cobaltstrike | 71281a455fdc58f80f00fe4bb41ecc8c4889ae006655c42df00fcb2acd704899

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8c6bcd57220042d762aeecad774852a9
SHA1

efa175262eddd2f136693af997f0c7fe3d9832b7
SHA256

71281a455fdc58f80f00fe4bb41ecc8c4889ae006655c42df00fcb2acd704899
SHA512

bdf4d6c0bbfc72635d68d9d2d446105a9b369e3b484b7db0ee34bb4e689ec9445f8fc10feb9d8ef2f021fcaa9f58f93ad4ee25d3dd1c2c7f89dda3ead6179673
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193d9-14.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193df-9.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019401-24.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001947e-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c4a-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d54-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43f-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a443-202.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a441-198.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43d-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a354-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a311-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b3-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08b-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a078-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fc9-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019faf-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc1-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d2d-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c63-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c48-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c43-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998a-99.dat	cobalt_reflective_dll
behavioral1/files/0x00350000000193be-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-73.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001967d-65.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019441-50.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001942f-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019403-35.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1876-1-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x00070000000193d9-14.dat	xmrig
behavioral1/memory/2812-15-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2792-13-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x00060000000193df-9.dat	xmrig
behavioral1/memory/2108-22-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/files/0x0006000000019401-24.dat	xmrig
behavioral1/memory/2760-29-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2688-37-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2544-42-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x000700000001947e-54.dat	xmrig
behavioral1/memory/2108-59-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2604-60-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2688-74-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/1748-75-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/1080-83-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2160-91-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2612-90-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c4a-121.dat	xmrig
behavioral1/files/0x0005000000019d54-136.dat	xmrig
behavioral1/files/0x000500000001a43f-190.dat	xmrig
behavioral1/memory/800-904-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2088-757-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2160-553-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/1876-448-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/1080-384-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a443-202.dat	xmrig
behavioral1/files/0x000500000001a441-198.dat	xmrig
behavioral1/memory/1748-187-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x000500000001a43d-184.dat	xmrig
behavioral1/files/0x000500000001a354-181.dat	xmrig
behavioral1/files/0x000500000001a311-176.dat	xmrig
behavioral1/files/0x000500000001a0b3-171.dat	xmrig
behavioral1/files/0x000500000001a08b-166.dat	xmrig
behavioral1/files/0x000500000001a078-161.dat	xmrig
behavioral1/files/0x0005000000019fc9-156.dat	xmrig
behavioral1/files/0x0005000000019faf-151.dat	xmrig
behavioral1/files/0x0005000000019dc1-146.dat	xmrig
behavioral1/files/0x0005000000019db5-141.dat	xmrig
behavioral1/files/0x0005000000019d2d-131.dat	xmrig
behavioral1/files/0x0005000000019c63-126.dat	xmrig
behavioral1/files/0x0005000000019c48-117.dat	xmrig
behavioral1/memory/800-109-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/1368-108-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c43-107.dat	xmrig
behavioral1/memory/2088-101-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2604-100-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001998a-99.dat	xmrig
behavioral1/files/0x00350000000193be-89.dat	xmrig
behavioral1/memory/1876-87-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/1876-86-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2544-82-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000196f6-81.dat	xmrig
behavioral1/files/0x00050000000196be-73.dat	xmrig
behavioral1/memory/1368-67-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2760-66-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x000600000001967d-65.dat	xmrig
behavioral1/memory/2612-52-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2812-51-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019441-50.dat	xmrig
behavioral1/memory/2792-46-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x000600000001942f-41.dat	xmrig
behavioral1/memory/1876-36-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2792	gxOmkzV.exe
2812	dSaVVHD.exe
2108	YJHOzhE.exe
2760	VCrGTCD.exe
2688	buDxFhb.exe
2544	RwcCCpI.exe
2612	sXcuilj.exe
2604	JoCMDPg.exe
1368	flHsQPe.exe
1748	irRFGiw.exe
1080	wnYmRWQ.exe
2160	ggUhGtg.exe
2088	RcVHpgN.exe
800	PcuWdac.exe
2836	hckjYOn.exe
1992	FDoVDNR.exe
592	rLfIEHW.exe
112	RDJNMCf.exe
1344	KOsuahT.exe
2928	oLoQEBv.exe
2056	uIumpFL.exe
1168	vsliaEg.exe
2400	XgWBGda.exe
444	MNtRBNV.exe
2960	ePMEzDz.exe
1204	YRJqLXH.exe
700	UuBRHrl.exe
1140	AVOukFT.exe
960	RgeOhMO.exe
2504	LUVXZNM.exe
1092	qkuhNVW.exe
2952	BquqEQW.exe
828	aTTJhTL.exe
1752	oFYAJXQ.exe
1784	kWgIaAz.exe
1712	YOPMhrJ.exe
2512	Wtohkog.exe
2304	QxRwiNv.exe
2332	EJtrujn.exe
1456	CpfjsRW.exe
1216	snoqMgT.exe
1756	wIjgkSt.exe
2484	KklRtko.exe
2248	bLkftxe.exe
2436	pSOiwMS.exe
1812	viOzGzI.exe
904	dFsNbse.exe
776	doauevi.exe
2508	uAIyAwB.exe
2412	yMxJdBd.exe
1688	SZMLnCx.exe
2800	pgJiqnj.exe
2712	cbeTWlv.exe
2568	iJPaAFw.exe
2596	tXxdLFK.exe
2988	YfuVnRr.exe
1716	sjvbegG.exe
1308	lhogTwa.exe
1172	QGbMgJi.exe
1680	ciUwGtT.exe
532	BngIxzf.exe
2776	vludefO.exe
2932	aZutNUO.exe
2096	BsaDpvG.exe

