cobaltstrike | 1544fcf2c4b38b84f562c3a707bd45728684767052097240d2ee9a0786875b44

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

919f33f8f73d067583feb9c6172bc4b2
SHA1

6d1b61e50ea3da98cf1bfb5a68dc3f82bc4c8179
SHA256

1544fcf2c4b38b84f562c3a707bd45728684767052097240d2ee9a0786875b44
SHA512

190e434bfdb9243b04ecbc7257444027e50124dad18a605224912e1dac3b654a5fc0ff43378e6d6a1badde644412f0d21f5a7e81f7198d56e3a1c75ce33958e6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUq:T+q56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016593-12.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000167dc-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c3d-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd3-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca2-31.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cfe-47.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739a-59.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-79.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747b-87.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001748f-91.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-127.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-123.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-111.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-100.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-103.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017409-83.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fb-75.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173e4-71.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173aa-67.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739c-63.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001620e-52.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d0b-55.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1992-0-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016593-12.dat	xmrig
behavioral1/files/0x00080000000167dc-16.dat	xmrig
behavioral1/files/0x0008000000016c3d-23.dat	xmrig
behavioral1/memory/2416-24-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2344-36-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd3-37.dat	xmrig
behavioral1/memory/1992-33-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/1196-32-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ca2-31.dat	xmrig
behavioral1/memory/1784-30-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2956-29-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2820-43-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cfe-47.dat	xmrig
behavioral1/files/0x000600000001739a-59.dat	xmrig
behavioral1/files/0x0006000000017403-79.dat	xmrig
behavioral1/files/0x000600000001747b-87.dat	xmrig
behavioral1/files/0x000600000001748f-91.dat	xmrig
behavioral1/files/0x0009000000018678-105.dat	xmrig
behavioral1/files/0x0005000000019229-139.dat	xmrig
behavioral1/memory/2612-878-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/1992-880-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2652-891-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2956-1059-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/1992-1057-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/1992-2082-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/1976-889-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2636-887-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2604-885-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2768-883-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2628-881-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2256-879-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001924c-147.dat	xmrig
behavioral1/files/0x0005000000019234-143.dat	xmrig
behavioral1/files/0x00050000000191f7-131.dat	xmrig
behavioral1/files/0x0005000000019218-136.dat	xmrig
behavioral1/files/0x00050000000191f3-127.dat	xmrig
behavioral1/files/0x00060000000190d6-123.dat	xmrig
behavioral1/files/0x00060000000190cd-119.dat	xmrig
behavioral1/files/0x000500000001879b-115.dat	xmrig
behavioral1/files/0x0005000000018690-111.dat	xmrig
behavioral1/files/0x000600000001752f-100.dat	xmrig
behavioral1/files/0x001500000001866d-103.dat	xmrig
behavioral1/files/0x00060000000174ac-95.dat	xmrig
behavioral1/files/0x0006000000017409-83.dat	xmrig
behavioral1/files/0x00060000000173fb-75.dat	xmrig
behavioral1/files/0x00060000000173e4-71.dat	xmrig
behavioral1/files/0x00060000000173aa-67.dat	xmrig
behavioral1/files/0x000600000001739c-63.dat	xmrig
behavioral1/files/0x000800000001620e-52.dat	xmrig
behavioral1/files/0x0009000000016d0b-55.dat	xmrig
behavioral1/memory/2612-3522-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2344-3521-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2416-3520-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/1784-3519-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2604-3526-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/1976-3525-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2768-3533-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2628-3532-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2636-3531-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2956-3530-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/1196-3529-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2820-3528-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1784	KFlHxaG.exe
1196	rPqHDuU.exe
2416	GhpJJso.exe
2956	xViUGkA.exe
2344	jUrvWjN.exe
2820	nYEIxMd.exe
2612	dTOUFom.exe
2256	sGxgbgQ.exe
2628	BGxISGr.exe
2768	cuQhaxI.exe
2604	qalpkng.exe
2636	NKHGhUv.exe
1976	fWSQHtH.exe
2652	wPxtvJq.exe
1968	RfTjlVb.exe
680	iEcqrXs.exe
1116	VDfkGXa.exe
108	DkyNLRf.exe
1652	rJkABsH.exe
2372	ZiDFrkb.exe
492	GjxPAzG.exe
588	cXQVhuP.exe
1476	XCSzWIn.exe
1808	ORcQZBl.exe
1804	StPuWrc.exe
1792	EzNxufi.exe
1376	oXRIAJb.exe
1600	nkRYCJO.exe
2460	VsikZRX.exe
2940	DzLjNeE.exe
956	IDqoPLh.exe
2264	ekbGOoF.exe
2376	ONbRQgI.exe
2432	bIQNNqY.exe
2076	IZbgIMa.exe
996	VAMhzHD.exe
1644	nxcvZPj.exe
1896	tSpEbnu.exe
2584	HMuVwMI.exe
3004	VhVttkl.exe
1892	DSvGgxy.exe
1144	mZfgWaw.exe
2040	NIugMkC.exe
2320	Vblsbio.exe
1620	NqBZkdX.exe
940	uhGhCML.exe
2560	cGVPXcB.exe
1748	SXOubfk.exe
1860	lRfqcmB.exe
1668	NFORacq.exe
2968	fbhuSrH.exe
2156	BamlnMB.exe
1736	FlHKrIB.exe
2296	HfAlddH.exe
1672	CykFqqI.exe
2464	TsGcMJg.exe
1724	YyNqpHq.exe
2524	qcfYgDJ.exe
2132	mcStxEW.exe
1836	OnRtMPL.exe
2316	hcyecmY.exe
1592	cLsZIFx.exe
2120	EAYURpl.exe
2808	yaEhksf.exe

