cobaltstrike | ffab0dda6648c61d3e12a71e1d241ed84170a509e1765eabfc4179e3d68699e4

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

16cb089fc62533d22409a14cf839d1fc
SHA1

d80d49f4ea173ddb5eaf857f7a3ea2ca2e38f29f
SHA256

ffab0dda6648c61d3e12a71e1d241ed84170a509e1765eabfc4179e3d68699e4
SHA512

41bc87e12c7322502c21597c0106a8ee053befcdfd94d20cb85b133d7f1141f2d2170ae6502103ce757c96953d328e1f49359a4fdddf016d996629b92579a698
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000019214-11.dat	cobalt_reflective_dll
behavioral1/files/0x000b0000000120dc-6.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019219-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019232-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019329-38.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000191d1-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ed-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a483-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a485-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a487-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a481-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47f-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47c-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a478-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a472-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a470-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a454-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a452-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-63.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195c2-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019369-49.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001921d-24.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2976-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019214-11.dat	xmrig
behavioral1/memory/3052-14-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x000b0000000120dc-6.dat	xmrig
behavioral1/memory/2912-15-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x0006000000019219-23.dat	xmrig
behavioral1/memory/2976-37-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/files/0x0006000000019232-40.dat	xmrig
behavioral1/files/0x0006000000019329-38.dat	xmrig
behavioral1/memory/2976-33-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/3052-45-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2068-44-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2976-42-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2760-50-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2244-55-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x00080000000191d1-69.dat	xmrig
behavioral1/memory/2148-70-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2596-86-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2612-95-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3ed-116.dat	xmrig
behavioral1/files/0x000500000001a447-129.dat	xmrig
behavioral1/files/0x000500000001a483-186.dat	xmrig
behavioral1/memory/2492-2983-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/3052-2985-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1976-2987-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2912-2991-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2408-2990-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2068-2994-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2244-3017-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2760-3019-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2684-3022-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2148-3025-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2596-3036-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2784-3035-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2612-3047-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/1512-3045-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/1512-800-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2612-624-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2976-547-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2596-471-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2784-351-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2148-217-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a485-192.dat	xmrig
behavioral1/files/0x000500000001a487-196.dat	xmrig
behavioral1/files/0x000500000001a481-182.dat	xmrig
behavioral1/files/0x000500000001a47f-176.dat	xmrig
behavioral1/files/0x000500000001a47c-172.dat	xmrig
behavioral1/files/0x000500000001a478-166.dat	xmrig
behavioral1/files/0x000500000001a472-161.dat	xmrig
behavioral1/files/0x000500000001a470-157.dat	xmrig
behavioral1/files/0x000500000001a46d-151.dat	xmrig
behavioral1/files/0x000500000001a463-146.dat	xmrig
behavioral1/files/0x000500000001a454-141.dat	xmrig
behavioral1/files/0x000500000001a452-136.dat	xmrig
behavioral1/files/0x000500000001a445-127.dat	xmrig
behavioral1/files/0x000500000001a423-121.dat	xmrig
behavioral1/files/0x000500000001a3ea-111.dat	xmrig
behavioral1/memory/2244-94-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3e6-93.dat	xmrig
behavioral1/memory/2976-91-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2976-90-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/1512-105-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2684-104-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3e8-103.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3052	SrfojIy.exe
2912	mQIGWjW.exe
2492	bScRUnB.exe
1976	PgyViYk.exe
2408	TsYzora.exe
2068	KiYGCRJ.exe
2760	vKxnXkH.exe
2244	IbhyvKq.exe
2684	gDCcWto.exe
2148	IacDJii.exe
2784	ZGVyNav.exe
2596	BxwEZYx.exe
2612	EURKUSI.exe
1512	vzVfvne.exe
1728	NjgOBju.exe
372	wbrZsXP.exe
1264	ANgcGRC.exe
2036	xAMONfF.exe
1288	DqgzTPW.exe
1820	ZUdhtXP.exe
624	MuaKIfj.exe
1780	YBOAUww.exe
2732	rvyFmmM.exe
2864	pTfPHdo.exe
2276	ECcmBAL.exe
2144	OwgxgGY.exe
576	tMSHNZf.exe
2132	AHcUkJG.exe
1484	IezhrEd.exe
2184	gVANNOH.exe
1832	yIEUEbQ.exe
904	WBGWVdQ.exe
1872	BRfAGMw.exe
1520	QvpmupM.exe
1084	CnPrCwV.exe
1748	gDCFIwv.exe
896	yoTnTIO.exe
300	ORpBUfa.exe
1560	cpbeRub.exe
656	LaqyzbE.exe
736	OgrFhgS.exe
856	WHvYXkv.exe
2292	TuXvEvN.exe
2424	uHtuBKw.exe
1652	njEZTsI.exe
396	DOrtrcU.exe
3064	TOXHcRA.exe
1028	HuXCWuo.exe
908	btQDGGR.exe
2220	fsWbNdT.exe
2432	KxtaOVz.exe
1612	bdRQoQV.exe
2516	UXkKDmu.exe
2104	CXGALdJ.exe
2332	eMSfWlD.exe
2708	wqVLuqd.exe
2780	azwYkfb.exe
2676	kVoVFnu.exe
2668	gDCLtlx.exe
3008	ECVElCq.exe
1928	bWLpyug.exe
2092	JyYOfhu.exe
1644	spCpyqM.exe
1988	roVClba.exe

