cobaltstrike | b71e259bdefc76eaff4eabd4dc7f2f3f7ba7567cda04e90e4efc51d54a724736

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

023a798c0c826d044ea719cc910904f9
SHA1

af575a6cee5180e50905aa6e677d6c9e8e1769b1
SHA256

b71e259bdefc76eaff4eabd4dc7f2f3f7ba7567cda04e90e4efc51d54a724736
SHA512

141db104c57a3cfe12c13a6d594dc7cf2426cb8690c2369a7176b31114e6fe28a2aa26b26b3a5271b9b2a268f07dd8506753fd783c5ffb1ef897d2f00e47c9a8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUR:T+q56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120f1-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d89-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fdf-10.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173a9-29.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-67.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018676-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017492-26.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000171a8-56.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186e4-43.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174cc-42.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2408-0-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x00090000000120f1-6.dat	xmrig
behavioral1/files/0x0009000000016d89-8.dat	xmrig
behavioral1/files/0x0008000000016fdf-10.dat	xmrig
behavioral1/memory/2752-53-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x00080000000173a9-29.dat	xmrig
behavioral1/memory/2720-63-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2892-70-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2664-76-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2408-81-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2408-97-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x0005000000019431-105.dat	xmrig
behavioral1/files/0x000500000001960f-157.dat	xmrig
behavioral1/memory/2348-507-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2156-508-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/1808-510-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2408-509-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2664-387-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961d-190.dat	xmrig
behavioral1/files/0x0005000000019619-180.dat	xmrig
behavioral1/files/0x000500000001961b-184.dat	xmrig
behavioral1/files/0x0005000000019615-174.dat	xmrig
behavioral1/files/0x0005000000019613-169.dat	xmrig
behavioral1/files/0x0005000000019611-164.dat	xmrig
behavioral1/files/0x000500000001960b-149.dat	xmrig
behavioral1/files/0x00050000000195c5-139.dat	xmrig
behavioral1/files/0x000500000001950c-129.dat	xmrig
behavioral1/files/0x000500000001960d-155.dat	xmrig
behavioral1/files/0x0005000000019609-145.dat	xmrig
behavioral1/files/0x0005000000019582-134.dat	xmrig
behavioral1/files/0x000500000001944f-114.dat	xmrig
behavioral1/files/0x0005000000019461-122.dat	xmrig
behavioral1/files/0x0005000000019441-112.dat	xmrig
behavioral1/files/0x0005000000019427-103.dat	xmrig
behavioral1/memory/1808-98-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2872-96-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x000500000001941e-95.dat	xmrig
behavioral1/memory/2156-91-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2348-82-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c2-80.dat	xmrig
behavioral1/memory/2900-90-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x00050000000193e1-88.dat	xmrig
behavioral1/files/0x00050000000193b4-73.dat	xmrig
behavioral1/files/0x0005000000019350-67.dat	xmrig
behavioral1/files/0x000e000000018676-35.dat	xmrig
behavioral1/files/0x0007000000017492-26.dat	xmrig
behavioral1/memory/1788-21-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2872-62-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2460-61-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x00080000000171a8-56.dat	xmrig
behavioral1/memory/3048-55-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2408-54-0x0000000002280000-0x00000000025D4000-memory.dmp	xmrig
behavioral1/memory/2408-50-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2540-49-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2900-48-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x00080000000186e4-43.dat	xmrig
behavioral1/files/0x00070000000174cc-42.dat	xmrig
behavioral1/memory/2008-33-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2008-3296-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2752-3362-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2664-3368-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2900-3367-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2156-3390-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/1808-3393-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2540	elMqajJ.exe
1788	xozuAbl.exe
2008	HqXKKdl.exe
2752	myhkcAu.exe
3048	PcKOrTt.exe
2900	MndieCd.exe
2460	RQSImXv.exe
2872	nVYESKM.exe
2720	UodBtbJ.exe
2892	wTqcrOj.exe
2664	IaBApAX.exe
2348	oKXraMM.exe
2156	ZyfCzxI.exe
1808	FqjSUNE.exe
2444	DNBQBNV.exe
2964	rkPpUBX.exe
2924	nMwrGgR.exe
2844	cicABXR.exe
3008	ZHyzZvk.exe
2376	HanhlDu.exe
1640	LqxipHP.exe
1656	czVEEpQ.exe
2160	velLhKZ.exe
2316	dGNsoGs.exe
480	dFtDMip.exe
1856	ADTTfdL.exe
2304	AtoUECF.exe
3068	UJixHvc.exe
2580	kOaegzU.exe
2028	TjVCPSm.exe
2652	XuYKjkC.exe
1744	qsxRNnC.exe
1812	HbYEPzs.exe
1364	BRctvzF.exe
1528	RurZlHt.exe
760	FTFUzcq.exe
1708	UEWFXHl.exe
1784	kckCSkq.exe
1156	ZQcmiri.exe
2172	MvMHDcR.exe
840	BUXrZYd.exe
2364	LSsDfNB.exe
2224	dOJemWj.exe
2432	Jtbyiqy.exe
2284	wEvjbqG.exe
2404	jZxtUhZ.exe
1728	SKtFVuw.exe
1936	rJolDXL.exe
1616	oILcthD.exe
2288	GXEfyFH.exe
1552	vmDMYrY.exe
2428	YJzWnpg.exe
2368	tbCqDRi.exe
2180	OzNCFus.exe
2760	ClUyFks.exe
2776	aBBmxgP.exe
2264	RUylqgN.exe
2632	PhMbufi.exe
2684	VytnQSe.exe
2516	saxwOAm.exe
2980	EzzXTVU.exe
3016	aCrXROo.exe
2084	gcgjqAz.exe
2812	mqGppFW.exe

