cobaltstrike | 08abf86dbf73c743603769248dad1e96395e4a07469eb722457f65f78bd21fef

Analysis

max time kernel
92s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9cf782fc85d5b8f6f09765d390954b1d
SHA1

d354ffbc74a21dea857e06024364f689ab303775
SHA256

08abf86dbf73c743603769248dad1e96395e4a07469eb722457f65f78bd21fef
SHA512

56fc4829090fa43cbd50b048a84ed62acba01fe08e0d1f6701a7bbb9e94ce3eaa89f278f258f54c7f5cca1d7250c0a30e2236b24e07e07db459f9fe138e561e6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUl:T+q56utgpPF8u/7l

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fe-6.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001958e-12.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001956c-15.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195d6-24.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019604-34.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000019605-36.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019606-40.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-49.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-65.dat	cobalt_reflective_dll
behavioral1/files/0x00360000000194ef-77.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019926-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cf-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d5-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4de-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d9-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4db-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d7-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d3-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-94.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1308-0-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fe-6.dat	xmrig
behavioral1/files/0x000600000001958e-12.dat	xmrig
behavioral1/memory/2788-23-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2608-19-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2212-17-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x000700000001956c-15.dat	xmrig
behavioral1/files/0x00060000000195d6-24.dat	xmrig
behavioral1/memory/2764-29-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019604-34.dat	xmrig
behavioral1/files/0x0009000000019605-36.dat	xmrig
behavioral1/files/0x0008000000019606-40.dat	xmrig
behavioral1/files/0x000500000001a4af-49.dat	xmrig
behavioral1/memory/1308-56-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/1308-59-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2704-60-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2684-58-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2796-64-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/1308-61-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b1-65.dat	xmrig
behavioral1/memory/1308-70-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/1084-72-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2664-48-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2212-74-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2644-78-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x00360000000194ef-77.dat	xmrig
behavioral1/files/0x0007000000019926-45.dat	xmrig
behavioral1/memory/2968-53-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2788-80-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2764-81-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b3-83.dat	xmrig
behavioral1/memory/2704-89-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2508-90-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/1308-87-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/2576-99-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b7-100.dat	xmrig
behavioral1/memory/1084-103-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bf-116.dat	xmrig
behavioral1/files/0x000500000001a4b9-104.dat	xmrig
behavioral1/files/0x000500000001a4c3-136.dat	xmrig
behavioral1/files/0x000500000001a4c7-146.dat	xmrig
behavioral1/files/0x000500000001a4cf-163.dat	xmrig
behavioral1/files/0x000500000001a4cd-162.dat	xmrig
behavioral1/files/0x000500000001a4d5-178.dat	xmrig
behavioral1/files/0x000500000001a4de-196.dat	xmrig
behavioral1/files/0x000500000001a4d9-186.dat	xmrig
behavioral1/files/0x000500000001a4d1-172.dat	xmrig
behavioral1/files/0x000500000001a4db-193.dat	xmrig
behavioral1/files/0x000500000001a4d7-183.dat	xmrig
behavioral1/files/0x000500000001a4d3-175.dat	xmrig
behavioral1/files/0x000500000001a4c9-152.dat	xmrig
behavioral1/files/0x000500000001a4cb-155.dat	xmrig
behavioral1/files/0x000500000001a4c5-142.dat	xmrig
behavioral1/files/0x000500000001a4c1-132.dat	xmrig
behavioral1/files/0x000500000001a4bd-130.dat	xmrig
behavioral1/memory/2644-128-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bb-119.dat	xmrig
behavioral1/memory/1308-98-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b5-94.dat	xmrig
behavioral1/memory/2788-3702-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2212-3705-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2608-3704-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2764-3710-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2968-3739-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2608	NgiTamo.exe
2212	MXmecpa.exe
2788	aFDsdjT.exe
2764	qSgZBFD.exe
2664	OKHROem.exe
2968	XfcijKH.exe
2684	bvGhBpE.exe
2704	HEFgQsl.exe
2796	wRKVTrM.exe
1084	XGNcjtD.exe
2644	KJFmoXS.exe
2508	RMzyyIi.exe
2576	nSBAOYg.exe
1476	dnrUpWB.exe
2888	rIOCVwe.exe
2316	UhDnotD.exe
2500	EKPuyWn.exe
2996	pHrsMZt.exe
2908	GpvGQmr.exe
2076	AOQRvkC.exe
1048	WzuspJr.exe
1540	oNPmqGX.exe
1732	cmeKqKE.exe
2304	oeADFqB.exe
3056	IgJaVZL.exe
2604	vAPKnfn.exe
2136	XCQGaUi.exe
2192	LDIsGRt.exe
532	yVwRCWz.exe
2276	tnxTPPc.exe
2552	gHkalpK.exe
584	tVfSEMZ.exe
2280	veTnzlt.exe
1092	dKTgwEi.exe
1620	QCaXszP.exe
2308	MroDWof.exe
1764	rIZZtmo.exe
1328	HWEhipV.exe
648	fwQvzxH.exe
836	ZzbdbAI.exe
1668	LokYODX.exe
920	iSvmsbi.exe
264	aQPBWwP.exe
2420	xuVRbjX.exe
1920	llMYoZJ.exe
2988	XbSrHjj.exe
984	RXSRtcB.exe
1040	QgCDzXQ.exe
1140	WfGKMaZ.exe
1968	ZNqSrqj.exe
2568	WHemtMO.exe
2380	niuhhUU.exe
1552	QmGUuVZ.exe
2992	XPWWTAH.exe
2596	MUSkrjG.exe
2864	nsbjcjS.exe
2880	yoyfPMK.exe
2884	OIlcFZe.exe
2828	nFGZlmf.exe
1560	isGsHsy.exe
2092	ohFisbG.exe
2932	YyJTLVL.exe
2724	SqcZBKV.exe
2712	ushwahp.exe

