cobaltstrike | de700c8adbbcc94d6ad0cab3b11de446f0c72a54f791432e78889e8d18833e01

Analysis

max time kernel
86s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
16-09-2024 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.9MB
MD5

5ac53a16068496af59d734493373f154
SHA1

d5012cb2a89113a48e81a3984f7f6baa4fc8337e
SHA256

de700c8adbbcc94d6ad0cab3b11de446f0c72a54f791432e78889e8d18833e01
SHA512

5266c17a4b3c584a23daf0d518c58aaf85fc1c5fe5f12b3fb9bcbf277b7d1d788213a9ed14ba205e69d45fa4d10d4f0165e4434d834299071e6435c150df37d1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUV:T+q56utgpPF8u/7V

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001939b-9.dat	cobalt_reflective_dll
behavioral1/files/0x003200000001930d-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b3-22.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193e8-28.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193f7-37.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194cd-56.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d2-58.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001954e-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-84.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001949e-47.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-185.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2548-0-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-3.dat	xmrig
behavioral1/memory/2244-15-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/1832-16-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x000700000001939b-9.dat	xmrig
behavioral1/memory/2828-21-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x003200000001930d-12.dat	xmrig
behavioral1/memory/2548-7-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/files/0x00070000000193b3-22.dat	xmrig
behavioral1/memory/2848-27-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x00060000000193e8-28.dat	xmrig
behavioral1/memory/2948-36-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2548-38-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x00060000000193f7-37.dat	xmrig
behavioral1/files/0x00080000000194cd-56.dat	xmrig
behavioral1/files/0x00060000000194d2-58.dat	xmrig
behavioral1/memory/2632-57-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2548-62-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/files/0x000600000001954e-65.dat	xmrig
behavioral1/memory/2828-69-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2600-64-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2660-63-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2224-70-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2840-78-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/268-86-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2848-77-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a09e-76.dat	xmrig
behavioral1/memory/2948-85-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a307-84.dat	xmrig
behavioral1/memory/2548-55-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x000600000001949e-47.dat	xmrig
behavioral1/memory/2444-46-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/1728-98-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x000500000001a359-94.dat	xmrig
behavioral1/files/0x000500000001a41b-113.dat	xmrig
behavioral1/files/0x000500000001a427-124.dat	xmrig
behavioral1/memory/2840-122-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-117.dat	xmrig
behavioral1/files/0x000500000001a41e-115.dat	xmrig
behavioral1/memory/2224-103-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x000500000001a42d-127.dat	xmrig
behavioral1/files/0x000500000001a46f-134.dat	xmrig
behavioral1/memory/268-136-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a48b-139.dat	xmrig
behavioral1/files/0x000500000001a48d-142.dat	xmrig
behavioral1/files/0x000500000001a499-150.dat	xmrig
behavioral1/files/0x000500000001a49a-155.dat	xmrig
behavioral1/files/0x000500000001a4af-161.dat	xmrig
behavioral1/files/0x000500000001a4b3-174.dat	xmrig
behavioral1/files/0x000500000001a4b1-168.dat	xmrig
behavioral1/files/0x000500000001a4a9-159.dat	xmrig
behavioral1/files/0x000500000001a4b5-178.dat	xmrig
behavioral1/files/0x000500000001a4b9-190.dat	xmrig
behavioral1/files/0x000500000001a4bd-197.dat	xmrig
behavioral1/files/0x000500000001a4bb-194.dat	xmrig
behavioral1/files/0x000500000001a4b7-185.dat	xmrig
behavioral1/memory/2548-575-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2244-3839-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/1832-3850-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2848-3864-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2444-3885-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2660-3890-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2948-3892-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2828-3897-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1832	UBMyHRV.exe
2244	onJZFTp.exe
2828	GzufBDN.exe
2848	mNPmeCx.exe
2948	ZdazhOF.exe
2444	FFacVYp.exe
2632	IGWbBpV.exe
2660	HvchDCE.exe
2600	kFkawCt.exe
2224	PbxKUDY.exe
2840	rzmyvvr.exe
268	fiZaBMZ.exe
1728	XWdqCOE.exe
3040	BZRPpRr.exe
2704	HsvaZjj.exe
1556	pPXFYug.exe
2924	NYyXcDp.exe
1612	FZpBmml.exe
2964	BEyzNSq.exe
1352	qCFbBUm.exe
1872	kBPTqou.exe
2040	BifQRkN.exe
2168	zuXfqlB.exe
2976	CRwvPuX.exe
2396	luGJdZP.exe
2392	LwqMVRe.exe
2240	ZlFsCys.exe
1012	lgozvKF.exe
936	dFObwjV.exe
1672	sNjFtoo.exe
2568	ACsrdUt.exe
684	EWGzdIa.exe
2080	iNKpeLX.exe
488	wZjXmBl.exe
2560	VjnbCYK.exe
2952	NfFQqTL.exe
1344	wfInlmI.exe
236	kstwepN.exe
1748	aiOoXen.exe
1740	QdfnECA.exe
1968	ESxWuqz.exe
1796	Sorwagk.exe
944	pppjUvS.exe
3056	rIvqnHk.exe
3008	WDLgCdm.exe
796	ajWhteD.exe
1240	DxUEbwJ.exe
1848	btMHDzN.exe
1684	ivGmMcj.exe
892	VOPNhCt.exe
2344	SAdyYfF.exe
2544	pjWWeMV.exe
1704	SferIYd.exe
1716	sUfAjfS.exe
2752	wGRahbV.exe
2816	cRfAKwX.exe
2196	lUngnFy.exe
3016	KPqiMJF.exe
2676	OurMAeU.exe
1444	XEmXbkr.exe
2368	lsRMhtz.exe
2308	MwVQyKp.exe
2812	RCPCkUX.exe
2680	hrHEBnn.exe

