cobaltstrike | 4c7ecc5a154e07313a6586417888e474b5f011ca36106ed567b8d88240858b0c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-12-2024 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

cb9ea527526a5b54c28e07350dad044d
SHA1

46ed2d44573b07373482331727c8cf0307d11480
SHA256

4c7ecc5a154e07313a6586417888e474b5f011ca36106ed567b8d88240858b0c
SHA512

2df0b7eb9d070304e62f8fcb255d741d717612829b069f7649a1a904b9b386e7bffa6b5f8a6af2071903d8b672f30606751d2568af000bce44fdc16c712d7027
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0033000000011c23-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160ae-8.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160d5-20.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016311-23.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000165b6-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016858-41.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-60.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016bfc-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016652-35.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e47-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f6-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f2-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-151.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2400-0-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0033000000011c23-3.dat	xmrig
behavioral1/files/0x00080000000160ae-8.dat	xmrig
behavioral1/memory/2400-16-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1844-15-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/876-12-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x00080000000160d5-20.dat	xmrig
behavioral1/memory/2888-22-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016311-23.dat	xmrig
behavioral1/files/0x00070000000165b6-32.dat	xmrig
behavioral1/files/0x0007000000016858-41.dat	xmrig
behavioral1/files/0x00050000000192f0-50.dat	xmrig
behavioral1/files/0x000500000001932a-55.dat	xmrig
behavioral1/files/0x0005000000019346-65.dat	xmrig
behavioral1/files/0x00050000000193a2-77.dat	xmrig
behavioral1/memory/2400-87-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2400-102-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2640-103-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/1916-106-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193af-88.dat	xmrig
behavioral1/files/0x00050000000193f8-108.dat	xmrig
behavioral1/memory/2632-93-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2772-90-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x00050000000193fa-112.dat	xmrig
behavioral1/memory/2400-107-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/992-104-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2796-101-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c9-99.dat	xmrig
behavioral1/memory/2776-98-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2892-86-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2768-84-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2872-80-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2824-78-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019384-71.dat	xmrig
behavioral1/files/0x000500000001933e-60.dat	xmrig
behavioral1/files/0x000a000000016bfc-45.dat	xmrig
behavioral1/files/0x0007000000016652-35.dat	xmrig
behavioral1/memory/2400-116-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015e47-121.dat	xmrig
behavioral1/files/0x0005000000019408-128.dat	xmrig
behavioral1/memory/876-136-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a7-138.dat	xmrig
behavioral1/files/0x00050000000194b4-143.dat	xmrig
behavioral1/files/0x0005000000019494-133.dat	xmrig
behavioral1/files/0x00050000000194e2-159.dat	xmrig
behavioral1/files/0x00050000000194ea-162.dat	xmrig
behavioral1/files/0x00050000000194da-154.dat	xmrig
behavioral1/files/0x0005000000019501-179.dat	xmrig
behavioral1/files/0x00050000000194f6-174.dat	xmrig
behavioral1/files/0x0005000000019515-187.dat	xmrig
behavioral1/files/0x000500000001953a-190.dat	xmrig
behavioral1/files/0x0005000000019503-185.dat	xmrig
behavioral1/files/0x00050000000194f2-169.dat	xmrig
behavioral1/files/0x00050000000194d4-151.dat	xmrig
behavioral1/memory/876-4016-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2888-4017-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/1916-4018-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2872-4019-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2768-4020-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2892-4021-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2772-4022-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2632-4023-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2776-4024-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2796-4025-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
876	cXbbOkR.exe
1844	YbkOQwG.exe
2888	rXnfmzn.exe
1916	QgkrjGC.exe
2824	aXIUiXt.exe
2872	QMpjpYv.exe
2768	NXMdqJz.exe
2892	WrkOzwh.exe
2772	BrWFYpK.exe
2632	yUGucYG.exe
2776	BnvUxRf.exe
2796	smEbUWE.exe
2640	uDaIARu.exe
992	thnIMyr.exe
1028	lCvZWHT.exe
868	VflXbUU.exe
1496	sZLtHEd.exe
1084	MOTZELp.exe
2584	aHsWXRz.exe
2112	LfQnReW.exe
1048	parvomF.exe
2148	YBTVzvL.exe
2188	sddyNOs.exe
2308	RuGqKIR.exe
2276	ACiIXCO.exe
2980	cIkFbvs.exe
1716	CiPOFsu.exe
840	cHZnLNX.exe
2036	tNySwki.exe
1400	CtMfKyb.exe
708	kPumkyy.exe
1316	WgcfIXR.exe
2924	UYJFPyl.exe
1552	EEIuYbV.exe
2520	ZDTtdaZ.exe
2912	VnULzSn.exe
2092	cblSsmx.exe
1284	QTiNAso.exe
2420	LBwJTZw.exe
564	VYhTblm.exe
2336	sShUfbi.exe
988	ohLBheC.exe
2352	Nwayxjj.exe
2280	IcBYMEB.exe
1492	mZSmQNF.exe
1848	JGRciPz.exe
1740	itfBwJB.exe
1892	clvLnuc.exe
1508	neJbNnd.exe
1000	AQEhkla.exe
1884	VolYerc.exe
1656	dwMCHsM.exe
1576	vxkcRxJ.exe
1720	ctqdgWw.exe
1712	MgoYkjv.exe
2696	RrLAyEI.exe
2972	iIajxfH.exe
2880	BAlZZoe.exe
2720	DwiuOXC.exe
2612	dYrkiTo.exe
1528	ZyZYkFa.exe
1636	dbfzFkK.exe
2312	SOxdxYp.exe
2648	ILaJJwn.exe

