cobaltstrike | 34d3c88812051fcccb954201e816f812ea80ca2211a71a32573e11ffbb136223

Analysis

max time kernel
151s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

70914721630310fccdad7f218360e5b6
SHA1

5051164c6b4443c7b1befcc24354b567e4bdc414
SHA256

34d3c88812051fcccb954201e816f812ea80ca2211a71a32573e11ffbb136223
SHA512

ef116c053038c9cca1e9ad43d17e1435aef6a42afaa3f1aff9f1c51eba2382f546413a74d9a60373adc57e52ca13d6f716eea13d443cd30491b537aa2a4b86a5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000195ab-7.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195ad-16.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195b1-27.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195b5-40.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000195b7-48.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-62.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47b-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a493-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a491-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48f-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a488-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a484-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a482-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a480-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47d-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-76.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001957c-71.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000195bb-57.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195b3-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2348-0-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x000d000000012263-3.dat	xmrig
behavioral1/files/0x00090000000195ab-7.dat	xmrig
behavioral1/files/0x00070000000195ad-16.dat	xmrig
behavioral1/memory/2348-14-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2636-23-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x00060000000195b1-27.dat	xmrig
behavioral1/memory/2884-37-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x00060000000195b5-40.dat	xmrig
behavioral1/files/0x00080000000195b7-48.dat	xmrig
behavioral1/files/0x000500000001a469-62.dat	xmrig
behavioral1/memory/2224-58-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2980-67-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/1976-79-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46d-84.dat	xmrig
behavioral1/files/0x000500000001a471-100.dat	xmrig
behavioral1/memory/2224-108-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/1500-103-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2348-99-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/files/0x000500000001a473-106.dat	xmrig
behavioral1/memory/2348-98-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2364-95-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/1036-94-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46f-91.dat	xmrig
behavioral1/memory/2748-80-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a475-111.dat	xmrig
behavioral1/files/0x000500000001a477-118.dat	xmrig
behavioral1/files/0x000500000001a479-124.dat	xmrig
behavioral1/files/0x000500000001a47b-128.dat	xmrig
behavioral1/files/0x000500000001a48a-162.dat	xmrig
behavioral1/memory/2348-294-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/files/0x000500000001a49a-194.dat	xmrig
behavioral1/files/0x000500000001a499-190.dat	xmrig
behavioral1/files/0x000500000001a493-184.dat	xmrig
behavioral1/files/0x000500000001a491-180.dat	xmrig
behavioral1/files/0x000500000001a48f-174.dat	xmrig
behavioral1/files/0x000500000001a48d-170.dat	xmrig
behavioral1/memory/1976-152-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a486-151.dat	xmrig
behavioral1/files/0x000500000001a488-158.dat	xmrig
behavioral1/files/0x000500000001a484-149.dat	xmrig
behavioral1/files/0x000500000001a482-143.dat	xmrig
behavioral1/files/0x000500000001a480-139.dat	xmrig
behavioral1/files/0x000500000001a47d-133.dat	xmrig
behavioral1/memory/2584-73-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46b-76.dat	xmrig
behavioral1/files/0x000800000001957c-71.dat	xmrig
behavioral1/memory/2796-66-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x00080000000195bb-57.dat	xmrig
behavioral1/memory/2348-55-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/3024-54-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2748-42-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x00060000000195b3-33.dat	xmrig
behavioral1/memory/2980-29-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2348-21-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2932-20-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2608-18-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/3024-1118-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2584-1149-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/1500-1125-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/1036-1121-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2884-1120-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2748-1119-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2980-1117-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2608	mYFWzLA.exe
2932	jobIjgW.exe
2636	Jnbvwxa.exe
2980	wuUzvsX.exe
2884	zpSPmps.exe
2748	fApOKPS.exe
3024	xnwlFHX.exe
2224	dJVYCyR.exe
2796	LaMOYHx.exe
2584	TmBZFjQ.exe
1976	qqpWKko.exe
1036	WPEEdcX.exe
2364	yfdIEHH.exe
1500	DVaKqmJ.exe
2552	LIfWAqe.exe
2596	JgZSSfC.exe
1120	CbxFzpI.exe
2172	HRSZWse.exe
1900	CsQNvCo.exe
1380	OkZYQjj.exe
1320	ZcNKICk.exe
2672	QjyNtLo.exe
2068	iViYPIp.exe
2404	BFdygoj.exe
2300	VUpuPlZ.exe
2532	juueAcC.exe
964	FMjnAOQ.exe
768	tdxjMlz.exe
1948	tMuOdtE.exe
1672	eWIFqgb.exe
1008	mTCXoeB.exe
2524	YLNSSTV.exe
2152	pEyxOtv.exe
1428	JIkwxJP.exe
1796	hLzsZDV.exe
916	nXbyDGM.exe
2304	DZFagdw.exe
1060	gRBWiVr.exe
616	eYsANzV.exe
1504	HHLDLZa.exe
776	IKhzWyP.exe
2648	EbBElXs.exe
2632	OZXyqry.exe
2024	fVnmykr.exe
2116	vCdJhZF.exe
880	ziwbSaD.exe
2488	wDwBpVq.exe
2056	aBoYajH.exe
2676	plOBLhe.exe
1744	OUCwbiX.exe
2004	vwUyvdr.exe
1704	cEnQFaD.exe
2616	PDkMCup.exe
572	ryWlhDw.exe
2936	nsHkuAZ.exe
3016	EQaUGcl.exe
2912	EptBGgR.exe
2744	nRExwoG.exe
2860	NAYPjbO.exe
2096	GhzLVwd.exe
3048	aBHvtuT.exe
1088	xsLmRMH.exe
2316	GNoOEBq.exe
2944	mhFouyR.exe

