cobaltstrike | 3efef5fb4e75557a99656d56d46b779b2e83ee181a4e42ec053e6f9ff26643aa

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28/11/2024, 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3490302fcc281fd4dc86b2113b6d2cdf
SHA1

afd76699f5fbaf43f8c0bde2aea7bf94bf28fcc6
SHA256

3efef5fb4e75557a99656d56d46b779b2e83ee181a4e42ec053e6f9ff26643aa
SHA512

240d4834633fd50beb91f41c732a266e7d4f4f150616df6674fd3c9cc92aa9662aeb665a549c7a5b6d6249840b73760b4a108c7c54dcb02dbb1097f32464c818
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d69-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fc9-17.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000170f8-27.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756b-31.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756e-48.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-196.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-76.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-69.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186b7-62.dat	cobalt_reflective_dll
behavioral1/files/0x0012000000016d3f-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/576-0-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-3.dat	xmrig
behavioral1/files/0x0009000000016d69-7.dat	xmrig
behavioral1/files/0x0008000000016fc9-17.dat	xmrig
behavioral1/memory/2460-16-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2832-15-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/576-9-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2980-23-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/576-20-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x00070000000170f8-27.dat	xmrig
behavioral1/memory/2748-30-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x000700000001756b-31.dat	xmrig
behavioral1/files/0x000700000001756e-48.dat	xmrig
behavioral1/files/0x0002000000018334-56.dat	xmrig
behavioral1/memory/2980-66-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2404-92-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c1-84.dat	xmrig
behavioral1/memory/2796-102-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-129.dat	xmrig
behavioral1/files/0x0005000000019bf5-155.dat	xmrig
behavioral1/files/0x0005000000019d61-177.dat	xmrig
behavioral1/memory/2404-312-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2796-1672-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/976-1730-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2460-2023-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/1348-1744-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/776-1743-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2404-1741-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/3040-1726-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/864-1677-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2752-1699-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2620-1691-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/3028-1649-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2748-1612-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2980-1590-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2832-1584-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/776-311-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fd4-196.dat	xmrig
behavioral1/files/0x0005000000019e92-191.dat	xmrig
behavioral1/files/0x0005000000019d6d-186.dat	xmrig
behavioral1/files/0x0005000000019d62-181.dat	xmrig
behavioral1/memory/976-168-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3c-171.dat	xmrig
behavioral1/files/0x0005000000019bf9-164.dat	xmrig
behavioral1/files/0x0005000000019bf6-159.dat	xmrig
behavioral1/files/0x000500000001998d-149.dat	xmrig
behavioral1/files/0x0005000000019820-144.dat	xmrig
behavioral1/files/0x00050000000197fd-139.dat	xmrig
behavioral1/files/0x0005000000019761-134.dat	xmrig
behavioral1/files/0x0005000000019643-124.dat	xmrig
behavioral1/files/0x000500000001960c-119.dat	xmrig
behavioral1/files/0x00050000000195c7-114.dat	xmrig
behavioral1/files/0x00050000000195c6-108.dat	xmrig
behavioral1/memory/2752-104-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/1348-103-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-100.dat	xmrig
behavioral1/memory/776-90-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/864-88-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c3-87.dat	xmrig
behavioral1/memory/976-71-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/3040-80-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bd-76.dat	xmrig
behavioral1/files/0x000600000001932a-69.dat	xmrig
behavioral1/memory/2620-65-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2832	OyntHos.exe
2460	NnjckVI.exe
2980	tUQQvjp.exe
2748	QKbwOUh.exe
3028	fbvgYYH.exe
864	jyDbIRa.exe
2796	xwIKcxq.exe
2752	UqxeAwe.exe
2620	RZUAPMd.exe
976	VgaWpFT.exe
3040	QvfXwzq.exe
776	CBTTcqC.exe
2404	YVdHaPX.exe
1348	RDcUDdw.exe
1472	lzlUKgz.exe
2096	eBQPfBT.exe
1068	hLiwztt.exe
1900	ZkwcJKL.exe
2916	wONzGXq.exe
2484	puZFlhe.exe
296	xRWLsRc.exe
364	RejYvfC.exe
2244	qRCJUPX.exe
832	OCHwvlj.exe
2440	wKCsbtC.exe
2492	VYAvyjC.exe
2072	CJlQYdr.exe
2436	KYugqfQ.exe
1148	heozKdw.exe
1632	BUyRrbv.exe
708	AqBEebt.exe
956	fVKwmAo.exe
1952	RaAKRuB.exe
1224	uktkBvy.exe
1196	ALttkdY.exe
1804	PIWvUSm.exe
2668	CSTSLAl.exe
1084	sMNSmEU.exe
1436	EGMpNFH.exe
1616	ZkWTEgV.exe
236	PGZFGVz.exe
936	tzKpNmx.exe
2376	khmuJVP.exe
1716	wcMAXGp.exe
2676	pEtUDIy.exe
1144	uNFkQfE.exe
2332	gpoYkzh.exe
2208	XfaYYeC.exe
2572	scLjvyj.exe
1696	TNlaUQL.exe
2680	CVzPxHf.exe
2220	FypmIvp.exe
1724	MTmbRNP.exe
2624	JawMjGN.exe
1648	DOKMSDV.exe
2580	cuafOFR.exe
1624	WcAnavN.exe
940	ikrrvNa.exe
2932	ZxAaJBQ.exe
2936	sUzqHiF.exe
2744	CCjyXts.exe
2812	inNdbLu.exe
784	LpzqMrB.exe
2100	yNwEqoh.exe

