cobaltstrike | 15b8b6ce94775ea2d0981f6989eb4d20506c4ccbea80a4f3a2463e5ebe7aefbb

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

28169b1a2846a64bff5221b375c33d31
SHA1

b50c1e93932d2de97dfd3f86ba66d4ddb7ceffa1
SHA256

15b8b6ce94775ea2d0981f6989eb4d20506c4ccbea80a4f3a2463e5ebe7aefbb
SHA512

f9facf0970c5bd943239a7f96f48b9edb8906d835fa4d9c38f33908355fa2fe9f4530ddcb4d49c2552dfcadaf45d37e8c048f88e8b7d730c7dba3aafd8d4ed27
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUJ:T+q56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fc-6.dat	cobalt_reflective_dll
behavioral1/files/0x0003000000018334-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019394-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019470-28.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-30.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948c-47.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195bb-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47b-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019490-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-72.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194eb-64.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018bbf-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2936-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fc-6.dat	xmrig
behavioral1/files/0x0003000000018334-11.dat	xmrig
behavioral1/memory/2936-12-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0008000000019394-10.dat	xmrig
behavioral1/files/0x0007000000019470-28.dat	xmrig
behavioral1/memory/1824-29-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x0006000000019489-30.dat	xmrig
behavioral1/memory/3068-37-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000600000001948c-47.dat	xmrig
behavioral1/memory/2936-52-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2964-58-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x00070000000195bb-66.dat	xmrig
behavioral1/files/0x000500000001a3ab-86.dat	xmrig
behavioral1/memory/2936-109-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a404-118.dat	xmrig
behavioral1/files/0x000500000001a438-121.dat	xmrig
behavioral1/files/0x000500000001a44d-129.dat	xmrig
behavioral1/files/0x000500000001a44f-133.dat	xmrig
behavioral1/files/0x000500000001a469-151.dat	xmrig
behavioral1/memory/2936-343-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2964-1993-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/3016-2000-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2792-2032-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2744-2029-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/1744-2052-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/1672-2058-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2648-2041-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/1824-2024-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/3068-2023-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/432-2098-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2816-2153-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2080-2125-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2180-2119-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/1480-2002-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x000500000001a479-189.dat	xmrig
behavioral1/files/0x000500000001a475-181.dat	xmrig
behavioral1/files/0x000500000001a47b-195.dat	xmrig
behavioral1/files/0x000500000001a477-187.dat	xmrig
behavioral1/files/0x000500000001a471-174.dat	xmrig
behavioral1/files/0x000500000001a46d-164.dat	xmrig
behavioral1/files/0x000500000001a473-178.dat	xmrig
behavioral1/files/0x000500000001a46f-168.dat	xmrig
behavioral1/files/0x000500000001a46b-158.dat	xmrig
behavioral1/files/0x000500000001a463-148.dat	xmrig
behavioral1/files/0x000500000001a459-143.dat	xmrig
behavioral1/files/0x000500000001a457-138.dat	xmrig
behavioral1/files/0x000500000001a400-114.dat	xmrig
behavioral1/memory/2816-108-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2792-107-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f8-101.dat	xmrig
behavioral1/memory/432-97-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3fd-105.dat	xmrig
behavioral1/memory/1824-82-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2936-81-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/1672-80-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2936-95-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2080-94-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2180-93-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f6-89.dat	xmrig
behavioral1/memory/2648-60-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0006000000019490-56.dat	xmrig
behavioral1/memory/1744-75-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2936-74-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1480	QQVkBFk.exe
2964	FKXWZmf.exe
3016	vjDiBhi.exe
1824	JduXJts.exe
3068	cJsxEhs.exe
2792	xkaAhzR.exe
2744	HrzIjpG.exe
2648	fjmpoIG.exe
1744	OKdYsml.exe
1672	MhPjfKw.exe
2180	FgEnXpu.exe
2080	YlInpLK.exe
432	JVXHdLy.exe
2816	vRfTert.exe
3064	ZLORpKj.exe
2104	TATJbOY.exe
3024	jWCOuSd.exe
2120	mkSZWRW.exe
2504	jcXaoJL.exe
2932	sxBhkHC.exe
836	kcKlUDP.exe
612	MuGFRzh.exe
2304	QeGjSjv.exe
2264	PBJlljj.exe
2484	bcfsXwk.exe
2284	QrUinCY.exe
2232	fUGxQSU.exe
2060	xhnujfH.exe
1960	OmctmqT.exe
1096	cIPBamC.exe
1848	uKCSmbs.exe
1900	nOcNEBK.exe
2056	Dtfihwq.exe
2160	gzRqzpg.exe
900	VPywSBv.exe
1752	ePEwZdd.exe
1500	lEUgSCX.exe
1812	efgLrip.exe
1192	DJXSySJ.exe
936	eVkywpK.exe
1132	VdiSFKp.exe
1384	lpVzRQF.exe
584	emYOTSi.exe
2316	GJTVnTD.exe
932	KSTvFdZ.exe
1756	ftOGvWv.exe
2396	cUrDLSR.exe
2392	cXPcObJ.exe
2004	AhAbPyj.exe
2336	nNJhEjY.exe
2832	EheNjCi.exe
2448	BMCTPXJ.exe
1928	ZfanbJV.exe
752	acOnFGF.exe
664	wAjPXDN.exe
1608	KKrrdBe.exe
2896	uloJgwJ.exe
2880	ZmWpMbj.exe
3040	IAexHlp.exe
2780	rnVKwqQ.exe
2728	eIJtzMj.exe
2136	vhIkinb.exe
896	thanPAF.exe
3056	XvmNagl.exe

