cobaltstrike | 56d33c58549cd03ae6017d9cb9ebe45b6984b87d9a83a1b6f11e25bc7469d7c0

Analysis

max time kernel
150s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 07:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0daadd701fe8d8a432011a81d3aa73d2
SHA1

82b3db402d12d706c790f29f712eedd7fdf16fa6
SHA256

56d33c58549cd03ae6017d9cb9ebe45b6984b87d9a83a1b6f11e25bc7469d7c0
SHA512

f83f2701a5b3c6d02af76427430d05cca936d8309481e9199719d0a48b6602caf2d0092a0ef44694b30f1b4c362e1fadda521b733c1a865479709fa1fdfd3d44
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUF:T+q56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012116-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173a9-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fdf-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017492-23.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174cc-29.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018676-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018683-41.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186e4-51.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193c2-68.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-78.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186ee-64.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2600-0-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-3.dat	xmrig
behavioral1/memory/2600-5-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x00080000000173a9-9.dat	xmrig
behavioral1/memory/2300-15-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0008000000016fdf-16.dat	xmrig
behavioral1/memory/1376-21-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0008000000017492-23.dat	xmrig
behavioral1/files/0x00070000000174cc-29.dat	xmrig
behavioral1/files/0x000e000000018676-37.dat	xmrig
behavioral1/memory/2600-31-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018683-41.dat	xmrig
behavioral1/memory/2772-55-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/1868-58-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2804-59-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2660-56-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186e4-51.dat	xmrig
behavioral1/memory/2704-50-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x00070000000193c2-68.dat	xmrig
behavioral1/memory/2560-72-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2848-66-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2300-65-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019427-83.dat	xmrig
behavioral1/memory/2532-80-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/3028-86-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-96.dat	xmrig
behavioral1/memory/2084-93-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x000500000001950c-117.dat	xmrig
behavioral1/files/0x00050000000195c5-126.dat	xmrig
behavioral1/files/0x0005000000019611-153.dat	xmrig
behavioral1/memory/1888-683-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2084-555-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2600-478-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/3028-421-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2532-303-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019621-191.dat	xmrig
behavioral1/files/0x000500000001961d-184.dat	xmrig
behavioral1/files/0x0005000000019622-194.dat	xmrig
behavioral1/memory/2560-183-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-187.dat	xmrig
behavioral1/files/0x0005000000019619-169.dat	xmrig
behavioral1/files/0x0005000000019615-163.dat	xmrig
behavioral1/files/0x000500000001961b-175.dat	xmrig
behavioral1/files/0x0005000000019617-166.dat	xmrig
behavioral1/files/0x000500000001960d-143.dat	xmrig
behavioral1/files/0x0005000000019613-157.dat	xmrig
behavioral1/files/0x0005000000019609-133.dat	xmrig
behavioral1/files/0x000500000001960f-146.dat	xmrig
behavioral1/files/0x0005000000019582-122.dat	xmrig
behavioral1/files/0x000500000001960b-136.dat	xmrig
behavioral1/files/0x0005000000019461-112.dat	xmrig
behavioral1/files/0x000500000001944f-107.dat	xmrig
behavioral1/memory/1888-101-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0005000000019431-92.dat	xmrig
behavioral1/memory/2848-100-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x000500000001941e-78.dat	xmrig
behavioral1/files/0x00080000000186ee-64.dat	xmrig
behavioral1/memory/2236-36-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/1868-2646-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2300-2662-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1376-2663-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2236-2745-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2772-2758-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2804-2761-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1868	eeucKKP.exe
2300	UzdfCpv.exe
1376	UIOkuDx.exe
2236	wCODNag.exe
2704	NZxAEkT.exe
2772	wLNuSqP.exe
2804	sNFAyEX.exe
2660	RrIGyZf.exe
2848	ruWlWns.exe
2560	jLORRLs.exe
2532	GhczCju.exe
3028	CrdlSgz.exe
2084	FJCCzdA.exe
1888	mYlJQFz.exe
2040	QWmlAMy.exe
1192	zvPaMSj.exe
1476	QutfYve.exe
584	fLMqdIM.exe
1764	nRsPXot.exe
1724	WEMMfOr.exe
1984	AMhRbUQ.exe
2868	sKpQdwW.exe
2856	fmlYiqF.exe
3064	VBIYFKL.exe
2612	mulGXAb.exe
2920	qPLmwXo.exe
2200	ZXzdVrT.exe
2404	gKgAKaW.exe
2888	yHEijgu.exe
616	gfIDoMm.exe
864	xyhUxTY.exe
2016	bQMoexU.exe
2400	iuvADHQ.exe
1160	wkciYbj.exe
2896	jJVRDgm.exe
1700	prNrRKV.exe
1636	OOFhpNm.exe
1844	QSMIlGj.exe
1284	HYvOrkq.exe
920	ZbIQhjj.exe
916	OiYodoQ.exe
1016	LeoPSNE.exe
644	GLxkfUC.exe
2440	hRWXrcW.exe
2976	lhKXisr.exe
1836	zrUjdMu.exe
1932	jDjDvbS.exe
2340	pZSmgDT.exe
2072	srmCzFn.exe
1556	TLgYVEC.exe
2156	nOVAInh.exe
1524	QezcvOa.exe
2252	wFNPFTr.exe
2324	IdEmLHa.exe
2924	KpLhOaV.exe
2432	hRzkjqx.exe
2296	jSUsUcu.exe
2808	kqILCew.exe
2392	uHjRvmi.exe
2380	AaXEBDk.exe
2940	ayoIzay.exe
2524	mtXjZQV.exe
2564	MXlJiMc.exe
2636	rFtRhix.exe

