cobaltstrike | 62004717b807cfd3abf5782d382efc52a461da5835b1fc4ad954241f181ce974

Analysis

max time kernel
150s
max time network
21s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3bea270b2cf3bf57f17f396bdcf88b97
SHA1

43f42ccff3eab99f74eb2fa648a47d372afa5144
SHA256

62004717b807cfd3abf5782d382efc52a461da5835b1fc4ad954241f181ce974
SHA512

34347c77b4569b7606ff9d773a74ee215752fc5d2e5102ccd5219ace5f9311fe7d97b1d8ead52bd067b99d9a795d350685141887dcb250248b29194fa1680803
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\DXSpOON.exe	cobalt_reflective_dll
\Windows\system\VTsyIbO.exe	cobalt_reflective_dll
C:\Windows\system\CEJNdmW.exe	cobalt_reflective_dll
\Windows\system\OuuBaTp.exe	cobalt_reflective_dll
\Windows\system\LKuVNiP.exe	cobalt_reflective_dll
\Windows\system\nsqXeWs.exe	cobalt_reflective_dll
\Windows\system\lfqcMjy.exe	cobalt_reflective_dll
C:\Windows\system\dnAauhR.exe	cobalt_reflective_dll
\Windows\system\CxZsYFx.exe	cobalt_reflective_dll
\Windows\system\aMKXYYE.exe	cobalt_reflective_dll
C:\Windows\system\YTtLFCk.exe	cobalt_reflective_dll
C:\Windows\system\iWLTWzt.exe	cobalt_reflective_dll
\Windows\system\ufbcBfW.exe	cobalt_reflective_dll
\Windows\system\lsFjRZv.exe	cobalt_reflective_dll
C:\Windows\system\XUHgbXo.exe	cobalt_reflective_dll
\Windows\system\KraFIxv.exe	cobalt_reflective_dll
C:\Windows\system\kroTVNp.exe	cobalt_reflective_dll
C:\Windows\system\CRpDgEe.exe	cobalt_reflective_dll
C:\Windows\system\YthazAN.exe	cobalt_reflective_dll
C:\Windows\system\FPfupbz.exe	cobalt_reflective_dll
C:\Windows\system\YEHRccs.exe	cobalt_reflective_dll
C:\Windows\system\qizmHeH.exe	cobalt_reflective_dll
C:\Windows\system\mQkcOec.exe	cobalt_reflective_dll
C:\Windows\system\LdosxED.exe	cobalt_reflective_dll
C:\Windows\system\WceKZgD.exe	cobalt_reflective_dll
C:\Windows\system\oawtaCO.exe	cobalt_reflective_dll
C:\Windows\system\PLlUisd.exe	cobalt_reflective_dll
C:\Windows\system\WRNXFMg.exe	cobalt_reflective_dll
C:\Windows\system\VwYMhPy.exe	cobalt_reflective_dll
C:\Windows\system\pyJaRpT.exe	cobalt_reflective_dll
C:\Windows\system\wrwBrEW.exe	cobalt_reflective_dll
C:\Windows\system\CPOLcrd.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2320-0-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
\Windows\system\DXSpOON.exe	xmrig
\Windows\system\VTsyIbO.exe	xmrig
behavioral1/memory/2260-22-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/3032-19-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
C:\Windows\system\CEJNdmW.exe	xmrig
behavioral1/memory/2320-17-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2752-15-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
\Windows\system\OuuBaTp.exe	xmrig
behavioral1/memory/2320-25-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2812-29-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
\Windows\system\LKuVNiP.exe	xmrig
behavioral1/memory/3012-44-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/3044-36-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2320-50-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2752-46-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
\Windows\system\nsqXeWs.exe	xmrig
\Windows\system\lfqcMjy.exe	xmrig
C:\Windows\system\dnAauhR.exe	xmrig
behavioral1/memory/2320-38-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
\Windows\system\CxZsYFx.exe	xmrig
behavioral1/memory/3032-59-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2320-55-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2260-64-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2656-69-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2812-70-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2320-67-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2724-66-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2320-62-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2824-60-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
\Windows\system\aMKXYYE.exe	xmrig
behavioral1/memory/3044-76-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
C:\Windows\system\YTtLFCk.exe	xmrig
C:\Windows\system\iWLTWzt.exe	xmrig
behavioral1/memory/2320-86-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/908-89-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2872-92-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/1656-90-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
\Windows\system\ufbcBfW.exe	xmrig
\Windows\system\lsFjRZv.exe	xmrig
C:\Windows\system\XUHgbXo.exe	xmrig
\Windows\system\KraFIxv.exe	xmrig
C:\Windows\system\kroTVNp.exe	xmrig
C:\Windows\system\CRpDgEe.exe	xmrig
C:\Windows\system\YthazAN.exe	xmrig
C:\Windows\system\FPfupbz.exe	xmrig
C:\Windows\system\YEHRccs.exe	xmrig
C:\Windows\system\qizmHeH.exe	xmrig
C:\Windows\system\mQkcOec.exe	xmrig
C:\Windows\system\LdosxED.exe	xmrig
C:\Windows\system\WceKZgD.exe	xmrig
C:\Windows\system\oawtaCO.exe	xmrig
C:\Windows\system\PLlUisd.exe	xmrig
C:\Windows\system\WRNXFMg.exe	xmrig
C:\Windows\system\VwYMhPy.exe	xmrig
C:\Windows\system\pyJaRpT.exe	xmrig
C:\Windows\system\wrwBrEW.exe	xmrig
C:\Windows\system\CPOLcrd.exe	xmrig
behavioral1/memory/2320-104-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2104-100-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2320-99-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/3012-94-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2752-3206-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/3032-3207-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

VTsyIbO.exeCEJNdmW.exeDXSpOON.exeOuuBaTp.exednAauhR.exeLKuVNiP.exensqXeWs.exeCxZsYFx.exelfqcMjy.exeaMKXYYE.exeYTtLFCk.exeiWLTWzt.exeufbcBfW.exelsFjRZv.exeXUHgbXo.exeKraFIxv.exeCPOLcrd.exewrwBrEW.exepyJaRpT.exekroTVNp.exeCRpDgEe.exeVwYMhPy.exePLlUisd.exeWRNXFMg.exeoawtaCO.exeYthazAN.exeWceKZgD.exeLdosxED.exemQkcOec.exeqizmHeH.exeFPfupbz.exeYEHRccs.exeXhXWydE.exesUpZjKx.exextEmRYS.exeaSatujG.execsmOyoW.exeQjqQbdV.exeEHYibBu.exeFVbAuME.exetXfDpSc.exedflJFkJ.exezykLELW.exeLSOVbVn.exeWbiidgC.exeOJVDDNN.exeKBGHThd.exeJkKFrps.exemmkXfMv.exeSnRmKvF.exeOMpCSEt.exeCpRfItw.exeYZMtqGC.exeyWYLYRF.exeOMqmIOi.exeDxmOoxe.exeTQHVtkS.exeVRgVcPm.exeQrObJUT.exeQMMpBur.exeQTvJbrs.exepmyChGg.exeRXvviIF.exeFeYJKZy.exe