Loads dropped DLL 64 IoCs

pid	Process
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/576-0-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x000c000000012262-3.dat	upx
behavioral1/files/0x0009000000016d69-7.dat	upx
behavioral1/files/0x0008000000016fc9-17.dat	upx
behavioral1/memory/2460-16-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2832-15-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2980-23-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x00070000000170f8-27.dat	upx
behavioral1/memory/2748-30-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x000700000001756b-31.dat	upx
behavioral1/files/0x000700000001756e-48.dat	upx
behavioral1/files/0x0002000000018334-56.dat	upx
behavioral1/memory/2980-66-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2404-92-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x00050000000195c1-84.dat	upx
behavioral1/memory/2796-102-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x000500000001975a-129.dat	upx
behavioral1/files/0x0005000000019bf5-155.dat	upx
behavioral1/files/0x0005000000019d61-177.dat	upx
behavioral1/memory/2404-312-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2796-1672-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/976-1730-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2460-2023-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/1348-1744-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/776-1743-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2404-1741-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/3040-1726-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/864-1677-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2752-1699-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2620-1691-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/3028-1649-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2748-1612-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2980-1590-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2832-1584-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/776-311-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x0005000000019fd4-196.dat	upx
behavioral1/files/0x0005000000019e92-191.dat	upx
behavioral1/files/0x0005000000019d6d-186.dat	upx
behavioral1/files/0x0005000000019d62-181.dat	upx
behavioral1/memory/976-168-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x0005000000019c3c-171.dat	upx
behavioral1/files/0x0005000000019bf9-164.dat	upx
behavioral1/files/0x0005000000019bf6-159.dat	upx
behavioral1/files/0x000500000001998d-149.dat	upx
behavioral1/files/0x0005000000019820-144.dat	upx
behavioral1/files/0x00050000000197fd-139.dat	upx
behavioral1/files/0x0005000000019761-134.dat	upx
behavioral1/files/0x0005000000019643-124.dat	upx
behavioral1/files/0x000500000001960c-119.dat	upx
behavioral1/files/0x00050000000195c7-114.dat	upx
behavioral1/files/0x00050000000195c6-108.dat	upx
behavioral1/memory/2752-104-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/1348-103-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-100.dat	upx
behavioral1/memory/776-90-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/864-88-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x00050000000195c3-87.dat	upx
behavioral1/memory/976-71-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/3040-80-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x00050000000195bd-76.dat	upx
behavioral1/files/0x000600000001932a-69.dat	upx
behavioral1/memory/2620-65-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2752-57-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2796-53-0x000000013F420000-0x000000013F774000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wuunsnU.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxWkCGH.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mamJKHC.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsucFUJ.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuTbrlQ.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kehRpVP.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVDqmpw.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DOqKLlG.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYAvyjC.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpyXabY.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msbdGuH.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnslLiD.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XCkexRv.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFaDCcj.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgPWIqH.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DCjbkrp.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IewWZMk.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InJZyXR.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rECqjmy.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCPHRfr.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbZbPVN.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRthkgW.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCmdQPa.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZPpnKt.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYNNNvy.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtYyiHa.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEnJyJj.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuaVKUk.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwCljSR.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJReGbO.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezBIMKF.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXaaugT.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYPJRIv.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HaCBmEw.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUcJwjK.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZSgHCO.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTKtuKp.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UXFbOoE.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILiirZU.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzXxPXY.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MnaenNC.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huvlnvI.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdSraRh.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pahXpLI.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRKoNba.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKjoYDK.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNFhuHu.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVdJiba.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGheKfL.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfjyoLh.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDaXnap.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmleNVc.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifwGMbl.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lIcHfOn.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Wpmboso.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaXLhMW.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvOxWvd.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztIPYhh.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqLIuNZ.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZCRISY.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPiXajz.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRCJUPX.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NrkTrTd.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SsJjnpP.exe	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 576 wrote to memory of 2832	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 576 wrote to memory of 2832	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 576 wrote to memory of 2832	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 576 wrote to memory of 2460	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 576 wrote to memory of 2460	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 576 wrote to memory of 2460	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 576 wrote to memory of 2980	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 576 wrote to memory of 2980	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 576 wrote to memory of 2980	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 576 wrote to memory of 2748	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 576 wrote to memory of 2748	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 576 wrote to memory of 2748	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 576 wrote to memory of 3028	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 576 wrote to memory of 3028	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 576 wrote to memory of 3028	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 576 wrote to memory of 864	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 576 wrote to memory of 864	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 576 wrote to memory of 864	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 576 wrote to memory of 2796	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 576 wrote to memory of 2796	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 576 wrote to memory of 2796	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 576 wrote to memory of 2752	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 576 wrote to memory of 2752	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 576 wrote to memory of 2752	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 576 wrote to memory of 2620	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 576 wrote to memory of 2620	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 576 wrote to memory of 2620	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 576 wrote to memory of 976	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 576 wrote to memory of 976	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 576 wrote to memory of 976	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 576 wrote to memory of 3040	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 576 wrote to memory of 3040	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 576 wrote to memory of 3040	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 576 wrote to memory of 776	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 576 wrote to memory of 776	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 576 wrote to memory of 776	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 576 wrote to memory of 2404	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 576 wrote to memory of 2404	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 576 wrote to memory of 2404	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 576 wrote to memory of 1348	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 576 wrote to memory of 1348	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 576 wrote to memory of 1348	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 576 wrote to memory of 1472	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 576 wrote to memory of 1472	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 576 wrote to memory of 1472	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 576 wrote to memory of 2096	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 576 wrote to memory of 2096	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 576 wrote to memory of 2096	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 576 wrote to memory of 1068	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 576 wrote to memory of 1068	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 576 wrote to memory of 1068	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 576 wrote to memory of 1900	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 576 wrote to memory of 1900	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 576 wrote to memory of 1900	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 576 wrote to memory of 2916	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 576 wrote to memory of 2916	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 576 wrote to memory of 2916	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 576 wrote to memory of 2484	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 576 wrote to memory of 2484	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 576 wrote to memory of 2484	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 576 wrote to memory of 296	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 576 wrote to memory of 296	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 576 wrote to memory of 296	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 576 wrote to memory of 364	576	2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-28_3490302fcc281fd4dc86b2113b6d2cdf_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:576
- C:\Windows\System\OyntHos.exe
  C:\Windows\System\OyntHos.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\NnjckVI.exe
  C:\Windows\System\NnjckVI.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\tUQQvjp.exe
  C:\Windows\System\tUQQvjp.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\QKbwOUh.exe
  C:\Windows\System\QKbwOUh.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\fbvgYYH.exe
  C:\Windows\System\fbvgYYH.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\jyDbIRa.exe
  C:\Windows\System\jyDbIRa.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\xwIKcxq.exe
  C:\Windows\System\xwIKcxq.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\UqxeAwe.exe
  C:\Windows\System\UqxeAwe.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\RZUAPMd.exe
  C:\Windows\System\RZUAPMd.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\VgaWpFT.exe
  C:\Windows\System\VgaWpFT.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\QvfXwzq.exe
  C:\Windows\System\QvfXwzq.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\CBTTcqC.exe
  C:\Windows\System\CBTTcqC.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\YVdHaPX.exe
  C:\Windows\System\YVdHaPX.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\RDcUDdw.exe
  C:\Windows\System\RDcUDdw.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\lzlUKgz.exe
  C:\Windows\System\lzlUKgz.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\eBQPfBT.exe
  C:\Windows\System\eBQPfBT.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\hLiwztt.exe
  C:\Windows\System\hLiwztt.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\ZkwcJKL.exe
  C:\Windows\System\ZkwcJKL.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\wONzGXq.exe
  C:\Windows\System\wONzGXq.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\puZFlhe.exe
  C:\Windows\System\puZFlhe.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\xRWLsRc.exe
  C:\Windows\System\xRWLsRc.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\RejYvfC.exe
  C:\Windows\System\RejYvfC.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\qRCJUPX.exe
  C:\Windows\System\qRCJUPX.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\OCHwvlj.exe
  C:\Windows\System\OCHwvlj.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\wKCsbtC.exe
  C:\Windows\System\wKCsbtC.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\VYAvyjC.exe
  C:\Windows\System\VYAvyjC.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\CJlQYdr.exe
  C:\Windows\System\CJlQYdr.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\KYugqfQ.exe
  C:\Windows\System\KYugqfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\heozKdw.exe
  C:\Windows\System\heozKdw.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\BUyRrbv.exe
  C:\Windows\System\BUyRrbv.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\AqBEebt.exe
  C:\Windows\System\AqBEebt.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\fVKwmAo.exe
  C:\Windows\System\fVKwmAo.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\RaAKRuB.exe