Loads dropped DLL 64 IoCs

pid	Process
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2408-0-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x00090000000120f1-6.dat	upx
behavioral1/files/0x0009000000016d89-8.dat	upx
behavioral1/files/0x0008000000016fdf-10.dat	upx
behavioral1/memory/2752-53-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x00080000000173a9-29.dat	upx
behavioral1/memory/2720-63-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2892-70-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2664-76-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2408-81-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x0005000000019431-105.dat	upx
behavioral1/files/0x000500000001960f-157.dat	upx
behavioral1/memory/2348-507-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2156-508-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/1808-510-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2664-387-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x000500000001961d-190.dat	upx
behavioral1/files/0x0005000000019619-180.dat	upx
behavioral1/files/0x000500000001961b-184.dat	upx
behavioral1/files/0x0005000000019615-174.dat	upx
behavioral1/files/0x0005000000019613-169.dat	upx
behavioral1/files/0x0005000000019611-164.dat	upx
behavioral1/files/0x000500000001960b-149.dat	upx
behavioral1/files/0x00050000000195c5-139.dat	upx
behavioral1/files/0x000500000001950c-129.dat	upx
behavioral1/files/0x000500000001960d-155.dat	upx
behavioral1/files/0x0005000000019609-145.dat	upx
behavioral1/files/0x0005000000019582-134.dat	upx
behavioral1/files/0x000500000001944f-114.dat	upx
behavioral1/files/0x0005000000019461-122.dat	upx
behavioral1/files/0x0005000000019441-112.dat	upx
behavioral1/files/0x0005000000019427-103.dat	upx
behavioral1/memory/1808-98-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2872-96-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x000500000001941e-95.dat	upx
behavioral1/memory/2156-91-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2348-82-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x00050000000193c2-80.dat	upx
behavioral1/memory/2900-90-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x00050000000193e1-88.dat	upx
behavioral1/files/0x00050000000193b4-73.dat	upx
behavioral1/files/0x0005000000019350-67.dat	upx
behavioral1/files/0x000e000000018676-35.dat	upx
behavioral1/files/0x0007000000017492-26.dat	upx
behavioral1/memory/1788-21-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2872-62-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2460-61-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x00080000000171a8-56.dat	upx
behavioral1/memory/3048-55-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2540-49-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2900-48-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x00080000000186e4-43.dat	upx
behavioral1/files/0x00070000000174cc-42.dat	upx
behavioral1/memory/2008-33-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2008-3296-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2752-3362-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2664-3368-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2900-3367-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2156-3390-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/1808-3393-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/1788-3398-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2892-3396-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2720-3402-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2872-3406-0x000000013FF10000-0x0000000140264000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CNJNYAL.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkmKRJJ.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGNsoGs.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRVDOoN.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETZhaHW.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtwpzHA.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHotvfd.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RiYgNtO.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfaNfti.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVdDofB.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkPJIGc.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMXFOim.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipSVpdQ.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LrMMhsK.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTqaBHL.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COzIdBa.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsyTkTL.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRTCVHi.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzHxzGa.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FgoBzKk.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAoVdIr.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQdHEBN.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMzotNY.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByNONuW.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoTSBtj.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHVeKkA.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vcndjdw.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnzcQmx.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcLvHoD.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGvptGJ.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNDzGUL.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrpfxkC.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKiYONy.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RexlxmG.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBoFGGA.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqYgAjM.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jkvjtfy.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNdcjuh.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDApdyz.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcOowDT.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQSImXv.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdJdebK.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpSquwN.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPGYWRF.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJGnUrX.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVAazmx.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikMJzbt.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbxxSrF.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\snMNbqd.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzJljls.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYdOgZy.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfTmOgo.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLPMRkW.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\muASUPA.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ythSzfj.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbLqXwS.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHzOLcx.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmauelt.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGsbREy.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhRxtZm.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lshlvBM.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxPDnTa.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKVOQoS.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVwpJCG.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
10964	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2540	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2408 wrote to memory of 2540	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2408 wrote to memory of 2540	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2408 wrote to memory of 1788	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2408 wrote to memory of 1788	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2408 wrote to memory of 1788	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2408 wrote to memory of 2008	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2408 wrote to memory of 2008	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2408 wrote to memory of 2008	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2408 wrote to memory of 2460	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2408 wrote to memory of 2460	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2408 wrote to memory of 2460	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2408 wrote to memory of 2752	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2408 wrote to memory of 2752	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2408 wrote to memory of 2752	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2408 wrote to memory of 2872	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2408 wrote to memory of 2872	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2408 wrote to memory of 2872	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2408 wrote to memory of 3048	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2408 wrote to memory of 3048	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2408 wrote to memory of 3048	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2408 wrote to memory of 2720	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2408 wrote to memory of 2720	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2408 wrote to memory of 2720	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2408 wrote to memory of 2900	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2408 wrote to memory of 2900	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2408 wrote to memory of 2900	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2408 wrote to memory of 2892	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2408 wrote to memory of 2892	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2408 wrote to memory of 2892	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2408 wrote to memory of 2664	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2408 wrote to memory of 2664	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2408 wrote to memory of 2664	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2408 wrote to memory of 2348	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2408 wrote to memory of 2348	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2408 wrote to memory of 2348	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2408 wrote to memory of 2156	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2408 wrote to memory of 2156	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2408 wrote to memory of 2156	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2408 wrote to memory of 1808	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2408 wrote to memory of 1808	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2408 wrote to memory of 1808	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2408 wrote to memory of 2444	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2408 wrote to memory of 2444	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2408 wrote to memory of 2444	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2408 wrote to memory of 2924	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2408 wrote to memory of 2924	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2408 wrote to memory of 2924	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2408 wrote to memory of 2964	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2408 wrote to memory of 2964	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2408 wrote to memory of 2964	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2408 wrote to memory of 3008	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2408 wrote to memory of 3008	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2408 wrote to memory of 3008	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2408 wrote to memory of 2844	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2408 wrote to memory of 2844	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2408 wrote to memory of 2844	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2408 wrote to memory of 2376	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2408 wrote to memory of 2376	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2408 wrote to memory of 2376	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2408 wrote to memory of 1640	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2408 wrote to memory of 1640	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2408 wrote to memory of 1640	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2408 wrote to memory of 1656	2408	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\System\elMqajJ.exe
  C:\Windows\System\elMqajJ.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\xozuAbl.exe
  C:\Windows\System\xozuAbl.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\HqXKKdl.exe
  C:\Windows\System\HqXKKdl.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\RQSImXv.exe
  C:\Windows\System\RQSImXv.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\myhkcAu.exe
  C:\Windows\System\myhkcAu.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\nVYESKM.exe
  C:\Windows\System\nVYESKM.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\PcKOrTt.exe
  C:\Windows\System\PcKOrTt.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\UodBtbJ.exe
  C:\Windows\System\UodBtbJ.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\MndieCd.exe
  C:\Windows\System\MndieCd.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\wTqcrOj.exe
  C:\Windows\System\wTqcrOj.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\IaBApAX.exe
  C:\Windows\System\IaBApAX.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\oKXraMM.exe
  C:\Windows\System\oKXraMM.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ZyfCzxI.exe
  C:\Windows\System\ZyfCzxI.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\FqjSUNE.exe
  C:\Windows\System\FqjSUNE.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\DNBQBNV.exe
  C:\Windows\System\DNBQBNV.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\nMwrGgR.exe
  C:\Windows\System\nMwrGgR.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\rkPpUBX.exe
  C:\Windows\System\rkPpUBX.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\ZHyzZvk.exe
  C:\Windows\System\ZHyzZvk.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\cicABXR.exe
  C:\Windows\System\cicABXR.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\HanhlDu.exe
  C:\Windows\System\HanhlDu.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\LqxipHP.exe
  C:\Windows\System\LqxipHP.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\czVEEpQ.exe
  C:\Windows\System\czVEEpQ.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\velLhKZ.exe
  C:\Windows\System\velLhKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\dGNsoGs.exe
  C:\Windows\System\dGNsoGs.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\dFtDMip.exe
  C:\Windows\System\dFtDMip.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\ADTTfdL.exe
  C:\Windows\System\ADTTfdL.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\AtoUECF.exe
  C:\Windows\System\AtoUECF.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\UJixHvc.exe
  C:\Windows\System\UJixHvc.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\kOaegzU.exe
  C:\Windows\System\kOaegzU.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\TjVCPSm.exe
  C:\Windows\System\TjVCPSm.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\XuYKjkC.exe
  C:\Windows\System\XuYKjkC.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\qsxRNnC.exe
  C:\Windows\System\qsxRNnC.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\HbYEPzs.exe
  C:\Windows\System\HbYEPzs.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\BRctvzF.exe