Loads dropped DLL 64 IoCs

pid	Process
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2600-0-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x0007000000012116-3.dat	upx
behavioral1/memory/2600-5-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x00080000000173a9-9.dat	upx
behavioral1/memory/2300-15-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0008000000016fdf-16.dat	upx
behavioral1/memory/1376-21-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0008000000017492-23.dat	upx
behavioral1/files/0x00070000000174cc-29.dat	upx
behavioral1/files/0x000e000000018676-37.dat	upx
behavioral1/memory/2600-31-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x0006000000018683-41.dat	upx
behavioral1/memory/2772-55-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/1868-58-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2804-59-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2660-56-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x00060000000186e4-51.dat	upx
behavioral1/memory/2704-50-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x00070000000193c2-68.dat	upx
behavioral1/memory/2560-72-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2848-66-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2300-65-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0005000000019427-83.dat	upx
behavioral1/memory/2532-80-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/3028-86-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0005000000019441-96.dat	upx
behavioral1/memory/2084-93-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x000500000001950c-117.dat	upx
behavioral1/files/0x00050000000195c5-126.dat	upx
behavioral1/files/0x0005000000019611-153.dat	upx
behavioral1/memory/1888-683-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2084-555-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/3028-421-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2532-303-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0005000000019621-191.dat	upx
behavioral1/files/0x000500000001961d-184.dat	upx
behavioral1/files/0x0005000000019622-194.dat	upx
behavioral1/memory/2560-183-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x000500000001961f-187.dat	upx
behavioral1/files/0x0005000000019619-169.dat	upx
behavioral1/files/0x0005000000019615-163.dat	upx
behavioral1/files/0x000500000001961b-175.dat	upx
behavioral1/files/0x0005000000019617-166.dat	upx
behavioral1/files/0x000500000001960d-143.dat	upx
behavioral1/files/0x0005000000019613-157.dat	upx
behavioral1/files/0x0005000000019609-133.dat	upx
behavioral1/files/0x000500000001960f-146.dat	upx
behavioral1/files/0x0005000000019582-122.dat	upx
behavioral1/files/0x000500000001960b-136.dat	upx
behavioral1/files/0x0005000000019461-112.dat	upx
behavioral1/files/0x000500000001944f-107.dat	upx
behavioral1/memory/1888-101-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0005000000019431-92.dat	upx
behavioral1/memory/2848-100-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x000500000001941e-78.dat	upx
behavioral1/files/0x00080000000186ee-64.dat	upx
behavioral1/memory/2236-36-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/1868-2646-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2300-2662-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1376-2663-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2236-2745-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2772-2758-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2804-2761-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2704-2760-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lvWgWVe.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOFbBAB.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdEmLHa.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHOmvRB.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdGjnMn.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EOwBBdL.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsYXSCE.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJYbDZo.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITWFYcy.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjtiwFg.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSrENUb.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPqADMj.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GiEmvEz.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNaPXuv.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZnvCSY.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxSaCmk.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpXNPcZ.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOIQHSV.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfByhFU.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeqCdnF.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmefyDz.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKiRpcD.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JFkiFRZ.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVeetWZ.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JkFxqAS.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsOcIAD.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHLfIbb.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxaiRCn.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHbNDyu.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPHNmHq.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmhxtVY.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\caCXmxT.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRQazjg.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pytVxfT.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mGFyBDC.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiHsRPp.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxALwNX.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zutlyOX.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLsRaqa.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRuVbqR.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oriamLw.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQmfgaX.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucSmCwM.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pEubsPA.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCdIWJa.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OeqhdeX.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uswZehX.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzmCLHh.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IeIwKsp.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjPPeiX.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hsUQFAo.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdpYbDm.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgZepKU.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgwmxwU.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\srCNJZu.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgjbkDt.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPEGKzq.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BiSxhHZ.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLxTXow.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPhAHTF.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdIHZoC.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYDNoVS.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcnyqSZ.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRncKFk.exe	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 1868	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2600 wrote to memory of 1868	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2600 wrote to memory of 1868	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2600 wrote to memory of 2300	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2600 wrote to memory of 2300	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2600 wrote to memory of 2300	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2600 wrote to memory of 1376	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2600 wrote to memory of 1376	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2600 wrote to memory of 1376	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2600 wrote to memory of 2236	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2600 wrote to memory of 2236	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2600 wrote to memory of 2236	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2600 wrote to memory of 2704	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2600 wrote to memory of 2704	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2600 wrote to memory of 2704	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2600 wrote to memory of 2772	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2600 wrote to memory of 2772	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2600 wrote to memory of 2772	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2600 wrote to memory of 2660	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2600 wrote to memory of 2660	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2600 wrote to memory of 2660	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2600 wrote to memory of 2804	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2600 wrote to memory of 2804	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2600 wrote to memory of 2804	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2600 wrote to memory of 2848	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2600 wrote to memory of 2848	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2600 wrote to memory of 2848	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2600 wrote to memory of 2560	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2600 wrote to memory of 2560	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2600 wrote to memory of 2560	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2600 wrote to memory of 2532	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2600 wrote to memory of 2532	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2600 wrote to memory of 2532	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2600 wrote to memory of 3028	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2600 wrote to memory of 3028	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2600 wrote to memory of 3028	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2600 wrote to memory of 2084	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2600 wrote to memory of 2084	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2600 wrote to memory of 2084	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2600 wrote to memory of 1888	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2600 wrote to memory of 1888	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2600 wrote to memory of 1888	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2600 wrote to memory of 2040	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2600 wrote to memory of 2040	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2600 wrote to memory of 2040	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2600 wrote to memory of 1192	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2600 wrote to memory of 1192	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2600 wrote to memory of 1192	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2600 wrote to memory of 1476	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2600 wrote to memory of 1476	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2600 wrote to memory of 1476	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2600 wrote to memory of 584	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2600 wrote to memory of 584	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2600 wrote to memory of 584	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2600 wrote to memory of 1764	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2600 wrote to memory of 1764	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2600 wrote to memory of 1764	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2600 wrote to memory of 1724	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2600 wrote to memory of 1724	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2600 wrote to memory of 1724	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2600 wrote to memory of 1984	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2600 wrote to memory of 1984	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2600 wrote to memory of 1984	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2600 wrote to memory of 2868	2600	2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_0daadd701fe8d8a432011a81d3aa73d2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\System\eeucKKP.exe
  C:\Windows\System\eeucKKP.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\UzdfCpv.exe
  C:\Windows\System\UzdfCpv.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\UIOkuDx.exe
  C:\Windows\System\UIOkuDx.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\wCODNag.exe
  C:\Windows\System\wCODNag.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\NZxAEkT.exe
  C:\Windows\System\NZxAEkT.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\wLNuSqP.exe
  C:\Windows\System\wLNuSqP.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\RrIGyZf.exe
  C:\Windows\System\RrIGyZf.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\sNFAyEX.exe
  C:\Windows\System\sNFAyEX.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\ruWlWns.exe
  C:\Windows\System\ruWlWns.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\jLORRLs.exe
  C:\Windows\System\jLORRLs.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\GhczCju.exe
  C:\Windows\System\GhczCju.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\CrdlSgz.exe
  C:\Windows\System\CrdlSgz.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\FJCCzdA.exe
  C:\Windows\System\FJCCzdA.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\mYlJQFz.exe
  C:\Windows\System\mYlJQFz.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\QWmlAMy.exe
  C:\Windows\System\QWmlAMy.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\zvPaMSj.exe
  C:\Windows\System\zvPaMSj.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\QutfYve.exe
  C:\Windows\System\QutfYve.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\fLMqdIM.exe
  C:\Windows\System\fLMqdIM.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\nRsPXot.exe
  C:\Windows\System\nRsPXot.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\WEMMfOr.exe
  C:\Windows\System\WEMMfOr.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\AMhRbUQ.exe
  C:\Windows\System\AMhRbUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\sKpQdwW.exe
  C:\Windows\System\sKpQdwW.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\fmlYiqF.exe
  C:\Windows\System\fmlYiqF.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\VBIYFKL.exe
  C:\Windows\System\VBIYFKL.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\mulGXAb.exe
  C:\Windows\System\mulGXAb.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\qPLmwXo.exe
  C:\Windows\System\qPLmwXo.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\ZXzdVrT.exe
  C:\Windows\System\ZXzdVrT.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\yHEijgu.exe
  C:\Windows\System\yHEijgu.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\gKgAKaW.exe
  C:\Windows\System\gKgAKaW.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\gfIDoMm.exe
  C:\Windows\System\gfIDoMm.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\xyhUxTY.exe
  C:\Windows\System\xyhUxTY.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\iuvADHQ.exe
  C:\Windows\System\iuvADHQ.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\bQMoexU.exe
  C:\Windows\System\bQMoexU.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\wkciYbj.exe