pid	process
2752	VTsyIbO.exe
3032	CEJNdmW.exe
2260	DXSpOON.exe
2812	OuuBaTp.exe
3044	dnAauhR.exe
3012	LKuVNiP.exe
2824	nsqXeWs.exe
2724	CxZsYFx.exe
2656	lfqcMjy.exe
1656	aMKXYYE.exe
2872	YTtLFCk.exe
908	iWLTWzt.exe
2104	ufbcBfW.exe
1256	lsFjRZv.exe
2920	XUHgbXo.exe
2176	KraFIxv.exe
2748	CPOLcrd.exe
1312	wrwBrEW.exe
276	pyJaRpT.exe
2504	kroTVNp.exe
2464	CRpDgEe.exe
2144	VwYMhPy.exe
624	PLlUisd.exe
1748	WRNXFMg.exe
2112	oawtaCO.exe
2248	YthazAN.exe
1600	WceKZgD.exe
2480	LdosxED.exe
2208	mQkcOec.exe
2460	qizmHeH.exe
1616	FPfupbz.exe
2636	YEHRccs.exe
760	XhXWydE.exe
3040	sUpZjKx.exe
2312	xtEmRYS.exe
2744	aSatujG.exe
2448	csmOyoW.exe
1520	QjqQbdV.exe
1652	EHYibBu.exe
880	FVbAuME.exe
1036	tXfDpSc.exe
1224	dflJFkJ.exe
2152	zykLELW.exe
1988	LSOVbVn.exe
2432	WbiidgC.exe
620	OJVDDNN.exe
2612	KBGHThd.exe
1980	JkKFrps.exe
2624	mmkXfMv.exe
1040	SnRmKvF.exe
1512	OMpCSEt.exe
480	CpRfItw.exe
1704	YZMtqGC.exe
1576	yWYLYRF.exe
1684	OMqmIOi.exe
3036	DxmOoxe.exe
2852	TQHVtkS.exe
944	VRgVcPm.exe
2884	QrObJUT.exe
2856	QMMpBur.exe
2608	QTvJbrs.exe
2664	pmyChGg.exe
2868	RXvviIF.exe
2764	FeYJKZy.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2320-0-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
\Windows\system\DXSpOON.exe	upx
\Windows\system\VTsyIbO.exe	upx
behavioral1/memory/2260-22-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/3032-19-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
C:\Windows\system\CEJNdmW.exe	upx
behavioral1/memory/2752-15-0x000000013F030000-0x000000013F384000-memory.dmp	upx
\Windows\system\OuuBaTp.exe	upx
behavioral1/memory/2812-29-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
\Windows\system\LKuVNiP.exe	upx
behavioral1/memory/3012-44-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/3044-36-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2752-46-0x000000013F030000-0x000000013F384000-memory.dmp	upx
\Windows\system\nsqXeWs.exe	upx
\Windows\system\lfqcMjy.exe	upx
C:\Windows\system\dnAauhR.exe	upx
behavioral1/memory/2320-38-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
\Windows\system\CxZsYFx.exe	upx
behavioral1/memory/3032-59-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2260-64-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2656-69-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2812-70-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2320-67-0x00000000023D0000-0x0000000002724000-memory.dmp	upx
behavioral1/memory/2724-66-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2824-60-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
\Windows\system\aMKXYYE.exe	upx
behavioral1/memory/3044-76-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
C:\Windows\system\YTtLFCk.exe	upx
C:\Windows\system\iWLTWzt.exe	upx
behavioral1/memory/2320-86-0x00000000023D0000-0x0000000002724000-memory.dmp	upx
behavioral1/memory/908-89-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2872-92-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/1656-90-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
\Windows\system\ufbcBfW.exe	upx
\Windows\system\lsFjRZv.exe	upx
C:\Windows\system\XUHgbXo.exe	upx
\Windows\system\KraFIxv.exe	upx
C:\Windows\system\kroTVNp.exe	upx
C:\Windows\system\CRpDgEe.exe	upx
C:\Windows\system\YthazAN.exe	upx
C:\Windows\system\FPfupbz.exe	upx
C:\Windows\system\YEHRccs.exe	upx
C:\Windows\system\qizmHeH.exe	upx
C:\Windows\system\mQkcOec.exe	upx
C:\Windows\system\LdosxED.exe	upx
C:\Windows\system\WceKZgD.exe	upx
C:\Windows\system\oawtaCO.exe	upx
C:\Windows\system\PLlUisd.exe	upx
C:\Windows\system\WRNXFMg.exe	upx
C:\Windows\system\VwYMhPy.exe	upx
C:\Windows\system\pyJaRpT.exe	upx
C:\Windows\system\wrwBrEW.exe	upx
C:\Windows\system\CPOLcrd.exe	upx
behavioral1/memory/2104-100-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/3012-94-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2752-3206-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/3032-3207-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2260-3278-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2812-3296-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/3012-3307-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/3044-3308-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2656-3557-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2824-3548-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2724-3589-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\fgznQaV.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSpaVAJ.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKRtOEF.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWgMdwr.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LssFJiR.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhyPpzu.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRYXzMz.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzXjvqz.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EplKXyf.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idHKIKV.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPmfKah.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwyzuRB.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYolAUH.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGTtkXT.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPOnYzP.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZPdvoV.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcduwFT.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdKMkVf.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggtrXEv.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\spvciZO.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OZjfadm.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQdKlBT.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiLPSDM.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwZgyTI.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohUhVzZ.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWODVuC.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JhPTSwt.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuCDkQh.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbIVWIl.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGWDdcQ.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZIDIMd.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFctUJH.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRQUFUp.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzzwHft.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GANTIcv.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvKjWha.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHCZuLn.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRPCalE.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMmPlgi.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISRxuIv.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qozkOMT.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLcpIOg.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeujiTW.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBxsSER.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjSQvGW.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxBPTpT.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXfaaAs.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lvrzppV.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKSMQeT.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ValknNu.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMzsfOB.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXAZjZd.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWtvZzh.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRpXYwt.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YCbjICO.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBGokip.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTEWCcw.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoWJfhi.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFMbwXL.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cIvIBWW.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPizwyp.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbVWfjY.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiHtZNp.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbBhScU.exe	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2320 wrote to memory of 3032	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	CEJNdmW.exe
PID 2320 wrote to memory of 3032	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	CEJNdmW.exe
PID 2320 wrote to memory of 3032	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	CEJNdmW.exe
PID 2320 wrote to memory of 2752	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	VTsyIbO.exe
PID 2320 wrote to memory of 2752	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	VTsyIbO.exe
PID 2320 wrote to memory of 2752	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	VTsyIbO.exe
PID 2320 wrote to memory of 2260	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	DXSpOON.exe
PID 2320 wrote to memory of 2260	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	DXSpOON.exe
PID 2320 wrote to memory of 2260	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	DXSpOON.exe
PID 2320 wrote to memory of 2812	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	OuuBaTp.exe
PID 2320 wrote to memory of 2812	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	OuuBaTp.exe
PID 2320 wrote to memory of 2812	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	OuuBaTp.exe
PID 2320 wrote to memory of 3044	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	dnAauhR.exe
PID 2320 wrote to memory of 3044	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	dnAauhR.exe
PID 2320 wrote to memory of 3044	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	dnAauhR.exe
PID 2320 wrote to memory of 3012	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	LKuVNiP.exe
PID 2320 wrote to memory of 3012	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	LKuVNiP.exe
PID 2320 wrote to memory of 3012	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	LKuVNiP.exe
PID 2320 wrote to memory of 2824	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	nsqXeWs.exe
PID 2320 wrote to memory of 2824	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	nsqXeWs.exe
PID 2320 wrote to memory of 2824	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	nsqXeWs.exe
PID 2320 wrote to memory of 2656	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	lfqcMjy.exe
PID 2320 wrote to memory of 2656	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	lfqcMjy.exe
PID 2320 wrote to memory of 2656	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	lfqcMjy.exe
PID 2320 wrote to memory of 2724	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	CxZsYFx.exe
PID 2320 wrote to memory of 2724	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	CxZsYFx.exe
PID 2320 wrote to memory of 2724	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	CxZsYFx.exe
PID 2320 wrote to memory of 1656	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	aMKXYYE.exe
PID 2320 wrote to memory of 1656	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	aMKXYYE.exe
PID 2320 wrote to memory of 1656	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	aMKXYYE.exe
PID 2320 wrote to memory of 2872	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	YTtLFCk.exe
PID 2320 wrote to memory of 2872	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	YTtLFCk.exe
PID 2320 wrote to memory of 2872	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	YTtLFCk.exe
PID 2320 wrote to memory of 908	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	iWLTWzt.exe
PID 2320 wrote to memory of 908	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	iWLTWzt.exe
PID 2320 wrote to memory of 908	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	iWLTWzt.exe
PID 2320 wrote to memory of 2104	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	ufbcBfW.exe
PID 2320 wrote to memory of 2104	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	ufbcBfW.exe
PID 2320 wrote to memory of 2104	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	ufbcBfW.exe
PID 2320 wrote to memory of 1256	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	lsFjRZv.exe
PID 2320 wrote to memory of 1256	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	lsFjRZv.exe
PID 2320 wrote to memory of 1256	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	lsFjRZv.exe
PID 2320 wrote to memory of 2176	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	KraFIxv.exe
PID 2320 wrote to memory of 2176	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	KraFIxv.exe
PID 2320 wrote to memory of 2176	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	KraFIxv.exe
PID 2320 wrote to memory of 2920	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	XUHgbXo.exe
PID 2320 wrote to memory of 2920	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	XUHgbXo.exe
PID 2320 wrote to memory of 2920	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	XUHgbXo.exe
PID 2320 wrote to memory of 2748	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	CPOLcrd.exe
PID 2320 wrote to memory of 2748	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	CPOLcrd.exe
PID 2320 wrote to memory of 2748	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	CPOLcrd.exe
PID 2320 wrote to memory of 1312	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	wrwBrEW.exe
PID 2320 wrote to memory of 1312	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	wrwBrEW.exe
PID 2320 wrote to memory of 1312	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	wrwBrEW.exe
PID 2320 wrote to memory of 276	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	pyJaRpT.exe
PID 2320 wrote to memory of 276	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	pyJaRpT.exe
PID 2320 wrote to memory of 276	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	pyJaRpT.exe
PID 2320 wrote to memory of 2504	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	kroTVNp.exe
PID 2320 wrote to memory of 2504	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	kroTVNp.exe
PID 2320 wrote to memory of 2504	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	kroTVNp.exe
PID 2320 wrote to memory of 2464	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	CRpDgEe.exe
PID 2320 wrote to memory of 2464	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	CRpDgEe.exe
PID 2320 wrote to memory of 2464	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	CRpDgEe.exe
PID 2320 wrote to memory of 2144	2320	2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe	VwYMhPy.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_3bea270b2cf3bf57f17f396bdcf88b97_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\System\CEJNdmW.exe
  C:\Windows\System\CEJNdmW.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\VTsyIbO.exe
  C:\Windows\System\VTsyIbO.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\DXSpOON.exe
  C:\Windows\System\DXSpOON.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\OuuBaTp.exe
  C:\Windows\System\OuuBaTp.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\dnAauhR.exe
  C:\Windows\System\dnAauhR.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\LKuVNiP.exe
  C:\Windows\System\LKuVNiP.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\nsqXeWs.exe
  C:\Windows\System\nsqXeWs.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\lfqcMjy.exe
  C:\Windows\System\lfqcMjy.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\CxZsYFx.exe
  C:\Windows\System\CxZsYFx.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\aMKXYYE.exe
  C:\Windows\System\aMKXYYE.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\YTtLFCk.exe
  C:\Windows\System\YTtLFCk.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\iWLTWzt.exe
  C:\Windows\System\iWLTWzt.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\ufbcBfW.exe
  C:\Windows\System\ufbcBfW.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\lsFjRZv.exe
  C:\Windows\System\lsFjRZv.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\KraFIxv.exe
  C:\Windows\System\KraFIxv.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\XUHgbXo.exe
  C:\Windows\System\XUHgbXo.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\CPOLcrd.exe