  C:\Windows\System\RaAKRuB.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\uktkBvy.exe
  C:\Windows\System\uktkBvy.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\ALttkdY.exe
  C:\Windows\System\ALttkdY.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\PIWvUSm.exe
  C:\Windows\System\PIWvUSm.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\CSTSLAl.exe
  C:\Windows\System\CSTSLAl.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\sMNSmEU.exe
  C:\Windows\System\sMNSmEU.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\EGMpNFH.exe
  C:\Windows\System\EGMpNFH.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\PGZFGVz.exe
  C:\Windows\System\PGZFGVz.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\ZkWTEgV.exe
  C:\Windows\System\ZkWTEgV.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\tzKpNmx.exe
  C:\Windows\System\tzKpNmx.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\khmuJVP.exe
  C:\Windows\System\khmuJVP.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\wcMAXGp.exe
  C:\Windows\System\wcMAXGp.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\pEtUDIy.exe
  C:\Windows\System\pEtUDIy.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\uNFkQfE.exe
  C:\Windows\System\uNFkQfE.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\gpoYkzh.exe
  C:\Windows\System\gpoYkzh.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\CVzPxHf.exe
  C:\Windows\System\CVzPxHf.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\XfaYYeC.exe
  C:\Windows\System\XfaYYeC.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\MTmbRNP.exe
  C:\Windows\System\MTmbRNP.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\scLjvyj.exe
  C:\Windows\System\scLjvyj.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\JawMjGN.exe
  C:\Windows\System\JawMjGN.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\TNlaUQL.exe
  C:\Windows\System\TNlaUQL.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\ZxAaJBQ.exe
  C:\Windows\System\ZxAaJBQ.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\FypmIvp.exe
  C:\Windows\System\FypmIvp.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\sUzqHiF.exe
  C:\Windows\System\sUzqHiF.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\DOKMSDV.exe
  C:\Windows\System\DOKMSDV.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\CCjyXts.exe
  C:\Windows\System\CCjyXts.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\cuafOFR.exe
  C:\Windows\System\cuafOFR.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\inNdbLu.exe
  C:\Windows\System\inNdbLu.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\WcAnavN.exe
  C:\Windows\System\WcAnavN.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\LpzqMrB.exe
  C:\Windows\System\LpzqMrB.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\ikrrvNa.exe
  C:\Windows\System\ikrrvNa.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\yNwEqoh.exe
  C:\Windows\System\yNwEqoh.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\UglWCeo.exe
  C:\Windows\System\UglWCeo.exe
  2⤵
  PID:1968
- C:\Windows\System\KrMAhHY.exe
  C:\Windows\System\KrMAhHY.exe
  2⤵
  PID:560
- C:\Windows\System\PfkNfhX.exe
  C:\Windows\System\PfkNfhX.exe
  2⤵
  PID:2288
- C:\Windows\System\XIjpiZJ.exe
  C:\Windows\System\XIjpiZJ.exe
  2⤵
  PID:2020
- C:\Windows\System\TnDrihT.exe
  C:\Windows\System\TnDrihT.exe
  2⤵
  PID:288
- C:\Windows\System\hsWFkFI.exe
  C:\Windows\System\hsWFkFI.exe
  2⤵
  PID:1936
- C:\Windows\System\SwmLQyg.exe
  C:\Windows\System\SwmLQyg.exe
  2⤵
  PID:2012
- C:\Windows\System\gpoKvSx.exe
  C:\Windows\System\gpoKvSx.exe
  2⤵
  PID:584
- C:\Windows\System\HKDzCab.exe
  C:\Windows\System\HKDzCab.exe
  2⤵
  PID:692
- C:\Windows\System\VIigdaz.exe
  C:\Windows\System\VIigdaz.exe
  2⤵
  PID:1480
- C:\Windows\System\CsRUihf.exe
  C:\Windows\System\CsRUihf.exe
  2⤵
  PID:2188
- C:\Windows\System\WHkgYgF.exe
  C:\Windows\System\WHkgYgF.exe
  2⤵
  PID:952
- C:\Windows\System\RiysdUd.exe
  C:\Windows\System\RiysdUd.exe
  2⤵
  PID:2128
- C:\Windows\System\CyDMepP.exe
  C:\Windows\System\CyDMepP.exe
  2⤵
  PID:392
- C:\Windows\System\djbJHfq.exe
  C:\Windows\System\djbJHfq.exe
  2⤵
  PID:2388
- C:\Windows\System\rYESOcM.exe
  C:\Windows\System\rYESOcM.exe
  2⤵
  PID:2660
- C:\Windows\System\AnUZOWL.exe
  C:\Windows\System\AnUZOWL.exe
  2⤵
  PID:2420
- C:\Windows\System\WmXMRoV.exe
  C:\Windows\System\WmXMRoV.exe
  2⤵
  PID:1672
- C:\Windows\System\hKJJTLz.exe
  C:\Windows\System\hKJJTLz.exe
  2⤵
  PID:2956
- C:\Windows\System\ZVnAXXr.exe
  C:\Windows\System\ZVnAXXr.exe
  2⤵
  PID:2644
- C:\Windows\System\wsbNnOT.exe
  C:\Windows\System\wsbNnOT.exe
  2⤵
  PID:1748
- C:\Windows\System\cfZKkzq.exe
  C:\Windows\System\cfZKkzq.exe
  2⤵
  PID:2740
- C:\Windows\System\eYZjJQl.exe
  C:\Windows\System\eYZjJQl.exe
  2⤵
  PID:2628
- C:\Windows\System\CcMMcar.exe
  C:\Windows\System\CcMMcar.exe
  2⤵
  PID:3016
- C:\Windows\System\huvlnvI.exe
  C:\Windows\System\huvlnvI.exe
  2⤵
  PID:2804
- C:\Windows\System\iQjzyQx.exe
  C:\Windows\System\iQjzyQx.exe
  2⤵
  PID:1808
- C:\Windows\System\GmqeGYT.exe
  C:\Windows\System\GmqeGYT.exe
  2⤵
  PID:1752
- C:\Windows\System\MKIaDCW.exe
  C:\Windows\System\MKIaDCW.exe
  2⤵
  PID:2084
- C:\Windows\System\rOYNgqv.exe
  C:\Windows\System\rOYNgqv.exe
  2⤵
  PID:1404
- C:\Windows\System\peCqkLb.exe
  C:\Windows\System\peCqkLb.exe
  2⤵
  PID:972
- C:\Windows\System\RcvhYZq.exe
  C:\Windows\System\RcvhYZq.exe
  2⤵
  PID:2640
- C:\Windows\System\bKjGfCp.exe
  C:\Windows\System\bKjGfCp.exe
  2⤵
  PID:932
- C:\Windows\System\ggggiEU.exe
  C:\Windows\System\ggggiEU.exe
  2⤵
  PID:2688
- C:\Windows\System\hAIiiyq.exe
  C:\Windows\System\hAIiiyq.exe
  2⤵
  PID:1060
- C:\Windows\System\hCEEIcq.exe
  C:\Windows\System\hCEEIcq.exe
  2⤵
  PID:1680
- C:\Windows\System\cqcOTDW.exe
  C:\Windows\System\cqcOTDW.exe
  2⤵
  PID:1684
- C:\Windows\System\aBMNydn.exe
  C:\Windows\System\aBMNydn.exe
  2⤵
  PID:2256
- C:\Windows\System\ylxeBpt.exe
  C:\Windows\System\ylxeBpt.exe
  2⤵
  PID:2196
- C:\Windows\System\JXuexsN.exe
  C:\Windows\System\JXuexsN.exe
  2⤵
  PID:1584
- C:\Windows\System\JRLAMHK.exe
  C:\Windows\System\JRLAMHK.exe
  2⤵
  PID:1588
- C:\Windows\System\bmFrbME.exe
  C:\Windows\System\bmFrbME.exe
  2⤵
  PID:2856
- C:\Windows\System\OlTgfqj.exe
  C:\Windows\System\OlTgfqj.exe
  2⤵
  PID:1288
- C:\Windows\System\WkVwpLv.exe
  C:\Windows\System\WkVwpLv.exe
  2⤵
  PID:2656
- C:\Windows\System\QPalHwN.exe
  C:\Windows\System\QPalHwN.exe
  2⤵
  PID:2512
- C:\Windows\System\lyVgSKI.exe
  C:\Windows\System\lyVgSKI.exe
  2⤵
  PID:1916
- C:\Windows\System\zBhIgCp.exe
  C:\Windows\System\zBhIgCp.exe
  2⤵
  PID:2584
- C:\Windows\System\lcgzDbj.exe
  C:\Windows\System\lcgzDbj.exe
  2⤵
  PID:2488
- C:\Windows\System\EmzuWBC.exe
  C:\Windows\System\EmzuWBC.exe
  2⤵
  PID:3080
- C:\Windows\System\srTqeXv.exe
  C:\Windows\System\srTqeXv.exe
  2⤵
  PID:3100
- C:\Windows\System\caIKIId.exe
  C:\Windows\System\caIKIId.exe
  2⤵
  PID:3116
- C:\Windows\System\PsXtzDM.exe
  C:\Windows\System\PsXtzDM.exe
  2⤵
  PID:3136
- C:\Windows\System\CwAZohF.exe
  C:\Windows\System\CwAZohF.exe
  2⤵
  PID:3160
- C:\Windows\System\SmkYZzg.exe
  C:\Windows\System\SmkYZzg.exe
  2⤵
  PID:3176
- C:\Windows\System\algbYtj.exe
  C:\Windows\System\algbYtj.exe
  2⤵
  PID:3192
- C:\Windows\System\UaQXBLz.exe
  C:\Windows\System\UaQXBLz.exe
  2⤵
  PID:3208
- C:\Windows\System\TWrikBR.exe
  C:\Windows\System\TWrikBR.exe
  2⤵
  PID:3228
- C:\Windows\System\TPLTjQc.exe
  C:\Windows\System\TPLTjQc.exe
  2⤵
  PID:3260
- C:\Windows\System\VUfSROY.exe
  C:\Windows\System\VUfSROY.exe
  2⤵
  PID:3276
- C:\Windows\System\QJReGbO.exe
  C:\Windows\System\QJReGbO.exe
  2⤵
  PID:3296
- C:\Windows\System\UmMHgol.exe
  C:\Windows\System\UmMHgol.exe
  2⤵
  PID:3320
- C:\Windows\System\WVsEzVQ.exe
  C:\Windows\System\WVsEzVQ.exe
  2⤵
  PID:3336
- C:\Windows\System\ykITVZp.exe
  C:\Windows\System\ykITVZp.exe
  2⤵
  PID:3352
- C:\Windows\System\hGCizUL.exe
  C:\Windows\System\hGCizUL.exe
  2⤵
  PID:3376
- C:\Windows\System\OsiqlGs.exe
  C:\Windows\System\OsiqlGs.exe
  2⤵
  PID:3396
- C:\Windows\System\EdLOuwR.exe
  C:\Windows\System\EdLOuwR.exe
  2⤵
  PID:3424
- C:\Windows\System\XrWRFAd.exe
  C:\Windows\System\XrWRFAd.exe
  2⤵
  PID:3444
- C:\Windows\System\nzVqmil.exe
  C:\Windows\System\nzVqmil.exe
  2⤵
  PID:3460
- C:\Windows\System\elUOzfI.exe
  C:\Windows\System\elUOzfI.exe
  2⤵
  PID:3480
- C:\Windows\System\rECqjmy.exe
  C:\Windows\System\rECqjmy.exe
  2⤵
  PID:3500
- C:\Windows\System\NUMrirE.exe
  C:\Windows\System\NUMrirE.exe
  2⤵
  PID:3524
- C:\Windows\System\nqcPUjs.exe
  C:\Windows\System\nqcPUjs.exe
  2⤵
  PID:3544
- C:\Windows\System\MBOoZSl.exe
  C:\Windows\System\MBOoZSl.exe
  2⤵
  PID:3564
- C:\Windows\System\MFzeepM.exe
  C:\Windows\System\MFzeepM.exe
  2⤵
  PID:3584
- C:\Windows\System\LdXwYmU.exe
  C:\Windows\System\LdXwYmU.exe
  2⤵
  PID:3604
- C:\Windows\System\FlZKAWd.exe
  C:\Windows\System\FlZKAWd.exe
  2⤵
  PID:3628
- C:\Windows\System\FgmtJQq.exe
  C:\Windows\System\FgmtJQq.exe
  2⤵
  PID:3652
- C:\Windows\System\IEWcsHL.exe
  C:\Windows\System\IEWcsHL.exe
  2⤵
  PID:3672
- C:\Windows\System\KPWAeRZ.exe
  C:\Windows\System\KPWAeRZ.exe
  2⤵
  PID:3688
- C:\Windows\System\MJFhtrn.exe
  C:\Windows\System\MJFhtrn.exe
  2⤵
  PID:3712
- C:\Windows\System\JHxSYaN.exe
  C:\Windows\System\JHxSYaN.exe
  2⤵
  PID:3736
- C:\Windows\System\SXOtvnL.exe
  C:\Windows\System\SXOtvnL.exe
  2⤵
  PID:3756
- C:\Windows\System\QysJglT.exe
  C:\Windows\System\QysJglT.exe
  2⤵
  PID:3776
- C:\Windows\System\nDLuHFz.exe
  C:\Windows\System\nDLuHFz.exe
  2⤵
  PID:3792
- C:\Windows\System\THmDjOa.exe
  C:\Windows\System\THmDjOa.exe
  2⤵
  PID:3812
- C:\Windows\System\wDXoZRS.exe
  C:\Windows\System\wDXoZRS.exe
  2⤵
  PID:3832
- C:\Windows\System\CmEkhjd.exe
  C:\Windows\System\CmEkhjd.exe
  2⤵
  PID:3848
- C:\Windows\System\FaoQyNA.exe
  C:\Windows\System\FaoQyNA.exe
  2⤵
  PID:3872
- C:\Windows\System\fHEThCf.exe
  C:\Windows\System\fHEThCf.exe
  2⤵
  PID:3892
- C:\Windows\System\dFEsUyk.exe
  C:\Windows\System\dFEsUyk.exe
  2⤵
  PID:3912
- C:\Windows\System\pJwMFBX.exe
  C:\Windows\System\pJwMFBX.exe
  2⤵
  PID:3940
- C:\Windows\System\eTSKAeW.exe
  C:\Windows\System\eTSKAeW.exe
  2⤵
  PID:3960
- C:\Windows\System\OOvsNNb.exe
  C:\Windows\System\OOvsNNb.exe
  2⤵
  PID:3976
- C:\Windows\System\yTHhCdv.exe
  C:\Windows\System\yTHhCdv.exe
  2⤵
  PID:3992
- C:\Windows\System\ETLexAo.exe
  C:\Windows\System\ETLexAo.exe
  2⤵
  PID:4012
- C:\Windows\System\ClNBywZ.exe
  C:\Windows\System\ClNBywZ.exe
  2⤵
  PID:4036
- C:\Windows\System\MLeyTHm.exe
  C:\Windows\System\MLeyTHm.exe
  2⤵
  PID:4060
- C:\Windows\System\qkxiNHE.exe
  C:\Windows\System\qkxiNHE.exe
  2⤵
  PID:4080
- C:\Windows\System\VkiWykv.exe
  C:\Windows\System\VkiWykv.exe
  2⤵
  PID:1756
- C:\Windows\System\YaYkqSU.exe
  C:\Windows\System\YaYkqSU.exe
  2⤵
  PID:1564
- C:\Windows\System\VSuZvtU.exe
  C:\Windows\System\VSuZvtU.exe
  2⤵
  PID:592
- C:\Windows\System\DIzWoEY.exe
  C:\Windows\System\DIzWoEY.exe
  2⤵
  PID:892
- C:\Windows\System\cNiWFqA.exe
  C:\Windows\System\cNiWFqA.exe
  2⤵
  PID:2292
- C:\Windows\System\kSwaFoC.exe
  C:\Windows\System\kSwaFoC.exe
  2⤵
  PID:2600
- C:\Windows\System\IZYVaBF.exe
  C:\Windows\System\IZYVaBF.exe
  2⤵
  PID:1972
- C:\Windows\System\PiphExS.exe
  C:\Windows\System\PiphExS.exe
  2⤵
  PID:3076
- C:\Windows\System\cgSpgVu.exe
  C:\Windows\System\cgSpgVu.exe
  2⤵
  PID:1932
- C:\Windows\System\GUqDEfa.exe
  C:\Windows\System\GUqDEfa.exe
  2⤵
  PID:3144
- C:\Windows\System\CdrKsFz.exe
  C:\Windows\System\CdrKsFz.exe
  2⤵
  PID:3152
- C:\Windows\System\rIQLHXK.exe
  C:\Windows\System\rIQLHXK.exe
  2⤵
  PID:3220
- C:\Windows\System\PsMPtoc.exe
  C:\Windows\System\PsMPtoc.exe
  2⤵
  PID:3132
- C:\Windows\System\lVUpwfT.exe
  C:\Windows\System\lVUpwfT.exe
  2⤵
  PID:3244
- C:\Windows\System\mcKbiXZ.exe
  C:\Windows\System\mcKbiXZ.exe
  2⤵
  PID:3256
- C:\Windows\System\ICzMVci.exe
  C:\Windows\System\ICzMVci.exe
  2⤵
  PID:3288
- C:\Windows\System\BOgerWT.exe
  C:\Windows\System\BOgerWT.exe
  2⤵
  PID:3384
- C:\Windows\System\QdIQvrZ.exe
  C:\Windows\System\QdIQvrZ.exe
  2⤵
  PID:3364
- C:\Windows\System\DJQleMr.exe
  C:\Windows\System\DJQleMr.exe
  2⤵
  PID:3408
- C:\Windows\System\WfBUdma.exe
  C:\Windows\System\WfBUdma.exe
  2⤵
  PID:3432
- C:\Windows\System\SvxmEhh.exe
  C:\Windows\System\SvxmEhh.exe
  2⤵
  PID:3472
- C:\Windows\System\DtQMLvE.exe
  C:\Windows\System\DtQMLvE.exe
  2⤵
  PID:3452
- C:\Windows\System\OlaTUqh.exe
  C:\Windows\System\OlaTUqh.exe
  2⤵
  PID:3496
- C:\Windows\System\vbUbBhh.exe
  C:\Windows\System\vbUbBhh.exe
  2⤵
  PID:3556
- C:\Windows\System\IvyIaBG.exe
  C:\Windows\System\IvyIaBG.exe
  2⤵
  PID:3580
- C:\Windows\System\dxKGVMo.exe
  C:\Windows\System\dxKGVMo.exe
  2⤵
  PID:3680
- C:\Windows\System\FUGNmaz.exe
  C:\Windows\System\FUGNmaz.exe
  2⤵
  PID:3620
- C:\Windows\System\MGhnIqz.exe
  C:\Windows\System\MGhnIqz.exe
  2⤵
  PID:3724
- C:\Windows\System\RvUzoEE.exe
  C:\Windows\System\RvUzoEE.exe
  2⤵
  PID:3728
- C:\Windows\System\zmGYszF.exe
  C:\Windows\System\zmGYszF.exe
  2⤵
  PID:3744
- C:\Windows\System\YcjXKmj.exe
  C:\Windows\System\YcjXKmj.exe
  2⤵
  PID:3788
- C:\Windows\System\owteznp.exe
  C:\Windows\System\owteznp.exe
  2⤵
  PID:3880
- C:\Windows\System\ikDnYom.exe
  C:\Windows\System\ikDnYom.exe
  2⤵
  PID:3864
- C:\Windows\System\wPZWgaj.exe
  C:\Windows\System\wPZWgaj.exe
  2⤵
  PID:3900
- C:\Windows\System\sFQSJtp.exe
  C:\Windows\System\sFQSJtp.exe
  2⤵
  PID:3968
- C:\Windows\System\llmYClJ.exe
  C:\Windows\System\llmYClJ.exe
  2⤵
  PID:3952
- C:\Windows\System\kLrRogO.exe
  C:\Windows\System\kLrRogO.exe
  2⤵
  PID:4052
- C:\Windows\System\urbiZOe.exe
  C:\Windows\System\urbiZOe.exe
  2⤵
  PID:4088
- C:\Windows\System\iphfuYM.exe
  C:\Windows\System\iphfuYM.exe
  2⤵
  PID:4032
- C:\Windows\System\ceLcbEX.exe
  C:\Windows\System\ceLcbEX.exe
  2⤵
  PID:1124
- C:\Windows\System\SmbqPIF.exe
  C:\Windows\System\SmbqPIF.exe
  2⤵
  PID:3060
- C:\Windows\System\ZIceNKe.exe
  C:\Windows\System\ZIceNKe.exe
  2⤵
  PID:2136
- C:\Windows\System\XbrZfUB.exe
  C:\Windows\System\XbrZfUB.exe
  2⤵
  PID:1656
- C:\Windows\System\dqIVVtJ.exe
  C:\Windows\System\dqIVVtJ.exe
  2⤵
  PID:548
- C:\Windows\System\lLGjYbS.exe
  C:\Windows\System\lLGjYbS.exe
  2⤵
  PID:3108
- C:\Windows\System\WSLqVze.exe
  C:\Windows\System\WSLqVze.exe
  2⤵
  PID:3252
- C:\Windows\System\cvVoaja.exe
  C:\Windows\System\cvVoaja.exe
  2⤵
  PID:2828
- C:\Windows\System\wxgtkBx.exe
  C:\Windows\System\wxgtkBx.exe
  2⤵
  PID:2972
- C:\Windows\System\nKcNGgE.exe
  C:\Windows\System\nKcNGgE.exe
  2⤵
  PID:3312
- C:\Windows\System\msMbKqA.exe
  C:\Windows\System\msMbKqA.exe
  2⤵
  PID:3420
- C:\Windows\System\dTAVnCI.exe
  C:\Windows\System\dTAVnCI.exe
  2⤵
  PID:1556
- C:\Windows\System\duNdvOC.exe
  C:\Windows\System\duNdvOC.exe
  2⤵
  PID:928
- C:\Windows\System\gbWiAsp.exe
  C:\Windows\System\gbWiAsp.exe
  2⤵
  PID:3512
- C:\Windows\System\rnrMtMW.exe
  C:\Windows\System\rnrMtMW.exe
  2⤵
  PID:3560
- C:\Windows\System\paevtEv.exe
  C:\Windows\System\paevtEv.exe
  2⤵
  PID:3640
- C:\Windows\System\QOJMjxD.exe
  C:\Windows\System\QOJMjxD.exe
  2⤵
  PID:3708
- C:\Windows\System\hCQDznf.exe
  C:\Windows\System\hCQDznf.exe
  2⤵
  PID:3764
- C:\Windows\System\PisnFCC.exe
  C:\Windows\System\PisnFCC.exe
  2⤵
  PID:3860
- C:\Windows\System\nRutodC.exe
  C:\Windows\System\nRutodC.exe
  2⤵
  PID:3844
- C:\Windows\System\zkPyCnK.exe
  C:\Windows\System\zkPyCnK.exe
  2⤵
  PID:3928
- C:\Windows\System\azbuMRU.exe
  C:\Windows\System\azbuMRU.exe
  2⤵
  PID:4004
- C:\Windows\System\mYLmmAv.exe
  C:\Windows\System\mYLmmAv.exe
  2⤵
  PID:4028
- C:\Windows\System\HRjraWz.exe
  C:\Windows\System\HRjraWz.exe
  2⤵
  PID:4076
- C:\Windows\System\jytENOD.exe
  C:\Windows\System\jytENOD.exe
  2⤵
  PID:4048
- C:\Windows\System\HmyYgpY.exe
  C:\Windows\System\HmyYgpY.exe
  2⤵
  PID:2264
- C:\Windows\System\DCjbkrp.exe
  C:\Windows\System\DCjbkrp.exe