Loads dropped DLL 64 IoCs

pid	Process
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1992-0-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016593-12.dat	upx
behavioral1/files/0x00080000000167dc-16.dat	upx
behavioral1/files/0x0008000000016c3d-23.dat	upx
behavioral1/memory/2416-24-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2344-36-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0007000000016cd3-37.dat	upx
behavioral1/memory/1196-32-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0007000000016ca2-31.dat	upx
behavioral1/memory/1784-30-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2956-29-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2820-43-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x0009000000016cfe-47.dat	upx
behavioral1/files/0x000600000001739a-59.dat	upx
behavioral1/files/0x0006000000017403-79.dat	upx
behavioral1/files/0x000600000001747b-87.dat	upx
behavioral1/files/0x000600000001748f-91.dat	upx
behavioral1/files/0x0009000000018678-105.dat	upx
behavioral1/files/0x0005000000019229-139.dat	upx
behavioral1/memory/2612-878-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2652-891-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2956-1059-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/1992-1057-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/1976-889-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2636-887-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2604-885-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2768-883-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2628-881-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2256-879-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x000500000001924c-147.dat	upx
behavioral1/files/0x0005000000019234-143.dat	upx
behavioral1/files/0x00050000000191f7-131.dat	upx
behavioral1/files/0x0005000000019218-136.dat	upx
behavioral1/files/0x00050000000191f3-127.dat	upx
behavioral1/files/0x00060000000190d6-123.dat	upx
behavioral1/files/0x00060000000190cd-119.dat	upx
behavioral1/files/0x000500000001879b-115.dat	upx
behavioral1/files/0x0005000000018690-111.dat	upx
behavioral1/files/0x000600000001752f-100.dat	upx
behavioral1/files/0x001500000001866d-103.dat	upx
behavioral1/files/0x00060000000174ac-95.dat	upx
behavioral1/files/0x0006000000017409-83.dat	upx
behavioral1/files/0x00060000000173fb-75.dat	upx
behavioral1/files/0x00060000000173e4-71.dat	upx
behavioral1/files/0x00060000000173aa-67.dat	upx
behavioral1/files/0x000600000001739c-63.dat	upx
behavioral1/files/0x000800000001620e-52.dat	upx
behavioral1/files/0x0009000000016d0b-55.dat	upx
behavioral1/memory/2612-3522-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2344-3521-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2416-3520-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1784-3519-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2604-3526-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/1976-3525-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2768-3533-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2628-3532-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2636-3531-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2956-3530-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/1196-3529-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2820-3528-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2256-3535-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2652-3534-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IZbgIMa.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eBKhtKj.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqBbFDs.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDaIJqR.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTcCCAy.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkGQjdi.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVrIHtV.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kduNQNZ.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDEbUMz.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RfTjlVb.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyPsmIl.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrREKJC.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfPBONM.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syNgNTb.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPmUAWE.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXVUmpk.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqkDXxl.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtXLQXn.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOosFcC.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxcvZPj.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSBcUMl.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXmczfI.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpjUsLs.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHaZiBF.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rWwDLVL.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtvYwUo.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJvZZGj.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBHTXJK.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZRAkZG.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRofyPX.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDUmYia.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbSRBCd.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDPzyHJ.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AcvSfAq.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYEIxMd.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhVttkl.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqlOZIs.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cSVUIZN.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HONEPYi.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDxYoRI.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVuygjx.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eozYewO.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZMUGVA.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfVaqLb.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dytJSWx.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCDmWwy.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFzFhEI.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbOxQre.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRjUSyg.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSbvDqy.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIeWbwH.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLcoeWN.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKvfWQR.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShqxwTi.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yijJLOd.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUyjObW.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbSCBwD.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LaxnSxO.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yuRUWFi.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clcOZso.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSLQyVi.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgnQFri.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzckOxT.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAoPNjD.exe	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1784	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1992 wrote to memory of 1784	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1992 wrote to memory of 1784	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1992 wrote to memory of 1196	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1992 wrote to memory of 1196	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1992 wrote to memory of 1196	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1992 wrote to memory of 2416	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1992 wrote to memory of 2416	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1992 wrote to memory of 2416	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1992 wrote to memory of 2956	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1992 wrote to memory of 2956	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1992 wrote to memory of 2956	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1992 wrote to memory of 2344	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1992 wrote to memory of 2344	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1992 wrote to memory of 2344	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1992 wrote to memory of 2820	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1992 wrote to memory of 2820	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1992 wrote to memory of 2820	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1992 wrote to memory of 2612	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1992 wrote to memory of 2612	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1992 wrote to memory of 2612	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1992 wrote to memory of 2256	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1992 wrote to memory of 2256	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1992 wrote to memory of 2256	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1992 wrote to memory of 2628	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1992 wrote to memory of 2628	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1992 wrote to memory of 2628	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1992 wrote to memory of 2768	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1992 wrote to memory of 2768	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1992 wrote to memory of 2768	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1992 wrote to memory of 2604	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1992 wrote to memory of 2604	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1992 wrote to memory of 2604	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1992 wrote to memory of 2636	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1992 wrote to memory of 2636	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1992 wrote to memory of 2636	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1992 wrote to memory of 1976	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1992 wrote to memory of 1976	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1992 wrote to memory of 1976	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1992 wrote to memory of 2652	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1992 wrote to memory of 2652	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1992 wrote to memory of 2652	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1992 wrote to memory of 1968	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1992 wrote to memory of 1968	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1992 wrote to memory of 1968	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1992 wrote to memory of 680	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1992 wrote to memory of 680	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1992 wrote to memory of 680	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1992 wrote to memory of 1116	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1992 wrote to memory of 1116	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1992 wrote to memory of 1116	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1992 wrote to memory of 108	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1992 wrote to memory of 108	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1992 wrote to memory of 108	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1992 wrote to memory of 1652	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1992 wrote to memory of 1652	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1992 wrote to memory of 1652	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1992 wrote to memory of 2372	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1992 wrote to memory of 2372	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1992 wrote to memory of 2372	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1992 wrote to memory of 492	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1992 wrote to memory of 492	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1992 wrote to memory of 492	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1992 wrote to memory of 588	1992	2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_919f33f8f73d067583feb9c6172bc4b2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\System\KFlHxaG.exe
  C:\Windows\System\KFlHxaG.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\rPqHDuU.exe
  C:\Windows\System\rPqHDuU.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\GhpJJso.exe
  C:\Windows\System\GhpJJso.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\xViUGkA.exe
  C:\Windows\System\xViUGkA.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\jUrvWjN.exe
  C:\Windows\System\jUrvWjN.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\nYEIxMd.exe
  C:\Windows\System\nYEIxMd.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\dTOUFom.exe
  C:\Windows\System\dTOUFom.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\sGxgbgQ.exe
  C:\Windows\System\sGxgbgQ.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\BGxISGr.exe
  C:\Windows\System\BGxISGr.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\cuQhaxI.exe
  C:\Windows\System\cuQhaxI.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\qalpkng.exe
  C:\Windows\System\qalpkng.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\NKHGhUv.exe
  C:\Windows\System\NKHGhUv.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\fWSQHtH.exe
  C:\Windows\System\fWSQHtH.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\wPxtvJq.exe
  C:\Windows\System\wPxtvJq.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\RfTjlVb.exe
  C:\Windows\System\RfTjlVb.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\iEcqrXs.exe
  C:\Windows\System\iEcqrXs.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\VDfkGXa.exe
  C:\Windows\System\VDfkGXa.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\DkyNLRf.exe
  C:\Windows\System\DkyNLRf.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\rJkABsH.exe
  C:\Windows\System\rJkABsH.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\ZiDFrkb.exe
  C:\Windows\System\ZiDFrkb.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\GjxPAzG.exe
  C:\Windows\System\GjxPAzG.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\cXQVhuP.exe
  C:\Windows\System\cXQVhuP.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\XCSzWIn.exe
  C:\Windows\System\XCSzWIn.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\ORcQZBl.exe
  C:\Windows\System\ORcQZBl.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\StPuWrc.exe
  C:\Windows\System\StPuWrc.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\EzNxufi.exe
  C:\Windows\System\EzNxufi.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\oXRIAJb.exe
  C:\Windows\System\oXRIAJb.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\nkRYCJO.exe
  C:\Windows\System\nkRYCJO.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\VsikZRX.exe
  C:\Windows\System\VsikZRX.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\DzLjNeE.exe
  C:\Windows\System\DzLjNeE.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\IDqoPLh.exe
  C:\Windows\System\IDqoPLh.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\ekbGOoF.exe
  C:\Windows\System\ekbGOoF.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\ONbRQgI.exe
  C:\Windows\System\ONbRQgI.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\IZbgIMa.exe
  C:\Windows\System\IZbgIMa.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\bIQNNqY.exe
