cobaltstrike | 2c1dbc4ffe4f1fa7be32c3481186db8fb5b08fe31bb6a423b2dd033d9bba2e40

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0bd7d6cf0bf3662082fee5d8c7d3d0a3
SHA1

63223c892a84a83d92b064536a750022317b6144
SHA256

2c1dbc4ffe4f1fa7be32c3481186db8fb5b08fe31bb6a423b2dd033d9bba2e40
SHA512

7b165be1f57a1f56d60af741b8fe271e821e28cbea8f2de323e7fc6cc9c08b7f420aae7d015dd1a0bb21c190ab003dc9aea135cc4b6f19744ecf5bdbbc4a6df1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cd0-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cdc-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cf1-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce4-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d03-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d1a-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c4a-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c9d-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d18-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d64-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6d-134.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a9-160.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000171a8-150.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a7-155.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017079-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016fdf-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d89-133.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d5e-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4a-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d42-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3a-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d31-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d29-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d21-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0e-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d06-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cec-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cc8-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c51-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d78-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 36 IoCs

miner

resource	yara_rule
behavioral1/memory/2368-0-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000015cd0-8.dat	xmrig
behavioral1/files/0x0007000000015cdc-15.dat	xmrig
behavioral1/files/0x0007000000015cf1-23.dat	xmrig
behavioral1/files/0x0007000000015ce4-19.dat	xmrig
behavioral1/files/0x0007000000015d03-30.dat	xmrig
behavioral1/files/0x0009000000015d1a-36.dat	xmrig
behavioral1/files/0x0007000000016c4a-45.dat	xmrig
behavioral1/files/0x0006000000016c9d-55.dat	xmrig
behavioral1/files/0x0006000000016d18-80.dat	xmrig
behavioral1/files/0x0006000000016d64-118.dat	xmrig
behavioral1/files/0x0006000000016d6d-134.dat	xmrig
behavioral1/files/0x00060000000173a9-160.dat	xmrig
behavioral1/files/0x00060000000171a8-150.dat	xmrig
behavioral1/files/0x00060000000173a7-155.dat	xmrig
behavioral1/files/0x0006000000017079-144.dat	xmrig
behavioral1/files/0x0006000000016fdf-140.dat	xmrig
behavioral1/files/0x0006000000016d89-133.dat	xmrig
behavioral1/files/0x0006000000016d68-125.dat	xmrig
behavioral1/files/0x0006000000016d5e-115.dat	xmrig
behavioral1/files/0x0006000000016d4a-110.dat	xmrig
behavioral1/files/0x0006000000016d42-105.dat	xmrig
behavioral1/files/0x0006000000016d3a-100.dat	xmrig
behavioral1/files/0x0006000000016d31-95.dat	xmrig
behavioral1/files/0x0006000000016d29-90.dat	xmrig
behavioral1/files/0x0006000000016d21-85.dat	xmrig
behavioral1/files/0x0006000000016d0e-75.dat	xmrig
behavioral1/files/0x0006000000016d06-70.dat	xmrig
behavioral1/files/0x0006000000016cec-65.dat	xmrig
behavioral1/files/0x0006000000016cc8-60.dat	xmrig
behavioral1/files/0x0006000000016c51-50.dat	xmrig
behavioral1/files/0x0008000000015d78-41.dat	xmrig
behavioral1/memory/2388-2484-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2368-3043-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2388-3949-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2324	wQyGhRC.exe
2388	iWifFXM.exe
3040	FAUWUfq.exe
1328	RqaUDKj.exe
2424	pwaXPzc.exe
2800	kdRaOGY.exe
580	WRslCkv.exe
2236	fDsenLC.exe
2844	CljFNXn.exe
2776	dXRQUZb.exe
2216	HhuynPf.exe
2860	AkpkFzu.exe
2924	RaOGdqQ.exe
2756	zppNlaG.exe
2840	zqMswJB.exe
2636	ZCrbiYC.exe
2788	mxzNLPU.exe
2680	KTexKyj.exe
1376	bbVffhm.exe
972	aGSYHxf.exe
2856	dQKsOxj.exe
1956	IWJuOPI.exe
2500	TIpgCDC.exe
1880	lcxjfoS.exe
1864	oZsjjoL.exe
2936	JqFzQVD.exe
2912	tkYYDxc.exe
2336	hMBgOSq.exe
2120	BrOcddV.exe
2352	sMPOtOK.exe
1412	Kfssdya.exe
448	MMUwgpp.exe
284	prRtyAq.exe
2932	QveooJE.exe
1984	AwZjCpU.exe
940	kqhETVF.exe
1916	zSyaoeQ.exe
1500	dKkOTqD.exe
1524	GwhQsDH.exe
2292	ajIKTRw.exe
352	fQEDCeV.exe
1340	faYuhdO.exe
1920	TgqYiWk.exe
1780	rzRLWFD.exe
656	CofMHRZ.exe
568	IXlcUhH.exe
2072	IJgXcWq.exe
2332	PAQjBAw.exe
1768	IlATnkP.exe
1844	cvMxTcO.exe
2472	hDqrrjU.exe
2456	Hsjkbbb.exe
1048	tXaFibr.exe
1520	CPeFHuh.exe
2104	HMyLmIa.exe
2556	ANLVCFI.exe
1608	uzXuwzm.exe
1616	befRjYQ.exe
2172	aRdgpSI.exe
3052	PRfsHhS.exe
2168	mEtQlXR.exe
2296	Ntaaxpz.exe
2824	YQbGRNm.exe
2820	HwBurAW.exe