  2⤵
  PID:4112
- C:\Windows\System\UNpnwvD.exe
  C:\Windows\System\UNpnwvD.exe
  2⤵
  PID:4132
- C:\Windows\System\lfFIlzC.exe
  C:\Windows\System\lfFIlzC.exe
  2⤵
  PID:4152
- C:\Windows\System\ZfWynNh.exe
  C:\Windows\System\ZfWynNh.exe
  2⤵
  PID:4172
- C:\Windows\System\nYjdkoR.exe
  C:\Windows\System\nYjdkoR.exe
  2⤵
  PID:4192
- C:\Windows\System\JdSraRh.exe
  C:\Windows\System\JdSraRh.exe
  2⤵
  PID:4216
- C:\Windows\System\nlxPmrO.exe
  C:\Windows\System\nlxPmrO.exe
  2⤵
  PID:4232
- C:\Windows\System\gjbvsCN.exe
  C:\Windows\System\gjbvsCN.exe
  2⤵
  PID:4256
- C:\Windows\System\PwFfrOa.exe
  C:\Windows\System\PwFfrOa.exe
  2⤵
  PID:4276
- C:\Windows\System\MGJLXQY.exe
  C:\Windows\System\MGJLXQY.exe
  2⤵
  PID:4296
- C:\Windows\System\xaBuRqI.exe
  C:\Windows\System\xaBuRqI.exe
  2⤵
  PID:4316
- C:\Windows\System\txTSbIF.exe
  C:\Windows\System\txTSbIF.exe
  2⤵
  PID:4340
- C:\Windows\System\NmYXOot.exe
  C:\Windows\System\NmYXOot.exe
  2⤵
  PID:4360
- C:\Windows\System\yWLOhrM.exe
  C:\Windows\System\yWLOhrM.exe
  2⤵
  PID:4376
- C:\Windows\System\bfHyxbQ.exe
  C:\Windows\System\bfHyxbQ.exe
  2⤵
  PID:4396
- C:\Windows\System\OurwwuE.exe
  C:\Windows\System\OurwwuE.exe
  2⤵
  PID:4420
- C:\Windows\System\FbTIOSq.exe
  C:\Windows\System\FbTIOSq.exe
  2⤵
  PID:4440
- C:\Windows\System\KhFmakM.exe
  C:\Windows\System\KhFmakM.exe
  2⤵
  PID:4460
- C:\Windows\System\UlwCkHb.exe
  C:\Windows\System\UlwCkHb.exe
  2⤵
  PID:4480
- C:\Windows\System\IwdeWLV.exe
  C:\Windows\System\IwdeWLV.exe
  2⤵
  PID:4500
- C:\Windows\System\AfjAvTe.exe
  C:\Windows\System\AfjAvTe.exe
  2⤵
  PID:4516
- C:\Windows\System\bRPqjNq.exe
  C:\Windows\System\bRPqjNq.exe
  2⤵
  PID:4536
- C:\Windows\System\yltyjLd.exe
  C:\Windows\System\yltyjLd.exe
  2⤵
  PID:4564
- C:\Windows\System\tzaYRXD.exe
  C:\Windows\System\tzaYRXD.exe
  2⤵
  PID:4584
- C:\Windows\System\GxkYvEx.exe
  C:\Windows\System\GxkYvEx.exe
  2⤵
  PID:4600
- C:\Windows\System\mANOiwn.exe
  C:\Windows\System\mANOiwn.exe
  2⤵
  PID:4624
- C:\Windows\System\rDcTMxf.exe
  C:\Windows\System\rDcTMxf.exe
  2⤵
  PID:4644
- C:\Windows\System\KAgzbTI.exe
  C:\Windows\System\KAgzbTI.exe
  2⤵
  PID:4664
- C:\Windows\System\VpPuXnC.exe
  C:\Windows\System\VpPuXnC.exe
  2⤵
  PID:4684
- C:\Windows\System\TgtBfRH.exe
  C:\Windows\System\TgtBfRH.exe
  2⤵
  PID:4704
- C:\Windows\System\zeEVpPP.exe
  C:\Windows\System\zeEVpPP.exe
  2⤵
  PID:4720
- C:\Windows\System\KZSgHCO.exe
  C:\Windows\System\KZSgHCO.exe
  2⤵
  PID:4744
- C:\Windows\System\BsjLyMk.exe
  C:\Windows\System\BsjLyMk.exe
  2⤵
  PID:4768
- C:\Windows\System\dHMuhwM.exe
  C:\Windows\System\dHMuhwM.exe
  2⤵
  PID:4788
- C:\Windows\System\YHgjpSx.exe
  C:\Windows\System\YHgjpSx.exe
  2⤵
  PID:4808
- C:\Windows\System\ztBGAHq.exe
  C:\Windows\System\ztBGAHq.exe
  2⤵
  PID:4828
- C:\Windows\System\YaxuMMy.exe
  C:\Windows\System\YaxuMMy.exe
  2⤵
  PID:4848
- C:\Windows\System\lxqxKiY.exe
  C:\Windows\System\lxqxKiY.exe
  2⤵
  PID:4868
- C:\Windows\System\IewWZMk.exe
  C:\Windows\System\IewWZMk.exe
  2⤵
  PID:4888
- C:\Windows\System\mopRAZz.exe
  C:\Windows\System\mopRAZz.exe
  2⤵
  PID:4912
- C:\Windows\System\eWkXpIU.exe
  C:\Windows\System\eWkXpIU.exe
  2⤵
  PID:4932
- C:\Windows\System\wphqZdL.exe
  C:\Windows\System\wphqZdL.exe
  2⤵
  PID:4952
- C:\Windows\System\SNcveWU.exe
  C:\Windows\System\SNcveWU.exe
  2⤵
  PID:4972
- C:\Windows\System\bCNeuoM.exe
  C:\Windows\System\bCNeuoM.exe
  2⤵
  PID:4992
- C:\Windows\System\rhlSZtz.exe
  C:\Windows\System\rhlSZtz.exe
  2⤵
  PID:5012
- C:\Windows\System\YAnknSk.exe
  C:\Windows\System\YAnknSk.exe
  2⤵
  PID:5028
- C:\Windows\System\EerQbQa.exe
  C:\Windows\System\EerQbQa.exe
  2⤵
  PID:5052
- C:\Windows\System\rSRdHOS.exe
  C:\Windows\System\rSRdHOS.exe
  2⤵
  PID:5072
- C:\Windows\System\mWaTVap.exe
  C:\Windows\System\mWaTVap.exe
  2⤵
  PID:5092
- C:\Windows\System\WKzXNqD.exe
  C:\Windows\System\WKzXNqD.exe
  2⤵
  PID:5112
- C:\Windows\System\fiJkgXS.exe
  C:\Windows\System\fiJkgXS.exe
  2⤵
  PID:1660
- C:\Windows\System\gsNXYes.exe
  C:\Windows\System\gsNXYes.exe
  2⤵
  PID:3308
- C:\Windows\System\AWngFDF.exe
  C:\Windows\System\AWngFDF.exe
  2⤵
  PID:3168
- C:\Windows\System\ouiwIRU.exe
  C:\Windows\System\ouiwIRU.exe
  2⤵
  PID:3412
- C:\Windows\System\baWzexT.exe
  C:\Windows\System\baWzexT.exe
  2⤵
  PID:3184
- C:\Windows\System\nExAgVq.exe
  C:\Windows\System\nExAgVq.exe
  2⤵
  PID:3704
- C:\Windows\System\Gwgyola.exe
  C:\Windows\System\Gwgyola.exe
  2⤵
  PID:3532
- C:\Windows\System\HqgjoCL.exe
  C:\Windows\System\HqgjoCL.exe
  2⤵
  PID:3668
- C:\Windows\System\kCBFZPp.exe
  C:\Windows\System\kCBFZPp.exe
  2⤵
  PID:3720
- C:\Windows\System\bxQqQve.exe
  C:\Windows\System\bxQqQve.exe
  2⤵
  PID:3920
- C:\Windows\System\ILpKjQP.exe
  C:\Windows\System\ILpKjQP.exe
  2⤵
  PID:4072
- C:\Windows\System\aYvqdYx.exe
  C:\Windows\System\aYvqdYx.exe
  2⤵
  PID:4024
- C:\Windows\System\DUllxms.exe
  C:\Windows\System\DUllxms.exe
  2⤵
  PID:2216
- C:\Windows\System\FzonOpJ.exe
  C:\Windows\System\FzonOpJ.exe
  2⤵
  PID:4120
- C:\Windows\System\PAYCBrM.exe
  C:\Windows\System\PAYCBrM.exe
  2⤵
  PID:4164
- C:\Windows\System\XXfFiWJ.exe
  C:\Windows\System\XXfFiWJ.exe
  2⤵
  PID:3700
- C:\Windows\System\NgsUakf.exe
  C:\Windows\System\NgsUakf.exe
  2⤵
  PID:4212
- C:\Windows\System\awfpJjl.exe
  C:\Windows\System\awfpJjl.exe
  2⤵
  PID:4188
- C:\Windows\System\ttVMLVL.exe
  C:\Windows\System\ttVMLVL.exe
  2⤵
  PID:4336
- C:\Windows\System\eGufqnI.exe
  C:\Windows\System\eGufqnI.exe
  2⤵
  PID:4268
- C:\Windows\System\iGGBsNk.exe
  C:\Windows\System\iGGBsNk.exe
  2⤵
  PID:4312
- C:\Windows\System\MnSjTzx.exe
  C:\Windows\System\MnSjTzx.exe
  2⤵
  PID:4352
- C:\Windows\System\AdPxQQm.exe
  C:\Windows\System\AdPxQQm.exe
  2⤵
  PID:4408
- C:\Windows\System\hJjvePe.exe
  C:\Windows\System\hJjvePe.exe
  2⤵
  PID:4392
- C:\Windows\System\BFkoJEb.exe
  C:\Windows\System\BFkoJEb.exe
  2⤵
  PID:4492
- C:\Windows\System\zhfNicR.exe
  C:\Windows\System\zhfNicR.exe
  2⤵
  PID:4524
- C:\Windows\System\TMgFtBt.exe
  C:\Windows\System\TMgFtBt.exe
  2⤵
  PID:4556
- C:\Windows\System\vNKurCg.exe
  C:\Windows\System\vNKurCg.exe
  2⤵
  PID:4560
- C:\Windows\System\VvkvmWn.exe
  C:\Windows\System\VvkvmWn.exe
  2⤵
  PID:4612
- C:\Windows\System\pvfEpyW.exe
  C:\Windows\System\pvfEpyW.exe
  2⤵
  PID:4636
- C:\Windows\System\YukvfTn.exe
  C:\Windows\System\YukvfTn.exe
  2⤵
  PID:4700
- C:\Windows\System\gXKpScG.exe
  C:\Windows\System\gXKpScG.exe
  2⤵
  PID:4736
- C:\Windows\System\DrRqCKt.exe
  C:\Windows\System\DrRqCKt.exe
  2⤵
  PID:4776
- C:\Windows\System\ebydQtH.exe
  C:\Windows\System\ebydQtH.exe
  2⤵
  PID:4780
- C:\Windows\System\RPeQTxf.exe
  C:\Windows\System\RPeQTxf.exe
  2⤵
  PID:4824
- C:\Windows\System\pJmOisO.exe
  C:\Windows\System\pJmOisO.exe
  2⤵
  PID:4864
- C:\Windows\System\rzOdPZu.exe
  C:\Windows\System\rzOdPZu.exe
  2⤵
  PID:4908
- C:\Windows\System\nLpKgEw.exe
  C:\Windows\System\nLpKgEw.exe
  2⤵
  PID:4940
- C:\Windows\System\ODVYgKr.exe
  C:\Windows\System\ODVYgKr.exe
  2⤵
  PID:4924
- C:\Windows\System\NrkTrTd.exe
  C:\Windows\System\NrkTrTd.exe
  2⤵
  PID:4988
- C:\Windows\System\XeKRbCy.exe
  C:\Windows\System\XeKRbCy.exe
  2⤵
  PID:5060
- C:\Windows\System\DvdLrkv.exe
  C:\Windows\System\DvdLrkv.exe
  2⤵
  PID:5064
- C:\Windows\System\tizEyzp.exe
  C:\Windows\System\tizEyzp.exe
  2⤵
  PID:5044
- C:\Windows\System\opCNbOS.exe
  C:\Windows\System\opCNbOS.exe
  2⤵
  PID:5088
- C:\Windows\System\ZzWUBDT.exe
  C:\Windows\System\ZzWUBDT.exe
  2⤵
  PID:3096
- C:\Windows\System\XssGkrH.exe
  C:\Windows\System\XssGkrH.exe
  2⤵
  PID:3268
- C:\Windows\System\sFDpqgj.exe
  C:\Windows\System\sFDpqgj.exe
  2⤵
  PID:3112
- C:\Windows\System\NkBqOjV.exe
  C:\Windows\System\NkBqOjV.exe
  2⤵
  PID:3124
- C:\Windows\System\gKtUPHR.exe
  C:\Windows\System\gKtUPHR.exe
  2⤵
  PID:3840
- C:\Windows\System\lhojlah.exe
  C:\Windows\System\lhojlah.exe
  2⤵
  PID:3188
- C:\Windows\System\uwUtwYA.exe
  C:\Windows\System\uwUtwYA.exe
  2⤵
  PID:4068
- C:\Windows\System\pXmzNSX.exe
  C:\Windows\System\pXmzNSX.exe
  2⤵
  PID:4104
- C:\Windows\System\aFAYwsP.exe
  C:\Windows\System\aFAYwsP.exe
  2⤵
  PID:4140
- C:\Windows\System\zmaqZoQ.exe
  C:\Windows\System\zmaqZoQ.exe
  2⤵
  PID:4252
- C:\Windows\System\leSacBq.exe
  C:\Windows\System\leSacBq.exe
  2⤵
  PID:4228
- C:\Windows\System\pyjZaGu.exe
  C:\Windows\System\pyjZaGu.exe
  2⤵
  PID:4356
- C:\Windows\System\UgywxtO.exe
  C:\Windows\System\UgywxtO.exe
  2⤵
  PID:4288
- C:\Windows\System\JfNcCPo.exe
  C:\Windows\System\JfNcCPo.exe
  2⤵
  PID:4388
- C:\Windows\System\fnQGnyb.exe
  C:\Windows\System\fnQGnyb.exe
  2⤵
  PID:4472
- C:\Windows\System\WJPJLNd.exe
  C:\Windows\System\WJPJLNd.exe
  2⤵
  PID:4580
- C:\Windows\System\wFBvCbY.exe
  C:\Windows\System\wFBvCbY.exe
  2⤵
  PID:4528
- C:\Windows\System\oIdsziF.exe
  C:\Windows\System\oIdsziF.exe
  2⤵
  PID:4640
- C:\Windows\System\HhisWlq.exe
  C:\Windows\System\HhisWlq.exe
  2⤵
  PID:4680
- C:\Windows\System\esNEAWZ.exe
  C:\Windows\System\esNEAWZ.exe
  2⤵
  PID:4756
- C:\Windows\System\iLrssZB.exe
  C:\Windows\System\iLrssZB.exe
  2⤵
  PID:4856
- C:\Windows\System\gnYgtsB.exe
  C:\Windows\System\gnYgtsB.exe
  2⤵
  PID:4920
- C:\Windows\System\kLCgaif.exe
  C:\Windows\System\kLCgaif.exe
  2⤵
  PID:1016
- C:\Windows\System\pWMzCtR.exe
  C:\Windows\System\pWMzCtR.exe
  2⤵
  PID:5008
- C:\Windows\System\AsAhTqu.exe
  C:\Windows\System\AsAhTqu.exe
  2⤵
  PID:4860
- C:\Windows\System\lztOlpB.exe
  C:\Windows\System\lztOlpB.exe
  2⤵
  PID:5108
- C:\Windows\System\yQyGrPy.exe
  C:\Windows\System\yQyGrPy.exe
  2⤵
  PID:3468
- C:\Windows\System\mzDvioK.exe
  C:\Windows\System\mzDvioK.exe
  2⤵
  PID:3752
- C:\Windows\System\XdmaICt.exe
  C:\Windows\System\XdmaICt.exe
  2⤵
  PID:2976
- C:\Windows\System\bSEGNSy.exe
  C:\Windows\System\bSEGNSy.exe
  2⤵
  PID:4108
- C:\Windows\System\eTLVZtM.exe
  C:\Windows\System\eTLVZtM.exe
  2⤵
  PID:4180
- C:\Windows\System\XLBDrJa.exe
  C:\Windows\System\XLBDrJa.exe
  2⤵
  PID:3616
- C:\Windows\System\PwOyLaL.exe
  C:\Windows\System\PwOyLaL.exe
  2⤵
  PID:4348
- C:\Windows\System\RWooUvm.exe
  C:\Windows\System\RWooUvm.exe
  2⤵
  PID:3988
- C:\Windows\System\NxDgltu.exe
  C:\Windows\System\NxDgltu.exe
  2⤵
  PID:4608
- C:\Windows\System\RPKKBSK.exe
  C:\Windows\System\RPKKBSK.exe
  2⤵
  PID:4208
- C:\Windows\System\ppuuebl.exe
  C:\Windows\System\ppuuebl.exe
  2⤵
  PID:4752
- C:\Windows\System\xksAwTS.exe
  C:\Windows\System\xksAwTS.exe
  2⤵
  PID:4716
- C:\Windows\System\uAEbjPy.exe
  C:\Windows\System\uAEbjPy.exe
  2⤵
  PID:5144
- C:\Windows\System\tohJcNQ.exe
  C:\Windows\System\tohJcNQ.exe
  2⤵
  PID:5164
- C:\Windows\System\wuunsnU.exe
  C:\Windows\System\wuunsnU.exe
  2⤵
  PID:5184
- C:\Windows\System\mAHtJVU.exe
  C:\Windows\System\mAHtJVU.exe
  2⤵
  PID:5204
- C:\Windows\System\XbGNpUR.exe
  C:\Windows\System\XbGNpUR.exe
  2⤵
  PID:5224
- C:\Windows\System\QnxqjmL.exe
  C:\Windows\System\QnxqjmL.exe
  2⤵
  PID:5244
- C:\Windows\System\mthbUpl.exe
  C:\Windows\System\mthbUpl.exe
  2⤵
  PID:5264
- C:\Windows\System\YszEKVe.exe
  C:\Windows\System\YszEKVe.exe
  2⤵
  PID:5288
- C:\Windows\System\JOAHpPQ.exe
  C:\Windows\System\JOAHpPQ.exe
  2⤵
  PID:5312
- C:\Windows\System\ZMXExXf.exe
  C:\Windows\System\ZMXExXf.exe
  2⤵
  PID:5332
- C:\Windows\System\qiEEQpl.exe
  C:\Windows\System\qiEEQpl.exe
  2⤵
  PID:5352
- C:\Windows\System\FVepxbV.exe
  C:\Windows\System\FVepxbV.exe
  2⤵
  PID:5368
- C:\Windows\System\UJgbIbg.exe
  C:\Windows\System\UJgbIbg.exe
  2⤵
  PID:5388
- C:\Windows\System\CwaRUhH.exe
  C:\Windows\System\CwaRUhH.exe
  2⤵
  PID:5412
- C:\Windows\System\mmkTMQT.exe
  C:\Windows\System\mmkTMQT.exe
  2⤵
  PID:5428
- C:\Windows\System\DFjnoPb.exe
  C:\Windows\System\DFjnoPb.exe
  2⤵
  PID:5444
- C:\Windows\System\lSuwtzG.exe
  C:\Windows\System\lSuwtzG.exe
  2⤵
  PID:5468
- C:\Windows\System\sGrMPNj.exe
  C:\Windows\System\sGrMPNj.exe
  2⤵
  PID:5484
- C:\Windows\System\kqHjREK.exe
  C:\Windows\System\kqHjREK.exe
  2⤵
  PID:5508
- C:\Windows\System\xcCNSfx.exe
  C:\Windows\System\xcCNSfx.exe
  2⤵
  PID:5528
- C:\Windows\System\ecABFHh.exe
  C:\Windows\System\ecABFHh.exe
  2⤵
  PID:5552
- C:\Windows\System\AxfbBPJ.exe
  C:\Windows\System\AxfbBPJ.exe
  2⤵
  PID:5572
- C:\Windows\System\EpWIFvW.exe
  C:\Windows\System\EpWIFvW.exe
  2⤵
  PID:5592
- C:\Windows\System\XOmqBpc.exe
  C:\Windows\System\XOmqBpc.exe
  2⤵
  PID:5612
- C:\Windows\System\AWLJypq.exe
  C:\Windows\System\AWLJypq.exe
  2⤵
  PID:5632
- C:\Windows\System\JPwOGCh.exe
  C:\Windows\System\JPwOGCh.exe
  2⤵
  PID:5648
- C:\Windows\System\iSRjFEl.exe
  C:\Windows\System\iSRjFEl.exe
  2⤵
  PID:5672
- C:\Windows\System\eajNtmd.exe
  C:\Windows\System\eajNtmd.exe
  2⤵
  PID:5696
- C:\Windows\System\xUBSiAl.exe
  C:\Windows\System\xUBSiAl.exe
  2⤵
  PID:5720
- C:\Windows\System\NcyVrrQ.exe
  C:\Windows\System\NcyVrrQ.exe
  2⤵
  PID:5740
- C:\Windows\System\JNoallF.exe
  C:\Windows\System\JNoallF.exe
  2⤵
  PID:5756
- C:\Windows\System\ygbvnKV.exe
  C:\Windows\System\ygbvnKV.exe
  2⤵
  PID:5776
- C:\Windows\System\Wpmboso.exe
  C:\Windows\System\Wpmboso.exe
  2⤵
  PID:5800
- C:\Windows\System\WdAgjEP.exe
  C:\Windows\System\WdAgjEP.exe
  2⤵
  PID:5820
- C:\Windows\System\cGQOJug.exe
  C:\Windows\System\cGQOJug.exe
  2⤵
  PID:5836
- C:\Windows\System\hNQRhyl.exe
  C:\Windows\System\hNQRhyl.exe
  2⤵
  PID:5860
- C:\Windows\System\IuTbrlQ.exe
  C:\Windows\System\IuTbrlQ.exe
  2⤵
  PID:5880
- C:\Windows\System\gJFxDcM.exe
  C:\Windows\System\gJFxDcM.exe
  2⤵
  PID:5896
- C:\Windows\System\UwKikrJ.exe
  C:\Windows\System\UwKikrJ.exe
  2⤵
  PID:5920
- C:\Windows\System\ZDcXLSP.exe
  C:\Windows\System\ZDcXLSP.exe
  2⤵
  PID:5944
- C:\Windows\System\SAmhNho.exe
  C:\Windows\System\SAmhNho.exe
  2⤵
  PID:5964
- C:\Windows\System\oGBMqNS.exe
  C:\Windows\System\oGBMqNS.exe
  2⤵
  PID:5984
- C:\Windows\System\bPQVTjx.exe
  C:\Windows\System\bPQVTjx.exe
  2⤵
  PID:6000
- C:\Windows\System\varMXFT.exe
  C:\Windows\System\varMXFT.exe
  2⤵
  PID:6016
- C:\Windows\System\mIhnuGo.exe
  C:\Windows\System\mIhnuGo.exe
  2⤵
  PID:6040
- C:\Windows\System\xkwawnM.exe
  C:\Windows\System\xkwawnM.exe
  2⤵
  PID:6060
- C:\Windows\System\ThreDbB.exe
  C:\Windows\System\ThreDbB.exe
  2⤵
  PID:6080
- C:\Windows\System\uUDEsfM.exe
  C:\Windows\System\uUDEsfM.exe
  2⤵
  PID:6104
- C:\Windows\System\oUOUEWz.exe
  C:\Windows\System\oUOUEWz.exe
  2⤵
  PID:6128
- C:\Windows\System\qzEwzPJ.exe
  C:\Windows\System\qzEwzPJ.exe
  2⤵
  PID:4412
- C:\Windows\System\EJxAVTX.exe
  C:\Windows\System\EJxAVTX.exe
  2⤵
  PID:4432
- C:\Windows\System\cmHWlQR.exe
  C:\Windows\System\cmHWlQR.exe
  2⤵
  PID:4728
- C:\Windows\System\GkGoNnq.exe
  C:\Windows\System\GkGoNnq.exe
  2⤵
  PID:4928
- C:\Windows\System\cJWYweD.exe
  C:\Windows\System\cJWYweD.exe
  2⤵
  PID:4820
- C:\Windows\System\vEREVUN.exe
  C:\Windows\System\vEREVUN.exe
  2⤵
  PID:2900
- C:\Windows\System\emFBntM.exe
  C:\Windows\System\emFBntM.exe
  2⤵
  PID:1620
- C:\Windows\System\jvWckPw.exe
  C:\Windows\System\jvWckPw.exe
  2⤵
  PID:4272
- C:\Windows\System\NPgtbsg.exe
  C:\Windows\System\NPgtbsg.exe
  2⤵
  PID:2840
- C:\Windows\System\SeLOLfl.exe
  C:\Windows\System\SeLOLfl.exe
  2⤵
  PID:3936
- C:\Windows\System\eRPuQUv.exe
  C:\Windows\System\eRPuQUv.exe
  2⤵
  PID:4244
- C:\Windows\System\joAfxiI.exe
  C:\Windows\System\joAfxiI.exe
  2⤵
  PID:4372
- C:\Windows\System\pahXpLI.exe
  C:\Windows\System\pahXpLI.exe
  2⤵
  PID:4656
- C:\Windows\System\jyCZotb.exe
  C:\Windows\System\jyCZotb.exe
  2⤵
  PID:5196
- C:\Windows\System\PeNKBHW.exe
  C:\Windows\System\PeNKBHW.exe
  2⤵
  PID:5172
- C:\Windows\System\OqXNwaf.exe
  C:\Windows\System\OqXNwaf.exe
  2⤵
  PID:5272
- C:\Windows\System\ViegyMI.exe
  C:\Windows\System\ViegyMI.exe
  2⤵
  PID:5280
- C:\Windows\System\CRKoNba.exe
  C:\Windows\System\CRKoNba.exe
  2⤵
  PID:5252
- C:\Windows\System\IqjkPfU.exe
  C:\Windows\System\IqjkPfU.exe
  2⤵
  PID:5300
