cobaltstrike | ff5578bc3a9354b5f880d7175f4db56db4043a4b2592b62820eec44eb16731db

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

54e24de675a4f4a882f48ed26f48a53c
SHA1

23023e1d6423b0b553ad3786182797c3f939ec15
SHA256

ff5578bc3a9354b5f880d7175f4db56db4043a4b2592b62820eec44eb16731db
SHA512

16d01bd5f7b224cda53b2c3fba7f9f1def9970d07cd6c84f13d69959846beed7b5c3554494c599082e4eb676090f9f27033d53dbe97075929bfd167485f91ca5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUP:T+q56utgpPF8u/7P

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d75-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d7f-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e25-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e47-31.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000015d5c-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f1b-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f2a-54.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160ae-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-191.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-92.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162b8-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-78.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2624-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-3.dat	xmrig
behavioral1/memory/2624-6-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2568-8-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d75-9.dat	xmrig
behavioral1/memory/2892-14-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d7f-11.dat	xmrig
behavioral1/files/0x0007000000015e25-22.dat	xmrig
behavioral1/memory/2516-21-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2628-28-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2624-32-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015e47-31.dat	xmrig
behavioral1/memory/1796-38-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0034000000015d5c-39.dat	xmrig
behavioral1/memory/2568-42-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/780-45-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f1b-49.dat	xmrig
behavioral1/memory/1500-53-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2624-52-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2892-50-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f2a-54.dat	xmrig
behavioral1/files/0x00080000000160ae-58.dat	xmrig
behavioral1/memory/2272-82-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2624-84-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001920f-87.dat	xmrig
behavioral1/memory/2560-89-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019241-97.dat	xmrig
behavioral1/memory/2824-100-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x00050000000193af-146.dat	xmrig
behavioral1/files/0x00050000000193fa-161.dat	xmrig
behavioral1/files/0x0005000000019494-171.dat	xmrig
behavioral1/memory/1984-883-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2624-1234-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2824-1119-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2560-710-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2624-341-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2624-224-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x00050000000194da-191.dat	xmrig
behavioral1/files/0x00050000000194d4-186.dat	xmrig
behavioral1/files/0x00050000000194b4-181.dat	xmrig
behavioral1/files/0x00050000000194a7-176.dat	xmrig
behavioral1/files/0x0005000000019408-165.dat	xmrig
behavioral1/files/0x00050000000193f8-157.dat	xmrig
behavioral1/files/0x00050000000193c9-151.dat	xmrig
behavioral1/files/0x00050000000193a2-141.dat	xmrig
behavioral1/files/0x0005000000019384-136.dat	xmrig
behavioral1/files/0x0005000000019346-131.dat	xmrig
behavioral1/files/0x000500000001933e-126.dat	xmrig
behavioral1/files/0x000500000001932a-121.dat	xmrig
behavioral1/files/0x00050000000192f0-116.dat	xmrig
behavioral1/files/0x0005000000019273-111.dat	xmrig
behavioral1/files/0x000500000001925c-106.dat	xmrig
behavioral1/memory/780-104-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1984-93-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0005000000019234-92.dat	xmrig
behavioral1/files/0x00070000000162b8-69.dat	xmrig
behavioral1/memory/2628-88-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2596-86-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2828-83-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2148-80-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019228-78.dat	xmrig
behavioral1/memory/2516-61-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2892-3831-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2568-3832-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2568	RGONrrA.exe
2892	WojfkCI.exe
2516	rLkXVjl.exe
2628	bggafUH.exe
1796	cSaZoyL.exe
780	hRBJysE.exe
1500	xMFgDAG.exe
2828	jHbalDe.exe
2148	WfiZBwW.exe
2272	uNeqZxg.exe
2596	bjhDiEV.exe
2560	fnCviEZ.exe
1984	YuQoorS.exe
2824	iYgDWfh.exe
2940	RXFEbGI.exe
1332	jUwpGGG.exe
2056	GZIXTiR.exe
1508	rhrsKkj.exe
1260	zAcmQSg.exe
856	XgyTwWi.exe
1700	xLlqQeK.exe
2360	qKJlGjD.exe
2512	WgoioWg.exe
3016	fFzCMDo.exe
2412	FjCeFzP.exe
1932	bXjtDIH.exe
1484	RtbJlkS.exe
2472	ZOyGKIl.exe
996	WYWkuYm.exe
1144	svNyXOr.exe
1300	CMCEVjT.exe
2372	RvfoVeb.exe
1632	glgoxME.exe
2144	TsxBpKH.exe
1720	FfCuDFL.exe
1364	rXKREnq.exe
1652	DRCFZVV.exe
2428	lqyKspa.exe
772	fiYecVL.exe
960	qDwYmcZ.exe
1660	GvVPamE.exe
868	BnLKvEs.exe
2564	JqnCfMV.exe
2072	ihvNnjL.exe
2180	QLnedmz.exe
992	AcUxAUD.exe
2224	DWHlgWu.exe
1748	TMcZMSG.exe
916	nhICRVw.exe
1012	kTjRiBh.exe
1840	ScbNWlO.exe
2440	OyEbKSl.exe
2536	zoCUBFs.exe
2848	DhxyJnw.exe
2908	xUoEwSL.exe
2644	DjWrEgi.exe
2672	oSkxiti.exe
3044	EpTcVyU.exe
2616	LaEpmqH.exe
600	CsomYBm.exe
2752	TEwNyTe.exe
1764	bOWxcaL.exe
484	NZSlfVg.exe
1084	gJACrGT.exe