  C:\Windows\System\bIQNNqY.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\VAMhzHD.exe
  C:\Windows\System\VAMhzHD.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\nxcvZPj.exe
  C:\Windows\System\nxcvZPj.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\tSpEbnu.exe
  C:\Windows\System\tSpEbnu.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\HMuVwMI.exe
  C:\Windows\System\HMuVwMI.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\VhVttkl.exe
  C:\Windows\System\VhVttkl.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\DSvGgxy.exe
  C:\Windows\System\DSvGgxy.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\mZfgWaw.exe
  C:\Windows\System\mZfgWaw.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\NIugMkC.exe
  C:\Windows\System\NIugMkC.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\Vblsbio.exe
  C:\Windows\System\Vblsbio.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\NqBZkdX.exe
  C:\Windows\System\NqBZkdX.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\uhGhCML.exe
  C:\Windows\System\uhGhCML.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\cGVPXcB.exe
  C:\Windows\System\cGVPXcB.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\SXOubfk.exe
  C:\Windows\System\SXOubfk.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\lRfqcmB.exe
  C:\Windows\System\lRfqcmB.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\YyNqpHq.exe
  C:\Windows\System\YyNqpHq.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\NFORacq.exe
  C:\Windows\System\NFORacq.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\qcfYgDJ.exe
  C:\Windows\System\qcfYgDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\fbhuSrH.exe
  C:\Windows\System\fbhuSrH.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\mcStxEW.exe
  C:\Windows\System\mcStxEW.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\BamlnMB.exe
  C:\Windows\System\BamlnMB.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\OnRtMPL.exe
  C:\Windows\System\OnRtMPL.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\FlHKrIB.exe
  C:\Windows\System\FlHKrIB.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\hcyecmY.exe
  C:\Windows\System\hcyecmY.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\HfAlddH.exe
  C:\Windows\System\HfAlddH.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\cLsZIFx.exe
  C:\Windows\System\cLsZIFx.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\CykFqqI.exe
  C:\Windows\System\CykFqqI.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\EAYURpl.exe
  C:\Windows\System\EAYURpl.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\TsGcMJg.exe
  C:\Windows\System\TsGcMJg.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\yaEhksf.exe
  C:\Windows\System\yaEhksf.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\TWxQtjp.exe
  C:\Windows\System\TWxQtjp.exe
  2⤵
  PID:2976
- C:\Windows\System\xThUUTP.exe
  C:\Windows\System\xThUUTP.exe
  2⤵
  PID:2920
- C:\Windows\System\ALrSLvJ.exe
  C:\Windows\System\ALrSLvJ.exe
  2⤵
  PID:3056
- C:\Windows\System\GkGQjdi.exe
  C:\Windows\System\GkGQjdi.exe
  2⤵
  PID:524
- C:\Windows\System\ZphWXYo.exe
  C:\Windows\System\ZphWXYo.exe
  2⤵
  PID:1172
- C:\Windows\System\dvpeEVw.exe
  C:\Windows\System\dvpeEVw.exe
  2⤵
  PID:1140
- C:\Windows\System\TaNYuAJ.exe
  C:\Windows\System\TaNYuAJ.exe
  2⤵
  PID:2664
- C:\Windows\System\ahCAveT.exe
  C:\Windows\System\ahCAveT.exe
  2⤵
  PID:1848
- C:\Windows\System\YAeSyln.exe
  C:\Windows\System\YAeSyln.exe
  2⤵
  PID:1496
- C:\Windows\System\bZsDaGR.exe
  C:\Windows\System\bZsDaGR.exe
  2⤵
  PID:2196
- C:\Windows\System\iRSTGNE.exe
  C:\Windows\System\iRSTGNE.exe
  2⤵
  PID:1772
- C:\Windows\System\CadfXDw.exe
  C:\Windows\System\CadfXDw.exe
  2⤵
  PID:1576
- C:\Windows\System\SVZuooX.exe
  C:\Windows\System\SVZuooX.exe
  2⤵
  PID:2996
- C:\Windows\System\PKZjMEB.exe
  C:\Windows\System\PKZjMEB.exe
  2⤵
  PID:1988
- C:\Windows\System\AJlfttN.exe
  C:\Windows\System\AJlfttN.exe
  2⤵
  PID:1440
- C:\Windows\System\VbVcaHY.exe
  C:\Windows\System\VbVcaHY.exe
  2⤵
  PID:1080
- C:\Windows\System\eGIXyKi.exe
  C:\Windows\System\eGIXyKi.exe
  2⤵
  PID:1660
- C:\Windows\System\NqysgRL.exe
  C:\Windows\System\NqysgRL.exe
  2⤵
  PID:348
- C:\Windows\System\DiSlBwH.exe
  C:\Windows\System\DiSlBwH.exe
  2⤵
  PID:1036
- C:\Windows\System\jqlOZIs.exe
  C:\Windows\System\jqlOZIs.exe
  2⤵
  PID:1820
- C:\Windows\System\TRfqwXF.exe
  C:\Windows\System\TRfqwXF.exe
  2⤵
  PID:1864
- C:\Windows\System\pZZiPIn.exe
  C:\Windows\System\pZZiPIn.exe
  2⤵
  PID:536
- C:\Windows\System\BQezcGo.exe
  C:\Windows\System\BQezcGo.exe
  2⤵
  PID:3008
- C:\Windows\System\RtyZOPh.exe
  C:\Windows\System\RtyZOPh.exe
  2⤵
  PID:1648
- C:\Windows\System\iKFvfEe.exe
  C:\Windows\System\iKFvfEe.exe
  2⤵
  PID:2080
- C:\Windows\System\vsfRzot.exe
  C:\Windows\System\vsfRzot.exe
  2⤵
  PID:2324
- C:\Windows\System\VEIcXYd.exe
  C:\Windows\System\VEIcXYd.exe
  2⤵
  PID:1316
- C:\Windows\System\tQEVeKd.exe
  C:\Windows\System\tQEVeKd.exe
  2⤵
  PID:2512
- C:\Windows\System\sLDgdvI.exe
  C:\Windows\System\sLDgdvI.exe
  2⤵
  PID:2824
- C:\Windows\System\quMJffF.exe
  C:\Windows\System\quMJffF.exe
  2⤵
  PID:2096
- C:\Windows\System\dPBCXMb.exe
  C:\Windows\System\dPBCXMb.exe
  2⤵
  PID:1352
- C:\Windows\System\gPtcEpt.exe
  C:\Windows\System\gPtcEpt.exe
  2⤵
  PID:2580
- C:\Windows\System\TpeZxmz.exe
  C:\Windows\System\TpeZxmz.exe
  2⤵
  PID:1796
- C:\Windows\System\kOaOnil.exe
  C:\Windows\System\kOaOnil.exe
  2⤵
  PID:2532
- C:\Windows\System\bSyMpqK.exe
  C:\Windows\System\bSyMpqK.exe
  2⤵
  PID:2516
- C:\Windows\System\SKjRhsJ.exe
  C:\Windows\System\SKjRhsJ.exe
  2⤵
  PID:820
- C:\Windows\System\hoUYXLg.exe
  C:\Windows\System\hoUYXLg.exe
  2⤵
  PID:2336
- C:\Windows\System\DFAavcN.exe
  C:\Windows\System\DFAavcN.exe
  2⤵
  PID:444
- C:\Windows\System\nQGbZKN.exe
  C:\Windows\System\nQGbZKN.exe
  2⤵
  PID:1716
- C:\Windows\System\RgNavws.exe
  C:\Windows\System\RgNavws.exe
  2⤵
  PID:696
- C:\Windows\System\xFBukut.exe
  C:\Windows\System\xFBukut.exe
  2⤵
  PID:2948
- C:\Windows\System\AeikyNT.exe
  C:\Windows\System\AeikyNT.exe
  2⤵
  PID:2200
- C:\Windows\System\FFpseZZ.exe
  C:\Windows\System\FFpseZZ.exe
  2⤵
  PID:1540
- C:\Windows\System\tAoPNjD.exe
  C:\Windows\System\tAoPNjD.exe
  2⤵
  PID:328
- C:\Windows\System\aYdsHOs.exe
  C:\Windows\System\aYdsHOs.exe
  2⤵
  PID:1856
- C:\Windows\System\vdkFXQI.exe
  C:\Windows\System\vdkFXQI.exe
  2⤵
  PID:1364
- C:\Windows\System\jjdCIor.exe
  C:\Windows\System\jjdCIor.exe
  2⤵
  PID:2192
- C:\Windows\System\oMyPSKS.exe
  C:\Windows\System\oMyPSKS.exe
  2⤵
  PID:2436
- C:\Windows\System\ybyFAAF.exe
  C:\Windows\System\ybyFAAF.exe
  2⤵
  PID:2952
- C:\Windows\System\PEhZANj.exe
  C:\Windows\System\PEhZANj.exe
  2⤵
  PID:2164
- C:\Windows\System\ONTnYpb.exe
  C:\Windows\System\ONTnYpb.exe
  2⤵
  PID:1996
- C:\Windows\System\FzYgbTa.exe
  C:\Windows\System\FzYgbTa.exe
  2⤵
  PID:2540
- C:\Windows\System\bbNYHGt.exe
  C:\Windows\System\bbNYHGt.exe
  2⤵
  PID:2448
- C:\Windows\System\HZeiZuq.exe
  C:\Windows\System\HZeiZuq.exe
  2⤵
  PID:2208
- C:\Windows\System\llbnVAf.exe
  C:\Windows\System\llbnVAf.exe
  2⤵
  PID:920
- C:\Windows\System\qPLfbag.exe
  C:\Windows\System\qPLfbag.exe
  2⤵
  PID:2792
- C:\Windows\System\rgWRonC.exe
  C:\Windows\System\rgWRonC.exe
  2⤵
  PID:1532
- C:\Windows\System\gLbkRLF.exe
  C:\Windows\System\gLbkRLF.exe
  2⤵
  PID:2624
- C:\Windows\System\TOVAhTl.exe
  C:\Windows\System\TOVAhTl.exe
  2⤵
  PID:2424
- C:\Windows\System\AvlIbQa.exe
  C:\Windows\System\AvlIbQa.exe
  2⤵
  PID:3088
- C:\Windows\System\fmEdpGX.exe
  C:\Windows\System\fmEdpGX.exe
  2⤵
  PID:3104
- C:\Windows\System\ikLwzvM.exe
  C:\Windows\System\ikLwzvM.exe
  2⤵
  PID:3120
- C:\Windows\System\ZXzelXv.exe
  C:\Windows\System\ZXzelXv.exe
  2⤵
  PID:3136
- C:\Windows\System\LLEyOJW.exe
  C:\Windows\System\LLEyOJW.exe
  2⤵
  PID:3152
- C:\Windows\System\hlCgDsk.exe
  C:\Windows\System\hlCgDsk.exe
  2⤵
  PID:3180
- C:\Windows\System\KwYjZCD.exe
  C:\Windows\System\KwYjZCD.exe
  2⤵
  PID:3200
- C:\Windows\System\NcFtlUo.exe
  C:\Windows\System\NcFtlUo.exe
  2⤵
  PID:3220
- C:\Windows\System\IRjUSyg.exe
  C:\Windows\System\IRjUSyg.exe
  2⤵
  PID:3240
- C:\Windows\System\mLOGtss.exe
  C:\Windows\System\mLOGtss.exe
  2⤵
  PID:3260
- C:\Windows\System\LwPwAuG.exe
  C:\Windows\System\LwPwAuG.exe
  2⤵
  PID:3280
- C:\Windows\System\FWdjeYD.exe
  C:\Windows\System\FWdjeYD.exe
  2⤵
  PID:3300
- C:\Windows\System\swLmkeY.exe
  C:\Windows\System\swLmkeY.exe
  2⤵
  PID:3316
- C:\Windows\System\wUIElsP.exe
  C:\Windows\System\wUIElsP.exe
  2⤵
  PID:3332
- C:\Windows\System\pkgqWoG.exe
  C:\Windows\System\pkgqWoG.exe
  2⤵
  PID:3348
- C:\Windows\System\JoHJUGZ.exe
  C:\Windows\System\JoHJUGZ.exe
  2⤵
  PID:3368
- C:\Windows\System\IvFvFKp.exe
  C:\Windows\System\IvFvFKp.exe
  2⤵
  PID:3384
- C:\Windows\System\kLkZVut.exe
  C:\Windows\System\kLkZVut.exe
  2⤵
  PID:3400
- C:\Windows\System\uLrxVOI.exe
  C:\Windows\System\uLrxVOI.exe
  2⤵
  PID:3416
- C:\Windows\System\jhwRklu.exe
  C:\Windows\System\jhwRklu.exe
  2⤵
  PID:3432
- C:\Windows\System\zKvfWQR.exe
  C:\Windows\System\zKvfWQR.exe
  2⤵
  PID:3448
- C:\Windows\System\noOKMUC.exe
  C:\Windows\System\noOKMUC.exe
  2⤵
  PID:3556
- C:\Windows\System\eIeIyUt.exe
  C:\Windows\System\eIeIyUt.exe
  2⤵
  PID:3576
- C:\Windows\System\miWTJbV.exe
  C:\Windows\System\miWTJbV.exe
  2⤵
  PID:3596
- C:\Windows\System\GEZKSYZ.exe
  C:\Windows\System\GEZKSYZ.exe
  2⤵
  PID:3616
- C:\Windows\System\zyojVNW.exe
  C:\Windows\System\zyojVNW.exe
  2⤵
  PID:3636
- C:\Windows\System\yskCrmG.exe
  C:\Windows\System\yskCrmG.exe
  2⤵
  PID:3656
- C:\Windows\System\clcOZso.exe
  C:\Windows\System\clcOZso.exe
  2⤵
  PID:3672
- C:\Windows\System\WxIMrDb.exe
  C:\Windows\System\WxIMrDb.exe
  2⤵
  PID:3692
- C:\Windows\System\iOdMmik.exe
  C:\Windows\System\iOdMmik.exe
  2⤵
  PID:3712
- C:\Windows\System\lqprtDV.exe
  C:\Windows\System\lqprtDV.exe
  2⤵
  PID:3728
- C:\Windows\System\RVChvpl.exe
  C:\Windows\System\RVChvpl.exe
  2⤵
  PID:3744
- C:\Windows\System\ThmBQPY.exe
  C:\Windows\System\ThmBQPY.exe
  2⤵
  PID:3768
- C:\Windows\System\yDnkCRo.exe
  C:\Windows\System\yDnkCRo.exe
  2⤵
  PID:3788
- C:\Windows\System\iSUbMfR.exe
  C:\Windows\System\iSUbMfR.exe
  2⤵
  PID:3808
- C:\Windows\System\bFgbRdu.exe
  C:\Windows\System\bFgbRdu.exe
  2⤵
  PID:3824
- C:\Windows\System\MyWEHFv.exe
  C:\Windows\System\MyWEHFv.exe
  2⤵
  PID:3852
- C:\Windows\System\hTmJdbR.exe
  C:\Windows\System\hTmJdbR.exe
  2⤵
  PID:3872
- C:\Windows\System\iLZVjaK.exe
  C:\Windows\System\iLZVjaK.exe
  2⤵
  PID:3888
- C:\Windows\System\dbwbVRK.exe
  C:\Windows\System\dbwbVRK.exe
  2⤵
  PID:3904
- C:\Windows\System\ZSLkipD.exe
  C:\Windows\System\ZSLkipD.exe
  2⤵
  PID:3928
- C:\Windows\System\RkPzRKT.exe
  C:\Windows\System\RkPzRKT.exe
  2⤵
  PID:3948
- C:\Windows\System\hldLVZv.exe
  C:\Windows\System\hldLVZv.exe
  2⤵
  PID:3964
- C:\Windows\System\MmPIZJh.exe
  C:\Windows\System\MmPIZJh.exe
  2⤵
  PID:3984
- C:\Windows\System\MjSEvxZ.exe
  C:\Windows\System\MjSEvxZ.exe
  2⤵
  PID:4000
- C:\Windows\System\vikEKEv.exe
  C:\Windows\System\vikEKEv.exe
  2⤵
  PID:4024
- C:\Windows\System\NHsKTzz.exe
  C:\Windows\System\NHsKTzz.exe
  2⤵
  PID:4044
- C:\Windows\System\DSsVZMl.exe
  C:\Windows\System\DSsVZMl.exe
  2⤵
  PID:4064
- C:\Windows\System\BDgwKMZ.exe
  C:\Windows\System\BDgwKMZ.exe
  2⤵
  PID:4084
- C:\Windows\System\VOQjasX.exe
  C:\Windows\System\VOQjasX.exe
  2⤵
  PID:2400
- C:\Windows\System\dsWgDRI.exe
  C:\Windows\System\dsWgDRI.exe
  2⤵
  PID:2180
- C:\Windows\System\qmsoEEY.exe
  C:\Windows\System\qmsoEEY.exe
  2⤵
  PID:1084
- C:\Windows\System\hZplFeK.exe
  C:\Windows\System\hZplFeK.exe
  2⤵
  PID:3084
- C:\Windows\System\vYDPwGB.exe
  C:\Windows\System\vYDPwGB.exe
  2⤵
  PID:800
- C:\Windows\System\BuxWYgt.exe
  C:\Windows\System\BuxWYgt.exe
  2⤵
  PID:3196
- C:\Windows\System\aeohvde.exe
  C:\Windows\System\aeohvde.exe
  2⤵
  PID:3232
- C:\Windows\System\ggXQWXf.exe
  C:\Windows\System\ggXQWXf.exe
  2⤵
  PID:3312
- C:\Windows\System\KHArAbk.exe
  C:\Windows\System\KHArAbk.exe
  2⤵
  PID:2228
- C:\Windows\System\dQHuiEh.exe
  C:\Windows\System\dQHuiEh.exe
  2⤵
  PID:1628
- C:\Windows\System\WvdstoN.exe
  C:\Windows\System\WvdstoN.exe
  2⤵
  PID:2488
- C:\Windows\System\drVSqva.exe
  C:\Windows\System\drVSqva.exe
  2⤵
  PID:2148
- C:\Windows\System\SMfQHXx.exe
  C:\Windows\System\SMfQHXx.exe
  2⤵
  PID:1416
- C:\Windows\System\trPsLpc.exe
  C:\Windows\System\trPsLpc.exe
  2⤵
  PID:2736
- C:\Windows\System\yKZTpLP.exe
  C:\Windows\System\yKZTpLP.exe
  2⤵
  PID:2428
- C:\Windows\System\UinZJHH.exe
  C:\Windows\System\UinZJHH.exe
  2⤵
  PID:3288
- C:\Windows\System\WdIqxQf.exe
  C:\Windows\System\WdIqxQf.exe
  2⤵
  PID:3328
- C:\Windows\System\TSbvDqy.exe
  C:\Windows\System\TSbvDqy.exe
  2⤵
  PID:3424
- C:\Windows\System\rRNvFEF.exe
  C:\Windows\System\rRNvFEF.exe
  2⤵
  PID:3248
- C:\Windows\System\qYbZhMj.exe
  C:\Windows\System\qYbZhMj.exe
  2⤵
  PID:3132
- C:\Windows\System\gyNvYaf.exe
  C:\Windows\System\gyNvYaf.exe
  2⤵
  PID:3504
- C:\Windows\System\ltybMQN.exe
  C:\Windows\System\ltybMQN.exe
  2⤵
  PID:3524
- C:\Windows\System\FqrJtko.exe
  C:\Windows\System\FqrJtko.exe
  2⤵
  PID:3544
- C:\Windows\System\jxGuQMO.exe
  C:\Windows\System\jxGuQMO.exe
  2⤵
  PID:3568
- C:\Windows\System\KVrIHtV.exe
  C:\Windows\System\KVrIHtV.exe
  2⤵
  PID:3652
- C:\Windows\System\iTSoQHs.exe
  C:\Windows\System\iTSoQHs.exe
  2⤵
  PID:3584
- C:\Windows\System\RdDmdkV.exe
  C:\Windows\System\RdDmdkV.exe
  2⤵
  PID:3752
- C:\Windows\System\wLjgihy.exe
  C:\Windows\System\wLjgihy.exe
  2⤵
  PID:2748
- C:\Windows\System\NaUMHAD.exe
  C:\Windows\System\NaUMHAD.exe
  2⤵
  PID:3800
- C:\Windows\System\dsIbjVl.exe
  C:\Windows\System\dsIbjVl.exe
  2⤵
  PID:3848
- C:\Windows\System\TzjNEAl.exe
  C:\Windows\System\TzjNEAl.exe
  2⤵
  PID:3912
- C:\Windows\System\rjiaRZB.exe
  C:\Windows\System\rjiaRZB.exe
  2⤵
  PID:3924
- C:\Windows\System\tSHKyVF.exe
  C:\Windows\System\tSHKyVF.exe
  2⤵
  PID:2140
- C:\Windows\System\iDemkwS.exe
  C:\Windows\System\iDemkwS.exe
  2⤵
  PID:3740
- C:\Windows\System\GDVPlCf.exe
  C:\Windows\System\GDVPlCf.exe
  2⤵
  PID:3992
- C:\Windows\System\LoEYOME.exe
  C:\Windows\System\LoEYOME.exe
  2⤵
  PID:3864
- C:\Windows\System\EDxcVGN.exe
  C:\Windows\System\EDxcVGN.exe
  2⤵
  PID:4036
- C:\Windows\System\ZGtpAVA.exe
  C:\Windows\System\ZGtpAVA.exe
  2⤵
  PID:2732
- C:\Windows\System\HDzmXoZ.exe
  C:\Windows\System\HDzmXoZ.exe
  2⤵
  PID:4012
- C:\Windows\System\mUSCGhW.exe
  C:\Windows\System\mUSCGhW.exe
  2⤵
  PID:4052
- C:\Windows\System\RMlArJc.exe
  C:\Windows\System\RMlArJc.exe
  2⤵
  PID:3972
- C:\Windows\System\sasiiQZ.exe
  C:\Windows\System\sasiiQZ.exe
  2⤵
  PID:3116
- C:\Windows\System\PXrcwew.exe
  C:\Windows\System\PXrcwew.exe
  2⤵
  PID:4092
- C:\Windows\System\GRRYFVG.exe
  C:\Windows\System\GRRYFVG.exe
  2⤵
  PID:3276
- C:\Windows\System\jDLgZXK.exe
  C:\Windows\System\jDLgZXK.exe
  2⤵
  PID:1816
- C:\Windows\System\KXDNXUi.exe
  C:\Windows\System\KXDNXUi.exe
  2⤵
  PID:1800
- C:\Windows\System\rTMPLkv.exe
  C:\Windows\System\rTMPLkv.exe
  2⤵
  PID:3236
- C:\Windows\System\BVQwZYm.exe
  C:\Windows\System\BVQwZYm.exe
  2⤵
  PID:3172
- C:\Windows\System\WaWyQQB.exe
  C:\Windows\System\WaWyQQB.exe
  2⤵
  PID:2752
- C:\Windows\System\ypRjEHF.exe
  C:\Windows\System\ypRjEHF.exe
  2⤵
  PID:3444
- C:\Windows\System\GqCMKLc.exe
  C:\Windows\System\GqCMKLc.exe
  2⤵
  PID:3360
- C:\Windows\System\rVHBuPi.exe
  C:\Windows\System\rVHBuPi.exe
  2⤵
  PID:3208
- C:\Windows\System\QrEjXgo.exe
  C:\Windows\System\QrEjXgo.exe
  2⤵
  PID:3324
- C:\Windows\System\fIgRHQt.exe
  C:\Windows\System\fIgRHQt.exe
  2⤵
  PID:3456
- C:\Windows\System\GNdbXRT.exe
  C:\Windows\System\GNdbXRT.exe
  2⤵
  PID:3500
- C:\Windows\System\UBJaNWs.exe
  C:\Windows\System\UBJaNWs.exe
  2⤵
  PID:3540
- C:\Windows\System\AkmjLOH.exe