Loads dropped DLL 64 IoCs

pid	Process
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1876-1-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x00070000000193d9-14.dat	upx
behavioral1/memory/2812-15-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2792-13-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/1876-8-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x00060000000193df-9.dat	upx
behavioral1/memory/2108-22-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/files/0x0006000000019401-24.dat	upx
behavioral1/memory/2760-29-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2688-37-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2544-42-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x000700000001947e-54.dat	upx
behavioral1/memory/2108-59-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2604-60-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2688-74-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/1748-75-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/1080-83-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2160-91-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2612-90-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x0005000000019c4a-121.dat	upx
behavioral1/files/0x0005000000019d54-136.dat	upx
behavioral1/files/0x000500000001a43f-190.dat	upx
behavioral1/memory/800-904-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2088-757-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2160-553-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/1080-384-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x000500000001a443-202.dat	upx
behavioral1/files/0x000500000001a441-198.dat	upx
behavioral1/memory/1748-187-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x000500000001a43d-184.dat	upx
behavioral1/files/0x000500000001a354-181.dat	upx
behavioral1/files/0x000500000001a311-176.dat	upx
behavioral1/files/0x000500000001a0b3-171.dat	upx
behavioral1/files/0x000500000001a08b-166.dat	upx
behavioral1/files/0x000500000001a078-161.dat	upx
behavioral1/files/0x0005000000019fc9-156.dat	upx
behavioral1/files/0x0005000000019faf-151.dat	upx
behavioral1/files/0x0005000000019dc1-146.dat	upx
behavioral1/files/0x0005000000019db5-141.dat	upx
behavioral1/files/0x0005000000019d2d-131.dat	upx
behavioral1/files/0x0005000000019c63-126.dat	upx
behavioral1/files/0x0005000000019c48-117.dat	upx
behavioral1/memory/800-109-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/1368-108-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0005000000019c43-107.dat	upx
behavioral1/memory/2088-101-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2604-100-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x000500000001998a-99.dat	upx
behavioral1/files/0x00350000000193be-89.dat	upx
behavioral1/memory/2544-82-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x00050000000196f6-81.dat	upx
behavioral1/files/0x00050000000196be-73.dat	upx
behavioral1/memory/1368-67-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2760-66-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x000600000001967d-65.dat	upx
behavioral1/memory/2612-52-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2812-51-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0007000000019441-50.dat	upx
behavioral1/memory/2792-46-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x000600000001942f-41.dat	upx
behavioral1/memory/1876-36-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0006000000019403-35.dat	upx
behavioral1/memory/2792-3516-0x000000013F340000-0x000000013F694000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rmPKCtf.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRZZhxG.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zluTCUu.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPReDSi.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTyKxgd.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JizlZTJ.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGJmPBX.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhuDTjh.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNMgpRo.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddvOQaD.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFGMUdf.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJIeRrt.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgNMkin.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkKGxhR.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syZMLXA.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCPSRDp.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jDWHawu.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvcKOYO.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzLUCkG.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmqJpJW.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMcpcrk.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVDctaL.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVIieky.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mrvIPXA.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtilOzm.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UeDpRdY.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFdHabB.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhfWmWL.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUlPOSS.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWScDwP.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUKomZG.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubBaZow.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsajKlt.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aQKXXFb.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLCysAF.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdtrbhL.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIoYAMq.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Tkyizix.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZmIQsG.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqlSnkA.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waUfsJH.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPkpfPT.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mrWYzXa.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVgmgCZ.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqBcNlA.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hHmBwhh.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjYNrJx.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDTKqBu.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsmbPZU.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahybWox.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoxvVWJ.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vWqWEAJ.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UoGFQEw.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOKSSFP.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYdtiXk.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfBdJJE.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTQPHlm.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rykSCku.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSToYyD.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByrBOLw.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBpIiSb.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDiKmpb.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KebGCnw.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlzsWne.exe	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 2792	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1876 wrote to memory of 2792	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1876 wrote to memory of 2792	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1876 wrote to memory of 2812	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1876 wrote to memory of 2812	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1876 wrote to memory of 2812	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1876 wrote to memory of 2108	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1876 wrote to memory of 2108	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1876 wrote to memory of 2108	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1876 wrote to memory of 2760	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1876 wrote to memory of 2760	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1876 wrote to memory of 2760	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1876 wrote to memory of 2688	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1876 wrote to memory of 2688	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1876 wrote to memory of 2688	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1876 wrote to memory of 2544	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1876 wrote to memory of 2544	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1876 wrote to memory of 2544	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1876 wrote to memory of 2612	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1876 wrote to memory of 2612	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1876 wrote to memory of 2612	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1876 wrote to memory of 2604	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1876 wrote to memory of 2604	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1876 wrote to memory of 2604	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1876 wrote to memory of 1368	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1876 wrote to memory of 1368	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1876 wrote to memory of 1368	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1876 wrote to memory of 1748	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1876 wrote to memory of 1748	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1876 wrote to memory of 1748	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1876 wrote to memory of 1080	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1876 wrote to memory of 1080	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1876 wrote to memory of 1080	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1876 wrote to memory of 2160	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1876 wrote to memory of 2160	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1876 wrote to memory of 2160	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1876 wrote to memory of 2088	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1876 wrote to memory of 2088	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1876 wrote to memory of 2088	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1876 wrote to memory of 800	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1876 wrote to memory of 800	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1876 wrote to memory of 800	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1876 wrote to memory of 2836	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1876 wrote to memory of 2836	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1876 wrote to memory of 2836	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1876 wrote to memory of 1992	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1876 wrote to memory of 1992	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1876 wrote to memory of 1992	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1876 wrote to memory of 592	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1876 wrote to memory of 592	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1876 wrote to memory of 592	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1876 wrote to memory of 112	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1876 wrote to memory of 112	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1876 wrote to memory of 112	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1876 wrote to memory of 1344	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1876 wrote to memory of 1344	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1876 wrote to memory of 1344	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1876 wrote to memory of 2928	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1876 wrote to memory of 2928	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1876 wrote to memory of 2928	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1876 wrote to memory of 2056	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1876 wrote to memory of 2056	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1876 wrote to memory of 2056	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1876 wrote to memory of 1168	1876	2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_8c6bcd57220042d762aeecad774852a9_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\System\gxOmkzV.exe
  C:\Windows\System\gxOmkzV.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\dSaVVHD.exe
  C:\Windows\System\dSaVVHD.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\YJHOzhE.exe
  C:\Windows\System\YJHOzhE.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\VCrGTCD.exe
  C:\Windows\System\VCrGTCD.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\buDxFhb.exe
  C:\Windows\System\buDxFhb.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\RwcCCpI.exe
  C:\Windows\System\RwcCCpI.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\sXcuilj.exe
  C:\Windows\System\sXcuilj.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\JoCMDPg.exe
  C:\Windows\System\JoCMDPg.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\flHsQPe.exe
  C:\Windows\System\flHsQPe.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\irRFGiw.exe
  C:\Windows\System\irRFGiw.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\wnYmRWQ.exe
  C:\Windows\System\wnYmRWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\ggUhGtg.exe
  C:\Windows\System\ggUhGtg.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\RcVHpgN.exe
  C:\Windows\System\RcVHpgN.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\PcuWdac.exe
  C:\Windows\System\PcuWdac.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\hckjYOn.exe
  C:\Windows\System\hckjYOn.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\FDoVDNR.exe
  C:\Windows\System\FDoVDNR.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\rLfIEHW.exe
  C:\Windows\System\rLfIEHW.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\RDJNMCf.exe
  C:\Windows\System\RDJNMCf.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\KOsuahT.exe
  C:\Windows\System\KOsuahT.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\oLoQEBv.exe
  C:\Windows\System\oLoQEBv.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\uIumpFL.exe
  C:\Windows\System\uIumpFL.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\vsliaEg.exe
  C:\Windows\System\vsliaEg.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\XgWBGda.exe
  C:\Windows\System\XgWBGda.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\MNtRBNV.exe
  C:\Windows\System\MNtRBNV.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\ePMEzDz.exe
  C:\Windows\System\ePMEzDz.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\YRJqLXH.exe
  C:\Windows\System\YRJqLXH.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\UuBRHrl.exe
  C:\Windows\System\UuBRHrl.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\AVOukFT.exe
  C:\Windows\System\AVOukFT.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\LUVXZNM.exe
  C:\Windows\System\LUVXZNM.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\RgeOhMO.exe
  C:\Windows\System\RgeOhMO.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\qkuhNVW.exe
  C:\Windows\System\qkuhNVW.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\BquqEQW.exe
  C:\Windows\System\BquqEQW.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\aTTJhTL.exe
  C:\Windows\System\aTTJhTL.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\oFYAJXQ.exe