Loads dropped DLL 64 IoCs

pid	Process
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2976-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0007000000019214-11.dat	upx
behavioral1/memory/3052-14-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x000b0000000120dc-6.dat	upx
behavioral1/memory/2912-15-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x0006000000019219-23.dat	upx
behavioral1/memory/2976-37-0x00000000022C0000-0x0000000002614000-memory.dmp	upx
behavioral1/files/0x0006000000019232-40.dat	upx
behavioral1/files/0x0006000000019329-38.dat	upx
behavioral1/memory/3052-45-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2068-44-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2976-42-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2760-50-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2244-55-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x00080000000191d1-69.dat	upx
behavioral1/memory/2148-70-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2596-86-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2612-95-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x000500000001a3ed-116.dat	upx
behavioral1/files/0x000500000001a447-129.dat	upx
behavioral1/files/0x000500000001a483-186.dat	upx
behavioral1/memory/2492-2983-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/3052-2985-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1976-2987-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2912-2991-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2408-2990-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2068-2994-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2244-3017-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2760-3019-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2684-3022-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2148-3025-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2596-3036-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2784-3035-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2612-3047-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/1512-3045-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/1512-800-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2612-624-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2596-471-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2784-351-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2148-217-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x000500000001a485-192.dat	upx
behavioral1/files/0x000500000001a487-196.dat	upx
behavioral1/files/0x000500000001a481-182.dat	upx
behavioral1/files/0x000500000001a47f-176.dat	upx
behavioral1/files/0x000500000001a47c-172.dat	upx
behavioral1/files/0x000500000001a478-166.dat	upx
behavioral1/files/0x000500000001a472-161.dat	upx
behavioral1/files/0x000500000001a470-157.dat	upx
behavioral1/files/0x000500000001a46d-151.dat	upx
behavioral1/files/0x000500000001a463-146.dat	upx
behavioral1/files/0x000500000001a454-141.dat	upx
behavioral1/files/0x000500000001a452-136.dat	upx
behavioral1/files/0x000500000001a445-127.dat	upx
behavioral1/files/0x000500000001a423-121.dat	upx
behavioral1/files/0x000500000001a3ea-111.dat	upx
behavioral1/memory/2244-94-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x000500000001a3e6-93.dat	upx
behavioral1/memory/1512-105-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2684-104-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000500000001a3e8-103.dat	upx
behavioral1/memory/2784-80-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2068-79-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x000500000001a2fc-78.dat	upx
behavioral1/memory/2408-74-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\igaBtLq.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHCiMkN.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpxqVHu.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mipWUwF.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGhTGpp.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcMMqVx.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FMzVsQc.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcCcUyt.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khHyXDh.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWcUOBO.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnQhtOL.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TILdyeQ.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDRIVaF.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfZhhWZ.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRjxrcx.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\scgNWcZ.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fzSUKRb.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhnAGaH.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fsvjWjW.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIhmbCT.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmGowBx.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\goKUugc.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RirEjBG.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFFkOem.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbYRlyv.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgZirKW.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StZmOKO.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmyLiVB.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhlHKdi.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeTyXaK.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjiMaXn.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzDFNDa.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRNuKlm.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ARSytbS.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKUhdWd.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZKpXyR.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwRIjHV.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGLPPEc.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGWUuNr.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FINUGdA.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rehsUPo.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJUTIIb.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHIAZZK.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptLiAFL.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqYrtEN.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMNmmLp.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTuqdkq.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXRjZiN.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xghjzEd.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XETvdAt.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbQAKAT.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtsgvhW.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjMUoFK.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRvKCVK.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUmwaBV.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPcxETr.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DmTKaKo.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKVAfjp.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPrVfZm.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDIaxdT.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCbcfsJ.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBCwmgA.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDwGJSh.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHnWSgY.exe	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 3052	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2976 wrote to memory of 3052	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2976 wrote to memory of 3052	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2976 wrote to memory of 2912	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2976 wrote to memory of 2912	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2976 wrote to memory of 2912	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2976 wrote to memory of 2492	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2976 wrote to memory of 2492	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2976 wrote to memory of 2492	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2976 wrote to memory of 1976	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2976 wrote to memory of 1976	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2976 wrote to memory of 1976	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2976 wrote to memory of 2068	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2976 wrote to memory of 2068	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2976 wrote to memory of 2068	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2976 wrote to memory of 2408	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2976 wrote to memory of 2408	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2976 wrote to memory of 2408	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2976 wrote to memory of 2760	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2976 wrote to memory of 2760	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2976 wrote to memory of 2760	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2976 wrote to memory of 2244	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2976 wrote to memory of 2244	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2976 wrote to memory of 2244	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2976 wrote to memory of 2684	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2976 wrote to memory of 2684	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2976 wrote to memory of 2684	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2976 wrote to memory of 2148	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2976 wrote to memory of 2148	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2976 wrote to memory of 2148	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2976 wrote to memory of 2784	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2976 wrote to memory of 2784	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2976 wrote to memory of 2784	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2976 wrote to memory of 2596	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2976 wrote to memory of 2596	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2976 wrote to memory of 2596	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2976 wrote to memory of 2612	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2976 wrote to memory of 2612	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2976 wrote to memory of 2612	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2976 wrote to memory of 1512	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2976 wrote to memory of 1512	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2976 wrote to memory of 1512	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2976 wrote to memory of 1728	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2976 wrote to memory of 1728	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2976 wrote to memory of 1728	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2976 wrote to memory of 372	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2976 wrote to memory of 372	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2976 wrote to memory of 372	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2976 wrote to memory of 1264	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2976 wrote to memory of 1264	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2976 wrote to memory of 1264	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2976 wrote to memory of 2036	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2976 wrote to memory of 2036	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2976 wrote to memory of 2036	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2976 wrote to memory of 1288	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2976 wrote to memory of 1288	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2976 wrote to memory of 1288	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2976 wrote to memory of 1820	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2976 wrote to memory of 1820	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2976 wrote to memory of 1820	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2976 wrote to memory of 624	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2976 wrote to memory of 624	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2976 wrote to memory of 624	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2976 wrote to memory of 1780	2976	2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_16cb089fc62533d22409a14cf839d1fc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\System\SrfojIy.exe
  C:\Windows\System\SrfojIy.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\mQIGWjW.exe
  C:\Windows\System\mQIGWjW.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\bScRUnB.exe
  C:\Windows\System\bScRUnB.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\PgyViYk.exe
  C:\Windows\System\PgyViYk.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\KiYGCRJ.exe
  C:\Windows\System\KiYGCRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\TsYzora.exe
  C:\Windows\System\TsYzora.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\vKxnXkH.exe
  C:\Windows\System\vKxnXkH.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\IbhyvKq.exe
  C:\Windows\System\IbhyvKq.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\gDCcWto.exe
  C:\Windows\System\gDCcWto.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\IacDJii.exe
  C:\Windows\System\IacDJii.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\ZGVyNav.exe
  C:\Windows\System\ZGVyNav.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\BxwEZYx.exe
  C:\Windows\System\BxwEZYx.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\EURKUSI.exe
  C:\Windows\System\EURKUSI.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\vzVfvne.exe
  C:\Windows\System\vzVfvne.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\NjgOBju.exe
  C:\Windows\System\NjgOBju.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\wbrZsXP.exe
  C:\Windows\System\wbrZsXP.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\ANgcGRC.exe
  C:\Windows\System\ANgcGRC.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\xAMONfF.exe
  C:\Windows\System\xAMONfF.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\DqgzTPW.exe
  C:\Windows\System\DqgzTPW.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\ZUdhtXP.exe
  C:\Windows\System\ZUdhtXP.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\MuaKIfj.exe
  C:\Windows\System\MuaKIfj.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\YBOAUww.exe
  C:\Windows\System\YBOAUww.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\rvyFmmM.exe
  C:\Windows\System\rvyFmmM.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\pTfPHdo.exe
  C:\Windows\System\pTfPHdo.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\ECcmBAL.exe
  C:\Windows\System\ECcmBAL.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\OwgxgGY.exe
  C:\Windows\System\OwgxgGY.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\tMSHNZf.exe
  C:\Windows\System\tMSHNZf.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\AHcUkJG.exe
  C:\Windows\System\AHcUkJG.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\IezhrEd.exe
  C:\Windows\System\IezhrEd.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\gVANNOH.exe
  C:\Windows\System\gVANNOH.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\yIEUEbQ.exe
  C:\Windows\System\yIEUEbQ.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\WBGWVdQ.exe
  C:\Windows\System\WBGWVdQ.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\BRfAGMw.exe
