cobaltstrike | 8dc5054b645801899d905958d2ed6d5efb8427f4a02cd06a8ff95a23f4ea7a5f

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

21b359737b9be51b68b42b991e965c75
SHA1

571e9655702d26d7a3b23f4d70eddcc84156e330
SHA256

8dc5054b645801899d905958d2ed6d5efb8427f4a02cd06a8ff95a23f4ea7a5f
SHA512

f7d53697422f4ac844b64fd8ae8724153ec998a95e45f95994ea9f0c88a5448564e51827aa779aa6c647f172058399586cea3c254eab5c25d44630701627b8cf
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUu:T+q56utgpPF8u/7u

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\iAyAWYN.exe	cobalt_reflective_dll
\Windows\system\RPnQQqj.exe	cobalt_reflective_dll
\Windows\system\uyRiLkw.exe	cobalt_reflective_dll
C:\Windows\system\UAVYzOC.exe	cobalt_reflective_dll
C:\Windows\system\llKSiwJ.exe	cobalt_reflective_dll
\Windows\system\AHfyKcu.exe	cobalt_reflective_dll
C:\Windows\system\AUZHyPs.exe	cobalt_reflective_dll
C:\Windows\system\XEVVXDU.exe	cobalt_reflective_dll
\Windows\system\PLWCedM.exe	cobalt_reflective_dll
\Windows\system\AoRscmK.exe	cobalt_reflective_dll
C:\Windows\system\qlNnQAx.exe	cobalt_reflective_dll
C:\Windows\system\jgufcdi.exe	cobalt_reflective_dll
C:\Windows\system\ZLHhJbO.exe	cobalt_reflective_dll
C:\Windows\system\omKbLQK.exe	cobalt_reflective_dll
C:\Windows\system\XfnAqQD.exe	cobalt_reflective_dll
C:\Windows\system\srvCQXm.exe	cobalt_reflective_dll
C:\Windows\system\ZDHntWN.exe	cobalt_reflective_dll
C:\Windows\system\xJQXHnC.exe	cobalt_reflective_dll
C:\Windows\system\WAgPDaa.exe	cobalt_reflective_dll
\Windows\system\CdLAvjf.exe	cobalt_reflective_dll
\Windows\system\PgZfdKd.exe	cobalt_reflective_dll
C:\Windows\system\tpkRquP.exe	cobalt_reflective_dll
\Windows\system\xKXTxji.exe	cobalt_reflective_dll
C:\Windows\system\QnYqYQA.exe	cobalt_reflective_dll
C:\Windows\system\FvIKfWm.exe	cobalt_reflective_dll
C:\Windows\system\utzdxnG.exe	cobalt_reflective_dll
C:\Windows\system\pZWGDBJ.exe	cobalt_reflective_dll
C:\Windows\system\MfXMyXd.exe	cobalt_reflective_dll
\Windows\system\rHkpMpv.exe	cobalt_reflective_dll
C:\Windows\system\xJyNiJh.exe	cobalt_reflective_dll
C:\Windows\system\SPGnyEX.exe	cobalt_reflective_dll
C:\Windows\system\ebHgnjn.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2364-0-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
\Windows\system\iAyAWYN.exe	xmrig
\Windows\system\RPnQQqj.exe	xmrig
\Windows\system\uyRiLkw.exe	xmrig
C:\Windows\system\UAVYzOC.exe	xmrig
C:\Windows\system\llKSiwJ.exe	xmrig
\Windows\system\AHfyKcu.exe	xmrig
C:\Windows\system\AUZHyPs.exe	xmrig
C:\Windows\system\XEVVXDU.exe	xmrig
behavioral1/memory/2364-58-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
\Windows\system\PLWCedM.exe	xmrig
\Windows\system\AoRscmK.exe	xmrig
behavioral1/memory/2764-38-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2604-69-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
C:\Windows\system\qlNnQAx.exe	xmrig
C:\Windows\system\jgufcdi.exe	xmrig
C:\Windows\system\ZLHhJbO.exe	xmrig
behavioral1/memory/2576-2865-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2764-2887-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2996-2876-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2864-2879-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2588-2907-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2948-2988-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2604-2985-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2732-3011-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2392-3005-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2696-2868-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2616-3045-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/672-3037-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2732-1004-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/672-679-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2364-571-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
C:\Windows\system\omKbLQK.exe	xmrig
C:\Windows\system\XfnAqQD.exe	xmrig
C:\Windows\system\srvCQXm.exe	xmrig
C:\Windows\system\ZDHntWN.exe	xmrig
C:\Windows\system\xJQXHnC.exe	xmrig
C:\Windows\system\WAgPDaa.exe	xmrig
\Windows\system\CdLAvjf.exe	xmrig
\Windows\system\PgZfdKd.exe	xmrig
C:\Windows\system\tpkRquP.exe	xmrig
\Windows\system\xKXTxji.exe	xmrig
C:\Windows\system\QnYqYQA.exe	xmrig
C:\Windows\system\FvIKfWm.exe	xmrig
C:\Windows\system\utzdxnG.exe	xmrig
behavioral1/memory/2732-104-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
C:\Windows\system\pZWGDBJ.exe	xmrig
C:\Windows\system\MfXMyXd.exe	xmrig
behavioral1/memory/2948-78-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2576-67-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2392-54-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
\Windows\system\rHkpMpv.exe	xmrig
behavioral1/memory/2864-45-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2364-44-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
C:\Windows\system\xJyNiJh.exe	xmrig
C:\Windows\system\SPGnyEX.exe	xmrig
behavioral1/memory/2364-86-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2696-85-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
C:\Windows\system\ebHgnjn.exe	xmrig
behavioral1/memory/672-82-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2616-74-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2996-41-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2588-62-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

iAyAWYN.exeRPnQQqj.exeuyRiLkw.exeUAVYzOC.exellKSiwJ.exeAHfyKcu.exeAUZHyPs.exeAoRscmK.exeXEVVXDU.exePLWCedM.exeMfXMyXd.exeebHgnjn.exepZWGDBJ.exeutzdxnG.exeQnYqYQA.exetpkRquP.exeSPGnyEX.exexJyNiJh.exerHkpMpv.exeWAgPDaa.exexJQXHnC.exeZDHntWN.exesrvCQXm.exeXfnAqQD.exeqlNnQAx.exeFvIKfWm.exexKXTxji.exePgZfdKd.exeCdLAvjf.exeomKbLQK.exejgufcdi.exeZLHhJbO.exeDLiUVCb.exegARYmRg.exeXKKwvar.exeYlwGQuG.exeJQfNLoJ.exeEoObmLi.exeqoGOLWy.exeCUFxNdR.exejqkydYf.exeXbiVqUj.exeaRtkRYl.exeAeayKvV.exeosZZGos.exevDBzboa.exesQNDXgv.exeQJucXnB.exemVzwlBg.exeCbOMxwG.exefJKiEXG.exeQWEgycK.exeSjCNvXC.exeikMdKHU.exewsvsiDz.exerLNEghN.exeZmCpupc.exefFEqVEW.exeNIzFnbm.exebQwBzni.exewYcsdhp.exemYhkSDo.exeNmmQDNw.exeOeQylbI.exe