  C:\Windows\System\oFYAJXQ.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\kWgIaAz.exe
  C:\Windows\System\kWgIaAz.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\YOPMhrJ.exe
  C:\Windows\System\YOPMhrJ.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\Wtohkog.exe
  C:\Windows\System\Wtohkog.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\QxRwiNv.exe
  C:\Windows\System\QxRwiNv.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\EJtrujn.exe
  C:\Windows\System\EJtrujn.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\CpfjsRW.exe
  C:\Windows\System\CpfjsRW.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\snoqMgT.exe
  C:\Windows\System\snoqMgT.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\wIjgkSt.exe
  C:\Windows\System\wIjgkSt.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\KklRtko.exe
  C:\Windows\System\KklRtko.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\bLkftxe.exe
  C:\Windows\System\bLkftxe.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\pSOiwMS.exe
  C:\Windows\System\pSOiwMS.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\viOzGzI.exe
  C:\Windows\System\viOzGzI.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\dFsNbse.exe
  C:\Windows\System\dFsNbse.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\doauevi.exe
  C:\Windows\System\doauevi.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\uAIyAwB.exe
  C:\Windows\System\uAIyAwB.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\yMxJdBd.exe
  C:\Windows\System\yMxJdBd.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\SZMLnCx.exe
  C:\Windows\System\SZMLnCx.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\pgJiqnj.exe
  C:\Windows\System\pgJiqnj.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\cbeTWlv.exe
  C:\Windows\System\cbeTWlv.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\iJPaAFw.exe
  C:\Windows\System\iJPaAFw.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\tXxdLFK.exe
  C:\Windows\System\tXxdLFK.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\YfuVnRr.exe
  C:\Windows\System\YfuVnRr.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\sjvbegG.exe
  C:\Windows\System\sjvbegG.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\lhogTwa.exe
  C:\Windows\System\lhogTwa.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\QGbMgJi.exe
  C:\Windows\System\QGbMgJi.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\ciUwGtT.exe
  C:\Windows\System\ciUwGtT.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\BngIxzf.exe
  C:\Windows\System\BngIxzf.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\vludefO.exe
  C:\Windows\System\vludefO.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\aZutNUO.exe
  C:\Windows\System\aZutNUO.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\BsaDpvG.exe
  C:\Windows\System\BsaDpvG.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\yFZKnab.exe
  C:\Windows\System\yFZKnab.exe
  2⤵
  PID:1096
- C:\Windows\System\cgWpPwQ.exe
  C:\Windows\System\cgWpPwQ.exe
  2⤵
  PID:3048
- C:\Windows\System\hSEJbUm.exe
  C:\Windows\System\hSEJbUm.exe
  2⤵
  PID:1104
- C:\Windows\System\YSoIkyP.exe
  C:\Windows\System\YSoIkyP.exe
  2⤵
  PID:1296
- C:\Windows\System\lJXUIfj.exe
  C:\Windows\System\lJXUIfj.exe
  2⤵
  PID:3032
- C:\Windows\System\hjwbPJF.exe
  C:\Windows\System\hjwbPJF.exe
  2⤵
  PID:464
- C:\Windows\System\zfOFUTa.exe
  C:\Windows\System\zfOFUTa.exe
  2⤵
  PID:1848
- C:\Windows\System\gCgypvw.exe
  C:\Windows\System\gCgypvw.exe
  2⤵
  PID:1792
- C:\Windows\System\wXOLzqR.exe
  C:\Windows\System\wXOLzqR.exe
  2⤵
  PID:644
- C:\Windows\System\JdSHeUu.exe
  C:\Windows\System\JdSHeUu.exe
  2⤵
  PID:1452
- C:\Windows\System\vPQOZCF.exe
  C:\Windows\System\vPQOZCF.exe
  2⤵
  PID:2092
- C:\Windows\System\LqKJhre.exe
  C:\Windows\System\LqKJhre.exe
  2⤵
  PID:1380
- C:\Windows\System\rmPKCtf.exe
  C:\Windows\System\rmPKCtf.exe
  2⤵
  PID:3036
- C:\Windows\System\AtypKBJ.exe
  C:\Windows\System\AtypKBJ.exe
  2⤵
  PID:2084
- C:\Windows\System\oxEGUaa.exe
  C:\Windows\System\oxEGUaa.exe
  2⤵
  PID:1772
- C:\Windows\System\YaSPsLV.exe
  C:\Windows\System\YaSPsLV.exe
  2⤵
  PID:1200
- C:\Windows\System\gIpmmSE.exe
  C:\Windows\System\gIpmmSE.exe
  2⤵
  PID:3052
- C:\Windows\System\TVthdqE.exe
  C:\Windows\System\TVthdqE.exe
  2⤵
  PID:2064
- C:\Windows\System\FsYogAI.exe
  C:\Windows\System\FsYogAI.exe
  2⤵
  PID:2700
- C:\Windows\System\UDeWqKR.exe
  C:\Windows\System\UDeWqKR.exe
  2⤵
  PID:2592
- C:\Windows\System\BuVEOMj.exe
  C:\Windows\System\BuVEOMj.exe
  2⤵
  PID:3008
- C:\Windows\System\dkBJqgl.exe
  C:\Windows\System\dkBJqgl.exe
  2⤵
  PID:2996
- C:\Windows\System\xLoPLEG.exe
  C:\Windows\System\xLoPLEG.exe
  2⤵
  PID:1676
- C:\Windows\System\tcXQTfd.exe
  C:\Windows\System\tcXQTfd.exe
  2⤵
  PID:2852
- C:\Windows\System\mwcSSLT.exe
  C:\Windows\System\mwcSSLT.exe
  2⤵
  PID:2528
- C:\Windows\System\TvOBsln.exe
  C:\Windows\System\TvOBsln.exe
  2⤵
  PID:576
- C:\Windows\System\ySFLrlP.exe
  C:\Windows\System\ySFLrlP.exe
  2⤵
  PID:2404
- C:\Windows\System\udlsGxG.exe
  C:\Windows\System\udlsGxG.exe
  2⤵
  PID:1152
- C:\Windows\System\QKzGOxX.exe
  C:\Windows\System\QKzGOxX.exe
  2⤵
  PID:1708
- C:\Windows\System\xTzMtcw.exe
  C:\Windows\System\xTzMtcw.exe
  2⤵
  PID:916
- C:\Windows\System\LGKyPpp.exe
  C:\Windows\System\LGKyPpp.exe
  2⤵
  PID:2136
- C:\Windows\System\lNfjTnx.exe
  C:\Windows\System\lNfjTnx.exe
  2⤵
  PID:1684
- C:\Windows\System\gvGHTkq.exe
  C:\Windows\System\gvGHTkq.exe
  2⤵
  PID:1460
- C:\Windows\System\LdSWXfY.exe
  C:\Windows\System\LdSWXfY.exe
  2⤵
  PID:2940
- C:\Windows\System\NscKPeI.exe
  C:\Windows\System\NscKPeI.exe
  2⤵
  PID:2124
- C:\Windows\System\iDoPxYz.exe
  C:\Windows\System\iDoPxYz.exe
  2⤵
  PID:2356
- C:\Windows\System\dUoxsLB.exe
  C:\Windows\System\dUoxsLB.exe
  2⤵
  PID:1596
- C:\Windows\System\zluTCUu.exe
  C:\Windows\System\zluTCUu.exe
  2⤵
  PID:2884
- C:\Windows\System\vExqqVv.exe
  C:\Windows\System\vExqqVv.exe
  2⤵
  PID:2744
- C:\Windows\System\FpqDfvQ.exe
  C:\Windows\System\FpqDfvQ.exe
  2⤵
  PID:1960
- C:\Windows\System\dFjYFPK.exe
  C:\Windows\System\dFjYFPK.exe
  2⤵
  PID:1120
- C:\Windows\System\ZiMKPlA.exe
  C:\Windows\System\ZiMKPlA.exe
  2⤵
  PID:2424
- C:\Windows\System\eUFibMJ.exe
  C:\Windows\System\eUFibMJ.exe
  2⤵
  PID:1880
- C:\Windows\System\zIeSdwI.exe
  C:\Windows\System\zIeSdwI.exe
  2⤵
  PID:1740
- C:\Windows\System\vFukBYE.exe
  C:\Windows\System\vFukBYE.exe
  2⤵
  PID:2444
- C:\Windows\System\cNtaAKd.exe
  C:\Windows\System\cNtaAKd.exe
  2⤵
  PID:3096
- C:\Windows\System\avpWiCq.exe
  C:\Windows\System\avpWiCq.exe
  2⤵
  PID:3116
- C:\Windows\System\xAHUlyT.exe
  C:\Windows\System\xAHUlyT.exe
  2⤵
  PID:3136
- C:\Windows\System\RPnpBdU.exe
  C:\Windows\System\RPnpBdU.exe
  2⤵
  PID:3156
- C:\Windows\System\XwWnWkV.exe
  C:\Windows\System\XwWnWkV.exe
  2⤵
  PID:3180
- C:\Windows\System\vdRntxV.exe
  C:\Windows\System\vdRntxV.exe
  2⤵
  PID:3200
- C:\Windows\System\DhIcfyj.exe
  C:\Windows\System\DhIcfyj.exe
  2⤵
  PID:3220
- C:\Windows\System\hxBxFuI.exe
  C:\Windows\System\hxBxFuI.exe
  2⤵
  PID:3240
- C:\Windows\System\vOwzIvz.exe
  C:\Windows\System\vOwzIvz.exe
  2⤵
  PID:3260
- C:\Windows\System\zwWOKsW.exe
  C:\Windows\System\zwWOKsW.exe
  2⤵
  PID:3280
- C:\Windows\System\xQSKVOe.exe
  C:\Windows\System\xQSKVOe.exe
  2⤵
  PID:3300
- C:\Windows\System\MTCsawh.exe
  C:\Windows\System\MTCsawh.exe
  2⤵
  PID:3320
- C:\Windows\System\VMSQODj.exe
  C:\Windows\System\VMSQODj.exe
  2⤵
  PID:3340
- C:\Windows\System\ozYLWhp.exe
  C:\Windows\System\ozYLWhp.exe
  2⤵
  PID:3360
- C:\Windows\System\aaKuqEd.exe
  C:\Windows\System\aaKuqEd.exe
  2⤵
  PID:3376
- C:\Windows\System\yeLyWWx.exe
  C:\Windows\System\yeLyWWx.exe
  2⤵
  PID:3396
- C:\Windows\System\gXVWHjI.exe
  C:\Windows\System\gXVWHjI.exe
  2⤵
  PID:3420
- C:\Windows\System\dQLoXia.exe
  C:\Windows\System\dQLoXia.exe
  2⤵
  PID:3440
- C:\Windows\System\ibyhqcz.exe
  C:\Windows\System\ibyhqcz.exe
  2⤵
  PID:3460
- C:\Windows\System\aTOUZFh.exe
  C:\Windows\System\aTOUZFh.exe
  2⤵
  PID:3480
- C:\Windows\System\qyxeVgX.exe
  C:\Windows\System\qyxeVgX.exe
  2⤵
  PID:3500
- C:\Windows\System\piGSQZG.exe
  C:\Windows\System\piGSQZG.exe
  2⤵
  PID:3520
- C:\Windows\System\xMvgQdy.exe
  C:\Windows\System\xMvgQdy.exe
  2⤵
  PID:3540
- C:\Windows\System\RlzsWne.exe
  C:\Windows\System\RlzsWne.exe
  2⤵
  PID:3560
- C:\Windows\System\OkTsnpq.exe
  C:\Windows\System\OkTsnpq.exe
  2⤵
  PID:3580
- C:\Windows\System\zRWbgqd.exe
  C:\Windows\System\zRWbgqd.exe
  2⤵
  PID:3600
- C:\Windows\System\dZBaVst.exe
  C:\Windows\System\dZBaVst.exe
  2⤵
  PID:3620
- C:\Windows\System\pYDUtgL.exe
  C:\Windows\System\pYDUtgL.exe
  2⤵
  PID:3640
- C:\Windows\System\HauOzly.exe
  C:\Windows\System\HauOzly.exe
  2⤵
  PID:3660
- C:\Windows\System\NCsgmPj.exe
  C:\Windows\System\NCsgmPj.exe
  2⤵
  PID:3680
- C:\Windows\System\TCGXCyv.exe
  C:\Windows\System\TCGXCyv.exe
  2⤵
  PID:3700
- C:\Windows\System\IoUmvNP.exe
  C:\Windows\System\IoUmvNP.exe
  2⤵
  PID:3720
- C:\Windows\System\ezwIAYV.exe
  C:\Windows\System\ezwIAYV.exe
  2⤵
  PID:3740
- C:\Windows\System\HYWxvXT.exe
  C:\Windows\System\HYWxvXT.exe
  2⤵
  PID:3760
- C:\Windows\System\VqUOFbL.exe
  C:\Windows\System\VqUOFbL.exe
  2⤵
  PID:3780
- C:\Windows\System\tUZSDJy.exe
  C:\Windows\System\tUZSDJy.exe
  2⤵
  PID:3800
- C:\Windows\System\nfMTvkM.exe
  C:\Windows\System\nfMTvkM.exe
  2⤵
  PID:3820
- C:\Windows\System\RHXDGtS.exe
  C:\Windows\System\RHXDGtS.exe
  2⤵
  PID:3840
- C:\Windows\System\VxqKvkG.exe
  C:\Windows\System\VxqKvkG.exe
  2⤵
  PID:3860
- C:\Windows\System\XJInfON.exe
  C:\Windows\System\XJInfON.exe
  2⤵
  PID:3884
- C:\Windows\System\ojvspwC.exe
  C:\Windows\System\ojvspwC.exe
  2⤵
  PID:3904
- C:\Windows\System\oIoYAMq.exe
  C:\Windows\System\oIoYAMq.exe
  2⤵
  PID:3924
- C:\Windows\System\WfwUlHy.exe
  C:\Windows\System\WfwUlHy.exe
  2⤵
  PID:3944
- C:\Windows\System\jPReDSi.exe
  C:\Windows\System\jPReDSi.exe
  2⤵
  PID:3964
- C:\Windows\System\oKLNhlA.exe
  C:\Windows\System\oKLNhlA.exe
  2⤵
  PID:3984
- C:\Windows\System\YnuGtur.exe
  C:\Windows\System\YnuGtur.exe
  2⤵
  PID:4004
- C:\Windows\System\pYSZYkA.exe
  C:\Windows\System\pYSZYkA.exe
  2⤵
  PID:4024
- C:\Windows\System\PMczufU.exe
  C:\Windows\System\PMczufU.exe
  2⤵
  PID:4044
- C:\Windows\System\ykxhzoy.exe
  C:\Windows\System\ykxhzoy.exe
  2⤵
  PID:4064
- C:\Windows\System\sXzDFlC.exe
  C:\Windows\System\sXzDFlC.exe
  2⤵
  PID:4084
- C:\Windows\System\IsgRGZS.exe
  C:\Windows\System\IsgRGZS.exe
  2⤵
  PID:2336
- C:\Windows\System\RHITIta.exe
  C:\Windows\System\RHITIta.exe
  2⤵
  PID:1764
- C:\Windows\System\IZrBWiS.exe
  C:\Windows\System\IZrBWiS.exe
  2⤵
  PID:2780
- C:\Windows\System\wnjdgSf.exe
  C:\Windows\System\wnjdgSf.exe
  2⤵
  PID:2980
- C:\Windows\System\NSDRtJA.exe
  C:\Windows\System\NSDRtJA.exe
  2⤵
  PID:1760
- C:\Windows\System\OwEVmYF.exe
  C:\Windows\System\OwEVmYF.exe
  2⤵
  PID:1336
- C:\Windows\System\KjRJFGl.exe
  C:\Windows\System\KjRJFGl.exe
  2⤵
  PID:2224
- C:\Windows\System\qucvYIy.exe
  C:\Windows\System\qucvYIy.exe
  2⤵
  PID:2972
- C:\Windows\System\WKRVXwA.exe
  C:\Windows\System\WKRVXwA.exe
  2⤵
  PID:3104
- C:\Windows\System\PceBgmo.exe
  C:\Windows\System\PceBgmo.exe
  2⤵
  PID:3124
- C:\Windows\System\AjIWCLJ.exe
  C:\Windows\System\AjIWCLJ.exe
  2⤵
  PID:3164
- C:\Windows\System\RToFfio.exe
  C:\Windows\System\RToFfio.exe
  2⤵
  PID:3192
- C:\Windows\System\rQRgMLt.exe
  C:\Windows\System\rQRgMLt.exe
  2⤵
  PID:3236
- C:\Windows\System\jpFHLvC.exe
  C:\Windows\System\jpFHLvC.exe
  2⤵
  PID:3252
- C:\Windows\System\KrGfshm.exe
  C:\Windows\System\KrGfshm.exe
  2⤵
  PID:3308
- C:\Windows\System\bLgHYwi.exe
  C:\Windows\System\bLgHYwi.exe
  2⤵
  PID:3332
- C:\Windows\System\QIdXIDm.exe
  C:\Windows\System\QIdXIDm.exe
  2⤵
  PID:3384
- C:\Windows\System\RTYzlmI.exe
  C:\Windows\System\RTYzlmI.exe
  2⤵
  PID:3408
- C:\Windows\System\HEcrYFQ.exe
  C:\Windows\System\HEcrYFQ.exe
  2⤵
  PID:3436
- C:\Windows\System\bCSgAVO.exe
  C:\Windows\System\bCSgAVO.exe
  2⤵
  PID:3448
- C:\Windows\System\KcgSTuy.exe
  C:\Windows\System\KcgSTuy.exe
  2⤵
  PID:3508
- C:\Windows\System\wkItkAG.exe
  C:\Windows\System\wkItkAG.exe
  2⤵
  PID:3548
- C:\Windows\System\EGKDRWK.exe
  C:\Windows\System\EGKDRWK.exe
  2⤵
  PID:3592
- C:\Windows\System\ekVjYoG.exe
  C:\Windows\System\ekVjYoG.exe
  2⤵
  PID:3628
- C:\Windows\System\chlkYJW.exe
  C:\Windows\System\chlkYJW.exe
  2⤵
  PID:3616
- C:\Windows\System\JNysdXo.exe
  C:\Windows\System\JNysdXo.exe
  2⤵
  PID:3656
- C:\Windows\System\cHrIlQV.exe
  C:\Windows\System\cHrIlQV.exe
  2⤵
  PID:3692
- C:\Windows\System\azQyufN.exe
  C:\Windows\System\azQyufN.exe
  2⤵
  PID:3728
- C:\Windows\System\hUJbgAP.exe
  C:\Windows\System\hUJbgAP.exe
  2⤵
  PID:3796
- C:\Windows\System\MiuJbvY.exe
  C:\Windows\System\MiuJbvY.exe
  2⤵
  PID:3828
- C:\Windows\System\ZsSrnnd.exe
  C:\Windows\System\ZsSrnnd.exe
  2⤵
  PID:3812
- C:\Windows\System\dGBaEQZ.exe
  C:\Windows\System\dGBaEQZ.exe
  2⤵
  PID:3880
- C:\Windows\System\DOnzfWR.exe
  C:\Windows\System\DOnzfWR.exe
  2⤵
  PID:3892
- C:\Windows\System\CvcKOYO.exe
  C:\Windows\System\CvcKOYO.exe
  2⤵
  PID:3956
- C:\Windows\System\HMcklJA.exe
  C:\Windows\System\HMcklJA.exe
  2⤵
  PID:3980
- C:\Windows\System\kTzrWYX.exe
  C:\Windows\System\kTzrWYX.exe
  2⤵
  PID:4032
- C:\Windows\System\mtGEXFl.exe
  C:\Windows\System\mtGEXFl.exe
  2⤵
  PID:4020
- C:\Windows\System\gkzBalG.exe
  C:\Windows\System\gkzBalG.exe
  2⤵
  PID:4060
- C:\Windows\System\frqThhW.exe
  C:\Windows\System\frqThhW.exe
  2⤵
  PID:564
- C:\Windows\System\varkcMg.exe
  C:\Windows\System\varkcMg.exe
  2⤵
  PID:2896
- C:\Windows\System\yMKiFjQ.exe
  C:\Windows\System\yMKiFjQ.exe
  2⤵
  PID:1324
- C:\Windows\System\nmZVCvF.exe
  C:\Windows\System\nmZVCvF.exe
  2⤵
  PID:1400
- C:\Windows\System\cceOVAI.exe
  C:\Windows\System\cceOVAI.exe
  2⤵
  PID:264
- C:\Windows\System\pCjzULD.exe
  C:\Windows\System\pCjzULD.exe
  2⤵
  PID:1976
- C:\Windows\System\zdApWJs.exe
  C:\Windows\System\zdApWJs.exe
  2⤵
  PID:3132
- C:\Windows\System\QudDarZ.exe
  C:\Windows\System\QudDarZ.exe
  2⤵
  PID:2708
- C:\Windows\System\scLxiHS.exe
  C:\Windows\System\scLxiHS.exe
  2⤵
  PID:3212
- C:\Windows\System\PgOrxjx.exe
  C:\Windows\System\PgOrxjx.exe
  2⤵
  PID:3312
- C:\Windows\System\NWxeDFm.exe
  C:\Windows\System\NWxeDFm.exe
  2⤵
  PID:3368
- C:\Windows\System\MRPKWkb.exe
  C:\Windows\System\MRPKWkb.exe
  2⤵
  PID:3468
- C:\Windows\System\mlEBqtN.exe
  C:\Windows\System\mlEBqtN.exe
  2⤵
  PID:3456
- C:\Windows\System\JJqmRRm.exe
  C:\Windows\System\JJqmRRm.exe
  2⤵
  PID:3496
- C:\Windows\System\WVTpyJW.exe
  C:\Windows\System\WVTpyJW.exe
  2⤵
  PID:3588
- C:\Windows\System\czTvQhY.exe
  C:\Windows\System\czTvQhY.exe
  2⤵
  PID:3668
- C:\Windows\System\PMmFeAT.exe
  C:\Windows\System\PMmFeAT.exe
  2⤵
  PID:3672
- C:\Windows\System\HnZHHDG.exe
  C:\Windows\System\HnZHHDG.exe
  2⤵
  PID:3732
- C:\Windows\System\ZtVMBVq.exe
  C:\Windows\System\ZtVMBVq.exe
  2⤵
  PID:3868
- C:\Windows\System\YMUdgeh.exe
  C:\Windows\System\YMUdgeh.exe
  2⤵
  PID:3856
- C:\Windows\System\FVkOXnj.exe
  C:\Windows\System\FVkOXnj.exe
  2⤵
  PID:3916
- C:\Windows\System\LguPmdM.exe
  C:\Windows\System\LguPmdM.exe
  2⤵
  PID:3940
- C:\Windows\System\YBEqQMm.exe
  C:\Windows\System\YBEqQMm.exe
  2⤵
  PID:4016
- C:\Windows\System\RaVRkXi.exe
  C:\Windows\System\RaVRkXi.exe
  2⤵
  PID:3028
- C:\Windows\System\orRpsAT.exe
  C:\Windows\System\orRpsAT.exe
  2⤵
  PID:2772
- C:\Windows\System\KpCqZyw.exe
  C:\Windows\System\KpCqZyw.exe
  2⤵
  PID:548
- C:\Windows\System\yzwQGkx.exe
  C:\Windows\System\yzwQGkx.exe
  2⤵
  PID:3088
- C:\Windows\System\cALHgml.exe
  C:\Windows\System\cALHgml.exe
  2⤵
  PID:3216
- C:\Windows\System\HNAauXl.exe
  C:\Windows\System\HNAauXl.exe
  2⤵
  PID:3276
- C:\Windows\System\eNGhekj.exe
  C:\Windows\System\eNGhekj.exe
  2⤵
  PID:3356
- C:\Windows\System\gkQrzjI.exe