  C:\Windows\System\BRctvzF.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\RurZlHt.exe
  C:\Windows\System\RurZlHt.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\FTFUzcq.exe
  C:\Windows\System\FTFUzcq.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\UEWFXHl.exe
  C:\Windows\System\UEWFXHl.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\kckCSkq.exe
  C:\Windows\System\kckCSkq.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ZQcmiri.exe
  C:\Windows\System\ZQcmiri.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\MvMHDcR.exe
  C:\Windows\System\MvMHDcR.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\BUXrZYd.exe
  C:\Windows\System\BUXrZYd.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\LSsDfNB.exe
  C:\Windows\System\LSsDfNB.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\dOJemWj.exe
  C:\Windows\System\dOJemWj.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\Jtbyiqy.exe
  C:\Windows\System\Jtbyiqy.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\wEvjbqG.exe
  C:\Windows\System\wEvjbqG.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\SKtFVuw.exe
  C:\Windows\System\SKtFVuw.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\jZxtUhZ.exe
  C:\Windows\System\jZxtUhZ.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\rJolDXL.exe
  C:\Windows\System\rJolDXL.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\oILcthD.exe
  C:\Windows\System\oILcthD.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\GXEfyFH.exe
  C:\Windows\System\GXEfyFH.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\vmDMYrY.exe
  C:\Windows\System\vmDMYrY.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\tbCqDRi.exe
  C:\Windows\System\tbCqDRi.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\YJzWnpg.exe
  C:\Windows\System\YJzWnpg.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\OzNCFus.exe
  C:\Windows\System\OzNCFus.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\ClUyFks.exe
  C:\Windows\System\ClUyFks.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\aBBmxgP.exe
  C:\Windows\System\aBBmxgP.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\RUylqgN.exe
  C:\Windows\System\RUylqgN.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\VytnQSe.exe
  C:\Windows\System\VytnQSe.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\PhMbufi.exe
  C:\Windows\System\PhMbufi.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\saxwOAm.exe
  C:\Windows\System\saxwOAm.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\EzzXTVU.exe
  C:\Windows\System\EzzXTVU.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\aCrXROo.exe
  C:\Windows\System\aCrXROo.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\gcgjqAz.exe
  C:\Windows\System\gcgjqAz.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\mqGppFW.exe
  C:\Windows\System\mqGppFW.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\ulRLBfS.exe
  C:\Windows\System\ulRLBfS.exe
  2⤵
  PID:1864
- C:\Windows\System\fHjnNjy.exe
  C:\Windows\System\fHjnNjy.exe
  2⤵
  PID:1824
- C:\Windows\System\YyDFPtC.exe
  C:\Windows\System\YyDFPtC.exe
  2⤵
  PID:2328
- C:\Windows\System\jtAIBhb.exe
  C:\Windows\System\jtAIBhb.exe
  2⤵
  PID:1924
- C:\Windows\System\GJBUNFg.exe
  C:\Windows\System\GJBUNFg.exe
  2⤵
  PID:1496
- C:\Windows\System\hGkdoSx.exe
  C:\Windows\System\hGkdoSx.exe
  2⤵
  PID:1540
- C:\Windows\System\xqLOWGl.exe
  C:\Windows\System\xqLOWGl.exe
  2⤵
  PID:1340
- C:\Windows\System\YdJdebK.exe
  C:\Windows\System\YdJdebK.exe
  2⤵
  PID:2820
- C:\Windows\System\NqETGUy.exe
  C:\Windows\System\NqETGUy.exe
  2⤵
  PID:2044
- C:\Windows\System\vOWFXaW.exe
  C:\Windows\System\vOWFXaW.exe
  2⤵
  PID:1356
- C:\Windows\System\ihcMptE.exe
  C:\Windows\System\ihcMptE.exe
  2⤵
  PID:908
- C:\Windows\System\PznNeGz.exe
  C:\Windows\System\PznNeGz.exe
  2⤵
  PID:2484
- C:\Windows\System\hOnqmKm.exe
  C:\Windows\System\hOnqmKm.exe
  2⤵
  PID:2196
- C:\Windows\System\rahlRBh.exe
  C:\Windows\System\rahlRBh.exe
  2⤵
  PID:1816
- C:\Windows\System\onrJmzK.exe
  C:\Windows\System\onrJmzK.exe
  2⤵
  PID:328
- C:\Windows\System\tyJiEbw.exe
  C:\Windows\System\tyJiEbw.exe
  2⤵
  PID:2856
- C:\Windows\System\SlGxyeM.exe
  C:\Windows\System\SlGxyeM.exe
  2⤵
  PID:1748
- C:\Windows\System\OGzbWNV.exe
  C:\Windows\System\OGzbWNV.exe
  2⤵
  PID:1584
- C:\Windows\System\NhXDNqr.exe
  C:\Windows\System\NhXDNqr.exe
  2⤵
  PID:2276
- C:\Windows\System\jxZlptc.exe
  C:\Windows\System\jxZlptc.exe
  2⤵
  PID:2904
- C:\Windows\System\IVlsZUA.exe
  C:\Windows\System\IVlsZUA.exe
  2⤵
  PID:2372
- C:\Windows\System\tlEftuu.exe
  C:\Windows\System\tlEftuu.exe
  2⤵
  PID:2908
- C:\Windows\System\NJRGbPK.exe
  C:\Windows\System\NJRGbPK.exe
  2⤵
  PID:1928
- C:\Windows\System\QodaKns.exe
  C:\Windows\System\QodaKns.exe
  2⤵
  PID:2960
- C:\Windows\System\GmXPjJL.exe
  C:\Windows\System\GmXPjJL.exe
  2⤵
  PID:2260
- C:\Windows\System\uJlfNAa.exe
  C:\Windows\System\uJlfNAa.exe
  2⤵
  PID:2832
- C:\Windows\System\USxEWti.exe
  C:\Windows\System\USxEWti.exe
  2⤵
  PID:2816
- C:\Windows\System\DbxxSrF.exe
  C:\Windows\System\DbxxSrF.exe
  2⤵
  PID:2100
- C:\Windows\System\yztgomN.exe
  C:\Windows\System\yztgomN.exe
  2⤵
  PID:1676
- C:\Windows\System\qwGMMIo.exe
  C:\Windows\System\qwGMMIo.exe
  2⤵
  PID:1588
- C:\Windows\System\ANktqMs.exe
  C:\Windows\System\ANktqMs.exe
  2⤵
  PID:900
- C:\Windows\System\WqVNDTX.exe
  C:\Windows\System\WqVNDTX.exe
  2⤵
  PID:2236
- C:\Windows\System\YqWbJkf.exe
  C:\Windows\System\YqWbJkf.exe
  2⤵
  PID:3088
- C:\Windows\System\aEfVitq.exe
  C:\Windows\System\aEfVitq.exe
  2⤵
  PID:3108
- C:\Windows\System\UuKmhgZ.exe
  C:\Windows\System\UuKmhgZ.exe
  2⤵
  PID:3124
- C:\Windows\System\YKpSNDU.exe
  C:\Windows\System\YKpSNDU.exe
  2⤵
  PID:3148
- C:\Windows\System\hlYeyfB.exe
  C:\Windows\System\hlYeyfB.exe
  2⤵
  PID:3168
- C:\Windows\System\TkaYbvz.exe
  C:\Windows\System\TkaYbvz.exe
  2⤵
  PID:3208
- C:\Windows\System\vCVZxIC.exe
  C:\Windows\System\vCVZxIC.exe
  2⤵
  PID:3232
- C:\Windows\System\rpjibNK.exe
  C:\Windows\System\rpjibNK.exe
  2⤵
  PID:3252
- C:\Windows\System\FFvEGEb.exe
  C:\Windows\System\FFvEGEb.exe
  2⤵
  PID:3272
- C:\Windows\System\icldZty.exe
  C:\Windows\System\icldZty.exe
  2⤵
  PID:3292
- C:\Windows\System\PsyTkTL.exe
  C:\Windows\System\PsyTkTL.exe
  2⤵
  PID:3308
- C:\Windows\System\bIfzyxq.exe
  C:\Windows\System\bIfzyxq.exe
  2⤵
  PID:3324
- C:\Windows\System\KEOyysU.exe
  C:\Windows\System\KEOyysU.exe
  2⤵
  PID:3344
- C:\Windows\System\DWbsgZW.exe
  C:\Windows\System\DWbsgZW.exe
  2⤵
  PID:3364
- C:\Windows\System\uvBYAcN.exe
  C:\Windows\System\uvBYAcN.exe
  2⤵
  PID:3384
- C:\Windows\System\apuJbZR.exe
  C:\Windows\System\apuJbZR.exe
  2⤵
  PID:3404
- C:\Windows\System\torxSqL.exe
  C:\Windows\System\torxSqL.exe
  2⤵
  PID:3420
- C:\Windows\System\dfjlroT.exe
  C:\Windows\System\dfjlroT.exe
  2⤵
  PID:3440
- C:\Windows\System\niEVrQF.exe
  C:\Windows\System\niEVrQF.exe
  2⤵
  PID:3460
- C:\Windows\System\KlOLavo.exe
  C:\Windows\System\KlOLavo.exe
  2⤵
  PID:3484
- C:\Windows\System\SSwYxRT.exe
  C:\Windows\System\SSwYxRT.exe
  2⤵
  PID:3504
- C:\Windows\System\xMRyQzB.exe
  C:\Windows\System\xMRyQzB.exe
  2⤵
  PID:3520
- C:\Windows\System\IdYEHsq.exe
  C:\Windows\System\IdYEHsq.exe
  2⤵
  PID:3540
- C:\Windows\System\jgsHazr.exe
  C:\Windows\System\jgsHazr.exe
  2⤵
  PID:3560
- C:\Windows\System\aSgxiGI.exe
  C:\Windows\System\aSgxiGI.exe
  2⤵
  PID:3576
- C:\Windows\System\YLbQwZf.exe
  C:\Windows\System\YLbQwZf.exe
  2⤵
  PID:3596
- C:\Windows\System\QgOzeSp.exe
  C:\Windows\System\QgOzeSp.exe
  2⤵
  PID:3616
- C:\Windows\System\DqwIBaw.exe
  C:\Windows\System\DqwIBaw.exe
  2⤵
  PID:3640
- C:\Windows\System\ktWRKxi.exe
  C:\Windows\System\ktWRKxi.exe
  2⤵
  PID:3656
- C:\Windows\System\kAkZnur.exe
  C:\Windows\System\kAkZnur.exe
  2⤵
  PID:3696
- C:\Windows\System\HamEcow.exe
  C:\Windows\System\HamEcow.exe
  2⤵
  PID:3712
- C:\Windows\System\OqLiUwu.exe
  C:\Windows\System\OqLiUwu.exe
  2⤵
  PID:3732
- C:\Windows\System\pAxtecs.exe
  C:\Windows\System\pAxtecs.exe
  2⤵
  PID:3748
- C:\Windows\System\vSGBAvM.exe
  C:\Windows\System\vSGBAvM.exe
  2⤵
  PID:3768
- C:\Windows\System\OXdlHUL.exe
  C:\Windows\System\OXdlHUL.exe
  2⤵
  PID:3784
- C:\Windows\System\QwioSct.exe
  C:\Windows\System\QwioSct.exe
  2⤵
  PID:3804
- C:\Windows\System\zAoVdIr.exe
  C:\Windows\System\zAoVdIr.exe
  2⤵
  PID:3820
- C:\Windows\System\ViRpjeY.exe
  C:\Windows\System\ViRpjeY.exe
  2⤵
  PID:3840
- C:\Windows\System\mVwpJCG.exe
  C:\Windows\System\mVwpJCG.exe
  2⤵
  PID:3856
- C:\Windows\System\hvKuSxH.exe
  C:\Windows\System\hvKuSxH.exe
  2⤵
  PID:3880
- C:\Windows\System\JMzgkyw.exe
  C:\Windows\System\JMzgkyw.exe
  2⤵
  PID:3900
- C:\Windows\System\kfIUfRh.exe
  C:\Windows\System\kfIUfRh.exe
  2⤵
  PID:3924
- C:\Windows\System\QRiiVsC.exe
  C:\Windows\System\QRiiVsC.exe
  2⤵
  PID:3940
- C:\Windows\System\BLTtngQ.exe
  C:\Windows\System\BLTtngQ.exe
  2⤵
  PID:4048
- C:\Windows\System\FHcYteM.exe
  C:\Windows\System\FHcYteM.exe
  2⤵
  PID:4064
- C:\Windows\System\ELHYhND.exe
  C:\Windows\System\ELHYhND.exe
  2⤵
  PID:4088
- C:\Windows\System\hshFJCu.exe
  C:\Windows\System\hshFJCu.exe
  2⤵
  PID:1636
- C:\Windows\System\FFEvCkk.exe
  C:\Windows\System\FFEvCkk.exe
  2⤵
  PID:1068
- C:\Windows\System\YckIFor.exe
  C:\Windows\System\YckIFor.exe
  2⤵
  PID:1688
- C:\Windows\System\XeyYSiC.exe
  C:\Windows\System\XeyYSiC.exe
  2⤵
  PID:960
- C:\Windows\System\wdcDAFc.exe
  C:\Windows\System\wdcDAFc.exe
  2⤵
  PID:1568
- C:\Windows\System\JLXsakh.exe
  C:\Windows\System\JLXsakh.exe
  2⤵
  PID:1776
- C:\Windows\System\XAzzJQF.exe
  C:\Windows\System\XAzzJQF.exe
  2⤵
  PID:2768
- C:\Windows\System\yxmlGvG.exe
  C:\Windows\System\yxmlGvG.exe
  2⤵
  PID:1932
- C:\Windows\System\bCBAWJx.exe
  C:\Windows\System\bCBAWJx.exe
  2⤵
  PID:2588
- C:\Windows\System\XHnOSvY.exe
  C:\Windows\System\XHnOSvY.exe
  2⤵
  PID:1992
- C:\Windows\System\LNJvkKb.exe
  C:\Windows\System\LNJvkKb.exe
  2⤵
  PID:1628
- C:\Windows\System\iHgdGpR.exe
  C:\Windows\System\iHgdGpR.exe
  2⤵
  PID:2704
- C:\Windows\System\iQwtbAo.exe
  C:\Windows\System\iQwtbAo.exe
  2⤵
  PID:3140
- C:\Windows\System\CdIFjPc.exe
  C:\Windows\System\CdIFjPc.exe
  2⤵
  PID:3184
- C:\Windows\System\BuLpfvG.exe
  C:\Windows\System\BuLpfvG.exe
  2⤵
  PID:3156
- C:\Windows\System\UbnKafM.exe
  C:\Windows\System\UbnKafM.exe
  2⤵
  PID:3116
- C:\Windows\System\pTwMLgM.exe
  C:\Windows\System\pTwMLgM.exe
  2⤵
  PID:1780
- C:\Windows\System\DtoPEBJ.exe
  C:\Windows\System\DtoPEBJ.exe
  2⤵
  PID:2600
- C:\Windows\System\wQdHEBN.exe
  C:\Windows\System\wQdHEBN.exe
  2⤵
  PID:3244
- C:\Windows\System\AIQHZds.exe
  C:\Windows\System\AIQHZds.exe
  2⤵
  PID:3316
- C:\Windows\System\MbvpRsG.exe
  C:\Windows\System\MbvpRsG.exe
  2⤵
  PID:3356
- C:\Windows\System\yhtjJCt.exe
  C:\Windows\System\yhtjJCt.exe
  2⤵
  PID:3224
- C:\Windows\System\CCoVzli.exe
  C:\Windows\System\CCoVzli.exe
  2⤵
  PID:3396
- C:\Windows\System\SDViEEt.exe
  C:\Windows\System\SDViEEt.exe
  2⤵
  PID:3472
- C:\Windows\System\zLCAFml.exe
  C:\Windows\System\zLCAFml.exe
  2⤵
  PID:3556
- C:\Windows\System\PnPiKsf.exe
  C:\Windows\System\PnPiKsf.exe
  2⤵
  PID:3304
- C:\Windows\System\BASpokq.exe
  C:\Windows\System\BASpokq.exe
  2⤵
  PID:3452
- C:\Windows\System\DPYFKbD.exe
  C:\Windows\System\DPYFKbD.exe
  2⤵
  PID:3632
- C:\Windows\System\RexlxmG.exe
  C:\Windows\System\RexlxmG.exe
  2⤵
  PID:3684
- C:\Windows\System\xBfoIit.exe
  C:\Windows\System\xBfoIit.exe
  2⤵
  PID:3720
- C:\Windows\System\tSWfXQz.exe
  C:\Windows\System\tSWfXQz.exe
  2⤵
  PID:3456
- C:\Windows\System\Mliyjrx.exe
  C:\Windows\System\Mliyjrx.exe
  2⤵
  PID:3568
- C:\Windows\System\oPBONTA.exe
  C:\Windows\System\oPBONTA.exe
  2⤵
  PID:3492
- C:\Windows\System\yyyjetW.exe
  C:\Windows\System\yyyjetW.exe
  2⤵
  PID:3756
- C:\Windows\System\ZacarQV.exe
  C:\Windows\System\ZacarQV.exe
  2⤵
  PID:3776
- C:\Windows\System\VgBRLzA.exe
  C:\Windows\System\VgBRLzA.exe
  2⤵
  PID:3704
- C:\Windows\System\wmMlSEP.exe
  C:\Windows\System\wmMlSEP.exe
  2⤵
  PID:3836
- C:\Windows\System\eDDBRKH.exe
  C:\Windows\System\eDDBRKH.exe
  2⤵
  PID:3852
- C:\Windows\System\RfIUeQi.exe
  C:\Windows\System\RfIUeQi.exe
  2⤵
  PID:3948
- C:\Windows\System\vEWOghY.exe
  C:\Windows\System\vEWOghY.exe
  2⤵
  PID:3968
- C:\Windows\System\pMcBGwm.exe
  C:\Windows\System\pMcBGwm.exe
  2⤵
  PID:2728
- C:\Windows\System\NTNpOwj.exe
  C:\Windows\System\NTNpOwj.exe
  2⤵
  PID:2640
- C:\Windows\System\XfCJHgZ.exe
  C:\Windows\System\XfCJHgZ.exe
  2⤵
  PID:2636
- C:\Windows\System\MLgrPxY.exe
  C:\Windows\System\MLgrPxY.exe
  2⤵
  PID:1088
- C:\Windows\System\CwzVpjp.exe
  C:\Windows\System\CwzVpjp.exe
  2⤵
  PID:2928
- C:\Windows\System\VJXomVk.exe
  C:\Windows\System\VJXomVk.exe
  2⤵
  PID:1796
- C:\Windows\System\lcPEtrL.exe
  C:\Windows\System\lcPEtrL.exe
  2⤵
  PID:2952
- C:\Windows\System\CRyCGTk.exe
  C:\Windows\System\CRyCGTk.exe
  2⤵
  PID:1792
- C:\Windows\System\xPcgPYr.exe
  C:\Windows\System\xPcgPYr.exe
  2⤵
  PID:1412
- C:\Windows\System\PgDJbFq.exe
  C:\Windows\System\PgDJbFq.exe
  2⤵
  PID:2804
- C:\Windows\System\adyGHtB.exe
  C:\Windows\System\adyGHtB.exe
  2⤵
  PID:2660
- C:\Windows\System\PRGqzUG.exe
  C:\Windows\System\PRGqzUG.exe
  2⤵
  PID:2624
- C:\Windows\System\dUBvSdU.exe
  C:\Windows\System\dUBvSdU.exe
  2⤵
  PID:2992
- C:\Windows\System\UeEnEAN.exe
  C:\Windows\System\UeEnEAN.exe
  2⤵
  PID:3980
- C:\Windows\System\OMqcUeK.exe
  C:\Windows\System\OMqcUeK.exe
  2⤵
  PID:1608
- C:\Windows\System\RgFhTWW.exe
  C:\Windows\System\RgFhTWW.exe
  2⤵
  PID:2584
- C:\Windows\System\WUdjKay.exe
  C:\Windows\System\WUdjKay.exe
  2⤵
  PID:4020
- C:\Windows\System\zaCpkeA.exe
  C:\Windows\System\zaCpkeA.exe
  2⤵
  PID:612
- C:\Windows\System\tAaJqAx.exe
  C:\Windows\System\tAaJqAx.exe
  2⤵
  PID:3056
- C:\Windows\System\doJQOTk.exe
  C:\Windows\System\doJQOTk.exe
  2⤵
  PID:2824
- C:\Windows\System\DROxsHc.exe
  C:\Windows\System\DROxsHc.exe
  2⤵
  PID:2936
- C:\Windows\System\ONPatuE.exe
  C:\Windows\System\ONPatuE.exe
  2⤵
  PID:944
- C:\Windows\System\zpocCgz.exe
  C:\Windows\System\zpocCgz.exe
  2⤵
  PID:2912
- C:\Windows\System\owCmxuo.exe
  C:\Windows\System\owCmxuo.exe
  2⤵
  PID:2612
- C:\Windows\System\wLDKwGX.exe
  C:\Windows\System\wLDKwGX.exe
  2⤵
  PID:440
- C:\Windows\System\pRxxCEs.exe
  C:\Windows\System\pRxxCEs.exe
  2⤵
  PID:4056
- C:\Windows\System\OKXvZLo.exe
  C:\Windows\System\OKXvZLo.exe
  2⤵
  PID:4084
- C:\Windows\System\aLbWRSy.exe
  C:\Windows\System\aLbWRSy.exe
  2⤵
  PID:1580
- C:\Windows\System\fOmFZpW.exe
  C:\Windows\System\fOmFZpW.exe
  2⤵
  PID:2940
- C:\Windows\System\LgJssrf.exe
  C:\Windows\System\LgJssrf.exe
  2⤵
  PID:3096
- C:\Windows\System\uAQnvSN.exe
  C:\Windows\System\uAQnvSN.exe
  2⤵
  PID:1752
- C:\Windows\System\VwtCZtc.exe
  C:\Windows\System\VwtCZtc.exe
  2⤵
  PID:1332
- C:\Windows\System\kmiBqIy.exe
  C:\Windows\System\kmiBqIy.exe
  2⤵
  PID:3052
- C:\Windows\System\wjjDixM.exe
  C:\Windows\System\wjjDixM.exe
  2⤵
  PID:2204
- C:\Windows\System\EbDPmiF.exe
  C:\Windows\System\EbDPmiF.exe
  2⤵
  PID:3192
- C:\Windows\System\vbapvRc.exe
  C:\Windows\System\vbapvRc.exe
  2⤵
  PID:880
- C:\Windows\System\RumwYJl.exe
  C:\Windows\System\RumwYJl.exe
  2⤵
  PID:3352
- C:\Windows\System\ARUYsUh.exe
  C:\Windows\System\ARUYsUh.exe
  2⤵
  PID:3176
- C:\Windows\System\xEAPpqc.exe
  C:\Windows\System\xEAPpqc.exe
  2⤵
  PID:592
- C:\Windows\System\eKgjeKK.exe
  C:\Windows\System\eKgjeKK.exe
  2⤵
  PID:3432
- C:\Windows\System\crgSVBe.exe
  C:\Windows\System\crgSVBe.exe
  2⤵
  PID:3552
- C:\Windows\System\ttRnltz.exe
  C:\Windows\System\ttRnltz.exe
  2⤵
  PID:3412
- C:\Windows\System\TxztISI.exe
  C:\Windows\System\TxztISI.exe
  2⤵
  PID:3724
- C:\Windows\System\fwcCfEi.exe
  C:\Windows\System\fwcCfEi.exe
  2⤵
  PID:3800
- C:\Windows\System\ahbCvTH.exe
  C:\Windows\System\ahbCvTH.exe
  2⤵
  PID:3372
- C:\Windows\System\sqdoNqM.exe