pid	process
2696	iAyAWYN.exe
2764	RPnQQqj.exe
2996	uyRiLkw.exe
2864	UAVYzOC.exe
2392	llKSiwJ.exe
2588	AHfyKcu.exe
2576	AUZHyPs.exe
2604	AoRscmK.exe
2616	XEVVXDU.exe
2948	PLWCedM.exe
672	MfXMyXd.exe
2732	ebHgnjn.exe
2496	pZWGDBJ.exe
2208	utzdxnG.exe
2336	QnYqYQA.exe
2468	tpkRquP.exe
2808	SPGnyEX.exe
596	xJyNiJh.exe
1896	rHkpMpv.exe
1140	WAgPDaa.exe
2532	xJQXHnC.exe
2384	ZDHntWN.exe
2868	srvCQXm.exe
2360	XfnAqQD.exe
2260	qlNnQAx.exe
264	FvIKfWm.exe
2008	xKXTxji.exe
556	PgZfdKd.exe
2108	CdLAvjf.exe
960	omKbLQK.exe
1824	jgufcdi.exe
996	ZLHhJbO.exe
908	DLiUVCb.exe
1364	gARYmRg.exe
2292	XKKwvar.exe
2000	YlwGQuG.exe
1468	JQfNLoJ.exe
1548	EoObmLi.exe
3032	qoGOLWy.exe
2024	CUFxNdR.exe
1604	jqkydYf.exe
2984	XbiVqUj.exe
2612	aRtkRYl.exe
836	AeayKvV.exe
1464	osZZGos.exe
2240	vDBzboa.exe
1700	sQNDXgv.exe
1296	QJucXnB.exe
1076	mVzwlBg.exe
2528	CbOMxwG.exe
1664	fJKiEXG.exe
896	QWEgycK.exe
1912	SjCNvXC.exe
3060	ikMdKHU.exe
1612	wsvsiDz.exe
2784	rLNEghN.exe
2560	ZmCpupc.exe
2340	fFEqVEW.exe
2844	NIzFnbm.exe
2224	bQwBzni.exe
2956	wYcsdhp.exe
2412	mYhkSDo.exe
2832	NmmQDNw.exe
2592	OeQylbI.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2364-0-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
\Windows\system\iAyAWYN.exe	upx
\Windows\system\RPnQQqj.exe	upx
\Windows\system\uyRiLkw.exe	upx
C:\Windows\system\UAVYzOC.exe	upx
C:\Windows\system\llKSiwJ.exe	upx
\Windows\system\AHfyKcu.exe	upx
C:\Windows\system\AUZHyPs.exe	upx
C:\Windows\system\XEVVXDU.exe	upx
\Windows\system\PLWCedM.exe	upx
\Windows\system\AoRscmK.exe	upx
behavioral1/memory/2764-38-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2604-69-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
C:\Windows\system\qlNnQAx.exe	upx
C:\Windows\system\jgufcdi.exe	upx
C:\Windows\system\ZLHhJbO.exe	upx
behavioral1/memory/2576-2865-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2764-2887-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2996-2876-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2864-2879-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2588-2907-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2948-2988-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2604-2985-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2732-3011-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2392-3005-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2696-2868-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2616-3045-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/672-3037-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2732-1004-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/672-679-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2364-571-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
C:\Windows\system\omKbLQK.exe	upx
C:\Windows\system\XfnAqQD.exe	upx
C:\Windows\system\srvCQXm.exe	upx
C:\Windows\system\ZDHntWN.exe	upx
C:\Windows\system\xJQXHnC.exe	upx
C:\Windows\system\WAgPDaa.exe	upx
\Windows\system\CdLAvjf.exe	upx
\Windows\system\PgZfdKd.exe	upx
C:\Windows\system\tpkRquP.exe	upx
\Windows\system\xKXTxji.exe	upx
C:\Windows\system\QnYqYQA.exe	upx
C:\Windows\system\FvIKfWm.exe	upx
C:\Windows\system\utzdxnG.exe	upx
behavioral1/memory/2732-104-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
C:\Windows\system\pZWGDBJ.exe	upx
C:\Windows\system\MfXMyXd.exe	upx
behavioral1/memory/2948-78-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2576-67-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2392-54-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
\Windows\system\rHkpMpv.exe	upx
behavioral1/memory/2864-45-0x000000013F330000-0x000000013F684000-memory.dmp	upx
C:\Windows\system\xJyNiJh.exe	upx
C:\Windows\system\SPGnyEX.exe	upx
behavioral1/memory/2696-85-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
C:\Windows\system\ebHgnjn.exe	upx
behavioral1/memory/672-82-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2616-74-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2996-41-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2588-62-0x000000013F720000-0x000000013FA74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\dsuLamS.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXdboPX.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rXsPmFR.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjRIAxw.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Velktdt.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFEqVEW.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VugaxcY.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQCWPTq.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mtjlyzb.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mluMnMO.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YFyODKi.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NADvnlB.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVpjEAC.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBtpHsO.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhzwQVm.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojmzdMH.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPEYABQ.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHSDyhB.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLPSnaa.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unyDEqD.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDhvYGv.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbAXrxE.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OhceTpn.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYRvlLP.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFOQmdh.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mntyfry.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pNBnZQo.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RENWwHb.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFyvUVB.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQqUeuW.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhDCNNO.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqVgoxP.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikMdKHU.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emvwsGW.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtqHlBK.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJCnFXc.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sfOinBv.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNPbaks.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJZTuRo.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cduaYET.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzbUWeU.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNGkqkq.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OSUPTid.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoGOLWy.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWEgycK.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNIjmzX.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBQuTUh.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DStslha.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbdmCYA.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjKsAHh.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JhvTqhs.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dddOthv.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfhAiZj.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISitKQg.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkszWyi.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\raMwUQu.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ophovsc.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldIbrpS.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InnnStY.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yutLGVO.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHHlOsJ.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlwGQuG.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnOhmtH.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbtRAsa.exe	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2364 wrote to memory of 2696	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	iAyAWYN.exe
PID 2364 wrote to memory of 2696	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	iAyAWYN.exe
PID 2364 wrote to memory of 2696	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	iAyAWYN.exe
PID 2364 wrote to memory of 2764	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	RPnQQqj.exe
PID 2364 wrote to memory of 2764	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	RPnQQqj.exe
PID 2364 wrote to memory of 2764	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	RPnQQqj.exe
PID 2364 wrote to memory of 2996	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	uyRiLkw.exe
PID 2364 wrote to memory of 2996	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	uyRiLkw.exe
PID 2364 wrote to memory of 2996	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	uyRiLkw.exe
PID 2364 wrote to memory of 2864	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	UAVYzOC.exe
PID 2364 wrote to memory of 2864	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	UAVYzOC.exe
PID 2364 wrote to memory of 2864	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	UAVYzOC.exe
PID 2364 wrote to memory of 2392	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	llKSiwJ.exe
PID 2364 wrote to memory of 2392	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	llKSiwJ.exe
PID 2364 wrote to memory of 2392	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	llKSiwJ.exe
PID 2364 wrote to memory of 2588	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	AHfyKcu.exe
PID 2364 wrote to memory of 2588	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	AHfyKcu.exe
PID 2364 wrote to memory of 2588	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	AHfyKcu.exe
PID 2364 wrote to memory of 2576	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	AUZHyPs.exe
PID 2364 wrote to memory of 2576	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	AUZHyPs.exe
PID 2364 wrote to memory of 2576	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	AUZHyPs.exe
PID 2364 wrote to memory of 2616	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	XEVVXDU.exe
PID 2364 wrote to memory of 2616	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	XEVVXDU.exe
PID 2364 wrote to memory of 2616	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	XEVVXDU.exe
PID 2364 wrote to memory of 2604	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	AoRscmK.exe
PID 2364 wrote to memory of 2604	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	AoRscmK.exe
PID 2364 wrote to memory of 2604	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	AoRscmK.exe
PID 2364 wrote to memory of 1896	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	rHkpMpv.exe
PID 2364 wrote to memory of 1896	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	rHkpMpv.exe
PID 2364 wrote to memory of 1896	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	rHkpMpv.exe
PID 2364 wrote to memory of 2948	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	PLWCedM.exe
PID 2364 wrote to memory of 2948	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	PLWCedM.exe
PID 2364 wrote to memory of 2948	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	PLWCedM.exe
PID 2364 wrote to memory of 1140	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	WAgPDaa.exe
PID 2364 wrote to memory of 1140	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	WAgPDaa.exe
PID 2364 wrote to memory of 1140	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	WAgPDaa.exe
PID 2364 wrote to memory of 672	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	MfXMyXd.exe
PID 2364 wrote to memory of 672	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	MfXMyXd.exe
PID 2364 wrote to memory of 672	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	MfXMyXd.exe
PID 2364 wrote to memory of 2532	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	xJQXHnC.exe
PID 2364 wrote to memory of 2532	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	xJQXHnC.exe
PID 2364 wrote to memory of 2532	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	xJQXHnC.exe
PID 2364 wrote to memory of 2732	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	ebHgnjn.exe
PID 2364 wrote to memory of 2732	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	ebHgnjn.exe
PID 2364 wrote to memory of 2732	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	ebHgnjn.exe
PID 2364 wrote to memory of 2384	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	ZDHntWN.exe
PID 2364 wrote to memory of 2384	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	ZDHntWN.exe
PID 2364 wrote to memory of 2384	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	ZDHntWN.exe
PID 2364 wrote to memory of 2496	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	pZWGDBJ.exe
PID 2364 wrote to memory of 2496	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	pZWGDBJ.exe
PID 2364 wrote to memory of 2496	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	pZWGDBJ.exe
PID 2364 wrote to memory of 2868	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	srvCQXm.exe
PID 2364 wrote to memory of 2868	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	srvCQXm.exe
PID 2364 wrote to memory of 2868	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	srvCQXm.exe
PID 2364 wrote to memory of 2208	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	utzdxnG.exe
PID 2364 wrote to memory of 2208	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	utzdxnG.exe
PID 2364 wrote to memory of 2208	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	utzdxnG.exe
PID 2364 wrote to memory of 2360	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	XfnAqQD.exe
PID 2364 wrote to memory of 2360	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	XfnAqQD.exe
PID 2364 wrote to memory of 2360	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	XfnAqQD.exe
PID 2364 wrote to memory of 2336	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	QnYqYQA.exe
PID 2364 wrote to memory of 2336	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	QnYqYQA.exe
PID 2364 wrote to memory of 2336	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	QnYqYQA.exe
PID 2364 wrote to memory of 2260	2364	2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe	qlNnQAx.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-26_21b359737b9be51b68b42b991e965c75_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\System\iAyAWYN.exe
  C:\Windows\System\iAyAWYN.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\RPnQQqj.exe
  C:\Windows\System\RPnQQqj.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\uyRiLkw.exe
  C:\Windows\System\uyRiLkw.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\UAVYzOC.exe
  C:\Windows\System\UAVYzOC.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\llKSiwJ.exe
  C:\Windows\System\llKSiwJ.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\AHfyKcu.exe
  C:\Windows\System\AHfyKcu.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\AUZHyPs.exe
  C:\Windows\System\AUZHyPs.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\XEVVXDU.exe
  C:\Windows\System\XEVVXDU.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\AoRscmK.exe
  C:\Windows\System\AoRscmK.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\rHkpMpv.exe
  C:\Windows\System\rHkpMpv.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\PLWCedM.exe
  C:\Windows\System\PLWCedM.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\WAgPDaa.exe
  C:\Windows\System\WAgPDaa.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\MfXMyXd.exe
  C:\Windows\System\MfXMyXd.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\xJQXHnC.exe
  C:\Windows\System\xJQXHnC.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\ebHgnjn.exe
  C:\Windows\System\ebHgnjn.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ZDHntWN.exe
  C:\Windows\System\ZDHntWN.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\pZWGDBJ.exe
  C:\Windows\System\pZWGDBJ.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\srvCQXm.exe
  C:\Windows\System\srvCQXm.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\utzdxnG.exe