  C:\Windows\System\gkQrzjI.exe
  2⤵
  PID:3428
- C:\Windows\System\TvUvDPm.exe
  C:\Windows\System\TvUvDPm.exe
  2⤵
  PID:3412
- C:\Windows\System\CjuqjMD.exe
  C:\Windows\System\CjuqjMD.exe
  2⤵
  PID:3596
- C:\Windows\System\HlsUcjQ.exe
  C:\Windows\System\HlsUcjQ.exe
  2⤵
  PID:3608
- C:\Windows\System\lTMgfbW.exe
  C:\Windows\System\lTMgfbW.exe
  2⤵
  PID:4108
- C:\Windows\System\hmICmti.exe
  C:\Windows\System\hmICmti.exe
  2⤵
  PID:4128
- C:\Windows\System\iVgOyHr.exe
  C:\Windows\System\iVgOyHr.exe
  2⤵
  PID:4148
- C:\Windows\System\WjPMvvJ.exe
  C:\Windows\System\WjPMvvJ.exe
  2⤵
  PID:4168
- C:\Windows\System\nBddxFi.exe
  C:\Windows\System\nBddxFi.exe
  2⤵
  PID:4188
- C:\Windows\System\uxEjWAb.exe
  C:\Windows\System\uxEjWAb.exe
  2⤵
  PID:4208
- C:\Windows\System\QfYErIq.exe
  C:\Windows\System\QfYErIq.exe
  2⤵
  PID:4228
- C:\Windows\System\eFwGJbB.exe
  C:\Windows\System\eFwGJbB.exe
  2⤵
  PID:4248
- C:\Windows\System\hZCggae.exe
  C:\Windows\System\hZCggae.exe
  2⤵
  PID:4268
- C:\Windows\System\xquojzT.exe
  C:\Windows\System\xquojzT.exe
  2⤵
  PID:4288
- C:\Windows\System\hAQELUs.exe
  C:\Windows\System\hAQELUs.exe
  2⤵
  PID:4308
- C:\Windows\System\aSnGXck.exe
  C:\Windows\System\aSnGXck.exe
  2⤵
  PID:4328
- C:\Windows\System\pVTfyig.exe
  C:\Windows\System\pVTfyig.exe
  2⤵
  PID:4348
- C:\Windows\System\SzGucJr.exe
  C:\Windows\System\SzGucJr.exe
  2⤵
  PID:4368
- C:\Windows\System\SsOeSMs.exe
  C:\Windows\System\SsOeSMs.exe
  2⤵
  PID:4392
- C:\Windows\System\CiFyoLC.exe
  C:\Windows\System\CiFyoLC.exe
  2⤵
  PID:4412
- C:\Windows\System\TdcAbCZ.exe
  C:\Windows\System\TdcAbCZ.exe
  2⤵
  PID:4432
- C:\Windows\System\OKMDvjT.exe
  C:\Windows\System\OKMDvjT.exe
  2⤵
  PID:4452
- C:\Windows\System\SCPSRDp.exe
  C:\Windows\System\SCPSRDp.exe
  2⤵
  PID:4472
- C:\Windows\System\fkIfebX.exe
  C:\Windows\System\fkIfebX.exe
  2⤵
  PID:4492
- C:\Windows\System\xAWbhYx.exe
  C:\Windows\System\xAWbhYx.exe
  2⤵
  PID:4512
- C:\Windows\System\iyVpFPt.exe
  C:\Windows\System\iyVpFPt.exe
  2⤵
  PID:4532
- C:\Windows\System\LetCSPe.exe
  C:\Windows\System\LetCSPe.exe
  2⤵
  PID:4552
- C:\Windows\System\xdtTXXp.exe
  C:\Windows\System\xdtTXXp.exe
  2⤵
  PID:4572
- C:\Windows\System\pVbXmzg.exe
  C:\Windows\System\pVbXmzg.exe
  2⤵
  PID:4592
- C:\Windows\System\nxMExnj.exe
  C:\Windows\System\nxMExnj.exe
  2⤵
  PID:4612
- C:\Windows\System\qWPfpZq.exe
  C:\Windows\System\qWPfpZq.exe
  2⤵
  PID:4632
- C:\Windows\System\NzXGJBL.exe
  C:\Windows\System\NzXGJBL.exe
  2⤵
  PID:4652
- C:\Windows\System\jwQmMUT.exe
  C:\Windows\System\jwQmMUT.exe
  2⤵
  PID:4672
- C:\Windows\System\eUnvmak.exe
  C:\Windows\System\eUnvmak.exe
  2⤵
  PID:4692
- C:\Windows\System\xYgGWOT.exe
  C:\Windows\System\xYgGWOT.exe
  2⤵
  PID:4708
- C:\Windows\System\TkuIKHy.exe
  C:\Windows\System\TkuIKHy.exe
  2⤵
  PID:4732
- C:\Windows\System\wjTgFhV.exe
  C:\Windows\System\wjTgFhV.exe
  2⤵
  PID:4748
- C:\Windows\System\SLygFWb.exe
  C:\Windows\System\SLygFWb.exe
  2⤵
  PID:4776
- C:\Windows\System\TqpjfEb.exe
  C:\Windows\System\TqpjfEb.exe
  2⤵
  PID:4796
- C:\Windows\System\UWurSEh.exe
  C:\Windows\System\UWurSEh.exe
  2⤵
  PID:4816
- C:\Windows\System\QiMqJQR.exe
  C:\Windows\System\QiMqJQR.exe
  2⤵
  PID:4836
- C:\Windows\System\qXOexiE.exe
  C:\Windows\System\qXOexiE.exe
  2⤵
  PID:4856
- C:\Windows\System\PTQxamu.exe
  C:\Windows\System\PTQxamu.exe
  2⤵
  PID:4876
- C:\Windows\System\jMrwhrO.exe
  C:\Windows\System\jMrwhrO.exe
  2⤵
  PID:4896
- C:\Windows\System\PTmntdr.exe
  C:\Windows\System\PTmntdr.exe
  2⤵
  PID:4916
- C:\Windows\System\WVCVALo.exe
  C:\Windows\System\WVCVALo.exe
  2⤵
  PID:4936
- C:\Windows\System\IsSMRvg.exe
  C:\Windows\System\IsSMRvg.exe
  2⤵
  PID:4956
- C:\Windows\System\LshDVvk.exe
  C:\Windows\System\LshDVvk.exe
  2⤵
  PID:4976
- C:\Windows\System\sDCkMnH.exe
  C:\Windows\System\sDCkMnH.exe
  2⤵
  PID:4996
- C:\Windows\System\valZiXJ.exe
  C:\Windows\System\valZiXJ.exe
  2⤵
  PID:5016
- C:\Windows\System\MnfCNFj.exe
  C:\Windows\System\MnfCNFj.exe
  2⤵
  PID:5036
- C:\Windows\System\DckmorV.exe
  C:\Windows\System\DckmorV.exe
  2⤵
  PID:5056
- C:\Windows\System\KMtaMhL.exe
  C:\Windows\System\KMtaMhL.exe
  2⤵
  PID:5076
- C:\Windows\System\NLJsOuz.exe
  C:\Windows\System\NLJsOuz.exe
  2⤵
  PID:5096
- C:\Windows\System\rkYNNfg.exe
  C:\Windows\System\rkYNNfg.exe
  2⤵
  PID:5116
- C:\Windows\System\yZWotHT.exe
  C:\Windows\System\yZWotHT.exe
  2⤵
  PID:3772
- C:\Windows\System\IdwKmYM.exe
  C:\Windows\System\IdwKmYM.exe
  2⤵
  PID:3952
- C:\Windows\System\qsajKlt.exe
  C:\Windows\System\qsajKlt.exe
  2⤵
  PID:4080
- C:\Windows\System\GUGAMEs.exe
  C:\Windows\System\GUGAMEs.exe
  2⤵
  PID:616
- C:\Windows\System\FOTZwix.exe
  C:\Windows\System\FOTZwix.exe
  2⤵
  PID:1240
- C:\Windows\System\euHMqaa.exe
  C:\Windows\System\euHMqaa.exe
  2⤵
  PID:852
- C:\Windows\System\zznZrvI.exe
  C:\Windows\System\zznZrvI.exe
  2⤵
  PID:3328
- C:\Windows\System\eGFEexy.exe
  C:\Windows\System\eGFEexy.exe
  2⤵
  PID:3388
- C:\Windows\System\DgEypoh.exe
  C:\Windows\System\DgEypoh.exe
  2⤵
  PID:3652
- C:\Windows\System\YsqnjVN.exe
  C:\Windows\System\YsqnjVN.exe
  2⤵
  PID:3696
- C:\Windows\System\iTLJeVo.exe
  C:\Windows\System\iTLJeVo.exe
  2⤵
  PID:4136
- C:\Windows\System\CaIbbvp.exe
  C:\Windows\System\CaIbbvp.exe
  2⤵
  PID:4160
- C:\Windows\System\YHdEkFa.exe
  C:\Windows\System\YHdEkFa.exe
  2⤵
  PID:4184
- C:\Windows\System\XAndkHF.exe
  C:\Windows\System\XAndkHF.exe
  2⤵
  PID:4240
- C:\Windows\System\UebJaQM.exe
  C:\Windows\System\UebJaQM.exe
  2⤵
  PID:4284
- C:\Windows\System\yHTIncj.exe
  C:\Windows\System\yHTIncj.exe
  2⤵
  PID:4304
- C:\Windows\System\XnOVriD.exe
  C:\Windows\System\XnOVriD.exe
  2⤵
  PID:4344
- C:\Windows\System\cVIieky.exe
  C:\Windows\System\cVIieky.exe
  2⤵
  PID:4376
- C:\Windows\System\rZOwZmp.exe
  C:\Windows\System\rZOwZmp.exe
  2⤵
  PID:4404
- C:\Windows\System\stEssQh.exe
  C:\Windows\System\stEssQh.exe
  2⤵
  PID:4448
- C:\Windows\System\gJmgEVI.exe
  C:\Windows\System\gJmgEVI.exe
  2⤵
  PID:4480
- C:\Windows\System\wBCuZLU.exe
  C:\Windows\System\wBCuZLU.exe
  2⤵
  PID:4504
- C:\Windows\System\zjmxIEi.exe
  C:\Windows\System\zjmxIEi.exe
  2⤵
  PID:4560
- C:\Windows\System\eQdWXhB.exe
  C:\Windows\System\eQdWXhB.exe
  2⤵
  PID:4580
- C:\Windows\System\DffeTJp.exe
  C:\Windows\System\DffeTJp.exe
  2⤵
  PID:4608
- C:\Windows\System\dMibbZy.exe
  C:\Windows\System\dMibbZy.exe
  2⤵
  PID:4644
- C:\Windows\System\CdJwgsF.exe
  C:\Windows\System\CdJwgsF.exe
  2⤵
  PID:4688
- C:\Windows\System\ZkkkNKy.exe
  C:\Windows\System\ZkkkNKy.exe
  2⤵
  PID:4716
- C:\Windows\System\yPPFrbR.exe
  C:\Windows\System\yPPFrbR.exe
  2⤵
  PID:4704
- C:\Windows\System\PPywfJM.exe
  C:\Windows\System\PPywfJM.exe
  2⤵
  PID:4744
- C:\Windows\System\YUnVXzy.exe
  C:\Windows\System\YUnVXzy.exe
  2⤵
  PID:4788
- C:\Windows\System\CxvluYG.exe
  C:\Windows\System\CxvluYG.exe
  2⤵
  PID:4832
- C:\Windows\System\nNzlPtT.exe
  C:\Windows\System\nNzlPtT.exe
  2⤵
  PID:4884
- C:\Windows\System\urBehwO.exe
  C:\Windows\System\urBehwO.exe
  2⤵
  PID:4904
- C:\Windows\System\KusfjsH.exe
  C:\Windows\System\KusfjsH.exe
  2⤵
  PID:4928
- C:\Windows\System\BShlTzr.exe
  C:\Windows\System\BShlTzr.exe
  2⤵
  PID:4948
- C:\Windows\System\iXyLhNL.exe
  C:\Windows\System\iXyLhNL.exe
  2⤵
  PID:5004
- C:\Windows\System\fxiENGy.exe
  C:\Windows\System\fxiENGy.exe
  2⤵
  PID:5028
- C:\Windows\System\kZRcqKA.exe
  C:\Windows\System\kZRcqKA.exe
  2⤵
  PID:5084
- C:\Windows\System\ggBQNry.exe
  C:\Windows\System\ggBQNry.exe
  2⤵
  PID:5088
- C:\Windows\System\NUAKYgX.exe
  C:\Windows\System\NUAKYgX.exe
  2⤵
  PID:5112
- C:\Windows\System\qEXsAcJ.exe
  C:\Windows\System\qEXsAcJ.exe
  2⤵
  PID:3992
- C:\Windows\System\CkSmnUr.exe
  C:\Windows\System\CkSmnUr.exe
  2⤵
  PID:892
- C:\Windows\System\UUXcuOX.exe
  C:\Windows\System\UUXcuOX.exe
  2⤵
  PID:3148
- C:\Windows\System\gNqvmSM.exe
  C:\Windows\System\gNqvmSM.exe
  2⤵
  PID:3288
- C:\Windows\System\uKDnfpv.exe
  C:\Windows\System\uKDnfpv.exe
  2⤵
  PID:3576
- C:\Windows\System\lWUnvtk.exe
  C:\Windows\System\lWUnvtk.exe
  2⤵
  PID:4120
- C:\Windows\System\YwkdKrE.exe
  C:\Windows\System\YwkdKrE.exe
  2⤵
  PID:4144
- C:\Windows\System\CGYAxUE.exe
  C:\Windows\System\CGYAxUE.exe
  2⤵
  PID:4244
- C:\Windows\System\tUNKHrJ.exe
  C:\Windows\System\tUNKHrJ.exe
  2⤵
  PID:4324
- C:\Windows\System\vWqWEAJ.exe
  C:\Windows\System\vWqWEAJ.exe
  2⤵
  PID:4356
- C:\Windows\System\mcTltRh.exe
  C:\Windows\System\mcTltRh.exe
  2⤵
  PID:4400
- C:\Windows\System\UdKcXYP.exe
  C:\Windows\System\UdKcXYP.exe
  2⤵
  PID:4460
- C:\Windows\System\ovHlcLO.exe
  C:\Windows\System\ovHlcLO.exe
  2⤵
  PID:4528
- C:\Windows\System\unPjESo.exe
  C:\Windows\System\unPjESo.exe
  2⤵
  PID:4564
- C:\Windows\System\UGtVUvU.exe
  C:\Windows\System\UGtVUvU.exe
  2⤵
  PID:2668
- C:\Windows\System\LHfiRWz.exe
  C:\Windows\System\LHfiRWz.exe
  2⤵
  PID:4620
- C:\Windows\System\CAjBFpP.exe
  C:\Windows\System\CAjBFpP.exe
  2⤵
  PID:4664
- C:\Windows\System\llTfxrs.exe
  C:\Windows\System\llTfxrs.exe
  2⤵
  PID:4740
- C:\Windows\System\JYGJUxz.exe
  C:\Windows\System\JYGJUxz.exe
  2⤵
  PID:4852
- C:\Windows\System\ffRxRbE.exe
  C:\Windows\System\ffRxRbE.exe
  2⤵
  PID:4848
- C:\Windows\System\iASlNvx.exe
  C:\Windows\System\iASlNvx.exe
  2⤵
  PID:4932
- C:\Windows\System\EoTJYKG.exe
  C:\Windows\System\EoTJYKG.exe
  2⤵
  PID:4984
- C:\Windows\System\NvocgSW.exe
  C:\Windows\System\NvocgSW.exe
  2⤵
  PID:2728
- C:\Windows\System\fGteoOs.exe
  C:\Windows\System\fGteoOs.exe
  2⤵
  PID:5068
- C:\Windows\System\liVQHcx.exe
  C:\Windows\System\liVQHcx.exe
  2⤵
  PID:3996
- C:\Windows\System\aiKLZKW.exe
  C:\Windows\System\aiKLZKW.exe
  2⤵
  PID:4036
- C:\Windows\System\EktCacM.exe
  C:\Windows\System\EktCacM.exe
  2⤵
  PID:2684
- C:\Windows\System\sYFPxTh.exe
  C:\Windows\System\sYFPxTh.exe
  2⤵
  PID:3476
- C:\Windows\System\kRvioyM.exe
  C:\Windows\System\kRvioyM.exe
  2⤵
  PID:4196
- C:\Windows\System\PYZTQVe.exe
  C:\Windows\System\PYZTQVe.exe
  2⤵
  PID:4260
- C:\Windows\System\zulLjyV.exe
  C:\Windows\System\zulLjyV.exe
  2⤵
  PID:4336
- C:\Windows\System\ufaldKd.exe
  C:\Windows\System\ufaldKd.exe
  2⤵
  PID:4360
- C:\Windows\System\wiiebnM.exe
  C:\Windows\System\wiiebnM.exe
  2⤵
  PID:4468
- C:\Windows\System\TzmpxMo.exe
  C:\Windows\System\TzmpxMo.exe
  2⤵
  PID:4524
- C:\Windows\System\jmMyuRP.exe
  C:\Windows\System\jmMyuRP.exe
  2⤵
  PID:4544
- C:\Windows\System\ZvwGNIw.exe
  C:\Windows\System\ZvwGNIw.exe
  2⤵
  PID:4700
- C:\Windows\System\EZtilqu.exe
  C:\Windows\System\EZtilqu.exe
  2⤵
  PID:4784
- C:\Windows\System\okUrpHF.exe
  C:\Windows\System\okUrpHF.exe
  2⤵
  PID:4768
- C:\Windows\System\xiGzEUt.exe
  C:\Windows\System\xiGzEUt.exe
  2⤵
  PID:4872
- C:\Windows\System\RTUGwnf.exe
  C:\Windows\System\RTUGwnf.exe
  2⤵
  PID:5136
- C:\Windows\System\qzQdoIa.exe
  C:\Windows\System\qzQdoIa.exe
  2⤵
  PID:5156
- C:\Windows\System\MZQehzs.exe
  C:\Windows\System\MZQehzs.exe
  2⤵
  PID:5176
- C:\Windows\System\vxVYgrp.exe
  C:\Windows\System\vxVYgrp.exe
  2⤵
  PID:5196
- C:\Windows\System\QXSKeEy.exe
  C:\Windows\System\QXSKeEy.exe
  2⤵
  PID:5216
- C:\Windows\System\rljgKSw.exe
  C:\Windows\System\rljgKSw.exe
  2⤵
  PID:5236
- C:\Windows\System\EaocsGs.exe
  C:\Windows\System\EaocsGs.exe
  2⤵
  PID:5256
- C:\Windows\System\GpBBTxI.exe
  C:\Windows\System\GpBBTxI.exe
  2⤵
  PID:5276
- C:\Windows\System\LsbLgPK.exe
  C:\Windows\System\LsbLgPK.exe
  2⤵
  PID:5296
- C:\Windows\System\CiMCjdk.exe
  C:\Windows\System\CiMCjdk.exe
  2⤵
  PID:5316
- C:\Windows\System\mcKnCZc.exe
  C:\Windows\System\mcKnCZc.exe
  2⤵
  PID:5336
- C:\Windows\System\IegBads.exe
  C:\Windows\System\IegBads.exe
  2⤵
  PID:5356
- C:\Windows\System\vVvKdjY.exe
  C:\Windows\System\vVvKdjY.exe
  2⤵
  PID:5376
- C:\Windows\System\TgIeEfe.exe
  C:\Windows\System\TgIeEfe.exe
  2⤵
  PID:5396
- C:\Windows\System\HkAieHo.exe
  C:\Windows\System\HkAieHo.exe
  2⤵
  PID:5416
- C:\Windows\System\JAXRAsZ.exe
  C:\Windows\System\JAXRAsZ.exe
  2⤵
  PID:5436
- C:\Windows\System\CGPAIdU.exe
  C:\Windows\System\CGPAIdU.exe
  2⤵
  PID:5456
- C:\Windows\System\TvpxggH.exe
  C:\Windows\System\TvpxggH.exe
  2⤵
  PID:5476
- C:\Windows\System\VGOdmHf.exe
  C:\Windows\System\VGOdmHf.exe
  2⤵
  PID:5496
- C:\Windows\System\YpLvmED.exe
  C:\Windows\System\YpLvmED.exe
  2⤵
  PID:5516
- C:\Windows\System\jDWHawu.exe
  C:\Windows\System\jDWHawu.exe
  2⤵
  PID:5536
- C:\Windows\System\zsReIec.exe
  C:\Windows\System\zsReIec.exe
  2⤵
  PID:5556
- C:\Windows\System\aIEXbyE.exe
  C:\Windows\System\aIEXbyE.exe
  2⤵
  PID:5576
- C:\Windows\System\kfHdWzA.exe
  C:\Windows\System\kfHdWzA.exe
  2⤵
  PID:5596
- C:\Windows\System\AJLzgmi.exe
  C:\Windows\System\AJLzgmi.exe
  2⤵
  PID:5616
- C:\Windows\System\EfQZbUn.exe
  C:\Windows\System\EfQZbUn.exe
  2⤵
  PID:5636
- C:\Windows\System\FcQbcMk.exe
  C:\Windows\System\FcQbcMk.exe
  2⤵
  PID:5656
- C:\Windows\System\vdQFAHC.exe
  C:\Windows\System\vdQFAHC.exe
  2⤵
  PID:5676
- C:\Windows\System\qkAGNNO.exe
  C:\Windows\System\qkAGNNO.exe
  2⤵
  PID:5696
- C:\Windows\System\uJPuMDf.exe
  C:\Windows\System\uJPuMDf.exe
  2⤵
  PID:5716
- C:\Windows\System\RHvJzsh.exe
  C:\Windows\System\RHvJzsh.exe
  2⤵
  PID:5736
- C:\Windows\System\drjUhkW.exe
  C:\Windows\System\drjUhkW.exe
  2⤵
  PID:5756
- C:\Windows\System\WuKfZaR.exe
  C:\Windows\System\WuKfZaR.exe
  2⤵
  PID:5776
- C:\Windows\System\sxMxfOx.exe
  C:\Windows\System\sxMxfOx.exe
  2⤵
  PID:5796
- C:\Windows\System\mAWSsQP.exe
  C:\Windows\System\mAWSsQP.exe
  2⤵
  PID:5816
- C:\Windows\System\bzjYyVM.exe
  C:\Windows\System\bzjYyVM.exe
  2⤵
  PID:5836
- C:\Windows\System\eQnXMZn.exe
  C:\Windows\System\eQnXMZn.exe
  2⤵
  PID:5856
- C:\Windows\System\IwXAYky.exe
  C:\Windows\System\IwXAYky.exe
  2⤵
  PID:5876
- C:\Windows\System\OXhkXGI.exe
  C:\Windows\System\OXhkXGI.exe
  2⤵
  PID:5896
- C:\Windows\System\jVOnxyW.exe
  C:\Windows\System\jVOnxyW.exe
  2⤵
  PID:5916
- C:\Windows\System\aaRhGEc.exe
  C:\Windows\System\aaRhGEc.exe
  2⤵
  PID:5936
- C:\Windows\System\BahqMvS.exe
  C:\Windows\System\BahqMvS.exe
  2⤵
  PID:5956
- C:\Windows\System\BYhfJdF.exe
  C:\Windows\System\BYhfJdF.exe
  2⤵
  PID:5976
- C:\Windows\System\KjCMtWW.exe
  C:\Windows\System\KjCMtWW.exe
  2⤵
  PID:5996
- C:\Windows\System\gkAOnjT.exe
  C:\Windows\System\gkAOnjT.exe
  2⤵
  PID:6016
- C:\Windows\System\pblByQG.exe
  C:\Windows\System\pblByQG.exe
  2⤵
  PID:6036
- C:\Windows\System\TMvaMbX.exe
  C:\Windows\System\TMvaMbX.exe
  2⤵
  PID:6056
- C:\Windows\System\djUFoia.exe
  C:\Windows\System\djUFoia.exe
  2⤵
  PID:6076
- C:\Windows\System\TjUesHK.exe
  C:\Windows\System\TjUesHK.exe
  2⤵
  PID:6096
- C:\Windows\System\OBRmTFm.exe
  C:\Windows\System\OBRmTFm.exe
  2⤵
  PID:6116
- C:\Windows\System\kYuYIol.exe
  C:\Windows\System\kYuYIol.exe
  2⤵
  PID:6136
- C:\Windows\System\sFWQzBE.exe
  C:\Windows\System\sFWQzBE.exe
  2⤵
  PID:5024
- C:\Windows\System\ANdLBAN.exe
  C:\Windows\System\ANdLBAN.exe
  2⤵
  PID:3960
- C:\Windows\System\OdmkKcc.exe
  C:\Windows\System\OdmkKcc.exe
  2⤵
  PID:3172
- C:\Windows\System\roZMnao.exe
  C:\Windows\System\roZMnao.exe
  2⤵
  PID:3528
- C:\Windows\System\eDNnoNV.exe
  C:\Windows\System\eDNnoNV.exe
  2⤵
  PID:4256
- C:\Windows\System\YCQsRfq.exe
  C:\Windows\System\YCQsRfq.exe
  2⤵
  PID:4296
- C:\Windows\System\iNYJQtM.exe
  C:\Windows\System\iNYJQtM.exe
  2⤵
  PID:4440
- C:\Windows\System\XDdKYSK.exe
  C:\Windows\System\XDdKYSK.exe
  2⤵
  PID:4484
- C:\Windows\System\ZxulMYM.exe
  C:\Windows\System\ZxulMYM.exe
  2⤵
  PID:4640
- C:\Windows\System\sYtAmni.exe
  C:\Windows\System\sYtAmni.exe
  2⤵
  PID:4660
- C:\Windows\System\HKeYwTp.exe
  C:\Windows\System\HKeYwTp.exe
  2⤵
  PID:2984
- C:\Windows\System\gkSdXSN.exe
  C:\Windows\System\gkSdXSN.exe
  2⤵
  PID:5132
- C:\Windows\System\HIgmKig.exe
  C:\Windows\System\HIgmKig.exe
  2⤵
  PID:5148
- C:\Windows\System\jviJGSJ.exe
  C:\Windows\System\jviJGSJ.exe