Loads dropped DLL 64 IoCs

pid	Process
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2624-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-3.dat	upx
behavioral1/memory/2624-6-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2568-8-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0008000000015d75-9.dat	upx
behavioral1/memory/2892-14-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0008000000015d7f-11.dat	upx
behavioral1/files/0x0007000000015e25-22.dat	upx
behavioral1/memory/2516-21-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2628-28-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2624-32-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x0007000000015e47-31.dat	upx
behavioral1/memory/1796-38-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0034000000015d5c-39.dat	upx
behavioral1/memory/2568-42-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/780-45-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x0007000000015f1b-49.dat	upx
behavioral1/memory/1500-53-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2892-50-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0007000000015f2a-54.dat	upx
behavioral1/files/0x00080000000160ae-58.dat	upx
behavioral1/memory/2272-82-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x000500000001920f-87.dat	upx
behavioral1/memory/2560-89-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0005000000019241-97.dat	upx
behavioral1/memory/2824-100-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x00050000000193af-146.dat	upx
behavioral1/files/0x00050000000193fa-161.dat	upx
behavioral1/files/0x0005000000019494-171.dat	upx
behavioral1/memory/1984-883-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2824-1119-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2560-710-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x00050000000194da-191.dat	upx
behavioral1/files/0x00050000000194d4-186.dat	upx
behavioral1/files/0x00050000000194b4-181.dat	upx
behavioral1/files/0x00050000000194a7-176.dat	upx
behavioral1/files/0x0005000000019408-165.dat	upx
behavioral1/files/0x00050000000193f8-157.dat	upx
behavioral1/files/0x00050000000193c9-151.dat	upx
behavioral1/files/0x00050000000193a2-141.dat	upx
behavioral1/files/0x0005000000019384-136.dat	upx
behavioral1/files/0x0005000000019346-131.dat	upx
behavioral1/files/0x000500000001933e-126.dat	upx
behavioral1/files/0x000500000001932a-121.dat	upx
behavioral1/files/0x00050000000192f0-116.dat	upx
behavioral1/files/0x0005000000019273-111.dat	upx
behavioral1/files/0x000500000001925c-106.dat	upx
behavioral1/memory/780-104-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1984-93-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0005000000019234-92.dat	upx
behavioral1/files/0x00070000000162b8-69.dat	upx
behavioral1/memory/2628-88-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2596-86-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2828-83-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2148-80-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0005000000019228-78.dat	upx
behavioral1/memory/2516-61-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2892-3831-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2568-3832-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2516-3833-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/1796-4007-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/780-4014-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1500-4015-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2828-4016-0x000000013F340000-0x000000013F694000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ehJsllj.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzIoBFC.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyCxRPI.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jQzxQlO.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLjiZqf.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPtECas.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quPFDxC.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCeiMkb.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlkSVgm.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttLoZyB.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLtHOEU.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeMYNui.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DnYLcFB.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fllTNCe.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtHDUok.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHHcpCK.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MnaYpYV.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEkIBeY.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLNPjCo.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERZAOAI.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OeNrmiQ.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBTgPWa.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqBVwCd.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VcwnlUs.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVCEHqB.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDezgcP.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpoLXIP.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTPpjTi.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPRbkXm.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\coffkwH.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\poZGLXL.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RrdcUMO.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxBdJai.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKSKloV.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpYDVFy.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utYPNNB.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LlgYlAp.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhVzTeq.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOwlqXc.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJIHAfz.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYeuzef.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIeubHV.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INObdbf.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rorVWei.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odaZKJW.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGPUTeR.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdtJvkq.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TsxBpKH.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mShwzHv.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOiNgJB.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILdjtBB.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXJscXn.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bwDPFQY.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkAqjTX.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjwsfdM.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUSNRrV.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cSaZoyL.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfhnkBA.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ieznuko.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJjUFBq.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuMAuMc.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYzMCXr.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrtQkuL.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jznrFXe.exe	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2568	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2624 wrote to memory of 2568	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2624 wrote to memory of 2568	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2624 wrote to memory of 2892	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2624 wrote to memory of 2892	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2624 wrote to memory of 2892	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2624 wrote to memory of 2516	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2624 wrote to memory of 2516	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2624 wrote to memory of 2516	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2624 wrote to memory of 2628	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2624 wrote to memory of 2628	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2624 wrote to memory of 2628	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2624 wrote to memory of 1796	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2624 wrote to memory of 1796	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2624 wrote to memory of 1796	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2624 wrote to memory of 780	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2624 wrote to memory of 780	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2624 wrote to memory of 780	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2624 wrote to memory of 1500	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2624 wrote to memory of 1500	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2624 wrote to memory of 1500	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2624 wrote to memory of 2828	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2624 wrote to memory of 2828	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2624 wrote to memory of 2828	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2624 wrote to memory of 2272	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2624 wrote to memory of 2272	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2624 wrote to memory of 2272	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2624 wrote to memory of 2148	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2624 wrote to memory of 2148	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2624 wrote to memory of 2148	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2624 wrote to memory of 2560	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2624 wrote to memory of 2560	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2624 wrote to memory of 2560	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2624 wrote to memory of 2596	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2624 wrote to memory of 2596	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2624 wrote to memory of 2596	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2624 wrote to memory of 1984	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2624 wrote to memory of 1984	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2624 wrote to memory of 1984	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2624 wrote to memory of 2824	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2624 wrote to memory of 2824	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2624 wrote to memory of 2824	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2624 wrote to memory of 2940	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2624 wrote to memory of 2940	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2624 wrote to memory of 2940	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2624 wrote to memory of 1332	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2624 wrote to memory of 1332	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2624 wrote to memory of 1332	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2624 wrote to memory of 2056	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2624 wrote to memory of 2056	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2624 wrote to memory of 2056	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2624 wrote to memory of 1508	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2624 wrote to memory of 1508	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2624 wrote to memory of 1508	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2624 wrote to memory of 1260	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2624 wrote to memory of 1260	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2624 wrote to memory of 1260	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2624 wrote to memory of 856	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2624 wrote to memory of 856	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2624 wrote to memory of 856	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2624 wrote to memory of 1700	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2624 wrote to memory of 1700	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2624 wrote to memory of 1700	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2624 wrote to memory of 2360	2624	2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_54e24de675a4f4a882f48ed26f48a53c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Windows\System\RGONrrA.exe
  C:\Windows\System\RGONrrA.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\WojfkCI.exe
  C:\Windows\System\WojfkCI.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\rLkXVjl.exe
  C:\Windows\System\rLkXVjl.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\bggafUH.exe
  C:\Windows\System\bggafUH.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\cSaZoyL.exe
  C:\Windows\System\cSaZoyL.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\hRBJysE.exe
  C:\Windows\System\hRBJysE.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\xMFgDAG.exe
  C:\Windows\System\xMFgDAG.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\jHbalDe.exe
  C:\Windows\System\jHbalDe.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\uNeqZxg.exe
  C:\Windows\System\uNeqZxg.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\WfiZBwW.exe
  C:\Windows\System\WfiZBwW.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\fnCviEZ.exe
  C:\Windows\System\fnCviEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\bjhDiEV.exe
  C:\Windows\System\bjhDiEV.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\YuQoorS.exe
  C:\Windows\System\YuQoorS.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\iYgDWfh.exe
  C:\Windows\System\iYgDWfh.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\RXFEbGI.exe
  C:\Windows\System\RXFEbGI.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\jUwpGGG.exe
  C:\Windows\System\jUwpGGG.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\GZIXTiR.exe
  C:\Windows\System\GZIXTiR.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\rhrsKkj.exe
  C:\Windows\System\rhrsKkj.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\zAcmQSg.exe
  C:\Windows\System\zAcmQSg.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\XgyTwWi.exe
  C:\Windows\System\XgyTwWi.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\xLlqQeK.exe
  C:\Windows\System\xLlqQeK.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\qKJlGjD.exe
  C:\Windows\System\qKJlGjD.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\WgoioWg.exe
  C:\Windows\System\WgoioWg.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\fFzCMDo.exe
  C:\Windows\System\fFzCMDo.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\FjCeFzP.exe
  C:\Windows\System\FjCeFzP.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\bXjtDIH.exe
  C:\Windows\System\bXjtDIH.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\RtbJlkS.exe
  C:\Windows\System\RtbJlkS.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\ZOyGKIl.exe
  C:\Windows\System\ZOyGKIl.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\WYWkuYm.exe
  C:\Windows\System\WYWkuYm.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\svNyXOr.exe
  C:\Windows\System\svNyXOr.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\CMCEVjT.exe
  C:\Windows\System\CMCEVjT.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\RvfoVeb.exe
  C:\Windows\System\RvfoVeb.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\glgoxME.exe
  C:\Windows\System\glgoxME.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\TsxBpKH.exe
