cobaltstrike | f538812a6a9fcc6b740ac8d49f4d6f981e2582bfce4b35525fc09858fd65cb90

Analysis

max time kernel
144s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-12-2024 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

30acaab6c39c2b350cac43c23a022d5d
SHA1

647f0fbc2517f053d6f8b9791e54c916e33bdf65
SHA256

f538812a6a9fcc6b740ac8d49f4d6f981e2582bfce4b35525fc09858fd65cb90
SHA512

372aff085337ca926e80726fc8f9e1478d6a714f5b1846f46c4c54bb3d7cc76a02940e6f2e9a7cfb640a4941627ac5590cd4f6d8d7571868da4810958d73e5db
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016df8-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016edc-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016f02-21.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174b4-26.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174f8-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017570-36.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000175f7-40.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-50.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000016dd9-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2996-0-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016df8-11.dat	xmrig
behavioral1/files/0x0008000000016edc-9.dat	xmrig
behavioral1/files/0x0008000000016f02-21.dat	xmrig
behavioral1/files/0x00070000000174b4-26.dat	xmrig
behavioral1/files/0x00070000000174f8-30.dat	xmrig
behavioral1/files/0x0007000000017570-36.dat	xmrig
behavioral1/files/0x00080000000175f7-40.dat	xmrig
behavioral1/files/0x0005000000019261-50.dat	xmrig
behavioral1/files/0x0033000000016dd9-60.dat	xmrig
behavioral1/files/0x0005000000019358-85.dat	xmrig
behavioral1/files/0x00050000000193cc-100.dat	xmrig
behavioral1/files/0x00050000000193f9-115.dat	xmrig
behavioral1/files/0x0005000000019502-150.dat	xmrig
behavioral1/memory/2804-1628-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2996-1667-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2672-1887-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2996-2053-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2732-2093-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2776-2095-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/988-2052-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/1032-2008-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/1588-1963-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2348-1926-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2564-1844-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2608-1803-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2688-1759-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2860-1712-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2808-1666-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2660-1586-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2996-1547-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0005000000019510-160.dat	xmrig
behavioral1/files/0x0005000000019508-155.dat	xmrig
behavioral1/files/0x00050000000194d5-140.dat	xmrig
behavioral1/files/0x00050000000194e1-145.dat	xmrig
behavioral1/files/0x00050000000194c3-135.dat	xmrig
behavioral1/files/0x00050000000194ad-130.dat	xmrig
behavioral1/files/0x0005000000019428-125.dat	xmrig
behavioral1/files/0x0005000000019426-120.dat	xmrig
behavioral1/files/0x00050000000193dc-110.dat	xmrig
behavioral1/files/0x00050000000193d0-105.dat	xmrig
behavioral1/files/0x000500000001939f-95.dat	xmrig
behavioral1/files/0x000500000001938e-90.dat	xmrig
behavioral1/files/0x0005000000019354-80.dat	xmrig
behavioral1/files/0x00050000000192a1-75.dat	xmrig
behavioral1/files/0x0005000000019299-70.dat	xmrig
behavioral1/files/0x000500000001927a-65.dat	xmrig
behavioral1/files/0x0005000000019274-56.dat	xmrig
behavioral1/files/0x000500000001924f-45.dat	xmrig
behavioral1/memory/2672-3028-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2804-3030-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2660-3029-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2776-3034-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2688-3033-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/1588-3035-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2860-3032-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2564-3047-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2608-3056-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/988-3057-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2808-3049-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/1032-3048-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2732-3043-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2348-3031-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2732	QdRbpBU.exe
2776	tJsCpRB.exe
2660	rtPOzcw.exe
2804	nzejyVj.exe
2808	wkHxWyb.exe
2860	nAnqZAy.exe
2688	fYcLfmD.exe
2608	JJVNmBe.exe
2564	WdvdgQb.exe
2672	tsIUGUe.exe
2348	GfmrODt.exe
1588	cUePbTc.exe
1032	pctKHNX.exe
988	DkVRINQ.exe
2640	ZKeGhuw.exe
2868	BJAbBfL.exe
884	EEKrFOw.exe
864	cHnYfbn.exe
1504	JzzTACM.exe
1996	CMouonu.exe
1376	uLRVLPj.exe
776	mMIBIPY.exe
1820	MyZmTJn.exe
1132	zIoTsur.exe
2420	iYIOBEw.exe
1396	FMLEdvq.exe
2180	CZWESjR.exe
2528	apRYLVv.exe
2196	cYqgRYJ.exe
1236	XgMLbil.exe
2236	MQvSCJE.exe
1772	hEuKAKg.exe
1140	VZQZcBV.exe
1648	bWTHdWw.exe
852	WwzEpNp.exe
800	srFOood.exe
2460	dnvjOZh.exe
1764	tGyhyan.exe
1544	CRyRKyX.exe
2272	jRjvlnX.exe
1516	gfeMraO.exe
1720	HvwsIlS.exe
2956	KXfBFEM.exe
1328	kwwhuHH.exe
3012	nSoLYRD.exe
3008	tnpBlhv.exe
2900	hTbjFOX.exe
2068	hTYaRBK.exe
536	YiGQiRq.exe
1152	YqycObq.exe
2892	EIchwoa.exe
1304	XPAilJp.exe
2268	GcjiQZj.exe
2028	rbwwKEa.exe
2200	eyPYiQq.exe
2232	mrWbecg.exe
1576	MqofmHX.exe
1604	FERCArI.exe
2752	ZVEkhhY.exe
2812	rhzgtdn.exe
2380	wFdDhcu.exe
2724	ewjTVlT.exe
2560	rGoDsww.exe
2624	kEEzavq.exe