Loads dropped DLL 64 IoCs

pid	Process
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1308-0-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x00080000000120fe-6.dat	upx
behavioral1/files/0x000600000001958e-12.dat	upx
behavioral1/memory/1308-10-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2788-23-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2608-19-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2212-17-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x000700000001956c-15.dat	upx
behavioral1/files/0x00060000000195d6-24.dat	upx
behavioral1/memory/2764-29-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x0006000000019604-34.dat	upx
behavioral1/files/0x0009000000019605-36.dat	upx
behavioral1/files/0x0008000000019606-40.dat	upx
behavioral1/files/0x000500000001a4af-49.dat	upx
behavioral1/memory/2704-60-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2684-58-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2796-64-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x000500000001a4b1-65.dat	upx
behavioral1/memory/1308-70-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/1084-72-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2664-48-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2212-74-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2644-78-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x00360000000194ef-77.dat	upx
behavioral1/files/0x0007000000019926-45.dat	upx
behavioral1/memory/2968-53-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2788-80-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2764-81-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x000500000001a4b3-83.dat	upx
behavioral1/memory/2704-89-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2508-90-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2576-99-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x000500000001a4b7-100.dat	upx
behavioral1/memory/1084-103-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x000500000001a4bf-116.dat	upx
behavioral1/files/0x000500000001a4b9-104.dat	upx
behavioral1/files/0x000500000001a4c3-136.dat	upx
behavioral1/files/0x000500000001a4c7-146.dat	upx
behavioral1/files/0x000500000001a4cf-163.dat	upx
behavioral1/files/0x000500000001a4cd-162.dat	upx
behavioral1/files/0x000500000001a4d5-178.dat	upx
behavioral1/files/0x000500000001a4de-196.dat	upx
behavioral1/files/0x000500000001a4d9-186.dat	upx
behavioral1/files/0x000500000001a4d1-172.dat	upx
behavioral1/files/0x000500000001a4db-193.dat	upx
behavioral1/files/0x000500000001a4d7-183.dat	upx
behavioral1/files/0x000500000001a4d3-175.dat	upx
behavioral1/files/0x000500000001a4c9-152.dat	upx
behavioral1/files/0x000500000001a4cb-155.dat	upx
behavioral1/files/0x000500000001a4c5-142.dat	upx
behavioral1/files/0x000500000001a4c1-132.dat	upx
behavioral1/files/0x000500000001a4bd-130.dat	upx
behavioral1/memory/2644-128-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x000500000001a4bb-119.dat	upx
behavioral1/memory/1308-97-0x00000000022C0000-0x0000000002614000-memory.dmp	upx
behavioral1/files/0x000500000001a4b5-94.dat	upx
behavioral1/memory/2788-3702-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2212-3705-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2608-3704-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2764-3710-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2968-3739-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2796-3742-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2664-3757-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2684-3759-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tKjByLZ.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMbYMoh.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJvNshR.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njdvTsR.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMpHosf.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRdsxiE.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkCobgs.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEXXDkj.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdQBUQt.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbSzihr.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMJLTCL.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYkgrAw.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJhmber.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVOiGtl.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIYHNUV.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcCUqHq.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kzqMrAm.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEgJuUf.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejrbiTN.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCmnQvu.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUGFTzh.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eanFyve.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFSjNhK.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQblVPV.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmLIjqv.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ElGCnYy.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWuoBAp.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrXNunU.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSNWIKG.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFYexdD.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSPCory.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qiUmuOD.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGSbWyJ.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJLNmkl.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbkCFSr.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnPuPre.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYwAzke.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ARkEsrf.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WRUPkvJ.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMhZHTc.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUSkrjG.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AetUliF.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RwIHnWv.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLbuoyN.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWGElkH.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZnYJpa.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRqFGWi.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xduPMVq.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwWEoyH.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwyoMAm.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\foAJotZ.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgEqrEY.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZUinIXx.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krplLFs.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbaAyNa.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBgNGcv.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuDlcni.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geVnqOE.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYhCItC.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNckRnT.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnkRrIF.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEVIIpH.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdOPBKx.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYTryiR.exe	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 2608	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1308 wrote to memory of 2608	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1308 wrote to memory of 2608	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1308 wrote to memory of 2212	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1308 wrote to memory of 2212	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1308 wrote to memory of 2212	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1308 wrote to memory of 2788	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1308 wrote to memory of 2788	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1308 wrote to memory of 2788	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1308 wrote to memory of 2764	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1308 wrote to memory of 2764	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1308 wrote to memory of 2764	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1308 wrote to memory of 2664	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1308 wrote to memory of 2664	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1308 wrote to memory of 2664	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1308 wrote to memory of 2968	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1308 wrote to memory of 2968	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1308 wrote to memory of 2968	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1308 wrote to memory of 2684	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1308 wrote to memory of 2684	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1308 wrote to memory of 2684	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1308 wrote to memory of 2796	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1308 wrote to memory of 2796	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1308 wrote to memory of 2796	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1308 wrote to memory of 2704	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1308 wrote to memory of 2704	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1308 wrote to memory of 2704	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1308 wrote to memory of 1084	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1308 wrote to memory of 1084	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1308 wrote to memory of 1084	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1308 wrote to memory of 2644	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1308 wrote to memory of 2644	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1308 wrote to memory of 2644	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1308 wrote to memory of 2508	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1308 wrote to memory of 2508	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1308 wrote to memory of 2508	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1308 wrote to memory of 2576	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1308 wrote to memory of 2576	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1308 wrote to memory of 2576	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1308 wrote to memory of 1476	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1308 wrote to memory of 1476	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1308 wrote to memory of 1476	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1308 wrote to memory of 2316	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1308 wrote to memory of 2316	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1308 wrote to memory of 2316	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1308 wrote to memory of 2888	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1308 wrote to memory of 2888	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1308 wrote to memory of 2888	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1308 wrote to memory of 2996	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1308 wrote to memory of 2996	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1308 wrote to memory of 2996	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1308 wrote to memory of 2500	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1308 wrote to memory of 2500	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1308 wrote to memory of 2500	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1308 wrote to memory of 2908	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1308 wrote to memory of 2908	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1308 wrote to memory of 2908	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1308 wrote to memory of 2076	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1308 wrote to memory of 2076	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1308 wrote to memory of 2076	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1308 wrote to memory of 1048	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1308 wrote to memory of 1048	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1308 wrote to memory of 1048	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1308 wrote to memory of 1540	1308	2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_9cf782fc85d5b8f6f09765d390954b1d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\System\NgiTamo.exe
  C:\Windows\System\NgiTamo.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\MXmecpa.exe
  C:\Windows\System\MXmecpa.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\aFDsdjT.exe
  C:\Windows\System\aFDsdjT.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\qSgZBFD.exe
  C:\Windows\System\qSgZBFD.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\OKHROem.exe
  C:\Windows\System\OKHROem.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\XfcijKH.exe
  C:\Windows\System\XfcijKH.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\bvGhBpE.exe
  C:\Windows\System\bvGhBpE.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\wRKVTrM.exe
  C:\Windows\System\wRKVTrM.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\HEFgQsl.exe
  C:\Windows\System\HEFgQsl.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\XGNcjtD.exe
  C:\Windows\System\XGNcjtD.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\KJFmoXS.exe
  C:\Windows\System\KJFmoXS.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\RMzyyIi.exe
  C:\Windows\System\RMzyyIi.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\nSBAOYg.exe
  C:\Windows\System\nSBAOYg.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\dnrUpWB.exe
  C:\Windows\System\dnrUpWB.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\UhDnotD.exe
  C:\Windows\System\UhDnotD.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\rIOCVwe.exe
  C:\Windows\System\rIOCVwe.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\pHrsMZt.exe
  C:\Windows\System\pHrsMZt.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\EKPuyWn.exe
  C:\Windows\System\EKPuyWn.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\GpvGQmr.exe
  C:\Windows\System\GpvGQmr.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\AOQRvkC.exe
  C:\Windows\System\AOQRvkC.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\WzuspJr.exe
  C:\Windows\System\WzuspJr.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\oNPmqGX.exe
  C:\Windows\System\oNPmqGX.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\cmeKqKE.exe
  C:\Windows\System\cmeKqKE.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\oeADFqB.exe
  C:\Windows\System\oeADFqB.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\IgJaVZL.exe
  C:\Windows\System\IgJaVZL.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\vAPKnfn.exe
  C:\Windows\System\vAPKnfn.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\XCQGaUi.exe
  C:\Windows\System\XCQGaUi.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\LDIsGRt.exe
  C:\Windows\System\LDIsGRt.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\tnxTPPc.exe
  C:\Windows\System\tnxTPPc.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\yVwRCWz.exe
  C:\Windows\System\yVwRCWz.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\tVfSEMZ.exe
  C:\Windows\System\tVfSEMZ.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\gHkalpK.exe
  C:\Windows\System\gHkalpK.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\dKTgwEi.exe
  C:\Windows\System\dKTgwEi.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\veTnzlt.exe
