cobaltstrike | ceb94445b5c67a3580ad6ada7f4f3fd20e801a95c9074d9549d349c1c08ffe8d

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-12-2024 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0faf486157833cd19d32a7a166965ff2
SHA1

c12ba90e6cb760991637e3e959438be47c065829
SHA256

ceb94445b5c67a3580ad6ada7f4f3fd20e801a95c9074d9549d349c1c08ffe8d
SHA512

4fe827f3e6a9058cfda73bac3e09de0ce6c129315463b10bb33d12a50957bf59a440b4f36f18548e56851a9144a473ab9b2a864e25a88e9a6ade34c16cb4aba7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 38 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cd1-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d25-19.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dbe-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d96-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-22.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c62-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-138.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d9a-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-98.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-85.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-78.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-72.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d46-62.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-185.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018687-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-95.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-66.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3e-32.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/2904-0-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-6.dat	xmrig
behavioral1/files/0x0008000000016cd1-8.dat	xmrig
behavioral1/memory/2448-15-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2312-14-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d25-19.dat	xmrig
behavioral1/files/0x0008000000016dbe-43.dat	xmrig
behavioral1/files/0x0007000000016d96-35.dat	xmrig
behavioral1/files/0x0007000000016d36-22.dat	xmrig
behavioral1/files/0x0009000000016c62-190.dat	xmrig
behavioral1/memory/2904-689-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0005000000019442-188.dat	xmrig
behavioral1/files/0x0005000000019426-169.dat	xmrig
behavioral1/files/0x00050000000193a5-152.dat	xmrig
behavioral1/files/0x000500000001937b-146.dat	xmrig
behavioral1/files/0x0005000000019356-138.dat	xmrig
behavioral1/files/0x0009000000016d9a-129.dat	xmrig
behavioral1/files/0x000500000001928c-127.dat	xmrig
behavioral1/files/0x0005000000019266-121.dat	xmrig
behavioral1/files/0x0005000000019259-114.dat	xmrig
behavioral1/files/0x0005000000019244-105.dat	xmrig
behavioral1/memory/2168-101-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191ff-98.dat	xmrig
behavioral1/files/0x00060000000190e0-85.dat	xmrig
behavioral1/files/0x000600000001903b-78.dat	xmrig
behavioral1/files/0x0006000000018c26-72.dat	xmrig
behavioral1/files/0x0007000000016d46-62.dat	xmrig
behavioral1/files/0x0006000000018c1a-59.dat	xmrig
behavioral1/files/0x0005000000019438-185.dat	xmrig
behavioral1/files/0x0007000000018687-168.dat	xmrig
behavioral1/memory/2808-166-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019423-164.dat	xmrig
behavioral1/files/0x0005000000019397-162.dat	xmrig
behavioral1/files/0x000500000001936b-161.dat	xmrig
behavioral1/memory/2708-145-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0005000000019353-143.dat	xmrig
behavioral1/files/0x0005000000019284-137.dat	xmrig
behavioral1/files/0x0005000000019263-136.dat	xmrig
behavioral1/files/0x0005000000019256-113.dat	xmrig
behavioral1/files/0x000500000001922c-112.dat	xmrig
behavioral1/memory/2108-41-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d4-95.dat	xmrig
behavioral1/files/0x00060000000190ce-93.dat	xmrig
behavioral1/files/0x0006000000018f53-92.dat	xmrig
behavioral1/memory/2576-91-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1608-75-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0005000000018792-66.dat	xmrig
behavioral1/files/0x0007000000016d3e-32.dat	xmrig
behavioral1/memory/2348-31-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2072-57-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2072-2107-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2108-2871-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2072-2875-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2312-2877-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2576-2881-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1608-2878-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2348-2874-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2448-2864-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2808-2962-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2168-2958-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2708-2953-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2312	uIlFnUX.exe
2448	XnkwWMi.exe
2348	hPbesTj.exe
2108	HCOIzbm.exe
2072	qrYxDWF.exe
1608	nUCUwER.exe
2576	segNbyW.exe
2168	mjYxmUt.exe
2708	CCnPpQB.exe
2808	LmUNUUw.exe
2760	RMJyQRo.exe
2692	UqfSWXt.exe
2496	Demcatr.exe
2888	EgGlbFg.exe
2444	GUFITFQ.exe
2352	dbFeFCG.exe
2040	GBRiTvt.exe
1932	BvrksHs.exe
1708	SMmAdZp.exe
752	SQpbrcw.exe
1288	aeSfynj.exe
1420	EsLglez.exe
2984	IIhLVSu.exe
2816	wDoqxiL.exe
2128	hJKAoHs.exe
2440	GytyFtW.exe
2920	EXzggpc.exe
2536	jymPRtY.exe
684	uUtNTCC.exe
2880	dCKeNNb.exe
532	hGsdBcd.exe
1380	ooUFcHA.exe
1348	IJXeBkm.exe
2428	viaPKOT.exe
2404	QBPjGRc.exe
2132	iUTzeIS.exe
1896	SkSKVQG.exe
1232	biWHeRs.exe
1424	cyBnTDC.exe
2276	srpEmcl.exe
1700	baiOXcP.exe
1812	iFJPOnA.exe
1684	GvlocNH.exe
2308	TuHJeSI.exe
2788	GeQmuoU.exe
2924	YVwdnlw.exe
1304	ZaUsdGx.exe
832	aKsqjfQ.exe
1764	qbfTUVU.exe
624	ENLZtEt.exe
1740	DkACxSh.exe
1496	lOLUYIN.exe
1720	xVwcDHd.exe
1276	sKDStXI.exe
1528	CFLZOaz.exe
480	VViuSzN.exe
2980	eCniskz.exe
3016	cdYDdab.exe
1736	NriwOQC.exe
2196	JKPmzYF.exe
2336	hZDisJc.exe
2768	CnRVaEx.exe
2916	isIOXWY.exe
2740	tydnDll.exe