Loads dropped DLL 64 IoCs

pid	Process
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2348-0-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x000d000000012263-3.dat	upx
behavioral1/files/0x00090000000195ab-7.dat	upx
behavioral1/files/0x00070000000195ad-16.dat	upx
behavioral1/memory/2636-23-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x00060000000195b1-27.dat	upx
behavioral1/memory/2884-37-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x00060000000195b5-40.dat	upx
behavioral1/files/0x00080000000195b7-48.dat	upx
behavioral1/files/0x000500000001a469-62.dat	upx
behavioral1/memory/2224-58-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2980-67-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/1976-79-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x000500000001a46d-84.dat	upx
behavioral1/files/0x000500000001a471-100.dat	upx
behavioral1/memory/2224-108-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/1500-103-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/files/0x000500000001a473-106.dat	upx
behavioral1/memory/2364-95-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/1036-94-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x000500000001a46f-91.dat	upx
behavioral1/memory/2748-80-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x000500000001a475-111.dat	upx
behavioral1/files/0x000500000001a477-118.dat	upx
behavioral1/files/0x000500000001a479-124.dat	upx
behavioral1/files/0x000500000001a47b-128.dat	upx
behavioral1/files/0x000500000001a48a-162.dat	upx
behavioral1/files/0x000500000001a49a-194.dat	upx
behavioral1/files/0x000500000001a499-190.dat	upx
behavioral1/files/0x000500000001a493-184.dat	upx
behavioral1/files/0x000500000001a491-180.dat	upx
behavioral1/files/0x000500000001a48f-174.dat	upx
behavioral1/files/0x000500000001a48d-170.dat	upx
behavioral1/memory/1976-152-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x000500000001a486-151.dat	upx
behavioral1/files/0x000500000001a488-158.dat	upx
behavioral1/files/0x000500000001a484-149.dat	upx
behavioral1/files/0x000500000001a482-143.dat	upx
behavioral1/files/0x000500000001a480-139.dat	upx
behavioral1/files/0x000500000001a47d-133.dat	upx
behavioral1/memory/2584-73-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x000500000001a46b-76.dat	upx
behavioral1/files/0x000800000001957c-71.dat	upx
behavioral1/memory/2796-66-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x00080000000195bb-57.dat	upx
behavioral1/memory/2348-55-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/3024-54-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2748-42-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x00060000000195b3-33.dat	upx
behavioral1/memory/2980-29-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2932-20-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2608-18-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/3024-1118-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2584-1149-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/1500-1125-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/1036-1121-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2884-1120-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2748-1119-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2980-1117-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2796-1116-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2932-1115-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/1976-1114-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2364-1113-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2224-1112-0x000000013F410000-0x000000013F764000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UYxtcRO.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STFbBIS.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJwjLZa.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHhPwOy.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDIZRJW.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgKNaCu.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZyPHMY.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjEZBoO.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvYWHEa.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRBWiVr.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhFouyR.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDlixRB.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBAjlNC.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\raZNVUn.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCmCwup.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OovyWlF.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYdwfKu.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuUzvsX.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JOdnspN.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MvEovgp.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtZACHj.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YafZGzO.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKbaCCw.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BujOAZi.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hiFAByu.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IamgONt.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDcrOdM.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjnlXvL.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcmAHue.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRZgrvL.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcVXMKn.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taBwFDT.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skdEbmz.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXfmVFj.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbcGnNd.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXlSaSi.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJVYCyR.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bvIFKoB.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgIIuTw.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwwaGhD.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePkHesI.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFrReBk.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCrngaM.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWIpJKl.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHaxVxa.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqGcAsZ.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfFkPsu.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvJDxMK.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ieEsNDU.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YspsIEU.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXYFBZo.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIPnleC.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvfZnQp.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEfTQtK.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Akjnjzl.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOWATwR.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpjPJZi.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJVUBEf.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoEgofr.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIssAsE.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdAuALq.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTRcJbM.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtOfCxz.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjtUAbh.exe	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2608	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2348 wrote to memory of 2608	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2348 wrote to memory of 2608	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2348 wrote to memory of 2932	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2348 wrote to memory of 2932	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2348 wrote to memory of 2932	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2348 wrote to memory of 2636	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2348 wrote to memory of 2636	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2348 wrote to memory of 2636	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2348 wrote to memory of 2980	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2348 wrote to memory of 2980	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2348 wrote to memory of 2980	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2348 wrote to memory of 2884	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2348 wrote to memory of 2884	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2348 wrote to memory of 2884	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2348 wrote to memory of 2748	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2348 wrote to memory of 2748	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2348 wrote to memory of 2748	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2348 wrote to memory of 3024	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2348 wrote to memory of 3024	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2348 wrote to memory of 3024	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2348 wrote to memory of 2224	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2348 wrote to memory of 2224	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2348 wrote to memory of 2224	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2348 wrote to memory of 2796	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2348 wrote to memory of 2796	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2348 wrote to memory of 2796	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2348 wrote to memory of 2584	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2348 wrote to memory of 2584	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2348 wrote to memory of 2584	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2348 wrote to memory of 1976	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2348 wrote to memory of 1976	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2348 wrote to memory of 1976	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2348 wrote to memory of 1036	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2348 wrote to memory of 1036	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2348 wrote to memory of 1036	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2348 wrote to memory of 2364	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2348 wrote to memory of 2364	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2348 wrote to memory of 2364	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2348 wrote to memory of 1500	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2348 wrote to memory of 1500	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2348 wrote to memory of 1500	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2348 wrote to memory of 2552	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2348 wrote to memory of 2552	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2348 wrote to memory of 2552	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2348 wrote to memory of 2596	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2348 wrote to memory of 2596	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2348 wrote to memory of 2596	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2348 wrote to memory of 1120	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2348 wrote to memory of 1120	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2348 wrote to memory of 1120	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2348 wrote to memory of 2172	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2348 wrote to memory of 2172	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2348 wrote to memory of 2172	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2348 wrote to memory of 1900	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2348 wrote to memory of 1900	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2348 wrote to memory of 1900	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2348 wrote to memory of 1380	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2348 wrote to memory of 1380	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2348 wrote to memory of 1380	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2348 wrote to memory of 1320	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2348 wrote to memory of 1320	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2348 wrote to memory of 1320	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2348 wrote to memory of 2672	2348	2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_70914721630310fccdad7f218360e5b6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\System\mYFWzLA.exe
  C:\Windows\System\mYFWzLA.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\jobIjgW.exe
  C:\Windows\System\jobIjgW.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\Jnbvwxa.exe
  C:\Windows\System\Jnbvwxa.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\wuUzvsX.exe
  C:\Windows\System\wuUzvsX.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\zpSPmps.exe
  C:\Windows\System\zpSPmps.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\fApOKPS.exe
  C:\Windows\System\fApOKPS.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\xnwlFHX.exe
  C:\Windows\System\xnwlFHX.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\dJVYCyR.exe
  C:\Windows\System\dJVYCyR.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\LaMOYHx.exe
  C:\Windows\System\LaMOYHx.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\TmBZFjQ.exe
  C:\Windows\System\TmBZFjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\qqpWKko.exe
  C:\Windows\System\qqpWKko.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\WPEEdcX.exe
  C:\Windows\System\WPEEdcX.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\yfdIEHH.exe
  C:\Windows\System\yfdIEHH.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\DVaKqmJ.exe
  C:\Windows\System\DVaKqmJ.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\LIfWAqe.exe
  C:\Windows\System\LIfWAqe.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\JgZSSfC.exe
  C:\Windows\System\JgZSSfC.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\CbxFzpI.exe
  C:\Windows\System\CbxFzpI.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\HRSZWse.exe
  C:\Windows\System\HRSZWse.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\CsQNvCo.exe
  C:\Windows\System\CsQNvCo.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\OkZYQjj.exe
  C:\Windows\System\OkZYQjj.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\ZcNKICk.exe
  C:\Windows\System\ZcNKICk.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\QjyNtLo.exe
  C:\Windows\System\QjyNtLo.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\iViYPIp.exe
  C:\Windows\System\iViYPIp.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\VUpuPlZ.exe
  C:\Windows\System\VUpuPlZ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\BFdygoj.exe
  C:\Windows\System\BFdygoj.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\juueAcC.exe
  C:\Windows\System\juueAcC.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\FMjnAOQ.exe
  C:\Windows\System\FMjnAOQ.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\tdxjMlz.exe
  C:\Windows\System\tdxjMlz.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\tMuOdtE.exe
  C:\Windows\System\tMuOdtE.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\eWIFqgb.exe
  C:\Windows\System\eWIFqgb.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\mTCXoeB.exe
  C:\Windows\System\mTCXoeB.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\YLNSSTV.exe
  C:\Windows\System\YLNSSTV.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\pEyxOtv.exe
  C:\Windows\System\pEyxOtv.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\JIkwxJP.exe