Loads dropped DLL 64 IoCs

pid	Process
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2400-0-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0033000000011c23-3.dat	upx
behavioral1/files/0x00080000000160ae-8.dat	upx
behavioral1/memory/1844-15-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/876-12-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x00080000000160d5-20.dat	upx
behavioral1/memory/2888-22-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x0008000000016311-23.dat	upx
behavioral1/files/0x00070000000165b6-32.dat	upx
behavioral1/files/0x0007000000016858-41.dat	upx
behavioral1/files/0x00050000000192f0-50.dat	upx
behavioral1/files/0x000500000001932a-55.dat	upx
behavioral1/files/0x0005000000019346-65.dat	upx
behavioral1/files/0x00050000000193a2-77.dat	upx
behavioral1/memory/2640-103-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/1916-106-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x00050000000193af-88.dat	upx
behavioral1/files/0x00050000000193f8-108.dat	upx
behavioral1/memory/2632-93-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2772-90-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x00050000000193fa-112.dat	upx
behavioral1/memory/992-104-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2796-101-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x00050000000193c9-99.dat	upx
behavioral1/memory/2776-98-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2892-86-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2768-84-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2872-80-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2824-78-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x0005000000019384-71.dat	upx
behavioral1/files/0x000500000001933e-60.dat	upx
behavioral1/files/0x000a000000016bfc-45.dat	upx
behavioral1/files/0x0007000000016652-35.dat	upx
behavioral1/memory/2400-116-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0008000000015e47-121.dat	upx
behavioral1/files/0x0005000000019408-128.dat	upx
behavioral1/memory/876-136-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x00050000000194a7-138.dat	upx
behavioral1/files/0x00050000000194b4-143.dat	upx
behavioral1/files/0x0005000000019494-133.dat	upx
behavioral1/files/0x00050000000194e2-159.dat	upx
behavioral1/files/0x00050000000194ea-162.dat	upx
behavioral1/files/0x00050000000194da-154.dat	upx
behavioral1/files/0x0005000000019501-179.dat	upx
behavioral1/files/0x00050000000194f6-174.dat	upx
behavioral1/files/0x0005000000019515-187.dat	upx
behavioral1/files/0x000500000001953a-190.dat	upx
behavioral1/files/0x0005000000019503-185.dat	upx
behavioral1/files/0x00050000000194f2-169.dat	upx
behavioral1/files/0x00050000000194d4-151.dat	upx
behavioral1/memory/876-4016-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2888-4017-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/1916-4018-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2872-4019-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2768-4020-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2892-4021-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2772-4022-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2632-4023-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2776-4024-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2796-4025-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2640-4026-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2824-4027-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/992-4028-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JwKOWVL.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGtRJsF.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpqYmEP.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hweIVxd.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DonjuSv.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVXroNR.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZhMZXq.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JJCgTPl.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGUsRKE.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNaYkFm.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaMPDoK.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWLMxSs.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsjpnfm.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYZbZUR.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEdlDSJ.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwQvnkV.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvzslqP.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwMCHsM.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iyGyRoG.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rnptXBF.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVHqpUo.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYWLapx.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcANVAj.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNkjNpQ.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AulxIyM.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESgFukf.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fnbgEPn.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTznRjD.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CeXlfAC.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvNNuIz.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMNeqfa.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clvLnuc.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOWnvqV.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HnRciTb.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HziQwxM.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVRLljI.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctXCsws.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJQkslB.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Nwayxjj.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqnlQEy.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YpYAUlo.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXmqWAv.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQPOYhH.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MgoYkjv.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JOSbMJI.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zrgahyy.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcXbRRa.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpWqeTC.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOqvEwC.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBiNZCf.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILaJJwn.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JYAILKE.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyfYFYM.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMsMaxZ.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tVdcFXT.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIJDpLS.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJLfRhZ.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHNuYui.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUHOJIf.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiMoTJz.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDvSCEL.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSpuRxT.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuGqKIR.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKZnkYx.exe	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 876	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2400 wrote to memory of 876	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2400 wrote to memory of 876	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2400 wrote to memory of 1844	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2400 wrote to memory of 1844	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2400 wrote to memory of 1844	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2400 wrote to memory of 2888	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2400 wrote to memory of 2888	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2400 wrote to memory of 2888	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2400 wrote to memory of 1916	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2400 wrote to memory of 1916	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2400 wrote to memory of 1916	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2400 wrote to memory of 2824	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2400 wrote to memory of 2824	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2400 wrote to memory of 2824	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2400 wrote to memory of 2872	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2400 wrote to memory of 2872	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2400 wrote to memory of 2872	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2400 wrote to memory of 2768	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2400 wrote to memory of 2768	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2400 wrote to memory of 2768	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2400 wrote to memory of 2892	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2400 wrote to memory of 2892	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2400 wrote to memory of 2892	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2400 wrote to memory of 2772	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2400 wrote to memory of 2772	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2400 wrote to memory of 2772	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2400 wrote to memory of 2632	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2400 wrote to memory of 2632	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2400 wrote to memory of 2632	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2400 wrote to memory of 2776	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2400 wrote to memory of 2776	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2400 wrote to memory of 2776	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2400 wrote to memory of 2796	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2400 wrote to memory of 2796	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2400 wrote to memory of 2796	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2400 wrote to memory of 2640	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2400 wrote to memory of 2640	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2400 wrote to memory of 2640	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2400 wrote to memory of 992	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2400 wrote to memory of 992	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2400 wrote to memory of 992	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2400 wrote to memory of 868	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2400 wrote to memory of 868	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2400 wrote to memory of 868	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2400 wrote to memory of 1028	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2400 wrote to memory of 1028	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2400 wrote to memory of 1028	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2400 wrote to memory of 1496	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2400 wrote to memory of 1496	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2400 wrote to memory of 1496	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2400 wrote to memory of 1084	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2400 wrote to memory of 1084	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2400 wrote to memory of 1084	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2400 wrote to memory of 2584	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2400 wrote to memory of 2584	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2400 wrote to memory of 2584	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2400 wrote to memory of 2112	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2400 wrote to memory of 2112	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2400 wrote to memory of 2112	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2400 wrote to memory of 1048	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2400 wrote to memory of 1048	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2400 wrote to memory of 1048	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2400 wrote to memory of 2148	2400	2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-28_cb9ea527526a5b54c28e07350dad044d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\System\cXbbOkR.exe
  C:\Windows\System\cXbbOkR.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\YbkOQwG.exe
  C:\Windows\System\YbkOQwG.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\rXnfmzn.exe
  C:\Windows\System\rXnfmzn.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\QgkrjGC.exe
  C:\Windows\System\QgkrjGC.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\aXIUiXt.exe
  C:\Windows\System\aXIUiXt.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\QMpjpYv.exe
  C:\Windows\System\QMpjpYv.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\NXMdqJz.exe
  C:\Windows\System\NXMdqJz.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\WrkOzwh.exe
  C:\Windows\System\WrkOzwh.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\BrWFYpK.exe
  C:\Windows\System\BrWFYpK.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\yUGucYG.exe
  C:\Windows\System\yUGucYG.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\BnvUxRf.exe
  C:\Windows\System\BnvUxRf.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\smEbUWE.exe
  C:\Windows\System\smEbUWE.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\uDaIARu.exe
  C:\Windows\System\uDaIARu.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\thnIMyr.exe
  C:\Windows\System\thnIMyr.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\VflXbUU.exe
  C:\Windows\System\VflXbUU.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\lCvZWHT.exe
  C:\Windows\System\lCvZWHT.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\sZLtHEd.exe
  C:\Windows\System\sZLtHEd.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\MOTZELp.exe
  C:\Windows\System\MOTZELp.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\aHsWXRz.exe
  C:\Windows\System\aHsWXRz.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\LfQnReW.exe
  C:\Windows\System\LfQnReW.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\parvomF.exe
  C:\Windows\System\parvomF.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\YBTVzvL.exe
  C:\Windows\System\YBTVzvL.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\sddyNOs.exe
  C:\Windows\System\sddyNOs.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\RuGqKIR.exe
  C:\Windows\System\RuGqKIR.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\ACiIXCO.exe
  C:\Windows\System\ACiIXCO.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\cIkFbvs.exe
  C:\Windows\System\cIkFbvs.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\CiPOFsu.exe
  C:\Windows\System\CiPOFsu.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\cHZnLNX.exe
  C:\Windows\System\cHZnLNX.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\tNySwki.exe
  C:\Windows\System\tNySwki.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\CtMfKyb.exe
  C:\Windows\System\CtMfKyb.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\kPumkyy.exe
  C:\Windows\System\kPumkyy.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\WgcfIXR.exe
  C:\Windows\System\WgcfIXR.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\EEIuYbV.exe
  C:\Windows\System\EEIuYbV.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\UYJFPyl.exe
  C:\Windows\System\UYJFPyl.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\ZDTtdaZ.exe