Loads dropped DLL 64 IoCs

pid	Process
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2936-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x00070000000120fc-6.dat	upx
behavioral1/files/0x0003000000018334-11.dat	upx
behavioral1/files/0x0008000000019394-10.dat	upx
behavioral1/files/0x0007000000019470-28.dat	upx
behavioral1/memory/1824-29-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x0006000000019489-30.dat	upx
behavioral1/memory/3068-37-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000600000001948c-47.dat	upx
behavioral1/memory/2936-52-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2964-58-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x00070000000195bb-66.dat	upx
behavioral1/files/0x000500000001a3ab-86.dat	upx
behavioral1/files/0x000500000001a404-118.dat	upx
behavioral1/files/0x000500000001a438-121.dat	upx
behavioral1/files/0x000500000001a44d-129.dat	upx
behavioral1/files/0x000500000001a44f-133.dat	upx
behavioral1/files/0x000500000001a469-151.dat	upx
behavioral1/memory/2964-1993-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/3016-2000-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2792-2032-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2744-2029-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/1744-2052-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/1672-2058-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2648-2041-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/1824-2024-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/3068-2023-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/432-2098-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2816-2153-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2080-2125-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2180-2119-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/1480-2002-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x000500000001a479-189.dat	upx
behavioral1/files/0x000500000001a475-181.dat	upx
behavioral1/files/0x000500000001a47b-195.dat	upx
behavioral1/files/0x000500000001a477-187.dat	upx
behavioral1/files/0x000500000001a471-174.dat	upx
behavioral1/files/0x000500000001a46d-164.dat	upx
behavioral1/files/0x000500000001a473-178.dat	upx
behavioral1/files/0x000500000001a46f-168.dat	upx
behavioral1/files/0x000500000001a46b-158.dat	upx
behavioral1/files/0x000500000001a463-148.dat	upx
behavioral1/files/0x000500000001a459-143.dat	upx
behavioral1/files/0x000500000001a457-138.dat	upx
behavioral1/files/0x000500000001a400-114.dat	upx
behavioral1/memory/2816-108-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2792-107-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x000500000001a3f8-101.dat	upx
behavioral1/memory/432-97-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x000500000001a3fd-105.dat	upx
behavioral1/memory/1824-82-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/1672-80-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2080-94-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2180-93-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x000500000001a3f6-89.dat	upx
behavioral1/memory/2648-60-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0006000000019490-56.dat	upx
behavioral1/memory/1744-75-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x000500000001a309-72.dat	upx
behavioral1/files/0x00080000000194eb-64.dat	upx
behavioral1/memory/2744-51-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2792-42-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0031000000018bbf-40.dat	upx
behavioral1/memory/1480-24-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OVQKcJc.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFPmcgI.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRzaumf.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKauMpu.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbznVXi.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDULvaj.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnrFVwJ.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evrpfFI.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqBeOjU.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psENgns.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\apmDcNy.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbALmIn.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEOGnne.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExQkpZK.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELhxmRa.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBXAgcI.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxBhkHC.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUSWskB.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrCKpUO.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lAZcaqd.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GklxKAs.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emYOTSi.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMWzLVa.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAfLXLw.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lEUgSCX.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVwwozO.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQzcrfj.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwXBsww.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TiDikNx.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQwrtpC.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhqTbML.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvkhhzU.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSvivvu.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIQSWOC.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\euQLIHH.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lDhkkHU.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjHqlmj.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zctjWwy.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXZVMFr.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxJraOF.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPNSHHE.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmctmqT.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITnuUva.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBOKUpk.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwAJUaY.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKqqlTp.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfEXPmM.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plGQPpK.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNrwVyC.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwjIFib.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmWgtYL.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GDiyYQe.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKgujqU.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRdYyBh.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkLZNYt.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPRhCck.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlnDdzN.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KzRAyZm.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQVkBFk.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opNLCfd.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBUgHmw.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuqwQbb.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRvUYCM.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJXtjCP.exe	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 1480	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2936 wrote to memory of 1480	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2936 wrote to memory of 1480	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2936 wrote to memory of 2964	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 2964	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 2964	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2936 wrote to memory of 3016	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 3016	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 3016	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2936 wrote to memory of 1824	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 1824	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 1824	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2936 wrote to memory of 3068	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 3068	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 3068	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2936 wrote to memory of 2792	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2792	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2792	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2936 wrote to memory of 2744	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2744	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2744	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2936 wrote to memory of 2648	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2648	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 2648	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2936 wrote to memory of 1744	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 1744	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 1744	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2936 wrote to memory of 2180	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 2180	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 2180	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2936 wrote to memory of 1672	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 1672	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 1672	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2936 wrote to memory of 2080	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 2080	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 2080	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2936 wrote to memory of 432	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 432	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 432	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2936 wrote to memory of 2816	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 2816	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 2816	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2936 wrote to memory of 3064	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 3064	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 3064	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2936 wrote to memory of 2104	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 2104	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 2104	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2936 wrote to memory of 3024	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 3024	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 3024	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2936 wrote to memory of 2120	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 2120	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 2120	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2936 wrote to memory of 2504	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 2504	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 2504	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2936 wrote to memory of 2932	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 2932	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 2932	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2936 wrote to memory of 836	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 836	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 836	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2936 wrote to memory of 612	2936	2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-23_28169b1a2846a64bff5221b375c33d31_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\System\QQVkBFk.exe
  C:\Windows\System\QQVkBFk.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\FKXWZmf.exe
  C:\Windows\System\FKXWZmf.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\vjDiBhi.exe
  C:\Windows\System\vjDiBhi.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\JduXJts.exe
  C:\Windows\System\JduXJts.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\cJsxEhs.exe
  C:\Windows\System\cJsxEhs.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\xkaAhzR.exe
  C:\Windows\System\xkaAhzR.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\HrzIjpG.exe
  C:\Windows\System\HrzIjpG.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\fjmpoIG.exe
  C:\Windows\System\fjmpoIG.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\OKdYsml.exe
  C:\Windows\System\OKdYsml.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\FgEnXpu.exe
  C:\Windows\System\FgEnXpu.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\MhPjfKw.exe
  C:\Windows\System\MhPjfKw.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\YlInpLK.exe
  C:\Windows\System\YlInpLK.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\JVXHdLy.exe
  C:\Windows\System\JVXHdLy.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\vRfTert.exe
  C:\Windows\System\vRfTert.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\ZLORpKj.exe
  C:\Windows\System\ZLORpKj.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\TATJbOY.exe
  C:\Windows\System\TATJbOY.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\jWCOuSd.exe
  C:\Windows\System\jWCOuSd.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\mkSZWRW.exe
  C:\Windows\System\mkSZWRW.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\jcXaoJL.exe
  C:\Windows\System\jcXaoJL.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\sxBhkHC.exe
  C:\Windows\System\sxBhkHC.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\kcKlUDP.exe
  C:\Windows\System\kcKlUDP.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\MuGFRzh.exe
  C:\Windows\System\MuGFRzh.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\QeGjSjv.exe
  C:\Windows\System\QeGjSjv.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\PBJlljj.exe
  C:\Windows\System\PBJlljj.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\bcfsXwk.exe
  C:\Windows\System\bcfsXwk.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\QrUinCY.exe
  C:\Windows\System\QrUinCY.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\fUGxQSU.exe
  C:\Windows\System\fUGxQSU.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\xhnujfH.exe
  C:\Windows\System\xhnujfH.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\OmctmqT.exe
  C:\Windows\System\OmctmqT.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\nOcNEBK.exe
  C:\Windows\System\nOcNEBK.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\cIPBamC.exe
  C:\Windows\System\cIPBamC.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\gzRqzpg.exe
  C:\Windows\System\gzRqzpg.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\uKCSmbs.exe
  C:\Windows\System\uKCSmbs.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\VPywSBv.exe
  C:\Windows\System\VPywSBv.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\Dtfihwq.exe
  C:\Windows\System\Dtfihwq.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\ePEwZdd.exe
  C:\Windows\System\ePEwZdd.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\lEUgSCX.exe
  C:\Windows\System\lEUgSCX.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\efgLrip.exe
  C:\Windows\System\efgLrip.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\DJXSySJ.exe
  C:\Windows\System\DJXSySJ.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\eVkywpK.exe
  C:\Windows\System\eVkywpK.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\VdiSFKp.exe
  C:\Windows\System\VdiSFKp.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\emYOTSi.exe