  C:\Windows\System\veTnzlt.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\MroDWof.exe
  C:\Windows\System\MroDWof.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\QCaXszP.exe
  C:\Windows\System\QCaXszP.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\rIZZtmo.exe
  C:\Windows\System\rIZZtmo.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\HWEhipV.exe
  C:\Windows\System\HWEhipV.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\fwQvzxH.exe
  C:\Windows\System\fwQvzxH.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\ZzbdbAI.exe
  C:\Windows\System\ZzbdbAI.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\LokYODX.exe
  C:\Windows\System\LokYODX.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\iSvmsbi.exe
  C:\Windows\System\iSvmsbi.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\aQPBWwP.exe
  C:\Windows\System\aQPBWwP.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\xuVRbjX.exe
  C:\Windows\System\xuVRbjX.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\llMYoZJ.exe
  C:\Windows\System\llMYoZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\XbSrHjj.exe
  C:\Windows\System\XbSrHjj.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\RXSRtcB.exe
  C:\Windows\System\RXSRtcB.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\QgCDzXQ.exe
  C:\Windows\System\QgCDzXQ.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\WfGKMaZ.exe
  C:\Windows\System\WfGKMaZ.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\ZNqSrqj.exe
  C:\Windows\System\ZNqSrqj.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\WHemtMO.exe
  C:\Windows\System\WHemtMO.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\niuhhUU.exe
  C:\Windows\System\niuhhUU.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\QmGUuVZ.exe
  C:\Windows\System\QmGUuVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\XPWWTAH.exe
  C:\Windows\System\XPWWTAH.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\MUSkrjG.exe
  C:\Windows\System\MUSkrjG.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\nsbjcjS.exe
  C:\Windows\System\nsbjcjS.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\yoyfPMK.exe
  C:\Windows\System\yoyfPMK.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\OIlcFZe.exe
  C:\Windows\System\OIlcFZe.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\nFGZlmf.exe
  C:\Windows\System\nFGZlmf.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\isGsHsy.exe
  C:\Windows\System\isGsHsy.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\ohFisbG.exe
  C:\Windows\System\ohFisbG.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\YyJTLVL.exe
  C:\Windows\System\YyJTLVL.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\SqcZBKV.exe
  C:\Windows\System\SqcZBKV.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\ushwahp.exe
  C:\Windows\System\ushwahp.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\jWZgXqQ.exe
  C:\Windows\System\jWZgXqQ.exe
  2⤵
  PID:1660
- C:\Windows\System\SFsCkjv.exe
  C:\Windows\System\SFsCkjv.exe
  2⤵
  PID:2148
- C:\Windows\System\BlZuNEf.exe
  C:\Windows\System\BlZuNEf.exe
  2⤵
  PID:2024
- C:\Windows\System\MYyweKX.exe
  C:\Windows\System\MYyweKX.exe
  2⤵
  PID:2972
- C:\Windows\System\AZTXylI.exe
  C:\Windows\System\AZTXylI.exe
  2⤵
  PID:1596
- C:\Windows\System\rBqaKkz.exe
  C:\Windows\System\rBqaKkz.exe
  2⤵
  PID:2472
- C:\Windows\System\jHZfBvS.exe
  C:\Windows\System\jHZfBvS.exe
  2⤵
  PID:2760
- C:\Windows\System\BzzXcDV.exe
  C:\Windows\System\BzzXcDV.exe
  2⤵
  PID:980
- C:\Windows\System\AxHsVfr.exe
  C:\Windows\System\AxHsVfr.exe
  2⤵
  PID:1600
- C:\Windows\System\SzWpETm.exe
  C:\Windows\System\SzWpETm.exe
  2⤵
  PID:2300
- C:\Windows\System\RygTNBv.exe
  C:\Windows\System\RygTNBv.exe
  2⤵
  PID:1616
- C:\Windows\System\qHEpHOg.exe
  C:\Windows\System\qHEpHOg.exe
  2⤵
  PID:1852
- C:\Windows\System\YYTryiR.exe
  C:\Windows\System\YYTryiR.exe
  2⤵
  PID:2460
- C:\Windows\System\HHrqDlS.exe
  C:\Windows\System\HHrqDlS.exe
  2⤵
  PID:820
- C:\Windows\System\hdERzNe.exe
  C:\Windows\System\hdERzNe.exe
  2⤵
  PID:3040
- C:\Windows\System\ONLwJoi.exe
  C:\Windows\System\ONLwJoi.exe
  2⤵
  PID:2440
- C:\Windows\System\tVZlGaT.exe
  C:\Windows\System\tVZlGaT.exe
  2⤵
  PID:1008
- C:\Windows\System\QlryRpw.exe
  C:\Windows\System\QlryRpw.exe
  2⤵
  PID:2032
- C:\Windows\System\pTznafx.exe
  C:\Windows\System\pTznafx.exe
  2⤵
  PID:1292
- C:\Windows\System\DaveMNZ.exe
  C:\Windows\System\DaveMNZ.exe
  2⤵
  PID:1988
- C:\Windows\System\cBLxPvv.exe
  C:\Windows\System\cBLxPvv.exe
  2⤵
  PID:2432
- C:\Windows\System\qPEqCMI.exe
  C:\Windows\System\qPEqCMI.exe
  2⤵
  PID:1980
- C:\Windows\System\nTMlchh.exe
  C:\Windows\System\nTMlchh.exe
  2⤵
  PID:692
- C:\Windows\System\qJTdScW.exe
  C:\Windows\System\qJTdScW.exe
  2⤵
  PID:2584
- C:\Windows\System\FSrusKA.exe
  C:\Windows\System\FSrusKA.exe
  2⤵
  PID:2572
- C:\Windows\System\crKUlDK.exe
  C:\Windows\System\crKUlDK.exe
  2⤵
  PID:2204
- C:\Windows\System\cExwXJE.exe
  C:\Windows\System\cExwXJE.exe
  2⤵
  PID:2260
- C:\Windows\System\YqwUpJw.exe
  C:\Windows\System\YqwUpJw.exe
  2⤵
  PID:2952
- C:\Windows\System\iOvyneF.exe
  C:\Windows\System\iOvyneF.exe
  2⤵
  PID:2688
- C:\Windows\System\XCPPyAi.exe
  C:\Windows\System\XCPPyAi.exe
  2⤵
  PID:3016
- C:\Windows\System\kamLDoZ.exe
  C:\Windows\System\kamLDoZ.exe
  2⤵
  PID:2720
- C:\Windows\System\DvpcgdV.exe
  C:\Windows\System\DvpcgdV.exe
  2⤵
  PID:2940
- C:\Windows\System\imtPhwW.exe
  C:\Windows\System\imtPhwW.exe
  2⤵
  PID:2676
- C:\Windows\System\SkGpwQA.exe
  C:\Windows\System\SkGpwQA.exe
  2⤵
  PID:2104
- C:\Windows\System\DPuQnOJ.exe
  C:\Windows\System\DPuQnOJ.exe
  2⤵
  PID:2732
- C:\Windows\System\OCEARFL.exe
  C:\Windows\System\OCEARFL.exe
  2⤵
  PID:1080
- C:\Windows\System\bQkPxfW.exe
  C:\Windows\System\bQkPxfW.exe
  2⤵
  PID:3004
- C:\Windows\System\evuWBmZ.exe
  C:\Windows\System\evuWBmZ.exe
  2⤵
  PID:2228
- C:\Windows\System\sEQwyBM.exe
  C:\Windows\System\sEQwyBM.exe
  2⤵
  PID:2208
- C:\Windows\System\GhBSatr.exe
  C:\Windows\System\GhBSatr.exe
  2⤵
  PID:2536
- C:\Windows\System\oaIvBII.exe
  C:\Windows\System\oaIvBII.exe
  2⤵
  PID:1928
- C:\Windows\System\npmMAQF.exe
  C:\Windows\System\npmMAQF.exe
  2⤵
  PID:696
- C:\Windows\System\geVnqOE.exe
  C:\Windows\System\geVnqOE.exe
  2⤵
  PID:1516
- C:\Windows\System\gdHnOjL.exe
  C:\Windows\System\gdHnOjL.exe
  2⤵
  PID:1724
- C:\Windows\System\GjWlGwF.exe
  C:\Windows\System\GjWlGwF.exe
  2⤵
  PID:1036
- C:\Windows\System\KEXcTUa.exe
  C:\Windows\System\KEXcTUa.exe
  2⤵
  PID:1632
- C:\Windows\System\VOpFfXR.exe
  C:\Windows\System\VOpFfXR.exe
  2⤵
  PID:2548
- C:\Windows\System\VnqyfqY.exe
  C:\Windows\System\VnqyfqY.exe
  2⤵
  PID:2416
- C:\Windows\System\ZggEhTr.exe
  C:\Windows\System\ZggEhTr.exe
  2⤵
  PID:2804
- C:\Windows\System\ZnCAQPi.exe
  C:\Windows\System\ZnCAQPi.exe
  2⤵
  PID:3044
- C:\Windows\System\JZfpIZN.exe
  C:\Windows\System\JZfpIZN.exe
  2⤵
  PID:1684
- C:\Windows\System\udcbVkU.exe
  C:\Windows\System\udcbVkU.exe
  2⤵
  PID:2936
- C:\Windows\System\MSxdQfB.exe
  C:\Windows\System\MSxdQfB.exe
  2⤵
  PID:2216
- C:\Windows\System\MAiTDeM.exe
  C:\Windows\System\MAiTDeM.exe
  2⤵
  PID:2960
- C:\Windows\System\NSCtzJR.exe
  C:\Windows\System\NSCtzJR.exe
  2⤵
  PID:1916
- C:\Windows\System\aGSbWyJ.exe
  C:\Windows\System\aGSbWyJ.exe
  2⤵
  PID:1124
- C:\Windows\System\jnavkHZ.exe
  C:\Windows\System\jnavkHZ.exe
  2⤵
  PID:2244
- C:\Windows\System\hdSeCYd.exe
  C:\Windows\System\hdSeCYd.exe
  2⤵
  PID:1376
- C:\Windows\System\TZGIGlA.exe
  C:\Windows\System\TZGIGlA.exe
  2⤵
  PID:1012
- C:\Windows\System\YxVkEKw.exe
  C:\Windows\System\YxVkEKw.exe
  2⤵
  PID:2860
- C:\Windows\System\JhUPlQx.exe
  C:\Windows\System\JhUPlQx.exe
  2⤵
  PID:1368
- C:\Windows\System\ClqRpBZ.exe
  C:\Windows\System\ClqRpBZ.exe
  2⤵
  PID:2072
- C:\Windows\System\QBiQZKS.exe
  C:\Windows\System\QBiQZKS.exe
  2⤵
  PID:1512
- C:\Windows\System\juNWMUv.exe
  C:\Windows\System\juNWMUv.exe
  2⤵
  PID:2692
- C:\Windows\System\KybkbOR.exe
  C:\Windows\System\KybkbOR.exe
  2⤵
  PID:2768
- C:\Windows\System\hebXyKX.exe
  C:\Windows\System\hebXyKX.exe
  2⤵
  PID:1256
- C:\Windows\System\dwHykUK.exe
  C:\Windows\System\dwHykUK.exe
  2⤵
  PID:2980
- C:\Windows\System\BMMuUXP.exe
  C:\Windows\System\BMMuUXP.exe
  2⤵
  PID:940
- C:\Windows\System\VXtlcct.exe
  C:\Windows\System\VXtlcct.exe
  2⤵
  PID:2748
- C:\Windows\System\NgPJRtg.exe
  C:\Windows\System\NgPJRtg.exe
  2⤵
  PID:2944
- C:\Windows\System\FTwnhRC.exe
  C:\Windows\System\FTwnhRC.exe
  2⤵
  PID:2476
- C:\Windows\System\mhdeoiF.exe
  C:\Windows\System\mhdeoiF.exe
  2⤵
  PID:1224
- C:\Windows\System\fPsSeGe.exe
  C:\Windows\System\fPsSeGe.exe
  2⤵
  PID:2652
- C:\Windows\System\RozKzGT.exe
  C:\Windows\System\RozKzGT.exe
  2⤵
  PID:2780
- C:\Windows\System\peopldz.exe
  C:\Windows\System\peopldz.exe
  2⤵
  PID:3088
- C:\Windows\System\xDIrVze.exe
  C:\Windows\System\xDIrVze.exe
  2⤵
  PID:3108
- C:\Windows\System\EStWsOa.exe
  C:\Windows\System\EStWsOa.exe
  2⤵
  PID:3132
- C:\Windows\System\LNemJRA.exe
  C:\Windows\System\LNemJRA.exe
  2⤵
  PID:3152
- C:\Windows\System\wXzpZAO.exe
  C:\Windows\System\wXzpZAO.exe
  2⤵
  PID:3172
- C:\Windows\System\BRhLcJd.exe
  C:\Windows\System\BRhLcJd.exe
  2⤵
  PID:3188
- C:\Windows\System\cBiYjfF.exe
  C:\Windows\System\cBiYjfF.exe
  2⤵
  PID:3212
- C:\Windows\System\UDPHLyU.exe
  C:\Windows\System\UDPHLyU.exe
  2⤵
  PID:3232
- C:\Windows\System\bKxImCO.exe
  C:\Windows\System\bKxImCO.exe
  2⤵
  PID:3252
- C:\Windows\System\YkhpURR.exe
  C:\Windows\System\YkhpURR.exe
  2⤵
  PID:3268
- C:\Windows\System\VMpCwsz.exe
  C:\Windows\System\VMpCwsz.exe
  2⤵
  PID:3288
- C:\Windows\System\ebrYCiu.exe
  C:\Windows\System\ebrYCiu.exe
  2⤵
  PID:3312
- C:\Windows\System\tZipOZT.exe
  C:\Windows\System\tZipOZT.exe
  2⤵
  PID:3332
- C:\Windows\System\lEeshci.exe
  C:\Windows\System\lEeshci.exe
  2⤵
  PID:3352
- C:\Windows\System\zaldbnx.exe
  C:\Windows\System\zaldbnx.exe
  2⤵
  PID:3372
- C:\Windows\System\xlpmFVx.exe
  C:\Windows\System\xlpmFVx.exe
  2⤵
  PID:3392
- C:\Windows\System\aKATPzt.exe
  C:\Windows\System\aKATPzt.exe
  2⤵
  PID:3412
- C:\Windows\System\jgQrwUp.exe
  C:\Windows\System\jgQrwUp.exe
  2⤵
  PID:3432
- C:\Windows\System\btDmwUW.exe
  C:\Windows\System\btDmwUW.exe
  2⤵
  PID:3452
- C:\Windows\System\OFOFCpL.exe
  C:\Windows\System\OFOFCpL.exe
  2⤵
  PID:3468
- C:\Windows\System\KYwAzke.exe
  C:\Windows\System\KYwAzke.exe
  2⤵
  PID:3492
- C:\Windows\System\mkYWtTr.exe
  C:\Windows\System\mkYWtTr.exe
  2⤵
  PID:3512
- C:\Windows\System\tUjUygc.exe
  C:\Windows\System\tUjUygc.exe
  2⤵
  PID:3536
- C:\Windows\System\MplMjhB.exe
  C:\Windows\System\MplMjhB.exe
  2⤵
  PID:3556
- C:\Windows\System\bGlGfCq.exe
  C:\Windows\System\bGlGfCq.exe
  2⤵
  PID:3580
- C:\Windows\System\WcFDHhg.exe
  C:\Windows\System\WcFDHhg.exe
  2⤵
  PID:3600
- C:\Windows\System\KtcpeBG.exe
  C:\Windows\System\KtcpeBG.exe
  2⤵
  PID:3620
- C:\Windows\System\nBOCUPS.exe
  C:\Windows\System\nBOCUPS.exe
  2⤵
  PID:3640
- C:\Windows\System\nhcDYku.exe
  C:\Windows\System\nhcDYku.exe
  2⤵
  PID:3660
- C:\Windows\System\cvszOJZ.exe
  C:\Windows\System\cvszOJZ.exe
  2⤵
  PID:3680
- C:\Windows\System\glzFMpC.exe
  C:\Windows\System\glzFMpC.exe
  2⤵
  PID:3700
- C:\Windows\System\oAChqyS.exe
  C:\Windows\System\oAChqyS.exe
  2⤵
  PID:3720
- C:\Windows\System\tgXhxIo.exe
  C:\Windows\System\tgXhxIo.exe
  2⤵
  PID:3740
- C:\Windows\System\kKRpajM.exe
  C:\Windows\System\kKRpajM.exe
  2⤵
  PID:3760
- C:\Windows\System\uFYexdD.exe
  C:\Windows\System\uFYexdD.exe
  2⤵
  PID:3780
- C:\Windows\System\zOIoUlf.exe
  C:\Windows\System\zOIoUlf.exe
  2⤵
  PID:3800
- C:\Windows\System\fGQvOKB.exe
  C:\Windows\System\fGQvOKB.exe
  2⤵
  PID:3820
- C:\Windows\System\yFmddKe.exe
  C:\Windows\System\yFmddKe.exe
  2⤵
  PID:3840
- C:\Windows\System\KrENfER.exe
  C:\Windows\System\KrENfER.exe
  2⤵
  PID:3860
- C:\Windows\System\EeOHeJH.exe
  C:\Windows\System\EeOHeJH.exe
  2⤵
  PID:3880
- C:\Windows\System\soZllFE.exe
  C:\Windows\System\soZllFE.exe
  2⤵
  PID:3900
- C:\Windows\System\iNWwSbo.exe
  C:\Windows\System\iNWwSbo.exe
  2⤵
  PID:3920
- C:\Windows\System\niqrcSQ.exe
  C:\Windows\System\niqrcSQ.exe
  2⤵
  PID:3940
- C:\Windows\System\krJDiwj.exe
  C:\Windows\System\krJDiwj.exe
  2⤵
  PID:3960
- C:\Windows\System\zhZlDum.exe
  C:\Windows\System\zhZlDum.exe
  2⤵
  PID:3980
- C:\Windows\System\cVXQCLa.exe
  C:\Windows\System\cVXQCLa.exe
  2⤵
  PID:3996
- C:\Windows\System\DHcpRad.exe
  C:\Windows\System\DHcpRad.exe
  2⤵
  PID:4016
- C:\Windows\System\YpMNNtT.exe
  C:\Windows\System\YpMNNtT.exe
  2⤵
  PID:4040
- C:\Windows\System\yRHLBfR.exe
  C:\Windows\System\yRHLBfR.exe
  2⤵
  PID:4060
- C:\Windows\System\kPiSZQP.exe
  C:\Windows\System\kPiSZQP.exe
  2⤵
  PID:4076
- C:\Windows\System\fvkZcOU.exe
  C:\Windows\System\fvkZcOU.exe
  2⤵
  PID:352
- C:\Windows\System\rcPufbg.exe
  C:\Windows\System\rcPufbg.exe
  2⤵
  PID:2716
- C:\Windows\System\VawSkND.exe
  C:\Windows\System\VawSkND.exe
  2⤵
  PID:1744
- C:\Windows\System\MUqwEtV.exe
  C:\Windows\System\MUqwEtV.exe
  2⤵
  PID:1692
- C:\Windows\System\UvBzgRf.exe
  C:\Windows\System\UvBzgRf.exe
  2⤵
  PID:852
- C:\Windows\System\Mgjgqgb.exe
  C:\Windows\System\Mgjgqgb.exe
  2⤵
  PID:3116
- C:\Windows\System\tbeCIoE.exe
  C:\Windows\System\tbeCIoE.exe
  2⤵
  PID:3100
- C:\Windows\System\MFIvhEd.exe
  C:\Windows\System\MFIvhEd.exe
  2⤵
  PID:3168
- C:\Windows\System\mVbIVqF.exe
  C:\Windows\System\mVbIVqF.exe
  2⤵
  PID:3208
- C:\Windows\System\llfCzxx.exe
  C:\Windows\System\llfCzxx.exe
  2⤵
  PID:3220
- C:\Windows\System\duZWmyC.exe
  C:\Windows\System\duZWmyC.exe
  2⤵
  PID:3224
- C:\Windows\System\XOZJCCl.exe
  C:\Windows\System\XOZJCCl.exe
  2⤵
  PID:3264
- C:\Windows\System\MHVgTpD.exe
  C:\Windows\System\MHVgTpD.exe
  2⤵
  PID:3308
- C:\Windows\System\wsJsVPA.exe
  C:\Windows\System\wsJsVPA.exe
  2⤵
  PID:3340
- C:\Windows\System\giKTHXn.exe
  C:\Windows\System\giKTHXn.exe
  2⤵
  PID:2044
- C:\Windows\System\HwykKll.exe
  C:\Windows\System\HwykKll.exe
  2⤵
  PID:3388
- C:\Windows\System\UcYGwEv.exe
  C:\Windows\System\UcYGwEv.exe
  2⤵
  PID:2832
- C:\Windows\System\pwgtvDL.exe
  C:\Windows\System\pwgtvDL.exe
  2⤵
  PID:3480
- C:\Windows\System\dnBpwKL.exe
  C:\Windows\System\dnBpwKL.exe
  2⤵
  PID:3520
- C:\Windows\System\gVBTFIU.exe
  C:\Windows\System\gVBTFIU.exe
  2⤵
  PID:3500
- C:\Windows\System\UqCDGbo.exe
  C:\Windows\System\UqCDGbo.exe
  2⤵
  PID:3572
- C:\Windows\System\npEQKtb.exe
  C:\Windows\System\npEQKtb.exe
  2⤵
  PID:3616
- C:\Windows\System\inAioOy.exe
  C:\Windows\System\inAioOy.exe
  2⤵
  PID:3592
- C:\Windows\System\ncOAJgd.exe
  C:\Windows\System\ncOAJgd.exe
  2⤵
  PID:3628
- C:\Windows\System\zKMYHia.exe
  C:\Windows\System\zKMYHia.exe
  2⤵
  PID:3736
- C:\Windows\System\hcqKiHN.exe
  C:\Windows\System\hcqKiHN.exe
  2⤵
  PID:1468
- C:\Windows\System\wRrppoi.exe
  C:\Windows\System\wRrppoi.exe
  2⤵
  PID:3772
- C:\Windows\System\TGXQmCt.exe
  C:\Windows\System\TGXQmCt.exe
  2⤵
  PID:3816
- C:\Windows\System\bnFzOQk.exe
  C:\Windows\System\bnFzOQk.exe
  2⤵
  PID:3796
- C:\Windows\System\OcuiLIX.exe
  C:\Windows\System\OcuiLIX.exe
  2⤵
  PID:3856
- C:\Windows\System\QAfaiXN.exe
  C:\Windows\System\QAfaiXN.exe
  2⤵
  PID:2756
- C:\Windows\System\svyUHoH.exe
  C:\Windows\System\svyUHoH.exe
  2⤵
  PID:3568
- C:\Windows\System\EokGYjC.exe
  C:\Windows\System\EokGYjC.exe
  2⤵
  PID:3872
- C:\Windows\System\QSksPRc.exe
  C:\Windows\System\QSksPRc.exe
  2⤵
  PID:3968
- C:\Windows\System\BXejqXN.exe
  C:\Windows\System\BXejqXN.exe
  2⤵
  PID:3976
- C:\Windows\System\tAHlReo.exe
  C:\Windows\System\tAHlReo.exe
  2⤵
  PID:4008
- C:\Windows\System\xcQAnzu.exe
  C:\Windows\System\xcQAnzu.exe
  2⤵
  PID:4028
- C:\Windows\System\rCmnQvu.exe
  C:\Windows\System\rCmnQvu.exe
  2⤵
  PID:4092
- C:\Windows\System\DldIMLy.exe
  C:\Windows\System\DldIMLy.exe
  2⤵
  PID:4072
- C:\Windows\System\EUVNYaG.exe