Loads dropped DLL 64 IoCs

pid	Process
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 36 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-0-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000015cd0-8.dat	upx
behavioral1/files/0x0007000000015cdc-15.dat	upx
behavioral1/files/0x0007000000015cf1-23.dat	upx
behavioral1/files/0x0007000000015ce4-19.dat	upx
behavioral1/files/0x0007000000015d03-30.dat	upx
behavioral1/files/0x0009000000015d1a-36.dat	upx
behavioral1/files/0x0007000000016c4a-45.dat	upx
behavioral1/files/0x0006000000016c9d-55.dat	upx
behavioral1/files/0x0006000000016d18-80.dat	upx
behavioral1/files/0x0006000000016d64-118.dat	upx
behavioral1/files/0x0006000000016d6d-134.dat	upx
behavioral1/files/0x00060000000173a9-160.dat	upx
behavioral1/files/0x00060000000171a8-150.dat	upx
behavioral1/files/0x00060000000173a7-155.dat	upx
behavioral1/files/0x0006000000017079-144.dat	upx
behavioral1/files/0x0006000000016fdf-140.dat	upx
behavioral1/files/0x0006000000016d89-133.dat	upx
behavioral1/files/0x0006000000016d68-125.dat	upx
behavioral1/files/0x0006000000016d5e-115.dat	upx
behavioral1/files/0x0006000000016d4a-110.dat	upx
behavioral1/files/0x0006000000016d42-105.dat	upx
behavioral1/files/0x0006000000016d3a-100.dat	upx
behavioral1/files/0x0006000000016d31-95.dat	upx
behavioral1/files/0x0006000000016d29-90.dat	upx
behavioral1/files/0x0006000000016d21-85.dat	upx
behavioral1/files/0x0006000000016d0e-75.dat	upx
behavioral1/files/0x0006000000016d06-70.dat	upx
behavioral1/files/0x0006000000016cec-65.dat	upx
behavioral1/files/0x0006000000016cc8-60.dat	upx
behavioral1/files/0x0006000000016c51-50.dat	upx
behavioral1/files/0x0008000000015d78-41.dat	upx
behavioral1/memory/2388-2484-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2368-3043-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2388-3949-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BFHkyAX.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\effoPkb.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fRurBna.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFfaqRG.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxBTPlc.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYgGkaz.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KcXEAbR.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcPWRwc.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMJNQJX.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nppmKhH.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmIdeyt.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PbRmtLw.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpzhnQf.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSRFEcG.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhGUjTq.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FAnSkNG.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CofMHRZ.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIAnDFu.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUyfcbP.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSpPlfF.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETOqzbp.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qOivHSH.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\agDipyA.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSyLEMl.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwxHXUR.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CaWJuSr.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lIhREqa.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awmHRRl.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jikaEyJ.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIOuZLj.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wprozaq.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ijsaTJj.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRDcbmM.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UijOpbr.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CeuhyGT.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udLtrqx.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXxFiji.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sccpYOY.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZVfqfY.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwfyyKC.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOPxzKP.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVpBZfx.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTcpfoW.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqaUDKj.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bCFuwcF.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhYhljW.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UdjDKbc.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiubZFA.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAngvLJ.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnqprRN.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GubNQpF.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUqyBYa.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGEccVD.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ccMeBmZ.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pquDQRB.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BURZiZJ.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVwPscb.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IeTkvDG.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjvAXwC.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sLSFcaE.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAQjBAw.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYvaiKL.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvQEPzP.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctJLSDJ.exe	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2324	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 2324	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 2324	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 2388	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 2388	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 2388	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 3040	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 3040	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 3040	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 1328	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 1328	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 1328	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 2424	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2424	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2424	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2800	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2800	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2800	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 580	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 580	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 580	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2236	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2236	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2236	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2844	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2844	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2844	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2776	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 2776	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 2776	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 2216	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 2216	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 2216	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 2860	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 2860	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 2860	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 2924	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 2924	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 2924	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 2756	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2756	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2756	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2840	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2840	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2840	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2636	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 2636	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 2636	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 2788	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 2788	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 2788	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 2680	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 2680	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 2680	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 1376	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 1376	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 1376	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 972	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 972	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 972	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 2856	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 2856	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 2856	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 1956	2368	2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_0bd7d6cf0bf3662082fee5d8c7d3d0a3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\System\wQyGhRC.exe
  C:\Windows\System\wQyGhRC.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\iWifFXM.exe
  C:\Windows\System\iWifFXM.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\FAUWUfq.exe
  C:\Windows\System\FAUWUfq.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\RqaUDKj.exe
  C:\Windows\System\RqaUDKj.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\pwaXPzc.exe
  C:\Windows\System\pwaXPzc.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\kdRaOGY.exe
  C:\Windows\System\kdRaOGY.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\WRslCkv.exe
  C:\Windows\System\WRslCkv.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\fDsenLC.exe
  C:\Windows\System\fDsenLC.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\CljFNXn.exe
  C:\Windows\System\CljFNXn.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\dXRQUZb.exe
  C:\Windows\System\dXRQUZb.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\HhuynPf.exe
  C:\Windows\System\HhuynPf.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\AkpkFzu.exe
  C:\Windows\System\AkpkFzu.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\RaOGdqQ.exe
  C:\Windows\System\RaOGdqQ.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\zppNlaG.exe
  C:\Windows\System\zppNlaG.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\zqMswJB.exe
  C:\Windows\System\zqMswJB.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\ZCrbiYC.exe
  C:\Windows\System\ZCrbiYC.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\mxzNLPU.exe
  C:\Windows\System\mxzNLPU.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\KTexKyj.exe
  C:\Windows\System\KTexKyj.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\bbVffhm.exe
  C:\Windows\System\bbVffhm.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\aGSYHxf.exe
  C:\Windows\System\aGSYHxf.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\dQKsOxj.exe
  C:\Windows\System\dQKsOxj.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\IWJuOPI.exe
  C:\Windows\System\IWJuOPI.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\TIpgCDC.exe
  C:\Windows\System\TIpgCDC.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\lcxjfoS.exe
  C:\Windows\System\lcxjfoS.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\oZsjjoL.exe
  C:\Windows\System\oZsjjoL.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\tkYYDxc.exe
  C:\Windows\System\tkYYDxc.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\JqFzQVD.exe
  C:\Windows\System\JqFzQVD.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\hMBgOSq.exe
  C:\Windows\System\hMBgOSq.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\BrOcddV.exe
  C:\Windows\System\BrOcddV.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\sMPOtOK.exe
  C:\Windows\System\sMPOtOK.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\Kfssdya.exe
  C:\Windows\System\Kfssdya.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\MMUwgpp.exe
  C:\Windows\System\MMUwgpp.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\prRtyAq.exe
  C:\Windows\System\prRtyAq.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\QveooJE.exe
  C:\Windows\System\QveooJE.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\AwZjCpU.exe
  C:\Windows\System\AwZjCpU.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\kqhETVF.exe
  C:\Windows\System\kqhETVF.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\zSyaoeQ.exe
  C:\Windows\System\zSyaoeQ.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\dKkOTqD.exe
  C:\Windows\System\dKkOTqD.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\GwhQsDH.exe
  C:\Windows\System\GwhQsDH.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\faYuhdO.exe
  C:\Windows\System\faYuhdO.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\ajIKTRw.exe
  C:\Windows\System\ajIKTRw.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\TgqYiWk.exe
  C:\Windows\System\TgqYiWk.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\fQEDCeV.exe
  C:\Windows\System\fQEDCeV.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\rzRLWFD.exe
  C:\Windows\System\rzRLWFD.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\CofMHRZ.exe
  C:\Windows\System\CofMHRZ.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\IJgXcWq.exe
  C:\Windows\System\IJgXcWq.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\IXlcUhH.exe
  C:\Windows\System\IXlcUhH.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\PAQjBAw.exe
  C:\Windows\System\PAQjBAw.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\IlATnkP.exe
  C:\Windows\System\IlATnkP.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\cvMxTcO.exe
  C:\Windows\System\cvMxTcO.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\hDqrrjU.exe
  C:\Windows\System\hDqrrjU.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\Hsjkbbb.exe
  C:\Windows\System\Hsjkbbb.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\tXaFibr.exe
  C:\Windows\System\tXaFibr.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\CPeFHuh.exe
  C:\Windows\System\CPeFHuh.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\HMyLmIa.exe
  C:\Windows\System\HMyLmIa.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ANLVCFI.exe
  C:\Windows\System\ANLVCFI.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\uzXuwzm.exe
  C:\Windows\System\uzXuwzm.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\befRjYQ.exe
  C:\Windows\System\befRjYQ.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\aRdgpSI.exe
  C:\Windows\System\aRdgpSI.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\PRfsHhS.exe
  C:\Windows\System\PRfsHhS.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\mEtQlXR.exe
  C:\Windows\System\mEtQlXR.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\Ntaaxpz.exe