  C:\Windows\System\CPOLcrd.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\wrwBrEW.exe
  C:\Windows\System\wrwBrEW.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\pyJaRpT.exe
  C:\Windows\System\pyJaRpT.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\kroTVNp.exe
  C:\Windows\System\kroTVNp.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\CRpDgEe.exe
  C:\Windows\System\CRpDgEe.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\VwYMhPy.exe
  C:\Windows\System\VwYMhPy.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\PLlUisd.exe
  C:\Windows\System\PLlUisd.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\WRNXFMg.exe
  C:\Windows\System\WRNXFMg.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\oawtaCO.exe
  C:\Windows\System\oawtaCO.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\YthazAN.exe
  C:\Windows\System\YthazAN.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\WceKZgD.exe
  C:\Windows\System\WceKZgD.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\LdosxED.exe
  C:\Windows\System\LdosxED.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\mQkcOec.exe
  C:\Windows\System\mQkcOec.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\qizmHeH.exe
  C:\Windows\System\qizmHeH.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\FPfupbz.exe
  C:\Windows\System\FPfupbz.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\YEHRccs.exe
  C:\Windows\System\YEHRccs.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\XhXWydE.exe
  C:\Windows\System\XhXWydE.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\sUpZjKx.exe
  C:\Windows\System\sUpZjKx.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\xtEmRYS.exe
  C:\Windows\System\xtEmRYS.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\aSatujG.exe
  C:\Windows\System\aSatujG.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\csmOyoW.exe
  C:\Windows\System\csmOyoW.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\QjqQbdV.exe
  C:\Windows\System\QjqQbdV.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\EHYibBu.exe
  C:\Windows\System\EHYibBu.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\FVbAuME.exe
  C:\Windows\System\FVbAuME.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\tXfDpSc.exe
  C:\Windows\System\tXfDpSc.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\dflJFkJ.exe
  C:\Windows\System\dflJFkJ.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\zykLELW.exe
  C:\Windows\System\zykLELW.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\LSOVbVn.exe
  C:\Windows\System\LSOVbVn.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\WbiidgC.exe
  C:\Windows\System\WbiidgC.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\OJVDDNN.exe
  C:\Windows\System\OJVDDNN.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\KBGHThd.exe
  C:\Windows\System\KBGHThd.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\JkKFrps.exe
  C:\Windows\System\JkKFrps.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\mmkXfMv.exe
  C:\Windows\System\mmkXfMv.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\SnRmKvF.exe
  C:\Windows\System\SnRmKvF.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\OMpCSEt.exe
  C:\Windows\System\OMpCSEt.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\CpRfItw.exe
  C:\Windows\System\CpRfItw.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\YZMtqGC.exe
  C:\Windows\System\YZMtqGC.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\yWYLYRF.exe
  C:\Windows\System\yWYLYRF.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\OMqmIOi.exe
  C:\Windows\System\OMqmIOi.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\DxmOoxe.exe
  C:\Windows\System\DxmOoxe.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\TQHVtkS.exe
  C:\Windows\System\TQHVtkS.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\VRgVcPm.exe
  C:\Windows\System\VRgVcPm.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\QrObJUT.exe
  C:\Windows\System\QrObJUT.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\QMMpBur.exe
  C:\Windows\System\QMMpBur.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\QTvJbrs.exe
  C:\Windows\System\QTvJbrs.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\pmyChGg.exe
  C:\Windows\System\pmyChGg.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\RXvviIF.exe
  C:\Windows\System\RXvviIF.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\FeYJKZy.exe
  C:\Windows\System\FeYJKZy.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\fyPKUpU.exe
  C:\Windows\System\fyPKUpU.exe
  2⤵
  PID:2948
- C:\Windows\System\EYwhvuS.exe
  C:\Windows\System\EYwhvuS.exe
  2⤵
  PID:2676
- C:\Windows\System\ohUhVzZ.exe
  C:\Windows\System\ohUhVzZ.exe
  2⤵
  PID:2368
- C:\Windows\System\rRjxcCd.exe
  C:\Windows\System\rRjxcCd.exe
  2⤵
  PID:2352
- C:\Windows\System\jeQHiOB.exe
  C:\Windows\System\jeQHiOB.exe
  2⤵
  PID:1468
- C:\Windows\System\lXLXVOq.exe
  C:\Windows\System\lXLXVOq.exe
  2⤵
  PID:2720
- C:\Windows\System\DsfTtdA.exe
  C:\Windows\System\DsfTtdA.exe
  2⤵
  PID:832
- C:\Windows\System\oHEZQke.exe
  C:\Windows\System\oHEZQke.exe
  2⤵
  PID:1304
- C:\Windows\System\pKsinxq.exe
  C:\Windows\System\pKsinxq.exe
  2⤵
  PID:2888
- C:\Windows\System\BSCWsSh.exe
  C:\Windows\System\BSCWsSh.exe
  2⤵
  PID:3008
- C:\Windows\System\eZdZApC.exe
  C:\Windows\System\eZdZApC.exe
  2⤵
  PID:1528
- C:\Windows\System\bsCKNPv.exe
  C:\Windows\System\bsCKNPv.exe
  2⤵
  PID:2100
- C:\Windows\System\byIvnxv.exe
  C:\Windows\System\byIvnxv.exe
  2⤵
  PID:1168
- C:\Windows\System\APAcrlq.exe
  C:\Windows\System\APAcrlq.exe
  2⤵
  PID:2456
- C:\Windows\System\RVdzJsm.exe
  C:\Windows\System\RVdzJsm.exe
  2⤵
  PID:2444
- C:\Windows\System\ZfZGpVs.exe
  C:\Windows\System\ZfZGpVs.exe
  2⤵
  PID:1952
- C:\Windows\System\pViVttF.exe
  C:\Windows\System\pViVttF.exe
  2⤵
  PID:2488
- C:\Windows\System\OrmAIFt.exe
  C:\Windows\System\OrmAIFt.exe
  2⤵
  PID:2344
- C:\Windows\System\FNoaNBQ.exe
  C:\Windows\System\FNoaNBQ.exe
  2⤵
  PID:2424
- C:\Windows\System\RFCOmpK.exe
  C:\Windows\System\RFCOmpK.exe
  2⤵
  PID:1664
- C:\Windows\System\wnLOStV.exe
  C:\Windows\System\wnLOStV.exe
  2⤵
  PID:1432
- C:\Windows\System\tdzHybM.exe
  C:\Windows\System\tdzHybM.exe
  2⤵
  PID:1972
- C:\Windows\System\VdStUzB.exe
  C:\Windows\System\VdStUzB.exe
  2⤵
  PID:2476
- C:\Windows\System\CDpkYrv.exe
  C:\Windows\System\CDpkYrv.exe
  2⤵
  PID:1532
- C:\Windows\System\RNqAvjX.exe
  C:\Windows\System\RNqAvjX.exe
  2⤵
  PID:2600
- C:\Windows\System\COJhOJh.exe
  C:\Windows\System\COJhOJh.exe
  2⤵
  PID:924
- C:\Windows\System\XeFwDhp.exe
  C:\Windows\System\XeFwDhp.exe
  2⤵
  PID:2020
- C:\Windows\System\OZiarYh.exe
  C:\Windows\System\OZiarYh.exe
  2⤵
  PID:1172
- C:\Windows\System\NzLGKmY.exe
  C:\Windows\System\NzLGKmY.exe
  2⤵
  PID:2404
- C:\Windows\System\LTBdIDK.exe
  C:\Windows\System\LTBdIDK.exe
  2⤵
  PID:1484
- C:\Windows\System\uaBcrId.exe
  C:\Windows\System\uaBcrId.exe
  2⤵
  PID:996
- C:\Windows\System\SpzibKi.exe
  C:\Windows\System\SpzibKi.exe
  2⤵
  PID:2568
- C:\Windows\System\EhpvrcB.exe
  C:\Windows\System\EhpvrcB.exe
  2⤵
  PID:2564
- C:\Windows\System\txExcLl.exe
  C:\Windows\System\txExcLl.exe
  2⤵
  PID:1736
- C:\Windows\System\UfWqfOn.exe
  C:\Windows\System\UfWqfOn.exe
  2⤵
  PID:2212
- C:\Windows\System\YEWhdOe.exe
  C:\Windows\System\YEWhdOe.exe
  2⤵
  PID:2876
- C:\Windows\System\lBAxKIt.exe
  C:\Windows\System\lBAxKIt.exe
  2⤵
  PID:2964
- C:\Windows\System\yyRCcKp.exe
  C:\Windows\System\yyRCcKp.exe
  2⤵
  PID:1324
- C:\Windows\System\OYrDKeY.exe
  C:\Windows\System\OYrDKeY.exe
  2⤵
  PID:2936
- C:\Windows\System\FlxjVLB.exe
  C:\Windows\System\FlxjVLB.exe
  2⤵
  PID:3016
- C:\Windows\System\qaztHgH.exe
  C:\Windows\System\qaztHgH.exe
  2⤵
  PID:2780
- C:\Windows\System\rDjiWtM.exe
  C:\Windows\System\rDjiWtM.exe
  2⤵
  PID:2132
- C:\Windows\System\gauMcpv.exe
  C:\Windows\System\gauMcpv.exe
  2⤵
  PID:2708
- C:\Windows\System\qhWahHH.exe
  C:\Windows\System\qhWahHH.exe
  2⤵
  PID:2732
- C:\Windows\System\VHTyaLn.exe
  C:\Windows\System\VHTyaLn.exe
  2⤵
  PID:2928
- C:\Windows\System\PpKNcIh.exe
  C:\Windows\System\PpKNcIh.exe
  2⤵
  PID:2904
- C:\Windows\System\OXYNRvI.exe
  C:\Windows\System\OXYNRvI.exe
  2⤵
  PID:928
- C:\Windows\System\eVuOtyP.exe
  C:\Windows\System\eVuOtyP.exe
  2⤵
  PID:2836
- C:\Windows\System\hzwkNWP.exe
  C:\Windows\System\hzwkNWP.exe
  2⤵
  PID:1540
- C:\Windows\System\IPUldNF.exe
  C:\Windows\System\IPUldNF.exe
  2⤵
  PID:2196
- C:\Windows\System\kaLbwZL.exe
  C:\Windows\System\kaLbwZL.exe
  2⤵
  PID:1692
- C:\Windows\System\HOCunhZ.exe
  C:\Windows\System\HOCunhZ.exe
  2⤵
  PID:2440
- C:\Windows\System\uwUmzOz.exe
  C:\Windows\System\uwUmzOz.exe
  2⤵
  PID:2012
- C:\Windows\System\KZlpTdL.exe
  C:\Windows\System\KZlpTdL.exe
  2⤵
  PID:940
- C:\Windows\System\SDsNNDY.exe
  C:\Windows\System\SDsNNDY.exe
  2⤵
  PID:932
- C:\Windows\System\xgXcFSK.exe
  C:\Windows\System\xgXcFSK.exe
  2⤵
  PID:2032
- C:\Windows\System\SItCJCV.exe
  C:\Windows\System\SItCJCV.exe
  2⤵
  PID:1920
- C:\Windows\System\XBWmpGO.exe
  C:\Windows\System\XBWmpGO.exe
  2⤵
  PID:1816
- C:\Windows\System\ooPhsgI.exe
  C:\Windows\System\ooPhsgI.exe
  2⤵
  PID:892
- C:\Windows\System\tBDkeUe.exe
  C:\Windows\System\tBDkeUe.exe
  2⤵
  PID:336
- C:\Windows\System\dKHQBHd.exe
  C:\Windows\System\dKHQBHd.exe
  2⤵
  PID:1580
- C:\Windows\System\ZEBThRw.exe
  C:\Windows\System\ZEBThRw.exe
  2⤵
  PID:2188
- C:\Windows\System\WVwlZCq.exe
  C:\Windows\System\WVwlZCq.exe
  2⤵
  PID:2832
- C:\Windows\System\vwywZbD.exe
  C:\Windows\System\vwywZbD.exe
  2⤵
  PID:2700
- C:\Windows\System\lRPvmIF.exe
  C:\Windows\System\lRPvmIF.exe
  2⤵
  PID:1624
- C:\Windows\System\HoTiOMH.exe
  C:\Windows\System\HoTiOMH.exe
  2⤵
  PID:1740
- C:\Windows\System\cTxaquL.exe
  C:\Windows\System\cTxaquL.exe
  2⤵
  PID:2532
- C:\Windows\System\RaKIIVN.exe
  C:\Windows\System\RaKIIVN.exe
  2⤵
  PID:1604
- C:\Windows\System\TCYNSFT.exe
  C:\Windows\System\TCYNSFT.exe
  2⤵
  PID:2076
- C:\Windows\System\UhpArPV.exe
  C:\Windows\System\UhpArPV.exe
  2⤵
  PID:2060
- C:\Windows\System\MDSuyYl.exe
  C:\Windows\System\MDSuyYl.exe
  2⤵
  PID:2256
- C:\Windows\System\ZTiECIU.exe
  C:\Windows\System\ZTiECIU.exe
  2⤵
  PID:2276
- C:\Windows\System\keoGJur.exe
  C:\Windows\System\keoGJur.exe
  2⤵
  PID:2016
- C:\Windows\System\jAaqJpu.exe
  C:\Windows\System\jAaqJpu.exe
  2⤵
  PID:2036
- C:\Windows\System\OEQFEeZ.exe
  C:\Windows\System\OEQFEeZ.exe
  2⤵
  PID:544
- C:\Windows\System\sRyBCXU.exe
  C:\Windows\System\sRyBCXU.exe
  2⤵
  PID:1368
- C:\Windows\System\YGczKJW.exe
  C:\Windows\System\YGczKJW.exe
  2⤵
  PID:1592
- C:\Windows\System\cAdQgTM.exe
  C:\Windows\System\cAdQgTM.exe
  2⤵
  PID:2960
- C:\Windows\System\FazQAqF.exe
  C:\Windows\System\FazQAqF.exe
  2⤵
  PID:564
- C:\Windows\System\ZCOObVi.exe
  C:\Windows\System\ZCOObVi.exe
  2⤵
  PID:2332
- C:\Windows\System\PFZyEDl.exe
  C:\Windows\System\PFZyEDl.exe
  2⤵
  PID:2996
- C:\Windows\System\milchoa.exe
  C:\Windows\System\milchoa.exe
  2⤵
  PID:2376
- C:\Windows\System\VcWUKAr.exe
  C:\Windows\System\VcWUKAr.exe
  2⤵
  PID:1108
- C:\Windows\System\GUFfqVr.exe
  C:\Windows\System\GUFfqVr.exe
  2⤵
  PID:2536
- C:\Windows\System\thYSfxV.exe
  C:\Windows\System\thYSfxV.exe
  2⤵
  PID:1292
- C:\Windows\System\loXBGfG.exe
  C:\Windows\System\loXBGfG.exe
  2⤵
  PID:2204
- C:\Windows\System\MJBaEKi.exe
  C:\Windows\System\MJBaEKi.exe
  2⤵
  PID:2064
- C:\Windows\System\JOGWrdI.exe
  C:\Windows\System\JOGWrdI.exe
  2⤵
  PID:2804
- C:\Windows\System\CKxmrDA.exe
  C:\Windows\System\CKxmrDA.exe
  2⤵
  PID:2148
- C:\Windows\System\XUBpbjA.exe
  C:\Windows\System\XUBpbjA.exe
  2⤵
  PID:3080
- C:\Windows\System\edgIWJt.exe
  C:\Windows\System\edgIWJt.exe
  2⤵
  PID:3100
- C:\Windows\System\prievon.exe
  C:\Windows\System\prievon.exe
  2⤵
  PID:3120
- C:\Windows\System\XFClzTG.exe
  C:\Windows\System\XFClzTG.exe
  2⤵
  PID:3140
- C:\Windows\System\FqmjfUM.exe
  C:\Windows\System\FqmjfUM.exe
  2⤵
  PID:3160
- C:\Windows\System\nPMKMWa.exe
  C:\Windows\System\nPMKMWa.exe
  2⤵
  PID:3180
- C:\Windows\System\fxqMPzi.exe
  C:\Windows\System\fxqMPzi.exe
  2⤵
  PID:3196
- C:\Windows\System\mcvqafy.exe
  C:\Windows\System\mcvqafy.exe
  2⤵
  PID:3220
- C:\Windows\System\lqsuxVI.exe
  C:\Windows\System\lqsuxVI.exe
  2⤵
  PID:3236
- C:\Windows\System\cBPjKSB.exe
  C:\Windows\System\cBPjKSB.exe
  2⤵
  PID:3260
- C:\Windows\System\PsMXfKh.exe
  C:\Windows\System\PsMXfKh.exe
  2⤵
  PID:3280
- C:\Windows\System\RbdxPWK.exe
  C:\Windows\System\RbdxPWK.exe
  2⤵
  PID:3300
- C:\Windows\System\ysCejXj.exe
  C:\Windows\System\ysCejXj.exe
  2⤵
  PID:3320
- C:\Windows\System\dkzHrLn.exe
  C:\Windows\System\dkzHrLn.exe
  2⤵
  PID:3344
- C:\Windows\System\wJaWdgv.exe
  C:\Windows\System\wJaWdgv.exe
  2⤵
  PID:3364
- C:\Windows\System\jWzbsbi.exe
  C:\Windows\System\jWzbsbi.exe
  2⤵
  PID:3384
- C:\Windows\System\knMRHAU.exe
  C:\Windows\System\knMRHAU.exe
  2⤵
  PID:3408
- C:\Windows\System\gfyuwBx.exe
  C:\Windows\System\gfyuwBx.exe
  2⤵
  PID:3428
- C:\Windows\System\pfHrWJH.exe
  C:\Windows\System\pfHrWJH.exe
  2⤵
  PID:3448
- C:\Windows\System\zeLyLcv.exe
  C:\Windows\System\zeLyLcv.exe
  2⤵
  PID:3468
- C:\Windows\System\Bkkbswh.exe
  C:\Windows\System\Bkkbswh.exe
  2⤵
  PID:3488
- C:\Windows\System\OecdKGW.exe
  C:\Windows\System\OecdKGW.exe
  2⤵
  PID:3508
- C:\Windows\System\CJtwQlQ.exe
  C:\Windows\System\CJtwQlQ.exe
  2⤵
  PID:3528
- C:\Windows\System\ISRxuIv.exe
  C:\Windows\System\ISRxuIv.exe
  2⤵
  PID:3548
- C:\Windows\System\eqCWltb.exe
  C:\Windows\System\eqCWltb.exe
  2⤵
  PID:3568
- C:\Windows\System\gxtybtH.exe
  C:\Windows\System\gxtybtH.exe
  2⤵
  PID:3588
- C:\Windows\System\EwgjYNl.exe
  C:\Windows\System\EwgjYNl.exe
  2⤵
  PID:3608
- C:\Windows\System\OsPhlxy.exe
  C:\Windows\System\OsPhlxy.exe
  2⤵
  PID:3628
- C:\Windows\System\OwNTQtl.exe
  C:\Windows\System\OwNTQtl.exe
  2⤵
  PID:3648
- C:\Windows\System\PEgoJID.exe
  C:\Windows\System\PEgoJID.exe
  2⤵
  PID:3668
- C:\Windows\System\dXfaaAs.exe
  C:\Windows\System\dXfaaAs.exe
  2⤵
  PID:3684
- C:\Windows\System\JmRiBxs.exe
  C:\Windows\System\JmRiBxs.exe
  2⤵
  PID:3708
- C:\Windows\System\XlMpBAf.exe
  C:\Windows\System\XlMpBAf.exe
  2⤵
  PID:3728
- C:\Windows\System\aZcfjnm.exe
  C:\Windows\System\aZcfjnm.exe
  2⤵
  PID:3748
- C:\Windows\System\mwHqpqW.exe
  C:\Windows\System\mwHqpqW.exe
  2⤵
  PID:3768
- C:\Windows\System\UEijFak.exe
  C:\Windows\System\UEijFak.exe
  2⤵
  PID:3788
- C:\Windows\System\kkrWIwo.exe
  C:\Windows\System\kkrWIwo.exe
  2⤵
  PID:3804
- C:\Windows\System\kBabQEM.exe
  C:\Windows\System\kBabQEM.exe
  2⤵
  PID:3824
- C:\Windows\System\jvXVduK.exe
  C:\Windows\System\jvXVduK.exe
  2⤵
  PID:3848
- C:\Windows\System\XLFGeQJ.exe
  C:\Windows\System\XLFGeQJ.exe
  2⤵
  PID:3868
- C:\Windows\System\PlWYmLm.exe
  C:\Windows\System\PlWYmLm.exe
  2⤵
  PID:3888
- C:\Windows\System\OhWvjLG.exe
  C:\Windows\System\OhWvjLG.exe
  2⤵
  PID:3908
- C:\Windows\System\wdrmWYc.exe
  C:\Windows\System\wdrmWYc.exe
  2⤵
  PID:3928
- C:\Windows\System\uyjkLiO.exe
  C:\Windows\System\uyjkLiO.exe
  2⤵
  PID:3948
- C:\Windows\System\MylUQoo.exe
  C:\Windows\System\MylUQoo.exe
  2⤵
  PID:3972
- C:\Windows\System\pzzwHft.exe
  C:\Windows\System\pzzwHft.exe
  2⤵
  PID:3992
- C:\Windows\System\ZHrsjij.exe
  C:\Windows\System\ZHrsjij.exe
  2⤵
  PID:4012
- C:\Windows\System\rTuKVec.exe
  C:\Windows\System\rTuKVec.exe
  2⤵
  PID:4032
- C:\Windows\System\MuVLDrC.exe
  C:\Windows\System\MuVLDrC.exe
  2⤵
  PID:4052
- C:\Windows\System\uKGRQdy.exe
  C:\Windows\System\uKGRQdy.exe
  2⤵
  PID:4072
- C:\Windows\System\xbgzRvG.exe
  C:\Windows\System\xbgzRvG.exe
  2⤵
  PID:4092
- C:\Windows\System\LJoQxLm.exe
  C:\Windows\System\LJoQxLm.exe
  2⤵
  PID:2728
- C:\Windows\System\TUgHzcm.exe
  C:\Windows\System\TUgHzcm.exe
  2⤵
  PID:2620
- C:\Windows\System\KcFwypz.exe
  C:\Windows\System\KcFwypz.exe
  2⤵
  PID:2548
- C:\Windows\System\MonHKnp.exe
  C:\Windows\System\MonHKnp.exe
  2⤵
  PID:888
- C:\Windows\System\TDNuyhc.exe
  C:\Windows\System\TDNuyhc.exe
  2⤵
  PID:900
- C:\Windows\System\cOfJrRo.exe
  C:\Windows\System\cOfJrRo.exe
  2⤵
  PID:3132
- C:\Windows\System\LfQbHsn.exe
  C:\Windows\System\LfQbHsn.exe
  2⤵
  PID:3172
- C:\Windows\System\siGIIqr.exe