  C:\Windows\System\TsxBpKH.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\FfCuDFL.exe
  C:\Windows\System\FfCuDFL.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\rXKREnq.exe
  C:\Windows\System\rXKREnq.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\DRCFZVV.exe
  C:\Windows\System\DRCFZVV.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\lqyKspa.exe
  C:\Windows\System\lqyKspa.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\fiYecVL.exe
  C:\Windows\System\fiYecVL.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\qDwYmcZ.exe
  C:\Windows\System\qDwYmcZ.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\GvVPamE.exe
  C:\Windows\System\GvVPamE.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\BnLKvEs.exe
  C:\Windows\System\BnLKvEs.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\JqnCfMV.exe
  C:\Windows\System\JqnCfMV.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\ihvNnjL.exe
  C:\Windows\System\ihvNnjL.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\QLnedmz.exe
  C:\Windows\System\QLnedmz.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\AcUxAUD.exe
  C:\Windows\System\AcUxAUD.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\DWHlgWu.exe
  C:\Windows\System\DWHlgWu.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\TMcZMSG.exe
  C:\Windows\System\TMcZMSG.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\nhICRVw.exe
  C:\Windows\System\nhICRVw.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\kTjRiBh.exe
  C:\Windows\System\kTjRiBh.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\ScbNWlO.exe
  C:\Windows\System\ScbNWlO.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\OyEbKSl.exe
  C:\Windows\System\OyEbKSl.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\zoCUBFs.exe
  C:\Windows\System\zoCUBFs.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\DhxyJnw.exe
  C:\Windows\System\DhxyJnw.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\xUoEwSL.exe
  C:\Windows\System\xUoEwSL.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\DjWrEgi.exe
  C:\Windows\System\DjWrEgi.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\oSkxiti.exe
  C:\Windows\System\oSkxiti.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\EpTcVyU.exe
  C:\Windows\System\EpTcVyU.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\LaEpmqH.exe
  C:\Windows\System\LaEpmqH.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\CsomYBm.exe
  C:\Windows\System\CsomYBm.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\TEwNyTe.exe
  C:\Windows\System\TEwNyTe.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\bOWxcaL.exe
  C:\Windows\System\bOWxcaL.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\NZSlfVg.exe
  C:\Windows\System\NZSlfVg.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\gJACrGT.exe
  C:\Windows\System\gJACrGT.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\DAEoNTg.exe
  C:\Windows\System\DAEoNTg.exe
  2⤵
  PID:1964
- C:\Windows\System\SfhnkBA.exe
  C:\Windows\System\SfhnkBA.exe
  2⤵
  PID:1864
- C:\Windows\System\oGofPgk.exe
  C:\Windows\System\oGofPgk.exe
  2⤵
  PID:2132
- C:\Windows\System\fHeQuCg.exe
  C:\Windows\System\fHeQuCg.exe
  2⤵
  PID:2060
- C:\Windows\System\smIakUV.exe
  C:\Windows\System\smIakUV.exe
  2⤵
  PID:2936
- C:\Windows\System\akWUsFr.exe
  C:\Windows\System\akWUsFr.exe
  2⤵
  PID:2716
- C:\Windows\System\WzYTqsW.exe
  C:\Windows\System\WzYTqsW.exe
  2⤵
  PID:2508
- C:\Windows\System\RrdcUMO.exe
  C:\Windows\System\RrdcUMO.exe
  2⤵
  PID:836
- C:\Windows\System\kXfmNCf.exe
  C:\Windows\System\kXfmNCf.exe
  2⤵
  PID:1440
- C:\Windows\System\YMngxCh.exe
  C:\Windows\System\YMngxCh.exe
  2⤵
  PID:1772
- C:\Windows\System\bMWfyst.exe
  C:\Windows\System\bMWfyst.exe
  2⤵
  PID:888
- C:\Windows\System\ZyWSlcL.exe
  C:\Windows\System\ZyWSlcL.exe
  2⤵
  PID:3004
- C:\Windows\System\iGJvhWU.exe
  C:\Windows\System\iGJvhWU.exe
  2⤵
  PID:1952
- C:\Windows\System\lajexdG.exe
  C:\Windows\System\lajexdG.exe
  2⤵
  PID:1520
- C:\Windows\System\cYNdiCh.exe
  C:\Windows\System\cYNdiCh.exe
  2⤵
  PID:2004
- C:\Windows\System\XvgBBkF.exe
  C:\Windows\System\XvgBBkF.exe
  2⤵
  PID:2028
- C:\Windows\System\HohYrJh.exe
  C:\Windows\System\HohYrJh.exe
  2⤵
  PID:708
- C:\Windows\System\ebEPFOQ.exe
  C:\Windows\System\ebEPFOQ.exe
  2⤵
  PID:1788
- C:\Windows\System\odaYoUq.exe
  C:\Windows\System\odaYoUq.exe
  2⤵
  PID:1356
- C:\Windows\System\MSypEbF.exe
  C:\Windows\System\MSypEbF.exe
  2⤵
  PID:1880
- C:\Windows\System\vGqGelf.exe
  C:\Windows\System\vGqGelf.exe
  2⤵
  PID:620
- C:\Windows\System\IKqDvcp.exe
  C:\Windows\System\IKqDvcp.exe
  2⤵
  PID:2280
- C:\Windows\System\ixHgHnt.exe
  C:\Windows\System\ixHgHnt.exe
  2⤵
  PID:2592
- C:\Windows\System\swpgOHh.exe
  C:\Windows\System\swpgOHh.exe
  2⤵
  PID:2268
- C:\Windows\System\jQzxQlO.exe
  C:\Windows\System\jQzxQlO.exe
  2⤵
  PID:2052
- C:\Windows\System\dcMJkhj.exe
  C:\Windows\System\dcMJkhj.exe
  2⤵
  PID:2452
- C:\Windows\System\BHgOFzo.exe
  C:\Windows\System\BHgOFzo.exe
  2⤵
  PID:2836
- C:\Windows\System\yXcLkRr.exe
  C:\Windows\System\yXcLkRr.exe
  2⤵
  PID:1916
- C:\Windows\System\flnveeY.exe
  C:\Windows\System\flnveeY.exe
  2⤵
  PID:2876
- C:\Windows\System\OkwIeIE.exe
  C:\Windows\System\OkwIeIE.exe
  2⤵
  PID:1616
- C:\Windows\System\SLNPjCo.exe
  C:\Windows\System\SLNPjCo.exe
  2⤵
  PID:2660
- C:\Windows\System\rteruCB.exe
  C:\Windows\System\rteruCB.exe
  2⤵
  PID:2948
- C:\Windows\System\gTGYSpq.exe
  C:\Windows\System\gTGYSpq.exe
  2⤵
  PID:2736
- C:\Windows\System\utYPNNB.exe
  C:\Windows\System\utYPNNB.exe
  2⤵
  PID:2816
- C:\Windows\System\ohMIeRZ.exe
  C:\Windows\System\ohMIeRZ.exe
  2⤵
  PID:896
- C:\Windows\System\BvYkuUZ.exe
  C:\Windows\System\BvYkuUZ.exe
  2⤵
  PID:592
- C:\Windows\System\tFQGTgT.exe
  C:\Windows\System\tFQGTgT.exe
  2⤵
  PID:2128
- C:\Windows\System\oyUQegj.exe
  C:\Windows\System\oyUQegj.exe
  2⤵
  PID:316
- C:\Windows\System\kjagFUb.exe
  C:\Windows\System\kjagFUb.exe
  2⤵
  PID:2588
- C:\Windows\System\wVgNmct.exe
  C:\Windows\System\wVgNmct.exe
  2⤵
  PID:1600
- C:\Windows\System\hMgerfS.exe
  C:\Windows\System\hMgerfS.exe
  2⤵
  PID:568
- C:\Windows\System\BAfKyXr.exe
  C:\Windows\System\BAfKyXr.exe
  2⤵
  PID:1404
- C:\Windows\System\yrXOOUS.exe
  C:\Windows\System\yrXOOUS.exe
  2⤵
  PID:2308
- C:\Windows\System\EuTCrvh.exe
  C:\Windows\System\EuTCrvh.exe
  2⤵
  PID:1360
- C:\Windows\System\mRCsmEj.exe
  C:\Windows\System\mRCsmEj.exe
  2⤵
  PID:2552
- C:\Windows\System\outIZyA.exe
  C:\Windows\System\outIZyA.exe
  2⤵
  PID:1564
- C:\Windows\System\oEngHnw.exe
  C:\Windows\System\oEngHnw.exe
  2⤵
  PID:1868
- C:\Windows\System\dHjxFNq.exe
  C:\Windows\System\dHjxFNq.exe
  2⤵
  PID:1280
- C:\Windows\System\CmGZRHe.exe
  C:\Windows\System\CmGZRHe.exe
  2⤵
  PID:908
- C:\Windows\System\fACjJuM.exe
  C:\Windows\System\fACjJuM.exe
  2⤵
  PID:1028
- C:\Windows\System\KoHOieP.exe
  C:\Windows\System\KoHOieP.exe
  2⤵
  PID:2328
- C:\Windows\System\ZpQaNtu.exe
  C:\Windows\System\ZpQaNtu.exe
  2⤵
  PID:2844
- C:\Windows\System\izbtJZS.exe
  C:\Windows\System\izbtJZS.exe
  2⤵
  PID:2704
- C:\Windows\System\EOTGBiE.exe
  C:\Windows\System\EOTGBiE.exe
  2⤵
  PID:2780
- C:\Windows\System\ZAylwTc.exe
  C:\Windows\System\ZAylwTc.exe
  2⤵
  PID:2860
- C:\Windows\System\cFWEbDK.exe
  C:\Windows\System\cFWEbDK.exe
  2⤵
  PID:572
- C:\Windows\System\JhcffnV.exe
  C:\Windows\System\JhcffnV.exe
  2⤵
  PID:588
- C:\Windows\System\jSQZYBt.exe
  C:\Windows\System\jSQZYBt.exe
  2⤵
  PID:2924
- C:\Windows\System\cgRCoKd.exe
  C:\Windows\System\cgRCoKd.exe
  2⤵
  PID:2944
- C:\Windows\System\okBrPaV.exe
  C:\Windows\System\okBrPaV.exe
  2⤵
  PID:1324
- C:\Windows\System\neTbuUn.exe
  C:\Windows\System\neTbuUn.exe
  2⤵
  PID:1948
- C:\Windows\System\ZuwfkVg.exe
  C:\Windows\System\ZuwfkVg.exe
  2⤵
  PID:1588
- C:\Windows\System\kZCGQKu.exe
  C:\Windows\System\kZCGQKu.exe
  2⤵
  PID:1792
- C:\Windows\System\TLbpzmS.exe
  C:\Windows\System\TLbpzmS.exe
  2⤵
  PID:1568
- C:\Windows\System\qLjiZqf.exe
  C:\Windows\System\qLjiZqf.exe
  2⤵
  PID:1496
- C:\Windows\System\VuWXdWG.exe
  C:\Windows\System\VuWXdWG.exe
  2⤵
  PID:2304
- C:\Windows\System\DyTsebt.exe
  C:\Windows\System\DyTsebt.exe
  2⤵
  PID:2292
- C:\Windows\System\YjZtzpa.exe
  C:\Windows\System\YjZtzpa.exe
  2⤵
  PID:988
- C:\Windows\System\XKaAkMs.exe
  C:\Windows\System\XKaAkMs.exe
  2⤵
  PID:2336
- C:\Windows\System\PdpXBeW.exe
  C:\Windows\System\PdpXBeW.exe
  2⤵
  PID:880
- C:\Windows\System\XPNdoPa.exe
  C:\Windows\System\XPNdoPa.exe
  2⤵
  PID:2256
- C:\Windows\System\CfbbsYF.exe
  C:\Windows\System\CfbbsYF.exe
  2⤵
  PID:704
- C:\Windows\System\vfdtHMZ.exe
  C:\Windows\System\vfdtHMZ.exe
  2⤵
  PID:3084
- C:\Windows\System\pgSgunu.exe
  C:\Windows\System\pgSgunu.exe
  2⤵
  PID:3100
- C:\Windows\System\ZpKTDZW.exe
  C:\Windows\System\ZpKTDZW.exe
  2⤵
  PID:3124
- C:\Windows\System\vmGjWwA.exe
  C:\Windows\System\vmGjWwA.exe
  2⤵
  PID:3144
- C:\Windows\System\IrLIawq.exe
  C:\Windows\System\IrLIawq.exe
  2⤵
  PID:3164
- C:\Windows\System\cTPpjTi.exe
  C:\Windows\System\cTPpjTi.exe
  2⤵
  PID:3180
- C:\Windows\System\rPCVfBJ.exe
  C:\Windows\System\rPCVfBJ.exe
  2⤵
  PID:3200
- C:\Windows\System\leLZlMu.exe
  C:\Windows\System\leLZlMu.exe
  2⤵
  PID:3224
- C:\Windows\System\cZUkWJQ.exe
  C:\Windows\System\cZUkWJQ.exe
  2⤵
  PID:3244
- C:\Windows\System\baVUBGa.exe
  C:\Windows\System\baVUBGa.exe
  2⤵
  PID:3264
- C:\Windows\System\UrowYrm.exe
  C:\Windows\System\UrowYrm.exe
  2⤵
  PID:3284
- C:\Windows\System\xCamaUI.exe
  C:\Windows\System\xCamaUI.exe
  2⤵
  PID:3304
- C:\Windows\System\TVTckvO.exe
  C:\Windows\System\TVTckvO.exe
  2⤵
  PID:3324
- C:\Windows\System\LkwzvNw.exe
  C:\Windows\System\LkwzvNw.exe
  2⤵
  PID:3340
- C:\Windows\System\KktYMbS.exe
  C:\Windows\System\KktYMbS.exe
  2⤵
  PID:3364
- C:\Windows\System\ksGLZdz.exe
  C:\Windows\System\ksGLZdz.exe
  2⤵
  PID:3384
- C:\Windows\System\MWBSOUi.exe
  C:\Windows\System\MWBSOUi.exe
  2⤵
  PID:3404
- C:\Windows\System\WCtDFFx.exe
  C:\Windows\System\WCtDFFx.exe
  2⤵
  PID:3424
- C:\Windows\System\jltwPcT.exe
  C:\Windows\System\jltwPcT.exe
  2⤵
  PID:3444
- C:\Windows\System\jeMYNui.exe
  C:\Windows\System\jeMYNui.exe
  2⤵
  PID:3464
- C:\Windows\System\XlIkWGT.exe
  C:\Windows\System\XlIkWGT.exe
  2⤵
  PID:3484
- C:\Windows\System\BTJdbXO.exe
  C:\Windows\System\BTJdbXO.exe
  2⤵
  PID:3504
- C:\Windows\System\MDyhfVE.exe
  C:\Windows\System\MDyhfVE.exe
  2⤵
  PID:3524
- C:\Windows\System\YPRbkXm.exe
  C:\Windows\System\YPRbkXm.exe
  2⤵
  PID:3544
- C:\Windows\System\RkXMKrP.exe
  C:\Windows\System\RkXMKrP.exe
  2⤵
  PID:3568
- C:\Windows\System\tajeGtC.exe
  C:\Windows\System\tajeGtC.exe
  2⤵
  PID:3588
- C:\Windows\System\vWOYdnp.exe
  C:\Windows\System\vWOYdnp.exe
  2⤵
  PID:3608
- C:\Windows\System\wlRrDtB.exe
  C:\Windows\System\wlRrDtB.exe
  2⤵
  PID:3628
- C:\Windows\System\pxSpqEA.exe
  C:\Windows\System\pxSpqEA.exe
  2⤵
  PID:3648
- C:\Windows\System\jwUoeHT.exe
  C:\Windows\System\jwUoeHT.exe
  2⤵
  PID:3668
- C:\Windows\System\OPRhQwX.exe
  C:\Windows\System\OPRhQwX.exe
  2⤵
  PID:3696
- C:\Windows\System\VfzfGTq.exe
  C:\Windows\System\VfzfGTq.exe
  2⤵
  PID:3716
- C:\Windows\System\IfNhmMU.exe
  C:\Windows\System\IfNhmMU.exe
  2⤵
  PID:3736
- C:\Windows\System\zIeCOZB.exe
  C:\Windows\System\zIeCOZB.exe
  2⤵
  PID:3756
- C:\Windows\System\iQfPRzh.exe
  C:\Windows\System\iQfPRzh.exe
  2⤵
  PID:3776
- C:\Windows\System\SOdvhbm.exe
  C:\Windows\System\SOdvhbm.exe
  2⤵
  PID:3796
- C:\Windows\System\LPOvHdF.exe
  C:\Windows\System\LPOvHdF.exe
  2⤵
  PID:3816
- C:\Windows\System\MtUnkkA.exe
  C:\Windows\System\MtUnkkA.exe
  2⤵
  PID:3836
- C:\Windows\System\lkZekEn.exe
  C:\Windows\System\lkZekEn.exe
  2⤵
  PID:3856
- C:\Windows\System\xuPGoef.exe
  C:\Windows\System\xuPGoef.exe
  2⤵
  PID:3876
- C:\Windows\System\JEeGLcf.exe
  C:\Windows\System\JEeGLcf.exe
  2⤵
  PID:3896
- C:\Windows\System\nFViqNh.exe
  C:\Windows\System\nFViqNh.exe
  2⤵
  PID:3912
- C:\Windows\System\hnOMjAu.exe
  C:\Windows\System\hnOMjAu.exe
  2⤵
  PID:3936
- C:\Windows\System\UyRBzEf.exe
  C:\Windows\System\UyRBzEf.exe
  2⤵
  PID:3956
- C:\Windows\System\QWcvyTi.exe
  C:\Windows\System\QWcvyTi.exe
  2⤵
  PID:3976
- C:\Windows\System\dNiQAVs.exe
  C:\Windows\System\dNiQAVs.exe
  2⤵
  PID:3996
- C:\Windows\System\mGrxSkw.exe
  C:\Windows\System\mGrxSkw.exe
  2⤵
  PID:4016
- C:\Windows\System\LHNmKAM.exe
  C:\Windows\System\LHNmKAM.exe
  2⤵
  PID:4036
- C:\Windows\System\kPtECas.exe
  C:\Windows\System\kPtECas.exe
  2⤵
  PID:4056
- C:\Windows\System\twQfryw.exe
  C:\Windows\System\twQfryw.exe
  2⤵
  PID:4076
- C:\Windows\System\wuCtwMR.exe
  C:\Windows\System\wuCtwMR.exe
  2⤵
  PID:1832
- C:\Windows\System\dWHGdvv.exe
  C:\Windows\System\dWHGdvv.exe
  2⤵
  PID:1328
- C:\Windows\System\ftqqKnN.exe
  C:\Windows\System\ftqqKnN.exe
  2⤵
  PID:892
- C:\Windows\System\BQjfPnx.exe
  C:\Windows\System\BQjfPnx.exe
  2⤵
  PID:2548
- C:\Windows\System\IColsQY.exe
  C:\Windows\System\IColsQY.exe
  2⤵
  PID:1268
- C:\Windows\System\lVZuDNj.exe
  C:\Windows\System\lVZuDNj.exe
  2⤵
  PID:2108
- C:\Windows\System\uJgXcGz.exe
  C:\Windows\System\uJgXcGz.exe
  2⤵
  PID:3076
- C:\Windows\System\ilLsSBJ.exe
  C:\Windows\System\ilLsSBJ.exe
  2⤵
  PID:3108
- C:\Windows\System\Ieznuko.exe
  C:\Windows\System\Ieznuko.exe
  2⤵
  PID:3152
- C:\Windows\System\uqySgQK.exe
  C:\Windows\System\uqySgQK.exe
  2⤵
  PID:3136
- C:\Windows\System\gPwclFd.exe
  C:\Windows\System\gPwclFd.exe
  2⤵
  PID:3192
- C:\Windows\System\gMitxfE.exe
  C:\Windows\System\gMitxfE.exe
  2⤵
  PID:3176
- C:\Windows\System\BOvNkXl.exe
  C:\Windows\System\BOvNkXl.exe
  2⤵
  PID:3272
- C:\Windows\System\SrwrciR.exe
  C:\Windows\System\SrwrciR.exe
  2⤵
  PID:3260
- C:\Windows\System\LhEWElv.exe
  C:\Windows\System\LhEWElv.exe
  2⤵
  PID:3348
- C:\Windows\System\dBeREhY.exe
  C:\Windows\System\dBeREhY.exe
  2⤵
  PID:3332
- C:\Windows\System\DKaNchC.exe
  C:\Windows\System\DKaNchC.exe
  2⤵
  PID:3396
- C:\Windows\System\ORjImol.exe
  C:\Windows\System\ORjImol.exe
  2⤵
  PID:3436
- C:\Windows\System\ojQxjTT.exe
  C:\Windows\System\ojQxjTT.exe
  2⤵
  PID:3452
- C:\Windows\System\VRROgRe.exe
  C:\Windows\System\VRROgRe.exe
  2⤵
  PID:3460
- C:\Windows\System\LIpBEdx.exe
  C:\Windows\System\LIpBEdx.exe
  2⤵
  PID:3556
- C:\Windows\System\neXPlax.exe
  C:\Windows\System\neXPlax.exe
  2⤵
  PID:3560
- C:\Windows\System\WBQjrhr.exe
  C:\Windows\System\WBQjrhr.exe
  2⤵
  PID:3576
- C:\Windows\System\TluNCYh.exe
  C:\Windows\System\TluNCYh.exe
  2⤵
  PID:3676
- C:\Windows\System\ehJsllj.exe
  C:\Windows\System\ehJsllj.exe
  2⤵
  PID:3664
- C:\Windows\System\nllWbpz.exe
  C:\Windows\System\nllWbpz.exe
  2⤵
  PID:3724
- C:\Windows\System\qMIqvCy.exe
  C:\Windows\System\qMIqvCy.exe
  2⤵
  PID:3764
- C:\Windows\System\TZIXRyy.exe
  C:\Windows\System\TZIXRyy.exe
  2⤵
  PID:3748
- C:\Windows\System\vtgkEYS.exe
  C:\Windows\System\vtgkEYS.exe
  2⤵
  PID:3788
- C:\Windows\System\TlzUldY.exe
  C:\Windows\System\TlzUldY.exe
  2⤵
  PID:3824
- C:\Windows\System\bPNHfOB.exe
  C:\Windows\System\bPNHfOB.exe
  2⤵
  PID:3892
- C:\Windows\System\pAVZPLB.exe
  C:\Windows\System\pAVZPLB.exe
  2⤵
  PID:3904
- C:\Windows\System\snaOILE.exe
  C:\Windows\System\snaOILE.exe
  2⤵
  PID:3908
- C:\Windows\System\xriPQQc.exe
  C:\Windows\System\xriPQQc.exe
  2⤵
  PID:3952
- C:\Windows\System\CZJyrIY.exe
  C:\Windows\System\CZJyrIY.exe
  2⤵
  PID:4012
- C:\Windows\System\sYTiLSu.exe
  C:\Windows\System\sYTiLSu.exe
  2⤵
  PID:4044
- C:\Windows\System\CKUmiFo.exe
  C:\Windows\System\CKUmiFo.exe
  2⤵
  PID:4084
- C:\Windows\System\DGfETfb.exe
  C:\Windows\System\DGfETfb.exe
  2⤵
  PID:4064
- C:\Windows\System\DnYLcFB.exe
  C:\Windows\System\DnYLcFB.exe
  2⤵
  PID:1204
- C:\Windows\System\NvhqQXM.exe
  C:\Windows\System\NvhqQXM.exe
  2⤵
  PID:2900
- C:\Windows\System\AwXdxjv.exe
  C:\Windows\System\AwXdxjv.exe
  2⤵
  PID:2196
- C:\Windows\System\ogmpCaf.exe