  C:\Windows\System\utzdxnG.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\XfnAqQD.exe
  C:\Windows\System\XfnAqQD.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\QnYqYQA.exe
  C:\Windows\System\QnYqYQA.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\qlNnQAx.exe
  C:\Windows\System\qlNnQAx.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\tpkRquP.exe
  C:\Windows\System\tpkRquP.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\xKXTxji.exe
  C:\Windows\System\xKXTxji.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\SPGnyEX.exe
  C:\Windows\System\SPGnyEX.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\PgZfdKd.exe
  C:\Windows\System\PgZfdKd.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\xJyNiJh.exe
  C:\Windows\System\xJyNiJh.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\CdLAvjf.exe
  C:\Windows\System\CdLAvjf.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\FvIKfWm.exe
  C:\Windows\System\FvIKfWm.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\omKbLQK.exe
  C:\Windows\System\omKbLQK.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\jgufcdi.exe
  C:\Windows\System\jgufcdi.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\ZLHhJbO.exe
  C:\Windows\System\ZLHhJbO.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\DLiUVCb.exe
  C:\Windows\System\DLiUVCb.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\gARYmRg.exe
  C:\Windows\System\gARYmRg.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\XKKwvar.exe
  C:\Windows\System\XKKwvar.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\YlwGQuG.exe
  C:\Windows\System\YlwGQuG.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\JQfNLoJ.exe
  C:\Windows\System\JQfNLoJ.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\EoObmLi.exe
  C:\Windows\System\EoObmLi.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\qoGOLWy.exe
  C:\Windows\System\qoGOLWy.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\CUFxNdR.exe
  C:\Windows\System\CUFxNdR.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\jqkydYf.exe
  C:\Windows\System\jqkydYf.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\XbiVqUj.exe
  C:\Windows\System\XbiVqUj.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\aRtkRYl.exe
  C:\Windows\System\aRtkRYl.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\AeayKvV.exe
  C:\Windows\System\AeayKvV.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\osZZGos.exe
  C:\Windows\System\osZZGos.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\vDBzboa.exe
  C:\Windows\System\vDBzboa.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\sQNDXgv.exe
  C:\Windows\System\sQNDXgv.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\QJucXnB.exe
  C:\Windows\System\QJucXnB.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\mVzwlBg.exe
  C:\Windows\System\mVzwlBg.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\CbOMxwG.exe
  C:\Windows\System\CbOMxwG.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\fJKiEXG.exe
  C:\Windows\System\fJKiEXG.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\QWEgycK.exe
  C:\Windows\System\QWEgycK.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\SjCNvXC.exe
  C:\Windows\System\SjCNvXC.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\ikMdKHU.exe
  C:\Windows\System\ikMdKHU.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\wsvsiDz.exe
  C:\Windows\System\wsvsiDz.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\fFEqVEW.exe
  C:\Windows\System\fFEqVEW.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\rLNEghN.exe
  C:\Windows\System\rLNEghN.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\NIzFnbm.exe
  C:\Windows\System\NIzFnbm.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\ZmCpupc.exe
  C:\Windows\System\ZmCpupc.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\bQwBzni.exe
  C:\Windows\System\bQwBzni.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\wYcsdhp.exe
  C:\Windows\System\wYcsdhp.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\mYhkSDo.exe
  C:\Windows\System\mYhkSDo.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\NmmQDNw.exe
  C:\Windows\System\NmmQDNw.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\OeQylbI.exe
  C:\Windows\System\OeQylbI.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ZiVVLTi.exe
  C:\Windows\System\ZiVVLTi.exe
  2⤵
  PID:1768
- C:\Windows\System\KAnYmhw.exe
  C:\Windows\System\KAnYmhw.exe
  2⤵
  PID:2148
- C:\Windows\System\OivvIfb.exe
  C:\Windows\System\OivvIfb.exe
  2⤵
  PID:2504
- C:\Windows\System\Nlujrsz.exe
  C:\Windows\System\Nlujrsz.exe
  2⤵
  PID:2400
- C:\Windows\System\eizdxif.exe
  C:\Windows\System\eizdxif.exe
  2⤵
  PID:1368
- C:\Windows\System\VNrcULE.exe
  C:\Windows\System\VNrcULE.exe
  2⤵
  PID:1512
- C:\Windows\System\DytYxMY.exe
  C:\Windows\System\DytYxMY.exe
  2⤵
  PID:1884
- C:\Windows\System\Ghrlmio.exe
  C:\Windows\System\Ghrlmio.exe
  2⤵
  PID:1816
- C:\Windows\System\PsAexyP.exe
  C:\Windows\System\PsAexyP.exe
  2⤵
  PID:1744
- C:\Windows\System\YBxflgn.exe
  C:\Windows\System\YBxflgn.exe
  2⤵
  PID:2056
- C:\Windows\System\qJMqpNN.exe
  C:\Windows\System\qJMqpNN.exe
  2⤵
  PID:2508
- C:\Windows\System\mNQkCCc.exe
  C:\Windows\System\mNQkCCc.exe
  2⤵
  PID:920
- C:\Windows\System\vRfCOZf.exe
  C:\Windows\System\vRfCOZf.exe
  2⤵
  PID:760
- C:\Windows\System\RFGxLmc.exe
  C:\Windows\System\RFGxLmc.exe
  2⤵
  PID:1304
- C:\Windows\System\MOhNAvr.exe
  C:\Windows\System\MOhNAvr.exe
  2⤵
  PID:1564
- C:\Windows\System\yUzkYYB.exe
  C:\Windows\System\yUzkYYB.exe
  2⤵
  PID:1976
- C:\Windows\System\hHdFQsb.exe
  C:\Windows\System\hHdFQsb.exe
  2⤵
  PID:1980
- C:\Windows\System\hlFEpXU.exe
  C:\Windows\System\hlFEpXU.exe
  2⤵
  PID:2064
- C:\Windows\System\EjsCKBw.exe
  C:\Windows\System\EjsCKBw.exe
  2⤵
  PID:2492
- C:\Windows\System\fGdWLph.exe
  C:\Windows\System\fGdWLph.exe
  2⤵
  PID:1640
- C:\Windows\System\QkKCknl.exe
  C:\Windows\System\QkKCknl.exe
  2⤵
  PID:2304
- C:\Windows\System\dYMSuHu.exe
  C:\Windows\System\dYMSuHu.exe
  2⤵
  PID:2248
- C:\Windows\System\HPllWoq.exe
  C:\Windows\System\HPllWoq.exe
  2⤵
  PID:3024
- C:\Windows\System\cLTNOIO.exe
  C:\Windows\System\cLTNOIO.exe
  2⤵
  PID:2464
- C:\Windows\System\sBlIIpT.exe
  C:\Windows\System\sBlIIpT.exe
  2⤵
  PID:1008
- C:\Windows\System\lXhkJXm.exe
  C:\Windows\System\lXhkJXm.exe
  2⤵
  PID:1916
- C:\Windows\System\JEjYJbv.exe
  C:\Windows\System\JEjYJbv.exe
  2⤵
  PID:2176
- C:\Windows\System\lrQUrZv.exe
  C:\Windows\System\lrQUrZv.exe
  2⤵
  PID:1608
- C:\Windows\System\UemBJpe.exe
  C:\Windows\System\UemBJpe.exe
  2⤵
  PID:1540
- C:\Windows\System\nkVIQRT.exe
  C:\Windows\System\nkVIQRT.exe
  2⤵
  PID:432
- C:\Windows\System\aTkyRiI.exe
  C:\Windows\System\aTkyRiI.exe
  2⤵
  PID:2352
- C:\Windows\System\wcEXeSt.exe
  C:\Windows\System\wcEXeSt.exe
  2⤵
  PID:2084
- C:\Windows\System\vHjOsbe.exe
  C:\Windows\System\vHjOsbe.exe
  2⤵
  PID:1212
- C:\Windows\System\TkLWHZs.exe
  C:\Windows\System\TkLWHZs.exe
  2⤵
  PID:1732
- C:\Windows\System\oxNzCxR.exe
  C:\Windows\System\oxNzCxR.exe
  2⤵
  PID:2028
- C:\Windows\System\toyJJfq.exe
  C:\Windows\System\toyJJfq.exe
  2⤵
  PID:2088
- C:\Windows\System\KCIIeAM.exe
  C:\Windows\System\KCIIeAM.exe
  2⤵
  PID:2424
- C:\Windows\System\qdvVRZr.exe
  C:\Windows\System\qdvVRZr.exe
  2⤵
  PID:2192
- C:\Windows\System\gxVGWQn.exe
  C:\Windows\System\gxVGWQn.exe
  2⤵
  PID:2128
- C:\Windows\System\vktvzmA.exe
  C:\Windows\System\vktvzmA.exe
  2⤵
  PID:1208
- C:\Windows\System\ljmAxJB.exe
  C:\Windows\System\ljmAxJB.exe
  2⤵
  PID:2120
- C:\Windows\System\UDDfTNr.exe
  C:\Windows\System\UDDfTNr.exe
  2⤵
  PID:2428
- C:\Windows\System\kgzkhen.exe
  C:\Windows\System\kgzkhen.exe
  2⤵
  PID:3080
- C:\Windows\System\nHJedBr.exe
  C:\Windows\System\nHJedBr.exe
  2⤵
  PID:3100
- C:\Windows\System\emvwsGW.exe
  C:\Windows\System\emvwsGW.exe
  2⤵
  PID:3120
- C:\Windows\System\SAjUTtg.exe
  C:\Windows\System\SAjUTtg.exe
  2⤵
  PID:3144
- C:\Windows\System\KlEhlsd.exe
  C:\Windows\System\KlEhlsd.exe
  2⤵
  PID:3160
- C:\Windows\System\nvmKEsV.exe
  C:\Windows\System\nvmKEsV.exe
  2⤵
  PID:3176
- C:\Windows\System\DmnDTYt.exe
  C:\Windows\System\DmnDTYt.exe
  2⤵
  PID:3208
- C:\Windows\System\BkXoIdj.exe
  C:\Windows\System\BkXoIdj.exe
  2⤵
  PID:3228
- C:\Windows\System\SPKJwOf.exe
  C:\Windows\System\SPKJwOf.exe
  2⤵
  PID:3244
- C:\Windows\System\gbbiVMe.exe
  C:\Windows\System\gbbiVMe.exe
  2⤵
  PID:3268
- C:\Windows\System\StwlLkN.exe
  C:\Windows\System\StwlLkN.exe
  2⤵
  PID:3284
- C:\Windows\System\RxZtSqf.exe
  C:\Windows\System\RxZtSqf.exe
  2⤵
  PID:3308
- C:\Windows\System\fDnryzD.exe
  C:\Windows\System\fDnryzD.exe
  2⤵
  PID:3328
- C:\Windows\System\MpqWpRK.exe
  C:\Windows\System\MpqWpRK.exe
  2⤵
  PID:3344
- C:\Windows\System\XFLseQZ.exe
  C:\Windows\System\XFLseQZ.exe
  2⤵
  PID:3360
- C:\Windows\System\aBLmsfo.exe
  C:\Windows\System\aBLmsfo.exe
  2⤵
  PID:3376
- C:\Windows\System\cbfIKmP.exe
  C:\Windows\System\cbfIKmP.exe
  2⤵
  PID:3392
- C:\Windows\System\EfbEDrP.exe
  C:\Windows\System\EfbEDrP.exe
  2⤵
  PID:3412
- C:\Windows\System\FyMhGEI.exe
  C:\Windows\System\FyMhGEI.exe
  2⤵
  PID:3428
- C:\Windows\System\rezLEtO.exe
  C:\Windows\System\rezLEtO.exe
  2⤵
  PID:3444
- C:\Windows\System\IjoAVCI.exe
  C:\Windows\System\IjoAVCI.exe
  2⤵
  PID:3472
- C:\Windows\System\ophovsc.exe
  C:\Windows\System\ophovsc.exe
  2⤵
  PID:3504
- C:\Windows\System\NgLojUy.exe
  C:\Windows\System\NgLojUy.exe
  2⤵
  PID:3524
- C:\Windows\System\bogVRhw.exe
  C:\Windows\System\bogVRhw.exe
  2⤵
  PID:3548
- C:\Windows\System\xQBnefA.exe
  C:\Windows\System\xQBnefA.exe
  2⤵
  PID:3564
- C:\Windows\System\iLRraNh.exe
  C:\Windows\System\iLRraNh.exe
  2⤵
  PID:3588
- C:\Windows\System\LJkcVdr.exe
  C:\Windows\System\LJkcVdr.exe
  2⤵
  PID:3604
- C:\Windows\System\TIZbhED.exe
  C:\Windows\System\TIZbhED.exe
  2⤵
  PID:3624
- C:\Windows\System\PYHEYgh.exe
  C:\Windows\System\PYHEYgh.exe
  2⤵
  PID:3644
- C:\Windows\System\YExUvfm.exe
  C:\Windows\System\YExUvfm.exe
  2⤵
  PID:3672
- C:\Windows\System\sKAnFQF.exe
  C:\Windows\System\sKAnFQF.exe
  2⤵
  PID:3692
- C:\Windows\System\clydPTA.exe
  C:\Windows\System\clydPTA.exe
  2⤵
  PID:3708
- C:\Windows\System\YGCyCuP.exe
  C:\Windows\System\YGCyCuP.exe
  2⤵
  PID:3724
- C:\Windows\System\DnSbcCy.exe
  C:\Windows\System\DnSbcCy.exe
  2⤵
  PID:3744
- C:\Windows\System\aPMXAww.exe
  C:\Windows\System\aPMXAww.exe
  2⤵
  PID:3764
- C:\Windows\System\HSLFjge.exe
  C:\Windows\System\HSLFjge.exe
  2⤵
  PID:3780
- C:\Windows\System\SNgEXmG.exe
  C:\Windows\System\SNgEXmG.exe
  2⤵
  PID:3804
- C:\Windows\System\VrndNwW.exe
  C:\Windows\System\VrndNwW.exe
  2⤵
  PID:3828
- C:\Windows\System\yJepwGW.exe
  C:\Windows\System\yJepwGW.exe
  2⤵
  PID:3848
- C:\Windows\System\dtHuGNI.exe
  C:\Windows\System\dtHuGNI.exe
  2⤵
  PID:3868
- C:\Windows\System\oMGvtEH.exe
  C:\Windows\System\oMGvtEH.exe
  2⤵
  PID:3892
- C:\Windows\System\TtytscG.exe
  C:\Windows\System\TtytscG.exe
  2⤵
  PID:3912
- C:\Windows\System\EDUqdiF.exe
  C:\Windows\System\EDUqdiF.exe
  2⤵
  PID:3928
- C:\Windows\System\MbmDbqC.exe
  C:\Windows\System\MbmDbqC.exe
  2⤵
  PID:3948
- C:\Windows\System\pLofJmu.exe
  C:\Windows\System\pLofJmu.exe
  2⤵
  PID:3968
- C:\Windows\System\mfTjxyB.exe
  C:\Windows\System\mfTjxyB.exe
  2⤵
  PID:3988
- C:\Windows\System\yjWLppD.exe
  C:\Windows\System\yjWLppD.exe
  2⤵
  PID:4008
- C:\Windows\System\iyFEGRZ.exe
  C:\Windows\System\iyFEGRZ.exe
  2⤵
  PID:4028
- C:\Windows\System\nrVHVaf.exe
  C:\Windows\System\nrVHVaf.exe
  2⤵
  PID:4044
- C:\Windows\System\AySqWqQ.exe
  C:\Windows\System\AySqWqQ.exe
  2⤵
  PID:4064
- C:\Windows\System\nkZwZBL.exe
  C:\Windows\System\nkZwZBL.exe
  2⤵
  PID:4088
- C:\Windows\System\LWOeNct.exe
  C:\Windows\System\LWOeNct.exe
  2⤵
  PID:1396
- C:\Windows\System\OynGhtm.exe
  C:\Windows\System\OynGhtm.exe
  2⤵
  PID:1936
- C:\Windows\System\WgypYGC.exe
  C:\Windows\System\WgypYGC.exe
  2⤵
  PID:1996
- C:\Windows\System\boZeasc.exe
  C:\Windows\System\boZeasc.exe
  2⤵
  PID:1720
- C:\Windows\System\RzSAcRr.exe
  C:\Windows\System\RzSAcRr.exe
  2⤵
  PID:1160
- C:\Windows\System\wrhNrtN.exe
  C:\Windows\System\wrhNrtN.exe
  2⤵
  PID:1228
- C:\Windows\System\rUWCOPJ.exe
  C:\Windows\System\rUWCOPJ.exe
  2⤵
  PID:2716
- C:\Windows\System\WLtbzFp.exe
  C:\Windows\System\WLtbzFp.exe
  2⤵
  PID:2676
- C:\Windows\System\QjmFESU.exe
  C:\Windows\System\QjmFESU.exe
  2⤵
  PID:2004
- C:\Windows\System\eArJnKg.exe
  C:\Windows\System\eArJnKg.exe
  2⤵
  PID:2124
- C:\Windows\System\uKhtWKZ.exe
  C:\Windows\System\uKhtWKZ.exe
  2⤵
  PID:1560
- C:\Windows\System\AtqHlBK.exe
  C:\Windows\System\AtqHlBK.exe
  2⤵
  PID:1520
- C:\Windows\System\MZYsCCq.exe
  C:\Windows\System\MZYsCCq.exe
  2⤵
  PID:3132
- C:\Windows\System\qPJMely.exe
  C:\Windows\System\qPJMely.exe
  2⤵
  PID:3224
- C:\Windows\System\rFOQmdh.exe
  C:\Windows\System\rFOQmdh.exe
  2⤵
  PID:3256
- C:\Windows\System\iTmPIhO.exe
  C:\Windows\System\iTmPIhO.exe
  2⤵
  PID:3300
- C:\Windows\System\WxPHPMD.exe
  C:\Windows\System\WxPHPMD.exe
  2⤵
  PID:776
- C:\Windows\System\tWVBfmP.exe
  C:\Windows\System\tWVBfmP.exe
  2⤵
  PID:2180
- C:\Windows\System\ywKWVRs.exe
  C:\Windows\System\ywKWVRs.exe
  2⤵
  PID:3116
- C:\Windows\System\IqRMplC.exe
  C:\Windows\System\IqRMplC.exe
  2⤵
  PID:3152
- C:\Windows\System\TcjocOK.exe
  C:\Windows\System\TcjocOK.exe
  2⤵
  PID:3192
- C:\Windows\System\UfGkpZt.exe
  C:\Windows\System\UfGkpZt.exe
  2⤵
  PID:3236
- C:\Windows\System\lBtHTWq.exe
  C:\Windows\System\lBtHTWq.exe
  2⤵
  PID:3316
- C:\Windows\System\dKOhpRy.exe
  C:\Windows\System\dKOhpRy.exe
  2⤵
  PID:3452
- C:\Windows\System\hjLjwLx.exe
  C:\Windows\System\hjLjwLx.exe
  2⤵
  PID:3388
- C:\Windows\System\MXBUEyw.exe
  C:\Windows\System\MXBUEyw.exe
  2⤵
  PID:3540
- C:\Windows\System\bVgpmjf.exe
  C:\Windows\System\bVgpmjf.exe
  2⤵
  PID:3580
- C:\Windows\System\pUDhmhm.exe
  C:\Windows\System\pUDhmhm.exe
  2⤵
  PID:3468
- C:\Windows\System\nNLfpSk.exe
  C:\Windows\System\nNLfpSk.exe
  2⤵
  PID:3512
- C:\Windows\System\OrQHaHk.exe
  C:\Windows\System\OrQHaHk.exe
  2⤵
  PID:3636
- C:\Windows\System\OWdsxhY.exe
  C:\Windows\System\OWdsxhY.exe
  2⤵
  PID:3700
- C:\Windows\System\asdmMUw.exe
  C:\Windows\System\asdmMUw.exe
  2⤵
  PID:3732
- C:\Windows\System\KUzssOb.exe
  C:\Windows\System\KUzssOb.exe
  2⤵
  PID:3812
- C:\Windows\System\YYkxztE.exe
  C:\Windows\System\YYkxztE.exe
  2⤵
  PID:3716
- C:\Windows\System\WtiltSe.exe
  C:\Windows\System\WtiltSe.exe
  2⤵
  PID:3788
- C:\Windows\System\evmkjUj.exe
  C:\Windows\System\evmkjUj.exe
  2⤵
  PID:3752
- C:\Windows\System\aidoJmx.exe
  C:\Windows\System\aidoJmx.exe
  2⤵
  PID:3908
- C:\Windows\System\GVzYmQP.exe
  C:\Windows\System\GVzYmQP.exe
  2⤵
  PID:3936
- C:\Windows\System\lxWZUsP.exe
  C:\Windows\System\lxWZUsP.exe
  2⤵
  PID:3980
- C:\Windows\System\LECCqJS.exe
  C:\Windows\System\LECCqJS.exe
  2⤵
  PID:4052
- C:\Windows\System\uMdImMG.exe
  C:\Windows\System\uMdImMG.exe
  2⤵
  PID:1552
- C:\Windows\System\JSIpdiL.exe
  C:\Windows\System\JSIpdiL.exe
  2⤵
  PID:4000
- C:\Windows\System\VeLcAwW.exe
  C:\Windows\System\VeLcAwW.exe
  2⤵
  PID:4040
- C:\Windows\System\xUvohpG.exe
  C:\Windows\System\xUvohpG.exe
  2⤵
  PID:4084
- C:\Windows\System\XhoWSLw.exe
  C:\Windows\System\XhoWSLw.exe
  2⤵
  PID:3088
- C:\Windows\System\BGtSXrM.exe
  C:\Windows\System\BGtSXrM.exe
  2⤵
  PID:2252
- C:\Windows\System\WCHQGHk.exe
  C:\Windows\System\WCHQGHk.exe
  2⤵
  PID:684
- C:\Windows\System\lbEYCHr.exe
  C:\Windows\System\lbEYCHr.exe
  2⤵
  PID:3128
- C:\Windows\System\SUOKGol.exe
  C:\Windows\System\SUOKGol.exe
  2⤵
  PID:2080
- C:\Windows\System\yISdWUy.exe
  C:\Windows\System\yISdWUy.exe
  2⤵
  PID:3296
- C:\Windows\System\HCfaXQy.exe
  C:\Windows\System\HCfaXQy.exe
  2⤵
  PID:1880
- C:\Windows\System\ddJuvql.exe
  C:\Windows\System\ddJuvql.exe
  2⤵
  PID:3368
- C:\Windows\System\lQCwFSy.exe
  C:\Windows\System\lQCwFSy.exe
  2⤵
  PID:3108
- C:\Windows\System\YzMfEEx.exe
  C:\Windows\System\YzMfEEx.exe
  2⤵
  PID:2684
- C:\Windows\System\ValCsug.exe
  C:\Windows\System\ValCsug.exe
  2⤵
  PID:3280
- C:\Windows\System\PNaNXdj.exe
  C:\Windows\System\PNaNXdj.exe
  2⤵
  PID:3424
- C:\Windows\System\NTRtbyn.exe