Loads dropped DLL 64 IoCs

pid	Process
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x000700000001211a-6.dat	upx
behavioral1/files/0x0008000000016cd1-8.dat	upx
behavioral1/memory/2448-15-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2312-14-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0008000000016d25-19.dat	upx
behavioral1/files/0x0008000000016dbe-43.dat	upx
behavioral1/files/0x0007000000016d96-35.dat	upx
behavioral1/files/0x0007000000016d36-22.dat	upx
behavioral1/files/0x0009000000016c62-190.dat	upx
behavioral1/memory/2904-689-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0005000000019442-188.dat	upx
behavioral1/files/0x0005000000019426-169.dat	upx
behavioral1/files/0x00050000000193a5-152.dat	upx
behavioral1/files/0x000500000001937b-146.dat	upx
behavioral1/files/0x0005000000019356-138.dat	upx
behavioral1/files/0x0009000000016d9a-129.dat	upx
behavioral1/files/0x000500000001928c-127.dat	upx
behavioral1/files/0x0005000000019266-121.dat	upx
behavioral1/files/0x0005000000019259-114.dat	upx
behavioral1/files/0x0005000000019244-105.dat	upx
behavioral1/memory/2168-101-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x00050000000191ff-98.dat	upx
behavioral1/files/0x00060000000190e0-85.dat	upx
behavioral1/files/0x000600000001903b-78.dat	upx
behavioral1/files/0x0006000000018c26-72.dat	upx
behavioral1/files/0x0007000000016d46-62.dat	upx
behavioral1/files/0x0006000000018c1a-59.dat	upx
behavioral1/files/0x0005000000019438-185.dat	upx
behavioral1/files/0x0007000000018687-168.dat	upx
behavioral1/memory/2808-166-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x0005000000019423-164.dat	upx
behavioral1/files/0x0005000000019397-162.dat	upx
behavioral1/files/0x000500000001936b-161.dat	upx
behavioral1/memory/2708-145-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x0005000000019353-143.dat	upx
behavioral1/files/0x0005000000019284-137.dat	upx
behavioral1/files/0x0005000000019263-136.dat	upx
behavioral1/files/0x0005000000019256-113.dat	upx
behavioral1/files/0x000500000001922c-112.dat	upx
behavioral1/memory/2108-41-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x00050000000191d4-95.dat	upx
behavioral1/files/0x00060000000190ce-93.dat	upx
behavioral1/files/0x0006000000018f53-92.dat	upx
behavioral1/memory/2576-91-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1608-75-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0005000000018792-66.dat	upx
behavioral1/files/0x0007000000016d3e-32.dat	upx
behavioral1/memory/2348-31-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2072-57-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2072-2107-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2108-2871-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2072-2875-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2312-2877-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2576-2881-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1608-2878-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2348-2874-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2448-2864-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2808-2962-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2168-2958-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2708-2953-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rBlfXFm.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHWReaQ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxFeGBe.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdUhCkh.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\atDBwRb.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guYevpO.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KubEKQm.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkHsXmr.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYeDcuw.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJwXKlv.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxAaeyZ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NuLvKOK.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMIJyYs.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcDWQyP.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUcpodd.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idSGNDB.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EaKZVZy.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lzsskTU.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WqIkuZZ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOExCdx.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qArWhXO.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvuAiBq.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsfxOaH.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcOwelg.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adHhJeE.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gPzhkOx.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUKphiV.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGhMvvd.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zpCYaKZ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFIBXcO.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVpYRsU.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFJPOnA.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZsTmdP.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\baiOXcP.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNyAtrg.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhiQIFG.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oevurEB.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvXXBXr.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBRyLRr.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmFGEwP.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aeSfynj.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEkZrIq.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQVlrzS.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsJsLtB.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEWfPWR.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnKzKOw.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XMdgxUQ.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBCWDZL.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXPYUYc.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZYZfFp.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtZnzuW.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Fwdvkic.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRBwFnG.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRGaHPE.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaMWorY.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZfQZYk.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBJaZzF.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdZpClN.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDRQraR.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJlIshp.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwxXtmW.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbUEnYw.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWGowZw.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFfEsXE.exe	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2312	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2904 wrote to memory of 2312	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2904 wrote to memory of 2312	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2904 wrote to memory of 2448	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2904 wrote to memory of 2448	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2904 wrote to memory of 2448	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2904 wrote to memory of 2348	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2904 wrote to memory of 2348	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2904 wrote to memory of 2348	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2904 wrote to memory of 2072	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2904 wrote to memory of 2072	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2904 wrote to memory of 2072	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2904 wrote to memory of 2108	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2904 wrote to memory of 2108	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2904 wrote to memory of 2108	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2904 wrote to memory of 2168	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2904 wrote to memory of 2168	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2904 wrote to memory of 2168	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2904 wrote to memory of 1608	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2904 wrote to memory of 1608	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2904 wrote to memory of 1608	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2904 wrote to memory of 2352	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2904 wrote to memory of 2352	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2904 wrote to memory of 2352	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2904 wrote to memory of 2576	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2904 wrote to memory of 2576	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2904 wrote to memory of 2576	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2904 wrote to memory of 2984	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2904 wrote to memory of 2984	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2904 wrote to memory of 2984	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2904 wrote to memory of 2708	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2904 wrote to memory of 2708	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2904 wrote to memory of 2708	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2904 wrote to memory of 2816	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2904 wrote to memory of 2816	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2904 wrote to memory of 2816	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2904 wrote to memory of 2808	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2904 wrote to memory of 2808	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2904 wrote to memory of 2808	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2904 wrote to memory of 2440	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2904 wrote to memory of 2440	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2904 wrote to memory of 2440	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2904 wrote to memory of 2760	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2904 wrote to memory of 2760	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2904 wrote to memory of 2760	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2904 wrote to memory of 2920	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2904 wrote to memory of 2920	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2904 wrote to memory of 2920	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2904 wrote to memory of 2692	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2904 wrote to memory of 2692	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2904 wrote to memory of 2692	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2904 wrote to memory of 2536	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2904 wrote to memory of 2536	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2904 wrote to memory of 2536	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2904 wrote to memory of 2496	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2904 wrote to memory of 2496	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2904 wrote to memory of 2496	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2904 wrote to memory of 2880	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2904 wrote to memory of 2880	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2904 wrote to memory of 2880	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2904 wrote to memory of 2888	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2904 wrote to memory of 2888	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2904 wrote to memory of 2888	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2904 wrote to memory of 1380	2904	2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-20_0faf486157833cd19d32a7a166965ff2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\System\uIlFnUX.exe
  C:\Windows\System\uIlFnUX.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\XnkwWMi.exe
  C:\Windows\System\XnkwWMi.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\hPbesTj.exe
  C:\Windows\System\hPbesTj.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\qrYxDWF.exe
  C:\Windows\System\qrYxDWF.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\HCOIzbm.exe
  C:\Windows\System\HCOIzbm.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\mjYxmUt.exe
  C:\Windows\System\mjYxmUt.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\nUCUwER.exe
  C:\Windows\System\nUCUwER.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\dbFeFCG.exe
  C:\Windows\System\dbFeFCG.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\segNbyW.exe
  C:\Windows\System\segNbyW.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\IIhLVSu.exe
  C:\Windows\System\IIhLVSu.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\CCnPpQB.exe
  C:\Windows\System\CCnPpQB.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\wDoqxiL.exe
  C:\Windows\System\wDoqxiL.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\LmUNUUw.exe
  C:\Windows\System\LmUNUUw.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\GytyFtW.exe
  C:\Windows\System\GytyFtW.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\RMJyQRo.exe
  C:\Windows\System\RMJyQRo.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\EXzggpc.exe
  C:\Windows\System\EXzggpc.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\UqfSWXt.exe
  C:\Windows\System\UqfSWXt.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\jymPRtY.exe
  C:\Windows\System\jymPRtY.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\Demcatr.exe
  C:\Windows\System\Demcatr.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\dCKeNNb.exe
  C:\Windows\System\dCKeNNb.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\EgGlbFg.exe
  C:\Windows\System\EgGlbFg.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\ooUFcHA.exe
  C:\Windows\System\ooUFcHA.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\GUFITFQ.exe
  C:\Windows\System\GUFITFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\viaPKOT.exe
  C:\Windows\System\viaPKOT.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\GBRiTvt.exe
  C:\Windows\System\GBRiTvt.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\QBPjGRc.exe
  C:\Windows\System\QBPjGRc.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\BvrksHs.exe
  C:\Windows\System\BvrksHs.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\cyBnTDC.exe
  C:\Windows\System\cyBnTDC.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\SMmAdZp.exe
  C:\Windows\System\SMmAdZp.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\baiOXcP.exe
  C:\Windows\System\baiOXcP.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\SQpbrcw.exe
  C:\Windows\System\SQpbrcw.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\iFJPOnA.exe
  C:\Windows\System\iFJPOnA.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\aeSfynj.exe
  C:\Windows\System\aeSfynj.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\TuHJeSI.exe
  C:\Windows\System\TuHJeSI.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\EsLglez.exe
  C:\Windows\System\EsLglez.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\GeQmuoU.exe
  C:\Windows\System\GeQmuoU.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\hJKAoHs.exe