  C:\Windows\System\Ntaaxpz.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\YQbGRNm.exe
  C:\Windows\System\YQbGRNm.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\HwBurAW.exe
  C:\Windows\System\HwBurAW.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\dNEobUo.exe
  C:\Windows\System\dNEobUo.exe
  2⤵
  PID:2892
- C:\Windows\System\ZeTHbIa.exe
  C:\Windows\System\ZeTHbIa.exe
  2⤵
  PID:2808
- C:\Windows\System\eSAucuX.exe
  C:\Windows\System\eSAucuX.exe
  2⤵
  PID:1056
- C:\Windows\System\OdkXeNn.exe
  C:\Windows\System\OdkXeNn.exe
  2⤵
  PID:2740
- C:\Windows\System\NDTCQTV.exe
  C:\Windows\System\NDTCQTV.exe
  2⤵
  PID:2180
- C:\Windows\System\RdoGfAH.exe
  C:\Windows\System\RdoGfAH.exe
  2⤵
  PID:1640
- C:\Windows\System\ZZlyMNz.exe
  C:\Windows\System\ZZlyMNz.exe
  2⤵
  PID:1708
- C:\Windows\System\kHLJkty.exe
  C:\Windows\System\kHLJkty.exe
  2⤵
  PID:400
- C:\Windows\System\uFPXYmW.exe
  C:\Windows\System\uFPXYmW.exe
  2⤵
  PID:1832
- C:\Windows\System\eAoTFwH.exe
  C:\Windows\System\eAoTFwH.exe
  2⤵
  PID:2092
- C:\Windows\System\KkaYwrA.exe
  C:\Windows\System\KkaYwrA.exe
  2⤵
  PID:2348
- C:\Windows\System\BOlbqOg.exe
  C:\Windows\System\BOlbqOg.exe
  2⤵
  PID:860
- C:\Windows\System\zEFjiDs.exe
  C:\Windows\System\zEFjiDs.exe
  2⤵
  PID:1888
- C:\Windows\System\uzAgbMt.exe
  C:\Windows\System\uzAgbMt.exe
  2⤵
  PID:2316
- C:\Windows\System\WYZLyxA.exe
  C:\Windows\System\WYZLyxA.exe
  2⤵
  PID:2032
- C:\Windows\System\TUHSthE.exe
  C:\Windows\System\TUHSthE.exe
  2⤵
  PID:824
- C:\Windows\System\zKfyGYU.exe
  C:\Windows\System\zKfyGYU.exe
  2⤵
  PID:1200
- C:\Windows\System\rVhTRck.exe
  C:\Windows\System\rVhTRck.exe
  2⤵
  PID:584
- C:\Windows\System\iZVfqfY.exe
  C:\Windows\System\iZVfqfY.exe
  2⤵
  PID:776
- C:\Windows\System\CrHBlcW.exe
  C:\Windows\System\CrHBlcW.exe
  2⤵
  PID:2040
- C:\Windows\System\pQgwzFe.exe
  C:\Windows\System\pQgwzFe.exe
  2⤵
  PID:2584
- C:\Windows\System\ClFGtrR.exe
  C:\Windows\System\ClFGtrR.exe
  2⤵
  PID:1184
- C:\Windows\System\LtNKuTc.exe
  C:\Windows\System\LtNKuTc.exe
  2⤵
  PID:3060
- C:\Windows\System\vSNEFGE.exe
  C:\Windows\System\vSNEFGE.exe
  2⤵
  PID:684
- C:\Windows\System\NvqZLvO.exe
  C:\Windows\System\NvqZLvO.exe
  2⤵
  PID:1660
- C:\Windows\System\XMhaXGU.exe
  C:\Windows\System\XMhaXGU.exe
  2⤵
  PID:1796
- C:\Windows\System\uvQEPzP.exe
  C:\Windows\System\uvQEPzP.exe
  2⤵
  PID:872
- C:\Windows\System\ZqXktJc.exe
  C:\Windows\System\ZqXktJc.exe
  2⤵
  PID:1612
- C:\Windows\System\wIPzLzX.exe
  C:\Windows\System\wIPzLzX.exe
  2⤵
  PID:1712
- C:\Windows\System\YrwREfg.exe
  C:\Windows\System\YrwREfg.exe
  2⤵
  PID:2984
- C:\Windows\System\awmCogn.exe
  C:\Windows\System\awmCogn.exe
  2⤵
  PID:1744
- C:\Windows\System\FflBQNA.exe
  C:\Windows\System\FflBQNA.exe
  2⤵
  PID:2748
- C:\Windows\System\MNIYjRq.exe
  C:\Windows\System\MNIYjRq.exe
  2⤵
  PID:2644
- C:\Windows\System\fZhrfaK.exe
  C:\Windows\System\fZhrfaK.exe
  2⤵
  PID:1740
- C:\Windows\System\cEQpjbU.exe
  C:\Windows\System\cEQpjbU.exe
  2⤵
  PID:2628
- C:\Windows\System\UqfFpXO.exe
  C:\Windows\System\UqfFpXO.exe
  2⤵
  PID:1632
- C:\Windows\System\dZbKYza.exe
  C:\Windows\System\dZbKYza.exe
  2⤵
  PID:1668
- C:\Windows\System\Besksab.exe
  C:\Windows\System\Besksab.exe
  2⤵
  PID:1872
- C:\Windows\System\NQhNvsu.exe
  C:\Windows\System\NQhNvsu.exe
  2⤵
  PID:2340
- C:\Windows\System\HjhEtSi.exe
  C:\Windows\System\HjhEtSi.exe
  2⤵
  PID:2160
- C:\Windows\System\iTjjLpz.exe
  C:\Windows\System\iTjjLpz.exe
  2⤵
  PID:664
- C:\Windows\System\BBVzmKB.exe
  C:\Windows\System\BBVzmKB.exe
  2⤵
  PID:2028
- C:\Windows\System\cLApRrb.exe
  C:\Windows\System\cLApRrb.exe
  2⤵
  PID:532
- C:\Windows\System\OXcRxYa.exe
  C:\Windows\System\OXcRxYa.exe
  2⤵
  PID:2720
- C:\Windows\System\wBEfVdM.exe
  C:\Windows\System\wBEfVdM.exe
  2⤵
  PID:892
- C:\Windows\System\nOSNXYR.exe
  C:\Windows\System\nOSNXYR.exe
  2⤵
  PID:2204
- C:\Windows\System\GmSsxrg.exe
  C:\Windows\System\GmSsxrg.exe
  2⤵
  PID:2132
- C:\Windows\System\fCMnXqf.exe
  C:\Windows\System\fCMnXqf.exe
  2⤵
  PID:2364
- C:\Windows\System\PbRmtLw.exe
  C:\Windows\System\PbRmtLw.exe
  2⤵
  PID:880
- C:\Windows\System\APhdeZN.exe
  C:\Windows\System\APhdeZN.exe
  2⤵
  PID:1992
- C:\Windows\System\kXgpzsI.exe
  C:\Windows\System\kXgpzsI.exe
  2⤵
  PID:2516
- C:\Windows\System\NulXkQY.exe
  C:\Windows\System\NulXkQY.exe
  2⤵
  PID:2772
- C:\Windows\System\WMzmOEf.exe
  C:\Windows\System\WMzmOEf.exe
  2⤵
  PID:3088
- C:\Windows\System\KTfvUoj.exe
  C:\Windows\System\KTfvUoj.exe
  2⤵
  PID:3108
- C:\Windows\System\XwsVjgo.exe
  C:\Windows\System\XwsVjgo.exe
  2⤵
  PID:3128
- C:\Windows\System\lIhREqa.exe
  C:\Windows\System\lIhREqa.exe
  2⤵
  PID:3148
- C:\Windows\System\TgwXuuh.exe
  C:\Windows\System\TgwXuuh.exe
  2⤵
  PID:3168
- C:\Windows\System\eqQDROV.exe
  C:\Windows\System\eqQDROV.exe
  2⤵
  PID:3188
- C:\Windows\System\IDwyPJt.exe
  C:\Windows\System\IDwyPJt.exe
  2⤵
  PID:3208
- C:\Windows\System\mOVrvbc.exe
  C:\Windows\System\mOVrvbc.exe
  2⤵
  PID:3228
- C:\Windows\System\TLwZIIC.exe
  C:\Windows\System\TLwZIIC.exe
  2⤵
  PID:3248
- C:\Windows\System\NPmlqWB.exe
  C:\Windows\System\NPmlqWB.exe
  2⤵
  PID:3268
- C:\Windows\System\uzJaaUk.exe
  C:\Windows\System\uzJaaUk.exe
  2⤵
  PID:3288
- C:\Windows\System\yGObElG.exe
  C:\Windows\System\yGObElG.exe
  2⤵
  PID:3308
- C:\Windows\System\TMUUnPB.exe
  C:\Windows\System\TMUUnPB.exe
  2⤵
  PID:3328
- C:\Windows\System\gacwKTG.exe
  C:\Windows\System\gacwKTG.exe
  2⤵
  PID:3348
- C:\Windows\System\FAEuBIC.exe
  C:\Windows\System\FAEuBIC.exe
  2⤵
  PID:3368
- C:\Windows\System\sqDaHpC.exe
  C:\Windows\System\sqDaHpC.exe
  2⤵
  PID:3388
- C:\Windows\System\gTbWiys.exe
  C:\Windows\System\gTbWiys.exe
  2⤵
  PID:3408
- C:\Windows\System\fDMZoyt.exe
  C:\Windows\System\fDMZoyt.exe
  2⤵
  PID:3428
- C:\Windows\System\ccMeBmZ.exe
  C:\Windows\System\ccMeBmZ.exe
  2⤵
  PID:3448
- C:\Windows\System\cjWlFBM.exe
  C:\Windows\System\cjWlFBM.exe
  2⤵
  PID:3468
- C:\Windows\System\ycQLuqe.exe
  C:\Windows\System\ycQLuqe.exe
  2⤵
  PID:3488
- C:\Windows\System\JlzqjJt.exe
  C:\Windows\System\JlzqjJt.exe
  2⤵
  PID:3508
- C:\Windows\System\kyBeSyj.exe
  C:\Windows\System\kyBeSyj.exe
  2⤵
  PID:3528
- C:\Windows\System\caXtGSf.exe
  C:\Windows\System\caXtGSf.exe
  2⤵
  PID:3548
- C:\Windows\System\cbrQcqZ.exe
  C:\Windows\System\cbrQcqZ.exe
  2⤵
  PID:3568
- C:\Windows\System\BMxpLag.exe
  C:\Windows\System\BMxpLag.exe
  2⤵
  PID:3588
- C:\Windows\System\zwztaJD.exe
  C:\Windows\System\zwztaJD.exe
  2⤵
  PID:3608
- C:\Windows\System\rWaDxcz.exe
  C:\Windows\System\rWaDxcz.exe
  2⤵
  PID:3628
- C:\Windows\System\dBgLPpH.exe
  C:\Windows\System\dBgLPpH.exe
  2⤵
  PID:3648
- C:\Windows\System\WnwXxAe.exe
  C:\Windows\System\WnwXxAe.exe
  2⤵
  PID:3668
- C:\Windows\System\sodTyKQ.exe
  C:\Windows\System\sodTyKQ.exe
  2⤵
  PID:3688
- C:\Windows\System\KxNOtIN.exe
  C:\Windows\System\KxNOtIN.exe
  2⤵
  PID:3708
- C:\Windows\System\YxFKCTi.exe
  C:\Windows\System\YxFKCTi.exe
  2⤵
  PID:3728
- C:\Windows\System\gKfJOcV.exe
  C:\Windows\System\gKfJOcV.exe
  2⤵
  PID:3748
- C:\Windows\System\zIKHNjO.exe
  C:\Windows\System\zIKHNjO.exe
  2⤵
  PID:3772
- C:\Windows\System\XEujwWp.exe
  C:\Windows\System\XEujwWp.exe
  2⤵
  PID:3792
- C:\Windows\System\HyKXmdc.exe
  C:\Windows\System\HyKXmdc.exe
  2⤵
  PID:3812
- C:\Windows\System\UkLBHNt.exe
  C:\Windows\System\UkLBHNt.exe
  2⤵
  PID:3832
- C:\Windows\System\icuqQzB.exe
  C:\Windows\System\icuqQzB.exe
  2⤵
  PID:3852
- C:\Windows\System\wijWLwh.exe
  C:\Windows\System\wijWLwh.exe
  2⤵
  PID:3872
- C:\Windows\System\hpTXqKL.exe
  C:\Windows\System\hpTXqKL.exe
  2⤵
  PID:3892
- C:\Windows\System\ZEPgDIG.exe
  C:\Windows\System\ZEPgDIG.exe
  2⤵
  PID:3912
- C:\Windows\System\ywpEAOL.exe
  C:\Windows\System\ywpEAOL.exe
  2⤵
  PID:3932
- C:\Windows\System\RCmiUgF.exe
  C:\Windows\System\RCmiUgF.exe
  2⤵
  PID:3952
- C:\Windows\System\MeAHjCh.exe
  C:\Windows\System\MeAHjCh.exe
  2⤵
  PID:3972
- C:\Windows\System\hgUamAQ.exe
  C:\Windows\System\hgUamAQ.exe
  2⤵
  PID:3992
- C:\Windows\System\mpZwYvK.exe
  C:\Windows\System\mpZwYvK.exe
  2⤵
  PID:4012
- C:\Windows\System\MUDGBcD.exe
  C:\Windows\System\MUDGBcD.exe
  2⤵
  PID:4032
- C:\Windows\System\NVfDkHu.exe
  C:\Windows\System\NVfDkHu.exe
  2⤵
  PID:4052
- C:\Windows\System\tFFgvXA.exe
  C:\Windows\System\tFFgvXA.exe
  2⤵
  PID:4072
- C:\Windows\System\FeiZmdZ.exe
  C:\Windows\System\FeiZmdZ.exe
  2⤵
  PID:4092
- C:\Windows\System\TxdCvRm.exe
  C:\Windows\System\TxdCvRm.exe
  2⤵
  PID:2632
- C:\Windows\System\jhrfiZu.exe
  C:\Windows\System\jhrfiZu.exe
  2⤵
  PID:2176
- C:\Windows\System\CSTQCVE.exe
  C:\Windows\System\CSTQCVE.exe
  2⤵
  PID:1464
- C:\Windows\System\ftnUGXy.exe
  C:\Windows\System\ftnUGXy.exe
  2⤵
  PID:1860
- C:\Windows\System\pGdmyEE.exe
  C:\Windows\System\pGdmyEE.exe
  2⤵
  PID:820
- C:\Windows\System\YOYfvrU.exe
  C:\Windows\System\YOYfvrU.exe
  2⤵
  PID:920
- C:\Windows\System\jpJeASc.exe
  C:\Windows\System\jpJeASc.exe
  2⤵
  PID:1564
- C:\Windows\System\sfJQNNM.exe
  C:\Windows\System\sfJQNNM.exe
  2⤵
  PID:2068
- C:\Windows\System\UwTsJnP.exe
  C:\Windows\System\UwTsJnP.exe
  2⤵
  PID:1496
- C:\Windows\System\cvLMuii.exe
  C:\Windows\System\cvLMuii.exe
  2⤵
  PID:2312
- C:\Windows\System\SnSjykv.exe
  C:\Windows\System\SnSjykv.exe
  2⤵
  PID:2528
- C:\Windows\System\mPqpYSi.exe
  C:\Windows\System\mPqpYSi.exe
  2⤵
  PID:3084
- C:\Windows\System\oNwpPSJ.exe
  C:\Windows\System\oNwpPSJ.exe
  2⤵
  PID:3116
- C:\Windows\System\iIIUyzE.exe
  C:\Windows\System\iIIUyzE.exe
  2⤵
  PID:3140
- C:\Windows\System\nKFHVWB.exe
  C:\Windows\System\nKFHVWB.exe
  2⤵
  PID:3160
- C:\Windows\System\wvYGnFe.exe
  C:\Windows\System\wvYGnFe.exe
  2⤵
  PID:3200
- C:\Windows\System\FYvGzqN.exe
  C:\Windows\System\FYvGzqN.exe
  2⤵
  PID:3240
- C:\Windows\System\danQmNj.exe
  C:\Windows\System\danQmNj.exe
  2⤵
  PID:3284
- C:\Windows\System\NySLwej.exe
  C:\Windows\System\NySLwej.exe
  2⤵
  PID:3336
- C:\Windows\System\JEGdNOw.exe
  C:\Windows\System\JEGdNOw.exe
  2⤵
  PID:3340
- C:\Windows\System\qmIdeyt.exe
  C:\Windows\System\qmIdeyt.exe
  2⤵
  PID:3360
- C:\Windows\System\AaawLqM.exe
  C:\Windows\System\AaawLqM.exe
  2⤵
  PID:3400
- C:\Windows\System\WWMnaPf.exe
  C:\Windows\System\WWMnaPf.exe
  2⤵
  PID:3464
- C:\Windows\System\FjGlGhu.exe
  C:\Windows\System\FjGlGhu.exe
  2⤵
  PID:3480
- C:\Windows\System\wSeiflY.exe
  C:\Windows\System\wSeiflY.exe
  2⤵
  PID:3524
- C:\Windows\System\BWdwqWy.exe
  C:\Windows\System\BWdwqWy.exe
  2⤵
  PID:3556
- C:\Windows\System\tKxqqoQ.exe
  C:\Windows\System\tKxqqoQ.exe
  2⤵
  PID:3620
- C:\Windows\System\DKYgDDj.exe
  C:\Windows\System\DKYgDDj.exe
  2⤵
  PID:3664
- C:\Windows\System\LRvInIt.exe
  C:\Windows\System\LRvInIt.exe
  2⤵
  PID:3680
- C:\Windows\System\WeOfpeQ.exe
  C:\Windows\System\WeOfpeQ.exe
  2⤵
  PID:3724
- C:\Windows\System\iyKXvVD.exe
  C:\Windows\System\iyKXvVD.exe
  2⤵
  PID:3780
- C:\Windows\System\QlIeloQ.exe
  C:\Windows\System\QlIeloQ.exe
  2⤵
  PID:3784
- C:\Windows\System\LnQvLfo.exe
  C:\Windows\System\LnQvLfo.exe
  2⤵
  PID:3824
- C:\Windows\System\rGXOWWt.exe
  C:\Windows\System\rGXOWWt.exe
  2⤵
  PID:3868
- C:\Windows\System\zCpHadV.exe
  C:\Windows\System\zCpHadV.exe
  2⤵
  PID:3884
- C:\Windows\System\JlkeInr.exe
  C:\Windows\System\JlkeInr.exe
  2⤵
  PID:3940
- C:\Windows\System\HkOKhSh.exe
  C:\Windows\System\HkOKhSh.exe
  2⤵
  PID:3968
- C:\Windows\System\zaFnyvY.exe
  C:\Windows\System\zaFnyvY.exe
  2⤵
  PID:4000
- C:\Windows\System\GezqyxT.exe
  C:\Windows\System\GezqyxT.exe
  2⤵
  PID:4060
- C:\Windows\System\bSGDddV.exe
  C:\Windows\System\bSGDddV.exe
  2⤵
  PID:4080
- C:\Windows\System\OEmESOE.exe
  C:\Windows\System\OEmESOE.exe
  2⤵
  PID:2884
- C:\Windows\System\PWPujuP.exe
  C:\Windows\System\PWPujuP.exe
  2⤵
  PID:1664
- C:\Windows\System\UajriRS.exe
  C:\Windows\System\UajriRS.exe
  2⤵
  PID:2920
- C:\Windows\System\hCllXcN.exe
  C:\Windows\System\hCllXcN.exe
  2⤵
  PID:1352
- C:\Windows\System\bKhlrfg.exe
  C:\Windows\System\bKhlrfg.exe
  2⤵
  PID:2100
- C:\Windows\System\leCwQLI.exe
  C:\Windows\System\leCwQLI.exe
  2⤵
  PID:2232
- C:\Windows\System\OumGdwV.exe
  C:\Windows\System\OumGdwV.exe
  2⤵
  PID:1900
- C:\Windows\System\MtYsycz.exe
  C:\Windows\System\MtYsycz.exe
  2⤵
  PID:3076
- C:\Windows\System\PeOurhr.exe
  C:\Windows\System\PeOurhr.exe
  2⤵
  PID:3176
- C:\Windows\System\dIffsEC.exe
  C:\Windows\System\dIffsEC.exe
  2⤵
  PID:3220
- C:\Windows\System\sccpYOY.exe
  C:\Windows\System\sccpYOY.exe
  2⤵
  PID:3296
- C:\Windows\System\sSzVkdx.exe
  C:\Windows\System\sSzVkdx.exe
  2⤵
  PID:3304
- C:\Windows\System\RFFkXjW.exe
  C:\Windows\System\RFFkXjW.exe
  2⤵
  PID:3364
- C:\Windows\System\JlnwqEx.exe
  C:\Windows\System\JlnwqEx.exe
  2⤵
  PID:3420
- C:\Windows\System\ebYZPuI.exe
  C:\Windows\System\ebYZPuI.exe
  2⤵
  PID:3496
- C:\Windows\System\PCbdMQn.exe
  C:\Windows\System\PCbdMQn.exe
  2⤵
  PID:3516
- C:\Windows\System\MFCNtdj.exe
  C:\Windows\System\MFCNtdj.exe
  2⤵
  PID:3600
- C:\Windows\System\BBXAFrE.exe
  C:\Windows\System\BBXAFrE.exe
  2⤵
  PID:3700
- C:\Windows\System\pCCPuUl.exe
  C:\Windows\System\pCCPuUl.exe
  2⤵
  PID:3744
- C:\Windows\System\whLtayx.exe
  C:\Windows\System\whLtayx.exe
  2⤵
  PID:3808
- C:\Windows\System\NUIpZec.exe
  C:\Windows\System\NUIpZec.exe
  2⤵
  PID:3844
- C:\Windows\System\oweVlUj.exe
  C:\Windows\System\oweVlUj.exe
  2⤵
  PID:3928
- C:\Windows\System\aiLASYr.exe
  C:\Windows\System\aiLASYr.exe
  2⤵
  PID:4020
- C:\Windows\System\pVRIXaL.exe
  C:\Windows\System\pVRIXaL.exe
  2⤵
  PID:4048
- C:\Windows\System\oTVapSJ.exe
  C:\Windows\System\oTVapSJ.exe
  2⤵
  PID:4084
- C:\Windows\System\QepSvlB.exe
  C:\Windows\System\QepSvlB.exe
  2⤵
  PID:980
- C:\Windows\System\tUpNnls.exe
  C:\Windows\System\tUpNnls.exe
  2⤵
  PID:740
- C:\Windows\System\hshpmdz.exe
  C:\Windows\System\hshpmdz.exe
  2⤵
  PID:1388
- C:\Windows\System\wvfvGga.exe
  C:\Windows\System\wvfvGga.exe
  2⤵
  PID:3096
- C:\Windows\System\WbUQynW.exe
  C:\Windows\System\WbUQynW.exe
  2⤵
  PID:3144
- C:\Windows\System\MHCGNlj.exe
  C:\Windows\System\MHCGNlj.exe
  2⤵
  PID:3236
- C:\Windows\System\LmqbDEU.exe
  C:\Windows\System\LmqbDEU.exe
  2⤵
  PID:4104
- C:\Windows\System\pquDQRB.exe
  C:\Windows\System\pquDQRB.exe
  2⤵
  PID:4124
- C:\Windows\System\IuOtNVq.exe
  C:\Windows\System\IuOtNVq.exe
  2⤵
  PID:4144
- C:\Windows\System\fQKWPZN.exe
  C:\Windows\System\fQKWPZN.exe
  2⤵
  PID:4164
- C:\Windows\System\aMbZtDm.exe
  C:\Windows\System\aMbZtDm.exe
  2⤵
  PID:4184
- C:\Windows\System\DLNKxLG.exe
  C:\Windows\System\DLNKxLG.exe
  2⤵
  PID:4204
- C:\Windows\System\NtBPrUr.exe
  C:\Windows\System\NtBPrUr.exe
  2⤵
  PID:4224
- C:\Windows\System\wGxPclr.exe
  C:\Windows\System\wGxPclr.exe
  2⤵
  PID:4244
- C:\Windows\System\NDOCuBP.exe
  C:\Windows\System\NDOCuBP.exe
  2⤵
  PID:4264
- C:\Windows\System\kspgaoe.exe
  C:\Windows\System\kspgaoe.exe
  2⤵
  PID:4284
- C:\Windows\System\TnHMFYV.exe
  C:\Windows\System\TnHMFYV.exe
  2⤵
  PID:4304
- C:\Windows\System\KiGMTIC.exe
  C:\Windows\System\KiGMTIC.exe
  2⤵
  PID:4324
- C:\Windows\System\hCzoAlA.exe
  C:\Windows\System\hCzoAlA.exe
  2⤵
  PID:4344
- C:\Windows\System\DPkfYlC.exe
  C:\Windows\System\DPkfYlC.exe
  2⤵
  PID:4364
- C:\Windows\System\bMXzDvc.exe
  C:\Windows\System\bMXzDvc.exe
  2⤵
  PID:4384
- C:\Windows\System\ogvJwQc.exe
  C:\Windows\System\ogvJwQc.exe
  2⤵
  PID:4404