  C:\Windows\System\siGIIqr.exe
  2⤵
  PID:3148
- C:\Windows\System\hipIljK.exe
  C:\Windows\System\hipIljK.exe
  2⤵
  PID:3216
- C:\Windows\System\qxqasrQ.exe
  C:\Windows\System\qxqasrQ.exe
  2⤵
  PID:3244
- C:\Windows\System\EfxyHmC.exe
  C:\Windows\System\EfxyHmC.exe
  2⤵
  PID:3296
- C:\Windows\System\SSuxHED.exe
  C:\Windows\System\SSuxHED.exe
  2⤵
  PID:3272
- C:\Windows\System\MliIWgd.exe
  C:\Windows\System\MliIWgd.exe
  2⤵
  PID:3312
- C:\Windows\System\KCQbgcI.exe
  C:\Windows\System\KCQbgcI.exe
  2⤵
  PID:3352
- C:\Windows\System\YPPNmbf.exe
  C:\Windows\System\YPPNmbf.exe
  2⤵
  PID:3392
- C:\Windows\System\lLTmBgs.exe
  C:\Windows\System\lLTmBgs.exe
  2⤵
  PID:3396
- C:\Windows\System\YkNOtja.exe
  C:\Windows\System\YkNOtja.exe
  2⤵
  PID:3460
- C:\Windows\System\zLkEdxi.exe
  C:\Windows\System\zLkEdxi.exe
  2⤵
  PID:3500
- C:\Windows\System\lCZrQIc.exe
  C:\Windows\System\lCZrQIc.exe
  2⤵
  PID:3544
- C:\Windows\System\zaNHTBA.exe
  C:\Windows\System\zaNHTBA.exe
  2⤵
  PID:3556
- C:\Windows\System\plwdnaq.exe
  C:\Windows\System\plwdnaq.exe
  2⤵
  PID:3616
- C:\Windows\System\jqXUgqr.exe
  C:\Windows\System\jqXUgqr.exe
  2⤵
  PID:3656
- C:\Windows\System\IbkShMV.exe
  C:\Windows\System\IbkShMV.exe
  2⤵
  PID:3340
- C:\Windows\System\OSrJXdZ.exe
  C:\Windows\System\OSrJXdZ.exe
  2⤵
  PID:3676
- C:\Windows\System\XpevcOn.exe
  C:\Windows\System\XpevcOn.exe
  2⤵
  PID:3740
- C:\Windows\System\iXpiRoy.exe
  C:\Windows\System\iXpiRoy.exe
  2⤵
  PID:3784
- C:\Windows\System\pxAzKFt.exe
  C:\Windows\System\pxAzKFt.exe
  2⤵
  PID:3820
- C:\Windows\System\xZUmpzY.exe
  C:\Windows\System\xZUmpzY.exe
  2⤵
  PID:3796
- C:\Windows\System\ptuYfpZ.exe
  C:\Windows\System\ptuYfpZ.exe
  2⤵
  PID:3860
- C:\Windows\System\wTqZFlf.exe
  C:\Windows\System\wTqZFlf.exe
  2⤵
  PID:3884
- C:\Windows\System\HfDuJoh.exe
  C:\Windows\System\HfDuJoh.exe
  2⤵
  PID:3920
- C:\Windows\System\VaySNDC.exe
  C:\Windows\System\VaySNDC.exe
  2⤵
  PID:3960
- C:\Windows\System\rCCgBXw.exe
  C:\Windows\System\rCCgBXw.exe
  2⤵
  PID:4020
- C:\Windows\System\jBnkjbl.exe
  C:\Windows\System\jBnkjbl.exe
  2⤵
  PID:4040
- C:\Windows\System\vgytlYc.exe
  C:\Windows\System\vgytlYc.exe
  2⤵
  PID:4064
- C:\Windows\System\ACIoTai.exe
  C:\Windows\System\ACIoTai.exe
  2⤵
  PID:4088
- C:\Windows\System\UnIphHG.exe
  C:\Windows\System\UnIphHG.exe
  2⤵
  PID:2576
- C:\Windows\System\OiUARHC.exe
  C:\Windows\System\OiUARHC.exe
  2⤵
  PID:820
- C:\Windows\System\TADZzLI.exe
  C:\Windows\System\TADZzLI.exe
  2⤵
  PID:2716
- C:\Windows\System\rpTAvCu.exe
  C:\Windows\System\rpTAvCu.exe
  2⤵
  PID:3076
- C:\Windows\System\NIORwSW.exe
  C:\Windows\System\NIORwSW.exe
  2⤵
  PID:3212
- C:\Windows\System\vECfcZy.exe
  C:\Windows\System\vECfcZy.exe
  2⤵
  PID:3188
- C:\Windows\System\VnZhryU.exe
  C:\Windows\System\VnZhryU.exe
  2⤵
  PID:3192
- C:\Windows\System\wiTKZVA.exe
  C:\Windows\System\wiTKZVA.exe
  2⤵
  PID:3276
- C:\Windows\System\dvXoroz.exe
  C:\Windows\System\dvXoroz.exe
  2⤵
  PID:3372
- C:\Windows\System\xdVNOHK.exe
  C:\Windows\System\xdVNOHK.exe
  2⤵
  PID:3420
- C:\Windows\System\HNcKXYL.exe
  C:\Windows\System\HNcKXYL.exe
  2⤵
  PID:3476
- C:\Windows\System\wBdnrIJ.exe
  C:\Windows\System\wBdnrIJ.exe
  2⤵
  PID:3536
- C:\Windows\System\eXcgoHg.exe
  C:\Windows\System\eXcgoHg.exe
  2⤵
  PID:3560
- C:\Windows\System\ZWatiHg.exe
  C:\Windows\System\ZWatiHg.exe
  2⤵
  PID:3644
- C:\Windows\System\yjyrdlB.exe
  C:\Windows\System\yjyrdlB.exe
  2⤵
  PID:3716
- C:\Windows\System\OaLqWQz.exe
  C:\Windows\System\OaLqWQz.exe
  2⤵
  PID:3764
- C:\Windows\System\aGYJxfR.exe
  C:\Windows\System\aGYJxfR.exe
  2⤵
  PID:3760
- C:\Windows\System\bSFLHtj.exe
  C:\Windows\System\bSFLHtj.exe
  2⤵
  PID:3800
- C:\Windows\System\PDHylyi.exe
  C:\Windows\System\PDHylyi.exe
  2⤵
  PID:3924
- C:\Windows\System\YulQMYL.exe
  C:\Windows\System\YulQMYL.exe
  2⤵
  PID:3984
- C:\Windows\System\YeikRZH.exe
  C:\Windows\System\YeikRZH.exe
  2⤵
  PID:4060
- C:\Windows\System\IEKMjpC.exe
  C:\Windows\System\IEKMjpC.exe
  2⤵
  PID:4028
- C:\Windows\System\LmWBajd.exe
  C:\Windows\System\LmWBajd.exe
  2⤵
  PID:2232
- C:\Windows\System\vPUhGSw.exe
  C:\Windows\System\vPUhGSw.exe
  2⤵
  PID:1588
- C:\Windows\System\wHtYHLl.exe
  C:\Windows\System\wHtYHLl.exe
  2⤵
  PID:2224
- C:\Windows\System\XcUKGYX.exe
  C:\Windows\System\XcUKGYX.exe
  2⤵
  PID:3112
- C:\Windows\System\UtofWiR.exe
  C:\Windows\System\UtofWiR.exe
  2⤵
  PID:3328
- C:\Windows\System\QUHUcoi.exe
  C:\Windows\System\QUHUcoi.exe
  2⤵
  PID:3232
- C:\Windows\System\MJzihQM.exe
  C:\Windows\System\MJzihQM.exe
  2⤵
  PID:3380
- C:\Windows\System\MKYuphj.exe
  C:\Windows\System\MKYuphj.exe
  2⤵
  PID:3028
- C:\Windows\System\bFSIXgt.exe
  C:\Windows\System\bFSIXgt.exe
  2⤵
  PID:3640
- C:\Windows\System\JvrsqnS.exe
  C:\Windows\System\JvrsqnS.exe
  2⤵
  PID:3600
- C:\Windows\System\TgXNvgP.exe
  C:\Windows\System\TgXNvgP.exe
  2⤵
  PID:3744
- C:\Windows\System\aCFjGYg.exe
  C:\Windows\System\aCFjGYg.exe
  2⤵
  PID:3832
- C:\Windows\System\DWZsxLB.exe
  C:\Windows\System\DWZsxLB.exe
  2⤵
  PID:3956
- C:\Windows\System\HFEtRCL.exe
  C:\Windows\System\HFEtRCL.exe
  2⤵
  PID:4080
- C:\Windows\System\bMKecyd.exe
  C:\Windows\System\bMKecyd.exe
  2⤵
  PID:1628
- C:\Windows\System\LYVSdft.exe
  C:\Windows\System\LYVSdft.exe
  2⤵
  PID:3288
- C:\Windows\System\kfjpBFW.exe
  C:\Windows\System\kfjpBFW.exe
  2⤵
  PID:3176
- C:\Windows\System\iRehciI.exe
  C:\Windows\System\iRehciI.exe
  2⤵
  PID:3268
- C:\Windows\System\aqhYPMV.exe
  C:\Windows\System\aqhYPMV.exe
  2⤵
  PID:3604
- C:\Windows\System\UdrJJCR.exe
  C:\Windows\System\UdrJJCR.exe
  2⤵
  PID:3736
- C:\Windows\System\VOJrSma.exe
  C:\Windows\System\VOJrSma.exe
  2⤵
  PID:3916
- C:\Windows\System\dJSdaUo.exe
  C:\Windows\System\dJSdaUo.exe
  2⤵
  PID:4024
- C:\Windows\System\jGLXfJv.exe
  C:\Windows\System\jGLXfJv.exe
  2⤵
  PID:3660
- C:\Windows\System\SLcBeTH.exe
  C:\Windows\System\SLcBeTH.exe
  2⤵
  PID:3204
- C:\Windows\System\zbAvypQ.exe
  C:\Windows\System\zbAvypQ.exe
  2⤵
  PID:4116
- C:\Windows\System\BLHvMuX.exe
  C:\Windows\System\BLHvMuX.exe
  2⤵
  PID:4140
- C:\Windows\System\EvirIGS.exe
  C:\Windows\System\EvirIGS.exe
  2⤵
  PID:4160
- C:\Windows\System\InZUrkJ.exe
  C:\Windows\System\InZUrkJ.exe
  2⤵
  PID:4180
- C:\Windows\System\WxUZJFu.exe
  C:\Windows\System\WxUZJFu.exe
  2⤵
  PID:4200
- C:\Windows\System\eKMaBFE.exe
  C:\Windows\System\eKMaBFE.exe
  2⤵
  PID:4220
- C:\Windows\System\cXOSKMH.exe
  C:\Windows\System\cXOSKMH.exe
  2⤵
  PID:4240
- C:\Windows\System\SlBxaFY.exe
  C:\Windows\System\SlBxaFY.exe
  2⤵
  PID:4260
- C:\Windows\System\tFsytOa.exe
  C:\Windows\System\tFsytOa.exe
  2⤵
  PID:4280
- C:\Windows\System\oZgYicJ.exe
  C:\Windows\System\oZgYicJ.exe
  2⤵
  PID:4300
- C:\Windows\System\wqyZdQD.exe
  C:\Windows\System\wqyZdQD.exe
  2⤵
  PID:4324
- C:\Windows\System\Hnaacsj.exe
  C:\Windows\System\Hnaacsj.exe
  2⤵
  PID:4344
- C:\Windows\System\AcfOusW.exe
  C:\Windows\System\AcfOusW.exe
  2⤵
  PID:4364
- C:\Windows\System\SoaNHlQ.exe
  C:\Windows\System\SoaNHlQ.exe
  2⤵
  PID:4384
- C:\Windows\System\SSuCLwG.exe
  C:\Windows\System\SSuCLwG.exe
  2⤵
  PID:4404
- C:\Windows\System\ezUwFKI.exe
  C:\Windows\System\ezUwFKI.exe
  2⤵
  PID:4424
- C:\Windows\System\RolkvvK.exe
  C:\Windows\System\RolkvvK.exe
  2⤵
  PID:4444
- C:\Windows\System\ZjSUrZm.exe
  C:\Windows\System\ZjSUrZm.exe
  2⤵
  PID:4464
- C:\Windows\System\kClAzFF.exe
  C:\Windows\System\kClAzFF.exe
  2⤵
  PID:4484
- C:\Windows\System\UGeyqvP.exe
  C:\Windows\System\UGeyqvP.exe
  2⤵
  PID:4504
- C:\Windows\System\lXQSPOP.exe
  C:\Windows\System\lXQSPOP.exe
  2⤵
  PID:4524
- C:\Windows\System\VgdbSKN.exe
  C:\Windows\System\VgdbSKN.exe
  2⤵
  PID:4544
- C:\Windows\System\rkcmDFw.exe
  C:\Windows\System\rkcmDFw.exe
  2⤵
  PID:4564
- C:\Windows\System\VeMjeVT.exe
  C:\Windows\System\VeMjeVT.exe
  2⤵
  PID:4580
- C:\Windows\System\TYjRwEK.exe
  C:\Windows\System\TYjRwEK.exe
  2⤵
  PID:4604
- C:\Windows\System\tZKLArt.exe
  C:\Windows\System\tZKLArt.exe
  2⤵
  PID:4620
- C:\Windows\System\KNbSDKh.exe
  C:\Windows\System\KNbSDKh.exe
  2⤵
  PID:4644
- C:\Windows\System\uJWvoxm.exe
  C:\Windows\System\uJWvoxm.exe
  2⤵
  PID:4664
- C:\Windows\System\POwDfnU.exe
  C:\Windows\System\POwDfnU.exe
  2⤵
  PID:4684
- C:\Windows\System\LBpPjTL.exe
  C:\Windows\System\LBpPjTL.exe
  2⤵
  PID:4700
- C:\Windows\System\PyiKVpe.exe
  C:\Windows\System\PyiKVpe.exe
  2⤵
  PID:4720
- C:\Windows\System\uSafCnn.exe
  C:\Windows\System\uSafCnn.exe
  2⤵
  PID:4744
- C:\Windows\System\czgDwTm.exe
  C:\Windows\System\czgDwTm.exe
  2⤵
  PID:4764
- C:\Windows\System\MVoZfXZ.exe
  C:\Windows\System\MVoZfXZ.exe
  2⤵
  PID:4784
- C:\Windows\System\mwpqXbx.exe
  C:\Windows\System\mwpqXbx.exe
  2⤵
  PID:4804
- C:\Windows\System\dbAPIpt.exe
  C:\Windows\System\dbAPIpt.exe
  2⤵
  PID:4820
- C:\Windows\System\ulfizId.exe
  C:\Windows\System\ulfizId.exe
  2⤵
  PID:4844
- C:\Windows\System\AZkgcvC.exe
  C:\Windows\System\AZkgcvC.exe
  2⤵
  PID:4868
- C:\Windows\System\wWUNjGp.exe
  C:\Windows\System\wWUNjGp.exe
  2⤵
  PID:4888
- C:\Windows\System\dFJumCo.exe
  C:\Windows\System\dFJumCo.exe
  2⤵
  PID:4908
- C:\Windows\System\WnWlrfc.exe
  C:\Windows\System\WnWlrfc.exe
  2⤵
  PID:4928
- C:\Windows\System\ITUTltb.exe
  C:\Windows\System\ITUTltb.exe
  2⤵
  PID:4948
- C:\Windows\System\hJyekIp.exe
  C:\Windows\System\hJyekIp.exe
  2⤵
  PID:4968
- C:\Windows\System\wyPFpee.exe
  C:\Windows\System\wyPFpee.exe
  2⤵
  PID:4988
- C:\Windows\System\wwOiDxB.exe
  C:\Windows\System\wwOiDxB.exe
  2⤵
  PID:5008
- C:\Windows\System\bHZwpQf.exe
  C:\Windows\System\bHZwpQf.exe
  2⤵
  PID:5028
- C:\Windows\System\lNKNyuX.exe
  C:\Windows\System\lNKNyuX.exe
  2⤵
  PID:5048
- C:\Windows\System\lWiPKnY.exe
  C:\Windows\System\lWiPKnY.exe
  2⤵
  PID:5064
- C:\Windows\System\pEoOmjP.exe
  C:\Windows\System\pEoOmjP.exe
  2⤵
  PID:5088
- C:\Windows\System\BCcTWlB.exe
  C:\Windows\System\BCcTWlB.exe
  2⤵
  PID:5108
- C:\Windows\System\sGaweCC.exe
  C:\Windows\System\sGaweCC.exe
  2⤵
  PID:3444
- C:\Windows\System\RqyamJu.exe
  C:\Windows\System\RqyamJu.exe
  2⤵
  PID:3416
- C:\Windows\System\KBqRQcB.exe
  C:\Windows\System\KBqRQcB.exe
  2⤵
  PID:3696
- C:\Windows\System\SvwQpTT.exe
  C:\Windows\System\SvwQpTT.exe
  2⤵
  PID:4004
- C:\Windows\System\EmSSkoK.exe
  C:\Windows\System\EmSSkoK.exe
  2⤵
  PID:3248
- C:\Windows\System\xRvpdrC.exe
  C:\Windows\System\xRvpdrC.exe
  2⤵
  PID:4156
- C:\Windows\System\MiWXpJV.exe
  C:\Windows\System\MiWXpJV.exe
  2⤵
  PID:4188
- C:\Windows\System\NYZjdie.exe
  C:\Windows\System\NYZjdie.exe
  2⤵
  PID:4192
- C:\Windows\System\pmZovJF.exe
  C:\Windows\System\pmZovJF.exe
  2⤵
  PID:4216
- C:\Windows\System\ErdFUrc.exe
  C:\Windows\System\ErdFUrc.exe
  2⤵
  PID:4248
- C:\Windows\System\AxGKHoD.exe
  C:\Windows\System\AxGKHoD.exe
  2⤵
  PID:4320
- C:\Windows\System\SlybqUR.exe
  C:\Windows\System\SlybqUR.exe
  2⤵
  PID:1548
- C:\Windows\System\tphKStO.exe
  C:\Windows\System\tphKStO.exe
  2⤵
  PID:4392
- C:\Windows\System\VYNMNMo.exe
  C:\Windows\System\VYNMNMo.exe
  2⤵
  PID:4396
- C:\Windows\System\eTBuLrx.exe
  C:\Windows\System\eTBuLrx.exe
  2⤵
  PID:4416
- C:\Windows\System\qIBRKdw.exe
  C:\Windows\System\qIBRKdw.exe
  2⤵
  PID:4480
- C:\Windows\System\okqJTJO.exe
  C:\Windows\System\okqJTJO.exe
  2⤵
  PID:1784
- C:\Windows\System\PUEtydA.exe
  C:\Windows\System\PUEtydA.exe
  2⤵
  PID:4556
- C:\Windows\System\nPECSDW.exe
  C:\Windows\System\nPECSDW.exe
  2⤵
  PID:4536
- C:\Windows\System\GwyOPwK.exe
  C:\Windows\System\GwyOPwK.exe
  2⤵
  PID:4540
- C:\Windows\System\fZXWRcI.exe
  C:\Windows\System\fZXWRcI.exe
  2⤵
  PID:4576
- C:\Windows\System\zlPDOie.exe
  C:\Windows\System\zlPDOie.exe
  2⤵
  PID:4616
- C:\Windows\System\CDwwOsj.exe
  C:\Windows\System\CDwwOsj.exe
  2⤵
  PID:4656
- C:\Windows\System\vuQXvcd.exe
  C:\Windows\System\vuQXvcd.exe
  2⤵
  PID:2900
- C:\Windows\System\ztMIJzN.exe
  C:\Windows\System\ztMIJzN.exe
  2⤵
  PID:4128
- C:\Windows\System\oMXQIpE.exe
  C:\Windows\System\oMXQIpE.exe
  2⤵
  PID:4756
- C:\Windows\System\UlibcWO.exe
  C:\Windows\System\UlibcWO.exe
  2⤵
  PID:4780
- C:\Windows\System\XEoSvcC.exe
  C:\Windows\System\XEoSvcC.exe
  2⤵
  PID:4816
- C:\Windows\System\QiACCkO.exe
  C:\Windows\System\QiACCkO.exe
  2⤵
  PID:4884
- C:\Windows\System\qcPXxeP.exe
  C:\Windows\System\qcPXxeP.exe
  2⤵
  PID:4856
- C:\Windows\System\XaquTGc.exe
  C:\Windows\System\XaquTGc.exe
  2⤵
  PID:4904
- C:\Windows\System\IFMucrD.exe
  C:\Windows\System\IFMucrD.exe
  2⤵
  PID:4996
- C:\Windows\System\xAzmkQb.exe
  C:\Windows\System\xAzmkQb.exe
  2⤵
  PID:4944
- C:\Windows\System\JejOUaZ.exe
  C:\Windows\System\JejOUaZ.exe
  2⤵
  PID:5016
- C:\Windows\System\iaVYAAg.exe
  C:\Windows\System\iaVYAAg.exe
  2⤵
  PID:5040
- C:\Windows\System\FEDijfB.exe
  C:\Windows\System\FEDijfB.exe
  2⤵
  PID:2128
- C:\Windows\System\vEKArOs.exe
  C:\Windows\System\vEKArOs.exe
  2⤵
  PID:5056
- C:\Windows\System\IWdmjZs.exe
  C:\Windows\System\IWdmjZs.exe
  2⤵
  PID:5116
- C:\Windows\System\SQYBEhP.exe
  C:\Windows\System\SQYBEhP.exe
  2⤵
  PID:5100
- C:\Windows\System\JBuNHgc.exe
  C:\Windows\System\JBuNHgc.exe
  2⤵
  PID:3620
- C:\Windows\System\TBMYqZT.exe
  C:\Windows\System\TBMYqZT.exe
  2⤵
  PID:3576
- C:\Windows\System\SailDNc.exe
  C:\Windows\System\SailDNc.exe
  2⤵
  PID:3964
- C:\Windows\System\OfEBxwU.exe
  C:\Windows\System\OfEBxwU.exe
  2⤵
  PID:2192
- C:\Windows\System\qiifWxR.exe
  C:\Windows\System\qiifWxR.exe
  2⤵
  PID:2540
- C:\Windows\System\CBsdqGm.exe
  C:\Windows\System\CBsdqGm.exe
  2⤵
  PID:4312
- C:\Windows\System\gFIAYeS.exe
  C:\Windows\System\gFIAYeS.exe
  2⤵
  PID:4276
- C:\Windows\System\syPCexW.exe
  C:\Windows\System\syPCexW.exe
  2⤵
  PID:4376
- C:\Windows\System\QZQJtJp.exe
  C:\Windows\System\QZQJtJp.exe
  2⤵
  PID:4316
- C:\Windows\System\mcoTPyR.exe
  C:\Windows\System\mcoTPyR.exe
  2⤵
  PID:4412
- C:\Windows\System\KMGQqeB.exe
  C:\Windows\System\KMGQqeB.exe
  2⤵
  PID:4456
- C:\Windows\System\UbjruTp.exe
  C:\Windows\System\UbjruTp.exe
  2⤵
  PID:1456
- C:\Windows\System\IPCQinc.exe
  C:\Windows\System\IPCQinc.exe
  2⤵
  PID:4552
- C:\Windows\System\HWKAqqF.exe
  C:\Windows\System\HWKAqqF.exe
  2⤵
  PID:2288
- C:\Windows\System\KQWoiUZ.exe
  C:\Windows\System\KQWoiUZ.exe
  2⤵
  PID:3484
- C:\Windows\System\dmftQrX.exe
  C:\Windows\System\dmftQrX.exe
  2⤵
  PID:4628
- C:\Windows\System\AEwnxJj.exe
  C:\Windows\System\AEwnxJj.exe
  2⤵
  PID:4600
- C:\Windows\System\OdYzsdI.exe
  C:\Windows\System\OdYzsdI.exe
  2⤵
  PID:4676
- C:\Windows\System\JFVeUyC.exe
  C:\Windows\System\JFVeUyC.exe
  2⤵
  PID:4716
- C:\Windows\System\Lzwaizf.exe
  C:\Windows\System\Lzwaizf.exe
  2⤵
  PID:4696
- C:\Windows\System\qcjnFIH.exe
  C:\Windows\System\qcjnFIH.exe
  2⤵
  PID:4852
- C:\Windows\System\zxBWrmk.exe
  C:\Windows\System\zxBWrmk.exe
  2⤵
  PID:4740
- C:\Windows\System\bXuIVIR.exe
  C:\Windows\System\bXuIVIR.exe
  2⤵
  PID:4916
- C:\Windows\System\fpXkwmE.exe
  C:\Windows\System\fpXkwmE.exe
  2⤵
  PID:4936
- C:\Windows\System\sqjMsSR.exe
  C:\Windows\System\sqjMsSR.exe
  2⤵
  PID:5024
- C:\Windows\System\hfzFApN.exe
  C:\Windows\System\hfzFApN.exe
  2⤵
  PID:4984
- C:\Windows\System\cuXDKxZ.exe
  C:\Windows\System\cuXDKxZ.exe
  2⤵
  PID:5072
- C:\Windows\System\kkTTvLT.exe
  C:\Windows\System\kkTTvLT.exe
  2⤵
  PID:5104
- C:\Windows\System\KXOqrUu.exe
  C:\Windows\System\KXOqrUu.exe
  2⤵
  PID:1928
- C:\Windows\System\LNKmwsZ.exe
  C:\Windows\System\LNKmwsZ.exe
  2⤵
  PID:4196
- C:\Windows\System\gVKcMHu.exe
  C:\Windows\System\gVKcMHu.exe
  2⤵
  PID:4356
- C:\Windows\System\SyPkgNg.exe
  C:\Windows\System\SyPkgNg.exe
  2⤵
  PID:1284
- C:\Windows\System\ikAFPQF.exe
  C:\Windows\System\ikAFPQF.exe
  2⤵
  PID:4452
- C:\Windows\System\hPzypul.exe
  C:\Windows\System\hPzypul.exe
  2⤵
  PID:4272
- C:\Windows\System\TpIGiGV.exe
  C:\Windows\System\TpIGiGV.exe
  2⤵
  PID:4436
- C:\Windows\System\mcMnQYZ.exe
  C:\Windows\System\mcMnQYZ.exe
  2⤵
  PID:2136
- C:\Windows\System\UMdEABN.exe
  C:\Windows\System\UMdEABN.exe
  2⤵
  PID:4496
- C:\Windows\System\ZEzdZPa.exe
  C:\Windows\System\ZEzdZPa.exe
  2⤵
  PID:4800
- C:\Windows\System\hcAPzGh.exe
  C:\Windows\System\hcAPzGh.exe
  2⤵
  PID:5000
- C:\Windows\System\yEHBypp.exe