  C:\Windows\System\hJKAoHs.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\ZaUsdGx.exe
  C:\Windows\System\ZaUsdGx.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\uUtNTCC.exe
  C:\Windows\System\uUtNTCC.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\aKsqjfQ.exe
  C:\Windows\System\aKsqjfQ.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\hGsdBcd.exe
  C:\Windows\System\hGsdBcd.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\qbfTUVU.exe
  C:\Windows\System\qbfTUVU.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\IJXeBkm.exe
  C:\Windows\System\IJXeBkm.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\DkACxSh.exe
  C:\Windows\System\DkACxSh.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\iUTzeIS.exe
  C:\Windows\System\iUTzeIS.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\xVwcDHd.exe
  C:\Windows\System\xVwcDHd.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\SkSKVQG.exe
  C:\Windows\System\SkSKVQG.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\sKDStXI.exe
  C:\Windows\System\sKDStXI.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\biWHeRs.exe
  C:\Windows\System\biWHeRs.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\CFLZOaz.exe
  C:\Windows\System\CFLZOaz.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\srpEmcl.exe
  C:\Windows\System\srpEmcl.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\VViuSzN.exe
  C:\Windows\System\VViuSzN.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\GvlocNH.exe
  C:\Windows\System\GvlocNH.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\eCniskz.exe
  C:\Windows\System\eCniskz.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\YVwdnlw.exe
  C:\Windows\System\YVwdnlw.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\cdYDdab.exe
  C:\Windows\System\cdYDdab.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ENLZtEt.exe
  C:\Windows\System\ENLZtEt.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\NriwOQC.exe
  C:\Windows\System\NriwOQC.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\lOLUYIN.exe
  C:\Windows\System\lOLUYIN.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\JKPmzYF.exe
  C:\Windows\System\JKPmzYF.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\hZDisJc.exe
  C:\Windows\System\hZDisJc.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\CnRVaEx.exe
  C:\Windows\System\CnRVaEx.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\isIOXWY.exe
  C:\Windows\System\isIOXWY.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\aVWfwyu.exe
  C:\Windows\System\aVWfwyu.exe
  2⤵
  PID:2612
- C:\Windows\System\tydnDll.exe
  C:\Windows\System\tydnDll.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\ndAxifB.exe
  C:\Windows\System\ndAxifB.exe
  2⤵
  PID:2700
- C:\Windows\System\BUMlDxo.exe
  C:\Windows\System\BUMlDxo.exe
  2⤵
  PID:2540
- C:\Windows\System\JLXBHdc.exe
  C:\Windows\System\JLXBHdc.exe
  2⤵
  PID:2264
- C:\Windows\System\guYevpO.exe
  C:\Windows\System\guYevpO.exe
  2⤵
  PID:1836
- C:\Windows\System\DAzxHzU.exe
  C:\Windows\System\DAzxHzU.exe
  2⤵
  PID:344
- C:\Windows\System\mqCiXyv.exe
  C:\Windows\System\mqCiXyv.exe
  2⤵
  PID:2392
- C:\Windows\System\LeXSvlU.exe
  C:\Windows\System\LeXSvlU.exe
  2⤵
  PID:800
- C:\Windows\System\BWwkiSn.exe
  C:\Windows\System\BWwkiSn.exe
  2⤵
  PID:2076
- C:\Windows\System\CuYjwgj.exe
  C:\Windows\System\CuYjwgj.exe
  2⤵
  PID:872
- C:\Windows\System\JXvLYTX.exe
  C:\Windows\System\JXvLYTX.exe
  2⤵
  PID:544
- C:\Windows\System\ULbYrFQ.exe
  C:\Windows\System\ULbYrFQ.exe
  2⤵
  PID:1956
- C:\Windows\System\axMfbpw.exe
  C:\Windows\System\axMfbpw.exe
  2⤵
  PID:1512
- C:\Windows\System\MlvhYOr.exe
  C:\Windows\System\MlvhYOr.exe
  2⤵
  PID:680
- C:\Windows\System\IWzmEon.exe
  C:\Windows\System\IWzmEon.exe
  2⤵
  PID:3040
- C:\Windows\System\TRxzUnq.exe
  C:\Windows\System\TRxzUnq.exe
  2⤵
  PID:2680
- C:\Windows\System\nvzsilm.exe
  C:\Windows\System\nvzsilm.exe
  2⤵
  PID:1148
- C:\Windows\System\dBxwNlk.exe
  C:\Windows\System\dBxwNlk.exe
  2⤵
  PID:2644
- C:\Windows\System\wRshwmi.exe
  C:\Windows\System\wRshwmi.exe
  2⤵
  PID:1568
- C:\Windows\System\GcPjxbf.exe
  C:\Windows\System\GcPjxbf.exe
  2⤵
  PID:2012
- C:\Windows\System\nePDDzb.exe
  C:\Windows\System\nePDDzb.exe
  2⤵
  PID:1036
- C:\Windows\System\OJTAoee.exe
  C:\Windows\System\OJTAoee.exe
  2⤵
  PID:236
- C:\Windows\System\SqOytxe.exe
  C:\Windows\System\SqOytxe.exe
  2⤵
  PID:1264
- C:\Windows\System\ECnjheT.exe
  C:\Windows\System\ECnjheT.exe
  2⤵
  PID:2208
- C:\Windows\System\syPNTkS.exe
  C:\Windows\System\syPNTkS.exe
  2⤵
  PID:1716
- C:\Windows\System\OACXcxz.exe
  C:\Windows\System\OACXcxz.exe
  2⤵
  PID:464
- C:\Windows\System\gWGowZw.exe
  C:\Windows\System\gWGowZw.exe
  2⤵
  PID:964
- C:\Windows\System\BbxFVcb.exe
  C:\Windows\System\BbxFVcb.exe
  2⤵
  PID:2800
- C:\Windows\System\fDlRJcG.exe
  C:\Windows\System\fDlRJcG.exe
  2⤵
  PID:376
- C:\Windows\System\KmiNCGz.exe
  C:\Windows\System\KmiNCGz.exe
  2⤵
  PID:300
- C:\Windows\System\hWfrpHC.exe
  C:\Windows\System\hWfrpHC.exe
  2⤵
  PID:1312
- C:\Windows\System\PzNdusS.exe
  C:\Windows\System\PzNdusS.exe
  2⤵
  PID:1688
- C:\Windows\System\HxAaeyZ.exe
  C:\Windows\System\HxAaeyZ.exe
  2⤵
  PID:2032
- C:\Windows\System\dMPoRQb.exe
  C:\Windows\System\dMPoRQb.exe
  2⤵
  PID:2624
- C:\Windows\System\MQnNUNE.exe
  C:\Windows\System\MQnNUNE.exe
  2⤵
  PID:2660
- C:\Windows\System\jwSSJti.exe
  C:\Windows\System\jwSSJti.exe
  2⤵
  PID:1696
- C:\Windows\System\HxXeaGK.exe
  C:\Windows\System\HxXeaGK.exe
  2⤵
  PID:1972
- C:\Windows\System\MNyAtrg.exe
  C:\Windows\System\MNyAtrg.exe
  2⤵
  PID:1596
- C:\Windows\System\RVWVXpp.exe
  C:\Windows\System\RVWVXpp.exe
  2⤵
  PID:2548
- C:\Windows\System\jIJopyL.exe
  C:\Windows\System\jIJopyL.exe
  2⤵
  PID:2464
- C:\Windows\System\ZmoyeMU.exe
  C:\Windows\System\ZmoyeMU.exe
  2⤵
  PID:3024
- C:\Windows\System\WZsTmdP.exe
  C:\Windows\System\WZsTmdP.exe
  2⤵
  PID:2120
- C:\Windows\System\YsIZdJj.exe
  C:\Windows\System\YsIZdJj.exe
  2⤵
  PID:1468
- C:\Windows\System\kIIyZao.exe
  C:\Windows\System\kIIyZao.exe
  2⤵
  PID:1988
- C:\Windows\System\ABbelii.exe
  C:\Windows\System\ABbelii.exe
  2⤵
  PID:2480
- C:\Windows\System\nEztXBA.exe
  C:\Windows\System\nEztXBA.exe
  2⤵
  PID:3056
- C:\Windows\System\zYezrSg.exe
  C:\Windows\System\zYezrSg.exe
  2⤵
  PID:2136
- C:\Windows\System\wNqEvvt.exe
  C:\Windows\System\wNqEvvt.exe
  2⤵
  PID:1840
- C:\Windows\System\cZVRsxk.exe
  C:\Windows\System\cZVRsxk.exe
  2⤵
  PID:944
- C:\Windows\System\UjqTjpv.exe
  C:\Windows\System\UjqTjpv.exe
  2⤵
  PID:2972
- C:\Windows\System\UxWODyZ.exe
  C:\Windows\System\UxWODyZ.exe
  2⤵
  PID:1664
- C:\Windows\System\IImLJbd.exe
  C:\Windows\System\IImLJbd.exe
  2⤵
  PID:1012
- C:\Windows\System\aeLtbJJ.exe
  C:\Windows\System\aeLtbJJ.exe
  2⤵
  PID:2756
- C:\Windows\System\atFRHSM.exe
  C:\Windows\System\atFRHSM.exe
  2⤵
  PID:2088
- C:\Windows\System\oLOOmRP.exe
  C:\Windows\System\oLOOmRP.exe
  2⤵
  PID:3080
- C:\Windows\System\UTsZImH.exe
  C:\Windows\System\UTsZImH.exe
  2⤵
  PID:3104
- C:\Windows\System\aalexuf.exe
  C:\Windows\System\aalexuf.exe
  2⤵
  PID:3120
- C:\Windows\System\cXjASdQ.exe
  C:\Windows\System\cXjASdQ.exe
  2⤵
  PID:3144
- C:\Windows\System\lOcHiPI.exe
  C:\Windows\System\lOcHiPI.exe
  2⤵
  PID:3164
- C:\Windows\System\KnHqVlA.exe
  C:\Windows\System\KnHqVlA.exe
  2⤵
  PID:3184
- C:\Windows\System\ZzmFAkz.exe
  C:\Windows\System\ZzmFAkz.exe
  2⤵
  PID:3200
- C:\Windows\System\BnVqibP.exe
  C:\Windows\System\BnVqibP.exe
  2⤵
  PID:3216
- C:\Windows\System\TsRqFMh.exe
  C:\Windows\System\TsRqFMh.exe
  2⤵
  PID:3240
- C:\Windows\System\bDkwuKC.exe
  C:\Windows\System\bDkwuKC.exe
  2⤵
  PID:3256
- C:\Windows\System\YbuDqrq.exe
  C:\Windows\System\YbuDqrq.exe
  2⤵
  PID:3272
- C:\Windows\System\pBDplSh.exe
  C:\Windows\System\pBDplSh.exe
  2⤵
  PID:3296
- C:\Windows\System\kLgnhcp.exe
  C:\Windows\System\kLgnhcp.exe
  2⤵
  PID:3320
- C:\Windows\System\QLwBldS.exe
  C:\Windows\System\QLwBldS.exe
  2⤵
  PID:3344
- C:\Windows\System\fvaUYiy.exe
  C:\Windows\System\fvaUYiy.exe
  2⤵
  PID:3364
- C:\Windows\System\FhYFurW.exe
  C:\Windows\System\FhYFurW.exe
  2⤵
  PID:3380
- C:\Windows\System\ivcBwic.exe
  C:\Windows\System\ivcBwic.exe
  2⤵
  PID:3400
- C:\Windows\System\jXwSpcE.exe
  C:\Windows\System\jXwSpcE.exe
  2⤵
  PID:3416
- C:\Windows\System\CeFoQvs.exe
  C:\Windows\System\CeFoQvs.exe
  2⤵
  PID:3436
- C:\Windows\System\LBTCkit.exe
  C:\Windows\System\LBTCkit.exe
  2⤵
  PID:3460
- C:\Windows\System\GzqlSKW.exe
  C:\Windows\System\GzqlSKW.exe
  2⤵
  PID:3476
- C:\Windows\System\FHTavaF.exe
  C:\Windows\System\FHTavaF.exe
  2⤵
  PID:3492
- C:\Windows\System\ntkHyKh.exe
  C:\Windows\System\ntkHyKh.exe
  2⤵
  PID:3512
- C:\Windows\System\qvjwxFv.exe
  C:\Windows\System\qvjwxFv.exe
  2⤵
  PID:3532
- C:\Windows\System\LManyZt.exe
  C:\Windows\System\LManyZt.exe
  2⤵
  PID:3552
- C:\Windows\System\DYTAYkl.exe
  C:\Windows\System\DYTAYkl.exe
  2⤵
  PID:3568
- C:\Windows\System\WoYGjXa.exe
  C:\Windows\System\WoYGjXa.exe
  2⤵
  PID:3584
- C:\Windows\System\SSfjakh.exe
  C:\Windows\System\SSfjakh.exe
  2⤵
  PID:3608
- C:\Windows\System\vWxYJIH.exe
  C:\Windows\System\vWxYJIH.exe
  2⤵
  PID:3628
- C:\Windows\System\bOCgEBS.exe
  C:\Windows\System\bOCgEBS.exe
  2⤵
  PID:3652
- C:\Windows\System\sTSfUAs.exe
  C:\Windows\System\sTSfUAs.exe
  2⤵
  PID:3680
- C:\Windows\System\jeILFjq.exe
  C:\Windows\System\jeILFjq.exe
  2⤵
  PID:3708
- C:\Windows\System\SolBCGb.exe
  C:\Windows\System\SolBCGb.exe
  2⤵
  PID:3728
- C:\Windows\System\uHqpoun.exe
  C:\Windows\System\uHqpoun.exe
  2⤵
  PID:3744
- C:\Windows\System\mzZdIju.exe
  C:\Windows\System\mzZdIju.exe
  2⤵
  PID:3764
- C:\Windows\System\TcgWilU.exe
  C:\Windows\System\TcgWilU.exe
  2⤵
  PID:3788
- C:\Windows\System\wndOJCe.exe
  C:\Windows\System\wndOJCe.exe
  2⤵
  PID:3804
- C:\Windows\System\fMmbtmc.exe
  C:\Windows\System\fMmbtmc.exe
  2⤵
  PID:3824
- C:\Windows\System\rAzhhOF.exe
  C:\Windows\System\rAzhhOF.exe
  2⤵
  PID:3844
- C:\Windows\System\qmakiCH.exe
  C:\Windows\System\qmakiCH.exe
  2⤵
  PID:3860
- C:\Windows\System\Ykfjesr.exe
  C:\Windows\System\Ykfjesr.exe
  2⤵
  PID:3880
- C:\Windows\System\tlwIiea.exe
  C:\Windows\System\tlwIiea.exe
  2⤵
  PID:3900
- C:\Windows\System\cMYagUl.exe
  C:\Windows\System\cMYagUl.exe
  2⤵
  PID:3920
- C:\Windows\System\myZtNrY.exe
  C:\Windows\System\myZtNrY.exe
  2⤵
  PID:3936
- C:\Windows\System\pxvUTre.exe
  C:\Windows\System\pxvUTre.exe
  2⤵
  PID:3952
- C:\Windows\System\lNRzids.exe
  C:\Windows\System\lNRzids.exe
  2⤵
  PID:3976
- C:\Windows\System\DTmPRmV.exe
  C:\Windows\System\DTmPRmV.exe
  2⤵
  PID:3996
- C:\Windows\System\UgtMvPZ.exe
  C:\Windows\System\UgtMvPZ.exe
  2⤵
  PID:4020
- C:\Windows\System\sKYOldo.exe
  C:\Windows\System\sKYOldo.exe
  2⤵
  PID:4036
- C:\Windows\System\TIygHMv.exe
  C:\Windows\System\TIygHMv.exe
  2⤵
  PID:4060
- C:\Windows\System\GeCMRyS.exe
  C:\Windows\System\GeCMRyS.exe
  2⤵
  PID:4080
- C:\Windows\System\XxkMsYs.exe
  C:\Windows\System\XxkMsYs.exe
  2⤵
  PID:1300
- C:\Windows\System\CsNOSSp.exe
  C:\Windows\System\CsNOSSp.exe
  2⤵
  PID:2112
- C:\Windows\System\MIgjyUD.exe
  C:\Windows\System\MIgjyUD.exe
  2⤵
  PID:1912
- C:\Windows\System\nomEYqU.exe
  C:\Windows\System\nomEYqU.exe
  2⤵
  PID:2028
- C:\Windows\System\dHDHZMx.exe
  C:\Windows\System\dHDHZMx.exe
  2⤵
  PID:2472
- C:\Windows\System\kgwYEde.exe
  C:\Windows\System\kgwYEde.exe
  2⤵
  PID:1768
- C:\Windows\System\qxFkFev.exe
  C:\Windows\System\qxFkFev.exe
  2⤵
  PID:2852
- C:\Windows\System\hQBoBvE.exe
  C:\Windows\System\hQBoBvE.exe
  2⤵
  PID:1712
- C:\Windows\System\nqjUPJR.exe
  C:\Windows\System\nqjUPJR.exe
  2⤵
  PID:1940
- C:\Windows\System\eZTDxfn.exe
  C:\Windows\System\eZTDxfn.exe
  2⤵
  PID:1640
- C:\Windows\System\gIHauJf.exe
  C:\Windows\System\gIHauJf.exe
  2⤵
  PID:1784
- C:\Windows\System\sbYMFgM.exe
  C:\Windows\System\sbYMFgM.exe
  2⤵
  PID:3088
- C:\Windows\System\VsUFHeQ.exe
  C:\Windows\System\VsUFHeQ.exe
  2⤵
  PID:3132
- C:\Windows\System\RhJrUrJ.exe
  C:\Windows\System\RhJrUrJ.exe
  2⤵
  PID:3180
- C:\Windows\System\OznBoik.exe
  C:\Windows\System\OznBoik.exe
  2⤵
  PID:3248
- C:\Windows\System\wKTQbCd.exe
  C:\Windows\System\wKTQbCd.exe
  2⤵
  PID:492
- C:\Windows\System\yczmyfD.exe
  C:\Windows\System\yczmyfD.exe
  2⤵
  PID:2508
- C:\Windows\System\KQMNtCM.exe
  C:\Windows\System\KQMNtCM.exe
  2⤵
  PID:3332
- C:\Windows\System\okFbuoq.exe
  C:\Windows\System\okFbuoq.exe
  2⤵
  PID:3116
- C:\Windows\System\QTUChhu.exe
  C:\Windows\System\QTUChhu.exe
  2⤵
  PID:3196
- C:\Windows\System\MeiMbIY.exe
  C:\Windows\System\MeiMbIY.exe
  2⤵
  PID:3408
- C:\Windows\System\IzzmIcy.exe
  C:\Windows\System\IzzmIcy.exe
  2⤵
  PID:3304
- C:\Windows\System\bitjkpF.exe
  C:\Windows\System\bitjkpF.exe
  2⤵
  PID:3560
- C:\Windows\System\XURfbni.exe
  C:\Windows\System\XURfbni.exe
  2⤵
  PID:3388
- C:\Windows\System\JblURsW.exe
  C:\Windows\System\JblURsW.exe
  2⤵
  PID:3564
- C:\Windows\System\ErQQkCI.exe
  C:\Windows\System\ErQQkCI.exe
  2⤵
  PID:3600
- C:\Windows\System\EzFGIfH.exe
  C:\Windows\System\EzFGIfH.exe
  2⤵
  PID:3688
- C:\Windows\System\sFfEsXE.exe
  C:\Windows\System\sFfEsXE.exe
  2⤵
  PID:3704
- C:\Windows\System\OKpGzVv.exe
  C:\Windows\System\OKpGzVv.exe
  2⤵
  PID:3580
- C:\Windows\System\dESwPTI.exe
  C:\Windows\System\dESwPTI.exe
  2⤵
  PID:3660
- C:\Windows\System\CWcTHyk.exe
  C:\Windows\System\CWcTHyk.exe
  2⤵
  PID:3780
- C:\Windows\System\HinAoqb.exe
  C:\Windows\System\HinAoqb.exe
  2⤵
  PID:3508
- C:\Windows\System\Gtwzwrt.exe
  C:\Windows\System\Gtwzwrt.exe
  2⤵
  PID:3672
- C:\Windows\System\iXQZlVv.exe
  C:\Windows\System\iXQZlVv.exe
  2⤵
  PID:3856
- C:\Windows\System\tuDRJZZ.exe
  C:\Windows\System\tuDRJZZ.exe
  2⤵
  PID:3892
- C:\Windows\System\aDqjiPY.exe
  C:\Windows\System\aDqjiPY.exe
  2⤵
  PID:3964
- C:\Windows\System\pmbRsJK.exe
  C:\Windows\System\pmbRsJK.exe
  2⤵
  PID:4008
- C:\Windows\System\ypflenj.exe
  C:\Windows\System\ypflenj.exe
  2⤵
  PID:4056
- C:\Windows\System\GZbYMhl.exe
  C:\Windows\System\GZbYMhl.exe
  2⤵
  PID:1772
- C:\Windows\System\uJvROcB.exe
  C:\Windows\System\uJvROcB.exe
  2⤵
  PID:3868
- C:\Windows\System\UYoKbbc.exe
  C:\Windows\System\UYoKbbc.exe
  2⤵
  PID:3912
- C:\Windows\System\AZpDHwZ.exe
  C:\Windows\System\AZpDHwZ.exe
  2⤵
  PID:3944
- C:\Windows\System\dTejQaU.exe
  C:\Windows\System\dTejQaU.exe
  2⤵
  PID:3992
- C:\Windows\System\ftBOchK.exe
  C:\Windows\System\ftBOchK.exe
  2⤵
  PID:2412
- C:\Windows\System\RSGnpWa.exe
  C:\Windows\System\RSGnpWa.exe
  2⤵
  PID:3100
- C:\Windows\System\veRcglH.exe
  C:\Windows\System\veRcglH.exe
  2⤵
  PID:2744
- C:\Windows\System\XWdrDlR.exe
  C:\Windows\System\XWdrDlR.exe
  2⤵
  PID:3208
- C:\Windows\System\UroBPTh.exe
  C:\Windows\System\UroBPTh.exe
  2⤵
  PID:3060
- C:\Windows\System\FuGwoYS.exe
  C:\Windows\System\FuGwoYS.exe
  2⤵
  PID:3336
- C:\Windows\System\zZHUFGE.exe
  C:\Windows\System\zZHUFGE.exe
  2⤵
  PID:2828
- C:\Windows\System\JQMjSOn.exe
  C:\Windows\System\JQMjSOn.exe
  2⤵
  PID:3268
- C:\Windows\System\cXQYGfR.exe
  C:\Windows\System\cXQYGfR.exe
  2⤵
  PID:1328
- C:\Windows\System\VBUNRoe.exe
  C:\Windows\System\VBUNRoe.exe
  2⤵
  PID:3288
- C:\Windows\System\PNbDIrL.exe
  C:\Windows\System\PNbDIrL.exe
  2⤵
  PID:3136
- C:\Windows\System\JuyHGDm.exe
  C:\Windows\System\JuyHGDm.exe
  2⤵
  PID:3488
- C:\Windows\System\NmBSrbV.exe
  C:\Windows\System\NmBSrbV.exe
  2⤵
  PID:3316
- C:\Windows\System\xDPJNBR.exe
  C:\Windows\System\xDPJNBR.exe
  2⤵
  PID:3424
- C:\Windows\System\FliuiVh.exe
  C:\Windows\System\FliuiVh.exe
  2⤵
  PID:3576
- C:\Windows\System\ajhEFqp.exe
  C:\Windows\System\ajhEFqp.exe
  2⤵
  PID:3784
- C:\Windows\System\umAaTQd.exe
  C:\Windows\System\umAaTQd.exe
  2⤵
  PID:3360
- C:\Windows\System\saJFcse.exe
  C:\Windows\System\saJFcse.exe
  2⤵
  PID:3472