- C:\Windows\System\PtcXZPp.exe
  C:\Windows\System\PtcXZPp.exe
  2⤵
  PID:5340
- C:\Windows\System\fsrlVDy.exe
  C:\Windows\System\fsrlVDy.exe
  2⤵
  PID:5344
- C:\Windows\System\AasAyIM.exe
  C:\Windows\System\AasAyIM.exe
  2⤵
  PID:5384
- C:\Windows\System\INGWAai.exe
  C:\Windows\System\INGWAai.exe
  2⤵
  PID:5460
- C:\Windows\System\iWJMPWg.exe
  C:\Windows\System\iWJMPWg.exe
  2⤵
  PID:5568
- C:\Windows\System\UIGcVrL.exe
  C:\Windows\System\UIGcVrL.exe
  2⤵
  PID:5496
- C:\Windows\System\ezBIMKF.exe
  C:\Windows\System\ezBIMKF.exe
  2⤵
  PID:5548
- C:\Windows\System\GXbwYQf.exe
  C:\Windows\System\GXbwYQf.exe
  2⤵
  PID:5580
- C:\Windows\System\NwiAUFl.exe
  C:\Windows\System\NwiAUFl.exe
  2⤵
  PID:5684
- C:\Windows\System\OsnUqyq.exe
  C:\Windows\System\OsnUqyq.exe
  2⤵
  PID:5728
- C:\Windows\System\HyptENt.exe
  C:\Windows\System\HyptENt.exe
  2⤵
  PID:5624
- C:\Windows\System\QGYedah.exe
  C:\Windows\System\QGYedah.exe
  2⤵
  PID:5308
- C:\Windows\System\kMinXhH.exe
  C:\Windows\System\kMinXhH.exe
  2⤵
  PID:5748
- C:\Windows\System\wjOwkkA.exe
  C:\Windows\System\wjOwkkA.exe
  2⤵
  PID:5792
- C:\Windows\System\kxxivbE.exe
  C:\Windows\System\kxxivbE.exe
  2⤵
  PID:5844
- C:\Windows\System\ZmNyElL.exe
  C:\Windows\System\ZmNyElL.exe
  2⤵
  PID:5788
- C:\Windows\System\DPisFWz.exe
  C:\Windows\System\DPisFWz.exe
  2⤵
  PID:2992
- C:\Windows\System\GJuAUQz.exe
  C:\Windows\System\GJuAUQz.exe
  2⤵
  PID:5904
- C:\Windows\System\bETByaa.exe
  C:\Windows\System\bETByaa.exe
  2⤵
  PID:5928
- C:\Windows\System\CyvJsaj.exe
  C:\Windows\System\CyvJsaj.exe
  2⤵
  PID:5952
- C:\Windows\System\PZUKgPx.exe
  C:\Windows\System\PZUKgPx.exe
  2⤵
  PID:2516
- C:\Windows\System\LVBmlxl.exe
  C:\Windows\System\LVBmlxl.exe
  2⤵
  PID:5992
- C:\Windows\System\OonRfhW.exe
  C:\Windows\System\OonRfhW.exe
  2⤵
  PID:5716
- C:\Windows\System\dGIzBwC.exe
  C:\Windows\System\dGIzBwC.exe
  2⤵
  PID:640
- C:\Windows\System\yaNgRGP.exe
  C:\Windows\System\yaNgRGP.exe
  2⤵
  PID:2792
- C:\Windows\System\vWfcGwN.exe
  C:\Windows\System\vWfcGwN.exe
  2⤵
  PID:6112
- C:\Windows\System\bpYKFDB.exe
  C:\Windows\System\bpYKFDB.exe
  2⤵
  PID:4632
- C:\Windows\System\iyGPOmk.exe
  C:\Windows\System\iyGPOmk.exe
  2⤵
  PID:6116
- C:\Windows\System\eUZxCUv.exe
  C:\Windows\System\eUZxCUv.exe
  2⤵
  PID:4496
- C:\Windows\System\dPbyZxn.exe
  C:\Windows\System\dPbyZxn.exe
  2⤵
  PID:2504
- C:\Windows\System\lqZiajj.exe
  C:\Windows\System\lqZiajj.exe
  2⤵
  PID:3596
- C:\Windows\System\wFMdgXP.exe
  C:\Windows\System\wFMdgXP.exe
  2⤵
  PID:4456
- C:\Windows\System\BCmdQPa.exe
  C:\Windows\System\BCmdQPa.exe
  2⤵
  PID:3984
- C:\Windows\System\vXzgZmg.exe
  C:\Windows\System\vXzgZmg.exe
  2⤵
  PID:4732
- C:\Windows\System\IBYlOQb.exe
  C:\Windows\System\IBYlOQb.exe
  2⤵
  PID:5216
- C:\Windows\System\pyYFZpr.exe
  C:\Windows\System\pyYFZpr.exe
  2⤵
  PID:5240
- C:\Windows\System\knAYtUo.exe
  C:\Windows\System\knAYtUo.exe
  2⤵
  PID:1892
- C:\Windows\System\kNGdkks.exe
  C:\Windows\System\kNGdkks.exe
  2⤵
  PID:5408
- C:\Windows\System\hjbAJQU.exe
  C:\Windows\System\hjbAJQU.exe
  2⤵
  PID:5456
- C:\Windows\System\fQvxdvt.exe
  C:\Windows\System\fQvxdvt.exe
  2⤵
  PID:5360
- C:\Windows\System\ZUqDGxB.exe
  C:\Windows\System\ZUqDGxB.exe
  2⤵
  PID:5500
- C:\Windows\System\HnzSVNW.exe
  C:\Windows\System\HnzSVNW.exe
  2⤵
  PID:5608
- C:\Windows\System\cLyhZHx.exe
  C:\Windows\System\cLyhZHx.exe
  2⤵
  PID:5564
- C:\Windows\System\gMuEzad.exe
  C:\Windows\System\gMuEzad.exe
  2⤵
  PID:5708
- C:\Windows\System\KWKXPPd.exe
  C:\Windows\System\KWKXPPd.exe
  2⤵
  PID:5680
- C:\Windows\System\xhiCTYO.exe
  C:\Windows\System\xhiCTYO.exe
  2⤵
  PID:1576
- C:\Windows\System\oZPRoNF.exe
  C:\Windows\System\oZPRoNF.exe
  2⤵
  PID:5768
- C:\Windows\System\pmrMDZU.exe
  C:\Windows\System\pmrMDZU.exe
  2⤵
  PID:5848
- C:\Windows\System\IJIoXSG.exe
  C:\Windows\System\IJIoXSG.exe
  2⤵
  PID:5892
- C:\Windows\System\lfKMkZa.exe
  C:\Windows\System\lfKMkZa.exe
  2⤵
  PID:5976
- C:\Windows\System\Ucuwuwo.exe
  C:\Windows\System\Ucuwuwo.exe
  2⤵
  PID:5916
- C:\Windows\System\lUqkaow.exe
  C:\Windows\System\lUqkaow.exe
  2⤵
  PID:6008
- C:\Windows\System\XpEfYxu.exe
  C:\Windows\System\XpEfYxu.exe
  2⤵
  PID:6032
- C:\Windows\System\kwCljSR.exe
  C:\Windows\System\kwCljSR.exe
  2⤵
  PID:6092
- C:\Windows\System\vsPqfhY.exe
  C:\Windows\System\vsPqfhY.exe
  2⤵
  PID:4760
- C:\Windows\System\oRnmHXZ.exe
  C:\Windows\System\oRnmHXZ.exe
  2⤵
  PID:4900
- C:\Windows\System\fXHIDVe.exe
  C:\Windows\System\fXHIDVe.exe
  2⤵
  PID:4476
- C:\Windows\System\pEwAnIU.exe
  C:\Windows\System\pEwAnIU.exe
  2⤵
  PID:3572
- C:\Windows\System\dkguWSd.exe
  C:\Windows\System\dkguWSd.exe
  2⤵
  PID:5156
- C:\Windows\System\lTWsuTz.exe
  C:\Windows\System\lTWsuTz.exe
  2⤵
  PID:5236
- C:\Windows\System\iXpPvhT.exe
  C:\Windows\System\iXpPvhT.exe
  2⤵
  PID:5400
- C:\Windows\System\KRxJTXY.exe
  C:\Windows\System\KRxJTXY.exe
  2⤵
  PID:6124
- C:\Windows\System\WCThzzL.exe
  C:\Windows\System\WCThzzL.exe
  2⤵
  PID:5380
- C:\Windows\System\gAQpXHz.exe
  C:\Windows\System\gAQpXHz.exe
  2⤵
  PID:5516
- C:\Windows\System\hMwSkMu.exe
  C:\Windows\System\hMwSkMu.exe
  2⤵
  PID:5660
- C:\Windows\System\GvFosjj.exe
  C:\Windows\System\GvFosjj.exe
  2⤵
  PID:2112
- C:\Windows\System\TbKaIGT.exe
  C:\Windows\System\TbKaIGT.exe
  2⤵
  PID:2352
- C:\Windows\System\TpWvCAj.exe
  C:\Windows\System\TpWvCAj.exe
  2⤵
  PID:5980
- C:\Windows\System\qcloBRj.exe
  C:\Windows\System\qcloBRj.exe
  2⤵
  PID:1640
- C:\Windows\System\UBwdZKG.exe
  C:\Windows\System\UBwdZKG.exe
  2⤵
  PID:2336
- C:\Windows\System\mbiwcuX.exe
  C:\Windows\System\mbiwcuX.exe
  2⤵
  PID:6076
- C:\Windows\System\IGSoSvx.exe
  C:\Windows\System\IGSoSvx.exe
  2⤵
  PID:2968
- C:\Windows\System\HsBLHmr.exe
  C:\Windows\System\HsBLHmr.exe
  2⤵
  PID:6088
- C:\Windows\System\uWUyuRP.exe
  C:\Windows\System\uWUyuRP.exe
  2⤵
  PID:4964
- C:\Windows\System\NmNiMJn.exe
  C:\Windows\System\NmNiMJn.exe
  2⤵
  PID:6160
- C:\Windows\System\bixneCx.exe
  C:\Windows\System\bixneCx.exe
  2⤵
  PID:6180
- C:\Windows\System\uACmrke.exe
  C:\Windows\System\uACmrke.exe
  2⤵
  PID:6204
- C:\Windows\System\ppYdcGl.exe
  C:\Windows\System\ppYdcGl.exe
  2⤵
  PID:6228
- C:\Windows\System\siCfKEg.exe
  C:\Windows\System\siCfKEg.exe
  2⤵
  PID:6248
- C:\Windows\System\XUuMcit.exe
  C:\Windows\System\XUuMcit.exe
  2⤵
  PID:6264
- C:\Windows\System\OOpdgwl.exe
  C:\Windows\System\OOpdgwl.exe
  2⤵
  PID:6284
- C:\Windows\System\ncNLMxI.exe
  C:\Windows\System\ncNLMxI.exe
  2⤵
  PID:6304
- C:\Windows\System\uEvECTB.exe
  C:\Windows\System\uEvECTB.exe
  2⤵
  PID:6332
- C:\Windows\System\cCMQTgJ.exe
  C:\Windows\System\cCMQTgJ.exe
  2⤵
  PID:6348
- C:\Windows\System\VOEzDdy.exe
  C:\Windows\System\VOEzDdy.exe
  2⤵
  PID:6372
- C:\Windows\System\HQgCGCd.exe
  C:\Windows\System\HQgCGCd.exe
  2⤵
  PID:6392
- C:\Windows\System\FpyXabY.exe
  C:\Windows\System\FpyXabY.exe
  2⤵
  PID:6412
- C:\Windows\System\aqEywFX.exe
  C:\Windows\System\aqEywFX.exe
  2⤵
  PID:6436
- C:\Windows\System\UinzDPS.exe
  C:\Windows\System\UinzDPS.exe
  2⤵
  PID:6460
- C:\Windows\System\xXUPuxF.exe
  C:\Windows\System\xXUPuxF.exe
  2⤵
  PID:6480
- C:\Windows\System\SpzIAvl.exe
  C:\Windows\System\SpzIAvl.exe
  2⤵
  PID:6500
- C:\Windows\System\peafmfM.exe
  C:\Windows\System\peafmfM.exe
  2⤵
  PID:6520
- C:\Windows\System\FWYndeE.exe
  C:\Windows\System\FWYndeE.exe
  2⤵
  PID:6540
- C:\Windows\System\kehRpVP.exe
  C:\Windows\System\kehRpVP.exe
  2⤵
  PID:6560
- C:\Windows\System\JVJDNql.exe
  C:\Windows\System\JVJDNql.exe
  2⤵
  PID:6576
- C:\Windows\System\RlfPOiN.exe
  C:\Windows\System\RlfPOiN.exe
  2⤵
  PID:6596
- C:\Windows\System\LDTVpzg.exe
  C:\Windows\System\LDTVpzg.exe
  2⤵
  PID:6624
- C:\Windows\System\EbZLwGC.exe
  C:\Windows\System\EbZLwGC.exe
  2⤵
  PID:6652
- C:\Windows\System\iqlyTLi.exe
  C:\Windows\System\iqlyTLi.exe
  2⤵
  PID:6668
- C:\Windows\System\kPUCoqa.exe
  C:\Windows\System\kPUCoqa.exe
  2⤵
  PID:6688
- C:\Windows\System\SJryODJ.exe
  C:\Windows\System\SJryODJ.exe
  2⤵
  PID:6704
- C:\Windows\System\NQUnRey.exe
  C:\Windows\System\NQUnRey.exe
  2⤵
  PID:6732
- C:\Windows\System\KreRctd.exe
  C:\Windows\System\KreRctd.exe
  2⤵
  PID:6748
- C:\Windows\System\LjRlDvv.exe
  C:\Windows\System\LjRlDvv.exe
  2⤵
  PID:6776
- C:\Windows\System\OBltZoe.exe
  C:\Windows\System\OBltZoe.exe
  2⤵
  PID:6800
- C:\Windows\System\oYqfccm.exe
  C:\Windows\System\oYqfccm.exe
  2⤵
  PID:6820
- C:\Windows\System\HFiKGuW.exe
  C:\Windows\System\HFiKGuW.exe
  2⤵
  PID:6840
- C:\Windows\System\dPCcTSA.exe
  C:\Windows\System\dPCcTSA.exe
  2⤵
  PID:6868
- C:\Windows\System\YIyiDRJ.exe
  C:\Windows\System\YIyiDRJ.exe
  2⤵
  PID:6884
- C:\Windows\System\Arfjafn.exe
  C:\Windows\System\Arfjafn.exe
  2⤵
  PID:6908
- C:\Windows\System\vDYTsnW.exe
  C:\Windows\System\vDYTsnW.exe
  2⤵
  PID:6932
- C:\Windows\System\TjRvBdM.exe
  C:\Windows\System\TjRvBdM.exe
  2⤵
  PID:6948
- C:\Windows\System\XSgSXfe.exe
  C:\Windows\System\XSgSXfe.exe
  2⤵
  PID:6968
- C:\Windows\System\OLlLYwg.exe
  C:\Windows\System\OLlLYwg.exe
  2⤵
  PID:7000
- C:\Windows\System\qNBlizA.exe
  C:\Windows\System\qNBlizA.exe
  2⤵
  PID:7016
- C:\Windows\System\CJnKzJa.exe
  C:\Windows\System\CJnKzJa.exe
  2⤵
  PID:7032
- C:\Windows\System\TxfWdXf.exe
  C:\Windows\System\TxfWdXf.exe
  2⤵
  PID:7052
- C:\Windows\System\YdeianX.exe
  C:\Windows\System\YdeianX.exe
  2⤵
  PID:7076
- C:\Windows\System\sXwGEbu.exe
  C:\Windows\System\sXwGEbu.exe
  2⤵
  PID:7116
- C:\Windows\System\XlGUKlK.exe
  C:\Windows\System\XlGUKlK.exe
  2⤵
  PID:7144
- C:\Windows\System\MHFKJjZ.exe
  C:\Windows\System\MHFKJjZ.exe
  2⤵
  PID:7164
- C:\Windows\System\hYbkJRr.exe
  C:\Windows\System\hYbkJRr.exe
  2⤵
  PID:5480
- C:\Windows\System\xPQNfGL.exe
  C:\Windows\System\xPQNfGL.exe
  2⤵
  PID:5136
- C:\Windows\System\WGEVBZT.exe
  C:\Windows\System\WGEVBZT.exe
  2⤵
  PID:5200
- C:\Windows\System\EiURSgl.exe
  C:\Windows\System\EiURSgl.exe
  2⤵
  PID:968
- C:\Windows\System\YUebTwk.exe
  C:\Windows\System\YUebTwk.exe
  2⤵
  PID:4884
- C:\Windows\System\eyYVPwJ.exe
  C:\Windows\System\eyYVPwJ.exe
  2⤵
  PID:6028
- C:\Windows\System\FyYEHFv.exe
  C:\Windows\System\FyYEHFv.exe
  2⤵
  PID:5452
- C:\Windows\System\vcyvyIG.exe
  C:\Windows\System\vcyvyIG.exe
  2⤵
  PID:6172
- C:\Windows\System\PcrjMFi.exe
  C:\Windows\System\PcrjMFi.exe
  2⤵
  PID:5908
- C:\Windows\System\AcZiFLy.exe
  C:\Windows\System\AcZiFLy.exe
  2⤵
  PID:6224
- C:\Windows\System\SAWRqiL.exe
  C:\Windows\System\SAWRqiL.exe
  2⤵
  PID:6036
- C:\Windows\System\xOGJQdT.exe
  C:\Windows\System\xOGJQdT.exe
  2⤵
  PID:6152
- C:\Windows\System\uKjoYDK.exe
  C:\Windows\System\uKjoYDK.exe
  2⤵
  PID:6192
- C:\Windows\System\hCLkaUL.exe
  C:\Windows\System\hCLkaUL.exe
  2⤵
  PID:6276
- C:\Windows\System\wJvugcc.exe
  C:\Windows\System\wJvugcc.exe
  2⤵
  PID:6380
- C:\Windows\System\KJvIqmI.exe
  C:\Windows\System\KJvIqmI.exe
  2⤵
  PID:6428
- C:\Windows\System\VDxEjfq.exe
  C:\Windows\System\VDxEjfq.exe
  2⤵
  PID:6468
- C:\Windows\System\ZbagTXd.exe
  C:\Windows\System\ZbagTXd.exe
  2⤵
  PID:6360
- C:\Windows\System\msbdGuH.exe
  C:\Windows\System\msbdGuH.exe
  2⤵
  PID:6508
- C:\Windows\System\njCZIIv.exe
  C:\Windows\System\njCZIIv.exe
  2⤵
  PID:6552
- C:\Windows\System\TYnIXLi.exe
  C:\Windows\System\TYnIXLi.exe
  2⤵
  PID:2456
- C:\Windows\System\idghTsO.exe
  C:\Windows\System\idghTsO.exe
  2⤵
  PID:6640
- C:\Windows\System\NjlMLhm.exe
  C:\Windows\System\NjlMLhm.exe
  2⤵
  PID:6680
- C:\Windows\System\xKCrRlk.exe
  C:\Windows\System\xKCrRlk.exe
  2⤵
  PID:6716
- C:\Windows\System\XZhLlWK.exe
  C:\Windows\System\XZhLlWK.exe
  2⤵
  PID:6488
- C:\Windows\System\TpdUuPd.exe
  C:\Windows\System\TpdUuPd.exe
  2⤵
  PID:6816
- C:\Windows\System\lMFWIjc.exe
  C:\Windows\System\lMFWIjc.exe
  2⤵
  PID:6860
- C:\Windows\System\WCZTKQp.exe
  C:\Windows\System\WCZTKQp.exe
  2⤵
  PID:6532
- C:\Windows\System\TDBhbWl.exe
  C:\Windows\System\TDBhbWl.exe
  2⤵
  PID:6572
- C:\Windows\System\ocxsSyJ.exe
  C:\Windows\System\ocxsSyJ.exe
  2⤵
  PID:6616
- C:\Windows\System\HKSyeUN.exe
  C:\Windows\System\HKSyeUN.exe
  2⤵
  PID:6984
- C:\Windows\System\MaYwQiM.exe
  C:\Windows\System\MaYwQiM.exe
  2⤵
  PID:6700
- C:\Windows\System\tWNFYrO.exe
  C:\Windows\System\tWNFYrO.exe
  2⤵
  PID:6788
- C:\Windows\System\vqAzTyZ.exe
  C:\Windows\System\vqAzTyZ.exe
  2⤵
  PID:7060
- C:\Windows\System\bQdrLIL.exe
  C:\Windows\System\bQdrLIL.exe
  2⤵
  PID:6880
- C:\Windows\System\bCflaMq.exe
  C:\Windows\System\bCflaMq.exe
  2⤵
  PID:7012
- C:\Windows\System\RKirRYb.exe
  C:\Windows\System\RKirRYb.exe
  2⤵
  PID:7124
- C:\Windows\System\cquvFNc.exe
  C:\Windows\System\cquvFNc.exe
  2⤵
  PID:2924
- C:\Windows\System\aeYSjkW.exe
  C:\Windows\System\aeYSjkW.exe
  2⤵
  PID:7104
- C:\Windows\System\ehmrAfD.exe
  C:\Windows\System\ehmrAfD.exe
  2⤵
  PID:5132
- C:\Windows\System\ZiUVlRO.exe
  C:\Windows\System\ZiUVlRO.exe
  2⤵
  PID:1868
- C:\Windows\System\BwLxQhN.exe
  C:\Windows\System\BwLxQhN.exe
  2⤵
  PID:5492
- C:\Windows\System\GHFjomP.exe
  C:\Windows\System\GHFjomP.exe
  2⤵
  PID:5604
- C:\Windows\System\jKyMoDh.exe
  C:\Windows\System\jKyMoDh.exe
  2⤵
  PID:3660
- C:\Windows\System\fYVedjI.exe
  C:\Windows\System\fYVedjI.exe
  2⤵
  PID:6328
- C:\Windows\System\qsJLlHY.exe
  C:\Windows\System\qsJLlHY.exe
  2⤵
  PID:5656
- C:\Windows\System\pLhdYGq.exe
  C:\Windows\System\pLhdYGq.exe
  2⤵
  PID:5588
- C:\Windows\System\kGiULhw.exe
  C:\Windows\System\kGiULhw.exe
  2⤵
  PID:6320
- C:\Windows\System\ZZFbTjw.exe
  C:\Windows\System\ZZFbTjw.exe
  2⤵
  PID:6300
- C:\Windows\System\jNFhuHu.exe
  C:\Windows\System\jNFhuHu.exe
  2⤵
  PID:6240
- C:\Windows\System\xkhTdjy.exe
  C:\Windows\System\xkhTdjy.exe
  2⤵
  PID:6420
- C:\Windows\System\Rwqcpzw.exe
  C:\Windows\System\Rwqcpzw.exe
  2⤵
  PID:6324
- C:\Windows\System\ZeBsZhg.exe
  C:\Windows\System\ZeBsZhg.exe
  2⤵
  PID:6456
- C:\Windows\System\JsaAVXS.exe
  C:\Windows\System\JsaAVXS.exe
  2⤵
  PID:6556
- C:\Windows\System\NohEyDI.exe
  C:\Windows\System\NohEyDI.exe
  2⤵
  PID:6632
- C:\Windows\System\HArZPvK.exe
  C:\Windows\System\HArZPvK.exe
  2⤵
  PID:6848
- C:\Windows\System\tqAWCcn.exe
  C:\Windows\System\tqAWCcn.exe
  2⤵
  PID:6904
- C:\Windows\System\hKaZBwY.exe
  C:\Windows\System\hKaZBwY.exe
  2⤵
  PID:6528
- C:\Windows\System\TwQkoKy.exe
  C:\Windows\System\TwQkoKy.exe
  2⤵
  PID:2764
- C:\Windows\System\tMCcfvZ.exe
  C:\Windows\System\tMCcfvZ.exe
  2⤵
  PID:6896
- C:\Windows\System\ZLcFcSN.exe
  C:\Windows\System\ZLcFcSN.exe
  2⤵
  PID:7072
- C:\Windows\System\kilxTaF.exe
  C:\Windows\System\kilxTaF.exe
  2⤵
  PID:6920
- C:\Windows\System\HqfrPOE.exe
  C:\Windows\System\HqfrPOE.exe
  2⤵
  PID:7100
- C:\Windows\System\aTQmdUI.exe
  C:\Windows\System\aTQmdUI.exe
  2⤵
  PID:4968
- C:\Windows\System\nPOwlkH.exe
  C:\Windows\System\nPOwlkH.exe
  2⤵
  PID:5440
- C:\Windows\System\KDyZnsu.exe
  C:\Windows\System\KDyZnsu.exe
  2⤵
  PID:6424
- C:\Windows\System\RIdThad.exe
  C:\Windows\System\RIdThad.exe
  2⤵
  PID:6388
- C:\Windows\System\yIHujgh.exe
  C:\Windows\System\yIHujgh.exe
  2⤵
  PID:6548
- C:\Windows\System\DIVkzYQ.exe
  C:\Windows\System\DIVkzYQ.exe
  2⤵
  PID:6944
- C:\Windows\System\YZINvlm.exe
  C:\Windows\System\YZINvlm.exe
  2⤵
  PID:876
- C:\Windows\System\HxWkCGH.exe
  C:\Windows\System\HxWkCGH.exe
  2⤵
  PID:6664
- C:\Windows\System\qUyhbju.exe
  C:\Windows\System\qUyhbju.exe
  2⤵
  PID:7136
- C:\Windows\System\PZiZhvP.exe
  C:\Windows\System\PZiZhvP.exe
  2⤵
  PID:2508
- C:\Windows\System\NuXTUyR.exe
  C:\Windows\System\NuXTUyR.exe
  2⤵
  PID:7160
- C:\Windows\System\rZPpnKt.exe
  C:\Windows\System\rZPpnKt.exe
  2⤵
  PID:1636
- C:\Windows\System\PpDZheS.exe
  C:\Windows\System\PpDZheS.exe
  2⤵
  PID:6768
- C:\Windows\System\YYNNNvy.exe
  C:\Windows\System\YYNNNvy.exe
  2⤵
  PID:2868
- C:\Windows\System\GDAHRWh.exe
  C:\Windows\System\GDAHRWh.exe
  2⤵
  PID:6188
- C:\Windows\System\oNnmAtC.exe