Loads dropped DLL 64 IoCs

pid	Process
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2996-0-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016df8-11.dat	upx
behavioral1/files/0x0008000000016edc-9.dat	upx
behavioral1/files/0x0008000000016f02-21.dat	upx
behavioral1/files/0x00070000000174b4-26.dat	upx
behavioral1/files/0x00070000000174f8-30.dat	upx
behavioral1/files/0x0007000000017570-36.dat	upx
behavioral1/files/0x00080000000175f7-40.dat	upx
behavioral1/files/0x0005000000019261-50.dat	upx
behavioral1/files/0x0033000000016dd9-60.dat	upx
behavioral1/files/0x0005000000019358-85.dat	upx
behavioral1/files/0x00050000000193cc-100.dat	upx
behavioral1/files/0x00050000000193f9-115.dat	upx
behavioral1/files/0x0005000000019502-150.dat	upx
behavioral1/memory/2804-1628-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2672-1887-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2732-2093-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2776-2095-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/988-2052-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/1032-2008-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/1588-1963-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2348-1926-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2564-1844-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2608-1803-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2688-1759-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2860-1712-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2808-1666-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2660-1586-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0005000000019510-160.dat	upx
behavioral1/files/0x0005000000019508-155.dat	upx
behavioral1/files/0x00050000000194d5-140.dat	upx
behavioral1/files/0x00050000000194e1-145.dat	upx
behavioral1/files/0x00050000000194c3-135.dat	upx
behavioral1/files/0x00050000000194ad-130.dat	upx
behavioral1/files/0x0005000000019428-125.dat	upx
behavioral1/files/0x0005000000019426-120.dat	upx
behavioral1/files/0x00050000000193dc-110.dat	upx
behavioral1/files/0x00050000000193d0-105.dat	upx
behavioral1/files/0x000500000001939f-95.dat	upx
behavioral1/files/0x000500000001938e-90.dat	upx
behavioral1/files/0x0005000000019354-80.dat	upx
behavioral1/files/0x00050000000192a1-75.dat	upx
behavioral1/files/0x0005000000019299-70.dat	upx
behavioral1/files/0x000500000001927a-65.dat	upx
behavioral1/files/0x0005000000019274-56.dat	upx
behavioral1/files/0x000500000001924f-45.dat	upx
behavioral1/memory/2672-3028-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2804-3030-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2660-3029-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2776-3034-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2688-3033-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/1588-3035-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2860-3032-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2564-3047-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2608-3056-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/988-3057-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2808-3049-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/1032-3048-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2732-3043-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2348-3031-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2996-5219-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RZBjEPH.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJqCjbk.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmPXvum.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKllWcG.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcJpoWO.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtVkubc.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyecPUp.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSHksSJ.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfpxnpF.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkcktwB.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hlxcZFg.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUsOxok.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkzkKcK.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBvAqkx.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJuAIDx.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luwWkPA.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojZQxjZ.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBnlLXe.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgUCqWm.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYcEOSI.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htpSxvs.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAzcuai.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdobfwO.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYEGimR.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwmtaaU.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yEOsKRR.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFOBufR.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aQEwRvF.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGoDsww.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QyUpNrU.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNEmSMr.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rarhIQk.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXTllyi.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxDIdKp.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkkXVDX.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOFzNBO.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PuUaTut.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfeMraO.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHWukEz.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDoKVjV.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIcqMNJ.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZekOjgr.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xzxIkmI.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FzNxrdN.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svrZHJV.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPNPxzx.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhNmZxz.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgBSpFs.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjxaTjr.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QdkZixp.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oziEMEc.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ewcWUzv.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgtYjmj.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtmSsjs.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDbsEvJ.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JJVNmBe.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLZDnkK.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\scRDwdR.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwOVYIb.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxUsEGP.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFWYNcm.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMyHbaw.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbUtmCs.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMowbEK.exe	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2732	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2996 wrote to memory of 2732	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2996 wrote to memory of 2732	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2996 wrote to memory of 2776	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2996 wrote to memory of 2776	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2996 wrote to memory of 2776	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2996 wrote to memory of 2660	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2996 wrote to memory of 2660	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2996 wrote to memory of 2660	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2996 wrote to memory of 2804	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2996 wrote to memory of 2804	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2996 wrote to memory of 2804	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2996 wrote to memory of 2808	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2996 wrote to memory of 2808	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2996 wrote to memory of 2808	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2996 wrote to memory of 2860	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2996 wrote to memory of 2860	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2996 wrote to memory of 2860	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2996 wrote to memory of 2688	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2996 wrote to memory of 2688	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2996 wrote to memory of 2688	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2996 wrote to memory of 2608	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2996 wrote to memory of 2608	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2996 wrote to memory of 2608	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2996 wrote to memory of 2564	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2996 wrote to memory of 2564	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2996 wrote to memory of 2564	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2996 wrote to memory of 2672	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2996 wrote to memory of 2672	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2996 wrote to memory of 2672	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2996 wrote to memory of 2348	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2996 wrote to memory of 2348	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2996 wrote to memory of 2348	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2996 wrote to memory of 1588	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2996 wrote to memory of 1588	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2996 wrote to memory of 1588	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2996 wrote to memory of 1032	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2996 wrote to memory of 1032	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2996 wrote to memory of 1032	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2996 wrote to memory of 988	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2996 wrote to memory of 988	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2996 wrote to memory of 988	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2996 wrote to memory of 2640	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2996 wrote to memory of 2640	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2996 wrote to memory of 2640	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2996 wrote to memory of 2868	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2996 wrote to memory of 2868	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2996 wrote to memory of 2868	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2996 wrote to memory of 884	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2996 wrote to memory of 884	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2996 wrote to memory of 884	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2996 wrote to memory of 864	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2996 wrote to memory of 864	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2996 wrote to memory of 864	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2996 wrote to memory of 1504	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2996 wrote to memory of 1504	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2996 wrote to memory of 1504	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2996 wrote to memory of 1996	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2996 wrote to memory of 1996	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2996 wrote to memory of 1996	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2996 wrote to memory of 1376	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2996 wrote to memory of 1376	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2996 wrote to memory of 1376	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2996 wrote to memory of 776	2996	2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-05_30acaab6c39c2b350cac43c23a022d5d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\System\QdRbpBU.exe
  C:\Windows\System\QdRbpBU.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\tJsCpRB.exe
  C:\Windows\System\tJsCpRB.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\rtPOzcw.exe
  C:\Windows\System\rtPOzcw.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\nzejyVj.exe
  C:\Windows\System\nzejyVj.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\wkHxWyb.exe
  C:\Windows\System\wkHxWyb.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\nAnqZAy.exe
  C:\Windows\System\nAnqZAy.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\fYcLfmD.exe
  C:\Windows\System\fYcLfmD.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\JJVNmBe.exe
  C:\Windows\System\JJVNmBe.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\WdvdgQb.exe
  C:\Windows\System\WdvdgQb.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\tsIUGUe.exe
  C:\Windows\System\tsIUGUe.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\GfmrODt.exe
  C:\Windows\System\GfmrODt.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\cUePbTc.exe
  C:\Windows\System\cUePbTc.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\pctKHNX.exe
  C:\Windows\System\pctKHNX.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\DkVRINQ.exe
  C:\Windows\System\DkVRINQ.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\ZKeGhuw.exe
  C:\Windows\System\ZKeGhuw.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\BJAbBfL.exe
  C:\Windows\System\BJAbBfL.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\EEKrFOw.exe
  C:\Windows\System\EEKrFOw.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\cHnYfbn.exe
  C:\Windows\System\cHnYfbn.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\JzzTACM.exe
  C:\Windows\System\JzzTACM.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\CMouonu.exe
  C:\Windows\System\CMouonu.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\uLRVLPj.exe
  C:\Windows\System\uLRVLPj.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\mMIBIPY.exe
  C:\Windows\System\mMIBIPY.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\MyZmTJn.exe
  C:\Windows\System\MyZmTJn.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\zIoTsur.exe
  C:\Windows\System\zIoTsur.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\iYIOBEw.exe
  C:\Windows\System\iYIOBEw.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\FMLEdvq.exe
  C:\Windows\System\FMLEdvq.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\CZWESjR.exe
  C:\Windows\System\CZWESjR.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\apRYLVv.exe
  C:\Windows\System\apRYLVv.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\cYqgRYJ.exe
  C:\Windows\System\cYqgRYJ.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\XgMLbil.exe
  C:\Windows\System\XgMLbil.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\MQvSCJE.exe
  C:\Windows\System\MQvSCJE.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\hEuKAKg.exe
  C:\Windows\System\hEuKAKg.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\VZQZcBV.exe
  C:\Windows\System\VZQZcBV.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\bWTHdWw.exe
  C:\Windows\System\bWTHdWw.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\WwzEpNp.exe