  C:\Windows\System\ogmpCaf.exe
  2⤵
  PID:2804
- C:\Windows\System\USYNRXd.exe
  C:\Windows\System\USYNRXd.exe
  2⤵
  PID:3116
- C:\Windows\System\eUFcxOb.exe
  C:\Windows\System\eUFcxOb.exe
  2⤵
  PID:3132
- C:\Windows\System\wBHlxod.exe
  C:\Windows\System\wBHlxod.exe
  2⤵
  PID:3092
- C:\Windows\System\EBuWLIt.exe
  C:\Windows\System\EBuWLIt.exe
  2⤵
  PID:2484
- C:\Windows\System\XJjaRWS.exe
  C:\Windows\System\XJjaRWS.exe
  2⤵
  PID:3320
- C:\Windows\System\ERZAOAI.exe
  C:\Windows\System\ERZAOAI.exe
  2⤵
  PID:3300
- C:\Windows\System\wJvhBst.exe
  C:\Windows\System\wJvhBst.exe
  2⤵
  PID:3372
- C:\Windows\System\KMpwzoH.exe
  C:\Windows\System\KMpwzoH.exe
  2⤵
  PID:3376
- C:\Windows\System\miwDpfQ.exe
  C:\Windows\System\miwDpfQ.exe
  2⤵
  PID:3512
- C:\Windows\System\ELhoCmz.exe
  C:\Windows\System\ELhoCmz.exe
  2⤵
  PID:3636
- C:\Windows\System\oSVbXGA.exe
  C:\Windows\System\oSVbXGA.exe
  2⤵
  PID:3620
- C:\Windows\System\fmOEqhH.exe
  C:\Windows\System\fmOEqhH.exe
  2⤵
  PID:3644
- C:\Windows\System\FozXcmc.exe
  C:\Windows\System\FozXcmc.exe
  2⤵
  PID:3680
- C:\Windows\System\HmgKCaD.exe
  C:\Windows\System\HmgKCaD.exe
  2⤵
  PID:3784
- C:\Windows\System\DvNboZm.exe
  C:\Windows\System\DvNboZm.exe
  2⤵
  PID:3884
- C:\Windows\System\EBZDnng.exe
  C:\Windows\System\EBZDnng.exe
  2⤵
  PID:3924
- C:\Windows\System\oiwyTrb.exe
  C:\Windows\System\oiwyTrb.exe
  2⤵
  PID:3948
- C:\Windows\System\vvbBxoo.exe
  C:\Windows\System\vvbBxoo.exe
  2⤵
  PID:3984
- C:\Windows\System\zCAkoUw.exe
  C:\Windows\System\zCAkoUw.exe
  2⤵
  PID:4024
- C:\Windows\System\whUdSoX.exe
  C:\Windows\System\whUdSoX.exe
  2⤵
  PID:4092
- C:\Windows\System\DrTlgpP.exe
  C:\Windows\System\DrTlgpP.exe
  2⤵
  PID:1980
- C:\Windows\System\hOwWPBE.exe
  C:\Windows\System\hOwWPBE.exe
  2⤵
  PID:2620
- C:\Windows\System\eYyMQRr.exe
  C:\Windows\System\eYyMQRr.exe
  2⤵
  PID:3080
- C:\Windows\System\YSDNWUY.exe
  C:\Windows\System\YSDNWUY.exe
  2⤵
  PID:1940
- C:\Windows\System\tnxfQoB.exe
  C:\Windows\System\tnxfQoB.exe
  2⤵
  PID:3212
- C:\Windows\System\QAofwaK.exe
  C:\Windows\System\QAofwaK.exe
  2⤵
  PID:3236
- C:\Windows\System\MeTUyNa.exe
  C:\Windows\System\MeTUyNa.exe
  2⤵
  PID:3312
- C:\Windows\System\toffMeO.exe
  C:\Windows\System\toffMeO.exe
  2⤵
  PID:3500
- C:\Windows\System\eRrbVqx.exe
  C:\Windows\System\eRrbVqx.exe
  2⤵
  PID:2232
- C:\Windows\System\mQjjIDK.exe
  C:\Windows\System\mQjjIDK.exe
  2⤵
  PID:3604
- C:\Windows\System\smSiivN.exe
  C:\Windows\System\smSiivN.exe
  2⤵
  PID:3640
- C:\Windows\System\cLBJHjP.exe
  C:\Windows\System\cLBJHjP.exe
  2⤵
  PID:3808
- C:\Windows\System\oLWsLpA.exe
  C:\Windows\System\oLWsLpA.exe
  2⤵
  PID:3852
- C:\Windows\System\CNMHzsu.exe
  C:\Windows\System\CNMHzsu.exe
  2⤵
  PID:3992
- C:\Windows\System\UbgtvPY.exe
  C:\Windows\System\UbgtvPY.exe
  2⤵
  PID:2820
- C:\Windows\System\JDoRKKK.exe
  C:\Windows\System\JDoRKKK.exe
  2⤵
  PID:1556
- C:\Windows\System\XulDYjd.exe
  C:\Windows\System\XulDYjd.exe
  2⤵
  PID:3160
- C:\Windows\System\Dixkeyg.exe
  C:\Windows\System\Dixkeyg.exe
  2⤵
  PID:1312
- C:\Windows\System\KTFYfbX.exe
  C:\Windows\System\KTFYfbX.exe
  2⤵
  PID:3208
- C:\Windows\System\hqlbcBy.exe
  C:\Windows\System\hqlbcBy.exe
  2⤵
  PID:3420
- C:\Windows\System\yMIAuQt.exe
  C:\Windows\System\yMIAuQt.exe
  2⤵
  PID:3660
- C:\Windows\System\GuRPLnl.exe
  C:\Windows\System\GuRPLnl.exe
  2⤵
  PID:3864
- C:\Windows\System\DzSLjoY.exe
  C:\Windows\System\DzSLjoY.exe
  2⤵
  PID:3972
- C:\Windows\System\HlNqWrZ.exe
  C:\Windows\System\HlNqWrZ.exe
  2⤵
  PID:4072
- C:\Windows\System\cGuhcNa.exe
  C:\Windows\System\cGuhcNa.exe
  2⤵
  PID:1052
- C:\Windows\System\GoyYzYb.exe
  C:\Windows\System\GoyYzYb.exe
  2⤵
  PID:4108
- C:\Windows\System\rnKOTBC.exe
  C:\Windows\System\rnKOTBC.exe
  2⤵
  PID:4132
- C:\Windows\System\lBlGDGy.exe
  C:\Windows\System\lBlGDGy.exe
  2⤵
  PID:4152
- C:\Windows\System\EUoCbDE.exe
  C:\Windows\System\EUoCbDE.exe
  2⤵
  PID:4172
- C:\Windows\System\bEaiKMY.exe
  C:\Windows\System\bEaiKMY.exe
  2⤵
  PID:4192
- C:\Windows\System\lAEKClJ.exe
  C:\Windows\System\lAEKClJ.exe
  2⤵
  PID:4212
- C:\Windows\System\oZzGlwy.exe
  C:\Windows\System\oZzGlwy.exe
  2⤵
  PID:4232
- C:\Windows\System\iWHuCpT.exe
  C:\Windows\System\iWHuCpT.exe
  2⤵
  PID:4256
- C:\Windows\System\bKxldzm.exe
  C:\Windows\System\bKxldzm.exe
  2⤵
  PID:4276
- C:\Windows\System\PJquXJG.exe
  C:\Windows\System\PJquXJG.exe
  2⤵
  PID:4296
- C:\Windows\System\IbpBilN.exe
  C:\Windows\System\IbpBilN.exe
  2⤵
  PID:4316
- C:\Windows\System\HuONsMX.exe
  C:\Windows\System\HuONsMX.exe
  2⤵
  PID:4336
- C:\Windows\System\ZvXtiBn.exe
  C:\Windows\System\ZvXtiBn.exe
  2⤵
  PID:4356
- C:\Windows\System\MbYbMFz.exe
  C:\Windows\System\MbYbMFz.exe
  2⤵
  PID:4376
- C:\Windows\System\cMhqqVH.exe
  C:\Windows\System\cMhqqVH.exe
  2⤵
  PID:4396
- C:\Windows\System\OEAspvF.exe
  C:\Windows\System\OEAspvF.exe
  2⤵
  PID:4416
- C:\Windows\System\ZIUPCEQ.exe
  C:\Windows\System\ZIUPCEQ.exe
  2⤵
  PID:4436
- C:\Windows\System\fyIPutS.exe
  C:\Windows\System\fyIPutS.exe
  2⤵
  PID:4452
- C:\Windows\System\pCeawjO.exe
  C:\Windows\System\pCeawjO.exe
  2⤵
  PID:4476
- C:\Windows\System\BWBNJIB.exe
  C:\Windows\System\BWBNJIB.exe
  2⤵
  PID:4496
- C:\Windows\System\PuAGaZL.exe
  C:\Windows\System\PuAGaZL.exe
  2⤵
  PID:4516
- C:\Windows\System\TcKdFww.exe
  C:\Windows\System\TcKdFww.exe
  2⤵
  PID:4536
- C:\Windows\System\pvIGUnZ.exe
  C:\Windows\System\pvIGUnZ.exe
  2⤵
  PID:4556
- C:\Windows\System\gEDGGco.exe
  C:\Windows\System\gEDGGco.exe
  2⤵
  PID:4576
- C:\Windows\System\QScriuo.exe
  C:\Windows\System\QScriuo.exe
  2⤵
  PID:4592
- C:\Windows\System\RSiEmOP.exe
  C:\Windows\System\RSiEmOP.exe
  2⤵
  PID:4612
- C:\Windows\System\BInjCYr.exe
  C:\Windows\System\BInjCYr.exe
  2⤵
  PID:4636
- C:\Windows\System\AxnMwbd.exe
  C:\Windows\System\AxnMwbd.exe
  2⤵
  PID:4660
- C:\Windows\System\hiIQawL.exe
  C:\Windows\System\hiIQawL.exe
  2⤵
  PID:4676
- C:\Windows\System\KbfTiQm.exe
  C:\Windows\System\KbfTiQm.exe
  2⤵
  PID:4700
- C:\Windows\System\lVBIGvg.exe
  C:\Windows\System\lVBIGvg.exe
  2⤵
  PID:4720
- C:\Windows\System\KzKWLcB.exe
  C:\Windows\System\KzKWLcB.exe
  2⤵
  PID:4740
- C:\Windows\System\RDGIIpT.exe
  C:\Windows\System\RDGIIpT.exe
  2⤵
  PID:4760
- C:\Windows\System\zfIfiAv.exe
  C:\Windows\System\zfIfiAv.exe
  2⤵
  PID:4780
- C:\Windows\System\ZntfuuM.exe
  C:\Windows\System\ZntfuuM.exe
  2⤵
  PID:4800
- C:\Windows\System\ntcuJiS.exe
  C:\Windows\System\ntcuJiS.exe
  2⤵
  PID:4820
- C:\Windows\System\GnlWZwM.exe
  C:\Windows\System\GnlWZwM.exe
  2⤵
  PID:4840
- C:\Windows\System\hMUmvhX.exe
  C:\Windows\System\hMUmvhX.exe
  2⤵
  PID:4860
- C:\Windows\System\NQmWnJY.exe
  C:\Windows\System\NQmWnJY.exe
  2⤵
  PID:4880
- C:\Windows\System\idYoVLl.exe
  C:\Windows\System\idYoVLl.exe
  2⤵
  PID:4900
- C:\Windows\System\VYYCwyq.exe
  C:\Windows\System\VYYCwyq.exe
  2⤵
  PID:4920
- C:\Windows\System\vGadVbu.exe
  C:\Windows\System\vGadVbu.exe
  2⤵
  PID:4940
- C:\Windows\System\fllTNCe.exe
  C:\Windows\System\fllTNCe.exe
  2⤵
  PID:4960
- C:\Windows\System\FWLoZfG.exe
  C:\Windows\System\FWLoZfG.exe
  2⤵
  PID:4980
- C:\Windows\System\daPTlSi.exe
  C:\Windows\System\daPTlSi.exe
  2⤵
  PID:5000
- C:\Windows\System\FkAqjTX.exe
  C:\Windows\System\FkAqjTX.exe
  2⤵
  PID:5020
- C:\Windows\System\wOhWZRy.exe
  C:\Windows\System\wOhWZRy.exe
  2⤵
  PID:5040
- C:\Windows\System\zvXzeKA.exe
  C:\Windows\System\zvXzeKA.exe
  2⤵
  PID:5060
- C:\Windows\System\VzzyfLc.exe
  C:\Windows\System\VzzyfLc.exe
  2⤵
  PID:5080
- C:\Windows\System\XlJCLxb.exe
  C:\Windows\System\XlJCLxb.exe
  2⤵
  PID:5100
- C:\Windows\System\rqBwkej.exe
  C:\Windows\System\rqBwkej.exe
  2⤵
  PID:3292
- C:\Windows\System\zTzJRXM.exe
  C:\Windows\System\zTzJRXM.exe
  2⤵
  PID:2460
- C:\Windows\System\tcfjfFX.exe
  C:\Windows\System\tcfjfFX.exe
  2⤵
  PID:3692
- C:\Windows\System\bChEAji.exe
  C:\Windows\System\bChEAji.exe
  2⤵
  PID:3744
- C:\Windows\System\iMdDbcq.exe
  C:\Windows\System\iMdDbcq.exe
  2⤵
  PID:3516
- C:\Windows\System\DEUzqsi.exe
  C:\Windows\System\DEUzqsi.exe
  2⤵
  PID:4116
- C:\Windows\System\YjwrBYh.exe
  C:\Windows\System\YjwrBYh.exe
  2⤵
  PID:4100
- C:\Windows\System\JkAXaTZ.exe
  C:\Windows\System\JkAXaTZ.exe
  2⤵
  PID:4144
- C:\Windows\System\OlBmddO.exe
  C:\Windows\System\OlBmddO.exe
  2⤵
  PID:4204
- C:\Windows\System\LlgYlAp.exe
  C:\Windows\System\LlgYlAp.exe
  2⤵
  PID:4244
- C:\Windows\System\fVGLBlU.exe
  C:\Windows\System\fVGLBlU.exe
  2⤵
  PID:4284
- C:\Windows\System\UZsJEMw.exe
  C:\Windows\System\UZsJEMw.exe
  2⤵
  PID:4272
- C:\Windows\System\JtYiYRX.exe
  C:\Windows\System\JtYiYRX.exe
  2⤵
  PID:4308
- C:\Windows\System\nSaaiBt.exe
  C:\Windows\System\nSaaiBt.exe
  2⤵
  PID:4344
- C:\Windows\System\QfewxyR.exe
  C:\Windows\System\QfewxyR.exe
  2⤵
  PID:4408
- C:\Windows\System\ehjdFby.exe
  C:\Windows\System\ehjdFby.exe
  2⤵
  PID:4448
- C:\Windows\System\EsKUJjI.exe
  C:\Windows\System\EsKUJjI.exe
  2⤵
  PID:4488
- C:\Windows\System\VjwCDDA.exe
  C:\Windows\System\VjwCDDA.exe
  2⤵
  PID:4524
- C:\Windows\System\MIFQlxh.exe
  C:\Windows\System\MIFQlxh.exe
  2⤵
  PID:4512
- C:\Windows\System\XurczeB.exe
  C:\Windows\System\XurczeB.exe
  2⤵
  PID:4552
- C:\Windows\System\vlwFGcK.exe
  C:\Windows\System\vlwFGcK.exe
  2⤵
  PID:4584
- C:\Windows\System\yfqhsEN.exe
  C:\Windows\System\yfqhsEN.exe
  2⤵
  PID:4624
- C:\Windows\System\rIBaYlB.exe
  C:\Windows\System\rIBaYlB.exe
  2⤵
  PID:4688
- C:\Windows\System\NvekCsy.exe
  C:\Windows\System\NvekCsy.exe
  2⤵
  PID:4728
- C:\Windows\System\jhVzTeq.exe
  C:\Windows\System\jhVzTeq.exe
  2⤵
  PID:4708
- C:\Windows\System\vDmBjen.exe
  C:\Windows\System\vDmBjen.exe
  2⤵
  PID:4772
- C:\Windows\System\RAZgoQD.exe
  C:\Windows\System\RAZgoQD.exe
  2⤵
  PID:4812
- C:\Windows\System\DiOKYgC.exe
  C:\Windows\System\DiOKYgC.exe
  2⤵
  PID:4828
- C:\Windows\System\MXGxihM.exe
  C:\Windows\System\MXGxihM.exe
  2⤵
  PID:4832
- C:\Windows\System\RftBYBi.exe
  C:\Windows\System\RftBYBi.exe
  2⤵
  PID:2324
- C:\Windows\System\bBZBpvl.exe
  C:\Windows\System\bBZBpvl.exe
  2⤵
  PID:4932
- C:\Windows\System\xEcmjuf.exe
  C:\Windows\System\xEcmjuf.exe
  2⤵
  PID:4968
- C:\Windows\System\yHnDpcr.exe
  C:\Windows\System\yHnDpcr.exe
  2⤵
  PID:4988
- C:\Windows\System\ZrGzybG.exe
  C:\Windows\System\ZrGzybG.exe
  2⤵
  PID:4992
- C:\Windows\System\omxEKRK.exe
  C:\Windows\System\omxEKRK.exe
  2⤵
  PID:5052
- C:\Windows\System\vKTrMYa.exe
  C:\Windows\System\vKTrMYa.exe
  2⤵
  PID:5088
- C:\Windows\System\SamPzsH.exe
  C:\Windows\System\SamPzsH.exe
  2⤵
  PID:5072
- C:\Windows\System\JuFGxBV.exe
  C:\Windows\System\JuFGxBV.exe
  2⤵
  PID:5108
- C:\Windows\System\qDfjPuj.exe
  C:\Windows\System\qDfjPuj.exe
  2⤵
  PID:3252
- C:\Windows\System\dkEFbnu.exe
  C:\Windows\System\dkEFbnu.exe
  2⤵
  PID:3540
- C:\Windows\System\SiaNlUb.exe
  C:\Windows\System\SiaNlUb.exe
  2⤵
  PID:4160
- C:\Windows\System\pMlzHaE.exe
  C:\Windows\System\pMlzHaE.exe
  2⤵
  PID:1044
- C:\Windows\System\PMgUKKW.exe
  C:\Windows\System\PMgUKKW.exe
  2⤵
  PID:4164
- C:\Windows\System\mdiSHqP.exe
  C:\Windows\System\mdiSHqP.exe
  2⤵
  PID:4264
- C:\Windows\System\FlDwuTO.exe
  C:\Windows\System\FlDwuTO.exe
  2⤵
  PID:4372
- C:\Windows\System\PXnVdOZ.exe
  C:\Windows\System\PXnVdOZ.exe
  2⤵
  PID:4404
- C:\Windows\System\GNXSaWZ.exe
  C:\Windows\System\GNXSaWZ.exe
  2⤵
  PID:1976
- C:\Windows\System\iPqwApr.exe
  C:\Windows\System\iPqwApr.exe
  2⤵
  PID:4432
- C:\Windows\System\GjEbjVk.exe
  C:\Windows\System\GjEbjVk.exe
  2⤵
  PID:4504
- C:\Windows\System\RJIHAfz.exe
  C:\Windows\System\RJIHAfz.exe
  2⤵
  PID:4648
- C:\Windows\System\NlZdsbf.exe
  C:\Windows\System\NlZdsbf.exe
  2⤵
  PID:4632
- C:\Windows\System\kFJwKHe.exe
  C:\Windows\System\kFJwKHe.exe
  2⤵
  PID:4768
- C:\Windows\System\wiMDUxf.exe
  C:\Windows\System\wiMDUxf.exe
  2⤵
  PID:4788
- C:\Windows\System\CdmWEiL.exe
  C:\Windows\System\CdmWEiL.exe
  2⤵
  PID:4888
- C:\Windows\System\iSAoZZS.exe
  C:\Windows\System\iSAoZZS.exe
  2⤵
  PID:4876
- C:\Windows\System\aUVPCkP.exe
  C:\Windows\System\aUVPCkP.exe
  2⤵
  PID:4928
- C:\Windows\System\mShwzHv.exe
  C:\Windows\System\mShwzHv.exe
  2⤵
  PID:4956
- C:\Windows\System\xdNbEMN.exe
  C:\Windows\System\xdNbEMN.exe
  2⤵
  PID:5048
- C:\Windows\System\quPFDxC.exe
  C:\Windows\System\quPFDxC.exe
  2⤵
  PID:1272
- C:\Windows\System\LcbnfpI.exe
  C:\Windows\System\LcbnfpI.exe
  2⤵
  PID:3492
- C:\Windows\System\eRKCnOo.exe
  C:\Windows\System\eRKCnOo.exe
  2⤵
  PID:4004
- C:\Windows\System\QvJlwiW.exe
  C:\Windows\System\QvJlwiW.exe
  2⤵
  PID:1668
- C:\Windows\System\XmbTWQF.exe
  C:\Windows\System\XmbTWQF.exe
  2⤵
  PID:4200
- C:\Windows\System\NqTwdQH.exe
  C:\Windows\System\NqTwdQH.exe
  2⤵
  PID:4188
- C:\Windows\System\uXnmwJz.exe
  C:\Windows\System\uXnmwJz.exe
  2⤵
  PID:4328
- C:\Windows\System\UALkHMa.exe
  C:\Windows\System\UALkHMa.exe
  2⤵
  PID:4468
- C:\Windows\System\IVtWDPk.exe
  C:\Windows\System\IVtWDPk.exe
  2⤵
  PID:4508
- C:\Windows\System\bLlCcTc.exe
  C:\Windows\System\bLlCcTc.exe
  2⤵
  PID:4528
- C:\Windows\System\hctDSoP.exe
  C:\Windows\System\hctDSoP.exe
  2⤵
  PID:2480
- C:\Windows\System\sVtTXGr.exe
  C:\Windows\System\sVtTXGr.exe
  2⤵
  PID:4816
- C:\Windows\System\XECohRY.exe
  C:\Windows\System\XECohRY.exe
  2⤵
  PID:4916
- C:\Windows\System\aJjUFBq.exe
  C:\Windows\System\aJjUFBq.exe
  2⤵
  PID:4852
- C:\Windows\System\GHHcpCK.exe
  C:\Windows\System\GHHcpCK.exe
  2⤵
  PID:4996
- C:\Windows\System\vZAdwam.exe
  C:\Windows\System\vZAdwam.exe
  2⤵
  PID:2420
- C:\Windows\System\ephuhHH.exe
  C:\Windows\System\ephuhHH.exe
  2⤵
  PID:5092
- C:\Windows\System\yIIShca.exe
  C:\Windows\System\yIIShca.exe
  2⤵
  PID:3496
- C:\Windows\System\zlqDiCq.exe
  C:\Windows\System\zlqDiCq.exe
  2⤵
  PID:4324
- C:\Windows\System\vrEbgtb.exe
  C:\Windows\System\vrEbgtb.exe
  2⤵
  PID:2356
- C:\Windows\System\YndxzmW.exe
  C:\Windows\System\YndxzmW.exe
  2⤵
  PID:2880
- C:\Windows\System\AjnZozl.exe
  C:\Windows\System\AjnZozl.exe
  2⤵
  PID:4472
- C:\Windows\System\kMOKdsd.exe
  C:\Windows\System\kMOKdsd.exe
  2⤵
  PID:2972
- C:\Windows\System\TXAMoZd.exe
  C:\Windows\System\TXAMoZd.exe
  2⤵
  PID:4392
- C:\Windows\System\yDFVvXm.exe
  C:\Windows\System\yDFVvXm.exe
  2⤵
  PID:2076
- C:\Windows\System\ehSNzHc.exe
  C:\Windows\System\ehSNzHc.exe
  2⤵
  PID:1536
- C:\Windows\System\SyYBgDr.exe
  C:\Windows\System\SyYBgDr.exe
  2⤵
  PID:644
- C:\Windows\System\KibbtDn.exe
  C:\Windows\System\KibbtDn.exe
  2⤵
  PID:2384
- C:\Windows\System\WeUAASd.exe
  C:\Windows\System\WeUAASd.exe
  2⤵
  PID:5036
- C:\Windows\System\aKxyBSI.exe
  C:\Windows\System\aKxyBSI.exe
  2⤵
  PID:4128
- C:\Windows\System\TQfYyQD.exe
  C:\Windows\System\TQfYyQD.exe
  2⤵
  PID:1824
- C:\Windows\System\eUSGxGY.exe
  C:\Windows\System\eUSGxGY.exe
  2⤵
  PID:4304
- C:\Windows\System\HYMOwHO.exe
  C:\Windows\System\HYMOwHO.exe
  2⤵
  PID:4028
- C:\Windows\System\jHdQnYN.exe
  C:\Windows\System\jHdQnYN.exe
  2⤵
  PID:4348
- C:\Windows\System\zivZmwH.exe
  C:\Windows\System\zivZmwH.exe
  2⤵
  PID:4568
- C:\Windows\System\pkguePW.exe
  C:\Windows\System\pkguePW.exe
  2⤵
  PID:692
- C:\Windows\System\oDboBos.exe
  C:\Windows\System\oDboBos.exe
  2⤵
  PID:2208
- C:\Windows\System\emAaZxm.exe
  C:\Windows\System\emAaZxm.exe
  2⤵
  PID:2136
- C:\Windows\System\oNmKZlN.exe
  C:\Windows\System\oNmKZlN.exe
  2⤵
  PID:956
- C:\Windows\System\YLevjdl.exe
  C:\Windows\System\YLevjdl.exe
  2⤵
  PID:1928
- C:\Windows\System\SNDddIN.exe
  C:\Windows\System\SNDddIN.exe
  2⤵
  PID:2928
- C:\Windows\System\nGZJGIY.exe
  C:\Windows\System\nGZJGIY.exe
  2⤵
  PID:4656
- C:\Windows\System\BkMBdXf.exe
  C:\Windows\System\BkMBdXf.exe
  2⤵
  PID:2812
- C:\Windows\System\GCIxHHd.exe
  C:\Windows\System\GCIxHHd.exe
  2⤵
  PID:4732
- C:\Windows\System\fEdoBoK.exe
  C:\Windows\System\fEdoBoK.exe
  2⤵
  PID:1872
- C:\Windows\System\jBLKQbv.exe