  C:\Windows\System\ZDTtdaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\VnULzSn.exe
  C:\Windows\System\VnULzSn.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\QTiNAso.exe
  C:\Windows\System\QTiNAso.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\cblSsmx.exe
  C:\Windows\System\cblSsmx.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\LBwJTZw.exe
  C:\Windows\System\LBwJTZw.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\VYhTblm.exe
  C:\Windows\System\VYhTblm.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\sShUfbi.exe
  C:\Windows\System\sShUfbi.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\ohLBheC.exe
  C:\Windows\System\ohLBheC.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\IcBYMEB.exe
  C:\Windows\System\IcBYMEB.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\Nwayxjj.exe
  C:\Windows\System\Nwayxjj.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\mZSmQNF.exe
  C:\Windows\System\mZSmQNF.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\JGRciPz.exe
  C:\Windows\System\JGRciPz.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\clvLnuc.exe
  C:\Windows\System\clvLnuc.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\itfBwJB.exe
  C:\Windows\System\itfBwJB.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\neJbNnd.exe
  C:\Windows\System\neJbNnd.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\AQEhkla.exe
  C:\Windows\System\AQEhkla.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\dwMCHsM.exe
  C:\Windows\System\dwMCHsM.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\VolYerc.exe
  C:\Windows\System\VolYerc.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\ctqdgWw.exe
  C:\Windows\System\ctqdgWw.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\vxkcRxJ.exe
  C:\Windows\System\vxkcRxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\MgoYkjv.exe
  C:\Windows\System\MgoYkjv.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\RrLAyEI.exe
  C:\Windows\System\RrLAyEI.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\DwiuOXC.exe
  C:\Windows\System\DwiuOXC.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\iIajxfH.exe
  C:\Windows\System\iIajxfH.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\SOxdxYp.exe
  C:\Windows\System\SOxdxYp.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\BAlZZoe.exe
  C:\Windows\System\BAlZZoe.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ILaJJwn.exe
  C:\Windows\System\ILaJJwn.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\dYrkiTo.exe
  C:\Windows\System\dYrkiTo.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\CqnlQEy.exe
  C:\Windows\System\CqnlQEy.exe
  2⤵
  PID:2664
- C:\Windows\System\ZyZYkFa.exe
  C:\Windows\System\ZyZYkFa.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\EURxDuF.exe
  C:\Windows\System\EURxDuF.exe
  2⤵
  PID:2124
- C:\Windows\System\dbfzFkK.exe
  C:\Windows\System\dbfzFkK.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\YtjWtoQ.exe
  C:\Windows\System\YtjWtoQ.exe
  2⤵
  PID:2204
- C:\Windows\System\XpTjYPg.exe
  C:\Windows\System\XpTjYPg.exe
  2⤵
  PID:1268
- C:\Windows\System\JaDlLlQ.exe
  C:\Windows\System\JaDlLlQ.exe
  2⤵
  PID:464
- C:\Windows\System\TRlyztH.exe
  C:\Windows\System\TRlyztH.exe
  2⤵
  PID:1288
- C:\Windows\System\wIqWoNR.exe
  C:\Windows\System\wIqWoNR.exe
  2⤵
  PID:1820
- C:\Windows\System\kIBOyEC.exe
  C:\Windows\System\kIBOyEC.exe
  2⤵
  PID:300
- C:\Windows\System\VlsZUAH.exe
  C:\Windows\System\VlsZUAH.exe
  2⤵
  PID:1800
- C:\Windows\System\zpWMBYJ.exe
  C:\Windows\System\zpWMBYJ.exe
  2⤵
  PID:1836
- C:\Windows\System\XqZCddm.exe
  C:\Windows\System\XqZCddm.exe
  2⤵
  PID:2192
- C:\Windows\System\dsXtKMd.exe
  C:\Windows\System\dsXtKMd.exe
  2⤵
  PID:1908
- C:\Windows\System\ypqbKAV.exe
  C:\Windows\System\ypqbKAV.exe
  2⤵
  PID:1888
- C:\Windows\System\yXJmxmg.exe
  C:\Windows\System\yXJmxmg.exe
  2⤵
  PID:1616
- C:\Windows\System\JckuaHC.exe
  C:\Windows\System\JckuaHC.exe
  2⤵
  PID:1296
- C:\Windows\System\GaRakAg.exe
  C:\Windows\System\GaRakAg.exe
  2⤵
  PID:1372
- C:\Windows\System\FNmoehn.exe
  C:\Windows\System\FNmoehn.exe
  2⤵
  PID:2016
- C:\Windows\System\XaMPDoK.exe
  C:\Windows\System\XaMPDoK.exe
  2⤵
  PID:1540
- C:\Windows\System\TRzomFQ.exe
  C:\Windows\System\TRzomFQ.exe
  2⤵
  PID:2488
- C:\Windows\System\WKxUKDL.exe
  C:\Windows\System\WKxUKDL.exe
  2⤵
  PID:2736
- C:\Windows\System\lmqPGDg.exe
  C:\Windows\System\lmqPGDg.exe
  2⤵
  PID:2644
- C:\Windows\System\xKPzjqI.exe
  C:\Windows\System\xKPzjqI.exe
  2⤵
  PID:2472
- C:\Windows\System\VXovdVg.exe
  C:\Windows\System\VXovdVg.exe
  2⤵
  PID:1564
- C:\Windows\System\FZAyrVk.exe
  C:\Windows\System\FZAyrVk.exe
  2⤵
  PID:264
- C:\Windows\System\atBHGAV.exe
  C:\Windows\System\atBHGAV.exe
  2⤵
  PID:1780
- C:\Windows\System\opzsrKO.exe
  C:\Windows\System\opzsrKO.exe
  2⤵
  PID:1480
- C:\Windows\System\zgzhAmD.exe
  C:\Windows\System\zgzhAmD.exe
  2⤵
  PID:1156
- C:\Windows\System\Detwgue.exe
  C:\Windows\System\Detwgue.exe
  2⤵
  PID:2236
- C:\Windows\System\yFUeUhK.exe
  C:\Windows\System\yFUeUhK.exe
  2⤵
  PID:2560
- C:\Windows\System\HMsMaxZ.exe
  C:\Windows\System\HMsMaxZ.exe
  2⤵
  PID:2196
- C:\Windows\System\pwKuxYl.exe
  C:\Windows\System\pwKuxYl.exe
  2⤵
  PID:2384
- C:\Windows\System\YNaYkFm.exe
  C:\Windows\System\YNaYkFm.exe
  2⤵
  PID:2928
- C:\Windows\System\lmeiDjh.exe
  C:\Windows\System\lmeiDjh.exe
  2⤵
  PID:1256
- C:\Windows\System\fUZxvCm.exe
  C:\Windows\System\fUZxvCm.exe
  2⤵
  PID:860
- C:\Windows\System\bIePmun.exe
  C:\Windows\System\bIePmun.exe
  2⤵
  PID:2844
- C:\Windows\System\WSZZuqS.exe
  C:\Windows\System\WSZZuqS.exe
  2⤵
  PID:2620
- C:\Windows\System\fGbDevy.exe
  C:\Windows\System\fGbDevy.exe
  2⤵
  PID:2080
- C:\Windows\System\ALAQYVV.exe
  C:\Windows\System\ALAQYVV.exe
  2⤵
  PID:1676
- C:\Windows\System\YVXroNR.exe
  C:\Windows\System\YVXroNR.exe
  2⤵
  PID:2504
- C:\Windows\System\JsPmQQN.exe
  C:\Windows\System\JsPmQQN.exe
  2⤵
  PID:1864
- C:\Windows\System\TwrVvDO.exe
  C:\Windows\System\TwrVvDO.exe
  2⤵
  PID:404
- C:\Windows\System\UjOXPUd.exe
  C:\Windows\System\UjOXPUd.exe
  2⤵
  PID:2024
- C:\Windows\System\eMhzhFS.exe
  C:\Windows\System\eMhzhFS.exe
  2⤵
  PID:2544
- C:\Windows\System\oxKhPBX.exe
  C:\Windows\System\oxKhPBX.exe
  2⤵
  PID:2744
- C:\Windows\System\jiTkFYh.exe
  C:\Windows\System\jiTkFYh.exe
  2⤵
  PID:2492
- C:\Windows\System\dotVjgu.exe
  C:\Windows\System\dotVjgu.exe
  2⤵
  PID:2260
- C:\Windows\System\RQOoIbG.exe
  C:\Windows\System\RQOoIbG.exe
  2⤵
  PID:2012
- C:\Windows\System\jFQzykV.exe
  C:\Windows\System\jFQzykV.exe
  2⤵
  PID:2992
- C:\Windows\System\aoAlpCD.exe
  C:\Windows\System\aoAlpCD.exe
  2⤵
  PID:1996
- C:\Windows\System\NaNmOyB.exe
  C:\Windows\System\NaNmOyB.exe
  2⤵
  PID:2084
- C:\Windows\System\HuTiIHm.exe
  C:\Windows\System\HuTiIHm.exe
  2⤵
  PID:2484
- C:\Windows\System\BhGaNzd.exe
  C:\Windows\System\BhGaNzd.exe
  2⤵
  PID:1348
- C:\Windows\System\UhXejwP.exe
  C:\Windows\System\UhXejwP.exe
  2⤵
  PID:2288
- C:\Windows\System\pIIobqW.exe
  C:\Windows\System\pIIobqW.exe
  2⤵
  PID:2168
- C:\Windows\System\IeFwYfi.exe
  C:\Windows\System\IeFwYfi.exe
  2⤵
  PID:696
- C:\Windows\System\OpZblFx.exe
  C:\Windows\System\OpZblFx.exe
  2⤵
  PID:572
- C:\Windows\System\MqelOhU.exe
  C:\Windows\System\MqelOhU.exe
  2⤵
  PID:1792
- C:\Windows\System\muDvKnE.exe
  C:\Windows\System\muDvKnE.exe
  2⤵
  PID:2512
- C:\Windows\System\GhvWSUW.exe
  C:\Windows\System\GhvWSUW.exe
  2⤵
  PID:2692
- C:\Windows\System\iTzaepI.exe
  C:\Windows\System\iTzaepI.exe
  2⤵
  PID:2372
- C:\Windows\System\kCckbwl.exe
  C:\Windows\System\kCckbwl.exe
  2⤵
  PID:2636
- C:\Windows\System\ceIwCcm.exe
  C:\Windows\System\ceIwCcm.exe
  2⤵
  PID:1328
- C:\Windows\System\oZmQLQV.exe
  C:\Windows\System\oZmQLQV.exe
  2⤵
  PID:1980
- C:\Windows\System\jsiekAy.exe
  C:\Windows\System\jsiekAy.exe
  2⤵
  PID:2716
- C:\Windows\System\ubefcdy.exe
  C:\Windows\System\ubefcdy.exe
  2⤵
  PID:2428
- C:\Windows\System\utvnbYo.exe
  C:\Windows\System\utvnbYo.exe
  2⤵
  PID:2480
- C:\Windows\System\oNqTBzH.exe
  C:\Windows\System\oNqTBzH.exe
  2⤵
  PID:1604
- C:\Windows\System\YpYAUlo.exe
  C:\Windows\System\YpYAUlo.exe
  2⤵
  PID:3096
- C:\Windows\System\EiKDdZl.exe
  C:\Windows\System\EiKDdZl.exe
  2⤵
  PID:3112
- C:\Windows\System\oqbSJus.exe
  C:\Windows\System\oqbSJus.exe
  2⤵
  PID:3128
- C:\Windows\System\olTMNqg.exe
  C:\Windows\System\olTMNqg.exe
  2⤵
  PID:3144
- C:\Windows\System\hbnACzC.exe
  C:\Windows\System\hbnACzC.exe
  2⤵
  PID:3160
- C:\Windows\System\SSHKcAt.exe
  C:\Windows\System\SSHKcAt.exe
  2⤵
  PID:3176
- C:\Windows\System\XosnTMe.exe
  C:\Windows\System\XosnTMe.exe
  2⤵
  PID:3196
- C:\Windows\System\JSMGyIq.exe
  C:\Windows\System\JSMGyIq.exe
  2⤵
  PID:3212
- C:\Windows\System\TtIwLOf.exe
  C:\Windows\System\TtIwLOf.exe
  2⤵
  PID:3228
- C:\Windows\System\VQzEhvq.exe
  C:\Windows\System\VQzEhvq.exe
  2⤵
  PID:3244
- C:\Windows\System\iJBzOIx.exe
  C:\Windows\System\iJBzOIx.exe
  2⤵
  PID:3264
- C:\Windows\System\XIiIZrA.exe
  C:\Windows\System\XIiIZrA.exe
  2⤵
  PID:3280
- C:\Windows\System\ffMRLlv.exe
  C:\Windows\System\ffMRLlv.exe
  2⤵
  PID:3296
- C:\Windows\System\kczkkaF.exe
  C:\Windows\System\kczkkaF.exe
  2⤵
  PID:3312
- C:\Windows\System\VGJnMNu.exe
  C:\Windows\System\VGJnMNu.exe
  2⤵
  PID:3328
- C:\Windows\System\vZKHGvr.exe
  C:\Windows\System\vZKHGvr.exe
  2⤵
  PID:3376
- C:\Windows\System\KIlgqOy.exe
  C:\Windows\System\KIlgqOy.exe
  2⤵
  PID:3392
- C:\Windows\System\NfJxOjO.exe
  C:\Windows\System\NfJxOjO.exe
  2⤵
  PID:3408
- C:\Windows\System\XXGBnJD.exe
  C:\Windows\System\XXGBnJD.exe
  2⤵
  PID:3424
- C:\Windows\System\zAjQFGd.exe
  C:\Windows\System\zAjQFGd.exe
  2⤵
  PID:3536
- C:\Windows\System\BanwFga.exe
  C:\Windows\System\BanwFga.exe
  2⤵
  PID:3556
- C:\Windows\System\qWqLpjV.exe
  C:\Windows\System\qWqLpjV.exe
  2⤵
  PID:3572
- C:\Windows\System\TXalxHi.exe
  C:\Windows\System\TXalxHi.exe
  2⤵
  PID:3592
- C:\Windows\System\LjEbdfq.exe
  C:\Windows\System\LjEbdfq.exe
  2⤵
  PID:3608
- C:\Windows\System\vgBGFbC.exe
  C:\Windows\System\vgBGFbC.exe
  2⤵
  PID:3624
- C:\Windows\System\YGazaRS.exe
  C:\Windows\System\YGazaRS.exe
  2⤵
  PID:3640
- C:\Windows\System\EvOpGSd.exe
  C:\Windows\System\EvOpGSd.exe
  2⤵
  PID:3656
- C:\Windows\System\kIRHOeA.exe
  C:\Windows\System\kIRHOeA.exe
  2⤵
  PID:3684
- C:\Windows\System\CfZHxFS.exe
  C:\Windows\System\CfZHxFS.exe
  2⤵
  PID:3700
- C:\Windows\System\DnuSxpy.exe
  C:\Windows\System\DnuSxpy.exe
  2⤵
  PID:3716
- C:\Windows\System\mghkZNe.exe
  C:\Windows\System\mghkZNe.exe
  2⤵
  PID:3732
- C:\Windows\System\eebaKhQ.exe
  C:\Windows\System\eebaKhQ.exe
  2⤵
  PID:3748
- C:\Windows\System\zImHAil.exe
  C:\Windows\System\zImHAil.exe
  2⤵
  PID:3772
- C:\Windows\System\SSgydxf.exe
  C:\Windows\System\SSgydxf.exe
  2⤵
  PID:3796
- C:\Windows\System\dZCesZH.exe
  C:\Windows\System\dZCesZH.exe
  2⤵
  PID:3812
- C:\Windows\System\TKlFJrG.exe
  C:\Windows\System\TKlFJrG.exe
  2⤵
  PID:3828
- C:\Windows\System\otxLzPu.exe
  C:\Windows\System\otxLzPu.exe
  2⤵
  PID:3872
- C:\Windows\System\DMwFLQG.exe
  C:\Windows\System\DMwFLQG.exe
  2⤵
  PID:3892
- C:\Windows\System\YTOoyle.exe
  C:\Windows\System\YTOoyle.exe
  2⤵
  PID:3916
- C:\Windows\System\LoioMym.exe
  C:\Windows\System\LoioMym.exe
  2⤵
  PID:3932
- C:\Windows\System\Jqdbcwj.exe
  C:\Windows\System\Jqdbcwj.exe
  2⤵
  PID:3952
- C:\Windows\System\YjcsLfk.exe
  C:\Windows\System\YjcsLfk.exe
  2⤵
  PID:3968
- C:\Windows\System\kOWnvqV.exe
  C:\Windows\System\kOWnvqV.exe
  2⤵
  PID:3988
- C:\Windows\System\jWLMxSs.exe
  C:\Windows\System\jWLMxSs.exe
  2⤵
  PID:4004
- C:\Windows\System\ErBEXHz.exe
  C:\Windows\System\ErBEXHz.exe
  2⤵
  PID:4020
- C:\Windows\System\KIMried.exe
  C:\Windows\System\KIMried.exe
  2⤵
  PID:4044
- C:\Windows\System\hdvlyeq.exe
  C:\Windows\System\hdvlyeq.exe
  2⤵
  PID:4064
- C:\Windows\System\RUzhoBH.exe
  C:\Windows\System\RUzhoBH.exe
  2⤵
  PID:4080
- C:\Windows\System\mAFlzkc.exe
  C:\Windows\System\mAFlzkc.exe
  2⤵
  PID:1556
- C:\Windows\System\zjBREKQ.exe
  C:\Windows\System\zjBREKQ.exe
  2⤵
  PID:2176
- C:\Windows\System\YbKIZYB.exe
  C:\Windows\System\YbKIZYB.exe
  2⤵
  PID:2224
- C:\Windows\System\dGBFsQp.exe
  C:\Windows\System\dGBFsQp.exe
  2⤵
  PID:2248
- C:\Windows\System\IRRljkQ.exe
  C:\Windows\System\IRRljkQ.exe
  2⤵
  PID:1976
- C:\Windows\System\rgJJcdO.exe
  C:\Windows\System\rgJJcdO.exe
  2⤵
  PID:1032
- C:\Windows\System\JMhtRuI.exe
  C:\Windows\System\JMhtRuI.exe
  2⤵
  PID:3172
- C:\Windows\System\PIXdcOU.exe
  C:\Windows\System\PIXdcOU.exe
  2⤵
  PID:3308
- C:\Windows\System\ycjUGoC.exe
  C:\Windows\System\ycjUGoC.exe
  2⤵
  PID:3352
- C:\Windows\System\GiqBMbx.exe
  C:\Windows\System\GiqBMbx.exe
  2⤵
  PID:3368
- C:\Windows\System\cIDdGVX.exe
  C:\Windows\System\cIDdGVX.exe
  2⤵
  PID:1984
- C:\Windows\System\UWAaJFA.exe
  C:\Windows\System\UWAaJFA.exe
  2⤵
  PID:1336
- C:\Windows\System\pDnSKmR.exe
  C:\Windows\System\pDnSKmR.exe
  2⤵
  PID:2792
- C:\Windows\System\dhpBoGT.exe
  C:\Windows\System\dhpBoGT.exe
  2⤵
  PID:3032
- C:\Windows\System\yosxnfA.exe
  C:\Windows\System\yosxnfA.exe
  2⤵
  PID:3448
- C:\Windows\System\AtrOTma.exe
  C:\Windows\System\AtrOTma.exe
  2⤵
  PID:3468
- C:\Windows\System\DVjgsdn.exe
  C:\Windows\System\DVjgsdn.exe
  2⤵
  PID:3484
- C:\Windows\System\LDCEKgB.exe
  C:\Windows\System\LDCEKgB.exe
  2⤵
  PID:3080
- C:\Windows\System\LXwyvNd.exe
  C:\Windows\System\LXwyvNd.exe
  2⤵
  PID:3120
- C:\Windows\System\lYyyVlb.exe
  C:\Windows\System\lYyyVlb.exe
  2⤵
  PID:3496
- C:\Windows\System\fGuwIxB.exe
  C:\Windows\System\fGuwIxB.exe
  2⤵
  PID:3224
- C:\Windows\System\JOSbMJI.exe
  C:\Windows\System\JOSbMJI.exe
  2⤵
  PID:3516
- C:\Windows\System\rIRZMzj.exe
  C:\Windows\System\rIRZMzj.exe
  2⤵
  PID:3416
- C:\Windows\System\KvrBCry.exe
  C:\Windows\System\KvrBCry.exe
  2⤵
  PID:2468
- C:\Windows\System\OVxHdaq.exe
  C:\Windows\System\OVxHdaq.exe
  2⤵
  PID:2800
- C:\Windows\System\ccZPWGm.exe
  C:\Windows\System\ccZPWGm.exe
  2⤵
  PID:3324
- C:\Windows\System\PmYZuWP.exe
  C:\Windows\System\PmYZuWP.exe
  2⤵
  PID:3544
- C:\Windows\System\mMCDHcn.exe
  C:\Windows\System\mMCDHcn.exe
  2⤵
  PID:3600
- C:\Windows\System\TJLfRhZ.exe
  C:\Windows\System\TJLfRhZ.exe
  2⤵
  PID:3664
- C:\Windows\System\hOTVCxD.exe
  C:\Windows\System\hOTVCxD.exe
  2⤵
  PID:3708
- C:\Windows\System\HjflDNQ.exe
  C:\Windows\System\HjflDNQ.exe
  2⤵
  PID:3744
- C:\Windows\System\LGhEZAd.exe
  C:\Windows\System\LGhEZAd.exe
  2⤵
  PID:3820
- C:\Windows\System\UZDhWhk.exe
  C:\Windows\System\UZDhWhk.exe
  2⤵
  PID:3588
- C:\Windows\System\QZVqYaD.exe
  C:\Windows\System\QZVqYaD.exe
  2⤵
  PID:3616
- C:\Windows\System\DfQbuKd.exe
  C:\Windows\System\DfQbuKd.exe
  2⤵
  PID:3692
- C:\Windows\System\olcZFQP.exe
  C:\Windows\System\olcZFQP.exe
  2⤵
  PID:3924
- C:\Windows\System\AQvtdjW.exe
  C:\Windows\System\AQvtdjW.exe
  2⤵
  PID:3860
- C:\Windows\System\HjWLMMG.exe
  C:\Windows\System\HjWLMMG.exe
  2⤵
  PID:3996
- C:\Windows\System\SOSoxkF.exe
  C:\Windows\System\SOSoxkF.exe
  2⤵
  PID:3912
- C:\Windows\System\zkCDczU.exe
  C:\Windows\System\zkCDczU.exe
  2⤵
  PID:3976
- C:\Windows\System\VdXkRmT.exe
  C:\Windows\System\VdXkRmT.exe
  2⤵
  PID:3904
- C:\Windows\System\UFBDRMP.exe
  C:\Windows\System\UFBDRMP.exe
  2⤵
  PID:2960
- C:\Windows\System\MQnNRQh.exe
  C:\Windows\System\MQnNRQh.exe
  2⤵
  PID:764
- C:\Windows\System\YrKviKg.exe
  C:\Windows\System\YrKviKg.exe
  2⤵
  PID:2756
- C:\Windows\System\XGokjtM.exe
  C:\Windows\System\XGokjtM.exe
  2⤵
  PID:1728
- C:\Windows\System\IqlazAg.exe
  C:\Windows\System\IqlazAg.exe
  2⤵
  PID:3304
- C:\Windows\System\YSeVkko.exe
  C:\Windows\System\YSeVkko.exe
  2⤵
  PID:4060
- C:\Windows\System\fefkebs.exe
  C:\Windows\System\fefkebs.exe
  2⤵
  PID:3360
- C:\Windows\System\zddKKgZ.exe
  C:\Windows\System\zddKKgZ.exe
  2⤵
  PID:1772
