cobaltstrike | 647bcaf03e989efe0e90b6be6b8e3710c53ec19c79a26888cf07e9ad021ff9bc

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11-12-2024 06:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f1cbb7e4e071425d6686637ab6a2e3b0
SHA1

3447167893937e0a5c46c5ba2eabd85ea1a31b75
SHA256

647bcaf03e989efe0e90b6be6b8e3710c53ec19c79a26888cf07e9ad021ff9bc
SHA512

f8563b4c3264f19e738fffae9364eae0a5ab7dbd6ce935dbf32231924a9a711c2701efbd50fd1ac3a40fd00d670b013fbc47aa509c863315a4a661d621e755e1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUd:T+q56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001226d-3.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019223-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019230-15.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019246-20.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001926b-25.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194c4-34.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-40.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-44.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-54.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-80.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018780-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-49.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001930d-29.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 51 IoCs

miner

resource	yara_rule
behavioral1/memory/2064-0-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x000c00000001226d-3.dat	xmrig
behavioral1/files/0x0006000000019223-8.dat	xmrig
behavioral1/files/0x0007000000019230-15.dat	xmrig
behavioral1/files/0x0006000000019246-20.dat	xmrig
behavioral1/files/0x000600000001926b-25.dat	xmrig
behavioral1/files/0x00070000000194c4-34.dat	xmrig
behavioral1/files/0x0005000000019c3c-40.dat	xmrig
behavioral1/files/0x0005000000019c3e-44.dat	xmrig
behavioral1/files/0x0005000000019cba-54.dat	xmrig
behavioral1/files/0x000500000001a09e-97.dat	xmrig
behavioral1/files/0x000500000001a41d-114.dat	xmrig
behavioral1/files/0x000500000001a427-137.dat	xmrig
behavioral1/files/0x000500000001a48d-158.dat	xmrig
behavioral1/memory/2132-2287-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46f-156.dat	xmrig
behavioral1/files/0x000500000001a49a-152.dat	xmrig
behavioral1/files/0x000500000001a4a9-159.dat	xmrig
behavioral1/files/0x000500000001a499-151.dat	xmrig
behavioral1/files/0x000500000001a48b-143.dat	xmrig
behavioral1/files/0x000500000001a359-108.dat	xmrig
behavioral1/files/0x000500000001a42d-128.dat	xmrig
behavioral1/files/0x000500000001a075-90.dat	xmrig
behavioral1/files/0x000500000001a41e-120.dat	xmrig
behavioral1/files/0x000500000001a41b-113.dat	xmrig
behavioral1/files/0x000500000001a307-102.dat	xmrig
behavioral1/files/0x000500000001a07e-94.dat	xmrig
behavioral1/files/0x0005000000019f94-80.dat	xmrig
behavioral1/files/0x0008000000018780-84.dat	xmrig
behavioral1/files/0x0005000000019f8a-75.dat	xmrig
behavioral1/files/0x0005000000019dbf-69.dat	xmrig
behavioral1/files/0x0005000000019d8e-64.dat	xmrig
behavioral1/files/0x0005000000019cca-59.dat	xmrig
behavioral1/files/0x0005000000019c57-49.dat	xmrig
behavioral1/files/0x000600000001930d-29.dat	xmrig
behavioral1/memory/1908-2368-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2360-3872-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2756-3871-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2132-3873-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2808-3874-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2960-3875-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/1168-3876-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/1908-3877-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2720-3878-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2836-3879-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2636-3880-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2520-3882-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/1208-3883-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2884-3881-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2892-3884-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2064-3887-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2132	TnWJIBv.exe
1908	NcYnJPL.exe
2360	FxiBVuj.exe
2520	VFPsuPT.exe
1168	RkMctYO.exe
1208	iEongNo.exe
2808	HvQBzkp.exe
2836	pauKGKu.exe
2960	eUEUUfs.exe
2892	eXPDEjA.exe
2884	EztXuLk.exe
2636	nMtSCjv.exe
2756	YhWYBQS.exe
2720	JvDibtB.exe
3036	aXgwUzj.exe
1592	LpnpHiY.exe
600	mwovLkR.exe
1652	NiQJpej.exe
644	JGuFfii.exe
2500	hsMrcOC.exe
1324	tgjJYrl.exe
1752	wMuJSuf.exe
2128	ZomWahm.exe
1880	uTRjtHZ.exe
1772	GzhuTGS.exe
1496	YbWJISK.exe
1632	pCVUNkM.exe
608	fqOleWJ.exe
1952	sRXFodj.exe
2676	xMMhtmp.exe
2300	QPKxPxW.exe
2964	shRFsHL.exe
2916	qfCaSLm.exe
1600	DJJOCtZ.exe
1836	fDMIthz.exe
1520	aZNJikO.exe
1560	GMPlUSP.exe
2460	cdfcgYy.exe
576	VKMzJGL.exe
2384	wVhrHFT.exe
652	RVyevcA.exe
816	fTcsGiU.exe
964	YSHNVmY.exe
2504	ateLdsY.exe
2160	LnRXQCr.exe
1028	NDgUznD.exe
1448	mKsLePG.exe
2168	KQecgmz.exe
1940	MuiqchA.exe
2000	pnUfykB.exe
2452	dpqsYBW.exe
3016	npgAzRP.exe
2484	VjToetL.exe
2896	yGVqhOb.exe
896	xGQgqZb.exe
2536	BwYFmUI.exe
1628	IBFHJFz.exe
2556	VPqisRd.exe
2420	SmuvZlC.exe
2800	IRjsPso.exe
1624	tLuSGhs.exe
1680	CPpHqTb.exe
2796	NRPVjez.exe
2760	HKeuSKj.exe