  C:\Windows\System\NTRtbyn.exe
  2⤵
  PID:3584
- C:\Windows\System\Zzxajib.exe
  C:\Windows\System\Zzxajib.exe
  2⤵
  PID:3520
- C:\Windows\System\vCTIJom.exe
  C:\Windows\System\vCTIJom.exe
  2⤵
  PID:3664
- C:\Windows\System\umaHRgo.exe
  C:\Windows\System\umaHRgo.exe
  2⤵
  PID:3740
- C:\Windows\System\OTipNLO.exe
  C:\Windows\System\OTipNLO.exe
  2⤵
  PID:3200
- C:\Windows\System\FUSJiVF.exe
  C:\Windows\System\FUSJiVF.exe
  2⤵
  PID:3356
- C:\Windows\System\xqXtIVO.exe
  C:\Windows\System\xqXtIVO.exe
  2⤵
  PID:3500
- C:\Windows\System\ZZfTeCG.exe
  C:\Windows\System\ZZfTeCG.exe
  2⤵
  PID:3596
- C:\Windows\System\AVtqJWq.exe
  C:\Windows\System\AVtqJWq.exe
  2⤵
  PID:4036
- C:\Windows\System\jRIwzwr.exe
  C:\Windows\System\jRIwzwr.exe
  2⤵
  PID:2976
- C:\Windows\System\jiruHel.exe
  C:\Windows\System\jiruHel.exe
  2⤵
  PID:3824
- C:\Windows\System\VlNXfnb.exe
  C:\Windows\System\VlNXfnb.exe
  2⤵
  PID:3836
- C:\Windows\System\GdcJjqY.exe
  C:\Windows\System\GdcJjqY.exe
  2⤵
  PID:2204
- C:\Windows\System\ADCrpmT.exe
  C:\Windows\System\ADCrpmT.exe
  2⤵
  PID:2596
- C:\Windows\System\OZUpKlR.exe
  C:\Windows\System\OZUpKlR.exe
  2⤵
  PID:3800
- C:\Windows\System\mXCZpbp.exe
  C:\Windows\System\mXCZpbp.exe
  2⤵
  PID:3660
- C:\Windows\System\odLXyiN.exe
  C:\Windows\System\odLXyiN.exe
  2⤵
  PID:3772
- C:\Windows\System\GPGEANp.exe
  C:\Windows\System\GPGEANp.exe
  2⤵
  PID:3292
- C:\Windows\System\xbdmCYA.exe
  C:\Windows\System\xbdmCYA.exe
  2⤵
  PID:3440
- C:\Windows\System\wLEPIHM.exe
  C:\Windows\System\wLEPIHM.exe
  2⤵
  PID:2980
- C:\Windows\System\HRJiVBv.exe
  C:\Windows\System\HRJiVBv.exe
  2⤵
  PID:1088
- C:\Windows\System\CLYTJBg.exe
  C:\Windows\System\CLYTJBg.exe
  2⤵
  PID:3844
- C:\Windows\System\YwpAPsf.exe
  C:\Windows\System\YwpAPsf.exe
  2⤵
  PID:444
- C:\Windows\System\mOclJlo.exe
  C:\Windows\System\mOclJlo.exe
  2⤵
  PID:3684
- C:\Windows\System\DzQbShR.exe
  C:\Windows\System\DzQbShR.exe
  2⤵
  PID:2944
- C:\Windows\System\RUQefrR.exe
  C:\Windows\System\RUQefrR.exe
  2⤵
  PID:1224
- C:\Windows\System\osbjXTR.exe
  C:\Windows\System\osbjXTR.exe
  2⤵
  PID:884
- C:\Windows\System\PEhPelX.exe
  C:\Windows\System\PEhPelX.exe
  2⤵
  PID:3888
- C:\Windows\System\AywrRYD.exe
  C:\Windows\System\AywrRYD.exe
  2⤵
  PID:1516
- C:\Windows\System\BqaWvxW.exe
  C:\Windows\System\BqaWvxW.exe
  2⤵
  PID:4016
- C:\Windows\System\bbdddAO.exe
  C:\Windows\System\bbdddAO.exe
  2⤵
  PID:2216
- C:\Windows\System\wdhMgHV.exe
  C:\Windows\System\wdhMgHV.exe
  2⤵
  PID:3760
- C:\Windows\System\yBguSzc.exe
  C:\Windows\System\yBguSzc.exe
  2⤵
  PID:3372
- C:\Windows\System\SnVuiPE.exe
  C:\Windows\System\SnVuiPE.exe
  2⤵
  PID:3136
- C:\Windows\System\SiOgtOn.exe
  C:\Windows\System\SiOgtOn.exe
  2⤵
  PID:2736
- C:\Windows\System\jvOoORW.exe
  C:\Windows\System\jvOoORW.exe
  2⤵
  PID:4104
- C:\Windows\System\DnMbszK.exe
  C:\Windows\System\DnMbszK.exe
  2⤵
  PID:4120
- C:\Windows\System\sZCBANT.exe
  C:\Windows\System\sZCBANT.exe
  2⤵
  PID:4144
- C:\Windows\System\tOlWfud.exe
  C:\Windows\System\tOlWfud.exe
  2⤵
  PID:4160
- C:\Windows\System\dgtfDhS.exe
  C:\Windows\System\dgtfDhS.exe
  2⤵
  PID:4184
- C:\Windows\System\lztzzNd.exe
  C:\Windows\System\lztzzNd.exe
  2⤵
  PID:4204
- C:\Windows\System\Cmvvvmo.exe
  C:\Windows\System\Cmvvvmo.exe
  2⤵
  PID:4224
- C:\Windows\System\HhMXlkv.exe
  C:\Windows\System\HhMXlkv.exe
  2⤵
  PID:4240
- C:\Windows\System\wXjKRiA.exe
  C:\Windows\System\wXjKRiA.exe
  2⤵
  PID:4264
- C:\Windows\System\RnRMfHx.exe
  C:\Windows\System\RnRMfHx.exe
  2⤵
  PID:4284
- C:\Windows\System\PdVcKBI.exe
  C:\Windows\System\PdVcKBI.exe
  2⤵
  PID:4300
- C:\Windows\System\IXZECCR.exe
  C:\Windows\System\IXZECCR.exe
  2⤵
  PID:4320
- C:\Windows\System\jRboItu.exe
  C:\Windows\System\jRboItu.exe
  2⤵
  PID:4340
- C:\Windows\System\ahvDtzM.exe
  C:\Windows\System\ahvDtzM.exe
  2⤵
  PID:4364
- C:\Windows\System\XKWIJrM.exe
  C:\Windows\System\XKWIJrM.exe
  2⤵
  PID:4384
- C:\Windows\System\aKhTLSc.exe
  C:\Windows\System\aKhTLSc.exe
  2⤵
  PID:4408
- C:\Windows\System\wigUPBY.exe
  C:\Windows\System\wigUPBY.exe
  2⤵
  PID:4424
- C:\Windows\System\GrBLbgK.exe
  C:\Windows\System\GrBLbgK.exe
  2⤵
  PID:4444
- C:\Windows\System\JQHluJq.exe
  C:\Windows\System\JQHluJq.exe
  2⤵
  PID:4468
- C:\Windows\System\FxNjyMm.exe
  C:\Windows\System\FxNjyMm.exe
  2⤵
  PID:4484
- C:\Windows\System\qppEGjE.exe
  C:\Windows\System\qppEGjE.exe
  2⤵
  PID:4500
- C:\Windows\System\xCadxjA.exe
  C:\Windows\System\xCadxjA.exe
  2⤵
  PID:4516
- C:\Windows\System\jYHPlkK.exe
  C:\Windows\System\jYHPlkK.exe
  2⤵
  PID:4536
- C:\Windows\System\VzMqiwo.exe
  C:\Windows\System\VzMqiwo.exe
  2⤵
  PID:4564
- C:\Windows\System\YYSqGOY.exe
  C:\Windows\System\YYSqGOY.exe
  2⤵
  PID:4580
- C:\Windows\System\zCFVtRa.exe
  C:\Windows\System\zCFVtRa.exe
  2⤵
  PID:4604
- C:\Windows\System\HdzrNsp.exe
  C:\Windows\System\HdzrNsp.exe
  2⤵
  PID:4624
- C:\Windows\System\IeRBHnq.exe
  C:\Windows\System\IeRBHnq.exe
  2⤵
  PID:4640
- C:\Windows\System\FeJIzlT.exe
  C:\Windows\System\FeJIzlT.exe
  2⤵
  PID:4656
- C:\Windows\System\yMLpSOc.exe
  C:\Windows\System\yMLpSOc.exe
  2⤵
  PID:4676
- C:\Windows\System\xrUMUpT.exe
  C:\Windows\System\xrUMUpT.exe
  2⤵
  PID:4692
- C:\Windows\System\LnHlyPN.exe
  C:\Windows\System\LnHlyPN.exe
  2⤵
  PID:4708
- C:\Windows\System\DeblYVB.exe
  C:\Windows\System\DeblYVB.exe
  2⤵
  PID:4728
- C:\Windows\System\dGWlIKl.exe
  C:\Windows\System\dGWlIKl.exe
  2⤵
  PID:4748
- C:\Windows\System\anrfMNp.exe
  C:\Windows\System\anrfMNp.exe
  2⤵
  PID:4768
- C:\Windows\System\ruuWNXj.exe
  C:\Windows\System\ruuWNXj.exe
  2⤵
  PID:4800
- C:\Windows\System\iwCFQno.exe
  C:\Windows\System\iwCFQno.exe
  2⤵
  PID:4820
- C:\Windows\System\OADjIbQ.exe
  C:\Windows\System\OADjIbQ.exe
  2⤵
  PID:4844
- C:\Windows\System\BSIXFkR.exe
  C:\Windows\System\BSIXFkR.exe
  2⤵
  PID:4868
- C:\Windows\System\IyRPrSj.exe
  C:\Windows\System\IyRPrSj.exe
  2⤵
  PID:4888
- C:\Windows\System\AnsdvFC.exe
  C:\Windows\System\AnsdvFC.exe
  2⤵
  PID:4908
- C:\Windows\System\nVHDXAa.exe
  C:\Windows\System\nVHDXAa.exe
  2⤵
  PID:4932
- C:\Windows\System\yKGRQcg.exe
  C:\Windows\System\yKGRQcg.exe
  2⤵
  PID:4952
- C:\Windows\System\GeltEbZ.exe
  C:\Windows\System\GeltEbZ.exe
  2⤵
  PID:4972
- C:\Windows\System\ldIbrpS.exe
  C:\Windows\System\ldIbrpS.exe
  2⤵
  PID:5000
- C:\Windows\System\BneXfkJ.exe
  C:\Windows\System\BneXfkJ.exe
  2⤵
  PID:5020
- C:\Windows\System\biYWsES.exe
  C:\Windows\System\biYWsES.exe
  2⤵
  PID:5040
- C:\Windows\System\LrpLTKK.exe
  C:\Windows\System\LrpLTKK.exe
  2⤵
  PID:5060
- C:\Windows\System\VtoGmQO.exe
  C:\Windows\System\VtoGmQO.exe
  2⤵
  PID:5080
- C:\Windows\System\plDSyEt.exe
  C:\Windows\System\plDSyEt.exe
  2⤵
  PID:5100
- C:\Windows\System\mnemohT.exe
  C:\Windows\System\mnemohT.exe
  2⤵
  PID:2928
- C:\Windows\System\WjbZHui.exe
  C:\Windows\System\WjbZHui.exe
  2⤵
  PID:3984
- C:\Windows\System\BszTrVY.exe
  C:\Windows\System\BszTrVY.exe
  2⤵
  PID:3616
- C:\Windows\System\ZxglDyE.exe
  C:\Windows\System\ZxglDyE.exe
  2⤵
  PID:2172
- C:\Windows\System\KmptXXX.exe
  C:\Windows\System\KmptXXX.exe
  2⤵
  PID:3960
- C:\Windows\System\xSHfHCQ.exe
  C:\Windows\System\xSHfHCQ.exe
  2⤵
  PID:3976
- C:\Windows\System\EeDPiIg.exe
  C:\Windows\System\EeDPiIg.exe
  2⤵
  PID:3924
- C:\Windows\System\Mntyfry.exe
  C:\Windows\System\Mntyfry.exe
  2⤵
  PID:4152
- C:\Windows\System\pHSDyhB.exe
  C:\Windows\System\pHSDyhB.exe
  2⤵
  PID:3188
- C:\Windows\System\DHjsBXO.exe
  C:\Windows\System\DHjsBXO.exe
  2⤵
  PID:4100
- C:\Windows\System\VHTTQZS.exe
  C:\Windows\System\VHTTQZS.exe
  2⤵
  PID:4312
- C:\Windows\System\BojPzCj.exe
  C:\Windows\System\BojPzCj.exe
  2⤵
  PID:4136
- C:\Windows\System\WbjOnfw.exe
  C:\Windows\System\WbjOnfw.exe
  2⤵
  PID:4168
- C:\Windows\System\PHVDAlN.exe
  C:\Windows\System\PHVDAlN.exe
  2⤵
  PID:4328
- C:\Windows\System\vHPJskr.exe
  C:\Windows\System\vHPJskr.exe
  2⤵
  PID:4348
- C:\Windows\System\lAMrhYz.exe
  C:\Windows\System\lAMrhYz.exe
  2⤵
  PID:4392
- C:\Windows\System\YSnbaPo.exe
  C:\Windows\System\YSnbaPo.exe
  2⤵
  PID:4452
- C:\Windows\System\GiPGvNa.exe
  C:\Windows\System\GiPGvNa.exe
  2⤵
  PID:4396
- C:\Windows\System\IaOHzqz.exe
  C:\Windows\System\IaOHzqz.exe
  2⤵
  PID:2876
- C:\Windows\System\qLWfmvP.exe
  C:\Windows\System\qLWfmvP.exe
  2⤵
  PID:4492
- C:\Windows\System\ANcMWCk.exe
  C:\Windows\System\ANcMWCk.exe
  2⤵
  PID:4548
- C:\Windows\System\CDBsqzN.exe
  C:\Windows\System\CDBsqzN.exe
  2⤵
  PID:4588
- C:\Windows\System\YHzhLjx.exe
  C:\Windows\System\YHzhLjx.exe
  2⤵
  PID:4576
- C:\Windows\System\rjqPFhH.exe
  C:\Windows\System\rjqPFhH.exe
  2⤵
  PID:4616
- C:\Windows\System\QnTnsvH.exe
  C:\Windows\System\QnTnsvH.exe
  2⤵
  PID:4620
- C:\Windows\System\pHnOqzX.exe
  C:\Windows\System\pHnOqzX.exe
  2⤵
  PID:4776
- C:\Windows\System\toNOXxx.exe
  C:\Windows\System\toNOXxx.exe
  2⤵
  PID:4796
- C:\Windows\System\sGoHwxc.exe
  C:\Windows\System\sGoHwxc.exe
  2⤵
  PID:4840
- C:\Windows\System\LVvcRDB.exe
  C:\Windows\System\LVvcRDB.exe
  2⤵
  PID:4688
- C:\Windows\System\BdUdOUF.exe
  C:\Windows\System\BdUdOUF.exe
  2⤵
  PID:4884
- C:\Windows\System\MNjFMnS.exe
  C:\Windows\System\MNjFMnS.exe
  2⤵
  PID:4808
- C:\Windows\System\krbcgVZ.exe
  C:\Windows\System\krbcgVZ.exe
  2⤵
  PID:4856
- C:\Windows\System\IYawyIb.exe
  C:\Windows\System\IYawyIb.exe
  2⤵
  PID:4928
- C:\Windows\System\yoyLavl.exe
  C:\Windows\System\yoyLavl.exe
  2⤵
  PID:4960
- C:\Windows\System\SbqwSrj.exe
  C:\Windows\System\SbqwSrj.exe
  2⤵
  PID:4948
- C:\Windows\System\eZdSqNC.exe
  C:\Windows\System\eZdSqNC.exe
  2⤵
  PID:4996
- C:\Windows\System\FdFmCnK.exe
  C:\Windows\System\FdFmCnK.exe
  2⤵
  PID:5052
- C:\Windows\System\ZDQVWxA.exe
  C:\Windows\System\ZDQVWxA.exe
  2⤵
  PID:5036
- C:\Windows\System\ZpBXLTT.exe
  C:\Windows\System\ZpBXLTT.exe
  2⤵
  PID:1924
- C:\Windows\System\VugaxcY.exe
  C:\Windows\System\VugaxcY.exe
  2⤵
  PID:3112
- C:\Windows\System\BGtvzxe.exe
  C:\Windows\System\BGtvzxe.exe
  2⤵
  PID:3688
- C:\Windows\System\oMYmdug.exe
  C:\Windows\System\oMYmdug.exe
  2⤵
  PID:3204
- C:\Windows\System\KBjPDON.exe
  C:\Windows\System\KBjPDON.exe
  2⤵
  PID:3436
- C:\Windows\System\dNnbhch.exe
  C:\Windows\System\dNnbhch.exe
  2⤵
  PID:3488
- C:\Windows\System\nExiBeD.exe
  C:\Windows\System\nExiBeD.exe
  2⤵
  PID:4200
- C:\Windows\System\CCzakPO.exe
  C:\Windows\System\CCzakPO.exe
  2⤵
  PID:4308
- C:\Windows\System\ZmvwKhu.exe
  C:\Windows\System\ZmvwKhu.exe
  2⤵
  PID:4252
- C:\Windows\System\YJHAZRf.exe
  C:\Windows\System\YJHAZRf.exe
  2⤵
  PID:4416
- C:\Windows\System\OyJZDSk.exe
  C:\Windows\System\OyJZDSk.exe
  2⤵
  PID:4212
- C:\Windows\System\KzXMBYk.exe
  C:\Windows\System\KzXMBYk.exe
  2⤵
  PID:1100
- C:\Windows\System\XmBDPkY.exe
  C:\Windows\System\XmBDPkY.exe
  2⤵
  PID:4496
- C:\Windows\System\pESmOOW.exe
  C:\Windows\System\pESmOOW.exe
  2⤵
  PID:4636
- C:\Windows\System\oPuFGoQ.exe
  C:\Windows\System\oPuFGoQ.exe
  2⤵
  PID:4600
- C:\Windows\System\TOCAVAS.exe
  C:\Windows\System\TOCAVAS.exe
  2⤵
  PID:4464
- C:\Windows\System\YGNSKWd.exe
  C:\Windows\System\YGNSKWd.exe
  2⤵
  PID:4836
- C:\Windows\System\mUufIqb.exe
  C:\Windows\System\mUufIqb.exe
  2⤵
  PID:4724
- C:\Windows\System\cXSjAmy.exe
  C:\Windows\System\cXSjAmy.exe
  2⤵
  PID:4832
- C:\Windows\System\ALzHemN.exe
  C:\Windows\System\ALzHemN.exe
  2⤵
  PID:4904
- C:\Windows\System\DiqtLYG.exe
  C:\Windows\System\DiqtLYG.exe
  2⤵
  PID:5016
- C:\Windows\System\rnggvtv.exe
  C:\Windows\System\rnggvtv.exe
  2⤵
  PID:4920
- C:\Windows\System\FnMdrFQ.exe
  C:\Windows\System\FnMdrFQ.exe
  2⤵
  PID:3572
- C:\Windows\System\gJRHVYh.exe
  C:\Windows\System\gJRHVYh.exe
  2⤵
  PID:4944
- C:\Windows\System\AhCVvXc.exe
  C:\Windows\System\AhCVvXc.exe
  2⤵
  PID:5076
- C:\Windows\System\GjBrMXq.exe
  C:\Windows\System\GjBrMXq.exe
  2⤵
  PID:3996
- C:\Windows\System\lJZFtWN.exe
  C:\Windows\System\lJZFtWN.exe
  2⤵
  PID:4076
- C:\Windows\System\hvOkiGM.exe
  C:\Windows\System\hvOkiGM.exe
  2⤵
  PID:4280
- C:\Windows\System\LdSJPuW.exe
  C:\Windows\System\LdSJPuW.exe
  2⤵
  PID:4336
- C:\Windows\System\dFmtIgf.exe
  C:\Windows\System\dFmtIgf.exe
  2⤵
  PID:4512
- C:\Windows\System\VxlGeFZ.exe
  C:\Windows\System\VxlGeFZ.exe
  2⤵
  PID:4524
- C:\Windows\System\JbkKIyh.exe
  C:\Windows\System\JbkKIyh.exe
  2⤵
  PID:4248
- C:\Windows\System\NJbVxtl.exe
  C:\Windows\System\NJbVxtl.exe
  2⤵
  PID:4664
- C:\Windows\System\njKhbXw.exe
  C:\Windows\System\njKhbXw.exe
  2⤵
  PID:4852
- C:\Windows\System\hjHdbru.exe
  C:\Windows\System\hjHdbru.exe
  2⤵
  PID:4572
- C:\Windows\System\nCnCJWC.exe
  C:\Windows\System\nCnCJWC.exe
  2⤵
  PID:4700
- C:\Windows\System\yguBlQt.exe
  C:\Windows\System\yguBlQt.exe
  2⤵
  PID:4964
- C:\Windows\System\wPIarsC.exe
  C:\Windows\System\wPIarsC.exe
  2⤵
  PID:5112
- C:\Windows\System\edXYnCx.exe
  C:\Windows\System\edXYnCx.exe
  2⤵
  PID:4132
- C:\Windows\System\MKfdZpB.exe
  C:\Windows\System\MKfdZpB.exe
  2⤵
  PID:4352
- C:\Windows\System\rAFvaJU.exe
  C:\Windows\System\rAFvaJU.exe
  2⤵
  PID:3880
- C:\Windows\System\ngduGiR.exe
  C:\Windows\System\ngduGiR.exe
  2⤵
  PID:4704
- C:\Windows\System\EWFpyCQ.exe
  C:\Windows\System\EWFpyCQ.exe
  2⤵
  PID:4360
- C:\Windows\System\XszvLvc.exe
  C:\Windows\System\XszvLvc.exe
  2⤵
  PID:4876
- C:\Windows\System\mbTeJgC.exe
  C:\Windows\System\mbTeJgC.exe
  2⤵
  PID:5096
- C:\Windows\System\PToNPwJ.exe
  C:\Windows\System\PToNPwJ.exe
  2⤵
  PID:5116
- C:\Windows\System\QQvuppc.exe
  C:\Windows\System\QQvuppc.exe
  2⤵
  PID:4764
- C:\Windows\System\xrfswjO.exe
  C:\Windows\System\xrfswjO.exe
  2⤵
  PID:5028
- C:\Windows\System\YUZzIjf.exe
  C:\Windows\System\YUZzIjf.exe
  2⤵
  PID:4740
- C:\Windows\System\EJbFxIL.exe
  C:\Windows\System\EJbFxIL.exe
  2⤵
  PID:4180
- C:\Windows\System\bXeruFw.exe
  C:\Windows\System\bXeruFw.exe
  2⤵
  PID:4192
- C:\Windows\System\TzacpqB.exe
  C:\Windows\System\TzacpqB.exe
  2⤵
  PID:5124
- C:\Windows\System\uDuATWy.exe
  C:\Windows\System\uDuATWy.exe
  2⤵
  PID:5144
- C:\Windows\System\SjOJuFf.exe
  C:\Windows\System\SjOJuFf.exe
  2⤵
  PID:5164
- C:\Windows\System\XOeachf.exe
  C:\Windows\System\XOeachf.exe
  2⤵
  PID:5184
- C:\Windows\System\UreYvrf.exe
  C:\Windows\System\UreYvrf.exe
  2⤵
  PID:5204
- C:\Windows\System\dJdLxwc.exe
  C:\Windows\System\dJdLxwc.exe
  2⤵
  PID:5224
- C:\Windows\System\AXAoDfH.exe
  C:\Windows\System\AXAoDfH.exe
  2⤵
  PID:5240
- C:\Windows\System\XfQOPjm.exe
  C:\Windows\System\XfQOPjm.exe
  2⤵
  PID:5264
- C:\Windows\System\jBEQYxX.exe
  C:\Windows\System\jBEQYxX.exe
  2⤵
  PID:5284
- C:\Windows\System\iKXfQgF.exe
  C:\Windows\System\iKXfQgF.exe
  2⤵
  PID:5304
- C:\Windows\System\AMedWpd.exe
  C:\Windows\System\AMedWpd.exe
  2⤵
  PID:5324
- C:\Windows\System\wmRoGMn.exe
  C:\Windows\System\wmRoGMn.exe
  2⤵
  PID:5344
- C:\Windows\System\hJVlnfi.exe
  C:\Windows\System\hJVlnfi.exe
  2⤵
  PID:5364
- C:\Windows\System\TKaxowK.exe
  C:\Windows\System\TKaxowK.exe
  2⤵
  PID:5384
- C:\Windows\System\SVrPPTJ.exe
  C:\Windows\System\SVrPPTJ.exe
  2⤵
  PID:5400
- C:\Windows\System\epzKWuC.exe
  C:\Windows\System\epzKWuC.exe
  2⤵
  PID:5420
- C:\Windows\System\dGKsesm.exe
  C:\Windows\System\dGKsesm.exe
  2⤵
  PID:5444
- C:\Windows\System\mrSBBvq.exe
  C:\Windows\System\mrSBBvq.exe
  2⤵
  PID:5460
- C:\Windows\System\JrlmeFK.exe
  C:\Windows\System\JrlmeFK.exe
  2⤵
  PID:5484
- C:\Windows\System\OSdvgWE.exe
  C:\Windows\System\OSdvgWE.exe
  2⤵
  PID:5504
- C:\Windows\System\NxkODnZ.exe
  C:\Windows\System\NxkODnZ.exe
  2⤵
  PID:5524
- C:\Windows\System\QLhRUvD.exe
  C:\Windows\System\QLhRUvD.exe
  2⤵
  PID:5544
- C:\Windows\System\VyLInVe.exe
  C:\Windows\System\VyLInVe.exe
  2⤵
  PID:5564
- C:\Windows\System\pbHTMTo.exe
  C:\Windows\System\pbHTMTo.exe
  2⤵
  PID:5580
- C:\Windows\System\CcywNDG.exe
  C:\Windows\System\CcywNDG.exe
  2⤵
  PID:5604
- C:\Windows\System\uOQpLOS.exe
  C:\Windows\System\uOQpLOS.exe
  2⤵
  PID:5624
- C:\Windows\System\hBcTDEY.exe
  C:\Windows\System\hBcTDEY.exe
  2⤵
  PID:5644
- C:\Windows\System\dsuLamS.exe
  C:\Windows\System\dsuLamS.exe
  2⤵
  PID:5664
- C:\Windows\System\iwoYvCU.exe
  C:\Windows\System\iwoYvCU.exe
  2⤵
  PID:5684