- C:\Windows\System\gHTAfyf.exe
  C:\Windows\System\gHTAfyf.exe
  2⤵
  PID:2536
- C:\Windows\System\kvyETqI.exe
  C:\Windows\System\kvyETqI.exe
  2⤵
  PID:3492
- C:\Windows\System\ztmbKyQ.exe
  C:\Windows\System\ztmbKyQ.exe
  2⤵
  PID:3256
- C:\Windows\System\kXIKsVa.exe
  C:\Windows\System\kXIKsVa.exe
  2⤵
  PID:3508
- C:\Windows\System\scwSTNT.exe
  C:\Windows\System\scwSTNT.exe
  2⤵
  PID:2004
- C:\Windows\System\ADyDXed.exe
  C:\Windows\System\ADyDXed.exe
  2⤵
  PID:3528
- C:\Windows\System\wWMYQOp.exe
  C:\Windows\System\wWMYQOp.exe
  2⤵
  PID:2104
- C:\Windows\System\DGnqZoE.exe
  C:\Windows\System\DGnqZoE.exe
  2⤵
  PID:3192
- C:\Windows\System\AWKWGsp.exe
  C:\Windows\System\AWKWGsp.exe
  2⤵
  PID:3152
- C:\Windows\System\fKnxrRZ.exe
  C:\Windows\System\fKnxrRZ.exe
  2⤵
  PID:3564
- C:\Windows\System\LXbRhWo.exe
  C:\Windows\System\LXbRhWo.exe
  2⤵
  PID:1052
- C:\Windows\System\QJymZMA.exe
  C:\Windows\System\QJymZMA.exe
  2⤵
  PID:3884
- C:\Windows\System\LYQpxvU.exe
  C:\Windows\System\LYQpxvU.exe
  2⤵
  PID:3580
- C:\Windows\System\hwNDnlO.exe
  C:\Windows\System\hwNDnlO.exe
  2⤵
  PID:3712
- C:\Windows\System\TXTRBma.exe
  C:\Windows\System\TXTRBma.exe
  2⤵
  PID:3768
- C:\Windows\System\NrbjxGb.exe
  C:\Windows\System\NrbjxGb.exe
  2⤵
  PID:3848
- C:\Windows\System\bhXmCbA.exe
  C:\Windows\System\bhXmCbA.exe
  2⤵
  PID:3960
- C:\Windows\System\gUooKcI.exe
  C:\Windows\System\gUooKcI.exe
  2⤵
  PID:3908
- C:\Windows\System\wmgyrGV.exe
  C:\Windows\System\wmgyrGV.exe
  2⤵
  PID:3940
- C:\Windows\System\JpxgObt.exe
  C:\Windows\System\JpxgObt.exe
  2⤵
  PID:1860
- C:\Windows\System\LwGZvzS.exe
  C:\Windows\System\LwGZvzS.exe
  2⤵
  PID:2320
- C:\Windows\System\bMLudly.exe
  C:\Windows\System\bMLudly.exe
  2⤵
  PID:3272
- C:\Windows\System\mFmavga.exe
  C:\Windows\System\mFmavga.exe
  2⤵
  PID:1688
- C:\Windows\System\WVbCSPB.exe
  C:\Windows\System\WVbCSPB.exe
  2⤵
  PID:4088
- C:\Windows\System\lLtDmiQ.exe
  C:\Windows\System\lLtDmiQ.exe
  2⤵
  PID:1172
- C:\Windows\System\KqhWdTi.exe
  C:\Windows\System\KqhWdTi.exe
  2⤵
  PID:1440
- C:\Windows\System\tXwtLXo.exe
  C:\Windows\System\tXwtLXo.exe
  2⤵
  PID:3504
- C:\Windows\System\SatINDv.exe
  C:\Windows\System\SatINDv.exe
  2⤵
  PID:3188
- C:\Windows\System\iTroXLl.exe
  C:\Windows\System\iTroXLl.exe
  2⤵
  PID:3292
- C:\Windows\System\ygBERdc.exe
  C:\Windows\System\ygBERdc.exe
  2⤵
  PID:2724
- C:\Windows\System\AfYPHIH.exe
  C:\Windows\System\AfYPHIH.exe
  2⤵
  PID:3676
- C:\Windows\System\HLmtgZc.exe
  C:\Windows\System\HLmtgZc.exe
  2⤵
  PID:3888
- C:\Windows\System\lVWDsrk.exe
  C:\Windows\System\lVWDsrk.exe
  2⤵
  PID:3420
- C:\Windows\System\bGASUpg.exe
  C:\Windows\System\bGASUpg.exe
  2⤵
  PID:3808
- C:\Windows\System\kjtAqUH.exe
  C:\Windows\System\kjtAqUH.exe
  2⤵
  PID:3648
- C:\Windows\System\PXhuHSO.exe
  C:\Windows\System\PXhuHSO.exe
  2⤵
  PID:3844
- C:\Windows\System\ltXIHQE.exe
  C:\Windows\System\ltXIHQE.exe
  2⤵
  PID:3340
- C:\Windows\System\rZodZJm.exe
  C:\Windows\System\rZodZJm.exe
  2⤵
  PID:2856
- C:\Windows\System\XdTVrgQ.exe
  C:\Windows\System\XdTVrgQ.exe
  2⤵
  PID:2116
- C:\Windows\System\UNUWqDp.exe
  C:\Windows\System\UNUWqDp.exe
  2⤵
  PID:3460
- C:\Windows\System\WWPJonZ.exe
  C:\Windows\System\WWPJonZ.exe
  2⤵
  PID:960
- C:\Windows\System\huezCOl.exe
  C:\Windows\System\huezCOl.exe
  2⤵
  PID:3964
- C:\Windows\System\uaGmBHq.exe
  C:\Windows\System\uaGmBHq.exe
  2⤵
  PID:4016
- C:\Windows\System\HAHmXUV.exe
  C:\Windows\System\HAHmXUV.exe
  2⤵
  PID:4076
- C:\Windows\System\svSdkBP.exe
  C:\Windows\System\svSdkBP.exe
  2⤵
  PID:3440
- C:\Windows\System\lxtaDfx.exe
  C:\Windows\System\lxtaDfx.exe
  2⤵
  PID:1132
- C:\Windows\System\qkSgxBi.exe
  C:\Windows\System\qkSgxBi.exe
  2⤵
  PID:4112
- C:\Windows\System\kdEpqSk.exe
  C:\Windows\System\kdEpqSk.exe
  2⤵
  PID:4148
- C:\Windows\System\HUCovpi.exe
  C:\Windows\System\HUCovpi.exe
  2⤵
  PID:4164
- C:\Windows\System\EyVlFQs.exe
  C:\Windows\System\EyVlFQs.exe
  2⤵
  PID:4180
- C:\Windows\System\BwkWIah.exe
  C:\Windows\System\BwkWIah.exe
  2⤵
  PID:4196
- C:\Windows\System\zTnvnSt.exe
  C:\Windows\System\zTnvnSt.exe
  2⤵
  PID:4212
- C:\Windows\System\qblfWZU.exe
  C:\Windows\System\qblfWZU.exe
  2⤵
  PID:4260
- C:\Windows\System\QyPGqQL.exe
  C:\Windows\System\QyPGqQL.exe
  2⤵
  PID:4276
- C:\Windows\System\XlIJhqd.exe
  C:\Windows\System\XlIJhqd.exe
  2⤵
  PID:4296
- C:\Windows\System\lNryFmc.exe
  C:\Windows\System\lNryFmc.exe
  2⤵
  PID:4312
- C:\Windows\System\QcYpOSQ.exe
  C:\Windows\System\QcYpOSQ.exe
  2⤵
  PID:4344
- C:\Windows\System\Jxumwft.exe
  C:\Windows\System\Jxumwft.exe
  2⤵
  PID:4360
- C:\Windows\System\WiGcyex.exe
  C:\Windows\System\WiGcyex.exe
  2⤵
  PID:4376
- C:\Windows\System\gTELzIV.exe
  C:\Windows\System\gTELzIV.exe
  2⤵
  PID:4392
- C:\Windows\System\ZhOOpUi.exe
  C:\Windows\System\ZhOOpUi.exe
  2⤵
  PID:4412
- C:\Windows\System\lcMEIad.exe
  C:\Windows\System\lcMEIad.exe
  2⤵
  PID:4428
- C:\Windows\System\heZYdli.exe
  C:\Windows\System\heZYdli.exe
  2⤵
  PID:4444
- C:\Windows\System\sVKMHbO.exe
  C:\Windows\System\sVKMHbO.exe
  2⤵
  PID:4460
- C:\Windows\System\qKJoBeh.exe
  C:\Windows\System\qKJoBeh.exe
  2⤵
  PID:4476
- C:\Windows\System\JwKOWVL.exe
  C:\Windows\System\JwKOWVL.exe
  2⤵
  PID:4492
- C:\Windows\System\pzWJmiO.exe
  C:\Windows\System\pzWJmiO.exe
  2⤵
  PID:4520
- C:\Windows\System\aPzfiKJ.exe
  C:\Windows\System\aPzfiKJ.exe
  2⤵
  PID:4536
- C:\Windows\System\vuzEuwB.exe
  C:\Windows\System\vuzEuwB.exe
  2⤵
  PID:4552
- C:\Windows\System\nJXsOKk.exe
  C:\Windows\System\nJXsOKk.exe
  2⤵
  PID:4600
- C:\Windows\System\Jpyxety.exe
  C:\Windows\System\Jpyxety.exe
  2⤵
  PID:4616
- C:\Windows\System\IRLxOqx.exe
  C:\Windows\System\IRLxOqx.exe
  2⤵
  PID:4640
- C:\Windows\System\FqtbHlt.exe
  C:\Windows\System\FqtbHlt.exe
  2⤵
  PID:4660
- C:\Windows\System\VFWPDxq.exe
  C:\Windows\System\VFWPDxq.exe
  2⤵
  PID:4680
- C:\Windows\System\kbCipff.exe
  C:\Windows\System\kbCipff.exe
  2⤵
  PID:4696
- C:\Windows\System\YdhfIlE.exe
  C:\Windows\System\YdhfIlE.exe
  2⤵
  PID:4712
- C:\Windows\System\STGwdxX.exe
  C:\Windows\System\STGwdxX.exe
  2⤵
  PID:4744
- C:\Windows\System\wBbmOoo.exe
  C:\Windows\System\wBbmOoo.exe
  2⤵
  PID:4760
- C:\Windows\System\cYbMoWw.exe
  C:\Windows\System\cYbMoWw.exe
  2⤵
  PID:4776
- C:\Windows\System\hcLGaNT.exe
  C:\Windows\System\hcLGaNT.exe
  2⤵
  PID:4792
- C:\Windows\System\WBKmPjn.exe
  C:\Windows\System\WBKmPjn.exe
  2⤵
  PID:4812
- C:\Windows\System\zlrQLgb.exe
  C:\Windows\System\zlrQLgb.exe
  2⤵
  PID:4832
- C:\Windows\System\cGJLyZi.exe
  C:\Windows\System\cGJLyZi.exe
  2⤵
  PID:4848
- C:\Windows\System\VnZSWoy.exe
  C:\Windows\System\VnZSWoy.exe
  2⤵
  PID:4868
- C:\Windows\System\ojGpdxF.exe
  C:\Windows\System\ojGpdxF.exe
  2⤵
  PID:4884
- C:\Windows\System\hNacTWP.exe
  C:\Windows\System\hNacTWP.exe
  2⤵
  PID:4900
- C:\Windows\System\SbLNgxy.exe
  C:\Windows\System\SbLNgxy.exe
  2⤵
  PID:4916
- C:\Windows\System\lNYIuUZ.exe
  C:\Windows\System\lNYIuUZ.exe
  2⤵
  PID:4932
- C:\Windows\System\HZhMZXq.exe
  C:\Windows\System\HZhMZXq.exe
  2⤵
  PID:4948
- C:\Windows\System\qyWzfXo.exe
  C:\Windows\System\qyWzfXo.exe
  2⤵
  PID:4968
- C:\Windows\System\onIsJih.exe
  C:\Windows\System\onIsJih.exe
  2⤵
  PID:4984
- C:\Windows\System\jUXoGYr.exe
  C:\Windows\System\jUXoGYr.exe
  2⤵
  PID:5000
- C:\Windows\System\lPQmXmU.exe
  C:\Windows\System\lPQmXmU.exe
  2⤵
  PID:5064
- C:\Windows\System\FlDCxSi.exe
  C:\Windows\System\FlDCxSi.exe
  2⤵
  PID:5088
- C:\Windows\System\rauCgFG.exe
  C:\Windows\System\rauCgFG.exe
  2⤵
  PID:5108
- C:\Windows\System\hJDFjvI.exe
  C:\Windows\System\hJDFjvI.exe
  2⤵
  PID:3984
- C:\Windows\System\LkwYDxV.exe
  C:\Windows\System\LkwYDxV.exe
  2⤵
  PID:4104
- C:\Windows\System\wUHXBiC.exe
  C:\Windows\System\wUHXBiC.exe
  2⤵
  PID:1956
- C:\Windows\System\ZRhGWpA.exe
  C:\Windows\System\ZRhGWpA.exe
  2⤵
  PID:3788
- C:\Windows\System\UNoKsvy.exe
  C:\Windows\System\UNoKsvy.exe
  2⤵
  PID:4108
- C:\Windows\System\fLvNKHs.exe
  C:\Windows\System\fLvNKHs.exe
  2⤵
  PID:1912
- C:\Windows\System\uTznRjD.exe
  C:\Windows\System\uTznRjD.exe
  2⤵
  PID:4052
- C:\Windows\System\DQUQJBg.exe
  C:\Windows\System\DQUQJBg.exe
  2⤵
  PID:3168
- C:\Windows\System\zsppqFN.exe
  C:\Windows\System\zsppqFN.exe
  2⤵
  PID:4188
- C:\Windows\System\IUqAUXW.exe
  C:\Windows\System\IUqAUXW.exe
  2⤵
  PID:4232
- C:\Windows\System\hBLpWTk.exe
  C:\Windows\System\hBLpWTk.exe
  2⤵
  PID:3840
- C:\Windows\System\hMAlbOC.exe
  C:\Windows\System\hMAlbOC.exe
  2⤵
  PID:4252
- C:\Windows\System\LgwEcCk.exe
  C:\Windows\System\LgwEcCk.exe
  2⤵
  PID:4144
- C:\Windows\System\oDLhhqq.exe
  C:\Windows\System\oDLhhqq.exe
  2⤵
  PID:4208
- C:\Windows\System\zVEkVdp.exe
  C:\Windows\System\zVEkVdp.exe
  2⤵
  PID:4284
- C:\Windows\System\hTHduFh.exe
  C:\Windows\System\hTHduFh.exe
  2⤵
  PID:4308
- C:\Windows\System\lVHqpUo.exe
  C:\Windows\System\lVHqpUo.exe
  2⤵
  PID:4372
- C:\Windows\System\eMHYoyQ.exe
  C:\Windows\System\eMHYoyQ.exe
  2⤵
  PID:4440
- C:\Windows\System\PAAjEQo.exe
  C:\Windows\System\PAAjEQo.exe
  2⤵
  PID:4424
- C:\Windows\System\MDGnDeg.exe
  C:\Windows\System\MDGnDeg.exe
  2⤵
  PID:4456
- C:\Windows\System\pDgozPv.exe
  C:\Windows\System\pDgozPv.exe
  2⤵
  PID:4568
- C:\Windows\System\iWyLoYq.exe
  C:\Windows\System\iWyLoYq.exe
  2⤵
  PID:4584
- C:\Windows\System\qoEtJrf.exe
  C:\Windows\System\qoEtJrf.exe
  2⤵
  PID:4652
- C:\Windows\System\yUDxPlk.exe
  C:\Windows\System\yUDxPlk.exe
  2⤵
  PID:4632
- C:\Windows\System\CtiQcwS.exe
  C:\Windows\System\CtiQcwS.exe
  2⤵
  PID:4688
- C:\Windows\System\wxQZQrj.exe
  C:\Windows\System\wxQZQrj.exe
  2⤵
  PID:4728
- C:\Windows\System\LkprDPv.exe
  C:\Windows\System\LkprDPv.exe
  2⤵
  PID:4724
- C:\Windows\System\STlNSEe.exe
  C:\Windows\System\STlNSEe.exe
  2⤵
  PID:4804
- C:\Windows\System\pYhQdal.exe
  C:\Windows\System\pYhQdal.exe
  2⤵
  PID:4876
- C:\Windows\System\BYWLapx.exe
  C:\Windows\System\BYWLapx.exe
  2⤵
  PID:4944
- C:\Windows\System\CQKtOCI.exe
  C:\Windows\System\CQKtOCI.exe
  2⤵
  PID:5036
- C:\Windows\System\aXXWpNP.exe
  C:\Windows\System\aXXWpNP.exe
  2⤵
  PID:4996
- C:\Windows\System\vEvPYnn.exe
  C:\Windows\System\vEvPYnn.exe
  2⤵
  PID:4708
- C:\Windows\System\gOFWOKV.exe
  C:\Windows\System\gOFWOKV.exe
  2⤵
  PID:4784
- C:\Windows\System\QIjcNkm.exe
  C:\Windows\System\QIjcNkm.exe
  2⤵
  PID:4828
- C:\Windows\System\ldobenR.exe
  C:\Windows\System\ldobenR.exe
  2⤵
  PID:4896
- C:\Windows\System\Zrgahyy.exe
  C:\Windows\System\Zrgahyy.exe
  2⤵
  PID:4928
- C:\Windows\System\EcANVAj.exe
  C:\Windows\System\EcANVAj.exe
  2⤵
  PID:5072
- C:\Windows\System\uzIzuRp.exe
  C:\Windows\System\uzIzuRp.exe
  2⤵
  PID:5096
- C:\Windows\System\BltRBzm.exe
  C:\Windows\System\BltRBzm.exe
  2⤵
  PID:2916
- C:\Windows\System\hwmIeMf.exe
  C:\Windows\System\hwmIeMf.exe
  2⤵
  PID:4220
- C:\Windows\System\cbYRKVo.exe
  C:\Windows\System\cbYRKVo.exe
  2⤵
  PID:2440
- C:\Windows\System\kMkhWuA.exe
  C:\Windows\System\kMkhWuA.exe
  2⤵
  PID:3184
- C:\Windows\System\fGLrYBw.exe
  C:\Windows\System\fGLrYBw.exe
  2⤵
  PID:3552
- C:\Windows\System\oqIpWQu.exe
  C:\Windows\System\oqIpWQu.exe
  2⤵
  PID:4140
- C:\Windows\System\vFaOUZI.exe
  C:\Windows\System\vFaOUZI.exe
  2⤵
  PID:4368
- C:\Windows\System\cvjsTxV.exe
  C:\Windows\System\cvjsTxV.exe
  2⤵
  PID:4176
- C:\Windows\System\xuQQoxt.exe
  C:\Windows\System\xuQQoxt.exe
  2⤵
  PID:4472
- C:\Windows\System\kpGRzVf.exe
  C:\Windows\System\kpGRzVf.exe
  2⤵
  PID:4516
- C:\Windows\System\gKGfESI.exe
  C:\Windows\System\gKGfESI.exe
  2⤵
  PID:4356
- C:\Windows\System\vYaRMiE.exe
  C:\Windows\System\vYaRMiE.exe
  2⤵
  PID:4548
- C:\Windows\System\WgpRFiH.exe
  C:\Windows\System\WgpRFiH.exe
  2⤵
  PID:4580
- C:\Windows\System\uxjqcZp.exe
  C:\Windows\System\uxjqcZp.exe
  2⤵
  PID:4648
- C:\Windows\System\AKpCvEO.exe
  C:\Windows\System\AKpCvEO.exe
  2⤵
  PID:4624
- C:\Windows\System\vLSZrTf.exe
  C:\Windows\System\vLSZrTf.exe
  2⤵
  PID:4908
- C:\Windows\System\dmEOXZc.exe
  C:\Windows\System\dmEOXZc.exe
  2⤵
  PID:880
- C:\Windows\System\poBalap.exe
  C:\Windows\System\poBalap.exe
  2⤵
  PID:5008
- C:\Windows\System\NZWXfsS.exe
  C:\Windows\System\NZWXfsS.exe
  2⤵
  PID:5016
- C:\Windows\System\jtCsinE.exe
  C:\Windows\System\jtCsinE.exe
  2⤵
  PID:4992
- C:\Windows\System\YmmfvbX.exe
  C:\Windows\System\YmmfvbX.exe
  2⤵
  PID:4892
- C:\Windows\System\vyKyZbS.exe
  C:\Windows\System\vyKyZbS.exe
  2⤵
  PID:5104
- C:\Windows\System\tnroaeD.exe
  C:\Windows\System\tnroaeD.exe
  2⤵
  PID:3400
- C:\Windows\System\UwdXauT.exe
  C:\Windows\System\UwdXauT.exe
  2⤵
  PID:3632
- C:\Windows\System\SSknXZM.exe
  C:\Windows\System\SSknXZM.exe
  2⤵
  PID:4128
- C:\Windows\System\xNySehC.exe
  C:\Windows\System\xNySehC.exe
  2⤵
  PID:2608
- C:\Windows\System\gIpHdCF.exe
  C:\Windows\System\gIpHdCF.exe
  2⤵
  PID:4340
- C:\Windows\System\IGMTuou.exe
  C:\Windows\System\IGMTuou.exe
  2⤵
  PID:4404
- C:\Windows\System\cmdZpqd.exe
  C:\Windows\System\cmdZpqd.exe
  2⤵
  PID:4320
- C:\Windows\System\UkJknbR.exe
  C:\Windows\System\UkJknbR.exe
  2⤵
  PID:4436
- C:\Windows\System\PFxKtoY.exe
  C:\Windows\System\PFxKtoY.exe
  2⤵
  PID:4672
- C:\Windows\System\EqrzSzU.exe
  C:\Windows\System\EqrzSzU.exe
  2⤵
  PID:4740
- C:\Windows\System\jBNQuBM.exe
  C:\Windows\System\jBNQuBM.exe
  2⤵
  PID:5024
- C:\Windows\System\LRVQyol.exe
  C:\Windows\System\LRVQyol.exe
  2⤵
  PID:1124
- C:\Windows\System\WkaieDa.exe
  C:\Windows\System\WkaieDa.exe
  2⤵
  PID:4752
- C:\Windows\System\LzWfxJI.exe
  C:\Windows\System\LzWfxJI.exe
  2⤵
  PID:4860
- C:\Windows\System\JMgEkXr.exe
  C:\Windows\System\JMgEkXr.exe
  2⤵
  PID:4720
- C:\Windows\System\uaZwyvK.exe
  C:\Windows\System\uaZwyvK.exe
  2⤵
  PID:4980
- C:\Windows\System\NDvSCEL.exe
  C:\Windows\System\NDvSCEL.exe
  2⤵
  PID:4136
- C:\Windows\System\jdINJeH.exe
  C:\Windows\System\jdINJeH.exe
  2⤵
  PID:5020
- C:\Windows\System\wUAtiob.exe
  C:\Windows\System\wUAtiob.exe
  2⤵
  PID:4572
- C:\Windows\System\ovinonF.exe
  C:\Windows\System\ovinonF.exe
  2⤵
  PID:4964
- C:\Windows\System\YuRbTzZ.exe
  C:\Windows\System\YuRbTzZ.exe
  2⤵
  PID:3792
- C:\Windows\System\shRNTcJ.exe
  C:\Windows\System\shRNTcJ.exe
  2⤵
  PID:4668
- C:\Windows\System\FpHUVrn.exe
  C:\Windows\System\FpHUVrn.exe
  2⤵
  PID:2568
- C:\Windows\System\HlmfcXb.exe
  C:\Windows\System\HlmfcXb.exe
  2⤵
  PID:4532
- C:\Windows\System\pAbMBkR.exe
  C:\Windows\System\pAbMBkR.exe
  2⤵
  PID:5028
- C:\Windows\System\gGavdam.exe
  C:\Windows\System\gGavdam.exe
  2⤵
  PID:4824
- C:\Windows\System\VjeDKCO.exe
  C:\Windows\System\VjeDKCO.exe
  2⤵
  PID:4956
- C:\Windows\System\RvcmbCN.exe
  C:\Windows\System\RvcmbCN.exe
  2⤵
  PID:4244
- C:\Windows\System\cblrgbM.exe
  C:\Windows\System\cblrgbM.exe
  2⤵
  PID:5124
- C:\Windows\System\jzNUtgt.exe
  C:\Windows\System\jzNUtgt.exe
  2⤵
  PID:5140
- C:\Windows\System\bfiiJng.exe
  C:\Windows\System\bfiiJng.exe
  2⤵
  PID:5156
- C:\Windows\System\ZrfvFLn.exe
  C:\Windows\System\ZrfvFLn.exe
  2⤵
  PID:5212
- C:\Windows\System\extPiPZ.exe
  C:\Windows\System\extPiPZ.exe
  2⤵
  PID:5236
- C:\Windows\System\vFhMimi.exe
  C:\Windows\System\vFhMimi.exe
  2⤵
  PID:5252
- C:\Windows\System\CWqreVf.exe
  C:\Windows\System\CWqreVf.exe
  2⤵
  PID:5268
- C:\Windows\System\jGhqZtZ.exe
  C:\Windows\System\jGhqZtZ.exe
  2⤵
  PID:5284
- C:\Windows\System\RuRyAUc.exe
  C:\Windows\System\RuRyAUc.exe
  2⤵
  PID:5300
- C:\Windows\System\cbkrfZW.exe
  C:\Windows\System\cbkrfZW.exe
  2⤵
  PID:5316
- C:\Windows\System\KJcWBWN.exe
  C:\Windows\System\KJcWBWN.exe
  2⤵
  PID:5332
- C:\Windows\System\HpskTNW.exe
  C:\Windows\System\HpskTNW.exe
  2⤵
  PID:5348
- C:\Windows\System\HVDKvSW.exe
  C:\Windows\System\HVDKvSW.exe
  2⤵
  PID:5364
- C:\Windows\System\BTDgkrA.exe
  C:\Windows\System\BTDgkrA.exe
  2⤵
  PID:5380
- C:\Windows\System\FdVPCxV.exe
  C:\Windows\System\FdVPCxV.exe
  2⤵
  PID:5400