  2⤵
  PID:5192
- C:\Windows\System\pvFYCbS.exe
  C:\Windows\System\pvFYCbS.exe
  2⤵
  PID:5224
- C:\Windows\System\GBeyqfa.exe
  C:\Windows\System\GBeyqfa.exe
  2⤵
  PID:5248
- C:\Windows\System\YvQmnno.exe
  C:\Windows\System\YvQmnno.exe
  2⤵
  PID:5292
- C:\Windows\System\IQfyjbF.exe
  C:\Windows\System\IQfyjbF.exe
  2⤵
  PID:2880
- C:\Windows\System\wiGkgMN.exe
  C:\Windows\System\wiGkgMN.exe
  2⤵
  PID:5344
- C:\Windows\System\znfvWbK.exe
  C:\Windows\System\znfvWbK.exe
  2⤵
  PID:5368
- C:\Windows\System\khJmfip.exe
  C:\Windows\System\khJmfip.exe
  2⤵
  PID:5412
- C:\Windows\System\JpPYJUm.exe
  C:\Windows\System\JpPYJUm.exe
  2⤵
  PID:5452
- C:\Windows\System\TZzVppJ.exe
  C:\Windows\System\TZzVppJ.exe
  2⤵
  PID:5472
- C:\Windows\System\grEHLcx.exe
  C:\Windows\System\grEHLcx.exe
  2⤵
  PID:5504
- C:\Windows\System\PalaLMB.exe
  C:\Windows\System\PalaLMB.exe
  2⤵
  PID:5528
- C:\Windows\System\AxMPRDW.exe
  C:\Windows\System\AxMPRDW.exe
  2⤵
  PID:5572
- C:\Windows\System\xNugVGp.exe
  C:\Windows\System\xNugVGp.exe
  2⤵
  PID:5604
- C:\Windows\System\Gnjurwx.exe
  C:\Windows\System\Gnjurwx.exe
  2⤵
  PID:5624
- C:\Windows\System\azDyxpm.exe
  C:\Windows\System\azDyxpm.exe
  2⤵
  PID:5648
- C:\Windows\System\TDtASIT.exe
  C:\Windows\System\TDtASIT.exe
  2⤵
  PID:5668
- C:\Windows\System\odnONdM.exe
  C:\Windows\System\odnONdM.exe
  2⤵
  PID:5724
- C:\Windows\System\KDrRWRB.exe
  C:\Windows\System\KDrRWRB.exe
  2⤵
  PID:5764
- C:\Windows\System\IBOsBsn.exe
  C:\Windows\System\IBOsBsn.exe
  2⤵
  PID:5768
- C:\Windows\System\aNGBprI.exe
  C:\Windows\System\aNGBprI.exe
  2⤵
  PID:5788
- C:\Windows\System\dIstgZN.exe
  C:\Windows\System\dIstgZN.exe
  2⤵
  PID:5848
- C:\Windows\System\tFdiGxA.exe
  C:\Windows\System\tFdiGxA.exe
  2⤵
  PID:5872
- C:\Windows\System\TmJYoBb.exe
  C:\Windows\System\TmJYoBb.exe
  2⤵
  PID:5924
- C:\Windows\System\xqHFwVW.exe
  C:\Windows\System\xqHFwVW.exe
  2⤵
  PID:5944
- C:\Windows\System\gQTlsUE.exe
  C:\Windows\System\gQTlsUE.exe
  2⤵
  PID:5968
- C:\Windows\System\CsDAivf.exe
  C:\Windows\System\CsDAivf.exe
  2⤵
  PID:6008
- C:\Windows\System\PVetlEl.exe
  C:\Windows\System\PVetlEl.exe
  2⤵
  PID:6028
- C:\Windows\System\BFUrPYj.exe
  C:\Windows\System\BFUrPYj.exe
  2⤵
  PID:6084
- C:\Windows\System\xATXzbJ.exe
  C:\Windows\System\xATXzbJ.exe
  2⤵
  PID:6104
- C:\Windows\System\FuMHaoC.exe
  C:\Windows\System\FuMHaoC.exe
  2⤵
  PID:6128
- C:\Windows\System\AtlRdXW.exe
  C:\Windows\System\AtlRdXW.exe
  2⤵
  PID:5052
- C:\Windows\System\wPMSFaD.exe
  C:\Windows\System\wPMSFaD.exe
  2⤵
  PID:2236
- C:\Windows\System\awUDlGV.exe
  C:\Windows\System\awUDlGV.exe
  2⤵
  PID:4224
- C:\Windows\System\AyRMliH.exe
  C:\Windows\System\AyRMliH.exe
  2⤵
  PID:4408
- C:\Windows\System\rUFaqwH.exe
  C:\Windows\System\rUFaqwH.exe
  2⤵
  PID:4548
- C:\Windows\System\RWFtYaX.exe
  C:\Windows\System\RWFtYaX.exe
  2⤵
  PID:4668
- C:\Windows\System\eMGwwyA.exe
  C:\Windows\System\eMGwwyA.exe
  2⤵
  PID:5124
- C:\Windows\System\fRNRJNw.exe
  C:\Windows\System\fRNRJNw.exe
  2⤵
  PID:5172
- C:\Windows\System\NHEeuCp.exe
  C:\Windows\System\NHEeuCp.exe
  2⤵
  PID:5212
- C:\Windows\System\ktaNgYq.exe
  C:\Windows\System\ktaNgYq.exe
  2⤵
  PID:2848
- C:\Windows\System\FrdCGZB.exe
  C:\Windows\System\FrdCGZB.exe
  2⤵
  PID:5304
- C:\Windows\System\ofWQdpr.exe
  C:\Windows\System\ofWQdpr.exe
  2⤵
  PID:5328
- C:\Windows\System\YUIKwvl.exe
  C:\Windows\System\YUIKwvl.exe
  2⤵
  PID:5392
- C:\Windows\System\uMYaRbR.exe
  C:\Windows\System\uMYaRbR.exe
  2⤵
  PID:5444
- C:\Windows\System\eqhjrWM.exe
  C:\Windows\System\eqhjrWM.exe
  2⤵
  PID:5488
- C:\Windows\System\SiMefHJ.exe
  C:\Windows\System\SiMefHJ.exe
  2⤵
  PID:2028
- C:\Windows\System\kCLCUNQ.exe
  C:\Windows\System\kCLCUNQ.exe
  2⤵
  PID:5508
- C:\Windows\System\RUnTATm.exe
  C:\Windows\System\RUnTATm.exe
  2⤵
  PID:2288
- C:\Windows\System\QXGTNhi.exe
  C:\Windows\System\QXGTNhi.exe
  2⤵
  PID:5632
- C:\Windows\System\oidPgxu.exe
  C:\Windows\System\oidPgxu.exe
  2⤵
  PID:5704
- C:\Windows\System\gVAQDpw.exe
  C:\Windows\System\gVAQDpw.exe
  2⤵
  PID:5752
- C:\Windows\System\UQeXLlJ.exe
  C:\Windows\System\UQeXLlJ.exe
  2⤵
  PID:5784
- C:\Windows\System\mJAoMYN.exe
  C:\Windows\System\mJAoMYN.exe
  2⤵
  PID:5884
- C:\Windows\System\IGDsagW.exe
  C:\Windows\System\IGDsagW.exe
  2⤵
  PID:5912
- C:\Windows\System\ZvAEKKz.exe
  C:\Windows\System\ZvAEKKz.exe
  2⤵
  PID:5972
- C:\Windows\System\IhFhVJt.exe
  C:\Windows\System\IhFhVJt.exe
  2⤵
  PID:6004
- C:\Windows\System\TETTVzH.exe
  C:\Windows\System\TETTVzH.exe
  2⤵
  PID:6064
- C:\Windows\System\urfYRta.exe
  C:\Windows\System\urfYRta.exe
  2⤵
  PID:6108
- C:\Windows\System\fRdLwnd.exe
  C:\Windows\System\fRdLwnd.exe
  2⤵
  PID:3832
- C:\Windows\System\CcoyRKn.exe
  C:\Windows\System\CcoyRKn.exe
  2⤵
  PID:4164
- C:\Windows\System\WMUoKiV.exe
  C:\Windows\System\WMUoKiV.exe
  2⤵
  PID:4384
- C:\Windows\System\pmmOwmG.exe
  C:\Windows\System\pmmOwmG.exe
  2⤵
  PID:4604
- C:\Windows\System\DuGHgDx.exe
  C:\Windows\System\DuGHgDx.exe
  2⤵
  PID:2976
- C:\Windows\System\zwntxDE.exe
  C:\Windows\System\zwntxDE.exe
  2⤵
  PID:5168
- C:\Windows\System\AlNuOaF.exe
  C:\Windows\System\AlNuOaF.exe
  2⤵
  PID:5268
- C:\Windows\System\suYWHEo.exe
  C:\Windows\System\suYWHEo.exe
  2⤵
  PID:5388
- C:\Windows\System\JTxjgmy.exe
  C:\Windows\System\JTxjgmy.exe
  2⤵
  PID:5464
- C:\Windows\System\YKiGGaO.exe
  C:\Windows\System\YKiGGaO.exe
  2⤵
  PID:5564
- C:\Windows\System\veGJzHn.exe
  C:\Windows\System\veGJzHn.exe
  2⤵
  PID:5612
- C:\Windows\System\qyMxTVX.exe
  C:\Windows\System\qyMxTVX.exe
  2⤵
  PID:5672
- C:\Windows\System\RuonwqD.exe
  C:\Windows\System\RuonwqD.exe
  2⤵
  PID:5728
- C:\Windows\System\SWCrnML.exe
  C:\Windows\System\SWCrnML.exe
  2⤵
  PID:5828
- C:\Windows\System\BDTKqBu.exe
  C:\Windows\System\BDTKqBu.exe
  2⤵
  PID:5952
- C:\Windows\System\IupUKRc.exe
  C:\Windows\System\IupUKRc.exe
  2⤵
  PID:1952
- C:\Windows\System\IsLZJDa.exe
  C:\Windows\System\IsLZJDa.exe
  2⤵
  PID:6088
- C:\Windows\System\acvzoHU.exe
  C:\Windows\System\acvzoHU.exe
  2⤵
  PID:6160
- C:\Windows\System\imbkvoa.exe
  C:\Windows\System\imbkvoa.exe
  2⤵
  PID:6180
- C:\Windows\System\eUrmDgS.exe
  C:\Windows\System\eUrmDgS.exe
  2⤵
  PID:6200
- C:\Windows\System\OHCRMVg.exe
  C:\Windows\System\OHCRMVg.exe
  2⤵
  PID:6220
- C:\Windows\System\rJwCBBM.exe
  C:\Windows\System\rJwCBBM.exe
  2⤵
  PID:6240
- C:\Windows\System\rmTbsFQ.exe
  C:\Windows\System\rmTbsFQ.exe
  2⤵
  PID:6260
- C:\Windows\System\mDkGOhY.exe
  C:\Windows\System\mDkGOhY.exe
  2⤵
  PID:6280
- C:\Windows\System\ooDcGRD.exe
  C:\Windows\System\ooDcGRD.exe
  2⤵
  PID:6300
- C:\Windows\System\ExtPLuG.exe
  C:\Windows\System\ExtPLuG.exe
  2⤵
  PID:6320
- C:\Windows\System\bbHRdHv.exe
  C:\Windows\System\bbHRdHv.exe
  2⤵
  PID:6340
- C:\Windows\System\YfnbrBT.exe
  C:\Windows\System\YfnbrBT.exe
  2⤵
  PID:6360
- C:\Windows\System\gsmbPZU.exe
  C:\Windows\System\gsmbPZU.exe
  2⤵
  PID:6380
- C:\Windows\System\djScdLn.exe
  C:\Windows\System\djScdLn.exe
  2⤵
  PID:6400
- C:\Windows\System\IzPRcMl.exe
  C:\Windows\System\IzPRcMl.exe
  2⤵
  PID:6420
- C:\Windows\System\ewlDdMX.exe
  C:\Windows\System\ewlDdMX.exe
  2⤵
  PID:6440
- C:\Windows\System\UrqddJU.exe
  C:\Windows\System\UrqddJU.exe
  2⤵
  PID:6460
- C:\Windows\System\wgBAgjA.exe
  C:\Windows\System\wgBAgjA.exe
  2⤵
  PID:6480
- C:\Windows\System\uoCyWpA.exe
  C:\Windows\System\uoCyWpA.exe
  2⤵
  PID:6500
- C:\Windows\System\GrzrMvG.exe
  C:\Windows\System\GrzrMvG.exe
  2⤵
  PID:6520
- C:\Windows\System\agnOyRM.exe
  C:\Windows\System\agnOyRM.exe
  2⤵
  PID:6540
- C:\Windows\System\yzBPqcD.exe
  C:\Windows\System\yzBPqcD.exe
  2⤵
  PID:6560
- C:\Windows\System\iRiFvlc.exe
  C:\Windows\System\iRiFvlc.exe
  2⤵
  PID:6580
- C:\Windows\System\pFdHabB.exe
  C:\Windows\System\pFdHabB.exe
  2⤵
  PID:6600
- C:\Windows\System\JPgzJsq.exe
  C:\Windows\System\JPgzJsq.exe
  2⤵
  PID:6620
- C:\Windows\System\QRQKjTH.exe
  C:\Windows\System\QRQKjTH.exe
  2⤵
  PID:6640
- C:\Windows\System\fdGKFLT.exe
  C:\Windows\System\fdGKFLT.exe
  2⤵
  PID:6660
- C:\Windows\System\AajEhBY.exe
  C:\Windows\System\AajEhBY.exe
  2⤵
  PID:6680
- C:\Windows\System\BWhebBL.exe
  C:\Windows\System\BWhebBL.exe
  2⤵
  PID:6700
- C:\Windows\System\xIPPSim.exe
  C:\Windows\System\xIPPSim.exe
  2⤵
  PID:6720
- C:\Windows\System\txWdKjs.exe
  C:\Windows\System\txWdKjs.exe
  2⤵
  PID:6740
- C:\Windows\System\GajCmsW.exe
  C:\Windows\System\GajCmsW.exe
  2⤵
  PID:6760
- C:\Windows\System\vbvrKQc.exe
  C:\Windows\System\vbvrKQc.exe
  2⤵
  PID:6780
- C:\Windows\System\wdtGlLD.exe
  C:\Windows\System\wdtGlLD.exe
  2⤵
  PID:6800
- C:\Windows\System\eOYxWDH.exe
  C:\Windows\System\eOYxWDH.exe
  2⤵
  PID:6820
- C:\Windows\System\HJEtcvi.exe
  C:\Windows\System\HJEtcvi.exe
  2⤵
  PID:6840
- C:\Windows\System\dFeplev.exe
  C:\Windows\System\dFeplev.exe
  2⤵
  PID:6860
- C:\Windows\System\OiFVZlH.exe
  C:\Windows\System\OiFVZlH.exe
  2⤵
  PID:6880
- C:\Windows\System\XHAoepK.exe
  C:\Windows\System\XHAoepK.exe
  2⤵
  PID:6900
- C:\Windows\System\sRkeUYw.exe
  C:\Windows\System\sRkeUYw.exe
  2⤵
  PID:6920
- C:\Windows\System\MnIwter.exe
  C:\Windows\System\MnIwter.exe
  2⤵
  PID:6940
- C:\Windows\System\VFlvtKR.exe
  C:\Windows\System\VFlvtKR.exe
  2⤵
  PID:6960
- C:\Windows\System\wovlvuk.exe
  C:\Windows\System\wovlvuk.exe
  2⤵
  PID:6980
- C:\Windows\System\NRSbHBn.exe
  C:\Windows\System\NRSbHBn.exe
  2⤵
  PID:7000
- C:\Windows\System\ucDipav.exe
  C:\Windows\System\ucDipav.exe
  2⤵
  PID:7024
- C:\Windows\System\Tkyizix.exe
  C:\Windows\System\Tkyizix.exe
  2⤵
  PID:7044
- C:\Windows\System\aMgHUxq.exe
  C:\Windows\System\aMgHUxq.exe
  2⤵
  PID:7064
- C:\Windows\System\MHxDKLv.exe
  C:\Windows\System\MHxDKLv.exe
  2⤵
  PID:7084
- C:\Windows\System\WceEzep.exe
  C:\Windows\System\WceEzep.exe
  2⤵
  PID:7104
- C:\Windows\System\OvMuDKH.exe
  C:\Windows\System\OvMuDKH.exe
  2⤵
  PID:7124
- C:\Windows\System\ahRZeTr.exe
  C:\Windows\System\ahRZeTr.exe
  2⤵
  PID:7144
- C:\Windows\System\meTSrFO.exe
  C:\Windows\System\meTSrFO.exe
  2⤵
  PID:7164
- C:\Windows\System\GBMGXtE.exe
  C:\Windows\System\GBMGXtE.exe
  2⤵
  PID:2672
- C:\Windows\System\SMVuAyF.exe
  C:\Windows\System\SMVuAyF.exe
  2⤵
  PID:4648
- C:\Windows\System\gdVjMuY.exe
  C:\Windows\System\gdVjMuY.exe
  2⤵
  PID:4844
- C:\Windows\System\EiEIszF.exe
  C:\Windows\System\EiEIszF.exe
  2⤵
  PID:5324
- C:\Windows\System\jhzEsep.exe
  C:\Windows\System\jhzEsep.exe
  2⤵
  PID:5468
- C:\Windows\System\iPDdEhI.exe
  C:\Windows\System\iPDdEhI.exe
  2⤵
  PID:596
- C:\Windows\System\uzhvuFY.exe
  C:\Windows\System\uzhvuFY.exe
  2⤵
  PID:5628
- C:\Windows\System\SHWqHfh.exe
  C:\Windows\System\SHWqHfh.exe
  2⤵
  PID:2832
- C:\Windows\System\tLjdqcT.exe
  C:\Windows\System\tLjdqcT.exe
  2⤵
  PID:2840
- C:\Windows\System\yLdblty.exe
  C:\Windows\System\yLdblty.exe
  2⤵
  PID:6124
- C:\Windows\System\wCybuuj.exe
  C:\Windows\System\wCybuuj.exe
  2⤵
  PID:6188
- C:\Windows\System\vSZPJtt.exe
  C:\Windows\System\vSZPJtt.exe
  2⤵
  PID:6192
- C:\Windows\System\JlskTmy.exe
  C:\Windows\System\JlskTmy.exe
  2⤵
  PID:6212
- C:\Windows\System\VJTCFEJ.exe
  C:\Windows\System\VJTCFEJ.exe
  2⤵
  PID:6256
- C:\Windows\System\xoQZqEo.exe
  C:\Windows\System\xoQZqEo.exe
  2⤵
  PID:6296
- C:\Windows\System\zvxYmRv.exe
  C:\Windows\System\zvxYmRv.exe
  2⤵
  PID:2912
- C:\Windows\System\NqMgzLs.exe
  C:\Windows\System\NqMgzLs.exe
  2⤵
  PID:6352
- C:\Windows\System\RGyMIXq.exe
  C:\Windows\System\RGyMIXq.exe
  2⤵
  PID:6372
- C:\Windows\System\SNMuTyc.exe
  C:\Windows\System\SNMuTyc.exe
  2⤵
  PID:6436
- C:\Windows\System\dEJbLnh.exe
  C:\Windows\System\dEJbLnh.exe
  2⤵
  PID:6468
- C:\Windows\System\Rhyslue.exe
  C:\Windows\System\Rhyslue.exe
  2⤵
  PID:2552
- C:\Windows\System\ofknUlr.exe
  C:\Windows\System\ofknUlr.exe
  2⤵
  PID:6516
- C:\Windows\System\TTVneGH.exe
  C:\Windows\System\TTVneGH.exe
  2⤵
  PID:6536
- C:\Windows\System\gMDgkxu.exe
  C:\Windows\System\gMDgkxu.exe
  2⤵
  PID:6588
- C:\Windows\System\ZHbYOUu.exe
  C:\Windows\System\ZHbYOUu.exe
  2⤵
  PID:6628
- C:\Windows\System\rAVcqbO.exe
  C:\Windows\System\rAVcqbO.exe
  2⤵
  PID:6648
- C:\Windows\System\VRAvWVN.exe
  C:\Windows\System\VRAvWVN.exe
  2⤵
  PID:6672
- C:\Windows\System\FcuOknR.exe
  C:\Windows\System\FcuOknR.exe
  2⤵
  PID:6692
- C:\Windows\System\hHkjPme.exe
  C:\Windows\System\hHkjPme.exe
  2⤵
  PID:6732
- C:\Windows\System\YNkAnmV.exe
  C:\Windows\System\YNkAnmV.exe
  2⤵
  PID:6772
- C:\Windows\System\iLNJOZU.exe
  C:\Windows\System\iLNJOZU.exe
  2⤵
  PID:6816
- C:\Windows\System\ELvKwTK.exe
  C:\Windows\System\ELvKwTK.exe
  2⤵
  PID:6868
- C:\Windows\System\GSZtQkb.exe
  C:\Windows\System\GSZtQkb.exe
  2⤵
  PID:6872
- C:\Windows\System\mHGgngV.exe
  C:\Windows\System\mHGgngV.exe
  2⤵
  PID:6916
- C:\Windows\System\ShKdvFL.exe
  C:\Windows\System\ShKdvFL.exe
  2⤵
  PID:6948
- C:\Windows\System\czDPRRU.exe
  C:\Windows\System\czDPRRU.exe
  2⤵
  PID:6988
- C:\Windows\System\fZpjKwU.exe
  C:\Windows\System\fZpjKwU.exe
  2⤵
  PID:7036
- C:\Windows\System\fvCfsAy.exe
  C:\Windows\System\fvCfsAy.exe
  2⤵
  PID:7060
- C:\Windows\System\rephLep.exe
  C:\Windows\System\rephLep.exe
  2⤵
  PID:7092
- C:\Windows\System\eYqDABT.exe
  C:\Windows\System\eYqDABT.exe
  2⤵
  PID:7116
- C:\Windows\System\ERWHiaN.exe
  C:\Windows\System\ERWHiaN.exe
  2⤵
  PID:7160
- C:\Windows\System\UTMBsDY.exe
  C:\Windows\System\UTMBsDY.exe
  2⤵
  PID:5064
- C:\Windows\System\WiyvVtP.exe
  C:\Windows\System\WiyvVtP.exe
  2⤵
  PID:5252
- C:\Windows\System\XtMJbkg.exe
  C:\Windows\System\XtMJbkg.exe
  2⤵
  PID:5432
- C:\Windows\System\KtgDvhm.exe
  C:\Windows\System\KtgDvhm.exe
  2⤵
  PID:5852
- C:\Windows\System\LRdIkgI.exe
  C:\Windows\System\LRdIkgI.exe
  2⤵
  PID:5692
- C:\Windows\System\lVvZNyA.exe
  C:\Windows\System\lVvZNyA.exe
  2⤵
  PID:5992
- C:\Windows\System\bvozsIb.exe
  C:\Windows\System\bvozsIb.exe
  2⤵
  PID:6172
- C:\Windows\System\xlddjxg.exe
  C:\Windows\System\xlddjxg.exe
  2⤵
  PID:6248
- C:\Windows\System\GzLUCkG.exe
  C:\Windows\System\GzLUCkG.exe
  2⤵
  PID:6272
- C:\Windows\System\KcUrGqK.exe
  C:\Windows\System\KcUrGqK.exe
  2⤵
  PID:6288
- C:\Windows\System\KjDKipw.exe
  C:\Windows\System\KjDKipw.exe
  2⤵
  PID:6332
- C:\Windows\System\ZzyXSHC.exe
  C:\Windows\System\ZzyXSHC.exe
  2⤵
  PID:2680
- C:\Windows\System\vpyJsTg.exe
  C:\Windows\System\vpyJsTg.exe
  2⤵
  PID:6452
- C:\Windows\System\qIdfXWg.exe
  C:\Windows\System\qIdfXWg.exe
  2⤵
  PID:2704
- C:\Windows\System\gjPuWzE.exe
  C:\Windows\System\gjPuWzE.exe
  2⤵
  PID:6568
- C:\Windows\System\VReZcHQ.exe
  C:\Windows\System\VReZcHQ.exe
  2⤵
  PID:6592
- C:\Windows\System\BHnFAtL.exe
  C:\Windows\System\BHnFAtL.exe
  2⤵
  PID:6716
- C:\Windows\System\dyPDajw.exe
  C:\Windows\System\dyPDajw.exe
  2⤵
  PID:6736
- C:\Windows\System\MUWEjDZ.exe
  C:\Windows\System\MUWEjDZ.exe
  2⤵
  PID:6836
- C:\Windows\System\pVdMQBm.exe
  C:\Windows\System\pVdMQBm.exe
  2⤵
  PID:6856
- C:\Windows\System\mPBpzho.exe
  C:\Windows\System\mPBpzho.exe
  2⤵
  PID:6896
- C:\Windows\System\pLhCWvP.exe
  C:\Windows\System\pLhCWvP.exe
  2⤵
  PID:6972
- C:\Windows\System\UxLVUNt.exe
  C:\Windows\System\UxLVUNt.exe
  2⤵
  PID:7012
- C:\Windows\System\UkCpnJU.exe
  C:\Windows\System\UkCpnJU.exe
  2⤵
  PID:7076
- C:\Windows\System\PJpZUXD.exe
  C:\Windows\System\PJpZUXD.exe
  2⤵
  PID:7136
- C:\Windows\System\gUULiRr.exe
  C:\Windows\System\gUULiRr.exe
  2⤵
  PID:5008
- C:\Windows\System\CzpKLtP.exe
  C:\Windows\System\CzpKLtP.exe
  2⤵
  PID:1664
- C:\Windows\System\ZyHjSmW.exe
  C:\Windows\System\ZyHjSmW.exe
  2⤵
  PID:5448
- C:\Windows\System\AOZLIoB.exe
  C:\Windows\System\AOZLIoB.exe
  2⤵
  PID:236
- C:\Windows\System\OgQKiFi.exe
  C:\Windows\System\OgQKiFi.exe
  2⤵
  PID:6156
- C:\Windows\System\ajHGFAx.exe
  C:\Windows\System\ajHGFAx.exe
  2⤵
  PID:6268
- C:\Windows\System\PMqlBgl.exe
  C:\Windows\System\PMqlBgl.exe