  C:\Windows\System\WwzEpNp.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\srFOood.exe
  C:\Windows\System\srFOood.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\dnvjOZh.exe
  C:\Windows\System\dnvjOZh.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\tGyhyan.exe
  C:\Windows\System\tGyhyan.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\CRyRKyX.exe
  C:\Windows\System\CRyRKyX.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\jRjvlnX.exe
  C:\Windows\System\jRjvlnX.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\gfeMraO.exe
  C:\Windows\System\gfeMraO.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\HvwsIlS.exe
  C:\Windows\System\HvwsIlS.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\KXfBFEM.exe
  C:\Windows\System\KXfBFEM.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\kwwhuHH.exe
  C:\Windows\System\kwwhuHH.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\nSoLYRD.exe
  C:\Windows\System\nSoLYRD.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\tnpBlhv.exe
  C:\Windows\System\tnpBlhv.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\hTbjFOX.exe
  C:\Windows\System\hTbjFOX.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\hTYaRBK.exe
  C:\Windows\System\hTYaRBK.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\YiGQiRq.exe
  C:\Windows\System\YiGQiRq.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\YqycObq.exe
  C:\Windows\System\YqycObq.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\EIchwoa.exe
  C:\Windows\System\EIchwoa.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\XPAilJp.exe
  C:\Windows\System\XPAilJp.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\GcjiQZj.exe
  C:\Windows\System\GcjiQZj.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\rbwwKEa.exe
  C:\Windows\System\rbwwKEa.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\eyPYiQq.exe
  C:\Windows\System\eyPYiQq.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\mrWbecg.exe
  C:\Windows\System\mrWbecg.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\MqofmHX.exe
  C:\Windows\System\MqofmHX.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\FERCArI.exe
  C:\Windows\System\FERCArI.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\ZVEkhhY.exe
  C:\Windows\System\ZVEkhhY.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\rhzgtdn.exe
  C:\Windows\System\rhzgtdn.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\wFdDhcu.exe
  C:\Windows\System\wFdDhcu.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\ewjTVlT.exe
  C:\Windows\System\ewjTVlT.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\rGoDsww.exe
  C:\Windows\System\rGoDsww.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\kEEzavq.exe
  C:\Windows\System\kEEzavq.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\dtdmQLA.exe
  C:\Windows\System\dtdmQLA.exe
  2⤵
  PID:2552
- C:\Windows\System\mwQyCnd.exe
  C:\Windows\System\mwQyCnd.exe
  2⤵
  PID:1028
- C:\Windows\System\mgFsxXA.exe
  C:\Windows\System\mgFsxXA.exe
  2⤵
  PID:2832
- C:\Windows\System\hPJmzJp.exe
  C:\Windows\System\hPJmzJp.exe
  2⤵
  PID:2444
- C:\Windows\System\WXpriqV.exe
  C:\Windows\System\WXpriqV.exe
  2⤵
  PID:1752
- C:\Windows\System\TPLtzzV.exe
  C:\Windows\System\TPLtzzV.exe
  2⤵
  PID:1292
- C:\Windows\System\htpSxvs.exe
  C:\Windows\System\htpSxvs.exe
  2⤵
  PID:380
- C:\Windows\System\QyxRfrk.exe
  C:\Windows\System\QyxRfrk.exe
  2⤵
  PID:1644
- C:\Windows\System\otUcfLH.exe
  C:\Windows\System\otUcfLH.exe
  2⤵
  PID:2244
- C:\Windows\System\iNEgEgK.exe
  C:\Windows\System\iNEgEgK.exe
  2⤵
  PID:2772
- C:\Windows\System\WPtsErw.exe
  C:\Windows\System\WPtsErw.exe
  2⤵
  PID:2928
- C:\Windows\System\ojfpBcY.exe
  C:\Windows\System\ojfpBcY.exe
  2⤵
  PID:448
- C:\Windows\System\fPIfOmu.exe
  C:\Windows\System\fPIfOmu.exe
  2⤵
  PID:2408
- C:\Windows\System\wekbgJe.exe
  C:\Windows\System\wekbgJe.exe
  2⤵
  PID:1856
- C:\Windows\System\LuaXbJn.exe
  C:\Windows\System\LuaXbJn.exe
  2⤵
  PID:1244
- C:\Windows\System\ywnVDtt.exe
  C:\Windows\System\ywnVDtt.exe
  2⤵
  PID:1768
- C:\Windows\System\LthOCQr.exe
  C:\Windows\System\LthOCQr.exe
  2⤵
  PID:1688
- C:\Windows\System\jRuMxSu.exe
  C:\Windows\System\jRuMxSu.exe
  2⤵
  PID:2364
- C:\Windows\System\kKOfWsJ.exe
  C:\Windows\System\kKOfWsJ.exe
  2⤵
  PID:768
- C:\Windows\System\GqbYVMB.exe
  C:\Windows\System\GqbYVMB.exe
  2⤵
  PID:1556
- C:\Windows\System\dYNaIEf.exe
  C:\Windows\System\dYNaIEf.exe
  2⤵
  PID:2320
- C:\Windows\System\vAjhjWr.exe
  C:\Windows\System\vAjhjWr.exe
  2⤵
  PID:1804
- C:\Windows\System\EiWznds.exe
  C:\Windows\System\EiWznds.exe
  2⤵
  PID:2056
- C:\Windows\System\usTiymU.exe
  C:\Windows\System\usTiymU.exe
  2⤵
  PID:268
- C:\Windows\System\iKIOurr.exe
  C:\Windows\System\iKIOurr.exe
  2⤵
  PID:2944
- C:\Windows\System\ZxvoXKv.exe
  C:\Windows\System\ZxvoXKv.exe
  2⤵
  PID:888
- C:\Windows\System\VstuPNv.exe
  C:\Windows\System\VstuPNv.exe
  2⤵
  PID:1280
- C:\Windows\System\UWgtcZW.exe
  C:\Windows\System\UWgtcZW.exe
  2⤵
  PID:2824
- C:\Windows\System\nejnpDE.exe
  C:\Windows\System\nejnpDE.exe
  2⤵
  PID:2256
- C:\Windows\System\tbfiGWD.exe
  C:\Windows\System\tbfiGWD.exe
  2⤵
  PID:2816
- C:\Windows\System\zMBYnQj.exe
  C:\Windows\System\zMBYnQj.exe
  2⤵
  PID:2760
- C:\Windows\System\PxQxXBw.exe
  C:\Windows\System\PxQxXBw.exe
  2⤵
  PID:2516
- C:\Windows\System\SxEzFzh.exe
  C:\Windows\System\SxEzFzh.exe
  2⤵
  PID:2628
- C:\Windows\System\qlfEwxE.exe
  C:\Windows\System\qlfEwxE.exe
  2⤵
  PID:1944
- C:\Windows\System\DjNHaMu.exe
  C:\Windows\System\DjNHaMu.exe
  2⤵
  PID:2884
- C:\Windows\System\aGvZLIf.exe
  C:\Windows\System\aGvZLIf.exe
  2⤵
  PID:336
- C:\Windows\System\bkzkKcK.exe
  C:\Windows\System\bkzkKcK.exe
  2⤵
  PID:320
- C:\Windows\System\ZYZQkSu.exe
  C:\Windows\System\ZYZQkSu.exe
  2⤵
  PID:2356
- C:\Windows\System\nglCzRi.exe
  C:\Windows\System\nglCzRi.exe
  2⤵
  PID:2924
- C:\Windows\System\zSHksSJ.exe
  C:\Windows\System\zSHksSJ.exe
  2⤵
  PID:2352
- C:\Windows\System\ZZoYhbT.exe
  C:\Windows\System\ZZoYhbT.exe
  2⤵
  PID:900
- C:\Windows\System\XSmPadd.exe
  C:\Windows\System\XSmPadd.exe
  2⤵
  PID:1704
- C:\Windows\System\lgBNzDh.exe
  C:\Windows\System\lgBNzDh.exe
  2⤵
  PID:2208
- C:\Windows\System\CNipMqB.exe
  C:\Windows\System\CNipMqB.exe
  2⤵
  PID:2084
- C:\Windows\System\ztTkZIb.exe
  C:\Windows\System\ztTkZIb.exe
  2⤵
  PID:2324
- C:\Windows\System\EeZpwnX.exe
  C:\Windows\System\EeZpwnX.exe
  2⤵
  PID:3016
- C:\Windows\System\bCtEtxL.exe
  C:\Windows\System\bCtEtxL.exe
  2⤵
  PID:2132
- C:\Windows\System\dYRufbf.exe
  C:\Windows\System\dYRufbf.exe
  2⤵
  PID:892
- C:\Windows\System\Pysnsmk.exe
  C:\Windows\System\Pysnsmk.exe
  2⤵
  PID:1276
- C:\Windows\System\xcBIXUW.exe
  C:\Windows\System\xcBIXUW.exe
  2⤵
  PID:2744
- C:\Windows\System\ggHxkjt.exe
  C:\Windows\System\ggHxkjt.exe
  2⤵
  PID:2332
- C:\Windows\System\gMeffCY.exe
  C:\Windows\System\gMeffCY.exe
  2⤵
  PID:2988
- C:\Windows\System\AfBJWtL.exe
  C:\Windows\System\AfBJWtL.exe
  2⤵
  PID:2880
- C:\Windows\System\FiNzzzv.exe
  C:\Windows\System\FiNzzzv.exe
  2⤵
  PID:2004
- C:\Windows\System\oqNuFGx.exe
  C:\Windows\System\oqNuFGx.exe
  2⤵
  PID:1676
- C:\Windows\System\nvREXRb.exe
  C:\Windows\System\nvREXRb.exe
  2⤵
  PID:2156
- C:\Windows\System\AlFdHhx.exe
  C:\Windows\System\AlFdHhx.exe
  2⤵
  PID:2316
- C:\Windows\System\cTqAOdT.exe
  C:\Windows\System\cTqAOdT.exe
  2⤵
  PID:2484
- C:\Windows\System\rXloSrO.exe
  C:\Windows\System\rXloSrO.exe
  2⤵
  PID:1660
- C:\Windows\System\nzsWtcY.exe
  C:\Windows\System\nzsWtcY.exe
  2⤵
  PID:2916
- C:\Windows\System\JvqzoEx.exe
  C:\Windows\System\JvqzoEx.exe
  2⤵
  PID:3080
- C:\Windows\System\rFLIzfM.exe
  C:\Windows\System\rFLIzfM.exe
  2⤵
  PID:3096
- C:\Windows\System\rlxJqLX.exe
  C:\Windows\System\rlxJqLX.exe
  2⤵
  PID:3120
- C:\Windows\System\BTMRVhF.exe
  C:\Windows\System\BTMRVhF.exe
  2⤵
  PID:3140
- C:\Windows\System\PIQrCBP.exe
  C:\Windows\System\PIQrCBP.exe
  2⤵
  PID:3160
- C:\Windows\System\qcvYfcq.exe
  C:\Windows\System\qcvYfcq.exe
  2⤵
  PID:3176
- C:\Windows\System\sLCAcne.exe
  C:\Windows\System\sLCAcne.exe
  2⤵
  PID:3200
- C:\Windows\System\joGMXFe.exe
  C:\Windows\System\joGMXFe.exe
  2⤵
  PID:3216
- C:\Windows\System\naqevRl.exe
  C:\Windows\System\naqevRl.exe
  2⤵
  PID:3240
- C:\Windows\System\odNyHDM.exe
  C:\Windows\System\odNyHDM.exe
  2⤵
  PID:3260
- C:\Windows\System\QtNUZbd.exe
  C:\Windows\System\QtNUZbd.exe
  2⤵
  PID:3276
- C:\Windows\System\gjUbQEj.exe
  C:\Windows\System\gjUbQEj.exe
  2⤵
  PID:3300
- C:\Windows\System\oQiVFbG.exe
  C:\Windows\System\oQiVFbG.exe
  2⤵
  PID:3316
- C:\Windows\System\qhrdvrj.exe
  C:\Windows\System\qhrdvrj.exe
  2⤵
  PID:3336
- C:\Windows\System\trhLOyj.exe
  C:\Windows\System\trhLOyj.exe
  2⤵
  PID:3356
- C:\Windows\System\UkxPCED.exe
  C:\Windows\System\UkxPCED.exe
  2⤵
  PID:3376
- C:\Windows\System\XlPkxxr.exe
  C:\Windows\System\XlPkxxr.exe
  2⤵
  PID:3400
- C:\Windows\System\tHZoSdc.exe
  C:\Windows\System\tHZoSdc.exe
  2⤵
  PID:3420
- C:\Windows\System\VbQvBti.exe
  C:\Windows\System\VbQvBti.exe
  2⤵
  PID:3436
- C:\Windows\System\SvmnBiF.exe
  C:\Windows\System\SvmnBiF.exe
  2⤵
  PID:3456
- C:\Windows\System\CgyBVdV.exe
  C:\Windows\System\CgyBVdV.exe
  2⤵
  PID:3480
- C:\Windows\System\hPosssC.exe
  C:\Windows\System\hPosssC.exe
  2⤵
  PID:3496
- C:\Windows\System\SycYlIA.exe
  C:\Windows\System\SycYlIA.exe
  2⤵
  PID:3516
- C:\Windows\System\wHAtwZP.exe
  C:\Windows\System\wHAtwZP.exe
  2⤵
  PID:3540
- C:\Windows\System\OdIriXF.exe
  C:\Windows\System\OdIriXF.exe
  2⤵
  PID:3560
- C:\Windows\System\tuDfRwI.exe
  C:\Windows\System\tuDfRwI.exe
  2⤵
  PID:3580
- C:\Windows\System\hXtqted.exe
  C:\Windows\System\hXtqted.exe
  2⤵
  PID:3600
- C:\Windows\System\NLdDlIH.exe
  C:\Windows\System\NLdDlIH.exe
  2⤵
  PID:3616
- C:\Windows\System\QKKWTHD.exe
  C:\Windows\System\QKKWTHD.exe
  2⤵
  PID:3640
- C:\Windows\System\vWrdBzx.exe
  C:\Windows\System\vWrdBzx.exe
  2⤵
  PID:3660
- C:\Windows\System\XwsGcKX.exe
  C:\Windows\System\XwsGcKX.exe
  2⤵
  PID:3684
- C:\Windows\System\jdeMEOa.exe
  C:\Windows\System\jdeMEOa.exe
  2⤵
  PID:3704
- C:\Windows\System\unBovrE.exe
  C:\Windows\System\unBovrE.exe
  2⤵
  PID:3724
- C:\Windows\System\pNTpLyZ.exe
  C:\Windows\System\pNTpLyZ.exe
  2⤵
  PID:3744
- C:\Windows\System\CKVtqbc.exe
  C:\Windows\System\CKVtqbc.exe
  2⤵
  PID:3764
- C:\Windows\System\oOMGSCK.exe
  C:\Windows\System\oOMGSCK.exe
  2⤵
  PID:3780
- C:\Windows\System\xzxIkmI.exe
  C:\Windows\System\xzxIkmI.exe
  2⤵
  PID:3804
- C:\Windows\System\XAWWnWe.exe
  C:\Windows\System\XAWWnWe.exe
  2⤵
  PID:3820
- C:\Windows\System\mKWsbKR.exe
  C:\Windows\System\mKWsbKR.exe
  2⤵
  PID:3844
- C:\Windows\System\sSyaYYg.exe
  C:\Windows\System\sSyaYYg.exe
  2⤵
  PID:3864
- C:\Windows\System\qJPygRx.exe
  C:\Windows\System\qJPygRx.exe
  2⤵
  PID:3884
- C:\Windows\System\mwmtaaU.exe
  C:\Windows\System\mwmtaaU.exe
  2⤵
  PID:3900
- C:\Windows\System\opFCmnl.exe
  C:\Windows\System\opFCmnl.exe
  2⤵
  PID:3924
- C:\Windows\System\FLqanAC.exe
  C:\Windows\System\FLqanAC.exe
  2⤵
  PID:3944
- C:\Windows\System\XoLretJ.exe
  C:\Windows\System\XoLretJ.exe
  2⤵
  PID:3964
- C:\Windows\System\yAvuuzB.exe
  C:\Windows\System\yAvuuzB.exe
  2⤵
  PID:3980
- C:\Windows\System\YKCHZwj.exe
  C:\Windows\System\YKCHZwj.exe
  2⤵
  PID:4004
- C:\Windows\System\KTwoMoS.exe
  C:\Windows\System\KTwoMoS.exe
  2⤵
  PID:4024
- C:\Windows\System\hkBWiwl.exe
  C:\Windows\System\hkBWiwl.exe
  2⤵
  PID:4040
- C:\Windows\System\vnXzShP.exe
  C:\Windows\System\vnXzShP.exe
  2⤵
  PID:4064
- C:\Windows\System\yLxkYJh.exe
  C:\Windows\System\yLxkYJh.exe
  2⤵
  PID:4080
- C:\Windows\System\hGmDJzl.exe
  C:\Windows\System\hGmDJzl.exe
  2⤵
  PID:304
- C:\Windows\System\SAfhNQO.exe
  C:\Windows\System\SAfhNQO.exe
  2⤵
  PID:2676
- C:\Windows\System\EDbJJvr.exe
  C:\Windows\System\EDbJJvr.exe
  2⤵
  PID:2544
- C:\Windows\System\PUJfxQk.exe
  C:\Windows\System\PUJfxQk.exe
  2⤵
  PID:1724
- C:\Windows\System\hjVEMDS.exe
  C:\Windows\System\hjVEMDS.exe
  2⤵
  PID:2792
- C:\Windows\System\dKqxQWU.exe
  C:\Windows\System\dKqxQWU.exe
  2⤵
  PID:1400
- C:\Windows\System\PTRxZJZ.exe
  C:\Windows\System\PTRxZJZ.exe
  2⤵
  PID:1788
- C:\Windows\System\QQsEfNw.exe
  C:\Windows\System\QQsEfNw.exe
  2⤵
  PID:632
- C:\Windows\System\nyHVQQq.exe
  C:\Windows\System\nyHVQQq.exe
  2⤵
  PID:3092
- C:\Windows\System\XGXmiOy.exe
  C:\Windows\System\XGXmiOy.exe
  2⤵
  PID:3128
- C:\Windows\System\eGgYslE.exe
  C:\Windows\System\eGgYslE.exe
  2⤵
  PID:3152
- C:\Windows\System\ogeqEvU.exe
  C:\Windows\System\ogeqEvU.exe
  2⤵
  PID:3192
- C:\Windows\System\NryPkjN.exe
  C:\Windows\System\NryPkjN.exe
  2⤵
  PID:3236
- C:\Windows\System\ZovUoCS.exe
  C:\Windows\System\ZovUoCS.exe
  2⤵
  PID:3284
- C:\Windows\System\ZIYpjhD.exe
  C:\Windows\System\ZIYpjhD.exe
  2⤵
  PID:3296
- C:\Windows\System\yKvJumI.exe
  C:\Windows\System\yKvJumI.exe
  2⤵
  PID:3332
- C:\Windows\System\ZnykMyN.exe
  C:\Windows\System\ZnykMyN.exe
  2⤵
  PID:3344
- C:\Windows\System\GZcMLIq.exe
  C:\Windows\System\GZcMLIq.exe
  2⤵
  PID:3408
- C:\Windows\System\xzyTkWh.exe
  C:\Windows\System\xzyTkWh.exe
  2⤵
  PID:3428
- C:\Windows\System\duwRTpV.exe
  C:\Windows\System\duwRTpV.exe
  2⤵
  PID:3464
- C:\Windows\System\xkkJZFk.exe
  C:\Windows\System\xkkJZFk.exe
  2⤵
  PID:3492
- C:\Windows\System\qRMfoxG.exe
  C:\Windows\System\qRMfoxG.exe
  2⤵
  PID:3528
- C:\Windows\System\BssTxaT.exe
  C:\Windows\System\BssTxaT.exe
  2⤵
  PID:3556
- C:\Windows\System\MLuKjkK.exe
  C:\Windows\System\MLuKjkK.exe
  2⤵
  PID:3596
- C:\Windows\System\ADHxNPo.exe
  C:\Windows\System\ADHxNPo.exe
  2⤵
  PID:3628
- C:\Windows\System\blGedjF.exe
  C:\Windows\System\blGedjF.exe
  2⤵
  PID:3668
- C:\Windows\System\ASSvOof.exe
  C:\Windows\System\ASSvOof.exe
  2⤵
  PID:3676
- C:\Windows\System\ibvbpyJ.exe
  C:\Windows\System\ibvbpyJ.exe
  2⤵
  PID:3736
- C:\Windows\System\iEQAuNi.exe
  C:\Windows\System\iEQAuNi.exe
  2⤵
  PID:3776
- C:\Windows\System\KwtGJvF.exe
  C:\Windows\System\KwtGJvF.exe
  2⤵
  PID:3816
- C:\Windows\System\XpzkDoy.exe
  C:\Windows\System\XpzkDoy.exe
  2⤵
  PID:3860
- C:\Windows\System\ALHfJZl.exe
  C:\Windows\System\ALHfJZl.exe
  2⤵
  PID:3836
- C:\Windows\System\RHxnQhe.exe
  C:\Windows\System\RHxnQhe.exe
  2⤵
  PID:3896
- C:\Windows\System\dqYiMTn.exe
  C:\Windows\System\dqYiMTn.exe
  2⤵
  PID:3936
- C:\Windows\System\VKOyYQh.exe
  C:\Windows\System\VKOyYQh.exe
  2⤵
  PID:3960
- C:\Windows\System\mPKWpuZ.exe
  C:\Windows\System\mPKWpuZ.exe
  2⤵
  PID:4016
- C:\Windows\System\xJWoqOF.exe
  C:\Windows\System\xJWoqOF.exe
  2⤵
  PID:4000
- C:\Windows\System\SGUSwct.exe
  C:\Windows\System\SGUSwct.exe
  2⤵
  PID:4036
- C:\Windows\System\ciRZZDq.exe
  C:\Windows\System\ciRZZDq.exe
  2⤵
  PID:1224
- C:\Windows\System\HiGmCrt.exe
  C:\Windows\System\HiGmCrt.exe
  2⤵
  PID:1600
- C:\Windows\System\afzpxpU.exe
  C:\Windows\System\afzpxpU.exe
  2⤵
  PID:2124
- C:\Windows\System\ipZsZvO.exe
  C:\Windows\System\ipZsZvO.exe
  2⤵
  PID:2500
- C:\Windows\System\UWCEHvA.exe
  C:\Windows\System\UWCEHvA.exe
  2⤵
  PID:3088
- C:\Windows\System\zgfuCdp.exe
  C:\Windows\System\zgfuCdp.exe
  2⤵
  PID:3132
- C:\Windows\System\jddyWPI.exe
  C:\Windows\System\jddyWPI.exe
  2⤵
  PID:3168
- C:\Windows\System\iFiZEey.exe
  C:\Windows\System\iFiZEey.exe
  2⤵
  PID:3248
- C:\Windows\System\ExNHjmW.exe
  C:\Windows\System\ExNHjmW.exe
  2⤵
  PID:2368
- C:\Windows\System\aabJQOa.exe
  C:\Windows\System\aabJQOa.exe
  2⤵
  PID:3328
- C:\Windows\System\zwJkDJG.exe
  C:\Windows\System\zwJkDJG.exe
  2⤵
  PID:3396
- C:\Windows\System\fTowSUG.exe
  C:\Windows\System\fTowSUG.exe
  2⤵
  PID:3488
- C:\Windows\System\TUhZzGy.exe
  C:\Windows\System\TUhZzGy.exe
  2⤵
  PID:3512
- C:\Windows\System\MhfVYtd.exe
  C:\Windows\System\MhfVYtd.exe
  2⤵
  PID:3536
- C:\Windows\System\zRrzoUl.exe
  C:\Windows\System\zRrzoUl.exe
  2⤵
  PID:3608
- C:\Windows\System\ZOCJtpB.exe
  C:\Windows\System\ZOCJtpB.exe