  C:\Windows\System\oNnmAtC.exe
  2⤵
  PID:6784
- C:\Windows\System\rHPurEW.exe
  C:\Windows\System\rHPurEW.exe
  2⤵
  PID:6760
- C:\Windows\System\Tumaxvj.exe
  C:\Windows\System\Tumaxvj.exe
  2⤵
  PID:6400
- C:\Windows\System\ZZezZHs.exe
  C:\Windows\System\ZZezZHs.exe
  2⤵
  PID:2912
- C:\Windows\System\boUWirY.exe
  C:\Windows\System\boUWirY.exe
  2⤵
  PID:7024
- C:\Windows\System\MYmPugz.exe
  C:\Windows\System\MYmPugz.exe
  2⤵
  PID:2224
- C:\Windows\System\zblkFTz.exe
  C:\Windows\System\zblkFTz.exe
  2⤵
  PID:6216
- C:\Windows\System\HfuhNCy.exe
  C:\Windows\System\HfuhNCy.exe
  2⤵
  PID:2736
- C:\Windows\System\wKaeaDg.exe
  C:\Windows\System\wKaeaDg.exe
  2⤵
  PID:6604
- C:\Windows\System\yeqjCIC.exe
  C:\Windows\System\yeqjCIC.exe
  2⤵
  PID:2088
- C:\Windows\System\CpMSAFz.exe
  C:\Windows\System\CpMSAFz.exe
  2⤵
  PID:7184
- C:\Windows\System\onSmUOi.exe
  C:\Windows\System\onSmUOi.exe
  2⤵
  PID:7252
- C:\Windows\System\BNOECyV.exe
  C:\Windows\System\BNOECyV.exe
  2⤵
  PID:7276
- C:\Windows\System\iEGvrQy.exe
  C:\Windows\System\iEGvrQy.exe
  2⤵
  PID:7292
- C:\Windows\System\tHMJOEl.exe
  C:\Windows\System\tHMJOEl.exe
  2⤵
  PID:7312
- C:\Windows\System\tSgVbRT.exe
  C:\Windows\System\tSgVbRT.exe
  2⤵
  PID:7328
- C:\Windows\System\KPhULiL.exe
  C:\Windows\System\KPhULiL.exe
  2⤵
  PID:7344
- C:\Windows\System\ImqzMMj.exe
  C:\Windows\System\ImqzMMj.exe
  2⤵
  PID:7360
- C:\Windows\System\xUKyWKu.exe
  C:\Windows\System\xUKyWKu.exe
  2⤵
  PID:7380
- C:\Windows\System\kYcQlXi.exe
  C:\Windows\System\kYcQlXi.exe
  2⤵
  PID:7396
- C:\Windows\System\BqseiPI.exe
  C:\Windows\System\BqseiPI.exe
  2⤵
  PID:7420
- C:\Windows\System\ERiGXaf.exe
  C:\Windows\System\ERiGXaf.exe
  2⤵
  PID:7440
- C:\Windows\System\qzAaEBv.exe
  C:\Windows\System\qzAaEBv.exe
  2⤵
  PID:7456
- C:\Windows\System\qejbCgq.exe
  C:\Windows\System\qejbCgq.exe
  2⤵
  PID:7472
- C:\Windows\System\BsmDHAs.exe
  C:\Windows\System\BsmDHAs.exe
  2⤵
  PID:7488
- C:\Windows\System\yIbOLdh.exe
  C:\Windows\System\yIbOLdh.exe
  2⤵
  PID:7508
- C:\Windows\System\VwijjWI.exe
  C:\Windows\System\VwijjWI.exe
  2⤵
  PID:7528
- C:\Windows\System\dDENnNZ.exe
  C:\Windows\System\dDENnNZ.exe
  2⤵
  PID:7544
- C:\Windows\System\XhBUSgu.exe
  C:\Windows\System\XhBUSgu.exe
  2⤵
  PID:7560
- C:\Windows\System\qhtaPEX.exe
  C:\Windows\System\qhtaPEX.exe
  2⤵
  PID:7576
- C:\Windows\System\SEAIlmC.exe
  C:\Windows\System\SEAIlmC.exe
  2⤵
  PID:7592
- C:\Windows\System\qVgMeJl.exe
  C:\Windows\System\qVgMeJl.exe
  2⤵
  PID:7608
- C:\Windows\System\YjzUUwR.exe
  C:\Windows\System\YjzUUwR.exe
  2⤵
  PID:7624
- C:\Windows\System\LENmQgq.exe
  C:\Windows\System\LENmQgq.exe
  2⤵
  PID:7644
- C:\Windows\System\EjZqcTd.exe
  C:\Windows\System\EjZqcTd.exe
  2⤵
  PID:7660
- C:\Windows\System\XVdJiba.exe
  C:\Windows\System\XVdJiba.exe
  2⤵
  PID:7684
- C:\Windows\System\QQkKcgZ.exe
  C:\Windows\System\QQkKcgZ.exe
  2⤵
  PID:7704
- C:\Windows\System\ILiirZU.exe
  C:\Windows\System\ILiirZU.exe
  2⤵
  PID:7724
- C:\Windows\System\LOWAGWe.exe
  C:\Windows\System\LOWAGWe.exe
  2⤵
  PID:7744
- C:\Windows\System\OnslLiD.exe
  C:\Windows\System\OnslLiD.exe
  2⤵
  PID:7760
- C:\Windows\System\JVDqmpw.exe
  C:\Windows\System\JVDqmpw.exe
  2⤵
  PID:7792
- C:\Windows\System\Nnvppaf.exe
  C:\Windows\System\Nnvppaf.exe
  2⤵
  PID:7892
- C:\Windows\System\MXAZZcl.exe
  C:\Windows\System\MXAZZcl.exe
  2⤵
  PID:7912
- C:\Windows\System\ZQxJDkl.exe
  C:\Windows\System\ZQxJDkl.exe
  2⤵
  PID:7928
- C:\Windows\System\PKGazYt.exe
  C:\Windows\System\PKGazYt.exe
  2⤵
  PID:7944
- C:\Windows\System\TGNZzfF.exe
  C:\Windows\System\TGNZzfF.exe
  2⤵
  PID:7960
- C:\Windows\System\QNxutQb.exe
  C:\Windows\System\QNxutQb.exe
  2⤵
  PID:7976
- C:\Windows\System\zHnYiOD.exe
  C:\Windows\System\zHnYiOD.exe
  2⤵
  PID:7992
- C:\Windows\System\IfuIcdh.exe
  C:\Windows\System\IfuIcdh.exe
  2⤵
  PID:8008
- C:\Windows\System\Vsubhna.exe
  C:\Windows\System\Vsubhna.exe
  2⤵
  PID:8024
- C:\Windows\System\QEhAqHW.exe
  C:\Windows\System\QEhAqHW.exe
  2⤵
  PID:8040
- C:\Windows\System\RbOKjYw.exe
  C:\Windows\System\RbOKjYw.exe
  2⤵
  PID:8056
- C:\Windows\System\QtTjOBh.exe
  C:\Windows\System\QtTjOBh.exe
  2⤵
  PID:8072
- C:\Windows\System\ycDTdVj.exe
  C:\Windows\System\ycDTdVj.exe
  2⤵
  PID:8088
- C:\Windows\System\nZyFxeo.exe
  C:\Windows\System\nZyFxeo.exe
  2⤵
  PID:8104
- C:\Windows\System\OOVBpvF.exe
  C:\Windows\System\OOVBpvF.exe
  2⤵
  PID:8120
- C:\Windows\System\qRKecir.exe
  C:\Windows\System\qRKecir.exe
  2⤵
  PID:8136
- C:\Windows\System\XNMJkkb.exe
  C:\Windows\System\XNMJkkb.exe
  2⤵
  PID:8152
- C:\Windows\System\XwhTziC.exe
  C:\Windows\System\XwhTziC.exe
  2⤵
  PID:8168
- C:\Windows\System\YpXTDAI.exe
  C:\Windows\System\YpXTDAI.exe
  2⤵
  PID:8184
- C:\Windows\System\cQPyVBN.exe
  C:\Windows\System\cQPyVBN.exe
  2⤵
  PID:7156
- C:\Windows\System\goIgvnf.exe
  C:\Windows\System\goIgvnf.exe
  2⤵
  PID:6836
- C:\Windows\System\MrBLuRy.exe
  C:\Windows\System\MrBLuRy.exe
  2⤵
  PID:3008
- C:\Windows\System\XHxShVB.exe
  C:\Windows\System\XHxShVB.exe
  2⤵
  PID:6720
- C:\Windows\System\uyYTQYZ.exe
  C:\Windows\System\uyYTQYZ.exe
  2⤵
  PID:4840
- C:\Windows\System\MxOeMpY.exe
  C:\Windows\System\MxOeMpY.exe
  2⤵
  PID:2920
- C:\Windows\System\kwAsgLq.exe
  C:\Windows\System\kwAsgLq.exe
  2⤵
  PID:6100
- C:\Windows\System\iboYOPi.exe
  C:\Windows\System\iboYOPi.exe
  2⤵
  PID:6244
- C:\Windows\System\MQCHjtS.exe
  C:\Windows\System\MQCHjtS.exe
  2⤵
  PID:7088
- C:\Windows\System\zwephps.exe
  C:\Windows\System\zwephps.exe
  2⤵
  PID:6260
- C:\Windows\System\jfNiyRU.exe
  C:\Windows\System\jfNiyRU.exe
  2⤵
  PID:7192
- C:\Windows\System\cAsqbMc.exe
  C:\Windows\System\cAsqbMc.exe
  2⤵
  PID:2368
- C:\Windows\System\lqpxXkO.exe
  C:\Windows\System\lqpxXkO.exe
  2⤵
  PID:2928
- C:\Windows\System\IrggLSV.exe
  C:\Windows\System\IrggLSV.exe
  2⤵
  PID:7264
- C:\Windows\System\EksVnLm.exe
  C:\Windows\System\EksVnLm.exe
  2⤵
  PID:7308
- C:\Windows\System\XtYyiHa.exe
  C:\Windows\System\XtYyiHa.exe
  2⤵
  PID:7340
- C:\Windows\System\skLRKup.exe
  C:\Windows\System\skLRKup.exe
  2⤵
  PID:7412
- C:\Windows\System\FafHpEm.exe
  C:\Windows\System\FafHpEm.exe
  2⤵
  PID:7428
- C:\Windows\System\oseadlx.exe
  C:\Windows\System\oseadlx.exe
  2⤵
  PID:7452
- C:\Windows\System\uyUelRM.exe
  C:\Windows\System\uyUelRM.exe
  2⤵
  PID:2588
- C:\Windows\System\CFrsnHM.exe
  C:\Windows\System\CFrsnHM.exe
  2⤵
  PID:7516
- C:\Windows\System\iELHLQi.exe
  C:\Windows\System\iELHLQi.exe
  2⤵
  PID:7464
- C:\Windows\System\cZXApNU.exe
  C:\Windows\System\cZXApNU.exe
  2⤵
  PID:2276
- C:\Windows\System\TDxjari.exe
  C:\Windows\System\TDxjari.exe
  2⤵
  PID:1184
- C:\Windows\System\BmwkBRz.exe
  C:\Windows\System\BmwkBRz.exe
  2⤵
  PID:7504
- C:\Windows\System\wXROJxe.exe
  C:\Windows\System\wXROJxe.exe
  2⤵
  PID:7572
- C:\Windows\System\ZIkCOso.exe
  C:\Windows\System\ZIkCOso.exe
  2⤵
  PID:7668
- C:\Windows\System\AtsHoUa.exe
  C:\Windows\System\AtsHoUa.exe
  2⤵
  PID:7676
- C:\Windows\System\QqzqrMO.exe
  C:\Windows\System\QqzqrMO.exe
  2⤵
  PID:7712
- C:\Windows\System\zHOTFpc.exe
  C:\Windows\System\zHOTFpc.exe
  2⤵
  PID:7788
- C:\Windows\System\sIpAqzg.exe
  C:\Windows\System\sIpAqzg.exe
  2⤵
  PID:3004
- C:\Windows\System\OOPDdgI.exe
  C:\Windows\System\OOPDdgI.exe
  2⤵
  PID:1324
- C:\Windows\System\LOdcwiD.exe
  C:\Windows\System\LOdcwiD.exe
  2⤵
  PID:7816
- C:\Windows\System\FXEboKH.exe
  C:\Windows\System\FXEboKH.exe
  2⤵
  PID:7836
- C:\Windows\System\axczPgE.exe
  C:\Windows\System\axczPgE.exe
  2⤵
  PID:2060
- C:\Windows\System\oMfEoMR.exe
  C:\Windows\System\oMfEoMR.exe
  2⤵
  PID:7848
- C:\Windows\System\RcsYHQc.exe
  C:\Windows\System\RcsYHQc.exe
  2⤵
  PID:7860
- C:\Windows\System\LiyogqQ.exe
  C:\Windows\System\LiyogqQ.exe
  2⤵
  PID:7920
- C:\Windows\System\LxomxPv.exe
  C:\Windows\System\LxomxPv.exe
  2⤵
  PID:7908
- C:\Windows\System\tVMbBmf.exe
  C:\Windows\System\tVMbBmf.exe
  2⤵
  PID:8048
- C:\Windows\System\iHIgQef.exe
  C:\Windows\System\iHIgQef.exe
  2⤵
  PID:8080
- C:\Windows\System\bUqTTlP.exe
  C:\Windows\System\bUqTTlP.exe
  2⤵
  PID:7972
- C:\Windows\System\iKhobSf.exe
  C:\Windows\System\iKhobSf.exe
  2⤵
  PID:8064
- C:\Windows\System\mamJKHC.exe
  C:\Windows\System\mamJKHC.exe
  2⤵
  PID:8116
- C:\Windows\System\CcEOJwY.exe
  C:\Windows\System\CcEOJwY.exe
  2⤵
  PID:8176
- C:\Windows\System\rmizvXT.exe
  C:\Windows\System\rmizvXT.exe
  2⤵
  PID:5436
- C:\Windows\System\mLcAlal.exe
  C:\Windows\System\mLcAlal.exe
  2⤵
  PID:7176
- C:\Windows\System\aKqwgfp.exe
  C:\Windows\System\aKqwgfp.exe
  2⤵
  PID:7844
- C:\Windows\System\abzvzqy.exe
  C:\Windows\System\abzvzqy.exe
  2⤵
  PID:7044
- C:\Windows\System\THwzbXM.exe
  C:\Windows\System\THwzbXM.exe
  2⤵
  PID:6684
- C:\Windows\System\TIvAmUV.exe
  C:\Windows\System\TIvAmUV.exe
  2⤵
  PID:2500
- C:\Windows\System\GfILbyf.exe
  C:\Windows\System\GfILbyf.exe
  2⤵
  PID:5868
- C:\Windows\System\rFPLMbT.exe
  C:\Windows\System\rFPLMbT.exe
  2⤵
  PID:6592
- C:\Windows\System\aGSPglp.exe
  C:\Windows\System\aGSPglp.exe
  2⤵
  PID:7096
- C:\Windows\System\hwtDQCL.exe
  C:\Windows\System\hwtDQCL.exe
  2⤵
  PID:7224
- C:\Windows\System\kPwGRIX.exe
  C:\Windows\System\kPwGRIX.exe
  2⤵
  PID:2808
- C:\Windows\System\KwgUoQL.exe
  C:\Windows\System\KwgUoQL.exe
  2⤵
  PID:7232
- C:\Windows\System\WTyQIjP.exe
  C:\Windows\System\WTyQIjP.exe
  2⤵
  PID:7300
- C:\Windows\System\UyBdqrN.exe
  C:\Windows\System\UyBdqrN.exe
  2⤵
  PID:7324
- C:\Windows\System\zinwbZW.exe
  C:\Windows\System\zinwbZW.exe
  2⤵
  PID:7484
- C:\Windows\System\XCkexRv.exe
  C:\Windows\System\XCkexRv.exe
  2⤵
  PID:7404
- C:\Windows\System\dWknXcI.exe
  C:\Windows\System\dWknXcI.exe
  2⤵
  PID:7568
- C:\Windows\System\VtvQutj.exe
  C:\Windows\System\VtvQutj.exe
  2⤵
  PID:596
- C:\Windows\System\bRtPdgQ.exe
  C:\Windows\System\bRtPdgQ.exe
  2⤵
  PID:320
- C:\Windows\System\PzTiAuv.exe
  C:\Windows\System\PzTiAuv.exe
  2⤵
  PID:7672
- C:\Windows\System\pFBkKNS.exe
  C:\Windows\System\pFBkKNS.exe
  2⤵
  PID:7700
- C:\Windows\System\ZGTTPeP.exe
  C:\Windows\System\ZGTTPeP.exe
  2⤵
  PID:2604
- C:\Windows\System\HNuoSAY.exe
  C:\Windows\System\HNuoSAY.exe
  2⤵
  PID:1884
- C:\Windows\System\NnbqKFQ.exe
  C:\Windows\System\NnbqKFQ.exe
  2⤵
  PID:7808
- C:\Windows\System\fcWITte.exe
  C:\Windows\System\fcWITte.exe
  2⤵
  PID:7800
- C:\Windows\System\pplhIMv.exe
  C:\Windows\System\pplhIMv.exe
  2⤵
  PID:7716
- C:\Windows\System\VmwnWlN.exe
  C:\Windows\System\VmwnWlN.exe
  2⤵
  PID:7636
- C:\Windows\System\UCPHRfr.exe
  C:\Windows\System\UCPHRfr.exe
  2⤵
  PID:7852
- C:\Windows\System\ermGiHQ.exe
  C:\Windows\System\ermGiHQ.exe
  2⤵
  PID:8016
- C:\Windows\System\RIXGGFe.exe
  C:\Windows\System\RIXGGFe.exe
  2⤵
  PID:8128
- C:\Windows\System\ToGSDrF.exe
  C:\Windows\System\ToGSDrF.exe
  2⤵
  PID:7856
- C:\Windows\System\CzXycfE.exe
  C:\Windows\System\CzXycfE.exe
  2⤵
  PID:8100
- C:\Windows\System\HYfjaTj.exe
  C:\Windows\System\HYfjaTj.exe
  2⤵
  PID:6988
- C:\Windows\System\OdbLkPr.exe
  C:\Windows\System\OdbLkPr.exe
  2⤵
  PID:7180
- C:\Windows\System\fPQnXba.exe
  C:\Windows\System\fPQnXba.exe
  2⤵
  PID:1112
- C:\Windows\System\XGheKfL.exe
  C:\Windows\System\XGheKfL.exe
  2⤵
  PID:2468
- C:\Windows\System\jxUWhNA.exe
  C:\Windows\System\jxUWhNA.exe
  2⤵
  PID:8032
- C:\Windows\System\sVtpXxx.exe
  C:\Windows\System\sVtpXxx.exe
  2⤵
  PID:6384
- C:\Windows\System\GhzzsdP.exe
  C:\Windows\System\GhzzsdP.exe
  2⤵
  PID:6772
- C:\Windows\System\XgLVSqC.exe
  C:\Windows\System\XgLVSqC.exe
  2⤵
  PID:5876
- C:\Windows\System\JuSpmgZ.exe
  C:\Windows\System\JuSpmgZ.exe
  2⤵
  PID:7408
- C:\Windows\System\WZVxmts.exe
  C:\Windows\System\WZVxmts.exe
  2⤵
  PID:1088
- C:\Windows\System\PqwPyWL.exe
  C:\Windows\System\PqwPyWL.exe
  2⤵
  PID:7092
- C:\Windows\System\FUUSSBl.exe
  C:\Windows\System\FUUSSBl.exe
  2⤵
  PID:7552
- C:\Windows\System\UYtrxlH.exe
  C:\Windows\System\UYtrxlH.exe
  2⤵
  PID:7496
- C:\Windows\System\VZmgDrE.exe
  C:\Windows\System\VZmgDrE.exe
  2⤵
  PID:7812
- C:\Windows\System\wqhazxw.exe
  C:\Windows\System\wqhazxw.exe
  2⤵
  PID:7768
- C:\Windows\System\NZSChZZ.exe
  C:\Windows\System\NZSChZZ.exe
  2⤵
  PID:2528
- C:\Windows\System\pzzNqha.exe
  C:\Windows\System\pzzNqha.exe
  2⤵
  PID:8020
- C:\Windows\System\qjQyhZD.exe
  C:\Windows\System\qjQyhZD.exe
  2⤵
  PID:7604
- C:\Windows\System\YSgnrSr.exe
  C:\Windows\System\YSgnrSr.exe
  2⤵
  PID:2068
- C:\Windows\System\uCiEQlW.exe
  C:\Windows\System\uCiEQlW.exe
  2⤵
  PID:7876
- C:\Windows\System\XPrcdoh.exe
  C:\Windows\System\XPrcdoh.exe
  2⤵
  PID:7888
- C:\Windows\System\TaXLhMW.exe
  C:\Windows\System\TaXLhMW.exe
  2⤵
  PID:6196
- C:\Windows\System\meXdUYW.exe
  C:\Windows\System\meXdUYW.exe
  2⤵
  PID:7480
- C:\Windows\System\qOziFbP.exe
  C:\Windows\System\qOziFbP.exe
  2⤵
  PID:7900
- C:\Windows\System\EFRRDzy.exe
  C:\Windows\System\EFRRDzy.exe
  2⤵
  PID:2864
- C:\Windows\System\lhXdEoL.exe
  C:\Windows\System\lhXdEoL.exe
  2⤵
  PID:7696
- C:\Windows\System\UqpziPz.exe
  C:\Windows\System\UqpziPz.exe
  2⤵
  PID:3536
- C:\Windows\System\AUoHpdz.exe
  C:\Windows\System\AUoHpdz.exe
  2⤵
  PID:7212
- C:\Windows\System\GQrpclr.exe
  C:\Windows\System\GQrpclr.exe
  2⤵
  PID:2280
- C:\Windows\System\vjqTTQF.exe
  C:\Windows\System\vjqTTQF.exe
  2⤵
  PID:2464
- C:\Windows\System\puohjQk.exe
  C:\Windows\System\puohjQk.exe
  2⤵
  PID:7872
- C:\Windows\System\RTmUcHg.exe
  C:\Windows\System\RTmUcHg.exe
  2⤵
  PID:7736
- C:\Windows\System\bWXrobw.exe
  C:\Windows\System\bWXrobw.exe
  2⤵
  PID:7288
- C:\Windows\System\DGbqTTL.exe
  C:\Windows\System\DGbqTTL.exe
  2⤵
  PID:7448
- C:\Windows\System\BlWghAF.exe
  C:\Windows\System\BlWghAF.exe
  2⤵
  PID:2944
- C:\Windows\System\UOJwftM.exe
  C:\Windows\System\UOJwftM.exe
  2⤵
  PID:1476
- C:\Windows\System\ferMFZJ.exe
  C:\Windows\System\ferMFZJ.exe
  2⤵
  PID:6496
- C:\Windows\System\oMHElbU.exe
  C:\Windows\System\oMHElbU.exe
  2⤵
  PID:7656
- C:\Windows\System\HZJNBDZ.exe
  C:\Windows\System\HZJNBDZ.exe
  2⤵
  PID:1120
- C:\Windows\System\KQyfTXl.exe
  C:\Windows\System\KQyfTXl.exe
  2⤵
  PID:7804
- C:\Windows\System\jccXyBk.exe
  C:\Windows\System\jccXyBk.exe
  2⤵
  PID:6996
- C:\Windows\System\kHMKbWy.exe
  C:\Windows\System\kHMKbWy.exe
  2⤵
  PID:6472
- C:\Windows\System\slJfjea.exe
  C:\Windows\System\slJfjea.exe
  2⤵
  PID:1784
- C:\Windows\System\YOegHwX.exe
  C:\Windows\System\YOegHwX.exe
  2⤵
  PID:7220
- C:\Windows\System\xxZYoRh.exe
  C:\Windows\System\xxZYoRh.exe
  2⤵
  PID:568
- C:\Windows\System\PUjOvjt.exe
  C:\Windows\System\PUjOvjt.exe
  2⤵
  PID:7500
- C:\Windows\System\XEgPnoZ.exe
  C:\Windows\System\XEgPnoZ.exe
  2⤵
  PID:6792
- C:\Windows\System\cPIfFGH.exe
  C:\Windows\System\cPIfFGH.exe
  2⤵
  PID:7356
- C:\Windows\System\sUfqujk.exe
  C:\Windows\System\sUfqujk.exe
  2⤵
  PID:2192
- C:\Windows\System\TqeNPVb.exe
  C:\Windows\System\TqeNPVb.exe
  2⤵
  PID:8200
- C:\Windows\System\YhNKWDP.exe
  C:\Windows\System\YhNKWDP.exe
  2⤵
  PID:8220
- C:\Windows\System\ecYCcDg.exe
  C:\Windows\System\ecYCcDg.exe
  2⤵
  PID:8236
- C:\Windows\System\oFaWKPE.exe
  C:\Windows\System\oFaWKPE.exe
  2⤵
  PID:8252
- C:\Windows\System\HyjsymX.exe
  C:\Windows\System\HyjsymX.exe
  2⤵
  PID:8272
- C:\Windows\System\PuYyEMw.exe
  C:\Windows\System\PuYyEMw.exe
  2⤵
  PID:8292
- C:\Windows\System\EFtzoxH.exe
  C:\Windows\System\EFtzoxH.exe
  2⤵
  PID:8308
- C:\Windows\System\ejgHCHU.exe
  C:\Windows\System\ejgHCHU.exe
  2⤵
  PID:8324
- C:\Windows\System\ckzNKdv.exe
  C:\Windows\System\ckzNKdv.exe
  2⤵
  PID:8344
- C:\Windows\System\YqKPJRT.exe
  C:\Windows\System\YqKPJRT.exe
  2⤵
  PID:8368
- C:\Windows\System\DaNvVeO.exe
  C:\Windows\System\DaNvVeO.exe
  2⤵
  PID:8392
- C:\Windows\System\PsHfXtJ.exe
  C:\Windows\System\PsHfXtJ.exe
  2⤵
  PID:8408
- C:\Windows\System\kBTHtVE.exe
  C:\Windows\System\kBTHtVE.exe
  2⤵
  PID:8428
- C:\Windows\System\KukKECz.exe
  C:\Windows\System\KukKECz.exe