Loads dropped DLL 64 IoCs

pid	Process
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-0-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x000c00000001226d-3.dat	upx
behavioral1/files/0x0006000000019223-8.dat	upx
behavioral1/files/0x0007000000019230-15.dat	upx
behavioral1/files/0x0006000000019246-20.dat	upx
behavioral1/files/0x000600000001926b-25.dat	upx
behavioral1/files/0x00070000000194c4-34.dat	upx
behavioral1/files/0x0005000000019c3c-40.dat	upx
behavioral1/files/0x0005000000019c3e-44.dat	upx
behavioral1/files/0x0005000000019cba-54.dat	upx
behavioral1/files/0x000500000001a09e-97.dat	upx
behavioral1/files/0x000500000001a41d-114.dat	upx
behavioral1/files/0x000500000001a427-137.dat	upx
behavioral1/files/0x000500000001a48d-158.dat	upx
behavioral1/memory/2132-2287-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000500000001a46f-156.dat	upx
behavioral1/files/0x000500000001a49a-152.dat	upx
behavioral1/files/0x000500000001a4a9-159.dat	upx
behavioral1/files/0x000500000001a499-151.dat	upx
behavioral1/files/0x000500000001a48b-143.dat	upx
behavioral1/files/0x000500000001a359-108.dat	upx
behavioral1/files/0x000500000001a42d-128.dat	upx
behavioral1/files/0x000500000001a075-90.dat	upx
behavioral1/files/0x000500000001a41e-120.dat	upx
behavioral1/files/0x000500000001a41b-113.dat	upx
behavioral1/files/0x000500000001a307-102.dat	upx
behavioral1/files/0x000500000001a07e-94.dat	upx
behavioral1/files/0x0005000000019f94-80.dat	upx
behavioral1/files/0x0008000000018780-84.dat	upx
behavioral1/files/0x0005000000019f8a-75.dat	upx
behavioral1/files/0x0005000000019dbf-69.dat	upx
behavioral1/files/0x0005000000019d8e-64.dat	upx
behavioral1/files/0x0005000000019cca-59.dat	upx
behavioral1/files/0x0005000000019c57-49.dat	upx
behavioral1/files/0x000600000001930d-29.dat	upx
behavioral1/memory/1908-2368-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2360-3872-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2756-3871-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2132-3873-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2808-3874-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2960-3875-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/1168-3876-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/1908-3877-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2720-3878-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2836-3879-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2636-3880-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2520-3882-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/1208-3883-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2884-3881-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2892-3884-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2064-3887-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MxkMvXO.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSDqpHs.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToXtHhs.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYofyAe.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNSWfFQ.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSEPHvZ.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZfuFcb.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIRDjzK.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGFjZBx.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mIQsmFq.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJHPqua.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lvgnhwO.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCTXptP.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\npgAzRP.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBEiHGF.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZPhmIU.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLycTYU.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzJYLjv.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fRbchCj.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLBlRKh.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjqnhKo.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrQSNbg.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXgKNyl.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBqEEDH.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCylVdD.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oeOrqZH.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XMcNkeF.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVGxBGh.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UegmJVR.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlWQOAk.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQRTpUm.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLoWOCA.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uATuNGV.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erOonMP.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HskBugk.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEnOKUE.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYopIOP.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkNlKrE.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbHHDQS.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iJakjnn.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvtHngw.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtPWoMp.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVRCfsl.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVqzNbw.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GiXMcuM.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDchwei.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amQLUbj.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOoNxJK.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dAIPxJY.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNeJgJb.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVbXtjU.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzrATfe.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtNEnFO.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JmaPhgE.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhdDWJG.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYSLqZP.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tlGKDnI.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEpHDmn.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVRKrYd.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlBThtW.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAXnWBg.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPAiEEy.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyhGWTW.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inEMyZx.exe	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2132	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 2132	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 2132	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 1908	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 1908	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 1908	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 2360	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2360	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2360	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2520	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2520	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2520	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 1168	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 1168	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 1168	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 1208	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 1208	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 1208	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2808	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2808	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2808	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2836	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2836	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2836	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2960	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2960	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2960	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2892	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2892	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2892	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2884	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2884	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2884	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2636	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2636	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2636	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2756	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2756	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2756	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2720	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 2720	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 2720	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 3036	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 3036	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 3036	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 1592	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 1592	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 1592	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 600	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 600	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 600	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 1652	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 1652	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 1652	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 644	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 644	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 644	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 1324	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 1324	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 1324	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 2500	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 2500	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 2500	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 1752	2064	2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-11_f1cbb7e4e071425d6686637ab6a2e3b0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\System\TnWJIBv.exe
  C:\Windows\System\TnWJIBv.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\NcYnJPL.exe
  C:\Windows\System\NcYnJPL.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\FxiBVuj.exe
  C:\Windows\System\FxiBVuj.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\VFPsuPT.exe
  C:\Windows\System\VFPsuPT.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\RkMctYO.exe
  C:\Windows\System\RkMctYO.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\iEongNo.exe
  C:\Windows\System\iEongNo.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\HvQBzkp.exe
  C:\Windows\System\HvQBzkp.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\pauKGKu.exe
  C:\Windows\System\pauKGKu.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\eUEUUfs.exe
  C:\Windows\System\eUEUUfs.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\eXPDEjA.exe
  C:\Windows\System\eXPDEjA.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\EztXuLk.exe
  C:\Windows\System\EztXuLk.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\nMtSCjv.exe
  C:\Windows\System\nMtSCjv.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\YhWYBQS.exe
  C:\Windows\System\YhWYBQS.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\JvDibtB.exe
  C:\Windows\System\JvDibtB.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\aXgwUzj.exe
  C:\Windows\System\aXgwUzj.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\LpnpHiY.exe
  C:\Windows\System\LpnpHiY.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\mwovLkR.exe
  C:\Windows\System\mwovLkR.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\NiQJpej.exe
  C:\Windows\System\NiQJpej.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\JGuFfii.exe
  C:\Windows\System\JGuFfii.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\tgjJYrl.exe
  C:\Windows\System\tgjJYrl.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\hsMrcOC.exe
  C:\Windows\System\hsMrcOC.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\wMuJSuf.exe
  C:\Windows\System\wMuJSuf.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\ZomWahm.exe
  C:\Windows\System\ZomWahm.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\YbWJISK.exe
  C:\Windows\System\YbWJISK.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\uTRjtHZ.exe
  C:\Windows\System\uTRjtHZ.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\pCVUNkM.exe
  C:\Windows\System\pCVUNkM.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\GzhuTGS.exe
  C:\Windows\System\GzhuTGS.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\xMMhtmp.exe
  C:\Windows\System\xMMhtmp.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\fqOleWJ.exe
  C:\Windows\System\fqOleWJ.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\QPKxPxW.exe
  C:\Windows\System\QPKxPxW.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\sRXFodj.exe
  C:\Windows\System\sRXFodj.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\cdfcgYy.exe
  C:\Windows\System\cdfcgYy.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\shRFsHL.exe
  C:\Windows\System\shRFsHL.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\wVhrHFT.exe
  C:\Windows\System\wVhrHFT.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\qfCaSLm.exe
  C:\Windows\System\qfCaSLm.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\RVyevcA.exe
  C:\Windows\System\RVyevcA.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\DJJOCtZ.exe
  C:\Windows\System\DJJOCtZ.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\YSHNVmY.exe
  C:\Windows\System\YSHNVmY.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\fDMIthz.exe
  C:\Windows\System\fDMIthz.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\ateLdsY.exe
  C:\Windows\System\ateLdsY.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\aZNJikO.exe
  C:\Windows\System\aZNJikO.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\LnRXQCr.exe
  C:\Windows\System\LnRXQCr.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\GMPlUSP.exe
  C:\Windows\System\GMPlUSP.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\NDgUznD.exe
  C:\Windows\System\NDgUznD.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\VKMzJGL.exe
  C:\Windows\System\VKMzJGL.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\mKsLePG.exe
  C:\Windows\System\mKsLePG.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\fTcsGiU.exe
  C:\Windows\System\fTcsGiU.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\KQecgmz.exe
  C:\Windows\System\KQecgmz.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\MuiqchA.exe
  C:\Windows\System\MuiqchA.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\pnUfykB.exe
  C:\Windows\System\pnUfykB.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\dpqsYBW.exe
  C:\Windows\System\dpqsYBW.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\npgAzRP.exe
  C:\Windows\System\npgAzRP.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\VjToetL.exe
  C:\Windows\System\VjToetL.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\yGVqhOb.exe