  C:\Windows\System\sqdoNqM.exe
  2⤵
  PID:3592
- C:\Windows\System\ZEWpHmv.exe
  C:\Windows\System\ZEWpHmv.exe
  2⤵
  PID:3872
- C:\Windows\System\DVnYblS.exe
  C:\Windows\System\DVnYblS.exe
  2⤵
  PID:3636
- C:\Windows\System\TbkevVF.exe
  C:\Windows\System\TbkevVF.exe
  2⤵
  PID:3668
- C:\Windows\System\fmuHFWM.exe
  C:\Windows\System\fmuHFWM.exe
  2⤵
  PID:3764
- C:\Windows\System\YedOLpM.exe
  C:\Windows\System\YedOLpM.exe
  2⤵
  PID:2836
- C:\Windows\System\lyquKss.exe
  C:\Windows\System\lyquKss.exe
  2⤵
  PID:3916
- C:\Windows\System\RgFRBHq.exe
  C:\Windows\System\RgFRBHq.exe
  2⤵
  PID:3896
- C:\Windows\System\NBgYzzd.exe
  C:\Windows\System\NBgYzzd.exe
  2⤵
  PID:1840
- C:\Windows\System\dgNKJwt.exe
  C:\Windows\System\dgNKJwt.exe
  2⤵
  PID:4004
- C:\Windows\System\MTwMcSL.exe
  C:\Windows\System\MTwMcSL.exe
  2⤵
  PID:3012
- C:\Windows\System\NqJUnLk.exe
  C:\Windows\System\NqJUnLk.exe
  2⤵
  PID:1960
- C:\Windows\System\nQAKsEU.exe
  C:\Windows\System\nQAKsEU.exe
  2⤵
  PID:464
- C:\Windows\System\ogcruLt.exe
  C:\Windows\System\ogcruLt.exe
  2⤵
  PID:1976
- C:\Windows\System\fJdfCbJ.exe
  C:\Windows\System\fJdfCbJ.exe
  2⤵
  PID:1276
- C:\Windows\System\qzeeXmR.exe
  C:\Windows\System\qzeeXmR.exe
  2⤵
  PID:268
- C:\Windows\System\RmTdyhp.exe
  C:\Windows\System\RmTdyhp.exe
  2⤵
  PID:3780
- C:\Windows\System\daBleKo.exe
  C:\Windows\System\daBleKo.exe
  2⤵
  PID:3956
- C:\Windows\System\kKvOxTu.exe
  C:\Windows\System\kKvOxTu.exe
  2⤵
  PID:2528
- C:\Windows\System\yRJLnVo.exe
  C:\Windows\System\yRJLnVo.exe
  2⤵
  PID:1448
- C:\Windows\System\AfseWYT.exe
  C:\Windows\System\AfseWYT.exe
  2⤵
  PID:2956
- C:\Windows\System\KOwQqzw.exe
  C:\Windows\System\KOwQqzw.exe
  2⤵
  PID:1952
- C:\Windows\System\SZvIlRZ.exe
  C:\Windows\System\SZvIlRZ.exe
  2⤵
  PID:2244
- C:\Windows\System\VZFlLcR.exe
  C:\Windows\System\VZFlLcR.exe
  2⤵
  PID:3952
- C:\Windows\System\WqrLxsO.exe
  C:\Windows\System\WqrLxsO.exe
  2⤵
  PID:1680
- C:\Windows\System\wHehLsp.exe
  C:\Windows\System\wHehLsp.exe
  2⤵
  PID:3340
- C:\Windows\System\fNDzGUL.exe
  C:\Windows\System\fNDzGUL.exe
  2⤵
  PID:3040
- C:\Windows\System\azqIYpg.exe
  C:\Windows\System\azqIYpg.exe
  2⤵
  PID:4036
- C:\Windows\System\GqppphC.exe
  C:\Windows\System\GqppphC.exe
  2⤵
  PID:1716
- C:\Windows\System\HBSWCzL.exe
  C:\Windows\System\HBSWCzL.exe
  2⤵
  PID:2124
- C:\Windows\System\BqtYMhI.exe
  C:\Windows\System\BqtYMhI.exe
  2⤵
  PID:3284
- C:\Windows\System\lqYWotB.exe
  C:\Windows\System\lqYWotB.exe
  2⤵
  PID:3500
- C:\Windows\System\DuWeXJD.exe
  C:\Windows\System\DuWeXJD.exe
  2⤵
  PID:3652
- C:\Windows\System\xYtZOPF.exe
  C:\Windows\System\xYtZOPF.exe
  2⤵
  PID:3888
- C:\Windows\System\EVCEBzK.exe
  C:\Windows\System\EVCEBzK.exe
  2⤵
  PID:2036
- C:\Windows\System\xxLtojH.exe
  C:\Windows\System\xxLtojH.exe
  2⤵
  PID:3740
- C:\Windows\System\DpThPdh.exe
  C:\Windows\System\DpThPdh.exe
  2⤵
  PID:3572
- C:\Windows\System\rEaBSvb.exe
  C:\Windows\System\rEaBSvb.exe
  2⤵
  PID:2888
- C:\Windows\System\cebOTTP.exe
  C:\Windows\System\cebOTTP.exe
  2⤵
  PID:264
- C:\Windows\System\cuYetsF.exe
  C:\Windows\System\cuYetsF.exe
  2⤵
  PID:3876
- C:\Windows\System\uysOxeu.exe
  C:\Windows\System\uysOxeu.exe
  2⤵
  PID:2748
- C:\Windows\System\xbRlnwG.exe
  C:\Windows\System\xbRlnwG.exe
  2⤵
  PID:1600
- C:\Windows\System\gzkcOga.exe
  C:\Windows\System\gzkcOga.exe
  2⤵
  PID:4044
- C:\Windows\System\rxZiNGf.exe
  C:\Windows\System\rxZiNGf.exe
  2⤵
  PID:3248
- C:\Windows\System\PBoFGGA.exe
  C:\Windows\System\PBoFGGA.exe
  2⤵
  PID:3516
- C:\Windows\System\GXZOqGU.exe
  C:\Windows\System\GXZOqGU.exe
  2⤵
  PID:3676
- C:\Windows\System\aBGfcwP.exe
  C:\Windows\System\aBGfcwP.exe
  2⤵
  PID:3104
- C:\Windows\System\PzXBmRY.exe
  C:\Windows\System\PzXBmRY.exe
  2⤵
  PID:3332
- C:\Windows\System\sPfyjKs.exe
  C:\Windows\System\sPfyjKs.exe
  2⤵
  PID:1560
- C:\Windows\System\zNvJdsm.exe
  C:\Windows\System\zNvJdsm.exe
  2⤵
  PID:3480
- C:\Windows\System\cqYgAjM.exe
  C:\Windows\System\cqYgAjM.exe
  2⤵
  PID:2072
- C:\Windows\System\cVOqfHK.exe
  C:\Windows\System\cVOqfHK.exe
  2⤵
  PID:3200
- C:\Windows\System\BktydrU.exe
  C:\Windows\System\BktydrU.exe
  2⤵
  PID:1908
- C:\Windows\System\vsSedUq.exe
  C:\Windows\System\vsSedUq.exe
  2⤵
  PID:2984
- C:\Windows\System\xaKeKcf.exe
  C:\Windows\System\xaKeKcf.exe
  2⤵
  PID:4032
- C:\Windows\System\sxZgjAb.exe
  C:\Windows\System\sxZgjAb.exe
  2⤵
  PID:4100
- C:\Windows\System\REPTrhw.exe
  C:\Windows\System\REPTrhw.exe
  2⤵
  PID:4120
- C:\Windows\System\uoOPLsS.exe
  C:\Windows\System\uoOPLsS.exe
  2⤵
  PID:4136
- C:\Windows\System\eiWoqWP.exe
  C:\Windows\System\eiWoqWP.exe
  2⤵
  PID:4152
- C:\Windows\System\HCRMoCy.exe
  C:\Windows\System\HCRMoCy.exe
  2⤵
  PID:4172
- C:\Windows\System\Ytjwwwx.exe
  C:\Windows\System\Ytjwwwx.exe
  2⤵
  PID:4192
- C:\Windows\System\OkiAedW.exe
  C:\Windows\System\OkiAedW.exe
  2⤵
  PID:4208
- C:\Windows\System\ggdLpGk.exe
  C:\Windows\System\ggdLpGk.exe
  2⤵
  PID:4228
- C:\Windows\System\JLAghUU.exe
  C:\Windows\System\JLAghUU.exe
  2⤵
  PID:4248
- C:\Windows\System\IaRlfbG.exe
  C:\Windows\System\IaRlfbG.exe
  2⤵
  PID:4264
- C:\Windows\System\xfCGbOM.exe
  C:\Windows\System\xfCGbOM.exe
  2⤵
  PID:4280
- C:\Windows\System\HNSlXqx.exe
  C:\Windows\System\HNSlXqx.exe
  2⤵
  PID:4296
- C:\Windows\System\OdFkdww.exe
  C:\Windows\System\OdFkdww.exe
  2⤵
  PID:4312
- C:\Windows\System\RSKXevq.exe
  C:\Windows\System\RSKXevq.exe
  2⤵
  PID:4332
- C:\Windows\System\OCpinzo.exe
  C:\Windows\System\OCpinzo.exe
  2⤵
  PID:4348
- C:\Windows\System\BydEKfJ.exe
  C:\Windows\System\BydEKfJ.exe
  2⤵
  PID:4368
- C:\Windows\System\PjEXhPG.exe
  C:\Windows\System\PjEXhPG.exe
  2⤵
  PID:4384
- C:\Windows\System\hHoEboI.exe
  C:\Windows\System\hHoEboI.exe
  2⤵
  PID:4400
- C:\Windows\System\TCWytJw.exe
  C:\Windows\System\TCWytJw.exe
  2⤵
  PID:4416
- C:\Windows\System\fPXeWSD.exe
  C:\Windows\System\fPXeWSD.exe
  2⤵
  PID:4528
- C:\Windows\System\CrxmuUP.exe
  C:\Windows\System\CrxmuUP.exe
  2⤵
  PID:4544
- C:\Windows\System\prsndWC.exe
  C:\Windows\System\prsndWC.exe
  2⤵
  PID:4560
- C:\Windows\System\mwxTJmH.exe
  C:\Windows\System\mwxTJmH.exe
  2⤵
  PID:4576
- C:\Windows\System\xHTuAHa.exe
  C:\Windows\System\xHTuAHa.exe
  2⤵
  PID:4592
- C:\Windows\System\RhqcYnz.exe
  C:\Windows\System\RhqcYnz.exe
  2⤵
  PID:4608
- C:\Windows\System\XZXqUhY.exe
  C:\Windows\System\XZXqUhY.exe
  2⤵
  PID:4624
- C:\Windows\System\PpFwBzL.exe
  C:\Windows\System\PpFwBzL.exe
  2⤵
  PID:4640
- C:\Windows\System\snMNbqd.exe
  C:\Windows\System\snMNbqd.exe
  2⤵
  PID:4656
- C:\Windows\System\ldFsRig.exe
  C:\Windows\System\ldFsRig.exe
  2⤵
  PID:4672
- C:\Windows\System\IIFLkez.exe
  C:\Windows\System\IIFLkez.exe
  2⤵
  PID:4688
- C:\Windows\System\Jkvjtfy.exe
  C:\Windows\System\Jkvjtfy.exe
  2⤵
  PID:4704
- C:\Windows\System\YPYCujq.exe
  C:\Windows\System\YPYCujq.exe
  2⤵
  PID:4724
- C:\Windows\System\CKZWMLR.exe
  C:\Windows\System\CKZWMLR.exe
  2⤵
  PID:4744
- C:\Windows\System\reehggS.exe
  C:\Windows\System\reehggS.exe
  2⤵
  PID:4760
- C:\Windows\System\jLjwsQn.exe
  C:\Windows\System\jLjwsQn.exe
  2⤵
  PID:4836
- C:\Windows\System\fCFQLKh.exe
  C:\Windows\System\fCFQLKh.exe
  2⤵
  PID:4852
- C:\Windows\System\WdkomDM.exe
  C:\Windows\System\WdkomDM.exe
  2⤵
  PID:4868
- C:\Windows\System\OEAQune.exe
  C:\Windows\System\OEAQune.exe
  2⤵
  PID:4884
- C:\Windows\System\vPryOCY.exe
  C:\Windows\System\vPryOCY.exe
  2⤵
  PID:4904
- C:\Windows\System\IrpfxkC.exe
  C:\Windows\System\IrpfxkC.exe
  2⤵
  PID:4924
- C:\Windows\System\CtszanK.exe
  C:\Windows\System\CtszanK.exe
  2⤵
  PID:4940
- C:\Windows\System\ZtRgbqI.exe
  C:\Windows\System\ZtRgbqI.exe
  2⤵
  PID:4956
- C:\Windows\System\qNCEHOE.exe
  C:\Windows\System\qNCEHOE.exe
  2⤵
  PID:4972
- C:\Windows\System\aBjrbpr.exe
  C:\Windows\System\aBjrbpr.exe
  2⤵
  PID:4992
- C:\Windows\System\kEAvDEH.exe
  C:\Windows\System\kEAvDEH.exe
  2⤵
  PID:5008
- C:\Windows\System\fNnjoPW.exe
  C:\Windows\System\fNnjoPW.exe
  2⤵
  PID:5028
- C:\Windows\System\FRltTrA.exe
  C:\Windows\System\FRltTrA.exe
  2⤵
  PID:5084
- C:\Windows\System\sAItMGn.exe
  C:\Windows\System\sAItMGn.exe
  2⤵
  PID:5100
- C:\Windows\System\GowhSrD.exe
  C:\Windows\System\GowhSrD.exe
  2⤵
  PID:2848
- C:\Windows\System\KSlOpOV.exe
  C:\Windows\System\KSlOpOV.exe
  2⤵
  PID:4080
- C:\Windows\System\xKtYLbg.exe
  C:\Windows\System\xKtYLbg.exe
  2⤵
  PID:3960
- C:\Windows\System\WAveUKH.exe
  C:\Windows\System\WAveUKH.exe
  2⤵
  PID:3220
- C:\Windows\System\NeANbfN.exe
  C:\Windows\System\NeANbfN.exe
  2⤵
  PID:4116
- C:\Windows\System\SxVbtUw.exe
  C:\Windows\System\SxVbtUw.exe
  2⤵
  PID:4184
- C:\Windows\System\yCoQgBt.exe
  C:\Windows\System\yCoQgBt.exe
  2⤵
  PID:4224
- C:\Windows\System\TTzdxRA.exe
  C:\Windows\System\TTzdxRA.exe
  2⤵
  PID:4292
- C:\Windows\System\VdSnPDa.exe
  C:\Windows\System\VdSnPDa.exe
  2⤵
  PID:4356
- C:\Windows\System\QQyZMKj.exe
  C:\Windows\System\QQyZMKj.exe
  2⤵
  PID:4396
- C:\Windows\System\VWIdCXE.exe
  C:\Windows\System\VWIdCXE.exe
  2⤵
  PID:4476
- C:\Windows\System\mSelpaT.exe
  C:\Windows\System\mSelpaT.exe
  2⤵
  PID:4492
- C:\Windows\System\jObbJPv.exe
  C:\Windows\System\jObbJPv.exe
  2⤵
  PID:4516
- C:\Windows\System\MlliPyA.exe
  C:\Windows\System\MlliPyA.exe
  2⤵
  PID:2340
- C:\Windows\System\xzAFJOs.exe
  C:\Windows\System\xzAFJOs.exe
  2⤵
  PID:2708
- C:\Windows\System\YbBJZqz.exe
  C:\Windows\System\YbBJZqz.exe
  2⤵
  PID:4380
- C:\Windows\System\dJzqCqx.exe
  C:\Windows\System\dJzqCqx.exe
  2⤵
  PID:4012
- C:\Windows\System\lpjaTvN.exe
  C:\Windows\System\lpjaTvN.exe
  2⤵
  PID:4648
- C:\Windows\System\wkSwDxg.exe
  C:\Windows\System\wkSwDxg.exe
  2⤵
  PID:4536
- C:\Windows\System\ppMUoaR.exe
  C:\Windows\System\ppMUoaR.exe
  2⤵
  PID:4132
- C:\Windows\System\UfhhYAc.exe
  C:\Windows\System\UfhhYAc.exe
  2⤵
  PID:4244
- C:\Windows\System\AaADjGj.exe
  C:\Windows\System\AaADjGj.exe
  2⤵
  PID:4340
- C:\Windows\System\XeNWQvG.exe
  C:\Windows\System\XeNWQvG.exe
  2⤵
  PID:4712
- C:\Windows\System\VZJxBje.exe
  C:\Windows\System\VZJxBje.exe
  2⤵
  PID:4844
- C:\Windows\System\hWkYmXt.exe
  C:\Windows\System\hWkYmXt.exe
  2⤵
  PID:4916
- C:\Windows\System\IgVxFFt.exe
  C:\Windows\System\IgVxFFt.exe
  2⤵
  PID:4980
- C:\Windows\System\iTVVyBp.exe
  C:\Windows\System\iTVVyBp.exe
  2⤵
  PID:5020
- C:\Windows\System\jkRGopG.exe
  C:\Windows\System\jkRGopG.exe
  2⤵
  PID:4568
- C:\Windows\System\DezSJsN.exe
  C:\Windows\System\DezSJsN.exe
  2⤵
  PID:4664
- C:\Windows\System\ROVzTWH.exe
  C:\Windows\System\ROVzTWH.exe
  2⤵
  PID:4732
- C:\Windows\System\zRQBlRC.exe
  C:\Windows\System\zRQBlRC.exe
  2⤵
  PID:4784
- C:\Windows\System\BjLRUNb.exe
  C:\Windows\System\BjLRUNb.exe
  2⤵
  PID:4800
- C:\Windows\System\dfJeDSa.exe
  C:\Windows\System\dfJeDSa.exe
  2⤵
  PID:4820
- C:\Windows\System\wkJjMCZ.exe
  C:\Windows\System\wkJjMCZ.exe
  2⤵
  PID:4864
- C:\Windows\System\lJZAUmP.exe
  C:\Windows\System\lJZAUmP.exe
  2⤵
  PID:4936
- C:\Windows\System\ZSZwBnp.exe
  C:\Windows\System\ZSZwBnp.exe
  2⤵
  PID:5040
- C:\Windows\System\NTlvTFs.exe
  C:\Windows\System\NTlvTFs.exe
  2⤵
  PID:3892
- C:\Windows\System\RCTFtHN.exe
  C:\Windows\System\RCTFtHN.exe
  2⤵
  PID:3132
- C:\Windows\System\TeyLyuI.exe
  C:\Windows\System\TeyLyuI.exe
  2⤵
  PID:4364
- C:\Windows\System\JBUjxhv.exe
  C:\Windows\System\JBUjxhv.exe
  2⤵
  PID:3680
- C:\Windows\System\hDopHGi.exe
  C:\Windows\System\hDopHGi.exe
  2⤵
  PID:4216
- C:\Windows\System\FOzezWu.exe
  C:\Windows\System\FOzezWu.exe
  2⤵
  PID:4108
- C:\Windows\System\JoHhMuP.exe
  C:\Windows\System\JoHhMuP.exe
  2⤵
  PID:4444
- C:\Windows\System\AXMTvBy.exe
  C:\Windows\System\AXMTvBy.exe
  2⤵
  PID:4468
- C:\Windows\System\AkqQQQu.exe
  C:\Windows\System\AkqQQQu.exe
  2⤵
  PID:4428
- C:\Windows\System\KNhLhvg.exe
  C:\Windows\System\KNhLhvg.exe
  2⤵
  PID:4500
- C:\Windows\System\HpSquwN.exe
  C:\Windows\System\HpSquwN.exe
  2⤵
  PID:576
- C:\Windows\System\IqcBeos.exe
  C:\Windows\System\IqcBeos.exe
  2⤵
  PID:4552
- C:\Windows\System\XkkIRIN.exe
  C:\Windows\System\XkkIRIN.exe
  2⤵
  PID:4752
- C:\Windows\System\qBugQgl.exe
  C:\Windows\System\qBugQgl.exe
  2⤵
  PID:4556
- C:\Windows\System\YbPYImZ.exe
  C:\Windows\System\YbPYImZ.exe
  2⤵
  PID:4412
- C:\Windows\System\mrqdJZU.exe
  C:\Windows\System\mrqdJZU.exe
  2⤵
  PID:4632
- C:\Windows\System\hpnrkhh.exe
  C:\Windows\System\hpnrkhh.exe
  2⤵
  PID:4236
- C:\Windows\System\CjunGNG.exe
  C:\Windows\System\CjunGNG.exe
  2⤵
  PID:4780
- C:\Windows\System\ehcyjZj.exe
  C:\Windows\System\ehcyjZj.exe
  2⤵
  PID:4796
- C:\Windows\System\AQkgNKo.exe
  C:\Windows\System\AQkgNKo.exe
  2⤵
  PID:4604
- C:\Windows\System\AUrmOUr.exe
  C:\Windows\System\AUrmOUr.exe
  2⤵
  PID:4808
- C:\Windows\System\qbXydzW.exe
  C:\Windows\System\qbXydzW.exe
  2⤵
  PID:5000
- C:\Windows\System\TzaILTD.exe
  C:\Windows\System\TzaILTD.exe
  2⤵
  PID:4932
- C:\Windows\System\vjgeHYr.exe
  C:\Windows\System\vjgeHYr.exe
  2⤵
  PID:5060
- C:\Windows\System\ZPitbXh.exe
  C:\Windows\System\ZPitbXh.exe
  2⤵
  PID:3120
- C:\Windows\System\BOlnQkM.exe
  C:\Windows\System\BOlnQkM.exe
  2⤵
  PID:4440
- C:\Windows\System\CRBoFwP.exe
  C:\Windows\System\CRBoFwP.exe
  2⤵
  PID:3468
- C:\Windows\System\wLfiADa.exe
  C:\Windows\System\wLfiADa.exe
  2⤵
  PID:2468
- C:\Windows\System\AWaljxt.exe
  C:\Windows\System\AWaljxt.exe
  2⤵
  PID:4584
- C:\Windows\System\kARljSr.exe
  C:\Windows\System\kARljSr.exe
  2⤵
  PID:5068
- C:\Windows\System\aBbFlpD.exe
  C:\Windows\System\aBbFlpD.exe
  2⤵
  PID:5056
- C:\Windows\System\UFiboJS.exe
  C:\Windows\System\UFiboJS.exe
  2⤵
  PID:4776
- C:\Windows\System\WeKoeJl.exe
  C:\Windows\System\WeKoeJl.exe
  2⤵
  PID:5140
- C:\Windows\System\OHdGrDU.exe
  C:\Windows\System\OHdGrDU.exe
  2⤵
  PID:5156
- C:\Windows\System\lkPJIGc.exe
  C:\Windows\System\lkPJIGc.exe
  2⤵
  PID:5172
- C:\Windows\System\WqasiAN.exe
  C:\Windows\System\WqasiAN.exe
  2⤵
  PID:5192
- C:\Windows\System\IvnyKEt.exe
  C:\Windows\System\IvnyKEt.exe
  2⤵
  PID:5208
- C:\Windows\System\TpsHRTI.exe
  C:\Windows\System\TpsHRTI.exe
  2⤵
  PID:5228
- C:\Windows\System\PYzrCyJ.exe
  C:\Windows\System\PYzrCyJ.exe
  2⤵
  PID:5248
- C:\Windows\System\LdJhzyv.exe
  C:\Windows\System\LdJhzyv.exe
  2⤵
  PID:5268
- C:\Windows\System\pKTHUDi.exe
  C:\Windows\System\pKTHUDi.exe
  2⤵
  PID:5284
- C:\Windows\System\cioAAxB.exe
  C:\Windows\System\cioAAxB.exe
  2⤵
  PID:5300
- C:\Windows\System\zlznvkF.exe
  C:\Windows\System\zlznvkF.exe
  2⤵
  PID:5316
- C:\Windows\System\MYlmXuC.exe
  C:\Windows\System\MYlmXuC.exe
  2⤵
  PID:5332
- C:\Windows\System\rVOdgDD.exe
  C:\Windows\System\rVOdgDD.exe
  2⤵
  PID:5352
- C:\Windows\System\UZLMwaJ.exe
  C:\Windows\System\UZLMwaJ.exe
  2⤵
  PID:5372
- C:\Windows\System\fgtzLFm.exe
  C:\Windows\System\fgtzLFm.exe
  2⤵
  PID:5388
- C:\Windows\System\EvRBPvm.exe
  C:\Windows\System\EvRBPvm.exe
  2⤵
  PID:5412
- C:\Windows\System\RXBOyjJ.exe
  C:\Windows\System\RXBOyjJ.exe
  2⤵
  PID:5432
- C:\Windows\System\xonkwvx.exe
  C:\Windows\System\xonkwvx.exe
  2⤵
  PID:5548
- C:\Windows\System\gDczEns.exe
  C:\Windows\System\gDczEns.exe
  2⤵
  PID:5564
- C:\Windows\System\EHXlsys.exe
  C:\Windows\System\EHXlsys.exe
  2⤵
  PID:5580
- C:\Windows\System\iqRWSaD.exe
  C:\Windows\System\iqRWSaD.exe
  2⤵
  PID:5596
- C:\Windows\System\XNyttnH.exe
  C:\Windows\System\XNyttnH.exe
  2⤵
  PID:5616
- C:\Windows\System\wuxObau.exe
  C:\Windows\System\wuxObau.exe
  2⤵
  PID:5632
- C:\Windows\System\KqEKeHB.exe
  C:\Windows\System\KqEKeHB.exe
  2⤵
  PID:5656
- C:\Windows\System\EutbBoc.exe
  C:\Windows\System\EutbBoc.exe
  2⤵
  PID:5676
- C:\Windows\System\ZnyCTUR.exe
  C:\Windows\System\ZnyCTUR.exe
  2⤵
  PID:5692
- C:\Windows\System\IHMJTUm.exe
  C:\Windows\System\IHMJTUm.exe
  2⤵
  PID:5708
- C:\Windows\System\CsTnOWg.exe
  C:\Windows\System\CsTnOWg.exe
  2⤵
  PID:5728
- C:\Windows\System\EwxTpse.exe