- C:\Windows\System\AecQlpA.exe
  C:\Windows\System\AecQlpA.exe
  2⤵
  PID:4424
- C:\Windows\System\sZaNGsD.exe
  C:\Windows\System\sZaNGsD.exe
  2⤵
  PID:4448
- C:\Windows\System\oedPUxj.exe
  C:\Windows\System\oedPUxj.exe
  2⤵
  PID:4468
- C:\Windows\System\NbFRqEr.exe
  C:\Windows\System\NbFRqEr.exe
  2⤵
  PID:4488
- C:\Windows\System\IhDXJgR.exe
  C:\Windows\System\IhDXJgR.exe
  2⤵
  PID:4508
- C:\Windows\System\LaNtCko.exe
  C:\Windows\System\LaNtCko.exe
  2⤵
  PID:4528
- C:\Windows\System\CaqCIxS.exe
  C:\Windows\System\CaqCIxS.exe
  2⤵
  PID:4548
- C:\Windows\System\VVBYwLd.exe
  C:\Windows\System\VVBYwLd.exe
  2⤵
  PID:4568
- C:\Windows\System\UQGVjpG.exe
  C:\Windows\System\UQGVjpG.exe
  2⤵
  PID:4588
- C:\Windows\System\sWZpVTx.exe
  C:\Windows\System\sWZpVTx.exe
  2⤵
  PID:4608
- C:\Windows\System\pRQBZWD.exe
  C:\Windows\System\pRQBZWD.exe
  2⤵
  PID:4628
- C:\Windows\System\ILrlZau.exe
  C:\Windows\System\ILrlZau.exe
  2⤵
  PID:4648
- C:\Windows\System\IPSEces.exe
  C:\Windows\System\IPSEces.exe
  2⤵
  PID:4668
- C:\Windows\System\fUTqWmz.exe
  C:\Windows\System\fUTqWmz.exe
  2⤵
  PID:4688
- C:\Windows\System\tVPXxeh.exe
  C:\Windows\System\tVPXxeh.exe
  2⤵
  PID:4708
- C:\Windows\System\nDbqYrx.exe
  C:\Windows\System\nDbqYrx.exe
  2⤵
  PID:4728
- C:\Windows\System\JPgfSBH.exe
  C:\Windows\System\JPgfSBH.exe
  2⤵
  PID:4748
- C:\Windows\System\EGZHXJT.exe
  C:\Windows\System\EGZHXJT.exe
  2⤵
  PID:4768
- C:\Windows\System\iqophEV.exe
  C:\Windows\System\iqophEV.exe
  2⤵
  PID:4788
- C:\Windows\System\IkZoDBg.exe
  C:\Windows\System\IkZoDBg.exe
  2⤵
  PID:4808
- C:\Windows\System\cIAMtIj.exe
  C:\Windows\System\cIAMtIj.exe
  2⤵
  PID:4828
- C:\Windows\System\lIXggrK.exe
  C:\Windows\System\lIXggrK.exe
  2⤵
  PID:4848
- C:\Windows\System\NuqcUSD.exe
  C:\Windows\System\NuqcUSD.exe
  2⤵
  PID:4868
- C:\Windows\System\abXMQRQ.exe
  C:\Windows\System\abXMQRQ.exe
  2⤵
  PID:4888
- C:\Windows\System\GUNHawQ.exe
  C:\Windows\System\GUNHawQ.exe
  2⤵
  PID:4908
- C:\Windows\System\UkRjWiW.exe
  C:\Windows\System\UkRjWiW.exe
  2⤵
  PID:4928
- C:\Windows\System\UIOuZLj.exe
  C:\Windows\System\UIOuZLj.exe
  2⤵
  PID:4948
- C:\Windows\System\aEZbdBN.exe
  C:\Windows\System\aEZbdBN.exe
  2⤵
  PID:4968
- C:\Windows\System\VMdOWKS.exe
  C:\Windows\System\VMdOWKS.exe
  2⤵
  PID:4988
- C:\Windows\System\eJZRSeP.exe
  C:\Windows\System\eJZRSeP.exe
  2⤵
  PID:5008
- C:\Windows\System\vGXKWsQ.exe
  C:\Windows\System\vGXKWsQ.exe
  2⤵
  PID:5028
- C:\Windows\System\oUuqnLZ.exe
  C:\Windows\System\oUuqnLZ.exe
  2⤵
  PID:5048
- C:\Windows\System\NNZFGSD.exe
  C:\Windows\System\NNZFGSD.exe
  2⤵
  PID:5068
- C:\Windows\System\KgqpOoT.exe
  C:\Windows\System\KgqpOoT.exe
  2⤵
  PID:5088
- C:\Windows\System\eKnpOZP.exe
  C:\Windows\System\eKnpOZP.exe
  2⤵
  PID:5108
- C:\Windows\System\sRgRSrv.exe
  C:\Windows\System\sRgRSrv.exe
  2⤵
  PID:3320
- C:\Windows\System\UesuJyS.exe
  C:\Windows\System\UesuJyS.exe
  2⤵
  PID:3444
- C:\Windows\System\nuPUrrs.exe
  C:\Windows\System\nuPUrrs.exe
  2⤵
  PID:3580
- C:\Windows\System\mQBHXgG.exe
  C:\Windows\System\mQBHXgG.exe
  2⤵
  PID:3676
- C:\Windows\System\jlHbrMf.exe
  C:\Windows\System\jlHbrMf.exe
  2⤵
  PID:3696
- C:\Windows\System\OvWnbcB.exe
  C:\Windows\System\OvWnbcB.exe
  2⤵
  PID:3860
- C:\Windows\System\RJpngNN.exe
  C:\Windows\System\RJpngNN.exe
  2⤵
  PID:3980
- C:\Windows\System\qYwgblj.exe
  C:\Windows\System\qYwgblj.exe
  2⤵
  PID:1828
- C:\Windows\System\jRHMBkG.exe
  C:\Windows\System\jRHMBkG.exe
  2⤵
  PID:852
- C:\Windows\System\uToHQpe.exe
  C:\Windows\System\uToHQpe.exe
  2⤵
  PID:772
- C:\Windows\System\srPrhMr.exe
  C:\Windows\System\srPrhMr.exe
  2⤵
  PID:3196
- C:\Windows\System\HATfdpN.exe
  C:\Windows\System\HATfdpN.exe
  2⤵
  PID:3204
- C:\Windows\System\ZSZaoLt.exe
  C:\Windows\System\ZSZaoLt.exe
  2⤵
  PID:4116
- C:\Windows\System\HUkEoyA.exe
  C:\Windows\System\HUkEoyA.exe
  2⤵
  PID:4172
- C:\Windows\System\kEdKriM.exe
  C:\Windows\System\kEdKriM.exe
  2⤵
  PID:4192
- C:\Windows\System\iCsaHxT.exe
  C:\Windows\System\iCsaHxT.exe
  2⤵
  PID:4216
- C:\Windows\System\fUqyBYa.exe
  C:\Windows\System\fUqyBYa.exe
  2⤵
  PID:4260
- C:\Windows\System\IIkzHSs.exe
  C:\Windows\System\IIkzHSs.exe
  2⤵
  PID:4300
- C:\Windows\System\PmLHeJO.exe
  C:\Windows\System\PmLHeJO.exe
  2⤵
  PID:4340
- C:\Windows\System\WaZrpIz.exe
  C:\Windows\System\WaZrpIz.exe
  2⤵
  PID:4356
- C:\Windows\System\FxzppIM.exe
  C:\Windows\System\FxzppIM.exe
  2⤵
  PID:4400
- C:\Windows\System\DFxBLmf.exe
  C:\Windows\System\DFxBLmf.exe
  2⤵
  PID:4456
- C:\Windows\System\xIbfarE.exe
  C:\Windows\System\xIbfarE.exe
  2⤵
  PID:4436
- C:\Windows\System\DKNOLrC.exe
  C:\Windows\System\DKNOLrC.exe
  2⤵
  PID:4504
- C:\Windows\System\OqLSnYw.exe
  C:\Windows\System\OqLSnYw.exe
  2⤵
  PID:4524
- C:\Windows\System\PQsVUTS.exe
  C:\Windows\System\PQsVUTS.exe
  2⤵
  PID:4564
- C:\Windows\System\gTfvYYm.exe
  C:\Windows\System\gTfvYYm.exe
  2⤵
  PID:4604
- C:\Windows\System\pgZsXum.exe
  C:\Windows\System\pgZsXum.exe
  2⤵
  PID:4656
- C:\Windows\System\ftMFMSV.exe
  C:\Windows\System\ftMFMSV.exe
  2⤵
  PID:4660
- C:\Windows\System\EDHGzVm.exe
  C:\Windows\System\EDHGzVm.exe
  2⤵
  PID:4704
- C:\Windows\System\qQmqqYA.exe
  C:\Windows\System\qQmqqYA.exe
  2⤵
  PID:4736
- C:\Windows\System\vshNkxU.exe
  C:\Windows\System\vshNkxU.exe
  2⤵
  PID:4760
- C:\Windows\System\nLZxCdg.exe
  C:\Windows\System\nLZxCdg.exe
  2⤵
  PID:4804
- C:\Windows\System\ffeeYIp.exe
  C:\Windows\System\ffeeYIp.exe
  2⤵
  PID:4836
- C:\Windows\System\fZRxLIa.exe
  C:\Windows\System\fZRxLIa.exe
  2⤵
  PID:4860
- C:\Windows\System\pGBVIOS.exe
  C:\Windows\System\pGBVIOS.exe
  2⤵
  PID:4880
- C:\Windows\System\JRuBBWu.exe
  C:\Windows\System\JRuBBWu.exe
  2⤵
  PID:4944
- C:\Windows\System\CJdTEDI.exe
  C:\Windows\System\CJdTEDI.exe
  2⤵
  PID:4960
- C:\Windows\System\IOXUBFY.exe
  C:\Windows\System\IOXUBFY.exe
  2⤵
  PID:5004
- C:\Windows\System\HyKjCGh.exe
  C:\Windows\System\HyKjCGh.exe
  2⤵
  PID:5036
- C:\Windows\System\spwxtqk.exe
  C:\Windows\System\spwxtqk.exe
  2⤵
  PID:5060
- C:\Windows\System\KWRCfPc.exe
  C:\Windows\System\KWRCfPc.exe
  2⤵
  PID:5080
- C:\Windows\System\PmitCiU.exe
  C:\Windows\System\PmitCiU.exe
  2⤵
  PID:3324
- C:\Windows\System\xEowJMj.exe
  C:\Windows\System\xEowJMj.exe
  2⤵
  PID:3684
- C:\Windows\System\IJQdkev.exe
  C:\Windows\System\IJQdkev.exe
  2⤵
  PID:3716
- C:\Windows\System\jhbbWmg.exe
  C:\Windows\System\jhbbWmg.exe
  2⤵
  PID:3880
- C:\Windows\System\VRfTJTX.exe
  C:\Windows\System\VRfTJTX.exe
  2⤵
  PID:4024
- C:\Windows\System\GPujCxo.exe
  C:\Windows\System\GPujCxo.exe
  2⤵
  PID:4088
- C:\Windows\System\zLOvRsv.exe
  C:\Windows\System\zLOvRsv.exe
  2⤵
  PID:3100
- C:\Windows\System\izPgzCf.exe
  C:\Windows\System\izPgzCf.exe
  2⤵
  PID:4140
- C:\Windows\System\vVSSErh.exe
  C:\Windows\System\vVSSErh.exe
  2⤵
  PID:4176
- C:\Windows\System\jPWJwCN.exe
  C:\Windows\System\jPWJwCN.exe
  2⤵
  PID:4240
- C:\Windows\System\SfZgNCP.exe
  C:\Windows\System\SfZgNCP.exe
  2⤵
  PID:4280
- C:\Windows\System\dabSFBl.exe
  C:\Windows\System\dabSFBl.exe
  2⤵
  PID:4360
- C:\Windows\System\JiRQWMP.exe
  C:\Windows\System\JiRQWMP.exe
  2⤵
  PID:4376
- C:\Windows\System\LyfNQrc.exe
  C:\Windows\System\LyfNQrc.exe
  2⤵
  PID:4460
- C:\Windows\System\EkxlPaL.exe
  C:\Windows\System\EkxlPaL.exe
  2⤵
  PID:4544
- C:\Windows\System\FdWLkoo.exe
  C:\Windows\System\FdWLkoo.exe
  2⤵
  PID:4584
- C:\Windows\System\TwqtzlX.exe
  C:\Windows\System\TwqtzlX.exe
  2⤵
  PID:4580
- C:\Windows\System\QAOFnmQ.exe
  C:\Windows\System\QAOFnmQ.exe
  2⤵
  PID:4696
- C:\Windows\System\fzSmRJu.exe
  C:\Windows\System\fzSmRJu.exe
  2⤵
  PID:4720
- C:\Windows\System\bkmhXdq.exe
  C:\Windows\System\bkmhXdq.exe
  2⤵
  PID:4780
- C:\Windows\System\qgNbMql.exe
  C:\Windows\System\qgNbMql.exe
  2⤵
  PID:4884
- C:\Windows\System\EYUYGaZ.exe
  C:\Windows\System\EYUYGaZ.exe
  2⤵
  PID:4916
- C:\Windows\System\Wzmrzni.exe
  C:\Windows\System\Wzmrzni.exe
  2⤵
  PID:4956
- C:\Windows\System\mqVckFl.exe
  C:\Windows\System\mqVckFl.exe
  2⤵
  PID:5020
- C:\Windows\System\aWcNTJU.exe
  C:\Windows\System\aWcNTJU.exe
  2⤵
  PID:5104
- C:\Windows\System\eEEQJKv.exe
  C:\Windows\System\eEEQJKv.exe
  2⤵
  PID:3416
- C:\Windows\System\pzhlSdy.exe
  C:\Windows\System\pzhlSdy.exe
  2⤵
  PID:3820
- C:\Windows\System\TrEAhCC.exe
  C:\Windows\System\TrEAhCC.exe
  2⤵
  PID:3984
- C:\Windows\System\QPYBDnC.exe
  C:\Windows\System\QPYBDnC.exe
  2⤵
  PID:3104
- C:\Windows\System\BURZiZJ.exe
  C:\Windows\System\BURZiZJ.exe
  2⤵
  PID:3276
- C:\Windows\System\gCYsrgl.exe
  C:\Windows\System\gCYsrgl.exe
  2⤵
  PID:4220
- C:\Windows\System\lVNNmLq.exe
  C:\Windows\System\lVNNmLq.exe
  2⤵
  PID:4336
- C:\Windows\System\tIRpSQN.exe
  C:\Windows\System\tIRpSQN.exe
  2⤵
  PID:4420
- C:\Windows\System\zNGixGy.exe
  C:\Windows\System\zNGixGy.exe
  2⤵
  PID:4576
- C:\Windows\System\HgVYGyC.exe
  C:\Windows\System\HgVYGyC.exe
  2⤵
  PID:4600
- C:\Windows\System\fHserkH.exe
  C:\Windows\System\fHserkH.exe
  2⤵
  PID:5140
- C:\Windows\System\OffCoht.exe
  C:\Windows\System\OffCoht.exe
  2⤵
  PID:5160
- C:\Windows\System\gpzhnQf.exe
  C:\Windows\System\gpzhnQf.exe
  2⤵
  PID:5180
- C:\Windows\System\BxBTPlc.exe
  C:\Windows\System\BxBTPlc.exe
  2⤵
  PID:5200
- C:\Windows\System\uZJtlsb.exe
  C:\Windows\System\uZJtlsb.exe
  2⤵
  PID:5220
- C:\Windows\System\wwTuNbK.exe
  C:\Windows\System\wwTuNbK.exe
  2⤵
  PID:5240
- C:\Windows\System\yjgFsVl.exe
  C:\Windows\System\yjgFsVl.exe
  2⤵
  PID:5260
- C:\Windows\System\LimfeTx.exe
  C:\Windows\System\LimfeTx.exe
  2⤵
  PID:5280
- C:\Windows\System\CeSjbew.exe
  C:\Windows\System\CeSjbew.exe
  2⤵
  PID:5300
- C:\Windows\System\RgYXbNs.exe
  C:\Windows\System\RgYXbNs.exe
  2⤵
  PID:5320
- C:\Windows\System\efEMoen.exe
  C:\Windows\System\efEMoen.exe
  2⤵
  PID:5340
- C:\Windows\System\sbnxPuu.exe
  C:\Windows\System\sbnxPuu.exe
  2⤵
  PID:5360
- C:\Windows\System\wVNHUTZ.exe
  C:\Windows\System\wVNHUTZ.exe
  2⤵
  PID:5380
- C:\Windows\System\GNXDjLO.exe
  C:\Windows\System\GNXDjLO.exe
  2⤵
  PID:5400
- C:\Windows\System\JPCeYvC.exe
  C:\Windows\System\JPCeYvC.exe
  2⤵
  PID:5420
- C:\Windows\System\CDjsMEe.exe
  C:\Windows\System\CDjsMEe.exe
  2⤵
  PID:5440
- C:\Windows\System\NStnXWf.exe
  C:\Windows\System\NStnXWf.exe
  2⤵
  PID:5460
- C:\Windows\System\APVsCGr.exe
  C:\Windows\System\APVsCGr.exe
  2⤵
  PID:5480
- C:\Windows\System\ossmLMo.exe
  C:\Windows\System\ossmLMo.exe
  2⤵
  PID:5500
- C:\Windows\System\wMQrMtG.exe
  C:\Windows\System\wMQrMtG.exe
  2⤵
  PID:5520
- C:\Windows\System\ZWQLIdu.exe
  C:\Windows\System\ZWQLIdu.exe
  2⤵
  PID:5540
- C:\Windows\System\QSfkTkT.exe
  C:\Windows\System\QSfkTkT.exe
  2⤵
  PID:5560
- C:\Windows\System\iuHmdxQ.exe
  C:\Windows\System\iuHmdxQ.exe
  2⤵
  PID:5580
- C:\Windows\System\VHRQndP.exe
  C:\Windows\System\VHRQndP.exe
  2⤵
  PID:5600
- C:\Windows\System\jkibAhx.exe
  C:\Windows\System\jkibAhx.exe
  2⤵
  PID:5620
- C:\Windows\System\CvURkdg.exe
  C:\Windows\System\CvURkdg.exe
  2⤵
  PID:5640
- C:\Windows\System\qOivHSH.exe
  C:\Windows\System\qOivHSH.exe
  2⤵
  PID:5660
- C:\Windows\System\KOdpWzB.exe
  C:\Windows\System\KOdpWzB.exe
  2⤵
  PID:5680
- C:\Windows\System\TVWtUCN.exe
  C:\Windows\System\TVWtUCN.exe
  2⤵
  PID:5700
- C:\Windows\System\ozKcAmt.exe
  C:\Windows\System\ozKcAmt.exe
  2⤵
  PID:5720
- C:\Windows\System\cfVqlLD.exe
  C:\Windows\System\cfVqlLD.exe
  2⤵
  PID:5740
- C:\Windows\System\zSnrfwg.exe
  C:\Windows\System\zSnrfwg.exe
  2⤵
  PID:5760
- C:\Windows\System\xeLFtah.exe
  C:\Windows\System\xeLFtah.exe
  2⤵
  PID:5780
- C:\Windows\System\MPdIAnd.exe
  C:\Windows\System\MPdIAnd.exe
  2⤵
  PID:5800
- C:\Windows\System\ejeIuSe.exe
  C:\Windows\System\ejeIuSe.exe
  2⤵
  PID:5820
- C:\Windows\System\RuMvvIU.exe
  C:\Windows\System\RuMvvIU.exe
  2⤵
  PID:5840
- C:\Windows\System\TWVGGix.exe
  C:\Windows\System\TWVGGix.exe
  2⤵
  PID:5860
- C:\Windows\System\mMzPjvu.exe
  C:\Windows\System\mMzPjvu.exe
  2⤵
  PID:5880
- C:\Windows\System\ZAJDUBX.exe
  C:\Windows\System\ZAJDUBX.exe
  2⤵
  PID:5900
- C:\Windows\System\qFRzwXC.exe
  C:\Windows\System\qFRzwXC.exe
  2⤵
  PID:5920
- C:\Windows\System\rKywCuZ.exe
  C:\Windows\System\rKywCuZ.exe
  2⤵
  PID:5944
- C:\Windows\System\kQEnDtC.exe
  C:\Windows\System\kQEnDtC.exe
  2⤵
  PID:5964
- C:\Windows\System\IGtOmiJ.exe
  C:\Windows\System\IGtOmiJ.exe
  2⤵
  PID:5984
- C:\Windows\System\vhhBqBH.exe
  C:\Windows\System\vhhBqBH.exe
  2⤵
  PID:6004
- C:\Windows\System\jLaWOVF.exe
  C:\Windows\System\jLaWOVF.exe
  2⤵
  PID:6024
- C:\Windows\System\FNhIXwT.exe
  C:\Windows\System\FNhIXwT.exe
  2⤵
  PID:6044
- C:\Windows\System\cJkFwOe.exe
  C:\Windows\System\cJkFwOe.exe
  2⤵
  PID:6064
- C:\Windows\System\uIPlhia.exe
  C:\Windows\System\uIPlhia.exe
  2⤵
  PID:6084
- C:\Windows\System\NEczmfV.exe
  C:\Windows\System\NEczmfV.exe
  2⤵
  PID:6104
- C:\Windows\System\cPgNLRE.exe
  C:\Windows\System\cPgNLRE.exe
  2⤵
  PID:6124
- C:\Windows\System\GmoXALn.exe
  C:\Windows\System\GmoXALn.exe
  2⤵
  PID:4664
- C:\Windows\System\OKbnQqj.exe
  C:\Windows\System\OKbnQqj.exe
  2⤵
  PID:4716
- C:\Windows\System\kDFosmx.exe
  C:\Windows\System\kDFosmx.exe
  2⤵
  PID:4784
- C:\Windows\System\lZCaWnM.exe
  C:\Windows\System\lZCaWnM.exe
  2⤵
  PID:4896
- C:\Windows\System\lILhQKR.exe
  C:\Windows\System\lILhQKR.exe
  2⤵
  PID:4924
- C:\Windows\System\IiJKgeA.exe
  C:\Windows\System\IiJKgeA.exe
  2⤵
  PID:5084
- C:\Windows\System\ulgJWPn.exe
  C:\Windows\System\ulgJWPn.exe
  2⤵
  PID:3888
- C:\Windows\System\Wprozaq.exe
  C:\Windows\System\Wprozaq.exe
  2⤵
  PID:1852
- C:\Windows\System\oDARgpn.exe
  C:\Windows\System\oDARgpn.exe
  2⤵
  PID:3216
- C:\Windows\System\kMhEKjH.exe
  C:\Windows\System\kMhEKjH.exe
  2⤵
  PID:4272
- C:\Windows\System\TgTFxLs.exe
  C:\Windows\System\TgTFxLs.exe
  2⤵
  PID:4440
- C:\Windows\System\uvUrxAV.exe
  C:\Windows\System\uvUrxAV.exe
  2⤵
  PID:5136
- C:\Windows\System\tiZLmBF.exe
  C:\Windows\System\tiZLmBF.exe
  2⤵
  PID:5168
- C:\Windows\System\GonGulc.exe
  C:\Windows\System\GonGulc.exe
  2⤵
  PID:5208
- C:\Windows\System\MBVKRvC.exe
  C:\Windows\System\MBVKRvC.exe
  2⤵
  PID:5212
- C:\Windows\System\ulNYlSA.exe
  C:\Windows\System\ulNYlSA.exe
  2⤵
  PID:5232
- C:\Windows\System\OdosKsL.exe
  C:\Windows\System\OdosKsL.exe
  2⤵
  PID:5272
- C:\Windows\System\eCJFWgD.exe
  C:\Windows\System\eCJFWgD.exe
  2⤵
  PID:5336
- C:\Windows\System\qBllUjT.exe
  C:\Windows\System\qBllUjT.exe
  2⤵
  PID:5368
- C:\Windows\System\dYBZrBZ.exe
  C:\Windows\System\dYBZrBZ.exe
  2⤵
  PID:5388
- C:\Windows\System\cUsPKlo.exe
  C:\Windows\System\cUsPKlo.exe
  2⤵
  PID:5412
- C:\Windows\System\ipDEcKy.exe
  C:\Windows\System\ipDEcKy.exe
  2⤵
  PID:5456
- C:\Windows\System\hFYgSrY.exe
  C:\Windows\System\hFYgSrY.exe
  2⤵
  PID:5476
- C:\Windows\System\DpgZYBO.exe
  C:\Windows\System\DpgZYBO.exe
  2⤵
  PID:5516
- C:\Windows\System\zaduftL.exe
  C:\Windows\System\zaduftL.exe
  2⤵
  PID:5568
- C:\Windows\System\hPzRYyv.exe
  C:\Windows\System\hPzRYyv.exe
  2⤵
  PID:5588
- C:\Windows\System\XTKbBAD.exe
  C:\Windows\System\XTKbBAD.exe
  2⤵
  PID:5612
- C:\Windows\System\ZZkVgrG.exe
  C:\Windows\System\ZZkVgrG.exe
  2⤵
  PID:5656
- C:\Windows\System\ZGeQiGP.exe
  C:\Windows\System\ZGeQiGP.exe
  2⤵
  PID:5696
- C:\Windows\System\NzzLVNe.exe
  C:\Windows\System\NzzLVNe.exe
  2⤵
  PID:5716
- C:\Windows\System\agDipyA.exe