  C:\Windows\System\emYOTSi.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\lpVzRQF.exe
  C:\Windows\System\lpVzRQF.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\KSTvFdZ.exe
  C:\Windows\System\KSTvFdZ.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\GJTVnTD.exe
  C:\Windows\System\GJTVnTD.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\ftOGvWv.exe
  C:\Windows\System\ftOGvWv.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\cUrDLSR.exe
  C:\Windows\System\cUrDLSR.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\AhAbPyj.exe
  C:\Windows\System\AhAbPyj.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\cXPcObJ.exe
  C:\Windows\System\cXPcObJ.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\ZfanbJV.exe
  C:\Windows\System\ZfanbJV.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\nNJhEjY.exe
  C:\Windows\System\nNJhEjY.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\acOnFGF.exe
  C:\Windows\System\acOnFGF.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\EheNjCi.exe
  C:\Windows\System\EheNjCi.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\wAjPXDN.exe
  C:\Windows\System\wAjPXDN.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\BMCTPXJ.exe
  C:\Windows\System\BMCTPXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\KKrrdBe.exe
  C:\Windows\System\KKrrdBe.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\uloJgwJ.exe
  C:\Windows\System\uloJgwJ.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\ZmWpMbj.exe
  C:\Windows\System\ZmWpMbj.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\IAexHlp.exe
  C:\Windows\System\IAexHlp.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\rnVKwqQ.exe
  C:\Windows\System\rnVKwqQ.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\eIJtzMj.exe
  C:\Windows\System\eIJtzMj.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\vhIkinb.exe
  C:\Windows\System\vhIkinb.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\thanPAF.exe
  C:\Windows\System\thanPAF.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\ZqcxHzz.exe
  C:\Windows\System\ZqcxHzz.exe
  2⤵
  PID:2024
- C:\Windows\System\XvmNagl.exe
  C:\Windows\System\XvmNagl.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\teMhXfG.exe
  C:\Windows\System\teMhXfG.exe
  2⤵
  PID:3060
- C:\Windows\System\bUSWskB.exe
  C:\Windows\System\bUSWskB.exe
  2⤵
  PID:1972
- C:\Windows\System\fpYicvg.exe
  C:\Windows\System\fpYicvg.exe
  2⤵
  PID:2656
- C:\Windows\System\fsDLMXH.exe
  C:\Windows\System\fsDLMXH.exe
  2⤵
  PID:1932
- C:\Windows\System\idQCZGz.exe
  C:\Windows\System\idQCZGz.exe
  2⤵
  PID:1776
- C:\Windows\System\BlPecLe.exe
  C:\Windows\System\BlPecLe.exe
  2⤵
  PID:2280
- C:\Windows\System\ujehiLr.exe
  C:\Windows\System\ujehiLr.exe
  2⤵
  PID:2520
- C:\Windows\System\YdPwPgV.exe
  C:\Windows\System\YdPwPgV.exe
  2⤵
  PID:560
- C:\Windows\System\UzQOUYq.exe
  C:\Windows\System\UzQOUYq.exe
  2⤵
  PID:2480
- C:\Windows\System\sJuDHKt.exe
  C:\Windows\System\sJuDHKt.exe
  2⤵
  PID:2568
- C:\Windows\System\zdPVoEq.exe
  C:\Windows\System\zdPVoEq.exe
  2⤵
  PID:1572
- C:\Windows\System\TuKMMjT.exe
  C:\Windows\System\TuKMMjT.exe
  2⤵
  PID:236
- C:\Windows\System\WRozpYg.exe
  C:\Windows\System\WRozpYg.exe
  2⤵
  PID:2084
- C:\Windows\System\gfQMuuT.exe
  C:\Windows\System\gfQMuuT.exe
  2⤵
  PID:2680
- C:\Windows\System\uhJyTIR.exe
  C:\Windows\System\uhJyTIR.exe
  2⤵
  PID:1068
- C:\Windows\System\ypDBnoy.exe
  C:\Windows\System\ypDBnoy.exe
  2⤵
  PID:1240
- C:\Windows\System\qrXUhrd.exe
  C:\Windows\System\qrXUhrd.exe
  2⤵
  PID:1088
- C:\Windows\System\dCLNqnt.exe
  C:\Windows\System\dCLNqnt.exe
  2⤵
  PID:2492
- C:\Windows\System\kLXtOWs.exe
  C:\Windows\System\kLXtOWs.exe
  2⤵
  PID:1636
- C:\Windows\System\eJNTrme.exe
  C:\Windows\System\eJNTrme.exe
  2⤵
  PID:1120
- C:\Windows\System\psLdWsa.exe
  C:\Windows\System\psLdWsa.exe
  2⤵
  PID:1616
- C:\Windows\System\TmdRcZj.exe
  C:\Windows\System\TmdRcZj.exe
  2⤵
  PID:1104
- C:\Windows\System\zgoyMAo.exe
  C:\Windows\System\zgoyMAo.exe
  2⤵
  PID:1716
- C:\Windows\System\CcRXgWU.exe
  C:\Windows\System\CcRXgWU.exe
  2⤵
  PID:2904
- C:\Windows\System\gCVzXvN.exe
  C:\Windows\System\gCVzXvN.exe
  2⤵
  PID:2064
- C:\Windows\System\hrGfGZD.exe
  C:\Windows\System\hrGfGZD.exe
  2⤵
  PID:2788
- C:\Windows\System\kGPIUPk.exe
  C:\Windows\System\kGPIUPk.exe
  2⤵
  PID:2696
- C:\Windows\System\JiCHGbU.exe
  C:\Windows\System\JiCHGbU.exe
  2⤵
  PID:2236
- C:\Windows\System\enOkfJu.exe
  C:\Windows\System\enOkfJu.exe
  2⤵
  PID:2752
- C:\Windows\System\OtkXkIf.exe
  C:\Windows\System\OtkXkIf.exe
  2⤵
  PID:2256
- C:\Windows\System\duegTss.exe
  C:\Windows\System\duegTss.exe
  2⤵
  PID:1992
- C:\Windows\System\nowZVOS.exe
  C:\Windows\System\nowZVOS.exe
  2⤵
  PID:1380
- C:\Windows\System\YSNywGt.exe
  C:\Windows\System\YSNywGt.exe
  2⤵
  PID:2012
- C:\Windows\System\mqHiYXA.exe
  C:\Windows\System\mqHiYXA.exe
  2⤵
  PID:1108
- C:\Windows\System\LGSyLSe.exe
  C:\Windows\System\LGSyLSe.exe
  2⤵
  PID:2564
- C:\Windows\System\ghrNsbC.exe
  C:\Windows\System\ghrNsbC.exe
  2⤵
  PID:1388
- C:\Windows\System\BbqnWIw.exe
  C:\Windows\System\BbqnWIw.exe
  2⤵
  PID:1652
- C:\Windows\System\VfcZIqx.exe
  C:\Windows\System\VfcZIqx.exe
  2⤵
  PID:2100
- C:\Windows\System\YxteSAJ.exe
  C:\Windows\System\YxteSAJ.exe
  2⤵
  PID:876
- C:\Windows\System\bsaPlqY.exe
  C:\Windows\System\bsaPlqY.exe
  2⤵
  PID:1924
- C:\Windows\System\KjIrmgm.exe
  C:\Windows\System\KjIrmgm.exe
  2⤵
  PID:1644
- C:\Windows\System\Guotbjv.exe
  C:\Windows\System\Guotbjv.exe
  2⤵
  PID:1852
- C:\Windows\System\BqBeOjU.exe
  C:\Windows\System\BqBeOjU.exe
  2⤵
  PID:2356
- C:\Windows\System\zCjiyzK.exe
  C:\Windows\System\zCjiyzK.exe
  2⤵
  PID:1740
- C:\Windows\System\FGRvaVh.exe
  C:\Windows\System\FGRvaVh.exe
  2⤵
  PID:2188
- C:\Windows\System\gHlRbpf.exe
  C:\Windows\System\gHlRbpf.exe
  2⤵
  PID:2176
- C:\Windows\System\rIBvNAs.exe
  C:\Windows\System\rIBvNAs.exe
  2⤵
  PID:2144
- C:\Windows\System\cpTGeYn.exe
  C:\Windows\System\cpTGeYn.exe
  2⤵
  PID:2252
- C:\Windows\System\oGxzCMb.exe
  C:\Windows\System\oGxzCMb.exe
  2⤵
  PID:1760
- C:\Windows\System\Qnfgqhj.exe
  C:\Windows\System\Qnfgqhj.exe
  2⤵
  PID:3080
- C:\Windows\System\whFSZhz.exe
  C:\Windows\System\whFSZhz.exe
  2⤵
  PID:3096
- C:\Windows\System\MMfuIvl.exe
  C:\Windows\System\MMfuIvl.exe
  2⤵
  PID:3112
- C:\Windows\System\jwEvmco.exe
  C:\Windows\System\jwEvmco.exe
  2⤵
  PID:3128
- C:\Windows\System\YUENqyp.exe
  C:\Windows\System\YUENqyp.exe
  2⤵
  PID:3144
- C:\Windows\System\RQMsvOZ.exe
  C:\Windows\System\RQMsvOZ.exe
  2⤵
  PID:3164
- C:\Windows\System\EKgxyYk.exe
  C:\Windows\System\EKgxyYk.exe
  2⤵
  PID:3184
- C:\Windows\System\aCCwRXp.exe
  C:\Windows\System\aCCwRXp.exe
  2⤵
  PID:3212
- C:\Windows\System\CFJdfuI.exe
  C:\Windows\System\CFJdfuI.exe
  2⤵
  PID:3240
- C:\Windows\System\CEPUmgM.exe
  C:\Windows\System\CEPUmgM.exe
  2⤵
  PID:3264
- C:\Windows\System\UsYbvNy.exe
  C:\Windows\System\UsYbvNy.exe
  2⤵
  PID:3284
- C:\Windows\System\nngNvpz.exe
  C:\Windows\System\nngNvpz.exe
  2⤵
  PID:3304
- C:\Windows\System\WIsMwuP.exe
  C:\Windows\System\WIsMwuP.exe
  2⤵
  PID:3320
- C:\Windows\System\fTMNltf.exe
  C:\Windows\System\fTMNltf.exe
  2⤵
  PID:3336
- C:\Windows\System\yUcjIGZ.exe
  C:\Windows\System\yUcjIGZ.exe
  2⤵
  PID:3360
- C:\Windows\System\ehFzxxe.exe
  C:\Windows\System\ehFzxxe.exe
  2⤵
  PID:3384
- C:\Windows\System\EpTGvjR.exe
  C:\Windows\System\EpTGvjR.exe
  2⤵
  PID:3404
- C:\Windows\System\hquoFUm.exe
  C:\Windows\System\hquoFUm.exe
  2⤵
  PID:3424
- C:\Windows\System\cTtVnHb.exe
  C:\Windows\System\cTtVnHb.exe
  2⤵
  PID:3444
- C:\Windows\System\zkiSrcT.exe
  C:\Windows\System\zkiSrcT.exe
  2⤵
  PID:3464
- C:\Windows\System\LsjySBp.exe
  C:\Windows\System\LsjySBp.exe
  2⤵
  PID:3484
- C:\Windows\System\YbEKXbo.exe
  C:\Windows\System\YbEKXbo.exe
  2⤵
  PID:3504
- C:\Windows\System\pNxhIOX.exe
  C:\Windows\System\pNxhIOX.exe
  2⤵
  PID:3524
- C:\Windows\System\QdPNVgX.exe
  C:\Windows\System\QdPNVgX.exe
  2⤵
  PID:3544
- C:\Windows\System\WoPyaYE.exe
  C:\Windows\System\WoPyaYE.exe
  2⤵
  PID:3564
- C:\Windows\System\tFrNOEI.exe
  C:\Windows\System\tFrNOEI.exe
  2⤵
  PID:3584
- C:\Windows\System\rLflnLw.exe
  C:\Windows\System\rLflnLw.exe
  2⤵
  PID:3604
- C:\Windows\System\YLuZBgK.exe
  C:\Windows\System\YLuZBgK.exe
  2⤵
  PID:3624
- C:\Windows\System\GMLxaIv.exe
  C:\Windows\System\GMLxaIv.exe
  2⤵
  PID:3644
- C:\Windows\System\plGQPpK.exe
  C:\Windows\System\plGQPpK.exe
  2⤵
  PID:3664
- C:\Windows\System\Qhsymxl.exe
  C:\Windows\System\Qhsymxl.exe
  2⤵
  PID:3684
- C:\Windows\System\AQTQsyB.exe
  C:\Windows\System\AQTQsyB.exe
  2⤵
  PID:3704
- C:\Windows\System\pbXYUyz.exe
  C:\Windows\System\pbXYUyz.exe
  2⤵
  PID:3724
- C:\Windows\System\EDiPtXU.exe
  C:\Windows\System\EDiPtXU.exe
  2⤵
  PID:3744
- C:\Windows\System\CWdOOeE.exe
  C:\Windows\System\CWdOOeE.exe
  2⤵
  PID:3764
- C:\Windows\System\tGJkINS.exe
  C:\Windows\System\tGJkINS.exe
  2⤵
  PID:3788
- C:\Windows\System\dOiUEqn.exe
  C:\Windows\System\dOiUEqn.exe
  2⤵
  PID:3808
- C:\Windows\System\JfqriFp.exe
  C:\Windows\System\JfqriFp.exe
  2⤵
  PID:3828
- C:\Windows\System\gSIoSDe.exe
  C:\Windows\System\gSIoSDe.exe
  2⤵
  PID:3844
- C:\Windows\System\SYdEuub.exe
  C:\Windows\System\SYdEuub.exe
  2⤵
  PID:3860
- C:\Windows\System\sqMsQga.exe
  C:\Windows\System\sqMsQga.exe
  2⤵
  PID:3888
- C:\Windows\System\XYbHLvT.exe
  C:\Windows\System\XYbHLvT.exe
  2⤵
  PID:3908
- C:\Windows\System\dVvWelh.exe
  C:\Windows\System\dVvWelh.exe
  2⤵
  PID:3928
- C:\Windows\System\VWMCxpt.exe
  C:\Windows\System\VWMCxpt.exe
  2⤵
  PID:3948
- C:\Windows\System\BSWmYBu.exe
  C:\Windows\System\BSWmYBu.exe
  2⤵
  PID:3968
- C:\Windows\System\oAJSjVx.exe
  C:\Windows\System\oAJSjVx.exe
  2⤵
  PID:3984
- C:\Windows\System\DTSveQP.exe
  C:\Windows\System\DTSveQP.exe
  2⤵
  PID:4004
- C:\Windows\System\QVDRyUz.exe
  C:\Windows\System\QVDRyUz.exe
  2⤵
  PID:4020
- C:\Windows\System\Sheibru.exe
  C:\Windows\System\Sheibru.exe
  2⤵
  PID:4040
- C:\Windows\System\vaonDXJ.exe
  C:\Windows\System\vaonDXJ.exe
  2⤵
  PID:4056
- C:\Windows\System\uSYBMma.exe
  C:\Windows\System\uSYBMma.exe
  2⤵
  PID:4080
- C:\Windows\System\LchCjNZ.exe
  C:\Windows\System\LchCjNZ.exe
  2⤵
  PID:860
- C:\Windows\System\zkrCbAb.exe
  C:\Windows\System\zkrCbAb.exe
  2⤵
  PID:1840
- C:\Windows\System\QJdPWNY.exe
  C:\Windows\System\QJdPWNY.exe
  2⤵
  PID:1956
- C:\Windows\System\YxzCTVl.exe
  C:\Windows\System\YxzCTVl.exe
  2⤵
  PID:2720
- C:\Windows\System\PLuMxmb.exe
  C:\Windows\System\PLuMxmb.exe
  2⤵
  PID:2132
- C:\Windows\System\NHRfdnu.exe
  C:\Windows\System\NHRfdnu.exe
  2⤵
  PID:2768
- C:\Windows\System\DbjkMVS.exe
  C:\Windows\System\DbjkMVS.exe
  2⤵
  PID:2096
- C:\Windows\System\aqBUMQt.exe
  C:\Windows\System\aqBUMQt.exe
  2⤵
  PID:892
- C:\Windows\System\DQmWvCC.exe
  C:\Windows\System\DQmWvCC.exe
  2⤵
  PID:2732
- C:\Windows\System\BDMBWbr.exe
  C:\Windows\System\BDMBWbr.exe
  2⤵
  PID:3120
- C:\Windows\System\QdNnbbR.exe
  C:\Windows\System\QdNnbbR.exe
  2⤵
  PID:1076
- C:\Windows\System\hcpSvZk.exe
  C:\Windows\System\hcpSvZk.exe
  2⤵
  PID:3204
- C:\Windows\System\NTqbEjN.exe
  C:\Windows\System\NTqbEjN.exe
  2⤵
  PID:3108
- C:\Windows\System\TrbuIUc.exe
  C:\Windows\System\TrbuIUc.exe
  2⤵
  PID:3176
- C:\Windows\System\WrcfHOV.exe
  C:\Windows\System\WrcfHOV.exe
  2⤵
  PID:3252
- C:\Windows\System\wKjblRw.exe
  C:\Windows\System\wKjblRw.exe
  2⤵
  PID:3272
- C:\Windows\System\xGqMXYN.exe
  C:\Windows\System\xGqMXYN.exe
  2⤵
  PID:3300
- C:\Windows\System\GZKaaFE.exe
  C:\Windows\System\GZKaaFE.exe
  2⤵
  PID:3376
- C:\Windows\System\JnnCBUE.exe
  C:\Windows\System\JnnCBUE.exe
  2⤵
  PID:3344
- C:\Windows\System\ioUkpzq.exe
  C:\Windows\System\ioUkpzq.exe
  2⤵
  PID:3416
- C:\Windows\System\hOJKOcn.exe
  C:\Windows\System\hOJKOcn.exe
  2⤵
  PID:3432
- C:\Windows\System\mWLpKAQ.exe
  C:\Windows\System\mWLpKAQ.exe
  2⤵
  PID:3440
- C:\Windows\System\BjZNNtm.exe
  C:\Windows\System\BjZNNtm.exe
  2⤵
  PID:3500
- C:\Windows\System\PzKejLV.exe
  C:\Windows\System\PzKejLV.exe
  2⤵
  PID:3512
- C:\Windows\System\JGsPheI.exe
  C:\Windows\System\JGsPheI.exe
  2⤵
  PID:3576
- C:\Windows\System\OAyWjTH.exe
  C:\Windows\System\OAyWjTH.exe
  2⤵
  PID:3652
- C:\Windows\System\TazxHcE.exe
  C:\Windows\System\TazxHcE.exe
  2⤵
  PID:3592
- C:\Windows\System\UlGgLov.exe
  C:\Windows\System\UlGgLov.exe
  2⤵
  PID:3596
- C:\Windows\System\JfIKSoT.exe
  C:\Windows\System\JfIKSoT.exe
  2⤵
  PID:3732
- C:\Windows\System\PorOuoC.exe
  C:\Windows\System\PorOuoC.exe
  2⤵
  PID:3776
- C:\Windows\System\nRwPgMT.exe
  C:\Windows\System\nRwPgMT.exe
  2⤵
  PID:3856
- C:\Windows\System\KpKYpAn.exe
  C:\Windows\System\KpKYpAn.exe
  2⤵
  PID:3716
- C:\Windows\System\jDNYaVG.exe
  C:\Windows\System\jDNYaVG.exe
  2⤵
  PID:3896
- C:\Windows\System\UVMsSla.exe
  C:\Windows\System\UVMsSla.exe
  2⤵
  PID:3936
- C:\Windows\System\jGdGEVF.exe
  C:\Windows\System\jGdGEVF.exe
  2⤵
  PID:3868
- C:\Windows\System\OmghzSc.exe
  C:\Windows\System\OmghzSc.exe
  2⤵
  PID:3872
- C:\Windows\System\CbxgWaA.exe
  C:\Windows\System\CbxgWaA.exe
  2⤵
  PID:4016
- C:\Windows\System\WmUOaub.exe
  C:\Windows\System\WmUOaub.exe
  2⤵
  PID:4088
- C:\Windows\System\TnonwWR.exe
  C:\Windows\System\TnonwWR.exe
  2⤵
  PID:3924
- C:\Windows\System\hyreBZS.exe
  C:\Windows\System\hyreBZS.exe
  2⤵
  PID:3960
- C:\Windows\System\CdAxqnz.exe
  C:\Windows\System\CdAxqnz.exe
  2⤵
  PID:3996
- C:\Windows\System\gvecTmJ.exe
  C:\Windows\System\gvecTmJ.exe
  2⤵
  PID:2672
- C:\Windows\System\DtNmfuA.exe
  C:\Windows\System\DtNmfuA.exe
  2⤵
  PID:4068
- C:\Windows\System\LveqSFH.exe
  C:\Windows\System\LveqSFH.exe
  2⤵
  PID:3076
- C:\Windows\System\EhynGbW.exe
  C:\Windows\System\EhynGbW.exe
  2⤵
  PID:524
- C:\Windows\System\WLkniiK.exe
  C:\Windows\System\WLkniiK.exe
  2⤵
  PID:3256
- C:\Windows\System\EPeXyQy.exe
  C:\Windows\System\EPeXyQy.exe
  2⤵
  PID:3296
- C:\Windows\System\bRgQdfs.exe
  C:\Windows\System\bRgQdfs.exe
  2⤵
  PID:1584
- C:\Windows\System\VajwEoR.exe
  C:\Windows\System\VajwEoR.exe
  2⤵
  PID:1372
- C:\Windows\System\rwnGhGl.exe
  C:\Windows\System\rwnGhGl.exe
  2⤵
  PID:2980
- C:\Windows\System\EMvUrcL.exe
  C:\Windows\System\EMvUrcL.exe
  2⤵
  PID:3660
- C:\Windows\System\uIjgKcQ.exe
  C:\Windows\System\uIjgKcQ.exe
  2⤵
  PID:3636
- C:\Windows\System\yxjoQxJ.exe
  C:\Windows\System\yxjoQxJ.exe
  2⤵
  PID:3820
- C:\Windows\System\hoNuNdW.exe
  C:\Windows\System\hoNuNdW.exe
  2⤵
  PID:3980
- C:\Windows\System\KrbpTdl.exe
  C:\Windows\System\KrbpTdl.exe
  2⤵
  PID:3192
- C:\Windows\System\bYmUlUH.exe
  C:\Windows\System\bYmUlUH.exe
  2⤵
  PID:2676
- C:\Windows\System\IFWZTMa.exe
  C:\Windows\System\IFWZTMa.exe
  2⤵
  PID:3992
- C:\Windows\System\SdEcNCb.exe
  C:\Windows\System\SdEcNCb.exe
  2⤵
  PID:3368
- C:\Windows\System\pVTkSSW.exe
  C:\Windows\System\pVTkSSW.exe
  2⤵
  PID:3352
- C:\Windows\System\rjFDAtq.exe
  C:\Windows\System\rjFDAtq.exe
  2⤵
  PID:3460
- C:\Windows\System\qLPnPEK.exe
  C:\Windows\System\qLPnPEK.exe
  2⤵
  PID:3540
- C:\Windows\System\AkMOxdp.exe
  C:\Windows\System\AkMOxdp.exe
  2⤵
  PID:3852
- C:\Windows\System\SPPRgjo.exe
  C:\Windows\System\SPPRgjo.exe
  2⤵
  PID:3696
- C:\Windows\System\JREiFdb.exe
  C:\Windows\System\JREiFdb.exe
  2⤵
  PID:3712
- C:\Windows\System\FOsrZaV.exe
  C:\Windows\System\FOsrZaV.exe
  2⤵
  PID:2200
- C:\Windows\System\spKaYaD.exe
  C:\Windows\System\spKaYaD.exe
  2⤵
  PID:2440
- C:\Windows\System\mHrfXDw.exe
  C:\Windows\System\mHrfXDw.exe
  2⤵
  PID:4112
- C:\Windows\System\hvkDbbN.exe
  C:\Windows\System\hvkDbbN.exe
  2⤵
  PID:4132
- C:\Windows\System\SNvlAKl.exe
  C:\Windows\System\SNvlAKl.exe
  2⤵
  PID:4152
- C:\Windows\System\teMIegR.exe
  C:\Windows\System\teMIegR.exe
  2⤵
  PID:4168