  C:\Windows\System\EwxTpse.exe
  2⤵
  PID:5768
- C:\Windows\System\qXaeexQ.exe
  C:\Windows\System\qXaeexQ.exe
  2⤵
  PID:5784
- C:\Windows\System\VhqPLda.exe
  C:\Windows\System\VhqPLda.exe
  2⤵
  PID:5808
- C:\Windows\System\TQEtJcl.exe
  C:\Windows\System\TQEtJcl.exe
  2⤵
  PID:5824
- C:\Windows\System\wSusILD.exe
  C:\Windows\System\wSusILD.exe
  2⤵
  PID:5840
- C:\Windows\System\xVLBBOb.exe
  C:\Windows\System\xVLBBOb.exe
  2⤵
  PID:5856
- C:\Windows\System\cDDfojW.exe
  C:\Windows\System\cDDfojW.exe
  2⤵
  PID:5872
- C:\Windows\System\CMedRWw.exe
  C:\Windows\System\CMedRWw.exe
  2⤵
  PID:5896
- C:\Windows\System\WaoTWQk.exe
  C:\Windows\System\WaoTWQk.exe
  2⤵
  PID:5912
- C:\Windows\System\yVEezjq.exe
  C:\Windows\System\yVEezjq.exe
  2⤵
  PID:5928
- C:\Windows\System\AQLXNUy.exe
  C:\Windows\System\AQLXNUy.exe
  2⤵
  PID:5972
- C:\Windows\System\WVaiDRK.exe
  C:\Windows\System\WVaiDRK.exe
  2⤵
  PID:5988
- C:\Windows\System\axzUfXL.exe
  C:\Windows\System\axzUfXL.exe
  2⤵
  PID:6004
- C:\Windows\System\ITewCDI.exe
  C:\Windows\System\ITewCDI.exe
  2⤵
  PID:6020
- C:\Windows\System\QwkgoNr.exe
  C:\Windows\System\QwkgoNr.exe
  2⤵
  PID:6036
- C:\Windows\System\sJNvOrZ.exe
  C:\Windows\System\sJNvOrZ.exe
  2⤵
  PID:6052
- C:\Windows\System\CnJBYch.exe
  C:\Windows\System\CnJBYch.exe
  2⤵
  PID:6068
- C:\Windows\System\hmauelt.exe
  C:\Windows\System\hmauelt.exe
  2⤵
  PID:6088
- C:\Windows\System\aUYFfvL.exe
  C:\Windows\System\aUYFfvL.exe
  2⤵
  PID:6108
- C:\Windows\System\sWcdFAi.exe
  C:\Windows\System\sWcdFAi.exe
  2⤵
  PID:6124
- C:\Windows\System\kdBWcsw.exe
  C:\Windows\System\kdBWcsw.exe
  2⤵
  PID:6140
- C:\Windows\System\UbmBlcC.exe
  C:\Windows\System\UbmBlcC.exe
  2⤵
  PID:5148
- C:\Windows\System\EkdRypc.exe
  C:\Windows\System\EkdRypc.exe
  2⤵
  PID:5096
- C:\Windows\System\VTprEeq.exe
  C:\Windows\System\VTprEeq.exe
  2⤵
  PID:5328
- C:\Windows\System\kwPSqEw.exe
  C:\Windows\System\kwPSqEw.exe
  2⤵
  PID:4488
- C:\Windows\System\fPOEHyD.exe
  C:\Windows\System\fPOEHyD.exe
  2⤵
  PID:5404
- C:\Windows\System\GxHhycW.exe
  C:\Windows\System\GxHhycW.exe
  2⤵
  PID:5456
- C:\Windows\System\vMBkMLt.exe
  C:\Windows\System\vMBkMLt.exe
  2⤵
  PID:5472
- C:\Windows\System\ScEqUxB.exe
  C:\Windows\System\ScEqUxB.exe
  2⤵
  PID:5076
- C:\Windows\System\onRQXnF.exe
  C:\Windows\System\onRQXnF.exe
  2⤵
  PID:1612
- C:\Windows\System\totnohk.exe
  C:\Windows\System\totnohk.exe
  2⤵
  PID:5048
- C:\Windows\System\ySAhobS.exe
  C:\Windows\System\ySAhobS.exe
  2⤵
  PID:5280
- C:\Windows\System\sgafmCH.exe
  C:\Windows\System\sgafmCH.exe
  2⤵
  PID:5348
- C:\Windows\System\GtqYWLr.exe
  C:\Windows\System\GtqYWLr.exe
  2⤵
  PID:4696
- C:\Windows\System\EZvrLaG.exe
  C:\Windows\System\EZvrLaG.exe
  2⤵
  PID:5312
- C:\Windows\System\FchMpsf.exe
  C:\Windows\System\FchMpsf.exe
  2⤵
  PID:4304
- C:\Windows\System\mQpbWTj.exe
  C:\Windows\System\mQpbWTj.exe
  2⤵
  PID:4948
- C:\Windows\System\jNmHoqt.exe
  C:\Windows\System\jNmHoqt.exe
  2⤵
  PID:4792
- C:\Windows\System\zoyXgbS.exe
  C:\Windows\System\zoyXgbS.exe
  2⤵
  PID:4812
- C:\Windows\System\tBUOGeb.exe
  C:\Windows\System\tBUOGeb.exe
  2⤵
  PID:4436
- C:\Windows\System\berHYfX.exe
  C:\Windows\System\berHYfX.exe
  2⤵
  PID:5340
- C:\Windows\System\pMTcwlX.exe
  C:\Windows\System\pMTcwlX.exe
  2⤵
  PID:5428
- C:\Windows\System\vyYCBrG.exe
  C:\Windows\System\vyYCBrG.exe
  2⤵
  PID:5572
- C:\Windows\System\jmxFWmq.exe
  C:\Windows\System\jmxFWmq.exe
  2⤵
  PID:5612
- C:\Windows\System\WFMrVQk.exe
  C:\Windows\System\WFMrVQk.exe
  2⤵
  PID:5652
- C:\Windows\System\NlwYYqa.exe
  C:\Windows\System\NlwYYqa.exe
  2⤵
  PID:5560
- C:\Windows\System\LeOZBcH.exe
  C:\Windows\System\LeOZBcH.exe
  2⤵
  PID:5664
- C:\Windows\System\dWDAIsK.exe
  C:\Windows\System\dWDAIsK.exe
  2⤵
  PID:5592
- C:\Windows\System\fuoeJvN.exe
  C:\Windows\System\fuoeJvN.exe
  2⤵
  PID:5780
- C:\Windows\System\OnTuyBa.exe
  C:\Windows\System\OnTuyBa.exe
  2⤵
  PID:5760
- C:\Windows\System\kWxjWHw.exe
  C:\Windows\System\kWxjWHw.exe
  2⤵
  PID:5804
- C:\Windows\System\Vcndjdw.exe
  C:\Windows\System\Vcndjdw.exe
  2⤵
  PID:5852
- C:\Windows\System\lmCvsWg.exe
  C:\Windows\System\lmCvsWg.exe
  2⤵
  PID:5920
- C:\Windows\System\AmwKRGM.exe
  C:\Windows\System\AmwKRGM.exe
  2⤵
  PID:5952
- C:\Windows\System\ouvNdzs.exe
  C:\Windows\System\ouvNdzs.exe
  2⤵
  PID:5904
- C:\Windows\System\DyfTDsK.exe
  C:\Windows\System\DyfTDsK.exe
  2⤵
  PID:5956
- C:\Windows\System\MKBVJvs.exe
  C:\Windows\System\MKBVJvs.exe
  2⤵
  PID:6044
- C:\Windows\System\xNvkiJq.exe
  C:\Windows\System\xNvkiJq.exe
  2⤵
  PID:6084
- C:\Windows\System\UXQREKU.exe
  C:\Windows\System\UXQREKU.exe
  2⤵
  PID:5112
- C:\Windows\System\jCbaCHK.exe
  C:\Windows\System\jCbaCHK.exe
  2⤵
  PID:6132
- C:\Windows\System\JUKUzGp.exe
  C:\Windows\System\JUKUzGp.exe
  2⤵
  PID:6032
- C:\Windows\System\qdJyOlK.exe
  C:\Windows\System\qdJyOlK.exe
  2⤵
  PID:6064
- C:\Windows\System\zfcofzQ.exe
  C:\Windows\System\zfcofzQ.exe
  2⤵
  PID:6136
- C:\Windows\System\heNqiFW.exe
  C:\Windows\System\heNqiFW.exe
  2⤵
  PID:5324
- C:\Windows\System\BRmiCgO.exe
  C:\Windows\System\BRmiCgO.exe
  2⤵
  PID:5256
- C:\Windows\System\zabxKdZ.exe
  C:\Windows\System\zabxKdZ.exe
  2⤵
  PID:5364
- C:\Windows\System\VuZAITN.exe
  C:\Windows\System\VuZAITN.exe
  2⤵
  PID:5500
- C:\Windows\System\zkPuiiT.exe
  C:\Windows\System\zkPuiiT.exe
  2⤵
  PID:5052
- C:\Windows\System\GnvBXpQ.exe
  C:\Windows\System\GnvBXpQ.exe
  2⤵
  PID:5520
- C:\Windows\System\vWyLjjF.exe
  C:\Windows\System\vWyLjjF.exe
  2⤵
  PID:4684
- C:\Windows\System\vfQqbcX.exe
  C:\Windows\System\vfQqbcX.exe
  2⤵
  PID:4680
- C:\Windows\System\kQjtYBF.exe
  C:\Windows\System\kQjtYBF.exe
  2⤵
  PID:4912
- C:\Windows\System\gJXOAJO.exe
  C:\Windows\System\gJXOAJO.exe
  2⤵
  PID:5648
- C:\Windows\System\BAVlwlY.exe
  C:\Windows\System\BAVlwlY.exe
  2⤵
  PID:5736
- C:\Windows\System\hRVDOoN.exe
  C:\Windows\System\hRVDOoN.exe
  2⤵
  PID:5864
- C:\Windows\System\MefEJqI.exe
  C:\Windows\System\MefEJqI.exe
  2⤵
  PID:6016
- C:\Windows\System\CpUIZKG.exe
  C:\Windows\System\CpUIZKG.exe
  2⤵
  PID:4460
- C:\Windows\System\waOeGlV.exe
  C:\Windows\System\waOeGlV.exe
  2⤵
  PID:5996
- C:\Windows\System\YSDOnqC.exe
  C:\Windows\System\YSDOnqC.exe
  2⤵
  PID:5468
- C:\Windows\System\eVYCoZn.exe
  C:\Windows\System\eVYCoZn.exe
  2⤵
  PID:1548
- C:\Windows\System\GaMfnbB.exe
  C:\Windows\System\GaMfnbB.exe
  2⤵
  PID:6104
- C:\Windows\System\TSmfoPY.exe
  C:\Windows\System\TSmfoPY.exe
  2⤵
  PID:5224
- C:\Windows\System\xKoROOt.exe
  C:\Windows\System\xKoROOt.exe
  2⤵
  PID:5848
- C:\Windows\System\doisZIh.exe
  C:\Windows\System\doisZIh.exe
  2⤵
  PID:4328
- C:\Windows\System\VHsZhgC.exe
  C:\Windows\System\VHsZhgC.exe
  2⤵
  PID:6096
- C:\Windows\System\XIVoAvn.exe
  C:\Windows\System\XIVoAvn.exe
  2⤵
  PID:5188
- C:\Windows\System\uTmxpJs.exe
  C:\Windows\System\uTmxpJs.exe
  2⤵
  PID:4636
- C:\Windows\System\PloYCRx.exe
  C:\Windows\System\PloYCRx.exe
  2⤵
  PID:5940
- C:\Windows\System\JJKsoaa.exe
  C:\Windows\System\JJKsoaa.exe
  2⤵
  PID:5644
- C:\Windows\System\iGZZCdR.exe
  C:\Windows\System\iGZZCdR.exe
  2⤵
  PID:5244
- C:\Windows\System\WIzJhDq.exe
  C:\Windows\System\WIzJhDq.exe
  2⤵
  PID:4720
- C:\Windows\System\eXeehbK.exe
  C:\Windows\System\eXeehbK.exe
  2⤵
  PID:5980
- C:\Windows\System\lHlTuZX.exe
  C:\Windows\System\lHlTuZX.exe
  2⤵
  PID:5800
- C:\Windows\System\wBjzCBn.exe
  C:\Windows\System\wBjzCBn.exe
  2⤵
  PID:5832
- C:\Windows\System\IyhaQTA.exe
  C:\Windows\System\IyhaQTA.exe
  2⤵
  PID:5424
- C:\Windows\System\KOTCqyh.exe
  C:\Windows\System\KOTCqyh.exe
  2⤵
  PID:5720
- C:\Windows\System\ZscWchO.exe
  C:\Windows\System\ZscWchO.exe
  2⤵
  PID:5608
- C:\Windows\System\GRXKOtN.exe
  C:\Windows\System\GRXKOtN.exe
  2⤵
  PID:5180
- C:\Windows\System\wmKvlph.exe
  C:\Windows\System\wmKvlph.exe
  2⤵
  PID:5344
- C:\Windows\System\ZNPFyYb.exe
  C:\Windows\System\ZNPFyYb.exe
  2⤵
  PID:5704
- C:\Windows\System\KMrWjST.exe
  C:\Windows\System\KMrWjST.exe
  2⤵
  PID:5936
- C:\Windows\System\dnaxoPp.exe
  C:\Windows\System\dnaxoPp.exe
  2⤵
  PID:5688
- C:\Windows\System\cgRIOsG.exe
  C:\Windows\System\cgRIOsG.exe
  2⤵
  PID:4324
- C:\Windows\System\ypLsRLA.exe
  C:\Windows\System\ypLsRLA.exe
  2⤵
  PID:5400
- C:\Windows\System\MKgpGdK.exe
  C:\Windows\System\MKgpGdK.exe
  2⤵
  PID:5624
- C:\Windows\System\apqpkbY.exe
  C:\Windows\System\apqpkbY.exe
  2⤵
  PID:6012
- C:\Windows\System\VRTncfr.exe
  C:\Windows\System\VRTncfr.exe
  2⤵
  PID:5220
- C:\Windows\System\WfcFmPj.exe
  C:\Windows\System\WfcFmPj.exe
  2⤵
  PID:5604
- C:\Windows\System\fylHbaA.exe
  C:\Windows\System\fylHbaA.exe
  2⤵
  PID:5492
- C:\Windows\System\DcfqrBC.exe
  C:\Windows\System\DcfqrBC.exe
  2⤵
  PID:5668
- C:\Windows\System\zVRzNwk.exe
  C:\Windows\System\zVRzNwk.exe
  2⤵
  PID:5700
- C:\Windows\System\QYgIEJF.exe
  C:\Windows\System\QYgIEJF.exe
  2⤵
  PID:5440
- C:\Windows\System\jXAZlRc.exe
  C:\Windows\System\jXAZlRc.exe
  2⤵
  PID:5240
- C:\Windows\System\oMTXxdS.exe
  C:\Windows\System\oMTXxdS.exe
  2⤵
  PID:4524
- C:\Windows\System\BYwObIO.exe
  C:\Windows\System\BYwObIO.exe
  2⤵
  PID:6160
- C:\Windows\System\mrVAkfF.exe
  C:\Windows\System\mrVAkfF.exe
  2⤵
  PID:6180
- C:\Windows\System\gjnfbug.exe
  C:\Windows\System\gjnfbug.exe
  2⤵
  PID:6220
- C:\Windows\System\XRTCVHi.exe
  C:\Windows\System\XRTCVHi.exe
  2⤵
  PID:6240
- C:\Windows\System\PQqFXIy.exe
  C:\Windows\System\PQqFXIy.exe
  2⤵
  PID:6256
- C:\Windows\System\ENhixMZ.exe
  C:\Windows\System\ENhixMZ.exe
  2⤵
  PID:6276
- C:\Windows\System\vzHxzGa.exe
  C:\Windows\System\vzHxzGa.exe
  2⤵
  PID:6292
- C:\Windows\System\OXDvMMU.exe
  C:\Windows\System\OXDvMMU.exe
  2⤵
  PID:6312
- C:\Windows\System\AohZEMN.exe
  C:\Windows\System\AohZEMN.exe
  2⤵
  PID:6328
- C:\Windows\System\QwqGyPV.exe
  C:\Windows\System\QwqGyPV.exe
  2⤵
  PID:6344
- C:\Windows\System\MNQpqzw.exe
  C:\Windows\System\MNQpqzw.exe
  2⤵
  PID:6364
- C:\Windows\System\hbvokcc.exe
  C:\Windows\System\hbvokcc.exe
  2⤵
  PID:6380
- C:\Windows\System\muASUPA.exe
  C:\Windows\System\muASUPA.exe
  2⤵
  PID:6400
- C:\Windows\System\BoFTqnQ.exe
  C:\Windows\System\BoFTqnQ.exe
  2⤵
  PID:6416
- C:\Windows\System\mKNWdDy.exe
  C:\Windows\System\mKNWdDy.exe
  2⤵
  PID:6436
- C:\Windows\System\zSwjKho.exe
  C:\Windows\System\zSwjKho.exe
  2⤵
  PID:6452
- C:\Windows\System\bXCnNnE.exe
  C:\Windows\System\bXCnNnE.exe
  2⤵
  PID:6472
- C:\Windows\System\XzWepgb.exe
  C:\Windows\System\XzWepgb.exe
  2⤵
  PID:6488
- C:\Windows\System\eLftPMj.exe
  C:\Windows\System\eLftPMj.exe
  2⤵
  PID:6508
- C:\Windows\System\SWzCxMc.exe
  C:\Windows\System\SWzCxMc.exe
  2⤵
  PID:6524
- C:\Windows\System\CGJUYeW.exe
  C:\Windows\System\CGJUYeW.exe
  2⤵
  PID:6544
- C:\Windows\System\rIVLDjf.exe
  C:\Windows\System\rIVLDjf.exe
  2⤵
  PID:6560
- C:\Windows\System\UBrXdkd.exe
  C:\Windows\System\UBrXdkd.exe
  2⤵
  PID:6584
- C:\Windows\System\kpWQnHZ.exe
  C:\Windows\System\kpWQnHZ.exe
  2⤵
  PID:6600
- C:\Windows\System\bGaBCHB.exe
  C:\Windows\System\bGaBCHB.exe
  2⤵
  PID:6620
- C:\Windows\System\pFcRHXz.exe
  C:\Windows\System\pFcRHXz.exe
  2⤵
  PID:6636
- C:\Windows\System\yPpUnai.exe
  C:\Windows\System\yPpUnai.exe
  2⤵
  PID:6656
- C:\Windows\System\ctUSJiG.exe
  C:\Windows\System\ctUSJiG.exe
  2⤵
  PID:6672
- C:\Windows\System\ESmnXsw.exe
  C:\Windows\System\ESmnXsw.exe
  2⤵
  PID:6692
- C:\Windows\System\tCyeKaR.exe
  C:\Windows\System\tCyeKaR.exe
  2⤵
  PID:6708
- C:\Windows\System\beFqEEN.exe
  C:\Windows\System\beFqEEN.exe
  2⤵
  PID:6728
- C:\Windows\System\wwChQxd.exe
  C:\Windows\System\wwChQxd.exe
  2⤵
  PID:6744
- C:\Windows\System\lIGefcj.exe
  C:\Windows\System\lIGefcj.exe
  2⤵
  PID:6764
- C:\Windows\System\RdwcDdH.exe
  C:\Windows\System\RdwcDdH.exe
  2⤵
  PID:6788
- C:\Windows\System\GDvDDwG.exe
  C:\Windows\System\GDvDDwG.exe
  2⤵
  PID:6856
- C:\Windows\System\zVtZtMn.exe
  C:\Windows\System\zVtZtMn.exe
  2⤵
  PID:6880
- C:\Windows\System\mMzflCF.exe
  C:\Windows\System\mMzflCF.exe
  2⤵
  PID:6896
- C:\Windows\System\ythSzfj.exe
  C:\Windows\System\ythSzfj.exe
  2⤵
  PID:6916
- C:\Windows\System\eajYajr.exe
  C:\Windows\System\eajYajr.exe
  2⤵
  PID:6932
- C:\Windows\System\dMDmDwy.exe
  C:\Windows\System\dMDmDwy.exe
  2⤵
  PID:6948
- C:\Windows\System\nkZOLpN.exe
  C:\Windows\System\nkZOLpN.exe
  2⤵
  PID:6968
- C:\Windows\System\ZBLXsXE.exe
  C:\Windows\System\ZBLXsXE.exe
  2⤵
  PID:6996
- C:\Windows\System\chQXuZM.exe
  C:\Windows\System\chQXuZM.exe
  2⤵
  PID:7012
- C:\Windows\System\hnzcQmx.exe
  C:\Windows\System\hnzcQmx.exe
  2⤵
  PID:7036
- C:\Windows\System\qShUiJB.exe
  C:\Windows\System\qShUiJB.exe
  2⤵
  PID:7052
- C:\Windows\System\argAfDx.exe
  C:\Windows\System\argAfDx.exe
  2⤵
  PID:7072
- C:\Windows\System\rMtrqHw.exe
  C:\Windows\System\rMtrqHw.exe
  2⤵
  PID:7100
- C:\Windows\System\GnQsPfS.exe
  C:\Windows\System\GnQsPfS.exe
  2⤵
  PID:7116
- C:\Windows\System\YjSIFDB.exe
  C:\Windows\System\YjSIFDB.exe
  2⤵
  PID:7136
- C:\Windows\System\EVPRJJQ.exe
  C:\Windows\System\EVPRJJQ.exe
  2⤵
  PID:7152
- C:\Windows\System\wPGYWRF.exe
  C:\Windows\System\wPGYWRF.exe
  2⤵
  PID:5132
- C:\Windows\System\NPUlPmS.exe
  C:\Windows\System\NPUlPmS.exe
  2⤵
  PID:6168
- C:\Windows\System\kZtYtag.exe
  C:\Windows\System\kZtYtag.exe
  2⤵
  PID:5984
- C:\Windows\System\jqJFTSi.exe
  C:\Windows\System\jqJFTSi.exe
  2⤵
  PID:6228
- C:\Windows\System\SGMNCuw.exe
  C:\Windows\System\SGMNCuw.exe
  2⤵
  PID:6232
- C:\Windows\System\rawONWv.exe
  C:\Windows\System\rawONWv.exe
  2⤵
  PID:6204
- C:\Windows\System\bpRhlhN.exe
  C:\Windows\System\bpRhlhN.exe
  2⤵
  PID:6300
- C:\Windows\System\wlfIktK.exe
  C:\Windows\System\wlfIktK.exe
  2⤵
  PID:6340
- C:\Windows\System\uGyChAm.exe
  C:\Windows\System\uGyChAm.exe
  2⤵
  PID:6192
- C:\Windows\System\HDkxmXP.exe
  C:\Windows\System\HDkxmXP.exe
  2⤵
  PID:6480
- C:\Windows\System\STcwVIT.exe
  C:\Windows\System\STcwVIT.exe
  2⤵
  PID:6552
- C:\Windows\System\bDDpvhN.exe
  C:\Windows\System\bDDpvhN.exe
  2⤵
  PID:6632
- C:\Windows\System\EuWGYRm.exe
  C:\Windows\System\EuWGYRm.exe
  2⤵
  PID:6740
- C:\Windows\System\YQjItiM.exe
  C:\Windows\System\YQjItiM.exe
  2⤵
  PID:6776
- C:\Windows\System\oCpdsPU.exe
  C:\Windows\System\oCpdsPU.exe
  2⤵
  PID:6252
- C:\Windows\System\itLzOqg.exe
  C:\Windows\System\itLzOqg.exe
  2⤵
  PID:6804
- C:\Windows\System\OzYzMfv.exe
  C:\Windows\System\OzYzMfv.exe
  2⤵
  PID:6468
- C:\Windows\System\sUxboQl.exe
  C:\Windows\System\sUxboQl.exe
  2⤵
  PID:6540
- C:\Windows\System\dsiWyhf.exe
  C:\Windows\System\dsiWyhf.exe
  2⤵
  PID:6608
- C:\Windows\System\ShljCbH.exe
  C:\Windows\System\ShljCbH.exe
  2⤵
  PID:6680
- C:\Windows\System\fdbsdVb.exe
  C:\Windows\System\fdbsdVb.exe
  2⤵
  PID:6720
- C:\Windows\System\ugESvMg.exe
  C:\Windows\System\ugESvMg.exe
  2⤵
  PID:6760
- C:\Windows\System\WeDfEBL.exe
  C:\Windows\System\WeDfEBL.exe
  2⤵
  PID:6816
- C:\Windows\System\kSaNsMq.exe
  C:\Windows\System\kSaNsMq.exe
  2⤵
  PID:6848
- C:\Windows\System\SMXFOim.exe
  C:\Windows\System\SMXFOim.exe
  2⤵
  PID:6888
- C:\Windows\System\oBGPBum.exe
  C:\Windows\System\oBGPBum.exe
  2⤵
  PID:6940
- C:\Windows\System\PvgkmwO.exe
  C:\Windows\System\PvgkmwO.exe
  2⤵
  PID:6992
- C:\Windows\System\ZLDeZMN.exe
  C:\Windows\System\ZLDeZMN.exe
  2⤵
  PID:7028
- C:\Windows\System\JZrMtkb.exe
  C:\Windows\System\JZrMtkb.exe
  2⤵
  PID:7008
- C:\Windows\System\LmtdwBW.exe
  C:\Windows\System\LmtdwBW.exe
  2⤵
  PID:7064
- C:\Windows\System\eUGHBCT.exe
  C:\Windows\System\eUGHBCT.exe
  2⤵
  PID:7096
- C:\Windows\System\NspyELR.exe
  C:\Windows\System\NspyELR.exe
  2⤵
  PID:7148
- C:\Windows\System\CNEdggB.exe
  C:\Windows\System\CNEdggB.exe
  2⤵
  PID:4880
- C:\Windows\System\achrKjD.exe
  C:\Windows\System\achrKjD.exe
  2⤵
  PID:6336
- C:\Windows\System\QXPPRtr.exe
  C:\Windows\System\QXPPRtr.exe
  2⤵
  PID:2420
- C:\Windows\System\bBOOAgA.exe
  C:\Windows\System\bBOOAgA.exe