  C:\Windows\System\yEHBypp.exe
  2⤵
  PID:4572
- C:\Windows\System\piDngOz.exe
  C:\Windows\System\piDngOz.exe
  2⤵
  PID:4956
- C:\Windows\System\QTPhkVx.exe
  C:\Windows\System\QTPhkVx.exe
  2⤵
  PID:3756
- C:\Windows\System\RyiKCYl.exe
  C:\Windows\System\RyiKCYl.exe
  2⤵
  PID:3136
- C:\Windows\System\KBbHnEa.exe
  C:\Windows\System\KBbHnEa.exe
  2⤵
  PID:5076
- C:\Windows\System\HBqdLQo.exe
  C:\Windows\System\HBqdLQo.exe
  2⤵
  PID:4208
- C:\Windows\System\BDujMfP.exe
  C:\Windows\System\BDujMfP.exe
  2⤵
  PID:2500
- C:\Windows\System\lXWYoPz.exe
  C:\Windows\System\lXWYoPz.exe
  2⤵
  PID:4232
- C:\Windows\System\MXLRhio.exe
  C:\Windows\System\MXLRhio.exe
  2⤵
  PID:4712
- C:\Windows\System\cuITtRK.exe
  C:\Windows\System\cuITtRK.exe
  2⤵
  PID:1080
- C:\Windows\System\runiNCP.exe
  C:\Windows\System\runiNCP.exe
  2⤵
  PID:2908
- C:\Windows\System\XkXvIBb.exe
  C:\Windows\System\XkXvIBb.exe
  2⤵
  PID:2240
- C:\Windows\System\qeeifXy.exe
  C:\Windows\System\qeeifXy.exe
  2⤵
  PID:4864
- C:\Windows\System\JaHbSqI.exe
  C:\Windows\System\JaHbSqI.exe
  2⤵
  PID:2484
- C:\Windows\System\kaDXeFo.exe
  C:\Windows\System\kaDXeFo.exe
  2⤵
  PID:4680
- C:\Windows\System\SjHurZO.exe
  C:\Windows\System\SjHurZO.exe
  2⤵
  PID:4136
- C:\Windows\System\WqMXaiF.exe
  C:\Windows\System\WqMXaiF.exe
  2⤵
  PID:4672
- C:\Windows\System\iiKdtiq.exe
  C:\Windows\System\iiKdtiq.exe
  2⤵
  PID:4860
- C:\Windows\System\HzLPHDa.exe
  C:\Windows\System\HzLPHDa.exe
  2⤵
  PID:2304
- C:\Windows\System\hGcDGSG.exe
  C:\Windows\System\hGcDGSG.exe
  2⤵
  PID:4776
- C:\Windows\System\ReNzhoG.exe
  C:\Windows\System\ReNzhoG.exe
  2⤵
  PID:2228
- C:\Windows\System\dzEwmQc.exe
  C:\Windows\System\dzEwmQc.exe
  2⤵
  PID:4132
- C:\Windows\System\VQEMPZt.exe
  C:\Windows\System\VQEMPZt.exe
  2⤵
  PID:4252
- C:\Windows\System\XRqkDiY.exe
  C:\Windows\System\XRqkDiY.exe
  2⤵
  PID:4372
- C:\Windows\System\mVugyDE.exe
  C:\Windows\System\mVugyDE.exe
  2⤵
  PID:4836
- C:\Windows\System\YBYgjft.exe
  C:\Windows\System\YBYgjft.exe
  2⤵
  PID:1012
- C:\Windows\System\dcjkYQg.exe
  C:\Windows\System\dcjkYQg.exe
  2⤵
  PID:4432
- C:\Windows\System\UmOkKbr.exe
  C:\Windows\System\UmOkKbr.exe
  2⤵
  PID:3088
- C:\Windows\System\TYHQund.exe
  C:\Windows\System\TYHQund.exe
  2⤵
  PID:5136
- C:\Windows\System\GiVFAcj.exe
  C:\Windows\System\GiVFAcj.exe
  2⤵
  PID:5160
- C:\Windows\System\gcWaElT.exe
  C:\Windows\System\gcWaElT.exe
  2⤵
  PID:5180
- C:\Windows\System\WpYguuc.exe
  C:\Windows\System\WpYguuc.exe
  2⤵
  PID:5196
- C:\Windows\System\AqAwDga.exe
  C:\Windows\System\AqAwDga.exe
  2⤵
  PID:5212
- C:\Windows\System\aMvKTdW.exe
  C:\Windows\System\aMvKTdW.exe
  2⤵
  PID:5232
- C:\Windows\System\zqkrWOg.exe
  C:\Windows\System\zqkrWOg.exe
  2⤵
  PID:5248
- C:\Windows\System\lxDXYaX.exe
  C:\Windows\System\lxDXYaX.exe
  2⤵
  PID:5268
- C:\Windows\System\xZWOCln.exe
  C:\Windows\System\xZWOCln.exe
  2⤵
  PID:5284
- C:\Windows\System\iGQbcbG.exe
  C:\Windows\System\iGQbcbG.exe
  2⤵
  PID:5300
- C:\Windows\System\AyAnygr.exe
  C:\Windows\System\AyAnygr.exe
  2⤵
  PID:5316
- C:\Windows\System\QdsdGdn.exe
  C:\Windows\System\QdsdGdn.exe
  2⤵
  PID:5360
- C:\Windows\System\lnnLSTu.exe
  C:\Windows\System\lnnLSTu.exe
  2⤵
  PID:5376
- C:\Windows\System\ugIrxQN.exe
  C:\Windows\System\ugIrxQN.exe
  2⤵
  PID:5396
- C:\Windows\System\oXMHTKE.exe
  C:\Windows\System\oXMHTKE.exe
  2⤵
  PID:5412
- C:\Windows\System\gTHPFtI.exe
  C:\Windows\System\gTHPFtI.exe
  2⤵
  PID:5428
- C:\Windows\System\xiVrdXj.exe
  C:\Windows\System\xiVrdXj.exe
  2⤵
  PID:5460
- C:\Windows\System\ujgebZn.exe
  C:\Windows\System\ujgebZn.exe
  2⤵
  PID:5476
- C:\Windows\System\lFbTJZH.exe
  C:\Windows\System\lFbTJZH.exe
  2⤵
  PID:5492
- C:\Windows\System\qMzsfOB.exe
  C:\Windows\System\qMzsfOB.exe
  2⤵
  PID:5512
- C:\Windows\System\TEBYspF.exe
  C:\Windows\System\TEBYspF.exe
  2⤵
  PID:5528
- C:\Windows\System\OhDRBwn.exe
  C:\Windows\System\OhDRBwn.exe
  2⤵
  PID:5544
- C:\Windows\System\DFqmZgX.exe
  C:\Windows\System\DFqmZgX.exe
  2⤵
  PID:5560
- C:\Windows\System\lfIcOSy.exe
  C:\Windows\System\lfIcOSy.exe
  2⤵
  PID:5584
- C:\Windows\System\oErvHgW.exe
  C:\Windows\System\oErvHgW.exe
  2⤵
  PID:5600
- C:\Windows\System\SlxsUYp.exe
  C:\Windows\System\SlxsUYp.exe
  2⤵
  PID:5620
- C:\Windows\System\NrRQxil.exe
  C:\Windows\System\NrRQxil.exe
  2⤵
  PID:5640
- C:\Windows\System\vvDNVEK.exe
  C:\Windows\System\vvDNVEK.exe
  2⤵
  PID:5660
- C:\Windows\System\sFKQWFr.exe
  C:\Windows\System\sFKQWFr.exe
  2⤵
  PID:5676
- C:\Windows\System\ODDZtcb.exe
  C:\Windows\System\ODDZtcb.exe
  2⤵
  PID:5704
- C:\Windows\System\lzjsbfU.exe
  C:\Windows\System\lzjsbfU.exe
  2⤵
  PID:5720
- C:\Windows\System\BAFoKPn.exe
  C:\Windows\System\BAFoKPn.exe
  2⤵
  PID:5752
- C:\Windows\System\eXtcfjp.exe
  C:\Windows\System\eXtcfjp.exe
  2⤵
  PID:5776
- C:\Windows\System\OcUUJyM.exe
  C:\Windows\System\OcUUJyM.exe
  2⤵
  PID:5796
- C:\Windows\System\EvUSqrQ.exe
  C:\Windows\System\EvUSqrQ.exe
  2⤵
  PID:5824
- C:\Windows\System\GtFQMnp.exe
  C:\Windows\System\GtFQMnp.exe
  2⤵
  PID:5840
- C:\Windows\System\ygeqgYF.exe
  C:\Windows\System\ygeqgYF.exe
  2⤵
  PID:5860
- C:\Windows\System\rHAjXdf.exe
  C:\Windows\System\rHAjXdf.exe
  2⤵
  PID:5876
- C:\Windows\System\iJWYZFA.exe
  C:\Windows\System\iJWYZFA.exe
  2⤵
  PID:5892
- C:\Windows\System\qPHJXhr.exe
  C:\Windows\System\qPHJXhr.exe
  2⤵
  PID:5916
- C:\Windows\System\AwzihKx.exe
  C:\Windows\System\AwzihKx.exe
  2⤵
  PID:5932
- C:\Windows\System\JbEEhUS.exe
  C:\Windows\System\JbEEhUS.exe
  2⤵
  PID:5948
- C:\Windows\System\GSaxQYA.exe
  C:\Windows\System\GSaxQYA.exe
  2⤵
  PID:5984
- C:\Windows\System\IPHFolw.exe
  C:\Windows\System\IPHFolw.exe
  2⤵
  PID:6000
- C:\Windows\System\aFzhHUZ.exe
  C:\Windows\System\aFzhHUZ.exe
  2⤵
  PID:6024
- C:\Windows\System\fLAEUlB.exe
  C:\Windows\System\fLAEUlB.exe
  2⤵
  PID:6040
- C:\Windows\System\rBAgyFE.exe
  C:\Windows\System\rBAgyFE.exe
  2⤵
  PID:6056
- C:\Windows\System\axPPgyQ.exe
  C:\Windows\System\axPPgyQ.exe
  2⤵
  PID:6072
- C:\Windows\System\HLxmaqp.exe
  C:\Windows\System\HLxmaqp.exe
  2⤵
  PID:6092
- C:\Windows\System\PmMfMxy.exe
  C:\Windows\System\PmMfMxy.exe
  2⤵
  PID:6112
- C:\Windows\System\LeVlqtI.exe
  C:\Windows\System\LeVlqtI.exe
  2⤵
  PID:6132
- C:\Windows\System\zwRvYRo.exe
  C:\Windows\System\zwRvYRo.exe
  2⤵
  PID:5132
- C:\Windows\System\BUAHoVd.exe
  C:\Windows\System\BUAHoVd.exe
  2⤵
  PID:5172
- C:\Windows\System\PvngfkP.exe
  C:\Windows\System\PvngfkP.exe
  2⤵
  PID:5192
- C:\Windows\System\thsrldg.exe
  C:\Windows\System\thsrldg.exe
  2⤵
  PID:5276
- C:\Windows\System\rfwSFVD.exe
  C:\Windows\System\rfwSFVD.exe
  2⤵
  PID:5156
- C:\Windows\System\upJPfPe.exe
  C:\Windows\System\upJPfPe.exe
  2⤵
  PID:5256
- C:\Windows\System\OlGdsBX.exe
  C:\Windows\System\OlGdsBX.exe
  2⤵
  PID:5332
- C:\Windows\System\LNBEwSY.exe
  C:\Windows\System\LNBEwSY.exe
  2⤵
  PID:5372
- C:\Windows\System\KmephKA.exe
  C:\Windows\System\KmephKA.exe
  2⤵
  PID:5436
- C:\Windows\System\iZtSvNU.exe
  C:\Windows\System\iZtSvNU.exe
  2⤵
  PID:5392
- C:\Windows\System\FcrkYEr.exe
  C:\Windows\System\FcrkYEr.exe
  2⤵
  PID:5452
- C:\Windows\System\kJHHtHV.exe
  C:\Windows\System\kJHHtHV.exe
  2⤵
  PID:5520
- C:\Windows\System\ZfCZeLh.exe
  C:\Windows\System\ZfCZeLh.exe
  2⤵
  PID:5540
- C:\Windows\System\ndaMZYc.exe
  C:\Windows\System\ndaMZYc.exe
  2⤵
  PID:5468
- C:\Windows\System\zPizwyp.exe
  C:\Windows\System\zPizwyp.exe
  2⤵
  PID:5596
- C:\Windows\System\gnPHqvG.exe
  C:\Windows\System\gnPHqvG.exe
  2⤵
  PID:5672
- C:\Windows\System\lcenGOL.exe
  C:\Windows\System\lcenGOL.exe
  2⤵
  PID:5616
- C:\Windows\System\MZeZCKC.exe
  C:\Windows\System\MZeZCKC.exe
  2⤵
  PID:5772
- C:\Windows\System\UDWIqHe.exe
  C:\Windows\System\UDWIqHe.exe
  2⤵
  PID:5688
- C:\Windows\System\cSWakCD.exe
  C:\Windows\System\cSWakCD.exe
  2⤵
  PID:5728
- C:\Windows\System\nXNKjNS.exe
  C:\Windows\System\nXNKjNS.exe
  2⤵
  PID:5784
- C:\Windows\System\UgtViVG.exe
  C:\Windows\System\UgtViVG.exe
  2⤵
  PID:5812
- C:\Windows\System\IgFkLjU.exe
  C:\Windows\System\IgFkLjU.exe
  2⤵
  PID:5884
- C:\Windows\System\kqtIGnm.exe
  C:\Windows\System\kqtIGnm.exe
  2⤵
  PID:5928
- C:\Windows\System\TxgsInf.exe
  C:\Windows\System\TxgsInf.exe
  2⤵
  PID:5944
- C:\Windows\System\leAdkPQ.exe
  C:\Windows\System\leAdkPQ.exe
  2⤵
  PID:5908
- C:\Windows\System\DVvkqUV.exe
  C:\Windows\System\DVvkqUV.exe
  2⤵
  PID:5980
- C:\Windows\System\nfqKoLb.exe
  C:\Windows\System\nfqKoLb.exe
  2⤵
  PID:6020
- C:\Windows\System\dKpiKNj.exe
  C:\Windows\System\dKpiKNj.exe
  2⤵
  PID:6068
- C:\Windows\System\xZueIoI.exe
  C:\Windows\System\xZueIoI.exe
  2⤵
  PID:6120
- C:\Windows\System\fsqDAuO.exe
  C:\Windows\System\fsqDAuO.exe
  2⤵
  PID:5144
- C:\Windows\System\JFpGUWj.exe
  C:\Windows\System\JFpGUWj.exe
  2⤵
  PID:5228
- C:\Windows\System\xuCDkQh.exe
  C:\Windows\System\xuCDkQh.exe
  2⤵
  PID:5296
- C:\Windows\System\KlcYXUl.exe
  C:\Windows\System\KlcYXUl.exe
  2⤵
  PID:5204
- C:\Windows\System\GRGLTBu.exe
  C:\Windows\System\GRGLTBu.exe
  2⤵
  PID:5188
- C:\Windows\System\CaOSwDI.exe
  C:\Windows\System\CaOSwDI.exe
  2⤵
  PID:5308
- C:\Windows\System\JzAzEiF.exe
  C:\Windows\System\JzAzEiF.exe
  2⤵
  PID:5348
- C:\Windows\System\bbjEbwa.exe
  C:\Windows\System\bbjEbwa.exe
  2⤵
  PID:5488
- C:\Windows\System\YhSljhY.exe
  C:\Windows\System\YhSljhY.exe
  2⤵
  PID:5668
- C:\Windows\System\uVATyzK.exe
  C:\Windows\System\uVATyzK.exe
  2⤵
  PID:5448
- C:\Windows\System\XGpmQdu.exe
  C:\Windows\System\XGpmQdu.exe
  2⤵
  PID:5760
- C:\Windows\System\CtKsCZB.exe
  C:\Windows\System\CtKsCZB.exe
  2⤵
  PID:5764
- C:\Windows\System\NLpCIWC.exe
  C:\Windows\System\NLpCIWC.exe
  2⤵
  PID:5576
- C:\Windows\System\CpoJuYr.exe
  C:\Windows\System\CpoJuYr.exe
  2⤵
  PID:5712
- C:\Windows\System\pHvbGCD.exe
  C:\Windows\System\pHvbGCD.exe
  2⤵
  PID:5968
- C:\Windows\System\dTyftjC.exe
  C:\Windows\System\dTyftjC.exe
  2⤵
  PID:5804
- C:\Windows\System\xfWfJWU.exe
  C:\Windows\System\xfWfJWU.exe
  2⤵
  PID:6080
- C:\Windows\System\eixgeBc.exe
  C:\Windows\System\eixgeBc.exe
  2⤵
  PID:5868
- C:\Windows\System\jhLRLpJ.exe
  C:\Windows\System\jhLRLpJ.exe
  2⤵
  PID:6052
- C:\Windows\System\DeAjFOo.exe
  C:\Windows\System\DeAjFOo.exe
  2⤵
  PID:5292
- C:\Windows\System\INZPyap.exe
  C:\Windows\System\INZPyap.exe
  2⤵
  PID:5344
- C:\Windows\System\PMfnfhH.exe
  C:\Windows\System\PMfnfhH.exe
  2⤵
  PID:5652
- C:\Windows\System\FEUNdwX.exe
  C:\Windows\System\FEUNdwX.exe
  2⤵
  PID:5572
- C:\Windows\System\xSmiwHx.exe
  C:\Windows\System\xSmiwHx.exe
  2⤵
  PID:5328
- C:\Windows\System\LoHluwQ.exe
  C:\Windows\System\LoHluwQ.exe
  2⤵
  PID:5888
- C:\Windows\System\RIlYpui.exe
  C:\Windows\System\RIlYpui.exe
  2⤵
  PID:5900
- C:\Windows\System\PBGokip.exe
  C:\Windows\System\PBGokip.exe
  2⤵
  PID:6152
- C:\Windows\System\YNVosqt.exe
  C:\Windows\System\YNVosqt.exe
  2⤵
  PID:6208
- C:\Windows\System\WgHiTmV.exe
  C:\Windows\System\WgHiTmV.exe
  2⤵
  PID:6224
- C:\Windows\System\YyPtncZ.exe
  C:\Windows\System\YyPtncZ.exe
  2⤵
  PID:6240
- C:\Windows\System\DiiNZWi.exe
  C:\Windows\System\DiiNZWi.exe
  2⤵
  PID:6256
- C:\Windows\System\nJnbWvx.exe
  C:\Windows\System\nJnbWvx.exe
  2⤵
  PID:6276
- C:\Windows\System\uMTywMj.exe
  C:\Windows\System\uMTywMj.exe
  2⤵
  PID:6292
- C:\Windows\System\QOXcHTV.exe
  C:\Windows\System\QOXcHTV.exe
  2⤵
  PID:6312
- C:\Windows\System\UEVcAty.exe
  C:\Windows\System\UEVcAty.exe
  2⤵
  PID:6328
- C:\Windows\System\NkindUa.exe
  C:\Windows\System\NkindUa.exe
  2⤵
  PID:6356
- C:\Windows\System\WFEFegd.exe
  C:\Windows\System\WFEFegd.exe
  2⤵
  PID:6372
- C:\Windows\System\ERLKdsd.exe
  C:\Windows\System\ERLKdsd.exe
  2⤵
  PID:6400
- C:\Windows\System\QzklFJb.exe
  C:\Windows\System\QzklFJb.exe
  2⤵
  PID:6420
- C:\Windows\System\LZFQWbj.exe
  C:\Windows\System\LZFQWbj.exe
  2⤵
  PID:6436
- C:\Windows\System\jUGyJKt.exe
  C:\Windows\System\jUGyJKt.exe
  2⤵
  PID:6464
- C:\Windows\System\jtiSeRU.exe
  C:\Windows\System\jtiSeRU.exe
  2⤵
  PID:6484
- C:\Windows\System\WwTVaHM.exe
  C:\Windows\System\WwTVaHM.exe
  2⤵
  PID:6508
- C:\Windows\System\vvSvyUI.exe
  C:\Windows\System\vvSvyUI.exe
  2⤵
  PID:6524
- C:\Windows\System\ZEhqKgD.exe
  C:\Windows\System\ZEhqKgD.exe
  2⤵
  PID:6540
- C:\Windows\System\HvZOIrG.exe
  C:\Windows\System\HvZOIrG.exe
  2⤵
  PID:6556
- C:\Windows\System\lDxbqNz.exe
  C:\Windows\System\lDxbqNz.exe
  2⤵
  PID:6580
- C:\Windows\System\NnsFsfk.exe
  C:\Windows\System\NnsFsfk.exe
  2⤵
  PID:6596
- C:\Windows\System\kHcMLNW.exe
  C:\Windows\System\kHcMLNW.exe
  2⤵
  PID:6612
- C:\Windows\System\XmLxlOK.exe
  C:\Windows\System\XmLxlOK.exe
  2⤵
  PID:6628
- C:\Windows\System\EVBdYCI.exe
  C:\Windows\System\EVBdYCI.exe
  2⤵
  PID:6648
- C:\Windows\System\WyepxYp.exe
  C:\Windows\System\WyepxYp.exe
  2⤵
  PID:6668
- C:\Windows\System\ALBnyIi.exe
  C:\Windows\System\ALBnyIi.exe
  2⤵
  PID:6684
- C:\Windows\System\OthUUGN.exe
  C:\Windows\System\OthUUGN.exe
  2⤵
  PID:6708
- C:\Windows\System\YEGbrZK.exe
  C:\Windows\System\YEGbrZK.exe
  2⤵
  PID:6728
- C:\Windows\System\mLgGTGP.exe
  C:\Windows\System\mLgGTGP.exe
  2⤵
  PID:6744
- C:\Windows\System\igDtWfB.exe
  C:\Windows\System\igDtWfB.exe
  2⤵
  PID:6760
- C:\Windows\System\TnSWHJD.exe
  C:\Windows\System\TnSWHJD.exe
  2⤵
  PID:6780
- C:\Windows\System\XuhzEYQ.exe
  C:\Windows\System\XuhzEYQ.exe
  2⤵
  PID:6796
- C:\Windows\System\CviqwDC.exe
  C:\Windows\System\CviqwDC.exe
  2⤵
  PID:6812
- C:\Windows\System\niyHfHm.exe
  C:\Windows\System\niyHfHm.exe
  2⤵
  PID:6832
- C:\Windows\System\CBqAgUZ.exe
  C:\Windows\System\CBqAgUZ.exe
  2⤵
  PID:6848
- C:\Windows\System\uMOWbAJ.exe
  C:\Windows\System\uMOWbAJ.exe
  2⤵
  PID:6864
- C:\Windows\System\RtuBcYb.exe
  C:\Windows\System\RtuBcYb.exe
  2⤵
  PID:6880
- C:\Windows\System\MzBgDvp.exe
  C:\Windows\System\MzBgDvp.exe
  2⤵
  PID:6896
- C:\Windows\System\whjdztd.exe
  C:\Windows\System\whjdztd.exe
  2⤵
  PID:6912
- C:\Windows\System\Eyeprmx.exe
  C:\Windows\System\Eyeprmx.exe
  2⤵
  PID:6928
- C:\Windows\System\bYYjdYS.exe
  C:\Windows\System\bYYjdYS.exe
  2⤵
  PID:6944
- C:\Windows\System\gkMDiYk.exe
  C:\Windows\System\gkMDiYk.exe
  2⤵
  PID:6960
- C:\Windows\System\ZlEUdme.exe
  C:\Windows\System\ZlEUdme.exe
  2⤵
  PID:6976
- C:\Windows\System\DYQLSbN.exe
  C:\Windows\System\DYQLSbN.exe
  2⤵
  PID:6992
- C:\Windows\System\dPfWINl.exe
  C:\Windows\System\dPfWINl.exe
  2⤵
  PID:7008
- C:\Windows\System\NwxcWyi.exe
  C:\Windows\System\NwxcWyi.exe
  2⤵
  PID:7024
- C:\Windows\System\JwvAQxu.exe
  C:\Windows\System\JwvAQxu.exe
  2⤵
  PID:7040
- C:\Windows\System\QwJOiJV.exe
  C:\Windows\System\QwJOiJV.exe
  2⤵
  PID:7060
- C:\Windows\System\hYwyxFz.exe
  C:\Windows\System\hYwyxFz.exe
  2⤵
  PID:7080
- C:\Windows\System\WfDIEWS.exe
  C:\Windows\System\WfDIEWS.exe
  2⤵
  PID:7096
- C:\Windows\System\MBfVVOO.exe
  C:\Windows\System\MBfVVOO.exe
  2⤵
  PID:7112
- C:\Windows\System\IpwbPcl.exe
  C:\Windows\System\IpwbPcl.exe
  2⤵
  PID:7128
- C:\Windows\System\rmmmNFG.exe
  C:\Windows\System\rmmmNFG.exe
  2⤵
  PID:7144
- C:\Windows\System\wUdezHW.exe
  C:\Windows\System\wUdezHW.exe
  2⤵
  PID:7160
- C:\Windows\System\XyBjUFZ.exe
  C:\Windows\System\XyBjUFZ.exe
  2⤵
  PID:5684
- C:\Windows\System\VLLFpvU.exe
  C:\Windows\System\VLLFpvU.exe
  2⤵
  PID:5848
- C:\Windows\System\ghrLYxn.exe
  C:\Windows\System\ghrLYxn.exe
  2⤵
  PID:5388
- C:\Windows\System\TyCpeZB.exe
  C:\Windows\System\TyCpeZB.exe
  2⤵
  PID:5856
- C:\Windows\System\iZJNZJJ.exe
  C:\Windows\System\iZJNZJJ.exe
  2⤵
  PID:5444
- C:\Windows\System\XGRivaE.exe
  C:\Windows\System\XGRivaE.exe
  2⤵
  PID:5556
- C:\Windows\System\wBAXDeH.exe
  C:\Windows\System\wBAXDeH.exe
  2⤵
  PID:5976
- C:\Windows\System\mrMmegN.exe
  C:\Windows\System\mrMmegN.exe
  2⤵
  PID:6084
- C:\Windows\System\nLIxqzR.exe
  C:\Windows\System\nLIxqzR.exe
  2⤵
  PID:5472
- C:\Windows\System\eyWCdoZ.exe
  C:\Windows\System\eyWCdoZ.exe
  2⤵
  PID:5244
- C:\Windows\System\wUEOgMZ.exe
  C:\Windows\System\wUEOgMZ.exe
  2⤵
  PID:6172
- C:\Windows\System\jYaxHCL.exe
  C:\Windows\System\jYaxHCL.exe
  2⤵
  PID:6188
- C:\Windows\System\albkeUB.exe
  C:\Windows\System\albkeUB.exe
  2⤵
  PID:5808
- C:\Windows\System\ySJDrwm.exe
  C:\Windows\System\ySJDrwm.exe