- C:\Windows\System\NhebIdu.exe
  C:\Windows\System\NhebIdu.exe
  2⤵
  PID:4192
- C:\Windows\System\rlCtyKR.exe
  C:\Windows\System\rlCtyKR.exe
  2⤵
  PID:4208
- C:\Windows\System\wWezpXu.exe
  C:\Windows\System\wWezpXu.exe
  2⤵
  PID:4224
- C:\Windows\System\AoMvlIf.exe
  C:\Windows\System\AoMvlIf.exe
  2⤵
  PID:4248
- C:\Windows\System\yKoHoCs.exe
  C:\Windows\System\yKoHoCs.exe
  2⤵
  PID:4268
- C:\Windows\System\lEjxStv.exe
  C:\Windows\System\lEjxStv.exe
  2⤵
  PID:4288
- C:\Windows\System\UkSemMM.exe
  C:\Windows\System\UkSemMM.exe
  2⤵
  PID:4308
- C:\Windows\System\LXSiVdN.exe
  C:\Windows\System\LXSiVdN.exe
  2⤵
  PID:4324
- C:\Windows\System\DGQmLDt.exe
  C:\Windows\System\DGQmLDt.exe
  2⤵
  PID:4348
- C:\Windows\System\zzyrVxo.exe
  C:\Windows\System\zzyrVxo.exe
  2⤵
  PID:4376
- C:\Windows\System\rQpEukR.exe
  C:\Windows\System\rQpEukR.exe
  2⤵
  PID:4396
- C:\Windows\System\sQeENfR.exe
  C:\Windows\System\sQeENfR.exe
  2⤵
  PID:4416
- C:\Windows\System\LcFfKzU.exe
  C:\Windows\System\LcFfKzU.exe
  2⤵
  PID:4436
- C:\Windows\System\gnGwWJr.exe
  C:\Windows\System\gnGwWJr.exe
  2⤵
  PID:4452
- C:\Windows\System\pRLZyyy.exe
  C:\Windows\System\pRLZyyy.exe
  2⤵
  PID:4472
- C:\Windows\System\otXFdbB.exe
  C:\Windows\System\otXFdbB.exe
  2⤵
  PID:4492
- C:\Windows\System\ImYsKdT.exe
  C:\Windows\System\ImYsKdT.exe
  2⤵
  PID:4508
- C:\Windows\System\wQDcKrB.exe
  C:\Windows\System\wQDcKrB.exe
  2⤵
  PID:4528
- C:\Windows\System\EzJstad.exe
  C:\Windows\System\EzJstad.exe
  2⤵
  PID:4544
- C:\Windows\System\SNsbDSO.exe
  C:\Windows\System\SNsbDSO.exe
  2⤵
  PID:4568
- C:\Windows\System\RdMNwMJ.exe
  C:\Windows\System\RdMNwMJ.exe
  2⤵
  PID:4588
- C:\Windows\System\SfODZkU.exe
  C:\Windows\System\SfODZkU.exe
  2⤵
  PID:4604
- C:\Windows\System\SMdNbwM.exe
  C:\Windows\System\SMdNbwM.exe
  2⤵
  PID:4620
- C:\Windows\System\ojyCguX.exe
  C:\Windows\System\ojyCguX.exe
  2⤵
  PID:4644
- C:\Windows\System\UIctUrH.exe
  C:\Windows\System\UIctUrH.exe
  2⤵
  PID:4660
- C:\Windows\System\eGxjTFY.exe
  C:\Windows\System\eGxjTFY.exe
  2⤵
  PID:4684
- C:\Windows\System\CYVAMxQ.exe
  C:\Windows\System\CYVAMxQ.exe
  2⤵
  PID:4704
- C:\Windows\System\NPRAEZO.exe
  C:\Windows\System\NPRAEZO.exe
  2⤵
  PID:4720
- C:\Windows\System\nkNyQfD.exe
  C:\Windows\System\nkNyQfD.exe
  2⤵
  PID:4756
- C:\Windows\System\PsPPrGb.exe
  C:\Windows\System\PsPPrGb.exe
  2⤵
  PID:4776
- C:\Windows\System\CjJnWUy.exe
  C:\Windows\System\CjJnWUy.exe
  2⤵
  PID:4796
- C:\Windows\System\TLXypmW.exe
  C:\Windows\System\TLXypmW.exe
  2⤵
  PID:4812
- C:\Windows\System\kmNrdst.exe
  C:\Windows\System\kmNrdst.exe
  2⤵
  PID:4828
- C:\Windows\System\QtxIXIM.exe
  C:\Windows\System\QtxIXIM.exe
  2⤵
  PID:4856
- C:\Windows\System\rowXBly.exe
  C:\Windows\System\rowXBly.exe
  2⤵
  PID:4872
- C:\Windows\System\WCJZFel.exe
  C:\Windows\System\WCJZFel.exe
  2⤵
  PID:4892
- C:\Windows\System\KvaNCYD.exe
  C:\Windows\System\KvaNCYD.exe
  2⤵
  PID:4916
- C:\Windows\System\sGcnjgb.exe
  C:\Windows\System\sGcnjgb.exe
  2⤵
  PID:4936
- C:\Windows\System\RyTnIET.exe
  C:\Windows\System\RyTnIET.exe
  2⤵
  PID:4960
- C:\Windows\System\BnRKbvd.exe
  C:\Windows\System\BnRKbvd.exe
  2⤵
  PID:4976
- C:\Windows\System\TVTFFMw.exe
  C:\Windows\System\TVTFFMw.exe
  2⤵
  PID:5000
- C:\Windows\System\bEOzzdw.exe
  C:\Windows\System\bEOzzdw.exe
  2⤵
  PID:5020
- C:\Windows\System\ZDKXCbq.exe
  C:\Windows\System\ZDKXCbq.exe
  2⤵
  PID:5040
- C:\Windows\System\pTQOESN.exe
  C:\Windows\System\pTQOESN.exe
  2⤵
  PID:5056
- C:\Windows\System\NhqulXV.exe
  C:\Windows\System\NhqulXV.exe
  2⤵
  PID:5080
- C:\Windows\System\MwiporY.exe
  C:\Windows\System\MwiporY.exe
  2⤵
  PID:5100
- C:\Windows\System\rRkyvOk.exe
  C:\Windows\System\rRkyvOk.exe
  2⤵
  PID:3492
- C:\Windows\System\rlhYqfT.exe
  C:\Windows\System\rlhYqfT.exe
  2⤵
  PID:3880
- C:\Windows\System\JbsppPt.exe
  C:\Windows\System\JbsppPt.exe
  2⤵
  PID:3556
- C:\Windows\System\ftsfYIN.exe
  C:\Windows\System\ftsfYIN.exe
  2⤵
  PID:3276
- C:\Windows\System\OGOzgaF.exe
  C:\Windows\System\OGOzgaF.exe
  2⤵
  PID:4076
- C:\Windows\System\cBDksZv.exe
  C:\Windows\System\cBDksZv.exe
  2⤵
  PID:4048
- C:\Windows\System\fGraJxb.exe
  C:\Windows\System\fGraJxb.exe
  2⤵
  PID:4092
- C:\Windows\System\nMoJIBU.exe
  C:\Windows\System\nMoJIBU.exe
  2⤵
  PID:4064
- C:\Windows\System\iUuScJt.exe
  C:\Windows\System\iUuScJt.exe
  2⤵
  PID:3532
- C:\Windows\System\szUmLXt.exe
  C:\Windows\System\szUmLXt.exe
  2⤵
  PID:3232
- C:\Windows\System\JJPCvaJ.exe
  C:\Windows\System\JJPCvaJ.exe
  2⤵
  PID:3804
- C:\Windows\System\xIzbZlA.exe
  C:\Windows\System\xIzbZlA.exe
  2⤵
  PID:2812
- C:\Windows\System\yJYuRJU.exe
  C:\Windows\System\yJYuRJU.exe
  2⤵
  PID:3572
- C:\Windows\System\QvyTuDT.exe
  C:\Windows\System\QvyTuDT.exe
  2⤵
  PID:3784
- C:\Windows\System\RkkLHmI.exe
  C:\Windows\System\RkkLHmI.exe
  2⤵
  PID:3156
- C:\Windows\System\NyWuUMc.exe
  C:\Windows\System\NyWuUMc.exe
  2⤵
  PID:4176
- C:\Windows\System\eXiiePz.exe
  C:\Windows\System\eXiiePz.exe
  2⤵
  PID:4216
- C:\Windows\System\jJauzDB.exe
  C:\Windows\System\jJauzDB.exe
  2⤵
  PID:4264
- C:\Windows\System\aZFwNUV.exe
  C:\Windows\System\aZFwNUV.exe
  2⤵
  PID:4160
- C:\Windows\System\dnezsBC.exe
  C:\Windows\System\dnezsBC.exe
  2⤵
  PID:4344
- C:\Windows\System\ZqcqtOd.exe
  C:\Windows\System\ZqcqtOd.exe
  2⤵
  PID:4384
- C:\Windows\System\EKQPrMA.exe
  C:\Windows\System\EKQPrMA.exe
  2⤵
  PID:4428
- C:\Windows\System\KHJTlnG.exe
  C:\Windows\System\KHJTlnG.exe
  2⤵
  PID:4232
- C:\Windows\System\FZZKiwM.exe
  C:\Windows\System\FZZKiwM.exe
  2⤵
  PID:4504
- C:\Windows\System\jfZGgGw.exe
  C:\Windows\System\jfZGgGw.exe
  2⤵
  PID:4536
- C:\Windows\System\FCYlGjz.exe
  C:\Windows\System\FCYlGjz.exe
  2⤵
  PID:4372
- C:\Windows\System\YiVwwGD.exe
  C:\Windows\System\YiVwwGD.exe
  2⤵
  PID:4612
- C:\Windows\System\rIzMFqM.exe
  C:\Windows\System\rIzMFqM.exe
  2⤵
  PID:4616
- C:\Windows\System\EvYxzSr.exe
  C:\Windows\System\EvYxzSr.exe
  2⤵
  PID:4484
- C:\Windows\System\anyddTh.exe
  C:\Windows\System\anyddTh.exe
  2⤵
  PID:4560
- C:\Windows\System\LwChbgh.exe
  C:\Windows\System\LwChbgh.exe
  2⤵
  PID:4732
- C:\Windows\System\SrQbNCa.exe
  C:\Windows\System\SrQbNCa.exe
  2⤵
  PID:4640
- C:\Windows\System\rSTxqFN.exe
  C:\Windows\System\rSTxqFN.exe
  2⤵
  PID:4600
- C:\Windows\System\fMKVMYm.exe
  C:\Windows\System\fMKVMYm.exe
  2⤵
  PID:4632
- C:\Windows\System\STkhNsX.exe
  C:\Windows\System\STkhNsX.exe
  2⤵
  PID:4792
- C:\Windows\System\veiPULe.exe
  C:\Windows\System\veiPULe.exe
  2⤵
  PID:4764
- C:\Windows\System\qkfyeuQ.exe
  C:\Windows\System\qkfyeuQ.exe
  2⤵
  PID:4804
- C:\Windows\System\VoPChNs.exe
  C:\Windows\System\VoPChNs.exe
  2⤵
  PID:4836
- C:\Windows\System\wvkaNpP.exe
  C:\Windows\System\wvkaNpP.exe
  2⤵
  PID:4956
- C:\Windows\System\AfJhoMf.exe
  C:\Windows\System\AfJhoMf.exe
  2⤵
  PID:4880
- C:\Windows\System\BdBYkRe.exe
  C:\Windows\System\BdBYkRe.exe
  2⤵
  PID:4992
- C:\Windows\System\CsIWahd.exe
  C:\Windows\System\CsIWahd.exe
  2⤵
  PID:4972
- C:\Windows\System\pdctNGx.exe
  C:\Windows\System\pdctNGx.exe
  2⤵
  PID:5076
- C:\Windows\System\HqbqNYS.exe
  C:\Windows\System\HqbqNYS.exe
  2⤵
  PID:5016
- C:\Windows\System\eZaGaMc.exe
  C:\Windows\System\eZaGaMc.exe
  2⤵
  PID:2968
- C:\Windows\System\adfuXDV.exe
  C:\Windows\System\adfuXDV.exe
  2⤵
  PID:5088
- C:\Windows\System\llLfkry.exe
  C:\Windows\System\llLfkry.exe
  2⤵
  PID:5092
- C:\Windows\System\PorIlht.exe
  C:\Windows\System\PorIlht.exe
  2⤵
  PID:3900
- C:\Windows\System\HzYKuIF.exe
  C:\Windows\System\HzYKuIF.exe
  2⤵
  PID:4140
- C:\Windows\System\FgAizri.exe
  C:\Windows\System\FgAizri.exe
  2⤵
  PID:4144
- C:\Windows\System\CGCaPtX.exe
  C:\Windows\System\CGCaPtX.exe
  2⤵
  PID:4124
- C:\Windows\System\lLeetrL.exe
  C:\Windows\System\lLeetrL.exe
  2⤵
  PID:4052
- C:\Windows\System\wNjHumD.exe
  C:\Windows\System\wNjHumD.exe
  2⤵
  PID:4028
- C:\Windows\System\rbShSaQ.exe
  C:\Windows\System\rbShSaQ.exe
  2⤵
  PID:2620
- C:\Windows\System\uZDTcXC.exe
  C:\Windows\System\uZDTcXC.exe
  2⤵
  PID:4468
- C:\Windows\System\aSLrnPa.exe
  C:\Windows\System\aSLrnPa.exe
  2⤵
  PID:4108
- C:\Windows\System\chXDmTR.exe
  C:\Windows\System\chXDmTR.exe
  2⤵
  PID:4280
- C:\Windows\System\axYtAJV.exe
  C:\Windows\System\axYtAJV.exe
  2⤵
  PID:4584
- C:\Windows\System\KEsOJQg.exe
  C:\Windows\System\KEsOJQg.exe
  2⤵
  PID:4480
- C:\Windows\System\vWfeZgV.exe
  C:\Windows\System\vWfeZgV.exe
  2⤵
  PID:4500
- C:\Windows\System\AZOoddi.exe
  C:\Windows\System\AZOoddi.exe
  2⤵
  PID:4728
- C:\Windows\System\LvmAFMB.exe
  C:\Windows\System\LvmAFMB.exe
  2⤵
  PID:4412
- C:\Windows\System\kxoTugY.exe
  C:\Windows\System\kxoTugY.exe
  2⤵
  PID:4244
- C:\Windows\System\lkCxLaq.exe
  C:\Windows\System\lkCxLaq.exe
  2⤵
  PID:4516
- C:\Windows\System\dUHvUws.exe
  C:\Windows\System\dUHvUws.exe
  2⤵
  PID:4552
- C:\Windows\System\Tlbimqk.exe
  C:\Windows\System\Tlbimqk.exe
  2⤵
  PID:4952
- C:\Windows\System\HcCnRoY.exe
  C:\Windows\System\HcCnRoY.exe
  2⤵
  PID:4924
- C:\Windows\System\wqptaJg.exe
  C:\Windows\System\wqptaJg.exe
  2⤵
  PID:4824
- C:\Windows\System\MEdTyno.exe
  C:\Windows\System\MEdTyno.exe
  2⤵
  PID:4912
- C:\Windows\System\BuiGdIa.exe
  C:\Windows\System\BuiGdIa.exe
  2⤵
  PID:2992
- C:\Windows\System\jJOgLEu.exe
  C:\Windows\System\jJOgLEu.exe
  2⤵
  PID:1540
- C:\Windows\System\PuwWeBx.exe
  C:\Windows\System\PuwWeBx.exe
  2⤵
  PID:4988
- C:\Windows\System\jYwhwih.exe
  C:\Windows\System\jYwhwih.exe
  2⤵
  PID:5008
- C:\Windows\System\pkSetuV.exe
  C:\Windows\System\pkSetuV.exe
  2⤵
  PID:2644
- C:\Windows\System\cUPRHoU.exe
  C:\Windows\System\cUPRHoU.exe
  2⤵
  PID:3224
- C:\Windows\System\kqcIUbu.exe
  C:\Windows\System\kqcIUbu.exe
  2⤵
  PID:1092
- C:\Windows\System\AZFojgK.exe
  C:\Windows\System\AZFojgK.exe
  2⤵
  PID:2196
- C:\Windows\System\RaCWKIM.exe
  C:\Windows\System\RaCWKIM.exe
  2⤵
  PID:4120
- C:\Windows\System\CpckTaZ.exe
  C:\Windows\System\CpckTaZ.exe
  2⤵
  PID:2876
- C:\Windows\System\ZuckCFt.exe
  C:\Windows\System\ZuckCFt.exe
  2⤵
  PID:3420
- C:\Windows\System\ARFDrWm.exe
  C:\Windows\System\ARFDrWm.exe
  2⤵
  PID:4284
- C:\Windows\System\WvjUneO.exe
  C:\Windows\System\WvjUneO.exe
  2⤵
  PID:4556
- C:\Windows\System\jtFMoXT.exe
  C:\Windows\System\jtFMoXT.exe
  2⤵
  PID:4520
- C:\Windows\System\oBIseqX.exe
  C:\Windows\System\oBIseqX.exe
  2⤵
  PID:4864
- C:\Windows\System\CMWzLVa.exe
  C:\Windows\System\CMWzLVa.exe
  2⤵
  PID:4744
- C:\Windows\System\DJAOWYt.exe
  C:\Windows\System\DJAOWYt.exe
  2⤵
  PID:4928
- C:\Windows\System\HiBbpBi.exe
  C:\Windows\System\HiBbpBi.exe
  2⤵
  PID:4808
- C:\Windows\System\YsRYASd.exe
  C:\Windows\System\YsRYASd.exe
  2⤵
  PID:3944
- C:\Windows\System\Raqyiho.exe
  C:\Windows\System\Raqyiho.exe
  2⤵
  PID:3172
- C:\Windows\System\QswsnFp.exe
  C:\Windows\System\QswsnFp.exe
  2⤵
  PID:5124
- C:\Windows\System\pPqLvRQ.exe
  C:\Windows\System\pPqLvRQ.exe
  2⤵
  PID:5144
- C:\Windows\System\AzjFRMl.exe
  C:\Windows\System\AzjFRMl.exe
  2⤵
  PID:5164
- C:\Windows\System\hgYNJEw.exe
  C:\Windows\System\hgYNJEw.exe
  2⤵
  PID:5180
- C:\Windows\System\PMKkOjA.exe
  C:\Windows\System\PMKkOjA.exe
  2⤵
  PID:5200
- C:\Windows\System\MrBCwlO.exe
  C:\Windows\System\MrBCwlO.exe
  2⤵
  PID:5224
- C:\Windows\System\XQWstGE.exe
  C:\Windows\System\XQWstGE.exe
  2⤵
  PID:5244
- C:\Windows\System\iLCAGuB.exe
  C:\Windows\System\iLCAGuB.exe
  2⤵
  PID:5264
- C:\Windows\System\oRfxKmv.exe
  C:\Windows\System\oRfxKmv.exe
  2⤵
  PID:5280
- C:\Windows\System\EZEctWl.exe
  C:\Windows\System\EZEctWl.exe
  2⤵
  PID:5304
- C:\Windows\System\XaQKPhc.exe
  C:\Windows\System\XaQKPhc.exe
  2⤵
  PID:5324
- C:\Windows\System\oyNnhAt.exe
  C:\Windows\System\oyNnhAt.exe
  2⤵
  PID:5348
- C:\Windows\System\EbzvwwY.exe
  C:\Windows\System\EbzvwwY.exe
  2⤵
  PID:5372
- C:\Windows\System\ZIeOFXy.exe
  C:\Windows\System\ZIeOFXy.exe
  2⤵
  PID:5392
- C:\Windows\System\lUOsQDd.exe
  C:\Windows\System\lUOsQDd.exe
  2⤵
  PID:5408
- C:\Windows\System\VwUfdQs.exe
  C:\Windows\System\VwUfdQs.exe
  2⤵
  PID:5432
- C:\Windows\System\OVQKcJc.exe
  C:\Windows\System\OVQKcJc.exe
  2⤵
  PID:5452
- C:\Windows\System\uCYnBzC.exe
  C:\Windows\System\uCYnBzC.exe
  2⤵
  PID:5472
- C:\Windows\System\iWPBbJg.exe
  C:\Windows\System\iWPBbJg.exe
  2⤵
  PID:5492
- C:\Windows\System\ckTbvqe.exe
  C:\Windows\System\ckTbvqe.exe
  2⤵
  PID:5508
- C:\Windows\System\apmDcNy.exe
  C:\Windows\System\apmDcNy.exe
  2⤵
  PID:5528
- C:\Windows\System\tlYDwzG.exe
  C:\Windows\System\tlYDwzG.exe
  2⤵
  PID:5552
- C:\Windows\System\XIcGYHR.exe
  C:\Windows\System\XIcGYHR.exe
  2⤵
  PID:5572
- C:\Windows\System\yttViJk.exe
  C:\Windows\System\yttViJk.exe
  2⤵
  PID:5592
- C:\Windows\System\CrwyptX.exe
  C:\Windows\System\CrwyptX.exe
  2⤵
  PID:5608
- C:\Windows\System\KrNSrVU.exe
  C:\Windows\System\KrNSrVU.exe
  2⤵
  PID:5624
- C:\Windows\System\zctjWwy.exe
  C:\Windows\System\zctjWwy.exe
  2⤵
  PID:5652
- C:\Windows\System\AHgeozY.exe
  C:\Windows\System\AHgeozY.exe
  2⤵
  PID:5668
- C:\Windows\System\AlzKTFK.exe
  C:\Windows\System\AlzKTFK.exe
  2⤵
  PID:5688
- C:\Windows\System\QOOpjUu.exe
  C:\Windows\System\QOOpjUu.exe
  2⤵
  PID:5704
- C:\Windows\System\XbGhkQg.exe
  C:\Windows\System\XbGhkQg.exe
  2⤵
  PID:5732
- C:\Windows\System\UXtHbuY.exe
  C:\Windows\System\UXtHbuY.exe
  2⤵
  PID:5752
- C:\Windows\System\UDOxkIS.exe
  C:\Windows\System\UDOxkIS.exe
  2⤵
  PID:5768
- C:\Windows\System\hQhMqGW.exe
  C:\Windows\System\hQhMqGW.exe
  2⤵
  PID:5792
- C:\Windows\System\WbSlyEy.exe
  C:\Windows\System\WbSlyEy.exe
  2⤵
  PID:5808
- C:\Windows\System\XQarKuY.exe
  C:\Windows\System\XQarKuY.exe
  2⤵
  PID:5828
- C:\Windows\System\MBBsDia.exe
  C:\Windows\System\MBBsDia.exe
  2⤵
  PID:5852
- C:\Windows\System\cUBhKKk.exe
  C:\Windows\System\cUBhKKk.exe
  2⤵
  PID:5872
- C:\Windows\System\qOTfovo.exe
  C:\Windows\System\qOTfovo.exe
  2⤵
  PID:5892
- C:\Windows\System\GXxciLx.exe
  C:\Windows\System\GXxciLx.exe
  2⤵
  PID:5908
- C:\Windows\System\NUEkveq.exe
  C:\Windows\System\NUEkveq.exe
  2⤵
  PID:5932
- C:\Windows\System\puVTaAy.exe
  C:\Windows\System\puVTaAy.exe
  2⤵
  PID:5952
- C:\Windows\System\riQYVvU.exe
  C:\Windows\System\riQYVvU.exe
  2⤵
  PID:5976
- C:\Windows\System\RLGJyvp.exe
  C:\Windows\System\RLGJyvp.exe
  2⤵
  PID:6000
- C:\Windows\System\OIyezhU.exe
  C:\Windows\System\OIyezhU.exe
  2⤵
  PID:6020
- C:\Windows\System\hAYHCtJ.exe
  C:\Windows\System\hAYHCtJ.exe
  2⤵
  PID:6040
- C:\Windows\System\mtFcafk.exe
  C:\Windows\System\mtFcafk.exe
  2⤵
  PID:6056
- C:\Windows\System\qbsYpZW.exe
  C:\Windows\System\qbsYpZW.exe
  2⤵
  PID:6080
- C:\Windows\System\bYIbajF.exe
  C:\Windows\System\bYIbajF.exe
  2⤵
  PID:6100
- C:\Windows\System\PIfSNRC.exe
  C:\Windows\System\PIfSNRC.exe
  2⤵
  PID:6120
- C:\Windows\System\YbcpASk.exe
  C:\Windows\System\YbcpASk.exe
  2⤵
  PID:6140
- C:\Windows\System\gmWzGmS.exe
  C:\Windows\System\gmWzGmS.exe
  2⤵
  PID:4460
- C:\Windows\System\JLPIIrZ.exe
  C:\Windows\System\JLPIIrZ.exe
  2⤵
  PID:4032
- C:\Windows\System\dNWVybv.exe
  C:\Windows\System\dNWVybv.exe
  2⤵
  PID:4316
- C:\Windows\System\JfXzrsR.exe
  C:\Windows\System\JfXzrsR.exe
  2⤵
  PID:4696
- C:\Windows\System\cFhVdZa.exe
  C:\Windows\System\cFhVdZa.exe
  2⤵
  PID:4948
- C:\Windows\System\kQffjWb.exe
  C:\Windows\System\kQffjWb.exe
  2⤵
  PID:4692
- C:\Windows\System\IrCZkhn.exe
  C:\Windows\System\IrCZkhn.exe
  2⤵
  PID:5064
- C:\Windows\System\CBVSvHh.exe
  C:\Windows\System\CBVSvHh.exe
  2⤵
  PID:4748
- C:\Windows\System\nutjKrF.exe
  C:\Windows\System\nutjKrF.exe
  2⤵
  PID:3620
- C:\Windows\System\WOqKfiI.exe
  C:\Windows\System\WOqKfiI.exe
  2⤵
  PID:5140
- C:\Windows\System\yUbghAG.exe
  C:\Windows\System\yUbghAG.exe
  2⤵
  PID:2496
- C:\Windows\System\fLExYPY.exe