- C:\Windows\System\BJbDSAy.exe
  C:\Windows\System\BJbDSAy.exe
  2⤵
  PID:5420
- C:\Windows\System\wtgajMR.exe
  C:\Windows\System\wtgajMR.exe
  2⤵
  PID:5436
- C:\Windows\System\UlkbddO.exe
  C:\Windows\System\UlkbddO.exe
  2⤵
  PID:5452
- C:\Windows\System\UIfMLIR.exe
  C:\Windows\System\UIfMLIR.exe
  2⤵
  PID:5468
- C:\Windows\System\DAXihnz.exe
  C:\Windows\System\DAXihnz.exe
  2⤵
  PID:5484
- C:\Windows\System\OKadmWs.exe
  C:\Windows\System\OKadmWs.exe
  2⤵
  PID:5504
- C:\Windows\System\yDnYhON.exe
  C:\Windows\System\yDnYhON.exe
  2⤵
  PID:5524
- C:\Windows\System\eBOjmcM.exe
  C:\Windows\System\eBOjmcM.exe
  2⤵
  PID:5540
- C:\Windows\System\wtjkkXs.exe
  C:\Windows\System\wtjkkXs.exe
  2⤵
  PID:5556
- C:\Windows\System\KQOPoIc.exe
  C:\Windows\System\KQOPoIc.exe
  2⤵
  PID:5572
- C:\Windows\System\gbPlwRY.exe
  C:\Windows\System\gbPlwRY.exe
  2⤵
  PID:5648
- C:\Windows\System\eNPefrl.exe
  C:\Windows\System\eNPefrl.exe
  2⤵
  PID:5680
- C:\Windows\System\eVdoABO.exe
  C:\Windows\System\eVdoABO.exe
  2⤵
  PID:5696
- C:\Windows\System\dEnuUBj.exe
  C:\Windows\System\dEnuUBj.exe
  2⤵
  PID:5720
- C:\Windows\System\RGGTEbJ.exe
  C:\Windows\System\RGGTEbJ.exe
  2⤵
  PID:5740
- C:\Windows\System\oHeBcUC.exe
  C:\Windows\System\oHeBcUC.exe
  2⤵
  PID:5756
- C:\Windows\System\DaEYwQO.exe
  C:\Windows\System\DaEYwQO.exe
  2⤵
  PID:5772
- C:\Windows\System\iFvhWAN.exe
  C:\Windows\System\iFvhWAN.exe
  2⤵
  PID:5792
- C:\Windows\System\GMsNgxs.exe
  C:\Windows\System\GMsNgxs.exe
  2⤵
  PID:5808
- C:\Windows\System\bcGiwwF.exe
  C:\Windows\System\bcGiwwF.exe
  2⤵
  PID:5824
- C:\Windows\System\zNCTZOw.exe
  C:\Windows\System\zNCTZOw.exe
  2⤵
  PID:5848
- C:\Windows\System\HKhTwOL.exe
  C:\Windows\System\HKhTwOL.exe
  2⤵
  PID:5864
- C:\Windows\System\vXstAOi.exe
  C:\Windows\System\vXstAOi.exe
  2⤵
  PID:5884
- C:\Windows\System\IzDanwx.exe
  C:\Windows\System\IzDanwx.exe
  2⤵
  PID:5900
- C:\Windows\System\eNkjNpQ.exe
  C:\Windows\System\eNkjNpQ.exe
  2⤵
  PID:5920
- C:\Windows\System\RpMEzqb.exe
  C:\Windows\System\RpMEzqb.exe
  2⤵
  PID:5936
- C:\Windows\System\NOTzuDC.exe
  C:\Windows\System\NOTzuDC.exe
  2⤵
  PID:5956
- C:\Windows\System\QanXRJb.exe
  C:\Windows\System\QanXRJb.exe
  2⤵
  PID:5976
- C:\Windows\System\skSxfJG.exe
  C:\Windows\System\skSxfJG.exe
  2⤵
  PID:6000
- C:\Windows\System\YtiAzay.exe
  C:\Windows\System\YtiAzay.exe
  2⤵
  PID:6020
- C:\Windows\System\naTqknj.exe
  C:\Windows\System\naTqknj.exe
  2⤵
  PID:6040
- C:\Windows\System\zWfDYsO.exe
  C:\Windows\System\zWfDYsO.exe
  2⤵
  PID:6060
- C:\Windows\System\JCgjuMK.exe
  C:\Windows\System\JCgjuMK.exe
  2⤵
  PID:6076
- C:\Windows\System\LsaGhBB.exe
  C:\Windows\System\LsaGhBB.exe
  2⤵
  PID:6100
- C:\Windows\System\rogBkQo.exe
  C:\Windows\System\rogBkQo.exe
  2⤵
  PID:6120
- C:\Windows\System\uUHzpFs.exe
  C:\Windows\System\uUHzpFs.exe
  2⤵
  PID:4292
- C:\Windows\System\VIjWOoq.exe
  C:\Windows\System\VIjWOoq.exe
  2⤵
  PID:5148
- C:\Windows\System\tJijifI.exe
  C:\Windows\System\tJijifI.exe
  2⤵
  PID:4504
- C:\Windows\System\cjIUazA.exe
  C:\Windows\System\cjIUazA.exe
  2⤵
  PID:5132
- C:\Windows\System\PhTXGak.exe
  C:\Windows\System\PhTXGak.exe
  2⤵
  PID:4272
- C:\Windows\System\VpCQSXG.exe
  C:\Windows\System\VpCQSXG.exe
  2⤵
  PID:5172
- C:\Windows\System\WNQcHHs.exe
  C:\Windows\System\WNQcHHs.exe
  2⤵
  PID:5208
- C:\Windows\System\KGWIhde.exe
  C:\Windows\System\KGWIhde.exe
  2⤵
  PID:5260
- C:\Windows\System\oOPCklL.exe
  C:\Windows\System\oOPCklL.exe
  2⤵
  PID:5324
- C:\Windows\System\ZLsEKvO.exe
  C:\Windows\System\ZLsEKvO.exe
  2⤵
  PID:5388
- C:\Windows\System\odNALtI.exe
  C:\Windows\System\odNALtI.exe
  2⤵
  PID:5432
- C:\Windows\System\putrXnw.exe
  C:\Windows\System\putrXnw.exe
  2⤵
  PID:5568
- C:\Windows\System\ksuEULL.exe
  C:\Windows\System\ksuEULL.exe
  2⤵
  PID:5408
- C:\Windows\System\eNMQGRQ.exe
  C:\Windows\System\eNMQGRQ.exe
  2⤵
  PID:5520
- C:\Windows\System\nmvkiXx.exe
  C:\Windows\System\nmvkiXx.exe
  2⤵
  PID:5588
- C:\Windows\System\lZNyafv.exe
  C:\Windows\System\lZNyafv.exe
  2⤵
  PID:5612
- C:\Windows\System\OPuLAjS.exe
  C:\Windows\System\OPuLAjS.exe
  2⤵
  PID:5628
- C:\Windows\System\tXpZuTI.exe
  C:\Windows\System\tXpZuTI.exe
  2⤵
  PID:5448
- C:\Windows\System\JJCgTPl.exe
  C:\Windows\System\JJCgTPl.exe
  2⤵
  PID:5660
- C:\Windows\System\knIFMdz.exe
  C:\Windows\System\knIFMdz.exe
  2⤵
  PID:5636
- C:\Windows\System\jGtRJsF.exe
  C:\Windows\System\jGtRJsF.exe
  2⤵
  PID:5688
- C:\Windows\System\xnXJmDg.exe
  C:\Windows\System\xnXJmDg.exe
  2⤵
  PID:5712
- C:\Windows\System\OciNjOS.exe
  C:\Windows\System\OciNjOS.exe
  2⤵
  PID:1700
- C:\Windows\System\CdDllGW.exe
  C:\Windows\System\CdDllGW.exe
  2⤵
  PID:5780
- C:\Windows\System\lZIwsdB.exe
  C:\Windows\System\lZIwsdB.exe
  2⤵
  PID:5860
- C:\Windows\System\QzynqDN.exe
  C:\Windows\System\QzynqDN.exe
  2⤵
  PID:5928
- C:\Windows\System\TNmgFQa.exe
  C:\Windows\System\TNmgFQa.exe
  2⤵
  PID:6008
- C:\Windows\System\rUNLrMK.exe
  C:\Windows\System\rUNLrMK.exe
  2⤵
  PID:6052
- C:\Windows\System\JsNrZBG.exe
  C:\Windows\System\JsNrZBG.exe
  2⤵
  PID:6092
- C:\Windows\System\eNPvKIV.exe
  C:\Windows\System\eNPvKIV.exe
  2⤵
  PID:5832
- C:\Windows\System\TdlFNyh.exe
  C:\Windows\System\TdlFNyh.exe
  2⤵
  PID:6132
- C:\Windows\System\qmsdQpM.exe
  C:\Windows\System\qmsdQpM.exe
  2⤵
  PID:5152
- C:\Windows\System\LthpiEu.exe
  C:\Windows\System\LthpiEu.exe
  2⤵
  PID:5136
- C:\Windows\System\KrXBpRz.exe
  C:\Windows\System\KrXBpRz.exe
  2⤵
  PID:5804
- C:\Windows\System\SmccZLu.exe
  C:\Windows\System\SmccZLu.exe
  2⤵
  PID:6036
- C:\Windows\System\NrjyRlL.exe
  C:\Windows\System\NrjyRlL.exe
  2⤵
  PID:5984
- C:\Windows\System\KFVcyZS.exe
  C:\Windows\System\KFVcyZS.exe
  2⤵
  PID:6068
- C:\Windows\System\tEfTAue.exe
  C:\Windows\System\tEfTAue.exe
  2⤵
  PID:4040
- C:\Windows\System\snHpNiW.exe
  C:\Windows\System\snHpNiW.exe
  2⤵
  PID:1868
- C:\Windows\System\LZiakBS.exe
  C:\Windows\System\LZiakBS.exe
  2⤵
  PID:5228
- C:\Windows\System\ziocBCz.exe
  C:\Windows\System\ziocBCz.exe
  2⤵
  PID:5196
- C:\Windows\System\xOnsywm.exe
  C:\Windows\System\xOnsywm.exe
  2⤵
  PID:5496
- C:\Windows\System\rZDXdSF.exe
  C:\Windows\System\rZDXdSF.exe
  2⤵
  PID:5376
- C:\Windows\System\Sibwvyi.exe
  C:\Windows\System\Sibwvyi.exe
  2⤵
  PID:5276
- C:\Windows\System\OwYnaaJ.exe
  C:\Windows\System\OwYnaaJ.exe
  2⤵
  PID:5584
- C:\Windows\System\OXmqWAv.exe
  C:\Windows\System\OXmqWAv.exe
  2⤵
  PID:5672
- C:\Windows\System\HnRciTb.exe
  C:\Windows\System\HnRciTb.exe
  2⤵
  PID:5732
- C:\Windows\System\rdIedEt.exe
  C:\Windows\System\rdIedEt.exe
  2⤵
  PID:5412
- C:\Windows\System\qZNiwfA.exe
  C:\Windows\System\qZNiwfA.exe
  2⤵
  PID:5536
- C:\Windows\System\zlmVXHs.exe
  C:\Windows\System\zlmVXHs.exe
  2⤵
  PID:5964
- C:\Windows\System\voGCOwY.exe
  C:\Windows\System\voGCOwY.exe
  2⤵
  PID:6084
- C:\Windows\System\RoUVxQc.exe
  C:\Windows\System\RoUVxQc.exe
  2⤵
  PID:5844
- C:\Windows\System\qZrQBHl.exe
  C:\Windows\System\qZrQBHl.exe
  2⤵
  PID:5564
- C:\Windows\System\tIREzeH.exe
  C:\Windows\System\tIREzeH.exe
  2⤵
  PID:5752
- C:\Windows\System\KcfQQJV.exe
  C:\Windows\System\KcfQQJV.exe
  2⤵
  PID:6140
- C:\Windows\System\XiKUGna.exe
  C:\Windows\System\XiKUGna.exe
  2⤵
  PID:5892
- C:\Windows\System\OVPGbdC.exe
  C:\Windows\System\OVPGbdC.exe
  2⤵
  PID:6048
- C:\Windows\System\DyMfZTS.exe
  C:\Windows\System\DyMfZTS.exe
  2⤵
  PID:5668
- C:\Windows\System\LtuVhwn.exe
  C:\Windows\System\LtuVhwn.exe
  2⤵
  PID:5996
- C:\Windows\System\pUYulFo.exe
  C:\Windows\System\pUYulFo.exe
  2⤵
  PID:6112
- C:\Windows\System\mtioLGu.exe
  C:\Windows\System\mtioLGu.exe
  2⤵
  PID:5280
- C:\Windows\System\hGFadJI.exe
  C:\Windows\System\hGFadJI.exe
  2⤵
  PID:6116
- C:\Windows\System\sOTwSni.exe
  C:\Windows\System\sOTwSni.exe
  2⤵
  PID:5532
- C:\Windows\System\EsUjCAZ.exe
  C:\Windows\System\EsUjCAZ.exe
  2⤵
  PID:5580
- C:\Windows\System\JHBGegC.exe
  C:\Windows\System\JHBGegC.exe
  2⤵
  PID:5548
- C:\Windows\System\kglWfft.exe
  C:\Windows\System\kglWfft.exe
  2⤵
  PID:5048
- C:\Windows\System\tfzzGry.exe
  C:\Windows\System\tfzzGry.exe
  2⤵
  PID:5428
- C:\Windows\System\AulxIyM.exe
  C:\Windows\System\AulxIyM.exe
  2⤵
  PID:5704
- C:\Windows\System\xQBbRnj.exe
  C:\Windows\System\xQBbRnj.exe
  2⤵
  PID:5224
- C:\Windows\System\bxaFlAg.exe
  C:\Windows\System\bxaFlAg.exe
  2⤵
  PID:1760
- C:\Windows\System\EcXbRRa.exe
  C:\Windows\System\EcXbRRa.exe
  2⤵
  PID:5312
- C:\Windows\System\KFZOqcc.exe
  C:\Windows\System\KFZOqcc.exe
  2⤵
  PID:5596
- C:\Windows\System\wWdnRZE.exe
  C:\Windows\System\wWdnRZE.exe
  2⤵
  PID:4588
- C:\Windows\System\WfHnSWL.exe
  C:\Windows\System\WfHnSWL.exe
  2⤵
  PID:5800
- C:\Windows\System\iOflzTs.exe
  C:\Windows\System\iOflzTs.exe
  2⤵
  PID:1444
- C:\Windows\System\yyodbXQ.exe
  C:\Windows\System\yyodbXQ.exe
  2⤵
  PID:6188
- C:\Windows\System\iireKbq.exe
  C:\Windows\System\iireKbq.exe
  2⤵
  PID:6204
- C:\Windows\System\QOYvYeU.exe
  C:\Windows\System\QOYvYeU.exe
  2⤵
  PID:6220
- C:\Windows\System\aSpuRxT.exe
  C:\Windows\System\aSpuRxT.exe
  2⤵
  PID:6240
- C:\Windows\System\BLfzASu.exe
  C:\Windows\System\BLfzASu.exe
  2⤵
  PID:6260
- C:\Windows\System\nGgJasl.exe
  C:\Windows\System\nGgJasl.exe
  2⤵
  PID:6280
- C:\Windows\System\MMfYcHg.exe
  C:\Windows\System\MMfYcHg.exe
  2⤵
  PID:6304
- C:\Windows\System\dFmBnbO.exe
  C:\Windows\System\dFmBnbO.exe
  2⤵
  PID:6320
- C:\Windows\System\kaEBHTC.exe
  C:\Windows\System\kaEBHTC.exe
  2⤵
  PID:6336
- C:\Windows\System\TbRiuVJ.exe
  C:\Windows\System\TbRiuVJ.exe
  2⤵
  PID:6352
- C:\Windows\System\JMvsyeX.exe
  C:\Windows\System\JMvsyeX.exe
  2⤵
  PID:6368
- C:\Windows\System\aXvxxGL.exe
  C:\Windows\System\aXvxxGL.exe
  2⤵
  PID:6404
- C:\Windows\System\xiMoTJz.exe
  C:\Windows\System\xiMoTJz.exe
  2⤵
  PID:6424
- C:\Windows\System\WkSrDGW.exe
  C:\Windows\System\WkSrDGW.exe
  2⤵
  PID:6444
- C:\Windows\System\RHMRHpu.exe
  C:\Windows\System\RHMRHpu.exe
  2⤵
  PID:6460
- C:\Windows\System\xsjpnfm.exe
  C:\Windows\System\xsjpnfm.exe
  2⤵
  PID:6484
- C:\Windows\System\hqFBVIv.exe
  C:\Windows\System\hqFBVIv.exe
  2⤵
  PID:6500
- C:\Windows\System\cjeNNRu.exe
  C:\Windows\System\cjeNNRu.exe
  2⤵
  PID:6516
- C:\Windows\System\MtuaZaZ.exe
  C:\Windows\System\MtuaZaZ.exe
  2⤵
  PID:6536
- C:\Windows\System\ilGmpgk.exe
  C:\Windows\System\ilGmpgk.exe
  2⤵
  PID:6564
- C:\Windows\System\eCxgaBA.exe
  C:\Windows\System\eCxgaBA.exe
  2⤵
  PID:6580
- C:\Windows\System\TiOzsuM.exe
  C:\Windows\System\TiOzsuM.exe
  2⤵
  PID:6604
- C:\Windows\System\gvIuvWt.exe
  C:\Windows\System\gvIuvWt.exe
  2⤵
  PID:6620
- C:\Windows\System\fpUuzqU.exe
  C:\Windows\System\fpUuzqU.exe
  2⤵
  PID:6640
- C:\Windows\System\HowKDMM.exe
  C:\Windows\System\HowKDMM.exe
  2⤵
  PID:6656
- C:\Windows\System\iSoHHiq.exe
  C:\Windows\System\iSoHHiq.exe
  2⤵
  PID:6672
- C:\Windows\System\AXGWcls.exe
  C:\Windows\System\AXGWcls.exe
  2⤵
  PID:6692
- C:\Windows\System\dcslgGX.exe
  C:\Windows\System\dcslgGX.exe
  2⤵
  PID:6708
- C:\Windows\System\wGZafSE.exe
  C:\Windows\System\wGZafSE.exe
  2⤵
  PID:6724
- C:\Windows\System\KVgFfWa.exe
  C:\Windows\System\KVgFfWa.exe
  2⤵
  PID:6740
- C:\Windows\System\EEqitXt.exe
  C:\Windows\System\EEqitXt.exe
  2⤵
  PID:6796
- C:\Windows\System\PlFvqdz.exe
  C:\Windows\System\PlFvqdz.exe
  2⤵
  PID:6816
- C:\Windows\System\zXYrQgt.exe
  C:\Windows\System\zXYrQgt.exe
  2⤵
  PID:6836
- C:\Windows\System\YfryuMQ.exe
  C:\Windows\System\YfryuMQ.exe
  2⤵
  PID:6852
- C:\Windows\System\nsahUGZ.exe
  C:\Windows\System\nsahUGZ.exe
  2⤵
  PID:6868
- C:\Windows\System\oJzhYhT.exe
  C:\Windows\System\oJzhYhT.exe
  2⤵
  PID:6896
- C:\Windows\System\FaUAeUW.exe
  C:\Windows\System\FaUAeUW.exe
  2⤵
  PID:6912
- C:\Windows\System\oBzBBTf.exe
  C:\Windows\System\oBzBBTf.exe
  2⤵
  PID:6928
- C:\Windows\System\WfzeWsL.exe
  C:\Windows\System\WfzeWsL.exe
  2⤵
  PID:6944
- C:\Windows\System\oRNNYYd.exe
  C:\Windows\System\oRNNYYd.exe
  2⤵
  PID:6964
- C:\Windows\System\XCQgrek.exe
  C:\Windows\System\XCQgrek.exe
  2⤵
  PID:6980
- C:\Windows\System\wxPHFYH.exe
  C:\Windows\System\wxPHFYH.exe
  2⤵
  PID:6996
- C:\Windows\System\GGBJJUz.exe
  C:\Windows\System\GGBJJUz.exe
  2⤵
  PID:7012
- C:\Windows\System\uvjZqbo.exe
  C:\Windows\System\uvjZqbo.exe
  2⤵
  PID:7028
- C:\Windows\System\kBflBtg.exe
  C:\Windows\System\kBflBtg.exe
  2⤵
  PID:7044
- C:\Windows\System\dADYiWR.exe
  C:\Windows\System\dADYiWR.exe
  2⤵
  PID:7064
- C:\Windows\System\aEqUogU.exe
  C:\Windows\System\aEqUogU.exe
  2⤵
  PID:7080
- C:\Windows\System\AzgXXUy.exe
  C:\Windows\System\AzgXXUy.exe
  2⤵
  PID:7096
- C:\Windows\System\SXKcDXM.exe
  C:\Windows\System\SXKcDXM.exe
  2⤵
  PID:7148
- C:\Windows\System\BJRzkrx.exe
  C:\Windows\System\BJRzkrx.exe
  2⤵
  PID:7164
- C:\Windows\System\fOJacQa.exe
  C:\Windows\System\fOJacQa.exe
  2⤵
  PID:3236
- C:\Windows\System\MRlgFsa.exe
  C:\Windows\System\MRlgFsa.exe
  2⤵
  PID:5476
- C:\Windows\System\OQPOYhH.exe
  C:\Windows\System\OQPOYhH.exe
  2⤵
  PID:4612
- C:\Windows\System\qVNWOUx.exe
  C:\Windows\System\qVNWOUx.exe
  2⤵
  PID:6168
- C:\Windows\System\WxcwOKK.exe
  C:\Windows\System\WxcwOKK.exe
  2⤵
  PID:6180
- C:\Windows\System\YQvIOUM.exe
  C:\Windows\System\YQvIOUM.exe
  2⤵
  PID:5820
- C:\Windows\System\gKewlQS.exe
  C:\Windows\System\gKewlQS.exe
  2⤵
  PID:6128
- C:\Windows\System\CnVxBDs.exe
  C:\Windows\System\CnVxBDs.exe
  2⤵
  PID:6200
- C:\Windows\System\PpEiKGr.exe
  C:\Windows\System\PpEiKGr.exe
  2⤵
  PID:6276
- C:\Windows\System\pdLwAHK.exe
  C:\Windows\System\pdLwAHK.exe
  2⤵
  PID:6216
- C:\Windows\System\AgKhYgO.exe
  C:\Windows\System\AgKhYgO.exe
  2⤵
  PID:6252
- C:\Windows\System\WtSRTRJ.exe
  C:\Windows\System\WtSRTRJ.exe
  2⤵
  PID:6348
- C:\Windows\System\DfGAcvT.exe
  C:\Windows\System\DfGAcvT.exe
  2⤵
  PID:6300
- C:\Windows\System\hNCWQfd.exe
  C:\Windows\System\hNCWQfd.exe
  2⤵
  PID:6388
- C:\Windows\System\DQEJgzC.exe
  C:\Windows\System\DQEJgzC.exe
  2⤵
  PID:6432
- C:\Windows\System\oFULbxk.exe
  C:\Windows\System\oFULbxk.exe
  2⤵
  PID:6476
- C:\Windows\System\IalNWMQ.exe
  C:\Windows\System\IalNWMQ.exe
  2⤵
  PID:6456
- C:\Windows\System\IcbqCvN.exe
  C:\Windows\System\IcbqCvN.exe
  2⤵
  PID:6496
- C:\Windows\System\mfvZtTy.exe
  C:\Windows\System\mfvZtTy.exe
  2⤵
  PID:6524
- C:\Windows\System\FvRewyl.exe
  C:\Windows\System\FvRewyl.exe
  2⤵
  PID:6556
- C:\Windows\System\MCTKJdC.exe
  C:\Windows\System\MCTKJdC.exe
  2⤵
  PID:6576
- C:\Windows\System\LwkOiVc.exe
  C:\Windows\System\LwkOiVc.exe
  2⤵
  PID:6632
- C:\Windows\System\AGNSQMY.exe
  C:\Windows\System\AGNSQMY.exe
  2⤵
  PID:6732
- C:\Windows\System\uISUhuF.exe
  C:\Windows\System\uISUhuF.exe
  2⤵
  PID:6720
- C:\Windows\System\uPqMpju.exe
  C:\Windows\System\uPqMpju.exe
  2⤵
  PID:6760
- C:\Windows\System\OwxEcuK.exe
  C:\Windows\System\OwxEcuK.exe
  2⤵
  PID:5632
- C:\Windows\System\GOMLAhV.exe
  C:\Windows\System\GOMLAhV.exe
  2⤵
  PID:2132
- C:\Windows\System\YSKyxfz.exe
  C:\Windows\System\YSKyxfz.exe
  2⤵
  PID:6756
- C:\Windows\System\yoikNyq.exe
  C:\Windows\System\yoikNyq.exe
  2⤵
  PID:6824
- C:\Windows\System\oqSHAIz.exe
  C:\Windows\System\oqSHAIz.exe
  2⤵
  PID:6848
- C:\Windows\System\qJJVLvj.exe
  C:\Windows\System\qJJVLvj.exe
  2⤵
  PID:6880
- C:\Windows\System\qfvZLfc.exe
  C:\Windows\System\qfvZLfc.exe
  2⤵
  PID:6972
- C:\Windows\System\xQnyghK.exe
  C:\Windows\System\xQnyghK.exe
  2⤵
  PID:7036
- C:\Windows\System\kfQtuwZ.exe
  C:\Windows\System\kfQtuwZ.exe
  2⤵
  PID:7120
- C:\Windows\System\AVyKAnk.exe
  C:\Windows\System\AVyKAnk.exe
  2⤵
  PID:7112
- C:\Windows\System\cpqYmEP.exe
  C:\Windows\System\cpqYmEP.exe
  2⤵
  PID:7136
- C:\Windows\System\WoqGvLK.exe
  C:\Windows\System\WoqGvLK.exe
  2⤵
  PID:6956
- C:\Windows\System\fQPxUSO.exe
  C:\Windows\System\fQPxUSO.exe
  2⤵
  PID:7056
- C:\Windows\System\ovGoeOn.exe
  C:\Windows\System\ovGoeOn.exe
  2⤵
  PID:2456
