cobaltstrike | 1c13dd75e8244435b38e82d309dd7a856d61de55247659b07deb35fbe35df236

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b8ee7d252fd1722cff2b4585a5ffd565
SHA1

74ed9774ac086759a31123d0d4b8d2f42d9db0db
SHA256

1c13dd75e8244435b38e82d309dd7a856d61de55247659b07deb35fbe35df236
SHA512

28f3ee06e633571b1333c2907f620333162d236b077ca5fbbbbd1ebdf12b15a21dc0a4fd77529a56d6d806f57c4f00110a541cec82272c46960949f22ea26d51
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUV:T+q56utgpPF8u/7V

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225f-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017520-8.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018636-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018741-33.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018634-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019080-46.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001907c-39.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a033-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a020-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a452-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a454-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ed-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-142.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017429-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f71-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a05a-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-73.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-58.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1732-0-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225f-6.dat	xmrig
behavioral1/files/0x0008000000017520-8.dat	xmrig
behavioral1/files/0x0006000000018636-21.dat	xmrig
behavioral1/files/0x0006000000018741-33.dat	xmrig
behavioral1/files/0x0006000000018634-16.dat	xmrig
behavioral1/memory/1268-29-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/1732-28-0x0000000002400000-0x0000000002754000-memory.dmp	xmrig
behavioral1/memory/2412-27-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2836-25-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2516-23-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/480-36-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x0008000000019080-46.dat	xmrig
behavioral1/memory/2828-42-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x000900000001907c-39.dat	xmrig
behavioral1/memory/2752-48-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a033-97.dat	xmrig
behavioral1/files/0x000500000001a020-130.dat	xmrig
behavioral1/files/0x000500000001a3e4-148.dat	xmrig
behavioral1/files/0x000500000001a3e8-158.dat	xmrig
behavioral1/files/0x000500000001a3ea-162.dat	xmrig
behavioral1/memory/2828-664-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2628-1305-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/1732-1804-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/1732-1635-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2620-1306-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/1732-1124-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2852-1122-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2752-934-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a452-185.dat	xmrig
behavioral1/files/0x000500000001a445-174.dat	xmrig
behavioral1/files/0x000500000001a454-188.dat	xmrig
behavioral1/files/0x000500000001a447-180.dat	xmrig
behavioral1/files/0x000500000001a423-172.dat	xmrig
behavioral1/files/0x000500000001a3ed-167.dat	xmrig
behavioral1/files/0x000500000001a3e6-152.dat	xmrig
behavioral1/files/0x000500000001a2fc-142.dat	xmrig
behavioral1/files/0x0009000000017429-138.dat	xmrig
behavioral1/files/0x0005000000019cd5-119.dat	xmrig
behavioral1/files/0x0005000000019bf2-118.dat	xmrig
behavioral1/memory/1732-117-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/1732-114-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2920-113-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f71-105.dat	xmrig
behavioral1/files/0x0005000000019d69-104.dat	xmrig
behavioral1/files/0x000500000001a05a-101.dat	xmrig
behavioral1/files/0x0005000000019f57-88.dat	xmrig
behavioral1/files/0x0005000000019cfc-83.dat	xmrig
behavioral1/memory/2620-82-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d5c-78.dat	xmrig
behavioral1/memory/1732-74-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c0b-73.dat	xmrig
behavioral1/files/0x000500000001a2b9-124.dat	xmrig
behavioral1/files/0x0005000000019bec-50.dat	xmrig
behavioral1/memory/1732-61-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2628-60-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2852-59-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf0-58.dat	xmrig
behavioral1/memory/2412-4001-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2516-4002-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2836-4003-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/480-4005-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/1268-4004-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2828-4007-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2412	CzRUEhR.exe
2516	RqrmNFw.exe
2836	aKQCXxt.exe
1268	tnTYcGj.exe
480	txkNZCS.exe
2828	fFkLxsO.exe
2752	rmJQiPE.exe
2852	EHvHiXY.exe
2628	qcDkIbp.exe
2620	qAXpraK.exe
2920	fIsvlNG.exe
672	uHwVnoE.exe
1088	UUzTNbM.exe
2976	LKMKxpU.exe
2604	ObcajPJ.exe
2680	FajZKzI.exe
2508	UJiWCwJ.exe
2768	yObVIYP.exe
768	JsGowVY.exe
2936	ChoLDya.exe
1092	ymtBIvR.exe
1700	XPyXtcg.exe
1560	uTChpfj.exe
1588	tSdDtMq.exe
2972	hKRLvfy.exe
2240	Bgduowb.exe
1028	nFywLPm.exe
2116	HzPQvlP.exe
1524	WGCpBkB.exe
316	elTdjEB.exe
1032	AnuGkgK.exe
956	QqDrOnv.exe
2588	fTSXtyI.exe
832	aaXXoXA.exe
2900	nngVhTe.exe
1064	PzVpcCA.exe
1668	czEPKih.exe
1816	MSOsnRM.exe
908	IFGkqpi.exe
544	ixzJWoF.exe
1780	lfmCmRn.exe
1512	gDdOUAZ.exe
2492	JxGSpEk.exe
824	upQuUDw.exe
2320	PtBalFI.exe
1868	LrENJUg.exe
892	UXqspTn.exe
2216	ZyZDoWn.exe
2440	dQoNwLI.exe
1592	jmRMlmY.exe
2960	qyYCorU.exe
2988	FguQSmF.exe
2804	mOjNbsO.exe
1808	hkfVfgf.exe
2084	Xxttjxz.exe
1924	viQDCEU.exe
2220	BuxLkTr.exe
1508	mfyNFgI.exe
2344	hNXscVe.exe
1704	QGdFQEt.exe
2148	tXcGLuj.exe
2840	pFDSMER.exe
2640	ZHYJbRy.exe
2132	ItCuWrF.exe