  2⤵
  PID:6176
- C:\Windows\System\kqaeleQ.exe
  C:\Windows\System\kqaeleQ.exe
  2⤵
  PID:6532
- C:\Windows\System\aYaDquv.exe
  C:\Windows\System\aYaDquv.exe
  2⤵
  PID:6648
- C:\Windows\System\tkwYNVw.exe
  C:\Windows\System\tkwYNVw.exe
  2⤵
  PID:6828
- C:\Windows\System\ontyntN.exe
  C:\Windows\System\ontyntN.exe
  2⤵
  PID:6892
- C:\Windows\System\mpmbWLR.exe
  C:\Windows\System\mpmbWLR.exe
  2⤵
  PID:6272
- C:\Windows\System\mVLcXpn.exe
  C:\Windows\System\mVLcXpn.exe
  2⤵
  PID:6516
- C:\Windows\System\mGhIovc.exe
  C:\Windows\System\mGhIovc.exe
  2⤵
  PID:6668
- C:\Windows\System\ZDipzJq.exe
  C:\Windows\System\ZDipzJq.exe
  2⤵
  PID:6356
- C:\Windows\System\pGsbREy.exe
  C:\Windows\System\pGsbREy.exe
  2⤵
  PID:7048
- C:\Windows\System\MlWeFAf.exe
  C:\Windows\System\MlWeFAf.exe
  2⤵
  PID:6688
- C:\Windows\System\yPmoEpN.exe
  C:\Windows\System\yPmoEpN.exe
  2⤵
  PID:6596
- C:\Windows\System\dUqGOOP.exe
  C:\Windows\System\dUqGOOP.exe
  2⤵
  PID:6796
- C:\Windows\System\GqGwalc.exe
  C:\Windows\System\GqGwalc.exe
  2⤵
  PID:6928
- C:\Windows\System\BernKzI.exe
  C:\Windows\System\BernKzI.exe
  2⤵
  PID:6956
- C:\Windows\System\qoBxHcg.exe
  C:\Windows\System\qoBxHcg.exe
  2⤵
  PID:7092
- C:\Windows\System\fdseQbO.exe
  C:\Windows\System\fdseQbO.exe
  2⤵
  PID:6772
- C:\Windows\System\RQOJXPt.exe
  C:\Windows\System\RQOJXPt.exe
  2⤵
  PID:6288
- C:\Windows\System\yQOrZcd.exe
  C:\Windows\System\yQOrZcd.exe
  2⤵
  PID:6616
- C:\Windows\System\BYhYfhV.exe
  C:\Windows\System\BYhYfhV.exe
  2⤵
  PID:6784
- C:\Windows\System\XmNURIc.exe
  C:\Windows\System\XmNURIc.exe
  2⤵
  PID:6212
- C:\Windows\System\CSCjbiO.exe
  C:\Windows\System\CSCjbiO.exe
  2⤵
  PID:6152
- C:\Windows\System\zuuaMBD.exe
  C:\Windows\System\zuuaMBD.exe
  2⤵
  PID:6824
- C:\Windows\System\EBNWcEU.exe
  C:\Windows\System\EBNWcEU.exe
  2⤵
  PID:6700
- C:\Windows\System\vVbHEPN.exe
  C:\Windows\System\vVbHEPN.exe
  2⤵
  PID:6580
- C:\Windows\System\rFsiGwq.exe
  C:\Windows\System\rFsiGwq.exe
  2⤵
  PID:5308
- C:\Windows\System\ZYFmtLE.exe
  C:\Windows\System\ZYFmtLE.exe
  2⤵
  PID:6412
- C:\Windows\System\qNVXEbQ.exe
  C:\Windows\System\qNVXEbQ.exe
  2⤵
  PID:6284
- C:\Windows\System\egyRBLD.exe
  C:\Windows\System\egyRBLD.exe
  2⤵
  PID:6868
- C:\Windows\System\uhRxtZm.exe
  C:\Windows\System\uhRxtZm.exe
  2⤵
  PID:6216
- C:\Windows\System\NDQXNxq.exe
  C:\Windows\System\NDQXNxq.exe
  2⤵
  PID:6200
- C:\Windows\System\MiMUQdk.exe
  C:\Windows\System\MiMUQdk.exe
  2⤵
  PID:7144
- C:\Windows\System\ubZDsAP.exe
  C:\Windows\System\ubZDsAP.exe
  2⤵
  PID:6324
- C:\Windows\System\KrRemBL.exe
  C:\Windows\System\KrRemBL.exe
  2⤵
  PID:6872
- C:\Windows\System\SUvHzpd.exe
  C:\Windows\System\SUvHzpd.exe
  2⤵
  PID:7184
- C:\Windows\System\exERxyz.exe
  C:\Windows\System\exERxyz.exe
  2⤵
  PID:7212
- C:\Windows\System\FLHHivf.exe
  C:\Windows\System\FLHHivf.exe
  2⤵
  PID:7228
- C:\Windows\System\FMcxBXh.exe
  C:\Windows\System\FMcxBXh.exe
  2⤵
  PID:7244
- C:\Windows\System\rnrVjAk.exe
  C:\Windows\System\rnrVjAk.exe
  2⤵
  PID:7260
- C:\Windows\System\QvjxTRc.exe
  C:\Windows\System\QvjxTRc.exe
  2⤵
  PID:7276
- C:\Windows\System\kyjQlcF.exe
  C:\Windows\System\kyjQlcF.exe
  2⤵
  PID:7300
- C:\Windows\System\XsSgLhp.exe
  C:\Windows\System\XsSgLhp.exe
  2⤵
  PID:7316
- C:\Windows\System\YjThvrw.exe
  C:\Windows\System\YjThvrw.exe
  2⤵
  PID:7352
- C:\Windows\System\PZcvxNT.exe
  C:\Windows\System\PZcvxNT.exe
  2⤵
  PID:7368
- C:\Windows\System\txmiyBV.exe
  C:\Windows\System\txmiyBV.exe
  2⤵
  PID:7392
- C:\Windows\System\cdJHOkU.exe
  C:\Windows\System\cdJHOkU.exe
  2⤵
  PID:7408
- C:\Windows\System\KgYfimU.exe
  C:\Windows\System\KgYfimU.exe
  2⤵
  PID:7428
- C:\Windows\System\OjVCinV.exe
  C:\Windows\System\OjVCinV.exe
  2⤵
  PID:7468
- C:\Windows\System\RtPJWpq.exe
  C:\Windows\System\RtPJWpq.exe
  2⤵
  PID:7488
- C:\Windows\System\ZHRIVKx.exe
  C:\Windows\System\ZHRIVKx.exe
  2⤵
  PID:7504
- C:\Windows\System\WLpFYFi.exe
  C:\Windows\System\WLpFYFi.exe
  2⤵
  PID:7528
- C:\Windows\System\IVgKaQw.exe
  C:\Windows\System\IVgKaQw.exe
  2⤵
  PID:7544
- C:\Windows\System\wSpAfZG.exe
  C:\Windows\System\wSpAfZG.exe
  2⤵
  PID:7564
- C:\Windows\System\wKZBvFB.exe
  C:\Windows\System\wKZBvFB.exe
  2⤵
  PID:7584
- C:\Windows\System\dljRlTc.exe
  C:\Windows\System\dljRlTc.exe
  2⤵
  PID:7600
- C:\Windows\System\EnAiBxv.exe
  C:\Windows\System\EnAiBxv.exe
  2⤵
  PID:7616
- C:\Windows\System\vTIzrjP.exe
  C:\Windows\System\vTIzrjP.exe
  2⤵
  PID:7632
- C:\Windows\System\xcLvHoD.exe
  C:\Windows\System\xcLvHoD.exe
  2⤵
  PID:7648
- C:\Windows\System\lwCXKPB.exe
  C:\Windows\System\lwCXKPB.exe
  2⤵
  PID:7664
- C:\Windows\System\uvvtgoT.exe
  C:\Windows\System\uvvtgoT.exe
  2⤵
  PID:7680
- C:\Windows\System\fIQapjq.exe
  C:\Windows\System\fIQapjq.exe
  2⤵
  PID:7696
- C:\Windows\System\STFMyAA.exe
  C:\Windows\System\STFMyAA.exe
  2⤵
  PID:7716
- C:\Windows\System\vmCBSQd.exe
  C:\Windows\System\vmCBSQd.exe
  2⤵
  PID:7732
- C:\Windows\System\FmgFvEW.exe
  C:\Windows\System\FmgFvEW.exe
  2⤵
  PID:7748
- C:\Windows\System\orZrZnG.exe
  C:\Windows\System\orZrZnG.exe
  2⤵
  PID:7764
- C:\Windows\System\aPyWhbX.exe
  C:\Windows\System\aPyWhbX.exe
  2⤵
  PID:7780
- C:\Windows\System\zuIlfCw.exe
  C:\Windows\System\zuIlfCw.exe
  2⤵
  PID:7796
- C:\Windows\System\JzJljls.exe
  C:\Windows\System\JzJljls.exe
  2⤵
  PID:7816
- C:\Windows\System\LMTjkvt.exe
  C:\Windows\System\LMTjkvt.exe
  2⤵
  PID:7832
- C:\Windows\System\UsPJrEG.exe
  C:\Windows\System\UsPJrEG.exe
  2⤵
  PID:7856
- C:\Windows\System\FGSYEsw.exe
  C:\Windows\System\FGSYEsw.exe
  2⤵
  PID:7876
- C:\Windows\System\ETZhaHW.exe
  C:\Windows\System\ETZhaHW.exe
  2⤵
  PID:7896
- C:\Windows\System\WtwpzHA.exe
  C:\Windows\System\WtwpzHA.exe
  2⤵
  PID:7916
- C:\Windows\System\MQZqtbm.exe
  C:\Windows\System\MQZqtbm.exe
  2⤵
  PID:7936
- C:\Windows\System\MtKuDjc.exe
  C:\Windows\System\MtKuDjc.exe
  2⤵
  PID:7956
- C:\Windows\System\IeMhzIc.exe
  C:\Windows\System\IeMhzIc.exe
  2⤵
  PID:7976
- C:\Windows\System\nhlleoR.exe
  C:\Windows\System\nhlleoR.exe
  2⤵
  PID:7996
- C:\Windows\System\ZQNeHjM.exe
  C:\Windows\System\ZQNeHjM.exe
  2⤵
  PID:8016
- C:\Windows\System\rJsjult.exe
  C:\Windows\System\rJsjult.exe
  2⤵
  PID:8032
- C:\Windows\System\dSWPOay.exe
  C:\Windows\System\dSWPOay.exe
  2⤵
  PID:8052
- C:\Windows\System\EGurXGk.exe
  C:\Windows\System\EGurXGk.exe
  2⤵
  PID:8068
- C:\Windows\System\ZqggrJj.exe
  C:\Windows\System\ZqggrJj.exe
  2⤵
  PID:8084
- C:\Windows\System\rLVDoRS.exe
  C:\Windows\System\rLVDoRS.exe
  2⤵
  PID:8104
- C:\Windows\System\MJXxjMt.exe
  C:\Windows\System\MJXxjMt.exe
  2⤵
  PID:8124
- C:\Windows\System\XpLZOOz.exe
  C:\Windows\System\XpLZOOz.exe
  2⤵
  PID:8148
- C:\Windows\System\vRMiMPb.exe
  C:\Windows\System\vRMiMPb.exe
  2⤵
  PID:8164
- C:\Windows\System\qCOeQfl.exe
  C:\Windows\System\qCOeQfl.exe
  2⤵
  PID:8180
- C:\Windows\System\cCZgYMi.exe
  C:\Windows\System\cCZgYMi.exe
  2⤵
  PID:7328
- C:\Windows\System\qrgZIJB.exe
  C:\Windows\System\qrgZIJB.exe
  2⤵
  PID:7348
- C:\Windows\System\PWIayTV.exe
  C:\Windows\System\PWIayTV.exe
  2⤵
  PID:7388
- C:\Windows\System\XfvUoeF.exe
  C:\Windows\System\XfvUoeF.exe
  2⤵
  PID:6556
- C:\Windows\System\ogRcHKo.exe
  C:\Windows\System\ogRcHKo.exe
  2⤵
  PID:6864
- C:\Windows\System\sdNArMF.exe
  C:\Windows\System\sdNArMF.exe
  2⤵
  PID:7112
- C:\Windows\System\qKsLumg.exe
  C:\Windows\System\qKsLumg.exe
  2⤵
  PID:7360
- C:\Windows\System\DPiCzlv.exe
  C:\Windows\System\DPiCzlv.exe
  2⤵
  PID:7240
- C:\Windows\System\ytgkVJi.exe
  C:\Windows\System\ytgkVJi.exe
  2⤵
  PID:7456
- C:\Windows\System\iRSfEJx.exe
  C:\Windows\System\iRSfEJx.exe
  2⤵
  PID:7448
- C:\Windows\System\mFFGtna.exe
  C:\Windows\System\mFFGtna.exe
  2⤵
  PID:7440
- C:\Windows\System\NOTLSBw.exe
  C:\Windows\System\NOTLSBw.exe
  2⤵
  PID:7512
- C:\Windows\System\nayPFlh.exe
  C:\Windows\System\nayPFlh.exe
  2⤵
  PID:7560
- C:\Windows\System\KLyOKaq.exe
  C:\Windows\System\KLyOKaq.exe
  2⤵
  PID:7628
- C:\Windows\System\XhJUSec.exe
  C:\Windows\System\XhJUSec.exe
  2⤵
  PID:7728
- C:\Windows\System\JYEwQYt.exe
  C:\Windows\System\JYEwQYt.exe
  2⤵
  PID:7792
- C:\Windows\System\hqqJibT.exe
  C:\Windows\System\hqqJibT.exe
  2⤵
  PID:7904
- C:\Windows\System\hrihXRd.exe
  C:\Windows\System\hrihXRd.exe
  2⤵
  PID:7948
- C:\Windows\System\TAsTEDP.exe
  C:\Windows\System\TAsTEDP.exe
  2⤵
  PID:8024
- C:\Windows\System\LQXBBVy.exe
  C:\Windows\System\LQXBBVy.exe
  2⤵
  PID:8096
- C:\Windows\System\oJtmEWp.exe
  C:\Windows\System\oJtmEWp.exe
  2⤵
  PID:8144
- C:\Windows\System\nsgIWlQ.exe
  C:\Windows\System\nsgIWlQ.exe
  2⤵
  PID:7704
- C:\Windows\System\crqKhWz.exe
  C:\Windows\System\crqKhWz.exe
  2⤵
  PID:7772
- C:\Windows\System\dhSfUkj.exe
  C:\Windows\System\dhSfUkj.exe
  2⤵
  PID:7848
- C:\Windows\System\apBuniC.exe
  C:\Windows\System\apBuniC.exe
  2⤵
  PID:8044
- C:\Windows\System\lOYGVFB.exe
  C:\Windows\System\lOYGVFB.exe
  2⤵
  PID:8112
- C:\Windows\System\LxCZxFL.exe
  C:\Windows\System\LxCZxFL.exe
  2⤵
  PID:7572
- C:\Windows\System\AhjntWy.exe
  C:\Windows\System\AhjntWy.exe
  2⤵
  PID:7672
- C:\Windows\System\ssYnnPy.exe
  C:\Windows\System\ssYnnPy.exe
  2⤵
  PID:8012
- C:\Windows\System\KwtXObE.exe
  C:\Windows\System\KwtXObE.exe
  2⤵
  PID:7892
- C:\Windows\System\gffEOMT.exe
  C:\Windows\System\gffEOMT.exe
  2⤵
  PID:7340
- C:\Windows\System\TtPfBeu.exe
  C:\Windows\System\TtPfBeu.exe
  2⤵
  PID:7176
- C:\Windows\System\cqcExXK.exe
  C:\Windows\System\cqcExXK.exe
  2⤵
  PID:7284
- C:\Windows\System\SjylxpJ.exe
  C:\Windows\System\SjylxpJ.exe
  2⤵
  PID:7324
- C:\Windows\System\OXQtgbM.exe
  C:\Windows\System\OXQtgbM.exe
  2⤵
  PID:6756
- C:\Windows\System\vdYAKtj.exe
  C:\Windows\System\vdYAKtj.exe
  2⤵
  PID:7380
- C:\Windows\System\zyDIqAz.exe
  C:\Windows\System\zyDIqAz.exe
  2⤵
  PID:7208
- C:\Windows\System\YHotvfd.exe
  C:\Windows\System\YHotvfd.exe
  2⤵
  PID:7476
- C:\Windows\System\gCaEJBe.exe
  C:\Windows\System\gCaEJBe.exe
  2⤵
  PID:7268
- C:\Windows\System\ZlOVZsI.exe
  C:\Windows\System\ZlOVZsI.exe
  2⤵
  PID:7308
- C:\Windows\System\hJySzMT.exe
  C:\Windows\System\hJySzMT.exe
  2⤵
  PID:7912
- C:\Windows\System\nReyRJQ.exe
  C:\Windows\System\nReyRJQ.exe
  2⤵
  PID:8176
- C:\Windows\System\NNdcjuh.exe
  C:\Windows\System\NNdcjuh.exe
  2⤵
  PID:7840
- C:\Windows\System\EbdDBWW.exe
  C:\Windows\System\EbdDBWW.exe
  2⤵
  PID:8080
- C:\Windows\System\imrjkYA.exe
  C:\Windows\System\imrjkYA.exe
  2⤵
  PID:7460
- C:\Windows\System\dPRsiKH.exe
  C:\Windows\System\dPRsiKH.exe
  2⤵
  PID:7888
- C:\Windows\System\ZjVAkqp.exe
  C:\Windows\System\ZjVAkqp.exe
  2⤵
  PID:8188
- C:\Windows\System\JLWZksp.exe
  C:\Windows\System\JLWZksp.exe
  2⤵
  PID:7660
- C:\Windows\System\NMIKyza.exe
  C:\Windows\System\NMIKyza.exe
  2⤵
  PID:7864
- C:\Windows\System\NrQSWjz.exe
  C:\Windows\System\NrQSWjz.exe
  2⤵
  PID:7744
- C:\Windows\System\AxsTggj.exe
  C:\Windows\System\AxsTggj.exe
  2⤵
  PID:7928
- C:\Windows\System\CTvOWDc.exe
  C:\Windows\System\CTvOWDc.exe
  2⤵
  PID:6392
- C:\Windows\System\Iycbyqr.exe
  C:\Windows\System\Iycbyqr.exe
  2⤵
  PID:7424
- C:\Windows\System\hirDvqR.exe
  C:\Windows\System\hirDvqR.exe
  2⤵
  PID:7192
- C:\Windows\System\XlsfcVS.exe
  C:\Windows\System\XlsfcVS.exe
  2⤵
  PID:7828
- C:\Windows\System\zUmogSy.exe
  C:\Windows\System\zUmogSy.exe
  2⤵
  PID:7224
- C:\Windows\System\GbgRKtG.exe
  C:\Windows\System\GbgRKtG.exe
  2⤵
  PID:6360
- C:\Windows\System\LzFmmUf.exe
  C:\Windows\System\LzFmmUf.exe
  2⤵
  PID:6408
- C:\Windows\System\SFXgnWp.exe
  C:\Windows\System\SFXgnWp.exe
  2⤵
  PID:7496
- C:\Windows\System\rMxTMbR.exe
  C:\Windows\System\rMxTMbR.exe
  2⤵
  PID:7200
- C:\Windows\System\IanySNx.exe
  C:\Windows\System\IanySNx.exe
  2⤵
  PID:7580
- C:\Windows\System\HjIhEwA.exe
  C:\Windows\System\HjIhEwA.exe
  2⤵
  PID:8156
- C:\Windows\System\rnuWzFx.exe
  C:\Windows\System\rnuWzFx.exe
  2⤵
  PID:8136
- C:\Windows\System\vuhoTbj.exe
  C:\Windows\System\vuhoTbj.exe
  2⤵
  PID:7556
- C:\Windows\System\QWGJBEO.exe
  C:\Windows\System\QWGJBEO.exe
  2⤵
  PID:8008
- C:\Windows\System\NZofqeB.exe
  C:\Windows\System\NZofqeB.exe
  2⤵
  PID:7972
- C:\Windows\System\hMzotNY.exe
  C:\Windows\System\hMzotNY.exe
  2⤵
  PID:7296
- C:\Windows\System\wNwBxOD.exe
  C:\Windows\System\wNwBxOD.exe
  2⤵
  PID:8060
- C:\Windows\System\YrkCoff.exe
  C:\Windows\System\YrkCoff.exe
  2⤵
  PID:6988
- C:\Windows\System\othXFDx.exe
  C:\Windows\System\othXFDx.exe
  2⤵
  PID:7196
- C:\Windows\System\GpXvIfF.exe
  C:\Windows\System\GpXvIfF.exe
  2⤵
  PID:7984
- C:\Windows\System\mISPEZw.exe
  C:\Windows\System\mISPEZw.exe
  2⤵
  PID:7024
- C:\Windows\System\MyLIoRC.exe
  C:\Windows\System\MyLIoRC.exe
  2⤵
  PID:7808
- C:\Windows\System\HjboIkD.exe
  C:\Windows\System\HjboIkD.exe
  2⤵
  PID:7552
- C:\Windows\System\vbbWrTV.exe
  C:\Windows\System\vbbWrTV.exe
  2⤵
  PID:8064
- C:\Windows\System\jqqXWxS.exe
  C:\Windows\System\jqqXWxS.exe
  2⤵
  PID:7180
- C:\Windows\System\AkNWMAT.exe
  C:\Windows\System\AkNWMAT.exe
  2⤵
  PID:7164
- C:\Windows\System\upmwOZT.exe
  C:\Windows\System\upmwOZT.exe
  2⤵
  PID:8208
- C:\Windows\System\YlKegeE.exe
  C:\Windows\System\YlKegeE.exe
  2⤵
  PID:8224
- C:\Windows\System\vGnvAir.exe
  C:\Windows\System\vGnvAir.exe
  2⤵
  PID:8240
- C:\Windows\System\agGKqWw.exe
  C:\Windows\System\agGKqWw.exe
  2⤵
  PID:8256
- C:\Windows\System\YfLjfJJ.exe
  C:\Windows\System\YfLjfJJ.exe
  2⤵
  PID:8272
- C:\Windows\System\MUBdhHq.exe
  C:\Windows\System\MUBdhHq.exe
  2⤵
  PID:8288
- C:\Windows\System\Jbkdxzi.exe
  C:\Windows\System\Jbkdxzi.exe
  2⤵
  PID:8304
- C:\Windows\System\elZHSFA.exe
  C:\Windows\System\elZHSFA.exe
  2⤵
  PID:8320
- C:\Windows\System\ZGLKsWJ.exe
  C:\Windows\System\ZGLKsWJ.exe
  2⤵
  PID:8336
- C:\Windows\System\oSzxxgU.exe
  C:\Windows\System\oSzxxgU.exe
  2⤵
  PID:8352
- C:\Windows\System\xeFGswe.exe
  C:\Windows\System\xeFGswe.exe
  2⤵
  PID:8368
- C:\Windows\System\KFgFBVJ.exe
  C:\Windows\System\KFgFBVJ.exe
  2⤵
  PID:8384
- C:\Windows\System\CsOfbws.exe
  C:\Windows\System\CsOfbws.exe
  2⤵
  PID:8400
- C:\Windows\System\nFAhQXx.exe
  C:\Windows\System\nFAhQXx.exe
  2⤵
  PID:8420
- C:\Windows\System\iOoIgMM.exe
  C:\Windows\System\iOoIgMM.exe
  2⤵
  PID:8436
- C:\Windows\System\dwFuAfc.exe
  C:\Windows\System\dwFuAfc.exe
  2⤵
  PID:8452
- C:\Windows\System\TedJfNH.exe
  C:\Windows\System\TedJfNH.exe
  2⤵
  PID:8468
- C:\Windows\System\oySbZpa.exe
  C:\Windows\System\oySbZpa.exe
  2⤵
  PID:8488
- C:\Windows\System\StZknDc.exe
  C:\Windows\System\StZknDc.exe
  2⤵
  PID:8508
- C:\Windows\System\XDdlCWm.exe
  C:\Windows\System\XDdlCWm.exe
  2⤵
  PID:8524
- C:\Windows\System\XgntlVs.exe
  C:\Windows\System\XgntlVs.exe
  2⤵
  PID:8540
- C:\Windows\System\crUnYsh.exe
  C:\Windows\System\crUnYsh.exe
  2⤵
  PID:8560
- C:\Windows\System\jkJdXTb.exe
  C:\Windows\System\jkJdXTb.exe
  2⤵
  PID:8576
- C:\Windows\System\KZRZnvW.exe
  C:\Windows\System\KZRZnvW.exe
  2⤵
  PID:8616
- C:\Windows\System\gwHUlEJ.exe
  C:\Windows\System\gwHUlEJ.exe
  2⤵
  PID:8632
- C:\Windows\System\RJACdvm.exe
  C:\Windows\System\RJACdvm.exe
  2⤵
  PID:8648
- C:\Windows\System\FkLTLTn.exe
  C:\Windows\System\FkLTLTn.exe
  2⤵
  PID:8664
- C:\Windows\System\spAgAoX.exe
  C:\Windows\System\spAgAoX.exe
  2⤵
  PID:8680
- C:\Windows\System\KYdOgZy.exe
  C:\Windows\System\KYdOgZy.exe
  2⤵
  PID:8696
- C:\Windows\System\pzuwpMh.exe
  C:\Windows\System\pzuwpMh.exe
  2⤵
  PID:8712
- C:\Windows\System\HiehzDP.exe
  C:\Windows\System\HiehzDP.exe
  2⤵
  PID:8728
- C:\Windows\System\BqEnodo.exe
  C:\Windows\System\BqEnodo.exe
  2⤵
  PID:8744
- C:\Windows\System\vJOkqGo.exe
  C:\Windows\System\vJOkqGo.exe
  2⤵
  PID:8760
- C:\Windows\System\mkWyXkP.exe
  C:\Windows\System\mkWyXkP.exe
  2⤵
  PID:8780
- C:\Windows\System\XoArXga.exe
  C:\Windows\System\XoArXga.exe
  2⤵
  PID:8796
- C:\Windows\System\UDMBmMR.exe
  C:\Windows\System\UDMBmMR.exe
  2⤵