  C:\Windows\System\AkmjLOH.exe
  2⤵
  PID:3840
- C:\Windows\System\onfMKWd.exe
  C:\Windows\System\onfMKWd.exe
  2⤵
  PID:3720
- C:\Windows\System\CRGsTrU.exe
  C:\Windows\System\CRGsTrU.exe
  2⤵
  PID:3612
- C:\Windows\System\huCjHlM.exe
  C:\Windows\System\huCjHlM.exe
  2⤵
  PID:3820
- C:\Windows\System\eVdazhU.exe
  C:\Windows\System\eVdazhU.exe
  2⤵
  PID:3632
- C:\Windows\System\cxxpobx.exe
  C:\Windows\System\cxxpobx.exe
  2⤵
  PID:2800
- C:\Windows\System\IUuIFWf.exe
  C:\Windows\System\IUuIFWf.exe
  2⤵
  PID:2932
- C:\Windows\System\iMXpOFf.exe
  C:\Windows\System\iMXpOFf.exe
  2⤵
  PID:3896
- C:\Windows\System\jlWwOxH.exe
  C:\Windows\System\jlWwOxH.exe
  2⤵
  PID:1812
- C:\Windows\System\voPWlVo.exe
  C:\Windows\System\voPWlVo.exe
  2⤵
  PID:3080
- C:\Windows\System\WnzWbpV.exe
  C:\Windows\System\WnzWbpV.exe
  2⤵
  PID:1696
- C:\Windows\System\ZZMUGVA.exe
  C:\Windows\System\ZZMUGVA.exe
  2⤵
  PID:3164
- C:\Windows\System\tCVNiwI.exe
  C:\Windows\System\tCVNiwI.exe
  2⤵
  PID:2592
- C:\Windows\System\SMAzFyd.exe
  C:\Windows\System\SMAzFyd.exe
  2⤵
  PID:3564
- C:\Windows\System\IbodfHe.exe
  C:\Windows\System\IbodfHe.exe
  2⤵
  PID:3536
- C:\Windows\System\YnLXLoD.exe
  C:\Windows\System\YnLXLoD.exe
  2⤵
  PID:3228
- C:\Windows\System\sLjvqrN.exe
  C:\Windows\System\sLjvqrN.exe
  2⤵
  PID:3784
- C:\Windows\System\HouVDzA.exe
  C:\Windows\System\HouVDzA.exe
  2⤵
  PID:4072
- C:\Windows\System\ouKQMRb.exe
  C:\Windows\System\ouKQMRb.exe
  2⤵
  PID:2708
- C:\Windows\System\qPyefan.exe
  C:\Windows\System\qPyefan.exe
  2⤵
  PID:3520
- C:\Windows\System\BvhuMvh.exe
  C:\Windows\System\BvhuMvh.exe
  2⤵
  PID:3296
- C:\Windows\System\NOuVBhw.exe
  C:\Windows\System\NOuVBhw.exe
  2⤵
  PID:2108
- C:\Windows\System\MVtEitg.exe
  C:\Windows\System\MVtEitg.exe
  2⤵
  PID:3756
- C:\Windows\System\tWiFZqX.exe
  C:\Windows\System\tWiFZqX.exe
  2⤵
  PID:3100
- C:\Windows\System\HZncJgx.exe
  C:\Windows\System\HZncJgx.exe
  2⤵
  PID:2812
- C:\Windows\System\GVhBeAA.exe
  C:\Windows\System\GVhBeAA.exe
  2⤵
  PID:3704
- C:\Windows\System\CYVfvWu.exe
  C:\Windows\System\CYVfvWu.exe
  2⤵
  PID:4076
- C:\Windows\System\tJmwJZx.exe
  C:\Windows\System\tJmwJZx.exe
  2⤵
  PID:2100
- C:\Windows\System\LNadwzp.exe
  C:\Windows\System\LNadwzp.exe
  2⤵
  PID:3308
- C:\Windows\System\zOJkizB.exe
  C:\Windows\System\zOJkizB.exe
  2⤵
  PID:3148
- C:\Windows\System\XgAGoxK.exe
  C:\Windows\System\XgAGoxK.exe
  2⤵
  PID:2396
- C:\Windows\System\enHcldT.exe
  C:\Windows\System\enHcldT.exe
  2⤵
  PID:3516
- C:\Windows\System\MXsKyZc.exe
  C:\Windows\System\MXsKyZc.exe
  2⤵
  PID:2720
- C:\Windows\System\NBDUCZy.exe
  C:\Windows\System\NBDUCZy.exe
  2⤵
  PID:4060
- C:\Windows\System\YSLQyVi.exe
  C:\Windows\System\YSLQyVi.exe
  2⤵
  PID:3836
- C:\Windows\System\nCXQott.exe
  C:\Windows\System\nCXQott.exe
  2⤵
  PID:3884
- C:\Windows\System\HqSPbMa.exe
  C:\Windows\System\HqSPbMa.exe
  2⤵
  PID:4008
- C:\Windows\System\DTXsBMe.exe
  C:\Windows\System\DTXsBMe.exe
  2⤵
  PID:4100
- C:\Windows\System\vLLGcpu.exe
  C:\Windows\System\vLLGcpu.exe
  2⤵
  PID:4116
- C:\Windows\System\SSBcUMl.exe
  C:\Windows\System\SSBcUMl.exe
  2⤵
  PID:4160
- C:\Windows\System\IMdrZnW.exe
  C:\Windows\System\IMdrZnW.exe
  2⤵
  PID:4252
- C:\Windows\System\zoseiLE.exe
  C:\Windows\System\zoseiLE.exe
  2⤵
  PID:4272
- C:\Windows\System\afbINWc.exe
  C:\Windows\System\afbINWc.exe
  2⤵
  PID:4292
- C:\Windows\System\qjIxOhF.exe
  C:\Windows\System\qjIxOhF.exe
  2⤵
  PID:4308
- C:\Windows\System\bZOFwlJ.exe
  C:\Windows\System\bZOFwlJ.exe
  2⤵
  PID:4328
- C:\Windows\System\PYIYjEB.exe
  C:\Windows\System\PYIYjEB.exe
  2⤵
  PID:4344
- C:\Windows\System\HMXSwHq.exe
  C:\Windows\System\HMXSwHq.exe
  2⤵
  PID:4368
- C:\Windows\System\LOlgcdK.exe
  C:\Windows\System\LOlgcdK.exe
  2⤵
  PID:4384
- C:\Windows\System\aKpThkT.exe
  C:\Windows\System\aKpThkT.exe
  2⤵
  PID:4400
- C:\Windows\System\WutcMrw.exe
  C:\Windows\System\WutcMrw.exe
  2⤵
  PID:4416
- C:\Windows\System\TsEWSwD.exe
  C:\Windows\System\TsEWSwD.exe
  2⤵
  PID:4440
- C:\Windows\System\gNmtjND.exe
  C:\Windows\System\gNmtjND.exe
  2⤵
  PID:4456
- C:\Windows\System\xryYmtf.exe
  C:\Windows\System\xryYmtf.exe
  2⤵
  PID:4472
- C:\Windows\System\uIkVpkG.exe
  C:\Windows\System\uIkVpkG.exe
  2⤵
  PID:4488
- C:\Windows\System\EQOGYJe.exe
  C:\Windows\System\EQOGYJe.exe
  2⤵
  PID:4504
- C:\Windows\System\xKRKotA.exe
  C:\Windows\System\xKRKotA.exe
  2⤵
  PID:4520
- C:\Windows\System\peWYqlP.exe
  C:\Windows\System\peWYqlP.exe
  2⤵
  PID:4568
- C:\Windows\System\LGPrSgd.exe
  C:\Windows\System\LGPrSgd.exe
  2⤵
  PID:4588
- C:\Windows\System\pwhralB.exe
  C:\Windows\System\pwhralB.exe
  2⤵
  PID:4608
- C:\Windows\System\QAjmSsD.exe
  C:\Windows\System\QAjmSsD.exe
  2⤵
  PID:4628
- C:\Windows\System\HZMhcCu.exe
  C:\Windows\System\HZMhcCu.exe
  2⤵
  PID:4648
- C:\Windows\System\WdafcVN.exe
  C:\Windows\System\WdafcVN.exe
  2⤵
  PID:4664
- C:\Windows\System\CTilVkN.exe
  C:\Windows\System\CTilVkN.exe
  2⤵
  PID:4688
- C:\Windows\System\HOEjzgx.exe
  C:\Windows\System\HOEjzgx.exe
  2⤵
  PID:4704
- C:\Windows\System\ugIMXVR.exe
  C:\Windows\System\ugIMXVR.exe
  2⤵
  PID:4724
- C:\Windows\System\kszzRrm.exe
  C:\Windows\System\kszzRrm.exe
  2⤵
  PID:4748
- C:\Windows\System\gkCoAVg.exe
  C:\Windows\System\gkCoAVg.exe
  2⤵
  PID:4764
- C:\Windows\System\ZxiXHWB.exe
  C:\Windows\System\ZxiXHWB.exe
  2⤵
  PID:4792
- C:\Windows\System\SOHnbvR.exe
  C:\Windows\System\SOHnbvR.exe
  2⤵
  PID:4812
- C:\Windows\System\GmSJCRR.exe
  C:\Windows\System\GmSJCRR.exe
  2⤵
  PID:4832
- C:\Windows\System\oNsPBVD.exe
  C:\Windows\System\oNsPBVD.exe
  2⤵
  PID:4852
- C:\Windows\System\zTPZsGl.exe
  C:\Windows\System\zTPZsGl.exe
  2⤵
  PID:4868
- C:\Windows\System\UwIafUR.exe
  C:\Windows\System\UwIafUR.exe
  2⤵
  PID:4884
- C:\Windows\System\GTtEKWM.exe
  C:\Windows\System\GTtEKWM.exe
  2⤵
  PID:4908
- C:\Windows\System\DuRuwyh.exe
  C:\Windows\System\DuRuwyh.exe
  2⤵
  PID:4924
- C:\Windows\System\rumITtP.exe
  C:\Windows\System\rumITtP.exe
  2⤵
  PID:4940
- C:\Windows\System\YrhBDnH.exe
  C:\Windows\System\YrhBDnH.exe
  2⤵
  PID:4956
- C:\Windows\System\RuPKqib.exe
  C:\Windows\System\RuPKqib.exe
  2⤵
  PID:4972
- C:\Windows\System\SPYazPl.exe
  C:\Windows\System\SPYazPl.exe
  2⤵
  PID:4996
- C:\Windows\System\ZJBFeUL.exe
  C:\Windows\System\ZJBFeUL.exe
  2⤵
  PID:5012
- C:\Windows\System\EXlEwIX.exe
  C:\Windows\System\EXlEwIX.exe
  2⤵
  PID:5036
- C:\Windows\System\eoijuNG.exe
  C:\Windows\System\eoijuNG.exe
  2⤵
  PID:5052
- C:\Windows\System\OwrnJNA.exe
  C:\Windows\System\OwrnJNA.exe
  2⤵
  PID:5068
- C:\Windows\System\VXmczfI.exe
  C:\Windows\System\VXmczfI.exe
  2⤵
  PID:5084
- C:\Windows\System\RQdWZSQ.exe
  C:\Windows\System\RQdWZSQ.exe
  2⤵
  PID:5100
- C:\Windows\System\AxJIoDD.exe
  C:\Windows\System\AxJIoDD.exe
  2⤵
  PID:5116
- C:\Windows\System\IZQtbVG.exe
  C:\Windows\System\IZQtbVG.exe
  2⤵
  PID:3956
- C:\Windows\System\fJspoRe.exe
  C:\Windows\System\fJspoRe.exe
  2⤵
  PID:904
- C:\Windows\System\EJiTpWo.exe
  C:\Windows\System\EJiTpWo.exe
  2⤵
  PID:3624
- C:\Windows\System\pQwCgfl.exe
  C:\Windows\System\pQwCgfl.exe
  2⤵
  PID:3684
- C:\Windows\System\yGfWwvs.exe
  C:\Windows\System\yGfWwvs.exe
  2⤵
  PID:4128
- C:\Windows\System\yaQQJEZ.exe
  C:\Windows\System\yaQQJEZ.exe
  2⤵
  PID:4144
- C:\Windows\System\ynFzGJj.exe
  C:\Windows\System\ynFzGJj.exe
  2⤵
  PID:2172
- C:\Windows\System\AjWaCdW.exe
  C:\Windows\System\AjWaCdW.exe
  2⤵
  PID:4108
- C:\Windows\System\cSVUIZN.exe
  C:\Windows\System\cSVUIZN.exe
  2⤵
  PID:4436
- C:\Windows\System\yCdJQrw.exe
  C:\Windows\System\yCdJQrw.exe
  2⤵
  PID:4500
- C:\Windows\System\xpIOVfF.exe
  C:\Windows\System\xpIOVfF.exe
  2⤵
  PID:4352
- C:\Windows\System\pQKzPWz.exe
  C:\Windows\System\pQKzPWz.exe
  2⤵
  PID:4548
- C:\Windows\System\hxcsCBU.exe
  C:\Windows\System\hxcsCBU.exe
  2⤵
  PID:4580
- C:\Windows\System\AqjRHAK.exe
  C:\Windows\System\AqjRHAK.exe
  2⤵
  PID:4560
- C:\Windows\System\tdpuijJ.exe
  C:\Windows\System\tdpuijJ.exe
  2⤵
  PID:4732
- C:\Windows\System\xKOmTpV.exe
  C:\Windows\System\xKOmTpV.exe
  2⤵
  PID:4780
- C:\Windows\System\SbTkIXM.exe
  C:\Windows\System\SbTkIXM.exe
  2⤵
  PID:4820
- C:\Windows\System\KiKSpbI.exe
  C:\Windows\System\KiKSpbI.exe
  2⤵
  PID:4892
- C:\Windows\System\eLDSgrR.exe
  C:\Windows\System\eLDSgrR.exe
  2⤵
  PID:4932
- C:\Windows\System\YAKZWSR.exe
  C:\Windows\System\YAKZWSR.exe
  2⤵
  PID:4716
- C:\Windows\System\fpjUsLs.exe
  C:\Windows\System\fpjUsLs.exe
  2⤵
  PID:5048
- C:\Windows\System\jPJcfZv.exe
  C:\Windows\System\jPJcfZv.exe
  2⤵
  PID:4644
- C:\Windows\System\hFttunX.exe
  C:\Windows\System\hFttunX.exe
  2⤵
  PID:5112
- C:\Windows\System\rSDDmNT.exe
  C:\Windows\System\rSDDmNT.exe
  2⤵
  PID:2240
- C:\Windows\System\thjfPkh.exe
  C:\Windows\System\thjfPkh.exe
  2⤵
  PID:4136
- C:\Windows\System\EDKiFiu.exe
  C:\Windows\System\EDKiFiu.exe
  2⤵
  PID:4804
- C:\Windows\System\FYSPrgA.exe
  C:\Windows\System\FYSPrgA.exe
  2⤵
  PID:4844
- C:\Windows\System\RkkOoVi.exe
  C:\Windows\System\RkkOoVi.exe
  2⤵
  PID:5020
- C:\Windows\System\wunyrvS.exe
  C:\Windows\System\wunyrvS.exe
  2⤵
  PID:5064
- C:\Windows\System\NKCTqju.exe
  C:\Windows\System\NKCTqju.exe
  2⤵
  PID:3960
- C:\Windows\System\rNOidDs.exe
  C:\Windows\System\rNOidDs.exe
  2⤵
  PID:4156
- C:\Windows\System\QaFulhz.exe
  C:\Windows\System\QaFulhz.exe
  2⤵
  PID:3512
- C:\Windows\System\MOgWCUb.exe
  C:\Windows\System\MOgWCUb.exe
  2⤵
  PID:4336
- C:\Windows\System\oOXPqLh.exe
  C:\Windows\System\oOXPqLh.exe
  2⤵
  PID:4408
- C:\Windows\System\jqYkdsz.exe
  C:\Windows\System\jqYkdsz.exe
  2⤵
  PID:4484
- C:\Windows\System\QhUWrhA.exe
  C:\Windows\System\QhUWrhA.exe
  2⤵
  PID:4788
- C:\Windows\System\RVhqAqC.exe
  C:\Windows\System\RVhqAqC.exe
  2⤵
  PID:4428
- C:\Windows\System\sPwlmuS.exe
  C:\Windows\System\sPwlmuS.exe
  2⤵
  PID:2600
- C:\Windows\System\smtKvDz.exe
  C:\Windows\System\smtKvDz.exe
  2⤵
  PID:4392
- C:\Windows\System\cKHNGvr.exe
  C:\Windows\System\cKHNGvr.exe
  2⤵
  PID:4584
- C:\Windows\System\IBHTXJK.exe
  C:\Windows\System\IBHTXJK.exe
  2⤵
  PID:4600
- C:\Windows\System\PZRAkZG.exe
  C:\Windows\System\PZRAkZG.exe
  2⤵
  PID:4496
- C:\Windows\System\CsieqSp.exe
  C:\Windows\System\CsieqSp.exe
  2⤵
  PID:4620
- C:\Windows\System\UGdpjBz.exe
  C:\Windows\System\UGdpjBz.exe
  2⤵
  PID:1088
- C:\Windows\System\rUgSrwK.exe
  C:\Windows\System\rUgSrwK.exe
  2⤵
  PID:4824
- C:\Windows\System\MwRhAuL.exe
  C:\Windows\System\MwRhAuL.exe
  2⤵
  PID:4772
- C:\Windows\System\WqzrldO.exe
  C:\Windows\System\WqzrldO.exe
  2⤵
  PID:5008
- C:\Windows\System\fYbyAtW.exe
  C:\Windows\System\fYbyAtW.exe
  2⤵
  PID:5108
- C:\Windows\System\eTdQOPo.exe
  C:\Windows\System\eTdQOPo.exe
  2⤵
  PID:4672
- C:\Windows\System\lBokwvH.exe
  C:\Windows\System\lBokwvH.exe
  2⤵
  PID:2936
- C:\Windows\System\PTmtkht.exe
  C:\Windows\System\PTmtkht.exe
  2⤵
  PID:4840
- C:\Windows\System\GTwAJHf.exe
  C:\Windows\System\GTwAJHf.exe
  2⤵
  PID:5024
- C:\Windows\System\sLsmQLJ.exe
  C:\Windows\System\sLsmQLJ.exe
  2⤵
  PID:4800
- C:\Windows\System\AscGgYw.exe
  C:\Windows\System\AscGgYw.exe
  2⤵
  PID:3460
- C:\Windows\System\DeKJOqF.exe
  C:\Windows\System\DeKJOqF.exe
  2⤵
  PID:4948
- C:\Windows\System\uoJKEAO.exe
  C:\Windows\System\uoJKEAO.exe
  2⤵
  PID:4236
- C:\Windows\System\qAznMGU.exe
  C:\Windows\System\qAznMGU.exe
  2⤵
  PID:2972
- C:\Windows\System\jkImVZe.exe
  C:\Windows\System\jkImVZe.exe
  2⤵
  PID:4660
- C:\Windows\System\LbTzjsj.exe
  C:\Windows\System\LbTzjsj.exe
  2⤵
  PID:5004
- C:\Windows\System\lpYgbzw.exe
  C:\Windows\System\lpYgbzw.exe
  2⤵
  PID:3644
- C:\Windows\System\lfzVhyh.exe
  C:\Windows\System\lfzVhyh.exe
  2⤵
  PID:1964
- C:\Windows\System\QEWjFmU.exe
  C:\Windows\System\QEWjFmU.exe
  2⤵
  PID:4380
- C:\Windows\System\unGeDaf.exe
  C:\Windows\System\unGeDaf.exe
  2⤵
  PID:4576
- C:\Windows\System\hloDIse.exe
  C:\Windows\System\hloDIse.exe
  2⤵
  PID:1700
- C:\Windows\System\DdQYNTK.exe
  C:\Windows\System\DdQYNTK.exe
  2⤵
  PID:4900
- C:\Windows\System\RufARRx.exe
  C:\Windows\System\RufARRx.exe
  2⤵
  PID:4848
- C:\Windows\System\OhZkLjt.exe
  C:\Windows\System\OhZkLjt.exe
  2⤵
  PID:4140
- C:\Windows\System\xERHIuL.exe
  C:\Windows\System\xERHIuL.exe
  2⤵
  PID:5032
- C:\Windows\System\ulHMjxZ.exe
  C:\Windows\System\ulHMjxZ.exe
  2⤵
  PID:4448
- C:\Windows\System\FvaWhRa.exe
  C:\Windows\System\FvaWhRa.exe
  2⤵
  PID:1168
- C:\Windows\System\XCkTjOQ.exe
  C:\Windows\System\XCkTjOQ.exe
  2⤵
  PID:4244
- C:\Windows\System\vFEpmoY.exe
  C:\Windows\System\vFEpmoY.exe
  2⤵
  PID:4536
- C:\Windows\System\zwlXtvz.exe
  C:\Windows\System\zwlXtvz.exe
  2⤵
  PID:4720
- C:\Windows\System\botYKoQ.exe
  C:\Windows\System\botYKoQ.exe
  2⤵
  PID:1344
- C:\Windows\System\ELMvyjo.exe
  C:\Windows\System\ELMvyjo.exe
  2⤵
  PID:5136
- C:\Windows\System\ZyjligI.exe
  C:\Windows\System\ZyjligI.exe
  2⤵
  PID:5152
- C:\Windows\System\WvvIpmc.exe
  C:\Windows\System\WvvIpmc.exe
  2⤵
  PID:5168
- C:\Windows\System\gViHrJd.exe
  C:\Windows\System\gViHrJd.exe
  2⤵
  PID:5184
- C:\Windows\System\DVOHXfA.exe
  C:\Windows\System\DVOHXfA.exe
  2⤵
  PID:5200
- C:\Windows\System\dCpaSoh.exe
  C:\Windows\System\dCpaSoh.exe
  2⤵
  PID:5216
- C:\Windows\System\MOKXuwE.exe
  C:\Windows\System\MOKXuwE.exe
  2⤵
  PID:5232
- C:\Windows\System\GIcudTE.exe
  C:\Windows\System\GIcudTE.exe
  2⤵
  PID:5248
- C:\Windows\System\aeJNftl.exe
  C:\Windows\System\aeJNftl.exe
  2⤵
  PID:5264
- C:\Windows\System\iNHnFwG.exe
  C:\Windows\System\iNHnFwG.exe
  2⤵
  PID:5284
- C:\Windows\System\EdxPZYU.exe
  C:\Windows\System\EdxPZYU.exe
  2⤵
  PID:5300
- C:\Windows\System\syNgNTb.exe
  C:\Windows\System\syNgNTb.exe
  2⤵
  PID:5320
- C:\Windows\System\tDdRyGm.exe
  C:\Windows\System\tDdRyGm.exe
  2⤵
  PID:5336
- C:\Windows\System\WglTiEI.exe
  C:\Windows\System\WglTiEI.exe
  2⤵
  PID:5356
- C:\Windows\System\Ceyyicq.exe
  C:\Windows\System\Ceyyicq.exe
  2⤵
  PID:5376
- C:\Windows\System\qxEqBqh.exe
  C:\Windows\System\qxEqBqh.exe
  2⤵
  PID:5392
- C:\Windows\System\zTZIjfH.exe
  C:\Windows\System\zTZIjfH.exe
  2⤵
  PID:5408
- C:\Windows\System\VBxrXEg.exe
  C:\Windows\System\VBxrXEg.exe
  2⤵
  PID:5424
- C:\Windows\System\lrjWqBQ.exe
  C:\Windows\System\lrjWqBQ.exe
  2⤵
  PID:5444
- C:\Windows\System\tCWbCQG.exe
  C:\Windows\System\tCWbCQG.exe
  2⤵
  PID:5464
- C:\Windows\System\uNtjjVU.exe
  C:\Windows\System\uNtjjVU.exe
  2⤵
  PID:5480
- C:\Windows\System\sfGbhNd.exe
  C:\Windows\System\sfGbhNd.exe
  2⤵
  PID:5500
- C:\Windows\System\yMxvBOm.exe
  C:\Windows\System\yMxvBOm.exe
  2⤵
  PID:5520
- C:\Windows\System\VwDbnoC.exe
  C:\Windows\System\VwDbnoC.exe
  2⤵
  PID:5540
- C:\Windows\System\TujFxmV.exe
  C:\Windows\System\TujFxmV.exe
  2⤵
  PID:5556
- C:\Windows\System\nvhUnKX.exe
  C:\Windows\System\nvhUnKX.exe
  2⤵
  PID:5572
- C:\Windows\System\mbPglsz.exe
  C:\Windows\System\mbPglsz.exe
  2⤵
  PID:5588
- C:\Windows\System\zaHubeu.exe
  C:\Windows\System\zaHubeu.exe
  2⤵
  PID:5608
- C:\Windows\System\MskaGVx.exe
  C:\Windows\System\MskaGVx.exe
  2⤵
  PID:5628
- C:\Windows\System\dPkZoEO.exe
  C:\Windows\System\dPkZoEO.exe
  2⤵
  PID:5644
- C:\Windows\System\ZzPfHbs.exe
  C:\Windows\System\ZzPfHbs.exe
  2⤵
  PID:5664
- C:\Windows\System\kVEvTXK.exe
  C:\Windows\System\kVEvTXK.exe
  2⤵
  PID:5720
- C:\Windows\System\QFwOfdi.exe
  C:\Windows\System\QFwOfdi.exe
  2⤵
  PID:5764
- C:\Windows\System\ZrsLAak.exe
  C:\Windows\System\ZrsLAak.exe
  2⤵
  PID:5788
- C:\Windows\System\WWccNTh.exe
  C:\Windows\System\WWccNTh.exe
  2⤵
  PID:5808
- C:\Windows\System\FoknKAi.exe
  C:\Windows\System\FoknKAi.exe
  2⤵
  PID:5824
- C:\Windows\System\rfVaqLb.exe
  C:\Windows\System\rfVaqLb.exe
  2⤵
  PID:5848
- C:\Windows\System\CxsIDLt.exe
  C:\Windows\System\CxsIDLt.exe
  2⤵
  PID:5872
- C:\Windows\System\HdqJzLL.exe
  C:\Windows\System\HdqJzLL.exe
  2⤵
  PID:5888
- C:\Windows\System\ssDeUBM.exe