  C:\Windows\System\BRfAGMw.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\QvpmupM.exe
  C:\Windows\System\QvpmupM.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\CnPrCwV.exe
  C:\Windows\System\CnPrCwV.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\gDCFIwv.exe
  C:\Windows\System\gDCFIwv.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\yoTnTIO.exe
  C:\Windows\System\yoTnTIO.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\ORpBUfa.exe
  C:\Windows\System\ORpBUfa.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\cpbeRub.exe
  C:\Windows\System\cpbeRub.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\LaqyzbE.exe
  C:\Windows\System\LaqyzbE.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\OgrFhgS.exe
  C:\Windows\System\OgrFhgS.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\WHvYXkv.exe
  C:\Windows\System\WHvYXkv.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\TuXvEvN.exe
  C:\Windows\System\TuXvEvN.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\uHtuBKw.exe
  C:\Windows\System\uHtuBKw.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\njEZTsI.exe
  C:\Windows\System\njEZTsI.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\DOrtrcU.exe
  C:\Windows\System\DOrtrcU.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\TOXHcRA.exe
  C:\Windows\System\TOXHcRA.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\HuXCWuo.exe
  C:\Windows\System\HuXCWuo.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\btQDGGR.exe
  C:\Windows\System\btQDGGR.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\fsWbNdT.exe
  C:\Windows\System\fsWbNdT.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\KxtaOVz.exe
  C:\Windows\System\KxtaOVz.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\bdRQoQV.exe
  C:\Windows\System\bdRQoQV.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\UXkKDmu.exe
  C:\Windows\System\UXkKDmu.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\CXGALdJ.exe
  C:\Windows\System\CXGALdJ.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\eMSfWlD.exe
  C:\Windows\System\eMSfWlD.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\wqVLuqd.exe
  C:\Windows\System\wqVLuqd.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\azwYkfb.exe
  C:\Windows\System\azwYkfb.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\kVoVFnu.exe
  C:\Windows\System\kVoVFnu.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\gDCLtlx.exe
  C:\Windows\System\gDCLtlx.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\ECVElCq.exe
  C:\Windows\System\ECVElCq.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\bWLpyug.exe
  C:\Windows\System\bWLpyug.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\JyYOfhu.exe
  C:\Windows\System\JyYOfhu.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\spCpyqM.exe
  C:\Windows\System\spCpyqM.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\roVClba.exe
  C:\Windows\System\roVClba.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\RbXzbgN.exe
  C:\Windows\System\RbXzbgN.exe
  2⤵
  PID:1144
- C:\Windows\System\zVKYzkd.exe
  C:\Windows\System\zVKYzkd.exe
  2⤵
  PID:2860
- C:\Windows\System\KuDmdyV.exe
  C:\Windows\System\KuDmdyV.exe
  2⤵
  PID:2872
- C:\Windows\System\qGdGCte.exe
  C:\Windows\System\qGdGCte.exe
  2⤵
  PID:2136
- C:\Windows\System\lPNlJDL.exe
  C:\Windows\System\lPNlJDL.exe
  2⤵
  PID:2980
- C:\Windows\System\FCJhvhW.exe
  C:\Windows\System\FCJhvhW.exe
  2⤵
  PID:2728
- C:\Windows\System\EWePWOx.exe
  C:\Windows\System\EWePWOx.exe
  2⤵
  PID:2312
- C:\Windows\System\gJEFlHc.exe
  C:\Windows\System\gJEFlHc.exe
  2⤵
  PID:2000
- C:\Windows\System\lKPBtHx.exe
  C:\Windows\System\lKPBtHx.exe
  2⤵
  PID:1660
- C:\Windows\System\EkpvqQK.exe
  C:\Windows\System\EkpvqQK.exe
  2⤵
  PID:2376
- C:\Windows\System\hPspWhB.exe
  C:\Windows\System\hPspWhB.exe
  2⤵
  PID:1792
- C:\Windows\System\BlJNFWM.exe
  C:\Windows\System\BlJNFWM.exe
  2⤵
  PID:1556
- C:\Windows\System\SJqGPwl.exe
  C:\Windows\System\SJqGPwl.exe
  2⤵
  PID:1128
- C:\Windows\System\IyymlxQ.exe
  C:\Windows\System\IyymlxQ.exe
  2⤵
  PID:760
- C:\Windows\System\osENtQl.exe
  C:\Windows\System\osENtQl.exe
  2⤵
  PID:2116
- C:\Windows\System\ckocBrK.exe
  C:\Windows\System\ckocBrK.exe
  2⤵
  PID:1048
- C:\Windows\System\sTwPQNt.exe
  C:\Windows\System\sTwPQNt.exe
  2⤵
  PID:480
- C:\Windows\System\zdKqYSG.exe
  C:\Windows\System\zdKqYSG.exe
  2⤵
  PID:1516
- C:\Windows\System\BgpnIyx.exe
  C:\Windows\System\BgpnIyx.exe
  2⤵
  PID:2472
- C:\Windows\System\PhmLoCQ.exe
  C:\Windows\System\PhmLoCQ.exe
  2⤵
  PID:1584
- C:\Windows\System\bJCpxDu.exe
  C:\Windows\System\bJCpxDu.exe
  2⤵
  PID:2356
- C:\Windows\System\bHuRNWk.exe
  C:\Windows\System\bHuRNWk.exe
  2⤵
  PID:2736
- C:\Windows\System\SeJZLMk.exe
  C:\Windows\System\SeJZLMk.exe
  2⤵
  PID:2824
- C:\Windows\System\DFmcrZz.exe
  C:\Windows\System\DFmcrZz.exe
  2⤵
  PID:2568
- C:\Windows\System\TTizDrS.exe
  C:\Windows\System\TTizDrS.exe
  2⤵
  PID:3032
- C:\Windows\System\ZvGJrjv.exe
  C:\Windows\System\ZvGJrjv.exe
  2⤵
  PID:1532
- C:\Windows\System\IevBSTg.exe
  C:\Windows\System\IevBSTg.exe
  2⤵
  PID:1204
- C:\Windows\System\ZqybnUP.exe
  C:\Windows\System\ZqybnUP.exe
  2⤵
  PID:1768
- C:\Windows\System\APEPAYG.exe
  C:\Windows\System\APEPAYG.exe
  2⤵
  PID:2448
- C:\Windows\System\OmuohqD.exe
  C:\Windows\System\OmuohqD.exe
  2⤵
  PID:2152
- C:\Windows\System\uCUPlYY.exe
  C:\Windows\System\uCUPlYY.exe
  2⤵
  PID:1352
- C:\Windows\System\aJDagqj.exe
  C:\Windows\System\aJDagqj.exe
  2⤵
  PID:1032
- C:\Windows\System\MeSJHqh.exe
  C:\Windows\System\MeSJHqh.exe
  2⤵
  PID:816
- C:\Windows\System\KmGaYwX.exe
  C:\Windows\System\KmGaYwX.exe
  2⤵
  PID:804
- C:\Windows\System\GVhGVJx.exe
  C:\Windows\System\GVhGVJx.exe
  2⤵
  PID:1232
- C:\Windows\System\bCOqIGV.exe
  C:\Windows\System\bCOqIGV.exe
  2⤵
  PID:304
- C:\Windows\System\DkBqDrP.exe
  C:\Windows\System\DkBqDrP.exe
  2⤵
  PID:540
- C:\Windows\System\gbwosah.exe
  C:\Windows\System\gbwosah.exe
  2⤵
  PID:1604
- C:\Windows\System\bMglqbO.exe
  C:\Windows\System\bMglqbO.exe
  2⤵
  PID:1712
- C:\Windows\System\gGUGLfG.exe
  C:\Windows\System\gGUGLfG.exe
  2⤵
  PID:2928
- C:\Windows\System\yCUtPGR.exe
  C:\Windows\System\yCUtPGR.exe
  2⤵
  PID:2564
- C:\Windows\System\hJVdnSK.exe
  C:\Windows\System\hJVdnSK.exe
  2⤵
  PID:2024
- C:\Windows\System\iTkytKN.exe
  C:\Windows\System\iTkytKN.exe
  2⤵
  PID:3080
- C:\Windows\System\PCKvVgM.exe
  C:\Windows\System\PCKvVgM.exe
  2⤵
  PID:3100
- C:\Windows\System\CdLnxNN.exe
  C:\Windows\System\CdLnxNN.exe
  2⤵
  PID:3120
- C:\Windows\System\tEQPsGE.exe
  C:\Windows\System\tEQPsGE.exe
  2⤵
  PID:3140
- C:\Windows\System\anOEJID.exe
  C:\Windows\System\anOEJID.exe
  2⤵
  PID:3160
- C:\Windows\System\KzykzWg.exe
  C:\Windows\System\KzykzWg.exe
  2⤵
  PID:3180
- C:\Windows\System\iMCzssH.exe
  C:\Windows\System\iMCzssH.exe
  2⤵
  PID:3200
- C:\Windows\System\uLEMOjr.exe
  C:\Windows\System\uLEMOjr.exe
  2⤵
  PID:3220
- C:\Windows\System\OQCkdSR.exe
  C:\Windows\System\OQCkdSR.exe
  2⤵
  PID:3240
- C:\Windows\System\xIsHzVB.exe
  C:\Windows\System\xIsHzVB.exe
  2⤵
  PID:3260
- C:\Windows\System\iSdOjOf.exe
  C:\Windows\System\iSdOjOf.exe
  2⤵
  PID:3280
- C:\Windows\System\NGcDdYR.exe
  C:\Windows\System\NGcDdYR.exe
  2⤵
  PID:3300
- C:\Windows\System\zNkfCjh.exe
  C:\Windows\System\zNkfCjh.exe
  2⤵
  PID:3320
- C:\Windows\System\vmsqkQA.exe
  C:\Windows\System\vmsqkQA.exe
  2⤵
  PID:3336
- C:\Windows\System\rnTkZtM.exe
  C:\Windows\System\rnTkZtM.exe
  2⤵
  PID:3360
- C:\Windows\System\yYgwxoX.exe
  C:\Windows\System\yYgwxoX.exe
  2⤵
  PID:3380
- C:\Windows\System\htcVVTL.exe
  C:\Windows\System\htcVVTL.exe
  2⤵
  PID:3404
- C:\Windows\System\kTjtjdk.exe
  C:\Windows\System\kTjtjdk.exe
  2⤵
  PID:3420
- C:\Windows\System\YgPwZxq.exe
  C:\Windows\System\YgPwZxq.exe
  2⤵
  PID:3444
- C:\Windows\System\JuxoqQT.exe
  C:\Windows\System\JuxoqQT.exe
  2⤵
  PID:3464
- C:\Windows\System\nwNFIYn.exe
  C:\Windows\System\nwNFIYn.exe
  2⤵
  PID:3484
- C:\Windows\System\NXsazNu.exe
  C:\Windows\System\NXsazNu.exe
  2⤵
  PID:3508
- C:\Windows\System\zdclgDi.exe
  C:\Windows\System\zdclgDi.exe
  2⤵
  PID:3528
- C:\Windows\System\NBuZXaF.exe
  C:\Windows\System\NBuZXaF.exe
  2⤵
  PID:3548
- C:\Windows\System\aNYrxBl.exe
  C:\Windows\System\aNYrxBl.exe
  2⤵
  PID:3568
- C:\Windows\System\kuHtzuv.exe
  C:\Windows\System\kuHtzuv.exe
  2⤵
  PID:3588
- C:\Windows\System\pDILUTT.exe
  C:\Windows\System\pDILUTT.exe
  2⤵
  PID:3608
- C:\Windows\System\zEOtEmo.exe
  C:\Windows\System\zEOtEmo.exe
  2⤵
  PID:3628
- C:\Windows\System\JMJJOWm.exe
  C:\Windows\System\JMJJOWm.exe
  2⤵
  PID:3648
- C:\Windows\System\ijiLvua.exe
  C:\Windows\System\ijiLvua.exe
  2⤵
  PID:3668
- C:\Windows\System\rDpguwB.exe
  C:\Windows\System\rDpguwB.exe
  2⤵
  PID:3688
- C:\Windows\System\uCVAeOc.exe
  C:\Windows\System\uCVAeOc.exe
  2⤵
  PID:3708
- C:\Windows\System\uAOwYJA.exe
  C:\Windows\System\uAOwYJA.exe
  2⤵
  PID:3728
- C:\Windows\System\MPmhjLW.exe
  C:\Windows\System\MPmhjLW.exe
  2⤵
  PID:3748
- C:\Windows\System\KJIpHLq.exe
  C:\Windows\System\KJIpHLq.exe
  2⤵
  PID:3768
- C:\Windows\System\LiPvEHI.exe
  C:\Windows\System\LiPvEHI.exe
  2⤵
  PID:3788
- C:\Windows\System\ytBXvcL.exe
  C:\Windows\System\ytBXvcL.exe
  2⤵
  PID:3808
- C:\Windows\System\ltITqYM.exe
  C:\Windows\System\ltITqYM.exe
  2⤵
  PID:3828
- C:\Windows\System\LuagjgH.exe
  C:\Windows\System\LuagjgH.exe
  2⤵
  PID:3848
- C:\Windows\System\zhnKrOD.exe
  C:\Windows\System\zhnKrOD.exe
  2⤵
  PID:3868
- C:\Windows\System\dplsQaM.exe
  C:\Windows\System\dplsQaM.exe
  2⤵
  PID:3888
- C:\Windows\System\oobHFgA.exe
  C:\Windows\System\oobHFgA.exe
  2⤵
  PID:3912
- C:\Windows\System\DfZBIwS.exe
  C:\Windows\System\DfZBIwS.exe
  2⤵
  PID:3932
- C:\Windows\System\dIERHnD.exe
  C:\Windows\System\dIERHnD.exe
  2⤵
  PID:3952
- C:\Windows\System\tSoQOCq.exe
  C:\Windows\System\tSoQOCq.exe
  2⤵
  PID:3972
- C:\Windows\System\jOlwaVC.exe
  C:\Windows\System\jOlwaVC.exe
  2⤵
  PID:3992
- C:\Windows\System\HmBvuIg.exe
  C:\Windows\System\HmBvuIg.exe
  2⤵
  PID:4012
- C:\Windows\System\dWcUOBO.exe
  C:\Windows\System\dWcUOBO.exe
  2⤵
  PID:4032
- C:\Windows\System\fLOTPGs.exe
  C:\Windows\System\fLOTPGs.exe
  2⤵
  PID:4052
- C:\Windows\System\PhAbkyC.exe
  C:\Windows\System\PhAbkyC.exe
  2⤵
  PID:4072
- C:\Windows\System\iSgxVxE.exe
  C:\Windows\System\iSgxVxE.exe
  2⤵
  PID:4092
- C:\Windows\System\scgNWcZ.exe
  C:\Windows\System\scgNWcZ.exe
  2⤵
  PID:1092
- C:\Windows\System\FyBJAwy.exe
  C:\Windows\System\FyBJAwy.exe
  2⤵
  PID:1592
- C:\Windows\System\UMnSBUt.exe
  C:\Windows\System\UMnSBUt.exe
  2⤵
  PID:988
- C:\Windows\System\aQpUeTp.exe
  C:\Windows\System\aQpUeTp.exe
  2⤵
  PID:632
- C:\Windows\System\lIGWbJb.exe
  C:\Windows\System\lIGWbJb.exe
  2⤵
  PID:2972
- C:\Windows\System\bFGYfjB.exe
  C:\Windows\System\bFGYfjB.exe
  2⤵
  PID:2352
- C:\Windows\System\mykSmId.exe
  C:\Windows\System\mykSmId.exe
  2⤵
  PID:888
- C:\Windows\System\uvOxtvN.exe
  C:\Windows\System\uvOxtvN.exe
  2⤵
  PID:2836
- C:\Windows\System\BizxFZD.exe
  C:\Windows\System\BizxFZD.exe
  2⤵
  PID:2012
- C:\Windows\System\WgTmhPY.exe
  C:\Windows\System\WgTmhPY.exe
  2⤵
  PID:3116
- C:\Windows\System\LwlfqMk.exe
  C:\Windows\System\LwlfqMk.exe
  2⤵
  PID:3092
- C:\Windows\System\pVyvryu.exe
  C:\Windows\System\pVyvryu.exe
  2⤵
  PID:3128
- C:\Windows\System\dLadvVy.exe
  C:\Windows\System\dLadvVy.exe
  2⤵
  PID:3176
- C:\Windows\System\OWHhvHS.exe
  C:\Windows\System\OWHhvHS.exe
  2⤵
  PID:3236
- C:\Windows\System\EisCagD.exe
  C:\Windows\System\EisCagD.exe
  2⤵
  PID:3252
- C:\Windows\System\rrtdBPT.exe
  C:\Windows\System\rrtdBPT.exe
  2⤵
  PID:3308
- C:\Windows\System\HepOWPi.exe
  C:\Windows\System\HepOWPi.exe
  2⤵
  PID:3332
- C:\Windows\System\YGJPLxU.exe
  C:\Windows\System\YGJPLxU.exe
  2⤵
  PID:3368
- C:\Windows\System\FPvDoEZ.exe
  C:\Windows\System\FPvDoEZ.exe
  2⤵
  PID:3392
- C:\Windows\System\hDaZEkc.exe
  C:\Windows\System\hDaZEkc.exe
  2⤵
  PID:3440
- C:\Windows\System\HppGyVR.exe
  C:\Windows\System\HppGyVR.exe
  2⤵
  PID:3472
- C:\Windows\System\eShbHhB.exe
  C:\Windows\System\eShbHhB.exe
  2⤵
  PID:3516
- C:\Windows\System\OfbUBwx.exe
  C:\Windows\System\OfbUBwx.exe
  2⤵
  PID:3544
- C:\Windows\System\mAStvkx.exe
  C:\Windows\System\mAStvkx.exe
  2⤵
  PID:3576
- C:\Windows\System\vvIUUeo.exe
  C:\Windows\System\vvIUUeo.exe
  2⤵
  PID:3600
- C:\Windows\System\oHkNrsY.exe
  C:\Windows\System\oHkNrsY.exe
  2⤵
  PID:3644
- C:\Windows\System\fUdUFQz.exe
  C:\Windows\System\fUdUFQz.exe
  2⤵
  PID:3676
- C:\Windows\System\pQaHLqO.exe
  C:\Windows\System\pQaHLqO.exe
  2⤵
  PID:3700
- C:\Windows\System\RuekILt.exe
  C:\Windows\System\RuekILt.exe
  2⤵
  PID:3744
- C:\Windows\System\fJlnSrn.exe
  C:\Windows\System\fJlnSrn.exe
  2⤵
  PID:3796
- C:\Windows\System\nRGkGjt.exe
  C:\Windows\System\nRGkGjt.exe
  2⤵
  PID:3836
- C:\Windows\System\SxqUgNp.exe
  C:\Windows\System\SxqUgNp.exe
  2⤵
  PID:3824
- C:\Windows\System\FroomSO.exe
  C:\Windows\System\FroomSO.exe
  2⤵
  PID:3884
- C:\Windows\System\aUhLwuV.exe
  C:\Windows\System\aUhLwuV.exe
  2⤵
  PID:3900
- C:\Windows\System\JGVmsEE.exe
  C:\Windows\System\JGVmsEE.exe
  2⤵
  PID:3940
- C:\Windows\System\tIeFQNl.exe
  C:\Windows\System\tIeFQNl.exe
  2⤵
  PID:4000
- C:\Windows\System\llunTxi.exe
  C:\Windows\System\llunTxi.exe
  2⤵
  PID:4004
- C:\Windows\System\wgczxyl.exe
  C:\Windows\System\wgczxyl.exe
  2⤵
  PID:4048
- C:\Windows\System\XTrGSFv.exe
  C:\Windows\System\XTrGSFv.exe
  2⤵
  PID:4060
- C:\Windows\System\DqmSSAv.exe
  C:\Windows\System\DqmSSAv.exe
  2⤵
  PID:2172
- C:\Windows\System\McXUPWl.exe
  C:\Windows\System\McXUPWl.exe
  2⤵
  PID:1700
- C:\Windows\System\SibBLeG.exe
  C:\Windows\System\SibBLeG.exe
  2⤵
  PID:1244
- C:\Windows\System\OvGywak.exe
  C:\Windows\System\OvGywak.exe
  2⤵
  PID:1716
- C:\Windows\System\gcsGZoU.exe
  C:\Windows\System\gcsGZoU.exe
  2⤵
  PID:2016
- C:\Windows\System\SrXwGWq.exe
  C:\Windows\System\SrXwGWq.exe
  2⤵
  PID:2888
- C:\Windows\System\BnOXZaT.exe
  C:\Windows\System\BnOXZaT.exe
  2⤵
  PID:3152
- C:\Windows\System\XtYrDYi.exe
  C:\Windows\System\XtYrDYi.exe
  2⤵
  PID:3216
- C:\Windows\System\YEGdZrE.exe
  C:\Windows\System\YEGdZrE.exe
  2⤵
  PID:3276
- C:\Windows\System\fYESxfY.exe
  C:\Windows\System\fYESxfY.exe
  2⤵
  PID:3272
- C:\Windows\System\QwLTqjA.exe
  C:\Windows\System\QwLTqjA.exe
  2⤵
  PID:3292
- C:\Windows\System\jwrGnaM.exe
  C:\Windows\System\jwrGnaM.exe
  2⤵
  PID:3372
- C:\Windows\System\qbDbwCb.exe
  C:\Windows\System\qbDbwCb.exe
  2⤵
  PID:3452
- C:\Windows\System\QVntxwJ.exe
  C:\Windows\System\QVntxwJ.exe
  2⤵
  PID:3524
- C:\Windows\System\OlHFwHg.exe
  C:\Windows\System\OlHFwHg.exe
  2⤵
  PID:3564
- C:\Windows\System\hgtGbRO.exe
  C:\Windows\System\hgtGbRO.exe
  2⤵
  PID:3604
- C:\Windows\System\KljAgeC.exe
  C:\Windows\System\KljAgeC.exe
  2⤵
  PID:3680
- C:\Windows\System\TxeXjvZ.exe
  C:\Windows\System\TxeXjvZ.exe
  2⤵
  PID:3736
- C:\Windows\System\cyYpSCP.exe
  C:\Windows\System\cyYpSCP.exe
  2⤵
  PID:3804
- C:\Windows\System\MmudqvB.exe
  C:\Windows\System\MmudqvB.exe
  2⤵
  PID:3856
- C:\Windows\System\GJFoQFc.exe
  C:\Windows\System\GJFoQFc.exe
  2⤵
  PID:3944
- C:\Windows\System\HUYopIr.exe
  C:\Windows\System\HUYopIr.exe
  2⤵
  PID:3928
- C:\Windows\System\tfwpfWi.exe
  C:\Windows\System\tfwpfWi.exe
  2⤵
  PID:4024
- C:\Windows\System\UuTBGDg.exe
  C:\Windows\System\UuTBGDg.exe
  2⤵
  PID:4088
- C:\Windows\System\tpGLyAX.exe
  C:\Windows\System\tpGLyAX.exe
  2⤵
  PID:3776
- C:\Windows\System\ZcGJWiq.exe
  C:\Windows\System\ZcGJWiq.exe
  2⤵
  PID:2328
- C:\Windows\System\gmzckfM.exe
  C:\Windows\System\gmzckfM.exe
  2⤵
  PID:1776
- C:\Windows\System\zCKCHEF.exe
  C:\Windows\System\zCKCHEF.exe
  2⤵
  PID:3108
- C:\Windows\System\PoxQevY.exe
  C:\Windows\System\PoxQevY.exe
  2⤵
  PID:3196
- C:\Windows\System\WNhNBiM.exe
  C:\Windows\System\WNhNBiM.exe
  2⤵
  PID:3328
- C:\Windows\System\WtNrJSy.exe
  C:\Windows\System\WtNrJSy.exe