  C:\Windows\System\EUVNYaG.exe
  2⤵
  PID:2848
- C:\Windows\System\CgFAJKy.exe
  C:\Windows\System\CgFAJKy.exe
  2⤵
  PID:3084
- C:\Windows\System\KtmJHjp.exe
  C:\Windows\System\KtmJHjp.exe
  2⤵
  PID:3128
- C:\Windows\System\sFTlCre.exe
  C:\Windows\System\sFTlCre.exe
  2⤵
  PID:3200
- C:\Windows\System\FwwcpyO.exe
  C:\Windows\System\FwwcpyO.exe
  2⤵
  PID:3148
- C:\Windows\System\quBaztZ.exe
  C:\Windows\System\quBaztZ.exe
  2⤵
  PID:3280
- C:\Windows\System\NmLIjqv.exe
  C:\Windows\System\NmLIjqv.exe
  2⤵
  PID:3320
- C:\Windows\System\zGDrCJP.exe
  C:\Windows\System\zGDrCJP.exe
  2⤵
  PID:3344
- C:\Windows\System\CIttBme.exe
  C:\Windows\System\CIttBme.exe
  2⤵
  PID:3440
- C:\Windows\System\ijJheTZ.exe
  C:\Windows\System\ijJheTZ.exe
  2⤵
  PID:3464
- C:\Windows\System\GGsmoGF.exe
  C:\Windows\System\GGsmoGF.exe
  2⤵
  PID:3564
- C:\Windows\System\bEaTUsj.exe
  C:\Windows\System\bEaTUsj.exe
  2⤵
  PID:3656
- C:\Windows\System\zngZZQY.exe
  C:\Windows\System\zngZZQY.exe
  2⤵
  PID:3588
- C:\Windows\System\VLgNCIF.exe
  C:\Windows\System\VLgNCIF.exe
  2⤵
  PID:3652
- C:\Windows\System\AzkzHoc.exe
  C:\Windows\System\AzkzHoc.exe
  2⤵
  PID:3776
- C:\Windows\System\rFFFwql.exe
  C:\Windows\System\rFFFwql.exe
  2⤵
  PID:3792
- C:\Windows\System\AQSESrl.exe
  C:\Windows\System\AQSESrl.exe
  2⤵
  PID:3828
- C:\Windows\System\vCXFKTj.exe
  C:\Windows\System\vCXFKTj.exe
  2⤵
  PID:3928
- C:\Windows\System\eHPVrZm.exe
  C:\Windows\System\eHPVrZm.exe
  2⤵
  PID:3956
- C:\Windows\System\ARkEsrf.exe
  C:\Windows\System\ARkEsrf.exe
  2⤵
  PID:1824
- C:\Windows\System\izEeNBj.exe
  C:\Windows\System\izEeNBj.exe
  2⤵
  PID:4056
- C:\Windows\System\ElGCnYy.exe
  C:\Windows\System\ElGCnYy.exe
  2⤵
  PID:4068
- C:\Windows\System\nhrsyzc.exe
  C:\Windows\System\nhrsyzc.exe
  2⤵
  PID:2820
- C:\Windows\System\OoJyidF.exe
  C:\Windows\System\OoJyidF.exe
  2⤵
  PID:1528
- C:\Windows\System\GHWbDZr.exe
  C:\Windows\System\GHWbDZr.exe
  2⤵
  PID:2328
- C:\Windows\System\AetUliF.exe
  C:\Windows\System\AetUliF.exe
  2⤵
  PID:1652
- C:\Windows\System\OWCNZOM.exe
  C:\Windows\System\OWCNZOM.exe
  2⤵
  PID:3104
- C:\Windows\System\IYhCItC.exe
  C:\Windows\System\IYhCItC.exe
  2⤵
  PID:3328
- C:\Windows\System\mWoPbXW.exe
  C:\Windows\System\mWoPbXW.exe
  2⤵
  PID:3296
- C:\Windows\System\kRdQKYu.exe
  C:\Windows\System\kRdQKYu.exe
  2⤵
  PID:3476
- C:\Windows\System\XoZGgTd.exe
  C:\Windows\System\XoZGgTd.exe
  2⤵
  PID:2948
- C:\Windows\System\pSXqXzm.exe
  C:\Windows\System\pSXqXzm.exe
  2⤵
  PID:3728
- C:\Windows\System\BfbGDMj.exe
  C:\Windows\System\BfbGDMj.exe
  2⤵
  PID:3712
- C:\Windows\System\oPvTfVo.exe
  C:\Windows\System\oPvTfVo.exe
  2⤵
  PID:3896
- C:\Windows\System\YgWibdM.exe
  C:\Windows\System\YgWibdM.exe
  2⤵
  PID:3912
- C:\Windows\System\jWJbSfM.exe
  C:\Windows\System\jWJbSfM.exe
  2⤵
  PID:3936
- C:\Windows\System\NbRBCcb.exe
  C:\Windows\System\NbRBCcb.exe
  2⤵
  PID:3832
- C:\Windows\System\ntgnVDc.exe
  C:\Windows\System\ntgnVDc.exe
  2⤵
  PID:4052
- C:\Windows\System\zcNHhyc.exe
  C:\Windows\System\zcNHhyc.exe
  2⤵
  PID:3020
- C:\Windows\System\cFQCGit.exe
  C:\Windows\System\cFQCGit.exe
  2⤵
  PID:4004
- C:\Windows\System\ODhHfSe.exe
  C:\Windows\System\ODhHfSe.exe
  2⤵
  PID:3380
- C:\Windows\System\AlpPPnS.exe
  C:\Windows\System\AlpPPnS.exe
  2⤵
  PID:3000
- C:\Windows\System\NRqreaM.exe
  C:\Windows\System\NRqreaM.exe
  2⤵
  PID:3648
- C:\Windows\System\sYnKvoZ.exe
  C:\Windows\System\sYnKvoZ.exe
  2⤵
  PID:3408
- C:\Windows\System\zhlLYVN.exe
  C:\Windows\System\zhlLYVN.exe
  2⤵
  PID:3384
- C:\Windows\System\yRZTofJ.exe
  C:\Windows\System\yRZTofJ.exe
  2⤵
  PID:3548
- C:\Windows\System\nLXuwKW.exe
  C:\Windows\System\nLXuwKW.exe
  2⤵
  PID:3716
- C:\Windows\System\hdgdIgW.exe
  C:\Windows\System\hdgdIgW.exe
  2⤵
  PID:3768
- C:\Windows\System\xVeJqjT.exe
  C:\Windows\System\xVeJqjT.exe
  2⤵
  PID:3836
- C:\Windows\System\QbwukRQ.exe
  C:\Windows\System\QbwukRQ.exe
  2⤵
  PID:2272
- C:\Windows\System\OUchGAl.exe
  C:\Windows\System\OUchGAl.exe
  2⤵
  PID:1408
- C:\Windows\System\qWEfcPK.exe
  C:\Windows\System\qWEfcPK.exe
  2⤵
  PID:2660
- C:\Windows\System\WYZQmdH.exe
  C:\Windows\System\WYZQmdH.exe
  2⤵
  PID:2540
- C:\Windows\System\uKIbCsA.exe
  C:\Windows\System\uKIbCsA.exe
  2⤵
  PID:2452
- C:\Windows\System\zuoJTVA.exe
  C:\Windows\System\zuoJTVA.exe
  2⤵
  PID:1664
- C:\Windows\System\FBgfylc.exe
  C:\Windows\System\FBgfylc.exe
  2⤵
  PID:1500
- C:\Windows\System\jPYgjHp.exe
  C:\Windows\System\jPYgjHp.exe
  2⤵
  PID:3692
- C:\Windows\System\KiazyvV.exe
  C:\Windows\System\KiazyvV.exe
  2⤵
  PID:772
- C:\Windows\System\oMJLTCL.exe
  C:\Windows\System\oMJLTCL.exe
  2⤵
  PID:2180
- C:\Windows\System\fpKIaSM.exe
  C:\Windows\System\fpKIaSM.exe
  2⤵
  PID:3524
- C:\Windows\System\BXEsWnh.exe
  C:\Windows\System\BXEsWnh.exe
  2⤵
  PID:4024
- C:\Windows\System\oGguEGy.exe
  C:\Windows\System\oGguEGy.exe
  2⤵
  PID:832
- C:\Windows\System\qjonDzu.exe
  C:\Windows\System\qjonDzu.exe
  2⤵
  PID:2332
- C:\Windows\System\zLqPgah.exe
  C:\Windows\System\zLqPgah.exe
  2⤵
  PID:1288
- C:\Windows\System\EGcFqmZ.exe
  C:\Windows\System\EGcFqmZ.exe
  2⤵
  PID:3756
- C:\Windows\System\BYkgrAw.exe
  C:\Windows\System\BYkgrAw.exe
  2⤵
  PID:3544
- C:\Windows\System\jzcrabg.exe
  C:\Windows\System\jzcrabg.exe
  2⤵
  PID:2292
- C:\Windows\System\DZhahGC.exe
  C:\Windows\System\DZhahGC.exe
  2⤵
  PID:3360
- C:\Windows\System\nQxSiMi.exe
  C:\Windows\System\nQxSiMi.exe
  2⤵
  PID:4116
- C:\Windows\System\aIyBPVB.exe
  C:\Windows\System\aIyBPVB.exe
  2⤵
  PID:4132
- C:\Windows\System\KAtKqLW.exe
  C:\Windows\System\KAtKqLW.exe
  2⤵
  PID:4156
- C:\Windows\System\RrUaELx.exe
  C:\Windows\System\RrUaELx.exe
  2⤵
  PID:4172
- C:\Windows\System\vklTJJl.exe
  C:\Windows\System\vklTJJl.exe
  2⤵
  PID:4192
- C:\Windows\System\DcCUqHq.exe
  C:\Windows\System\DcCUqHq.exe
  2⤵
  PID:4212
- C:\Windows\System\fwaQMCY.exe
  C:\Windows\System\fwaQMCY.exe
  2⤵
  PID:4240
- C:\Windows\System\lMzaTKS.exe
  C:\Windows\System\lMzaTKS.exe
  2⤵
  PID:4256
- C:\Windows\System\wwXhHXS.exe
  C:\Windows\System\wwXhHXS.exe
  2⤵
  PID:4272
- C:\Windows\System\TtjLocS.exe
  C:\Windows\System\TtjLocS.exe
  2⤵
  PID:4288
- C:\Windows\System\gZHfKJQ.exe
  C:\Windows\System\gZHfKJQ.exe
  2⤵
  PID:4304
- C:\Windows\System\yHhqJIO.exe
  C:\Windows\System\yHhqJIO.exe
  2⤵
  PID:4328
- C:\Windows\System\hgmKfWM.exe
  C:\Windows\System\hgmKfWM.exe
  2⤵
  PID:4364
- C:\Windows\System\jxusCFY.exe
  C:\Windows\System\jxusCFY.exe
  2⤵
  PID:4380
- C:\Windows\System\SJhmber.exe
  C:\Windows\System\SJhmber.exe
  2⤵
  PID:4396
- C:\Windows\System\DrGlYUu.exe
  C:\Windows\System\DrGlYUu.exe
  2⤵
  PID:4436
- C:\Windows\System\ZBSwlBT.exe
  C:\Windows\System\ZBSwlBT.exe
  2⤵
  PID:4452
- C:\Windows\System\MJbuweV.exe
  C:\Windows\System\MJbuweV.exe
  2⤵
  PID:4468
- C:\Windows\System\OVQdBKV.exe
  C:\Windows\System\OVQdBKV.exe
  2⤵
  PID:4496
- C:\Windows\System\ufhPRGU.exe
  C:\Windows\System\ufhPRGU.exe
  2⤵
  PID:4512
- C:\Windows\System\WcFeslR.exe
  C:\Windows\System\WcFeslR.exe
  2⤵
  PID:4532
- C:\Windows\System\lgsToHS.exe
  C:\Windows\System\lgsToHS.exe
  2⤵
  PID:4548
- C:\Windows\System\Lhdmkkp.exe
  C:\Windows\System\Lhdmkkp.exe
  2⤵
  PID:4564
- C:\Windows\System\gllxkXa.exe
  C:\Windows\System\gllxkXa.exe
  2⤵
  PID:4584
- C:\Windows\System\XkrvbrV.exe
  C:\Windows\System\XkrvbrV.exe
  2⤵
  PID:4608
- C:\Windows\System\CmprfTq.exe
  C:\Windows\System\CmprfTq.exe
  2⤵
  PID:4628
- C:\Windows\System\SZPQwAm.exe
  C:\Windows\System\SZPQwAm.exe
  2⤵
  PID:4644
- C:\Windows\System\lstzgDa.exe
  C:\Windows\System\lstzgDa.exe
  2⤵
  PID:4660
- C:\Windows\System\YAikVwX.exe
  C:\Windows\System\YAikVwX.exe
  2⤵
  PID:4680
- C:\Windows\System\uAgrUqy.exe
  C:\Windows\System\uAgrUqy.exe
  2⤵
  PID:4696
- C:\Windows\System\ERYxepI.exe
  C:\Windows\System\ERYxepI.exe
  2⤵
  PID:4712
- C:\Windows\System\HgtvrIX.exe
  C:\Windows\System\HgtvrIX.exe
  2⤵
  PID:4728
- C:\Windows\System\KIDFgLp.exe
  C:\Windows\System\KIDFgLp.exe
  2⤵
  PID:4752
- C:\Windows\System\YULuuhj.exe
  C:\Windows\System\YULuuhj.exe
  2⤵
  PID:4768
- C:\Windows\System\rMKOeig.exe
  C:\Windows\System\rMKOeig.exe
  2⤵
  PID:4812
- C:\Windows\System\UMstwXH.exe
  C:\Windows\System\UMstwXH.exe
  2⤵
  PID:4840
- C:\Windows\System\gQKlhmA.exe
  C:\Windows\System\gQKlhmA.exe
  2⤵
  PID:4856
- C:\Windows\System\dafkfzY.exe
  C:\Windows\System\dafkfzY.exe
  2⤵
  PID:4876
- C:\Windows\System\EXyHcAB.exe
  C:\Windows\System\EXyHcAB.exe
  2⤵
  PID:4896
- C:\Windows\System\CmQLOao.exe
  C:\Windows\System\CmQLOao.exe
  2⤵
  PID:4912
- C:\Windows\System\igDkNTG.exe
  C:\Windows\System\igDkNTG.exe
  2⤵
  PID:4928
- C:\Windows\System\nKcTqji.exe
  C:\Windows\System\nKcTqji.exe
  2⤵
  PID:4948
- C:\Windows\System\XcaZgcT.exe
  C:\Windows\System\XcaZgcT.exe
  2⤵
  PID:4972
- C:\Windows\System\UyFAXrA.exe
  C:\Windows\System\UyFAXrA.exe
  2⤵
  PID:4988
- C:\Windows\System\UYuwDqu.exe
  C:\Windows\System\UYuwDqu.exe
  2⤵
  PID:5004
- C:\Windows\System\agJmLSJ.exe
  C:\Windows\System\agJmLSJ.exe
  2⤵
  PID:5020
- C:\Windows\System\hBdQClr.exe
  C:\Windows\System\hBdQClr.exe
  2⤵
  PID:5040
- C:\Windows\System\atjbahr.exe
  C:\Windows\System\atjbahr.exe
  2⤵
  PID:5068
- C:\Windows\System\IdIADOZ.exe
  C:\Windows\System\IdIADOZ.exe
  2⤵
  PID:5088
- C:\Windows\System\GnTWJYJ.exe
  C:\Windows\System\GnTWJYJ.exe
  2⤵
  PID:5104
- C:\Windows\System\AzPeZLk.exe
  C:\Windows\System\AzPeZLk.exe
  2⤵
  PID:1284
- C:\Windows\System\TeyTgcX.exe
  C:\Windows\System\TeyTgcX.exe
  2⤵
  PID:4128
- C:\Windows\System\ABBbrJZ.exe
  C:\Windows\System\ABBbrJZ.exe
  2⤵
  PID:4208
- C:\Windows\System\HEZkeBD.exe
  C:\Windows\System\HEZkeBD.exe
  2⤵
  PID:4148
- C:\Windows\System\GMJAEeC.exe
  C:\Windows\System\GMJAEeC.exe
  2⤵
  PID:2668
- C:\Windows\System\jAFQylp.exe
  C:\Windows\System\jAFQylp.exe
  2⤵
  PID:4184
- C:\Windows\System\EbGsumU.exe
  C:\Windows\System\EbGsumU.exe
  2⤵
  PID:4220
- C:\Windows\System\yFzXqQb.exe
  C:\Windows\System\yFzXqQb.exe
  2⤵
  PID:4252
- C:\Windows\System\JTOwgYl.exe
  C:\Windows\System\JTOwgYl.exe
  2⤵
  PID:4324
- C:\Windows\System\LdEDyvD.exe
  C:\Windows\System\LdEDyvD.exe
  2⤵
  PID:4296
- C:\Windows\System\WhKBUqB.exe
  C:\Windows\System\WhKBUqB.exe
  2⤵
  PID:4344
- C:\Windows\System\BrLkOLq.exe
  C:\Windows\System\BrLkOLq.exe
  2⤵
  PID:2456
- C:\Windows\System\iGyTxvN.exe
  C:\Windows\System\iGyTxvN.exe
  2⤵
  PID:4408
- C:\Windows\System\IQiZwMU.exe
  C:\Windows\System\IQiZwMU.exe
  2⤵
  PID:4424
- C:\Windows\System\URjVhsZ.exe
  C:\Windows\System\URjVhsZ.exe
  2⤵
  PID:4460
- C:\Windows\System\QEjWuFC.exe
  C:\Windows\System\QEjWuFC.exe
  2⤵
  PID:840
- C:\Windows\System\MVAqTqR.exe
  C:\Windows\System\MVAqTqR.exe
  2⤵
  PID:4508
- C:\Windows\System\bQjaFTP.exe
  C:\Windows\System\bQjaFTP.exe
  2⤵
  PID:4576
- C:\Windows\System\FGnlYrV.exe
  C:\Windows\System\FGnlYrV.exe
  2⤵
  PID:4652
- C:\Windows\System\jAczngq.exe
  C:\Windows\System\jAczngq.exe
  2⤵
  PID:4560
- C:\Windows\System\HLgbJyo.exe
  C:\Windows\System\HLgbJyo.exe
  2⤵
  PID:4600
- C:\Windows\System\GqIYaQB.exe
  C:\Windows\System\GqIYaQB.exe
  2⤵
  PID:4720
- C:\Windows\System\ihzXzMq.exe
  C:\Windows\System\ihzXzMq.exe
  2⤵
  PID:4740
- C:\Windows\System\fFknGjB.exe
  C:\Windows\System\fFknGjB.exe
  2⤵
  PID:4784
- C:\Windows\System\UucoiUf.exe
  C:\Windows\System\UucoiUf.exe
  2⤵
  PID:4792
- C:\Windows\System\xkvIRYa.exe
  C:\Windows\System\xkvIRYa.exe
  2⤵
  PID:4800
- C:\Windows\System\IRNzAkX.exe
  C:\Windows\System\IRNzAkX.exe
  2⤵
  PID:4776
- C:\Windows\System\mctvUBd.exe
  C:\Windows\System\mctvUBd.exe
  2⤵
  PID:2200
- C:\Windows\System\ctNqrSB.exe
  C:\Windows\System\ctNqrSB.exe
  2⤵
  PID:2196
- C:\Windows\System\oDjBJMy.exe
  C:\Windows\System\oDjBJMy.exe
  2⤵
  PID:4852
- C:\Windows\System\QOGrInu.exe
  C:\Windows\System\QOGrInu.exe
  2⤵
  PID:4936
- C:\Windows\System\JvDAygE.exe
  C:\Windows\System\JvDAygE.exe
  2⤵
  PID:4984
- C:\Windows\System\FstBHMU.exe
  C:\Windows\System\FstBHMU.exe
  2⤵
  PID:5052
- C:\Windows\System\WqFIvQy.exe
  C:\Windows\System\WqFIvQy.exe
  2⤵
  PID:4924
- C:\Windows\System\MbEAOyL.exe
  C:\Windows\System\MbEAOyL.exe
  2⤵
  PID:4920
- C:\Windows\System\XtPaFup.exe
  C:\Windows\System\XtPaFup.exe
  2⤵
  PID:5028
- C:\Windows\System\mhmniOL.exe
  C:\Windows\System\mhmniOL.exe
  2⤵
  PID:5100
- C:\Windows\System\zPMSkCA.exe
  C:\Windows\System\zPMSkCA.exe
  2⤵
  PID:3140
- C:\Windows\System\UlQTqJE.exe
  C:\Windows\System\UlQTqJE.exe
  2⤵
  PID:5116
- C:\Windows\System\mwAKAOk.exe
  C:\Windows\System\mwAKAOk.exe
  2⤵
  PID:4108
- C:\Windows\System\tJCvfiH.exe
  C:\Windows\System\tJCvfiH.exe
  2⤵
  PID:4180
- C:\Windows\System\FuUxvUi.exe
  C:\Windows\System\FuUxvUi.exe
  2⤵
  PID:4248
- C:\Windows\System\FuHkTLI.exe
  C:\Windows\System\FuHkTLI.exe
  2⤵
  PID:4348
- C:\Windows\System\kNKMjcI.exe
  C:\Windows\System\kNKMjcI.exe
  2⤵
  PID:2376
- C:\Windows\System\ejmXdFW.exe
  C:\Windows\System\ejmXdFW.exe
  2⤵
  PID:2468
- C:\Windows\System\CnHRIwz.exe
  C:\Windows\System\CnHRIwz.exe
  2⤵
  PID:4404
- C:\Windows\System\McGyQQZ.exe
  C:\Windows\System\McGyQQZ.exe
  2⤵
  PID:4312
- C:\Windows\System\fddKQuf.exe
  C:\Windows\System\fddKQuf.exe
  2⤵
  PID:4540
- C:\Windows\System\CnAuCPK.exe
  C:\Windows\System\CnAuCPK.exe
  2⤵
  PID:4580
- C:\Windows\System\gytpgaI.exe
  C:\Windows\System\gytpgaI.exe
  2⤵
  PID:4480
- C:\Windows\System\XeGGDfS.exe
  C:\Windows\System\XeGGDfS.exe
  2⤵
  PID:4604
- C:\Windows\System\iTuqGyi.exe
  C:\Windows\System\iTuqGyi.exe
  2⤵
  PID:4668
- C:\Windows\System\cPCGnhY.exe
  C:\Windows\System\cPCGnhY.exe
  2⤵
  PID:2844
- C:\Windows\System\dOjmpHF.exe
  C:\Windows\System\dOjmpHF.exe
  2⤵
  PID:4888
- C:\Windows\System\WHNVwjq.exe
  C:\Windows\System\WHNVwjq.exe
  2⤵
  PID:4980
- C:\Windows\System\yAdJIit.exe
  C:\Windows\System\yAdJIit.exe
  2⤵
  PID:5032
- C:\Windows\System\EpzIqHD.exe
  C:\Windows\System\EpzIqHD.exe
  2⤵
  PID:1000
- C:\Windows\System\HPbsnwt.exe
  C:\Windows\System\HPbsnwt.exe
  2⤵
  PID:1032
- C:\Windows\System\ysguIZH.exe
  C:\Windows\System\ysguIZH.exe
  2⤵
  PID:4448
- C:\Windows\System\QJvNshR.exe
  C:\Windows\System\QJvNshR.exe
  2⤵
  PID:4760
- C:\Windows\System\GfRdGGp.exe
  C:\Windows\System\GfRdGGp.exe
  2⤵
  PID:4908
- C:\Windows\System\oWJahPS.exe
  C:\Windows\System\oWJahPS.exe
  2⤵
  PID:2176
- C:\Windows\System\TSAeLYh.exe
  C:\Windows\System\TSAeLYh.exe
  2⤵
  PID:4520
- C:\Windows\System\NNckRnT.exe
  C:\Windows\System\NNckRnT.exe
  2⤵
  PID:4704
- C:\Windows\System\OYLfaTX.exe
  C:\Windows\System\OYLfaTX.exe
  2⤵
  PID:4360
- C:\Windows\System\JnFxlZI.exe
  C:\Windows\System\JnFxlZI.exe
  2⤵
  PID:5080
- C:\Windows\System\vBtMSje.exe
  C:\Windows\System\vBtMSje.exe
  2⤵
  PID:4788
- C:\Windows\System\hhlmxNJ.exe
  C:\Windows\System\hhlmxNJ.exe
  2⤵
  PID:4944
- C:\Windows\System\KZwrcBT.exe
  C:\Windows\System\KZwrcBT.exe
  2⤵
  PID:4032
- C:\Windows\System\NVgnCjf.exe
  C:\Windows\System\NVgnCjf.exe
  2⤵
  PID:4488
- C:\Windows\System\AVBFrqX.exe
  C:\Windows\System\AVBFrqX.exe
  2⤵
  PID:4232
- C:\Windows\System\BKybjnd.exe
  C:\Windows\System\BKybjnd.exe
  2⤵
  PID:2128
- C:\Windows\System\NLjRQMQ.exe
  C:\Windows\System\NLjRQMQ.exe
  2⤵
  PID:5076
- C:\Windows\System\XvkzyaI.exe
  C:\Windows\System\XvkzyaI.exe
  2⤵
  PID:2924
- C:\Windows\System\qGPGKlL.exe
  C:\Windows\System\qGPGKlL.exe
  2⤵
  PID:4872
- C:\Windows\System\tJcdgcP.exe
  C:\Windows\System\tJcdgcP.exe
  2⤵
  PID:4828
- C:\Windows\System\kDDpJGz.exe
  C:\Windows\System\kDDpJGz.exe
  2⤵
  PID:4676
- C:\Windows\System\AsuznWy.exe
  C:\Windows\System\AsuznWy.exe
  2⤵
  PID:5016
- C:\Windows\System\GRyhDeL.exe
  C:\Windows\System\GRyhDeL.exe
  2⤵
  PID:4484
- C:\Windows\System\EWaOath.exe
  C:\Windows\System\EWaOath.exe
  2⤵
  PID:4524
- C:\Windows\System\FStiaSD.exe
  C:\Windows\System\FStiaSD.exe
  2⤵
  PID:5056
- C:\Windows\System\lAijkMT.exe