  2⤵
  PID:6164
- C:\Windows\System\KGZtLmS.exe
  C:\Windows\System\KGZtLmS.exe
  2⤵
  PID:6272
- C:\Windows\System\asERzPc.exe
  C:\Windows\System\asERzPc.exe
  2⤵
  PID:6284
- C:\Windows\System\YGAxobr.exe
  C:\Windows\System\YGAxobr.exe
  2⤵
  PID:6300
- C:\Windows\System\KVenrNT.exe
  C:\Windows\System\KVenrNT.exe
  2⤵
  PID:6340
- C:\Windows\System\WClZjQG.exe
  C:\Windows\System\WClZjQG.exe
  2⤵
  PID:6384
- C:\Windows\System\IXQghFV.exe
  C:\Windows\System\IXQghFV.exe
  2⤵
  PID:6248
- C:\Windows\System\sLUdIAm.exe
  C:\Windows\System\sLUdIAm.exe
  2⤵
  PID:6432
- C:\Windows\System\IEAxBEE.exe
  C:\Windows\System\IEAxBEE.exe
  2⤵
  PID:6444
- C:\Windows\System\yVBbBNC.exe
  C:\Windows\System\yVBbBNC.exe
  2⤵
  PID:6480
- C:\Windows\System\ldbthbL.exe
  C:\Windows\System\ldbthbL.exe
  2⤵
  PID:6516
- C:\Windows\System\lunlZnX.exe
  C:\Windows\System\lunlZnX.exe
  2⤵
  PID:6588
- C:\Windows\System\vhWUGUf.exe
  C:\Windows\System\vhWUGUf.exe
  2⤵
  PID:6492
- C:\Windows\System\ZipzYOo.exe
  C:\Windows\System\ZipzYOo.exe
  2⤵
  PID:6496
- C:\Windows\System\EUTkQJQ.exe
  C:\Windows\System\EUTkQJQ.exe
  2⤵
  PID:6568
- C:\Windows\System\XkFbpii.exe
  C:\Windows\System\XkFbpii.exe
  2⤵
  PID:6636
- C:\Windows\System\LgoZHSo.exe
  C:\Windows\System\LgoZHSo.exe
  2⤵
  PID:6704
- C:\Windows\System\uYOzYJa.exe
  C:\Windows\System\uYOzYJa.exe
  2⤵
  PID:6720
- C:\Windows\System\mJIsAoK.exe
  C:\Windows\System\mJIsAoK.exe
  2⤵
  PID:6504
- C:\Windows\System\ZNwZRks.exe
  C:\Windows\System\ZNwZRks.exe
  2⤵
  PID:6532
- C:\Windows\System\pEpPpeG.exe
  C:\Windows\System\pEpPpeG.exe
  2⤵
  PID:6776
- C:\Windows\System\PhkwVDs.exe
  C:\Windows\System\PhkwVDs.exe
  2⤵
  PID:6844
- C:\Windows\System\anHgOaR.exe
  C:\Windows\System\anHgOaR.exe
  2⤵
  PID:6856
- C:\Windows\System\lZyJjGT.exe
  C:\Windows\System\lZyJjGT.exe
  2⤵
  PID:6860
- C:\Windows\System\zOukHjF.exe
  C:\Windows\System\zOukHjF.exe
  2⤵
  PID:6908
- C:\Windows\System\jBKPoCh.exe
  C:\Windows\System\jBKPoCh.exe
  2⤵
  PID:6972
- C:\Windows\System\qOjKzfW.exe
  C:\Windows\System\qOjKzfW.exe
  2⤵
  PID:7036
- C:\Windows\System\gcGJFZR.exe
  C:\Windows\System\gcGJFZR.exe
  2⤵
  PID:6924
- C:\Windows\System\bVwJryE.exe
  C:\Windows\System\bVwJryE.exe
  2⤵
  PID:7016
- C:\Windows\System\UHuiPrE.exe
  C:\Windows\System\UHuiPrE.exe
  2⤵
  PID:7052
- C:\Windows\System\FPFLKUJ.exe
  C:\Windows\System\FPFLKUJ.exe
  2⤵
  PID:7104
- C:\Windows\System\CKvuSGE.exe
  C:\Windows\System\CKvuSGE.exe
  2⤵
  PID:5904
- C:\Windows\System\sjvXxlT.exe
  C:\Windows\System\sjvXxlT.exe
  2⤵
  PID:6104
- C:\Windows\System\mgOmhej.exe
  C:\Windows\System\mgOmhej.exe
  2⤵
  PID:7124
- C:\Windows\System\eEfgeAM.exe
  C:\Windows\System\eEfgeAM.exe
  2⤵
  PID:5992
- C:\Windows\System\dyQeXqA.exe
  C:\Windows\System\dyQeXqA.exe
  2⤵
  PID:5792
- C:\Windows\System\JVtaREk.exe
  C:\Windows\System\JVtaREk.exe
  2⤵
  PID:5996
- C:\Windows\System\ICOlZQZ.exe
  C:\Windows\System\ICOlZQZ.exe
  2⤵
  PID:5264
- C:\Windows\System\VwHTKpS.exe
  C:\Windows\System\VwHTKpS.exe
  2⤵
  PID:5356
- C:\Windows\System\pOHGyBj.exe
  C:\Windows\System\pOHGyBj.exe
  2⤵
  PID:6220
- C:\Windows\System\kczYsbf.exe
  C:\Windows\System\kczYsbf.exe
  2⤵
  PID:6320
- C:\Windows\System\haeAONt.exe
  C:\Windows\System\haeAONt.exe
  2⤵
  PID:6352
- C:\Windows\System\cQlLmgk.exe
  C:\Windows\System\cQlLmgk.exe
  2⤵
  PID:6396
- C:\Windows\System\fjKRHCz.exe
  C:\Windows\System\fjKRHCz.exe
  2⤵
  PID:6252
- C:\Windows\System\xsKFLqU.exe
  C:\Windows\System\xsKFLqU.exe
  2⤵
  PID:6548
- C:\Windows\System\hpAsGaU.exe
  C:\Windows\System\hpAsGaU.exe
  2⤵
  PID:6664
- C:\Windows\System\CzYPMZg.exe
  C:\Windows\System\CzYPMZg.exe
  2⤵
  PID:6620
- C:\Windows\System\CDzAqHI.exe
  C:\Windows\System\CDzAqHI.exe
  2⤵
  PID:6608
- C:\Windows\System\dIRBkjI.exe
  C:\Windows\System\dIRBkjI.exe
  2⤵
  PID:6680
- C:\Windows\System\DmavxSn.exe
  C:\Windows\System\DmavxSn.exe
  2⤵
  PID:6736
- C:\Windows\System\FLhPEsV.exe
  C:\Windows\System\FLhPEsV.exe
  2⤵
  PID:6808
- C:\Windows\System\SdKPGIg.exe
  C:\Windows\System\SdKPGIg.exe
  2⤵
  PID:6824
- C:\Windows\System\rLocJJM.exe
  C:\Windows\System\rLocJJM.exe
  2⤵
  PID:6904
- C:\Windows\System\zvrtSji.exe
  C:\Windows\System\zvrtSji.exe
  2⤵
  PID:6920
- C:\Windows\System\ZYKEjPa.exe
  C:\Windows\System\ZYKEjPa.exe
  2⤵
  PID:6988
- C:\Windows\System\tpZBhxf.exe
  C:\Windows\System\tpZBhxf.exe
  2⤵
  PID:7056
- C:\Windows\System\wsihVpM.exe
  C:\Windows\System\wsihVpM.exe
  2⤵
  PID:5964
- C:\Windows\System\egyCjje.exe
  C:\Windows\System\egyCjje.exe
  2⤵
  PID:6268
- C:\Windows\System\JMbBEMJ.exe
  C:\Windows\System\JMbBEMJ.exe
  2⤵
  PID:5424
- C:\Windows\System\QSuGcav.exe
  C:\Windows\System\QSuGcav.exe
  2⤵
  PID:6036
- C:\Windows\System\XYYESWN.exe
  C:\Windows\System\XYYESWN.exe
  2⤵
  PID:6200
- C:\Windows\System\AglkSTU.exe
  C:\Windows\System\AglkSTU.exe
  2⤵
  PID:6452
- C:\Windows\System\OtsdbMX.exe
  C:\Windows\System\OtsdbMX.exe
  2⤵
  PID:6564
- C:\Windows\System\UTpjwrZ.exe
  C:\Windows\System\UTpjwrZ.exe
  2⤵
  PID:7004
- C:\Windows\System\cbMfWAg.exe
  C:\Windows\System\cbMfWAg.exe
  2⤵
  PID:6392
- C:\Windows\System\jUzAIPW.exe
  C:\Windows\System\jUzAIPW.exe
  2⤵
  PID:6604
- C:\Windows\System\yfGmcWk.exe
  C:\Windows\System\yfGmcWk.exe
  2⤵
  PID:6984
- C:\Windows\System\LTVWClM.exe
  C:\Windows\System\LTVWClM.exe
  2⤵
  PID:7156
- C:\Windows\System\xhxKMtk.exe
  C:\Windows\System\xhxKMtk.exe
  2⤵
  PID:6476
- C:\Windows\System\DzmDdDh.exe
  C:\Windows\System\DzmDdDh.exe
  2⤵
  PID:6168
- C:\Windows\System\pAMrNlj.exe
  C:\Windows\System\pAMrNlj.exe
  2⤵
  PID:6344
- C:\Windows\System\ATOWyjX.exe
  C:\Windows\System\ATOWyjX.exe
  2⤵
  PID:7076
- C:\Windows\System\OZjfadm.exe
  C:\Windows\System\OZjfadm.exe
  2⤵
  PID:7120
- C:\Windows\System\rQkWZGD.exe
  C:\Windows\System\rQkWZGD.exe
  2⤵
  PID:6204
- C:\Windows\System\gNubXYd.exe
  C:\Windows\System\gNubXYd.exe
  2⤵
  PID:6184
- C:\Windows\System\LzTYMmG.exe
  C:\Windows\System\LzTYMmG.exe
  2⤵
  PID:6768
- C:\Windows\System\RYOLkVe.exe
  C:\Windows\System\RYOLkVe.exe
  2⤵
  PID:6956
- C:\Windows\System\HppCZcP.exe
  C:\Windows\System\HppCZcP.exe
  2⤵
  PID:6380
- C:\Windows\System\doYkGJj.exe
  C:\Windows\System\doYkGJj.exe
  2⤵
  PID:7176
- C:\Windows\System\wTGMmuC.exe
  C:\Windows\System\wTGMmuC.exe
  2⤵
  PID:7192
- C:\Windows\System\YBKZBsm.exe
  C:\Windows\System\YBKZBsm.exe
  2⤵
  PID:7208
- C:\Windows\System\SaYrkIC.exe
  C:\Windows\System\SaYrkIC.exe
  2⤵
  PID:7224
- C:\Windows\System\IhNTxjT.exe
  C:\Windows\System\IhNTxjT.exe
  2⤵
  PID:7240
- C:\Windows\System\lFLSFPw.exe
  C:\Windows\System\lFLSFPw.exe
  2⤵
  PID:7256
- C:\Windows\System\xNQkVan.exe
  C:\Windows\System\xNQkVan.exe
  2⤵
  PID:7272
- C:\Windows\System\mePvEii.exe
  C:\Windows\System\mePvEii.exe
  2⤵
  PID:7288
- C:\Windows\System\nCdFPPh.exe
  C:\Windows\System\nCdFPPh.exe
  2⤵
  PID:7304
- C:\Windows\System\IwVdYmp.exe
  C:\Windows\System\IwVdYmp.exe
  2⤵
  PID:7320
- C:\Windows\System\RInHsYl.exe
  C:\Windows\System\RInHsYl.exe
  2⤵
  PID:7336
- C:\Windows\System\uQUebZx.exe
  C:\Windows\System\uQUebZx.exe
  2⤵
  PID:7352
- C:\Windows\System\hywZDnb.exe
  C:\Windows\System\hywZDnb.exe
  2⤵
  PID:7368
- C:\Windows\System\MwqJXXm.exe
  C:\Windows\System\MwqJXXm.exe
  2⤵
  PID:7384
- C:\Windows\System\bnpbFUr.exe
  C:\Windows\System\bnpbFUr.exe
  2⤵
  PID:7400
- C:\Windows\System\KAkxwkl.exe
  C:\Windows\System\KAkxwkl.exe
  2⤵
  PID:7416
- C:\Windows\System\qMbMEbF.exe
  C:\Windows\System\qMbMEbF.exe
  2⤵
  PID:7432
- C:\Windows\System\LhxSPzd.exe
  C:\Windows\System\LhxSPzd.exe
  2⤵
  PID:7448
- C:\Windows\System\KaHVIQk.exe
  C:\Windows\System\KaHVIQk.exe
  2⤵
  PID:7464
- C:\Windows\System\OUFvbSR.exe
  C:\Windows\System\OUFvbSR.exe
  2⤵
  PID:7480
- C:\Windows\System\dEBXadO.exe
  C:\Windows\System\dEBXadO.exe
  2⤵
  PID:7496
- C:\Windows\System\lGBwvdR.exe
  C:\Windows\System\lGBwvdR.exe
  2⤵
  PID:7512
- C:\Windows\System\SRorJmL.exe
  C:\Windows\System\SRorJmL.exe
  2⤵
  PID:7528
- C:\Windows\System\JpeKwPF.exe
  C:\Windows\System\JpeKwPF.exe
  2⤵
  PID:7544
- C:\Windows\System\ZQZJSMv.exe
  C:\Windows\System\ZQZJSMv.exe
  2⤵
  PID:7560
- C:\Windows\System\xhEApxr.exe
  C:\Windows\System\xhEApxr.exe
  2⤵
  PID:7576
- C:\Windows\System\vVvKDFa.exe
  C:\Windows\System\vVvKDFa.exe
  2⤵
  PID:7592
- C:\Windows\System\USJJoyC.exe
  C:\Windows\System\USJJoyC.exe
  2⤵
  PID:7608
- C:\Windows\System\HLLdqRF.exe
  C:\Windows\System\HLLdqRF.exe
  2⤵
  PID:7624
- C:\Windows\System\AesHiMt.exe
  C:\Windows\System\AesHiMt.exe
  2⤵
  PID:7640
- C:\Windows\System\fCJnbjP.exe
  C:\Windows\System\fCJnbjP.exe
  2⤵
  PID:7656
- C:\Windows\System\WQBFmGd.exe
  C:\Windows\System\WQBFmGd.exe
  2⤵
  PID:7672
- C:\Windows\System\cjxzRBA.exe
  C:\Windows\System\cjxzRBA.exe
  2⤵
  PID:7688
- C:\Windows\System\tLZOtVJ.exe
  C:\Windows\System\tLZOtVJ.exe
  2⤵
  PID:7704
- C:\Windows\System\afJvmFR.exe
  C:\Windows\System\afJvmFR.exe
  2⤵
  PID:7720
- C:\Windows\System\ydhVlgZ.exe
  C:\Windows\System\ydhVlgZ.exe
  2⤵
  PID:7736
- C:\Windows\System\VwMYTxb.exe
  C:\Windows\System\VwMYTxb.exe
  2⤵
  PID:7752
- C:\Windows\System\TVVZMNA.exe
  C:\Windows\System\TVVZMNA.exe
  2⤵
  PID:7768
- C:\Windows\System\mxXKEEG.exe
  C:\Windows\System\mxXKEEG.exe
  2⤵
  PID:7784
- C:\Windows\System\RQBXriU.exe
  C:\Windows\System\RQBXriU.exe
  2⤵
  PID:7804
- C:\Windows\System\euyIMyZ.exe
  C:\Windows\System\euyIMyZ.exe
  2⤵
  PID:7820
- C:\Windows\System\UCDVEqU.exe
  C:\Windows\System\UCDVEqU.exe
  2⤵
  PID:7836
- C:\Windows\System\PiyQJfc.exe
  C:\Windows\System\PiyQJfc.exe
  2⤵
  PID:7852
- C:\Windows\System\TncRTSX.exe
  C:\Windows\System\TncRTSX.exe
  2⤵
  PID:7872
- C:\Windows\System\pDrcxZa.exe
  C:\Windows\System\pDrcxZa.exe
  2⤵
  PID:7888
- C:\Windows\System\PoQteoq.exe
  C:\Windows\System\PoQteoq.exe
  2⤵
  PID:7904
- C:\Windows\System\QxYhpks.exe
  C:\Windows\System\QxYhpks.exe
  2⤵
  PID:7920
- C:\Windows\System\gLYQexT.exe
  C:\Windows\System\gLYQexT.exe
  2⤵
  PID:7936
- C:\Windows\System\kXCTpoc.exe
  C:\Windows\System\kXCTpoc.exe
  2⤵
  PID:7952
- C:\Windows\System\zvwyUvB.exe
  C:\Windows\System\zvwyUvB.exe
  2⤵
  PID:7972
- C:\Windows\System\RgywtaH.exe
  C:\Windows\System\RgywtaH.exe
  2⤵
  PID:7992
- C:\Windows\System\OFVsqKX.exe
  C:\Windows\System\OFVsqKX.exe
  2⤵
  PID:8008
- C:\Windows\System\nsxWENs.exe
  C:\Windows\System\nsxWENs.exe
  2⤵
  PID:8024
- C:\Windows\System\YvOBRlh.exe
  C:\Windows\System\YvOBRlh.exe
  2⤵
  PID:8040
- C:\Windows\System\wqWEQaZ.exe
  C:\Windows\System\wqWEQaZ.exe
  2⤵
  PID:8056
- C:\Windows\System\pOxgtrI.exe
  C:\Windows\System\pOxgtrI.exe
  2⤵
  PID:8076
- C:\Windows\System\suMjlkC.exe
  C:\Windows\System\suMjlkC.exe
  2⤵
  PID:8092
- C:\Windows\System\UhCjLaz.exe
  C:\Windows\System\UhCjLaz.exe
  2⤵
  PID:8108
- C:\Windows\System\ndmCzoG.exe
  C:\Windows\System\ndmCzoG.exe
  2⤵
  PID:8124
- C:\Windows\System\LwyzuRB.exe
  C:\Windows\System\LwyzuRB.exe
  2⤵
  PID:8140
- C:\Windows\System\DSPVPyu.exe
  C:\Windows\System\DSPVPyu.exe
  2⤵
  PID:8156
- C:\Windows\System\zbDBrYI.exe
  C:\Windows\System\zbDBrYI.exe
  2⤵
  PID:8172
- C:\Windows\System\PCkYNSg.exe
  C:\Windows\System\PCkYNSg.exe
  2⤵
  PID:8188
- C:\Windows\System\Whztsrq.exe
  C:\Windows\System\Whztsrq.exe
  2⤵
  PID:7188
- C:\Windows\System\RcJcCyA.exe
  C:\Windows\System\RcJcCyA.exe
  2⤵
  PID:7252
- C:\Windows\System\lllsRhq.exe
  C:\Windows\System\lllsRhq.exe
  2⤵
  PID:6940
- C:\Windows\System\vSlzTNV.exe
  C:\Windows\System\vSlzTNV.exe
  2⤵
  PID:7236
- C:\Windows\System\QoJXlaX.exe
  C:\Windows\System\QoJXlaX.exe
  2⤵
  PID:7200
- C:\Windows\System\MTQpDuG.exe
  C:\Windows\System\MTQpDuG.exe
  2⤵
  PID:7316
- C:\Windows\System\QlPoKNt.exe
  C:\Windows\System\QlPoKNt.exe
  2⤵
  PID:7376
- C:\Windows\System\jkMfjGP.exe
  C:\Windows\System\jkMfjGP.exe
  2⤵
  PID:7332
- C:\Windows\System\JxYsqQA.exe
  C:\Windows\System\JxYsqQA.exe
  2⤵
  PID:7412
- C:\Windows\System\TmjcFVO.exe
  C:\Windows\System\TmjcFVO.exe
  2⤵
  PID:7444
- C:\Windows\System\MJSVsPO.exe
  C:\Windows\System\MJSVsPO.exe
  2⤵
  PID:7508
- C:\Windows\System\SBeDmuO.exe
  C:\Windows\System\SBeDmuO.exe
  2⤵
  PID:7540
- C:\Windows\System\ofVqBRn.exe
  C:\Windows\System\ofVqBRn.exe
  2⤵
  PID:7584
- C:\Windows\System\GALfdwH.exe
  C:\Windows\System\GALfdwH.exe
  2⤵
  PID:7636
- C:\Windows\System\CFuuucT.exe
  C:\Windows\System\CFuuucT.exe
  2⤵
  PID:7524
- C:\Windows\System\QTcHyeD.exe
  C:\Windows\System\QTcHyeD.exe
  2⤵
  PID:7664
- C:\Windows\System\lMEHMci.exe
  C:\Windows\System\lMEHMci.exe
  2⤵
  PID:7696
- C:\Windows\System\FNFOEwv.exe
  C:\Windows\System\FNFOEwv.exe
  2⤵
  PID:7680
- C:\Windows\System\spOOKdH.exe
  C:\Windows\System\spOOKdH.exe
  2⤵
  PID:7732
- C:\Windows\System\eqzFktW.exe
  C:\Windows\System\eqzFktW.exe
  2⤵
  PID:7748
- C:\Windows\System\JoNuhpd.exe
  C:\Windows\System\JoNuhpd.exe
  2⤵
  PID:7792
- C:\Windows\System\saOJqmg.exe
  C:\Windows\System\saOJqmg.exe
  2⤵
  PID:7816
- C:\Windows\System\wLdrgyc.exe
  C:\Windows\System\wLdrgyc.exe
  2⤵
  PID:7844
- C:\Windows\System\DoWGcIG.exe
  C:\Windows\System\DoWGcIG.exe
  2⤵
  PID:7928
- C:\Windows\System\gvTbJbM.exe
  C:\Windows\System\gvTbJbM.exe
  2⤵
  PID:7912
- C:\Windows\System\EkecDJB.exe
  C:\Windows\System\EkecDJB.exe
  2⤵
  PID:8004
- C:\Windows\System\GSfgjsj.exe
  C:\Windows\System\GSfgjsj.exe
  2⤵
  PID:7880
- C:\Windows\System\eShFfCr.exe
  C:\Windows\System\eShFfCr.exe
  2⤵
  PID:8068
- C:\Windows\System\OeLeXyx.exe
  C:\Windows\System\OeLeXyx.exe
  2⤵
  PID:8132
- C:\Windows\System\mLCecja.exe
  C:\Windows\System\mLCecja.exe
  2⤵
  PID:8120
- C:\Windows\System\fopPadt.exe
  C:\Windows\System\fopPadt.exe
  2⤵
  PID:8020
- C:\Windows\System\FyGEJMN.exe
  C:\Windows\System\FyGEJMN.exe
  2⤵
  PID:8164
- C:\Windows\System\zKIZBHS.exe
  C:\Windows\System\zKIZBHS.exe
  2⤵
  PID:6180
- C:\Windows\System\precfUO.exe
  C:\Windows\System\precfUO.exe
  2⤵
  PID:8180
- C:\Windows\System\MlVUYDf.exe
  C:\Windows\System\MlVUYDf.exe
  2⤵
  PID:7268
- C:\Windows\System\MCZLFIT.exe
  C:\Windows\System\MCZLFIT.exe
  2⤵
  PID:7328
- C:\Windows\System\EZAMDxp.exe
  C:\Windows\System\EZAMDxp.exe
  2⤵
  PID:7572
- C:\Windows\System\bjEgxvV.exe
  C:\Windows\System\bjEgxvV.exe
  2⤵
  PID:7492
- C:\Windows\System\AoJzYHK.exe
  C:\Windows\System\AoJzYHK.exe
  2⤵
  PID:7712
- C:\Windows\System\axgfOed.exe
  C:\Windows\System\axgfOed.exe
  2⤵
  PID:7860
- C:\Windows\System\lStZmtO.exe
  C:\Windows\System\lStZmtO.exe
  2⤵
  PID:7392
- C:\Windows\System\lwxhGQZ.exe
  C:\Windows\System\lwxhGQZ.exe
  2⤵
  PID:7600
- C:\Windows\System\AiWQNaV.exe
  C:\Windows\System\AiWQNaV.exe
  2⤵
  PID:7556
- C:\Windows\System\ZvZVFOv.exe
  C:\Windows\System\ZvZVFOv.exe
  2⤵
  PID:7764
- C:\Windows\System\mCVFYci.exe
  C:\Windows\System\mCVFYci.exe
  2⤵
  PID:7896
- C:\Windows\System\qsNulhy.exe
  C:\Windows\System\qsNulhy.exe
  2⤵
  PID:7968
- C:\Windows\System\xvVZtbS.exe
  C:\Windows\System\xvVZtbS.exe
  2⤵
  PID:7984
- C:\Windows\System\dMZZjKv.exe
  C:\Windows\System\dMZZjKv.exe
  2⤵
  PID:8036
- C:\Windows\System\avIYqga.exe
  C:\Windows\System\avIYqga.exe
  2⤵
  PID:8048
- C:\Windows\System\hwgpaHX.exe
  C:\Windows\System\hwgpaHX.exe
  2⤵
  PID:7364
- C:\Windows\System\rURnvKA.exe
  C:\Windows\System\rURnvKA.exe
  2⤵
  PID:7588
- C:\Windows\System\JeoZpKE.exe
  C:\Windows\System\JeoZpKE.exe
  2⤵
  PID:7232
- C:\Windows\System\MbGdsLZ.exe
  C:\Windows\System\MbGdsLZ.exe
  2⤵
  PID:7960
- C:\Windows\System\JmzaDYE.exe
  C:\Windows\System\JmzaDYE.exe
  2⤵
  PID:7460
- C:\Windows\System\cIiotYh.exe
  C:\Windows\System\cIiotYh.exe
  2⤵
  PID:7300
- C:\Windows\System\MyEZuWp.exe
  C:\Windows\System\MyEZuWp.exe
  2⤵
  PID:8116
- C:\Windows\System\cKlPcPv.exe
  C:\Windows\System\cKlPcPv.exe
  2⤵
  PID:8104
- C:\Windows\System\ekjVuMz.exe
  C:\Windows\System\ekjVuMz.exe
  2⤵
  PID:7424
- C:\Windows\System\iFwbWCX.exe
  C:\Windows\System\iFwbWCX.exe
  2⤵
  PID:7504
- C:\Windows\System\TuNdypY.exe
  C:\Windows\System\TuNdypY.exe
  2⤵
  PID:8016
- C:\Windows\System\qwAhzeR.exe
  C:\Windows\System\qwAhzeR.exe
  2⤵
  PID:7456
- C:\Windows\System\LuRevfn.exe
  C:\Windows\System\LuRevfn.exe
  2⤵
  PID:6892
- C:\Windows\System\hozjboj.exe
  C:\Windows\System\hozjboj.exe
  2⤵