  C:\Windows\System\agDipyA.exe
  2⤵
  PID:5756
- C:\Windows\System\cLIqnTD.exe
  C:\Windows\System\cLIqnTD.exe
  2⤵
  PID:5788
- C:\Windows\System\EGMuxwc.exe
  C:\Windows\System\EGMuxwc.exe
  2⤵
  PID:5812
- C:\Windows\System\PhnZtvG.exe
  C:\Windows\System\PhnZtvG.exe
  2⤵
  PID:5856
- C:\Windows\System\uBHBApF.exe
  C:\Windows\System\uBHBApF.exe
  2⤵
  PID:5896
- C:\Windows\System\lOCzZwF.exe
  C:\Windows\System\lOCzZwF.exe
  2⤵
  PID:5940
- C:\Windows\System\CyukqSb.exe
  C:\Windows\System\CyukqSb.exe
  2⤵
  PID:5960
- C:\Windows\System\OftvBkz.exe
  C:\Windows\System\OftvBkz.exe
  2⤵
  PID:5992
- C:\Windows\System\GJtQGau.exe
  C:\Windows\System\GJtQGau.exe
  2⤵
  PID:6016
- C:\Windows\System\zLsPtMe.exe
  C:\Windows\System\zLsPtMe.exe
  2⤵
  PID:6060
- C:\Windows\System\CknbZzZ.exe
  C:\Windows\System\CknbZzZ.exe
  2⤵
  PID:6096
- C:\Windows\System\KIOGvfn.exe
  C:\Windows\System\KIOGvfn.exe
  2⤵
  PID:6120
- C:\Windows\System\KkACVXP.exe
  C:\Windows\System\KkACVXP.exe
  2⤵
  PID:4684
- C:\Windows\System\uxchhSy.exe
  C:\Windows\System\uxchhSy.exe
  2⤵
  PID:4940
- C:\Windows\System\KTZBeRk.exe
  C:\Windows\System\KTZBeRk.exe
  2⤵
  PID:4980
- C:\Windows\System\NdgBRDZ.exe
  C:\Windows\System\NdgBRDZ.exe
  2⤵
  PID:5044
- C:\Windows\System\ZxiHKPF.exe
  C:\Windows\System\ZxiHKPF.exe
  2⤵
  PID:3644
- C:\Windows\System\pSjanNF.exe
  C:\Windows\System\pSjanNF.exe
  2⤵
  PID:4136
- C:\Windows\System\nwosggz.exe
  C:\Windows\System\nwosggz.exe
  2⤵
  PID:5128
- C:\Windows\System\pBEQyKW.exe
  C:\Windows\System\pBEQyKW.exe
  2⤵
  PID:5188
- C:\Windows\System\WUvItpd.exe
  C:\Windows\System\WUvItpd.exe
  2⤵
  PID:5236
- C:\Windows\System\FtxTQnj.exe
  C:\Windows\System\FtxTQnj.exe
  2⤵
  PID:5288
- C:\Windows\System\AxkuGpY.exe
  C:\Windows\System\AxkuGpY.exe
  2⤵
  PID:5308
- C:\Windows\System\zxfOiAU.exe
  C:\Windows\System\zxfOiAU.exe
  2⤵
  PID:5396
- C:\Windows\System\nzPwmHx.exe
  C:\Windows\System\nzPwmHx.exe
  2⤵
  PID:5432
- C:\Windows\System\yeWrhIz.exe
  C:\Windows\System\yeWrhIz.exe
  2⤵
  PID:5492
- C:\Windows\System\MQpnSxV.exe
  C:\Windows\System\MQpnSxV.exe
  2⤵
  PID:5552
- C:\Windows\System\lmJdhSk.exe
  C:\Windows\System\lmJdhSk.exe
  2⤵
  PID:5616
- C:\Windows\System\wCbiFEb.exe
  C:\Windows\System\wCbiFEb.exe
  2⤵
  PID:5688
- C:\Windows\System\EkBOmze.exe
  C:\Windows\System\EkBOmze.exe
  2⤵
  PID:5748
- C:\Windows\System\HSrfiEu.exe
  C:\Windows\System\HSrfiEu.exe
  2⤵
  PID:5772
- C:\Windows\System\eYLroQq.exe
  C:\Windows\System\eYLroQq.exe
  2⤵
  PID:5868
- C:\Windows\System\JOwBIOL.exe
  C:\Windows\System\JOwBIOL.exe
  2⤵
  PID:5892
- C:\Windows\System\aDnoWfh.exe
  C:\Windows\System\aDnoWfh.exe
  2⤵
  PID:5932
- C:\Windows\System\qZhNJtx.exe
  C:\Windows\System\qZhNJtx.exe
  2⤵
  PID:5956
- C:\Windows\System\tVQFDTe.exe
  C:\Windows\System\tVQFDTe.exe
  2⤵
  PID:6052
- C:\Windows\System\UYhItwL.exe
  C:\Windows\System\UYhItwL.exe
  2⤵
  PID:4764
- C:\Windows\System\wlaKMxr.exe
  C:\Windows\System\wlaKMxr.exe
  2⤵
  PID:4740
- C:\Windows\System\CwtrnBl.exe
  C:\Windows\System\CwtrnBl.exe
  2⤵
  PID:3344
- C:\Windows\System\rLKWRzz.exe
  C:\Windows\System\rLKWRzz.exe
  2⤵
  PID:4120
- C:\Windows\System\IOKoFZI.exe
  C:\Windows\System\IOKoFZI.exe
  2⤵
  PID:4536
- C:\Windows\System\uYVoIvK.exe
  C:\Windows\System\uYVoIvK.exe
  2⤵
  PID:4556
- C:\Windows\System\cUgNIaA.exe
  C:\Windows\System\cUgNIaA.exe
  2⤵
  PID:5348
- C:\Windows\System\lZdaawt.exe
  C:\Windows\System\lZdaawt.exe
  2⤵
  PID:5392
- C:\Windows\System\DYgGkaz.exe
  C:\Windows\System\DYgGkaz.exe
  2⤵
  PID:5468
- C:\Windows\System\IFpoExm.exe
  C:\Windows\System\IFpoExm.exe
  2⤵
  PID:5548
- C:\Windows\System\GQDsvZZ.exe
  C:\Windows\System\GQDsvZZ.exe
  2⤵
  PID:6160
- C:\Windows\System\FuXHZHZ.exe
  C:\Windows\System\FuXHZHZ.exe
  2⤵
  PID:6180
- C:\Windows\System\WVkFVGI.exe
  C:\Windows\System\WVkFVGI.exe
  2⤵
  PID:6200
- C:\Windows\System\ZITmWdY.exe
  C:\Windows\System\ZITmWdY.exe
  2⤵
  PID:6220
- C:\Windows\System\agSpQXH.exe
  C:\Windows\System\agSpQXH.exe
  2⤵
  PID:6240
- C:\Windows\System\pLXZduA.exe
  C:\Windows\System\pLXZduA.exe
  2⤵
  PID:6260
- C:\Windows\System\wytCIoS.exe
  C:\Windows\System\wytCIoS.exe
  2⤵
  PID:6280
- C:\Windows\System\PGYuHzY.exe
  C:\Windows\System\PGYuHzY.exe
  2⤵
  PID:6300
- C:\Windows\System\lhHvqmO.exe
  C:\Windows\System\lhHvqmO.exe
  2⤵
  PID:6320
- C:\Windows\System\uOCEqRi.exe
  C:\Windows\System\uOCEqRi.exe
  2⤵
  PID:6340
- C:\Windows\System\xqkFXYX.exe
  C:\Windows\System\xqkFXYX.exe
  2⤵
  PID:6360
- C:\Windows\System\ctJLSDJ.exe
  C:\Windows\System\ctJLSDJ.exe
  2⤵
  PID:6380
- C:\Windows\System\kjIiIhb.exe
  C:\Windows\System\kjIiIhb.exe
  2⤵
  PID:6400
- C:\Windows\System\tYCKClV.exe
  C:\Windows\System\tYCKClV.exe
  2⤵
  PID:6420
- C:\Windows\System\JKuXzUd.exe
  C:\Windows\System\JKuXzUd.exe
  2⤵
  PID:6444
- C:\Windows\System\wDwTYyR.exe
  C:\Windows\System\wDwTYyR.exe
  2⤵
  PID:6464
- C:\Windows\System\iqKAVjJ.exe
  C:\Windows\System\iqKAVjJ.exe
  2⤵
  PID:6484
- C:\Windows\System\iSJMeLa.exe
  C:\Windows\System\iSJMeLa.exe
  2⤵
  PID:6504
- C:\Windows\System\XTUqqfI.exe
  C:\Windows\System\XTUqqfI.exe
  2⤵
  PID:6524
- C:\Windows\System\iLCqFdQ.exe
  C:\Windows\System\iLCqFdQ.exe
  2⤵
  PID:6544
- C:\Windows\System\GOOSpTX.exe
  C:\Windows\System\GOOSpTX.exe
  2⤵
  PID:6564
- C:\Windows\System\WGtdsDo.exe
  C:\Windows\System\WGtdsDo.exe
  2⤵
  PID:6584
- C:\Windows\System\dYAFxjy.exe
  C:\Windows\System\dYAFxjy.exe
  2⤵
  PID:6604
- C:\Windows\System\THCEece.exe
  C:\Windows\System\THCEece.exe
  2⤵
  PID:6624
- C:\Windows\System\VSDHXeX.exe
  C:\Windows\System\VSDHXeX.exe
  2⤵
  PID:6644
- C:\Windows\System\EunJNzL.exe
  C:\Windows\System\EunJNzL.exe
  2⤵
  PID:6664
- C:\Windows\System\pwKTbcm.exe
  C:\Windows\System\pwKTbcm.exe
  2⤵
  PID:6684
- C:\Windows\System\jzVlqNe.exe
  C:\Windows\System\jzVlqNe.exe
  2⤵
  PID:6704
- C:\Windows\System\SfjenbW.exe
  C:\Windows\System\SfjenbW.exe
  2⤵
  PID:6724
- C:\Windows\System\ltKBNZm.exe
  C:\Windows\System\ltKBNZm.exe
  2⤵
  PID:6744
- C:\Windows\System\QDVzrXv.exe
  C:\Windows\System\QDVzrXv.exe
  2⤵
  PID:6764
- C:\Windows\System\UecKdzW.exe
  C:\Windows\System\UecKdzW.exe
  2⤵
  PID:6784
- C:\Windows\System\iehlgpT.exe
  C:\Windows\System\iehlgpT.exe
  2⤵
  PID:6804
- C:\Windows\System\JqbxZqu.exe
  C:\Windows\System\JqbxZqu.exe
  2⤵
  PID:6824
- C:\Windows\System\saukCcq.exe
  C:\Windows\System\saukCcq.exe
  2⤵
  PID:6844
- C:\Windows\System\VwJZLhm.exe
  C:\Windows\System\VwJZLhm.exe
  2⤵
  PID:6864
- C:\Windows\System\JkrDJOt.exe
  C:\Windows\System\JkrDJOt.exe
  2⤵
  PID:6884
- C:\Windows\System\kUldSXK.exe
  C:\Windows\System\kUldSXK.exe
  2⤵
  PID:6904
- C:\Windows\System\ozhfdRK.exe
  C:\Windows\System\ozhfdRK.exe
  2⤵
  PID:6924
- C:\Windows\System\WYxSMjg.exe
  C:\Windows\System\WYxSMjg.exe
  2⤵
  PID:6944
- C:\Windows\System\bLDuYMi.exe
  C:\Windows\System\bLDuYMi.exe
  2⤵
  PID:6964
- C:\Windows\System\lveLzJm.exe
  C:\Windows\System\lveLzJm.exe
  2⤵
  PID:6984
- C:\Windows\System\rbKYtww.exe
  C:\Windows\System\rbKYtww.exe
  2⤵
  PID:7004
- C:\Windows\System\itAAHNB.exe
  C:\Windows\System\itAAHNB.exe
  2⤵
  PID:7024
- C:\Windows\System\awmHRRl.exe
  C:\Windows\System\awmHRRl.exe
  2⤵
  PID:7044
- C:\Windows\System\WGUvZmj.exe
  C:\Windows\System\WGUvZmj.exe
  2⤵
  PID:7064
- C:\Windows\System\HwfTphC.exe
  C:\Windows\System\HwfTphC.exe
  2⤵
  PID:7084
- C:\Windows\System\gtrgzXS.exe
  C:\Windows\System\gtrgzXS.exe
  2⤵
  PID:7104
- C:\Windows\System\kElBBUQ.exe
  C:\Windows\System\kElBBUQ.exe
  2⤵
  PID:7124
- C:\Windows\System\bBDYmOG.exe
  C:\Windows\System\bBDYmOG.exe
  2⤵
  PID:7144
- C:\Windows\System\VqtlxtJ.exe
  C:\Windows\System\VqtlxtJ.exe
  2⤵
  PID:7164
- C:\Windows\System\uWpxGas.exe
  C:\Windows\System\uWpxGas.exe
  2⤵
  PID:5632
- C:\Windows\System\ZGHOhnC.exe
  C:\Windows\System\ZGHOhnC.exe
  2⤵
  PID:5796
- C:\Windows\System\icgTlyP.exe
  C:\Windows\System\icgTlyP.exe
  2⤵
  PID:5792
- C:\Windows\System\qRxOKVf.exe
  C:\Windows\System\qRxOKVf.exe
  2⤵
  PID:6000
- C:\Windows\System\tQHNtge.exe
  C:\Windows\System\tQHNtge.exe
  2⤵
  PID:6080
- C:\Windows\System\LIWTzlq.exe
  C:\Windows\System\LIWTzlq.exe
  2⤵
  PID:6132
- C:\Windows\System\rbISlsw.exe
  C:\Windows\System\rbISlsw.exe
  2⤵
  PID:4840
- C:\Windows\System\Awpjrrc.exe
  C:\Windows\System\Awpjrrc.exe
  2⤵
  PID:3440
- C:\Windows\System\BmTKlDN.exe
  C:\Windows\System\BmTKlDN.exe
  2⤵
  PID:5172
- C:\Windows\System\FCWHSCF.exe
  C:\Windows\System\FCWHSCF.exe
  2⤵
  PID:5372
- C:\Windows\System\efFuWXG.exe
  C:\Windows\System\efFuWXG.exe
  2⤵
  PID:6148
- C:\Windows\System\mzxAgKU.exe
  C:\Windows\System\mzxAgKU.exe
  2⤵
  PID:6168
- C:\Windows\System\DVzZJNa.exe
  C:\Windows\System\DVzZJNa.exe
  2⤵
  PID:6192
- C:\Windows\System\WVpPtUf.exe
  C:\Windows\System\WVpPtUf.exe
  2⤵
  PID:6232
- C:\Windows\System\VOETCiJ.exe
  C:\Windows\System\VOETCiJ.exe
  2⤵
  PID:6252
- C:\Windows\System\onNnBcO.exe
  C:\Windows\System\onNnBcO.exe
  2⤵
  PID:6292
- C:\Windows\System\TrMegCG.exe
  C:\Windows\System\TrMegCG.exe
  2⤵
  PID:6336
- C:\Windows\System\xNOewHq.exe
  C:\Windows\System\xNOewHq.exe
  2⤵
  PID:6388
- C:\Windows\System\wYSddhf.exe
  C:\Windows\System\wYSddhf.exe
  2⤵
  PID:6392
- C:\Windows\System\FfMQYsm.exe
  C:\Windows\System\FfMQYsm.exe
  2⤵
  PID:6432
- C:\Windows\System\hGxHiBj.exe
  C:\Windows\System\hGxHiBj.exe
  2⤵
  PID:6480
- C:\Windows\System\FWhPqCl.exe
  C:\Windows\System\FWhPqCl.exe
  2⤵
  PID:6520
- C:\Windows\System\yNSXukm.exe
  C:\Windows\System\yNSXukm.exe
  2⤵
  PID:6536
- C:\Windows\System\GVmgDRr.exe
  C:\Windows\System\GVmgDRr.exe
  2⤵
  PID:6592
- C:\Windows\System\gpljADe.exe
  C:\Windows\System\gpljADe.exe
  2⤵
  PID:6612
- C:\Windows\System\aLkBNkH.exe
  C:\Windows\System\aLkBNkH.exe
  2⤵
  PID:6636
- C:\Windows\System\vBBpgNZ.exe
  C:\Windows\System\vBBpgNZ.exe
  2⤵
  PID:6680
- C:\Windows\System\mwJwpWS.exe
  C:\Windows\System\mwJwpWS.exe
  2⤵
  PID:6696
- C:\Windows\System\IDkITBA.exe
  C:\Windows\System\IDkITBA.exe
  2⤵
  PID:6752
- C:\Windows\System\XtWSgPS.exe
  C:\Windows\System\XtWSgPS.exe
  2⤵
  PID:6792
- C:\Windows\System\badZNhl.exe
  C:\Windows\System\badZNhl.exe
  2⤵
  PID:6812
- C:\Windows\System\qsCAKUI.exe
  C:\Windows\System\qsCAKUI.exe
  2⤵
  PID:6836
- C:\Windows\System\keAzvao.exe
  C:\Windows\System\keAzvao.exe
  2⤵
  PID:6880
- C:\Windows\System\clxUsby.exe
  C:\Windows\System\clxUsby.exe
  2⤵
  PID:6920
- C:\Windows\System\ijsaTJj.exe
  C:\Windows\System\ijsaTJj.exe
  2⤵
  PID:6960
- C:\Windows\System\nfKtfnx.exe
  C:\Windows\System\nfKtfnx.exe
  2⤵
  PID:6992
- C:\Windows\System\djVdyIG.exe
  C:\Windows\System\djVdyIG.exe
  2⤵
  PID:7012
- C:\Windows\System\DnJzWba.exe
  C:\Windows\System\DnJzWba.exe
  2⤵
  PID:7036
- C:\Windows\System\SramAGv.exe
  C:\Windows\System\SramAGv.exe
  2⤵
  PID:7076
- C:\Windows\System\JKgtmbu.exe
  C:\Windows\System\JKgtmbu.exe
  2⤵
  PID:7112
- C:\Windows\System\RsgBbLj.exe
  C:\Windows\System\RsgBbLj.exe
  2⤵
  PID:7152
- C:\Windows\System\ftDIXAa.exe
  C:\Windows\System\ftDIXAa.exe
  2⤵
  PID:5732
- C:\Windows\System\HTmNgVv.exe
  C:\Windows\System\HTmNgVv.exe
  2⤵
  PID:5592
- C:\Windows\System\oCpylMN.exe
  C:\Windows\System\oCpylMN.exe
  2⤵
  PID:5908
- C:\Windows\System\flhlbrO.exe
  C:\Windows\System\flhlbrO.exe
  2⤵
  PID:6020
- C:\Windows\System\dCpzuTg.exe
  C:\Windows\System\dCpzuTg.exe
  2⤵
  PID:1848
- C:\Windows\System\hJLpwxm.exe
  C:\Windows\System\hJLpwxm.exe
  2⤵
  PID:5148
- C:\Windows\System\NtbghwK.exe
  C:\Windows\System\NtbghwK.exe
  2⤵
  PID:5276
- C:\Windows\System\ETOqzbp.exe
  C:\Windows\System\ETOqzbp.exe
  2⤵
  PID:5532
- C:\Windows\System\zaXxogG.exe
  C:\Windows\System\zaXxogG.exe
  2⤵
  PID:6212
- C:\Windows\System\ZLltKlg.exe
  C:\Windows\System\ZLltKlg.exe
  2⤵
  PID:6268
- C:\Windows\System\QKisSsV.exe
  C:\Windows\System\QKisSsV.exe
  2⤵
  PID:6348
- C:\Windows\System\CxvRyDB.exe
  C:\Windows\System\CxvRyDB.exe
  2⤵
  PID:6428
- C:\Windows\System\YkhXSle.exe
  C:\Windows\System\YkhXSle.exe
  2⤵
  PID:3032
- C:\Windows\System\YjXEuSg.exe
  C:\Windows\System\YjXEuSg.exe
  2⤵
  PID:6456
- C:\Windows\System\kxvcSRn.exe
  C:\Windows\System\kxvcSRn.exe
  2⤵
  PID:6556
- C:\Windows\System\tLeHqZk.exe
  C:\Windows\System\tLeHqZk.exe
  2⤵
  PID:6596
- C:\Windows\System\oTCmnIV.exe
  C:\Windows\System\oTCmnIV.exe
  2⤵
  PID:6672
- C:\Windows\System\ePPimbY.exe
  C:\Windows\System\ePPimbY.exe
  2⤵
  PID:6736
- C:\Windows\System\xSedycI.exe
  C:\Windows\System\xSedycI.exe
  2⤵
  PID:6760
- C:\Windows\System\gRDcbmM.exe
  C:\Windows\System\gRDcbmM.exe
  2⤵
  PID:6796
- C:\Windows\System\jBuhQzb.exe
  C:\Windows\System\jBuhQzb.exe
  2⤵
  PID:6856
- C:\Windows\System\QBCQPgN.exe
  C:\Windows\System\QBCQPgN.exe
  2⤵
  PID:6952
- C:\Windows\System\uJEtUEj.exe
  C:\Windows\System\uJEtUEj.exe
  2⤵
  PID:6996
- C:\Windows\System\AavSXgI.exe
  C:\Windows\System\AavSXgI.exe
  2⤵
  PID:7092
- C:\Windows\System\muzezhb.exe
  C:\Windows\System\muzezhb.exe
  2⤵
  PID:7156
- C:\Windows\System\qbEalPV.exe
  C:\Windows\System\qbEalPV.exe
  2⤵
  PID:5636
- C:\Windows\System\bWUJgRY.exe
  C:\Windows\System\bWUJgRY.exe
  2⤵
  PID:5836
- C:\Windows\System\FhGXIqk.exe
  C:\Windows\System\FhGXIqk.exe
  2⤵
  PID:5352
- C:\Windows\System\thQvcvJ.exe
  C:\Windows\System\thQvcvJ.exe
  2⤵
  PID:6072
- C:\Windows\System\ExFYnSi.exe
  C:\Windows\System\ExFYnSi.exe
  2⤵
  PID:6152
- C:\Windows\System\QdeJsyo.exe
  C:\Windows\System\QdeJsyo.exe
  2⤵
  PID:6312
- C:\Windows\System\bVBgLZV.exe
  C:\Windows\System\bVBgLZV.exe
  2⤵
  PID:6412
- C:\Windows\System\ibepoPe.exe
  C:\Windows\System\ibepoPe.exe
  2⤵
  PID:6500
- C:\Windows\System\phlaiEU.exe
  C:\Windows\System\phlaiEU.exe
  2⤵
  PID:6460
- C:\Windows\System\IulAJpD.exe
  C:\Windows\System\IulAJpD.exe
  2⤵
  PID:6616
- C:\Windows\System\miTYgel.exe
  C:\Windows\System\miTYgel.exe
  2⤵
  PID:6716
- C:\Windows\System\cnejLVv.exe
  C:\Windows\System\cnejLVv.exe
  2⤵
  PID:6872
- C:\Windows\System\doPGiuZ.exe
  C:\Windows\System\doPGiuZ.exe
  2⤵
  PID:6840
- C:\Windows\System\bLDhHjs.exe
  C:\Windows\System\bLDhHjs.exe
  2⤵
  PID:6976
- C:\Windows\System\DGZrTFW.exe
  C:\Windows\System\DGZrTFW.exe
  2⤵
  PID:7176
- C:\Windows\System\GUPejTE.exe
  C:\Windows\System\GUPejTE.exe
  2⤵
  PID:7200
- C:\Windows\System\AxoHObg.exe
  C:\Windows\System\AxoHObg.exe
  2⤵
  PID:7216
- C:\Windows\System\tAvTZFX.exe
  C:\Windows\System\tAvTZFX.exe
  2⤵
  PID:7240
- C:\Windows\System\YNMnQAC.exe
  C:\Windows\System\YNMnQAC.exe
  2⤵
  PID:7256
- C:\Windows\System\bYAZnIx.exe
  C:\Windows\System\bYAZnIx.exe
  2⤵
  PID:7272
- C:\Windows\System\LWnpdHl.exe
  C:\Windows\System\LWnpdHl.exe
  2⤵
  PID:7296
- C:\Windows\System\bipDpKZ.exe
  C:\Windows\System\bipDpKZ.exe
  2⤵
  PID:7316
- C:\Windows\System\GyQwLyM.exe
  C:\Windows\System\GyQwLyM.exe
  2⤵
  PID:7336
- C:\Windows\System\wceIgAv.exe
  C:\Windows\System\wceIgAv.exe
  2⤵
  PID:7360
- C:\Windows\System\cmYcjUq.exe
  C:\Windows\System\cmYcjUq.exe
  2⤵
  PID:7376
- C:\Windows\System\VSBTAyo.exe
  C:\Windows\System\VSBTAyo.exe
  2⤵
  PID:7400
- C:\Windows\System\ARjAEtP.exe
  C:\Windows\System\ARjAEtP.exe
  2⤵
  PID:7420
- C:\Windows\System\ddxwPgU.exe
  C:\Windows\System\ddxwPgU.exe
  2⤵
  PID:7440
- C:\Windows\System\wFyxfPI.exe
  C:\Windows\System\wFyxfPI.exe
  2⤵
  PID:7456
- C:\Windows\System\BcihlZD.exe
  C:\Windows\System\BcihlZD.exe
  2⤵
  PID:7472