  C:\Windows\System\jBLKQbv.exe
  2⤵
  PID:4896
- C:\Windows\System\viaHGVr.exe
  C:\Windows\System\viaHGVr.exe
  2⤵
  PID:5112
- C:\Windows\System\UuOSPbA.exe
  C:\Windows\System\UuOSPbA.exe
  2⤵
  PID:2720
- C:\Windows\System\CgxinAc.exe
  C:\Windows\System\CgxinAc.exe
  2⤵
  PID:408
- C:\Windows\System\amjIqIb.exe
  C:\Windows\System\amjIqIb.exe
  2⤵
  PID:4388
- C:\Windows\System\zVdOuIW.exe
  C:\Windows\System\zVdOuIW.exe
  2⤵
  PID:3020
- C:\Windows\System\FKxDOgJ.exe
  C:\Windows\System\FKxDOgJ.exe
  2⤵
  PID:4736
- C:\Windows\System\pexutSw.exe
  C:\Windows\System\pexutSw.exe
  2⤵
  PID:2172
- C:\Windows\System\frQnbow.exe
  C:\Windows\System\frQnbow.exe
  2⤵
  PID:1908
- C:\Windows\System\sEcjvAL.exe
  C:\Windows\System\sEcjvAL.exe
  2⤵
  PID:3000
- C:\Windows\System\hpbObVN.exe
  C:\Windows\System\hpbObVN.exe
  2⤵
  PID:4224
- C:\Windows\System\JVuchbG.exe
  C:\Windows\System\JVuchbG.exe
  2⤵
  PID:2340
- C:\Windows\System\TTvwvwV.exe
  C:\Windows\System\TTvwvwV.exe
  2⤵
  PID:5136
- C:\Windows\System\FVOmivD.exe
  C:\Windows\System\FVOmivD.exe
  2⤵
  PID:5152
- C:\Windows\System\LrKsKVd.exe
  C:\Windows\System\LrKsKVd.exe
  2⤵
  PID:5176
- C:\Windows\System\joreffz.exe
  C:\Windows\System\joreffz.exe
  2⤵
  PID:5192
- C:\Windows\System\QbhVUyB.exe
  C:\Windows\System\QbhVUyB.exe
  2⤵
  PID:5216
- C:\Windows\System\jJKFYZs.exe
  C:\Windows\System\jJKFYZs.exe
  2⤵
  PID:5232
- C:\Windows\System\aszfHzd.exe
  C:\Windows\System\aszfHzd.exe
  2⤵
  PID:5252
- C:\Windows\System\wZOixwJ.exe
  C:\Windows\System\wZOixwJ.exe
  2⤵
  PID:5268
- C:\Windows\System\FSfzNnp.exe
  C:\Windows\System\FSfzNnp.exe
  2⤵
  PID:5284
- C:\Windows\System\awbDiCQ.exe
  C:\Windows\System\awbDiCQ.exe
  2⤵
  PID:5300
- C:\Windows\System\OeNrmiQ.exe
  C:\Windows\System\OeNrmiQ.exe
  2⤵
  PID:5356
- C:\Windows\System\zSGVOAu.exe
  C:\Windows\System\zSGVOAu.exe
  2⤵
  PID:5372
- C:\Windows\System\VaRbzmI.exe
  C:\Windows\System\VaRbzmI.exe
  2⤵
  PID:5388
- C:\Windows\System\KnDHnRe.exe
  C:\Windows\System\KnDHnRe.exe
  2⤵
  PID:5404
- C:\Windows\System\cBTgPWa.exe
  C:\Windows\System\cBTgPWa.exe
  2⤵
  PID:5420
- C:\Windows\System\MdwhJhN.exe
  C:\Windows\System\MdwhJhN.exe
  2⤵
  PID:5444
- C:\Windows\System\niiEHrm.exe
  C:\Windows\System\niiEHrm.exe
  2⤵
  PID:5464
- C:\Windows\System\wFowJSZ.exe
  C:\Windows\System\wFowJSZ.exe
  2⤵
  PID:5480
- C:\Windows\System\mQrFaMn.exe
  C:\Windows\System\mQrFaMn.exe
  2⤵
  PID:5504
- C:\Windows\System\BZYdlMF.exe
  C:\Windows\System\BZYdlMF.exe
  2⤵
  PID:5524
- C:\Windows\System\Wjxjlpf.exe
  C:\Windows\System\Wjxjlpf.exe
  2⤵
  PID:5548
- C:\Windows\System\EePVLaC.exe
  C:\Windows\System\EePVLaC.exe
  2⤵
  PID:5568
- C:\Windows\System\Gaofpmx.exe
  C:\Windows\System\Gaofpmx.exe
  2⤵
  PID:5596
- C:\Windows\System\gMVgQtx.exe
  C:\Windows\System\gMVgQtx.exe
  2⤵
  PID:5612
- C:\Windows\System\YiiqbAx.exe
  C:\Windows\System\YiiqbAx.exe
  2⤵
  PID:5628
- C:\Windows\System\nxURNNP.exe
  C:\Windows\System\nxURNNP.exe
  2⤵
  PID:5648
- C:\Windows\System\zzTeoFo.exe
  C:\Windows\System\zzTeoFo.exe
  2⤵
  PID:5672
- C:\Windows\System\GulLKls.exe
  C:\Windows\System\GulLKls.exe
  2⤵
  PID:5688
- C:\Windows\System\VVrKvxw.exe
  C:\Windows\System\VVrKvxw.exe
  2⤵
  PID:5704
- C:\Windows\System\cvbOFqD.exe
  C:\Windows\System\cvbOFqD.exe
  2⤵
  PID:5720
- C:\Windows\System\JiHHGFw.exe
  C:\Windows\System\JiHHGFw.exe
  2⤵
  PID:5744
- C:\Windows\System\EEMOMMq.exe
  C:\Windows\System\EEMOMMq.exe
  2⤵
  PID:5768
- C:\Windows\System\arwRWQu.exe
  C:\Windows\System\arwRWQu.exe
  2⤵
  PID:5788
- C:\Windows\System\znzyOUK.exe
  C:\Windows\System\znzyOUK.exe
  2⤵
  PID:5812
- C:\Windows\System\fgtcwmI.exe
  C:\Windows\System\fgtcwmI.exe
  2⤵
  PID:5828
- C:\Windows\System\coffkwH.exe
  C:\Windows\System\coffkwH.exe
  2⤵
  PID:5844
- C:\Windows\System\pscdamr.exe
  C:\Windows\System\pscdamr.exe
  2⤵
  PID:5860
- C:\Windows\System\UyLQIZY.exe
  C:\Windows\System\UyLQIZY.exe
  2⤵
  PID:5876
- C:\Windows\System\LdRdpgk.exe
  C:\Windows\System\LdRdpgk.exe
  2⤵
  PID:5896
- C:\Windows\System\tZZTmzS.exe
  C:\Windows\System\tZZTmzS.exe
  2⤵
  PID:5912
- C:\Windows\System\kKyCpZH.exe
  C:\Windows\System\kKyCpZH.exe
  2⤵
  PID:5928
- C:\Windows\System\BJQTHUn.exe
  C:\Windows\System\BJQTHUn.exe
  2⤵
  PID:5944
- C:\Windows\System\JAkNnRV.exe
  C:\Windows\System\JAkNnRV.exe
  2⤵
  PID:5960
- C:\Windows\System\fMERhfQ.exe
  C:\Windows\System\fMERhfQ.exe
  2⤵
  PID:5976
- C:\Windows\System\NkUnYBC.exe
  C:\Windows\System\NkUnYBC.exe
  2⤵
  PID:6000
- C:\Windows\System\iVKdrbG.exe
  C:\Windows\System\iVKdrbG.exe
  2⤵
  PID:6016
- C:\Windows\System\ZgmjccZ.exe
  C:\Windows\System\ZgmjccZ.exe
  2⤵
  PID:6076
- C:\Windows\System\spDRuQj.exe
  C:\Windows\System\spDRuQj.exe
  2⤵
  PID:6092
- C:\Windows\System\TtdCCJa.exe
  C:\Windows\System\TtdCCJa.exe
  2⤵
  PID:6108
- C:\Windows\System\qfJgNxV.exe
  C:\Windows\System\qfJgNxV.exe
  2⤵
  PID:6124
- C:\Windows\System\hYdLIty.exe
  C:\Windows\System\hYdLIty.exe
  2⤵
  PID:5128
- C:\Windows\System\KtHDUok.exe
  C:\Windows\System\KtHDUok.exe
  2⤵
  PID:5200
- C:\Windows\System\EiNRLgC.exe
  C:\Windows\System\EiNRLgC.exe
  2⤵
  PID:5240
- C:\Windows\System\NJhnlyL.exe
  C:\Windows\System\NJhnlyL.exe
  2⤵
  PID:4424
- C:\Windows\System\aCUXwWi.exe
  C:\Windows\System\aCUXwWi.exe
  2⤵
  PID:4332
- C:\Windows\System\pukoQDK.exe
  C:\Windows\System\pukoQDK.exe
  2⤵
  PID:5184
- C:\Windows\System\eYFGMOj.exe
  C:\Windows\System\eYFGMOj.exe
  2⤵
  PID:5324
- C:\Windows\System\kpzxPQw.exe
  C:\Windows\System\kpzxPQw.exe
  2⤵
  PID:5352
- C:\Windows\System\cbNMODJ.exe
  C:\Windows\System\cbNMODJ.exe
  2⤵
  PID:5412
- C:\Windows\System\zIquQfZ.exe
  C:\Windows\System\zIquQfZ.exe
  2⤵
  PID:5456
- C:\Windows\System\fYSynam.exe
  C:\Windows\System\fYSynam.exe
  2⤵
  PID:5364
- C:\Windows\System\zceliQz.exe
  C:\Windows\System\zceliQz.exe
  2⤵
  PID:5532
- C:\Windows\System\UQmVreo.exe
  C:\Windows\System\UQmVreo.exe
  2⤵
  PID:5476
- C:\Windows\System\aTeupLc.exe
  C:\Windows\System\aTeupLc.exe
  2⤵
  PID:2120
- C:\Windows\System\bcsEHRU.exe
  C:\Windows\System\bcsEHRU.exe
  2⤵
  PID:5520
- C:\Windows\System\SwzBYPM.exe
  C:\Windows\System\SwzBYPM.exe
  2⤵
  PID:5588
- C:\Windows\System\gILtCAW.exe
  C:\Windows\System\gILtCAW.exe
  2⤵
  PID:5660
- C:\Windows\System\qCleCma.exe
  C:\Windows\System\qCleCma.exe
  2⤵
  PID:5640
- C:\Windows\System\FZoRObV.exe
  C:\Windows\System\FZoRObV.exe
  2⤵
  PID:5680
- C:\Windows\System\LBQcrus.exe
  C:\Windows\System\LBQcrus.exe
  2⤵
  PID:5732
- C:\Windows\System\LjwsfdM.exe
  C:\Windows\System\LjwsfdM.exe
  2⤵
  PID:5800
- C:\Windows\System\aNFvRQg.exe
  C:\Windows\System\aNFvRQg.exe
  2⤵
  PID:5756
- C:\Windows\System\MChWGBJ.exe
  C:\Windows\System\MChWGBJ.exe
  2⤵
  PID:5752
- C:\Windows\System\ZPzltnR.exe
  C:\Windows\System\ZPzltnR.exe
  2⤵
  PID:5868
- C:\Windows\System\BWqEqzd.exe
  C:\Windows\System\BWqEqzd.exe
  2⤵
  PID:6008
- C:\Windows\System\hllgOma.exe
  C:\Windows\System\hllgOma.exe
  2⤵
  PID:5892
- C:\Windows\System\EiifaSr.exe
  C:\Windows\System\EiifaSr.exe
  2⤵
  PID:5992
- C:\Windows\System\bMojMAt.exe
  C:\Windows\System\bMojMAt.exe
  2⤵
  PID:6036
- C:\Windows\System\qKTwvuL.exe
  C:\Windows\System\qKTwvuL.exe
  2⤵
  PID:6064
- C:\Windows\System\BKcGBqd.exe
  C:\Windows\System\BKcGBqd.exe
  2⤵
  PID:6120
- C:\Windows\System\IbZMRwH.exe
  C:\Windows\System\IbZMRwH.exe
  2⤵
  PID:5208
- C:\Windows\System\xijSVvt.exe
  C:\Windows\System\xijSVvt.exe
  2⤵
  PID:5164
- C:\Windows\System\VZSSFms.exe
  C:\Windows\System\VZSSFms.exe
  2⤵
  PID:1648
- C:\Windows\System\mqVcupz.exe
  C:\Windows\System\mqVcupz.exe
  2⤵
  PID:5248
- C:\Windows\System\QwqumHT.exe
  C:\Windows\System\QwqumHT.exe
  2⤵
  PID:5336
- C:\Windows\System\uTwpozh.exe
  C:\Windows\System\uTwpozh.exe
  2⤵
  PID:5576
- C:\Windows\System\zAzSZYq.exe
  C:\Windows\System\zAzSZYq.exe
  2⤵
  PID:5432
- C:\Windows\System\AWbJKoL.exe
  C:\Windows\System\AWbJKoL.exe
  2⤵
  PID:5624
- C:\Windows\System\bWRZFIX.exe
  C:\Windows\System\bWRZFIX.exe
  2⤵
  PID:5712
- C:\Windows\System\RxBdJai.exe
  C:\Windows\System\RxBdJai.exe
  2⤵
  PID:5292
- C:\Windows\System\wpfJbKS.exe
  C:\Windows\System\wpfJbKS.exe
  2⤵
  PID:5820
- C:\Windows\System\cCjjSNY.exe
  C:\Windows\System\cCjjSNY.exe
  2⤵
  PID:5760
- C:\Windows\System\ZrCMnGe.exe
  C:\Windows\System\ZrCMnGe.exe
  2⤵
  PID:5540
- C:\Windows\System\poZGLXL.exe
  C:\Windows\System\poZGLXL.exe
  2⤵
  PID:5668
- C:\Windows\System\BKiboLB.exe
  C:\Windows\System\BKiboLB.exe
  2⤵
  PID:5940
- C:\Windows\System\fXQxjWz.exe
  C:\Windows\System\fXQxjWz.exe
  2⤵
  PID:5920
- C:\Windows\System\qbfcTOZ.exe
  C:\Windows\System\qbfcTOZ.exe
  2⤵
  PID:6052
- C:\Windows\System\qXiodju.exe
  C:\Windows\System\qXiodju.exe
  2⤵
  PID:5308
- C:\Windows\System\tHulZtl.exe
  C:\Windows\System\tHulZtl.exe
  2⤵
  PID:5472
- C:\Windows\System\MKxLFtH.exe
  C:\Windows\System\MKxLFtH.exe
  2⤵
  PID:5700
- C:\Windows\System\nDDWubo.exe
  C:\Windows\System\nDDWubo.exe
  2⤵
  PID:6084
- C:\Windows\System\RCZjdLg.exe
  C:\Windows\System\RCZjdLg.exe
  2⤵
  PID:5460
- C:\Windows\System\jGUcZRx.exe
  C:\Windows\System\jGUcZRx.exe
  2⤵
  PID:5728
- C:\Windows\System\vVrbgis.exe
  C:\Windows\System\vVrbgis.exe
  2⤵
  PID:5852
- C:\Windows\System\VPFbZJl.exe
  C:\Windows\System\VPFbZJl.exe
  2⤵
  PID:5560
- C:\Windows\System\xYEdZrl.exe
  C:\Windows\System\xYEdZrl.exe
  2⤵
  PID:2968
- C:\Windows\System\ydWjukA.exe
  C:\Windows\System\ydWjukA.exe
  2⤵
  PID:5936
- C:\Windows\System\NekSisK.exe
  C:\Windows\System\NekSisK.exe
  2⤵
  PID:5396
- C:\Windows\System\DvftHgg.exe
  C:\Windows\System\DvftHgg.exe
  2⤵
  PID:5428
- C:\Windows\System\lkUeXMP.exe
  C:\Windows\System\lkUeXMP.exe
  2⤵
  PID:6104
- C:\Windows\System\JBuYTRf.exe
  C:\Windows\System\JBuYTRf.exe
  2⤵
  PID:6028
- C:\Windows\System\nsgsuoF.exe
  C:\Windows\System\nsgsuoF.exe
  2⤵
  PID:6024
- C:\Windows\System\lBGaotP.exe
  C:\Windows\System\lBGaotP.exe
  2⤵
  PID:5172
- C:\Windows\System\SqyJFsv.exe
  C:\Windows\System\SqyJFsv.exe
  2⤵
  PID:5684
- C:\Windows\System\XIHMMYR.exe
  C:\Windows\System\XIHMMYR.exe
  2⤵
  PID:5344
- C:\Windows\System\IjwivOL.exe
  C:\Windows\System\IjwivOL.exe
  2⤵
  PID:5956
- C:\Windows\System\kUmNqDC.exe
  C:\Windows\System\kUmNqDC.exe
  2⤵
  PID:5740
- C:\Windows\System\vVFnPnS.exe
  C:\Windows\System\vVFnPnS.exe
  2⤵
  PID:5908
- C:\Windows\System\CVxBhDZ.exe
  C:\Windows\System\CVxBhDZ.exe
  2⤵
  PID:5580
- C:\Windows\System\lChZDVs.exe
  C:\Windows\System\lChZDVs.exe
  2⤵
  PID:5320
- C:\Windows\System\PhVaJQH.exe
  C:\Windows\System\PhVaJQH.exe
  2⤵
  PID:5840
- C:\Windows\System\MZMRJST.exe
  C:\Windows\System\MZMRJST.exe
  2⤵
  PID:6160
- C:\Windows\System\DOmoIZo.exe
  C:\Windows\System\DOmoIZo.exe
  2⤵
  PID:6176
- C:\Windows\System\kRSMofU.exe
  C:\Windows\System\kRSMofU.exe
  2⤵
  PID:6196
- C:\Windows\System\mETnvpX.exe
  C:\Windows\System\mETnvpX.exe
  2⤵
  PID:6212
- C:\Windows\System\GCluXkZ.exe
  C:\Windows\System\GCluXkZ.exe
  2⤵
  PID:6236
- C:\Windows\System\hshqkVa.exe
  C:\Windows\System\hshqkVa.exe
  2⤵
  PID:6252
- C:\Windows\System\LjGnoOq.exe
  C:\Windows\System\LjGnoOq.exe
  2⤵
  PID:6268
- C:\Windows\System\wzCGJLW.exe
  C:\Windows\System\wzCGJLW.exe
  2⤵
  PID:6288
- C:\Windows\System\VOcSzps.exe
  C:\Windows\System\VOcSzps.exe
  2⤵
  PID:6308
- C:\Windows\System\uaOQNXT.exe
  C:\Windows\System\uaOQNXT.exe
  2⤵
  PID:6328
- C:\Windows\System\AwbDxUK.exe
  C:\Windows\System\AwbDxUK.exe
  2⤵
  PID:6372
- C:\Windows\System\IgezOeH.exe
  C:\Windows\System\IgezOeH.exe
  2⤵
  PID:6392
- C:\Windows\System\pllPdIo.exe
  C:\Windows\System\pllPdIo.exe
  2⤵
  PID:6408
- C:\Windows\System\GexuPgQ.exe
  C:\Windows\System\GexuPgQ.exe
  2⤵
  PID:6424
- C:\Windows\System\NAOGHnv.exe
  C:\Windows\System\NAOGHnv.exe
  2⤵
  PID:6440
- C:\Windows\System\jhYxdXI.exe
  C:\Windows\System\jhYxdXI.exe
  2⤵
  PID:6460
- C:\Windows\System\qqnQxvw.exe
  C:\Windows\System\qqnQxvw.exe
  2⤵
  PID:6480
- C:\Windows\System\sdlwtfK.exe
  C:\Windows\System\sdlwtfK.exe
  2⤵
  PID:6496
- C:\Windows\System\WVPQDnr.exe
  C:\Windows\System\WVPQDnr.exe
  2⤵
  PID:6512
- C:\Windows\System\NXYIqow.exe
  C:\Windows\System\NXYIqow.exe
  2⤵
  PID:6528
- C:\Windows\System\MUTCwgQ.exe
  C:\Windows\System\MUTCwgQ.exe
  2⤵
  PID:6544
- C:\Windows\System\MXLWEhO.exe
  C:\Windows\System\MXLWEhO.exe
  2⤵
  PID:6564
- C:\Windows\System\SiTvZAF.exe
  C:\Windows\System\SiTvZAF.exe
  2⤵
  PID:6584
- C:\Windows\System\OKVgNkU.exe
  C:\Windows\System\OKVgNkU.exe
  2⤵
  PID:6604
- C:\Windows\System\czehJdb.exe
  C:\Windows\System\czehJdb.exe
  2⤵
  PID:6620
- C:\Windows\System\UUMXNFr.exe
  C:\Windows\System\UUMXNFr.exe
  2⤵
  PID:6648
- C:\Windows\System\NQKsfoH.exe
  C:\Windows\System\NQKsfoH.exe
  2⤵
  PID:6668
- C:\Windows\System\xmACHAY.exe
  C:\Windows\System\xmACHAY.exe
  2⤵
  PID:6692
- C:\Windows\System\IDDBTMc.exe
  C:\Windows\System\IDDBTMc.exe
  2⤵
  PID:6720
- C:\Windows\System\blJrbgQ.exe
  C:\Windows\System\blJrbgQ.exe
  2⤵
  PID:6736
- C:\Windows\System\QNvKKPh.exe
  C:\Windows\System\QNvKKPh.exe
  2⤵
  PID:6756
- C:\Windows\System\rkNbFpU.exe
  C:\Windows\System\rkNbFpU.exe
  2⤵
  PID:6784
- C:\Windows\System\OFmddha.exe
  C:\Windows\System\OFmddha.exe
  2⤵
  PID:6800
- C:\Windows\System\hRRKIqz.exe
  C:\Windows\System\hRRKIqz.exe
  2⤵
  PID:6824
- C:\Windows\System\oqyvaEZ.exe
  C:\Windows\System\oqyvaEZ.exe
  2⤵
  PID:6844
- C:\Windows\System\bGZTsgZ.exe
  C:\Windows\System\bGZTsgZ.exe
  2⤵
  PID:6872
- C:\Windows\System\iTdJThk.exe
  C:\Windows\System\iTdJThk.exe
  2⤵
  PID:6892
- C:\Windows\System\kmgFPHn.exe
  C:\Windows\System\kmgFPHn.exe
  2⤵
  PID:6916
- C:\Windows\System\eFuTdQy.exe
  C:\Windows\System\eFuTdQy.exe
  2⤵
  PID:6936
- C:\Windows\System\XtgauLG.exe
  C:\Windows\System\XtgauLG.exe
  2⤵
  PID:6952
- C:\Windows\System\cAxDYUl.exe
  C:\Windows\System\cAxDYUl.exe
  2⤵
  PID:6976
- C:\Windows\System\jNvkSIq.exe
  C:\Windows\System\jNvkSIq.exe
  2⤵
  PID:6996
- C:\Windows\System\fhjAfIs.exe
  C:\Windows\System\fhjAfIs.exe
  2⤵
  PID:7016
- C:\Windows\System\AFxIIDH.exe
  C:\Windows\System\AFxIIDH.exe
  2⤵
  PID:7036
- C:\Windows\System\XQQFYZE.exe
  C:\Windows\System\XQQFYZE.exe
  2⤵
  PID:7060
- C:\Windows\System\hXbNtjE.exe
  C:\Windows\System\hXbNtjE.exe
  2⤵
  PID:7080
- C:\Windows\System\PDnCsOH.exe
  C:\Windows\System\PDnCsOH.exe
  2⤵
  PID:7096
- C:\Windows\System\GPFjjJr.exe
  C:\Windows\System\GPFjjJr.exe
  2⤵
  PID:7112
- C:\Windows\System\QrglfDd.exe
  C:\Windows\System\QrglfDd.exe
  2⤵
  PID:7128
- C:\Windows\System\olKBwiP.exe
  C:\Windows\System\olKBwiP.exe
  2⤵
  PID:7144
- C:\Windows\System\yjNNTLi.exe
  C:\Windows\System\yjNNTLi.exe
  2⤵
  PID:7160
- C:\Windows\System\ElaZjRP.exe
  C:\Windows\System\ElaZjRP.exe
  2⤵
  PID:5796
- C:\Windows\System\JgnnHur.exe
  C:\Windows\System\JgnnHur.exe
  2⤵
  PID:6172
- C:\Windows\System\jGFzGZr.exe
  C:\Windows\System\jGFzGZr.exe
  2⤵
  PID:6284
- C:\Windows\System\ytfjlgr.exe
  C:\Windows\System\ytfjlgr.exe
  2⤵
  PID:6152
- C:\Windows\System\nvlxCCM.exe
  C:\Windows\System\nvlxCCM.exe
  2⤵
  PID:6368
- C:\Windows\System\VxnaVOg.exe
  C:\Windows\System\VxnaVOg.exe
  2⤵
  PID:6220
- C:\Windows\System\bKXIeeB.exe
  C:\Windows\System\bKXIeeB.exe
  2⤵
  PID:6356
- C:\Windows\System\RIZzjeE.exe
  C:\Windows\System\RIZzjeE.exe
  2⤵
  PID:6336
- C:\Windows\System\mOnamto.exe
  C:\Windows\System\mOnamto.exe
  2⤵
  PID:6384
- C:\Windows\System\CwSGwns.exe
  C:\Windows\System\CwSGwns.exe
  2⤵
  PID:6472
- C:\Windows\System\ZwpQnym.exe
  C:\Windows\System\ZwpQnym.exe
  2⤵
  PID:6420
- C:\Windows\System\VxABosy.exe
  C:\Windows\System\VxABosy.exe
  2⤵
  PID:6488
- C:\Windows\System\VYKGIyz.exe
  C:\Windows\System\VYKGIyz.exe
  2⤵
  PID:6560
- C:\Windows\System\rhVCYOA.exe
  C:\Windows\System\rhVCYOA.exe
  2⤵
  PID:6632
- C:\Windows\System\DfZLYMa.exe
  C:\Windows\System\DfZLYMa.exe
  2⤵
  PID:6680
- C:\Windows\System\DjKrsRE.exe
  C:\Windows\System\DjKrsRE.exe