Loads dropped DLL 64 IoCs

pid	Process
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1732-0-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x000a00000001225f-6.dat	upx
behavioral1/files/0x0008000000017520-8.dat	upx
behavioral1/files/0x0006000000018636-21.dat	upx
behavioral1/files/0x0006000000018741-33.dat	upx
behavioral1/files/0x0006000000018634-16.dat	upx
behavioral1/memory/1268-29-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2412-27-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2836-25-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2516-23-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/480-36-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x0008000000019080-46.dat	upx
behavioral1/memory/2828-42-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x000900000001907c-39.dat	upx
behavioral1/memory/2752-48-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x000500000001a033-97.dat	upx
behavioral1/files/0x000500000001a020-130.dat	upx
behavioral1/files/0x000500000001a3e4-148.dat	upx
behavioral1/files/0x000500000001a3e8-158.dat	upx
behavioral1/files/0x000500000001a3ea-162.dat	upx
behavioral1/memory/2828-664-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2628-1305-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2620-1306-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2852-1122-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2752-934-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x000500000001a452-185.dat	upx
behavioral1/files/0x000500000001a445-174.dat	upx
behavioral1/files/0x000500000001a454-188.dat	upx
behavioral1/files/0x000500000001a447-180.dat	upx
behavioral1/files/0x000500000001a423-172.dat	upx
behavioral1/files/0x000500000001a3ed-167.dat	upx
behavioral1/files/0x000500000001a3e6-152.dat	upx
behavioral1/files/0x000500000001a2fc-142.dat	upx
behavioral1/files/0x0009000000017429-138.dat	upx
behavioral1/files/0x0005000000019cd5-119.dat	upx
behavioral1/files/0x0005000000019bf2-118.dat	upx
behavioral1/memory/2920-113-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x0005000000019f71-105.dat	upx
behavioral1/files/0x0005000000019d69-104.dat	upx
behavioral1/files/0x000500000001a05a-101.dat	upx
behavioral1/files/0x0005000000019f57-88.dat	upx
behavioral1/files/0x0005000000019cfc-83.dat	upx
behavioral1/memory/2620-82-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x0005000000019d5c-78.dat	upx
behavioral1/files/0x0005000000019c0b-73.dat	upx
behavioral1/files/0x000500000001a2b9-124.dat	upx
behavioral1/files/0x0005000000019bec-50.dat	upx
behavioral1/memory/1732-61-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2628-60-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2852-59-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x0005000000019bf0-58.dat	upx
behavioral1/memory/2412-4001-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2516-4002-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2836-4003-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/480-4005-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/1268-4004-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2828-4007-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2752-4006-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2920-4011-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2620-4010-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2852-4009-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2628-4008-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ESUHLEZ.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmdZgSS.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LKMKxpU.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOjNbsO.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qObVdyB.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypGJuaI.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVgkxyL.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzOmSSi.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXLtdrp.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MghpkMI.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPsbReK.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqzCRjn.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZXxNSI.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDBCcXg.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAEptJN.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Bgduowb.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXcGLuj.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MvrQplB.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysnqBVk.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bWKvpio.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNdYipw.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjLsYbZ.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApJQJXp.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmjxFhg.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKXLIFj.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWNTTaF.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLCCuYM.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMHHkVc.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqhRHVt.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkBELQp.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAlmzHI.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfJXjFB.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYMdwWK.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjfFzXB.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKkFrjd.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yEFlJSz.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZocuEXx.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgKLgsp.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbUzqdU.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNBxbEu.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxxrYJc.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WqRIGGa.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHYJbRy.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkAmJlo.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqXRATW.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXvXKxM.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvrioxB.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USjmswk.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQExRTY.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFCVcUc.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAnBRrp.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHwhUNN.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKcCIiG.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrkxhoA.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpDYnIa.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqHnilK.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkTuzwA.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCzxJLq.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\saTcmWS.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQsabxA.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\srtoayC.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukwfgBS.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TxOHJLW.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvzeKJj.exe	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2412	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1732 wrote to memory of 2412	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1732 wrote to memory of 2412	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1732 wrote to memory of 2516	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1732 wrote to memory of 2516	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1732 wrote to memory of 2516	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1732 wrote to memory of 2836	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1732 wrote to memory of 2836	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1732 wrote to memory of 2836	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1732 wrote to memory of 1268	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1732 wrote to memory of 1268	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1732 wrote to memory of 1268	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1732 wrote to memory of 480	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1732 wrote to memory of 480	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1732 wrote to memory of 480	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1732 wrote to memory of 2828	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1732 wrote to memory of 2828	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1732 wrote to memory of 2828	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1732 wrote to memory of 2752	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1732 wrote to memory of 2752	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1732 wrote to memory of 2752	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1732 wrote to memory of 2852	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1732 wrote to memory of 2852	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1732 wrote to memory of 2852	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1732 wrote to memory of 2628	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1732 wrote to memory of 2628	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1732 wrote to memory of 2628	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1732 wrote to memory of 2604	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1732 wrote to memory of 2604	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1732 wrote to memory of 2604	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1732 wrote to memory of 2620	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1732 wrote to memory of 2620	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1732 wrote to memory of 2620	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1732 wrote to memory of 2680	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1732 wrote to memory of 2680	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1732 wrote to memory of 2680	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1732 wrote to memory of 2920	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1732 wrote to memory of 2920	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1732 wrote to memory of 2920	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1732 wrote to memory of 2768	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1732 wrote to memory of 2768	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1732 wrote to memory of 2768	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1732 wrote to memory of 672	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1732 wrote to memory of 672	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1732 wrote to memory of 672	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1732 wrote to memory of 768	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1732 wrote to memory of 768	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1732 wrote to memory of 768	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1732 wrote to memory of 1088	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1732 wrote to memory of 1088	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1732 wrote to memory of 1088	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1732 wrote to memory of 2936	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1732 wrote to memory of 2936	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1732 wrote to memory of 2936	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1732 wrote to memory of 2976	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1732 wrote to memory of 2976	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1732 wrote to memory of 2976	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1732 wrote to memory of 1092	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1732 wrote to memory of 1092	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1732 wrote to memory of 1092	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1732 wrote to memory of 2508	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1732 wrote to memory of 2508	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1732 wrote to memory of 2508	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1732 wrote to memory of 1700	1732	2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_b8ee7d252fd1722cff2b4585a5ffd565_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\System\CzRUEhR.exe
  C:\Windows\System\CzRUEhR.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\RqrmNFw.exe
  C:\Windows\System\RqrmNFw.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\aKQCXxt.exe
  C:\Windows\System\aKQCXxt.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\tnTYcGj.exe
  C:\Windows\System\tnTYcGj.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\txkNZCS.exe
  C:\Windows\System\txkNZCS.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\fFkLxsO.exe
  C:\Windows\System\fFkLxsO.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\rmJQiPE.exe
  C:\Windows\System\rmJQiPE.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\EHvHiXY.exe
  C:\Windows\System\EHvHiXY.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\qcDkIbp.exe
  C:\Windows\System\qcDkIbp.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\ObcajPJ.exe
  C:\Windows\System\ObcajPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\qAXpraK.exe
  C:\Windows\System\qAXpraK.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\FajZKzI.exe
  C:\Windows\System\FajZKzI.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\fIsvlNG.exe
  C:\Windows\System\fIsvlNG.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\yObVIYP.exe
  C:\Windows\System\yObVIYP.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\uHwVnoE.exe
  C:\Windows\System\uHwVnoE.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\JsGowVY.exe
  C:\Windows\System\JsGowVY.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\UUzTNbM.exe
  C:\Windows\System\UUzTNbM.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\ChoLDya.exe
  C:\Windows\System\ChoLDya.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\LKMKxpU.exe
  C:\Windows\System\LKMKxpU.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\ymtBIvR.exe
  C:\Windows\System\ymtBIvR.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\UJiWCwJ.exe
  C:\Windows\System\UJiWCwJ.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\XPyXtcg.exe
  C:\Windows\System\XPyXtcg.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\uTChpfj.exe
  C:\Windows\System\uTChpfj.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\tSdDtMq.exe
  C:\Windows\System\tSdDtMq.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\hKRLvfy.exe
  C:\Windows\System\hKRLvfy.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\Bgduowb.exe
  C:\Windows\System\Bgduowb.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\nFywLPm.exe
  C:\Windows\System\nFywLPm.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\HzPQvlP.exe
  C:\Windows\System\HzPQvlP.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\WGCpBkB.exe
  C:\Windows\System\WGCpBkB.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\AnuGkgK.exe
  C:\Windows\System\AnuGkgK.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\elTdjEB.exe
  C:\Windows\System\elTdjEB.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\fTSXtyI.exe
  C:\Windows\System\fTSXtyI.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\QqDrOnv.exe
  C:\Windows\System\QqDrOnv.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\nngVhTe.exe
  C:\Windows\System\nngVhTe.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\aaXXoXA.exe