  PID:7428
- C:\Windows\System\KlwFcPu.exe
  C:\Windows\System\KlwFcPu.exe
  2⤵
  PID:8084
- C:\Windows\System\pbbaChw.exe
  C:\Windows\System\pbbaChw.exe
  2⤵
  PID:8088
- C:\Windows\System\rttqyOy.exe
  C:\Windows\System\rttqyOy.exe
  2⤵
  PID:8204
- C:\Windows\System\uwFLGtl.exe
  C:\Windows\System\uwFLGtl.exe
  2⤵
  PID:8220
- C:\Windows\System\dQqharP.exe
  C:\Windows\System\dQqharP.exe
  2⤵
  PID:8272
- C:\Windows\System\JxyVCyS.exe
  C:\Windows\System\JxyVCyS.exe
  2⤵
  PID:8376
- C:\Windows\System\nPVThOy.exe
  C:\Windows\System\nPVThOy.exe
  2⤵
  PID:8464
- C:\Windows\System\SkuDAFs.exe
  C:\Windows\System\SkuDAFs.exe
  2⤵
  PID:8488
- C:\Windows\System\plhuYzH.exe
  C:\Windows\System\plhuYzH.exe
  2⤵
  PID:8504
- C:\Windows\System\ROnFDjK.exe
  C:\Windows\System\ROnFDjK.exe
  2⤵
  PID:8520
- C:\Windows\System\GmsQHSF.exe
  C:\Windows\System\GmsQHSF.exe
  2⤵
  PID:8536
- C:\Windows\System\tHjEjzH.exe
  C:\Windows\System\tHjEjzH.exe
  2⤵
  PID:8552
- C:\Windows\System\lTOokbK.exe
  C:\Windows\System\lTOokbK.exe
  2⤵
  PID:8568
- C:\Windows\System\cmfLRra.exe
  C:\Windows\System\cmfLRra.exe
  2⤵
  PID:8588
- C:\Windows\System\DYgNWBj.exe
  C:\Windows\System\DYgNWBj.exe
  2⤵
  PID:8604
- C:\Windows\System\HaVxhSL.exe
  C:\Windows\System\HaVxhSL.exe
  2⤵
  PID:8620
- C:\Windows\System\ickmxYq.exe
  C:\Windows\System\ickmxYq.exe
  2⤵
  PID:8636
- C:\Windows\System\ValknNu.exe
  C:\Windows\System\ValknNu.exe
  2⤵
  PID:8656
- C:\Windows\System\PzaBgHv.exe
  C:\Windows\System\PzaBgHv.exe
  2⤵
  PID:8672
- C:\Windows\System\uEQQZrk.exe
  C:\Windows\System\uEQQZrk.exe
  2⤵
  PID:8688
- C:\Windows\System\tZDZEEi.exe
  C:\Windows\System\tZDZEEi.exe
  2⤵
  PID:8704
- C:\Windows\System\LsYSnlu.exe
  C:\Windows\System\LsYSnlu.exe
  2⤵
  PID:8720
- C:\Windows\System\AxgmMnd.exe
  C:\Windows\System\AxgmMnd.exe
  2⤵
  PID:8736
- C:\Windows\System\NQJwSdU.exe
  C:\Windows\System\NQJwSdU.exe
  2⤵
  PID:8752
- C:\Windows\System\KhVpGTk.exe
  C:\Windows\System\KhVpGTk.exe
  2⤵
  PID:8768
- C:\Windows\System\nryKSPq.exe
  C:\Windows\System\nryKSPq.exe
  2⤵
  PID:8784
- C:\Windows\System\NgbQYAg.exe
  C:\Windows\System\NgbQYAg.exe
  2⤵
  PID:8800
- C:\Windows\System\gewPvgL.exe
  C:\Windows\System\gewPvgL.exe
  2⤵
  PID:8816
- C:\Windows\System\aPwenEi.exe
  C:\Windows\System\aPwenEi.exe
  2⤵
  PID:8832
- C:\Windows\System\erxQKoK.exe
  C:\Windows\System\erxQKoK.exe
  2⤵
  PID:8852
- C:\Windows\System\ieTjAUb.exe
  C:\Windows\System\ieTjAUb.exe
  2⤵
  PID:8868
- C:\Windows\System\loPTjIz.exe
  C:\Windows\System\loPTjIz.exe
  2⤵
  PID:8884
- C:\Windows\System\UdJMOZf.exe
  C:\Windows\System\UdJMOZf.exe
  2⤵
  PID:8900
- C:\Windows\System\NRtUWvW.exe
  C:\Windows\System\NRtUWvW.exe
  2⤵
  PID:8916
- C:\Windows\System\RoCvhBp.exe
  C:\Windows\System\RoCvhBp.exe
  2⤵
  PID:8936
- C:\Windows\System\INmQNUA.exe
  C:\Windows\System\INmQNUA.exe
  2⤵
  PID:8952
- C:\Windows\System\iiBYIeL.exe
  C:\Windows\System\iiBYIeL.exe
  2⤵
  PID:8968
- C:\Windows\System\wRrRsQL.exe
  C:\Windows\System\wRrRsQL.exe
  2⤵
  PID:8984
- C:\Windows\System\JAZXSMK.exe
  C:\Windows\System\JAZXSMK.exe
  2⤵
  PID:9000
- C:\Windows\System\KAUajgm.exe
  C:\Windows\System\KAUajgm.exe
  2⤵
  PID:9016
- C:\Windows\System\fIbEOpb.exe
  C:\Windows\System\fIbEOpb.exe
  2⤵
  PID:9032
- C:\Windows\System\tWTZQcg.exe
  C:\Windows\System\tWTZQcg.exe
  2⤵
  PID:9048
- C:\Windows\System\nWgMdwr.exe
  C:\Windows\System\nWgMdwr.exe
  2⤵
  PID:9064
- C:\Windows\System\xMnnxvO.exe
  C:\Windows\System\xMnnxvO.exe
  2⤵
  PID:9080
- C:\Windows\System\WityFUj.exe
  C:\Windows\System\WityFUj.exe
  2⤵
  PID:9096
- C:\Windows\System\IVKDyXC.exe
  C:\Windows\System\IVKDyXC.exe
  2⤵
  PID:9112
- C:\Windows\System\UENrjyd.exe
  C:\Windows\System\UENrjyd.exe
  2⤵
  PID:9128
- C:\Windows\System\SOTKFEZ.exe
  C:\Windows\System\SOTKFEZ.exe
  2⤵
  PID:9144
- C:\Windows\System\wRQsXZC.exe
  C:\Windows\System\wRQsXZC.exe
  2⤵
  PID:9160
- C:\Windows\System\MmaDjDc.exe
  C:\Windows\System\MmaDjDc.exe
  2⤵
  PID:9180
- C:\Windows\System\IxtFVfb.exe
  C:\Windows\System\IxtFVfb.exe
  2⤵
  PID:9196
- C:\Windows\System\vMEvIWb.exe
  C:\Windows\System\vMEvIWb.exe
  2⤵
  PID:9212
- C:\Windows\System\XnhQRkz.exe
  C:\Windows\System\XnhQRkz.exe
  2⤵
  PID:8216
- C:\Windows\System\RtWczDl.exe
  C:\Windows\System\RtWczDl.exe
  2⤵
  PID:8200
- C:\Windows\System\PTWBATr.exe
  C:\Windows\System\PTWBATr.exe
  2⤵
  PID:8268
- C:\Windows\System\PdqVFku.exe
  C:\Windows\System\PdqVFku.exe
  2⤵
  PID:8256
- C:\Windows\System\AMcNfLJ.exe
  C:\Windows\System\AMcNfLJ.exe
  2⤵
  PID:8284
- C:\Windows\System\nRrKyjS.exe
  C:\Windows\System\nRrKyjS.exe
  2⤵
  PID:8300
- C:\Windows\System\OTWXUmF.exe
  C:\Windows\System\OTWXUmF.exe
  2⤵
  PID:8316
- C:\Windows\System\MIHaXtf.exe
  C:\Windows\System\MIHaXtf.exe
  2⤵
  PID:8332
- C:\Windows\System\lQbKUdc.exe
  C:\Windows\System\lQbKUdc.exe
  2⤵
  PID:8348
- C:\Windows\System\kpaMNtj.exe
  C:\Windows\System\kpaMNtj.exe
  2⤵
  PID:756
- C:\Windows\System\UQdKlBT.exe
  C:\Windows\System\UQdKlBT.exe
  2⤵
  PID:8396
- C:\Windows\System\aOGTMaP.exe
  C:\Windows\System\aOGTMaP.exe
  2⤵
  PID:8408
- C:\Windows\System\ZmthWsU.exe
  C:\Windows\System\ZmthWsU.exe
  2⤵
  PID:8420
- C:\Windows\System\ZXcTLMf.exe
  C:\Windows\System\ZXcTLMf.exe
  2⤵
  PID:8436
- C:\Windows\System\EBWFSIC.exe
  C:\Windows\System\EBWFSIC.exe
  2⤵
  PID:8452
- C:\Windows\System\VxEZGtM.exe
  C:\Windows\System\VxEZGtM.exe
  2⤵
  PID:8460
- C:\Windows\System\elcAmcu.exe
  C:\Windows\System\elcAmcu.exe
  2⤵
  PID:8516
- C:\Windows\System\YvzYFMv.exe
  C:\Windows\System\YvzYFMv.exe
  2⤵
  PID:8580
- C:\Windows\System\oGfnhdV.exe
  C:\Windows\System\oGfnhdV.exe
  2⤵
  PID:8564
- C:\Windows\System\OMpPGjF.exe
  C:\Windows\System\OMpPGjF.exe
  2⤵
  PID:8628
- C:\Windows\System\MtEAAzj.exe
  C:\Windows\System\MtEAAzj.exe
  2⤵
  PID:8616
- C:\Windows\System\JinlKej.exe
  C:\Windows\System\JinlKej.exe
  2⤵
  PID:8680
- C:\Windows\System\jrNNOtO.exe
  C:\Windows\System\jrNNOtO.exe
  2⤵
  PID:8744
- C:\Windows\System\esvposv.exe
  C:\Windows\System\esvposv.exe
  2⤵
  PID:8732
- C:\Windows\System\PedGbuD.exe
  C:\Windows\System\PedGbuD.exe
  2⤵
  PID:8664
- C:\Windows\System\nJzdtUX.exe
  C:\Windows\System\nJzdtUX.exe
  2⤵
  PID:8808
- C:\Windows\System\ZDyhClC.exe
  C:\Windows\System\ZDyhClC.exe
  2⤵
  PID:8796
- C:\Windows\System\PQoQRCQ.exe
  C:\Windows\System\PQoQRCQ.exe
  2⤵
  PID:8848
- C:\Windows\System\pcVNTjc.exe
  C:\Windows\System\pcVNTjc.exe
  2⤵
  PID:8860
- C:\Windows\System\BeXtkSy.exe
  C:\Windows\System\BeXtkSy.exe
  2⤵
  PID:8976
- C:\Windows\System\EIcdFFc.exe
  C:\Windows\System\EIcdFFc.exe
  2⤵
  PID:8864
- C:\Windows\System\tZXmqBB.exe
  C:\Windows\System\tZXmqBB.exe
  2⤵
  PID:8964
- C:\Windows\System\WMmHlqj.exe
  C:\Windows\System\WMmHlqj.exe
  2⤵
  PID:8896
- C:\Windows\System\HAOjbwh.exe
  C:\Windows\System\HAOjbwh.exe
  2⤵
  PID:9012
- C:\Windows\System\RrwCRRm.exe
  C:\Windows\System\RrwCRRm.exe
  2⤵
  PID:9104
- C:\Windows\System\tBddMLy.exe
  C:\Windows\System\tBddMLy.exe
  2⤵
  PID:9168
- C:\Windows\System\IUhyuVp.exe
  C:\Windows\System\IUhyuVp.exe
  2⤵
  PID:9204
- C:\Windows\System\OZLNcfh.exe
  C:\Windows\System\OZLNcfh.exe
  2⤵
  PID:9092
- C:\Windows\System\lowdWaS.exe
  C:\Windows\System\lowdWaS.exe
  2⤵
  PID:9188
- C:\Windows\System\qbiiuzy.exe
  C:\Windows\System\qbiiuzy.exe
  2⤵
  PID:8244
- C:\Windows\System\OQKDcoq.exe
  C:\Windows\System\OQKDcoq.exe
  2⤵
  PID:8100
- C:\Windows\System\YvvsbkQ.exe
  C:\Windows\System\YvvsbkQ.exe
  2⤵
  PID:8280
- C:\Windows\System\bPeSgmb.exe
  C:\Windows\System\bPeSgmb.exe
  2⤵
  PID:8212
- C:\Windows\System\ZjkxkVz.exe
  C:\Windows\System\ZjkxkVz.exe
  2⤵
  PID:8328
- C:\Windows\System\IllrVjI.exe
  C:\Windows\System\IllrVjI.exe
  2⤵
  PID:8484
- C:\Windows\System\vaHSCMa.exe
  C:\Windows\System\vaHSCMa.exe
  2⤵
  PID:8424
- C:\Windows\System\fQaSQEx.exe
  C:\Windows\System\fQaSQEx.exe
  2⤵
  PID:8432
- C:\Windows\System\xEBMUqM.exe
  C:\Windows\System\xEBMUqM.exe
  2⤵
  PID:8548
- C:\Windows\System\uFYmYil.exe
  C:\Windows\System\uFYmYil.exe
  2⤵
  PID:8560
- C:\Windows\System\nphOXZm.exe
  C:\Windows\System\nphOXZm.exe
  2⤵
  PID:8648
- C:\Windows\System\wokBdpP.exe
  C:\Windows\System\wokBdpP.exe
  2⤵
  PID:8780
- C:\Windows\System\EkGbUPo.exe
  C:\Windows\System\EkGbUPo.exe
  2⤵
  PID:8880
- C:\Windows\System\EkbLdXY.exe
  C:\Windows\System\EkbLdXY.exe
  2⤵
  PID:8712
- C:\Windows\System\iRigNPt.exe
  C:\Windows\System\iRigNPt.exe
  2⤵
  PID:8892
- C:\Windows\System\LobTsOr.exe
  C:\Windows\System\LobTsOr.exe
  2⤵
  PID:9040
- C:\Windows\System\fIJQMXW.exe
  C:\Windows\System\fIJQMXW.exe
  2⤵
  PID:9120
- C:\Windows\System\VszZiwB.exe
  C:\Windows\System\VszZiwB.exe
  2⤵
  PID:9156
- C:\Windows\System\gknuAxU.exe
  C:\Windows\System\gknuAxU.exe
  2⤵
  PID:8928
- C:\Windows\System\iNibgfA.exe
  C:\Windows\System\iNibgfA.exe
  2⤵
  PID:9076
- C:\Windows\System\xynghok.exe
  C:\Windows\System\xynghok.exe
  2⤵
  PID:8264
- C:\Windows\System\mIcmuvA.exe
  C:\Windows\System\mIcmuvA.exe
  2⤵
  PID:8356
- C:\Windows\System\aTBRUSy.exe
  C:\Windows\System\aTBRUSy.exe
  2⤵
  PID:8500
- C:\Windows\System\CzeWARJ.exe
  C:\Windows\System\CzeWARJ.exe
  2⤵
  PID:8392
- C:\Windows\System\kKIqkSB.exe
  C:\Windows\System\kKIqkSB.exe
  2⤵
  PID:8440
- C:\Windows\System\rkSZyFf.exe
  C:\Windows\System\rkSZyFf.exe
  2⤵
  PID:8696
- C:\Windows\System\RbPcfEL.exe
  C:\Windows\System\RbPcfEL.exe
  2⤵
  PID:8948
- C:\Windows\System\iOemQjq.exe
  C:\Windows\System\iOemQjq.exe
  2⤵
  PID:8296
- C:\Windows\System\gCerlDl.exe
  C:\Windows\System\gCerlDl.exe
  2⤵
  PID:8368
- C:\Windows\System\KcVUXvd.exe
  C:\Windows\System\KcVUXvd.exe
  2⤵
  PID:8996
- C:\Windows\System\DCaNCPc.exe
  C:\Windows\System\DCaNCPc.exe
  2⤵
  PID:9060
- C:\Windows\System\pRpvqrZ.exe
  C:\Windows\System\pRpvqrZ.exe
  2⤵
  PID:8776
- C:\Windows\System\bkkAXNm.exe
  C:\Windows\System\bkkAXNm.exe
  2⤵
  PID:8944
- C:\Windows\System\WdRQwuN.exe
  C:\Windows\System\WdRQwuN.exe
  2⤵
  PID:9072
- C:\Windows\System\whYAXaO.exe
  C:\Windows\System\whYAXaO.exe
  2⤵
  PID:8668
- C:\Windows\System\RYTBZLv.exe
  C:\Windows\System\RYTBZLv.exe
  2⤵
  PID:9232
- C:\Windows\System\WvULyay.exe
  C:\Windows\System\WvULyay.exe
  2⤵
  PID:9248
- C:\Windows\System\NWAojKN.exe
  C:\Windows\System\NWAojKN.exe
  2⤵
  PID:9264
- C:\Windows\System\yiLPSDM.exe
  C:\Windows\System\yiLPSDM.exe
  2⤵
  PID:9280
- C:\Windows\System\gmxxXcz.exe
  C:\Windows\System\gmxxXcz.exe
  2⤵
  PID:9296
- C:\Windows\System\Elfipxu.exe
  C:\Windows\System\Elfipxu.exe
  2⤵
  PID:9324
- C:\Windows\System\pmFUafK.exe
  C:\Windows\System\pmFUafK.exe
  2⤵
  PID:9376
- C:\Windows\System\Xynvbsd.exe
  C:\Windows\System\Xynvbsd.exe
  2⤵
  PID:9396
- C:\Windows\System\tWDDvZk.exe
  C:\Windows\System\tWDDvZk.exe
  2⤵
  PID:9424
- C:\Windows\System\NgTIlTr.exe
  C:\Windows\System\NgTIlTr.exe
  2⤵
  PID:9448
- C:\Windows\System\jCZdGgj.exe
  C:\Windows\System\jCZdGgj.exe
  2⤵
  PID:9464
- C:\Windows\System\OTtnUOY.exe
  C:\Windows\System\OTtnUOY.exe
  2⤵
  PID:9496
- C:\Windows\System\HPKPmWV.exe
  C:\Windows\System\HPKPmWV.exe
  2⤵
  PID:9524
- C:\Windows\System\wLMyQNT.exe
  C:\Windows\System\wLMyQNT.exe
  2⤵
  PID:9540
- C:\Windows\System\fAQKrXl.exe
  C:\Windows\System\fAQKrXl.exe
  2⤵
  PID:9564
- C:\Windows\System\RVYdRGu.exe
  C:\Windows\System\RVYdRGu.exe
  2⤵
  PID:9624
- C:\Windows\System\rzqZUqd.exe
  C:\Windows\System\rzqZUqd.exe
  2⤵
  PID:9876
- C:\Windows\System\ShjhypL.exe
  C:\Windows\System\ShjhypL.exe
  2⤵
  PID:9972
- C:\Windows\System\QGUHvJW.exe
  C:\Windows\System\QGUHvJW.exe
  2⤵
  PID:10000
- C:\Windows\System\mgcAgne.exe
  C:\Windows\System\mgcAgne.exe
  2⤵
  PID:10032
- C:\Windows\System\zyoPeIf.exe
  C:\Windows\System\zyoPeIf.exe
  2⤵
  PID:10060
- C:\Windows\System\IEgDBPF.exe
  C:\Windows\System\IEgDBPF.exe
  2⤵
  PID:10096
- C:\Windows\System\aoROqZW.exe
  C:\Windows\System\aoROqZW.exe
  2⤵
  PID:10112
- C:\Windows\System\CEQJDAa.exe
  C:\Windows\System\CEQJDAa.exe
  2⤵
  PID:10128
- C:\Windows\System\WXFCYaD.exe
  C:\Windows\System\WXFCYaD.exe
  2⤵
  PID:10188
- C:\Windows\System\nOcorXa.exe
  C:\Windows\System\nOcorXa.exe
  2⤵
  PID:9272
- C:\Windows\System\clfjFEv.exe
  C:\Windows\System\clfjFEv.exe
  2⤵
  PID:9224
- C:\Windows\System\ipNymLW.exe
  C:\Windows\System\ipNymLW.exe
  2⤵
  PID:9336
- C:\Windows\System\PtZctlU.exe
  C:\Windows\System\PtZctlU.exe
  2⤵
  PID:9356
- C:\Windows\System\pLpjrzV.exe
  C:\Windows\System\pLpjrzV.exe
  2⤵
  PID:9372
- C:\Windows\System\MxjeOzw.exe
  C:\Windows\System\MxjeOzw.exe
  2⤵
  PID:9408
- C:\Windows\System\GLIArSg.exe
  C:\Windows\System\GLIArSg.exe
  2⤵
  PID:9472
- C:\Windows\System\NmmBZIn.exe
  C:\Windows\System\NmmBZIn.exe
  2⤵
  PID:9488
- C:\Windows\System\QasYKIM.exe
  C:\Windows\System\QasYKIM.exe
  2⤵
  PID:9680
- C:\Windows\System\IguqTkx.exe
  C:\Windows\System\IguqTkx.exe
  2⤵
  PID:9728
- C:\Windows\System\muyccFG.exe
  C:\Windows\System\muyccFG.exe
  2⤵
  PID:9760
- C:\Windows\System\gRGbAVo.exe
  C:\Windows\System\gRGbAVo.exe
  2⤵
  PID:9800
- C:\Windows\System\almjiYt.exe
  C:\Windows\System\almjiYt.exe
  2⤵
  PID:9856
- C:\Windows\System\oJXJwUZ.exe
  C:\Windows\System\oJXJwUZ.exe
  2⤵
  PID:9860
- C:\Windows\System\oZboOUf.exe
  C:\Windows\System\oZboOUf.exe
  2⤵
  PID:9824
- C:\Windows\System\PJFenro.exe
  C:\Windows\System\PJFenro.exe
  2⤵
  PID:9984
- C:\Windows\System\ckpVlpv.exe
  C:\Windows\System\ckpVlpv.exe
  2⤵
  PID:9912
- C:\Windows\System\NXUibeO.exe
  C:\Windows\System\NXUibeO.exe
  2⤵
  PID:9932
- C:\Windows\System\rBWTIqC.exe
  C:\Windows\System\rBWTIqC.exe
  2⤵
  PID:9960
- C:\Windows\System\CrBgIqM.exe
  C:\Windows\System\CrBgIqM.exe
  2⤵
  PID:10080
- C:\Windows\System\xexAhkO.exe
  C:\Windows\System\xexAhkO.exe
  2⤵
  PID:10164
- C:\Windows\System\ueupcSc.exe
  C:\Windows\System\ueupcSc.exe
  2⤵
  PID:10204
- C:\Windows\System\PYTunIL.exe
  C:\Windows\System\PYTunIL.exe
  2⤵
  PID:10228
- C:\Windows\System\wVcfYgL.exe
  C:\Windows\System\wVcfYgL.exe
  2⤵
  PID:9404
- C:\Windows\System\ylcjqWW.exe
  C:\Windows\System\ylcjqWW.exe
  2⤵
  PID:9504
- C:\Windows\System\eJOrkxy.exe
  C:\Windows\System\eJOrkxy.exe
  2⤵
  PID:9520
- C:\Windows\System\ZOPyHFT.exe
  C:\Windows\System\ZOPyHFT.exe
  2⤵
  PID:9764
- C:\Windows\System\rRSInKV.exe
  C:\Windows\System\rRSInKV.exe
  2⤵
  PID:9836
- C:\Windows\System\FrGdrSv.exe
  C:\Windows\System\FrGdrSv.exe
  2⤵
  PID:9916
- C:\Windows\System\XmvmAvB.exe
  C:\Windows\System\XmvmAvB.exe
  2⤵
  PID:9948
- C:\Windows\System\rxbsvQi.exe
  C:\Windows\System\rxbsvQi.exe
  2⤵
  PID:10008
- C:\Windows\System\xbIPrbM.exe
  C:\Windows\System\xbIPrbM.exe
  2⤵
  PID:10056
- C:\Windows\System\ILFWHrt.exe
  C:\Windows\System\ILFWHrt.exe
  2⤵
  PID:10108
- C:\Windows\System\naQjlss.exe
  C:\Windows\System\naQjlss.exe
  2⤵
  PID:10148
- C:\Windows\System\gRcGlzx.exe
  C:\Windows\System\gRcGlzx.exe
  2⤵
  PID:10072
- C:\Windows\System\LLTwldT.exe
  C:\Windows\System\LLTwldT.exe
  2⤵
  PID:10076
- C:\Windows\System\mzOpCJx.exe
  C:\Windows\System\mzOpCJx.exe
  2⤵
  PID:10176
- C:\Windows\System\pyaUEiw.exe
  C:\Windows\System\pyaUEiw.exe
  2⤵
  PID:10220
- C:\Windows\System\etVNvFz.exe
  C:\Windows\System\etVNvFz.exe
  2⤵
  PID:9240
- C:\Windows\System\PiKLQxL.exe
  C:\Windows\System\PiKLQxL.exe
  2⤵
  PID:8476
- C:\Windows\System\AgntEQl.exe
  C:\Windows\System\AgntEQl.exe
  2⤵
  PID:9288
- C:\Windows\System\agEiqbC.exe
  C:\Windows\System\agEiqbC.exe
  2⤵
  PID:8584
- C:\Windows\System\PDcVIqa.exe
  C:\Windows\System\PDcVIqa.exe
  2⤵
  PID:9256
- C:\Windows\System\uqFjhau.exe
  C:\Windows\System\uqFjhau.exe
  2⤵
  PID:9420
- C:\Windows\System\fjxGvFo.exe
  C:\Windows\System\fjxGvFo.exe
  2⤵
  PID:8612
- C:\Windows\System\vQhyjcY.exe
  C:\Windows\System\vQhyjcY.exe
  2⤵
  PID:9576
- C:\Windows\System\zUHIXyB.exe
  C:\Windows\System\zUHIXyB.exe
  2⤵
  PID:9588
- C:\Windows\System\ihZiFge.exe
  C:\Windows\System\ihZiFge.exe
  2⤵
  PID:9604
- C:\Windows\System\KIRmglv.exe
  C:\Windows\System\KIRmglv.exe
  2⤵
  PID:9620
- C:\Windows\System\fmoZfNS.exe
  C:\Windows\System\fmoZfNS.exe
  2⤵
  PID:9656
- C:\Windows\System\gHdxkRl.exe
  C:\Windows\System\gHdxkRl.exe
  2⤵
  PID:9672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CEJNdmW.exe