- C:\Windows\System\xZkExJZ.exe
  C:\Windows\System\xZkExJZ.exe
  2⤵
  PID:5704
- C:\Windows\System\ltBQrtK.exe
  C:\Windows\System\ltBQrtK.exe
  2⤵
  PID:5724
- C:\Windows\System\pvLsuIG.exe
  C:\Windows\System\pvLsuIG.exe
  2⤵
  PID:5744
- C:\Windows\System\qegGjNC.exe
  C:\Windows\System\qegGjNC.exe
  2⤵
  PID:5764
- C:\Windows\System\Uazugsc.exe
  C:\Windows\System\Uazugsc.exe
  2⤵
  PID:5784
- C:\Windows\System\qvXirYY.exe
  C:\Windows\System\qvXirYY.exe
  2⤵
  PID:5804
- C:\Windows\System\gcauWIJ.exe
  C:\Windows\System\gcauWIJ.exe
  2⤵
  PID:5824
- C:\Windows\System\sSSrdwH.exe
  C:\Windows\System\sSSrdwH.exe
  2⤵
  PID:5844
- C:\Windows\System\XdjXzxe.exe
  C:\Windows\System\XdjXzxe.exe
  2⤵
  PID:5864
- C:\Windows\System\OXyPXfN.exe
  C:\Windows\System\OXyPXfN.exe
  2⤵
  PID:5884
- C:\Windows\System\bpUfeUd.exe
  C:\Windows\System\bpUfeUd.exe
  2⤵
  PID:5904
- C:\Windows\System\BYUoopW.exe
  C:\Windows\System\BYUoopW.exe
  2⤵
  PID:5920
- C:\Windows\System\wEFCHjD.exe
  C:\Windows\System\wEFCHjD.exe
  2⤵
  PID:5944
- C:\Windows\System\VwOqwSG.exe
  C:\Windows\System\VwOqwSG.exe
  2⤵
  PID:5964
- C:\Windows\System\pBiMYpr.exe
  C:\Windows\System\pBiMYpr.exe
  2⤵
  PID:5984
- C:\Windows\System\prxpNOQ.exe
  C:\Windows\System\prxpNOQ.exe
  2⤵
  PID:6004
- C:\Windows\System\XQygnIq.exe
  C:\Windows\System\XQygnIq.exe
  2⤵
  PID:6024
- C:\Windows\System\yRvLnrL.exe
  C:\Windows\System\yRvLnrL.exe
  2⤵
  PID:6044
- C:\Windows\System\jifmgId.exe
  C:\Windows\System\jifmgId.exe
  2⤵
  PID:6064
- C:\Windows\System\ZHBFMLe.exe
  C:\Windows\System\ZHBFMLe.exe
  2⤵
  PID:6088
- C:\Windows\System\GfVzHUf.exe
  C:\Windows\System\GfVzHUf.exe
  2⤵
  PID:6108
- C:\Windows\System\ITrGaAd.exe
  C:\Windows\System\ITrGaAd.exe
  2⤵
  PID:6128
- C:\Windows\System\ovODaDx.exe
  C:\Windows\System\ovODaDx.exe
  2⤵
  PID:4896
- C:\Windows\System\QzCLqRU.exe
  C:\Windows\System\QzCLqRU.exe
  2⤵
  PID:4220
- C:\Windows\System\NNSrnlB.exe
  C:\Windows\System\NNSrnlB.exe
  2⤵
  PID:4544
- C:\Windows\System\FKatsce.exe
  C:\Windows\System\FKatsce.exe
  2⤵
  PID:4924
- C:\Windows\System\bUHKbeJ.exe
  C:\Windows\System\bUHKbeJ.exe
  2⤵
  PID:5140
- C:\Windows\System\qppuGYx.exe
  C:\Windows\System\qppuGYx.exe
  2⤵
  PID:5196
- C:\Windows\System\jjEqcHX.exe
  C:\Windows\System\jjEqcHX.exe
  2⤵
  PID:5232
- C:\Windows\System\SIhBkDL.exe
  C:\Windows\System\SIhBkDL.exe
  2⤵
  PID:5216
- C:\Windows\System\lkwRjul.exe
  C:\Windows\System\lkwRjul.exe
  2⤵
  PID:5260
- C:\Windows\System\cmhIHnE.exe
  C:\Windows\System\cmhIHnE.exe
  2⤵
  PID:5360
- C:\Windows\System\GBpJkuo.exe
  C:\Windows\System\GBpJkuo.exe
  2⤵
  PID:5340
- C:\Windows\System\lCEvWPB.exe
  C:\Windows\System\lCEvWPB.exe
  2⤵
  PID:5372
- C:\Windows\System\djsCGYk.exe
  C:\Windows\System\djsCGYk.exe
  2⤵
  PID:5408
- C:\Windows\System\aPkkMXX.exe
  C:\Windows\System\aPkkMXX.exe
  2⤵
  PID:5412
- C:\Windows\System\XgUdNcx.exe
  C:\Windows\System\XgUdNcx.exe
  2⤵
  PID:5496
- C:\Windows\System\WxXYDMO.exe
  C:\Windows\System\WxXYDMO.exe
  2⤵
  PID:5556
- C:\Windows\System\lnPxeaQ.exe
  C:\Windows\System\lnPxeaQ.exe
  2⤵
  PID:5596
- C:\Windows\System\uLxRtzY.exe
  C:\Windows\System\uLxRtzY.exe
  2⤵
  PID:5576
- C:\Windows\System\vdgocbG.exe
  C:\Windows\System\vdgocbG.exe
  2⤵
  PID:5636
- C:\Windows\System\AlecmtE.exe
  C:\Windows\System\AlecmtE.exe
  2⤵
  PID:5660
- C:\Windows\System\AtzYWTH.exe
  C:\Windows\System\AtzYWTH.exe
  2⤵
  PID:5712
- C:\Windows\System\yutLGVO.exe
  C:\Windows\System\yutLGVO.exe
  2⤵
  PID:5716
- C:\Windows\System\hZAjPWY.exe
  C:\Windows\System\hZAjPWY.exe
  2⤵
  PID:5740
- C:\Windows\System\XhqBewo.exe
  C:\Windows\System\XhqBewo.exe
  2⤵
  PID:5780
- C:\Windows\System\UEYjior.exe
  C:\Windows\System\UEYjior.exe
  2⤵
  PID:5832
- C:\Windows\System\cSCMmqe.exe
  C:\Windows\System\cSCMmqe.exe
  2⤵
  PID:5812
- C:\Windows\System\WQeegnS.exe
  C:\Windows\System\WQeegnS.exe
  2⤵
  PID:5872
- C:\Windows\System\mGGfKoD.exe
  C:\Windows\System\mGGfKoD.exe
  2⤵
  PID:5860
- C:\Windows\System\yfilONk.exe
  C:\Windows\System\yfilONk.exe
  2⤵
  PID:5892
- C:\Windows\System\bNFgDgR.exe
  C:\Windows\System\bNFgDgR.exe
  2⤵
  PID:5960
- C:\Windows\System\pYBDotM.exe
  C:\Windows\System\pYBDotM.exe
  2⤵
  PID:5940
- C:\Windows\System\eZVjnYM.exe
  C:\Windows\System\eZVjnYM.exe
  2⤵
  PID:5980
- C:\Windows\System\qgqVbRg.exe
  C:\Windows\System\qgqVbRg.exe
  2⤵
  PID:1752
- C:\Windows\System\uiUFzMO.exe
  C:\Windows\System\uiUFzMO.exe
  2⤵
  PID:6016
- C:\Windows\System\VJxccZs.exe
  C:\Windows\System\VJxccZs.exe
  2⤵
  PID:6052
- C:\Windows\System\WpgyKKU.exe
  C:\Windows\System\WpgyKKU.exe
  2⤵
  PID:6076
- C:\Windows\System\kOpAdJH.exe
  C:\Windows\System\kOpAdJH.exe
  2⤵
  PID:6104
- C:\Windows\System\vqLaLBf.exe
  C:\Windows\System\vqLaLBf.exe
  2⤵
  PID:4720
- C:\Windows\System\sebOUNV.exe
  C:\Windows\System\sebOUNV.exe
  2⤵
  PID:5192
- C:\Windows\System\vivybpi.exe
  C:\Windows\System\vivybpi.exe
  2⤵
  PID:5160
- C:\Windows\System\mSEgCjI.exe
  C:\Windows\System\mSEgCjI.exe
  2⤵
  PID:5436
- C:\Windows\System\vMiQLow.exe
  C:\Windows\System\vMiQLow.exe
  2⤵
  PID:5332
- C:\Windows\System\PlQXmiM.exe
  C:\Windows\System\PlQXmiM.exe
  2⤵
  PID:2232
- C:\Windows\System\zmwAawz.exe
  C:\Windows\System\zmwAawz.exe
  2⤵
  PID:2704
- C:\Windows\System\tavgQsV.exe
  C:\Windows\System\tavgQsV.exe
  2⤵
  PID:1964
- C:\Windows\System\mUbXTmG.exe
  C:\Windows\System\mUbXTmG.exe
  2⤵
  PID:5456
- C:\Windows\System\owlPiEY.exe
  C:\Windows\System\owlPiEY.exe
  2⤵
  PID:5560
- C:\Windows\System\SDZHRmp.exe
  C:\Windows\System\SDZHRmp.exe
  2⤵
  PID:5572
- C:\Windows\System\BZeInXD.exe
  C:\Windows\System\BZeInXD.exe
  2⤵
  PID:5680
- C:\Windows\System\caSnxMH.exe
  C:\Windows\System\caSnxMH.exe
  2⤵
  PID:5616
- C:\Windows\System\cuZGqiY.exe
  C:\Windows\System\cuZGqiY.exe
  2⤵
  PID:5692
- C:\Windows\System\OrQXwgu.exe
  C:\Windows\System\OrQXwgu.exe
  2⤵
  PID:5512
- C:\Windows\System\ggzJRSD.exe
  C:\Windows\System\ggzJRSD.exe
  2⤵
  PID:5816
- C:\Windows\System\vRcmVHF.exe
  C:\Windows\System\vRcmVHF.exe
  2⤵
  PID:5916
- C:\Windows\System\AGUTMtN.exe
  C:\Windows\System\AGUTMtN.exe
  2⤵
  PID:5936
- C:\Windows\System\LFEVjOt.exe
  C:\Windows\System\LFEVjOt.exe
  2⤵
  PID:6032
- C:\Windows\System\lVOgBpG.exe
  C:\Windows\System\lVOgBpG.exe
  2⤵
  PID:6136
- C:\Windows\System\PNJYATJ.exe
  C:\Windows\System\PNJYATJ.exe
  2⤵
  PID:1584
- C:\Windows\System\PYyJdjE.exe
  C:\Windows\System\PYyJdjE.exe
  2⤵
  PID:6096
- C:\Windows\System\PSoRFnh.exe
  C:\Windows\System\PSoRFnh.exe
  2⤵
  PID:4380
- C:\Windows\System\prkKHDu.exe
  C:\Windows\System\prkKHDu.exe
  2⤵
  PID:5480
- C:\Windows\System\McthGDy.exe
  C:\Windows\System\McthGDy.exe
  2⤵
  PID:2772
- C:\Windows\System\RlslPMW.exe
  C:\Windows\System\RlslPMW.exe
  2⤵
  PID:5632
- C:\Windows\System\iMcfQat.exe
  C:\Windows\System\iMcfQat.exe
  2⤵
  PID:5156
- C:\Windows\System\SJasATK.exe
  C:\Windows\System\SJasATK.exe
  2⤵
  PID:5256
- C:\Windows\System\DsIxJOg.exe
  C:\Windows\System\DsIxJOg.exe
  2⤵
  PID:5352
- C:\Windows\System\EnVgPrf.exe
  C:\Windows\System\EnVgPrf.exe
  2⤵
  PID:6072
- C:\Windows\System\RDPAQjw.exe
  C:\Windows\System\RDPAQjw.exe
  2⤵
  PID:5452
- C:\Windows\System\RhxnRaN.exe
  C:\Windows\System\RhxnRaN.exe
  2⤵
  PID:5776
- C:\Windows\System\psFbwrz.exe
  C:\Windows\System\psFbwrz.exe
  2⤵
  PID:5912
- C:\Windows\System\XCJpDSe.exe
  C:\Windows\System\XCJpDSe.exe
  2⤵
  PID:5176
- C:\Windows\System\eCnWoBh.exe
  C:\Windows\System\eCnWoBh.exe
  2⤵
  PID:1892
- C:\Windows\System\vMjPECp.exe
  C:\Windows\System\vMjPECp.exe
  2⤵
  PID:5068
- C:\Windows\System\NoTgvYJ.exe
  C:\Windows\System\NoTgvYJ.exe
  2⤵
  PID:3068
- C:\Windows\System\FMPyDHF.exe
  C:\Windows\System\FMPyDHF.exe
  2⤵
  PID:3900
- C:\Windows\System\MVxtcaB.exe
  C:\Windows\System\MVxtcaB.exe
  2⤵
  PID:2920
- C:\Windows\System\XFDojAu.exe
  C:\Windows\System\XFDojAu.exe
  2⤵
  PID:5320
- C:\Windows\System\atIKuAa.exe
  C:\Windows\System\atIKuAa.exe
  2⤵
  PID:3020
- C:\Windows\System\WzilsvC.exe
  C:\Windows\System\WzilsvC.exe
  2⤵
  PID:5252
- C:\Windows\System\PgSabtp.exe
  C:\Windows\System\PgSabtp.exe
  2⤵
  PID:1308
- C:\Windows\System\YFyODKi.exe
  C:\Windows\System\YFyODKi.exe
  2⤵
  PID:4376
- C:\Windows\System\WaPzcDL.exe
  C:\Windows\System\WaPzcDL.exe
  2⤵
  PID:5440
- C:\Windows\System\OCCynGU.exe
  C:\Windows\System\OCCynGU.exe
  2⤵
  PID:5772
- C:\Windows\System\zdoEjwC.exe
  C:\Windows\System\zdoEjwC.exe
  2⤵
  PID:5796
- C:\Windows\System\NeaalHO.exe
  C:\Windows\System\NeaalHO.exe
  2⤵
  PID:3956
- C:\Windows\System\SnIELks.exe
  C:\Windows\System\SnIELks.exe
  2⤵
  PID:6100
- C:\Windows\System\eChhLsa.exe
  C:\Windows\System\eChhLsa.exe
  2⤵
  PID:5520
- C:\Windows\System\gVzWdpQ.exe
  C:\Windows\System\gVzWdpQ.exe
  2⤵
  PID:5200
- C:\Windows\System\hXgPovs.exe
  C:\Windows\System\hXgPovs.exe
  2⤵
  PID:2416
- C:\Windows\System\yVfHRNZ.exe
  C:\Windows\System\yVfHRNZ.exe
  2⤵
  PID:2856
- C:\Windows\System\GufTrcd.exe
  C:\Windows\System\GufTrcd.exe
  2⤵
  PID:1096
- C:\Windows\System\dfBLLpM.exe
  C:\Windows\System\dfBLLpM.exe
  2⤵
  PID:3920
- C:\Windows\System\VUBjPLd.exe
  C:\Windows\System\VUBjPLd.exe
  2⤵
  PID:4432
- C:\Windows\System\boyxGLL.exe
  C:\Windows\System\boyxGLL.exe
  2⤵
  PID:2076
- C:\Windows\System\cLAMAgl.exe
  C:\Windows\System\cLAMAgl.exe
  2⤵
  PID:6036
- C:\Windows\System\kQECzGZ.exe
  C:\Windows\System\kQECzGZ.exe
  2⤵
  PID:5376
- C:\Windows\System\jrOoBSF.exe
  C:\Windows\System\jrOoBSF.exe
  2⤵
  PID:6184
- C:\Windows\System\jhNdQZB.exe
  C:\Windows\System\jhNdQZB.exe
  2⤵
  PID:6200
- C:\Windows\System\WTjsEkx.exe
  C:\Windows\System\WTjsEkx.exe
  2⤵
  PID:6216
- C:\Windows\System\mzVxGXr.exe
  C:\Windows\System\mzVxGXr.exe
  2⤵
  PID:6232
- C:\Windows\System\VojwogT.exe
  C:\Windows\System\VojwogT.exe
  2⤵
  PID:6252
- C:\Windows\System\RJvBNWx.exe
  C:\Windows\System\RJvBNWx.exe
  2⤵
  PID:6268
- C:\Windows\System\ynPaKZs.exe
  C:\Windows\System\ynPaKZs.exe
  2⤵
  PID:6284
- C:\Windows\System\VgBmHoE.exe
  C:\Windows\System\VgBmHoE.exe
  2⤵
  PID:6300
- C:\Windows\System\BtESMCH.exe
  C:\Windows\System\BtESMCH.exe
  2⤵
  PID:6316
- C:\Windows\System\YLQowLN.exe
  C:\Windows\System\YLQowLN.exe
  2⤵
  PID:6340
- C:\Windows\System\jNEtvzo.exe
  C:\Windows\System\jNEtvzo.exe
  2⤵
  PID:6368
- C:\Windows\System\EIHIaRL.exe
  C:\Windows\System\EIHIaRL.exe
  2⤵
  PID:6392
- C:\Windows\System\gHsBEQe.exe
  C:\Windows\System\gHsBEQe.exe
  2⤵
  PID:6440
- C:\Windows\System\KQYqjaW.exe
  C:\Windows\System\KQYqjaW.exe
  2⤵
  PID:6468
- C:\Windows\System\bRHTJVC.exe
  C:\Windows\System\bRHTJVC.exe
  2⤵
  PID:6484
- C:\Windows\System\QhpFPbf.exe
  C:\Windows\System\QhpFPbf.exe
  2⤵
  PID:6500
- C:\Windows\System\GzIwMAF.exe
  C:\Windows\System\GzIwMAF.exe
  2⤵
  PID:6516
- C:\Windows\System\KsDGLoh.exe
  C:\Windows\System\KsDGLoh.exe
  2⤵
  PID:6532
- C:\Windows\System\JXGzUee.exe
  C:\Windows\System\JXGzUee.exe
  2⤵
  PID:6548
- C:\Windows\System\AUmCRpK.exe
  C:\Windows\System\AUmCRpK.exe
  2⤵
  PID:6652
- C:\Windows\System\sqeTtks.exe
  C:\Windows\System\sqeTtks.exe
  2⤵
  PID:6668
- C:\Windows\System\tHuSKrI.exe
  C:\Windows\System\tHuSKrI.exe
  2⤵
  PID:6692
- C:\Windows\System\oqLIvoq.exe
  C:\Windows\System\oqLIvoq.exe
  2⤵
  PID:6712
- C:\Windows\System\COtZaxA.exe
  C:\Windows\System\COtZaxA.exe
  2⤵
  PID:6736
- C:\Windows\System\jaDlZDo.exe
  C:\Windows\System\jaDlZDo.exe
  2⤵
  PID:6756
- C:\Windows\System\BuePcAp.exe
  C:\Windows\System\BuePcAp.exe
  2⤵
  PID:6776
- C:\Windows\System\ndhcpYF.exe
  C:\Windows\System\ndhcpYF.exe
  2⤵
  PID:6792
- C:\Windows\System\YtlnAQd.exe
  C:\Windows\System\YtlnAQd.exe
  2⤵
  PID:6808
- C:\Windows\System\CPNTveJ.exe
  C:\Windows\System\CPNTveJ.exe
  2⤵
  PID:6828
- C:\Windows\System\AmEXfRv.exe
  C:\Windows\System\AmEXfRv.exe
  2⤵
  PID:6844
- C:\Windows\System\XaHmHxc.exe
  C:\Windows\System\XaHmHxc.exe
  2⤵
  PID:6860
- C:\Windows\System\hKUPqIo.exe
  C:\Windows\System\hKUPqIo.exe
  2⤵
  PID:6876
- C:\Windows\System\uRZGlOf.exe
  C:\Windows\System\uRZGlOf.exe
  2⤵
  PID:6920
- C:\Windows\System\prHepUS.exe
  C:\Windows\System\prHepUS.exe
  2⤵
  PID:6936
- C:\Windows\System\EJuDaMQ.exe
  C:\Windows\System\EJuDaMQ.exe
  2⤵
  PID:6952
- C:\Windows\System\gaQywmh.exe
  C:\Windows\System\gaQywmh.exe
  2⤵
  PID:6968
- C:\Windows\System\WlbbIPr.exe
  C:\Windows\System\WlbbIPr.exe
  2⤵
  PID:6988
- C:\Windows\System\mnwxFVp.exe
  C:\Windows\System\mnwxFVp.exe
  2⤵
  PID:7008
- C:\Windows\System\OvHrcOv.exe
  C:\Windows\System\OvHrcOv.exe
  2⤵
  PID:7024
- C:\Windows\System\nEQlHFv.exe
  C:\Windows\System\nEQlHFv.exe
  2⤵
  PID:7040
- C:\Windows\System\WdAlYJi.exe
  C:\Windows\System\WdAlYJi.exe
  2⤵
  PID:7064
- C:\Windows\System\xpJbJOk.exe
  C:\Windows\System\xpJbJOk.exe
  2⤵
  PID:7084
- C:\Windows\System\dWPEqmH.exe
  C:\Windows\System\dWPEqmH.exe
  2⤵
  PID:7100
- C:\Windows\System\KnDnLXA.exe
  C:\Windows\System\KnDnLXA.exe
  2⤵
  PID:7120
- C:\Windows\System\blOKpMd.exe
  C:\Windows\System\blOKpMd.exe
  2⤵
  PID:7136
- C:\Windows\System\rmimqzs.exe
  C:\Windows\System\rmimqzs.exe
  2⤵
  PID:7152
- C:\Windows\System\dVotXiV.exe
  C:\Windows\System\dVotXiV.exe
  2⤵
  PID:2968
- C:\Windows\System\xIncSRF.exe
  C:\Windows\System\xIncSRF.exe
  2⤵
  PID:4532
- C:\Windows\System\YHnNvYo.exe
  C:\Windows\System\YHnNvYo.exe
  2⤵
  PID:5972
- C:\Windows\System\KACoNQw.exe
  C:\Windows\System\KACoNQw.exe
  2⤵
  PID:6168
- C:\Windows\System\KkBltGO.exe
  C:\Windows\System\KkBltGO.exe
  2⤵
  PID:6156
- C:\Windows\System\pYebNQW.exe
  C:\Windows\System\pYebNQW.exe
  2⤵
  PID:6176
- C:\Windows\System\pNBnZQo.exe
  C:\Windows\System\pNBnZQo.exe
  2⤵
  PID:6280
- C:\Windows\System\LJlvLFL.exe
  C:\Windows\System\LJlvLFL.exe
  2⤵
  PID:6228
- C:\Windows\System\HObcMvJ.exe
  C:\Windows\System\HObcMvJ.exe
  2⤵
  PID:6292
- C:\Windows\System\hnOhmtH.exe
  C:\Windows\System\hnOhmtH.exe
  2⤵
  PID:6332
- C:\Windows\System\HCLaGEk.exe
  C:\Windows\System\HCLaGEk.exe
  2⤵
  PID:6360
- C:\Windows\System\nzIdioJ.exe
  C:\Windows\System\nzIdioJ.exe
  2⤵
  PID:5500
- C:\Windows\System\vBbbpZp.exe
  C:\Windows\System\vBbbpZp.exe
  2⤵
  PID:6388
- C:\Windows\System\cBsykSv.exe
  C:\Windows\System\cBsykSv.exe
  2⤵
  PID:6412
- C:\Windows\System\krzpqvD.exe
  C:\Windows\System\krzpqvD.exe
  2⤵
  PID:6428
- C:\Windows\System\LYqkZVO.exe
  C:\Windows\System\LYqkZVO.exe
  2⤵
  PID:6460
- C:\Windows\System\lJHShzr.exe
  C:\Windows\System\lJHShzr.exe
  2⤵
  PID:6492
- C:\Windows\System\DAwmezv.exe
  C:\Windows\System\DAwmezv.exe
  2⤵
  PID:6512
- C:\Windows\System\iTYReSa.exe
  C:\Windows\System\iTYReSa.exe
  2⤵
  PID:6564
- C:\Windows\System\LEWIbHz.exe
  C:\Windows\System\LEWIbHz.exe
  2⤵
  PID:6580
- C:\Windows\System\FunqSnT.exe
  C:\Windows\System\FunqSnT.exe
  2⤵
  PID:6600
- C:\Windows\System\wkGfbZt.exe
  C:\Windows\System\wkGfbZt.exe
  2⤵
  PID:6608
- C:\Windows\System\SFZYPvC.exe
  C:\Windows\System\SFZYPvC.exe
  2⤵
  PID:6624
- C:\Windows\System\kYIOipb.exe
  C:\Windows\System\kYIOipb.exe
  2⤵
  PID:6636
- C:\Windows\System\DoKPqZI.exe
  C:\Windows\System\DoKPqZI.exe
  2⤵
  PID:6560
- C:\Windows\System\RupvRdK.exe
  C:\Windows\System\RupvRdK.exe
  2⤵
  PID:6688
- C:\Windows\System\EcOKawm.exe
  C:\Windows\System\EcOKawm.exe
  2⤵
  PID:6704
- C:\Windows\System\wNmLend.exe
  C:\Windows\System\wNmLend.exe
  2⤵
  PID:6180
- C:\Windows\System\nvhwfaL.exe
  C:\Windows\System\nvhwfaL.exe
  2⤵
  PID:6752
- C:\Windows\System\oOPzAZw.exe
  C:\Windows\System\oOPzAZw.exe
  2⤵
  PID:6788
- C:\Windows\System\GXlZIcd.exe
  C:\Windows\System\GXlZIcd.exe
  2⤵
  PID:6804
- C:\Windows\System\ckDCFQz.exe
  C:\Windows\System\ckDCFQz.exe
  2⤵
  PID:6820
- C:\Windows\System\lYxPSWO.exe
  C:\Windows\System\lYxPSWO.exe
  2⤵
  PID:6856
- C:\Windows\System\aObwAmU.exe
  C:\Windows\System\aObwAmU.exe
  2⤵
  PID:6916
- C:\Windows\System\ZSAinHH.exe
  C:\Windows\System\ZSAinHH.exe
  2⤵
  PID:6908
- C:\Windows\System\QZARSBN.exe
  C:\Windows\System\QZARSBN.exe
  2⤵
  PID:6932
- C:\Windows\System\AdEteIl.exe
  C:\Windows\System\AdEteIl.exe
  2⤵
  PID:7016
- C:\Windows\System\yxUpDwf.exe
  C:\Windows\System\yxUpDwf.exe
  2⤵
  PID:7048
- C:\Windows\System\vvZwaQW.exe
  C:\Windows\System\vvZwaQW.exe