  C:\Windows\System\JIkwxJP.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\hLzsZDV.exe
  C:\Windows\System\hLzsZDV.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\nXbyDGM.exe
  C:\Windows\System\nXbyDGM.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\DZFagdw.exe
  C:\Windows\System\DZFagdw.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\gRBWiVr.exe
  C:\Windows\System\gRBWiVr.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\eYsANzV.exe
  C:\Windows\System\eYsANzV.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\HHLDLZa.exe
  C:\Windows\System\HHLDLZa.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\IKhzWyP.exe
  C:\Windows\System\IKhzWyP.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\EbBElXs.exe
  C:\Windows\System\EbBElXs.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\OZXyqry.exe
  C:\Windows\System\OZXyqry.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\wDwBpVq.exe
  C:\Windows\System\wDwBpVq.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\fVnmykr.exe
  C:\Windows\System\fVnmykr.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\aBoYajH.exe
  C:\Windows\System\aBoYajH.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\vCdJhZF.exe
  C:\Windows\System\vCdJhZF.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\plOBLhe.exe
  C:\Windows\System\plOBLhe.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\ziwbSaD.exe
  C:\Windows\System\ziwbSaD.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\OUCwbiX.exe
  C:\Windows\System\OUCwbiX.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\vwUyvdr.exe
  C:\Windows\System\vwUyvdr.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\cEnQFaD.exe
  C:\Windows\System\cEnQFaD.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\PDkMCup.exe
  C:\Windows\System\PDkMCup.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ryWlhDw.exe
  C:\Windows\System\ryWlhDw.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\nsHkuAZ.exe
  C:\Windows\System\nsHkuAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\EQaUGcl.exe
  C:\Windows\System\EQaUGcl.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\EptBGgR.exe
  C:\Windows\System\EptBGgR.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\NAYPjbO.exe
  C:\Windows\System\NAYPjbO.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\nRExwoG.exe
  C:\Windows\System\nRExwoG.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\GhzLVwd.exe
  C:\Windows\System\GhzLVwd.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\aBHvtuT.exe
  C:\Windows\System\aBHvtuT.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\GNoOEBq.exe
  C:\Windows\System\GNoOEBq.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\xsLmRMH.exe
  C:\Windows\System\xsLmRMH.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\ewvFDBK.exe
  C:\Windows\System\ewvFDBK.exe
  2⤵
  PID:1180
- C:\Windows\System\mhFouyR.exe
  C:\Windows\System\mhFouyR.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\yAHfCLI.exe
  C:\Windows\System\yAHfCLI.exe
  2⤵
  PID:2036
- C:\Windows\System\GyJDIan.exe
  C:\Windows\System\GyJDIan.exe
  2⤵
  PID:1692
- C:\Windows\System\zpISEjX.exe
  C:\Windows\System\zpISEjX.exe
  2⤵
  PID:2080
- C:\Windows\System\soCcnSf.exe
  C:\Windows\System\soCcnSf.exe
  2⤵
  PID:2700
- C:\Windows\System\yfACfBD.exe
  C:\Windows\System\yfACfBD.exe
  2⤵
  PID:2416
- C:\Windows\System\opFbNil.exe
  C:\Windows\System\opFbNil.exe
  2⤵
  PID:876
- C:\Windows\System\WSqvEUw.exe
  C:\Windows\System\WSqvEUw.exe
  2⤵
  PID:1628
- C:\Windows\System\LfFCGcx.exe
  C:\Windows\System\LfFCGcx.exe
  2⤵
  PID:1420
- C:\Windows\System\gzUUwVR.exe
  C:\Windows\System\gzUUwVR.exe
  2⤵
  PID:1104
- C:\Windows\System\jSTZjHO.exe
  C:\Windows\System\jSTZjHO.exe
  2⤵
  PID:1340
- C:\Windows\System\eahbucj.exe
  C:\Windows\System\eahbucj.exe
  2⤵
  PID:772
- C:\Windows\System\KbQDqSC.exe
  C:\Windows\System\KbQDqSC.exe
  2⤵
  PID:848
- C:\Windows\System\YUbCMMg.exe
  C:\Windows\System\YUbCMMg.exe
  2⤵
  PID:1540
- C:\Windows\System\fIMHldI.exe
  C:\Windows\System\fIMHldI.exe
  2⤵
  PID:304
- C:\Windows\System\kvzyjuX.exe
  C:\Windows\System\kvzyjuX.exe
  2⤵
  PID:612
- C:\Windows\System\sGvBBwa.exe
  C:\Windows\System\sGvBBwa.exe
  2⤵
  PID:928
- C:\Windows\System\EoStkLh.exe
  C:\Windows\System\EoStkLh.exe
  2⤵
  PID:2124
- C:\Windows\System\kZAzMPj.exe
  C:\Windows\System\kZAzMPj.exe
  2⤵
  PID:1696
- C:\Windows\System\VPanOpV.exe
  C:\Windows\System\VPanOpV.exe
  2⤵
  PID:2324
- C:\Windows\System\kXcyIoL.exe
  C:\Windows\System\kXcyIoL.exe
  2⤵
  PID:2828
- C:\Windows\System\JTRslMN.exe
  C:\Windows\System\JTRslMN.exe
  2⤵
  PID:2904
- C:\Windows\System\PFPNfcM.exe
  C:\Windows\System\PFPNfcM.exe
  2⤵
  PID:2792
- C:\Windows\System\VoudUFR.exe
  C:\Windows\System\VoudUFR.exe
  2⤵
  PID:2312
- C:\Windows\System\jlzEVSE.exe
  C:\Windows\System\jlzEVSE.exe
  2⤵
  PID:1620
- C:\Windows\System\YIFzHGs.exe
  C:\Windows\System\YIFzHGs.exe
  2⤵
  PID:2956
- C:\Windows\System\WZRLaxf.exe
  C:\Windows\System\WZRLaxf.exe
  2⤵
  PID:3052
- C:\Windows\System\pHtElSw.exe
  C:\Windows\System\pHtElSw.exe
  2⤵
  PID:2284
- C:\Windows\System\bEhZeSb.exe
  C:\Windows\System\bEhZeSb.exe
  2⤵
  PID:2988
- C:\Windows\System\uMBDHPX.exe
  C:\Windows\System\uMBDHPX.exe
  2⤵
  PID:2000
- C:\Windows\System\IxneTxc.exe
  C:\Windows\System\IxneTxc.exe
  2⤵
  PID:2948
- C:\Windows\System\YafZGzO.exe
  C:\Windows\System\YafZGzO.exe
  2⤵
  PID:2372
- C:\Windows\System\jyCxkiX.exe
  C:\Windows\System\jyCxkiX.exe
  2⤵
  PID:2520
- C:\Windows\System\fGiuIUh.exe
  C:\Windows\System\fGiuIUh.exe
  2⤵
  PID:1980
- C:\Windows\System\SsOyBup.exe
  C:\Windows\System\SsOyBup.exe
  2⤵
  PID:1828
- C:\Windows\System\srgboLh.exe
  C:\Windows\System\srgboLh.exe
  2⤵
  PID:1240
- C:\Windows\System\itFjAvg.exe
  C:\Windows\System\itFjAvg.exe
  2⤵
  PID:3060
- C:\Windows\System\BJCoqwO.exe
  C:\Windows\System\BJCoqwO.exe
  2⤵
  PID:2268
- C:\Windows\System\pZYGDGq.exe
  C:\Windows\System\pZYGDGq.exe
  2⤵
  PID:2960
- C:\Windows\System\gZpYlyw.exe
  C:\Windows\System\gZpYlyw.exe
  2⤵
  PID:1192
- C:\Windows\System\YmJCISf.exe
  C:\Windows\System\YmJCISf.exe
  2⤵
  PID:2140
- C:\Windows\System\qgrsbiO.exe
  C:\Windows\System\qgrsbiO.exe
  2⤵
  PID:3020
- C:\Windows\System\pNVKeDs.exe
  C:\Windows\System\pNVKeDs.exe
  2⤵
  PID:2940
- C:\Windows\System\MBrEwuu.exe
  C:\Windows\System\MBrEwuu.exe
  2⤵
  PID:940
- C:\Windows\System\DbIfAZE.exe
  C:\Windows\System\DbIfAZE.exe
  2⤵
  PID:2848
- C:\Windows\System\wnknVBu.exe
  C:\Windows\System\wnknVBu.exe
  2⤵
  PID:548
- C:\Windows\System\pMnLxyB.exe
  C:\Windows\System\pMnLxyB.exe
  2⤵
  PID:1288
- C:\Windows\System\NhNCvZR.exe
  C:\Windows\System\NhNCvZR.exe
  2⤵
  PID:2808
- C:\Windows\System\fFzZTje.exe
  C:\Windows\System\fFzZTje.exe
  2⤵
  PID:932
- C:\Windows\System\ydADJHF.exe
  C:\Windows\System\ydADJHF.exe
  2⤵
  PID:1156
- C:\Windows\System\NDlixRB.exe
  C:\Windows\System\NDlixRB.exe
  2⤵
  PID:1616
- C:\Windows\System\ZsioXtj.exe
  C:\Windows\System\ZsioXtj.exe
  2⤵
  PID:1732
- C:\Windows\System\gaTYYxB.exe
  C:\Windows\System\gaTYYxB.exe
  2⤵
  PID:1716
- C:\Windows\System\SAaBofP.exe
  C:\Windows\System\SAaBofP.exe
  2⤵
  PID:2968
- C:\Windows\System\JXvETYr.exe
  C:\Windows\System\JXvETYr.exe
  2⤵
  PID:2832
- C:\Windows\System\PfAdgIM.exe
  C:\Windows\System\PfAdgIM.exe
  2⤵
  PID:2344
- C:\Windows\System\XkmbNCe.exe
  C:\Windows\System\XkmbNCe.exe
  2⤵
  PID:2508
- C:\Windows\System\LWIpJKl.exe
  C:\Windows\System\LWIpJKl.exe
  2⤵
  PID:2032
- C:\Windows\System\xyDdYgm.exe
  C:\Windows\System\xyDdYgm.exe
  2⤵
  PID:2296
- C:\Windows\System\mavMfNC.exe
  C:\Windows\System\mavMfNC.exe
  2⤵
  PID:2500
- C:\Windows\System\cbkMXaV.exe
  C:\Windows\System\cbkMXaV.exe
  2⤵
  PID:2432
- C:\Windows\System\nVEsHQK.exe
  C:\Windows\System\nVEsHQK.exe
  2⤵
  PID:1820
- C:\Windows\System\ZvRuQxr.exe
  C:\Windows\System\ZvRuQxr.exe
  2⤵
  PID:1328
- C:\Windows\System\DOQdliA.exe
  C:\Windows\System\DOQdliA.exe
  2⤵
  PID:2164
- C:\Windows\System\GgymIpT.exe
  C:\Windows\System\GgymIpT.exe
  2⤵
  PID:1584
- C:\Windows\System\fTfspps.exe
  C:\Windows\System\fTfspps.exe
  2⤵
  PID:644
- C:\Windows\System\rFqkJce.exe
  C:\Windows\System\rFqkJce.exe
  2⤵
  PID:976
- C:\Windows\System\CSGMZWz.exe
  C:\Windows\System\CSGMZWz.exe
  2⤵
  PID:2384
- C:\Windows\System\xgOdxpk.exe
  C:\Windows\System\xgOdxpk.exe
  2⤵
  PID:3004
- C:\Windows\System\VMSimus.exe
  C:\Windows\System\VMSimus.exe
  2⤵
  PID:2332
- C:\Windows\System\CJYQlVe.exe
  C:\Windows\System\CJYQlVe.exe
  2⤵
  PID:2148
- C:\Windows\System\JKuWDsR.exe
  C:\Windows\System\JKuWDsR.exe
  2⤵
  PID:2660
- C:\Windows\System\HDRQdFZ.exe
  C:\Windows\System\HDRQdFZ.exe
  2⤵
  PID:844
- C:\Windows\System\kMCpgiw.exe
  C:\Windows\System\kMCpgiw.exe
  2⤵
  PID:1888
- C:\Windows\System\bvIFKoB.exe
  C:\Windows\System\bvIFKoB.exe
  2⤵
  PID:1576
- C:\Windows\System\HYrcqNn.exe
  C:\Windows\System\HYrcqNn.exe
  2⤵
  PID:2272
- C:\Windows\System\RrPbJua.exe
  C:\Windows\System\RrPbJua.exe
  2⤵
  PID:1232
- C:\Windows\System\DcaddaP.exe
  C:\Windows\System\DcaddaP.exe
  2⤵
  PID:2984
- C:\Windows\System\fmDnMke.exe
  C:\Windows\System\fmDnMke.exe
  2⤵
  PID:2628
- C:\Windows\System\RbirNzP.exe
  C:\Windows\System\RbirNzP.exe
  2⤵
  PID:2356
- C:\Windows\System\mnsstzj.exe
  C:\Windows\System\mnsstzj.exe
  2⤵
  PID:1624
- C:\Windows\System\EnCuizG.exe
  C:\Windows\System\EnCuizG.exe
  2⤵
  PID:2204
- C:\Windows\System\FKbaCCw.exe
  C:\Windows\System\FKbaCCw.exe
  2⤵
  PID:3012
- C:\Windows\System\wcmAHue.exe
  C:\Windows\System\wcmAHue.exe
  2⤵
  PID:2908
- C:\Windows\System\qhmmrBb.exe
  C:\Windows\System\qhmmrBb.exe
  2⤵
  PID:580
- C:\Windows\System\LeqRbai.exe
  C:\Windows\System\LeqRbai.exe
  2⤵
  PID:1148
- C:\Windows\System\djWBGlO.exe
  C:\Windows\System\djWBGlO.exe
  2⤵
  PID:568
- C:\Windows\System\TNZZJMu.exe
  C:\Windows\System\TNZZJMu.exe
  2⤵
  PID:1764
- C:\Windows\System\bzDtpch.exe
  C:\Windows\System\bzDtpch.exe
  2⤵
  PID:2768
- C:\Windows\System\DiQRLDV.exe
  C:\Windows\System\DiQRLDV.exe
  2⤵
  PID:2772
- C:\Windows\System\SLcwNtc.exe
  C:\Windows\System\SLcwNtc.exe
  2⤵
  PID:3080
- C:\Windows\System\FWMdkcx.exe
  C:\Windows\System\FWMdkcx.exe
  2⤵
  PID:3100
- C:\Windows\System\hwAJrBE.exe
  C:\Windows\System\hwAJrBE.exe
  2⤵
  PID:3120
- C:\Windows\System\knRBHLa.exe
  C:\Windows\System\knRBHLa.exe
  2⤵
  PID:3136
- C:\Windows\System\bdBvBAx.exe
  C:\Windows\System\bdBvBAx.exe
  2⤵
  PID:3156
- C:\Windows\System\npgKKhR.exe
  C:\Windows\System\npgKKhR.exe
  2⤵
  PID:3172
- C:\Windows\System\OCoktbh.exe
  C:\Windows\System\OCoktbh.exe
  2⤵
  PID:3216
- C:\Windows\System\gfTZUob.exe
  C:\Windows\System\gfTZUob.exe
  2⤵
  PID:3232
- C:\Windows\System\yBZlyci.exe
  C:\Windows\System\yBZlyci.exe
  2⤵
  PID:3248
- C:\Windows\System\pFGiHEP.exe
  C:\Windows\System\pFGiHEP.exe
  2⤵
  PID:3264
- C:\Windows\System\UJhuEvG.exe
  C:\Windows\System\UJhuEvG.exe
  2⤵
  PID:3300
- C:\Windows\System\bIschAd.exe
  C:\Windows\System\bIschAd.exe
  2⤵
  PID:3316
- C:\Windows\System\YwdjjZv.exe
  C:\Windows\System\YwdjjZv.exe
  2⤵
  PID:3336
- C:\Windows\System\LMvisRb.exe
  C:\Windows\System\LMvisRb.exe
  2⤵
  PID:3352
- C:\Windows\System\NFgEFrL.exe
  C:\Windows\System\NFgEFrL.exe
  2⤵
  PID:3368
- C:\Windows\System\zxhRIMK.exe
  C:\Windows\System\zxhRIMK.exe
  2⤵
  PID:3400
- C:\Windows\System\KKCWnGM.exe
  C:\Windows\System\KKCWnGM.exe
  2⤵
  PID:3416
- C:\Windows\System\NFIhpWW.exe
  C:\Windows\System\NFIhpWW.exe
  2⤵
  PID:3432
- C:\Windows\System\pRpyzNf.exe
  C:\Windows\System\pRpyzNf.exe
  2⤵
  PID:3452
- C:\Windows\System\rvyarsE.exe
  C:\Windows\System\rvyarsE.exe
  2⤵
  PID:3472
- C:\Windows\System\sMbpLHM.exe
  C:\Windows\System\sMbpLHM.exe
  2⤵
  PID:3496
- C:\Windows\System\gpykLTl.exe
  C:\Windows\System\gpykLTl.exe
  2⤵
  PID:3516
- C:\Windows\System\sjJGTMR.exe
  C:\Windows\System\sjJGTMR.exe
  2⤵
  PID:3532
- C:\Windows\System\ufpnsCQ.exe
  C:\Windows\System\ufpnsCQ.exe
  2⤵
  PID:3548
- C:\Windows\System\JWKPnrh.exe
  C:\Windows\System\JWKPnrh.exe
  2⤵
  PID:3564
- C:\Windows\System\zmmrPUe.exe
  C:\Windows\System\zmmrPUe.exe
  2⤵
  PID:3584
- C:\Windows\System\TZGhOLa.exe
  C:\Windows\System\TZGhOLa.exe
  2⤵
  PID:3616
- C:\Windows\System\CIPnleC.exe
  C:\Windows\System\CIPnleC.exe
  2⤵
  PID:3636
- C:\Windows\System\jxkLrht.exe
  C:\Windows\System\jxkLrht.exe
  2⤵
  PID:3652
- C:\Windows\System\BVegxCU.exe
  C:\Windows\System\BVegxCU.exe
  2⤵
  PID:3668
- C:\Windows\System\rSlTywS.exe
  C:\Windows\System\rSlTywS.exe
  2⤵
  PID:3684
- C:\Windows\System\zgvfDMr.exe
  C:\Windows\System\zgvfDMr.exe
  2⤵
  PID:3708
- C:\Windows\System\KjhjxJb.exe
  C:\Windows\System\KjhjxJb.exe
  2⤵
  PID:3724
- C:\Windows\System\qoEgofr.exe
  C:\Windows\System\qoEgofr.exe
  2⤵
  PID:3740
- C:\Windows\System\tFlnVYg.exe
  C:\Windows\System\tFlnVYg.exe
  2⤵
  PID:3764
- C:\Windows\System\BgeSsrR.exe
  C:\Windows\System\BgeSsrR.exe
  2⤵
  PID:3800
- C:\Windows\System\KoQFVKu.exe
  C:\Windows\System\KoQFVKu.exe
  2⤵
  PID:3820
- C:\Windows\System\TdJpUZw.exe
  C:\Windows\System\TdJpUZw.exe
  2⤵
  PID:3836
- C:\Windows\System\vhMTQZv.exe
  C:\Windows\System\vhMTQZv.exe
  2⤵
  PID:3852
- C:\Windows\System\rOSatFW.exe
  C:\Windows\System\rOSatFW.exe
  2⤵
  PID:3916
- C:\Windows\System\uAPZeVS.exe
  C:\Windows\System\uAPZeVS.exe
  2⤵
  PID:3932
- C:\Windows\System\CZdFfNa.exe
  C:\Windows\System\CZdFfNa.exe
  2⤵
  PID:3952
- C:\Windows\System\skdEbmz.exe
  C:\Windows\System\skdEbmz.exe
  2⤵
  PID:3968
- C:\Windows\System\loRYwMx.exe
  C:\Windows\System\loRYwMx.exe
  2⤵
  PID:3984
- C:\Windows\System\GXgRSYm.exe
  C:\Windows\System\GXgRSYm.exe
  2⤵
  PID:4004
- C:\Windows\System\MrBHGez.exe
  C:\Windows\System\MrBHGez.exe
  2⤵
  PID:4020
- C:\Windows\System\cFSBgSB.exe
  C:\Windows\System\cFSBgSB.exe
  2⤵
  PID:4040
- C:\Windows\System\udYqUtV.exe
  C:\Windows\System\udYqUtV.exe
  2⤵
  PID:4076
- C:\Windows\System\KnSGRUu.exe
  C:\Windows\System\KnSGRUu.exe
  2⤵
  PID:4092
- C:\Windows\System\cHaOUJn.exe
  C:\Windows\System\cHaOUJn.exe
  2⤵
  PID:3076
- C:\Windows\System\mLlIQBc.exe
  C:\Windows\System\mLlIQBc.exe
  2⤵
  PID:3144
- C:\Windows\System\JkOcgZx.exe
  C:\Windows\System\JkOcgZx.exe
  2⤵
  PID:3188
- C:\Windows\System\lHMSGzr.exe
  C:\Windows\System\lHMSGzr.exe
  2⤵
  PID:3212
- C:\Windows\System\JfXlEhI.exe
  C:\Windows\System\JfXlEhI.exe
  2⤵
  PID:3276
- C:\Windows\System\pOajUGY.exe
  C:\Windows\System\pOajUGY.exe
  2⤵
  PID:2924
- C:\Windows\System\rPhkJNU.exe
  C:\Windows\System\rPhkJNU.exe
  2⤵
  PID:3088
- C:\Windows\System\BrCWQIz.exe
  C:\Windows\System\BrCWQIz.exe
  2⤵
  PID:3132
- C:\Windows\System\RnCRiDM.exe
  C:\Windows\System\RnCRiDM.exe
  2⤵
  PID:3224
- C:\Windows\System\XwhsIQd.exe
  C:\Windows\System\XwhsIQd.exe
  2⤵
  PID:3228
- C:\Windows\System\FflpbXj.exe
  C:\Windows\System\FflpbXj.exe
  2⤵
  PID:3312
- C:\Windows\System\gYCUHJL.exe
  C:\Windows\System\gYCUHJL.exe
  2⤵
  PID:3388
- C:\Windows\System\chxaUZx.exe
  C:\Windows\System\chxaUZx.exe
  2⤵
  PID:3488
- C:\Windows\System\vzIhjiF.exe
  C:\Windows\System\vzIhjiF.exe
  2⤵
  PID:3600
- C:\Windows\System\RQLYbBn.exe
  C:\Windows\System\RQLYbBn.exe
  2⤵
  PID:3468
- C:\Windows\System\MsiCggC.exe
  C:\Windows\System\MsiCggC.exe
  2⤵
  PID:3464
- C:\Windows\System\tIgtqud.exe
  C:\Windows\System\tIgtqud.exe
  2⤵
  PID:3644
- C:\Windows\System\dEzWeXO.exe
  C:\Windows\System\dEzWeXO.exe
  2⤵
  PID:3540
- C:\Windows\System\WsNGSWi.exe
  C:\Windows\System\WsNGSWi.exe
  2⤵
  PID:3720
- C:\Windows\System\DvxoCTC.exe
  C:\Windows\System\DvxoCTC.exe
  2⤵
  PID:3576
- C:\Windows\System\JQwHPdh.exe
  C:\Windows\System\JQwHPdh.exe
  2⤵
  PID:3700
- C:\Windows\System\JxbqBtY.exe
  C:\Windows\System\JxbqBtY.exe
  2⤵
  PID:3632
- C:\Windows\System\UxMacXo.exe
  C:\Windows\System\UxMacXo.exe
  2⤵
  PID:3736
- C:\Windows\System\sGwlYHi.exe
  C:\Windows\System\sGwlYHi.exe
  2⤵
  PID:3812