  C:\Windows\System\fLExYPY.exe
  2⤵
  PID:5216
- C:\Windows\System\kcGyzyF.exe
  C:\Windows\System\kcGyzyF.exe
  2⤵
  PID:5188
- C:\Windows\System\hNjzLRk.exe
  C:\Windows\System\hNjzLRk.exe
  2⤵
  PID:2996
- C:\Windows\System\VmQpPjE.exe
  C:\Windows\System\VmQpPjE.exe
  2⤵
  PID:2924
- C:\Windows\System\wuJakOz.exe
  C:\Windows\System\wuJakOz.exe
  2⤵
  PID:5300
- C:\Windows\System\yewPogs.exe
  C:\Windows\System\yewPogs.exe
  2⤵
  PID:5380
- C:\Windows\System\wmnhhTZ.exe
  C:\Windows\System\wmnhhTZ.exe
  2⤵
  PID:5320
- C:\Windows\System\zangEcg.exe
  C:\Windows\System\zangEcg.exe
  2⤵
  PID:2920
- C:\Windows\System\LfFfeqx.exe
  C:\Windows\System\LfFfeqx.exe
  2⤵
  PID:5360
- C:\Windows\System\sbznVXi.exe
  C:\Windows\System\sbznVXi.exe
  2⤵
  PID:5500
- C:\Windows\System\PWjNsEe.exe
  C:\Windows\System\PWjNsEe.exe
  2⤵
  PID:5548
- C:\Windows\System\BIJdTsG.exe
  C:\Windows\System\BIJdTsG.exe
  2⤵
  PID:5588
- C:\Windows\System\wRVZcMe.exe
  C:\Windows\System\wRVZcMe.exe
  2⤵
  PID:5484
- C:\Windows\System\RWcutyq.exe
  C:\Windows\System\RWcutyq.exe
  2⤵
  PID:5524
- C:\Windows\System\zIkOBRq.exe
  C:\Windows\System\zIkOBRq.exe
  2⤵
  PID:5700
- C:\Windows\System\DETKlnZ.exe
  C:\Windows\System\DETKlnZ.exe
  2⤵
  PID:5744
- C:\Windows\System\eRTRKRm.exe
  C:\Windows\System\eRTRKRm.exe
  2⤵
  PID:5640
- C:\Windows\System\GHSeBrz.exe
  C:\Windows\System\GHSeBrz.exe
  2⤵
  PID:5780
- C:\Windows\System\ApafZuT.exe
  C:\Windows\System\ApafZuT.exe
  2⤵
  PID:5816
- C:\Windows\System\ytxnOMF.exe
  C:\Windows\System\ytxnOMF.exe
  2⤵
  PID:5724
- C:\Windows\System\LkCYcCv.exe
  C:\Windows\System\LkCYcCv.exe
  2⤵
  PID:5760
- C:\Windows\System\zocphro.exe
  C:\Windows\System\zocphro.exe
  2⤵
  PID:5836
- C:\Windows\System\qytePOO.exe
  C:\Windows\System\qytePOO.exe
  2⤵
  PID:5940
- C:\Windows\System\qUkoPRe.exe
  C:\Windows\System\qUkoPRe.exe
  2⤵
  PID:5924
- C:\Windows\System\HuRuKct.exe
  C:\Windows\System\HuRuKct.exe
  2⤵
  PID:5916
- C:\Windows\System\fTdlJnM.exe
  C:\Windows\System\fTdlJnM.exe
  2⤵
  PID:5972
- C:\Windows\System\smvGLgA.exe
  C:\Windows\System\smvGLgA.exe
  2⤵
  PID:6068
- C:\Windows\System\zpENwlI.exe
  C:\Windows\System\zpENwlI.exe
  2⤵
  PID:6012
- C:\Windows\System\wkMRnmf.exe
  C:\Windows\System\wkMRnmf.exe
  2⤵
  PID:6088
- C:\Windows\System\RdZiwCf.exe
  C:\Windows\System\RdZiwCf.exe
  2⤵
  PID:2384
- C:\Windows\System\ggwqTny.exe
  C:\Windows\System\ggwqTny.exe
  2⤵
  PID:6128
- C:\Windows\System\EWEgFmC.exe
  C:\Windows\System\EWEgFmC.exe
  2⤵
  PID:3372
- C:\Windows\System\UVLtGRE.exe
  C:\Windows\System\UVLtGRE.exe
  2⤵
  PID:3412
- C:\Windows\System\aVSTszL.exe
  C:\Windows\System\aVSTszL.exe
  2⤵
  PID:4868
- C:\Windows\System\AzeMIMj.exe
  C:\Windows\System\AzeMIMj.exe
  2⤵
  PID:4700
- C:\Windows\System\ThbVeXn.exe
  C:\Windows\System\ThbVeXn.exe
  2⤵
  PID:3140
- C:\Windows\System\WkUMzaA.exe
  C:\Windows\System\WkUMzaA.exe
  2⤵
  PID:5212
- C:\Windows\System\dAzgASN.exe
  C:\Windows\System\dAzgASN.exe
  2⤵
  PID:5208
- C:\Windows\System\RvVeTWD.exe
  C:\Windows\System\RvVeTWD.exe
  2⤵
  PID:5252
- C:\Windows\System\misfCpg.exe
  C:\Windows\System\misfCpg.exe
  2⤵
  PID:1476
- C:\Windows\System\LVZDjwr.exe
  C:\Windows\System\LVZDjwr.exe
  2⤵
  PID:5384
- C:\Windows\System\oBKyfHO.exe
  C:\Windows\System\oBKyfHO.exe
  2⤵
  PID:5460
- C:\Windows\System\FnfemoF.exe
  C:\Windows\System\FnfemoF.exe
  2⤵
  PID:5364
- C:\Windows\System\qWUpxTm.exe
  C:\Windows\System\qWUpxTm.exe
  2⤵
  PID:5448
- C:\Windows\System\nweXOmw.exe
  C:\Windows\System\nweXOmw.exe
  2⤵
  PID:5520
- C:\Windows\System\mnvtPeE.exe
  C:\Windows\System\mnvtPeE.exe
  2⤵
  PID:5664
- C:\Windows\System\CfzwzSk.exe
  C:\Windows\System\CfzwzSk.exe
  2⤵
  PID:5788
- C:\Windows\System\sKclgno.exe
  C:\Windows\System\sKclgno.exe
  2⤵
  PID:5712
- C:\Windows\System\plWkvcS.exe
  C:\Windows\System\plWkvcS.exe
  2⤵
  PID:5864
- C:\Windows\System\CJWIYFz.exe
  C:\Windows\System\CJWIYFz.exe
  2⤵
  PID:5292
- C:\Windows\System\sYojbhH.exe
  C:\Windows\System\sYojbhH.exe
  2⤵
  PID:5948
- C:\Windows\System\BBdeNtn.exe
  C:\Windows\System\BBdeNtn.exe
  2⤵
  PID:5884
- C:\Windows\System\ZzeSDZk.exe
  C:\Windows\System\ZzeSDZk.exe
  2⤵
  PID:5968
- C:\Windows\System\lhwlrXY.exe
  C:\Windows\System\lhwlrXY.exe
  2⤵
  PID:6116
- C:\Windows\System\AwpUjpQ.exe
  C:\Windows\System\AwpUjpQ.exe
  2⤵
  PID:6072
- C:\Windows\System\VUTNVtC.exe
  C:\Windows\System\VUTNVtC.exe
  2⤵
  PID:2608
- C:\Windows\System\VdHodPQ.exe
  C:\Windows\System\VdHodPQ.exe
  2⤵
  PID:4204
- C:\Windows\System\JMxGmha.exe
  C:\Windows\System\JMxGmha.exe
  2⤵
  PID:4424
- C:\Windows\System\mAhBncw.exe
  C:\Windows\System\mAhBncw.exe
  2⤵
  PID:1140
- C:\Windows\System\kRLBvKa.exe
  C:\Windows\System\kRLBvKa.exe
  2⤵
  PID:5176
- C:\Windows\System\BdRQPuj.exe
  C:\Windows\System\BdRQPuj.exe
  2⤵
  PID:308
- C:\Windows\System\vJEUDQU.exe
  C:\Windows\System\vJEUDQU.exe
  2⤵
  PID:5344
- C:\Windows\System\kDfFlQq.exe
  C:\Windows\System\kDfFlQq.exe
  2⤵
  PID:5240
- C:\Windows\System\faQMJZn.exe
  C:\Windows\System\faQMJZn.exe
  2⤵
  PID:5256
- C:\Windows\System\OEpsqXN.exe
  C:\Windows\System\OEpsqXN.exe
  2⤵
  PID:5564
- C:\Windows\System\hdsXcHC.exe
  C:\Windows\System\hdsXcHC.exe
  2⤵
  PID:5620
- C:\Windows\System\MVpTbKH.exe
  C:\Windows\System\MVpTbKH.exe
  2⤵
  PID:2692
- C:\Windows\System\FiHdSkf.exe
  C:\Windows\System\FiHdSkf.exe
  2⤵
  PID:5800
- C:\Windows\System\dAKrjHB.exe
  C:\Windows\System\dAKrjHB.exe
  2⤵
  PID:5804
- C:\Windows\System\iEKLyUv.exe
  C:\Windows\System\iEKLyUv.exe
  2⤵
  PID:6032
- C:\Windows\System\ZFBxuVh.exe
  C:\Windows\System\ZFBxuVh.exe
  2⤵
  PID:5848
- C:\Windows\System\IMYGsbn.exe
  C:\Windows\System\IMYGsbn.exe
  2⤵
  PID:5996
- C:\Windows\System\oalsqYM.exe
  C:\Windows\System\oalsqYM.exe
  2⤵
  PID:4752
- C:\Windows\System\yDXPcaT.exe
  C:\Windows\System\yDXPcaT.exe
  2⤵
  PID:2372
- C:\Windows\System\TGmZCUQ.exe
  C:\Windows\System\TGmZCUQ.exe
  2⤵
  PID:6048
- C:\Windows\System\GIigHpu.exe
  C:\Windows\System\GIigHpu.exe
  2⤵
  PID:4260
- C:\Windows\System\UkAUiwE.exe
  C:\Windows\System\UkAUiwE.exe
  2⤵
  PID:5600
- C:\Windows\System\WTnDcjd.exe
  C:\Windows\System\WTnDcjd.exe
  2⤵
  PID:2444
- C:\Windows\System\NWhjQFU.exe
  C:\Windows\System\NWhjQFU.exe
  2⤵
  PID:3884
- C:\Windows\System\vsvXlfB.exe
  C:\Windows\System\vsvXlfB.exe
  2⤵
  PID:6160
- C:\Windows\System\mcgBGeB.exe
  C:\Windows\System\mcgBGeB.exe
  2⤵
  PID:6176
- C:\Windows\System\NROxgkn.exe
  C:\Windows\System\NROxgkn.exe
  2⤵
  PID:6200
- C:\Windows\System\vccjBUe.exe
  C:\Windows\System\vccjBUe.exe
  2⤵
  PID:6220
- C:\Windows\System\mFPmcgI.exe
  C:\Windows\System\mFPmcgI.exe
  2⤵
  PID:6236
- C:\Windows\System\RugPAcK.exe
  C:\Windows\System\RugPAcK.exe
  2⤵
  PID:6260
- C:\Windows\System\BVfOEgs.exe
  C:\Windows\System\BVfOEgs.exe
  2⤵
  PID:6280
- C:\Windows\System\ZFFufyM.exe
  C:\Windows\System\ZFFufyM.exe
  2⤵
  PID:6296
- C:\Windows\System\RHqxGgP.exe
  C:\Windows\System\RHqxGgP.exe
  2⤵
  PID:6312
- C:\Windows\System\OhPFAgG.exe
  C:\Windows\System\OhPFAgG.exe
  2⤵
  PID:6336
- C:\Windows\System\ZcAAkms.exe
  C:\Windows\System\ZcAAkms.exe
  2⤵
  PID:6360
- C:\Windows\System\fzQzpcX.exe
  C:\Windows\System\fzQzpcX.exe
  2⤵
  PID:6376
- C:\Windows\System\zojqDzy.exe
  C:\Windows\System\zojqDzy.exe
  2⤵
  PID:6416
- C:\Windows\System\FDULvaj.exe
  C:\Windows\System\FDULvaj.exe
  2⤵
  PID:6436
- C:\Windows\System\pZWlWdI.exe
  C:\Windows\System\pZWlWdI.exe
  2⤵
  PID:6456
- C:\Windows\System\tAjIgsl.exe
  C:\Windows\System\tAjIgsl.exe
  2⤵
  PID:6476
- C:\Windows\System\GRoSOBL.exe
  C:\Windows\System\GRoSOBL.exe
  2⤵
  PID:6492
- C:\Windows\System\UofHqFv.exe
  C:\Windows\System\UofHqFv.exe
  2⤵
  PID:6516
- C:\Windows\System\WJOINpf.exe
  C:\Windows\System\WJOINpf.exe
  2⤵
  PID:6532
- C:\Windows\System\ufNUAud.exe
  C:\Windows\System\ufNUAud.exe
  2⤵
  PID:6552
- C:\Windows\System\NvuMbML.exe
  C:\Windows\System\NvuMbML.exe
  2⤵
  PID:6572
- C:\Windows\System\cfwQUgf.exe
  C:\Windows\System\cfwQUgf.exe
  2⤵
  PID:6592
- C:\Windows\System\jSszMdh.exe
  C:\Windows\System\jSszMdh.exe
  2⤵
  PID:6616
- C:\Windows\System\pylaNem.exe
  C:\Windows\System\pylaNem.exe
  2⤵
  PID:6632
- C:\Windows\System\JTGdeFZ.exe
  C:\Windows\System\JTGdeFZ.exe
  2⤵
  PID:6648
- C:\Windows\System\HtrdvYa.exe
  C:\Windows\System\HtrdvYa.exe
  2⤵
  PID:6676
- C:\Windows\System\XZhTYEz.exe
  C:\Windows\System\XZhTYEz.exe
  2⤵
  PID:6696
- C:\Windows\System\OIpRiKQ.exe
  C:\Windows\System\OIpRiKQ.exe
  2⤵
  PID:6712
- C:\Windows\System\ziweFVR.exe
  C:\Windows\System\ziweFVR.exe
  2⤵
  PID:6736
- C:\Windows\System\GmPSwPJ.exe
  C:\Windows\System\GmPSwPJ.exe
  2⤵
  PID:6756
- C:\Windows\System\fcVDiZT.exe
  C:\Windows\System\fcVDiZT.exe
  2⤵
  PID:6772
- C:\Windows\System\SIpcAyK.exe
  C:\Windows\System\SIpcAyK.exe
  2⤵
  PID:6796
- C:\Windows\System\leLQNiJ.exe
  C:\Windows\System\leLQNiJ.exe
  2⤵
  PID:6816
- C:\Windows\System\LTEbxpm.exe
  C:\Windows\System\LTEbxpm.exe
  2⤵
  PID:6840
- C:\Windows\System\AOsXsLh.exe
  C:\Windows\System\AOsXsLh.exe
  2⤵
  PID:6860
- C:\Windows\System\GCmAoYl.exe
  C:\Windows\System\GCmAoYl.exe
  2⤵
  PID:6880
- C:\Windows\System\KgDTjwD.exe
  C:\Windows\System\KgDTjwD.exe
  2⤵
  PID:6900
- C:\Windows\System\gyLDJKn.exe
  C:\Windows\System\gyLDJKn.exe
  2⤵
  PID:6920
- C:\Windows\System\NhzMFfi.exe
  C:\Windows\System\NhzMFfi.exe
  2⤵
  PID:6936
- C:\Windows\System\ITnuUva.exe
  C:\Windows\System\ITnuUva.exe
  2⤵
  PID:6956
- C:\Windows\System\nuSiQFZ.exe
  C:\Windows\System\nuSiQFZ.exe
  2⤵
  PID:6980
- C:\Windows\System\gdDsIZJ.exe
  C:\Windows\System\gdDsIZJ.exe
  2⤵
  PID:6996
- C:\Windows\System\UnzYXnz.exe
  C:\Windows\System\UnzYXnz.exe
  2⤵
  PID:7012
- C:\Windows\System\rPSTefb.exe
  C:\Windows\System\rPSTefb.exe
  2⤵
  PID:7036
- C:\Windows\System\QhBfOCs.exe
  C:\Windows\System\QhBfOCs.exe
  2⤵
  PID:7052
- C:\Windows\System\lAPOHqe.exe
  C:\Windows\System\lAPOHqe.exe
  2⤵
  PID:7072
- C:\Windows\System\iGkUdod.exe
  C:\Windows\System\iGkUdod.exe
  2⤵
  PID:7088
- C:\Windows\System\uuuitIS.exe
  C:\Windows\System\uuuitIS.exe
  2⤵
  PID:7108
- C:\Windows\System\FWUdoWk.exe
  C:\Windows\System\FWUdoWk.exe
  2⤵
  PID:6036
- C:\Windows\System\ASOtRLa.exe
  C:\Windows\System\ASOtRLa.exe
  2⤵
  PID:5132
- C:\Windows\System\UpZPAFg.exe
  C:\Windows\System\UpZPAFg.exe
  2⤵
  PID:5116
- C:\Windows\System\cJtrnwY.exe
  C:\Windows\System\cJtrnwY.exe
  2⤵
  PID:5312
- C:\Windows\System\BmivFwo.exe
  C:\Windows\System\BmivFwo.exe
  2⤵
  PID:6268
- C:\Windows\System\TNiBRUU.exe
  C:\Windows\System\TNiBRUU.exe
  2⤵
  PID:5424
- C:\Windows\System\KwDGsDI.exe
  C:\Windows\System\KwDGsDI.exe
  2⤵
  PID:5648
- C:\Windows\System\JNficOL.exe
  C:\Windows\System\JNficOL.exe
  2⤵
  PID:6112
- C:\Windows\System\CEfIkgm.exe
  C:\Windows\System\CEfIkgm.exe
  2⤵
  PID:4128
- C:\Windows\System\QfKHnay.exe
  C:\Windows\System\QfKHnay.exe
  2⤵
  PID:2404
- C:\Windows\System\XRuWeqV.exe
  C:\Windows\System\XRuWeqV.exe
  2⤵
  PID:5844
- C:\Windows\System\BlXqjBs.exe
  C:\Windows\System\BlXqjBs.exe
  2⤵
  PID:6384
- C:\Windows\System\zxUOMgI.exe
  C:\Windows\System\zxUOMgI.exe
  2⤵
  PID:6252
- C:\Windows\System\FZOHLVT.exe
  C:\Windows\System\FZOHLVT.exe
  2⤵
  PID:6328
- C:\Windows\System\GskLXzK.exe
  C:\Windows\System\GskLXzK.exe
  2⤵
  PID:6288
- C:\Windows\System\bdPLsBc.exe
  C:\Windows\System\bdPLsBc.exe
  2⤵
  PID:6212
- C:\Windows\System\tSlIwdi.exe
  C:\Windows\System\tSlIwdi.exe
  2⤵
  PID:6372
- C:\Windows\System\mNrboab.exe
  C:\Windows\System\mNrboab.exe
  2⤵
  PID:6424
- C:\Windows\System\GKkdziP.exe
  C:\Windows\System\GKkdziP.exe
  2⤵
  PID:6468
- C:\Windows\System\UmQgGrv.exe
  C:\Windows\System\UmQgGrv.exe
  2⤵
  PID:6568
- C:\Windows\System\GitmUfg.exe
  C:\Windows\System\GitmUfg.exe
  2⤵
  PID:6512
- C:\Windows\System\JzMTFcm.exe
  C:\Windows\System\JzMTFcm.exe
  2⤵
  PID:6548
- C:\Windows\System\TTOpKna.exe
  C:\Windows\System\TTOpKna.exe
  2⤵
  PID:6640
- C:\Windows\System\wwmloJd.exe
  C:\Windows\System\wwmloJd.exe
  2⤵
  PID:6624
- C:\Windows\System\GgHigwM.exe
  C:\Windows\System\GgHigwM.exe
  2⤵
  PID:6688
- C:\Windows\System\tpyypQH.exe
  C:\Windows\System\tpyypQH.exe
  2⤵
  PID:6728
- C:\Windows\System\lAZcaqd.exe
  C:\Windows\System\lAZcaqd.exe
  2⤵
  PID:6812
- C:\Windows\System\BUULaRp.exe
  C:\Windows\System\BUULaRp.exe
  2⤵
  PID:592
- C:\Windows\System\vNDNwtv.exe
  C:\Windows\System\vNDNwtv.exe
  2⤵
  PID:6780
- C:\Windows\System\ViUlzCx.exe
  C:\Windows\System\ViUlzCx.exe
  2⤵
  PID:6852
- C:\Windows\System\QiFWBfg.exe
  C:\Windows\System\QiFWBfg.exe
  2⤵
  PID:6836
- C:\Windows\System\MRuwzcX.exe
  C:\Windows\System\MRuwzcX.exe
  2⤵
  PID:6972
- C:\Windows\System\hznxbUp.exe
  C:\Windows\System\hznxbUp.exe
  2⤵
  PID:1580
- C:\Windows\System\wMZbQMd.exe
  C:\Windows\System\wMZbQMd.exe
  2⤵
  PID:5740
- C:\Windows\System\XVJYlcX.exe
  C:\Windows\System\XVJYlcX.exe
  2⤵
  PID:6876
- C:\Windows\System\BWHQPNP.exe
  C:\Windows\System\BWHQPNP.exe
  2⤵
  PID:2240
- C:\Windows\System\uTGpVgx.exe
  C:\Windows\System\uTGpVgx.exe
  2⤵
  PID:7020
- C:\Windows\System\vlnvgMm.exe
  C:\Windows\System\vlnvgMm.exe
  2⤵
  PID:7060
- C:\Windows\System\VwCsGYz.exe
  C:\Windows\System\VwCsGYz.exe
  2⤵
  PID:7128
- C:\Windows\System\pfdRwBs.exe
  C:\Windows\System\pfdRwBs.exe
  2⤵
  PID:776
- C:\Windows\System\eTKPVfm.exe
  C:\Windows\System\eTKPVfm.exe
  2⤵
  PID:2340
- C:\Windows\System\ujuVJvv.exe
  C:\Windows\System\ujuVJvv.exe
  2⤵
  PID:2836
- C:\Windows\System\JBDxAjO.exe
  C:\Windows\System\JBDxAjO.exe
  2⤵
  PID:6152
- C:\Windows\System\MVijNys.exe
  C:\Windows\System\MVijNys.exe
  2⤵
  PID:2700
- C:\Windows\System\QQUcLam.exe
  C:\Windows\System\QQUcLam.exe
  2⤵
  PID:6192
- C:\Windows\System\xgSxFpP.exe
  C:\Windows\System\xgSxFpP.exe
  2⤵
  PID:2988
- C:\Windows\System\onHrPOU.exe
  C:\Windows\System\onHrPOU.exe
  2⤵
  PID:2464
- C:\Windows\System\iZvvwpo.exe
  C:\Windows\System\iZvvwpo.exe
  2⤵
  PID:1592
- C:\Windows\System\ECVXenZ.exe
  C:\Windows\System\ECVXenZ.exe
  2⤵
  PID:5152
- C:\Windows\System\ZBPcdZa.exe
  C:\Windows\System\ZBPcdZa.exe
  2⤵
  PID:2916
- C:\Windows\System\UvsGHJA.exe
  C:\Windows\System\UvsGHJA.exe
  2⤵
  PID:5820
- C:\Windows\System\psENgns.exe
  C:\Windows\System\psENgns.exe
  2⤵
  PID:6344
- C:\Windows\System\cHKTGvR.exe
  C:\Windows\System\cHKTGvR.exe
  2⤵
  PID:6348
- C:\Windows\System\BQTtDIo.exe
  C:\Windows\System\BQTtDIo.exe
  2⤵
  PID:6400
- C:\Windows\System\EtmiiCS.exe
  C:\Windows\System\EtmiiCS.exe
  2⤵
  PID:6320
- C:\Windows\System\fLyeDQG.exe
  C:\Windows\System\fLyeDQG.exe
  2⤵
  PID:6452
- C:\Windows\System\avIbmOE.exe
  C:\Windows\System\avIbmOE.exe
  2⤵
  PID:6508
- C:\Windows\System\itsSGuN.exe
  C:\Windows\System\itsSGuN.exe
  2⤵
  PID:6692
- C:\Windows\System\tADxves.exe
  C:\Windows\System\tADxves.exe
  2⤵
  PID:6540
- C:\Windows\System\NmFqlzG.exe
  C:\Windows\System\NmFqlzG.exe
  2⤵
  PID:6588
- C:\Windows\System\bmTTIFI.exe
  C:\Windows\System\bmTTIFI.exe
  2⤵
  PID:6704
- C:\Windows\System\DxchjHu.exe
  C:\Windows\System\DxchjHu.exe
  2⤵
  PID:6804
- C:\Windows\System\mrgqpog.exe
  C:\Windows\System\mrgqpog.exe
  2⤵
  PID:1624
- C:\Windows\System\kqdxqYV.exe
  C:\Windows\System\kqdxqYV.exe
  2⤵
  PID:6896
- C:\Windows\System\tmyePYG.exe
  C:\Windows\System\tmyePYG.exe
  2⤵
  PID:7008
- C:\Windows\System\CYAFdVU.exe
  C:\Windows\System\CYAFdVU.exe
  2⤵
  PID:6944
- C:\Windows\System\YAZfAdb.exe
  C:\Windows\System\YAZfAdb.exe
  2⤵
  PID:6988
- C:\Windows\System\WfcSmPY.exe
  C:\Windows\System\WfcSmPY.exe
  2⤵
  PID:1708
- C:\Windows\System\sMennvg.exe
  C:\Windows\System\sMennvg.exe
  2⤵
  PID:6916
- C:\Windows\System\rRAiTus.exe
  C:\Windows\System\rRAiTus.exe
  2⤵
  PID:7080
- C:\Windows\System\lZumZhP.exe