  C:\Windows\System\ssDeUBM.exe
  2⤵
  PID:5908
- C:\Windows\System\FKcOScm.exe
  C:\Windows\System\FKcOScm.exe
  2⤵
  PID:5924
- C:\Windows\System\meqcQrq.exe
  C:\Windows\System\meqcQrq.exe
  2⤵
  PID:5940
- C:\Windows\System\lSsQXrt.exe
  C:\Windows\System\lSsQXrt.exe
  2⤵
  PID:5956
- C:\Windows\System\rhuEaxv.exe
  C:\Windows\System\rhuEaxv.exe
  2⤵
  PID:5972
- C:\Windows\System\LjqgMMg.exe
  C:\Windows\System\LjqgMMg.exe
  2⤵
  PID:5992
- C:\Windows\System\HrAvSQv.exe
  C:\Windows\System\HrAvSQv.exe
  2⤵
  PID:6020
- C:\Windows\System\YZHfZGK.exe
  C:\Windows\System\YZHfZGK.exe
  2⤵
  PID:6036
- C:\Windows\System\ZNRyGGO.exe
  C:\Windows\System\ZNRyGGO.exe
  2⤵
  PID:6068
- C:\Windows\System\grZqTlx.exe
  C:\Windows\System\grZqTlx.exe
  2⤵
  PID:6100
- C:\Windows\System\xgcRYSJ.exe
  C:\Windows\System\xgcRYSJ.exe
  2⤵
  PID:6116
- C:\Windows\System\RpoiIyJ.exe
  C:\Windows\System\RpoiIyJ.exe
  2⤵
  PID:6132
- C:\Windows\System\FoSvHoJ.exe
  C:\Windows\System\FoSvHoJ.exe
  2⤵
  PID:4744
- C:\Windows\System\XYqFtqZ.exe
  C:\Windows\System\XYqFtqZ.exe
  2⤵
  PID:4432
- C:\Windows\System\dlSjkDI.exe
  C:\Windows\System\dlSjkDI.exe
  2⤵
  PID:1728
- C:\Windows\System\ZoPMQnP.exe
  C:\Windows\System\ZoPMQnP.exe
  2⤵
  PID:5096
- C:\Windows\System\IJnRhoI.exe
  C:\Windows\System\IJnRhoI.exe
  2⤵
  PID:4636
- C:\Windows\System\ANXxpWY.exe
  C:\Windows\System\ANXxpWY.exe
  2⤵
  PID:2060
- C:\Windows\System\BCwqjVL.exe
  C:\Windows\System\BCwqjVL.exe
  2⤵
  PID:4700
- C:\Windows\System\LXsmaXJ.exe
  C:\Windows\System\LXsmaXJ.exe
  2⤵
  PID:4512
- C:\Windows\System\TUkZzVt.exe
  C:\Windows\System\TUkZzVt.exe
  2⤵
  PID:5276
- C:\Windows\System\oAyrLIB.exe
  C:\Windows\System\oAyrLIB.exe
  2⤵
  PID:5316
- C:\Windows\System\dytJSWx.exe
  C:\Windows\System\dytJSWx.exe
  2⤵
  PID:5384
- C:\Windows\System\latXnPp.exe
  C:\Windows\System\latXnPp.exe
  2⤵
  PID:5452
- C:\Windows\System\UwSzvWQ.exe
  C:\Windows\System\UwSzvWQ.exe
  2⤵
  PID:5492
- C:\Windows\System\SBTEOZI.exe
  C:\Windows\System\SBTEOZI.exe
  2⤵
  PID:5536
- C:\Windows\System\jKxmURs.exe
  C:\Windows\System\jKxmURs.exe
  2⤵
  PID:5604
- C:\Windows\System\giHryut.exe
  C:\Windows\System\giHryut.exe
  2⤵
  PID:5196
- C:\Windows\System\DFgGrwu.exe
  C:\Windows\System\DFgGrwu.exe
  2⤵
  PID:5256
- C:\Windows\System\rgRMQbW.exe
  C:\Windows\System\rgRMQbW.exe
  2⤵
  PID:5328
- C:\Windows\System\LWfPlhb.exe
  C:\Windows\System\LWfPlhb.exe
  2⤵
  PID:5372
- C:\Windows\System\oitnnzK.exe
  C:\Windows\System\oitnnzK.exe
  2⤵
  PID:5580
- C:\Windows\System\LZUuIyi.exe
  C:\Windows\System\LZUuIyi.exe
  2⤵
  PID:5624
- C:\Windows\System\dJeCXhz.exe
  C:\Windows\System\dJeCXhz.exe
  2⤵
  PID:5728
- C:\Windows\System\dFVAizf.exe
  C:\Windows\System\dFVAizf.exe
  2⤵
  PID:5756
- C:\Windows\System\XLNFdxs.exe
  C:\Windows\System\XLNFdxs.exe
  2⤵
  PID:5832
- C:\Windows\System\GhAZIvV.exe
  C:\Windows\System\GhAZIvV.exe
  2⤵
  PID:5700
- C:\Windows\System\tHvPeNP.exe
  C:\Windows\System\tHvPeNP.exe
  2⤵
  PID:5716
- C:\Windows\System\gfnxvRZ.exe
  C:\Windows\System\gfnxvRZ.exe
  2⤵
  PID:5884
- C:\Windows\System\SrddKRk.exe
  C:\Windows\System\SrddKRk.exe
  2⤵
  PID:5952
- C:\Windows\System\ANwazPA.exe
  C:\Windows\System\ANwazPA.exe
  2⤵
  PID:5776
- C:\Windows\System\EhBSfXo.exe
  C:\Windows\System\EhBSfXo.exe
  2⤵
  PID:5856
- C:\Windows\System\yPEjBeN.exe
  C:\Windows\System\yPEjBeN.exe
  2⤵
  PID:5696
- C:\Windows\System\nWRRMEr.exe
  C:\Windows\System\nWRRMEr.exe
  2⤵
  PID:5988
- C:\Windows\System\bzSDamg.exe
  C:\Windows\System\bzSDamg.exe
  2⤵
  PID:6032
- C:\Windows\System\dTxgwvp.exe
  C:\Windows\System\dTxgwvp.exe
  2⤵
  PID:6016
- C:\Windows\System\fZyGRqp.exe
  C:\Windows\System\fZyGRqp.exe
  2⤵
  PID:5896
- C:\Windows\System\PqVaQtq.exe
  C:\Windows\System\PqVaQtq.exe
  2⤵
  PID:6060
- C:\Windows\System\GUYbiiT.exe
  C:\Windows\System\GUYbiiT.exe
  2⤵
  PID:2112
- C:\Windows\System\OaNbdKt.exe
  C:\Windows\System\OaNbdKt.exe
  2⤵
  PID:6084
- C:\Windows\System\VGBpNje.exe
  C:\Windows\System\VGBpNje.exe
  2⤵
  PID:2816
- C:\Windows\System\nsbZdKo.exe
  C:\Windows\System\nsbZdKo.exe
  2⤵
  PID:4604
- C:\Windows\System\plzTlFk.exe
  C:\Windows\System\plzTlFk.exe
  2⤵
  PID:5060
- C:\Windows\System\ppsdrTZ.exe
  C:\Windows\System\ppsdrTZ.exe
  2⤵
  PID:5208
- C:\Windows\System\UVtyXyg.exe
  C:\Windows\System\UVtyXyg.exe
  2⤵
  PID:5308
- C:\Windows\System\cBTgGAL.exe
  C:\Windows\System\cBTgGAL.exe
  2⤵
  PID:660
- C:\Windows\System\aRYtxhC.exe
  C:\Windows\System\aRYtxhC.exe
  2⤵
  PID:5460
- C:\Windows\System\ethmEid.exe
  C:\Windows\System\ethmEid.exe
  2⤵
  PID:5488
- C:\Windows\System\zuNQPME.exe
  C:\Windows\System\zuNQPME.exe
  2⤵
  PID:4204
- C:\Windows\System\ySZclhr.exe
  C:\Windows\System\ySZclhr.exe
  2⤵
  PID:5532
- C:\Windows\System\ZkHfdEU.exe
  C:\Windows\System\ZkHfdEU.exe
  2⤵
  PID:5164
- C:\Windows\System\lvVhJFL.exe
  C:\Windows\System\lvVhJFL.exe
  2⤵
  PID:5296
- C:\Windows\System\wDQPDva.exe
  C:\Windows\System\wDQPDva.exe
  2⤵
  PID:5432
- C:\Windows\System\TzyYCJo.exe
  C:\Windows\System\TzyYCJo.exe
  2⤵
  PID:5516
- C:\Windows\System\jyczqno.exe
  C:\Windows\System\jyczqno.exe
  2⤵
  PID:5596
- C:\Windows\System\ZVlTMpd.exe
  C:\Windows\System\ZVlTMpd.exe
  2⤵
  PID:5656
- C:\Windows\System\fjEXwUh.exe
  C:\Windows\System\fjEXwUh.exe
  2⤵
  PID:5736
- C:\Windows\System\AQDOcxc.exe
  C:\Windows\System\AQDOcxc.exe
  2⤵
  PID:5748
- C:\Windows\System\BOXABoz.exe
  C:\Windows\System\BOXABoz.exe
  2⤵
  PID:4228
- C:\Windows\System\fWLecPN.exe
  C:\Windows\System\fWLecPN.exe
  2⤵
  PID:5880
- C:\Windows\System\ilxxNba.exe
  C:\Windows\System\ilxxNba.exe
  2⤵
  PID:5672
- C:\Windows\System\pvlXvIl.exe
  C:\Windows\System\pvlXvIl.exe
  2⤵
  PID:5708
- C:\Windows\System\bVENRPc.exe
  C:\Windows\System\bVENRPc.exe
  2⤵
  PID:5784
- C:\Windows\System\UoevDFE.exe
  C:\Windows\System\UoevDFE.exe
  2⤵
  PID:5936
- C:\Windows\System\ydlITZj.exe
  C:\Windows\System\ydlITZj.exe
  2⤵
  PID:6000
- C:\Windows\System\NtDTJPF.exe
  C:\Windows\System\NtDTJPF.exe
  2⤵
  PID:6052
- C:\Windows\System\gtWMpLw.exe
  C:\Windows\System\gtWMpLw.exe
  2⤵
  PID:4200
- C:\Windows\System\VPWfBzb.exe
  C:\Windows\System\VPWfBzb.exe
  2⤵
  PID:5240
- C:\Windows\System\sdExxMH.exe
  C:\Windows\System\sdExxMH.exe
  2⤵
  PID:5212
- C:\Windows\System\VMNxTea.exe
  C:\Windows\System\VMNxTea.exe
  2⤵
  PID:4168
- C:\Windows\System\felqMQT.exe
  C:\Windows\System\felqMQT.exe
  2⤵
  PID:2772
- C:\Windows\System\EVVErOE.exe
  C:\Windows\System\EVVErOE.exe
  2⤵
  PID:2928
- C:\Windows\System\muYRBUs.exe
  C:\Windows\System\muYRBUs.exe
  2⤵
  PID:5192
- C:\Windows\System\FbuKWlu.exe
  C:\Windows\System\FbuKWlu.exe
  2⤵
  PID:4172
- C:\Windows\System\cOtMpGe.exe
  C:\Windows\System\cOtMpGe.exe
  2⤵
  PID:5804
- C:\Windows\System\VwZWheS.exe
  C:\Windows\System\VwZWheS.exe
  2⤵
  PID:2092
- C:\Windows\System\iwqXzKj.exe
  C:\Windows\System\iwqXzKj.exe
  2⤵
  PID:6012
- C:\Windows\System\SMFFtBe.exe
  C:\Windows\System\SMFFtBe.exe
  2⤵
  PID:5692
- C:\Windows\System\COdxqMU.exe
  C:\Windows\System\COdxqMU.exe
  2⤵
  PID:4188
- C:\Windows\System\rcrfgJt.exe
  C:\Windows\System\rcrfgJt.exe
  2⤵
  PID:5404
- C:\Windows\System\lgRjZPQ.exe
  C:\Windows\System\lgRjZPQ.exe
  2⤵
  PID:5772
- C:\Windows\System\KjZuGPl.exe
  C:\Windows\System\KjZuGPl.exe
  2⤵
  PID:6080
- C:\Windows\System\kobGcpU.exe
  C:\Windows\System\kobGcpU.exe
  2⤵
  PID:4360
- C:\Windows\System\jtVgCcI.exe
  C:\Windows\System\jtVgCcI.exe
  2⤵
  PID:2668
- C:\Windows\System\saVAxlS.exe
  C:\Windows\System\saVAxlS.exe
  2⤵
  PID:4920
- C:\Windows\System\TyPsmIl.exe
  C:\Windows\System\TyPsmIl.exe
  2⤵
  PID:4232
- C:\Windows\System\JbSRBCd.exe
  C:\Windows\System\JbSRBCd.exe
  2⤵
  PID:880
- C:\Windows\System\nBXUIEj.exe
  C:\Windows\System\nBXUIEj.exe
  2⤵
  PID:2452
- C:\Windows\System\cjAJCCX.exe
  C:\Windows\System\cjAJCCX.exe
  2⤵
  PID:5160
- C:\Windows\System\BgavoqD.exe
  C:\Windows\System\BgavoqD.exe
  2⤵
  PID:3060
- C:\Windows\System\YdTTDVA.exe
  C:\Windows\System\YdTTDVA.exe
  2⤵
  PID:4284
- C:\Windows\System\yBTxPsV.exe
  C:\Windows\System\yBTxPsV.exe
  2⤵
  PID:1040
- C:\Windows\System\URlIowR.exe
  C:\Windows\System\URlIowR.exe
  2⤵
  PID:6008
- C:\Windows\System\hwwamUA.exe
  C:\Windows\System\hwwamUA.exe
  2⤵
  PID:5688
- C:\Windows\System\nwSNcUL.exe
  C:\Windows\System\nwSNcUL.exe
  2⤵
  PID:6028
- C:\Windows\System\HPIqDuC.exe
  C:\Windows\System\HPIqDuC.exe
  2⤵
  PID:6140
- C:\Windows\System\bTkWZda.exe
  C:\Windows\System\bTkWZda.exe
  2⤵
  PID:1536
- C:\Windows\System\ibkjFLN.exe
  C:\Windows\System\ibkjFLN.exe
  2⤵
  PID:5616
- C:\Windows\System\sftELnI.exe
  C:\Windows\System\sftELnI.exe
  2⤵
  PID:6048
- C:\Windows\System\BwioghM.exe
  C:\Windows\System\BwioghM.exe
  2⤵
  PID:2504
- C:\Windows\System\pLKeOqb.exe
  C:\Windows\System\pLKeOqb.exe
  2⤵
  PID:5512
- C:\Windows\System\uEOijXX.exe
  C:\Windows\System\uEOijXX.exe
  2⤵
  PID:5272
- C:\Windows\System\cijNwrf.exe
  C:\Windows\System\cijNwrf.exe
  2⤵
  PID:2828
- C:\Windows\System\HCDmWwy.exe
  C:\Windows\System\HCDmWwy.exe
  2⤵
  PID:5548
- C:\Windows\System\BfGZWsU.exe
  C:\Windows\System\BfGZWsU.exe
  2⤵
  PID:4280
- C:\Windows\System\FfFpDww.exe
  C:\Windows\System\FfFpDww.exe
  2⤵
  PID:5508
- C:\Windows\System\dtiFzFM.exe
  C:\Windows\System\dtiFzFM.exe
  2⤵
  PID:532
- C:\Windows\System\HsqciBO.exe
  C:\Windows\System\HsqciBO.exe
  2⤵
  PID:3048
- C:\Windows\System\yLywDHK.exe
  C:\Windows\System\yLywDHK.exe
  2⤵
  PID:6164
- C:\Windows\System\CjLOjPV.exe
  C:\Windows\System\CjLOjPV.exe
  2⤵
  PID:6184
- C:\Windows\System\ISWbRzW.exe
  C:\Windows\System\ISWbRzW.exe
  2⤵
  PID:6208
- C:\Windows\System\WFycOqN.exe
  C:\Windows\System\WFycOqN.exe
  2⤵
  PID:6224
- C:\Windows\System\JnYwtaM.exe
  C:\Windows\System\JnYwtaM.exe
  2⤵
  PID:6244
- C:\Windows\System\fxAEJcN.exe
  C:\Windows\System\fxAEJcN.exe
  2⤵
  PID:6264
- C:\Windows\System\cXtAIuz.exe
  C:\Windows\System\cXtAIuz.exe
  2⤵
  PID:6284
- C:\Windows\System\jBSKrLu.exe
  C:\Windows\System\jBSKrLu.exe
  2⤵
  PID:6300
- C:\Windows\System\BFIXLaE.exe
  C:\Windows\System\BFIXLaE.exe
  2⤵
  PID:6320
- C:\Windows\System\hFboMpC.exe
  C:\Windows\System\hFboMpC.exe
  2⤵
  PID:6344
- C:\Windows\System\zCyXOgw.exe
  C:\Windows\System\zCyXOgw.exe
  2⤵
  PID:6360
- C:\Windows\System\wklFLNp.exe
  C:\Windows\System\wklFLNp.exe
  2⤵
  PID:6380
- C:\Windows\System\UCpFUuz.exe
  C:\Windows\System\UCpFUuz.exe
  2⤵
  PID:6396
- C:\Windows\System\XfWvMmX.exe
  C:\Windows\System\XfWvMmX.exe
  2⤵
  PID:6416
- C:\Windows\System\uwcMxVp.exe
  C:\Windows\System\uwcMxVp.exe
  2⤵
  PID:6432
- C:\Windows\System\cEtjnib.exe
  C:\Windows\System\cEtjnib.exe
  2⤵
  PID:6452
- C:\Windows\System\LgnQFri.exe
  C:\Windows\System\LgnQFri.exe
  2⤵
  PID:6468
- C:\Windows\System\VUUYadJ.exe
  C:\Windows\System\VUUYadJ.exe
  2⤵
  PID:6488
- C:\Windows\System\SXcwHYH.exe
  C:\Windows\System\SXcwHYH.exe
  2⤵
  PID:6516
- C:\Windows\System\bcPRkbt.exe
  C:\Windows\System\bcPRkbt.exe
  2⤵
  PID:6532
- C:\Windows\System\rBEPUIz.exe
  C:\Windows\System\rBEPUIz.exe
  2⤵
  PID:6552
- C:\Windows\System\eXziNEB.exe
  C:\Windows\System\eXziNEB.exe
  2⤵
  PID:6572
- C:\Windows\System\zqVOxhA.exe
  C:\Windows\System\zqVOxhA.exe
  2⤵
  PID:6592
- C:\Windows\System\XRFlsfR.exe
  C:\Windows\System\XRFlsfR.exe
  2⤵
  PID:6612
- C:\Windows\System\VJSjWTH.exe
  C:\Windows\System\VJSjWTH.exe
  2⤵
  PID:6636
- C:\Windows\System\UljnHny.exe
  C:\Windows\System\UljnHny.exe
  2⤵
  PID:6652
- C:\Windows\System\clxnRQN.exe
  C:\Windows\System\clxnRQN.exe
  2⤵
  PID:6672
- C:\Windows\System\DpDTuBm.exe
  C:\Windows\System\DpDTuBm.exe
  2⤵
  PID:6692
- C:\Windows\System\Ulmbpzc.exe
  C:\Windows\System\Ulmbpzc.exe
  2⤵
  PID:6712
- C:\Windows\System\ntqGyQq.exe
  C:\Windows\System\ntqGyQq.exe
  2⤵
  PID:6732
- C:\Windows\System\XDCxLKM.exe
  C:\Windows\System\XDCxLKM.exe
  2⤵
  PID:6756
- C:\Windows\System\PSywaMa.exe
  C:\Windows\System\PSywaMa.exe
  2⤵
  PID:6776
- C:\Windows\System\tCixVgO.exe
  C:\Windows\System\tCixVgO.exe
  2⤵
  PID:6840
- C:\Windows\System\JWsHEFw.exe
  C:\Windows\System\JWsHEFw.exe
  2⤵
  PID:6856
- C:\Windows\System\wjOncen.exe
  C:\Windows\System\wjOncen.exe
  2⤵
  PID:6872
- C:\Windows\System\WCFQeMJ.exe
  C:\Windows\System\WCFQeMJ.exe
  2⤵
  PID:6892
- C:\Windows\System\XwOWAdg.exe
  C:\Windows\System\XwOWAdg.exe
  2⤵
  PID:6908
- C:\Windows\System\FThbJMo.exe
  C:\Windows\System\FThbJMo.exe
  2⤵
  PID:6928
- C:\Windows\System\oEJktQw.exe
  C:\Windows\System\oEJktQw.exe
  2⤵
  PID:6944
- C:\Windows\System\HwjrcAN.exe
  C:\Windows\System\HwjrcAN.exe
  2⤵
  PID:6960
- C:\Windows\System\oubHKKL.exe
  C:\Windows\System\oubHKKL.exe
  2⤵
  PID:6980
- C:\Windows\System\wyZLVHO.exe
  C:\Windows\System\wyZLVHO.exe
  2⤵
  PID:7000
- C:\Windows\System\rwZfdSH.exe
  C:\Windows\System\rwZfdSH.exe
  2⤵
  PID:7024
- C:\Windows\System\QwbXpoo.exe
  C:\Windows\System\QwbXpoo.exe
  2⤵
  PID:7044
- C:\Windows\System\gHOwxuL.exe
  C:\Windows\System\gHOwxuL.exe
  2⤵
  PID:7068
- C:\Windows\System\YqgjBXe.exe
  C:\Windows\System\YqgjBXe.exe
  2⤵
  PID:7084
- C:\Windows\System\QgeOjJk.exe
  C:\Windows\System\QgeOjJk.exe
  2⤵
  PID:7104
- C:\Windows\System\PiwFQLO.exe
  C:\Windows\System\PiwFQLO.exe
  2⤵
  PID:7120
- C:\Windows\System\PoCfeeS.exe
  C:\Windows\System\PoCfeeS.exe
  2⤵
  PID:7140
- C:\Windows\System\yWGkXuZ.exe
  C:\Windows\System\yWGkXuZ.exe
  2⤵
  PID:7160
- C:\Windows\System\GxpzPRl.exe
  C:\Windows\System\GxpzPRl.exe
  2⤵
  PID:5416
- C:\Windows\System\BqPuIvm.exe
  C:\Windows\System\BqPuIvm.exe
  2⤵
  PID:6160
- C:\Windows\System\MiyQgsj.exe
  C:\Windows\System\MiyQgsj.exe
  2⤵
  PID:6196
- C:\Windows\System\pSawIqy.exe
  C:\Windows\System\pSawIqy.exe
  2⤵
  PID:6240
- C:\Windows\System\kEEDNiJ.exe
  C:\Windows\System\kEEDNiJ.exe
  2⤵
  PID:6276
- C:\Windows\System\SeSeiYE.exe
  C:\Windows\System\SeSeiYE.exe
  2⤵
  PID:6352
- C:\Windows\System\SdlYoor.exe
  C:\Windows\System\SdlYoor.exe
  2⤵
  PID:6392
- C:\Windows\System\RGaKDGH.exe
  C:\Windows\System\RGaKDGH.exe
  2⤵
  PID:6460
- C:\Windows\System\miEDFVz.exe
  C:\Windows\System\miEDFVz.exe
  2⤵
  PID:6500
- C:\Windows\System\XnUHUfw.exe
  C:\Windows\System\XnUHUfw.exe
  2⤵
  PID:4880
- C:\Windows\System\ZLtZNtW.exe
  C:\Windows\System\ZLtZNtW.exe
  2⤵
  PID:6584
- C:\Windows\System\LNgcsTL.exe
  C:\Windows\System\LNgcsTL.exe
  2⤵
  PID:6076
- C:\Windows\System\zkMZigF.exe
  C:\Windows\System\zkMZigF.exe
  2⤵
  PID:6216
- C:\Windows\System\ShqxwTi.exe
  C:\Windows\System\ShqxwTi.exe
  2⤵
  PID:6252
- C:\Windows\System\fICjLmv.exe
  C:\Windows\System\fICjLmv.exe
  2⤵
  PID:6704
- C:\Windows\System\LaeVYVT.exe
  C:\Windows\System\LaeVYVT.exe
  2⤵
  PID:6752
- C:\Windows\System\vtmkohZ.exe
  C:\Windows\System\vtmkohZ.exe
  2⤵
  PID:6784
- C:\Windows\System\QKjjMfI.exe
  C:\Windows\System\QKjjMfI.exe
  2⤵
  PID:6404
- C:\Windows\System\wikTNAM.exe
  C:\Windows\System\wikTNAM.exe
  2⤵
  PID:6804
- C:\Windows\System\siQzunC.exe
  C:\Windows\System\siQzunC.exe
  2⤵
  PID:6808
- C:\Windows\System\NjnOYfL.exe
  C:\Windows\System\NjnOYfL.exe
  2⤵
  PID:6568
- C:\Windows\System\aBALEyK.exe
  C:\Windows\System\aBALEyK.exe
  2⤵
  PID:6824
- C:\Windows\System\gjLZwWA.exe
  C:\Windows\System\gjLZwWA.exe
  2⤵
  PID:5244
- C:\Windows\System\CziNQzG.exe
  C:\Windows\System\CziNQzG.exe
  2⤵
  PID:6828
- C:\Windows\System\sbSjuaU.exe
  C:\Windows\System\sbSjuaU.exe
  2⤵
  PID:6832
- C:\Windows\System\ewSZvWH.exe
  C:\Windows\System\ewSZvWH.exe
  2⤵
  PID:6476
- C:\Windows\System\ePTCmnR.exe
  C:\Windows\System\ePTCmnR.exe
  2⤵
  PID:6296
- C:\Windows\System\mtczmve.exe
  C:\Windows\System\mtczmve.exe
  2⤵
  PID:6480
- C:\Windows\System\lNhORtt.exe
  C:\Windows\System\lNhORtt.exe
  2⤵
  PID:6604
- C:\Windows\System\qnhrdWo.exe
  C:\Windows\System\qnhrdWo.exe
  2⤵
  PID:6764
- C:\Windows\System\XroFlqg.exe
  C:\Windows\System\XroFlqg.exe
  2⤵
  PID:6900