- C:\Windows\System\wnLnBIC.exe
  C:\Windows\System\wnLnBIC.exe
  2⤵
  PID:3888
- C:\Windows\System\sRxjGeQ.exe
  C:\Windows\System\sRxjGeQ.exe
  2⤵
  PID:4088
- C:\Windows\System\IZYzSaX.exe
  C:\Windows\System\IZYzSaX.exe
  2⤵
  PID:3724
- C:\Windows\System\PyrVevW.exe
  C:\Windows\System\PyrVevW.exe
  2⤵
  PID:3908
- C:\Windows\System\CpoSCDc.exe
  C:\Windows\System\CpoSCDc.exe
  2⤵
  PID:3716
- C:\Windows\System\hHFxlTk.exe
  C:\Windows\System\hHFxlTk.exe
  2⤵
  PID:2640
- C:\Windows\System\VdkkvbX.exe
  C:\Windows\System\VdkkvbX.exe
  2⤵
  PID:1704
- C:\Windows\System\shoZpxq.exe
  C:\Windows\System\shoZpxq.exe
  2⤵
  PID:3092
- C:\Windows\System\JrbmALf.exe
  C:\Windows\System\JrbmALf.exe
  2⤵
  PID:2516
- C:\Windows\System\FvETDdB.exe
  C:\Windows\System\FvETDdB.exe
  2⤵
  PID:2488
- C:\Windows\System\fjyLDKv.exe
  C:\Windows\System\fjyLDKv.exe
  2⤵
  PID:4072
- C:\Windows\System\BnQMcPk.exe
  C:\Windows\System\BnQMcPk.exe
  2⤵
  PID:2144
- C:\Windows\System\WzDLfoR.exe
  C:\Windows\System\WzDLfoR.exe
  2⤵
  PID:272
- C:\Windows\System\rHVgVYF.exe
  C:\Windows\System\rHVgVYF.exe
  2⤵
  PID:3448
- C:\Windows\System\UasaQXN.exe
  C:\Windows\System\UasaQXN.exe
  2⤵
  PID:3432
- C:\Windows\System\xiBZyXU.exe
  C:\Windows\System\xiBZyXU.exe
  2⤵
  PID:3468
- C:\Windows\System\Bmhovnn.exe
  C:\Windows\System\Bmhovnn.exe
  2⤵
  PID:3816
- C:\Windows\System\CFpwrNa.exe
  C:\Windows\System\CFpwrNa.exe
  2⤵
  PID:3544
- C:\Windows\System\KybjYrK.exe
  C:\Windows\System\KybjYrK.exe
  2⤵
  PID:3756
- C:\Windows\System\NjhYyQn.exe
  C:\Windows\System\NjhYyQn.exe
  2⤵
  PID:2572
- C:\Windows\System\yPMuvMh.exe
  C:\Windows\System\yPMuvMh.exe
  2⤵
  PID:3988
- C:\Windows\System\aoDdZJv.exe
  C:\Windows\System\aoDdZJv.exe
  2⤵
  PID:3720
- C:\Windows\System\UkcblfW.exe
  C:\Windows\System\UkcblfW.exe
  2⤵
  PID:3840
- C:\Windows\System\AOhDvOh.exe
  C:\Windows\System\AOhDvOh.exe
  2⤵
  PID:3076
- C:\Windows\System\NuLvKOK.exe
  C:\Windows\System\NuLvKOK.exe
  2⤵
  PID:3172
- C:\Windows\System\UnZdSAg.exe
  C:\Windows\System\UnZdSAg.exe
  2⤵
  PID:3484
- C:\Windows\System\TwsvaNu.exe
  C:\Windows\System\TwsvaNu.exe
  2⤵
  PID:2564
- C:\Windows\System\XSvBVCN.exe
  C:\Windows\System\XSvBVCN.exe
  2⤵
  PID:3428
- C:\Windows\System\bNqXnHX.exe
  C:\Windows\System\bNqXnHX.exe
  2⤵
  PID:3648
- C:\Windows\System\LKDESjs.exe
  C:\Windows\System\LKDESjs.exe
  2⤵
  PID:4100
- C:\Windows\System\kFLmJEG.exe
  C:\Windows\System\kFLmJEG.exe
  2⤵
  PID:4116
- C:\Windows\System\QCwDaBD.exe
  C:\Windows\System\QCwDaBD.exe
  2⤵
  PID:4136
- C:\Windows\System\gciYAmw.exe
  C:\Windows\System\gciYAmw.exe
  2⤵
  PID:4156
- C:\Windows\System\KubEKQm.exe
  C:\Windows\System\KubEKQm.exe
  2⤵
  PID:4176
- C:\Windows\System\gRitmPq.exe
  C:\Windows\System\gRitmPq.exe
  2⤵
  PID:4200
- C:\Windows\System\jAhvhot.exe
  C:\Windows\System\jAhvhot.exe
  2⤵
  PID:4220
- C:\Windows\System\rqFgLwQ.exe
  C:\Windows\System\rqFgLwQ.exe
  2⤵
  PID:4240
- C:\Windows\System\KyVpqZk.exe
  C:\Windows\System\KyVpqZk.exe
  2⤵
  PID:4256
- C:\Windows\System\rbwcJDL.exe
  C:\Windows\System\rbwcJDL.exe
  2⤵
  PID:4272
- C:\Windows\System\rQJVNiV.exe
  C:\Windows\System\rQJVNiV.exe
  2⤵
  PID:4296
- C:\Windows\System\dqkLEfb.exe
  C:\Windows\System\dqkLEfb.exe
  2⤵
  PID:4312
- C:\Windows\System\bQjiweL.exe
  C:\Windows\System\bQjiweL.exe
  2⤵
  PID:4336
- C:\Windows\System\ZVyVsis.exe
  C:\Windows\System\ZVyVsis.exe
  2⤵
  PID:4356
- C:\Windows\System\tsMDoaf.exe
  C:\Windows\System\tsMDoaf.exe
  2⤵
  PID:4380
- C:\Windows\System\UeEMdVA.exe
  C:\Windows\System\UeEMdVA.exe
  2⤵
  PID:4396
- C:\Windows\System\eUOmqAR.exe
  C:\Windows\System\eUOmqAR.exe
  2⤵
  PID:4416
- C:\Windows\System\nAmTZhp.exe
  C:\Windows\System\nAmTZhp.exe
  2⤵
  PID:4432
- C:\Windows\System\nKpreWR.exe
  C:\Windows\System\nKpreWR.exe
  2⤵
  PID:4456
- C:\Windows\System\DjacFNe.exe
  C:\Windows\System\DjacFNe.exe
  2⤵
  PID:4476
- C:\Windows\System\qHnvPMo.exe
  C:\Windows\System\qHnvPMo.exe
  2⤵
  PID:4500
- C:\Windows\System\ubtKxJL.exe
  C:\Windows\System\ubtKxJL.exe
  2⤵
  PID:4516
- C:\Windows\System\auKRTbZ.exe
  C:\Windows\System\auKRTbZ.exe
  2⤵
  PID:4536
- C:\Windows\System\oBMoCPs.exe
  C:\Windows\System\oBMoCPs.exe
  2⤵
  PID:4556
- C:\Windows\System\ecXOyYe.exe
  C:\Windows\System\ecXOyYe.exe
  2⤵
  PID:4576
- C:\Windows\System\rjcOmUK.exe
  C:\Windows\System\rjcOmUK.exe
  2⤵
  PID:4596
- C:\Windows\System\JULmGnw.exe
  C:\Windows\System\JULmGnw.exe
  2⤵
  PID:4620
- C:\Windows\System\GeRphDS.exe
  C:\Windows\System\GeRphDS.exe
  2⤵
  PID:4636
- C:\Windows\System\QcwISfQ.exe
  C:\Windows\System\QcwISfQ.exe
  2⤵
  PID:4656
- C:\Windows\System\rpqfFPE.exe
  C:\Windows\System\rpqfFPE.exe
  2⤵
  PID:4676
- C:\Windows\System\mJovJqw.exe
  C:\Windows\System\mJovJqw.exe
  2⤵
  PID:4700
- C:\Windows\System\LxUeBWp.exe
  C:\Windows\System\LxUeBWp.exe
  2⤵
  PID:4720
- C:\Windows\System\YPSOCIt.exe
  C:\Windows\System\YPSOCIt.exe
  2⤵
  PID:4736
- C:\Windows\System\CryAavr.exe
  C:\Windows\System\CryAavr.exe
  2⤵
  PID:4760
- C:\Windows\System\vIqnaeh.exe
  C:\Windows\System\vIqnaeh.exe
  2⤵
  PID:4780
- C:\Windows\System\jbLNYPn.exe
  C:\Windows\System\jbLNYPn.exe
  2⤵
  PID:4796
- C:\Windows\System\sccZgwe.exe
  C:\Windows\System\sccZgwe.exe
  2⤵
  PID:4812
- C:\Windows\System\xQgeRsb.exe
  C:\Windows\System\xQgeRsb.exe
  2⤵
  PID:4836
- C:\Windows\System\GxJMgua.exe
  C:\Windows\System\GxJMgua.exe
  2⤵
  PID:4860
- C:\Windows\System\YpvNDvM.exe
  C:\Windows\System\YpvNDvM.exe
  2⤵
  PID:4880
- C:\Windows\System\uWITbch.exe
  C:\Windows\System\uWITbch.exe
  2⤵
  PID:4900
- C:\Windows\System\FgtfjDM.exe
  C:\Windows\System\FgtfjDM.exe
  2⤵
  PID:4920
- C:\Windows\System\ybCYLIe.exe
  C:\Windows\System\ybCYLIe.exe
  2⤵
  PID:4940
- C:\Windows\System\CyHMdJX.exe
  C:\Windows\System\CyHMdJX.exe
  2⤵
  PID:4960
- C:\Windows\System\zCRNqwN.exe
  C:\Windows\System\zCRNqwN.exe
  2⤵
  PID:4980
- C:\Windows\System\MRofEvg.exe
  C:\Windows\System\MRofEvg.exe
  2⤵
  PID:5000
- C:\Windows\System\sSIONGk.exe
  C:\Windows\System\sSIONGk.exe
  2⤵
  PID:5016
- C:\Windows\System\NSRhlEg.exe
  C:\Windows\System\NSRhlEg.exe
  2⤵
  PID:5036
- C:\Windows\System\jGNQXBe.exe
  C:\Windows\System\jGNQXBe.exe
  2⤵
  PID:5056
- C:\Windows\System\mvLjzRS.exe
  C:\Windows\System\mvLjzRS.exe
  2⤵
  PID:5080
- C:\Windows\System\dkyGvCC.exe
  C:\Windows\System\dkyGvCC.exe
  2⤵
  PID:5100
- C:\Windows\System\JvOPVAY.exe
  C:\Windows\System\JvOPVAY.exe
  2⤵
  PID:2300
- C:\Windows\System\kAvhzja.exe
  C:\Windows\System\kAvhzja.exe
  2⤵
  PID:4044
- C:\Windows\System\MSwOaWa.exe
  C:\Windows\System\MSwOaWa.exe
  2⤵
  PID:2796
- C:\Windows\System\bYnbWsV.exe
  C:\Windows\System\bYnbWsV.exe
  2⤵
  PID:4048
- C:\Windows\System\cTKtOqg.exe
  C:\Windows\System\cTKtOqg.exe
  2⤵
  PID:1744
- C:\Windows\System\XwTDerA.exe
  C:\Windows\System\XwTDerA.exe
  2⤵
  PID:3160
- C:\Windows\System\DTMtdMc.exe
  C:\Windows\System\DTMtdMc.exe
  2⤵
  PID:3356
- C:\Windows\System\XwQWZac.exe
  C:\Windows\System\XwQWZac.exe
  2⤵
  PID:4128
- C:\Windows\System\OdvRGpM.exe
  C:\Windows\System\OdvRGpM.exe
  2⤵
  PID:3820
- C:\Windows\System\gmwxRKY.exe
  C:\Windows\System\gmwxRKY.exe
  2⤵
  PID:4152
- C:\Windows\System\qwoUrEE.exe
  C:\Windows\System\qwoUrEE.exe
  2⤵
  PID:4212
- C:\Windows\System\rfTBVXw.exe
  C:\Windows\System\rfTBVXw.exe
  2⤵
  PID:4252
- C:\Windows\System\ElMxSZI.exe
  C:\Windows\System\ElMxSZI.exe
  2⤵
  PID:4288
- C:\Windows\System\PwvjKsf.exe
  C:\Windows\System\PwvjKsf.exe
  2⤵
  PID:4332
- C:\Windows\System\drWsSge.exe
  C:\Windows\System\drWsSge.exe
  2⤵
  PID:4308
- C:\Windows\System\GqUhLbu.exe
  C:\Windows\System\GqUhLbu.exe
  2⤵
  PID:4372
- C:\Windows\System\cUSovba.exe
  C:\Windows\System\cUSovba.exe
  2⤵
  PID:4412
- C:\Windows\System\Fwdvkic.exe
  C:\Windows\System\Fwdvkic.exe
  2⤵
  PID:4444
- C:\Windows\System\NjGaqFM.exe
  C:\Windows\System\NjGaqFM.exe
  2⤵
  PID:4464
- C:\Windows\System\OTsBFdv.exe
  C:\Windows\System\OTsBFdv.exe
  2⤵
  PID:4492
- C:\Windows\System\CmFqmJL.exe
  C:\Windows\System\CmFqmJL.exe
  2⤵
  PID:4544
- C:\Windows\System\PAABgKi.exe
  C:\Windows\System\PAABgKi.exe
  2⤵
  PID:4552
- C:\Windows\System\GcoJRjQ.exe
  C:\Windows\System\GcoJRjQ.exe
  2⤵
  PID:4616
- C:\Windows\System\ahXDwmi.exe
  C:\Windows\System\ahXDwmi.exe
  2⤵
  PID:4584
- C:\Windows\System\UPfylJP.exe
  C:\Windows\System\UPfylJP.exe
  2⤵
  PID:4632
- C:\Windows\System\eIyPxGh.exe
  C:\Windows\System\eIyPxGh.exe
  2⤵
  PID:4668
- C:\Windows\System\VlLdrOp.exe
  C:\Windows\System\VlLdrOp.exe
  2⤵
  PID:4708
- C:\Windows\System\fBjWJsA.exe
  C:\Windows\System\fBjWJsA.exe
  2⤵
  PID:4772
- C:\Windows\System\hAijTps.exe
  C:\Windows\System\hAijTps.exe
  2⤵
  PID:4804
- C:\Windows\System\EEkZrIq.exe
  C:\Windows\System\EEkZrIq.exe
  2⤵
  PID:4856
- C:\Windows\System\HRLnOVF.exe
  C:\Windows\System\HRLnOVF.exe
  2⤵
  PID:4824
- C:\Windows\System\daJZKUr.exe
  C:\Windows\System\daJZKUr.exe
  2⤵
  PID:2752
- C:\Windows\System\cwwpsrg.exe
  C:\Windows\System\cwwpsrg.exe
  2⤵
  PID:4908
- C:\Windows\System\XpExnvc.exe
  C:\Windows\System\XpExnvc.exe
  2⤵
  PID:4932
- C:\Windows\System\cnqoQdh.exe
  C:\Windows\System\cnqoQdh.exe
  2⤵
  PID:5008
- C:\Windows\System\tXdoBVJ.exe
  C:\Windows\System\tXdoBVJ.exe
  2⤵
  PID:4996
- C:\Windows\System\nGYefzN.exe
  C:\Windows\System\nGYefzN.exe
  2⤵
  PID:5088
- C:\Windows\System\IEXvArU.exe
  C:\Windows\System\IEXvArU.exe
  2⤵
  PID:5064
- C:\Windows\System\NIQubRA.exe
  C:\Windows\System\NIQubRA.exe
  2⤵
  PID:5076
- C:\Windows\System\ouDPYYp.exe
  C:\Windows\System\ouDPYYp.exe
  2⤵
  PID:4012
- C:\Windows\System\Crcjwmp.exe
  C:\Windows\System\Crcjwmp.exe
  2⤵
  PID:2492
- C:\Windows\System\krwAfsL.exe
  C:\Windows\System\krwAfsL.exe
  2⤵
  PID:3232
- C:\Windows\System\gOBEutO.exe
  C:\Windows\System\gOBEutO.exe
  2⤵
  PID:3624
- C:\Windows\System\hxwhBTc.exe
  C:\Windows\System\hxwhBTc.exe
  2⤵
  PID:2840
- C:\Windows\System\DItKUrb.exe
  C:\Windows\System\DItKUrb.exe
  2⤵
  PID:4208
- C:\Windows\System\lsMFpco.exe
  C:\Windows\System\lsMFpco.exe
  2⤵
  PID:4248
- C:\Windows\System\tuSplxF.exe
  C:\Windows\System\tuSplxF.exe
  2⤵
  PID:4280
- C:\Windows\System\XCZlGmY.exe
  C:\Windows\System\XCZlGmY.exe
  2⤵
  PID:4264
- C:\Windows\System\LbIUQZD.exe
  C:\Windows\System\LbIUQZD.exe
  2⤵
  PID:4368
- C:\Windows\System\JVKFnSR.exe
  C:\Windows\System\JVKFnSR.exe
  2⤵
  PID:4388
- C:\Windows\System\GrBuSTz.exe
  C:\Windows\System\GrBuSTz.exe
  2⤵
  PID:4424
- C:\Windows\System\aimivkK.exe
  C:\Windows\System\aimivkK.exe
  2⤵
  PID:4532
- C:\Windows\System\FGJKkXx.exe
  C:\Windows\System\FGJKkXx.exe
  2⤵
  PID:4648
- C:\Windows\System\vdfpSTZ.exe
  C:\Windows\System\vdfpSTZ.exe
  2⤵
  PID:2948
- C:\Windows\System\HIhpCnR.exe
  C:\Windows\System\HIhpCnR.exe
  2⤵
  PID:4664
- C:\Windows\System\BsxMYkd.exe
  C:\Windows\System\BsxMYkd.exe
  2⤵
  PID:4728
- C:\Windows\System\QkcfceL.exe
  C:\Windows\System\QkcfceL.exe
  2⤵
  PID:4744
- C:\Windows\System\gLVlYiL.exe
  C:\Windows\System\gLVlYiL.exe
  2⤵
  PID:4896
- C:\Windows\System\CXAQmal.exe
  C:\Windows\System\CXAQmal.exe
  2⤵
  PID:4888
- C:\Windows\System\uSnvWQW.exe
  C:\Windows\System\uSnvWQW.exe
  2⤵
  PID:4892
- C:\Windows\System\xPHiXcN.exe
  C:\Windows\System\xPHiXcN.exe
  2⤵
  PID:4948
- C:\Windows\System\CgtEnQN.exe
  C:\Windows\System\CgtEnQN.exe
  2⤵
  PID:5044
- C:\Windows\System\idSGNDB.exe
  C:\Windows\System\idSGNDB.exe
  2⤵
  PID:5108
- C:\Windows\System\hKNTSfU.exe
  C:\Windows\System\hKNTSfU.exe
  2⤵
  PID:3284
- C:\Windows\System\aEtmJjM.exe
  C:\Windows\System\aEtmJjM.exe
  2⤵
  PID:4124
- C:\Windows\System\EZDBimi.exe
  C:\Windows\System\EZDBimi.exe
  2⤵
  PID:2344
- C:\Windows\System\funuvCp.exe
  C:\Windows\System\funuvCp.exe
  2⤵
  PID:1680
- C:\Windows\System\XGQqHBM.exe
  C:\Windows\System\XGQqHBM.exe
  2⤵
  PID:4320
- C:\Windows\System\YaADdgn.exe
  C:\Windows\System\YaADdgn.exe
  2⤵
  PID:5132
- C:\Windows\System\ZcwSxnH.exe
  C:\Windows\System\ZcwSxnH.exe
  2⤵
  PID:5152
- C:\Windows\System\XfjfCke.exe
  C:\Windows\System\XfjfCke.exe
  2⤵
  PID:5172
- C:\Windows\System\rPAyZIz.exe
  C:\Windows\System\rPAyZIz.exe
  2⤵
  PID:5192
- C:\Windows\System\MHobTuK.exe
  C:\Windows\System\MHobTuK.exe
  2⤵
  PID:5212
- C:\Windows\System\FDmgXUp.exe
  C:\Windows\System\FDmgXUp.exe
  2⤵
  PID:5232
- C:\Windows\System\uEyCipu.exe
  C:\Windows\System\uEyCipu.exe
  2⤵
  PID:5252
- C:\Windows\System\hWzztEN.exe
  C:\Windows\System\hWzztEN.exe
  2⤵
  PID:5272
- C:\Windows\System\PmANplS.exe
  C:\Windows\System\PmANplS.exe
  2⤵
  PID:5292
- C:\Windows\System\vaUetnK.exe
  C:\Windows\System\vaUetnK.exe
  2⤵
  PID:5312
- C:\Windows\System\hjcwPgz.exe
  C:\Windows\System\hjcwPgz.exe
  2⤵
  PID:5332
- C:\Windows\System\QVlYHCM.exe
  C:\Windows\System\QVlYHCM.exe
  2⤵
  PID:5352
- C:\Windows\System\TjMpxBU.exe
  C:\Windows\System\TjMpxBU.exe
  2⤵
  PID:5372
- C:\Windows\System\hLmkvLQ.exe
  C:\Windows\System\hLmkvLQ.exe
  2⤵
  PID:5392
- C:\Windows\System\vaoQwVY.exe
  C:\Windows\System\vaoQwVY.exe
  2⤵
  PID:5412
- C:\Windows\System\YxbWxRq.exe
  C:\Windows\System\YxbWxRq.exe
  2⤵
  PID:5432
- C:\Windows\System\AsZHVrj.exe
  C:\Windows\System\AsZHVrj.exe
  2⤵
  PID:5448
- C:\Windows\System\oXRihmA.exe
  C:\Windows\System\oXRihmA.exe
  2⤵
  PID:5476
- C:\Windows\System\fvMHMDe.exe
  C:\Windows\System\fvMHMDe.exe
  2⤵
  PID:5492
- C:\Windows\System\VXHBCvW.exe
  C:\Windows\System\VXHBCvW.exe
  2⤵
  PID:5516
- C:\Windows\System\MfbVDQe.exe
  C:\Windows\System\MfbVDQe.exe
  2⤵
  PID:5536
- C:\Windows\System\fmgPBSx.exe
  C:\Windows\System\fmgPBSx.exe
  2⤵
  PID:5556
- C:\Windows\System\kBJaZzF.exe
  C:\Windows\System\kBJaZzF.exe
  2⤵
  PID:5576
- C:\Windows\System\UISoGee.exe
  C:\Windows\System\UISoGee.exe
  2⤵
  PID:5596
- C:\Windows\System\trIxZdV.exe
  C:\Windows\System\trIxZdV.exe
  2⤵
  PID:5616
- C:\Windows\System\WhLGShF.exe
  C:\Windows\System\WhLGShF.exe
  2⤵
  PID:5636
- C:\Windows\System\gAXJaZK.exe
  C:\Windows\System\gAXJaZK.exe
  2⤵
  PID:5656
- C:\Windows\System\TKmeIXg.exe
  C:\Windows\System\TKmeIXg.exe
  2⤵
  PID:5676
- C:\Windows\System\kQniNLC.exe
  C:\Windows\System\kQniNLC.exe
  2⤵
  PID:5696
- C:\Windows\System\eFknCpB.exe
  C:\Windows\System\eFknCpB.exe
  2⤵
  PID:5716
- C:\Windows\System\XWRWWiC.exe
  C:\Windows\System\XWRWWiC.exe
  2⤵
  PID:5736
- C:\Windows\System\FOsZPfa.exe
  C:\Windows\System\FOsZPfa.exe
  2⤵
  PID:5756
- C:\Windows\System\stzLkOX.exe
  C:\Windows\System\stzLkOX.exe
  2⤵
  PID:5776
- C:\Windows\System\mPFwVIV.exe
  C:\Windows\System\mPFwVIV.exe
  2⤵
  PID:5796
- C:\Windows\System\dkHsXmr.exe
  C:\Windows\System\dkHsXmr.exe
  2⤵
  PID:5816
- C:\Windows\System\YZgheSW.exe
  C:\Windows\System\YZgheSW.exe
  2⤵
  PID:5836
- C:\Windows\System\xHARthW.exe
  C:\Windows\System\xHARthW.exe
  2⤵
  PID:5856
- C:\Windows\System\HxUOvjL.exe
  C:\Windows\System\HxUOvjL.exe
  2⤵
  PID:5876
- C:\Windows\System\CIaysZc.exe
  C:\Windows\System\CIaysZc.exe
  2⤵
  PID:5896
- C:\Windows\System\HmgUFYl.exe
  C:\Windows\System\HmgUFYl.exe
  2⤵
  PID:5916
- C:\Windows\System\RkVLzgN.exe
  C:\Windows\System\RkVLzgN.exe
  2⤵
  PID:5936
- C:\Windows\System\DkLpeGm.exe
  C:\Windows\System\DkLpeGm.exe
  2⤵
  PID:5956
- C:\Windows\System\ZGeMsCd.exe
  C:\Windows\System\ZGeMsCd.exe
  2⤵
  PID:5976
- C:\Windows\System\TLIkNwW.exe
  C:\Windows\System\TLIkNwW.exe
  2⤵
  PID:5996
- C:\Windows\System\WeKbeIe.exe
  C:\Windows\System\WeKbeIe.exe
  2⤵
  PID:6016
- C:\Windows\System\lHqsWLG.exe
  C:\Windows\System\lHqsWLG.exe
  2⤵
  PID:6036
- C:\Windows\System\nBfCxIh.exe
  C:\Windows\System\nBfCxIh.exe
  2⤵
  PID:6056
- C:\Windows\System\UYTCtKv.exe
  C:\Windows\System\UYTCtKv.exe
  2⤵
  PID:6076
- C:\Windows\System\skRWdGY.exe
  C:\Windows\System\skRWdGY.exe
  2⤵
  PID:6096
- C:\Windows\System\MHkgIbI.exe
  C:\Windows\System\MHkgIbI.exe
  2⤵
  PID:6116
- C:\Windows\System\URRhSiz.exe