  2⤵
  PID:3636
- C:\Windows\System\oXoxZlD.exe
  C:\Windows\System\oXoxZlD.exe
  2⤵
  PID:3720
- C:\Windows\System\KEHZIKT.exe
  C:\Windows\System\KEHZIKT.exe
  2⤵
  PID:3756
- C:\Windows\System\icpdTAg.exe
  C:\Windows\System\icpdTAg.exe
  2⤵
  PID:3788
- C:\Windows\System\liECebx.exe
  C:\Windows\System\liECebx.exe
  2⤵
  PID:3908
- C:\Windows\System\kLontzP.exe
  C:\Windows\System\kLontzP.exe
  2⤵
  PID:3916
- C:\Windows\System\pwOVYIb.exe
  C:\Windows\System\pwOVYIb.exe
  2⤵
  PID:3988
- C:\Windows\System\FjxaTjr.exe
  C:\Windows\System\FjxaTjr.exe
  2⤵
  PID:4056
- C:\Windows\System\RvTMcmc.exe
  C:\Windows\System\RvTMcmc.exe
  2⤵
  PID:2980
- C:\Windows\System\rDeVKLz.exe
  C:\Windows\System\rDeVKLz.exe
  2⤵
  PID:2588
- C:\Windows\System\NpzzJNA.exe
  C:\Windows\System\NpzzJNA.exe
  2⤵
  PID:2264
- C:\Windows\System\jvfpcYl.exe
  C:\Windows\System\jvfpcYl.exe
  2⤵
  PID:2464
- C:\Windows\System\bxlZppU.exe
  C:\Windows\System\bxlZppU.exe
  2⤵
  PID:3184
- C:\Windows\System\pNpsLki.exe
  C:\Windows\System\pNpsLki.exe
  2⤵
  PID:3352
- C:\Windows\System\gtjiPLK.exe
  C:\Windows\System\gtjiPLK.exe
  2⤵
  PID:3372
- C:\Windows\System\TUvjPYg.exe
  C:\Windows\System\TUvjPYg.exe
  2⤵
  PID:3508
- C:\Windows\System\YdYCPSK.exe
  C:\Windows\System\YdYCPSK.exe
  2⤵
  PID:3592
- C:\Windows\System\myBXnka.exe
  C:\Windows\System\myBXnka.exe
  2⤵
  PID:3632
- C:\Windows\System\cdmoIYq.exe
  C:\Windows\System\cdmoIYq.exe
  2⤵
  PID:3732
- C:\Windows\System\GKwPumU.exe
  C:\Windows\System\GKwPumU.exe
  2⤵
  PID:3876
- C:\Windows\System\UakWUET.exe
  C:\Windows\System\UakWUET.exe
  2⤵
  PID:3672
- C:\Windows\System\acZtbgy.exe
  C:\Windows\System\acZtbgy.exe
  2⤵
  PID:4012
- C:\Windows\System\AufFipl.exe
  C:\Windows\System\AufFipl.exe
  2⤵
  PID:1156
- C:\Windows\System\qRSDWCK.exe
  C:\Windows\System\qRSDWCK.exe
  2⤵
  PID:2176
- C:\Windows\System\rSISgGx.exe
  C:\Windows\System\rSISgGx.exe
  2⤵
  PID:4100
- C:\Windows\System\flzwurX.exe
  C:\Windows\System\flzwurX.exe
  2⤵
  PID:4124
- C:\Windows\System\fewFGle.exe
  C:\Windows\System\fewFGle.exe
  2⤵
  PID:4140
- C:\Windows\System\YWVtxwk.exe
  C:\Windows\System\YWVtxwk.exe
  2⤵
  PID:4160
- C:\Windows\System\JIpomnR.exe
  C:\Windows\System\JIpomnR.exe
  2⤵
  PID:4180
- C:\Windows\System\yfVmHKF.exe
  C:\Windows\System\yfVmHKF.exe
  2⤵
  PID:4204
- C:\Windows\System\cCwknau.exe
  C:\Windows\System\cCwknau.exe
  2⤵
  PID:4224
- C:\Windows\System\USQFvRN.exe
  C:\Windows\System\USQFvRN.exe
  2⤵
  PID:4240
- C:\Windows\System\AcxcqYN.exe
  C:\Windows\System\AcxcqYN.exe
  2⤵
  PID:4260
- C:\Windows\System\zpBvuSl.exe
  C:\Windows\System\zpBvuSl.exe
  2⤵
  PID:4284
- C:\Windows\System\ovdCZRu.exe
  C:\Windows\System\ovdCZRu.exe
  2⤵
  PID:4304
- C:\Windows\System\SwudTzr.exe
  C:\Windows\System\SwudTzr.exe
  2⤵
  PID:4320
- C:\Windows\System\sUUCwDo.exe
  C:\Windows\System\sUUCwDo.exe
  2⤵
  PID:4340
- C:\Windows\System\FHJGfjL.exe
  C:\Windows\System\FHJGfjL.exe
  2⤵
  PID:4364
- C:\Windows\System\uHWcUVI.exe
  C:\Windows\System\uHWcUVI.exe
  2⤵
  PID:4380
- C:\Windows\System\ohqXIaY.exe
  C:\Windows\System\ohqXIaY.exe
  2⤵
  PID:4404
- C:\Windows\System\kzjVZeJ.exe
  C:\Windows\System\kzjVZeJ.exe
  2⤵
  PID:4420
- C:\Windows\System\lFHjTRz.exe
  C:\Windows\System\lFHjTRz.exe
  2⤵
  PID:4444
- C:\Windows\System\kdXlgNH.exe
  C:\Windows\System\kdXlgNH.exe
  2⤵
  PID:4460
- C:\Windows\System\OHjXruY.exe
  C:\Windows\System\OHjXruY.exe
  2⤵
  PID:4484
- C:\Windows\System\qpIjhgg.exe
  C:\Windows\System\qpIjhgg.exe
  2⤵
  PID:4500
- C:\Windows\System\AZzFlaY.exe
  C:\Windows\System\AZzFlaY.exe
  2⤵
  PID:4524
- C:\Windows\System\BvECdef.exe
  C:\Windows\System\BvECdef.exe
  2⤵
  PID:4540
- C:\Windows\System\ExfDrXb.exe
  C:\Windows\System\ExfDrXb.exe
  2⤵
  PID:4560
- C:\Windows\System\cXqugTf.exe
  C:\Windows\System\cXqugTf.exe
  2⤵
  PID:4580
- C:\Windows\System\DQZyoev.exe
  C:\Windows\System\DQZyoev.exe
  2⤵
  PID:4600
- C:\Windows\System\eYooqXp.exe
  C:\Windows\System\eYooqXp.exe
  2⤵
  PID:4624
- C:\Windows\System\ifIItnu.exe
  C:\Windows\System\ifIItnu.exe
  2⤵
  PID:4644
- C:\Windows\System\dJqCjbk.exe
  C:\Windows\System\dJqCjbk.exe
  2⤵
  PID:4664
- C:\Windows\System\TbUXLgN.exe
  C:\Windows\System\TbUXLgN.exe
  2⤵
  PID:4688
- C:\Windows\System\WIVLUaM.exe
  C:\Windows\System\WIVLUaM.exe
  2⤵
  PID:4704
- C:\Windows\System\bohwjIL.exe
  C:\Windows\System\bohwjIL.exe
  2⤵
  PID:4724
- C:\Windows\System\uvKcnTV.exe
  C:\Windows\System\uvKcnTV.exe
  2⤵
  PID:4744
- C:\Windows\System\JPhUNeM.exe
  C:\Windows\System\JPhUNeM.exe
  2⤵
  PID:4764
- C:\Windows\System\TBaxMdj.exe
  C:\Windows\System\TBaxMdj.exe
  2⤵
  PID:4788
- C:\Windows\System\BuVPTLT.exe
  C:\Windows\System\BuVPTLT.exe
  2⤵
  PID:4804
- C:\Windows\System\HpYvbnx.exe
  C:\Windows\System\HpYvbnx.exe
  2⤵
  PID:4824
- C:\Windows\System\ScXqknL.exe
  C:\Windows\System\ScXqknL.exe
  2⤵
  PID:4844
- C:\Windows\System\koQQjLb.exe
  C:\Windows\System\koQQjLb.exe
  2⤵
  PID:4864
- C:\Windows\System\yeeaGVq.exe
  C:\Windows\System\yeeaGVq.exe
  2⤵
  PID:4884
- C:\Windows\System\SrFxYCD.exe
  C:\Windows\System\SrFxYCD.exe
  2⤵
  PID:4904
- C:\Windows\System\yXsREho.exe
  C:\Windows\System\yXsREho.exe
  2⤵
  PID:4928
- C:\Windows\System\dNjrBNl.exe
  C:\Windows\System\dNjrBNl.exe
  2⤵
  PID:4948
- C:\Windows\System\JNTaPyz.exe
  C:\Windows\System\JNTaPyz.exe
  2⤵
  PID:4964
- C:\Windows\System\smevUFG.exe
  C:\Windows\System\smevUFG.exe
  2⤵
  PID:4988
- C:\Windows\System\ACdYqtP.exe
  C:\Windows\System\ACdYqtP.exe
  2⤵
  PID:5008
- C:\Windows\System\YWrNghd.exe
  C:\Windows\System\YWrNghd.exe
  2⤵
  PID:5028
- C:\Windows\System\eKbTMKL.exe
  C:\Windows\System\eKbTMKL.exe
  2⤵
  PID:5048
- C:\Windows\System\cWgUbTl.exe
  C:\Windows\System\cWgUbTl.exe
  2⤵
  PID:5064
- C:\Windows\System\EwjWaZm.exe
  C:\Windows\System\EwjWaZm.exe
  2⤵
  PID:5084
- C:\Windows\System\pGTxRBC.exe
  C:\Windows\System\pGTxRBC.exe
  2⤵
  PID:5104
- C:\Windows\System\XFfhEcv.exe
  C:\Windows\System\XFfhEcv.exe
  2⤵
  PID:3272
- C:\Windows\System\TLTmznN.exe
  C:\Windows\System\TLTmznN.exe
  2⤵
  PID:3392
- C:\Windows\System\tACnubX.exe
  C:\Windows\System\tACnubX.exe
  2⤵
  PID:3444
- C:\Windows\System\slpGqwl.exe
  C:\Windows\System\slpGqwl.exe
  2⤵
  PID:3700
- C:\Windows\System\qUKSpOy.exe
  C:\Windows\System\qUKSpOy.exe
  2⤵
  PID:3872
- C:\Windows\System\aFEoeYr.exe
  C:\Windows\System\aFEoeYr.exe
  2⤵
  PID:3976
- C:\Windows\System\GHgLjvH.exe
  C:\Windows\System\GHgLjvH.exe
  2⤵
  PID:3076
- C:\Windows\System\MXswTGc.exe
  C:\Windows\System\MXswTGc.exe
  2⤵
  PID:1652
- C:\Windows\System\HCyfxFD.exe
  C:\Windows\System\HCyfxFD.exe
  2⤵
  PID:1584
- C:\Windows\System\NjJhROn.exe
  C:\Windows\System\NjJhROn.exe
  2⤵
  PID:4168
- C:\Windows\System\RLZDnkK.exe
  C:\Windows\System\RLZDnkK.exe
  2⤵
  PID:4196
- C:\Windows\System\mxHBhdP.exe
  C:\Windows\System\mxHBhdP.exe
  2⤵
  PID:4220
- C:\Windows\System\BxjOWZm.exe
  C:\Windows\System\BxjOWZm.exe
  2⤵
  PID:4276
- C:\Windows\System\IEBKlQh.exe
  C:\Windows\System\IEBKlQh.exe
  2⤵
  PID:1800
- C:\Windows\System\CMHfYtW.exe
  C:\Windows\System\CMHfYtW.exe
  2⤵
  PID:4348
- C:\Windows\System\MbJUXYH.exe
  C:\Windows\System\MbJUXYH.exe
  2⤵
  PID:4328
- C:\Windows\System\NCLmOBM.exe
  C:\Windows\System\NCLmOBM.exe
  2⤵
  PID:4400
- C:\Windows\System\tFBqYRz.exe
  C:\Windows\System\tFBqYRz.exe
  2⤵
  PID:4428
- C:\Windows\System\myDnydv.exe
  C:\Windows\System\myDnydv.exe
  2⤵
  PID:4452
- C:\Windows\System\BpVHAEp.exe
  C:\Windows\System\BpVHAEp.exe
  2⤵
  PID:4508
- C:\Windows\System\silseeh.exe
  C:\Windows\System\silseeh.exe
  2⤵
  PID:4496
- C:\Windows\System\sPtjVIm.exe
  C:\Windows\System\sPtjVIm.exe
  2⤵
  PID:4552
- C:\Windows\System\Olwniam.exe
  C:\Windows\System\Olwniam.exe
  2⤵
  PID:4596
- C:\Windows\System\xRNmsWR.exe
  C:\Windows\System\xRNmsWR.exe
  2⤵
  PID:4636
- C:\Windows\System\HtYayWA.exe
  C:\Windows\System\HtYayWA.exe
  2⤵
  PID:4652
- C:\Windows\System\RlfJNzT.exe
  C:\Windows\System\RlfJNzT.exe
  2⤵
  PID:4696
- C:\Windows\System\oEvqjwq.exe
  C:\Windows\System\oEvqjwq.exe
  2⤵
  PID:4752
- C:\Windows\System\ZfMqkVI.exe
  C:\Windows\System\ZfMqkVI.exe
  2⤵
  PID:4740
- C:\Windows\System\nlVOovH.exe
  C:\Windows\System\nlVOovH.exe
  2⤵
  PID:4796
- C:\Windows\System\BqoCSkb.exe
  C:\Windows\System\BqoCSkb.exe
  2⤵
  PID:4820
- C:\Windows\System\MIlFaBE.exe
  C:\Windows\System\MIlFaBE.exe
  2⤵
  PID:4876
- C:\Windows\System\MdVbVSt.exe
  C:\Windows\System\MdVbVSt.exe
  2⤵
  PID:4916
- C:\Windows\System\qLdlvhN.exe
  C:\Windows\System\qLdlvhN.exe
  2⤵
  PID:4924
- C:\Windows\System\TnyqUiB.exe
  C:\Windows\System\TnyqUiB.exe
  2⤵
  PID:4936
- C:\Windows\System\GvYpmKa.exe
  C:\Windows\System\GvYpmKa.exe
  2⤵
  PID:4972
- C:\Windows\System\qDdiiwk.exe
  C:\Windows\System\qDdiiwk.exe
  2⤵
  PID:5020
- C:\Windows\System\fAgVCQd.exe
  C:\Windows\System\fAgVCQd.exe
  2⤵
  PID:5072
- C:\Windows\System\ptVvrwu.exe
  C:\Windows\System\ptVvrwu.exe
  2⤵
  PID:5112
- C:\Windows\System\LEiSdRn.exe
  C:\Windows\System\LEiSdRn.exe
  2⤵
  PID:3148
- C:\Windows\System\AvstJsJ.exe
  C:\Windows\System\AvstJsJ.exe
  2⤵
  PID:3116
- C:\Windows\System\xDZUycu.exe
  C:\Windows\System\xDZUycu.exe
  2⤵
  PID:3532
- C:\Windows\System\kMBrvXz.exe
  C:\Windows\System\kMBrvXz.exe
  2⤵
  PID:3992
- C:\Windows\System\CEzTvUo.exe
  C:\Windows\System\CEzTvUo.exe
  2⤵
  PID:3004
- C:\Windows\System\PUDKLBJ.exe
  C:\Windows\System\PUDKLBJ.exe
  2⤵
  PID:4148
- C:\Windows\System\QdkZixp.exe
  C:\Windows\System\QdkZixp.exe
  2⤵
  PID:4176
- C:\Windows\System\MhXoOqq.exe
  C:\Windows\System\MhXoOqq.exe
  2⤵
  PID:4268
- C:\Windows\System\SLmsTmA.exe
  C:\Windows\System\SLmsTmA.exe
  2⤵
  PID:4316
- C:\Windows\System\kWarrgs.exe
  C:\Windows\System\kWarrgs.exe
  2⤵
  PID:4356
- C:\Windows\System\lAdfVuq.exe
  C:\Windows\System\lAdfVuq.exe
  2⤵
  PID:4436
- C:\Windows\System\vlqGySb.exe
  C:\Windows\System\vlqGySb.exe
  2⤵
  PID:4468
- C:\Windows\System\HPZfhTm.exe
  C:\Windows\System\HPZfhTm.exe
  2⤵
  PID:4572
- C:\Windows\System\fkYkOmm.exe
  C:\Windows\System\fkYkOmm.exe
  2⤵
  PID:4548
- C:\Windows\System\GdqBjdu.exe
  C:\Windows\System\GdqBjdu.exe
  2⤵
  PID:4620
- C:\Windows\System\Kgviuuq.exe
  C:\Windows\System\Kgviuuq.exe
  2⤵
  PID:4680
- C:\Windows\System\ZSmcFxC.exe
  C:\Windows\System\ZSmcFxC.exe
  2⤵
  PID:4776
- C:\Windows\System\YYcsUYS.exe
  C:\Windows\System\YYcsUYS.exe
  2⤵
  PID:4872
- C:\Windows\System\vyVrcuF.exe
  C:\Windows\System\vyVrcuF.exe
  2⤵
  PID:4816
- C:\Windows\System\PsqcdXe.exe
  C:\Windows\System\PsqcdXe.exe
  2⤵
  PID:4996
- C:\Windows\System\flFfXVc.exe
  C:\Windows\System\flFfXVc.exe
  2⤵
  PID:5044
- C:\Windows\System\eEqBQhw.exe
  C:\Windows\System\eEqBQhw.exe
  2⤵
  PID:4940
- C:\Windows\System\jyXIUxP.exe
  C:\Windows\System\jyXIUxP.exe
  2⤵
  PID:5060
- C:\Windows\System\OJtdeev.exe
  C:\Windows\System\OJtdeev.exe
  2⤵
  PID:3348
- C:\Windows\System\hwhCrHw.exe
  C:\Windows\System\hwhCrHw.exe
  2⤵
  PID:3752
- C:\Windows\System\duIawGs.exe
  C:\Windows\System\duIawGs.exe
  2⤵
  PID:4152
- C:\Windows\System\ezeltGm.exe
  C:\Windows\System\ezeltGm.exe
  2⤵
  PID:4116
- C:\Windows\System\MAktshq.exe
  C:\Windows\System\MAktshq.exe
  2⤵
  PID:4248
- C:\Windows\System\EPPgZoh.exe
  C:\Windows\System\EPPgZoh.exe
  2⤵
  PID:4272
- C:\Windows\System\TVCHFPG.exe
  C:\Windows\System\TVCHFPG.exe
  2⤵
  PID:4412
- C:\Windows\System\NNGbuTH.exe
  C:\Windows\System\NNGbuTH.exe
  2⤵
  PID:4492
- C:\Windows\System\GItMzhk.exe
  C:\Windows\System\GItMzhk.exe
  2⤵
  PID:4568
- C:\Windows\System\mycHyOT.exe
  C:\Windows\System\mycHyOT.exe
  2⤵
  PID:4772
- C:\Windows\System\iclLxhl.exe
  C:\Windows\System\iclLxhl.exe
  2⤵
  PID:4736
- C:\Windows\System\HTTowbH.exe
  C:\Windows\System\HTTowbH.exe
  2⤵
  PID:4852
- C:\Windows\System\erdjJsf.exe
  C:\Windows\System\erdjJsf.exe
  2⤵
  PID:4856
- C:\Windows\System\SzNGrnY.exe
  C:\Windows\System\SzNGrnY.exe
  2⤵
  PID:5000
- C:\Windows\System\rXjSkPr.exe
  C:\Windows\System\rXjSkPr.exe
  2⤵
  PID:3324
- C:\Windows\System\IbeQcge.exe
  C:\Windows\System\IbeQcge.exe
  2⤵
  PID:3940
- C:\Windows\System\LedGyQT.exe
  C:\Windows\System\LedGyQT.exe
  2⤵
  PID:5128
- C:\Windows\System\dNREhcU.exe
  C:\Windows\System\dNREhcU.exe
  2⤵
  PID:5152
- C:\Windows\System\JHpyozH.exe
  C:\Windows\System\JHpyozH.exe
  2⤵
  PID:5176
- C:\Windows\System\dKMRvzR.exe
  C:\Windows\System\dKMRvzR.exe
  2⤵
  PID:5196
- C:\Windows\System\FYJoFwR.exe
  C:\Windows\System\FYJoFwR.exe
  2⤵
  PID:5216
- C:\Windows\System\wStNpJT.exe
  C:\Windows\System\wStNpJT.exe
  2⤵
  PID:5236
- C:\Windows\System\GINXVFB.exe
  C:\Windows\System\GINXVFB.exe
  2⤵
  PID:5256
- C:\Windows\System\RgEqFap.exe
  C:\Windows\System\RgEqFap.exe
  2⤵
  PID:5276
- C:\Windows\System\ruWrALg.exe
  C:\Windows\System\ruWrALg.exe
  2⤵
  PID:5292
- C:\Windows\System\VjFRBeE.exe
  C:\Windows\System\VjFRBeE.exe
  2⤵
  PID:5316
- C:\Windows\System\qVTIfTF.exe
  C:\Windows\System\qVTIfTF.exe
  2⤵
  PID:5332
- C:\Windows\System\SbSUWsW.exe
  C:\Windows\System\SbSUWsW.exe
  2⤵
  PID:5352
- C:\Windows\System\bcgbWjg.exe
  C:\Windows\System\bcgbWjg.exe
  2⤵
  PID:5372
- C:\Windows\System\flODZrK.exe
  C:\Windows\System\flODZrK.exe
  2⤵
  PID:5392
- C:\Windows\System\bfmmBgq.exe
  C:\Windows\System\bfmmBgq.exe
  2⤵
  PID:5416
- C:\Windows\System\eqFUQJo.exe
  C:\Windows\System\eqFUQJo.exe
  2⤵
  PID:5436
- C:\Windows\System\YRtLvoS.exe
  C:\Windows\System\YRtLvoS.exe
  2⤵
  PID:5456
- C:\Windows\System\XVYznNM.exe
  C:\Windows\System\XVYznNM.exe
  2⤵
  PID:5476
- C:\Windows\System\JYtYmWi.exe
  C:\Windows\System\JYtYmWi.exe
  2⤵
  PID:5496
- C:\Windows\System\NXrQMGj.exe
  C:\Windows\System\NXrQMGj.exe
  2⤵
  PID:5516
- C:\Windows\System\QDZFeES.exe
  C:\Windows\System\QDZFeES.exe
  2⤵
  PID:5536
- C:\Windows\System\OmRbcwl.exe
  C:\Windows\System\OmRbcwl.exe
  2⤵
  PID:5556
- C:\Windows\System\GkCgrMd.exe
  C:\Windows\System\GkCgrMd.exe
  2⤵
  PID:5572
- C:\Windows\System\yRELAeK.exe
  C:\Windows\System\yRELAeK.exe
  2⤵
  PID:5600
- C:\Windows\System\pijFAnT.exe
  C:\Windows\System\pijFAnT.exe
  2⤵
  PID:5620
- C:\Windows\System\judNBcL.exe
  C:\Windows\System\judNBcL.exe
  2⤵
  PID:5640
- C:\Windows\System\IphuSqc.exe
  C:\Windows\System\IphuSqc.exe
  2⤵
  PID:5660
- C:\Windows\System\GAGKMGv.exe
  C:\Windows\System\GAGKMGv.exe
  2⤵
  PID:5676
- C:\Windows\System\cJRDKTx.exe
  C:\Windows\System\cJRDKTx.exe
  2⤵
  PID:5700
- C:\Windows\System\KeRhPhF.exe
  C:\Windows\System\KeRhPhF.exe
  2⤵
  PID:5720
- C:\Windows\System\AIVFHno.exe
  C:\Windows\System\AIVFHno.exe
  2⤵
  PID:5736
- C:\Windows\System\VxUsEGP.exe
  C:\Windows\System\VxUsEGP.exe
  2⤵
  PID:5760
- C:\Windows\System\FYehych.exe
  C:\Windows\System\FYehych.exe
  2⤵
  PID:5776
- C:\Windows\System\AlojmqN.exe
  C:\Windows\System\AlojmqN.exe
  2⤵
  PID:5800
- C:\Windows\System\CAdlZwA.exe
  C:\Windows\System\CAdlZwA.exe
  2⤵
  PID:5816
- C:\Windows\System\gisMecu.exe
  C:\Windows\System\gisMecu.exe
  2⤵
  PID:5840
- C:\Windows\System\ITiPoxI.exe
  C:\Windows\System\ITiPoxI.exe
  2⤵
  PID:5860
- C:\Windows\System\LzbRPwa.exe
  C:\Windows\System\LzbRPwa.exe
  2⤵
  PID:5880
- C:\Windows\System\FDYpVAP.exe
  C:\Windows\System\FDYpVAP.exe
  2⤵
  PID:5900
- C:\Windows\System\PyUjLJi.exe
  C:\Windows\System\PyUjLJi.exe
  2⤵
  PID:5920
- C:\Windows\System\IKxYuIA.exe
  C:\Windows\System\IKxYuIA.exe
  2⤵
  PID:5940
- C:\Windows\System\FTByhlX.exe
  C:\Windows\System\FTByhlX.exe
  2⤵
  PID:5960
- C:\Windows\System\fFGouDE.exe
  C:\Windows\System\fFGouDE.exe
  2⤵
  PID:5980
- C:\Windows\System\YzjWSEn.exe
  C:\Windows\System\YzjWSEn.exe
  2⤵
  PID:6000
- C:\Windows\System\LhonoBy.exe
  C:\Windows\System\LhonoBy.exe
  2⤵
  PID:6020
- C:\Windows\System\AwZjhrj.exe
  C:\Windows\System\AwZjhrj.exe
  2⤵
  PID:6040
- C:\Windows\System\vnirNzW.exe
  C:\Windows\System\vnirNzW.exe
  2⤵
  PID:6060
- C:\Windows\System\otQovRn.exe