  C:\Windows\System\lAijkMT.exe
  2⤵
  PID:5096
- C:\Windows\System\ONhBExP.exe
  C:\Windows\System\ONhBExP.exe
  2⤵
  PID:3484
- C:\Windows\System\ARDgnUh.exe
  C:\Windows\System\ARDgnUh.exe
  2⤵
  PID:4624
- C:\Windows\System\IAxNBKN.exe
  C:\Windows\System\IAxNBKN.exe
  2⤵
  PID:4748
- C:\Windows\System\QNTpZRn.exe
  C:\Windows\System\QNTpZRn.exe
  2⤵
  PID:4864
- C:\Windows\System\PmhURPx.exe
  C:\Windows\System\PmhURPx.exe
  2⤵
  PID:4620
- C:\Windows\System\AuSThOs.exe
  C:\Windows\System\AuSThOs.exe
  2⤵
  PID:5136
- C:\Windows\System\hjRVdRp.exe
  C:\Windows\System\hjRVdRp.exe
  2⤵
  PID:5152
- C:\Windows\System\ckByaGd.exe
  C:\Windows\System\ckByaGd.exe
  2⤵
  PID:5168
- C:\Windows\System\wAzWFHM.exe
  C:\Windows\System\wAzWFHM.exe
  2⤵
  PID:5184
- C:\Windows\System\GfqjkLt.exe
  C:\Windows\System\GfqjkLt.exe
  2⤵
  PID:5204
- C:\Windows\System\EqdgUHI.exe
  C:\Windows\System\EqdgUHI.exe
  2⤵
  PID:5224
- C:\Windows\System\bxXQKEL.exe
  C:\Windows\System\bxXQKEL.exe
  2⤵
  PID:5244
- C:\Windows\System\XbObxWY.exe
  C:\Windows\System\XbObxWY.exe
  2⤵
  PID:5260
- C:\Windows\System\dimdrBF.exe
  C:\Windows\System\dimdrBF.exe
  2⤵
  PID:5308
- C:\Windows\System\hrIXuzf.exe
  C:\Windows\System\hrIXuzf.exe
  2⤵
  PID:5328
- C:\Windows\System\ykvVOQT.exe
  C:\Windows\System\ykvVOQT.exe
  2⤵
  PID:5344
- C:\Windows\System\EwWEoyH.exe
  C:\Windows\System\EwWEoyH.exe
  2⤵
  PID:5360
- C:\Windows\System\RzsHhSE.exe
  C:\Windows\System\RzsHhSE.exe
  2⤵
  PID:5376
- C:\Windows\System\XfrydHL.exe
  C:\Windows\System\XfrydHL.exe
  2⤵
  PID:5392
- C:\Windows\System\MGCCogu.exe
  C:\Windows\System\MGCCogu.exe
  2⤵
  PID:5412
- C:\Windows\System\WxdsjED.exe
  C:\Windows\System\WxdsjED.exe
  2⤵
  PID:5432
- C:\Windows\System\VPhPqnq.exe
  C:\Windows\System\VPhPqnq.exe
  2⤵
  PID:5448
- C:\Windows\System\sMvjDOj.exe
  C:\Windows\System\sMvjDOj.exe
  2⤵
  PID:5464
- C:\Windows\System\NYoUQfR.exe
  C:\Windows\System\NYoUQfR.exe
  2⤵
  PID:5480
- C:\Windows\System\kFILVnO.exe
  C:\Windows\System\kFILVnO.exe
  2⤵
  PID:5500
- C:\Windows\System\qtphDIU.exe
  C:\Windows\System\qtphDIU.exe
  2⤵
  PID:5520
- C:\Windows\System\TqqvhEg.exe
  C:\Windows\System\TqqvhEg.exe
  2⤵
  PID:5544
- C:\Windows\System\GgZTdUg.exe
  C:\Windows\System\GgZTdUg.exe
  2⤵
  PID:5560
- C:\Windows\System\yUVciit.exe
  C:\Windows\System\yUVciit.exe
  2⤵
  PID:5608
- C:\Windows\System\QLSOeQg.exe
  C:\Windows\System\QLSOeQg.exe
  2⤵
  PID:5632
- C:\Windows\System\daXCkfT.exe
  C:\Windows\System\daXCkfT.exe
  2⤵
  PID:5648
- C:\Windows\System\sJjWKmQ.exe
  C:\Windows\System\sJjWKmQ.exe
  2⤵
  PID:5664
- C:\Windows\System\BaRZdqS.exe
  C:\Windows\System\BaRZdqS.exe
  2⤵
  PID:5680
- C:\Windows\System\ObWInOa.exe
  C:\Windows\System\ObWInOa.exe
  2⤵
  PID:5700
- C:\Windows\System\DNgAZzH.exe
  C:\Windows\System\DNgAZzH.exe
  2⤵
  PID:5720
- C:\Windows\System\nwyoMAm.exe
  C:\Windows\System\nwyoMAm.exe
  2⤵
  PID:5736
- C:\Windows\System\KmZbhkp.exe
  C:\Windows\System\KmZbhkp.exe
  2⤵
  PID:5756
- C:\Windows\System\nsyZjtt.exe
  C:\Windows\System\nsyZjtt.exe
  2⤵
  PID:5772
- C:\Windows\System\QKNcKZf.exe
  C:\Windows\System\QKNcKZf.exe
  2⤵
  PID:5788
- C:\Windows\System\fXiFWbm.exe
  C:\Windows\System\fXiFWbm.exe
  2⤵
  PID:5812
- C:\Windows\System\miynNng.exe
  C:\Windows\System\miynNng.exe
  2⤵
  PID:5836
- C:\Windows\System\SBWaEOc.exe
  C:\Windows\System\SBWaEOc.exe
  2⤵
  PID:5852
- C:\Windows\System\RjZdDSx.exe
  C:\Windows\System\RjZdDSx.exe
  2⤵
  PID:5892
- C:\Windows\System\EIbMklJ.exe
  C:\Windows\System\EIbMklJ.exe
  2⤵
  PID:5908
- C:\Windows\System\uvJvhwR.exe
  C:\Windows\System\uvJvhwR.exe
  2⤵
  PID:5928
- C:\Windows\System\KxlQtum.exe
  C:\Windows\System\KxlQtum.exe
  2⤵
  PID:5948
- C:\Windows\System\nNIAUxN.exe
  C:\Windows\System\nNIAUxN.exe
  2⤵
  PID:5964
- C:\Windows\System\njdvTsR.exe
  C:\Windows\System\njdvTsR.exe
  2⤵
  PID:5980
- C:\Windows\System\UnNkWph.exe
  C:\Windows\System\UnNkWph.exe
  2⤵
  PID:5996
- C:\Windows\System\bqixtOp.exe
  C:\Windows\System\bqixtOp.exe
  2⤵
  PID:6020
- C:\Windows\System\UQHxhYp.exe
  C:\Windows\System\UQHxhYp.exe
  2⤵
  PID:6040
- C:\Windows\System\dbaAyNa.exe
  C:\Windows\System\dbaAyNa.exe
  2⤵
  PID:6060
- C:\Windows\System\rcpSHwQ.exe
  C:\Windows\System\rcpSHwQ.exe
  2⤵
  PID:6076
- C:\Windows\System\GInNFYk.exe
  C:\Windows\System\GInNFYk.exe
  2⤵
  PID:6096
- C:\Windows\System\wmsLVkF.exe
  C:\Windows\System\wmsLVkF.exe
  2⤵
  PID:6116
- C:\Windows\System\MsIQoWo.exe
  C:\Windows\System\MsIQoWo.exe
  2⤵
  PID:6140
- C:\Windows\System\EETnAkR.exe
  C:\Windows\System\EETnAkR.exe
  2⤵
  PID:2480
- C:\Windows\System\NwdvYbH.exe
  C:\Windows\System\NwdvYbH.exe
  2⤵
  PID:4476
- C:\Windows\System\ItbLUpV.exe
  C:\Windows\System\ItbLUpV.exe
  2⤵
  PID:5128
- C:\Windows\System\Zedwucy.exe
  C:\Windows\System\Zedwucy.exe
  2⤵
  PID:5200
- C:\Windows\System\URHpiJU.exe
  C:\Windows\System\URHpiJU.exe
  2⤵
  PID:5288
- C:\Windows\System\PJtNusI.exe
  C:\Windows\System\PJtNusI.exe
  2⤵
  PID:5256
- C:\Windows\System\vPSfztg.exe
  C:\Windows\System\vPSfztg.exe
  2⤵
  PID:5220
- C:\Windows\System\zIasyDj.exe
  C:\Windows\System\zIasyDj.exe
  2⤵
  PID:5440
- C:\Windows\System\xKyPUzR.exe
  C:\Windows\System\xKyPUzR.exe
  2⤵
  PID:5512
- C:\Windows\System\tVogpEv.exe
  C:\Windows\System\tVogpEv.exe
  2⤵
  PID:5324
- C:\Windows\System\AqeGqdn.exe
  C:\Windows\System\AqeGqdn.exe
  2⤵
  PID:5356
- C:\Windows\System\lRhwdBN.exe
  C:\Windows\System\lRhwdBN.exe
  2⤵
  PID:5428
- C:\Windows\System\lrHzRHE.exe
  C:\Windows\System\lrHzRHE.exe
  2⤵
  PID:5496
- C:\Windows\System\IYelfNg.exe
  C:\Windows\System\IYelfNg.exe
  2⤵
  PID:5540
- C:\Windows\System\FDTsvja.exe
  C:\Windows\System\FDTsvja.exe
  2⤵
  PID:5580
- C:\Windows\System\cUFxaWr.exe
  C:\Windows\System\cUFxaWr.exe
  2⤵
  PID:5596
- C:\Windows\System\XVQIqJG.exe
  C:\Windows\System\XVQIqJG.exe
  2⤵
  PID:5628
- C:\Windows\System\KZQgHCL.exe
  C:\Windows\System\KZQgHCL.exe
  2⤵
  PID:5688
- C:\Windows\System\mFUZYeU.exe
  C:\Windows\System\mFUZYeU.exe
  2⤵
  PID:5764
- C:\Windows\System\cUGFTzh.exe
  C:\Windows\System\cUGFTzh.exe
  2⤵
  PID:5640
- C:\Windows\System\KfkvYKF.exe
  C:\Windows\System\KfkvYKF.exe
  2⤵
  PID:5744
- C:\Windows\System\PWFtJSj.exe
  C:\Windows\System\PWFtJSj.exe
  2⤵
  PID:5712
- C:\Windows\System\lyQgwPF.exe
  C:\Windows\System\lyQgwPF.exe
  2⤵
  PID:5752
- C:\Windows\System\KGFYclH.exe
  C:\Windows\System\KGFYclH.exe
  2⤵
  PID:5828
- C:\Windows\System\HiKnuVM.exe
  C:\Windows\System\HiKnuVM.exe
  2⤵
  PID:5900
- C:\Windows\System\vrugeRm.exe
  C:\Windows\System\vrugeRm.exe
  2⤵
  PID:5972
- C:\Windows\System\abjXQQX.exe
  C:\Windows\System\abjXQQX.exe
  2⤵
  PID:6008
- C:\Windows\System\XjHRESh.exe
  C:\Windows\System\XjHRESh.exe
  2⤵
  PID:5904
- C:\Windows\System\UBomRQU.exe
  C:\Windows\System\UBomRQU.exe
  2⤵
  PID:6124
- C:\Windows\System\BQCarla.exe
  C:\Windows\System\BQCarla.exe
  2⤵
  PID:6128
- C:\Windows\System\QklHqHa.exe
  C:\Windows\System\QklHqHa.exe
  2⤵
  PID:4268
- C:\Windows\System\OxJLHEb.exe
  C:\Windows\System\OxJLHEb.exe
  2⤵
  PID:5160
- C:\Windows\System\GuspnZp.exe
  C:\Windows\System\GuspnZp.exe
  2⤵
  PID:1436
- C:\Windows\System\sJpbSas.exe
  C:\Windows\System\sJpbSas.exe
  2⤵
  PID:5280
- C:\Windows\System\KIaVgSL.exe
  C:\Windows\System\KIaVgSL.exe
  2⤵
  PID:5284
- C:\Windows\System\FKWXSrP.exe
  C:\Windows\System\FKWXSrP.exe
  2⤵
  PID:5148
- C:\Windows\System\IjzyfzY.exe
  C:\Windows\System\IjzyfzY.exe
  2⤵
  PID:5472
- C:\Windows\System\kzqMrAm.exe
  C:\Windows\System\kzqMrAm.exe
  2⤵
  PID:5420
- C:\Windows\System\pAHcdkw.exe
  C:\Windows\System\pAHcdkw.exe
  2⤵
  PID:5536
- C:\Windows\System\Ieycikj.exe
  C:\Windows\System\Ieycikj.exe
  2⤵
  PID:5728
- C:\Windows\System\RwIHnWv.exe
  C:\Windows\System\RwIHnWv.exe
  2⤵
  PID:5352
- C:\Windows\System\vTvkujy.exe
  C:\Windows\System\vTvkujy.exe
  2⤵
  PID:5784
- C:\Windows\System\MAOoYfI.exe
  C:\Windows\System\MAOoYfI.exe
  2⤵
  PID:5920
- C:\Windows\System\GUwwPth.exe
  C:\Windows\System\GUwwPth.exe
  2⤵
  PID:5860
- C:\Windows\System\loSyljv.exe
  C:\Windows\System\loSyljv.exe
  2⤵
  PID:6056
- C:\Windows\System\KGxpGzG.exe
  C:\Windows\System\KGxpGzG.exe
  2⤵
  PID:6036
- C:\Windows\System\QOYEMgO.exe
  C:\Windows\System\QOYEMgO.exe
  2⤵
  PID:5676
- C:\Windows\System\efjeLXi.exe
  C:\Windows\System\efjeLXi.exe
  2⤵
  PID:4392
- C:\Windows\System\ciCmecC.exe
  C:\Windows\System\ciCmecC.exe
  2⤵
  PID:5884
- C:\Windows\System\EZbrtEm.exe
  C:\Windows\System\EZbrtEm.exe
  2⤵
  PID:5864
- C:\Windows\System\WxnbHNG.exe
  C:\Windows\System\WxnbHNG.exe
  2⤵
  PID:5732
- C:\Windows\System\GkkhLKm.exe
  C:\Windows\System\GkkhLKm.exe
  2⤵
  PID:5320
- C:\Windows\System\JEviplA.exe
  C:\Windows\System\JEviplA.exe
  2⤵
  PID:5272
- C:\Windows\System\hmdDppX.exe
  C:\Windows\System\hmdDppX.exe
  2⤵
  PID:5660
- C:\Windows\System\JhrnlNa.exe
  C:\Windows\System\JhrnlNa.exe
  2⤵
  PID:5212
- C:\Windows\System\iOftgQx.exe
  C:\Windows\System\iOftgQx.exe
  2⤵
  PID:5336
- C:\Windows\System\EuvjqCk.exe
  C:\Windows\System\EuvjqCk.exe
  2⤵
  PID:5604
- C:\Windows\System\RjgkTNw.exe
  C:\Windows\System\RjgkTNw.exe
  2⤵
  PID:5820
- C:\Windows\System\QdgyOHE.exe
  C:\Windows\System\QdgyOHE.exe
  2⤵
  PID:5956
- C:\Windows\System\rvylbWy.exe
  C:\Windows\System\rvylbWy.exe
  2⤵
  PID:5848
- C:\Windows\System\LWuoBAp.exe
  C:\Windows\System\LWuoBAp.exe
  2⤵
  PID:5576
- C:\Windows\System\qQYGiOo.exe
  C:\Windows\System\qQYGiOo.exe
  2⤵
  PID:4432
- C:\Windows\System\HdOitHx.exe
  C:\Windows\System\HdOitHx.exe
  2⤵
  PID:6028
- C:\Windows\System\cNWNcXg.exe
  C:\Windows\System\cNWNcXg.exe
  2⤵
  PID:6108
- C:\Windows\System\RobaiTV.exe
  C:\Windows\System\RobaiTV.exe
  2⤵
  PID:5808
- C:\Windows\System\eOkpege.exe
  C:\Windows\System\eOkpege.exe
  2⤵
  PID:6148
- C:\Windows\System\JBaPwTR.exe
  C:\Windows\System\JBaPwTR.exe
  2⤵
  PID:6164
- C:\Windows\System\dpoPhRj.exe
  C:\Windows\System\dpoPhRj.exe
  2⤵
  PID:6180
- C:\Windows\System\yQcdQmt.exe
  C:\Windows\System\yQcdQmt.exe
  2⤵
  PID:6200
- C:\Windows\System\fSGrGmd.exe
  C:\Windows\System\fSGrGmd.exe
  2⤵
  PID:6224
- C:\Windows\System\RnZQmcU.exe
  C:\Windows\System\RnZQmcU.exe
  2⤵
  PID:6244
- C:\Windows\System\dwYOFkt.exe
  C:\Windows\System\dwYOFkt.exe
  2⤵
  PID:6260
- C:\Windows\System\uVKQEwB.exe
  C:\Windows\System\uVKQEwB.exe
  2⤵
  PID:6312
- C:\Windows\System\uEuaBvg.exe
  C:\Windows\System\uEuaBvg.exe
  2⤵
  PID:6328
- C:\Windows\System\CKtivDG.exe
  C:\Windows\System\CKtivDG.exe
  2⤵
  PID:6344
- C:\Windows\System\rkHhIeY.exe
  C:\Windows\System\rkHhIeY.exe
  2⤵
  PID:6360
- C:\Windows\System\XreKIZF.exe
  C:\Windows\System\XreKIZF.exe
  2⤵
  PID:6376
- C:\Windows\System\aZlBGLG.exe
  C:\Windows\System\aZlBGLG.exe
  2⤵
  PID:6392
- C:\Windows\System\SjfyGDu.exe
  C:\Windows\System\SjfyGDu.exe
  2⤵
  PID:6408
- C:\Windows\System\zUCpEPx.exe
  C:\Windows\System\zUCpEPx.exe
  2⤵
  PID:6424
- C:\Windows\System\wHBpUCp.exe
  C:\Windows\System\wHBpUCp.exe
  2⤵
  PID:6440
- C:\Windows\System\bnnljTV.exe
  C:\Windows\System\bnnljTV.exe
  2⤵
  PID:6456
- C:\Windows\System\uSuFJmJ.exe
  C:\Windows\System\uSuFJmJ.exe
  2⤵
  PID:6472
- C:\Windows\System\PBcMcKs.exe
  C:\Windows\System\PBcMcKs.exe
  2⤵
  PID:6488
- C:\Windows\System\dEbQxVt.exe
  C:\Windows\System\dEbQxVt.exe
  2⤵
  PID:6504
- C:\Windows\System\zZGjrbm.exe
  C:\Windows\System\zZGjrbm.exe
  2⤵
  PID:6560
- C:\Windows\System\YgtrYhu.exe
  C:\Windows\System\YgtrYhu.exe
  2⤵
  PID:6580
- C:\Windows\System\qMpHosf.exe
  C:\Windows\System\qMpHosf.exe
  2⤵
  PID:6600
- C:\Windows\System\nCSNgcq.exe
  C:\Windows\System\nCSNgcq.exe
  2⤵
  PID:6620
- C:\Windows\System\lctKCAL.exe
  C:\Windows\System\lctKCAL.exe
  2⤵
  PID:6636
- C:\Windows\System\zdWvzpF.exe
  C:\Windows\System\zdWvzpF.exe
  2⤵
  PID:6656
- C:\Windows\System\xerzlDm.exe
  C:\Windows\System\xerzlDm.exe
  2⤵
  PID:6688
- C:\Windows\System\GlsoqPU.exe
  C:\Windows\System\GlsoqPU.exe
  2⤵
  PID:6704
- C:\Windows\System\UrSdBav.exe
  C:\Windows\System\UrSdBav.exe
  2⤵
  PID:6720
- C:\Windows\System\LWUEDms.exe
  C:\Windows\System\LWUEDms.exe
  2⤵
  PID:6736
- C:\Windows\System\TifjsPY.exe
  C:\Windows\System\TifjsPY.exe
  2⤵
  PID:6752
- C:\Windows\System\ZJLNmkl.exe
  C:\Windows\System\ZJLNmkl.exe
  2⤵
  PID:6772
- C:\Windows\System\WpCdzBO.exe
  C:\Windows\System\WpCdzBO.exe
  2⤵
  PID:6788
- C:\Windows\System\LaIPExg.exe
  C:\Windows\System\LaIPExg.exe
  2⤵
  PID:6808
- C:\Windows\System\SqKFbei.exe
  C:\Windows\System\SqKFbei.exe
  2⤵
  PID:6824
- C:\Windows\System\WmdppAC.exe
  C:\Windows\System\WmdppAC.exe
  2⤵
  PID:6860
- C:\Windows\System\lRRNBNp.exe
  C:\Windows\System\lRRNBNp.exe
  2⤵
  PID:6884
- C:\Windows\System\dCopXys.exe
  C:\Windows\System\dCopXys.exe
  2⤵
  PID:6904
- C:\Windows\System\FoGeZzB.exe
  C:\Windows\System\FoGeZzB.exe
  2⤵
  PID:6924
- C:\Windows\System\XnKzBNe.exe
  C:\Windows\System\XnKzBNe.exe
  2⤵
  PID:6940
- C:\Windows\System\UmpjPfh.exe
  C:\Windows\System\UmpjPfh.exe
  2⤵
  PID:6956
- C:\Windows\System\bxTrfwW.exe
  C:\Windows\System\bxTrfwW.exe
  2⤵
  PID:6976
- C:\Windows\System\QJNnLdl.exe
  C:\Windows\System\QJNnLdl.exe
  2⤵
  PID:7000
- C:\Windows\System\pmkZGYY.exe
  C:\Windows\System\pmkZGYY.exe
  2⤵
  PID:7016
- C:\Windows\System\zpYzIdE.exe
  C:\Windows\System\zpYzIdE.exe
  2⤵
  PID:7032
- C:\Windows\System\NqoVkkD.exe
  C:\Windows\System\NqoVkkD.exe
  2⤵
  PID:7048
- C:\Windows\System\mTwcJBV.exe
  C:\Windows\System\mTwcJBV.exe
  2⤵
  PID:7064
- C:\Windows\System\srCIsuy.exe
  C:\Windows\System\srCIsuy.exe
  2⤵
  PID:7116
- C:\Windows\System\GZBsVnE.exe
  C:\Windows\System\GZBsVnE.exe
  2⤵
  PID:7136
- C:\Windows\System\qMlQskT.exe
  C:\Windows\System\qMlQskT.exe
  2⤵
  PID:7152
- C:\Windows\System\GqrEuvT.exe
  C:\Windows\System\GqrEuvT.exe
  2⤵
  PID:5216
- C:\Windows\System\wkLpblJ.exe
  C:\Windows\System\wkLpblJ.exe
  2⤵
  PID:6104
- C:\Windows\System\SiwAZbQ.exe
  C:\Windows\System\SiwAZbQ.exe
  2⤵
  PID:6208
- C:\Windows\System\zdOOESX.exe
  C:\Windows\System\zdOOESX.exe
  2⤵
  PID:5696
- C:\Windows\System\QWpQLmE.exe
  C:\Windows\System\QWpQLmE.exe
  2⤵
  PID:4320
- C:\Windows\System\pKwsKbA.exe
  C:\Windows\System\pKwsKbA.exe
  2⤵
  PID:6092
- C:\Windows\System\nnwoYKb.exe
  C:\Windows\System\nnwoYKb.exe
  2⤵
  PID:5196
- C:\Windows\System\zTVqnhp.exe
  C:\Windows\System\zTVqnhp.exe
  2⤵
  PID:5800
- C:\Windows\System\oMmDrnn.exe
  C:\Windows\System\oMmDrnn.exe
  2⤵
  PID:6272
- C:\Windows\System\ncBmZVt.exe
  C:\Windows\System\ncBmZVt.exe
  2⤵
  PID:6292
- C:\Windows\System\vSPCory.exe
  C:\Windows\System\vSPCory.exe
  2⤵
  PID:6308
- C:\Windows\System\nEZVDHp.exe
  C:\Windows\System\nEZVDHp.exe
  2⤵
  PID:6372
- C:\Windows\System\BepnDPP.exe
  C:\Windows\System\BepnDPP.exe
  2⤵
  PID:6404
- C:\Windows\System\UKZgxde.exe
  C:\Windows\System\UKZgxde.exe
  2⤵
  PID:6464
- C:\Windows\System\KDcAOGM.exe
  C:\Windows\System\KDcAOGM.exe
  2⤵
  PID:6352
- C:\Windows\System\pHZhEuH.exe
  C:\Windows\System\pHZhEuH.exe
  2⤵
  PID:6448
- C:\Windows\System\vaRtUKV.exe
  C:\Windows\System\vaRtUKV.exe
  2⤵
  PID:6588
- C:\Windows\System\IvbbPNI.exe
  C:\Windows\System\IvbbPNI.exe
  2⤵
  PID:6520
- C:\Windows\System\KdLPqof.exe
  C:\Windows\System\KdLPqof.exe
  2⤵
  PID:6536
- C:\Windows\System\KfhSPyz.exe
  C:\Windows\System\KfhSPyz.exe
  2⤵
  PID:6556
- C:\Windows\System\zbnoiCv.exe
  C:\Windows\System\zbnoiCv.exe
  2⤵
  PID:6572
- C:\Windows\System\RtiAUBa.exe
  C:\Windows\System\RtiAUBa.exe
  2⤵
  PID:6616
- C:\Windows\System\nUMUzHE.exe
  C:\Windows\System\nUMUzHE.exe
  2⤵
  PID:6680
- C:\Windows\System\KUjIEuH.exe
  C:\Windows\System\KUjIEuH.exe
  2⤵
  PID:6780
- C:\Windows\System\swYWYWg.exe
  C:\Windows\System\swYWYWg.exe
  2⤵
  PID:6732
- C:\Windows\System\JyXNxRu.exe
  C:\Windows\System\JyXNxRu.exe
  2⤵
  PID:6652
- C:\Windows\System\OvfhZJg.exe
  C:\Windows\System\OvfhZJg.exe
  2⤵
  PID:6844
- C:\Windows\System\eXwyHsZ.exe
  C:\Windows\System\eXwyHsZ.exe