  2⤵
  PID:6728
- C:\Windows\System\nFwpUPN.exe
  C:\Windows\System\nFwpUPN.exe
  2⤵
  PID:6776
- C:\Windows\System\BbenPPA.exe
  C:\Windows\System\BbenPPA.exe
  2⤵
  PID:6812
- C:\Windows\System\BADQpTR.exe
  C:\Windows\System\BADQpTR.exe
  2⤵
  PID:6580
- C:\Windows\System\YpRPRis.exe
  C:\Windows\System\YpRPRis.exe
  2⤵
  PID:6612
- C:\Windows\System\VwVAqgr.exe
  C:\Windows\System\VwVAqgr.exe
  2⤵
  PID:6900
- C:\Windows\System\udVUvZB.exe
  C:\Windows\System\udVUvZB.exe
  2⤵
  PID:6712
- C:\Windows\System\NTqnvzz.exe
  C:\Windows\System\NTqnvzz.exe
  2⤵
  PID:6540
- C:\Windows\System\QjJIxgd.exe
  C:\Windows\System\QjJIxgd.exe
  2⤵
  PID:6944
- C:\Windows\System\OjERJDa.exe
  C:\Windows\System\OjERJDa.exe
  2⤵
  PID:6924
- C:\Windows\System\jWDIOiH.exe
  C:\Windows\System\jWDIOiH.exe
  2⤵
  PID:6972
- C:\Windows\System\UqBVwCd.exe
  C:\Windows\System\UqBVwCd.exe
  2⤵
  PID:7012
- C:\Windows\System\ghNNxDd.exe
  C:\Windows\System\ghNNxDd.exe
  2⤵
  PID:7032
- C:\Windows\System\vxRSXuY.exe
  C:\Windows\System\vxRSXuY.exe
  2⤵
  PID:7076
- C:\Windows\System\CtzwKgg.exe
  C:\Windows\System\CtzwKgg.exe
  2⤵
  PID:7088
- C:\Windows\System\cRJHiYn.exe
  C:\Windows\System\cRJHiYn.exe
  2⤵
  PID:5492
- C:\Windows\System\aFZRhdN.exe
  C:\Windows\System\aFZRhdN.exe
  2⤵
  PID:6248
- C:\Windows\System\ZfIeeoi.exe
  C:\Windows\System\ZfIeeoi.exe
  2⤵
  PID:6296
- C:\Windows\System\uNPQHAu.exe
  C:\Windows\System\uNPQHAu.exe
  2⤵
  PID:6404
- C:\Windows\System\vUmxBCO.exe
  C:\Windows\System\vUmxBCO.exe
  2⤵
  PID:6048
- C:\Windows\System\AozXGSs.exe
  C:\Windows\System\AozXGSs.exe
  2⤵
  PID:6324
- C:\Windows\System\MoHuHhx.exe
  C:\Windows\System\MoHuHhx.exe
  2⤵
  PID:6300
- C:\Windows\System\qchZqqa.exe
  C:\Windows\System\qchZqqa.exe
  2⤵
  PID:6536
- C:\Windows\System\INObdbf.exe
  C:\Windows\System\INObdbf.exe
  2⤵
  PID:6640
- C:\Windows\System\zpPWJOl.exe
  C:\Windows\System\zpPWJOl.exe
  2⤵
  PID:6552
- C:\Windows\System\MQZsZef.exe
  C:\Windows\System\MQZsZef.exe
  2⤵
  PID:6576
- C:\Windows\System\YpnLWNK.exe
  C:\Windows\System\YpnLWNK.exe
  2⤵
  PID:6840
- C:\Windows\System\hWwgliY.exe
  C:\Windows\System\hWwgliY.exe
  2⤵
  PID:6452
- C:\Windows\System\hKgJZlO.exe
  C:\Windows\System\hKgJZlO.exe
  2⤵
  PID:6748
- C:\Windows\System\bUAYkRm.exe
  C:\Windows\System\bUAYkRm.exe
  2⤵
  PID:6808
- C:\Windows\System\qZzXiKw.exe
  C:\Windows\System\qZzXiKw.exe
  2⤵
  PID:6912
- C:\Windows\System\bIBHInP.exe
  C:\Windows\System\bIBHInP.exe
  2⤵
  PID:6884
- C:\Windows\System\CxEZzJY.exe
  C:\Windows\System\CxEZzJY.exe
  2⤵
  PID:7004
- C:\Windows\System\DIAEFpy.exe
  C:\Windows\System\DIAEFpy.exe
  2⤵
  PID:7108
- C:\Windows\System\wJTvHXI.exe
  C:\Windows\System\wJTvHXI.exe
  2⤵
  PID:6968
- C:\Windows\System\SryHGJb.exe
  C:\Windows\System\SryHGJb.exe
  2⤵
  PID:7028
- C:\Windows\System\KIZxVmW.exe
  C:\Windows\System\KIZxVmW.exe
  2⤵
  PID:6232
- C:\Windows\System\tduQoFM.exe
  C:\Windows\System\tduQoFM.exe
  2⤵
  PID:6432
- C:\Windows\System\NhXcMjI.exe
  C:\Windows\System\NhXcMjI.exe
  2⤵
  PID:6192
- C:\Windows\System\itvulMm.exe
  C:\Windows\System\itvulMm.exe
  2⤵
  PID:1592
- C:\Windows\System\VfFTNEb.exe
  C:\Windows\System\VfFTNEb.exe
  2⤵
  PID:6468
- C:\Windows\System\rEfOmib.exe
  C:\Windows\System\rEfOmib.exe
  2⤵
  PID:6704
- C:\Windows\System\hxlWybn.exe
  C:\Windows\System\hxlWybn.exe
  2⤵
  PID:6708
- C:\Windows\System\KhBnLIc.exe
  C:\Windows\System\KhBnLIc.exe
  2⤵
  PID:6660
- C:\Windows\System\mrdsieZ.exe
  C:\Windows\System\mrdsieZ.exe
  2⤵
  PID:6752
- C:\Windows\System\lMfmBps.exe
  C:\Windows\System\lMfmBps.exe
  2⤵
  PID:6992
- C:\Windows\System\heAKmOy.exe
  C:\Windows\System\heAKmOy.exe
  2⤵
  PID:7136
- C:\Windows\System\aanZdhO.exe
  C:\Windows\System\aanZdhO.exe
  2⤵
  PID:7024
- C:\Windows\System\hhEpxMY.exe
  C:\Windows\System\hhEpxMY.exe
  2⤵
  PID:6524
- C:\Windows\System\nAVmXEs.exe
  C:\Windows\System\nAVmXEs.exe
  2⤵
  PID:6644
- C:\Windows\System\BHZLEgL.exe
  C:\Windows\System\BHZLEgL.exe
  2⤵
  PID:7156
- C:\Windows\System\cPYCRzE.exe
  C:\Windows\System\cPYCRzE.exe
  2⤵
  PID:6832
- C:\Windows\System\zEEQWYA.exe
  C:\Windows\System\zEEQWYA.exe
  2⤵
  PID:6868
- C:\Windows\System\WwmTVyA.exe
  C:\Windows\System\WwmTVyA.exe
  2⤵
  PID:6600
- C:\Windows\System\rorVWei.exe
  C:\Windows\System\rorVWei.exe
  2⤵
  PID:6504
- C:\Windows\System\TWpHCII.exe
  C:\Windows\System\TWpHCII.exe
  2⤵
  PID:6836
- C:\Windows\System\ouxNLsK.exe
  C:\Windows\System\ouxNLsK.exe
  2⤵
  PID:6260
- C:\Windows\System\rkkQeYc.exe
  C:\Windows\System\rkkQeYc.exe
  2⤵
  PID:6744
- C:\Windows\System\xZVIYda.exe
  C:\Windows\System\xZVIYda.exe
  2⤵
  PID:6768
- C:\Windows\System\jLhYZzh.exe
  C:\Windows\System\jLhYZzh.exe
  2⤵
  PID:6700
- C:\Windows\System\ehUocLr.exe
  C:\Windows\System\ehUocLr.exe
  2⤵
  PID:6208
- C:\Windows\System\odaZKJW.exe
  C:\Windows\System\odaZKJW.exe
  2⤵
  PID:7140
- C:\Windows\System\ENtIPRv.exe
  C:\Windows\System\ENtIPRv.exe
  2⤵
  PID:7184
- C:\Windows\System\vuiqnTZ.exe
  C:\Windows\System\vuiqnTZ.exe
  2⤵
  PID:7204
- C:\Windows\System\NRSPKMi.exe
  C:\Windows\System\NRSPKMi.exe
  2⤵
  PID:7232
- C:\Windows\System\XhRsGOA.exe
  C:\Windows\System\XhRsGOA.exe
  2⤵
  PID:7248
- C:\Windows\System\WFpSSbp.exe
  C:\Windows\System\WFpSSbp.exe
  2⤵
  PID:7268
- C:\Windows\System\EVhyTOG.exe
  C:\Windows\System\EVhyTOG.exe
  2⤵
  PID:7292
- C:\Windows\System\ruZOJGN.exe
  C:\Windows\System\ruZOJGN.exe
  2⤵
  PID:7308
- C:\Windows\System\HjCFCSN.exe
  C:\Windows\System\HjCFCSN.exe
  2⤵
  PID:7328
- C:\Windows\System\KIpjAfT.exe
  C:\Windows\System\KIpjAfT.exe
  2⤵
  PID:7352
- C:\Windows\System\EOEBDeP.exe
  C:\Windows\System\EOEBDeP.exe
  2⤵
  PID:7372
- C:\Windows\System\javzuyU.exe
  C:\Windows\System\javzuyU.exe
  2⤵
  PID:7388
- C:\Windows\System\feKwOin.exe
  C:\Windows\System\feKwOin.exe
  2⤵
  PID:7408
- C:\Windows\System\apGdJse.exe
  C:\Windows\System\apGdJse.exe
  2⤵
  PID:7424
- C:\Windows\System\UVpVNCk.exe
  C:\Windows\System\UVpVNCk.exe
  2⤵
  PID:7440
- C:\Windows\System\BASbYbb.exe
  C:\Windows\System\BASbYbb.exe
  2⤵
  PID:7464
- C:\Windows\System\kgQHQoP.exe
  C:\Windows\System\kgQHQoP.exe
  2⤵
  PID:7484
- C:\Windows\System\xdOmnoe.exe
  C:\Windows\System\xdOmnoe.exe
  2⤵
  PID:7504
- C:\Windows\System\RMsBaVH.exe
  C:\Windows\System\RMsBaVH.exe
  2⤵
  PID:7524
- C:\Windows\System\lxrUzBO.exe
  C:\Windows\System\lxrUzBO.exe
  2⤵
  PID:7540
- C:\Windows\System\gwdpbeK.exe
  C:\Windows\System\gwdpbeK.exe
  2⤵
  PID:7576
- C:\Windows\System\RBNusLc.exe
  C:\Windows\System\RBNusLc.exe
  2⤵
  PID:7592
- C:\Windows\System\qZlGXMY.exe
  C:\Windows\System\qZlGXMY.exe
  2⤵
  PID:7612
- C:\Windows\System\TgcabEH.exe
  C:\Windows\System\TgcabEH.exe
  2⤵
  PID:7628
- C:\Windows\System\XMDEImF.exe
  C:\Windows\System\XMDEImF.exe
  2⤵
  PID:7644
- C:\Windows\System\LxXmbpb.exe
  C:\Windows\System\LxXmbpb.exe
  2⤵
  PID:7672
- C:\Windows\System\IcverSq.exe
  C:\Windows\System\IcverSq.exe
  2⤵
  PID:7688
- C:\Windows\System\IPsIgpU.exe
  C:\Windows\System\IPsIgpU.exe
  2⤵
  PID:7708
- C:\Windows\System\HSJKInH.exe
  C:\Windows\System\HSJKInH.exe
  2⤵
  PID:7728
- C:\Windows\System\Hpplmao.exe
  C:\Windows\System\Hpplmao.exe
  2⤵
  PID:7744
- C:\Windows\System\qoSXICu.exe
  C:\Windows\System\qoSXICu.exe
  2⤵
  PID:7760
- C:\Windows\System\yyPArwj.exe
  C:\Windows\System\yyPArwj.exe
  2⤵
  PID:7780
- C:\Windows\System\AyoFRSb.exe
  C:\Windows\System\AyoFRSb.exe
  2⤵
  PID:7820
- C:\Windows\System\wSLdTuf.exe
  C:\Windows\System\wSLdTuf.exe
  2⤵
  PID:7836
- C:\Windows\System\OILHfLj.exe
  C:\Windows\System\OILHfLj.exe
  2⤵
  PID:7856
- C:\Windows\System\HtRfUAt.exe
  C:\Windows\System\HtRfUAt.exe
  2⤵
  PID:7872
- C:\Windows\System\ivSBvjc.exe
  C:\Windows\System\ivSBvjc.exe
  2⤵
  PID:7888
- C:\Windows\System\XcfIUFc.exe
  C:\Windows\System\XcfIUFc.exe
  2⤵
  PID:7908
- C:\Windows\System\aHUKGRA.exe
  C:\Windows\System\aHUKGRA.exe
  2⤵
  PID:7924
- C:\Windows\System\LCayUwF.exe
  C:\Windows\System\LCayUwF.exe
  2⤵
  PID:7944
- C:\Windows\System\jrKoFLJ.exe
  C:\Windows\System\jrKoFLJ.exe
  2⤵
  PID:7964
- C:\Windows\System\FXlhZly.exe
  C:\Windows\System\FXlhZly.exe
  2⤵
  PID:7980
- C:\Windows\System\GOAIHPK.exe
  C:\Windows\System\GOAIHPK.exe
  2⤵
  PID:8000
- C:\Windows\System\diGaQHY.exe
  C:\Windows\System\diGaQHY.exe
  2⤵
  PID:8016
- C:\Windows\System\VDRSxCw.exe
  C:\Windows\System\VDRSxCw.exe
  2⤵
  PID:8056
- C:\Windows\System\wbDCeJO.exe
  C:\Windows\System\wbDCeJO.exe
  2⤵
  PID:8076
- C:\Windows\System\ambeoTG.exe
  C:\Windows\System\ambeoTG.exe
  2⤵
  PID:8096
- C:\Windows\System\PJcZvOL.exe
  C:\Windows\System\PJcZvOL.exe
  2⤵
  PID:8116
- C:\Windows\System\YEmwtWJ.exe
  C:\Windows\System\YEmwtWJ.exe
  2⤵
  PID:8132
- C:\Windows\System\leLgqfN.exe
  C:\Windows\System\leLgqfN.exe
  2⤵
  PID:8152
- C:\Windows\System\VqWhwoY.exe
  C:\Windows\System\VqWhwoY.exe
  2⤵
  PID:8176
- C:\Windows\System\LjMiMEf.exe
  C:\Windows\System\LjMiMEf.exe
  2⤵
  PID:6492
- C:\Windows\System\tvHAAez.exe
  C:\Windows\System\tvHAAez.exe
  2⤵
  PID:6880
- C:\Windows\System\WoYWlyf.exe
  C:\Windows\System\WoYWlyf.exe
  2⤵
  PID:7172
- C:\Windows\System\cNrvhLv.exe
  C:\Windows\System\cNrvhLv.exe
  2⤵
  PID:7212
- C:\Windows\System\jdepCYh.exe
  C:\Windows\System\jdepCYh.exe
  2⤵
  PID:7280
- C:\Windows\System\FzVoQLs.exe
  C:\Windows\System\FzVoQLs.exe
  2⤵
  PID:7320
- C:\Windows\System\bfPdcsy.exe
  C:\Windows\System\bfPdcsy.exe
  2⤵
  PID:7336
- C:\Windows\System\kQYKinT.exe
  C:\Windows\System\kQYKinT.exe
  2⤵
  PID:7368
- C:\Windows\System\uYufYtO.exe
  C:\Windows\System\uYufYtO.exe
  2⤵
  PID:7348
- C:\Windows\System\viJPbyt.exe
  C:\Windows\System\viJPbyt.exe
  2⤵
  PID:7476
- C:\Windows\System\mgqluyk.exe
  C:\Windows\System\mgqluyk.exe
  2⤵
  PID:7520
- C:\Windows\System\jvFVwLJ.exe
  C:\Windows\System\jvFVwLJ.exe
  2⤵
  PID:7452
- C:\Windows\System\sYeuzef.exe
  C:\Windows\System\sYeuzef.exe
  2⤵
  PID:7420
- C:\Windows\System\HpfrrLE.exe
  C:\Windows\System\HpfrrLE.exe
  2⤵
  PID:7532
- C:\Windows\System\rixzKJD.exe
  C:\Windows\System\rixzKJD.exe
  2⤵
  PID:7176
- C:\Windows\System\oQgLBdz.exe
  C:\Windows\System\oQgLBdz.exe
  2⤵
  PID:7624
- C:\Windows\System\pfdgDiN.exe
  C:\Windows\System\pfdgDiN.exe
  2⤵
  PID:7724
- C:\Windows\System\OmpcQsp.exe
  C:\Windows\System\OmpcQsp.exe
  2⤵
  PID:7788
- C:\Windows\System\jdlFLbn.exe
  C:\Windows\System\jdlFLbn.exe
  2⤵
  PID:7812
- C:\Windows\System\KJjjRPk.exe
  C:\Windows\System\KJjjRPk.exe
  2⤵
  PID:7696
- C:\Windows\System\eknxTTa.exe
  C:\Windows\System\eknxTTa.exe
  2⤵
  PID:7740
- C:\Windows\System\poVNQwh.exe
  C:\Windows\System\poVNQwh.exe
  2⤵
  PID:7848
- C:\Windows\System\VcwnlUs.exe
  C:\Windows\System\VcwnlUs.exe
  2⤵
  PID:7920
- C:\Windows\System\UbILmuz.exe
  C:\Windows\System\UbILmuz.exe
  2⤵
  PID:7992
- C:\Windows\System\lUQPLOK.exe
  C:\Windows\System\lUQPLOK.exe
  2⤵
  PID:8040
- C:\Windows\System\OtflvMC.exe
  C:\Windows\System\OtflvMC.exe
  2⤵
  PID:8028
- C:\Windows\System\JCvByPF.exe
  C:\Windows\System\JCvByPF.exe
  2⤵
  PID:7900
- C:\Windows\System\bhJfQId.exe
  C:\Windows\System\bhJfQId.exe
  2⤵
  PID:7936
- C:\Windows\System\dJUIzjJ.exe
  C:\Windows\System\dJUIzjJ.exe
  2⤵
  PID:8064
- C:\Windows\System\BNgejfR.exe
  C:\Windows\System\BNgejfR.exe
  2⤵
  PID:8124
- C:\Windows\System\GglYBSG.exe
  C:\Windows\System\GglYBSG.exe
  2⤵
  PID:8168
- C:\Windows\System\mxLCwmj.exe
  C:\Windows\System\mxLCwmj.exe
  2⤵
  PID:7240
- C:\Windows\System\CVonGYD.exe
  C:\Windows\System\CVonGYD.exe
  2⤵
  PID:8112
- C:\Windows\System\BpppADo.exe
  C:\Windows\System\BpppADo.exe
  2⤵
  PID:8140
- C:\Windows\System\sntqIzJ.exe
  C:\Windows\System\sntqIzJ.exe
  2⤵
  PID:8188
- C:\Windows\System\jKnXBJU.exe
  C:\Windows\System\jKnXBJU.exe
  2⤵
  PID:7276
- C:\Windows\System\CGbIOrq.exe
  C:\Windows\System\CGbIOrq.exe
  2⤵
  PID:7436
- C:\Windows\System\DNMhwDB.exe
  C:\Windows\System\DNMhwDB.exe
  2⤵
  PID:7552
- C:\Windows\System\maopqSe.exe
  C:\Windows\System\maopqSe.exe
  2⤵
  PID:7496
- C:\Windows\System\ZSlnbgE.exe
  C:\Windows\System\ZSlnbgE.exe
  2⤵
  PID:7404
- C:\Windows\System\HNQnDTR.exe
  C:\Windows\System\HNQnDTR.exe
  2⤵
  PID:7752
- C:\Windows\System\LAOyTah.exe
  C:\Windows\System\LAOyTah.exe
  2⤵
  PID:7460
- C:\Windows\System\UDJJabi.exe
  C:\Windows\System\UDJJabi.exe
  2⤵
  PID:7640
- C:\Windows\System\uRDuXFh.exe
  C:\Windows\System\uRDuXFh.exe
  2⤵
  PID:7656
- C:\Windows\System\cnUinbf.exe
  C:\Windows\System\cnUinbf.exe
  2⤵
  PID:7776
- C:\Windows\System\NqaABCb.exe
  C:\Windows\System\NqaABCb.exe
  2⤵
  PID:7960
- C:\Windows\System\hWrBBvU.exe
  C:\Windows\System\hWrBBvU.exe
  2⤵
  PID:7804
- C:\Windows\System\JCeiMkb.exe
  C:\Windows\System\JCeiMkb.exe
  2⤵
  PID:7916
- C:\Windows\System\zFjvLhb.exe
  C:\Windows\System\zFjvLhb.exe
  2⤵
  PID:8092
- C:\Windows\System\IuMAuMc.exe
  C:\Windows\System\IuMAuMc.exe
  2⤵
  PID:7868
- C:\Windows\System\uhgVRLX.exe
  C:\Windows\System\uhgVRLX.exe
  2⤵
  PID:7972
- C:\Windows\System\wvlPjYc.exe
  C:\Windows\System\wvlPjYc.exe
  2⤵
  PID:7192
- C:\Windows\System\IxAWuKP.exe
  C:\Windows\System\IxAWuKP.exe
  2⤵
  PID:7324
- C:\Windows\System\BzIoBFC.exe
  C:\Windows\System\BzIoBFC.exe
  2⤵
  PID:7816
- C:\Windows\System\DArgSYF.exe
  C:\Windows\System\DArgSYF.exe
  2⤵
  PID:7180
- C:\Windows\System\WGmdXjW.exe
  C:\Windows\System\WGmdXjW.exe
  2⤵
  PID:8052
- C:\Windows\System\kpXnrVO.exe
  C:\Windows\System\kpXnrVO.exe
  2⤵
  PID:8072
- C:\Windows\System\tuSjMQc.exe
  C:\Windows\System\tuSjMQc.exe
  2⤵
  PID:7224
- C:\Windows\System\QLXitEI.exe
  C:\Windows\System\QLXitEI.exe
  2⤵
  PID:7556
- C:\Windows\System\MsMifYd.exe
  C:\Windows\System\MsMifYd.exe
  2⤵
  PID:8048
- C:\Windows\System\cFlajuI.exe
  C:\Windows\System\cFlajuI.exe
  2⤵
  PID:7800
- C:\Windows\System\vaMVjzR.exe
  C:\Windows\System\vaMVjzR.exe
  2⤵
  PID:8036
- C:\Windows\System\MxeLqet.exe
  C:\Windows\System\MxeLqet.exe
  2⤵
  PID:7360
- C:\Windows\System\YcvkCzp.exe
  C:\Windows\System\YcvkCzp.exe
  2⤵
  PID:7456
- C:\Windows\System\XZXUTtr.exe
  C:\Windows\System\XZXUTtr.exe
  2⤵
  PID:7588
- C:\Windows\System\uCtauhH.exe
  C:\Windows\System\uCtauhH.exe
  2⤵
  PID:7664
- C:\Windows\System\jrgEAEK.exe
  C:\Windows\System\jrgEAEK.exe
  2⤵
  PID:7976
- C:\Windows\System\qCJdalj.exe
  C:\Windows\System\qCJdalj.exe
  2⤵
  PID:7884
- C:\Windows\System\FgScYkm.exe
  C:\Windows\System\FgScYkm.exe
  2⤵
  PID:7200
- C:\Windows\System\dTxhJcA.exe
  C:\Windows\System\dTxhJcA.exe
  2⤵
  PID:7772
- C:\Windows\System\OmvevAg.exe
  C:\Windows\System\OmvevAg.exe
  2⤵
  PID:7560
- C:\Windows\System\ZdlzsyV.exe
  C:\Windows\System\ZdlzsyV.exe
  2⤵
  PID:7492
- C:\Windows\System\fKGnSjE.exe
  C:\Windows\System\fKGnSjE.exe
  2⤵
  PID:8148
- C:\Windows\System\VQVHAOw.exe
  C:\Windows\System\VQVHAOw.exe
  2⤵
  PID:7716
- C:\Windows\System\OpspTDq.exe
  C:\Windows\System\OpspTDq.exe
  2⤵
  PID:8108
- C:\Windows\System\yXhHMAT.exe
  C:\Windows\System\yXhHMAT.exe
  2⤵
  PID:7864
- C:\Windows\System\OVJTttP.exe
  C:\Windows\System\OVJTttP.exe
  2⤵
  PID:7844
- C:\Windows\System\vaRQCqv.exe
  C:\Windows\System\vaRQCqv.exe
  2⤵
  PID:8216
- C:\Windows\System\qbpYHER.exe
  C:\Windows\System\qbpYHER.exe
  2⤵
  PID:8236
- C:\Windows\System\yvgMuoA.exe
  C:\Windows\System\yvgMuoA.exe
  2⤵
  PID:8256
- C:\Windows\System\kVNnGrq.exe
  C:\Windows\System\kVNnGrq.exe
  2⤵
  PID:8272
- C:\Windows\System\rPZNfkI.exe
  C:\Windows\System\rPZNfkI.exe
  2⤵
  PID:8292
- C:\Windows\System\NQXvzDw.exe
  C:\Windows\System\NQXvzDw.exe
  2⤵
  PID:8316
- C:\Windows\System\ypkscXc.exe
  C:\Windows\System\ypkscXc.exe
  2⤵
  PID:8340
- C:\Windows\System\hReiQXu.exe
  C:\Windows\System\hReiQXu.exe
  2⤵
  PID:8364
- C:\Windows\System\kgOZRCa.exe
  C:\Windows\System\kgOZRCa.exe
  2⤵
  PID:8384
- C:\Windows\System\GfcceOa.exe
  C:\Windows\System\GfcceOa.exe
  2⤵
  PID:8440
- C:\Windows\System\QiCzwCi.exe
  C:\Windows\System\QiCzwCi.exe
  2⤵