- C:\Windows\System\seTYhCw.exe
  C:\Windows\System\seTYhCw.exe
  2⤵
  PID:3832
- C:\Windows\System\wkQFcKd.exe
  C:\Windows\System\wkQFcKd.exe
  2⤵
  PID:3876
- C:\Windows\System\NEQdSjX.exe
  C:\Windows\System\NEQdSjX.exe
  2⤵
  PID:2484
- C:\Windows\System\MqYKetz.exe
  C:\Windows\System\MqYKetz.exe
  2⤵
  PID:1040
- C:\Windows\System\wXwFfnR.exe
  C:\Windows\System\wXwFfnR.exe
  2⤵
  PID:2568
- C:\Windows\System\GGrsRsG.exe
  C:\Windows\System\GGrsRsG.exe
  2⤵
  PID:2132
- C:\Windows\System\vengPIk.exe
  C:\Windows\System\vengPIk.exe
  2⤵
  PID:1324
- C:\Windows\System\SKXMAiW.exe
  C:\Windows\System\SKXMAiW.exe
  2⤵
  PID:3008
- C:\Windows\System\HwSyIHR.exe
  C:\Windows\System\HwSyIHR.exe
  2⤵
  PID:2612
- C:\Windows\System\GbBpXzI.exe
  C:\Windows\System\GbBpXzI.exe
  2⤵
  PID:3924
- C:\Windows\System\OtNnrGq.exe
  C:\Windows\System\OtNnrGq.exe
  2⤵
  PID:4032
- C:\Windows\System\YFwpYUf.exe
  C:\Windows\System\YFwpYUf.exe
  2⤵
  PID:4036
- C:\Windows\System\hFUuhDT.exe
  C:\Windows\System\hFUuhDT.exe
  2⤵
  PID:3940
- C:\Windows\System\iXfmVFj.exe
  C:\Windows\System\iXfmVFj.exe
  2⤵
  PID:4068
- C:\Windows\System\wkGvDEZ.exe
  C:\Windows\System\wkGvDEZ.exe
  2⤵
  PID:4084
- C:\Windows\System\oVPOaUT.exe
  C:\Windows\System\oVPOaUT.exe
  2⤵
  PID:1880
- C:\Windows\System\xegyJke.exe
  C:\Windows\System\xegyJke.exe
  2⤵
  PID:1468
- C:\Windows\System\lLXsZvB.exe
  C:\Windows\System\lLXsZvB.exe
  2⤵
  PID:3376
- C:\Windows\System\PmuVhac.exe
  C:\Windows\System\PmuVhac.exe
  2⤵
  PID:3380
- C:\Windows\System\mxMmyFi.exe
  C:\Windows\System\mxMmyFi.exe
  2⤵
  PID:3280
- C:\Windows\System\NgjXEKK.exe
  C:\Windows\System\NgjXEKK.exe
  2⤵
  PID:3196
- C:\Windows\System\zpxDtyO.exe
  C:\Windows\System\zpxDtyO.exe
  2⤵
  PID:3324
- C:\Windows\System\WDOfVTG.exe
  C:\Windows\System\WDOfVTG.exe
  2⤵
  PID:3396
- C:\Windows\System\OFvyTdW.exe
  C:\Windows\System\OFvyTdW.exe
  2⤵
  PID:3448
- C:\Windows\System\bpXATFz.exe
  C:\Windows\System\bpXATFz.exe
  2⤵
  PID:3592
- C:\Windows\System\hDRnzFi.exe
  C:\Windows\System\hDRnzFi.exe
  2⤵
  PID:3788
- C:\Windows\System\zBCacTc.exe
  C:\Windows\System\zBCacTc.exe
  2⤵
  PID:3612
- C:\Windows\System\AzRLdDq.exe
  C:\Windows\System\AzRLdDq.exe
  2⤵
  PID:2184
- C:\Windows\System\moKscWJ.exe
  C:\Windows\System\moKscWJ.exe
  2⤵
  PID:3664
- C:\Windows\System\lBlCsME.exe
  C:\Windows\System\lBlCsME.exe
  2⤵
  PID:3784
- C:\Windows\System\OGxNZTZ.exe
  C:\Windows\System\OGxNZTZ.exe
  2⤵
  PID:1384
- C:\Windows\System\oIssAsE.exe
  C:\Windows\System\oIssAsE.exe
  2⤵
  PID:2420
- C:\Windows\System\LbixJhd.exe
  C:\Windows\System\LbixJhd.exe
  2⤵
  PID:1524
- C:\Windows\System\pTocqiD.exe
  C:\Windows\System\pTocqiD.exe
  2⤵
  PID:2692
- C:\Windows\System\OCtGleN.exe
  C:\Windows\System\OCtGleN.exe
  2⤵
  PID:856
- C:\Windows\System\mvdwLzH.exe
  C:\Windows\System\mvdwLzH.exe
  2⤵
  PID:3908
- C:\Windows\System\pwUJxTA.exe
  C:\Windows\System\pwUJxTA.exe
  2⤵
  PID:3948
- C:\Windows\System\ettGhzE.exe
  C:\Windows\System\ettGhzE.exe
  2⤵
  PID:4060
- C:\Windows\System\SbSxtOH.exe
  C:\Windows\System\SbSxtOH.exe
  2⤵
  PID:4012
- C:\Windows\System\bQygNlg.exe
  C:\Windows\System\bQygNlg.exe
  2⤵
  PID:4072
- C:\Windows\System\CgnmlyG.exe
  C:\Windows\System\CgnmlyG.exe
  2⤵
  PID:3648
- C:\Windows\System\DTzSwOk.exe
  C:\Windows\System\DTzSwOk.exe
  2⤵
  PID:3676
- C:\Windows\System\dxMJtzP.exe
  C:\Windows\System\dxMJtzP.exe
  2⤵
  PID:3308
- C:\Windows\System\qOuwyOg.exe
  C:\Windows\System\qOuwyOg.exe
  2⤵
  PID:3208
- C:\Windows\System\IHNAMCi.exe
  C:\Windows\System\IHNAMCi.exe
  2⤵
  PID:3328
- C:\Windows\System\xHJkClA.exe
  C:\Windows\System\xHJkClA.exe
  2⤵
  PID:3608
- C:\Windows\System\QOQsRKw.exe
  C:\Windows\System\QOQsRKw.exe
  2⤵
  PID:3544
- C:\Windows\System\oJlnnvU.exe
  C:\Windows\System\oJlnnvU.exe
  2⤵
  PID:3848
- C:\Windows\System\pQpxQdk.exe
  C:\Windows\System\pQpxQdk.exe
  2⤵
  PID:560
- C:\Windows\System\ePqsdVV.exe
  C:\Windows\System\ePqsdVV.exe
  2⤵
  PID:1756
- C:\Windows\System\vXZQCJr.exe
  C:\Windows\System\vXZQCJr.exe
  2⤵
  PID:1760
- C:\Windows\System\LbcGnNd.exe
  C:\Windows\System\LbcGnNd.exe
  2⤵
  PID:4048
- C:\Windows\System\jqkoDoO.exe
  C:\Windows\System\jqkoDoO.exe
  2⤵
  PID:3164
- C:\Windows\System\AWwBsEh.exe
  C:\Windows\System\AWwBsEh.exe
  2⤵
  PID:4028
- C:\Windows\System\pnCgwCv.exe
  C:\Windows\System\pnCgwCv.exe
  2⤵
  PID:3752
- C:\Windows\System\BujOAZi.exe
  C:\Windows\System\BujOAZi.exe
  2⤵
  PID:3780
- C:\Windows\System\mwlIrLN.exe
  C:\Windows\System\mwlIrLN.exe
  2⤵
  PID:3760
- C:\Windows\System\oUVZByO.exe
  C:\Windows\System\oUVZByO.exe
  2⤵
  PID:332
- C:\Windows\System\wQwOHyF.exe
  C:\Windows\System\wQwOHyF.exe
  2⤵
  PID:3860
- C:\Windows\System\LnnMxCr.exe
  C:\Windows\System\LnnMxCr.exe
  2⤵
  PID:4000
- C:\Windows\System\ZrxahUn.exe
  C:\Windows\System\ZrxahUn.exe
  2⤵
  PID:3960
- C:\Windows\System\tZgIMae.exe
  C:\Windows\System\tZgIMae.exe
  2⤵
  PID:4064
- C:\Windows\System\dCpLVFK.exe
  C:\Windows\System\dCpLVFK.exe
  2⤵
  PID:2716
- C:\Windows\System\dUGjypG.exe
  C:\Windows\System\dUGjypG.exe
  2⤵
  PID:1528
- C:\Windows\System\ToBCSXt.exe
  C:\Windows\System\ToBCSXt.exe
  2⤵
  PID:3816
- C:\Windows\System\jgKNaCu.exe
  C:\Windows\System\jgKNaCu.exe
  2⤵
  PID:564
- C:\Windows\System\ALBAaPC.exe
  C:\Windows\System\ALBAaPC.exe
  2⤵
  PID:3872
- C:\Windows\System\gRQxQMM.exe
  C:\Windows\System\gRQxQMM.exe
  2⤵
  PID:3428
- C:\Windows\System\ZpRiLCQ.exe
  C:\Windows\System\ZpRiLCQ.exe
  2⤵
  PID:2448
- C:\Windows\System\YFZgcGt.exe
  C:\Windows\System\YFZgcGt.exe
  2⤵
  PID:2400
- C:\Windows\System\tDUfWeX.exe
  C:\Windows\System\tDUfWeX.exe
  2⤵
  PID:3864
- C:\Windows\System\pLMTWAx.exe
  C:\Windows\System\pLMTWAx.exe
  2⤵
  PID:3528
- C:\Windows\System\lAyqWAQ.exe
  C:\Windows\System\lAyqWAQ.exe
  2⤵
  PID:4104
- C:\Windows\System\dZVKDHr.exe
  C:\Windows\System\dZVKDHr.exe
  2⤵
  PID:4136
- C:\Windows\System\KWGoetA.exe
  C:\Windows\System\KWGoetA.exe
  2⤵
  PID:4152
- C:\Windows\System\UJDtEJy.exe
  C:\Windows\System\UJDtEJy.exe
  2⤵
  PID:4180
- C:\Windows\System\pZBiyda.exe
  C:\Windows\System\pZBiyda.exe
  2⤵
  PID:4196
- C:\Windows\System\MdgRujN.exe
  C:\Windows\System\MdgRujN.exe
  2⤵
  PID:4220
- C:\Windows\System\cuOdLMQ.exe
  C:\Windows\System\cuOdLMQ.exe
  2⤵
  PID:4236
- C:\Windows\System\udDKJOG.exe
  C:\Windows\System\udDKJOG.exe
  2⤵
  PID:4252
- C:\Windows\System\RkPzPDg.exe
  C:\Windows\System\RkPzPDg.exe
  2⤵
  PID:4276
- C:\Windows\System\JOdnspN.exe
  C:\Windows\System\JOdnspN.exe
  2⤵
  PID:4300
- C:\Windows\System\EObGriS.exe
  C:\Windows\System\EObGriS.exe
  2⤵
  PID:4316
- C:\Windows\System\enBsLaf.exe
  C:\Windows\System\enBsLaf.exe
  2⤵
  PID:4332
- C:\Windows\System\MvEovgp.exe
  C:\Windows\System\MvEovgp.exe
  2⤵
  PID:4352
- C:\Windows\System\YaTmLEu.exe
  C:\Windows\System\YaTmLEu.exe
  2⤵
  PID:4372
- C:\Windows\System\wNMbJtC.exe
  C:\Windows\System\wNMbJtC.exe
  2⤵
  PID:4400
- C:\Windows\System\UrMyJrX.exe
  C:\Windows\System\UrMyJrX.exe
  2⤵
  PID:4420
- C:\Windows\System\sofiROH.exe
  C:\Windows\System\sofiROH.exe
  2⤵
  PID:4436
- C:\Windows\System\DydIzbB.exe
  C:\Windows\System\DydIzbB.exe
  2⤵
  PID:4456
- C:\Windows\System\qXryfuj.exe
  C:\Windows\System\qXryfuj.exe
  2⤵
  PID:4480
- C:\Windows\System\eATFfIU.exe
  C:\Windows\System\eATFfIU.exe
  2⤵
  PID:4496
- C:\Windows\System\wfyHAGg.exe
  C:\Windows\System\wfyHAGg.exe
  2⤵
  PID:4516
- C:\Windows\System\XOqBtro.exe
  C:\Windows\System\XOqBtro.exe
  2⤵
  PID:4532
- C:\Windows\System\rmbtOXy.exe
  C:\Windows\System\rmbtOXy.exe
  2⤵
  PID:4560
- C:\Windows\System\wPIMeps.exe
  C:\Windows\System\wPIMeps.exe
  2⤵
  PID:4576
- C:\Windows\System\UupoJUE.exe
  C:\Windows\System\UupoJUE.exe
  2⤵
  PID:4592
- C:\Windows\System\lDvJyrB.exe
  C:\Windows\System\lDvJyrB.exe
  2⤵
  PID:4612
- C:\Windows\System\bxUnMHd.exe
  C:\Windows\System\bxUnMHd.exe
  2⤵
  PID:4628
- C:\Windows\System\LuZiCjy.exe
  C:\Windows\System\LuZiCjy.exe
  2⤵
  PID:4660
- C:\Windows\System\sUPYqVl.exe
  C:\Windows\System\sUPYqVl.exe
  2⤵
  PID:4676
- C:\Windows\System\UPpRZMv.exe
  C:\Windows\System\UPpRZMv.exe
  2⤵
  PID:4692
- C:\Windows\System\OwXxWpH.exe
  C:\Windows\System\OwXxWpH.exe
  2⤵
  PID:4712
- C:\Windows\System\ngfMNgE.exe
  C:\Windows\System\ngfMNgE.exe
  2⤵
  PID:4736
- C:\Windows\System\lwudQrd.exe
  C:\Windows\System\lwudQrd.exe
  2⤵
  PID:4756
- C:\Windows\System\tLxdold.exe
  C:\Windows\System\tLxdold.exe
  2⤵
  PID:4776
- C:\Windows\System\NkEtCOR.exe
  C:\Windows\System\NkEtCOR.exe
  2⤵
  PID:4796
- C:\Windows\System\FzChRVp.exe
  C:\Windows\System\FzChRVp.exe
  2⤵
  PID:4812
- C:\Windows\System\NzqRQZb.exe
  C:\Windows\System\NzqRQZb.exe
  2⤵
  PID:4852
- C:\Windows\System\muXRGps.exe
  C:\Windows\System\muXRGps.exe
  2⤵
  PID:4868
- C:\Windows\System\MaOMRpV.exe
  C:\Windows\System\MaOMRpV.exe
  2⤵
  PID:4940
- C:\Windows\System\pqbBbpG.exe
  C:\Windows\System\pqbBbpG.exe
  2⤵
  PID:4956
- C:\Windows\System\PLhgZrx.exe
  C:\Windows\System\PLhgZrx.exe
  2⤵
  PID:4976
- C:\Windows\System\QSsUnwW.exe
  C:\Windows\System\QSsUnwW.exe
  2⤵
  PID:4992
- C:\Windows\System\nQGnAvS.exe
  C:\Windows\System\nQGnAvS.exe
  2⤵
  PID:5008
- C:\Windows\System\Lwonyyx.exe
  C:\Windows\System\Lwonyyx.exe
  2⤵
  PID:5024
- C:\Windows\System\GXjjStk.exe
  C:\Windows\System\GXjjStk.exe
  2⤵
  PID:5040
- C:\Windows\System\VvIzbyh.exe
  C:\Windows\System\VvIzbyh.exe
  2⤵
  PID:5056
- C:\Windows\System\QpYlOMg.exe
  C:\Windows\System\QpYlOMg.exe
  2⤵
  PID:5072
- C:\Windows\System\xUlTZwk.exe
  C:\Windows\System\xUlTZwk.exe
  2⤵
  PID:5088
- C:\Windows\System\cmEuqJZ.exe
  C:\Windows\System\cmEuqJZ.exe
  2⤵
  PID:5112
- C:\Windows\System\NkCVIsc.exe
  C:\Windows\System\NkCVIsc.exe
  2⤵
  PID:4112
- C:\Windows\System\jeUNnxf.exe
  C:\Windows\System\jeUNnxf.exe
  2⤵
  PID:4120
- C:\Windows\System\LmKSDNg.exe
  C:\Windows\System\LmKSDNg.exe
  2⤵
  PID:4144
- C:\Windows\System\HGRijBT.exe
  C:\Windows\System\HGRijBT.exe
  2⤵
  PID:4284
- C:\Windows\System\egLIIcU.exe
  C:\Windows\System\egLIIcU.exe
  2⤵
  PID:4260
- C:\Windows\System\mkxiuMG.exe
  C:\Windows\System\mkxiuMG.exe
  2⤵
  PID:4324
- C:\Windows\System\ZpUFxll.exe
  C:\Windows\System\ZpUFxll.exe
  2⤵
  PID:4308
- C:\Windows\System\SJAPZZp.exe
  C:\Windows\System\SJAPZZp.exe
  2⤵
  PID:4380
- C:\Windows\System\MclLkpB.exe
  C:\Windows\System\MclLkpB.exe
  2⤵
  PID:4396
- C:\Windows\System\fIsuIrD.exe
  C:\Windows\System\fIsuIrD.exe
  2⤵
  PID:4416
- C:\Windows\System\NOHvAkn.exe
  C:\Windows\System\NOHvAkn.exe
  2⤵
  PID:4492
- C:\Windows\System\nEegYMw.exe
  C:\Windows\System\nEegYMw.exe
  2⤵
  PID:4528
- C:\Windows\System\ieEsNDU.exe
  C:\Windows\System\ieEsNDU.exe
  2⤵
  PID:4512
- C:\Windows\System\dldQmjo.exe
  C:\Windows\System\dldQmjo.exe
  2⤵
  PID:4572
- C:\Windows\System\CEoPNxi.exe
  C:\Windows\System\CEoPNxi.exe
  2⤵
  PID:4548
- C:\Windows\System\oTLEfxT.exe
  C:\Windows\System\oTLEfxT.exe
  2⤵
  PID:4644
- C:\Windows\System\nYMsIBP.exe
  C:\Windows\System\nYMsIBP.exe
  2⤵
  PID:4624
- C:\Windows\System\SsFUAjm.exe
  C:\Windows\System\SsFUAjm.exe
  2⤵
  PID:4764
- C:\Windows\System\BHsbmqJ.exe
  C:\Windows\System\BHsbmqJ.exe
  2⤵
  PID:4808
- C:\Windows\System\vlWLZJb.exe
  C:\Windows\System\vlWLZJb.exe
  2⤵
  PID:4744
- C:\Windows\System\fpOTiAL.exe
  C:\Windows\System\fpOTiAL.exe
  2⤵
  PID:4824
- C:\Windows\System\kQHcUpk.exe
  C:\Windows\System\kQHcUpk.exe
  2⤵
  PID:4752
- C:\Windows\System\msLLJHX.exe
  C:\Windows\System\msLLJHX.exe
  2⤵
  PID:4864
- C:\Windows\System\ooIwvPX.exe
  C:\Windows\System\ooIwvPX.exe
  2⤵
  PID:4876
- C:\Windows\System\kdCkthf.exe
  C:\Windows\System\kdCkthf.exe
  2⤵
  PID:4056
- C:\Windows\System\ZAOqlmk.exe
  C:\Windows\System\ZAOqlmk.exe
  2⤵
  PID:4884
- C:\Windows\System\SffNPKY.exe
  C:\Windows\System\SffNPKY.exe
  2⤵
  PID:3384
- C:\Windows\System\BysKXsy.exe
  C:\Windows\System\BysKXsy.exe
  2⤵
  PID:4972
- C:\Windows\System\ievsUjm.exe
  C:\Windows\System\ievsUjm.exe
  2⤵
  PID:5064
- C:\Windows\System\AoStwVs.exe
  C:\Windows\System\AoStwVs.exe
  2⤵
  PID:5108
- C:\Windows\System\hENHUrZ.exe
  C:\Windows\System\hENHUrZ.exe
  2⤵
  PID:4132
- C:\Windows\System\meVousz.exe
  C:\Windows\System\meVousz.exe
  2⤵
  PID:4244
- C:\Windows\System\woQyDEN.exe
  C:\Windows\System\woQyDEN.exe
  2⤵
  PID:4208
- C:\Windows\System\lkmMQil.exe
  C:\Windows\System\lkmMQil.exe
  2⤵
  PID:4272
- C:\Windows\System\lAPRIZH.exe
  C:\Windows\System\lAPRIZH.exe
  2⤵
  PID:4344
- C:\Windows\System\wvFjkYU.exe
  C:\Windows\System\wvFjkYU.exe
  2⤵
  PID:4472
- C:\Windows\System\SWyLhTj.exe
  C:\Windows\System\SWyLhTj.exe
  2⤵
  PID:4608
- C:\Windows\System\rdRysCJ.exe
  C:\Windows\System\rdRysCJ.exe
  2⤵
  PID:4476
- C:\Windows\System\jbsZhoR.exe
  C:\Windows\System\jbsZhoR.exe
  2⤵
  PID:4604
- C:\Windows\System\eoeWDAa.exe
  C:\Windows\System\eoeWDAa.exe
  2⤵
  PID:4652
- C:\Windows\System\ErlPuXE.exe
  C:\Windows\System\ErlPuXE.exe
  2⤵
  PID:4804
- C:\Windows\System\VjneCVo.exe
  C:\Windows\System\VjneCVo.exe
  2⤵
  PID:4688
- C:\Windows\System\YWSkbXS.exe
  C:\Windows\System\YWSkbXS.exe
  2⤵
  PID:4700
- C:\Windows\System\GhKAqKt.exe
  C:\Windows\System\GhKAqKt.exe
  2⤵
  PID:4952
- C:\Windows\System\nLfQzqN.exe
  C:\Windows\System\nLfQzqN.exe
  2⤵
  PID:5016
- C:\Windows\System\YyATcXZ.exe
  C:\Windows\System\YyATcXZ.exe
  2⤵
  PID:3912
- C:\Windows\System\WlHESae.exe
  C:\Windows\System\WlHESae.exe
  2⤵
  PID:4192
- C:\Windows\System\cimbLUX.exe
  C:\Windows\System\cimbLUX.exe
  2⤵
  PID:5084
- C:\Windows\System\XXvuRfo.exe
  C:\Windows\System\XXvuRfo.exe
  2⤵
  PID:5104
- C:\Windows\System\qlRZdFC.exe
  C:\Windows\System\qlRZdFC.exe
  2⤵
  PID:4204
- C:\Windows\System\YiTFrkB.exe
  C:\Windows\System\YiTFrkB.exe
  2⤵
  PID:4488
- C:\Windows\System\sjuKZzE.exe
  C:\Windows\System\sjuKZzE.exe
  2⤵
  PID:4388
- C:\Windows\System\PraRtln.exe
  C:\Windows\System\PraRtln.exe
  2⤵
  PID:4708
- C:\Windows\System\rSMSehs.exe
  C:\Windows\System\rSMSehs.exe
  2⤵
  PID:4588
- C:\Windows\System\UIgtHsN.exe
  C:\Windows\System\UIgtHsN.exe
  2⤵
  PID:4732
- C:\Windows\System\pcbOsEN.exe
  C:\Windows\System\pcbOsEN.exe
  2⤵
  PID:5032
- C:\Windows\System\UFNtpxp.exe
  C:\Windows\System\UFNtpxp.exe
  2⤵
  PID:4888
- C:\Windows\System\bHaxVxa.exe
  C:\Windows\System\bHaxVxa.exe
  2⤵
  PID:4228
- C:\Windows\System\vryAjqu.exe
  C:\Windows\System\vryAjqu.exe
  2⤵
  PID:4248
- C:\Windows\System\CENEOco.exe
  C:\Windows\System\CENEOco.exe
  2⤵
  PID:4600
- C:\Windows\System\nNzsVNA.exe
  C:\Windows\System\nNzsVNA.exe
  2⤵
  PID:4672
- C:\Windows\System\GAxgUln.exe
  C:\Windows\System\GAxgUln.exe
  2⤵
  PID:4504
- C:\Windows\System\ndmwGlT.exe
  C:\Windows\System\ndmwGlT.exe
  2⤵
  PID:3796
- C:\Windows\System\znBDIXY.exe
  C:\Windows\System\znBDIXY.exe
  2⤵
  PID:4936
- C:\Windows\System\tlTVtsz.exe
  C:\Windows\System\tlTVtsz.exe
  2⤵
  PID:4904
- C:\Windows\System\LSOoeBN.exe
  C:\Windows\System\LSOoeBN.exe
  2⤵
  PID:4788
- C:\Windows\System\FSLBPpc.exe
  C:\Windows\System\FSLBPpc.exe
  2⤵
  PID:4296
- C:\Windows\System\BFwXyvw.exe
  C:\Windows\System\BFwXyvw.exe
  2⤵
  PID:4364
- C:\Windows\System\rkjkIhi.exe
  C:\Windows\System\rkjkIhi.exe
  2⤵
  PID:4128
- C:\Windows\System\VWNmYJT.exe
  C:\Windows\System\VWNmYJT.exe
  2⤵
  PID:4928
- C:\Windows\System\rrqZUPh.exe
  C:\Windows\System\rrqZUPh.exe
  2⤵
  PID:5036
- C:\Windows\System\Hspznvx.exe
  C:\Windows\System\Hspznvx.exe
  2⤵
  PID:4392
- C:\Windows\System\hJTlymh.exe
  C:\Windows\System\hJTlymh.exe
  2⤵
  PID:3888
- C:\Windows\System\kvpMlvR.exe
  C:\Windows\System\kvpMlvR.exe
  2⤵
  PID:4988
- C:\Windows\System\LamVnHX.exe
  C:\Windows\System\LamVnHX.exe
  2⤵
  PID:4932
- C:\Windows\System\FjWCZkX.exe
  C:\Windows\System\FjWCZkX.exe
  2⤵
  PID:4792
- C:\Windows\System\lttGogq.exe
  C:\Windows\System\lttGogq.exe
  2⤵
  PID:4464
- C:\Windows\System\BbuxmZS.exe
  C:\Windows\System\BbuxmZS.exe
  2⤵
  PID:4900
- C:\Windows\System\ShokMMp.exe