  2⤵
  PID:3416
- C:\Windows\System\gPRAWlI.exe
  C:\Windows\System\gPRAWlI.exe
  2⤵
  PID:4104
- C:\Windows\System\TqRXEBj.exe
  C:\Windows\System\TqRXEBj.exe
  2⤵
  PID:4128
- C:\Windows\System\SXTdhiM.exe
  C:\Windows\System\SXTdhiM.exe
  2⤵
  PID:4148
- C:\Windows\System\ZhKttmF.exe
  C:\Windows\System\ZhKttmF.exe
  2⤵
  PID:4168
- C:\Windows\System\wKoAdKr.exe
  C:\Windows\System\wKoAdKr.exe
  2⤵
  PID:4192
- C:\Windows\System\kdVQJWC.exe
  C:\Windows\System\kdVQJWC.exe
  2⤵
  PID:4212
- C:\Windows\System\IQyOTOO.exe
  C:\Windows\System\IQyOTOO.exe
  2⤵
  PID:4232
- C:\Windows\System\YdkZcpk.exe
  C:\Windows\System\YdkZcpk.exe
  2⤵
  PID:4252
- C:\Windows\System\lPuLosc.exe
  C:\Windows\System\lPuLosc.exe
  2⤵
  PID:4272
- C:\Windows\System\CXqLexZ.exe
  C:\Windows\System\CXqLexZ.exe
  2⤵
  PID:4292
- C:\Windows\System\wWHsZji.exe
  C:\Windows\System\wWHsZji.exe
  2⤵
  PID:4312
- C:\Windows\System\upZIPew.exe
  C:\Windows\System\upZIPew.exe
  2⤵
  PID:4332
- C:\Windows\System\riACEGP.exe
  C:\Windows\System\riACEGP.exe
  2⤵
  PID:4352
- C:\Windows\System\QoONSEH.exe
  C:\Windows\System\QoONSEH.exe
  2⤵
  PID:4372
- C:\Windows\System\FVsIONL.exe
  C:\Windows\System\FVsIONL.exe
  2⤵
  PID:4392
- C:\Windows\System\BQTWUER.exe
  C:\Windows\System\BQTWUER.exe
  2⤵
  PID:4412
- C:\Windows\System\jYzIcby.exe
  C:\Windows\System\jYzIcby.exe
  2⤵
  PID:4432
- C:\Windows\System\DudFmqs.exe
  C:\Windows\System\DudFmqs.exe
  2⤵
  PID:4452
- C:\Windows\System\FBUHccd.exe
  C:\Windows\System\FBUHccd.exe
  2⤵
  PID:4472
- C:\Windows\System\InYtWAj.exe
  C:\Windows\System\InYtWAj.exe
  2⤵
  PID:4492
- C:\Windows\System\JGWLSkX.exe
  C:\Windows\System\JGWLSkX.exe
  2⤵
  PID:4512
- C:\Windows\System\pqKUfKU.exe
  C:\Windows\System\pqKUfKU.exe
  2⤵
  PID:4532
- C:\Windows\System\dTQbquz.exe
  C:\Windows\System\dTQbquz.exe
  2⤵
  PID:4552
- C:\Windows\System\QxsROgn.exe
  C:\Windows\System\QxsROgn.exe
  2⤵
  PID:4572
- C:\Windows\System\FEpaPLs.exe
  C:\Windows\System\FEpaPLs.exe
  2⤵
  PID:4592
- C:\Windows\System\uCLEmGU.exe
  C:\Windows\System\uCLEmGU.exe
  2⤵
  PID:4612
- C:\Windows\System\kdXbADc.exe
  C:\Windows\System\kdXbADc.exe
  2⤵
  PID:4632
- C:\Windows\System\NQVTVPW.exe
  C:\Windows\System\NQVTVPW.exe
  2⤵
  PID:4652
- C:\Windows\System\DAVWBEF.exe
  C:\Windows\System\DAVWBEF.exe
  2⤵
  PID:4672
- C:\Windows\System\ecInNjX.exe
  C:\Windows\System\ecInNjX.exe
  2⤵
  PID:4692
- C:\Windows\System\zjvFvxP.exe
  C:\Windows\System\zjvFvxP.exe
  2⤵
  PID:4712
- C:\Windows\System\kpCUloC.exe
  C:\Windows\System\kpCUloC.exe
  2⤵
  PID:4732
- C:\Windows\System\lcHlCXd.exe
  C:\Windows\System\lcHlCXd.exe
  2⤵
  PID:4752
- C:\Windows\System\WnDJlCz.exe
  C:\Windows\System\WnDJlCz.exe
  2⤵
  PID:4772
- C:\Windows\System\lxisnFt.exe
  C:\Windows\System\lxisnFt.exe
  2⤵
  PID:4792
- C:\Windows\System\KiXTnxg.exe
  C:\Windows\System\KiXTnxg.exe
  2⤵
  PID:4812
- C:\Windows\System\InFpNWD.exe
  C:\Windows\System\InFpNWD.exe
  2⤵
  PID:4832
- C:\Windows\System\JvTlSvh.exe
  C:\Windows\System\JvTlSvh.exe
  2⤵
  PID:4852
- C:\Windows\System\rgsRyPs.exe
  C:\Windows\System\rgsRyPs.exe
  2⤵
  PID:4872
- C:\Windows\System\eppumcj.exe
  C:\Windows\System\eppumcj.exe
  2⤵
  PID:4892
- C:\Windows\System\ylSjQfF.exe
  C:\Windows\System\ylSjQfF.exe
  2⤵
  PID:4916
- C:\Windows\System\kuCtItS.exe
  C:\Windows\System\kuCtItS.exe
  2⤵
  PID:4936
- C:\Windows\System\OKaXTfN.exe
  C:\Windows\System\OKaXTfN.exe
  2⤵
  PID:4956
- C:\Windows\System\FxZZWyz.exe
  C:\Windows\System\FxZZWyz.exe
  2⤵
  PID:4976
- C:\Windows\System\APJpbVk.exe
  C:\Windows\System\APJpbVk.exe
  2⤵
  PID:4996
- C:\Windows\System\MEeEOHC.exe
  C:\Windows\System\MEeEOHC.exe
  2⤵
  PID:5016
- C:\Windows\System\YLuxWCz.exe
  C:\Windows\System\YLuxWCz.exe
  2⤵
  PID:5040
- C:\Windows\System\BosajZw.exe
  C:\Windows\System\BosajZw.exe
  2⤵
  PID:5064
- C:\Windows\System\itjKnlv.exe
  C:\Windows\System\itjKnlv.exe
  2⤵
  PID:5084
- C:\Windows\System\RirEjBG.exe
  C:\Windows\System\RirEjBG.exe
  2⤵
  PID:5104
- C:\Windows\System\JfcLguq.exe
  C:\Windows\System\JfcLguq.exe
  2⤵
  PID:3500
- C:\Windows\System\qklUnCD.exe
  C:\Windows\System\qklUnCD.exe
  2⤵
  PID:3520
- C:\Windows\System\zFdCEWe.exe
  C:\Windows\System\zFdCEWe.exe
  2⤵
  PID:3580
- C:\Windows\System\wyxkvNz.exe
  C:\Windows\System\wyxkvNz.exe
  2⤵
  PID:3620
- C:\Windows\System\HVSfrNP.exe
  C:\Windows\System\HVSfrNP.exe
  2⤵
  PID:3764
- C:\Windows\System\QmJjOcY.exe
  C:\Windows\System\QmJjOcY.exe
  2⤵
  PID:3904
- C:\Windows\System\YwTWCrJ.exe
  C:\Windows\System\YwTWCrJ.exe
  2⤵
  PID:3988
- C:\Windows\System\erjJKQP.exe
  C:\Windows\System\erjJKQP.exe
  2⤵
  PID:4084
- C:\Windows\System\Cdmavma.exe
  C:\Windows\System\Cdmavma.exe
  2⤵
  PID:1172
- C:\Windows\System\ejZhWJD.exe
  C:\Windows\System\ejZhWJD.exe
  2⤵
  PID:3088
- C:\Windows\System\TUTqkwB.exe
  C:\Windows\System\TUTqkwB.exe
  2⤵
  PID:3156
- C:\Windows\System\BJWzcqe.exe
  C:\Windows\System\BJWzcqe.exe
  2⤵
  PID:3352
- C:\Windows\System\hxKFmVS.exe
  C:\Windows\System\hxKFmVS.exe
  2⤵
  PID:1056
- C:\Windows\System\eEvGurT.exe
  C:\Windows\System\eEvGurT.exe
  2⤵
  PID:4164
- C:\Windows\System\ZuwsjRO.exe
  C:\Windows\System\ZuwsjRO.exe
  2⤵
  PID:4188
- C:\Windows\System\lzjimXu.exe
  C:\Windows\System\lzjimXu.exe
  2⤵
  PID:4240
- C:\Windows\System\rkESRvb.exe
  C:\Windows\System\rkESRvb.exe
  2⤵
  PID:4224
- C:\Windows\System\nfSfPVV.exe
  C:\Windows\System\nfSfPVV.exe
  2⤵
  PID:4288
- C:\Windows\System\ybjhEKG.exe
  C:\Windows\System\ybjhEKG.exe
  2⤵
  PID:4308
- C:\Windows\System\eykugsM.exe
  C:\Windows\System\eykugsM.exe
  2⤵
  PID:4368
- C:\Windows\System\LvAWuPD.exe
  C:\Windows\System\LvAWuPD.exe
  2⤵
  PID:4388
- C:\Windows\System\LPJYUDC.exe
  C:\Windows\System\LPJYUDC.exe
  2⤵
  PID:4404
- C:\Windows\System\tGdWwwt.exe
  C:\Windows\System\tGdWwwt.exe
  2⤵
  PID:4428
- C:\Windows\System\mveBitX.exe
  C:\Windows\System\mveBitX.exe
  2⤵
  PID:4464
- C:\Windows\System\JbWAPrl.exe
  C:\Windows\System\JbWAPrl.exe
  2⤵
  PID:4508
- C:\Windows\System\vuGzACT.exe
  C:\Windows\System\vuGzACT.exe
  2⤵
  PID:4560
- C:\Windows\System\KIGmAyh.exe
  C:\Windows\System\KIGmAyh.exe
  2⤵
  PID:4544
- C:\Windows\System\KKfgdrZ.exe
  C:\Windows\System\KKfgdrZ.exe
  2⤵
  PID:4600
- C:\Windows\System\JtKSWem.exe
  C:\Windows\System\JtKSWem.exe
  2⤵
  PID:4644
- C:\Windows\System\wNwFaFx.exe
  C:\Windows\System\wNwFaFx.exe
  2⤵
  PID:4624
- C:\Windows\System\UdgCwpG.exe
  C:\Windows\System\UdgCwpG.exe
  2⤵
  PID:4700
- C:\Windows\System\eyyRhyv.exe
  C:\Windows\System\eyyRhyv.exe
  2⤵
  PID:4740
- C:\Windows\System\XApAfAk.exe
  C:\Windows\System\XApAfAk.exe
  2⤵
  PID:4744
- C:\Windows\System\cThTybk.exe
  C:\Windows\System\cThTybk.exe
  2⤵
  PID:4784
- C:\Windows\System\pjYCrac.exe
  C:\Windows\System\pjYCrac.exe
  2⤵
  PID:4844
- C:\Windows\System\uOPPBaU.exe
  C:\Windows\System\uOPPBaU.exe
  2⤵
  PID:4824
- C:\Windows\System\MIMTFbi.exe
  C:\Windows\System\MIMTFbi.exe
  2⤵
  PID:4900
- C:\Windows\System\mwyjBan.exe
  C:\Windows\System\mwyjBan.exe
  2⤵
  PID:4928
- C:\Windows\System\ApFGGTi.exe
  C:\Windows\System\ApFGGTi.exe
  2⤵
  PID:4952
- C:\Windows\System\MdMoVoU.exe
  C:\Windows\System\MdMoVoU.exe
  2⤵
  PID:5008
- C:\Windows\System\DQXXwDl.exe
  C:\Windows\System\DQXXwDl.exe
  2⤵
  PID:5056
- C:\Windows\System\bKRqseV.exe
  C:\Windows\System\bKRqseV.exe
  2⤵
  PID:5092
- C:\Windows\System\PVDCixI.exe
  C:\Windows\System\PVDCixI.exe
  2⤵
  PID:5112
- C:\Windows\System\vxLTkLI.exe
  C:\Windows\System\vxLTkLI.exe
  2⤵
  PID:3056
- C:\Windows\System\SVgzWyh.exe
  C:\Windows\System\SVgzWyh.exe
  2⤵
  PID:3660
- C:\Windows\System\VBfJsbA.exe
  C:\Windows\System\VBfJsbA.exe
  2⤵
  PID:3816
- C:\Windows\System\KnoykdK.exe
  C:\Windows\System\KnoykdK.exe
  2⤵
  PID:444
- C:\Windows\System\PpGoexc.exe
  C:\Windows\System\PpGoexc.exe
  2⤵
  PID:2924
- C:\Windows\System\RYdDZIw.exe
  C:\Windows\System\RYdDZIw.exe
  2⤵
  PID:2464
- C:\Windows\System\mnXYvbk.exe
  C:\Windows\System\mnXYvbk.exe
  2⤵
  PID:3168
- C:\Windows\System\uxmAqoj.exe
  C:\Windows\System\uxmAqoj.exe
  2⤵
  PID:4184
- C:\Windows\System\puevcdF.exe
  C:\Windows\System\puevcdF.exe
  2⤵
  PID:4176
- C:\Windows\System\iXsWVRT.exe
  C:\Windows\System\iXsWVRT.exe
  2⤵
  PID:4264
- C:\Windows\System\AfXeuXI.exe
  C:\Windows\System\AfXeuXI.exe
  2⤵
  PID:4324
- C:\Windows\System\YKBZDGT.exe
  C:\Windows\System\YKBZDGT.exe
  2⤵
  PID:4340
- C:\Windows\System\ZjVCinB.exe
  C:\Windows\System\ZjVCinB.exe
  2⤵
  PID:3228
- C:\Windows\System\EKFKISO.exe
  C:\Windows\System\EKFKISO.exe
  2⤵
  PID:4460
- C:\Windows\System\iqQNJXh.exe
  C:\Windows\System\iqQNJXh.exe
  2⤵
  PID:4520
- C:\Windows\System\SNxcPtA.exe
  C:\Windows\System\SNxcPtA.exe
  2⤵
  PID:4500
- C:\Windows\System\qHVsCbP.exe
  C:\Windows\System\qHVsCbP.exe
  2⤵
  PID:4588
- C:\Windows\System\AArhYFO.exe
  C:\Windows\System\AArhYFO.exe
  2⤵
  PID:4608
- C:\Windows\System\OWQTLcJ.exe
  C:\Windows\System\OWQTLcJ.exe
  2⤵
  PID:4664
- C:\Windows\System\jvSxcRH.exe
  C:\Windows\System\jvSxcRH.exe
  2⤵
  PID:4800
- C:\Windows\System\XieUuKU.exe
  C:\Windows\System\XieUuKU.exe
  2⤵
  PID:4820
- C:\Windows\System\ezDBPQJ.exe
  C:\Windows\System\ezDBPQJ.exe
  2⤵
  PID:4868
- C:\Windows\System\kMeNjcq.exe
  C:\Windows\System\kMeNjcq.exe
  2⤵
  PID:4864
- C:\Windows\System\foPfnTr.exe
  C:\Windows\System\foPfnTr.exe
  2⤵
  PID:4948
- C:\Windows\System\ysiqTMw.exe
  C:\Windows\System\ysiqTMw.exe
  2⤵
  PID:5052
- C:\Windows\System\kRjrWuR.exe
  C:\Windows\System\kRjrWuR.exe
  2⤵
  PID:3560
- C:\Windows\System\FtIeuCn.exe
  C:\Windows\System\FtIeuCn.exe
  2⤵
  PID:3504
- C:\Windows\System\grftrHk.exe
  C:\Windows\System\grftrHk.exe
  2⤵
  PID:544
- C:\Windows\System\JAefyQL.exe
  C:\Windows\System\JAefyQL.exe
  2⤵
  PID:848
- C:\Windows\System\iLKSJug.exe
  C:\Windows\System\iLKSJug.exe
  2⤵
  PID:292
- C:\Windows\System\UmMFqOO.exe
  C:\Windows\System\UmMFqOO.exe
  2⤵
  PID:4156
- C:\Windows\System\qwuOwmu.exe
  C:\Windows\System\qwuOwmu.exe
  2⤵
  PID:4220
- C:\Windows\System\uWXQToy.exe
  C:\Windows\System\uWXQToy.exe
  2⤵
  PID:4380
- C:\Windows\System\tUSRMZQ.exe
  C:\Windows\System\tUSRMZQ.exe
  2⤵
  PID:4328
- C:\Windows\System\kifurwl.exe
  C:\Windows\System\kifurwl.exe
  2⤵
  PID:4480
- C:\Windows\System\rlXmqkO.exe
  C:\Windows\System\rlXmqkO.exe
  2⤵
  PID:4504
- C:\Windows\System\RsPVzTu.exe
  C:\Windows\System\RsPVzTu.exe
  2⤵
  PID:4620
- C:\Windows\System\rvZOcPo.exe
  C:\Windows\System\rvZOcPo.exe
  2⤵
  PID:5136
- C:\Windows\System\oWqXbOv.exe
  C:\Windows\System\oWqXbOv.exe
  2⤵
  PID:5156
- C:\Windows\System\usrqWiK.exe
  C:\Windows\System\usrqWiK.exe
  2⤵
  PID:5176
- C:\Windows\System\YAAnlKx.exe
  C:\Windows\System\YAAnlKx.exe
  2⤵
  PID:5200
- C:\Windows\System\lWVXZqF.exe
  C:\Windows\System\lWVXZqF.exe
  2⤵
  PID:5220
- C:\Windows\System\gJAfsbN.exe
  C:\Windows\System\gJAfsbN.exe
  2⤵
  PID:5240
- C:\Windows\System\yFkvKyD.exe
  C:\Windows\System\yFkvKyD.exe
  2⤵
  PID:5256
- C:\Windows\System\YCsPauL.exe
  C:\Windows\System\YCsPauL.exe
  2⤵
  PID:5280
- C:\Windows\System\hVtrOxL.exe
  C:\Windows\System\hVtrOxL.exe
  2⤵
  PID:5300
- C:\Windows\System\AgTospQ.exe
  C:\Windows\System\AgTospQ.exe
  2⤵
  PID:5320
- C:\Windows\System\TpoJvfU.exe
  C:\Windows\System\TpoJvfU.exe
  2⤵
  PID:5340
- C:\Windows\System\UtIwuRy.exe
  C:\Windows\System\UtIwuRy.exe
  2⤵
  PID:5360
- C:\Windows\System\GEOQlYF.exe
  C:\Windows\System\GEOQlYF.exe
  2⤵
  PID:5380
- C:\Windows\System\CQjoiWv.exe
  C:\Windows\System\CQjoiWv.exe
  2⤵
  PID:5400
- C:\Windows\System\YIFFSJJ.exe
  C:\Windows\System\YIFFSJJ.exe
  2⤵
  PID:5420
- C:\Windows\System\ClKZkry.exe
  C:\Windows\System\ClKZkry.exe
  2⤵
  PID:5440
- C:\Windows\System\kcifvUz.exe
  C:\Windows\System\kcifvUz.exe
  2⤵
  PID:5460
- C:\Windows\System\spLbYxY.exe
  C:\Windows\System\spLbYxY.exe
  2⤵
  PID:5484
- C:\Windows\System\SDuhDRx.exe
  C:\Windows\System\SDuhDRx.exe
  2⤵
  PID:5504
- C:\Windows\System\eaUIgYf.exe
  C:\Windows\System\eaUIgYf.exe
  2⤵
  PID:5524
- C:\Windows\System\osizStW.exe
  C:\Windows\System\osizStW.exe
  2⤵
  PID:5544
- C:\Windows\System\ZyTaExs.exe
  C:\Windows\System\ZyTaExs.exe
  2⤵
  PID:5564
- C:\Windows\System\KnlPWyu.exe
  C:\Windows\System\KnlPWyu.exe
  2⤵
  PID:5584
- C:\Windows\System\HcuNeoM.exe
  C:\Windows\System\HcuNeoM.exe
  2⤵
  PID:5604
- C:\Windows\System\FgzWyfV.exe
  C:\Windows\System\FgzWyfV.exe
  2⤵
  PID:5624
- C:\Windows\System\JFTTFRn.exe
  C:\Windows\System\JFTTFRn.exe
  2⤵
  PID:5644
- C:\Windows\System\cdAyvfD.exe
  C:\Windows\System\cdAyvfD.exe
  2⤵
  PID:5664
- C:\Windows\System\EIiVEDv.exe
  C:\Windows\System\EIiVEDv.exe
  2⤵
  PID:5684
- C:\Windows\System\HmXlykH.exe
  C:\Windows\System\HmXlykH.exe
  2⤵
  PID:5704
- C:\Windows\System\AhTPbzC.exe
  C:\Windows\System\AhTPbzC.exe
  2⤵
  PID:5724
- C:\Windows\System\LjBVIlO.exe
  C:\Windows\System\LjBVIlO.exe
  2⤵
  PID:5744
- C:\Windows\System\SpoTUpa.exe
  C:\Windows\System\SpoTUpa.exe
  2⤵
  PID:5764
- C:\Windows\System\ZboPUNZ.exe
  C:\Windows\System\ZboPUNZ.exe
  2⤵
  PID:5784
- C:\Windows\System\yhPfCgo.exe
  C:\Windows\System\yhPfCgo.exe
  2⤵
  PID:5804
- C:\Windows\System\XDyvGbT.exe
  C:\Windows\System\XDyvGbT.exe
  2⤵
  PID:5824
- C:\Windows\System\BPDuErj.exe
  C:\Windows\System\BPDuErj.exe
  2⤵
  PID:5844
- C:\Windows\System\upCnAtD.exe
  C:\Windows\System\upCnAtD.exe
  2⤵
  PID:5864
- C:\Windows\System\skrpuDJ.exe
  C:\Windows\System\skrpuDJ.exe
  2⤵
  PID:5884
- C:\Windows\System\mENiAYj.exe
  C:\Windows\System\mENiAYj.exe
  2⤵
  PID:5904
- C:\Windows\System\IoSCTnl.exe
  C:\Windows\System\IoSCTnl.exe
  2⤵
  PID:5924
- C:\Windows\System\nKcfRcd.exe
  C:\Windows\System\nKcfRcd.exe
  2⤵
  PID:5944
- C:\Windows\System\XETvdAt.exe
  C:\Windows\System\XETvdAt.exe
  2⤵
  PID:5964
- C:\Windows\System\BaHEiTp.exe
  C:\Windows\System\BaHEiTp.exe
  2⤵
  PID:5984
- C:\Windows\System\ouUtUbD.exe
  C:\Windows\System\ouUtUbD.exe
  2⤵
  PID:6004
- C:\Windows\System\PprypiW.exe
  C:\Windows\System\PprypiW.exe
  2⤵
  PID:6024
- C:\Windows\System\MTzoBAK.exe
  C:\Windows\System\MTzoBAK.exe
  2⤵
  PID:6044
- C:\Windows\System\bPlyvbp.exe
  C:\Windows\System\bPlyvbp.exe
  2⤵
  PID:6064
- C:\Windows\System\Clvwcve.exe
  C:\Windows\System\Clvwcve.exe
  2⤵
  PID:6088
- C:\Windows\System\LDzJIFH.exe
  C:\Windows\System\LDzJIFH.exe
  2⤵
  PID:6108
- C:\Windows\System\RMkYLer.exe
  C:\Windows\System\RMkYLer.exe
  2⤵
  PID:6128
- C:\Windows\System\htIcxsA.exe
  C:\Windows\System\htIcxsA.exe
  2⤵
  PID:4720
- C:\Windows\System\gXLKxaA.exe
  C:\Windows\System\gXLKxaA.exe
  2⤵
  PID:4888
- C:\Windows\System\ncnbzBi.exe
  C:\Windows\System\ncnbzBi.exe
  2⤵
  PID:4848
- C:\Windows\System\XemgFyS.exe
  C:\Windows\System\XemgFyS.exe
  2⤵
  PID:4988
- C:\Windows\System\AbAWOpG.exe
  C:\Windows\System\AbAWOpG.exe
  2⤵
  PID:5116
- C:\Windows\System\JUAxWOc.exe
  C:\Windows\System\JUAxWOc.exe
  2⤵
  PID:3820
- C:\Windows\System\vySQlBJ.exe
  C:\Windows\System\vySQlBJ.exe
  2⤵
  PID:3864
- C:\Windows\System\ChAXPbr.exe
  C:\Windows\System\ChAXPbr.exe
  2⤵
  PID:4116
- C:\Windows\System\GIdTlUz.exe
  C:\Windows\System\GIdTlUz.exe
  2⤵
  PID:4208
- C:\Windows\System\CZFXFtY.exe
  C:\Windows\System\CZFXFtY.exe
  2⤵
  PID:4448
- C:\Windows\System\yGgiEJn.exe
  C:\Windows\System\yGgiEJn.exe
  2⤵
  PID:4564
- C:\Windows\System\cnXNgvI.exe
  C:\Windows\System\cnXNgvI.exe
  2⤵
  PID:5132
- C:\Windows\System\cyTfaCt.exe
  C:\Windows\System\cyTfaCt.exe
  2⤵
  PID:5148
- C:\Windows\System\LcWkkou.exe
  C:\Windows\System\LcWkkou.exe
  2⤵
  PID:5188
- C:\Windows\System\HTnsUWN.exe
  C:\Windows\System\HTnsUWN.exe
  2⤵
  PID:5212
- C:\Windows\System\KnTgArk.exe
  C:\Windows\System\KnTgArk.exe
  2⤵
  PID:5248
- C:\Windows\System\rzXjIIf.exe
  C:\Windows\System\rzXjIIf.exe
  2⤵
  PID:5308
- C:\Windows\System\erVNcjV.exe
  C:\Windows\System\erVNcjV.exe
  2⤵
  PID:5336
- C:\Windows\System\IMoQwaj.exe
  C:\Windows\System\IMoQwaj.exe
  2⤵
  PID:5388