  C:\Windows\System\yGVqhOb.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\xGQgqZb.exe
  C:\Windows\System\xGQgqZb.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\SmuvZlC.exe
  C:\Windows\System\SmuvZlC.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\BwYFmUI.exe
  C:\Windows\System\BwYFmUI.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\tLuSGhs.exe
  C:\Windows\System\tLuSGhs.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\IBFHJFz.exe
  C:\Windows\System\IBFHJFz.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\CPpHqTb.exe
  C:\Windows\System\CPpHqTb.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\VPqisRd.exe
  C:\Windows\System\VPqisRd.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\NRPVjez.exe
  C:\Windows\System\NRPVjez.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\IRjsPso.exe
  C:\Windows\System\IRjsPso.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\HKeuSKj.exe
  C:\Windows\System\HKeuSKj.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\WjVcHev.exe
  C:\Windows\System\WjVcHev.exe
  2⤵
  PID:2876
- C:\Windows\System\aOqkXZZ.exe
  C:\Windows\System\aOqkXZZ.exe
  2⤵
  PID:2656
- C:\Windows\System\wrygpKo.exe
  C:\Windows\System\wrygpKo.exe
  2⤵
  PID:2172
- C:\Windows\System\rSPQPeZ.exe
  C:\Windows\System\rSPQPeZ.exe
  2⤵
  PID:1640
- C:\Windows\System\YLUAvSB.exe
  C:\Windows\System\YLUAvSB.exe
  2⤵
  PID:1232
- C:\Windows\System\HFPgysE.exe
  C:\Windows\System\HFPgysE.exe
  2⤵
  PID:1736
- C:\Windows\System\bKFXZjL.exe
  C:\Windows\System\bKFXZjL.exe
  2⤵
  PID:284
- C:\Windows\System\VDPqcBi.exe
  C:\Windows\System\VDPqcBi.exe
  2⤵
  PID:1980
- C:\Windows\System\wwPAEHw.exe
  C:\Windows\System\wwPAEHw.exe
  2⤵
  PID:2228
- C:\Windows\System\PdEdQhl.exe
  C:\Windows\System\PdEdQhl.exe
  2⤵
  PID:2852
- C:\Windows\System\zuZfuVM.exe
  C:\Windows\System\zuZfuVM.exe
  2⤵
  PID:2332
- C:\Windows\System\UqGhiQR.exe
  C:\Windows\System\UqGhiQR.exe
  2⤵
  PID:1656
- C:\Windows\System\SEpHDmn.exe
  C:\Windows\System\SEpHDmn.exe
  2⤵
  PID:1528
- C:\Windows\System\MPWKJbI.exe
  C:\Windows\System\MPWKJbI.exe
  2⤵
  PID:2260
- C:\Windows\System\TbgFQkz.exe
  C:\Windows\System\TbgFQkz.exe
  2⤵
  PID:792
- C:\Windows\System\JNSMIZZ.exe
  C:\Windows\System\JNSMIZZ.exe
  2⤵
  PID:2088
- C:\Windows\System\kzQPHrY.exe
  C:\Windows\System\kzQPHrY.exe
  2⤵
  PID:1944
- C:\Windows\System\zXSsnzj.exe
  C:\Windows\System\zXSsnzj.exe
  2⤵
  PID:1112
- C:\Windows\System\GQILEbx.exe
  C:\Windows\System\GQILEbx.exe
  2⤵
  PID:2928
- C:\Windows\System\MxkMvXO.exe
  C:\Windows\System\MxkMvXO.exe
  2⤵
  PID:2004
- C:\Windows\System\lEzvXij.exe
  C:\Windows\System\lEzvXij.exe
  2⤵
  PID:2968
- C:\Windows\System\EnTGpHc.exe
  C:\Windows\System\EnTGpHc.exe
  2⤵
  PID:1828
- C:\Windows\System\sObyeEB.exe
  C:\Windows\System\sObyeEB.exe
  2⤵
  PID:1400
- C:\Windows\System\ZGFjZBx.exe
  C:\Windows\System\ZGFjZBx.exe
  2⤵
  PID:2984
- C:\Windows\System\jWPWGrS.exe
  C:\Windows\System\jWPWGrS.exe
  2⤵
  PID:2572
- C:\Windows\System\XrdQhyx.exe
  C:\Windows\System\XrdQhyx.exe
  2⤵
  PID:1996
- C:\Windows\System\ahSlvzP.exe
  C:\Windows\System\ahSlvzP.exe
  2⤵
  PID:3064
- C:\Windows\System\NBEiHGF.exe
  C:\Windows\System\NBEiHGF.exe
  2⤵
  PID:1988
- C:\Windows\System\GAFiKDN.exe
  C:\Windows\System\GAFiKDN.exe
  2⤵
  PID:3040
- C:\Windows\System\uKosKWu.exe
  C:\Windows\System\uKosKWu.exe
  2⤵
  PID:2752
- C:\Windows\System\qXxrVBo.exe
  C:\Windows\System\qXxrVBo.exe
  2⤵
  PID:596
- C:\Windows\System\BrGYiGB.exe
  C:\Windows\System\BrGYiGB.exe
  2⤵
  PID:1308
- C:\Windows\System\JjyAWyC.exe
  C:\Windows\System\JjyAWyC.exe
  2⤵
  PID:2152
- C:\Windows\System\EmKulDx.exe
  C:\Windows\System\EmKulDx.exe
  2⤵
  PID:2660
- C:\Windows\System\BjqnhKo.exe
  C:\Windows\System\BjqnhKo.exe
  2⤵
  PID:2844
- C:\Windows\System\OoRKvKW.exe
  C:\Windows\System\OoRKvKW.exe
  2⤵
  PID:2356
- C:\Windows\System\UJSFhxa.exe
  C:\Windows\System\UJSFhxa.exe
  2⤵
  PID:684
- C:\Windows\System\Phomznn.exe
  C:\Windows\System\Phomznn.exe
  2⤵
  PID:1032
- C:\Windows\System\zRqhUqu.exe
  C:\Windows\System\zRqhUqu.exe
  2⤵
  PID:408
- C:\Windows\System\CAjgLXc.exe
  C:\Windows\System\CAjgLXc.exe
  2⤵
  PID:448
- C:\Windows\System\gtIwCxW.exe
  C:\Windows\System\gtIwCxW.exe
  2⤵
  PID:1588
- C:\Windows\System\JxMEuyD.exe
  C:\Windows\System\JxMEuyD.exe
  2⤵
  PID:1960
- C:\Windows\System\mIQsmFq.exe
  C:\Windows\System\mIQsmFq.exe
  2⤵
  PID:1976
- C:\Windows\System\yRZdIRe.exe
  C:\Windows\System\yRZdIRe.exe
  2⤵
  PID:1444
- C:\Windows\System\PItEqAM.exe
  C:\Windows\System\PItEqAM.exe
  2⤵
  PID:920
- C:\Windows\System\JeDeAhj.exe
  C:\Windows\System\JeDeAhj.exe
  2⤵
  PID:1648
- C:\Windows\System\pxXRFqQ.exe
  C:\Windows\System\pxXRFqQ.exe
  2⤵
  PID:1516
- C:\Windows\System\JVTnPvi.exe
  C:\Windows\System\JVTnPvi.exe
  2⤵
  PID:2012
- C:\Windows\System\HvCuzvX.exe
  C:\Windows\System\HvCuzvX.exe
  2⤵
  PID:352
- C:\Windows\System\WSagwxi.exe
  C:\Windows\System\WSagwxi.exe
  2⤵
  PID:2396
- C:\Windows\System\xaMoURx.exe
  C:\Windows\System\xaMoURx.exe
  2⤵
  PID:2364
- C:\Windows\System\nQLLBcf.exe
  C:\Windows\System\nQLLBcf.exe
  2⤵
  PID:2548
- C:\Windows\System\hoIgjyj.exe
  C:\Windows\System\hoIgjyj.exe
  2⤵
  PID:1708
- C:\Windows\System\grJwvWj.exe
  C:\Windows\System\grJwvWj.exe
  2⤵
  PID:1796
- C:\Windows\System\YHtSzBo.exe
  C:\Windows\System\YHtSzBo.exe
  2⤵
  PID:468
- C:\Windows\System\awIXGvR.exe
  C:\Windows\System\awIXGvR.exe
  2⤵
  PID:1220
- C:\Windows\System\KnvOwdK.exe
  C:\Windows\System\KnvOwdK.exe
  2⤵
  PID:3076
- C:\Windows\System\YpOukFs.exe
  C:\Windows\System\YpOukFs.exe
  2⤵
  PID:3096
- C:\Windows\System\VYsRgYW.exe
  C:\Windows\System\VYsRgYW.exe
  2⤵
  PID:3112
- C:\Windows\System\uwqmlMA.exe
  C:\Windows\System\uwqmlMA.exe
  2⤵
  PID:3132
- C:\Windows\System\DYVJNGy.exe
  C:\Windows\System\DYVJNGy.exe
  2⤵
  PID:3148
- C:\Windows\System\PIemLzp.exe
  C:\Windows\System\PIemLzp.exe
  2⤵
  PID:3168
- C:\Windows\System\hJQbizI.exe
  C:\Windows\System\hJQbizI.exe
  2⤵
  PID:3184
- C:\Windows\System\pwGKrWU.exe
  C:\Windows\System\pwGKrWU.exe
  2⤵
  PID:3200
- C:\Windows\System\JMEUFQV.exe
  C:\Windows\System\JMEUFQV.exe
  2⤵
  PID:3216
- C:\Windows\System\xKqVSzI.exe
  C:\Windows\System\xKqVSzI.exe
  2⤵
  PID:3232
- C:\Windows\System\xCJGgxP.exe
  C:\Windows\System\xCJGgxP.exe
  2⤵
  PID:3256
- C:\Windows\System\OXJEuDq.exe
  C:\Windows\System\OXJEuDq.exe
  2⤵
  PID:3272
- C:\Windows\System\qLjasEV.exe
  C:\Windows\System\qLjasEV.exe
  2⤵
  PID:3292
- C:\Windows\System\QOHlnAb.exe
  C:\Windows\System\QOHlnAb.exe
  2⤵
  PID:3308
- C:\Windows\System\PEICmAE.exe
  C:\Windows\System\PEICmAE.exe
  2⤵
  PID:3324
- C:\Windows\System\kNcpmNe.exe
  C:\Windows\System\kNcpmNe.exe
  2⤵
  PID:3344
- C:\Windows\System\WksxVpi.exe
  C:\Windows\System\WksxVpi.exe
  2⤵
  PID:3360
- C:\Windows\System\vYJgLDI.exe
  C:\Windows\System\vYJgLDI.exe
  2⤵
  PID:3380
- C:\Windows\System\PzLNDim.exe
  C:\Windows\System\PzLNDim.exe
  2⤵
  PID:3400
- C:\Windows\System\BksktWe.exe
  C:\Windows\System\BksktWe.exe
  2⤵
  PID:3424
- C:\Windows\System\TBqywcx.exe
  C:\Windows\System\TBqywcx.exe
  2⤵
  PID:3440
- C:\Windows\System\gDWIgSL.exe
  C:\Windows\System\gDWIgSL.exe
  2⤵
  PID:3500
- C:\Windows\System\XOGrTDi.exe
  C:\Windows\System\XOGrTDi.exe
  2⤵
  PID:3520
- C:\Windows\System\tDlHloO.exe
  C:\Windows\System\tDlHloO.exe
  2⤵
  PID:3540
- C:\Windows\System\ZlKkVrn.exe
  C:\Windows\System\ZlKkVrn.exe
  2⤵
  PID:3556
- C:\Windows\System\LJfSYXZ.exe
  C:\Windows\System\LJfSYXZ.exe
  2⤵
  PID:3576
- C:\Windows\System\qAKsRTZ.exe
  C:\Windows\System\qAKsRTZ.exe
  2⤵
  PID:3596
- C:\Windows\System\vyWsJIK.exe
  C:\Windows\System\vyWsJIK.exe
  2⤵
  PID:3620
- C:\Windows\System\KSJizla.exe
  C:\Windows\System\KSJizla.exe
  2⤵
  PID:3636
- C:\Windows\System\PSOMWZc.exe
  C:\Windows\System\PSOMWZc.exe
  2⤵
  PID:3660
- C:\Windows\System\vWhbQoQ.exe
  C:\Windows\System\vWhbQoQ.exe
  2⤵
  PID:3680
- C:\Windows\System\rfaMCUV.exe
  C:\Windows\System\rfaMCUV.exe
  2⤵
  PID:3696
- C:\Windows\System\ApDZFQS.exe
  C:\Windows\System\ApDZFQS.exe
  2⤵
  PID:3716
- C:\Windows\System\cTfrdcr.exe
  C:\Windows\System\cTfrdcr.exe
  2⤵
  PID:3736
- C:\Windows\System\gZWyTkB.exe
  C:\Windows\System\gZWyTkB.exe
  2⤵
  PID:3760
- C:\Windows\System\OxBHTsj.exe
  C:\Windows\System\OxBHTsj.exe
  2⤵
  PID:3780
- C:\Windows\System\rkzqjEf.exe
  C:\Windows\System\rkzqjEf.exe
  2⤵
  PID:3800
- C:\Windows\System\NhoTbxS.exe
  C:\Windows\System\NhoTbxS.exe
  2⤵
  PID:3820
- C:\Windows\System\FQdnoeg.exe
  C:\Windows\System\FQdnoeg.exe
  2⤵
  PID:3836
- C:\Windows\System\MKdjBXp.exe
  C:\Windows\System\MKdjBXp.exe
  2⤵
  PID:3860
- C:\Windows\System\zVYADDE.exe
  C:\Windows\System\zVYADDE.exe
  2⤵
  PID:3880
- C:\Windows\System\akiYUMM.exe
  C:\Windows\System\akiYUMM.exe
  2⤵
  PID:3900
- C:\Windows\System\BRQWlhs.exe
  C:\Windows\System\BRQWlhs.exe
  2⤵
  PID:3920
- C:\Windows\System\fmKnVJi.exe
  C:\Windows\System\fmKnVJi.exe
  2⤵
  PID:3940
- C:\Windows\System\ramzVAJ.exe
  C:\Windows\System\ramzVAJ.exe
  2⤵
  PID:3960
- C:\Windows\System\LwrnmGq.exe
  C:\Windows\System\LwrnmGq.exe
  2⤵
  PID:3980
- C:\Windows\System\HziaSQJ.exe
  C:\Windows\System\HziaSQJ.exe
  2⤵
  PID:3996
- C:\Windows\System\PJvdFzF.exe
  C:\Windows\System\PJvdFzF.exe
  2⤵
  PID:4020
- C:\Windows\System\admvdMy.exe
  C:\Windows\System\admvdMy.exe
  2⤵
  PID:4036
- C:\Windows\System\pGevkaw.exe
  C:\Windows\System\pGevkaw.exe
  2⤵
  PID:4060
- C:\Windows\System\ThByZYO.exe
  C:\Windows\System\ThByZYO.exe
  2⤵
  PID:4076
- C:\Windows\System\IGQOcAI.exe
  C:\Windows\System\IGQOcAI.exe
  2⤵
  PID:1000
- C:\Windows\System\WwmQcyD.exe
  C:\Windows\System\WwmQcyD.exe
  2⤵
  PID:2940
- C:\Windows\System\ACYidFz.exe
  C:\Windows\System\ACYidFz.exe
  2⤵
  PID:900
- C:\Windows\System\JLfIeIK.exe
  C:\Windows\System\JLfIeIK.exe
  2⤵
  PID:2944
- C:\Windows\System\CgbQCMO.exe
  C:\Windows\System\CgbQCMO.exe
  2⤵
  PID:2112
- C:\Windows\System\CbKzIiq.exe
  C:\Windows\System\CbKzIiq.exe
  2⤵
  PID:3120
- C:\Windows\System\JzSnpdN.exe
  C:\Windows\System\JzSnpdN.exe
  2⤵
  PID:3160
- C:\Windows\System\AlundZi.exe
  C:\Windows\System\AlundZi.exe
  2⤵
  PID:3224
- C:\Windows\System\NikauMT.exe
  C:\Windows\System\NikauMT.exe
  2⤵
  PID:2472
- C:\Windows\System\MrQSNbg.exe
  C:\Windows\System\MrQSNbg.exe
  2⤵
  PID:3268
- C:\Windows\System\ZEyHzHf.exe
  C:\Windows\System\ZEyHzHf.exe
  2⤵
  PID:2996
- C:\Windows\System\osjpCac.exe
  C:\Windows\System\osjpCac.exe
  2⤵
  PID:3332
- C:\Windows\System\kzxNriu.exe
  C:\Windows\System\kzxNriu.exe
  2⤵
  PID:844
- C:\Windows\System\jiTfUzM.exe
  C:\Windows\System\jiTfUzM.exe
  2⤵
  PID:2872
- C:\Windows\System\SRGPOct.exe
  C:\Windows\System\SRGPOct.exe
  2⤵
  PID:3372
- C:\Windows\System\EFumqvD.exe
  C:\Windows\System\EFumqvD.exe
  2⤵
  PID:3420
- C:\Windows\System\DgwaOuc.exe
  C:\Windows\System\DgwaOuc.exe
  2⤵
  PID:3252
- C:\Windows\System\jSDqpHs.exe
  C:\Windows\System\jSDqpHs.exe
  2⤵
  PID:3356
- C:\Windows\System\eGugVLD.exe
  C:\Windows\System\eGugVLD.exe
  2⤵
  PID:3288
- C:\Windows\System\ykbeYzn.exe
  C:\Windows\System\ykbeYzn.exe
  2⤵
  PID:3212
- C:\Windows\System\uQuMEZH.exe
  C:\Windows\System\uQuMEZH.exe
  2⤵
  PID:3108
- C:\Windows\System\RghMIYC.exe
  C:\Windows\System\RghMIYC.exe
  2⤵
  PID:3452
- C:\Windows\System\XDtEpAH.exe
  C:\Windows\System\XDtEpAH.exe
  2⤵
  PID:3480
- C:\Windows\System\cfnGEcf.exe
  C:\Windows\System\cfnGEcf.exe
  2⤵
  PID:3528
- C:\Windows\System\hXItzxO.exe
  C:\Windows\System\hXItzxO.exe
  2⤵
  PID:3536
- C:\Windows\System\WZBnGte.exe
  C:\Windows\System\WZBnGte.exe
  2⤵
  PID:3552
- C:\Windows\System\qXgKNyl.exe
  C:\Windows\System\qXgKNyl.exe
  2⤵
  PID:3608
- C:\Windows\System\rxIJMfQ.exe
  C:\Windows\System\rxIJMfQ.exe
  2⤵
  PID:3652
- C:\Windows\System\QlgnUAg.exe
  C:\Windows\System\QlgnUAg.exe
  2⤵
  PID:3668
- C:\Windows\System\IgdPlBj.exe
  C:\Windows\System\IgdPlBj.exe
  2⤵
  PID:3704
- C:\Windows\System\sGEbLon.exe
  C:\Windows\System\sGEbLon.exe
  2⤵
  PID:3744
- C:\Windows\System\GFZPEqs.exe
  C:\Windows\System\GFZPEqs.exe
  2⤵
  PID:3756
- C:\Windows\System\SZEjZih.exe
  C:\Windows\System\SZEjZih.exe
  2⤵
  PID:3792
- C:\Windows\System\NAmHiWw.exe
  C:\Windows\System\NAmHiWw.exe
  2⤵
  PID:3832
- C:\Windows\System\zLoWOCA.exe
  C:\Windows\System\zLoWOCA.exe
  2⤵
  PID:3896
- C:\Windows\System\VaAOrgM.exe
  C:\Windows\System\VaAOrgM.exe
  2⤵
  PID:3908
- C:\Windows\System\XuebWPN.exe
  C:\Windows\System\XuebWPN.exe
  2⤵
  PID:3932
- C:\Windows\System\jzNtVxK.exe
  C:\Windows\System\jzNtVxK.exe
  2⤵
  PID:4012
- C:\Windows\System\VgrnCfp.exe
  C:\Windows\System\VgrnCfp.exe
  2⤵
  PID:3952
- C:\Windows\System\IVDkmLi.exe
  C:\Windows\System\IVDkmLi.exe
  2⤵
  PID:4044
- C:\Windows\System\eGdQkXF.exe
  C:\Windows\System\eGdQkXF.exe
  2⤵
  PID:4092
- C:\Windows\System\qSvzjkR.exe
  C:\Windows\System\qSvzjkR.exe
  2⤵
  PID:2976
- C:\Windows\System\TRtzpJn.exe
  C:\Windows\System\TRtzpJn.exe
  2⤵
  PID:1740
- C:\Windows\System\anUFUOy.exe
  C:\Windows\System\anUFUOy.exe
  2⤵
  PID:2456
- C:\Windows\System\NdLjbGu.exe
  C:\Windows\System\NdLjbGu.exe
  2⤵
  PID:2616
- C:\Windows\System\abMJSft.exe
  C:\Windows\System\abMJSft.exe
  2⤵
  PID:1664
- C:\Windows\System\nHwQJVf.exe
  C:\Windows\System\nHwQJVf.exe
  2⤵
  PID:1824
- C:\Windows\System\YryegUo.exe
  C:\Windows\System\YryegUo.exe
  2⤵
  PID:2372
- C:\Windows\System\myYJJjJ.exe
  C:\Windows\System\myYJJjJ.exe
  2⤵
  PID:2632
- C:\Windows\System\adAZTNN.exe
  C:\Windows\System\adAZTNN.exe
  2⤵
  PID:2252
- C:\Windows\System\TjMESNG.exe
  C:\Windows\System\TjMESNG.exe
  2⤵
  PID:1676
- C:\Windows\System\AiiGtaT.exe
  C:\Windows\System\AiiGtaT.exe
  2⤵
  PID:3180
- C:\Windows\System\iyyhwcu.exe
  C:\Windows\System\iyyhwcu.exe
  2⤵
  PID:3436
- C:\Windows\System\UbHhlSt.exe
  C:\Windows\System\UbHhlSt.exe
  2⤵
  PID:3448
- C:\Windows\System\vYdcfRZ.exe
  C:\Windows\System\vYdcfRZ.exe
  2⤵
  PID:3472
- C:\Windows\System\bhmDxcw.exe
  C:\Windows\System\bhmDxcw.exe
  2⤵
  PID:3512
- C:\Windows\System\tADcNWe.exe
  C:\Windows\System\tADcNWe.exe
  2⤵
  PID:3604
- C:\Windows\System\gVqzNbw.exe
  C:\Windows\System\gVqzNbw.exe
  2⤵
  PID:3648
- C:\Windows\System\uLXdkPA.exe
  C:\Windows\System\uLXdkPA.exe
  2⤵
  PID:3712
- C:\Windows\System\zoSPuDC.exe
  C:\Windows\System\zoSPuDC.exe
  2⤵
  PID:3768
- C:\Windows\System\vUfUvmg.exe
  C:\Windows\System\vUfUvmg.exe
  2⤵
  PID:3788
- C:\Windows\System\oAMPNwp.exe
  C:\Windows\System\oAMPNwp.exe
  2⤵
  PID:3888
- C:\Windows\System\EordWtV.exe
  C:\Windows\System\EordWtV.exe
  2⤵
  PID:3936
- C:\Windows\System\TlMLPyU.exe
  C:\Windows\System\TlMLPyU.exe
  2⤵
  PID:4008
- C:\Windows\System\JEYwlIi.exe
  C:\Windows\System\JEYwlIi.exe
  2⤵
  PID:4052
- C:\Windows\System\sNiSJsu.exe
  C:\Windows\System\sNiSJsu.exe
  2⤵
  PID:2096
- C:\Windows\System\gZGynau.exe
  C:\Windows\System\gZGynau.exe
  2⤵
  PID:4068
- C:\Windows\System\wExbOzA.exe
  C:\Windows\System\wExbOzA.exe
  2⤵
  PID:1964
- C:\Windows\System\hwSQtlL.exe
  C:\Windows\System\hwSQtlL.exe
  2⤵
  PID:1636
- C:\Windows\System\qSstrHj.exe
  C:\Windows\System\qSstrHj.exe
  2⤵
  PID:2188
- C:\Windows\System\iFWtDpF.exe
  C:\Windows\System\iFWtDpF.exe
  2⤵
  PID:4104
- C:\Windows\System\hRaUOFr.exe
  C:\Windows\System\hRaUOFr.exe
  2⤵
  PID:4124
- C:\Windows\System\iECjUNV.exe
  C:\Windows\System\iECjUNV.exe
  2⤵
  PID:4144
- C:\Windows\System\UbHHDQS.exe
  C:\Windows\System\UbHHDQS.exe
  2⤵
  PID:4164
- C:\Windows\System\rhcqVeF.exe
  C:\Windows\System\rhcqVeF.exe
  2⤵
  PID:4184
- C:\Windows\System\ToXtHhs.exe