  2⤵
  PID:6308
- C:\Windows\System\xwbYwAS.exe
  C:\Windows\System\xwbYwAS.exe
  2⤵
  PID:6432
- C:\Windows\System\PYGjsuv.exe
  C:\Windows\System\PYGjsuv.exe
  2⤵
  PID:6528
- C:\Windows\System\NhGioOv.exe
  C:\Windows\System\NhGioOv.exe
  2⤵
  PID:6652
- C:\Windows\System\nLyOXtq.exe
  C:\Windows\System\nLyOXtq.exe
  2⤵
  PID:6636
- C:\Windows\System\gnpkZMj.exe
  C:\Windows\System\gnpkZMj.exe
  2⤵
  PID:6728
- C:\Windows\System\DeEHJVA.exe
  C:\Windows\System\DeEHJVA.exe
  2⤵
  PID:6892
- C:\Windows\System\EsBufdE.exe
  C:\Windows\System\EsBufdE.exe
  2⤵
  PID:6992
- C:\Windows\System\CCHhLvC.exe
  C:\Windows\System\CCHhLvC.exe
  2⤵
  PID:7100
- C:\Windows\System\SoHzowW.exe
  C:\Windows\System\SoHzowW.exe
  2⤵
  PID:3176
- C:\Windows\System\xCvZcCX.exe
  C:\Windows\System\xCvZcCX.exe
  2⤵
  PID:5144
- C:\Windows\System\uQKyMDU.exe
  C:\Windows\System\uQKyMDU.exe
  2⤵
  PID:5312
- C:\Windows\System\SETazrJ.exe
  C:\Windows\System\SETazrJ.exe
  2⤵
  PID:6232
- C:\Windows\System\EvqfrsE.exe
  C:\Windows\System\EvqfrsE.exe
  2⤵
  PID:7184
- C:\Windows\System\lbCRUDk.exe
  C:\Windows\System\lbCRUDk.exe
  2⤵
  PID:7204
- C:\Windows\System\YXdAiFx.exe
  C:\Windows\System\YXdAiFx.exe
  2⤵
  PID:7224
- C:\Windows\System\fCAeNkG.exe
  C:\Windows\System\fCAeNkG.exe
  2⤵
  PID:7244
- C:\Windows\System\EqnmVoj.exe
  C:\Windows\System\EqnmVoj.exe
  2⤵
  PID:7264
- C:\Windows\System\CgIMrxm.exe
  C:\Windows\System\CgIMrxm.exe
  2⤵
  PID:7284
- C:\Windows\System\DBUDQAo.exe
  C:\Windows\System\DBUDQAo.exe
  2⤵
  PID:7304
- C:\Windows\System\fdHdIXw.exe
  C:\Windows\System\fdHdIXw.exe
  2⤵
  PID:7324
- C:\Windows\System\IwIrAGd.exe
  C:\Windows\System\IwIrAGd.exe
  2⤵
  PID:7344
- C:\Windows\System\dPjxmMz.exe
  C:\Windows\System\dPjxmMz.exe
  2⤵
  PID:7364
- C:\Windows\System\qIVBzfx.exe
  C:\Windows\System\qIVBzfx.exe
  2⤵
  PID:7384
- C:\Windows\System\NNaVOlg.exe
  C:\Windows\System\NNaVOlg.exe
  2⤵
  PID:7404
- C:\Windows\System\gUyHhLk.exe
  C:\Windows\System\gUyHhLk.exe
  2⤵
  PID:7424
- C:\Windows\System\HKTJtQB.exe
  C:\Windows\System\HKTJtQB.exe
  2⤵
  PID:7444
- C:\Windows\System\OGKRnOZ.exe
  C:\Windows\System\OGKRnOZ.exe
  2⤵
  PID:7464
- C:\Windows\System\pwYiKIt.exe
  C:\Windows\System\pwYiKIt.exe
  2⤵
  PID:7516
- C:\Windows\System\XLtKUJl.exe
  C:\Windows\System\XLtKUJl.exe
  2⤵
  PID:7540
- C:\Windows\System\lbbgBnr.exe
  C:\Windows\System\lbbgBnr.exe
  2⤵
  PID:7556
- C:\Windows\System\NsroFhh.exe
  C:\Windows\System\NsroFhh.exe
  2⤵
  PID:7580
- C:\Windows\System\JcSlkNS.exe
  C:\Windows\System\JcSlkNS.exe
  2⤵
  PID:7596
- C:\Windows\System\BDQBkJX.exe
  C:\Windows\System\BDQBkJX.exe
  2⤵
  PID:7612
- C:\Windows\System\PZmpHoJ.exe
  C:\Windows\System\PZmpHoJ.exe
  2⤵
  PID:7632
- C:\Windows\System\qxwBRTq.exe
  C:\Windows\System\qxwBRTq.exe
  2⤵
  PID:7652
- C:\Windows\System\GEXrTWU.exe
  C:\Windows\System\GEXrTWU.exe
  2⤵
  PID:7668
- C:\Windows\System\HTyKxgd.exe
  C:\Windows\System\HTyKxgd.exe
  2⤵
  PID:7684
- C:\Windows\System\GZxVYfP.exe
  C:\Windows\System\GZxVYfP.exe
  2⤵
  PID:7700
- C:\Windows\System\VTrVHFL.exe
  C:\Windows\System\VTrVHFL.exe
  2⤵
  PID:7720
- C:\Windows\System\XlriRmS.exe
  C:\Windows\System\XlriRmS.exe
  2⤵
  PID:7736
- C:\Windows\System\QlYUhmD.exe
  C:\Windows\System\QlYUhmD.exe
  2⤵
  PID:7756
- C:\Windows\System\GoWREzJ.exe
  C:\Windows\System\GoWREzJ.exe
  2⤵
  PID:7776
- C:\Windows\System\SqdEbEh.exe
  C:\Windows\System\SqdEbEh.exe
  2⤵
  PID:7792
- C:\Windows\System\vBhhiop.exe
  C:\Windows\System\vBhhiop.exe
  2⤵
  PID:7828
- C:\Windows\System\qucyvsr.exe
  C:\Windows\System\qucyvsr.exe
  2⤵
  PID:7856
- C:\Windows\System\xguOHVz.exe
  C:\Windows\System\xguOHVz.exe
  2⤵
  PID:7872
- C:\Windows\System\qrpDwRl.exe
  C:\Windows\System\qrpDwRl.exe
  2⤵
  PID:7888
- C:\Windows\System\ryAOgnj.exe
  C:\Windows\System\ryAOgnj.exe
  2⤵
  PID:7912
- C:\Windows\System\RfTBbGn.exe
  C:\Windows\System\RfTBbGn.exe
  2⤵
  PID:7928
- C:\Windows\System\dHLiyuG.exe
  C:\Windows\System\dHLiyuG.exe
  2⤵
  PID:7944
- C:\Windows\System\KwvJxpG.exe
  C:\Windows\System\KwvJxpG.exe
  2⤵
  PID:7960
- C:\Windows\System\hIhLEUV.exe
  C:\Windows\System\hIhLEUV.exe
  2⤵
  PID:7976
- C:\Windows\System\XFxUqBE.exe
  C:\Windows\System\XFxUqBE.exe
  2⤵
  PID:7996
- C:\Windows\System\bltNrEQ.exe
  C:\Windows\System\bltNrEQ.exe
  2⤵
  PID:8016
- C:\Windows\System\jFTjIUQ.exe
  C:\Windows\System\jFTjIUQ.exe
  2⤵
  PID:8048
- C:\Windows\System\MSbBngy.exe
  C:\Windows\System\MSbBngy.exe
  2⤵
  PID:8068
- C:\Windows\System\fhqosTD.exe
  C:\Windows\System\fhqosTD.exe
  2⤵
  PID:8096
- C:\Windows\System\pIImKBh.exe
  C:\Windows\System\pIImKBh.exe
  2⤵
  PID:8112
- C:\Windows\System\UQBWKwT.exe
  C:\Windows\System\UQBWKwT.exe
  2⤵
  PID:8136
- C:\Windows\System\MNFmgmk.exe
  C:\Windows\System\MNFmgmk.exe
  2⤵
  PID:8156
- C:\Windows\System\WmRYvHJ.exe
  C:\Windows\System\WmRYvHJ.exe
  2⤵
  PID:8180
- C:\Windows\System\GhuDTjh.exe
  C:\Windows\System\GhuDTjh.exe
  2⤵
  PID:6376
- C:\Windows\System\TcItSSa.exe
  C:\Windows\System\TcItSSa.exe
  2⤵
  PID:6548
- C:\Windows\System\YtUucGA.exe
  C:\Windows\System\YtUucGA.exe
  2⤵
  PID:6552
- C:\Windows\System\aalrgak.exe
  C:\Windows\System\aalrgak.exe
  2⤵
  PID:6608
- C:\Windows\System\jkPVZjL.exe
  C:\Windows\System\jkPVZjL.exe
  2⤵
  PID:6792
- C:\Windows\System\pFezJWz.exe
  C:\Windows\System\pFezJWz.exe
  2⤵
  PID:6928
- C:\Windows\System\toZjCoW.exe
  C:\Windows\System\toZjCoW.exe
  2⤵
  PID:7152
- C:\Windows\System\AMRpAVU.exe
  C:\Windows\System\AMRpAVU.exe
  2⤵
  PID:1692
- C:\Windows\System\LbQDBRB.exe
  C:\Windows\System\LbQDBRB.exe
  2⤵
  PID:4720
- C:\Windows\System\GbOzXWk.exe
  C:\Windows\System\GbOzXWk.exe
  2⤵
  PID:7176
- C:\Windows\System\OixSwhV.exe
  C:\Windows\System\OixSwhV.exe
  2⤵
  PID:7196
- C:\Windows\System\ZWdMMLo.exe
  C:\Windows\System\ZWdMMLo.exe
  2⤵
  PID:7220
- C:\Windows\System\NhYDvvO.exe
  C:\Windows\System\NhYDvvO.exe
  2⤵
  PID:7252
- C:\Windows\System\udOPDpk.exe
  C:\Windows\System\udOPDpk.exe
  2⤵
  PID:2564
- C:\Windows\System\spsQYQH.exe
  C:\Windows\System\spsQYQH.exe
  2⤵
  PID:7280
- C:\Windows\System\JGFWkTo.exe
  C:\Windows\System\JGFWkTo.exe
  2⤵
  PID:7316
- C:\Windows\System\CDwVTzr.exe
  C:\Windows\System\CDwVTzr.exe
  2⤵
  PID:7352
- C:\Windows\System\WQcDMFH.exe
  C:\Windows\System\WQcDMFH.exe
  2⤵
  PID:7392
- C:\Windows\System\tZUJWLU.exe
  C:\Windows\System\tZUJWLU.exe
  2⤵
  PID:7420
- C:\Windows\System\sTpUPYW.exe
  C:\Windows\System\sTpUPYW.exe
  2⤵
  PID:7440
- C:\Windows\System\UelhDKx.exe
  C:\Windows\System\UelhDKx.exe
  2⤵
  PID:7456
- C:\Windows\System\HZUtQTx.exe
  C:\Windows\System\HZUtQTx.exe
  2⤵
  PID:2312
- C:\Windows\System\dZchfMS.exe
  C:\Windows\System\dZchfMS.exe
  2⤵
  PID:2240
- C:\Windows\System\hGDpxxA.exe
  C:\Windows\System\hGDpxxA.exe
  2⤵
  PID:2524
- C:\Windows\System\WvBfHQT.exe
  C:\Windows\System\WvBfHQT.exe
  2⤵
  PID:1984
- C:\Windows\System\polSFCg.exe
  C:\Windows\System\polSFCg.exe
  2⤵
  PID:2156
- C:\Windows\System\qUjyAVP.exe
  C:\Windows\System\qUjyAVP.exe
  2⤵
  PID:280
- C:\Windows\System\ehzzITB.exe
  C:\Windows\System\ehzzITB.exe
  2⤵
  PID:568
- C:\Windows\System\siGzbMf.exe
  C:\Windows\System\siGzbMf.exe
  2⤵
  PID:972
- C:\Windows\System\vxIfqwU.exe
  C:\Windows\System\vxIfqwU.exe
  2⤵
  PID:1548
- C:\Windows\System\tKJYAwX.exe
  C:\Windows\System\tKJYAwX.exe
  2⤵
  PID:2044
- C:\Windows\System\olFZOmL.exe
  C:\Windows\System\olFZOmL.exe
  2⤵
  PID:1568
- C:\Windows\System\awRtceQ.exe
  C:\Windows\System\awRtceQ.exe
  2⤵
  PID:7492
- C:\Windows\System\kLORmtH.exe
  C:\Windows\System\kLORmtH.exe
  2⤵
  PID:7644
- C:\Windows\System\yveIkaE.exe
  C:\Windows\System\yveIkaE.exe
  2⤵
  PID:7716
- C:\Windows\System\uigCMKk.exe
  C:\Windows\System\uigCMKk.exe
  2⤵
  PID:7788
- C:\Windows\System\CSxdDXC.exe
  C:\Windows\System\CSxdDXC.exe
  2⤵
  PID:7620
- C:\Windows\System\LEwiwjL.exe
  C:\Windows\System\LEwiwjL.exe
  2⤵
  PID:7840
- C:\Windows\System\LmbNRfB.exe
  C:\Windows\System\LmbNRfB.exe
  2⤵
  PID:7660
- C:\Windows\System\rDwvFlm.exe
  C:\Windows\System\rDwvFlm.exe
  2⤵
  PID:7764
- C:\Windows\System\SlDLwGL.exe
  C:\Windows\System\SlDLwGL.exe
  2⤵
  PID:7920
- C:\Windows\System\TiDFouz.exe
  C:\Windows\System\TiDFouz.exe
  2⤵
  PID:7820
- C:\Windows\System\tdQhgBq.exe
  C:\Windows\System\tdQhgBq.exe
  2⤵
  PID:7812
- C:\Windows\System\RPpBrqh.exe
  C:\Windows\System\RPpBrqh.exe
  2⤵
  PID:8024
- C:\Windows\System\vGxLJcY.exe
  C:\Windows\System\vGxLJcY.exe
  2⤵
  PID:7868
- C:\Windows\System\WJnXOhg.exe
  C:\Windows\System\WJnXOhg.exe
  2⤵
  PID:7940
- C:\Windows\System\WtGeMRz.exe
  C:\Windows\System\WtGeMRz.exe
  2⤵
  PID:8004
- C:\Windows\System\hKIzERt.exe
  C:\Windows\System\hKIzERt.exe
  2⤵
  PID:8084
- C:\Windows\System\UYrSIxy.exe
  C:\Windows\System\UYrSIxy.exe
  2⤵
  PID:8104
- C:\Windows\System\yWVwJHl.exe
  C:\Windows\System\yWVwJHl.exe
  2⤵
  PID:8132
- C:\Windows\System\EXaQVos.exe
  C:\Windows\System\EXaQVos.exe
  2⤵
  PID:8148
- C:\Windows\System\wuaaCJU.exe
  C:\Windows\System\wuaaCJU.exe
  2⤵
  PID:8188
- C:\Windows\System\xZFJhJc.exe
  C:\Windows\System\xZFJhJc.exe
  2⤵
  PID:6412
- C:\Windows\System\ktAQchE.exe
  C:\Windows\System\ktAQchE.exe
  2⤵
  PID:6492
- C:\Windows\System\qWqVvch.exe
  C:\Windows\System\qWqVvch.exe
  2⤵
  PID:7096
- C:\Windows\System\gueVYQr.exe
  C:\Windows\System\gueVYQr.exe
  2⤵
  PID:7040
- C:\Windows\System\ICBNosL.exe
  C:\Windows\System\ICBNosL.exe
  2⤵
  PID:2856
- C:\Windows\System\OoCYzAj.exe
  C:\Windows\System\OoCYzAj.exe
  2⤵
  PID:7380
- C:\Windows\System\fVDvEBR.exe
  C:\Windows\System\fVDvEBR.exe
  2⤵
  PID:7476
- C:\Windows\System\heCpBUh.exe
  C:\Windows\System\heCpBUh.exe
  2⤵
  PID:2360
- C:\Windows\System\TrmpQhv.exe
  C:\Windows\System\TrmpQhv.exe
  2⤵
  PID:7300
- C:\Windows\System\vxBfROw.exe
  C:\Windows\System\vxBfROw.exe
  2⤵
  PID:1004
- C:\Windows\System\sZEwTah.exe
  C:\Windows\System\sZEwTah.exe
  2⤵
  PID:4380
- C:\Windows\System\xCOYpSy.exe
  C:\Windows\System\xCOYpSy.exe
  2⤵
  PID:7452
- C:\Windows\System\YSgYwrb.exe
  C:\Windows\System\YSgYwrb.exe
  2⤵
  PID:2872
- C:\Windows\System\xkgEtdO.exe
  C:\Windows\System\xkgEtdO.exe
  2⤵
  PID:2316
- C:\Windows\System\nCKMsOF.exe
  C:\Windows\System\nCKMsOF.exe
  2⤵
  PID:1212
- C:\Windows\System\NnTOAZM.exe
  C:\Windows\System\NnTOAZM.exe
  2⤵
  PID:2164
- C:\Windows\System\LuKvVXX.exe
  C:\Windows\System\LuKvVXX.exe
  2⤵
  PID:704
- C:\Windows\System\csdFmzs.exe
  C:\Windows\System\csdFmzs.exe
  2⤵
  PID:7576
- C:\Windows\System\YnajjAJ.exe
  C:\Windows\System\YnajjAJ.exe
  2⤵
  PID:2924
- C:\Windows\System\IfzKptA.exe
  C:\Windows\System\IfzKptA.exe
  2⤵
  PID:7752
- C:\Windows\System\fdYbuLt.exe
  C:\Windows\System\fdYbuLt.exe
  2⤵
  PID:7628
- C:\Windows\System\wsBLFPA.exe
  C:\Windows\System\wsBLFPA.exe
  2⤵
  PID:7836
- C:\Windows\System\cmqJpJW.exe
  C:\Windows\System\cmqJpJW.exe
  2⤵
  PID:7952
- C:\Windows\System\MsKqWkH.exe
  C:\Windows\System\MsKqWkH.exe
  2⤵
  PID:8044
- C:\Windows\System\aqSMRQB.exe
  C:\Windows\System\aqSMRQB.exe
  2⤵
  PID:7816
- C:\Windows\System\dmqkdtZ.exe
  C:\Windows\System\dmqkdtZ.exe
  2⤵
  PID:7808
- C:\Windows\System\nlkYYtB.exe
  C:\Windows\System\nlkYYtB.exe
  2⤵
  PID:8064
- C:\Windows\System\OyeIFnc.exe
  C:\Windows\System\OyeIFnc.exe
  2⤵
  PID:8128
- C:\Windows\System\mbhJGAE.exe
  C:\Windows\System\mbhJGAE.exe
  2⤵
  PID:3012
- C:\Windows\System\bHclYRR.exe
  C:\Windows\System\bHclYRR.exe
  2⤵
  PID:7180
- C:\Windows\System\psshHsf.exe
  C:\Windows\System\psshHsf.exe
  2⤵
  PID:7356
- C:\Windows\System\OBjoLTu.exe
  C:\Windows\System\OBjoLTu.exe
  2⤵
  PID:6808
- C:\Windows\System\vJfVZKV.exe
  C:\Windows\System\vJfVZKV.exe
  2⤵
  PID:5512
- C:\Windows\System\BWZEJws.exe
  C:\Windows\System\BWZEJws.exe
  2⤵
  PID:2624
- C:\Windows\System\ovrtten.exe
  C:\Windows\System\ovrtten.exe
  2⤵
  PID:4216
- C:\Windows\System\HhiSchY.exe
  C:\Windows\System\HhiSchY.exe
  2⤵
  PID:7416
- C:\Windows\System\aTXRpvw.exe
  C:\Windows\System\aTXRpvw.exe
  2⤵
  PID:7564
- C:\Windows\System\huGjNuz.exe
  C:\Windows\System\huGjNuz.exe
  2⤵
  PID:600
- C:\Windows\System\mrIQTjz.exe
  C:\Windows\System\mrIQTjz.exe
  2⤵
  PID:7572
- C:\Windows\System\ayGkrac.exe
  C:\Windows\System\ayGkrac.exe
  2⤵
  PID:7732
- C:\Windows\System\qLnNOoR.exe
  C:\Windows\System\qLnNOoR.exe
  2⤵
  PID:7864
- C:\Windows\System\SgtXmBE.exe
  C:\Windows\System\SgtXmBE.exe
  2⤵
  PID:7880
- C:\Windows\System\ZSHyxkn.exe
  C:\Windows\System\ZSHyxkn.exe
  2⤵
  PID:7708
- C:\Windows\System\aVMrPEp.exe
  C:\Windows\System\aVMrPEp.exe
  2⤵
  PID:7696
- C:\Windows\System\VtrfPfO.exe
  C:\Windows\System\VtrfPfO.exe
  2⤵
  PID:7904
- C:\Windows\System\gkShwpR.exe
  C:\Windows\System\gkShwpR.exe
  2⤵
  PID:7804
- C:\Windows\System\sCClwpU.exe
  C:\Windows\System\sCClwpU.exe
  2⤵
  PID:7312
- C:\Windows\System\ZGzUUki.exe
  C:\Windows\System\ZGzUUki.exe
  2⤵
  PID:8144
- C:\Windows\System\EhNhKdU.exe
  C:\Windows\System\EhNhKdU.exe
  2⤵
  PID:7256
- C:\Windows\System\bMHEXKt.exe
  C:\Windows\System\bMHEXKt.exe
  2⤵
  PID:1572
- C:\Windows\System\EOBvpZu.exe
  C:\Windows\System\EOBvpZu.exe
  2⤵
  PID:7340
- C:\Windows\System\cBQnUCO.exe
  C:\Windows\System\cBQnUCO.exe
  2⤵
  PID:7240
- C:\Windows\System\ZJIeRrt.exe
  C:\Windows\System\ZJIeRrt.exe
  2⤵
  PID:2768
- C:\Windows\System\KqsVgfm.exe
  C:\Windows\System\KqsVgfm.exe
  2⤵
  PID:7536
- C:\Windows\System\QJmkPiw.exe
  C:\Windows\System\QJmkPiw.exe
  2⤵
  PID:7608
- C:\Windows\System\hhGrzdx.exe
  C:\Windows\System\hhGrzdx.exe
  2⤵
  PID:7680
- C:\Windows\System\IbuLNRK.exe
  C:\Windows\System\IbuLNRK.exe
  2⤵
  PID:3876
- C:\Windows\System\zsZuRgk.exe
  C:\Windows\System\zsZuRgk.exe
  2⤵
  PID:7296
- C:\Windows\System\FkIiweV.exe
  C:\Windows\System\FkIiweV.exe
  2⤵
  PID:8008
- C:\Windows\System\IzuCfvL.exe
  C:\Windows\System\IzuCfvL.exe
  2⤵
  PID:7320
- C:\Windows\System\RtETuUg.exe
  C:\Windows\System\RtETuUg.exe
  2⤵
  PID:6356
- C:\Windows\System\eyqnRGs.exe
  C:\Windows\System\eyqnRGs.exe
  2⤵
  PID:7200
- C:\Windows\System\QNcCmgG.exe
  C:\Windows\System\QNcCmgG.exe
  2⤵
  PID:8152
- C:\Windows\System\meGVWyv.exe
  C:\Windows\System\meGVWyv.exe
  2⤵
  PID:7568
- C:\Windows\System\iuAGqDB.exe
  C:\Windows\System\iuAGqDB.exe
  2⤵
  PID:7640
- C:\Windows\System\fNQHjsb.exe
  C:\Windows\System\fNQHjsb.exe
  2⤵
  PID:8196
- C:\Windows\System\vJGWRTI.exe
  C:\Windows\System\vJGWRTI.exe
  2⤵
  PID:8232
- C:\Windows\System\yoEaYoS.exe
  C:\Windows\System\yoEaYoS.exe
  2⤵
  PID:8252
- C:\Windows\System\bllrylH.exe
  C:\Windows\System\bllrylH.exe
  2⤵
  PID:8272
- C:\Windows\System\uFGkBYG.exe
  C:\Windows\System\uFGkBYG.exe
  2⤵
  PID:8300
- C:\Windows\System\FwElaEi.exe
  C:\Windows\System\FwElaEi.exe
  2⤵
  PID:8324
- C:\Windows\System\ubJeSYF.exe
  C:\Windows\System\ubJeSYF.exe
  2⤵
  PID:8340
- C:\Windows\System\lDlWRJI.exe
  C:\Windows\System\lDlWRJI.exe
  2⤵
  PID:8360
- C:\Windows\System\uuRduyv.exe
  C:\Windows\System\uuRduyv.exe
  2⤵
  PID:8376
- C:\Windows\System\gcZdaiC.exe
  C:\Windows\System\gcZdaiC.exe
  2⤵
  PID:8392
- C:\Windows\System\RjNMJeJ.exe
  C:\Windows\System\RjNMJeJ.exe
  2⤵
  PID:8412
- C:\Windows\System\FEuzSpp.exe
  C:\Windows\System\FEuzSpp.exe
  2⤵
  PID:8428
- C:\Windows\System\Didtrjh.exe
  C:\Windows\System\Didtrjh.exe
  2⤵
  PID:8448
- C:\Windows\System\lYXDowY.exe
  C:\Windows\System\lYXDowY.exe
  2⤵
  PID:8468
- C:\Windows\System\sNEnBvh.exe
  C:\Windows\System\sNEnBvh.exe
  2⤵
  PID:8536
- C:\Windows\System\FbTQHUO.exe
  C:\Windows\System\FbTQHUO.exe
  2⤵
  PID:8552
- C:\Windows\System\ewwILjX.exe
  C:\Windows\System\ewwILjX.exe
  2⤵
  PID:8576
- C:\Windows\System\bIFabfQ.exe
  C:\Windows\System\bIFabfQ.exe
  2⤵
  PID:8592
- C:\Windows\System\hweRZug.exe
  C:\Windows\System\hweRZug.exe
  2⤵
  PID:8608
- C:\Windows\System\svXIzIF.exe
  C:\Windows\System\svXIzIF.exe
  2⤵
  PID:8628
- C:\Windows\System\TrdOPgf.exe
  C:\Windows\System\TrdOPgf.exe
  2⤵