  2⤵
  PID:7060
- C:\Windows\System\VyiLtCX.exe
  C:\Windows\System\VyiLtCX.exe
  2⤵
  PID:7132
- C:\Windows\System\WhfUjLp.exe
  C:\Windows\System\WhfUjLp.exe
  2⤵
  PID:7164
- C:\Windows\System\yoLXfCM.exe
  C:\Windows\System\yoLXfCM.exe
  2⤵
  PID:7032
- C:\Windows\System\GYPgALv.exe
  C:\Windows\System\GYPgALv.exe
  2⤵
  PID:7076
- C:\Windows\System\tRQxeSy.exe
  C:\Windows\System\tRQxeSy.exe
  2⤵
  PID:7144
- C:\Windows\System\ZqxkZDv.exe
  C:\Windows\System\ZqxkZDv.exe
  2⤵
  PID:6208
- C:\Windows\System\sLrEHOL.exe
  C:\Windows\System\sLrEHOL.exe
  2⤵
  PID:6224
- C:\Windows\System\mhxasyC.exe
  C:\Windows\System\mhxasyC.exe
  2⤵
  PID:6336
- C:\Windows\System\RYsvXuQ.exe
  C:\Windows\System\RYsvXuQ.exe
  2⤵
  PID:6248
- C:\Windows\System\QJCnFXc.exe
  C:\Windows\System\QJCnFXc.exe
  2⤵
  PID:2112
- C:\Windows\System\oYxICYU.exe
  C:\Windows\System\oYxICYU.exe
  2⤵
  PID:6364
- C:\Windows\System\LZCSmPs.exe
  C:\Windows\System\LZCSmPs.exe
  2⤵
  PID:6408
- C:\Windows\System\Xkqzaaf.exe
  C:\Windows\System\Xkqzaaf.exe
  2⤵
  PID:1716
- C:\Windows\System\lsmYgod.exe
  C:\Windows\System\lsmYgod.exe
  2⤵
  PID:6424
- C:\Windows\System\vVxsGHU.exe
  C:\Windows\System\vVxsGHU.exe
  2⤵
  PID:6592
- C:\Windows\System\GzdDhkS.exe
  C:\Windows\System\GzdDhkS.exe
  2⤵
  PID:6628
- C:\Windows\System\EWAMSmz.exe
  C:\Windows\System\EWAMSmz.exe
  2⤵
  PID:6720
- C:\Windows\System\sWMlaqS.exe
  C:\Windows\System\sWMlaqS.exe
  2⤵
  PID:6436
- C:\Windows\System\OPPhlsR.exe
  C:\Windows\System\OPPhlsR.exe
  2⤵
  PID:6840
- C:\Windows\System\XLPSnaa.exe
  C:\Windows\System\XLPSnaa.exe
  2⤵
  PID:6644
- C:\Windows\System\hcziDQZ.exe
  C:\Windows\System\hcziDQZ.exe
  2⤵
  PID:6948
- C:\Windows\System\uuRsrtR.exe
  C:\Windows\System\uuRsrtR.exe
  2⤵
  PID:6432
- C:\Windows\System\EUEcTMA.exe
  C:\Windows\System\EUEcTMA.exe
  2⤵
  PID:6556
- C:\Windows\System\fMNUUtj.exe
  C:\Windows\System\fMNUUtj.exe
  2⤵
  PID:6976
- C:\Windows\System\hZmbiEr.exe
  C:\Windows\System\hZmbiEr.exe
  2⤵
  PID:6744
- C:\Windows\System\HCblsum.exe
  C:\Windows\System\HCblsum.exe
  2⤵
  PID:7096
- C:\Windows\System\cwahwAt.exe
  C:\Windows\System\cwahwAt.exe
  2⤵
  PID:6944
- C:\Windows\System\pajqqBu.exe
  C:\Windows\System\pajqqBu.exe
  2⤵
  PID:6172
- C:\Windows\System\qMtFKtz.exe
  C:\Windows\System\qMtFKtz.exe
  2⤵
  PID:6244
- C:\Windows\System\MeXCWSx.exe
  C:\Windows\System\MeXCWSx.exe
  2⤵
  PID:6664
- C:\Windows\System\jCZqcUN.exe
  C:\Windows\System\jCZqcUN.exe
  2⤵
  PID:6324
- C:\Windows\System\oDIUXiL.exe
  C:\Windows\System\oDIUXiL.exe
  2⤵
  PID:6772
- C:\Windows\System\yQwfCae.exe
  C:\Windows\System\yQwfCae.exe
  2⤵
  PID:2372
- C:\Windows\System\PEIiHHL.exe
  C:\Windows\System\PEIiHHL.exe
  2⤵
  PID:768
- C:\Windows\System\kdEubki.exe
  C:\Windows\System\kdEubki.exe
  2⤵
  PID:2268
- C:\Windows\System\bOAyXkN.exe
  C:\Windows\System\bOAyXkN.exe
  2⤵
  PID:6540
- C:\Windows\System\bkpXEBo.exe
  C:\Windows\System\bkpXEBo.exe
  2⤵
  PID:6616
- C:\Windows\System\pMlkmQY.exe
  C:\Windows\System\pMlkmQY.exe
  2⤵
  PID:6648
- C:\Windows\System\ljEJiMo.exe
  C:\Windows\System\ljEJiMo.exe
  2⤵
  PID:7128
- C:\Windows\System\xxSzRbX.exe
  C:\Windows\System\xxSzRbX.exe
  2⤵
  PID:6152
- C:\Windows\System\RNjcqxs.exe
  C:\Windows\System\RNjcqxs.exe
  2⤵
  PID:1152
- C:\Windows\System\uNqqLDw.exe
  C:\Windows\System\uNqqLDw.exe
  2⤵
  PID:5392
- C:\Windows\System\csHIICI.exe
  C:\Windows\System\csHIICI.exe
  2⤵
  PID:6816
- C:\Windows\System\pjkceEr.exe
  C:\Windows\System\pjkceEr.exe
  2⤵
  PID:7180
- C:\Windows\System\SInKzWK.exe
  C:\Windows\System\SInKzWK.exe
  2⤵
  PID:7196
- C:\Windows\System\EFlKooQ.exe
  C:\Windows\System\EFlKooQ.exe
  2⤵
  PID:7212
- C:\Windows\System\CEoxafF.exe
  C:\Windows\System\CEoxafF.exe
  2⤵
  PID:7228
- C:\Windows\System\NpjAgfH.exe
  C:\Windows\System\NpjAgfH.exe
  2⤵
  PID:7244
- C:\Windows\System\NAkwFrp.exe
  C:\Windows\System\NAkwFrp.exe
  2⤵
  PID:7260
- C:\Windows\System\OLVbWBK.exe
  C:\Windows\System\OLVbWBK.exe
  2⤵
  PID:7276
- C:\Windows\System\GprPTOV.exe
  C:\Windows\System\GprPTOV.exe
  2⤵
  PID:7292
- C:\Windows\System\dYDnqQM.exe
  C:\Windows\System\dYDnqQM.exe
  2⤵
  PID:7308
- C:\Windows\System\XhoSpsk.exe
  C:\Windows\System\XhoSpsk.exe
  2⤵
  PID:7324
- C:\Windows\System\FcogGnT.exe
  C:\Windows\System\FcogGnT.exe
  2⤵
  PID:7340
- C:\Windows\System\TeqyvfU.exe
  C:\Windows\System\TeqyvfU.exe
  2⤵
  PID:7356
- C:\Windows\System\jRikGhK.exe
  C:\Windows\System\jRikGhK.exe
  2⤵
  PID:7372
- C:\Windows\System\vNMojFs.exe
  C:\Windows\System\vNMojFs.exe
  2⤵
  PID:7388
- C:\Windows\System\basXjQs.exe
  C:\Windows\System\basXjQs.exe
  2⤵
  PID:7404
- C:\Windows\System\WpTmLMq.exe
  C:\Windows\System\WpTmLMq.exe
  2⤵
  PID:7424
- C:\Windows\System\lpnVKxN.exe
  C:\Windows\System\lpnVKxN.exe
  2⤵
  PID:7440
- C:\Windows\System\MdlLGzj.exe
  C:\Windows\System\MdlLGzj.exe
  2⤵
  PID:7456
- C:\Windows\System\QjtNKYv.exe
  C:\Windows\System\QjtNKYv.exe
  2⤵
  PID:7472
- C:\Windows\System\HwnAfyD.exe
  C:\Windows\System\HwnAfyD.exe
  2⤵
  PID:7488
- C:\Windows\System\WuYVYMr.exe
  C:\Windows\System\WuYVYMr.exe
  2⤵
  PID:7504
- C:\Windows\System\aBsKEMO.exe
  C:\Windows\System\aBsKEMO.exe
  2⤵
  PID:7520
- C:\Windows\System\QjKsAHh.exe
  C:\Windows\System\QjKsAHh.exe
  2⤵
  PID:7536
- C:\Windows\System\jygjryX.exe
  C:\Windows\System\jygjryX.exe
  2⤵
  PID:7552
- C:\Windows\System\yqNpGPm.exe
  C:\Windows\System\yqNpGPm.exe
  2⤵
  PID:7568
- C:\Windows\System\BoZHwwq.exe
  C:\Windows\System\BoZHwwq.exe
  2⤵
  PID:7584
- C:\Windows\System\YEsuwCx.exe
  C:\Windows\System\YEsuwCx.exe
  2⤵
  PID:7600
- C:\Windows\System\Dcwxgdf.exe
  C:\Windows\System\Dcwxgdf.exe
  2⤵
  PID:7616
- C:\Windows\System\tbGuOOm.exe
  C:\Windows\System\tbGuOOm.exe
  2⤵
  PID:7632
- C:\Windows\System\DzbUWeU.exe
  C:\Windows\System\DzbUWeU.exe
  2⤵
  PID:7648
- C:\Windows\System\QCRYANd.exe
  C:\Windows\System\QCRYANd.exe
  2⤵
  PID:7664
- C:\Windows\System\xmVaCuQ.exe
  C:\Windows\System\xmVaCuQ.exe
  2⤵
  PID:7680
- C:\Windows\System\xllANfh.exe
  C:\Windows\System\xllANfh.exe
  2⤵
  PID:7696
- C:\Windows\System\HYBfcBK.exe
  C:\Windows\System\HYBfcBK.exe
  2⤵
  PID:7712
- C:\Windows\System\XUTLuKH.exe
  C:\Windows\System\XUTLuKH.exe
  2⤵
  PID:7728
- C:\Windows\System\MtiJpDJ.exe
  C:\Windows\System\MtiJpDJ.exe
  2⤵
  PID:7744
- C:\Windows\System\pbjPumE.exe
  C:\Windows\System\pbjPumE.exe
  2⤵
  PID:7760
- C:\Windows\System\zHLCxpl.exe
  C:\Windows\System\zHLCxpl.exe
  2⤵
  PID:7776
- C:\Windows\System\WlqrdXk.exe
  C:\Windows\System\WlqrdXk.exe
  2⤵
  PID:7792
- C:\Windows\System\puRXvGA.exe
  C:\Windows\System\puRXvGA.exe
  2⤵
  PID:7808
- C:\Windows\System\kZRkJqH.exe
  C:\Windows\System\kZRkJqH.exe
  2⤵
  PID:7824
- C:\Windows\System\jalpbzd.exe
  C:\Windows\System\jalpbzd.exe
  2⤵
  PID:7840
- C:\Windows\System\waOpUdK.exe
  C:\Windows\System\waOpUdK.exe
  2⤵
  PID:7856
- C:\Windows\System\lHelktf.exe
  C:\Windows\System\lHelktf.exe
  2⤵
  PID:7872
- C:\Windows\System\yKMRpOL.exe
  C:\Windows\System\yKMRpOL.exe
  2⤵
  PID:7888
- C:\Windows\System\pgIutpi.exe
  C:\Windows\System\pgIutpi.exe
  2⤵
  PID:7904
- C:\Windows\System\stRdmat.exe
  C:\Windows\System\stRdmat.exe
  2⤵
  PID:7920
- C:\Windows\System\kFzDWJo.exe
  C:\Windows\System\kFzDWJo.exe
  2⤵
  PID:7936
- C:\Windows\System\ruYcYIg.exe
  C:\Windows\System\ruYcYIg.exe
  2⤵
  PID:7952
- C:\Windows\System\ErsFkXI.exe
  C:\Windows\System\ErsFkXI.exe
  2⤵
  PID:7968
- C:\Windows\System\mlLROkA.exe
  C:\Windows\System\mlLROkA.exe
  2⤵
  PID:7984
- C:\Windows\System\vmvEcVZ.exe
  C:\Windows\System\vmvEcVZ.exe
  2⤵
  PID:8000
- C:\Windows\System\eTIBGQl.exe
  C:\Windows\System\eTIBGQl.exe
  2⤵
  PID:8016
- C:\Windows\System\pvdpsoF.exe
  C:\Windows\System\pvdpsoF.exe
  2⤵
  PID:8032
- C:\Windows\System\TRWomPH.exe
  C:\Windows\System\TRWomPH.exe
  2⤵
  PID:8048
- C:\Windows\System\rTYtnta.exe
  C:\Windows\System\rTYtnta.exe
  2⤵
  PID:8064
- C:\Windows\System\AvzLzfS.exe
  C:\Windows\System\AvzLzfS.exe
  2⤵
  PID:8080
- C:\Windows\System\bwfsSOx.exe
  C:\Windows\System\bwfsSOx.exe
  2⤵
  PID:8096
- C:\Windows\System\xNYrWxU.exe
  C:\Windows\System\xNYrWxU.exe
  2⤵
  PID:8112
- C:\Windows\System\NXXUGDz.exe
  C:\Windows\System\NXXUGDz.exe
  2⤵
  PID:8128
- C:\Windows\System\mqhoOra.exe
  C:\Windows\System\mqhoOra.exe
  2⤵
  PID:8144
- C:\Windows\System\ciPHjMz.exe
  C:\Windows\System\ciPHjMz.exe
  2⤵
  PID:8160
- C:\Windows\System\ygCDCgH.exe
  C:\Windows\System\ygCDCgH.exe
  2⤵
  PID:8176
- C:\Windows\System\NlTDpUa.exe
  C:\Windows\System\NlTDpUa.exe
  2⤵
  PID:7052
- C:\Windows\System\yQylNOA.exe
  C:\Windows\System\yQylNOA.exe
  2⤵
  PID:6964
- C:\Windows\System\EcERHdg.exe
  C:\Windows\System\EcERHdg.exe
  2⤵
  PID:7220
- C:\Windows\System\ZlSXVbG.exe
  C:\Windows\System\ZlSXVbG.exe
  2⤵
  PID:7080
- C:\Windows\System\QqZKhWn.exe
  C:\Windows\System\QqZKhWn.exe
  2⤵
  PID:7160
- C:\Windows\System\onlkGva.exe
  C:\Windows\System\onlkGva.exe
  2⤵
  PID:6160
- C:\Windows\System\DNalwzr.exe
  C:\Windows\System\DNalwzr.exe
  2⤵
  PID:7176
- C:\Windows\System\RENWwHb.exe
  C:\Windows\System\RENWwHb.exe
  2⤵
  PID:7268
- C:\Windows\System\ctTnoVD.exe
  C:\Windows\System\ctTnoVD.exe
  2⤵
  PID:7304
- C:\Windows\System\vRlaqAD.exe
  C:\Windows\System\vRlaqAD.exe
  2⤵
  PID:6604
- C:\Windows\System\RtmghpY.exe
  C:\Windows\System\RtmghpY.exe
  2⤵
  PID:7288
- C:\Windows\System\TvCCIDD.exe
  C:\Windows\System\TvCCIDD.exe
  2⤵
  PID:7396
- C:\Windows\System\lkaIPpN.exe
  C:\Windows\System\lkaIPpN.exe
  2⤵
  PID:7384
- C:\Windows\System\QzXjtXt.exe
  C:\Windows\System\QzXjtXt.exe
  2⤵
  PID:7336
- C:\Windows\System\PyrAfUd.exe
  C:\Windows\System\PyrAfUd.exe
  2⤵
  PID:6748
- C:\Windows\System\TjSmKXh.exe
  C:\Windows\System\TjSmKXh.exe
  2⤵
  PID:7468
- C:\Windows\System\jANcKZI.exe
  C:\Windows\System\jANcKZI.exe
  2⤵
  PID:7592
- C:\Windows\System\VZLicyn.exe
  C:\Windows\System\VZLicyn.exe
  2⤵
  PID:7608
- C:\Windows\System\sfOinBv.exe
  C:\Windows\System\sfOinBv.exe
  2⤵
  PID:7740
- C:\Windows\System\lfsOiga.exe
  C:\Windows\System\lfsOiga.exe
  2⤵
  PID:7640
- C:\Windows\System\XitKwVw.exe
  C:\Windows\System\XitKwVw.exe
  2⤵
  PID:7772
- C:\Windows\System\cPvxIkB.exe
  C:\Windows\System\cPvxIkB.exe
  2⤵
  PID:7836
- C:\Windows\System\YsUTyIR.exe
  C:\Windows\System\YsUTyIR.exe
  2⤵
  PID:7896
- C:\Windows\System\YruQiHs.exe
  C:\Windows\System\YruQiHs.exe
  2⤵
  PID:7756
- C:\Windows\System\BtPkvVP.exe
  C:\Windows\System\BtPkvVP.exe
  2⤵
  PID:7900
- C:\Windows\System\fVxzokN.exe
  C:\Windows\System\fVxzokN.exe
  2⤵
  PID:7992
- C:\Windows\System\MUyYrck.exe
  C:\Windows\System\MUyYrck.exe
  2⤵
  PID:7692
- C:\Windows\System\cSBuyqn.exe
  C:\Windows\System\cSBuyqn.exe
  2⤵
  PID:7852
- C:\Windows\System\FrKJDYB.exe
  C:\Windows\System\FrKJDYB.exe
  2⤵
  PID:7944
- C:\Windows\System\TKUZtHY.exe
  C:\Windows\System\TKUZtHY.exe
  2⤵
  PID:8008
- C:\Windows\System\OyITtIx.exe
  C:\Windows\System\OyITtIx.exe
  2⤵
  PID:8072
- C:\Windows\System\fzZQvop.exe
  C:\Windows\System\fzZQvop.exe
  2⤵
  PID:8156
- C:\Windows\System\gNrDxsc.exe
  C:\Windows\System\gNrDxsc.exe
  2⤵
  PID:6904
- C:\Windows\System\kWqnsFe.exe
  C:\Windows\System\kWqnsFe.exe
  2⤵
  PID:7300
- C:\Windows\System\jbgLQlW.exe
  C:\Windows\System\jbgLQlW.exe
  2⤵
  PID:7240
- C:\Windows\System\nkWbSHV.exe
  C:\Windows\System\nkWbSHV.exe
  2⤵
  PID:8140
- C:\Windows\System\RhofFpY.exe
  C:\Windows\System\RhofFpY.exe
  2⤵
  PID:2096
- C:\Windows\System\jXhmttF.exe
  C:\Windows\System\jXhmttF.exe
  2⤵
  PID:6356
- C:\Windows\System\PzIhgTf.exe
  C:\Windows\System\PzIhgTf.exe
  2⤵
  PID:2580
- C:\Windows\System\iSHUyJL.exe
  C:\Windows\System\iSHUyJL.exe
  2⤵
  PID:7464
- C:\Windows\System\JmIfDWz.exe
  C:\Windows\System\JmIfDWz.exe
  2⤵
  PID:7500
- C:\Windows\System\qoUQyRs.exe
  C:\Windows\System\qoUQyRs.exe
  2⤵
  PID:7704
- C:\Windows\System\FSYfLue.exe
  C:\Windows\System\FSYfLue.exe
  2⤵
  PID:7960
- C:\Windows\System\vHIQLNo.exe
  C:\Windows\System\vHIQLNo.exe
  2⤵
  PID:7580
- C:\Windows\System\hJjFesX.exe
  C:\Windows\System\hJjFesX.exe
  2⤵
  PID:7752
- C:\Windows\System\AzDiKsu.exe
  C:\Windows\System\AzDiKsu.exe
  2⤵
  PID:7976
- C:\Windows\System\VgBqEUZ.exe
  C:\Windows\System\VgBqEUZ.exe
  2⤵
  PID:2016
- C:\Windows\System\szrcujL.exe
  C:\Windows\System\szrcujL.exe
  2⤵
  PID:7656
- C:\Windows\System\KmqayhY.exe
  C:\Windows\System\KmqayhY.exe
  2⤵
  PID:7916
- C:\Windows\System\XuwLSGW.exe
  C:\Windows\System\XuwLSGW.exe
  2⤵
  PID:8184
- C:\Windows\System\ZEbxcyU.exe
  C:\Windows\System\ZEbxcyU.exe
  2⤵
  PID:7352
- C:\Windows\System\OwBZikO.exe
  C:\Windows\System\OwBZikO.exe
  2⤵
  PID:8108
- C:\Windows\System\itFyGfo.exe
  C:\Windows\System\itFyGfo.exe
  2⤵
  PID:8136
- C:\Windows\System\HuLZyPg.exe
  C:\Windows\System\HuLZyPg.exe
  2⤵
  PID:6728
- C:\Windows\System\iYtYFCU.exe
  C:\Windows\System\iYtYFCU.exe
  2⤵
  PID:7400
- C:\Windows\System\RlHFbch.exe
  C:\Windows\System\RlHFbch.exe
  2⤵
  PID:7496
- C:\Windows\System\sqdZnZp.exe
  C:\Windows\System\sqdZnZp.exe
  2⤵
  PID:7416
- C:\Windows\System\xQkyeAv.exe
  C:\Windows\System\xQkyeAv.exe
  2⤵
  PID:7516
- C:\Windows\System\RCYaCDo.exe
  C:\Windows\System\RCYaCDo.exe
  2⤵
  PID:1660
- C:\Windows\System\JhvTqhs.exe
  C:\Windows\System\JhvTqhs.exe
  2⤵
  PID:7676
- C:\Windows\System\tNTmHPA.exe
  C:\Windows\System\tNTmHPA.exe
  2⤵
  PID:2244
- C:\Windows\System\yFlxgpD.exe
  C:\Windows\System\yFlxgpD.exe
  2⤵
  PID:2236
- C:\Windows\System\DcxffxW.exe
  C:\Windows\System\DcxffxW.exe
  2⤵
  PID:7512
- C:\Windows\System\ZiBXjho.exe
  C:\Windows\System\ZiBXjho.exe
  2⤵
  PID:7788
- C:\Windows\System\sfecBtk.exe
  C:\Windows\System\sfecBtk.exe
  2⤵
  PID:7932
- C:\Windows\System\rNibXRa.exe
  C:\Windows\System\rNibXRa.exe
  2⤵
  PID:8120
- C:\Windows\System\FiNXFBI.exe
  C:\Windows\System\FiNXFBI.exe
  2⤵
  PID:8088
- C:\Windows\System\rSsOJqL.exe
  C:\Windows\System\rSsOJqL.exe
  2⤵
  PID:1864
- C:\Windows\System\YuvTqik.exe
  C:\Windows\System\YuvTqik.exe
  2⤵
  PID:7884
- C:\Windows\System\OLkPtMn.exe
  C:\Windows\System\OLkPtMn.exe
  2⤵
  PID:2264
- C:\Windows\System\RWqKjnx.exe
  C:\Windows\System\RWqKjnx.exe
  2⤵
  PID:8092
- C:\Windows\System\DpluLRh.exe
  C:\Windows\System\DpluLRh.exe
  2⤵
  PID:7192
- C:\Windows\System\zWyGEWS.exe
  C:\Windows\System\zWyGEWS.exe
  2⤵
  PID:7236
- C:\Windows\System\amOCxxi.exe
  C:\Windows\System\amOCxxi.exe
  2⤵
  PID:2896
- C:\Windows\System\OyRiWye.exe
  C:\Windows\System\OyRiWye.exe
  2⤵
  PID:7804
- C:\Windows\System\jilOlmD.exe
  C:\Windows\System\jilOlmD.exe
  2⤵
  PID:7688
- C:\Windows\System\nuCXkDd.exe
  C:\Windows\System\nuCXkDd.exe
  2⤵
  PID:7368
- C:\Windows\System\LqsGduC.exe
  C:\Windows\System\LqsGduC.exe
  2⤵
  PID:7172
- C:\Windows\System\UIxdXCe.exe
  C:\Windows\System\UIxdXCe.exe
  2⤵
  PID:7412
- C:\Windows\System\XCJtymA.exe
  C:\Windows\System\XCJtymA.exe
  2⤵
  PID:7724
- C:\Windows\System\hUitZIi.exe
  C:\Windows\System\hUitZIi.exe
  2⤵
  PID:7868
- C:\Windows\System\TSSANFZ.exe
  C:\Windows\System\TSSANFZ.exe
  2⤵
  PID:7848
- C:\Windows\System\LUDbBwG.exe
  C:\Windows\System\LUDbBwG.exe
  2⤵
  PID:8208
- C:\Windows\System\MitihFt.exe
  C:\Windows\System\MitihFt.exe
  2⤵
  PID:8224
- C:\Windows\System\iescOVE.exe
  C:\Windows\System\iescOVE.exe
  2⤵
  PID:8240
- C:\Windows\System\gUTxUGi.exe
  C:\Windows\System\gUTxUGi.exe
  2⤵
  PID:8256
- C:\Windows\System\HpPZzKo.exe
  C:\Windows\System\HpPZzKo.exe
  2⤵
  PID:8272
- C:\Windows\System\oOKHFMB.exe
  C:\Windows\System\oOKHFMB.exe
  2⤵
  PID:8288
- C:\Windows\System\YUQfeyO.exe
  C:\Windows\System\YUQfeyO.exe
  2⤵
  PID:8304
- C:\Windows\System\mIPLdtA.exe
  C:\Windows\System\mIPLdtA.exe
  2⤵
  PID:8320
- C:\Windows\System\aIYVAYA.exe
  C:\Windows\System\aIYVAYA.exe
  2⤵
  PID:8336
- C:\Windows\System\dGEjPmh.exe
  C:\Windows\System\dGEjPmh.exe
  2⤵
  PID:8352
- C:\Windows\System\KpwdGYF.exe
  C:\Windows\System\KpwdGYF.exe
  2⤵
  PID:8368
- C:\Windows\System\tJhklhD.exe
  C:\Windows\System\tJhklhD.exe
  2⤵
  PID:8384
- C:\Windows\System\jXDcKVC.exe
  C:\Windows\System\jXDcKVC.exe
  2⤵
  PID:8400
- C:\Windows\System\yCwEcnU.exe
  C:\Windows\System\yCwEcnU.exe
  2⤵
  PID:8416
- C:\Windows\System\TdOobXQ.exe