  PID:8812
- C:\Windows\System\sbyRwiN.exe
  C:\Windows\System\sbyRwiN.exe
  2⤵
  PID:8828
- C:\Windows\System\hEehvMQ.exe
  C:\Windows\System\hEehvMQ.exe
  2⤵
  PID:8844
- C:\Windows\System\fkrqqIJ.exe
  C:\Windows\System\fkrqqIJ.exe
  2⤵
  PID:8860
- C:\Windows\System\UDOmUjt.exe
  C:\Windows\System\UDOmUjt.exe
  2⤵
  PID:8876
- C:\Windows\System\ipSVpdQ.exe
  C:\Windows\System\ipSVpdQ.exe
  2⤵
  PID:8892
- C:\Windows\System\swHPbHe.exe
  C:\Windows\System\swHPbHe.exe
  2⤵
  PID:8908
- C:\Windows\System\DPfvmSL.exe
  C:\Windows\System\DPfvmSL.exe
  2⤵
  PID:8924
- C:\Windows\System\bzuyzdI.exe
  C:\Windows\System\bzuyzdI.exe
  2⤵
  PID:8944
- C:\Windows\System\jJvycAO.exe
  C:\Windows\System\jJvycAO.exe
  2⤵
  PID:8960
- C:\Windows\System\hxtyBlD.exe
  C:\Windows\System\hxtyBlD.exe
  2⤵
  PID:8980
- C:\Windows\System\fQAatxu.exe
  C:\Windows\System\fQAatxu.exe
  2⤵
  PID:9016
- C:\Windows\System\qwVaAxF.exe
  C:\Windows\System\qwVaAxF.exe
  2⤵
  PID:9064
- C:\Windows\System\eYeZQfX.exe
  C:\Windows\System\eYeZQfX.exe
  2⤵
  PID:7236
- C:\Windows\System\eUNdHvy.exe
  C:\Windows\System\eUNdHvy.exe
  2⤵
  PID:8264
- C:\Windows\System\gbmrlOu.exe
  C:\Windows\System\gbmrlOu.exe
  2⤵
  PID:8328
- C:\Windows\System\qtGeaVY.exe
  C:\Windows\System\qtGeaVY.exe
  2⤵
  PID:7252
- C:\Windows\System\OZGEYSR.exe
  C:\Windows\System\OZGEYSR.exe
  2⤵
  PID:8160
- C:\Windows\System\fSEnvyv.exe
  C:\Windows\System\fSEnvyv.exe
  2⤵
  PID:8216
- C:\Windows\System\sSGxyHo.exe
  C:\Windows\System\sSGxyHo.exe
  2⤵
  PID:8284
- C:\Windows\System\NHJSRIn.exe
  C:\Windows\System\NHJSRIn.exe
  2⤵
  PID:8360
- C:\Windows\System\sEgewSr.exe
  C:\Windows\System\sEgewSr.exe
  2⤵
  PID:8348
- C:\Windows\System\xnzEWJI.exe
  C:\Windows\System\xnzEWJI.exe
  2⤵
  PID:8380
- C:\Windows\System\WaIuTHV.exe
  C:\Windows\System\WaIuTHV.exe
  2⤵
  PID:8432
- C:\Windows\System\ByvXriA.exe
  C:\Windows\System\ByvXriA.exe
  2⤵
  PID:8448
- C:\Windows\System\ZKxPqWd.exe
  C:\Windows\System\ZKxPqWd.exe
  2⤵
  PID:8484
- C:\Windows\System\SWbdESs.exe
  C:\Windows\System\SWbdESs.exe
  2⤵
  PID:8548
- C:\Windows\System\wlBWcnK.exe
  C:\Windows\System\wlBWcnK.exe
  2⤵
  PID:8536
- C:\Windows\System\jGHXKMp.exe
  C:\Windows\System\jGHXKMp.exe
  2⤵
  PID:8588
- C:\Windows\System\IqmSUFy.exe
  C:\Windows\System\IqmSUFy.exe
  2⤵
  PID:8624
- C:\Windows\System\IPIDATi.exe
  C:\Windows\System\IPIDATi.exe
  2⤵
  PID:8688
- C:\Windows\System\LYQBnqk.exe
  C:\Windows\System\LYQBnqk.exe
  2⤵
  PID:8672
- C:\Windows\System\lshlvBM.exe
  C:\Windows\System\lshlvBM.exe
  2⤵
  PID:8756
- C:\Windows\System\oxPDnTa.exe
  C:\Windows\System\oxPDnTa.exe
  2⤵
  PID:8792
- C:\Windows\System\NojMZPl.exe
  C:\Windows\System\NojMZPl.exe
  2⤵
  PID:8820
- C:\Windows\System\yGxBaKU.exe
  C:\Windows\System\yGxBaKU.exe
  2⤵
  PID:8852
- C:\Windows\System\OXCJwHf.exe
  C:\Windows\System\OXCJwHf.exe
  2⤵
  PID:8836
- C:\Windows\System\Zqxgqgh.exe
  C:\Windows\System\Zqxgqgh.exe
  2⤵
  PID:8888
- C:\Windows\System\HdcbWTA.exe
  C:\Windows\System\HdcbWTA.exe
  2⤵
  PID:8872
- C:\Windows\System\OIPyMXZ.exe
  C:\Windows\System\OIPyMXZ.exe
  2⤵
  PID:8936
- C:\Windows\System\cckUlxW.exe
  C:\Windows\System\cckUlxW.exe
  2⤵
  PID:8976
- C:\Windows\System\pmnnIRf.exe
  C:\Windows\System\pmnnIRf.exe
  2⤵
  PID:9024
- C:\Windows\System\kJBBqkL.exe
  C:\Windows\System\kJBBqkL.exe
  2⤵
  PID:9008
- C:\Windows\System\iOdtbuM.exe
  C:\Windows\System\iOdtbuM.exe
  2⤵
  PID:9040
- C:\Windows\System\XIUSzvC.exe
  C:\Windows\System\XIUSzvC.exe
  2⤵
  PID:9056
- C:\Windows\System\YNxzmBB.exe
  C:\Windows\System\YNxzmBB.exe
  2⤵
  PID:9076
- C:\Windows\System\zgoeKaQ.exe
  C:\Windows\System\zgoeKaQ.exe
  2⤵
  PID:9100
- C:\Windows\System\WihFBMH.exe
  C:\Windows\System\WihFBMH.exe
  2⤵
  PID:9116
- C:\Windows\System\VjWdVtV.exe
  C:\Windows\System\VjWdVtV.exe
  2⤵
  PID:9132
- C:\Windows\System\IKVOQoS.exe
  C:\Windows\System\IKVOQoS.exe
  2⤵
  PID:9148
- C:\Windows\System\voWUcky.exe
  C:\Windows\System\voWUcky.exe
  2⤵
  PID:9168
- C:\Windows\System\zWTdpvg.exe
  C:\Windows\System\zWTdpvg.exe
  2⤵
  PID:9184
- C:\Windows\System\lFIsvRi.exe
  C:\Windows\System\lFIsvRi.exe
  2⤵
  PID:9200
- C:\Windows\System\HQrWlGM.exe
  C:\Windows\System\HQrWlGM.exe
  2⤵
  PID:8204
- C:\Windows\System\mOtlnhQ.exe
  C:\Windows\System\mOtlnhQ.exe
  2⤵
  PID:9096
- C:\Windows\System\BAiPhRr.exe
  C:\Windows\System\BAiPhRr.exe
  2⤵
  PID:8300
- C:\Windows\System\ydKBVRQ.exe
  C:\Windows\System\ydKBVRQ.exe
  2⤵
  PID:9080
- C:\Windows\System\nTesiZE.exe
  C:\Windows\System\nTesiZE.exe
  2⤵
  PID:8412
- C:\Windows\System\SzlNNok.exe
  C:\Windows\System\SzlNNok.exe
  2⤵
  PID:8220
- C:\Windows\System\NcYqjVW.exe
  C:\Windows\System\NcYqjVW.exe
  2⤵
  PID:8332
- C:\Windows\System\YXDRARU.exe
  C:\Windows\System\YXDRARU.exe
  2⤵
  PID:8444
- C:\Windows\System\HRAQmyi.exe
  C:\Windows\System\HRAQmyi.exe
  2⤵
  PID:8572
- C:\Windows\System\FfETfHW.exe
  C:\Windows\System\FfETfHW.exe
  2⤵
  PID:8552
- C:\Windows\System\FzgcqGU.exe
  C:\Windows\System\FzgcqGU.exe
  2⤵
  PID:8608
- C:\Windows\System\jszhsxR.exe
  C:\Windows\System\jszhsxR.exe
  2⤵
  PID:8736
- C:\Windows\System\lqSahcz.exe
  C:\Windows\System\lqSahcz.exe
  2⤵
  PID:8840
- C:\Windows\System\gLVRofZ.exe
  C:\Windows\System\gLVRofZ.exe
  2⤵
  PID:8660
- C:\Windows\System\EEMFkqI.exe
  C:\Windows\System\EEMFkqI.exe
  2⤵
  PID:8752
- C:\Windows\System\GcnvBas.exe
  C:\Windows\System\GcnvBas.exe
  2⤵
  PID:8920
- C:\Windows\System\OuNSwhE.exe
  C:\Windows\System\OuNSwhE.exe
  2⤵
  PID:8972
- C:\Windows\System\cpuIGjt.exe
  C:\Windows\System\cpuIGjt.exe
  2⤵
  PID:9032
- C:\Windows\System\JDyEocM.exe
  C:\Windows\System\JDyEocM.exe
  2⤵
  PID:9052
- C:\Windows\System\nJgbVhE.exe
  C:\Windows\System\nJgbVhE.exe
  2⤵
  PID:9048
- C:\Windows\System\AjzlZbF.exe
  C:\Windows\System\AjzlZbF.exe
  2⤵
  PID:5116
- C:\Windows\System\MVUmaHx.exe
  C:\Windows\System\MVUmaHx.exe
  2⤵
  PID:9156
- C:\Windows\System\ZTMhrQu.exe
  C:\Windows\System\ZTMhrQu.exe
  2⤵
  PID:9084
- C:\Windows\System\onyfFMh.exe
  C:\Windows\System\onyfFMh.exe
  2⤵
  PID:8236
- C:\Windows\System\sPIhVzk.exe
  C:\Windows\System\sPIhVzk.exe
  2⤵
  PID:9112
- C:\Windows\System\ZLwvMrJ.exe
  C:\Windows\System\ZLwvMrJ.exe
  2⤵
  PID:8132
- C:\Windows\System\nklUDko.exe
  C:\Windows\System\nklUDko.exe
  2⤵
  PID:6268
- C:\Windows\System\kGHjNmc.exe
  C:\Windows\System\kGHjNmc.exe
  2⤵
  PID:8464
- C:\Windows\System\kAFCJcS.exe
  C:\Windows\System\kAFCJcS.exe
  2⤵
  PID:8804
- C:\Windows\System\LRLkUxW.exe
  C:\Windows\System\LRLkUxW.exe
  2⤵
  PID:8556
- C:\Windows\System\QdkChJX.exe
  C:\Windows\System\QdkChJX.exe
  2⤵
  PID:8884
- C:\Windows\System\DUIzBzr.exe
  C:\Windows\System\DUIzBzr.exe
  2⤵
  PID:9072
- C:\Windows\System\XJgsJmL.exe
  C:\Windows\System\XJgsJmL.exe
  2⤵
  PID:8996
- C:\Windows\System\zvGcajR.exe
  C:\Windows\System\zvGcajR.exe
  2⤵
  PID:9088
- C:\Windows\System\LUlaikv.exe
  C:\Windows\System\LUlaikv.exe
  2⤵
  PID:8396
- C:\Windows\System\JJvhvDp.exe
  C:\Windows\System\JJvhvDp.exe
  2⤵
  PID:8248
- C:\Windows\System\YiVoUmT.exe
  C:\Windows\System\YiVoUmT.exe
  2⤵
  PID:4112
- C:\Windows\System\CNJNYAL.exe
  C:\Windows\System\CNJNYAL.exe
  2⤵
  PID:9164
- C:\Windows\System\kOFBGBg.exe
  C:\Windows\System\kOFBGBg.exe
  2⤵
  PID:9192
- C:\Windows\System\Hhvlfgn.exe
  C:\Windows\System\Hhvlfgn.exe
  2⤵
  PID:8604
- C:\Windows\System\aKigHmM.exe
  C:\Windows\System\aKigHmM.exe
  2⤵
  PID:8568
- C:\Windows\System\royhcwv.exe
  C:\Windows\System\royhcwv.exe
  2⤵
  PID:9176
- C:\Windows\System\cKUspeh.exe
  C:\Windows\System\cKUspeh.exe
  2⤵
  PID:9228
- C:\Windows\System\fjVNRoZ.exe
  C:\Windows\System\fjVNRoZ.exe
  2⤵
  PID:9244
- C:\Windows\System\ersdSYi.exe
  C:\Windows\System\ersdSYi.exe
  2⤵
  PID:9260
- C:\Windows\System\xqkMEsY.exe
  C:\Windows\System\xqkMEsY.exe
  2⤵
  PID:9276
- C:\Windows\System\uHhkMeR.exe
  C:\Windows\System\uHhkMeR.exe
  2⤵
  PID:9300
- C:\Windows\System\ukxldnm.exe
  C:\Windows\System\ukxldnm.exe
  2⤵
  PID:9316
- C:\Windows\System\kBwVOSG.exe
  C:\Windows\System\kBwVOSG.exe
  2⤵
  PID:9332
- C:\Windows\System\kemNYbV.exe
  C:\Windows\System\kemNYbV.exe
  2⤵
  PID:9352
- C:\Windows\System\wGjvOwU.exe
  C:\Windows\System\wGjvOwU.exe
  2⤵
  PID:9396
- C:\Windows\System\KhMzWxB.exe
  C:\Windows\System\KhMzWxB.exe
  2⤵
  PID:9412
- C:\Windows\System\ENeUppG.exe
  C:\Windows\System\ENeUppG.exe
  2⤵
  PID:9428
- C:\Windows\System\WNLQTAd.exe
  C:\Windows\System\WNLQTAd.exe
  2⤵
  PID:9444
- C:\Windows\System\mgHSgtD.exe
  C:\Windows\System\mgHSgtD.exe
  2⤵
  PID:9464
- C:\Windows\System\uJmkuhk.exe
  C:\Windows\System\uJmkuhk.exe
  2⤵
  PID:9480
- C:\Windows\System\LQZQhkp.exe
  C:\Windows\System\LQZQhkp.exe
  2⤵
  PID:9496
- C:\Windows\System\tpDIrfQ.exe
  C:\Windows\System\tpDIrfQ.exe
  2⤵
  PID:9512
- C:\Windows\System\fUHBibF.exe
  C:\Windows\System\fUHBibF.exe
  2⤵
  PID:9528
- C:\Windows\System\uWOaMNq.exe
  C:\Windows\System\uWOaMNq.exe
  2⤵
  PID:9544
- C:\Windows\System\ukGBPec.exe
  C:\Windows\System\ukGBPec.exe
  2⤵
  PID:9560
- C:\Windows\System\TePVnqX.exe
  C:\Windows\System\TePVnqX.exe
  2⤵
  PID:9576
- C:\Windows\System\WmhWhak.exe
  C:\Windows\System\WmhWhak.exe
  2⤵
  PID:9592
- C:\Windows\System\WivYPRG.exe
  C:\Windows\System\WivYPRG.exe
  2⤵
  PID:9612
- C:\Windows\System\ernAHox.exe
  C:\Windows\System\ernAHox.exe
  2⤵
  PID:9628
- C:\Windows\System\BuevhYU.exe
  C:\Windows\System\BuevhYU.exe
  2⤵
  PID:9644
- C:\Windows\System\jRcQldy.exe
  C:\Windows\System\jRcQldy.exe
  2⤵
  PID:9660
- C:\Windows\System\YHgdUPg.exe
  C:\Windows\System\YHgdUPg.exe
  2⤵
  PID:9676
- C:\Windows\System\NzNrPmO.exe
  C:\Windows\System\NzNrPmO.exe
  2⤵
  PID:9724
- C:\Windows\System\cSWUhfP.exe
  C:\Windows\System\cSWUhfP.exe
  2⤵
  PID:9756
- C:\Windows\System\vdlncLL.exe
  C:\Windows\System\vdlncLL.exe
  2⤵
  PID:9772
- C:\Windows\System\kMoMiYE.exe
  C:\Windows\System\kMoMiYE.exe
  2⤵
  PID:9788
- C:\Windows\System\GJGnUrX.exe
  C:\Windows\System\GJGnUrX.exe
  2⤵
  PID:10000
- C:\Windows\System\UuyEsfY.exe
  C:\Windows\System\UuyEsfY.exe
  2⤵
  PID:10032
- C:\Windows\System\RSTOYeF.exe
  C:\Windows\System\RSTOYeF.exe
  2⤵
  PID:10060
- C:\Windows\System\pxHInzo.exe
  C:\Windows\System\pxHInzo.exe
  2⤵
  PID:10100
- C:\Windows\System\LrMMhsK.exe
  C:\Windows\System\LrMMhsK.exe
  2⤵
  PID:10140
- C:\Windows\System\LCXmgoa.exe
  C:\Windows\System\LCXmgoa.exe
  2⤵
  PID:10168
- C:\Windows\System\gexkqgW.exe
  C:\Windows\System\gexkqgW.exe
  2⤵
  PID:10204
- C:\Windows\System\pieiGAD.exe
  C:\Windows\System\pieiGAD.exe
  2⤵
  PID:10232
- C:\Windows\System\dLXbRtf.exe
  C:\Windows\System\dLXbRtf.exe
  2⤵
  PID:8968
- C:\Windows\System\PyyALnh.exe
  C:\Windows\System\PyyALnh.exe
  2⤵
  PID:9224
- C:\Windows\System\YMfDIJZ.exe
  C:\Windows\System\YMfDIJZ.exe
  2⤵
  PID:9252
- C:\Windows\System\beqzUOi.exe
  C:\Windows\System\beqzUOi.exe
  2⤵
  PID:9292
- C:\Windows\System\ijwYlgZ.exe
  C:\Windows\System\ijwYlgZ.exe
  2⤵
  PID:9268
- C:\Windows\System\hyujHwE.exe
  C:\Windows\System\hyujHwE.exe
  2⤵
  PID:9344
- C:\Windows\System\yEzsrLv.exe
  C:\Windows\System\yEzsrLv.exe
  2⤵
  PID:9384
- C:\Windows\System\QaoyKiV.exe
  C:\Windows\System\QaoyKiV.exe
  2⤵
  PID:9424
- C:\Windows\System\xFOciLj.exe
  C:\Windows\System\xFOciLj.exe
  2⤵
  PID:9488
- C:\Windows\System\ClCpGyu.exe
  C:\Windows\System\ClCpGyu.exe
  2⤵
  PID:9524
- C:\Windows\System\bGuqbAb.exe
  C:\Windows\System\bGuqbAb.exe
  2⤵
  PID:9536
- C:\Windows\System\NqkrWhW.exe
  C:\Windows\System\NqkrWhW.exe
  2⤵
  PID:9600
- C:\Windows\System\XRjCxtC.exe
  C:\Windows\System\XRjCxtC.exe
  2⤵
  PID:9640
- C:\Windows\System\AtpfIHl.exe
  C:\Windows\System\AtpfIHl.exe
  2⤵
  PID:9668
- C:\Windows\System\mfyZVHU.exe
  C:\Windows\System\mfyZVHU.exe
  2⤵
  PID:9696
- C:\Windows\System\OFBzswn.exe
  C:\Windows\System\OFBzswn.exe
  2⤵
  PID:9712
- C:\Windows\System\NloKPXp.exe
  C:\Windows\System\NloKPXp.exe
  2⤵
  PID:9736
- C:\Windows\System\IeakYnE.exe
  C:\Windows\System\IeakYnE.exe
  2⤵
  PID:9752
- C:\Windows\System\pPvQIbM.exe
  C:\Windows\System\pPvQIbM.exe
  2⤵
  PID:9796
- C:\Windows\System\cTvkRFM.exe
  C:\Windows\System\cTvkRFM.exe
  2⤵
  PID:9804
- C:\Windows\System\tKbeNJK.exe
  C:\Windows\System\tKbeNJK.exe
  2⤵
  PID:9824
- C:\Windows\System\CBBvMJT.exe
  C:\Windows\System\CBBvMJT.exe
  2⤵
  PID:9844
- C:\Windows\System\rqgQqrc.exe
  C:\Windows\System\rqgQqrc.exe
  2⤵
  PID:9860
- C:\Windows\System\cwNlHSd.exe
  C:\Windows\System\cwNlHSd.exe
  2⤵
  PID:9880
- C:\Windows\System\rhepnHH.exe
  C:\Windows\System\rhepnHH.exe
  2⤵
  PID:9900
- C:\Windows\System\FsvSBep.exe
  C:\Windows\System\FsvSBep.exe
  2⤵
  PID:9924
- C:\Windows\System\eexFOMb.exe
  C:\Windows\System\eexFOMb.exe
  2⤵
  PID:9944
- C:\Windows\System\BNBIJJx.exe
  C:\Windows\System\BNBIJJx.exe
  2⤵
  PID:9960
- C:\Windows\System\MGfYkoP.exe
  C:\Windows\System\MGfYkoP.exe
  2⤵
  PID:9964
- C:\Windows\System\FEjayxL.exe
  C:\Windows\System\FEjayxL.exe
  2⤵
  PID:9992
- C:\Windows\System\xOazbqT.exe
  C:\Windows\System\xOazbqT.exe
  2⤵
  PID:10024
- C:\Windows\System\HeXvMnl.exe
  C:\Windows\System\HeXvMnl.exe
  2⤵
  PID:10052
- C:\Windows\System\TbLqXwS.exe
  C:\Windows\System\TbLqXwS.exe
  2⤵
  PID:10076
- C:\Windows\System\RhHzobp.exe
  C:\Windows\System\RhHzobp.exe
  2⤵
  PID:10092
- C:\Windows\System\sFpWssc.exe
  C:\Windows\System\sFpWssc.exe
  2⤵
  PID:10116
- C:\Windows\System\CVcJDWO.exe
  C:\Windows\System\CVcJDWO.exe
  2⤵
  PID:10148
- C:\Windows\System\JpTywgZ.exe
  C:\Windows\System\JpTywgZ.exe
  2⤵
  PID:10160
- C:\Windows\System\RzQQvKs.exe
  C:\Windows\System\RzQQvKs.exe
  2⤵
  PID:10192
- C:\Windows\System\lUYnmhz.exe
  C:\Windows\System\lUYnmhz.exe
  2⤵
  PID:9692
- C:\Windows\System\fXagQSP.exe
  C:\Windows\System\fXagQSP.exe
  2⤵
  PID:10224
- C:\Windows\System\OFBpNJv.exe
  C:\Windows\System\OFBpNJv.exe
  2⤵
  PID:8904
- C:\Windows\System\yguSylW.exe
  C:\Windows\System\yguSylW.exe
  2⤵
  PID:9284
- C:\Windows\System\hfTmOgo.exe
  C:\Windows\System\hfTmOgo.exe
  2⤵
  PID:9308
- C:\Windows\System\TDDOpRS.exe
  C:\Windows\System\TDDOpRS.exe
  2⤵
  PID:9368
- C:\Windows\System\yHlZdCf.exe
  C:\Windows\System\yHlZdCf.exe
  2⤵
  PID:9348
- C:\Windows\System\tsdZczU.exe
  C:\Windows\System\tsdZczU.exe
  2⤵
  PID:9504
- C:\Windows\System\oarlhLj.exe
  C:\Windows\System\oarlhLj.exe
  2⤵
  PID:9684
- C:\Windows\System\TMrGJMm.exe
  C:\Windows\System\TMrGJMm.exe
  2⤵
  PID:9808
- C:\Windows\System\XUDaJvw.exe
  C:\Windows\System\XUDaJvw.exe
  2⤵
  PID:9932
- C:\Windows\System\wMUIpvG.exe
  C:\Windows\System\wMUIpvG.exe
  2⤵
  PID:10012
- C:\Windows\System\iuzmVzp.exe
  C:\Windows\System\iuzmVzp.exe
  2⤵
  PID:10056
- C:\Windows\System\MUuhUtt.exe
  C:\Windows\System\MUuhUtt.exe
  2⤵
  PID:10112
- C:\Windows\System\oQrAwfJ.exe
  C:\Windows\System\oQrAwfJ.exe
  2⤵
  PID:9916
- C:\Windows\System\MPeVApL.exe
  C:\Windows\System\MPeVApL.exe
  2⤵
  PID:9912
- C:\Windows\System\IUPnLmG.exe
  C:\Windows\System\IUPnLmG.exe
  2⤵
  PID:9716
- C:\Windows\System\SSDFklp.exe
  C:\Windows\System\SSDFklp.exe
  2⤵
  PID:9836
- C:\Windows\System\daJyyBp.exe
  C:\Windows\System\daJyyBp.exe
  2⤵
  PID:9952
- C:\Windows\System\SmvFirH.exe
  C:\Windows\System\SmvFirH.exe
  2⤵
  PID:10044
- C:\Windows\System\Jpfxkyj.exe
  C:\Windows\System\Jpfxkyj.exe
  2⤵
  PID:10180
- C:\Windows\System\vXbjHBx.exe
  C:\Windows\System\vXbjHBx.exe
  2⤵
  PID:8644
- C:\Windows\System\VotAtfg.exe
  C:\Windows\System\VotAtfg.exe
  2⤵
  PID:9376
- C:\Windows\System\syjFgQz.exe
  C:\Windows\System\syjFgQz.exe
  2⤵
  PID:9404
- C:\Windows\System\bvKzSSB.exe
  C:\Windows\System\bvKzSSB.exe
  2⤵
  PID:9456
- C:\Windows\System\ZBuapka.exe
  C:\Windows\System\ZBuapka.exe
  2⤵
  PID:9212
- C:\Windows\System\DVWUWmz.exe
  C:\Windows\System\DVWUWmz.exe
  2⤵
  PID:9588
- C:\Windows\System\eFmzZjg.exe
  C:\Windows\System\eFmzZjg.exe
  2⤵
  PID:9768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AtoUECF.exe