  C:\Windows\System\ToXtHhs.exe
  2⤵
  PID:4204
- C:\Windows\System\cExiBoM.exe
  C:\Windows\System\cExiBoM.exe
  2⤵
  PID:4224
- C:\Windows\System\YUNhzXR.exe
  C:\Windows\System\YUNhzXR.exe
  2⤵
  PID:4244
- C:\Windows\System\OyVkITX.exe
  C:\Windows\System\OyVkITX.exe
  2⤵
  PID:4264
- C:\Windows\System\Vjfhxxg.exe
  C:\Windows\System\Vjfhxxg.exe
  2⤵
  PID:4284
- C:\Windows\System\rRzCVHv.exe
  C:\Windows\System\rRzCVHv.exe
  2⤵
  PID:4304
- C:\Windows\System\GWXaufT.exe
  C:\Windows\System\GWXaufT.exe
  2⤵
  PID:4324
- C:\Windows\System\MdTSFsb.exe
  C:\Windows\System\MdTSFsb.exe
  2⤵
  PID:4344
- C:\Windows\System\wYGehZa.exe
  C:\Windows\System\wYGehZa.exe
  2⤵
  PID:4364
- C:\Windows\System\BxRlFjz.exe
  C:\Windows\System\BxRlFjz.exe
  2⤵
  PID:4384
- C:\Windows\System\RfTRmRX.exe
  C:\Windows\System\RfTRmRX.exe
  2⤵
  PID:4404
- C:\Windows\System\yWUZrVI.exe
  C:\Windows\System\yWUZrVI.exe
  2⤵
  PID:4424
- C:\Windows\System\dFkFoOo.exe
  C:\Windows\System\dFkFoOo.exe
  2⤵
  PID:4444
- C:\Windows\System\Fboqqda.exe
  C:\Windows\System\Fboqqda.exe
  2⤵
  PID:4464
- C:\Windows\System\NdOTMGg.exe
  C:\Windows\System\NdOTMGg.exe
  2⤵
  PID:4484
- C:\Windows\System\ofvlCxO.exe
  C:\Windows\System\ofvlCxO.exe
  2⤵
  PID:4504
- C:\Windows\System\vToJxcP.exe
  C:\Windows\System\vToJxcP.exe
  2⤵
  PID:4524
- C:\Windows\System\ziHsavL.exe
  C:\Windows\System\ziHsavL.exe
  2⤵
  PID:4544
- C:\Windows\System\zrkdiSo.exe
  C:\Windows\System\zrkdiSo.exe
  2⤵
  PID:4564
- C:\Windows\System\EBLcAdL.exe
  C:\Windows\System\EBLcAdL.exe
  2⤵
  PID:4584
- C:\Windows\System\blmyQrY.exe
  C:\Windows\System\blmyQrY.exe
  2⤵
  PID:4604
- C:\Windows\System\QCYEAHs.exe
  C:\Windows\System\QCYEAHs.exe
  2⤵
  PID:4624
- C:\Windows\System\GASWTEA.exe
  C:\Windows\System\GASWTEA.exe
  2⤵
  PID:4644
- C:\Windows\System\vmmAuxc.exe
  C:\Windows\System\vmmAuxc.exe
  2⤵
  PID:4664
- C:\Windows\System\WdEBOeK.exe
  C:\Windows\System\WdEBOeK.exe
  2⤵
  PID:4684
- C:\Windows\System\vvznjmN.exe
  C:\Windows\System\vvznjmN.exe
  2⤵
  PID:4704
- C:\Windows\System\MgBDXNr.exe
  C:\Windows\System\MgBDXNr.exe
  2⤵
  PID:4724
- C:\Windows\System\JqjysfJ.exe
  C:\Windows\System\JqjysfJ.exe
  2⤵
  PID:4744
- C:\Windows\System\UMfHrWN.exe
  C:\Windows\System\UMfHrWN.exe
  2⤵
  PID:4764
- C:\Windows\System\BmpcCzv.exe
  C:\Windows\System\BmpcCzv.exe
  2⤵
  PID:4784
- C:\Windows\System\oDQwvfy.exe
  C:\Windows\System\oDQwvfy.exe
  2⤵
  PID:4804
- C:\Windows\System\GzePifF.exe
  C:\Windows\System\GzePifF.exe
  2⤵
  PID:4824
- C:\Windows\System\urAneGr.exe
  C:\Windows\System\urAneGr.exe
  2⤵
  PID:4844
- C:\Windows\System\UVbhAkw.exe
  C:\Windows\System\UVbhAkw.exe
  2⤵
  PID:4864
- C:\Windows\System\vWWFlcH.exe
  C:\Windows\System\vWWFlcH.exe
  2⤵
  PID:4884
- C:\Windows\System\gqZkhag.exe
  C:\Windows\System\gqZkhag.exe
  2⤵
  PID:4904
- C:\Windows\System\TuMJFRY.exe
  C:\Windows\System\TuMJFRY.exe
  2⤵
  PID:4924
- C:\Windows\System\qaAXxQK.exe
  C:\Windows\System\qaAXxQK.exe
  2⤵
  PID:4944
- C:\Windows\System\LXZuAGw.exe
  C:\Windows\System\LXZuAGw.exe
  2⤵
  PID:4964
- C:\Windows\System\FFGUHbo.exe
  C:\Windows\System\FFGUHbo.exe
  2⤵
  PID:4984
- C:\Windows\System\wywnQGJ.exe
  C:\Windows\System\wywnQGJ.exe
  2⤵
  PID:5004
- C:\Windows\System\mpalzoQ.exe
  C:\Windows\System\mpalzoQ.exe
  2⤵
  PID:5024
- C:\Windows\System\Ccseuyx.exe
  C:\Windows\System\Ccseuyx.exe
  2⤵
  PID:5044
- C:\Windows\System\dWbHaaW.exe
  C:\Windows\System\dWbHaaW.exe
  2⤵
  PID:5064
- C:\Windows\System\LueDBqu.exe
  C:\Windows\System\LueDBqu.exe
  2⤵
  PID:5084
- C:\Windows\System\aautvpB.exe
  C:\Windows\System\aautvpB.exe
  2⤵
  PID:5104
- C:\Windows\System\UegmJVR.exe
  C:\Windows\System\UegmJVR.exe
  2⤵
  PID:1148
- C:\Windows\System\GRUgwxR.exe
  C:\Windows\System\GRUgwxR.exe
  2⤵
  PID:3140
- C:\Windows\System\IlPyrsv.exe
  C:\Windows\System\IlPyrsv.exe
  2⤵
  PID:3320
- C:\Windows\System\pExmZof.exe
  C:\Windows\System\pExmZof.exe
  2⤵
  PID:3468
- C:\Windows\System\jLHsAKc.exe
  C:\Windows\System\jLHsAKc.exe
  2⤵
  PID:3572
- C:\Windows\System\kocxEUE.exe
  C:\Windows\System\kocxEUE.exe
  2⤵
  PID:3724
- C:\Windows\System\tVSeCoK.exe
  C:\Windows\System\tVSeCoK.exe
  2⤵
  PID:3728
- C:\Windows\System\DcNvZPS.exe
  C:\Windows\System\DcNvZPS.exe
  2⤵
  PID:3844
- C:\Windows\System\oUuvnZn.exe
  C:\Windows\System\oUuvnZn.exe
  2⤵
  PID:3928
- C:\Windows\System\LIEjYus.exe
  C:\Windows\System\LIEjYus.exe
  2⤵
  PID:3948
- C:\Windows\System\TgrmchF.exe
  C:\Windows\System\TgrmchF.exe
  2⤵
  PID:3988
- C:\Windows\System\GZVXoyO.exe
  C:\Windows\System\GZVXoyO.exe
  2⤵
  PID:3192
- C:\Windows\System\udSvsyc.exe
  C:\Windows\System\udSvsyc.exe
  2⤵
  PID:3340
- C:\Windows\System\hqBGJpd.exe
  C:\Windows\System\hqBGJpd.exe
  2⤵
  PID:4120
- C:\Windows\System\keqIXAe.exe
  C:\Windows\System\keqIXAe.exe
  2⤵
  PID:4136
- C:\Windows\System\vaooRJP.exe
  C:\Windows\System\vaooRJP.exe
  2⤵
  PID:4176
- C:\Windows\System\bJByVFF.exe
  C:\Windows\System\bJByVFF.exe
  2⤵
  PID:4216
- C:\Windows\System\VZPmpnD.exe
  C:\Windows\System\VZPmpnD.exe
  2⤵
  PID:4240
- C:\Windows\System\DIgpqiS.exe
  C:\Windows\System\DIgpqiS.exe
  2⤵
  PID:4292
- C:\Windows\System\jTEJuBH.exe
  C:\Windows\System\jTEJuBH.exe
  2⤵
  PID:4320
- C:\Windows\System\uGEwHNl.exe
  C:\Windows\System\uGEwHNl.exe
  2⤵
  PID:4352
- C:\Windows\System\YJHPqua.exe
  C:\Windows\System\YJHPqua.exe
  2⤵
  PID:4376
- C:\Windows\System\pvjjgTn.exe
  C:\Windows\System\pvjjgTn.exe
  2⤵
  PID:4420
- C:\Windows\System\YkriGcN.exe
  C:\Windows\System\YkriGcN.exe
  2⤵
  PID:4440
- C:\Windows\System\uwDNLED.exe
  C:\Windows\System\uwDNLED.exe
  2⤵
  PID:4476
- C:\Windows\System\jGRtrKH.exe
  C:\Windows\System\jGRtrKH.exe
  2⤵
  PID:4532
- C:\Windows\System\pqrPDRn.exe
  C:\Windows\System\pqrPDRn.exe
  2⤵
  PID:4552
- C:\Windows\System\ZZHBWiT.exe
  C:\Windows\System\ZZHBWiT.exe
  2⤵
  PID:4576
- C:\Windows\System\UKOzioK.exe
  C:\Windows\System\UKOzioK.exe
  2⤵
  PID:4620
- C:\Windows\System\IDiNaFm.exe
  C:\Windows\System\IDiNaFm.exe
  2⤵
  PID:4660
- C:\Windows\System\BFxSgcy.exe
  C:\Windows\System\BFxSgcy.exe
  2⤵
  PID:4692
- C:\Windows\System\USxtTnM.exe
  C:\Windows\System\USxtTnM.exe
  2⤵
  PID:4732
- C:\Windows\System\tXupWGT.exe
  C:\Windows\System\tXupWGT.exe
  2⤵
  PID:4752
- C:\Windows\System\VXuEJmP.exe
  C:\Windows\System\VXuEJmP.exe
  2⤵
  PID:4776
- C:\Windows\System\ATSOgOe.exe
  C:\Windows\System\ATSOgOe.exe
  2⤵
  PID:4820
- C:\Windows\System\EZRXgCs.exe
  C:\Windows\System\EZRXgCs.exe
  2⤵
  PID:4860
- C:\Windows\System\pCowOJU.exe
  C:\Windows\System\pCowOJU.exe
  2⤵
  PID:4892
- C:\Windows\System\ZhlgsGx.exe
  C:\Windows\System\ZhlgsGx.exe
  2⤵
  PID:4932
- C:\Windows\System\KCOJNat.exe
  C:\Windows\System\KCOJNat.exe
  2⤵
  PID:4936
- C:\Windows\System\FDmRNyL.exe
  C:\Windows\System\FDmRNyL.exe
  2⤵
  PID:4976
- C:\Windows\System\FulkFhd.exe
  C:\Windows\System\FulkFhd.exe
  2⤵
  PID:5020
- C:\Windows\System\yYRTXdY.exe
  C:\Windows\System\yYRTXdY.exe
  2⤵
  PID:5032
- C:\Windows\System\vDtpnKG.exe
  C:\Windows\System\vDtpnKG.exe
  2⤵
  PID:5092
- C:\Windows\System\NWjZoYS.exe
  C:\Windows\System\NWjZoYS.exe
  2⤵
  PID:3432
- C:\Windows\System\WFDqDmb.exe
  C:\Windows\System\WFDqDmb.exe
  2⤵
  PID:3396
- C:\Windows\System\XZhomeG.exe
  C:\Windows\System\XZhomeG.exe
  2⤵
  PID:3316
- C:\Windows\System\SciUglM.exe
  C:\Windows\System\SciUglM.exe
  2⤵
  PID:3644
- C:\Windows\System\oJjxatF.exe
  C:\Windows\System\oJjxatF.exe
  2⤵
  PID:3672
- C:\Windows\System\HyAODVL.exe
  C:\Windows\System\HyAODVL.exe
  2⤵
  PID:4028
- C:\Windows\System\ipgziKy.exe
  C:\Windows\System\ipgziKy.exe
  2⤵
  PID:1608
- C:\Windows\System\hbtRKMb.exe
  C:\Windows\System\hbtRKMb.exe
  2⤵
  PID:3368
- C:\Windows\System\pjqmmVc.exe
  C:\Windows\System\pjqmmVc.exe
  2⤵
  PID:4160
- C:\Windows\System\dPpKPCF.exe
  C:\Windows\System\dPpKPCF.exe
  2⤵
  PID:4116
- C:\Windows\System\fVdatjB.exe
  C:\Windows\System\fVdatjB.exe
  2⤵
  PID:4232
- C:\Windows\System\vjOCWIN.exe
  C:\Windows\System\vjOCWIN.exe
  2⤵
  PID:4300
- C:\Windows\System\zFNiAzC.exe
  C:\Windows\System\zFNiAzC.exe
  2⤵
  PID:4372
- C:\Windows\System\GkYGxSN.exe
  C:\Windows\System\GkYGxSN.exe
  2⤵
  PID:4396
- C:\Windows\System\kzwmuSl.exe
  C:\Windows\System\kzwmuSl.exe
  2⤵
  PID:4456
- C:\Windows\System\nTLwVdq.exe
  C:\Windows\System\nTLwVdq.exe
  2⤵
  PID:4472
- C:\Windows\System\wlWQOAk.exe
  C:\Windows\System\wlWQOAk.exe
  2⤵
  PID:4640
- C:\Windows\System\wNdIFPk.exe
  C:\Windows\System\wNdIFPk.exe
  2⤵
  PID:4600
- C:\Windows\System\ONcoJWF.exe
  C:\Windows\System\ONcoJWF.exe
  2⤵
  PID:4680
- C:\Windows\System\mJqyFsY.exe
  C:\Windows\System\mJqyFsY.exe
  2⤵
  PID:4780
- C:\Windows\System\fbtcvqb.exe
  C:\Windows\System\fbtcvqb.exe
  2⤵
  PID:4832
- C:\Windows\System\tsCDhor.exe
  C:\Windows\System\tsCDhor.exe
  2⤵
  PID:4852
- C:\Windows\System\mzWjSNF.exe
  C:\Windows\System\mzWjSNF.exe
  2⤵
  PID:4980
- C:\Windows\System\gOeJPfX.exe
  C:\Windows\System\gOeJPfX.exe
  2⤵
  PID:4920
- C:\Windows\System\wmbuTTU.exe
  C:\Windows\System\wmbuTTU.exe
  2⤵
  PID:5052
- C:\Windows\System\hOnhduh.exe
  C:\Windows\System\hOnhduh.exe
  2⤵
  PID:5080
- C:\Windows\System\zRDczzs.exe
  C:\Windows\System\zRDczzs.exe
  2⤵
  PID:2468
- C:\Windows\System\pIIEtyS.exe
  C:\Windows\System\pIIEtyS.exe
  2⤵
  PID:1596
- C:\Windows\System\sxnKrjG.exe
  C:\Windows\System\sxnKrjG.exe
  2⤵
  PID:3632
- C:\Windows\System\JdwXNSd.exe
  C:\Windows\System\JdwXNSd.exe
  2⤵
  PID:2272
- C:\Windows\System\Hjwtzuh.exe
  C:\Windows\System\Hjwtzuh.exe
  2⤵
  PID:1888
- C:\Windows\System\SZqCAMJ.exe
  C:\Windows\System\SZqCAMJ.exe
  2⤵
  PID:4172
- C:\Windows\System\RxaVPBZ.exe
  C:\Windows\System\RxaVPBZ.exe
  2⤵
  PID:4256
- C:\Windows\System\qkWGIik.exe
  C:\Windows\System\qkWGIik.exe
  2⤵
  PID:4332
- C:\Windows\System\abTlDYn.exe
  C:\Windows\System\abTlDYn.exe
  2⤵
  PID:4356
- C:\Windows\System\liAKQLq.exe
  C:\Windows\System\liAKQLq.exe
  2⤵
  PID:5132
- C:\Windows\System\BvgBcuk.exe
  C:\Windows\System\BvgBcuk.exe
  2⤵
  PID:5152
- C:\Windows\System\sVPMfNJ.exe
  C:\Windows\System\sVPMfNJ.exe
  2⤵
  PID:5172
- C:\Windows\System\nooGARo.exe
  C:\Windows\System\nooGARo.exe
  2⤵
  PID:5192
- C:\Windows\System\GERCHYs.exe
  C:\Windows\System\GERCHYs.exe
  2⤵
  PID:5212
- C:\Windows\System\ToLnTuP.exe
  C:\Windows\System\ToLnTuP.exe
  2⤵
  PID:5232
- C:\Windows\System\gUvDVMY.exe
  C:\Windows\System\gUvDVMY.exe
  2⤵
  PID:5252
- C:\Windows\System\RqxJJYS.exe
  C:\Windows\System\RqxJJYS.exe
  2⤵
  PID:5272
- C:\Windows\System\CNGHfVG.exe
  C:\Windows\System\CNGHfVG.exe
  2⤵
  PID:5292
- C:\Windows\System\VgAwCIb.exe
  C:\Windows\System\VgAwCIb.exe
  2⤵
  PID:5312
- C:\Windows\System\UTfmrbg.exe
  C:\Windows\System\UTfmrbg.exe
  2⤵
  PID:5332
- C:\Windows\System\ZkUtoeG.exe
  C:\Windows\System\ZkUtoeG.exe
  2⤵
  PID:5352
- C:\Windows\System\Gshhfqk.exe
  C:\Windows\System\Gshhfqk.exe
  2⤵
  PID:5372
- C:\Windows\System\gNgLvQN.exe
  C:\Windows\System\gNgLvQN.exe
  2⤵
  PID:5392
- C:\Windows\System\AhKRAAh.exe
  C:\Windows\System\AhKRAAh.exe
  2⤵
  PID:5412
- C:\Windows\System\wJTQqxi.exe
  C:\Windows\System\wJTQqxi.exe
  2⤵
  PID:5432
- C:\Windows\System\TLUKlSt.exe
  C:\Windows\System\TLUKlSt.exe
  2⤵
  PID:5452
- C:\Windows\System\Mtnvvmy.exe
  C:\Windows\System\Mtnvvmy.exe
  2⤵
  PID:5468
- C:\Windows\System\wGNewKo.exe
  C:\Windows\System\wGNewKo.exe
  2⤵
  PID:5492
- C:\Windows\System\jbrnGNO.exe
  C:\Windows\System\jbrnGNO.exe
  2⤵
  PID:5516
- C:\Windows\System\ZMifhtX.exe
  C:\Windows\System\ZMifhtX.exe
  2⤵
  PID:5536
- C:\Windows\System\HCyQXwh.exe
  C:\Windows\System\HCyQXwh.exe
  2⤵
  PID:5556
- C:\Windows\System\YAtMoyH.exe
  C:\Windows\System\YAtMoyH.exe
  2⤵
  PID:5576
- C:\Windows\System\hbeCEuT.exe
  C:\Windows\System\hbeCEuT.exe
  2⤵
  PID:5596
- C:\Windows\System\rNJuCKj.exe
  C:\Windows\System\rNJuCKj.exe
  2⤵
  PID:5616
- C:\Windows\System\bHkGUvc.exe
  C:\Windows\System\bHkGUvc.exe
  2⤵
  PID:5636
- C:\Windows\System\qePRjmL.exe
  C:\Windows\System\qePRjmL.exe
  2⤵
  PID:5656
- C:\Windows\System\azqDTmj.exe
  C:\Windows\System\azqDTmj.exe
  2⤵
  PID:5676
- C:\Windows\System\JpLSWUq.exe
  C:\Windows\System\JpLSWUq.exe
  2⤵
  PID:5696
- C:\Windows\System\uSKyhiE.exe
  C:\Windows\System\uSKyhiE.exe
  2⤵
  PID:5716
- C:\Windows\System\EulFGxb.exe
  C:\Windows\System\EulFGxb.exe
  2⤵
  PID:5736
- C:\Windows\System\DJrYsNJ.exe
  C:\Windows\System\DJrYsNJ.exe
  2⤵
  PID:5756
- C:\Windows\System\CCBAVIA.exe
  C:\Windows\System\CCBAVIA.exe
  2⤵
  PID:5776
- C:\Windows\System\IMtDAlN.exe
  C:\Windows\System\IMtDAlN.exe
  2⤵
  PID:5796
- C:\Windows\System\JzrATfe.exe
  C:\Windows\System\JzrATfe.exe
  2⤵
  PID:5816
- C:\Windows\System\efbjPEn.exe
  C:\Windows\System\efbjPEn.exe
  2⤵
  PID:5836
- C:\Windows\System\pGcpxzS.exe
  C:\Windows\System\pGcpxzS.exe
  2⤵
  PID:5856
- C:\Windows\System\dKERfao.exe
  C:\Windows\System\dKERfao.exe
  2⤵
  PID:5876
- C:\Windows\System\KNqACOy.exe
  C:\Windows\System\KNqACOy.exe
  2⤵
  PID:5896
- C:\Windows\System\RzATqbI.exe
  C:\Windows\System\RzATqbI.exe
  2⤵
  PID:5916
- C:\Windows\System\KGHabIb.exe
  C:\Windows\System\KGHabIb.exe
  2⤵
  PID:5936
- C:\Windows\System\EIyOUzJ.exe
  C:\Windows\System\EIyOUzJ.exe
  2⤵
  PID:5956
- C:\Windows\System\sCrReNf.exe
  C:\Windows\System\sCrReNf.exe
  2⤵
  PID:5976
- C:\Windows\System\HokMsfS.exe
  C:\Windows\System\HokMsfS.exe
  2⤵
  PID:5996
- C:\Windows\System\zLHxBlK.exe
  C:\Windows\System\zLHxBlK.exe
  2⤵
  PID:6016
- C:\Windows\System\MGFtFMU.exe
  C:\Windows\System\MGFtFMU.exe
  2⤵
  PID:6036
- C:\Windows\System\qaQqqXS.exe
  C:\Windows\System\qaQqqXS.exe
  2⤵
  PID:6056
- C:\Windows\System\xCZAsGB.exe
  C:\Windows\System\xCZAsGB.exe
  2⤵
  PID:6076
- C:\Windows\System\bKdbieA.exe
  C:\Windows\System\bKdbieA.exe
  2⤵
  PID:6096
- C:\Windows\System\RoyvuUY.exe
  C:\Windows\System\RoyvuUY.exe
  2⤵
  PID:6116
- C:\Windows\System\VsPMpVi.exe
  C:\Windows\System\VsPMpVi.exe
  2⤵
  PID:6136
- C:\Windows\System\WsFDyuE.exe
  C:\Windows\System\WsFDyuE.exe
  2⤵
  PID:4652
- C:\Windows\System\pWSUdoO.exe
  C:\Windows\System\pWSUdoO.exe
  2⤵
  PID:4536
- C:\Windows\System\yecNylC.exe
  C:\Windows\System\yecNylC.exe
  2⤵
  PID:4676
- C:\Windows\System\owVDYTV.exe
  C:\Windows\System\owVDYTV.exe
  2⤵
  PID:4800
- C:\Windows\System\ssmqdZl.exe
  C:\Windows\System\ssmqdZl.exe
  2⤵
  PID:4856
- C:\Windows\System\DzZMkrS.exe
  C:\Windows\System\DzZMkrS.exe
  2⤵
  PID:5012
- C:\Windows\System\OdOWzch.exe
  C:\Windows\System\OdOWzch.exe
  2⤵
  PID:5072
- C:\Windows\System\KnVNTLs.exe
  C:\Windows\System\KnVNTLs.exe
  2⤵
  PID:3476
- C:\Windows\System\LZyboNR.exe
  C:\Windows\System\LZyboNR.exe
  2⤵
  PID:4056
- C:\Windows\System\idnPiYc.exe
  C:\Windows\System\idnPiYc.exe
  2⤵
  PID:4156
- C:\Windows\System\jKupytS.exe
  C:\Windows\System\jKupytS.exe
  2⤵
  PID:4272
- C:\Windows\System\CjHSFwX.exe
  C:\Windows\System\CjHSFwX.exe
  2⤵
  PID:4500
- C:\Windows\System\yLVbNzi.exe
  C:\Windows\System\yLVbNzi.exe
  2⤵
  PID:5144
- C:\Windows\System\YuujOVj.exe
  C:\Windows\System\YuujOVj.exe
  2⤵
  PID:5164
- C:\Windows\System\mAqfhcA.exe
  C:\Windows\System\mAqfhcA.exe
  2⤵
  PID:5228
- C:\Windows\System\HGzdZZS.exe
  C:\Windows\System\HGzdZZS.exe
  2⤵
  PID:5260
- C:\Windows\System\lshzkZQ.exe
  C:\Windows\System\lshzkZQ.exe
  2⤵
  PID:5280
- C:\Windows\System\OfksPYF.exe
  C:\Windows\System\OfksPYF.exe
  2⤵
  PID:5320
- C:\Windows\System\yRgAdnI.exe
  C:\Windows\System\yRgAdnI.exe
  2⤵
  PID:5344
- C:\Windows\System\xVILGJK.exe
  C:\Windows\System\xVILGJK.exe
  2⤵