  C:\Windows\System\wkciYbj.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\jJVRDgm.exe
  C:\Windows\System\jJVRDgm.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\prNrRKV.exe
  C:\Windows\System\prNrRKV.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\OOFhpNm.exe
  C:\Windows\System\OOFhpNm.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\QSMIlGj.exe
  C:\Windows\System\QSMIlGj.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\HYvOrkq.exe
  C:\Windows\System\HYvOrkq.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\ZbIQhjj.exe
  C:\Windows\System\ZbIQhjj.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\OiYodoQ.exe
  C:\Windows\System\OiYodoQ.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\LeoPSNE.exe
  C:\Windows\System\LeoPSNE.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\GLxkfUC.exe
  C:\Windows\System\GLxkfUC.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\hRWXrcW.exe
  C:\Windows\System\hRWXrcW.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\lhKXisr.exe
  C:\Windows\System\lhKXisr.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\zrUjdMu.exe
  C:\Windows\System\zrUjdMu.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\jDjDvbS.exe
  C:\Windows\System\jDjDvbS.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\pZSmgDT.exe
  C:\Windows\System\pZSmgDT.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\srmCzFn.exe
  C:\Windows\System\srmCzFn.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\TLgYVEC.exe
  C:\Windows\System\TLgYVEC.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\nOVAInh.exe
  C:\Windows\System\nOVAInh.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\QezcvOa.exe
  C:\Windows\System\QezcvOa.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\wFNPFTr.exe
  C:\Windows\System\wFNPFTr.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\IdEmLHa.exe
  C:\Windows\System\IdEmLHa.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\KpLhOaV.exe
  C:\Windows\System\KpLhOaV.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\hRzkjqx.exe
  C:\Windows\System\hRzkjqx.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\jSUsUcu.exe
  C:\Windows\System\jSUsUcu.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\kqILCew.exe
  C:\Windows\System\kqILCew.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\uHjRvmi.exe
  C:\Windows\System\uHjRvmi.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\AaXEBDk.exe
  C:\Windows\System\AaXEBDk.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\ayoIzay.exe
  C:\Windows\System\ayoIzay.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\mtXjZQV.exe
  C:\Windows\System\mtXjZQV.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\MXlJiMc.exe
  C:\Windows\System\MXlJiMc.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\rFtRhix.exe
  C:\Windows\System\rFtRhix.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\grIneiX.exe
  C:\Windows\System\grIneiX.exe
  2⤵
  PID:2728
- C:\Windows\System\AURgzJc.exe
  C:\Windows\System\AURgzJc.exe
  2⤵
  PID:1380
- C:\Windows\System\ftmmqIj.exe
  C:\Windows\System\ftmmqIj.exe
  2⤵
  PID:2576
- C:\Windows\System\XaKqxEM.exe
  C:\Windows\System\XaKqxEM.exe
  2⤵
  PID:2880
- C:\Windows\System\JHdZmML.exe
  C:\Windows\System\JHdZmML.exe
  2⤵
  PID:1736
- C:\Windows\System\RiLGuIB.exe
  C:\Windows\System\RiLGuIB.exe
  2⤵
  PID:2220
- C:\Windows\System\OtLJmkx.exe
  C:\Windows\System\OtLJmkx.exe
  2⤵
  PID:2872
- C:\Windows\System\fSnucvK.exe
  C:\Windows\System\fSnucvK.exe
  2⤵
  PID:1420
- C:\Windows\System\Wdufhwz.exe
  C:\Windows\System\Wdufhwz.exe
  2⤵
  PID:1460
- C:\Windows\System\nsNRJqc.exe
  C:\Windows\System\nsNRJqc.exe
  2⤵
  PID:2116
- C:\Windows\System\cVbLFks.exe
  C:\Windows\System\cVbLFks.exe
  2⤵
  PID:1108
- C:\Windows\System\hjVztgx.exe
  C:\Windows\System\hjVztgx.exe
  2⤵
  PID:808
- C:\Windows\System\nokHaxC.exe
  C:\Windows\System\nokHaxC.exe
  2⤵
  PID:1800
- C:\Windows\System\aAjmbuj.exe
  C:\Windows\System\aAjmbuj.exe
  2⤵
  PID:3068
- C:\Windows\System\JkQtWqp.exe
  C:\Windows\System\JkQtWqp.exe
  2⤵
  PID:924
- C:\Windows\System\PnuuWrj.exe
  C:\Windows\System\PnuuWrj.exe
  2⤵
  PID:2028
- C:\Windows\System\HFsuXPM.exe
  C:\Windows\System\HFsuXPM.exe
  2⤵
  PID:768
- C:\Windows\System\UkPsxMJ.exe
  C:\Windows\System\UkPsxMJ.exe
  2⤵
  PID:2112
- C:\Windows\System\NUpctvu.exe
  C:\Windows\System\NUpctvu.exe
  2⤵
  PID:1440
- C:\Windows\System\lEqNdqA.exe
  C:\Windows\System\lEqNdqA.exe
  2⤵
  PID:2356
- C:\Windows\System\cJDxHjU.exe
  C:\Windows\System\cJDxHjU.exe
  2⤵
  PID:2184
- C:\Windows\System\nMjAFtC.exe
  C:\Windows\System\nMjAFtC.exe
  2⤵
  PID:1688
- C:\Windows\System\UrlXbFT.exe
  C:\Windows\System\UrlXbFT.exe
  2⤵
  PID:2120
- C:\Windows\System\FAxGCdP.exe
  C:\Windows\System\FAxGCdP.exe
  2⤵
  PID:1956
- C:\Windows\System\bYWAEBW.exe
  C:\Windows\System\bYWAEBW.exe
  2⤵
  PID:272
- C:\Windows\System\MRRvEDO.exe
  C:\Windows\System\MRRvEDO.exe
  2⤵
  PID:1000
- C:\Windows\System\EelyMsD.exe
  C:\Windows\System\EelyMsD.exe
  2⤵
  PID:1540
- C:\Windows\System\QTuuLJJ.exe
  C:\Windows\System\QTuuLJJ.exe
  2⤵
  PID:2664
- C:\Windows\System\WlUFBdB.exe
  C:\Windows\System\WlUFBdB.exe
  2⤵
  PID:868
- C:\Windows\System\LfMpUxd.exe
  C:\Windows\System\LfMpUxd.exe
  2⤵
  PID:2680
- C:\Windows\System\LjfMvUC.exe
  C:\Windows\System\LjfMvUC.exe
  2⤵
  PID:1928
- C:\Windows\System\usvgkew.exe
  C:\Windows\System\usvgkew.exe
  2⤵
  PID:1084
- C:\Windows\System\uUsJERY.exe
  C:\Windows\System\uUsJERY.exe
  2⤵
  PID:1748
- C:\Windows\System\vCjSYYQ.exe
  C:\Windows\System\vCjSYYQ.exe
  2⤵
  PID:1740
- C:\Windows\System\JvcLzat.exe
  C:\Windows\System\JvcLzat.exe
  2⤵
  PID:2408
- C:\Windows\System\ynSnThQ.exe
  C:\Windows\System\ynSnThQ.exe
  2⤵
  PID:3008
- C:\Windows\System\GHiPNhP.exe
  C:\Windows\System\GHiPNhP.exe
  2⤵
  PID:2460
- C:\Windows\System\jVAqzAI.exe
  C:\Windows\System\jVAqzAI.exe
  2⤵
  PID:684
- C:\Windows\System\QrJxzyF.exe
  C:\Windows\System\QrJxzyF.exe
  2⤵
  PID:1608
- C:\Windows\System\foitPPu.exe
  C:\Windows\System\foitPPu.exe
  2⤵
  PID:2136
- C:\Windows\System\kGQGBvA.exe
  C:\Windows\System\kGQGBvA.exe
  2⤵
  PID:2364
- C:\Windows\System\bCpwfTe.exe
  C:\Windows\System\bCpwfTe.exe
  2⤵
  PID:2224
- C:\Windows\System\FgdYUZS.exe
  C:\Windows\System\FgdYUZS.exe
  2⤵
  PID:2616
- C:\Windows\System\UuPGauZ.exe
  C:\Windows\System\UuPGauZ.exe
  2⤵
  PID:264
- C:\Windows\System\ixzmREh.exe
  C:\Windows\System\ixzmREh.exe
  2⤵
  PID:2428
- C:\Windows\System\nVnBVsC.exe
  C:\Windows\System\nVnBVsC.exe
  2⤵
  PID:2716
- C:\Windows\System\REbMjhc.exe
  C:\Windows\System\REbMjhc.exe
  2⤵
  PID:2232
- C:\Windows\System\uAKjYvZ.exe
  C:\Windows\System\uAKjYvZ.exe
  2⤵
  PID:1148
- C:\Windows\System\lmiDBNd.exe
  C:\Windows\System\lmiDBNd.exe
  2⤵
  PID:3044
- C:\Windows\System\uUuVkhD.exe
  C:\Windows\System\uUuVkhD.exe
  2⤵
  PID:2780
- C:\Windows\System\LJwQhDK.exe
  C:\Windows\System\LJwQhDK.exe
  2⤵
  PID:956
- C:\Windows\System\oqujQGl.exe
  C:\Windows\System\oqujQGl.exe
  2⤵
  PID:1308
- C:\Windows\System\IgkAveZ.exe
  C:\Windows\System\IgkAveZ.exe
  2⤵
  PID:2192
- C:\Windows\System\MKAHBUV.exe
  C:\Windows\System\MKAHBUV.exe
  2⤵
  PID:772
- C:\Windows\System\ygqBEkY.exe
  C:\Windows\System\ygqBEkY.exe
  2⤵
  PID:348
- C:\Windows\System\HNclXax.exe
  C:\Windows\System\HNclXax.exe
  2⤵
  PID:376
- C:\Windows\System\cSaHqHa.exe
  C:\Windows\System\cSaHqHa.exe
  2⤵
  PID:1964
- C:\Windows\System\etvinlc.exe
  C:\Windows\System\etvinlc.exe
  2⤵
  PID:2316
- C:\Windows\System\upGWvOY.exe
  C:\Windows\System\upGWvOY.exe
  2⤵
  PID:2624
- C:\Windows\System\iGJsOKj.exe
  C:\Windows\System\iGJsOKj.exe
  2⤵
  PID:3080
- C:\Windows\System\slgjeWW.exe
  C:\Windows\System\slgjeWW.exe
  2⤵
  PID:3100
- C:\Windows\System\defRKYJ.exe
  C:\Windows\System\defRKYJ.exe
  2⤵
  PID:3120
- C:\Windows\System\vbZCjdx.exe
  C:\Windows\System\vbZCjdx.exe
  2⤵
  PID:3144
- C:\Windows\System\TxTpMlr.exe
  C:\Windows\System\TxTpMlr.exe
  2⤵
  PID:3164
- C:\Windows\System\FqDWSfl.exe
  C:\Windows\System\FqDWSfl.exe
  2⤵
  PID:3180
- C:\Windows\System\ViTLmjM.exe
  C:\Windows\System\ViTLmjM.exe
  2⤵
  PID:3200
- C:\Windows\System\PzAWyHC.exe
  C:\Windows\System\PzAWyHC.exe
  2⤵
  PID:3220
- C:\Windows\System\plmIdfC.exe
  C:\Windows\System\plmIdfC.exe
  2⤵
  PID:3244
- C:\Windows\System\aHIvEHr.exe
  C:\Windows\System\aHIvEHr.exe
  2⤵
  PID:3264
- C:\Windows\System\ZIxFLnk.exe
  C:\Windows\System\ZIxFLnk.exe
  2⤵
  PID:3284
- C:\Windows\System\XGOPSse.exe
  C:\Windows\System\XGOPSse.exe
  2⤵
  PID:3300
- C:\Windows\System\oPcxxsA.exe
  C:\Windows\System\oPcxxsA.exe
  2⤵
  PID:3320
- C:\Windows\System\EmmpmBU.exe
  C:\Windows\System\EmmpmBU.exe
  2⤵
  PID:3340
- C:\Windows\System\syOrcnx.exe
  C:\Windows\System\syOrcnx.exe
  2⤵
  PID:3360
- C:\Windows\System\IhEzwHK.exe
  C:\Windows\System\IhEzwHK.exe
  2⤵
  PID:3380
- C:\Windows\System\nZXmmlm.exe
  C:\Windows\System\nZXmmlm.exe
  2⤵
  PID:3400
- C:\Windows\System\vUEppDl.exe
  C:\Windows\System\vUEppDl.exe
  2⤵
  PID:3416
- C:\Windows\System\izqnPwk.exe
  C:\Windows\System\izqnPwk.exe
  2⤵
  PID:3436
- C:\Windows\System\UQfEhML.exe
  C:\Windows\System\UQfEhML.exe
  2⤵
  PID:3456
- C:\Windows\System\tsMkYTU.exe
  C:\Windows\System\tsMkYTU.exe
  2⤵
  PID:3484
- C:\Windows\System\aHmcovJ.exe
  C:\Windows\System\aHmcovJ.exe
  2⤵
  PID:3504
- C:\Windows\System\NFUbXSO.exe
  C:\Windows\System\NFUbXSO.exe
  2⤵
  PID:3524
- C:\Windows\System\vnDmBQb.exe
  C:\Windows\System\vnDmBQb.exe
  2⤵
  PID:3544
- C:\Windows\System\jEwlYuG.exe
  C:\Windows\System\jEwlYuG.exe
  2⤵
  PID:3564
- C:\Windows\System\IfsfGgr.exe
  C:\Windows\System\IfsfGgr.exe
  2⤵
  PID:3584
- C:\Windows\System\MQRwfbA.exe
  C:\Windows\System\MQRwfbA.exe
  2⤵
  PID:3604
- C:\Windows\System\XnoDVSH.exe
  C:\Windows\System\XnoDVSH.exe
  2⤵
  PID:3624
- C:\Windows\System\JQEWCqH.exe
  C:\Windows\System\JQEWCqH.exe
  2⤵
  PID:3648
- C:\Windows\System\sNPfeSj.exe
  C:\Windows\System\sNPfeSj.exe
  2⤵
  PID:3664
- C:\Windows\System\yrqSGwl.exe
  C:\Windows\System\yrqSGwl.exe
  2⤵
  PID:3688
- C:\Windows\System\xyRIukP.exe
  C:\Windows\System\xyRIukP.exe
  2⤵
  PID:3708
- C:\Windows\System\ZsMBlKJ.exe
  C:\Windows\System\ZsMBlKJ.exe
  2⤵
  PID:3728
- C:\Windows\System\GYTXmfV.exe
  C:\Windows\System\GYTXmfV.exe
  2⤵
  PID:3744
- C:\Windows\System\auEDKvy.exe
  C:\Windows\System\auEDKvy.exe
  2⤵
  PID:3764
- C:\Windows\System\AiODqFO.exe
  C:\Windows\System\AiODqFO.exe
  2⤵
  PID:3784
- C:\Windows\System\TTWpARp.exe
  C:\Windows\System\TTWpARp.exe
  2⤵
  PID:3808
- C:\Windows\System\NqhNnvd.exe
  C:\Windows\System\NqhNnvd.exe
  2⤵
  PID:3828
- C:\Windows\System\HwdPrAM.exe
  C:\Windows\System\HwdPrAM.exe
  2⤵
  PID:3848
- C:\Windows\System\EWteaHf.exe
  C:\Windows\System\EWteaHf.exe
  2⤵
  PID:3868
- C:\Windows\System\xgIfLIB.exe
  C:\Windows\System\xgIfLIB.exe
  2⤵
  PID:3888
- C:\Windows\System\UwCGbTt.exe
  C:\Windows\System\UwCGbTt.exe
  2⤵
  PID:3908
- C:\Windows\System\QaIvLrS.exe
  C:\Windows\System\QaIvLrS.exe
  2⤵
  PID:3928
- C:\Windows\System\xJMrMAH.exe
  C:\Windows\System\xJMrMAH.exe
  2⤵
  PID:3948
- C:\Windows\System\ehCLQiV.exe
  C:\Windows\System\ehCLQiV.exe
  2⤵
  PID:3968
- C:\Windows\System\VVFfuyu.exe
  C:\Windows\System\VVFfuyu.exe
  2⤵
  PID:3988
- C:\Windows\System\lavKzvU.exe
  C:\Windows\System\lavKzvU.exe
  2⤵
  PID:4008
- C:\Windows\System\pyHdwby.exe
  C:\Windows\System\pyHdwby.exe
  2⤵
  PID:4028
- C:\Windows\System\yRgozxv.exe
  C:\Windows\System\yRgozxv.exe
  2⤵
  PID:4052
- C:\Windows\System\wpvDPUg.exe
  C:\Windows\System\wpvDPUg.exe
  2⤵
  PID:4072
- C:\Windows\System\WFOaRgl.exe
  C:\Windows\System\WFOaRgl.exe
  2⤵
  PID:4092
- C:\Windows\System\SsIBUAZ.exe
  C:\Windows\System\SsIBUAZ.exe
  2⤵
  PID:2148
- C:\Windows\System\UnoJnyc.exe
  C:\Windows\System\UnoJnyc.exe
  2⤵
  PID:3056
- C:\Windows\System\GjDXlJR.exe
  C:\Windows\System\GjDXlJR.exe
  2⤵
  PID:1680
- C:\Windows\System\SleTCIM.exe
  C:\Windows\System\SleTCIM.exe
  2⤵
  PID:1484
- C:\Windows\System\wxGGVdH.exe
  C:\Windows\System\wxGGVdH.exe
  2⤵
  PID:1912
- C:\Windows\System\oNGQFbH.exe
  C:\Windows\System\oNGQFbH.exe
  2⤵
  PID:2756
- C:\Windows\System\hUyyHXH.exe
  C:\Windows\System\hUyyHXH.exe
  2⤵
  PID:3116
- C:\Windows\System\jicJtKa.exe
  C:\Windows\System\jicJtKa.exe
  2⤵
  PID:3088
- C:\Windows\System\tGusGKF.exe
  C:\Windows\System\tGusGKF.exe
  2⤵
  PID:3156
- C:\Windows\System\WVmLLlF.exe
  C:\Windows\System\WVmLLlF.exe
  2⤵
  PID:3232
- C:\Windows\System\kIbVYLw.exe
  C:\Windows\System\kIbVYLw.exe
  2⤵
  PID:3128
- C:\Windows\System\dSVJfid.exe
  C:\Windows\System\dSVJfid.exe
  2⤵
  PID:3208
- C:\Windows\System\Yzzhnqu.exe
  C:\Windows\System\Yzzhnqu.exe
  2⤵
  PID:3316
- C:\Windows\System\CVzzgVh.exe
  C:\Windows\System\CVzzgVh.exe
  2⤵
  PID:3352
- C:\Windows\System\qwWozZu.exe
  C:\Windows\System\qwWozZu.exe
  2⤵
  PID:3296
- C:\Windows\System\KKfLYgX.exe
  C:\Windows\System\KKfLYgX.exe
  2⤵
  PID:3396
- C:\Windows\System\uCWzsjc.exe
  C:\Windows\System\uCWzsjc.exe
  2⤵
  PID:3368
- C:\Windows\System\RyOsdSW.exe
  C:\Windows\System\RyOsdSW.exe
  2⤵
  PID:3472
- C:\Windows\System\lEiMcMa.exe
  C:\Windows\System\lEiMcMa.exe
  2⤵
  PID:3408
- C:\Windows\System\EAffZMA.exe
  C:\Windows\System\EAffZMA.exe
  2⤵
  PID:3520
- C:\Windows\System\AGckRFU.exe
  C:\Windows\System\AGckRFU.exe
  2⤵
  PID:3560
- C:\Windows\System\PutGjTO.exe
  C:\Windows\System\PutGjTO.exe
  2⤵
  PID:3536
- C:\Windows\System\gzRAYEP.exe
  C:\Windows\System\gzRAYEP.exe
  2⤵
  PID:3580
- C:\Windows\System\MBvMxOS.exe
  C:\Windows\System\MBvMxOS.exe
  2⤵
  PID:3676
- C:\Windows\System\exwJkVc.exe
  C:\Windows\System\exwJkVc.exe
  2⤵
  PID:3680
- C:\Windows\System\NULiSRz.exe
  C:\Windows\System\NULiSRz.exe
  2⤵
  PID:3724
- C:\Windows\System\kKDuHnj.exe
  C:\Windows\System\kKDuHnj.exe
  2⤵
  PID:3760
- C:\Windows\System\KxGeKvd.exe
  C:\Windows\System\KxGeKvd.exe
  2⤵
  PID:3796
- C:\Windows\System\ZhSaZlI.exe
  C:\Windows\System\ZhSaZlI.exe
  2⤵
  PID:3800
- C:\Windows\System\hCQkrft.exe
  C:\Windows\System\hCQkrft.exe
  2⤵
  PID:3876
- C:\Windows\System\AZXkDLw.exe
  C:\Windows\System\AZXkDLw.exe
  2⤵
  PID:3820
- C:\Windows\System\hVNUALw.exe
  C:\Windows\System\hVNUALw.exe
  2⤵
  PID:3924
- C:\Windows\System\aYJDZLa.exe
  C:\Windows\System\aYJDZLa.exe
  2⤵
  PID:3964
- C:\Windows\System\Xlfbxth.exe
  C:\Windows\System\Xlfbxth.exe
  2⤵
  PID:3996
- C:\Windows\System\grBvyDc.exe
  C:\Windows\System\grBvyDc.exe
  2⤵
  PID:3980
- C:\Windows\System\MyDUZrA.exe
  C:\Windows\System\MyDUZrA.exe
  2⤵
  PID:4044
- C:\Windows\System\SncDlPp.exe
  C:\Windows\System\SncDlPp.exe
  2⤵
  PID:4080
- C:\Windows\System\URCpQfP.exe
  C:\Windows\System\URCpQfP.exe
  2⤵
  PID:2540
- C:\Windows\System\SdKCIQf.exe
  C:\Windows\System\SdKCIQf.exe
  2⤵
  PID:2528
- C:\Windows\System\VbfnVKc.exe
  C:\Windows\System\VbfnVKc.exe
  2⤵
  PID:1228
- C:\Windows\System\lqAeUOZ.exe
  C:\Windows\System\lqAeUOZ.exe
  2⤵
  PID:696
- C:\Windows\System\DZZAyWb.exe
  C:\Windows\System\DZZAyWb.exe
  2⤵
  PID:2180
- C:\Windows\System\HVpYQEi.exe
  C:\Windows\System\HVpYQEi.exe
  2⤵
  PID:3196
- C:\Windows\System\KiZHAFD.exe
  C:\Windows\System\KiZHAFD.exe
  2⤵
  PID:3192
- C:\Windows\System\TrcDDjD.exe
  C:\Windows\System\TrcDDjD.exe
  2⤵
  PID:3216
- C:\Windows\System\hNmgjIn.exe
  C:\Windows\System\hNmgjIn.exe
  2⤵
  PID:3308
- C:\Windows\System\fswDXjd.exe
  C:\Windows\System\fswDXjd.exe
  2⤵
  PID:3388
- C:\Windows\System\DDgxYup.exe
  C:\Windows\System\DDgxYup.exe
  2⤵
  PID:3428
- C:\Windows\System\YkEuOLs.exe
  C:\Windows\System\YkEuOLs.exe
  2⤵
  PID:3444
- C:\Windows\System\hXLwfaW.exe
  C:\Windows\System\hXLwfaW.exe
  2⤵
  PID:3512
- C:\Windows\System\DUaZUcY.exe
  C:\Windows\System\DUaZUcY.exe
  2⤵
  PID:3496
- C:\Windows\System\kOMeNHk.exe
  C:\Windows\System\kOMeNHk.exe
  2⤵
  PID:3572
- C:\Windows\System\HBcmFSF.exe
  C:\Windows\System\HBcmFSF.exe
  2⤵
  PID:3696
- C:\Windows\System\kNqPvEh.exe