- C:\Windows\System\VgEhGeh.exe
  C:\Windows\System\VgEhGeh.exe
  2⤵
  PID:5768
- C:\Windows\System\RwktfKL.exe
  C:\Windows\System\RwktfKL.exe
  2⤵
  PID:5500
- C:\Windows\System\qVavcqD.exe
  C:\Windows\System\qVavcqD.exe
  2⤵
  PID:6184
- C:\Windows\System\jrmjvoH.exe
  C:\Windows\System\jrmjvoH.exe
  2⤵
  PID:5644
- C:\Windows\System\DgeXUPe.exe
  C:\Windows\System\DgeXUPe.exe
  2⤵
  PID:6312
- C:\Windows\System\vAGaZoO.exe
  C:\Windows\System\vAGaZoO.exe
  2⤵
  PID:6384
- C:\Windows\System\Fomwmxm.exe
  C:\Windows\System\Fomwmxm.exe
  2⤵
  PID:6544
- C:\Windows\System\jyjsmJz.exe
  C:\Windows\System\jyjsmJz.exe
  2⤵
  PID:6088
- C:\Windows\System\SaHUHst.exe
  C:\Windows\System\SaHUHst.exe
  2⤵
  PID:6636
- C:\Windows\System\CDVDCQU.exe
  C:\Windows\System\CDVDCQU.exe
  2⤵
  PID:6508
- C:\Windows\System\MhmdQOG.exe
  C:\Windows\System\MhmdQOG.exe
  2⤵
  PID:6592
- C:\Windows\System\ZaaRHdJ.exe
  C:\Windows\System\ZaaRHdJ.exe
  2⤵
  PID:3432
- C:\Windows\System\PULRkLP.exe
  C:\Windows\System\PULRkLP.exe
  2⤵
  PID:6684
- C:\Windows\System\ZJJJUsF.exe
  C:\Windows\System\ZJJJUsF.exe
  2⤵
  PID:6332
- C:\Windows\System\utToGwD.exe
  C:\Windows\System\utToGwD.exe
  2⤵
  PID:6784
- C:\Windows\System\pQhQGbs.exe
  C:\Windows\System\pQhQGbs.exe
  2⤵
  PID:1380
- C:\Windows\System\dJAhOVE.exe
  C:\Windows\System\dJAhOVE.exe
  2⤵
  PID:6892
- C:\Windows\System\UzfrKzD.exe
  C:\Windows\System\UzfrKzD.exe
  2⤵
  PID:6700
- C:\Windows\System\KsXJCYf.exe
  C:\Windows\System\KsXJCYf.exe
  2⤵
  PID:2300
- C:\Windows\System\BnuxUTK.exe
  C:\Windows\System\BnuxUTK.exe
  2⤵
  PID:2452
- C:\Windows\System\KxpToVd.exe
  C:\Windows\System\KxpToVd.exe
  2⤵
  PID:3404
- C:\Windows\System\pYZbZUR.exe
  C:\Windows\System\pYZbZUR.exe
  2⤵
  PID:6988
- C:\Windows\System\idJlUKp.exe
  C:\Windows\System\idJlUKp.exe
  2⤵
  PID:7156
- C:\Windows\System\ESgFukf.exe
  C:\Windows\System\ESgFukf.exe
  2⤵
  PID:1840
- C:\Windows\System\YewlDbX.exe
  C:\Windows\System\YewlDbX.exe
  2⤵
  PID:6156
- C:\Windows\System\WYQqfPR.exe
  C:\Windows\System\WYQqfPR.exe
  2⤵
  PID:6160
- C:\Windows\System\QhruVMk.exe
  C:\Windows\System\QhruVMk.exe
  2⤵
  PID:6212
- C:\Windows\System\fDZkmwt.exe
  C:\Windows\System\fDZkmwt.exe
  2⤵
  PID:6468
- C:\Windows\System\BOAhKxQ.exe
  C:\Windows\System\BOAhKxQ.exe
  2⤵
  PID:6528
- C:\Windows\System\oPAYCMu.exe
  C:\Windows\System\oPAYCMu.exe
  2⤵
  PID:6628
- C:\Windows\System\AItVRfn.exe
  C:\Windows\System\AItVRfn.exe
  2⤵
  PID:6412
- C:\Windows\System\kbExLKL.exe
  C:\Windows\System\kbExLKL.exe
  2⤵
  PID:6268
- C:\Windows\System\bEdlDSJ.exe
  C:\Windows\System\bEdlDSJ.exe
  2⤵
  PID:6652
- C:\Windows\System\lolYwJW.exe
  C:\Windows\System\lolYwJW.exe
  2⤵
  PID:6776
- C:\Windows\System\ybnnShx.exe
  C:\Windows\System\ybnnShx.exe
  2⤵
  PID:6844
- C:\Windows\System\fyjMYkZ.exe
  C:\Windows\System\fyjMYkZ.exe
  2⤵
  PID:7004
- C:\Windows\System\hzifwzH.exe
  C:\Windows\System\hzifwzH.exe
  2⤵
  PID:6904
- C:\Windows\System\wFeMgce.exe
  C:\Windows\System\wFeMgce.exe
  2⤵
  PID:6936
- C:\Windows\System\ZcpyIfW.exe
  C:\Windows\System\ZcpyIfW.exe
  2⤵
  PID:5600
- C:\Windows\System\DnUbzGI.exe
  C:\Windows\System\DnUbzGI.exe
  2⤵
  PID:7040
- C:\Windows\System\llymVfI.exe
  C:\Windows\System\llymVfI.exe
  2⤵
  PID:5880
- C:\Windows\System\lRJwMKF.exe
  C:\Windows\System\lRJwMKF.exe
  2⤵
  PID:6196
- C:\Windows\System\WCbBZMF.exe
  C:\Windows\System\WCbBZMF.exe
  2⤵
  PID:6380
- C:\Windows\System\cenGFkS.exe
  C:\Windows\System\cenGFkS.exe
  2⤵
  PID:6548
- C:\Windows\System\JANgSax.exe
  C:\Windows\System\JANgSax.exe
  2⤵
  PID:6344
- C:\Windows\System\uZKqHbD.exe
  C:\Windows\System\uZKqHbD.exe
  2⤵
  PID:936
- C:\Windows\System\iVpDKMu.exe
  C:\Windows\System\iVpDKMu.exe
  2⤵
  PID:6940
- C:\Windows\System\ngqOmpA.exe
  C:\Windows\System\ngqOmpA.exe
  2⤵
  PID:1292
- C:\Windows\System\FcXJVfD.exe
  C:\Windows\System\FcXJVfD.exe
  2⤵
  PID:7024
- C:\Windows\System\JKrHhxL.exe
  C:\Windows\System\JKrHhxL.exe
  2⤵
  PID:836
- C:\Windows\System\GtMAAdX.exe
  C:\Windows\System\GtMAAdX.exe
  2⤵
  PID:6864
- C:\Windows\System\VuTRViX.exe
  C:\Windows\System\VuTRViX.exe
  2⤵
  PID:6772
- C:\Windows\System\APCcjuR.exe
  C:\Windows\System\APCcjuR.exe
  2⤵
  PID:6472
- C:\Windows\System\HORaxpU.exe
  C:\Windows\System\HORaxpU.exe
  2⤵
  PID:592
- C:\Windows\System\RgVZdaA.exe
  C:\Windows\System\RgVZdaA.exe
  2⤵
  PID:6492
- C:\Windows\System\jKJmUuB.exe
  C:\Windows\System\jKJmUuB.exe
  2⤵
  PID:6588
- C:\Windows\System\tFpXrty.exe
  C:\Windows\System\tFpXrty.exe
  2⤵
  PID:6680
- C:\Windows\System\qGbNuBr.exe
  C:\Windows\System\qGbNuBr.exe
  2⤵
  PID:6176
- C:\Windows\System\eJyqJgx.exe
  C:\Windows\System\eJyqJgx.exe
  2⤵
  PID:7200
- C:\Windows\System\LjdxaCE.exe
  C:\Windows\System\LjdxaCE.exe
  2⤵
  PID:7216
- C:\Windows\System\DYASosD.exe
  C:\Windows\System\DYASosD.exe
  2⤵
  PID:7240
- C:\Windows\System\kDQTked.exe
  C:\Windows\System\kDQTked.exe
  2⤵
  PID:7256
- C:\Windows\System\cJhVtzi.exe
  C:\Windows\System\cJhVtzi.exe
  2⤵
  PID:7272
- C:\Windows\System\ibtITbd.exe
  C:\Windows\System\ibtITbd.exe
  2⤵
  PID:7308
- C:\Windows\System\AnMIXdH.exe
  C:\Windows\System\AnMIXdH.exe
  2⤵
  PID:7324
- C:\Windows\System\LdQZnsT.exe
  C:\Windows\System\LdQZnsT.exe
  2⤵
  PID:7340
- C:\Windows\System\LMtbuAx.exe
  C:\Windows\System\LMtbuAx.exe
  2⤵
  PID:7356
- C:\Windows\System\DyxIhwW.exe
  C:\Windows\System\DyxIhwW.exe
  2⤵
  PID:7372
- C:\Windows\System\pyvNZtO.exe
  C:\Windows\System\pyvNZtO.exe
  2⤵
  PID:7388
- C:\Windows\System\NUGkwtm.exe
  C:\Windows\System\NUGkwtm.exe
  2⤵
  PID:7404
- C:\Windows\System\hiWBSSu.exe
  C:\Windows\System\hiWBSSu.exe
  2⤵
  PID:7420
- C:\Windows\System\ztlolBs.exe
  C:\Windows\System\ztlolBs.exe
  2⤵
  PID:7436
- C:\Windows\System\rLHQqUB.exe
  C:\Windows\System\rLHQqUB.exe
  2⤵
  PID:7452
- C:\Windows\System\CSvKQPk.exe
  C:\Windows\System\CSvKQPk.exe
  2⤵
  PID:7480
- C:\Windows\System\MOqnFbn.exe
  C:\Windows\System\MOqnFbn.exe
  2⤵
  PID:7512
- C:\Windows\System\jZejHwn.exe
  C:\Windows\System\jZejHwn.exe
  2⤵
  PID:7532
- C:\Windows\System\HziQwxM.exe
  C:\Windows\System\HziQwxM.exe
  2⤵
  PID:7568
- C:\Windows\System\IdnJyDZ.exe
  C:\Windows\System\IdnJyDZ.exe
  2⤵
  PID:7584
- C:\Windows\System\TEvLnpZ.exe
  C:\Windows\System\TEvLnpZ.exe
  2⤵
  PID:7604
- C:\Windows\System\icLrDnZ.exe
  C:\Windows\System\icLrDnZ.exe
  2⤵
  PID:7624
- C:\Windows\System\CfqlFwz.exe
  C:\Windows\System\CfqlFwz.exe
  2⤵
  PID:7644
- C:\Windows\System\fnbgEPn.exe
  C:\Windows\System\fnbgEPn.exe
  2⤵
  PID:7660
- C:\Windows\System\uegmbNc.exe
  C:\Windows\System\uegmbNc.exe
  2⤵
  PID:7684
- C:\Windows\System\FcASivU.exe
  C:\Windows\System\FcASivU.exe
  2⤵
  PID:7700
- C:\Windows\System\JWReqMh.exe
  C:\Windows\System\JWReqMh.exe
  2⤵
  PID:7720
- C:\Windows\System\PcYMooB.exe
  C:\Windows\System\PcYMooB.exe
  2⤵
  PID:7740
- C:\Windows\System\WKZnkYx.exe
  C:\Windows\System\WKZnkYx.exe
  2⤵
  PID:7756
- C:\Windows\System\pLzgvAE.exe
  C:\Windows\System\pLzgvAE.exe
  2⤵
  PID:7780
- C:\Windows\System\GMVELiw.exe
  C:\Windows\System\GMVELiw.exe
  2⤵
  PID:7804
- C:\Windows\System\nVVptcI.exe
  C:\Windows\System\nVVptcI.exe
  2⤵
  PID:7824
- C:\Windows\System\ovNqPDN.exe
  C:\Windows\System\ovNqPDN.exe
  2⤵
  PID:7848
- C:\Windows\System\RoRnfPM.exe
  C:\Windows\System\RoRnfPM.exe
  2⤵
  PID:7868
- C:\Windows\System\NHyRNnU.exe
  C:\Windows\System\NHyRNnU.exe
  2⤵
  PID:7888
- C:\Windows\System\tOoDJBV.exe
  C:\Windows\System\tOoDJBV.exe
  2⤵
  PID:7904
- C:\Windows\System\GrTPonC.exe
  C:\Windows\System\GrTPonC.exe
  2⤵
  PID:7924
- C:\Windows\System\HhrgmHK.exe
  C:\Windows\System\HhrgmHK.exe
  2⤵
  PID:7940
- C:\Windows\System\cWuYmpA.exe
  C:\Windows\System\cWuYmpA.exe
  2⤵
  PID:7956
- C:\Windows\System\kGMlBWW.exe
  C:\Windows\System\kGMlBWW.exe
  2⤵
  PID:7980
- C:\Windows\System\emQAIBr.exe
  C:\Windows\System\emQAIBr.exe
  2⤵
  PID:8000
- C:\Windows\System\ULNrxmp.exe
  C:\Windows\System\ULNrxmp.exe
  2⤵
  PID:8024
- C:\Windows\System\GhEFAdy.exe
  C:\Windows\System\GhEFAdy.exe
  2⤵
  PID:8040
- C:\Windows\System\cczpBcv.exe
  C:\Windows\System\cczpBcv.exe
  2⤵
  PID:8064
- C:\Windows\System\vyOHUpc.exe
  C:\Windows\System\vyOHUpc.exe
  2⤵
  PID:8084
- C:\Windows\System\vkNXgrY.exe
  C:\Windows\System\vkNXgrY.exe
  2⤵
  PID:8108
- C:\Windows\System\yPNrlFb.exe
  C:\Windows\System\yPNrlFb.exe
  2⤵
  PID:8128
- C:\Windows\System\VjQSJij.exe
  C:\Windows\System\VjQSJij.exe
  2⤵
  PID:8144
- C:\Windows\System\YejupwM.exe
  C:\Windows\System\YejupwM.exe
  2⤵
  PID:8160
- C:\Windows\System\tVdcFXT.exe
  C:\Windows\System\tVdcFXT.exe
  2⤵
  PID:8180
- C:\Windows\System\iAjyzSO.exe
  C:\Windows\System\iAjyzSO.exe
  2⤵
  PID:7180
- C:\Windows\System\xGTgGXS.exe
  C:\Windows\System\xGTgGXS.exe
  2⤵
  PID:7192
- C:\Windows\System\ISVAYEY.exe
  C:\Windows\System\ISVAYEY.exe
  2⤵
  PID:7232
- C:\Windows\System\eKgMKkr.exe
  C:\Windows\System\eKgMKkr.exe
  2⤵
  PID:6236
- C:\Windows\System\YwhwrCA.exe
  C:\Windows\System\YwhwrCA.exe
  2⤵
  PID:7288
- C:\Windows\System\aULrrPw.exe
  C:\Windows\System\aULrrPw.exe
  2⤵
  PID:7300
- C:\Windows\System\JPLzCnk.exe
  C:\Windows\System\JPLzCnk.exe
  2⤵
  PID:7352
- C:\Windows\System\hNBQtJy.exe
  C:\Windows\System\hNBQtJy.exe
  2⤵
  PID:7384
- C:\Windows\System\tzDTEGk.exe
  C:\Windows\System\tzDTEGk.exe
  2⤵
  PID:7336
- C:\Windows\System\LCBmmkd.exe
  C:\Windows\System\LCBmmkd.exe
  2⤵
  PID:7500
- C:\Windows\System\YUlDaUW.exe
  C:\Windows\System\YUlDaUW.exe
  2⤵
  PID:7544
- C:\Windows\System\YPOaWzR.exe
  C:\Windows\System\YPOaWzR.exe
  2⤵
  PID:7560
- C:\Windows\System\PnEkwip.exe
  C:\Windows\System\PnEkwip.exe
  2⤵
  PID:7520
- C:\Windows\System\GrWtQPJ.exe
  C:\Windows\System\GrWtQPJ.exe
  2⤵
  PID:7564
- C:\Windows\System\PVZtuGb.exe
  C:\Windows\System\PVZtuGb.exe
  2⤵
  PID:6792
- C:\Windows\System\MNSQbOR.exe
  C:\Windows\System\MNSQbOR.exe
  2⤵
  PID:7620
- C:\Windows\System\QOtTlZX.exe
  C:\Windows\System\QOtTlZX.exe
  2⤵
  PID:7680
- C:\Windows\System\pjiLTsP.exe
  C:\Windows\System\pjiLTsP.exe
  2⤵
  PID:7708
- C:\Windows\System\muWMaJB.exe
  C:\Windows\System\muWMaJB.exe
  2⤵
  PID:7748
- C:\Windows\System\XbYOJUq.exe
  C:\Windows\System\XbYOJUq.exe
  2⤵
  PID:7796
- C:\Windows\System\nchZpfP.exe
  C:\Windows\System\nchZpfP.exe
  2⤵
  PID:7776
- C:\Windows\System\XAuEtvX.exe
  C:\Windows\System\XAuEtvX.exe
  2⤵
  PID:7844
- C:\Windows\System\rnFdFiu.exe
  C:\Windows\System\rnFdFiu.exe
  2⤵
  PID:7864
- C:\Windows\System\AkzhogG.exe
  C:\Windows\System\AkzhogG.exe
  2⤵
  PID:7916
- C:\Windows\System\FHKnpUv.exe
  C:\Windows\System\FHKnpUv.exe
  2⤵
  PID:7932
- C:\Windows\System\HyzVswp.exe
  C:\Windows\System\HyzVswp.exe
  2⤵
  PID:8032
- C:\Windows\System\SvZKlEO.exe
  C:\Windows\System\SvZKlEO.exe
  2⤵
  PID:8072
- C:\Windows\System\KGlpvEP.exe
  C:\Windows\System\KGlpvEP.exe
  2⤵
  PID:7968
- C:\Windows\System\gBIKCKD.exe
  C:\Windows\System\gBIKCKD.exe
  2⤵
  PID:8060
- C:\Windows\System\woXJRIc.exe
  C:\Windows\System\woXJRIc.exe
  2⤵
  PID:8100
- C:\Windows\System\LYyLEyj.exe
  C:\Windows\System\LYyLEyj.exe
  2⤵
  PID:7176
- C:\Windows\System\SHKhvnj.exe
  C:\Windows\System\SHKhvnj.exe
  2⤵
  PID:7236
- C:\Windows\System\yhoYvYh.exe
  C:\Windows\System\yhoYvYh.exe
  2⤵
  PID:7292
- C:\Windows\System\KumxDGn.exe
  C:\Windows\System\KumxDGn.exe
  2⤵
  PID:7416
- C:\Windows\System\NzHKXAQ.exe
  C:\Windows\System\NzHKXAQ.exe
  2⤵
  PID:7316
- C:\Windows\System\fdtgySu.exe
  C:\Windows\System\fdtgySu.exe
  2⤵
  PID:6616
- C:\Windows\System\XyMPWXl.exe
  C:\Windows\System\XyMPWXl.exe
  2⤵
  PID:7508
- C:\Windows\System\hznqoNp.exe
  C:\Windows\System\hznqoNp.exe
  2⤵
  PID:7400
- C:\Windows\System\JlxuyIH.exe
  C:\Windows\System\JlxuyIH.exe
  2⤵
  PID:7556
- C:\Windows\System\aUhLJUn.exe
  C:\Windows\System\aUhLJUn.exe
  2⤵
  PID:7596
- C:\Windows\System\ZmAljoO.exe
  C:\Windows\System\ZmAljoO.exe
  2⤵
  PID:7716
- C:\Windows\System\dewfUKP.exe
  C:\Windows\System\dewfUKP.exe
  2⤵
  PID:7448
- C:\Windows\System\fCnJBDV.exe
  C:\Windows\System\fCnJBDV.exe
  2⤵
  PID:7496
- C:\Windows\System\pRDRqvE.exe
  C:\Windows\System\pRDRqvE.exe
  2⤵
  PID:1572
- C:\Windows\System\sPCCRdL.exe
  C:\Windows\System\sPCCRdL.exe
  2⤵
  PID:7612
- C:\Windows\System\BqdpveJ.exe
  C:\Windows\System\BqdpveJ.exe
  2⤵
  PID:7676
- C:\Windows\System\YVpwCNF.exe
  C:\Windows\System\YVpwCNF.exe
  2⤵
  PID:7880
- C:\Windows\System\YhkyUEc.exe
  C:\Windows\System\YhkyUEc.exe
  2⤵
  PID:8008
- C:\Windows\System\eyOloGg.exe
  C:\Windows\System\eyOloGg.exe
  2⤵
  PID:7936
- C:\Windows\System\ruhnIxf.exe
  C:\Windows\System\ruhnIxf.exe
  2⤵
  PID:8016
- C:\Windows\System\FJmcfjj.exe
  C:\Windows\System\FJmcfjj.exe
  2⤵
  PID:8156
- C:\Windows\System\FVyKwuc.exe
  C:\Windows\System\FVyKwuc.exe
  2⤵
  PID:8168
- C:\Windows\System\lZXwnLN.exe
  C:\Windows\System\lZXwnLN.exe
  2⤵
  PID:6924
- C:\Windows\System\dPaXtUG.exe
  C:\Windows\System\dPaXtUG.exe
  2⤵
  PID:7348
- C:\Windows\System\qHaTFEn.exe
  C:\Windows\System\qHaTFEn.exe
  2⤵
  PID:7464
- C:\Windows\System\THnuhVd.exe
  C:\Windows\System\THnuhVd.exe
  2⤵
  PID:7592
- C:\Windows\System\NppPYdx.exe
  C:\Windows\System\NppPYdx.exe
  2⤵
  PID:7332
- C:\Windows\System\UQkZcYj.exe
  C:\Windows\System\UQkZcYj.exe
  2⤵
  PID:7772
- C:\Windows\System\nbyoDnj.exe
  C:\Windows\System\nbyoDnj.exe
  2⤵
  PID:7856
- C:\Windows\System\WdreWcj.exe
  C:\Windows\System\WdreWcj.exe
  2⤵
  PID:7792
- C:\Windows\System\fxYKudZ.exe
  C:\Windows\System\fxYKudZ.exe
  2⤵
  PID:7896
- C:\Windows\System\NoKFWDF.exe
  C:\Windows\System\NoKFWDF.exe
  2⤵
  PID:8120
- C:\Windows\System\tePRPXx.exe
  C:\Windows\System\tePRPXx.exe
  2⤵
  PID:7280
- C:\Windows\System\TWdCdPx.exe
  C:\Windows\System\TWdCdPx.exe
  2⤵
  PID:7920
- C:\Windows\System\WkMjogA.exe
  C:\Windows\System\WkMjogA.exe
  2⤵
  PID:8172
- C:\Windows\System\DbQQQTQ.exe
  C:\Windows\System\DbQQQTQ.exe
  2⤵
  PID:7736
- C:\Windows\System\GKIRjVQ.exe
  C:\Windows\System\GKIRjVQ.exe
  2⤵
  PID:7712
- C:\Windows\System\RqSAELV.exe
  C:\Windows\System\RqSAELV.exe
  2⤵
  PID:7656
- C:\Windows\System\itzJmYH.exe
  C:\Windows\System\itzJmYH.exe
  2⤵
  PID:7616
- C:\Windows\System\cpWqeTC.exe
  C:\Windows\System\cpWqeTC.exe
  2⤵
  PID:7972
- C:\Windows\System\ozHcqYH.exe
  C:\Windows\System\ozHcqYH.exe
  2⤵
  PID:8056
- C:\Windows\System\LeZwlEt.exe
  C:\Windows\System\LeZwlEt.exe
  2⤵
  PID:7296
- C:\Windows\System\oCIftvb.exe
  C:\Windows\System\oCIftvb.exe
  2⤵
  PID:7396
- C:\Windows\System\uGWUiWY.exe
  C:\Windows\System\uGWUiWY.exe
  2⤵
  PID:7884
- C:\Windows\System\kgdtywh.exe
  C:\Windows\System\kgdtywh.exe
  2⤵
  PID:7696
- C:\Windows\System\siQspkd.exe
  C:\Windows\System\siQspkd.exe
  2⤵
  PID:7492
- C:\Windows\System\YrrKbmg.exe
  C:\Windows\System\YrrKbmg.exe
  2⤵
  PID:7816
- C:\Windows\System\nPrZydX.exe
  C:\Windows\System\nPrZydX.exe
  2⤵
  PID:7576
- C:\Windows\System\lyZTksE.exe
  C:\Windows\System\lyZTksE.exe
  2⤵
  PID:7432
- C:\Windows\System\KdmbfIv.exe
  C:\Windows\System\KdmbfIv.exe
  2⤵
  PID:8200
- C:\Windows\System\zfJxmnH.exe
  C:\Windows\System\zfJxmnH.exe
  2⤵
  PID:8216
- C:\Windows\System\uDmswaE.exe
  C:\Windows\System\uDmswaE.exe
  2⤵
  PID:8236
- C:\Windows\System\DSFbKpO.exe
  C:\Windows\System\DSFbKpO.exe
  2⤵
  PID:8260
- C:\Windows\System\fdvblXx.exe
  C:\Windows\System\fdvblXx.exe
  2⤵
  PID:8280
- C:\Windows\System\tVLdNUy.exe
  C:\Windows\System\tVLdNUy.exe
  2⤵
  PID:8300
- C:\Windows\System\JrjAIfM.exe
  C:\Windows\System\JrjAIfM.exe
  2⤵
  PID:8316
- C:\Windows\System\TMNeqfa.exe
  C:\Windows\System\TMNeqfa.exe
  2⤵
  PID:8332
- C:\Windows\System\AKoSuGP.exe
  C:\Windows\System\AKoSuGP.exe
  2⤵
  PID:8352
- C:\Windows\System\ufcFxUV.exe
  C:\Windows\System\ufcFxUV.exe
  2⤵
  PID:8376
- C:\Windows\System\lwpoxPa.exe
  C:\Windows\System\lwpoxPa.exe
  2⤵
  PID:8392
- C:\Windows\System\kcybwzT.exe
  C:\Windows\System\kcybwzT.exe
  2⤵
  PID:8408