  PID:8456
- C:\Windows\System\tbpFZcZ.exe
  C:\Windows\System\tbpFZcZ.exe
  2⤵
  PID:8476
- C:\Windows\System\XMwqZTO.exe
  C:\Windows\System\XMwqZTO.exe
  2⤵
  PID:8496
- C:\Windows\System\pKGEjpU.exe
  C:\Windows\System\pKGEjpU.exe
  2⤵
  PID:8520
- C:\Windows\System\xEUhugP.exe
  C:\Windows\System\xEUhugP.exe
  2⤵
  PID:8536
- C:\Windows\System\jwsQwXW.exe
  C:\Windows\System\jwsQwXW.exe
  2⤵
  PID:8552
- C:\Windows\System\rMKFZuk.exe
  C:\Windows\System\rMKFZuk.exe
  2⤵
  PID:8572
- C:\Windows\System\GQssnCr.exe
  C:\Windows\System\GQssnCr.exe
  2⤵
  PID:8592
- C:\Windows\System\gQBDRzv.exe
  C:\Windows\System\gQBDRzv.exe
  2⤵
  PID:8612
- C:\Windows\System\KVdomRr.exe
  C:\Windows\System\KVdomRr.exe
  2⤵
  PID:8628
- C:\Windows\System\VCgPOtL.exe
  C:\Windows\System\VCgPOtL.exe
  2⤵
  PID:8644
- C:\Windows\System\UXmCqwi.exe
  C:\Windows\System\UXmCqwi.exe
  2⤵
  PID:8660
- C:\Windows\System\LkFNkcB.exe
  C:\Windows\System\LkFNkcB.exe
  2⤵
  PID:8676
- C:\Windows\System\dqENgdB.exe
  C:\Windows\System\dqENgdB.exe
  2⤵
  PID:8692
- C:\Windows\System\HpfBXMI.exe
  C:\Windows\System\HpfBXMI.exe
  2⤵
  PID:8708
- C:\Windows\System\YUSYwZy.exe
  C:\Windows\System\YUSYwZy.exe
  2⤵
  PID:8724
- C:\Windows\System\TRtZPLm.exe
  C:\Windows\System\TRtZPLm.exe
  2⤵
  PID:8740
- C:\Windows\System\tXToTHf.exe
  C:\Windows\System\tXToTHf.exe
  2⤵
  PID:8756
- C:\Windows\System\zeaHTHl.exe
  C:\Windows\System\zeaHTHl.exe
  2⤵
  PID:8776
- C:\Windows\System\RLWhIxn.exe
  C:\Windows\System\RLWhIxn.exe
  2⤵
  PID:8792
- C:\Windows\System\EHBDXFF.exe
  C:\Windows\System\EHBDXFF.exe
  2⤵
  PID:8808
- C:\Windows\System\uvqXCGP.exe
  C:\Windows\System\uvqXCGP.exe
  2⤵
  PID:8832
- C:\Windows\System\TIFXLnj.exe
  C:\Windows\System\TIFXLnj.exe
  2⤵
  PID:8852
- C:\Windows\System\lrTmAjf.exe
  C:\Windows\System\lrTmAjf.exe
  2⤵
  PID:8892
- C:\Windows\System\dzPsEFP.exe
  C:\Windows\System\dzPsEFP.exe
  2⤵
  PID:8924
- C:\Windows\System\KaLMlsf.exe
  C:\Windows\System\KaLMlsf.exe
  2⤵
  PID:8952
- C:\Windows\System\hxGgxXJ.exe
  C:\Windows\System\hxGgxXJ.exe
  2⤵
  PID:8984
- C:\Windows\System\mdSIMRm.exe
  C:\Windows\System\mdSIMRm.exe
  2⤵
  PID:9000
- C:\Windows\System\GMWhkkc.exe
  C:\Windows\System\GMWhkkc.exe
  2⤵
  PID:9016
- C:\Windows\System\ivUxmVS.exe
  C:\Windows\System\ivUxmVS.exe
  2⤵
  PID:9044
- C:\Windows\System\VuTffjC.exe
  C:\Windows\System\VuTffjC.exe
  2⤵
  PID:9060
- C:\Windows\System\ExMowiC.exe
  C:\Windows\System\ExMowiC.exe
  2⤵
  PID:9076
- C:\Windows\System\zECZqft.exe
  C:\Windows\System\zECZqft.exe
  2⤵
  PID:9092
- C:\Windows\System\WQIpfMG.exe
  C:\Windows\System\WQIpfMG.exe
  2⤵
  PID:9108
- C:\Windows\System\UOiNgJB.exe
  C:\Windows\System\UOiNgJB.exe
  2⤵
  PID:9124
- C:\Windows\System\UKBIzub.exe
  C:\Windows\System\UKBIzub.exe
  2⤵
  PID:9144
- C:\Windows\System\Zulbune.exe
  C:\Windows\System\Zulbune.exe
  2⤵
  PID:9168
- C:\Windows\System\KzECauh.exe
  C:\Windows\System\KzECauh.exe
  2⤵
  PID:9184
- C:\Windows\System\vKSKloV.exe
  C:\Windows\System\vKSKloV.exe
  2⤵
  PID:9204
- C:\Windows\System\lNkPyLg.exe
  C:\Windows\System\lNkPyLg.exe
  2⤵
  PID:8164
- C:\Windows\System\cMxerGn.exe
  C:\Windows\System\cMxerGn.exe
  2⤵
  PID:8248
- C:\Windows\System\GMenvlm.exe
  C:\Windows\System\GMenvlm.exe
  2⤵
  PID:7364
- C:\Windows\System\FRzHQOt.exe
  C:\Windows\System\FRzHQOt.exe
  2⤵
  PID:8268
- C:\Windows\System\lsqJOCh.exe
  C:\Windows\System\lsqJOCh.exe
  2⤵
  PID:8312
- C:\Windows\System\DEjgQdt.exe
  C:\Windows\System\DEjgQdt.exe
  2⤵
  PID:8348
- C:\Windows\System\rpYDVFy.exe
  C:\Windows\System\rpYDVFy.exe
  2⤵
  PID:8436
- C:\Windows\System\RyWINVL.exe
  C:\Windows\System\RyWINVL.exe
  2⤵
  PID:8468
- C:\Windows\System\DKSAKqH.exe
  C:\Windows\System\DKSAKqH.exe
  2⤵
  PID:8512
- C:\Windows\System\bXQUkAH.exe
  C:\Windows\System\bXQUkAH.exe
  2⤵
  PID:8508
- C:\Windows\System\OYlgosH.exe
  C:\Windows\System\OYlgosH.exe
  2⤵
  PID:8548
- C:\Windows\System\pOcVCMw.exe
  C:\Windows\System\pOcVCMw.exe
  2⤵
  PID:8532
- C:\Windows\System\QUANilH.exe
  C:\Windows\System\QUANilH.exe
  2⤵
  PID:8564
- C:\Windows\System\UHYewYr.exe
  C:\Windows\System\UHYewYr.exe
  2⤵
  PID:8604
- C:\Windows\System\ZjiIZwn.exe
  C:\Windows\System\ZjiIZwn.exe
  2⤵
  PID:8668
- C:\Windows\System\jRtMgRh.exe
  C:\Windows\System\jRtMgRh.exe
  2⤵
  PID:8784
- C:\Windows\System\XjIVUwZ.exe
  C:\Windows\System\XjIVUwZ.exe
  2⤵
  PID:8732
- C:\Windows\System\EViMxTa.exe
  C:\Windows\System\EViMxTa.exe
  2⤵
  PID:8800
- C:\Windows\System\arHWRxB.exe
  C:\Windows\System\arHWRxB.exe
  2⤵
  PID:8860
- C:\Windows\System\PwQTvSs.exe
  C:\Windows\System\PwQTvSs.exe
  2⤵
  PID:8888
- C:\Windows\System\PNOUJHx.exe
  C:\Windows\System\PNOUJHx.exe
  2⤵
  PID:8904
- C:\Windows\System\EWoKcMF.exe
  C:\Windows\System\EWoKcMF.exe
  2⤵
  PID:8920
- C:\Windows\System\JYzHgzu.exe
  C:\Windows\System\JYzHgzu.exe
  2⤵
  PID:8980
- C:\Windows\System\whMTcIi.exe
  C:\Windows\System\whMTcIi.exe
  2⤵
  PID:9024
- C:\Windows\System\uznfBbJ.exe
  C:\Windows\System\uznfBbJ.exe
  2⤵
  PID:9040
- C:\Windows\System\aTdGEJZ.exe
  C:\Windows\System\aTdGEJZ.exe
  2⤵
  PID:9132
- C:\Windows\System\wiRnjkV.exe
  C:\Windows\System\wiRnjkV.exe
  2⤵
  PID:9180
- C:\Windows\System\AHdxDdQ.exe
  C:\Windows\System\AHdxDdQ.exe
  2⤵
  PID:9196
- C:\Windows\System\CgjqOnC.exe
  C:\Windows\System\CgjqOnC.exe
  2⤵
  PID:9052
- C:\Windows\System\RsHxqar.exe
  C:\Windows\System\RsHxqar.exe
  2⤵
  PID:8200
- C:\Windows\System\BOVzkXL.exe
  C:\Windows\System\BOVzkXL.exe
  2⤵
  PID:9160
- C:\Windows\System\RpxDWVd.exe
  C:\Windows\System\RpxDWVd.exe
  2⤵
  PID:8280
- C:\Windows\System\JwShzki.exe
  C:\Windows\System\JwShzki.exe
  2⤵
  PID:8324
- C:\Windows\System\WlkSVgm.exe
  C:\Windows\System\WlkSVgm.exe
  2⤵
  PID:8528
- C:\Windows\System\cJSqijg.exe
  C:\Windows\System\cJSqijg.exe
  2⤵
  PID:8560
- C:\Windows\System\rroJliX.exe
  C:\Windows\System\rroJliX.exe
  2⤵
  PID:8452
- C:\Windows\System\kedRbkT.exe
  C:\Windows\System\kedRbkT.exe
  2⤵
  PID:8656
- C:\Windows\System\hNXpYec.exe
  C:\Windows\System\hNXpYec.exe
  2⤵
  PID:8828
- C:\Windows\System\qVKakrH.exe
  C:\Windows\System\qVKakrH.exe
  2⤵
  PID:8684
- C:\Windows\System\UPbYQVL.exe
  C:\Windows\System\UPbYQVL.exe
  2⤵
  PID:8700
- C:\Windows\System\RlblAug.exe
  C:\Windows\System\RlblAug.exe
  2⤵
  PID:8900
- C:\Windows\System\ZnmdICA.exe
  C:\Windows\System\ZnmdICA.exe
  2⤵
  PID:8872
- C:\Windows\System\NFTxUsT.exe
  C:\Windows\System\NFTxUsT.exe
  2⤵
  PID:8884
- C:\Windows\System\tsVRTmS.exe
  C:\Windows\System\tsVRTmS.exe
  2⤵
  PID:8964
- C:\Windows\System\DVBohqE.exe
  C:\Windows\System\DVBohqE.exe
  2⤵
  PID:8868
- C:\Windows\System\BpNNUMA.exe
  C:\Windows\System\BpNNUMA.exe
  2⤵
  PID:9072
- C:\Windows\System\yVefvOb.exe
  C:\Windows\System\yVefvOb.exe
  2⤵
  PID:1004
- C:\Windows\System\KRawJQP.exe
  C:\Windows\System\KRawJQP.exe
  2⤵
  PID:8284
- C:\Windows\System\fAaYbwr.exe
  C:\Windows\System\fAaYbwr.exe
  2⤵
  PID:8336
- C:\Windows\System\aapmyva.exe
  C:\Windows\System\aapmyva.exe
  2⤵
  PID:8308
- C:\Windows\System\LiwyxhR.exe
  C:\Windows\System\LiwyxhR.exe
  2⤵
  PID:8412
- C:\Windows\System\YEbckAZ.exe
  C:\Windows\System\YEbckAZ.exe
  2⤵
  PID:8464
- C:\Windows\System\fXjXOfh.exe
  C:\Windows\System\fXjXOfh.exe
  2⤵
  PID:8652
- C:\Windows\System\WYzMCXr.exe
  C:\Windows\System\WYzMCXr.exe
  2⤵
  PID:8976
- C:\Windows\System\MnWntDc.exe
  C:\Windows\System\MnWntDc.exe
  2⤵
  PID:8916
- C:\Windows\System\hmQBcVG.exe
  C:\Windows\System\hmQBcVG.exe
  2⤵
  PID:8940
- C:\Windows\System\nDpJPNk.exe
  C:\Windows\System\nDpJPNk.exe
  2⤵
  PID:8972
- C:\Windows\System\YpEAzKT.exe
  C:\Windows\System\YpEAzKT.exe
  2⤵
  PID:9056
- C:\Windows\System\CPoccZn.exe
  C:\Windows\System\CPoccZn.exe
  2⤵
  PID:9152
- C:\Windows\System\qpvZNPb.exe
  C:\Windows\System\qpvZNPb.exe
  2⤵
  PID:8824
- C:\Windows\System\pzQybFF.exe
  C:\Windows\System\pzQybFF.exe
  2⤵
  PID:8932
- C:\Windows\System\cQiZOMB.exe
  C:\Windows\System\cQiZOMB.exe
  2⤵
  PID:8244
- C:\Windows\System\UYgVPeK.exe
  C:\Windows\System\UYgVPeK.exe
  2⤵
  PID:9032
- C:\Windows\System\AYjBEYh.exe
  C:\Windows\System\AYjBEYh.exe
  2⤵
  PID:8788
- C:\Windows\System\FJapUur.exe
  C:\Windows\System\FJapUur.exe
  2⤵
  PID:8232
- C:\Windows\System\VbtTKNs.exe
  C:\Windows\System\VbtTKNs.exe
  2⤵
  PID:9156
- C:\Windows\System\USMvTjm.exe
  C:\Windows\System\USMvTjm.exe
  2⤵
  PID:8716
- C:\Windows\System\rsgkTGJ.exe
  C:\Windows\System\rsgkTGJ.exe
  2⤵
  PID:8404
- C:\Windows\System\EzmdGtE.exe
  C:\Windows\System\EzmdGtE.exe
  2⤵
  PID:8752
- C:\Windows\System\TNUwyHp.exe
  C:\Windows\System\TNUwyHp.exe
  2⤵
  PID:8876
- C:\Windows\System\mJrlhpK.exe
  C:\Windows\System\mJrlhpK.exe
  2⤵
  PID:9232
- C:\Windows\System\ebhPjam.exe
  C:\Windows\System\ebhPjam.exe
  2⤵
  PID:9256
- C:\Windows\System\zFZriuj.exe
  C:\Windows\System\zFZriuj.exe
  2⤵
  PID:9276
- C:\Windows\System\mUUoPDp.exe
  C:\Windows\System\mUUoPDp.exe
  2⤵
  PID:9296
- C:\Windows\System\UKkrbLE.exe
  C:\Windows\System\UKkrbLE.exe
  2⤵
  PID:9344
- C:\Windows\System\dRIkpsm.exe
  C:\Windows\System\dRIkpsm.exe
  2⤵
  PID:9368
- C:\Windows\System\iVaXsak.exe
  C:\Windows\System\iVaXsak.exe
  2⤵
  PID:9388
- C:\Windows\System\YzqHNqQ.exe
  C:\Windows\System\YzqHNqQ.exe
  2⤵
  PID:9408
- C:\Windows\System\cgJzYHz.exe
  C:\Windows\System\cgJzYHz.exe
  2⤵
  PID:9428
- C:\Windows\System\cXfUlwm.exe
  C:\Windows\System\cXfUlwm.exe
  2⤵
  PID:9448
- C:\Windows\System\uszwRHy.exe
  C:\Windows\System\uszwRHy.exe
  2⤵
  PID:9468
- C:\Windows\System\TlVzXHC.exe
  C:\Windows\System\TlVzXHC.exe
  2⤵
  PID:9488
- C:\Windows\System\feZblBh.exe
  C:\Windows\System\feZblBh.exe
  2⤵
  PID:9508
- C:\Windows\System\FZHLjGO.exe
  C:\Windows\System\FZHLjGO.exe
  2⤵
  PID:9524
- C:\Windows\System\CfDgSMa.exe
  C:\Windows\System\CfDgSMa.exe
  2⤵
  PID:9548
- C:\Windows\System\GLNBEcg.exe
  C:\Windows\System\GLNBEcg.exe
  2⤵
  PID:9568
- C:\Windows\System\GZiqSIi.exe
  C:\Windows\System\GZiqSIi.exe
  2⤵
  PID:9584
- C:\Windows\System\YlXkKGy.exe
  C:\Windows\System\YlXkKGy.exe
  2⤵
  PID:9608
- C:\Windows\System\xGKaAeu.exe
  C:\Windows\System\xGKaAeu.exe
  2⤵
  PID:9624
- C:\Windows\System\HCRBzBI.exe
  C:\Windows\System\HCRBzBI.exe
  2⤵
  PID:9644
- C:\Windows\System\teRDaLM.exe
  C:\Windows\System\teRDaLM.exe
  2⤵
  PID:9660
- C:\Windows\System\nnpJWAv.exe
  C:\Windows\System\nnpJWAv.exe
  2⤵
  PID:9676
- C:\Windows\System\DrtQkuL.exe
  C:\Windows\System\DrtQkuL.exe
  2⤵
  PID:9700
- C:\Windows\System\wUeSaup.exe
  C:\Windows\System\wUeSaup.exe
  2⤵
  PID:9720
- C:\Windows\System\blwGyTP.exe
  C:\Windows\System\blwGyTP.exe
  2⤵
  PID:9736
- C:\Windows\System\YUiQNov.exe
  C:\Windows\System\YUiQNov.exe
  2⤵
  PID:9764
- C:\Windows\System\eUcDSdP.exe
  C:\Windows\System\eUcDSdP.exe
  2⤵
  PID:9780
- C:\Windows\System\hBMholh.exe
  C:\Windows\System\hBMholh.exe
  2⤵
  PID:9804
- C:\Windows\System\heSpXoP.exe
  C:\Windows\System\heSpXoP.exe
  2⤵
  PID:9824
- C:\Windows\System\cYrpUAC.exe
  C:\Windows\System\cYrpUAC.exe
  2⤵
  PID:9848
- C:\Windows\System\ZyNXHgD.exe
  C:\Windows\System\ZyNXHgD.exe
  2⤵
  PID:9864
- C:\Windows\System\ungSRJl.exe
  C:\Windows\System\ungSRJl.exe
  2⤵
  PID:9888
- C:\Windows\System\HRmJfeA.exe
  C:\Windows\System\HRmJfeA.exe
  2⤵
  PID:9904
- C:\Windows\System\lPZiEyC.exe
  C:\Windows\System\lPZiEyC.exe
  2⤵
  PID:9920
- C:\Windows\System\AbXLMFQ.exe
  C:\Windows\System\AbXLMFQ.exe
  2⤵
  PID:9948
- C:\Windows\System\IzGclhO.exe
  C:\Windows\System\IzGclhO.exe
  2⤵
  PID:9964
- C:\Windows\System\MnaYpYV.exe
  C:\Windows\System\MnaYpYV.exe
  2⤵
  PID:9988
- C:\Windows\System\KvgIALd.exe
  C:\Windows\System\KvgIALd.exe
  2⤵
  PID:10004
- C:\Windows\System\ZpVyIQR.exe
  C:\Windows\System\ZpVyIQR.exe
  2⤵
  PID:10024
- C:\Windows\System\cPakJRQ.exe
  C:\Windows\System\cPakJRQ.exe
  2⤵
  PID:10048
- C:\Windows\System\NhHCjJv.exe
  C:\Windows\System\NhHCjJv.exe
  2⤵
  PID:10064
- C:\Windows\System\ZIYRIpG.exe
  C:\Windows\System\ZIYRIpG.exe
  2⤵
  PID:10088
- C:\Windows\System\QdcPnwR.exe
  C:\Windows\System\QdcPnwR.exe
  2⤵
  PID:10104
- C:\Windows\System\DuJyLck.exe
  C:\Windows\System\DuJyLck.exe
  2⤵
  PID:10128
- C:\Windows\System\aKglttA.exe
  C:\Windows\System\aKglttA.exe
  2⤵
  PID:10144
- C:\Windows\System\uDoupMZ.exe
  C:\Windows\System\uDoupMZ.exe
  2⤵
  PID:10160
- C:\Windows\System\kDxxqNf.exe
  C:\Windows\System\kDxxqNf.exe
  2⤵
  PID:10184
- C:\Windows\System\EVXsVUn.exe
  C:\Windows\System\EVXsVUn.exe
  2⤵
  PID:10204
- C:\Windows\System\LVCEHqB.exe
  C:\Windows\System\LVCEHqB.exe
  2⤵
  PID:10220
- C:\Windows\System\JJOGnzC.exe
  C:\Windows\System\JJOGnzC.exe
  2⤵
  PID:10236
- C:\Windows\System\ppVjOjI.exe
  C:\Windows\System\ppVjOjI.exe
  2⤵
  PID:8720
- C:\Windows\System\KfkKLOS.exe
  C:\Windows\System\KfkKLOS.exe
  2⤵
  PID:9248
- C:\Windows\System\tqogxJe.exe
  C:\Windows\System\tqogxJe.exe
  2⤵
  PID:9288
- C:\Windows\System\iFLxyIY.exe
  C:\Windows\System\iFLxyIY.exe
  2⤵
  PID:9304
- C:\Windows\System\vCdHWDm.exe
  C:\Windows\System\vCdHWDm.exe
  2⤵
  PID:9320
- C:\Windows\System\WuLECwu.exe
  C:\Windows\System\WuLECwu.exe
  2⤵
  PID:9336
- C:\Windows\System\bimiODi.exe
  C:\Windows\System\bimiODi.exe
  2⤵
  PID:8588
- C:\Windows\System\uoAsnCg.exe
  C:\Windows\System\uoAsnCg.exe
  2⤵
  PID:9380
- C:\Windows\System\UdMrCAF.exe
  C:\Windows\System\UdMrCAF.exe
  2⤵
  PID:9416
- C:\Windows\System\jnazrgQ.exe
  C:\Windows\System\jnazrgQ.exe
  2⤵
  PID:9444
- C:\Windows\System\AoqVRPD.exe
  C:\Windows\System\AoqVRPD.exe
  2⤵
  PID:9476
- C:\Windows\System\DXcyzEe.exe
  C:\Windows\System\DXcyzEe.exe
  2⤵
  PID:9500
- C:\Windows\System\zJrxpXu.exe
  C:\Windows\System\zJrxpXu.exe
  2⤵
  PID:9540
- C:\Windows\System\tjWxwTT.exe
  C:\Windows\System\tjWxwTT.exe
  2⤵
  PID:9576
- C:\Windows\System\NuMCbKp.exe
  C:\Windows\System\NuMCbKp.exe
  2⤵
  PID:9616
- C:\Windows\System\cbSBMwQ.exe
  C:\Windows\System\cbSBMwQ.exe
  2⤵
  PID:9652
- C:\Windows\System\GRfYmAO.exe
  C:\Windows\System\GRfYmAO.exe
  2⤵
  PID:9712
- C:\Windows\System\JTiqRiq.exe
  C:\Windows\System\JTiqRiq.exe
  2⤵
  PID:9756
- C:\Windows\System\AcbCCwy.exe
  C:\Windows\System\AcbCCwy.exe
  2⤵
  PID:9752
- C:\Windows\System\jznrFXe.exe
  C:\Windows\System\jznrFXe.exe
  2⤵
  PID:9792
- C:\Windows\System\pxNNYQc.exe
  C:\Windows\System\pxNNYQc.exe
  2⤵
  PID:9820
- C:\Windows\System\bPllLpT.exe
  C:\Windows\System\bPllLpT.exe
  2⤵
  PID:9840
- C:\Windows\System\RLBmhXa.exe
  C:\Windows\System\RLBmhXa.exe
  2⤵
  PID:9872
- C:\Windows\System\pTaqonj.exe
  C:\Windows\System\pTaqonj.exe
  2⤵
  PID:9364
- C:\Windows\System\kNqTTYR.exe
  C:\Windows\System\kNqTTYR.exe
  2⤵
  PID:9916
- C:\Windows\System\CbOdvGj.exe
  C:\Windows\System\CbOdvGj.exe
  2⤵
  PID:9940
- C:\Windows\System\aQPdVEL.exe
  C:\Windows\System\aQPdVEL.exe
  2⤵
  PID:9972
- C:\Windows\System\GSmfTZu.exe
  C:\Windows\System\GSmfTZu.exe
  2⤵
  PID:10016
- C:\Windows\System\VcuEiAO.exe
  C:\Windows\System\VcuEiAO.exe
  2⤵
  PID:10072
- C:\Windows\System\psxeJuZ.exe
  C:\Windows\System\psxeJuZ.exe
  2⤵
  PID:10060
- C:\Windows\System\IImJzBB.exe
  C:\Windows\System\IImJzBB.exe
  2⤵
  PID:10120
- C:\Windows\System\VCVBfhV.exe
  C:\Windows\System\VCVBfhV.exe
  2⤵
  PID:10140
- C:\Windows\System\Cigbjvx.exe
  C:\Windows\System\Cigbjvx.exe
  2⤵
  PID:10180
- C:\Windows\System\SUIXsum.exe
  C:\Windows\System\SUIXsum.exe
  2⤵
  PID:10196
- C:\Windows\System\JhZHavw.exe
  C:\Windows\System\JhZHavw.exe
  2⤵
  PID:9272
- C:\Windows\System\VOBqhGo.exe
  C:\Windows\System\VOBqhGo.exe
  2⤵
  PID:9116
- C:\Windows\System\RpMYAxp.exe
  C:\Windows\System\RpMYAxp.exe
  2⤵
  PID:9008
- C:\Windows\System\JYsYjdA.exe
  C:\Windows\System\JYsYjdA.exe
  2⤵
  PID:9224
- C:\Windows\System\LvFXHIH.exe
  C:\Windows\System\LvFXHIH.exe
  2⤵
  PID:9312
- C:\Windows\System\gdhtDTg.exe
  C:\Windows\System\gdhtDTg.exe
  2⤵
  PID:9360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CMCEVjT.exe