  C:\Windows\System\kNqPvEh.exe
  2⤵
  PID:2620
- C:\Windows\System\Tasftbn.exe
  C:\Windows\System\Tasftbn.exe
  2⤵
  PID:3792
- C:\Windows\System\ZtoUPfb.exe
  C:\Windows\System\ZtoUPfb.exe
  2⤵
  PID:3772
- C:\Windows\System\MGzFbPe.exe
  C:\Windows\System\MGzFbPe.exe
  2⤵
  PID:3880
- C:\Windows\System\ZHPvIoI.exe
  C:\Windows\System\ZHPvIoI.exe
  2⤵
  PID:3944
- C:\Windows\System\helUsCn.exe
  C:\Windows\System\helUsCn.exe
  2⤵
  PID:3900
- C:\Windows\System\szrKDOT.exe
  C:\Windows\System\szrKDOT.exe
  2⤵
  PID:4060
- C:\Windows\System\WZaAjpO.exe
  C:\Windows\System\WZaAjpO.exe
  2⤵
  PID:4020
- C:\Windows\System\zXpCpJH.exe
  C:\Windows\System\zXpCpJH.exe
  2⤵
  PID:2360
- C:\Windows\System\bmUJNpb.exe
  C:\Windows\System\bmUJNpb.exe
  2⤵
  PID:2748
- C:\Windows\System\NIdjbtZ.exe
  C:\Windows\System\NIdjbtZ.exe
  2⤵
  PID:1536
- C:\Windows\System\SjwGizX.exe
  C:\Windows\System\SjwGizX.exe
  2⤵
  PID:3280
- C:\Windows\System\jTkSusq.exe
  C:\Windows\System\jTkSusq.exe
  2⤵
  PID:3256
- C:\Windows\System\BXsnliL.exe
  C:\Windows\System\BXsnliL.exe
  2⤵
  PID:3348
- C:\Windows\System\bfEWDCq.exe
  C:\Windows\System\bfEWDCq.exe
  2⤵
  PID:3452
- C:\Windows\System\OlOdgKl.exe
  C:\Windows\System\OlOdgKl.exe
  2⤵
  PID:3576
- C:\Windows\System\PuWGsUb.exe
  C:\Windows\System\PuWGsUb.exe
  2⤵
  PID:3616
- C:\Windows\System\HMNPvex.exe
  C:\Windows\System\HMNPvex.exe
  2⤵
  PID:3660
- C:\Windows\System\awQSGNV.exe
  C:\Windows\System\awQSGNV.exe
  2⤵
  PID:3840
- C:\Windows\System\jqabeWc.exe
  C:\Windows\System\jqabeWc.exe
  2⤵
  PID:3824
- C:\Windows\System\OKeLOaB.exe
  C:\Windows\System\OKeLOaB.exe
  2⤵
  PID:2548
- C:\Windows\System\nNROHvI.exe
  C:\Windows\System\nNROHvI.exe
  2⤵
  PID:2280
- C:\Windows\System\BnFbGNN.exe
  C:\Windows\System\BnFbGNN.exe
  2⤵
  PID:4024
- C:\Windows\System\WCKKaQh.exe
  C:\Windows\System\WCKKaQh.exe
  2⤵
  PID:712
- C:\Windows\System\qjBejNg.exe
  C:\Windows\System\qjBejNg.exe
  2⤵
  PID:4116
- C:\Windows\System\VsqDXyy.exe
  C:\Windows\System\VsqDXyy.exe
  2⤵
  PID:4136
- C:\Windows\System\XsDhqBT.exe
  C:\Windows\System\XsDhqBT.exe
  2⤵
  PID:4156
- C:\Windows\System\sDmPzyl.exe
  C:\Windows\System\sDmPzyl.exe
  2⤵
  PID:4176
- C:\Windows\System\jwUzhHA.exe
  C:\Windows\System\jwUzhHA.exe
  2⤵
  PID:4196
- C:\Windows\System\dFJefaU.exe
  C:\Windows\System\dFJefaU.exe
  2⤵
  PID:4216
- C:\Windows\System\TTGVzsQ.exe
  C:\Windows\System\TTGVzsQ.exe
  2⤵
  PID:4236
- C:\Windows\System\ylysvqy.exe
  C:\Windows\System\ylysvqy.exe
  2⤵
  PID:4252
- C:\Windows\System\DudLCHF.exe
  C:\Windows\System\DudLCHF.exe
  2⤵
  PID:4272
- C:\Windows\System\YjchTAr.exe
  C:\Windows\System\YjchTAr.exe
  2⤵
  PID:4292
- C:\Windows\System\uwxHAqK.exe
  C:\Windows\System\uwxHAqK.exe
  2⤵
  PID:4316
- C:\Windows\System\NDjnDeZ.exe
  C:\Windows\System\NDjnDeZ.exe
  2⤵
  PID:4336
- C:\Windows\System\bSIFpTa.exe
  C:\Windows\System\bSIFpTa.exe
  2⤵
  PID:4356
- C:\Windows\System\ERAeiNV.exe
  C:\Windows\System\ERAeiNV.exe
  2⤵
  PID:4376
- C:\Windows\System\BkbTPZG.exe
  C:\Windows\System\BkbTPZG.exe
  2⤵
  PID:4396
- C:\Windows\System\CnvaSyH.exe
  C:\Windows\System\CnvaSyH.exe
  2⤵
  PID:4416
- C:\Windows\System\CVZiFxy.exe
  C:\Windows\System\CVZiFxy.exe
  2⤵
  PID:4436
- C:\Windows\System\dWPtgyW.exe
  C:\Windows\System\dWPtgyW.exe
  2⤵
  PID:4456
- C:\Windows\System\itYxSam.exe
  C:\Windows\System\itYxSam.exe
  2⤵
  PID:4476
- C:\Windows\System\MWEGVbs.exe
  C:\Windows\System\MWEGVbs.exe
  2⤵
  PID:4496
- C:\Windows\System\nnYQyiR.exe
  C:\Windows\System\nnYQyiR.exe
  2⤵
  PID:4516
- C:\Windows\System\lTEUBsR.exe
  C:\Windows\System\lTEUBsR.exe
  2⤵
  PID:4536
- C:\Windows\System\AcICSWh.exe
  C:\Windows\System\AcICSWh.exe
  2⤵
  PID:4556
- C:\Windows\System\XDbBnWO.exe
  C:\Windows\System\XDbBnWO.exe
  2⤵
  PID:4576
- C:\Windows\System\EqAARtG.exe
  C:\Windows\System\EqAARtG.exe
  2⤵
  PID:4596
- C:\Windows\System\QTCLtno.exe
  C:\Windows\System\QTCLtno.exe
  2⤵
  PID:4616
- C:\Windows\System\RJKlwxO.exe
  C:\Windows\System\RJKlwxO.exe
  2⤵
  PID:4636
- C:\Windows\System\rMsRswd.exe
  C:\Windows\System\rMsRswd.exe
  2⤵
  PID:4652
- C:\Windows\System\BeVvcED.exe
  C:\Windows\System\BeVvcED.exe
  2⤵
  PID:4676
- C:\Windows\System\CzzqQHj.exe
  C:\Windows\System\CzzqQHj.exe
  2⤵
  PID:4696
- C:\Windows\System\GxKNdTy.exe
  C:\Windows\System\GxKNdTy.exe
  2⤵
  PID:4716
- C:\Windows\System\uMQxPYL.exe
  C:\Windows\System\uMQxPYL.exe
  2⤵
  PID:4732
- C:\Windows\System\VAUfHGo.exe
  C:\Windows\System\VAUfHGo.exe
  2⤵
  PID:4752
- C:\Windows\System\VpXgjWg.exe
  C:\Windows\System\VpXgjWg.exe
  2⤵
  PID:4776
- C:\Windows\System\UPQjHVO.exe
  C:\Windows\System\UPQjHVO.exe
  2⤵
  PID:4796
- C:\Windows\System\ktvYLyI.exe
  C:\Windows\System\ktvYLyI.exe
  2⤵
  PID:4816
- C:\Windows\System\srCNJZu.exe
  C:\Windows\System\srCNJZu.exe
  2⤵
  PID:4836
- C:\Windows\System\YfftpjK.exe
  C:\Windows\System\YfftpjK.exe
  2⤵
  PID:4856
- C:\Windows\System\mCynTwV.exe
  C:\Windows\System\mCynTwV.exe
  2⤵
  PID:4876
- C:\Windows\System\wQiNqAs.exe
  C:\Windows\System\wQiNqAs.exe
  2⤵
  PID:4896
- C:\Windows\System\fUcylZK.exe
  C:\Windows\System\fUcylZK.exe
  2⤵
  PID:4916
- C:\Windows\System\zpcSyvy.exe
  C:\Windows\System\zpcSyvy.exe
  2⤵
  PID:4932
- C:\Windows\System\UMBJhPu.exe
  C:\Windows\System\UMBJhPu.exe
  2⤵
  PID:4956
- C:\Windows\System\utyDSaU.exe
  C:\Windows\System\utyDSaU.exe
  2⤵
  PID:4976
- C:\Windows\System\eiPEbgL.exe
  C:\Windows\System\eiPEbgL.exe
  2⤵
  PID:4996
- C:\Windows\System\JSWAQbl.exe
  C:\Windows\System\JSWAQbl.exe
  2⤵
  PID:5012
- C:\Windows\System\kZuYtba.exe
  C:\Windows\System\kZuYtba.exe
  2⤵
  PID:5036
- C:\Windows\System\FVkRxpG.exe
  C:\Windows\System\FVkRxpG.exe
  2⤵
  PID:5056
- C:\Windows\System\cojLoqx.exe
  C:\Windows\System\cojLoqx.exe
  2⤵
  PID:5076
- C:\Windows\System\TIgZpGy.exe
  C:\Windows\System\TIgZpGy.exe
  2⤵
  PID:5092
- C:\Windows\System\GdIPJHc.exe
  C:\Windows\System\GdIPJHc.exe
  2⤵
  PID:5116
- C:\Windows\System\FYhiyfI.exe
  C:\Windows\System\FYhiyfI.exe
  2⤵
  PID:3212
- C:\Windows\System\nrHwwMZ.exe
  C:\Windows\System\nrHwwMZ.exe
  2⤵
  PID:3468
- C:\Windows\System\oetXvnz.exe
  C:\Windows\System\oetXvnz.exe
  2⤵
  PID:3592
- C:\Windows\System\mWcnEzf.exe
  C:\Windows\System\mWcnEzf.exe
  2⤵
  PID:3776
- C:\Windows\System\tSbOGme.exe
  C:\Windows\System\tSbOGme.exe
  2⤵
  PID:3716
- C:\Windows\System\hWGLUOl.exe
  C:\Windows\System\hWGLUOl.exe
  2⤵
  PID:2012
- C:\Windows\System\KFaJKID.exe
  C:\Windows\System\KFaJKID.exe
  2⤵
  PID:4036
- C:\Windows\System\PRguoJf.exe
  C:\Windows\System\PRguoJf.exe
  2⤵
  PID:4112
- C:\Windows\System\hZyGDZt.exe
  C:\Windows\System\hZyGDZt.exe
  2⤵
  PID:4144
- C:\Windows\System\UEFBcJh.exe
  C:\Windows\System\UEFBcJh.exe
  2⤵
  PID:4188
- C:\Windows\System\dtiQQky.exe
  C:\Windows\System\dtiQQky.exe
  2⤵
  PID:4164
- C:\Windows\System\KlMyxTO.exe
  C:\Windows\System\KlMyxTO.exe
  2⤵
  PID:4232
- C:\Windows\System\uGIwkhP.exe
  C:\Windows\System\uGIwkhP.exe
  2⤵
  PID:4268
- C:\Windows\System\NzjwDuS.exe
  C:\Windows\System\NzjwDuS.exe
  2⤵
  PID:4308
- C:\Windows\System\mFEvXra.exe
  C:\Windows\System\mFEvXra.exe
  2⤵
  PID:4288
- C:\Windows\System\EFzWOjG.exe
  C:\Windows\System\EFzWOjG.exe
  2⤵
  PID:2208
- C:\Windows\System\wPDIXtl.exe
  C:\Windows\System\wPDIXtl.exe
  2⤵
  PID:4384
- C:\Windows\System\vLYxVVv.exe
  C:\Windows\System\vLYxVVv.exe
  2⤵
  PID:4424
- C:\Windows\System\rIEDjFR.exe
  C:\Windows\System\rIEDjFR.exe
  2⤵
  PID:4408
- C:\Windows\System\cTvUAWx.exe
  C:\Windows\System\cTvUAWx.exe
  2⤵
  PID:4468
- C:\Windows\System\qxTpoJZ.exe
  C:\Windows\System\qxTpoJZ.exe
  2⤵
  PID:4484
- C:\Windows\System\zkScDkV.exe
  C:\Windows\System\zkScDkV.exe
  2⤵
  PID:4552
- C:\Windows\System\wcNpCDL.exe
  C:\Windows\System\wcNpCDL.exe
  2⤵
  PID:4592
- C:\Windows\System\nKjtxKr.exe
  C:\Windows\System\nKjtxKr.exe
  2⤵
  PID:4624
- C:\Windows\System\zTKVEMn.exe
  C:\Windows\System\zTKVEMn.exe
  2⤵
  PID:4612
- C:\Windows\System\LNzZIRZ.exe
  C:\Windows\System\LNzZIRZ.exe
  2⤵
  PID:4644
- C:\Windows\System\ziQGeIA.exe
  C:\Windows\System\ziQGeIA.exe
  2⤵
  PID:4708
- C:\Windows\System\iIvpTmD.exe
  C:\Windows\System\iIvpTmD.exe
  2⤵
  PID:4692
- C:\Windows\System\JEqrOxN.exe
  C:\Windows\System\JEqrOxN.exe
  2⤵
  PID:4724
- C:\Windows\System\lPaHtwd.exe
  C:\Windows\System\lPaHtwd.exe
  2⤵
  PID:4768
- C:\Windows\System\wImYEsm.exe
  C:\Windows\System\wImYEsm.exe
  2⤵
  PID:4832
- C:\Windows\System\HoTNRyl.exe
  C:\Windows\System\HoTNRyl.exe
  2⤵
  PID:4844
- C:\Windows\System\sCzgUbQ.exe
  C:\Windows\System\sCzgUbQ.exe
  2⤵
  PID:4868
- C:\Windows\System\EmsXZNm.exe
  C:\Windows\System\EmsXZNm.exe
  2⤵
  PID:4912
- C:\Windows\System\CQvOaSc.exe
  C:\Windows\System\CQvOaSc.exe
  2⤵
  PID:4940
- C:\Windows\System\JDrmBQP.exe
  C:\Windows\System\JDrmBQP.exe
  2⤵
  PID:4928
- C:\Windows\System\tdggdjo.exe
  C:\Windows\System\tdggdjo.exe
  2⤵
  PID:4992
- C:\Windows\System\klqPMbb.exe
  C:\Windows\System\klqPMbb.exe
  2⤵
  PID:5032
- C:\Windows\System\EfByhFU.exe
  C:\Windows\System\EfByhFU.exe
  2⤵
  PID:5044
- C:\Windows\System\sBsUZFL.exe
  C:\Windows\System\sBsUZFL.exe
  2⤵
  PID:2572
- C:\Windows\System\IsYXSCE.exe
  C:\Windows\System\IsYXSCE.exe
  2⤵
  PID:5084
- C:\Windows\System\RweTRJT.exe
  C:\Windows\System\RweTRJT.exe
  2⤵
  PID:3132
- C:\Windows\System\UUAPiSi.exe
  C:\Windows\System\UUAPiSi.exe
  2⤵
  PID:3432
- C:\Windows\System\UWdpRZJ.exe
  C:\Windows\System\UWdpRZJ.exe
  2⤵
  PID:3464
- C:\Windows\System\WmWULxc.exe
  C:\Windows\System\WmWULxc.exe
  2⤵
  PID:3636
- C:\Windows\System\vajpgRu.exe
  C:\Windows\System\vajpgRu.exe
  2⤵
  PID:3904
- C:\Windows\System\IeIwKsp.exe
  C:\Windows\System\IeIwKsp.exe
  2⤵
  PID:4152
- C:\Windows\System\rRksIFm.exe
  C:\Windows\System\rRksIFm.exe
  2⤵
  PID:1528
- C:\Windows\System\ugyiSuz.exe
  C:\Windows\System\ugyiSuz.exe
  2⤵
  PID:4128
- C:\Windows\System\UIjvmTX.exe
  C:\Windows\System\UIjvmTX.exe
  2⤵
  PID:1500
- C:\Windows\System\gCkgIGJ.exe
  C:\Windows\System\gCkgIGJ.exe
  2⤵
  PID:4352
- C:\Windows\System\VqtdfvJ.exe
  C:\Windows\System\VqtdfvJ.exe
  2⤵
  PID:4328
- C:\Windows\System\yZVtXpu.exe
  C:\Windows\System\yZVtXpu.exe
  2⤵
  PID:4372
- C:\Windows\System\MWiZUWS.exe
  C:\Windows\System\MWiZUWS.exe
  2⤵
  PID:4452
- C:\Windows\System\olGmWZI.exe
  C:\Windows\System\olGmWZI.exe
  2⤵
  PID:4508
- C:\Windows\System\vRlRYIf.exe
  C:\Windows\System\vRlRYIf.exe
  2⤵
  PID:4584
- C:\Windows\System\gnlsfHY.exe
  C:\Windows\System\gnlsfHY.exe
  2⤵
  PID:4628
- C:\Windows\System\RpubVry.exe
  C:\Windows\System\RpubVry.exe
  2⤵
  PID:4712
- C:\Windows\System\gVjMoom.exe
  C:\Windows\System\gVjMoom.exe
  2⤵
  PID:4792
- C:\Windows\System\NrLXXMN.exe
  C:\Windows\System\NrLXXMN.exe
  2⤵
  PID:4760
- C:\Windows\System\MFgcXwj.exe
  C:\Windows\System\MFgcXwj.exe
  2⤵
  PID:4824
- C:\Windows\System\brIkQDJ.exe
  C:\Windows\System\brIkQDJ.exe
  2⤵
  PID:4904
- C:\Windows\System\IitSJld.exe
  C:\Windows\System\IitSJld.exe
  2⤵
  PID:1604
- C:\Windows\System\CVrPdVN.exe
  C:\Windows\System\CVrPdVN.exe
  2⤵
  PID:4964
- C:\Windows\System\PceuLwb.exe
  C:\Windows\System\PceuLwb.exe
  2⤵
  PID:5024
- C:\Windows\System\VMUXNbc.exe
  C:\Windows\System\VMUXNbc.exe
  2⤵
  PID:1272
- C:\Windows\System\aveyilp.exe
  C:\Windows\System\aveyilp.exe
  2⤵
  PID:5088
- C:\Windows\System\RNWqXKp.exe
  C:\Windows\System\RNWqXKp.exe
  2⤵
  PID:2336
- C:\Windows\System\uTzwAow.exe
  C:\Windows\System\uTzwAow.exe
  2⤵
  PID:3916
- C:\Windows\System\SQqQpAB.exe
  C:\Windows\System\SQqQpAB.exe
  2⤵
  PID:3976
- C:\Windows\System\eXKQwdC.exe
  C:\Windows\System\eXKQwdC.exe
  2⤵
  PID:4108
- C:\Windows\System\kdBKzRm.exe
  C:\Windows\System\kdBKzRm.exe
  2⤵
  PID:4248
- C:\Windows\System\NiisZyV.exe
  C:\Windows\System\NiisZyV.exe
  2⤵
  PID:4312
- C:\Windows\System\iKqFRwx.exe
  C:\Windows\System\iKqFRwx.exe
  2⤵
  PID:4368
- C:\Windows\System\nbEBWJe.exe
  C:\Windows\System\nbEBWJe.exe
  2⤵
  PID:4488
- C:\Windows\System\UzYCCkj.exe
  C:\Windows\System\UzYCCkj.exe
  2⤵
  PID:4524
- C:\Windows\System\nSTgJgR.exe
  C:\Windows\System\nSTgJgR.exe
  2⤵
  PID:4604
- C:\Windows\System\jeqCdnF.exe
  C:\Windows\System\jeqCdnF.exe
  2⤵
  PID:4744
- C:\Windows\System\EjMBlpa.exe
  C:\Windows\System\EjMBlpa.exe
  2⤵
  PID:4808
- C:\Windows\System\PFnnHZe.exe
  C:\Windows\System\PFnnHZe.exe
  2⤵
  PID:4888
- C:\Windows\System\YaMAoRa.exe
  C:\Windows\System\YaMAoRa.exe
  2⤵
  PID:4924
- C:\Windows\System\sKHjbrG.exe
  C:\Windows\System\sKHjbrG.exe
  2⤵
  PID:4968
- C:\Windows\System\hKvcoIX.exe
  C:\Windows\System\hKvcoIX.exe
  2⤵
  PID:3480
- C:\Windows\System\BnauUrW.exe
  C:\Windows\System\BnauUrW.exe
  2⤵
  PID:2632
- C:\Windows\System\SOxUMbE.exe
  C:\Windows\System\SOxUMbE.exe
  2⤵
  PID:2644
- C:\Windows\System\uxilQew.exe
  C:\Windows\System\uxilQew.exe
  2⤵
  PID:4212
- C:\Windows\System\aigZYNc.exe
  C:\Windows\System\aigZYNc.exe
  2⤵
  PID:5132
- C:\Windows\System\EuuLevX.exe
  C:\Windows\System\EuuLevX.exe
  2⤵
  PID:5152
- C:\Windows\System\EWFuhew.exe
  C:\Windows\System\EWFuhew.exe
  2⤵
  PID:5172
- C:\Windows\System\gVYrStl.exe
  C:\Windows\System\gVYrStl.exe
  2⤵
  PID:5192
- C:\Windows\System\KiByjUu.exe
  C:\Windows\System\KiByjUu.exe
  2⤵
  PID:5216
- C:\Windows\System\oxphidA.exe
  C:\Windows\System\oxphidA.exe
  2⤵
  PID:5236
- C:\Windows\System\JzDykDj.exe
  C:\Windows\System\JzDykDj.exe
  2⤵
  PID:5256
- C:\Windows\System\gcUUmHq.exe
  C:\Windows\System\gcUUmHq.exe
  2⤵
  PID:5276
- C:\Windows\System\QHyMgBN.exe
  C:\Windows\System\QHyMgBN.exe
  2⤵
  PID:5296
- C:\Windows\System\DlvBdnv.exe
  C:\Windows\System\DlvBdnv.exe
  2⤵
  PID:5316
- C:\Windows\System\sZaWfky.exe
  C:\Windows\System\sZaWfky.exe
  2⤵
  PID:5336
- C:\Windows\System\qJCPvon.exe
  C:\Windows\System\qJCPvon.exe
  2⤵
  PID:5356
- C:\Windows\System\RpmXfFl.exe
  C:\Windows\System\RpmXfFl.exe
  2⤵
  PID:5376
- C:\Windows\System\LmsvgpR.exe
  C:\Windows\System\LmsvgpR.exe
  2⤵
  PID:5396
- C:\Windows\System\MunFKWi.exe
  C:\Windows\System\MunFKWi.exe
  2⤵
  PID:5416
- C:\Windows\System\rfAiUei.exe
  C:\Windows\System\rfAiUei.exe
  2⤵
  PID:5436
- C:\Windows\System\deCypxE.exe
  C:\Windows\System\deCypxE.exe
  2⤵
  PID:5456
- C:\Windows\System\qUDyLFd.exe
  C:\Windows\System\qUDyLFd.exe
  2⤵
  PID:5476
- C:\Windows\System\cnEpIZw.exe
  C:\Windows\System\cnEpIZw.exe
  2⤵
  PID:5496
- C:\Windows\System\GbimyBf.exe
  C:\Windows\System\GbimyBf.exe
  2⤵
  PID:5516
- C:\Windows\System\hHGckmv.exe
  C:\Windows\System\hHGckmv.exe
  2⤵
  PID:5536
- C:\Windows\System\HCDGEFo.exe
  C:\Windows\System\HCDGEFo.exe
  2⤵
  PID:5556
- C:\Windows\System\XFjoFvE.exe
  C:\Windows\System\XFjoFvE.exe
  2⤵
  PID:5576
- C:\Windows\System\ZyNnSQb.exe
  C:\Windows\System\ZyNnSQb.exe
  2⤵
  PID:5596
- C:\Windows\System\MwzckQB.exe
  C:\Windows\System\MwzckQB.exe
  2⤵
  PID:5616
- C:\Windows\System\amkkRKH.exe
  C:\Windows\System\amkkRKH.exe
  2⤵
  PID:5636
- C:\Windows\System\gCtgBuH.exe
  C:\Windows\System\gCtgBuH.exe
  2⤵
  PID:5656
- C:\Windows\System\GFmDqgA.exe
  C:\Windows\System\GFmDqgA.exe
  2⤵
  PID:5676
- C:\Windows\System\brZTfBz.exe
  C:\Windows\System\brZTfBz.exe
  2⤵
  PID:5696
- C:\Windows\System\ZKjNTBi.exe
  C:\Windows\System\ZKjNTBi.exe
  2⤵
  PID:5716
- C:\Windows\System\miDSXEh.exe
  C:\Windows\System\miDSXEh.exe
  2⤵
  PID:5736
- C:\Windows\System\cuxojYQ.exe
  C:\Windows\System\cuxojYQ.exe
  2⤵
  PID:5756
- C:\Windows\System\ixCAqiS.exe
  C:\Windows\System\ixCAqiS.exe
  2⤵
  PID:5776
- C:\Windows\System\BtGRwZa.exe
  C:\Windows\System\BtGRwZa.exe
  2⤵
  PID:5796
- C:\Windows\System\tzsJNrK.exe
  C:\Windows\System\tzsJNrK.exe
  2⤵
  PID:5816
- C:\Windows\System\EkmAKAt.exe
  C:\Windows\System\EkmAKAt.exe
  2⤵
  PID:5836
- C:\Windows\System\VuscaOJ.exe
  C:\Windows\System\VuscaOJ.exe
  2⤵
  PID:5856
- C:\Windows\System\DeCkgHM.exe
  C:\Windows\System\DeCkgHM.exe
  2⤵
  PID:5876
- C:\Windows\System\NSDkvNb.exe
  C:\Windows\System\NSDkvNb.exe