Loads dropped DLL 64 IoCs

pid	Process
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2548-0-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-3.dat	upx
behavioral1/memory/2244-15-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/1832-16-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x000700000001939b-9.dat	upx
behavioral1/memory/2828-21-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x003200000001930d-12.dat	upx
behavioral1/files/0x00070000000193b3-22.dat	upx
behavioral1/memory/2848-27-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x00060000000193e8-28.dat	upx
behavioral1/memory/2948-36-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2548-38-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x00060000000193f7-37.dat	upx
behavioral1/files/0x00080000000194cd-56.dat	upx
behavioral1/files/0x00060000000194d2-58.dat	upx
behavioral1/memory/2632-57-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x000600000001954e-65.dat	upx
behavioral1/memory/2828-69-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2600-64-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2660-63-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2224-70-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2840-78-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/268-86-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2848-77-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x000500000001a09e-76.dat	upx
behavioral1/memory/2948-85-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x000500000001a307-84.dat	upx
behavioral1/files/0x000600000001949e-47.dat	upx
behavioral1/memory/2444-46-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/1728-98-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x000500000001a359-94.dat	upx
behavioral1/files/0x000500000001a41b-113.dat	upx
behavioral1/files/0x000500000001a427-124.dat	upx
behavioral1/memory/2840-122-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x000500000001a41d-117.dat	upx
behavioral1/files/0x000500000001a41e-115.dat	upx
behavioral1/memory/2224-103-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x000500000001a42d-127.dat	upx
behavioral1/files/0x000500000001a46f-134.dat	upx
behavioral1/memory/268-136-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x000500000001a48b-139.dat	upx
behavioral1/files/0x000500000001a48d-142.dat	upx
behavioral1/files/0x000500000001a499-150.dat	upx
behavioral1/files/0x000500000001a49a-155.dat	upx
behavioral1/files/0x000500000001a4af-161.dat	upx
behavioral1/files/0x000500000001a4b3-174.dat	upx
behavioral1/files/0x000500000001a4b1-168.dat	upx
behavioral1/files/0x000500000001a4a9-159.dat	upx
behavioral1/files/0x000500000001a4b5-178.dat	upx
behavioral1/files/0x000500000001a4b9-190.dat	upx
behavioral1/files/0x000500000001a4bd-197.dat	upx
behavioral1/files/0x000500000001a4bb-194.dat	upx
behavioral1/files/0x000500000001a4b7-185.dat	upx
behavioral1/memory/2244-3839-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/1832-3850-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2848-3864-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2444-3885-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2660-3890-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2948-3892-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2828-3897-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2600-3899-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2632-3902-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2224-3915-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2840-3929-0x000000013F210000-0x000000013F564000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jCDSWFB.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFERVrn.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXYnAEF.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRlyLAK.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SsZTkKS.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXxiKiH.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwRtelf.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pskRFLR.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NOqWAie.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VsSWPbD.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VjnbCYK.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzRZmVP.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aEwTIsA.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNvgGKI.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXLuDmM.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYdpsWo.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mtmxpdz.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\doSptMX.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZRPpRr.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivGmMcj.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqkKldR.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpDTcpg.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfhCcXw.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNCALYt.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXeTXKk.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVVQxqd.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtAkZcH.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGoCXxz.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWtubVv.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKcHmzj.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqGNcLx.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWyLAMe.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSWUPTh.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJpHsyt.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxZPTbt.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKBmDpe.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmwBUyZ.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHOiphm.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhLXUJx.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZmXHQI.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VoUbtGm.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xvFrQJF.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvchDCE.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\leIesZS.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BaUhPiN.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAMMSQj.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsdaaLT.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URZVCxY.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDLgCdm.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKMatgx.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPqTNGH.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpmbBLU.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\reWIJuh.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpufrJy.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KytNvoI.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYUhVIl.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cPrfDYk.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dptvLey.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tczDDOT.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fguGyKV.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQjrXzA.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IpHQvDN.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opXkblL.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTAIcRX.exe	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 1832	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2548 wrote to memory of 1832	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2548 wrote to memory of 1832	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2548 wrote to memory of 2244	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2548 wrote to memory of 2244	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2548 wrote to memory of 2244	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2548 wrote to memory of 2828	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2548 wrote to memory of 2828	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2548 wrote to memory of 2828	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2548 wrote to memory of 2848	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2548 wrote to memory of 2848	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2548 wrote to memory of 2848	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2548 wrote to memory of 2948	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2548 wrote to memory of 2948	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2548 wrote to memory of 2948	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2548 wrote to memory of 2444	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2548 wrote to memory of 2444	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2548 wrote to memory of 2444	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2548 wrote to memory of 2632	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2548 wrote to memory of 2632	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2548 wrote to memory of 2632	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2548 wrote to memory of 2660	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2548 wrote to memory of 2660	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2548 wrote to memory of 2660	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2548 wrote to memory of 2600	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2548 wrote to memory of 2600	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2548 wrote to memory of 2600	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2548 wrote to memory of 2224	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2548 wrote to memory of 2224	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2548 wrote to memory of 2224	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2548 wrote to memory of 2840	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2548 wrote to memory of 2840	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2548 wrote to memory of 2840	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2548 wrote to memory of 268	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2548 wrote to memory of 268	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2548 wrote to memory of 268	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2548 wrote to memory of 1728	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2548 wrote to memory of 1728	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2548 wrote to memory of 1728	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2548 wrote to memory of 3040	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2548 wrote to memory of 3040	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2548 wrote to memory of 3040	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2548 wrote to memory of 1556	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2548 wrote to memory of 1556	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2548 wrote to memory of 1556	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2548 wrote to memory of 2704	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2548 wrote to memory of 2704	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2548 wrote to memory of 2704	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2548 wrote to memory of 2924	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2548 wrote to memory of 2924	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2548 wrote to memory of 2924	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2548 wrote to memory of 1612	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2548 wrote to memory of 1612	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2548 wrote to memory of 1612	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2548 wrote to memory of 2964	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2548 wrote to memory of 2964	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2548 wrote to memory of 2964	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2548 wrote to memory of 1352	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2548 wrote to memory of 1352	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2548 wrote to memory of 1352	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2548 wrote to memory of 1872	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2548 wrote to memory of 1872	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2548 wrote to memory of 1872	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2548 wrote to memory of 2040	2548	2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-16_5ac53a16068496af59d734493373f154_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\System\UBMyHRV.exe
  C:\Windows\System\UBMyHRV.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\onJZFTp.exe
  C:\Windows\System\onJZFTp.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\GzufBDN.exe
  C:\Windows\System\GzufBDN.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\mNPmeCx.exe
  C:\Windows\System\mNPmeCx.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\ZdazhOF.exe
  C:\Windows\System\ZdazhOF.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\FFacVYp.exe
  C:\Windows\System\FFacVYp.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\IGWbBpV.exe
  C:\Windows\System\IGWbBpV.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\HvchDCE.exe
  C:\Windows\System\HvchDCE.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\kFkawCt.exe
  C:\Windows\System\kFkawCt.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\PbxKUDY.exe
  C:\Windows\System\PbxKUDY.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\rzmyvvr.exe
  C:\Windows\System\rzmyvvr.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\fiZaBMZ.exe
  C:\Windows\System\fiZaBMZ.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\XWdqCOE.exe
  C:\Windows\System\XWdqCOE.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\BZRPpRr.exe
  C:\Windows\System\BZRPpRr.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\pPXFYug.exe
  C:\Windows\System\pPXFYug.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\HsvaZjj.exe
  C:\Windows\System\HsvaZjj.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\NYyXcDp.exe
  C:\Windows\System\NYyXcDp.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\FZpBmml.exe
  C:\Windows\System\FZpBmml.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\BEyzNSq.exe
  C:\Windows\System\BEyzNSq.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\qCFbBUm.exe
  C:\Windows\System\qCFbBUm.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\kBPTqou.exe
  C:\Windows\System\kBPTqou.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\BifQRkN.exe
  C:\Windows\System\BifQRkN.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\zuXfqlB.exe
  C:\Windows\System\zuXfqlB.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\CRwvPuX.exe
  C:\Windows\System\CRwvPuX.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\LwqMVRe.exe
  C:\Windows\System\LwqMVRe.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\luGJdZP.exe
  C:\Windows\System\luGJdZP.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\ZlFsCys.exe
  C:\Windows\System\ZlFsCys.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\lgozvKF.exe
  C:\Windows\System\lgozvKF.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\dFObwjV.exe
  C:\Windows\System\dFObwjV.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\sNjFtoo.exe
  C:\Windows\System\sNjFtoo.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\ACsrdUt.exe
  C:\Windows\System\ACsrdUt.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\EWGzdIa.exe
  C:\Windows\System\EWGzdIa.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\iNKpeLX.exe
  C:\Windows\System\iNKpeLX.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\wZjXmBl.exe