  2⤵
  PID:6952
- C:\Windows\System\foAJotZ.exe
  C:\Windows\System\foAJotZ.exe
  2⤵
  PID:6984
- C:\Windows\System\TnQtNjh.exe
  C:\Windows\System\TnQtNjh.exe
  2⤵
  PID:6804
- C:\Windows\System\fEHTSRG.exe
  C:\Windows\System\fEHTSRG.exe
  2⤵
  PID:6852
- C:\Windows\System\FkbDONQ.exe
  C:\Windows\System\FkbDONQ.exe
  2⤵
  PID:6988
- C:\Windows\System\YXJrZFQ.exe
  C:\Windows\System\YXJrZFQ.exe
  2⤵
  PID:6964
- C:\Windows\System\cEnNQho.exe
  C:\Windows\System\cEnNQho.exe
  2⤵
  PID:7028
- C:\Windows\System\VtbMNzC.exe
  C:\Windows\System\VtbMNzC.exe
  2⤵
  PID:7084
- C:\Windows\System\UOfuuda.exe
  C:\Windows\System\UOfuuda.exe
  2⤵
  PID:7080
- C:\Windows\System\HVOiGtl.exe
  C:\Windows\System\HVOiGtl.exe
  2⤵
  PID:7040
- C:\Windows\System\yvhOaHB.exe
  C:\Windows\System\yvhOaHB.exe
  2⤵
  PID:5620
- C:\Windows\System\XglIXqw.exe
  C:\Windows\System\XglIXqw.exe
  2⤵
  PID:6160
- C:\Windows\System\rUVGWNg.exe
  C:\Windows\System\rUVGWNg.exe
  2⤵
  PID:6232
- C:\Windows\System\cOnjlIE.exe
  C:\Windows\System\cOnjlIE.exe
  2⤵
  PID:6268
- C:\Windows\System\slFHKTQ.exe
  C:\Windows\System\slFHKTQ.exe
  2⤵
  PID:6220
- C:\Windows\System\sUOWLfl.exe
  C:\Windows\System\sUOWLfl.exe
  2⤵
  PID:6400
- C:\Windows\System\bZMOKDp.exe
  C:\Windows\System\bZMOKDp.exe
  2⤵
  PID:6304
- C:\Windows\System\LSizMHQ.exe
  C:\Windows\System\LSizMHQ.exe
  2⤵
  PID:6436
- C:\Windows\System\LiVEUGL.exe
  C:\Windows\System\LiVEUGL.exe
  2⤵
  PID:6568
- C:\Windows\System\lgZIfac.exe
  C:\Windows\System\lgZIfac.exe
  2⤵
  PID:6384
- C:\Windows\System\yHSmYPu.exe
  C:\Windows\System\yHSmYPu.exe
  2⤵
  PID:6340
- C:\Windows\System\hQxSYhP.exe
  C:\Windows\System\hQxSYhP.exe
  2⤵
  PID:6544
- C:\Windows\System\EZsFucP.exe
  C:\Windows\System\EZsFucP.exe
  2⤵
  PID:6820
- C:\Windows\System\BpkFkxi.exe
  C:\Windows\System\BpkFkxi.exe
  2⤵
  PID:6748
- C:\Windows\System\BQeQPna.exe
  C:\Windows\System\BQeQPna.exe
  2⤵
  PID:6760
- C:\Windows\System\ZRnAlsv.exe
  C:\Windows\System\ZRnAlsv.exe
  2⤵
  PID:6900
- C:\Windows\System\vwWWzEF.exe
  C:\Windows\System\vwWWzEF.exe
  2⤵
  PID:6728
- C:\Windows\System\thoAmjH.exe
  C:\Windows\System\thoAmjH.exe
  2⤵
  PID:6892
- C:\Windows\System\QfTdaMx.exe
  C:\Windows\System\QfTdaMx.exe
  2⤵
  PID:6936
- C:\Windows\System\gcqlmla.exe
  C:\Windows\System\gcqlmla.exe
  2⤵
  PID:7108
- C:\Windows\System\tnPFubs.exe
  C:\Windows\System\tnPFubs.exe
  2⤵
  PID:7128
- C:\Windows\System\KeeHHnT.exe
  C:\Windows\System\KeeHHnT.exe
  2⤵
  PID:6172
- C:\Windows\System\KZGrLqE.exe
  C:\Windows\System\KZGrLqE.exe
  2⤵
  PID:5176
- C:\Windows\System\imTrKoj.exe
  C:\Windows\System\imTrKoj.exe
  2⤵
  PID:7148
- C:\Windows\System\aOhRFfv.exe
  C:\Windows\System\aOhRFfv.exe
  2⤵
  PID:6188
- C:\Windows\System\hETXbph.exe
  C:\Windows\System\hETXbph.exe
  2⤵
  PID:5988
- C:\Windows\System\bptrVTi.exe
  C:\Windows\System\bptrVTi.exe
  2⤵
  PID:6300
- C:\Windows\System\dpOKCkO.exe
  C:\Windows\System\dpOKCkO.exe
  2⤵
  PID:6512
- C:\Windows\System\QDzlHWC.exe
  C:\Windows\System\QDzlHWC.exe
  2⤵
  PID:1548
- C:\Windows\System\lKSMhFD.exe
  C:\Windows\System\lKSMhFD.exe
  2⤵
  PID:6872
- C:\Windows\System\xlHBxwu.exe
  C:\Windows\System\xlHBxwu.exe
  2⤵
  PID:6612
- C:\Windows\System\mttcEha.exe
  C:\Windows\System\mttcEha.exe
  2⤵
  PID:6932
- C:\Windows\System\BZxvDUi.exe
  C:\Windows\System\BZxvDUi.exe
  2⤵
  PID:7160
- C:\Windows\System\JnkRrIF.exe
  C:\Windows\System\JnkRrIF.exe
  2⤵
  PID:5592
- C:\Windows\System\nXVwowe.exe
  C:\Windows\System\nXVwowe.exe
  2⤵
  PID:7096
- C:\Windows\System\SfZFIwp.exe
  C:\Windows\System\SfZFIwp.exe
  2⤵
  PID:6368
- C:\Windows\System\vRQJgAs.exe
  C:\Windows\System\vRQJgAs.exe
  2⤵
  PID:6632
- C:\Windows\System\bRCMWzM.exe
  C:\Windows\System\bRCMWzM.exe
  2⤵
  PID:6192
- C:\Windows\System\PeedTgc.exe
  C:\Windows\System\PeedTgc.exe
  2⤵
  PID:6500
- C:\Windows\System\eSxKbUM.exe
  C:\Windows\System\eSxKbUM.exe
  2⤵
  PID:6644
- C:\Windows\System\ARTYTrc.exe
  C:\Windows\System\ARTYTrc.exe
  2⤵
  PID:6256
- C:\Windows\System\agZTAGC.exe
  C:\Windows\System\agZTAGC.exe
  2⤵
  PID:6196
- C:\Windows\System\DSKywnZ.exe
  C:\Windows\System\DSKywnZ.exe
  2⤵
  PID:7104
- C:\Windows\System\DdeRbCU.exe
  C:\Windows\System\DdeRbCU.exe
  2⤵
  PID:6768
- C:\Windows\System\fJzEhNP.exe
  C:\Windows\System\fJzEhNP.exe
  2⤵
  PID:6628
- C:\Windows\System\XNTmuOC.exe
  C:\Windows\System\XNTmuOC.exe
  2⤵
  PID:7008
- C:\Windows\System\AKuNTld.exe
  C:\Windows\System\AKuNTld.exe
  2⤵
  PID:7100
- C:\Windows\System\eiLPqOk.exe
  C:\Windows\System\eiLPqOk.exe
  2⤵
  PID:6832
- C:\Windows\System\WqYCtuf.exe
  C:\Windows\System\WqYCtuf.exe
  2⤵
  PID:7092
- C:\Windows\System\Yfwrkks.exe
  C:\Windows\System\Yfwrkks.exe
  2⤵
  PID:7164
- C:\Windows\System\gvZJJUN.exe
  C:\Windows\System\gvZJJUN.exe
  2⤵
  PID:6016
- C:\Windows\System\DBstbWO.exe
  C:\Windows\System\DBstbWO.exe
  2⤵
  PID:7184
- C:\Windows\System\PpZGTyC.exe
  C:\Windows\System\PpZGTyC.exe
  2⤵
  PID:7200
- C:\Windows\System\xHViQvY.exe
  C:\Windows\System\xHViQvY.exe
  2⤵
  PID:7232
- C:\Windows\System\HauyvjU.exe
  C:\Windows\System\HauyvjU.exe
  2⤵
  PID:7248
- C:\Windows\System\TrcSOid.exe
  C:\Windows\System\TrcSOid.exe
  2⤵
  PID:7264
- C:\Windows\System\tJqerMC.exe
  C:\Windows\System\tJqerMC.exe
  2⤵
  PID:7280
- C:\Windows\System\UxtKzNT.exe
  C:\Windows\System\UxtKzNT.exe
  2⤵
  PID:7300
- C:\Windows\System\hwDYLjP.exe
  C:\Windows\System\hwDYLjP.exe
  2⤵
  PID:7320
- C:\Windows\System\QzisjHO.exe
  C:\Windows\System\QzisjHO.exe
  2⤵
  PID:7340
- C:\Windows\System\zTMzpHP.exe
  C:\Windows\System\zTMzpHP.exe
  2⤵
  PID:7360
- C:\Windows\System\eeavkfT.exe
  C:\Windows\System\eeavkfT.exe
  2⤵
  PID:7388
- C:\Windows\System\UPiCKTB.exe
  C:\Windows\System\UPiCKTB.exe
  2⤵
  PID:7404
- C:\Windows\System\fioWWnD.exe
  C:\Windows\System\fioWWnD.exe
  2⤵
  PID:7424
- C:\Windows\System\jKjhEKd.exe
  C:\Windows\System\jKjhEKd.exe
  2⤵
  PID:7444
- C:\Windows\System\JMmTntr.exe
  C:\Windows\System\JMmTntr.exe
  2⤵
  PID:7460
- C:\Windows\System\AkSPJdv.exe
  C:\Windows\System\AkSPJdv.exe
  2⤵
  PID:7476
- C:\Windows\System\pwOJygu.exe
  C:\Windows\System\pwOJygu.exe
  2⤵
  PID:7492
- C:\Windows\System\GMHazsy.exe
  C:\Windows\System\GMHazsy.exe
  2⤵
  PID:7516
- C:\Windows\System\veodBYw.exe
  C:\Windows\System\veodBYw.exe
  2⤵
  PID:7552
- C:\Windows\System\PfFgDeZ.exe
  C:\Windows\System\PfFgDeZ.exe
  2⤵
  PID:7568
- C:\Windows\System\sCroxpT.exe
  C:\Windows\System\sCroxpT.exe
  2⤵
  PID:7584
- C:\Windows\System\Xsruvox.exe
  C:\Windows\System\Xsruvox.exe
  2⤵
  PID:7600
- C:\Windows\System\zLEgQIN.exe
  C:\Windows\System\zLEgQIN.exe
  2⤵
  PID:7624
- C:\Windows\System\LdvpgMQ.exe
  C:\Windows\System\LdvpgMQ.exe
  2⤵
  PID:7640
- C:\Windows\System\iksWxrh.exe
  C:\Windows\System\iksWxrh.exe
  2⤵
  PID:7660
- C:\Windows\System\XsYJNhc.exe
  C:\Windows\System\XsYJNhc.exe
  2⤵
  PID:7680
- C:\Windows\System\XWFHexz.exe
  C:\Windows\System\XWFHexz.exe
  2⤵
  PID:7696
- C:\Windows\System\ZNKTuEc.exe
  C:\Windows\System\ZNKTuEc.exe
  2⤵
  PID:7716
- C:\Windows\System\aaVsQnb.exe
  C:\Windows\System\aaVsQnb.exe
  2⤵
  PID:7732
- C:\Windows\System\iHCkdSV.exe
  C:\Windows\System\iHCkdSV.exe
  2⤵
  PID:7748
- C:\Windows\System\vAttkqY.exe
  C:\Windows\System\vAttkqY.exe
  2⤵
  PID:7764
- C:\Windows\System\jvOBegV.exe
  C:\Windows\System\jvOBegV.exe
  2⤵
  PID:7784
- C:\Windows\System\eslRuAA.exe
  C:\Windows\System\eslRuAA.exe
  2⤵
  PID:7804
- C:\Windows\System\NwkSkPM.exe
  C:\Windows\System\NwkSkPM.exe
  2⤵
  PID:7852
- C:\Windows\System\LkDyecI.exe
  C:\Windows\System\LkDyecI.exe
  2⤵
  PID:7868
- C:\Windows\System\KoMZXaw.exe
  C:\Windows\System\KoMZXaw.exe
  2⤵
  PID:7888
- C:\Windows\System\WBziyuk.exe
  C:\Windows\System\WBziyuk.exe
  2⤵
  PID:7916
- C:\Windows\System\bKbAnPw.exe
  C:\Windows\System\bKbAnPw.exe
  2⤵
  PID:7932
- C:\Windows\System\vrXNunU.exe
  C:\Windows\System\vrXNunU.exe
  2⤵
  PID:7948
- C:\Windows\System\nsdpmia.exe
  C:\Windows\System\nsdpmia.exe
  2⤵
  PID:7968
- C:\Windows\System\NOMCxkW.exe
  C:\Windows\System\NOMCxkW.exe
  2⤵
  PID:7992
- C:\Windows\System\rHxBZQy.exe
  C:\Windows\System\rHxBZQy.exe
  2⤵
  PID:8008
- C:\Windows\System\LJDfRnb.exe
  C:\Windows\System\LJDfRnb.exe
  2⤵
  PID:8036
- C:\Windows\System\HsFJUFl.exe
  C:\Windows\System\HsFJUFl.exe
  2⤵
  PID:8052
- C:\Windows\System\tHRtXmD.exe
  C:\Windows\System\tHRtXmD.exe
  2⤵
  PID:8068
- C:\Windows\System\HNVCvgV.exe
  C:\Windows\System\HNVCvgV.exe
  2⤵
  PID:8084
- C:\Windows\System\zrqmAEW.exe
  C:\Windows\System\zrqmAEW.exe
  2⤵
  PID:8104
- C:\Windows\System\WYcxdVg.exe
  C:\Windows\System\WYcxdVg.exe
  2⤵
  PID:8120
- C:\Windows\System\DUsAchY.exe
  C:\Windows\System\DUsAchY.exe
  2⤵
  PID:8136
- C:\Windows\System\zmJVgEG.exe
  C:\Windows\System\zmJVgEG.exe
  2⤵
  PID:8152
- C:\Windows\System\hegVsEA.exe
  C:\Windows\System\hegVsEA.exe
  2⤵
  PID:8168
- C:\Windows\System\TQIepnu.exe
  C:\Windows\System\TQIepnu.exe
  2⤵
  PID:8184
- C:\Windows\System\Huytaet.exe
  C:\Windows\System\Huytaet.exe
  2⤵
  PID:6744
- C:\Windows\System\DGgDOwP.exe
  C:\Windows\System\DGgDOwP.exe
  2⤵
  PID:7172
- C:\Windows\System\XdjrxzG.exe
  C:\Windows\System\XdjrxzG.exe
  2⤵
  PID:7224
- C:\Windows\System\gPmmEdM.exe
  C:\Windows\System\gPmmEdM.exe
  2⤵
  PID:7260
- C:\Windows\System\pFqILqA.exe
  C:\Windows\System\pFqILqA.exe
  2⤵
  PID:7312
- C:\Windows\System\NUEXJbt.exe
  C:\Windows\System\NUEXJbt.exe
  2⤵
  PID:7368
- C:\Windows\System\RzaLjwa.exe
  C:\Windows\System\RzaLjwa.exe
  2⤵
  PID:7412
- C:\Windows\System\LFcwERb.exe
  C:\Windows\System\LFcwERb.exe
  2⤵
  PID:7352
- C:\Windows\System\ZMkTHro.exe
  C:\Windows\System\ZMkTHro.exe
  2⤵
  PID:7348
- C:\Windows\System\WCqzNqK.exe
  C:\Windows\System\WCqzNqK.exe
  2⤵
  PID:7488
- C:\Windows\System\dZZOasL.exe
  C:\Windows\System\dZZOasL.exe
  2⤵
  PID:7468
- C:\Windows\System\AkesvNz.exe
  C:\Windows\System\AkesvNz.exe
  2⤵
  PID:7544
- C:\Windows\System\UYiqHtt.exe
  C:\Windows\System\UYiqHtt.exe
  2⤵
  PID:7608
- C:\Windows\System\RgAmIJd.exe
  C:\Windows\System\RgAmIJd.exe
  2⤵
  PID:7620
- C:\Windows\System\NwavfYF.exe
  C:\Windows\System\NwavfYF.exe
  2⤵
  PID:7596
- C:\Windows\System\QhtWUge.exe
  C:\Windows\System\QhtWUge.exe
  2⤵
  PID:7636
- C:\Windows\System\PhcregT.exe
  C:\Windows\System\PhcregT.exe
  2⤵
  PID:7728
- C:\Windows\System\EIYHNUV.exe
  C:\Windows\System\EIYHNUV.exe
  2⤵
  PID:7800
- C:\Windows\System\MGfROTq.exe
  C:\Windows\System\MGfROTq.exe
  2⤵
  PID:7668
- C:\Windows\System\ctDYMWc.exe
  C:\Windows\System\ctDYMWc.exe
  2⤵
  PID:7740
- C:\Windows\System\VxCwolM.exe
  C:\Windows\System\VxCwolM.exe
  2⤵
  PID:7828
- C:\Windows\System\XmaiION.exe
  C:\Windows\System\XmaiION.exe
  2⤵
  PID:7836
- C:\Windows\System\UKhlmWR.exe
  C:\Windows\System\UKhlmWR.exe
  2⤵
  PID:7876
- C:\Windows\System\kknbkWf.exe
  C:\Windows\System\kknbkWf.exe
  2⤵
  PID:7944
- C:\Windows\System\gKUbYbM.exe
  C:\Windows\System\gKUbYbM.exe
  2⤵
  PID:8004
- C:\Windows\System\ubFyXwW.exe
  C:\Windows\System\ubFyXwW.exe
  2⤵
  PID:8016
- C:\Windows\System\PjtudSJ.exe
  C:\Windows\System\PjtudSJ.exe
  2⤵
  PID:8092
- C:\Windows\System\ETiMAMd.exe
  C:\Windows\System\ETiMAMd.exe
  2⤵
  PID:8132
- C:\Windows\System\BsfmHdu.exe
  C:\Windows\System\BsfmHdu.exe
  2⤵
  PID:6176
- C:\Windows\System\YvaiWwI.exe
  C:\Windows\System\YvaiWwI.exe
  2⤵
  PID:7220
- C:\Windows\System\odlvrIE.exe
  C:\Windows\System\odlvrIE.exe
  2⤵
  PID:8144
- C:\Windows\System\vRDeiiZ.exe
  C:\Windows\System\vRDeiiZ.exe
  2⤵
  PID:7288
- C:\Windows\System\lSxxVIe.exe
  C:\Windows\System\lSxxVIe.exe
  2⤵
  PID:7380
- C:\Windows\System\djPemJh.exe
  C:\Windows\System\djPemJh.exe
  2⤵
  PID:7524
- C:\Windows\System\OWZEPNx.exe
  C:\Windows\System\OWZEPNx.exe
  2⤵
  PID:7440
- C:\Windows\System\WlfSEpo.exe
  C:\Windows\System\WlfSEpo.exe
  2⤵
  PID:6324
- C:\Windows\System\FppIzJP.exe
  C:\Windows\System\FppIzJP.exe
  2⤵
  PID:7712
- C:\Windows\System\hiiuSsP.exe
  C:\Windows\System\hiiuSsP.exe
  2⤵
  PID:7704
- C:\Windows\System\XUKfMoa.exe
  C:\Windows\System\XUKfMoa.exe
  2⤵
  PID:7864
- C:\Windows\System\BOPWfAV.exe
  C:\Windows\System\BOPWfAV.exe
  2⤵
  PID:7196
- C:\Windows\System\nehcFfj.exe
  C:\Windows\System\nehcFfj.exe
  2⤵
  PID:7612
- C:\Windows\System\KnJEwwX.exe
  C:\Windows\System\KnJEwwX.exe
  2⤵
  PID:7212
- C:\Windows\System\YWOfDeU.exe
  C:\Windows\System\YWOfDeU.exe
  2⤵
  PID:7816
- C:\Windows\System\gFInRTX.exe
  C:\Windows\System\gFInRTX.exe
  2⤵
  PID:7896
- C:\Windows\System\GKgYmfT.exe
  C:\Windows\System\GKgYmfT.exe
  2⤵
  PID:7336
- C:\Windows\System\OJRrMca.exe
  C:\Windows\System\OJRrMca.exe
  2⤵
  PID:7900
- C:\Windows\System\jZcIiZl.exe
  C:\Windows\System\jZcIiZl.exe
  2⤵
  PID:7924
- C:\Windows\System\zvHUOcg.exe
  C:\Windows\System\zvHUOcg.exe
  2⤵
  PID:7276
- C:\Windows\System\ewfOncE.exe
  C:\Windows\System\ewfOncE.exe
  2⤵
  PID:8048
- C:\Windows\System\dQdOkPX.exe
  C:\Windows\System\dQdOkPX.exe
  2⤵
  PID:7328
- C:\Windows\System\qWUFMwr.exe
  C:\Windows\System\qWUFMwr.exe
  2⤵
  PID:7724
- C:\Windows\System\tgEqrEY.exe
  C:\Windows\System\tgEqrEY.exe
  2⤵
  PID:7456
- C:\Windows\System\YMhxtYn.exe
  C:\Windows\System\YMhxtYn.exe
  2⤵
  PID:7208
- C:\Windows\System\TpkuGAq.exe
  C:\Windows\System\TpkuGAq.exe
  2⤵
  PID:7840
- C:\Windows\System\CBgNGcv.exe
  C:\Windows\System\CBgNGcv.exe
  2⤵
  PID:7796
- C:\Windows\System\xbkCFSr.exe
  C:\Windows\System\xbkCFSr.exe
  2⤵
  PID:7908
- C:\Windows\System\EmbOAxg.exe
  C:\Windows\System\EmbOAxg.exe
  2⤵
  PID:7760
- C:\Windows\System\PmDzEAA.exe
  C:\Windows\System\PmDzEAA.exe
  2⤵
  PID:7824
- C:\Windows\System\yedojiu.exe
  C:\Windows\System\yedojiu.exe
  2⤵
  PID:7940
- C:\Windows\System\PsCknuU.exe
  C:\Windows\System\PsCknuU.exe
  2⤵
  PID:8164
- C:\Windows\System\hjFrJxx.exe
  C:\Windows\System\hjFrJxx.exe
  2⤵
  PID:7272
- C:\Windows\System\YzexuGI.exe
  C:\Windows\System\YzexuGI.exe
  2⤵
  PID:7296
- C:\Windows\System\lwZcCUN.exe
  C:\Windows\System\lwZcCUN.exe
  2⤵
  PID:8076
- C:\Windows\System\PWuDxQD.exe
  C:\Windows\System\PWuDxQD.exe
  2⤵
  PID:7708
- C:\Windows\System\kNItjuN.exe
  C:\Windows\System\kNItjuN.exe
  2⤵
  PID:7776
- C:\Windows\System\kIAcBBD.exe
  C:\Windows\System\kIAcBBD.exe
  2⤵
  PID:8100
- C:\Windows\System\MhSYLGm.exe
  C:\Windows\System\MhSYLGm.exe
  2⤵
  PID:8180
- C:\Windows\System\eyqJket.exe
  C:\Windows\System\eyqJket.exe
  2⤵
  PID:7484
- C:\Windows\System\xbpuGOy.exe
  C:\Windows\System\xbpuGOy.exe
  2⤵
  PID:7884
- C:\Windows\System\IRmqnbu.exe
  C:\Windows\System\IRmqnbu.exe
  2⤵
  PID:7860
- C:\Windows\System\yGEnDxX.exe
  C:\Windows\System\yGEnDxX.exe
  2⤵
  PID:7988
- C:\Windows\System\JUrwEQo.exe
  C:\Windows\System\JUrwEQo.exe
  2⤵
  PID:7964
- C:\Windows\System\XqGnHWb.exe
  C:\Windows\System\XqGnHWb.exe
  2⤵
  PID:7792
- C:\Windows\System\PLaHGBH.exe
  C:\Windows\System\PLaHGBH.exe
  2⤵
  PID:8060
- C:\Windows\System\DHcSHNV.exe
  C:\Windows\System\DHcSHNV.exe
  2⤵
  PID:8208
- C:\Windows\System\WjKyAKn.exe
  C:\Windows\System\WjKyAKn.exe
  2⤵
  PID:8224
- C:\Windows\System\gNhvPQc.exe
  C:\Windows\System\gNhvPQc.exe
  2⤵
  PID:8240
- C:\Windows\System\LfoUHRf.exe
  C:\Windows\System\LfoUHRf.exe
  2⤵
  PID:8256
- C:\Windows\System\UXlWydT.exe
  C:\Windows\System\UXlWydT.exe
  2⤵
  PID:8280
- C:\Windows\System\ljhMIym.exe
  C:\Windows\System\ljhMIym.exe
  2⤵
  PID:8300
- C:\Windows\System\XwJdQDN.exe
  C:\Windows\System\XwJdQDN.exe
  2⤵
  PID:8316
- C:\Windows\System\yNViOEY.exe
  C:\Windows\System\yNViOEY.exe
  2⤵
  PID:8352
- C:\Windows\System\xaPZveY.exe
  C:\Windows\System\xaPZveY.exe
  2⤵
  PID:8368
- C:\Windows\System\JABGNAK.exe
  C:\Windows\System\JABGNAK.exe
  2⤵
  PID:8404
- C:\Windows\System\hokmCHE.exe
  C:\Windows\System\hokmCHE.exe
  2⤵
  PID:8420
- C:\Windows\System\WVWNCDx.exe
  C:\Windows\System\WVWNCDx.exe
  2⤵
  PID:8436
- C:\Windows\System\VnHqRxV.exe
  C:\Windows\System\VnHqRxV.exe
  2⤵