  2⤵
  PID:5896
- C:\Windows\System\OxiNphf.exe
  C:\Windows\System\OxiNphf.exe
  2⤵
  PID:5916
- C:\Windows\System\rNBikPQ.exe
  C:\Windows\System\rNBikPQ.exe
  2⤵
  PID:5936
- C:\Windows\System\ucSmCwM.exe
  C:\Windows\System\ucSmCwM.exe
  2⤵
  PID:5956
- C:\Windows\System\YSzqwhA.exe
  C:\Windows\System\YSzqwhA.exe
  2⤵
  PID:5976
- C:\Windows\System\gZWwRYP.exe
  C:\Windows\System\gZWwRYP.exe
  2⤵
  PID:5996
- C:\Windows\System\DfjlSUN.exe
  C:\Windows\System\DfjlSUN.exe
  2⤵
  PID:6016
- C:\Windows\System\eQSWNoi.exe
  C:\Windows\System\eQSWNoi.exe
  2⤵
  PID:6036
- C:\Windows\System\rpWskxC.exe
  C:\Windows\System\rpWskxC.exe
  2⤵
  PID:6056
- C:\Windows\System\OZLJXfP.exe
  C:\Windows\System\OZLJXfP.exe
  2⤵
  PID:6080
- C:\Windows\System\cxUBhUA.exe
  C:\Windows\System\cxUBhUA.exe
  2⤵
  PID:4300
- C:\Windows\System\LvdSEBw.exe
  C:\Windows\System\LvdSEBw.exe
  2⤵
  PID:4544
- C:\Windows\System\MSySEjq.exe
  C:\Windows\System\MSySEjq.exe
  2⤵
  PID:4528
- C:\Windows\System\SFkqVhd.exe
  C:\Windows\System\SFkqVhd.exe
  2⤵
  PID:4748
- C:\Windows\System\PEClgfo.exe
  C:\Windows\System\PEClgfo.exe
  2⤵
  PID:2520
- C:\Windows\System\QiqhHgs.exe
  C:\Windows\System\QiqhHgs.exe
  2⤵
  PID:5064
- C:\Windows\System\AnBNViI.exe
  C:\Windows\System\AnBNViI.exe
  2⤵
  PID:1112
- C:\Windows\System\NQZIPhf.exe
  C:\Windows\System\NQZIPhf.exe
  2⤵
  PID:3356
- C:\Windows\System\CpOVfDy.exe
  C:\Windows\System\CpOVfDy.exe
  2⤵
  PID:2268
- C:\Windows\System\pwHzKQl.exe
  C:\Windows\System\pwHzKQl.exe
  2⤵
  PID:5148
- C:\Windows\System\MLpbqhG.exe
  C:\Windows\System\MLpbqhG.exe
  2⤵
  PID:5164
- C:\Windows\System\qKzkhbh.exe
  C:\Windows\System\qKzkhbh.exe
  2⤵
  PID:5204
- C:\Windows\System\leqdesk.exe
  C:\Windows\System\leqdesk.exe
  2⤵
  PID:5244
- C:\Windows\System\cIiocTq.exe
  C:\Windows\System\cIiocTq.exe
  2⤵
  PID:5272
- C:\Windows\System\AjeUHXb.exe
  C:\Windows\System\AjeUHXb.exe
  2⤵
  PID:5308
- C:\Windows\System\XdKFmgd.exe
  C:\Windows\System\XdKFmgd.exe
  2⤵
  PID:5344
- C:\Windows\System\UgpgkYM.exe
  C:\Windows\System\UgpgkYM.exe
  2⤵
  PID:5364
- C:\Windows\System\vJMhxpG.exe
  C:\Windows\System\vJMhxpG.exe
  2⤵
  PID:5424
- C:\Windows\System\BsJOPSX.exe
  C:\Windows\System\BsJOPSX.exe
  2⤵
  PID:5428
- C:\Windows\System\JpTHnwM.exe
  C:\Windows\System\JpTHnwM.exe
  2⤵
  PID:5472
- C:\Windows\System\PQmGpAC.exe
  C:\Windows\System\PQmGpAC.exe
  2⤵
  PID:5504
- C:\Windows\System\eyRnJTt.exe
  C:\Windows\System\eyRnJTt.exe
  2⤵
  PID:5528
- C:\Windows\System\OyqPKcS.exe
  C:\Windows\System\OyqPKcS.exe
  2⤵
  PID:5568
- C:\Windows\System\KPhAHTF.exe
  C:\Windows\System\KPhAHTF.exe
  2⤵
  PID:5608
- C:\Windows\System\tupWigQ.exe
  C:\Windows\System\tupWigQ.exe
  2⤵
  PID:5664
- C:\Windows\System\mxCMrks.exe
  C:\Windows\System\mxCMrks.exe
  2⤵
  PID:5692
- C:\Windows\System\zzpvfea.exe
  C:\Windows\System\zzpvfea.exe
  2⤵
  PID:5712
- C:\Windows\System\NxCJpYg.exe
  C:\Windows\System\NxCJpYg.exe
  2⤵
  PID:5728
- C:\Windows\System\rAVLBEB.exe
  C:\Windows\System\rAVLBEB.exe
  2⤵
  PID:5792
- C:\Windows\System\yisauAO.exe
  C:\Windows\System\yisauAO.exe
  2⤵
  PID:5804
- C:\Windows\System\kpQQiVg.exe
  C:\Windows\System\kpQQiVg.exe
  2⤵
  PID:5832
- C:\Windows\System\MfewkJQ.exe
  C:\Windows\System\MfewkJQ.exe
  2⤵
  PID:5848
- C:\Windows\System\njdkbDh.exe
  C:\Windows\System\njdkbDh.exe
  2⤵
  PID:5912
- C:\Windows\System\rmJTuyG.exe
  C:\Windows\System\rmJTuyG.exe
  2⤵
  PID:5928
- C:\Windows\System\HYQDokX.exe
  C:\Windows\System\HYQDokX.exe
  2⤵
  PID:5992
- C:\Windows\System\IOUiqfT.exe
  C:\Windows\System\IOUiqfT.exe
  2⤵
  PID:6024
- C:\Windows\System\ZFIAzWK.exe
  C:\Windows\System\ZFIAzWK.exe
  2⤵
  PID:6048
- C:\Windows\System\nUuCyYf.exe
  C:\Windows\System\nUuCyYf.exe
  2⤵
  PID:6092
- C:\Windows\System\SUOHLwp.exe
  C:\Windows\System\SUOHLwp.exe
  2⤵
  PID:2768
- C:\Windows\System\GdIctNK.exe
  C:\Windows\System\GdIctNK.exe
  2⤵
  PID:3644
- C:\Windows\System\OmBvZWt.exe
  C:\Windows\System\OmBvZWt.exe
  2⤵
  PID:3516
- C:\Windows\System\cOFkMHv.exe
  C:\Windows\System\cOFkMHv.exe
  2⤵
  PID:2500
- C:\Windows\System\AywZuKK.exe
  C:\Windows\System\AywZuKK.exe
  2⤵
  PID:1224
- C:\Windows\System\EvsQNoa.exe
  C:\Windows\System\EvsQNoa.exe
  2⤵
  PID:1708
- C:\Windows\System\tPuWktv.exe
  C:\Windows\System\tPuWktv.exe
  2⤵
  PID:2836
- C:\Windows\System\fjPPeiX.exe
  C:\Windows\System\fjPPeiX.exe
  2⤵
  PID:2960
- C:\Windows\System\SzvRBeo.exe
  C:\Windows\System\SzvRBeo.exe
  2⤵
  PID:1960
- C:\Windows\System\IxTWcfE.exe
  C:\Windows\System\IxTWcfE.exe
  2⤵
  PID:1452
- C:\Windows\System\JtJHcJF.exe
  C:\Windows\System\JtJHcJF.exe
  2⤵
  PID:2152
- C:\Windows\System\SPagZDj.exe
  C:\Windows\System\SPagZDj.exe
  2⤵
  PID:6044
- C:\Windows\System\MOTCEZy.exe
  C:\Windows\System\MOTCEZy.exe
  2⤵
  PID:2292
- C:\Windows\System\AxcuDAl.exe
  C:\Windows\System\AxcuDAl.exe
  2⤵
  PID:4664
- C:\Windows\System\SmpHsRG.exe
  C:\Windows\System\SmpHsRG.exe
  2⤵
  PID:5072
- C:\Windows\System\mdPbQIz.exe
  C:\Windows\System\mdPbQIz.exe
  2⤵
  PID:2688
- C:\Windows\System\KvbhqlY.exe
  C:\Windows\System\KvbhqlY.exe
  2⤵
  PID:5200
- C:\Windows\System\TWDKorw.exe
  C:\Windows\System\TWDKorw.exe
  2⤵
  PID:5004
- C:\Windows\System\vJDrWzs.exe
  C:\Windows\System\vJDrWzs.exe
  2⤵
  PID:3700
- C:\Windows\System\FlWxwjZ.exe
  C:\Windows\System\FlWxwjZ.exe
  2⤵
  PID:5248
- C:\Windows\System\pwoRrrX.exe
  C:\Windows\System\pwoRrrX.exe
  2⤵
  PID:5384
- C:\Windows\System\rYzbUMG.exe
  C:\Windows\System\rYzbUMG.exe
  2⤵
  PID:5464
- C:\Windows\System\PFRfbvo.exe
  C:\Windows\System\PFRfbvo.exe
  2⤵
  PID:5284
- C:\Windows\System\fddMroY.exe
  C:\Windows\System\fddMroY.exe
  2⤵
  PID:5552
- C:\Windows\System\akimEVs.exe
  C:\Windows\System\akimEVs.exe
  2⤵
  PID:5408
- C:\Windows\System\FBDNfrk.exe
  C:\Windows\System\FBDNfrk.exe
  2⤵
  PID:5604
- C:\Windows\System\SsMgNyD.exe
  C:\Windows\System\SsMgNyD.exe
  2⤵
  PID:5652
- C:\Windows\System\GYWdVbP.exe
  C:\Windows\System\GYWdVbP.exe
  2⤵
  PID:5672
- C:\Windows\System\DFLjksK.exe
  C:\Windows\System\DFLjksK.exe
  2⤵
  PID:5688
- C:\Windows\System\udBFgFi.exe
  C:\Windows\System\udBFgFi.exe
  2⤵
  PID:5768
- C:\Windows\System\vkwdMip.exe
  C:\Windows\System\vkwdMip.exe
  2⤵
  PID:5852
- C:\Windows\System\QuXxHiZ.exe
  C:\Windows\System\QuXxHiZ.exe
  2⤵
  PID:5824
- C:\Windows\System\nJlQkfH.exe
  C:\Windows\System\nJlQkfH.exe
  2⤵
  PID:5904
- C:\Windows\System\pITdfwz.exe
  C:\Windows\System\pITdfwz.exe
  2⤵
  PID:5952
- C:\Windows\System\aLDKsHW.exe
  C:\Windows\System\aLDKsHW.exe
  2⤵
  PID:5972
- C:\Windows\System\fdIHZoC.exe
  C:\Windows\System\fdIHZoC.exe
  2⤵
  PID:6068
- C:\Windows\System\WvKmJuf.exe
  C:\Windows\System\WvKmJuf.exe
  2⤵
  PID:1856
- C:\Windows\System\ZKRmWmJ.exe
  C:\Windows\System\ZKRmWmJ.exe
  2⤵
  PID:2212
- C:\Windows\System\BltmFxv.exe
  C:\Windows\System\BltmFxv.exe
  2⤵
  PID:1968
- C:\Windows\System\YllhuBf.exe
  C:\Windows\System\YllhuBf.exe
  2⤵
  PID:836
- C:\Windows\System\bBVKuXe.exe
  C:\Windows\System\bBVKuXe.exe
  2⤵
  PID:4668
- C:\Windows\System\VXzFqjk.exe
  C:\Windows\System\VXzFqjk.exe
  2⤵
  PID:2064
- C:\Windows\System\YXhIYLF.exe
  C:\Windows\System\YXhIYLF.exe
  2⤵
  PID:4972
- C:\Windows\System\GqrmYsu.exe
  C:\Windows\System\GqrmYsu.exe
  2⤵
  PID:5388
- C:\Windows\System\UAwLvFB.exe
  C:\Windows\System\UAwLvFB.exe
  2⤵
  PID:2516
- C:\Windows\System\YRJkzFU.exe
  C:\Windows\System\YRJkzFU.exe
  2⤵
  PID:6128
- C:\Windows\System\PmHpMtc.exe
  C:\Windows\System\PmHpMtc.exe
  2⤵
  PID:5288
- C:\Windows\System\WczuuoC.exe
  C:\Windows\System\WczuuoC.exe
  2⤵
  PID:3076
- C:\Windows\System\FSkOjHJ.exe
  C:\Windows\System\FSkOjHJ.exe
  2⤵
  PID:2128
- C:\Windows\System\oZrtGQP.exe
  C:\Windows\System\oZrtGQP.exe
  2⤵
  PID:5332
- C:\Windows\System\baOOwlD.exe
  C:\Windows\System\baOOwlD.exe
  2⤵
  PID:4892
- C:\Windows\System\ZoRXJGO.exe
  C:\Windows\System\ZoRXJGO.exe
  2⤵
  PID:5628
- C:\Windows\System\hsUQFAo.exe
  C:\Windows\System\hsUQFAo.exe
  2⤵
  PID:5532
- C:\Windows\System\SRjVuEq.exe
  C:\Windows\System\SRjVuEq.exe
  2⤵
  PID:5684
- C:\Windows\System\BqlAtXK.exe
  C:\Windows\System\BqlAtXK.exe
  2⤵
  PID:6112
- C:\Windows\System\KfZjsyI.exe
  C:\Windows\System\KfZjsyI.exe
  2⤵
  PID:5984
- C:\Windows\System\pYzBhZa.exe
  C:\Windows\System\pYzBhZa.exe
  2⤵
  PID:5808
- C:\Windows\System\dmhueNX.exe
  C:\Windows\System\dmhueNX.exe
  2⤵
  PID:6008
- C:\Windows\System\GkCYBJi.exe
  C:\Windows\System\GkCYBJi.exe
  2⤵
  PID:892
- C:\Windows\System\UmYkmPJ.exe
  C:\Windows\System\UmYkmPJ.exe
  2⤵
  PID:3136
- C:\Windows\System\FoZMFwX.exe
  C:\Windows\System\FoZMFwX.exe
  2⤵
  PID:6028
- C:\Windows\System\YiwLsIc.exe
  C:\Windows\System\YiwLsIc.exe
  2⤵
  PID:4472
- C:\Windows\System\ECmMIbE.exe
  C:\Windows\System\ECmMIbE.exe
  2⤵
  PID:5404
- C:\Windows\System\QygCkNi.exe
  C:\Windows\System\QygCkNi.exe
  2⤵
  PID:5492
- C:\Windows\System\ZMvbYMi.exe
  C:\Windows\System\ZMvbYMi.exe
  2⤵
  PID:1648
- C:\Windows\System\iWvaNWz.exe
  C:\Windows\System\iWvaNWz.exe
  2⤵
  PID:2592
- C:\Windows\System\IZsTqcB.exe
  C:\Windows\System\IZsTqcB.exe
  2⤵
  PID:5232
- C:\Windows\System\xAVYgth.exe
  C:\Windows\System\xAVYgth.exe
  2⤵
  PID:5564
- C:\Windows\System\UZDqEQu.exe
  C:\Windows\System\UZDqEQu.exe
  2⤵
  PID:5944
- C:\Windows\System\AKznICj.exe
  C:\Windows\System\AKznICj.exe
  2⤵
  PID:5328
- C:\Windows\System\aZQAOmJ.exe
  C:\Windows\System\aZQAOmJ.exe
  2⤵
  PID:5872
- C:\Windows\System\dthCAmw.exe
  C:\Windows\System\dthCAmw.exe
  2⤵
  PID:408
- C:\Windows\System\vJFePSP.exe
  C:\Windows\System\vJFePSP.exe
  2⤵
  PID:4048
- C:\Windows\System\aDmIPGu.exe
  C:\Windows\System\aDmIPGu.exe
  2⤵
  PID:5544
- C:\Windows\System\qHZYubo.exe
  C:\Windows\System\qHZYubo.exe
  2⤵
  PID:572
- C:\Windows\System\iAnrnuW.exe
  C:\Windows\System\iAnrnuW.exe
  2⤵
  PID:6164
- C:\Windows\System\rkryAXU.exe
  C:\Windows\System\rkryAXU.exe
  2⤵
  PID:6180
- C:\Windows\System\KOdmvnM.exe
  C:\Windows\System\KOdmvnM.exe
  2⤵
  PID:6196
- C:\Windows\System\ekuOgsh.exe
  C:\Windows\System\ekuOgsh.exe
  2⤵
  PID:6228
- C:\Windows\System\fKiPzUu.exe
  C:\Windows\System\fKiPzUu.exe
  2⤵
  PID:6248
- C:\Windows\System\dtdJtTl.exe
  C:\Windows\System\dtdJtTl.exe
  2⤵
  PID:6264
- C:\Windows\System\YJpCHGe.exe
  C:\Windows\System\YJpCHGe.exe
  2⤵
  PID:6280
- C:\Windows\System\bRrRbyH.exe
  C:\Windows\System\bRrRbyH.exe
  2⤵
  PID:6312
- C:\Windows\System\WhxcbPt.exe
  C:\Windows\System\WhxcbPt.exe
  2⤵
  PID:6328
- C:\Windows\System\cjNIvlo.exe
  C:\Windows\System\cjNIvlo.exe
  2⤵
  PID:6344
- C:\Windows\System\giKruvC.exe
  C:\Windows\System\giKruvC.exe
  2⤵
  PID:6360
- C:\Windows\System\uaCpFnw.exe
  C:\Windows\System\uaCpFnw.exe
  2⤵
  PID:6380
- C:\Windows\System\OmegkQy.exe
  C:\Windows\System\OmegkQy.exe
  2⤵
  PID:6396
- C:\Windows\System\Bgcdbne.exe
  C:\Windows\System\Bgcdbne.exe
  2⤵
  PID:6412
- C:\Windows\System\MPgEHPe.exe
  C:\Windows\System\MPgEHPe.exe
  2⤵
  PID:6428
- C:\Windows\System\GgKkAbJ.exe
  C:\Windows\System\GgKkAbJ.exe
  2⤵
  PID:6444
- C:\Windows\System\cUXYwoB.exe
  C:\Windows\System\cUXYwoB.exe
  2⤵
  PID:6460
- C:\Windows\System\JmDQKDA.exe
  C:\Windows\System\JmDQKDA.exe
  2⤵
  PID:6484
- C:\Windows\System\klQFnPC.exe
  C:\Windows\System\klQFnPC.exe
  2⤵
  PID:6500
- C:\Windows\System\eqDpNJn.exe
  C:\Windows\System\eqDpNJn.exe
  2⤵
  PID:6516
- C:\Windows\System\mGFyBDC.exe
  C:\Windows\System\mGFyBDC.exe
  2⤵
  PID:6532
- C:\Windows\System\EXDRnax.exe
  C:\Windows\System\EXDRnax.exe
  2⤵
  PID:6548
- C:\Windows\System\JXOWYHp.exe
  C:\Windows\System\JXOWYHp.exe
  2⤵
  PID:6564
- C:\Windows\System\DzdZIZX.exe
  C:\Windows\System\DzdZIZX.exe
  2⤵
  PID:6580
- C:\Windows\System\HgYXdcM.exe
  C:\Windows\System\HgYXdcM.exe
  2⤵
  PID:6596
- C:\Windows\System\nxnZRfP.exe
  C:\Windows\System\nxnZRfP.exe
  2⤵
  PID:6620
- C:\Windows\System\lXiCSTM.exe
  C:\Windows\System\lXiCSTM.exe
  2⤵
  PID:6640
- C:\Windows\System\IvxKuic.exe
  C:\Windows\System\IvxKuic.exe
  2⤵
  PID:6656
- C:\Windows\System\NDLLoqo.exe
  C:\Windows\System\NDLLoqo.exe
  2⤵
  PID:6684
- C:\Windows\System\nIuevgZ.exe
  C:\Windows\System\nIuevgZ.exe
  2⤵
  PID:6700
- C:\Windows\System\FgTBzjp.exe
  C:\Windows\System\FgTBzjp.exe
  2⤵
  PID:6720
- C:\Windows\System\hbOWkYW.exe
  C:\Windows\System\hbOWkYW.exe
  2⤵
  PID:6740
- C:\Windows\System\kzOzNnw.exe
  C:\Windows\System\kzOzNnw.exe
  2⤵
  PID:6756
- C:\Windows\System\nTgPQWA.exe
  C:\Windows\System\nTgPQWA.exe
  2⤵
  PID:6772
- C:\Windows\System\EjIeeND.exe
  C:\Windows\System\EjIeeND.exe
  2⤵
  PID:6792
- C:\Windows\System\zxdnsyU.exe
  C:\Windows\System\zxdnsyU.exe
  2⤵
  PID:6808
- C:\Windows\System\PGTvnkL.exe
  C:\Windows\System\PGTvnkL.exe
  2⤵
  PID:6824
- C:\Windows\System\oSXGgpk.exe
  C:\Windows\System\oSXGgpk.exe
  2⤵
  PID:6840
- C:\Windows\System\wuRQyRW.exe
  C:\Windows\System\wuRQyRW.exe
  2⤵
  PID:6856
- C:\Windows\System\PeBvtGb.exe
  C:\Windows\System\PeBvtGb.exe
  2⤵
  PID:6872
- C:\Windows\System\axltRMa.exe
  C:\Windows\System\axltRMa.exe
  2⤵
  PID:6896
- C:\Windows\System\aHTBrSM.exe
  C:\Windows\System\aHTBrSM.exe
  2⤵
  PID:6920
- C:\Windows\System\LbkmByD.exe
  C:\Windows\System\LbkmByD.exe
  2⤵
  PID:6944
- C:\Windows\System\iSQAKIW.exe
  C:\Windows\System\iSQAKIW.exe
  2⤵
  PID:6960
- C:\Windows\System\UYJBsSe.exe
  C:\Windows\System\UYJBsSe.exe
  2⤵
  PID:6980
- C:\Windows\System\XPxDwNg.exe
  C:\Windows\System\XPxDwNg.exe
  2⤵
  PID:6996
- C:\Windows\System\NwAApCl.exe
  C:\Windows\System\NwAApCl.exe
  2⤵
  PID:7012
- C:\Windows\System\iCphuQO.exe
  C:\Windows\System\iCphuQO.exe
  2⤵
  PID:7028
- C:\Windows\System\zJLlHix.exe
  C:\Windows\System\zJLlHix.exe
  2⤵
  PID:7044
- C:\Windows\System\aLFtDgK.exe
  C:\Windows\System\aLFtDgK.exe
  2⤵
  PID:7100
- C:\Windows\System\gqCCaYF.exe
  C:\Windows\System\gqCCaYF.exe
  2⤵
  PID:7140
- C:\Windows\System\zWlQdpf.exe
  C:\Windows\System\zWlQdpf.exe
  2⤵
  PID:7160
- C:\Windows\System\rAMZANx.exe
  C:\Windows\System\rAMZANx.exe
  2⤵
  PID:2512
- C:\Windows\System\KNewATa.exe
  C:\Windows\System\KNewATa.exe
  2⤵
  PID:2648
- C:\Windows\System\FLiyfnW.exe
  C:\Windows\System\FLiyfnW.exe
  2⤵
  PID:5764
- C:\Windows\System\EBWwxIK.exe
  C:\Windows\System\EBWwxIK.exe
  2⤵
  PID:5188
- C:\Windows\System\ZNCQhUR.exe
  C:\Windows\System\ZNCQhUR.exe
  2⤵
  PID:2828
- C:\Windows\System\TPafidV.exe
  C:\Windows\System\TPafidV.exe
  2⤵
  PID:5160
- C:\Windows\System\ohZoZuA.exe
  C:\Windows\System\ohZoZuA.exe
  2⤵
  PID:6192
- C:\Windows\System\zSBCtsx.exe
  C:\Windows\System\zSBCtsx.exe
  2⤵
  PID:6236
- C:\Windows\System\pnqLtsR.exe
  C:\Windows\System\pnqLtsR.exe
  2⤵
  PID:6260
- C:\Windows\System\SwVNNhq.exe
  C:\Windows\System\SwVNNhq.exe
  2⤵
  PID:6292
- C:\Windows\System\EzUBSqe.exe
  C:\Windows\System\EzUBSqe.exe
  2⤵
  PID:6296
- C:\Windows\System\nBAOynC.exe
  C:\Windows\System\nBAOynC.exe
  2⤵
  PID:6352
- C:\Windows\System\SPMGjdg.exe
  C:\Windows\System\SPMGjdg.exe
  2⤵
  PID:6368
- C:\Windows\System\BoGhVmY.exe
  C:\Windows\System\BoGhVmY.exe
  2⤵
  PID:6452
- C:\Windows\System\YzPsdko.exe
  C:\Windows\System\YzPsdko.exe
  2⤵
  PID:6440
- C:\Windows\System\VRjVtoK.exe
  C:\Windows\System\VRjVtoK.exe
  2⤵
  PID:6480
- C:\Windows\System\IiHsRPp.exe
  C:\Windows\System\IiHsRPp.exe
  2⤵
  PID:6572
- C:\Windows\System\RkaxzBG.exe
  C:\Windows\System\RkaxzBG.exe
  2⤵
  PID:6496
- C:\Windows\System\UXHBIGr.exe
  C:\Windows\System\UXHBIGr.exe
  2⤵
  PID:6556
- C:\Windows\System\FuBNogL.exe
  C:\Windows\System\FuBNogL.exe
  2⤵
  PID:6604
- C:\Windows\System\HYlHXoy.exe
  C:\Windows\System\HYlHXoy.exe
  2⤵
  PID:6648
- C:\Windows\System\jKyKwEo.exe
  C:\Windows\System\jKyKwEo.exe
  2⤵
  PID:6636
- C:\Windows\System\eefqgcV.exe
  C:\Windows\System\eefqgcV.exe
  2⤵
  PID:6708
- C:\Windows\System\UucPIsH.exe
  C:\Windows\System\UucPIsH.exe
  2⤵
  PID:6728
- C:\Windows\System\ifUtMpI.exe
  C:\Windows\System\ifUtMpI.exe
  2⤵