  C:\Windows\System\aaXXoXA.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\czEPKih.exe
  C:\Windows\System\czEPKih.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\PzVpcCA.exe
  C:\Windows\System\PzVpcCA.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\MSOsnRM.exe
  C:\Windows\System\MSOsnRM.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\IFGkqpi.exe
  C:\Windows\System\IFGkqpi.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\lfmCmRn.exe
  C:\Windows\System\lfmCmRn.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\ixzJWoF.exe
  C:\Windows\System\ixzJWoF.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\gDdOUAZ.exe
  C:\Windows\System\gDdOUAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\JxGSpEk.exe
  C:\Windows\System\JxGSpEk.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\dQoNwLI.exe
  C:\Windows\System\dQoNwLI.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\upQuUDw.exe
  C:\Windows\System\upQuUDw.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\Xxttjxz.exe
  C:\Windows\System\Xxttjxz.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\PtBalFI.exe
  C:\Windows\System\PtBalFI.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\viQDCEU.exe
  C:\Windows\System\viQDCEU.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\LrENJUg.exe
  C:\Windows\System\LrENJUg.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\BuxLkTr.exe
  C:\Windows\System\BuxLkTr.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\UXqspTn.exe
  C:\Windows\System\UXqspTn.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\mfyNFgI.exe
  C:\Windows\System\mfyNFgI.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\ZyZDoWn.exe
  C:\Windows\System\ZyZDoWn.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\hNXscVe.exe
  C:\Windows\System\hNXscVe.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\jmRMlmY.exe
  C:\Windows\System\jmRMlmY.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\QGdFQEt.exe
  C:\Windows\System\QGdFQEt.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\qyYCorU.exe
  C:\Windows\System\qyYCorU.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\tXcGLuj.exe
  C:\Windows\System\tXcGLuj.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\FguQSmF.exe
  C:\Windows\System\FguQSmF.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\pFDSMER.exe
  C:\Windows\System\pFDSMER.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\mOjNbsO.exe
  C:\Windows\System\mOjNbsO.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\ZHYJbRy.exe
  C:\Windows\System\ZHYJbRy.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\hkfVfgf.exe
  C:\Windows\System\hkfVfgf.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\ItCuWrF.exe
  C:\Windows\System\ItCuWrF.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\ZXVdstt.exe
  C:\Windows\System\ZXVdstt.exe
  2⤵
  PID:1772
- C:\Windows\System\cwjPKbX.exe
  C:\Windows\System\cwjPKbX.exe
  2⤵
  PID:1692
- C:\Windows\System\lbzeisL.exe
  C:\Windows\System\lbzeisL.exe
  2⤵
  PID:2672
- C:\Windows\System\SUAKNKp.exe
  C:\Windows\System\SUAKNKp.exe
  2⤵
  PID:2984
- C:\Windows\System\MZosufA.exe
  C:\Windows\System\MZosufA.exe
  2⤵
  PID:2200
- C:\Windows\System\haflMTV.exe
  C:\Windows\System\haflMTV.exe
  2⤵
  PID:3052
- C:\Windows\System\jgFHhrJ.exe
  C:\Windows\System\jgFHhrJ.exe
  2⤵
  PID:2236
- C:\Windows\System\UaCMpsU.exe
  C:\Windows\System\UaCMpsU.exe
  2⤵
  PID:1288
- C:\Windows\System\SNLjqXB.exe
  C:\Windows\System\SNLjqXB.exe
  2⤵
  PID:2584
- C:\Windows\System\ztyyZEu.exe
  C:\Windows\System\ztyyZEu.exe
  2⤵
  PID:2484
- C:\Windows\System\DJvsBAS.exe
  C:\Windows\System\DJvsBAS.exe
  2⤵
  PID:2008
- C:\Windows\System\UAegirq.exe
  C:\Windows\System\UAegirq.exe
  2⤵
  PID:2100
- C:\Windows\System\EjLsYbZ.exe
  C:\Windows\System\EjLsYbZ.exe
  2⤵
  PID:856
- C:\Windows\System\EveJnTf.exe
  C:\Windows\System\EveJnTf.exe
  2⤵
  PID:3032
- C:\Windows\System\igHcFXq.exe
  C:\Windows\System\igHcFXq.exe
  2⤵
  PID:1812
- C:\Windows\System\VFzClqs.exe
  C:\Windows\System\VFzClqs.exe
  2⤵
  PID:700
- C:\Windows\System\viWojYl.exe
  C:\Windows\System\viWojYl.exe
  2⤵
  PID:1044
- C:\Windows\System\GFgrgYa.exe
  C:\Windows\System\GFgrgYa.exe
  2⤵
  PID:1640
- C:\Windows\System\IGBLYWU.exe
  C:\Windows\System\IGBLYWU.exe
  2⤵
  PID:1600
- C:\Windows\System\ZocuEXx.exe
  C:\Windows\System\ZocuEXx.exe
  2⤵
  PID:2800
- C:\Windows\System\rZEcfPK.exe
  C:\Windows\System\rZEcfPK.exe
  2⤵
  PID:2848
- C:\Windows\System\FHRjgJK.exe
  C:\Windows\System\FHRjgJK.exe
  2⤵
  PID:1536
- C:\Windows\System\wpXVKip.exe
  C:\Windows\System\wpXVKip.exe
  2⤵
  PID:1200
- C:\Windows\System\CXILWgf.exe
  C:\Windows\System\CXILWgf.exe
  2⤵
  PID:1632
- C:\Windows\System\KXyAPVz.exe
  C:\Windows\System\KXyAPVz.exe
  2⤵
  PID:1708
- C:\Windows\System\ERxzFex.exe
  C:\Windows\System\ERxzFex.exe
  2⤵
  PID:2868
- C:\Windows\System\zMKknWQ.exe
  C:\Windows\System\zMKknWQ.exe
  2⤵
  PID:1952
- C:\Windows\System\bZHRVve.exe
  C:\Windows\System\bZHRVve.exe
  2⤵
  PID:1152
- C:\Windows\System\QJtqWeR.exe
  C:\Windows\System\QJtqWeR.exe
  2⤵
  PID:1312
- C:\Windows\System\AkBrYhE.exe
  C:\Windows\System\AkBrYhE.exe
  2⤵
  PID:1476
- C:\Windows\System\SJmtaAc.exe
  C:\Windows\System\SJmtaAc.exe
  2⤵
  PID:840
- C:\Windows\System\jVRfeSc.exe
  C:\Windows\System\jVRfeSc.exe
  2⤵
  PID:2092
- C:\Windows\System\uNUDaDm.exe
  C:\Windows\System\uNUDaDm.exe
  2⤵
  PID:2056
- C:\Windows\System\etKLLvM.exe
  C:\Windows\System\etKLLvM.exe
  2⤵
  PID:920
- C:\Windows\System\QUNrsIJ.exe
  C:\Windows\System\QUNrsIJ.exe
  2⤵
  PID:3084
- C:\Windows\System\rMqFvOl.exe
  C:\Windows\System\rMqFvOl.exe
  2⤵
  PID:3104
- C:\Windows\System\EekLwFD.exe
  C:\Windows\System\EekLwFD.exe
  2⤵
  PID:3124
- C:\Windows\System\pbmHBFp.exe
  C:\Windows\System\pbmHBFp.exe
  2⤵
  PID:3144
- C:\Windows\System\adWRrEz.exe
  C:\Windows\System\adWRrEz.exe
  2⤵
  PID:3164
- C:\Windows\System\FcybvHq.exe
  C:\Windows\System\FcybvHq.exe
  2⤵
  PID:3184
- C:\Windows\System\DkzOqDZ.exe
  C:\Windows\System\DkzOqDZ.exe
  2⤵
  PID:3204
- C:\Windows\System\iwcNUdL.exe
  C:\Windows\System\iwcNUdL.exe
  2⤵
  PID:3224
- C:\Windows\System\UhBIhKq.exe
  C:\Windows\System\UhBIhKq.exe
  2⤵
  PID:3244
- C:\Windows\System\pgWGWSz.exe
  C:\Windows\System\pgWGWSz.exe
  2⤵
  PID:3264
- C:\Windows\System\ONZFRvi.exe
  C:\Windows\System\ONZFRvi.exe
  2⤵
  PID:3284
- C:\Windows\System\CoXKkWo.exe
  C:\Windows\System\CoXKkWo.exe
  2⤵
  PID:3304
- C:\Windows\System\GOesGMl.exe
  C:\Windows\System\GOesGMl.exe
  2⤵
  PID:3320
- C:\Windows\System\dSNEtBR.exe
  C:\Windows\System\dSNEtBR.exe
  2⤵
  PID:3344
- C:\Windows\System\xVROaGD.exe
  C:\Windows\System\xVROaGD.exe
  2⤵
  PID:3360
- C:\Windows\System\FiAnfWS.exe
  C:\Windows\System\FiAnfWS.exe
  2⤵
  PID:3380
- C:\Windows\System\ugmatZb.exe
  C:\Windows\System\ugmatZb.exe
  2⤵
  PID:3400
- C:\Windows\System\QJaRhIv.exe
  C:\Windows\System\QJaRhIv.exe
  2⤵
  PID:3424
- C:\Windows\System\KhcMgoq.exe
  C:\Windows\System\KhcMgoq.exe
  2⤵
  PID:3444
- C:\Windows\System\zcHPfbQ.exe
  C:\Windows\System\zcHPfbQ.exe
  2⤵
  PID:3464
- C:\Windows\System\SCBzzHX.exe
  C:\Windows\System\SCBzzHX.exe
  2⤵
  PID:3484
- C:\Windows\System\FbOHBiE.exe
  C:\Windows\System\FbOHBiE.exe
  2⤵
  PID:3504
- C:\Windows\System\sMdFdnd.exe
  C:\Windows\System\sMdFdnd.exe
  2⤵
  PID:3524
- C:\Windows\System\RGkRKwS.exe
  C:\Windows\System\RGkRKwS.exe
  2⤵
  PID:3544
- C:\Windows\System\RiSrydg.exe
  C:\Windows\System\RiSrydg.exe
  2⤵
  PID:3564
- C:\Windows\System\GUepLQk.exe
  C:\Windows\System\GUepLQk.exe
  2⤵
  PID:3584
- C:\Windows\System\PnEToQW.exe
  C:\Windows\System\PnEToQW.exe
  2⤵
  PID:3604
- C:\Windows\System\FJLYlNE.exe
  C:\Windows\System\FJLYlNE.exe
  2⤵
  PID:3624
- C:\Windows\System\sYDtFNQ.exe
  C:\Windows\System\sYDtFNQ.exe
  2⤵
  PID:3644
- C:\Windows\System\CdexJTi.exe
  C:\Windows\System\CdexJTi.exe
  2⤵
  PID:3664
- C:\Windows\System\SOjiMdz.exe
  C:\Windows\System\SOjiMdz.exe
  2⤵
  PID:3684
- C:\Windows\System\vHwhUNN.exe
  C:\Windows\System\vHwhUNN.exe
  2⤵
  PID:3704
- C:\Windows\System\LZSMTij.exe
  C:\Windows\System\LZSMTij.exe
  2⤵
  PID:3724
- C:\Windows\System\cRvXmXk.exe
  C:\Windows\System\cRvXmXk.exe
  2⤵
  PID:3744
- C:\Windows\System\qObVdyB.exe
  C:\Windows\System\qObVdyB.exe
  2⤵
  PID:3764
- C:\Windows\System\hWIASYE.exe
  C:\Windows\System\hWIASYE.exe
  2⤵
  PID:3784
- C:\Windows\System\imleXYz.exe
  C:\Windows\System\imleXYz.exe
  2⤵
  PID:3804
- C:\Windows\System\srsfOPa.exe
  C:\Windows\System\srsfOPa.exe
  2⤵
  PID:3824
- C:\Windows\System\YBKGPYV.exe
  C:\Windows\System\YBKGPYV.exe
  2⤵
  PID:3844
- C:\Windows\System\PUVkhBR.exe
  C:\Windows\System\PUVkhBR.exe
  2⤵
  PID:3864
- C:\Windows\System\Asaxtuk.exe
  C:\Windows\System\Asaxtuk.exe
  2⤵
  PID:3884
- C:\Windows\System\kdEnZgp.exe
  C:\Windows\System\kdEnZgp.exe
  2⤵
  PID:3904
- C:\Windows\System\ErKzBtz.exe
  C:\Windows\System\ErKzBtz.exe
  2⤵
  PID:3924
- C:\Windows\System\IvbMBrp.exe
  C:\Windows\System\IvbMBrp.exe
  2⤵
  PID:3944
- C:\Windows\System\XgRzuPd.exe
  C:\Windows\System\XgRzuPd.exe
  2⤵
  PID:3964
- C:\Windows\System\aAsZzHP.exe
  C:\Windows\System\aAsZzHP.exe
  2⤵
  PID:3984
- C:\Windows\System\kQRyLKH.exe
  C:\Windows\System\kQRyLKH.exe
  2⤵
  PID:4004
- C:\Windows\System\qNQhQVI.exe
  C:\Windows\System\qNQhQVI.exe
  2⤵
  PID:4024
- C:\Windows\System\xAfKsmH.exe
  C:\Windows\System\xAfKsmH.exe
  2⤵
  PID:4044
- C:\Windows\System\lWYDgnq.exe
  C:\Windows\System\lWYDgnq.exe
  2⤵
  PID:4064
- C:\Windows\System\uSzYfdD.exe
  C:\Windows\System\uSzYfdD.exe
  2⤵
  PID:4084
- C:\Windows\System\ZtmmbzK.exe
  C:\Windows\System\ZtmmbzK.exe
  2⤵
  PID:2644
- C:\Windows\System\QSDaqCk.exe
  C:\Windows\System\QSDaqCk.exe
  2⤵
  PID:612
- C:\Windows\System\vpPFxji.exe
  C:\Windows\System\vpPFxji.exe
  2⤵
  PID:888
- C:\Windows\System\FWWZSww.exe
  C:\Windows\System\FWWZSww.exe
  2⤵
  PID:2992
- C:\Windows\System\xLtNvIS.exe
  C:\Windows\System\xLtNvIS.exe
  2⤵
  PID:1168
- C:\Windows\System\RNvdJIU.exe
  C:\Windows\System\RNvdJIU.exe
  2⤵
  PID:2472
- C:\Windows\System\pKFjyHn.exe
  C:\Windows\System\pKFjyHn.exe
  2⤵
  PID:2376
- C:\Windows\System\FjEhdzk.exe
  C:\Windows\System\FjEhdzk.exe
  2⤵
  PID:2772
- C:\Windows\System\JgLdlYy.exe
  C:\Windows\System\JgLdlYy.exe
  2⤵
  PID:1916
- C:\Windows\System\QQzRFhL.exe
  C:\Windows\System\QQzRFhL.exe
  2⤵
  PID:1964
- C:\Windows\System\rACpUif.exe
  C:\Windows\System\rACpUif.exe
  2⤵
  PID:1792
- C:\Windows\System\FwYkSoq.exe
  C:\Windows\System\FwYkSoq.exe
  2⤵
  PID:1540
- C:\Windows\System\kpEqGVl.exe
  C:\Windows\System\kpEqGVl.exe
  2⤵
  PID:2164
- C:\Windows\System\qHjGyTQ.exe
  C:\Windows\System\qHjGyTQ.exe
  2⤵
  PID:1756
- C:\Windows\System\JETKIAK.exe
  C:\Windows\System\JETKIAK.exe
  2⤵
  PID:2124
- C:\Windows\System\URIEmod.exe
  C:\Windows\System\URIEmod.exe
  2⤵
  PID:3092
- C:\Windows\System\oexJDrC.exe
  C:\Windows\System\oexJDrC.exe
  2⤵
  PID:3080
- C:\Windows\System\hfJqDQK.exe
  C:\Windows\System\hfJqDQK.exe
  2⤵
  PID:3112
- C:\Windows\System\BBcDxAI.exe
  C:\Windows\System\BBcDxAI.exe
  2⤵
  PID:3160
- C:\Windows\System\hRpHVaV.exe
  C:\Windows\System\hRpHVaV.exe
  2⤵
  PID:3192
- C:\Windows\System\waXerxD.exe
  C:\Windows\System\waXerxD.exe
  2⤵
  PID:3252
- C:\Windows\System\XGycQDC.exe
  C:\Windows\System\XGycQDC.exe
  2⤵
  PID:3256
- C:\Windows\System\KPLHwha.exe
  C:\Windows\System\KPLHwha.exe
  2⤵
  PID:3276
- C:\Windows\System\ypGJuaI.exe
  C:\Windows\System\ypGJuaI.exe
  2⤵
  PID:3340
- C:\Windows\System\uNDoYtJ.exe
  C:\Windows\System\uNDoYtJ.exe
  2⤵
  PID:3376
- C:\Windows\System\eGJUQVO.exe
  C:\Windows\System\eGJUQVO.exe
  2⤵
  PID:3416
- C:\Windows\System\HTXWCZl.exe
  C:\Windows\System\HTXWCZl.exe
  2⤵
  PID:3432
- C:\Windows\System\pSdMnIz.exe
  C:\Windows\System\pSdMnIz.exe
  2⤵
  PID:3456
- C:\Windows\System\xHajvNw.exe
  C:\Windows\System\xHajvNw.exe
  2⤵
  PID:3500
- C:\Windows\System\KaCTmbZ.exe
  C:\Windows\System\KaCTmbZ.exe
  2⤵
  PID:3520
- C:\Windows\System\wKMCcUu.exe
  C:\Windows\System\wKMCcUu.exe
  2⤵
  PID:3560
- C:\Windows\System\uBDjHqo.exe
  C:\Windows\System\uBDjHqo.exe
  2⤵
  PID:3592
- C:\Windows\System\OeWbOZF.exe
  C:\Windows\System\OeWbOZF.exe
  2⤵
  PID:3632
- C:\Windows\System\zsZexNe.exe
  C:\Windows\System\zsZexNe.exe
  2⤵
  PID:3636
- C:\Windows\System\BqzCRjn.exe
  C:\Windows\System\BqzCRjn.exe
  2⤵
  PID:3680
- C:\Windows\System\IBIMWRO.exe
  C:\Windows\System\IBIMWRO.exe
  2⤵
  PID:3732
- C:\Windows\System\trVbHWc.exe
  C:\Windows\System\trVbHWc.exe
  2⤵
  PID:3756
- C:\Windows\System\SJkrbLu.exe
  C:\Windows\System\SJkrbLu.exe
  2⤵
  PID:3800
- C:\Windows\System\xHfRKKB.exe
  C:\Windows\System\xHfRKKB.exe
  2⤵
  PID:3852
- C:\Windows\System\ExdLjfg.exe
  C:\Windows\System\ExdLjfg.exe
  2⤵
  PID:3856
- C:\Windows\System\bTYkPmj.exe
  C:\Windows\System\bTYkPmj.exe
  2⤵
  PID:3880
- C:\Windows\System\QyidEWp.exe
  C:\Windows\System\QyidEWp.exe
  2⤵
  PID:3916
- C:\Windows\System\YDvbffS.exe
  C:\Windows\System\YDvbffS.exe
  2⤵
  PID:3980
- C:\Windows\System\kbojUzF.exe
  C:\Windows\System\kbojUzF.exe
  2⤵
  PID:3996
- C:\Windows\System\hjYKwhm.exe
  C:\Windows\System\hjYKwhm.exe
  2⤵
  PID:4060
- C:\Windows\System\BlSQVzO.exe
  C:\Windows\System\BlSQVzO.exe
  2⤵
  PID:4092
- C:\Windows\System\sBlBiRj.exe
  C:\Windows\System\sBlBiRj.exe
  2⤵
  PID:1348
- C:\Windows\System\VQskqMg.exe
  C:\Windows\System\VQskqMg.exe
  2⤵
  PID:1396
- C:\Windows\System\TBhScOs.exe
  C:\Windows\System\TBhScOs.exe
  2⤵
  PID:3040
- C:\Windows\System\iCzxJLq.exe
  C:\Windows\System\iCzxJLq.exe
  2⤵
  PID:1492
- C:\Windows\System\XVgkxyL.exe
  C:\Windows\System\XVgkxyL.exe
  2⤵
  PID:876
- C:\Windows\System\jIElMKK.exe
  C:\Windows\System\jIElMKK.exe
  2⤵
  PID:2744
- C:\Windows\System\OFpsixS.exe
  C:\Windows\System\OFpsixS.exe
  2⤵
  PID:2252
- C:\Windows\System\cXHoiyG.exe
  C:\Windows\System\cXHoiyG.exe
  2⤵
  PID:2980
- C:\Windows\System\fqUutKt.exe
  C:\Windows\System\fqUutKt.exe
  2⤵
  PID:2524
- C:\Windows\System\QwGFYdI.exe
  C:\Windows\System\QwGFYdI.exe
  2⤵
  PID:2020
- C:\Windows\System\hmbozQm.exe
  C:\Windows\System\hmbozQm.exe
  2⤵
  PID:3136
- C:\Windows\System\yHaGDkk.exe
  C:\Windows\System\yHaGDkk.exe
  2⤵
  PID:3220
- C:\Windows\System\pgKjzLN.exe
  C:\Windows\System\pgKjzLN.exe
  2⤵
  PID:3260
- C:\Windows\System\zQRkUwt.exe
  C:\Windows\System\zQRkUwt.exe
  2⤵
  PID:3332
- C:\Windows\System\BapNVSp.exe
  C:\Windows\System\BapNVSp.exe
  2⤵
  PID:3388
- C:\Windows\System\ueBwqVg.exe
  C:\Windows\System\ueBwqVg.exe
  2⤵
  PID:3396
- C:\Windows\System\YzIHTkD.exe
  C:\Windows\System\YzIHTkD.exe
  2⤵
  PID:3436
- C:\Windows\System\AgjJIum.exe
  C:\Windows\System\AgjJIum.exe
  2⤵
  PID:3536
- C:\Windows\System\DzOmSSi.exe
  C:\Windows\System\DzOmSSi.exe
  2⤵
  PID:3532
- C:\Windows\System\GiKnOvU.exe
  C:\Windows\System\GiKnOvU.exe
  2⤵
  PID:3640
- C:\Windows\System\rgiORKn.exe
  C:\Windows\System\rgiORKn.exe
  2⤵
  PID:3660
- C:\Windows\System\VFkjZFK.exe
  C:\Windows\System\VFkjZFK.exe
  2⤵
  PID:3712
- C:\Windows\System\vayKeNF.exe
  C:\Windows\System\vayKeNF.exe
  2⤵
  PID:3816
- C:\Windows\System\DrNlJVb.exe
  C:\Windows\System\DrNlJVb.exe
  2⤵
  PID:3900
- C:\Windows\System\hbtYPDb.exe
  C:\Windows\System\hbtYPDb.exe
  2⤵
  PID:3932
- C:\Windows\System\aNYNtrZ.exe
  C:\Windows\System\aNYNtrZ.exe
  2⤵
  PID:4016
- C:\Windows\System\AXPrNTp.exe
  C:\Windows\System\AXPrNTp.exe
  2⤵
  PID:4032
- C:\Windows\System\QqrVfES.exe
  C:\Windows\System\QqrVfES.exe
  2⤵
  PID:4076
- C:\Windows\System\XFTOVFY.exe
  C:\Windows\System\XFTOVFY.exe
  2⤵
  PID:2152
- C:\Windows\System\PpHteOK.exe
  C:\Windows\System\PpHteOK.exe
  2⤵
  PID:1740
- C:\Windows\System\LtMgqHZ.exe
  C:\Windows\System\LtMgqHZ.exe
  2⤵
  PID:3028
- C:\Windows\System\PXZQJGK.exe
  C:\Windows\System\PXZQJGK.exe
  2⤵
  PID:2764
- C:\Windows\System\HTOsMyj.exe
  C:\Windows\System\HTOsMyj.exe
  2⤵
  PID:2956
- C:\Windows\System\omxiVKm.exe