  2⤵
  PID:8484
- C:\Windows\System\NUnBYcf.exe
  C:\Windows\System\NUnBYcf.exe
  2⤵
  PID:8500
- C:\Windows\System\TfposyW.exe
  C:\Windows\System\TfposyW.exe
  2⤵
  PID:8516
- C:\Windows\System\qlXZqja.exe
  C:\Windows\System\qlXZqja.exe
  2⤵
  PID:8536
- C:\Windows\System\UfPOjCf.exe
  C:\Windows\System\UfPOjCf.exe
  2⤵
  PID:8560
- C:\Windows\System\wrOfPIf.exe
  C:\Windows\System\wrOfPIf.exe
  2⤵
  PID:8576
- C:\Windows\System\YclAhDX.exe
  C:\Windows\System\YclAhDX.exe
  2⤵
  PID:8596
- C:\Windows\System\xfjyoLh.exe
  C:\Windows\System\xfjyoLh.exe
  2⤵
  PID:8612
- C:\Windows\System\dvzrRKk.exe
  C:\Windows\System\dvzrRKk.exe
  2⤵
  PID:8640
- C:\Windows\System\VjFMdoI.exe
  C:\Windows\System\VjFMdoI.exe
  2⤵
  PID:8656
- C:\Windows\System\NcLhvpE.exe
  C:\Windows\System\NcLhvpE.exe
  2⤵
  PID:8680
- C:\Windows\System\rmHpUuy.exe
  C:\Windows\System\rmHpUuy.exe
  2⤵
  PID:8696
- C:\Windows\System\MxeJdPf.exe
  C:\Windows\System\MxeJdPf.exe
  2⤵
  PID:8724
- C:\Windows\System\XRMUoNI.exe
  C:\Windows\System\XRMUoNI.exe
  2⤵
  PID:8740
- C:\Windows\System\KnsXWmD.exe
  C:\Windows\System\KnsXWmD.exe
  2⤵
  PID:8768
- C:\Windows\System\WAzMLQJ.exe
  C:\Windows\System\WAzMLQJ.exe
  2⤵
  PID:8784
- C:\Windows\System\YBuEDrY.exe
  C:\Windows\System\YBuEDrY.exe
  2⤵
  PID:8800
- C:\Windows\System\bcssTOb.exe
  C:\Windows\System\bcssTOb.exe
  2⤵
  PID:8816
- C:\Windows\System\MnPWSbJ.exe
  C:\Windows\System\MnPWSbJ.exe
  2⤵
  PID:8836
- C:\Windows\System\AxjOnXn.exe
  C:\Windows\System\AxjOnXn.exe
  2⤵
  PID:8852
- C:\Windows\System\jGDUkuT.exe
  C:\Windows\System\jGDUkuT.exe
  2⤵
  PID:8868
- C:\Windows\System\gMuEUcU.exe
  C:\Windows\System\gMuEUcU.exe
  2⤵
  PID:8908
- C:\Windows\System\waWBcfW.exe
  C:\Windows\System\waWBcfW.exe
  2⤵
  PID:8924
- C:\Windows\System\aAouijN.exe
  C:\Windows\System\aAouijN.exe
  2⤵
  PID:8940
- C:\Windows\System\yGCdtse.exe
  C:\Windows\System\yGCdtse.exe
  2⤵
  PID:8956
- C:\Windows\System\oAnFLwG.exe
  C:\Windows\System\oAnFLwG.exe
  2⤵
  PID:8976
- C:\Windows\System\ytnPNvg.exe
  C:\Windows\System\ytnPNvg.exe
  2⤵
  PID:8992
- C:\Windows\System\eTnPUWy.exe
  C:\Windows\System\eTnPUWy.exe
  2⤵
  PID:9012
- C:\Windows\System\pEUAnrs.exe
  C:\Windows\System\pEUAnrs.exe
  2⤵
  PID:9040
- C:\Windows\System\MEEIfok.exe
  C:\Windows\System\MEEIfok.exe
  2⤵
  PID:9056
- C:\Windows\System\jLnyOJy.exe
  C:\Windows\System\jLnyOJy.exe
  2⤵
  PID:9072
- C:\Windows\System\UxpLGQm.exe
  C:\Windows\System\UxpLGQm.exe
  2⤵
  PID:9092
- C:\Windows\System\jWmlUhr.exe
  C:\Windows\System\jWmlUhr.exe
  2⤵
  PID:9112
- C:\Windows\System\caXIxIo.exe
  C:\Windows\System\caXIxIo.exe
  2⤵
  PID:9132
- C:\Windows\System\PyidUZZ.exe
  C:\Windows\System\PyidUZZ.exe
  2⤵
  PID:9160
- C:\Windows\System\PPjAtSz.exe
  C:\Windows\System\PPjAtSz.exe
  2⤵
  PID:9176
- C:\Windows\System\AFnZYAe.exe
  C:\Windows\System\AFnZYAe.exe
  2⤵
  PID:9196
- C:\Windows\System\NseUBIV.exe
  C:\Windows\System\NseUBIV.exe
  2⤵
  PID:9212
- C:\Windows\System\SAPQAPg.exe
  C:\Windows\System\SAPQAPg.exe
  2⤵
  PID:8244
- C:\Windows\System\xkKuMdW.exe
  C:\Windows\System\xkKuMdW.exe
  2⤵
  PID:8316
- C:\Windows\System\QeTnUAV.exe
  C:\Windows\System\QeTnUAV.exe
  2⤵
  PID:8320
- C:\Windows\System\TwjBJav.exe
  C:\Windows\System\TwjBJav.exe
  2⤵
  PID:8400
- C:\Windows\System\yTYeTQD.exe
  C:\Windows\System\yTYeTQD.exe
  2⤵
  PID:8228
- C:\Windows\System\TskQHXD.exe
  C:\Windows\System\TskQHXD.exe
  2⤵
  PID:8452
- C:\Windows\System\uHTFDyA.exe
  C:\Windows\System\uHTFDyA.exe
  2⤵
  PID:8336
- C:\Windows\System\svAEIsO.exe
  C:\Windows\System\svAEIsO.exe
  2⤵
  PID:8052
- C:\Windows\System\PhNTRfV.exe
  C:\Windows\System\PhNTRfV.exe
  2⤵
  PID:7556
- C:\Windows\System\yzrwnFa.exe
  C:\Windows\System\yzrwnFa.exe
  2⤵
  PID:8264
- C:\Windows\System\SRdywUW.exe
  C:\Windows\System\SRdywUW.exe
  2⤵
  PID:8476
- C:\Windows\System\TdiuUhM.exe
  C:\Windows\System\TdiuUhM.exe
  2⤵
  PID:8388
- C:\Windows\System\rHXPYUV.exe
  C:\Windows\System\rHXPYUV.exe
  2⤵
  PID:8480
- C:\Windows\System\AQJqYuR.exe
  C:\Windows\System\AQJqYuR.exe
  2⤵
  PID:8548
- C:\Windows\System\CWbiHFr.exe
  C:\Windows\System\CWbiHFr.exe
  2⤵
  PID:8496
- C:\Windows\System\AzNxJhq.exe
  C:\Windows\System\AzNxJhq.exe
  2⤵
  PID:8604
- C:\Windows\System\vrUZDuv.exe
  C:\Windows\System\vrUZDuv.exe
  2⤵
  PID:8556
- C:\Windows\System\CqJHcEL.exe
  C:\Windows\System\CqJHcEL.exe
  2⤵
  PID:8588
- C:\Windows\System\xyZIfNL.exe
  C:\Windows\System\xyZIfNL.exe
  2⤵
  PID:8620
- C:\Windows\System\tABlhYC.exe
  C:\Windows\System\tABlhYC.exe
  2⤵
  PID:8636
- C:\Windows\System\fHNQUAO.exe
  C:\Windows\System\fHNQUAO.exe
  2⤵
  PID:8716
- C:\Windows\System\nCRKIzR.exe
  C:\Windows\System\nCRKIzR.exe
  2⤵
  PID:8360
- C:\Windows\System\VOGlUZy.exe
  C:\Windows\System\VOGlUZy.exe
  2⤵
  PID:8752
- C:\Windows\System\NRjnOOH.exe
  C:\Windows\System\NRjnOOH.exe
  2⤵
  PID:8832
- C:\Windows\System\YQrEJYl.exe
  C:\Windows\System\YQrEJYl.exe
  2⤵
  PID:8780
- C:\Windows\System\PHZeIyV.exe
  C:\Windows\System\PHZeIyV.exe
  2⤵
  PID:8848
- C:\Windows\System\oaDZHeA.exe
  C:\Windows\System\oaDZHeA.exe
  2⤵
  PID:8824
- C:\Windows\System\duIVHJx.exe
  C:\Windows\System\duIVHJx.exe
  2⤵
  PID:8892
- C:\Windows\System\MNNuewR.exe
  C:\Windows\System\MNNuewR.exe
  2⤵
  PID:8904
- C:\Windows\System\yHrqJgz.exe
  C:\Windows\System\yHrqJgz.exe
  2⤵
  PID:8932
- C:\Windows\System\mjPOiDr.exe
  C:\Windows\System\mjPOiDr.exe
  2⤵
  PID:8968
- C:\Windows\System\ZuYXWWF.exe
  C:\Windows\System\ZuYXWWF.exe
  2⤵
  PID:8920
- C:\Windows\System\lpzHehZ.exe
  C:\Windows\System\lpzHehZ.exe
  2⤵
  PID:9024
- C:\Windows\System\kWqFQEG.exe
  C:\Windows\System\kWqFQEG.exe
  2⤵
  PID:9032
- C:\Windows\System\TXaaugT.exe
  C:\Windows\System\TXaaugT.exe
  2⤵
  PID:9144
- C:\Windows\System\YrudPMC.exe
  C:\Windows\System\YrudPMC.exe
  2⤵
  PID:9108
- C:\Windows\System\iHOmYeb.exe
  C:\Windows\System\iHOmYeb.exe
  2⤵
  PID:9120
- C:\Windows\System\cTsyWnq.exe
  C:\Windows\System\cTsyWnq.exe
  2⤵
  PID:9184
- C:\Windows\System\yZOgTTc.exe
  C:\Windows\System\yZOgTTc.exe
  2⤵
  PID:9204
- C:\Windows\System\NVASTdV.exe
  C:\Windows\System\NVASTdV.exe
  2⤵
  PID:8288
- C:\Windows\System\gUYWgHY.exe
  C:\Windows\System\gUYWgHY.exe
  2⤵
  PID:8216
- C:\Windows\System\YvOxWvd.exe
  C:\Windows\System\YvOxWvd.exe
  2⤵
  PID:8164
- C:\Windows\System\OoMHVte.exe
  C:\Windows\System\OoMHVte.exe
  2⤵
  PID:8340
- C:\Windows\System\fILEsdN.exe
  C:\Windows\System\fILEsdN.exe
  2⤵
  PID:7680
- C:\Windows\System\FkgbqXM.exe
  C:\Windows\System\FkgbqXM.exe
  2⤵
  PID:8472
- C:\Windows\System\MtGHxWO.exe
  C:\Windows\System\MtGHxWO.exe
  2⤵
  PID:8420
- C:\Windows\System\osgjwZq.exe
  C:\Windows\System\osgjwZq.exe
  2⤵
  PID:8528
- C:\Windows\System\aVjPekH.exe
  C:\Windows\System\aVjPekH.exe
  2⤵
  PID:8584
- C:\Windows\System\FomdzuI.exe
  C:\Windows\System\FomdzuI.exe
  2⤵
  PID:8676
- C:\Windows\System\RjwtShj.exe
  C:\Windows\System\RjwtShj.exe
  2⤵
  PID:8764
- C:\Windows\System\almYjBD.exe
  C:\Windows\System\almYjBD.exe
  2⤵
  PID:8672
- C:\Windows\System\oveKnxh.exe
  C:\Windows\System\oveKnxh.exe
  2⤵
  PID:8692
- C:\Windows\System\mBSqvte.exe
  C:\Windows\System\mBSqvte.exe
  2⤵
  PID:8880
- C:\Windows\System\iYPJRIv.exe
  C:\Windows\System\iYPJRIv.exe
  2⤵
  PID:8896
- C:\Windows\System\CjWjzat.exe
  C:\Windows\System\CjWjzat.exe
  2⤵
  PID:9192
- C:\Windows\System\YHgeWEE.exe
  C:\Windows\System\YHgeWEE.exe
  2⤵
  PID:8948
- C:\Windows\System\bwoGhuT.exe
  C:\Windows\System\bwoGhuT.exe
  2⤵
  PID:9140
- C:\Windows\System\CnGFQLw.exe
  C:\Windows\System\CnGFQLw.exe
  2⤵
  PID:9100
- C:\Windows\System\hcxwbUt.exe
  C:\Windows\System\hcxwbUt.exe
  2⤵
  PID:9104
- C:\Windows\System\wCCIWgd.exe
  C:\Windows\System\wCCIWgd.exe
  2⤵
  PID:8356
- C:\Windows\System\dUPYjPS.exe
  C:\Windows\System\dUPYjPS.exe
  2⤵
  PID:8464
- C:\Windows\System\qDHtsBZ.exe
  C:\Windows\System\qDHtsBZ.exe
  2⤵
  PID:8384
- C:\Windows\System\hNzlvDz.exe
  C:\Windows\System\hNzlvDz.exe
  2⤵
  PID:8544
- C:\Windows\System\VJEYksU.exe
  C:\Windows\System\VJEYksU.exe
  2⤵
  PID:8512
- C:\Windows\System\UEyYQlp.exe
  C:\Windows\System\UEyYQlp.exe
  2⤵
  PID:8668
- C:\Windows\System\sZvhetV.exe
  C:\Windows\System\sZvhetV.exe
  2⤵
  PID:8760
- C:\Windows\System\bypUMSj.exe
  C:\Windows\System\bypUMSj.exe
  2⤵
  PID:8964
- C:\Windows\System\RYqoGAS.exe
  C:\Windows\System\RYqoGAS.exe
  2⤵
  PID:8776
- C:\Windows\System\RquivKL.exe
  C:\Windows\System\RquivKL.exe
  2⤵
  PID:9068
- C:\Windows\System\ZscORlq.exe
  C:\Windows\System\ZscORlq.exe
  2⤵
  PID:7600
- C:\Windows\System\QpoyPRX.exe
  C:\Windows\System\QpoyPRX.exe
  2⤵
  PID:9148
- C:\Windows\System\PGuPlZm.exe
  C:\Windows\System\PGuPlZm.exe
  2⤵
  PID:8268
- C:\Windows\System\kQpjEzM.exe
  C:\Windows\System\kQpjEzM.exe
  2⤵
  PID:8888
- C:\Windows\System\nOwMaiz.exe
  C:\Windows\System\nOwMaiz.exe
  2⤵
  PID:9088
- C:\Windows\System\MhmQKdl.exe
  C:\Windows\System\MhmQKdl.exe
  2⤵
  PID:9208
- C:\Windows\System\DvSCegA.exe
  C:\Windows\System\DvSCegA.exe
  2⤵
  PID:8864
- C:\Windows\System\BieSRsa.exe
  C:\Windows\System\BieSRsa.exe
  2⤵
  PID:8628
- C:\Windows\System\AioiDvo.exe
  C:\Windows\System\AioiDvo.exe
  2⤵
  PID:9008
- C:\Windows\System\pfnoCJy.exe
  C:\Windows\System\pfnoCJy.exe
  2⤵
  PID:9004
- C:\Windows\System\ZOdUrnb.exe
  C:\Windows\System\ZOdUrnb.exe
  2⤵
  PID:9228
- C:\Windows\System\psVXxyU.exe
  C:\Windows\System\psVXxyU.exe
  2⤵
  PID:9244
- C:\Windows\System\ODpIWRs.exe
  C:\Windows\System\ODpIWRs.exe
  2⤵
  PID:9264
- C:\Windows\System\KUPxEGz.exe
  C:\Windows\System\KUPxEGz.exe
  2⤵
  PID:9280
- C:\Windows\System\nfrpxyd.exe
  C:\Windows\System\nfrpxyd.exe
  2⤵
  PID:9300
- C:\Windows\System\hkgKxHQ.exe
  C:\Windows\System\hkgKxHQ.exe
  2⤵
  PID:9320
- C:\Windows\System\ITqOMdg.exe
  C:\Windows\System\ITqOMdg.exe
  2⤵
  PID:9340
- C:\Windows\System\jucVpGx.exe
  C:\Windows\System\jucVpGx.exe
  2⤵
  PID:9360
- C:\Windows\System\OvViPue.exe
  C:\Windows\System\OvViPue.exe
  2⤵
  PID:9380
- C:\Windows\System\Afcctsb.exe
  C:\Windows\System\Afcctsb.exe
  2⤵
  PID:9400
- C:\Windows\System\oxlXGzz.exe
  C:\Windows\System\oxlXGzz.exe
  2⤵
  PID:9416
- C:\Windows\System\Zudpeuj.exe
  C:\Windows\System\Zudpeuj.exe
  2⤵
  PID:9432
- C:\Windows\System\uIgLRwY.exe
  C:\Windows\System\uIgLRwY.exe
  2⤵
  PID:9456
- C:\Windows\System\GloirBU.exe
  C:\Windows\System\GloirBU.exe
  2⤵
  PID:9472
- C:\Windows\System\hgbbZNm.exe
  C:\Windows\System\hgbbZNm.exe
  2⤵
  PID:9488
- C:\Windows\System\qzesIrA.exe
  C:\Windows\System\qzesIrA.exe
  2⤵
  PID:9504
- C:\Windows\System\lYSndQN.exe
  C:\Windows\System\lYSndQN.exe
  2⤵
  PID:9524
- C:\Windows\System\URItNMB.exe
  C:\Windows\System\URItNMB.exe
  2⤵
  PID:9540
- C:\Windows\System\XdkVogW.exe
  C:\Windows\System\XdkVogW.exe
  2⤵
  PID:9556
- C:\Windows\System\UeyJhvZ.exe
  C:\Windows\System\UeyJhvZ.exe
  2⤵
  PID:9576
- C:\Windows\System\VngDsfB.exe
  C:\Windows\System\VngDsfB.exe
  2⤵
  PID:9592
- C:\Windows\System\svHZsZS.exe
  C:\Windows\System\svHZsZS.exe
  2⤵
  PID:9608
- C:\Windows\System\HaCBmEw.exe
  C:\Windows\System\HaCBmEw.exe
  2⤵
  PID:9624
- C:\Windows\System\FGLNEZd.exe
  C:\Windows\System\FGLNEZd.exe
  2⤵
  PID:9640
- C:\Windows\System\qAQDDnp.exe
  C:\Windows\System\qAQDDnp.exe
  2⤵
  PID:9660
- C:\Windows\System\BgwZycw.exe
  C:\Windows\System\BgwZycw.exe
  2⤵
  PID:9716
- C:\Windows\System\cOHlhqW.exe
  C:\Windows\System\cOHlhqW.exe
  2⤵
  PID:9736
- C:\Windows\System\wVhlTMS.exe
  C:\Windows\System\wVhlTMS.exe
  2⤵
  PID:9752
- C:\Windows\System\ndcpQak.exe
  C:\Windows\System\ndcpQak.exe
  2⤵
  PID:9772
- C:\Windows\System\rdcDEmL.exe
  C:\Windows\System\rdcDEmL.exe
  2⤵
  PID:9788
- C:\Windows\System\wspDIFf.exe
  C:\Windows\System\wspDIFf.exe
  2⤵
  PID:9808
- C:\Windows\System\FNXEDLm.exe
  C:\Windows\System\FNXEDLm.exe
  2⤵
  PID:9824
- C:\Windows\System\ntMaBpJ.exe
  C:\Windows\System\ntMaBpJ.exe
  2⤵
  PID:9840
- C:\Windows\System\oEhpUOp.exe
  C:\Windows\System\oEhpUOp.exe
  2⤵
  PID:9856
- C:\Windows\System\yqhzphW.exe
  C:\Windows\System\yqhzphW.exe
  2⤵
  PID:9872
- C:\Windows\System\JjNrGDz.exe
  C:\Windows\System\JjNrGDz.exe
  2⤵
  PID:9888
- C:\Windows\System\MzXxPXY.exe
  C:\Windows\System\MzXxPXY.exe
  2⤵
  PID:9904
- C:\Windows\System\WmgsLiY.exe
  C:\Windows\System\WmgsLiY.exe
  2⤵
  PID:9920
- C:\Windows\System\ZsrbwbC.exe
  C:\Windows\System\ZsrbwbC.exe
  2⤵
  PID:9936
- C:\Windows\System\NqlvSbe.exe
  C:\Windows\System\NqlvSbe.exe
  2⤵
  PID:9952
- C:\Windows\System\nUAryEj.exe
  C:\Windows\System\nUAryEj.exe
  2⤵
  PID:9968
- C:\Windows\System\DElmJMe.exe
  C:\Windows\System\DElmJMe.exe
  2⤵
  PID:9984
- C:\Windows\System\CFiEVhm.exe
  C:\Windows\System\CFiEVhm.exe
  2⤵
  PID:10000
- C:\Windows\System\dIPrLeR.exe
  C:\Windows\System\dIPrLeR.exe
  2⤵
  PID:10016
- C:\Windows\System\qPbHCGV.exe
  C:\Windows\System\qPbHCGV.exe
  2⤵
  PID:10032
- C:\Windows\System\ohSpFaj.exe
  C:\Windows\System\ohSpFaj.exe
  2⤵
  PID:10048
- C:\Windows\System\VRXeZhS.exe
  C:\Windows\System\VRXeZhS.exe
  2⤵
  PID:10064
- C:\Windows\System\PuNORsT.exe
  C:\Windows\System\PuNORsT.exe
  2⤵
  PID:10080
- C:\Windows\System\pgKcdZS.exe
  C:\Windows\System\pgKcdZS.exe
  2⤵
  PID:10096
- C:\Windows\System\ZDqgxEA.exe
  C:\Windows\System\ZDqgxEA.exe
  2⤵
  PID:10112
- C:\Windows\System\QviKiEP.exe
  C:\Windows\System\QviKiEP.exe
  2⤵
  PID:10128
- C:\Windows\System\eAyNpRs.exe
  C:\Windows\System\eAyNpRs.exe
  2⤵
  PID:10148
- C:\Windows\System\YQwdTNc.exe
  C:\Windows\System\YQwdTNc.exe
  2⤵
  PID:10164
- C:\Windows\System\WqmMDGC.exe
  C:\Windows\System\WqmMDGC.exe
  2⤵
  PID:10180
- C:\Windows\System\eCUoXzQ.exe
  C:\Windows\System\eCUoXzQ.exe
  2⤵
  PID:10196
- C:\Windows\System\otHEeru.exe
  C:\Windows\System\otHEeru.exe
  2⤵
  PID:10212
- C:\Windows\System\ifwGMbl.exe
  C:\Windows\System\ifwGMbl.exe
  2⤵
  PID:10228
- C:\Windows\System\JCJGbrM.exe
  C:\Windows\System\JCJGbrM.exe
  2⤵
  PID:9236
- C:\Windows\System\legiEyQ.exe
  C:\Windows\System\legiEyQ.exe
  2⤵
  PID:9260
- C:\Windows\System\ajMylaC.exe
  C:\Windows\System\ajMylaC.exe
  2⤵
  PID:9276
- C:\Windows\System\fqVYcBR.exe
  C:\Windows\System\fqVYcBR.exe
  2⤵
  PID:9296
- C:\Windows\System\bqzutKH.exe
  C:\Windows\System\bqzutKH.exe
  2⤵
  PID:9352
- C:\Windows\System\nSfKLda.exe
  C:\Windows\System\nSfKLda.exe
  2⤵
  PID:9328
- C:\Windows\System\ZZtfBsG.exe
  C:\Windows\System\ZZtfBsG.exe
  2⤵
  PID:9388
- C:\Windows\System\WuuvHSZ.exe
  C:\Windows\System\WuuvHSZ.exe
  2⤵
  PID:9428
- C:\Windows\System\awXppCA.exe
  C:\Windows\System\awXppCA.exe
  2⤵
  PID:9448
- C:\Windows\System\LFfGCVx.exe
  C:\Windows\System\LFfGCVx.exe
  2⤵
  PID:9500
- C:\Windows\System\btNSpom.exe
  C:\Windows\System\btNSpom.exe
  2⤵
  PID:9512
- C:\Windows\System\zvPmoGd.exe
  C:\Windows\System\zvPmoGd.exe
  2⤵
  PID:9564
- C:\Windows\System\AhYzRxb.exe
  C:\Windows\System\AhYzRxb.exe
  2⤵
  PID:9548
- C:\Windows\System\dykllJK.exe
  C:\Windows\System\dykllJK.exe
  2⤵
  PID:9632
- C:\Windows\System\askWyLo.exe
  C:\Windows\System\askWyLo.exe
  2⤵
  PID:9620
- C:\Windows\System\eMkxavz.exe
  C:\Windows\System\eMkxavz.exe
  2⤵
  PID:9656
- C:\Windows\System\XshsOID.exe
  C:\Windows\System\XshsOID.exe
  2⤵
  PID:9652
- C:\Windows\System\bQctSGl.exe
  C:\Windows\System\bQctSGl.exe
  2⤵
  PID:9692
- C:\Windows\System\FEsHSQA.exe
  C:\Windows\System\FEsHSQA.exe
  2⤵
  PID:9708
- C:\Windows\System\MnaenNC.exe
  C:\Windows\System\MnaenNC.exe
  2⤵
  PID:9748
- C:\Windows\System\CVsgScL.exe
  C:\Windows\System\CVsgScL.exe
  2⤵
  PID:9784
- C:\Windows\System\LUYQqXY.exe
  C:\Windows\System\LUYQqXY.exe
  2⤵
  PID:9800
- C:\Windows\System\CEvUJit.exe
  C:\Windows\System\CEvUJit.exe
  2⤵
  PID:9852
- C:\Windows\System\khkHubH.exe
  C:\Windows\System\khkHubH.exe
  2⤵
  PID:9912
- C:\Windows\System\bbyqBjD.exe
  C:\Windows\System\bbyqBjD.exe
  2⤵
  PID:9896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AqBEebt.exe