  PID:6748
- C:\Windows\System\GwNmZAo.exe
  C:\Windows\System\GwNmZAo.exe
  2⤵
  PID:6800
- C:\Windows\System\JQJgIkr.exe
  C:\Windows\System\JQJgIkr.exe
  2⤵
  PID:6816
- C:\Windows\System\HMeyTOY.exe
  C:\Windows\System\HMeyTOY.exe
  2⤵
  PID:6832
- C:\Windows\System\pmczXvt.exe
  C:\Windows\System\pmczXvt.exe
  2⤵
  PID:6884
- C:\Windows\System\qKgtAJv.exe
  C:\Windows\System\qKgtAJv.exe
  2⤵
  PID:6932
- C:\Windows\System\nOpzIYv.exe
  C:\Windows\System\nOpzIYv.exe
  2⤵
  PID:6972
- C:\Windows\System\saRBUZo.exe
  C:\Windows\System\saRBUZo.exe
  2⤵
  PID:6908
- C:\Windows\System\VzmRcuk.exe
  C:\Windows\System\VzmRcuk.exe
  2⤵
  PID:6952
- C:\Windows\System\xyXfIoM.exe
  C:\Windows\System\xyXfIoM.exe
  2⤵
  PID:7020
- C:\Windows\System\DFlHKGt.exe
  C:\Windows\System\DFlHKGt.exe
  2⤵
  PID:7056
- C:\Windows\System\OfCRzfj.exe
  C:\Windows\System\OfCRzfj.exe
  2⤵
  PID:7072
- C:\Windows\System\DOlOPpx.exe
  C:\Windows\System\DOlOPpx.exe
  2⤵
  PID:7108
- C:\Windows\System\ESlPbeR.exe
  C:\Windows\System\ESlPbeR.exe
  2⤵
  PID:7124
- C:\Windows\System\CVpQRXk.exe
  C:\Windows\System\CVpQRXk.exe
  2⤵
  PID:7132
- C:\Windows\System\mPwZXMX.exe
  C:\Windows\System\mPwZXMX.exe
  2⤵
  PID:5968
- C:\Windows\System\oKSKUNF.exe
  C:\Windows\System\oKSKUNF.exe
  2⤵
  PID:1792
- C:\Windows\System\MvxnMJE.exe
  C:\Windows\System\MvxnMJE.exe
  2⤵
  PID:5884
- C:\Windows\System\ooMAsDU.exe
  C:\Windows\System\ooMAsDU.exe
  2⤵
  PID:6188
- C:\Windows\System\ffGZmQa.exe
  C:\Windows\System\ffGZmQa.exe
  2⤵
  PID:6240
- C:\Windows\System\FxdMjSZ.exe
  C:\Windows\System\FxdMjSZ.exe
  2⤵
  PID:6216
- C:\Windows\System\gtbGNDJ.exe
  C:\Windows\System\gtbGNDJ.exe
  2⤵
  PID:6388
- C:\Windows\System\exaDcYX.exe
  C:\Windows\System\exaDcYX.exe
  2⤵
  PID:6320
- C:\Windows\System\KcKCigS.exe
  C:\Windows\System\KcKCigS.exe
  2⤵
  PID:6436
- C:\Windows\System\dBtGLel.exe
  C:\Windows\System\dBtGLel.exe
  2⤵
  PID:6544
- C:\Windows\System\srZsrOf.exe
  C:\Windows\System\srZsrOf.exe
  2⤵
  PID:6616
- C:\Windows\System\jBbIcfU.exe
  C:\Windows\System\jBbIcfU.exe
  2⤵
  PID:6472
- C:\Windows\System\fbiakpr.exe
  C:\Windows\System\fbiakpr.exe
  2⤵
  PID:6540
- C:\Windows\System\DpJMGTp.exe
  C:\Windows\System\DpJMGTp.exe
  2⤵
  PID:6696
- C:\Windows\System\fcnxHST.exe
  C:\Windows\System\fcnxHST.exe
  2⤵
  PID:6780
- C:\Windows\System\qIeNkOl.exe
  C:\Windows\System\qIeNkOl.exe
  2⤵
  PID:6928
- C:\Windows\System\KxALwNX.exe
  C:\Windows\System\KxALwNX.exe
  2⤵
  PID:6988
- C:\Windows\System\SmLdjBR.exe
  C:\Windows\System\SmLdjBR.exe
  2⤵
  PID:6836
- C:\Windows\System\zUYuxfC.exe
  C:\Windows\System\zUYuxfC.exe
  2⤵
  PID:6916
- C:\Windows\System\YEexVfZ.exe
  C:\Windows\System\YEexVfZ.exe
  2⤵
  PID:7052
- C:\Windows\System\bIGYOPH.exe
  C:\Windows\System\bIGYOPH.exe
  2⤵
  PID:7068
- C:\Windows\System\uGGBxIc.exe
  C:\Windows\System\uGGBxIc.exe
  2⤵
  PID:7128
- C:\Windows\System\XEqJiuz.exe
  C:\Windows\System\XEqJiuz.exe
  2⤵
  PID:2692
- C:\Windows\System\JjejgaB.exe
  C:\Windows\System\JjejgaB.exe
  2⤵
  PID:6212
- C:\Windows\System\sgjbkDt.exe
  C:\Windows\System\sgjbkDt.exe
  2⤵
  PID:6308
- C:\Windows\System\qnlVMAd.exe
  C:\Windows\System\qnlVMAd.exe
  2⤵
  PID:7148
- C:\Windows\System\QKnHjUz.exe
  C:\Windows\System\QKnHjUz.exe
  2⤵
  PID:6172
- C:\Windows\System\rpJLpRz.exe
  C:\Windows\System\rpJLpRz.exe
  2⤵
  PID:6420
- C:\Windows\System\xNBwkuf.exe
  C:\Windows\System\xNBwkuf.exe
  2⤵
  PID:6612
- C:\Windows\System\xVXrrfT.exe
  C:\Windows\System\xVXrrfT.exe
  2⤵
  PID:2908
- C:\Windows\System\RrGDCAW.exe
  C:\Windows\System\RrGDCAW.exe
  2⤵
  PID:7080
- C:\Windows\System\qxZumCG.exe
  C:\Windows\System\qxZumCG.exe
  2⤵
  PID:6632
- C:\Windows\System\rmfjtmH.exe
  C:\Windows\System\rmfjtmH.exe
  2⤵
  PID:5888
- C:\Windows\System\uTgJdpi.exe
  C:\Windows\System\uTgJdpi.exe
  2⤵
  PID:6408
- C:\Windows\System\qMnptjF.exe
  C:\Windows\System\qMnptjF.exe
  2⤵
  PID:6768
- C:\Windows\System\JqzyCmg.exe
  C:\Windows\System\JqzyCmg.exe
  2⤵
  PID:6940
- C:\Windows\System\KnxzuHt.exe
  C:\Windows\System\KnxzuHt.exe
  2⤵
  PID:7172
- C:\Windows\System\oNVwvhf.exe
  C:\Windows\System\oNVwvhf.exe
  2⤵
  PID:7188
- C:\Windows\System\jXGRsFX.exe
  C:\Windows\System\jXGRsFX.exe
  2⤵
  PID:7204
- C:\Windows\System\gikTbAo.exe
  C:\Windows\System\gikTbAo.exe
  2⤵
  PID:7220
- C:\Windows\System\kJFvbEB.exe
  C:\Windows\System\kJFvbEB.exe
  2⤵
  PID:7236
- C:\Windows\System\LMKQfYJ.exe
  C:\Windows\System\LMKQfYJ.exe
  2⤵
  PID:7252
- C:\Windows\System\OzoYoEb.exe
  C:\Windows\System\OzoYoEb.exe
  2⤵
  PID:7268
- C:\Windows\System\fnJQeaO.exe
  C:\Windows\System\fnJQeaO.exe
  2⤵
  PID:7284
- C:\Windows\System\wDtPzcu.exe
  C:\Windows\System\wDtPzcu.exe
  2⤵
  PID:7300
- C:\Windows\System\oBdlxVG.exe
  C:\Windows\System\oBdlxVG.exe
  2⤵
  PID:7320
- C:\Windows\System\dfskbIF.exe
  C:\Windows\System\dfskbIF.exe
  2⤵
  PID:7336
- C:\Windows\System\pinpcQp.exe
  C:\Windows\System\pinpcQp.exe
  2⤵
  PID:7812
- C:\Windows\System\KEJkgVc.exe
  C:\Windows\System\KEJkgVc.exe
  2⤵
  PID:7828
- C:\Windows\System\ThBEfSn.exe
  C:\Windows\System\ThBEfSn.exe
  2⤵
  PID:7848
- C:\Windows\System\kckwGzO.exe
  C:\Windows\System\kckwGzO.exe
  2⤵
  PID:7868
- C:\Windows\System\CUFXHWa.exe
  C:\Windows\System\CUFXHWa.exe
  2⤵
  PID:7888
- C:\Windows\System\BEkacMH.exe
  C:\Windows\System\BEkacMH.exe
  2⤵
  PID:7908
- C:\Windows\System\iTRlAen.exe
  C:\Windows\System\iTRlAen.exe
  2⤵
  PID:7924
- C:\Windows\System\KZgpExJ.exe
  C:\Windows\System\KZgpExJ.exe
  2⤵
  PID:7952
- C:\Windows\System\PzlvRTE.exe
  C:\Windows\System\PzlvRTE.exe
  2⤵
  PID:7976
- C:\Windows\System\dKvUfKj.exe
  C:\Windows\System\dKvUfKj.exe
  2⤵
  PID:7992
- C:\Windows\System\lZBmlUh.exe
  C:\Windows\System\lZBmlUh.exe
  2⤵
  PID:8012
- C:\Windows\System\nFVTVgQ.exe
  C:\Windows\System\nFVTVgQ.exe
  2⤵
  PID:8032
- C:\Windows\System\JJAPZTI.exe
  C:\Windows\System\JJAPZTI.exe
  2⤵
  PID:8052
- C:\Windows\System\drJAJrU.exe
  C:\Windows\System\drJAJrU.exe
  2⤵
  PID:8072
- C:\Windows\System\WjSBpKR.exe
  C:\Windows\System\WjSBpKR.exe
  2⤵
  PID:8092
- C:\Windows\System\rKGlFgp.exe
  C:\Windows\System\rKGlFgp.exe
  2⤵
  PID:8112
- C:\Windows\System\JLtTAiv.exe
  C:\Windows\System\JLtTAiv.exe
  2⤵
  PID:8132
- C:\Windows\System\DikdCqp.exe
  C:\Windows\System\DikdCqp.exe
  2⤵
  PID:8148
- C:\Windows\System\bNHncLj.exe
  C:\Windows\System\bNHncLj.exe
  2⤵
  PID:8164
- C:\Windows\System\mjiuMwL.exe
  C:\Windows\System\mjiuMwL.exe
  2⤵
  PID:8188
- C:\Windows\System\yShzXbR.exe
  C:\Windows\System\yShzXbR.exe
  2⤵
  PID:6340
- C:\Windows\System\ysAODbj.exe
  C:\Windows\System\ysAODbj.exe
  2⤵
  PID:5572
- C:\Windows\System\xfwEyvf.exe
  C:\Windows\System\xfwEyvf.exe
  2⤵
  PID:6788
- C:\Windows\System\tZztcxd.exe
  C:\Windows\System\tZztcxd.exe
  2⤵
  PID:7200
- C:\Windows\System\oDapOZj.exe
  C:\Windows\System\oDapOZj.exe
  2⤵
  PID:6868
- C:\Windows\System\wZcAYfz.exe
  C:\Windows\System\wZcAYfz.exe
  2⤵
  PID:7216
- C:\Windows\System\dVuuGuy.exe
  C:\Windows\System\dVuuGuy.exe
  2⤵
  PID:7264
- C:\Windows\System\OBZLVBS.exe
  C:\Windows\System\OBZLVBS.exe
  2⤵
  PID:7344
- C:\Windows\System\KnRDiWg.exe
  C:\Windows\System\KnRDiWg.exe
  2⤵
  PID:7352
- C:\Windows\System\RtabfOi.exe
  C:\Windows\System\RtabfOi.exe
  2⤵
  PID:7368
- C:\Windows\System\qoVeAPZ.exe
  C:\Windows\System\qoVeAPZ.exe
  2⤵
  PID:7392
- C:\Windows\System\SJaREmj.exe
  C:\Windows\System\SJaREmj.exe
  2⤵
  PID:7400
- C:\Windows\System\ZvuqyCa.exe
  C:\Windows\System\ZvuqyCa.exe
  2⤵
  PID:7432
- C:\Windows\System\xasiHGj.exe
  C:\Windows\System\xasiHGj.exe
  2⤵
  PID:7452
- C:\Windows\System\KBDvSbP.exe
  C:\Windows\System\KBDvSbP.exe
  2⤵
  PID:7468
- C:\Windows\System\vxiwOgc.exe
  C:\Windows\System\vxiwOgc.exe
  2⤵
  PID:7480
- C:\Windows\System\avhpuNS.exe
  C:\Windows\System\avhpuNS.exe
  2⤵
  PID:7512
- C:\Windows\System\GvJgpwM.exe
  C:\Windows\System\GvJgpwM.exe
  2⤵
  PID:7544
- C:\Windows\System\MLVegUy.exe
  C:\Windows\System\MLVegUy.exe
  2⤵
  PID:7740
- C:\Windows\System\Wonlmri.exe
  C:\Windows\System\Wonlmri.exe
  2⤵
  PID:7560
- C:\Windows\System\gBtiwju.exe
  C:\Windows\System\gBtiwju.exe
  2⤵
  PID:7580
- C:\Windows\System\NAumguZ.exe
  C:\Windows\System\NAumguZ.exe
  2⤵
  PID:7596
- C:\Windows\System\bfBOCFV.exe
  C:\Windows\System\bfBOCFV.exe
  2⤵
  PID:7616
- C:\Windows\System\vTKsNUl.exe
  C:\Windows\System\vTKsNUl.exe
  2⤵
  PID:7636
- C:\Windows\System\dfQbxkK.exe
  C:\Windows\System\dfQbxkK.exe
  2⤵
  PID:7656
- C:\Windows\System\mqXFSEg.exe
  C:\Windows\System\mqXFSEg.exe
  2⤵
  PID:7672
- C:\Windows\System\bPXCOTb.exe
  C:\Windows\System\bPXCOTb.exe
  2⤵
  PID:7564
- C:\Windows\System\aiVvfrl.exe
  C:\Windows\System\aiVvfrl.exe
  2⤵
  PID:7704
- C:\Windows\System\dezeekP.exe
  C:\Windows\System\dezeekP.exe
  2⤵
  PID:7724
- C:\Windows\System\VQlZiko.exe
  C:\Windows\System\VQlZiko.exe
  2⤵
  PID:7756
- C:\Windows\System\kyEZdQL.exe
  C:\Windows\System\kyEZdQL.exe
  2⤵
  PID:7776
- C:\Windows\System\iQjDEDd.exe
  C:\Windows\System\iQjDEDd.exe
  2⤵
  PID:7792
- C:\Windows\System\pEubsPA.exe
  C:\Windows\System\pEubsPA.exe
  2⤵
  PID:7808
- C:\Windows\System\JGPhZog.exe
  C:\Windows\System\JGPhZog.exe
  2⤵
  PID:7840
- C:\Windows\System\OCOyRul.exe
  C:\Windows\System\OCOyRul.exe
  2⤵
  PID:7936
- C:\Windows\System\voqcfVL.exe
  C:\Windows\System\voqcfVL.exe
  2⤵
  PID:7968
- C:\Windows\System\ZJHMgmM.exe
  C:\Windows\System\ZJHMgmM.exe
  2⤵
  PID:8000
- C:\Windows\System\dbiJCZO.exe
  C:\Windows\System\dbiJCZO.exe
  2⤵
  PID:8020
- C:\Windows\System\TGQRLUh.exe
  C:\Windows\System\TGQRLUh.exe
  2⤵
  PID:8068
- C:\Windows\System\QvRMwTc.exe
  C:\Windows\System\QvRMwTc.exe
  2⤵
  PID:8100
- C:\Windows\System\FHLfIbb.exe
  C:\Windows\System\FHLfIbb.exe
  2⤵
  PID:8156
- C:\Windows\System\wxEqqnu.exe
  C:\Windows\System\wxEqqnu.exe
  2⤵
  PID:8140
- C:\Windows\System\HJlmjvz.exe
  C:\Windows\System\HJlmjvz.exe
  2⤵
  PID:6304
- C:\Windows\System\eOZWKMJ.exe
  C:\Windows\System\eOZWKMJ.exe
  2⤵
  PID:6664
- C:\Windows\System\WXAagnl.exe
  C:\Windows\System\WXAagnl.exe
  2⤵
  PID:7280
- C:\Windows\System\qFjhOPD.exe
  C:\Windows\System\qFjhOPD.exe
  2⤵
  PID:7212
- C:\Windows\System\yYUchFR.exe
  C:\Windows\System\yYUchFR.exe
  2⤵
  PID:7260
- C:\Windows\System\DVoEitc.exe
  C:\Windows\System\DVoEitc.exe
  2⤵
  PID:7332
- C:\Windows\System\CGWNzgf.exe
  C:\Windows\System\CGWNzgf.exe
  2⤵
  PID:7364
- C:\Windows\System\giNftEW.exe
  C:\Windows\System\giNftEW.exe
  2⤵
  PID:7412
- C:\Windows\System\JuaPCeT.exe
  C:\Windows\System\JuaPCeT.exe
  2⤵
  PID:7428
- C:\Windows\System\JKxFZhe.exe
  C:\Windows\System\JKxFZhe.exe
  2⤵
  PID:7396
- C:\Windows\System\ARGMhSF.exe
  C:\Windows\System\ARGMhSF.exe
  2⤵
  PID:7492
- C:\Windows\System\pkeWXbc.exe
  C:\Windows\System\pkeWXbc.exe
  2⤵
  PID:7536
- C:\Windows\System\WfixlJH.exe
  C:\Windows\System\WfixlJH.exe
  2⤵
  PID:7620
- C:\Windows\System\fdpxJrT.exe
  C:\Windows\System\fdpxJrT.exe
  2⤵
  PID:7608
- C:\Windows\System\CckuJYY.exe
  C:\Windows\System\CckuJYY.exe
  2⤵
  PID:7652
- C:\Windows\System\JAafmNp.exe
  C:\Windows\System\JAafmNp.exe
  2⤵
  PID:7516
- C:\Windows\System\Ebvwtge.exe
  C:\Windows\System\Ebvwtge.exe
  2⤵
  PID:7720
- C:\Windows\System\SYAzxwH.exe
  C:\Windows\System\SYAzxwH.exe
  2⤵
  PID:7804
- C:\Windows\System\AOwbxnz.exe
  C:\Windows\System\AOwbxnz.exe
  2⤵
  PID:6736
- C:\Windows\System\QTcbKVE.exe
  C:\Windows\System\QTcbKVE.exe
  2⤵
  PID:7880
- C:\Windows\System\AFnObEI.exe
  C:\Windows\System\AFnObEI.exe
  2⤵
  PID:7772
- C:\Windows\System\WHCKTub.exe
  C:\Windows\System\WHCKTub.exe
  2⤵
  PID:7632
- C:\Windows\System\YHOmvRB.exe
  C:\Windows\System\YHOmvRB.exe
  2⤵
  PID:7700
- C:\Windows\System\XqQZMwF.exe
  C:\Windows\System\XqQZMwF.exe
  2⤵
  PID:7784
- C:\Windows\System\oTzMeMg.exe
  C:\Windows\System\oTzMeMg.exe
  2⤵
  PID:7932
- C:\Windows\System\xYnAUba.exe
  C:\Windows\System\xYnAUba.exe
  2⤵
  PID:7984
- C:\Windows\System\DyIZetT.exe
  C:\Windows\System\DyIZetT.exe
  2⤵
  PID:8048
- C:\Windows\System\IERVcOt.exe
  C:\Windows\System\IERVcOt.exe
  2⤵
  PID:8080
- C:\Windows\System\NVMkkOo.exe
  C:\Windows\System\NVMkkOo.exe
  2⤵
  PID:8084
- C:\Windows\System\BXWUrjV.exe
  C:\Windows\System\BXWUrjV.exe
  2⤵
  PID:8160
- C:\Windows\System\QDIuJtq.exe
  C:\Windows\System\QDIuJtq.exe
  2⤵
  PID:6160
- C:\Windows\System\vDHtqCe.exe
  C:\Windows\System\vDHtqCe.exe
  2⤵
  PID:7196
- C:\Windows\System\FdRzfHg.exe
  C:\Windows\System\FdRzfHg.exe
  2⤵
  PID:7384
- C:\Windows\System\UMewSay.exe
  C:\Windows\System\UMewSay.exe
  2⤵
  PID:7440
- C:\Windows\System\CCJEYgY.exe
  C:\Windows\System\CCJEYgY.exe
  2⤵
  PID:6764
- C:\Windows\System\TPQVPYt.exe
  C:\Windows\System\TPQVPYt.exe
  2⤵
  PID:7232
- C:\Windows\System\bgRWUbR.exe
  C:\Windows\System\bgRWUbR.exe
  2⤵
  PID:7376
- C:\Windows\System\RmefyDz.exe
  C:\Windows\System\RmefyDz.exe
  2⤵
  PID:7472
- C:\Windows\System\UEECtre.exe
  C:\Windows\System\UEECtre.exe
  2⤵
  PID:7648
- C:\Windows\System\ezbXrgl.exe
  C:\Windows\System\ezbXrgl.exe
  2⤵
  PID:7716
- C:\Windows\System\BZkZhQt.exe
  C:\Windows\System\BZkZhQt.exe
  2⤵
  PID:7900
- C:\Windows\System\hHwlgWn.exe
  C:\Windows\System\hHwlgWn.exe
  2⤵
  PID:7800
- C:\Windows\System\YzlGXvj.exe
  C:\Windows\System\YzlGXvj.exe
  2⤵
  PID:7696
- C:\Windows\System\VggAhlj.exe
  C:\Windows\System\VggAhlj.exe
  2⤵
  PID:7748
- C:\Windows\System\wQvlkhI.exe
  C:\Windows\System\wQvlkhI.exe
  2⤵
  PID:8040
- C:\Windows\System\nGzaLOC.exe
  C:\Windows\System\nGzaLOC.exe
  2⤵
  PID:7904
- C:\Windows\System\hfHeRjM.exe
  C:\Windows\System\hfHeRjM.exe
  2⤵
  PID:7184
- C:\Windows\System\xjbbabQ.exe
  C:\Windows\System\xjbbabQ.exe
  2⤵
  PID:7388
- C:\Windows\System\Nsgwrzx.exe
  C:\Windows\System\Nsgwrzx.exe
  2⤵
  PID:7508
- C:\Windows\System\DUZSive.exe
  C:\Windows\System\DUZSive.exe
  2⤵
  PID:7532
- C:\Windows\System\NbjHZYt.exe
  C:\Windows\System\NbjHZYt.exe
  2⤵
  PID:7644
- C:\Windows\System\rlvRZwe.exe
  C:\Windows\System\rlvRZwe.exe
  2⤵
  PID:7920
- C:\Windows\System\nGjDbmh.exe
  C:\Windows\System\nGjDbmh.exe
  2⤵
  PID:8104
- C:\Windows\System\AcBaLmc.exe
  C:\Windows\System\AcBaLmc.exe
  2⤵
  PID:8108
- C:\Windows\System\EwNLWJL.exe
  C:\Windows\System\EwNLWJL.exe
  2⤵
  PID:7420
- C:\Windows\System\meIMbdM.exe
  C:\Windows\System\meIMbdM.exe
  2⤵
  PID:7948
- C:\Windows\System\yOMUvLF.exe
  C:\Windows\System\yOMUvLF.exe
  2⤵
  PID:7228
- C:\Windows\System\SViSsOi.exe
  C:\Windows\System\SViSsOi.exe
  2⤵
  PID:7876
- C:\Windows\System\bIMiQjg.exe
  C:\Windows\System\bIMiQjg.exe
  2⤵
  PID:8224
- C:\Windows\System\usAiCXC.exe
  C:\Windows\System\usAiCXC.exe
  2⤵
  PID:8240
- C:\Windows\System\AMsrLTU.exe
  C:\Windows\System\AMsrLTU.exe
  2⤵
  PID:8260
- C:\Windows\System\IoMOrIh.exe
  C:\Windows\System\IoMOrIh.exe
  2⤵
  PID:8276
- C:\Windows\System\esKGkQC.exe
  C:\Windows\System\esKGkQC.exe
  2⤵
  PID:8292
- C:\Windows\System\GksPfxC.exe
  C:\Windows\System\GksPfxC.exe
  2⤵
  PID:8324
- C:\Windows\System\dHxELWb.exe
  C:\Windows\System\dHxELWb.exe
  2⤵
  PID:8340
- C:\Windows\System\uVPPTVe.exe
  C:\Windows\System\uVPPTVe.exe
  2⤵
  PID:8360
- C:\Windows\System\jcgFaow.exe
  C:\Windows\System\jcgFaow.exe
  2⤵
  PID:8380
- C:\Windows\System\SUhytKA.exe
  C:\Windows\System\SUhytKA.exe
  2⤵
  PID:8396
- C:\Windows\System\pMVCmjk.exe
  C:\Windows\System\pMVCmjk.exe
  2⤵
  PID:8416
- C:\Windows\System\wfnKtSL.exe
  C:\Windows\System\wfnKtSL.exe
  2⤵
  PID:8432
- C:\Windows\System\wXDHIfm.exe
  C:\Windows\System\wXDHIfm.exe
  2⤵
  PID:8456
- C:\Windows\System\cwLeFvG.exe
  C:\Windows\System\cwLeFvG.exe
  2⤵
  PID:8472
- C:\Windows\System\nAYsZWO.exe
  C:\Windows\System\nAYsZWO.exe
  2⤵
  PID:8500
- C:\Windows\System\vuqFnio.exe
  C:\Windows\System\vuqFnio.exe
  2⤵
  PID:8528
- C:\Windows\System\jAqvLei.exe
  C:\Windows\System\jAqvLei.exe
  2⤵
  PID:8544
- C:\Windows\System\wkBxZtn.exe
  C:\Windows\System\wkBxZtn.exe
  2⤵
  PID:8560