  C:\Windows\System\wZjXmBl.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\VjnbCYK.exe
  C:\Windows\System\VjnbCYK.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\NfFQqTL.exe
  C:\Windows\System\NfFQqTL.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\wfInlmI.exe
  C:\Windows\System\wfInlmI.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\kstwepN.exe
  C:\Windows\System\kstwepN.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\aiOoXen.exe
  C:\Windows\System\aiOoXen.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\QdfnECA.exe
  C:\Windows\System\QdfnECA.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\ESxWuqz.exe
  C:\Windows\System\ESxWuqz.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\Sorwagk.exe
  C:\Windows\System\Sorwagk.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\pppjUvS.exe
  C:\Windows\System\pppjUvS.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\rIvqnHk.exe
  C:\Windows\System\rIvqnHk.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\WDLgCdm.exe
  C:\Windows\System\WDLgCdm.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\ajWhteD.exe
  C:\Windows\System\ajWhteD.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\DxUEbwJ.exe
  C:\Windows\System\DxUEbwJ.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\btMHDzN.exe
  C:\Windows\System\btMHDzN.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\ivGmMcj.exe
  C:\Windows\System\ivGmMcj.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\VOPNhCt.exe
  C:\Windows\System\VOPNhCt.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\SAdyYfF.exe
  C:\Windows\System\SAdyYfF.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\pjWWeMV.exe
  C:\Windows\System\pjWWeMV.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\SferIYd.exe
  C:\Windows\System\SferIYd.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\sUfAjfS.exe
  C:\Windows\System\sUfAjfS.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\wGRahbV.exe
  C:\Windows\System\wGRahbV.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\cRfAKwX.exe
  C:\Windows\System\cRfAKwX.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\lUngnFy.exe
  C:\Windows\System\lUngnFy.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\KPqiMJF.exe
  C:\Windows\System\KPqiMJF.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\OurMAeU.exe
  C:\Windows\System\OurMAeU.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\XEmXbkr.exe
  C:\Windows\System\XEmXbkr.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\lsRMhtz.exe
  C:\Windows\System\lsRMhtz.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\MwVQyKp.exe
  C:\Windows\System\MwVQyKp.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\RCPCkUX.exe
  C:\Windows\System\RCPCkUX.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\hrHEBnn.exe
  C:\Windows\System\hrHEBnn.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\jfVVQfj.exe
  C:\Windows\System\jfVVQfj.exe
  2⤵
  PID:2300
- C:\Windows\System\dKiCXdC.exe
  C:\Windows\System\dKiCXdC.exe
  2⤵
  PID:2656
- C:\Windows\System\DtPsXId.exe
  C:\Windows\System\DtPsXId.exe
  2⤵
  PID:1504
- C:\Windows\System\XObXHFH.exe
  C:\Windows\System\XObXHFH.exe
  2⤵
  PID:2448
- C:\Windows\System\fergdIk.exe
  C:\Windows\System\fergdIk.exe
  2⤵
  PID:2584
- C:\Windows\System\HazExnE.exe
  C:\Windows\System\HazExnE.exe
  2⤵
  PID:1108
- C:\Windows\System\CpxNyYT.exe
  C:\Windows\System\CpxNyYT.exe
  2⤵
  PID:2108
- C:\Windows\System\KujOryr.exe
  C:\Windows\System\KujOryr.exe
  2⤵
  PID:2736
- C:\Windows\System\EVDbYCA.exe
  C:\Windows\System\EVDbYCA.exe
  2⤵
  PID:2928
- C:\Windows\System\PIQAvYq.exe
  C:\Windows\System\PIQAvYq.exe
  2⤵
  PID:2784
- C:\Windows\System\nphItkQ.exe
  C:\Windows\System\nphItkQ.exe
  2⤵
  PID:2520
- C:\Windows\System\yyPyxeM.exe
  C:\Windows\System\yyPyxeM.exe
  2⤵
  PID:2036
- C:\Windows\System\XGfrKbB.exe
  C:\Windows\System\XGfrKbB.exe
  2⤵
  PID:2372
- C:\Windows\System\MbDMgVi.exe
  C:\Windows\System\MbDMgVi.exe
  2⤵
  PID:1984
- C:\Windows\System\SSWxiqR.exe
  C:\Windows\System\SSWxiqR.exe
  2⤵
  PID:1580
- C:\Windows\System\PlYWfCR.exe
  C:\Windows\System\PlYWfCR.exe
  2⤵
  PID:2220
- C:\Windows\System\tlEocIu.exe
  C:\Windows\System\tlEocIu.exe
  2⤵
  PID:2380
- C:\Windows\System\NbdZGDM.exe
  C:\Windows\System\NbdZGDM.exe
  2⤵
  PID:2388
- C:\Windows\System\rPFkqRG.exe
  C:\Windows\System\rPFkqRG.exe
  2⤵
  PID:904
- C:\Windows\System\CvAcPYp.exe
  C:\Windows\System\CvAcPYp.exe
  2⤵
  PID:2564
- C:\Windows\System\wITabEC.exe
  C:\Windows\System\wITabEC.exe
  2⤵
  PID:2020
- C:\Windows\System\ThIyNmb.exe
  C:\Windows\System\ThIyNmb.exe
  2⤵
  PID:1516
- C:\Windows\System\tYQzvRP.exe
  C:\Windows\System\tYQzvRP.exe
  2⤵
  PID:2940
- C:\Windows\System\AnSLltw.exe
  C:\Windows\System\AnSLltw.exe
  2⤵
  PID:1536
- C:\Windows\System\OQfEatI.exe
  C:\Windows\System\OQfEatI.exe
  2⤵
  PID:2472
- C:\Windows\System\toRmbKL.exe
  C:\Windows\System\toRmbKL.exe
  2⤵
  PID:1224
- C:\Windows\System\dXUubkT.exe
  C:\Windows\System\dXUubkT.exe
  2⤵
  PID:1784
- C:\Windows\System\ygEJzog.exe
  C:\Windows\System\ygEJzog.exe
  2⤵
  PID:1988
- C:\Windows\System\cUXHlDY.exe
  C:\Windows\System\cUXHlDY.exe
  2⤵
  PID:2076
- C:\Windows\System\UHOboko.exe
  C:\Windows\System\UHOboko.exe
  2⤵
  PID:2156
- C:\Windows\System\ivcOuSi.exe
  C:\Windows\System\ivcOuSi.exe
  2⤵
  PID:276
- C:\Windows\System\jNqpYQo.exe
  C:\Windows\System\jNqpYQo.exe
  2⤵
  PID:396
- C:\Windows\System\YvnyQZd.exe
  C:\Windows\System\YvnyQZd.exe
  2⤵
  PID:2352
- C:\Windows\System\IZsvNsn.exe
  C:\Windows\System\IZsvNsn.exe
  2⤵
  PID:1592
- C:\Windows\System\bFqOoHM.exe
  C:\Windows\System\bFqOoHM.exe
  2⤵
  PID:3020
- C:\Windows\System\ZncCqSi.exe
  C:\Windows\System\ZncCqSi.exe
  2⤵
  PID:2732
- C:\Windows\System\vGMRlbn.exe
  C:\Windows\System\vGMRlbn.exe
  2⤵
  PID:2720
- C:\Windows\System\VcJlLLd.exe
  C:\Windows\System\VcJlLLd.exe
  2⤵
  PID:2068
- C:\Windows\System\kGrFSPg.exe
  C:\Windows\System\kGrFSPg.exe
  2⤵
  PID:2708
- C:\Windows\System\YHafVql.exe
  C:\Windows\System\YHafVql.exe
  2⤵
  PID:3024
- C:\Windows\System\yXeSdJQ.exe
  C:\Windows\System\yXeSdJQ.exe
  2⤵
  PID:1608
- C:\Windows\System\knkewTR.exe
  C:\Windows\System\knkewTR.exe
  2⤵
  PID:2856
- C:\Windows\System\TxWyNzC.exe
  C:\Windows\System\TxWyNzC.exe
  2⤵
  PID:3028
- C:\Windows\System\LleeoPV.exe
  C:\Windows\System\LleeoPV.exe
  2⤵
  PID:2104
- C:\Windows\System\OyNAiDB.exe
  C:\Windows\System\OyNAiDB.exe
  2⤵
  PID:2804
- C:\Windows\System\yuNEWQR.exe
  C:\Windows\System\yuNEWQR.exe
  2⤵
  PID:1640
- C:\Windows\System\bmfWtsP.exe
  C:\Windows\System\bmfWtsP.exe
  2⤵
  PID:2256
- C:\Windows\System\ujIHVMu.exe
  C:\Windows\System\ujIHVMu.exe
  2⤵
  PID:1648
- C:\Windows\System\RDfBwxc.exe
  C:\Windows\System\RDfBwxc.exe
  2⤵
  PID:2164
- C:\Windows\System\tgAraJN.exe
  C:\Windows\System\tgAraJN.exe
  2⤵
  PID:2096
- C:\Windows\System\RPRlmby.exe
  C:\Windows\System\RPRlmby.exe
  2⤵
  PID:2028
- C:\Windows\System\cLMgsUN.exe
  C:\Windows\System\cLMgsUN.exe
  2⤵
  PID:1964
- C:\Windows\System\IskqMEM.exe
  C:\Windows\System\IskqMEM.exe
  2⤵
  PID:1808
- C:\Windows\System\VakaLRw.exe
  C:\Windows\System\VakaLRw.exe
  2⤵
  PID:1436
- C:\Windows\System\bhItgtB.exe
  C:\Windows\System\bhItgtB.exe
  2⤵
  PID:2432
- C:\Windows\System\LHOiphm.exe
  C:\Windows\System\LHOiphm.exe
  2⤵
  PID:1400
- C:\Windows\System\xVNEujs.exe
  C:\Windows\System\xVNEujs.exe
  2⤵
  PID:1256
- C:\Windows\System\YqkKldR.exe
  C:\Windows\System\YqkKldR.exe
  2⤵
  PID:1860
- C:\Windows\System\gSBmTSH.exe
  C:\Windows\System\gSBmTSH.exe
  2⤵
  PID:2988
- C:\Windows\System\ZFnZpUw.exe
  C:\Windows\System\ZFnZpUw.exe
  2⤵
  PID:2612
- C:\Windows\System\HnqGnSA.exe
  C:\Windows\System\HnqGnSA.exe
  2⤵
  PID:3052
- C:\Windows\System\Oymmjwb.exe
  C:\Windows\System\Oymmjwb.exe
  2⤵
  PID:2764
- C:\Windows\System\aiOuiCo.exe
  C:\Windows\System\aiOuiCo.exe
  2⤵
  PID:2836
- C:\Windows\System\VoOmDfl.exe
  C:\Windows\System\VoOmDfl.exe
  2⤵
  PID:2672
- C:\Windows\System\cnRIWlN.exe
  C:\Windows\System\cnRIWlN.exe
  2⤵
  PID:2608
- C:\Windows\System\GVVNYZW.exe
  C:\Windows\System\GVVNYZW.exe
  2⤵
  PID:2436
- C:\Windows\System\NzOqvjA.exe
  C:\Windows\System\NzOqvjA.exe
  2⤵
  PID:2272
- C:\Windows\System\XRqygQe.exe
  C:\Windows\System\XRqygQe.exe
  2⤵
  PID:2908
- C:\Windows\System\pvqCvLd.exe
  C:\Windows\System\pvqCvLd.exe
  2⤵
  PID:2864
- C:\Windows\System\CAvuaKE.exe
  C:\Windows\System\CAvuaKE.exe
  2⤵
  PID:1060
- C:\Windows\System\FCfkzrC.exe
  C:\Windows\System\FCfkzrC.exe
  2⤵
  PID:2972
- C:\Windows\System\uhCbSEt.exe
  C:\Windows\System\uhCbSEt.exe
  2⤵
  PID:2428
- C:\Windows\System\jUFXdCg.exe
  C:\Windows\System\jUFXdCg.exe
  2⤵
  PID:1820
- C:\Windows\System\LCIeUam.exe
  C:\Windows\System\LCIeUam.exe
  2⤵
  PID:780
- C:\Windows\System\QqYTwPb.exe
  C:\Windows\System\QqYTwPb.exe
  2⤵
  PID:1148
- C:\Windows\System\fxUdFpI.exe
  C:\Windows\System\fxUdFpI.exe
  2⤵
  PID:2420
- C:\Windows\System\LxxSbFq.exe
  C:\Windows\System\LxxSbFq.exe
  2⤵
  PID:540
- C:\Windows\System\xvcyzZy.exe
  C:\Windows\System\xvcyzZy.exe
  2⤵
  PID:928
- C:\Windows\System\NLlVMts.exe
  C:\Windows\System\NLlVMts.exe
  2⤵
  PID:896
- C:\Windows\System\fhLXUJx.exe
  C:\Windows\System\fhLXUJx.exe
  2⤵
  PID:1600
- C:\Windows\System\eYVckVP.exe
  C:\Windows\System\eYVckVP.exe
  2⤵
  PID:2800
- C:\Windows\System\cdnpAXy.exe
  C:\Windows\System\cdnpAXy.exe
  2⤵
  PID:2212
- C:\Windows\System\umNiJJR.exe
  C:\Windows\System\umNiJJR.exe
  2⤵
  PID:2536
- C:\Windows\System\wOKjdQN.exe
  C:\Windows\System\wOKjdQN.exe
  2⤵
  PID:2640
- C:\Windows\System\ITMFuew.exe
  C:\Windows\System\ITMFuew.exe
  2⤵
  PID:2692
- C:\Windows\System\QiNRpvS.exe
  C:\Windows\System\QiNRpvS.exe
  2⤵
  PID:1020
- C:\Windows\System\uwkxkcX.exe
  C:\Windows\System\uwkxkcX.exe
  2⤵
  PID:2424
- C:\Windows\System\vQdiBWY.exe
  C:\Windows\System\vQdiBWY.exe
  2⤵
  PID:308
- C:\Windows\System\myDrHSA.exe
  C:\Windows\System\myDrHSA.exe
  2⤵
  PID:2528
- C:\Windows\System\lVhfmdq.exe
  C:\Windows\System\lVhfmdq.exe
  2⤵
  PID:2756
- C:\Windows\System\OIIQlUF.exe
  C:\Windows\System\OIIQlUF.exe
  2⤵
  PID:2744
- C:\Windows\System\IRuyeXY.exe
  C:\Windows\System\IRuyeXY.exe
  2⤵
  PID:2832
- C:\Windows\System\XyVkkJn.exe
  C:\Windows\System\XyVkkJn.exe
  2⤵
  PID:1380
- C:\Windows\System\KytNvoI.exe
  C:\Windows\System\KytNvoI.exe
  2⤵
  PID:932
- C:\Windows\System\SjELXIY.exe
  C:\Windows\System\SjELXIY.exe
  2⤵
  PID:2404
- C:\Windows\System\dXjTVGl.exe
  C:\Windows\System\dXjTVGl.exe
  2⤵
  PID:2336
- C:\Windows\System\XCDaFbH.exe
  C:\Windows\System\XCDaFbH.exe
  2⤵
  PID:1692
- C:\Windows\System\JzncLYp.exe
  C:\Windows\System\JzncLYp.exe
  2⤵
  PID:908
- C:\Windows\System\oKtudfl.exe
  C:\Windows\System\oKtudfl.exe
  2⤵
  PID:1340
- C:\Windows\System\wMTXzIl.exe
  C:\Windows\System\wMTXzIl.exe
  2⤵
  PID:1932
- C:\Windows\System\QQpDmVU.exe
  C:\Windows\System\QQpDmVU.exe
  2⤵
  PID:2268
- C:\Windows\System\jiEMIiO.exe
  C:\Windows\System\jiEMIiO.exe
  2⤵
  PID:1700
- C:\Windows\System\wjbEpkV.exe
  C:\Windows\System\wjbEpkV.exe
  2⤵
  PID:2648
- C:\Windows\System\AWvHZVV.exe
  C:\Windows\System\AWvHZVV.exe
  2⤵
  PID:988
- C:\Windows\System\FCOdYLO.exe
  C:\Windows\System\FCOdYLO.exe
  2⤵
  PID:1272
- C:\Windows\System\OvTYtEN.exe
  C:\Windows\System\OvTYtEN.exe
  2⤵
  PID:2960
- C:\Windows\System\RNoJkNV.exe
  C:\Windows\System\RNoJkNV.exe
  2⤵
  PID:3088
- C:\Windows\System\BgNICMc.exe
  C:\Windows\System\BgNICMc.exe
  2⤵
  PID:3104
- C:\Windows\System\itURIuM.exe
  C:\Windows\System\itURIuM.exe
  2⤵
  PID:3132
- C:\Windows\System\oynGrdc.exe
  C:\Windows\System\oynGrdc.exe
  2⤵
  PID:3152
- C:\Windows\System\haAPkby.exe
  C:\Windows\System\haAPkby.exe
  2⤵
  PID:3168
- C:\Windows\System\QtGBAWu.exe
  C:\Windows\System\QtGBAWu.exe
  2⤵
  PID:3188
- C:\Windows\System\lYMmlqe.exe
  C:\Windows\System\lYMmlqe.exe
  2⤵
  PID:3216
- C:\Windows\System\QGeqdVt.exe
  C:\Windows\System\QGeqdVt.exe
  2⤵
  PID:3232
- C:\Windows\System\XxexTYD.exe
  C:\Windows\System\XxexTYD.exe
  2⤵
  PID:3248
- C:\Windows\System\VhOUqEO.exe
  C:\Windows\System\VhOUqEO.exe
  2⤵
  PID:3264
- C:\Windows\System\eYwOqwu.exe
  C:\Windows\System\eYwOqwu.exe
  2⤵
  PID:3280
- C:\Windows\System\MSAPTSk.exe
  C:\Windows\System\MSAPTSk.exe
  2⤵
  PID:3304
- C:\Windows\System\ZONXzFL.exe
  C:\Windows\System\ZONXzFL.exe
  2⤵
  PID:3320
- C:\Windows\System\SgSIebo.exe
  C:\Windows\System\SgSIebo.exe
  2⤵
  PID:3340
- C:\Windows\System\WDTOFxW.exe
  C:\Windows\System\WDTOFxW.exe
  2⤵
  PID:3360
- C:\Windows\System\TtLIfic.exe
  C:\Windows\System\TtLIfic.exe
  2⤵
  PID:3388
- C:\Windows\System\yVbskoR.exe
  C:\Windows\System\yVbskoR.exe
  2⤵
  PID:3408
- C:\Windows\System\kEjuzgT.exe
  C:\Windows\System\kEjuzgT.exe
  2⤵
  PID:3428
- C:\Windows\System\iVFBnts.exe
  C:\Windows\System\iVFBnts.exe
  2⤵
  PID:3444
- C:\Windows\System\xSWvZZD.exe
  C:\Windows\System\xSWvZZD.exe
  2⤵
  PID:3468
- C:\Windows\System\RkVcPYO.exe
  C:\Windows\System\RkVcPYO.exe
  2⤵
  PID:3484
- C:\Windows\System\urJsPIN.exe
  C:\Windows\System\urJsPIN.exe
  2⤵
  PID:3504
- C:\Windows\System\vNctzjc.exe
  C:\Windows\System\vNctzjc.exe
  2⤵
  PID:3532
- C:\Windows\System\HQwEXKp.exe
  C:\Windows\System\HQwEXKp.exe
  2⤵
  PID:3552
- C:\Windows\System\uAnkQIf.exe
  C:\Windows\System\uAnkQIf.exe
  2⤵
  PID:3568
- C:\Windows\System\MhIkVjP.exe
  C:\Windows\System\MhIkVjP.exe
  2⤵
  PID:3584
- C:\Windows\System\PDOdoQa.exe
  C:\Windows\System\PDOdoQa.exe
  2⤵
  PID:3608
- C:\Windows\System\soWjscF.exe
  C:\Windows\System\soWjscF.exe
  2⤵
  PID:3632
- C:\Windows\System\SsZTkKS.exe
  C:\Windows\System\SsZTkKS.exe
  2⤵
  PID:3652
- C:\Windows\System\STwNLvv.exe
  C:\Windows\System\STwNLvv.exe
  2⤵
  PID:3672
- C:\Windows\System\APbqiyR.exe
  C:\Windows\System\APbqiyR.exe
  2⤵
  PID:3688
- C:\Windows\System\cqdVXay.exe
  C:\Windows\System\cqdVXay.exe
  2⤵
  PID:3704
- C:\Windows\System\EURDiwO.exe
  C:\Windows\System\EURDiwO.exe
  2⤵
  PID:3724
- C:\Windows\System\eYIiAfN.exe
  C:\Windows\System\eYIiAfN.exe
  2⤵
  PID:3744
- C:\Windows\System\XEBJqda.exe
  C:\Windows\System\XEBJqda.exe
  2⤵
  PID:3760
- C:\Windows\System\DUgomsk.exe
  C:\Windows\System\DUgomsk.exe
  2⤵
  PID:3792
- C:\Windows\System\rZmXHQI.exe
  C:\Windows\System\rZmXHQI.exe
  2⤵
  PID:3808
- C:\Windows\System\YpTdXrN.exe
  C:\Windows\System\YpTdXrN.exe
  2⤵
  PID:3832
- C:\Windows\System\VoUbtGm.exe
  C:\Windows\System\VoUbtGm.exe
  2⤵
  PID:3848
- C:\Windows\System\svaKMba.exe
  C:\Windows\System\svaKMba.exe
  2⤵
  PID:3868
- C:\Windows\System\pAnYfDs.exe
  C:\Windows\System\pAnYfDs.exe
  2⤵
  PID:3896
- C:\Windows\System\QnzZLzz.exe
  C:\Windows\System\QnzZLzz.exe
  2⤵
  PID:3912
- C:\Windows\System\QxXpjSO.exe
  C:\Windows\System\QxXpjSO.exe
  2⤵
  PID:3932
- C:\Windows\System\CtAkZcH.exe
  C:\Windows\System\CtAkZcH.exe
  2⤵
  PID:3948
- C:\Windows\System\dmPWJSb.exe
  C:\Windows\System\dmPWJSb.exe
  2⤵
  PID:3964
- C:\Windows\System\GNJPEJE.exe
  C:\Windows\System\GNJPEJE.exe
  2⤵
  PID:3980
- C:\Windows\System\YtKQEJW.exe
  C:\Windows\System\YtKQEJW.exe
  2⤵
  PID:3996
- C:\Windows\System\BqaVIlN.exe
  C:\Windows\System\BqaVIlN.exe
  2⤵
  PID:4016
- C:\Windows\System\ShSOZhO.exe
  C:\Windows\System\ShSOZhO.exe
  2⤵
  PID:4040
- C:\Windows\System\JcMiWZx.exe
  C:\Windows\System\JcMiWZx.exe
  2⤵
  PID:4064
- C:\Windows\System\ysgJVpg.exe
  C:\Windows\System\ysgJVpg.exe
  2⤵
  PID:4080
- C:\Windows\System\SWXpjHC.exe
  C:\Windows\System\SWXpjHC.exe
  2⤵
  PID:2772
- C:\Windows\System\onOKhmr.exe
  C:\Windows\System\onOKhmr.exe
  2⤵
  PID:3100
- C:\Windows\System\AtFadOl.exe
  C:\Windows\System\AtFadOl.exe
  2⤵
  PID:3140
- C:\Windows\System\xylIjFv.exe
  C:\Windows\System\xylIjFv.exe
  2⤵
  PID:3204
- C:\Windows\System\mOjBvLS.exe
  C:\Windows\System\mOjBvLS.exe
  2⤵
  PID:3180
- C:\Windows\System\qsCvAMJ.exe
  C:\Windows\System\qsCvAMJ.exe
  2⤵
  PID:3208