  C:\Windows\System\URRhSiz.exe
  2⤵
  PID:6136
- C:\Windows\System\YdSsyWj.exe
  C:\Windows\System\YdSsyWj.exe
  2⤵
  PID:4404
- C:\Windows\System\hnOHeId.exe
  C:\Windows\System\hnOHeId.exe
  2⤵
  PID:4472
- C:\Windows\System\GGhMvvd.exe
  C:\Windows\System\GGhMvvd.exe
  2⤵
  PID:4612
- C:\Windows\System\cUIBjyh.exe
  C:\Windows\System\cUIBjyh.exe
  2⤵
  PID:4692
- C:\Windows\System\ugBKcKA.exe
  C:\Windows\System\ugBKcKA.exe
  2⤵
  PID:4628
- C:\Windows\System\gNEJOgL.exe
  C:\Windows\System\gNEJOgL.exe
  2⤵
  PID:4844
- C:\Windows\System\aujMcks.exe
  C:\Windows\System\aujMcks.exe
  2⤵
  PID:4916
- C:\Windows\System\EYLgcMp.exe
  C:\Windows\System\EYLgcMp.exe
  2⤵
  PID:5028
- C:\Windows\System\NLRejtp.exe
  C:\Windows\System\NLRejtp.exe
  2⤵
  PID:1672
- C:\Windows\System\vApFnsz.exe
  C:\Windows\System\vApFnsz.exe
  2⤵
  PID:5092
- C:\Windows\System\mYTPSQo.exe
  C:\Windows\System\mYTPSQo.exe
  2⤵
  PID:3872
- C:\Windows\System\ltWfeIv.exe
  C:\Windows\System\ltWfeIv.exe
  2⤵
  PID:4196
- C:\Windows\System\BikjXhz.exe
  C:\Windows\System\BikjXhz.exe
  2⤵
  PID:5140
- C:\Windows\System\uKEzsFE.exe
  C:\Windows\System\uKEzsFE.exe
  2⤵
  PID:5180
- C:\Windows\System\kHmRHpe.exe
  C:\Windows\System\kHmRHpe.exe
  2⤵
  PID:5208
- C:\Windows\System\eluqHZS.exe
  C:\Windows\System\eluqHZS.exe
  2⤵
  PID:5204
- C:\Windows\System\vQiqbbR.exe
  C:\Windows\System\vQiqbbR.exe
  2⤵
  PID:5268
- C:\Windows\System\JxzSjIo.exe
  C:\Windows\System\JxzSjIo.exe
  2⤵
  PID:5284
- C:\Windows\System\RtbemeI.exe
  C:\Windows\System\RtbemeI.exe
  2⤵
  PID:5328
- C:\Windows\System\BvVYvwX.exe
  C:\Windows\System\BvVYvwX.exe
  2⤵
  PID:5388
- C:\Windows\System\KeygChK.exe
  C:\Windows\System\KeygChK.exe
  2⤵
  PID:5424
- C:\Windows\System\sVIAtCN.exe
  C:\Windows\System\sVIAtCN.exe
  2⤵
  PID:5464
- C:\Windows\System\foOapMg.exe
  C:\Windows\System\foOapMg.exe
  2⤵
  PID:5504
- C:\Windows\System\vIRCowh.exe
  C:\Windows\System\vIRCowh.exe
  2⤵
  PID:5544
- C:\Windows\System\eQDTYWu.exe
  C:\Windows\System\eQDTYWu.exe
  2⤵
  PID:5592
- C:\Windows\System\HLrTAlZ.exe
  C:\Windows\System\HLrTAlZ.exe
  2⤵
  PID:5568
- C:\Windows\System\QEPMWcx.exe
  C:\Windows\System\QEPMWcx.exe
  2⤵
  PID:5608
- C:\Windows\System\IYeDcuw.exe
  C:\Windows\System\IYeDcuw.exe
  2⤵
  PID:5648
- C:\Windows\System\TsFKOti.exe
  C:\Windows\System\TsFKOti.exe
  2⤵
  PID:5692
- C:\Windows\System\IbviQAA.exe
  C:\Windows\System\IbviQAA.exe
  2⤵
  PID:5744
- C:\Windows\System\VligEbQ.exe
  C:\Windows\System\VligEbQ.exe
  2⤵
  PID:5764
- C:\Windows\System\ujLJcyh.exe
  C:\Windows\System\ujLJcyh.exe
  2⤵
  PID:5788
- C:\Windows\System\bjAbpBy.exe
  C:\Windows\System\bjAbpBy.exe
  2⤵
  PID:5832
- C:\Windows\System\TPHpQtA.exe
  C:\Windows\System\TPHpQtA.exe
  2⤵
  PID:5864
- C:\Windows\System\PKJFOSO.exe
  C:\Windows\System\PKJFOSO.exe
  2⤵
  PID:5892
- C:\Windows\System\MgEExCB.exe
  C:\Windows\System\MgEExCB.exe
  2⤵
  PID:5944
- C:\Windows\System\HRzxznU.exe
  C:\Windows\System\HRzxznU.exe
  2⤵
  PID:5952
- C:\Windows\System\HxtWwoP.exe
  C:\Windows\System\HxtWwoP.exe
  2⤵
  PID:5988
- C:\Windows\System\gkonPsU.exe
  C:\Windows\System\gkonPsU.exe
  2⤵
  PID:6012
- C:\Windows\System\rBqWIsF.exe
  C:\Windows\System\rBqWIsF.exe
  2⤵
  PID:6048
- C:\Windows\System\lhFBNIB.exe
  C:\Windows\System\lhFBNIB.exe
  2⤵
  PID:6084
- C:\Windows\System\JsXEQYS.exe
  C:\Windows\System\JsXEQYS.exe
  2⤵
  PID:6124
- C:\Windows\System\UKPrazb.exe
  C:\Windows\System\UKPrazb.exe
  2⤵
  PID:4440
- C:\Windows\System\VdZpClN.exe
  C:\Windows\System\VdZpClN.exe
  2⤵
  PID:4508
- C:\Windows\System\QHSKeBw.exe
  C:\Windows\System\QHSKeBw.exe
  2⤵
  PID:4564
- C:\Windows\System\XWRTVRG.exe
  C:\Windows\System\XWRTVRG.exe
  2⤵
  PID:4936
- C:\Windows\System\RWfaHml.exe
  C:\Windows\System\RWfaHml.exe
  2⤵
  PID:4828
- C:\Windows\System\jQgxUKj.exe
  C:\Windows\System\jQgxUKj.exe
  2⤵
  PID:4168
- C:\Windows\System\UeeoRWJ.exe
  C:\Windows\System\UeeoRWJ.exe
  2⤵
  PID:3176
- C:\Windows\System\dblQASn.exe
  C:\Windows\System\dblQASn.exe
  2⤵
  PID:5160
- C:\Windows\System\wXPTwjI.exe
  C:\Windows\System\wXPTwjI.exe
  2⤵
  PID:5128
- C:\Windows\System\sdLlISw.exe
  C:\Windows\System\sdLlISw.exe
  2⤵
  PID:5280
- C:\Windows\System\itWXKhT.exe
  C:\Windows\System\itWXKhT.exe
  2⤵
  PID:5260
- C:\Windows\System\teNwicd.exe
  C:\Windows\System\teNwicd.exe
  2⤵
  PID:5344
- C:\Windows\System\RsEZlVz.exe
  C:\Windows\System\RsEZlVz.exe
  2⤵
  PID:5460
- C:\Windows\System\wcNyXYZ.exe
  C:\Windows\System\wcNyXYZ.exe
  2⤵
  PID:1060
- C:\Windows\System\YsRExED.exe
  C:\Windows\System\YsRExED.exe
  2⤵
  PID:5420
- C:\Windows\System\KdyzbpM.exe
  C:\Windows\System\KdyzbpM.exe
  2⤵
  PID:5444
- C:\Windows\System\rjulFTT.exe
  C:\Windows\System\rjulFTT.exe
  2⤵
  PID:5708
- C:\Windows\System\tvuLCKf.exe
  C:\Windows\System\tvuLCKf.exe
  2⤵
  PID:5844
- C:\Windows\System\lkGJwsO.exe
  C:\Windows\System\lkGJwsO.exe
  2⤵
  PID:5852
- C:\Windows\System\EUBsWJv.exe
  C:\Windows\System\EUBsWJv.exe
  2⤵
  PID:5912
- C:\Windows\System\hhiQIFG.exe
  C:\Windows\System\hhiQIFG.exe
  2⤵
  PID:5804
- C:\Windows\System\qRzYKtj.exe
  C:\Windows\System\qRzYKtj.exe
  2⤵
  PID:5932
- C:\Windows\System\HyDRvlA.exe
  C:\Windows\System\HyDRvlA.exe
  2⤵
  PID:6044
- C:\Windows\System\jICHJkK.exe
  C:\Windows\System\jICHJkK.exe
  2⤵
  PID:6028
- C:\Windows\System\SubqGBw.exe
  C:\Windows\System\SubqGBw.exe
  2⤵
  PID:4604
- C:\Windows\System\BNZDmMl.exe
  C:\Windows\System\BNZDmMl.exe
  2⤵
  PID:6128
- C:\Windows\System\EXGMhXX.exe
  C:\Windows\System\EXGMhXX.exe
  2⤵
  PID:4868
- C:\Windows\System\phBTwzm.exe
  C:\Windows\System\phBTwzm.exe
  2⤵
  PID:4988
- C:\Windows\System\qomNIGH.exe
  C:\Windows\System\qomNIGH.exe
  2⤵
  PID:4284
- C:\Windows\System\JyQQsGO.exe
  C:\Windows\System\JyQQsGO.exe
  2⤵
  PID:5348
- C:\Windows\System\lAWwKZE.exe
  C:\Windows\System\lAWwKZE.exe
  2⤵
  PID:5224
- C:\Windows\System\AglZTGd.exe
  C:\Windows\System\AglZTGd.exe
  2⤵
  PID:1052
- C:\Windows\System\LQiwKFr.exe
  C:\Windows\System\LQiwKFr.exe
  2⤵
  PID:5712
- C:\Windows\System\AXywXEs.exe
  C:\Windows\System\AXywXEs.exe
  2⤵
  PID:5484
- C:\Windows\System\VHsqUQs.exe
  C:\Windows\System\VHsqUQs.exe
  2⤵
  PID:5604
- C:\Windows\System\XDgCjGO.exe
  C:\Windows\System\XDgCjGO.exe
  2⤵
  PID:5772
- C:\Windows\System\uCVVOkU.exe
  C:\Windows\System\uCVVOkU.exe
  2⤵
  PID:5768
- C:\Windows\System\XBfxcRT.exe
  C:\Windows\System\XBfxcRT.exe
  2⤵
  PID:6156
- C:\Windows\System\zeBPfgO.exe
  C:\Windows\System\zeBPfgO.exe
  2⤵
  PID:6180
- C:\Windows\System\LbjtGcw.exe
  C:\Windows\System\LbjtGcw.exe
  2⤵
  PID:6200
- C:\Windows\System\fMACBbc.exe
  C:\Windows\System\fMACBbc.exe
  2⤵
  PID:6220
- C:\Windows\System\JKwHXoL.exe
  C:\Windows\System\JKwHXoL.exe
  2⤵
  PID:6244
- C:\Windows\System\EwEUCxp.exe
  C:\Windows\System\EwEUCxp.exe
  2⤵
  PID:6264
- C:\Windows\System\wynaAqt.exe
  C:\Windows\System\wynaAqt.exe
  2⤵
  PID:6284
- C:\Windows\System\jiRWbSJ.exe
  C:\Windows\System\jiRWbSJ.exe
  2⤵
  PID:6308
- C:\Windows\System\jOqrFrh.exe
  C:\Windows\System\jOqrFrh.exe
  2⤵
  PID:6328
- C:\Windows\System\AHKTQVe.exe
  C:\Windows\System\AHKTQVe.exe
  2⤵
  PID:6344
- C:\Windows\System\ztrFiDt.exe
  C:\Windows\System\ztrFiDt.exe
  2⤵
  PID:6364
- C:\Windows\System\dHGPtoX.exe
  C:\Windows\System\dHGPtoX.exe
  2⤵
  PID:6388
- C:\Windows\System\mxumfKH.exe
  C:\Windows\System\mxumfKH.exe
  2⤵
  PID:6404
- C:\Windows\System\ZdOEPYv.exe
  C:\Windows\System\ZdOEPYv.exe
  2⤵
  PID:6420
- C:\Windows\System\qMZYLRK.exe
  C:\Windows\System\qMZYLRK.exe
  2⤵
  PID:6444
- C:\Windows\System\bjQOFVU.exe
  C:\Windows\System\bjQOFVU.exe
  2⤵
  PID:6468
- C:\Windows\System\MWxZEFR.exe
  C:\Windows\System\MWxZEFR.exe
  2⤵
  PID:6488
- C:\Windows\System\eoyLHqJ.exe
  C:\Windows\System\eoyLHqJ.exe
  2⤵
  PID:6508
- C:\Windows\System\TeRGqUp.exe
  C:\Windows\System\TeRGqUp.exe
  2⤵
  PID:6524
- C:\Windows\System\ojdOGFU.exe
  C:\Windows\System\ojdOGFU.exe
  2⤵
  PID:6544
- C:\Windows\System\wDYWPjE.exe
  C:\Windows\System\wDYWPjE.exe
  2⤵
  PID:6564
- C:\Windows\System\MjQMNNF.exe
  C:\Windows\System\MjQMNNF.exe
  2⤵
  PID:6580
- C:\Windows\System\WMIhSPi.exe
  C:\Windows\System\WMIhSPi.exe
  2⤵
  PID:6604
- C:\Windows\System\eMlIaNp.exe
  C:\Windows\System\eMlIaNp.exe
  2⤵
  PID:6624
- C:\Windows\System\xHJKhrs.exe
  C:\Windows\System\xHJKhrs.exe
  2⤵
  PID:6644
- C:\Windows\System\TfQMXbw.exe
  C:\Windows\System\TfQMXbw.exe
  2⤵
  PID:6668
- C:\Windows\System\WEwGtLW.exe
  C:\Windows\System\WEwGtLW.exe
  2⤵
  PID:6684
- C:\Windows\System\ftCtqAO.exe
  C:\Windows\System\ftCtqAO.exe
  2⤵
  PID:6704
- C:\Windows\System\MzKYsZI.exe
  C:\Windows\System\MzKYsZI.exe
  2⤵
  PID:6728
- C:\Windows\System\tNXNtyP.exe
  C:\Windows\System\tNXNtyP.exe
  2⤵
  PID:6748
- C:\Windows\System\NsWdmwj.exe
  C:\Windows\System\NsWdmwj.exe
  2⤵
  PID:6764
- C:\Windows\System\fZDEsWV.exe
  C:\Windows\System\fZDEsWV.exe
  2⤵
  PID:6788
- C:\Windows\System\jftJlxg.exe
  C:\Windows\System\jftJlxg.exe
  2⤵
  PID:6808
- C:\Windows\System\kAewikD.exe
  C:\Windows\System\kAewikD.exe
  2⤵
  PID:6828
- C:\Windows\System\ciPEFlH.exe
  C:\Windows\System\ciPEFlH.exe
  2⤵
  PID:6848
- C:\Windows\System\bgdidaa.exe
  C:\Windows\System\bgdidaa.exe
  2⤵
  PID:6872
- C:\Windows\System\eedMLZk.exe
  C:\Windows\System\eedMLZk.exe
  2⤵
  PID:6888
- C:\Windows\System\AuzcaZr.exe
  C:\Windows\System\AuzcaZr.exe
  2⤵
  PID:6912
- C:\Windows\System\ItXzWQK.exe
  C:\Windows\System\ItXzWQK.exe
  2⤵
  PID:6932
- C:\Windows\System\XPFhzag.exe
  C:\Windows\System\XPFhzag.exe
  2⤵
  PID:6952
- C:\Windows\System\JPXWuVv.exe
  C:\Windows\System\JPXWuVv.exe
  2⤵
  PID:6968
- C:\Windows\System\MdXccxr.exe
  C:\Windows\System\MdXccxr.exe
  2⤵
  PID:6988
- C:\Windows\System\CIbsebW.exe
  C:\Windows\System\CIbsebW.exe
  2⤵
  PID:7008
- C:\Windows\System\DsCakAa.exe
  C:\Windows\System\DsCakAa.exe
  2⤵
  PID:7028
- C:\Windows\System\rEyhmCT.exe
  C:\Windows\System\rEyhmCT.exe
  2⤵
  PID:7048
- C:\Windows\System\PeJrelW.exe
  C:\Windows\System\PeJrelW.exe
  2⤵
  PID:7064
- C:\Windows\System\jyhVcws.exe
  C:\Windows\System\jyhVcws.exe
  2⤵
  PID:7080
- C:\Windows\System\SelBGsz.exe
  C:\Windows\System\SelBGsz.exe
  2⤵
  PID:7108
- C:\Windows\System\PupNWEQ.exe
  C:\Windows\System\PupNWEQ.exe
  2⤵
  PID:7128
- C:\Windows\System\yqeXyOw.exe
  C:\Windows\System\yqeXyOw.exe
  2⤵
  PID:7148
- C:\Windows\System\AaqYfhX.exe
  C:\Windows\System\AaqYfhX.exe
  2⤵
  PID:5904
- C:\Windows\System\JIFOoCN.exe
  C:\Windows\System\JIFOoCN.exe
  2⤵
  PID:4496
- C:\Windows\System\DJMtDLD.exe
  C:\Windows\System\DJMtDLD.exe
  2⤵
  PID:4852
- C:\Windows\System\kcCxrEs.exe
  C:\Windows\System\kcCxrEs.exe
  2⤵
  PID:6092
- C:\Windows\System\YfIkjGC.exe
  C:\Windows\System\YfIkjGC.exe
  2⤵
  PID:4976
- C:\Windows\System\KNyDGtY.exe
  C:\Windows\System\KNyDGtY.exe
  2⤵
  PID:5144
- C:\Windows\System\jEIgTSs.exe
  C:\Windows\System\jEIgTSs.exe
  2⤵
  PID:5572
- C:\Windows\System\eIggnDX.exe
  C:\Windows\System\eIggnDX.exe
  2⤵
  PID:5048
- C:\Windows\System\RkrmZNy.exe
  C:\Windows\System\RkrmZNy.exe
  2⤵
  PID:5524
- C:\Windows\System\BmTMCry.exe
  C:\Windows\System\BmTMCry.exe
  2⤵
  PID:5612
- C:\Windows\System\WucuqJR.exe
  C:\Windows\System\WucuqJR.exe
  2⤵
  PID:6216
- C:\Windows\System\bmCJxfC.exe
  C:\Windows\System\bmCJxfC.exe
  2⤵
  PID:6196
- C:\Windows\System\lqXoLjx.exe
  C:\Windows\System\lqXoLjx.exe
  2⤵
  PID:6260
- C:\Windows\System\sUpyoFR.exe
  C:\Windows\System\sUpyoFR.exe
  2⤵
  PID:6228
- C:\Windows\System\WOjuhYp.exe
  C:\Windows\System\WOjuhYp.exe
  2⤵
  PID:6276
- C:\Windows\System\XXpNxWy.exe
  C:\Windows\System\XXpNxWy.exe
  2⤵
  PID:6380
- C:\Windows\System\JsfxOaH.exe
  C:\Windows\System\JsfxOaH.exe
  2⤵
  PID:6376
- C:\Windows\System\LGPxsIA.exe
  C:\Windows\System\LGPxsIA.exe
  2⤵
  PID:6456
- C:\Windows\System\RwxHsaC.exe
  C:\Windows\System\RwxHsaC.exe
  2⤵
  PID:6496
- C:\Windows\System\dMJqSFp.exe
  C:\Windows\System\dMJqSFp.exe
  2⤵
  PID:6440
- C:\Windows\System\pIVuwCu.exe
  C:\Windows\System\pIVuwCu.exe
  2⤵
  PID:6532
- C:\Windows\System\DntzcKl.exe
  C:\Windows\System\DntzcKl.exe
  2⤵
  PID:6576
- C:\Windows\System\hjdHuFN.exe
  C:\Windows\System\hjdHuFN.exe
  2⤵
  PID:6660
- C:\Windows\System\LKuHaRe.exe
  C:\Windows\System\LKuHaRe.exe
  2⤵
  PID:6588
- C:\Windows\System\zAUsWuE.exe
  C:\Windows\System\zAUsWuE.exe
  2⤵
  PID:6640
- C:\Windows\System\srRVsVe.exe
  C:\Windows\System\srRVsVe.exe
  2⤵
  PID:6700
- C:\Windows\System\EnbSveC.exe
  C:\Windows\System\EnbSveC.exe
  2⤵
  PID:6776
- C:\Windows\System\MnzBjXF.exe
  C:\Windows\System\MnzBjXF.exe
  2⤵
  PID:6724
- C:\Windows\System\CDRQraR.exe
  C:\Windows\System\CDRQraR.exe
  2⤵
  PID:6820
- C:\Windows\System\skQJgiK.exe
  C:\Windows\System\skQJgiK.exe
  2⤵
  PID:6796
- C:\Windows\System\DpDsIHG.exe
  C:\Windows\System\DpDsIHG.exe
  2⤵
  PID:6860
- C:\Windows\System\SMCOLYv.exe
  C:\Windows\System\SMCOLYv.exe
  2⤵
  PID:6844
- C:\Windows\System\zCUnbMJ.exe
  C:\Windows\System\zCUnbMJ.exe
  2⤵
  PID:6948
- C:\Windows\System\gNQKjYX.exe
  C:\Windows\System\gNQKjYX.exe
  2⤵
  PID:6880
- C:\Windows\System\QNFZbtu.exe
  C:\Windows\System\QNFZbtu.exe
  2⤵
  PID:7024
- C:\Windows\System\LrIKChK.exe
  C:\Windows\System\LrIKChK.exe
  2⤵
  PID:7060
- C:\Windows\System\oUzjVuv.exe
  C:\Windows\System\oUzjVuv.exe
  2⤵
  PID:7004
- C:\Windows\System\QbzeXHS.exe
  C:\Windows\System\QbzeXHS.exe
  2⤵
  PID:7136
- C:\Windows\System\UPmdOSB.exe
  C:\Windows\System\UPmdOSB.exe
  2⤵
  PID:7144
- C:\Windows\System\FCFoPvv.exe
  C:\Windows\System\FCFoPvv.exe
  2⤵
  PID:7076
- C:\Windows\System\bbXVIMV.exe
  C:\Windows\System\bbXVIMV.exe
  2⤵
  PID:7164
- C:\Windows\System\dCzSWBH.exe
  C:\Windows\System\dCzSWBH.exe
  2⤵
  PID:4768
- C:\Windows\System\XqkcoIO.exe
  C:\Windows\System\XqkcoIO.exe
  2⤵
  PID:5664
- C:\Windows\System\pFLmfTc.exe
  C:\Windows\System\pFLmfTc.exe
  2⤵
  PID:4148
- C:\Windows\System\EIPucKU.exe
  C:\Windows\System\EIPucKU.exe
  2⤵
  PID:2716
- C:\Windows\System\NPkXSQL.exe
  C:\Windows\System\NPkXSQL.exe
  2⤵
  PID:5456
- C:\Windows\System\BrJEONL.exe
  C:\Windows\System\BrJEONL.exe
  2⤵
  PID:6208
- C:\Windows\System\QBCwVPV.exe
  C:\Windows\System\QBCwVPV.exe
  2⤵
  PID:6188
- C:\Windows\System\cNjsQyG.exe
  C:\Windows\System\cNjsQyG.exe
  2⤵
  PID:6372
- C:\Windows\System\EaKZVZy.exe
  C:\Windows\System\EaKZVZy.exe
  2⤵
  PID:6452
- C:\Windows\System\kOVwzmu.exe
  C:\Windows\System\kOVwzmu.exe
  2⤵
  PID:6540
- C:\Windows\System\kYsXfcn.exe
  C:\Windows\System\kYsXfcn.exe
  2⤵
  PID:6400
- C:\Windows\System\oWJIucf.exe
  C:\Windows\System\oWJIucf.exe
  2⤵
  PID:6484
- C:\Windows\System\xOwnSlb.exe
  C:\Windows\System\xOwnSlb.exe
  2⤵
  PID:6556
- C:\Windows\System\wQQBtlG.exe
  C:\Windows\System\wQQBtlG.exe
  2⤵
  PID:6616
- C:\Windows\System\Ehlltkn.exe
  C:\Windows\System\Ehlltkn.exe
  2⤵
  PID:6680
- C:\Windows\System\uuExuTy.exe
  C:\Windows\System\uuExuTy.exe
  2⤵
  PID:6740
- C:\Windows\System\prEEbrp.exe
  C:\Windows\System\prEEbrp.exe
  2⤵
  PID:6824
- C:\Windows\System\JBYLgnD.exe
  C:\Windows\System\JBYLgnD.exe
  2⤵
  PID:6816
- C:\Windows\System\ANbnlyu.exe
  C:\Windows\System\ANbnlyu.exe
  2⤵
  PID:6924
- C:\Windows\System\gNbBlOB.exe
  C:\Windows\System\gNbBlOB.exe
  2⤵
  PID:2184
- C:\Windows\System\ADxqWan.exe
  C:\Windows\System\ADxqWan.exe
  2⤵
  PID:7020
- C:\Windows\System\REaVCOt.exe
  C:\Windows\System\REaVCOt.exe
  2⤵
  PID:4488
- C:\Windows\System\tWqtnhQ.exe
  C:\Windows\System\tWqtnhQ.exe
  2⤵
  PID:6964
- C:\Windows\System\uyceXgD.exe
  C:\Windows\System\uyceXgD.exe
  2⤵
  PID:7044
- C:\Windows\System\NzWxXCG.exe
  C:\Windows\System\NzWxXCG.exe
  2⤵
  PID:5468
- C:\Windows\System\RCQMSwk.exe
  C:\Windows\System\RCQMSwk.exe
  2⤵
  PID:5124
- C:\Windows\System\uDewoRq.exe
  C:\Windows\System\uDewoRq.exe
  2⤵
  PID:6296
- C:\Windows\System\pLGzBEr.exe
  C:\Windows\System\pLGzBEr.exe
  2⤵
  PID:5228