  C:\Windows\System\ShokMMp.exe
  2⤵
  PID:5052
- C:\Windows\System\MceGTix.exe
  C:\Windows\System\MceGTix.exe
  2⤵
  PID:5124
- C:\Windows\System\IqsTlRU.exe
  C:\Windows\System\IqsTlRU.exe
  2⤵
  PID:5140
- C:\Windows\System\LcVXMKn.exe
  C:\Windows\System\LcVXMKn.exe
  2⤵
  PID:5160
- C:\Windows\System\ivuZbkX.exe
  C:\Windows\System\ivuZbkX.exe
  2⤵
  PID:5188
- C:\Windows\System\EenxEvO.exe
  C:\Windows\System\EenxEvO.exe
  2⤵
  PID:5212
- C:\Windows\System\WzSVsKU.exe
  C:\Windows\System\WzSVsKU.exe
  2⤵
  PID:5228
- C:\Windows\System\ZViohdK.exe
  C:\Windows\System\ZViohdK.exe
  2⤵
  PID:5248
- C:\Windows\System\dgrkSZp.exe
  C:\Windows\System\dgrkSZp.exe
  2⤵
  PID:5272
- C:\Windows\System\BWyPhDp.exe
  C:\Windows\System\BWyPhDp.exe
  2⤵
  PID:5292
- C:\Windows\System\eRjKJDL.exe
  C:\Windows\System\eRjKJDL.exe
  2⤵
  PID:5308
- C:\Windows\System\cFCusih.exe
  C:\Windows\System\cFCusih.exe
  2⤵
  PID:5324
- C:\Windows\System\PlTgaXQ.exe
  C:\Windows\System\PlTgaXQ.exe
  2⤵
  PID:5352
- C:\Windows\System\hRVVLup.exe
  C:\Windows\System\hRVVLup.exe
  2⤵
  PID:5368
- C:\Windows\System\kAMNLZF.exe
  C:\Windows\System\kAMNLZF.exe
  2⤵
  PID:5384
- C:\Windows\System\DWXghik.exe
  C:\Windows\System\DWXghik.exe
  2⤵
  PID:5412
- C:\Windows\System\geKirlN.exe
  C:\Windows\System\geKirlN.exe
  2⤵
  PID:5428
- C:\Windows\System\FNMRtue.exe
  C:\Windows\System\FNMRtue.exe
  2⤵
  PID:5448
- C:\Windows\System\bKTOnfL.exe
  C:\Windows\System\bKTOnfL.exe
  2⤵
  PID:5472
- C:\Windows\System\OTjugWT.exe
  C:\Windows\System\OTjugWT.exe
  2⤵
  PID:5488
- C:\Windows\System\xSpdoHB.exe
  C:\Windows\System\xSpdoHB.exe
  2⤵
  PID:5504
- C:\Windows\System\HKtgFni.exe
  C:\Windows\System\HKtgFni.exe
  2⤵
  PID:5520
- C:\Windows\System\GMblMPT.exe
  C:\Windows\System\GMblMPT.exe
  2⤵
  PID:5536
- C:\Windows\System\tFbVqel.exe
  C:\Windows\System\tFbVqel.exe
  2⤵
  PID:5552
- C:\Windows\System\JKfAJJQ.exe
  C:\Windows\System\JKfAJJQ.exe
  2⤵
  PID:5580
- C:\Windows\System\NgIYwAk.exe
  C:\Windows\System\NgIYwAk.exe
  2⤵
  PID:5600
- C:\Windows\System\WgPGbxp.exe
  C:\Windows\System\WgPGbxp.exe
  2⤵
  PID:5628
- C:\Windows\System\TDFtqwU.exe
  C:\Windows\System\TDFtqwU.exe
  2⤵
  PID:5644
- C:\Windows\System\CZAZIeB.exe
  C:\Windows\System\CZAZIeB.exe
  2⤵
  PID:5672
- C:\Windows\System\jXgWAZm.exe
  C:\Windows\System\jXgWAZm.exe
  2⤵
  PID:5688
- C:\Windows\System\mNGigPr.exe
  C:\Windows\System\mNGigPr.exe
  2⤵
  PID:5708
- C:\Windows\System\oLYVzCA.exe
  C:\Windows\System\oLYVzCA.exe
  2⤵
  PID:5728
- C:\Windows\System\veqWUqx.exe
  C:\Windows\System\veqWUqx.exe
  2⤵
  PID:5756
- C:\Windows\System\kRMNTdF.exe
  C:\Windows\System\kRMNTdF.exe
  2⤵
  PID:5772
- C:\Windows\System\rsYfzic.exe
  C:\Windows\System\rsYfzic.exe
  2⤵
  PID:5788
- C:\Windows\System\rhwPqgP.exe
  C:\Windows\System\rhwPqgP.exe
  2⤵
  PID:5804
- C:\Windows\System\YDewbgd.exe
  C:\Windows\System\YDewbgd.exe
  2⤵
  PID:5836
- C:\Windows\System\vonZiiU.exe
  C:\Windows\System\vonZiiU.exe
  2⤵
  PID:5856
- C:\Windows\System\YKSgTID.exe
  C:\Windows\System\YKSgTID.exe
  2⤵
  PID:5872
- C:\Windows\System\oqGcAsZ.exe
  C:\Windows\System\oqGcAsZ.exe
  2⤵
  PID:5892
- C:\Windows\System\mdWdIaz.exe
  C:\Windows\System\mdWdIaz.exe
  2⤵
  PID:5912
- C:\Windows\System\IzCbOaB.exe
  C:\Windows\System\IzCbOaB.exe
  2⤵
  PID:5932
- C:\Windows\System\rMBkIwh.exe
  C:\Windows\System\rMBkIwh.exe
  2⤵
  PID:5948
- C:\Windows\System\QhfRsbR.exe
  C:\Windows\System\QhfRsbR.exe
  2⤵
  PID:5964
- C:\Windows\System\IwZrnPm.exe
  C:\Windows\System\IwZrnPm.exe
  2⤵
  PID:5992
- C:\Windows\System\WFztvVp.exe
  C:\Windows\System\WFztvVp.exe
  2⤵
  PID:6012
- C:\Windows\System\FiXZSDD.exe
  C:\Windows\System\FiXZSDD.exe
  2⤵
  PID:6028
- C:\Windows\System\WbLzzMo.exe
  C:\Windows\System\WbLzzMo.exe
  2⤵
  PID:6044
- C:\Windows\System\UXSTrcA.exe
  C:\Windows\System\UXSTrcA.exe
  2⤵
  PID:6072
- C:\Windows\System\KJjAAKP.exe
  C:\Windows\System\KJjAAKP.exe
  2⤵
  PID:6088
- C:\Windows\System\wFwjuJc.exe
  C:\Windows\System\wFwjuJc.exe
  2⤵
  PID:6104
- C:\Windows\System\scZhDxj.exe
  C:\Windows\System\scZhDxj.exe
  2⤵
  PID:6120
- C:\Windows\System\vtNCiQg.exe
  C:\Windows\System\vtNCiQg.exe
  2⤵
  PID:6140
- C:\Windows\System\JFDpuUD.exe
  C:\Windows\System\JFDpuUD.exe
  2⤵
  PID:5180
- C:\Windows\System\RDZWaXT.exe
  C:\Windows\System\RDZWaXT.exe
  2⤵
  PID:5172
- C:\Windows\System\HMIvnVy.exe
  C:\Windows\System\HMIvnVy.exe
  2⤵
  PID:5220
- C:\Windows\System\kxLiQUv.exe
  C:\Windows\System\kxLiQUv.exe
  2⤵
  PID:5260
- C:\Windows\System\IwMmHlh.exe
  C:\Windows\System\IwMmHlh.exe
  2⤵
  PID:5268
- C:\Windows\System\vZgJdtX.exe
  C:\Windows\System\vZgJdtX.exe
  2⤵
  PID:5336
- C:\Windows\System\wArYpXG.exe
  C:\Windows\System\wArYpXG.exe
  2⤵
  PID:5316
- C:\Windows\System\pUAJVXG.exe
  C:\Windows\System\pUAJVXG.exe
  2⤵
  PID:5456
- C:\Windows\System\JLOWjGu.exe
  C:\Windows\System\JLOWjGu.exe
  2⤵
  PID:5404
- C:\Windows\System\xDPvDOk.exe
  C:\Windows\System\xDPvDOk.exe
  2⤵
  PID:5436
- C:\Windows\System\vcSgzGS.exe
  C:\Windows\System\vcSgzGS.exe
  2⤵
  PID:5532
- C:\Windows\System\FKfagUB.exe
  C:\Windows\System\FKfagUB.exe
  2⤵
  PID:5576
- C:\Windows\System\QLnsZfT.exe
  C:\Windows\System\QLnsZfT.exe
  2⤵
  PID:5612
- C:\Windows\System\PZyPHMY.exe
  C:\Windows\System\PZyPHMY.exe
  2⤵
  PID:5484
- C:\Windows\System\lfPVnNb.exe
  C:\Windows\System\lfPVnNb.exe
  2⤵
  PID:5656
- C:\Windows\System\VNyuzlQ.exe
  C:\Windows\System\VNyuzlQ.exe
  2⤵
  PID:5664
- C:\Windows\System\gSXpgnK.exe
  C:\Windows\System\gSXpgnK.exe
  2⤵
  PID:5596
- C:\Windows\System\aozVxsN.exe
  C:\Windows\System\aozVxsN.exe
  2⤵
  PID:5752
- C:\Windows\System\mPWVDnd.exe
  C:\Windows\System\mPWVDnd.exe
  2⤵
  PID:5740
- C:\Windows\System\PweoLed.exe
  C:\Windows\System\PweoLed.exe
  2⤵
  PID:5812
- C:\Windows\System\Knvqury.exe
  C:\Windows\System\Knvqury.exe
  2⤵
  PID:5832
- C:\Windows\System\bQkVLkk.exe
  C:\Windows\System\bQkVLkk.exe
  2⤵
  PID:5844
- C:\Windows\System\rTokbmO.exe
  C:\Windows\System\rTokbmO.exe
  2⤵
  PID:5888
- C:\Windows\System\EFdQncw.exe
  C:\Windows\System\EFdQncw.exe
  2⤵
  PID:5976
- C:\Windows\System\gMklAyh.exe
  C:\Windows\System\gMklAyh.exe
  2⤵
  PID:5988
- C:\Windows\System\nkvptgz.exe
  C:\Windows\System\nkvptgz.exe
  2⤵
  PID:6020
- C:\Windows\System\JlgcmOZ.exe
  C:\Windows\System\JlgcmOZ.exe
  2⤵
  PID:5920
- C:\Windows\System\yIKdjyT.exe
  C:\Windows\System\yIKdjyT.exe
  2⤵
  PID:5200
- C:\Windows\System\IamgONt.exe
  C:\Windows\System\IamgONt.exe
  2⤵
  PID:6128
- C:\Windows\System\FhWmkMb.exe
  C:\Windows\System\FhWmkMb.exe
  2⤵
  PID:5136
- C:\Windows\System\SIFnbaR.exe
  C:\Windows\System\SIFnbaR.exe
  2⤵
  PID:5152
- C:\Windows\System\VxUHCJu.exe
  C:\Windows\System\VxUHCJu.exe
  2⤵
  PID:6112
- C:\Windows\System\gJwjLZa.exe
  C:\Windows\System\gJwjLZa.exe
  2⤵
  PID:5332
- C:\Windows\System\msiFKje.exe
  C:\Windows\System\msiFKje.exe
  2⤵
  PID:4892
- C:\Windows\System\PNsMhBX.exe
  C:\Windows\System\PNsMhBX.exe
  2⤵
  PID:5420
- C:\Windows\System\VKmbKYZ.exe
  C:\Windows\System\VKmbKYZ.exe
  2⤵
  PID:5348
- C:\Windows\System\Iyvskcd.exe
  C:\Windows\System\Iyvskcd.exe
  2⤵
  PID:5468
- C:\Windows\System\qQkiltY.exe
  C:\Windows\System\qQkiltY.exe
  2⤵
  PID:5500
- C:\Windows\System\LRsIqKy.exe
  C:\Windows\System\LRsIqKy.exe
  2⤵
  PID:5568
- C:\Windows\System\kuBFWGo.exe
  C:\Windows\System\kuBFWGo.exe
  2⤵
  PID:5616
- C:\Windows\System\rkhMOmg.exe
  C:\Windows\System\rkhMOmg.exe
  2⤵
  PID:5696
- C:\Windows\System\uOorQVA.exe
  C:\Windows\System\uOorQVA.exe
  2⤵
  PID:5780
- C:\Windows\System\EZoUSwh.exe
  C:\Windows\System\EZoUSwh.exe
  2⤵
  PID:5796
- C:\Windows\System\PrWBSHK.exe
  C:\Windows\System\PrWBSHK.exe
  2⤵
  PID:5828
- C:\Windows\System\YfICnTb.exe
  C:\Windows\System\YfICnTb.exe
  2⤵
  PID:5868
- C:\Windows\System\RhsiFzO.exe
  C:\Windows\System\RhsiFzO.exe
  2⤵
  PID:5940
- C:\Windows\System\tiFxiLQ.exe
  C:\Windows\System\tiFxiLQ.exe
  2⤵
  PID:5960
- C:\Windows\System\kSTjekx.exe
  C:\Windows\System\kSTjekx.exe
  2⤵
  PID:5132
- C:\Windows\System\UwDVETB.exe
  C:\Windows\System\UwDVETB.exe
  2⤵
  PID:5924
- C:\Windows\System\LAIGfwF.exe
  C:\Windows\System\LAIGfwF.exe
  2⤵
  PID:5176
- C:\Windows\System\YePwSqH.exe
  C:\Windows\System\YePwSqH.exe
  2⤵
  PID:6084
- C:\Windows\System\rDDjyWm.exe
  C:\Windows\System\rDDjyWm.exe
  2⤵
  PID:5256
- C:\Windows\System\jRDAuIQ.exe
  C:\Windows\System\jRDAuIQ.exe
  2⤵
  PID:5304
- C:\Windows\System\tEqvkKf.exe
  C:\Windows\System\tEqvkKf.exe
  2⤵
  PID:5608
- C:\Windows\System\NYNtKCo.exe
  C:\Windows\System\NYNtKCo.exe
  2⤵
  PID:5724
- C:\Windows\System\yrVmika.exe
  C:\Windows\System\yrVmika.exe
  2⤵
  PID:5592
- C:\Windows\System\cvJMkxc.exe
  C:\Windows\System\cvJMkxc.exe
  2⤵
  PID:5904
- C:\Windows\System\RhMlFua.exe
  C:\Windows\System\RhMlFua.exe
  2⤵
  PID:5700
- C:\Windows\System\ZFcgWhK.exe
  C:\Windows\System\ZFcgWhK.exe
  2⤵
  PID:5956
- C:\Windows\System\ICOnOii.exe
  C:\Windows\System\ICOnOii.exe
  2⤵
  PID:6064
- C:\Windows\System\xhPTTgG.exe
  C:\Windows\System\xhPTTgG.exe
  2⤵
  PID:5984
- C:\Windows\System\BOFmzZD.exe
  C:\Windows\System\BOFmzZD.exe
  2⤵
  PID:5148
- C:\Windows\System\hwaCvNQ.exe
  C:\Windows\System\hwaCvNQ.exe
  2⤵
  PID:5668
- C:\Windows\System\RmFuMUT.exe
  C:\Windows\System\RmFuMUT.exe
  2⤵
  PID:5528
- C:\Windows\System\LcikuDj.exe
  C:\Windows\System\LcikuDj.exe
  2⤵
  PID:5300
- C:\Windows\System\cMFUzZn.exe
  C:\Windows\System\cMFUzZn.exe
  2⤵
  PID:6056
- C:\Windows\System\AGLRuqP.exe
  C:\Windows\System\AGLRuqP.exe
  2⤵
  PID:5636
- C:\Windows\System\ILcHdem.exe
  C:\Windows\System\ILcHdem.exe
  2⤵
  PID:6008
- C:\Windows\System\hTVIHbk.exe
  C:\Windows\System\hTVIHbk.exe
  2⤵
  PID:6000
- C:\Windows\System\JZyCVCn.exe
  C:\Windows\System\JZyCVCn.exe
  2⤵
  PID:5400
- C:\Windows\System\iDTkoIK.exe
  C:\Windows\System\iDTkoIK.exe
  2⤵
  PID:6040
- C:\Windows\System\EzfABHY.exe
  C:\Windows\System\EzfABHY.exe
  2⤵
  PID:5204
- C:\Windows\System\EeirGuI.exe
  C:\Windows\System\EeirGuI.exe
  2⤵
  PID:5652
- C:\Windows\System\pGTcsox.exe
  C:\Windows\System\pGTcsox.exe
  2⤵
  PID:5900
- C:\Windows\System\vmWQJMI.exe
  C:\Windows\System\vmWQJMI.exe
  2⤵
  PID:5168
- C:\Windows\System\CjyBtHP.exe
  C:\Windows\System\CjyBtHP.exe
  2⤵
  PID:5392
- C:\Windows\System\lgGMlQY.exe
  C:\Windows\System\lgGMlQY.exe
  2⤵
  PID:4964
- C:\Windows\System\VTBEKUF.exe
  C:\Windows\System\VTBEKUF.exe
  2⤵
  PID:6164
- C:\Windows\System\jIqDEEA.exe
  C:\Windows\System\jIqDEEA.exe
  2⤵
  PID:6180
- C:\Windows\System\TmcKlLK.exe
  C:\Windows\System\TmcKlLK.exe
  2⤵
  PID:6196
- C:\Windows\System\iTGNYWY.exe
  C:\Windows\System\iTGNYWY.exe
  2⤵
  PID:6216
- C:\Windows\System\XiWFBCe.exe
  C:\Windows\System\XiWFBCe.exe
  2⤵
  PID:6240
- C:\Windows\System\NCNYVvK.exe
  C:\Windows\System\NCNYVvK.exe
  2⤵
  PID:6264
- C:\Windows\System\rcwMBVD.exe
  C:\Windows\System\rcwMBVD.exe
  2⤵
  PID:6280
- C:\Windows\System\LtZACHj.exe
  C:\Windows\System\LtZACHj.exe
  2⤵
  PID:6296
- C:\Windows\System\mXolVyj.exe
  C:\Windows\System\mXolVyj.exe
  2⤵
  PID:6316
- C:\Windows\System\uovNcaa.exe
  C:\Windows\System\uovNcaa.exe
  2⤵
  PID:6344
- C:\Windows\System\iPVubRv.exe
  C:\Windows\System\iPVubRv.exe
  2⤵
  PID:6360
- C:\Windows\System\BwwaGhD.exe
  C:\Windows\System\BwwaGhD.exe
  2⤵
  PID:6376
- C:\Windows\System\mKbYGSq.exe
  C:\Windows\System\mKbYGSq.exe
  2⤵
  PID:6396
- C:\Windows\System\dUlWklU.exe
  C:\Windows\System\dUlWklU.exe
  2⤵
  PID:6424
- C:\Windows\System\fzayQIK.exe
  C:\Windows\System\fzayQIK.exe
  2⤵
  PID:6440
- C:\Windows\System\wGATXjb.exe
  C:\Windows\System\wGATXjb.exe
  2⤵
  PID:6456
- C:\Windows\System\dgIIuTw.exe
  C:\Windows\System\dgIIuTw.exe
  2⤵
  PID:6476
- C:\Windows\System\kHhPwOy.exe
  C:\Windows\System\kHhPwOy.exe
  2⤵
  PID:6492
- C:\Windows\System\irphDWX.exe
  C:\Windows\System\irphDWX.exe
  2⤵
  PID:6512
- C:\Windows\System\cxyrWpH.exe
  C:\Windows\System\cxyrWpH.exe
  2⤵
  PID:6532
- C:\Windows\System\juKIiLY.exe
  C:\Windows\System\juKIiLY.exe
  2⤵
  PID:6552
- C:\Windows\System\KmRNZFH.exe
  C:\Windows\System\KmRNZFH.exe
  2⤵
  PID:6588
- C:\Windows\System\cyZvbyH.exe
  C:\Windows\System\cyZvbyH.exe
  2⤵
  PID:6604
- C:\Windows\System\kGpkLsu.exe
  C:\Windows\System\kGpkLsu.exe
  2⤵
  PID:6620
- C:\Windows\System\clpczTM.exe
  C:\Windows\System\clpczTM.exe
  2⤵
  PID:6640
- C:\Windows\System\uixljUl.exe
  C:\Windows\System\uixljUl.exe
  2⤵
  PID:6668
- C:\Windows\System\sRKgkyS.exe
  C:\Windows\System\sRKgkyS.exe
  2⤵
  PID:6684
- C:\Windows\System\VBPMVNR.exe
  C:\Windows\System\VBPMVNR.exe
  2⤵
  PID:6704
- C:\Windows\System\DcqrGfW.exe
  C:\Windows\System\DcqrGfW.exe
  2⤵
  PID:6720
- C:\Windows\System\dPMZyHn.exe
  C:\Windows\System\dPMZyHn.exe
  2⤵
  PID:6748
- C:\Windows\System\hMAspHd.exe
  C:\Windows\System\hMAspHd.exe
  2⤵
  PID:6764
- C:\Windows\System\psRaNsE.exe
  C:\Windows\System\psRaNsE.exe
  2⤵
  PID:6784
- C:\Windows\System\rdAuALq.exe
  C:\Windows\System\rdAuALq.exe
  2⤵
  PID:6808
- C:\Windows\System\LCvSZqo.exe
  C:\Windows\System\LCvSZqo.exe
  2⤵
  PID:6824
- C:\Windows\System\tMFtEjU.exe
  C:\Windows\System\tMFtEjU.exe
  2⤵
  PID:6840
- C:\Windows\System\zVqGXrg.exe
  C:\Windows\System\zVqGXrg.exe
  2⤵
  PID:6860
- C:\Windows\System\ePkHesI.exe
  C:\Windows\System\ePkHesI.exe
  2⤵
  PID:6876
- C:\Windows\System\qWkFctv.exe
  C:\Windows\System\qWkFctv.exe
  2⤵
  PID:6904
- C:\Windows\System\bxXyogS.exe
  C:\Windows\System\bxXyogS.exe
  2⤵
  PID:6924
- C:\Windows\System\fUazpuf.exe
  C:\Windows\System\fUazpuf.exe
  2⤵
  PID:6944
- C:\Windows\System\VzSEoBv.exe
  C:\Windows\System\VzSEoBv.exe
  2⤵
  PID:6968
- C:\Windows\System\XWtYuom.exe
  C:\Windows\System\XWtYuom.exe
  2⤵
  PID:6984
- C:\Windows\System\sBzgDVd.exe
  C:\Windows\System\sBzgDVd.exe
  2⤵
  PID:7000
- C:\Windows\System\xkyYaXh.exe
  C:\Windows\System\xkyYaXh.exe
  2⤵
  PID:7016
- C:\Windows\System\MSDcPdM.exe
  C:\Windows\System\MSDcPdM.exe
  2⤵
  PID:7036
- C:\Windows\System\KUQaPpa.exe
  C:\Windows\System\KUQaPpa.exe
  2⤵
  PID:7064
- C:\Windows\System\qoGtRJK.exe
  C:\Windows\System\qoGtRJK.exe
  2⤵
  PID:7084
- C:\Windows\System\CwpCtuo.exe
  C:\Windows\System\CwpCtuo.exe
  2⤵
  PID:7104
- C:\Windows\System\VftWdkL.exe
  C:\Windows\System\VftWdkL.exe
  2⤵
  PID:7120
- C:\Windows\System\nCxVFRh.exe
  C:\Windows\System\nCxVFRh.exe
  2⤵
  PID:7152
- C:\Windows\System\IpDJcwq.exe
  C:\Windows\System\IpDJcwq.exe
  2⤵
  PID:6152
- C:\Windows\System\JohgrwJ.exe
  C:\Windows\System\JohgrwJ.exe
  2⤵
  PID:5640
- C:\Windows\System\nLexrDE.exe
  C:\Windows\System\nLexrDE.exe
  2⤵
  PID:6192
- C:\Windows\System\LseESyZ.exe
  C:\Windows\System\LseESyZ.exe
  2⤵
  PID:6208
- C:\Windows\System\yJpnGbr.exe
  C:\Windows\System\yJpnGbr.exe
  2⤵
  PID:6260
- C:\Windows\System\rtndYJT.exe
  C:\Windows\System\rtndYJT.exe
  2⤵
  PID:6312
- C:\Windows\System\NuGkaFI.exe
  C:\Windows\System\NuGkaFI.exe
  2⤵
  PID:6324
- C:\Windows\System\EMNzpEe.exe
  C:\Windows\System\EMNzpEe.exe
  2⤵
  PID:6328
- C:\Windows\System\ERDnQHv.exe
  C:\Windows\System\ERDnQHv.exe
  2⤵
  PID:6368
- C:\Windows\System\VVtxpcD.exe
  C:\Windows\System\VVtxpcD.exe
  2⤵
  PID:6432
- C:\Windows\System\SIRPTGS.exe
  C:\Windows\System\SIRPTGS.exe
  2⤵
  PID:6472
- C:\Windows\System\eohlTBf.exe
  C:\Windows\System\eohlTBf.exe
  2⤵
  PID:6520
- C:\Windows\System\eshOegO.exe
  C:\Windows\System\eshOegO.exe
  2⤵
  PID:6488
- C:\Windows\System\eXGvJGC.exe
  C:\Windows\System\eXGvJGC.exe
  2⤵
  PID:6596
- C:\Windows\System\qOTHBbT.exe
  C:\Windows\System\qOTHBbT.exe
  2⤵
  PID:6572
- C:\Windows\System\uCvnIrI.exe
  C:\Windows\System\uCvnIrI.exe
  2⤵
  PID:6584
- C:\Windows\System\jkDJOlH.exe
  C:\Windows\System\jkDJOlH.exe
  2⤵
  PID:6664
- C:\Windows\System\XLSjdfY.exe
  C:\Windows\System\XLSjdfY.exe
  2⤵
  PID:6712
- C:\Windows\System\gzeIPEe.exe
  C:\Windows\System\gzeIPEe.exe
  2⤵
  PID:6692
- C:\Windows\System\TYMzQmN.exe