Filesize
6.0MB

MD5
b0a0999013d5ca5370d98f7210314a7e

SHA1
918688407d38747ac257f8914a5357bab6646fc3

SHA256
4a075e0434ef1436a8587267a3be08f10e117e2e220b3e69791f0d744b08b77d

SHA512
facf8a15900f013633c05e2a49ae1ebc2bebcc79e203e0d215e3b64f128b63e1b1b410b33a676e0ba8739cf330d608d3f65810b67112cda7a3be079de5d9737f

Download Submit
C:\Windows\system\BUyRrbv.exe

Filesize
6.0MB

MD5
b8b0095b9863c6f2ff3f2e42cce860bf

SHA1
b3a8a3b8ad7d322cb2d8a275f8ca33b4d09021e0

SHA256
0e62df5483c97e59b38ba9f9b06ac9c2ed80e651303547931356ab61ac1b24c3

SHA512
288e12ae2db745519b395a2f3e9e4d20c3c15b86ef9f41deb72e1514c3e2f66405352e2daa2d4144e96988f48cd3d63b224a364027a2d1378320fdccab69780d

Download Submit
C:\Windows\system\CBTTcqC.exe

Filesize
6.0MB

MD5
53947431afae22e938098aba78f8f7a7

SHA1
da1c875ada8cd2ce18d55ba1b743b7912b8d2598

SHA256
7257fa2709167800a81303a520b4ef2782fedf871caeb189d7f8e924190bbab1

SHA512
c0510cc9fabaf3e53d146fd0963c758cc8911d26c6db5d196a50e66572f8b2613f02202426b55fc7b34ec0ba2910933797273676083f3463cea436dcb4b27636

Download Submit
C:\Windows\system\CJlQYdr.exe

Filesize
6.0MB

MD5
65710c083a05d1fc574f3865c6ac33b4

SHA1
cacbc8808cb069a83e6ec83ce382ab481d14e759

SHA256
39fd8507cd841d9a4ce99b1cdf5480fd8141152928f6753def89e055670ae401

SHA512
9f776a0476825303225ce953e2d8bcc9eddb1fbdff085e0bccff55fb33f2b8d648c7a19876c937dfbec2ce2d5f7acae57cfdc9976400c0b6a3e060fa327ac265

Download Submit
C:\Windows\system\KYugqfQ.exe

Filesize
6.0MB

MD5
c8c2486f92e84618beebffbd893bbe50

SHA1
f9be2e458647e0762f2570890a836e9586a690ec

SHA256
ce33ad0519fd19274ac436ff9647c229316ef1bfbbe68757d02405fc962fdeda

SHA512
910afca3831d6814319306d7197960bf67c0c44ed5d6a6033632bb96887b5b342c27e8920e3e75b6c4f43518686beaabef033f870152b4b85079f9677d7c4322

Download Submit
C:\Windows\system\OCHwvlj.exe

Filesize
6.0MB

MD5
11f28fd75d9f6b7197d1f8a7854b84d6

SHA1
2018fd2b415c1dce081e0ef391d85978b24627d0

SHA256
e258d517232a610894fccd642b1a03d811511503833c68084101030a790e166a

SHA512
58a1cd9ed982c044f51e6518e53c021608b5fe425e68a90d11cb753470cfd516ee3f1b8da480418359bad048bfc51b6dc551e2d3c950d540a84f4b2b5fc5d863

Download Submit
C:\Windows\system\QKbwOUh.exe

Filesize
6.0MB

MD5
d753e160d565dda60abe0463e2eea3f0

SHA1
f8e38d1f57eb76ce5147e6fc179c142434ae7453

SHA256
1fc1d98bd9c85e33faf4ac2919cb766ea3ac2bf9ac20d588fd8953985f884bfe

SHA512
3a19621f35433b447ee93ad846dc05aab9624880d1851e6b9d1ca0e1373f7e194e4ed470b1aa8adfc2c5f6796f61dfff77034dbd463938467295d36d2c69a6e7

Download Submit
C:\Windows\system\QvfXwzq.exe

Filesize
6.0MB

MD5
a95e7b0bf56caa41731a0c8d1b37ad67

SHA1
9e4734097024c23e8b6803ad18761de1691c3865

SHA256
d5ecb53a3be93e5778df1907a0a323053dec606de582578724ce0e908876db3d

SHA512
fbf77bd9b59ae242a6d61dadb05edcf12a652bdc5a6965d4a58684d0665fd396ed6e172109fc3271dd30d5d6f79f2d61ab53f778f9b2d725e46225f91dee927c

Download Submit
C:\Windows\system\RDcUDdw.exe

Filesize
6.0MB

MD5
a4efe10956e54dd2601b8f658e78cbae

SHA1
a5c69795a80edeb94ab505ad30afa2bd66d11b42

SHA256
dfa8ccf8fb33fba868e668ee8d91ae2cc7bc97280148dbd499748a6a893b06c2

SHA512
a9ef9498c92ab00bc8fc7b7aff1aac2d02aa871757885658ba1898fe9d3037e413b1d287fae637ae3698d6ada2c9a7f071101692b6b333e45f68166426381f61

Download Submit
C:\Windows\system\RZUAPMd.exe

Filesize
6.0MB

MD5
cb08737a9c2bc3d55e5b32dffd6c0372

SHA1
7f3b667717ab285b7e780830f2565dc980d2d6a9

SHA256
8f7c0b77a5022f1516fcef16451dfd49c205775b8ba4090976703d2148fe3695

SHA512
f7f70f7e9f943675b5db45b7e05d346d60bf94392a81f53e39a0860f6aa23fd96aaf61c17244f31673265279a8882b6804b2378688c1dd1a9104317c520b1e8e

Download Submit
C:\Windows\system\RejYvfC.exe

Filesize
6.0MB

MD5
e07986ca1d887dd894835fc9c1805285

SHA1
56a6211da5d200ecc71d5eb1bb21487761e11605

SHA256
7f4786e603c1a9047a7bde34045b0d9f140fd2e9acf81fc51fabc2cc42df3821

SHA512
e60af637b279ce803467e26cd93b4a3322700f6bdd5c59b7c7669b7add7a0e6309425e1aef6bb15d286eaa1191ffebfe5f7532ac11cd3c186b05753270881ed1

Download Submit
C:\Windows\system\UqxeAwe.exe

Filesize
6.0MB

MD5
5e19dae29cce41b21848bd7ae80015b3

SHA1
a10fa581ae2d31bde84c2753610a7cdaaf3724c7

SHA256
3608f0b59ab19ba6c449f6747d80785f43253453bb46fa8b73d7f9c4a83620d6

SHA512
3830da47d6025613b25cb7b836d1e4e295112e14b337505bf4ff61e5855eecdcc58d6ddb21f696f6c0ae0aeafdbc1e90cec50b7693c0c7c60398360c4727d9c1

Download Submit
C:\Windows\system\VYAvyjC.exe

Filesize
6.0MB

MD5
b06b8c363d012a04dc246ff1c454f654

SHA1
7ffaa07523e875aba3952da9fc452442761e8640

SHA256
93b7e4949568fb1ce2c601f2552a7bbdaab6fa00db1a480265795bce55deed99

SHA512
1dbb65239c0a907aebcc2af05e0ce30f6c84c0554b8706f06620ccbf82a633541110244299ca0e952691ac574ca51d0d42ca25b6a66035412b112cc01291aa48

Download Submit
C:\Windows\system\VgaWpFT.exe

Filesize
6.0MB

MD5
e922e4d285867444a701e11c35d88109

SHA1
959c0a1cb4ad099d2e5c6b6bdf5af0f5dfec3665

SHA256
375d2551c9b5832eafcaa283a306a361f1590bbedda8655f869c21c5f577ea5c

SHA512
242cec54359e1e6dbd0ca183bd569a5e6316d0582d28ac365dc030208bcb9d3e7b20782f917612828e2dbff8d5d44e7c6e4e0342747d34745c9154f17b90c5db

Download Submit
C:\Windows\system\YVdHaPX.exe

Filesize
6.0MB

MD5
990cd3d92e786ff726b293896593ffef

SHA1
185892473ce62697e95af625be8059795eb2bf5d

SHA256
189e1e7688c2ae92f8f9b0e4b85de85b26d02742b5428c0580a0cea9c574968d

SHA512
f5244931ffd52ec07275699fb097c7a87bd88ac0b15dabae02f44efe0faa4ad4f5212f3f4d546c313bc8b83b52d608866f2f158b7ce994cf9989ea96f9596b56

Download Submit
C:\Windows\system\ZkwcJKL.exe

Filesize
6.0MB

MD5
e2ba9484e08ed00aa52c40805b84a22e

SHA1
f508362d18a3b1a4ae372b211d75a88d4f8418fd

SHA256
8decdd027d5fa992efd8b878f87d24656fed6447145b90540818e77b836f2762

SHA512
10a3893b032102b083676d7d5fed968629273457d55c40716272499b60f036ab7f0190c6fc4a93327ca902e7efea4f6ab7a61d49211daee690fb14d7488a0fec

Download Submit
C:\Windows\system\eBQPfBT.exe

Filesize
6.0MB

MD5
2bc8d9ad828795371c35674b089812d3

SHA1
ab32815d72343f948d59ddc89f1476ed2adb78e5

SHA256
483ec51495b92f59e58d14e744af230bc2959b09991df4455f576ce79b76750c

SHA512
474d051c306429bfdec80e1324607e7c7958fb75209dd6e10840aa1af7bfe9ac8d066dcfbba5f682fb26aedacfb99bb6da26f8acf636e0271a925d71761b2e11

Download Submit
C:\Windows\system\fVKwmAo.exe

Filesize
6.0MB

MD5
0e55f3907a9fd9e4b27cf427788162a4

SHA1
4b1bd52183a4635b653161f5000d49a5f391f0b8

SHA256
61142ae77b429259b63d77e3d8d8c2ea1c824db5b552f266913621214ca35010

SHA512
3e058c1f75d21339a8fa88840ce60d2a6878701f4864ef6787e643fb8d09a277ad1461e17849f6443701a4b49a53be89eaa57b27d33a1a0699cc9c6fabac2239

Download Submit
C:\Windows\system\hLiwztt.exe

Filesize
6.0MB

MD5
1b56bf04e73c090a76e407513d1e75c7

SHA1
3c389c589627d8b3b55ad8609416357bd8ddadf3

SHA256
f043527f12112f9fa18dbb0c525afdadf27311f69dc1ba8261b1a871f40f6f49

SHA512
7ff2f8c38ddcc6ab843cad2f03feaf3bb0d955cf2dea01a256efeab3cbdd52825ef6273e49e98fd2b0f65007b01ef1641c3ff743dfd5981d24c969e38022fe04

Download Submit
C:\Windows\system\heozKdw.exe

Filesize
6.0MB

MD5
690b94649eff8d4528c5809f15d41069

SHA1
a9dc6707004baeb2b1d02c6940de03e290eaedd5

SHA256
d9a05e47ad4d1d1172dd74ea4a1f1c8669eb5762fdc7fca4f79f697ff680cbf1

SHA512
b807b43bbb0a995174c3750a1c5e3bbdfdca270fde442dcbf7258f27a9e4228540c409ee073d1eea905b7f053afc7adc8c401da81ed88ccb4a0f9e1c8d65b8c6

Download Submit
C:\Windows\system\jyDbIRa.exe

Filesize
6.0MB

MD5
39868013db65f5a2adb141fb594d356e

SHA1
a645f4cb320ae0ae3f1e0ec9aaca34c2dfb6c4cb

SHA256
5d35c5ec388ee946b62bf50e054f5e696b08a8b571b15b17f163e7b7df10a929

SHA512
09734510bfbfe2fd88f01155c9fe661d3b57eff718cb9194dc841e23de2fea48aef46e15f4bfde7827b6cee6a289d2e1433c2fb1dbebd1c54087b54a1749f0d7

Download Submit
C:\Windows\system\lzlUKgz.exe

Filesize
6.0MB

MD5
8961b8375acbf00b09cae6dbb087981c

SHA1
faf62ffe626abf1beb8fd00f684eb05e9b297d6a

SHA256
db5edaca79535c215c2cff133bbf0495f5c9a9651e549b5124fa9b71684a5959

SHA512
af9427bf743f480853d0dcfe57065ea0ec144b1800883060ae4d377dd359e838be46b881bbf05c7ec3b330336194b67a93ebefdfade0de761ffc3b68d2a3c976

Download Submit
C:\Windows\system\puZFlhe.exe

Filesize
6.0MB

MD5
4742c5111684aed16d9738e850af6d15

SHA1
bce02f017de45cd8051fc439ba1f88c9ba30851f

SHA256
474c4b563b87355dee5fc4537987b329e8f04a98912ddf36dc98930d95d4351a

SHA512
4c8d53e03ff76f62484bfe1ba7a5d7a6df9aa7b63f9be59160a2674b435ee75f765cfedde41a1236f389160aed45d5405f3c98e2ee48ddafa6d6b5f868a2fa4a

Download Submit
C:\Windows\system\qRCJUPX.exe

Filesize
6.0MB

MD5
f03b36aa2605f9198c11a3da8e030e84

SHA1
8f72526f59c97239aa434240e59ed239d00e5369

SHA256
fb72544fe6ffc00846a9fc9d5fc6bdedce869775d324dfec5be354bc604dca67

SHA512
d4ad080ee69ab39c1919fa71398c03a8b757384632b34d85f693ffb5f00da651f26376e56d0f31eeab74ff6f0415a43a1e636701f98d7bed2ab5870160ef4901

Download Submit
C:\Windows\system\wKCsbtC.exe

Filesize
6.0MB

MD5
42329eae417a34a655087b4a8186dd21

SHA1
e8186c4765a54f7be27f02f78ffae4ba55e08efd

SHA256
90ab2f68905322834a1df4b76b7817b8b99ca9dda96ca640c605cd6c4ae60103

SHA512
693e2320dcb5ea77fb1479ee611d981e82f5cb0d304d3b20d6d5614100d2faf11bcf1e4cb15778ce5f0afeb0dc3431ae8619feedb71d95abeb1ec6dde9980155

Download Submit
C:\Windows\system\wONzGXq.exe

Filesize
6.0MB

MD5
4635afdcdcc61c8f84a20148609e41c0

SHA1
ed63b90a6bc9fd79c898a4dd2bee2e88281ff794

SHA256
00a95183b77e410caf8ff051e479125cb7ad5bba74e2b22f3285b9cc3d815602

SHA512
fcf36ada68224c6f173d81da684efa0e99e517dcec91d7409c5eeba92be456cd26613271a1c8d9e1e5a081245e2f25c42d347e703f4973d9190b4bf4476a1b8d

Download Submit
C:\Windows\system\xRWLsRc.exe

Filesize
6.0MB

MD5
e36673d6cae99d7a117fef12d7a3af9a

SHA1
889069b1a1c67dff35307cd0d69beebf97d7954f

SHA256
f21a8d94178f6547c226e35c1ff09bd9f141edfd05babbbcbc5854fa017213bb

SHA512
5a6636fca8eef56866c4a2b3137a4fc1a997deb8a65efbeb1d783ed6bbfc548396e1e4c03673e57b310a4bd83e49e41e031ac981cc46f62febb6b3bf36449707

Download Submit
C:\Windows\system\xwIKcxq.exe

Filesize
6.0MB

MD5
6f752d06780a0ccded8461a85fe02501

SHA1
188fb9177ae8f3e1ee6d3c5144fb1c6e43ff4479

SHA256
2d35bb91e77ab62649c595e34528a60fe60a284d56e37b770be72bcc99ca5da1

SHA512
93c7e8e270cc95a4a41e153254b3610446db0dd2d0559bc0a47786deb381a2821fd4811335a5f0f393eeaebaa6c55aba63d498a3a24eda04d5fcec0342a3edb2

Download Submit
\Windows\system\NnjckVI.exe

Filesize
6.0MB

MD5
926cadb0201e536ea05047688e2223b0

SHA1
77bfaf2149f96512efa784538bface0719099aff

SHA256
c868fb85818a14c7346d9e58a10a93da663ff892875a278b7292865f535b1220

SHA512
b29c09e1a43b5c9ef245a045d81f7f4a3c96f16b4bab9f48b9311001502a21b1b2a6fe89a213a2872d1cd512d640a700db87b1e010d5f42f80560b748b0182ee

Download Submit
\Windows\system\OyntHos.exe

Filesize
6.0MB

MD5
a93e2933ce01ef36c08d3987035a9fb4

SHA1
d431a2fcb3bbf79c256472e146c7529d0063008c

SHA256
45b0d953a93fea1634dc0a03eabb87ded1df92cbab2e501cf65a81a523603ecd

SHA512
97b7934fdb75ba38755a9e9259b47637a9de058337299cc29edea433de761a7d377626b4f1c99ac2a331c7afe06423dbd86a69e85641f78b30171333de26e06a

Download Submit
\Windows\system\fbvgYYH.exe

Filesize
6.0MB

MD5
e0038084c8fb9631fc529f450f78dba9

SHA1
21981afd06588c775cd5c17abeebdb2a87fd29cc

SHA256
34f3a75e5ea54b86c5182046566dd229fd3c18076d79464d0481de0e0ac33c3b

SHA512
fdc9b19e934cfc43d1567e357361c8ac10441302f07f09d5c53182551647960304e4b2bb13bc217537926cd36806701880bed32e74532ec8b7bcea6f2f78c6ef

Download Submit
\Windows\system\tUQQvjp.exe

Filesize
6.0MB

MD5
dd18f36a594435201a80cd398c80a843

SHA1
f367efd05a1592926222cac97261167777192918

SHA256
92af3d27147776ba9181903c9b90d15507fd369de6c982946556d9012b71f2a1

SHA512
cc80619e3daa39090e0c257a78e3821aa310270fd64d971e56db6501da617dba696970bbf0486217c49bce91d14f58949f6a5371566796f7e863b19758477c92

Download Submit
memory/576-242-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/576-13-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/576-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/576-41-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/576-44-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/576-52-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/576-64-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/576-70-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/576-9-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/576-89-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/576-417-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/576-91-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/576-310-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/576-0-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/576-93-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/576-20-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-109-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/576-29-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/576-32-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/576-167-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/576-79-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/576-110-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/776-90-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/776-311-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/776-1743-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/864-88-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/864-1677-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/864-42-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/976-71-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/976-1730-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/976-168-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1348-1744-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-103-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-312-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1741-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-92-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-2023-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2460-16-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2620-65-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1691-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1612-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2748-30-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1699-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2752-104-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2752-57-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2796-102-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1672-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2796-53-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2832-1584-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-15-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-23-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1590-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-66-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1649-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-37-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-80-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/3040-1726-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download