  PID:8648
- C:\Windows\System\BurtaQQ.exe
  C:\Windows\System\BurtaQQ.exe
  2⤵
  PID:8664
- C:\Windows\System\AGqVbgw.exe
  C:\Windows\System\AGqVbgw.exe
  2⤵
  PID:8688
- C:\Windows\System\LZWoyZc.exe
  C:\Windows\System\LZWoyZc.exe
  2⤵
  PID:8724
- C:\Windows\System\iPxuFjl.exe
  C:\Windows\System\iPxuFjl.exe
  2⤵
  PID:8740
- C:\Windows\System\CWZsmyj.exe
  C:\Windows\System\CWZsmyj.exe
  2⤵
  PID:8760
- C:\Windows\System\UBcJQqk.exe
  C:\Windows\System\UBcJQqk.exe
  2⤵
  PID:8780
- C:\Windows\System\skZTiYO.exe
  C:\Windows\System\skZTiYO.exe
  2⤵
  PID:8796
- C:\Windows\System\atruXxL.exe
  C:\Windows\System\atruXxL.exe
  2⤵
  PID:8824
- C:\Windows\System\wcXnMGw.exe
  C:\Windows\System\wcXnMGw.exe
  2⤵
  PID:8840
- C:\Windows\System\nzYpjrL.exe
  C:\Windows\System\nzYpjrL.exe
  2⤵
  PID:8856
- C:\Windows\System\ijXASjk.exe
  C:\Windows\System\ijXASjk.exe
  2⤵
  PID:8876
- C:\Windows\System\CTZdPoV.exe
  C:\Windows\System\CTZdPoV.exe
  2⤵
  PID:8892
- C:\Windows\System\UcnoyPg.exe
  C:\Windows\System\UcnoyPg.exe
  2⤵
  PID:8912
- C:\Windows\System\FvYelVz.exe
  C:\Windows\System\FvYelVz.exe
  2⤵
  PID:8944
- C:\Windows\System\MPkpfPT.exe
  C:\Windows\System\MPkpfPT.exe
  2⤵
  PID:8960
- C:\Windows\System\dyhfEmd.exe
  C:\Windows\System\dyhfEmd.exe
  2⤵
  PID:8980
- C:\Windows\System\xGQfnPR.exe
  C:\Windows\System\xGQfnPR.exe
  2⤵
  PID:9004
- C:\Windows\System\ILiuDzA.exe
  C:\Windows\System\ILiuDzA.exe
  2⤵
  PID:9020
- C:\Windows\System\gvxKxQe.exe
  C:\Windows\System\gvxKxQe.exe
  2⤵
  PID:9036
- C:\Windows\System\QPLnHke.exe
  C:\Windows\System\QPLnHke.exe
  2⤵
  PID:9052
- C:\Windows\System\FMeONwk.exe
  C:\Windows\System\FMeONwk.exe
  2⤵
  PID:9068
- C:\Windows\System\ETLYPhX.exe
  C:\Windows\System\ETLYPhX.exe
  2⤵
  PID:9088
- C:\Windows\System\XWpKLSV.exe
  C:\Windows\System\XWpKLSV.exe
  2⤵
  PID:9108
- C:\Windows\System\RjMgGeb.exe
  C:\Windows\System\RjMgGeb.exe
  2⤵
  PID:9128
- C:\Windows\System\aeVONHd.exe
  C:\Windows\System\aeVONHd.exe
  2⤵
  PID:9144
- C:\Windows\System\iKSfWZe.exe
  C:\Windows\System\iKSfWZe.exe
  2⤵
  PID:9160
- C:\Windows\System\oaWvIwh.exe
  C:\Windows\System\oaWvIwh.exe
  2⤵
  PID:9192
- C:\Windows\System\iYSwPnJ.exe
  C:\Windows\System\iYSwPnJ.exe
  2⤵
  PID:8036
- C:\Windows\System\yspcleD.exe
  C:\Windows\System\yspcleD.exe
  2⤵
  PID:8248
- C:\Windows\System\NVOKFSS.exe
  C:\Windows\System\NVOKFSS.exe
  2⤵
  PID:7692
- C:\Windows\System\qxRyqmF.exe
  C:\Windows\System\qxRyqmF.exe
  2⤵
  PID:1640
- C:\Windows\System\xgkPSMq.exe
  C:\Windows\System\xgkPSMq.exe
  2⤵
  PID:2208
- C:\Windows\System\HZTQzyT.exe
  C:\Windows\System\HZTQzyT.exe
  2⤵
  PID:8204
- C:\Windows\System\brCDrdT.exe
  C:\Windows\System\brCDrdT.exe
  2⤵
  PID:8268
- C:\Windows\System\hhtjvOx.exe
  C:\Windows\System\hhtjvOx.exe
  2⤵
  PID:8288
- C:\Windows\System\gPurBeD.exe
  C:\Windows\System\gPurBeD.exe
  2⤵
  PID:8400
- C:\Windows\System\UUkuMQi.exe
  C:\Windows\System\UUkuMQi.exe
  2⤵
  PID:8440
- C:\Windows\System\wzxFWBJ.exe
  C:\Windows\System\wzxFWBJ.exe
  2⤵
  PID:8420
- C:\Windows\System\VpIqoVv.exe
  C:\Windows\System\VpIqoVv.exe
  2⤵
  PID:8352
- C:\Windows\System\bwiOrsI.exe
  C:\Windows\System\bwiOrsI.exe
  2⤵
  PID:8504
- C:\Windows\System\OGhuAil.exe
  C:\Windows\System\OGhuAil.exe
  2⤵
  PID:8544
- C:\Windows\System\KqVMCJz.exe
  C:\Windows\System\KqVMCJz.exe
  2⤵
  PID:8568
- C:\Windows\System\fppWzmK.exe
  C:\Windows\System\fppWzmK.exe
  2⤵
  PID:8620
- C:\Windows\System\eKwQTgc.exe
  C:\Windows\System\eKwQTgc.exe
  2⤵
  PID:8636
- C:\Windows\System\hrTXwbO.exe
  C:\Windows\System\hrTXwbO.exe
  2⤵
  PID:8656
- C:\Windows\System\wFxuPcF.exe
  C:\Windows\System\wFxuPcF.exe
  2⤵
  PID:8708
- C:\Windows\System\trcZQZJ.exe
  C:\Windows\System\trcZQZJ.exe
  2⤵
  PID:8768
- C:\Windows\System\GQEctoI.exe
  C:\Windows\System\GQEctoI.exe
  2⤵
  PID:8776
- C:\Windows\System\pogJYEh.exe
  C:\Windows\System\pogJYEh.exe
  2⤵
  PID:8816
- C:\Windows\System\OIlhJSx.exe
  C:\Windows\System\OIlhJSx.exe
  2⤵
  PID:8836
- C:\Windows\System\cKefRtB.exe
  C:\Windows\System\cKefRtB.exe
  2⤵
  PID:8888
- C:\Windows\System\vfghywk.exe
  C:\Windows\System\vfghywk.exe
  2⤵
  PID:8904
- C:\Windows\System\pJjhnvi.exe
  C:\Windows\System\pJjhnvi.exe
  2⤵
  PID:8712
- C:\Windows\System\OWiSMut.exe
  C:\Windows\System\OWiSMut.exe
  2⤵
  PID:8968
- C:\Windows\System\AhreYNC.exe
  C:\Windows\System\AhreYNC.exe
  2⤵
  PID:8996
- C:\Windows\System\SSjysRt.exe
  C:\Windows\System\SSjysRt.exe
  2⤵
  PID:9044
- C:\Windows\System\mxYXRNE.exe
  C:\Windows\System\mxYXRNE.exe
  2⤵
  PID:9080
- C:\Windows\System\IXpUCjI.exe
  C:\Windows\System\IXpUCjI.exe
  2⤵
  PID:9156
- C:\Windows\System\CtGFMlZ.exe
  C:\Windows\System\CtGFMlZ.exe
  2⤵
  PID:9096
- C:\Windows\System\iQrcxBX.exe
  C:\Windows\System\iQrcxBX.exe
  2⤵
  PID:9172
- C:\Windows\System\rzBkGnX.exe
  C:\Windows\System\rzBkGnX.exe
  2⤵
  PID:9212
- C:\Windows\System\vQqsnjo.exe
  C:\Windows\System\vQqsnjo.exe
  2⤵
  PID:8284
- C:\Windows\System\xSyPQCk.exe
  C:\Windows\System\xSyPQCk.exe
  2⤵
  PID:8296
- C:\Windows\System\ndPYGxS.exe
  C:\Windows\System\ndPYGxS.exe
  2⤵
  PID:7992
- C:\Windows\System\BiIexUE.exe
  C:\Windows\System\BiIexUE.exe
  2⤵
  PID:7532
- C:\Windows\System\sYGpONy.exe
  C:\Windows\System\sYGpONy.exe
  2⤵
  PID:8372
- C:\Windows\System\OWfAWum.exe
  C:\Windows\System\OWfAWum.exe
  2⤵
  PID:8316
- C:\Windows\System\ysIqRsm.exe
  C:\Windows\System\ysIqRsm.exe
  2⤵
  PID:8464
- C:\Windows\System\aSAHfvw.exe
  C:\Windows\System\aSAHfvw.exe
  2⤵
  PID:8516
- C:\Windows\System\WyRJFqs.exe
  C:\Windows\System\WyRJFqs.exe
  2⤵
  PID:8564
- C:\Windows\System\dglKLuu.exe
  C:\Windows\System\dglKLuu.exe
  2⤵
  PID:8676
- C:\Windows\System\RQTTsCE.exe
  C:\Windows\System\RQTTsCE.exe
  2⤵
  PID:8704
- C:\Windows\System\RrShqXq.exe
  C:\Windows\System\RrShqXq.exe
  2⤵
  PID:8732
- C:\Windows\System\HYBXEVj.exe
  C:\Windows\System\HYBXEVj.exe
  2⤵
  PID:8788
- C:\Windows\System\uDdOJkL.exe
  C:\Windows\System\uDdOJkL.exe
  2⤵
  PID:8832
- C:\Windows\System\SgtStFb.exe
  C:\Windows\System\SgtStFb.exe
  2⤵
  PID:8872
- C:\Windows\System\YmVuphc.exe
  C:\Windows\System\YmVuphc.exe
  2⤵
  PID:9012
- C:\Windows\System\YLfmhNx.exe
  C:\Windows\System\YLfmhNx.exe
  2⤵
  PID:8976
- C:\Windows\System\RzlmaSc.exe
  C:\Windows\System\RzlmaSc.exe
  2⤵
  PID:9124
- C:\Windows\System\ysSWJHD.exe
  C:\Windows\System\ysSWJHD.exe
  2⤵
  PID:9060
- C:\Windows\System\DNPcsxB.exe
  C:\Windows\System\DNPcsxB.exe
  2⤵
  PID:9208
- C:\Windows\System\JMNCUGe.exe
  C:\Windows\System\JMNCUGe.exe
  2⤵
  PID:8368
- C:\Windows\System\MhpXuoT.exe
  C:\Windows\System\MhpXuoT.exe
  2⤵
  PID:8124
- C:\Windows\System\IyIlIpJ.exe
  C:\Windows\System\IyIlIpJ.exe
  2⤵
  PID:8260
- C:\Windows\System\OsoKLlo.exe
  C:\Windows\System\OsoKLlo.exe
  2⤵
  PID:8408
- C:\Windows\System\mTVMtfs.exe
  C:\Windows\System\mTVMtfs.exe
  2⤵
  PID:8292
- C:\Windows\System\gkGXYDf.exe
  C:\Windows\System\gkGXYDf.exe
  2⤵
  PID:8624
- C:\Windows\System\eInCqiU.exe
  C:\Windows\System\eInCqiU.exe
  2⤵
  PID:8684
- C:\Windows\System\CVYlqyk.exe
  C:\Windows\System\CVYlqyk.exe
  2⤵
  PID:8928
- C:\Windows\System\qWNvLoM.exe
  C:\Windows\System\qWNvLoM.exe
  2⤵
  PID:9140
- C:\Windows\System\IaGpcnt.exe
  C:\Windows\System\IaGpcnt.exe
  2⤵
  PID:6176
- C:\Windows\System\EkMBLea.exe
  C:\Windows\System\EkMBLea.exe
  2⤵
  PID:9084
- C:\Windows\System\skSofsX.exe
  C:\Windows\System\skSofsX.exe
  2⤵
  PID:8956
- C:\Windows\System\nYCAZnG.exe
  C:\Windows\System\nYCAZnG.exe
  2⤵
  PID:8936
- C:\Windows\System\CZGfkAC.exe
  C:\Windows\System\CZGfkAC.exe
  2⤵
  PID:9100
- C:\Windows\System\ZZtZnVs.exe
  C:\Windows\System\ZZtZnVs.exe
  2⤵
  PID:8560
- C:\Windows\System\YRnSALQ.exe
  C:\Windows\System\YRnSALQ.exe
  2⤵
  PID:8600
- C:\Windows\System\IdiXUDa.exe
  C:\Windows\System\IdiXUDa.exe
  2⤵
  PID:8720
- C:\Windows\System\QNtKfLO.exe
  C:\Windows\System\QNtKfLO.exe
  2⤵
  PID:8988
- C:\Windows\System\jynVdpP.exe
  C:\Windows\System\jynVdpP.exe
  2⤵
  PID:8932
- C:\Windows\System\dPCMaJT.exe
  C:\Windows\System\dPCMaJT.exe
  2⤵
  PID:8952
- C:\Windows\System\xFWnXiS.exe
  C:\Windows\System\xFWnXiS.exe
  2⤵
  PID:8524
- C:\Windows\System\nNcBzAQ.exe
  C:\Windows\System\nNcBzAQ.exe
  2⤵
  PID:8332
- C:\Windows\System\ElvIXvz.exe
  C:\Windows\System\ElvIXvz.exe
  2⤵
  PID:8244
- C:\Windows\System\qYGnfKH.exe
  C:\Windows\System\qYGnfKH.exe
  2⤵
  PID:9228
- C:\Windows\System\xSkxPbO.exe
  C:\Windows\System\xSkxPbO.exe
  2⤵
  PID:9252
- C:\Windows\System\KegSula.exe
  C:\Windows\System\KegSula.exe
  2⤵
  PID:9276
- C:\Windows\System\zXbKYfT.exe
  C:\Windows\System\zXbKYfT.exe
  2⤵
  PID:9292
- C:\Windows\System\IOFSHqp.exe
  C:\Windows\System\IOFSHqp.exe
  2⤵
  PID:9316
- C:\Windows\System\UoGFQEw.exe
  C:\Windows\System\UoGFQEw.exe
  2⤵
  PID:9356
- C:\Windows\System\ZtmsQDN.exe
  C:\Windows\System\ZtmsQDN.exe
  2⤵
  PID:9372
- C:\Windows\System\XNvegBu.exe
  C:\Windows\System\XNvegBu.exe
  2⤵
  PID:9388
- C:\Windows\System\HDDincN.exe
  C:\Windows\System\HDDincN.exe
  2⤵
  PID:9408
- C:\Windows\System\NyzxwOc.exe
  C:\Windows\System\NyzxwOc.exe
  2⤵
  PID:9432
- C:\Windows\System\HnBCkWi.exe
  C:\Windows\System\HnBCkWi.exe
  2⤵
  PID:9452
- C:\Windows\System\HgCRYwi.exe
  C:\Windows\System\HgCRYwi.exe
  2⤵
  PID:9472
- C:\Windows\System\ukXVzPy.exe
  C:\Windows\System\ukXVzPy.exe
  2⤵
  PID:9492
- C:\Windows\System\LDUwKJk.exe
  C:\Windows\System\LDUwKJk.exe
  2⤵
  PID:9508
- C:\Windows\System\WvgTvYU.exe
  C:\Windows\System\WvgTvYU.exe
  2⤵
  PID:9524
- C:\Windows\System\dIkJbow.exe
  C:\Windows\System\dIkJbow.exe
  2⤵
  PID:9540
- C:\Windows\System\BzJQbry.exe
  C:\Windows\System\BzJQbry.exe
  2⤵
  PID:9556
- C:\Windows\System\UxqLdJR.exe
  C:\Windows\System\UxqLdJR.exe
  2⤵
  PID:9576
- C:\Windows\System\RNmEkGv.exe
  C:\Windows\System\RNmEkGv.exe
  2⤵
  PID:9600
- C:\Windows\System\xkuVIde.exe
  C:\Windows\System\xkuVIde.exe
  2⤵
  PID:9620
- C:\Windows\System\wIvWPPx.exe
  C:\Windows\System\wIvWPPx.exe
  2⤵
  PID:9656
- C:\Windows\System\RlUOMMj.exe
  C:\Windows\System\RlUOMMj.exe
  2⤵
  PID:9672
- C:\Windows\System\QgVTnrs.exe
  C:\Windows\System\QgVTnrs.exe
  2⤵
  PID:9692
- C:\Windows\System\rkjaNPh.exe
  C:\Windows\System\rkjaNPh.exe
  2⤵
  PID:9708
- C:\Windows\System\bnVsIPa.exe
  C:\Windows\System\bnVsIPa.exe
  2⤵
  PID:9740
- C:\Windows\System\uumWdoa.exe
  C:\Windows\System\uumWdoa.exe
  2⤵
  PID:9760
- C:\Windows\System\EeiaogT.exe
  C:\Windows\System\EeiaogT.exe
  2⤵
  PID:9780
- C:\Windows\System\ItLGZGN.exe
  C:\Windows\System\ItLGZGN.exe
  2⤵
  PID:9800
- C:\Windows\System\bzlxaFB.exe
  C:\Windows\System\bzlxaFB.exe
  2⤵
  PID:9816
- C:\Windows\System\GFeBSKH.exe
  C:\Windows\System\GFeBSKH.exe
  2⤵
  PID:9840
- C:\Windows\System\tVlCcGk.exe
  C:\Windows\System\tVlCcGk.exe
  2⤵
  PID:9856
- C:\Windows\System\YGRmkWV.exe
  C:\Windows\System\YGRmkWV.exe
  2⤵
  PID:9876
- C:\Windows\System\dvBJVOP.exe
  C:\Windows\System\dvBJVOP.exe
  2⤵
  PID:9896
- C:\Windows\System\ZSNepOw.exe
  C:\Windows\System\ZSNepOw.exe
  2⤵
  PID:9912
- C:\Windows\System\OFtLPxB.exe
  C:\Windows\System\OFtLPxB.exe
  2⤵
  PID:9936
- C:\Windows\System\ZtUhEle.exe
  C:\Windows\System\ZtUhEle.exe
  2⤵
  PID:9956
- C:\Windows\System\djELDvs.exe
  C:\Windows\System\djELDvs.exe
  2⤵
  PID:9972
- C:\Windows\System\TlLgEtg.exe
  C:\Windows\System\TlLgEtg.exe
  2⤵
  PID:9996
- C:\Windows\System\RolIRDn.exe
  C:\Windows\System\RolIRDn.exe
  2⤵
  PID:10016
- C:\Windows\System\jAsQhTo.exe
  C:\Windows\System\jAsQhTo.exe
  2⤵
  PID:10032
- C:\Windows\System\bdLdtRy.exe
  C:\Windows\System\bdLdtRy.exe
  2⤵
  PID:10056
- C:\Windows\System\BhAalTt.exe
  C:\Windows\System\BhAalTt.exe
  2⤵
  PID:10076
- C:\Windows\System\HVWKaFr.exe
  C:\Windows\System\HVWKaFr.exe
  2⤵
  PID:10100
- C:\Windows\System\jZAwKIy.exe
  C:\Windows\System\jZAwKIy.exe
  2⤵
  PID:10116
- C:\Windows\System\QGmhoFc.exe
  C:\Windows\System\QGmhoFc.exe
  2⤵
  PID:10140
- C:\Windows\System\KegHmZt.exe
  C:\Windows\System\KegHmZt.exe
  2⤵
  PID:10156
- C:\Windows\System\rVScVHG.exe
  C:\Windows\System\rVScVHG.exe
  2⤵
  PID:10172
- C:\Windows\System\QDIbIDt.exe
  C:\Windows\System\QDIbIDt.exe
  2⤵
  PID:10192
- C:\Windows\System\oVfNQgZ.exe
  C:\Windows\System\oVfNQgZ.exe
  2⤵
  PID:10224
- C:\Windows\System\ZiQoWFT.exe
  C:\Windows\System\ZiQoWFT.exe
  2⤵
  PID:9236
- C:\Windows\System\YXiCniS.exe
  C:\Windows\System\YXiCniS.exe
  2⤵
  PID:9168
- C:\Windows\System\YUbGkDJ.exe
  C:\Windows\System\YUbGkDJ.exe
  2⤵
  PID:8772
- C:\Windows\System\HCVrDCr.exe
  C:\Windows\System\HCVrDCr.exe
  2⤵
  PID:8220
- C:\Windows\System\mMftTpt.exe
  C:\Windows\System\mMftTpt.exe
  2⤵
  PID:9248
- C:\Windows\System\MubqLXJ.exe
  C:\Windows\System\MubqLXJ.exe
  2⤵
  PID:9304
- C:\Windows\System\STnqPyr.exe
  C:\Windows\System\STnqPyr.exe
  2⤵
  PID:9336
- C:\Windows\System\YWElxLP.exe
  C:\Windows\System\YWElxLP.exe
  2⤵
  PID:9344
- C:\Windows\System\TzqtFgD.exe
  C:\Windows\System\TzqtFgD.exe
  2⤵
  PID:9384
- C:\Windows\System\bErwvgU.exe
  C:\Windows\System\bErwvgU.exe
  2⤵
  PID:9400
- C:\Windows\System\hKzlmjQ.exe
  C:\Windows\System\hKzlmjQ.exe
  2⤵
  PID:9460
- C:\Windows\System\dTxauPA.exe
  C:\Windows\System\dTxauPA.exe
  2⤵
  PID:9468
- C:\Windows\System\nhNMOEf.exe
  C:\Windows\System\nhNMOEf.exe
  2⤵
  PID:9536
- C:\Windows\System\gGsKulm.exe
  C:\Windows\System\gGsKulm.exe
  2⤵
  PID:9572
- C:\Windows\System\mYFxXlW.exe
  C:\Windows\System\mYFxXlW.exe
  2⤵
  PID:9592
- C:\Windows\System\VpSpmEW.exe
  C:\Windows\System\VpSpmEW.exe
  2⤵
  PID:9628
- C:\Windows\System\GqaqdGF.exe
  C:\Windows\System\GqaqdGF.exe
  2⤵
  PID:9644
- C:\Windows\System\klEpDsi.exe
  C:\Windows\System\klEpDsi.exe
  2⤵
  PID:9664
- C:\Windows\System\DgyFBbc.exe
  C:\Windows\System\DgyFBbc.exe
  2⤵
  PID:9700
- C:\Windows\System\rUKVESj.exe
  C:\Windows\System\rUKVESj.exe
  2⤵
  PID:9736
- C:\Windows\System\nlqHlQO.exe
  C:\Windows\System\nlqHlQO.exe
  2⤵
  PID:9768
- C:\Windows\System\cztZfbK.exe
  C:\Windows\System\cztZfbK.exe
  2⤵
  PID:9772
- C:\Windows\System\pIsshBX.exe
  C:\Windows\System\pIsshBX.exe
  2⤵
  PID:9812
- C:\Windows\System\pOKoSZf.exe
  C:\Windows\System\pOKoSZf.exe
  2⤵
  PID:9828
- C:\Windows\System\WTKmfow.exe
  C:\Windows\System\WTKmfow.exe
  2⤵
  PID:9868
- C:\Windows\System\AKFtFCW.exe
  C:\Windows\System\AKFtFCW.exe
  2⤵
  PID:9888
- C:\Windows\System\ppNyWeG.exe
  C:\Windows\System\ppNyWeG.exe
  2⤵
  PID:9924
- C:\Windows\System\sytfRYG.exe
  C:\Windows\System\sytfRYG.exe
  2⤵
  PID:9952
- C:\Windows\System\srUJmZb.exe
  C:\Windows\System\srUJmZb.exe
  2⤵
  PID:9980
- C:\Windows\System\HsJRzZQ.exe
  C:\Windows\System\HsJRzZQ.exe
  2⤵
  PID:10088
- C:\Windows\System\xcRoVyi.exe
  C:\Windows\System\xcRoVyi.exe
  2⤵
  PID:10108
- C:\Windows\System\rAertYh.exe
  C:\Windows\System\rAertYh.exe
  2⤵
  PID:10132
- C:\Windows\System\GjCHXFn.exe
  C:\Windows\System\GjCHXFn.exe
  2⤵
  PID:10188
- C:\Windows\System\QUPyqbV.exe
  C:\Windows\System\QUPyqbV.exe
  2⤵
  PID:10208
- C:\Windows\System\qoAswLx.exe
  C:\Windows\System\qoAswLx.exe
  2⤵
  PID:8672
- C:\Windows\System\WHTyzGP.exe
  C:\Windows\System\WHTyzGP.exe
  2⤵
  PID:6768
- C:\Windows\System\olsjYVG.exe
  C:\Windows\System\olsjYVG.exe
  2⤵
  PID:8792
- C:\Windows\System\qSvMSVO.exe
  C:\Windows\System\qSvMSVO.exe
  2⤵
  PID:9264
- C:\Windows\System\AmsumsD.exe
  C:\Windows\System\AmsumsD.exe
  2⤵
  PID:9312
- C:\Windows\System\kHVgbjV.exe
  C:\Windows\System\kHVgbjV.exe
  2⤵
  PID:9380
- C:\Windows\System\zcBkoyM.exe
  C:\Windows\System\zcBkoyM.exe
  2⤵
  PID:9564
- C:\Windows\System\HwfQxpI.exe
  C:\Windows\System\HwfQxpI.exe
  2⤵
  PID:9464
- C:\Windows\System\ZjJIDHN.exe
  C:\Windows\System\ZjJIDHN.exe
  2⤵
  PID:9612
- C:\Windows\System\sjDCgXh.exe
  C:\Windows\System\sjDCgXh.exe
  2⤵
  PID:9688
- C:\Windows\System\JmSPoGt.exe
  C:\Windows\System\JmSPoGt.exe
  2⤵
  PID:9720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AVOukFT.exe