  C:\Windows\System\otQovRn.exe
  2⤵
  PID:6080
- C:\Windows\System\GwGcuyX.exe
  C:\Windows\System\GwGcuyX.exe
  2⤵
  PID:6100
- C:\Windows\System\feGFEOb.exe
  C:\Windows\System\feGFEOb.exe
  2⤵
  PID:6120
- C:\Windows\System\azGvWOB.exe
  C:\Windows\System\azGvWOB.exe
  2⤵
  PID:6140
- C:\Windows\System\wRmWKPP.exe
  C:\Windows\System\wRmWKPP.exe
  2⤵
  PID:4092
- C:\Windows\System\qfqHTrC.exe
  C:\Windows\System\qfqHTrC.exe
  2⤵
  PID:4520
- C:\Windows\System\mOXqBrR.exe
  C:\Windows\System\mOXqBrR.exe
  2⤵
  PID:4536
- C:\Windows\System\UWvhhoZ.exe
  C:\Windows\System\UWvhhoZ.exe
  2⤵
  PID:4832
- C:\Windows\System\hlxcZFg.exe
  C:\Windows\System\hlxcZFg.exe
  2⤵
  PID:2748
- C:\Windows\System\lrVVPbo.exe
  C:\Windows\System\lrVVPbo.exe
  2⤵
  PID:4980
- C:\Windows\System\ivtdcpT.exe
  C:\Windows\System\ivtdcpT.exe
  2⤵
  PID:5136
- C:\Windows\System\wTPRZRq.exe
  C:\Windows\System\wTPRZRq.exe
  2⤵
  PID:3412
- C:\Windows\System\JHHSECO.exe
  C:\Windows\System\JHHSECO.exe
  2⤵
  PID:5164
- C:\Windows\System\gZyFTPX.exe
  C:\Windows\System\gZyFTPX.exe
  2⤵
  PID:5188
- C:\Windows\System\OWliEAn.exe
  C:\Windows\System\OWliEAn.exe
  2⤵
  PID:5224
- C:\Windows\System\ClOMMAE.exe
  C:\Windows\System\ClOMMAE.exe
  2⤵
  PID:5252
- C:\Windows\System\UrbNiHq.exe
  C:\Windows\System\UrbNiHq.exe
  2⤵
  PID:5304
- C:\Windows\System\llIzUiL.exe
  C:\Windows\System\llIzUiL.exe
  2⤵
  PID:5340
- C:\Windows\System\BkQBMOW.exe
  C:\Windows\System\BkQBMOW.exe
  2⤵
  PID:5380
- C:\Windows\System\sdaDvin.exe
  C:\Windows\System\sdaDvin.exe
  2⤵
  PID:5364
- C:\Windows\System\gSylyQh.exe
  C:\Windows\System\gSylyQh.exe
  2⤵
  PID:5408
- C:\Windows\System\CuImEfW.exe
  C:\Windows\System\CuImEfW.exe
  2⤵
  PID:5472
- C:\Windows\System\GOCQWMQ.exe
  C:\Windows\System\GOCQWMQ.exe
  2⤵
  PID:5504
- C:\Windows\System\REohjcv.exe
  C:\Windows\System\REohjcv.exe
  2⤵
  PID:5524
- C:\Windows\System\GAxcGnd.exe
  C:\Windows\System\GAxcGnd.exe
  2⤵
  PID:5580
- C:\Windows\System\xSWXgEY.exe
  C:\Windows\System\xSWXgEY.exe
  2⤵
  PID:5592
- C:\Windows\System\lmjeCGI.exe
  C:\Windows\System\lmjeCGI.exe
  2⤵
  PID:5636
- C:\Windows\System\cHWukEz.exe
  C:\Windows\System\cHWukEz.exe
  2⤵
  PID:5672
- C:\Windows\System\wQPvyHB.exe
  C:\Windows\System\wQPvyHB.exe
  2⤵
  PID:5708
- C:\Windows\System\pOuYMze.exe
  C:\Windows\System\pOuYMze.exe
  2⤵
  PID:5728
- C:\Windows\System\nuTObUo.exe
  C:\Windows\System\nuTObUo.exe
  2⤵
  PID:5748
- C:\Windows\System\XzbmGpS.exe
  C:\Windows\System\XzbmGpS.exe
  2⤵
  PID:2708
- C:\Windows\System\uWrmOSy.exe
  C:\Windows\System\uWrmOSy.exe
  2⤵
  PID:5824
- C:\Windows\System\mJxGmiD.exe
  C:\Windows\System\mJxGmiD.exe
  2⤵
  PID:5856
- C:\Windows\System\ocBfKio.exe
  C:\Windows\System\ocBfKio.exe
  2⤵
  PID:5888
- C:\Windows\System\yIrUYuH.exe
  C:\Windows\System\yIrUYuH.exe
  2⤵
  PID:5596
- C:\Windows\System\yrswmxy.exe
  C:\Windows\System\yrswmxy.exe
  2⤵
  PID:5932
- C:\Windows\System\vcurXma.exe
  C:\Windows\System\vcurXma.exe
  2⤵
  PID:5976
- C:\Windows\System\tZyFecl.exe
  C:\Windows\System\tZyFecl.exe
  2⤵
  PID:6012
- C:\Windows\System\NwfndrM.exe
  C:\Windows\System\NwfndrM.exe
  2⤵
  PID:6048
- C:\Windows\System\OztrlbK.exe
  C:\Windows\System\OztrlbK.exe
  2⤵
  PID:6076
- C:\Windows\System\DkhotsF.exe
  C:\Windows\System\DkhotsF.exe
  2⤵
  PID:6112
- C:\Windows\System\MelfEzX.exe
  C:\Windows\System\MelfEzX.exe
  2⤵
  PID:3912
- C:\Windows\System\gxIpKXP.exe
  C:\Windows\System\gxIpKXP.exe
  2⤵
  PID:4256
- C:\Windows\System\JUSoCjq.exe
  C:\Windows\System\JUSoCjq.exe
  2⤵
  PID:4656
- C:\Windows\System\AUruPHG.exe
  C:\Windows\System\AUruPHG.exe
  2⤵
  PID:4860
- C:\Windows\System\eHKUhlz.exe
  C:\Windows\System\eHKUhlz.exe
  2⤵
  PID:3656
- C:\Windows\System\WxKGPmM.exe
  C:\Windows\System\WxKGPmM.exe
  2⤵
  PID:5160
- C:\Windows\System\bGhfVYo.exe
  C:\Windows\System\bGhfVYo.exe
  2⤵
  PID:5184
- C:\Windows\System\EiuTqzR.exe
  C:\Windows\System\EiuTqzR.exe
  2⤵
  PID:5264
- C:\Windows\System\GqlOZrh.exe
  C:\Windows\System\GqlOZrh.exe
  2⤵
  PID:5268
- C:\Windows\System\JxRRNPY.exe
  C:\Windows\System\JxRRNPY.exe
  2⤵
  PID:5312
- C:\Windows\System\iUsOxok.exe
  C:\Windows\System\iUsOxok.exe
  2⤵
  PID:5404
- C:\Windows\System\tMLQQwd.exe
  C:\Windows\System\tMLQQwd.exe
  2⤵
  PID:5452
- C:\Windows\System\RDsleYY.exe
  C:\Windows\System\RDsleYY.exe
  2⤵
  PID:5468
- C:\Windows\System\RXvLFIe.exe
  C:\Windows\System\RXvLFIe.exe
  2⤵
  PID:5532
- C:\Windows\System\NiTEhKu.exe
  C:\Windows\System\NiTEhKu.exe
  2⤵
  PID:5612
- C:\Windows\System\xXHguPq.exe
  C:\Windows\System\xXHguPq.exe
  2⤵
  PID:5668
- C:\Windows\System\hyqvbuI.exe
  C:\Windows\System\hyqvbuI.exe
  2⤵
  PID:5692
- C:\Windows\System\QErPWiI.exe
  C:\Windows\System\QErPWiI.exe
  2⤵
  PID:5772
- C:\Windows\System\bpwpRkA.exe
  C:\Windows\System\bpwpRkA.exe
  2⤵
  PID:5808
- C:\Windows\System\kfPaacZ.exe
  C:\Windows\System\kfPaacZ.exe
  2⤵
  PID:5828
- C:\Windows\System\YAcIrjM.exe
  C:\Windows\System\YAcIrjM.exe
  2⤵
  PID:5892
- C:\Windows\System\CFtijbs.exe
  C:\Windows\System\CFtijbs.exe
  2⤵
  PID:5992
- C:\Windows\System\WirqEYi.exe
  C:\Windows\System\WirqEYi.exe
  2⤵
  PID:6056
- C:\Windows\System\tHTrStx.exe
  C:\Windows\System\tHTrStx.exe
  2⤵
  PID:6092
- C:\Windows\System\hCbLbAd.exe
  C:\Windows\System\hCbLbAd.exe
  2⤵
  PID:6136
- C:\Windows\System\ouLaKTK.exe
  C:\Windows\System\ouLaKTK.exe
  2⤵
  PID:4632
- C:\Windows\System\VfpxnpF.exe
  C:\Windows\System\VfpxnpF.exe
  2⤵
  PID:5056
- C:\Windows\System\JcWhSRS.exe
  C:\Windows\System\JcWhSRS.exe
  2⤵
  PID:5148
- C:\Windows\System\etMxasi.exe
  C:\Windows\System\etMxasi.exe
  2⤵
  PID:5228
- C:\Windows\System\sjPVtAh.exe
  C:\Windows\System\sjPVtAh.exe
  2⤵
  PID:2668
- C:\Windows\System\CDVkTmE.exe
  C:\Windows\System\CDVkTmE.exe
  2⤵
  PID:5360
- C:\Windows\System\TDoKVjV.exe
  C:\Windows\System\TDoKVjV.exe
  2⤵
  PID:5444
- C:\Windows\System\EjMrgBr.exe
  C:\Windows\System\EjMrgBr.exe
  2⤵
  PID:2212
- C:\Windows\System\GbXWMAf.exe
  C:\Windows\System\GbXWMAf.exe
  2⤵
  PID:5492
- C:\Windows\System\STnhpop.exe
  C:\Windows\System\STnhpop.exe
  2⤵
  PID:5688
- C:\Windows\System\ThomrVS.exe
  C:\Windows\System\ThomrVS.exe
  2⤵
  PID:5784
- C:\Windows\System\xlsrhOQ.exe
  C:\Windows\System\xlsrhOQ.exe
  2⤵
  PID:5968
- C:\Windows\System\ocVLRqf.exe
  C:\Windows\System\ocVLRqf.exe
  2⤵
  PID:5868
- C:\Windows\System\wFCiabB.exe
  C:\Windows\System\wFCiabB.exe
  2⤵
  PID:6032
- C:\Windows\System\SfcebnA.exe
  C:\Windows\System\SfcebnA.exe
  2⤵
  PID:2908
- C:\Windows\System\umKhBhY.exe
  C:\Windows\System\umKhBhY.exe
  2⤵
  PID:2136
- C:\Windows\System\ChNTMyH.exe
  C:\Windows\System\ChNTMyH.exe
  2⤵
  PID:4312
- C:\Windows\System\BPGlBHt.exe
  C:\Windows\System\BPGlBHt.exe
  2⤵
  PID:5324
- C:\Windows\System\kJkCJTX.exe
  C:\Windows\System\kJkCJTX.exe
  2⤵
  PID:5568
- C:\Windows\System\RObcHRv.exe
  C:\Windows\System\RObcHRv.exe
  2⤵
  PID:5684
- C:\Windows\System\GQovxdT.exe
  C:\Windows\System\GQovxdT.exe
  2⤵
  PID:5628
- C:\Windows\System\IjDNxjw.exe
  C:\Windows\System\IjDNxjw.exe
  2⤵
  PID:5716
- C:\Windows\System\ditNhfG.exe
  C:\Windows\System\ditNhfG.exe
  2⤵
  PID:2580
- C:\Windows\System\doufCrZ.exe
  C:\Windows\System\doufCrZ.exe
  2⤵
  PID:6168
- C:\Windows\System\nEAfgdG.exe
  C:\Windows\System\nEAfgdG.exe
  2⤵
  PID:6188
- C:\Windows\System\hVkkncD.exe
  C:\Windows\System\hVkkncD.exe
  2⤵
  PID:6208
- C:\Windows\System\YluNKsP.exe
  C:\Windows\System\YluNKsP.exe
  2⤵
  PID:6232
- C:\Windows\System\bwgOekv.exe
  C:\Windows\System\bwgOekv.exe
  2⤵
  PID:6256
- C:\Windows\System\BokcAIE.exe
  C:\Windows\System\BokcAIE.exe
  2⤵
  PID:6276
- C:\Windows\System\mgDurHX.exe
  C:\Windows\System\mgDurHX.exe
  2⤵
  PID:6296
- C:\Windows\System\KwKqseJ.exe
  C:\Windows\System\KwKqseJ.exe
  2⤵
  PID:6316
- C:\Windows\System\gFcntCM.exe
  C:\Windows\System\gFcntCM.exe
  2⤵
  PID:6336
- C:\Windows\System\saybavo.exe
  C:\Windows\System\saybavo.exe
  2⤵
  PID:6356
- C:\Windows\System\lXYBsLA.exe
  C:\Windows\System\lXYBsLA.exe
  2⤵
  PID:6376
- C:\Windows\System\pINIzEa.exe
  C:\Windows\System\pINIzEa.exe
  2⤵
  PID:6396
- C:\Windows\System\WtSFVLw.exe
  C:\Windows\System\WtSFVLw.exe
  2⤵
  PID:6416
- C:\Windows\System\ChnPInN.exe
  C:\Windows\System\ChnPInN.exe
  2⤵
  PID:6436
- C:\Windows\System\vIAaQFL.exe
  C:\Windows\System\vIAaQFL.exe
  2⤵
  PID:6456
- C:\Windows\System\EFOQfYh.exe
  C:\Windows\System\EFOQfYh.exe
  2⤵
  PID:6484
- C:\Windows\System\WtzpCqz.exe
  C:\Windows\System\WtzpCqz.exe
  2⤵
  PID:6504
- C:\Windows\System\xvEEgIF.exe
  C:\Windows\System\xvEEgIF.exe
  2⤵
  PID:6524
- C:\Windows\System\cxysBCD.exe
  C:\Windows\System\cxysBCD.exe
  2⤵
  PID:6544
- C:\Windows\System\BhScHAH.exe
  C:\Windows\System\BhScHAH.exe
  2⤵
  PID:6564
- C:\Windows\System\IsjYyTr.exe
  C:\Windows\System\IsjYyTr.exe
  2⤵
  PID:6584
- C:\Windows\System\AhzQAMe.exe
  C:\Windows\System\AhzQAMe.exe
  2⤵
  PID:6604
- C:\Windows\System\axoZMxF.exe
  C:\Windows\System\axoZMxF.exe
  2⤵
  PID:6624
- C:\Windows\System\CMZenpb.exe
  C:\Windows\System\CMZenpb.exe
  2⤵
  PID:6644
- C:\Windows\System\pMfTCHI.exe
  C:\Windows\System\pMfTCHI.exe
  2⤵
  PID:6664
- C:\Windows\System\YgqJUPM.exe
  C:\Windows\System\YgqJUPM.exe
  2⤵
  PID:6684
- C:\Windows\System\zeaKcmI.exe
  C:\Windows\System\zeaKcmI.exe
  2⤵
  PID:6704
- C:\Windows\System\bKGInna.exe
  C:\Windows\System\bKGInna.exe
  2⤵
  PID:6724
- C:\Windows\System\aoVGZCI.exe
  C:\Windows\System\aoVGZCI.exe
  2⤵
  PID:6744
- C:\Windows\System\APCyKyC.exe
  C:\Windows\System\APCyKyC.exe
  2⤵
  PID:6764
- C:\Windows\System\vHcFKft.exe
  C:\Windows\System\vHcFKft.exe
  2⤵
  PID:6792
- C:\Windows\System\pJkwnCf.exe
  C:\Windows\System\pJkwnCf.exe
  2⤵
  PID:6812
- C:\Windows\System\CzErUqg.exe
  C:\Windows\System\CzErUqg.exe
  2⤵
  PID:6832
- C:\Windows\System\peReJqF.exe
  C:\Windows\System\peReJqF.exe
  2⤵
  PID:6852
- C:\Windows\System\hatigPy.exe
  C:\Windows\System\hatigPy.exe
  2⤵
  PID:6876
- C:\Windows\System\pwAIDyU.exe
  C:\Windows\System\pwAIDyU.exe
  2⤵
  PID:6900
- C:\Windows\System\DDoCCqC.exe
  C:\Windows\System\DDoCCqC.exe
  2⤵
  PID:6920
- C:\Windows\System\YgcKpBI.exe
  C:\Windows\System\YgcKpBI.exe
  2⤵
  PID:6940
- C:\Windows\System\xtDowoh.exe
  C:\Windows\System\xtDowoh.exe
  2⤵
  PID:6960
- C:\Windows\System\TfDDomI.exe
  C:\Windows\System\TfDDomI.exe
  2⤵
  PID:6980
- C:\Windows\System\lQLIsTq.exe
  C:\Windows\System\lQLIsTq.exe
  2⤵
  PID:7000
- C:\Windows\System\iYBZUHi.exe
  C:\Windows\System\iYBZUHi.exe
  2⤵
  PID:7020
- C:\Windows\System\wOjtieB.exe
  C:\Windows\System\wOjtieB.exe
  2⤵
  PID:7040
- C:\Windows\System\QzXViLi.exe
  C:\Windows\System\QzXViLi.exe
  2⤵
  PID:7060
- C:\Windows\System\ZATREsl.exe
  C:\Windows\System\ZATREsl.exe
  2⤵
  PID:7084
- C:\Windows\System\bUTFyRK.exe
  C:\Windows\System\bUTFyRK.exe
  2⤵
  PID:7108
- C:\Windows\System\HrKXUIh.exe
  C:\Windows\System\HrKXUIh.exe
  2⤵
  PID:7128
- C:\Windows\System\bnjJvqA.exe
  C:\Windows\System\bnjJvqA.exe
  2⤵
  PID:7148
- C:\Windows\System\mQpcqce.exe
  C:\Windows\System\mQpcqce.exe
  2⤵
  PID:2716
- C:\Windows\System\VDAGavD.exe
  C:\Windows\System\VDAGavD.exe
  2⤵
  PID:6072
- C:\Windows\System\SYHtSgz.exe
  C:\Windows\System\SYHtSgz.exe
  2⤵
  PID:4700
- C:\Windows\System\PbhNjsh.exe
  C:\Windows\System\PbhNjsh.exe
  2⤵
  PID:4120
- C:\Windows\System\CVfuUPH.exe
  C:\Windows\System\CVfuUPH.exe
  2⤵
  PID:5648
- C:\Windows\System\FiscSLk.exe
  C:\Windows\System\FiscSLk.exe
  2⤵
  PID:5548
- C:\Windows\System\lqCGsGE.exe
  C:\Windows\System\lqCGsGE.exe
  2⤵
  PID:6164
- C:\Windows\System\VeimOxm.exe
  C:\Windows\System\VeimOxm.exe
  2⤵
  PID:6196
- C:\Windows\System\bZAImrO.exe
  C:\Windows\System\bZAImrO.exe
  2⤵
  PID:6180
- C:\Windows\System\CXZvhCP.exe
  C:\Windows\System\CXZvhCP.exe
  2⤵
  PID:2992
- C:\Windows\System\YzjzEwo.exe
  C:\Windows\System\YzjzEwo.exe
  2⤵
  PID:6228
- C:\Windows\System\SjGZSiE.exe
  C:\Windows\System\SjGZSiE.exe
  2⤵
  PID:880
- C:\Windows\System\QjUqMUT.exe
  C:\Windows\System\QjUqMUT.exe
  2⤵
  PID:6308
- C:\Windows\System\vcvLowc.exe
  C:\Windows\System\vcvLowc.exe
  2⤵
  PID:6352
- C:\Windows\System\aDvADwb.exe
  C:\Windows\System\aDvADwb.exe
  2⤵
  PID:6404
- C:\Windows\System\YpUdiot.exe
  C:\Windows\System\YpUdiot.exe
  2⤵
  PID:6392
- C:\Windows\System\GQPLUrt.exe
  C:\Windows\System\GQPLUrt.exe
  2⤵
  PID:6452
- C:\Windows\System\OOWXmjI.exe
  C:\Windows\System\OOWXmjI.exe
  2⤵
  PID:5192
- C:\Windows\System\QzhNgcC.exe
  C:\Windows\System\QzhNgcC.exe
  2⤵
  PID:6492
- C:\Windows\System\kbIouws.exe
  C:\Windows\System\kbIouws.exe
  2⤵
  PID:6520
- C:\Windows\System\FdBKBZc.exe
  C:\Windows\System\FdBKBZc.exe
  2⤵
  PID:6560
- C:\Windows\System\nktqiVT.exe
  C:\Windows\System\nktqiVT.exe
  2⤵
  PID:6620
- C:\Windows\System\TMoRWBk.exe
  C:\Windows\System\TMoRWBk.exe
  2⤵
  PID:6596
- C:\Windows\System\JwZPIgK.exe
  C:\Windows\System\JwZPIgK.exe
  2⤵
  PID:2800
- C:\Windows\System\yMgKiHn.exe
  C:\Windows\System\yMgKiHn.exe
  2⤵
  PID:6692
- C:\Windows\System\HDHZVgJ.exe
  C:\Windows\System\HDHZVgJ.exe
  2⤵
  PID:6676
- C:\Windows\System\AjlIWSX.exe
  C:\Windows\System\AjlIWSX.exe
  2⤵
  PID:6712
- C:\Windows\System\JnJoRrC.exe
  C:\Windows\System\JnJoRrC.exe
  2⤵
  PID:6788
- C:\Windows\System\KYlNJLw.exe
  C:\Windows\System\KYlNJLw.exe
  2⤵
  PID:764
- C:\Windows\System\KerknWg.exe
  C:\Windows\System\KerknWg.exe
  2⤵
  PID:6804
- C:\Windows\System\dPYROnu.exe
  C:\Windows\System\dPYROnu.exe
  2⤵
  PID:6860
- C:\Windows\System\AXTllyi.exe
  C:\Windows\System\AXTllyi.exe
  2⤵
  PID:568
- C:\Windows\System\cZXZiWa.exe
  C:\Windows\System\cZXZiWa.exe
  2⤵
  PID:588
- C:\Windows\System\fPXSRCM.exe
  C:\Windows\System\fPXSRCM.exe
  2⤵
  PID:6948
- C:\Windows\System\xJuAIDx.exe
  C:\Windows\System\xJuAIDx.exe
  2⤵
  PID:6996
- C:\Windows\System\PQXBGwA.exe
  C:\Windows\System\PQXBGwA.exe
  2⤵
  PID:1248
- C:\Windows\System\QyUpNrU.exe
  C:\Windows\System\QyUpNrU.exe
  2⤵
  PID:7016
- C:\Windows\System\XSMXODe.exe
  C:\Windows\System\XSMXODe.exe
  2⤵
  PID:7052
- C:\Windows\System\pDZniTy.exe
  C:\Windows\System\pDZniTy.exe
  2⤵
  PID:7124
- C:\Windows\System\bDcCdwm.exe
  C:\Windows\System\bDcCdwm.exe
  2⤵
  PID:7144
- C:\Windows\System\lhCAJcc.exe
  C:\Windows\System\lhCAJcc.exe
  2⤵
  PID:6132
- C:\Windows\System\kFVgibz.exe
  C:\Windows\System\kFVgibz.exe
  2⤵
  PID:476
- C:\Windows\System\GhJuAWF.exe
  C:\Windows\System\GhJuAWF.exe
  2⤵
  PID:5464
- C:\Windows\System\mPTHNTX.exe
  C:\Windows\System\mPTHNTX.exe
  2⤵
  PID:6152
- C:\Windows\System\CYBshmZ.exe
  C:\Windows\System\CYBshmZ.exe
  2⤵
  PID:5916
- C:\Windows\System\yDJfECM.exe
  C:\Windows\System\yDJfECM.exe
  2⤵
  PID:2600
- C:\Windows\System\hHnItIA.exe
  C:\Windows\System\hHnItIA.exe
  2⤵
  PID:6248
- C:\Windows\System\rHhaASp.exe
  C:\Windows\System\rHhaASp.exe
  2⤵
  PID:6304
- C:\Windows\System\rigSoTs.exe
  C:\Windows\System\rigSoTs.exe
  2⤵
  PID:6368
- C:\Windows\System\KNdfDJB.exe
  C:\Windows\System\KNdfDJB.exe
  2⤵
  PID:1488
- C:\Windows\System\GItEfje.exe
  C:\Windows\System\GItEfje.exe
  2⤵
  PID:2008
- C:\Windows\System\LySpalH.exe
  C:\Windows\System\LySpalH.exe
  2⤵
  PID:3024
- C:\Windows\System\ADqmyah.exe
  C:\Windows\System\ADqmyah.exe
  2⤵
  PID:6592
- C:\Windows\System\hSKccxe.exe
  C:\Windows\System\hSKccxe.exe
  2⤵
  PID:6576
- C:\Windows\System\pGiVLvj.exe
  C:\Windows\System\pGiVLvj.exe
  2⤵
  PID:6632
- C:\Windows\System\jeOhpmp.exe
  C:\Windows\System\jeOhpmp.exe
  2⤵
  PID:6672
- C:\Windows\System\IgYJNGD.exe
  C:\Windows\System\IgYJNGD.exe
  2⤵
  PID:6760
- C:\Windows\System\JfQrVkD.exe
  C:\Windows\System\JfQrVkD.exe
  2⤵
  PID:6848
- C:\Windows\System\BIpaZED.exe
  C:\Windows\System\BIpaZED.exe
  2⤵
  PID:6916
- C:\Windows\System\kYSVmiN.exe
  C:\Windows\System\kYSVmiN.exe
  2⤵
  PID:6864
- C:\Windows\System\CUPuNtS.exe
  C:\Windows\System\CUPuNtS.exe
  2⤵
  PID:7036
- C:\Windows\System\QVDHTtu.exe