  C:\Windows\System\omxiVKm.exe
  2⤵
  PID:3132
- C:\Windows\System\ApPwVpc.exe
  C:\Windows\System\ApPwVpc.exe
  2⤵
  PID:3196
- C:\Windows\System\idWPDVc.exe
  C:\Windows\System\idWPDVc.exe
  2⤵
  PID:3328
- C:\Windows\System\fERhwVw.exe
  C:\Windows\System\fERhwVw.exe
  2⤵
  PID:4104
- C:\Windows\System\VlyYLyK.exe
  C:\Windows\System\VlyYLyK.exe
  2⤵
  PID:4124
- C:\Windows\System\lJbxbxu.exe
  C:\Windows\System\lJbxbxu.exe
  2⤵
  PID:4144
- C:\Windows\System\pkamEHc.exe
  C:\Windows\System\pkamEHc.exe
  2⤵
  PID:4164
- C:\Windows\System\OFqtMmS.exe
  C:\Windows\System\OFqtMmS.exe
  2⤵
  PID:4184
- C:\Windows\System\yGEreYk.exe
  C:\Windows\System\yGEreYk.exe
  2⤵
  PID:4204
- C:\Windows\System\QSOyEpD.exe
  C:\Windows\System\QSOyEpD.exe
  2⤵
  PID:4224
- C:\Windows\System\YJzrJGP.exe
  C:\Windows\System\YJzrJGP.exe
  2⤵
  PID:4244
- C:\Windows\System\xuZzdlM.exe
  C:\Windows\System\xuZzdlM.exe
  2⤵
  PID:4264
- C:\Windows\System\aOrKTLE.exe
  C:\Windows\System\aOrKTLE.exe
  2⤵
  PID:4284
- C:\Windows\System\ExiABTM.exe
  C:\Windows\System\ExiABTM.exe
  2⤵
  PID:4304
- C:\Windows\System\PpqawXV.exe
  C:\Windows\System\PpqawXV.exe
  2⤵
  PID:4324
- C:\Windows\System\tLlzwSN.exe
  C:\Windows\System\tLlzwSN.exe
  2⤵
  PID:4344
- C:\Windows\System\WWHcnvA.exe
  C:\Windows\System\WWHcnvA.exe
  2⤵
  PID:4364
- C:\Windows\System\mwTTRJY.exe
  C:\Windows\System\mwTTRJY.exe
  2⤵
  PID:4384
- C:\Windows\System\hqnVPBC.exe
  C:\Windows\System\hqnVPBC.exe
  2⤵
  PID:4404
- C:\Windows\System\FKxYacs.exe
  C:\Windows\System\FKxYacs.exe
  2⤵
  PID:4420
- C:\Windows\System\VaekWMY.exe
  C:\Windows\System\VaekWMY.exe
  2⤵
  PID:4444
- C:\Windows\System\oISadCo.exe
  C:\Windows\System\oISadCo.exe
  2⤵
  PID:4464
- C:\Windows\System\uliOJTW.exe
  C:\Windows\System\uliOJTW.exe
  2⤵
  PID:4484
- C:\Windows\System\udHYVJe.exe
  C:\Windows\System\udHYVJe.exe
  2⤵
  PID:4504
- C:\Windows\System\hLQdwxB.exe
  C:\Windows\System\hLQdwxB.exe
  2⤵
  PID:4524
- C:\Windows\System\znMolYy.exe
  C:\Windows\System\znMolYy.exe
  2⤵
  PID:4544
- C:\Windows\System\zYkBhdL.exe
  C:\Windows\System\zYkBhdL.exe
  2⤵
  PID:4564
- C:\Windows\System\JCNauxp.exe
  C:\Windows\System\JCNauxp.exe
  2⤵
  PID:4580
- C:\Windows\System\kIwMztf.exe
  C:\Windows\System\kIwMztf.exe
  2⤵
  PID:4604
- C:\Windows\System\YkOBRYd.exe
  C:\Windows\System\YkOBRYd.exe
  2⤵
  PID:4624
- C:\Windows\System\eFPGNAz.exe
  C:\Windows\System\eFPGNAz.exe
  2⤵
  PID:4644
- C:\Windows\System\WoCXGQj.exe
  C:\Windows\System\WoCXGQj.exe
  2⤵
  PID:4664
- C:\Windows\System\ubpBcym.exe
  C:\Windows\System\ubpBcym.exe
  2⤵
  PID:4684
- C:\Windows\System\GDsRCFI.exe
  C:\Windows\System\GDsRCFI.exe
  2⤵
  PID:4700
- C:\Windows\System\sJjEHTV.exe
  C:\Windows\System\sJjEHTV.exe
  2⤵
  PID:4720
- C:\Windows\System\aQoHGwe.exe
  C:\Windows\System\aQoHGwe.exe
  2⤵
  PID:4744
- C:\Windows\System\gasVIVD.exe
  C:\Windows\System\gasVIVD.exe
  2⤵
  PID:4764
- C:\Windows\System\avOCVMq.exe
  C:\Windows\System\avOCVMq.exe
  2⤵
  PID:4784
- C:\Windows\System\sPoxBql.exe
  C:\Windows\System\sPoxBql.exe
  2⤵
  PID:4804
- C:\Windows\System\PhaqPFd.exe
  C:\Windows\System\PhaqPFd.exe
  2⤵
  PID:4824
- C:\Windows\System\DSiMglM.exe
  C:\Windows\System\DSiMglM.exe
  2⤵
  PID:4844
- C:\Windows\System\ApJQJXp.exe
  C:\Windows\System\ApJQJXp.exe
  2⤵
  PID:4864
- C:\Windows\System\TalREGE.exe
  C:\Windows\System\TalREGE.exe
  2⤵
  PID:4884
- C:\Windows\System\RNMzcqN.exe
  C:\Windows\System\RNMzcqN.exe
  2⤵
  PID:4904
- C:\Windows\System\bspSUEP.exe
  C:\Windows\System\bspSUEP.exe
  2⤵
  PID:4920
- C:\Windows\System\IdDncZJ.exe
  C:\Windows\System\IdDncZJ.exe
  2⤵
  PID:4936
- C:\Windows\System\KaUQdzs.exe
  C:\Windows\System\KaUQdzs.exe
  2⤵
  PID:4960
- C:\Windows\System\buSUaPB.exe
  C:\Windows\System\buSUaPB.exe
  2⤵
  PID:4984
- C:\Windows\System\VgPtPLz.exe
  C:\Windows\System\VgPtPLz.exe
  2⤵
  PID:5004
- C:\Windows\System\fohNteP.exe
  C:\Windows\System\fohNteP.exe
  2⤵
  PID:5024
- C:\Windows\System\dxfEBVY.exe
  C:\Windows\System\dxfEBVY.exe
  2⤵
  PID:5044
- C:\Windows\System\icDcHIs.exe
  C:\Windows\System\icDcHIs.exe
  2⤵
  PID:5064
- C:\Windows\System\ovpovqR.exe
  C:\Windows\System\ovpovqR.exe
  2⤵
  PID:5084
- C:\Windows\System\YqkVkJW.exe
  C:\Windows\System\YqkVkJW.exe
  2⤵
  PID:5100
- C:\Windows\System\JhvPTZF.exe
  C:\Windows\System\JhvPTZF.exe
  2⤵
  PID:3472
- C:\Windows\System\ziFqIEh.exe
  C:\Windows\System\ziFqIEh.exe
  2⤵
  PID:3480
- C:\Windows\System\CcIkObi.exe
  C:\Windows\System\CcIkObi.exe
  2⤵
  PID:3620
- C:\Windows\System\kJrFEIN.exe
  C:\Windows\System\kJrFEIN.exe
  2⤵
  PID:3612
- C:\Windows\System\BQuVYrS.exe
  C:\Windows\System\BQuVYrS.exe
  2⤵
  PID:3760
- C:\Windows\System\rioYzbQ.exe
  C:\Windows\System\rioYzbQ.exe
  2⤵
  PID:3832
- C:\Windows\System\tlsyhJH.exe
  C:\Windows\System\tlsyhJH.exe
  2⤵
  PID:4000
- C:\Windows\System\kLUQccs.exe
  C:\Windows\System\kLUQccs.exe
  2⤵
  PID:3036
- C:\Windows\System\UcIHqUv.exe
  C:\Windows\System\UcIHqUv.exe
  2⤵
  PID:2668
- C:\Windows\System\MKcCIiG.exe
  C:\Windows\System\MKcCIiG.exe
  2⤵
  PID:1644
- C:\Windows\System\kzDWvvt.exe
  C:\Windows\System\kzDWvvt.exe
  2⤵
  PID:1624
- C:\Windows\System\eHbiGxz.exe
  C:\Windows\System\eHbiGxz.exe
  2⤵
  PID:3116
- C:\Windows\System\kCaIKMg.exe
  C:\Windows\System\kCaIKMg.exe
  2⤵
  PID:4100
- C:\Windows\System\SHUZmIb.exe
  C:\Windows\System\SHUZmIb.exe
  2⤵
  PID:4132
- C:\Windows\System\fBaGqAo.exe
  C:\Windows\System\fBaGqAo.exe
  2⤵
  PID:4172
- C:\Windows\System\HtIuwcj.exe
  C:\Windows\System\HtIuwcj.exe
  2⤵
  PID:4156
- C:\Windows\System\zLoOKeB.exe
  C:\Windows\System\zLoOKeB.exe
  2⤵
  PID:4200
- C:\Windows\System\aqEWhvi.exe
  C:\Windows\System\aqEWhvi.exe
  2⤵
  PID:4256
- C:\Windows\System\tJnEzJz.exe
  C:\Windows\System\tJnEzJz.exe
  2⤵
  PID:4300
- C:\Windows\System\oyMIPCm.exe
  C:\Windows\System\oyMIPCm.exe
  2⤵
  PID:4332
- C:\Windows\System\rPrmJlC.exe
  C:\Windows\System\rPrmJlC.exe
  2⤵
  PID:4352
- C:\Windows\System\iJcixsW.exe
  C:\Windows\System\iJcixsW.exe
  2⤵
  PID:4376
- C:\Windows\System\ddURrMB.exe
  C:\Windows\System\ddURrMB.exe
  2⤵
  PID:4396
- C:\Windows\System\DwmjVkT.exe
  C:\Windows\System\DwmjVkT.exe
  2⤵
  PID:4428
- C:\Windows\System\jWsqpLN.exe
  C:\Windows\System\jWsqpLN.exe
  2⤵
  PID:4496
- C:\Windows\System\zOMQita.exe
  C:\Windows\System\zOMQita.exe
  2⤵
  PID:4520
- C:\Windows\System\OozboiH.exe
  C:\Windows\System\OozboiH.exe
  2⤵
  PID:4552
- C:\Windows\System\pUfmDuP.exe
  C:\Windows\System\pUfmDuP.exe
  2⤵
  PID:4616
- C:\Windows\System\NWXUMOL.exe
  C:\Windows\System\NWXUMOL.exe
  2⤵
  PID:4656
- C:\Windows\System\ILYjBbf.exe
  C:\Windows\System\ILYjBbf.exe
  2⤵
  PID:4596
- C:\Windows\System\sVWDbzn.exe
  C:\Windows\System\sVWDbzn.exe
  2⤵
  PID:4740
- C:\Windows\System\fXoApdH.exe
  C:\Windows\System\fXoApdH.exe
  2⤵
  PID:2704
- C:\Windows\System\qLIHRrp.exe
  C:\Windows\System\qLIHRrp.exe
  2⤵
  PID:4712
- C:\Windows\System\ACqkItz.exe
  C:\Windows\System\ACqkItz.exe
  2⤵
  PID:4760
- C:\Windows\System\xnGBTaI.exe
  C:\Windows\System\xnGBTaI.exe
  2⤵
  PID:4792
- C:\Windows\System\wTjIuPG.exe
  C:\Windows\System\wTjIuPG.exe
  2⤵
  PID:4800
- C:\Windows\System\eZEdzpB.exe
  C:\Windows\System\eZEdzpB.exe
  2⤵
  PID:4840
- C:\Windows\System\XZqAXyK.exe
  C:\Windows\System\XZqAXyK.exe
  2⤵
  PID:4932
- C:\Windows\System\KEbBOJK.exe
  C:\Windows\System\KEbBOJK.exe
  2⤵
  PID:4976
- C:\Windows\System\NLoFULq.exe
  C:\Windows\System\NLoFULq.exe
  2⤵
  PID:4944
- C:\Windows\System\zLoWfvb.exe
  C:\Windows\System\zLoWfvb.exe
  2⤵
  PID:5020
- C:\Windows\System\dKxRucf.exe
  C:\Windows\System\dKxRucf.exe
  2⤵
  PID:5052
- C:\Windows\System\AnGlcDC.exe
  C:\Windows\System\AnGlcDC.exe
  2⤵
  PID:5036
- C:\Windows\System\KgJAvll.exe
  C:\Windows\System\KgJAvll.exe
  2⤵
  PID:3412
- C:\Windows\System\zgKLgsp.exe
  C:\Windows\System\zgKLgsp.exe
  2⤵
  PID:5112
- C:\Windows\System\YlJcUJR.exe
  C:\Windows\System\YlJcUJR.exe
  2⤵
  PID:3656
- C:\Windows\System\GTTkQtt.exe
  C:\Windows\System\GTTkQtt.exe
  2⤵
  PID:3872
- C:\Windows\System\UVPKFjV.exe
  C:\Windows\System\UVPKFjV.exe
  2⤵
  PID:3836
- C:\Windows\System\shyMqAU.exe
  C:\Windows\System\shyMqAU.exe
  2⤵
  PID:3920
- C:\Windows\System\MkPaede.exe
  C:\Windows\System\MkPaede.exe
  2⤵
  PID:1608
- C:\Windows\System\zlDmaQK.exe
  C:\Windows\System\zlDmaQK.exe
  2⤵
  PID:1388
- C:\Windows\System\NOTYeGs.exe
  C:\Windows\System\NOTYeGs.exe
  2⤵
  PID:3316
- C:\Windows\System\JgqxdWh.exe
  C:\Windows\System\JgqxdWh.exe
  2⤵
  PID:4140
- C:\Windows\System\crEhrpv.exe
  C:\Windows\System\crEhrpv.exe
  2⤵
  PID:4192
- C:\Windows\System\ZfPNYJD.exe
  C:\Windows\System\ZfPNYJD.exe
  2⤵
  PID:4252
- C:\Windows\System\jdObkfH.exe
  C:\Windows\System\jdObkfH.exe
  2⤵
  PID:4272
- C:\Windows\System\KPguiMj.exe
  C:\Windows\System\KPguiMj.exe
  2⤵
  PID:4372
- C:\Windows\System\BZXxNSI.exe
  C:\Windows\System\BZXxNSI.exe
  2⤵
  PID:4492
- C:\Windows\System\bIUvnaP.exe
  C:\Windows\System\bIUvnaP.exe
  2⤵
  PID:4432
- C:\Windows\System\womtTIs.exe
  C:\Windows\System\womtTIs.exe
  2⤵
  PID:4436
- C:\Windows\System\WXPVcgZ.exe
  C:\Windows\System\WXPVcgZ.exe
  2⤵
  PID:4516
- C:\Windows\System\uqgJvJe.exe
  C:\Windows\System\uqgJvJe.exe
  2⤵
  PID:4556
- C:\Windows\System\sIhZFcQ.exe
  C:\Windows\System\sIhZFcQ.exe
  2⤵
  PID:4736
- C:\Windows\System\ljSxGgX.exe
  C:\Windows\System\ljSxGgX.exe
  2⤵
  PID:4708
- C:\Windows\System\DReSGhh.exe
  C:\Windows\System\DReSGhh.exe
  2⤵
  PID:4856
- C:\Windows\System\GtDjkfv.exe
  C:\Windows\System\GtDjkfv.exe
  2⤵
  PID:4816
- C:\Windows\System\CFmJexQ.exe
  C:\Windows\System\CFmJexQ.exe
  2⤵
  PID:4896
- C:\Windows\System\naYjYuF.exe
  C:\Windows\System\naYjYuF.exe
  2⤵
  PID:4876
- C:\Windows\System\YksWWED.exe
  C:\Windows\System\YksWWED.exe
  2⤵
  PID:5012
- C:\Windows\System\GQzhqAS.exe
  C:\Windows\System\GQzhqAS.exe
  2⤵
  PID:5096
- C:\Windows\System\xVEALNR.exe
  C:\Windows\System\xVEALNR.exe
  2⤵
  PID:3696
- C:\Windows\System\OOQmAhN.exe
  C:\Windows\System\OOQmAhN.exe
  2⤵
  PID:3780
- C:\Windows\System\FuscoFC.exe
  C:\Windows\System\FuscoFC.exe
  2⤵
  PID:3200
- C:\Windows\System\xoZkALc.exe
  C:\Windows\System\xoZkALc.exe
  2⤵
  PID:2032
- C:\Windows\System\felldgj.exe
  C:\Windows\System\felldgj.exe
  2⤵
  PID:4180
- C:\Windows\System\CvKFHtf.exe
  C:\Windows\System\CvKFHtf.exe
  2⤵
  PID:4236
- C:\Windows\System\EGYZBPs.exe
  C:\Windows\System\EGYZBPs.exe
  2⤵
  PID:4380
- C:\Windows\System\AobPlXk.exe
  C:\Windows\System\AobPlXk.exe
  2⤵
  PID:4336
- C:\Windows\System\GwcXoXK.exe
  C:\Windows\System\GwcXoXK.exe
  2⤵
  PID:4412
- C:\Windows\System\zDtmnNj.exe
  C:\Windows\System\zDtmnNj.exe
  2⤵
  PID:4612
- C:\Windows\System\QnSIFoh.exe
  C:\Windows\System\QnSIFoh.exe
  2⤵
  PID:5132
- C:\Windows\System\RDRwdib.exe
  C:\Windows\System\RDRwdib.exe
  2⤵
  PID:5152
- C:\Windows\System\QhKOapw.exe
  C:\Windows\System\QhKOapw.exe
  2⤵
  PID:5172
- C:\Windows\System\GxJiWot.exe
  C:\Windows\System\GxJiWot.exe
  2⤵
  PID:5192
- C:\Windows\System\RImRypF.exe
  C:\Windows\System\RImRypF.exe
  2⤵
  PID:5212
- C:\Windows\System\LqXArNm.exe
  C:\Windows\System\LqXArNm.exe
  2⤵
  PID:5232
- C:\Windows\System\qcDLjlO.exe
  C:\Windows\System\qcDLjlO.exe
  2⤵
  PID:5252
- C:\Windows\System\NQDcWUd.exe
  C:\Windows\System\NQDcWUd.exe
  2⤵
  PID:5272
- C:\Windows\System\GrJBiOf.exe
  C:\Windows\System\GrJBiOf.exe
  2⤵
  PID:5292
- C:\Windows\System\owHRxab.exe
  C:\Windows\System\owHRxab.exe
  2⤵
  PID:5312
- C:\Windows\System\BTRQPJQ.exe
  C:\Windows\System\BTRQPJQ.exe
  2⤵
  PID:5332
- C:\Windows\System\xYCOFEC.exe
  C:\Windows\System\xYCOFEC.exe
  2⤵
  PID:5352
- C:\Windows\System\fyybZrE.exe
  C:\Windows\System\fyybZrE.exe
  2⤵
  PID:5372
- C:\Windows\System\rpjJFdh.exe
  C:\Windows\System\rpjJFdh.exe
  2⤵
  PID:5392
- C:\Windows\System\FDRXyYb.exe
  C:\Windows\System\FDRXyYb.exe
  2⤵
  PID:5412
- C:\Windows\System\SCDILQt.exe
  C:\Windows\System\SCDILQt.exe
  2⤵
  PID:5432
- C:\Windows\System\NNrGbuK.exe
  C:\Windows\System\NNrGbuK.exe
  2⤵
  PID:5452
- C:\Windows\System\saTcmWS.exe
  C:\Windows\System\saTcmWS.exe
  2⤵
  PID:5472
- C:\Windows\System\ZIGLPSy.exe
  C:\Windows\System\ZIGLPSy.exe
  2⤵
  PID:5492
- C:\Windows\System\zSYcQkK.exe
  C:\Windows\System\zSYcQkK.exe
  2⤵
  PID:5508
- C:\Windows\System\wBySoyo.exe
  C:\Windows\System\wBySoyo.exe
  2⤵
  PID:5528
- C:\Windows\System\oyNfFHh.exe
  C:\Windows\System\oyNfFHh.exe
  2⤵
  PID:5552
- C:\Windows\System\NvMiViW.exe
  C:\Windows\System\NvMiViW.exe
  2⤵
  PID:5572
- C:\Windows\System\XOvgQND.exe
  C:\Windows\System\XOvgQND.exe
  2⤵
  PID:5592
- C:\Windows\System\rWyhuil.exe
  C:\Windows\System\rWyhuil.exe
  2⤵
  PID:5612
- C:\Windows\System\SHPvpSs.exe
  C:\Windows\System\SHPvpSs.exe
  2⤵
  PID:5632
- C:\Windows\System\FgluaCN.exe
  C:\Windows\System\FgluaCN.exe
  2⤵
  PID:5652
- C:\Windows\System\xpRjEir.exe
  C:\Windows\System\xpRjEir.exe
  2⤵
  PID:5672
- C:\Windows\System\EtIqNWl.exe
  C:\Windows\System\EtIqNWl.exe
  2⤵
  PID:5692
- C:\Windows\System\WauDAhN.exe
  C:\Windows\System\WauDAhN.exe
  2⤵
  PID:5712
- C:\Windows\System\nPVEASE.exe
  C:\Windows\System\nPVEASE.exe
  2⤵
  PID:5732
- C:\Windows\System\LhIlvci.exe
  C:\Windows\System\LhIlvci.exe
  2⤵
  PID:5752
- C:\Windows\System\DMkegeF.exe
  C:\Windows\System\DMkegeF.exe
  2⤵
  PID:5772
- C:\Windows\System\QeLOAyD.exe
  C:\Windows\System\QeLOAyD.exe
  2⤵
  PID:5792
- C:\Windows\System\pxpJWiD.exe
  C:\Windows\System\pxpJWiD.exe
  2⤵
  PID:5812
- C:\Windows\System\bvqUXnn.exe
  C:\Windows\System\bvqUXnn.exe
  2⤵
  PID:5832
- C:\Windows\System\FMfwpiK.exe
  C:\Windows\System\FMfwpiK.exe
  2⤵
  PID:5852
- C:\Windows\System\DSzCAWB.exe
  C:\Windows\System\DSzCAWB.exe
  2⤵
  PID:5872
- C:\Windows\System\wNYvfIX.exe
  C:\Windows\System\wNYvfIX.exe
  2⤵
  PID:5892
- C:\Windows\System\FqlGidQ.exe
  C:\Windows\System\FqlGidQ.exe
  2⤵
  PID:5912
- C:\Windows\System\hBQJtQY.exe
  C:\Windows\System\hBQJtQY.exe
  2⤵
  PID:5940
- C:\Windows\System\cfHCbXj.exe
  C:\Windows\System\cfHCbXj.exe
  2⤵
  PID:5960
- C:\Windows\System\QmdIpNS.exe
  C:\Windows\System\QmdIpNS.exe
  2⤵
  PID:5980
- C:\Windows\System\jEqFQim.exe
  C:\Windows\System\jEqFQim.exe
  2⤵
  PID:6000
- C:\Windows\System\QslOzYD.exe
  C:\Windows\System\QslOzYD.exe
  2⤵
  PID:6020
- C:\Windows\System\xVtTEpk.exe
  C:\Windows\System\xVtTEpk.exe
  2⤵
  PID:6040
- C:\Windows\System\tYPXnwo.exe
  C:\Windows\System\tYPXnwo.exe
  2⤵
  PID:6060
- C:\Windows\System\thNMnaS.exe
  C:\Windows\System\thNMnaS.exe
  2⤵
  PID:6080
- C:\Windows\System\UCFImDc.exe
  C:\Windows\System\UCFImDc.exe
  2⤵
  PID:6100
- C:\Windows\System\mCHlgGh.exe
  C:\Windows\System\mCHlgGh.exe
  2⤵
  PID:6120
- C:\Windows\System\ySnVfTu.exe
  C:\Windows\System\ySnVfTu.exe
  2⤵
  PID:6140
- C:\Windows\System\mCBFKNt.exe
  C:\Windows\System\mCBFKNt.exe
  2⤵
  PID:2816
- C:\Windows\System\IwACeFd.exe
  C:\Windows\System\IwACeFd.exe
  2⤵
  PID:4728
- C:\Windows\System\MoKEnMD.exe
  C:\Windows\System\MoKEnMD.exe
  2⤵
  PID:4860
- C:\Windows\System\PkmtePD.exe
  C:\Windows\System\PkmtePD.exe
  2⤵
  PID:4916
- C:\Windows\System\DCZKNgk.exe
  C:\Windows\System\DCZKNgk.exe
  2⤵
  PID:5000
- C:\Windows\System\BasEwlM.exe
  C:\Windows\System\BasEwlM.exe
  2⤵
  PID:3512
- C:\Windows\System\FQsabxA.exe
  C:\Windows\System\FQsabxA.exe
  2⤵
  PID:3616
- C:\Windows\System\WWjaGbD.exe
  C:\Windows\System\WWjaGbD.exe
  2⤵
  PID:2304
- C:\Windows\System\XPPQUXv.exe
  C:\Windows\System\XPPQUXv.exe
  2⤵
  PID:4212
- C:\Windows\System\OBJOoEJ.exe
  C:\Windows\System\OBJOoEJ.exe
  2⤵
  PID:3296
- C:\Windows\System\qOTrZZo.exe
  C:\Windows\System\qOTrZZo.exe
  2⤵
  PID:3300
- C:\Windows\System\retJVbB.exe
  C:\Windows\System\retJVbB.exe
  2⤵
  PID:4500
- C:\Windows\System\MxfDQme.exe
  C:\Windows\System\MxfDQme.exe
  2⤵
  PID:5148
- C:\Windows\System\tokdeSE.exe
  C:\Windows\System\tokdeSE.exe
  2⤵
  PID:5180
- C:\Windows\System\BOIaBOZ.exe