- C:\Windows\System\HOfKXqg.exe
  C:\Windows\System\HOfKXqg.exe
  2⤵
  PID:6168
- C:\Windows\System\gxDdSjb.exe
  C:\Windows\System\gxDdSjb.exe
  2⤵
  PID:6460
- C:\Windows\System\KgnUXKR.exe
  C:\Windows\System\KgnUXKR.exe
  2⤵
  PID:6676
- C:\Windows\System\GbOXyvK.exe
  C:\Windows\System\GbOXyvK.exe
  2⤵
  PID:6432
- C:\Windows\System\OKNPDXD.exe
  C:\Windows\System\OKNPDXD.exe
  2⤵
  PID:6780
- C:\Windows\System\VozwnEA.exe
  C:\Windows\System\VozwnEA.exe
  2⤵
  PID:6984
- C:\Windows\System\HDsNlqh.exe
  C:\Windows\System\HDsNlqh.exe
  2⤵
  PID:6940
- C:\Windows\System\ynJMOPd.exe
  C:\Windows\System\ynJMOPd.exe
  2⤵
  PID:6904
- C:\Windows\System\rWDznkZ.exe
  C:\Windows\System\rWDznkZ.exe
  2⤵
  PID:6960
- C:\Windows\System\bdniGfs.exe
  C:\Windows\System\bdniGfs.exe
  2⤵
  PID:6900
- C:\Windows\System\DQyzSql.exe
  C:\Windows\System\DQyzSql.exe
  2⤵
  PID:5908
- C:\Windows\System\XRtKsRC.exe
  C:\Windows\System\XRtKsRC.exe
  2⤵
  PID:7100
- C:\Windows\System\ZJGOukm.exe
  C:\Windows\System\ZJGOukm.exe
  2⤵
  PID:4568
- C:\Windows\System\VrHHcRE.exe
  C:\Windows\System\VrHHcRE.exe
  2⤵
  PID:6104
- C:\Windows\System\AlxnXwi.exe
  C:\Windows\System\AlxnXwi.exe
  2⤵
  PID:7228
- C:\Windows\System\lMyZzpV.exe
  C:\Windows\System\lMyZzpV.exe
  2⤵
  PID:7248
- C:\Windows\System\DESFLXU.exe
  C:\Windows\System\DESFLXU.exe
  2⤵
  PID:7264
- C:\Windows\System\RFIBXcO.exe
  C:\Windows\System\RFIBXcO.exe
  2⤵
  PID:7288
- C:\Windows\System\JgUdeud.exe
  C:\Windows\System\JgUdeud.exe
  2⤵
  PID:7308
- C:\Windows\System\XSHfwbG.exe
  C:\Windows\System\XSHfwbG.exe
  2⤵
  PID:7328
- C:\Windows\System\ZlLxrAD.exe
  C:\Windows\System\ZlLxrAD.exe
  2⤵
  PID:7348
- C:\Windows\System\WjZDWxr.exe
  C:\Windows\System\WjZDWxr.exe
  2⤵
  PID:7364
- C:\Windows\System\KMyQwap.exe
  C:\Windows\System\KMyQwap.exe
  2⤵
  PID:7388
- C:\Windows\System\EzZzqqt.exe
  C:\Windows\System\EzZzqqt.exe
  2⤵
  PID:7408
- C:\Windows\System\OVpYRsU.exe
  C:\Windows\System\OVpYRsU.exe
  2⤵
  PID:7428
- C:\Windows\System\BPvWgVd.exe
  C:\Windows\System\BPvWgVd.exe
  2⤵
  PID:7444
- C:\Windows\System\xYmDlTQ.exe
  C:\Windows\System\xYmDlTQ.exe
  2⤵
  PID:7460
- C:\Windows\System\jUxdexA.exe
  C:\Windows\System\jUxdexA.exe
  2⤵
  PID:7488
- C:\Windows\System\auDIEuf.exe
  C:\Windows\System\auDIEuf.exe
  2⤵
  PID:7508
- C:\Windows\System\IjEQFZr.exe
  C:\Windows\System\IjEQFZr.exe
  2⤵
  PID:7528
- C:\Windows\System\VozrQiE.exe
  C:\Windows\System\VozrQiE.exe
  2⤵
  PID:7548
- C:\Windows\System\Yupgscx.exe
  C:\Windows\System\Yupgscx.exe
  2⤵
  PID:7564
- C:\Windows\System\eVTVyfC.exe
  C:\Windows\System\eVTVyfC.exe
  2⤵
  PID:7588
- C:\Windows\System\aAKOTQL.exe
  C:\Windows\System\aAKOTQL.exe
  2⤵
  PID:7608
- C:\Windows\System\QcOwelg.exe
  C:\Windows\System\QcOwelg.exe
  2⤵
  PID:7624
- C:\Windows\System\UCatiyf.exe
  C:\Windows\System\UCatiyf.exe
  2⤵
  PID:7644
- C:\Windows\System\NEIWDSI.exe
  C:\Windows\System\NEIWDSI.exe
  2⤵
  PID:7664
- C:\Windows\System\qHnlKLX.exe
  C:\Windows\System\qHnlKLX.exe
  2⤵
  PID:7684
- C:\Windows\System\SDGmWEO.exe
  C:\Windows\System\SDGmWEO.exe
  2⤵
  PID:7700
- C:\Windows\System\WGmmNgP.exe
  C:\Windows\System\WGmmNgP.exe
  2⤵
  PID:7728
- C:\Windows\System\chOjHbx.exe
  C:\Windows\System\chOjHbx.exe
  2⤵
  PID:7744
- C:\Windows\System\RtYVHwD.exe
  C:\Windows\System\RtYVHwD.exe
  2⤵
  PID:7768
- C:\Windows\System\sxwsHoi.exe
  C:\Windows\System\sxwsHoi.exe
  2⤵
  PID:7784
- C:\Windows\System\ksvpSoc.exe
  C:\Windows\System\ksvpSoc.exe
  2⤵
  PID:7804
- C:\Windows\System\fyqhrDq.exe
  C:\Windows\System\fyqhrDq.exe
  2⤵
  PID:7828
- C:\Windows\System\WqFZeIQ.exe
  C:\Windows\System\WqFZeIQ.exe
  2⤵
  PID:7848
- C:\Windows\System\OsUOQIN.exe
  C:\Windows\System\OsUOQIN.exe
  2⤵
  PID:7876
- C:\Windows\System\zJOkxfa.exe
  C:\Windows\System\zJOkxfa.exe
  2⤵
  PID:7892
- C:\Windows\System\QUstoli.exe
  C:\Windows\System\QUstoli.exe
  2⤵
  PID:7908
- C:\Windows\System\uLFjRta.exe
  C:\Windows\System\uLFjRta.exe
  2⤵
  PID:7924
- C:\Windows\System\pVdWQEt.exe
  C:\Windows\System\pVdWQEt.exe
  2⤵
  PID:7940
- C:\Windows\System\mITblZu.exe
  C:\Windows\System\mITblZu.exe
  2⤵
  PID:7956
- C:\Windows\System\xoxCurS.exe
  C:\Windows\System\xoxCurS.exe
  2⤵
  PID:7972
- C:\Windows\System\jeWivje.exe
  C:\Windows\System\jeWivje.exe
  2⤵
  PID:7988
- C:\Windows\System\PaMWorY.exe
  C:\Windows\System\PaMWorY.exe
  2⤵
  PID:8004
- C:\Windows\System\UfAHzMg.exe
  C:\Windows\System\UfAHzMg.exe
  2⤵
  PID:8020
- C:\Windows\System\hMOwEUu.exe
  C:\Windows\System\hMOwEUu.exe
  2⤵
  PID:8044
- C:\Windows\System\iJqkCwQ.exe
  C:\Windows\System\iJqkCwQ.exe
  2⤵
  PID:8060
- C:\Windows\System\UFaMmlW.exe
  C:\Windows\System\UFaMmlW.exe
  2⤵
  PID:8076
- C:\Windows\System\UTbsVoF.exe
  C:\Windows\System\UTbsVoF.exe
  2⤵
  PID:8092
- C:\Windows\System\AhiWavZ.exe
  C:\Windows\System\AhiWavZ.exe
  2⤵
  PID:8108
- C:\Windows\System\EepcfXR.exe
  C:\Windows\System\EepcfXR.exe
  2⤵
  PID:8124
- C:\Windows\System\rLQGSZI.exe
  C:\Windows\System\rLQGSZI.exe
  2⤵
  PID:8140
- C:\Windows\System\cowdAKp.exe
  C:\Windows\System\cowdAKp.exe
  2⤵
  PID:8156
- C:\Windows\System\zGNBttU.exe
  C:\Windows\System\zGNBttU.exe
  2⤵
  PID:8172
- C:\Windows\System\HLVSSTb.exe
  C:\Windows\System\HLVSSTb.exe
  2⤵
  PID:8188
- C:\Windows\System\nIrMkKb.exe
  C:\Windows\System\nIrMkKb.exe
  2⤵
  PID:6300
- C:\Windows\System\zeHRkaS.exe
  C:\Windows\System\zeHRkaS.exe
  2⤵
  PID:1536
- C:\Windows\System\RzlsvwG.exe
  C:\Windows\System\RzlsvwG.exe
  2⤵
  PID:6652
- C:\Windows\System\oNybOFH.exe
  C:\Windows\System\oNybOFH.exe
  2⤵
  PID:2592
- C:\Windows\System\ypQliRp.exe
  C:\Windows\System\ypQliRp.exe
  2⤵
  PID:6896
- C:\Windows\System\syGriHS.exe
  C:\Windows\System\syGriHS.exe
  2⤵
  PID:5652
- C:\Windows\System\dwBxtUI.exe
  C:\Windows\System\dwBxtUI.exe
  2⤵
  PID:2960
- C:\Windows\System\yWCwDek.exe
  C:\Windows\System\yWCwDek.exe
  2⤵
  PID:1392
- C:\Windows\System\QkUmoYY.exe
  C:\Windows\System\QkUmoYY.exe
  2⤵
  PID:6148
- C:\Windows\System\FqAPNar.exe
  C:\Windows\System\FqAPNar.exe
  2⤵
  PID:7260
- C:\Windows\System\GdQueJR.exe
  C:\Windows\System\GdQueJR.exe
  2⤵
  PID:7244
- C:\Windows\System\GgnAOCC.exe
  C:\Windows\System\GgnAOCC.exe
  2⤵
  PID:7296
- C:\Windows\System\VzADcLM.exe
  C:\Windows\System\VzADcLM.exe
  2⤵
  PID:7300
- C:\Windows\System\nRzHTwk.exe
  C:\Windows\System\nRzHTwk.exe
  2⤵
  PID:7316
- C:\Windows\System\Pkxzrju.exe
  C:\Windows\System\Pkxzrju.exe
  2⤵
  PID:7372
- C:\Windows\System\ngKOxiV.exe
  C:\Windows\System\ngKOxiV.exe
  2⤵
  PID:7324
- C:\Windows\System\IlSigRT.exe
  C:\Windows\System\IlSigRT.exe
  2⤵
  PID:7396
- C:\Windows\System\UMqEApP.exe
  C:\Windows\System\UMqEApP.exe
  2⤵
  PID:7420
- C:\Windows\System\ZYITrsY.exe
  C:\Windows\System\ZYITrsY.exe
  2⤵
  PID:1924
- C:\Windows\System\EQQwjJY.exe
  C:\Windows\System\EQQwjJY.exe
  2⤵
  PID:7440
- C:\Windows\System\mBonJUN.exe
  C:\Windows\System\mBonJUN.exe
  2⤵
  PID:7544
- C:\Windows\System\gNAFapr.exe
  C:\Windows\System\gNAFapr.exe
  2⤵
  PID:7656
- C:\Windows\System\TpWYIrp.exe
  C:\Windows\System\TpWYIrp.exe
  2⤵
  PID:7692
- C:\Windows\System\dKiOQTo.exe
  C:\Windows\System\dKiOQTo.exe
  2⤵
  PID:7736
- C:\Windows\System\wbjINoc.exe
  C:\Windows\System\wbjINoc.exe
  2⤵
  PID:1636
- C:\Windows\System\zvKHjxn.exe
  C:\Windows\System\zvKHjxn.exe
  2⤵
  PID:7812
- C:\Windows\System\xMIJyYs.exe
  C:\Windows\System\xMIJyYs.exe
  2⤵
  PID:616
- C:\Windows\System\ctPQtWT.exe
  C:\Windows\System\ctPQtWT.exe
  2⤵
  PID:7632
- C:\Windows\System\EzpaGmb.exe
  C:\Windows\System\EzpaGmb.exe
  2⤵
  PID:7676
- C:\Windows\System\nOGTfev.exe
  C:\Windows\System\nOGTfev.exe
  2⤵
  PID:7712
- C:\Windows\System\xAgYLkV.exe
  C:\Windows\System\xAgYLkV.exe
  2⤵
  PID:7760
- C:\Windows\System\OrKJNWN.exe
  C:\Windows\System\OrKJNWN.exe
  2⤵
  PID:7844
- C:\Windows\System\blBNeRF.exe
  C:\Windows\System\blBNeRF.exe
  2⤵
  PID:796
- C:\Windows\System\adHhJeE.exe
  C:\Windows\System\adHhJeE.exe
  2⤵
  PID:7796
- C:\Windows\System\ycXQTmD.exe
  C:\Windows\System\ycXQTmD.exe
  2⤵
  PID:2632
- C:\Windows\System\lBArPRo.exe
  C:\Windows\System\lBArPRo.exe
  2⤵
  PID:2896
- C:\Windows\System\CyUJVkQ.exe
  C:\Windows\System\CyUJVkQ.exe
  2⤵
  PID:7884
- C:\Windows\System\KVdArme.exe
  C:\Windows\System\KVdArme.exe
  2⤵
  PID:2452
- C:\Windows\System\PylPWEK.exe
  C:\Windows\System\PylPWEK.exe
  2⤵
  PID:7964
- C:\Windows\System\DofhBGr.exe
  C:\Windows\System\DofhBGr.exe
  2⤵
  PID:2052
- C:\Windows\System\RGvWfqu.exe
  C:\Windows\System\RGvWfqu.exe
  2⤵
  PID:8036
- C:\Windows\System\kGBrxEl.exe
  C:\Windows\System\kGBrxEl.exe
  2⤵
  PID:8100
- C:\Windows\System\FPyVMJQ.exe
  C:\Windows\System\FPyVMJQ.exe
  2⤵
  PID:8164
- C:\Windows\System\oevurEB.exe
  C:\Windows\System\oevurEB.exe
  2⤵
  PID:8120
- C:\Windows\System\lmnGoTn.exe
  C:\Windows\System\lmnGoTn.exe
  2⤵
  PID:8180
- C:\Windows\System\Ahijdqq.exe
  C:\Windows\System\Ahijdqq.exe
  2⤵
  PID:6744
- C:\Windows\System\uSBbgfg.exe
  C:\Windows\System\uSBbgfg.exe
  2⤵
  PID:7984
- C:\Windows\System\lcYjgJT.exe
  C:\Windows\System\lcYjgJT.exe
  2⤵
  PID:8084
- C:\Windows\System\CcztJGP.exe
  C:\Windows\System\CcztJGP.exe
  2⤵
  PID:6500
- C:\Windows\System\PRTNrcp.exe
  C:\Windows\System\PRTNrcp.exe
  2⤵
  PID:6520
- C:\Windows\System\wuKmyCI.exe
  C:\Windows\System\wuKmyCI.exe
  2⤵
  PID:6232
- C:\Windows\System\RiSxhXs.exe
  C:\Windows\System\RiSxhXs.exe
  2⤵
  PID:2504
- C:\Windows\System\oJwXTHf.exe
  C:\Windows\System\oJwXTHf.exe
  2⤵
  PID:7224
- C:\Windows\System\BRxUYdY.exe
  C:\Windows\System\BRxUYdY.exe
  2⤵
  PID:7272
- C:\Windows\System\PFZCZBV.exe
  C:\Windows\System\PFZCZBV.exe
  2⤵
  PID:7360
- C:\Windows\System\ZyZOzhQ.exe
  C:\Windows\System\ZyZOzhQ.exe
  2⤵
  PID:836
- C:\Windows\System\wJcvXvw.exe
  C:\Windows\System\wJcvXvw.exe
  2⤵
  PID:1488
- C:\Windows\System\yvXXBXr.exe
  C:\Windows\System\yvXXBXr.exe
  2⤵
  PID:7504
- C:\Windows\System\FvVzafR.exe
  C:\Windows\System\FvVzafR.exe
  2⤵
  PID:1592
- C:\Windows\System\GVHYvrp.exe
  C:\Windows\System\GVHYvrp.exe
  2⤵
  PID:7868
- C:\Windows\System\NJGHABI.exe
  C:\Windows\System\NJGHABI.exe
  2⤵
  PID:7540
- C:\Windows\System\puwFnUA.exe
  C:\Windows\System\puwFnUA.exe
  2⤵
  PID:7572
- C:\Windows\System\XiUcdZa.exe
  C:\Windows\System\XiUcdZa.exe
  2⤵
  PID:7580
- C:\Windows\System\MnKZVTt.exe
  C:\Windows\System\MnKZVTt.exe
  2⤵
  PID:1920
- C:\Windows\System\LDJikVj.exe
  C:\Windows\System\LDJikVj.exe
  2⤵
  PID:1548
- C:\Windows\System\wAQAZKI.exe
  C:\Windows\System\wAQAZKI.exe
  2⤵
  PID:292
- C:\Windows\System\ytsDXsh.exe
  C:\Windows\System\ytsDXsh.exe
  2⤵
  PID:7600
- C:\Windows\System\XuTnQnV.exe
  C:\Windows\System\XuTnQnV.exe
  2⤵
  PID:7680
- C:\Windows\System\aVgnsHD.exe
  C:\Windows\System\aVgnsHD.exe
  2⤵
  PID:2084
- C:\Windows\System\VeHZNyU.exe
  C:\Windows\System\VeHZNyU.exe
  2⤵
  PID:2524
- C:\Windows\System\ItVgNpG.exe
  C:\Windows\System\ItVgNpG.exe
  2⤵
  PID:7888
- C:\Windows\System\QsHhAsN.exe
  C:\Windows\System\QsHhAsN.exe
  2⤵
  PID:8072
- C:\Windows\System\cdHqxDV.exe
  C:\Windows\System\cdHqxDV.exe
  2⤵
  PID:6736
- C:\Windows\System\HSllvBE.exe
  C:\Windows\System\HSllvBE.exe
  2⤵
  PID:7304
- C:\Windows\System\MIwNNcZ.exe
  C:\Windows\System\MIwNNcZ.exe
  2⤵
  PID:7452
- C:\Windows\System\maPmypu.exe
  C:\Windows\System\maPmypu.exe
  2⤵
  PID:7724
- C:\Windows\System\wYbxBiX.exe
  C:\Windows\System\wYbxBiX.exe
  2⤵
  PID:7756
- C:\Windows\System\WcCjbLZ.exe
  C:\Windows\System\WcCjbLZ.exe
  2⤵
  PID:7524
- C:\Windows\System\wMwSSfo.exe
  C:\Windows\System\wMwSSfo.exe
  2⤵
  PID:7652
- C:\Windows\System\AxDmbHd.exe
  C:\Windows\System\AxDmbHd.exe
  2⤵
  PID:8132
- C:\Windows\System\mSyhguY.exe
  C:\Windows\System\mSyhguY.exe
  2⤵
  PID:7900
- C:\Windows\System\spjMKVM.exe
  C:\Windows\System\spjMKVM.exe
  2⤵
  PID:7980
- C:\Windows\System\qpAtWPL.exe
  C:\Windows\System\qpAtWPL.exe
  2⤵
  PID:7236
- C:\Windows\System\qUsCOer.exe
  C:\Windows\System\qUsCOer.exe
  2⤵
  PID:7384
- C:\Windows\System\khqfbKb.exe
  C:\Windows\System\khqfbKb.exe
  2⤵
  PID:2020
- C:\Windows\System\iUSxahV.exe
  C:\Windows\System\iUSxahV.exe
  2⤵
  PID:7616
- C:\Windows\System\lWFNSsl.exe
  C:\Windows\System\lWFNSsl.exe
  2⤵
  PID:7800
- C:\Windows\System\HmVYpwB.exe
  C:\Windows\System\HmVYpwB.exe
  2⤵
  PID:7636
- C:\Windows\System\UiauXfj.exe
  C:\Windows\System\UiauXfj.exe
  2⤵
  PID:7708
- C:\Windows\System\zRUSeGk.exe
  C:\Windows\System\zRUSeGk.exe
  2⤵
  PID:8068
- C:\Windows\System\LPpQXyT.exe
  C:\Windows\System\LPpQXyT.exe
  2⤵
  PID:8028
- C:\Windows\System\FuURQZe.exe
  C:\Windows\System\FuURQZe.exe
  2⤵
  PID:8012
- C:\Windows\System\KAWwIFM.exe
  C:\Windows\System\KAWwIFM.exe
  2⤵
  PID:7500
- C:\Windows\System\bsKBakb.exe
  C:\Windows\System\bsKBakb.exe
  2⤵
  PID:6980
- C:\Windows\System\HlKEfHP.exe
  C:\Windows\System\HlKEfHP.exe
  2⤵
  PID:7776
- C:\Windows\System\cLNcnMR.exe
  C:\Windows\System\cLNcnMR.exe
  2⤵
  PID:6552
- C:\Windows\System\tKxfBqx.exe
  C:\Windows\System\tKxfBqx.exe
  2⤵
  PID:2724
- C:\Windows\System\LPhizjw.exe
  C:\Windows\System\LPhizjw.exe
  2⤵
  PID:2416
- C:\Windows\System\meWxMOP.exe
  C:\Windows\System\meWxMOP.exe
  2⤵
  PID:8196
- C:\Windows\System\QSBtlwv.exe
  C:\Windows\System\QSBtlwv.exe
  2⤵
  PID:8212
- C:\Windows\System\vudHFoM.exe
  C:\Windows\System\vudHFoM.exe
  2⤵
  PID:8228
- C:\Windows\System\PaLpJHv.exe
  C:\Windows\System\PaLpJHv.exe
  2⤵
  PID:8248
- C:\Windows\System\FIpIjDN.exe
  C:\Windows\System\FIpIjDN.exe
  2⤵
  PID:8264
- C:\Windows\System\cRgHiQt.exe
  C:\Windows\System\cRgHiQt.exe
  2⤵
  PID:8280
- C:\Windows\System\xhiDwzh.exe
  C:\Windows\System\xhiDwzh.exe
  2⤵
  PID:8296
- C:\Windows\System\AIsFXFd.exe
  C:\Windows\System\AIsFXFd.exe
  2⤵
  PID:8316
- C:\Windows\System\cqMTxDe.exe
  C:\Windows\System\cqMTxDe.exe
  2⤵
  PID:8332
- C:\Windows\System\zpCYaKZ.exe
  C:\Windows\System\zpCYaKZ.exe
  2⤵
  PID:8352
- C:\Windows\System\ktFixRH.exe
  C:\Windows\System\ktFixRH.exe
  2⤵
  PID:8368
- C:\Windows\System\jXhdlUI.exe
  C:\Windows\System\jXhdlUI.exe
  2⤵
  PID:8384
- C:\Windows\System\tsXmSrB.exe
  C:\Windows\System\tsXmSrB.exe
  2⤵
  PID:8400
- C:\Windows\System\jySmkkp.exe
  C:\Windows\System\jySmkkp.exe
  2⤵
  PID:8416
- C:\Windows\System\KTxbhOb.exe
  C:\Windows\System\KTxbhOb.exe
  2⤵
  PID:8440
- C:\Windows\System\PisYKNP.exe
  C:\Windows\System\PisYKNP.exe
  2⤵
  PID:8464
- C:\Windows\System\gyFoBhz.exe
  C:\Windows\System\gyFoBhz.exe
  2⤵
  PID:8480
- C:\Windows\System\HCzWlKh.exe
  C:\Windows\System\HCzWlKh.exe
  2⤵
  PID:8500
- C:\Windows\System\bJHzfjc.exe
  C:\Windows\System\bJHzfjc.exe
  2⤵
  PID:8524
- C:\Windows\System\YpUMOzJ.exe
  C:\Windows\System\YpUMOzJ.exe
  2⤵
  PID:8540
- C:\Windows\System\JdQBXbO.exe
  C:\Windows\System\JdQBXbO.exe
  2⤵
  PID:8556
- C:\Windows\System\CqDSjih.exe
  C:\Windows\System\CqDSjih.exe
  2⤵
  PID:8576
- C:\Windows\System\EXgTqzl.exe
  C:\Windows\System\EXgTqzl.exe
  2⤵
  PID:8592
- C:\Windows\System\RDsmneN.exe
  C:\Windows\System\RDsmneN.exe
  2⤵
  PID:8608
- C:\Windows\System\gsThROW.exe
  C:\Windows\System\gsThROW.exe
  2⤵
  PID:8708
- C:\Windows\System\MMWtEFn.exe
  C:\Windows\System\MMWtEFn.exe
  2⤵
  PID:8764
- C:\Windows\System\GlDyiwe.exe
  C:\Windows\System\GlDyiwe.exe
  2⤵
  PID:8784
- C:\Windows\System\pWwZKhZ.exe
  C:\Windows\System\pWwZKhZ.exe
  2⤵
  PID:8812
- C:\Windows\System\gGodAbg.exe
  C:\Windows\System\gGodAbg.exe
  2⤵
  PID:8848
- C:\Windows\System\vsaCReX.exe
  C:\Windows\System\vsaCReX.exe
  2⤵
  PID:8868
- C:\Windows\System\kqjYaxC.exe
  C:\Windows\System\kqjYaxC.exe
  2⤵
  PID:8888
- C:\Windows\System\uOibQRS.exe
  C:\Windows\System\uOibQRS.exe
  2⤵
  PID:8904
- C:\Windows\System\VWGSEgZ.exe
  C:\Windows\System\VWGSEgZ.exe
  2⤵
  PID:8920
- C:\Windows\System\HXVHLru.exe
  C:\Windows\System\HXVHLru.exe
  2⤵
  PID:8936
- C:\Windows\System\VWnANYR.exe