  C:\Windows\System\TYMzQmN.exe
  2⤵
  PID:6800
- C:\Windows\System\WIfxzOT.exe
  C:\Windows\System\WIfxzOT.exe
  2⤵
  PID:6780
- C:\Windows\System\uCQNFHA.exe
  C:\Windows\System\uCQNFHA.exe
  2⤵
  PID:6872
- C:\Windows\System\TTozfvb.exe
  C:\Windows\System\TTozfvb.exe
  2⤵
  PID:6852
- C:\Windows\System\avMCATG.exe
  C:\Windows\System\avMCATG.exe
  2⤵
  PID:6892
- C:\Windows\System\dkqXWuv.exe
  C:\Windows\System\dkqXWuv.exe
  2⤵
  PID:6896
- C:\Windows\System\tnjhoGa.exe
  C:\Windows\System\tnjhoGa.exe
  2⤵
  PID:6992
- C:\Windows\System\uWVzlxQ.exe
  C:\Windows\System\uWVzlxQ.exe
  2⤵
  PID:7044
- C:\Windows\System\IbRMqJJ.exe
  C:\Windows\System\IbRMqJJ.exe
  2⤵
  PID:7012
- C:\Windows\System\bxqsdtL.exe
  C:\Windows\System\bxqsdtL.exe
  2⤵
  PID:7048
- C:\Windows\System\dQRGWex.exe
  C:\Windows\System\dQRGWex.exe
  2⤵
  PID:7128
- C:\Windows\System\NTemBkT.exe
  C:\Windows\System\NTemBkT.exe
  2⤵
  PID:7144
- C:\Windows\System\eFmXbir.exe
  C:\Windows\System\eFmXbir.exe
  2⤵
  PID:7164
- C:\Windows\System\kbDmyYM.exe
  C:\Windows\System\kbDmyYM.exe
  2⤵
  PID:6248
- C:\Windows\System\WtZPBAq.exe
  C:\Windows\System\WtZPBAq.exe
  2⤵
  PID:6236
- C:\Windows\System\suMTFzO.exe
  C:\Windows\System\suMTFzO.exe
  2⤵
  PID:6356
- C:\Windows\System\pKeHpkQ.exe
  C:\Windows\System\pKeHpkQ.exe
  2⤵
  PID:6404
- C:\Windows\System\FqPtslj.exe
  C:\Windows\System\FqPtslj.exe
  2⤵
  PID:6304
- C:\Windows\System\MQDTYxL.exe
  C:\Windows\System\MQDTYxL.exe
  2⤵
  PID:6416
- C:\Windows\System\ideuqHK.exe
  C:\Windows\System\ideuqHK.exe
  2⤵
  PID:6508
- C:\Windows\System\vsjlEjD.exe
  C:\Windows\System\vsjlEjD.exe
  2⤵
  PID:6544
- C:\Windows\System\EeyesmF.exe
  C:\Windows\System\EeyesmF.exe
  2⤵
  PID:6448
- C:\Windows\System\ZLkYMST.exe
  C:\Windows\System\ZLkYMST.exe
  2⤵
  PID:6632
- C:\Windows\System\MZXGnEL.exe
  C:\Windows\System\MZXGnEL.exe
  2⤵
  PID:6636
- C:\Windows\System\qJXezhH.exe
  C:\Windows\System\qJXezhH.exe
  2⤵
  PID:6680
- C:\Windows\System\mSvZMSR.exe
  C:\Windows\System\mSvZMSR.exe
  2⤵
  PID:6740
- C:\Windows\System\vKsZVdV.exe
  C:\Windows\System\vKsZVdV.exe
  2⤵
  PID:7056
- C:\Windows\System\KeEDUxY.exe
  C:\Windows\System\KeEDUxY.exe
  2⤵
  PID:6976
- C:\Windows\System\HEPmGdD.exe
  C:\Windows\System\HEPmGdD.exe
  2⤵
  PID:7140
- C:\Windows\System\PPJhADr.exe
  C:\Windows\System\PPJhADr.exe
  2⤵
  PID:6256
- C:\Windows\System\iWZMOdc.exe
  C:\Windows\System\iWZMOdc.exe
  2⤵
  PID:6188
- C:\Windows\System\hplfndK.exe
  C:\Windows\System\hplfndK.exe
  2⤵
  PID:2528
- C:\Windows\System\vPUfESY.exe
  C:\Windows\System\vPUfESY.exe
  2⤵
  PID:7160
- C:\Windows\System\hzfmzcg.exe
  C:\Windows\System\hzfmzcg.exe
  2⤵
  PID:2180
- C:\Windows\System\kSGynZW.exe
  C:\Windows\System\kSGynZW.exe
  2⤵
  PID:6464
- C:\Windows\System\YrlSlvg.exe
  C:\Windows\System\YrlSlvg.exe
  2⤵
  PID:6504
- C:\Windows\System\taHrZWs.exe
  C:\Windows\System\taHrZWs.exe
  2⤵
  PID:6548
- C:\Windows\System\rQHcHKY.exe
  C:\Windows\System\rQHcHKY.exe
  2⤵
  PID:6656
- C:\Windows\System\cePdlCn.exe
  C:\Windows\System\cePdlCn.exe
  2⤵
  PID:6676
- C:\Windows\System\JlcSrkl.exe
  C:\Windows\System\JlcSrkl.exe
  2⤵
  PID:6736
- C:\Windows\System\ioUZXiv.exe
  C:\Windows\System\ioUZXiv.exe
  2⤵
  PID:6776
- C:\Windows\System\aWFLQXU.exe
  C:\Windows\System\aWFLQXU.exe
  2⤵
  PID:6856
- C:\Windows\System\zBAjlNC.exe
  C:\Windows\System\zBAjlNC.exe
  2⤵
  PID:6820
- C:\Windows\System\AQtsAEZ.exe
  C:\Windows\System\AQtsAEZ.exe
  2⤵
  PID:6884
- C:\Windows\System\xPFkuhy.exe
  C:\Windows\System\xPFkuhy.exe
  2⤵
  PID:2864
- C:\Windows\System\wOWATwR.exe
  C:\Windows\System\wOWATwR.exe
  2⤵
  PID:2440
- C:\Windows\System\xwbVMIV.exe
  C:\Windows\System\xwbVMIV.exe
  2⤵
  PID:676
- C:\Windows\System\TNBhllI.exe
  C:\Windows\System\TNBhllI.exe
  2⤵
  PID:6732
- C:\Windows\System\sLRoHMZ.exe
  C:\Windows\System\sLRoHMZ.exe
  2⤵
  PID:6172
- C:\Windows\System\ubNXUFN.exe
  C:\Windows\System\ubNXUFN.exe
  2⤵
  PID:7076
- C:\Windows\System\eQXNNrG.exe
  C:\Windows\System\eQXNNrG.exe
  2⤵
  PID:6468
- C:\Windows\System\jDbXDef.exe
  C:\Windows\System\jDbXDef.exe
  2⤵
  PID:1752
- C:\Windows\System\TMstMJm.exe
  C:\Windows\System\TMstMJm.exe
  2⤵
  PID:6700
- C:\Windows\System\cpiplYE.exe
  C:\Windows\System\cpiplYE.exe
  2⤵
  PID:6848
- C:\Windows\System\dJwdUAM.exe
  C:\Windows\System\dJwdUAM.exe
  2⤵
  PID:6916
- C:\Windows\System\IsgKhDH.exe
  C:\Windows\System\IsgKhDH.exe
  2⤵
  PID:2820
- C:\Windows\System\ISQgGYw.exe
  C:\Windows\System\ISQgGYw.exe
  2⤵
  PID:6940
- C:\Windows\System\QWHXcPP.exe
  C:\Windows\System\QWHXcPP.exe
  2⤵
  PID:7080
- C:\Windows\System\MYfmbLS.exe
  C:\Windows\System\MYfmbLS.exe
  2⤵
  PID:7132
- C:\Windows\System\JFseJIb.exe
  C:\Windows\System\JFseJIb.exe
  2⤵
  PID:6560
- C:\Windows\System\JTanvjf.exe
  C:\Windows\System\JTanvjf.exe
  2⤵
  PID:7060
- C:\Windows\System\rpjEqHL.exe
  C:\Windows\System\rpjEqHL.exe
  2⤵
  PID:7116
- C:\Windows\System\PoRNmxV.exe
  C:\Windows\System\PoRNmxV.exe
  2⤵
  PID:6336
- C:\Windows\System\eGhqYma.exe
  C:\Windows\System\eGhqYma.exe
  2⤵
  PID:6568
- C:\Windows\System\DeCIcqF.exe
  C:\Windows\System\DeCIcqF.exe
  2⤵
  PID:1996
- C:\Windows\System\LglASxY.exe
  C:\Windows\System\LglASxY.exe
  2⤵
  PID:6580
- C:\Windows\System\dxBhKTV.exe
  C:\Windows\System\dxBhKTV.exe
  2⤵
  PID:7188
- C:\Windows\System\gjHFLqp.exe
  C:\Windows\System\gjHFLqp.exe
  2⤵
  PID:7216
- C:\Windows\System\vguimXm.exe
  C:\Windows\System\vguimXm.exe
  2⤵
  PID:7232
- C:\Windows\System\cOcUPrB.exe
  C:\Windows\System\cOcUPrB.exe
  2⤵
  PID:7256
- C:\Windows\System\IbCQLgP.exe
  C:\Windows\System\IbCQLgP.exe
  2⤵
  PID:7272
- C:\Windows\System\XopkDEZ.exe
  C:\Windows\System\XopkDEZ.exe
  2⤵
  PID:7292
- C:\Windows\System\taBwFDT.exe
  C:\Windows\System\taBwFDT.exe
  2⤵
  PID:7312
- C:\Windows\System\RzRmrXp.exe
  C:\Windows\System\RzRmrXp.exe
  2⤵
  PID:7328
- C:\Windows\System\arnrHMv.exe
  C:\Windows\System\arnrHMv.exe
  2⤵
  PID:7348
- C:\Windows\System\qyQGkvU.exe
  C:\Windows\System\qyQGkvU.exe
  2⤵
  PID:7368
- C:\Windows\System\UclNqjz.exe
  C:\Windows\System\UclNqjz.exe
  2⤵
  PID:7388
- C:\Windows\System\mNoCJCF.exe
  C:\Windows\System\mNoCJCF.exe
  2⤵
  PID:7412
- C:\Windows\System\EJDNJwr.exe
  C:\Windows\System\EJDNJwr.exe
  2⤵
  PID:7428
- C:\Windows\System\SYUJGjM.exe
  C:\Windows\System\SYUJGjM.exe
  2⤵
  PID:7460
- C:\Windows\System\uiGWOZO.exe
  C:\Windows\System\uiGWOZO.exe
  2⤵
  PID:7476
- C:\Windows\System\pyNAmzc.exe
  C:\Windows\System\pyNAmzc.exe
  2⤵
  PID:7492
- C:\Windows\System\xAINftE.exe
  C:\Windows\System\xAINftE.exe
  2⤵
  PID:7516
- C:\Windows\System\CSiuhlO.exe
  C:\Windows\System\CSiuhlO.exe
  2⤵
  PID:7532
- C:\Windows\System\EQjNjFI.exe
  C:\Windows\System\EQjNjFI.exe
  2⤵
  PID:7556
- C:\Windows\System\YxbHLPO.exe
  C:\Windows\System\YxbHLPO.exe
  2⤵
  PID:7580
- C:\Windows\System\dkYOBRG.exe
  C:\Windows\System\dkYOBRG.exe
  2⤵
  PID:7596
- C:\Windows\System\SMtUCDn.exe
  C:\Windows\System\SMtUCDn.exe
  2⤵
  PID:7612
- C:\Windows\System\RHeZkFB.exe
  C:\Windows\System\RHeZkFB.exe
  2⤵
  PID:7628
- C:\Windows\System\abtsUWX.exe
  C:\Windows\System\abtsUWX.exe
  2⤵
  PID:7652
- C:\Windows\System\iuYPpXi.exe
  C:\Windows\System\iuYPpXi.exe
  2⤵
  PID:7668
- C:\Windows\System\xzElggb.exe
  C:\Windows\System\xzElggb.exe
  2⤵
  PID:7684
- C:\Windows\System\eYsFTIX.exe
  C:\Windows\System\eYsFTIX.exe
  2⤵
  PID:7720
- C:\Windows\System\JtiRzTZ.exe
  C:\Windows\System\JtiRzTZ.exe
  2⤵
  PID:7736
- C:\Windows\System\jvcfiFK.exe
  C:\Windows\System\jvcfiFK.exe
  2⤵
  PID:7756
- C:\Windows\System\WVwbDFL.exe
  C:\Windows\System\WVwbDFL.exe
  2⤵
  PID:7776
- C:\Windows\System\rDsqkmP.exe
  C:\Windows\System\rDsqkmP.exe
  2⤵
  PID:7792
- C:\Windows\System\uNPbSOg.exe
  C:\Windows\System\uNPbSOg.exe
  2⤵
  PID:7808
- C:\Windows\System\hmwDQXs.exe
  C:\Windows\System\hmwDQXs.exe
  2⤵
  PID:7844
- C:\Windows\System\mrgdjjf.exe
  C:\Windows\System\mrgdjjf.exe
  2⤵
  PID:7860
- C:\Windows\System\YUOozNt.exe
  C:\Windows\System\YUOozNt.exe
  2⤵
  PID:7880
- C:\Windows\System\raZNVUn.exe
  C:\Windows\System\raZNVUn.exe
  2⤵
  PID:7896
- C:\Windows\System\qPTjowP.exe
  C:\Windows\System\qPTjowP.exe
  2⤵
  PID:7912
- C:\Windows\System\evrbfbj.exe
  C:\Windows\System\evrbfbj.exe
  2⤵
  PID:7932
- C:\Windows\System\ZDIZRJW.exe
  C:\Windows\System\ZDIZRJW.exe
  2⤵
  PID:7952
- C:\Windows\System\mVdCtav.exe
  C:\Windows\System\mVdCtav.exe
  2⤵
  PID:7984
- C:\Windows\System\YspsIEU.exe
  C:\Windows\System\YspsIEU.exe
  2⤵
  PID:8000
- C:\Windows\System\VRcinGg.exe
  C:\Windows\System\VRcinGg.exe
  2⤵
  PID:8016
- C:\Windows\System\MNHeOKe.exe
  C:\Windows\System\MNHeOKe.exe
  2⤵
  PID:8036
- C:\Windows\System\NpTKEwX.exe
  C:\Windows\System\NpTKEwX.exe
  2⤵
  PID:8052
- C:\Windows\System\XIQUmlb.exe
  C:\Windows\System\XIQUmlb.exe
  2⤵
  PID:8084
- C:\Windows\System\PAltSQb.exe
  C:\Windows\System\PAltSQb.exe
  2⤵
  PID:8100
- C:\Windows\System\llfeEoz.exe
  C:\Windows\System\llfeEoz.exe
  2⤵
  PID:8120
- C:\Windows\System\edgoDCW.exe
  C:\Windows\System\edgoDCW.exe
  2⤵
  PID:8144
- C:\Windows\System\BxcNQCw.exe
  C:\Windows\System\BxcNQCw.exe
  2⤵
  PID:8160
- C:\Windows\System\UjjDIJX.exe
  C:\Windows\System\UjjDIJX.exe
  2⤵
  PID:8176
- C:\Windows\System\mhdarNS.exe
  C:\Windows\System\mhdarNS.exe
  2⤵
  PID:6960
- C:\Windows\System\IYmdxoO.exe
  C:\Windows\System\IYmdxoO.exe
  2⤵
  PID:7240
- C:\Windows\System\MZuhtaO.exe
  C:\Windows\System\MZuhtaO.exe
  2⤵
  PID:7184
- C:\Windows\System\uqdMqKj.exe
  C:\Windows\System\uqdMqKj.exe
  2⤵
  PID:7224
- C:\Windows\System\BpjPJZi.exe
  C:\Windows\System\BpjPJZi.exe
  2⤵
  PID:7280
- C:\Windows\System\BDFuuxu.exe
  C:\Windows\System\BDFuuxu.exe
  2⤵
  PID:7364
- C:\Windows\System\fEHrnpX.exe
  C:\Windows\System\fEHrnpX.exe
  2⤵
  PID:7408
- C:\Windows\System\fIGTOjl.exe
  C:\Windows\System\fIGTOjl.exe
  2⤵
  PID:7300
- C:\Windows\System\mWCChyS.exe
  C:\Windows\System\mWCChyS.exe
  2⤵
  PID:7344
- C:\Windows\System\fjeVsxT.exe
  C:\Windows\System\fjeVsxT.exe
  2⤵
  PID:7456
- C:\Windows\System\ZRLJtuA.exe
  C:\Windows\System\ZRLJtuA.exe
  2⤵
  PID:7484
- C:\Windows\System\AKEXTIi.exe
  C:\Windows\System\AKEXTIi.exe
  2⤵
  PID:7524
- C:\Windows\System\CtgGMZf.exe
  C:\Windows\System\CtgGMZf.exe
  2⤵
  PID:7568
- C:\Windows\System\QEiTCSO.exe
  C:\Windows\System\QEiTCSO.exe
  2⤵
  PID:7572
- C:\Windows\System\EiscxcV.exe
  C:\Windows\System\EiscxcV.exe
  2⤵
  PID:7636
- C:\Windows\System\SjixijZ.exe
  C:\Windows\System\SjixijZ.exe
  2⤵
  PID:7680
- C:\Windows\System\NHbRjoq.exe
  C:\Windows\System\NHbRjoq.exe
  2⤵
  PID:7692
- C:\Windows\System\kDdbCAo.exe
  C:\Windows\System\kDdbCAo.exe
  2⤵
  PID:7716
- C:\Windows\System\hPUVnNa.exe
  C:\Windows\System\hPUVnNa.exe
  2⤵
  PID:7748
- C:\Windows\System\VleBzzm.exe
  C:\Windows\System\VleBzzm.exe
  2⤵
  PID:7816
- C:\Windows\System\SJVUBEf.exe
  C:\Windows\System\SJVUBEf.exe
  2⤵
  PID:7856
- C:\Windows\System\JiYWSwp.exe
  C:\Windows\System\JiYWSwp.exe
  2⤵
  PID:7928
- C:\Windows\System\khPfYTc.exe
  C:\Windows\System\khPfYTc.exe
  2⤵
  PID:7972
- C:\Windows\System\DZVTLNy.exe
  C:\Windows\System\DZVTLNy.exe
  2⤵
  PID:8008
- C:\Windows\System\YKmHPPr.exe
  C:\Windows\System\YKmHPPr.exe
  2⤵
  PID:7876
- C:\Windows\System\ZuhKRQF.exe
  C:\Windows\System\ZuhKRQF.exe
  2⤵
  PID:8096
- C:\Windows\System\LhoQFmR.exe
  C:\Windows\System\LhoQFmR.exe
  2⤵
  PID:8136
- C:\Windows\System\dBZmynR.exe
  C:\Windows\System\dBZmynR.exe
  2⤵
  PID:8132
- C:\Windows\System\RvWmEoP.exe
  C:\Windows\System\RvWmEoP.exe
  2⤵
  PID:7204
- C:\Windows\System\QbvglHb.exe
  C:\Windows\System\QbvglHb.exe
  2⤵
  PID:8032
- C:\Windows\System\zrGOeJw.exe
  C:\Windows\System\zrGOeJw.exe
  2⤵
  PID:8068
- C:\Windows\System\YTibtaP.exe
  C:\Windows\System\YTibtaP.exe
  2⤵
  PID:8116
- C:\Windows\System\lbFToom.exe
  C:\Windows\System\lbFToom.exe
  2⤵
  PID:2684
- C:\Windows\System\JqGfcrU.exe
  C:\Windows\System\JqGfcrU.exe
  2⤵
  PID:7436
- C:\Windows\System\eictZvf.exe
  C:\Windows\System\eictZvf.exe
  2⤵
  PID:7644
- C:\Windows\System\ABsqQlj.exe
  C:\Windows\System\ABsqQlj.exe
  2⤵
  PID:7576
- C:\Windows\System\DyEJOLk.exe
  C:\Windows\System\DyEJOLk.exe
  2⤵
  PID:7180
- C:\Windows\System\cxLLRMX.exe
  C:\Windows\System\cxLLRMX.exe
  2⤵
  PID:7396
- C:\Windows\System\lpSwrlC.exe
  C:\Windows\System\lpSwrlC.exe
  2⤵
  PID:7564
- C:\Windows\System\CcfQBWT.exe
  C:\Windows\System\CcfQBWT.exe
  2⤵
  PID:7620
- C:\Windows\System\jWLQtcq.exe
  C:\Windows\System\jWLQtcq.exe
  2⤵
  PID:7660
- C:\Windows\System\cpikksz.exe
  C:\Windows\System\cpikksz.exe
  2⤵
  PID:7308
- C:\Windows\System\ewarWrW.exe
  C:\Windows\System\ewarWrW.exe
  2⤵
  PID:7828
- C:\Windows\System\CblReFR.exe
  C:\Windows\System\CblReFR.exe
  2⤵
  PID:7400
- C:\Windows\System\JoQCdvE.exe
  C:\Windows\System\JoQCdvE.exe
  2⤵
  PID:7888
- C:\Windows\System\ZALdGuy.exe
  C:\Windows\System\ZALdGuy.exe
  2⤵
  PID:8044
- C:\Windows\System\PkIQXWi.exe
  C:\Windows\System\PkIQXWi.exe
  2⤵
  PID:7868
- C:\Windows\System\yjnVBRI.exe
  C:\Windows\System\yjnVBRI.exe
  2⤵
  PID:8024
- C:\Windows\System\oAbgnkz.exe
  C:\Windows\System\oAbgnkz.exe
  2⤵
  PID:7244
- C:\Windows\System\jSwcmhR.exe
  C:\Windows\System\jSwcmhR.exe
  2⤵
  PID:8172
- C:\Windows\System\WpfKsMd.exe
  C:\Windows\System\WpfKsMd.exe
  2⤵
  PID:7252
- C:\Windows\System\rafnUaI.exe
  C:\Windows\System\rafnUaI.exe
  2⤵
  PID:7424
- C:\Windows\System\XGQirHz.exe
  C:\Windows\System\XGQirHz.exe
  2⤵
  PID:7552
- C:\Windows\System\YTjzGQU.exe
  C:\Windows\System\YTjzGQU.exe
  2⤵
  PID:7472
- C:\Windows\System\SFgwueh.exe
  C:\Windows\System\SFgwueh.exe
  2⤵
  PID:7508
- C:\Windows\System\BuzprPd.exe
  C:\Windows\System\BuzprPd.exe
  2⤵
  PID:7700
- C:\Windows\System\MqKPISa.exe
  C:\Windows\System\MqKPISa.exe
  2⤵
  PID:7712
- C:\Windows\System\SauOAkV.exe
  C:\Windows\System\SauOAkV.exe
  2⤵
  PID:7940
- C:\Windows\System\kYunRQy.exe
  C:\Windows\System\kYunRQy.exe
  2⤵
  PID:8168
- C:\Windows\System\ceDjZCW.exe
  C:\Windows\System\ceDjZCW.exe
  2⤵
  PID:7960
- C:\Windows\System\cwAkSCu.exe
  C:\Windows\System\cwAkSCu.exe
  2⤵
  PID:8048
- C:\Windows\System\gfMiStE.exe
  C:\Windows\System\gfMiStE.exe
  2⤵
  PID:8188
- C:\Windows\System\hlrrRwC.exe
  C:\Windows\System\hlrrRwC.exe
  2⤵
  PID:6832
- C:\Windows\System\ksntzXd.exe
  C:\Windows\System\ksntzXd.exe
  2⤵
  PID:7512
- C:\Windows\System\uxXKned.exe
  C:\Windows\System\uxXKned.exe
  2⤵
  PID:8156
- C:\Windows\System\egTdIsb.exe
  C:\Windows\System\egTdIsb.exe
  2⤵
  PID:7832
- C:\Windows\System\lZsaaze.exe
  C:\Windows\System\lZsaaze.exe
  2⤵
  PID:7892
- C:\Windows\System\teTNKEX.exe
  C:\Windows\System\teTNKEX.exe
  2⤵
  PID:7360
- C:\Windows\System\MjuXpIm.exe
  C:\Windows\System\MjuXpIm.exe
  2⤵
  PID:7708
- C:\Windows\System\RFnexwS.exe
  C:\Windows\System\RFnexwS.exe
  2⤵
  PID:7852
- C:\Windows\System\mlQwTnL.exe
  C:\Windows\System\mlQwTnL.exe
  2⤵
  PID:7212
- C:\Windows\System\rvfZnQp.exe
  C:\Windows\System\rvfZnQp.exe
  2⤵
  PID:7288
- C:\Windows\System\SEQLlKV.exe
  C:\Windows\System\SEQLlKV.exe
  2⤵
  PID:7324
- C:\Windows\System\cwmSFrT.exe
  C:\Windows\System\cwmSFrT.exe
  2⤵
  PID:8200
- C:\Windows\System\OWJijZU.exe
  C:\Windows\System\OWJijZU.exe
  2⤵
  PID:8216
- C:\Windows\System\cJCHhrB.exe
  C:\Windows\System\cJCHhrB.exe
  2⤵
  PID:8236
- C:\Windows\System\IDZEBxr.exe
  C:\Windows\System\IDZEBxr.exe
  2⤵
  PID:8276
- C:\Windows\System\qZQwqui.exe
  C:\Windows\System\qZQwqui.exe
  2⤵
  PID:8296
- C:\Windows\System\QVIvYsc.exe
  C:\Windows\System\QVIvYsc.exe
  2⤵
  PID:8312
- C:\Windows\System\MjMFPSn.exe
  C:\Windows\System\MjMFPSn.exe
  2⤵
  PID:8328
- C:\Windows\System\nExPKVp.exe
  C:\Windows\System\nExPKVp.exe
  2⤵
  PID:8344
- C:\Windows\System\hGHuFqO.exe
  C:\Windows\System\hGHuFqO.exe
  2⤵
  PID:8360
- C:\Windows\System\paWjDoT.exe
  C:\Windows\System\paWjDoT.exe
  2⤵
  PID:8376
- C:\Windows\System\DPNZSDz.exe
  C:\Windows\System\DPNZSDz.exe