- C:\Windows\System\WIdRaTt.exe
  C:\Windows\System\WIdRaTt.exe
  2⤵
  PID:8424
- C:\Windows\System\oopGxos.exe
  C:\Windows\System\oopGxos.exe
  2⤵
  PID:8448
- C:\Windows\System\cVGYpVw.exe
  C:\Windows\System\cVGYpVw.exe
  2⤵
  PID:8464
- C:\Windows\System\qLvNFNi.exe
  C:\Windows\System\qLvNFNi.exe
  2⤵
  PID:8480
- C:\Windows\System\nsLnvzW.exe
  C:\Windows\System\nsLnvzW.exe
  2⤵
  PID:8500
- C:\Windows\System\ihEgWJT.exe
  C:\Windows\System\ihEgWJT.exe
  2⤵
  PID:8524
- C:\Windows\System\cwhyNfJ.exe
  C:\Windows\System\cwhyNfJ.exe
  2⤵
  PID:8540
- C:\Windows\System\cgMeArc.exe
  C:\Windows\System\cgMeArc.exe
  2⤵
  PID:8568
- C:\Windows\System\fwQvnkV.exe
  C:\Windows\System\fwQvnkV.exe
  2⤵
  PID:8584
- C:\Windows\System\nmrbodF.exe
  C:\Windows\System\nmrbodF.exe
  2⤵
  PID:8644
- C:\Windows\System\IRhkVHP.exe
  C:\Windows\System\IRhkVHP.exe
  2⤵
  PID:8660
- C:\Windows\System\YJgcrPC.exe
  C:\Windows\System\YJgcrPC.exe
  2⤵
  PID:8676
- C:\Windows\System\BwclLCP.exe
  C:\Windows\System\BwclLCP.exe
  2⤵
  PID:8692
- C:\Windows\System\jFaYAWU.exe
  C:\Windows\System\jFaYAWU.exe
  2⤵
  PID:8708
- C:\Windows\System\fldsOYE.exe
  C:\Windows\System\fldsOYE.exe
  2⤵
  PID:8740
- C:\Windows\System\aWcDRAa.exe
  C:\Windows\System\aWcDRAa.exe
  2⤵
  PID:8756
- C:\Windows\System\hUnEzSj.exe
  C:\Windows\System\hUnEzSj.exe
  2⤵
  PID:8772
- C:\Windows\System\trHRJmk.exe
  C:\Windows\System\trHRJmk.exe
  2⤵
  PID:8804
- C:\Windows\System\ZlodpYR.exe
  C:\Windows\System\ZlodpYR.exe
  2⤵
  PID:8820
- C:\Windows\System\bFBBXjA.exe
  C:\Windows\System\bFBBXjA.exe
  2⤵
  PID:8836
- C:\Windows\System\tphldaA.exe
  C:\Windows\System\tphldaA.exe
  2⤵
  PID:8852
- C:\Windows\System\aNBNLPN.exe
  C:\Windows\System\aNBNLPN.exe
  2⤵
  PID:8868
- C:\Windows\System\bffGCYr.exe
  C:\Windows\System\bffGCYr.exe
  2⤵
  PID:8884
- C:\Windows\System\SXdlRlw.exe
  C:\Windows\System\SXdlRlw.exe
  2⤵
  PID:8912
- C:\Windows\System\cJiRqpp.exe
  C:\Windows\System\cJiRqpp.exe
  2⤵
  PID:8928
- C:\Windows\System\lRtTOje.exe
  C:\Windows\System\lRtTOje.exe
  2⤵
  PID:8944
- C:\Windows\System\PvzslqP.exe
  C:\Windows\System\PvzslqP.exe
  2⤵
  PID:8960
- C:\Windows\System\mkgdDnm.exe
  C:\Windows\System\mkgdDnm.exe
  2⤵
  PID:8976
- C:\Windows\System\feTFJeO.exe
  C:\Windows\System\feTFJeO.exe
  2⤵
  PID:8996
- C:\Windows\System\xxEZAmh.exe
  C:\Windows\System\xxEZAmh.exe
  2⤵
  PID:9036
- C:\Windows\System\nByaESe.exe
  C:\Windows\System\nByaESe.exe
  2⤵
  PID:9052
- C:\Windows\System\hXUKSfa.exe
  C:\Windows\System\hXUKSfa.exe
  2⤵
  PID:9076
- C:\Windows\System\FrpSGAY.exe
  C:\Windows\System\FrpSGAY.exe
  2⤵
  PID:9092
- C:\Windows\System\nVIrhER.exe
  C:\Windows\System\nVIrhER.exe
  2⤵
  PID:9108
- C:\Windows\System\gVuIKmY.exe
  C:\Windows\System\gVuIKmY.exe
  2⤵
  PID:9132
- C:\Windows\System\GoEmmZR.exe
  C:\Windows\System\GoEmmZR.exe
  2⤵
  PID:9156
- C:\Windows\System\OroAVUn.exe
  C:\Windows\System\OroAVUn.exe
  2⤵
  PID:9176
- C:\Windows\System\qmDFZri.exe
  C:\Windows\System\qmDFZri.exe
  2⤵
  PID:9196
- C:\Windows\System\UqauOWV.exe
  C:\Windows\System\UqauOWV.exe
  2⤵
  PID:8244
- C:\Windows\System\XVRLljI.exe
  C:\Windows\System\XVRLljI.exe
  2⤵
  PID:8256
- C:\Windows\System\fXlirxt.exe
  C:\Windows\System\fXlirxt.exe
  2⤵
  PID:8324
- C:\Windows\System\AASofKF.exe
  C:\Windows\System\AASofKF.exe
  2⤵
  PID:8372
- C:\Windows\System\ctXCsws.exe
  C:\Windows\System\ctXCsws.exe
  2⤵
  PID:8432
- C:\Windows\System\joTvnto.exe
  C:\Windows\System\joTvnto.exe
  2⤵
  PID:8228
- C:\Windows\System\rfALNEd.exe
  C:\Windows\System\rfALNEd.exe
  2⤵
  PID:8224
- C:\Windows\System\VdLWuJv.exe
  C:\Windows\System\VdLWuJv.exe
  2⤵
  PID:8276
- C:\Windows\System\anLZabr.exe
  C:\Windows\System\anLZabr.exe
  2⤵
  PID:8416
- C:\Windows\System\SPvTqtI.exe
  C:\Windows\System\SPvTqtI.exe
  2⤵
  PID:8460
- C:\Windows\System\wZzAKUD.exe
  C:\Windows\System\wZzAKUD.exe
  2⤵
  PID:8516
- C:\Windows\System\tMfHHVp.exe
  C:\Windows\System\tMfHHVp.exe
  2⤵
  PID:8556
- C:\Windows\System\CeXlfAC.exe
  C:\Windows\System\CeXlfAC.exe
  2⤵
  PID:8496
- C:\Windows\System\VoxGQFA.exe
  C:\Windows\System\VoxGQFA.exe
  2⤵
  PID:8612
- C:\Windows\System\iFRikyR.exe
  C:\Windows\System\iFRikyR.exe
  2⤵
  PID:8640
- C:\Windows\System\vjPnPup.exe
  C:\Windows\System\vjPnPup.exe
  2⤵
  PID:8700
- C:\Windows\System\PJyASTj.exe
  C:\Windows\System\PJyASTj.exe
  2⤵
  PID:8656
- C:\Windows\System\ddyXqxj.exe
  C:\Windows\System\ddyXqxj.exe
  2⤵
  PID:8732
- C:\Windows\System\boctvWH.exe
  C:\Windows\System\boctvWH.exe
  2⤵
  PID:8780
- C:\Windows\System\jwlDaMA.exe
  C:\Windows\System\jwlDaMA.exe
  2⤵
  PID:8800
- C:\Windows\System\wdDwOtR.exe
  C:\Windows\System\wdDwOtR.exe
  2⤵
  PID:8860
- C:\Windows\System\bWVMFXQ.exe
  C:\Windows\System\bWVMFXQ.exe
  2⤵
  PID:8904
- C:\Windows\System\QLXovdo.exe
  C:\Windows\System\QLXovdo.exe
  2⤵
  PID:8968
- C:\Windows\System\dqxHtCf.exe
  C:\Windows\System\dqxHtCf.exe
  2⤵
  PID:9024
- C:\Windows\System\usPYdBS.exe
  C:\Windows\System\usPYdBS.exe
  2⤵
  PID:9072
- C:\Windows\System\pvOIjfo.exe
  C:\Windows\System\pvOIjfo.exe
  2⤵
  PID:8880
- C:\Windows\System\pbtSiVO.exe
  C:\Windows\System\pbtSiVO.exe
  2⤵
  PID:8984
- C:\Windows\System\csDYZVU.exe
  C:\Windows\System\csDYZVU.exe
  2⤵
  PID:8844
- C:\Windows\System\pBXDhAh.exe
  C:\Windows\System\pBXDhAh.exe
  2⤵
  PID:9144
- C:\Windows\System\xIAtrrb.exe
  C:\Windows\System\xIAtrrb.exe
  2⤵
  PID:9124
- C:\Windows\System\FEMlOtL.exe
  C:\Windows\System\FEMlOtL.exe
  2⤵
  PID:9192
- C:\Windows\System\bRvcMmR.exe
  C:\Windows\System\bRvcMmR.exe
  2⤵
  PID:9212
- C:\Windows\System\tTFNtsl.exe
  C:\Windows\System\tTFNtsl.exe
  2⤵
  PID:8360
- C:\Windows\System\qtxNDoc.exe
  C:\Windows\System\qtxNDoc.exe
  2⤵
  PID:8272
- C:\Windows\System\nTDoFhG.exe
  C:\Windows\System\nTDoFhG.exe
  2⤵
  PID:8552
- C:\Windows\System\nHqxsWt.exe
  C:\Windows\System\nHqxsWt.exe
  2⤵
  PID:8604
- C:\Windows\System\wTVZMft.exe
  C:\Windows\System\wTVZMft.exe
  2⤵
  PID:8296
- C:\Windows\System\CWWolhT.exe
  C:\Windows\System\CWWolhT.exe
  2⤵
  PID:8196
- C:\Windows\System\pmHuwdD.exe
  C:\Windows\System\pmHuwdD.exe
  2⤵
  PID:8388
- C:\Windows\System\WPqvlRS.exe
  C:\Windows\System\WPqvlRS.exe
  2⤵
  PID:8488
- C:\Windows\System\klXficc.exe
  C:\Windows\System\klXficc.exe
  2⤵
  PID:8624
- C:\Windows\System\TArtIpA.exe
  C:\Windows\System\TArtIpA.exe
  2⤵
  PID:8748
- C:\Windows\System\ZgcdFvw.exe
  C:\Windows\System\ZgcdFvw.exe
  2⤵
  PID:8896
- C:\Windows\System\mZujWzh.exe
  C:\Windows\System\mZujWzh.exe
  2⤵
  PID:8832
- C:\Windows\System\KstFaQf.exe
  C:\Windows\System\KstFaQf.exe
  2⤵
  PID:8828
- C:\Windows\System\ldSPeLp.exe
  C:\Windows\System\ldSPeLp.exe
  2⤵
  PID:8736
- C:\Windows\System\MItgNgY.exe
  C:\Windows\System\MItgNgY.exe
  2⤵
  PID:9068
- C:\Windows\System\POSxlYH.exe
  C:\Windows\System\POSxlYH.exe
  2⤵
  PID:8768
- C:\Windows\System\cqZTxad.exe
  C:\Windows\System\cqZTxad.exe
  2⤵
  PID:9048
- C:\Windows\System\hHSPXcx.exe
  C:\Windows\System\hHSPXcx.exe
  2⤵
  PID:7992
- C:\Windows\System\OXvDnTk.exe
  C:\Windows\System\OXvDnTk.exe
  2⤵
  PID:9120
- C:\Windows\System\BHTQiTB.exe
  C:\Windows\System\BHTQiTB.exe
  2⤵
  PID:9172
- C:\Windows\System\zXyilqB.exe
  C:\Windows\System\zXyilqB.exe
  2⤵
  PID:8208
- C:\Windows\System\xTDVWYA.exe
  C:\Windows\System\xTDVWYA.exe
  2⤵
  PID:7732
- C:\Windows\System\xUWlQTI.exe
  C:\Windows\System\xUWlQTI.exe
  2⤵
  PID:8404
- C:\Windows\System\XsaEIgJ.exe
  C:\Windows\System\XsaEIgJ.exe
  2⤵
  PID:8512
- C:\Windows\System\ugFqKXH.exe
  C:\Windows\System\ugFqKXH.exe
  2⤵
  PID:8940
- C:\Windows\System\cOqvEwC.exe
  C:\Windows\System\cOqvEwC.exe
  2⤵
  PID:8384
- C:\Windows\System\gfsBHcE.exe
  C:\Windows\System\gfsBHcE.exe
  2⤵
  PID:8684
- C:\Windows\System\bdUSWno.exe
  C:\Windows\System\bdUSWno.exe
  2⤵
  PID:9184
- C:\Windows\System\QQFwyZw.exe
  C:\Windows\System\QQFwyZw.exe
  2⤵
  PID:8620
- C:\Windows\System\nPGlbSQ.exe
  C:\Windows\System\nPGlbSQ.exe
  2⤵
  PID:9020
- C:\Windows\System\rnWiIKm.exe
  C:\Windows\System\rnWiIKm.exe
  2⤵
  PID:9032
- C:\Windows\System\VjpElzV.exe
  C:\Windows\System\VjpElzV.exe
  2⤵
  PID:9140
- C:\Windows\System\mVACjIg.exe
  C:\Windows\System\mVACjIg.exe
  2⤵
  PID:8248
- C:\Windows\System\JYAILKE.exe
  C:\Windows\System\JYAILKE.exe
  2⤵
  PID:8812
- C:\Windows\System\xhxCABU.exe
  C:\Windows\System\xhxCABU.exe
  2⤵
  PID:8576
- C:\Windows\System\enaCqvZ.exe
  C:\Windows\System\enaCqvZ.exe
  2⤵
  PID:8268
- C:\Windows\System\xwbKmPz.exe
  C:\Windows\System\xwbKmPz.exe
  2⤵
  PID:8508
- C:\Windows\System\FxpsiYp.exe
  C:\Windows\System\FxpsiYp.exe
  2⤵
  PID:8992
- C:\Windows\System\kHNuYui.exe
  C:\Windows\System\kHNuYui.exe
  2⤵
  PID:8688
- C:\Windows\System\PuxpbRs.exe
  C:\Windows\System\PuxpbRs.exe
  2⤵
  PID:8892
- C:\Windows\System\ZWtrFzc.exe
  C:\Windows\System\ZWtrFzc.exe
  2⤵
  PID:8952
- C:\Windows\System\eNoNFAs.exe
  C:\Windows\System\eNoNFAs.exe
  2⤵
  PID:8716
- C:\Windows\System\UuimxPX.exe
  C:\Windows\System\UuimxPX.exe
  2⤵
  PID:9228
- C:\Windows\System\mOIGpMc.exe
  C:\Windows\System\mOIGpMc.exe
  2⤵
  PID:9244
- C:\Windows\System\awthEpy.exe
  C:\Windows\System\awthEpy.exe
  2⤵
  PID:9260
- C:\Windows\System\CLOQBpe.exe
  C:\Windows\System\CLOQBpe.exe
  2⤵
  PID:9280
- C:\Windows\System\gnDBQJU.exe
  C:\Windows\System\gnDBQJU.exe
  2⤵
  PID:9300
- C:\Windows\System\BSsFbOn.exe
  C:\Windows\System\BSsFbOn.exe
  2⤵
  PID:9320
- C:\Windows\System\nsyWOvN.exe
  C:\Windows\System\nsyWOvN.exe
  2⤵
  PID:9340
- C:\Windows\System\APfmmDt.exe
  C:\Windows\System\APfmmDt.exe
  2⤵
  PID:9364
- C:\Windows\System\bNBKGjU.exe
  C:\Windows\System\bNBKGjU.exe
  2⤵
  PID:9384
- C:\Windows\System\pQwSBgw.exe
  C:\Windows\System\pQwSBgw.exe
  2⤵
  PID:9400
- C:\Windows\System\heuIQfP.exe
  C:\Windows\System\heuIQfP.exe
  2⤵
  PID:9420
- C:\Windows\System\WVfFaCl.exe
  C:\Windows\System\WVfFaCl.exe
  2⤵
  PID:9452
- C:\Windows\System\XyhVAcC.exe
  C:\Windows\System\XyhVAcC.exe
  2⤵
  PID:9476
- C:\Windows\System\uBYGAoF.exe
  C:\Windows\System\uBYGAoF.exe
  2⤵
  PID:9492
- C:\Windows\System\vZibVWR.exe
  C:\Windows\System\vZibVWR.exe
  2⤵
  PID:9508
- C:\Windows\System\reEmZxW.exe
  C:\Windows\System\reEmZxW.exe
  2⤵
  PID:9528
- C:\Windows\System\TnHSRxl.exe
  C:\Windows\System\TnHSRxl.exe
  2⤵
  PID:9552
- C:\Windows\System\ctGpeJS.exe
  C:\Windows\System\ctGpeJS.exe
  2⤵
  PID:9572
- C:\Windows\System\QUHOJIf.exe
  C:\Windows\System\QUHOJIf.exe
  2⤵
  PID:9592
- C:\Windows\System\HNCvnHr.exe
  C:\Windows\System\HNCvnHr.exe
  2⤵
  PID:9612
- C:\Windows\System\pIjjRwc.exe
  C:\Windows\System\pIjjRwc.exe
  2⤵
  PID:9628
- C:\Windows\System\mwQsyIE.exe
  C:\Windows\System\mwQsyIE.exe
  2⤵
  PID:9652
- C:\Windows\System\mAOSOPL.exe
  C:\Windows\System\mAOSOPL.exe
  2⤵
  PID:9672
- C:\Windows\System\xhjhvyF.exe
  C:\Windows\System\xhjhvyF.exe
  2⤵
  PID:9692
- C:\Windows\System\LMjLMJP.exe
  C:\Windows\System\LMjLMJP.exe
  2⤵
  PID:9712
- C:\Windows\System\yVWKVfq.exe
  C:\Windows\System\yVWKVfq.exe
  2⤵
  PID:9728
- C:\Windows\System\HIcLYEQ.exe
  C:\Windows\System\HIcLYEQ.exe
  2⤵
  PID:9744
- C:\Windows\System\wVSytqa.exe
  C:\Windows\System\wVSytqa.exe
  2⤵
  PID:9764
- C:\Windows\System\HEHkJxw.exe
  C:\Windows\System\HEHkJxw.exe
  2⤵
  PID:9788
- C:\Windows\System\HQJbFNh.exe
  C:\Windows\System\HQJbFNh.exe
  2⤵
  PID:9812
- C:\Windows\System\ZmtoTEa.exe
  C:\Windows\System\ZmtoTEa.exe
  2⤵
  PID:9840
- C:\Windows\System\pxpUQYO.exe
  C:\Windows\System\pxpUQYO.exe
  2⤵
  PID:9856
- C:\Windows\System\saBUoAg.exe
  C:\Windows\System\saBUoAg.exe
  2⤵
  PID:9872
- C:\Windows\System\TLVndfL.exe
  C:\Windows\System\TLVndfL.exe
  2⤵
  PID:9896
- C:\Windows\System\SOQJvKB.exe
  C:\Windows\System\SOQJvKB.exe
  2⤵
  PID:9912
- C:\Windows\System\rXzUqHc.exe
  C:\Windows\System\rXzUqHc.exe
  2⤵
  PID:9928
- C:\Windows\System\MiAThRC.exe
  C:\Windows\System\MiAThRC.exe
  2⤵
  PID:9944
- C:\Windows\System\VXKJXLJ.exe
  C:\Windows\System\VXKJXLJ.exe
  2⤵
  PID:9960
- C:\Windows\System\kxMeiMq.exe
  C:\Windows\System\kxMeiMq.exe
  2⤵
  PID:9980
- C:\Windows\System\VbdZEkj.exe
  C:\Windows\System\VbdZEkj.exe
  2⤵
  PID:9996
- C:\Windows\System\nKcjhta.exe
  C:\Windows\System\nKcjhta.exe
  2⤵
  PID:10024
- C:\Windows\System\IBPvgWm.exe
  C:\Windows\System\IBPvgWm.exe
  2⤵
  PID:10048
- C:\Windows\System\VBAglPr.exe
  C:\Windows\System\VBAglPr.exe
  2⤵
  PID:10064
- C:\Windows\System\AqfygJo.exe
  C:\Windows\System\AqfygJo.exe
  2⤵
  PID:10096
- C:\Windows\System\IlHIbVa.exe
  C:\Windows\System\IlHIbVa.exe
  2⤵
  PID:10116
- C:\Windows\System\imjqXfr.exe
  C:\Windows\System\imjqXfr.exe
  2⤵
  PID:10136
- C:\Windows\System\lTwsmcb.exe
  C:\Windows\System\lTwsmcb.exe
  2⤵
  PID:10156
- C:\Windows\System\RkRMiSG.exe
  C:\Windows\System\RkRMiSG.exe
  2⤵
  PID:10176
- C:\Windows\System\WDMGKaC.exe
  C:\Windows\System\WDMGKaC.exe
  2⤵
  PID:10196
- C:\Windows\System\nnFsYMS.exe
  C:\Windows\System\nnFsYMS.exe
  2⤵
  PID:10216
- C:\Windows\System\NXiLuRY.exe
  C:\Windows\System\NXiLuRY.exe
  2⤵
  PID:10236
- C:\Windows\System\PTcSKOt.exe
  C:\Windows\System\PTcSKOt.exe
  2⤵
  PID:9308
- C:\Windows\System\GyTAnSW.exe
  C:\Windows\System\GyTAnSW.exe
  2⤵
  PID:9352
- C:\Windows\System\NsyaNMg.exe
  C:\Windows\System\NsyaNMg.exe
  2⤵
  PID:7540
- C:\Windows\System\HOvRBdK.exe
  C:\Windows\System\HOvRBdK.exe
  2⤵
  PID:9392
- C:\Windows\System\FheuQza.exe
  C:\Windows\System\FheuQza.exe
  2⤵
  PID:9336
- C:\Windows\System\qQmsedy.exe
  C:\Windows\System\qQmsedy.exe
  2⤵
  PID:9288
- C:\Windows\System\rkHNiqo.exe
  C:\Windows\System\rkHNiqo.exe
  2⤵
  PID:9408
- C:\Windows\System\gGVWrmi.exe
  C:\Windows\System\gGVWrmi.exe
  2⤵
  PID:9444
- C:\Windows\System\XMaXvfD.exe
  C:\Windows\System\XMaXvfD.exe
  2⤵
  PID:9416
- C:\Windows\System\vzZaDhT.exe
  C:\Windows\System\vzZaDhT.exe
  2⤵
  PID:9468
- C:\Windows\System\rnptXBF.exe
  C:\Windows\System\rnptXBF.exe
  2⤵
  PID:9516
- C:\Windows\System\nijPRTL.exe
  C:\Windows\System\nijPRTL.exe
  2⤵
  PID:9568
- C:\Windows\System\vSnQQfJ.exe
  C:\Windows\System\vSnQQfJ.exe
  2⤵
  PID:9544
- C:\Windows\System\jAJDGdq.exe
  C:\Windows\System\jAJDGdq.exe
  2⤵
  PID:9600
- C:\Windows\System\LplDlxG.exe
  C:\Windows\System\LplDlxG.exe
  2⤵
  PID:9640
- C:\Windows\System\wmOexnS.exe
  C:\Windows\System\wmOexnS.exe
  2⤵
  PID:9720
- C:\Windows\System\yoEYgMz.exe
  C:\Windows\System\yoEYgMz.exe
  2⤵
  PID:9668
- C:\Windows\System\PpTALeI.exe
  C:\Windows\System\PpTALeI.exe
  2⤵
  PID:9740
- C:\Windows\System\sxDIWnp.exe
  C:\Windows\System\sxDIWnp.exe
  2⤵
  PID:9776
- C:\Windows\System\DsHSQqq.exe
  C:\Windows\System\DsHSQqq.exe
  2⤵
  PID:9800
- C:\Windows\System\NUuOlFn.exe
  C:\Windows\System\NUuOlFn.exe
  2⤵
  PID:9848
- C:\Windows\System\SCaNrIj.exe
  C:\Windows\System\SCaNrIj.exe
  2⤵
  PID:9836
- C:\Windows\System\KJXwauX.exe
  C:\Windows\System\KJXwauX.exe
  2⤵
  PID:9956
- C:\Windows\System\POfglfi.exe
  C:\Windows\System\POfglfi.exe
  2⤵
  PID:9908
- C:\Windows\System\BJQkslB.exe
  C:\Windows\System\BJQkslB.exe
  2⤵
  PID:9976
- C:\Windows\System\btmrxto.exe
  C:\Windows\System\btmrxto.exe
  2⤵
  PID:10040
- C:\Windows\System\wWqgbMp.exe
  C:\Windows\System\wWqgbMp.exe
  2⤵
  PID:10084
- C:\Windows\System\ALOgYOa.exe
  C:\Windows\System\ALOgYOa.exe
  2⤵
  PID:10020
- C:\Windows\System\qodLXTB.exe
  C:\Windows\System\qodLXTB.exe
  2⤵
  PID:10012
- C:\Windows\System\lIwwhRn.exe
  C:\Windows\System\lIwwhRn.exe
  2⤵
  PID:10132
- C:\Windows\System\IsxTxIP.exe
  C:\Windows\System\IsxTxIP.exe
  2⤵
  PID:10148
- C:\Windows\System\gyihFhK.exe
  C:\Windows\System\gyihFhK.exe
  2⤵
  PID:10204
- C:\Windows\System\NIJDpLS.exe
  C:\Windows\System\NIJDpLS.exe
  2⤵
  PID:10212
- C:\Windows\System\nGxFwQG.exe
  C:\Windows\System\nGxFwQG.exe
  2⤵
  PID:9276
- C:\Windows\System\vaQcEEU.exe
  C:\Windows\System\vaQcEEU.exe
  2⤵
  PID:8252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACiIXCO.exe