  PID:8452
- C:\Windows\System\JdocsmE.exe
  C:\Windows\System\JdocsmE.exe
  2⤵
  PID:8468
- C:\Windows\System\FucAAtU.exe
  C:\Windows\System\FucAAtU.exe
  2⤵
  PID:8484
- C:\Windows\System\LeRvOWI.exe
  C:\Windows\System\LeRvOWI.exe
  2⤵
  PID:8504
- C:\Windows\System\ueoKJIr.exe
  C:\Windows\System\ueoKJIr.exe
  2⤵
  PID:8524
- C:\Windows\System\qnmyErv.exe
  C:\Windows\System\qnmyErv.exe
  2⤵
  PID:8540
- C:\Windows\System\TBwGQYE.exe
  C:\Windows\System\TBwGQYE.exe
  2⤵
  PID:8556
- C:\Windows\System\qtyDgYt.exe
  C:\Windows\System\qtyDgYt.exe
  2⤵
  PID:8580
- C:\Windows\System\vnakNnt.exe
  C:\Windows\System\vnakNnt.exe
  2⤵
  PID:8604
- C:\Windows\System\TGeqfvr.exe
  C:\Windows\System\TGeqfvr.exe
  2⤵
  PID:8628
- C:\Windows\System\eFDInxr.exe
  C:\Windows\System\eFDInxr.exe
  2⤵
  PID:8648
- C:\Windows\System\FBTlAyq.exe
  C:\Windows\System\FBTlAyq.exe
  2⤵
  PID:8684
- C:\Windows\System\cELxdmx.exe
  C:\Windows\System\cELxdmx.exe
  2⤵
  PID:8700
- C:\Windows\System\zyvyYqB.exe
  C:\Windows\System\zyvyYqB.exe
  2⤵
  PID:8716
- C:\Windows\System\mHVZxCv.exe
  C:\Windows\System\mHVZxCv.exe
  2⤵
  PID:8736
- C:\Windows\System\kXlHxIe.exe
  C:\Windows\System\kXlHxIe.exe
  2⤵
  PID:8768
- C:\Windows\System\NstTzbW.exe
  C:\Windows\System\NstTzbW.exe
  2⤵
  PID:8788
- C:\Windows\System\tbcSNFa.exe
  C:\Windows\System\tbcSNFa.exe
  2⤵
  PID:8804
- C:\Windows\System\HiKovlB.exe
  C:\Windows\System\HiKovlB.exe
  2⤵
  PID:8820
- C:\Windows\System\tlknzmp.exe
  C:\Windows\System\tlknzmp.exe
  2⤵
  PID:8836
- C:\Windows\System\qYJBtog.exe
  C:\Windows\System\qYJBtog.exe
  2⤵
  PID:8852
- C:\Windows\System\PFGNMqp.exe
  C:\Windows\System\PFGNMqp.exe
  2⤵
  PID:8868
- C:\Windows\System\liViSCM.exe
  C:\Windows\System\liViSCM.exe
  2⤵
  PID:8884
- C:\Windows\System\CJQtKAs.exe
  C:\Windows\System\CJQtKAs.exe
  2⤵
  PID:8900
- C:\Windows\System\wmfIVuE.exe
  C:\Windows\System\wmfIVuE.exe
  2⤵
  PID:8940
- C:\Windows\System\MREkbXS.exe
  C:\Windows\System\MREkbXS.exe
  2⤵
  PID:8956
- C:\Windows\System\GmCmShz.exe
  C:\Windows\System\GmCmShz.exe
  2⤵
  PID:8972
- C:\Windows\System\aYxjKXL.exe
  C:\Windows\System\aYxjKXL.exe
  2⤵
  PID:9000
- C:\Windows\System\RImpFap.exe
  C:\Windows\System\RImpFap.exe
  2⤵
  PID:9020
- C:\Windows\System\MKKOcty.exe
  C:\Windows\System\MKKOcty.exe
  2⤵
  PID:9048
- C:\Windows\System\xsSHkrS.exe
  C:\Windows\System\xsSHkrS.exe
  2⤵
  PID:9064
- C:\Windows\System\GoocAeY.exe
  C:\Windows\System\GoocAeY.exe
  2⤵
  PID:9092
- C:\Windows\System\UzDZmZq.exe
  C:\Windows\System\UzDZmZq.exe
  2⤵
  PID:9108
- C:\Windows\System\LRcfoKc.exe
  C:\Windows\System\LRcfoKc.exe
  2⤵
  PID:9128
- C:\Windows\System\nrmnExf.exe
  C:\Windows\System\nrmnExf.exe
  2⤵
  PID:9144
- C:\Windows\System\ldFagIF.exe
  C:\Windows\System\ldFagIF.exe
  2⤵
  PID:9160
- C:\Windows\System\YpJmwlx.exe
  C:\Windows\System\YpJmwlx.exe
  2⤵
  PID:9196
- C:\Windows\System\mEDGsbp.exe
  C:\Windows\System\mEDGsbp.exe
  2⤵
  PID:6112
- C:\Windows\System\SbhIWUS.exe
  C:\Windows\System\SbhIWUS.exe
  2⤵
  PID:8204
- C:\Windows\System\IfhmTKs.exe
  C:\Windows\System\IfhmTKs.exe
  2⤵
  PID:8268
- C:\Windows\System\fYVypXT.exe
  C:\Windows\System\fYVypXT.exe
  2⤵
  PID:7656
- C:\Windows\System\XbuQQHr.exe
  C:\Windows\System\XbuQQHr.exe
  2⤵
  PID:8220
- C:\Windows\System\xgbhacc.exe
  C:\Windows\System\xgbhacc.exe
  2⤵
  PID:8308
- C:\Windows\System\fIrlgal.exe
  C:\Windows\System\fIrlgal.exe
  2⤵
  PID:8296
- C:\Windows\System\oVTxsiV.exe
  C:\Windows\System\oVTxsiV.exe
  2⤵
  PID:8344
- C:\Windows\System\uSNWIKG.exe
  C:\Windows\System\uSNWIKG.exe
  2⤵
  PID:8384
- C:\Windows\System\LaviatU.exe
  C:\Windows\System\LaviatU.exe
  2⤵
  PID:8448
- C:\Windows\System\eDZOvYy.exe
  C:\Windows\System\eDZOvYy.exe
  2⤵
  PID:8476
- C:\Windows\System\CrJSoGR.exe
  C:\Windows\System\CrJSoGR.exe
  2⤵
  PID:8516
- C:\Windows\System\zfHBGsf.exe
  C:\Windows\System\zfHBGsf.exe
  2⤵
  PID:8536
- C:\Windows\System\uIxkJTd.exe
  C:\Windows\System\uIxkJTd.exe
  2⤵
  PID:8600
- C:\Windows\System\rBexmRo.exe
  C:\Windows\System\rBexmRo.exe
  2⤵
  PID:8640
- C:\Windows\System\AFnPhnd.exe
  C:\Windows\System\AFnPhnd.exe
  2⤵
  PID:8660
- C:\Windows\System\DvdrqPc.exe
  C:\Windows\System\DvdrqPc.exe
  2⤵
  PID:8692
- C:\Windows\System\lTuhTeF.exe
  C:\Windows\System\lTuhTeF.exe
  2⤵
  PID:8732
- C:\Windows\System\CZROcjc.exe
  C:\Windows\System\CZROcjc.exe
  2⤵
  PID:8752
- C:\Windows\System\EDgoxVO.exe
  C:\Windows\System\EDgoxVO.exe
  2⤵
  PID:8776
- C:\Windows\System\eNKJqaq.exe
  C:\Windows\System\eNKJqaq.exe
  2⤵
  PID:8844
- C:\Windows\System\neQoNke.exe
  C:\Windows\System\neQoNke.exe
  2⤵
  PID:8912
- C:\Windows\System\JkVEEoZ.exe
  C:\Windows\System\JkVEEoZ.exe
  2⤵
  PID:8920
- C:\Windows\System\eanFyve.exe
  C:\Windows\System\eanFyve.exe
  2⤵
  PID:8928
- C:\Windows\System\AJzOeZV.exe
  C:\Windows\System\AJzOeZV.exe
  2⤵
  PID:8968
- C:\Windows\System\bJqvoAx.exe
  C:\Windows\System\bJqvoAx.exe
  2⤵
  PID:8992
- C:\Windows\System\iTCdCZp.exe
  C:\Windows\System\iTCdCZp.exe
  2⤵
  PID:9016
- C:\Windows\System\TVwFfAt.exe
  C:\Windows\System\TVwFfAt.exe
  2⤵
  PID:9056
- C:\Windows\System\htDBmNV.exe
  C:\Windows\System\htDBmNV.exe
  2⤵
  PID:9084
- C:\Windows\System\CSqqPgv.exe
  C:\Windows\System\CSqqPgv.exe
  2⤵
  PID:9136
- C:\Windows\System\KudaQbg.exe
  C:\Windows\System\KudaQbg.exe
  2⤵
  PID:9156
- C:\Windows\System\tRNPvMU.exe
  C:\Windows\System\tRNPvMU.exe
  2⤵
  PID:9172
- C:\Windows\System\SElswWO.exe
  C:\Windows\System\SElswWO.exe
  2⤵
  PID:9208
- C:\Windows\System\LQUFRYu.exe
  C:\Windows\System\LQUFRYu.exe
  2⤵
  PID:8252
- C:\Windows\System\NLwMQfV.exe
  C:\Windows\System\NLwMQfV.exe
  2⤵
  PID:8332
- C:\Windows\System\xBqPcPs.exe
  C:\Windows\System\xBqPcPs.exe
  2⤵
  PID:8000
- C:\Windows\System\jTjezPl.exe
  C:\Windows\System\jTjezPl.exe
  2⤵
  PID:8348
- C:\Windows\System\jgrqXwA.exe
  C:\Windows\System\jgrqXwA.exe
  2⤵
  PID:8412
- C:\Windows\System\zkVHLWA.exe
  C:\Windows\System\zkVHLWA.exe
  2⤵
  PID:8432
- C:\Windows\System\jGmjNqn.exe
  C:\Windows\System\jGmjNqn.exe
  2⤵
  PID:8492
- C:\Windows\System\HNtcxrH.exe
  C:\Windows\System\HNtcxrH.exe
  2⤵
  PID:8616
- C:\Windows\System\dYdNmPI.exe
  C:\Windows\System\dYdNmPI.exe
  2⤵
  PID:8620
- C:\Windows\System\fsAeiuX.exe
  C:\Windows\System\fsAeiuX.exe
  2⤵
  PID:8676
- C:\Windows\System\ZmgtJJy.exe
  C:\Windows\System\ZmgtJJy.exe
  2⤵
  PID:8712
- C:\Windows\System\eDPHuMd.exe
  C:\Windows\System\eDPHuMd.exe
  2⤵
  PID:8876
- C:\Windows\System\EtvdMlz.exe
  C:\Windows\System\EtvdMlz.exe
  2⤵
  PID:8892
- C:\Windows\System\CsVhlTF.exe
  C:\Windows\System\CsVhlTF.exe
  2⤵
  PID:8828
- C:\Windows\System\fqRUkXm.exe
  C:\Windows\System\fqRUkXm.exe
  2⤵
  PID:8996
- C:\Windows\System\RaatAdV.exe
  C:\Windows\System\RaatAdV.exe
  2⤵
  PID:9032
- C:\Windows\System\BzaWeQh.exe
  C:\Windows\System\BzaWeQh.exe
  2⤵
  PID:9080
- C:\Windows\System\fxvrqQB.exe
  C:\Windows\System\fxvrqQB.exe
  2⤵
  PID:9124
- C:\Windows\System\Qmugsuw.exe
  C:\Windows\System\Qmugsuw.exe
  2⤵
  PID:9192
- C:\Windows\System\OrqEyrn.exe
  C:\Windows\System\OrqEyrn.exe
  2⤵
  PID:8564
- C:\Windows\System\SclHkDa.exe
  C:\Windows\System\SclHkDa.exe
  2⤵
  PID:7688
- C:\Windows\System\cNMCkjR.exe
  C:\Windows\System\cNMCkjR.exe
  2⤵
  PID:8400
- C:\Windows\System\QhRKjie.exe
  C:\Windows\System\QhRKjie.exe
  2⤵
  PID:9188
- C:\Windows\System\uhXoizZ.exe
  C:\Windows\System\uhXoizZ.exe
  2⤵
  PID:8612
- C:\Windows\System\cOZPYSV.exe
  C:\Windows\System\cOZPYSV.exe
  2⤵
  PID:8696
- C:\Windows\System\qupCdNx.exe
  C:\Windows\System\qupCdNx.exe
  2⤵
  PID:8708
- C:\Windows\System\HWSLnVd.exe
  C:\Windows\System\HWSLnVd.exe
  2⤵
  PID:8880
- C:\Windows\System\OUZBeHk.exe
  C:\Windows\System\OUZBeHk.exe
  2⤵
  PID:8964
- C:\Windows\System\mpKSpbK.exe
  C:\Windows\System\mpKSpbK.exe
  2⤵
  PID:8952
- C:\Windows\System\dmrtlvY.exe
  C:\Windows\System\dmrtlvY.exe
  2⤵
  PID:9120
- C:\Windows\System\PrqJPNr.exe
  C:\Windows\System\PrqJPNr.exe
  2⤵
  PID:9180
- C:\Windows\System\jfPnWgv.exe
  C:\Windows\System\jfPnWgv.exe
  2⤵
  PID:8328
- C:\Windows\System\dctkbDB.exe
  C:\Windows\System\dctkbDB.exe
  2⤵
  PID:8520
- C:\Windows\System\NvRUqTU.exe
  C:\Windows\System\NvRUqTU.exe
  2⤵
  PID:8568
- C:\Windows\System\nicXnCe.exe
  C:\Windows\System\nicXnCe.exe
  2⤵
  PID:8728
- C:\Windows\System\voDrMzK.exe
  C:\Windows\System\voDrMzK.exe
  2⤵
  PID:8780
- C:\Windows\System\SvIjfrn.exe
  C:\Windows\System\SvIjfrn.exe
  2⤵
  PID:9072
- C:\Windows\System\padPPGX.exe
  C:\Windows\System\padPPGX.exe
  2⤵
  PID:9040
- C:\Windows\System\dVwjjND.exe
  C:\Windows\System\dVwjjND.exe
  2⤵
  PID:8380
- C:\Windows\System\hQblVPV.exe
  C:\Windows\System\hQblVPV.exe
  2⤵
  PID:8496
- C:\Windows\System\UfklyMw.exe
  C:\Windows\System\UfklyMw.exe
  2⤵
  PID:8812
- C:\Windows\System\FsGqBnZ.exe
  C:\Windows\System\FsGqBnZ.exe
  2⤵
  PID:9104
- C:\Windows\System\PGyPcyR.exe
  C:\Windows\System\PGyPcyR.exe
  2⤵
  PID:8236
- C:\Windows\System\qRhOmxO.exe
  C:\Windows\System\qRhOmxO.exe
  2⤵
  PID:8896
- C:\Windows\System\BalhpKv.exe
  C:\Windows\System\BalhpKv.exe
  2⤵
  PID:9060
- C:\Windows\System\tFdKTsy.exe
  C:\Windows\System\tFdKTsy.exe
  2⤵
  PID:8512
- C:\Windows\System\GSPIWrZ.exe
  C:\Windows\System\GSPIWrZ.exe
  2⤵
  PID:8672
- C:\Windows\System\tJburoi.exe
  C:\Windows\System\tJburoi.exe
  2⤵
  PID:9220
- C:\Windows\System\EUCbXMv.exe
  C:\Windows\System\EUCbXMv.exe
  2⤵
  PID:9248
- C:\Windows\System\ATPVwbB.exe
  C:\Windows\System\ATPVwbB.exe
  2⤵
  PID:9264
- C:\Windows\System\LlWotFr.exe
  C:\Windows\System\LlWotFr.exe
  2⤵
  PID:9280
- C:\Windows\System\XDwAGLV.exe
  C:\Windows\System\XDwAGLV.exe
  2⤵
  PID:9300
- C:\Windows\System\fXsTfjm.exe
  C:\Windows\System\fXsTfjm.exe
  2⤵
  PID:9316
- C:\Windows\System\vMgZOrD.exe
  C:\Windows\System\vMgZOrD.exe
  2⤵
  PID:9336
- C:\Windows\System\fGZiHCr.exe
  C:\Windows\System\fGZiHCr.exe
  2⤵
  PID:9352
- C:\Windows\System\JLbuoyN.exe
  C:\Windows\System\JLbuoyN.exe
  2⤵
  PID:9388
- C:\Windows\System\THDiqFP.exe
  C:\Windows\System\THDiqFP.exe
  2⤵
  PID:9404
- C:\Windows\System\KRManJM.exe
  C:\Windows\System\KRManJM.exe
  2⤵
  PID:9424
- C:\Windows\System\klUbaGv.exe
  C:\Windows\System\klUbaGv.exe
  2⤵
  PID:9444
- C:\Windows\System\eFWwnxt.exe
  C:\Windows\System\eFWwnxt.exe
  2⤵
  PID:9460
- C:\Windows\System\fVUlHBt.exe
  C:\Windows\System\fVUlHBt.exe
  2⤵
  PID:9476
- C:\Windows\System\PvvXzwA.exe
  C:\Windows\System\PvvXzwA.exe
  2⤵
  PID:9492
- C:\Windows\System\zzydwxr.exe
  C:\Windows\System\zzydwxr.exe
  2⤵
  PID:9516
- C:\Windows\System\cgnffVq.exe
  C:\Windows\System\cgnffVq.exe
  2⤵
  PID:9536
- C:\Windows\System\JkXGKnF.exe
  C:\Windows\System\JkXGKnF.exe
  2⤵
  PID:9560
- C:\Windows\System\jtiOdjQ.exe
  C:\Windows\System\jtiOdjQ.exe
  2⤵
  PID:9580
- C:\Windows\System\IellaWE.exe
  C:\Windows\System\IellaWE.exe
  2⤵
  PID:9596
- C:\Windows\System\fcUDsDG.exe
  C:\Windows\System\fcUDsDG.exe
  2⤵
  PID:9612
- C:\Windows\System\VOoeVYg.exe
  C:\Windows\System\VOoeVYg.exe
  2⤵
  PID:9648
- C:\Windows\System\DYjzeOP.exe
  C:\Windows\System\DYjzeOP.exe
  2⤵
  PID:9664
- C:\Windows\System\KzOVuLU.exe
  C:\Windows\System\KzOVuLU.exe
  2⤵
  PID:9688
- C:\Windows\System\IKLRBjD.exe
  C:\Windows\System\IKLRBjD.exe
  2⤵
  PID:9708
- C:\Windows\System\PywDUIf.exe
  C:\Windows\System\PywDUIf.exe
  2⤵
  PID:9724
- C:\Windows\System\CRdsxiE.exe
  C:\Windows\System\CRdsxiE.exe
  2⤵
  PID:9740
- C:\Windows\System\DaulsQk.exe
  C:\Windows\System\DaulsQk.exe
  2⤵
  PID:9760
- C:\Windows\System\ODjhxsD.exe
  C:\Windows\System\ODjhxsD.exe
  2⤵
  PID:9780
- C:\Windows\System\NtKnseY.exe
  C:\Windows\System\NtKnseY.exe
  2⤵
  PID:9800
- C:\Windows\System\sdlZoci.exe
  C:\Windows\System\sdlZoci.exe
  2⤵
  PID:9820
- C:\Windows\System\FPmfeQs.exe
  C:\Windows\System\FPmfeQs.exe
  2⤵
  PID:9852
- C:\Windows\System\ZUinIXx.exe
  C:\Windows\System\ZUinIXx.exe
  2⤵
  PID:9868
- C:\Windows\System\zyetGiA.exe
  C:\Windows\System\zyetGiA.exe
  2⤵
  PID:9888
- C:\Windows\System\vpEiRTk.exe
  C:\Windows\System\vpEiRTk.exe
  2⤵
  PID:9904
- C:\Windows\System\uvTdEuM.exe
  C:\Windows\System\uvTdEuM.exe
  2⤵
  PID:9920
- C:\Windows\System\zdZNbqI.exe
  C:\Windows\System\zdZNbqI.exe
  2⤵
  PID:9940
- C:\Windows\System\mhRNPij.exe
  C:\Windows\System\mhRNPij.exe
  2⤵
  PID:9972
- C:\Windows\System\dAjsPWb.exe
  C:\Windows\System\dAjsPWb.exe
  2⤵
  PID:9988
- C:\Windows\System\XzODbLv.exe
  C:\Windows\System\XzODbLv.exe
  2⤵
  PID:10004
- C:\Windows\System\rWDMfoy.exe
  C:\Windows\System\rWDMfoy.exe
  2⤵
  PID:10024
- C:\Windows\System\hJEasNp.exe
  C:\Windows\System\hJEasNp.exe
  2⤵
  PID:10044
- C:\Windows\System\SIjVQum.exe
  C:\Windows\System\SIjVQum.exe
  2⤵
  PID:10060
- C:\Windows\System\JTkkIxN.exe
  C:\Windows\System\JTkkIxN.exe
  2⤵
  PID:10084
- C:\Windows\System\kFDkxST.exe
  C:\Windows\System\kFDkxST.exe
  2⤵
  PID:10104
- C:\Windows\System\hijVVDE.exe
  C:\Windows\System\hijVVDE.exe
  2⤵
  PID:10124
- C:\Windows\System\gRTtGaD.exe
  C:\Windows\System\gRTtGaD.exe
  2⤵
  PID:10148
- C:\Windows\System\SVdBsUd.exe
  C:\Windows\System\SVdBsUd.exe
  2⤵
  PID:10164
- C:\Windows\System\WPbuwYO.exe
  C:\Windows\System\WPbuwYO.exe
  2⤵
  PID:10188
- C:\Windows\System\ejYKhuJ.exe
  C:\Windows\System\ejYKhuJ.exe
  2⤵
  PID:10204
- C:\Windows\System\dSGOPij.exe
  C:\Windows\System\dSGOPij.exe
  2⤵
  PID:10236
- C:\Windows\System\ehbKWhW.exe
  C:\Windows\System\ehbKWhW.exe
  2⤵
  PID:8364
- C:\Windows\System\joyezFc.exe
  C:\Windows\System\joyezFc.exe
  2⤵
  PID:9232
- C:\Windows\System\jphMuko.exe
  C:\Windows\System\jphMuko.exe
  2⤵
  PID:9292
- C:\Windows\System\gabluab.exe
  C:\Windows\System\gabluab.exe
  2⤵
  PID:9328
- C:\Windows\System\awPdUgE.exe
  C:\Windows\System\awPdUgE.exe
  2⤵
  PID:9276
- C:\Windows\System\qkEwNTx.exe
  C:\Windows\System\qkEwNTx.exe
  2⤵
  PID:9376
- C:\Windows\System\eCIKCjZ.exe
  C:\Windows\System\eCIKCjZ.exe
  2⤵
  PID:9400
- C:\Windows\System\kwzzqbE.exe
  C:\Windows\System\kwzzqbE.exe
  2⤵
  PID:9436
- C:\Windows\System\WCBTFCd.exe
  C:\Windows\System\WCBTFCd.exe
  2⤵
  PID:9500
- C:\Windows\System\gGHQQsI.exe
  C:\Windows\System\gGHQQsI.exe
  2⤵
  PID:9488
- C:\Windows\System\BPbjruD.exe
  C:\Windows\System\BPbjruD.exe
  2⤵
  PID:7956
- C:\Windows\System\BfzWQPi.exe
  C:\Windows\System\BfzWQPi.exe
  2⤵
  PID:9532
- C:\Windows\System\YDVOdxJ.exe
  C:\Windows\System\YDVOdxJ.exe
  2⤵
  PID:9524
- C:\Windows\System\ywwItAu.exe
  C:\Windows\System\ywwItAu.exe
  2⤵
  PID:9568
- C:\Windows\System\aNunTyb.exe
  C:\Windows\System\aNunTyb.exe
  2⤵
  PID:9656
- C:\Windows\System\nwSQRso.exe
  C:\Windows\System\nwSQRso.exe
  2⤵
  PID:9716
- C:\Windows\System\ElknVZk.exe
  C:\Windows\System\ElknVZk.exe
  2⤵
  PID:9752
- C:\Windows\System\tMgbsmL.exe
  C:\Windows\System\tMgbsmL.exe
  2⤵
  PID:9700
- C:\Windows\System\zlFzEMJ.exe
  C:\Windows\System\zlFzEMJ.exe
  2⤵
  PID:9828
- C:\Windows\System\jeSEVqF.exe
  C:\Windows\System\jeSEVqF.exe
  2⤵
  PID:9848
- C:\Windows\System\oJAkjeO.exe
  C:\Windows\System\oJAkjeO.exe
  2⤵
  PID:9860
- C:\Windows\System\MrHgBTa.exe
  C:\Windows\System\MrHgBTa.exe
  2⤵
  PID:9912
- C:\Windows\System\hkbQUWa.exe
  C:\Windows\System\hkbQUWa.exe
  2⤵
  PID:9928
- C:\Windows\System\WvnfTLK.exe
  C:\Windows\System\WvnfTLK.exe
  2⤵
  PID:9996
- C:\Windows\System\bDAPlgi.exe
  C:\Windows\System\bDAPlgi.exe
  2⤵
  PID:10072
- C:\Windows\System\uFjreWf.exe
  C:\Windows\System\uFjreWf.exe
  2⤵
  PID:10120
- C:\Windows\System\EUgQWDO.exe
  C:\Windows\System\EUgQWDO.exe
  2⤵
  PID:10160
- C:\Windows\System\vilPeUm.exe
  C:\Windows\System\vilPeUm.exe
  2⤵
  PID:10096
- C:\Windows\System\KlNXSJS.exe
  C:\Windows\System\KlNXSJS.exe
  2⤵
  PID:10016
- C:\Windows\System\IcoOPjY.exe
  C:\Windows\System\IcoOPjY.exe
  2⤵
  PID:10132
- C:\Windows\System\VeSGjGx.exe
  C:\Windows\System\VeSGjGx.exe
  2⤵
  PID:10184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AOQRvkC.exe