  2⤵
  PID:8396
- C:\Windows\System\ItkiFbV.exe
  C:\Windows\System\ItkiFbV.exe
  2⤵
  PID:8440
- C:\Windows\System\FhqUZfP.exe
  C:\Windows\System\FhqUZfP.exe
  2⤵
  PID:8456
- C:\Windows\System\TJYHDqx.exe
  C:\Windows\System\TJYHDqx.exe
  2⤵
  PID:8472
- C:\Windows\System\eAypIwW.exe
  C:\Windows\System\eAypIwW.exe
  2⤵
  PID:8496
- C:\Windows\System\ASgDOQH.exe
  C:\Windows\System\ASgDOQH.exe
  2⤵
  PID:8520
- C:\Windows\System\kUxMNHh.exe
  C:\Windows\System\kUxMNHh.exe
  2⤵
  PID:8536
- C:\Windows\System\ORtRuzF.exe
  C:\Windows\System\ORtRuzF.exe
  2⤵
  PID:8556
- C:\Windows\System\gjEZBoO.exe
  C:\Windows\System\gjEZBoO.exe
  2⤵
  PID:8572
- C:\Windows\System\AcmDmBh.exe
  C:\Windows\System\AcmDmBh.exe
  2⤵
  PID:8588
- C:\Windows\System\BXYFBZo.exe
  C:\Windows\System\BXYFBZo.exe
  2⤵
  PID:8624
- C:\Windows\System\FnWiXqn.exe
  C:\Windows\System\FnWiXqn.exe
  2⤵
  PID:8640
- C:\Windows\System\hoxpOAq.exe
  C:\Windows\System\hoxpOAq.exe
  2⤵
  PID:8660
- C:\Windows\System\UYEhwTv.exe
  C:\Windows\System\UYEhwTv.exe
  2⤵
  PID:8684
- C:\Windows\System\PNyfkAM.exe
  C:\Windows\System\PNyfkAM.exe
  2⤵
  PID:8700
- C:\Windows\System\jUYFjCW.exe
  C:\Windows\System\jUYFjCW.exe
  2⤵
  PID:8720
- C:\Windows\System\vsWCJvX.exe
  C:\Windows\System\vsWCJvX.exe
  2⤵
  PID:8736
- C:\Windows\System\LEbCMfN.exe
  C:\Windows\System\LEbCMfN.exe
  2⤵
  PID:8756
- C:\Windows\System\ZDcrOdM.exe
  C:\Windows\System\ZDcrOdM.exe
  2⤵
  PID:8772
- C:\Windows\System\kpmwrza.exe
  C:\Windows\System\kpmwrza.exe
  2⤵
  PID:8792
- C:\Windows\System\eWNVnyF.exe
  C:\Windows\System\eWNVnyF.exe
  2⤵
  PID:8808
- C:\Windows\System\EPIFGrM.exe
  C:\Windows\System\EPIFGrM.exe
  2⤵
  PID:8828
- C:\Windows\System\YrKygoN.exe
  C:\Windows\System\YrKygoN.exe
  2⤵
  PID:8844
- C:\Windows\System\gVgRYzj.exe
  C:\Windows\System\gVgRYzj.exe
  2⤵
  PID:8864
- C:\Windows\System\AfbLHiq.exe
  C:\Windows\System\AfbLHiq.exe
  2⤵
  PID:8904
- C:\Windows\System\mEXYyrH.exe
  C:\Windows\System\mEXYyrH.exe
  2⤵
  PID:8920
- C:\Windows\System\HSqQDFl.exe
  C:\Windows\System\HSqQDFl.exe
  2⤵
  PID:8940
- C:\Windows\System\FQNcAoU.exe
  C:\Windows\System\FQNcAoU.exe
  2⤵
  PID:8956
- C:\Windows\System\RPeWUle.exe
  C:\Windows\System\RPeWUle.exe
  2⤵
  PID:8972
- C:\Windows\System\VbGAqfn.exe
  C:\Windows\System\VbGAqfn.exe
  2⤵
  PID:8996
- C:\Windows\System\IUpmSnX.exe
  C:\Windows\System\IUpmSnX.exe
  2⤵
  PID:9012
- C:\Windows\System\arHPQaA.exe
  C:\Windows\System\arHPQaA.exe
  2⤵
  PID:9048
- C:\Windows\System\KUgyVlw.exe
  C:\Windows\System\KUgyVlw.exe
  2⤵
  PID:9064
- C:\Windows\System\zOfAtDd.exe
  C:\Windows\System\zOfAtDd.exe
  2⤵
  PID:9084
- C:\Windows\System\kKZBDMK.exe
  C:\Windows\System\kKZBDMK.exe
  2⤵
  PID:9100
- C:\Windows\System\VUEPKJt.exe
  C:\Windows\System\VUEPKJt.exe
  2⤵
  PID:9120
- C:\Windows\System\vfuaQdk.exe
  C:\Windows\System\vfuaQdk.exe
  2⤵
  PID:9136
- C:\Windows\System\YZPPVfm.exe
  C:\Windows\System\YZPPVfm.exe
  2⤵
  PID:9152
- C:\Windows\System\TSymbsf.exe
  C:\Windows\System\TSymbsf.exe
  2⤵
  PID:9168
- C:\Windows\System\EUPsUqa.exe
  C:\Windows\System\EUPsUqa.exe
  2⤵
  PID:9184
- C:\Windows\System\ORzZXhB.exe
  C:\Windows\System\ORzZXhB.exe
  2⤵
  PID:9200
- C:\Windows\System\FyWwQqn.exe
  C:\Windows\System\FyWwQqn.exe
  2⤵
  PID:8244
- C:\Windows\System\JePOiCX.exe
  C:\Windows\System\JePOiCX.exe
  2⤵
  PID:8260
- C:\Windows\System\KaPlinL.exe
  C:\Windows\System\KaPlinL.exe
  2⤵
  PID:8208
- C:\Windows\System\zxuPuOF.exe
  C:\Windows\System\zxuPuOF.exe
  2⤵
  PID:8288
- C:\Windows\System\mjnlXvL.exe
  C:\Windows\System\mjnlXvL.exe
  2⤵
  PID:8268
- C:\Windows\System\IqqklRw.exe
  C:\Windows\System\IqqklRw.exe
  2⤵
  PID:8384
- C:\Windows\System\tRKdPBk.exe
  C:\Windows\System\tRKdPBk.exe
  2⤵
  PID:8392
- C:\Windows\System\MosxkyP.exe
  C:\Windows\System\MosxkyP.exe
  2⤵
  PID:8368
- C:\Windows\System\lFrReBk.exe
  C:\Windows\System\lFrReBk.exe
  2⤵
  PID:8304
- C:\Windows\System\jGMvtqo.exe
  C:\Windows\System\jGMvtqo.exe
  2⤵
  PID:8480
- C:\Windows\System\apOIopG.exe
  C:\Windows\System\apOIopG.exe
  2⤵
  PID:8424
- C:\Windows\System\erbcRPS.exe
  C:\Windows\System\erbcRPS.exe
  2⤵
  PID:8464
- C:\Windows\System\EbfYzZn.exe
  C:\Windows\System\EbfYzZn.exe
  2⤵
  PID:8532
- C:\Windows\System\GPHKour.exe
  C:\Windows\System\GPHKour.exe
  2⤵
  PID:8564
- C:\Windows\System\NEHcTHu.exe
  C:\Windows\System\NEHcTHu.exe
  2⤵
  PID:8600
- C:\Windows\System\nDhOCWT.exe
  C:\Windows\System\nDhOCWT.exe
  2⤵
  PID:8580
- C:\Windows\System\EWGcDgg.exe
  C:\Windows\System\EWGcDgg.exe
  2⤵
  PID:8544
- C:\Windows\System\MdBmXTw.exe
  C:\Windows\System\MdBmXTw.exe
  2⤵
  PID:8652
- C:\Windows\System\BGGQMBA.exe
  C:\Windows\System\BGGQMBA.exe
  2⤵
  PID:8632
- C:\Windows\System\MznHQja.exe
  C:\Windows\System\MznHQja.exe
  2⤵
  PID:8692
- C:\Windows\System\ePgcpGH.exe
  C:\Windows\System\ePgcpGH.exe
  2⤵
  PID:8764
- C:\Windows\System\WnKwCkT.exe
  C:\Windows\System\WnKwCkT.exe
  2⤵
  PID:8836
- C:\Windows\System\gGPiEGN.exe
  C:\Windows\System\gGPiEGN.exe
  2⤵
  PID:8884
- C:\Windows\System\tkBIwCU.exe
  C:\Windows\System\tkBIwCU.exe
  2⤵
  PID:8900
- C:\Windows\System\qILxazo.exe
  C:\Windows\System\qILxazo.exe
  2⤵
  PID:8932
- C:\Windows\System\CDwGJMO.exe
  C:\Windows\System\CDwGJMO.exe
  2⤵
  PID:9008
- C:\Windows\System\KMLSMpS.exe
  C:\Windows\System\KMLSMpS.exe
  2⤵
  PID:8744
- C:\Windows\System\wzqQdKD.exe
  C:\Windows\System\wzqQdKD.exe
  2⤵
  PID:8784
- C:\Windows\System\kQcTJAq.exe
  C:\Windows\System\kQcTJAq.exe
  2⤵
  PID:8820
- C:\Windows\System\MsWVnFo.exe
  C:\Windows\System\MsWVnFo.exe
  2⤵
  PID:8980
- C:\Windows\System\PlSuLSC.exe
  C:\Windows\System\PlSuLSC.exe
  2⤵
  PID:8984
- C:\Windows\System\kcQRWBz.exe
  C:\Windows\System\kcQRWBz.exe
  2⤵
  PID:9060
- C:\Windows\System\NwRxMRM.exe
  C:\Windows\System\NwRxMRM.exe
  2⤵
  PID:9032
- C:\Windows\System\JoZbtRC.exe
  C:\Windows\System\JoZbtRC.exe
  2⤵
  PID:9028
- C:\Windows\System\UmftmzG.exe
  C:\Windows\System\UmftmzG.exe
  2⤵
  PID:9072
- C:\Windows\System\xBEEPZW.exe
  C:\Windows\System\xBEEPZW.exe
  2⤵
  PID:9112
- C:\Windows\System\CbhCHOL.exe
  C:\Windows\System\CbhCHOL.exe
  2⤵
  PID:9164
- C:\Windows\System\hnsSPoJ.exe
  C:\Windows\System\hnsSPoJ.exe
  2⤵
  PID:9180
- C:\Windows\System\eCgCwgC.exe
  C:\Windows\System\eCgCwgC.exe
  2⤵
  PID:7592
- C:\Windows\System\fRxqtVW.exe
  C:\Windows\System\fRxqtVW.exe
  2⤵
  PID:8228
- C:\Windows\System\evQkner.exe
  C:\Windows\System\evQkner.exe
  2⤵
  PID:8028
- C:\Windows\System\ZYdFQra.exe
  C:\Windows\System\ZYdFQra.exe
  2⤵
  PID:7908
- C:\Windows\System\NoTQmRJ.exe
  C:\Windows\System\NoTQmRJ.exe
  2⤵
  PID:7992
- C:\Windows\System\IDYyBxd.exe
  C:\Windows\System\IDYyBxd.exe
  2⤵
  PID:8324
- C:\Windows\System\eJqGqDj.exe
  C:\Windows\System\eJqGqDj.exe
  2⤵
  PID:8448
- C:\Windows\System\wfFkPsu.exe
  C:\Windows\System\wfFkPsu.exe
  2⤵
  PID:8416
- C:\Windows\System\FyuThhe.exe
  C:\Windows\System\FyuThhe.exe
  2⤵
  PID:8468
- C:\Windows\System\CBbAXmi.exe
  C:\Windows\System\CBbAXmi.exe
  2⤵
  PID:8604
- C:\Windows\System\GhaOMRb.exe
  C:\Windows\System\GhaOMRb.exe
  2⤵
  PID:8596
- C:\Windows\System\ERYJYlt.exe
  C:\Windows\System\ERYJYlt.exe
  2⤵
  PID:8552
- C:\Windows\System\kmknwrN.exe
  C:\Windows\System\kmknwrN.exe
  2⤵
  PID:8672
- C:\Windows\System\avsQvjG.exe
  C:\Windows\System\avsQvjG.exe
  2⤵
  PID:8872
- C:\Windows\System\mnqyDKM.exe
  C:\Windows\System\mnqyDKM.exe
  2⤵
  PID:8968
- C:\Windows\System\yAjnEIA.exe
  C:\Windows\System\yAjnEIA.exe
  2⤵
  PID:8752
- C:\Windows\System\XtOIxeV.exe
  C:\Windows\System\XtOIxeV.exe
  2⤵
  PID:8816
- C:\Windows\System\hzUdUJl.exe
  C:\Windows\System\hzUdUJl.exe
  2⤵
  PID:9020
- C:\Windows\System\dddQMhx.exe
  C:\Windows\System\dddQMhx.exe
  2⤵
  PID:9024
- C:\Windows\System\XRnTJei.exe
  C:\Windows\System\XRnTJei.exe
  2⤵
  PID:9116
- C:\Windows\System\UFdCVQm.exe
  C:\Windows\System\UFdCVQm.exe
  2⤵
  PID:7336
- C:\Windows\System\kUocpOA.exe
  C:\Windows\System\kUocpOA.exe
  2⤵
  PID:9128
- C:\Windows\System\NmOnZEx.exe
  C:\Windows\System\NmOnZEx.exe
  2⤵
  PID:7676
- C:\Windows\System\ebQBohw.exe
  C:\Windows\System\ebQBohw.exe
  2⤵
  PID:8252
- C:\Windows\System\KgHesmc.exe
  C:\Windows\System\KgHesmc.exe
  2⤵
  PID:8408
- C:\Windows\System\gDEBPHs.exe
  C:\Windows\System\gDEBPHs.exe
  2⤵
  PID:8680
- C:\Windows\System\lZeVzRt.exe
  C:\Windows\System\lZeVzRt.exe
  2⤵
  PID:8352
- C:\Windows\System\UAFPCts.exe
  C:\Windows\System\UAFPCts.exe
  2⤵
  PID:8636
- C:\Windows\System\LiKuBSg.exe
  C:\Windows\System\LiKuBSg.exe
  2⤵
  PID:8668
- C:\Windows\System\IvJDxMK.exe
  C:\Windows\System\IvJDxMK.exe
  2⤵
  PID:8860
- C:\Windows\System\snNQhcC.exe
  C:\Windows\System\snNQhcC.exe
  2⤵
  PID:8896
- C:\Windows\System\KHrLZec.exe
  C:\Windows\System\KHrLZec.exe
  2⤵
  PID:9108
- C:\Windows\System\TJDNCmX.exe
  C:\Windows\System\TJDNCmX.exe
  2⤵
  PID:8988
- C:\Windows\System\UYxtcRO.exe
  C:\Windows\System\UYxtcRO.exe
  2⤵
  PID:8616
- C:\Windows\System\dYdMQpr.exe
  C:\Windows\System\dYdMQpr.exe
  2⤵
  PID:9196
- C:\Windows\System\UwxRZlH.exe
  C:\Windows\System\UwxRZlH.exe
  2⤵
  PID:9044
- C:\Windows\System\XfWnNrC.exe
  C:\Windows\System\XfWnNrC.exe
  2⤵
  PID:9228
- C:\Windows\System\ECPcncY.exe
  C:\Windows\System\ECPcncY.exe
  2⤵
  PID:9244
- C:\Windows\System\yUUQMFO.exe
  C:\Windows\System\yUUQMFO.exe
  2⤵
  PID:9260
- C:\Windows\System\tgbUmcS.exe
  C:\Windows\System\tgbUmcS.exe
  2⤵
  PID:9276
- C:\Windows\System\vpJXnue.exe
  C:\Windows\System\vpJXnue.exe
  2⤵
  PID:9292
- C:\Windows\System\oWehpci.exe
  C:\Windows\System\oWehpci.exe
  2⤵
  PID:9308
- C:\Windows\System\LZnZJJn.exe
  C:\Windows\System\LZnZJJn.exe
  2⤵
  PID:9324
- C:\Windows\System\cmJVlzw.exe
  C:\Windows\System\cmJVlzw.exe
  2⤵
  PID:9340
- C:\Windows\System\yJetsqn.exe
  C:\Windows\System\yJetsqn.exe
  2⤵
  PID:9356
- C:\Windows\System\nXlSaSi.exe
  C:\Windows\System\nXlSaSi.exe
  2⤵
  PID:9372
- C:\Windows\System\RRFUpnl.exe
  C:\Windows\System\RRFUpnl.exe
  2⤵
  PID:9388
- C:\Windows\System\DGnlxpN.exe
  C:\Windows\System\DGnlxpN.exe
  2⤵
  PID:9404
- C:\Windows\System\BXYGdlg.exe
  C:\Windows\System\BXYGdlg.exe
  2⤵
  PID:9420
- C:\Windows\System\EHQGQZg.exe
  C:\Windows\System\EHQGQZg.exe
  2⤵
  PID:9436
- C:\Windows\System\dsmJgWF.exe
  C:\Windows\System\dsmJgWF.exe
  2⤵
  PID:9452
- C:\Windows\System\nmGdhvL.exe
  C:\Windows\System\nmGdhvL.exe
  2⤵
  PID:9472
- C:\Windows\System\RwrXwQu.exe
  C:\Windows\System\RwrXwQu.exe
  2⤵
  PID:9488
- C:\Windows\System\QTqxeyO.exe
  C:\Windows\System\QTqxeyO.exe
  2⤵
  PID:9504
- C:\Windows\System\hIKaqVh.exe
  C:\Windows\System\hIKaqVh.exe
  2⤵
  PID:9520
- C:\Windows\System\VXsuHsf.exe
  C:\Windows\System\VXsuHsf.exe
  2⤵
  PID:9536
- C:\Windows\System\veKcySt.exe
  C:\Windows\System\veKcySt.exe
  2⤵
  PID:9552
- C:\Windows\System\dniDKlD.exe
  C:\Windows\System\dniDKlD.exe
  2⤵
  PID:9568
- C:\Windows\System\gpHIACG.exe
  C:\Windows\System\gpHIACG.exe
  2⤵
  PID:9584
- C:\Windows\System\AwVCSPK.exe
  C:\Windows\System\AwVCSPK.exe
  2⤵
  PID:9600
- C:\Windows\System\UHusIYh.exe
  C:\Windows\System\UHusIYh.exe
  2⤵
  PID:9616
- C:\Windows\System\zqDURso.exe
  C:\Windows\System\zqDURso.exe
  2⤵
  PID:9632
- C:\Windows\System\GIfuhdT.exe
  C:\Windows\System\GIfuhdT.exe
  2⤵
  PID:9648
- C:\Windows\System\ArrLAlt.exe
  C:\Windows\System\ArrLAlt.exe
  2⤵
  PID:9664
- C:\Windows\System\YgPFLIk.exe
  C:\Windows\System\YgPFLIk.exe
  2⤵
  PID:9680
- C:\Windows\System\EYZZnEV.exe
  C:\Windows\System\EYZZnEV.exe
  2⤵
  PID:9696
- C:\Windows\System\MxmXLaM.exe
  C:\Windows\System\MxmXLaM.exe
  2⤵
  PID:9712
- C:\Windows\System\HWmHbYX.exe
  C:\Windows\System\HWmHbYX.exe
  2⤵
  PID:9728
- C:\Windows\System\dRWWwLY.exe
  C:\Windows\System\dRWWwLY.exe
  2⤵
  PID:9744
- C:\Windows\System\pYuFXZv.exe
  C:\Windows\System\pYuFXZv.exe
  2⤵
  PID:9760
- C:\Windows\System\kJalxHs.exe
  C:\Windows\System\kJalxHs.exe
  2⤵
  PID:9776
- C:\Windows\System\VhFksZL.exe
  C:\Windows\System\VhFksZL.exe
  2⤵
  PID:9792
- C:\Windows\System\sEfTQtK.exe
  C:\Windows\System\sEfTQtK.exe
  2⤵
  PID:9808
- C:\Windows\System\dFFkGPy.exe
  C:\Windows\System\dFFkGPy.exe
  2⤵
  PID:9824
- C:\Windows\System\guJyKNk.exe
  C:\Windows\System\guJyKNk.exe
  2⤵
  PID:9840
- C:\Windows\System\TcjiOMU.exe
  C:\Windows\System\TcjiOMU.exe
  2⤵
  PID:9856
- C:\Windows\System\AfkZzaC.exe
  C:\Windows\System\AfkZzaC.exe
  2⤵
  PID:9872
- C:\Windows\System\eXRIHYj.exe
  C:\Windows\System\eXRIHYj.exe
  2⤵
  PID:9888
- C:\Windows\System\DZswLNk.exe
  C:\Windows\System\DZswLNk.exe
  2⤵
  PID:9904
- C:\Windows\System\Uavcdmp.exe
  C:\Windows\System\Uavcdmp.exe
  2⤵
  PID:8780
- C:\Windows\System\ITZjnJz.exe
  C:\Windows\System\ITZjnJz.exe
  2⤵
  PID:8856
- C:\Windows\System\ItNOOol.exe
  C:\Windows\System\ItNOOol.exe
  2⤵
  PID:9256
- C:\Windows\System\axAIUsb.exe
  C:\Windows\System\axAIUsb.exe
  2⤵
  PID:9288
- C:\Windows\System\VURrALs.exe
  C:\Windows\System\VURrALs.exe
  2⤵
  PID:9304
- C:\Windows\System\ccBLWUu.exe
  C:\Windows\System\ccBLWUu.exe
  2⤵
  PID:9364
- C:\Windows\System\wmOHfFi.exe
  C:\Windows\System\wmOHfFi.exe
  2⤵
  PID:9432
- C:\Windows\System\yljdLRs.exe
  C:\Windows\System\yljdLRs.exe
  2⤵
  PID:9352
- C:\Windows\System\xvfUkNJ.exe
  C:\Windows\System\xvfUkNJ.exe
  2⤵
  PID:9416
- C:\Windows\System\bBzFtYo.exe
  C:\Windows\System\bBzFtYo.exe
  2⤵
  PID:9528
- C:\Windows\System\rHnFnqO.exe
  C:\Windows\System\rHnFnqO.exe
  2⤵
  PID:9564
- C:\Windows\System\AwvjXFp.exe
  C:\Windows\System\AwvjXFp.exe
  2⤵
  PID:9544
- C:\Windows\System\mXYhfeb.exe
  C:\Windows\System\mXYhfeb.exe
  2⤵
  PID:9580
- C:\Windows\System\NMdmShh.exe
  C:\Windows\System\NMdmShh.exe
  2⤵
  PID:9612
- C:\Windows\System\swjEaMN.exe
  C:\Windows\System\swjEaMN.exe
  2⤵
  PID:9656
- C:\Windows\System\xpARClU.exe
  C:\Windows\System\xpARClU.exe
  2⤵
  PID:9676
- C:\Windows\System\yCBosqA.exe
  C:\Windows\System\yCBosqA.exe
  2⤵
  PID:9756
- C:\Windows\System\clYqRNI.exe
  C:\Windows\System\clYqRNI.exe
  2⤵
  PID:9740
- C:\Windows\System\NqdbYDQ.exe
  C:\Windows\System\NqdbYDQ.exe
  2⤵
  PID:9772
- C:\Windows\System\MXirmuk.exe
  C:\Windows\System\MXirmuk.exe
  2⤵
  PID:9816
- C:\Windows\System\fKlIyjN.exe
  C:\Windows\System\fKlIyjN.exe
  2⤵
  PID:9880
- C:\Windows\System\IucdQVQ.exe
  C:\Windows\System\IucdQVQ.exe
  2⤵
  PID:9864
- C:\Windows\System\MWnpaHN.exe
  C:\Windows\System\MWnpaHN.exe
  2⤵
  PID:9096
- C:\Windows\System\IcjsIxP.exe
  C:\Windows\System\IcjsIxP.exe
  2⤵
  PID:9936
- C:\Windows\System\YYTafrN.exe
  C:\Windows\System\YYTafrN.exe
  2⤵
  PID:9944
- C:\Windows\System\YOSLobb.exe
  C:\Windows\System\YOSLobb.exe
  2⤵
  PID:10004
- C:\Windows\System\xHwqXPc.exe
  C:\Windows\System\xHwqXPc.exe
  2⤵
  PID:10012
- C:\Windows\System\wEkQcoX.exe
  C:\Windows\System\wEkQcoX.exe
  2⤵
  PID:10032
- C:\Windows\System\KrlhDRp.exe
  C:\Windows\System\KrlhDRp.exe
  2⤵
  PID:10068
- C:\Windows\System\MffBWnJ.exe
  C:\Windows\System\MffBWnJ.exe
  2⤵
  PID:10072
- C:\Windows\System\MDWOIgp.exe
  C:\Windows\System\MDWOIgp.exe
  2⤵
  PID:10084
- C:\Windows\System\BxUHdcb.exe
  C:\Windows\System\BxUHdcb.exe
  2⤵
  PID:10104
- C:\Windows\System\SPWZHbe.exe
  C:\Windows\System\SPWZHbe.exe
  2⤵
  PID:10124
- C:\Windows\System\hvlPvSh.exe
  C:\Windows\System\hvlPvSh.exe
  2⤵
  PID:10140
- C:\Windows\System\oIDHvdX.exe
  C:\Windows\System\oIDHvdX.exe
  2⤵
  PID:10156
- C:\Windows\System\ogcSGDT.exe
  C:\Windows\System\ogcSGDT.exe
  2⤵
  PID:10176
- C:\Windows\System\CVgSaBy.exe
  C:\Windows\System\CVgSaBy.exe
  2⤵
  PID:10192
- C:\Windows\System\GuCcDzy.exe
  C:\Windows\System\GuCcDzy.exe
  2⤵
  PID:10212
- C:\Windows\System\DWWOMIP.exe
  C:\Windows\System\DWWOMIP.exe
  2⤵
  PID:10228
- C:\Windows\System\jyNkFWU.exe
  C:\Windows\System\jyNkFWU.exe
  2⤵
  PID:9160
- C:\Windows\System\mItaHmC.exe
  C:\Windows\System\mItaHmC.exe
  2⤵
  PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BFdygoj.exe