  C:\Windows\System\lZumZhP.exe
  2⤵
  PID:7120
- C:\Windows\System\xqeGMvg.exe
  C:\Windows\System\xqeGMvg.exe
  2⤵
  PID:6228
- C:\Windows\System\eUtuDqW.exe
  C:\Windows\System\eUtuDqW.exe
  2⤵
  PID:2348
- C:\Windows\System\jNrwVyC.exe
  C:\Windows\System\jNrwVyC.exe
  2⤵
  PID:1376
- C:\Windows\System\lWDKdjk.exe
  C:\Windows\System\lWDKdjk.exe
  2⤵
  PID:1684
- C:\Windows\System\IPjGffI.exe
  C:\Windows\System\IPjGffI.exe
  2⤵
  PID:2260
- C:\Windows\System\YzHNbfh.exe
  C:\Windows\System\YzHNbfh.exe
  2⤵
  PID:2276
- C:\Windows\System\bKCaYXX.exe
  C:\Windows\System\bKCaYXX.exe
  2⤵
  PID:2616
- C:\Windows\System\bHYQteK.exe
  C:\Windows\System\bHYQteK.exe
  2⤵
  PID:2976
- C:\Windows\System\gFtQOXe.exe
  C:\Windows\System\gFtQOXe.exe
  2⤵
  PID:2708
- C:\Windows\System\wYGZvoH.exe
  C:\Windows\System\wYGZvoH.exe
  2⤵
  PID:6324
- C:\Windows\System\qSmenZv.exe
  C:\Windows\System\qSmenZv.exe
  2⤵
  PID:6464
- C:\Windows\System\piucKcE.exe
  C:\Windows\System\piucKcE.exe
  2⤵
  PID:6644
- C:\Windows\System\yAGNqos.exe
  C:\Windows\System\yAGNqos.exe
  2⤵
  PID:6500
- C:\Windows\System\VgohyRY.exe
  C:\Windows\System\VgohyRY.exe
  2⤵
  PID:2604
- C:\Windows\System\vSriNIP.exe
  C:\Windows\System\vSriNIP.exe
  2⤵
  PID:6724
- C:\Windows\System\kHdNBic.exe
  C:\Windows\System\kHdNBic.exe
  2⤵
  PID:6992
- C:\Windows\System\nkjGgbJ.exe
  C:\Windows\System\nkjGgbJ.exe
  2⤵
  PID:7048
- C:\Windows\System\cpSjmVG.exe
  C:\Windows\System\cpSjmVG.exe
  2⤵
  PID:1172
- C:\Windows\System\XmRxfum.exe
  C:\Windows\System\XmRxfum.exe
  2⤵
  PID:7124
- C:\Windows\System\OnJIkPb.exe
  C:\Windows\System\OnJIkPb.exe
  2⤵
  PID:2408
- C:\Windows\System\TUbIPvA.exe
  C:\Windows\System\TUbIPvA.exe
  2⤵
  PID:2764
- C:\Windows\System\yqsKmVy.exe
  C:\Windows\System\yqsKmVy.exe
  2⤵
  PID:7152
- C:\Windows\System\Cvukjgn.exe
  C:\Windows\System\Cvukjgn.exe
  2⤵
  PID:2948
- C:\Windows\System\zxPsqAb.exe
  C:\Windows\System\zxPsqAb.exe
  2⤵
  PID:6304
- C:\Windows\System\YzBeXIL.exe
  C:\Windows\System\YzBeXIL.exe
  2⤵
  PID:6396
- C:\Windows\System\SYMgEOD.exe
  C:\Windows\System\SYMgEOD.exe
  2⤵
  PID:2068
- C:\Windows\System\sWXqACZ.exe
  C:\Windows\System\sWXqACZ.exe
  2⤵
  PID:7156
- C:\Windows\System\ycypZIg.exe
  C:\Windows\System\ycypZIg.exe
  2⤵
  PID:1556
- C:\Windows\System\SMfLiUv.exe
  C:\Windows\System\SMfLiUv.exe
  2⤵
  PID:6560
- C:\Windows\System\fbawqKC.exe
  C:\Windows\System\fbawqKC.exe
  2⤵
  PID:6808
- C:\Windows\System\gXtnAxq.exe
  C:\Windows\System\gXtnAxq.exe
  2⤵
  PID:7004
- C:\Windows\System\eYdjVxY.exe
  C:\Windows\System\eYdjVxY.exe
  2⤵
  PID:6856
- C:\Windows\System\ANrxRrA.exe
  C:\Windows\System\ANrxRrA.exe
  2⤵
  PID:1152
- C:\Windows\System\ZzOFYpE.exe
  C:\Windows\System\ZzOFYpE.exe
  2⤵
  PID:316
- C:\Windows\System\adlcUSz.exe
  C:\Windows\System\adlcUSz.exe
  2⤵
  PID:6784
- C:\Windows\System\TgwjYmw.exe
  C:\Windows\System\TgwjYmw.exe
  2⤵
  PID:7180
- C:\Windows\System\cYteXKI.exe
  C:\Windows\System\cYteXKI.exe
  2⤵
  PID:7196
- C:\Windows\System\QnRFTvO.exe
  C:\Windows\System\QnRFTvO.exe
  2⤵
  PID:7216
- C:\Windows\System\PATRBLp.exe
  C:\Windows\System\PATRBLp.exe
  2⤵
  PID:7232
- C:\Windows\System\MyOVdHj.exe
  C:\Windows\System\MyOVdHj.exe
  2⤵
  PID:7248
- C:\Windows\System\xINHUzI.exe
  C:\Windows\System\xINHUzI.exe
  2⤵
  PID:7268
- C:\Windows\System\MFVmrwz.exe
  C:\Windows\System\MFVmrwz.exe
  2⤵
  PID:7284
- C:\Windows\System\yhqTbML.exe
  C:\Windows\System\yhqTbML.exe
  2⤵
  PID:7308
- C:\Windows\System\ZrGuugL.exe
  C:\Windows\System\ZrGuugL.exe
  2⤵
  PID:7328
- C:\Windows\System\GJzpolv.exe
  C:\Windows\System\GJzpolv.exe
  2⤵
  PID:7348
- C:\Windows\System\xUZgCYd.exe
  C:\Windows\System\xUZgCYd.exe
  2⤵
  PID:7364
- C:\Windows\System\zZhSNfx.exe
  C:\Windows\System\zZhSNfx.exe
  2⤵
  PID:7408
- C:\Windows\System\nnOufwQ.exe
  C:\Windows\System\nnOufwQ.exe
  2⤵
  PID:7424
- C:\Windows\System\ZohsHgR.exe
  C:\Windows\System\ZohsHgR.exe
  2⤵
  PID:7444
- C:\Windows\System\IjNhMnx.exe
  C:\Windows\System\IjNhMnx.exe
  2⤵
  PID:7460
- C:\Windows\System\pzdmUGz.exe
  C:\Windows\System\pzdmUGz.exe
  2⤵
  PID:7476
- C:\Windows\System\DRaHDeK.exe
  C:\Windows\System\DRaHDeK.exe
  2⤵
  PID:7532
- C:\Windows\System\oLjpXXt.exe
  C:\Windows\System\oLjpXXt.exe
  2⤵
  PID:7548
- C:\Windows\System\WkWpbrf.exe
  C:\Windows\System\WkWpbrf.exe
  2⤵
  PID:7564
- C:\Windows\System\banvDZb.exe
  C:\Windows\System\banvDZb.exe
  2⤵
  PID:7584
- C:\Windows\System\wGKiTqC.exe
  C:\Windows\System\wGKiTqC.exe
  2⤵
  PID:7620
- C:\Windows\System\ZTROZnL.exe
  C:\Windows\System\ZTROZnL.exe
  2⤵
  PID:7640
- C:\Windows\System\nBrPmIx.exe
  C:\Windows\System\nBrPmIx.exe
  2⤵
  PID:7656
- C:\Windows\System\rweKIPq.exe
  C:\Windows\System\rweKIPq.exe
  2⤵
  PID:7672
- C:\Windows\System\hvjgLSn.exe
  C:\Windows\System\hvjgLSn.exe
  2⤵
  PID:7704
- C:\Windows\System\KBWOwQK.exe
  C:\Windows\System\KBWOwQK.exe
  2⤵
  PID:7720
- C:\Windows\System\LbCZimG.exe
  C:\Windows\System\LbCZimG.exe
  2⤵
  PID:7736
- C:\Windows\System\JQFsRFk.exe
  C:\Windows\System\JQFsRFk.exe
  2⤵
  PID:7752
- C:\Windows\System\cHBMrWV.exe
  C:\Windows\System\cHBMrWV.exe
  2⤵
  PID:7768
- C:\Windows\System\sQGrKKQ.exe
  C:\Windows\System\sQGrKKQ.exe
  2⤵
  PID:7796
- C:\Windows\System\TvZEKla.exe
  C:\Windows\System\TvZEKla.exe
  2⤵
  PID:7812
- C:\Windows\System\ekQwaiN.exe
  C:\Windows\System\ekQwaiN.exe
  2⤵
  PID:7836
- C:\Windows\System\kzXuKFH.exe
  C:\Windows\System\kzXuKFH.exe
  2⤵
  PID:7852
- C:\Windows\System\RwqbQPx.exe
  C:\Windows\System\RwqbQPx.exe
  2⤵
  PID:7892
- C:\Windows\System\gvarsxE.exe
  C:\Windows\System\gvarsxE.exe
  2⤵
  PID:7908
- C:\Windows\System\oeVdomc.exe
  C:\Windows\System\oeVdomc.exe
  2⤵
  PID:7924
- C:\Windows\System\CLmLAwR.exe
  C:\Windows\System\CLmLAwR.exe
  2⤵
  PID:7940
- C:\Windows\System\lKUUipY.exe
  C:\Windows\System\lKUUipY.exe
  2⤵
  PID:7956
- C:\Windows\System\doVGGvh.exe
  C:\Windows\System\doVGGvh.exe
  2⤵
  PID:7976
- C:\Windows\System\GoBMjwC.exe
  C:\Windows\System\GoBMjwC.exe
  2⤵
  PID:7996
- C:\Windows\System\xluktgd.exe
  C:\Windows\System\xluktgd.exe
  2⤵
  PID:8028
- C:\Windows\System\WAvKtyx.exe
  C:\Windows\System\WAvKtyx.exe
  2⤵
  PID:8044
- C:\Windows\System\XXsJWWm.exe
  C:\Windows\System\XXsJWWm.exe
  2⤵
  PID:8068
- C:\Windows\System\OtVucyl.exe
  C:\Windows\System\OtVucyl.exe
  2⤵
  PID:8084
- C:\Windows\System\tDhARkQ.exe
  C:\Windows\System\tDhARkQ.exe
  2⤵
  PID:8116
- C:\Windows\System\JaZBdpf.exe
  C:\Windows\System\JaZBdpf.exe
  2⤵
  PID:8132
- C:\Windows\System\EBdoIQV.exe
  C:\Windows\System\EBdoIQV.exe
  2⤵
  PID:8160
- C:\Windows\System\GklxKAs.exe
  C:\Windows\System\GklxKAs.exe
  2⤵
  PID:8176
- C:\Windows\System\FCvUORd.exe
  C:\Windows\System\FCvUORd.exe
  2⤵
  PID:6368
- C:\Windows\System\UTokHfs.exe
  C:\Windows\System\UTokHfs.exe
  2⤵
  PID:2192
- C:\Windows\System\ppyVipA.exe
  C:\Windows\System\ppyVipA.exe
  2⤵
  PID:2588
- C:\Windows\System\YsjuOml.exe
  C:\Windows\System\YsjuOml.exe
  2⤵
  PID:6892
- C:\Windows\System\WkLZNYt.exe
  C:\Windows\System\WkLZNYt.exe
  2⤵
  PID:2288
- C:\Windows\System\vbZOtOu.exe
  C:\Windows\System\vbZOtOu.exe
  2⤵
  PID:5860
- C:\Windows\System\MhcHBYu.exe
  C:\Windows\System\MhcHBYu.exe
  2⤵
  PID:7188
- C:\Windows\System\TYOeZzo.exe
  C:\Windows\System\TYOeZzo.exe
  2⤵
  PID:7204
- C:\Windows\System\yOBdURy.exe
  C:\Windows\System\yOBdURy.exe
  2⤵
  PID:7244
- C:\Windows\System\IKKrtNC.exe
  C:\Windows\System\IKKrtNC.exe
  2⤵
  PID:7320
- C:\Windows\System\ERDtLAu.exe
  C:\Windows\System\ERDtLAu.exe
  2⤵
  PID:1976
- C:\Windows\System\voxanbC.exe
  C:\Windows\System\voxanbC.exe
  2⤵
  PID:7344
- C:\Windows\System\jYAtuuf.exe
  C:\Windows\System\jYAtuuf.exe
  2⤵
  PID:7224
- C:\Windows\System\YEFkLEL.exe
  C:\Windows\System\YEFkLEL.exe
  2⤵
  PID:7452
- C:\Windows\System\RdXPjtv.exe
  C:\Windows\System\RdXPjtv.exe
  2⤵
  PID:7264
- C:\Windows\System\RddgBbx.exe
  C:\Windows\System\RddgBbx.exe
  2⤵
  PID:7336
- C:\Windows\System\wKjJsrs.exe
  C:\Windows\System\wKjJsrs.exe
  2⤵
  PID:7512
- C:\Windows\System\CnrFVwJ.exe
  C:\Windows\System\CnrFVwJ.exe
  2⤵
  PID:7384
- C:\Windows\System\wbmnAid.exe
  C:\Windows\System\wbmnAid.exe
  2⤵
  PID:7528
- C:\Windows\System\WXowVjo.exe
  C:\Windows\System\WXowVjo.exe
  2⤵
  PID:7604
- C:\Windows\System\THaydTt.exe
  C:\Windows\System\THaydTt.exe
  2⤵
  PID:7612
- C:\Windows\System\EPFqXRu.exe
  C:\Windows\System\EPFqXRu.exe
  2⤵
  PID:7648
- C:\Windows\System\qoEFDmd.exe
  C:\Windows\System\qoEFDmd.exe
  2⤵
  PID:7692
- C:\Windows\System\MySMbSI.exe
  C:\Windows\System\MySMbSI.exe
  2⤵
  PID:7780
- C:\Windows\System\klQOkNf.exe
  C:\Windows\System\klQOkNf.exe
  2⤵
  PID:7776
- C:\Windows\System\dVKKPzz.exe
  C:\Windows\System\dVKKPzz.exe
  2⤵
  PID:7824
- C:\Windows\System\JyNQAVV.exe
  C:\Windows\System\JyNQAVV.exe
  2⤵
  PID:7872
- C:\Windows\System\fmmQnES.exe
  C:\Windows\System\fmmQnES.exe
  2⤵
  PID:7732
- C:\Windows\System\qafwjKe.exe
  C:\Windows\System\qafwjKe.exe
  2⤵
  PID:7904
- C:\Windows\System\TiNMhnL.exe
  C:\Windows\System\TiNMhnL.exe
  2⤵
  PID:7984
- C:\Windows\System\SSZmaKi.exe
  C:\Windows\System\SSZmaKi.exe
  2⤵
  PID:7968
- C:\Windows\System\muosxZA.exe
  C:\Windows\System\muosxZA.exe
  2⤵
  PID:7932
- C:\Windows\System\LBsZGOZ.exe
  C:\Windows\System\LBsZGOZ.exe
  2⤵
  PID:7988
- C:\Windows\System\eMXTRKK.exe
  C:\Windows\System\eMXTRKK.exe
  2⤵
  PID:8040
- C:\Windows\System\twKlQAI.exe
  C:\Windows\System\twKlQAI.exe
  2⤵
  PID:8064
- C:\Windows\System\prxROow.exe
  C:\Windows\System\prxROow.exe
  2⤵
  PID:8104
- C:\Windows\System\zmPkKwr.exe
  C:\Windows\System\zmPkKwr.exe
  2⤵
  PID:8124
- C:\Windows\System\iFFZilD.exe
  C:\Windows\System\iFFZilD.exe
  2⤵
  PID:8152
- C:\Windows\System\CbqcsNw.exe
  C:\Windows\System\CbqcsNw.exe
  2⤵
  PID:6216
- C:\Windows\System\cuNibMK.exe
  C:\Windows\System\cuNibMK.exe
  2⤵
  PID:8184
- C:\Windows\System\ZsUhrvr.exe
  C:\Windows\System\ZsUhrvr.exe
  2⤵
  PID:6208
- C:\Windows\System\TeyivJY.exe
  C:\Windows\System\TeyivJY.exe
  2⤵
  PID:5988
- C:\Windows\System\dbjVuvn.exe
  C:\Windows\System\dbjVuvn.exe
  2⤵
  PID:7172
- C:\Windows\System\xeBuSmZ.exe
  C:\Windows\System\xeBuSmZ.exe
  2⤵
  PID:2152
- C:\Windows\System\bvgtXKu.exe
  C:\Windows\System\bvgtXKu.exe
  2⤵
  PID:7360
- C:\Windows\System\bHGvBJa.exe
  C:\Windows\System\bHGvBJa.exe
  2⤵
  PID:7388
- C:\Windows\System\HZMWYRn.exe
  C:\Windows\System\HZMWYRn.exe
  2⤵
  PID:856
- C:\Windows\System\FAnNLpH.exe
  C:\Windows\System\FAnNLpH.exe
  2⤵
  PID:7440
- C:\Windows\System\eiZOEAT.exe
  C:\Windows\System\eiZOEAT.exe
  2⤵
  PID:7488
- C:\Windows\System\QhjcgXC.exe
  C:\Windows\System\QhjcgXC.exe
  2⤵
  PID:7492
- C:\Windows\System\DrufOeG.exe
  C:\Windows\System\DrufOeG.exe
  2⤵
  PID:7580
- C:\Windows\System\BZbxAnN.exe
  C:\Windows\System\BZbxAnN.exe
  2⤵
  PID:7504
- C:\Windows\System\iFYlxin.exe
  C:\Windows\System\iFYlxin.exe
  2⤵
  PID:7608
- C:\Windows\System\asvyXSX.exe
  C:\Windows\System\asvyXSX.exe
  2⤵
  PID:7696
- C:\Windows\System\csrLIBT.exe
  C:\Windows\System\csrLIBT.exe
  2⤵
  PID:7688
- C:\Windows\System\ZYFMqBU.exe
  C:\Windows\System\ZYFMqBU.exe
  2⤵
  PID:7884
- C:\Windows\System\bLggnag.exe
  C:\Windows\System\bLggnag.exe
  2⤵
  PID:7888
- C:\Windows\System\YAjbVsP.exe
  C:\Windows\System\YAjbVsP.exe
  2⤵
  PID:8020
- C:\Windows\System\SEUozCq.exe
  C:\Windows\System\SEUozCq.exe
  2⤵
  PID:7864
- C:\Windows\System\LXZVMFr.exe
  C:\Windows\System\LXZVMFr.exe
  2⤵
  PID:1072
- C:\Windows\System\GlKunlG.exe
  C:\Windows\System\GlKunlG.exe
  2⤵
  PID:7300
- C:\Windows\System\jJLroBQ.exe
  C:\Windows\System\jJLroBQ.exe
  2⤵
  PID:8172
- C:\Windows\System\CEBmJXk.exe
  C:\Windows\System\CEBmJXk.exe
  2⤵
  PID:8188
- C:\Windows\System\znVRIoU.exe
  C:\Windows\System\znVRIoU.exe
  2⤵
  PID:8112
- C:\Windows\System\CnlIHZM.exe
  C:\Windows\System\CnlIHZM.exe
  2⤵
  PID:7420
- C:\Windows\System\SdExrUp.exe
  C:\Windows\System\SdExrUp.exe
  2⤵
  PID:7936
- C:\Windows\System\LZgKkEh.exe
  C:\Windows\System\LZgKkEh.exe
  2⤵
  PID:8080
- C:\Windows\System\BDKBFCl.exe
  C:\Windows\System\BDKBFCl.exe
  2⤵
  PID:7392
- C:\Windows\System\MUjBFPt.exe
  C:\Windows\System\MUjBFPt.exe
  2⤵
  PID:7792
- C:\Windows\System\FwGUhIE.exe
  C:\Windows\System\FwGUhIE.exe
  2⤵
  PID:7920
- C:\Windows\System\oMbOBnq.exe
  C:\Windows\System\oMbOBnq.exe
  2⤵
  PID:7356
- C:\Windows\System\GkZRYMx.exe
  C:\Windows\System\GkZRYMx.exe
  2⤵
  PID:8144
- C:\Windows\System\cTHubEA.exe
  C:\Windows\System\cTHubEA.exe
  2⤵
  PID:7964
- C:\Windows\System\EqXAvrX.exe
  C:\Windows\System\EqXAvrX.exe
  2⤵
  PID:7500
- C:\Windows\System\wHkRHSk.exe
  C:\Windows\System\wHkRHSk.exe
  2⤵
  PID:7844
- C:\Windows\System\PwYmGqg.exe
  C:\Windows\System\PwYmGqg.exe
  2⤵
  PID:8204
- C:\Windows\System\MOMxROW.exe
  C:\Windows\System\MOMxROW.exe
  2⤵
  PID:8224
- C:\Windows\System\rQfdbpN.exe
  C:\Windows\System\rQfdbpN.exe
  2⤵
  PID:8292
- C:\Windows\System\nXAuBub.exe
  C:\Windows\System\nXAuBub.exe
  2⤵
  PID:8312
- C:\Windows\System\rpOngUa.exe
  C:\Windows\System\rpOngUa.exe
  2⤵
  PID:8328
- C:\Windows\System\Gjxjbls.exe
  C:\Windows\System\Gjxjbls.exe
  2⤵
  PID:8348
- C:\Windows\System\GZDMLDb.exe
  C:\Windows\System\GZDMLDb.exe
  2⤵
  PID:8364
- C:\Windows\System\XUNgblj.exe
  C:\Windows\System\XUNgblj.exe
  2⤵
  PID:8384
- C:\Windows\System\qOvsVIb.exe
  C:\Windows\System\qOvsVIb.exe
  2⤵
  PID:8400
- C:\Windows\System\CZaJbKK.exe
  C:\Windows\System\CZaJbKK.exe
  2⤵
  PID:8416
- C:\Windows\System\vcAjXRX.exe
  C:\Windows\System\vcAjXRX.exe
  2⤵
  PID:8440
- C:\Windows\System\lFJYPGE.exe
  C:\Windows\System\lFJYPGE.exe
  2⤵
  PID:8460
- C:\Windows\System\Movfozr.exe
  C:\Windows\System\Movfozr.exe
  2⤵
  PID:8476
- C:\Windows\System\RPoeefz.exe
  C:\Windows\System\RPoeefz.exe
  2⤵
  PID:8492
- C:\Windows\System\mgvweaf.exe
  C:\Windows\System\mgvweaf.exe
  2⤵
  PID:8512
- C:\Windows\System\hRRiwFP.exe
  C:\Windows\System\hRRiwFP.exe
  2⤵
  PID:8528
- C:\Windows\System\ximCIJt.exe
  C:\Windows\System\ximCIJt.exe
  2⤵
  PID:8544
- C:\Windows\System\xigIcmJ.exe
  C:\Windows\System\xigIcmJ.exe
  2⤵
  PID:8564
- C:\Windows\System\xhmSIFv.exe
  C:\Windows\System\xhmSIFv.exe
  2⤵
  PID:8580
- C:\Windows\System\btfXrqD.exe
  C:\Windows\System\btfXrqD.exe
  2⤵
  PID:8644
- C:\Windows\System\UlOAbPk.exe
  C:\Windows\System\UlOAbPk.exe
  2⤵
  PID:8660
- C:\Windows\System\pQNXVNg.exe
  C:\Windows\System\pQNXVNg.exe
  2⤵
  PID:8680
- C:\Windows\System\NQLqTle.exe
  C:\Windows\System\NQLqTle.exe
  2⤵
  PID:8696
- C:\Windows\System\sgGYGxo.exe
  C:\Windows\System\sgGYGxo.exe
  2⤵
  PID:8724
- C:\Windows\System\EquAFQh.exe
  C:\Windows\System\EquAFQh.exe
  2⤵
  PID:8740
- C:\Windows\System\NTikXsW.exe
  C:\Windows\System\NTikXsW.exe
  2⤵
  PID:8756
- C:\Windows\System\mQWjpzK.exe
  C:\Windows\System\mQWjpzK.exe
  2⤵
  PID:8776
- C:\Windows\System\ScgBOrE.exe
  C:\Windows\System\ScgBOrE.exe
  2⤵
  PID:8800
- C:\Windows\System\FgdzNAt.exe
  C:\Windows\System\FgdzNAt.exe
  2⤵
  PID:8820
- C:\Windows\System\eZXaaWP.exe
  C:\Windows\System\eZXaaWP.exe
  2⤵
  PID:8840
- C:\Windows\System\OaRXFAr.exe
  C:\Windows\System\OaRXFAr.exe
  2⤵
  PID:8856
- C:\Windows\System\XZVnpMP.exe
  C:\Windows\System\XZVnpMP.exe
  2⤵
  PID:8872
- C:\Windows\System\qwDTDwO.exe
  C:\Windows\System\qwDTDwO.exe
  2⤵
  PID:8888
- C:\Windows\System\ZDpUAJa.exe
  C:\Windows\System\ZDpUAJa.exe
  2⤵
  PID:8904
- C:\Windows\System\mgXxibb.exe
  C:\Windows\System\mgXxibb.exe
  2⤵
  PID:8920
- C:\Windows\System\bnGVeGZ.exe
  C:\Windows\System\bnGVeGZ.exe
  2⤵
  PID:8936
- C:\Windows\System\UNeJvjb.exe
  C:\Windows\System\UNeJvjb.exe
  2⤵
  PID:8952
- C:\Windows\System\Ntiehlz.exe
  C:\Windows\System\Ntiehlz.exe
  2⤵
  PID:8968
- C:\Windows\System\YwbtcAA.exe
  C:\Windows\System\YwbtcAA.exe
  2⤵