- C:\Windows\System\vSuWydh.exe
  C:\Windows\System\vSuWydh.exe
  2⤵
  PID:7488
- C:\Windows\System\vVaCqfZ.exe
  C:\Windows\System\vVaCqfZ.exe
  2⤵
  PID:7516
- C:\Windows\System\GwOkrNU.exe
  C:\Windows\System\GwOkrNU.exe
  2⤵
  PID:7532
- C:\Windows\System\fOrClRx.exe
  C:\Windows\System\fOrClRx.exe
  2⤵
  PID:7564
- C:\Windows\System\hRNMtRn.exe
  C:\Windows\System\hRNMtRn.exe
  2⤵
  PID:7584
- C:\Windows\System\DPiUJGl.exe
  C:\Windows\System\DPiUJGl.exe
  2⤵
  PID:7604
- C:\Windows\System\VBECdKq.exe
  C:\Windows\System\VBECdKq.exe
  2⤵
  PID:7624
- C:\Windows\System\VdrXMBq.exe
  C:\Windows\System\VdrXMBq.exe
  2⤵
  PID:7644
- C:\Windows\System\WFkLVAW.exe
  C:\Windows\System\WFkLVAW.exe
  2⤵
  PID:7664
- C:\Windows\System\VlKCNIr.exe
  C:\Windows\System\VlKCNIr.exe
  2⤵
  PID:7684
- C:\Windows\System\QteRfAq.exe
  C:\Windows\System\QteRfAq.exe
  2⤵
  PID:7704
- C:\Windows\System\bCFuwcF.exe
  C:\Windows\System\bCFuwcF.exe
  2⤵
  PID:7724
- C:\Windows\System\DqAowMJ.exe
  C:\Windows\System\DqAowMJ.exe
  2⤵
  PID:7744
- C:\Windows\System\fhYhljW.exe
  C:\Windows\System\fhYhljW.exe
  2⤵
  PID:7764
- C:\Windows\System\SzIrFwy.exe
  C:\Windows\System\SzIrFwy.exe
  2⤵
  PID:7784
- C:\Windows\System\GmifWtB.exe
  C:\Windows\System\GmifWtB.exe
  2⤵
  PID:7804
- C:\Windows\System\SSyLEMl.exe
  C:\Windows\System\SSyLEMl.exe
  2⤵
  PID:7824
- C:\Windows\System\qGyrzua.exe
  C:\Windows\System\qGyrzua.exe
  2⤵
  PID:7844
- C:\Windows\System\JCpdvGj.exe
  C:\Windows\System\JCpdvGj.exe
  2⤵
  PID:7864
- C:\Windows\System\bubSLIZ.exe
  C:\Windows\System\bubSLIZ.exe
  2⤵
  PID:7884
- C:\Windows\System\YJOmbwd.exe
  C:\Windows\System\YJOmbwd.exe
  2⤵
  PID:7904
- C:\Windows\System\TJQSpQL.exe
  C:\Windows\System\TJQSpQL.exe
  2⤵
  PID:7924
- C:\Windows\System\DhaUQYd.exe
  C:\Windows\System\DhaUQYd.exe
  2⤵
  PID:7944
- C:\Windows\System\CFxGJGy.exe
  C:\Windows\System\CFxGJGy.exe
  2⤵
  PID:7964
- C:\Windows\System\neLiNym.exe
  C:\Windows\System\neLiNym.exe
  2⤵
  PID:7980
- C:\Windows\System\abqsrYs.exe
  C:\Windows\System\abqsrYs.exe
  2⤵
  PID:8004
- C:\Windows\System\wQNGvnS.exe
  C:\Windows\System\wQNGvnS.exe
  2⤵
  PID:8020
- C:\Windows\System\StRQnVy.exe
  C:\Windows\System\StRQnVy.exe
  2⤵
  PID:8044
- C:\Windows\System\YSQsOWH.exe
  C:\Windows\System\YSQsOWH.exe
  2⤵
  PID:8060
- C:\Windows\System\RPbOUXc.exe
  C:\Windows\System\RPbOUXc.exe
  2⤵
  PID:8076
- C:\Windows\System\izOMWGM.exe
  C:\Windows\System\izOMWGM.exe
  2⤵
  PID:8104
- C:\Windows\System\fqUUWjg.exe
  C:\Windows\System\fqUUWjg.exe
  2⤵
  PID:8120
- C:\Windows\System\NSRFEcG.exe
  C:\Windows\System\NSRFEcG.exe
  2⤵
  PID:8144
- C:\Windows\System\jPFVkjz.exe
  C:\Windows\System\jPFVkjz.exe
  2⤵
  PID:8164
- C:\Windows\System\hSgjNys.exe
  C:\Windows\System\hSgjNys.exe
  2⤵
  PID:8184
- C:\Windows\System\DznhmGv.exe
  C:\Windows\System\DznhmGv.exe
  2⤵
  PID:7040
- C:\Windows\System\zcHUFci.exe
  C:\Windows\System\zcHUFci.exe
  2⤵
  PID:5952
- C:\Windows\System\rNYhhkK.exe
  C:\Windows\System\rNYhhkK.exe
  2⤵
  PID:4964
- C:\Windows\System\dFPSvPT.exe
  C:\Windows\System\dFPSvPT.exe
  2⤵
  PID:6308
- C:\Windows\System\kzECIAk.exe
  C:\Windows\System\kzECIAk.exe
  2⤵
  PID:6368
- C:\Windows\System\voOouxf.exe
  C:\Windows\System\voOouxf.exe
  2⤵
  PID:6600
- C:\Windows\System\gLDGTMS.exe
  C:\Windows\System\gLDGTMS.exe
  2⤵
  PID:6712
- C:\Windows\System\DzwfQbT.exe
  C:\Windows\System\DzwfQbT.exe
  2⤵
  PID:6576
- C:\Windows\System\wmtkqKr.exe
  C:\Windows\System\wmtkqKr.exe
  2⤵
  PID:6972
- C:\Windows\System\aOdObWR.exe
  C:\Windows\System\aOdObWR.exe
  2⤵
  PID:7192
- C:\Windows\System\NNPcOcg.exe
  C:\Windows\System\NNPcOcg.exe
  2⤵
  PID:7268
- C:\Windows\System\uhTAZpl.exe
  C:\Windows\System\uhTAZpl.exe
  2⤵
  PID:7172
- C:\Windows\System\yRjyLSZ.exe
  C:\Windows\System\yRjyLSZ.exe
  2⤵
  PID:7304
- C:\Windows\System\ipmBGTr.exe
  C:\Windows\System\ipmBGTr.exe
  2⤵
  PID:7356
- C:\Windows\System\flClIrL.exe
  C:\Windows\System\flClIrL.exe
  2⤵
  PID:7292
- C:\Windows\System\YelSLPG.exe
  C:\Windows\System\YelSLPG.exe
  2⤵
  PID:7392
- C:\Windows\System\vOSovlS.exe
  C:\Windows\System\vOSovlS.exe
  2⤵
  PID:7428
- C:\Windows\System\EdYWASk.exe
  C:\Windows\System\EdYWASk.exe
  2⤵
  PID:7464
- C:\Windows\System\sdNcdBz.exe
  C:\Windows\System\sdNcdBz.exe
  2⤵
  PID:7512
- C:\Windows\System\UdjDKbc.exe
  C:\Windows\System\UdjDKbc.exe
  2⤵
  PID:7524
- C:\Windows\System\llOdekU.exe
  C:\Windows\System\llOdekU.exe
  2⤵
  PID:7544
- C:\Windows\System\HzLiPqp.exe
  C:\Windows\System\HzLiPqp.exe
  2⤵
  PID:7576
- C:\Windows\System\boOZFoC.exe
  C:\Windows\System\boOZFoC.exe
  2⤵
  PID:7632
- C:\Windows\System\zzORbRS.exe
  C:\Windows\System\zzORbRS.exe
  2⤵
  PID:7620
- C:\Windows\System\Ttwrrtr.exe
  C:\Windows\System\Ttwrrtr.exe
  2⤵
  PID:7676
- C:\Windows\System\NiLrcFl.exe
  C:\Windows\System\NiLrcFl.exe
  2⤵
  PID:7700
- C:\Windows\System\LVwPscb.exe
  C:\Windows\System\LVwPscb.exe
  2⤵
  PID:7760
- C:\Windows\System\CGdwrqX.exe
  C:\Windows\System\CGdwrqX.exe
  2⤵
  PID:7772
- C:\Windows\System\gGjKWer.exe
  C:\Windows\System\gGjKWer.exe
  2⤵
  PID:7832
- C:\Windows\System\OisFmSH.exe
  C:\Windows\System\OisFmSH.exe
  2⤵
  PID:7816
- C:\Windows\System\yolfSDD.exe
  C:\Windows\System\yolfSDD.exe
  2⤵
  PID:7860
- C:\Windows\System\ASrDPnq.exe
  C:\Windows\System\ASrDPnq.exe
  2⤵
  PID:7916
- C:\Windows\System\CprtfKO.exe
  C:\Windows\System\CprtfKO.exe
  2⤵
  PID:7896
- C:\Windows\System\QpqjKBL.exe
  C:\Windows\System\QpqjKBL.exe
  2⤵
  PID:7956
- C:\Windows\System\ZUnyUAP.exe
  C:\Windows\System\ZUnyUAP.exe
  2⤵
  PID:7972
- C:\Windows\System\YGaBJht.exe
  C:\Windows\System\YGaBJht.exe
  2⤵
  PID:8012
- C:\Windows\System\qLljlne.exe
  C:\Windows\System\qLljlne.exe
  2⤵
  PID:8052
- C:\Windows\System\yRzpwnz.exe
  C:\Windows\System\yRzpwnz.exe
  2⤵
  PID:8096
- C:\Windows\System\TjSiKBP.exe
  C:\Windows\System\TjSiKBP.exe
  2⤵
  PID:8156
- C:\Windows\System\XTxbaQD.exe
  C:\Windows\System\XTxbaQD.exe
  2⤵
  PID:8140
- C:\Windows\System\BBRDTaW.exe
  C:\Windows\System\BBRDTaW.exe
  2⤵
  PID:8180
- C:\Windows\System\rVRuQxE.exe
  C:\Windows\System\rVRuQxE.exe
  2⤵
  PID:7132
- C:\Windows\System\bRTZwZy.exe
  C:\Windows\System\bRTZwZy.exe
  2⤵
  PID:5156
- C:\Windows\System\LKrJdXa.exe
  C:\Windows\System\LKrJdXa.exe
  2⤵
  PID:5508
- C:\Windows\System\YJXxarQ.exe
  C:\Windows\System\YJXxarQ.exe
  2⤵
  PID:6916
- C:\Windows\System\aRHOWSP.exe
  C:\Windows\System\aRHOWSP.exe
  2⤵
  PID:7228
- C:\Windows\System\dYajvEe.exe
  C:\Windows\System\dYajvEe.exe
  2⤵
  PID:7188
- C:\Windows\System\wVEWZVA.exe
  C:\Windows\System\wVEWZVA.exe
  2⤵
  PID:7000
- C:\Windows\System\BhAVBfr.exe
  C:\Windows\System\BhAVBfr.exe
  2⤵
  PID:7308
- C:\Windows\System\iuvTDQB.exe
  C:\Windows\System\iuvTDQB.exe
  2⤵
  PID:7328
- C:\Windows\System\SHRphdC.exe
  C:\Windows\System\SHRphdC.exe
  2⤵
  PID:7332
- C:\Windows\System\qWmXVha.exe
  C:\Windows\System\qWmXVha.exe
  2⤵
  PID:7416
- C:\Windows\System\IoMbsYU.exe
  C:\Windows\System\IoMbsYU.exe
  2⤵
  PID:7484
- C:\Windows\System\HdYjhmx.exe
  C:\Windows\System\HdYjhmx.exe
  2⤵
  PID:7452
- C:\Windows\System\ayJhWIz.exe
  C:\Windows\System\ayJhWIz.exe
  2⤵
  PID:7596
- C:\Windows\System\VNXrFVm.exe
  C:\Windows\System\VNXrFVm.exe
  2⤵
  PID:7672
- C:\Windows\System\hrUMhhj.exe
  C:\Windows\System\hrUMhhj.exe
  2⤵
  PID:7720
- C:\Windows\System\WJLXfiF.exe
  C:\Windows\System\WJLXfiF.exe
  2⤵
  PID:7776
- C:\Windows\System\eFwIZWa.exe
  C:\Windows\System\eFwIZWa.exe
  2⤵
  PID:7800
- C:\Windows\System\tLXygpC.exe
  C:\Windows\System\tLXygpC.exe
  2⤵
  PID:7852
- C:\Windows\System\RoCquWi.exe
  C:\Windows\System\RoCquWi.exe
  2⤵
  PID:7900
- C:\Windows\System\tmGpGKx.exe
  C:\Windows\System\tmGpGKx.exe
  2⤵
  PID:7940
- C:\Windows\System\wrwjrhH.exe
  C:\Windows\System\wrwjrhH.exe
  2⤵
  PID:8040
- C:\Windows\System\yebkOYi.exe
  C:\Windows\System\yebkOYi.exe
  2⤵
  PID:8088
- C:\Windows\System\NUNKllP.exe
  C:\Windows\System\NUNKllP.exe
  2⤵
  PID:5816
- C:\Windows\System\dxldCPI.exe
  C:\Windows\System\dxldCPI.exe
  2⤵
  PID:8132
- C:\Windows\System\zSNgfjA.exe
  C:\Windows\System\zSNgfjA.exe
  2⤵
  PID:6256
- C:\Windows\System\nrePDxM.exe
  C:\Windows\System\nrePDxM.exe
  2⤵
  PID:6172
- C:\Windows\System\pctSSaj.exe
  C:\Windows\System\pctSSaj.exe
  2⤵
  PID:6540
- C:\Windows\System\aGDNlju.exe
  C:\Windows\System\aGDNlju.exe
  2⤵
  PID:7196
- C:\Windows\System\yciWCVd.exe
  C:\Windows\System\yciWCVd.exe
  2⤵
  PID:7252
- C:\Windows\System\PhLWmVR.exe
  C:\Windows\System\PhLWmVR.exe
  2⤵
  PID:7352
- C:\Windows\System\zxRysZl.exe
  C:\Windows\System\zxRysZl.exe
  2⤵
  PID:7448
- C:\Windows\System\qwsQIPM.exe
  C:\Windows\System\qwsQIPM.exe
  2⤵
  PID:7572
- C:\Windows\System\FTgvOtz.exe
  C:\Windows\System\FTgvOtz.exe
  2⤵
  PID:7660
- C:\Windows\System\YXpGOoN.exe
  C:\Windows\System\YXpGOoN.exe
  2⤵
  PID:7732
- C:\Windows\System\uBhFyqS.exe
  C:\Windows\System\uBhFyqS.exe
  2⤵
  PID:7736
- C:\Windows\System\XEiACGm.exe
  C:\Windows\System\XEiACGm.exe
  2⤵
  PID:2344
- C:\Windows\System\ZQvvoHR.exe
  C:\Windows\System\ZQvvoHR.exe
  2⤵
  PID:7936
- C:\Windows\System\KIyeVRW.exe
  C:\Windows\System\KIyeVRW.exe
  2⤵
  PID:7996
- C:\Windows\System\oLYxtPT.exe
  C:\Windows\System\oLYxtPT.exe
  2⤵
  PID:7056
- C:\Windows\System\EUCkXZR.exe
  C:\Windows\System\EUCkXZR.exe
  2⤵
  PID:8084
- C:\Windows\System\cPrZTzf.exe
  C:\Windows\System\cPrZTzf.exe
  2⤵
  PID:4392
- C:\Windows\System\qPsPGnf.exe
  C:\Windows\System\qPsPGnf.exe
  2⤵
  PID:7280
- C:\Windows\System\fOEuehy.exe
  C:\Windows\System\fOEuehy.exe
  2⤵
  PID:6352
- C:\Windows\System\zgOxvde.exe
  C:\Windows\System\zgOxvde.exe
  2⤵
  PID:7556
- C:\Windows\System\HunuNoA.exe
  C:\Windows\System\HunuNoA.exe
  2⤵
  PID:2300
- C:\Windows\System\BAsaPQm.exe
  C:\Windows\System\BAsaPQm.exe
  2⤵
  PID:7796
- C:\Windows\System\gfiYbVR.exe
  C:\Windows\System\gfiYbVR.exe
  2⤵
  PID:7716
- C:\Windows\System\TllOPlT.exe
  C:\Windows\System\TllOPlT.exe
  2⤵
  PID:8212
- C:\Windows\System\DRzoJWQ.exe
  C:\Windows\System\DRzoJWQ.exe
  2⤵
  PID:8232
- C:\Windows\System\Zxtmysq.exe
  C:\Windows\System\Zxtmysq.exe
  2⤵
  PID:8252
- C:\Windows\System\wimNyvB.exe
  C:\Windows\System\wimNyvB.exe
  2⤵
  PID:8272
- C:\Windows\System\zKBZuxA.exe
  C:\Windows\System\zKBZuxA.exe
  2⤵
  PID:8292
- C:\Windows\System\ugVnpAJ.exe
  C:\Windows\System\ugVnpAJ.exe
  2⤵
  PID:8312
- C:\Windows\System\FPADsou.exe
  C:\Windows\System\FPADsou.exe
  2⤵
  PID:8332
- C:\Windows\System\UxEpfUt.exe
  C:\Windows\System\UxEpfUt.exe
  2⤵
  PID:8356
- C:\Windows\System\BbJVhiO.exe
  C:\Windows\System\BbJVhiO.exe
  2⤵
  PID:8376
- C:\Windows\System\SUzORwK.exe
  C:\Windows\System\SUzORwK.exe
  2⤵
  PID:8396
- C:\Windows\System\lhvnsJj.exe
  C:\Windows\System\lhvnsJj.exe
  2⤵
  PID:8416
- C:\Windows\System\DjgzJyp.exe
  C:\Windows\System\DjgzJyp.exe
  2⤵
  PID:8436
- C:\Windows\System\seeQUQh.exe
  C:\Windows\System\seeQUQh.exe
  2⤵
  PID:8456
- C:\Windows\System\WsbamKW.exe
  C:\Windows\System\WsbamKW.exe
  2⤵
  PID:8472
- C:\Windows\System\FecmTCt.exe
  C:\Windows\System\FecmTCt.exe
  2⤵
  PID:8496
- C:\Windows\System\tpVBgWs.exe
  C:\Windows\System\tpVBgWs.exe
  2⤵
  PID:8516
- C:\Windows\System\MyTPiGP.exe
  C:\Windows\System\MyTPiGP.exe
  2⤵
  PID:8536
- C:\Windows\System\OdiCoFs.exe
  C:\Windows\System\OdiCoFs.exe
  2⤵
  PID:8556
- C:\Windows\System\pMUmQXN.exe
  C:\Windows\System\pMUmQXN.exe
  2⤵
  PID:8576
- C:\Windows\System\WqZOsob.exe
  C:\Windows\System\WqZOsob.exe
  2⤵
  PID:8596
- C:\Windows\System\BkbdgvD.exe
  C:\Windows\System\BkbdgvD.exe
  2⤵
  PID:8616
- C:\Windows\System\JsPTnGe.exe
  C:\Windows\System\JsPTnGe.exe
  2⤵
  PID:8632
- C:\Windows\System\dxzgHOP.exe
  C:\Windows\System\dxzgHOP.exe
  2⤵
  PID:8652
- C:\Windows\System\NEYFngf.exe
  C:\Windows\System\NEYFngf.exe
  2⤵
  PID:8672
- C:\Windows\System\kiubZFA.exe
  C:\Windows\System\kiubZFA.exe
  2⤵
  PID:8692
- C:\Windows\System\HBCepVy.exe
  C:\Windows\System\HBCepVy.exe
  2⤵
  PID:8712
- C:\Windows\System\HIsdofi.exe
  C:\Windows\System\HIsdofi.exe
  2⤵
  PID:8728
- C:\Windows\System\GMCklte.exe
  C:\Windows\System\GMCklte.exe
  2⤵
  PID:8744
- C:\Windows\System\OMZgKXF.exe
  C:\Windows\System\OMZgKXF.exe
  2⤵
  PID:8764
- C:\Windows\System\GHtxLcG.exe
  C:\Windows\System\GHtxLcG.exe
  2⤵
  PID:8780
- C:\Windows\System\ozxukVX.exe
  C:\Windows\System\ozxukVX.exe
  2⤵
  PID:8796
- C:\Windows\System\jWWJnWx.exe
  C:\Windows\System\jWWJnWx.exe
  2⤵
  PID:8812
- C:\Windows\System\ozYMDaC.exe
  C:\Windows\System\ozYMDaC.exe
  2⤵
  PID:8828
- C:\Windows\System\CjdzuLK.exe
  C:\Windows\System\CjdzuLK.exe
  2⤵
  PID:8848
- C:\Windows\System\QJPAUHF.exe
  C:\Windows\System\QJPAUHF.exe
  2⤵
  PID:8864
- C:\Windows\System\DRmrdta.exe
  C:\Windows\System\DRmrdta.exe
  2⤵
  PID:8880
- C:\Windows\System\InriASa.exe
  C:\Windows\System\InriASa.exe
  2⤵
  PID:8896
- C:\Windows\System\WBJRFvv.exe
  C:\Windows\System\WBJRFvv.exe
  2⤵
  PID:8920
- C:\Windows\System\ipmTrrd.exe
  C:\Windows\System\ipmTrrd.exe
  2⤵
  PID:9004
- C:\Windows\System\CqDUJDx.exe
  C:\Windows\System\CqDUJDx.exe
  2⤵
  PID:9024
- C:\Windows\System\UsJUkCd.exe
  C:\Windows\System\UsJUkCd.exe
  2⤵
  PID:9044
- C:\Windows\System\tbFIVQo.exe
  C:\Windows\System\tbFIVQo.exe
  2⤵
  PID:9064
- C:\Windows\System\JjsmheI.exe
  C:\Windows\System\JjsmheI.exe
  2⤵
  PID:9088
- C:\Windows\System\vjmRWFm.exe
  C:\Windows\System\vjmRWFm.exe
  2⤵
  PID:9124
- C:\Windows\System\QhDXlPr.exe
  C:\Windows\System\QhDXlPr.exe
  2⤵
  PID:9140
- C:\Windows\System\tfORrqp.exe
  C:\Windows\System\tfORrqp.exe
  2⤵
  PID:9156
- C:\Windows\System\LwaFtIw.exe
  C:\Windows\System\LwaFtIw.exe
  2⤵
  PID:9176
- C:\Windows\System\ZBcIOaw.exe
  C:\Windows\System\ZBcIOaw.exe
  2⤵
  PID:9192
- C:\Windows\System\vVxpTcW.exe
  C:\Windows\System\vVxpTcW.exe
  2⤵
  PID:9212
- C:\Windows\System\HBAyPFr.exe
  C:\Windows\System\HBAyPFr.exe
  2⤵
  PID:7820
- C:\Windows\System\OElymoo.exe
  C:\Windows\System\OElymoo.exe
  2⤵
  PID:8112
- C:\Windows\System\XQQMshf.exe
  C:\Windows\System\XQQMshf.exe
  2⤵
  PID:8092
- C:\Windows\System\HXxlDUa.exe
  C:\Windows\System\HXxlDUa.exe
  2⤵
  PID:2508
- C:\Windows\System\PlGEvcm.exe
  C:\Windows\System\PlGEvcm.exe
  2⤵
  PID:7408
- C:\Windows\System\GRTvnRX.exe
  C:\Windows\System\GRTvnRX.exe
  2⤵
  PID:7248
- C:\Windows\System\ktWMEXC.exe
  C:\Windows\System\ktWMEXC.exe
  2⤵
  PID:7368
- C:\Windows\System\NYtyRkK.exe
  C:\Windows\System\NYtyRkK.exe
  2⤵
  PID:2900
- C:\Windows\System\CtMuJHk.exe
  C:\Windows\System\CtMuJHk.exe
  2⤵
  PID:8200
- C:\Windows\System\pOCDdGp.exe
  C:\Windows\System\pOCDdGp.exe
  2⤵
  PID:8260
- C:\Windows\System\CORGszA.exe
  C:\Windows\System\CORGszA.exe
  2⤵
  PID:8240
- C:\Windows\System\hZZJQxa.exe
  C:\Windows\System\hZZJQxa.exe
  2⤵
  PID:8324
- C:\Windows\System\LhWScUz.exe
  C:\Windows\System\LhWScUz.exe
  2⤵
  PID:8384
- C:\Windows\System\OhylARZ.exe
  C:\Windows\System\OhylARZ.exe
  2⤵
  PID:8372
- C:\Windows\System\PWgpQUc.exe
  C:\Windows\System\PWgpQUc.exe
  2⤵
  PID:8424
- C:\Windows\System\lFQTIJU.exe
  C:\Windows\System\lFQTIJU.exe
  2⤵
  PID:2196
- C:\Windows\System\KdBlWiX.exe
  C:\Windows\System\KdBlWiX.exe
  2⤵
  PID:8464
- C:\Windows\System\FavoMaU.exe
  C:\Windows\System\FavoMaU.exe
  2⤵
  PID:8508
- C:\Windows\System\tvHYUwg.exe
  C:\Windows\System\tvHYUwg.exe
  2⤵
  PID:8492
- C:\Windows\System\frZXiiR.exe