  C:\Windows\System\BOIaBOZ.exe
  2⤵
  PID:5200
- C:\Windows\System\LOWzqlI.exe
  C:\Windows\System\LOWzqlI.exe
  2⤵
  PID:5228
- C:\Windows\System\hHMIFXR.exe
  C:\Windows\System\hHMIFXR.exe
  2⤵
  PID:5248
- C:\Windows\System\bMoNpWU.exe
  C:\Windows\System\bMoNpWU.exe
  2⤵
  PID:5304
- C:\Windows\System\wMzvayA.exe
  C:\Windows\System\wMzvayA.exe
  2⤵
  PID:5320
- C:\Windows\System\IFtlqog.exe
  C:\Windows\System\IFtlqog.exe
  2⤵
  PID:5324
- C:\Windows\System\LtYYpHJ.exe
  C:\Windows\System\LtYYpHJ.exe
  2⤵
  PID:5364
- C:\Windows\System\muIOOYD.exe
  C:\Windows\System\muIOOYD.exe
  2⤵
  PID:5428
- C:\Windows\System\yyXmzLc.exe
  C:\Windows\System\yyXmzLc.exe
  2⤵
  PID:5448
- C:\Windows\System\fjifcwp.exe
  C:\Windows\System\fjifcwp.exe
  2⤵
  PID:5480
- C:\Windows\System\yXryurb.exe
  C:\Windows\System\yXryurb.exe
  2⤵
  PID:5544
- C:\Windows\System\WlIqyKW.exe
  C:\Windows\System\WlIqyKW.exe
  2⤵
  PID:5516
- C:\Windows\System\mYbNrzy.exe
  C:\Windows\System\mYbNrzy.exe
  2⤵
  PID:5584
- C:\Windows\System\zhrOCDP.exe
  C:\Windows\System\zhrOCDP.exe
  2⤵
  PID:5620
- C:\Windows\System\wLGuqGt.exe
  C:\Windows\System\wLGuqGt.exe
  2⤵
  PID:5604
- C:\Windows\System\wtHjrwu.exe
  C:\Windows\System\wtHjrwu.exe
  2⤵
  PID:5644
- C:\Windows\System\NtDAEIJ.exe
  C:\Windows\System\NtDAEIJ.exe
  2⤵
  PID:5688
- C:\Windows\System\smCfZRX.exe
  C:\Windows\System\smCfZRX.exe
  2⤵
  PID:5744
- C:\Windows\System\gQgRcxT.exe
  C:\Windows\System\gQgRcxT.exe
  2⤵
  PID:5728
- C:\Windows\System\XkAmJlo.exe
  C:\Windows\System\XkAmJlo.exe
  2⤵
  PID:5820
- C:\Windows\System\QQExRTY.exe
  C:\Windows\System\QQExRTY.exe
  2⤵
  PID:5824
- C:\Windows\System\RObUTgu.exe
  C:\Windows\System\RObUTgu.exe
  2⤵
  PID:5844
- C:\Windows\System\fLHCfiB.exe
  C:\Windows\System\fLHCfiB.exe
  2⤵
  PID:5888
- C:\Windows\System\EaBFLUr.exe
  C:\Windows\System\EaBFLUr.exe
  2⤵
  PID:5952
- C:\Windows\System\UnnZEkW.exe
  C:\Windows\System\UnnZEkW.exe
  2⤵
  PID:5996
- C:\Windows\System\iroeNFz.exe
  C:\Windows\System\iroeNFz.exe
  2⤵
  PID:6028
- C:\Windows\System\ZcEKIYm.exe
  C:\Windows\System\ZcEKIYm.exe
  2⤵
  PID:6032
- C:\Windows\System\fKwBBpu.exe
  C:\Windows\System\fKwBBpu.exe
  2⤵
  PID:6076
- C:\Windows\System\wUcARlJ.exe
  C:\Windows\System\wUcARlJ.exe
  2⤵
  PID:6092
- C:\Windows\System\MHdDLsP.exe
  C:\Windows\System\MHdDLsP.exe
  2⤵
  PID:6136
- C:\Windows\System\VqnOPNy.exe
  C:\Windows\System\VqnOPNy.exe
  2⤵
  PID:4812
- C:\Windows\System\GMLZAvN.exe
  C:\Windows\System\GMLZAvN.exe
  2⤵
  PID:5032
- C:\Windows\System\cXSaxVZ.exe
  C:\Windows\System\cXSaxVZ.exe
  2⤵
  PID:4968
- C:\Windows\System\EDjLPvm.exe
  C:\Windows\System\EDjLPvm.exe
  2⤵
  PID:3356
- C:\Windows\System\rGxpQJH.exe
  C:\Windows\System\rGxpQJH.exe
  2⤵
  PID:3972
- C:\Windows\System\rEWcUEE.exe
  C:\Windows\System\rEWcUEE.exe
  2⤵
  PID:796
- C:\Windows\System\pfcEOXp.exe
  C:\Windows\System\pfcEOXp.exe
  2⤵
  PID:4460
- C:\Windows\System\GajBbLL.exe
  C:\Windows\System\GajBbLL.exe
  2⤵
  PID:5168
- C:\Windows\System\XbUzqdU.exe
  C:\Windows\System\XbUzqdU.exe
  2⤵
  PID:5208
- C:\Windows\System\URNkdgE.exe
  C:\Windows\System\URNkdgE.exe
  2⤵
  PID:5260
- C:\Windows\System\VcVbRFz.exe
  C:\Windows\System\VcVbRFz.exe
  2⤵
  PID:5300
- C:\Windows\System\wNHypOM.exe
  C:\Windows\System\wNHypOM.exe
  2⤵
  PID:5348
- C:\Windows\System\bqoNKSc.exe
  C:\Windows\System\bqoNKSc.exe
  2⤵
  PID:5404
- C:\Windows\System\AZmMhiV.exe
  C:\Windows\System\AZmMhiV.exe
  2⤵
  PID:5460
- C:\Windows\System\nUvcHQg.exe
  C:\Windows\System\nUvcHQg.exe
  2⤵
  PID:5504
- C:\Windows\System\YjQZMNY.exe
  C:\Windows\System\YjQZMNY.exe
  2⤵
  PID:5524
- C:\Windows\System\lQNOBPw.exe
  C:\Windows\System\lQNOBPw.exe
  2⤵
  PID:5608
- C:\Windows\System\FQdEopd.exe
  C:\Windows\System\FQdEopd.exe
  2⤵
  PID:5708
- C:\Windows\System\wHmnsXI.exe
  C:\Windows\System\wHmnsXI.exe
  2⤵
  PID:5704
- C:\Windows\System\tVemBUe.exe
  C:\Windows\System\tVemBUe.exe
  2⤵
  PID:5760
- C:\Windows\System\AWYzlhv.exe
  C:\Windows\System\AWYzlhv.exe
  2⤵
  PID:5768
- C:\Windows\System\aiufbcr.exe
  C:\Windows\System\aiufbcr.exe
  2⤵
  PID:5868
- C:\Windows\System\XYtdezn.exe
  C:\Windows\System\XYtdezn.exe
  2⤵
  PID:5948
- C:\Windows\System\LGTXIdh.exe
  C:\Windows\System\LGTXIdh.exe
  2⤵
  PID:5992
- C:\Windows\System\sgTgIOK.exe
  C:\Windows\System\sgTgIOK.exe
  2⤵
  PID:6096
- C:\Windows\System\teJVmFx.exe
  C:\Windows\System\teJVmFx.exe
  2⤵
  PID:6068
- C:\Windows\System\OolMesA.exe
  C:\Windows\System\OolMesA.exe
  2⤵
  PID:4540
- C:\Windows\System\cjqwcRq.exe
  C:\Windows\System\cjqwcRq.exe
  2⤵
  PID:4836
- C:\Windows\System\mjMfYCk.exe
  C:\Windows\System\mjMfYCk.exe
  2⤵
  PID:5076
- C:\Windows\System\GfNLSJu.exe
  C:\Windows\System\GfNLSJu.exe
  2⤵
  PID:4316
- C:\Windows\System\gBLibmP.exe
  C:\Windows\System\gBLibmP.exe
  2⤵
  PID:5164
- C:\Windows\System\OTdLOwN.exe
  C:\Windows\System\OTdLOwN.exe
  2⤵
  PID:5308
- C:\Windows\System\UpejrWv.exe
  C:\Windows\System\UpejrWv.exe
  2⤵
  PID:2268
- C:\Windows\System\iyYLpel.exe
  C:\Windows\System\iyYLpel.exe
  2⤵
  PID:5388
- C:\Windows\System\epaENnv.exe
  C:\Windows\System\epaENnv.exe
  2⤵
  PID:5420
- C:\Windows\System\VYzeoDL.exe
  C:\Windows\System\VYzeoDL.exe
  2⤵
  PID:5484
- C:\Windows\System\CAJKoQi.exe
  C:\Windows\System\CAJKoQi.exe
  2⤵
  PID:6160
- C:\Windows\System\oIMRlcE.exe
  C:\Windows\System\oIMRlcE.exe
  2⤵
  PID:6180
- C:\Windows\System\wbggLey.exe
  C:\Windows\System\wbggLey.exe
  2⤵
  PID:6200
- C:\Windows\System\MeOIlQz.exe
  C:\Windows\System\MeOIlQz.exe
  2⤵
  PID:6220
- C:\Windows\System\dgqmBtA.exe
  C:\Windows\System\dgqmBtA.exe
  2⤵
  PID:6240
- C:\Windows\System\FajtrlO.exe
  C:\Windows\System\FajtrlO.exe
  2⤵
  PID:6260
- C:\Windows\System\xXzrlFO.exe
  C:\Windows\System\xXzrlFO.exe
  2⤵
  PID:6280
- C:\Windows\System\mkFoDpf.exe
  C:\Windows\System\mkFoDpf.exe
  2⤵
  PID:6300
- C:\Windows\System\xluuXbj.exe
  C:\Windows\System\xluuXbj.exe
  2⤵
  PID:6320
- C:\Windows\System\TjEuuGE.exe
  C:\Windows\System\TjEuuGE.exe
  2⤵
  PID:6340
- C:\Windows\System\MdvnvMO.exe
  C:\Windows\System\MdvnvMO.exe
  2⤵
  PID:6360
- C:\Windows\System\fOfShGv.exe
  C:\Windows\System\fOfShGv.exe
  2⤵
  PID:6380
- C:\Windows\System\SNJyjvw.exe
  C:\Windows\System\SNJyjvw.exe
  2⤵
  PID:6400
- C:\Windows\System\zpcmoKx.exe
  C:\Windows\System\zpcmoKx.exe
  2⤵
  PID:6420
- C:\Windows\System\UwdQpEA.exe
  C:\Windows\System\UwdQpEA.exe
  2⤵
  PID:6440
- C:\Windows\System\HqXRATW.exe
  C:\Windows\System\HqXRATW.exe
  2⤵
  PID:6460
- C:\Windows\System\OJaxhYd.exe
  C:\Windows\System\OJaxhYd.exe
  2⤵
  PID:6480
- C:\Windows\System\oqPbtoU.exe
  C:\Windows\System\oqPbtoU.exe
  2⤵
  PID:6496
- C:\Windows\System\MgkReGZ.exe
  C:\Windows\System\MgkReGZ.exe
  2⤵
  PID:6512
- C:\Windows\System\QnuhNjE.exe
  C:\Windows\System\QnuhNjE.exe
  2⤵
  PID:6536
- C:\Windows\System\IJfVfur.exe
  C:\Windows\System\IJfVfur.exe
  2⤵
  PID:6556
- C:\Windows\System\jHwAuga.exe
  C:\Windows\System\jHwAuga.exe
  2⤵
  PID:6592
- C:\Windows\System\kvizjgY.exe
  C:\Windows\System\kvizjgY.exe
  2⤵
  PID:6612
- C:\Windows\System\GjDoGfU.exe
  C:\Windows\System\GjDoGfU.exe
  2⤵
  PID:6632
- C:\Windows\System\aDGZMsd.exe
  C:\Windows\System\aDGZMsd.exe
  2⤵
  PID:6648
- C:\Windows\System\LmjxFhg.exe
  C:\Windows\System\LmjxFhg.exe
  2⤵
  PID:6668
- C:\Windows\System\ZAXMEPT.exe
  C:\Windows\System\ZAXMEPT.exe
  2⤵
  PID:6688
- C:\Windows\System\gVUrKAf.exe
  C:\Windows\System\gVUrKAf.exe
  2⤵
  PID:6708
- C:\Windows\System\vdSAMcl.exe
  C:\Windows\System\vdSAMcl.exe
  2⤵
  PID:6724
- C:\Windows\System\lQDrWDb.exe
  C:\Windows\System\lQDrWDb.exe
  2⤵
  PID:6748
- C:\Windows\System\fnnyrEo.exe
  C:\Windows\System\fnnyrEo.exe
  2⤵
  PID:6772
- C:\Windows\System\SFyzKLk.exe
  C:\Windows\System\SFyzKLk.exe
  2⤵
  PID:6792
- C:\Windows\System\tFCVcUc.exe
  C:\Windows\System\tFCVcUc.exe
  2⤵
  PID:6812
- C:\Windows\System\WrvMLmG.exe
  C:\Windows\System\WrvMLmG.exe
  2⤵
  PID:6828
- C:\Windows\System\XMpkmyf.exe
  C:\Windows\System\XMpkmyf.exe
  2⤵
  PID:6852
- C:\Windows\System\sexsVHo.exe
  C:\Windows\System\sexsVHo.exe
  2⤵
  PID:6872
- C:\Windows\System\wTkdfVS.exe
  C:\Windows\System\wTkdfVS.exe
  2⤵
  PID:6892
- C:\Windows\System\DtmkLDe.exe
  C:\Windows\System\DtmkLDe.exe
  2⤵
  PID:6912
- C:\Windows\System\jBdRSsn.exe
  C:\Windows\System\jBdRSsn.exe
  2⤵
  PID:6932
- C:\Windows\System\IJiCeDk.exe
  C:\Windows\System\IJiCeDk.exe
  2⤵
  PID:6952
- C:\Windows\System\hHdZrnc.exe
  C:\Windows\System\hHdZrnc.exe
  2⤵
  PID:6972
- C:\Windows\System\qoalTIs.exe
  C:\Windows\System\qoalTIs.exe
  2⤵
  PID:6992
- C:\Windows\System\upuXjGb.exe
  C:\Windows\System\upuXjGb.exe
  2⤵
  PID:7012
- C:\Windows\System\pxTvtyh.exe
  C:\Windows\System\pxTvtyh.exe
  2⤵
  PID:7032
- C:\Windows\System\RlZBJcw.exe
  C:\Windows\System\RlZBJcw.exe
  2⤵
  PID:7052
- C:\Windows\System\BEiPwqF.exe
  C:\Windows\System\BEiPwqF.exe
  2⤵
  PID:7072
- C:\Windows\System\AfcNjhk.exe
  C:\Windows\System\AfcNjhk.exe
  2⤵
  PID:7092
- C:\Windows\System\kllNJEU.exe
  C:\Windows\System\kllNJEU.exe
  2⤵
  PID:7112
- C:\Windows\System\zsGyvql.exe
  C:\Windows\System\zsGyvql.exe
  2⤵
  PID:7132
- C:\Windows\System\twTYvYR.exe
  C:\Windows\System\twTYvYR.exe
  2⤵
  PID:7152
- C:\Windows\System\FqlMuih.exe
  C:\Windows\System\FqlMuih.exe
  2⤵
  PID:5520
- C:\Windows\System\MvrQplB.exe
  C:\Windows\System\MvrQplB.exe
  2⤵
  PID:5624
- C:\Windows\System\YWNwRgf.exe
  C:\Windows\System\YWNwRgf.exe
  2⤵
  PID:5764
- C:\Windows\System\pwrdJXg.exe
  C:\Windows\System\pwrdJXg.exe
  2⤵
  PID:5804
- C:\Windows\System\BviXsYQ.exe
  C:\Windows\System\BviXsYQ.exe
  2⤵
  PID:5860
- C:\Windows\System\iNadHrg.exe
  C:\Windows\System\iNadHrg.exe
  2⤵
  PID:5976
- C:\Windows\System\qFGrIyR.exe
  C:\Windows\System\qFGrIyR.exe
  2⤵
  PID:4632
- C:\Windows\System\nBjVAcw.exe
  C:\Windows\System\nBjVAcw.exe
  2⤵
  PID:2360
- C:\Windows\System\xtwivqI.exe
  C:\Windows\System\xtwivqI.exe
  2⤵
  PID:3752
- C:\Windows\System\KrzFPet.exe
  C:\Windows\System\KrzFPet.exe
  2⤵
  PID:2212
- C:\Windows\System\vuVxfuf.exe
  C:\Windows\System\vuVxfuf.exe
  2⤵
  PID:5204
- C:\Windows\System\muoMZuM.exe
  C:\Windows\System\muoMZuM.exe
  2⤵
  PID:5384
- C:\Windows\System\WmCKAFy.exe
  C:\Windows\System\WmCKAFy.exe
  2⤵
  PID:5468
- C:\Windows\System\fbwPshQ.exe
  C:\Windows\System\fbwPshQ.exe
  2⤵
  PID:6168
- C:\Windows\System\AJuNeVr.exe
  C:\Windows\System\AJuNeVr.exe
  2⤵
  PID:6196
- C:\Windows\System\SqvoIHF.exe
  C:\Windows\System\SqvoIHF.exe
  2⤵
  PID:6216
- C:\Windows\System\srtoayC.exe
  C:\Windows\System\srtoayC.exe
  2⤵
  PID:6256
- C:\Windows\System\uWRCvFv.exe
  C:\Windows\System\uWRCvFv.exe
  2⤵
  PID:6296
- C:\Windows\System\qwEybCy.exe
  C:\Windows\System\qwEybCy.exe
  2⤵
  PID:6312
- C:\Windows\System\zXvXKxM.exe
  C:\Windows\System\zXvXKxM.exe
  2⤵
  PID:6352
- C:\Windows\System\zGlsedd.exe
  C:\Windows\System\zGlsedd.exe
  2⤵
  PID:6388
- C:\Windows\System\wvgEzhp.exe
  C:\Windows\System\wvgEzhp.exe
  2⤵
  PID:6428
- C:\Windows\System\qSxrwBR.exe
  C:\Windows\System\qSxrwBR.exe
  2⤵
  PID:6468
- C:\Windows\System\donCSbs.exe
  C:\Windows\System\donCSbs.exe
  2⤵
  PID:2888
- C:\Windows\System\feszgXA.exe
  C:\Windows\System\feszgXA.exe
  2⤵
  PID:2856
- C:\Windows\System\BySiMmJ.exe
  C:\Windows\System\BySiMmJ.exe
  2⤵
  PID:6472
- C:\Windows\System\TkKpiHq.exe
  C:\Windows\System\TkKpiHq.exe
  2⤵
  PID:6520
- C:\Windows\System\hzJbqqO.exe
  C:\Windows\System\hzJbqqO.exe
  2⤵
  PID:6604
- C:\Windows\System\JVugKII.exe
  C:\Windows\System\JVugKII.exe
  2⤵
  PID:6620
- C:\Windows\System\uCsuNBs.exe
  C:\Windows\System\uCsuNBs.exe
  2⤵
  PID:6676
- C:\Windows\System\ORHNIfH.exe
  C:\Windows\System\ORHNIfH.exe
  2⤵
  PID:6660
- C:\Windows\System\uvKAFtx.exe
  C:\Windows\System\uvKAFtx.exe
  2⤵
  PID:6756
- C:\Windows\System\QUVDyIg.exe
  C:\Windows\System\QUVDyIg.exe
  2⤵
  PID:6768
- C:\Windows\System\UcDbiHJ.exe
  C:\Windows\System\UcDbiHJ.exe
  2⤵
  PID:6780
- C:\Windows\System\MMfyAZL.exe
  C:\Windows\System\MMfyAZL.exe
  2⤵
  PID:6836
- C:\Windows\System\nBkQqIB.exe
  C:\Windows\System\nBkQqIB.exe
  2⤵
  PID:6824
- C:\Windows\System\yWweVxX.exe
  C:\Windows\System\yWweVxX.exe
  2⤵
  PID:6868
- C:\Windows\System\ObfIksz.exe
  C:\Windows\System\ObfIksz.exe
  2⤵
  PID:6928
- C:\Windows\System\KZmIYNE.exe
  C:\Windows\System\KZmIYNE.exe
  2⤵
  PID:6904
- C:\Windows\System\xhhIJPe.exe
  C:\Windows\System\xhhIJPe.exe
  2⤵
  PID:7004
- C:\Windows\System\eJaudpM.exe
  C:\Windows\System\eJaudpM.exe
  2⤵
  PID:7044
- C:\Windows\System\cjOXdxb.exe
  C:\Windows\System\cjOXdxb.exe
  2⤵
  PID:7084
- C:\Windows\System\kIZVLDy.exe
  C:\Windows\System\kIZVLDy.exe
  2⤵
  PID:7020
- C:\Windows\System\zPPDFCQ.exe
  C:\Windows\System\zPPDFCQ.exe
  2⤵
  PID:7060
- C:\Windows\System\XazWgpH.exe
  C:\Windows\System\XazWgpH.exe
  2⤵
  PID:5788
- C:\Windows\System\npNZiOo.exe
  C:\Windows\System\npNZiOo.exe
  2⤵
  PID:7100
- C:\Windows\System\YDReMIm.exe
  C:\Windows\System\YDReMIm.exe
  2⤵
  PID:3236
- C:\Windows\System\XxQzOyR.exe
  C:\Windows\System\XxQzOyR.exe
  2⤵
  PID:5128
- C:\Windows\System\dnCrwNp.exe
  C:\Windows\System\dnCrwNp.exe
  2⤵
  PID:5600
- C:\Windows\System\BBqLglq.exe
  C:\Windows\System\BBqLglq.exe
  2⤵
  PID:5924
- C:\Windows\System\VfpiWEL.exe
  C:\Windows\System\VfpiWEL.exe
  2⤵
  PID:6232
- C:\Windows\System\huEODoc.exe
  C:\Windows\System\huEODoc.exe
  2⤵
  PID:6308
- C:\Windows\System\PsdyboQ.exe
  C:\Windows\System\PsdyboQ.exe
  2⤵
  PID:3408
- C:\Windows\System\oOtRRzO.exe
  C:\Windows\System\oOtRRzO.exe
  2⤵
  PID:4292
- C:\Windows\System\lUpuTtz.exe
  C:\Windows\System\lUpuTtz.exe
  2⤵
  PID:5380
- C:\Windows\System\RjcvJIX.exe
  C:\Windows\System\RjcvJIX.exe
  2⤵
  PID:2876
- C:\Windows\System\rLiBNUw.exe
  C:\Windows\System\rLiBNUw.exe
  2⤵
  PID:6228
- C:\Windows\System\vPyFxxr.exe
  C:\Windows\System\vPyFxxr.exe
  2⤵
  PID:6356
- C:\Windows\System\sSZGiXz.exe
  C:\Windows\System\sSZGiXz.exe
  2⤵
  PID:6336
- C:\Windows\System\hYYDeuo.exe
  C:\Windows\System\hYYDeuo.exe
  2⤵
  PID:6548
- C:\Windows\System\qKtfioZ.exe
  C:\Windows\System\qKtfioZ.exe
  2⤵
  PID:6392
- C:\Windows\System\euMTjfK.exe
  C:\Windows\System\euMTjfK.exe
  2⤵
  PID:6588
- C:\Windows\System\juaURwQ.exe
  C:\Windows\System\juaURwQ.exe
  2⤵
  PID:6568
- C:\Windows\System\jtjcPdh.exe
  C:\Windows\System\jtjcPdh.exe
  2⤵
  PID:6608
- C:\Windows\System\KNGVwja.exe
  C:\Windows\System\KNGVwja.exe
  2⤵
  PID:6720
- C:\Windows\System\HfFSnuV.exe
  C:\Windows\System\HfFSnuV.exe
  2⤵
  PID:6696
- C:\Windows\System\kiRrHAv.exe
  C:\Windows\System\kiRrHAv.exe
  2⤵
  PID:6744
- C:\Windows\System\YbpHeVe.exe
  C:\Windows\System\YbpHeVe.exe
  2⤵
  PID:6884
- C:\Windows\System\dZhViye.exe
  C:\Windows\System\dZhViye.exe
  2⤵
  PID:6988
- C:\Windows\System\oljUBkk.exe
  C:\Windows\System\oljUBkk.exe
  2⤵
  PID:7160
- C:\Windows\System\gGoKvzX.exe
  C:\Windows\System\gGoKvzX.exe
  2⤵
  PID:6948
- C:\Windows\System\tVoHZkz.exe
  C:\Windows\System\tVoHZkz.exe
  2⤵
  PID:7024
- C:\Windows\System\eDWhtts.exe
  C:\Windows\System\eDWhtts.exe
  2⤵
  PID:6108
- C:\Windows\System\wSAngtq.exe
  C:\Windows\System\wSAngtq.exe
  2⤵
  PID:6188
- C:\Windows\System\awJVVAC.exe
  C:\Windows\System\awJVVAC.exe
  2⤵
  PID:6128
- C:\Windows\System\qrwzTIn.exe
  C:\Windows\System\qrwzTIn.exe
  2⤵
  PID:1956
- C:\Windows\System\zHJoHIO.exe
  C:\Windows\System\zHJoHIO.exe
  2⤵
  PID:5400
- C:\Windows\System\ErOCZOw.exe
  C:\Windows\System\ErOCZOw.exe
  2⤵
  PID:2592
- C:\Windows\System\MAFQjgZ.exe
  C:\Windows\System\MAFQjgZ.exe
  2⤵
  PID:6248
- C:\Windows\System\lgZcrLP.exe
  C:\Windows\System\lgZcrLP.exe
  2⤵
  PID:6152
- C:\Windows\System\nEzGvsc.exe
  C:\Windows\System\nEzGvsc.exe
  2⤵
  PID:6408
- C:\Windows\System\ZwHtiDL.exe
  C:\Windows\System\ZwHtiDL.exe
  2⤵
  PID:6764
- C:\Windows\System\XkjTTTq.exe
  C:\Windows\System\XkjTTTq.exe
  2⤵
  PID:6288
- C:\Windows\System\tdPCqBV.exe