  PID:8984
- C:\Windows\System\rxrgxfX.exe
  C:\Windows\System\rxrgxfX.exe
  2⤵
  PID:9000
- C:\Windows\System\ZjbMYcf.exe
  C:\Windows\System\ZjbMYcf.exe
  2⤵
  PID:9016
- C:\Windows\System\ZDqFnyv.exe
  C:\Windows\System\ZDqFnyv.exe
  2⤵
  PID:9032
- C:\Windows\System\yIQSWOC.exe
  C:\Windows\System\yIQSWOC.exe
  2⤵
  PID:9048
- C:\Windows\System\EzIIxHW.exe
  C:\Windows\System\EzIIxHW.exe
  2⤵
  PID:9064
- C:\Windows\System\rsOPKuU.exe
  C:\Windows\System\rsOPKuU.exe
  2⤵
  PID:9080
- C:\Windows\System\KNKzJIS.exe
  C:\Windows\System\KNKzJIS.exe
  2⤵
  PID:9096
- C:\Windows\System\bemYcsG.exe
  C:\Windows\System\bemYcsG.exe
  2⤵
  PID:9112
- C:\Windows\System\kpltFtC.exe
  C:\Windows\System\kpltFtC.exe
  2⤵
  PID:9128
- C:\Windows\System\NhkpqZx.exe
  C:\Windows\System\NhkpqZx.exe
  2⤵
  PID:9144
- C:\Windows\System\yvTxDtb.exe
  C:\Windows\System\yvTxDtb.exe
  2⤵
  PID:9164
- C:\Windows\System\BBOKUpk.exe
  C:\Windows\System\BBOKUpk.exe
  2⤵
  PID:9180
- C:\Windows\System\RSxzqYM.exe
  C:\Windows\System\RSxzqYM.exe
  2⤵
  PID:9196
- C:\Windows\System\xAyqzsn.exe
  C:\Windows\System\xAyqzsn.exe
  2⤵
  PID:9212
- C:\Windows\System\cgMoARM.exe
  C:\Windows\System\cgMoARM.exe
  2⤵
  PID:7496
- C:\Windows\System\SHTOmZW.exe
  C:\Windows\System\SHTOmZW.exe
  2⤵
  PID:6848
- C:\Windows\System\iuiavGg.exe
  C:\Windows\System\iuiavGg.exe
  2⤵
  PID:6276
- C:\Windows\System\eqsrETN.exe
  C:\Windows\System\eqsrETN.exe
  2⤵
  PID:844
- C:\Windows\System\uiciiNk.exe
  C:\Windows\System\uiciiNk.exe
  2⤵
  PID:8256
- C:\Windows\System\IRXBWJY.exe
  C:\Windows\System\IRXBWJY.exe
  2⤵
  PID:7592
- C:\Windows\System\lrFhUQO.exe
  C:\Windows\System\lrFhUQO.exe
  2⤵
  PID:7576
- C:\Windows\System\xFhhQnl.exe
  C:\Windows\System\xFhhQnl.exe
  2⤵
  PID:8280
- C:\Windows\System\cXMPOjz.exe
  C:\Windows\System\cXMPOjz.exe
  2⤵
  PID:8324
- C:\Windows\System\qJHIsbw.exe
  C:\Windows\System\qJHIsbw.exe
  2⤵
  PID:7636
- C:\Windows\System\wnaukKx.exe
  C:\Windows\System\wnaukKx.exe
  2⤵
  PID:8156
- C:\Windows\System\xnuqpuB.exe
  C:\Windows\System\xnuqpuB.exe
  2⤵
  PID:7680
- C:\Windows\System\cRlCJNq.exe
  C:\Windows\System\cRlCJNq.exe
  2⤵
  PID:8096
- C:\Windows\System\pBqYlEh.exe
  C:\Windows\System\pBqYlEh.exe
  2⤵
  PID:8392
- C:\Windows\System\TkjsTHD.exe
  C:\Windows\System\TkjsTHD.exe
  2⤵
  PID:8432
- C:\Windows\System\KPzPcba.exe
  C:\Windows\System\KPzPcba.exe
  2⤵
  PID:7376
- C:\Windows\System\aglFKcJ.exe
  C:\Windows\System\aglFKcJ.exe
  2⤵
  PID:7668
- C:\Windows\System\PazjdLi.exe
  C:\Windows\System\PazjdLi.exe
  2⤵
  PID:6156
- C:\Windows\System\euQLIHH.exe
  C:\Windows\System\euQLIHH.exe
  2⤵
  PID:8504
- C:\Windows\System\VjMLROf.exe
  C:\Windows\System\VjMLROf.exe
  2⤵
  PID:8508
- C:\Windows\System\hjTFCcx.exe
  C:\Windows\System\hjTFCcx.exe
  2⤵
  PID:6912
- C:\Windows\System\FqFmENv.exe
  C:\Windows\System\FqFmENv.exe
  2⤵
  PID:8408
- C:\Windows\System\aqZHbPL.exe
  C:\Windows\System\aqZHbPL.exe
  2⤵
  PID:8372
- C:\Windows\System\BbgMLHx.exe
  C:\Windows\System\BbgMLHx.exe
  2⤵
  PID:8344
- C:\Windows\System\PIqGbFc.exe
  C:\Windows\System\PIqGbFc.exe
  2⤵
  PID:8628
- C:\Windows\System\oyLNdfc.exe
  C:\Windows\System\oyLNdfc.exe
  2⤵
  PID:8556
- C:\Windows\System\tFrSOYX.exe
  C:\Windows\System\tFrSOYX.exe
  2⤵
  PID:8596
- C:\Windows\System\sAEIMgI.exe
  C:\Windows\System\sAEIMgI.exe
  2⤵
  PID:8608
- C:\Windows\System\LctTeGc.exe
  C:\Windows\System\LctTeGc.exe
  2⤵
  PID:8672
- C:\Windows\System\uGLveiu.exe
  C:\Windows\System\uGLveiu.exe
  2⤵
  PID:8732
- C:\Windows\System\xDbNADd.exe
  C:\Windows\System\xDbNADd.exe
  2⤵
  PID:8792
- C:\Windows\System\xTOWzcW.exe
  C:\Windows\System\xTOWzcW.exe
  2⤵
  PID:8812
- C:\Windows\System\cGEyIYE.exe
  C:\Windows\System\cGEyIYE.exe
  2⤵
  PID:8808
- C:\Windows\System\Zjshgho.exe
  C:\Windows\System\Zjshgho.exe
  2⤵
  PID:8796
- C:\Windows\System\yuzcqEL.exe
  C:\Windows\System\yuzcqEL.exe
  2⤵
  PID:8852
- C:\Windows\System\sgtzXKn.exe
  C:\Windows\System\sgtzXKn.exe
  2⤵
  PID:8884
- C:\Windows\System\XlJaeUM.exe
  C:\Windows\System\XlJaeUM.exe
  2⤵
  PID:8944
- C:\Windows\System\qYoORzn.exe
  C:\Windows\System\qYoORzn.exe
  2⤵
  PID:8928
- C:\Windows\System\ZstPMKg.exe
  C:\Windows\System\ZstPMKg.exe
  2⤵
  PID:8980
- C:\Windows\System\WzZjMzC.exe
  C:\Windows\System\WzZjMzC.exe
  2⤵
  PID:9040
- C:\Windows\System\AFmzwnc.exe
  C:\Windows\System\AFmzwnc.exe
  2⤵
  PID:9108
- C:\Windows\System\rFiXuoy.exe
  C:\Windows\System\rFiXuoy.exe
  2⤵
  PID:8992
- C:\Windows\System\FPXcBnx.exe
  C:\Windows\System\FPXcBnx.exe
  2⤵
  PID:9060
- C:\Windows\System\EMUpcvU.exe
  C:\Windows\System\EMUpcvU.exe
  2⤵
  PID:9176
- C:\Windows\System\XVZMDEY.exe
  C:\Windows\System\XVZMDEY.exe
  2⤵
  PID:9124
- C:\Windows\System\wKBhVcz.exe
  C:\Windows\System\wKBhVcz.exe
  2⤵
  PID:8240
- C:\Windows\System\eLKrshT.exe
  C:\Windows\System\eLKrshT.exe
  2⤵
  PID:9160
- C:\Windows\System\ObZjMUW.exe
  C:\Windows\System\ObZjMUW.exe
  2⤵
  PID:9188
- C:\Windows\System\dLqbWKo.exe
  C:\Windows\System\dLqbWKo.exe
  2⤵
  PID:7764
- C:\Windows\System\OvWyfzD.exe
  C:\Windows\System\OvWyfzD.exe
  2⤵
  PID:7240
- C:\Windows\System\GMQFveG.exe
  C:\Windows\System\GMQFveG.exe
  2⤵
  PID:8288
- C:\Windows\System\qsSonfF.exe
  C:\Windows\System\qsSonfF.exe
  2⤵
  PID:7716
- C:\Windows\System\QKZLDOh.exe
  C:\Windows\System\QKZLDOh.exe
  2⤵
  PID:7744
- C:\Windows\System\iAIUmZT.exe
  C:\Windows\System\iAIUmZT.exe
  2⤵
  PID:8016
- C:\Windows\System\ulkhnOq.exe
  C:\Windows\System\ulkhnOq.exe
  2⤵
  PID:8540
- C:\Windows\System\FWzzPWX.exe
  C:\Windows\System\FWzzPWX.exe
  2⤵
  PID:8212
- C:\Windows\System\XFRUuza.exe
  C:\Windows\System\XFRUuza.exe
  2⤵
  PID:8308
- C:\Windows\System\AwLmSBS.exe
  C:\Windows\System\AwLmSBS.exe
  2⤵
  PID:8484
- C:\Windows\System\JwuAGEL.exe
  C:\Windows\System\JwuAGEL.exe
  2⤵
  PID:9156
- C:\Windows\System\FBiVRGk.exe
  C:\Windows\System\FBiVRGk.exe
  2⤵
  PID:8376
- C:\Windows\System\irOilwT.exe
  C:\Windows\System\irOilwT.exe
  2⤵
  PID:8604
- C:\Windows\System\iRGgWEu.exe
  C:\Windows\System\iRGgWEu.exe
  2⤵
  PID:8784
- C:\Windows\System\KzLBPRU.exe
  C:\Windows\System\KzLBPRU.exe
  2⤵
  PID:8668
- C:\Windows\System\mRQNHvp.exe
  C:\Windows\System\mRQNHvp.exe
  2⤵
  PID:8816
- C:\Windows\System\QXDgRLE.exe
  C:\Windows\System\QXDgRLE.exe
  2⤵
  PID:8868
- C:\Windows\System\jDETaMM.exe
  C:\Windows\System\jDETaMM.exe
  2⤵
  PID:9044
- C:\Windows\System\bsGHEbK.exe
  C:\Windows\System\bsGHEbK.exe
  2⤵
  PID:9172
- C:\Windows\System\WctOGtx.exe
  C:\Windows\System\WctOGtx.exe
  2⤵
  PID:8964
- C:\Windows\System\kNJBOOp.exe
  C:\Windows\System\kNJBOOp.exe
  2⤵
  PID:2800
- C:\Windows\System\GcBzhJb.exe
  C:\Windows\System\GcBzhJb.exe
  2⤵
  PID:9120
- C:\Windows\System\RJltQdP.exe
  C:\Windows\System\RJltQdP.exe
  2⤵
  PID:8216
- C:\Windows\System\TrtcqmM.exe
  C:\Windows\System\TrtcqmM.exe
  2⤵
  PID:7860
- C:\Windows\System\mKMYUwX.exe
  C:\Windows\System\mKMYUwX.exe
  2⤵
  PID:7256
- C:\Windows\System\xgqEOLt.exe
  C:\Windows\System\xgqEOLt.exe
  2⤵
  PID:7280
- C:\Windows\System\fMBGHVp.exe
  C:\Windows\System\fMBGHVp.exe
  2⤵
  PID:8336
- C:\Windows\System\IBeOEIU.exe
  C:\Windows\System\IBeOEIU.exe
  2⤵
  PID:7748
- C:\Windows\System\sViCDfq.exe
  C:\Windows\System\sViCDfq.exe
  2⤵
  PID:8576
- C:\Windows\System\fnitUPk.exe
  C:\Windows\System\fnitUPk.exe
  2⤵
  PID:8588
- C:\Windows\System\sQQLBGn.exe
  C:\Windows\System\sQQLBGn.exe
  2⤵
  PID:8788
- C:\Windows\System\geJuyWM.exe
  C:\Windows\System\geJuyWM.exe
  2⤵
  PID:8900
- C:\Windows\System\DbAfwsi.exe
  C:\Windows\System\DbAfwsi.exe
  2⤵
  PID:8916
- C:\Windows\System\ijgKKMk.exe
  C:\Windows\System\ijgKKMk.exe
  2⤵
  PID:9028
- C:\Windows\System\FhXAKUh.exe
  C:\Windows\System\FhXAKUh.exe
  2⤵
  PID:8140
- C:\Windows\System\dcZrweU.exe
  C:\Windows\System\dcZrweU.exe
  2⤵
  PID:8360
- C:\Windows\System\UnFwDND.exe
  C:\Windows\System\UnFwDND.exe
  2⤵
  PID:8620
- C:\Windows\System\TRqjgDm.exe
  C:\Windows\System\TRqjgDm.exe
  2⤵
  PID:7972
- C:\Windows\System\thsvalv.exe
  C:\Windows\System\thsvalv.exe
  2⤵
  PID:8636
- C:\Windows\System\psNfjrx.exe
  C:\Windows\System\psNfjrx.exe
  2⤵
  PID:8640
- C:\Windows\System\vQzyxFy.exe
  C:\Windows\System\vQzyxFy.exe
  2⤵
  PID:9152
- C:\Windows\System\PIJyPoC.exe
  C:\Windows\System\PIJyPoC.exe
  2⤵
  PID:8488
- C:\Windows\System\RegAdOO.exe
  C:\Windows\System\RegAdOO.exe
  2⤵
  PID:8752
- C:\Windows\System\BGFqFbz.exe
  C:\Windows\System\BGFqFbz.exe
  2⤵
  PID:7572
- C:\Windows\System\seQzSBV.exe
  C:\Windows\System\seQzSBV.exe
  2⤵
  PID:9228
- C:\Windows\System\fvRVAGs.exe
  C:\Windows\System\fvRVAGs.exe
  2⤵
  PID:9244
- C:\Windows\System\wjHXgug.exe
  C:\Windows\System\wjHXgug.exe
  2⤵
  PID:9260
- C:\Windows\System\apSnkdT.exe
  C:\Windows\System\apSnkdT.exe
  2⤵
  PID:9276
- C:\Windows\System\ZXBMSER.exe
  C:\Windows\System\ZXBMSER.exe
  2⤵
  PID:9292
- C:\Windows\System\nhtAyXy.exe
  C:\Windows\System\nhtAyXy.exe
  2⤵
  PID:9312
- C:\Windows\System\zYJzofA.exe
  C:\Windows\System\zYJzofA.exe
  2⤵
  PID:9328
- C:\Windows\System\PunCtEu.exe
  C:\Windows\System\PunCtEu.exe
  2⤵
  PID:9344
- C:\Windows\System\opNLCfd.exe
  C:\Windows\System\opNLCfd.exe
  2⤵
  PID:9360
- C:\Windows\System\qRaQeqT.exe
  C:\Windows\System\qRaQeqT.exe
  2⤵
  PID:9376
- C:\Windows\System\FgksdOS.exe
  C:\Windows\System\FgksdOS.exe
  2⤵
  PID:9392
- C:\Windows\System\SIChxxy.exe
  C:\Windows\System\SIChxxy.exe
  2⤵
  PID:9408
- C:\Windows\System\EwmIaQq.exe
  C:\Windows\System\EwmIaQq.exe
  2⤵
  PID:9424
- C:\Windows\System\JjybPsO.exe
  C:\Windows\System\JjybPsO.exe
  2⤵
  PID:9440
- C:\Windows\System\iniziOW.exe
  C:\Windows\System\iniziOW.exe
  2⤵
  PID:9456
- C:\Windows\System\UIDIAib.exe
  C:\Windows\System\UIDIAib.exe
  2⤵
  PID:9472
- C:\Windows\System\xjbrAVF.exe
  C:\Windows\System\xjbrAVF.exe
  2⤵
  PID:9488
- C:\Windows\System\eYLDlAJ.exe
  C:\Windows\System\eYLDlAJ.exe
  2⤵
  PID:9504
- C:\Windows\System\CbdOtAa.exe
  C:\Windows\System\CbdOtAa.exe
  2⤵
  PID:9520
- C:\Windows\System\rPCqfFY.exe
  C:\Windows\System\rPCqfFY.exe
  2⤵
  PID:9536
- C:\Windows\System\zcEnmlu.exe
  C:\Windows\System\zcEnmlu.exe
  2⤵
  PID:9552
- C:\Windows\System\qdnPyLe.exe
  C:\Windows\System\qdnPyLe.exe
  2⤵
  PID:9568
- C:\Windows\System\kchvuZg.exe
  C:\Windows\System\kchvuZg.exe
  2⤵
  PID:9584
- C:\Windows\System\pYgAqrU.exe
  C:\Windows\System\pYgAqrU.exe
  2⤵
  PID:9600
- C:\Windows\System\yfhHpNP.exe
  C:\Windows\System\yfhHpNP.exe
  2⤵
  PID:9616
- C:\Windows\System\GyCQsvn.exe
  C:\Windows\System\GyCQsvn.exe
  2⤵
  PID:9632
- C:\Windows\System\huqDUCC.exe
  C:\Windows\System\huqDUCC.exe
  2⤵
  PID:9648
- C:\Windows\System\rhJlilp.exe
  C:\Windows\System\rhJlilp.exe
  2⤵
  PID:9664
- C:\Windows\System\ihcwXom.exe
  C:\Windows\System\ihcwXom.exe
  2⤵
  PID:9680
- C:\Windows\System\CxGHcru.exe
  C:\Windows\System\CxGHcru.exe
  2⤵
  PID:9696
- C:\Windows\System\LwAJUaY.exe
  C:\Windows\System\LwAJUaY.exe
  2⤵
  PID:9712
- C:\Windows\System\vIeZToY.exe
  C:\Windows\System\vIeZToY.exe
  2⤵
  PID:9728
- C:\Windows\System\OMIKszt.exe
  C:\Windows\System\OMIKszt.exe
  2⤵
  PID:9744
- C:\Windows\System\DMyLlJH.exe
  C:\Windows\System\DMyLlJH.exe
  2⤵
  PID:9760
- C:\Windows\System\QDXHTUJ.exe
  C:\Windows\System\QDXHTUJ.exe
  2⤵
  PID:9776
- C:\Windows\System\yUfPpxR.exe
  C:\Windows\System\yUfPpxR.exe
  2⤵
  PID:9792
- C:\Windows\System\aCsNpqt.exe
  C:\Windows\System\aCsNpqt.exe
  2⤵
  PID:9808
- C:\Windows\System\GPIlYgS.exe
  C:\Windows\System\GPIlYgS.exe
  2⤵
  PID:9824
- C:\Windows\System\JbOnKQv.exe
  C:\Windows\System\JbOnKQv.exe
  2⤵
  PID:9840
- C:\Windows\System\DZcVEwy.exe
  C:\Windows\System\DZcVEwy.exe
  2⤵
  PID:9856
- C:\Windows\System\xlfHLvR.exe
  C:\Windows\System\xlfHLvR.exe
  2⤵
  PID:9872
- C:\Windows\System\DgoIZYY.exe
  C:\Windows\System\DgoIZYY.exe
  2⤵
  PID:9888
- C:\Windows\System\GSbUrEU.exe
  C:\Windows\System\GSbUrEU.exe
  2⤵
  PID:9904
- C:\Windows\System\BeiRxkN.exe
  C:\Windows\System\BeiRxkN.exe
  2⤵
  PID:9924
- C:\Windows\System\hdWeWuf.exe
  C:\Windows\System\hdWeWuf.exe
  2⤵
  PID:9940
- C:\Windows\System\uaDBnMc.exe
  C:\Windows\System\uaDBnMc.exe
  2⤵
  PID:9956
- C:\Windows\System\uuEXLjH.exe
  C:\Windows\System\uuEXLjH.exe
  2⤵
  PID:9972
- C:\Windows\System\tehuOKP.exe
  C:\Windows\System\tehuOKP.exe
  2⤵
  PID:9988
- C:\Windows\System\HnUYGUs.exe
  C:\Windows\System\HnUYGUs.exe
  2⤵
  PID:10004
- C:\Windows\System\paXwtYp.exe
  C:\Windows\System\paXwtYp.exe
  2⤵
  PID:10020
- C:\Windows\System\vLYiuyV.exe
  C:\Windows\System\vLYiuyV.exe
  2⤵
  PID:10036
- C:\Windows\System\BqnnCkZ.exe
  C:\Windows\System\BqnnCkZ.exe
  2⤵
  PID:10052
- C:\Windows\System\CCGCGdM.exe
  C:\Windows\System\CCGCGdM.exe
  2⤵
  PID:10068
- C:\Windows\System\umFVjbI.exe
  C:\Windows\System\umFVjbI.exe
  2⤵
  PID:10084
- C:\Windows\System\fmvUaES.exe
  C:\Windows\System\fmvUaES.exe
  2⤵
  PID:10100
- C:\Windows\System\qwzjWyJ.exe
  C:\Windows\System\qwzjWyJ.exe
  2⤵
  PID:10116
- C:\Windows\System\SQXpRRc.exe
  C:\Windows\System\SQXpRRc.exe
  2⤵
  PID:10132
- C:\Windows\System\EywWNNr.exe
  C:\Windows\System\EywWNNr.exe
  2⤵
  PID:10148
- C:\Windows\System\xQJCBfQ.exe
  C:\Windows\System\xQJCBfQ.exe
  2⤵
  PID:10164
- C:\Windows\System\BtoBddQ.exe
  C:\Windows\System\BtoBddQ.exe
  2⤵
  PID:10180
- C:\Windows\System\gQjaNyw.exe
  C:\Windows\System\gQjaNyw.exe
  2⤵
  PID:10196
- C:\Windows\System\JEmYVPl.exe
  C:\Windows\System\JEmYVPl.exe
  2⤵
  PID:10212
- C:\Windows\System\spPgCPo.exe
  C:\Windows\System\spPgCPo.exe
  2⤵
  PID:10228
- C:\Windows\System\DnkIcIj.exe
  C:\Windows\System\DnkIcIj.exe
  2⤵
  PID:9092
- C:\Windows\System\yVHOMfJ.exe
  C:\Windows\System\yVHOMfJ.exe
  2⤵
  PID:9224
- C:\Windows\System\YuMiJOc.exe
  C:\Windows\System\YuMiJOc.exe
  2⤵
  PID:9236
- C:\Windows\System\NHQJMNU.exe
  C:\Windows\System\NHQJMNU.exe
  2⤵
  PID:9284
- C:\Windows\System\mUWlXBa.exe
  C:\Windows\System\mUWlXBa.exe
  2⤵
  PID:9320
- C:\Windows\System\jAiPxRa.exe
  C:\Windows\System\jAiPxRa.exe
  2⤵
  PID:9356
- C:\Windows\System\fKsMOZN.exe
  C:\Windows\System\fKsMOZN.exe
  2⤵
  PID:9404
- C:\Windows\System\QQTIXZA.exe
  C:\Windows\System\QQTIXZA.exe
  2⤵
  PID:9436
- C:\Windows\System\PHXwDgW.exe
  C:\Windows\System\PHXwDgW.exe
  2⤵
  PID:9416
- C:\Windows\System\JJZlkRg.exe
  C:\Windows\System\JJZlkRg.exe
  2⤵
  PID:9468
- C:\Windows\System\hQxIutu.exe
  C:\Windows\System\hQxIutu.exe
  2⤵
  PID:9512
- C:\Windows\System\neyyOTL.exe
  C:\Windows\System\neyyOTL.exe
  2⤵
  PID:9532
- C:\Windows\System\VqzBLiR.exe
  C:\Windows\System\VqzBLiR.exe
  2⤵
  PID:9592
- C:\Windows\System\muKNouJ.exe
  C:\Windows\System\muKNouJ.exe
  2⤵
  PID:9608
- C:\Windows\System\FgFsUSy.exe
  C:\Windows\System\FgFsUSy.exe
  2⤵
  PID:9656
- C:\Windows\System\HPunBUd.exe
  C:\Windows\System\HPunBUd.exe
  2⤵
  PID:9672
- C:\Windows\System\antmAYm.exe
  C:\Windows\System\antmAYm.exe
  2⤵
  PID:9864
- C:\Windows\System\andwCqo.exe
  C:\Windows\System\andwCqo.exe
  2⤵
  PID:10076
- C:\Windows\System\scZzDzd.exe
  C:\Windows\System\scZzDzd.exe
  2⤵
  PID:10064
- C:\Windows\System\rlDtWhC.exe
  C:\Windows\System\rlDtWhC.exe
  2⤵
  PID:10144
- C:\Windows\System\VXKZXMc.exe
  C:\Windows\System\VXKZXMc.exe
  2⤵
  PID:10128
- C:\Windows\System\TUZoasY.exe
  C:\Windows\System\TUZoasY.exe
  2⤵
  PID:10160
- C:\Windows\System\buWocQi.exe
  C:\Windows\System\buWocQi.exe
  2⤵
  PID:10236
- C:\Windows\System\ulgnaeF.exe
  C:\Windows\System\ulgnaeF.exe
  2⤵
  PID:8056
- C:\Windows\System\JoQMBMo.exe
  C:\Windows\System\JoQMBMo.exe
  2⤵
  PID:9272
- C:\Windows\System\wEiRcKb.exe
  C:\Windows\System\wEiRcKb.exe
  2⤵
  PID:9372
- C:\Windows\System\dtcewNl.exe
  C:\Windows\System\dtcewNl.exe
  2⤵
  PID:9448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FKXWZmf.exe