- C:\Windows\System\gAhOlXm.exe
  C:\Windows\System\gAhOlXm.exe
  2⤵
  PID:3316
- C:\Windows\System\UWIuBVE.exe
  C:\Windows\System\UWIuBVE.exe
  2⤵
  PID:3356
- C:\Windows\System\MNzSxsL.exe
  C:\Windows\System\MNzSxsL.exe
  2⤵
  PID:3372
- C:\Windows\System\rimdEtY.exe
  C:\Windows\System\rimdEtY.exe
  2⤵
  PID:3396
- C:\Windows\System\gUdnHdw.exe
  C:\Windows\System\gUdnHdw.exe
  2⤵
  PID:3292
- C:\Windows\System\TLdPfdy.exe
  C:\Windows\System\TLdPfdy.exe
  2⤵
  PID:3300
- C:\Windows\System\MFezzjh.exe
  C:\Windows\System\MFezzjh.exe
  2⤵
  PID:3476
- C:\Windows\System\YEgVZML.exe
  C:\Windows\System\YEgVZML.exe
  2⤵
  PID:3424
- C:\Windows\System\FVPEYAQ.exe
  C:\Windows\System\FVPEYAQ.exe
  2⤵
  PID:1364
- C:\Windows\System\eUlGFzd.exe
  C:\Windows\System\eUlGFzd.exe
  2⤵
  PID:3492
- C:\Windows\System\gUZbFOQ.exe
  C:\Windows\System\gUZbFOQ.exe
  2⤵
  PID:3544
- C:\Windows\System\WfuqCSa.exe
  C:\Windows\System\WfuqCSa.exe
  2⤵
  PID:3596
- C:\Windows\System\HrMTquF.exe
  C:\Windows\System\HrMTquF.exe
  2⤵
  PID:3668
- C:\Windows\System\bnTutKq.exe
  C:\Windows\System\bnTutKq.exe
  2⤵
  PID:2556
- C:\Windows\System\VcqmWGT.exe
  C:\Windows\System\VcqmWGT.exe
  2⤵
  PID:3720
- C:\Windows\System\mDkylHX.exe
  C:\Windows\System\mDkylHX.exe
  2⤵
  PID:3756
- C:\Windows\System\pNXbsjI.exe
  C:\Windows\System\pNXbsjI.exe
  2⤵
  PID:3776
- C:\Windows\System\FsxCiPT.exe
  C:\Windows\System\FsxCiPT.exe
  2⤵
  PID:2332
- C:\Windows\System\NrDDnjR.exe
  C:\Windows\System\NrDDnjR.exe
  2⤵
  PID:3784
- C:\Windows\System\FpiTyaX.exe
  C:\Windows\System\FpiTyaX.exe
  2⤵
  PID:3828
- C:\Windows\System\wJjDKOc.exe
  C:\Windows\System\wJjDKOc.exe
  2⤵
  PID:3876
- C:\Windows\System\ZrTKMLq.exe
  C:\Windows\System\ZrTKMLq.exe
  2⤵
  PID:3888
- C:\Windows\System\hbSCwpy.exe
  C:\Windows\System\hbSCwpy.exe
  2⤵
  PID:3956
- C:\Windows\System\lwzroMW.exe
  C:\Windows\System\lwzroMW.exe
  2⤵
  PID:3904
- C:\Windows\System\WUapZUT.exe
  C:\Windows\System\WUapZUT.exe
  2⤵
  PID:4004
- C:\Windows\System\xiAoFFs.exe
  C:\Windows\System\xiAoFFs.exe
  2⤵
  PID:4032
- C:\Windows\System\qPquGWr.exe
  C:\Windows\System\qPquGWr.exe
  2⤵
  PID:4008
- C:\Windows\System\KkntxWi.exe
  C:\Windows\System\KkntxWi.exe
  2⤵
  PID:2012
- C:\Windows\System\LPOjlqt.exe
  C:\Windows\System\LPOjlqt.exe
  2⤵
  PID:4072
- C:\Windows\System\oFOUtIF.exe
  C:\Windows\System\oFOUtIF.exe
  2⤵
  PID:3128
- C:\Windows\System\gWtvQFL.exe
  C:\Windows\System\gWtvQFL.exe
  2⤵
  PID:3224
- C:\Windows\System\ItsjhqI.exe
  C:\Windows\System\ItsjhqI.exe
  2⤵
  PID:3384
- C:\Windows\System\YzmpiNU.exe
  C:\Windows\System\YzmpiNU.exe
  2⤵
  PID:3296
- C:\Windows\System\RrPcaXS.exe
  C:\Windows\System\RrPcaXS.exe
  2⤵
  PID:3368
- C:\Windows\System\waACtNA.exe
  C:\Windows\System\waACtNA.exe
  2⤵
  PID:3244
- C:\Windows\System\KcFgxts.exe
  C:\Windows\System\KcFgxts.exe
  2⤵
  PID:3540
- C:\Windows\System\WMmkJov.exe
  C:\Windows\System\WMmkJov.exe
  2⤵
  PID:3560
- C:\Windows\System\DVrHbmG.exe
  C:\Windows\System\DVrHbmG.exe
  2⤵
  PID:3604
- C:\Windows\System\kzPosLF.exe
  C:\Windows\System\kzPosLF.exe
  2⤵
  PID:3628
- C:\Windows\System\tczDDOT.exe
  C:\Windows\System\tczDDOT.exe
  2⤵
  PID:3640
- C:\Windows\System\fmQGAxj.exe
  C:\Windows\System\fmQGAxj.exe
  2⤵
  PID:3800
- C:\Windows\System\HqGNcLx.exe
  C:\Windows\System\HqGNcLx.exe
  2⤵
  PID:3780
- C:\Windows\System\MnzwObT.exe
  C:\Windows\System\MnzwObT.exe
  2⤵
  PID:3772
- C:\Windows\System\uZjTabE.exe
  C:\Windows\System\uZjTabE.exe
  2⤵
  PID:3988
- C:\Windows\System\poMjLVX.exe
  C:\Windows\System\poMjLVX.exe
  2⤵
  PID:3116
- C:\Windows\System\nWcgySK.exe
  C:\Windows\System\nWcgySK.exe
  2⤵
  PID:3924
- C:\Windows\System\RMaEXeH.exe
  C:\Windows\System\RMaEXeH.exe
  2⤵
  PID:3940
- C:\Windows\System\Yilruvd.exe
  C:\Windows\System\Yilruvd.exe
  2⤵
  PID:3164
- C:\Windows\System\rJEFFKJ.exe
  C:\Windows\System\rJEFFKJ.exe
  2⤵
  PID:4092
- C:\Windows\System\oSWJaDz.exe
  C:\Windows\System\oSWJaDz.exe
  2⤵
  PID:500
- C:\Windows\System\KhDRtRA.exe
  C:\Windows\System\KhDRtRA.exe
  2⤵
  PID:3276
- C:\Windows\System\GpVqXMF.exe
  C:\Windows\System\GpVqXMF.exe
  2⤵
  PID:3288
- C:\Windows\System\ZGngsKi.exe
  C:\Windows\System\ZGngsKi.exe
  2⤵
  PID:3436
- C:\Windows\System\VWAkVVM.exe
  C:\Windows\System\VWAkVVM.exe
  2⤵
  PID:880
- C:\Windows\System\ueEQcXL.exe
  C:\Windows\System\ueEQcXL.exe
  2⤵
  PID:3644
- C:\Windows\System\rGoiAXj.exe
  C:\Windows\System\rGoiAXj.exe
  2⤵
  PID:3840
- C:\Windows\System\gNxlWDM.exe
  C:\Windows\System\gNxlWDM.exe
  2⤵
  PID:3576
- C:\Windows\System\tJpHsyt.exe
  C:\Windows\System\tJpHsyt.exe
  2⤵
  PID:3736
- C:\Windows\System\tQgvayV.exe
  C:\Windows\System\tQgvayV.exe
  2⤵
  PID:3624
- C:\Windows\System\QiDlakX.exe
  C:\Windows\System\QiDlakX.exe
  2⤵
  PID:2904
- C:\Windows\System\CewJCwh.exe
  C:\Windows\System\CewJCwh.exe
  2⤵
  PID:2216
- C:\Windows\System\iAftZap.exe
  C:\Windows\System\iAftZap.exe
  2⤵
  PID:1100
- C:\Windows\System\TotDVHa.exe
  C:\Windows\System\TotDVHa.exe
  2⤵
  PID:1068
- C:\Windows\System\UVcIhTQ.exe
  C:\Windows\System\UVcIhTQ.exe
  2⤵
  PID:3380
- C:\Windows\System\XQPouRk.exe
  C:\Windows\System\XQPouRk.exe
  2⤵
  PID:1920
- C:\Windows\System\YAsGzjw.exe
  C:\Windows\System\YAsGzjw.exe
  2⤵
  PID:2500
- C:\Windows\System\zxczGFC.exe
  C:\Windows\System\zxczGFC.exe
  2⤵
  PID:2152
- C:\Windows\System\LvAKgJM.exe
  C:\Windows\System\LvAKgJM.exe
  2⤵
  PID:4048
- C:\Windows\System\YBPMvTm.exe
  C:\Windows\System\YBPMvTm.exe
  2⤵
  PID:3464
- C:\Windows\System\TxrUGqe.exe
  C:\Windows\System\TxrUGqe.exe
  2⤵
  PID:3884
- C:\Windows\System\TjjbXTr.exe
  C:\Windows\System\TjjbXTr.exe
  2⤵
  PID:2956
- C:\Windows\System\iSUtsdc.exe
  C:\Windows\System\iSUtsdc.exe
  2⤵
  PID:2056
- C:\Windows\System\gHTTufw.exe
  C:\Windows\System\gHTTufw.exe
  2⤵
  PID:3716
- C:\Windows\System\eGmsHea.exe
  C:\Windows\System\eGmsHea.exe
  2⤵
  PID:3516
- C:\Windows\System\mwmyyjN.exe
  C:\Windows\System\mwmyyjN.exe
  2⤵
  PID:3752
- C:\Windows\System\UeuwJcv.exe
  C:\Windows\System\UeuwJcv.exe
  2⤵
  PID:4104
- C:\Windows\System\JUslGEb.exe
  C:\Windows\System\JUslGEb.exe
  2⤵
  PID:4140
- C:\Windows\System\cUWhaym.exe
  C:\Windows\System\cUWhaym.exe
  2⤵
  PID:4160
- C:\Windows\System\ZBGaOaJ.exe
  C:\Windows\System\ZBGaOaJ.exe
  2⤵
  PID:4176
- C:\Windows\System\tRHfysC.exe
  C:\Windows\System\tRHfysC.exe
  2⤵
  PID:4196
- C:\Windows\System\imiVPOP.exe
  C:\Windows\System\imiVPOP.exe
  2⤵
  PID:4216
- C:\Windows\System\jkyTUPk.exe
  C:\Windows\System\jkyTUPk.exe
  2⤵
  PID:4240
- C:\Windows\System\FmddjPQ.exe
  C:\Windows\System\FmddjPQ.exe
  2⤵
  PID:4264
- C:\Windows\System\DpymyyP.exe
  C:\Windows\System\DpymyyP.exe
  2⤵
  PID:4284
- C:\Windows\System\DZRebLo.exe
  C:\Windows\System\DZRebLo.exe
  2⤵
  PID:4300
- C:\Windows\System\btrRTAD.exe
  C:\Windows\System\btrRTAD.exe
  2⤵
  PID:4328
- C:\Windows\System\jGjxjKf.exe
  C:\Windows\System\jGjxjKf.exe
  2⤵
  PID:4344
- C:\Windows\System\bjwfGmi.exe
  C:\Windows\System\bjwfGmi.exe
  2⤵
  PID:4360
- C:\Windows\System\ehNrXUk.exe
  C:\Windows\System\ehNrXUk.exe
  2⤵
  PID:4376
- C:\Windows\System\oIhZdbe.exe
  C:\Windows\System\oIhZdbe.exe
  2⤵
  PID:4392
- C:\Windows\System\quYcEbZ.exe
  C:\Windows\System\quYcEbZ.exe
  2⤵
  PID:4412
- C:\Windows\System\tBQhejv.exe
  C:\Windows\System\tBQhejv.exe
  2⤵
  PID:4436
- C:\Windows\System\byQHSCM.exe
  C:\Windows\System\byQHSCM.exe
  2⤵
  PID:4460
- C:\Windows\System\vGoCXxz.exe
  C:\Windows\System\vGoCXxz.exe
  2⤵
  PID:4476
- C:\Windows\System\BcLfGiR.exe
  C:\Windows\System\BcLfGiR.exe
  2⤵
  PID:4508
- C:\Windows\System\mqyqLCh.exe
  C:\Windows\System\mqyqLCh.exe
  2⤵
  PID:4536
- C:\Windows\System\STTNXym.exe
  C:\Windows\System\STTNXym.exe
  2⤵
  PID:4552
- C:\Windows\System\IiNEbEd.exe
  C:\Windows\System\IiNEbEd.exe
  2⤵
  PID:4568
- C:\Windows\System\KCVUyzr.exe
  C:\Windows\System\KCVUyzr.exe
  2⤵
  PID:4584
- C:\Windows\System\vORgPjS.exe
  C:\Windows\System\vORgPjS.exe
  2⤵
  PID:4604
- C:\Windows\System\OWVIuir.exe
  C:\Windows\System\OWVIuir.exe
  2⤵
  PID:4620
- C:\Windows\System\EoHXYJK.exe
  C:\Windows\System\EoHXYJK.exe
  2⤵
  PID:4640
- C:\Windows\System\QvKsQqP.exe
  C:\Windows\System\QvKsQqP.exe
  2⤵
  PID:4656
- C:\Windows\System\RRfMdeE.exe
  C:\Windows\System\RRfMdeE.exe
  2⤵
  PID:4680
- C:\Windows\System\fNmEoin.exe
  C:\Windows\System\fNmEoin.exe
  2⤵
  PID:4704
- C:\Windows\System\jdgBYTw.exe
  C:\Windows\System\jdgBYTw.exe
  2⤵
  PID:4720
- C:\Windows\System\HXxiKiH.exe
  C:\Windows\System\HXxiKiH.exe
  2⤵
  PID:4736
- C:\Windows\System\sqfnIdW.exe
  C:\Windows\System\sqfnIdW.exe
  2⤵
  PID:4752
- C:\Windows\System\pbveamF.exe
  C:\Windows\System\pbveamF.exe
  2⤵
  PID:4768
- C:\Windows\System\XFiUjCT.exe
  C:\Windows\System\XFiUjCT.exe
  2⤵
  PID:4792
- C:\Windows\System\dtrSDyC.exe
  C:\Windows\System\dtrSDyC.exe
  2⤵
  PID:4808
- C:\Windows\System\HcdDodN.exe
  C:\Windows\System\HcdDodN.exe
  2⤵
  PID:4852
- C:\Windows\System\HxfAsxV.exe
  C:\Windows\System\HxfAsxV.exe
  2⤵
  PID:4872
- C:\Windows\System\hUmGzCu.exe
  C:\Windows\System\hUmGzCu.exe
  2⤵
  PID:4888
- C:\Windows\System\NzRZmVP.exe
  C:\Windows\System\NzRZmVP.exe
  2⤵
  PID:4904
- C:\Windows\System\BXbkMuQ.exe
  C:\Windows\System\BXbkMuQ.exe
  2⤵
  PID:4924
- C:\Windows\System\EelNWAL.exe
  C:\Windows\System\EelNWAL.exe
  2⤵
  PID:4940
- C:\Windows\System\UERWmUn.exe
  C:\Windows\System\UERWmUn.exe
  2⤵
  PID:4960
- C:\Windows\System\qWQfePo.exe
  C:\Windows\System\qWQfePo.exe
  2⤵
  PID:4976
- C:\Windows\System\TuselIn.exe
  C:\Windows\System\TuselIn.exe
  2⤵
  PID:4992
- C:\Windows\System\BAlmyUQ.exe
  C:\Windows\System\BAlmyUQ.exe
  2⤵
  PID:5008
- C:\Windows\System\kOKZNVB.exe
  C:\Windows\System\kOKZNVB.exe
  2⤵
  PID:5028
- C:\Windows\System\lAAdmUx.exe
  C:\Windows\System\lAAdmUx.exe
  2⤵
  PID:5048
- C:\Windows\System\WyEpshY.exe
  C:\Windows\System\WyEpshY.exe
  2⤵
  PID:5064
- C:\Windows\System\pLFhVDs.exe
  C:\Windows\System\pLFhVDs.exe
  2⤵
  PID:5080
- C:\Windows\System\cEQYLHz.exe
  C:\Windows\System\cEQYLHz.exe
  2⤵
  PID:3084
- C:\Windows\System\ZOLBNEN.exe
  C:\Windows\System\ZOLBNEN.exe
  2⤵
  PID:2208
- C:\Windows\System\CdLuBEe.exe
  C:\Windows\System\CdLuBEe.exe
  2⤵
  PID:3528
- C:\Windows\System\IvDJLKP.exe
  C:\Windows\System\IvDJLKP.exe
  2⤵
  PID:4188
- C:\Windows\System\UJcWbqC.exe
  C:\Windows\System\UJcWbqC.exe
  2⤵
  PID:3420
- C:\Windows\System\UTpGACq.exe
  C:\Windows\System\UTpGACq.exe
  2⤵
  PID:4124
- C:\Windows\System\iehxXNp.exe
  C:\Windows\System\iehxXNp.exe
  2⤵
  PID:3976
- C:\Windows\System\cinuZKj.exe
  C:\Windows\System\cinuZKj.exe
  2⤵
  PID:4168
- C:\Windows\System\apYztbM.exe
  C:\Windows\System\apYztbM.exe
  2⤵
  PID:4312
- C:\Windows\System\lFAzupp.exe
  C:\Windows\System\lFAzupp.exe
  2⤵
  PID:4308
- C:\Windows\System\pQqCRYM.exe
  C:\Windows\System\pQqCRYM.exe
  2⤵
  PID:4356
- C:\Windows\System\ozPZECC.exe
  C:\Windows\System\ozPZECC.exe
  2⤵
  PID:4292
- C:\Windows\System\SQNrkCO.exe
  C:\Windows\System\SQNrkCO.exe
  2⤵
  PID:4432
- C:\Windows\System\WJyEorX.exe
  C:\Windows\System\WJyEorX.exe
  2⤵
  PID:4372
- C:\Windows\System\ZaJYMCy.exe
  C:\Windows\System\ZaJYMCy.exe
  2⤵
  PID:4260
- C:\Windows\System\YVxgUvd.exe
  C:\Windows\System\YVxgUvd.exe
  2⤵
  PID:4484
- C:\Windows\System\zmYmDaE.exe
  C:\Windows\System\zmYmDaE.exe
  2⤵
  PID:4516
- C:\Windows\System\dRESPnu.exe
  C:\Windows\System\dRESPnu.exe
  2⤵
  PID:4560
- C:\Windows\System\gTDtEys.exe
  C:\Windows\System\gTDtEys.exe
  2⤵
  PID:4632
- C:\Windows\System\GBBmhAL.exe
  C:\Windows\System\GBBmhAL.exe
  2⤵
  PID:4672
- C:\Windows\System\JzuUoND.exe
  C:\Windows\System\JzuUoND.exe
  2⤵
  PID:4716
- C:\Windows\System\ObjaMDn.exe
  C:\Windows\System\ObjaMDn.exe
  2⤵
  PID:4776
- C:\Windows\System\fXZMxms.exe
  C:\Windows\System\fXZMxms.exe
  2⤵
  PID:4820
- C:\Windows\System\PdISfyX.exe
  C:\Windows\System\PdISfyX.exe
  2⤵
  PID:4824
- C:\Windows\System\jceXmdF.exe
  C:\Windows\System\jceXmdF.exe
  2⤵
  PID:4580
- C:\Windows\System\KbNxoAI.exe
  C:\Windows\System\KbNxoAI.exe
  2⤵
  PID:4760
- C:\Windows\System\eRWfxZx.exe
  C:\Windows\System\eRWfxZx.exe
  2⤵
  PID:4840
- C:\Windows\System\YAPvxbm.exe
  C:\Windows\System\YAPvxbm.exe
  2⤵
  PID:4912
- C:\Windows\System\bYjlXnU.exe
  C:\Windows\System\bYjlXnU.exe
  2⤵
  PID:4868
- C:\Windows\System\TDqhCrL.exe
  C:\Windows\System\TDqhCrL.exe
  2⤵
  PID:4900
- C:\Windows\System\aEwTIsA.exe
  C:\Windows\System\aEwTIsA.exe
  2⤵
  PID:5020
- C:\Windows\System\kRLDsIz.exe
  C:\Windows\System\kRLDsIz.exe
  2⤵
  PID:5088
- C:\Windows\System\AMMnNaF.exe
  C:\Windows\System\AMMnNaF.exe
  2⤵
  PID:5096
- C:\Windows\System\GJqkgUF.exe
  C:\Windows\System\GJqkgUF.exe
  2⤵
  PID:5112
- C:\Windows\System\cOuqDYZ.exe
  C:\Windows\System\cOuqDYZ.exe
  2⤵
  PID:5036
- C:\Windows\System\CQnrxsK.exe
  C:\Windows\System\CQnrxsK.exe
  2⤵
  PID:5076
- C:\Windows\System\SxxheOb.exe
  C:\Windows\System\SxxheOb.exe
  2⤵
  PID:3200
- C:\Windows\System\ivBtssc.exe
  C:\Windows\System\ivBtssc.exe
  2⤵
  PID:4152
- C:\Windows\System\rloWIgC.exe
  C:\Windows\System\rloWIgC.exe
  2⤵
  PID:4120
- C:\Windows\System\ebGgpLq.exe
  C:\Windows\System\ebGgpLq.exe
  2⤵
  PID:4276
- C:\Windows\System\okxtNcK.exe
  C:\Windows\System\okxtNcK.exe
  2⤵
  PID:4320
- C:\Windows\System\xfixRDM.exe
  C:\Windows\System\xfixRDM.exe
  2⤵
  PID:4468
- C:\Windows\System\upTVpUQ.exe
  C:\Windows\System\upTVpUQ.exe
  2⤵
  PID:4368
- C:\Windows\System\MyrRIHH.exe
  C:\Windows\System\MyrRIHH.exe
  2⤵
  PID:4256
- C:\Windows\System\vKMatgx.exe
  C:\Windows\System\vKMatgx.exe
  2⤵
  PID:4596
- C:\Windows\System\tFPjZMs.exe
  C:\Windows\System\tFPjZMs.exe
  2⤵
  PID:4712
- C:\Windows\System\AilBnjp.exe
  C:\Windows\System\AilBnjp.exe
  2⤵
  PID:4676
- C:\Windows\System\OWapIsO.exe
  C:\Windows\System\OWapIsO.exe
  2⤵
  PID:4700
- C:\Windows\System\cSDjgZZ.exe
  C:\Windows\System\cSDjgZZ.exe
  2⤵
  PID:4544
- C:\Windows\System\RtZFiQM.exe
  C:\Windows\System\RtZFiQM.exe
  2⤵
  PID:4836
- C:\Windows\System\SBmjAwR.exe
  C:\Windows\System\SBmjAwR.exe
  2⤵
  PID:4864
- C:\Windows\System\WHGqOrC.exe
  C:\Windows\System\WHGqOrC.exe
  2⤵
  PID:5000
- C:\Windows\System\hVccvnh.exe
  C:\Windows\System\hVccvnh.exe
  2⤵
  PID:4732
- C:\Windows\System\OPKrChX.exe
  C:\Windows\System\OPKrChX.exe
  2⤵
  PID:5092
- C:\Windows\System\OFjRmYI.exe
  C:\Windows\System\OFjRmYI.exe
  2⤵
  PID:1164
- C:\Windows\System\XGJkbHM.exe
  C:\Windows\System\XGJkbHM.exe
  2⤵
  PID:4116
- C:\Windows\System\BQmnrvs.exe
  C:\Windows\System\BQmnrvs.exe
  2⤵
  PID:5104
- C:\Windows\System\biwXGAE.exe
  C:\Windows\System\biwXGAE.exe
  2⤵
  PID:4204
- C:\Windows\System\QmIWMel.exe
  C:\Windows\System\QmIWMel.exe
  2⤵
  PID:4424
- C:\Windows\System\kUNyaVA.exe
  C:\Windows\System\kUNyaVA.exe
  2⤵
  PID:4896
- C:\Windows\System\TLwUAxc.exe
  C:\Windows\System\TLwUAxc.exe
  2⤵
  PID:4988
- C:\Windows\System\kNHJWHH.exe
  C:\Windows\System\kNHJWHH.exe
  2⤵
  PID:4668
- C:\Windows\System\GjrhKJT.exe
  C:\Windows\System\GjrhKJT.exe
  2⤵
  PID:4520
- C:\Windows\System\AgPirfB.exe
  C:\Windows\System\AgPirfB.exe
  2⤵
  PID:4920
- C:\Windows\System\sykjJLm.exe
  C:\Windows\System\sykjJLm.exe
  2⤵
  PID:316
- C:\Windows\System\Svugzrf.exe
  C:\Windows\System\Svugzrf.exe
  2⤵
  PID:4616
- C:\Windows\System\YNvgGKI.exe
  C:\Windows\System\YNvgGKI.exe
  2⤵
  PID:4948
- C:\Windows\System\QrmZljL.exe
  C:\Windows\System\QrmZljL.exe
  2⤵
  PID:4984
- C:\Windows\System\BOiflDM.exe
  C:\Windows\System\BOiflDM.exe
  2⤵
  PID:5044
- C:\Windows\System\XHRcdjn.exe
  C:\Windows\System\XHRcdjn.exe
  2⤵
  PID:4408
- C:\Windows\System\naFOLQc.exe
  C:\Windows\System\naFOLQc.exe
  2⤵
  PID:5016
- C:\Windows\System\MTIFxDn.exe
  C:\Windows\System\MTIFxDn.exe
  2⤵
  PID:4780
- C:\Windows\System\CyUtsgb.exe
  C:\Windows\System\CyUtsgb.exe
  2⤵
  PID:4532
- C:\Windows\System\kLroKJi.exe
  C:\Windows\System\kLroKJi.exe
  2⤵
  PID:4804
- C:\Windows\System\kGFspMc.exe