- C:\Windows\System\fuiKpgo.exe
  C:\Windows\System\fuiKpgo.exe
  2⤵
  PID:6940
- C:\Windows\System\CvCyEZF.exe
  C:\Windows\System\CvCyEZF.exe
  2⤵
  PID:7012
- C:\Windows\System\sVDwFjD.exe
  C:\Windows\System\sVDwFjD.exe
  2⤵
  PID:7056
- C:\Windows\System\xuBtozg.exe
  C:\Windows\System\xuBtozg.exe
  2⤵
  PID:6848
- C:\Windows\System\PjVRbdM.exe
  C:\Windows\System\PjVRbdM.exe
  2⤵
  PID:7128
- C:\Windows\System\wnsJQNe.exe
  C:\Windows\System\wnsJQNe.exe
  2⤵
  PID:4288
- C:\Windows\System\mUdldfC.exe
  C:\Windows\System\mUdldfC.exe
  2⤵
  PID:6108
- C:\Windows\System\IhPvMgO.exe
  C:\Windows\System\IhPvMgO.exe
  2⤵
  PID:2872
- C:\Windows\System\pBVvYJZ.exe
  C:\Windows\System\pBVvYJZ.exe
  2⤵
  PID:7036
- C:\Windows\System\wiXGxEX.exe
  C:\Windows\System\wiXGxEX.exe
  2⤵
  PID:6888
- C:\Windows\System\IKsoSOl.exe
  C:\Windows\System\IKsoSOl.exe
  2⤵
  PID:6260
- C:\Windows\System\uGScMSv.exe
  C:\Windows\System\uGScMSv.exe
  2⤵
  PID:6332
- C:\Windows\System\CRglkOB.exe
  C:\Windows\System\CRglkOB.exe
  2⤵
  PID:6956
- C:\Windows\System\pFyojgo.exe
  C:\Windows\System\pFyojgo.exe
  2⤵
  PID:6992
- C:\Windows\System\qmRxpeq.exe
  C:\Windows\System\qmRxpeq.exe
  2⤵
  PID:7116
- C:\Windows\System\njqFMIz.exe
  C:\Windows\System\njqFMIz.exe
  2⤵
  PID:6152
- C:\Windows\System\rJbnXbL.exe
  C:\Windows\System\rJbnXbL.exe
  2⤵
  PID:4220
- C:\Windows\System\XdxfUwi.exe
  C:\Windows\System\XdxfUwi.exe
  2⤵
  PID:6428
- C:\Windows\System\slgxJoW.exe
  C:\Windows\System\slgxJoW.exe
  2⤵
  PID:6548
- C:\Windows\System\qSFdyHk.exe
  C:\Windows\System\qSFdyHk.exe
  2⤵
  PID:6668
- C:\Windows\System\thiTaVP.exe
  C:\Windows\System\thiTaVP.exe
  2⤵
  PID:6372
- C:\Windows\System\vofSHmR.exe
  C:\Windows\System\vofSHmR.exe
  2⤵
  PID:6564
- C:\Windows\System\cBatcdL.exe
  C:\Windows\System\cBatcdL.exe
  2⤵
  PID:2036
- C:\Windows\System\XSYrnSy.exe
  C:\Windows\System\XSYrnSy.exe
  2⤵
  PID:6788
- C:\Windows\System\cfDSdFd.exe
  C:\Windows\System\cfDSdFd.exe
  2⤵
  PID:6096
- C:\Windows\System\iPmUAWE.exe
  C:\Windows\System\iPmUAWE.exe
  2⤵
  PID:4184
- C:\Windows\System\HngPrLn.exe
  C:\Windows\System\HngPrLn.exe
  2⤵
  PID:6648
- C:\Windows\System\ctJrHRX.exe
  C:\Windows\System\ctJrHRX.exe
  2⤵
  PID:6868
- C:\Windows\System\cHFXAxg.exe
  C:\Windows\System\cHFXAxg.exe
  2⤵
  PID:1948
- C:\Windows\System\KYYHTcv.exe
  C:\Windows\System\KYYHTcv.exe
  2⤵
  PID:7020
- C:\Windows\System\xMPJjWD.exe
  C:\Windows\System\xMPJjWD.exe
  2⤵
  PID:6916
- C:\Windows\System\dfHQRiY.exe
  C:\Windows\System\dfHQRiY.exe
  2⤵
  PID:6700
- C:\Windows\System\BHAHkmk.exe
  C:\Windows\System\BHAHkmk.exe
  2⤵
  PID:6280
- C:\Windows\System\zEqMmWD.exe
  C:\Windows\System\zEqMmWD.exe
  2⤵
  PID:6632
- C:\Windows\System\GBNEiCD.exe
  C:\Windows\System\GBNEiCD.exe
  2⤵
  PID:7152
- C:\Windows\System\LfJdpjT.exe
  C:\Windows\System\LfJdpjT.exe
  2⤵
  PID:6232
- C:\Windows\System\gzckOxT.exe
  C:\Windows\System\gzckOxT.exe
  2⤵
  PID:6620
- C:\Windows\System\WdbDLnw.exe
  C:\Windows\System\WdbDLnw.exe
  2⤵
  PID:6316
- C:\Windows\System\nbncGyP.exe
  C:\Windows\System\nbncGyP.exe
  2⤵
  PID:6176
- C:\Windows\System\BTwWzgE.exe
  C:\Windows\System\BTwWzgE.exe
  2⤵
  PID:2844
- C:\Windows\System\xoRwwEM.exe
  C:\Windows\System\xoRwwEM.exe
  2⤵
  PID:6368
- C:\Windows\System\xFWoYDz.exe
  C:\Windows\System\xFWoYDz.exe
  2⤵
  PID:7076
- C:\Windows\System\ejdImqR.exe
  C:\Windows\System\ejdImqR.exe
  2⤵
  PID:6724
- C:\Windows\System\RBlDjGE.exe
  C:\Windows\System\RBlDjGE.exe
  2⤵
  PID:6936
- C:\Windows\System\aQAfXRn.exe
  C:\Windows\System\aQAfXRn.exe
  2⤵
  PID:7032
- C:\Windows\System\AQveJJL.exe
  C:\Windows\System\AQveJJL.exe
  2⤵
  PID:7112
- C:\Windows\System\hAfathK.exe
  C:\Windows\System\hAfathK.exe
  2⤵
  PID:1560
- C:\Windows\System\uuOLUEh.exe
  C:\Windows\System\uuOLUEh.exe
  2⤵
  PID:7008
- C:\Windows\System\WoJhWgE.exe
  C:\Windows\System\WoJhWgE.exe
  2⤵
  PID:7080
- C:\Windows\System\qmTkyTw.exe
  C:\Windows\System\qmTkyTw.exe
  2⤵
  PID:6408
- C:\Windows\System\qDbSvnv.exe
  C:\Windows\System\qDbSvnv.exe
  2⤵
  PID:7100
- C:\Windows\System\LjuNgij.exe
  C:\Windows\System\LjuNgij.exe
  2⤵
  PID:6312
- C:\Windows\System\esjdjib.exe
  C:\Windows\System\esjdjib.exe
  2⤵
  PID:7172
- C:\Windows\System\VHEpghR.exe
  C:\Windows\System\VHEpghR.exe
  2⤵
  PID:7188
- C:\Windows\System\unUbjAV.exe
  C:\Windows\System\unUbjAV.exe
  2⤵
  PID:7204
- C:\Windows\System\JBOTOBd.exe
  C:\Windows\System\JBOTOBd.exe
  2⤵
  PID:7220
- C:\Windows\System\ZduPwAz.exe
  C:\Windows\System\ZduPwAz.exe
  2⤵
  PID:7236
- C:\Windows\System\xHMJXgo.exe
  C:\Windows\System\xHMJXgo.exe
  2⤵
  PID:7252
- C:\Windows\System\ynaiXCr.exe
  C:\Windows\System\ynaiXCr.exe
  2⤵
  PID:7268
- C:\Windows\System\VObPHkO.exe
  C:\Windows\System\VObPHkO.exe
  2⤵
  PID:7284
- C:\Windows\System\bVLKLYs.exe
  C:\Windows\System\bVLKLYs.exe
  2⤵
  PID:7300
- C:\Windows\System\nzhZtOu.exe
  C:\Windows\System\nzhZtOu.exe
  2⤵
  PID:7316
- C:\Windows\System\QNfbGFE.exe
  C:\Windows\System\QNfbGFE.exe
  2⤵
  PID:7332
- C:\Windows\System\aGUCOOL.exe
  C:\Windows\System\aGUCOOL.exe
  2⤵
  PID:7356
- C:\Windows\System\snHGhlj.exe
  C:\Windows\System\snHGhlj.exe
  2⤵
  PID:7372
- C:\Windows\System\vxiiAyv.exe
  C:\Windows\System\vxiiAyv.exe
  2⤵
  PID:7388
- C:\Windows\System\IGHoHVE.exe
  C:\Windows\System\IGHoHVE.exe
  2⤵
  PID:7404
- C:\Windows\System\MinaTyk.exe
  C:\Windows\System\MinaTyk.exe
  2⤵
  PID:7420
- C:\Windows\System\ZykzMKD.exe
  C:\Windows\System\ZykzMKD.exe
  2⤵
  PID:7436
- C:\Windows\System\PceFFXq.exe
  C:\Windows\System\PceFFXq.exe
  2⤵
  PID:7452
- C:\Windows\System\WObxNQD.exe
  C:\Windows\System\WObxNQD.exe
  2⤵
  PID:7468
- C:\Windows\System\LpsUXXh.exe
  C:\Windows\System\LpsUXXh.exe
  2⤵
  PID:7484
- C:\Windows\System\JlePlWs.exe
  C:\Windows\System\JlePlWs.exe
  2⤵
  PID:7500
- C:\Windows\System\mumoTAc.exe
  C:\Windows\System\mumoTAc.exe
  2⤵
  PID:7516
- C:\Windows\System\UGVGjZi.exe
  C:\Windows\System\UGVGjZi.exe
  2⤵
  PID:7532
- C:\Windows\System\VgnIpdX.exe
  C:\Windows\System\VgnIpdX.exe
  2⤵
  PID:7552
- C:\Windows\System\lgcTpEI.exe
  C:\Windows\System\lgcTpEI.exe
  2⤵
  PID:7568
- C:\Windows\System\KfefmwO.exe
  C:\Windows\System\KfefmwO.exe
  2⤵
  PID:7584
- C:\Windows\System\KAJFTBN.exe
  C:\Windows\System\KAJFTBN.exe
  2⤵
  PID:7600
- C:\Windows\System\ktBSfOW.exe
  C:\Windows\System\ktBSfOW.exe
  2⤵
  PID:7616
- C:\Windows\System\QsyYDvZ.exe
  C:\Windows\System\QsyYDvZ.exe
  2⤵
  PID:7632
- C:\Windows\System\zRFWXaN.exe
  C:\Windows\System\zRFWXaN.exe
  2⤵
  PID:7648
- C:\Windows\System\ZMyvgzY.exe
  C:\Windows\System\ZMyvgzY.exe
  2⤵
  PID:7664
- C:\Windows\System\aqqeyJH.exe
  C:\Windows\System\aqqeyJH.exe
  2⤵
  PID:7680
- C:\Windows\System\FppnWXK.exe
  C:\Windows\System\FppnWXK.exe
  2⤵
  PID:7696
- C:\Windows\System\gQMCmNM.exe
  C:\Windows\System\gQMCmNM.exe
  2⤵
  PID:7712
- C:\Windows\System\aobXqdr.exe
  C:\Windows\System\aobXqdr.exe
  2⤵
  PID:7732
- C:\Windows\System\IGNZpza.exe
  C:\Windows\System\IGNZpza.exe
  2⤵
  PID:7752
- C:\Windows\System\HTsjhQJ.exe
  C:\Windows\System\HTsjhQJ.exe
  2⤵
  PID:7768
- C:\Windows\System\NwVwZmu.exe
  C:\Windows\System\NwVwZmu.exe
  2⤵
  PID:7784
- C:\Windows\System\UnvFyrb.exe
  C:\Windows\System\UnvFyrb.exe
  2⤵
  PID:7800
- C:\Windows\System\JSlRrUi.exe
  C:\Windows\System\JSlRrUi.exe
  2⤵
  PID:7816
- C:\Windows\System\dWbhbWm.exe
  C:\Windows\System\dWbhbWm.exe
  2⤵
  PID:7832
- C:\Windows\System\TkCYoQP.exe
  C:\Windows\System\TkCYoQP.exe
  2⤵
  PID:7848
- C:\Windows\System\sVMAppP.exe
  C:\Windows\System\sVMAppP.exe
  2⤵
  PID:7864
- C:\Windows\System\tiQasXx.exe
  C:\Windows\System\tiQasXx.exe
  2⤵
  PID:7880
- C:\Windows\System\olZTTAN.exe
  C:\Windows\System\olZTTAN.exe
  2⤵
  PID:7896
- C:\Windows\System\fBQomQg.exe
  C:\Windows\System\fBQomQg.exe
  2⤵
  PID:7912
- C:\Windows\System\JoTmBrW.exe
  C:\Windows\System\JoTmBrW.exe
  2⤵
  PID:7928
- C:\Windows\System\lJKCpSn.exe
  C:\Windows\System\lJKCpSn.exe
  2⤵
  PID:7944
- C:\Windows\System\dXVUmpk.exe
  C:\Windows\System\dXVUmpk.exe
  2⤵
  PID:7960
- C:\Windows\System\jCREyCE.exe
  C:\Windows\System\jCREyCE.exe
  2⤵
  PID:7976
- C:\Windows\System\pxphOBx.exe
  C:\Windows\System\pxphOBx.exe
  2⤵
  PID:7992
- C:\Windows\System\fKfimbv.exe
  C:\Windows\System\fKfimbv.exe
  2⤵
  PID:8008
- C:\Windows\System\JvYnmgv.exe
  C:\Windows\System\JvYnmgv.exe
  2⤵
  PID:8024
- C:\Windows\System\JdWTKdm.exe
  C:\Windows\System\JdWTKdm.exe
  2⤵
  PID:8040
- C:\Windows\System\fwiDFmz.exe
  C:\Windows\System\fwiDFmz.exe
  2⤵
  PID:8056
- C:\Windows\System\CZHBMct.exe
  C:\Windows\System\CZHBMct.exe
  2⤵
  PID:8072
- C:\Windows\System\OJfstgG.exe
  C:\Windows\System\OJfstgG.exe
  2⤵
  PID:8088
- C:\Windows\System\UAhfqIQ.exe
  C:\Windows\System\UAhfqIQ.exe
  2⤵
  PID:8104
- C:\Windows\System\tVStkcB.exe
  C:\Windows\System\tVStkcB.exe
  2⤵
  PID:8120
- C:\Windows\System\AQdZBvE.exe
  C:\Windows\System\AQdZBvE.exe
  2⤵
  PID:8144
- C:\Windows\System\wrffglK.exe
  C:\Windows\System\wrffglK.exe
  2⤵
  PID:8160
- C:\Windows\System\mCeTTei.exe
  C:\Windows\System\mCeTTei.exe
  2⤵
  PID:8180
- C:\Windows\System\GgvfHcd.exe
  C:\Windows\System\GgvfHcd.exe
  2⤵
  PID:6496
- C:\Windows\System\PHNSSwi.exe
  C:\Windows\System\PHNSSwi.exe
  2⤵
  PID:7184
- C:\Windows\System\BZGmKmA.exe
  C:\Windows\System\BZGmKmA.exe
  2⤵
  PID:7248
- C:\Windows\System\nHRtlCB.exe
  C:\Windows\System\nHRtlCB.exe
  2⤵
  PID:6720
- C:\Windows\System\KHuhlPD.exe
  C:\Windows\System\KHuhlPD.exe
  2⤵
  PID:7380
- C:\Windows\System\mcAvISJ.exe
  C:\Windows\System\mcAvISJ.exe
  2⤵
  PID:7292
- C:\Windows\System\fsxqRam.exe
  C:\Windows\System\fsxqRam.exe
  2⤵
  PID:6340
- C:\Windows\System\HJjDAqj.exe
  C:\Windows\System\HJjDAqj.exe
  2⤵
  PID:6540
- C:\Windows\System\lnlgUzI.exe
  C:\Windows\System\lnlgUzI.exe
  2⤵
  PID:7260
- C:\Windows\System\JcMOaGz.exe
  C:\Windows\System\JcMOaGz.exe
  2⤵
  PID:7400
- C:\Windows\System\PnkonCi.exe
  C:\Windows\System\PnkonCi.exe
  2⤵
  PID:7480
- C:\Windows\System\whhBrql.exe
  C:\Windows\System\whhBrql.exe
  2⤵
  PID:7528
- C:\Windows\System\XdCZtIp.exe
  C:\Windows\System\XdCZtIp.exe
  2⤵
  PID:7708
- C:\Windows\System\AVdRgls.exe
  C:\Windows\System\AVdRgls.exe
  2⤵
  PID:7672
- C:\Windows\System\IVpbdwh.exe
  C:\Windows\System\IVpbdwh.exe
  2⤵
  PID:7704
- C:\Windows\System\EhHuCAc.exe
  C:\Windows\System\EhHuCAc.exe
  2⤵
  PID:7776
- C:\Windows\System\CnnVWxV.exe
  C:\Windows\System\CnnVWxV.exe
  2⤵
  PID:7812
- C:\Windows\System\nkDWNRk.exe
  C:\Windows\System\nkDWNRk.exe
  2⤵
  PID:7904
- C:\Windows\System\cKmQMAS.exe
  C:\Windows\System\cKmQMAS.exe
  2⤵
  PID:7968
- C:\Windows\System\hRofyPX.exe
  C:\Windows\System\hRofyPX.exe
  2⤵
  PID:8004
- C:\Windows\System\eRaLoof.exe
  C:\Windows\System\eRaLoof.exe
  2⤵
  PID:8068
- C:\Windows\System\sZsWHML.exe
  C:\Windows\System\sZsWHML.exe
  2⤵
  PID:8136
- C:\Windows\System\oOXNXBu.exe
  C:\Windows\System\oOXNXBu.exe
  2⤵
  PID:8172
- C:\Windows\System\sPOuEMx.exe
  C:\Windows\System\sPOuEMx.exe
  2⤵
  PID:6512
- C:\Windows\System\fLFCkrh.exe
  C:\Windows\System\fLFCkrh.exe
  2⤵
  PID:7560
- C:\Windows\System\BpOHVFe.exe
  C:\Windows\System\BpOHVFe.exe
  2⤵
  PID:7624
- C:\Windows\System\ZYxgsXH.exe
  C:\Windows\System\ZYxgsXH.exe
  2⤵
  PID:7688
- C:\Windows\System\hMGfvSd.exe
  C:\Windows\System\hMGfvSd.exe
  2⤵
  PID:7728
- C:\Windows\System\mQTIIrp.exe
  C:\Windows\System\mQTIIrp.exe
  2⤵
  PID:8084
- C:\Windows\System\DndcPmj.exe
  C:\Windows\System\DndcPmj.exe
  2⤵
  PID:8188
- C:\Windows\System\nqUiAaM.exe
  C:\Windows\System\nqUiAaM.exe
  2⤵
  PID:7312
- C:\Windows\System\bgyJpZL.exe
  C:\Windows\System\bgyJpZL.exe
  2⤵
  PID:7764
- C:\Windows\System\MnHzcch.exe
  C:\Windows\System\MnHzcch.exe
  2⤵
  PID:8016
- C:\Windows\System\WBMrlft.exe
  C:\Windows\System\WBMrlft.exe
  2⤵
  PID:7860
- C:\Windows\System\aaGmIot.exe
  C:\Windows\System\aaGmIot.exe
  2⤵
  PID:7952
- C:\Windows\System\QIlWlrV.exe
  C:\Windows\System\QIlWlrV.exe
  2⤵
  PID:7228
- C:\Windows\System\gdCLgSc.exe
  C:\Windows\System\gdCLgSc.exe
  2⤵
  PID:8116
- C:\Windows\System\wuNTQzU.exe
  C:\Windows\System\wuNTQzU.exe
  2⤵
  PID:7352
- C:\Windows\System\IQBpyCL.exe
  C:\Windows\System\IQBpyCL.exe
  2⤵
  PID:7396
- C:\Windows\System\lXtntib.exe
  C:\Windows\System\lXtntib.exe
  2⤵
  PID:7496
- C:\Windows\System\hfXnlyC.exe
  C:\Windows\System\hfXnlyC.exe
  2⤵
  PID:7464
- C:\Windows\System\HkvehcN.exe
  C:\Windows\System\HkvehcN.exe
  2⤵
  PID:7748
- C:\Windows\System\WDKDgYs.exe
  C:\Windows\System\WDKDgYs.exe
  2⤵
  PID:7876
- C:\Windows\System\PwoTCjQ.exe
  C:\Windows\System\PwoTCjQ.exe
  2⤵
  PID:8132
- C:\Windows\System\rUmyJNM.exe
  C:\Windows\System\rUmyJNM.exe
  2⤵
  PID:7780
- C:\Windows\System\YVYyQXS.exe
  C:\Windows\System\YVYyQXS.exe
  2⤵
  PID:7364
- C:\Windows\System\MnOIpUb.exe
  C:\Windows\System\MnOIpUb.exe
  2⤵
  PID:7828
- C:\Windows\System\RUwUCpt.exe
  C:\Windows\System\RUwUCpt.exe
  2⤵
  PID:7324
- C:\Windows\System\LDUmYia.exe
  C:\Windows\System\LDUmYia.exe
  2⤵
  PID:7512
- C:\Windows\System\NqJJsKH.exe
  C:\Windows\System\NqJJsKH.exe
  2⤵
  PID:7216
- C:\Windows\System\mEfSNAk.exe
  C:\Windows\System\mEfSNAk.exe
  2⤵
  PID:7548
- C:\Windows\System\WTrCBjS.exe
  C:\Windows\System\WTrCBjS.exe
  2⤵
  PID:7724
- C:\Windows\System\geZCLnc.exe
  C:\Windows\System\geZCLnc.exe
  2⤵
  PID:7808
- C:\Windows\System\jQheSfr.exe
  C:\Windows\System\jQheSfr.exe
  2⤵
  PID:8156
- C:\Windows\System\LGTTwGT.exe
  C:\Windows\System\LGTTwGT.exe
  2⤵
  PID:8064
- C:\Windows\System\donWSYR.exe
  C:\Windows\System\donWSYR.exe
  2⤵
  PID:8168
- C:\Windows\System\zUuHsoC.exe
  C:\Windows\System\zUuHsoC.exe
  2⤵
  PID:8080
- C:\Windows\System\IfHejVC.exe
  C:\Windows\System\IfHejVC.exe
  2⤵
  PID:7892
- C:\Windows\System\mRjxiyw.exe
  C:\Windows\System\mRjxiyw.exe
  2⤵
  PID:7280
- C:\Windows\System\rMuCeFC.exe
  C:\Windows\System\rMuCeFC.exe
  2⤵
  PID:7448
- C:\Windows\System\RcfQOqI.exe
  C:\Windows\System\RcfQOqI.exe
  2⤵
  PID:7544
- C:\Windows\System\UroDXIK.exe
  C:\Windows\System\UroDXIK.exe
  2⤵
  PID:7984
- C:\Windows\System\heNhPFS.exe
  C:\Windows\System\heNhPFS.exe
  2⤵
  PID:7988
- C:\Windows\System\jIOdyIQ.exe
  C:\Windows\System\jIOdyIQ.exe
  2⤵
  PID:7760
- C:\Windows\System\chjaHck.exe
  C:\Windows\System\chjaHck.exe
  2⤵
  PID:8036
- C:\Windows\System\gseCfjg.exe
  C:\Windows\System\gseCfjg.exe
  2⤵
  PID:8208
- C:\Windows\System\AIgeUFQ.exe
  C:\Windows\System\AIgeUFQ.exe
  2⤵
  PID:8224
- C:\Windows\System\IIeWbwH.exe
  C:\Windows\System\IIeWbwH.exe
  2⤵
  PID:8240
- C:\Windows\System\uBWHWaF.exe
  C:\Windows\System\uBWHWaF.exe
  2⤵
  PID:8256
- C:\Windows\System\VuvcrYx.exe
  C:\Windows\System\VuvcrYx.exe
  2⤵
  PID:8272
- C:\Windows\System\AjszujL.exe
  C:\Windows\System\AjszujL.exe
  2⤵
  PID:8288
- C:\Windows\System\Vuscjla.exe
  C:\Windows\System\Vuscjla.exe
  2⤵
  PID:8304
- C:\Windows\System\PzILprH.exe
  C:\Windows\System\PzILprH.exe
  2⤵
  PID:8320
- C:\Windows\System\xjLYkXo.exe
  C:\Windows\System\xjLYkXo.exe
  2⤵
  PID:8336
- C:\Windows\System\dbSCBwD.exe
  C:\Windows\System\dbSCBwD.exe
  2⤵
  PID:8352
- C:\Windows\System\TvYGNHp.exe
  C:\Windows\System\TvYGNHp.exe
  2⤵
  PID:8368
- C:\Windows\System\vWHDmIk.exe
  C:\Windows\System\vWHDmIk.exe
  2⤵
  PID:8384
- C:\Windows\System\EUhReuL.exe
  C:\Windows\System\EUhReuL.exe
  2⤵
  PID:8400
- C:\Windows\System\azCwGxc.exe
  C:\Windows\System\azCwGxc.exe
  2⤵
  PID:8416
- C:\Windows\System\KHaZiBF.exe
  C:\Windows\System\KHaZiBF.exe
  2⤵
  PID:8432
- C:\Windows\System\LovYGjF.exe
  C:\Windows\System\LovYGjF.exe
  2⤵
  PID:8452
- C:\Windows\System\HMslFlX.exe
  C:\Windows\System\HMslFlX.exe
  2⤵
  PID:8468
- C:\Windows\System\TNskWRE.exe
  C:\Windows\System\TNskWRE.exe
  2⤵
  PID:8484
- C:\Windows\System\WyCNAde.exe
  C:\Windows\System\WyCNAde.exe
  2⤵
  PID:8500
- C:\Windows\System\PDrlpBj.exe
  C:\Windows\System\PDrlpBj.exe
  2⤵
  PID:8516