  C:\Windows\System\VWnANYR.exe
  2⤵
  PID:8952
- C:\Windows\System\ojOxhxH.exe
  C:\Windows\System\ojOxhxH.exe
  2⤵
  PID:8968
- C:\Windows\System\Dyunbps.exe
  C:\Windows\System\Dyunbps.exe
  2⤵
  PID:8984
- C:\Windows\System\nsIxuKU.exe
  C:\Windows\System\nsIxuKU.exe
  2⤵
  PID:9000
- C:\Windows\System\BokOYAG.exe
  C:\Windows\System\BokOYAG.exe
  2⤵
  PID:9016
- C:\Windows\System\NRWksBY.exe
  C:\Windows\System\NRWksBY.exe
  2⤵
  PID:9052
- C:\Windows\System\dHsysIr.exe
  C:\Windows\System\dHsysIr.exe
  2⤵
  PID:9068
- C:\Windows\System\GPcEMxu.exe
  C:\Windows\System\GPcEMxu.exe
  2⤵
  PID:9084
- C:\Windows\System\JyAymkD.exe
  C:\Windows\System\JyAymkD.exe
  2⤵
  PID:9112
- C:\Windows\System\wBRyLRr.exe
  C:\Windows\System\wBRyLRr.exe
  2⤵
  PID:9140
- C:\Windows\System\NsBBfWk.exe
  C:\Windows\System\NsBBfWk.exe
  2⤵
  PID:9160
- C:\Windows\System\monoIRG.exe
  C:\Windows\System\monoIRG.exe
  2⤵
  PID:9176
- C:\Windows\System\FTTwfgg.exe
  C:\Windows\System\FTTwfgg.exe
  2⤵
  PID:9192
- C:\Windows\System\pScSOvz.exe
  C:\Windows\System\pScSOvz.exe
  2⤵
  PID:9208
- C:\Windows\System\aQjZSZW.exe
  C:\Windows\System\aQjZSZW.exe
  2⤵
  PID:2696
- C:\Windows\System\wESonue.exe
  C:\Windows\System\wESonue.exe
  2⤵
  PID:2304
- C:\Windows\System\cFjLIEq.exe
  C:\Windows\System\cFjLIEq.exe
  2⤵
  PID:2236
- C:\Windows\System\rRTAdcV.exe
  C:\Windows\System\rRTAdcV.exe
  2⤵
  PID:6416
- C:\Windows\System\nBRuZrk.exe
  C:\Windows\System\nBRuZrk.exe
  2⤵
  PID:7496
- C:\Windows\System\vJHutZO.exe
  C:\Windows\System\vJHutZO.exe
  2⤵
  PID:8204
- C:\Windows\System\npOkADi.exe
  C:\Windows\System\npOkADi.exe
  2⤵
  PID:8240
- C:\Windows\System\HOcioUF.exe
  C:\Windows\System\HOcioUF.exe
  2⤵
  PID:8304
- C:\Windows\System\bFBKkTS.exe
  C:\Windows\System\bFBKkTS.exe
  2⤵
  PID:8344
- C:\Windows\System\tbGSwCg.exe
  C:\Windows\System\tbGSwCg.exe
  2⤵
  PID:8408
- C:\Windows\System\pPjQOFd.exe
  C:\Windows\System\pPjQOFd.exe
  2⤵
  PID:8456
- C:\Windows\System\ajStFJc.exe
  C:\Windows\System\ajStFJc.exe
  2⤵
  PID:6756
- C:\Windows\System\OPllMox.exe
  C:\Windows\System\OPllMox.exe
  2⤵
  PID:8224
- C:\Windows\System\QizMARr.exe
  C:\Windows\System\QizMARr.exe
  2⤵
  PID:8256
- C:\Windows\System\UHGJiVo.exe
  C:\Windows\System\UHGJiVo.exe
  2⤵
  PID:8324
- C:\Windows\System\Zhwgryz.exe
  C:\Windows\System\Zhwgryz.exe
  2⤵
  PID:8396
- C:\Windows\System\NpsZsZk.exe
  C:\Windows\System\NpsZsZk.exe
  2⤵
  PID:8472
- C:\Windows\System\ruQnKci.exe
  C:\Windows\System\ruQnKci.exe
  2⤵
  PID:8520
- C:\Windows\System\btiLYwR.exe
  C:\Windows\System\btiLYwR.exe
  2⤵
  PID:8572
- C:\Windows\System\XpUtPEN.exe
  C:\Windows\System\XpUtPEN.exe
  2⤵
  PID:8604
- C:\Windows\System\sUzlGLo.exe
  C:\Windows\System\sUzlGLo.exe
  2⤵
  PID:7820
- C:\Windows\System\CMEAIeU.exe
  C:\Windows\System\CMEAIeU.exe
  2⤵
  PID:8640
- C:\Windows\System\aFTacoX.exe
  C:\Windows\System\aFTacoX.exe
  2⤵
  PID:8656
- C:\Windows\System\VKjEbot.exe
  C:\Windows\System\VKjEbot.exe
  2⤵
  PID:8676
- C:\Windows\System\SfCcGUm.exe
  C:\Windows\System\SfCcGUm.exe
  2⤵
  PID:8692
- C:\Windows\System\lgeGHlQ.exe
  C:\Windows\System\lgeGHlQ.exe
  2⤵
  PID:8704
- C:\Windows\System\oqSIezY.exe
  C:\Windows\System\oqSIezY.exe
  2⤵
  PID:8724
- C:\Windows\System\QyLNxSC.exe
  C:\Windows\System\QyLNxSC.exe
  2⤵
  PID:8744
- C:\Windows\System\PKGSiUR.exe
  C:\Windows\System\PKGSiUR.exe
  2⤵
  PID:8772
- C:\Windows\System\GhYoYrx.exe
  C:\Windows\System\GhYoYrx.exe
  2⤵
  PID:8792
- C:\Windows\System\LWUnCLf.exe
  C:\Windows\System\LWUnCLf.exe
  2⤵
  PID:8808
- C:\Windows\System\UDPATPo.exe
  C:\Windows\System\UDPATPo.exe
  2⤵
  PID:8836
- C:\Windows\System\bkESxPs.exe
  C:\Windows\System\bkESxPs.exe
  2⤵
  PID:8828
- C:\Windows\System\xNhqHSd.exe
  C:\Windows\System\xNhqHSd.exe
  2⤵
  PID:8876
- C:\Windows\System\MvdSqGh.exe
  C:\Windows\System\MvdSqGh.exe
  2⤵
  PID:9024
- C:\Windows\System\eLHyQvb.exe
  C:\Windows\System\eLHyQvb.exe
  2⤵
  PID:8944
- C:\Windows\System\rEFRwOL.exe
  C:\Windows\System\rEFRwOL.exe
  2⤵
  PID:8900
- C:\Windows\System\lzsskTU.exe
  C:\Windows\System\lzsskTU.exe
  2⤵
  PID:9028
- C:\Windows\System\zyIsQIJ.exe
  C:\Windows\System\zyIsQIJ.exe
  2⤵
  PID:8928
- C:\Windows\System\jneWgMJ.exe
  C:\Windows\System\jneWgMJ.exe
  2⤵
  PID:9060
- C:\Windows\System\pCRnMtg.exe
  C:\Windows\System\pCRnMtg.exe
  2⤵
  PID:9064
- C:\Windows\System\zHqLUgp.exe
  C:\Windows\System\zHqLUgp.exe
  2⤵
  PID:9108
- C:\Windows\System\pimUEzc.exe
  C:\Windows\System\pimUEzc.exe
  2⤵
  PID:9128
- C:\Windows\System\asvSNmu.exe
  C:\Windows\System\asvSNmu.exe
  2⤵
  PID:9148
- C:\Windows\System\ZxmaAKB.exe
  C:\Windows\System\ZxmaAKB.exe
  2⤵
  PID:9152
- C:\Windows\System\sPCaBNj.exe
  C:\Windows\System\sPCaBNj.exe
  2⤵
  PID:7584
- C:\Windows\System\xlfquax.exe
  C:\Windows\System\xlfquax.exe
  2⤵
  PID:988
- C:\Windows\System\vEuTNlf.exe
  C:\Windows\System\vEuTNlf.exe
  2⤵
  PID:8116
- C:\Windows\System\GIYnRvf.exe
  C:\Windows\System\GIYnRvf.exe
  2⤵
  PID:8208
- C:\Windows\System\OEpcpwa.exe
  C:\Windows\System\OEpcpwa.exe
  2⤵
  PID:8448
- C:\Windows\System\pJhLmuF.exe
  C:\Windows\System\pJhLmuF.exe
  2⤵
  PID:8380
- C:\Windows\System\tHlAZsI.exe
  C:\Windows\System\tHlAZsI.exe
  2⤵
  PID:8516
- C:\Windows\System\ujIKLmQ.exe
  C:\Windows\System\ujIKLmQ.exe
  2⤵
  PID:8424
- C:\Windows\System\VJUrocj.exe
  C:\Windows\System\VJUrocj.exe
  2⤵
  PID:8432
- C:\Windows\System\tQtzpjV.exe
  C:\Windows\System\tQtzpjV.exe
  2⤵
  PID:8436
- C:\Windows\System\bBYbfTP.exe
  C:\Windows\System\bBYbfTP.exe
  2⤵
  PID:8588
- C:\Windows\System\fJAegDt.exe
  C:\Windows\System\fJAegDt.exe
  2⤵
  PID:8632
- C:\Windows\System\XnnHkPk.exe
  C:\Windows\System\XnnHkPk.exe
  2⤵
  PID:8648
- C:\Windows\System\MldRzeh.exe
  C:\Windows\System\MldRzeh.exe
  2⤵
  PID:8736
- C:\Windows\System\cbKbcnZ.exe
  C:\Windows\System\cbKbcnZ.exe
  2⤵
  PID:8800
- C:\Windows\System\FnThjhw.exe
  C:\Windows\System\FnThjhw.exe
  2⤵
  PID:8688
- C:\Windows\System\vlSBWhb.exe
  C:\Windows\System\vlSBWhb.exe
  2⤵
  PID:8824
- C:\Windows\System\gghUHgw.exe
  C:\Windows\System\gghUHgw.exe
  2⤵
  PID:8844
- C:\Windows\System\BePMdGy.exe
  C:\Windows\System\BePMdGy.exe
  2⤵
  PID:8860
- C:\Windows\System\LhlzWXb.exe
  C:\Windows\System\LhlzWXb.exe
  2⤵
  PID:8976
- C:\Windows\System\CvYPGXQ.exe
  C:\Windows\System\CvYPGXQ.exe
  2⤵
  PID:9040
- C:\Windows\System\nYCdpVu.exe
  C:\Windows\System\nYCdpVu.exe
  2⤵
  PID:9204
- C:\Windows\System\lYYdNKh.exe
  C:\Windows\System\lYYdNKh.exe
  2⤵
  PID:8236
- C:\Windows\System\dpbozwn.exe
  C:\Windows\System\dpbozwn.exe
  2⤵
  PID:8496
- C:\Windows\System\BQgSilZ.exe
  C:\Windows\System\BQgSilZ.exe
  2⤵
  PID:8512
- C:\Windows\System\XzSXqhP.exe
  C:\Windows\System\XzSXqhP.exe
  2⤵
  PID:8452
- C:\Windows\System\QcpmvBJ.exe
  C:\Windows\System\QcpmvBJ.exe
  2⤵
  PID:9076
- C:\Windows\System\GbIHmUH.exe
  C:\Windows\System\GbIHmUH.exe
  2⤵
  PID:5584
- C:\Windows\System\uQoQvgG.exe
  C:\Windows\System\uQoQvgG.exe
  2⤵
  PID:8636
- C:\Windows\System\nvivgoY.exe
  C:\Windows\System\nvivgoY.exe
  2⤵
  PID:8720
- C:\Windows\System\qDUkkGX.exe
  C:\Windows\System\qDUkkGX.exe
  2⤵
  PID:8628
- C:\Windows\System\hEZeUSt.exe
  C:\Windows\System\hEZeUSt.exe
  2⤵
  PID:8780
- C:\Windows\System\GlYImCt.exe
  C:\Windows\System\GlYImCt.exe
  2⤵
  PID:7916
- C:\Windows\System\XkxcFty.exe
  C:\Windows\System\XkxcFty.exe
  2⤵
  PID:8896
- C:\Windows\System\mSwOdvO.exe
  C:\Windows\System\mSwOdvO.exe
  2⤵
  PID:9136
- C:\Windows\System\JqNXhMO.exe
  C:\Windows\System\JqNXhMO.exe
  2⤵
  PID:8376
- C:\Windows\System\PLQWwHT.exe
  C:\Windows\System\PLQWwHT.exe
  2⤵
  PID:6856
- C:\Windows\System\VZptUTo.exe
  C:\Windows\System\VZptUTo.exe
  2⤵
  PID:6024
- C:\Windows\System\alQzlss.exe
  C:\Windows\System\alQzlss.exe
  2⤵
  PID:9080
- C:\Windows\System\rBlfXFm.exe
  C:\Windows\System\rBlfXFm.exe
  2⤵
  PID:9228
- C:\Windows\System\XIYjlQk.exe
  C:\Windows\System\XIYjlQk.exe
  2⤵
  PID:9244
- C:\Windows\System\zoitaYg.exe
  C:\Windows\System\zoitaYg.exe
  2⤵
  PID:9260
- C:\Windows\System\FPggNBH.exe
  C:\Windows\System\FPggNBH.exe
  2⤵
  PID:9276
- C:\Windows\System\SlSHYRX.exe
  C:\Windows\System\SlSHYRX.exe
  2⤵
  PID:9296
- C:\Windows\System\EeXxSNq.exe
  C:\Windows\System\EeXxSNq.exe
  2⤵
  PID:9312
- C:\Windows\System\SIOxMBa.exe
  C:\Windows\System\SIOxMBa.exe
  2⤵
  PID:9328
- C:\Windows\System\bbQUCot.exe
  C:\Windows\System\bbQUCot.exe
  2⤵
  PID:9344
- C:\Windows\System\SjvOcTA.exe
  C:\Windows\System\SjvOcTA.exe
  2⤵
  PID:9360
- C:\Windows\System\ICFMkOV.exe
  C:\Windows\System\ICFMkOV.exe
  2⤵
  PID:9376
- C:\Windows\System\EdxXuyq.exe
  C:\Windows\System\EdxXuyq.exe
  2⤵
  PID:9392
- C:\Windows\System\xfCIHDw.exe
  C:\Windows\System\xfCIHDw.exe
  2⤵
  PID:9408
- C:\Windows\System\kDWilhB.exe
  C:\Windows\System\kDWilhB.exe
  2⤵
  PID:9424
- C:\Windows\System\gloEcgV.exe
  C:\Windows\System\gloEcgV.exe
  2⤵
  PID:9440
- C:\Windows\System\YyiTuFD.exe
  C:\Windows\System\YyiTuFD.exe
  2⤵
  PID:9456
- C:\Windows\System\RftfOwD.exe
  C:\Windows\System\RftfOwD.exe
  2⤵
  PID:9472
- C:\Windows\System\JjXlfDD.exe
  C:\Windows\System\JjXlfDD.exe
  2⤵
  PID:9488
- C:\Windows\System\WmFGEwP.exe
  C:\Windows\System\WmFGEwP.exe
  2⤵
  PID:9504
- C:\Windows\System\DcZRnnA.exe
  C:\Windows\System\DcZRnnA.exe
  2⤵
  PID:9520
- C:\Windows\System\JOFXyDc.exe
  C:\Windows\System\JOFXyDc.exe
  2⤵
  PID:9536
- C:\Windows\System\tNRrIgb.exe
  C:\Windows\System\tNRrIgb.exe
  2⤵
  PID:9552
- C:\Windows\System\qlEFCZO.exe
  C:\Windows\System\qlEFCZO.exe
  2⤵
  PID:9568
- C:\Windows\System\xpJMyeH.exe
  C:\Windows\System\xpJMyeH.exe
  2⤵
  PID:9584
- C:\Windows\System\yAVHZTZ.exe
  C:\Windows\System\yAVHZTZ.exe
  2⤵
  PID:9600
- C:\Windows\System\iIdnvAJ.exe
  C:\Windows\System\iIdnvAJ.exe
  2⤵
  PID:9616
- C:\Windows\System\nIsVVbY.exe
  C:\Windows\System\nIsVVbY.exe
  2⤵
  PID:9648
- C:\Windows\System\qnYNsOb.exe
  C:\Windows\System\qnYNsOb.exe
  2⤵
  PID:9732
- C:\Windows\System\ldOYMiL.exe
  C:\Windows\System\ldOYMiL.exe
  2⤵
  PID:9748
- C:\Windows\System\BDlOWux.exe
  C:\Windows\System\BDlOWux.exe
  2⤵
  PID:9764
- C:\Windows\System\VYdyVYh.exe
  C:\Windows\System\VYdyVYh.exe
  2⤵
  PID:9784
- C:\Windows\System\wuulgfu.exe
  C:\Windows\System\wuulgfu.exe
  2⤵
  PID:9800
- C:\Windows\System\gcOWpCZ.exe
  C:\Windows\System\gcOWpCZ.exe
  2⤵
  PID:9820
- C:\Windows\System\FXPbpwA.exe
  C:\Windows\System\FXPbpwA.exe
  2⤵
  PID:9844
- C:\Windows\System\JxgwNVs.exe
  C:\Windows\System\JxgwNVs.exe
  2⤵
  PID:9860
- C:\Windows\System\GCEkQPo.exe
  C:\Windows\System\GCEkQPo.exe
  2⤵
  PID:9900
- C:\Windows\System\yIEHouR.exe
  C:\Windows\System\yIEHouR.exe
  2⤵
  PID:9924
- C:\Windows\System\EwCJXRp.exe
  C:\Windows\System\EwCJXRp.exe
  2⤵
  PID:9940
- C:\Windows\System\oUrGiHm.exe
  C:\Windows\System\oUrGiHm.exe
  2⤵
  PID:9976
- C:\Windows\System\SnJPMgk.exe
  C:\Windows\System\SnJPMgk.exe
  2⤵
  PID:9992
- C:\Windows\System\LfXnIkB.exe
  C:\Windows\System\LfXnIkB.exe
  2⤵
  PID:10008
- C:\Windows\System\iuiqELj.exe
  C:\Windows\System\iuiqELj.exe
  2⤵
  PID:10024
- C:\Windows\System\uLAwYuL.exe
  C:\Windows\System\uLAwYuL.exe
  2⤵
  PID:10040
- C:\Windows\System\vokgCau.exe
  C:\Windows\System\vokgCau.exe
  2⤵
  PID:10056
- C:\Windows\System\GiLiNHz.exe
  C:\Windows\System\GiLiNHz.exe
  2⤵
  PID:10072
- C:\Windows\System\jzLUqFZ.exe
  C:\Windows\System\jzLUqFZ.exe
  2⤵
  PID:10088
- C:\Windows\System\ByQfgdR.exe
  C:\Windows\System\ByQfgdR.exe
  2⤵
  PID:10104
- C:\Windows\System\TghhPCn.exe
  C:\Windows\System\TghhPCn.exe
  2⤵
  PID:10120
- C:\Windows\System\eUDaOsr.exe
  C:\Windows\System\eUDaOsr.exe
  2⤵
  PID:10140
- C:\Windows\System\XMJLrKc.exe
  C:\Windows\System\XMJLrKc.exe
  2⤵
  PID:10160
- C:\Windows\System\RCUYriZ.exe
  C:\Windows\System\RCUYriZ.exe
  2⤵
  PID:10176
- C:\Windows\System\jdgfLVI.exe
  C:\Windows\System\jdgfLVI.exe
  2⤵
  PID:9368
- C:\Windows\System\kVfXFWf.exe
  C:\Windows\System\kVfXFWf.exe
  2⤵
  PID:9416
- C:\Windows\System\uciKTRh.exe
  C:\Windows\System\uciKTRh.exe
  2⤵
  PID:9576
- C:\Windows\System\LYkzQcb.exe
  C:\Windows\System\LYkzQcb.exe
  2⤵
  PID:9772
- C:\Windows\System\nIFpOyw.exe
  C:\Windows\System\nIFpOyw.exe
  2⤵
  PID:9760
- C:\Windows\System\ZiWGLiC.exe
  C:\Windows\System\ZiWGLiC.exe
  2⤵
  PID:9832
- C:\Windows\System\YdaweKZ.exe
  C:\Windows\System\YdaweKZ.exe
  2⤵
  PID:9872
- C:\Windows\System\izAqYec.exe
  C:\Windows\System\izAqYec.exe
  2⤵
  PID:9972
- C:\Windows\System\iIEnuHD.exe
  C:\Windows\System\iIEnuHD.exe
  2⤵
  PID:10216
- C:\Windows\System\sTJJdtD.exe
  C:\Windows\System\sTJJdtD.exe
  2⤵
  PID:8152
- C:\Windows\System\TAxoGjl.exe
  C:\Windows\System\TAxoGjl.exe
  2⤵
  PID:9168
- C:\Windows\System\eyAGpHs.exe
  C:\Windows\System\eyAGpHs.exe
  2⤵
  PID:9436
- C:\Windows\System\lOwfnNv.exe
  C:\Windows\System\lOwfnNv.exe
  2⤵
  PID:9480
- C:\Windows\System\ebPYnUo.exe
  C:\Windows\System\ebPYnUo.exe
  2⤵
  PID:9528
- C:\Windows\System\XBZuuUQ.exe
  C:\Windows\System\XBZuuUQ.exe
  2⤵
  PID:9624
- C:\Windows\System\eWPujle.exe
  C:\Windows\System\eWPujle.exe
  2⤵
  PID:9560
- C:\Windows\System\oDNdyFh.exe
  C:\Windows\System\oDNdyFh.exe
  2⤵
  PID:9688
- C:\Windows\System\acXQFXV.exe
  C:\Windows\System\acXQFXV.exe
  2⤵
  PID:9640
- C:\Windows\System\vtWpGJh.exe
  C:\Windows\System\vtWpGJh.exe
  2⤵
  PID:9660
- C:\Windows\System\XEVhUkQ.exe
  C:\Windows\System\XEVhUkQ.exe
  2⤵
  PID:9868
- C:\Windows\System\rItAdLx.exe
  C:\Windows\System\rItAdLx.exe
  2⤵
  PID:9716
- C:\Windows\System\EKcFWRO.exe
  C:\Windows\System\EKcFWRO.exe
  2⤵
  PID:9808
- C:\Windows\System\hbQQNTL.exe
  C:\Windows\System\hbQQNTL.exe
  2⤵
  PID:9884
- C:\Windows\System\AFpzAAD.exe
  C:\Windows\System\AFpzAAD.exe
  2⤵
  PID:9908
- C:\Windows\System\SGGfPSw.exe
  C:\Windows\System\SGGfPSw.exe
  2⤵
  PID:9956
- C:\Windows\System\JvqJoFn.exe
  C:\Windows\System\JvqJoFn.exe
  2⤵
  PID:9668
- C:\Windows\System\WUDYlXD.exe
  C:\Windows\System\WUDYlXD.exe
  2⤵
  PID:9952
- C:\Windows\System\aHMueTP.exe
  C:\Windows\System\aHMueTP.exe
  2⤵
  PID:10016
- C:\Windows\System\hXfLFsb.exe
  C:\Windows\System\hXfLFsb.exe
  2⤵
  PID:10068
- C:\Windows\System\DkOOAQj.exe
  C:\Windows\System\DkOOAQj.exe
  2⤵
  PID:10100
- C:\Windows\System\fWZOMCS.exe
  C:\Windows\System\fWZOMCS.exe
  2⤵
  PID:10156
- C:\Windows\System\GywZVQY.exe
  C:\Windows\System\GywZVQY.exe
  2⤵
  PID:9920
- C:\Windows\System\DlAnFrS.exe
  C:\Windows\System\DlAnFrS.exe
  2⤵
  PID:10208
- C:\Windows\System\IUJgnEz.exe
  C:\Windows\System\IUJgnEz.exe
  2⤵
  PID:10224
- C:\Windows\System\WnBNsuc.exe
  C:\Windows\System\WnBNsuc.exe
  2⤵
  PID:9048
- C:\Windows\System\FzKEysO.exe
  C:\Windows\System\FzKEysO.exe
  2⤵
  PID:8752
- C:\Windows\System\FhgjJAY.exe
  C:\Windows\System\FhgjJAY.exe
  2⤵
  PID:9272
- C:\Windows\System\wtSSkzV.exe
  C:\Windows\System\wtSSkzV.exe
  2⤵
  PID:9292
- C:\Windows\System\brMtEuE.exe
  C:\Windows\System\brMtEuE.exe
  2⤵
  PID:9420
- C:\Windows\System\IySHpOC.exe
  C:\Windows\System\IySHpOC.exe
  2⤵
  PID:9320
- C:\Windows\System\cNGxwvs.exe
  C:\Windows\System\cNGxwvs.exe
  2⤵
  PID:9388
- C:\Windows\System\rWgxNdi.exe
  C:\Windows\System\rWgxNdi.exe
  2⤵
  PID:9596
- C:\Windows\System\fhoofsJ.exe
  C:\Windows\System\fhoofsJ.exe
  2⤵
  PID:8864
- C:\Windows\System\JTyIagv.exe
  C:\Windows\System\JTyIagv.exe
  2⤵
  PID:9756
- C:\Windows\System\tNTGxrv.exe
  C:\Windows\System\tNTGxrv.exe
  2⤵
  PID:9676
- C:\Windows\System\emTaJQo.exe
  C:\Windows\System\emTaJQo.exe
  2⤵
  PID:9680
- C:\Windows\System\AirIidu.exe
  C:\Windows\System\AirIidu.exe
  2⤵
  PID:9240
- C:\Windows\System\HZqAPqK.exe
  C:\Windows\System\HZqAPqK.exe
  2⤵
  PID:9288
- C:\Windows\System\bhgHxxq.exe
  C:\Windows\System\bhgHxxq.exe
  2⤵
  PID:9916
- C:\Windows\System\VqZrTPa.exe
  C:\Windows\System\VqZrTPa.exe
  2⤵
  PID:10064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BvrksHs.exe