  PID:5364
- C:\Windows\System\bQVFXOM.exe
  C:\Windows\System\bQVFXOM.exe
  2⤵
  PID:5408
- C:\Windows\System\SwNSGKH.exe
  C:\Windows\System\SwNSGKH.exe
  2⤵
  PID:5460
- C:\Windows\System\VjDurBb.exe
  C:\Windows\System\VjDurBb.exe
  2⤵
  PID:5488
- C:\Windows\System\JgJuRPO.exe
  C:\Windows\System\JgJuRPO.exe
  2⤵
  PID:5524
- C:\Windows\System\AphxKII.exe
  C:\Windows\System\AphxKII.exe
  2⤵
  PID:5528
- C:\Windows\System\kyfLihQ.exe
  C:\Windows\System\kyfLihQ.exe
  2⤵
  PID:5572
- C:\Windows\System\dAIPxJY.exe
  C:\Windows\System\dAIPxJY.exe
  2⤵
  PID:5612
- C:\Windows\System\EsrIgjn.exe
  C:\Windows\System\EsrIgjn.exe
  2⤵
  PID:5664
- C:\Windows\System\KFnGJdu.exe
  C:\Windows\System\KFnGJdu.exe
  2⤵
  PID:5684
- C:\Windows\System\iinhBwN.exe
  C:\Windows\System\iinhBwN.exe
  2⤵
  PID:5688
- C:\Windows\System\vUzTorH.exe
  C:\Windows\System\vUzTorH.exe
  2⤵
  PID:5752
- C:\Windows\System\AKrhzGR.exe
  C:\Windows\System\AKrhzGR.exe
  2⤵
  PID:5768
- C:\Windows\System\maxHdFF.exe
  C:\Windows\System\maxHdFF.exe
  2⤵
  PID:5824
- C:\Windows\System\dsepUbE.exe
  C:\Windows\System\dsepUbE.exe
  2⤵
  PID:5864
- C:\Windows\System\UhzhBNL.exe
  C:\Windows\System\UhzhBNL.exe
  2⤵
  PID:5868
- C:\Windows\System\GCTcQcR.exe
  C:\Windows\System\GCTcQcR.exe
  2⤵
  PID:5888
- C:\Windows\System\jruXhGb.exe
  C:\Windows\System\jruXhGb.exe
  2⤵
  PID:5932
- C:\Windows\System\ueLqnlG.exe
  C:\Windows\System\ueLqnlG.exe
  2⤵
  PID:344
- C:\Windows\System\Zfgkxyc.exe
  C:\Windows\System\Zfgkxyc.exe
  2⤵
  PID:5988
- C:\Windows\System\lrsNhOn.exe
  C:\Windows\System\lrsNhOn.exe
  2⤵
  PID:6032
- C:\Windows\System\mFMcVuV.exe
  C:\Windows\System\mFMcVuV.exe
  2⤵
  PID:6072
- C:\Windows\System\CTOnPDo.exe
  C:\Windows\System\CTOnPDo.exe
  2⤵
  PID:6092
- C:\Windows\System\ggIhuvT.exe
  C:\Windows\System\ggIhuvT.exe
  2⤵
  PID:6124
- C:\Windows\System\ySFNryt.exe
  C:\Windows\System\ySFNryt.exe
  2⤵
  PID:4632
- C:\Windows\System\ecAAjwM.exe
  C:\Windows\System\ecAAjwM.exe
  2⤵
  PID:4712
- C:\Windows\System\EKymPOa.exe
  C:\Windows\System\EKymPOa.exe
  2⤵
  PID:4740
- C:\Windows\System\bThmkKl.exe
  C:\Windows\System\bThmkKl.exe
  2⤵
  PID:5000
- C:\Windows\System\qtNEnFO.exe
  C:\Windows\System\qtNEnFO.exe
  2⤵
  PID:3972
- C:\Windows\System\KUnNryW.exe
  C:\Windows\System\KUnNryW.exe
  2⤵
  PID:4112
- C:\Windows\System\dZPhmIU.exe
  C:\Windows\System\dZPhmIU.exe
  2⤵
  PID:4280
- C:\Windows\System\KfNjVKS.exe
  C:\Windows\System\KfNjVKS.exe
  2⤵
  PID:4412
- C:\Windows\System\kCHKgUB.exe
  C:\Windows\System\kCHKgUB.exe
  2⤵
  PID:5180
- C:\Windows\System\selLGnw.exe
  C:\Windows\System\selLGnw.exe
  2⤵
  PID:5300
- C:\Windows\System\XuXsEbD.exe
  C:\Windows\System\XuXsEbD.exe
  2⤵
  PID:5304
- C:\Windows\System\VHauPZD.exe
  C:\Windows\System\VHauPZD.exe
  2⤵
  PID:5368
- C:\Windows\System\kVRKrYd.exe
  C:\Windows\System\kVRKrYd.exe
  2⤵
  PID:5444
- C:\Windows\System\mNlGoeh.exe
  C:\Windows\System\mNlGoeh.exe
  2⤵
  PID:5484
- C:\Windows\System\yXRsCaC.exe
  C:\Windows\System\yXRsCaC.exe
  2⤵
  PID:5548
- C:\Windows\System\GmnFFLm.exe
  C:\Windows\System\GmnFFLm.exe
  2⤵
  PID:5624
- C:\Windows\System\oqYRFcQ.exe
  C:\Windows\System\oqYRFcQ.exe
  2⤵
  PID:5648
- C:\Windows\System\GJpbLiq.exe
  C:\Windows\System\GJpbLiq.exe
  2⤵
  PID:5732
- C:\Windows\System\pscHWDJ.exe
  C:\Windows\System\pscHWDJ.exe
  2⤵
  PID:5788
- C:\Windows\System\eRwaukN.exe
  C:\Windows\System\eRwaukN.exe
  2⤵
  PID:5808
- C:\Windows\System\mBvyhDy.exe
  C:\Windows\System\mBvyhDy.exe
  2⤵
  PID:5848
- C:\Windows\System\yBGUQdK.exe
  C:\Windows\System\yBGUQdK.exe
  2⤵
  PID:5952
- C:\Windows\System\GueAhqk.exe
  C:\Windows\System\GueAhqk.exe
  2⤵
  PID:5948
- C:\Windows\System\uzcnpGB.exe
  C:\Windows\System\uzcnpGB.exe
  2⤵
  PID:6052
- C:\Windows\System\vCEFBGR.exe
  C:\Windows\System\vCEFBGR.exe
  2⤵
  PID:4580
- C:\Windows\System\TVjCMjc.exe
  C:\Windows\System\TVjCMjc.exe
  2⤵
  PID:6084
- C:\Windows\System\MBIvPQo.exe
  C:\Windows\System\MBIvPQo.exe
  2⤵
  PID:6132
- C:\Windows\System\EVOCRbv.exe
  C:\Windows\System\EVOCRbv.exe
  2⤵
  PID:4812
- C:\Windows\System\IruepHc.exe
  C:\Windows\System\IruepHc.exe
  2⤵
  PID:3176
- C:\Windows\System\bbYWDZZ.exe
  C:\Windows\System\bbYWDZZ.exe
  2⤵
  PID:4400
- C:\Windows\System\BAVVCSq.exe
  C:\Windows\System\BAVVCSq.exe
  2⤵
  PID:4252
- C:\Windows\System\zoevRQg.exe
  C:\Windows\System\zoevRQg.exe
  2⤵
  PID:5348
- C:\Windows\System\iplSJvx.exe
  C:\Windows\System\iplSJvx.exe
  2⤵
  PID:5328
- C:\Windows\System\rsVvQxG.exe
  C:\Windows\System\rsVvQxG.exe
  2⤵
  PID:5424
- C:\Windows\System\OBPnPXl.exe
  C:\Windows\System\OBPnPXl.exe
  2⤵
  PID:5552
- C:\Windows\System\ockSIcX.exe
  C:\Windows\System\ockSIcX.exe
  2⤵
  PID:5644
- C:\Windows\System\QdHoMoZ.exe
  C:\Windows\System\QdHoMoZ.exe
  2⤵
  PID:5764
- C:\Windows\System\XLUcbXf.exe
  C:\Windows\System\XLUcbXf.exe
  2⤵
  PID:5828
- C:\Windows\System\eaEKxVJ.exe
  C:\Windows\System\eaEKxVJ.exe
  2⤵
  PID:6160
- C:\Windows\System\epBPDAG.exe
  C:\Windows\System\epBPDAG.exe
  2⤵
  PID:6180
- C:\Windows\System\HKeYJjk.exe
  C:\Windows\System\HKeYJjk.exe
  2⤵
  PID:6200
- C:\Windows\System\MEFsSMS.exe
  C:\Windows\System\MEFsSMS.exe
  2⤵
  PID:6220
- C:\Windows\System\QNOYlHN.exe
  C:\Windows\System\QNOYlHN.exe
  2⤵
  PID:6236
- C:\Windows\System\iJakjnn.exe
  C:\Windows\System\iJakjnn.exe
  2⤵
  PID:6260
- C:\Windows\System\YyKAWGl.exe
  C:\Windows\System\YyKAWGl.exe
  2⤵
  PID:6280
- C:\Windows\System\fxmqTgV.exe
  C:\Windows\System\fxmqTgV.exe
  2⤵
  PID:6300
- C:\Windows\System\FELpzpT.exe
  C:\Windows\System\FELpzpT.exe
  2⤵
  PID:6320
- C:\Windows\System\QMojKqE.exe
  C:\Windows\System\QMojKqE.exe
  2⤵
  PID:6340
- C:\Windows\System\Yiujyvs.exe
  C:\Windows\System\Yiujyvs.exe
  2⤵
  PID:6360
- C:\Windows\System\yCOqMIH.exe
  C:\Windows\System\yCOqMIH.exe
  2⤵
  PID:6380
- C:\Windows\System\AnUqVxn.exe
  C:\Windows\System\AnUqVxn.exe
  2⤵
  PID:6400
- C:\Windows\System\zubuECD.exe
  C:\Windows\System\zubuECD.exe
  2⤵
  PID:6420
- C:\Windows\System\PZBPRxs.exe
  C:\Windows\System\PZBPRxs.exe
  2⤵
  PID:6440
- C:\Windows\System\whUcmDD.exe
  C:\Windows\System\whUcmDD.exe
  2⤵
  PID:6460
- C:\Windows\System\eAbzRqL.exe
  C:\Windows\System\eAbzRqL.exe
  2⤵
  PID:6476
- C:\Windows\System\vBqEEDH.exe
  C:\Windows\System\vBqEEDH.exe
  2⤵
  PID:6500
- C:\Windows\System\hkugjQO.exe
  C:\Windows\System\hkugjQO.exe
  2⤵
  PID:6520
- C:\Windows\System\noVrtGg.exe
  C:\Windows\System\noVrtGg.exe
  2⤵
  PID:6540
- C:\Windows\System\AskYZMP.exe
  C:\Windows\System\AskYZMP.exe
  2⤵
  PID:6560
- C:\Windows\System\PqBDEqE.exe
  C:\Windows\System\PqBDEqE.exe
  2⤵
  PID:6584
- C:\Windows\System\qJkXbiX.exe
  C:\Windows\System\qJkXbiX.exe
  2⤵
  PID:6604
- C:\Windows\System\WSGBCia.exe
  C:\Windows\System\WSGBCia.exe
  2⤵
  PID:6624
- C:\Windows\System\gMipGsm.exe
  C:\Windows\System\gMipGsm.exe
  2⤵
  PID:6644
- C:\Windows\System\tDxTckg.exe
  C:\Windows\System\tDxTckg.exe
  2⤵
  PID:6664
- C:\Windows\System\omVCtwr.exe
  C:\Windows\System\omVCtwr.exe
  2⤵
  PID:6684
- C:\Windows\System\GnARNqp.exe
  C:\Windows\System\GnARNqp.exe
  2⤵
  PID:6704
- C:\Windows\System\FTSjAkB.exe
  C:\Windows\System\FTSjAkB.exe
  2⤵
  PID:6724
- C:\Windows\System\npKVitn.exe
  C:\Windows\System\npKVitn.exe
  2⤵
  PID:6744
- C:\Windows\System\gYibIGn.exe
  C:\Windows\System\gYibIGn.exe
  2⤵
  PID:6764
- C:\Windows\System\fBYHkKR.exe
  C:\Windows\System\fBYHkKR.exe
  2⤵
  PID:6784
- C:\Windows\System\lgYZAqK.exe
  C:\Windows\System\lgYZAqK.exe
  2⤵
  PID:6804
- C:\Windows\System\iRRELTR.exe
  C:\Windows\System\iRRELTR.exe
  2⤵
  PID:6824
- C:\Windows\System\iaFpkzU.exe
  C:\Windows\System\iaFpkzU.exe
  2⤵
  PID:6844
- C:\Windows\System\WDDpTiN.exe
  C:\Windows\System\WDDpTiN.exe
  2⤵
  PID:6864
- C:\Windows\System\iwaGhJX.exe
  C:\Windows\System\iwaGhJX.exe
  2⤵
  PID:6884
- C:\Windows\System\amGfXsU.exe
  C:\Windows\System\amGfXsU.exe
  2⤵
  PID:6904
- C:\Windows\System\xahiofV.exe
  C:\Windows\System\xahiofV.exe
  2⤵
  PID:6924
- C:\Windows\System\NmfWZyo.exe
  C:\Windows\System\NmfWZyo.exe
  2⤵
  PID:6944
- C:\Windows\System\qOHDqes.exe
  C:\Windows\System\qOHDqes.exe
  2⤵
  PID:6964
- C:\Windows\System\GiXMcuM.exe
  C:\Windows\System\GiXMcuM.exe
  2⤵
  PID:6984
- C:\Windows\System\eyBVHPY.exe
  C:\Windows\System\eyBVHPY.exe
  2⤵
  PID:7000
- C:\Windows\System\hdnVPtw.exe
  C:\Windows\System\hdnVPtw.exe
  2⤵
  PID:7024
- C:\Windows\System\ysxWrwL.exe
  C:\Windows\System\ysxWrwL.exe
  2⤵
  PID:7044
- C:\Windows\System\UhTLFVE.exe
  C:\Windows\System\UhTLFVE.exe
  2⤵
  PID:7064
- C:\Windows\System\uhiQCQk.exe
  C:\Windows\System\uhiQCQk.exe
  2⤵
  PID:7084
- C:\Windows\System\aCPRIir.exe
  C:\Windows\System\aCPRIir.exe
  2⤵
  PID:7104
- C:\Windows\System\vpwJoCp.exe
  C:\Windows\System\vpwJoCp.exe
  2⤵
  PID:7124
- C:\Windows\System\tiHjvnF.exe
  C:\Windows\System\tiHjvnF.exe
  2⤵
  PID:7144
- C:\Windows\System\yAoppHU.exe
  C:\Windows\System\yAoppHU.exe
  2⤵
  PID:7164
- C:\Windows\System\wbANKcL.exe
  C:\Windows\System\wbANKcL.exe
  2⤵
  PID:5992
- C:\Windows\System\OAjhLxv.exe
  C:\Windows\System\OAjhLxv.exe
  2⤵
  PID:5968
- C:\Windows\System\qkEXZEQ.exe
  C:\Windows\System\qkEXZEQ.exe
  2⤵
  PID:6068
- C:\Windows\System\QVqRvjt.exe
  C:\Windows\System\QVqRvjt.exe
  2⤵
  PID:4496
- C:\Windows\System\jwDNxyn.exe
  C:\Windows\System\jwDNxyn.exe
  2⤵
  PID:5036
- C:\Windows\System\JgDLoeo.exe
  C:\Windows\System\JgDLoeo.exe
  2⤵
  PID:5208
- C:\Windows\System\YNJRhLf.exe
  C:\Windows\System\YNJRhLf.exe
  2⤵
  PID:5400
- C:\Windows\System\ynNvnEL.exe
  C:\Windows\System\ynNvnEL.exe
  2⤵
  PID:5476
- C:\Windows\System\fCpGaDM.exe
  C:\Windows\System\fCpGaDM.exe
  2⤵
  PID:5692
- C:\Windows\System\JFXFtVs.exe
  C:\Windows\System\JFXFtVs.exe
  2⤵
  PID:5812
- C:\Windows\System\uATuNGV.exe
  C:\Windows\System\uATuNGV.exe
  2⤵
  PID:6176
- C:\Windows\System\QWiWifQ.exe
  C:\Windows\System\QWiWifQ.exe
  2⤵
  PID:6188
- C:\Windows\System\dtoromJ.exe
  C:\Windows\System\dtoromJ.exe
  2⤵
  PID:6244
- C:\Windows\System\SsKJQFo.exe
  C:\Windows\System\SsKJQFo.exe
  2⤵
  PID:6248
- C:\Windows\System\VqVtwoJ.exe
  C:\Windows\System\VqVtwoJ.exe
  2⤵
  PID:6292
- C:\Windows\System\JnNRBXk.exe
  C:\Windows\System\JnNRBXk.exe
  2⤵
  PID:6328
- C:\Windows\System\SmTKtJC.exe
  C:\Windows\System\SmTKtJC.exe
  2⤵
  PID:6356
- C:\Windows\System\AYjZlLZ.exe
  C:\Windows\System\AYjZlLZ.exe
  2⤵
  PID:6408
- C:\Windows\System\nkPUVbK.exe
  C:\Windows\System\nkPUVbK.exe
  2⤵
  PID:6436
- C:\Windows\System\RurhTFe.exe
  C:\Windows\System\RurhTFe.exe
  2⤵
  PID:6484
- C:\Windows\System\CeVwuFS.exe
  C:\Windows\System\CeVwuFS.exe
  2⤵
  PID:6492
- C:\Windows\System\vpIclkx.exe
  C:\Windows\System\vpIclkx.exe
  2⤵
  PID:6536
- C:\Windows\System\mmidoTi.exe
  C:\Windows\System\mmidoTi.exe
  2⤵
  PID:6548
- C:\Windows\System\NvtHngw.exe
  C:\Windows\System\NvtHngw.exe
  2⤵
  PID:6592
- C:\Windows\System\EBwscTK.exe
  C:\Windows\System\EBwscTK.exe
  2⤵
  PID:6632
- C:\Windows\System\MWFWSJB.exe
  C:\Windows\System\MWFWSJB.exe
  2⤵
  PID:6656
- C:\Windows\System\vItjKmu.exe
  C:\Windows\System\vItjKmu.exe
  2⤵
  PID:6696
- C:\Windows\System\MZZUwUc.exe
  C:\Windows\System\MZZUwUc.exe
  2⤵
  PID:6720
- C:\Windows\System\aHQJxWg.exe
  C:\Windows\System\aHQJxWg.exe
  2⤵
  PID:6756
- C:\Windows\System\DfSqYuO.exe
  C:\Windows\System\DfSqYuO.exe
  2⤵
  PID:6812
- C:\Windows\System\gqVlTwb.exe
  C:\Windows\System\gqVlTwb.exe
  2⤵
  PID:6852
- C:\Windows\System\IRjujdq.exe
  C:\Windows\System\IRjujdq.exe
  2⤵
  PID:6856
- C:\Windows\System\hLARSFO.exe
  C:\Windows\System\hLARSFO.exe
  2⤵
  PID:6876
- C:\Windows\System\LAJNmyQ.exe
  C:\Windows\System\LAJNmyQ.exe
  2⤵
  PID:6920
- C:\Windows\System\tuzalDa.exe
  C:\Windows\System\tuzalDa.exe
  2⤵
  PID:6960
- C:\Windows\System\VKPYudF.exe
  C:\Windows\System\VKPYudF.exe
  2⤵
  PID:7008
- C:\Windows\System\KjaiYRq.exe
  C:\Windows\System\KjaiYRq.exe
  2⤵
  PID:6992
- C:\Windows\System\amQLUbj.exe
  C:\Windows\System\amQLUbj.exe
  2⤵
  PID:7036
- C:\Windows\System\IUlUJlN.exe
  C:\Windows\System\IUlUJlN.exe
  2⤵
  PID:7080
- C:\Windows\System\zKfTSkI.exe
  C:\Windows\System\zKfTSkI.exe
  2⤵
  PID:7120
- C:\Windows\System\hRnqsET.exe
  C:\Windows\System\hRnqsET.exe
  2⤵
  PID:7160
- C:\Windows\System\fuyfOyE.exe
  C:\Windows\System\fuyfOyE.exe
  2⤵
  PID:6112
- C:\Windows\System\LnYteCd.exe
  C:\Windows\System\LnYteCd.exe
  2⤵
  PID:6012
- C:\Windows\System\kabMQLF.exe
  C:\Windows\System\kabMQLF.exe
  2⤵
  PID:3628
- C:\Windows\System\jRudwMT.exe
  C:\Windows\System\jRudwMT.exe
  2⤵
  PID:5188
- C:\Windows\System\NCGnReO.exe
  C:\Windows\System\NCGnReO.exe
  2⤵
  PID:5628
- C:\Windows\System\AZFTQzE.exe
  C:\Windows\System\AZFTQzE.exe
  2⤵
  PID:2052
- C:\Windows\System\oTdVmAa.exe
  C:\Windows\System\oTdVmAa.exe
  2⤵
  PID:5708
- C:\Windows\System\tBzmIhs.exe
  C:\Windows\System\tBzmIhs.exe
  2⤵
  PID:6192
- C:\Windows\System\rfNFjcF.exe
  C:\Windows\System\rfNFjcF.exe
  2⤵
  PID:6296
- C:\Windows\System\TYPpmdZ.exe
  C:\Windows\System\TYPpmdZ.exe
  2⤵
  PID:6316
- C:\Windows\System\ZBWAaCG.exe
  C:\Windows\System\ZBWAaCG.exe
  2⤵
  PID:6372
- C:\Windows\System\YaWtdgS.exe
  C:\Windows\System\YaWtdgS.exe
  2⤵
  PID:6496
- C:\Windows\System\yJzyYjG.exe
  C:\Windows\System\yJzyYjG.exe
  2⤵
  PID:6468
- C:\Windows\System\MVItoRo.exe
  C:\Windows\System\MVItoRo.exe
  2⤵
  PID:6516
- C:\Windows\System\YFvNGfg.exe
  C:\Windows\System\YFvNGfg.exe
  2⤵
  PID:6612
- C:\Windows\System\afFtSkn.exe
  C:\Windows\System\afFtSkn.exe
  2⤵
  PID:6680
- C:\Windows\System\thpXLNG.exe
  C:\Windows\System\thpXLNG.exe
  2⤵
  PID:6752
- C:\Windows\System\SdwYWYD.exe
  C:\Windows\System\SdwYWYD.exe
  2⤵
  PID:6800
- C:\Windows\System\IJEgiZi.exe
  C:\Windows\System\IJEgiZi.exe
  2⤵
  PID:6792
- C:\Windows\System\vGWiikA.exe
  C:\Windows\System\vGWiikA.exe
  2⤵
  PID:6892
- C:\Windows\System\UdPOUny.exe
  C:\Windows\System\UdPOUny.exe
  2⤵
  PID:6952
- C:\Windows\System\tutmeUG.exe
  C:\Windows\System\tutmeUG.exe
  2⤵
  PID:6980
- C:\Windows\System\xdAAChd.exe
  C:\Windows\System\xdAAChd.exe
  2⤵
  PID:7100
- C:\Windows\System\bTQvRNM.exe
  C:\Windows\System\bTQvRNM.exe
  2⤵
  PID:7152
- C:\Windows\System\TBZpGZD.exe
  C:\Windows\System\TBZpGZD.exe
  2⤵
  PID:5972
- C:\Windows\System\EvrBQXM.exe
  C:\Windows\System\EvrBQXM.exe
  2⤵
  PID:3392
- C:\Windows\System\ecUjOiI.exe
  C:\Windows\System\ecUjOiI.exe
  2⤵
  PID:6128
- C:\Windows\System\bBshcyZ.exe
  C:\Windows\System\bBshcyZ.exe
  2⤵
  PID:6208
- C:\Windows\System\ZSHJBjg.exe
  C:\Windows\System\ZSHJBjg.exe
  2⤵
  PID:5588
- C:\Windows\System\UnjxNKD.exe
  C:\Windows\System\UnjxNKD.exe
  2⤵
  PID:6232
- C:\Windows\System\uYhNHTL.exe
  C:\Windows\System\uYhNHTL.exe
  2⤵
  PID:6388
- C:\Windows\System\IrfMJpW.exe
  C:\Windows\System\IrfMJpW.exe
  2⤵
  PID:6572
- C:\Windows\System\nrXefPN.exe
  C:\Windows\System\nrXefPN.exe
  2⤵
  PID:2204
- C:\Windows\System\QwoOJNj.exe
  C:\Windows\System\QwoOJNj.exe
  2⤵
  PID:6596
- C:\Windows\System\lAUHZmV.exe
  C:\Windows\System\lAUHZmV.exe
  2⤵
  PID:6616
- C:\Windows\System\ATkWquC.exe
  C:\Windows\System\ATkWquC.exe
  2⤵
  PID:6636
- C:\Windows\System\WGAhuVm.exe
  C:\Windows\System\WGAhuVm.exe
  2⤵
  PID:6840
- C:\Windows\System\GtASSLe.exe
  C:\Windows\System\GtASSLe.exe
  2⤵
  PID:6932
- C:\Windows\System\HrxLYlk.exe
  C:\Windows\System\HrxLYlk.exe
  2⤵
  PID:7072
- C:\Windows\System\bBdegCr.exe
  C:\Windows\System\bBdegCr.exe
  2⤵
  PID:2832
- C:\Windows\System\icnMEDB.exe
  C:\Windows\System\icnMEDB.exe
  2⤵
  PID:4656
- C:\Windows\System\lFpbkVc.exe