  C:\Windows\System\TdOobXQ.exe
  2⤵
  PID:8432
- C:\Windows\System\ckRwaqr.exe
  C:\Windows\System\ckRwaqr.exe
  2⤵
  PID:8448
- C:\Windows\System\tgPvkVl.exe
  C:\Windows\System\tgPvkVl.exe
  2⤵
  PID:8464
- C:\Windows\System\fJMkqrq.exe
  C:\Windows\System\fJMkqrq.exe
  2⤵
  PID:8480
- C:\Windows\System\tbJfuTK.exe
  C:\Windows\System\tbJfuTK.exe
  2⤵
  PID:8496
- C:\Windows\System\xpstQND.exe
  C:\Windows\System\xpstQND.exe
  2⤵
  PID:8512
- C:\Windows\System\RtbNJDB.exe
  C:\Windows\System\RtbNJDB.exe
  2⤵
  PID:8528
- C:\Windows\System\KRFdHvN.exe
  C:\Windows\System\KRFdHvN.exe
  2⤵
  PID:8544
- C:\Windows\System\LXRATRx.exe
  C:\Windows\System\LXRATRx.exe
  2⤵
  PID:8560
- C:\Windows\System\SMCdXCt.exe
  C:\Windows\System\SMCdXCt.exe
  2⤵
  PID:8576
- C:\Windows\System\yJyppKV.exe
  C:\Windows\System\yJyppKV.exe
  2⤵
  PID:8596
- C:\Windows\System\EwtUOPP.exe
  C:\Windows\System\EwtUOPP.exe
  2⤵
  PID:8612
- C:\Windows\System\YSBtqjC.exe
  C:\Windows\System\YSBtqjC.exe
  2⤵
  PID:8628
- C:\Windows\System\ZqCLtjW.exe
  C:\Windows\System\ZqCLtjW.exe
  2⤵
  PID:8644
- C:\Windows\System\TwvMlNc.exe
  C:\Windows\System\TwvMlNc.exe
  2⤵
  PID:8660
- C:\Windows\System\MASfixf.exe
  C:\Windows\System\MASfixf.exe
  2⤵
  PID:8676
- C:\Windows\System\kszsajM.exe
  C:\Windows\System\kszsajM.exe
  2⤵
  PID:8692
- C:\Windows\System\nnlJuDl.exe
  C:\Windows\System\nnlJuDl.exe
  2⤵
  PID:8708
- C:\Windows\System\msrdlBV.exe
  C:\Windows\System\msrdlBV.exe
  2⤵
  PID:8724
- C:\Windows\System\nBZbEDV.exe
  C:\Windows\System\nBZbEDV.exe
  2⤵
  PID:8740
- C:\Windows\System\BfgQItt.exe
  C:\Windows\System\BfgQItt.exe
  2⤵
  PID:8756
- C:\Windows\System\XsLlzDq.exe
  C:\Windows\System\XsLlzDq.exe
  2⤵
  PID:8772
- C:\Windows\System\PgGlGag.exe
  C:\Windows\System\PgGlGag.exe
  2⤵
  PID:8788
- C:\Windows\System\CrdKAVp.exe
  C:\Windows\System\CrdKAVp.exe
  2⤵
  PID:8804
- C:\Windows\System\WWxHxsF.exe
  C:\Windows\System\WWxHxsF.exe
  2⤵
  PID:8820
- C:\Windows\System\UFLHEoE.exe
  C:\Windows\System\UFLHEoE.exe
  2⤵
  PID:8836
- C:\Windows\System\nCmuPZZ.exe
  C:\Windows\System\nCmuPZZ.exe
  2⤵
  PID:8852
- C:\Windows\System\LvPBoUQ.exe
  C:\Windows\System\LvPBoUQ.exe
  2⤵
  PID:8868
- C:\Windows\System\gCLYQbo.exe
  C:\Windows\System\gCLYQbo.exe
  2⤵
  PID:8884
- C:\Windows\System\pCsmTzx.exe
  C:\Windows\System\pCsmTzx.exe
  2⤵
  PID:8900
- C:\Windows\System\QuZgiVB.exe
  C:\Windows\System\QuZgiVB.exe
  2⤵
  PID:8916
- C:\Windows\System\fORGETT.exe
  C:\Windows\System\fORGETT.exe
  2⤵
  PID:8936
- C:\Windows\System\ElTLVwe.exe
  C:\Windows\System\ElTLVwe.exe
  2⤵
  PID:8952
- C:\Windows\System\unUGYkP.exe
  C:\Windows\System\unUGYkP.exe
  2⤵
  PID:8968
- C:\Windows\System\VnboARW.exe
  C:\Windows\System\VnboARW.exe
  2⤵
  PID:8984
- C:\Windows\System\KHlWAOp.exe
  C:\Windows\System\KHlWAOp.exe
  2⤵
  PID:9000
- C:\Windows\System\juMUjfm.exe
  C:\Windows\System\juMUjfm.exe
  2⤵
  PID:9016
- C:\Windows\System\zrGyKKr.exe
  C:\Windows\System\zrGyKKr.exe
  2⤵
  PID:9032
- C:\Windows\System\lYYeIQD.exe
  C:\Windows\System\lYYeIQD.exe
  2⤵
  PID:9048
- C:\Windows\System\BnxAjji.exe
  C:\Windows\System\BnxAjji.exe
  2⤵
  PID:9064
- C:\Windows\System\zbuynnN.exe
  C:\Windows\System\zbuynnN.exe
  2⤵
  PID:9084
- C:\Windows\System\ekxkXaZ.exe
  C:\Windows\System\ekxkXaZ.exe
  2⤵
  PID:9104
- C:\Windows\System\nnDUUBf.exe
  C:\Windows\System\nnDUUBf.exe
  2⤵
  PID:9120
- C:\Windows\System\UFTzacn.exe
  C:\Windows\System\UFTzacn.exe
  2⤵
  PID:9136
- C:\Windows\System\ndqsqOn.exe
  C:\Windows\System\ndqsqOn.exe
  2⤵
  PID:9152
- C:\Windows\System\uJFtCJB.exe
  C:\Windows\System\uJFtCJB.exe
  2⤵
  PID:9168
- C:\Windows\System\CfwEWDn.exe
  C:\Windows\System\CfwEWDn.exe
  2⤵
  PID:9184
- C:\Windows\System\CoTAGSQ.exe
  C:\Windows\System\CoTAGSQ.exe
  2⤵
  PID:9200
- C:\Windows\System\sQUneWM.exe
  C:\Windows\System\sQUneWM.exe
  2⤵
  PID:2296
- C:\Windows\System\yDvoFDk.exe
  C:\Windows\System\yDvoFDk.exe
  2⤵
  PID:2200
- C:\Windows\System\ZbtRAsa.exe
  C:\Windows\System\ZbtRAsa.exe
  2⤵
  PID:8392
- C:\Windows\System\HXRPLOk.exe
  C:\Windows\System\HXRPLOk.exe
  2⤵
  PID:8932
- C:\Windows\System\gdSFNiS.exe
  C:\Windows\System\gdSFNiS.exe
  2⤵
  PID:7256
- C:\Windows\System\oriVJMx.exe
  C:\Windows\System\oriVJMx.exe
  2⤵
  PID:8248
- C:\Windows\System\TOzVHoz.exe
  C:\Windows\System\TOzVHoz.exe
  2⤵
  PID:8284
- C:\Windows\System\HTSCxSJ.exe
  C:\Windows\System\HTSCxSJ.exe
  2⤵
  PID:8296
- C:\Windows\System\ZtHPYii.exe
  C:\Windows\System\ZtHPYii.exe
  2⤵
  PID:8348
- C:\Windows\System\RwMxsML.exe
  C:\Windows\System\RwMxsML.exe
  2⤵
  PID:8328
- C:\Windows\System\HuZKZci.exe
  C:\Windows\System\HuZKZci.exe
  2⤵
  PID:8236
- C:\Windows\System\TNminsr.exe
  C:\Windows\System\TNminsr.exe
  2⤵
  PID:8332
- C:\Windows\System\WNuxKAw.exe
  C:\Windows\System\WNuxKAw.exe
  2⤵
  PID:8428
- C:\Windows\System\ZeWuPDl.exe
  C:\Windows\System\ZeWuPDl.exe
  2⤵
  PID:8504
- C:\Windows\System\IbAWnkH.exe
  C:\Windows\System\IbAWnkH.exe
  2⤵
  PID:8568
- C:\Windows\System\UzAzbDA.exe
  C:\Windows\System\UzAzbDA.exe
  2⤵
  PID:8508
- C:\Windows\System\fWgUcGc.exe
  C:\Windows\System\fWgUcGc.exe
  2⤵
  PID:8492
- C:\Windows\System\CmySraF.exe
  C:\Windows\System\CmySraF.exe
  2⤵
  PID:8588
- C:\Windows\System\LFXKOqu.exe
  C:\Windows\System\LFXKOqu.exe
  2⤵
  PID:8604
- C:\Windows\System\RjUXRFY.exe
  C:\Windows\System\RjUXRFY.exe
  2⤵
  PID:8672
- C:\Windows\System\gLHUFuV.exe
  C:\Windows\System\gLHUFuV.exe
  2⤵
  PID:8704
- C:\Windows\System\NRbEFdP.exe
  C:\Windows\System\NRbEFdP.exe
  2⤵
  PID:8652
- C:\Windows\System\fTYsCyX.exe
  C:\Windows\System\fTYsCyX.exe
  2⤵
  PID:8716
- C:\Windows\System\cDjaCeM.exe
  C:\Windows\System\cDjaCeM.exe
  2⤵
  PID:8800
- C:\Windows\System\akFHNvo.exe
  C:\Windows\System\akFHNvo.exe
  2⤵
  PID:8784
- C:\Windows\System\roCkmCz.exe
  C:\Windows\System\roCkmCz.exe
  2⤵
  PID:8816
- C:\Windows\System\GXdboPX.exe
  C:\Windows\System\GXdboPX.exe
  2⤵
  PID:8880
- C:\Windows\System\xCHDAsd.exe
  C:\Windows\System\xCHDAsd.exe
  2⤵
  PID:8896
- C:\Windows\System\aJTVLar.exe
  C:\Windows\System\aJTVLar.exe
  2⤵
  PID:8924
- C:\Windows\System\CvSfFGI.exe
  C:\Windows\System\CvSfFGI.exe
  2⤵
  PID:8948
- C:\Windows\System\ChgEiRb.exe
  C:\Windows\System\ChgEiRb.exe
  2⤵
  PID:2132
- C:\Windows\System\GfRFbvE.exe
  C:\Windows\System\GfRFbvE.exe
  2⤵
  PID:8992
- C:\Windows\System\oTLfpwg.exe
  C:\Windows\System\oTLfpwg.exe
  2⤵
  PID:9072
- C:\Windows\System\dpFkKKT.exe
  C:\Windows\System\dpFkKKT.exe
  2⤵
  PID:9144
- C:\Windows\System\pvqArRt.exe
  C:\Windows\System\pvqArRt.exe
  2⤵
  PID:936
- C:\Windows\System\MVzPyFg.exe
  C:\Windows\System\MVzPyFg.exe
  2⤵
  PID:8216
- C:\Windows\System\nLrVAQQ.exe
  C:\Windows\System\nLrVAQQ.exe
  2⤵
  PID:8280
- C:\Windows\System\LoOEVHO.exe
  C:\Windows\System\LoOEVHO.exe
  2⤵
  PID:8204
- C:\Windows\System\qhOQlBD.exe
  C:\Windows\System\qhOQlBD.exe
  2⤵
  PID:8360
- C:\Windows\System\LALmbrs.exe
  C:\Windows\System\LALmbrs.exe
  2⤵
  PID:8232
- C:\Windows\System\VTjeetB.exe
  C:\Windows\System\VTjeetB.exe
  2⤵
  PID:8608
- C:\Windows\System\YUlNGqd.exe
  C:\Windows\System\YUlNGqd.exe
  2⤵
  PID:8364
- C:\Windows\System\LNPbaks.exe
  C:\Windows\System\LNPbaks.exe
  2⤵
  PID:8556
- C:\Windows\System\uxVBqCh.exe
  C:\Windows\System\uxVBqCh.exe
  2⤵
  PID:8684
- C:\Windows\System\yWPdbnR.exe
  C:\Windows\System\yWPdbnR.exe
  2⤵
  PID:8720
- C:\Windows\System\nfbOeBq.exe
  C:\Windows\System\nfbOeBq.exe
  2⤵
  PID:8812
- C:\Windows\System\LRDHVoc.exe
  C:\Windows\System\LRDHVoc.exe
  2⤵
  PID:9028
- C:\Windows\System\cpBWjdN.exe
  C:\Windows\System\cpBWjdN.exe
  2⤵
  PID:8876
- C:\Windows\System\RUWjLGk.exe
  C:\Windows\System\RUWjLGk.exe
  2⤵
  PID:8860
- C:\Windows\System\eqIUxhY.exe
  C:\Windows\System\eqIUxhY.exe
  2⤵
  PID:9060
- C:\Windows\System\wekJomK.exe
  C:\Windows\System\wekJomK.exe
  2⤵
  PID:3008
- C:\Windows\System\aBIkbaX.exe
  C:\Windows\System\aBIkbaX.exe
  2⤵
  PID:8268
- C:\Windows\System\iPuEeEL.exe
  C:\Windows\System\iPuEeEL.exe
  2⤵
  PID:8440
- C:\Windows\System\LZVYnIE.exe
  C:\Windows\System\LZVYnIE.exe
  2⤵
  PID:7348
- C:\Windows\System\GaMDoxC.exe
  C:\Windows\System\GaMDoxC.exe
  2⤵
  PID:8572
- C:\Windows\System\tJZPUTx.exe
  C:\Windows\System\tJZPUTx.exe
  2⤵
  PID:8848
- C:\Windows\System\UQBgNpA.exe
  C:\Windows\System\UQBgNpA.exe
  2⤵
  PID:8700
- C:\Windows\System\ILSQsRp.exe
  C:\Windows\System\ILSQsRp.exe
  2⤵
  PID:2100
- C:\Windows\System\yhaBMUJ.exe
  C:\Windows\System\yhaBMUJ.exe
  2⤵
  PID:9012
- C:\Windows\System\mtzCJkf.exe
  C:\Windows\System\mtzCJkf.exe
  2⤵
  PID:7964
- C:\Windows\System\fkyyNGn.exe
  C:\Windows\System\fkyyNGn.exe
  2⤵
  PID:8768
- C:\Windows\System\QCvrwcD.exe
  C:\Windows\System\QCvrwcD.exe
  2⤵
  PID:8264
- C:\Windows\System\yamtgDM.exe
  C:\Windows\System\yamtgDM.exe
  2⤵
  PID:9008
- C:\Windows\System\kVSWIrH.exe
  C:\Windows\System\kVSWIrH.exe
  2⤵
  PID:8832
- C:\Windows\System\AFdjGqS.exe
  C:\Windows\System\AFdjGqS.exe
  2⤵
  PID:3004
- C:\Windows\System\TddWRAq.exe
  C:\Windows\System\TddWRAq.exe
  2⤵
  PID:9220
- C:\Windows\System\GdmmAIx.exe
  C:\Windows\System\GdmmAIx.exe
  2⤵
  PID:9236
- C:\Windows\System\PEuJoFL.exe
  C:\Windows\System\PEuJoFL.exe
  2⤵
  PID:9252
- C:\Windows\System\tmVDBHa.exe
  C:\Windows\System\tmVDBHa.exe
  2⤵
  PID:9268
- C:\Windows\System\PkOcQGO.exe
  C:\Windows\System\PkOcQGO.exe
  2⤵
  PID:9284
- C:\Windows\System\AvCaWAz.exe
  C:\Windows\System\AvCaWAz.exe
  2⤵
  PID:9308
- C:\Windows\System\NMCIKVm.exe
  C:\Windows\System\NMCIKVm.exe
  2⤵
  PID:9324
- C:\Windows\System\WdICpZC.exe
  C:\Windows\System\WdICpZC.exe
  2⤵
  PID:9340
- C:\Windows\System\uZWQDuK.exe
  C:\Windows\System\uZWQDuK.exe
  2⤵
  PID:9356
- C:\Windows\System\sWvCklW.exe
  C:\Windows\System\sWvCklW.exe
  2⤵
  PID:9372
- C:\Windows\System\buNumVh.exe
  C:\Windows\System\buNumVh.exe
  2⤵
  PID:9388
- C:\Windows\System\qxIQgNs.exe
  C:\Windows\System\qxIQgNs.exe
  2⤵
  PID:9404
- C:\Windows\System\RVYAduB.exe
  C:\Windows\System\RVYAduB.exe
  2⤵
  PID:9420
- C:\Windows\System\HRraTeB.exe
  C:\Windows\System\HRraTeB.exe
  2⤵
  PID:9436
- C:\Windows\System\QssWSUa.exe
  C:\Windows\System\QssWSUa.exe
  2⤵
  PID:9452
- C:\Windows\System\lLdNcTE.exe
  C:\Windows\System\lLdNcTE.exe
  2⤵
  PID:9468
- C:\Windows\System\ARKfPAG.exe
  C:\Windows\System\ARKfPAG.exe
  2⤵
  PID:9484
- C:\Windows\System\UPepIja.exe
  C:\Windows\System\UPepIja.exe
  2⤵
  PID:9500
- C:\Windows\System\oROsTii.exe
  C:\Windows\System\oROsTii.exe
  2⤵
  PID:9524
- C:\Windows\System\eyBQAxj.exe
  C:\Windows\System\eyBQAxj.exe
  2⤵
  PID:9540
- C:\Windows\System\BdpSvxG.exe
  C:\Windows\System\BdpSvxG.exe
  2⤵
  PID:9556
- C:\Windows\System\HeTbuwW.exe
  C:\Windows\System\HeTbuwW.exe
  2⤵
  PID:9576
- C:\Windows\System\SQdqpBS.exe
  C:\Windows\System\SQdqpBS.exe
  2⤵
  PID:9596
- C:\Windows\System\GyCQTrL.exe
  C:\Windows\System\GyCQTrL.exe
  2⤵
  PID:9612
- C:\Windows\System\NVspZYg.exe
  C:\Windows\System\NVspZYg.exe
  2⤵
  PID:9632
- C:\Windows\System\JzAUQUD.exe
  C:\Windows\System\JzAUQUD.exe
  2⤵
  PID:9676
- C:\Windows\System\QUcSJTT.exe
  C:\Windows\System\QUcSJTT.exe
  2⤵
  PID:9708
- C:\Windows\System\rTNAYeu.exe
  C:\Windows\System\rTNAYeu.exe
  2⤵
  PID:9736
- C:\Windows\System\BUtLNqZ.exe
  C:\Windows\System\BUtLNqZ.exe
  2⤵
  PID:9788
- C:\Windows\System\OzOJJoa.exe
  C:\Windows\System\OzOJJoa.exe
  2⤵
  PID:9804
- C:\Windows\System\YRoXeKE.exe
  C:\Windows\System\YRoXeKE.exe
  2⤵
  PID:9820
- C:\Windows\System\VqFXTEV.exe
  C:\Windows\System\VqFXTEV.exe
  2⤵
  PID:9836
- C:\Windows\System\gLrEZUW.exe
  C:\Windows\System\gLrEZUW.exe
  2⤵
  PID:9852
- C:\Windows\System\MsGbmyS.exe
  C:\Windows\System\MsGbmyS.exe
  2⤵
  PID:9868
- C:\Windows\System\sjAcKWT.exe
  C:\Windows\System\sjAcKWT.exe
  2⤵
  PID:9884
- C:\Windows\System\sOayQbZ.exe
  C:\Windows\System\sOayQbZ.exe
  2⤵
  PID:9900
- C:\Windows\System\RfuwIco.exe
  C:\Windows\System\RfuwIco.exe
  2⤵
  PID:9916
- C:\Windows\System\qrfUwmX.exe
  C:\Windows\System\qrfUwmX.exe
  2⤵
  PID:9932
- C:\Windows\System\rvRLPGI.exe
  C:\Windows\System\rvRLPGI.exe
  2⤵
  PID:9948
- C:\Windows\System\NADvnlB.exe
  C:\Windows\System\NADvnlB.exe
  2⤵
  PID:9964
- C:\Windows\System\yHkNWbf.exe
  C:\Windows\System\yHkNWbf.exe
  2⤵
  PID:9980
- C:\Windows\System\bXhzhbF.exe
  C:\Windows\System\bXhzhbF.exe
  2⤵
  PID:9996
- C:\Windows\System\mINibKN.exe
  C:\Windows\System\mINibKN.exe
  2⤵
  PID:10016
- C:\Windows\System\nBnyHRN.exe
  C:\Windows\System\nBnyHRN.exe
  2⤵
  PID:10036
- C:\Windows\System\wGjxoMF.exe
  C:\Windows\System\wGjxoMF.exe
  2⤵
  PID:10064
- C:\Windows\System\GxvYWyM.exe
  C:\Windows\System\GxvYWyM.exe
  2⤵
  PID:10084
- C:\Windows\System\gvJhHMg.exe
  C:\Windows\System\gvJhHMg.exe
  2⤵
  PID:10148
- C:\Windows\System\XLzdxCr.exe
  C:\Windows\System\XLzdxCr.exe
  2⤵
  PID:10164
- C:\Windows\System\HRbzgEi.exe
  C:\Windows\System\HRbzgEi.exe
  2⤵
  PID:10180
- C:\Windows\System\rgmaWkp.exe
  C:\Windows\System\rgmaWkp.exe
  2⤵
  PID:10200
- C:\Windows\System\kjJgYod.exe
  C:\Windows\System\kjJgYod.exe
  2⤵
  PID:10224
- C:\Windows\System\zcUwqhB.exe
  C:\Windows\System\zcUwqhB.exe
  2⤵
  PID:8540
- C:\Windows\System\jpsKqfw.exe
  C:\Windows\System\jpsKqfw.exe
  2⤵
  PID:1712
- C:\Windows\System\QVytwQg.exe
  C:\Windows\System\QVytwQg.exe
  2⤵
  PID:8736
- C:\Windows\System\cdZROCW.exe
  C:\Windows\System\cdZROCW.exe
  2⤵
  PID:9280
- C:\Windows\System\qfVjbbv.exe
  C:\Windows\System\qfVjbbv.exe
  2⤵
  PID:8796
- C:\Windows\System\SyRKAno.exe
  C:\Windows\System\SyRKAno.exe
  2⤵
  PID:9336
- C:\Windows\System\FvJWlPW.exe
  C:\Windows\System\FvJWlPW.exe
  2⤵
  PID:9400
- C:\Windows\System\puhDIuk.exe
  C:\Windows\System\puhDIuk.exe
  2⤵
  PID:9464
- C:\Windows\System\idybJPZ.exe
  C:\Windows\System\idybJPZ.exe
  2⤵
  PID:9412
- C:\Windows\System\ldNJAhS.exe
  C:\Windows\System\ldNJAhS.exe
  2⤵
  PID:9380
- C:\Windows\System\iWWvNxF.exe
  C:\Windows\System\iWWvNxF.exe
  2⤵
  PID:9384
- C:\Windows\System\lIBwEEM.exe
  C:\Windows\System\lIBwEEM.exe
  2⤵
  PID:9520
- C:\Windows\System\drXweJM.exe
  C:\Windows\System\drXweJM.exe
  2⤵
  PID:9552
- C:\Windows\System\MLvyPfB.exe
  C:\Windows\System\MLvyPfB.exe
  2⤵
  PID:9572
- C:\Windows\System\yeYGyhq.exe
  C:\Windows\System\yeYGyhq.exe
  2⤵
  PID:9624
- C:\Windows\System\lCZBUjq.exe
  C:\Windows\System\lCZBUjq.exe
  2⤵
  PID:9700
- C:\Windows\System\uzQzGdI.exe
  C:\Windows\System\uzQzGdI.exe
  2⤵
  PID:9748
- C:\Windows\System\dFyvUVB.exe
  C:\Windows\System\dFyvUVB.exe
  2⤵
  PID:9760
- C:\Windows\System\fyDVsDi.exe
  C:\Windows\System\fyDVsDi.exe
  2⤵
  PID:9780
- C:\Windows\System\nGCqZEe.exe
  C:\Windows\System\nGCqZEe.exe
  2⤵
  PID:9652
- C:\Windows\System\VTndFGG.exe
  C:\Windows\System\VTndFGG.exe
  2⤵
  PID:9716
- C:\Windows\System\ICPRRGa.exe
  C:\Windows\System\ICPRRGa.exe
  2⤵
  PID:9864
- C:\Windows\System\vNpGMPM.exe
  C:\Windows\System\vNpGMPM.exe
  2⤵
  PID:9956
- C:\Windows\System\bbmMwEs.exe
  C:\Windows\System\bbmMwEs.exe
  2⤵
  PID:10008
- C:\Windows\System\cKeTiTf.exe
  C:\Windows\System\cKeTiTf.exe
  2⤵
  PID:10032
- C:\Windows\System\HsteZlv.exe
  C:\Windows\System\HsteZlv.exe
  2⤵
  PID:10056
- C:\Windows\System\TnAoSLq.exe
  C:\Windows\System\TnAoSLq.exe
  2⤵
  PID:10076
- C:\Windows\System\YiYFaJf.exe
  C:\Windows\System\YiYFaJf.exe
  2⤵
  PID:10132
- C:\Windows\System\bVjovXQ.exe
  C:\Windows\System\bVjovXQ.exe
  2⤵
  PID:10196
- C:\Windows\System\oVHYWxM.exe
  C:\Windows\System\oVHYWxM.exe
  2⤵
  PID:10144
- C:\Windows\System\UIiIoBv.exe
  C:\Windows\System\UIiIoBv.exe
  2⤵
  PID:9264
- C:\Windows\System\nYiTcxB.exe
  C:\Windows\System\nYiTcxB.exe
  2⤵
  PID:10172
- C:\Windows\System\fQHUgJG.exe
  C:\Windows\System\fQHUgJG.exe
  2⤵
  PID:10216
- C:\Windows\System\UKswSrW.exe
  C:\Windows\System\UKswSrW.exe
  2⤵
  PID:9432
- C:\Windows\System\HdVlFgp.exe
  C:\Windows\System\HdVlFgp.exe
  2⤵
  PID:9564
- C:\Windows\System\jEfmSSO.exe
  C:\Windows\System\jEfmSSO.exe
  2⤵
  PID:9668
- C:\Windows\System\nhCqweW.exe
  C:\Windows\System\nhCqweW.exe
  2⤵
  PID:9880
- C:\Windows\System\EuInvxB.exe
  C:\Windows\System\EuInvxB.exe
  2⤵
  PID:9844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AUZHyPs.exe