- C:\Windows\System\TRijEcp.exe
  C:\Windows\System\TRijEcp.exe
  2⤵
  PID:5372
- C:\Windows\System\tdIKRPV.exe
  C:\Windows\System\tdIKRPV.exe
  2⤵
  PID:5412
- C:\Windows\System\oAxCNRL.exe
  C:\Windows\System\oAxCNRL.exe
  2⤵
  PID:5452
- C:\Windows\System\NxUXSDY.exe
  C:\Windows\System\NxUXSDY.exe
  2⤵
  PID:5516
- C:\Windows\System\ArBXUgI.exe
  C:\Windows\System\ArBXUgI.exe
  2⤵
  PID:5496
- C:\Windows\System\hSgsaho.exe
  C:\Windows\System\hSgsaho.exe
  2⤵
  PID:5536
- C:\Windows\System\ttqLkiB.exe
  C:\Windows\System\ttqLkiB.exe
  2⤵
  PID:5572
- C:\Windows\System\JmVybLx.exe
  C:\Windows\System\JmVybLx.exe
  2⤵
  PID:5632
- C:\Windows\System\FvAofNA.exe
  C:\Windows\System\FvAofNA.exe
  2⤵
  PID:5672
- C:\Windows\System\EoPLyRn.exe
  C:\Windows\System\EoPLyRn.exe
  2⤵
  PID:5656
- C:\Windows\System\QcxZqVq.exe
  C:\Windows\System\QcxZqVq.exe
  2⤵
  PID:5716
- C:\Windows\System\ZxVMkzE.exe
  C:\Windows\System\ZxVMkzE.exe
  2⤵
  PID:5736
- C:\Windows\System\HMpRMXq.exe
  C:\Windows\System\HMpRMXq.exe
  2⤵
  PID:5780
- C:\Windows\System\pCqYTAv.exe
  C:\Windows\System\pCqYTAv.exe
  2⤵
  PID:5812
- C:\Windows\System\ZEVbdew.exe
  C:\Windows\System\ZEVbdew.exe
  2⤵
  PID:5872
- C:\Windows\System\dODnQoG.exe
  C:\Windows\System\dODnQoG.exe
  2⤵
  PID:5876
- C:\Windows\System\yfuxzRO.exe
  C:\Windows\System\yfuxzRO.exe
  2⤵
  PID:5900
- C:\Windows\System\bhzXokS.exe
  C:\Windows\System\bhzXokS.exe
  2⤵
  PID:5936
- C:\Windows\System\URspoIZ.exe
  C:\Windows\System\URspoIZ.exe
  2⤵
  PID:6000
- C:\Windows\System\PSczNJH.exe
  C:\Windows\System\PSczNJH.exe
  2⤵
  PID:6040
- C:\Windows\System\mOpdLjX.exe
  C:\Windows\System\mOpdLjX.exe
  2⤵
  PID:6060
- C:\Windows\System\rJULjeD.exe
  C:\Windows\System\rJULjeD.exe
  2⤵
  PID:6116
- C:\Windows\System\YvKFWaZ.exe
  C:\Windows\System\YvKFWaZ.exe
  2⤵
  PID:6120
- C:\Windows\System\KuljMkO.exe
  C:\Windows\System\KuljMkO.exe
  2⤵
  PID:6140
- C:\Windows\System\hoqoJsS.exe
  C:\Windows\System\hoqoJsS.exe
  2⤵
  PID:4840
- C:\Windows\System\MRTTZVs.exe
  C:\Windows\System\MRTTZVs.exe
  2⤵
  PID:5100
- C:\Windows\System\uIEeBWl.exe
  C:\Windows\System\uIEeBWl.exe
  2⤵
  PID:4112
- C:\Windows\System\FvtyJeE.exe
  C:\Windows\System\FvtyJeE.exe
  2⤵
  PID:4136
- C:\Windows\System\BgEnmki.exe
  C:\Windows\System\BgEnmki.exe
  2⤵
  PID:4244
- C:\Windows\System\lcdaegd.exe
  C:\Windows\System\lcdaegd.exe
  2⤵
  PID:4540
- C:\Windows\System\EBvsFPo.exe
  C:\Windows\System\EBvsFPo.exe
  2⤵
  PID:5184
- C:\Windows\System\sTLQmNX.exe
  C:\Windows\System\sTLQmNX.exe
  2⤵
  PID:5152
- C:\Windows\System\WgOJOBb.exe
  C:\Windows\System\WgOJOBb.exe
  2⤵
  PID:5216
- C:\Windows\System\TfVYaoG.exe
  C:\Windows\System\TfVYaoG.exe
  2⤵
  PID:5292
- C:\Windows\System\EvyCRUV.exe
  C:\Windows\System\EvyCRUV.exe
  2⤵
  PID:5396
- C:\Windows\System\FIEmNaj.exe
  C:\Windows\System\FIEmNaj.exe
  2⤵
  PID:5432
- C:\Windows\System\HorjyQk.exe
  C:\Windows\System\HorjyQk.exe
  2⤵
  PID:5416
- C:\Windows\System\iuRvNNv.exe
  C:\Windows\System\iuRvNNv.exe
  2⤵
  PID:5476
- C:\Windows\System\RfdVTWe.exe
  C:\Windows\System\RfdVTWe.exe
  2⤵
  PID:5600
- C:\Windows\System\CNNmxoK.exe
  C:\Windows\System\CNNmxoK.exe
  2⤵
  PID:5636
- C:\Windows\System\MIsioKd.exe
  C:\Windows\System\MIsioKd.exe
  2⤵
  PID:5720
- C:\Windows\System\GLypslu.exe
  C:\Windows\System\GLypslu.exe
  2⤵
  PID:5660
- C:\Windows\System\jfUUqyM.exe
  C:\Windows\System\jfUUqyM.exe
  2⤵
  PID:5772
- C:\Windows\System\cRnsbab.exe
  C:\Windows\System\cRnsbab.exe
  2⤵
  PID:3012
- C:\Windows\System\mByxGPi.exe
  C:\Windows\System\mByxGPi.exe
  2⤵
  PID:5892
- C:\Windows\System\diwqjGC.exe
  C:\Windows\System\diwqjGC.exe
  2⤵
  PID:5916
- C:\Windows\System\CjaVFjH.exe
  C:\Windows\System\CjaVFjH.exe
  2⤵
  PID:5940
- C:\Windows\System\HSeLoAh.exe
  C:\Windows\System\HSeLoAh.exe
  2⤵
  PID:1440
- C:\Windows\System\DDvzzbe.exe
  C:\Windows\System\DDvzzbe.exe
  2⤵
  PID:6084
- C:\Windows\System\PxxxbLC.exe
  C:\Windows\System\PxxxbLC.exe
  2⤵
  PID:6056
- C:\Windows\System\CTlkRhR.exe
  C:\Windows\System\CTlkRhR.exe
  2⤵
  PID:4724
- C:\Windows\System\WurMTPw.exe
  C:\Windows\System\WurMTPw.exe
  2⤵
  PID:2304
- C:\Windows\System\nyICCOL.exe
  C:\Windows\System\nyICCOL.exe
  2⤵
  PID:4080
- C:\Windows\System\nfmzlEJ.exe
  C:\Windows\System\nfmzlEJ.exe
  2⤵
  PID:4484
- C:\Windows\System\SFLJbRV.exe
  C:\Windows\System\SFLJbRV.exe
  2⤵
  PID:5172
- C:\Windows\System\KMFilky.exe
  C:\Windows\System\KMFilky.exe
  2⤵
  PID:2660
- C:\Windows\System\avoUASz.exe
  C:\Windows\System\avoUASz.exe
  2⤵
  PID:5348
- C:\Windows\System\kIPFUnT.exe
  C:\Windows\System\kIPFUnT.exe
  2⤵
  PID:5448
- C:\Windows\System\iHITZqq.exe
  C:\Windows\System\iHITZqq.exe
  2⤵
  PID:5472
- C:\Windows\System\GQZXSAw.exe
  C:\Windows\System\GQZXSAw.exe
  2⤵
  PID:2548
- C:\Windows\System\DNIoLrz.exe
  C:\Windows\System\DNIoLrz.exe
  2⤵
  PID:5692
- C:\Windows\System\GKtUOzc.exe
  C:\Windows\System\GKtUOzc.exe
  2⤵
  PID:5612
- C:\Windows\System\AkyCcnP.exe
  C:\Windows\System\AkyCcnP.exe
  2⤵
  PID:2712
- C:\Windows\System\JhCBefV.exe
  C:\Windows\System\JhCBefV.exe
  2⤵
  PID:5960
- C:\Windows\System\MomfQuZ.exe
  C:\Windows\System\MomfQuZ.exe
  2⤵
  PID:5980
- C:\Windows\System\QDdEKMV.exe
  C:\Windows\System\QDdEKMV.exe
  2⤵
  PID:6020
- C:\Windows\System\NZIEpsr.exe
  C:\Windows\System\NZIEpsr.exe
  2⤵
  PID:6032
- C:\Windows\System\ZVFtBYL.exe
  C:\Windows\System\ZVFtBYL.exe
  2⤵
  PID:6076
- C:\Windows\System\MTvojBK.exe
  C:\Windows\System\MTvojBK.exe
  2⤵
  PID:3396
- C:\Windows\System\pJukpMc.exe
  C:\Windows\System\pJukpMc.exe
  2⤵
  PID:3760
- C:\Windows\System\KfscMSj.exe
  C:\Windows\System\KfscMSj.exe
  2⤵
  PID:4548
- C:\Windows\System\iEnlCkR.exe
  C:\Windows\System\iEnlCkR.exe
  2⤵
  PID:5276
- C:\Windows\System\GFtTbpr.exe
  C:\Windows\System\GFtTbpr.exe
  2⤵
  PID:5352
- C:\Windows\System\vZZfANL.exe
  C:\Windows\System\vZZfANL.exe
  2⤵
  PID:5312
- C:\Windows\System\DmzNkwT.exe
  C:\Windows\System\DmzNkwT.exe
  2⤵
  PID:5500
- C:\Windows\System\NzzgLNo.exe
  C:\Windows\System\NzzgLNo.exe
  2⤵
  PID:2604
- C:\Windows\System\KwvJhHr.exe
  C:\Windows\System\KwvJhHr.exe
  2⤵
  PID:5860
- C:\Windows\System\hIBQDBu.exe
  C:\Windows\System\hIBQDBu.exe
  2⤵
  PID:5856
- C:\Windows\System\pqocozQ.exe
  C:\Windows\System\pqocozQ.exe
  2⤵
  PID:6036
- C:\Windows\System\osHblFz.exe
  C:\Windows\System\osHblFz.exe
  2⤵
  PID:2120
- C:\Windows\System\xXUftvE.exe
  C:\Windows\System\xXUftvE.exe
  2⤵
  PID:5028
- C:\Windows\System\UhQBnGD.exe
  C:\Windows\System\UhQBnGD.exe
  2⤵
  PID:5236
- C:\Windows\System\LqwClST.exe
  C:\Windows\System\LqwClST.exe
  2⤵
  PID:5376
- C:\Windows\System\NpJehrM.exe
  C:\Windows\System\NpJehrM.exe
  2⤵
  PID:5616
- C:\Windows\System\fLjaWoe.exe
  C:\Windows\System\fLjaWoe.exe
  2⤵
  PID:6160
- C:\Windows\System\fHmPKSX.exe
  C:\Windows\System\fHmPKSX.exe
  2⤵
  PID:6176
- C:\Windows\System\UIjvxkm.exe
  C:\Windows\System\UIjvxkm.exe
  2⤵
  PID:6200
- C:\Windows\System\qZdyOMS.exe
  C:\Windows\System\qZdyOMS.exe
  2⤵
  PID:6220
- C:\Windows\System\LiDBbit.exe
  C:\Windows\System\LiDBbit.exe
  2⤵
  PID:6240
- C:\Windows\System\RLCmQoJ.exe
  C:\Windows\System\RLCmQoJ.exe
  2⤵
  PID:6260
- C:\Windows\System\MjTZaxc.exe
  C:\Windows\System\MjTZaxc.exe
  2⤵
  PID:6280
- C:\Windows\System\MBFzfuD.exe
  C:\Windows\System\MBFzfuD.exe
  2⤵
  PID:6300
- C:\Windows\System\fIGCQrv.exe
  C:\Windows\System\fIGCQrv.exe
  2⤵
  PID:6320
- C:\Windows\System\VgaxhdG.exe
  C:\Windows\System\VgaxhdG.exe
  2⤵
  PID:6340
- C:\Windows\System\gURkMvE.exe
  C:\Windows\System\gURkMvE.exe
  2⤵
  PID:6360
- C:\Windows\System\YUyVkfw.exe
  C:\Windows\System\YUyVkfw.exe
  2⤵
  PID:6380
- C:\Windows\System\prMEpEO.exe
  C:\Windows\System\prMEpEO.exe
  2⤵
  PID:6400
- C:\Windows\System\wTCBKEr.exe
  C:\Windows\System\wTCBKEr.exe
  2⤵
  PID:6420
- C:\Windows\System\aqJvxti.exe
  C:\Windows\System\aqJvxti.exe
  2⤵
  PID:6440
- C:\Windows\System\iPVEaSD.exe
  C:\Windows\System\iPVEaSD.exe
  2⤵
  PID:6460
- C:\Windows\System\nAEWZHm.exe
  C:\Windows\System\nAEWZHm.exe
  2⤵
  PID:6480
- C:\Windows\System\RhxDYtm.exe
  C:\Windows\System\RhxDYtm.exe
  2⤵
  PID:6500
- C:\Windows\System\iphLgTb.exe
  C:\Windows\System\iphLgTb.exe
  2⤵
  PID:6520
- C:\Windows\System\kXSWdvL.exe
  C:\Windows\System\kXSWdvL.exe
  2⤵
  PID:6540
- C:\Windows\System\aETrakv.exe
  C:\Windows\System\aETrakv.exe
  2⤵
  PID:6564
- C:\Windows\System\apiuqFC.exe
  C:\Windows\System\apiuqFC.exe
  2⤵
  PID:6580
- C:\Windows\System\RIepnto.exe
  C:\Windows\System\RIepnto.exe
  2⤵
  PID:6604
- C:\Windows\System\IcMUTBe.exe
  C:\Windows\System\IcMUTBe.exe
  2⤵
  PID:6624
- C:\Windows\System\XcVdaHZ.exe
  C:\Windows\System\XcVdaHZ.exe
  2⤵
  PID:6644
- C:\Windows\System\GOGbsux.exe
  C:\Windows\System\GOGbsux.exe
  2⤵
  PID:6664
- C:\Windows\System\LBwJqgc.exe
  C:\Windows\System\LBwJqgc.exe
  2⤵
  PID:6684
- C:\Windows\System\ZEPnFVs.exe
  C:\Windows\System\ZEPnFVs.exe
  2⤵
  PID:6704
- C:\Windows\System\JbSWFZH.exe
  C:\Windows\System\JbSWFZH.exe
  2⤵
  PID:6724
- C:\Windows\System\mzQapUR.exe
  C:\Windows\System\mzQapUR.exe
  2⤵
  PID:6744
- C:\Windows\System\OWYGXJj.exe
  C:\Windows\System\OWYGXJj.exe
  2⤵
  PID:6764
- C:\Windows\System\yrJiPcu.exe
  C:\Windows\System\yrJiPcu.exe
  2⤵
  PID:6784
- C:\Windows\System\wkRkTpx.exe
  C:\Windows\System\wkRkTpx.exe
  2⤵
  PID:6804
- C:\Windows\System\uVxQUdc.exe
  C:\Windows\System\uVxQUdc.exe
  2⤵
  PID:6820
- C:\Windows\System\CuqAgdd.exe
  C:\Windows\System\CuqAgdd.exe
  2⤵
  PID:6844
- C:\Windows\System\TkBjFDG.exe
  C:\Windows\System\TkBjFDG.exe
  2⤵
  PID:6864
- C:\Windows\System\lLlwIPD.exe
  C:\Windows\System\lLlwIPD.exe
  2⤵
  PID:6888
- C:\Windows\System\RqYmEET.exe
  C:\Windows\System\RqYmEET.exe
  2⤵
  PID:6908
- C:\Windows\System\XhRPOBc.exe
  C:\Windows\System\XhRPOBc.exe
  2⤵
  PID:6928
- C:\Windows\System\WOludeF.exe
  C:\Windows\System\WOludeF.exe
  2⤵
  PID:6948
- C:\Windows\System\zXrmYhd.exe
  C:\Windows\System\zXrmYhd.exe
  2⤵
  PID:6968
- C:\Windows\System\TzeivCa.exe
  C:\Windows\System\TzeivCa.exe
  2⤵
  PID:6988
- C:\Windows\System\sVMhVSQ.exe
  C:\Windows\System\sVMhVSQ.exe
  2⤵
  PID:7008
- C:\Windows\System\zabvEtp.exe
  C:\Windows\System\zabvEtp.exe
  2⤵
  PID:7028
- C:\Windows\System\mvNeLdS.exe
  C:\Windows\System\mvNeLdS.exe
  2⤵
  PID:7048
- C:\Windows\System\zWaDBfw.exe
  C:\Windows\System\zWaDBfw.exe
  2⤵
  PID:7068
- C:\Windows\System\TRePrYg.exe
  C:\Windows\System\TRePrYg.exe
  2⤵
  PID:7088
- C:\Windows\System\oHWSkow.exe
  C:\Windows\System\oHWSkow.exe
  2⤵
  PID:7108
- C:\Windows\System\MkqozNr.exe
  C:\Windows\System\MkqozNr.exe
  2⤵
  PID:7128
- C:\Windows\System\vEwAMst.exe
  C:\Windows\System\vEwAMst.exe
  2⤵
  PID:7148
- C:\Windows\System\XFMnaJA.exe
  C:\Windows\System\XFMnaJA.exe
  2⤵
  PID:5540
- C:\Windows\System\gsXDshu.exe
  C:\Windows\System\gsXDshu.exe
  2⤵
  PID:5880
- C:\Windows\System\ULoTrGu.exe
  C:\Windows\System\ULoTrGu.exe
  2⤵
  PID:5012
- C:\Windows\System\ebgxvDO.exe
  C:\Windows\System\ebgxvDO.exe
  2⤵
  PID:5080
- C:\Windows\System\paDOZdR.exe
  C:\Windows\System\paDOZdR.exe
  2⤵
  PID:5272
- C:\Windows\System\RfbZcye.exe
  C:\Windows\System\RfbZcye.exe
  2⤵
  PID:6156
- C:\Windows\System\gBDssHL.exe
  C:\Windows\System\gBDssHL.exe
  2⤵
  PID:6192
- C:\Windows\System\nmOPKgV.exe
  C:\Windows\System\nmOPKgV.exe
  2⤵
  PID:6188
- C:\Windows\System\AyrQIrP.exe
  C:\Windows\System\AyrQIrP.exe
  2⤵
  PID:6232
- C:\Windows\System\pJJPeeV.exe
  C:\Windows\System\pJJPeeV.exe
  2⤵
  PID:6276
- C:\Windows\System\RiVePxn.exe
  C:\Windows\System\RiVePxn.exe
  2⤵
  PID:6296
- C:\Windows\System\lGjFsuo.exe
  C:\Windows\System\lGjFsuo.exe
  2⤵
  PID:6352
- C:\Windows\System\fCKGhwS.exe
  C:\Windows\System\fCKGhwS.exe
  2⤵
  PID:6396
- C:\Windows\System\eknTIbv.exe
  C:\Windows\System\eknTIbv.exe
  2⤵
  PID:6436
- C:\Windows\System\QxuZAVQ.exe
  C:\Windows\System\QxuZAVQ.exe
  2⤵
  PID:6448
- C:\Windows\System\ZQjwCQM.exe
  C:\Windows\System\ZQjwCQM.exe
  2⤵
  PID:6452
- C:\Windows\System\kJUoOpJ.exe
  C:\Windows\System\kJUoOpJ.exe
  2⤵
  PID:6516
- C:\Windows\System\cbIckSi.exe
  C:\Windows\System\cbIckSi.exe
  2⤵
  PID:6560
- C:\Windows\System\PnOvBtq.exe
  C:\Windows\System\PnOvBtq.exe
  2⤵
  PID:6596
- C:\Windows\System\duxsoqM.exe
  C:\Windows\System\duxsoqM.exe
  2⤵
  PID:6592
- C:\Windows\System\QcZciBn.exe
  C:\Windows\System\QcZciBn.exe
  2⤵
  PID:6676
- C:\Windows\System\jUfyEwY.exe
  C:\Windows\System\jUfyEwY.exe
  2⤵
  PID:6696
- C:\Windows\System\WapLvOu.exe
  C:\Windows\System\WapLvOu.exe
  2⤵
  PID:6772
- C:\Windows\System\SfKxYHE.exe
  C:\Windows\System\SfKxYHE.exe
  2⤵
  PID:6796
- C:\Windows\System\OsDOMWe.exe
  C:\Windows\System\OsDOMWe.exe
  2⤵
  PID:6812
- C:\Windows\System\VPYiutu.exe
  C:\Windows\System\VPYiutu.exe
  2⤵
  PID:6884
- C:\Windows\System\yJcwsfR.exe
  C:\Windows\System\yJcwsfR.exe
  2⤵
  PID:6900
- C:\Windows\System\hAAXDUj.exe
  C:\Windows\System\hAAXDUj.exe
  2⤵
  PID:6964
- C:\Windows\System\NLyPuwT.exe
  C:\Windows\System\NLyPuwT.exe
  2⤵
  PID:6996
- C:\Windows\System\jfOXUKO.exe
  C:\Windows\System\jfOXUKO.exe
  2⤵
  PID:7024
- C:\Windows\System\PWNGKFi.exe
  C:\Windows\System\PWNGKFi.exe
  2⤵
  PID:1800
- C:\Windows\System\NfffyGt.exe
  C:\Windows\System\NfffyGt.exe
  2⤵
  PID:7060
- C:\Windows\System\OEHbHMn.exe
  C:\Windows\System\OEHbHMn.exe
  2⤵
  PID:7116
- C:\Windows\System\HVCPBnM.exe
  C:\Windows\System\HVCPBnM.exe
  2⤵
  PID:7144
- C:\Windows\System\tWeJTgb.exe
  C:\Windows\System\tWeJTgb.exe
  2⤵
  PID:2916
- C:\Windows\System\ZDoRWps.exe
  C:\Windows\System\ZDoRWps.exe
  2⤵
  PID:5756
- C:\Windows\System\ptcZRGn.exe
  C:\Windows\System\ptcZRGn.exe
  2⤵
  PID:4788
- C:\Windows\System\EEmHkAH.exe
  C:\Windows\System\EEmHkAH.exe
  2⤵
  PID:2808
- C:\Windows\System\HbpyoKa.exe
  C:\Windows\System\HbpyoKa.exe
  2⤵
  PID:6216
- C:\Windows\System\NhOAVLV.exe
  C:\Windows\System\NhOAVLV.exe
  2⤵
  PID:6308
- C:\Windows\System\TfQMZno.exe
  C:\Windows\System\TfQMZno.exe
  2⤵
  PID:6316
- C:\Windows\System\RovgKjY.exe
  C:\Windows\System\RovgKjY.exe
  2⤵
  PID:6416
- C:\Windows\System\QCoRTsA.exe
  C:\Windows\System\QCoRTsA.exe
  2⤵
  PID:6408
- C:\Windows\System\pzmhJUL.exe
  C:\Windows\System\pzmhJUL.exe
  2⤵
  PID:880
- C:\Windows\System\XvOdKvW.exe
  C:\Windows\System\XvOdKvW.exe
  2⤵
  PID:6588
- C:\Windows\System\dJASQMb.exe
  C:\Windows\System\dJASQMb.exe
  2⤵
  PID:6532
- C:\Windows\System\EzDFNDa.exe
  C:\Windows\System\EzDFNDa.exe
  2⤵
  PID:3296
- C:\Windows\System\vqkxbrj.exe
  C:\Windows\System\vqkxbrj.exe
  2⤵
  PID:1580
- C:\Windows\System\dJimZQs.exe
  C:\Windows\System\dJimZQs.exe
  2⤵
  PID:2280
- C:\Windows\System\NMXfpDb.exe
  C:\Windows\System\NMXfpDb.exe
  2⤵
  PID:2776
- C:\Windows\System\lxPDrxU.exe
  C:\Windows\System\lxPDrxU.exe
  2⤵
  PID:1744
- C:\Windows\System\wiWJxnh.exe
  C:\Windows\System\wiWJxnh.exe
  2⤵
  PID:6692
- C:\Windows\System\ZqQqWVe.exe
  C:\Windows\System\ZqQqWVe.exe
  2⤵
  PID:2856
- C:\Windows\System\ohAyeOy.exe
  C:\Windows\System\ohAyeOy.exe
  2⤵
  PID:1568
- C:\Windows\System\njlmmbh.exe
  C:\Windows\System\njlmmbh.exe
  2⤵
  PID:1400
- C:\Windows\System\xIlXsjJ.exe
  C:\Windows\System\xIlXsjJ.exe
  2⤵
  PID:6872
- C:\Windows\System\VEvCNFo.exe
  C:\Windows\System\VEvCNFo.exe
  2⤵
  PID:6856
- C:\Windows\System\DJiIpsx.exe
  C:\Windows\System\DJiIpsx.exe
  2⤵
  PID:2396
- C:\Windows\System\ZAKaByv.exe
  C:\Windows\System\ZAKaByv.exe
  2⤵
  PID:7000
- C:\Windows\System\iKUhdWd.exe
  C:\Windows\System\iKUhdWd.exe
  2⤵
  PID:1696
- C:\Windows\System\EoGZSeu.exe
  C:\Windows\System\EoGZSeu.exe
  2⤵
  PID:1756
- C:\Windows\System\fRXRmLF.exe
  C:\Windows\System\fRXRmLF.exe
  2⤵
  PID:3400
- C:\Windows\System\smGhIRD.exe
  C:\Windows\System\smGhIRD.exe
  2⤵
  PID:1920
- C:\Windows\System\iGkTeuq.exe
  C:\Windows\System\iGkTeuq.exe
  2⤵
  PID:6556
- C:\Windows\System\DRjoRUD.exe
  C:\Windows\System\DRjoRUD.exe
  2⤵
  PID:5840
- C:\Windows\System\EoaSFsM.exe