Filesize
6.0MB

MD5
dea4b7d6744130218347004fbc6a81e2

SHA1
49f24734e5c41e6a7ad5d2334adec1781a2f0c35

SHA256
0da9134930f22438c9fe39a436161660fe03e86257c53e9de3544e21dc5f5119

SHA512
7f7c5e228db4495808189f866af825a10500152919298e557672fb9f199848e18a1f058d3c16a6f41f729abdd763550350025e74896d02c43198edf23ef8c143

Download Submit
C:\Windows\system\CCnPpQB.exe

Filesize
6.0MB

MD5
1cf343a131c996c19d4d08747d190da5

SHA1
7ff7a9d3f80def0bc82839583694a051dbc607b5

SHA256
84cd9a35e01b91416ae157c66fd5e737735381ebe2e09de7199d0fbddcadd6f8

SHA512
0a6b57a742f8c4d6cc9e32f8e5cf034b9a748908dd5a0201e5b7889797c4e8765189b12a21e6522b2dc4e17041a098d5d95cc494ccb394df5d16d76957f76cc4

Download Submit
C:\Windows\system\Demcatr.exe

Filesize
6.0MB

MD5
d51f48ee1ffe5c97ebbd7073920bbd69

SHA1
a590d32db7d6ccd2169683804304c59971c57e5e

SHA256
5a7ba5baf76e60b447c4015cb8e4250d2737659fe63ad719b8a768a98d9ebc39

SHA512
c8e950740f3842688e3e19ccb1b8dfe3ae8ded1735ab734e4efed1f44927c70cc4bbe310a6d12b8436f563bfeae118305b4692f928b1f7636841d7e9f766eb0a

Download Submit
C:\Windows\system\EgGlbFg.exe

Filesize
6.0MB

MD5
4f053c977ca0b07f54968da4a1621c8a

SHA1
60f7d6e1ea58987a6f54079b8c0bfb00b952bfe1

SHA256
ffac32d1b9ea4fd39a9a9094955e4403fda56688c488bd05ddd882ea32b5747f

SHA512
689b528506c440889f87e0f59dbe0da5c01696be9b713dfb420b446165fa07a84436b64ebb71453ee2432cfe1c0cb2e1fbe699b446ea310baeabae48037d9f13

Download Submit
C:\Windows\system\EsLglez.exe

Filesize
6.0MB

MD5
90c41f79ff89af6b2b2d9501b980ee27

SHA1
50c70ec25cbcc0743fbcbbc2a0396875587509bc

SHA256
3a1069cdf798f22a7a9526f8a0fbe5e9cce7713722bfa4d6990c52299ee6b450

SHA512
bbb41370bfa355aae72b5d8e565344d3e08ed494669bea3c298f563016f1b499cacb72a851bdfee043a55cc82d37feba1c151b303d357a3ee43cdd133f830c98

Download Submit
C:\Windows\system\GBRiTvt.exe

Filesize
6.0MB

MD5
bcab4b293b96778f7a9847be8e71bb56

SHA1
07fd345bd7f0749712f09f38c286d5fc073bcaf8

SHA256
a7f63b39a8eae363e6cb801ef6d9993b84fc700bbc57227e33610452491f9fb6

SHA512
49a5493198f3a1e8e1e19192823e62c50f5ec8f4087f939a65cbb6538fc6bb5d32205d1ee323b66410a16efca1610c0b289f730d22ecfb5a52cf2199f261a1a2

Download Submit
C:\Windows\system\GUFITFQ.exe

Filesize
6.0MB

MD5
b1e7d35e0c01fc1314b792e505f2b6cf

SHA1
706f9fd352f7d2631c24b51e06f35662be284d1a

SHA256
b1927e9e2ffc5ef44eafbef419ea23953cf6387b81ba257c2c878ca1a340aac9

SHA512
5199c1b672821e37d7718609fb799bc163f3008ee46f9f43b2853c85de646fff155bd3cbdac2222c8dc30b2c738fd1748a6626da5feb25c043281dbb061f549f

Download Submit
C:\Windows\system\GytyFtW.exe

Filesize
6.0MB

MD5
84b160f7c414402a5186ce1782c87929

SHA1
da372b904937cf36b08555491770b4de03a31a14

SHA256
b8da0f787cf25f242cb2acb26a0e39c2440fd5b6b4171062c3e167c96ad97c6d

SHA512
94fb429bd7c82d111118c9ad8d2e54e0eccb3ecb6ba5a4b37a2b1b082ffd34232d091e9d94bf9204c196708e175a1ce067e93393441fb29f6c04819e7715c8e0

Download Submit
C:\Windows\system\HCOIzbm.exe

Filesize
6.0MB

MD5
477b565790c2bff306b0484579b652ab

SHA1
3938291e74063ebf86be7b39d39a9a0c8a967393

SHA256
a4b4ec4d93b63740bce490eacda39b6d7e1c1154c4ef4b960a6b413be2aeebe4

SHA512
e02e0911863e017a746eba5d3551243bbff89a57902fdbbfcd2230118a6358f689dadb6101588cea277794107c5ec2836ab4e7111e4e01ffbbbd02ad88bb1f30

Download Submit
C:\Windows\system\IIhLVSu.exe

Filesize
6.0MB

MD5
1691c5632267518b5a4e000d0ac5e294

SHA1
fffc4a5f6f74151a34254979630e45049c4e9204

SHA256
04188bad69a993359a039433d6e5452d5a81a5898eb0080ac9363ef3c60fe308

SHA512
c92dea2da49e8028da3f50f477fb7135bb097127d5810837d687b52558195918a84509626030f0d48eb21b8999a2820d9e0c5bb2f221b7646c99453f88d9c9d1

Download Submit
C:\Windows\system\LmUNUUw.exe

Filesize
6.0MB

MD5
4fd007c53c07e3d8c591de33b4fcfdd8

SHA1
b4197486e0e138505fc1441320cfac6217d925e1

SHA256
5ed5f10a8559fa4eaaca7268d380b490a0a9b1bf185ca75acf61ca15a0c079ef

SHA512
7275576157be83ea031bcae806e63ce0643b0ffc1c4e50f263da69e995fd2d06e9d1a5ac7311fd7896e3c67e8a5d0ede56f04f239ace4d1f42941bb7544c8abf

Download Submit
C:\Windows\system\RMJyQRo.exe

Filesize
6.0MB

MD5
77ef2ccf1735d0d04790dac992cbc0c8

SHA1
f2a230c728e1c70ec198b2967ba23e653b099823

SHA256
5457471c93485f98739a7352e9d9015ea6634985358363abb64392b6cae6d0a1

SHA512
e09aa083db51e4ef4425372823d524f80e5a63ade1931001ad2bf882d7ad055bbc95fef1ca7518401abcd47feda642fdaecc715750dedbeb6f86fa47288e2e08

Download Submit
C:\Windows\system\SMmAdZp.exe

Filesize
6.0MB

MD5
9407e0b48b49441b7159633e7952c199

SHA1
1ec8f7f40cfcaa694806118bd11abe53ab900d41

SHA256
86b131caeb3e78e78c4afeae8480f87c7ed3cd77de4b29791400231096f3df88

SHA512
bf660df861b34582ef432cbed528167ee9e7af73cb66db58acf04ebbab2168843ccd49a785e33446340e85744873b8b065fbfc8cb3ae07390df537cdb89430cc

Download Submit
C:\Windows\system\SQpbrcw.exe

Filesize
6.0MB

MD5
155948fdad1870b53a88261fb75e23e7

SHA1
63d90de96cb036ca05785f37abdaf87da9216af0

SHA256
75a8a321d15c6c4a0d6fa73b5da1500184bce0bb5f42c8ec4bd5fed2dd9f4777

SHA512
2dbd9f822a638237884da0cac5da9e6844d1b1c25bbdfd396b30021041adb5a6d5c00861b16392a8621a9ed66f9e59f1c077957c3ae8e51ad136357bc4746a3e

Download Submit
C:\Windows\system\UqfSWXt.exe

Filesize
6.0MB

MD5
cc3e3b604ca47f286c7fe79e6c41e1f7

SHA1
fd2cfa3d6632e08a9cb3978cdb211244a6d5a075

SHA256
6380c578de4bc883bbca5122e13f170d74b53c0724ad1faff9a8af8ff9ae755a

SHA512
d42240832104e7841efb08994cfc6c5147b4193d6306820da2c5187a751cf081e0aa77fbe0133a2401333ffb52c38edbcb6545a238e6302d5430e0bf13b87a54

Download Submit
C:\Windows\system\aeSfynj.exe

Filesize
6.0MB

MD5
3e5fffd6fc298d022b97c0bff6b06fa9

SHA1
0ed0c758a941d20ccc8c27226ff58babd2a764d7

SHA256
330130220d5f83b618fa636a5e2b744a62f81afd06de8c31a78954de485d60db

SHA512
cfb88d0b94d49922d1c048b4764a9fc1945001647d15d8376c42a978e9310608e28fa5428fa592c59d7551a71c9ffabedae19fec8aeeefba70c40ca16f57a763

Download Submit
C:\Windows\system\dbFeFCG.exe

Filesize
6.0MB

MD5
75e2c6793768f98c568c5269bcd43f73

SHA1
5ef27deada2b70c82637501bb541dff7ad7173e9

SHA256
afe1311a332532b0d44df2dc079b5d5e2ca44250d4e79d5b7969c6d2862602af

SHA512
fefbb5307ad15939ec340c11d62f8bbc22996d121d26ca9e693d7e57076d49408d73df6b23384783550f8d2746e5bffbebba16662a06ac42a756113ec7ae5f4b

Download Submit
C:\Windows\system\hJKAoHs.exe

Filesize
6.0MB

MD5
616d4fc9af6356ba24b86e5b1eb61120

SHA1
27d153e4433b66f9304585fc5b3f795b4324095f

SHA256
5d12b7c1c032cb63c4f26d05511e12e043dda67e11346b78b37f99ae79abfc13

SHA512
f3cc4ff6333175424c57bbe9e08604d726ceb60e4c4b94a9c2f2e8b727188445aeeadab7d57e0d7ac49b77dc6c3d5df097481fc6d8983605a078b03f0f311691

Download Submit
C:\Windows\system\hPbesTj.exe

Filesize
6.0MB

MD5
f1af9b04664eed0a16e2307b0be1611c

SHA1
1193fbc35145c94c44aad7ba4c3e8c02e06a1c60

SHA256
24faf475a00e6c3188f796406137b2ed43936dc410fe0434629456f3b930d6b9

SHA512
f12c14d4db5b708ee7f82db0842ec48d2ba233cc259983fa9eecd07dc8eff9d1f55e57ff3c8ab656be55ce248130d4ff91786f3db4083797030ab893c5c04f19

Download Submit
C:\Windows\system\mjYxmUt.exe

Filesize
6.0MB

MD5
cf9173cbf233e786456c97d51a1b1670

SHA1
528a78958db95edf2e70d358e8a6ba9104e5ad72

SHA256
56e2e2f35ae70b49c2333820ac0b22064e0e0cf0b2b0072e1f0a0ada3cfe2130

SHA512
28bad310958af0149263693f7170bd9dfbd1d00e36845cf807f11f82ad6854ec4055b975b253838945c117e749f5320571de60e2046f4e520a57beedf73c51c6

Download Submit
C:\Windows\system\uIlFnUX.exe

Filesize
6.0MB

MD5
f5bf7df76ef66b647d1d48ae8b4c8a28

SHA1
851839671c519e079098444e85df7266fa3a0059

SHA256
51154538b4f17d3553e813bccb198e2759669af244727d0d418c550ef9ec3ecc

SHA512
22754e9d943f28ea7f18a2d7232c3fdddbe0f74b936c866a4679919a32765bc8072547fd2c84f70b65eb2c688f54d3991c164c99b61426258a86920322b0b78f

Download Submit
\Windows\system\EXzggpc.exe

Filesize
6.0MB

MD5
8c1d743ffcdbce1b07417e41de77f269

SHA1
fd7e6184d67819046045d0f0def47ce576257e92

SHA256
dadf11488cb3c12d3b89dbbe52f16d0984e3d2cb877073c0dc3260561d883569

SHA512
a4e92c67223267ac731e5070872d5cd2a78e09554c9ef0c9cc99e2bb4637124ea3cba60c5d4c757c45f85d0ad489144ddc3b46ccaa5a52325feec172741fafc4

Download Submit
\Windows\system\GeQmuoU.exe

Filesize
6.0MB

MD5
3175530dd7507a5b4babc1585c76f9f6

SHA1
2facf48421879ee1ca88b3721ff746716a94b61b

SHA256
1052e3fd4013a2cf0500ec8c79a2c5722f965a303d566ae7bea8506fde2e8198

SHA512
cd5c6ba48851b21ac0a80660b8ab679c89d3f11762625bdb01b884ac07815f44c74c44edbf33b3b39e70391810726287210bd8dfcf09766c2d6d6bd540257a3b

Download Submit
\Windows\system\QBPjGRc.exe

Filesize
6.0MB

MD5
c81569bc27fda0fb31655ff91d7989a7

SHA1
10a8aebdcc5236a9bd6d8f375d228ad88926e057

SHA256
3a410cc8cefc44dffcab0c36c04ee8932d4337df9b72372b9757f2034e2fe3f2

SHA512
c9690ab729267313e6ddd39e42d20839ca5eb5f8aff848c4283e60189a64ef8949640f2dc312f9e10fa42e7e7dea9f6c46a1f3bf27f69c9582e16d8ab185f84e

Download Submit
\Windows\system\TuHJeSI.exe

Filesize
6.0MB

MD5
980789afdb3be41ca5c50f36890d4022

SHA1
e1c656e6452169a42d88b4f944841fbbea532b65

SHA256
7752c50c7e81b67891735da4b90a33cfad6a90d210db9be141a720f22d940466

SHA512
b5739b37e6da2a59fefd5d084d54ad0a983b924888b6aa02a2a0f1c873676e2343fbabb17d0084a9ea72ae31e841b60b44bb908bd1f82580b5accbf209cf7a26

Download Submit
\Windows\system\XnkwWMi.exe

Filesize
6.0MB

MD5
069fa57d3c668dc4cef94ffa7e1ea564

SHA1
906ad4c45580773bc001a9dbcc095c64292a5d92

SHA256
b1ad7558b33dd13e2d7ebf4318c0fda5abf427874744ab5b17dfbbaa6fef8f36

SHA512
92eda6a9abbd6826ed0e83eff93c351dff5af210d3c26af2fed8d7ccdd483e7069a9be7568fff6c8f9f6cfe172d99e90396e4546817eba107c830f06e414925a

Download Submit
\Windows\system\ZaUsdGx.exe

Filesize
6.0MB

MD5
fb0a197bb39c2dbda639c553fe6b641f

SHA1
e867ccaeda301f808b78af70107d9597abc5126f

SHA256
d6a15aae4d72a89f57bbecd559719af3ae5edf7d78dd1e90bc064abd11029927

SHA512
6ab25ce11cb620d80b94cbeaaf033232be6bf1bc14106728b3ebd7472272ad8c82843ddb9581b16aa208ff3d2279bacd6394c3ce704f2bddd5b4a422fd0027bd

Download Submit
\Windows\system\baiOXcP.exe

Filesize
6.0MB

MD5
4d7d3d4dd75bf3540d209700316faede

SHA1
bd0386fcf4bee29e34ede1aa1456e83905674ebb

SHA256
4e421bdbd7f9b298fee4c7cd3490ba1f11184e1696067eef5b12722697898858

SHA512
0f9477b10e4f0049e65216926dfa6ef32730054ed4e4192053e92aeda3ea2aff266fe1727df84e6fe8912665cb2724ac3fce2fc77e51f1a2a0790aeaa1db6c8d

Download Submit
\Windows\system\cyBnTDC.exe

Filesize
6.0MB

MD5
24d1ef6c474c18726ee7d8adc90e79d3

SHA1
ea094dcf9dab89640e01e79e68642b5abf99b1db

SHA256
3864958162ad9f7d7e11e43d3ca16cd65afab7ff6f2f577462ba927fdc43cf4d

SHA512
e76f86ccf451cd69b53d3af8a16fb8cf369dc1b915612a664c9c410bf68501a04887e03153a445aa480e402633be0c1abb50028facff8d4baf1b68cd330c1034

Download Submit
\Windows\system\dCKeNNb.exe

Filesize
6.0MB

MD5
1001f06c8ed9918fd9ba43375ef658ca

SHA1
e7c39abc4f2f16a8709c51fd25508208530397f6

SHA256
21cc574a78d2e90b4155d6bb87ca39ffe312459156c822676bb34a5d3c28a2c3

SHA512
8326f1e11146480eecc5fde8d8edd2018298e8f56858ad4aea8366408720d44a409bed2f977527867b2507c03aec2e53854beb128206158a647e58e4f903a5b7

Download Submit
\Windows\system\iFJPOnA.exe

Filesize
6.0MB

MD5
8132874ef3a372c1efd27867bd2a3232

SHA1
7ddb0f25329a7b358009bd7f7d873e374888e141

SHA256
92b24398a50fea50305f916ea788579ff7a92a0ce2524eb56de68bd04c39aed3

SHA512
67800537d40ba5fd599c44c37d9b6f94db3091e392c9ef5782e0555a8a7a5f14d01e6d7af1414c8a2760669d54c1da0044aecea4c81af500b3307ecd80a1e977

Download Submit
\Windows\system\jymPRtY.exe

Filesize
6.0MB

MD5
5e880da008f64416c16812d8c2546cf3

SHA1
761831067fc1892a51cdf59b47b3fa88dba607f2

SHA256
669e9a465b332ca15487339f0351e3bed6220c45be87625695a28363b8280fa3

SHA512
4553f73f185eeef8355ba384b2a80c59a49867c0f681a3686a37e8b81ac9f9713d393a61f37de45a87d6ac7d58d28894d9bc32fffc7ad921b769898a34691cab

Download Submit
\Windows\system\nUCUwER.exe

Filesize
6.0MB

MD5
c4833f8eacd66b26480eda1b012a11ee

SHA1
f66439b5e05d7032d810a5ce9d58ce1b131bcd99

SHA256
1ae2424de7f3af4184f873c2e62152fa7d0209bdfbb0f58c940bcecc84d3fa15

SHA512
b7b42c24409c2ace9dd24b14d1e8f556b7943ea38b69c01031f98a1b08461da44d685daf512cd5c4657760cb2d62077ed3f0b7e0d115615ce39415dc58d87521

Download Submit
\Windows\system\ooUFcHA.exe

Filesize
6.0MB

MD5
035f780bb1ca508e01866750c8c7d5a1

SHA1
c8e8b1ea95a11fecf0f39a5860de537b5a4ae89b

SHA256
9069dc820f67b1eeeefa55b07c2932f04322f456f32449a0d8c3a1a95b0c7ba6

SHA512
4c9e8168ea07801f0f1759446c0039ae1ae4fcf2ea1cecb79dc2c25c5d90dcb30c0350a770743c59a93e1cce7b730c94c880d98cc257fee291f3e158e2b004d8

Download Submit
\Windows\system\qrYxDWF.exe

Filesize
6.0MB

MD5
7d4074da113ad9cf14b57aeb3e8a96e2

SHA1
2a7259e596029b134adba391894bf3f98a670d58

SHA256
d9edc2507c901e00c395c50dc0988ca3051f1ed7ab0c3b1081e38466176e3154

SHA512
16c8a4b96f5ef1fbd08ea287568de9609d894d6b8bae2f342ab0ad4ecced52ae850d3e79cc973a7897bd23a21e6553fa44241055ec77677a1f3f51adca68886e

Download Submit
\Windows\system\segNbyW.exe

Filesize
6.0MB

MD5
c3fb2ef194febc43c664c4350eb62c93

SHA1
14e0ee5eafb0fbe92e593e2658b5f50900282db1

SHA256
e097bb82178f42bfd92cc84570ea7895e625c1fe6bab34c6b83f90d78c938a72

SHA512
b58ea352d5671a9b4e61f26876d48fbbc959ebc702d294eef8835b38504f75f0cbcc03b54add519ccf22afba18960d0bc82e8a6c100f21138f4e58c3817c4fd7

Download Submit
\Windows\system\viaPKOT.exe

Filesize
6.0MB

MD5
1a1649748efc57204b92afe9fe7f2c98

SHA1
ea7280cbcd2122b2bcc0a93d8abcfb15fa934c7b

SHA256
6e03dd91f665d3223702d889e740ed5b24febe96cfa08cf0d52a89d4feed8bd9

SHA512
0517cd3588b1528752c3e2f3b1a84a599cf835e1b5b4c0030ec0e348d3ad5964a68df411072607252f1eaf2aa02951fa82f4c148f61d7871972063ac9b47da75

Download Submit
\Windows\system\wDoqxiL.exe

Filesize
6.0MB

MD5
b8088cc3426c3e7242d756eeb1efc372

SHA1
580e445ecad49b424404167f6b2d067cbebd278f

SHA256
a6830ce7bc53a342cec50b6892b171ca5fdacc1c21139d6b81f631742b5084cb

SHA512
0d430164a24cc0e3b4ffe1254112d470aea4283c157929c84ff4f6f92efaf625351b17714e35e1b8e9537af73f1ab67102811a92d3944eab222eadb928bc0b95

Download Submit
memory/1608-75-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/1608-2878-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2072-57-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2107-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2875-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2871-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2108-41-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2168-101-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-2958-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2877-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-14-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-31-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2874-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-15-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2864-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2576-91-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-2881-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2953-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2708-145-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2808-166-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2962-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2186-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2282-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2904-67-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-174-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2904-49-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-21-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2108-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-175-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2904-97-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2189-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2255-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2283-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-12-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2268-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-176-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2904-177-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2904-178-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-0-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2904-179-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-180-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-34-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-172-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-181-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-689-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download