  C:\Windows\System\QVDHTtu.exe
  2⤵
  PID:6992
- C:\Windows\System\hBdZDqs.exe
  C:\Windows\System\hBdZDqs.exe
  2⤵
  PID:7116
- C:\Windows\System\ujaFFzk.exe
  C:\Windows\System\ujaFFzk.exe
  2⤵
  PID:7136
- C:\Windows\System\ogQYUcB.exe
  C:\Windows\System\ogQYUcB.exe
  2⤵
  PID:5080
- C:\Windows\System\dgbaSjj.exe
  C:\Windows\System\dgbaSjj.exe
  2⤵
  PID:5792
- C:\Windows\System\AFrCYCi.exe
  C:\Windows\System\AFrCYCi.exe
  2⤵
  PID:6176
- C:\Windows\System\zHyEVqI.exe
  C:\Windows\System\zHyEVqI.exe
  2⤵
  PID:2548
- C:\Windows\System\ycyVGrz.exe
  C:\Windows\System\ycyVGrz.exe
  2⤵
  PID:6364
- C:\Windows\System\ghWJMFm.exe
  C:\Windows\System\ghWJMFm.exe
  2⤵
  PID:6428
- C:\Windows\System\XIrAyGS.exe
  C:\Windows\System\XIrAyGS.exe
  2⤵
  PID:6480
- C:\Windows\System\DAJnySv.exe
  C:\Windows\System\DAJnySv.exe
  2⤵
  PID:6656
- C:\Windows\System\NfNXgSX.exe
  C:\Windows\System\NfNXgSX.exe
  2⤵
  PID:6780
- C:\Windows\System\SfHxIGu.exe
  C:\Windows\System\SfHxIGu.exe
  2⤵
  PID:1320
- C:\Windows\System\TnPLUbs.exe
  C:\Windows\System\TnPLUbs.exe
  2⤵
  PID:6824
- C:\Windows\System\xuVsxRc.exe
  C:\Windows\System\xuVsxRc.exe
  2⤵
  PID:6844
- C:\Windows\System\pLEQCpl.exe
  C:\Windows\System\pLEQCpl.exe
  2⤵
  PID:7164
- C:\Windows\System\xYxkAtv.exe
  C:\Windows\System\xYxkAtv.exe
  2⤵
  PID:6972
- C:\Windows\System\lmIvUdy.exe
  C:\Windows\System\lmIvUdy.exe
  2⤵
  PID:5908
- C:\Windows\System\ZJntjXS.exe
  C:\Windows\System\ZJntjXS.exe
  2⤵
  PID:6244
- C:\Windows\System\YXOOpgp.exe
  C:\Windows\System\YXOOpgp.exe
  2⤵
  PID:6328
- C:\Windows\System\evbKbAC.exe
  C:\Windows\System\evbKbAC.exe
  2⤵
  PID:6476
- C:\Windows\System\SJVfiCq.exe
  C:\Windows\System\SJVfiCq.exe
  2⤵
  PID:6600
- C:\Windows\System\UbvPcBF.exe
  C:\Windows\System\UbvPcBF.exe
  2⤵
  PID:6716
- C:\Windows\System\VXikRhS.exe
  C:\Windows\System\VXikRhS.exe
  2⤵
  PID:6952
- C:\Windows\System\ndxuVcD.exe
  C:\Windows\System\ndxuVcD.exe
  2⤵
  PID:7176
- C:\Windows\System\RavUsbE.exe
  C:\Windows\System\RavUsbE.exe
  2⤵
  PID:7196
- C:\Windows\System\jfhJgQb.exe
  C:\Windows\System\jfhJgQb.exe
  2⤵
  PID:7216
- C:\Windows\System\wFWYNcm.exe
  C:\Windows\System\wFWYNcm.exe
  2⤵
  PID:7240
- C:\Windows\System\mmVGEwR.exe
  C:\Windows\System\mmVGEwR.exe
  2⤵
  PID:7268
- C:\Windows\System\RgRfeAv.exe
  C:\Windows\System\RgRfeAv.exe
  2⤵
  PID:7288
- C:\Windows\System\RvGrpNl.exe
  C:\Windows\System\RvGrpNl.exe
  2⤵
  PID:7308
- C:\Windows\System\FvFXdiF.exe
  C:\Windows\System\FvFXdiF.exe
  2⤵
  PID:7328
- C:\Windows\System\cbKGjLM.exe
  C:\Windows\System\cbKGjLM.exe
  2⤵
  PID:7348
- C:\Windows\System\TNubzFS.exe
  C:\Windows\System\TNubzFS.exe
  2⤵
  PID:7364
- C:\Windows\System\SdsMIla.exe
  C:\Windows\System\SdsMIla.exe
  2⤵
  PID:7388
- C:\Windows\System\roglYdc.exe
  C:\Windows\System\roglYdc.exe
  2⤵
  PID:7408
- C:\Windows\System\xVfrpTd.exe
  C:\Windows\System\xVfrpTd.exe
  2⤵
  PID:7428
- C:\Windows\System\cqxiIWl.exe
  C:\Windows\System\cqxiIWl.exe
  2⤵
  PID:7448
- C:\Windows\System\aBCWvtE.exe
  C:\Windows\System\aBCWvtE.exe
  2⤵
  PID:7468
- C:\Windows\System\gsdjUhn.exe
  C:\Windows\System\gsdjUhn.exe
  2⤵
  PID:7488
- C:\Windows\System\efQTMFD.exe
  C:\Windows\System\efQTMFD.exe
  2⤵
  PID:7504
- C:\Windows\System\JPjzDlW.exe
  C:\Windows\System\JPjzDlW.exe
  2⤵
  PID:7520
- C:\Windows\System\GyyvLeT.exe
  C:\Windows\System\GyyvLeT.exe
  2⤵
  PID:7540
- C:\Windows\System\pcAADJX.exe
  C:\Windows\System\pcAADJX.exe
  2⤵
  PID:7580
- C:\Windows\System\oMqKyye.exe
  C:\Windows\System\oMqKyye.exe
  2⤵
  PID:7596
- C:\Windows\System\HPWkgIM.exe
  C:\Windows\System\HPWkgIM.exe
  2⤵
  PID:7612
- C:\Windows\System\VeZZVCL.exe
  C:\Windows\System\VeZZVCL.exe
  2⤵
  PID:7628
- C:\Windows\System\EsSDBoA.exe
  C:\Windows\System\EsSDBoA.exe
  2⤵
  PID:7644
- C:\Windows\System\KrLsmpI.exe
  C:\Windows\System\KrLsmpI.exe
  2⤵
  PID:7660
- C:\Windows\System\Blbycdi.exe
  C:\Windows\System\Blbycdi.exe
  2⤵
  PID:7676
- C:\Windows\System\EFitXwA.exe
  C:\Windows\System\EFitXwA.exe
  2⤵
  PID:7732
- C:\Windows\System\RXelOjA.exe
  C:\Windows\System\RXelOjA.exe
  2⤵
  PID:7748
- C:\Windows\System\ZDmQvxM.exe
  C:\Windows\System\ZDmQvxM.exe
  2⤵
  PID:7764
- C:\Windows\System\FCFfDmv.exe
  C:\Windows\System\FCFfDmv.exe
  2⤵
  PID:7780
- C:\Windows\System\inKBEod.exe
  C:\Windows\System\inKBEod.exe
  2⤵
  PID:7796
- C:\Windows\System\MCJyedv.exe
  C:\Windows\System\MCJyedv.exe
  2⤵
  PID:7816
- C:\Windows\System\sFYqzbu.exe
  C:\Windows\System\sFYqzbu.exe
  2⤵
  PID:7832
- C:\Windows\System\thVlsHu.exe
  C:\Windows\System\thVlsHu.exe
  2⤵
  PID:7852
- C:\Windows\System\OGFkAzM.exe
  C:\Windows\System\OGFkAzM.exe
  2⤵
  PID:7868
- C:\Windows\System\ZeXwDtw.exe
  C:\Windows\System\ZeXwDtw.exe
  2⤵
  PID:7884
- C:\Windows\System\pxVPxVa.exe
  C:\Windows\System\pxVPxVa.exe
  2⤵
  PID:7908
- C:\Windows\System\WnrIopi.exe
  C:\Windows\System\WnrIopi.exe
  2⤵
  PID:7928
- C:\Windows\System\oziEMEc.exe
  C:\Windows\System\oziEMEc.exe
  2⤵
  PID:7948
- C:\Windows\System\yresotI.exe
  C:\Windows\System\yresotI.exe
  2⤵
  PID:7996
- C:\Windows\System\AmCyynz.exe
  C:\Windows\System\AmCyynz.exe
  2⤵
  PID:8012
- C:\Windows\System\zBWytMY.exe
  C:\Windows\System\zBWytMY.exe
  2⤵
  PID:8028
- C:\Windows\System\jHtSkWy.exe
  C:\Windows\System\jHtSkWy.exe
  2⤵
  PID:8044
- C:\Windows\System\kWozYjr.exe
  C:\Windows\System\kWozYjr.exe
  2⤵
  PID:8060
- C:\Windows\System\VrsoxPO.exe
  C:\Windows\System\VrsoxPO.exe
  2⤵
  PID:8076
- C:\Windows\System\xpSEKzH.exe
  C:\Windows\System\xpSEKzH.exe
  2⤵
  PID:8092
- C:\Windows\System\cFKetpy.exe
  C:\Windows\System\cFKetpy.exe
  2⤵
  PID:8108
- C:\Windows\System\NAEWuQd.exe
  C:\Windows\System\NAEWuQd.exe
  2⤵
  PID:8124
- C:\Windows\System\OAEADuC.exe
  C:\Windows\System\OAEADuC.exe
  2⤵
  PID:8140
- C:\Windows\System\FJOqauQ.exe
  C:\Windows\System\FJOqauQ.exe
  2⤵
  PID:5212
- C:\Windows\System\svrZHJV.exe
  C:\Windows\System\svrZHJV.exe
  2⤵
  PID:2496
- C:\Windows\System\QrbwWln.exe
  C:\Windows\System\QrbwWln.exe
  2⤵
  PID:6732
- C:\Windows\System\DpLPRFp.exe
  C:\Windows\System\DpLPRFp.exe
  2⤵
  PID:6808
- C:\Windows\System\QgjblwW.exe
  C:\Windows\System\QgjblwW.exe
  2⤵
  PID:760
- C:\Windows\System\lISBHBI.exe
  C:\Windows\System\lISBHBI.exe
  2⤵
  PID:7188
- C:\Windows\System\BkcktwB.exe
  C:\Windows\System\BkcktwB.exe
  2⤵
  PID:7212
- C:\Windows\System\LEHeIhX.exe
  C:\Windows\System\LEHeIhX.exe
  2⤵
  PID:7284
- C:\Windows\System\gzgBImg.exe
  C:\Windows\System\gzgBImg.exe
  2⤵
  PID:7320
- C:\Windows\System\ZZZKOIY.exe
  C:\Windows\System\ZZZKOIY.exe
  2⤵
  PID:6516
- C:\Windows\System\PHvMQFo.exe
  C:\Windows\System\PHvMQFo.exe
  2⤵
  PID:7340
- C:\Windows\System\LihZLKr.exe
  C:\Windows\System\LihZLKr.exe
  2⤵
  PID:7404
- C:\Windows\System\TrJHQhs.exe
  C:\Windows\System\TrJHQhs.exe
  2⤵
  PID:7424
- C:\Windows\System\hIQNlad.exe
  C:\Windows\System\hIQNlad.exe
  2⤵
  PID:7476
- C:\Windows\System\UVKTWbb.exe
  C:\Windows\System\UVKTWbb.exe
  2⤵
  PID:7496
- C:\Windows\System\ZuxDxuy.exe
  C:\Windows\System\ZuxDxuy.exe
  2⤵
  PID:7548
- C:\Windows\System\wHMRYFk.exe
  C:\Windows\System\wHMRYFk.exe
  2⤵
  PID:7588
- C:\Windows\System\nzQRBWz.exe
  C:\Windows\System\nzQRBWz.exe
  2⤵
  PID:7636
- C:\Windows\System\PwxVPVt.exe
  C:\Windows\System\PwxVPVt.exe
  2⤵
  PID:7668
- C:\Windows\System\iahzhps.exe
  C:\Windows\System\iahzhps.exe
  2⤵
  PID:7704
- C:\Windows\System\YYVPlgt.exe
  C:\Windows\System\YYVPlgt.exe
  2⤵
  PID:7716
- C:\Windows\System\SJKuhgI.exe
  C:\Windows\System\SJKuhgI.exe
  2⤵
  PID:4372
- C:\Windows\System\SHLSqnY.exe
  C:\Windows\System\SHLSqnY.exe
  2⤵
  PID:7772
- C:\Windows\System\pcJpoWO.exe
  C:\Windows\System\pcJpoWO.exe
  2⤵
  PID:7804
- C:\Windows\System\qgubiHJ.exe
  C:\Windows\System\qgubiHJ.exe
  2⤵
  PID:7844
- C:\Windows\System\nzMcLze.exe
  C:\Windows\System\nzMcLze.exe
  2⤵
  PID:7892
- C:\Windows\System\WFnEOVj.exe
  C:\Windows\System\WFnEOVj.exe
  2⤵
  PID:7904
- C:\Windows\System\zZEvTtT.exe
  C:\Windows\System\zZEvTtT.exe
  2⤵
  PID:7940
- C:\Windows\System\CLkVhkn.exe
  C:\Windows\System\CLkVhkn.exe
  2⤵
  PID:7964
- C:\Windows\System\xAOFbSY.exe
  C:\Windows\System\xAOFbSY.exe
  2⤵
  PID:7976
- C:\Windows\System\WhBGsqE.exe
  C:\Windows\System\WhBGsqE.exe
  2⤵
  PID:8036
- C:\Windows\System\HUUgnFZ.exe
  C:\Windows\System\HUUgnFZ.exe
  2⤵
  PID:8068
- C:\Windows\System\uEsOWGi.exe
  C:\Windows\System\uEsOWGi.exe
  2⤵
  PID:8104
- C:\Windows\System\AYUGyum.exe
  C:\Windows\System\AYUGyum.exe
  2⤵
  PID:8132
- C:\Windows\System\eJnjYWd.exe
  C:\Windows\System\eJnjYWd.exe
  2⤵
  PID:8156
- C:\Windows\System\BeFwpSl.exe
  C:\Windows\System\BeFwpSl.exe
  2⤵
  PID:7808
- C:\Windows\System\UyMTRgt.exe
  C:\Windows\System\UyMTRgt.exe
  2⤵
  PID:4840
- C:\Windows\System\FfNSImm.exe
  C:\Windows\System\FfNSImm.exe
  2⤵
  PID:1972
- C:\Windows\System\ZxtzqRB.exe
  C:\Windows\System\ZxtzqRB.exe
  2⤵
  PID:6840
- C:\Windows\System\prBvUtB.exe
  C:\Windows\System\prBvUtB.exe
  2⤵
  PID:7236
- C:\Windows\System\IcRcgWs.exe
  C:\Windows\System\IcRcgWs.exe
  2⤵
  PID:7232
- C:\Windows\System\fbihJQh.exe
  C:\Windows\System\fbihJQh.exe
  2⤵
  PID:7276
- C:\Windows\System\MaFezMf.exe
  C:\Windows\System\MaFezMf.exe
  2⤵
  PID:7304
- C:\Windows\System\oHpwKcf.exe
  C:\Windows\System\oHpwKcf.exe
  2⤵
  PID:7384
- C:\Windows\System\zkJrQja.exe
  C:\Windows\System\zkJrQja.exe
  2⤵
  PID:7456
- C:\Windows\System\tSYphDn.exe
  C:\Windows\System\tSYphDn.exe
  2⤵
  PID:7516
- C:\Windows\System\buvvfum.exe
  C:\Windows\System\buvvfum.exe
  2⤵
  PID:7576
- C:\Windows\System\OkeunYH.exe
  C:\Windows\System\OkeunYH.exe
  2⤵
  PID:7652
- C:\Windows\System\OufIczH.exe
  C:\Windows\System\OufIczH.exe
  2⤵
  PID:7700
- C:\Windows\System\YiMQrao.exe
  C:\Windows\System\YiMQrao.exe
  2⤵
  PID:2684
- C:\Windows\System\CLPXBYB.exe
  C:\Windows\System\CLPXBYB.exe
  2⤵
  PID:7744
- C:\Windows\System\dZozMGK.exe
  C:\Windows\System\dZozMGK.exe
  2⤵
  PID:7828
- C:\Windows\System\VlNjFID.exe
  C:\Windows\System\VlNjFID.exe
  2⤵
  PID:7876
- C:\Windows\System\hRpaQbf.exe
  C:\Windows\System\hRpaQbf.exe
  2⤵
  PID:2872
- C:\Windows\System\VbJMHLA.exe
  C:\Windows\System\VbJMHLA.exe
  2⤵
  PID:6224
- C:\Windows\System\urFttHl.exe
  C:\Windows\System\urFttHl.exe
  2⤵
  PID:7984
- C:\Windows\System\ykomFWr.exe
  C:\Windows\System\ykomFWr.exe
  2⤵
  PID:8052
- C:\Windows\System\LDvMYKW.exe
  C:\Windows\System\LDvMYKW.exe
  2⤵
  PID:8116
- C:\Windows\System\zyaiyfO.exe
  C:\Windows\System\zyaiyfO.exe
  2⤵
  PID:8120
- C:\Windows\System\PsKiDyK.exe
  C:\Windows\System\PsKiDyK.exe
  2⤵
  PID:8168
- C:\Windows\System\RqsAJdt.exe
  C:\Windows\System\RqsAJdt.exe
  2⤵
  PID:8188
- C:\Windows\System\RGDHckk.exe
  C:\Windows\System\RGDHckk.exe
  2⤵
  PID:5368
- C:\Windows\System\GwyoKzg.exe
  C:\Windows\System\GwyoKzg.exe
  2⤵
  PID:7252
- C:\Windows\System\iDaLOxU.exe
  C:\Windows\System\iDaLOxU.exe
  2⤵
  PID:7380
- C:\Windows\System\AofPYGG.exe
  C:\Windows\System\AofPYGG.exe
  2⤵
  PID:7484
- C:\Windows\System\bqtwsCY.exe
  C:\Windows\System\bqtwsCY.exe
  2⤵
  PID:6384
- C:\Windows\System\jtXwOQc.exe
  C:\Windows\System\jtXwOQc.exe
  2⤵
  PID:7656
- C:\Windows\System\UWQIpJT.exe
  C:\Windows\System\UWQIpJT.exe
  2⤵
  PID:7724
- C:\Windows\System\PVGguAp.exe
  C:\Windows\System\PVGguAp.exe
  2⤵
  PID:7900
- C:\Windows\System\Zslinwf.exe
  C:\Windows\System\Zslinwf.exe
  2⤵
  PID:8024
- C:\Windows\System\vgwEUGO.exe
  C:\Windows\System\vgwEUGO.exe
  2⤵
  PID:8100
- C:\Windows\System\zIFxZCZ.exe
  C:\Windows\System\zIFxZCZ.exe
  2⤵
  PID:6772
- C:\Windows\System\VuAqKMm.exe
  C:\Windows\System\VuAqKMm.exe
  2⤵
  PID:8164
- C:\Windows\System\wOzpJYg.exe
  C:\Windows\System\wOzpJYg.exe
  2⤵
  PID:6884
- C:\Windows\System\qVVljJr.exe
  C:\Windows\System\qVVljJr.exe
  2⤵
  PID:2480
- C:\Windows\System\QfdqpgY.exe
  C:\Windows\System\QfdqpgY.exe
  2⤵
  PID:6988
- C:\Windows\System\ahVsgjg.exe
  C:\Windows\System\ahVsgjg.exe
  2⤵
  PID:6680
- C:\Windows\System\zsKlNrI.exe
  C:\Windows\System\zsKlNrI.exe
  2⤵
  PID:7208
- C:\Windows\System\qreLvmc.exe
  C:\Windows\System\qreLvmc.exe
  2⤵
  PID:7376
- C:\Windows\System\yTgdFJC.exe
  C:\Windows\System\yTgdFJC.exe
  2⤵
  PID:7444
- C:\Windows\System\XtmSsjs.exe
  C:\Windows\System\XtmSsjs.exe
  2⤵
  PID:7480
- C:\Windows\System\aLLJiDE.exe
  C:\Windows\System\aLLJiDE.exe
  2⤵
  PID:2092
- C:\Windows\System\uSLJQOb.exe
  C:\Windows\System\uSLJQOb.exe
  2⤵
  PID:2120
- C:\Windows\System\qNnapDP.exe
  C:\Windows\System\qNnapDP.exe
  2⤵
  PID:7620
- C:\Windows\System\LtsduZd.exe
  C:\Windows\System\LtsduZd.exe
  2⤵
  PID:2468
- C:\Windows\System\HmPXvum.exe
  C:\Windows\System\HmPXvum.exe
  2⤵
  PID:7788
- C:\Windows\System\miymoKF.exe
  C:\Windows\System\miymoKF.exe
  2⤵
  PID:7712
- C:\Windows\System\JisStTJ.exe
  C:\Windows\System\JisStTJ.exe
  2⤵
  PID:7980
- C:\Windows\System\hhPXzhM.exe
  C:\Windows\System\hhPXzhM.exe
  2⤵
  PID:7072
- C:\Windows\System\iGEcfbB.exe
  C:\Windows\System\iGEcfbB.exe
  2⤵
  PID:6936
- C:\Windows\System\XkgSVpx.exe
  C:\Windows\System\XkgSVpx.exe
  2⤵
  PID:2432
- C:\Windows\System\rgPmkPT.exe
  C:\Windows\System\rgPmkPT.exe
  2⤵
  PID:6108
- C:\Windows\System\LQfRvDm.exe
  C:\Windows\System\LQfRvDm.exe
  2⤵
  PID:7776
- C:\Windows\System\MGsQWHI.exe
  C:\Windows\System\MGsQWHI.exe
  2⤵
  PID:7440
- C:\Windows\System\yjALUgW.exe
  C:\Windows\System\yjALUgW.exe
  2⤵
  PID:7360
- C:\Windows\System\nJTyTje.exe
  C:\Windows\System\nJTyTje.exe
  2⤵
  PID:7536
- C:\Windows\System\XsxxoIZ.exe
  C:\Windows\System\XsxxoIZ.exe
  2⤵
  PID:6284
- C:\Windows\System\lPiSdcz.exe
  C:\Windows\System\lPiSdcz.exe
  2⤵
  PID:7260
- C:\Windows\System\bQfxMLr.exe
  C:\Windows\System\bQfxMLr.exe
  2⤵
  PID:8148
- C:\Windows\System\TRhwCHv.exe
  C:\Windows\System\TRhwCHv.exe
  2⤵
  PID:2932
- C:\Windows\System\TNNXLbv.exe
  C:\Windows\System\TNNXLbv.exe
  2⤵
  PID:2388
- C:\Windows\System\ZyqyKFq.exe
  C:\Windows\System\ZyqyKFq.exe
  2⤵
  PID:7572
- C:\Windows\System\NiFMsbn.exe
  C:\Windows\System\NiFMsbn.exe
  2⤵
  PID:8204
- C:\Windows\System\WvjWYIk.exe
  C:\Windows\System\WvjWYIk.exe
  2⤵
  PID:8220
- C:\Windows\System\dORdUzm.exe
  C:\Windows\System\dORdUzm.exe
  2⤵
  PID:8236
- C:\Windows\System\BlGahLw.exe
  C:\Windows\System\BlGahLw.exe
  2⤵
  PID:8252
- C:\Windows\System\TwKrTNi.exe
  C:\Windows\System\TwKrTNi.exe
  2⤵
  PID:8268
- C:\Windows\System\bhZjfEG.exe
  C:\Windows\System\bhZjfEG.exe
  2⤵
  PID:8284
- C:\Windows\System\cylZeCL.exe
  C:\Windows\System\cylZeCL.exe
  2⤵
  PID:8300
- C:\Windows\System\JXfjseJ.exe
  C:\Windows\System\JXfjseJ.exe
  2⤵
  PID:8316
- C:\Windows\System\YOYyVtq.exe
  C:\Windows\System\YOYyVtq.exe
  2⤵
  PID:8332
- C:\Windows\System\CrHqoeq.exe
  C:\Windows\System\CrHqoeq.exe
  2⤵
  PID:8384
- C:\Windows\System\riqfrLZ.exe
  C:\Windows\System\riqfrLZ.exe
  2⤵
  PID:8404
- C:\Windows\System\QujZeAu.exe
  C:\Windows\System\QujZeAu.exe
  2⤵
  PID:8424
- C:\Windows\System\ItdBRHR.exe
  C:\Windows\System\ItdBRHR.exe
  2⤵
  PID:8440
- C:\Windows\System\GPNPxzx.exe
  C:\Windows\System\GPNPxzx.exe
  2⤵
  PID:8456
- C:\Windows\System\WEKblRK.exe
  C:\Windows\System\WEKblRK.exe
  2⤵
  PID:8472
- C:\Windows\System\bQIrXOt.exe
  C:\Windows\System\bQIrXOt.exe
  2⤵
  PID:8568
- C:\Windows\System\CKjUfvK.exe
  C:\Windows\System\CKjUfvK.exe
  2⤵
  PID:8592
- C:\Windows\System\PYfGYhe.exe
  C:\Windows\System\PYfGYhe.exe
  2⤵
  PID:8608
- C:\Windows\System\SwIKshN.exe
  C:\Windows\System\SwIKshN.exe
  2⤵
  PID:8624
- C:\Windows\System\aXkAtWX.exe
  C:\Windows\System\aXkAtWX.exe
  2⤵
  PID:8640
- C:\Windows\System\QAJfDnT.exe
  C:\Windows\System\QAJfDnT.exe
  2⤵
  PID:8656
- C:\Windows\System\sMyHbaw.exe
  C:\Windows\System\sMyHbaw.exe
  2⤵
  PID:8672
- C:\Windows\System\HLjUVOx.exe
  C:\Windows\System\HLjUVOx.exe
  2⤵
  PID:8688
- C:\Windows\System\LxKjurB.exe
  C:\Windows\System\LxKjurB.exe
  2⤵
  PID:8704
- C:\Windows\System\qEgvPNd.exe