- C:\Windows\System\USxBcQl.exe
  C:\Windows\System\USxBcQl.exe
  2⤵
  PID:8584
- C:\Windows\System\nOMwbZi.exe
  C:\Windows\System\nOMwbZi.exe
  2⤵
  PID:8604
- C:\Windows\System\Ctnaqim.exe
  C:\Windows\System\Ctnaqim.exe
  2⤵
  PID:8624
- C:\Windows\System\HixRDCq.exe
  C:\Windows\System\HixRDCq.exe
  2⤵
  PID:8640
- C:\Windows\System\dFYmWHp.exe
  C:\Windows\System\dFYmWHp.exe
  2⤵
  PID:8668
- C:\Windows\System\AFtgSAj.exe
  C:\Windows\System\AFtgSAj.exe
  2⤵
  PID:8684
- C:\Windows\System\dRZWSDH.exe
  C:\Windows\System\dRZWSDH.exe
  2⤵
  PID:8704
- C:\Windows\System\vkAGjpS.exe
  C:\Windows\System\vkAGjpS.exe
  2⤵
  PID:8724
- C:\Windows\System\ZWpDlLG.exe
  C:\Windows\System\ZWpDlLG.exe
  2⤵
  PID:8740
- C:\Windows\System\GcnVFme.exe
  C:\Windows\System\GcnVFme.exe
  2⤵
  PID:8760
- C:\Windows\System\RKvUMnG.exe
  C:\Windows\System\RKvUMnG.exe
  2⤵
  PID:8776
- C:\Windows\System\IUWFTwW.exe
  C:\Windows\System\IUWFTwW.exe
  2⤵
  PID:8792
- C:\Windows\System\qSvbsND.exe
  C:\Windows\System\qSvbsND.exe
  2⤵
  PID:8808
- C:\Windows\System\gSnbiui.exe
  C:\Windows\System\gSnbiui.exe
  2⤵
  PID:8824
- C:\Windows\System\YaQmeXD.exe
  C:\Windows\System\YaQmeXD.exe
  2⤵
  PID:8848
- C:\Windows\System\pznflCe.exe
  C:\Windows\System\pznflCe.exe
  2⤵
  PID:8876
- C:\Windows\System\TmVXdja.exe
  C:\Windows\System\TmVXdja.exe
  2⤵
  PID:8892
- C:\Windows\System\xKqywTk.exe
  C:\Windows\System\xKqywTk.exe
  2⤵
  PID:8912
- C:\Windows\System\smWEiBW.exe
  C:\Windows\System\smWEiBW.exe
  2⤵
  PID:8932
- C:\Windows\System\fGfNPVW.exe
  C:\Windows\System\fGfNPVW.exe
  2⤵
  PID:8964
- C:\Windows\System\LFdUzUt.exe
  C:\Windows\System\LFdUzUt.exe
  2⤵
  PID:8984
- C:\Windows\System\GhWThsj.exe
  C:\Windows\System\GhWThsj.exe
  2⤵
  PID:9032
- C:\Windows\System\IFRTEQm.exe
  C:\Windows\System\IFRTEQm.exe
  2⤵
  PID:9052
- C:\Windows\System\YxgoInV.exe
  C:\Windows\System\YxgoInV.exe
  2⤵
  PID:9068
- C:\Windows\System\QsdftGQ.exe
  C:\Windows\System\QsdftGQ.exe
  2⤵
  PID:9084
- C:\Windows\System\ckEzYdB.exe
  C:\Windows\System\ckEzYdB.exe
  2⤵
  PID:9100
- C:\Windows\System\woIawOI.exe
  C:\Windows\System\woIawOI.exe
  2⤵
  PID:9128
- C:\Windows\System\OrWSByP.exe
  C:\Windows\System\OrWSByP.exe
  2⤵
  PID:9168
- C:\Windows\System\BrcEuBS.exe
  C:\Windows\System\BrcEuBS.exe
  2⤵
  PID:9184
- C:\Windows\System\LcxECJn.exe
  C:\Windows\System\LcxECJn.exe
  2⤵
  PID:9200
- C:\Windows\System\lqIbiJh.exe
  C:\Windows\System\lqIbiJh.exe
  2⤵
  PID:7688
- C:\Windows\System\jmHzLJX.exe
  C:\Windows\System\jmHzLJX.exe
  2⤵
  PID:7276
- C:\Windows\System\vpomRMU.exe
  C:\Windows\System\vpomRMU.exe
  2⤵
  PID:7752
- C:\Windows\System\sVriLzT.exe
  C:\Windows\System\sVriLzT.exe
  2⤵
  PID:8216
- C:\Windows\System\RiDpvnQ.exe
  C:\Windows\System\RiDpvnQ.exe
  2⤵
  PID:8252
- C:\Windows\System\OFtXmuq.exe
  C:\Windows\System\OFtXmuq.exe
  2⤵
  PID:8304
- C:\Windows\System\FvWioQS.exe
  C:\Windows\System\FvWioQS.exe
  2⤵
  PID:8316
- C:\Windows\System\ywZhRrm.exe
  C:\Windows\System\ywZhRrm.exe
  2⤵
  PID:8356
- C:\Windows\System\TJNarbr.exe
  C:\Windows\System\TJNarbr.exe
  2⤵
  PID:8404
- C:\Windows\System\QUleUYz.exe
  C:\Windows\System\QUleUYz.exe
  2⤵
  PID:8448
- C:\Windows\System\jrIWtLz.exe
  C:\Windows\System\jrIWtLz.exe
  2⤵
  PID:8424
- C:\Windows\System\raGbwYM.exe
  C:\Windows\System\raGbwYM.exe
  2⤵
  PID:8464
- C:\Windows\System\CTIrqzX.exe
  C:\Windows\System\CTIrqzX.exe
  2⤵
  PID:7556
- C:\Windows\System\gbEhkMf.exe
  C:\Windows\System\gbEhkMf.exe
  2⤵
  PID:8552
- C:\Windows\System\ioJtfNH.exe
  C:\Windows\System\ioJtfNH.exe
  2⤵
  PID:8572
- C:\Windows\System\pbWtiLX.exe
  C:\Windows\System\pbWtiLX.exe
  2⤵
  PID:8612
- C:\Windows\System\GADLkjg.exe
  C:\Windows\System\GADLkjg.exe
  2⤵
  PID:8648
- C:\Windows\System\RwaDAls.exe
  C:\Windows\System\RwaDAls.exe
  2⤵
  PID:8652
- C:\Windows\System\ScBEick.exe
  C:\Windows\System\ScBEick.exe
  2⤵
  PID:8732
- C:\Windows\System\AtJxpoK.exe
  C:\Windows\System\AtJxpoK.exe
  2⤵
  PID:8768
- C:\Windows\System\vlwYqSX.exe
  C:\Windows\System\vlwYqSX.exe
  2⤵
  PID:8832
- C:\Windows\System\ErPCAle.exe
  C:\Windows\System\ErPCAle.exe
  2⤵
  PID:8884
- C:\Windows\System\rFFdIRJ.exe
  C:\Windows\System\rFFdIRJ.exe
  2⤵
  PID:8856
- C:\Windows\System\hdhoAiS.exe
  C:\Windows\System\hdhoAiS.exe
  2⤵
  PID:8908
- C:\Windows\System\OexCkkA.exe
  C:\Windows\System\OexCkkA.exe
  2⤵
  PID:8992
- C:\Windows\System\lmvesdr.exe
  C:\Windows\System\lmvesdr.exe
  2⤵
  PID:8996
- C:\Windows\System\ZMRWTbe.exe
  C:\Windows\System\ZMRWTbe.exe
  2⤵
  PID:9020
- C:\Windows\System\Rmolwpa.exe
  C:\Windows\System\Rmolwpa.exe
  2⤵
  PID:9060
- C:\Windows\System\zutlyOX.exe
  C:\Windows\System\zutlyOX.exe
  2⤵
  PID:9092
- C:\Windows\System\ZegvMBN.exe
  C:\Windows\System\ZegvMBN.exe
  2⤵
  PID:9148
- C:\Windows\System\NBZuVXm.exe
  C:\Windows\System\NBZuVXm.exe
  2⤵
  PID:9176
- C:\Windows\System\sArwmPI.exe
  C:\Windows\System\sArwmPI.exe
  2⤵
  PID:9208
- C:\Windows\System\yvbfBCz.exe
  C:\Windows\System\yvbfBCz.exe
  2⤵
  PID:6224
- C:\Windows\System\LHsDEvE.exe
  C:\Windows\System\LHsDEvE.exe
  2⤵
  PID:8248
- C:\Windows\System\AdLWPOT.exe
  C:\Windows\System\AdLWPOT.exe
  2⤵
  PID:8236
- C:\Windows\System\hfIZiJt.exe
  C:\Windows\System\hfIZiJt.exe
  2⤵
  PID:8300
- C:\Windows\System\FZOBFYT.exe
  C:\Windows\System\FZOBFYT.exe
  2⤵
  PID:8376
- C:\Windows\System\ituoGuj.exe
  C:\Windows\System\ituoGuj.exe
  2⤵
  PID:8336
- C:\Windows\System\ZaRUkuH.exe
  C:\Windows\System\ZaRUkuH.exe
  2⤵
  PID:8484
- C:\Windows\System\JZzlwBa.exe
  C:\Windows\System\JZzlwBa.exe
  2⤵
  PID:8468
- C:\Windows\System\HNVOxNf.exe
  C:\Windows\System\HNVOxNf.exe
  2⤵
  PID:8576
- C:\Windows\System\mmcMltp.exe
  C:\Windows\System\mmcMltp.exe
  2⤵
  PID:8632
- C:\Windows\System\UDItCBr.exe
  C:\Windows\System\UDItCBr.exe
  2⤵
  PID:8696
- C:\Windows\System\QyXkiJi.exe
  C:\Windows\System\QyXkiJi.exe
  2⤵
  PID:8680
- C:\Windows\System\ZEwBXFm.exe
  C:\Windows\System\ZEwBXFm.exe
  2⤵
  PID:8752
- C:\Windows\System\TfePWGj.exe
  C:\Windows\System\TfePWGj.exe
  2⤵
  PID:8836
- C:\Windows\System\LrCqSTs.exe
  C:\Windows\System\LrCqSTs.exe
  2⤵
  PID:8928
- C:\Windows\System\yurdIlY.exe
  C:\Windows\System\yurdIlY.exe
  2⤵
  PID:8784
- C:\Windows\System\eKiRpcD.exe
  C:\Windows\System\eKiRpcD.exe
  2⤵
  PID:9024
- C:\Windows\System\ITdvTnE.exe
  C:\Windows\System\ITdvTnE.exe
  2⤵
  PID:9040
- C:\Windows\System\REsIdQc.exe
  C:\Windows\System\REsIdQc.exe
  2⤵
  PID:9048
- C:\Windows\System\qRcbEeg.exe
  C:\Windows\System\qRcbEeg.exe
  2⤵
  PID:8196
- C:\Windows\System\cUVygNs.exe
  C:\Windows\System\cUVygNs.exe
  2⤵
  PID:7628
- C:\Windows\System\kGACjDW.exe
  C:\Windows\System\kGACjDW.exe
  2⤵
  PID:8212
- C:\Windows\System\EPZlkBY.exe
  C:\Windows\System\EPZlkBY.exe
  2⤵
  PID:8320
- C:\Windows\System\vhlOFdh.exe
  C:\Windows\System\vhlOFdh.exe
  2⤵
  PID:9124
- C:\Windows\System\rCoZzXQ.exe
  C:\Windows\System\rCoZzXQ.exe
  2⤵
  PID:8428
- C:\Windows\System\MbomKPQ.exe
  C:\Windows\System\MbomKPQ.exe
  2⤵
  PID:9012
- C:\Windows\System\ksAaxkT.exe
  C:\Windows\System\ksAaxkT.exe
  2⤵
  PID:8904
- C:\Windows\System\cPsNimA.exe
  C:\Windows\System\cPsNimA.exe
  2⤵
  PID:9108
- C:\Windows\System\IfHVVSZ.exe
  C:\Windows\System\IfHVVSZ.exe
  2⤵
  PID:8208
- C:\Windows\System\wgQQdzw.exe
  C:\Windows\System\wgQQdzw.exe
  2⤵
  PID:7424
- C:\Windows\System\YPfrxKm.exe
  C:\Windows\System\YPfrxKm.exe
  2⤵
  PID:7884
- C:\Windows\System\wcGvGBY.exe
  C:\Windows\System\wcGvGBY.exe
  2⤵
  PID:8452
- C:\Windows\System\XOtzvKG.exe
  C:\Windows\System\XOtzvKG.exe
  2⤵
  PID:8540
- C:\Windows\System\JqOYyKB.exe
  C:\Windows\System\JqOYyKB.exe
  2⤵
  PID:9044
- C:\Windows\System\jreNxZU.exe
  C:\Windows\System\jreNxZU.exe
  2⤵
  PID:8620
- C:\Windows\System\OcVYLHl.exe
  C:\Windows\System\OcVYLHl.exe
  2⤵
  PID:9136
- C:\Windows\System\ALaQqUV.exe
  C:\Windows\System\ALaQqUV.exe
  2⤵
  PID:9140
- C:\Windows\System\zkSBqvz.exe
  C:\Windows\System\zkSBqvz.exe
  2⤵
  PID:8256
- C:\Windows\System\NFzofSQ.exe
  C:\Windows\System\NFzofSQ.exe
  2⤵
  PID:8496
- C:\Windows\System\BfxseYL.exe
  C:\Windows\System\BfxseYL.exe
  2⤵
  PID:9000
- C:\Windows\System\hfdDoxJ.exe
  C:\Windows\System\hfdDoxJ.exe
  2⤵
  PID:9156
- C:\Windows\System\oWvCJMe.exe
  C:\Windows\System\oWvCJMe.exe
  2⤵
  PID:8664
- C:\Windows\System\oZnvCSY.exe
  C:\Windows\System\oZnvCSY.exe
  2⤵
  PID:8288
- C:\Windows\System\sENdhkw.exe
  C:\Windows\System\sENdhkw.exe
  2⤵
  PID:9180
- C:\Windows\System\MQoLzuC.exe
  C:\Windows\System\MQoLzuC.exe
  2⤵
  PID:8980
- C:\Windows\System\bsxYYOa.exe
  C:\Windows\System\bsxYYOa.exe
  2⤵
  PID:8352
- C:\Windows\System\dQrGAwP.exe
  C:\Windows\System\dQrGAwP.exe
  2⤵
  PID:7944
- C:\Windows\System\fJarNdS.exe
  C:\Windows\System\fJarNdS.exe
  2⤵
  PID:9016
- C:\Windows\System\eFEsKGE.exe
  C:\Windows\System\eFEsKGE.exe
  2⤵
  PID:8920
- C:\Windows\System\YGQoCMf.exe
  C:\Windows\System\YGQoCMf.exe
  2⤵
  PID:9220
- C:\Windows\System\lXlyQwU.exe
  C:\Windows\System\lXlyQwU.exe
  2⤵
  PID:9248
- C:\Windows\System\qDIGzSo.exe
  C:\Windows\System\qDIGzSo.exe
  2⤵
  PID:9268
- C:\Windows\System\movKgNW.exe
  C:\Windows\System\movKgNW.exe
  2⤵
  PID:9284
- C:\Windows\System\sfYGEbD.exe
  C:\Windows\System\sfYGEbD.exe
  2⤵
  PID:9304
- C:\Windows\System\rgtJqZZ.exe
  C:\Windows\System\rgtJqZZ.exe
  2⤵
  PID:9324
- C:\Windows\System\nFzhfxA.exe
  C:\Windows\System\nFzhfxA.exe
  2⤵
  PID:9340
- C:\Windows\System\FxxMlCc.exe
  C:\Windows\System\FxxMlCc.exe
  2⤵
  PID:9360
- C:\Windows\System\zLyOlQc.exe
  C:\Windows\System\zLyOlQc.exe
  2⤵
  PID:9376
- C:\Windows\System\DYGPaat.exe
  C:\Windows\System\DYGPaat.exe
  2⤵
  PID:9396
- C:\Windows\System\vNkKRLh.exe
  C:\Windows\System\vNkKRLh.exe
  2⤵
  PID:9420
- C:\Windows\System\gAWzluS.exe
  C:\Windows\System\gAWzluS.exe
  2⤵
  PID:9436
- C:\Windows\System\nGrxuNg.exe
  C:\Windows\System\nGrxuNg.exe
  2⤵
  PID:9460
- C:\Windows\System\ygnaKRF.exe
  C:\Windows\System\ygnaKRF.exe
  2⤵
  PID:9480
- C:\Windows\System\pxBOuZT.exe
  C:\Windows\System\pxBOuZT.exe
  2⤵
  PID:9496
- C:\Windows\System\SjLZLsh.exe
  C:\Windows\System\SjLZLsh.exe
  2⤵
  PID:9520
- C:\Windows\System\sZXYfyD.exe
  C:\Windows\System\sZXYfyD.exe
  2⤵
  PID:9536
- C:\Windows\System\IpiVVil.exe
  C:\Windows\System\IpiVVil.exe
  2⤵
  PID:9564
- C:\Windows\System\YJjLbcJ.exe
  C:\Windows\System\YJjLbcJ.exe
  2⤵
  PID:9584
- C:\Windows\System\oIOgEXy.exe
  C:\Windows\System\oIOgEXy.exe
  2⤵
  PID:9616
- C:\Windows\System\VgFAJBI.exe
  C:\Windows\System\VgFAJBI.exe
  2⤵
  PID:9632
- C:\Windows\System\JtLpbaO.exe
  C:\Windows\System\JtLpbaO.exe
  2⤵
  PID:9648
- C:\Windows\System\lTZBfCa.exe
  C:\Windows\System\lTZBfCa.exe
  2⤵
  PID:9668
- C:\Windows\System\WuCXYXH.exe
  C:\Windows\System\WuCXYXH.exe
  2⤵
  PID:9692
- C:\Windows\System\ocMSMuH.exe
  C:\Windows\System\ocMSMuH.exe
  2⤵
  PID:9708
- C:\Windows\System\QVWlrex.exe
  C:\Windows\System\QVWlrex.exe
  2⤵
  PID:9724
- C:\Windows\System\fYkaqeO.exe
  C:\Windows\System\fYkaqeO.exe
  2⤵
  PID:9744
- C:\Windows\System\ThynKJU.exe
  C:\Windows\System\ThynKJU.exe
  2⤵
  PID:9764
- C:\Windows\System\SWsjcrd.exe
  C:\Windows\System\SWsjcrd.exe
  2⤵
  PID:9784
- C:\Windows\System\IDChSSf.exe
  C:\Windows\System\IDChSSf.exe
  2⤵
  PID:9800
- C:\Windows\System\ThTiTFI.exe
  C:\Windows\System\ThTiTFI.exe
  2⤵
  PID:9824
- C:\Windows\System\UAuJHQo.exe
  C:\Windows\System\UAuJHQo.exe
  2⤵
  PID:9848
- C:\Windows\System\GbXQWkp.exe
  C:\Windows\System\GbXQWkp.exe
  2⤵
  PID:9868
- C:\Windows\System\ZWpDNPK.exe
  C:\Windows\System\ZWpDNPK.exe
  2⤵
  PID:9884
- C:\Windows\System\MplZuQr.exe
  C:\Windows\System\MplZuQr.exe
  2⤵
  PID:9912
- C:\Windows\System\EULLOuE.exe
  C:\Windows\System\EULLOuE.exe
  2⤵
  PID:9928
- C:\Windows\System\OqUVrfr.exe
  C:\Windows\System\OqUVrfr.exe
  2⤵
  PID:9952
- C:\Windows\System\EwJlfTd.exe
  C:\Windows\System\EwJlfTd.exe
  2⤵
  PID:9972
- C:\Windows\System\nUlNSkj.exe
  C:\Windows\System\nUlNSkj.exe
  2⤵
  PID:9996
- C:\Windows\System\XPNQyNS.exe
  C:\Windows\System\XPNQyNS.exe
  2⤵
  PID:10012
- C:\Windows\System\cHcTmHE.exe
  C:\Windows\System\cHcTmHE.exe
  2⤵
  PID:10036
- C:\Windows\System\UhwWIQV.exe
  C:\Windows\System\UhwWIQV.exe
  2⤵
  PID:10052
- C:\Windows\System\VPKRgJb.exe
  C:\Windows\System\VPKRgJb.exe
  2⤵
  PID:10076
- C:\Windows\System\mZydOeD.exe
  C:\Windows\System\mZydOeD.exe
  2⤵
  PID:10100
- C:\Windows\System\XuAbhTK.exe
  C:\Windows\System\XuAbhTK.exe
  2⤵
  PID:10120
- C:\Windows\System\WdLeZoj.exe
  C:\Windows\System\WdLeZoj.exe
  2⤵
  PID:10136
- C:\Windows\System\sKXGKZg.exe
  C:\Windows\System\sKXGKZg.exe
  2⤵
  PID:10156
- C:\Windows\System\qiLLsdT.exe
  C:\Windows\System\qiLLsdT.exe
  2⤵
  PID:10180
- C:\Windows\System\rFNenQy.exe
  C:\Windows\System\rFNenQy.exe
  2⤵
  PID:10196
- C:\Windows\System\cBKZhtw.exe
  C:\Windows\System\cBKZhtw.exe
  2⤵
  PID:10220
- C:\Windows\System\qNAHFRa.exe
  C:\Windows\System\qNAHFRa.exe
  2⤵
  PID:10236
- C:\Windows\System\VbCXahZ.exe
  C:\Windows\System\VbCXahZ.exe
  2⤵
  PID:9236
- C:\Windows\System\pXwFEzg.exe
  C:\Windows\System\pXwFEzg.exe
  2⤵
  PID:9264
- C:\Windows\System\wqkNKgR.exe
  C:\Windows\System\wqkNKgR.exe
  2⤵
  PID:9320
- C:\Windows\System\OQxufGb.exe
  C:\Windows\System\OQxufGb.exe
  2⤵
  PID:9300
- C:\Windows\System\MqjKdav.exe
  C:\Windows\System\MqjKdav.exe
  2⤵
  PID:9332
- C:\Windows\System\ATZZnpm.exe
  C:\Windows\System\ATZZnpm.exe
  2⤵
  PID:9408
- C:\Windows\System\XnACKsG.exe
  C:\Windows\System\XnACKsG.exe
  2⤵
  PID:9432
- C:\Windows\System\FKhmpnM.exe
  C:\Windows\System\FKhmpnM.exe
  2⤵
  PID:8716
- C:\Windows\System\YkjuZFD.exe
  C:\Windows\System\YkjuZFD.exe
  2⤵
  PID:9508
- C:\Windows\System\EuAYUie.exe
  C:\Windows\System\EuAYUie.exe
  2⤵
  PID:9544
- C:\Windows\System\DPAiiLl.exe
  C:\Windows\System\DPAiiLl.exe
  2⤵
  PID:9556
- C:\Windows\System\XNGQBjb.exe
  C:\Windows\System\XNGQBjb.exe
  2⤵
  PID:9576
- C:\Windows\System\ImEovvt.exe
  C:\Windows\System\ImEovvt.exe
  2⤵
  PID:9624
- C:\Windows\System\qziUibB.exe
  C:\Windows\System\qziUibB.exe
  2⤵
  PID:9680
- C:\Windows\System\FoTVJio.exe
  C:\Windows\System\FoTVJio.exe
  2⤵
  PID:9720
- C:\Windows\System\UJatfvC.exe
  C:\Windows\System\UJatfvC.exe
  2⤵
  PID:9736
- C:\Windows\System\hdGjnMn.exe
  C:\Windows\System\hdGjnMn.exe
  2⤵
  PID:9880
- C:\Windows\System\cIPoHhj.exe
  C:\Windows\System\cIPoHhj.exe
  2⤵
  PID:9700
- C:\Windows\System\HfmZdxr.exe
  C:\Windows\System\HfmZdxr.exe
  2⤵
  PID:9812
- C:\Windows\System\BPBBvvA.exe
  C:\Windows\System\BPBBvvA.exe
  2⤵
  PID:9860
- C:\Windows\System\mkbolMZ.exe
  C:\Windows\System\mkbolMZ.exe
  2⤵
  PID:9892
- C:\Windows\System\EbAunVf.exe
  C:\Windows\System\EbAunVf.exe
  2⤵
  PID:10004
- C:\Windows\System\myyKNnM.exe
  C:\Windows\System\myyKNnM.exe
  2⤵
  PID:10048
- C:\Windows\System\TxFxubX.exe
  C:\Windows\System\TxFxubX.exe
  2⤵
  PID:9988
- C:\Windows\System\gNYAlrj.exe
  C:\Windows\System\gNYAlrj.exe
  2⤵
  PID:10060
- C:\Windows\System\nxUxvkk.exe
  C:\Windows\System\nxUxvkk.exe
  2⤵
  PID:10072
- C:\Windows\System\aignJvm.exe
  C:\Windows\System\aignJvm.exe
  2⤵
  PID:10116
- C:\Windows\System\MtCJzcj.exe
  C:\Windows\System\MtCJzcj.exe
  2⤵
  PID:10148
- C:\Windows\System\UHBtTtq.exe
  C:\Windows\System\UHBtTtq.exe
  2⤵
  PID:10188
- C:\Windows\System\ZGWxAil.exe
  C:\Windows\System\ZGWxAil.exe
  2⤵
  PID:10216
- C:\Windows\System\umUydpT.exe
  C:\Windows\System\umUydpT.exe
  2⤵
  PID:8868
- C:\Windows\System\cEQjTKJ.exe
  C:\Windows\System\cEQjTKJ.exe
  2⤵
  PID:9312
- C:\Windows\System\hxaiRCn.exe
  C:\Windows\System\hxaiRCn.exe
  2⤵
  PID:9356
- C:\Windows\System\SviWvmu.exe
  C:\Windows\System\SviWvmu.exe
  2⤵
  PID:9428
- C:\Windows\System\jPQWwjA.exe
  C:\Windows\System\jPQWwjA.exe
  2⤵
  PID:9444
- C:\Windows\System\gIDifEl.exe
  C:\Windows\System\gIDifEl.exe
  2⤵
  PID:9532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AMhRbUQ.exe