Filesize
6.0MB

MD5
e635bcbe4e9897ee7a4203107b6537ad

SHA1
f67de99cc9ea4cbc81090d7aa852f5ca31d8883b

SHA256
ff0e9ee29b4f1550a369580d545421f2f2add4c8a3ff250451d2cf91f796ca09

SHA512
e0711c704751cff8ec302e5c927c2f80643ac2a759febd667e6cff353ef7af554954228f2470023ad72f9a7ee0229068ecdc8a166faffe0bdf7387d169ae65a2

Download Submit
C:\Windows\system\GpvGQmr.exe

Filesize
6.0MB

MD5
99f931a30a91f36f702a4aafe744e6b8

SHA1
6d477b1ffa066264aa563afdb8417282af132042

SHA256
8b0b0e1dca184dc25ac0cacccfce71f692773d181c4d642c48989db25bbd8550

SHA512
3c605dd5018adc05820df2e770c72b40df0ae320e5456ea8b7418b577525da759eb6343bfad4ffd93c4ff071c274f64b21feb8fb48b373a18b1c8ea37cf1d87b

Download Submit
C:\Windows\system\IgJaVZL.exe

Filesize
6.0MB

MD5
d52de0def1273045850e9c9bd29ac104

SHA1
efdba7a75c51e6604720c17985e8c89a6410f5a4

SHA256
6f58855c34fce7953a2d6e5d8c925e9f0784affe6e6a0f2fc66f01fb0356210e

SHA512
fc1d01f2079a4239e544ca1752021808f6bb4cca51e30dcb7a4cca8a8bca6cd27ecee87961c574b4e6b99f25133b183799c8981153d4548021c5642143d8c043

Download Submit
C:\Windows\system\KJFmoXS.exe

Filesize
6.0MB

MD5
9f5f6c294bc4cd6a6220c5ce5fe9a89f

SHA1
0060d9d7030def6e15b8c01f9f84e2a377b7906a

SHA256
2f2463e4a3cfb617d470753e59f6a94fe2f6d604157927b0247577d4395d3f21

SHA512
a8717b464ce398b6db0a726589ef5654e5ca8a4c6e0fea32c79d5329727781d5becd6d86f54da8b7d909fba1e7238312565cde8f3a2c3db0213e7aa51d7742c6

Download Submit
C:\Windows\system\LDIsGRt.exe

Filesize
6.0MB

MD5
015d4cf506eea8ebcb904340ebfee817

SHA1
b761f9246fab82cbb06c6bd63efff7913700e0a7

SHA256
a826b915d698a104700f5c573bc5cff9f8a938d7e306c97078091b54dba6e6fe

SHA512
2cfdd4a7a64912247ff7f758f471ee208afe9742998ee819fbc9aa3e7c86e9930a2c6f4d4e83f15dec9128c747946a3cc5baf1633d16d9d13a5f46fd3d508722

Download Submit
C:\Windows\system\MXmecpa.exe

Filesize
6.0MB

MD5
e9f4124ce1c0f7629b86e5c13b862e28

SHA1
94854782634f832d16eac9ad247f0f65e38b9f0a

SHA256
5bc408f57277d073bd7363530ab7ebaae258507beec5ee76533fe84ce2168a49

SHA512
8e2b3575caee9bc966099160c95981462a871f059a3782e358d944fa02cb8af60dc775db75ee4784deedf11f45d015eecb880dd3911bd4d9c3bfe6eab20360b1

Download Submit
C:\Windows\system\NgiTamo.exe

Filesize
6.0MB

MD5
e0ddb243e2e436d702a576150120bf17

SHA1
276ab3f5aa14727f9cf004617810495bea5dd7e6

SHA256
a537b165528cb216203bcc9beb1a01ea0706e8532b8b987a1b11f5a9f2d229fe

SHA512
daa04923b0ffe78dca2c7fe1da8a066c3e4140c54f5838139c2b55b33ff847037ffc6d687974d4e80fe18ee6965c41aced0ffde63c0a80f30a8a9ec5cb0fdf23

Download Submit
C:\Windows\system\OKHROem.exe

Filesize
6.0MB

MD5
20903b6e6a3fc0bd8c4a451f8c78beeb

SHA1
914aabd2f82ab0aff458af32c94d43dd71ade6a1

SHA256
6c6c3bfea65275422d8da07fbe969747c0a01a8e23e6b3862e9abe9d8ceb7436

SHA512
314ff28420e9a9510a7512a4685ce65f7e6081dab87c9599b763d96140fed58775c5f6af19049c1f9f5687e2893e150f7fb0cb53e46878c70ee12188a91036ba

Download Submit
C:\Windows\system\WzuspJr.exe

Filesize
6.0MB

MD5
40252b883a01baaa6612fcccfdb282c2

SHA1
9510235d6bfd6e27b29796c279e95906fa0e4441

SHA256
40c84a6cabbb1ff31e90ade2340ea894654220cd2e6fa27c01a86848103e4169

SHA512
074d29965ea6dd1ff6f50d5484210ceb6647ab035af463578f30d0bb19026bf81549c7762f612fe12636d0a991fc627bc659db63f122781fe89fc7e61bc31a50

Download Submit
C:\Windows\system\XCQGaUi.exe

Filesize
6.0MB

MD5
8408c3357e4eae74cc64f64ae4cfb1ea

SHA1
9b4b3b5364b68a9bebfe1e749b46e483e7007323

SHA256
fbc3d43ec23c7ec55f0685eb1adf6ad0a696d1497c963c4c64553d6840eb2b3c

SHA512
b8f765083759493740bb38c88ce4045e07419a63573ea79821a389501bda0d50e28721a71b9f3e6deaaacb55edbf545a7a93de09be139b5676c77a2719931aa4

Download Submit
C:\Windows\system\cmeKqKE.exe

Filesize
6.0MB

MD5
2f47cbc378c806bbf64639f437f79357

SHA1
b0e40fd8eec7539f9678651fde5640301358da34

SHA256
da1916262b9534cdf26ee527a0c0c1f5d4bf05234bef34dbfba8d2d8367157e9

SHA512
5830af7c914d1f395299fb16051605383ca8866a9151eab937862cfee13f17a3c5b720a40cd74ac2175936f78eef899dfa4b64c703052a274d1cfe0cc4f14b53

Download Submit
C:\Windows\system\gHkalpK.exe

Filesize
6.0MB

MD5
663dc391587da5a4384cb63da1b2ecce

SHA1
75390b25544564c70dd23f26c0aa9f43a1531124

SHA256
4eee9a98711c899b5371e32b435c0db9618da5ed114b4eb622073b3cb9c65895

SHA512
a1da45a2f1d0a7a7acb3249e1503ed5cfde334da012c009f931101fe7b24f928a026ea335f79d147c98a4f1038e58f36f9e8722d2c9c94d07e70dc5771e75c12

Download Submit
C:\Windows\system\nSBAOYg.exe

Filesize
6.0MB

MD5
8f206b46797424baa72bfdbe50dc11f5

SHA1
43d0b46542a5613d3a0e590c84d2e477780c53df

SHA256
095eb4429269bcc014ec901102c6c6d567cd193558017d3f74201776d7d20efd

SHA512
d6bb03f552629492d76df5ccdde78d50c5348dd55fe5918a37b0d2c35c67a47220cb958388193baf2b07a0f131d76e398f5aef93212e97098b80e0083a58c9cc

Download Submit
C:\Windows\system\oNPmqGX.exe

Filesize
6.0MB

MD5
8632e3ba99c778bd1245913dc07d28b1

SHA1
6d1d205bb7590b083fff316ab3b7a175bf5af52a

SHA256
e08ed24891aee483ff872d85f77b84e0b1ed3dc80b80e6ee6549c21963d741f9

SHA512
f54905ff1c5f19fd895a988bd2b5c85131afdf0587178e86c6be00d57bba05028d54dd4e0834345b3d9d252a398d6e2a3d0e27d8556524686e1410650367be71

Download Submit
C:\Windows\system\oeADFqB.exe

Filesize
6.0MB

MD5
404d93a2a71d517b9effbad477f777f7

SHA1
8dd54a63ef0eb7aa789a3ad4548da70d5490ca5a

SHA256
c73508b3df7e0d0069a4c59765f3d627b500aac71124b1461c2f016d3bac9a92

SHA512
5f90f062d6ea1e2717ab14d5ebc000e8e6e7c200ab9a0f59e8df9d2d52bcb4ddb9dfa9556562b67f5459c4be0363b7ca817b7a31bd8062c89aace27e1e28e960

Download Submit
C:\Windows\system\pHrsMZt.exe

Filesize
6.0MB

MD5
ac0cf468608095eefed0db7204e97c2c

SHA1
47a453e7488128cf3b437a3defe4642aa51a3282

SHA256
eab357bd7e7fffabbde58a10d9a11621dc2ae527a2d54720214be0352bb792ab

SHA512
8c2752a8ed952a3df94d78884b72d2e931f1edc5aa9deca0922d7f6539041425c800988bd42f48a3bb69b632a54ba90f44baab214cdddbfa90fbc63299579965

Download Submit
C:\Windows\system\rIOCVwe.exe

Filesize
6.0MB

MD5
f3b9958ed893573ca3e134b6afd34b91

SHA1
119e9cd3d95f3f6790d645bdcac8ab937759e26b

SHA256
e2005183f63d8f3fefbfb26b91085c3373874e806b645495f330709d39aad530

SHA512
58d799b517681fbf91256e9cf7bc66db93ae0b94233e7db3b9f23d2f427df32a5219f243397e4950300b52765fe89b5e9c2ff49e76b4dfe4a6e27290a343868d

Download Submit
C:\Windows\system\yVwRCWz.exe

Filesize
6.0MB

MD5
34d241d8d8bce7f8f78e76cafdc17802

SHA1
acb5f4c920faa12de8327cfc63510a718ac0d2cb

SHA256
b5a2be52be092460b873c3eab837b3aabc637ef82b576ee0711b6244005b0e6a

SHA512
d6969989a4e1ab8773835cb9088638d4c379b9a8ebc7ec1caa3b2f838f9a07fc951b471a025f62f762c3d71553d9a0f3fb4e09dc7f24d5b991a4320207b86e01

Download Submit
\Windows\system\EKPuyWn.exe

Filesize
6.0MB

MD5
bd3751c5bc4a6ebec3abe8c16838740e

SHA1
2fb3821615b12eb1c967b08df42d8d8826b830db

SHA256
dea3891a18814fdb4055b75efa775aa880be0838fbaaca8b59d9481ddff07f29

SHA512
08fa8626a58c00277d6e90c0c5712df03184562039a3e1e50ce8cb387c5f440f619099f64f4ac68d3a85fc6d9c38284ab10e2dc3442fc32b5079b3b0f83c070e

Download Submit
\Windows\system\HEFgQsl.exe

Filesize
6.0MB

MD5
dad2db44a085eb35664dc9fa1b71529f

SHA1
dabf671b1d290a6c32244264c02441cfb3d43a0f

SHA256
3cf46f0e42f0a05a9c5347a1029b2053d8b0bf997d1318fe7af1a92325359313

SHA512
19d6c40428cbcde5fec7211bc9d0f7fa2862181c51c6fa9957cab4e7961466d36d900b556935fd883ad3f35540e95832c4116333acc551e9a08fb189547f3c6b

Download Submit
\Windows\system\RMzyyIi.exe

Filesize
6.0MB

MD5
862abf83953f3aaf3add4d185098d196

SHA1
60aaad39a03a353912d97b0c6b1acb947ad8eaa0

SHA256
851d0afc632e0ba0ab9eecf9146a11d7b3940ce846a8c30d5d0b78c2c58c8f47

SHA512
7b9caf42a33160cecf1ce29601354ed4658a75d5d763d98b50adb262e8f489f37012123c3521e4935e939ce5e74eb015d48c80ff92a701a5f1832778be8571f5

Download Submit
\Windows\system\UhDnotD.exe

Filesize
6.0MB

MD5
1a8ff602a7aee9a2ea95cb72f6c6e28c

SHA1
89bf1fd4ac898f10d58baaa8f4641844e33cb1c7

SHA256
b221ee309c868df6b47d9095692196b79ca91b52db2eacdeab55eab10267afb6

SHA512
e69db652ccf84e369142fe485b35f433386a321bf4eb2fd19ab29452fb2ad451d4a007506d9e6d8ebc57aa9b7a9ad6ead73ad9de6281e3ffb3e825c059c07072

Download Submit
\Windows\system\XGNcjtD.exe

Filesize
6.0MB

MD5
d3bae466893f5e430fb1b14c45f1bf60

SHA1
b318aeaf39ec503c14e4c056747a3e7f985566d0

SHA256
74ae152a4a195e881be9a171c5bc4d179b8f2d09a30ece65af1f4a7484587d77

SHA512
527bf027a183cfdbf97fa55a0281b1a8410d1165786574711de42c62da206f43fe9b73964980ee95361044e839d719b454884711d50560bd8656a990c1fd1bf1

Download Submit
\Windows\system\XfcijKH.exe

Filesize
6.0MB

MD5
79fd0aed51d002546a8d4976a211a734

SHA1
bbcac471fec10223dd94d0d37014b8dda4cba3c6

SHA256
0064a72b3b63b09f4cc1cc43b4c41eba981b88d1572d80862ac70f4d9ed6e89c

SHA512
3e3ba1a03db33c854d7450180865a78202779de3bcfa78357abf8dae3ce3a6323b2e8711ba8fdec06d67d859948ba4294174af51d75f03b4bee6f32fea6a1dc3

Download Submit
\Windows\system\aFDsdjT.exe

Filesize
6.0MB

MD5
1a245d40259eb3b6c747ccf0d5d6ec6e

SHA1
6bc1844d88abd534417f6b50f1d6794d51b5b220

SHA256
366beff6b0a085b0521a2b70f9d525402433cb08074fd238abe38a67748e4b74

SHA512
1fbf62c929438518925b15e507311206510d0f33a87778fa881b63300407715208ba9907a1a509006319d0a361c2248d398f5513263b0c9ae56063ac50c365cb

Download Submit
\Windows\system\bvGhBpE.exe

Filesize
6.0MB

MD5
cd756110bac8b528842bac7494609b66

SHA1
61a78a2ab51dcae1c0a515de5793a7db430a3efe

SHA256
0cfe30c9f4260ce8000e6ce531ca7a95d3d22640e3d7b564518c68df43f81459

SHA512
e36056f48d4b0182f27c4b1a6172a55afa315d95caf86c0423a504167ee48840557982eca58aa758ab648a020b7ba8c81540d076d6794c0e871bfd27fe7414a7

Download Submit
\Windows\system\dKTgwEi.exe

Filesize
6.0MB

MD5
bf815583e78459e294022aeeec5f473a

SHA1
370ff1129c6ab69b458533cb8db19d8f5a4bd070

SHA256
5a7e89b0baaffd0c2a4eedc11ed82c439ffb10f0f8d58112dc970fc308176f01

SHA512
319ca56303668cbf128526218fb08a2db0fb9bd2dd4304f98cd60660ab30c56852a76988d75282a1c1cd5676b95ae28a7febbf20e39ba772f4f86c56de25c38f

Download Submit
\Windows\system\dnrUpWB.exe

Filesize
6.0MB

MD5
e1c91eefde84130b43f0f3a62a29b1fe

SHA1
ce50b79779cfc130bb871e48efcc280edbd24f2a

SHA256
37c527188e17448cdd27bd843e5841605f3dbc2cc0bb937b8268f6e1ccb0c2df

SHA512
2b971db187784d5ce73eabd863cddc62127b64d16adc9d484e6d37839538e9452a4f530fdc0d879d44e674e3f16924d4eeab645cfc8201cd48b9613187308533

Download Submit
\Windows\system\qSgZBFD.exe

Filesize
6.0MB

MD5
b919aa198cbfec67598bd44310e39118

SHA1
8f8498733aa24477e51547f677a40a75488331e2

SHA256
3e827519919fac9a0d25cf2bd56e4e9d91cb6954de6b1f8831c0edfd5f5c05d9

SHA512
75e2d3351f1fe9384be34ce57b99abdea08ac527d7a824157e53f4bddaa1a93e5f233fa94110d9deb1232737b8443588b199b0d43edbfbfa2adec628aac6a804

Download Submit
\Windows\system\tVfSEMZ.exe

Filesize
6.0MB

MD5
c2333b6b662468001078c11821a6aa2a

SHA1
e2374baad1ac81fc20d770b57621a8a479ee3bc8

SHA256
78430d77f17fb43739872d0e4d91fcb81137591a8fe4f70cd07e8b1dc38db347

SHA512
c09c654284ac49030e0eee40a8bc2123cc299371c69dac57c8ca491e343c124c4d9715d371cb45ba475cbf8f786f6c146dec43f1278b25b5ce9c088bf988cee3

Download Submit
\Windows\system\tnxTPPc.exe

Filesize
6.0MB

MD5
1466fd3020944c141942045a1bb55d9c

SHA1
702240d8a8a3b0aa6e0710826b1f0e5bbed54170

SHA256
0c712c4b323a12e85a15688ae8e24ffcb394b7556e421b66dbb9626040ffe758

SHA512
fcdc3284833618ae44a091b9927ca08b3fb561e48995340950aa04982eb439d11a919907404812a0a6fcc04c83b70c4d44249f6d343d35c385b19c54d580303a

Download Submit
\Windows\system\vAPKnfn.exe

Filesize
6.0MB

MD5
6f2e4b488df459f9a0e1e4ff1eec5a5c

SHA1
c54918517bcdc13cf421b3bb3c95e610b1ea3902

SHA256
cc33f0e12f262f11780776669eb1a1f6b766504c1771f2e51f1a1d3975dda93f

SHA512
f5e6942143c9349ad65d070deef491927f6c1bea95e39a3beed5f7c4ec05d342c709313552bbf6fc0d214abb44f1380fd11934cc607515de71a42f342c5129c3

Download Submit
\Windows\system\wRKVTrM.exe

Filesize
6.0MB

MD5
77bb2467c87629d78548c5f19c555d63

SHA1
3043588c14a5e05f4f3db202f1f28af84d313b11

SHA256
90fb52745cfda8a36f6d73f714b808d57fd370bb1971cb184aab3080cbe6f1b0

SHA512
0a3dc8eaf8d5b9f0534fd60f443fb3d72dc8509446026ec633ebd30ea88dee1d2611be9cdae70e19a021e984ad95baccc141d4509c3b21d47f9cdad5f7f91f6d

Download Submit
memory/1084-103-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-3784-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1084-72-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-56-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-16-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1308-70-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1308-82-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1308-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1308-87-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1308-95-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-0-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1308-97-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1308-61-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-62-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1308-98-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1308-110-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1308-10-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-120-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-125-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1308-872-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1308-759-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1308-578-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1308-903-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-59-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1308-21-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/1308-66-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-27-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-3705-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2212-17-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2212-74-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2508-3999-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2508-90-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2576-99-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4031-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2608-19-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3704-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-78-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2644-128-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3797-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3757-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2664-48-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3759-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-58-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-89-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-60-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3760-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-81-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3710-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-29-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-80-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3702-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-23-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3742-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2796-64-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3739-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-53-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download