Filesize
6.0MB

MD5
467e01b4201fb7d981db18e1d5779fba

SHA1
2227be1c372e2e2794e64772f36591f8173166fe

SHA256
2313f53f83a0e978ad613ac7410ae85f5df211ccec47501a1c132d649393c84d

SHA512
c3b0c46f97913887f3a516a354342d7e28d3a5448a4d5c7a710e559e473e99595f5122477174d20167e942d5f33f66bdbdb0e30eaab3fa55ba9a123c4e865268

Download Submit
C:\Windows\system\FvIKfWm.exe

Filesize
6.0MB

MD5
28849f97d0f8cdba21076a64f918c87d

SHA1
f5c15bec59dcfe6cc98e43f4e2f9b91ee4993f4b

SHA256
fe8078f24418ac6b309064b5a603bed2a16f93223e3ad67f48940c53f01ca3c5

SHA512
a1cf6c45c8457535616d994b64d4c0599ef539d479c961668d36f635d7933bde6ba3e31d11dd77321a0a6610a4c0cfbe4785f783ee4a2a1ef44c1cfce7ca3104

Download Submit
C:\Windows\system\MfXMyXd.exe

Filesize
6.0MB

MD5
48007e70f26a5d5d626ab30bd0472d13

SHA1
3f834b255e36c18b239ca3c8f6254c05a680551a

SHA256
0ef0e32b64b6cd4ee6a5d877554c003e5ef7f3f76118fdbca281834f513a28b0

SHA512
e1ca83a711e0faf807f12a1eaf4e2086cde649df01b33fdab0cac1b19f24fb9c4dcc7c064648fe856d667b5401442f01dd457fc895322b83644cb6b74547aa4c

Download Submit
C:\Windows\system\QnYqYQA.exe

Filesize
6.0MB

MD5
ca1c7190231ff7ad0f8e51bc3699afe8

SHA1
59628434ffb8f7e56145362d3d140e7b5d71f673

SHA256
e4affe9e401b9a4d68bd8f84d917eecec351f626a332c7ef617b8bb4cb7cc0bd

SHA512
af07f0c695e1dc478903c69030cfa01c069b0be6d3cba06e4c7b7059eb715cb26230d98e902b4ea272dee9aa7ffcaa400dba3909f7c2212dae7ae39aaa90e7d1

Download Submit
C:\Windows\system\SPGnyEX.exe

Filesize
6.0MB

MD5
7000677f90ca3b25e53b09aa57416f7b

SHA1
738913ac13204cf3bafc46fbed3fef6f6c971a0b

SHA256
9ba928f770cd1749ad582f88a64ed8ca3ff56a790684a8b19856d18b933a05d7

SHA512
21d4e25ca8ef3356edbb2be4f897902e4aad463725d008685ab18265b4f7065b4d0ca99ab9dceda3ad5f6e80a24fa96ebfec7ebead247f07736495853bec13fe

Download Submit
C:\Windows\system\UAVYzOC.exe

Filesize
6.0MB

MD5
c16ce5f1a5b38993b0e946a803d6a972

SHA1
e86f30a505f69f3df49ed9cbe89451631a3cdec6

SHA256
b6366689615dc3909dda7a066b2d533c6389b8cb4f5b59cb05130578ae3317c0

SHA512
ed49157c1c2d61ce5bcee66e984cec9f0b2b3893fda65694398a8974ead4abd3a4981aca94d0ddef9e507cc620681d62b1225026f5c2772eeffbf083c137be31

Download Submit
C:\Windows\system\WAgPDaa.exe

Filesize
6.0MB

MD5
3df86909383ee47dd9c3b64ca8e0b664

SHA1
f36713a97da702dd980a2c48f2da207c9befae84

SHA256
5e546c8bc4b8cc4bb78d4836925f7db74c12a58b7b8126818e9462da5d49cb89

SHA512
297d807f4a9dcc6458f43512c852c3415716b494e9eb061179ee2cbc5364fefdb095823212ef7c64c301c076102a0d925a0ddfeeef49334c78e0f0930531ccd7

Download Submit
C:\Windows\system\XEVVXDU.exe

Filesize
6.0MB

MD5
68cb38a2a4fb4c6ad77204b15d7a640f

SHA1
7409b16dc06e945d8f953fe247b491a078d0dc16

SHA256
b0a849627aa2049c8ba2c01525aeec021e730d71e4d68111285b510f7ac3a08d

SHA512
7bb4ebe4e3cbd16e53dcfe1b5cb233508e105932262f2ee7511dc385db9120122eb3a0dd1bad5b69bbd554347d52a080961e71184988f36bec3d1ffcd5b2082d

Download Submit
C:\Windows\system\XfnAqQD.exe

Filesize
6.0MB

MD5
b8eecf59d169442c89a2e92b6bdc795e

SHA1
3f1d8b5354f050b4d4f29467889a3cc9686fad3d

SHA256
926484f23105bb6a5efbf1a826be56317853fc0ac32fd6584f90a0d194179b8b

SHA512
10c0bbefdbf7d80d2d360f97580438317e758d6a2ea00d64e689b4479660d08cb68ea7cd356d2b964f7dbb98006814b5d1a06a940fdd79213edb4026e4dc6a39

Download Submit
C:\Windows\system\ZDHntWN.exe

Filesize
6.0MB

MD5
c81d6dc1a122aff0837fbd0e54c729e9

SHA1
afe8e8de213719d45374a60f64fbb4bfd1151564

SHA256
700a930273c7e6d4aac0775aeecd2312f06d6baf83c63c79e8c29d787eb57ea5

SHA512
89a1ad52686dcbacb1582f62e1382406c395efe9a7f83dae63b893504f4760ad8c221c0591f43c9059bb0b216f2cf544d8fe55f5cf27695b84535ea05bbdef8b

Download Submit
C:\Windows\system\ZLHhJbO.exe

Filesize
6.0MB

MD5
0d73615443ab0c3f86dfd0f1dfc268e7

SHA1
13c33d05fe2242b4b916b695700b0babe664c43d

SHA256
fd5641730ba52d9defab51b5493b193b05eb22a587a9bcc4cb1bec0ef4a14aeb

SHA512
0802e857bd94c2dfb4107ba5c68f48b5106cc6fc2bce978730518e33d1888c4cf3910075ed285494391f7964bd962a62b72d6afd4b309237ebea9081f0da9d3a

Download Submit
C:\Windows\system\ebHgnjn.exe

Filesize
6.0MB

MD5
1073bf0aeffd88ff47c5d77af77ebee1

SHA1
adbc010075cfeae7e3c1e76f5334e78acb363ce3

SHA256
a6cbd5cfe17e537c72693a921944a56000ec99bc5d4f3d496d980d5228b016b7

SHA512
3e958cf6479449c2e8e8f261f90f8f66c2ee33874b69e5bc9bb6dcb9e3edbc8843246e9bf2171e872a886a14c15ce2078afaa031fa9b547b3907533c0e33976a

Download Submit
C:\Windows\system\jgufcdi.exe

Filesize
6.0MB

MD5
bb929a2c3c8f0979101d9712a1efbb34

SHA1
0242c2551efd8a4579fa3e378cec8d1b0a48a6eb

SHA256
0f94f4cfe5f9d78c82be4fbd8ee1264fafb2be8bc076641c46a6f628938caf83

SHA512
c36fe1d2402f542427dd3a8d85258e5bd6bc564687f4afc9658ed58453ea216f8fd86b01db332ed807dc922d733a3a014357ba10e4ad32aef9710c6cd6c7e30e

Download Submit
C:\Windows\system\llKSiwJ.exe

Filesize
6.0MB

MD5
bbee0b0b7efe4e80a488b4f4dad81686

SHA1
67958b8dec253892d4bd3c13a92bde94492fab59

SHA256
082a1f4117dc799dc366b1a0576703e4e3a9b8e445aa7f8a42005f6ed9d76bb7

SHA512
be27332f175b77b1298b634ad5304141ab276d2aa4e3d6b9d1abcd265421e4b727357944d49f6b25cd5cd22ecc150e33e3dc01547d058418aec37f4864e708be

Download Submit
C:\Windows\system\omKbLQK.exe

Filesize
6.0MB

MD5
bfa16e0972fb3dbb3902d160bbd01f93

SHA1
7125d7e903462e72b9b48f04bf9c441cb19d1caf

SHA256
47065b18dac1063204e82ac66d53d39cbc1ada07309b52c23f71de7376e765a9

SHA512
6582aba586d8ae55e6451d49d705716f02ac5f80ad55235d3c4635b2c9da83bb63125156a13abe7645e664de2e2874a5f86d2e62cb5beec2ec34cbb41bbbb72b

Download Submit
C:\Windows\system\pZWGDBJ.exe

Filesize
6.0MB

MD5
c5e65b461f4c1255ae1e367e3c50ee9e

SHA1
51b4149bc61789fca55f3f06c595204fb51013de

SHA256
c025aba7395795e073187e2bb7a4464da56253b0047c799e8fb9c234f746014a

SHA512
92e0647d5348897a4251e1c52662365ca5382a85f72cc8a8ec1646159b5e9c3cdcd00dc118523a5dfcdbb8b18aef1f4f7b2482ecb227470e49cb8f963793e982

Download Submit
C:\Windows\system\qlNnQAx.exe

Filesize
6.0MB

MD5
b872ca9b6509b185fafe44562657ade1

SHA1
1f36500a3b54dae09f6e49ec627f259bafb3bb26

SHA256
fa4d962221e8f2ace236a50b293a33dd83e6d98aefd142f2b481ebc6b563b4be

SHA512
ee276709e9d7c7b01e206f20f925ea9952fd8793346d5f00fc42cf21e1a85f10c8509c355f2e021f34b5880d423bee0f235c72062d58184d02e5e6c71b2c09a5

Download Submit
C:\Windows\system\srvCQXm.exe

Filesize
6.0MB

MD5
8b05e47d3d2bb16b012365cc49b48f7d

SHA1
bb0e18c8cd1cd02a213ed6b8ed423cdc392b158a

SHA256
ed5fca083e430d79a1d3ec55250a848cf46f83d762f71e5493322488298af434

SHA512
4e0ade68a03cc3377b3284768253c066fab6df029db92548c5b37b154b9efaf4d2f4d01e3463d6f1f022b34925ae05c4797f033ec3af6c2a8f5426585a45aa7c

Download Submit
C:\Windows\system\tpkRquP.exe

Filesize
6.0MB

MD5
77b077ac26311b189020e1a97761a7ff

SHA1
7796da463a83c0a9da0b607d5a15bf548c49aa3f

SHA256
20f08cd20cbab24ec1facb16f3c19f1860e77eccc84326c323671df70f97e1ff

SHA512
4ea7c76b07b4318b565c1c2948dc20ccc67fe70bce1a57f2ca5e701a4616c96e5051573fbbb3669dacea3df51ec4a74d40335541121a80155f82643ebb20bd1c

Download Submit
C:\Windows\system\utzdxnG.exe

Filesize
6.0MB

MD5
98a04d7b1dcf7bff2e03e561d1374e66

SHA1
72e7be03232ad5099827d17888b947b19f5cec55

SHA256
8b073b07aa59c983537816c344f90ac5fd9281d5c0e9d10e4442927f3e760060

SHA512
d8f9ca521dabca56d797f72763d7b9500426675bbd44461156263ba28e47364501175ef85a92f5d024f9df1f3b61d89e0d445d761230ec92bbb5be606e7d65f3

Download Submit
C:\Windows\system\xJQXHnC.exe

Filesize
6.0MB

MD5
0c223de14673c28fa9a88d6e8c2f1e86

SHA1
a9ac8ba5b98eb53faebe275588f2067246af2e14

SHA256
35e824c5bf298dc6eab4aa61065de632c9dd4ed67758c20932d02fb0bfb16f23

SHA512
0b3943d1c53a56f51a4a04376bf06d8fff9a52f189dcdfdd143b802081a8327e24c545dc1c79224d0d9a5d03997c309cb8020e1867dd3a175c7600ee2d526998

Download Submit
C:\Windows\system\xJyNiJh.exe

Filesize
6.0MB

MD5
202a534563b20de37de650b6e42e2f05

SHA1
ab8cd30baabcce80fadff87e3c5dd2675306b3b7

SHA256
3936ab472c0e591f914767f96d56f9eff4ff87cb2b03099a5dd0b05a5df715cf

SHA512
b41989ac20207001cec88568b229d548c80eb9ef300fbaf11d83e520784ee5b37acc22a21ee40451c7ecd750d014eb30555fb2ea771a194b07254cc91361a01b

Download Submit
\Windows\system\AHfyKcu.exe

Filesize
6.0MB

MD5
544b0d78f30209d2ece81c580dcd92d9

SHA1
16f946c50dff8839b41130ce98b054db898a138e

SHA256
00c91e9ec12587d909b57bfb8663ac6bd298bf84584daa0edbcf612f30473378

SHA512
2459de2da397953f2224d36d5b9873c7dd7af7ef1125d0d3a5250ef1724fd8af7d7f6af87ca0ec3c64c96e5686994a228acd20604b7acb2f97cd355da96fe987

Download Submit
\Windows\system\AoRscmK.exe

Filesize
6.0MB

MD5
4320ba5a587f21befcd52ee0d939cb6b

SHA1
ce6d39a2e206e2caef48e5a3fe2404e72f4a64fd

SHA256
af7a3ba888192409fdb8a4a7ff7799196fa667261b251c93c4d2fb0eb8eddef3

SHA512
4330d793eee8bd296764e49b7de8a3a5089f0a0c4bc04193b78022b9ff992df857cac78fa9ecd854956ab5b4862b21c01018d55312005af7593df3d0b11d4094

Download Submit
\Windows\system\CdLAvjf.exe

Filesize
6.0MB

MD5
b2a12b49939357b931a33bf033e8eaee

SHA1
b7d67a0c7e5a13d15f8338a32977e828fd0eda4a

SHA256
7060ac5c1699908684642baa4cdcbcbdbd86d4a6924e85792478978a7bb0d5e7

SHA512
8ec710133a4e5ce34dd56b112f4b9536b1840c2b6597be061766a7c51d2aa57f423b0eccc89328962c3a00c6aab6fdcfcfea5ebd336df587757a422099b1ec14

Download Submit
\Windows\system\PLWCedM.exe

Filesize
6.0MB

MD5
9d7a85eef4a85ee035e0ac4c18ccc30f

SHA1
1b7ab2593e8d5a0f671acb5d048cc238efdda6da

SHA256
7db3c360dcbdc506b783eb70e1278c499f55dc3634b8356f58e8fcc4472f419b

SHA512
147d0c1a6aa8ec845a1d369c01d68b6a5a6fe6cc0ee5770b924fa729a6e8ed8bdd92cfa1529248fd3dd0fb44242a979b0468df68ac916df13096ca130698f30d

Download Submit
\Windows\system\PgZfdKd.exe

Filesize
6.0MB

MD5
fd6a460b2edf8c8e55e97ad0a863e19f

SHA1
43238e67c2dcc1a617ca30ab967286e42c7959cc

SHA256
9a37a6604bcc787793f33866d6b045d0e24afc0866d0399cc9f6a802b380565c

SHA512
5ee117c116ccfeee40cb4d2c6acd2b2f7c7e72cf7039064a2bc7f06b60186e25bb6d3f0d1196ce910d103618c787294f0b12836f1275377a784826a22baac7aa

Download Submit
\Windows\system\RPnQQqj.exe

Filesize
6.0MB

MD5
f644579c753f4f2cec683e8d6710fac8

SHA1
df8e2efce1015b15440bb9ca8a81e15041b0264d

SHA256
13baf83bfd09ca5c59aededc2c07a372247f0a31a5f666b0433b431157f9f5b8

SHA512
43abb78cc5958d455ae89ed774f2b3319a48ad98cd28ab261318f5644a519a88a72ad0fe48a5e70844139ae3e7bfa5817c869a7cee57146b8bd8eef045999782

Download Submit
\Windows\system\iAyAWYN.exe

Filesize
6.0MB

MD5
e871c8d2f57ff99b78d57d6fc5d4883c

SHA1
da135d9bb85cf759c136c8268c3f6128e8877bf0

SHA256
713917dbdd2c7694958b299cd0d5f4027b4935eee5920cb019f03b2ac7d29b04

SHA512
9b43f864c4abe07e12fb8b92287b55fdaeff139c40fc5ba8c0f2784a06839b9b95dd2b32fd1910469fdabeac15797d5f2ba086550441efb665fc81b906b94d13

Download Submit
\Windows\system\rHkpMpv.exe

Filesize
6.0MB

MD5
aa6d213d949bf3b6d916572fd2be191d

SHA1
503a521e929d8631b1f978e32665f6f8f31cf052

SHA256
37228eb21ab2e738d02d54e602d24f7527a293c3c81b65948556fb61ef0e7850

SHA512
ec46d4aaa52a389f8514aeffd71c7ec33836e3839cfe0a89d8d4ccae1a27fa5c92655162a2e2a0768ff2d3f7a7d28392805da7e1aa21b48a0a187ba07be441c8

Download Submit
\Windows\system\uyRiLkw.exe

Filesize
6.0MB

MD5
f1c14ba68660e86c1cb7555e7e3c68c1

SHA1
62c0be6a350dd5dfa5d3d542547543ddda4deca7

SHA256
db612db27a161a0220ad16236bafa7473ee6d52c341dab88f5ef178501874ecc

SHA512
a69682da3adcef4ceb489449bda7cd1c5aea102d2350808c42ae1663f086bda8bcdaa1f6e05acc39c5c16dc93d01b4e14a0b0643ccf24e43de6f050445fd5acb

Download Submit
\Windows\system\xKXTxji.exe

Filesize
6.0MB

MD5
147ab2e09d3dafc319108229a19ea053

SHA1
5526d3912fa523f80476807ec7f84746dcfa07a2

SHA256
ffc54c6f5f1f4b5373f1272fa715375ce0d5ad2f2e461a6577c62de7f4a702b7

SHA512
df6b848760f746c37b097058a6b827493a2ab77db5a2338e571622139c30c63ec0bc2148f1668953d069498caca397884398a7f9e6e983b678451eb2043a4b89

Download Submit
memory/672-679-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/672-82-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/672-3037-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2364-87-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2364-571-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-65-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2364-885-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2364-108-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2364-44-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2364-40-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2364-758-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2364-1005-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2364-888-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2364-91-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2364-109-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2364-58-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2364-86-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2364-97-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2364-96-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-0-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-103-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2364-102-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2364-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2364-92-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2364-53-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2392-54-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2392-3005-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2576-67-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2576-2865-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2907-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2588-62-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2604-69-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2985-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2616-74-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3045-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2868-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2696-85-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3011-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1004-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2732-104-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2764-38-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2887-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-45-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2864-2879-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2948-2988-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-78-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2876-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2996-41-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download