Filesize
6.0MB

MD5
42f8ae38a5fcafb2162fc7ef15c6a1aa

SHA1
679e0d72be577d01d871a0b08ab0797c7ecf9012

SHA256
5750db18a174142f9a2ea681a69f0f4875c008b38300add5933ce0d79363a83e

SHA512
1bb82d5b4ea9377bf53d153b7dfade80206f72f590b50b4527f348f0462a7a7684e906e9958432aee2afd80165b4dd6fe6e886962fb1cd6af1d29e6275b95484

Download Submit
C:\Windows\system\CPOLcrd.exe

Filesize
6.0MB

MD5
c4d2f860cdc783e849209fa8943c5c80

SHA1
cb42b0f27485c171bd97befecfa94a531eef52a3

SHA256
c1e3f22a8031f09fd0d5d4348cef65b5eb6f21c2fe1c72dda2d88c3e331761bd

SHA512
c5d6fc76aab1c47fa61ac4f081a696c22a103754a6ad96850c8f1965fa3ca01f63dcec8c00082df0208e7a32427025a1823d83aad61ebbd09fe9ae5534c55ad8

Download Submit
C:\Windows\system\CRpDgEe.exe

Filesize
6.0MB

MD5
0132617aab4418149abace12f6700bc6

SHA1
e9c644d82b299738ce280248c154c01f0a5ac05f

SHA256
1565a4510d4875483232e5b1a10aa061d2984dd3ef49e41590639d6dd5004a61

SHA512
61ee7be7461b54ee00d41ffdd769c4b856feeb1a2fa726cce93d994db78600c61cfc2ad369ac55458f74d45835ed8bc8014b57f5502581e5ee50912218e4a8e5

Download Submit
C:\Windows\system\FPfupbz.exe

Filesize
6.0MB

MD5
3f6c59fe1821f4b78ecadde1dbff6057

SHA1
4c66d734bcdb31822f44f76a20080bbd554214c0

SHA256
ad93d374a04a46f52e2f296b0b82fe7732104438afe0ab8ee4f492c833c4a66f

SHA512
f76b595d58a218b5949dd492d829a947da7716023800195f4fc541acf6eccb10a142ef7227e23e10c2e7e539de87eec728072359d764229a8dfe2a2361f78950

Download Submit
C:\Windows\system\LdosxED.exe

Filesize
6.0MB

MD5
0115f201795c2c92726a265fe99cbd94

SHA1
6930a9125759905ecdf24c88c55558b31f2122af

SHA256
ea0aab142f9aad8f99bc57b6387fc956283793cb84d34bb693e0566f7b4af68f

SHA512
953bc5b226776e0e27215c62dd56eab0daaa1a0db2631964e46fe8b6f93569967021e2c7fbad1c12ff9d71614dcf4d6123d0232907f2464fe2d7b3fd2b0d7f09

Download Submit
C:\Windows\system\PLlUisd.exe

Filesize
6.0MB

MD5
78cf36b20439b40f1b7eae0f3bbf111a

SHA1
d741a17032090ffefca77c61ea436c027a89dc4d

SHA256
d88110cf13546de048d7d043df10078a9199da22208af69723bda3afb1f66752

SHA512
83382386c6636764b9f3f6a24bb3ec0e69205d808b6736108665bf33a55a33df6988aba386485be100ab8203432d1fa713a0513d4dbc3f332ef85bc6c5e759af

Download Submit
C:\Windows\system\VwYMhPy.exe

Filesize
6.0MB

MD5
c25409ab9e13b5bf2b1388b53be86860

SHA1
f0880ebe0e172ac287939850e1fdcf5459402021

SHA256
84b3e876c6a9e7207de754b47afc26ae7a1b5dd5feae6d8252f79ee5043a70b2

SHA512
31675dfe7e21f161c369086163a2b38d607e3d38502fe21ecccd8d3249a8cf0191bc9198c79a7c6feced11abcd746aad6ad62d369cde438725ed4f1a816d6d55

Download Submit
C:\Windows\system\WRNXFMg.exe

Filesize
6.0MB

MD5
5970af5d3251151d52046db1bd0a43d0

SHA1
15b2823eddf0f58d7a90c7a4bcbb3f32ce274237

SHA256
1e8e02ce6af8c7882c01a99379ff6ce89d046aa56430b16c040de22296e142cb

SHA512
10a7e10c162399b57156dfebe8efda27701184e2601de12e9fb742ebb5ae6c8bd8d093483a2f1b65bc60784e35573ebf48d98e213f833dd9dd92a730decd606b

Download Submit
C:\Windows\system\WceKZgD.exe

Filesize
6.0MB

MD5
d34d6a800a37dc1fc9d1a0af37db9d42

SHA1
305627adad552442548e161ea88d780253698e4b

SHA256
b6605ed516735c364f561529ef882d9e15e0982c5b081b23978f75053f5b1051

SHA512
ade4434f1ac049b0b3ac8a5eb3dd44a6df80cdbcbff5509988d8f83c426213a47ab112fcdcb0f9cd8e121d6b80e68683dbf0b2e2c065425dab6048df577acefb

Download Submit
C:\Windows\system\XUHgbXo.exe

Filesize
6.0MB

MD5
bc5c772a160e82ee171cc8ab95ba458d

SHA1
301eeccce5d7cfc5d4a4aaf1ccc2cf386be57b10

SHA256
98932bf94d60ca28648523d16a71bb5a4d12a89798d482eb71e1d3a68745a170

SHA512
d3aa2ea6d1a617bc1a1a8ad3a92fa6012a37c327a2b1401221c0c9d55097586fbaaf2daa15371f9e6c0f99b2da4400261604111d8e45ac23c479378a701988eb

Download Submit
C:\Windows\system\YEHRccs.exe

Filesize
6.0MB

MD5
a6d32b5942f0369985452c4a742d7dcc

SHA1
5f1befe4575e6bc013b3c56f763a00004e5dc0de

SHA256
d7ededea9bf027407716bda9a4c22dc2993e0db27790e024e1861e5a820ed5b2

SHA512
bf2f8959ce4c97f416ce3b300337424b8643ed572127b8dec845d462a20c1eec401e6c69b5abea02d26166f57df6601b573920122c32c3151fe97ef8828a0e5e

Download Submit
C:\Windows\system\YPlGFMC.exe

Filesize
8B

MD5
e43210ed139c756a3013f159162eeb92

SHA1
c5860e5a10f9f6b367d346b4f9f29fd0ebb41758

SHA256
a14a04ca0fb548b59c6acc8b2b243205f0ea3e218ce754671454c8efbe5ec119

SHA512
9f4a62fee511a50835f1168f8a7db5362df06f045fb657600c9818030c54d62dfec5ddb65f55c67ec2865142dd0a9e6bd842228c8820dcb64412580475aab4e1

Download Submit
C:\Windows\system\YTtLFCk.exe

Filesize
6.0MB

MD5
743f4c7f745e3cc0dd3e742b751ad420

SHA1
162d33ffb9324464935186d6bc0faa2eb547f291

SHA256
0d4d172ed0d1f94f7f31b2bed8bad1e69ef54ce58a7ac1fd98a0055324053223

SHA512
31d6eb19a42f193578e6122b94c4b5c16492d5df186e443c25455d6ffe9f5d291eef65a32ce5cbfcc6c7b598f82298cb4954bf40085bdfda6dd7514167bb4042

Download Submit
C:\Windows\system\YthazAN.exe

Filesize
6.0MB

MD5
e15298a9dbf8b83b4a10898ab82d3aeb

SHA1
b032b405fa0c79a6a6775560e28317996077c1db

SHA256
660cd0c0fce480d50e52d17bbcf15b138736e6be06de5caa72d0ebab8db2c32a

SHA512
69d71e8b52d9e7532b2a9bd56f61504ab8269becd636be48bc1b3b4424338e5e958b24a4f73e73a3d2a271ffc29ff915827b619527c370a40294fb21f2afedd6

Download Submit
C:\Windows\system\dnAauhR.exe

Filesize
6.0MB

MD5
d0927027b4dae175b95a698f6a1b1ce2

SHA1
9a83e166e9f86ef4e6546b46d4427ad10ce0b970

SHA256
5f22c29cce27b963998d7ca778c48f1578650d8c567d08a0ff65e1f89975f1f3

SHA512
3f83dbcf021f1d847035c5db95be8c6407fbb04c83ddfddce25f419104a9ef07e0fbcd0858b7fd6f90424fe19ea3f1ed2ce6ff1930acb5ae37cde312ac4f93f7

Download Submit
C:\Windows\system\iWLTWzt.exe

Filesize
6.0MB

MD5
ec28353c65ed5453fe195daba460f55f

SHA1
49e5d351563dd1378309dde557e5cb2b9ac878d8

SHA256
21fa6227c6e6e9a6c75f9ffed7500730ebc8ff70da196e7892cca8c6451a1b23

SHA512
f59fba47e97ede770f4de441742d3c240053e883990b0c950bad24c84d3d57af557948c8be9b1e7f196f87d7dda04bafeefcadf4909b5f647e7fe2132d8197e7

Download Submit
C:\Windows\system\kroTVNp.exe

Filesize
6.0MB

MD5
6f33ba7b5e1c900a9487488e002905b1

SHA1
00645e3c43a84504f1d4dfa85cb50b2a15e3c900

SHA256
cbbe575cc41bee5a70cd8c2f4d543035759207888c612a93f70a41b240298968

SHA512
c208a6cf5d88ebc90d9e2d4167052c99703b257b062075adc8a4836ee6a6133964512596e957629fd0ae28a34d81dcb3fc818e08c60991f05eb94c44ddb76351

Download Submit
C:\Windows\system\mQkcOec.exe

Filesize
6.0MB

MD5
b7fad4cb3fb3eb05e81e6718a2944eaa

SHA1
94aecd303a79abeb10da446cfc0b98e1e7e0e1b6

SHA256
9b57f03486fa6f4eaed9a6bc5382f0e84cf65068623f115b538cfdbc4229ff37

SHA512
a47c33594130314e84562492c9c4864fb4552efe939664d518882fe78a474d9744b4eff5fd0bc5b7b42527cc00f53c4385e21850587bc7263d85a52e86a1a034

Download Submit
C:\Windows\system\oawtaCO.exe

Filesize
6.0MB

MD5
347616bab42b087d02c88b3460b5aea3

SHA1
f9df24ebe0e1b352e80da01cae0130816ed162e9

SHA256
95d3e4b156982c9f389f9bd4206cc9c54092b57a580aded0c4b71276ca466bb0

SHA512
0d85508f084416e499f747c16c9f0b20e04578cce5ba560a1f914c8746bc7b3ac861e4400a206625b201d1adf20d94ac95848026512ab0ab6b778840b6477dd1

Download Submit
C:\Windows\system\pyJaRpT.exe

Filesize
6.0MB

MD5
f2bb3ad93144b394e03acf45e98f8d15

SHA1
288379afc61761cf671c16a5149921d67875cdfc

SHA256
a3fd09dd20912e0e3c66ea38d54f2dc07a4a803f189b5a31d2ca252d6795a44a

SHA512
7594f71f03dcdd2149e42975417c6d1e11bffd3433731a31aa33c495ee6ccd337a7ce87d4d59726cfe30770fd7c6b8b084c78599fa16f84a504a58d3c66742df

Download Submit
C:\Windows\system\qizmHeH.exe

Filesize
6.0MB

MD5
26434fe1f1d3ed913e0ba74bb3b7ce71

SHA1
e75b0a0c4c746c7621c477489720fd6dd1374cbc

SHA256
a50abc9b5c6a8bb4aceee9e949bb281a52fe8e76c70bb8ded0d3e3942e867e6f

SHA512
8dc8397b3abb2a1086dcc2aff4a9ddb4e49ca8a8a3b65ad03c07ab9a4f46c2fffa91fbd8b28c67ef0f1d648a794b0f3ce05d257b1a97cd83b941212fb96a750e

Download Submit
C:\Windows\system\wrwBrEW.exe

Filesize
6.0MB

MD5
940bf4f82fce04ccd0a21a859815203a

SHA1
067018ef121c4776fbbca970d67ec47dd5fce3bb

SHA256
546118f866d2d5ff2ad0e7cfd9e8288c14a4eedb2c8893e5b9f5de3b154fd955

SHA512
139575c764b1c470d66490a756c6a535f5c29e2438854264e19d5e7385b03b701ade257ab598282cfab638863897d5e41d4f33914c3dea26b7202b037f507fa9

Download Submit
\Windows\system\CxZsYFx.exe

Filesize
6.0MB

MD5
d6f02439becbd5fdd8eafd704336dfc9

SHA1
44758723fd358856f1e32568d6717bbe70db41d8

SHA256
8e8cae3dc8eaa063cf3c807af401d2a754dc63430d77cdfa902dc6694a050877

SHA512
5851dfd422f931a462efcf04b82dd2799bbecfaf7913389465caa5957ecc3662bd228f86310f1f7281f7c60c2541e5d906afdf5c76ca1cbc70aad30031866f56

Download Submit
\Windows\system\DXSpOON.exe

Filesize
6.0MB

MD5
3ff885a6be5255f5dd2b9f576855aaa9

SHA1
9c673b64f72a5768b6b3bf7fb60a18d9ea2dacf4

SHA256
9edb116504bae91cace15166e3e82a65aef48a0aae206bfa2bec03f2cfeae653

SHA512
188509321c51ca9c9e07fdff3f8d39c2018f28a4530d466c455feb416ca61f9389cbbc9f0c5e4f2701c9f7f1ab4fe673633390c1bcc865e4df3e80a31a1271ae

Download Submit
\Windows\system\KraFIxv.exe

Filesize
6.0MB

MD5
93e9a8a59672185b70d563238347c9c8

SHA1
a39c42b2e73118d119ecb3aff3967e49a5dc713a

SHA256
4cb1412c2e0a4ac16fbaed44ca833e74d857b90e5de9841d55b3a3bdff1197ea

SHA512
ce301ba7ec60d73f0e41ee6509253ffa34f4cf1c9d15c43d693f262dde34dea45da7facc468183487b654b5eb386c2a5bd634883e4a9d212752ec03ae3d6e91e

Download Submit
\Windows\system\LKuVNiP.exe

Filesize
6.0MB

MD5
6a927160705ffc14aec3a40a83a28e97

SHA1
95c8e1c7bbe2c369585c094c1dc7fbcb199571bb

SHA256
652caa6658f5a5ab9648d0135e0afbb2764c615110f363bccc3305ea7637aa3a

SHA512
8064c33bdd3fb7e71e12bf40c46fd0fc567a28bb64e2d13e4ba205f6098709fa21855dcc6181e259a315d13051a88ddc00179cf34ebfdc2cd2eb847e7e5f9a26

Download Submit
\Windows\system\OuuBaTp.exe

Filesize
6.0MB

MD5
4f568a5e9375aff1df92e4f6d4dca330

SHA1
fd0de0cf15fcd35cee00c51bdc95a105d61bc8a4

SHA256
6cc7baf9ef39a62247c00790d5df6ae74458ddd8c9ad19fc8e171de844ea23bb

SHA512
cbfb8bc46bfdfcb84fbc5f3c45496718c7780d81e096e75307799c632f3e34f84565fc527dc6ee8bb62ee644fdbed66127e3b68278f368aaebe081a011ce6d38

Download Submit
\Windows\system\VTsyIbO.exe

Filesize
6.0MB

MD5
eec805951ce18abdb8c0583bad5c3f17

SHA1
5d4714a14fd942481e5f36e52ebbcbe02ddb1384

SHA256
0f93d3c7ec0a4f964f626b686a2f9585c3b7d947079882c693a1d7ff775b907f

SHA512
1c5c73c0a562586d23396a48f528db96c03b7b4ebb05d5ee0970dc5558d3225eecc1dcdab949ca4cd8434dde05c7f975d8c2b1943885fef9c3285da323d4a597

Download Submit
\Windows\system\aMKXYYE.exe

Filesize
6.0MB

MD5
29feac38c6cd59e636f172f3b58c0ea0

SHA1
5ba300c83bd4a61cd96b82406396b6776742a1fd

SHA256
6981abd1b52003c1df0a0da8308c4367f2a397284dc0669b10f1a530d3117f23

SHA512
35ed666174e9fa735b23647c34b14f4a44de51f4fa78613ed8ee49233bf24c030fe5c977235bfe09f69954d1475db414d6a78b092122bfd122de3cc2ce313802

Download Submit
\Windows\system\lfqcMjy.exe

Filesize
6.0MB

MD5
55686a23e53b9a71149eddd7b46d3350

SHA1
e089c204601b875cbb1a9d71fbbef2cda02069d1

SHA256
8e011048b9ed00d688e0a3c0ad7f00ca14b3df04ffd18d63cbc596229b703c9b

SHA512
eef944f2877e520c36cce01f6bc359ef64dddd96c58b4f8f0f640ea7622e3cd1b1ea7c6d0cde52cc2f20e3f905a47e54b105d7ca84cc43d27ebb621294f65219

Download Submit
\Windows\system\lsFjRZv.exe

Filesize
6.0MB

MD5
3b4a88ddefc1eb53fdf22044e1e92490

SHA1
07f2020f2da5e5f42f6a8ff023de4a34e1600a10

SHA256
3a52bdff8a3b9cff0a2c3e7b420b81992014eecd34031a384f551d8f0f8d3459

SHA512
107ab29f1cfc10a1464f4de23c0612825a164db66b994fa7eaaed4abe41a7dce582d7f1368d7574cbfe7dd09ef7df579d700dfeb5afc2de8f7c6f16e807e333c

Download Submit
\Windows\system\nsqXeWs.exe

Filesize
6.0MB

MD5
b8078d7912979de31db073d1268e6484

SHA1
e963dbdae92c64fc45d0283dab0d53553636a7e1

SHA256
46e698d175ef6b326b08f6239f24d1125f025c9d2b63bfb1320ea64980becc87

SHA512
de1ee0140e32ab783440f0951d69fe31389a5ebf82c6eaad7b9100010d59ae0145947a716e4b1749c086308afd1ad8b5857e01cb63fb4f3109338fed030a8a9a

Download Submit
\Windows\system\ufbcBfW.exe

Filesize
6.0MB

MD5
b8f9413300087df70aff6ab1447fc1f1

SHA1
0f50702795a23f0fae97febffed5070bff0326a2

SHA256
ae18f98e090129d4a9cebff4f0e8f0946055d6c9394e901e3e206a742b184edd

SHA512
7a1b88ba879e0ade51329fd1678998c4da0204bcb8a7863c8f7fceaf0f74db5bc2490aceacb4b1076278b75cb86a55a14087a52188bceb3c4509f435e641a0cd

Download Submit
memory/908-89-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/908-3757-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-90-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1656-3738-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2104-100-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-3831-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-3278-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-64-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-22-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-12-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2320-86-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-62-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-50-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-55-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-8-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-38-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2320-32-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2320-767-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-989-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-609-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-119-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2320-91-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2320-0-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2320-118-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-67-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-99-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-25-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-88-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-104-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2320-17-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2656-69-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3557-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2724-66-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3589-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3206-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2752-46-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2752-15-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2812-29-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-70-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3296-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-60-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3548-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3773-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2872-92-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3307-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-44-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-94-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-19-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/3032-59-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/3032-3207-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/3044-3308-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3044-36-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3044-76-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download