Filesize
6.0MB

MD5
19532c35cc77356595acf0d8ad3a0261

SHA1
091b8ed1b95022b369c81596d4147eb42a2c413c

SHA256
9aee3ba766eeb9b602806e1c790db11c649b706883f7279ce0d74ed2374af3c4

SHA512
763f520ec0e2a59e933f896cc1e08fdc8eac327ffb5f0f739d59070cd6ee7c0388e1653151a174ede829357b08801f5fec7aa8ca28139c1aadf3679a604d7449

Download Submit
C:\Windows\system\FJCCzdA.exe

Filesize
6.0MB

MD5
eab0a9fcc89d4587b6ee6b49d54e0352

SHA1
540998085395116eb4a00700083a888152a74e6b

SHA256
221f6d0cdc637edb4cd92b85367f54430ea3c2ffb6ecdbf06c966a8886926ee0

SHA512
2df867761a4754ce83d3158daaa395f897c64a00bd21f4d93cf4b73189bf6f745818c8c50cc3a8eb36eed2ec3beb0e14dce4ca445e143eed8101141c7236b9b7

Download Submit
C:\Windows\system\GhczCju.exe

Filesize
6.0MB

MD5
798179af78e51b1bbaa40915f668f52a

SHA1
88ef92e885d0af537d06c26e0317ba392859f880

SHA256
7d18221829d5fe9f4d3647872f14af0d651a1d1bda1336cd477edd036b4f580e

SHA512
24c73e9b923afd4768d79686d6ed3baa97f384502dc742942071d4df77032ed68962a5f84e113235565ca8c62b2118a9c92f568839df7e6d3a63cfadc2085f55

Download Submit
C:\Windows\system\QWmlAMy.exe

Filesize
6.0MB

MD5
368f30a93e00628dc1701c47b672bb78

SHA1
9174ee35c243e623c9c49323938a64c424063dd2

SHA256
e2a14c217c8dc25718f0111273ddfc4eea4179ff2e197b45575b7b107a9347bc

SHA512
9179678ffa57e7cdc2852590d8499662fa22660f102a49050c770f8efbcc779646231a8dc524add87abbd1b6d97a76e82b3259799a6a2e82d394cf71e23eb555

Download Submit
C:\Windows\system\QutfYve.exe

Filesize
6.0MB

MD5
4fc4757c3673909bbf8c41363d241234

SHA1
4566b47c76352be4930cddba18b46341db551183

SHA256
dafa7de2260c0e9f289cff766c45bc602f8a37b69562a14ecfc9640a5b9ab804

SHA512
8df37a4dddeb7e03d0357a15ea371555c4e3000dd8271ff933939209548b43554b5f1031ee8994defdd9f0fb10f7970bce29eba8027461fd169c7aa7157aa391

Download Submit
C:\Windows\system\VBIYFKL.exe

Filesize
6.0MB

MD5
56694dea52fd589999fbebf5917f1cb2

SHA1
cce74897f387d4acf664936ca56c3f118e02e3af

SHA256
6fc783a4de4007617772bab623ab456b3fc856f8a0a1d703672197ff7c299049

SHA512
861d62ae060732a84f087085dd3661f88c4381625012819b64ccee1fcace416536f7ef15fac76e172ecc9c83e1e21ecd06b7a68b2553a47afd3d8e1869b8926f

Download Submit
C:\Windows\system\WEMMfOr.exe

Filesize
6.0MB

MD5
06186314b7bdac9e5dfb166b2b6b1686

SHA1
b4312de9455a8fedf8d13e092a926ffd429d7f65

SHA256
fbec76dae6164ddf8fcf3edc65a0d6e3f7b3ad98b9448ebb233b04f3df2ed4a4

SHA512
73c30a3edf8ca569aea52fed9b4fc2b26a8d7d8d64575e83a532687f6cc4a034873cdce88c32b8e2315b79e789b2cc8bd98806a51a9aeb78cae6fd1765676173

Download Submit
C:\Windows\system\ZXzdVrT.exe

Filesize
6.0MB

MD5
1e5fd8e3f305ace35d61a6cd8793fdcf

SHA1
203d74b6cf60638253b45587c34f35849bedcb91

SHA256
915400dc581242013190b0589326f3efb1b6ec0374677473b6324cc33098f5da

SHA512
50915be6799d66c0d607415a3f9155949aeeb60dd57e7736112f96c059637aacc1c15e78ac7c2342f7319da8b90cbb648672d70a942f3f266a7e5cb7d55e2b3b

Download Submit
C:\Windows\system\fLMqdIM.exe

Filesize
6.0MB

MD5
79124203018e9a6c369b3950fed00036

SHA1
c1d259327d017869d0cc2d0e8e6905a5bd832dc7

SHA256
3c057821b89114d0c5d75706fca7c082a3e7ab09b2df90a77cb6a52019f6edd3

SHA512
6b5af7cd2aeb154fb3b5e0576bf246ccf4e29b8a44bad230285d9c5478e66ee1214ef5fb5effbf926568c90c7bcbd4aa617ba82866801d765299fd4aa4bec0f3

Download Submit
C:\Windows\system\fmlYiqF.exe

Filesize
6.0MB

MD5
8cfbff16fabe9642e4298364c42e59d6

SHA1
241f58af144233391d4decf28da9306c2766c03e

SHA256
36dfaca502977faa000f67d1385ae61e821a95c90242e60a386fcda917920745

SHA512
8e056a6512c1cafc4b1545cffb4155a7d7922dc1896a233ca5a877d8f3d22800b77ada04687db0422473d6374afb261c64a9915c529343736e3e3162b168862f

Download Submit
C:\Windows\system\gKgAKaW.exe

Filesize
6.0MB

MD5
9f88136607923f82a401be5537d13914

SHA1
dd83669a57b1927d1abdfc4609b5d58e7d26b648

SHA256
794ecfad44dffb497194dff0f61310de218032562804ef6bd2211212b30acef2

SHA512
6116317f10cc0353e465b06c06b6aba605d189ef5c5fab78a3b693796156ab0b8e53189bd1427d150a0bdf8e015d5774b49f896be9c518875a34873b3bbf603f

Download Submit
C:\Windows\system\gfIDoMm.exe

Filesize
6.0MB

MD5
453f4969cc328669064c502c3d45ebe8

SHA1
85ab1ae0fe2396baf995bb46c709b602f6275611

SHA256
b1e8dfc0e90211f01be71e1c915021e7f85a45cdf124819f80a8fb4a52667ffd

SHA512
a97dec0194961ff86cf6e40e1fd75adddfa7031488a9285cab1b0bdc62341087c12b5289a6e57a13a5c9bb3e6c89f06f9925e11501825a5f0347d02c56cd93aa

Download Submit
C:\Windows\system\mulGXAb.exe

Filesize
6.0MB

MD5
a058562c35e9887d563b0486a22d5cf6

SHA1
9c8f0cc19f7171a53f135ebc2e361871dd3de13e

SHA256
775042e51a315b42c9646ddbf5874e2e4fd011802fc2dc0c287dccc76c398fbf

SHA512
5ed4c7d6948380a3d62cbfdb8335cdc3988ba29af454ef8e75225065c29c3e543c8d9d84c56b3c71421883538edcb395a2c5980109792ff9b7e877e9a8e5d231

Download Submit
C:\Windows\system\nRsPXot.exe

Filesize
6.0MB

MD5
f277d6475daff121b85de4363e8919b5

SHA1
682482d5599ead25b0f3f003838a88c95fef84fd

SHA256
bf5836dde6c2599209e191e6b48619143b31d3a8d1b2e60cce52d08291f1e620

SHA512
7b9949fd8ab328cd4c2e428edfb61b1837ec99bc9696072a41e0cf89c870c3702825bd68a4e361c2c9978ded3f4b5af77f3a6b88bf53f875879d8509c88c699b

Download Submit
C:\Windows\system\qPLmwXo.exe

Filesize
6.0MB

MD5
66362c5b96ea62337b504e0c626eb019

SHA1
827005f1cec157630c797f1d0b68ccf2d1f15e0a

SHA256
a75ae2805dad1bcc7548feb795c245c889b0504b0f6eac9a4876af454d474c9e

SHA512
e77b5bd7ce735c5fdbbef7a8c7a7e49fa8080a04bb90f510a9fef825c196b881620df037d9204c8428dd4dbb4ac9f428f8635436003430e3d15eed114b953231

Download Submit
C:\Windows\system\ruWlWns.exe

Filesize
6.0MB

MD5
1ef6178e6debcddc21bf990c205b29ad

SHA1
85aa32822de1c4b094b51d42ee2e8efba1eee46c

SHA256
e2607d601996762e414b26c6009420ccbd30f21f8d17ef0baec9cfee99dee5ab

SHA512
83cd197b2f2cac53a9933386fe412b973303d0705273ce184e62171a8ac1314ec35011a70347084204295790e6085672f61d09dfc6d8d929573df896fe6c08cc

Download Submit
C:\Windows\system\sKpQdwW.exe

Filesize
6.0MB

MD5
f74bd564d51c799e495f86ac708825d9

SHA1
24fdb233d26869b131c54b9913f705d0bd2dc78f

SHA256
56b6dc5c891bfd9c4f2c8c44c93c6ee30757d6ef25af39e60e0700eba5673fd7

SHA512
9f3aead7ccefa18d66c7eae775f1931a5c029782eb826cd6ab0589999ee16a1e52e95136920b5d2c0f13ffe7431607e9679fc8e644c2f50fefff8bc184fec854

Download Submit
C:\Windows\system\sNFAyEX.exe

Filesize
6.0MB

MD5
c855f9ec0097572d14519f87182594a2

SHA1
b07eb7002efa73e4b150dca23ad69bb863b483e8

SHA256
361ae356fe1be78cae2683fb7950d8863e144907152ddbaa60f4801a8611654c

SHA512
e4b0e7aad4ce4d3f725cca9f8d9221f79330b7ce94c27e6c16244929c3629731997528823b72c473388129247fc1dfcb0222545f6d9ef80e7fbd7fc9325ea9fd

Download Submit
C:\Windows\system\wLNuSqP.exe

Filesize
6.0MB

MD5
9ac726d60ad9d339a52c44b3c7df203a

SHA1
9b18fcdae9d9c2bc3308ba55fa5f2412a8b90007

SHA256
a9b89676d1a25e2a176658918086e5a8a9867281bea5fc85bcece4ee95dbeb73

SHA512
59c5204c41f59c514bace04f733489a6b7b333032ef5b98b75552f500fad5628cd73ae98983c8e3e296f89b590f68fb44131b2a08dd50609ba66a276aaa00d24

Download Submit
C:\Windows\system\xyhUxTY.exe

Filesize
6.0MB

MD5
910dace3a01f7b958d6572540cdf8744

SHA1
b288132db13af72bb1268654544021322bbadb07

SHA256
568eb8e231158dc54c5efee0397a200847110e52dc365e70d33b57e0775abc4b

SHA512
05d0a53ec4efbc455bb5da4da1a67d1b36ba09da2f6b57af0282486e6a2a84804c30da04134dca93cb185a9e94d24ba77f495b210de76db37986596ec5661308

Download Submit
C:\Windows\system\zvPaMSj.exe

Filesize
6.0MB

MD5
fe5a8c3a40c7138eb0deaf5a2c454ef7

SHA1
0285e28dd1265af6fdbab4e15fdecc9f972d228a

SHA256
6b3a41e2beb95c190b44f2af6a5aeb9a34a8a4078873a2c345f20e781f790226

SHA512
4ad65698ff24e9040c182f5d3a2dc1064cc1e4e5005eb67039c542dfd1bbc6f8fb008db5877ed71055a56ebc9ba21d8968ad15a9a2a7be616957483964accca6

Download Submit
\Windows\system\CrdlSgz.exe

Filesize
6.0MB

MD5
eec2751faed113901c0a46d5d8fe0d1e

SHA1
c9d876bbe3d13a4a0d1c31d3488b5261d67a6fa2

SHA256
c2cc98aa5c26e5e7b7912627886469588ca45fac067a94e6669a1f2e257245ed

SHA512
cc48b70e89e47397b3df0b5b68c25ff61cfd2f008ea85f40417407c45db2af16934f8465fc85cb37a767cd7d4e8acf842992ebe9b3903f8eb368a599bbbb2286

Download Submit
\Windows\system\NZxAEkT.exe

Filesize
6.0MB

MD5
d5dfaa5f3708af0b83bc5b947df810e2

SHA1
c725bfa1791beb0966f157752097a516b6f0fbde

SHA256
f495c73409c048321aa296f30387f442ecd7d972c676e9d48d56e1c73b2977f9

SHA512
c794fdc9c03534f4c3446875d9b0e9f9f922a6d8963d89f47ac068a0a129d5f1dd8b5be358e239530e77b53f9c0034dc5cfe702a42f97ab959cce640e9d95171

Download Submit
\Windows\system\RrIGyZf.exe

Filesize
6.0MB

MD5
290711142066a6a6ce199cca9358acbc

SHA1
5e2f5fd52c3c6534eee65f04f12b04d2a6508e77

SHA256
e585932b14fb035b45c7b47b5a0db558f3d127ed477dfbfb948837c9af436c11

SHA512
234c4bd36470014c33b79ec577bb4a20bf90e0d06df7928555981c268b52708516ee552baeccf70251d7fabd53195386ea6acdd03249dc9c47275b6e2e392798

Download Submit
\Windows\system\UIOkuDx.exe

Filesize
6.0MB

MD5
9b558220db83080e34598c0d11adeb79

SHA1
d7224a510d2c7e74c3fb2d58b0319b595a5669c8

SHA256
bbab8bbbb0ce88accac634f5ada4100716f88378c87a9ef8eddff450754564c8

SHA512
d2e995e940c374a4fe11641a27f1e7209208a2697d34784562a95115ac9df3776915039d03ce75cb0b53e5202be3790cfcfb816aa133e719e52e21c7b8c20424

Download Submit
\Windows\system\UzdfCpv.exe

Filesize
6.0MB

MD5
66e0b4379c4259e009b7a4368b95eae0

SHA1
d8a21a9ae15a6f66108d00461434a1f1c5eaa5fb

SHA256
8365d0987942197d5cd1a5f3b4b0f6d9a996f4d908868c46ceb6f612c7a11820

SHA512
11314f8efe53fd6b1b85f58ed70f94e79069eca438316b0eede81a42d3b0b7b137201bf674e495c5d166a9818f1abe3016ce6defdb4e7b376fd2f62accb90a8c

Download Submit
\Windows\system\bQMoexU.exe

Filesize
6.0MB

MD5
cd81ef77e3098fa4ab72ba4bdc2e4555

SHA1
19e81a22299e58b2b36d73d52c8ce5fa4981156b

SHA256
3b0981eb2451c3c6c99048fbbfb6d3b3ede0285c0b9f95cc7b51ef4d4ad7a566

SHA512
ff1726e2de02ae0500989cb674d7d211561c64cbf86999e89041beac57baa368e03940c191464c5821bb1b5095391a7f84428b5fd5433f973ef23e792c978132

Download Submit
\Windows\system\eeucKKP.exe

Filesize
6.0MB

MD5
b060c1ed3caa3441260208a284ac89c8

SHA1
d3848f95f6913fafc06e52185d31c4921e45f88a

SHA256
3f7711c4b537dab5752641c211e85223dad5afb1c34a1555bfd0efb9242005ec

SHA512
e116b24194964294c555d8e30301f3bda0636b8e3f55f1183c2e697123a9381f46788dc71e7921d17a1399da9543849323441a91da3bc2dd176e092bc1c693a8

Download Submit
\Windows\system\iuvADHQ.exe

Filesize
6.0MB

MD5
c5dbd205e068dfb28653ddc9d114448c

SHA1
a0fc47a3b049db0acaecbca6fae96cb2c866071b

SHA256
ca40d2ef7014d72a3e40575727dd9b872526f0935269fe1cb7d02f6bb4ab369f

SHA512
4d73a9195111674c84eb47b91e52b47832e57902229ac4fde9e6aaae7952fbd6efcba7e52c71511fb5b10bb14f050185819d8f942ba70fbdb596027544728c17

Download Submit
\Windows\system\jLORRLs.exe

Filesize
6.0MB

MD5
86cc42ed419b15e16491b63dd998d0bc

SHA1
fef502cbc282c3d21d6553eb14e10cfff6daa178

SHA256
7d9b4bd97e351b94203ea3522ee5d50e273e00de92985052d8d4daabdf99bc36

SHA512
c83d9aa5c0bf350052ff327f1e1f701c44498ddce1f42e6422c44a14d1cf7898da00e15bff1aa09f0f78a48dbd8c32502fe06f0bbb435cae6698ed43aa5e7bbe

Download Submit
\Windows\system\mYlJQFz.exe

Filesize
6.0MB

MD5
49962ab4988126399c62f3c1dd7be673

SHA1
3cff17a960ba2eb4c187e58502a0a12237cd8033

SHA256
1f9e17f381c6bc97284326770afb1c31f147f15e60716dae9f7927b9456af947

SHA512
5d0d9af28388a4c5b57b63c2c8a56cce3a79aee86b8f073334055a5fd2a5410f0bdfad09f030a8bb6baeafc7c78c8dcea69d443bf77d856b6fe1dd73c6bd1bbc

Download Submit
\Windows\system\wCODNag.exe

Filesize
6.0MB

MD5
87e3d3d60b2942d925edd5aa81a5e6f9

SHA1
6ca5a76bf2169319fe4e0191a4ad7a4fe4bec2c1

SHA256
149f4d67f8f18ade10acb3226e90588a6470ae2069163bcc81a39d68ad42495e

SHA512
67d3166f6efc994613147e112496544fac48b2afc2cd973c6284eaba16c315dabc9ba57a16cf92b967a1cd938db53e485f6b3eabe44f471ea589661c6cd3648b

Download Submit
\Windows\system\yHEijgu.exe

Filesize
6.0MB

MD5
1dda7c42781c48f85890d4f27ba56f35

SHA1
363d36417bdd2a677e3ae5c770e2a953a62f61d8

SHA256
daf9393af2376679109cf637141809216dc7f1ecb4a4596b741e37be08f70d98

SHA512
da3c0d0a18c485c0ad3e296f697becec091a504cbaa223fef153b30361ca5a215108448b30bb2fd65381222a79ca40e59828efd9591dd135c660bf2387d2f80e

Download Submit
memory/1376-2663-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1376-21-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1868-2646-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-58-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1888-683-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1888-2853-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1888-101-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2084-93-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2084-555-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2084-2825-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2236-2745-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-36-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-2662-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2300-65-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2300-15-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2532-80-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2532-2822-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2532-303-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2560-183-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2560-2805-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2560-72-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2600-97-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2600-90-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2600-478-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2600-616-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2600-750-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2600-79-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2600-5-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-105-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2600-12-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2600-43-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/2600-31-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-19-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2600-0-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-28-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-76-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2600-57-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-61-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2600-69-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2600-38-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-46-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-2766-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-56-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-50-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-2760-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-55-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-2758-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2761-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-59-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-100-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2811-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2848-66-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3028-2819-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/3028-421-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/3028-86-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download