  C:\Windows\System\kGFspMc.exe
  2⤵
  PID:3616
- C:\Windows\System\vgWJmFt.exe
  C:\Windows\System\vgWJmFt.exe
  2⤵
  PID:4352
- C:\Windows\System\eKpmHcl.exe
  C:\Windows\System\eKpmHcl.exe
  2⤵
  PID:4100
- C:\Windows\System\sYpNKbP.exe
  C:\Windows\System\sYpNKbP.exe
  2⤵
  PID:5136
- C:\Windows\System\AwEUvEt.exe
  C:\Windows\System\AwEUvEt.exe
  2⤵
  PID:5152
- C:\Windows\System\zqjcwoJ.exe
  C:\Windows\System\zqjcwoJ.exe
  2⤵
  PID:5168
- C:\Windows\System\YKcyYtK.exe
  C:\Windows\System\YKcyYtK.exe
  2⤵
  PID:5184
- C:\Windows\System\hBnwvtS.exe
  C:\Windows\System\hBnwvtS.exe
  2⤵
  PID:5200
- C:\Windows\System\fssoliN.exe
  C:\Windows\System\fssoliN.exe
  2⤵
  PID:5216
- C:\Windows\System\rlABnWB.exe
  C:\Windows\System\rlABnWB.exe
  2⤵
  PID:5232
- C:\Windows\System\gKGOyYi.exe
  C:\Windows\System\gKGOyYi.exe
  2⤵
  PID:5248
- C:\Windows\System\KxzCIjn.exe
  C:\Windows\System\KxzCIjn.exe
  2⤵
  PID:5264
- C:\Windows\System\aSfgpNr.exe
  C:\Windows\System\aSfgpNr.exe
  2⤵
  PID:5280
- C:\Windows\System\qtoDIXx.exe
  C:\Windows\System\qtoDIXx.exe
  2⤵
  PID:5296
- C:\Windows\System\JpQXVBs.exe
  C:\Windows\System\JpQXVBs.exe
  2⤵
  PID:5312
- C:\Windows\System\BhUFzIr.exe
  C:\Windows\System\BhUFzIr.exe
  2⤵
  PID:5328
- C:\Windows\System\RTGwnSf.exe
  C:\Windows\System\RTGwnSf.exe
  2⤵
  PID:5344
- C:\Windows\System\cJXWjWy.exe
  C:\Windows\System\cJXWjWy.exe
  2⤵
  PID:5360
- C:\Windows\System\HlCTMsA.exe
  C:\Windows\System\HlCTMsA.exe
  2⤵
  PID:5400
- C:\Windows\System\LlvsvPf.exe
  C:\Windows\System\LlvsvPf.exe
  2⤵
  PID:5420
- C:\Windows\System\GoTcOFv.exe
  C:\Windows\System\GoTcOFv.exe
  2⤵
  PID:5444
- C:\Windows\System\VrfIFLI.exe
  C:\Windows\System\VrfIFLI.exe
  2⤵
  PID:5460
- C:\Windows\System\kogPLSl.exe
  C:\Windows\System\kogPLSl.exe
  2⤵
  PID:5476
- C:\Windows\System\QjOOXQx.exe
  C:\Windows\System\QjOOXQx.exe
  2⤵
  PID:5492
- C:\Windows\System\aaCnJXc.exe
  C:\Windows\System\aaCnJXc.exe
  2⤵
  PID:5520
- C:\Windows\System\oPmfmNf.exe
  C:\Windows\System\oPmfmNf.exe
  2⤵
  PID:5536
- C:\Windows\System\BElWvOd.exe
  C:\Windows\System\BElWvOd.exe
  2⤵
  PID:5552
- C:\Windows\System\sZUcpIh.exe
  C:\Windows\System\sZUcpIh.exe
  2⤵
  PID:5568
- C:\Windows\System\ZelLmdj.exe
  C:\Windows\System\ZelLmdj.exe
  2⤵
  PID:5584
- C:\Windows\System\uonJDpg.exe
  C:\Windows\System\uonJDpg.exe
  2⤵
  PID:5600
- C:\Windows\System\tmDafuP.exe
  C:\Windows\System\tmDafuP.exe
  2⤵
  PID:5616
- C:\Windows\System\yOImxpd.exe
  C:\Windows\System\yOImxpd.exe
  2⤵
  PID:5632
- C:\Windows\System\jRNHsXn.exe
  C:\Windows\System\jRNHsXn.exe
  2⤵
  PID:5648
- C:\Windows\System\IYUhVIl.exe
  C:\Windows\System\IYUhVIl.exe
  2⤵
  PID:5664
- C:\Windows\System\LgInxKp.exe
  C:\Windows\System\LgInxKp.exe
  2⤵
  PID:5684
- C:\Windows\System\QtvLlyW.exe
  C:\Windows\System\QtvLlyW.exe
  2⤵
  PID:5700
- C:\Windows\System\ZGPNCYm.exe
  C:\Windows\System\ZGPNCYm.exe
  2⤵
  PID:5716
- C:\Windows\System\zAyBfIK.exe
  C:\Windows\System\zAyBfIK.exe
  2⤵
  PID:5732
- C:\Windows\System\ohggJFM.exe
  C:\Windows\System\ohggJFM.exe
  2⤵
  PID:5748
- C:\Windows\System\udYxPzm.exe
  C:\Windows\System\udYxPzm.exe
  2⤵
  PID:5764
- C:\Windows\System\NqbsCUA.exe
  C:\Windows\System\NqbsCUA.exe
  2⤵
  PID:5780
- C:\Windows\System\CWPeBJA.exe
  C:\Windows\System\CWPeBJA.exe
  2⤵
  PID:5800
- C:\Windows\System\mpDTcpg.exe
  C:\Windows\System\mpDTcpg.exe
  2⤵
  PID:5816
- C:\Windows\System\QwSgLMk.exe
  C:\Windows\System\QwSgLMk.exe
  2⤵
  PID:5832
- C:\Windows\System\yxrtIhV.exe
  C:\Windows\System\yxrtIhV.exe
  2⤵
  PID:5848
- C:\Windows\System\aKeXKwU.exe
  C:\Windows\System\aKeXKwU.exe
  2⤵
  PID:5864
- C:\Windows\System\bStvthJ.exe
  C:\Windows\System\bStvthJ.exe
  2⤵
  PID:5884
- C:\Windows\System\XhGbIqz.exe
  C:\Windows\System\XhGbIqz.exe
  2⤵
  PID:5908
- C:\Windows\System\VyKvFlb.exe
  C:\Windows\System\VyKvFlb.exe
  2⤵
  PID:5928
- C:\Windows\System\tdvEXpK.exe
  C:\Windows\System\tdvEXpK.exe
  2⤵
  PID:5944
- C:\Windows\System\qTYMSnT.exe
  C:\Windows\System\qTYMSnT.exe
  2⤵
  PID:5960
- C:\Windows\System\VldraAd.exe
  C:\Windows\System\VldraAd.exe
  2⤵
  PID:5976
- C:\Windows\System\Zzuzoim.exe
  C:\Windows\System\Zzuzoim.exe
  2⤵
  PID:5992
- C:\Windows\System\XQFbjhG.exe
  C:\Windows\System\XQFbjhG.exe
  2⤵
  PID:6008
- C:\Windows\System\XpgnPvb.exe
  C:\Windows\System\XpgnPvb.exe
  2⤵
  PID:6024
- C:\Windows\System\AQXwnEY.exe
  C:\Windows\System\AQXwnEY.exe
  2⤵
  PID:6040
- C:\Windows\System\qRMXNqc.exe
  C:\Windows\System\qRMXNqc.exe
  2⤵
  PID:6060
- C:\Windows\System\hlFzCwY.exe
  C:\Windows\System\hlFzCwY.exe
  2⤵
  PID:6080
- C:\Windows\System\CntNRqB.exe
  C:\Windows\System\CntNRqB.exe
  2⤵
  PID:6136
- C:\Windows\System\NloZDPO.exe
  C:\Windows\System\NloZDPO.exe
  2⤵
  PID:4652
- C:\Windows\System\iLJXPzP.exe
  C:\Windows\System\iLJXPzP.exe
  2⤵
  PID:2504
- C:\Windows\System\UEOorOb.exe
  C:\Windows\System\UEOorOb.exe
  2⤵
  PID:4880
- C:\Windows\System\VZrpYkT.exe
  C:\Windows\System\VZrpYkT.exe
  2⤵
  PID:4488
- C:\Windows\System\HYPShay.exe
  C:\Windows\System\HYPShay.exe
  2⤵
  PID:4228
- C:\Windows\System\TQVmqqa.exe
  C:\Windows\System\TQVmqqa.exe
  2⤵
  PID:5180
- C:\Windows\System\gActQUB.exe
  C:\Windows\System\gActQUB.exe
  2⤵
  PID:5244
- C:\Windows\System\bvRasbv.exe
  C:\Windows\System\bvRasbv.exe
  2⤵
  PID:5308
- C:\Windows\System\wEngYTo.exe
  C:\Windows\System\wEngYTo.exe
  2⤵
  PID:5340
- C:\Windows\System\ZgRJONu.exe
  C:\Windows\System\ZgRJONu.exe
  2⤵
  PID:5324
- C:\Windows\System\WKeQfLp.exe
  C:\Windows\System\WKeQfLp.exe
  2⤵
  PID:5260
- C:\Windows\System\nnQslEi.exe
  C:\Windows\System\nnQslEi.exe
  2⤵
  PID:5356
- C:\Windows\System\KdexhhN.exe
  C:\Windows\System\KdexhhN.exe
  2⤵
  PID:5380
- C:\Windows\System\KEPjwzB.exe
  C:\Windows\System\KEPjwzB.exe
  2⤵
  PID:5396
- C:\Windows\System\nTBCmYn.exe
  C:\Windows\System\nTBCmYn.exe
  2⤵
  PID:5408
- C:\Windows\System\rEjxfRb.exe
  C:\Windows\System\rEjxfRb.exe
  2⤵
  PID:5452
- C:\Windows\System\QBPcxiV.exe
  C:\Windows\System\QBPcxiV.exe
  2⤵
  PID:5484
- C:\Windows\System\WbcnlgC.exe
  C:\Windows\System\WbcnlgC.exe
  2⤵
  PID:3592
- C:\Windows\System\VJmMMtz.exe
  C:\Windows\System\VJmMMtz.exe
  2⤵
  PID:5528
- C:\Windows\System\tfVSRVw.exe
  C:\Windows\System\tfVSRVw.exe
  2⤵
  PID:5576
- C:\Windows\System\nKpSlay.exe
  C:\Windows\System\nKpSlay.exe
  2⤵
  PID:5644
- C:\Windows\System\kIatjwB.exe
  C:\Windows\System\kIatjwB.exe
  2⤵
  PID:5560
- C:\Windows\System\rorUdgO.exe
  C:\Windows\System\rorUdgO.exe
  2⤵
  PID:5624
- C:\Windows\System\SVOhuTs.exe
  C:\Windows\System\SVOhuTs.exe
  2⤵
  PID:5676
- C:\Windows\System\VhviRSg.exe
  C:\Windows\System\VhviRSg.exe
  2⤵
  PID:5728
- C:\Windows\System\PSNjoBb.exe
  C:\Windows\System\PSNjoBb.exe
  2⤵
  PID:5796
- C:\Windows\System\aeFuoRE.exe
  C:\Windows\System\aeFuoRE.exe
  2⤵
  PID:5772
- C:\Windows\System\ROrRtmW.exe
  C:\Windows\System\ROrRtmW.exe
  2⤵
  PID:5824
- C:\Windows\System\FLDsEig.exe
  C:\Windows\System\FLDsEig.exe
  2⤵
  PID:5840
- C:\Windows\System\daAsSQm.exe
  C:\Windows\System\daAsSQm.exe
  2⤵
  PID:5952
- C:\Windows\System\NnkGkFI.exe
  C:\Windows\System\NnkGkFI.exe
  2⤵
  PID:5956
- C:\Windows\System\nCnAyXl.exe
  C:\Windows\System\nCnAyXl.exe
  2⤵
  PID:6020
- C:\Windows\System\dKberpI.exe
  C:\Windows\System\dKberpI.exe
  2⤵
  PID:5936
- C:\Windows\System\RtWecSt.exe
  C:\Windows\System\RtWecSt.exe
  2⤵
  PID:6048
- C:\Windows\System\DUCWGYF.exe
  C:\Windows\System\DUCWGYF.exe
  2⤵
  PID:6032
- C:\Windows\System\NykWMwu.exe
  C:\Windows\System\NykWMwu.exe
  2⤵
  PID:6068
- C:\Windows\System\iFqMvSs.exe
  C:\Windows\System\iFqMvSs.exe
  2⤵
  PID:6096
- C:\Windows\System\QkTGcQN.exe
  C:\Windows\System\QkTGcQN.exe
  2⤵
  PID:6108
- C:\Windows\System\eIYcZsP.exe
  C:\Windows\System\eIYcZsP.exe
  2⤵
  PID:6124
- C:\Windows\System\kxFdHrl.exe
  C:\Windows\System\kxFdHrl.exe
  2⤵
  PID:1940
- C:\Windows\System\BCTqZTx.exe
  C:\Windows\System\BCTqZTx.exe
  2⤵
  PID:5132
- C:\Windows\System\dNpgVBf.exe
  C:\Windows\System\dNpgVBf.exe
  2⤵
  PID:4648
- C:\Windows\System\leIesZS.exe
  C:\Windows\System\leIesZS.exe
  2⤵
  PID:5240
- C:\Windows\System\eNHbyfs.exe
  C:\Windows\System\eNHbyfs.exe
  2⤵
  PID:5176
- C:\Windows\System\KltpNYO.exe
  C:\Windows\System\KltpNYO.exe
  2⤵
  PID:5276
- C:\Windows\System\AHbpWml.exe
  C:\Windows\System\AHbpWml.exe
  2⤵
  PID:5388
- C:\Windows\System\RjkJfqb.exe
  C:\Windows\System\RjkJfqb.exe
  2⤵
  PID:5192
- C:\Windows\System\bmPFwUV.exe
  C:\Windows\System\bmPFwUV.exe
  2⤵
  PID:5376
- C:\Windows\System\lWyLAMe.exe
  C:\Windows\System\lWyLAMe.exe
  2⤵
  PID:5472
- C:\Windows\System\jPqTNGH.exe
  C:\Windows\System\jPqTNGH.exe
  2⤵
  PID:5640
- C:\Windows\System\StcOrzz.exe
  C:\Windows\System\StcOrzz.exe
  2⤵
  PID:5592
- C:\Windows\System\lFIdeXY.exe
  C:\Windows\System\lFIdeXY.exe
  2⤵
  PID:5692
- C:\Windows\System\EcNsRLd.exe
  C:\Windows\System\EcNsRLd.exe
  2⤵
  PID:5596
- C:\Windows\System\mJJdkGg.exe
  C:\Windows\System\mJJdkGg.exe
  2⤵
  PID:5724
- C:\Windows\System\BNNxvWd.exe
  C:\Windows\System\BNNxvWd.exe
  2⤵
  PID:5828
- C:\Windows\System\iPdMZXo.exe
  C:\Windows\System\iPdMZXo.exe
  2⤵
  PID:6016
- C:\Windows\System\UVXUymY.exe
  C:\Windows\System\UVXUymY.exe
  2⤵
  PID:5812
- C:\Windows\System\NrMkSKH.exe
  C:\Windows\System\NrMkSKH.exe
  2⤵
  PID:5904
- C:\Windows\System\mYNZhdi.exe
  C:\Windows\System\mYNZhdi.exe
  2⤵
  PID:6076
- C:\Windows\System\TpmbBLU.exe
  C:\Windows\System\TpmbBLU.exe
  2⤵
  PID:5548
- C:\Windows\System\hRxQJOI.exe
  C:\Windows\System\hRxQJOI.exe
  2⤵
  PID:6004
- C:\Windows\System\VEqXTYc.exe
  C:\Windows\System\VEqXTYc.exe
  2⤵
  PID:6036
- C:\Windows\System\MUOHEYH.exe
  C:\Windows\System\MUOHEYH.exe
  2⤵
  PID:5128
- C:\Windows\System\WzxDPmJ.exe
  C:\Windows\System\WzxDPmJ.exe
  2⤵
  PID:4208
- C:\Windows\System\UMacNop.exe
  C:\Windows\System\UMacNop.exe
  2⤵
  PID:5436
- C:\Windows\System\nXLuDmM.exe
  C:\Windows\System\nXLuDmM.exe
  2⤵
  PID:5288
- C:\Windows\System\VouUMWx.exe
  C:\Windows\System\VouUMWx.exe
  2⤵
  PID:5612
- C:\Windows\System\lKeIrYU.exe
  C:\Windows\System\lKeIrYU.exe
  2⤵
  PID:5860
- C:\Windows\System\JNUwuth.exe
  C:\Windows\System\JNUwuth.exe
  2⤵
  PID:4404
- C:\Windows\System\uduBmKA.exe
  C:\Windows\System\uduBmKA.exe
  2⤵
  PID:620
- C:\Windows\System\LceeTez.exe
  C:\Windows\System\LceeTez.exe
  2⤵
  PID:5416
- C:\Windows\System\LgXGfYs.exe
  C:\Windows\System\LgXGfYs.exe
  2⤵
  PID:5488
- C:\Windows\System\XCUeCGt.exe
  C:\Windows\System\XCUeCGt.exe
  2⤵
  PID:4576
- C:\Windows\System\ApKipaA.exe
  C:\Windows\System\ApKipaA.exe
  2⤵
  PID:5792
- C:\Windows\System\KqiZbTo.exe
  C:\Windows\System\KqiZbTo.exe
  2⤵
  PID:6100
- C:\Windows\System\QOsxXrT.exe
  C:\Windows\System\QOsxXrT.exe
  2⤵
  PID:6152
- C:\Windows\System\zhXUZnD.exe
  C:\Windows\System\zhXUZnD.exe
  2⤵
  PID:6168
- C:\Windows\System\qZaPyyZ.exe
  C:\Windows\System\qZaPyyZ.exe
  2⤵
  PID:6188
- C:\Windows\System\VbtOddT.exe
  C:\Windows\System\VbtOddT.exe
  2⤵
  PID:6204
- C:\Windows\System\BulQqDM.exe
  C:\Windows\System\BulQqDM.exe
  2⤵
  PID:6220
- C:\Windows\System\YTyJqdc.exe
  C:\Windows\System\YTyJqdc.exe
  2⤵
  PID:6236
- C:\Windows\System\pGQxBPb.exe
  C:\Windows\System\pGQxBPb.exe
  2⤵
  PID:6252
- C:\Windows\System\RjgKyMn.exe
  C:\Windows\System\RjgKyMn.exe
  2⤵
  PID:6268
- C:\Windows\System\bjWcwhx.exe
  C:\Windows\System\bjWcwhx.exe
  2⤵
  PID:6284
- C:\Windows\System\KvSXwxU.exe
  C:\Windows\System\KvSXwxU.exe
  2⤵
  PID:6300
- C:\Windows\System\DBzviMV.exe
  C:\Windows\System\DBzviMV.exe
  2⤵
  PID:6316
- C:\Windows\System\fEygAaA.exe
  C:\Windows\System\fEygAaA.exe
  2⤵
  PID:6332
- C:\Windows\System\qNkHXrr.exe
  C:\Windows\System\qNkHXrr.exe
  2⤵
  PID:6348
- C:\Windows\System\NOqWAie.exe
  C:\Windows\System\NOqWAie.exe
  2⤵
  PID:6364
- C:\Windows\System\bmHxDpN.exe
  C:\Windows\System\bmHxDpN.exe
  2⤵
  PID:6380
- C:\Windows\System\cfzcxHA.exe
  C:\Windows\System\cfzcxHA.exe
  2⤵
  PID:6396
- C:\Windows\System\FGRdzxt.exe
  C:\Windows\System\FGRdzxt.exe
  2⤵
  PID:6412
- C:\Windows\System\TAdSPVG.exe
  C:\Windows\System\TAdSPVG.exe
  2⤵
  PID:6432
- C:\Windows\System\jhrKRGr.exe
  C:\Windows\System\jhrKRGr.exe
  2⤵
  PID:6448
- C:\Windows\System\TyBweVf.exe
  C:\Windows\System\TyBweVf.exe
  2⤵
  PID:6464
- C:\Windows\System\KIVibyB.exe
  C:\Windows\System\KIVibyB.exe
  2⤵
  PID:6480
- C:\Windows\System\LMlvRsw.exe
  C:\Windows\System\LMlvRsw.exe
  2⤵
  PID:6496
- C:\Windows\System\bpXcKLI.exe
  C:\Windows\System\bpXcKLI.exe
  2⤵
  PID:6512
- C:\Windows\System\zEuUsVd.exe
  C:\Windows\System\zEuUsVd.exe
  2⤵
  PID:6528
- C:\Windows\System\SkgseSp.exe
  C:\Windows\System\SkgseSp.exe
  2⤵
  PID:6544
- C:\Windows\System\LsKHrTb.exe
  C:\Windows\System\LsKHrTb.exe
  2⤵
  PID:6560
- C:\Windows\System\dXPVPOX.exe
  C:\Windows\System\dXPVPOX.exe
  2⤵
  PID:6576
- C:\Windows\System\GNqlKgH.exe
  C:\Windows\System\GNqlKgH.exe
  2⤵
  PID:6592
- C:\Windows\System\sZkwIRs.exe
  C:\Windows\System\sZkwIRs.exe
  2⤵
  PID:6608
- C:\Windows\System\lZSvxIZ.exe
  C:\Windows\System\lZSvxIZ.exe
  2⤵
  PID:6624
- C:\Windows\System\stJCNyd.exe
  C:\Windows\System\stJCNyd.exe
  2⤵
  PID:6640
- C:\Windows\System\mgTnoQM.exe
  C:\Windows\System\mgTnoQM.exe
  2⤵
  PID:6656
- C:\Windows\System\rXaiEaW.exe
  C:\Windows\System\rXaiEaW.exe
  2⤵
  PID:6672
- C:\Windows\System\HQGyeri.exe
  C:\Windows\System\HQGyeri.exe
  2⤵
  PID:6688
- C:\Windows\System\kTHDUSS.exe
  C:\Windows\System\kTHDUSS.exe
  2⤵
  PID:6704
- C:\Windows\System\KakHCbT.exe
  C:\Windows\System\KakHCbT.exe
  2⤵
  PID:6720
- C:\Windows\System\XZHJZOx.exe
  C:\Windows\System\XZHJZOx.exe
  2⤵
  PID:6736
- C:\Windows\System\svQOsih.exe
  C:\Windows\System\svQOsih.exe
  2⤵
  PID:6752
- C:\Windows\System\frgsUOn.exe
  C:\Windows\System\frgsUOn.exe
  2⤵
  PID:6768
- C:\Windows\System\lUTiSwM.exe
  C:\Windows\System\lUTiSwM.exe
  2⤵
  PID:6784
- C:\Windows\System\guqusEM.exe
  C:\Windows\System\guqusEM.exe
  2⤵
  PID:6800
- C:\Windows\System\RWxyjFO.exe
  C:\Windows\System\RWxyjFO.exe
  2⤵
  PID:6816
- C:\Windows\System\cMJotpk.exe
  C:\Windows\System\cMJotpk.exe
  2⤵
  PID:6832
- C:\Windows\System\mSJBstR.exe
  C:\Windows\System\mSJBstR.exe
  2⤵
  PID:6848
- C:\Windows\System\qyTlTEl.exe
  C:\Windows\System\qyTlTEl.exe
  2⤵
  PID:6864
- C:\Windows\System\BcvoSjN.exe
  C:\Windows\System\BcvoSjN.exe
  2⤵
  PID:6880
- C:\Windows\System\gOhbhNx.exe
  C:\Windows\System\gOhbhNx.exe
  2⤵
  PID:6896
- C:\Windows\System\ajmfxLF.exe
  C:\Windows\System\ajmfxLF.exe
  2⤵
  PID:6912
- C:\Windows\System\KoDlICz.exe
  C:\Windows\System\KoDlICz.exe
  2⤵
  PID:6928
- C:\Windows\System\DVcdCqc.exe
  C:\Windows\System\DVcdCqc.exe
  2⤵
  PID:6944
- C:\Windows\System\PDKbTnX.exe
  C:\Windows\System\PDKbTnX.exe
  2⤵
  PID:6960
- C:\Windows\System\epnCKMm.exe
  C:\Windows\System\epnCKMm.exe
  2⤵
  PID:6976
- C:\Windows\System\PKfGDIM.exe
  C:\Windows\System\PKfGDIM.exe
  2⤵
  PID:6992
- C:\Windows\System\mlvGHDS.exe
  C:\Windows\System\mlvGHDS.exe
  2⤵
  PID:7008
- C:\Windows\System\ykhjzQh.exe
  C:\Windows\System\ykhjzQh.exe
  2⤵
  PID:7024
- C:\Windows\System\hzeYCQH.exe
  C:\Windows\System\hzeYCQH.exe
  2⤵
  PID:7040
- C:\Windows\System\oITafHK.exe
  C:\Windows\System\oITafHK.exe
  2⤵
  PID:7056
- C:\Windows\System\gtvrFNP.exe
  C:\Windows\System\gtvrFNP.exe
  2⤵
  PID:7072
- C:\Windows\System\tGpRnPd.exe
  C:\Windows\System\tGpRnPd.exe
  2⤵
  PID:7088
- C:\Windows\System\IzGjCvR.exe
  C:\Windows\System\IzGjCvR.exe
  2⤵
  PID:7104
- C:\Windows\System\ExPngnA.exe
  C:\Windows\System\ExPngnA.exe
  2⤵
  PID:7120
- C:\Windows\System\bacGgFM.exe
  C:\Windows\System\bacGgFM.exe
  2⤵
  PID:7136
- C:\Windows\System\BEKtIWL.exe
  C:\Windows\System\BEKtIWL.exe
  2⤵
  PID:6120
- C:\Windows\System\xRPjmlK.exe
  C:\Windows\System\xRPjmlK.exe
  2⤵
  PID:5224
- C:\Windows\System\DzedgBl.exe
  C:\Windows\System\DzedgBl.exe
  2⤵
  PID:6160
- C:\Windows\System\TMObLGE.exe