  C:\Windows\System\EoaSFsM.exe
  2⤵
  PID:5128
- C:\Windows\System\ZnRqOVO.exe
  C:\Windows\System\ZnRqOVO.exe
  2⤵
  PID:6172
- C:\Windows\System\tigmrwv.exe
  C:\Windows\System\tigmrwv.exe
  2⤵
  PID:5356
- C:\Windows\System\wulOaKL.exe
  C:\Windows\System\wulOaKL.exe
  2⤵
  PID:6388
- C:\Windows\System\BzyZnSb.exe
  C:\Windows\System\BzyZnSb.exe
  2⤵
  PID:5036
- C:\Windows\System\LbXQVSN.exe
  C:\Windows\System\LbXQVSN.exe
  2⤵
  PID:6456
- C:\Windows\System\XWentLB.exe
  C:\Windows\System\XWentLB.exe
  2⤵
  PID:6576
- C:\Windows\System\CvexWWk.exe
  C:\Windows\System\CvexWWk.exe
  2⤵
  PID:2700
- C:\Windows\System\QNukKUX.exe
  C:\Windows\System\QNukKUX.exe
  2⤵
  PID:6672
- C:\Windows\System\fpoxFJT.exe
  C:\Windows\System\fpoxFJT.exe
  2⤵
  PID:6832
- C:\Windows\System\igWIXNX.exe
  C:\Windows\System\igWIXNX.exe
  2⤵
  PID:2456
- C:\Windows\System\NtYLxQN.exe
  C:\Windows\System\NtYLxQN.exe
  2⤵
  PID:6776
- C:\Windows\System\fBKWnDJ.exe
  C:\Windows\System\fBKWnDJ.exe
  2⤵
  PID:1932
- C:\Windows\System\oFCCrgE.exe
  C:\Windows\System\oFCCrgE.exe
  2⤵
  PID:1732
- C:\Windows\System\dJjBBva.exe
  C:\Windows\System\dJjBBva.exe
  2⤵
  PID:7036
- C:\Windows\System\XoGqdhX.exe
  C:\Windows\System\XoGqdhX.exe
  2⤵
  PID:1816
- C:\Windows\System\TMKXKNv.exe
  C:\Windows\System\TMKXKNv.exe
  2⤵
  PID:7164
- C:\Windows\System\oTIluii.exe
  C:\Windows\System\oTIluii.exe
  2⤵
  PID:7056
- C:\Windows\System\wvFQGju.exe
  C:\Windows\System\wvFQGju.exe
  2⤵
  PID:5192
- C:\Windows\System\RNZMONc.exe
  C:\Windows\System\RNZMONc.exe
  2⤵
  PID:6348
- C:\Windows\System\urpQJGP.exe
  C:\Windows\System\urpQJGP.exe
  2⤵
  PID:6488
- C:\Windows\System\AcoHkrs.exe
  C:\Windows\System\AcoHkrs.exe
  2⤵
  PID:4668
- C:\Windows\System\CdVJznH.exe
  C:\Windows\System\CdVJznH.exe
  2⤵
  PID:2628
- C:\Windows\System\RtKKrPn.exe
  C:\Windows\System\RtKKrPn.exe
  2⤵
  PID:2820
- C:\Windows\System\YyRQvpU.exe
  C:\Windows\System\YyRQvpU.exe
  2⤵
  PID:4180
- C:\Windows\System\kCbcfsJ.exe
  C:\Windows\System\kCbcfsJ.exe
  2⤵
  PID:6860
- C:\Windows\System\yGuUaSO.exe
  C:\Windows\System\yGuUaSO.exe
  2⤵
  PID:6980
- C:\Windows\System\bUmwaBV.exe
  C:\Windows\System\bUmwaBV.exe
  2⤵
  PID:2512
- C:\Windows\System\cMMNVMg.exe
  C:\Windows\System\cMMNVMg.exe
  2⤵
  PID:6372
- C:\Windows\System\GNHdJWx.exe
  C:\Windows\System\GNHdJWx.exe
  2⤵
  PID:1676
- C:\Windows\System\HldCoAh.exe
  C:\Windows\System\HldCoAh.exe
  2⤵
  PID:6228
- C:\Windows\System\OklRPAl.exe
  C:\Windows\System\OklRPAl.exe
  2⤵
  PID:6752
- C:\Windows\System\gHEDZcm.exe
  C:\Windows\System\gHEDZcm.exe
  2⤵
  PID:6168
- C:\Windows\System\WQHrYRv.exe
  C:\Windows\System\WQHrYRv.exe
  2⤵
  PID:948
- C:\Windows\System\HzSHLcc.exe
  C:\Windows\System\HzSHLcc.exe
  2⤵
  PID:5932
- C:\Windows\System\jUEuJMM.exe
  C:\Windows\System\jUEuJMM.exe
  2⤵
  PID:296
- C:\Windows\System\fJYUbdI.exe
  C:\Windows\System\fJYUbdI.exe
  2⤵
  PID:6236
- C:\Windows\System\Tcxifll.exe
  C:\Windows\System\Tcxifll.exe
  2⤵
  PID:3096
- C:\Windows\System\JXlmtYB.exe
  C:\Windows\System\JXlmtYB.exe
  2⤵
  PID:1948
- C:\Windows\System\IusAeqH.exe
  C:\Windows\System\IusAeqH.exe
  2⤵
  PID:6976
- C:\Windows\System\yUxUCqg.exe
  C:\Windows\System\yUxUCqg.exe
  2⤵
  PID:6476
- C:\Windows\System\NgdwJAm.exe
  C:\Windows\System\NgdwJAm.exe
  2⤵
  PID:6944
- C:\Windows\System\HrKyyfP.exe
  C:\Windows\System\HrKyyfP.exe
  2⤵
  PID:1496
- C:\Windows\System\FQLAUlV.exe
  C:\Windows\System\FQLAUlV.exe
  2⤵
  PID:6148
- C:\Windows\System\gdTAyIS.exe
  C:\Windows\System\gdTAyIS.exe
  2⤵
  PID:7188
- C:\Windows\System\AXJndMy.exe
  C:\Windows\System\AXJndMy.exe
  2⤵
  PID:7204
- C:\Windows\System\uqhRKif.exe
  C:\Windows\System\uqhRKif.exe
  2⤵
  PID:7224
- C:\Windows\System\gcSdJZp.exe
  C:\Windows\System\gcSdJZp.exe
  2⤵
  PID:7244
- C:\Windows\System\dDAsQUA.exe
  C:\Windows\System\dDAsQUA.exe
  2⤵
  PID:7264
- C:\Windows\System\UrRvCUp.exe
  C:\Windows\System\UrRvCUp.exe
  2⤵
  PID:7284
- C:\Windows\System\QvAVEuf.exe
  C:\Windows\System\QvAVEuf.exe
  2⤵
  PID:7304
- C:\Windows\System\JaJaSCs.exe
  C:\Windows\System\JaJaSCs.exe
  2⤵
  PID:7320
- C:\Windows\System\rCpMleY.exe
  C:\Windows\System\rCpMleY.exe
  2⤵
  PID:7348
- C:\Windows\System\rURcKgV.exe
  C:\Windows\System\rURcKgV.exe
  2⤵
  PID:7364
- C:\Windows\System\FMjRIpw.exe
  C:\Windows\System\FMjRIpw.exe
  2⤵
  PID:7380
- C:\Windows\System\tEehiOO.exe
  C:\Windows\System\tEehiOO.exe
  2⤵
  PID:7400
- C:\Windows\System\RzgtuMt.exe
  C:\Windows\System\RzgtuMt.exe
  2⤵
  PID:7416
- C:\Windows\System\edmSQzB.exe
  C:\Windows\System\edmSQzB.exe
  2⤵
  PID:7432
- C:\Windows\System\QvmJzUp.exe
  C:\Windows\System\QvmJzUp.exe
  2⤵
  PID:7452
- C:\Windows\System\ejGEjRZ.exe
  C:\Windows\System\ejGEjRZ.exe
  2⤵
  PID:7468
- C:\Windows\System\GFKhVBc.exe
  C:\Windows\System\GFKhVBc.exe
  2⤵
  PID:7484
- C:\Windows\System\fmWBUsh.exe
  C:\Windows\System\fmWBUsh.exe
  2⤵
  PID:7500
- C:\Windows\System\DvOzDEQ.exe
  C:\Windows\System\DvOzDEQ.exe
  2⤵
  PID:7516
- C:\Windows\System\XJwHqdV.exe
  C:\Windows\System\XJwHqdV.exe
  2⤵
  PID:7556
- C:\Windows\System\yaocXHr.exe
  C:\Windows\System\yaocXHr.exe
  2⤵
  PID:7596
- C:\Windows\System\ayZOVIi.exe
  C:\Windows\System\ayZOVIi.exe
  2⤵
  PID:7612
- C:\Windows\System\PrJgCdX.exe
  C:\Windows\System\PrJgCdX.exe
  2⤵
  PID:7628
- C:\Windows\System\cpTXTVS.exe
  C:\Windows\System\cpTXTVS.exe
  2⤵
  PID:7652
- C:\Windows\System\QJrHPFG.exe
  C:\Windows\System\QJrHPFG.exe
  2⤵
  PID:7668
- C:\Windows\System\UKLHjQa.exe
  C:\Windows\System\UKLHjQa.exe
  2⤵
  PID:7700
- C:\Windows\System\AWBynnJ.exe
  C:\Windows\System\AWBynnJ.exe
  2⤵
  PID:7720
- C:\Windows\System\EtbVFYs.exe
  C:\Windows\System\EtbVFYs.exe
  2⤵
  PID:7736
- C:\Windows\System\UhGIGUR.exe
  C:\Windows\System\UhGIGUR.exe
  2⤵
  PID:7752
- C:\Windows\System\jWeUKyT.exe
  C:\Windows\System\jWeUKyT.exe
  2⤵
  PID:7772
- C:\Windows\System\esywXQM.exe
  C:\Windows\System\esywXQM.exe
  2⤵
  PID:7788
- C:\Windows\System\wnbQppI.exe
  C:\Windows\System\wnbQppI.exe
  2⤵
  PID:7804
- C:\Windows\System\PPRAtaG.exe
  C:\Windows\System\PPRAtaG.exe
  2⤵
  PID:7824
- C:\Windows\System\UWGOsrv.exe
  C:\Windows\System\UWGOsrv.exe
  2⤵
  PID:7860
- C:\Windows\System\aNNOXuI.exe
  C:\Windows\System\aNNOXuI.exe
  2⤵
  PID:7876
- C:\Windows\System\WwpjBxz.exe
  C:\Windows\System\WwpjBxz.exe
  2⤵
  PID:7900
- C:\Windows\System\cdyWDtN.exe
  C:\Windows\System\cdyWDtN.exe
  2⤵
  PID:7916
- C:\Windows\System\LelDPUY.exe
  C:\Windows\System\LelDPUY.exe
  2⤵
  PID:7932
- C:\Windows\System\HYayyMn.exe
  C:\Windows\System\HYayyMn.exe
  2⤵
  PID:7948
- C:\Windows\System\AtAApDc.exe
  C:\Windows\System\AtAApDc.exe
  2⤵
  PID:7968
- C:\Windows\System\osQLtIp.exe
  C:\Windows\System\osQLtIp.exe
  2⤵
  PID:7988
- C:\Windows\System\lYQIjkI.exe
  C:\Windows\System\lYQIjkI.exe
  2⤵
  PID:8004
- C:\Windows\System\uTOQdrD.exe
  C:\Windows\System\uTOQdrD.exe
  2⤵
  PID:8032
- C:\Windows\System\bXFILka.exe
  C:\Windows\System\bXFILka.exe
  2⤵
  PID:8048
- C:\Windows\System\IgklgWb.exe
  C:\Windows\System\IgklgWb.exe
  2⤵
  PID:8080
- C:\Windows\System\ACsUNOd.exe
  C:\Windows\System\ACsUNOd.exe
  2⤵
  PID:8100
- C:\Windows\System\eCZjXrj.exe
  C:\Windows\System\eCZjXrj.exe
  2⤵
  PID:8116
- C:\Windows\System\lEVJKiY.exe
  C:\Windows\System\lEVJKiY.exe
  2⤵
  PID:8132
- C:\Windows\System\QbnxbCQ.exe
  C:\Windows\System\QbnxbCQ.exe
  2⤵
  PID:8148
- C:\Windows\System\xVuSJaP.exe
  C:\Windows\System\xVuSJaP.exe
  2⤵
  PID:8168
- C:\Windows\System\HhsaJXN.exe
  C:\Windows\System\HhsaJXN.exe
  2⤵
  PID:8188
- C:\Windows\System\ONoBtbC.exe
  C:\Windows\System\ONoBtbC.exe
  2⤵
  PID:688
- C:\Windows\System\eTloQmJ.exe
  C:\Windows\System\eTloQmJ.exe
  2⤵
  PID:7216
- C:\Windows\System\lhulpjI.exe
  C:\Windows\System\lhulpjI.exe
  2⤵
  PID:7232
- C:\Windows\System\pQVaPOs.exe
  C:\Windows\System\pQVaPOs.exe
  2⤵
  PID:7272
- C:\Windows\System\KDqiKEV.exe
  C:\Windows\System\KDqiKEV.exe
  2⤵
  PID:7328
- C:\Windows\System\vznbUaG.exe
  C:\Windows\System\vznbUaG.exe
  2⤵
  PID:7312
- C:\Windows\System\iOSMMSD.exe
  C:\Windows\System\iOSMMSD.exe
  2⤵
  PID:7372
- C:\Windows\System\vYfcyfN.exe
  C:\Windows\System\vYfcyfN.exe
  2⤵
  PID:7444
- C:\Windows\System\MLMfUwo.exe
  C:\Windows\System\MLMfUwo.exe
  2⤵
  PID:7508
- C:\Windows\System\xDOtWKR.exe
  C:\Windows\System\xDOtWKR.exe
  2⤵
  PID:7360
- C:\Windows\System\LpEDqBt.exe
  C:\Windows\System\LpEDqBt.exe
  2⤵
  PID:7492
- C:\Windows\System\BdOCdFm.exe
  C:\Windows\System\BdOCdFm.exe
  2⤵
  PID:7604
- C:\Windows\System\iUKfKRN.exe
  C:\Windows\System\iUKfKRN.exe
  2⤵
  PID:7584
- C:\Windows\System\KVegHiA.exe
  C:\Windows\System\KVegHiA.exe
  2⤵
  PID:7624
- C:\Windows\System\EAvXHEY.exe
  C:\Windows\System\EAvXHEY.exe
  2⤵
  PID:7664
- C:\Windows\System\aRISoPk.exe
  C:\Windows\System\aRISoPk.exe
  2⤵
  PID:7744
- C:\Windows\System\fRHremN.exe
  C:\Windows\System\fRHremN.exe
  2⤵
  PID:7732
- C:\Windows\System\vZwNvvW.exe
  C:\Windows\System\vZwNvvW.exe
  2⤵
  PID:7784
- C:\Windows\System\oEdfNYj.exe
  C:\Windows\System\oEdfNYj.exe
  2⤵
  PID:7800
- C:\Windows\System\vyjsxUn.exe
  C:\Windows\System\vyjsxUn.exe
  2⤵
  PID:7848
- C:\Windows\System\TJGlJwU.exe
  C:\Windows\System\TJGlJwU.exe
  2⤵
  PID:7836
- C:\Windows\System\JfiQRca.exe
  C:\Windows\System\JfiQRca.exe
  2⤵
  PID:7944
- C:\Windows\System\TiJJrFK.exe
  C:\Windows\System\TiJJrFK.exe
  2⤵
  PID:7984
- C:\Windows\System\qTbrExU.exe
  C:\Windows\System\qTbrExU.exe
  2⤵
  PID:7964
- C:\Windows\System\VZdWRTn.exe
  C:\Windows\System\VZdWRTn.exe
  2⤵
  PID:8064
- C:\Windows\System\wxdfXae.exe
  C:\Windows\System\wxdfXae.exe
  2⤵
  PID:7928
- C:\Windows\System\ZZlfiiE.exe
  C:\Windows\System\ZZlfiiE.exe
  2⤵
  PID:8072
- C:\Windows\System\iFWjjJr.exe
  C:\Windows\System\iFWjjJr.exe
  2⤵
  PID:8088
- C:\Windows\System\uEnfVQg.exe
  C:\Windows\System\uEnfVQg.exe
  2⤵
  PID:8108
- C:\Windows\System\QOksmKJ.exe
  C:\Windows\System\QOksmKJ.exe
  2⤵
  PID:8176
- C:\Windows\System\BCzLAWm.exe
  C:\Windows\System\BCzLAWm.exe
  2⤵
  PID:7240
- C:\Windows\System\FTfrVcj.exe
  C:\Windows\System\FTfrVcj.exe
  2⤵
  PID:8160
- C:\Windows\System\zXhYNSt.exe
  C:\Windows\System\zXhYNSt.exe
  2⤵
  PID:7280
- C:\Windows\System\xswvUgy.exe
  C:\Windows\System\xswvUgy.exe
  2⤵
  PID:7440
- C:\Windows\System\CJAeURr.exe
  C:\Windows\System\CJAeURr.exe
  2⤵
  PID:7496
- C:\Windows\System\xoyNWoq.exe
  C:\Windows\System\xoyNWoq.exe
  2⤵
  PID:7300
- C:\Windows\System\CMeMPxB.exe
  C:\Windows\System\CMeMPxB.exe
  2⤵
  PID:7388
- C:\Windows\System\DzEjMEU.exe
  C:\Windows\System\DzEjMEU.exe
  2⤵
  PID:7408
- C:\Windows\System\azgUDBd.exe
  C:\Windows\System\azgUDBd.exe
  2⤵
  PID:7296
- C:\Windows\System\jhSitdm.exe
  C:\Windows\System\jhSitdm.exe
  2⤵
  PID:7708
- C:\Windows\System\qEcDyhC.exe
  C:\Windows\System\qEcDyhC.exe
  2⤵
  PID:7716
- C:\Windows\System\dDEViRB.exe
  C:\Windows\System\dDEViRB.exe
  2⤵
  PID:7796
- C:\Windows\System\UDaDXXM.exe
  C:\Windows\System\UDaDXXM.exe
  2⤵
  PID:7760
- C:\Windows\System\VIefJWo.exe
  C:\Windows\System\VIefJWo.exe
  2⤵
  PID:7856
- C:\Windows\System\NNyVRXk.exe
  C:\Windows\System\NNyVRXk.exe
  2⤵
  PID:7980
- C:\Windows\System\rLhvAMV.exe
  C:\Windows\System\rLhvAMV.exe
  2⤵
  PID:7924
- C:\Windows\System\oAXnisN.exe
  C:\Windows\System\oAXnisN.exe
  2⤵
  PID:8044
- C:\Windows\System\JAKXxfv.exe
  C:\Windows\System\JAKXxfv.exe
  2⤵
  PID:7200
- C:\Windows\System\QxwSfbm.exe
  C:\Windows\System\QxwSfbm.exe
  2⤵
  PID:7212
- C:\Windows\System\vQlxcCb.exe
  C:\Windows\System\vQlxcCb.exe
  2⤵
  PID:8128
- C:\Windows\System\oYhtQym.exe
  C:\Windows\System\oYhtQym.exe
  2⤵
  PID:7412
- C:\Windows\System\GrfWfre.exe
  C:\Windows\System\GrfWfre.exe
  2⤵
  PID:7396
- C:\Windows\System\JUCHpCO.exe
  C:\Windows\System\JUCHpCO.exe
  2⤵
  PID:7548
- C:\Windows\System\aCHQmAa.exe
  C:\Windows\System\aCHQmAa.exe
  2⤵
  PID:7392
- C:\Windows\System\HwovbHX.exe
  C:\Windows\System\HwovbHX.exe
  2⤵
  PID:7620
- C:\Windows\System\RvKofhP.exe
  C:\Windows\System\RvKofhP.exe
  2⤵
  PID:7640
- C:\Windows\System\knpoANw.exe
  C:\Windows\System\knpoANw.exe
  2⤵
  PID:7820
- C:\Windows\System\GCefYED.exe
  C:\Windows\System\GCefYED.exe
  2⤵
  PID:7852
- C:\Windows\System\SadFzmq.exe
  C:\Windows\System\SadFzmq.exe
  2⤵
  PID:8144
- C:\Windows\System\BLkwtcH.exe
  C:\Windows\System\BLkwtcH.exe
  2⤵
  PID:8020
- C:\Windows\System\qTGWpIg.exe
  C:\Windows\System\qTGWpIg.exe
  2⤵
  PID:8092
- C:\Windows\System\MSKbmnL.exe
  C:\Windows\System\MSKbmnL.exe
  2⤵
  PID:8124
- C:\Windows\System\PCFBqSb.exe
  C:\Windows\System\PCFBqSb.exe
  2⤵
  PID:7480
- C:\Windows\System\ktjDyHq.exe
  C:\Windows\System\ktjDyHq.exe
  2⤵
  PID:7592
- C:\Windows\System\qcXYAKG.exe
  C:\Windows\System\qcXYAKG.exe
  2⤵
  PID:7424
- C:\Windows\System\yuNNSRt.exe
  C:\Windows\System\yuNNSRt.exe
  2⤵
  PID:8068
- C:\Windows\System\ZVUvyaR.exe
  C:\Windows\System\ZVUvyaR.exe
  2⤵
  PID:7180
- C:\Windows\System\PqoQLfm.exe
  C:\Windows\System\PqoQLfm.exe
  2⤵
  PID:7636
- C:\Windows\System\vEDviAL.exe
  C:\Windows\System\vEDviAL.exe
  2⤵
  PID:7332
- C:\Windows\System\ZqbQHKk.exe
  C:\Windows\System\ZqbQHKk.exe
  2⤵
  PID:8204
- C:\Windows\System\OBjoTXM.exe
  C:\Windows\System\OBjoTXM.exe
  2⤵
  PID:8252
- C:\Windows\System\fMIWxzr.exe
  C:\Windows\System\fMIWxzr.exe
  2⤵
  PID:8276
- C:\Windows\System\HNJYAhg.exe
  C:\Windows\System\HNJYAhg.exe
  2⤵
  PID:8292
- C:\Windows\System\NBOtJPP.exe
  C:\Windows\System\NBOtJPP.exe
  2⤵
  PID:8308
- C:\Windows\System\rZlKiow.exe
  C:\Windows\System\rZlKiow.exe
  2⤵
  PID:8324
- C:\Windows\System\DgKHCOg.exe
  C:\Windows\System\DgKHCOg.exe
  2⤵
  PID:8356
- C:\Windows\System\UPECnRO.exe
  C:\Windows\System\UPECnRO.exe
  2⤵
  PID:8372
- C:\Windows\System\UjnbBIU.exe
  C:\Windows\System\UjnbBIU.exe
  2⤵
  PID:8388
- C:\Windows\System\oLPSibF.exe
  C:\Windows\System\oLPSibF.exe
  2⤵
  PID:8428
- C:\Windows\System\vMuQOYV.exe
  C:\Windows\System\vMuQOYV.exe
  2⤵
  PID:8444
- C:\Windows\System\FSlnBib.exe
  C:\Windows\System\FSlnBib.exe
  2⤵
  PID:8460
- C:\Windows\System\TSSqGvg.exe
  C:\Windows\System\TSSqGvg.exe
  2⤵
  PID:8476
- C:\Windows\System\lsgHrul.exe
  C:\Windows\System\lsgHrul.exe
  2⤵
  PID:8492
- C:\Windows\System\GlmaTdV.exe
  C:\Windows\System\GlmaTdV.exe
  2⤵
  PID:8524
- C:\Windows\System\SUgdUsk.exe
  C:\Windows\System\SUgdUsk.exe
  2⤵
  PID:8544
- C:\Windows\System\GezTPGu.exe
  C:\Windows\System\GezTPGu.exe
  2⤵
  PID:8580
- C:\Windows\System\qWVzKkn.exe
  C:\Windows\System\qWVzKkn.exe
  2⤵
  PID:8600
- C:\Windows\System\VFHRYJc.exe
  C:\Windows\System\VFHRYJc.exe
  2⤵
  PID:8616
- C:\Windows\System\tTOSxif.exe
  C:\Windows\System\tTOSxif.exe
  2⤵
  PID:8632
- C:\Windows\System\heYZfgw.exe
  C:\Windows\System\heYZfgw.exe
  2⤵
  PID:8648
- C:\Windows\System\yArzfaX.exe
  C:\Windows\System\yArzfaX.exe
  2⤵
  PID:8668
- C:\Windows\System\fktTcJF.exe
  C:\Windows\System\fktTcJF.exe
  2⤵
  PID:8696
- C:\Windows\System\zVQOidv.exe
  C:\Windows\System\zVQOidv.exe
  2⤵
  PID:8716
- C:\Windows\System\SscdcfF.exe
  C:\Windows\System\SscdcfF.exe
  2⤵
  PID:8732
- C:\Windows\System\cswfDzy.exe
  C:\Windows\System\cswfDzy.exe
  2⤵
  PID:8756
- C:\Windows\System\lSTEOMG.exe
  C:\Windows\System\lSTEOMG.exe
  2⤵
  PID:8776
- C:\Windows\System\GeHAhiw.exe
  C:\Windows\System\GeHAhiw.exe
  2⤵
  PID:8792
- C:\Windows\System\ihjScup.exe
  C:\Windows\System\ihjScup.exe
  2⤵
  PID:8808
- C:\Windows\System\nKSCWKt.exe
  C:\Windows\System\nKSCWKt.exe
  2⤵
  PID:8844
- C:\Windows\System\PzPbzHv.exe
  C:\Windows\System\PzPbzHv.exe
  2⤵
  PID:8860
- C:\Windows\System\OhFprZZ.exe
  C:\Windows\System\OhFprZZ.exe
  2⤵
  PID:8876
- C:\Windows\System\VLuVoeN.exe
  C:\Windows\System\VLuVoeN.exe
  2⤵
  PID:8892
- C:\Windows\System\bMKDohL.exe
  C:\Windows\System\bMKDohL.exe
  2⤵
  PID:8920
- C:\Windows\System\jLmybLE.exe
  C:\Windows\System\jLmybLE.exe
  2⤵
  PID:8936
- C:\Windows\System\PRVzByc.exe
  C:\Windows\System\PRVzByc.exe