  C:\Windows\System\frZXiiR.exe
  2⤵
  PID:2816
- C:\Windows\System\KvzSucS.exe
  C:\Windows\System\KvzSucS.exe
  2⤵
  PID:8548
- C:\Windows\System\IJZUeKM.exe
  C:\Windows\System\IJZUeKM.exe
  2⤵
  PID:8604
- C:\Windows\System\wwHyHJe.exe
  C:\Windows\System\wwHyHJe.exe
  2⤵
  PID:8660
- C:\Windows\System\GfSqLDp.exe
  C:\Windows\System\GfSqLDp.exe
  2⤵
  PID:1148
- C:\Windows\System\SBLudKv.exe
  C:\Windows\System\SBLudKv.exe
  2⤵
  PID:8648
- C:\Windows\System\JqlNRJe.exe
  C:\Windows\System\JqlNRJe.exe
  2⤵
  PID:8720
- C:\Windows\System\alUurof.exe
  C:\Windows\System\alUurof.exe
  2⤵
  PID:8772
- C:\Windows\System\BzIBATB.exe
  C:\Windows\System\BzIBATB.exe
  2⤵
  PID:8804
- C:\Windows\System\NWrQhTp.exe
  C:\Windows\System\NWrQhTp.exe
  2⤵
  PID:2664
- C:\Windows\System\RMyiYvd.exe
  C:\Windows\System\RMyiYvd.exe
  2⤵
  PID:8820
- C:\Windows\System\UpsscMF.exe
  C:\Windows\System\UpsscMF.exe
  2⤵
  PID:8840
- C:\Windows\System\NlXUfTR.exe
  C:\Windows\System\NlXUfTR.exe
  2⤵
  PID:2732
- C:\Windows\System\MpgotAH.exe
  C:\Windows\System\MpgotAH.exe
  2⤵
  PID:2668
- C:\Windows\System\UbzStic.exe
  C:\Windows\System\UbzStic.exe
  2⤵
  PID:8888
- C:\Windows\System\daNjVph.exe
  C:\Windows\System\daNjVph.exe
  2⤵
  PID:2360
- C:\Windows\System\yYmazKc.exe
  C:\Windows\System\yYmazKc.exe
  2⤵
  PID:2716
- C:\Windows\System\qjPeVkV.exe
  C:\Windows\System\qjPeVkV.exe
  2⤵
  PID:8944
- C:\Windows\System\xwqkedz.exe
  C:\Windows\System\xwqkedz.exe
  2⤵
  PID:620
- C:\Windows\System\UgkazPA.exe
  C:\Windows\System\UgkazPA.exe
  2⤵
  PID:8964
- C:\Windows\System\jEyamCv.exe
  C:\Windows\System\jEyamCv.exe
  2⤵
  PID:2252
- C:\Windows\System\WXbYeex.exe
  C:\Windows\System\WXbYeex.exe
  2⤵
  PID:1088
- C:\Windows\System\AVbSGVr.exe
  C:\Windows\System\AVbSGVr.exe
  2⤵
  PID:9020
- C:\Windows\System\OTNzUHw.exe
  C:\Windows\System\OTNzUHw.exe
  2⤵
  PID:9060
- C:\Windows\System\PvVfjzs.exe
  C:\Windows\System\PvVfjzs.exe
  2⤵
  PID:9108
- C:\Windows\System\eWDhjEw.exe
  C:\Windows\System\eWDhjEw.exe
  2⤵
  PID:9208
- C:\Windows\System\qQWdPju.exe
  C:\Windows\System\qQWdPju.exe
  2⤵
  PID:6472
- C:\Windows\System\YxckGyx.exe
  C:\Windows\System\YxckGyx.exe
  2⤵
  PID:2136
- C:\Windows\System\ibGBZys.exe
  C:\Windows\System\ibGBZys.exe
  2⤵
  PID:9148
- C:\Windows\System\MxxTgOk.exe
  C:\Windows\System\MxxTgOk.exe
  2⤵
  PID:8288
- C:\Windows\System\INPBLyK.exe
  C:\Windows\System\INPBLyK.exe
  2⤵
  PID:9152
- C:\Windows\System\GYkXzFy.exe
  C:\Windows\System\GYkXzFy.exe
  2⤵
  PID:8028
- C:\Windows\System\xrXcYgN.exe
  C:\Windows\System\xrXcYgN.exe
  2⤵
  PID:7552
- C:\Windows\System\FJoFuOm.exe
  C:\Windows\System\FJoFuOm.exe
  2⤵
  PID:8340
- C:\Windows\System\lhNHthV.exe
  C:\Windows\System\lhNHthV.exe
  2⤵
  PID:8364
- C:\Windows\System\yTdkxqF.exe
  C:\Windows\System\yTdkxqF.exe
  2⤵
  PID:2000
- C:\Windows\System\HBTLaoK.exe
  C:\Windows\System\HBTLaoK.exe
  2⤵
  PID:2612
- C:\Windows\System\mENtJDW.exe
  C:\Windows\System\mENtJDW.exe
  2⤵
  PID:8480
- C:\Windows\System\INmZBEY.exe
  C:\Windows\System\INmZBEY.exe
  2⤵
  PID:8584
- C:\Windows\System\qwyABEw.exe
  C:\Windows\System\qwyABEw.exe
  2⤵
  PID:8664
- C:\Windows\System\cIAixVW.exe
  C:\Windows\System\cIAixVW.exe
  2⤵
  PID:8644
- C:\Windows\System\NNgHTbE.exe
  C:\Windows\System\NNgHTbE.exe
  2⤵
  PID:2992
- C:\Windows\System\kOMaoKo.exe
  C:\Windows\System\kOMaoKo.exe
  2⤵
  PID:2916
- C:\Windows\System\ttfoGFR.exe
  C:\Windows\System\ttfoGFR.exe
  2⤵
  PID:8856
- C:\Windows\System\RbgopZA.exe
  C:\Windows\System\RbgopZA.exe
  2⤵
  PID:1736
- C:\Windows\System\ITMXgWR.exe
  C:\Windows\System\ITMXgWR.exe
  2⤵
  PID:2708
- C:\Windows\System\VmGGZnH.exe
  C:\Windows\System\VmGGZnH.exe
  2⤵
  PID:2272
- C:\Windows\System\cspKMsT.exe
  C:\Windows\System\cspKMsT.exe
  2⤵
  PID:1680
- C:\Windows\System\yiRGEYA.exe
  C:\Windows\System\yiRGEYA.exe
  2⤵
  PID:2652
- C:\Windows\System\mdGBUYb.exe
  C:\Windows\System\mdGBUYb.exe
  2⤵
  PID:9072
- C:\Windows\System\mrcRGHS.exe
  C:\Windows\System\mrcRGHS.exe
  2⤵
  PID:9040
- C:\Windows\System\maszDNq.exe
  C:\Windows\System\maszDNq.exe
  2⤵
  PID:9104
- C:\Windows\System\HHWWFbP.exe
  C:\Windows\System\HHWWFbP.exe
  2⤵
  PID:9168
- C:\Windows\System\njpghGb.exe
  C:\Windows\System\njpghGb.exe
  2⤵
  PID:9164
- C:\Windows\System\IYvaiKL.exe
  C:\Windows\System\IYvaiKL.exe
  2⤵
  PID:6276
- C:\Windows\System\SPuZFZZ.exe
  C:\Windows\System\SPuZFZZ.exe
  2⤵
  PID:868
- C:\Windows\System\BKXyigL.exe
  C:\Windows\System\BKXyigL.exe
  2⤵
  PID:9184
- C:\Windows\System\cDDdWYB.exe
  C:\Windows\System\cDDdWYB.exe
  2⤵
  PID:8152
- C:\Windows\System\ZLbxhUE.exe
  C:\Windows\System\ZLbxhUE.exe
  2⤵
  PID:8220
- C:\Windows\System\xFGFFsw.exe
  C:\Windows\System\xFGFFsw.exe
  2⤵
  PID:8204
- C:\Windows\System\kEtgQlZ.exe
  C:\Windows\System\kEtgQlZ.exe
  2⤵
  PID:2372
- C:\Windows\System\vtHQIYM.exe
  C:\Windows\System\vtHQIYM.exe
  2⤵
  PID:8564
- C:\Windows\System\hxvMQNF.exe
  C:\Windows\System\hxvMQNF.exe
  2⤵
  PID:8640
- C:\Windows\System\ngBatam.exe
  C:\Windows\System\ngBatam.exe
  2⤵
  PID:8708
- C:\Windows\System\xDJOUFZ.exe
  C:\Windows\System\xDJOUFZ.exe
  2⤵
  PID:8788
- C:\Windows\System\zYSwWoz.exe
  C:\Windows\System\zYSwWoz.exe
  2⤵
  PID:1692
- C:\Windows\System\OyVrwDw.exe
  C:\Windows\System\OyVrwDw.exe
  2⤵
  PID:2408
- C:\Windows\System\rAngvLJ.exe
  C:\Windows\System\rAngvLJ.exe
  2⤵
  PID:9000
- C:\Windows\System\oSIqUXA.exe
  C:\Windows\System\oSIqUXA.exe
  2⤵
  PID:8300
- C:\Windows\System\NSXEjOZ.exe
  C:\Windows\System\NSXEjOZ.exe
  2⤵
  PID:9204
- C:\Windows\System\fqsZppz.exe
  C:\Windows\System\fqsZppz.exe
  2⤵
  PID:8916
- C:\Windows\System\QhGUjTq.exe
  C:\Windows\System\QhGUjTq.exe
  2⤵
  PID:8308
- C:\Windows\System\YduWkha.exe
  C:\Windows\System\YduWkha.exe
  2⤵
  PID:8572
- C:\Windows\System\dLkyGts.exe
  C:\Windows\System\dLkyGts.exe
  2⤵
  PID:1816
- C:\Windows\System\EqwsRaS.exe
  C:\Windows\System\EqwsRaS.exe
  2⤵
  PID:8612
- C:\Windows\System\BFHkyAX.exe
  C:\Windows\System\BFHkyAX.exe
  2⤵
  PID:8912
- C:\Windows\System\biEDmUX.exe
  C:\Windows\System\biEDmUX.exe
  2⤵
  PID:8936
- C:\Windows\System\wiaDuQw.exe
  C:\Windows\System\wiaDuQw.exe
  2⤵
  PID:8860
- C:\Windows\System\bFftFiz.exe
  C:\Windows\System\bFftFiz.exe
  2⤵
  PID:2640
- C:\Windows\System\JXnjtjj.exe
  C:\Windows\System\JXnjtjj.exe
  2⤵
  PID:8280
- C:\Windows\System\WHREWKv.exe
  C:\Windows\System\WHREWKv.exe
  2⤵
  PID:2868
- C:\Windows\System\zXXAqng.exe
  C:\Windows\System\zXXAqng.exe
  2⤵
  PID:2096
- C:\Windows\System\oYYdlOZ.exe
  C:\Windows\System\oYYdlOZ.exe
  2⤵
  PID:8956
- C:\Windows\System\egngSAn.exe
  C:\Windows\System\egngSAn.exe
  2⤵
  PID:8960
- C:\Windows\System\PTAYSjG.exe
  C:\Windows\System\PTAYSjG.exe
  2⤵
  PID:8932
- C:\Windows\System\YNAvkSY.exe
  C:\Windows\System\YNAvkSY.exe
  2⤵
  PID:4996
- C:\Windows\System\pggKDbK.exe
  C:\Windows\System\pggKDbK.exe
  2⤵
  PID:8320
- C:\Windows\System\SvhiHcx.exe
  C:\Windows\System\SvhiHcx.exe
  2⤵
  PID:8552
- C:\Windows\System\TCBPNtb.exe
  C:\Windows\System\TCBPNtb.exe
  2⤵
  PID:9200
- C:\Windows\System\LryjuYJ.exe
  C:\Windows\System\LryjuYJ.exe
  2⤵
  PID:9228
- C:\Windows\System\zuzWHXX.exe
  C:\Windows\System\zuzWHXX.exe
  2⤵
  PID:9248
- C:\Windows\System\jIeLlbm.exe
  C:\Windows\System\jIeLlbm.exe
  2⤵
  PID:9268
- C:\Windows\System\BpqGjyA.exe
  C:\Windows\System\BpqGjyA.exe
  2⤵
  PID:9312
- C:\Windows\System\FrJBvvT.exe
  C:\Windows\System\FrJBvvT.exe
  2⤵
  PID:9328
- C:\Windows\System\QDSFRUo.exe
  C:\Windows\System\QDSFRUo.exe
  2⤵
  PID:9344
- C:\Windows\System\KtzXnsK.exe
  C:\Windows\System\KtzXnsK.exe
  2⤵
  PID:9360
- C:\Windows\System\QXXbrRp.exe
  C:\Windows\System\QXXbrRp.exe
  2⤵
  PID:9380
- C:\Windows\System\pTIRpwZ.exe
  C:\Windows\System\pTIRpwZ.exe
  2⤵
  PID:9396
- C:\Windows\System\iJjkHdj.exe
  C:\Windows\System\iJjkHdj.exe
  2⤵
  PID:9412
- C:\Windows\System\EtWECAK.exe
  C:\Windows\System\EtWECAK.exe
  2⤵
  PID:9428
- C:\Windows\System\zliJyLL.exe
  C:\Windows\System\zliJyLL.exe
  2⤵
  PID:9444
- C:\Windows\System\SRwvQUB.exe
  C:\Windows\System\SRwvQUB.exe
  2⤵
  PID:9460
- C:\Windows\System\UBzwUiQ.exe
  C:\Windows\System\UBzwUiQ.exe
  2⤵
  PID:9476
- C:\Windows\System\BDnRTqr.exe
  C:\Windows\System\BDnRTqr.exe
  2⤵
  PID:9496
- C:\Windows\System\GAXGmqq.exe
  C:\Windows\System\GAXGmqq.exe
  2⤵
  PID:9520
- C:\Windows\System\tkwJRMm.exe
  C:\Windows\System\tkwJRMm.exe
  2⤵
  PID:9540
- C:\Windows\System\txKUUmm.exe
  C:\Windows\System\txKUUmm.exe
  2⤵
  PID:9556
- C:\Windows\System\YBSFRmI.exe
  C:\Windows\System\YBSFRmI.exe
  2⤵
  PID:9580
- C:\Windows\System\gvQbiDC.exe
  C:\Windows\System\gvQbiDC.exe
  2⤵
  PID:9600
- C:\Windows\System\rtMUhyF.exe
  C:\Windows\System\rtMUhyF.exe
  2⤵
  PID:9620
- C:\Windows\System\VLJtKPd.exe
  C:\Windows\System\VLJtKPd.exe
  2⤵
  PID:9636
- C:\Windows\System\effoPkb.exe
  C:\Windows\System\effoPkb.exe
  2⤵
  PID:9656
- C:\Windows\System\LKkdyCc.exe
  C:\Windows\System\LKkdyCc.exe
  2⤵
  PID:9672
- C:\Windows\System\GvfAktY.exe
  C:\Windows\System\GvfAktY.exe
  2⤵
  PID:9692
- C:\Windows\System\whscOLv.exe
  C:\Windows\System\whscOLv.exe
  2⤵
  PID:9708
- C:\Windows\System\PolILdE.exe
  C:\Windows\System\PolILdE.exe
  2⤵
  PID:9732
- C:\Windows\System\dAFKMio.exe
  C:\Windows\System\dAFKMio.exe
  2⤵
  PID:9748
- C:\Windows\System\exxIRyE.exe
  C:\Windows\System\exxIRyE.exe
  2⤵
  PID:9764
- C:\Windows\System\cgRwaSQ.exe
  C:\Windows\System\cgRwaSQ.exe
  2⤵
  PID:9780
- C:\Windows\System\uverxyC.exe
  C:\Windows\System\uverxyC.exe
  2⤵
  PID:9804
- C:\Windows\System\pLElERR.exe
  C:\Windows\System\pLElERR.exe
  2⤵
  PID:9820
- C:\Windows\System\JYpTqdC.exe
  C:\Windows\System\JYpTqdC.exe
  2⤵
  PID:9840
- C:\Windows\System\zIAnDFu.exe
  C:\Windows\System\zIAnDFu.exe
  2⤵
  PID:9856
- C:\Windows\System\WUUhjLC.exe
  C:\Windows\System\WUUhjLC.exe
  2⤵
  PID:9876
- C:\Windows\System\PFgPKpC.exe
  C:\Windows\System\PFgPKpC.exe
  2⤵
  PID:9896
- C:\Windows\System\oJJYXwe.exe
  C:\Windows\System\oJJYXwe.exe
  2⤵
  PID:9912
- C:\Windows\System\SjMsrEG.exe
  C:\Windows\System\SjMsrEG.exe
  2⤵
  PID:9928
- C:\Windows\System\ROdnBcA.exe
  C:\Windows\System\ROdnBcA.exe
  2⤵
  PID:9944
- C:\Windows\System\qgxhKnK.exe
  C:\Windows\System\qgxhKnK.exe
  2⤵
  PID:9960
- C:\Windows\System\NgjRxVc.exe
  C:\Windows\System\NgjRxVc.exe
  2⤵
  PID:9976
- C:\Windows\System\eABGrux.exe
  C:\Windows\System\eABGrux.exe
  2⤵
  PID:9992
- C:\Windows\System\FQCTFsJ.exe
  C:\Windows\System\FQCTFsJ.exe
  2⤵
  PID:10008
- C:\Windows\System\GiVygNS.exe
  C:\Windows\System\GiVygNS.exe
  2⤵
  PID:10024
- C:\Windows\System\SfOPJYJ.exe
  C:\Windows\System\SfOPJYJ.exe
  2⤵
  PID:10040
- C:\Windows\System\lnqprRN.exe
  C:\Windows\System\lnqprRN.exe
  2⤵
  PID:10056
- C:\Windows\System\srCxqyT.exe
  C:\Windows\System\srCxqyT.exe
  2⤵
  PID:10072
- C:\Windows\System\WGUJaYZ.exe
  C:\Windows\System\WGUJaYZ.exe
  2⤵
  PID:10088
- C:\Windows\System\hVOvluv.exe
  C:\Windows\System\hVOvluv.exe
  2⤵
  PID:10108
- C:\Windows\System\WtmuzHN.exe
  C:\Windows\System\WtmuzHN.exe
  2⤵
  PID:10124
- C:\Windows\System\pdxWwWO.exe
  C:\Windows\System\pdxWwWO.exe
  2⤵
  PID:10140
- C:\Windows\System\GubNQpF.exe
  C:\Windows\System\GubNQpF.exe
  2⤵
  PID:10156
- C:\Windows\System\iGLDULD.exe
  C:\Windows\System\iGLDULD.exe
  2⤵
  PID:10176
- C:\Windows\System\TRFwwqt.exe
  C:\Windows\System\TRFwwqt.exe
  2⤵
  PID:10192
- C:\Windows\System\JPGpzcZ.exe
  C:\Windows\System\JPGpzcZ.exe
  2⤵
  PID:10208
- C:\Windows\System\VzkbvhP.exe
  C:\Windows\System\VzkbvhP.exe
  2⤵
  PID:10228
- C:\Windows\System\ROSBZiv.exe
  C:\Windows\System\ROSBZiv.exe
  2⤵
  PID:2124
- C:\Windows\System\dEijxKE.exe
  C:\Windows\System\dEijxKE.exe
  2⤵
  PID:9244
- C:\Windows\System\qLiHHYw.exe
  C:\Windows\System\qLiHHYw.exe
  2⤵
  PID:9288
- C:\Windows\System\MlUVAow.exe
  C:\Windows\System\MlUVAow.exe
  2⤵
  PID:9084
- C:\Windows\System\BvQbKHW.exe
  C:\Windows\System\BvQbKHW.exe
  2⤵
  PID:9292
- C:\Windows\System\LFbayZG.exe
  C:\Windows\System\LFbayZG.exe
  2⤵
  PID:9440
- C:\Windows\System\SasAwau.exe
  C:\Windows\System\SasAwau.exe
  2⤵
  PID:9516
- C:\Windows\System\exNwXhd.exe
  C:\Windows\System\exNwXhd.exe
  2⤵
  PID:9628
- C:\Windows\System\BWbZoRj.exe
  C:\Windows\System\BWbZoRj.exe
  2⤵
  PID:9704
- C:\Windows\System\mXAsrmR.exe
  C:\Windows\System\mXAsrmR.exe
  2⤵
  PID:9812
- C:\Windows\System\BHrwOfh.exe
  C:\Windows\System\BHrwOfh.exe
  2⤵
  PID:9888
- C:\Windows\System\hVDxCSJ.exe
  C:\Windows\System\hVDxCSJ.exe
  2⤵
  PID:9952
- C:\Windows\System\EyMTaqE.exe
  C:\Windows\System\EyMTaqE.exe
  2⤵
  PID:10016
- C:\Windows\System\xEScBHB.exe
  C:\Windows\System\xEScBHB.exe
  2⤵
  PID:10052
- C:\Windows\System\XhjVOsq.exe
  C:\Windows\System\XhjVOsq.exe
  2⤵
  PID:10084
- C:\Windows\System\vMXYYnD.exe
  C:\Windows\System\vMXYYnD.exe
  2⤵
  PID:9452
- C:\Windows\System\RnaoPTU.exe
  C:\Windows\System\RnaoPTU.exe
  2⤵
  PID:9492
- C:\Windows\System\uxdWHvv.exe
  C:\Windows\System\uxdWHvv.exe
  2⤵
  PID:9564
- C:\Windows\System\RLnyfwB.exe
  C:\Windows\System\RLnyfwB.exe
  2⤵
  PID:9644
- C:\Windows\System\UijOpbr.exe
  C:\Windows\System\UijOpbr.exe
  2⤵
  PID:9716
- C:\Windows\System\dGHvtHG.exe
  C:\Windows\System\dGHvtHG.exe
  2⤵
  PID:9788
- C:\Windows\System\dMxdyEH.exe
  C:\Windows\System\dMxdyEH.exe
  2⤵
  PID:9828
- C:\Windows\System\RdRywdY.exe
  C:\Windows\System\RdRywdY.exe
  2⤵
  PID:9868
- C:\Windows\System\EbvrMow.exe
  C:\Windows\System\EbvrMow.exe
  2⤵
  PID:9940
- C:\Windows\System\OapNWCh.exe
  C:\Windows\System\OapNWCh.exe
  2⤵
  PID:10032
- C:\Windows\System\YzUTQgy.exe
  C:\Windows\System\YzUTQgy.exe
  2⤵
  PID:10148
- C:\Windows\System\NBsLaBx.exe
  C:\Windows\System\NBsLaBx.exe
  2⤵
  PID:10184
- C:\Windows\System\DqmpJML.exe
  C:\Windows\System\DqmpJML.exe
  2⤵
  PID:10236
- C:\Windows\System\dcTLXwC.exe
  C:\Windows\System\dcTLXwC.exe
  2⤵
  PID:9236
- C:\Windows\System\BiWzCXP.exe
  C:\Windows\System\BiWzCXP.exe
  2⤵
  PID:1804
- C:\Windows\System\RsTsFMm.exe
  C:\Windows\System\RsTsFMm.exe
  2⤵
  PID:9256
- C:\Windows\System\DZakMyV.exe
  C:\Windows\System\DZakMyV.exe
  2⤵
  PID:9280
- C:\Windows\System\uSrjfdV.exe
  C:\Windows\System\uSrjfdV.exe
  2⤵
  PID:9372
- C:\Windows\System\sjfYeaZ.exe
  C:\Windows\System\sjfYeaZ.exe
  2⤵
  PID:9368
- C:\Windows\System\HCSmMwH.exe
  C:\Windows\System\HCSmMwH.exe
  2⤵
  PID:9508
- C:\Windows\System\UfxQpJk.exe
  C:\Windows\System\UfxQpJk.exe
  2⤵
  PID:9668
- C:\Windows\System\JnhkFBC.exe
  C:\Windows\System\JnhkFBC.exe
  2⤵
  PID:9884
- C:\Windows\System\AOQpomC.exe
  C:\Windows\System\AOQpomC.exe
  2⤵
  PID:9424
- C:\Windows\System\HRrRLcj.exe
  C:\Windows\System\HRrRLcj.exe
  2⤵
  PID:9744
- C:\Windows\System\nVacjMi.exe
  C:\Windows\System\nVacjMi.exe
  2⤵
  PID:9572
- C:\Windows\System\jiARMRv.exe
  C:\Windows\System\jiARMRv.exe
  2⤵
  PID:9324
- C:\Windows\System\MmYdydp.exe
  C:\Windows\System\MmYdydp.exe
  2⤵
  PID:9420
- C:\Windows\System\NjdOpYi.exe
  C:\Windows\System\NjdOpYi.exe
  2⤵
  PID:9536
- C:\Windows\System\jEICviC.exe
  C:\Windows\System\jEICviC.exe
  2⤵
  PID:9796
- C:\Windows\System\OyOBeGF.exe
  C:\Windows\System\OyOBeGF.exe
  2⤵
  PID:9488
- C:\Windows\System\jeXmZDf.exe
  C:\Windows\System\jeXmZDf.exe
  2⤵
  PID:9756
- C:\Windows\System\QSuTzxd.exe
  C:\Windows\System\QSuTzxd.exe
  2⤵
  PID:9908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AkpkFzu.exe