- C:\Windows\System\kaVlLEq.exe
  C:\Windows\System\kaVlLEq.exe
  2⤵
  PID:8532
- C:\Windows\System\hGIHlOx.exe
  C:\Windows\System\hGIHlOx.exe
  2⤵
  PID:8548
- C:\Windows\System\SDNiAkm.exe
  C:\Windows\System\SDNiAkm.exe
  2⤵
  PID:8564
- C:\Windows\System\kcBCqeR.exe
  C:\Windows\System\kcBCqeR.exe
  2⤵
  PID:8580
- C:\Windows\System\NEKlExQ.exe
  C:\Windows\System\NEKlExQ.exe
  2⤵
  PID:8596
- C:\Windows\System\OLcoeWN.exe
  C:\Windows\System\OLcoeWN.exe
  2⤵
  PID:8612
- C:\Windows\System\zfddkOi.exe
  C:\Windows\System\zfddkOi.exe
  2⤵
  PID:8628
- C:\Windows\System\feGGvGH.exe
  C:\Windows\System\feGGvGH.exe
  2⤵
  PID:8644
- C:\Windows\System\hqkDXxl.exe
  C:\Windows\System\hqkDXxl.exe
  2⤵
  PID:8660
- C:\Windows\System\RViRJLQ.exe
  C:\Windows\System\RViRJLQ.exe
  2⤵
  PID:8676
- C:\Windows\System\MJdfNfh.exe
  C:\Windows\System\MJdfNfh.exe
  2⤵
  PID:8692
- C:\Windows\System\yidLMOa.exe
  C:\Windows\System\yidLMOa.exe
  2⤵
  PID:8708
- C:\Windows\System\zZUfrmT.exe
  C:\Windows\System\zZUfrmT.exe
  2⤵
  PID:8724
- C:\Windows\System\DnUctFL.exe
  C:\Windows\System\DnUctFL.exe
  2⤵
  PID:8744
- C:\Windows\System\ehVAdaD.exe
  C:\Windows\System\ehVAdaD.exe
  2⤵
  PID:8760
- C:\Windows\System\XUWXYro.exe
  C:\Windows\System\XUWXYro.exe
  2⤵
  PID:8776
- C:\Windows\System\mjRqzFc.exe
  C:\Windows\System\mjRqzFc.exe
  2⤵
  PID:8792
- C:\Windows\System\cUFMsBO.exe
  C:\Windows\System\cUFMsBO.exe
  2⤵
  PID:8808
- C:\Windows\System\OkShvST.exe
  C:\Windows\System\OkShvST.exe
  2⤵
  PID:8824
- C:\Windows\System\fbCHdfF.exe
  C:\Windows\System\fbCHdfF.exe
  2⤵
  PID:8840
- C:\Windows\System\xZHqiUz.exe
  C:\Windows\System\xZHqiUz.exe
  2⤵
  PID:8856
- C:\Windows\System\ASPwDyJ.exe
  C:\Windows\System\ASPwDyJ.exe
  2⤵
  PID:8872
- C:\Windows\System\ygVDMQX.exe
  C:\Windows\System\ygVDMQX.exe
  2⤵
  PID:8888
- C:\Windows\System\nJSPshz.exe
  C:\Windows\System\nJSPshz.exe
  2⤵
  PID:8904
- C:\Windows\System\FZniFlG.exe
  C:\Windows\System\FZniFlG.exe
  2⤵
  PID:8920
- C:\Windows\System\kZzjVej.exe
  C:\Windows\System\kZzjVej.exe
  2⤵
  PID:8936
- C:\Windows\System\vVSyIri.exe
  C:\Windows\System\vVSyIri.exe
  2⤵
  PID:8952
- C:\Windows\System\YWyXDwh.exe
  C:\Windows\System\YWyXDwh.exe
  2⤵
  PID:8968
- C:\Windows\System\pFpYyNK.exe
  C:\Windows\System\pFpYyNK.exe
  2⤵
  PID:8984
- C:\Windows\System\LsigzrY.exe
  C:\Windows\System\LsigzrY.exe
  2⤵
  PID:9000
- C:\Windows\System\MVghtiC.exe
  C:\Windows\System\MVghtiC.exe
  2⤵
  PID:9016
- C:\Windows\System\TZvVsmJ.exe
  C:\Windows\System\TZvVsmJ.exe
  2⤵
  PID:9032
- C:\Windows\System\eSbYSSB.exe
  C:\Windows\System\eSbYSSB.exe
  2⤵
  PID:9048
- C:\Windows\System\zQCJbaZ.exe
  C:\Windows\System\zQCJbaZ.exe
  2⤵
  PID:9064
- C:\Windows\System\eBKhtKj.exe
  C:\Windows\System\eBKhtKj.exe
  2⤵
  PID:9080
- C:\Windows\System\OtyHEAP.exe
  C:\Windows\System\OtyHEAP.exe
  2⤵
  PID:9096
- C:\Windows\System\jnQFNPi.exe
  C:\Windows\System\jnQFNPi.exe
  2⤵
  PID:9112
- C:\Windows\System\nmcVhxi.exe
  C:\Windows\System\nmcVhxi.exe
  2⤵
  PID:9128
- C:\Windows\System\UgnGkNd.exe
  C:\Windows\System\UgnGkNd.exe
  2⤵
  PID:9144
- C:\Windows\System\imFKnBr.exe
  C:\Windows\System\imFKnBr.exe
  2⤵
  PID:9160
- C:\Windows\System\vVbHqcR.exe
  C:\Windows\System\vVbHqcR.exe
  2⤵
  PID:9176
- C:\Windows\System\oVXBvzn.exe
  C:\Windows\System\oVXBvzn.exe
  2⤵
  PID:9192
- C:\Windows\System\EIQGzLW.exe
  C:\Windows\System\EIQGzLW.exe
  2⤵
  PID:9208
- C:\Windows\System\peiVAmo.exe
  C:\Windows\System\peiVAmo.exe
  2⤵
  PID:7872
- C:\Windows\System\pghCyFC.exe
  C:\Windows\System\pghCyFC.exe
  2⤵
  PID:8232
- C:\Windows\System\QVDagBY.exe
  C:\Windows\System\QVDagBY.exe
  2⤵
  PID:8052
- C:\Windows\System\sQLpJBO.exe
  C:\Windows\System\sQLpJBO.exe
  2⤵
  PID:8268
- C:\Windows\System\AuHNpNr.exe
  C:\Windows\System\AuHNpNr.exe
  2⤵
  PID:8100
- C:\Windows\System\LVYynNs.exe
  C:\Windows\System\LVYynNs.exe
  2⤵
  PID:7412
- C:\Windows\System\XZSYspt.exe
  C:\Windows\System\XZSYspt.exe
  2⤵
  PID:8216
- C:\Windows\System\kUPAdPg.exe
  C:\Windows\System\kUPAdPg.exe
  2⤵
  PID:8312
- C:\Windows\System\LyrHshk.exe
  C:\Windows\System\LyrHshk.exe
  2⤵
  PID:8364
- C:\Windows\System\lBQORtg.exe
  C:\Windows\System\lBQORtg.exe
  2⤵
  PID:8428
- C:\Windows\System\LJOOGxJ.exe
  C:\Windows\System\LJOOGxJ.exe
  2⤵
  PID:8380
- C:\Windows\System\glzprHD.exe
  C:\Windows\System\glzprHD.exe
  2⤵
  PID:8448
- C:\Windows\System\zOyMrTo.exe
  C:\Windows\System\zOyMrTo.exe
  2⤵
  PID:8444
- C:\Windows\System\fvwitlD.exe
  C:\Windows\System\fvwitlD.exe
  2⤵
  PID:8524
- C:\Windows\System\vZqHUEF.exe
  C:\Windows\System\vZqHUEF.exe
  2⤵
  PID:8512
- C:\Windows\System\YDPzyHJ.exe
  C:\Windows\System\YDPzyHJ.exe
  2⤵
  PID:8588
- C:\Windows\System\nFePuke.exe
  C:\Windows\System\nFePuke.exe
  2⤵
  PID:8656
- C:\Windows\System\PmvTjwG.exe
  C:\Windows\System\PmvTjwG.exe
  2⤵
  PID:8716
- C:\Windows\System\LFRXrrO.exe
  C:\Windows\System\LFRXrrO.exe
  2⤵
  PID:7348
- C:\Windows\System\FIHtaRu.exe
  C:\Windows\System\FIHtaRu.exe
  2⤵
  PID:8576
- C:\Windows\System\MrxWFiz.exe
  C:\Windows\System\MrxWFiz.exe
  2⤵
  PID:8608
- C:\Windows\System\KOkaXhL.exe
  C:\Windows\System\KOkaXhL.exe
  2⤵
  PID:8756
- C:\Windows\System\tbwDwii.exe
  C:\Windows\System\tbwDwii.exe
  2⤵
  PID:8788
- C:\Windows\System\FxZqqNS.exe
  C:\Windows\System\FxZqqNS.exe
  2⤵
  PID:8804
- C:\Windows\System\QdZnYnH.exe
  C:\Windows\System\QdZnYnH.exe
  2⤵
  PID:8836
- C:\Windows\System\CRkuBQq.exe
  C:\Windows\System\CRkuBQq.exe
  2⤵
  PID:8864
- C:\Windows\System\HTEHOgH.exe
  C:\Windows\System\HTEHOgH.exe
  2⤵
  PID:8916
- C:\Windows\System\zlwHmFk.exe
  C:\Windows\System\zlwHmFk.exe
  2⤵
  PID:8980
- C:\Windows\System\cjDYBAK.exe
  C:\Windows\System\cjDYBAK.exe
  2⤵
  PID:9044
- C:\Windows\System\pEiLwlh.exe
  C:\Windows\System\pEiLwlh.exe
  2⤵
  PID:8992
- C:\Windows\System\mwTRLti.exe
  C:\Windows\System\mwTRLti.exe
  2⤵
  PID:8928
- C:\Windows\System\uYCYAuy.exe
  C:\Windows\System\uYCYAuy.exe
  2⤵
  PID:8996
- C:\Windows\System\ShGpxDC.exe
  C:\Windows\System\ShGpxDC.exe
  2⤵
  PID:9092
- C:\Windows\System\ZIxyTkF.exe
  C:\Windows\System\ZIxyTkF.exe
  2⤵
  PID:9140
- C:\Windows\System\BxUtRbk.exe
  C:\Windows\System\BxUtRbk.exe
  2⤵
  PID:8200
- C:\Windows\System\HteXyMf.exe
  C:\Windows\System\HteXyMf.exe
  2⤵
  PID:9184
- C:\Windows\System\bSghiQb.exe
  C:\Windows\System\bSghiQb.exe
  2⤵
  PID:7656
- C:\Windows\System\fwNLaxB.exe
  C:\Windows\System\fwNLaxB.exe
  2⤵
  PID:7720
- C:\Windows\System\XVNkWPY.exe
  C:\Windows\System\XVNkWPY.exe
  2⤵
  PID:8248
- C:\Windows\System\DAuzkDD.exe
  C:\Windows\System\DAuzkDD.exe
  2⤵
  PID:6816
- C:\Windows\System\peIjZuP.exe
  C:\Windows\System\peIjZuP.exe
  2⤵
  PID:8396
- C:\Windows\System\wXFNuXW.exe
  C:\Windows\System\wXFNuXW.exe
  2⤵
  PID:8344
- C:\Windows\System\mfGwpba.exe
  C:\Windows\System\mfGwpba.exe
  2⤵
  PID:7924
- C:\Windows\System\XwKAXuo.exe
  C:\Windows\System\XwKAXuo.exe
  2⤵
  PID:8508
- C:\Windows\System\vAPMWsn.exe
  C:\Windows\System\vAPMWsn.exe
  2⤵
  PID:8688
- C:\Windows\System\JozPuRL.exe
  C:\Windows\System\JozPuRL.exe
  2⤵
  PID:8672
- C:\Windows\System\mPzeNuF.exe
  C:\Windows\System\mPzeNuF.exe
  2⤵
  PID:8880
- C:\Windows\System\uVZIMxK.exe
  C:\Windows\System\uVZIMxK.exe
  2⤵
  PID:9076
- C:\Windows\System\HVeVITV.exe
  C:\Windows\System\HVeVITV.exe
  2⤵
  PID:9136
- C:\Windows\System\yTnqaRE.exe
  C:\Windows\System\yTnqaRE.exe
  2⤵
  PID:9012
- C:\Windows\System\uJcRPXo.exe
  C:\Windows\System\uJcRPXo.exe
  2⤵
  PID:9172
- C:\Windows\System\lqGpqjv.exe
  C:\Windows\System\lqGpqjv.exe
  2⤵
  PID:9040
- C:\Windows\System\zaGvDFH.exe
  C:\Windows\System\zaGvDFH.exe
  2⤵
  PID:8704
- C:\Windows\System\wVQvfqs.exe
  C:\Windows\System\wVQvfqs.exe
  2⤵
  PID:8896
- C:\Windows\System\ePgfqpI.exe
  C:\Windows\System\ePgfqpI.exe
  2⤵
  PID:9124
- C:\Windows\System\AcvSfAq.exe
  C:\Windows\System\AcvSfAq.exe
  2⤵
  PID:7936
- C:\Windows\System\ryuxFbi.exe
  C:\Windows\System\ryuxFbi.exe
  2⤵
  PID:8348
- C:\Windows\System\qVLgWNq.exe
  C:\Windows\System\qVLgWNq.exe
  2⤵
  PID:8376
- C:\Windows\System\NqUwvEw.exe
  C:\Windows\System\NqUwvEw.exe
  2⤵
  PID:8668
- C:\Windows\System\AQYzqqj.exe
  C:\Windows\System\AQYzqqj.exe
  2⤵
  PID:8684
- C:\Windows\System\YJZfegp.exe
  C:\Windows\System\YJZfegp.exe
  2⤵
  PID:8912
- C:\Windows\System\dDRwNtx.exe
  C:\Windows\System\dDRwNtx.exe
  2⤵
  PID:9108
- C:\Windows\System\icUKbLK.exe
  C:\Windows\System\icUKbLK.exe
  2⤵
  PID:8572
- C:\Windows\System\uFMXjKL.exe
  C:\Windows\System\uFMXjKL.exe
  2⤵
  PID:9188
- C:\Windows\System\NLgFdiT.exe
  C:\Windows\System\NLgFdiT.exe
  2⤵
  PID:8460
- C:\Windows\System\rJJQfkM.exe
  C:\Windows\System\rJJQfkM.exe
  2⤵
  PID:8640
- C:\Windows\System\YRDQLMA.exe
  C:\Windows\System\YRDQLMA.exe
  2⤵
  PID:8884
- C:\Windows\System\WonUoIC.exe
  C:\Windows\System\WonUoIC.exe
  2⤵
  PID:9200
- C:\Windows\System\mMmhzoo.exe
  C:\Windows\System\mMmhzoo.exe
  2⤵
  PID:8740
- C:\Windows\System\rjCVjls.exe
  C:\Windows\System\rjCVjls.exe
  2⤵
  PID:8784
- C:\Windows\System\NwQTOqd.exe
  C:\Windows\System\NwQTOqd.exe
  2⤵
  PID:8560
- C:\Windows\System\ogLDllK.exe
  C:\Windows\System\ogLDllK.exe
  2⤵
  PID:8236
- C:\Windows\System\OrREKJC.exe
  C:\Windows\System\OrREKJC.exe
  2⤵
  PID:9220
- C:\Windows\System\Gwmvwfs.exe
  C:\Windows\System\Gwmvwfs.exe
  2⤵
  PID:9236
- C:\Windows\System\mVsOWDl.exe
  C:\Windows\System\mVsOWDl.exe
  2⤵
  PID:9252
- C:\Windows\System\poioWZX.exe
  C:\Windows\System\poioWZX.exe
  2⤵
  PID:9268
- C:\Windows\System\IlOXhDX.exe
  C:\Windows\System\IlOXhDX.exe
  2⤵
  PID:9284
- C:\Windows\System\UHzgsuF.exe
  C:\Windows\System\UHzgsuF.exe
  2⤵
  PID:9300
- C:\Windows\System\urGnfpn.exe
  C:\Windows\System\urGnfpn.exe
  2⤵
  PID:9316
- C:\Windows\System\HONEPYi.exe
  C:\Windows\System\HONEPYi.exe
  2⤵
  PID:9332
- C:\Windows\System\GCUcqTh.exe
  C:\Windows\System\GCUcqTh.exe
  2⤵
  PID:9360
- C:\Windows\System\cvsddkd.exe
  C:\Windows\System\cvsddkd.exe
  2⤵
  PID:9384
- C:\Windows\System\cULBnoX.exe
  C:\Windows\System\cULBnoX.exe
  2⤵
  PID:9416
- C:\Windows\System\vNYuREo.exe
  C:\Windows\System\vNYuREo.exe
  2⤵
  PID:9444
- C:\Windows\System\GxxuHTe.exe
  C:\Windows\System\GxxuHTe.exe
  2⤵
  PID:9460
- C:\Windows\System\bDcDRVx.exe
  C:\Windows\System\bDcDRVx.exe
  2⤵
  PID:9476
- C:\Windows\System\McYQIDE.exe
  C:\Windows\System\McYQIDE.exe
  2⤵
  PID:9496
- C:\Windows\System\VZOtLha.exe
  C:\Windows\System\VZOtLha.exe
  2⤵
  PID:9512
- C:\Windows\System\GKQOrTj.exe
  C:\Windows\System\GKQOrTj.exe
  2⤵
  PID:9536
- C:\Windows\System\nFYbhAw.exe
  C:\Windows\System\nFYbhAw.exe
  2⤵
  PID:9552
- C:\Windows\System\dCiqivx.exe
  C:\Windows\System\dCiqivx.exe
  2⤵
  PID:9568
- C:\Windows\System\qzjrotg.exe
  C:\Windows\System\qzjrotg.exe
  2⤵
  PID:9584
- C:\Windows\System\qRuJKPI.exe
  C:\Windows\System\qRuJKPI.exe
  2⤵
  PID:9600
- C:\Windows\System\QzIQtwW.exe
  C:\Windows\System\QzIQtwW.exe
  2⤵
  PID:9616
- C:\Windows\System\pHMnCiy.exe
  C:\Windows\System\pHMnCiy.exe
  2⤵
  PID:9632
- C:\Windows\System\UNZEKFw.exe
  C:\Windows\System\UNZEKFw.exe
  2⤵
  PID:9648
- C:\Windows\System\JMiofPn.exe
  C:\Windows\System\JMiofPn.exe
  2⤵
  PID:9664
- C:\Windows\System\XtYIqfT.exe
  C:\Windows\System\XtYIqfT.exe
  2⤵
  PID:9680
- C:\Windows\System\kptdjZW.exe
  C:\Windows\System\kptdjZW.exe
  2⤵
  PID:9700
- C:\Windows\System\bmRfrYA.exe
  C:\Windows\System\bmRfrYA.exe
  2⤵
  PID:9716
- C:\Windows\System\rWwDLVL.exe
  C:\Windows\System\rWwDLVL.exe
  2⤵
  PID:9732
- C:\Windows\System\CMAZnoQ.exe
  C:\Windows\System\CMAZnoQ.exe
  2⤵
  PID:9748
- C:\Windows\System\Yylhlje.exe
  C:\Windows\System\Yylhlje.exe
  2⤵
  PID:9764
- C:\Windows\System\FtXLQXn.exe
  C:\Windows\System\FtXLQXn.exe
  2⤵
  PID:9780
- C:\Windows\System\dDnNvrK.exe
  C:\Windows\System\dDnNvrK.exe
  2⤵
  PID:9796
- C:\Windows\System\goIXljz.exe
  C:\Windows\System\goIXljz.exe
  2⤵
  PID:9812
- C:\Windows\System\ZnjEGln.exe
  C:\Windows\System\ZnjEGln.exe
  2⤵
  PID:9828
- C:\Windows\System\TAjeizj.exe
  C:\Windows\System\TAjeizj.exe
  2⤵
  PID:9844
- C:\Windows\System\wderaIN.exe
  C:\Windows\System\wderaIN.exe
  2⤵
  PID:9864
- C:\Windows\System\IjiiEIu.exe
  C:\Windows\System\IjiiEIu.exe
  2⤵
  PID:9880
- C:\Windows\System\zJvruNY.exe
  C:\Windows\System\zJvruNY.exe
  2⤵
  PID:9896
- C:\Windows\System\ZmGNvWO.exe
  C:\Windows\System\ZmGNvWO.exe
  2⤵
  PID:9912
- C:\Windows\System\EcHkNdm.exe
  C:\Windows\System\EcHkNdm.exe
  2⤵
  PID:9928
- C:\Windows\System\PyefYdb.exe
  C:\Windows\System\PyefYdb.exe
  2⤵
  PID:9948
- C:\Windows\System\RZfECjD.exe
  C:\Windows\System\RZfECjD.exe
  2⤵
  PID:9972
- C:\Windows\System\IsifEPu.exe
  C:\Windows\System\IsifEPu.exe
  2⤵
  PID:9988
- C:\Windows\System\bFzFhEI.exe
  C:\Windows\System\bFzFhEI.exe
  2⤵
  PID:10004
- C:\Windows\System\skuLYNC.exe
  C:\Windows\System\skuLYNC.exe
  2⤵
  PID:10024
- C:\Windows\System\oCZiixN.exe
  C:\Windows\System\oCZiixN.exe
  2⤵
  PID:10044
- C:\Windows\System\SZWGLDD.exe
  C:\Windows\System\SZWGLDD.exe
  2⤵
  PID:10060
- C:\Windows\System\qPFgewi.exe
  C:\Windows\System\qPFgewi.exe
  2⤵
  PID:10080
- C:\Windows\System\dlHOdXN.exe
  C:\Windows\System\dlHOdXN.exe
  2⤵
  PID:10100
- C:\Windows\System\LssSHju.exe
  C:\Windows\System\LssSHju.exe
  2⤵
  PID:10128
- C:\Windows\System\SJdekeF.exe
  C:\Windows\System\SJdekeF.exe
  2⤵
  PID:10156
- C:\Windows\System\ODGosrv.exe
  C:\Windows\System\ODGosrv.exe
  2⤵
  PID:10176
- C:\Windows\System\JOjBhRH.exe
  C:\Windows\System\JOjBhRH.exe
  2⤵
  PID:10192
- C:\Windows\System\SPFAQNX.exe
  C:\Windows\System\SPFAQNX.exe
  2⤵
  PID:10208
- C:\Windows\System\IqxKWIA.exe
  C:\Windows\System\IqxKWIA.exe
  2⤵
  PID:10224
- C:\Windows\System\LsDHbsj.exe
  C:\Windows\System\LsDHbsj.exe
  2⤵
  PID:8652
- C:\Windows\System\RNjSzOh.exe
  C:\Windows\System\RNjSzOh.exe
  2⤵
  PID:9248
- C:\Windows\System\xSWSkEf.exe
  C:\Windows\System\xSWSkEf.exe
  2⤵
  PID:9296
- C:\Windows\System\DdaVTtd.exe
  C:\Windows\System\DdaVTtd.exe
  2⤵
  PID:9312
- C:\Windows\System\INyEXjC.exe
  C:\Windows\System\INyEXjC.exe
  2⤵
  PID:9328
- C:\Windows\System\yijJLOd.exe
  C:\Windows\System\yijJLOd.exe
  2⤵
  PID:9376
- C:\Windows\System\lTBjFxn.exe
  C:\Windows\System\lTBjFxn.exe
  2⤵
  PID:9392
- C:\Windows\System\IfxhkcL.exe
  C:\Windows\System\IfxhkcL.exe
  2⤵
  PID:9408
- C:\Windows\System\vXwWGbO.exe
  C:\Windows\System\vXwWGbO.exe
  2⤵
  PID:9484
- C:\Windows\System\IKKbyNz.exe
  C:\Windows\System\IKKbyNz.exe
  2⤵
  PID:9528
- C:\Windows\System\tAjNcta.exe
  C:\Windows\System\tAjNcta.exe
  2⤵
  PID:9564
- C:\Windows\System\AiMhaVo.exe
  C:\Windows\System\AiMhaVo.exe
  2⤵
  PID:9436
- C:\Windows\System\JxwebDm.exe
  C:\Windows\System\JxwebDm.exe
  2⤵
  PID:9580
- C:\Windows\System\giqfwyh.exe
  C:\Windows\System\giqfwyh.exe
  2⤵
  PID:9672
- C:\Windows\System\YFWBylL.exe
  C:\Windows\System\YFWBylL.exe
  2⤵
  PID:9708
- C:\Windows\System\DScJMiJ.exe
  C:\Windows\System\DScJMiJ.exe
  2⤵
  PID:9744
- C:\Windows\System\XvWGDPZ.exe
  C:\Windows\System\XvWGDPZ.exe
  2⤵
  PID:9804
- C:\Windows\System\qxOlsXP.exe
  C:\Windows\System\qxOlsXP.exe
  2⤵
  PID:9872
- C:\Windows\System\VlnCtWY.exe
  C:\Windows\System\VlnCtWY.exe
  2⤵
  PID:9956
- C:\Windows\System\grsEdks.exe
  C:\Windows\System\grsEdks.exe
  2⤵
  PID:9656
- C:\Windows\System\VSnxQop.exe
  C:\Windows\System\VSnxQop.exe
  2⤵
  PID:9688
- C:\Windows\System\GcPOWjh.exe
  C:\Windows\System\GcPOWjh.exe
  2⤵
  PID:9944
- C:\Windows\System\hBjWAnk.exe
  C:\Windows\System\hBjWAnk.exe
  2⤵
  PID:10016
- C:\Windows\System\WXVvDWV.exe
  C:\Windows\System\WXVvDWV.exe
  2⤵
  PID:9964
- C:\Windows\System\LfPBONM.exe
  C:\Windows\System\LfPBONM.exe
  2⤵
  PID:9612
- C:\Windows\System\ByhLrIi.exe
  C:\Windows\System\ByhLrIi.exe
  2⤵
  PID:9756
- C:\Windows\System\vbazjaG.exe
  C:\Windows\System\vbazjaG.exe
  2⤵
  PID:9824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BGxISGr.exe