Filesize
6.0MB

MD5
eba7a04bcba6b25338866adf6f91e6a0

SHA1
7d7b139addb266c4bf1acdb75bf8a2486f049ef0

SHA256
bdf1db789b14c3a7d26ec17b90d3908e42b7717dd619f2559dbb7b16459acfcf

SHA512
a8f7c32c32a51156464e8941a1b2d7dcd5a60f0073d7311ddb18e8ecaa770b2f8d9e409962d32c1270d9e4036da0e98dd8ac10f4a5a8b1115f414a159d1c2141

Download Submit
C:\Windows\system\DNBQBNV.exe

Filesize
6.0MB

MD5
601515aec167087951706a1f69ca15aa

SHA1
e40e1c4267500491e9e636a6030eb7512f718e28

SHA256
8834d75a610fb2ed5c6657d9421113c97bcaf470d20d91e60bea8275e76d7b75

SHA512
4baf1672a8c3ec97a7b80faa06305ccf0a911b9367fff52468754e72c96b9924b383a74d494f427f1fceadbd70d2110eb78067c797ce90b328f0d7d95f682704

Download Submit
C:\Windows\system\FqjSUNE.exe

Filesize
6.0MB

MD5
fca08a5b3709f2b5781ddc282a0448de

SHA1
73b650355e9e07cd8ccac3ea47ff0d1897b61f60

SHA256
2e904ace82d311eef20cbe79aa61e41e695d9b72ae146edf1f4a20a1070278a2

SHA512
8e52c6991aa5b3199fc5597629a1d45b1a2860dbd53da1a5e44342414a80bfc06c8d1f5501e05f3c4ad31ebde08d78eb15618548d68c6f60458c986021f69074

Download Submit
C:\Windows\system\HanhlDu.exe

Filesize
6.0MB

MD5
47a5c3e04e54fdb00db8ddee7cc7f6a1

SHA1
705593124b0f1db5e31c988eae7f28d9572d5e22

SHA256
e8876dca2ddad28f9370800ad37d026be119bd38923c8e7fe981f3bc088f6e60

SHA512
8530faf69e9a57aea6e386ac15a0225458a9a9b0edb7be235bd9d6c06acbabcc6055dfc2003dd8d3e0a2a3f133ebf1e043e4b6e2105f075d149da33a797a5fe9

Download Submit
C:\Windows\system\HqXKKdl.exe

Filesize
6.0MB

MD5
b911ee3835738b32b26ca40138649c24

SHA1
df146870ef7209c375b1cfa250c29794e4bb9d2a

SHA256
a120a43cd01e1fa0ad84e9794bcbcb2e75d896dd214ec10667ecf252e2faf61b

SHA512
0a9008b163af1dfb9afd6cef315e7d9a66c1f7f793b2ded650671a709e14015057d58fcdbe2a51149e6e6985b63f979367f1f5d5fe6c42e4cd12809e3c9ca0ae

Download Submit
C:\Windows\system\IaBApAX.exe

Filesize
6.0MB

MD5
1d625d97a815c3f401360385e98020f8

SHA1
381a33b8a9ee9eb76f6e53c25a971a1dba7e0e3d

SHA256
ad14ee9e59a31f05060763a15855505017c66207ef22301ac53ec6084f33770f

SHA512
3168edb2ad25749e94d1a3e354599cab92fb6306180ed65190bc70a4076b2e07a2e467e5e3d753ecf1bf6f5cbacda8df63f9c573d178e5a0e25f5796ed3c39d6

Download Submit
C:\Windows\system\LqxipHP.exe

Filesize
6.0MB

MD5
6d4dfad7757bc10dd627d61e71c83fef

SHA1
71949898da19a812f2dafc3a7d99365b76eb3aa2

SHA256
ae2a2b4ee4ea794160cc5635938074ca6f01843bf471eb9fd66d21e64ec8c4f2

SHA512
1ce3f30e1d7fa556620703e414729b1dd70fdec1cb221c50224d4cf1f02b7c6a202cb19e3f8bc33c5d1efc297ffc06b7b2a03b33aeab7bc71c0fff83ccccff6c

Download Submit
C:\Windows\system\MndieCd.exe

Filesize
6.0MB

MD5
e0c74a2236a1a3f1682511cc51522dfd

SHA1
548dbcccbc9307c127ccd7a98377f8cbb673b992

SHA256
17eb643bbde786d89d63b80160d3108ad9b378436060ec58e97486ade54e2fbc

SHA512
5ba16d867b69ad84663133d3bc6f7966d4e3ddcc12e3a18480a16fa8ceb34a0565df58acab94191c2eb078ce69e3be43813154fbedef5079137dee39f060b653

Download Submit
C:\Windows\system\PcKOrTt.exe

Filesize
6.0MB

MD5
2153989bb01c16fd8c6caea35a100217

SHA1
baa9b82d01b82dbebf9268d79e7e4462e1d91752

SHA256
4e173ada7e9be3c74793ab9b4206c462527a07e6a270cffae09edc047ecd10f4

SHA512
4b0aa2ee9521f3b327c2448780250e27b310f3ca7ad1400a3ca8d464e6c18af88b416228a0ee684ec330450abd01712e190602dd7d7336949840a8dfdd59e3bb

Download Submit
C:\Windows\system\RQSImXv.exe

Filesize
6.0MB

MD5
a91e7f642d9073157471b43c75a9dba9

SHA1
26ac10b27f94bca506ac9023d26ac2ff1ec710a6

SHA256
1e0d6408c6c4769945381daab012829c3bea8bb384668b7d2857cf6b6fd816d1

SHA512
1837e60d9a8160bc7920955d624ce8d19136d116a876ba1a44862190ddaf2461e1f413bd5f3227933d2130f875233729e5f00af2608129f96e3970b0743dd3aa

Download Submit
C:\Windows\system\TjVCPSm.exe

Filesize
6.0MB

MD5
e7d5829491ca6671f8edd590fc246c2f

SHA1
48ab16f6fbc6318b1ddea3004f11b2c056c465a4

SHA256
509f413e900384bca138f53eb1b7e1b727b701225a55e17a92e9e4b9d06e23a2

SHA512
5340fc62876df2869ce1a2310149580c9a71a13fdd04e77790beef31f44163a278caa05edafb901be4bc5c8ec398c0b80c301061137460a2f4a692bd58701dab

Download Submit
C:\Windows\system\UJixHvc.exe

Filesize
6.0MB

MD5
f3ef24f8a9127013ee0f80c447a05134

SHA1
f42f244fc92a378d1d104b9cf31701ad4fa11410

SHA256
e8d75e6c9e1cc1f6dbd28d056212622c862b4288ec8342a554daeb195b1480c1

SHA512
e4bac5e9d9f0b915a0cb71abd9b237315472594a53efafc78c2552e356904e08a1e2b797a8cfd2e843f2ceeded5aa494b1a1474cd11bff8ebcb631b31283c728

Download Submit
C:\Windows\system\XuYKjkC.exe

Filesize
6.0MB

MD5
8348898bf4c007625c2c327ff5c3e1c6

SHA1
aa4fc32bee6684d5e707e36054e5c2f768cde7b3

SHA256
044cb559e29537a3e19aba60513eaf8772a77994453fc7c3c38ddeb1321d6550

SHA512
1fec9787397d7303068c72f22d5c73768e8cc2096c271243e029d74680da20b7e860797d3be65f5d98cf1f06959e649f4263f30fd88728e0d51985d1de8cb30e

Download Submit
C:\Windows\system\ZyfCzxI.exe

Filesize
6.0MB

MD5
f6e73ea93c31181dd5c8a3a4100e1112

SHA1
64914c0c0afe2106a6f091b27b5d31600554b259

SHA256
455586b0fd425ea2d9be3277411814d9746d14ef89b360f59b086b820e8f22b2

SHA512
27f1746c833807d2708e84d8a8862dcdfaae29169ace2d6a4933b8c7e074c4acf0ee255b26cb908e3001be37892d40326f84bcb92454b908ae0579183f4797b6

Download Submit
C:\Windows\system\cicABXR.exe

Filesize
6.0MB

MD5
61583b71e3a950779fd72a8b8693147d

SHA1
0f1619b79483a0ce0d959cb3e840266dc1fd2fb5

SHA256
a28146c5c710c138c7ca10867ac510020aa052bbee2000074e9aabaafbcab402

SHA512
55a3d44d244a432ef3e74b2734ad5d02576cbabced011dea51ee08e17ca2fe8989247bedbc4d8c2109e11d98e004791c5d24c5bfab1386e51b2a192367cdf329

Download Submit
C:\Windows\system\czVEEpQ.exe

Filesize
6.0MB

MD5
d476f87c333355810eaa45ba77a82678

SHA1
1c8f4aacffe4ec8490c4ea13092d602af36aa88d

SHA256
0fd2f0e6130b0e5c8d0a272cded4975dc37f47246d8a918e825beb875dda821e

SHA512
f375c2b8653ecfc684ecaba0b19f974de05c83e7df524c10596321a9e509143bbf3dc63f5481b4800071c06e065db06e5d84890673ef95596996b285be068b08

Download Submit
C:\Windows\system\dFtDMip.exe

Filesize
6.0MB

MD5
a3521ef3ea99e2d1c1b473227b45d260

SHA1
6a6ad76baeeb4526c6345bbd0555ab8ba968d3ae

SHA256
4fe282de42e1dac00a63f1b073823dce656843b64483cb054a50d95c75f41e1a

SHA512
0c3861ca8d89e99e184a96abdd69b488509fd839ad648c8012cd13468524172efac3f2f1e281756fa7a09f38812b5829c381a61d932669fec0366f474172ff47

Download Submit
C:\Windows\system\dGNsoGs.exe

Filesize
6.0MB

MD5
9b3f30e7eea28bc601a890cb0323330d

SHA1
f16081a13d39ec97c71af230ce35bd9fa4641eb9

SHA256
0410ca090ac0ce8519b6257d542ccf03d8d0fb8a385490cba71fc6e674953aa9

SHA512
6d7f882f7798eb0027e2de0f14ef37362ed4c291debd9ee420bf04ba243e35b3b8dbe7c9344eeb05bf6df5f92e452e63891d2f4c3ac49d7e2d3d22d3aca72f62

Download Submit
C:\Windows\system\elMqajJ.exe

Filesize
6.0MB

MD5
db46f4673a3dfb5da8b4d66b32acd127

SHA1
73a466f7bbd677d0bce3b26a5d68d9c008a18a1f

SHA256
4764a2eeac24e2b5f15702769188fb917b773f85b0d31477981d58b0832f3b71

SHA512
cffeb607bfe9d331c8c9502ad17a21a87c86991e9db2d78d4cbce3ec6123b85aaf6f9e1edbf8081988e7797cc1ab4e12401cb3d024857f3204e7d14c0aa0c9d9

Download Submit
C:\Windows\system\kOaegzU.exe

Filesize
6.0MB

MD5
bcdcb052458450aa790da16e83fb6d83

SHA1
2a8d80742b33d98dddd9d4584716c8e4536437a0

SHA256
fe5adc86b0d281a33f12f15867e2ac5b74907b5ce35486d050ed44f5525b520e

SHA512
b3ed42e5523ed7d3b996843c42d53b8ff9167748f708d3786843e1de6ea203bfef84d1fdf15f47b078c48076378814d96c073dce15876825bf9b36380a104850

Download Submit
C:\Windows\system\myhkcAu.exe

Filesize
6.0MB

MD5
ceebfa7d9de57dcba34026175d8dea51

SHA1
399310275c4363baf20d4c3b76fa5132fac70c72

SHA256
a6d0f461cf17e81d1cdab585660f08ca4279cc5aea17b54d41f9531ae6e87a47

SHA512
6dab071ea3916c5824bb293233403aa375e0685210e2dfb1f67cb779d4b56c21b7a4b099ba9a4992a4e5709136ffcb3eeee7ea04d8791f7d1c81ae26e33f7b02

Download Submit
C:\Windows\system\oKXraMM.exe

Filesize
6.0MB

MD5
6ad8ee4678c376ef0dca0c87bd040b16

SHA1
1c8e3710a163369afaa787717d92dc125bd757e1

SHA256
d4c29045015c984f10f8a5d5443723772051b8d1416fc23c3379b2bf8ee65464

SHA512
df67030ec3f9fef26188d85740a7f50c6774d8c5bdfca48e63b2d52b55a7cd1e2a1c200c29faa8148da72ba8c2f18b31d019b93a753bedc04635efa9927e0f3a

Download Submit
C:\Windows\system\qsxRNnC.exe

Filesize
6.0MB

MD5
def8409078131a75a258cc8f40a32046

SHA1
86a301dc4f0c5e162adfc645b6b926401ec6e4c1

SHA256
6477d2f83203197e726bee333a0f2e9962c1aec5c9945ed7089c7684d136d435

SHA512
86862771d1c22d471ba564b5b6c025f892938411e17002532f40af4d5e138060e489b60ba1d5e7720457c98225115364e467a8801a2e42838a900f1a0ff3bcf2

Download Submit
C:\Windows\system\rkPpUBX.exe

Filesize
6.0MB

MD5
92529b0cd60a8c03994b6b2f194dec17

SHA1
ec9f9f0aac9693cc21a098a6c70a9e5380e3313d

SHA256
117ed8a7dc061226e07c28fc8591ccae53aaa4d9b2eba1060fbd2314fbb59afb

SHA512
24dff8ec4025923b8dfa2d6b04c1abff09cb2b9c37bae46158f3cce1d99f0586cb33390211f1487575024045d023a9cb2b74e5b0aaae1e678dd033d6f4628068

Download Submit
C:\Windows\system\velLhKZ.exe

Filesize
6.0MB

MD5
505f42f9d1bb7c79c1b4a2b4161658a9

SHA1
1c2f37b6a08f56bbb34d4cfba8b0ed57f446fe72

SHA256
55c7db202e97cb181c41a015fa5e51314f045f6e748065c3e52c3d54608e9cf7

SHA512
627973a13ab88cf84d506247a0813f64ae8b6d48823fd064c5c920d933870757e9c3f54fc5cccb478435e600b8b625e99020560339d11e1e2b7639d66332c544

Download Submit
C:\Windows\system\wTqcrOj.exe

Filesize
6.0MB

MD5
71419d122c468326888d1419364b49a5

SHA1
03e0e72221539f901ab9eaaba884ad072bc8ff04

SHA256
c22cd8ab08ce1bd249e514f5b703f7a8a95c5964b0c6297d29f0c19f8c625ed7

SHA512
d388527ca0dbbd8c7aa4052bb628077bc89f9e17b0c8d64f8d2ab31d99f92762b1ae1fec7bfbf08624785f90bbc12c7389371ffcfe12ccdee73f1d99e8562a43

Download Submit
\Windows\system\ADTTfdL.exe

Filesize
6.0MB

MD5
5825abac6fb26680e14ef83dbc059c23

SHA1
5f37240b7f7020dd7ff538d04258c23eafbb6308

SHA256
829ba6779c4ac95ff22108dd55345be69376a6d4ce1406ac49c598c4fe56d706

SHA512
1004415b5369c0a6d4a790f00db357acb8c7cea4f266d7d26c76cc1329f8624364847d077fcdbc46d677cb0a95479b27b24dba790076d98b61c2b627f1df3527

Download Submit
\Windows\system\UodBtbJ.exe

Filesize
6.0MB

MD5
f3630abe60a1a18e3d6ad8b68c027414

SHA1
c5922ced63822f7c8b5263f072e9a5794bb616c0

SHA256
cbe03f338b12a5e3769338f6708b3bf12d84e9ac0178e9b15029886fbc66e570

SHA512
70f01cf420ae4edfbbd055822217d677ffd3ef858945be7c530d80523fbcd8819a470fc2dc69b51cfa8b9b7e1c0c7bcefa99170334271c0fb8955922b362fa24

Download Submit
\Windows\system\ZHyzZvk.exe

Filesize
6.0MB

MD5
1864f3d163aca400deee520d031d7f72

SHA1
6247f4b0c07699f5cd7a62bdaaef5ae26f6f38a3

SHA256
98dbeed3cfbc863e77104fa96c292037b0b120e8bfe538ac27e7069d11e73d50

SHA512
932ec0ceafe0674ff9b222d0928dbfe86c8c956c5c0fc337ea8fd1e701ba4ddbd5080a9a22d0d38d3d2dbb5c6a4f3c493a4cfbf1b0bb04533d7903dcfa05fcb1

Download Submit
\Windows\system\nMwrGgR.exe

Filesize
6.0MB

MD5
01658f3f8c50b868b001d6521fbd17fa

SHA1
202e3539a85a41bed792986e102ac69dc5b105d8

SHA256
bee76a01f891af1128091e0b6e82851fa1aa1c3f293dda903cd2d79b059cd49e

SHA512
3918e045757bbb7c64667a5c5ed3e43b477758213d5f4717b0fb812629c8b4622404928221fcdfc1c40c64b237c4501488bf122cbcecc8cc50e283f8690fea2f

Download Submit
\Windows\system\nVYESKM.exe

Filesize
6.0MB

MD5
1d705094b2795961b8278473a52f8d95

SHA1
a36cf33fb061106f0ae6dc464f00fee586e060e0

SHA256
520380d87c124b25285bbaee5b9e012f366f65edf2c8159a007949cc241b8b3a

SHA512
dfb401275b5f8c0cde5bb510200df54ee95b1001ad81b4225ea3b087954a894e5cd8fd2a0533522889f6f4f5eb7c96bda525a9a60e4bfcb7b445d24f02dc80d7

Download Submit
\Windows\system\xozuAbl.exe

Filesize
6.0MB

MD5
6104a218ce639ad7940459db5f914120

SHA1
adeb3675edf10a106f0977b27f67f910ec1b7d8e

SHA256
02aa31aea6673c4c84266d9506af22fe83f0bbf71cc66bbf4df41b6c48c845a1

SHA512
f3074ffd51efb9f0c47b39e53a096ecfb840447fb8ce2bb40e1e41fc0eb07e2e83f507265e51b4bca22d90f5aa9883cd26f62c5595bf9c921d24bf4f8d45f746

Download Submit
memory/1788-21-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-3398-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1808-3393-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1808-98-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1808-510-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2008-3296-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-33-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-91-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2156-508-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2156-3390-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2348-82-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2348-3394-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2348-507-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2408-75-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-97-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2408-511-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2408-509-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2408-111-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-44-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-83-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2408-45-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-81-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-25-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-54-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-52-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-51-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-50-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-0-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-40-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2460-61-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3395-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2540-49-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3385-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3368-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-76-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-387-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3402-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2720-63-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3362-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2752-53-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2872-96-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2872-62-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3406-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3396-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-70-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-90-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3367-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2900-48-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/3048-55-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3383-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download