Filesize
6.0MB

MD5
9f3d1ac36c130869b723694ff0107bab

SHA1
d1f13bf2d71813df676bd18d1ad9e234163a1708

SHA256
3c82e8ab769c9af0085d4175321fa76446143b01c8f1ac99e0de36c9d61f9aa5

SHA512
2af9966636b949244517f2765662ca05aa8439152c514e6aaf592b907b1ca21ccfb9610ad1ff5db979cfc6be2480deaf0e92a4333bdb060696339003da629ff7

Download Submit
C:\Windows\system\FjCeFzP.exe

Filesize
6.0MB

MD5
ef01f457f3a14a92bc6b4e9cce711a8e

SHA1
be0fd48c0824d92f04ec85bec0507082a155c72c

SHA256
8d4989a8143a44bcd36ad405d6c72d070bc350eb42268744ad03db49fddc3393

SHA512
5ddcc12c80fe882e6b9a36c407d1c3e59e1d9bf326ed4ed26502ed2ac0c4addd00697e5757c1038ba778f0ad6deb73f84e7de7c611b01d18fb965fba3c56f87f

Download Submit
C:\Windows\system\GZIXTiR.exe

Filesize
6.0MB

MD5
ce8c1e43b486a6188f8cb7f4cb6d6e3f

SHA1
8f385299ef076fb913cfd6925104ea3757f3386f

SHA256
35201b0f6ff1b8cdfc55da6d62fd99cf074adeb139dbeada1f7f165988700078

SHA512
0279f9cf71c6a4c529ced9202b637ca8c3bbe04397c21b05cd0007736c0f65d29bdb7b52a81b3f02fade01f84ca2bfd249aa8901c1d9c10cf729097a34f07023

Download Submit
C:\Windows\system\RXFEbGI.exe

Filesize
6.0MB

MD5
b4231c1e46f294d96f274eb794e1bcdc

SHA1
040533cd52c45f07f46386c93743f8fe7c68fcc0

SHA256
aa755cacc8f6c6a180bdde7670b451163474c0a7edaf7b7b2397f2e841e7da4c

SHA512
020c2cd359217bc174e25a966f9ee6b25f9b459a172a702c67fff3febb38c3f50b13587736d0dc7791754d5f1a00ac9a9d46eb6fce5eacb90fc65da040fbd5ed

Download Submit
C:\Windows\system\RtbJlkS.exe

Filesize
6.0MB

MD5
3a6b865f811b85024114b7741959a439

SHA1
d5b6387049210399d15732a8283a1572650ec88a

SHA256
6c2b92af53e97410c09eaf130a63dca8604f18ac9c289d2290d2f34c28354120

SHA512
3b204fe0c87a87e8fa504c2b88eb1054ba64f1c0bd873622c690f46340dac43ba0ea9aab453323bc3381618b085659e32b597eb528beed5da7db4fd6a46285c0

Download Submit
C:\Windows\system\RvfoVeb.exe

Filesize
6.0MB

MD5
43939151506a3affeba5b46bf89e1578

SHA1
49052897c17d32af515f10433cbac8caed06d52b

SHA256
7b2d68aa9d1a0212252b140a536ad3415ea6abb38b391c58c76eab750dd75904

SHA512
ab8620e3200776c65829b3733acedfad5cd2228332c0f3f2d4a2287abd328d23e011e076dc82e3d57ab8472c39a4e29c452470bc44e5361290f0eda9ab7ae566

Download Submit
C:\Windows\system\WYWkuYm.exe

Filesize
6.0MB

MD5
911079450ef743c50ba840ca2bf24dc4

SHA1
87da0fcc2826c1a47512e155ef8a0b27a32318a1

SHA256
78400693722c30f667013d5644c936a60fcd6b38db8e9e44114ed68bc72074ab

SHA512
b3db1b79ae8bfead6b0469086fbc270184f09cdd41ef826e23331ad079cfe0bf054059960959b71dc359b2bd4671f21a02331f9ed4118938207361be394b8111

Download Submit
C:\Windows\system\WfiZBwW.exe

Filesize
6.0MB

MD5
a91380249694470a8b8a4ac368b75471

SHA1
b2cb9f4cf916a070ed440f2e01fa1b3616ca888f

SHA256
52f7621ad1893b23acb869fb8cd32b9c74b1a47407cdfebea62cb93dec2181be

SHA512
d5aec73fa036c25caa1b733dd5d8112b0b0200f23caafecf359f22aff93aeb8ad6b11290c22ad99910e605f02f2dc4e7243d68456165e994988dbdf09943f096

Download Submit
C:\Windows\system\WgoioWg.exe

Filesize
6.0MB

MD5
6c1860ab811c20862231c46256d18f2f

SHA1
99c53470619522b41303ec0dbe933a916acad96a

SHA256
10f8e1cc10c40385c47531af134dd1520e2de419e43d833275038cb4ecadc88b

SHA512
31e6917469641acbdde519f086baba429ff393c73c9a01f6e9070564889837cb8cec9aee32a8e2964f03a626508f26c5db3457b069674823fee18ebafee9aa14

Download Submit
C:\Windows\system\XgyTwWi.exe

Filesize
6.0MB

MD5
71a024cad69fa1f0dae1af43ad1a3797

SHA1
6157edab4a6ec9ac617d76aab295ac8ce787c37d

SHA256
3da6c95224ce42d57953cfabdf436713913dab9296fe2bb77720854d19b9cdca

SHA512
94c93de3a5acc3027497fffca55a3fa64abc631eb9a518ee000cd2f052e0b66b1264e5a97050f778c9ae72484bdfadc4bccbfbe6d4ebaa578c333ec9a7662f83

Download Submit
C:\Windows\system\YuQoorS.exe

Filesize
6.0MB

MD5
a95820451b11466c3ab29604effc75aa

SHA1
23492a4acbc6e58eda980dbfe56d52852524c8c2

SHA256
afca57587959ac8ce1d000789ecab05fc975148efbdb0438f9d0aa97440b4ba7

SHA512
39a97b0141c3e2b34c64760f3a41fb7d8fbe5638edca9401bd8360da1781c5df62a26391b76a07453c7fd7a8e1c8ff3bfc1afd407406bf09d8fb8db88d595b76

Download Submit
C:\Windows\system\ZOyGKIl.exe

Filesize
6.0MB

MD5
28dad78581408906a0be2307abc76765

SHA1
360987bfc92df7a327f60fdeb712ee737197456b

SHA256
8fd4cd1f865a28346009acd4894afd8d7c76eb51de745b5a18e61218ed74fc72

SHA512
c1772c770c9b73bbe9fd91f26bc2137b4d460153e79ce27c1f87b56c5af6e27da182c1f845a27b059f3543d00d4929dea223d9154831b256103e7ff5f8db9ab3

Download Submit
C:\Windows\system\bXjtDIH.exe

Filesize
6.0MB

MD5
a4dc247216a4c61d513b9e5d87681584

SHA1
e85f4c25cdbd312639abe525cfa1e132a92c883a

SHA256
900fe9561df817abf9812ad3ac3857a7b3936ceadad1d46f7feb3a4542988eb0

SHA512
6d747508e28d5fe661f64869a80bbb52feae0aa54902b259b8395290480dedf4a7353dc54b6b7570479546e2554925f8b6fcf63116277f2ec0b6a8504aead8af

Download Submit
C:\Windows\system\bjhDiEV.exe

Filesize
6.0MB

MD5
24134ee0443a15cf93b01ff6d80e9973

SHA1
6ff42aeafd25517f82d13cc3fe19de4441845f09

SHA256
30053534e1f13fdb2e50177c921c90b90ae74abf8c495b1929178f5d3a22e323

SHA512
c67389afd8fcfe2274dd16119e9d63b6437a841580d36d6a0984831c349a5eeb4b371b3401e275b4a5f50415f4cd4fdbdc749e0b207dbda29fe66f73f9477581

Download Submit
C:\Windows\system\fFzCMDo.exe

Filesize
6.0MB

MD5
19bf07a93908f19d3b0ea2225cd94d68

SHA1
7911c0eb38e2b7ffdb2b07ef8ed80f714ac4ddb9

SHA256
a7bebead312e13465037e6e17f0b1e98f284e2269267e2c37883f59f00a4bbd2

SHA512
386b635f40e03100639162f24ba53ccb8be11ed627000c1ab4352a7bbec0c74b5befeb425d190cf8e7891f47169b42917a2fcd31fd707ce8f31055609feb1d12

Download Submit
C:\Windows\system\fnCviEZ.exe

Filesize
6.0MB

MD5
8771eb242d5565f5cc126647ed7c291d

SHA1
6e1ce8dbb869cd057497a3f7213c8fe40b6fbb37

SHA256
8685fa901e92df0fc15989cc9af8e3b33b2b9d0a2a611072daf3024269c8c87c

SHA512
87b0375c9617e39888c31fe2286885c5c7ef2c99c656863e6d6f710da6ec9ba43064d54be16ae97f7547c948cc3bbc6b27cb8c2fe5b9b92e7e08fe15e0199e4d

Download Submit
C:\Windows\system\jUwpGGG.exe

Filesize
6.0MB

MD5
78d48114ba7e2ed8f8c105e538c82e2f

SHA1
7ece2e71477d2e9c6742244af78f9ecac3952775

SHA256
e70823a06507161a9859d2e9ce0b7f86bd9b074d8963675f971f8f8a556fecaf

SHA512
cf369984c700a8e39c62babee45084ad49705746a0670c040f62403681ce980d06bf274837d95757110855638947d8fc2ec1354977c2e2a17c2f2cf11d1dabee

Download Submit
C:\Windows\system\qKJlGjD.exe

Filesize
6.0MB

MD5
6af0dbc545430f78dd8918d07bc6dad3

SHA1
14284cba6bfd09c37a475ada97cd5d1472db799c

SHA256
9a20940e109c288e40edd7272821d915bff82344f7731c6186b679446bc2a862

SHA512
4213fe1ebbc7cee57ae2aafeef215a631d29c201a82b4122625f984bfd7eed4b4e67b1d9f73b84fa3a4f32461d3f997168deb06f510f7667321a879c82595e26

Download Submit
C:\Windows\system\rLkXVjl.exe

Filesize
6.0MB

MD5
b104ae773947febf3ba229ece20c521b

SHA1
662b0056e78da81a5c11299d62740cf60c908202

SHA256
5890c0fb345214b23b81b07f150f9f57da5bc0731a7f4a1085ccb4af4a5bb7c3

SHA512
ba6899186721c4aff56ae69450a52fc5734c50e95d93260c4337667a8ab5dfc5394f28a1a662a14dfa7e71828384ff75a6a6db1d9ba018cb58be7a12cc2dae51

Download Submit
C:\Windows\system\rhrsKkj.exe

Filesize
6.0MB

MD5
4c60b3a7b3f5ca258eac7cdd85a62de4

SHA1
aa874f7da01f4c2a6262546d2d21ab6538e2ec36

SHA256
9772557881ea30cab1e642ae4e31f872bd8077e3f48ae490c72c116bf015befb

SHA512
32a44610e46630687785c77136bc80c8a830d239b9a012acc0fff5948281f2745cb51a3e5890bae479710d86ccfee5de52656ca05a07c4384cecd8181d37ab31

Download Submit
C:\Windows\system\svNyXOr.exe

Filesize
6.0MB

MD5
47a5237c52a2a0b1c35445f68fb5dd3f

SHA1
7a3aabeac6ecbbccdfb0e014a888df983b8a5c29

SHA256
8fb70a69bf78b97db0baff16946486688e118fe0baa8897a047a09bbca7131d4

SHA512
b0a1418b5330a34f119f5ddba1d614b269d23d786d77e1a03c91d6f0ffafb9df35a76f7f90c3d31037a95e7c6143f2c59009d579f882148a67cfe9fd8f6dfc50

Download Submit
C:\Windows\system\xLlqQeK.exe

Filesize
6.0MB

MD5
7825a5cf3ff71abb156ffec117ff3823

SHA1
d3a158da8641ae4e7a6aed57454567de5f8aff4e

SHA256
c9f17a5d172c119bce3b2fb55ceb5b6ecbcd2b6b21dc1c388af1c3329fd1e720

SHA512
4c992c9b27b53c32847142fd6db1f174626ae61102de6c1ae5a644faeca4ee46c3b39c6f78f49ab3ab5f97e2eeab32334643379a9967323941dc753d94fefff8

Download Submit
C:\Windows\system\xMFgDAG.exe

Filesize
6.0MB

MD5
4a3367e723ad82f020e3e9e3aff35b17

SHA1
396b02fb07426ba0ea41cc3445a17e4804f26668

SHA256
44cc098842121780d6aebaaf91b7ad5fcf938231c47255ede9c5b67207172b1b

SHA512
a5618c52c52d6da34efbaf9505c154d5ed3f521d42b05c7464d033c033846b3783db9c86efc6616869cc78f30d35f72d1db7ea8078b93d3348e151b13130cf67

Download Submit
C:\Windows\system\zAcmQSg.exe

Filesize
6.0MB

MD5
38d5d094fc6e5a0945921723337b82a5

SHA1
02f6b6f22fa0a4596d4bbde3eb84b865ad5c21f6

SHA256
925b3f272af98120dfae74831b89c3f039e99bbb33cee05245c8fbff0f9b8a75

SHA512
edce6113a7cbe7e10fcb1d3405fabb18a1ba02d30749e21d3d33b2d341bbe2666bcbae45c49f4f646bc75ad421d523a15840bae6e4c80ff69798e8ecec9da9c8

Download Submit
\Windows\system\RGONrrA.exe

Filesize
6.0MB

MD5
3666ad2c4efe2c0212657ecf256da702

SHA1
f3060ff08f8706c76456701891ae47907e4817db

SHA256
be9772f5879dc18f3f8467527ed0f86a66c04af76681304a90a5677dbb7478ea

SHA512
ce5c70de7f2b7715eb69988d908f1d7ef9cff06575f86f42c06b96359a71932f10e0023ebf8ba8557f8c8eeea914f6ed2ee767f6605a8025a52dec4efe29d461

Download Submit
\Windows\system\WojfkCI.exe

Filesize
6.0MB

MD5
3499cfe21b55583c506423dae3d17128

SHA1
17168ec2747d5797f31b2697d6b6c3e48069c2a7

SHA256
124c75657f2c1764eba72d1958d7cf9b079994ce72460cf53121d337b1e0a9ee

SHA512
5748933ae103ea7776f9863cea72fe16a36dc3456ddaf2d6c52847a0d9b55465c654cdb9501386fac5945ee486845c230cd907b7c1ca0361f3972cdf735192b0

Download Submit
\Windows\system\bggafUH.exe

Filesize
6.0MB

MD5
bcb0e7f721ee8cde01df554c42e69b53

SHA1
e94c04ce3653388ed64435ac3d9284058103adf8

SHA256
c6f2612ef0ef39a690e80710d4a1e4a76691f9956e4026d7fe471ede3eb52ee5

SHA512
e703a65cce53e03e7539c38796af8077ecb12f1cc279103f0f840c4354061b6b19620b65a44358036330fea1489d9e2d1a495f1eb0ccee9abda05a65a387ca81

Download Submit
\Windows\system\cSaZoyL.exe

Filesize
6.0MB

MD5
8de4af99e093c8021e7b322d63229330

SHA1
00bd628b63c9b6f9988d690ca705d381e06e7c15

SHA256
05b9492facc1f767648e65a47b0060ac003f0fe034a822438713c2f6ed963bad

SHA512
a2857e4bd1a051d5e450e7683b93fe0dea56968ab8b24f32c9331751a0d3deeb583835364eb7815f10802d52a93af9e0b2d4049a3cf12e3261f7dcd6d2be0353

Download Submit
\Windows\system\hRBJysE.exe

Filesize
6.0MB

MD5
9d276feca2edaffa7708f624cb57ac23

SHA1
bf1ed3b14473baa1929481aa71369c5693b5f6b4

SHA256
7c0fda0dca488204c518ed7dacd5c7566ba3c905f2ee0bafaad3e3cc12bb7427

SHA512
5c2e5c202b40e55be478e8e43a0ec49c5e03f9023eb6a6d3cb325bece834406a45f49839cb06ec22aa8cd821eff716f83cb1c70675fd3011aad09bfad4492c19

Download Submit
\Windows\system\iYgDWfh.exe

Filesize
6.0MB

MD5
b57a5ee2deb72e3fb5b027b4ab7295a7

SHA1
e7755b88e4077692b9d562650d7b9b5ed1dd8e95

SHA256
a8c16b70864432cbc71de5a01356d235f1b808864d8f975b1c944bf103861fd6

SHA512
8ab1a1b7f13df9be6d7c9db7da68783333148dd5c6fe6c43340442119c2e752c56ed8a8cc6ba8b0e5f7f96b13dab75283af0e23e04913c00ec4e4e2e79f4ef6e

Download Submit
\Windows\system\jHbalDe.exe

Filesize
6.0MB

MD5
5b351e76b5ab8da500f5b5431c7c5957

SHA1
79d2cb7ac78929e9e086683ec97a02b969a113e7

SHA256
3afc0574abde08647b2505c2c6ce09f61ca5620e505b6a01b7a10ef77c614edd

SHA512
a2f08227eef59ae7ceaedc1fa424cbf8006f18d98e0cb6393e62bf7fe20066189df3b4d29b3882d5bb437537fd12eb5b1c64f06bacc68504378e424396c0d412

Download Submit
\Windows\system\uNeqZxg.exe

Filesize
6.0MB

MD5
76c3040a41bf72c3e427c444afc339db

SHA1
7c895ad3365112b4b616a67664495fcd2928cbcc

SHA256
95b09d1146344211a8090f7ba8d6d20b52bd5cb1c003b7aa0fc2e6806dbf9603

SHA512
403b1cf62e9b24c3ae7ff3f78ebeb8123700e0bd959f511b0c5a1a8394d99b6fa754597855333507f0e5ed2f6f7de58b7468ad18c45832b2609bee7472996c42

Download Submit
memory/780-104-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/780-45-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/780-4014-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1500-4015-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1500-53-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1796-4007-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1796-38-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1984-883-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1984-93-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1984-4022-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2148-4017-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-80-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-4018-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2272-82-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3833-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-61-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-21-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-89-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-4021-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-710-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3832-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2568-42-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2568-8-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2596-86-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2596-4019-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2624-12-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1004-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-19-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-70-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2624-84-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-25-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-32-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-6-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2624-597-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-37-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2624-85-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1234-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2624-52-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2624-598-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-77-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-341-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2624-79-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-224-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2628-28-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-88-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1119-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4020-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2824-100-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4016-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2828-83-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3831-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2892-50-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2892-14-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download