Filesize
6.0MB

MD5
8d4af56cb6fe023c9b66e18283e8325e

SHA1
fead31fa1b3cc96bdb02cfc3d6d70093f4e0aefb

SHA256
3355c7c00561610735cfe8cf52a18de9da14453e27b42bd59555517ed8bf5274

SHA512
bdb2b5eb8fd6e8f757d6811ca9013c3e8052d4c579448ec06540ccae67f6e801f314b246cceba65d687653a59a09db9a1707e70a6d60a2e1224ec43d90ccf8f2

Download Submit
C:\Windows\system\DkyNLRf.exe

Filesize
6.0MB

MD5
fd25380a2944b292e810ea52ff2faf5d

SHA1
3fed3365386046d10a9410fb4bc0156d877ea524

SHA256
1bcd4ff299a534fde5ce9271aba73599d1252b1dbbe58a65d7107b4c1ea9784c

SHA512
9736bb46874c7bdf8836c0715e5da33ac9a40ffec92a7d912fddfe834c52adc3965edbcf1e3b203d69f584a5260ab997cdef1c34bb0ae3f816752ccfa8f83486

Download Submit
C:\Windows\system\DzLjNeE.exe

Filesize
6.0MB

MD5
87b488599d0b05881b412aa8a74c5f3d

SHA1
713793803024688ec03162a1f68d7cd2690f0b2d

SHA256
cb3f52cff50d1cbf68f03ea0989dd9d8b35838bea54680291b71062ca36dbb70

SHA512
8423403b7c1df7b96ba04d69b420a9b504e1d87c3b45da546dd4ae2b951a370d5f4e2cc5448d5b21ba08aa6356262001d14d34744b9f8f8ceb0455596117fa9f

Download Submit
C:\Windows\system\EzNxufi.exe

Filesize
6.0MB

MD5
4f47565a5c2c169d104080ffce8c4ed1

SHA1
7c905a41fe371a579a576ca55afdc84433c4bed7

SHA256
64489491b2ba77dcb3b7c73209e6cfc6592d10412d97d5d152a4fc1030a10b4c

SHA512
32ddfa98e3fc5d71fe8eb208bbd2d6ac1ef09b6833f00003f60df9317408d9ae774931e6ecc907da4d4e0ca8bda552293ac0fbbc6c4637f32f9e75348b2a27ef

Download Submit
C:\Windows\system\GhpJJso.exe

Filesize
6.0MB

MD5
dad3d0dc1f08eba67d502f9216f59bb0

SHA1
6dbca0b065d2ff1ad4115734c8493f89fcb61d3c

SHA256
4e589663e2d6ec1928cbec2225f816ec346d8e6db7a221dab2412e40d8865a6d

SHA512
73204f3c3bb151af9f2ec5a9f05796bfa7d66b0023a3cd80d8f4c335b08d2f6c62c20f66361f91d3281184cdc6fe73f7b38c8f994a0a4e979fcfabdb6c442afd

Download Submit
C:\Windows\system\GjxPAzG.exe

Filesize
6.0MB

MD5
b86580b76d03dada00586a6616d008da

SHA1
0ae3ed474ee24b22a3e6377d5c721b632dc098fe

SHA256
0570a3fdd723bee8bf7899fcf7f3bb31ba7d2b85742bb9b15b36c73e7c3a8375

SHA512
eb9271ee7d619a554beaa0f6aa0179110c85995d324137a6d904840167f3561f5c0df08350e2337d128926564f252f0a2cc9bab5c559d99dfdaa854d842be956

Download Submit
C:\Windows\system\IDqoPLh.exe

Filesize
6.0MB

MD5
4b3f0ffd6409470a8198a61aaacf0265

SHA1
bfc3ed0e73556780ce1a187e30e42398b0fd2628

SHA256
3db5e8cc80285955134c35801e44e5397f11887474083a9dd56885d0f6d8fe82

SHA512
9a28f899cf6c29b70002e3d3c1f26a52eab4375016ed86022dd29318332ea80f414aec1ebb0b865305c88a88d614fe45bd99033284b2ec8376b44b3fdc712023

Download Submit
C:\Windows\system\KFlHxaG.exe

Filesize
6.0MB

MD5
04ae2f5f4640ac9df06a063669e421a2

SHA1
070e3c90f8aabd19f7374d1b7f7c765602895d4b

SHA256
32d1d7cee01d9749ea12c14384fde2333c230d29ea108d6764f1fad865d79b2d

SHA512
5dc3d1f65549e25ae7766cb4c0eec4fa7636abd450e8a44d295321ee51d284a6de21c3f26b4a8fab1267b8b277dd897d9a845cbdb52aaba672a210792cf6f583

Download Submit
C:\Windows\system\NKHGhUv.exe

Filesize
6.0MB

MD5
ca6851361f2de253c0f7b75314a99a04

SHA1
71952bcaa27cef4df753ebbe632bd4944f2c1485

SHA256
e16e70eebe9be3ea30b804814ed87841a936adb853436588ed4233584d9d758f

SHA512
655c551efaf9fd6fb2f40df7e6efb4088856d3e604dd4c75c852cf628972dd340ef68c764c667eff164ab406c441a9f22392236d5f15cc1e81d8325dd665c6af

Download Submit
C:\Windows\system\ORcQZBl.exe

Filesize
6.0MB

MD5
50bdf3ca7c4bebd17af51d68fea92a5a

SHA1
698db312e1fdf45b1b02aa18d019cb9bd03ff500

SHA256
199bfa73ddd2f932ac98c7bc608940a8b6ac59dea9ea1de90a1c54cdd1483b03

SHA512
ef21ca17e7d818378f7b378f7df7419b3c21b9009ad51daba54568f0c53b8e8d778eea30d1c03903049d503dccd4dcd07b709325002ad26579dbe0934ef500fd

Download Submit
C:\Windows\system\RfTjlVb.exe

Filesize
6.0MB

MD5
694ea3461a5ccd681b5cad0a29a718eb

SHA1
014958126fc74b8f8074bac75c8b8f7d50d64d1a

SHA256
7bf7137e90e9edd8b500bc3dd5d5a747611fb0711e10ae4927d219c4cfb677fd

SHA512
ef47a5f8c26c14531ae6c9487a10a8471701e1feea146e23f4eaf00a6eabf34b01e6c5529bc71020105304f2c6103bc6b6e9b3b9263cb68cde8cfd752e5f3945

Download Submit
C:\Windows\system\StPuWrc.exe

Filesize
6.0MB

MD5
b73be23bfa939b32d3339886992f0b0e

SHA1
1ef569d1312e3c6cdaa48b85d375bc4c0b390870

SHA256
f3b78de0f61a497b7ba0ac47f3eca01efbc8b5516148c2ca5ca05ed216dca47f

SHA512
d12ebfd4e4414e78219d0a92dd2412dc7e5a53c8b33bf6a738703cb2eab5a71ace8da4fdec577b9d22afa6564452b9645847c93309b81f71eb498955fb39258b

Download Submit
C:\Windows\system\VDfkGXa.exe

Filesize
6.0MB

MD5
e51b2279ba7b4aa77f9ecb61dcfc9f0c

SHA1
df32753d5b6c248f84fd32dde0adc8320d3a3167

SHA256
aa44134577fb3f5dd62a26fb26c23bbd56a794d5487d22aec7ee9ec9111e0ca1

SHA512
73f949752d4fc489664c5483d473f01c388c58a4aee623e3f1e7c2e1b971eb5eefd098e015e9d74e8e376827068dae3a16abd07207341dbe7746216c98aa7c07

Download Submit
C:\Windows\system\VsikZRX.exe

Filesize
6.0MB

MD5
e184ac56faf8b2aa6428ab83a6dcec9c

SHA1
d78f85d145f8ccbf5d91c495e4a9dc9d5a81485b

SHA256
bd1b0f6a8826ad2372bfc0f0bd2f09508812ba9e50ea76443fccf9109bef8da2

SHA512
2bfea8d0670f3d53f817f351240ad7a8926d51032f653757f20c9bade1b47118c43b4891782497d8a9ef87dff9ed848261d2db3013679ed096c330f3939812e3

Download Submit
C:\Windows\system\XCSzWIn.exe

Filesize
6.0MB

MD5
961ae0bd277aa975bdad70d7a779a9be

SHA1
55976cee66e70c3b72e2d873fac370ad5301d1a5

SHA256
9bc259e119527d37a73b0c090a76b5f74ffa51e084c42bbf933d0f9cff366e98

SHA512
75286bc64534a0e34d3179f68afc4e2048be133b426c6f1bbeb54083c12f145e77158929e708fa99eaddc02d6e920e4aacb218ea22921f6d34f376199f6ce6ba

Download Submit
C:\Windows\system\ZiDFrkb.exe

Filesize
6.0MB

MD5
ef8a997b93575e904fd503a52d7d27f8

SHA1
28a52eb3a9f08dd89845f6bc684974674e91e65f

SHA256
8c0d531ff8bab138bf88435985949c09c27039d29ce587618f7789d357513293

SHA512
012431719bcdbf6d72704c53b051cc6c87b230bce95e390b73fc26f434f99e8e8fafb9a3cca50d2c3d27b5eefb6b78586330bbc01fba0b5d89c8248b4dc7ea04

Download Submit
C:\Windows\system\cuQhaxI.exe

Filesize
6.0MB

MD5
c684a34122803883ae9a7be4ad4ad4b0

SHA1
cc9703c91bf142ed65b454fcfe9715effdd3351d

SHA256
9190cabcddf3eaba1bdedaca585cae841db8a90269f5deb2cc580168f4706a25

SHA512
8c1f3729eb855060eae8583727214529d6e6354d5fa35bc2c9014aa51547ed6db4f7c24f256deff3fce5b7032f864b8813a03a7e1e42dad6fc018afc0aba5acb

Download Submit
C:\Windows\system\dTOUFom.exe

Filesize
6.0MB

MD5
138b485d0fe7f6ac7eac2c63acaa8f36

SHA1
d8ab8a597aefa99f2ec2015536500acdbfc396f4

SHA256
a38840c5c15a019d3a5902bacb91f1d82f82b67cf12d1a8cad99ecf310a8e45b

SHA512
a551a285ab8719502a03e94f0ce32a44aecc47cd27cd914eb7bc1f1c149701b3aed5e0d37c9385a0a1675d5625847215c68993f61977b26ed2cddf5d4e2eef45

Download Submit
C:\Windows\system\ekbGOoF.exe

Filesize
6.0MB

MD5
2754fd30f309208868de9482ba205b98

SHA1
0e638e9feef9ee0bb8aa810b5e2bf0b1cec8d380

SHA256
5375184464a34599aaf3d4a6839d8f53d022ed537467796788073501dc41bf79

SHA512
e7b591f4873e2c698af9e6073185190e1dbe007e953ee0eab54f508b6a6774e963d275cdbd0dd1b0d4c6ea9ca0b3d1e09664a850116d4db12eaf7cf6b90541bb

Download Submit
C:\Windows\system\fWSQHtH.exe

Filesize
6.0MB

MD5
704bb9bb3d85ec7fe5ea0ef1fdfc2461

SHA1
f7d978c59a4a74233aaafe5509f48eabc1636de5

SHA256
6cedfcc8b727368e474ba27d432bad8f260e47b09bee1dcbc406c6e3a75f3d69

SHA512
36d9046af14e6c19c55a7dad1edad1d9710f0b3a28bba24785777b89905b5dbdf3a49027e0ffdf76d3fd2dd13885d3d2807fa42696321ee00e1402b15ec63dd4

Download Submit
C:\Windows\system\iEcqrXs.exe

Filesize
6.0MB

MD5
c1aa2d2fa506d7f0e3c577a9bc9505ab

SHA1
4592dade031b4c4f4aebb7f67546ed6bbd88ee94

SHA256
a90f56c9083c4618e47a6ededcaff5088905c70e417cd9c85d20a2f581723011

SHA512
142ae8f11fda14e409722533bca8897755aacd5d005ec228d0ded7d48c00fb0bf00a12291b29bb29e783050bdbc588dd5a97c2dc98ccb0529c694afc82b5cbbb

Download Submit
C:\Windows\system\jUrvWjN.exe

Filesize
6.0MB

MD5
1add7cd48f737dea68c29c89ee609c94

SHA1
ce36cec8a07cb3b606dd9fdefaace0c491e324e4

SHA256
c80692059d0e642e0ccd851ab8abf1214cd995e9075d548e8b81c7c871e9b4d3

SHA512
7094fafe30441d569512494640301923c9be9e16dc557e14411313a8ad251ef562a4326c2e6dc044ee3bf5fe4bfff6a7d24565b20f8f98316352dca9a02244de

Download Submit
C:\Windows\system\nkRYCJO.exe

Filesize
6.0MB

MD5
9f3b7146f07d54d93e9366030dd360c9

SHA1
d111382791122a972096edc6ab3d4e29e9860a44

SHA256
d07d4cc9e4d5275b7792c628127a86886159211799fde9c6e450a40e119455c5

SHA512
178d92f19fdc7d56d710309472aff6fce704b019dc6c89df814fe8c5c947f7f687100208afc6f97f328451cec33e46c6d50d92227910ed965571e34ef5b5cff1

Download Submit
C:\Windows\system\oXRIAJb.exe

Filesize
6.0MB

MD5
1a28c0656d79708996933fc0a001601e

SHA1
6d1cedfc3f4f4e764453c1e1c48ae4f7d779ab11

SHA256
04921951cdc6795bdb3065293163ebe3f07ed7ffda995c77593bd94f1f52c365

SHA512
7be5300cabe714039e7c020fb814e3279731c5527bd5a6b39d3e8c54943d9cd8a01ba44738120bc9b049e62a4e5810ce1117f101114be0f71d532d862e03458f

Download Submit
C:\Windows\system\qalpkng.exe

Filesize
6.0MB

MD5
49541e5a466a4f9792dc5a97df4037cb

SHA1
1ab0d565dee3e6be726a2fa1cbfc6c0f5f536ddb

SHA256
85c3b80a0c1a2211a34aeb1f3e944d31778566bebbc1f1c9a6bb82a651bdc924

SHA512
bc589f06707585b45e353be2c674c7b16dad16c4a41d5ad327d70ecbb335f25ad2face21071e1861afeadab6205b07e2c9ac71d3fe2e15dc4d73e2ac9b0b523b

Download Submit
C:\Windows\system\rJkABsH.exe

Filesize
6.0MB

MD5
cd4e0c82df90c50617d679b0d9564745

SHA1
b4c4832d9c9d94c71f0ea87fdaf5fde304a6ab0e

SHA256
89bcfaa9a509f0128029e1ce45ca070b54c07dc5a042aa321cde5e9696279dc8

SHA512
8a00463387d9cacd4ab70c7c33dbe0e817854d3770508b1fe6d2e42c5dbb4539b197cdc26cb8b19942c9163db7d56e64b891961a966fae9ff33ff22b3cb5daf1

Download Submit
C:\Windows\system\rPqHDuU.exe

Filesize
6.0MB

MD5
471868f5bf840e65f5d6eb337c9ee084

SHA1
ebac5203c0150536f792c6b7601192d9b09aec63

SHA256
5c33862811efd793589ba5bd8281150a1f5ea87eaea6d8053159556178471356

SHA512
07afdf8d86a31057347eeb25346cf9082c96689e2c8b42211c841c101b2d487603758a97cfbcb297480c3f33a471713a807baf9c70f92d4306dc87764dae3081

Download Submit
C:\Windows\system\sGxgbgQ.exe

Filesize
6.0MB

MD5
7922ab4eff53889033eff93e0ac9ddad

SHA1
18ecdad12b41ce0af357eaa05102b7bf47b2422d

SHA256
d5f87b063e464a8d69fba36d695c9b8e49f0d8f975d328f7d499a12a3805729c

SHA512
644d016a4f608b8fbf7c8313b3c8c6173191f028ec88b5dcf56ec216dd863482e09f69f64fdd9076288eb52a761f79d52af3411b5c556171bea4b213dd7af488

Download Submit
C:\Windows\system\wPxtvJq.exe

Filesize
6.0MB

MD5
544f543aa854052d3f1a3bf5feddec7c

SHA1
df049ab0c9201d36f1b7f0b10223c72323d679d2

SHA256
d4cb25ad9dfaccb78bf93f76386bb5a27db18a4dd21cce2d5e827fc6aca9ba2a

SHA512
8fea68c243c825441a29c44e3559d3782ca9eeb642c641545f80dbd89ed78887c19eeab38ad9aeb97fc2b08d98247ed1ee5aa445895759be9aebc0460e4b8480

Download Submit
C:\Windows\system\xViUGkA.exe

Filesize
6.0MB

MD5
9b842b9b3469f817a1e5b8cc0c5971f5

SHA1
c00881e78d1501b06135308b1ef6dea3bb408b83

SHA256
68e724f7d5107098556ecd341770dd95113b25a8700d86026864e1c1ed040949

SHA512
479319b1cc8b953f26d6849c19c66b8df55edb9cc043a127f3edfc85167c6ad604aef1f471d6b11c07760ee81764f33f6e7ebaef72b18db4e7fa4c1863057e0c

Download Submit
\Windows\system\cXQVhuP.exe

Filesize
6.0MB

MD5
cf79deb770dbb5a0ecea370155ea6055

SHA1
6af9268c5d0e58cd0834cb54f7d07e55e44dcfad

SHA256
e42b5949d6a04c2e068f46e4a2998e39fc763d2df27c588343c9b2ae73bb70da

SHA512
da38097e3de4e4ddf43ef5bcc95ec389b4fa11b7bbe7fc7d6c8cfb5ecad4dd4f5900f68624304d5d8e342909d92dbeee5503c1d5ac84fbfe28f6e32d16248df5

Download Submit
\Windows\system\nYEIxMd.exe

Filesize
6.0MB

MD5
d613a3eb91749545f0e0f057e31d0fb3

SHA1
1008e68794535d31a10b92777a796697c050eeac

SHA256
baf03bd5d6b3806fe7ab9ff9e8b688876a619e77c4cfb5b9195acb2a812b14f9

SHA512
67d5367b81819de74a8198db008d008db5d42217c99f82f8ed0c7100dd3e53bc76b2c070f547ea20f8f2127cbc4e8362b03adc85137f608ea934cb5369131b3a

Download Submit
memory/1196-32-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1196-3529-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1784-30-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1784-3519-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-889-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1976-3525-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1992-893-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-33-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1992-2082-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1972-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1960-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1952-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1941-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1926-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-888-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1933-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-886-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1992-45-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-882-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-19-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1992-0-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1057-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1947-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-1058-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-35-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-880-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-38-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-892-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-884-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-890-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/1992-9-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/2256-879-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-3535-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-3521-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-36-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-24-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2416-3520-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3526-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-885-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-878-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3522-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-881-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3532-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-887-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3531-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-891-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3534-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2768-883-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3533-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3528-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-43-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1059-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2956-3530-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2956-29-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download