  C:\Windows\System\tdPCqBV.exe
  2⤵
  PID:6492
- C:\Windows\System\RhRyryl.exe
  C:\Windows\System\RhRyryl.exe
  2⤵
  PID:6736
- C:\Windows\System\ZqvtYVB.exe
  C:\Windows\System\ZqvtYVB.exe
  2⤵
  PID:6804
- C:\Windows\System\RSenYPz.exe
  C:\Windows\System\RSenYPz.exe
  2⤵
  PID:7040
- C:\Windows\System\hxxVpyD.exe
  C:\Windows\System\hxxVpyD.exe
  2⤵
  PID:6864
- C:\Windows\System\ElehPyY.exe
  C:\Windows\System\ElehPyY.exe
  2⤵
  PID:7124
- C:\Windows\System\EdryKIT.exe
  C:\Windows\System\EdryKIT.exe
  2⤵
  PID:4716
- C:\Windows\System\kofRKiG.exe
  C:\Windows\System\kofRKiG.exe
  2⤵
  PID:7184
- C:\Windows\System\nOaOjhi.exe
  C:\Windows\System\nOaOjhi.exe
  2⤵
  PID:7204
- C:\Windows\System\DiacbON.exe
  C:\Windows\System\DiacbON.exe
  2⤵
  PID:7224
- C:\Windows\System\wDmEwuJ.exe
  C:\Windows\System\wDmEwuJ.exe
  2⤵
  PID:7244
- C:\Windows\System\XQHiswK.exe
  C:\Windows\System\XQHiswK.exe
  2⤵
  PID:7268
- C:\Windows\System\GULNlKL.exe
  C:\Windows\System\GULNlKL.exe
  2⤵
  PID:7288
- C:\Windows\System\nmSgqRT.exe
  C:\Windows\System\nmSgqRT.exe
  2⤵
  PID:7308
- C:\Windows\System\BvmtfJf.exe
  C:\Windows\System\BvmtfJf.exe
  2⤵
  PID:7332
- C:\Windows\System\MARWLbq.exe
  C:\Windows\System\MARWLbq.exe
  2⤵
  PID:7352
- C:\Windows\System\igtHIQe.exe
  C:\Windows\System\igtHIQe.exe
  2⤵
  PID:7372
- C:\Windows\System\hrQIrLf.exe
  C:\Windows\System\hrQIrLf.exe
  2⤵
  PID:7392
- C:\Windows\System\RVweohs.exe
  C:\Windows\System\RVweohs.exe
  2⤵
  PID:7408
- C:\Windows\System\uCgwXeR.exe
  C:\Windows\System\uCgwXeR.exe
  2⤵
  PID:7428
- C:\Windows\System\gjhIUJp.exe
  C:\Windows\System\gjhIUJp.exe
  2⤵
  PID:7448
- C:\Windows\System\bDqhTSH.exe
  C:\Windows\System\bDqhTSH.exe
  2⤵
  PID:7468
- C:\Windows\System\rIKDHaw.exe
  C:\Windows\System\rIKDHaw.exe
  2⤵
  PID:7488
- C:\Windows\System\lkJMgJy.exe
  C:\Windows\System\lkJMgJy.exe
  2⤵
  PID:7508
- C:\Windows\System\ReAhJcs.exe
  C:\Windows\System\ReAhJcs.exe
  2⤵
  PID:7528
- C:\Windows\System\RtBKQXH.exe
  C:\Windows\System\RtBKQXH.exe
  2⤵
  PID:7552
- C:\Windows\System\hmdBkFM.exe
  C:\Windows\System\hmdBkFM.exe
  2⤵
  PID:7568
- C:\Windows\System\JMAyPFg.exe
  C:\Windows\System\JMAyPFg.exe
  2⤵
  PID:7592
- C:\Windows\System\puCTtnV.exe
  C:\Windows\System\puCTtnV.exe
  2⤵
  PID:7612
- C:\Windows\System\ebRwrPJ.exe
  C:\Windows\System\ebRwrPJ.exe
  2⤵
  PID:7632
- C:\Windows\System\LwBuhsJ.exe
  C:\Windows\System\LwBuhsJ.exe
  2⤵
  PID:7652
- C:\Windows\System\qYDhWGS.exe
  C:\Windows\System\qYDhWGS.exe
  2⤵
  PID:7672
- C:\Windows\System\HJnaEZr.exe
  C:\Windows\System\HJnaEZr.exe
  2⤵
  PID:7692
- C:\Windows\System\NfPEAFG.exe
  C:\Windows\System\NfPEAFG.exe
  2⤵
  PID:7712
- C:\Windows\System\IkFCpSc.exe
  C:\Windows\System\IkFCpSc.exe
  2⤵
  PID:7728
- C:\Windows\System\ewLSrIs.exe
  C:\Windows\System\ewLSrIs.exe
  2⤵
  PID:7752
- C:\Windows\System\eVtJuNM.exe
  C:\Windows\System\eVtJuNM.exe
  2⤵
  PID:7772
- C:\Windows\System\FaOQdQg.exe
  C:\Windows\System\FaOQdQg.exe
  2⤵
  PID:7792
- C:\Windows\System\vbKLehl.exe
  C:\Windows\System\vbKLehl.exe
  2⤵
  PID:7808
- C:\Windows\System\jlHilak.exe
  C:\Windows\System\jlHilak.exe
  2⤵
  PID:7832
- C:\Windows\System\RJuJVZR.exe
  C:\Windows\System\RJuJVZR.exe
  2⤵
  PID:7856
- C:\Windows\System\dcIOIYK.exe
  C:\Windows\System\dcIOIYK.exe
  2⤵
  PID:7876
- C:\Windows\System\FEZzXBB.exe
  C:\Windows\System\FEZzXBB.exe
  2⤵
  PID:7896
- C:\Windows\System\FLFTmUn.exe
  C:\Windows\System\FLFTmUn.exe
  2⤵
  PID:7916
- C:\Windows\System\hVqlubY.exe
  C:\Windows\System\hVqlubY.exe
  2⤵
  PID:7932
- C:\Windows\System\DdjUUQa.exe
  C:\Windows\System\DdjUUQa.exe
  2⤵
  PID:7956
- C:\Windows\System\TGikfER.exe
  C:\Windows\System\TGikfER.exe
  2⤵
  PID:7976
- C:\Windows\System\ESUHLEZ.exe
  C:\Windows\System\ESUHLEZ.exe
  2⤵
  PID:7996
- C:\Windows\System\nuYDJxi.exe
  C:\Windows\System\nuYDJxi.exe
  2⤵
  PID:8012
- C:\Windows\System\MzacYkA.exe
  C:\Windows\System\MzacYkA.exe
  2⤵
  PID:8032
- C:\Windows\System\hpIyDMj.exe
  C:\Windows\System\hpIyDMj.exe
  2⤵
  PID:8052
- C:\Windows\System\gLIBCeN.exe
  C:\Windows\System\gLIBCeN.exe
  2⤵
  PID:8072
- C:\Windows\System\SBEUWZq.exe
  C:\Windows\System\SBEUWZq.exe
  2⤵
  PID:8092
- C:\Windows\System\qVISMbn.exe
  C:\Windows\System\qVISMbn.exe
  2⤵
  PID:8112
- C:\Windows\System\HQvNEdz.exe
  C:\Windows\System\HQvNEdz.exe
  2⤵
  PID:8132
- C:\Windows\System\JzSLMFz.exe
  C:\Windows\System\JzSLMFz.exe
  2⤵
  PID:8152
- C:\Windows\System\iwxQDmo.exe
  C:\Windows\System\iwxQDmo.exe
  2⤵
  PID:8172
- C:\Windows\System\NzbLJhW.exe
  C:\Windows\System\NzbLJhW.exe
  2⤵
  PID:5740
- C:\Windows\System\RMAvEmD.exe
  C:\Windows\System\RMAvEmD.exe
  2⤵
  PID:7088
- C:\Windows\System\WfSepvf.exe
  C:\Windows\System\WfSepvf.exe
  2⤵
  PID:6348
- C:\Windows\System\fdlYtFV.exe
  C:\Windows\System\fdlYtFV.exe
  2⤵
  PID:5908
- C:\Windows\System\mOOOlhm.exe
  C:\Windows\System\mOOOlhm.exe
  2⤵
  PID:6208
- C:\Windows\System\SGLcLaE.exe
  C:\Windows\System\SGLcLaE.exe
  2⤵
  PID:6624
- C:\Windows\System\rqHcECA.exe
  C:\Windows\System\rqHcECA.exe
  2⤵
  PID:1992
- C:\Windows\System\TEALUzw.exe
  C:\Windows\System\TEALUzw.exe
  2⤵
  PID:2944
- C:\Windows\System\CfRMjLh.exe
  C:\Windows\System\CfRMjLh.exe
  2⤵
  PID:6980
- C:\Windows\System\DnwFgnD.exe
  C:\Windows\System\DnwFgnD.exe
  2⤵
  PID:7104
- C:\Windows\System\FtiDgrO.exe
  C:\Windows\System\FtiDgrO.exe
  2⤵
  PID:6820
- C:\Windows\System\XsJhQVU.exe
  C:\Windows\System\XsJhQVU.exe
  2⤵
  PID:7220
- C:\Windows\System\lAsNrQU.exe
  C:\Windows\System\lAsNrQU.exe
  2⤵
  PID:7264
- C:\Windows\System\BvjywGt.exe
  C:\Windows\System\BvjywGt.exe
  2⤵
  PID:7200
- C:\Windows\System\hpJYPkJ.exe
  C:\Windows\System\hpJYPkJ.exe
  2⤵
  PID:7236
- C:\Windows\System\UuVAZot.exe
  C:\Windows\System\UuVAZot.exe
  2⤵
  PID:7284
- C:\Windows\System\DNBxbEu.exe
  C:\Windows\System\DNBxbEu.exe
  2⤵
  PID:7388
- C:\Windows\System\WyUpYZw.exe
  C:\Windows\System\WyUpYZw.exe
  2⤵
  PID:2748
- C:\Windows\System\yXhvruq.exe
  C:\Windows\System\yXhvruq.exe
  2⤵
  PID:7460
- C:\Windows\System\YvrioxB.exe
  C:\Windows\System\YvrioxB.exe
  2⤵
  PID:7444
- C:\Windows\System\ysnqBVk.exe
  C:\Windows\System\ysnqBVk.exe
  2⤵
  PID:7540
- C:\Windows\System\VCQvQvu.exe
  C:\Windows\System\VCQvQvu.exe
  2⤵
  PID:7544
- C:\Windows\System\rhnnogb.exe
  C:\Windows\System\rhnnogb.exe
  2⤵
  PID:7580
- C:\Windows\System\ZNOMTmG.exe
  C:\Windows\System\ZNOMTmG.exe
  2⤵
  PID:7560
- C:\Windows\System\CsTPcyr.exe
  C:\Windows\System\CsTPcyr.exe
  2⤵
  PID:7624
- C:\Windows\System\QkyXCEJ.exe
  C:\Windows\System\QkyXCEJ.exe
  2⤵
  PID:7648
- C:\Windows\System\ZyqPahB.exe
  C:\Windows\System\ZyqPahB.exe
  2⤵
  PID:7708
- C:\Windows\System\xwYAHVZ.exe
  C:\Windows\System\xwYAHVZ.exe
  2⤵
  PID:7684
- C:\Windows\System\LKLLHJN.exe
  C:\Windows\System\LKLLHJN.exe
  2⤵
  PID:7784
- C:\Windows\System\nMhYZty.exe
  C:\Windows\System\nMhYZty.exe
  2⤵
  PID:7764
- C:\Windows\System\iOqtuyZ.exe
  C:\Windows\System\iOqtuyZ.exe
  2⤵
  PID:7868
- C:\Windows\System\mmdZgSS.exe
  C:\Windows\System\mmdZgSS.exe
  2⤵
  PID:7912
- C:\Windows\System\IaKLsaw.exe
  C:\Windows\System\IaKLsaw.exe
  2⤵
  PID:7852
- C:\Windows\System\BfOPYuh.exe
  C:\Windows\System\BfOPYuh.exe
  2⤵
  PID:7948
- C:\Windows\System\TIFbrfr.exe
  C:\Windows\System\TIFbrfr.exe
  2⤵
  PID:8028
- C:\Windows\System\lfwATtB.exe
  C:\Windows\System\lfwATtB.exe
  2⤵
  PID:3940
- C:\Windows\System\zAbfwIr.exe
  C:\Windows\System\zAbfwIr.exe
  2⤵
  PID:8104
- C:\Windows\System\CRTVDjY.exe
  C:\Windows\System\CRTVDjY.exe
  2⤵
  PID:8184
- C:\Windows\System\rDBCcXg.exe
  C:\Windows\System\rDBCcXg.exe
  2⤵
  PID:7888
- C:\Windows\System\NVeVbNe.exe
  C:\Windows\System\NVeVbNe.exe
  2⤵
  PID:2108
- C:\Windows\System\EgPJYwF.exe
  C:\Windows\System\EgPJYwF.exe
  2⤵
  PID:6740
- C:\Windows\System\HLKMfEw.exe
  C:\Windows\System\HLKMfEw.exe
  2⤵
  PID:8008
- C:\Windows\System\ZqAvvEF.exe
  C:\Windows\System\ZqAvvEF.exe
  2⤵
  PID:8044
- C:\Windows\System\sitWDjw.exe
  C:\Windows\System\sitWDjw.exe
  2⤵
  PID:8048
- C:\Windows\System\qzChOgD.exe
  C:\Windows\System\qzChOgD.exe
  2⤵
  PID:7260
- C:\Windows\System\ZDaZZXw.exe
  C:\Windows\System\ZDaZZXw.exe
  2⤵
  PID:8124
- C:\Windows\System\aFFrJkc.exe
  C:\Windows\System\aFFrJkc.exe
  2⤵
  PID:4536
- C:\Windows\System\UIQWCXd.exe
  C:\Windows\System\UIQWCXd.exe
  2⤵
  PID:7196
- C:\Windows\System\mpRQbaz.exe
  C:\Windows\System\mpRQbaz.exe
  2⤵
  PID:5848
- C:\Windows\System\yDysAuM.exe
  C:\Windows\System\yDysAuM.exe
  2⤵
  PID:7256
- C:\Windows\System\VPqKvMD.exe
  C:\Windows\System\VPqKvMD.exe
  2⤵
  PID:6656
- C:\Windows\System\CYbzWbx.exe
  C:\Windows\System\CYbzWbx.exe
  2⤵
  PID:7324
- C:\Windows\System\IuVJxsI.exe
  C:\Windows\System\IuVJxsI.exe
  2⤵
  PID:7456
- C:\Windows\System\RcdCcfz.exe
  C:\Windows\System\RcdCcfz.exe
  2⤵
  PID:7360
- C:\Windows\System\vYoupPC.exe
  C:\Windows\System\vYoupPC.exe
  2⤵
  PID:7536
- C:\Windows\System\urjdNRB.exe
  C:\Windows\System\urjdNRB.exe
  2⤵
  PID:7516
- C:\Windows\System\zzTGpMy.exe
  C:\Windows\System\zzTGpMy.exe
  2⤵
  PID:7600
- C:\Windows\System\mvppAzV.exe
  C:\Windows\System\mvppAzV.exe
  2⤵
  PID:7584
- C:\Windows\System\VamhlNx.exe
  C:\Windows\System\VamhlNx.exe
  2⤵
  PID:7704
- C:\Windows\System\bwuyfoG.exe
  C:\Windows\System\bwuyfoG.exe
  2⤵
  PID:7744
- C:\Windows\System\CdzdIZM.exe
  C:\Windows\System\CdzdIZM.exe
  2⤵
  PID:7828
- C:\Windows\System\YqBLnnp.exe
  C:\Windows\System\YqBLnnp.exe
  2⤵
  PID:7768
- C:\Windows\System\Qrbjtub.exe
  C:\Windows\System\Qrbjtub.exe
  2⤵
  PID:7720
- C:\Windows\System\hfrTwHT.exe
  C:\Windows\System\hfrTwHT.exe
  2⤵
  PID:7908
- C:\Windows\System\pOLxDKb.exe
  C:\Windows\System\pOLxDKb.exe
  2⤵
  PID:2916
- C:\Windows\System\mzDqAdw.exe
  C:\Windows\System\mzDqAdw.exe
  2⤵
  PID:7952
- C:\Windows\System\hNztJoi.exe
  C:\Windows\System\hNztJoi.exe
  2⤵
  PID:6580
- C:\Windows\System\NhAFjsr.exe
  C:\Windows\System\NhAFjsr.exe
  2⤵
  PID:8068
- C:\Windows\System\xulscqp.exe
  C:\Windows\System\xulscqp.exe
  2⤵
  PID:6476
- C:\Windows\System\oQnLhLN.exe
  C:\Windows\System\oQnLhLN.exe
  2⤵
  PID:1676
- C:\Windows\System\AFAGzdK.exe
  C:\Windows\System\AFAGzdK.exe
  2⤵
  PID:7972
- C:\Windows\System\RguzMpZ.exe
  C:\Windows\System\RguzMpZ.exe
  2⤵
  PID:7316
- C:\Windows\System\AhPRQWV.exe
  C:\Windows\System\AhPRQWV.exe
  2⤵
  PID:7216
- C:\Windows\System\UxxrYJc.exe
  C:\Windows\System\UxxrYJc.exe
  2⤵
  PID:7400
- C:\Windows\System\WUIcEbd.exe
  C:\Windows\System\WUIcEbd.exe
  2⤵
  PID:6788
- C:\Windows\System\WDEZTtt.exe
  C:\Windows\System\WDEZTtt.exe
  2⤵
  PID:7364
- C:\Windows\System\WRskRyR.exe
  C:\Windows\System\WRskRyR.exe
  2⤵
  PID:7436
- C:\Windows\System\vcyPWeM.exe
  C:\Windows\System\vcyPWeM.exe
  2⤵
  PID:660
- C:\Windows\System\moTpPdf.exe
  C:\Windows\System\moTpPdf.exe
  2⤵
  PID:884
- C:\Windows\System\FnkAQiS.exe
  C:\Windows\System\FnkAQiS.exe
  2⤵
  PID:2512
- C:\Windows\System\NcaVTAo.exe
  C:\Windows\System\NcaVTAo.exe
  2⤵
  PID:6628
- C:\Windows\System\ACwISsS.exe
  C:\Windows\System\ACwISsS.exe
  2⤵
  PID:7988
- C:\Windows\System\bAGAqpe.exe
  C:\Windows\System\bAGAqpe.exe
  2⤵
  PID:2568
- C:\Windows\System\vyFLbdY.exe
  C:\Windows\System\vyFLbdY.exe
  2⤵
  PID:7440
- C:\Windows\System\pUWiVwj.exe
  C:\Windows\System\pUWiVwj.exe
  2⤵
  PID:7924
- C:\Windows\System\ewxJULa.exe
  C:\Windows\System\ewxJULa.exe
  2⤵
  PID:7664
- C:\Windows\System\HbdXeZc.exe
  C:\Windows\System\HbdXeZc.exe
  2⤵
  PID:8020
- C:\Windows\System\PGQQQbc.exe
  C:\Windows\System\PGQQQbc.exe
  2⤵
  PID:7992
- C:\Windows\System\kkpmKuQ.exe
  C:\Windows\System\kkpmKuQ.exe
  2⤵
  PID:2120
- C:\Windows\System\nFcFtrf.exe
  C:\Windows\System\nFcFtrf.exe
  2⤵
  PID:7300
- C:\Windows\System\RhafoFf.exe
  C:\Windows\System\RhafoFf.exe
  2⤵
  PID:628
- C:\Windows\System\QoGgOKZ.exe
  C:\Windows\System\QoGgOKZ.exe
  2⤵
  PID:2488
- C:\Windows\System\DWMPcgV.exe
  C:\Windows\System\DWMPcgV.exe
  2⤵
  PID:8108
- C:\Windows\System\tjSYKlU.exe
  C:\Windows\System\tjSYKlU.exe
  2⤵
  PID:7404
- C:\Windows\System\OBnkGmW.exe
  C:\Windows\System\OBnkGmW.exe
  2⤵
  PID:4456
- C:\Windows\System\PkXHMuv.exe
  C:\Windows\System\PkXHMuv.exe
  2⤵
  PID:6448
- C:\Windows\System\pXWPkep.exe
  C:\Windows\System\pXWPkep.exe
  2⤵
  PID:1920
- C:\Windows\System\uvzIlju.exe
  C:\Windows\System\uvzIlju.exe
  2⤵
  PID:8040
- C:\Windows\System\PAQkdKG.exe
  C:\Windows\System\PAQkdKG.exe
  2⤵
  PID:8084
- C:\Windows\System\rWEAhEe.exe
  C:\Windows\System\rWEAhEe.exe
  2⤵
  PID:8088
- C:\Windows\System\jGPQqkc.exe
  C:\Windows\System\jGPQqkc.exe
  2⤵
  PID:2104
- C:\Windows\System\MKvUIsQ.exe
  C:\Windows\System\MKvUIsQ.exe
  2⤵
  PID:1852
- C:\Windows\System\LawCwvF.exe
  C:\Windows\System\LawCwvF.exe
  2⤵
  PID:1784
- C:\Windows\System\GyuqDNj.exe
  C:\Windows\System\GyuqDNj.exe
  2⤵
  PID:352
- C:\Windows\System\lhnXAzf.exe
  C:\Windows\System\lhnXAzf.exe
  2⤵
  PID:2012
- C:\Windows\System\tMDtXSe.exe
  C:\Windows\System\tMDtXSe.exe
  2⤵
  PID:1472
- C:\Windows\System\NwEDGlj.exe
  C:\Windows\System\NwEDGlj.exe
  2⤵
  PID:2232
- C:\Windows\System\IOLcMqe.exe
  C:\Windows\System\IOLcMqe.exe
  2⤵
  PID:6564
- C:\Windows\System\vIspJCg.exe
  C:\Windows\System\vIspJCg.exe
  2⤵
  PID:2636
- C:\Windows\System\YuEnlZD.exe
  C:\Windows\System\YuEnlZD.exe
  2⤵
  PID:2872
- C:\Windows\System\MKXLIFj.exe
  C:\Windows\System\MKXLIFj.exe
  2⤵
  PID:1108
- C:\Windows\System\LALhQAo.exe
  C:\Windows\System\LALhQAo.exe
  2⤵
  PID:7276
- C:\Windows\System\QOqvUIS.exe
  C:\Windows\System\QOqvUIS.exe
  2⤵
  PID:2024
- C:\Windows\System\sTvoCPp.exe
  C:\Windows\System\sTvoCPp.exe
  2⤵
  PID:1856
- C:\Windows\System\HmHdwKr.exe
  C:\Windows\System\HmHdwKr.exe
  2⤵
  PID:7140
- C:\Windows\System\oWTwYPa.exe
  C:\Windows\System\oWTwYPa.exe
  2⤵
  PID:8200
- C:\Windows\System\sJkZMTV.exe
  C:\Windows\System\sJkZMTV.exe
  2⤵
  PID:8216
- C:\Windows\System\VyvMozY.exe
  C:\Windows\System\VyvMozY.exe
  2⤵
  PID:8232
- C:\Windows\System\mrBrABp.exe
  C:\Windows\System\mrBrABp.exe
  2⤵
  PID:8248
- C:\Windows\System\sajRvQb.exe
  C:\Windows\System\sajRvQb.exe
  2⤵
  PID:8264
- C:\Windows\System\FrqxOxZ.exe
  C:\Windows\System\FrqxOxZ.exe
  2⤵
  PID:8280
- C:\Windows\System\XaMGqxd.exe
  C:\Windows\System\XaMGqxd.exe
  2⤵
  PID:8296
- C:\Windows\System\QpMxTmV.exe
  C:\Windows\System\QpMxTmV.exe
  2⤵
  PID:8312
- C:\Windows\System\HqHYfHC.exe
  C:\Windows\System\HqHYfHC.exe
  2⤵
  PID:8336
- C:\Windows\System\ZBqeHRg.exe
  C:\Windows\System\ZBqeHRg.exe
  2⤵
  PID:8352
- C:\Windows\System\TuWerBE.exe
  C:\Windows\System\TuWerBE.exe
  2⤵
  PID:8372
- C:\Windows\System\uAAlAeV.exe
  C:\Windows\System\uAAlAeV.exe
  2⤵
  PID:8388
- C:\Windows\System\UXWoXfK.exe
  C:\Windows\System\UXWoXfK.exe
  2⤵
  PID:8404
- C:\Windows\System\LUSMoNd.exe
  C:\Windows\System\LUSMoNd.exe
  2⤵
  PID:8420
- C:\Windows\System\KmvUGTI.exe
  C:\Windows\System\KmvUGTI.exe
  2⤵
  PID:8436
- C:\Windows\System\WqRIGGa.exe
  C:\Windows\System\WqRIGGa.exe
  2⤵
  PID:8452
- C:\Windows\System\WQxBFTD.exe
  C:\Windows\System\WQxBFTD.exe
  2⤵
  PID:8468
- C:\Windows\System\TmdIKeo.exe
  C:\Windows\System\TmdIKeo.exe
  2⤵
  PID:8484
- C:\Windows\System\AAsyGQT.exe
  C:\Windows\System\AAsyGQT.exe
  2⤵
  PID:8500
- C:\Windows\System\zRZOonq.exe
  C:\Windows\System\zRZOonq.exe
  2⤵
  PID:8516
- C:\Windows\System\SSMRtNG.exe
  C:\Windows\System\SSMRtNG.exe
  2⤵
  PID:8532
- C:\Windows\System\IdXTbaX.exe
  C:\Windows\System\IdXTbaX.exe
  2⤵
  PID:8548
- C:\Windows\System\sUqjXKs.exe
  C:\Windows\System\sUqjXKs.exe
  2⤵
  PID:8564
- C:\Windows\System\yxpJjpB.exe
  C:\Windows\System\yxpJjpB.exe
  2⤵
  PID:8580
- C:\Windows\System\PAthVPq.exe
  C:\Windows\System\PAthVPq.exe
  2⤵
  PID:8672
- C:\Windows\System\HXDQZyq.exe
  C:\Windows\System\HXDQZyq.exe
  2⤵
  PID:8696
- C:\Windows\System\vATHbPI.exe
  C:\Windows\System\vATHbPI.exe
  2⤵
  PID:8712
- C:\Windows\System\OniDcWT.exe