  C:\Windows\System\TMObLGE.exe
  2⤵
  PID:5924
- C:\Windows\System\VJDzhTz.exe
  C:\Windows\System\VJDzhTz.exe
  2⤵
  PID:6216
- C:\Windows\System\FYdpsWo.exe
  C:\Windows\System\FYdpsWo.exe
  2⤵
  PID:6232
- C:\Windows\System\EIhMeUc.exe
  C:\Windows\System\EIhMeUc.exe
  2⤵
  PID:6308
- C:\Windows\System\Kyktjgr.exe
  C:\Windows\System\Kyktjgr.exe
  2⤵
  PID:6344
- C:\Windows\System\SywldlB.exe
  C:\Windows\System\SywldlB.exe
  2⤵
  PID:6312
- C:\Windows\System\QGkEKWb.exe
  C:\Windows\System\QGkEKWb.exe
  2⤵
  PID:6296
- C:\Windows\System\rpVogQc.exe
  C:\Windows\System\rpVogQc.exe
  2⤵
  PID:6420
- C:\Windows\System\dTtlamR.exe
  C:\Windows\System\dTtlamR.exe
  2⤵
  PID:6440
- C:\Windows\System\jKKKmmF.exe
  C:\Windows\System\jKKKmmF.exe
  2⤵
  PID:6456
- C:\Windows\System\mixnnUu.exe
  C:\Windows\System\mixnnUu.exe
  2⤵
  PID:6504
- C:\Windows\System\VkaDKmB.exe
  C:\Windows\System\VkaDKmB.exe
  2⤵
  PID:6604
- C:\Windows\System\vNMZGoF.exe
  C:\Windows\System\vNMZGoF.exe
  2⤵
  PID:6520
- C:\Windows\System\hjTWdMv.exe
  C:\Windows\System\hjTWdMv.exe
  2⤵
  PID:6588
- C:\Windows\System\lFvrYrv.exe
  C:\Windows\System\lFvrYrv.exe
  2⤵
  PID:6652
- C:\Windows\System\bnCRqsw.exe
  C:\Windows\System\bnCRqsw.exe
  2⤵
  PID:6664
- C:\Windows\System\dEAutKr.exe
  C:\Windows\System\dEAutKr.exe
  2⤵
  PID:6728
- C:\Windows\System\uYjdiCb.exe
  C:\Windows\System\uYjdiCb.exe
  2⤵
  PID:6792
- C:\Windows\System\AFxZYtz.exe
  C:\Windows\System\AFxZYtz.exe
  2⤵
  PID:6712
- C:\Windows\System\pmtFSHb.exe
  C:\Windows\System\pmtFSHb.exe
  2⤵
  PID:6812
- C:\Windows\System\cjBCLEl.exe
  C:\Windows\System\cjBCLEl.exe
  2⤵
  PID:6716
- C:\Windows\System\vnOdAjU.exe
  C:\Windows\System\vnOdAjU.exe
  2⤵
  PID:6776
- C:\Windows\System\cPrfDYk.exe
  C:\Windows\System\cPrfDYk.exe
  2⤵
  PID:6908
- C:\Windows\System\enXxDDG.exe
  C:\Windows\System\enXxDDG.exe
  2⤵
  PID:6956
- C:\Windows\System\VCvyxCh.exe
  C:\Windows\System\VCvyxCh.exe
  2⤵
  PID:7016
- C:\Windows\System\blwVkef.exe
  C:\Windows\System\blwVkef.exe
  2⤵
  PID:7084
- C:\Windows\System\kEwASUo.exe
  C:\Windows\System\kEwASUo.exe
  2⤵
  PID:7032
- C:\Windows\System\ZCgEysd.exe
  C:\Windows\System\ZCgEysd.exe
  2⤵
  PID:7096
- C:\Windows\System\iaITitL.exe
  C:\Windows\System\iaITitL.exe
  2⤵
  PID:6968
- C:\Windows\System\gjUasex.exe
  C:\Windows\System\gjUasex.exe
  2⤵
  PID:7128
- C:\Windows\System\jdfpJxt.exe
  C:\Windows\System\jdfpJxt.exe
  2⤵
  PID:7164
- C:\Windows\System\pywDZYA.exe
  C:\Windows\System\pywDZYA.exe
  2⤵
  PID:5196
- C:\Windows\System\IzFLCLV.exe
  C:\Windows\System\IzFLCLV.exe
  2⤵
  PID:6176
- C:\Windows\System\LOASwMO.exe
  C:\Windows\System\LOASwMO.exe
  2⤵
  PID:6212
- C:\Windows\System\ZSTvtwR.exe
  C:\Windows\System\ZSTvtwR.exe
  2⤵
  PID:6404
- C:\Windows\System\IBaRNVd.exe
  C:\Windows\System\IBaRNVd.exe
  2⤵
  PID:6360
- C:\Windows\System\xNaWKxK.exe
  C:\Windows\System\xNaWKxK.exe
  2⤵
  PID:6476
- C:\Windows\System\FkdDCiL.exe
  C:\Windows\System\FkdDCiL.exe
  2⤵
  PID:6356
- C:\Windows\System\dmbHjGi.exe
  C:\Windows\System\dmbHjGi.exe
  2⤵
  PID:6492
- C:\Windows\System\VMLKGdt.exe
  C:\Windows\System\VMLKGdt.exe
  2⤵
  PID:6584
- C:\Windows\System\eZScYpH.exe
  C:\Windows\System\eZScYpH.exe
  2⤵
  PID:6764
- C:\Windows\System\pmKfMib.exe
  C:\Windows\System\pmKfMib.exe
  2⤵
  PID:6860
- C:\Windows\System\SAFnMRL.exe
  C:\Windows\System\SAFnMRL.exe
  2⤵
  PID:6620
- C:\Windows\System\duSLvLA.exe
  C:\Windows\System\duSLvLA.exe
  2⤵
  PID:6952
- C:\Windows\System\gbnieLv.exe
  C:\Windows\System\gbnieLv.exe
  2⤵
  PID:6872
- C:\Windows\System\xiltHdP.exe
  C:\Windows\System\xiltHdP.exe
  2⤵
  PID:6988
- C:\Windows\System\tDMCreI.exe
  C:\Windows\System\tDMCreI.exe
  2⤵
  PID:7068
- C:\Windows\System\jAAlaJn.exe
  C:\Windows\System\jAAlaJn.exe
  2⤵
  PID:5972
- C:\Windows\System\xxEndIr.exe
  C:\Windows\System\xxEndIr.exe
  2⤵
  PID:7160
- C:\Windows\System\eeOgFMg.exe
  C:\Windows\System\eeOgFMg.exe
  2⤵
  PID:6260
- C:\Windows\System\lrrEwcj.exe
  C:\Windows\System\lrrEwcj.exe
  2⤵
  PID:6280
- C:\Windows\System\QWNBFbS.exe
  C:\Windows\System\QWNBFbS.exe
  2⤵
  PID:6200
- C:\Windows\System\pfrTFmz.exe
  C:\Windows\System\pfrTFmz.exe
  2⤵
  PID:6636
- C:\Windows\System\XKmzvug.exe
  C:\Windows\System\XKmzvug.exe
  2⤵
  PID:6648
- C:\Windows\System\KTAFDYw.exe
  C:\Windows\System\KTAFDYw.exe
  2⤵
  PID:6844
- C:\Windows\System\dsAGnKp.exe
  C:\Windows\System\dsAGnKp.exe
  2⤵
  PID:6700
- C:\Windows\System\MlmjWPQ.exe
  C:\Windows\System\MlmjWPQ.exe
  2⤵
  PID:7064
- C:\Windows\System\BaUhPiN.exe
  C:\Windows\System\BaUhPiN.exe
  2⤵
  PID:6148
- C:\Windows\System\HbqNctV.exe
  C:\Windows\System\HbqNctV.exe
  2⤵
  PID:7176
- C:\Windows\System\JxXBcgw.exe
  C:\Windows\System\JxXBcgw.exe
  2⤵
  PID:7192
- C:\Windows\System\OHsJWoo.exe
  C:\Windows\System\OHsJWoo.exe
  2⤵
  PID:7208
- C:\Windows\System\MNJGgSH.exe
  C:\Windows\System\MNJGgSH.exe
  2⤵
  PID:7228
- C:\Windows\System\pwRtelf.exe
  C:\Windows\System\pwRtelf.exe
  2⤵
  PID:7244
- C:\Windows\System\kRzzeGg.exe
  C:\Windows\System\kRzzeGg.exe
  2⤵
  PID:7260
- C:\Windows\System\wfpjPAk.exe
  C:\Windows\System\wfpjPAk.exe
  2⤵
  PID:7276
- C:\Windows\System\ZwtIylh.exe
  C:\Windows\System\ZwtIylh.exe
  2⤵
  PID:7292
- C:\Windows\System\bTUPPym.exe
  C:\Windows\System\bTUPPym.exe
  2⤵
  PID:7308
- C:\Windows\System\Mtmxpdz.exe
  C:\Windows\System\Mtmxpdz.exe
  2⤵
  PID:7324
- C:\Windows\System\yjRnsKE.exe
  C:\Windows\System\yjRnsKE.exe
  2⤵
  PID:7340
- C:\Windows\System\wwOMlDY.exe
  C:\Windows\System\wwOMlDY.exe
  2⤵
  PID:7356
- C:\Windows\System\sAFPwtR.exe
  C:\Windows\System\sAFPwtR.exe
  2⤵
  PID:7372
- C:\Windows\System\eUYLEPj.exe
  C:\Windows\System\eUYLEPj.exe
  2⤵
  PID:7388
- C:\Windows\System\FrADBhN.exe
  C:\Windows\System\FrADBhN.exe
  2⤵
  PID:7404
- C:\Windows\System\qSyBQhg.exe
  C:\Windows\System\qSyBQhg.exe
  2⤵
  PID:7420
- C:\Windows\System\KdqdtNO.exe
  C:\Windows\System\KdqdtNO.exe
  2⤵
  PID:7436
- C:\Windows\System\RDSebZu.exe
  C:\Windows\System\RDSebZu.exe
  2⤵
  PID:7456
- C:\Windows\System\PuNDIvG.exe
  C:\Windows\System\PuNDIvG.exe
  2⤵
  PID:7476
- C:\Windows\System\cqPNXji.exe
  C:\Windows\System\cqPNXji.exe
  2⤵
  PID:7492
- C:\Windows\System\fljiFdU.exe
  C:\Windows\System\fljiFdU.exe
  2⤵
  PID:7508
- C:\Windows\System\GmODgjg.exe
  C:\Windows\System\GmODgjg.exe
  2⤵
  PID:7524
- C:\Windows\System\XIdKZAr.exe
  C:\Windows\System\XIdKZAr.exe
  2⤵
  PID:7540
- C:\Windows\System\YmcsksT.exe
  C:\Windows\System\YmcsksT.exe
  2⤵
  PID:7556
- C:\Windows\System\XTtMGVl.exe
  C:\Windows\System\XTtMGVl.exe
  2⤵
  PID:7572
- C:\Windows\System\sPmdglx.exe
  C:\Windows\System\sPmdglx.exe
  2⤵
  PID:7588
- C:\Windows\System\HYNwRzf.exe
  C:\Windows\System\HYNwRzf.exe
  2⤵
  PID:7608
- C:\Windows\System\OOMBjPN.exe
  C:\Windows\System\OOMBjPN.exe
  2⤵
  PID:7632
- C:\Windows\System\RKBaxUj.exe
  C:\Windows\System\RKBaxUj.exe
  2⤵
  PID:7652
- C:\Windows\System\MUisxMU.exe
  C:\Windows\System\MUisxMU.exe
  2⤵
  PID:7668
- C:\Windows\System\OYVNxfZ.exe
  C:\Windows\System\OYVNxfZ.exe
  2⤵
  PID:7696
- C:\Windows\System\sDWRLcH.exe
  C:\Windows\System\sDWRLcH.exe
  2⤵
  PID:7712
- C:\Windows\System\QheKXPe.exe
  C:\Windows\System\QheKXPe.exe
  2⤵
  PID:7740
- C:\Windows\System\ixAweJm.exe
  C:\Windows\System\ixAweJm.exe
  2⤵
  PID:7772
- C:\Windows\System\KgFRiVx.exe
  C:\Windows\System\KgFRiVx.exe
  2⤵
  PID:7812
- C:\Windows\System\OaTREia.exe
  C:\Windows\System\OaTREia.exe
  2⤵
  PID:7836
- C:\Windows\System\dysYpXa.exe
  C:\Windows\System\dysYpXa.exe
  2⤵
  PID:7852
- C:\Windows\System\dQNeXVc.exe
  C:\Windows\System\dQNeXVc.exe
  2⤵
  PID:7868
- C:\Windows\System\BWtubVv.exe
  C:\Windows\System\BWtubVv.exe
  2⤵
  PID:7884
- C:\Windows\System\HOSVbfG.exe
  C:\Windows\System\HOSVbfG.exe
  2⤵
  PID:7900
- C:\Windows\System\HoGGwkz.exe
  C:\Windows\System\HoGGwkz.exe
  2⤵
  PID:7916
- C:\Windows\System\qExevFP.exe
  C:\Windows\System\qExevFP.exe
  2⤵
  PID:7932
- C:\Windows\System\JceCvHr.exe
  C:\Windows\System\JceCvHr.exe
  2⤵
  PID:7948
- C:\Windows\System\hXduAaV.exe
  C:\Windows\System\hXduAaV.exe
  2⤵
  PID:7964
- C:\Windows\System\ZotFeWy.exe
  C:\Windows\System\ZotFeWy.exe
  2⤵
  PID:7980
- C:\Windows\System\BNHcnef.exe
  C:\Windows\System\BNHcnef.exe
  2⤵
  PID:7996
- C:\Windows\System\kOIrSCT.exe
  C:\Windows\System\kOIrSCT.exe
  2⤵
  PID:8012
- C:\Windows\System\ioMOWcu.exe
  C:\Windows\System\ioMOWcu.exe
  2⤵
  PID:8028
- C:\Windows\System\QFwMBgF.exe
  C:\Windows\System\QFwMBgF.exe
  2⤵
  PID:8044
- C:\Windows\System\doSptMX.exe
  C:\Windows\System\doSptMX.exe
  2⤵
  PID:8060
- C:\Windows\System\RBSbrne.exe
  C:\Windows\System\RBSbrne.exe
  2⤵
  PID:8076
- C:\Windows\System\AsdaaLT.exe
  C:\Windows\System\AsdaaLT.exe
  2⤵
  PID:8092
- C:\Windows\System\JZgajep.exe
  C:\Windows\System\JZgajep.exe
  2⤵
  PID:8108
- C:\Windows\System\KtwdlHA.exe
  C:\Windows\System\KtwdlHA.exe
  2⤵
  PID:8124
- C:\Windows\System\HUhhNLQ.exe
  C:\Windows\System\HUhhNLQ.exe
  2⤵
  PID:8140
- C:\Windows\System\pskRFLR.exe
  C:\Windows\System\pskRFLR.exe
  2⤵
  PID:8156
- C:\Windows\System\rbapSnt.exe
  C:\Windows\System\rbapSnt.exe
  2⤵
  PID:8172
- C:\Windows\System\mhIZuow.exe
  C:\Windows\System\mhIZuow.exe
  2⤵
  PID:8188
- C:\Windows\System\DPvSDhi.exe
  C:\Windows\System\DPvSDhi.exe
  2⤵
  PID:6488
- C:\Windows\System\vKZeDwc.exe
  C:\Windows\System\vKZeDwc.exe
  2⤵
  PID:7052
- C:\Windows\System\XaymJlM.exe
  C:\Windows\System\XaymJlM.exe
  2⤵
  PID:6292
- C:\Windows\System\cywJDZh.exe
  C:\Windows\System\cywJDZh.exe
  2⤵
  PID:6696
- C:\Windows\System\LZWvqrp.exe
  C:\Windows\System\LZWvqrp.exe
  2⤵
  PID:7220
- C:\Windows\System\saBGRDM.exe
  C:\Windows\System\saBGRDM.exe
  2⤵
  PID:7200
- C:\Windows\System\ggEznWZ.exe
  C:\Windows\System\ggEznWZ.exe
  2⤵
  PID:7256
- C:\Windows\System\xsMbNCS.exe
  C:\Windows\System\xsMbNCS.exe
  2⤵
  PID:7272
- C:\Windows\System\fyefNWC.exe
  C:\Windows\System\fyefNWC.exe
  2⤵
  PID:7352
- C:\Windows\System\mvPrnmt.exe
  C:\Windows\System\mvPrnmt.exe
  2⤵
  PID:7304
- C:\Windows\System\EndoFuf.exe
  C:\Windows\System\EndoFuf.exe
  2⤵
  PID:7380
- C:\Windows\System\AJcQkkk.exe
  C:\Windows\System\AJcQkkk.exe
  2⤵
  PID:7412
- C:\Windows\System\httPNis.exe
  C:\Windows\System\httPNis.exe
  2⤵
  PID:7488
- C:\Windows\System\ZvEuWpl.exe
  C:\Windows\System\ZvEuWpl.exe
  2⤵
  PID:7428
- C:\Windows\System\cQRPayl.exe
  C:\Windows\System\cQRPayl.exe
  2⤵
  PID:7468
- C:\Windows\System\jCDSWFB.exe
  C:\Windows\System\jCDSWFB.exe
  2⤵
  PID:7552
- C:\Windows\System\pRZgBMe.exe
  C:\Windows\System\pRZgBMe.exe
  2⤵
  PID:7536
- C:\Windows\System\VkAdqoU.exe
  C:\Windows\System\VkAdqoU.exe
  2⤵
  PID:7624
- C:\Windows\System\sGDfBhX.exe
  C:\Windows\System\sGDfBhX.exe
  2⤵
  PID:7704
- C:\Windows\System\qBpVUyA.exe
  C:\Windows\System\qBpVUyA.exe
  2⤵
  PID:7644
- C:\Windows\System\wftjXBA.exe
  C:\Windows\System\wftjXBA.exe
  2⤵
  PID:7756
- C:\Windows\System\quiddeS.exe
  C:\Windows\System\quiddeS.exe
  2⤵
  PID:7680
- C:\Windows\System\NOaVsSz.exe
  C:\Windows\System\NOaVsSz.exe
  2⤵
  PID:7720
- C:\Windows\System\BeqrWLa.exe
  C:\Windows\System\BeqrWLa.exe
  2⤵
  PID:7736
- C:\Windows\System\KQxHPRH.exe
  C:\Windows\System\KQxHPRH.exe
  2⤵
  PID:7792
- C:\Windows\System\CnuDGiH.exe
  C:\Windows\System\CnuDGiH.exe
  2⤵
  PID:7820
- C:\Windows\System\MOhKFNR.exe
  C:\Windows\System\MOhKFNR.exe
  2⤵
  PID:7860
- C:\Windows\System\ReRjbBe.exe
  C:\Windows\System\ReRjbBe.exe
  2⤵
  PID:7924
- C:\Windows\System\pHLCjIO.exe
  C:\Windows\System\pHLCjIO.exe
  2⤵
  PID:7844
- C:\Windows\System\LQScybh.exe
  C:\Windows\System\LQScybh.exe
  2⤵
  PID:7912
- C:\Windows\System\TObyYYr.exe
  C:\Windows\System\TObyYYr.exe
  2⤵
  PID:7976
- C:\Windows\System\coAhfpm.exe
  C:\Windows\System\coAhfpm.exe
  2⤵
  PID:8040
- C:\Windows\System\obwoLWr.exe
  C:\Windows\System\obwoLWr.exe
  2⤵
  PID:7960
- C:\Windows\System\mPqTpqc.exe
  C:\Windows\System\mPqTpqc.exe
  2⤵
  PID:8024
- C:\Windows\System\tBsWtGs.exe
  C:\Windows\System\tBsWtGs.exe
  2⤵
  PID:8116
- C:\Windows\System\cmzDTVj.exe
  C:\Windows\System\cmzDTVj.exe
  2⤵
  PID:8180
- C:\Windows\System\jhwOjSF.exe
  C:\Windows\System\jhwOjSF.exe
  2⤵
  PID:8072
- C:\Windows\System\mZhzovF.exe
  C:\Windows\System\mZhzovF.exe
  2⤵
  PID:8136
- C:\Windows\System\LIuvAJi.exe
  C:\Windows\System\LIuvAJi.exe
  2⤵
  PID:6924
- C:\Windows\System\HpWQVUX.exe
  C:\Windows\System\HpWQVUX.exe
  2⤵
  PID:7204
- C:\Windows\System\kkVuHRJ.exe
  C:\Windows\System\kkVuHRJ.exe
  2⤵
  PID:7364
- C:\Windows\System\XvobPKY.exe
  C:\Windows\System\XvobPKY.exe
  2⤵
  PID:7520
- C:\Windows\System\rTivPTq.exe
  C:\Windows\System\rTivPTq.exe
  2⤵
  PID:7452
- C:\Windows\System\YqVFoip.exe
  C:\Windows\System\YqVFoip.exe
  2⤵
  PID:6276
- C:\Windows\System\ywSoeMg.exe
  C:\Windows\System\ywSoeMg.exe
  2⤵
  PID:7464
- C:\Windows\System\XpepXYc.exe
  C:\Windows\System\XpepXYc.exe
  2⤵
  PID:6984
- C:\Windows\System\qrjjPEH.exe
  C:\Windows\System\qrjjPEH.exe
  2⤵
  PID:7620
- C:\Windows\System\bbtQPAt.exe
  C:\Windows\System\bbtQPAt.exe
  2⤵
  PID:7676
- C:\Windows\System\SWOIYYa.exe
  C:\Windows\System\SWOIYYa.exe
  2⤵
  PID:7664
- C:\Windows\System\jnkeetD.exe
  C:\Windows\System\jnkeetD.exe
  2⤵
  PID:7692
- C:\Windows\System\pGjjrbJ.exe
  C:\Windows\System\pGjjrbJ.exe
  2⤵
  PID:7732
- C:\Windows\System\WCitVLa.exe
  C:\Windows\System\WCitVLa.exe
  2⤵
  PID:7828
- C:\Windows\System\hcHbTlV.exe
  C:\Windows\System\hcHbTlV.exe
  2⤵
  PID:7804
- C:\Windows\System\oGEnZTH.exe
  C:\Windows\System\oGEnZTH.exe
  2⤵
  PID:8008
- C:\Windows\System\PaWImac.exe
  C:\Windows\System\PaWImac.exe
  2⤵
  PID:8148
- C:\Windows\System\pvjEted.exe
  C:\Windows\System\pvjEted.exe
  2⤵
  PID:7956
- C:\Windows\System\NkwDnLm.exe
  C:\Windows\System\NkwDnLm.exe
  2⤵
  PID:8068
- C:\Windows\System\xTrRsqw.exe
  C:\Windows\System\xTrRsqw.exe
  2⤵
  PID:8104
- C:\Windows\System\dAwmWtV.exe
  C:\Windows\System\dAwmWtV.exe
  2⤵
  PID:7416
- C:\Windows\System\DZDLYRu.exe
  C:\Windows\System\DZDLYRu.exe
  2⤵
  PID:7188
- C:\Windows\System\pzTsYIJ.exe
  C:\Windows\System\pzTsYIJ.exe
  2⤵
  PID:7396
- C:\Windows\System\LuPYjvm.exe
  C:\Windows\System\LuPYjvm.exe
  2⤵
  PID:7548
- C:\Windows\System\bpggAGL.exe
  C:\Windows\System\bpggAGL.exe
  2⤵
  PID:7768
- C:\Windows\System\XfhCcXw.exe
  C:\Windows\System\XfhCcXw.exe
  2⤵
  PID:8200
- C:\Windows\System\jxevCIC.exe
  C:\Windows\System\jxevCIC.exe
  2⤵
  PID:8220
- C:\Windows\System\MotPMNh.exe
  C:\Windows\System\MotPMNh.exe
  2⤵
  PID:8236
- C:\Windows\System\IYeFCwX.exe
  C:\Windows\System\IYeFCwX.exe
  2⤵
  PID:8252
- C:\Windows\System\lBXmDbv.exe
  C:\Windows\System\lBXmDbv.exe
  2⤵
  PID:8268
- C:\Windows\System\WMMrPAY.exe
  C:\Windows\System\WMMrPAY.exe
  2⤵
  PID:8284
- C:\Windows\System\shmfllC.exe
  C:\Windows\System\shmfllC.exe
  2⤵
  PID:8300
- C:\Windows\System\AQGvuyf.exe
  C:\Windows\System\AQGvuyf.exe
  2⤵
  PID:8316
- C:\Windows\System\bkHGVJM.exe
  C:\Windows\System\bkHGVJM.exe
  2⤵
  PID:8332
- C:\Windows\System\iTQzvvc.exe
  C:\Windows\System\iTQzvvc.exe
  2⤵
  PID:8348
- C:\Windows\System\FTYyXlf.exe
  C:\Windows\System\FTYyXlf.exe
  2⤵
  PID:8364
- C:\Windows\System\wtiAagO.exe
  C:\Windows\System\wtiAagO.exe
  2⤵
  PID:8380
- C:\Windows\System\anbYdxC.exe
  C:\Windows\System\anbYdxC.exe
  2⤵
  PID:8396
- C:\Windows\System\yjnciir.exe
  C:\Windows\System\yjnciir.exe
  2⤵
  PID:8412
- C:\Windows\System\puUMDyp.exe
  C:\Windows\System\puUMDyp.exe
  2⤵
  PID:8428
- C:\Windows\System\aCWGlGJ.exe
  C:\Windows\System\aCWGlGJ.exe
  2⤵
  PID:8444
- C:\Windows\System\SmaQJuC.exe
  C:\Windows\System\SmaQJuC.exe
  2⤵
  PID:8460
- C:\Windows\System\JxprHhu.exe
  C:\Windows\System\JxprHhu.exe
  2⤵
  PID:8476
- C:\Windows\System\MpZtGBS.exe
  C:\Windows\System\MpZtGBS.exe
  2⤵
  PID:8492
- C:\Windows\System\YoeHjjQ.exe
  C:\Windows\System\YoeHjjQ.exe
  2⤵
  PID:8508
- C:\Windows\System\JoCNUoK.exe
  C:\Windows\System\JoCNUoK.exe