  2⤵
  PID:8964
- C:\Windows\System\ZlpqByF.exe
  C:\Windows\System\ZlpqByF.exe
  2⤵
  PID:8980
- C:\Windows\System\rDZXniV.exe
  C:\Windows\System\rDZXniV.exe
  2⤵
  PID:9004
- C:\Windows\System\ZSXnQTX.exe
  C:\Windows\System\ZSXnQTX.exe
  2⤵
  PID:9028
- C:\Windows\System\gxTSIXt.exe
  C:\Windows\System\gxTSIXt.exe
  2⤵
  PID:9044
- C:\Windows\System\Lvqttyr.exe
  C:\Windows\System\Lvqttyr.exe
  2⤵
  PID:9064
- C:\Windows\System\rKVDutR.exe
  C:\Windows\System\rKVDutR.exe
  2⤵
  PID:9084
- C:\Windows\System\lSxonpO.exe
  C:\Windows\System\lSxonpO.exe
  2⤵
  PID:9100
- C:\Windows\System\isMXPxM.exe
  C:\Windows\System\isMXPxM.exe
  2⤵
  PID:9120
- C:\Windows\System\TLOkwQO.exe
  C:\Windows\System\TLOkwQO.exe
  2⤵
  PID:9136
- C:\Windows\System\zuPTwWl.exe
  C:\Windows\System\zuPTwWl.exe
  2⤵
  PID:9164
- C:\Windows\System\JDRMWZg.exe
  C:\Windows\System\JDRMWZg.exe
  2⤵
  PID:9180
- C:\Windows\System\PeijnGQ.exe
  C:\Windows\System\PeijnGQ.exe
  2⤵
  PID:9204
- C:\Windows\System\ThvANPS.exe
  C:\Windows\System\ThvANPS.exe
  2⤵
  PID:7960
- C:\Windows\System\AeFlFOF.exe
  C:\Windows\System\AeFlFOF.exe
  2⤵
  PID:7540
- C:\Windows\System\VDNwEQU.exe
  C:\Windows\System\VDNwEQU.exe
  2⤵
  PID:7676
- C:\Windows\System\GgWPDwd.exe
  C:\Windows\System\GgWPDwd.exe
  2⤵
  PID:7428
- C:\Windows\System\WSrVsXv.exe
  C:\Windows\System\WSrVsXv.exe
  2⤵
  PID:8232
- C:\Windows\System\VgHVcWU.exe
  C:\Windows\System\VgHVcWU.exe
  2⤵
  PID:8216
- C:\Windows\System\ooNjRcB.exe
  C:\Windows\System\ooNjRcB.exe
  2⤵
  PID:8300
- C:\Windows\System\IOeDYwA.exe
  C:\Windows\System\IOeDYwA.exe
  2⤵
  PID:8284
- C:\Windows\System\EHmbvbc.exe
  C:\Windows\System\EHmbvbc.exe
  2⤵
  PID:8364
- C:\Windows\System\GIZymUK.exe
  C:\Windows\System\GIZymUK.exe
  2⤵
  PID:8420
- C:\Windows\System\noAnTcQ.exe
  C:\Windows\System\noAnTcQ.exe
  2⤵
  PID:8500
- C:\Windows\System\FzDcFjA.exe
  C:\Windows\System\FzDcFjA.exe
  2⤵
  PID:8508
- C:\Windows\System\EMPqdeg.exe
  C:\Windows\System\EMPqdeg.exe
  2⤵
  PID:2128
- C:\Windows\System\PQZhqmL.exe
  C:\Windows\System\PQZhqmL.exe
  2⤵
  PID:8552
- C:\Windows\System\tpwzeAS.exe
  C:\Windows\System\tpwzeAS.exe
  2⤵
  PID:2936
- C:\Windows\System\yhbcStZ.exe
  C:\Windows\System\yhbcStZ.exe
  2⤵
  PID:8596
- C:\Windows\System\cPDvzBE.exe
  C:\Windows\System\cPDvzBE.exe
  2⤵
  PID:8612
- C:\Windows\System\MVNivGs.exe
  C:\Windows\System\MVNivGs.exe
  2⤵
  PID:8688
- C:\Windows\System\kEPMRpZ.exe
  C:\Windows\System\kEPMRpZ.exe
  2⤵
  PID:8724
- C:\Windows\System\iIHbZhm.exe
  C:\Windows\System\iIHbZhm.exe
  2⤵
  PID:8772
- C:\Windows\System\zaYqwWZ.exe
  C:\Windows\System\zaYqwWZ.exe
  2⤵
  PID:8800
- C:\Windows\System\BsehvLs.exe
  C:\Windows\System\BsehvLs.exe
  2⤵
  PID:8740
- C:\Windows\System\MIcTsfA.exe
  C:\Windows\System\MIcTsfA.exe
  2⤵
  PID:8788
- C:\Windows\System\XxMBQHH.exe
  C:\Windows\System\XxMBQHH.exe
  2⤵
  PID:8832
- C:\Windows\System\FmkQIpA.exe
  C:\Windows\System\FmkQIpA.exe
  2⤵
  PID:8852
- C:\Windows\System\PWLiayc.exe
  C:\Windows\System\PWLiayc.exe
  2⤵
  PID:8872
- C:\Windows\System\fxztsXm.exe
  C:\Windows\System\fxztsXm.exe
  2⤵
  PID:8908
- C:\Windows\System\HxDZiuw.exe
  C:\Windows\System\HxDZiuw.exe
  2⤵
  PID:8948
- C:\Windows\System\cmDrkrA.exe
  C:\Windows\System\cmDrkrA.exe
  2⤵
  PID:2228
- C:\Windows\System\AHGzVMR.exe
  C:\Windows\System\AHGzVMR.exe
  2⤵
  PID:8836
- C:\Windows\System\IVWVXJn.exe
  C:\Windows\System\IVWVXJn.exe
  2⤵
  PID:9012
- C:\Windows\System\fWqFnZA.exe
  C:\Windows\System\fWqFnZA.exe
  2⤵
  PID:9040
- C:\Windows\System\ACiwrPJ.exe
  C:\Windows\System\ACiwrPJ.exe
  2⤵
  PID:9092
- C:\Windows\System\QSzoHTy.exe
  C:\Windows\System\QSzoHTy.exe
  2⤵
  PID:9132
- C:\Windows\System\SWQLXeh.exe
  C:\Windows\System\SWQLXeh.exe
  2⤵
  PID:9076
- C:\Windows\System\AavLjBh.exe
  C:\Windows\System\AavLjBh.exe
  2⤵
  PID:9176
- C:\Windows\System\QaKrHIf.exe
  C:\Windows\System\QaKrHIf.exe
  2⤵
  PID:9200
- C:\Windows\System\QqfDZWT.exe
  C:\Windows\System\QqfDZWT.exe
  2⤵
  PID:7908
- C:\Windows\System\QwmFewc.exe
  C:\Windows\System\QwmFewc.exe
  2⤵
  PID:8000
- C:\Windows\System\KdfSvbU.exe
  C:\Windows\System\KdfSvbU.exe
  2⤵
  PID:8236
- C:\Windows\System\DXQokGo.exe
  C:\Windows\System\DXQokGo.exe
  2⤵
  PID:8340
- C:\Windows\System\RHaxnDk.exe
  C:\Windows\System\RHaxnDk.exe
  2⤵
  PID:8368
- C:\Windows\System\rFFkOem.exe
  C:\Windows\System\rFFkOem.exe
  2⤵
  PID:8404
- C:\Windows\System\dCtBvZK.exe
  C:\Windows\System\dCtBvZK.exe
  2⤵
  PID:8504
- C:\Windows\System\hlcVIxa.exe
  C:\Windows\System\hlcVIxa.exe
  2⤵
  PID:8556
- C:\Windows\System\tPGOspj.exe
  C:\Windows\System\tPGOspj.exe
  2⤵
  PID:8540
- C:\Windows\System\IDhoPJX.exe
  C:\Windows\System\IDhoPJX.exe
  2⤵
  PID:8676
- C:\Windows\System\TlWOqLi.exe
  C:\Windows\System\TlWOqLi.exe
  2⤵
  PID:8656
- C:\Windows\System\oYoZhSd.exe
  C:\Windows\System\oYoZhSd.exe
  2⤵
  PID:8708
- C:\Windows\System\vjBsDwo.exe
  C:\Windows\System\vjBsDwo.exe
  2⤵
  PID:2088
- C:\Windows\System\mwUWgny.exe
  C:\Windows\System\mwUWgny.exe
  2⤵
  PID:8784
- C:\Windows\System\ASrVhpb.exe
  C:\Windows\System\ASrVhpb.exe
  2⤵
  PID:8828
- C:\Windows\System\qNJLUlZ.exe
  C:\Windows\System\qNJLUlZ.exe
  2⤵
  PID:8868
- C:\Windows\System\UinOcHv.exe
  C:\Windows\System\UinOcHv.exe
  2⤵
  PID:8916
- C:\Windows\System\QwhyqLR.exe
  C:\Windows\System\QwhyqLR.exe
  2⤵
  PID:8960
- C:\Windows\System\UFDjTTD.exe
  C:\Windows\System\UFDjTTD.exe
  2⤵
  PID:8992
- C:\Windows\System\GAzgTiD.exe
  C:\Windows\System\GAzgTiD.exe
  2⤵
  PID:9116
- C:\Windows\System\aLPUHRo.exe
  C:\Windows\System\aLPUHRo.exe
  2⤵
  PID:9036
- C:\Windows\System\vfTCFQC.exe
  C:\Windows\System\vfTCFQC.exe
  2⤵
  PID:7256
- C:\Windows\System\wnsSwNI.exe
  C:\Windows\System\wnsSwNI.exe
  2⤵
  PID:8200
- C:\Windows\System\pBCLIYB.exe
  C:\Windows\System\pBCLIYB.exe
  2⤵
  PID:9156
- C:\Windows\System\yiMdwfw.exe
  C:\Windows\System\yiMdwfw.exe
  2⤵
  PID:8272
- C:\Windows\System\zEfsLXl.exe
  C:\Windows\System\zEfsLXl.exe
  2⤵
  PID:8412
- C:\Windows\System\zXhnWnD.exe
  C:\Windows\System\zXhnWnD.exe
  2⤵
  PID:8452
- C:\Windows\System\kCYytak.exe
  C:\Windows\System\kCYytak.exe
  2⤵
  PID:8488
- C:\Windows\System\kRjxwQe.exe
  C:\Windows\System\kRjxwQe.exe
  2⤵
  PID:8640
- C:\Windows\System\GGeARgV.exe
  C:\Windows\System\GGeARgV.exe
  2⤵
  PID:8704
- C:\Windows\System\rtfrwmV.exe
  C:\Windows\System\rtfrwmV.exe
  2⤵
  PID:8516
- C:\Windows\System\ThOPMfk.exe
  C:\Windows\System\ThOPMfk.exe
  2⤵
  PID:404
- C:\Windows\System\aSJCpzO.exe
  C:\Windows\System\aSJCpzO.exe
  2⤵
  PID:9144
- C:\Windows\System\jnpVnaq.exe
  C:\Windows\System\jnpVnaq.exe
  2⤵
  PID:3020
- C:\Windows\System\QHcBHEQ.exe
  C:\Windows\System\QHcBHEQ.exe
  2⤵
  PID:8884
- C:\Windows\System\nUeduGt.exe
  C:\Windows\System\nUeduGt.exe
  2⤵
  PID:9128
- C:\Windows\System\vTRZTyH.exe
  C:\Windows\System\vTRZTyH.exe
  2⤵
  PID:8976
- C:\Windows\System\cqgTvTO.exe
  C:\Windows\System\cqgTvTO.exe
  2⤵
  PID:8400
- C:\Windows\System\fwUjEUB.exe
  C:\Windows\System\fwUjEUB.exe
  2⤵
  PID:7544
- C:\Windows\System\rqYLvMp.exe
  C:\Windows\System\rqYLvMp.exe
  2⤵
  PID:2388
- C:\Windows\System\OzMvizm.exe
  C:\Windows\System\OzMvizm.exe
  2⤵
  PID:8680
- C:\Windows\System\qmoVmLZ.exe
  C:\Windows\System\qmoVmLZ.exe
  2⤵
  PID:8332
- C:\Windows\System\ahGxRgo.exe
  C:\Windows\System\ahGxRgo.exe
  2⤵
  PID:8320
- C:\Windows\System\WYjsZsn.exe
  C:\Windows\System\WYjsZsn.exe
  2⤵
  PID:8440
- C:\Windows\System\jKACxRO.exe
  C:\Windows\System\jKACxRO.exe
  2⤵
  PID:7344
- C:\Windows\System\zStiATj.exe
  C:\Windows\System\zStiATj.exe
  2⤵
  PID:2440
- C:\Windows\System\hYuotYj.exe
  C:\Windows\System\hYuotYj.exe
  2⤵
  PID:3016
- C:\Windows\System\HaFHLxQ.exe
  C:\Windows\System\HaFHLxQ.exe
  2⤵
  PID:9232
- C:\Windows\System\MvlpfsI.exe
  C:\Windows\System\MvlpfsI.exe
  2⤵
  PID:9248
- C:\Windows\System\xJWBcGm.exe
  C:\Windows\System\xJWBcGm.exe
  2⤵
  PID:9300
- C:\Windows\System\gunMoCF.exe
  C:\Windows\System\gunMoCF.exe
  2⤵
  PID:9316
- C:\Windows\System\GWJapll.exe
  C:\Windows\System\GWJapll.exe
  2⤵
  PID:9332
- C:\Windows\System\xzLZVDn.exe
  C:\Windows\System\xzLZVDn.exe
  2⤵
  PID:9348
- C:\Windows\System\QSiKFKd.exe
  C:\Windows\System\QSiKFKd.exe
  2⤵
  PID:9380
- C:\Windows\System\FpRpckk.exe
  C:\Windows\System\FpRpckk.exe
  2⤵
  PID:9396
- C:\Windows\System\bGSUCFT.exe
  C:\Windows\System\bGSUCFT.exe
  2⤵
  PID:9416
- C:\Windows\System\BRCMLAk.exe
  C:\Windows\System\BRCMLAk.exe
  2⤵
  PID:9440
- C:\Windows\System\KjHOoci.exe
  C:\Windows\System\KjHOoci.exe
  2⤵
  PID:9460
- C:\Windows\System\uiyVJeR.exe
  C:\Windows\System\uiyVJeR.exe
  2⤵
  PID:9476
- C:\Windows\System\gatuQnC.exe
  C:\Windows\System\gatuQnC.exe
  2⤵
  PID:9496
- C:\Windows\System\notrBgc.exe
  C:\Windows\System\notrBgc.exe
  2⤵
  PID:9520
- C:\Windows\System\kWBdaFX.exe
  C:\Windows\System\kWBdaFX.exe
  2⤵
  PID:9540
- C:\Windows\System\XiIbqXB.exe
  C:\Windows\System\XiIbqXB.exe
  2⤵
  PID:9560
- C:\Windows\System\klfVnBW.exe
  C:\Windows\System\klfVnBW.exe
  2⤵
  PID:9580
- C:\Windows\System\IgVEhwE.exe
  C:\Windows\System\IgVEhwE.exe
  2⤵
  PID:9600
- C:\Windows\System\hmvibaT.exe
  C:\Windows\System\hmvibaT.exe
  2⤵
  PID:9616
- C:\Windows\System\eghlvDd.exe
  C:\Windows\System\eghlvDd.exe
  2⤵
  PID:9636
- C:\Windows\System\AjluCVe.exe
  C:\Windows\System\AjluCVe.exe
  2⤵
  PID:9656
- C:\Windows\System\bzVVhil.exe
  C:\Windows\System\bzVVhil.exe
  2⤵
  PID:9676
- C:\Windows\System\qGWUuNr.exe
  C:\Windows\System\qGWUuNr.exe
  2⤵
  PID:9704
- C:\Windows\System\bXoxzXe.exe
  C:\Windows\System\bXoxzXe.exe
  2⤵
  PID:9724
- C:\Windows\System\JkgNURv.exe
  C:\Windows\System\JkgNURv.exe
  2⤵
  PID:9740
- C:\Windows\System\xvZTWtu.exe
  C:\Windows\System\xvZTWtu.exe
  2⤵
  PID:9760
- C:\Windows\System\xPMLLON.exe
  C:\Windows\System\xPMLLON.exe
  2⤵
  PID:9780
- C:\Windows\System\qxKTOaj.exe
  C:\Windows\System\qxKTOaj.exe
  2⤵
  PID:9796
- C:\Windows\System\pHErriD.exe
  C:\Windows\System\pHErriD.exe
  2⤵
  PID:9816
- C:\Windows\System\LXossiI.exe
  C:\Windows\System\LXossiI.exe
  2⤵
  PID:9840
- C:\Windows\System\xgFvFoN.exe
  C:\Windows\System\xgFvFoN.exe
  2⤵
  PID:9860
- C:\Windows\System\ZNixvkm.exe
  C:\Windows\System\ZNixvkm.exe
  2⤵
  PID:9876
- C:\Windows\System\kRXMayb.exe
  C:\Windows\System\kRXMayb.exe
  2⤵
  PID:9900
- C:\Windows\System\iIDiLAu.exe
  C:\Windows\System\iIDiLAu.exe
  2⤵
  PID:9920
- C:\Windows\System\GcDzUWd.exe
  C:\Windows\System\GcDzUWd.exe
  2⤵
  PID:9940
- C:\Windows\System\esNxRMt.exe
  C:\Windows\System\esNxRMt.exe
  2⤵
  PID:9960
- C:\Windows\System\VXdiDNW.exe
  C:\Windows\System\VXdiDNW.exe
  2⤵
  PID:9976
- C:\Windows\System\EISceYZ.exe
  C:\Windows\System\EISceYZ.exe
  2⤵
  PID:10016
- C:\Windows\System\jrUrqZL.exe
  C:\Windows\System\jrUrqZL.exe
  2⤵
  PID:10040
- C:\Windows\System\VLWTzJj.exe
  C:\Windows\System\VLWTzJj.exe
  2⤵
  PID:10072
- C:\Windows\System\ZuNSUoR.exe
  C:\Windows\System\ZuNSUoR.exe
  2⤵
  PID:10092
- C:\Windows\System\kWjXHGg.exe
  C:\Windows\System\kWjXHGg.exe
  2⤵
  PID:10108
- C:\Windows\System\ZiOTFEk.exe
  C:\Windows\System\ZiOTFEk.exe
  2⤵
  PID:10124
- C:\Windows\System\gfyLUmm.exe
  C:\Windows\System\gfyLUmm.exe
  2⤵
  PID:10148
- C:\Windows\System\ZDFSnzA.exe
  C:\Windows\System\ZDFSnzA.exe
  2⤵
  PID:10168
- C:\Windows\System\INpSVip.exe
  C:\Windows\System\INpSVip.exe
  2⤵
  PID:10184
- C:\Windows\System\houEOdj.exe
  C:\Windows\System\houEOdj.exe
  2⤵
  PID:10212
- C:\Windows\System\jUVaucf.exe
  C:\Windows\System\jUVaucf.exe
  2⤵
  PID:8900
- C:\Windows\System\KsghbQt.exe
  C:\Windows\System\KsghbQt.exe
  2⤵
  PID:9228
- C:\Windows\System\lrBiaWp.exe
  C:\Windows\System\lrBiaWp.exe
  2⤵
  PID:8268
- C:\Windows\System\WzjAOUa.exe
  C:\Windows\System\WzjAOUa.exe
  2⤵
  PID:8988
- C:\Windows\System\VbhadOZ.exe
  C:\Windows\System\VbhadOZ.exe
  2⤵
  PID:7688
- C:\Windows\System\mHXqLgv.exe
  C:\Windows\System\mHXqLgv.exe
  2⤵
  PID:9280
- C:\Windows\System\ZQKeBPQ.exe
  C:\Windows\System\ZQKeBPQ.exe
  2⤵
  PID:9324
- C:\Windows\System\eLGkPux.exe
  C:\Windows\System\eLGkPux.exe
  2⤵
  PID:9364
- C:\Windows\System\ZxhwMbB.exe
  C:\Windows\System\ZxhwMbB.exe
  2⤵
  PID:9360
- C:\Windows\System\oDnlkGK.exe
  C:\Windows\System\oDnlkGK.exe
  2⤵
  PID:9432
- C:\Windows\System\zsClJqh.exe
  C:\Windows\System\zsClJqh.exe
  2⤵
  PID:9452
- C:\Windows\System\GvOtPOT.exe
  C:\Windows\System\GvOtPOT.exe
  2⤵
  PID:9488
- C:\Windows\System\QwPesnz.exe
  C:\Windows\System\QwPesnz.exe
  2⤵
  PID:9508
- C:\Windows\System\jvdDsFo.exe
  C:\Windows\System\jvdDsFo.exe
  2⤵
  PID:9556
- C:\Windows\System\RpUYVXO.exe
  C:\Windows\System\RpUYVXO.exe
  2⤵
  PID:9292
- C:\Windows\System\AMdMTmW.exe
  C:\Windows\System\AMdMTmW.exe
  2⤵
  PID:9608
- C:\Windows\System\gBJzpSX.exe
  C:\Windows\System\gBJzpSX.exe
  2⤵
  PID:9632
- C:\Windows\System\ReUQZqg.exe
  C:\Windows\System\ReUQZqg.exe
  2⤵
  PID:9684
- C:\Windows\System\NUmlWWp.exe
  C:\Windows\System\NUmlWWp.exe
  2⤵
  PID:9720
- C:\Windows\System\hcIBSZk.exe
  C:\Windows\System\hcIBSZk.exe
  2⤵
  PID:9756
- C:\Windows\System\HuhEsOH.exe
  C:\Windows\System\HuhEsOH.exe
  2⤵
  PID:9776
- C:\Windows\System\vnvvskO.exe
  C:\Windows\System\vnvvskO.exe
  2⤵
  PID:9832
- C:\Windows\System\TJwyVIT.exe
  C:\Windows\System\TJwyVIT.exe
  2⤵
  PID:9852
- C:\Windows\System\OWscGHQ.exe
  C:\Windows\System\OWscGHQ.exe
  2⤵
  PID:9908
- C:\Windows\System\emhjPNu.exe
  C:\Windows\System\emhjPNu.exe
  2⤵
  PID:9932
- C:\Windows\System\Hgkdfgk.exe
  C:\Windows\System\Hgkdfgk.exe
  2⤵
  PID:9956
- C:\Windows\System\bmAEEdF.exe
  C:\Windows\System\bmAEEdF.exe
  2⤵
  PID:9992
- C:\Windows\System\EWUmLyV.exe
  C:\Windows\System\EWUmLyV.exe
  2⤵
  PID:9692
- C:\Windows\System\mqhObNj.exe
  C:\Windows\System\mqhObNj.exe
  2⤵
  PID:10088
- C:\Windows\System\RQYfzyW.exe
  C:\Windows\System\RQYfzyW.exe
  2⤵
  PID:10104
- C:\Windows\System\FqrcNRM.exe
  C:\Windows\System\FqrcNRM.exe
  2⤵
  PID:10140
- C:\Windows\System\syUXlhF.exe
  C:\Windows\System\syUXlhF.exe
  2⤵
  PID:10196
- C:\Windows\System\tXLxfwN.exe
  C:\Windows\System\tXLxfwN.exe
  2⤵
  PID:10232
- C:\Windows\System\CnKXKDa.exe
  C:\Windows\System\CnKXKDa.exe
  2⤵
  PID:7780
- C:\Windows\System\JYrAyUZ.exe
  C:\Windows\System\JYrAyUZ.exe
  2⤵
  PID:8624
- C:\Windows\System\ZAxsVQA.exe
  C:\Windows\System\ZAxsVQA.exe
  2⤵
  PID:9268
- C:\Windows\System\UKRgoXu.exe
  C:\Windows\System\UKRgoXu.exe
  2⤵
  PID:9284
- C:\Windows\System\txKpFra.exe
  C:\Windows\System\txKpFra.exe
  2⤵
  PID:9288
- C:\Windows\System\IIUkwwM.exe
  C:\Windows\System\IIUkwwM.exe
  2⤵
  PID:9428
- C:\Windows\System\bDilSBw.exe
  C:\Windows\System\bDilSBw.exe
  2⤵
  PID:9484
- C:\Windows\System\hiTXckh.exe
  C:\Windows\System\hiTXckh.exe
  2⤵
  PID:9532
- C:\Windows\System\iuXAfbA.exe
  C:\Windows\System\iuXAfbA.exe
  2⤵
  PID:9408
- C:\Windows\System\vCmbzCG.exe
  C:\Windows\System\vCmbzCG.exe
  2⤵
  PID:10004
- C:\Windows\System\GlYUyij.exe
  C:\Windows\System\GlYUyij.exe
  2⤵
  PID:9672
- C:\Windows\System\TUUEEjx.exe
  C:\Windows\System\TUUEEjx.exe
  2⤵
  PID:9700
- C:\Windows\System\vurMrlX.exe
  C:\Windows\System\vurMrlX.exe
  2⤵
  PID:9808
- C:\Windows\System\nAnRCcK.exe
  C:\Windows\System\nAnRCcK.exe
  2⤵
  PID:9768
- C:\Windows\System\rnJfZao.exe
  C:\Windows\System\rnJfZao.exe
  2⤵
  PID:9888
- C:\Windows\System\xIJbzmP.exe
  C:\Windows\System\xIJbzmP.exe
  2⤵
  PID:9948
- C:\Windows\System\UcAZMHx.exe
  C:\Windows\System\UcAZMHx.exe
  2⤵
  PID:9988
- C:\Windows\System\KFSNDmZ.exe
  C:\Windows\System\KFSNDmZ.exe
  2⤵
  PID:10028
- C:\Windows\System\FFWCZgI.exe
  C:\Windows\System\FFWCZgI.exe
  2⤵
  PID:10080
- C:\Windows\System\aNuSvbX.exe
  C:\Windows\System\aNuSvbX.exe
  2⤵
  PID:10236
- C:\Windows\System\gecSdMQ.exe
  C:\Windows\System\gecSdMQ.exe
  2⤵
  PID:10132
- C:\Windows\System\CqWCjKh.exe
  C:\Windows\System\CqWCjKh.exe
  2⤵
  PID:10220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AHcUkJG.exe