Filesize
6.0MB

MD5
6154d4822a2ed0fc9f34f0b77fbd1270

SHA1
b6c4ae1f36fde4e81ab4b899481f8d031fe66db6

SHA256
012f94a027ee337e4852f67770c9f084b3aff199c21bbca68173b15d2b8548eb

SHA512
1204d3b68c937d0bc7dc8f85c322641f701b2fd1f67eacf0b1d96779ff44bf588ddee3b6c833684143257d26541cee9761ff27a97a039db00513cca36cbe6218

Download Submit
C:\Windows\system\HrzIjpG.exe

Filesize
6.0MB

MD5
50d97109d35208fecd12715ce7c99d75

SHA1
e9a2f259ca5656746fcfdc2c79411869c51868c1

SHA256
89a2b9e5eb5f84d83c42a20fb2c6ff6fd610752a245b530bc130668a8196ca92

SHA512
06db936bdf7f067da42623ff39ded3a2bf44481f7bf7b9e7de2cb2e958e0d9d7a31695e940f815fa1f3c5330f8c5f9797efb2fcbb52b4d8b4fa5b43e00252af0

Download Submit
C:\Windows\system\JVXHdLy.exe

Filesize
6.0MB

MD5
51d73404ddd60eb82a3a3d5d5354766c

SHA1
49a4cf47390b28e6583756d547945d69fb789e84

SHA256
a84f276a293000f4e358453ddfaa87ce3229c5082f30b91d9a93ae0eaa10159f

SHA512
5acbb386814220980691726e386590f784f4c790ca271b55f71659f8f9dd0708ae7ff625dafa0e8262d1f9e8c3b1a88c18f45b6bc1e5c34ef84bf9a17aea7b35

Download Submit
C:\Windows\system\JduXJts.exe

Filesize
6.0MB

MD5
17b8c6a216ec9762f1309ade156471af

SHA1
b4c8d3fe78cee935eb4280529a10dedc89f10ccd

SHA256
de882e87f9e8f7ab40391c21d868c71cf7e1723b459f4050b3c3a900de2be348

SHA512
9bf47b948e5bcdf3dc606132aeef10d7e87ab968d57217d083b34e759d90ea888e3a10be8b8af3218e92f8bf948511e716667317051a1f1342296b94169f19b1

Download Submit
C:\Windows\system\MhPjfKw.exe

Filesize
6.0MB

MD5
58df62b5c580b75d3dbed7e9c58bfb23

SHA1
15616e62414e6484834529ab9ebda4ef683d545d

SHA256
c29268af0ad5d9e590c1b36535a57aee24dca1fa655c2d9757bb911debc01365

SHA512
bcbd2536d60d2673fec21130db624024686c8ed3b1fb0360ce27916c87aaece2c3e3b7d71e73db9271b9f4bf634327e82358c9418c72a7ccf30efd42e27af4ba

Download Submit
C:\Windows\system\MuGFRzh.exe

Filesize
6.0MB

MD5
f5f437686b771bd2c1950224b37f8757

SHA1
725fba4ef500df80a90aeec9bbf1c60bac112416

SHA256
fc48b3a7a4e472ff121d4e27b51beb7841e6297fc21a144f289a4c5c2679ad80

SHA512
6f52b48cfdde13020ef7d8fecc09e11e838888312a735c7c1d6c2918a1faa76f10bc813f76bc6e6ae9498bab62d7fd6bf814fba0dff7af0f528e1e1e0d4b8729

Download Submit
C:\Windows\system\OKdYsml.exe

Filesize
6.0MB

MD5
ac89b897295968ead9e2740ab1cf33bd

SHA1
74d4843b19f17110a45d3c24a504f62d10a31263

SHA256
b2c21c8e7edcdc26db535b5d326bb336f8fe38cdb60b329835f66b57eda32c20

SHA512
5389210c5a4885a420dffc8035f5c98fb7a5160bc0faec368d88065f827f00c4f0e9166114d9907f914fc310ac33c02e96af3549cddde57a4e95eabfb1d42475

Download Submit
C:\Windows\system\OmctmqT.exe

Filesize
6.0MB

MD5
3fa4a202ac2dfcce9dd692ebe9f4d3f5

SHA1
8f448a12d0297f03a8cd8725ca6e7c3ee6f55d14

SHA256
67f98fd587c1648da40351885461a5e8f920878c6292fc0b6f80683722a6277a

SHA512
75b7cbbe3b01cbc65e7bd9dc00497357dd00ac1a49fa7bf77ff38cd1cb51823e89138d86854f65a7ff9612c3e628bb12065a7888b48bc5f26df29e66ff152299

Download Submit
C:\Windows\system\QQVkBFk.exe

Filesize
6.0MB

MD5
cef962c653d2fba3bdc3b4efb6c1d996

SHA1
ff218c1a1976398c5b5caeadfc5f8c8fc556a1dc

SHA256
ca36f3e810f3fa643802ea989081b40ec0adc941c8dcbcc5ff02e41ec7de6b8a

SHA512
e3e0cd3cc7a7011ba2efed46fa253bbc735c2f97dce4a5cec6257cd2ba4c3b5aaddd64876ea62caace639c9a1997623e0fa4db7c6ecae0e366995e4b4e24c2b4

Download Submit
C:\Windows\system\QeGjSjv.exe

Filesize
6.0MB

MD5
ccc084cbb94a0fc18b0535f01dc704f2

SHA1
3d564355ea245b49d65c816689d62b12842a78bf

SHA256
497a9f10ddcff8fd8049904e1f5277c6c408d82799f2f5e1d775cde009ceb97a

SHA512
0f7474fbdc51d8a933c1a2a7f5959ab67ad8c9401498391bfab906c94c550f22fa989b0a58ca6df32bacb41ebe535391908992c85e59ee18c8f6ac668ef2e940

Download Submit
C:\Windows\system\QrUinCY.exe

Filesize
6.0MB

MD5
1df7b4823f71634dce422cd6c7fc2664

SHA1
507566068018dbcd33bc0e0554107b23eb767935

SHA256
d836b00c2eeeea1229c49afedc2fb330b9589fdddcb3f7f799da842cc91bfc60

SHA512
b5885588ae6b7508fe9d0ef825b5e3820342982ebb902e4c370dc58661807e7eed86ece7e89baa99aee79744b1ae8b49e538c8aee47ff7b0f303a25ee6a55da6

Download Submit
C:\Windows\system\TATJbOY.exe

Filesize
6.0MB

MD5
8ed78f6ed78554224020f94bf5bc0d87

SHA1
64aa5a3353ca3f65bfc5a21ad603d972e7da4716

SHA256
77fceaeb5d5b0a0f72f2a4a0c27fc866ff7610b238ff299f14ae32b14581adf3

SHA512
be06b70cb23ded32f027fab413e45b239451e10ca6f39d86096c3fc0afee91b1205bc4cade9ad515eade680473d956f7dcbefc9912a2c098ce70fd1c1615de48

Download Submit
C:\Windows\system\YlInpLK.exe

Filesize
6.0MB

MD5
3dee4356bed8fc467d4fd9f348240e2d

SHA1
bfeb163ae7827374092d20e8d5e6f0e002bb7548

SHA256
8666839d998e40a704a91b1188a7d236aba5a78bbaf385d495b205ed52ef55be

SHA512
d0211d3e0ca09aaae97f3dab7bde0735569570edcfba72cde0a8ac6d54df7d1f91771ec73f46351f9f063ba53e875b076c9e688731952853c1b22e47ee21a1fb

Download Submit
C:\Windows\system\ZLORpKj.exe

Filesize
6.0MB

MD5
14c6b0babeb4eed122d3b0ab69957da6

SHA1
3c423d99fd9f7471ffb0b5240bebcb7cd1c7f408

SHA256
5d4a41a394f1a1e871c0fb95902a0b939c86b22803417c7d58b45a59294d8aa8

SHA512
0c5de1a471f673872a83c3e919db0db34ab05dc9b4492dcd33a205ea817c4f59321c12d7b7deaa83573738a4c887d362a3921c484afccee069e506baa7c12ced

Download Submit
C:\Windows\system\bcfsXwk.exe

Filesize
6.0MB

MD5
0b6034cfc7b01a9e64ba83a6f595bbf9

SHA1
5b11a791dbe182d0ef81d5e05b686a9b2cd78898

SHA256
e9082d57bb9c4948647d8cdbe9e6ea08aed7ba0e6dca010c7cb1b7151582ec2c

SHA512
4c85e7b5ff107b435b5109a83650e69bf46f156aaf50772c6dfd8f3ee22dbaf054fc04e717969e7536f28915567163080ddcc2c3e7f52882a52fd0fde8eccba4

Download Submit
C:\Windows\system\cIPBamC.exe

Filesize
6.0MB

MD5
05702d2dec3ebdff1fd7b62b07b5d041

SHA1
f8d72a8cea1e41fad06304bc6378d64f7a0697d6

SHA256
7b739f266e51797f36f64a76020d3a212aecef1125fda104afcf66e3b3845e21

SHA512
e195ac27fc0fa5a2010bb7eaeb3561f8b661fadd714134036bbef71fa3dd1486e2bb1cc5a5f5dc632afaa85a16f829f40532003cde8579ecb9beb4a49d44864b

Download Submit
C:\Windows\system\fUGxQSU.exe

Filesize
6.0MB

MD5
09b50a0a387555df833340fed90368e3

SHA1
c49d7b479d7e21c36aeee53139d42ee1ce1be4d6

SHA256
4ff43c7b8c2052a59bc00e62dcc7578c2eb5e6013d97031f20587d4f41f3ec54

SHA512
11371c8897ea91ba81861b35f361c99bb19f355ed79c92d0b15600727c3081d63031314564edb72685793096860fc8f1930ec4e1e2f70b5d09deeb4a59c2234e

Download Submit
C:\Windows\system\fjmpoIG.exe

Filesize
6.0MB

MD5
c95acc55df5b693dfdab464f3ef06d99

SHA1
c7f17914b9fda4fafd5a2374464ae708313713ac

SHA256
2652006f5a8216af8a7092c090646d485d9dff2afa2c82df957d1978e144c178

SHA512
151cc24a49283d3f5e52ad1d6ececa940a30e705dc2e8205a316e42374a9eec1c9a5efa4477268d1f53a81791b6ccdfd5d8c02a923996023b5215b6cf4d5c6b0

Download Submit
C:\Windows\system\jWCOuSd.exe

Filesize
6.0MB

MD5
1d485be9672f4c0b0c4254c3b69416a0

SHA1
6571d9546201ca45b2e05fbb3fabaa51e8033e1b

SHA256
ef91020744f370c1cbb34fc52f2a7979d5507fdc67b6165f6558a17cc2399c4e

SHA512
1558408ca61eb75c715625bb18ad97ef7336777c3ba2f3d65394e7ff2c69a4fce0e07ad8604b0c67cea394103be9252629b7ba0cfd252b9567b780c71b0302c1

Download Submit
C:\Windows\system\jcXaoJL.exe

Filesize
6.0MB

MD5
279b6ac64def9d88b6427892e0c311e6

SHA1
0cadf2a53729244c778f03590646ae77993599f9

SHA256
cdea96a2a6f1b9558cead36ed7bc13320c8f4e3f33f9568760a5d80b8369c0d2

SHA512
28b5101d95c015423933786f1f8010b450789c2e5461e16c5c20dc586fcb4b73c14cc047565eeed37f637efa72181744978cb7525c8de23f589b829d5f3f4f87

Download Submit
C:\Windows\system\kcKlUDP.exe

Filesize
6.0MB

MD5
1ec37397d245d9f76538fb8bee4b4005

SHA1
53eaf89580cd0c3094e20c53befbcfd3c8d47508

SHA256
3b89b278fbd826531a9868bb7a8c0d0e26cc47138f9355f18694635de3ce447d

SHA512
81199b50d7f6cf0776c91a5338599831da2cea82b90a53d91c306b0d9f03e96eee27afd909f3e68b6c7b75e3a38ce6f6d55093dc4ac1fae48b9ce0cce9bf03e6

Download Submit
C:\Windows\system\sxBhkHC.exe

Filesize
6.0MB

MD5
3eb9e184b51325886ff17fe40f0a8893

SHA1
943fe4fefb340e162d1fe35c0d2e0055d10bc18b

SHA256
967544a821f66938d7d06c3325bb700b2c442588f30db935026fcbbb3bd14a35

SHA512
c8b938c67643b7b1c2c46e4817f11c2b6cb7386649280f6a1c6cd71371912842250aec751b3c60bb24aa002aa53146a2d0bf06a06cd542c87d6c81447e2e388c

Download Submit
C:\Windows\system\uKCSmbs.exe

Filesize
6.0MB

MD5
e3d588304e857ffebc0704af906d8959

SHA1
e6af9361d8421acf822b59fb2d412d986fbcf387

SHA256
ad4fa5df9d56a39bc38d444292837deebcc30d78f74df88faf9a0ea7b6364ef5

SHA512
8b74e372f143829275b123765713bc0c6a5cafec5b509986077c1d761af07fbfc7d29c4273e60c5efa65c903c427d0dea2b946fd95038a752607294c909bd3f0

Download Submit
C:\Windows\system\vRfTert.exe

Filesize
6.0MB

MD5
cf212da99df383619ffa5fcfdf672480

SHA1
bcf702ce8beee117d656b06c854c56a31af10a22

SHA256
e3490e4ad4701c49bd5adada8afb3e436a007b800763ba53dedc0e7d8639f2b3

SHA512
212122517732324b0875d3cae52104e2af5b49253412b77aa0160aa3ddf9d01a0ed8dc47292e9e7629282f24daaf2bdce960ef187c5318b07c4730b10e02d177

Download Submit
C:\Windows\system\vjDiBhi.exe

Filesize
6.0MB

MD5
43a7d490450b3a2c1d437c644bca5d6e

SHA1
e37ff30401f308a859f7c4a029c5a2e338431952

SHA256
06e2612f4a6e3e8c0e884f0b063a1a34a8736fc32b7e267ee582523fe4ed595e

SHA512
d5ab9621d6fc0750950460eee15b5a71229bcab9c4575629cfab24a2c0ccdca6d792080b2489116f24a2eb2843d19e8e7b0656e04a557cfcdceef3a7eae3d735

Download Submit
C:\Windows\system\xhnujfH.exe

Filesize
6.0MB

MD5
8fc404ab1783b481ab70ebc40c03c436

SHA1
937933c3bfefe7c8984db4bcc9b314f41a59f8cd

SHA256
0521340e0f3a8718c3cdd7355500027dbd918fb915c6c30e9194c8b0b3438537

SHA512
c9e270b5dc9f95bcfed62e34f6cc33b7bd39218a7f7f5596b348c90fbe59b7daa56b102202f32b471ccb077497bba62dfc2f3c39facb8ee47045d5b77b328af2

Download Submit
C:\Windows\system\xkaAhzR.exe

Filesize
6.0MB

MD5
5cc16fa68fc3da6e403ef67af636a7fc

SHA1
d5a17d938085a7081f83ccb2c8711f7c71817260

SHA256
c396694ba432ced6c145850823253868278a2287d6633e0079f0b16cca8f5ec9

SHA512
846f4a073078ec1461062bda4b823754ea3ee33f553f00ee9c9d8b2334c9b64b76975939a6a2bb512930409e10ff2a82536cfea851c6f689b34c02d4fbd7bea1

Download Submit
\Windows\system\FgEnXpu.exe

Filesize
6.0MB

MD5
2cd564d3a4e86a5b24dfd69d16b06ccb

SHA1
cde1bac6335781a398d7848b3f651d2b23117095

SHA256
f0b5ac92f62da3c6b25c87625161f0ec4d8ad5c004086dcb289b37178e0a48ec

SHA512
b8ce24c8867dc3282a0862e03d2676671de109a9a2fd45875a0fd545fd04babe7a57abfd28b011aafe745448babf4294a93a4f7abdd42c69191a68e4155e6011

Download Submit
\Windows\system\PBJlljj.exe

Filesize
6.0MB

MD5
619704a7de576ca6c9f20ed65fc326eb

SHA1
578ee18803dcdef2c038385520486a356552caec

SHA256
1567cbf98f68377408ed61fc6ef016aef44871b25e8abdf5cf5a6805a354669b

SHA512
226655da716b826c8ad9af634630241c51f9a63e172cf7b42ab368c32f1a2bbf527c1a7802a9053cc3d67a6a58c85c46d4d06341f29e20a2139c78852e627c71

Download Submit
\Windows\system\cJsxEhs.exe

Filesize
6.0MB

MD5
867d00e67173103e6e555e9135b05c59

SHA1
1f76c590e397e08468cb5cd804f8c085a348d7ab

SHA256
12f92e877c6fd9e163a1dfe0f85f3018a7f64acd1a77294162ea46f0aa5e5222

SHA512
9d1c911459ac349352fac9d66599d17ceb613696c45e4f6c733a573d09eeb01c61a08bb81e5172b85afae2f8d96f16047f4ac55e35f9ce026c154d907bb7c7bf

Download Submit
\Windows\system\gzRqzpg.exe

Filesize
6.0MB

MD5
86cb78eef5b6a8802e1e990eb01cd4a3

SHA1
8b906ca6d67e363d12615bf7c2b706cba6d759ba

SHA256
e2221d5ab0b113be9f2048865b0e9e368bc0f0d77f54e86d02ec655d6b8d65e4

SHA512
3c7ffccfac1a555e5d5b3ac7a226c259c17200a57bbcadc67ffa374f2f97c2b631445b1772f159aa5f29a3bee0f17ce8a6df8987f9a172aebbdeda13c402851a

Download Submit
\Windows\system\mkSZWRW.exe

Filesize
6.0MB

MD5
c95dff9ecc34cb429efe11ff5ba659a4

SHA1
352d509b23efe2573bcdcdfc12af5594ee561e9b

SHA256
60c65e23d7461e8ccfb2f47fc55e2a1bdd84455c880986cc2fbda4cfa28809fa

SHA512
bed596193c498243bf70e7e7111301847767d673c55e120ebb717c40eb0b9fe98ebec667816744290329eae732764a50b0d03267d49bd2e48a745015503de9fc

Download Submit
\Windows\system\nOcNEBK.exe

Filesize
6.0MB

MD5
661d92f9bc4962202e25ebffc47ed335

SHA1
b05aca854339120309923092763a7bc5db818d41

SHA256
34f709eb57356e43e63101b6ef20e290b433a685d93e004c2e92a708d8fc5e3b

SHA512
98cf8fc3e45545af0fe8f1c7aa255c75c361667e1a97868110e5b68d04910412058b825d47962819b275861d92777ae0af5a6a7b98e4671b9e842e571eca203d

Download Submit
memory/432-2098-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/432-97-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1480-2002-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1480-24-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1672-2058-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-80-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-2052-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-75-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-29-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1824-82-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1824-2024-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2080-94-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2125-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-2119-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2180-93-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2648-60-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2648-2041-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2744-2029-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2744-51-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2792-2032-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2792-107-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2792-42-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-2153-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2816-108-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2936-305-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-50-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2936-98-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2936-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2936-342-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-83-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-456-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-81-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2936-79-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2936-95-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-25-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2936-26-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-343-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-109-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-59-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-12-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2936-52-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2936-74-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-41-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-27-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-36-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2936-263-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2964-58-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2964-1993-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2964-19-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/3016-2000-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-23-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-37-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2023-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download