  C:\Windows\System\lFpbkVc.exe
  2⤵
  PID:4140
- C:\Windows\System\jgqtonj.exe
  C:\Windows\System\jgqtonj.exe
  2⤵
  PID:6256
- C:\Windows\System\puESvPd.exe
  C:\Windows\System\puESvPd.exe
  2⤵
  PID:7176
- C:\Windows\System\JSHMGHH.exe
  C:\Windows\System\JSHMGHH.exe
  2⤵
  PID:7196
- C:\Windows\System\ppkptPg.exe
  C:\Windows\System\ppkptPg.exe
  2⤵
  PID:7220
- C:\Windows\System\xNCkVvr.exe
  C:\Windows\System\xNCkVvr.exe
  2⤵
  PID:7240
- C:\Windows\System\kqyVfWS.exe
  C:\Windows\System\kqyVfWS.exe
  2⤵
  PID:7260
- C:\Windows\System\CqBJfSB.exe
  C:\Windows\System\CqBJfSB.exe
  2⤵
  PID:7276
- C:\Windows\System\fGYIecg.exe
  C:\Windows\System\fGYIecg.exe
  2⤵
  PID:7296
- C:\Windows\System\jmhrSyl.exe
  C:\Windows\System\jmhrSyl.exe
  2⤵
  PID:7320
- C:\Windows\System\hGZvTkA.exe
  C:\Windows\System\hGZvTkA.exe
  2⤵
  PID:7340
- C:\Windows\System\dOBqCwo.exe
  C:\Windows\System\dOBqCwo.exe
  2⤵
  PID:7360
- C:\Windows\System\glXdGwF.exe
  C:\Windows\System\glXdGwF.exe
  2⤵
  PID:7380
- C:\Windows\System\wGIQGox.exe
  C:\Windows\System\wGIQGox.exe
  2⤵
  PID:7400
- C:\Windows\System\FMtGvoh.exe
  C:\Windows\System\FMtGvoh.exe
  2⤵
  PID:7420
- C:\Windows\System\xmVlcwD.exe
  C:\Windows\System\xmVlcwD.exe
  2⤵
  PID:7440
- C:\Windows\System\LEmqtCE.exe
  C:\Windows\System\LEmqtCE.exe
  2⤵
  PID:7460
- C:\Windows\System\bAhTEBk.exe
  C:\Windows\System\bAhTEBk.exe
  2⤵
  PID:7476
- C:\Windows\System\OobVoFx.exe
  C:\Windows\System\OobVoFx.exe
  2⤵
  PID:7496
- C:\Windows\System\kGWKLjD.exe
  C:\Windows\System\kGWKLjD.exe
  2⤵
  PID:7524
- C:\Windows\System\dvlXrBc.exe
  C:\Windows\System\dvlXrBc.exe
  2⤵
  PID:7544
- C:\Windows\System\NdexhJo.exe
  C:\Windows\System\NdexhJo.exe
  2⤵
  PID:7564
- C:\Windows\System\mIRkOaK.exe
  C:\Windows\System\mIRkOaK.exe
  2⤵
  PID:7584
- C:\Windows\System\AHdNvTh.exe
  C:\Windows\System\AHdNvTh.exe
  2⤵
  PID:7604
- C:\Windows\System\XcjJwsy.exe
  C:\Windows\System\XcjJwsy.exe
  2⤵
  PID:7624
- C:\Windows\System\LVusBTQ.exe
  C:\Windows\System\LVusBTQ.exe
  2⤵
  PID:7644
- C:\Windows\System\olyAWcY.exe
  C:\Windows\System\olyAWcY.exe
  2⤵
  PID:7664
- C:\Windows\System\tYRsEDy.exe
  C:\Windows\System\tYRsEDy.exe
  2⤵
  PID:7680
- C:\Windows\System\AnDhSqO.exe
  C:\Windows\System\AnDhSqO.exe
  2⤵
  PID:7704
- C:\Windows\System\SLupGyk.exe
  C:\Windows\System\SLupGyk.exe
  2⤵
  PID:7724
- C:\Windows\System\TSmZgAb.exe
  C:\Windows\System\TSmZgAb.exe
  2⤵
  PID:7744
- C:\Windows\System\eMesYlE.exe
  C:\Windows\System\eMesYlE.exe
  2⤵
  PID:7764
- C:\Windows\System\UxlzngA.exe
  C:\Windows\System\UxlzngA.exe
  2⤵
  PID:7784
- C:\Windows\System\HGBFfYp.exe
  C:\Windows\System\HGBFfYp.exe
  2⤵
  PID:7804
- C:\Windows\System\TtfKnTX.exe
  C:\Windows\System\TtfKnTX.exe
  2⤵
  PID:7824
- C:\Windows\System\GDkmoFH.exe
  C:\Windows\System\GDkmoFH.exe
  2⤵
  PID:7844
- C:\Windows\System\JBvBwTV.exe
  C:\Windows\System\JBvBwTV.exe
  2⤵
  PID:7864
- C:\Windows\System\XxyKYFr.exe
  C:\Windows\System\XxyKYFr.exe
  2⤵
  PID:7880
- C:\Windows\System\ZXuHSiL.exe
  C:\Windows\System\ZXuHSiL.exe
  2⤵
  PID:7904
- C:\Windows\System\jgNroBK.exe
  C:\Windows\System\jgNroBK.exe
  2⤵
  PID:7924
- C:\Windows\System\IItttRF.exe
  C:\Windows\System\IItttRF.exe
  2⤵
  PID:7944
- C:\Windows\System\kUZiLFq.exe
  C:\Windows\System\kUZiLFq.exe
  2⤵
  PID:7964
- C:\Windows\System\vKFxTwk.exe
  C:\Windows\System\vKFxTwk.exe
  2⤵
  PID:7980
- C:\Windows\System\ZzLAiyt.exe
  C:\Windows\System\ZzLAiyt.exe
  2⤵
  PID:8000
- C:\Windows\System\gImjdMA.exe
  C:\Windows\System\gImjdMA.exe
  2⤵
  PID:8016
- C:\Windows\System\ImjVmdC.exe
  C:\Windows\System\ImjVmdC.exe
  2⤵
  PID:8040
- C:\Windows\System\IgnbwZF.exe
  C:\Windows\System\IgnbwZF.exe
  2⤵
  PID:8064
- C:\Windows\System\FMrgKgQ.exe
  C:\Windows\System\FMrgKgQ.exe
  2⤵
  PID:8084
- C:\Windows\System\HKaXojD.exe
  C:\Windows\System\HKaXojD.exe
  2⤵
  PID:8104
- C:\Windows\System\DZqQwVn.exe
  C:\Windows\System\DZqQwVn.exe
  2⤵
  PID:8124
- C:\Windows\System\PyhGWTW.exe
  C:\Windows\System\PyhGWTW.exe
  2⤵
  PID:8144
- C:\Windows\System\dlIlPCE.exe
  C:\Windows\System\dlIlPCE.exe
  2⤵
  PID:8164
- C:\Windows\System\OmUDFsc.exe
  C:\Windows\System\OmUDFsc.exe
  2⤵
  PID:8180
- C:\Windows\System\PVaDNrb.exe
  C:\Windows\System\PVaDNrb.exe
  2⤵
  PID:6508
- C:\Windows\System\YZBYUaO.exe
  C:\Windows\System\YZBYUaO.exe
  2⤵
  PID:6416
- C:\Windows\System\qqNmUsm.exe
  C:\Windows\System\qqNmUsm.exe
  2⤵
  PID:6732
- C:\Windows\System\SLFeKqX.exe
  C:\Windows\System\SLFeKqX.exe
  2⤵
  PID:6912
- C:\Windows\System\BghKUUT.exe
  C:\Windows\System\BghKUUT.exe
  2⤵
  PID:2564
- C:\Windows\System\yNeJgJb.exe
  C:\Windows\System\yNeJgJb.exe
  2⤵
  PID:7140
- C:\Windows\System\uorRKkb.exe
  C:\Windows\System\uorRKkb.exe
  2⤵
  PID:5268
- C:\Windows\System\leyVwPH.exe
  C:\Windows\System\leyVwPH.exe
  2⤵
  PID:7172
- C:\Windows\System\mCHOSwy.exe
  C:\Windows\System\mCHOSwy.exe
  2⤵
  PID:6212
- C:\Windows\System\GGaZDTx.exe
  C:\Windows\System\GGaZDTx.exe
  2⤵
  PID:2740
- C:\Windows\System\yGmdori.exe
  C:\Windows\System\yGmdori.exe
  2⤵
  PID:7236
- C:\Windows\System\inEMyZx.exe
  C:\Windows\System\inEMyZx.exe
  2⤵
  PID:7292
- C:\Windows\System\ZbRPWxK.exe
  C:\Windows\System\ZbRPWxK.exe
  2⤵
  PID:7308
- C:\Windows\System\VFFdygg.exe
  C:\Windows\System\VFFdygg.exe
  2⤵
  PID:7368
- C:\Windows\System\TCylVdD.exe
  C:\Windows\System\TCylVdD.exe
  2⤵
  PID:7352
- C:\Windows\System\vqZVfjj.exe
  C:\Windows\System\vqZVfjj.exe
  2⤵
  PID:548
- C:\Windows\System\KxnRKoG.exe
  C:\Windows\System\KxnRKoG.exe
  2⤵
  PID:7448
- C:\Windows\System\uNGZHYH.exe
  C:\Windows\System\uNGZHYH.exe
  2⤵
  PID:7436
- C:\Windows\System\KkUuUma.exe
  C:\Windows\System\KkUuUma.exe
  2⤵
  PID:7472
- C:\Windows\System\LPnWgXx.exe
  C:\Windows\System\LPnWgXx.exe
  2⤵
  PID:7512
- C:\Windows\System\oWANNYn.exe
  C:\Windows\System\oWANNYn.exe
  2⤵
  PID:7572
- C:\Windows\System\rnrqCyf.exe
  C:\Windows\System\rnrqCyf.exe
  2⤵
  PID:7576
- C:\Windows\System\KZKWZEV.exe
  C:\Windows\System\KZKWZEV.exe
  2⤵
  PID:7600
- C:\Windows\System\RWsgVAs.exe
  C:\Windows\System\RWsgVAs.exe
  2⤵
  PID:7688
- C:\Windows\System\vvHmSBk.exe
  C:\Windows\System\vvHmSBk.exe
  2⤵
  PID:7636
- C:\Windows\System\kaytQKF.exe
  C:\Windows\System\kaytQKF.exe
  2⤵
  PID:7732
- C:\Windows\System\IZbDRaW.exe
  C:\Windows\System\IZbDRaW.exe
  2⤵
  PID:7780
- C:\Windows\System\OzLvOPR.exe
  C:\Windows\System\OzLvOPR.exe
  2⤵
  PID:7816
- C:\Windows\System\jEDJLXk.exe
  C:\Windows\System\jEDJLXk.exe
  2⤵
  PID:7800
- C:\Windows\System\edFUPvb.exe
  C:\Windows\System\edFUPvb.exe
  2⤵
  PID:7836
- C:\Windows\System\OfuqVZy.exe
  C:\Windows\System\OfuqVZy.exe
  2⤵
  PID:7900
- C:\Windows\System\ITvNZxg.exe
  C:\Windows\System\ITvNZxg.exe
  2⤵
  PID:7940
- C:\Windows\System\goyPStX.exe
  C:\Windows\System\goyPStX.exe
  2⤵
  PID:7952
- C:\Windows\System\oVWmNDm.exe
  C:\Windows\System\oVWmNDm.exe
  2⤵
  PID:7960
- C:\Windows\System\WFjOFQz.exe
  C:\Windows\System\WFjOFQz.exe
  2⤵
  PID:2176
- C:\Windows\System\TtXudsy.exe
  C:\Windows\System\TtXudsy.exe
  2⤵
  PID:8024
- C:\Windows\System\DhpumDZ.exe
  C:\Windows\System\DhpumDZ.exe
  2⤵
  PID:8092
- C:\Windows\System\wlacyNI.exe
  C:\Windows\System\wlacyNI.exe
  2⤵
  PID:8076
- C:\Windows\System\KNpndvt.exe
  C:\Windows\System\KNpndvt.exe
  2⤵
  PID:8120
- C:\Windows\System\OqdZpRM.exe
  C:\Windows\System\OqdZpRM.exe
  2⤵
  PID:8176
- C:\Windows\System\ZCwSQOU.exe
  C:\Windows\System\ZCwSQOU.exe
  2⤵
  PID:6368
- C:\Windows\System\LXhUKif.exe
  C:\Windows\System\LXhUKif.exe
  2⤵
  PID:6392
- C:\Windows\System\rbitGPk.exe
  C:\Windows\System\rbitGPk.exe
  2⤵
  PID:6452
- C:\Windows\System\eDdqKkj.exe
  C:\Windows\System\eDdqKkj.exe
  2⤵
  PID:2812
- C:\Windows\System\DUnBtCU.exe
  C:\Windows\System\DUnBtCU.exe
  2⤵
  PID:6196
- C:\Windows\System\CtwHLYX.exe
  C:\Windows\System\CtwHLYX.exe
  2⤵
  PID:7208
- C:\Windows\System\iWmfiRH.exe
  C:\Windows\System\iWmfiRH.exe
  2⤵
  PID:7216
- C:\Windows\System\ffBEstz.exe
  C:\Windows\System\ffBEstz.exe
  2⤵
  PID:7256
- C:\Windows\System\dLycTYU.exe
  C:\Windows\System\dLycTYU.exe
  2⤵
  PID:7316
- C:\Windows\System\TYGISko.exe
  C:\Windows\System\TYGISko.exe
  2⤵
  PID:2784
- C:\Windows\System\yFLCpQL.exe
  C:\Windows\System\yFLCpQL.exe
  2⤵
  PID:7408
- C:\Windows\System\GDrbKTF.exe
  C:\Windows\System\GDrbKTF.exe
  2⤵
  PID:7428
- C:\Windows\System\KkOnUNa.exe
  C:\Windows\System\KkOnUNa.exe
  2⤵
  PID:7492
- C:\Windows\System\sKmISWi.exe
  C:\Windows\System\sKmISWi.exe
  2⤵
  PID:7488
- C:\Windows\System\TSFXrjk.exe
  C:\Windows\System\TSFXrjk.exe
  2⤵
  PID:7536
- C:\Windows\System\wcXHpcA.exe
  C:\Windows\System\wcXHpcA.exe
  2⤵
  PID:7540
- C:\Windows\System\QKWZrfS.exe
  C:\Windows\System\QKWZrfS.exe
  2⤵
  PID:2596
- C:\Windows\System\YPmGXOE.exe
  C:\Windows\System\YPmGXOE.exe
  2⤵
  PID:7700
- C:\Windows\System\ekDSCke.exe
  C:\Windows\System\ekDSCke.exe
  2⤵
  PID:7632
- C:\Windows\System\FoHSPwC.exe
  C:\Windows\System\FoHSPwC.exe
  2⤵
  PID:7736
- C:\Windows\System\KwzHzcs.exe
  C:\Windows\System\KwzHzcs.exe
  2⤵
  PID:7812
- C:\Windows\System\ouIrpdS.exe
  C:\Windows\System\ouIrpdS.exe
  2⤵
  PID:7752
- C:\Windows\System\NbrdULP.exe
  C:\Windows\System\NbrdULP.exe
  2⤵
  PID:7840
- C:\Windows\System\mHsMMNj.exe
  C:\Windows\System\mHsMMNj.exe
  2⤵
  PID:7876
- C:\Windows\System\oOpSFhq.exe
  C:\Windows\System\oOpSFhq.exe
  2⤵
  PID:7888
- C:\Windows\System\CkunKjG.exe
  C:\Windows\System\CkunKjG.exe
  2⤵
  PID:2076
- C:\Windows\System\UfOUyoF.exe
  C:\Windows\System\UfOUyoF.exe
  2⤵
  PID:8048
- C:\Windows\System\UaskOBT.exe
  C:\Windows\System\UaskOBT.exe
  2⤵
  PID:7988
- C:\Windows\System\aBNsvyO.exe
  C:\Windows\System\aBNsvyO.exe
  2⤵
  PID:8032
- C:\Windows\System\ZvedfZK.exe
  C:\Windows\System\ZvedfZK.exe
  2⤵
  PID:8080
- C:\Windows\System\bVgihUv.exe
  C:\Windows\System\bVgihUv.exe
  2⤵
  PID:8132
- C:\Windows\System\mkLOzeq.exe
  C:\Windows\System\mkLOzeq.exe
  2⤵
  PID:8140
- C:\Windows\System\sOdxNNs.exe
  C:\Windows\System\sOdxNNs.exe
  2⤵
  PID:2388
- C:\Windows\System\rFeKmnA.exe
  C:\Windows\System\rFeKmnA.exe
  2⤵
  PID:2032
- C:\Windows\System\FCcBrqV.exe
  C:\Windows\System\FCcBrqV.exe
  2⤵
  PID:7312
- C:\Windows\System\PYotLWp.exe
  C:\Windows\System\PYotLWp.exe
  2⤵
  PID:7304
- C:\Windows\System\gIrgEii.exe
  C:\Windows\System\gIrgEii.exe
  2⤵
  PID:7348
- C:\Windows\System\oAbYret.exe
  C:\Windows\System\oAbYret.exe
  2⤵
  PID:1580
- C:\Windows\System\RaWOfAf.exe
  C:\Windows\System\RaWOfAf.exe
  2⤵
  PID:7468
- C:\Windows\System\eAAOtPs.exe
  C:\Windows\System\eAAOtPs.exe
  2⤵
  PID:1100
- C:\Windows\System\amGrMef.exe
  C:\Windows\System\amGrMef.exe
  2⤵
  PID:2028
- C:\Windows\System\fMOonWh.exe
  C:\Windows\System\fMOonWh.exe
  2⤵
  PID:2744
- C:\Windows\System\JvOyFBH.exe
  C:\Windows\System\JvOyFBH.exe
  2⤵
  PID:7556
- C:\Windows\System\jEwlYsB.exe
  C:\Windows\System\jEwlYsB.exe
  2⤵
  PID:7820
- C:\Windows\System\TqShEKi.exe
  C:\Windows\System\TqShEKi.exe
  2⤵
  PID:2068
- C:\Windows\System\SdndgHx.exe
  C:\Windows\System\SdndgHx.exe
  2⤵
  PID:7560
- C:\Windows\System\zbovHCp.exe
  C:\Windows\System\zbovHCp.exe
  2⤵
  PID:7716
- C:\Windows\System\lxQikIk.exe
  C:\Windows\System\lxQikIk.exe
  2⤵
  PID:8152
- C:\Windows\System\CvLGtDm.exe
  C:\Windows\System\CvLGtDm.exe
  2⤵
  PID:112
- C:\Windows\System\UiOfBEW.exe
  C:\Windows\System\UiOfBEW.exe
  2⤵
  PID:8036
- C:\Windows\System\uqVMnLv.exe
  C:\Windows\System\uqVMnLv.exe
  2⤵
  PID:6332
- C:\Windows\System\UpIYimJ.exe
  C:\Windows\System\UpIYimJ.exe
  2⤵
  PID:5428
- C:\Windows\System\sZMmRqp.exe
  C:\Windows\System\sZMmRqp.exe
  2⤵
  PID:7228
- C:\Windows\System\vxRDsqp.exe
  C:\Windows\System\vxRDsqp.exe
  2⤵
  PID:7192
- C:\Windows\System\IyjmsUR.exe
  C:\Windows\System\IyjmsUR.exe
  2⤵
  PID:1916
- C:\Windows\System\JlxZzhd.exe
  C:\Windows\System\JlxZzhd.exe
  2⤵
  PID:2584
- C:\Windows\System\WWTuuda.exe
  C:\Windows\System\WWTuuda.exe
  2⤵
  PID:7412
- C:\Windows\System\qjfCUTj.exe
  C:\Windows\System\qjfCUTj.exe
  2⤵
  PID:2588
- C:\Windows\System\vdcxngr.exe
  C:\Windows\System\vdcxngr.exe
  2⤵
  PID:7852
- C:\Windows\System\jqcjoZN.exe
  C:\Windows\System\jqcjoZN.exe
  2⤵
  PID:8008
- C:\Windows\System\GYPovvG.exe
  C:\Windows\System\GYPovvG.exe
  2⤵
  PID:8096
- C:\Windows\System\VkcAdMP.exe
  C:\Windows\System\VkcAdMP.exe
  2⤵
  PID:2436
- C:\Windows\System\izaWoUf.exe
  C:\Windows\System\izaWoUf.exe
  2⤵
  PID:7212
- C:\Windows\System\erOonMP.exe
  C:\Windows\System\erOonMP.exe
  2⤵
  PID:1764
- C:\Windows\System\ndDfEUn.exe
  C:\Windows\System\ndDfEUn.exe
  2⤵
  PID:7332
- C:\Windows\System\heikvod.exe
  C:\Windows\System\heikvod.exe
  2⤵
  PID:1228
- C:\Windows\System\jHukswp.exe
  C:\Windows\System\jHukswp.exe
  2⤵
  PID:5804
- C:\Windows\System\bQiVDWR.exe
  C:\Windows\System\bQiVDWR.exe
  2⤵
  PID:7856
- C:\Windows\System\qnkLeDc.exe
  C:\Windows\System\qnkLeDc.exe
  2⤵
  PID:7760
- C:\Windows\System\WYfNSXK.exe
  C:\Windows\System\WYfNSXK.exe
  2⤵
  PID:7416
- C:\Windows\System\mjddqbC.exe
  C:\Windows\System\mjddqbC.exe
  2⤵
  PID:8208
- C:\Windows\System\oifhUWW.exe
  C:\Windows\System\oifhUWW.exe
  2⤵
  PID:8224
- C:\Windows\System\sWICNhO.exe
  C:\Windows\System\sWICNhO.exe
  2⤵
  PID:8240
- C:\Windows\System\brpkumH.exe
  C:\Windows\System\brpkumH.exe
  2⤵
  PID:8256
- C:\Windows\System\jHRbCsG.exe
  C:\Windows\System\jHRbCsG.exe
  2⤵
  PID:8272
- C:\Windows\System\pOjyFzl.exe
  C:\Windows\System\pOjyFzl.exe
  2⤵
  PID:8288
- C:\Windows\System\alVPNwU.exe
  C:\Windows\System\alVPNwU.exe
  2⤵
  PID:8304
- C:\Windows\System\ltkrmNk.exe
  C:\Windows\System\ltkrmNk.exe
  2⤵
  PID:8320
- C:\Windows\System\ksTWalt.exe
  C:\Windows\System\ksTWalt.exe
  2⤵
  PID:8336
- C:\Windows\System\LFaqAIA.exe
  C:\Windows\System\LFaqAIA.exe
  2⤵
  PID:8352
- C:\Windows\System\reSrPWC.exe
  C:\Windows\System\reSrPWC.exe
  2⤵
  PID:8368
- C:\Windows\System\hYzTqGg.exe
  C:\Windows\System\hYzTqGg.exe
  2⤵
  PID:8384
- C:\Windows\System\tNKuVvu.exe
  C:\Windows\System\tNKuVvu.exe
  2⤵
  PID:8400
- C:\Windows\System\MWVKzwT.exe
  C:\Windows\System\MWVKzwT.exe
  2⤵
  PID:8416
- C:\Windows\System\ukwZiGJ.exe
  C:\Windows\System\ukwZiGJ.exe
  2⤵
  PID:8436
- C:\Windows\System\oicJrBh.exe
  C:\Windows\System\oicJrBh.exe
  2⤵
  PID:8452
- C:\Windows\System\FpWZuFc.exe
  C:\Windows\System\FpWZuFc.exe
  2⤵
  PID:8468
- C:\Windows\System\AKTsZHG.exe
  C:\Windows\System\AKTsZHG.exe
  2⤵
  PID:8484
- C:\Windows\System\IWpdfBf.exe
  C:\Windows\System\IWpdfBf.exe
  2⤵
  PID:8500
- C:\Windows\System\CZOkJUY.exe
  C:\Windows\System\CZOkJUY.exe
  2⤵
  PID:8516
- C:\Windows\System\waXhAcx.exe
  C:\Windows\System\waXhAcx.exe
  2⤵
  PID:8532
- C:\Windows\System\OZomLBJ.exe
  C:\Windows\System\OZomLBJ.exe
  2⤵
  PID:8548
- C:\Windows\System\igVRGfe.exe
  C:\Windows\System\igVRGfe.exe
  2⤵
  PID:8564
- C:\Windows\System\MkSGYuB.exe
  C:\Windows\System\MkSGYuB.exe
  2⤵
  PID:8580
- C:\Windows\System\rCWThqj.exe
  C:\Windows\System\rCWThqj.exe
  2⤵
  PID:8596
- C:\Windows\System\lvgnhwO.exe
  C:\Windows\System\lvgnhwO.exe
  2⤵
  PID:8612
- C:\Windows\System\CldAmfR.exe
  C:\Windows\System\CldAmfR.exe
  2⤵
  PID:8628
- C:\Windows\System\qhNmtXU.exe
  C:\Windows\System\qhNmtXU.exe
  2⤵
  PID:8648
- C:\Windows\System\RDJArlo.exe
  C:\Windows\System\RDJArlo.exe
  2⤵
  PID:8664
- C:\Windows\System\pJpzBEh.exe
  C:\Windows\System\pJpzBEh.exe
  2⤵
  PID:8680
- C:\Windows\System\dqAEBrL.exe
  C:\Windows\System\dqAEBrL.exe
  2⤵
  PID:8696
- C:\Windows\System\UrnwqlK.exe
  C:\Windows\System\UrnwqlK.exe