  2⤵
  PID:8524
- C:\Windows\System\TmLrzuy.exe
  C:\Windows\System\TmLrzuy.exe
  2⤵
  PID:8540
- C:\Windows\System\VJwSfYX.exe
  C:\Windows\System\VJwSfYX.exe
  2⤵
  PID:8556
- C:\Windows\System\KRiAnOZ.exe
  C:\Windows\System\KRiAnOZ.exe
  2⤵
  PID:8572
- C:\Windows\System\hYMYPyC.exe
  C:\Windows\System\hYMYPyC.exe
  2⤵
  PID:8588
- C:\Windows\System\ekRSduC.exe
  C:\Windows\System\ekRSduC.exe
  2⤵
  PID:8604
- C:\Windows\System\ipEkRAw.exe
  C:\Windows\System\ipEkRAw.exe
  2⤵
  PID:8620
- C:\Windows\System\eSYHSqJ.exe
  C:\Windows\System\eSYHSqJ.exe
  2⤵
  PID:8636
- C:\Windows\System\pgcnifx.exe
  C:\Windows\System\pgcnifx.exe
  2⤵
  PID:8652
- C:\Windows\System\PWBLuSl.exe
  C:\Windows\System\PWBLuSl.exe
  2⤵
  PID:8668
- C:\Windows\System\SSlMdcj.exe
  C:\Windows\System\SSlMdcj.exe
  2⤵
  PID:8684
- C:\Windows\System\yCtCiWG.exe
  C:\Windows\System\yCtCiWG.exe
  2⤵
  PID:8700
- C:\Windows\System\zIXSpum.exe
  C:\Windows\System\zIXSpum.exe
  2⤵
  PID:8716
- C:\Windows\System\HYCDqgD.exe
  C:\Windows\System\HYCDqgD.exe
  2⤵
  PID:8732
- C:\Windows\System\JCCrzhz.exe
  C:\Windows\System\JCCrzhz.exe
  2⤵
  PID:8748
- C:\Windows\System\irgmbuF.exe
  C:\Windows\System\irgmbuF.exe
  2⤵
  PID:8764
- C:\Windows\System\SGgvNhD.exe
  C:\Windows\System\SGgvNhD.exe
  2⤵
  PID:8780
- C:\Windows\System\BucTgud.exe
  C:\Windows\System\BucTgud.exe
  2⤵
  PID:8796
- C:\Windows\System\HvZUvsr.exe
  C:\Windows\System\HvZUvsr.exe
  2⤵
  PID:8824
- C:\Windows\System\DEJjJkC.exe
  C:\Windows\System\DEJjJkC.exe
  2⤵
  PID:8844
- C:\Windows\System\kMBFytC.exe
  C:\Windows\System\kMBFytC.exe
  2⤵
  PID:8860
- C:\Windows\System\oFIafVG.exe
  C:\Windows\System\oFIafVG.exe
  2⤵
  PID:8876
- C:\Windows\System\lyJTzZD.exe
  C:\Windows\System\lyJTzZD.exe
  2⤵
  PID:8892
- C:\Windows\System\IXJjnNs.exe
  C:\Windows\System\IXJjnNs.exe
  2⤵
  PID:8908
- C:\Windows\System\VPwKGLT.exe
  C:\Windows\System\VPwKGLT.exe
  2⤵
  PID:8928
- C:\Windows\System\buEUwhc.exe
  C:\Windows\System\buEUwhc.exe
  2⤵
  PID:8944
- C:\Windows\System\HviGGmV.exe
  C:\Windows\System\HviGGmV.exe
  2⤵
  PID:8960
- C:\Windows\System\skzHjcv.exe
  C:\Windows\System\skzHjcv.exe
  2⤵
  PID:8976
- C:\Windows\System\QtvOxIK.exe
  C:\Windows\System\QtvOxIK.exe
  2⤵
  PID:9000
- C:\Windows\System\WoNxVeW.exe
  C:\Windows\System\WoNxVeW.exe
  2⤵
  PID:9016
- C:\Windows\System\fJSuhAz.exe
  C:\Windows\System\fJSuhAz.exe
  2⤵
  PID:9032
- C:\Windows\System\FjblnKM.exe
  C:\Windows\System\FjblnKM.exe
  2⤵
  PID:9048
- C:\Windows\System\OadIIfq.exe
  C:\Windows\System\OadIIfq.exe
  2⤵
  PID:9064
- C:\Windows\System\vtgTGVP.exe
  C:\Windows\System\vtgTGVP.exe
  2⤵
  PID:9080
- C:\Windows\System\urAozds.exe
  C:\Windows\System\urAozds.exe
  2⤵
  PID:9096
- C:\Windows\System\GmTCHRR.exe
  C:\Windows\System\GmTCHRR.exe
  2⤵
  PID:9112
- C:\Windows\System\dptvLey.exe
  C:\Windows\System\dptvLey.exe
  2⤵
  PID:9128
- C:\Windows\System\yBhVQrf.exe
  C:\Windows\System\yBhVQrf.exe
  2⤵
  PID:9152
- C:\Windows\System\QQdjfAL.exe
  C:\Windows\System\QQdjfAL.exe
  2⤵
  PID:9168
- C:\Windows\System\AOBTqFt.exe
  C:\Windows\System\AOBTqFt.exe
  2⤵
  PID:9184
- C:\Windows\System\qxZPTbt.exe
  C:\Windows\System\qxZPTbt.exe
  2⤵
  PID:9200
- C:\Windows\System\reWIJuh.exe
  C:\Windows\System\reWIJuh.exe
  2⤵
  PID:7896
- C:\Windows\System\uoHGfYZ.exe
  C:\Windows\System\uoHGfYZ.exe
  2⤵
  PID:6568
- C:\Windows\System\htRlSxr.exe
  C:\Windows\System\htRlSxr.exe
  2⤵
  PID:7660
- C:\Windows\System\kWDzNnQ.exe
  C:\Windows\System\kWDzNnQ.exe
  2⤵
  PID:8212
- C:\Windows\System\JEDAciz.exe
  C:\Windows\System\JEDAciz.exe
  2⤵
  PID:8312
- C:\Windows\System\gADnECT.exe
  C:\Windows\System\gADnECT.exe
  2⤵
  PID:8276
- C:\Windows\System\FjDLNsS.exe
  C:\Windows\System\FjDLNsS.exe
  2⤵
  PID:7752
- C:\Windows\System\MKBmDpe.exe
  C:\Windows\System\MKBmDpe.exe
  2⤵
  PID:7800
- C:\Windows\System\uzDhebD.exe
  C:\Windows\System\uzDhebD.exe
  2⤵
  PID:8168
- C:\Windows\System\IVhxMMw.exe
  C:\Windows\System\IVhxMMw.exe
  2⤵
  PID:8296
- C:\Windows\System\dobWRym.exe
  C:\Windows\System\dobWRym.exe
  2⤵
  PID:8388
- C:\Windows\System\YPquPaJ.exe
  C:\Windows\System\YPquPaJ.exe
  2⤵
  PID:8452
- C:\Windows\System\rBNuqdP.exe
  C:\Windows\System\rBNuqdP.exe
  2⤵
  PID:8408
- C:\Windows\System\LMgHvYu.exe
  C:\Windows\System\LMgHvYu.exe
  2⤵
  PID:8488
- C:\Windows\System\EDTsJxN.exe
  C:\Windows\System\EDTsJxN.exe
  2⤵
  PID:8472
- C:\Windows\System\pqGWzSw.exe
  C:\Windows\System\pqGWzSw.exe
  2⤵
  PID:8536
- C:\Windows\System\cJJGIAQ.exe
  C:\Windows\System\cJJGIAQ.exe
  2⤵
  PID:8612
- C:\Windows\System\ZdtHreE.exe
  C:\Windows\System\ZdtHreE.exe
  2⤵
  PID:8660
- C:\Windows\System\XuaLMie.exe
  C:\Windows\System\XuaLMie.exe
  2⤵
  PID:8600
- C:\Windows\System\hnGafBL.exe
  C:\Windows\System\hnGafBL.exe
  2⤵
  PID:8680
- C:\Windows\System\wvXJgaK.exe
  C:\Windows\System\wvXJgaK.exe
  2⤵
  PID:8692
- C:\Windows\System\eglwnaY.exe
  C:\Windows\System\eglwnaY.exe
  2⤵
  PID:8728
- C:\Windows\System\IJGYgjI.exe
  C:\Windows\System\IJGYgjI.exe
  2⤵
  PID:8756
- C:\Windows\System\tEywcmd.exe
  C:\Windows\System\tEywcmd.exe
  2⤵
  PID:8788
- C:\Windows\System\vVubRaE.exe
  C:\Windows\System\vVubRaE.exe
  2⤵
  PID:8836
- C:\Windows\System\lsvbEQD.exe
  C:\Windows\System\lsvbEQD.exe
  2⤵
  PID:8884
- C:\Windows\System\pxJBeCY.exe
  C:\Windows\System\pxJBeCY.exe
  2⤵
  PID:8924
- C:\Windows\System\SWLSamU.exe
  C:\Windows\System\SWLSamU.exe
  2⤵
  PID:8904
- C:\Windows\System\luDswwx.exe
  C:\Windows\System\luDswwx.exe
  2⤵
  PID:8940
- C:\Windows\System\pVxvEGf.exe
  C:\Windows\System\pVxvEGf.exe
  2⤵
  PID:8992
- C:\Windows\System\kSYkqFh.exe
  C:\Windows\System\kSYkqFh.exe
  2⤵
  PID:9008
- C:\Windows\System\zIBohxk.exe
  C:\Windows\System\zIBohxk.exe
  2⤵
  PID:9072
- C:\Windows\System\poRthtK.exe
  C:\Windows\System\poRthtK.exe
  2⤵
  PID:9060
- C:\Windows\System\dbSNOXk.exe
  C:\Windows\System\dbSNOXk.exe
  2⤵
  PID:9076
- C:\Windows\System\fAyJwlb.exe
  C:\Windows\System\fAyJwlb.exe
  2⤵
  PID:9164
- C:\Windows\System\CgYwttN.exe
  C:\Windows\System\CgYwttN.exe
  2⤵
  PID:9108
- C:\Windows\System\QmwBUyZ.exe
  C:\Windows\System\QmwBUyZ.exe
  2⤵
  PID:9140
- C:\Windows\System\aGKfqks.exe
  C:\Windows\System\aGKfqks.exe
  2⤵
  PID:7300
- C:\Windows\System\oSWUPTh.exe
  C:\Windows\System\oSWUPTh.exe
  2⤵
  PID:9148
- C:\Windows\System\nYrTYMg.exe
  C:\Windows\System\nYrTYMg.exe
  2⤵
  PID:6828
- C:\Windows\System\uXdZaMH.exe
  C:\Windows\System\uXdZaMH.exe
  2⤵
  PID:7764
- C:\Windows\System\tIXTQyI.exe
  C:\Windows\System\tIXTQyI.exe
  2⤵
  PID:7880
- C:\Windows\System\aNglaWj.exe
  C:\Windows\System\aNglaWj.exe
  2⤵
  PID:8152
- C:\Windows\System\pDevwPg.exe
  C:\Windows\System\pDevwPg.exe
  2⤵
  PID:8232
- C:\Windows\System\CcDEQck.exe
  C:\Windows\System\CcDEQck.exe
  2⤵
  PID:8328
- C:\Windows\System\SCBOPcX.exe
  C:\Windows\System\SCBOPcX.exe
  2⤵
  PID:8424
- C:\Windows\System\mqJrlMC.exe
  C:\Windows\System\mqJrlMC.exe
  2⤵
  PID:8504
- C:\Windows\System\bZmhAIC.exe
  C:\Windows\System\bZmhAIC.exe
  2⤵
  PID:8584
- C:\Windows\System\knvUbsw.exe
  C:\Windows\System\knvUbsw.exe
  2⤵
  PID:8632
- C:\Windows\System\HqQXvGC.exe
  C:\Windows\System\HqQXvGC.exe
  2⤵
  PID:8676
- C:\Windows\System\vTrKyDh.exe
  C:\Windows\System\vTrKyDh.exe
  2⤵
  PID:8804
- C:\Windows\System\SnFoeFi.exe
  C:\Windows\System\SnFoeFi.exe
  2⤵
  PID:8712
- C:\Windows\System\HFPYzaW.exe
  C:\Windows\System\HFPYzaW.exe
  2⤵
  PID:8916
- C:\Windows\System\JFkDwak.exe
  C:\Windows\System\JFkDwak.exe
  2⤵
  PID:8952
- C:\Windows\System\VkjhpvZ.exe
  C:\Windows\System\VkjhpvZ.exe
  2⤵
  PID:8984
- C:\Windows\System\UreyyWQ.exe
  C:\Windows\System\UreyyWQ.exe
  2⤵
  PID:9044
- C:\Windows\System\UpFoLkc.exe
  C:\Windows\System\UpFoLkc.exe
  2⤵
  PID:9196
- C:\Windows\System\UwCFXkX.exe
  C:\Windows\System\UwCFXkX.exe
  2⤵
  PID:9212
- C:\Windows\System\qfLKQnT.exe
  C:\Windows\System\qfLKQnT.exe
  2⤵
  PID:9176
- C:\Windows\System\CPNTcHC.exe
  C:\Windows\System\CPNTcHC.exe
  2⤵
  PID:8376
- C:\Windows\System\qbhyFSV.exe
  C:\Windows\System\qbhyFSV.exe
  2⤵
  PID:7252
- C:\Windows\System\JLtoaSe.exe
  C:\Windows\System\JLtoaSe.exe
  2⤵
  PID:8228
- C:\Windows\System\MDsFhaE.exe
  C:\Windows\System\MDsFhaE.exe
  2⤵
  PID:8484
- C:\Windows\System\PseeaVi.exe
  C:\Windows\System\PseeaVi.exe
  2⤵
  PID:8292
- C:\Windows\System\KMvkQHY.exe
  C:\Windows\System\KMvkQHY.exe
  2⤵
  PID:8724
- C:\Windows\System\eJsyxkj.exe
  C:\Windows\System\eJsyxkj.exe
  2⤵
  PID:8856
- C:\Windows\System\pWCKFvZ.exe
  C:\Windows\System\pWCKFvZ.exe
  2⤵
  PID:8972
- C:\Windows\System\WAGZAJv.exe
  C:\Windows\System\WAGZAJv.exe
  2⤵
  PID:8816
- C:\Windows\System\SFgPjUp.exe
  C:\Windows\System\SFgPjUp.exe
  2⤵
  PID:9104
- C:\Windows\System\CZQiRGu.exe
  C:\Windows\System\CZQiRGu.exe
  2⤵
  PID:9160
- C:\Windows\System\KEJvrGH.exe
  C:\Windows\System\KEJvrGH.exe
  2⤵
  PID:6408
- C:\Windows\System\hoaBXXR.exe
  C:\Windows\System\hoaBXXR.exe
  2⤵
  PID:8532
- C:\Windows\System\JCfPckh.exe
  C:\Windows\System\JCfPckh.exe
  2⤵
  PID:9056
- C:\Windows\System\AIVsomA.exe
  C:\Windows\System\AIVsomA.exe
  2⤵
  PID:8628
- C:\Windows\System\VbrTAeu.exe
  C:\Windows\System\VbrTAeu.exe
  2⤵
  PID:8996
- C:\Windows\System\FVnWLVw.exe
  C:\Windows\System\FVnWLVw.exe
  2⤵
  PID:8196
- C:\Windows\System\CJVgduw.exe
  C:\Windows\System\CJVgduw.exe
  2⤵
  PID:9228
- C:\Windows\System\PTITDzD.exe
  C:\Windows\System\PTITDzD.exe
  2⤵
  PID:9244
- C:\Windows\System\gBGBazO.exe
  C:\Windows\System\gBGBazO.exe
  2⤵
  PID:9260
- C:\Windows\System\zDAnVeA.exe
  C:\Windows\System\zDAnVeA.exe
  2⤵
  PID:9276
- C:\Windows\System\VqBQVgF.exe
  C:\Windows\System\VqBQVgF.exe
  2⤵
  PID:9292
- C:\Windows\System\lLrSdqD.exe
  C:\Windows\System\lLrSdqD.exe
  2⤵
  PID:9308
- C:\Windows\System\xvFrQJF.exe
  C:\Windows\System\xvFrQJF.exe
  2⤵
  PID:9324
- C:\Windows\System\BmPlKZe.exe
  C:\Windows\System\BmPlKZe.exe
  2⤵
  PID:9340
- C:\Windows\System\JuBCKPb.exe
  C:\Windows\System\JuBCKPb.exe
  2⤵
  PID:9356
- C:\Windows\System\NcUdfCM.exe
  C:\Windows\System\NcUdfCM.exe
  2⤵
  PID:9372
- C:\Windows\System\EurSKhz.exe
  C:\Windows\System\EurSKhz.exe
  2⤵
  PID:9388
- C:\Windows\System\oiRVdch.exe
  C:\Windows\System\oiRVdch.exe
  2⤵
  PID:9404
- C:\Windows\System\nTWwRzA.exe
  C:\Windows\System\nTWwRzA.exe
  2⤵
  PID:9420
- C:\Windows\System\FnAZDKO.exe
  C:\Windows\System\FnAZDKO.exe
  2⤵
  PID:9436
- C:\Windows\System\vfaNGKx.exe
  C:\Windows\System\vfaNGKx.exe
  2⤵
  PID:9452
- C:\Windows\System\GfXUgNW.exe
  C:\Windows\System\GfXUgNW.exe
  2⤵
  PID:9468
- C:\Windows\System\KBFELxS.exe
  C:\Windows\System\KBFELxS.exe
  2⤵
  PID:9484
- C:\Windows\System\BWJFDjr.exe
  C:\Windows\System\BWJFDjr.exe
  2⤵
  PID:9500
- C:\Windows\System\SxdCDhz.exe
  C:\Windows\System\SxdCDhz.exe
  2⤵
  PID:9516
- C:\Windows\System\fFapgit.exe
  C:\Windows\System\fFapgit.exe
  2⤵
  PID:9532
- C:\Windows\System\gWGgpqv.exe
  C:\Windows\System\gWGgpqv.exe
  2⤵
  PID:9548
- C:\Windows\System\cIoDhrg.exe
  C:\Windows\System\cIoDhrg.exe
  2⤵
  PID:9564
- C:\Windows\System\HAGbrXh.exe
  C:\Windows\System\HAGbrXh.exe
  2⤵
  PID:9580
- C:\Windows\System\eoZGrCc.exe
  C:\Windows\System\eoZGrCc.exe
  2⤵
  PID:9596
- C:\Windows\System\nFAxTck.exe
  C:\Windows\System\nFAxTck.exe
  2⤵
  PID:9612
- C:\Windows\System\AYpdRea.exe
  C:\Windows\System\AYpdRea.exe
  2⤵
  PID:9628
- C:\Windows\System\hbwRleI.exe
  C:\Windows\System\hbwRleI.exe
  2⤵
  PID:9644
- C:\Windows\System\VjiVuEq.exe
  C:\Windows\System\VjiVuEq.exe
  2⤵
  PID:9660
- C:\Windows\System\wQjrXzA.exe
  C:\Windows\System\wQjrXzA.exe
  2⤵
  PID:9680
- C:\Windows\System\PARSIys.exe
  C:\Windows\System\PARSIys.exe
  2⤵
  PID:9696
- C:\Windows\System\CVRKkMS.exe
  C:\Windows\System\CVRKkMS.exe
  2⤵
  PID:9712
- C:\Windows\System\DVTuNyW.exe
  C:\Windows\System\DVTuNyW.exe
  2⤵
  PID:9732
- C:\Windows\System\fFERVrn.exe
  C:\Windows\System\fFERVrn.exe
  2⤵
  PID:9748
- C:\Windows\System\NcwUXKo.exe
  C:\Windows\System\NcwUXKo.exe
  2⤵
  PID:9764
- C:\Windows\System\MGzUNpQ.exe
  C:\Windows\System\MGzUNpQ.exe
  2⤵
  PID:9780
- C:\Windows\System\QhgTKwy.exe
  C:\Windows\System\QhgTKwy.exe
  2⤵
  PID:9796
- C:\Windows\System\aQHoJYi.exe
  C:\Windows\System\aQHoJYi.exe
  2⤵
  PID:9812
- C:\Windows\System\TUvdSTm.exe
  C:\Windows\System\TUvdSTm.exe
  2⤵
  PID:9828
- C:\Windows\System\JnqrWmg.exe
  C:\Windows\System\JnqrWmg.exe
  2⤵
  PID:9844
- C:\Windows\System\HRpEckB.exe
  C:\Windows\System\HRpEckB.exe
  2⤵
  PID:9860
- C:\Windows\System\LjkWhfU.exe
  C:\Windows\System\LjkWhfU.exe
  2⤵
  PID:9876
- C:\Windows\System\tmlEuZm.exe
  C:\Windows\System\tmlEuZm.exe
  2⤵
  PID:9892
- C:\Windows\System\BdNsUtu.exe
  C:\Windows\System\BdNsUtu.exe
  2⤵
  PID:9908
- C:\Windows\System\ERDvEyn.exe
  C:\Windows\System\ERDvEyn.exe
  2⤵
  PID:9924
- C:\Windows\System\KasRDHo.exe
  C:\Windows\System\KasRDHo.exe
  2⤵
  PID:9940
- C:\Windows\System\xRFTZIi.exe
  C:\Windows\System\xRFTZIi.exe
  2⤵
  PID:9956
- C:\Windows\System\sSnOuAO.exe
  C:\Windows\System\sSnOuAO.exe
  2⤵
  PID:9972
- C:\Windows\System\uctEyip.exe
  C:\Windows\System\uctEyip.exe
  2⤵
  PID:9988
- C:\Windows\System\AUUeacB.exe
  C:\Windows\System\AUUeacB.exe
  2⤵
  PID:10004
- C:\Windows\System\lrdPtDn.exe
  C:\Windows\System\lrdPtDn.exe
  2⤵
  PID:10020
- C:\Windows\System\MJgzpdC.exe
  C:\Windows\System\MJgzpdC.exe
  2⤵
  PID:10036
- C:\Windows\System\fUyQJiT.exe
  C:\Windows\System\fUyQJiT.exe
  2⤵
  PID:10052
- C:\Windows\System\EiMxygT.exe
  C:\Windows\System\EiMxygT.exe
  2⤵
  PID:10068
- C:\Windows\System\hmOyylF.exe
  C:\Windows\System\hmOyylF.exe
  2⤵
  PID:10084
- C:\Windows\System\kQVFLEf.exe
  C:\Windows\System\kQVFLEf.exe
  2⤵
  PID:10100
- C:\Windows\System\DRmDZsY.exe
  C:\Windows\System\DRmDZsY.exe
  2⤵
  PID:10116
- C:\Windows\System\YjMMlVE.exe
  C:\Windows\System\YjMMlVE.exe
  2⤵
  PID:10132
- C:\Windows\System\eHgPeSz.exe
  C:\Windows\System\eHgPeSz.exe
  2⤵
  PID:10148
- C:\Windows\System\wuIzSOH.exe
  C:\Windows\System\wuIzSOH.exe
  2⤵
  PID:10164
- C:\Windows\System\FsTOcsC.exe
  C:\Windows\System\FsTOcsC.exe
  2⤵
  PID:10180
- C:\Windows\System\pMMhYOp.exe
  C:\Windows\System\pMMhYOp.exe
  2⤵
  PID:10196
- C:\Windows\System\YuuzfJQ.exe
  C:\Windows\System\YuuzfJQ.exe
  2⤵
  PID:10212
- C:\Windows\System\bjanYSX.exe
  C:\Windows\System\bjanYSX.exe
  2⤵
  PID:10228
- C:\Windows\System\CrJnZqb.exe
  C:\Windows\System\CrJnZqb.exe
  2⤵
  PID:8580
- C:\Windows\System\gTwkYuB.exe
  C:\Windows\System\gTwkYuB.exe
  2⤵
  PID:9240
- C:\Windows\System\FwmWnFV.exe
  C:\Windows\System\FwmWnFV.exe
  2⤵
  PID:8648
- C:\Windows\System\IeKOWSj.exe
  C:\Windows\System\IeKOWSj.exe
  2⤵
  PID:8900
- C:\Windows\System\bKZKYKl.exe
  C:\Windows\System\bKZKYKl.exe
  2⤵
  PID:9336
- C:\Windows\System\PzyjARp.exe
  C:\Windows\System\PzyjARp.exe
  2⤵
  PID:9284
- C:\Windows\System\ZcPjNlM.exe
  C:\Windows\System\ZcPjNlM.exe
  2⤵
  PID:9352
- C:\Windows\System\uCoKnbk.exe
  C:\Windows\System\uCoKnbk.exe
  2⤵
  PID:9400
- C:\Windows\System\dOyNEzB.exe
  C:\Windows\System\dOyNEzB.exe
  2⤵
  PID:9412
- C:\Windows\System\fzadvfC.exe
  C:\Windows\System\fzadvfC.exe
  2⤵
  PID:9492
- C:\Windows\System\CqGVcik.exe
  C:\Windows\System\CqGVcik.exe
  2⤵
  PID:9480
- C:\Windows\System\NWCEjsu.exe
  C:\Windows\System\NWCEjsu.exe
  2⤵
  PID:9512
- C:\Windows\System\ptfJthO.exe
  C:\Windows\System\ptfJthO.exe
  2⤵
  PID:9560
- C:\Windows\System\OZPufpQ.exe
  C:\Windows\System\OZPufpQ.exe
  2⤵
  PID:9540
- C:\Windows\System\dBxwwxk.exe
  C:\Windows\System\dBxwwxk.exe
  2⤵
  PID:9636
- C:\Windows\System\WHzIRRW.exe
  C:\Windows\System\WHzIRRW.exe
  2⤵
  PID:9620
- C:\Windows\System\qgkfjNf.exe
  C:\Windows\System\qgkfjNf.exe
  2⤵
  PID:7972
- C:\Windows\System\QiufyhQ.exe
  C:\Windows\System\QiufyhQ.exe
  2⤵
  PID:9704
- C:\Windows\System\URZVCxY.exe
  C:\Windows\System\URZVCxY.exe
  2⤵
  PID:9728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACsrdUt.exe