  C:\Windows\System\OniDcWT.exe
  2⤵
  PID:8728
- C:\Windows\System\qeLBRHm.exe
  C:\Windows\System\qeLBRHm.exe
  2⤵
  PID:8748
- C:\Windows\System\MahaWlH.exe
  C:\Windows\System\MahaWlH.exe
  2⤵
  PID:8764
- C:\Windows\System\lTMlRSu.exe
  C:\Windows\System\lTMlRSu.exe
  2⤵
  PID:8780
- C:\Windows\System\FpFZgmn.exe
  C:\Windows\System\FpFZgmn.exe
  2⤵
  PID:8796
- C:\Windows\System\IAbhByD.exe
  C:\Windows\System\IAbhByD.exe
  2⤵
  PID:8820
- C:\Windows\System\TlJJuTF.exe
  C:\Windows\System\TlJJuTF.exe
  2⤵
  PID:8836
- C:\Windows\System\gNMXAwC.exe
  C:\Windows\System\gNMXAwC.exe
  2⤵
  PID:8852
- C:\Windows\System\pHpNCYG.exe
  C:\Windows\System\pHpNCYG.exe
  2⤵
  PID:8868
- C:\Windows\System\lZaBXAp.exe
  C:\Windows\System\lZaBXAp.exe
  2⤵
  PID:8884
- C:\Windows\System\cntlywm.exe
  C:\Windows\System\cntlywm.exe
  2⤵
  PID:8900
- C:\Windows\System\WaiFmcN.exe
  C:\Windows\System\WaiFmcN.exe
  2⤵
  PID:8916
- C:\Windows\System\rDszOqp.exe
  C:\Windows\System\rDszOqp.exe
  2⤵
  PID:8932
- C:\Windows\System\MwuQsMC.exe
  C:\Windows\System\MwuQsMC.exe
  2⤵
  PID:8948
- C:\Windows\System\WHyNzfl.exe
  C:\Windows\System\WHyNzfl.exe
  2⤵
  PID:8968
- C:\Windows\System\NlecYnz.exe
  C:\Windows\System\NlecYnz.exe
  2⤵
  PID:8984
- C:\Windows\System\qRduXZW.exe
  C:\Windows\System\qRduXZW.exe
  2⤵
  PID:9000
- C:\Windows\System\sKeHFuP.exe
  C:\Windows\System\sKeHFuP.exe
  2⤵
  PID:9016
- C:\Windows\System\wDgEsPT.exe
  C:\Windows\System\wDgEsPT.exe
  2⤵
  PID:9032
- C:\Windows\System\ujBOcTZ.exe
  C:\Windows\System\ujBOcTZ.exe
  2⤵
  PID:9060
- C:\Windows\System\CFHoKFg.exe
  C:\Windows\System\CFHoKFg.exe
  2⤵
  PID:9172
- C:\Windows\System\EBfbmTA.exe
  C:\Windows\System\EBfbmTA.exe
  2⤵
  PID:9200
- C:\Windows\System\bWKvpio.exe
  C:\Windows\System\bWKvpio.exe
  2⤵
  PID:8148
- C:\Windows\System\CbzvSTY.exe
  C:\Windows\System\CbzvSTY.exe
  2⤵
  PID:1844
- C:\Windows\System\joTBhXu.exe
  C:\Windows\System\joTBhXu.exe
  2⤵
  PID:7688
- C:\Windows\System\QdgNwMT.exe
  C:\Windows\System\QdgNwMT.exe
  2⤵
  PID:1712
- C:\Windows\System\shBcsCf.exe
  C:\Windows\System\shBcsCf.exe
  2⤵
  PID:3008
- C:\Windows\System\sOyYKfF.exe
  C:\Windows\System\sOyYKfF.exe
  2⤵
  PID:5936
- C:\Windows\System\KtsTwaQ.exe
  C:\Windows\System\KtsTwaQ.exe
  2⤵
  PID:8224
- C:\Windows\System\nLCCuYM.exe
  C:\Windows\System\nLCCuYM.exe
  2⤵
  PID:8240
- C:\Windows\System\ZEgGoQL.exe
  C:\Windows\System\ZEgGoQL.exe
  2⤵
  PID:8320
- C:\Windows\System\eguFXZV.exe
  C:\Windows\System\eguFXZV.exe
  2⤵
  PID:8428
- C:\Windows\System\qNbZkhd.exe
  C:\Windows\System\qNbZkhd.exe
  2⤵
  PID:8492
- C:\Windows\System\cFUqKvJ.exe
  C:\Windows\System\cFUqKvJ.exe
  2⤵
  PID:8476
- C:\Windows\System\xZpSnnh.exe
  C:\Windows\System\xZpSnnh.exe
  2⤵
  PID:8416
- C:\Windows\System\yghsMdE.exe
  C:\Windows\System\yghsMdE.exe
  2⤵
  PID:8544
- C:\Windows\System\QIFJXhw.exe
  C:\Windows\System\QIFJXhw.exe
  2⤵
  PID:8556
- C:\Windows\System\UMHHkVc.exe
  C:\Windows\System\UMHHkVc.exe
  2⤵
  PID:8600
- C:\Windows\System\eycaEFn.exe
  C:\Windows\System\eycaEFn.exe
  2⤵
  PID:8620
- C:\Windows\System\cHrBpKH.exe
  C:\Windows\System\cHrBpKH.exe
  2⤵
  PID:8632
- C:\Windows\System\WNILHCz.exe
  C:\Windows\System\WNILHCz.exe
  2⤵
  PID:8644
- C:\Windows\System\AhTAKDl.exe
  C:\Windows\System\AhTAKDl.exe
  2⤵
  PID:8668
- C:\Windows\System\XpnKaSY.exe
  C:\Windows\System\XpnKaSY.exe
  2⤵
  PID:8684
- C:\Windows\System\pXLtdrp.exe
  C:\Windows\System\pXLtdrp.exe
  2⤵
  PID:8720
- C:\Windows\System\UbOvgjP.exe
  C:\Windows\System\UbOvgjP.exe
  2⤵
  PID:8772
- C:\Windows\System\RfWtvRn.exe
  C:\Windows\System\RfWtvRn.exe
  2⤵
  PID:8756
- C:\Windows\System\jSRgOtz.exe
  C:\Windows\System\jSRgOtz.exe
  2⤵
  PID:8816
- C:\Windows\System\ruHWEQy.exe
  C:\Windows\System\ruHWEQy.exe
  2⤵
  PID:8880
- C:\Windows\System\GgFQjPW.exe
  C:\Windows\System\GgFQjPW.exe
  2⤵
  PID:8792
- C:\Windows\System\qKITCRD.exe
  C:\Windows\System\qKITCRD.exe
  2⤵
  PID:8864
- C:\Windows\System\uPLLeNu.exe
  C:\Windows\System\uPLLeNu.exe
  2⤵
  PID:8928
- C:\Windows\System\kCfHetG.exe
  C:\Windows\System\kCfHetG.exe
  2⤵
  PID:8964
- C:\Windows\System\oqhlaUP.exe
  C:\Windows\System\oqhlaUP.exe
  2⤵
  PID:8976
- C:\Windows\System\ZINSswR.exe
  C:\Windows\System\ZINSswR.exe
  2⤵
  PID:9012
- C:\Windows\System\qDZSGHy.exe
  C:\Windows\System\qDZSGHy.exe
  2⤵
  PID:9048
- C:\Windows\System\jzioeAt.exe
  C:\Windows\System\jzioeAt.exe
  2⤵
  PID:9076
- C:\Windows\System\GYXtYFR.exe
  C:\Windows\System\GYXtYFR.exe
  2⤵
  PID:9096
- C:\Windows\System\BAClXwd.exe
  C:\Windows\System\BAClXwd.exe
  2⤵
  PID:9108
- C:\Windows\System\AIgdbGT.exe
  C:\Windows\System\AIgdbGT.exe
  2⤵
  PID:9132
- C:\Windows\System\jaUiqAu.exe
  C:\Windows\System\jaUiqAu.exe
  2⤵
  PID:9152
- C:\Windows\System\mJtRfWJ.exe
  C:\Windows\System\mJtRfWJ.exe
  2⤵
  PID:9168
- C:\Windows\System\TSXbOhZ.exe
  C:\Windows\System\TSXbOhZ.exe
  2⤵
  PID:5080
- C:\Windows\System\VcnAYtF.exe
  C:\Windows\System\VcnAYtF.exe
  2⤵
  PID:2952
- C:\Windows\System\RURsKRh.exe
  C:\Windows\System\RURsKRh.exe
  2⤵
  PID:8208
- C:\Windows\System\mJkBQfJ.exe
  C:\Windows\System\mJkBQfJ.exe
  2⤵
  PID:7232
- C:\Windows\System\JPPbqXO.exe
  C:\Windows\System\JPPbqXO.exe
  2⤵
  PID:2004
- C:\Windows\System\yxYsGAV.exe
  C:\Windows\System\yxYsGAV.exe
  2⤵
  PID:8324
- C:\Windows\System\xJvyqvQ.exe
  C:\Windows\System\xJvyqvQ.exe
  2⤵
  PID:8384
- C:\Windows\System\DNiqMwI.exe
  C:\Windows\System\DNiqMwI.exe
  2⤵
  PID:8272
- C:\Windows\System\ZrkuyEi.exe
  C:\Windows\System\ZrkuyEi.exe
  2⤵
  PID:8396
- C:\Windows\System\UtrFjmH.exe
  C:\Windows\System\UtrFjmH.exe
  2⤵
  PID:8560
- C:\Windows\System\QvwVoLf.exe
  C:\Windows\System\QvwVoLf.exe
  2⤵
  PID:8464
- C:\Windows\System\yRFcPzZ.exe
  C:\Windows\System\yRFcPzZ.exe
  2⤵
  PID:8540
- C:\Windows\System\mFEsrek.exe
  C:\Windows\System\mFEsrek.exe
  2⤵
  PID:8628
- C:\Windows\System\wgqUxtV.exe
  C:\Windows\System\wgqUxtV.exe
  2⤵
  PID:8736
- C:\Windows\System\CBRjApk.exe
  C:\Windows\System\CBRjApk.exe
  2⤵
  PID:8876
- C:\Windows\System\qagYWjj.exe
  C:\Windows\System\qagYWjj.exe
  2⤵
  PID:8956
- C:\Windows\System\pBMKggm.exe
  C:\Windows\System\pBMKggm.exe
  2⤵
  PID:9072
- C:\Windows\System\aGdVgZz.exe
  C:\Windows\System\aGdVgZz.exe
  2⤵
  PID:9144
- C:\Windows\System\mNYlqIE.exe
  C:\Windows\System\mNYlqIE.exe
  2⤵
  PID:8812
- C:\Windows\System\AilqhVN.exe
  C:\Windows\System\AilqhVN.exe
  2⤵
  PID:8924
- C:\Windows\System\IBRNbiB.exe
  C:\Windows\System\IBRNbiB.exe
  2⤵
  PID:8212
- C:\Windows\System\uMoLIiv.exe
  C:\Windows\System\uMoLIiv.exe
  2⤵
  PID:8804
- C:\Windows\System\UcXaChD.exe
  C:\Windows\System\UcXaChD.exe
  2⤵
  PID:8996
- C:\Windows\System\znMVfWC.exe
  C:\Windows\System\znMVfWC.exe
  2⤵
  PID:8740
- C:\Windows\System\rhcEEte.exe
  C:\Windows\System\rhcEEte.exe
  2⤵
  PID:8944
- C:\Windows\System\bhEeZOd.exe
  C:\Windows\System\bhEeZOd.exe
  2⤵
  PID:9128
- C:\Windows\System\FlPXZla.exe
  C:\Windows\System\FlPXZla.exe
  2⤵
  PID:2244
- C:\Windows\System\vrkxhoA.exe
  C:\Windows\System\vrkxhoA.exe
  2⤵
  PID:7804
- C:\Windows\System\kolfLOT.exe
  C:\Windows\System\kolfLOT.exe
  2⤵
  PID:9196
- C:\Windows\System\icvCrmL.exe
  C:\Windows\System\icvCrmL.exe
  2⤵
  PID:8660
- C:\Windows\System\fWPVQXA.exe
  C:\Windows\System\fWPVQXA.exe
  2⤵
  PID:9140
- C:\Windows\System\yEPZLny.exe
  C:\Windows\System\yEPZLny.exe
  2⤵
  PID:8640
- C:\Windows\System\vKEegRS.exe
  C:\Windows\System\vKEegRS.exe
  2⤵
  PID:9044
- C:\Windows\System\zBIweZg.exe
  C:\Windows\System\zBIweZg.exe
  2⤵
  PID:9116
- C:\Windows\System\zjapdcd.exe
  C:\Windows\System\zjapdcd.exe
  2⤵
  PID:8624
- C:\Windows\System\MzsIOIx.exe
  C:\Windows\System\MzsIOIx.exe
  2⤵
  PID:8400
- C:\Windows\System\KIqAbMc.exe
  C:\Windows\System\KIqAbMc.exe
  2⤵
  PID:8832
- C:\Windows\System\pvYLddT.exe
  C:\Windows\System\pvYLddT.exe
  2⤵
  PID:8848
- C:\Windows\System\eKTTQoy.exe
  C:\Windows\System\eKTTQoy.exe
  2⤵
  PID:8744
- C:\Windows\System\VwyPwDS.exe
  C:\Windows\System\VwyPwDS.exe
  2⤵
  PID:9120
- C:\Windows\System\gdDyfKG.exe
  C:\Windows\System\gdDyfKG.exe
  2⤵
  PID:8612
- C:\Windows\System\BSQtXnm.exe
  C:\Windows\System\BSQtXnm.exe
  2⤵
  PID:8444
- C:\Windows\System\XAlmzHI.exe
  C:\Windows\System\XAlmzHI.exe
  2⤵
  PID:9028
- C:\Windows\System\HRtssvq.exe
  C:\Windows\System\HRtssvq.exe
  2⤵
  PID:8256
- C:\Windows\System\kfnLXiV.exe
  C:\Windows\System\kfnLXiV.exe
  2⤵
  PID:9224
- C:\Windows\System\XyCMHCd.exe
  C:\Windows\System\XyCMHCd.exe
  2⤵
  PID:9240
- C:\Windows\System\rsiVXKe.exe
  C:\Windows\System\rsiVXKe.exe
  2⤵
  PID:9256
- C:\Windows\System\bjoRvZl.exe
  C:\Windows\System\bjoRvZl.exe
  2⤵
  PID:9272
- C:\Windows\System\USjmswk.exe
  C:\Windows\System\USjmswk.exe
  2⤵
  PID:9288
- C:\Windows\System\RxfHQCH.exe
  C:\Windows\System\RxfHQCH.exe
  2⤵
  PID:9308
- C:\Windows\System\tGKQaOG.exe
  C:\Windows\System\tGKQaOG.exe
  2⤵
  PID:9328
- C:\Windows\System\AbsZpBm.exe
  C:\Windows\System\AbsZpBm.exe
  2⤵
  PID:9352
- C:\Windows\System\zCQGfSZ.exe
  C:\Windows\System\zCQGfSZ.exe
  2⤵
  PID:9372
- C:\Windows\System\pRUhHRT.exe
  C:\Windows\System\pRUhHRT.exe
  2⤵
  PID:9392
- C:\Windows\System\ctrXyBD.exe
  C:\Windows\System\ctrXyBD.exe
  2⤵
  PID:9408
- C:\Windows\System\kDMWHuz.exe
  C:\Windows\System\kDMWHuz.exe
  2⤵
  PID:9424
- C:\Windows\System\DjqeVyV.exe
  C:\Windows\System\DjqeVyV.exe
  2⤵
  PID:9448
- C:\Windows\System\RKkFrjd.exe
  C:\Windows\System\RKkFrjd.exe
  2⤵
  PID:9468
- C:\Windows\System\yVhVSoa.exe
  C:\Windows\System\yVhVSoa.exe
  2⤵
  PID:9484
- C:\Windows\System\ywbrwwy.exe
  C:\Windows\System\ywbrwwy.exe
  2⤵
  PID:9500
- C:\Windows\System\IrEzaWL.exe
  C:\Windows\System\IrEzaWL.exe
  2⤵
  PID:9516
- C:\Windows\System\IxrxtJE.exe
  C:\Windows\System\IxrxtJE.exe
  2⤵
  PID:9532
- C:\Windows\System\tuKnkQz.exe
  C:\Windows\System\tuKnkQz.exe
  2⤵
  PID:9560
- C:\Windows\System\mZQSdiw.exe
  C:\Windows\System\mZQSdiw.exe
  2⤵
  PID:9576
- C:\Windows\System\raQUBwX.exe
  C:\Windows\System\raQUBwX.exe
  2⤵
  PID:9592
- C:\Windows\System\YbWosgS.exe
  C:\Windows\System\YbWosgS.exe
  2⤵
  PID:9608
- C:\Windows\System\oqNbTMX.exe
  C:\Windows\System\oqNbTMX.exe
  2⤵
  PID:9644
- C:\Windows\System\iKYLVSy.exe
  C:\Windows\System\iKYLVSy.exe
  2⤵
  PID:9680
- C:\Windows\System\PvgjoWi.exe
  C:\Windows\System\PvgjoWi.exe
  2⤵
  PID:9700
- C:\Windows\System\PcBFxkH.exe
  C:\Windows\System\PcBFxkH.exe
  2⤵
  PID:9724
- C:\Windows\System\ukwfgBS.exe
  C:\Windows\System\ukwfgBS.exe
  2⤵
  PID:9744
- C:\Windows\System\rxcUJXU.exe
  C:\Windows\System\rxcUJXU.exe
  2⤵
  PID:9764
- C:\Windows\System\CqhRHVt.exe
  C:\Windows\System\CqhRHVt.exe
  2⤵
  PID:9784
- C:\Windows\System\WYDgDRI.exe
  C:\Windows\System\WYDgDRI.exe
  2⤵
  PID:9804
- C:\Windows\System\SNNXHVH.exe
  C:\Windows\System\SNNXHVH.exe
  2⤵
  PID:9820
- C:\Windows\System\MaJaBeD.exe
  C:\Windows\System\MaJaBeD.exe
  2⤵
  PID:9844
- C:\Windows\System\FrZLLqG.exe
  C:\Windows\System\FrZLLqG.exe
  2⤵
  PID:9864
- C:\Windows\System\RwlJNBw.exe
  C:\Windows\System\RwlJNBw.exe
  2⤵
  PID:9884
- C:\Windows\System\DpFfpwn.exe
  C:\Windows\System\DpFfpwn.exe
  2⤵
  PID:9900
- C:\Windows\System\WQSJLzB.exe
  C:\Windows\System\WQSJLzB.exe
  2⤵
  PID:9916
- C:\Windows\System\IBvgDgL.exe
  C:\Windows\System\IBvgDgL.exe
  2⤵
  PID:9932
- C:\Windows\System\AaOSpQb.exe
  C:\Windows\System\AaOSpQb.exe
  2⤵
  PID:9948
- C:\Windows\System\VAbzDZt.exe
  C:\Windows\System\VAbzDZt.exe
  2⤵
  PID:9968
- C:\Windows\System\YXBeOve.exe
  C:\Windows\System\YXBeOve.exe
  2⤵
  PID:9988
- C:\Windows\System\qnNORFI.exe
  C:\Windows\System\qnNORFI.exe
  2⤵
  PID:10012
- C:\Windows\System\RizSXQP.exe
  C:\Windows\System\RizSXQP.exe
  2⤵
  PID:10032
- C:\Windows\System\dFSsrbI.exe
  C:\Windows\System\dFSsrbI.exe
  2⤵
  PID:10048
- C:\Windows\System\OrctoUV.exe
  C:\Windows\System\OrctoUV.exe
  2⤵
  PID:10064
- C:\Windows\System\HilIjjD.exe
  C:\Windows\System\HilIjjD.exe
  2⤵
  PID:10080
- C:\Windows\System\FPIKeia.exe
  C:\Windows\System\FPIKeia.exe
  2⤵
  PID:10096
- C:\Windows\System\QsospHX.exe
  C:\Windows\System\QsospHX.exe
  2⤵
  PID:10116
- C:\Windows\System\vTWtitR.exe
  C:\Windows\System\vTWtitR.exe
  2⤵
  PID:10140
- C:\Windows\System\iCwVqcw.exe
  C:\Windows\System\iCwVqcw.exe
  2⤵
  PID:10156
- C:\Windows\System\zMHpAIF.exe
  C:\Windows\System\zMHpAIF.exe
  2⤵
  PID:10172
- C:\Windows\System\ZBfeCcn.exe
  C:\Windows\System\ZBfeCcn.exe
  2⤵
  PID:10192
- C:\Windows\System\jxRTTKt.exe
  C:\Windows\System\jxRTTKt.exe
  2⤵
  PID:10212
- C:\Windows\System\aXrsnJr.exe
  C:\Windows\System\aXrsnJr.exe
  2⤵
  PID:10228
- C:\Windows\System\TxOHJLW.exe
  C:\Windows\System\TxOHJLW.exe
  2⤵
  PID:8364
- C:\Windows\System\IMDLIyH.exe
  C:\Windows\System\IMDLIyH.exe
  2⤵
  PID:9440
- C:\Windows\System\CyZOZzL.exe
  C:\Windows\System\CyZOZzL.exe
  2⤵
  PID:9476
- C:\Windows\System\NWqzLyI.exe
  C:\Windows\System\NWqzLyI.exe
  2⤵
  PID:9264
- C:\Windows\System\WrHhUPA.exe
  C:\Windows\System\WrHhUPA.exe
  2⤵
  PID:9588
- C:\Windows\System\NGDyfiQ.exe
  C:\Windows\System\NGDyfiQ.exe
  2⤵
  PID:9632
- C:\Windows\System\kMWYCHl.exe
  C:\Windows\System\kMWYCHl.exe
  2⤵
  PID:9464
- C:\Windows\System\jasMOGT.exe
  C:\Windows\System\jasMOGT.exe
  2⤵
  PID:9732
- C:\Windows\System\idaLeTG.exe
  C:\Windows\System\idaLeTG.exe
  2⤵
  PID:9336
- C:\Windows\System\cmMqjan.exe
  C:\Windows\System\cmMqjan.exe
  2⤵
  PID:9812
- C:\Windows\System\ovLiekj.exe
  C:\Windows\System\ovLiekj.exe
  2⤵
  PID:9852
- C:\Windows\System\ecGHmyi.exe
  C:\Windows\System\ecGHmyi.exe
  2⤵
  PID:9716
- C:\Windows\System\CwLISyF.exe
  C:\Windows\System\CwLISyF.exe
  2⤵
  PID:9344
- C:\Windows\System\XIHpkWo.exe
  C:\Windows\System\XIHpkWo.exe
  2⤵
  PID:9416
- C:\Windows\System\fmhbiMb.exe
  C:\Windows\System\fmhbiMb.exe
  2⤵
  PID:9924
- C:\Windows\System\eewSbBM.exe
  C:\Windows\System\eewSbBM.exe
  2⤵
  PID:9964
- C:\Windows\System\wfEyOsI.exe
  C:\Windows\System\wfEyOsI.exe
  2⤵
  PID:9600
- C:\Windows\System\miJVdbs.exe
  C:\Windows\System\miJVdbs.exe
  2⤵
  PID:10076
- C:\Windows\System\GKplluc.exe
  C:\Windows\System\GKplluc.exe
  2⤵
  PID:10112
- C:\Windows\System\qKzZnkZ.exe
  C:\Windows\System\qKzZnkZ.exe
  2⤵
  PID:10180
- C:\Windows\System\NQmVeBT.exe
  C:\Windows\System\NQmVeBT.exe
  2⤵
  PID:9220
- C:\Windows\System\urCaRHR.exe
  C:\Windows\System\urCaRHR.exe
  2⤵
  PID:9840
- C:\Windows\System\BvxTbBw.exe
  C:\Windows\System\BvxTbBw.exe
  2⤵
  PID:9752
- C:\Windows\System\gHgtrbX.exe
  C:\Windows\System\gHgtrbX.exe
  2⤵
  PID:9760
- C:\Windows\System\yntxODZ.exe
  C:\Windows\System\yntxODZ.exe
  2⤵
  PID:9656
- C:\Windows\System\UlIcLDm.exe
  C:\Windows\System\UlIcLDm.exe
  2⤵
  PID:9980
- C:\Windows\System\GlrPPuO.exe
  C:\Windows\System\GlrPPuO.exe
  2⤵
  PID:10236
- C:\Windows\System\RBlelRm.exe
  C:\Windows\System\RBlelRm.exe
  2⤵
  PID:10024
- C:\Windows\System\fkOYMLQ.exe
  C:\Windows\System\fkOYMLQ.exe
  2⤵
  PID:10128
- C:\Windows\System\dMvweBV.exe
  C:\Windows\System\dMvweBV.exe
  2⤵
  PID:10168
- C:\Windows\System\cQCayrz.exe
  C:\Windows\System\cQCayrz.exe
  2⤵
  PID:9432
- C:\Windows\System\iQKHSar.exe
  C:\Windows\System\iQKHSar.exe
  2⤵
  PID:9540
- C:\Windows\System\NsrpUAI.exe
  C:\Windows\System\NsrpUAI.exe
  2⤵
  PID:9364
- C:\Windows\System\rxeNJGX.exe
  C:\Windows\System\rxeNJGX.exe
  2⤵
  PID:8288
- C:\Windows\System\avOnvkx.exe
  C:\Windows\System\avOnvkx.exe
  2⤵
  PID:9444
- C:\Windows\System\TvMIvnn.exe
  C:\Windows\System\TvMIvnn.exe
  2⤵
  PID:9460
- C:\Windows\System\rsztNHr.exe
  C:\Windows\System\rsztNHr.exe
  2⤵
  PID:9300
- C:\Windows\System\CCPNlNl.exe
  C:\Windows\System\CCPNlNl.exe
  2⤵
  PID:9860
- C:\Windows\System\JwxtLEy.exe
  C:\Windows\System\JwxtLEy.exe
  2⤵
  PID:9956
- C:\Windows\System\PqFCFNT.exe
  C:\Windows\System\PqFCFNT.exe
  2⤵
  PID:10072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\Bgduowb.exe