Filesize
6.0MB

MD5
bba17671438bd2206b65b5222c8ef98a

SHA1
60baa8e3cc7d0edb74d8aa3baace86599015069f

SHA256
0e3670c479eb354b0f48e1edd05f8089dbfb92764c5919c70aec18b30912764e

SHA512
d2ca35ec16bd9e7021de4ebfd87f5bc7ff4f916d4c27296e4c94113cd73bfad1fda0fb5a914b79ff67b949ea42a14b3882481c010721f45a596f44e2f0f1e04a

Download Submit
C:\Windows\system\BrOcddV.exe

Filesize
6.0MB

MD5
1b6c677b353e0088c04da33cbc7fc02d

SHA1
f4acf4a6edf14e5267e7aef390005ef64ba67742

SHA256
a779ae5bc29d6fbbe65874b60ed821e822f886805e2c6104137ef94ee5731cc1

SHA512
907e231ed09655295103261c5897ec05a3188d323254d3f0059a58271aa1036a68eabe89e664176e786ea04b4555c06112e0f24d6fa8590be79d5bcb9c47570b

Download Submit
C:\Windows\system\CljFNXn.exe

Filesize
6.0MB

MD5
3222158352adff246ffb77f9a31f8f2f

SHA1
7ecffbfccc253b834640bded3d11c0c4c60a005f

SHA256
383aaa15c51ffcfaea57c570c934446eb4fe225f46c7e2a6d31b2d4fd7a92185

SHA512
f96dbfcbb5fa0fe3c1a0eaa1179be40ca67cfa109dfcec4bdbd1915296f2d7a6c7c8302ddf819e65a45d06cb8f6b32c29eaf6452d3ef0b1152373b224023ce67

Download Submit
C:\Windows\system\FAUWUfq.exe

Filesize
6.0MB

MD5
21feea6b6999ef5a99cdc820afc59022

SHA1
454368e3991ef4daab82cf3af7f931bc7fe2b851

SHA256
32c368fe3c072097e5257beb2201b6c14e6342919c33d1e19161bb833188eb34

SHA512
8ca9e4a122bf86ee952041fef65389a97527343807072f0fb57dfa44ffaab09387006ce0814f8c81d43d85252b31c1c96136b037222844bdc99b911761d0a654

Download Submit
C:\Windows\system\HhuynPf.exe

Filesize
6.0MB

MD5
321f4bfd0bfc057a28bb5979c7c01304

SHA1
ced0dc6ca94cef1a9283ff0028d12bfd6884ab4d

SHA256
5a523b6b08aaab77381b9e095bfaf73a809581d221506743186e68664c5794b9

SHA512
76534eebc0c378df59f9bd87f4698ddc8ded734e53b8ed6d9e17e7aa898f20e9c627b75f2f5d1e08de0ae36ddbbb7475ff6aff14f0e6f483e560dc390a65f5c8

Download Submit
C:\Windows\system\IWJuOPI.exe

Filesize
6.0MB

MD5
379d3ec7bbd385e6bf1c233e67aa9780

SHA1
169adf7b910cb19f086478b8c2161a7c481ca02d

SHA256
01243621498876d090be222e32320917c5b760dc23ab7531c073187c4a41a3a2

SHA512
1926b8e07a0d1a1fadfb6bb95ed912e96eae3259e51e8217a1b4c2d7cc75831d5cd4fc3e9bd4a416fbf8e516f9d56b356ab269cab11b13a94ac87b5f1ebfcc57

Download Submit
C:\Windows\system\JqFzQVD.exe

Filesize
6.0MB

MD5
1a180dd33f1d564c1e1d7147dd8d9c7b

SHA1
2dd333d83c4dd957f9c7279b8ac53f65adc1cd84

SHA256
612d74f34ccfe9670d07c13ddc855240e88545313a91ca33063c165e73731ba2

SHA512
8239e807f79160fe8dd7aec309c6012e3b99001d00357e7a8b9941f58f54de20ff18402e539f4e8965e7fb1313412891e146e7428b8835783dd465dccffd3d9d

Download Submit
C:\Windows\system\KTexKyj.exe

Filesize
6.0MB

MD5
fbf8f03f33acbb50c96733d109fa06d9

SHA1
1453dcbbd206e36b262ec0b8e32b8aab26bc0aae

SHA256
4ac1f973acb1a6059863728b9e91f1e968b9e8a0efb9f4a2ac6eb655ba1467ac

SHA512
499bbf208f8653547cb300c8947405d110519b2cdbf7462297e57fff82c47b8a7aa3d9b6c43a89e08db5eabe0978bef91c8900656466c27aea0e54ee97cb6501

Download Submit
C:\Windows\system\Kfssdya.exe

Filesize
6.0MB

MD5
9cbc36f4306ad5f67b972af70d37aa57

SHA1
05fa6069efbc1074842f9f986d23d5bf155f74f8

SHA256
f0187f4ee5e4d8638f99bbbc424d88d008fff138d4c5419280ed7c662ff7224a

SHA512
63536e5ed39d6e1ef080b4f0cfa19041c824ed88bf0c136308b8f45e905868862b4cc74b2cb217a0d2cb9ff9f3179b044d2fb8cda9c537022c43b6983b98586f

Download Submit
C:\Windows\system\MMUwgpp.exe

Filesize
6.0MB

MD5
61844e9071c5bb30d6f0ec76c02cf663

SHA1
d902eac83a3a788a9de0f3cb9eaa90b6e69e22c6

SHA256
cc24ebba8e2d9b7133dfe844ec2e0376b3690499afb3df2e931f9d5ccd39cd24

SHA512
143a87d2e791146c1bcc5c23f75db77b2633b79dbb868856e37f98948eb3f1ef5bd04ca9c016856e9487bd08d2fc0abaa2de2097bf48805bffcc127a0a19713c

Download Submit
C:\Windows\system\RaOGdqQ.exe

Filesize
6.0MB

MD5
3a285bfe4e4ad03d3b367778f9a42bc6

SHA1
4b391d4ed024f62029b87e9901c9e29fbdc24129

SHA256
1b021fec870ae1e18181fc4f1c088b0f4224ba8bf2b3c590b4ac6306bdc9af23

SHA512
1a292b5353b0f907492043ceec24230134d7163a8b572c20478578978bf436ced67930c3f5668e1574c7751153dd803dc3804f37760f5c8c1f0bab68180a1b4e

Download Submit
C:\Windows\system\RqaUDKj.exe

Filesize
6.0MB

MD5
d5de54a51d5fb0a305dac18db7c4eaf7

SHA1
846888ac9f3a849a0f305515c6f9159637ddad21

SHA256
b76a9548cff8bd587b2c05ab656805a3d1e68ed2f91e702d17b2325b8d7aff9c

SHA512
a5b36ec837027c0386a3d5b9b68aeb82ac11458445696e246ecc97ce1fcc0681e34566822b14355f34802d70172caa14fcc4b9b8b04ef0ad8707e9c20e4c0bd6

Download Submit
C:\Windows\system\TIpgCDC.exe

Filesize
6.0MB

MD5
d0358aaaa834728b0aa33d3adea13d97

SHA1
bae29740646a9538ce1b006a0b12b1eb281d73e2

SHA256
f91ffcf3ee153db6581f0a8b78fb50891b123f9e96fe01eac50d1cf6173b639a

SHA512
5e2d94f3b993aabc45973c47596acf75f7a76eacad3e319e52ad83550a468ee6ee27345691a2c136a87c05fa36070c4bca5e6418e1102d010856cbf9a9c4f260

Download Submit
C:\Windows\system\WRslCkv.exe

Filesize
6.0MB

MD5
6d2201bb40954b3edea8341744382b8b

SHA1
eced55493fba48dea114c6805cb932b87818adbf

SHA256
fb517f9522bff5c1106cd4233751dfbd4920c9cd7265930706e05e037d3ccca1

SHA512
78a7a7c10ef82c1923b33b591aed9b46cbd0f3b9a5fe5d7e97b842f2b03dd1fa93a4e8c68418fd9d93449197374db8d33114fc633d55f7bc81d9f55a4f0b2a5c

Download Submit
C:\Windows\system\ZCrbiYC.exe

Filesize
6.0MB

MD5
03bf1977f4940188a1fe8d41ee2b6cc6

SHA1
9f265911b854cd3cca3124aad27ad177dbd992c8

SHA256
19cc9380c16c2466d6ba0db588cd9f737ed3c5b73e5312a87d4614a4d9696698

SHA512
7d60e7520f6c5c24ad5254a5dea78a505eb8e50bdd5d4796b8902c8bfc28a1a45d75be3c62d2ffdf7aecbd0bccb80c8eba3900003680000c7534f4b095c960f3

Download Submit
C:\Windows\system\aGSYHxf.exe

Filesize
6.0MB

MD5
8c025ee11dc8e732d56cc7c47cf87cd4

SHA1
6e21c10162b76d9163d91ef4a758a105767d764d

SHA256
37f1de5dea76dc7359994da277581cdf4eff420afdcf8362afa832c8b1b6a772

SHA512
54b6ef936aa5b4687ef4ec1c18abbaaf338c51a4ca6dff32c36bd143653e66f33a3e9d0d3c79ea87c68fa516d24341860a1df7afd0090b798ed50594059af72f

Download Submit
C:\Windows\system\bbVffhm.exe

Filesize
6.0MB

MD5
a4e334e0d7531719384750c675bfc7de

SHA1
61150221309b1af2283a3818002c51a7d007d865

SHA256
791fe864a567304a39b42fd94e8c10cb98ce90de403d301fb0c40bcaae266d05

SHA512
7d0f8e343400e68166d8e5afd80d9c4e044e414803dde930b94bd883300169dc73660c20937105e7d7ff0866ff06da79d15bfab0cf8423d18f0f6dab8f823624

Download Submit
C:\Windows\system\dQKsOxj.exe

Filesize
6.0MB

MD5
15454d84f28e777c31d3e2317c4ae10e

SHA1
3629a06138d9ec0d1f871b8237ce9ff9cf9dc6ef

SHA256
299b6ca867e57d39fdfdb5a4af263bec35af9cae416696f45909cb2d2d1584f2

SHA512
5b71514206e4b43584c437fbdab4b37bf3e7b4c029fbec552729f8d87cba217a6da129c5d88370fb60d74d90b540a4d35467785d5dea9e3064c6fd01aa6478bc

Download Submit
C:\Windows\system\dXRQUZb.exe

Filesize
6.0MB

MD5
5c6ea2e213a92c01f5e95f06a609386a

SHA1
a09674ff7b7a68388f9a44a82cd8a72827b9a468

SHA256
5a8d14332449ec5181b68a889b8e6156c6eb8c68c94f4862645dca85252bf62b

SHA512
7f746bacbb44f80e70d2716cc1cd742f9c12b538fa53e78700d2c48d7ef031e7669080d74e717d00e99b083c1562d06896082abaf63c7a97a5f0892ddc0aed96

Download Submit
C:\Windows\system\fDsenLC.exe

Filesize
6.0MB

MD5
a555e7db3ec39a2a20488c75fc246689

SHA1
fdd178443086562b59e31f275b932c310485e856

SHA256
643b47586701358f83c03e89302163f333dce741e01afdf861d8a2e12aca9edb

SHA512
27cf951e5d2a3b15a7da9a646d567ec7b4e2574925a0b033fb0b5b755aee45e94c797d01cfb2705c32a73078fc5f1590dfb07dd963f7c576e327608e6d2463fd

Download Submit
C:\Windows\system\hMBgOSq.exe

Filesize
6.0MB

MD5
b2ce81ba3f6de87dc84003629fc8090b

SHA1
947b8a249faec338636af4e6872e79dfe1333e79

SHA256
24e9c73cdf6850f825be3a441688f45e1abe2991d857ca205d80af567f71efbf

SHA512
04329d55938e0e63c3a23dbd618c999936bb311cb9fadd8aed91593fc6c5b36d16d713fb4a08e1434cdcf39feee3b1231777c883ee18b1908aa73047dddbbf2c

Download Submit
C:\Windows\system\kdRaOGY.exe

Filesize
6.0MB

MD5
1d7eb76719b1af45359060f91800c560

SHA1
1e1222da013af9ff5bcfe05734937c29662ef42d

SHA256
03f7cbbe95cd9f63f51e953465e183833883ecad34677c4e975805b26a922bbb

SHA512
2576e78a40ae551a9bc1548011823077f9d02888a41b2c4e9e6e6791d752601930c795c57833c583a870680c935a165de8f795ca49392a93e89334e37185aff1

Download Submit
C:\Windows\system\mxzNLPU.exe

Filesize
6.0MB

MD5
1bc13546a55984ae558f3f3abda2d568

SHA1
aadc3e4f46faa4796bdd3d43b96b490b3dc6f92b

SHA256
701dcda1c066fcf3be9551d4225cbd31a2d2225a8ac8f9e7a749f0d65f26c8a3

SHA512
1851ab8582f7816026d4439d8c21e0640fb30d5c7dc87094a290a68affc0c3bd450083af104e9f2d84bdd5e1dd80c5f01cb9b37f8e2f15f2690b614f76d7b517

Download Submit
C:\Windows\system\oZsjjoL.exe

Filesize
6.0MB

MD5
32c7ce2c0896ba668a8dcd208609bda1

SHA1
f8e8bf4d19f74a6f528892b06f186dbf1c39a82e

SHA256
508b3b0472feccbf88babd319ccb3f45e424f2d695af0e2cd504596106ba85fa

SHA512
f429e644873c77448f2501671e4398253a41a755f9df9381c9b81e76c5046589ae6fa62af19828d79f945a5fc1ddbe216235ab9024786f5308a585ac5b0f3276

Download Submit
C:\Windows\system\pwaXPzc.exe

Filesize
6.0MB

MD5
8695f582d8dac853bef479e8fc2d24a1

SHA1
814dd76a35a54c95def367b607c40ac7c5c5e471

SHA256
7771178bdd8f092c96f93a549d0963e4f9a6e624cf76d81a3e508971050ecbe2

SHA512
461fde41aa43ed4cb086e33b1a6e02621bf75ae021da7acb8a292cc27819562b228157b6f08cde0504fbe17c6e3cce234644a0c28209fa09127fbd6b0a2f82c6

Download Submit
C:\Windows\system\sMPOtOK.exe

Filesize
6.0MB

MD5
74849a694f154f30c41e44d080610506

SHA1
9c780f08e31dba630131c1e1f0483bd081435b81

SHA256
302f024a2058ab5e81890651b797cde1ae9b8dee4a035c251692d4b80a24d8fe

SHA512
4bb7441427deee79d7ef3cb4a68c29e36ef0a185f43c572b2629f7a9e9207863b02625db37782a243f9d51b80f3773dc33ea2f49dadef8a50bc070b21990e851

Download Submit
C:\Windows\system\tkYYDxc.exe

Filesize
6.0MB

MD5
7133ba10ff7bc54e99fa4eeb80dee7b6

SHA1
b43c81f4c8e0fcbf0e69c90a80b147630c40d379

SHA256
ac1ebf44454e0dd9572e99a6b1a2d2ccacdabeaa88b23216ffbb9228ad5b14fb

SHA512
7eb0c427e5640f33d198709241948df672ed95fa4ac81782a6f73cab99e7c747dedaa444b7f06de83ef94d8b73f1144b9b6ac884efb0b711ec1f96ee93d04663

Download Submit
C:\Windows\system\wQyGhRC.exe

Filesize
6.0MB

MD5
241bbac21dc17a2cfaf5b7703c51e6f5

SHA1
ef0b65be86255afb23ec407a7a3961c160d55e33

SHA256
c7dc237f963d0ba0ae2ec639c4cb09d0c5c97c3e336f6c35082b300c1901637c

SHA512
78e3cc2e3f40c16fe7a007fe856d6f97f7fb352c86690f3ced16c74437b34d77f429b8c0a5a98af166d551d256263c96f55ffa23ca1eeaf5b3c717044d24cc0f

Download Submit
C:\Windows\system\zppNlaG.exe

Filesize
6.0MB

MD5
29a597ce8ed8f6ee3ed358207dbd45c8

SHA1
fdf4d39b8342b7ef85eaf56cc6b215d800635489

SHA256
d9d8a0ab1a3adf4213f3544f0b84a6ccb4afedc7c43b97c07bcccd583b07caf0

SHA512
322e2ceafe586f45a3b228c5d5737af63b7e3e1409b13a12aa4e67308f48bc9767f844fbc60f8ffa8d9480396abe9623f19872fc77063c1a5346a768d360f67f

Download Submit
C:\Windows\system\zqMswJB.exe

Filesize
6.0MB

MD5
4de36667fb33a09e6c8d4e192d50f187

SHA1
d377604e3b3cce59be701cad5616a4b1c091745c

SHA256
a7373cef1a1dfaa7235a7168b807d9c8b80886fa7ecb79dfa9f189e2a1c9337e

SHA512
ddbaeeb7e9e41dc788c33b78f284cd9550513132fa287b86cb7f536d0bd6919340f8025a4832a1ac61b93d6cd13a5b92d26428acaf5ec6282ad7e0db37bebd4a

Download Submit
\Windows\system\iWifFXM.exe

Filesize
6.0MB

MD5
64471e58bdcf975b2fcd30bb97c69ae9

SHA1
987026d45f3b5bb35a695da57179a9454b45f39d

SHA256
8546760ef8ba595e8e357e34cdd54289cb49765b32f22b6ddd93eb2590dfcbb7

SHA512
f189cc560af84ced691b8b9a709a818c5a60c6d3309fcec92f1784ca1b0025facbb50f6e76865d09979731bcf0a6055e0c3d940494328fbd87cb08e0cea4ccac

Download Submit
\Windows\system\lcxjfoS.exe

Filesize
6.0MB

MD5
6aa7f2e4e865331b61583bf6571a3d29

SHA1
192651f0d1a0baea44bc7363d5f0de5eab758209

SHA256
f829da6af5496e48f715ac1481c5e8c8ab82774bf768adf21720f13e20f3be3e

SHA512
47fc0b55f216c1927fccec77b0489584ce24b049612c4e5466df303dea4ec726fbbcd257fd439293f9074a81b2be4b1b157ba9b8c19fa572f47563730877fd95

Download Submit
memory/2368-0-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2368-2468-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3045-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3043-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3126-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3127-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2484-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2388-3949-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download