Filesize
6.0MB

MD5
b3d3aaf5c10e5812d74489e282f3a359

SHA1
08225f8629d7d6c0d54ff069d4a25ba0dd0139f9

SHA256
c5d531e42231b6221aba77863bb3dc0e77fe957a16f7bdd62562e36e6d1e3fa6

SHA512
27330b76cf68bc4d36ebd6ff64d088225e5b5698893a53298e9e642a6299372ffe23726139d113c4674c6ad585efa40ad870d6696a9830f464a608370fe45145

Download Submit
C:\Windows\system\BEyzNSq.exe

Filesize
6.0MB

MD5
f95d0dcdacdf6d4e9103f7a7c70743aa

SHA1
81089be921f4f9f560ea8c777d88687f7b87e07f

SHA256
e9a24112565b5855df27e41d1d3c1eb43604a5baa14e408000429adc542d713f

SHA512
e7168898c560aea05d8f99d7b2a37cf9879478010a4248b2e40edc42d7769975a891b74fc0e813b396eceffd798629a6ee53b0fb70df3ef427d9e3f829abafaf

Download Submit
C:\Windows\system\BZRPpRr.exe

Filesize
6.0MB

MD5
ab1b414bdfc3fce6210cf0cb5615112f

SHA1
70962ab2c58ba2083ecf7f47775c05dcc461d301

SHA256
564d6266cb0f4d6476c50265c661e8ab3a0c543c402cb525cd2de154a7e3ef17

SHA512
92980eeb1601aab0a977c645f1cf534f025744d95ff9a9b87f033f55ae4bc7613990d33572ce271f185f5ab57f5d50ad215bfeb29835bdd9589d55a868c7191b

Download Submit
C:\Windows\system\BifQRkN.exe

Filesize
6.0MB

MD5
4210add85c3c8d9087a7f48ec1bb378a

SHA1
9c66a5f98ed03f9648bdba5c4c69c90a60788a2f

SHA256
73678d60b628026d5d30050a82163fb01dd64b3f1c33c81cd5d59e932494d3b0

SHA512
8902b2a9f9af7cb16c91d120b6fdd5cb255e0f7ee8dd95e1186e3ec0e937a3fb72d3091bb91bed931249936f5265fe8ec2a9522d58e710e30070baeff30301c6

Download Submit
C:\Windows\system\CRwvPuX.exe

Filesize
6.0MB

MD5
a3906cb5857a2f9c983480a043ad514c

SHA1
f33f58013f302815fb372b692291a554bab1f05c

SHA256
1502a89c6f669710fdc837ae4a151d69e2125318efa152b1cc2b2a3ea397c975

SHA512
97df048186de39db655e94561cccb5c8a760f583e917fbd41bcb6d0d457ead245e603032ed27de637059b2ecd790ae8c6b500bc1974fb6a402b622463237210e

Download Submit
C:\Windows\system\GzufBDN.exe

Filesize
5.9MB

MD5
c13b885305501178c26bd336607eda50

SHA1
ece4d874d70e40ee8f22de2175f87dc1a3996c3f

SHA256
a82b3937d1a15668398e0658ef8e792abbc84e23fbd5a784b032432bcf1dc55b

SHA512
a5f131f6d8bd478d066206ff5723dacc9a76b65fae4b4bbb7cbc1a574cbc139243f2897e3b902c90a0fa234028882d4735476ab176e8fa3a1c38cd70ef012b63

Download Submit
C:\Windows\system\HsvaZjj.exe

Filesize
6.0MB

MD5
54acdf010d9ef8d64312894a6c26ca95

SHA1
7ff5eb488f8bdeef1e28af8d5d8b1c2237e16275

SHA256
691fad66ee8b4810f5d4af930e769c3f05c22299a9a5dd81a8eecf8754b69f69

SHA512
91684facfb120af6e99c5c1879c0761908b2871b10a2523d33c92085cfdb2622011929b0dde6760fbd3d6866bc1fae558a44bbf9bd290435690c7a9dc9f1a23d

Download Submit
C:\Windows\system\HvchDCE.exe

Filesize
6.0MB

MD5
a6ee7c0a666770673cf05986a34199ad

SHA1
cf570002f51e40b01fe04a13aa73759ee95dae55

SHA256
8d8260abfe44241d449d1c42d29c5a8ee075daaf24ce69b4ad21c1d4dafa7aec

SHA512
988da4b2eee911eb883f95761b3a782ed83e8ff14e08dec727571fabaa89493909a46c0b8ca20ab41e75c137cfcdd49d7cd137ef5918471ce18730a753b00cdd

Download Submit
C:\Windows\system\IGWbBpV.exe

Filesize
6.0MB

MD5
6342f3ac33dba951babf871f0db197ba

SHA1
e7afa5d3ab7799dd9124aa18523c01944c9bea50

SHA256
1c3267f156ab4a374245b841b6f54c4975a48fcc45ed41e52ebf81c02830278a

SHA512
ddde28d93d169e6d44d2745062bd61513afc30c5b1f755c3e2510f9313d2217f5bc12d5e95a28ce89b2665b306ffe68dddf211420c1c9091a552e51bc4b6398f

Download Submit
C:\Windows\system\NYyXcDp.exe

Filesize
6.0MB

MD5
378ddd4c07093e9953d824d49c18eb51

SHA1
fccdf16531cb9bd5ceab4897d151e6c6beaa16be

SHA256
ea54e3f2f205763319ebbb674129fc0b697315afb42f7941b44e75d6aab9aa7c

SHA512
b65d413bbb449c2ba55c5b9a7897ba4397c0c9e59a2f6944c990230241ca6705dead481d63658a208380143623e00e6bc4e3b8ea434e4787e05092fa49a1ccd3

Download Submit
C:\Windows\system\XWdqCOE.exe

Filesize
6.0MB

MD5
30404ea1a8415884ec5250dee13325c6

SHA1
3cb5f6338b51c6f795cb31ab2367461cb8c2e516

SHA256
268202c81d47fba5dcf7a9f726c1eea46a27d086d2d3d4f9cb809bb8632f00d2

SHA512
0939cfbc2af6358748512de06e09d583107335d3135bc78eb9ebbb7a538d9ff2a36e11d2163068aa789d64a7f116372afd5e256ec4e3344333699c286a54a3ee

Download Submit
C:\Windows\system\ZlFsCys.exe

Filesize
6.0MB

MD5
44828f8874e12506ae9e2d6b394f65c7

SHA1
50199647f166fba44f8266d90c1c8687b232c473

SHA256
08448f6dc1844f8c121d062b6eddf8a25e94745ae9c1039aa866afa7b6d321af

SHA512
c8695ac3a2ffeec46a479b1bc25b8d92cc8502fa2ecc2087f157eb3f33b74767ee3a62741ef97f0a63e54d87d7525c30d24cf5f9e747fa4f1a9e3b068108bcfc

Download Submit
C:\Windows\system\dFObwjV.exe

Filesize
6.0MB

MD5
c876cb9107467d4246c704bba1d6677e

SHA1
b8f93031ff096376bdeee69514d3677d5e032222

SHA256
38cc590061b134e5c5c8e92d13c213c48d9a49dcfe7506b31ead763eb178a921

SHA512
32b4431d53577a08715cc326c190874ce98e267dd61f7442cf8d8b742a5c8a1c16f11cde467c0d9cebf788cf8b83714810ed54193b397fc4765d2984f6fc6353

Download Submit
C:\Windows\system\fiZaBMZ.exe

Filesize
6.0MB

MD5
eef91238a72866b5bcedc67166f077e6

SHA1
e423824ea50e0772c8e6e160f65f9cada7519a45

SHA256
7c3655db3878832d953f7264448b2bde103ad818575f82244644b9bba69a51e8

SHA512
bcd96c7c3621fc61fa2d1605549588f1b8095e69967944a9c50b3e843c4b69ae3fd59630870ff0c42973c26151cdc4776e9733f4ab729097f4561c5801b595e7

Download Submit
C:\Windows\system\kFkawCt.exe

Filesize
6.0MB

MD5
2afab8fb841c1f881fa7990f884e8059

SHA1
f6549ae9db3677c411eb1c3c6727c6d58ef23976

SHA256
6b39af9c36750f95a1184e4bcfed74b51bb6f14342344d70b20deeb52b08fb02

SHA512
05875cc00366e7656d8a3594b8e833d0d901bf647bd874ef42f887ee948067c9be55b7916ef42e302643a7460d40aea2de0f452931dce310f5a8f0163faad90f

Download Submit
C:\Windows\system\luGJdZP.exe

Filesize
6.0MB

MD5
98f0fa4389e56ac0f3ed8b57b92c46d0

SHA1
66eafb5331b70f163169d91719816b04b8a77578

SHA256
0606c3cdd16a113fe6e13cba50d85e181c88a484473d17d7b778584f3e48ba14

SHA512
5bfda1b88ac457a3e5253dd23c5e59bca375fe0446799dbecf15580a99db1d72391403110dfaadd3e5361edcd2b3a2d722b8d55c74021648c52a7cfb27d76d4b

Download Submit
C:\Windows\system\onJZFTp.exe

Filesize
5.9MB

MD5
f9bee49d3431570dbdbccb78268ae40c

SHA1
bb12f49c9c12db6fedabbccea8a5877466b03c2f

SHA256
1cdd1270b4031dc04e5e45868e335f1ed7b0511e7251d9e65e046707851b0b89

SHA512
5ff651559c824753206838159d307660a58c6ecce3ed6ccc4042efad6329fd3d35e721baabe0bc823093430c2e2a7332c411cb1b91f6f622cc45c53467095505

Download Submit
C:\Windows\system\pPXFYug.exe

Filesize
6.0MB

MD5
263ecb39354311e1ec172f3cf123ead8

SHA1
15d7f04a2a4d1ccd89066bc34e26e4f239c142a1

SHA256
d00f78cb6791b489dd40cb2e670ac898171f526e5300df225876f6405b3cef76

SHA512
9c4dcca37b546a026cac7865fe8086cd642073bbc3da32ce2405b9ec0049373695ec7dee6ff913c34ca35d8180ae35e983ce97c1f811560d509725b741937087

Download Submit
C:\Windows\system\qCFbBUm.exe

Filesize
6.0MB

MD5
83542fee7f038f8afd9a7ab895d34a81

SHA1
38623cf135ecc090ada7565a2c67d73d5c569cd6

SHA256
905673c069043e060116a74342be4e06a7cc6b1afdc0ae8998a5657cc54a2e02

SHA512
4bc9f6ff7ce4f60254b52bac71e9439f8e4186b65e597032cfbd258fdc1e53db8d5f86fbead5be4bea06c21cb9bf54083212d40fef8062c4ad1535fb297e5c09

Download Submit
C:\Windows\system\rzmyvvr.exe

Filesize
6.0MB

MD5
eacb37be9d14ebf67076b1658aed77e7

SHA1
74d79395fdac18a7e171ff070bf51225290e3482

SHA256
bd3609ec49cae7f2237c3d1eea82d85efef251367f25407beb00afd3e6eb9ff6

SHA512
63d93159aa5e40c3a5b6ddaf88da321472f27a1fce9852845c7378b6ae938478716c9feb61fbb59ab29275679b978b459778e6c490f844e120cebd18e06b2a04

Download Submit
C:\Windows\system\sNjFtoo.exe

Filesize
6.0MB

MD5
ed2df7270833b0edec21f86a072c489f

SHA1
37b9184b034be13076a0b7f3a7a4b9381ef7067a

SHA256
66b0b96b856c4fa641aedd9a47111a40ab42806e2eea2f804dadfb3533287b55

SHA512
7a78c4b4ab48a694fcb4a69d1eff86980b86027900be3ab6c71858d2231754a5494365963a08cf6f39dbdc32c78c0501f48468df924979bb6baf89647de60c9d

Download Submit
C:\Windows\system\zuXfqlB.exe

Filesize
6.0MB

MD5
7576b584f2114ad1066a5858ced9256c

SHA1
f16676e1efbab2eaf0bcc408dab7188d3c98bcdd

SHA256
96f979a7b9c2cdb8b8b6dcf4c871721168d82a1da738c15a779a1accb0875151

SHA512
dc2ec80bd5aeea0407f49f64341bdf5097e36f64489ec007daa1017575504b00f8c26b49c10bbc1cdc6915dc9d31b7daa497f070e4304953895bb2e1496b6759

Download Submit
\Windows\system\EWGzdIa.exe

Filesize
6.0MB

MD5
c06d6074c77937cc4594d91b82ec0825

SHA1
12cd5ef6aade9ab2a1cbc2128d35b2d75cbba628

SHA256
6d472c9c14171b5cc6650acc2a260a125fbc7dcbd3c8419fcd562faa25ab8fc8

SHA512
dccc9cdf4ac818bd40aa2c2a072178eabeffa7c570d2132cb55992fb43b178c7a8b5d57fe95711f22bde8a11f8bd1de88778751ed5617274864d04c21565e747

Download Submit
\Windows\system\FFacVYp.exe

Filesize
6.0MB

MD5
bf583f7430676972b69779b1925d7dd0

SHA1
5057e24e329f907b1e3a0eb346bdef6e5d8ff1ad

SHA256
976d1f98e7e8133484159b3ab489168b3d9f9212c7281570f44068bbf126230a

SHA512
bf6e3ed8d819af353baa5685352e1ed05c8e5aefd262b2f4128a7a8b2d06c7333bf237c3ef97f9e876c1ea8196f7b2401c1a60002c6046e209c7b1f7bf39167a

Download Submit
\Windows\system\FZpBmml.exe

Filesize
6.0MB

MD5
ffac1d2f4872d7b8c2128fe9a4a081ef

SHA1
e2c872ced1c684d79b202d84caf49a7f66b7e548

SHA256
cc6a854b7d445340a484f0fc91878c0727c556957a6dacf109d2ec070d2cb0a9

SHA512
61856f4e2d5bcfd9d1deae576cdea8bcd0972be26ede201daced3da5fcd2cac919bbb7a769dbccaa447280e72aae086d2416ccdf8fadafff64014e1ed46203d3

Download Submit
\Windows\system\LwqMVRe.exe

Filesize
6.0MB

MD5
93cba3554794ece0d31845d87f2b1ad3

SHA1
8cdc803891568032cabd7c199ae66a481a62f401

SHA256
77990937e558c74e0d951440511d6e9f9270d773216a5a8ce9f08b57e2874720

SHA512
238c1944e4c1c60ef4dcf9cb38a92237133def466ab107ec5fe02bb251cb53b53394c330daaf63c17d41d03d3cbb8e723425ab7c2776c84c0d8b03e2c84bf27d

Download Submit
\Windows\system\PbxKUDY.exe

Filesize
6.0MB

MD5
69dfa2b6d7fba753f19ec6689e770f91

SHA1
8c7475f38406e24f7480caf6110fe6d7804a7000

SHA256
23354138b6a09384c3958f00b6fafd92fb2f6884efb0448d4ef93e87bf3a9983

SHA512
b82d7a47a57e51e3c09c3932b2fc1e34fa832af7f3cb82615de7f68b482c2e266ea1dc055940cdca1d3a3cdbedc50f8ad16ecd74c91eb11a249de16b29fb2a5a

Download Submit
\Windows\system\UBMyHRV.exe

Filesize
5.9MB

MD5
aefc55e42e1f31a07fabcd8a3706aaf3

SHA1
b8236a7fe34455ff84bc6d3682c644374ed62745

SHA256
f84cd0a669d4045377c4ac4cffecb62d3c943e32db583a02345880e489ca213c

SHA512
b42fd54a99dfceef4a0b8cccd74818d44da23f55162050be188b33d221d820c62cc87cfc9475580344803433b50b923920df13ec2feeebe0df679b6ebc727c74

Download Submit
\Windows\system\ZdazhOF.exe

Filesize
6.0MB

MD5
cfb71271269998caac2800200c2d3a92

SHA1
564ec9f4fd9527e874baf297c60a1e980e8b6e94

SHA256
c5aca4b04d652236f7b3f1b7a625d03d68440f41f3e92efaa87008d3b3a72cbd

SHA512
44ddd1f3692ed2577c79a0eac7ea7007728fc9a683e6a81abf7430bd2606cdb69fb7609721456a1cd06c2def952ede59a67bf1b2d5ad8b574dc7070bf9da8418

Download Submit
\Windows\system\kBPTqou.exe

Filesize
6.0MB

MD5
94db82e2c695a81e6ca6b0ed8b6d9c6b

SHA1
d5e96965b6f198aff737c57de407c8e88c5d8560

SHA256
9f678b36c8a5bfc2e29b8d1baa8f458edec120e5fc378def492462c96e31adbe

SHA512
ca030336f357f6c937fe0b61c30995fec25b7c284e56572fb8b766915871ff46e2f5e149ae0b89c7245a44c86b37940ed931c75da2098e3b533c5f3c1589b2a1

Download Submit
\Windows\system\lgozvKF.exe

Filesize
6.0MB

MD5
a845defa6462037a6cba61c0726db75d

SHA1
6f40dc1405f3cce8e198bc429d9917ddcd46cdd4

SHA256
78af7a08e8b1a21d627083cc44eaa01c25a78c043e533239cebcc3f7b95ce4e3

SHA512
ee674124fa671533df22ae4e25b18ba07ef486fb572105ce92aabe86889a07a9388198cff40d1562c60d5a6b7dabcc1125503c4bb63004baa1c61a7e1e10ce26

Download Submit
\Windows\system\mNPmeCx.exe

Filesize
5.9MB

MD5
1109e00c230a52002234a6f565a797ac

SHA1
fa947a6b2c45b9bcec86ae9ca5c6417889db15ec

SHA256
5bc7aca9ce511dd4a492a161a02bd9aa0491c06b032464688c590f69955bbdd3

SHA512
f0007d931b5e0368ffb20b65a71d69f5469cad15ca1908021da62b3a7b366911b8f80c2bcf584180f4606ef743b78859c7a802144479c3ce46a704fbcbb25aaa

Download Submit
memory/268-3957-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/268-86-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/268-136-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1728-98-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1832-3850-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-16-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-103-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3915-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2224-70-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2244-15-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3839-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2444-46-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3885-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-62-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2548-7-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2548-95-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2548-116-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2548-97-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2548-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2548-120-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-89-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2548-88-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2548-111-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2548-55-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2548-107-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2548-125-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2548-66-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2548-74-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2548-82-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2548-10-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2548-99-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2548-1025-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-874-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2548-575-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2548-23-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-0-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2548-422-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2548-61-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2548-29-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2548-38-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3899-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2600-64-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3902-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2632-57-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3890-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2660-63-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3897-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2828-69-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2828-21-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2840-78-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3929-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2840-122-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2848-77-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3864-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-27-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-85-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-3892-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-36-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download