Filesize
6.0MB

MD5
8c5c59016676e46c5addb1ca652a35c0

SHA1
ffeca7d54030ff5b61f62039dcf86f75ae83eebb

SHA256
439477f2fc2c156986794c63ecc646c5741b7b7d26786afe894427472e425421

SHA512
f8504486ab67ecb567c245e71af7f27ce7bbc548589ad81f22a004513f94511591d4d970c0a1779903634403593d22b876b458cb6934554270e7b934293eae82

Download Submit
C:\Windows\system\BnvUxRf.exe

Filesize
6.0MB

MD5
145f9326d7358fc93ae70ff834a77e55

SHA1
9bcb473abb60e0508c0b59196c531c606fb197ca

SHA256
d3d5c74ee1fb4d61009cce7f01a3e81d377e508709e77d1c8d51cacca61a82e7

SHA512
4b2883dae6434444ac526cfd4e1ca4733f556e0003d7c08b643c8e1c0eef836c2b61a956d1eca1d100adfc7628bf02b1bc562720eda9f436ce4489194e41ba39

Download Submit
C:\Windows\system\BrWFYpK.exe

Filesize
6.0MB

MD5
3caf98fa6a6f23836e10229e9caf0f0c

SHA1
9133d9ef571a9f541d4b331b9f128ad51d9849d6

SHA256
178a9b1e04eec51755c8a6e4078a0650085de38c0692cae2ac52b1734a6c5301

SHA512
21ed799e73e2351e78515695da62a1f78e8af050675c27c54a3d7fa14ae5de13f84ed644385bf532c52447d8a340f55a92feefe99d6651c79592a22db86d2f57

Download Submit
C:\Windows\system\CtMfKyb.exe

Filesize
6.0MB

MD5
a9ef4fe91b6311984a38b40ee85705e4

SHA1
6b1628b13048e4499b41b74c65b292c3629b3f27

SHA256
497f2c740affeac95ee862d90d232aff901fee40b362a5be52f1b6756dc8af3a

SHA512
05f83a1458e489efc92e027bc32e381ccb6ca18e077b59f2fcf4dead8299eecc1091b8663fc0eae470575dad24da0551b5fe2481b52d8c2903af7bc4b7d9c1b6

Download Submit
C:\Windows\system\LfQnReW.exe

Filesize
6.0MB

MD5
9773c7fd4763a730fe879036791cb9da

SHA1
5fe6c9a385070308a0d19b61099b0370bfbc35ab

SHA256
6f05a149e529e8284c9a406ae1cdae23b528abad4a92f6c6aad5f806336b7ba6

SHA512
89308a4538973da438cb1d2a3c2aa5929d4e369caf300d76f1c5df7309139e3c991512481be75e24dd7e10ed28730de16c53c19e4715caa39897b03fa0d812e2

Download Submit
C:\Windows\system\NXMdqJz.exe

Filesize
6.0MB

MD5
98c0e817da7588407187f32aab56aff7

SHA1
ecbbb146be9a81da6f3f22334aa1985b87f84dc7

SHA256
2afa1c0119fc9336d4b38bd000ac4abff8e3bd658c2ac8b9f1112e9d7d60e1a2

SHA512
912f3c9c2b83b2cb2bc20de3e71923feeaca81d9d346e876bcc6841b31663642eb759ecf1882d7b41853f1c0ac72d3675c980be7e7df3489320682bd478b912e

Download Submit
C:\Windows\system\QMpjpYv.exe

Filesize
6.0MB

MD5
3af5b882d4ba7a78512fb0c5c3cf5417

SHA1
6450ba9f25ba6c4327eca3b7f90a65b3f5a57890

SHA256
4563c50558c1591fd804145acaef706732d511f2b4bbf7e0027d8bb4aecdfd7f

SHA512
6b29b05d2a6ac77cb92a9a364577914f2fed74c12d761f70723184a449a42177429d805c2b8907df6144a92fc840170f999356cd8faff520cca529838ef67643

Download Submit
C:\Windows\system\RuGqKIR.exe

Filesize
6.0MB

MD5
829b65c593452995d490055727f9760e

SHA1
726f19557840b9d0d02fa1d6a7a9a01bfc4424a2

SHA256
dd3c616d83663e37cc1957977a2bc8ed4b0250caf606d4f4560e7d52794f635b

SHA512
f199008aedf4991b2cb5a34bd4785a3f5dde9e4a29192502d98b6a5e7e2ba76ea8b8cd86bb000da462e88fa1c856251d9f08773c8c9884b0ff04025c932c4a07

Download Submit
C:\Windows\system\WrkOzwh.exe

Filesize
6.0MB

MD5
c6bbd994e386c355a4704cbf741ebe32

SHA1
a31a1320487d67ab255c005f2b44e706629f4e2f

SHA256
a2222434f6bb92b50e370ab9d9e6c228487ea2dccc571941ca7a802f191ede16

SHA512
424d77204517eaf03270de17f96a4afa107403c2067c62947559689105c0df117f1b6677714b161797402727d3c53953b5089ee69a5d6c2ab406de8dd65d51e2

Download Submit
C:\Windows\system\aXIUiXt.exe

Filesize
6.0MB

MD5
52967df6cb53bb6af7839391eff70350

SHA1
80426564fd3f769ee914c82187ab121ed0427aed

SHA256
9428efc39316e30ca48b4376c577be4bdf03f2d8e40de7dae092f4dc45a0ab5d

SHA512
82c0eeb971e0889a1592782927fa8d3ff3bee5e1dbb942842e873d5d27e262e395d7fed1065eebae0484d8c359ac48dd5055186e100d1b4284d85c7b7ab1d048

Download Submit
C:\Windows\system\cHZnLNX.exe

Filesize
6.0MB

MD5
bad1547f41371b9b6e6c3df9754a0bfe

SHA1
28cd4d8d800aa5d3c508442ebc005a98a2b9dc9e

SHA256
0f1826cfcbdafa9a0f6bca0e4f6260005c20f426280975b2b2eb72af5f0e8450

SHA512
215175535bbebbda2bec247e9404460b37760b1f5b76f94bf89524c6e33df91d89140844d3dcc67a0a91fc6eae6e28ff6f16391eb27175af915725cc967c6b06

Download Submit
C:\Windows\system\cIkFbvs.exe

Filesize
6.0MB

MD5
15d6c5d401f7233d84de8e0f68d95953

SHA1
0834862a1b85a6c98e2264a4c5f639306af2efab

SHA256
1db51278213074db3bf20c349d02caa6a3f8b1bb295e395881d4e28915c11dc1

SHA512
c94e2a866d70b58eec3334316230dc42cdaaa57bc5987dcf2719f407f9c7c3a59d019093fbb664688c56a5fd78cc1f0e98bcc6437e7e571e34be5282b68199a6

Download Submit
C:\Windows\system\kPumkyy.exe

Filesize
6.0MB

MD5
e7376225f5a521c3501c3a74e94a08d6

SHA1
202c53bf5b7f25dc4a7767b821c8693b2746768c

SHA256
37e3dac932c1d1ea4504657b2d5f8ce7c8274f1076ba90e5ef1c2850a5083636

SHA512
30ed03d11554e7fe50fee76d3234e2a1173051d99de63af5c4d772695a86d7ff1083884dbe00e9a550bd6ad3111128fe7b27404fdd778a485b75392d7d277cd5

Download Submit
C:\Windows\system\lCvZWHT.exe

Filesize
6.0MB

MD5
5ff1645a1eb3939dbbed81b606a7a7b4

SHA1
a62047e01e3f29ad8f4766f847581f55281b3960

SHA256
139133b1da587833d510ebe5e52b98bb1e2ee8badab5188ca32573e393dd22fd

SHA512
9ec8867f6046a2509619b4ef2fc6af07261f42fe12cc5732d6c952f54a249e61c91c25e94a3b3a21ca85ae6d786ef05efdf644103657a91f4a8aefd5c6aa68c5

Download Submit
C:\Windows\system\parvomF.exe

Filesize
6.0MB

MD5
ebe779009222a4d485373e1685df5613

SHA1
ee894a5d220d9179837bccacbc9e763878c09e53

SHA256
fea9fe96715be677c3378f3cfc401f50c019ceaf09632b7d84a5acfc203db9c4

SHA512
95cf9bc55073e3b000c30f3471c5d74434add2946bc94f8d3cb6935e248a580940e7d4f37908838b2266dfe77955228423028fccd23f1ebe58bbb74e0e98dc37

Download Submit
C:\Windows\system\rXnfmzn.exe

Filesize
6.0MB

MD5
0261d2f73f1efb22805dcb57d908ff1c

SHA1
be45b6d4f9aa626f8bb3e9e510f80192930c9d74

SHA256
812c397772681fc8bc14e8f574785ee9297d9247756c92c68cbf378f06fe3dc5

SHA512
0a714f2e070b5d5bb035722aae177bfb8e58e8786660f969da9ca3f2430a965a0c5b7c7d154f73d7405c7e8e40c4fcef6d519f9d2d2c352f5e4bcecbd4a1b306

Download Submit
C:\Windows\system\smEbUWE.exe

Filesize
6.0MB

MD5
295a2985f0c120e34ab629fffebbb9a1

SHA1
f1c7679db9457a589e6b2cb14fab5c97b12d5f66

SHA256
08de57994d9ec5520a303b190bd8fd28cab8b7dae74552bc8f9bd6eda87c4e92

SHA512
4cdc93da53e87b86461c581d0462e09b53ec531f983afc1fa7c3e18740a87021909f5bfc550029e1977370e6135d2b51a7c0b9f86231509a3d8fb6bbf85c02bb

Download Submit
C:\Windows\system\tNySwki.exe

Filesize
6.0MB

MD5
bf2d32dd721e65dc25278281a37affd9

SHA1
c37c799c27f77fc9fb57e99f999f2b53db3d557d

SHA256
77055ea7e616abcb748592daac09da3504b867384cbaa32629a30bd8e705e377

SHA512
212409921c31774d245c4e7e6490d963a6e03d53b89477a0caedf925a07c4156d79b1cd1975d2434901c48e1eeba7768fa3b0f64f5fe3008c3f9ecb1632dc88b

Download Submit
C:\Windows\system\thnIMyr.exe

Filesize
6.0MB

MD5
b5832a70c92d21863c9a49024608bb44

SHA1
a9a8293f2526b5295b35b394cc8be9a94f63fb45

SHA256
2fb9b398ac30b00dd5f24e20b74579509d2790f7e9043965d308d3ff95035cd7

SHA512
8836befaa449683a453c0cd9ab2764171623a1590bfd0e16c4b96a081afe59839a123a3be1253db04343842e8f617ffddff2eb246334b3b1080c4877290204d6

Download Submit
C:\Windows\system\uDaIARu.exe

Filesize
6.0MB

MD5
6613d4f27b3dff8f72bbd67a7b4e9881

SHA1
f85855c06a32e0b4e783734e9b3d87e9803dfc25

SHA256
0c0a8890f679c2bb444a19b134280bc787f2bfb38b1397ce86890fec1588c31d

SHA512
b793cc782cda4dc926a01fb0c728d4512cccfbad5460423030ec4e1df2b5a10bf75b6f247f5d303df8c17f338a13eac753cc5b92830a91d9c5a6e527b3503563

Download Submit
C:\Windows\system\yUGucYG.exe

Filesize
6.0MB

MD5
9274f949e707348a52cf819b72184be9

SHA1
827a43be10fa2885de26166a678e13cb1c39b4e5

SHA256
b3122b1581b34396aa353db37dffa672d4f0515386db144b368ddef605951492

SHA512
9bb2a6a44351f2b80aee9584f39e81fba77f26d0756572c9803e610c4b4af055eb527b8d2b0abd63cb535b9437681e4a5172f947f62074746e8d16bf56dfcbb3

Download Submit
\Windows\system\CiPOFsu.exe

Filesize
6.0MB

MD5
e81c7bf0cdfab6db3b9d06ac5fbbab71

SHA1
ae5ed21f5cf064ada076b80b970d52107efe22f7

SHA256
541fff40bd701083628789e857049067ba6365a9dd15d1f909343b03b6daa0ab

SHA512
7438dd5a5127c29d21c12a33a374b836806568b2ac45f6a76688eb51be6d31bac5babb33fc5613fc7f398bb9e0d5e9d7032f01740eba229386fbe15e5c606b39

Download Submit
\Windows\system\EEIuYbV.exe

Filesize
6.0MB

MD5
b4726cb3d4d833b6f2e9723a6f73a815

SHA1
76fd287bf3d0f2dd8b953bcb2dfbc30fd7d3cc32

SHA256
f8f00c17c93e6818749f645105488e2ae8b45e6c69a8057017762d3113ec3ece

SHA512
84154d4342ecc487d23cb3c511daa41944484a3cfb8e58b18fc77bc90a9939d89bae830af019d6cff727525cfededef19b98177bee2c21ac1916d4f7063623b0

Download Submit
\Windows\system\MOTZELp.exe

Filesize
6.0MB

MD5
f2aeb0c147e6b268a5980834d26ba4f1

SHA1
0a8b5e3dd2e6ba5fd4a229e9c203aeee983b076c

SHA256
021ea4942f6507b5d30e16a6963ab8830fe250073fa3535506a35ea9efe87c6a

SHA512
9d487e456366aeee8db6691a9ac51864ebcfc65e108c4e087d78c8de8f11918113caa20e425b67ad4bf86002ecd6c1ed19ef470493f34f80fb24e94e799051e6

Download Submit
\Windows\system\QgkrjGC.exe

Filesize
6.0MB

MD5
6a661ba362c45618f9ebcef881752e05

SHA1
bff0887958301ec364d60ccc5f0d5b0674a9efd6

SHA256
2847ea02e564df54e1852f149ac7fd44f63d2d970b4e5499b73046494427608d

SHA512
ada27513fd5795097124d9293c222e777580fc52e7aa81f86190be4e6ce7e5574bf27e7708302c31375b393d398724f16e32b3e95c63a09d82b60a56d65b1209

Download Submit
\Windows\system\VflXbUU.exe

Filesize
6.0MB

MD5
8730088298e7a8c8ed14843bdd9c7563

SHA1
aa24986bbc6a037af8bbceb5c1587c6c9ca3d37d

SHA256
f419d6a5475377259bab956b57ac612d235e981dad7e7e33492f1a80fed0d895

SHA512
68c0161e3767fe51a654435507c3a485d84c7568f981df62d9ac2bffa06545a144c1b83c659bde2718cfb33fe24bb165bb37b05f485f5480b163762745549923

Download Submit
\Windows\system\WgcfIXR.exe

Filesize
6.0MB

MD5
d59167ced7bcdadcf5a84b09a6a81a29

SHA1
731a33cbc34ff8c06e828392f8ba5fd5354e5e2f

SHA256
93440988f01c511214bad2f9ce5bed2c56e54153208de2480db2eedc5febb76d

SHA512
7597d55975e83c83770dc7b3cd68eaa765b475e994d660aba6db66d09662fd4605b1279b5d2ce88df3805ebf2cda70daa59a79e6465957c6465682f5425e52f5

Download Submit
\Windows\system\YBTVzvL.exe

Filesize
6.0MB

MD5
655f353366e35c2c3967b15340a54c21

SHA1
9955bc54a165beab9b2465889d0e21e04e5d7a4e

SHA256
cd56aaa92007ce075dd053cb54f71c2a1190a4e52140f99591cde489f3a718fc

SHA512
0438a5f1050712422db31e125a97057a12b8df1fe957c3bbb6c729d86adaa6ee22da36315fdf8df36929c3ef4c2786948002bd659a9fcda0563e4aab9dcc138b

Download Submit
\Windows\system\YbkOQwG.exe

Filesize
6.0MB

MD5
accd303b3d2b8ad3266cffe41782f84e

SHA1
8f70ad9f6450216b838e737703af76d3cf0845f1

SHA256
3a0790df5c847f67249b3c827edbb1bd461551ac0d611d1ac31e957b532ed601

SHA512
a0689dcde29651eaac07138692dd056a7d394da5d078a8f11a3d1e6f364679bcc339dd9c03bf20e9aa25036dba5cc7effd5ae1f2f339c813654fddb03b127847

Download Submit
\Windows\system\aHsWXRz.exe

Filesize
6.0MB

MD5
3a626cae3f1eeb8b023d0862da5d0487

SHA1
032b92e161a76a1fef942a94b821db5d60c3b2e8

SHA256
2558ffa0cd3c36bdd7a9d2d49596653513b04cc36e4f3887a88e837cf6103244

SHA512
af2b9c814545e034901967dfe3b844c4326b1f077b027ef923a8254f64d1ced69bc816d83554b7bcad8eb8df0c0844fe2cc1250b438d55f3f3d93108c77e4c20

Download Submit
\Windows\system\cXbbOkR.exe

Filesize
6.0MB

MD5
0d17e455d0246ebbdd4274a24cfee8f8

SHA1
b3726a7f3eb44af76fa8b605b22786759ec96dc1

SHA256
cc202b7df610233bb8dbbd18aafb4f0a1dc0d59f4d710e3b27bf4c33d510ca0b

SHA512
8b92f3d2847fe9a91a3bd1b46975cdbd7049285e72f1a4f6183c04be483f14330d5e302372b608486eaa70efd3c92eb4f7ff77196f38d526f2ed2feeb685cd1d

Download Submit
\Windows\system\sZLtHEd.exe

Filesize
6.0MB

MD5
a3071eb1059cd4f202141c7110307273

SHA1
597b5372ac07db7ccbd10cbb5704170e4dd83f6c

SHA256
5d638baf2cd0665455668cefce8c13e91c36ebdf99ab140eb6de56d8167fe3bf

SHA512
243418f4d294edd346a1e1996cd130979b6ce1b74253136cf4f1d0fbf2dffbb8e8ab9140daf55d598864fec444b2c2edcfc334cc6507fadf63579bbdf8917e08

Download Submit
\Windows\system\sddyNOs.exe

Filesize
6.0MB

MD5
80fa001a6e30d329e4b4c68c00f4bbeb

SHA1
bab9aa244112e6c114eb45bf6e5814fa2a90fec6

SHA256
1816465c97708d44d7c7fcaaba850e0e1b005eea43be579881b62f86cb9ccb95

SHA512
a9db1bcd913af41bb5cbc901157d813c1d0a3a48c947ba4b96fa755d4b72994658d7494eec0fb11f102482ae7f646dc203417b3872766adf381509bd2b2ea4de

Download Submit
memory/876-12-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/876-136-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/876-4016-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/992-104-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/992-4028-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1844-15-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-106-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-4018-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-100-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2400-87-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2400-82-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2400-74-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2400-85-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2400-79-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2400-27-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-116-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-96-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2400-16-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-228-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2400-777-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-107-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-6-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2400-92-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-993-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-111-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-0-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2400-779-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2400-102-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2400-766-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2632-93-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4023-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-103-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4026-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4020-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-84-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-90-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4022-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2776-98-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2776-4024-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2796-101-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2796-4025-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4027-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2824-78-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2872-4019-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2872-80-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2888-4017-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-22-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-86-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2892-4021-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download