  2⤵
  PID:8712
- C:\Windows\System\QCIgKkJ.exe
  C:\Windows\System\QCIgKkJ.exe
  2⤵
  PID:8728
- C:\Windows\System\UUXnfGi.exe
  C:\Windows\System\UUXnfGi.exe
  2⤵
  PID:8748
- C:\Windows\System\LiKGhOc.exe
  C:\Windows\System\LiKGhOc.exe
  2⤵
  PID:8764
- C:\Windows\System\SuFNvHI.exe
  C:\Windows\System\SuFNvHI.exe
  2⤵
  PID:8784
- C:\Windows\System\JospmMK.exe
  C:\Windows\System\JospmMK.exe
  2⤵
  PID:8800
- C:\Windows\System\jMPcKbF.exe
  C:\Windows\System\jMPcKbF.exe
  2⤵
  PID:8816
- C:\Windows\System\ItTpHLL.exe
  C:\Windows\System\ItTpHLL.exe
  2⤵
  PID:8832
- C:\Windows\System\heLxMZL.exe
  C:\Windows\System\heLxMZL.exe
  2⤵
  PID:8852
- C:\Windows\System\JlrdTpU.exe
  C:\Windows\System\JlrdTpU.exe
  2⤵
  PID:8868
- C:\Windows\System\DtPWoMp.exe
  C:\Windows\System\DtPWoMp.exe
  2⤵
  PID:8884
- C:\Windows\System\SnUuuLW.exe
  C:\Windows\System\SnUuuLW.exe
  2⤵
  PID:8900
- C:\Windows\System\DMJcHCx.exe
  C:\Windows\System\DMJcHCx.exe
  2⤵
  PID:8920
- C:\Windows\System\mJyIlsJ.exe
  C:\Windows\System\mJyIlsJ.exe
  2⤵
  PID:8936
- C:\Windows\System\DiaCoqk.exe
  C:\Windows\System\DiaCoqk.exe
  2⤵
  PID:8952
- C:\Windows\System\YIXFUAQ.exe
  C:\Windows\System\YIXFUAQ.exe
  2⤵
  PID:8968
- C:\Windows\System\XkVQLXV.exe
  C:\Windows\System\XkVQLXV.exe
  2⤵
  PID:8984
- C:\Windows\System\KOEfWVy.exe
  C:\Windows\System\KOEfWVy.exe
  2⤵
  PID:9000
- C:\Windows\System\EZyhRkT.exe
  C:\Windows\System\EZyhRkT.exe
  2⤵
  PID:9016
- C:\Windows\System\lVNCTcj.exe
  C:\Windows\System\lVNCTcj.exe
  2⤵
  PID:9032
- C:\Windows\System\ZzWJfIe.exe
  C:\Windows\System\ZzWJfIe.exe
  2⤵
  PID:9048
- C:\Windows\System\iSonaUT.exe
  C:\Windows\System\iSonaUT.exe
  2⤵
  PID:9064
- C:\Windows\System\sqfCpwT.exe
  C:\Windows\System\sqfCpwT.exe
  2⤵
  PID:9080
- C:\Windows\System\zDDDsGB.exe
  C:\Windows\System\zDDDsGB.exe
  2⤵
  PID:9096
- C:\Windows\System\SvLZdgB.exe
  C:\Windows\System\SvLZdgB.exe
  2⤵
  PID:9112
- C:\Windows\System\jbgGyik.exe
  C:\Windows\System\jbgGyik.exe
  2⤵
  PID:9128
- C:\Windows\System\UVKCVmb.exe
  C:\Windows\System\UVKCVmb.exe
  2⤵
  PID:9144
- C:\Windows\System\qkbdnfq.exe
  C:\Windows\System\qkbdnfq.exe
  2⤵
  PID:9160
- C:\Windows\System\dvLQgyo.exe
  C:\Windows\System\dvLQgyo.exe
  2⤵
  PID:9176
- C:\Windows\System\wZJuStX.exe
  C:\Windows\System\wZJuStX.exe
  2⤵
  PID:9192
- C:\Windows\System\FQktDxK.exe
  C:\Windows\System\FQktDxK.exe
  2⤵
  PID:9208
- C:\Windows\System\mZBkcQy.exe
  C:\Windows\System\mZBkcQy.exe
  2⤵
  PID:8200
- C:\Windows\System\aSLjKkd.exe
  C:\Windows\System\aSLjKkd.exe
  2⤵
  PID:8236
- C:\Windows\System\aRNbZrs.exe
  C:\Windows\System\aRNbZrs.exe
  2⤵
  PID:7896
- C:\Windows\System\LbflUrH.exe
  C:\Windows\System\LbflUrH.exe
  2⤵
  PID:7640
- C:\Windows\System\vMeFdcW.exe
  C:\Windows\System\vMeFdcW.exe
  2⤵
  PID:8252
- C:\Windows\System\YPATqbL.exe
  C:\Windows\System\YPATqbL.exe
  2⤵
  PID:8344
- C:\Windows\System\DDWffTV.exe
  C:\Windows\System\DDWffTV.exe
  2⤵
  PID:8412
- C:\Windows\System\HskBugk.exe
  C:\Windows\System\HskBugk.exe
  2⤵
  PID:8392
- C:\Windows\System\ZNIKSYr.exe
  C:\Windows\System\ZNIKSYr.exe
  2⤵
  PID:8424
- C:\Windows\System\WIPHdKJ.exe
  C:\Windows\System\WIPHdKJ.exe
  2⤵
  PID:8476
- C:\Windows\System\OtLWHxS.exe
  C:\Windows\System\OtLWHxS.exe
  2⤵
  PID:8572
- C:\Windows\System\AkZorbG.exe
  C:\Windows\System\AkZorbG.exe
  2⤵
  PID:8556
- C:\Windows\System\rSHlpyw.exe
  C:\Windows\System\rSHlpyw.exe
  2⤵
  PID:8296
- C:\Windows\System\pObrWtd.exe
  C:\Windows\System\pObrWtd.exe
  2⤵
  PID:8608
- C:\Windows\System\GlxRtem.exe
  C:\Windows\System\GlxRtem.exe
  2⤵
  PID:8672
- C:\Windows\System\SPIuylk.exe
  C:\Windows\System\SPIuylk.exe
  2⤵
  PID:8736
- C:\Windows\System\hVTBcMw.exe
  C:\Windows\System\hVTBcMw.exe
  2⤵
  PID:8588
- C:\Windows\System\BFlHTzz.exe
  C:\Windows\System\BFlHTzz.exe
  2⤵
  PID:8692
- C:\Windows\System\eKmzDxh.exe
  C:\Windows\System\eKmzDxh.exe
  2⤵
  PID:8740
- C:\Windows\System\lWBDdID.exe
  C:\Windows\System\lWBDdID.exe
  2⤵
  PID:8792
- C:\Windows\System\pKxRQuQ.exe
  C:\Windows\System\pKxRQuQ.exe
  2⤵
  PID:8808
- C:\Windows\System\ZMZEhgH.exe
  C:\Windows\System\ZMZEhgH.exe
  2⤵
  PID:8848
- C:\Windows\System\imDsrcy.exe
  C:\Windows\System\imDsrcy.exe
  2⤵
  PID:8896
- C:\Windows\System\FTRkjjT.exe
  C:\Windows\System\FTRkjjT.exe
  2⤵
  PID:8960
- C:\Windows\System\QxPgdYL.exe
  C:\Windows\System\QxPgdYL.exe
  2⤵
  PID:9024
- C:\Windows\System\HlrHzST.exe
  C:\Windows\System\HlrHzST.exe
  2⤵
  PID:8880
- C:\Windows\System\cHxdTNa.exe
  C:\Windows\System\cHxdTNa.exe
  2⤵
  PID:8944
- C:\Windows\System\DFnavuH.exe
  C:\Windows\System\DFnavuH.exe
  2⤵
  PID:9012
- C:\Windows\System\pjNlWDd.exe
  C:\Windows\System\pjNlWDd.exe
  2⤵
  PID:9108
- C:\Windows\System\TTjNYup.exe
  C:\Windows\System\TTjNYup.exe
  2⤵
  PID:9152
- C:\Windows\System\oVRCfsl.exe
  C:\Windows\System\oVRCfsl.exe
  2⤵
  PID:9188
- C:\Windows\System\TZwtVNz.exe
  C:\Windows\System\TZwtVNz.exe
  2⤵
  PID:8220
- C:\Windows\System\pyYyfMx.exe
  C:\Windows\System\pyYyfMx.exe
  2⤵
  PID:8268
- C:\Windows\System\vCftQGK.exe
  C:\Windows\System\vCftQGK.exe
  2⤵
  PID:8328
- C:\Windows\System\uxbCXvv.exe
  C:\Windows\System\uxbCXvv.exe
  2⤵
  PID:8544
- C:\Windows\System\cGaiFBp.exe
  C:\Windows\System\cGaiFBp.exe
  2⤵
  PID:8316
- C:\Windows\System\UmnVUAX.exe
  C:\Windows\System\UmnVUAX.exe
  2⤵
  PID:8460
- C:\Windows\System\qxDhrVc.exe
  C:\Windows\System\qxDhrVc.exe
  2⤵
  PID:8704
- C:\Windows\System\oHgWnnX.exe
  C:\Windows\System\oHgWnnX.exe
  2⤵
  PID:8756
- C:\Windows\System\IZivifI.exe
  C:\Windows\System\IZivifI.exe
  2⤵
  PID:8864
- C:\Windows\System\shbmmwU.exe
  C:\Windows\System\shbmmwU.exe
  2⤵
  PID:8912
- C:\Windows\System\MWFaGkA.exe
  C:\Windows\System\MWFaGkA.exe
  2⤵
  PID:8624
- C:\Windows\System\TCTXptP.exe
  C:\Windows\System\TCTXptP.exe
  2⤵
  PID:8776
- C:\Windows\System\qzJYLjv.exe
  C:\Windows\System\qzJYLjv.exe
  2⤵
  PID:8560
- C:\Windows\System\OHGmlsa.exe
  C:\Windows\System\OHGmlsa.exe
  2⤵
  PID:9072
- C:\Windows\System\YbfcYfB.exe
  C:\Windows\System\YbfcYfB.exe
  2⤵
  PID:8660
- C:\Windows\System\gZiuDEY.exe
  C:\Windows\System\gZiuDEY.exe
  2⤵
  PID:8428
- C:\Windows\System\ygmxjEr.exe
  C:\Windows\System\ygmxjEr.exe
  2⤵
  PID:9140
- C:\Windows\System\CoiXHuX.exe
  C:\Windows\System\CoiXHuX.exe
  2⤵
  PID:8992
- C:\Windows\System\gobcAuF.exe
  C:\Windows\System\gobcAuF.exe
  2⤵
  PID:8360
- C:\Windows\System\FBLMScf.exe
  C:\Windows\System\FBLMScf.exe
  2⤵
  PID:8232
- C:\Windows\System\GSOGvbi.exe
  C:\Windows\System\GSOGvbi.exe
  2⤵
  PID:8540
- C:\Windows\System\UmFyKUA.exe
  C:\Windows\System\UmFyKUA.exe
  2⤵
  PID:8312
- C:\Windows\System\exNjykl.exe
  C:\Windows\System\exNjykl.exe
  2⤵
  PID:7012
- C:\Windows\System\YVTsIYw.exe
  C:\Windows\System\YVTsIYw.exe
  2⤵
  PID:8996
- C:\Windows\System\EuCVvBB.exe
  C:\Windows\System\EuCVvBB.exe
  2⤵
  PID:8932
- C:\Windows\System\SJDilNl.exe
  C:\Windows\System\SJDilNl.exe
  2⤵
  PID:9008
- C:\Windows\System\XNXbfGq.exe
  C:\Windows\System\XNXbfGq.exe
  2⤵
  PID:8284
- C:\Windows\System\PILSluc.exe
  C:\Windows\System\PILSluc.exe
  2⤵
  PID:9124
- C:\Windows\System\BhdeoAx.exe
  C:\Windows\System\BhdeoAx.exe
  2⤵
  PID:8012
- C:\Windows\System\oekcDsT.exe
  C:\Windows\System\oekcDsT.exe
  2⤵
  PID:8604
- C:\Windows\System\sivSZDI.exe
  C:\Windows\System\sivSZDI.exe
  2⤵
  PID:8644
- C:\Windows\System\gUjrgxG.exe
  C:\Windows\System\gUjrgxG.exe
  2⤵
  PID:9044
- C:\Windows\System\DcKWIzi.exe
  C:\Windows\System\DcKWIzi.exe
  2⤵
  PID:8980
- C:\Windows\System\dUhbmBM.exe
  C:\Windows\System\dUhbmBM.exe
  2⤵
  PID:7660
- C:\Windows\System\ZVbiENW.exe
  C:\Windows\System\ZVbiENW.exe
  2⤵
  PID:8724
- C:\Windows\System\DSSRdMe.exe
  C:\Windows\System\DSSRdMe.exe
  2⤵
  PID:9228
- C:\Windows\System\ASzzcIs.exe
  C:\Windows\System\ASzzcIs.exe
  2⤵
  PID:9244
- C:\Windows\System\eduxjtZ.exe
  C:\Windows\System\eduxjtZ.exe
  2⤵
  PID:9260
- C:\Windows\System\ctJoeAX.exe
  C:\Windows\System\ctJoeAX.exe
  2⤵
  PID:9280
- C:\Windows\System\EYudtVq.exe
  C:\Windows\System\EYudtVq.exe
  2⤵
  PID:9296
- C:\Windows\System\eullGzL.exe
  C:\Windows\System\eullGzL.exe
  2⤵
  PID:9312
- C:\Windows\System\RqKnnGH.exe
  C:\Windows\System\RqKnnGH.exe
  2⤵
  PID:9328
- C:\Windows\System\XKckeQp.exe
  C:\Windows\System\XKckeQp.exe
  2⤵
  PID:9344
- C:\Windows\System\UTTzqeS.exe
  C:\Windows\System\UTTzqeS.exe
  2⤵
  PID:9360
- C:\Windows\System\jZfgnyp.exe
  C:\Windows\System\jZfgnyp.exe
  2⤵
  PID:9376
- C:\Windows\System\WBmgxNN.exe
  C:\Windows\System\WBmgxNN.exe
  2⤵
  PID:9392
- C:\Windows\System\nKDCxYP.exe
  C:\Windows\System\nKDCxYP.exe
  2⤵
  PID:9408
- C:\Windows\System\JmaPhgE.exe
  C:\Windows\System\JmaPhgE.exe
  2⤵
  PID:9424
- C:\Windows\System\Nworvfw.exe
  C:\Windows\System\Nworvfw.exe
  2⤵
  PID:9440
- C:\Windows\System\utttfBc.exe
  C:\Windows\System\utttfBc.exe
  2⤵
  PID:9456
- C:\Windows\System\GoXrhfk.exe
  C:\Windows\System\GoXrhfk.exe
  2⤵
  PID:9472
- C:\Windows\System\GXkwOiq.exe
  C:\Windows\System\GXkwOiq.exe
  2⤵
  PID:9488
- C:\Windows\System\nkHkxgs.exe
  C:\Windows\System\nkHkxgs.exe
  2⤵
  PID:9504
- C:\Windows\System\KVnuylI.exe
  C:\Windows\System\KVnuylI.exe
  2⤵
  PID:9520
- C:\Windows\System\FxbTcQb.exe
  C:\Windows\System\FxbTcQb.exe
  2⤵
  PID:9536
- C:\Windows\System\ighGtEU.exe
  C:\Windows\System\ighGtEU.exe
  2⤵
  PID:9552
- C:\Windows\System\jZzrRTU.exe
  C:\Windows\System\jZzrRTU.exe
  2⤵
  PID:9568
- C:\Windows\System\orNeIZS.exe
  C:\Windows\System\orNeIZS.exe
  2⤵
  PID:9584
- C:\Windows\System\atytpfM.exe
  C:\Windows\System\atytpfM.exe
  2⤵
  PID:9600
- C:\Windows\System\xTAkwmL.exe
  C:\Windows\System\xTAkwmL.exe
  2⤵
  PID:9616
- C:\Windows\System\GECLyoh.exe
  C:\Windows\System\GECLyoh.exe
  2⤵
  PID:9632
- C:\Windows\System\YazebRM.exe
  C:\Windows\System\YazebRM.exe
  2⤵
  PID:9648
- C:\Windows\System\fyxesBc.exe
  C:\Windows\System\fyxesBc.exe
  2⤵
  PID:9664
- C:\Windows\System\YmpSXeD.exe
  C:\Windows\System\YmpSXeD.exe
  2⤵
  PID:9680
- C:\Windows\System\JxXskDN.exe
  C:\Windows\System\JxXskDN.exe
  2⤵
  PID:9696
- C:\Windows\System\mUPfFNk.exe
  C:\Windows\System\mUPfFNk.exe
  2⤵
  PID:9712
- C:\Windows\System\XUEqbtR.exe
  C:\Windows\System\XUEqbtR.exe
  2⤵
  PID:9728
- C:\Windows\System\xUDhbKA.exe
  C:\Windows\System\xUDhbKA.exe
  2⤵
  PID:9744
- C:\Windows\System\GiHEQYh.exe
  C:\Windows\System\GiHEQYh.exe
  2⤵
  PID:9760
- C:\Windows\System\JFmlNXW.exe
  C:\Windows\System\JFmlNXW.exe
  2⤵
  PID:9776
- C:\Windows\System\hagHDtB.exe
  C:\Windows\System\hagHDtB.exe
  2⤵
  PID:9792
- C:\Windows\System\pzkNYNs.exe
  C:\Windows\System\pzkNYNs.exe
  2⤵
  PID:9808
- C:\Windows\System\QQCYxpF.exe
  C:\Windows\System\QQCYxpF.exe
  2⤵
  PID:9824
- C:\Windows\System\pjDLuJr.exe
  C:\Windows\System\pjDLuJr.exe
  2⤵
  PID:9840
- C:\Windows\System\TXIbKaL.exe
  C:\Windows\System\TXIbKaL.exe
  2⤵
  PID:9856
- C:\Windows\System\kjEelss.exe
  C:\Windows\System\kjEelss.exe
  2⤵
  PID:9872
- C:\Windows\System\RiPKTNf.exe
  C:\Windows\System\RiPKTNf.exe
  2⤵
  PID:9888
- C:\Windows\System\ZWdDOwJ.exe
  C:\Windows\System\ZWdDOwJ.exe
  2⤵
  PID:9904
- C:\Windows\System\Twkqdwd.exe
  C:\Windows\System\Twkqdwd.exe
  2⤵
  PID:9920
- C:\Windows\System\pDBDRMU.exe
  C:\Windows\System\pDBDRMU.exe
  2⤵
  PID:9936
- C:\Windows\System\MtXotnI.exe
  C:\Windows\System\MtXotnI.exe
  2⤵
  PID:9952
- C:\Windows\System\GbQfaPj.exe
  C:\Windows\System\GbQfaPj.exe
  2⤵
  PID:9968
- C:\Windows\System\tnZKvOI.exe
  C:\Windows\System\tnZKvOI.exe
  2⤵
  PID:9984
- C:\Windows\System\PEAqcoq.exe
  C:\Windows\System\PEAqcoq.exe
  2⤵
  PID:10000
- C:\Windows\System\VhdDWJG.exe
  C:\Windows\System\VhdDWJG.exe
  2⤵
  PID:10016
- C:\Windows\System\PEBnUpv.exe
  C:\Windows\System\PEBnUpv.exe
  2⤵
  PID:10032
- C:\Windows\System\lwXLBbO.exe
  C:\Windows\System\lwXLBbO.exe
  2⤵
  PID:10048
- C:\Windows\System\jGdTGfT.exe
  C:\Windows\System\jGdTGfT.exe
  2⤵
  PID:10064
- C:\Windows\System\tyTkxLV.exe
  C:\Windows\System\tyTkxLV.exe
  2⤵
  PID:10080
- C:\Windows\System\bEbnaAi.exe
  C:\Windows\System\bEbnaAi.exe
  2⤵
  PID:10096
- C:\Windows\System\gjYBsWv.exe
  C:\Windows\System\gjYBsWv.exe
  2⤵
  PID:10112
- C:\Windows\System\soEnDMP.exe
  C:\Windows\System\soEnDMP.exe
  2⤵
  PID:10128
- C:\Windows\System\fnLliSg.exe
  C:\Windows\System\fnLliSg.exe
  2⤵
  PID:10144
- C:\Windows\System\PojXmLQ.exe
  C:\Windows\System\PojXmLQ.exe
  2⤵
  PID:10164
- C:\Windows\System\QquircB.exe
  C:\Windows\System\QquircB.exe
  2⤵
  PID:10180
- C:\Windows\System\CawfOhz.exe
  C:\Windows\System\CawfOhz.exe
  2⤵
  PID:10196
- C:\Windows\System\oEXnQNF.exe
  C:\Windows\System\oEXnQNF.exe
  2⤵
  PID:9292
- C:\Windows\System\ZgLRQdY.exe
  C:\Windows\System\ZgLRQdY.exe
  2⤵
  PID:9220
- C:\Windows\System\ZyxaVNX.exe
  C:\Windows\System\ZyxaVNX.exe
  2⤵
  PID:9288
- C:\Windows\System\HDchwei.exe
  C:\Windows\System\HDchwei.exe
  2⤵
  PID:9368
- C:\Windows\System\TCOEEwr.exe
  C:\Windows\System\TCOEEwr.exe
  2⤵
  PID:9432
- C:\Windows\System\Jurtvrf.exe
  C:\Windows\System\Jurtvrf.exe
  2⤵
  PID:9496
- C:\Windows\System\uJKcbRt.exe
  C:\Windows\System\uJKcbRt.exe
  2⤵
  PID:9320
- C:\Windows\System\YTRGiXg.exe
  C:\Windows\System\YTRGiXg.exe
  2⤵
  PID:9384
- C:\Windows\System\wDYqEQs.exe
  C:\Windows\System\wDYqEQs.exe
  2⤵
  PID:9448
- C:\Windows\System\oEfiNJU.exe
  C:\Windows\System\oEfiNJU.exe
  2⤵
  PID:9512
- C:\Windows\System\owRiVEd.exe
  C:\Windows\System\owRiVEd.exe
  2⤵
  PID:9560
- C:\Windows\System\tUVcXZN.exe
  C:\Windows\System\tUVcXZN.exe
  2⤵
  PID:9580
- C:\Windows\System\IfECCdx.exe
  C:\Windows\System\IfECCdx.exe
  2⤵
  PID:9624
- C:\Windows\System\eUKPHxO.exe
  C:\Windows\System\eUKPHxO.exe
  2⤵
  PID:9676
- C:\Windows\System\jMSDdfP.exe
  C:\Windows\System\jMSDdfP.exe
  2⤵
  PID:9752
- C:\Windows\System\joTbKKu.exe
  C:\Windows\System\joTbKKu.exe
  2⤵
  PID:9852
- C:\Windows\System\wFqAePz.exe
  C:\Windows\System\wFqAePz.exe
  2⤵
  PID:9964
- C:\Windows\System\iyDeXSl.exe
  C:\Windows\System\iyDeXSl.exe
  2⤵
  PID:9996
- C:\Windows\System\DLGmxoN.exe
  C:\Windows\System\DLGmxoN.exe
  2⤵
  PID:10060
- C:\Windows\System\zMbLjBV.exe
  C:\Windows\System\zMbLjBV.exe
  2⤵
  PID:10072
- C:\Windows\System\QoXzFRb.exe
  C:\Windows\System\QoXzFRb.exe
  2⤵
  PID:10120
- C:\Windows\System\ThCnztU.exe
  C:\Windows\System\ThCnztU.exe
  2⤵
  PID:10236
- C:\Windows\System\rbRJrHM.exe
  C:\Windows\System\rbRJrHM.exe
  2⤵
  PID:9640
- C:\Windows\System\ZEPbDTb.exe
  C:\Windows\System\ZEPbDTb.exe
  2⤵
  PID:9656
- C:\Windows\System\qyCDhck.exe
  C:\Windows\System\qyCDhck.exe
  2⤵
  PID:9816
- C:\Windows\System\mfJyzNd.exe
  C:\Windows\System\mfJyzNd.exe
  2⤵
  PID:9836
- C:\Windows\System\tNpIlFo.exe
  C:\Windows\System\tNpIlFo.exe
  2⤵
  PID:9900
- C:\Windows\System\SvyjCEA.exe
  C:\Windows\System\SvyjCEA.exe
  2⤵
  PID:9976
- C:\Windows\System\AYEUZJU.exe
  C:\Windows\System\AYEUZJU.exe
  2⤵
  PID:9992
- C:\Windows\System\DLeXLxL.exe
  C:\Windows\System\DLeXLxL.exe
  2⤵
  PID:10136
- C:\Windows\System\MnFefsf.exe
  C:\Windows\System\MnFefsf.exe
  2⤵
  PID:10124
- C:\Windows\System\HwzBrwq.exe
  C:\Windows\System\HwzBrwq.exe
  2⤵
  PID:10228
- C:\Windows\System\GFksUKS.exe
  C:\Windows\System\GFksUKS.exe
  2⤵
  PID:10176
- C:\Windows\System\eYxujlV.exe
  C:\Windows\System\eYxujlV.exe
  2⤵
  PID:10156
- C:\Windows\System\fRbchCj.exe
  C:\Windows\System\fRbchCj.exe
  2⤵
  PID:9268
- C:\Windows\System\rSodUkA.exe
  C:\Windows\System\rSodUkA.exe
  2⤵
  PID:8444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EztXuLk.exe