  C:\Windows\System\qEgvPNd.exe
  2⤵
  PID:8720
- C:\Windows\System\NOzsqev.exe
  C:\Windows\System\NOzsqev.exe
  2⤵
  PID:8736
- C:\Windows\System\vxyvJuz.exe
  C:\Windows\System\vxyvJuz.exe
  2⤵
  PID:8752
- C:\Windows\System\NFyQeJR.exe
  C:\Windows\System\NFyQeJR.exe
  2⤵
  PID:8768
- C:\Windows\System\PFQcNnE.exe
  C:\Windows\System\PFQcNnE.exe
  2⤵
  PID:8784
- C:\Windows\System\yEPwEmR.exe
  C:\Windows\System\yEPwEmR.exe
  2⤵
  PID:8800
- C:\Windows\System\tFNTgdu.exe
  C:\Windows\System\tFNTgdu.exe
  2⤵
  PID:8816
- C:\Windows\System\yiBCeUO.exe
  C:\Windows\System\yiBCeUO.exe
  2⤵
  PID:8832
- C:\Windows\System\EVHegpp.exe
  C:\Windows\System\EVHegpp.exe
  2⤵
  PID:8852
- C:\Windows\System\egCyLeV.exe
  C:\Windows\System\egCyLeV.exe
  2⤵
  PID:8872
- C:\Windows\System\xXvDbJg.exe
  C:\Windows\System\xXvDbJg.exe
  2⤵
  PID:8888
- C:\Windows\System\WmVQkua.exe
  C:\Windows\System\WmVQkua.exe
  2⤵
  PID:8904
- C:\Windows\System\NCtxYua.exe
  C:\Windows\System\NCtxYua.exe
  2⤵
  PID:8920
- C:\Windows\System\WuCvSit.exe
  C:\Windows\System\WuCvSit.exe
  2⤵
  PID:8936
- C:\Windows\System\QXQiXXa.exe
  C:\Windows\System\QXQiXXa.exe
  2⤵
  PID:8952
- C:\Windows\System\VvrBQUM.exe
  C:\Windows\System\VvrBQUM.exe
  2⤵
  PID:8968
- C:\Windows\System\HBRAFog.exe
  C:\Windows\System\HBRAFog.exe
  2⤵
  PID:8984
- C:\Windows\System\CAzQWbn.exe
  C:\Windows\System\CAzQWbn.exe
  2⤵
  PID:9032
- C:\Windows\System\qFaepdL.exe
  C:\Windows\System\qFaepdL.exe
  2⤵
  PID:9048
- C:\Windows\System\XPZOUqK.exe
  C:\Windows\System\XPZOUqK.exe
  2⤵
  PID:9064
- C:\Windows\System\ahtVYDx.exe
  C:\Windows\System\ahtVYDx.exe
  2⤵
  PID:9108
- C:\Windows\System\fmGJTEy.exe
  C:\Windows\System\fmGJTEy.exe
  2⤵
  PID:9140
- C:\Windows\System\wmjAPqa.exe
  C:\Windows\System\wmjAPqa.exe
  2⤵
  PID:9156
- C:\Windows\System\VMdwPRk.exe
  C:\Windows\System\VMdwPRk.exe
  2⤵
  PID:9172
- C:\Windows\System\tSgvarz.exe
  C:\Windows\System\tSgvarz.exe
  2⤵
  PID:9188
- C:\Windows\System\DbKDqqq.exe
  C:\Windows\System\DbKDqqq.exe
  2⤵
  PID:9204
- C:\Windows\System\NhuuQAu.exe
  C:\Windows\System\NhuuQAu.exe
  2⤵
  PID:8216
- C:\Windows\System\YIcqMNJ.exe
  C:\Windows\System\YIcqMNJ.exe
  2⤵
  PID:832
- C:\Windows\System\btWnMZW.exe
  C:\Windows\System\btWnMZW.exe
  2⤵
  PID:8228
- C:\Windows\System\XwgYjVc.exe
  C:\Windows\System\XwgYjVc.exe
  2⤵
  PID:8276
- C:\Windows\System\bhNmZxz.exe
  C:\Windows\System\bhNmZxz.exe
  2⤵
  PID:8312
- C:\Windows\System\ZekOjgr.exe
  C:\Windows\System\ZekOjgr.exe
  2⤵
  PID:8340
- C:\Windows\System\JlEUZtq.exe
  C:\Windows\System\JlEUZtq.exe
  2⤵
  PID:8420
- C:\Windows\System\mOeWfDY.exe
  C:\Windows\System\mOeWfDY.exe
  2⤵
  PID:8436
- C:\Windows\System\luwWkPA.exe
  C:\Windows\System\luwWkPA.exe
  2⤵
  PID:8412
- C:\Windows\System\ArPKBUt.exe
  C:\Windows\System\ArPKBUt.exe
  2⤵
  PID:8484
- C:\Windows\System\KZJCqsx.exe
  C:\Windows\System\KZJCqsx.exe
  2⤵
  PID:8500
- C:\Windows\System\hbazmvd.exe
  C:\Windows\System\hbazmvd.exe
  2⤵
  PID:8508
- C:\Windows\System\QvusFjO.exe
  C:\Windows\System\QvusFjO.exe
  2⤵
  PID:8540
- C:\Windows\System\uLdBuFF.exe
  C:\Windows\System\uLdBuFF.exe
  2⤵
  PID:8632
- C:\Windows\System\nWMHyAT.exe
  C:\Windows\System\nWMHyAT.exe
  2⤵
  PID:8564
- C:\Windows\System\aMcLAEM.exe
  C:\Windows\System\aMcLAEM.exe
  2⤵
  PID:8588
- C:\Windows\System\GWCcedD.exe
  C:\Windows\System\GWCcedD.exe
  2⤵
  PID:8680
- C:\Windows\System\KANolkJ.exe
  C:\Windows\System\KANolkJ.exe
  2⤵
  PID:8760
- C:\Windows\System\zYlnJas.exe
  C:\Windows\System\zYlnJas.exe
  2⤵
  PID:8764
- C:\Windows\System\XJfdYQR.exe
  C:\Windows\System\XJfdYQR.exe
  2⤵
  PID:8748
- C:\Windows\System\nUEjwvJ.exe
  C:\Windows\System\nUEjwvJ.exe
  2⤵
  PID:8776
- C:\Windows\System\xyYRipq.exe
  C:\Windows\System\xyYRipq.exe
  2⤵
  PID:8848
- C:\Windows\System\kihCTSp.exe
  C:\Windows\System\kihCTSp.exe
  2⤵
  PID:8912
- C:\Windows\System\tqEEZTq.exe
  C:\Windows\System\tqEEZTq.exe
  2⤵
  PID:8864
- C:\Windows\System\dMLIsTG.exe
  C:\Windows\System\dMLIsTG.exe
  2⤵
  PID:8928
- C:\Windows\System\fylHbYR.exe
  C:\Windows\System\fylHbYR.exe
  2⤵
  PID:8964
- C:\Windows\System\uKMOcSQ.exe
  C:\Windows\System\uKMOcSQ.exe
  2⤵
  PID:8992
- C:\Windows\System\LHPtdYg.exe
  C:\Windows\System\LHPtdYg.exe
  2⤵
  PID:9028
- C:\Windows\System\eTfwjYC.exe
  C:\Windows\System\eTfwjYC.exe
  2⤵
  PID:9012
- C:\Windows\System\VuajVBv.exe
  C:\Windows\System\VuajVBv.exe
  2⤵
  PID:9072
- C:\Windows\System\eitekFN.exe
  C:\Windows\System\eitekFN.exe
  2⤵
  PID:9084
- C:\Windows\System\jCJZoBP.exe
  C:\Windows\System\jCJZoBP.exe
  2⤵
  PID:9096
- C:\Windows\System\qPCQazD.exe
  C:\Windows\System\qPCQazD.exe
  2⤵
  PID:8380
- C:\Windows\System\ogioerO.exe
  C:\Windows\System\ogioerO.exe
  2⤵
  PID:9124
- C:\Windows\System\lcyITrV.exe
  C:\Windows\System\lcyITrV.exe
  2⤵
  PID:9152
- C:\Windows\System\WKUrqKT.exe
  C:\Windows\System\WKUrqKT.exe
  2⤵
  PID:1036
- C:\Windows\System\zNdqpUf.exe
  C:\Windows\System\zNdqpUf.exe
  2⤵
  PID:1736
- C:\Windows\System\SxGPzGS.exe
  C:\Windows\System\SxGPzGS.exe
  2⤵
  PID:8248
- C:\Windows\System\EEdPAMk.exe
  C:\Windows\System\EEdPAMk.exe
  2⤵
  PID:8308
- C:\Windows\System\bdMKGyM.exe
  C:\Windows\System\bdMKGyM.exe
  2⤵
  PID:8396
- C:\Windows\System\wQaPVus.exe
  C:\Windows\System\wQaPVus.exe
  2⤵
  PID:8448
- C:\Windows\System\VQzxAuQ.exe
  C:\Windows\System\VQzxAuQ.exe
  2⤵
  PID:8496
- C:\Windows\System\HzPHSnj.exe
  C:\Windows\System\HzPHSnj.exe
  2⤵
  PID:8532
- C:\Windows\System\JhfXhqe.exe
  C:\Windows\System\JhfXhqe.exe
  2⤵
  PID:9020
- C:\Windows\System\iOsybBM.exe
  C:\Windows\System\iOsybBM.exe
  2⤵
  PID:9060
- C:\Windows\System\Xjjhbgp.exe
  C:\Windows\System\Xjjhbgp.exe
  2⤵
  PID:9132
- C:\Windows\System\HSmNNfe.exe
  C:\Windows\System\HSmNNfe.exe
  2⤵
  PID:1616
- C:\Windows\System\XdAPlUa.exe
  C:\Windows\System\XdAPlUa.exe
  2⤵
  PID:8504
- C:\Windows\System\DCTSWKN.exe
  C:\Windows\System\DCTSWKN.exe
  2⤵
  PID:8512
- C:\Windows\System\KOKtNhV.exe
  C:\Windows\System\KOKtNhV.exe
  2⤵
  PID:7684
- C:\Windows\System\NRmYLvg.exe
  C:\Windows\System\NRmYLvg.exe
  2⤵
  PID:8468
- C:\Windows\System\MjlelYh.exe
  C:\Windows\System\MjlelYh.exe
  2⤵
  PID:8664
- C:\Windows\System\UhPVgFd.exe
  C:\Windows\System\UhPVgFd.exe
  2⤵
  PID:8600
- C:\Windows\System\DbYphtH.exe
  C:\Windows\System\DbYphtH.exe
  2⤵
  PID:8576
- C:\Windows\System\GXojXlp.exe
  C:\Windows\System\GXojXlp.exe
  2⤵
  PID:8880
- C:\Windows\System\sOSRYfi.exe
  C:\Windows\System\sOSRYfi.exe
  2⤵
  PID:8732
- C:\Windows\System\HYfdqjK.exe
  C:\Windows\System\HYfdqjK.exe
  2⤵
  PID:8844
- C:\Windows\System\PDvhXOa.exe
  C:\Windows\System\PDvhXOa.exe
  2⤵
  PID:8960
- C:\Windows\System\bDqrOET.exe
  C:\Windows\System\bDqrOET.exe
  2⤵
  PID:9044
- C:\Windows\System\xObDoZV.exe
  C:\Windows\System\xObDoZV.exe
  2⤵
  PID:9128
- C:\Windows\System\zjtodkV.exe
  C:\Windows\System\zjtodkV.exe
  2⤵
  PID:8212
- C:\Windows\System\HdesyYS.exe
  C:\Windows\System\HdesyYS.exe
  2⤵
  PID:8744
- C:\Windows\System\SKuNVOv.exe
  C:\Windows\System\SKuNVOv.exe
  2⤵
  PID:9164
- C:\Windows\System\koASJzZ.exe
  C:\Windows\System\koASJzZ.exe
  2⤵
  PID:8604
- C:\Windows\System\SreIvio.exe
  C:\Windows\System\SreIvio.exe
  2⤵
  PID:8796
- C:\Windows\System\NSDFeGf.exe
  C:\Windows\System\NSDFeGf.exe
  2⤵
  PID:8860
- C:\Windows\System\hQqzFpb.exe
  C:\Windows\System\hQqzFpb.exe
  2⤵
  PID:9008
- C:\Windows\System\fHyeafY.exe
  C:\Windows\System\fHyeafY.exe
  2⤵
  PID:8552
- C:\Windows\System\RyecPUp.exe
  C:\Windows\System\RyecPUp.exe
  2⤵
  PID:8556
- C:\Windows\System\uTFfKNO.exe
  C:\Windows\System\uTFfKNO.exe
  2⤵
  PID:8728
- C:\Windows\System\HsHbHPr.exe
  C:\Windows\System\HsHbHPr.exe
  2⤵
  PID:9220
- C:\Windows\System\bDZaPyb.exe
  C:\Windows\System\bDZaPyb.exe
  2⤵
  PID:9260
- C:\Windows\System\zPdLPdb.exe
  C:\Windows\System\zPdLPdb.exe
  2⤵
  PID:9276
- C:\Windows\System\JGYUCzg.exe
  C:\Windows\System\JGYUCzg.exe
  2⤵
  PID:9296
- C:\Windows\System\cMZKeCq.exe
  C:\Windows\System\cMZKeCq.exe
  2⤵
  PID:9312
- C:\Windows\System\wziSpDm.exe
  C:\Windows\System\wziSpDm.exe
  2⤵
  PID:9332
- C:\Windows\System\kmmykic.exe
  C:\Windows\System\kmmykic.exe
  2⤵
  PID:9348
- C:\Windows\System\gqeYdNr.exe
  C:\Windows\System\gqeYdNr.exe
  2⤵
  PID:9364
- C:\Windows\System\szemlqw.exe
  C:\Windows\System\szemlqw.exe
  2⤵
  PID:9380
- C:\Windows\System\xEddUXC.exe
  C:\Windows\System\xEddUXC.exe
  2⤵
  PID:9396
- C:\Windows\System\wZNvLaY.exe
  C:\Windows\System\wZNvLaY.exe
  2⤵
  PID:9412
- C:\Windows\System\JiwjtOb.exe
  C:\Windows\System\JiwjtOb.exe
  2⤵
  PID:9428
- C:\Windows\System\MNhyeHO.exe
  C:\Windows\System\MNhyeHO.exe
  2⤵
  PID:9444
- C:\Windows\System\IjnuOcD.exe
  C:\Windows\System\IjnuOcD.exe
  2⤵
  PID:9460
- C:\Windows\System\YSqrjiB.exe
  C:\Windows\System\YSqrjiB.exe
  2⤵
  PID:9476
- C:\Windows\System\eQPBaMC.exe
  C:\Windows\System\eQPBaMC.exe
  2⤵
  PID:9492
- C:\Windows\System\ijeXthR.exe
  C:\Windows\System\ijeXthR.exe
  2⤵
  PID:9508
- C:\Windows\System\fOdbTOI.exe
  C:\Windows\System\fOdbTOI.exe
  2⤵
  PID:9524
- C:\Windows\System\fTJdMoG.exe
  C:\Windows\System\fTJdMoG.exe
  2⤵
  PID:9540
- C:\Windows\System\YWPyUFa.exe
  C:\Windows\System\YWPyUFa.exe
  2⤵
  PID:9556
- C:\Windows\System\xhBWdOI.exe
  C:\Windows\System\xhBWdOI.exe
  2⤵
  PID:9576
- C:\Windows\System\JCnCnqC.exe
  C:\Windows\System\JCnCnqC.exe
  2⤵
  PID:9620
- C:\Windows\System\pOzLZdY.exe
  C:\Windows\System\pOzLZdY.exe
  2⤵
  PID:9636
- C:\Windows\System\QeRKmoo.exe
  C:\Windows\System\QeRKmoo.exe
  2⤵
  PID:9652
- C:\Windows\System\cOfpRNS.exe
  C:\Windows\System\cOfpRNS.exe
  2⤵
  PID:9668
- C:\Windows\System\JvvERzD.exe
  C:\Windows\System\JvvERzD.exe
  2⤵
  PID:9684
- C:\Windows\System\DcBKeFR.exe
  C:\Windows\System\DcBKeFR.exe
  2⤵
  PID:9700
- C:\Windows\System\osXakCD.exe
  C:\Windows\System\osXakCD.exe
  2⤵
  PID:9716
- C:\Windows\System\jyVDefW.exe
  C:\Windows\System\jyVDefW.exe
  2⤵
  PID:9732
- C:\Windows\System\NlLafGB.exe
  C:\Windows\System\NlLafGB.exe
  2⤵
  PID:9752
- C:\Windows\System\TqmlOxi.exe
  C:\Windows\System\TqmlOxi.exe
  2⤵
  PID:9768
- C:\Windows\System\RQolKFX.exe
  C:\Windows\System\RQolKFX.exe
  2⤵
  PID:9784
- C:\Windows\System\JQyQGyM.exe
  C:\Windows\System\JQyQGyM.exe
  2⤵
  PID:9800
- C:\Windows\System\gAMKjzK.exe
  C:\Windows\System\gAMKjzK.exe
  2⤵
  PID:9816
- C:\Windows\System\UePVLnt.exe
  C:\Windows\System\UePVLnt.exe
  2⤵
  PID:9832
- C:\Windows\System\MTMYTFd.exe
  C:\Windows\System\MTMYTFd.exe
  2⤵
  PID:9848
- C:\Windows\System\kbjMiqT.exe
  C:\Windows\System\kbjMiqT.exe
  2⤵
  PID:9864
- C:\Windows\System\AYpBdWs.exe
  C:\Windows\System\AYpBdWs.exe
  2⤵
  PID:9880
- C:\Windows\System\qYeXuDF.exe
  C:\Windows\System\qYeXuDF.exe
  2⤵
  PID:9896
- C:\Windows\System\BtOfzYr.exe
  C:\Windows\System\BtOfzYr.exe
  2⤵
  PID:9912
- C:\Windows\System\lvZFqno.exe
  C:\Windows\System\lvZFqno.exe
  2⤵
  PID:9928
- C:\Windows\System\fpACorJ.exe
  C:\Windows\System\fpACorJ.exe
  2⤵
  PID:9944
- C:\Windows\System\FDJAssl.exe
  C:\Windows\System\FDJAssl.exe
  2⤵
  PID:9960
- C:\Windows\System\gjzrura.exe
  C:\Windows\System\gjzrura.exe
  2⤵
  PID:9980
- C:\Windows\System\aOFzNBO.exe
  C:\Windows\System\aOFzNBO.exe
  2⤵
  PID:9996
- C:\Windows\System\ruKRjCV.exe
  C:\Windows\System\ruKRjCV.exe
  2⤵
  PID:10012
- C:\Windows\System\vfBlNqp.exe
  C:\Windows\System\vfBlNqp.exe
  2⤵
  PID:10028
- C:\Windows\System\ndQPBqF.exe
  C:\Windows\System\ndQPBqF.exe
  2⤵
  PID:10044
- C:\Windows\System\wBfuGfE.exe
  C:\Windows\System\wBfuGfE.exe
  2⤵
  PID:10060
- C:\Windows\System\pDUWewT.exe
  C:\Windows\System\pDUWewT.exe
  2⤵
  PID:10076
- C:\Windows\System\vBnXhtw.exe
  C:\Windows\System\vBnXhtw.exe
  2⤵
  PID:10092
- C:\Windows\System\qDNpGNY.exe
  C:\Windows\System\qDNpGNY.exe
  2⤵
  PID:10108
- C:\Windows\System\MbUtmCs.exe
  C:\Windows\System\MbUtmCs.exe
  2⤵
  PID:10128
- C:\Windows\System\wbCckfX.exe
  C:\Windows\System\wbCckfX.exe
  2⤵
  PID:10144
- C:\Windows\System\lIvJrsm.exe
  C:\Windows\System\lIvJrsm.exe
  2⤵
  PID:10160
- C:\Windows\System\joUPMTb.exe
  C:\Windows\System\joUPMTb.exe
  2⤵
  PID:10176
- C:\Windows\System\qyDAUPd.exe
  C:\Windows\System\qyDAUPd.exe
  2⤵
  PID:10192
- C:\Windows\System\QCyGYOl.exe
  C:\Windows\System\QCyGYOl.exe
  2⤵
  PID:10208
- C:\Windows\System\fKwmsBC.exe
  C:\Windows\System\fKwmsBC.exe
  2⤵
  PID:10224
- C:\Windows\System\ApmZQkW.exe
  C:\Windows\System\ApmZQkW.exe
  2⤵
  PID:8652
- C:\Windows\System\XGbmBVs.exe
  C:\Windows\System\XGbmBVs.exe
  2⤵
  PID:9228
- C:\Windows\System\BIeWKVY.exe
  C:\Windows\System\BIeWKVY.exe
  2⤵
  PID:8884
- C:\Windows\System\uMsgiiV.exe
  C:\Windows\System\uMsgiiV.exe
  2⤵
  PID:8584
- C:\Windows\System\PzwLtzE.exe
  C:\Windows\System\PzwLtzE.exe
  2⤵
  PID:9268
- C:\Windows\System\nWlqxoS.exe
  C:\Windows\System\nWlqxoS.exe
  2⤵
  PID:9272
- C:\Windows\System\GxDIdKp.exe
  C:\Windows\System\GxDIdKp.exe
  2⤵
  PID:9284
- C:\Windows\System\uBcfhHB.exe
  C:\Windows\System\uBcfhHB.exe
  2⤵
  PID:9320
- C:\Windows\System\ydoLEzi.exe
  C:\Windows\System\ydoLEzi.exe
  2⤵
  PID:9440
- C:\Windows\System\sJadCbb.exe
  C:\Windows\System\sJadCbb.exe
  2⤵
  PID:9488
- C:\Windows\System\ggHMecr.exe
  C:\Windows\System\ggHMecr.exe
  2⤵
  PID:9552
- C:\Windows\System\buzFwjb.exe
  C:\Windows\System\buzFwjb.exe
  2⤵
  PID:9584
- C:\Windows\System\vrAiqBp.exe
  C:\Windows\System\vrAiqBp.exe
  2⤵
  PID:9532
- C:\Windows\System\wcNPpDX.exe
  C:\Windows\System\wcNPpDX.exe
  2⤵
  PID:9600
- C:\Windows\System\yVpQNQC.exe
  C:\Windows\System\yVpQNQC.exe
  2⤵
  PID:9616
- C:\Windows\System\iZVJykx.exe
  C:\Windows\System\iZVJykx.exe
  2⤵
  PID:9628
- C:\Windows\System\DVrMSnf.exe
  C:\Windows\System\DVrMSnf.exe
  2⤵
  PID:9680
- C:\Windows\System\ltLkZso.exe
  C:\Windows\System\ltLkZso.exe
  2⤵
  PID:9748
- C:\Windows\System\BcMHwBd.exe
  C:\Windows\System\BcMHwBd.exe
  2⤵
  PID:9812
- C:\Windows\System\RVxviMy.exe
  C:\Windows\System\RVxviMy.exe
  2⤵
  PID:9876
- C:\Windows\System\oDjFhjT.exe
  C:\Windows\System\oDjFhjT.exe
  2⤵
  PID:9940
- C:\Windows\System\jbDlBCm.exe
  C:\Windows\System\jbDlBCm.exe
  2⤵
  PID:10008
- C:\Windows\System\vVZblbg.exe
  C:\Windows\System\vVZblbg.exe
  2⤵
  PID:10104
- C:\Windows\System\vpRYugb.exe
  C:\Windows\System\vpRYugb.exe
  2⤵
  PID:9760
- C:\Windows\System\QHYeZhp.exe
  C:\Windows\System\QHYeZhp.exe
  2⤵
  PID:9664
- C:\Windows\System\cWIBxFj.exe
  C:\Windows\System\cWIBxFj.exe
  2⤵
  PID:9728
- C:\Windows\System\gSQPAno.exe
  C:\Windows\System\gSQPAno.exe
  2⤵
  PID:10236
- C:\Windows\System\LJfWogv.exe
  C:\Windows\System\LJfWogv.exe
  2⤵
  PID:9232
- C:\Windows\System\skyVhnF.exe
  C:\Windows\System\skyVhnF.exe
  2⤵
  PID:9436
- C:\Windows\System\SuoteYd.exe
  C:\Windows\System\SuoteYd.exe
  2⤵
  PID:9472
- C:\Windows\System\qFwYaEg.exe
  C:\Windows\System\qFwYaEg.exe
  2⤵
  PID:9808
- C:\Windows\System\NLSLVAz.exe
  C:\Windows\System\NLSLVAz.exe
  2⤵
  PID:9568
- C:\Windows\System\KBvAqkx.exe
  C:\Windows\System\KBvAqkx.exe
  2⤵
  PID:10072
- C:\Windows\System\FDRmHcu.exe
  C:\Windows\System\FDRmHcu.exe
  2⤵
  PID:9644
- C:\Windows\System\ZjsUTbW.exe
  C:\Windows\System\ZjsUTbW.exe
  2⤵
  PID:9844
- C:\Windows\System\xjvZkwP.exe
  C:\Windows\System\xjvZkwP.exe
  2⤵
  PID:9696
- C:\Windows\System\xVgvUdH.exe
  C:\Windows\System\xVgvUdH.exe
  2⤵
  PID:9892
- C:\Windows\System\tZeuIKa.exe
  C:\Windows\System\tZeuIKa.exe
  2⤵
  PID:10088
- C:\Windows\System\jQEWhuO.exe
  C:\Windows\System\jQEWhuO.exe
  2⤵
  PID:9988
- C:\Windows\System\KBHmQrV.exe
  C:\Windows\System\KBHmQrV.exe
  2⤵
  PID:10116
- C:\Windows\System\ujgzzrj.exe
  C:\Windows\System\ujgzzrj.exe
  2⤵
  PID:10140
- C:\Windows\System\aGKBtex.exe
  C:\Windows\System\aGKBtex.exe
  2⤵
  PID:10204
- C:\Windows\System\sRlWIfk.exe
  C:\Windows\System\sRlWIfk.exe
  2⤵
  PID:8944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BJAbBfL.exe