Filesize
6.0MB

MD5
6d150b3ebb2ebebaa771a44bcecb79b8

SHA1
7630d6919aa037582a952fa386214eebcd00b4bb

SHA256
f6987550cba0090abd9a7043a1fb28507df01cbf45c9d746489a4d5fd00799a0

SHA512
fc9f4d793cf8f9901cbd2f99ce5253e32d4c94db99eae6ed544a19ca28d4dd97f28f47e56f747cb714123a801a1d7e82387f8702ffc71131f0b956c0c0f6244e

Download Submit
C:\Windows\system\ANgcGRC.exe

Filesize
6.0MB

MD5
935761b24412c6463abcbd7a6123f8b6

SHA1
11be09da0846c8411d0e0133b0c7ba7ab5a2bcdc

SHA256
006e6727c57bed59bc97002bafe811ad5395117637d45ab12dcaccdd3c089b0a

SHA512
13dd1b2e4364a8fb18d0e937b95332380b048bf6ccfdf5ac7a69b676c6e042920ef9901f2e7d4cde8b45e34f81595401e3235eef48889a34e9546843ab3056a5

Download Submit
C:\Windows\system\BxwEZYx.exe

Filesize
6.0MB

MD5
b66cd734e5a8039547e8a873d28e8649

SHA1
7c6dfe664d3cb4b06913f974df3def1e57484c31

SHA256
a1d38f49aa375a35ee2d13e2ddaf9b4530df3f0d094c25442876fdc1c7f6b8fb

SHA512
e19c3e6ccbb562c9ae47308952107987460366021562dfaaeeb7b585d66738a79e801cd929a500688ae43535f0a177729f166c3fd02021e4ac2ff690c0b00915

Download Submit
C:\Windows\system\ECcmBAL.exe

Filesize
6.0MB

MD5
a73de12b85de9bdedf20aabc53c3cb98

SHA1
b5f4b5d96952a85ee06f8f4e813e4228622bf26a

SHA256
c32829ea9b7c56c53115901e64d777cc76060c87ec6b4aca3db1cb022f418376

SHA512
fa97f3d4a1e9a8b19f263cd21aa102f9e6b17ec88af9b0b5d245325aef2628756e579bbad44dae46c55621ab2fb7c13a12452243d02d0c34e569e82d82927a03

Download Submit
C:\Windows\system\EURKUSI.exe

Filesize
6.0MB

MD5
4d4329985791a913ccd700517b8eb3d2

SHA1
a1343a0aa693a2717286668d6dcbe9f43a9df4ad

SHA256
5da244d5649cb2bb8d7e1fcc265f0801a066a639c42ec84a22d87de9f03d603a

SHA512
d4696de90ae8421d1416c1e53e3b6bb9f9ab8370e6cf8a02419b7d7a2c71a6badf05175dd26d6e20555f5f1941de57bc2ba4a2739c7a46929396dbecfaa66891

Download Submit
C:\Windows\system\IacDJii.exe

Filesize
6.0MB

MD5
00eea00b303946beee6f46a31dbbebea

SHA1
e8453098dd171753e40ad474933644184decd353

SHA256
f0e8822bf2351be0ccd0a77243b5df9b63069a4df7ddf6db5babce005c2ad287

SHA512
7fd2f9f500859910081bd0c592d9a51e705252b0353ae73bdf815f4cf33891f9f272205750a227073fcba90dbfc39c189a75fe467b2efb638f1f9240db31cc73

Download Submit
C:\Windows\system\IbhyvKq.exe

Filesize
6.0MB

MD5
8c0de8ccc937ed8b28aae77eca117a5f

SHA1
1263d88b191092708c82012749d60354881fe698

SHA256
8f94ecd919d2c6d502560f7d443b41bf159bbca6214bd0b78f628ef967030185

SHA512
44dc5d7d4082534aaf98773e310adfb2079bc2c477b2b3113a4db9993dd41f7e27ef402714e3059422009d9283f6699354b30cf100927b200641d96e28e2cf8f

Download Submit
C:\Windows\system\IezhrEd.exe

Filesize
6.0MB

MD5
3164200ef8cb5b2e29e5e9bbf343eea0

SHA1
415803c22ac65611f5b18e05a9883dbed689d68d

SHA256
30ed72147b4ae5341de76e8b86cd8266aa344d9c4eded959b8488e2ed683be60

SHA512
24c50eba0d6a6936f8ade2bbafd83c96312a392bc885546a0a54b3fe23d0fea9cf2c3732f40076f87960e8a73050adef715110923515fe3616c20d620100865f

Download Submit
C:\Windows\system\KiYGCRJ.exe

Filesize
6.0MB

MD5
4c774364268255811df3efafe09b07a4

SHA1
8556a620358810736378dcc1dd12580805c857e4

SHA256
b480f86b43d42364786d4e5be257ceda1a84f23ea7948a98edc049fb0222ccb2

SHA512
a3f1297c99ff509623832458b1d8f8f237c937b6d20b81359eea7a2d576eaba1e488ffb6e0deee76421044415a597ecc290c1cd9ec50ab902bce182af8418ad3

Download Submit
C:\Windows\system\MuaKIfj.exe

Filesize
6.0MB

MD5
d0b6671d4a99886e05b6787f0593de7f

SHA1
8144d91f79395499c4d65ea19deddb6452bfceb6

SHA256
0fb697db693061f6889c20ea10679c70897fb1062c86edc589d7b83aef42e102

SHA512
d160e19f536c0ab1795cc0aa82436a00001453d97ebec0a9922e8baf2f48c05a1fa4c4a61f890b5e1b80ce0269a83f2bbebbcdc3df6118625c9b167738f93e84

Download Submit
C:\Windows\system\NjgOBju.exe

Filesize
6.0MB

MD5
a4b6eb180fccd7890a598892cfdcb63e

SHA1
a3ae8acb10f3c030254e4edfc6ec228ed2815b3f

SHA256
fb333f186566b3c029c8f0696b72d8769be79cc9a10a9b8333ee23e3f40378c1

SHA512
f425c3228454932a38ff227479bfc2d742112ca4c2029038fc90446858797141942d2c557f543d4a0436ceb2c02d0d7fa7e69a34f4dbe254c2e800bd1745293c

Download Submit
C:\Windows\system\OmoGASK.exe

Filesize
8B

MD5
31f85bccfb212d6e7a86ac624a0ba287

SHA1
3b693f779eda266a8cd692a006847d8aa98feeaf

SHA256
62d3e6d6d0aa2d548b160c8aca70327fe9def790e681d56faec8289920bf3f87

SHA512
55dc0616c5bd9def231c51ae85870fc099ee602549a22d99ab7cd11ae69d9f474b0e5fd9c5aba7ee458ca1c9ba16e1618254c1d6c166d8e8783fc9f63ce71a75

Download Submit
C:\Windows\system\OwgxgGY.exe

Filesize
6.0MB

MD5
5b12c5d5cb3965d6a8fd6303cf8a27dd

SHA1
3e966822fc32877e9d0a3e9dc0becdd998b725b4

SHA256
c0a8927170dfed9bafcf0c9428a94fa9c024b54968740ee3cbef9bd2875e44b2

SHA512
bf64fd28d75525e27a5535ea5ba798b510af58bb518fa504fda75af3a4b129e85c6e59b194d824912d4077f36c86c4aa1f7da28950b6a7ba62d21fd7483df44d

Download Submit
C:\Windows\system\PgyViYk.exe

Filesize
6.0MB

MD5
9f8d634c8d8208d0165b15860bfa86f8

SHA1
102cca8d17aeb4c19ffe914abd6d325dd4b88797

SHA256
bf5a9d5fee94ff9485de37a566a294c57c3b92afb0e0a052be0e7c009bfe18e8

SHA512
2b734bbd1a150464b638153a8c53f05220c666608dbcbd37c76f860dfe39fffc7ff80127a63b67e07f94b56fddbd3f53a628fd3d8e52c430806821159c46fb0d

Download Submit
C:\Windows\system\SrfojIy.exe

Filesize
6.0MB

MD5
38bcd9a22fddc11aedc36ad47c61ea9c

SHA1
2745254eb699dbe6b7655ec8975e14ad55af2d9d

SHA256
a6079f0447ab22199be28c549dc8986775f27053431a23e2544b16885ea8b8dd

SHA512
74ce98bae1c83599a35e2912e1547c21b31608613cbcb42175844d300c1c3c241eb2b4b1045a9a32e103bdddd60e14bde6b65b74870a0cf183fc62e6f71f58c4

Download Submit
C:\Windows\system\TsYzora.exe

Filesize
6.0MB

MD5
3c76c631c728c44d7752fe11d0928757

SHA1
82831b9c34b7c840d8d70a967761b07c34a1072e

SHA256
1903bee0b6d50517193111bb7b415e17b62eeb9882bd97041fc95ca4ce1f000e

SHA512
84788bf0d079b604fb306f25cb5131eba8d129e4d3eb249ad8dceb767af36e3ecc244c78336ec8bc1787e0afa42b83ca1ee0c0b1d62fc8cc7fadf50a1301fe35

Download Submit
C:\Windows\system\WBGWVdQ.exe

Filesize
6.0MB

MD5
209745c622b654ea5f23c30b520655bc

SHA1
1df33149e3aff9dfd01cbbd844fa134895cda614

SHA256
5e47c018937ace8f94679d977189836356d966926e8e678e113e58b6693312bc

SHA512
ac4baf41c8f82941bcf501eba6986a62c39a5a672a5c513347c51d2c5f0f4674dda3a5883ce4b2ce63c060b1ee65171540158e4c5d7cdaaf3c5714e33a76ebee

Download Submit
C:\Windows\system\YBOAUww.exe

Filesize
6.0MB

MD5
9283192b3641debdf2b8c0b7e0a9b288

SHA1
de223432a006ad02718525b770cca92a05c027a7

SHA256
332bcdbeef18283cca52e44595880fef92555802787324d458da1a87c908cbd9

SHA512
7d8115569185489a6e8fdc3d333b93d50d3420ced48fab23dbb7c42d4e42aa7af6236d0b3abc8f48750bcb64ceaa109117013aef731501cd86241b1cdac4e3b1

Download Submit
C:\Windows\system\ZGVyNav.exe

Filesize
6.0MB

MD5
9d7ee6602e497e0272c4ec5c5e4f70cd

SHA1
3064aeff457aa9d84b73da4a06b173eb9c411a3f

SHA256
dae777e07f9fa2fbed1ed03ba3d1c2d2cfe5a24f976cd19be8beeed61c8ebbaa

SHA512
a9b25cf09fc9be1d04a1ac2fc5379d6ac6d22c03ed11f3628de783e1d91c1d07f9c65fb05e6898c8eb49476ad83bcd0894beba63a9af277e58e009f2c7127d96

Download Submit
C:\Windows\system\ZUdhtXP.exe

Filesize
6.0MB

MD5
6a0c816bd4cce84c83c793a002957dd0

SHA1
49bf6c9e9ec2d2c475ee009728297777ac1cac7f

SHA256
2ad8f3e3658d293ac2853ec646d6326833bf3648a75a2e92d9cfdcf1b39fdb34

SHA512
709354332f96ee81eb758c3b1114b748ddb8d4482346da0493caf05061da7c39764cabc3922c10e0643f8a2216b66da649c9637067f33603fdf2153feda84fe6

Download Submit
C:\Windows\system\bScRUnB.exe

Filesize
6.0MB

MD5
29a483f2bfb73156043eb3199ec2ef1b

SHA1
f429b6cfd054f34eb8a9da6279400cf914214ec0

SHA256
0dfabaa8134ed03d646940ced1715e57d67ebdb058660af37acc5bf3a86d84bc

SHA512
c78d035c21ce1df9d491940ce03116c483cc2f23c22622e2a5eb3e5e229c4f0938a31aaf19d751eb25ceed698fe3539afd19eb1239d9764f6ec30d571772b54d

Download Submit
C:\Windows\system\gDCcWto.exe

Filesize
6.0MB

MD5
2257176b0115768472d67b8fb69aaa42

SHA1
052f6f9dfe62adba7c961942df8be66b8fb02cf0

SHA256
799d92798db54704cd73bfae887103122447248bc5f2189fa59fafec3fb618bb

SHA512
7b784cab4034ad4f7ff4d79057d8d8c2388829be3e8aec73b9346df5863a4803376ed551dceffe72ee880b49edbc5090b40e0f1d3cbcc8c2bb8f1dae4d5c2896

Download Submit
C:\Windows\system\gVANNOH.exe

Filesize
6.0MB

MD5
3672d1b4e70717a9500f5acc448fec94

SHA1
4316e88772ca9658bc31a4fa17cf3b28fd16cfed

SHA256
7c11bc34d48b4610ae9921ce0cbd002eb42f1fa41558e8dbfaa1a9b1c0138f7e

SHA512
2bf15378d4743c2fc71e02bf66a8e84ffe0e266e655625ac13b72f5e56a79d2b34e555b39890c3e87d32e88218518873e46e0ac5c14c6e97d0b601b86a1d01ed

Download Submit
C:\Windows\system\mQIGWjW.exe

Filesize
6.0MB

MD5
4fa374c3091a0beed6159e1397e546fe

SHA1
46d62955336b73441c616089ed691373e98f2c90

SHA256
0c6622fdb95cf6936e827e95f749345589e1af6995048cd7d088fea908017d1c

SHA512
ea79b02b83e34d40e41b71b285edee6321839d332d149fa2eecb8e18945a5660728a57287e75ef2688720ee691093e84f1c5122edfe4d186925d09e3c9002d7e

Download Submit
C:\Windows\system\pTfPHdo.exe

Filesize
6.0MB

MD5
8bd93461a957c320d4de16cebaebf5da

SHA1
20c63968d7d346b3ff47fc0f921a9ca847115547

SHA256
abc2a7ae4af0c36d58d16d1e40316b7b0525895cf4699be731d6b036972fc4c8

SHA512
41bc859b044d5043e34ad50200edebf61abd309bfd544de798d4cd2261a85fe4dd7a7374ea0e39400d57ff4d34d2e79527dc3d9f69fa07d1d2746d0d0f956d81

Download Submit
C:\Windows\system\rvyFmmM.exe

Filesize
6.0MB

MD5
28b20829c3ca00d671174307db6c776f

SHA1
4301854518a49b116efec7730ebd9968e3d4697e

SHA256
2ae8688e7e9097bf2e96f4d83a77b08d3c681a526fbb3c95d1beb264d62d650b

SHA512
5b11736f68a0dc9e0933f023e680a3991dbfae87a66f89be4828a4cda394552bd73a3e5e0e9dbeb0340beb8bbc929bcc2342ba746e72633ed88a043dc48c320e

Download Submit
C:\Windows\system\tMSHNZf.exe

Filesize
6.0MB

MD5
8376a4002aa18a623f5a16df3e3e3673

SHA1
ea5131dca2439b1698ead7944f1ed33175b196e1

SHA256
e10991344d723460f969c502879f286519dda5b73da460ed509872cd4f813d26

SHA512
396e37f392b06be58f5c76554aad3c58315b68f1bb2e451a2843e2b3fb57745cb020dcf70e1f6adab6ff2efb330062aac3c3231cd6fa46b025422db7bd73d983

Download Submit
C:\Windows\system\vKxnXkH.exe

Filesize
6.0MB

MD5
4eb979b9ee350e71d1ee6a3ae705382c

SHA1
e51fb91387de114d3e1301a03da77b679c638157

SHA256
3ce4e6817f9e4dc9ba337160f6689037bcf07180837be35dafb5f5d930fc57e4

SHA512
099af7dcd33905d1095b5af4a7fe1cc9b154e4fc077fb8a579dc39e5d8e77e600cb2675e711c52c3691c2cd62ea97afff55271d3da6870c9cbe6e45cd6294131

Download Submit
C:\Windows\system\vzVfvne.exe

Filesize
6.0MB

MD5
86687d548e8ea59d3a1e8b0ef3aa71b6

SHA1
7e25c159ad53ec518bb38a1a67061d8b486227d8

SHA256
73157ed951dfe83fac016023fdf3684f34681c3f56a92e9b2c1245a717b1165f

SHA512
396507abec645b2aa938984c88f575634238d5fd678a2cb18b51cfd39c46edb515367e843df0e6607df75257803ed3abbe403cdb607bfa7a29150e95bcce405b

Download Submit
C:\Windows\system\wbrZsXP.exe

Filesize
6.0MB

MD5
b3ac14287eba986209b18ba9b68bfb28

SHA1
1dfdfdccfbcd52fec9ce64740a84b4d1d61b5e46

SHA256
17eb1d016e8fdc57848beea66a8e96a6fef3d9208e1c77c157ede4459d293bf1

SHA512
7e06e5eaf273df4fa444c822045aa47a8724a6cafe45fd6bdded88023e3d64b7d5c51c2392b78def58fdf3bc9ba05849c93b2819101872a14a52936fbbad7ecc

Download Submit
C:\Windows\system\xAMONfF.exe

Filesize
6.0MB

MD5
812846b847943e5aeb2700cc3b339a05

SHA1
9bd98918b4afab51751920bd4873ae6a98d2084f

SHA256
f3dc6b57394b112473bc0bf344d7cc77015954bc4c7f9311a82d6fcdfb5bc2f6

SHA512
d4188bd2e4de8cb6e1defb9683a2c947e44e316fe23ab8d0b7763eb464a3772b822970958d2639686907511b7300bc69644b9c1122201fe961d436b65d338822

Download Submit
C:\Windows\system\yIEUEbQ.exe

Filesize
6.0MB

MD5
f72b867d35ba7104521db72ec27b2f00

SHA1
1a1ced529f0b5e7b31016b7c020123d93bbf8e53

SHA256
58c5f7ad5980e76c3932adfa4b73b0a544fe00d31ede75d33b3c3e6e268bf497

SHA512
9bda9302a035f80cf9ed8e9c725430baf9401c10dc24cfd887200bf254c7b151dc70004b2860a189fd57f4cccc3d7d36e196dcceed54d2e44ac7f71ce951f145

Download Submit
\Windows\system\DqgzTPW.exe

Filesize
6.0MB

MD5
a50228068f937db8391039dbdd0130b9

SHA1
5bf51eacfdef25d1316d2c9fbf90c34f880f6ec2

SHA256
75cc988e14aee22cded14b858177780a31ff53b8cb981fc86a3b2127985bd629

SHA512
3b3b4769561181dc5e5b53040a9078c7a5a29acfba30938851a496322738d9785be34cee81df3a70c8821e89fbe606a07dedd8f833817a20e0d085be945dd6c6

Download Submit
memory/1512-3045-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1512-105-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1512-800-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2987-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-29-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-79-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2068-44-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2068-2994-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2148-3025-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-70-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-217-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-94-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2244-55-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3017-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2408-2990-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2408-74-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2492-2983-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2492-28-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3036-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-86-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-471-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-95-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-624-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3047-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-104-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3022-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-64-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-50-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2760-85-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3019-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2784-351-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3035-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2784-80-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2912-15-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2912-2991-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2976-60-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2976-42-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-90-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2976-693-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2976-547-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-928-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2976-100-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2976-99-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2976-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-108-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2976-75-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2976-67-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-91-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-19-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2976-33-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-34-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2976-291-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2976-37-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2976-52-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2976-25-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2976-109-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2976-7-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-14-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-45-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-2985-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download