Filesize
6.0MB

MD5
dd3a35de55a015e0220f22e828be45be

SHA1
c6ff1a49ba90df42a1f65544dd3b82023d2886d6

SHA256
6dff8351ea23f30342204f67ead9e50608dc77696a9ca0369e251f0ad5683569

SHA512
672228f58c0a036de5348d74485073b60ef34b3a7088354273d0bd6b61f67425aba44e942d2b39d3de2dcb2f5656960c63d3f29d06222b9a3ef467dc555f59f8

Download Submit
C:\Windows\system\FxiBVuj.exe

Filesize
6.0MB

MD5
edc407aa68de0777792278a9b45b50e8

SHA1
f127cb324b83623f0e0bd87765afdf5601cbb3b5

SHA256
33a959cf470081bf3bbb46fbb6ca5a5bcef358af731413245d727114d83c7773

SHA512
e603e6e45efccf9273a1383064cf23b02d3b24f7e4240710ddae21c28f88e200b963a5b7d6665603ffb7b75fc59718b6c709d9ff09ea6f1bde6d3f027a3dc374

Download Submit
C:\Windows\system\GzhuTGS.exe

Filesize
6.0MB

MD5
1f6c93c350e37fa4873490cad1b85ad3

SHA1
091f29291763480f615a48110cb998bf07fa452b

SHA256
c988cc2f7650e065d815acacae92f05fd5db1f160cc3f2ccaaba8f470fc7e5ec

SHA512
70604a715fc064d43af2e359bb85b156cfbc3718f7d53e780cf05b7787f55ca8c5908f00e05e9d72a354196b11d2001024415d34dd8753b4c1bde72c323c2757

Download Submit
C:\Windows\system\HvQBzkp.exe

Filesize
6.0MB

MD5
5bc0a6770f5b2acfd707ae44f842120f

SHA1
71ca0af0ce13651a71a73addd9590c08a0f4ab75

SHA256
1ffdd8fa958c17c10bc36affad85b3d902e67c9e122cf0e9ca9b6829f4eff10d

SHA512
8d52dcfd235a0145b701bbc2eb9f050bccbbb69f1fc067de39d3bb1fe702d057be76d5c7df076e06481d113d90639446e42b29b18a9e3b7909567f3c07835239

Download Submit
C:\Windows\system\JGuFfii.exe

Filesize
6.0MB

MD5
c0d0a4500547071f767b4380ed7cc468

SHA1
f24548dfe16c8a79236bb719a4a418a7dae346f9

SHA256
725e5c20db49dc9cd6ec9840f2af4511103d77f791677fcc4b91d8a17bb21e0e

SHA512
2a61312f17681e9ab157cb65ae21a404a98ae1ed7953bb2d0a25bd6a026f8ed512e39d9d8a10707cef9f8c8a5d905df4cee77556ba7bfe7b7829408778096d91

Download Submit
C:\Windows\system\JvDibtB.exe

Filesize
6.0MB

MD5
b958ff38e0c6f867999a7015b8f5f29e

SHA1
b14881ba7f866556637b0a0b2d8a1bf2463494f8

SHA256
e063bf59597fb825095877b8c6c2a53c6532861779c6cd778fd6b43c11ca493e

SHA512
00bb740775a6eeedf1d03b6f8168166e9883038b57a88308bd373759fdb963ee535c87a1169c69faaeddcb14a5c406b89e612ce96e934770c6ee49e7cba9a92d

Download Submit
C:\Windows\system\LpnpHiY.exe

Filesize
6.0MB

MD5
372e4556a33762cb647624a5c01f3d08

SHA1
366e0efecf415d5c135eca5e281312c3ba8e69bf

SHA256
eb9def8c157ddbf423a59d9366888056edfe6c2d051a91205f7f1f928ca146cd

SHA512
6610c3511e047052df6facf77c1b3c0c086296949fab1a9d9e9ff072f115c4245e26b62ab2ddb21d68d544a28692612924bba65238369f4594626de36b1c7fa6

Download Submit
C:\Windows\system\NiQJpej.exe

Filesize
6.0MB

MD5
f530e05c8368bf39a59e43fae0625de6

SHA1
38484f82e82e84a60507bf15fb1cf791dda50c62

SHA256
ae96eda090aea0612022f14e963297f1f5bf6a9b30bb7751e12aab1570252e4a

SHA512
1e6050289a686e18e38b6fc3b2ae146e8b9e2a1acbd722d4cd672f7d8feb6207841e3377545b70051f1d53870b5d33ed13443481ded1eda9b3d8a3ab9ecfe042

Download Submit
C:\Windows\system\QPKxPxW.exe

Filesize
6.0MB

MD5
d7df2edd4620a143efea776f9ede9f63

SHA1
dcc721cb74e741f92d0917081df35c7c064b9d47

SHA256
11d46e072871955264e02e5b047ec58e63926749ae19897be553f216c53fdbe4

SHA512
8f0135e49b260039eefea063db54791fbe75fd1cd3bce2bb4dffbd4f65fc0f375a1512f88599643a75dc70bf58ece1c7f4abc3062a559a0e50e56e395ae1850e

Download Submit
C:\Windows\system\RkMctYO.exe

Filesize
6.0MB

MD5
3a2e58e962d8a6b24ab5849e9e96787f

SHA1
384ab34d53c416a5493a339650b35ee64f80d300

SHA256
ca4bed50cf2fbcfc873192170c07764c17cdaa702a4bcdce01346e4f8f2da8c6

SHA512
e8c61ca412f08398601d4c11685247c48481b79beaeccc88cc61818dc69a591bcd1487fe1382352d4b71a333ac712baeae827e207fb8e134febd1eb5cc848a3b

Download Submit
C:\Windows\system\VFPsuPT.exe

Filesize
6.0MB

MD5
c5b817d04fe4fd76db9cf2e5e8505d0d

SHA1
575289499a2c37545d6b283c55568c06555d2939

SHA256
e9e2956187406f2819069042e63ef8913707d7bf29f761999b3a0ceb0c9760c4

SHA512
496f414284dc14755f7d98f1b57aec1b42604986091ac4e91ec467cabbbd84594535bde28c2185dedc908df32946ea2094acab9b2de992ceb680eaf91c75233b

Download Submit
C:\Windows\system\YhWYBQS.exe

Filesize
6.0MB

MD5
cae43bf92cfde90d8b0b6c92cd40ebb5

SHA1
b6c98ecef2360cb836ba856fb5ebf6700b574ee2

SHA256
665e6850eb5588f095709e0118d51475d3a6058f184b25174b6b654648ce7fb5

SHA512
d2c3db63bbd3780fa8bf569f9b5a7498bdd4d96ada63979f0001b439e212e6db3ae27c847ee1f5eeb4b54dd882310c0b5375b3c321b826e3a206739bc094f744

Download Submit
C:\Windows\system\ZomWahm.exe

Filesize
6.0MB

MD5
fa1575c4c38fa28fc98b784bb7008076

SHA1
b6a453b6f6d5f343923dcc94f4d34596340592ab

SHA256
413e57d560c561f51e7e639f11c1a1d5f5eb9265b33b62fe0dba8b0f3a1d13d2

SHA512
96272a09ac6650be6443efd8d769aab692405fa45ac85540b7c307651d97f2f625780962ee8fc2c367678744da53736e47cfa7c13ec2e69bb70f9a4ceb47a72f

Download Submit
C:\Windows\system\aXgwUzj.exe

Filesize
6.0MB

MD5
d59bc9654ad84b99d9f55603a10e73de

SHA1
452337bddfcbaa6a969479641f9cce16560ba13c

SHA256
5c9fdebcd4962f0d588c708b511bd5c44deb87fcf2fcc17b0fc238c3bb45699f

SHA512
facb04f19e093a68b90bc5d63009b70ba6d3eb23eef69733096044482e405aa79333c9eea7811561f55a3789eaa6e4bb0011c62c7e83b8726522b49ffb42abcc

Download Submit
C:\Windows\system\eUEUUfs.exe

Filesize
6.0MB

MD5
676a68ed4371c4fc0672530528482d69

SHA1
8e9d2518818b523773286f03dbbd90bf6619c20c

SHA256
78fb5ba3bb0edd1249a4f216970a9c9578e97e70f68315602b552210127be3d7

SHA512
1cc1c19b869edfb481129a194fc9bdaf7dbbd0c2e7630ef224f983c5ab2c1ff0c331e7a990048f2bdd0e1bd3ffb6499eb3338d50a92aef9b0838b8f892d71466

Download Submit
C:\Windows\system\eXPDEjA.exe

Filesize
6.0MB

MD5
4d7d11a05aee739c7f6a5360541c3f3a

SHA1
2fa8ce43e55789dd14a3682edcc9f7c0427f70fd

SHA256
c87fc5f4d67a37c9dc0e08dfa5dfd0824d694fb4c702ae186d9e384fb1a345e4

SHA512
b0b7f56f3f44a8dd3ed53ab922dd4e9cab082404492c2557045af7dcdd5b0e7265a3bf8898e79aa6d1539e70dac7645331268501ad25b90a4a340dcae7cfc696

Download Submit
C:\Windows\system\fqOleWJ.exe

Filesize
6.0MB

MD5
32d8fa04b7cb3987b2b6d45be17388e9

SHA1
c9f0e81a8d9071c6a086b7fff0e634a4c3975e46

SHA256
51543fd85b3bf4cbb418cdea51db7ffad03b401c31bcbb87b2be69f0031221da

SHA512
0714c772f29fc02210e5220b65677af1c98ad22e3e17b564b4e488ce809496c0e8e4fbc0ef9c357880f35594c7e90137f363dd5c1aaa35a33abfb7c358a8faa9

Download Submit
C:\Windows\system\hsMrcOC.exe

Filesize
6.0MB

MD5
3c9d013535ccf8bd37e0ac14c667daae

SHA1
9137f0194e79c337aae7596d9707e6f4594f01a9

SHA256
9b761ba77964a4ad0a67888172a7c4d9389c4a9428d54561d218b275431a5828

SHA512
5be40119fef1d68a024f1a8310c21ef5a2fbebf5614a4eaf417e2884d9fd9ddabb83ecb43d3d441c5bfe9bd5308bbab629d135dcde6d28f2c1e0df316e8dc75f

Download Submit
C:\Windows\system\iEongNo.exe

Filesize
6.0MB

MD5
73dad63536989576c2a6536efb910afb

SHA1
4aa03eb54907de43c41a2e2dd0160a0e4bfd68e7

SHA256
d7864a086283f6864914d11c55444c68c936b8558d294fbe8fc7ead0d0d90ea5

SHA512
b21fcbbaee59f27457dab8cbda188e8b0c5137efcabce25ee6d25f2f0457dd20677208ad982b467dd4c310313775714851a9a4a697c0e5c6826e60a2bde06e4f

Download Submit
C:\Windows\system\mwovLkR.exe

Filesize
6.0MB

MD5
75838a1307dea30a5b5525e0f3b82a26

SHA1
a03455b762507bec736c41385cbe4eb813428b5b

SHA256
b8d855c14306767067cd77c928e775c1349806046946a49e3a04c47930335819

SHA512
6904fa8c859ecd28afd571676748aaf4a574b2fdddd4c4320e32b5cacca7fbb6a2959a39bea06eaf3b45b16f279a7ff070111105b0975f5b6096b67ad056f0da

Download Submit
C:\Windows\system\nMtSCjv.exe

Filesize
6.0MB

MD5
20eeba4507603f38bdf44a5a61063fa5

SHA1
9ca0610b182a6223256eb68e640732f0c19a9325

SHA256
aed343c7a9416da60b4c58cf7552e9fc58666c139c6a0bf1860464a687fd9498

SHA512
c41880c9a290a23a8664cfa281ac23c6cd3b6843579c951df1f2cea393cf4aeb3a70abf41f90754998a929470111a3c75a11839555bc7dbe9146b36b00413c42

Download Submit
C:\Windows\system\pCVUNkM.exe

Filesize
6.0MB

MD5
fb54ce75c67812a7fcc5b0aaceb497a8

SHA1
262aeac5fc7a444540348b0c9a440cf5d89a622e

SHA256
a990d98bbab2665b13a10b526a52e46a12c3f9d34aefe1ec69cd00dd1de575b4

SHA512
9b12ab7e0041f90a04d8a27a1077614c34d5cb75024918a27cbed72a8163a7ae177f9ac7e2ef93be4439d36136aef034de2b5b7d6827a9700d278bb4e65dc3e4

Download Submit
C:\Windows\system\pauKGKu.exe

Filesize
6.0MB

MD5
c705307bbc47f689be82ee07bb168464

SHA1
dd065bc6ec24f8ebd2cdca224550d46c8d4142df

SHA256
5107a0e74bec40701e35ef38ab9544afb89f649405774cb638dfe254015f3854

SHA512
5d96a7844e275183f1f9b02b92a148b815b20de97bc7a89c70445012da60dd69a95bdfd221659878f520e6be487ebe4a90a8f5e2132215b10f316fe56d5d5e27

Download Submit
C:\Windows\system\sRXFodj.exe

Filesize
6.0MB

MD5
6170337bb8b44d51824b62cb736f7545

SHA1
340c0d20673e23af7a24e6d1329a24f698557668

SHA256
82aa030af6fff009bf1c534efee9643b32d1452086a9b506fabf81425a20de2a

SHA512
74a8c056f31433714b2a54bab0846262674ce3099f5ce50f2ad7126575cc193912647ee969a0e038df922614afa1b81da748cceb5d2d29a998f88c897d7c339c

Download Submit
C:\Windows\system\uTRjtHZ.exe

Filesize
6.0MB

MD5
485ba42b0dc56a40d4afb7a237594dd3

SHA1
442be625f26cc4951f8949d745b5845ba92c5305

SHA256
c01870b34f4a462997a9cca46c8ccec164ecafef06c369cf2d5f6977d0127930

SHA512
8ded9525d10c8cfde7b2fdbaa213bb5cac68e875cb315542e7ad3678d275f1b10af9bbeba69e1f69fee247f715c834b1e18daf58f94a60ec94e5a66055c9964e

Download Submit
C:\Windows\system\wMuJSuf.exe

Filesize
6.0MB

MD5
e5f2ad6f43e85fb3e717c28767a68bb6

SHA1
b67f56b9e1953a6ffa1b225f7a81937180bed674

SHA256
62ab2cd0c8409a7db645751c8cddc1e89ef007f1cb58a4eb8c1d371a8d8f1a36

SHA512
72082e368d1f5ec79a78818f191ee1007b871259feae78242148e874a19ed4a76db88c2e944f110a89710c42bab03a1bc9bf0323db7c8c8db593a94a40ff3b01

Download Submit
C:\Windows\system\xMMhtmp.exe

Filesize
6.0MB

MD5
9e78eb9c6ae338a3285476a61444d3fc

SHA1
5e8042c4de744d5ccac4c90a8c28f1d6d8c22d68

SHA256
6db8735b4651f44e498ddd91ababc21e0a7591a536a9e19919b16903ae0b588c

SHA512
540a918cd696c5c5b36cf53fe54872bd9070b32115ea56828437022ce4813cf312b3d316973ac88abf6ad5cbfa489899906895812517c463af66e50815fac273

Download Submit
\Windows\system\NcYnJPL.exe

Filesize
6.0MB

MD5
f1930d6979b465b76a3fec246da78297

SHA1
7d0afefb0990f976f009629a27c2fd0a7b9e1303

SHA256
85b7e2a94107cb0cca06c2085058f9bc7c8180b96e8957c524adbd2dda38b19f

SHA512
fb34fa80cf19cab1ec9a3fb38acaa8e06139514bc2b1cf5ecabd80f56f9ff60157a5452f86de5b60eeccdeb9c81d549d71add0049f716a71498d183971a4bec1

Download Submit
\Windows\system\TnWJIBv.exe

Filesize
6.0MB

MD5
551b03d69fa4292debbee086c75bc201

SHA1
1a9f28f2a6ffc110dffb52a97216701f9bec02eb

SHA256
17ca9beaf3c68faf20b5f564a4ca8d3abdf84baa2dc75188879a748f5cd467e8

SHA512
5bbdc23c7cd43cdd6b987b152a5f325a82824f16a0f0a3d0536e3e8263b73b7f3f280d6f2015dfe8101d1c1598dcff4c728211f8c097e507738bb4fef3efe0f9

Download Submit
\Windows\system\YbWJISK.exe

Filesize
6.0MB

MD5
a8f9f701d72ad5c25a30dd384f600917

SHA1
f0e302ddeb9939e3245b27c6d7ca5e0be671fd58

SHA256
30f36226361fd2f9d5a77d7cbffc6d9662210ed96076d6dc0d9c556183d66c24

SHA512
bd541113e81771589345de24fbbaef030146cfa690f226ba913e72bb6eae531f0ef5f67745b8fdcc39e5a7c868cff05944923f7ae3e19735d33f7da13c409261

Download Submit
\Windows\system\cdfcgYy.exe

Filesize
6.0MB

MD5
2e1c0d8b8cf24e3a3bd07ef91a7c4ecd

SHA1
f40de77e914bc1a4c6224778e295f3f7df55185e

SHA256
87562ff601bc2d480cd3049f14c7983593ba879f1ba064af501b09a8ffd8bc48

SHA512
0a4013ebebcebfcc0ab7c9eb2f544f83a94006e781e005191de55730aa2710891139ae1d4a7065bba62c82b30c3bbde1b238246136ed7326e5b37d27366f19bb

Download Submit
\Windows\system\shRFsHL.exe

Filesize
6.0MB

MD5
4eddbec9cb7a50cf1326c52a872ee29b

SHA1
e3cb63fe5620383e4ecd5629045986482d5f2388

SHA256
c1da2c8c5ceb0abd8947e662b790fb648836ca0ca2d3eb14d0c692777cb9ec9d

SHA512
5e41eff4674b4314a51d0d7d6031e73c423e76613bb82940d5e36364485b65abbd62ae1a0212b991419c9aaad36d3389f7acf933df96a92862d5d5080b9fff39

Download Submit
\Windows\system\tgjJYrl.exe

Filesize
6.0MB

MD5
3a018adb2dd6457f5d474fa3cbcbce84

SHA1
6bcb4188b5fed708eaf33714e549a1c85fd31204

SHA256
544ccbbabda39367e06ca441ba0029b4dc1d330d89a6140f138a2c946d29885b

SHA512
cb5f1f6d165648838ec5a4a8e0448f94b81c2a77f9f166bba13740658b037576edf002ecce7f1ff1d3c496c9e4e8367220404a758300f245ffb880aa7db714ad

Download Submit
memory/1168-3876-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1208-3883-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1908-3877-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1908-2368-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3888-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3887-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2064-0-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2132-3873-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2132-2287-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2360-3872-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3882-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3880-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3878-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3871-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3874-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3879-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3881-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3884-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3875-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download