Filesize
6.0MB

MD5
af305ceeff7eb0246ae3de9b8ebfb2d4

SHA1
9ba62829c39668b5df54eb9b6456dc4ca841fa14

SHA256
70ce6a97391f5ded01872ef4e518a1466676eeddef54fdb5cab1ab04031125d7

SHA512
0323e444ae444236b5b4161177c6fca4587ad40ca70454619ff7d4c5f5515f318985b639ccd7121b75c8a0282d4de503994c7afcff664b59eae9b6f00f819b22

Download Submit
C:\Windows\system\CbxFzpI.exe

Filesize
6.0MB

MD5
a76bffa5132363f50ccfabb8f6f7fe05

SHA1
88bafe5cf52c8ed3064226c94c8fffd9792c1b3d

SHA256
bf29f81f0d39617ca6c1120cc0ded9fe17194ba31ca2d49ab783ff0187cfc79d

SHA512
ef9e5f97ee7d919cc9ca195730cf134f43f5a6641db7e801ee16ea9042ca09b1470faf35ea7a95613af4e63df64ee52301db10a339e1f3e89ac5aebf48eb4862

Download Submit
C:\Windows\system\CsQNvCo.exe

Filesize
6.0MB

MD5
60751af30befbe7e2629a1ee78420e1c

SHA1
19b991090c8b68bcded3bfccabbb7e52c01a90b8

SHA256
5397b61b86d8e44c11b9ecec319d17c557ea858d524fd94642145fd0221bc48a

SHA512
493161c81cbbfc7ee7e8bae05a16943168849e682e8d847e50e75cfd09ffe60787c4469181642d8bc7d435d8ff7122a25693f725dcf0474d8e08d507fb341a34

Download Submit
C:\Windows\system\DVaKqmJ.exe

Filesize
6.0MB

MD5
ed55ae3b8baeadbddb5aa6bb2f24055f

SHA1
fd40e7b17104764585c439b224949ba067b6922b

SHA256
55ed30860fe44f756f754cfcd104b866f2abb502673f79372ae799d899b3426f

SHA512
8aec639cdc9e66e93634fa71403c6e799497e219dc80f3911c83c80479d2ac31af0a86c7a5e9afe643c19a06bedfded7242ea85a57540ce92846e78b89aed083

Download Submit
C:\Windows\system\FMjnAOQ.exe

Filesize
6.0MB

MD5
2db118ff9012afdcfc9332fcc2e62173

SHA1
65c6b0042ea83e750b96ce7b4a79fd6876b5dd56

SHA256
da35158adf02d224c78615efc7970f0d19190d60f6dd9b0012c1348b1ee5b392

SHA512
1f5e78fbc0d519930e92bb592b321ea48ea5f02f1c7025850a2326a586d298869287bd4996ba6f3ef2deae359db50da084ab38f51676053955b07876e02c9d3b

Download Submit
C:\Windows\system\HRSZWse.exe

Filesize
6.0MB

MD5
068223c905fadcd88c882439c998d545

SHA1
8e7f32152b9f9a254a2bde417910b369992dd09b

SHA256
e87ec61e95ea666e5712aaf13b1f3b142396ff4d94efbb2116c4d5d49dc624a5

SHA512
3b19b0412131b83c647abab1785fd1555312ffa2accb5a4b971afcd684e7333751c93563aab032b9c5e3461e3bb2c122d234be057950ffcd6bafe4e4e382b045

Download Submit
C:\Windows\system\Jnbvwxa.exe

Filesize
6.0MB

MD5
aadc5cb43367051e0f591096077eae56

SHA1
fad5a274def40950509842fac57ee4aeb7e569c9

SHA256
ece2689356dbb4cf64f8c94b8c1e578d3f246ec7adbc74a1bc19525d3595627d

SHA512
6d1171f4106eb32375caacf651d78fe955f0da8951199e415c42c3ec1e934df5269decc53b1ec58dce68cf9c49a7b5ddb6f3bb53a9968eb00cf39a9f346edc82

Download Submit
C:\Windows\system\LIfWAqe.exe

Filesize
6.0MB

MD5
d350bbc133f769e904be869ab9c4100a

SHA1
c5195a1399e95f010622f23ab08eaec80302f241

SHA256
ca7e23e2c1c2fc2f38c11fdef7873c3e96f366d35ace63f76795022861277a60

SHA512
504436671f2df48e3e79451ce8a9527ac574e9c84835b3678ff4a77e9d24859a9ae383d73eaa4d16425b193c89c413d06bce318467acd696692e8d54f18dd0e1

Download Submit
C:\Windows\system\LaMOYHx.exe

Filesize
6.0MB

MD5
b0ef8b097b845d59171382b413c0d28e

SHA1
c6b81fab0a3b74c6062681218e2e91ef6ce33837

SHA256
e4a1357d6a91fd2e79f055b9f5290478967923be001588ee15844f7817617e55

SHA512
314a3ca240ca30cc2c4a2d62b24791f994521efbf269ca19bcf70ef8a80f21f0b1d2b1df0f993311c772bb6a723981861e9c75df6d20b984e4573d6dfd43dae6

Download Submit
C:\Windows\system\OkZYQjj.exe

Filesize
6.0MB

MD5
d2bb64147afcc763ca95b38a9648baf1

SHA1
e86685293c35e344517ad73b429fc05ceaa0af46

SHA256
cb603d2e41a9d325673eaa3de2fc2cb0690fc95dad0538c31d8a38aa0ff27b6b

SHA512
8d4a48ab189f390f819a4978acd1d96c75704d49a6484d35a4963415224e9b057615817e36f311e98f69db1438b21dfa6e3c6ea5cfa20042f4cd24741f68b8dc

Download Submit
C:\Windows\system\QjyNtLo.exe

Filesize
6.0MB

MD5
843a86badc600c70d27e102d142679b5

SHA1
2119617ef01853ec661243f73600b95ef6c45879

SHA256
f993567e2fb9a845d8fc0166d2ed375893979a0f088bfbe3d5ff0de6a5c798fb

SHA512
c3d9c51c6cff8aa24763bcbf0e1b2ba6978e0c0d22061cd9b513674f25e67f042a43e0533e68f39acb8541b618bba91dab86132852f72153d08c5685c448666c

Download Submit
C:\Windows\system\TmBZFjQ.exe

Filesize
6.0MB

MD5
f292b21ecc77a1b10375fd95b9472a7f

SHA1
1f2f977d141b1602c16322ea61a094fb458140b1

SHA256
488394298472363460c740ee1fd8debc255dbca87015eed61f2965ced942aadd

SHA512
14d0ac7900a34a24565133fd21c0472d82685b2303caeaa4797b98f63ad0250425cbc35ad8c00f25eb7f0b56983ea44e135c2272dfaa3127cb179af217e00d5f

Download Submit
C:\Windows\system\WPEEdcX.exe

Filesize
6.0MB

MD5
97e1863fd315710b2859a6477c23befc

SHA1
4acbb5d3d43211511ed8fce2f4453bfaf0ccff6e

SHA256
98867c3ed1c8b3fe90be203070b87b1af508ddfc1e437e0e604a1e9a93ea7eb4

SHA512
9f7610b9f48b26c13a31102cb8b483a47b7c1aa72e66b879ed1874338faf98ffd1e688f7212d519721eb50cf23b19a5804ca96b9f931cb33f4ff27fa3fbc95b6

Download Submit
C:\Windows\system\YLNSSTV.exe

Filesize
6.0MB

MD5
8718024eb63d902036e4202d4eedaa95

SHA1
f2a77293a26d6472c771c1ccdabaf011ed3c1f6a

SHA256
721b594288df7e4399986ca8acf7e5d651b27ce412fca2d9247ff513efc301e0

SHA512
5c50ad88468b2ad899365351fd43e89a0344be38a59d15acf6ad2806d0663d4c81504097d404a0ecaac1a4834ead73eb9db26c36d0b1c23b26e14ce972a4deab

Download Submit
C:\Windows\system\ZcNKICk.exe

Filesize
6.0MB

MD5
05704fd5538ccc2155e159d028eca1ba

SHA1
6fd8c637bbc1bb6c718ee29e47bc8e8fe0a918c8

SHA256
43f8ef8ccea13e4011aec7e6ff79b02f29daa077172713c0c75143c19fbba846

SHA512
44ca3bfc6d6326396190ad55e5ab71e192d4d2259f73a35bc1b9df5e47430b75baf0a50fd889b1f2df83ff926e80facffda79c7d4c74435474a01c68be21bcaa

Download Submit
C:\Windows\system\dJVYCyR.exe

Filesize
6.0MB

MD5
c837c7e82c2c90417f74829f5dd96ba0

SHA1
ab9c8350b003a70a8fabc67de9f611fa4dce6ec5

SHA256
45e06a879ba6e19250a01530ebe9903e236cdf30b7869da2f3142a10c5397b1e

SHA512
003f3e68dd617de9e83f680e56d7da246996c53766cd5c9968d6e73117f9c5f785324989767d65ded599585e6505b7286d0807590ebe045d01e67240fc73b642

Download Submit
C:\Windows\system\eWIFqgb.exe

Filesize
6.0MB

MD5
52ed003c2e1eeee08dff3fa0a94633bd

SHA1
97f99d9dc745dfa79507fd10be84545b6b00642a

SHA256
3db89ce7ac6b906e0a740f4d3541dc3add377a7b0e913d5b2a6515d4294adca3

SHA512
60b3bdb7eea36306b69dac2359ffdc2dc30e7950d769ba2936b761bc7b3f3bc0025d1b9771af9968b227fd8537f0283f925c13ab94ea80d7097199ae4652ad25

Download Submit
C:\Windows\system\fApOKPS.exe

Filesize
6.0MB

MD5
80c303623042defebbb3749333097ee5

SHA1
eff478f6f8418c9013158519bd3b4b0756bc90eb

SHA256
1240f63284e892c0ca4027496b6a60de59c6cda74f5fa5c5f34f54c0e557c8f5

SHA512
0d638e3613af94406194b5bf39036c4f699f3742e780dab89234d2b1d5e962c04aa711d02d9a7cb2a8ed2744ed2f41c3d2bce5dab75d47d5aa1d3fa45678210e

Download Submit
C:\Windows\system\iViYPIp.exe

Filesize
6.0MB

MD5
a9303927f34333d784719bc03e5d9439

SHA1
b01e0166a766b253804cb6446ef9f8226aa0b248

SHA256
75e6673a0ab9150e6c3ce4addba09badb8c7ba80331a06ddf15c6d461cbd8b92

SHA512
fe6ae4cfe32f0fa2e24aa9df6c10285082098dbc0993fd0d27ca9f4a91abebcf2e94232a42685fefc83c65d498a3c6049a143bdeaa9c806b835af65ff76c9963

Download Submit
C:\Windows\system\mTCXoeB.exe

Filesize
6.0MB

MD5
f900d921acf8f7685eb4d54b07b12b84

SHA1
be56ca3986d3a148af541f4da849df3d009bde9b

SHA256
edbb3f3765996a04931854f907a46077d1025bc52e15cbc90c319a78e1e8f388

SHA512
c781e2ee6e9660b1eb39ce7669992377ae6ea61ae7e07eb6a300b010d11c37629e945b481b18a8d56d99c3eda289a8061175b403371c7805e972c71c5555f45a

Download Submit
C:\Windows\system\qqpWKko.exe

Filesize
6.0MB

MD5
09c5b9facc5ffecd66c075e34fd3bf55

SHA1
08c28c40a739cba2be43bfa662dc9f5d83be7f39

SHA256
86854751bfcf95b8bcb75bb74d97320ca07d058c0d77f713a6a6a51851f8c2e2

SHA512
c2f1e9e70ea0bab87c5d4cfc7b714cd038c08f69cc783eeebbe1375c640194ba1b2eed4d6a4b5774dcf470bc319b2b8bc41371b66e4f9aebe0746edb3c745fa0

Download Submit
C:\Windows\system\tMuOdtE.exe

Filesize
6.0MB

MD5
0e020b93cc57987a84831bc9aa4fbb15

SHA1
d59203c4e92f8b559769961c8e6fbcd0380d5bd0

SHA256
4014ad3c12b56306faa467ce6e84b714e005758d9e94aacff5e1ebaf9c432ca4

SHA512
3c9c09498f322cfa9413027c1ef4b7b0bc72d4e5fd11e397a395a11670eb535e6728c5cbe36bb0f2a5c18c8063eb13fa14d4a9ee0c90abee1169ac543dedc5ca

Download Submit
C:\Windows\system\tdxjMlz.exe

Filesize
6.0MB

MD5
9561cc9b0f7ba2a787f09ec002a378d8

SHA1
d8faebbe2aac67fd7425930bd6c7e19e815f1c82

SHA256
dc9e16af06b021649f0f86fe1decf41fbefe707accd8c0dc798f493ae0026368

SHA512
9c294b845a516fa6239791933d3d5b4375aa22a7b45e5851669a556734d3da3b7bbc79d8aebcda5ad86848a9624bc3c8765f3ad848e8946bfb4eb3b8684e5e48

Download Submit
C:\Windows\system\wuUzvsX.exe

Filesize
6.0MB

MD5
85f3c9f08cb2815b9d2e62b3cf59b682

SHA1
8ce105fa50ba24efed411d6dd6623dda2da3913c

SHA256
3d3d009906787235b96c94b6ef7f67961f3a36534530ce58644cda5250b783e5

SHA512
576180719e0d26237a8eb7b4e72e386d5df29697afac413eeb5efd4c0ff3b44d0ac9b6f358fb9245cc72a8f75dd4638ebf7f9d7e200202a0a0b12acf44dfc51e

Download Submit
C:\Windows\system\xnwlFHX.exe

Filesize
6.0MB

MD5
21c62b12f3ee3f0a1e34c0a3296bdcd3

SHA1
9a7be75a3ef84ce1ecca0589e5bf1c9fcf084258

SHA256
10c34bbe8ea50a877cb3df151483555ce9b5ebae006c17373ced0385ff52d181

SHA512
3a9416323814fbceefc1a5c837940447304262f0a196bf6976115e9d383ca5be248a73fe516b8cb2a68a06605fbe9e1e7595227b8565d77b2f30641312ecb2d9

Download Submit
C:\Windows\system\yfdIEHH.exe

Filesize
6.0MB

MD5
a266a5278946a2337c0beaa50fba5331

SHA1
c602bf0be764a7bb9463e101a9fc58d5d576e2c6

SHA256
48ad200ce181a7fe7ed58e62c36cc47196ba7efc66ea3fa622f2aa8f28e72dbf

SHA512
418715845e35e2c5dbebae7580ee66cfda56b02e5aa6d207e3e82a037c30671b01fd90ed9579539bee241f58b55066f06847f6ca1a3b133e15312ef0108a3273

Download Submit
C:\Windows\system\zpSPmps.exe

Filesize
6.0MB

MD5
37bb3891545c6016e753e6fd526565cc

SHA1
88bc27412f61499d24547e5a4368505eb7cafe92

SHA256
753c6509a4b5fe6f974b8b5a66721e83832907a849a3804a8526c77b7cd471fd

SHA512
0f480b257d689a3d5f6021282059a844f9ff291eeff53e94919d52a87ac61481bff048049559dd08c7ee796d03ccc01d6c2b8286b22f88ba6abbad8aa64f46ad

Download Submit
\Windows\system\JgZSSfC.exe

Filesize
6.0MB

MD5
eb2ceb281bd05f9882d323f91c32db6e

SHA1
c86ffdd51a2ac684e435e51a6949d644e7776469

SHA256
a1c198357d865de99a27d14f1a057f620fe56c39d7212f8cd316edaa5067e139

SHA512
3ed09dfe05feb6623fbc75be821e5311152f2da15b8753a27a5586dd26c8a9c3ba6d2f34b11407934af757f8e757636ae75addae29472f1d6faefd4b5ef074d7

Download Submit
\Windows\system\VUpuPlZ.exe

Filesize
6.0MB

MD5
c0ca6dfd892e99e9328733cb9fa27781

SHA1
288153ec6c1ac2d2ba2b83534f537aab92fc9a92

SHA256
23ba2adeeffd2ea5faa2f388ae58d6e2a4115dc64067d34417972f3ed50e5215

SHA512
1212ee80bf22b23b41e8474ef2a8cfc99682f8d729e876b9310860d777f15df882a7abcfef102b4c4035738c338b5ff56028a3b69531068c3213e9b3e4989266

Download Submit
\Windows\system\jobIjgW.exe

Filesize
6.0MB

MD5
bb3ac72dacaf3d2d08b82c07568b99df

SHA1
5a8a90eb59c7577151fb50c1e730c62f7741d6a9

SHA256
007c3b02dcc2656113603f0bb381fca87ace1d3c15b07d8b1a58db0ed0c2ede9

SHA512
44f2c0bf5d1882dac62e2a5685508ef67a165378c7be28f5e24c370dedf7577b175d12c190ca6c6207064c09fd269c9c21696b7ef0ef3403b311b09ead3509ca

Download Submit
\Windows\system\juueAcC.exe

Filesize
6.0MB

MD5
dbce45363939928f1491c9cd57a4d159

SHA1
98e4d9ebc34b4ed4dadd73f3548c16e50d552fd8

SHA256
980364e56de30714baf4c2d7c306c9ecb46f54bbac153f9bf4e9aece6d9482dc

SHA512
65ed3b8f6fc6a4fed75d0f1bfcafc21dfe48acb97397e1de16f77b0b39ef2d35b8110ae3c3cdd742e886d7005a5d32b750ae98f8095f950475d76802cc3ff6e8

Download Submit
\Windows\system\mYFWzLA.exe

Filesize
6.0MB

MD5
3e1c40432dec17d4b1d1cf86f33c8c89

SHA1
ec3940a429fb596ac99bc2e3c5354d110c6f4a39

SHA256
4ffe41db1eda8639eff5439786cfe1bb4d221edf33053fa3368951ac3989258c

SHA512
b2d2525b1778a69e08c3ef0c3ee093e653f88da80e2e0a082cc61336f7b7bd078e5c740aedcec73e4832ea21bbca57636debd111644a93d6c159da3df4238842

Download Submit
memory/1036-94-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1036-1121-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1500-1125-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1500-103-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1976-152-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-79-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1114-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-108-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2224-58-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1112-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2348-294-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2348-41-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-98-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2348-99-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2348-102-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2348-0-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2348-21-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2348-28-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2348-78-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-93-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2348-110-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2348-14-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2348-65-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2348-36-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2348-56-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2348-55-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2348-22-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2348-53-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2364-1113-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2364-95-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2584-73-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-1149-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-18-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1111-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2636-23-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-1122-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1119-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-42-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-80-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-66-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1116-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2884-1120-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2884-37-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1115-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2932-20-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2980-29-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1117-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2980-67-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/3024-54-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3024-1118-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download