Filesize
6.0MB

MD5
0fc2072e1a987c8d1d0a1e29df1f7d85

SHA1
cca955011b7ff6fb6fe51e35066940cd1a537e35

SHA256
5876c84344e652a1cd4ae330d5fd3e051c16e3c52e299af90f7d4371c8482752

SHA512
cbe83d311050e6baef3d02f106f942dd884c8541cfcada802311da341377ea8a3ca86a02c2727c2d985dc1e08e97db3665776fd8f646949c9acf1f231e543aa4

Download Submit
C:\Windows\system\ChoLDya.exe

Filesize
6.0MB

MD5
80b93af1ea2c4faedc8f9b09a8298078

SHA1
9774ad33a067c25378a0de5b118710d04f9cdebc

SHA256
5c698940f29ab280e0ff66e516abb9f2868897522d37f17f61e58d4d9c46d169

SHA512
ee2d11afae89b9c5b2bd4241925804d87bfc79530f92801aabdba8f93ccaefb13082cafad03e64d95c6ff0c3de6ef6d8037a71321fe49d092550ba88fe666e9d

Download Submit
C:\Windows\system\CzRUEhR.exe

Filesize
6.0MB

MD5
af96321d2c1f09903e43de65673e13d1

SHA1
0fcab0fcf30699f266e79d9b73bb3965c8aa0b2b

SHA256
9b9268de1e33709c58ebc6b4c18a8f22def719c48213ade93a89296dc33102fa

SHA512
cf980b3ff3666f04352f45d9aee67cedfaffe4955f7f0a0574e88012513c2045d216046c90b06edb941e31825beb60c4df1bf117351e4588cb646ed31e5c38d5

Download Submit
C:\Windows\system\FajZKzI.exe

Filesize
6.0MB

MD5
274d729ade39605277926d076a9ca516

SHA1
ffd7aad307b60bf545d5f000c5192b580245d2ce

SHA256
adf6ff95d7ee6504e3e106dcf1560979fc3477e30f476b9ae3c41d9b7c13ee97

SHA512
dbf4daf069aee6cba008102205f323db4118f0cb5b8958c0cc8d6c56a2fc8b70b945068fed6caff2f8ec59079253ba18890a741ce814c2225705e83e033ab067

Download Submit
C:\Windows\system\HzPQvlP.exe

Filesize
6.0MB

MD5
f83c7570be1329523dbb81a99792cb4e

SHA1
6fc8d7ba4f7d71f0d7f846f19e54ac66f5b56e77

SHA256
625576d42df241c414a698a49fb624c715b7347d22c767978e529be488d4fc56

SHA512
633318ac34fc8923e94459361c773533a9963d4835ccdb6f8a7de0f99708a0b1c12bfe64d0de8083350b1f7719fd49744b2baca05c4b4e50d9a23fed7275bb7c

Download Submit
C:\Windows\system\ObcajPJ.exe

Filesize
6.0MB

MD5
3b4910380a924ad2c92c0f5db40c2a2e

SHA1
ab1560bf86cd086bb4ba8334b9e21ad99b772873

SHA256
fe77b0414d2a227c1d1f9f667fc7e609f7b1cdf262525175d91bf135623739a2

SHA512
088e13c77255b79c225552640c2caf5be85e7840af73fdd7408393e5e5a8319d876719b7c2b1315e2bbcd61faa3100656a63db87327c6ae7b50559cce90cb614

Download Submit
C:\Windows\system\UJiWCwJ.exe

Filesize
6.0MB

MD5
49b2704ff1619dd942defc17a15a4970

SHA1
cbbbf5345427a2f8460d44f1a08be2ad589f8d7e

SHA256
d2c7c4082e32e61a39071c2b37a7894031d94519a3baf472f12d29eed1ce702d

SHA512
a1607d08b7e70ac19e42152bad82e72cea71904b64e954a71e41f60f8ae4823d5ae5071b3c7eabc27e8f8d161ecbc50050d11b0e4876bec9f7ca7d766b48ef47

Download Submit
C:\Windows\system\UUzTNbM.exe

Filesize
6.0MB

MD5
8f35db8417b8c9ff1433f1b279d43f31

SHA1
4c96d9a7f95822474e39fba6d1c80e431d9fa801

SHA256
98b5902fdf08f339cbc05f6d0349c4b3a3dbd2559ef5badc490fa95efa3f2335

SHA512
da92e802b3b96f99a338848638fd254c0f51b06d59683bb1833fd3438d7e7312f015766c954b2822199f7eed679a22d43b11ce0e059daac43f1885017e07a4e9

Download Submit
C:\Windows\system\WGCpBkB.exe

Filesize
6.0MB

MD5
e591ce9bbc0558eb7e93795d5eb5b667

SHA1
11e60c6e8764adeb6e3c9aad7e4216cea14cc657

SHA256
627b451606d64adedbbd9b0d5e807a9aaf7301e2ff8e8e6802762131f0027314

SHA512
c880fd23ae3231f20078dda91e35064e99ccd48cab88adc4216b72cd71470ff658f5c4de5f001dad42f90626cae5599bfcbac059dc07765f5bf7d8157a934786

Download Submit
C:\Windows\system\XPyXtcg.exe

Filesize
6.0MB

MD5
b856b80bac921e66d756a3d082916826

SHA1
7555087531e8329b71d189deca3d4f820f1c8227

SHA256
87efa21591fcc22fc2df1dc603e5e43317550356f92e4b1d0216be09af73d6f6

SHA512
e2b06bf257eb954ce22db08c2959d33241d0b116ad35ba075614c5b0b24b49dc630ac2f66db98817f79d0104764348dff106bc70e5dc2d382db90aff67f3bd1e

Download Submit
C:\Windows\system\aKQCXxt.exe

Filesize
6.0MB

MD5
aa82c69f396100dc644cc8036403bee6

SHA1
cbf9c9ac8e4c43f37380e5c592a360e653970911

SHA256
25fb6829a173a619a7c3449e34d231954abdce9b483873d4ac85f2b2d40a75b2

SHA512
624691a63ced46356c54a790b2a732c5d1a24b0fdfc7ab43f7a2a7adc732ba1231174ea8fc4bd540004198adfb53ba3019aa7428e7639abed4d34b636dcfe9bf

Download Submit
C:\Windows\system\elTdjEB.exe

Filesize
6.0MB

MD5
dbaadc696b8d84bcaff509171b7a1c54

SHA1
862064ff204c312cd2f3a8d7c3299285ef562002

SHA256
654e33c1fa5732e3a7ec31dcfbb1b28fd40e371f78f39e97f66b1a483ffa4bf1

SHA512
bef6baed66531c9e580761a6eab7fae3eeb3a299f1fc3c7a018e80a5357a3ddb26f47df01ff460e0cbca804fabb6f259d553bf8a667184699dae2e078ad1a8d6

Download Submit
C:\Windows\system\fFkLxsO.exe

Filesize
6.0MB

MD5
ccf4ef9a9f71c69d816df3e722b360a5

SHA1
3d560f879204ba18f78901940546af5abf80b455

SHA256
74367a1627a47321f619394e069e091cae0fe63ea42952ba7708b28a30f0460d

SHA512
d7cb78a6635f394db5f958ba3322e7eedc164475e9b236662dd1741e02fee9fa81ca58c7f14e640a8dec13db4e4bb4e99344da11091449c55e2d083388252f6c

Download Submit
C:\Windows\system\fIsvlNG.exe

Filesize
6.0MB

MD5
d529745f716380385d7abfa8c27f4572

SHA1
6b023df58cab3bad772c6e707351b5e607da6731

SHA256
f90dc8ea3d101579facb57a1a45e7da6e4e1329531eb8968e7e2213ecacd4aeb

SHA512
78e3b28113be20f1f855aa3399d8f92943d2ca8c0c114097a7881a9b71ca2f94e1c8c4b3d01b5f384ec1b1949fa586408d0ff3169cc9ee1c1374f67d8eed88ff

Download Submit
C:\Windows\system\hKRLvfy.exe

Filesize
6.0MB

MD5
6f7b3eb1843cbb4c01a47d30ae83a09b

SHA1
cfdbd10a1f371d6af34f606c32584f7cfd3e12e6

SHA256
31638b8905f4de677f7165b1adb52e884abed516e65f6531511edfc873e61ec0

SHA512
5895475f0d2cb4742208d4efcb402b6724e827c3e4257141891d02530508071efc861d25a5edf2951c7d4a6640fa17363e61363849ebad650d0e369a6a62c3b3

Download Submit
C:\Windows\system\nFywLPm.exe

Filesize
6.0MB

MD5
368e5529ac553531fb0d428b848b6d05

SHA1
60b6e49838c24a20538496c45e00cf67ed92111f

SHA256
5e7001bd31e87206e6c09f989eafd607361e7ff704a1618cafe0d7a7c999401e

SHA512
ce05bcde4b9d28285f6b619568b563f0cac8929ca4cd75a9e4c7cd8de7fdbbcc10f88c6e1ada529a08a597edbd9e6efbf7363ccfb5b411c6261e4580c8e799ce

Download Submit
C:\Windows\system\qAXpraK.exe

Filesize
6.0MB

MD5
8633d09fb25c52e793948209d0fb6d89

SHA1
1c0a28a34873350c106d1f4df7a8752160e64c90

SHA256
6f95c2e5ae6e6000fb54f9b24eddb7b8ac842326e3c4f32cbbf2ab01d19af079

SHA512
6ab7c36d5ad46e9b83299f3b5597c9040903b18f901fd374d1a9346d85ce89a60912f38d1b3ab5aac8c149ecd189b89a398bed54ac159c912f7cdfe315fb7eb6

Download Submit
C:\Windows\system\qcDkIbp.exe

Filesize
6.0MB

MD5
16acecd295ebf38ba2cf3fb9abbce80e

SHA1
7f0f753724801a395b72b98b76dfe08c5d85b128

SHA256
46f64619916cff8770dde19cc7d491f6903864a2293654379791b5df11fa84ac

SHA512
3f6c6052b60c7106cf4077d8fd69b3d5bd54dd136e69bdbaf856db23ee684c5d3b609328f2bd5703436636985cea0c5ac08aed60d977890fae2d24d59db51b0a

Download Submit
C:\Windows\system\rmJQiPE.exe

Filesize
6.0MB

MD5
f36ac9ba1dd6e63b61e87f1ddcaae6de

SHA1
749f6ac31166136f55583088a8f96e3cf9ceb55d

SHA256
42064f9c39da51563bfe67a0ee024dfb870c3a9cb2581925ec6f21e7805c6c4d

SHA512
6fa617de3756422f38d2c45b7220e52ccfa87355f70c800b75f8d95142f127cd6d9bba6c81e8d88e4f986ef25bceeabfe0c93eb09ca907735bc43e3899cc054c

Download Submit
C:\Windows\system\tSdDtMq.exe

Filesize
6.0MB

MD5
2deba8e95527ee16476dc676f28e0fef

SHA1
7e325e60b2dba6760f2e3fc86c3315648c01c518

SHA256
efdad336cc227522566008656017f7ce6ca9ce3369f63df71b1461186dfad734

SHA512
231e79cb02cb0fc97340e8c57a93694833977de71aa152a3e861884f678c1085273d00560e86a426ddb6a7c016fe17a052b406a940f83050229ccb1703a66bf7

Download Submit
C:\Windows\system\tnTYcGj.exe

Filesize
6.0MB

MD5
68f4e09b543cd44f81b734d2f0057cb5

SHA1
ad0efba454322a9fa1368656df7269f5dcb89362

SHA256
7ad35f8bf0aeadcf284cbc2c1c33664a02773c632c50f14515c28f6fa8782e60

SHA512
c48b695a96fd4ba9c57b494cf28681a1c71dbe82199901cf6d9c38e4045cff125cee19cb555b76b9181f6fada8ff4251446ef30ec2a1bfbc41bf667682c93c04

Download Submit
C:\Windows\system\txkNZCS.exe

Filesize
6.0MB

MD5
389684ad91c1c74adac1bad8058ded7e

SHA1
dfd2c0bb25911dfb4a73a74e45ff7197b6fc64b7

SHA256
ddd2e365cdbf3e48e8027b18662b6fc9421982ed3e0b5ebf55bf70875a177640

SHA512
fe7affdcab91e4ef642b94d5c3a8d71b04683181c0deab12493e37e5186d778c49b1c8b826c8009f51948c84459b79a36177a1d78e7245559cb5689fb7996f2b

Download Submit
C:\Windows\system\uHwVnoE.exe

Filesize
6.0MB

MD5
e46e6038bdfaeda65e2b3e173db4ad44

SHA1
f306f7eb19937c84d82ae6f87e3a511ba814adff

SHA256
d0d9e1230d26b9f3b64f3c52ecc41dd4aae38d0e74a4e612cf0c4ce4d15dab0b

SHA512
393b2c686635e4c20168ebd66ddca21ffdaa2cde4ee4a3b34f07a6480a6ddc39c676b42132b879a2ceca2dab3736804a388564d3805731d3bab3c7f76b15145c

Download Submit
C:\Windows\system\uTChpfj.exe

Filesize
6.0MB

MD5
e26bdbfb359bb4ad59fdc2b6a6c082e7

SHA1
eac8bf16d9ae71b36ed66e94daf9bb9cf9df3d26

SHA256
7465a4bfa5d3c73fbd08d4f860dbcd1d7794f942e94001b61e82770e486a79d7

SHA512
fb9425f470bc658d792b6f607285e565e7650c48ee9956c0dbb2be1f21394bb5b53a0ed38797e80f5d7829ae57f16ea7454f05a2cc5cc726180efbddc9e61516

Download Submit
\Windows\system\AnuGkgK.exe

Filesize
6.0MB

MD5
850abb4a953f6c9327657d5eba7f8cbd

SHA1
93b7c1e6ccf64c92b808dbaad59f3f33095033a3

SHA256
856a15952199f9d7e7de3fb7e63a1739b6fe754d027a528b3403b7130eacc852

SHA512
9634e5b1637a6e7e1a62f93ca818e3b5ab0e31e1b2a8d4ed9d07805f3f70040b59bd605c93f8d8c34c14f4b77045cef66b89701b6e363353862c64568bb282f1

Download Submit
\Windows\system\EHvHiXY.exe

Filesize
6.0MB

MD5
5306dee7d650571e133015f4525e3ff3

SHA1
7b114441bd31c3320cefe42908c2a41849672a35

SHA256
aed78356e22838732c7b1cf739531411b14d5d956d2672922f2d71d1da5a8aa3

SHA512
9bf710017c754001c6fc4674f6aeda872fe5bd69e76dc8af7ad55fa25680a618b7784dadb68f26be7205c825c94d1f1b1ed29962e7a26881112c0a3194d00edc

Download Submit
\Windows\system\JsGowVY.exe

Filesize
6.0MB

MD5
1bee38d9fd16b0feb3a96af779bbe3e8

SHA1
595521f54fe33bda1ab3a449545f42af64059cd0

SHA256
20f53762f82117acfc5ce7c3852ab8958a0ae0982a1173efd6266ce997c81a72

SHA512
20cc1ff2014cb900aef0fd55b4b15391fe92579a696fd7d25c24969a26d1070c3db72b943f51e4fdb5018d5b049f51fd00a1ca1f950a3e9de1eb8e78ac849d35

Download Submit
\Windows\system\LKMKxpU.exe

Filesize
6.0MB

MD5
add951b6cff571a43dafbb9d6d827e4b

SHA1
a2b12ed31b025d5eca523d0f568166d54e6f1350

SHA256
6dec011dfc58f9ca40e872ebf0c73e9d86282c7954aba8e054748e89cd125f13

SHA512
78ca30f0c44e7a2965cff0082d62287954c135ecac63aad56150e08e85fb1e2589e24b8e788be02517d60765b8a3c329ab5aa69d201fd0f85202e585b9cdf58d

Download Submit
\Windows\system\QqDrOnv.exe

Filesize
6.0MB

MD5
6f8100f06961b69c301287fe147a6ab8

SHA1
540600bfce17fa0e95032a24eb5144194a2dfade

SHA256
7cc423995fe9ad11399551de1aa30a456e5464807aefba0236f09f4a1da44fd5

SHA512
8e8c9a9d477f7724b4203764068c8d5154723ef1bff2afaca98774abd776d348118097cb06b8c54b510faf3d5b4e907fbb98b7e6c3baefd8593b470ca15a4ad8

Download Submit
\Windows\system\RqrmNFw.exe

Filesize
6.0MB

MD5
97982285d8ae76aadacc64d8ca24efd6

SHA1
5663be7f4006a4b4fc42ae5c15aa502f1a87350e

SHA256
8c95049bc610885dcdd0ffbe8f87aaabcf2b1ca36a236e100250abe8053a4589

SHA512
33691198c5acdd5e0e03ac0ff2c7453cb1ebdcdc3ddb28482b416afde4317134b56f8e5e5a7a94dab4563f996bb1f5b2242a96ee6e12b76ed241e4c757c74b11

Download Submit
\Windows\system\fTSXtyI.exe

Filesize
6.0MB

MD5
916502a1b4b966d21378084ea628fb45

SHA1
543ebe4253c8a48bc29ec6960a4e09f4bbbf2bda

SHA256
8e5d99e9572d3230a1c03213ba68c26876709d03031b8a219f2210d3b62b101e

SHA512
32ba36bcb93282194b8264a5b04ef371437078305a57f61fac63848fd2f3a3f2c2c77d425a51225ea04a9a5baec3c31e290c5e4b5461bf33e399a48b20e5b587

Download Submit
\Windows\system\yObVIYP.exe

Filesize
6.0MB

MD5
d75a3dbea1f6826e181a353321233f3d

SHA1
f7787b8ab8f7efad24c0847bcf319cc156428c9c

SHA256
f703b0851d4361919856ff4f1d11d238d619b1aa0c327f8f98158ed2327bdd8f

SHA512
7d0e9ee4eb72a319750be0ad86ccca039bee5f2bdebda450363b3200a6d6b769ca10094bc685d36a203776882ac146e2d7001671f472545c9a9b7032ddee571c

Download Submit
\Windows\system\ymtBIvR.exe

Filesize
6.0MB

MD5
762147e594bccf91c1f698c6f54e08ab

SHA1
895ef2b130e3ac02e78f59f6935543fd848c3476

SHA256
d98247ee1f0eac9af7b2a687ce57485bdcd56cacdefff44b46539160fdb6b4bb

SHA512
9581c5180de07f53b29e663ad3245c3ec31ccd7f188743a0fafcdaf486681bbf77c8be68c1ce28e7df57ea4a2f8b7e2c9905ad887370f30bae06a90b6fb2105c

Download Submit
memory/480-4005-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/480-36-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1268-4004-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1268-29-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1732-111-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1732-84-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-1804-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1732-931-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1732-1640-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1732-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1732-0-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1732-61-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/1732-41-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1732-1635-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1732-34-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1732-1124-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1732-19-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1732-117-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1732-116-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1732-115-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1732-114-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-54-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1732-112-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1732-1639-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1732-109-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1732-74-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1732-26-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1732-1490-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1732-28-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/1732-663-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2412-27-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-4001-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-4002-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2516-23-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2620-4010-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2620-82-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1306-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2628-1305-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2628-60-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4008-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2752-48-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4006-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-934-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-42-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-664-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4007-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-4003-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2836-25-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1122-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-59-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4009-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-4011-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2920-113-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download