Filesize
6.0MB

MD5
f67d1b7039f9fc785b3aaa1008856ea0

SHA1
f468a7b98a2b0293485a3e6712b8d27fac3fc19d

SHA256
1c0f4d6b62c6ef1d7afc75e1a6b0c784ad1affe6c17b6cda106dde2fe5428f7e

SHA512
cc0d2428550ead13cddde96d345aece4beaf0ffdd7bdb289d069798e8b35a18a7df822b360dc476d0c76b8a400846e7565d9a35b43f21f2aab93117ff94a7344

Download Submit
C:\Windows\system\CMouonu.exe

Filesize
6.0MB

MD5
9fa17517033bbc06ab16ea6e8556cb75

SHA1
084cdbaa91c9e5db1fabd2032f96195026fdd69c

SHA256
aa32499470232f2c9e1ce3f42cef42ee8b4bd05a6b4c07d6f17a052341824763

SHA512
de27850934322c7935eb65b6789432f6a07d21dfba425dfc0045d233385a4acc7e1a0b66059ff64a568605a8e632d51140291f92ae4920b9ba9958a0571e6a27

Download Submit
C:\Windows\system\CZWESjR.exe

Filesize
6.0MB

MD5
720585c1d0697dfc5bf2fbd84904b420

SHA1
c2f2a92002e9f74662d31ea0864fe4625e89236f

SHA256
92f5ee2c5fa34e04a9bbaf6d0d941f48df7dc42eff7ef57e84136ac0276ce799

SHA512
0083bc5bfd635ab5b3b6b5a257f26583454f069d4a3cef9039761016eddc91e2c507eeb913dbe84d2112c0f25f4925ff5fb664683e7c1e9f9b589ef818895427

Download Submit
C:\Windows\system\DkVRINQ.exe

Filesize
6.0MB

MD5
67e15160bd27e653492d0aefda56d0cd

SHA1
f739f4aa50ed5b4bf3886b6aee2a51a7f21a74e8

SHA256
39fd79cd7441ccf5fb910346df69b68672727aa756f13936b91ca05c25a955d6

SHA512
ef87bc2390fd33e49c71ed080abefc21bb2668650d73fec1c373acf597e06072ca8aa28672cb01ded283c65cece311ec54acf650d5d4fd3612f774be332c4a58

Download Submit
C:\Windows\system\EEKrFOw.exe

Filesize
6.0MB

MD5
b5fa67f6f3a37a6e0f8daecfe24d044a

SHA1
97367714a011a4c222179f6dadd1348453ea8e96

SHA256
2638056119ad23fe4b7c9f93d3d82436f7ece978d0eba3b743a7de45e8d60d0f

SHA512
33dd5351050375e9789b2029e8b1ef0b5c90df2c5d188318e7531ac158025ed72edbc7d928b4d0cdd1a793f5ee177fde5a26b2ab602ac817fa9281ffc3d00b73

Download Submit
C:\Windows\system\FMLEdvq.exe

Filesize
6.0MB

MD5
e5f1e45a025aa8406be2eb6ea85125a6

SHA1
59153cb0534db1b09e806bcb5078fc1333b4590d

SHA256
1a42167f588803c2ee23e82c1ea2e330164e955b97c0283ab5de6b21f944753f

SHA512
dc700d948e95422a36e9870da46363fd64f90da7c3da2a4f47588a8d104c706fe5d722a2c5eb28afcd8d516258a8e3512d99a346a69c156f499434bf95f3bc28

Download Submit
C:\Windows\system\GfmrODt.exe

Filesize
6.0MB

MD5
f21a97166cd37aadf2dd177542ebebad

SHA1
b22d3ee384f06e8c0ca75e92e97a0faf4c83b560

SHA256
72f13336ac784d62b5c804493ff2d58897a35d0268364c2b4a016f9676129061

SHA512
1f6c8b3c311f7bdb5f5f25e58ec57d0eb3dd5b967bdcf373bc804706b036301ef381d55a8e2fd4b26aba376be4af1c6f3391031e2bfc8840111a0dc839e9d67a

Download Submit
C:\Windows\system\JJVNmBe.exe

Filesize
6.0MB

MD5
ead9a941feb7e8991dd4ff98ccf3d44a

SHA1
cc2dd4e57dae2ace571fe43578122af77b67e6dd

SHA256
839cecb5543ad432dd3603ecb866e69a4b4b2dee8701d18cc73a2b0e149b83c2

SHA512
0cfbb07569b85aada73456d2de04c39036a6cf67fa74559c8e2f8982c19e576fff264473201f530826a4cad3c2ebdb1b4a9793e4349dad0bad464414a449977b

Download Submit
C:\Windows\system\JzzTACM.exe

Filesize
6.0MB

MD5
4a75089b0036f61ef80dd1c3cbb0ecfa

SHA1
b1a8ec799893c7e510318a892b14daa8c2f6c8cd

SHA256
9160b2e0db1cffec49334d043cb5a35c570b0f0d2d6f81d19759d43c04500902

SHA512
5bf1ee075610a110dc5734b6dfaf0b40d8657d3a4018d5a79486af33f507a02ea4ab7c73e59024fcca9aacaf81ce77e16bbcdbb6a5e19dfe27b9386215c4c2a3

Download Submit
C:\Windows\system\MQvSCJE.exe

Filesize
6.0MB

MD5
5e3f1281cbe254870a12ff295ddf5023

SHA1
db1a9589d5769d553764b495fe76e55b4d8d7228

SHA256
3531a6d6c22875affe291a8ac623e6d57b42d982da9bfc9f0e03373dde760463

SHA512
d4d3bde942c8ef9b81fecf75694346bfdd21bd6f03564743bdcab8211301eddf4965c6a9e7b831cfd33d590b19e0a63f36eb5089ef3f0e7d301236df325117de

Download Submit
C:\Windows\system\MyZmTJn.exe

Filesize
6.0MB

MD5
45907e84228ccf637bdf01250e70bc29

SHA1
691ea76ba5935260c660c895c0d0ed409331c824

SHA256
b59781a4b2fd10daf01d8ec56dd9c7986e35f64f39263fd3eef2ace4d5cb2772

SHA512
17572844e591f93e60af5c9d62b3751be5c250ca1e7087b58283be31586d666ee6f2de10955281618ba85e543a03667f9454fcedf7c0135a6e1538fc7611977b

Download Submit
C:\Windows\system\QdRbpBU.exe

Filesize
6.0MB

MD5
541f154e3a01330a266343da2a5f8338

SHA1
6179d7eac35ea63777762fd6ea1071c5f739b9db

SHA256
2c976fb75eba9829702dc5a3478d9a0a2811712c00ad1c37874d84f5e327cdc3

SHA512
900184f0ec986a0340dbb91e4c7a8c98627b40838c5ceb38a8289f36f5d8f28bb78b0e04e4ebc406c4b2d0f520fa079eec7d4065fe2de2f4faa59694bb3ba785

Download Submit
C:\Windows\system\WdvdgQb.exe

Filesize
6.0MB

MD5
0501dadfb14d2ee85ec227f1514e48a8

SHA1
532a5e645a5b79ddeeda6ac105c7c8402ed6495b

SHA256
f988de656f5b1ef9ef57aabfaeb42f99c6f48e3ac19b7c4f792c609ffb8a6067

SHA512
73b01cd01d82f639b39c888d8213306494e06604a5f681f8c4c5cd853b6466a31dd2775b78bf0389b7115febe7b1d040ced0bbe711114a32b63374efccf04d5d

Download Submit
C:\Windows\system\XgMLbil.exe

Filesize
6.0MB

MD5
5c191865cd59c65f8711a0de8dd7581e

SHA1
e0ee1aa67e5a44b81dafb00e4621bbf30f4350bf

SHA256
a7e8c6a4508694398030daf4f0fac1045873cbf714b74908bd4e574e5e1e8e09

SHA512
67b098d0733cf8cb4e3b84e1f6e56b96f1fa3722f2fa941e6f1908db927f3a8f357d013c2fd41b15901722437f21c52b8872eb1a7ecca151edd321e6fe888668

Download Submit
C:\Windows\system\ZKeGhuw.exe

Filesize
6.0MB

MD5
cc1bc34f028fe096cd443b1baa8f2cc8

SHA1
1b99466417a40cba4fd2b6a078db92f61f50f8ad

SHA256
c1e38d133e4f87f3f3396d6c016510744d4046ab7890cb67ab29e7e7cdbe0982

SHA512
b7dc1c079df67c6922d359462e7af2be71be7fa5fe85b17760537f5fc033b7592affbbb73867395579b27726d288e79bf6c9976ef1f3fbd8a48bf60c9ad9b7b1

Download Submit
C:\Windows\system\apRYLVv.exe

Filesize
6.0MB

MD5
fdf13b3f4d8abceeacfdc210d70e6374

SHA1
d539e06bc8d577ed533c272423040391f293c79b

SHA256
b6eb301e2503f2e8a0e17e9f1c932d04e2596d116b4b39ddbaf25fcd62dd71d9

SHA512
834e4ebbdfb369bbcaa666ae79dfb4a42ef80176d2d8b35a4a8442b4562f8dd00df31ad08004f3a8262a9e590af5706db271355a412f8a7c5ca327dacb5e307e

Download Submit
C:\Windows\system\cHnYfbn.exe

Filesize
6.0MB

MD5
ddb1fbc23481da608afd6750f46d3b8d

SHA1
5ed06661c956f4dd5ab08c6abd2c8310c189ad2c

SHA256
f42b702047d6cecfbc3ea3925ca3e0c6da936719c641749b37f635d92138675b

SHA512
5ce9e935e8a6eaab30b6e4537fb6b01cec273af917b8138d12e07427bdc4b9ce7cf952e86086fabddc278cd650be201102046faa1ecc90ca76e26062c9e8e6cb

Download Submit
C:\Windows\system\cUePbTc.exe

Filesize
6.0MB

MD5
f811a85834bb5a551b150fe1bfc5d9ec

SHA1
91f220969b268ffbe43ef9c4769f15599ca13d8b

SHA256
3a7d859b212f863018a63cfd30cad85df1fd0cd000b183c52826241a22807bff

SHA512
ee82a393bb81ed55f59944ad19af7fc22cb4f1d458da38b430b0d0109074f8e092b32e818eb4343901a6b6d8babbc8e1c841e658e322f245c68292b11b2137b9

Download Submit
C:\Windows\system\cYqgRYJ.exe

Filesize
6.0MB

MD5
3897487280cba251219254fb8dd2ed68

SHA1
2b9c97fbfe96d6a40428f00bddd065a738bd494d

SHA256
145badf35607c1cbcb6452cb12f28085cc7495cc40fb5a9243781a4760e64c96

SHA512
74642b9d1395687c13b0c7af3aef028f4eaedf78801dfcbd8562486f54d0d8cbadaa4f725363f86b50c34c34edc2b5b0163ea05cbac7512c43a8b38f82392c3e

Download Submit
C:\Windows\system\fYcLfmD.exe

Filesize
6.0MB

MD5
037d5adb8c148ddb678857aee4d44ecb

SHA1
ba80ea7e96172784d1a5c3273217a713d77d402f

SHA256
43d8f9e05aed4c2cf5603ab9c8b1c14ee28f1cf59d50f54eada705f2a6db5cef

SHA512
5360c1a0bfdb08d75fc3cd3284db367b1da30551c6e08eedb496580cd61f1f6af27c0681166a5c6c2f1287cb0a8c5f6d13efb66594a1fdefda386141e47146ca

Download Submit
C:\Windows\system\hEuKAKg.exe

Filesize
6.0MB

MD5
4371028fcca8b17b68d4d6efe90e5940

SHA1
01a260c4094564c5be6d99f1810fea396171bd75

SHA256
92b5747ccb3200416c22f3f9d410d43eaa8f0f78839eba2c22a877849cb136b0

SHA512
8149aa4e97d80981fba8c9fba9272ba8b201af6ef89ea89c5124c9467430eda48fe06391bf3998c16ff1d52a8252bb6e18a666be8b0cc18920f62e318ed8bc07

Download Submit
C:\Windows\system\iYIOBEw.exe

Filesize
6.0MB

MD5
585d141a0c75c4fa7af84ab5a79bda5b

SHA1
1966868ee0d0c64f5b381282a0fe81f7410f2624

SHA256
d0d40701a766a6acee60dc73b3510acedcf394c1d4f688ed7f4e51fad2ef6f00

SHA512
98515126d5dfa6f152109d178e60053a96116cc75acfbe73d628fa60c96a0d3fb8f6440e4bd919d34a34543ac480734c246200d8e56cd4c2fe55bb86de5b5932

Download Submit
C:\Windows\system\mMIBIPY.exe

Filesize
6.0MB

MD5
6350cde2ef68ccd49968ced1687aa5bf

SHA1
72a7bd60c098b858ba03d68393e8a59728d8440e

SHA256
ab1aada0de0b19cd852fcc6d87f72af4f657541aa58adb36981f20a59536d869

SHA512
caa0e2987d91a3dd7b5874d716abc8cbf04824a374e7e7f19d367929bdfa6a443f8b7d6c4c41dc3a0d0d9eba4a80360bdf164063b6925e7d3b0de41be1a541ae

Download Submit
C:\Windows\system\nAnqZAy.exe

Filesize
6.0MB

MD5
792f3dfc96f3094db75e171cb99f37ed

SHA1
42fbb0fe0ba528b501a1d721fcb2d81c88562925

SHA256
a6987e1ee7baa80486001a8797962dcb87ca9f2bb29d4a62db1bacc7f93889ac

SHA512
e9fc6bc6595eed695da6bd05e017a46ab1cd1e40637a88447dbf72a56bb2aaabadbbc226ffa1e3746a0ec06fd66a36dc8144f702253e18ec969ea683768e3baa

Download Submit
C:\Windows\system\nzejyVj.exe

Filesize
6.0MB

MD5
112c21eb555372cf43e70f3dbd17091b

SHA1
d7a1ab79710cc279b84040398a130ec04d7e3b56

SHA256
2f23a5108a1e2c52fa9268c4323da2f789466fe658e7d1e85b5ab1b2d920774f

SHA512
260dc28e0172c3d6f197c6f106e1b5c56c639a503bf21b75b3fcbce5e064af78380370fc79ad8dedd56351cdd6c75628269d004211696ed5eb9f349016bfd405

Download Submit
C:\Windows\system\pctKHNX.exe

Filesize
6.0MB

MD5
3e3320f8cd11f9296c4366deeaf410c8

SHA1
e9fa2ffd56f805f5b94149a2edb22bcfad4d42ce

SHA256
73bcb55f6bfba71a535bfd78371827e3d657a0e099e83ee4b0e7305ae853a1aa

SHA512
21c47d35400600d03e7447086417e7cb70ff678b5f426191b7284de1e3ec1f1439dac4d81992d415d8eab311e347ec3d94889fd1683825a35538e3f147fd94b0

Download Submit
C:\Windows\system\rtPOzcw.exe

Filesize
6.0MB

MD5
7f9e111ee0589928db93765db3c32181

SHA1
cd4932763ec2bc48bcad9aa5fb6dfc8b3c5c328e

SHA256
e2064b99239ca97f377954e8c38aa504f50404d95ae74defbf2cd7f7f1f8f808

SHA512
8d004ea11dcd1ce3e05a3e0212701dd4d270825a7375bcb0593a964817495f7465617856c52f28d247836bf3ecd286ace413ddcca711b0b58cb6a62f1c6c4a39

Download Submit
C:\Windows\system\tJsCpRB.exe

Filesize
6.0MB

MD5
41393f68595d733bb96dfd638c0de3a9

SHA1
e0c6068162a345a6e4100961c226aabced4a98d5

SHA256
74a84d83621b23546b2bc3da9ca3881ba89485fb8d2fabf79b57146c6fa90549

SHA512
80055c37c75c16a02d746cf15422ab4340e162eae51b1c0c652ab49a9a6f2987057c2515d33aad724117bc6083a97c43d767d09e1e0a0d5dd3c0a230397699aa

Download Submit
C:\Windows\system\tsIUGUe.exe

Filesize
6.0MB

MD5
9029372beaf60b1b1ef2b9c74bb39ac8

SHA1
adcfdd41c8d3181a7f66842dc7c63694de8f8a57

SHA256
c3eec5ce6df88e66ad87947a17b286e82c9001433fef679f9f3c84f4e8685b84

SHA512
cfc6c8e0d884fc5582f87e19a63e2dee87608b85c249291312dfd4fd06a26dadf582b370f19c19e79f9f7bb59058ef6d0563c7a42b5e8edecd687bb862866c0d

Download Submit
C:\Windows\system\uLRVLPj.exe

Filesize
6.0MB

MD5
725020d4bcd4daf406e2e9417c56cd0e

SHA1
5d629624f195046ffb46f82d6a934b8dfbd60fb1

SHA256
807c4fbf1ed872db0ea4fdb0289eb5577df3875a267d366b544bdc27f272e298

SHA512
2f76d45cd6c0701ba66596a86b202f5c9927516ea11ef42d43f5b716da51fad0ac6107c5c24c8c0b542d983bcf483b9b35a4b2cc66c7208fd4c5e0b43a2ddfaa

Download Submit
C:\Windows\system\wkHxWyb.exe

Filesize
6.0MB

MD5
6d09fdd24eed32b68f67dbd79d1df5bc

SHA1
bfb419c6723a89a813f9510a66951a7835ecfa1c

SHA256
b65a0450ffb3f39976aa021e9ad6456a3419078175e68fe1ccfde957c33b18da

SHA512
f349c8c3d2c5753dfa64df1904e9f419f657c75df493fcea4a598748d0509724073b29e4cdaad01c451273f04e36d1e729b135a6124e78b9069befd9ba60e5c6

Download Submit
C:\Windows\system\zIoTsur.exe

Filesize
6.0MB

MD5
dd9a76fd724bb5527714d8c5995b33e9

SHA1
3a6f760c0f14638760cfa9ba8465afbfc9a371e4

SHA256
fba53b1f82926553408d697c3301cd6b6313d5cf3f423fe60e16cc99c6007a43

SHA512
af280aae9fc51fa40b1cb5496c38b0b292c0e6a1aac3e155846bceca083e815d5048bf079ed06a385271e7fd5335b91f59c1f7559f80f02bda2d9ec3f21225db

Download Submit
memory/988-2052-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/988-3057-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1032-3048-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1032-2008-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1588-3035-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1588-1963-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1926-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2348-3031-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2564-1844-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3047-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3056-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1803-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2660-1586-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3029-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3028-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1887-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1759-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3033-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2093-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3043-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3034-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2095-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1628-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3030-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3049-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1666-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2860-1712-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3032-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1927-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1713-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1547-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2996-0-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1966-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1760-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1889-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2009-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1629-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1587-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1546-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2053-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1845-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1804-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1667-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2996-5219-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download