Filesize
6.0MB

MD5
1ade6c24301eee0103e528a2ce5ab3af

SHA1
0073e1f5d7a40f2a539e9227d1115c5894833f21

SHA256
5cb1df2dd89847a7b923b0b89c9b542b2d5f2de5bbec4ac28fd947f38ebc235f

SHA512
d8089f4f2049d4665a31d34328a09942d103024b9d5321be5b1aa4f74c22b00fd4f7f0831ce994cf9a12a1f9c9672a910da3c39eceb15a3003c29b6b23d3856e

Download Submit
C:\Windows\system\BquqEQW.exe

Filesize
6.0MB

MD5
31c3cb647c37f6899c9c0b5b039f8a94

SHA1
9a18704fe1199d4201da1170159a832f20261732

SHA256
e5f1d2aaa93d285e91210f723eda0a3092ca113fb03ff7b12db5fe60e225e6dd

SHA512
71381bedefb3dcdf48fd1ea703e1ec6a175fb6c0d798b4b38ff94becf9aa7be196cf435f76d2349faf61c0feaef38e3afd70adf70c979b76cb01983449c33580

Download Submit
C:\Windows\system\FDoVDNR.exe

Filesize
6.0MB

MD5
ca23a811a61c8787f2f6d5b7ba7ca7dc

SHA1
97e9806021e6a117a486fa70294a3d16a90daa28

SHA256
3671b6d424a915948ac348ae36b7b9bf6c6ec35d18b43b859720ad0f0fa615cd

SHA512
6bba8b5203e54fa619292010251a83d055e48bc05a1a69622d8c68e28c41c27dca277fd51922938d242c36b6117dd7e922a23d2b8efc72e9b931204801309e82

Download Submit
C:\Windows\system\KOsuahT.exe

Filesize
6.0MB

MD5
f04e40795f91a9b27267e06a0ec5e3be

SHA1
1490c21651332cd2117bbac73ed65563a056bf7c

SHA256
e2cc72dbc20777c2cff55cfee3a0f803c4906efba02973f755fe7d735165b004

SHA512
e2a92cf1ffd0de5c58511fa52f74a07b3bd4df1e5435bd674b87907991ee619ef14ce1be45441a9d123202c97ab37ef12acda97294a042809afedb50bd69c26d

Download Submit
C:\Windows\system\MNtRBNV.exe

Filesize
6.0MB

MD5
a63409d9911995c6546a492b09977296

SHA1
b0b6db60482bf8d5bad2e3f9b64f1a756b0dafc4

SHA256
151203138f37a5488be441f8968eaaeada3fe90826bbb40db8fb3b0c469a8a51

SHA512
716e6199291025b2fe8118072abdfcb7bd454075cd647bb7670786a3e2c74a1c3c576e66d3ea48bca78890df5a60f92e656dd0af02ea7672e9f21e006a2a5b88

Download Submit
C:\Windows\system\PcuWdac.exe

Filesize
6.0MB

MD5
c2e53952d6eccc6e13c6fb78b4c17e9d

SHA1
c3bdd332f1eabd8c98d56d955bdc574dd6c68255

SHA256
9f27e9a4fb3c2664eb52aa78c51e14c4d7cb20c2d7d03ea9345e9fc6757460e1

SHA512
f6bace811a8cd4c53d9084dfa7e1ca924627793a1a877819a90ba2ce90b14ca9cdc1d63db3719b847b23bf9335cbef5911d75c082fa4ee42171f815e1bbedba1

Download Submit
C:\Windows\system\RDJNMCf.exe

Filesize
6.0MB

MD5
4ed0b6c6eee52e72761b6c4f3c27e982

SHA1
dcd7374862507ebc21cb60ec1ea731739bea55af

SHA256
f8a5ab95265cad36931bff76274b8d319dd1d79bb1cf13a13a8eac1220c08420

SHA512
0f662350c7443c9db920ca913e6415cd5cd17f077c7eac9a21efbf752b35518364affd83ff0180e6e1037642d0f847f262636e3ad0b5f0f878a280127f015d68

Download Submit
C:\Windows\system\RcVHpgN.exe

Filesize
6.0MB

MD5
1e9abdd1d3362a6e03fce8d152ac6ba8

SHA1
7ccf381c892d49a6c20c30abf9889a3352ee739c

SHA256
acd941c767d2fafc4039214c7c551ec674c6448f77c6688875bb83b2d26ad4ee

SHA512
9a5d119d87e8d6dd93f8af1d4dad705196a5617880466b07a8da3493634e3698829108ee01333c3e5e2a124684df91ae8cc6280af5443bd5db50223d0e5e4698

Download Submit
C:\Windows\system\RgeOhMO.exe

Filesize
6.0MB

MD5
9b396ea44bba044659f0aecc1ab98c92

SHA1
a1b65f4d9ac9f36bc3252327527ab836ac378947

SHA256
e0387b6a673b6317752a25b5908c4558a8d1d087d4252b39ac473914fc25e49c

SHA512
3c7e1800656cd73216f7aff0814b7b25c83d7666e2f7af6732b74b3f7e9f58fd4a2e6c833866fbc344b75d1c1891294344cb34af984c33bf17a681e29a3045be

Download Submit
C:\Windows\system\RwcCCpI.exe

Filesize
6.0MB

MD5
aefd71e4126697589a3020e9b7a55863

SHA1
0881ece1b67cf30465a056f5301226d85f3af996

SHA256
5a90da06a47e5fddce2b65a0a9b77c80e4f40a19bc12d325bd5b0deb10ec7ba3

SHA512
32e5383568d364abcbc6d8f935906a6eff60c77f8eb93819094bdd5f2e7f5e66198a408f522f399659cfb3c060709e4e0add6411f0743fd9562715785e468085

Download Submit
C:\Windows\system\UuBRHrl.exe

Filesize
6.0MB

MD5
290358482a53c11ee34ecfb6d0c2f703

SHA1
37a6ee9e2c11284269b97dc521ef5b33ef238c21

SHA256
73900049f1d93a2a874b3046a0513ca7030e84ecc29c7ee553d9ee8cb3d650ae

SHA512
87cb199361216cd20da39f4f1840c231a124d3c1eacbcce52392f32fde4aea950b5ac176302f3834296820e64c9c3dc3560ae3203b2caa4aa53488ec9359e07a

Download Submit
C:\Windows\system\XgWBGda.exe

Filesize
6.0MB

MD5
2b425e9417e8701319a71c8cda39cbeb

SHA1
3d4c1d89fb453acc66ab725bef3372616aa00ab4

SHA256
927f60884c4f5d7c4177470cf90fe37ef7913a61deda6d0ab7d0996ef18b2314

SHA512
545fab2d025313e92424278e6aad4d74a59704666c27d4707833743129fd10edf944f79821720eab6d82f45087e15d46228f5d1d4fca12f89f3a032dd9bdd66a

Download Submit
C:\Windows\system\YJHOzhE.exe

Filesize
6.0MB

MD5
aee87fcd5dae77601c462c3ad4ce336f

SHA1
1e9ffb9c6849b0de86c3671dfe3c6375822a574c

SHA256
51161fb40dae27abd424f75f67d76ab77a03d93e6fe6993576fd289a8d21272f

SHA512
a5547779edda15026244320a4438694f0649321ca1a896dda6cd39e69ea07c2d7fda1d10cdedc2d3c270dd23482fc64a97431d7c5e808fd9be84ae4c728f39a5

Download Submit
C:\Windows\system\YRJqLXH.exe

Filesize
6.0MB

MD5
0a9cacebea07d8ee6a5c608b30bdb7b4

SHA1
fb7e0fd0f0274a9f2db2e7084c63192230da3fbf

SHA256
c8d92b78780e8fac526caa52800c0996848b528b1b33d813134a616e7542a969

SHA512
04a4ee716a7fad574ebb616ea3d1db17ded879f128f529309f40f968ea5b8489576f81389b7f8824da3dde19d620e07c745dd83b0817e39d8f6f42e60d7f2966

Download Submit
C:\Windows\system\buDxFhb.exe

Filesize
6.0MB

MD5
3571c4b76b1c52ed0e680f3d6c505b90

SHA1
b654207c43c4a27f4ea4ad73750b660b21729166

SHA256
e1f54a0ef9d89c71a8373c8b9fe18cf2c91559df1b7a65b995f85857070a0a06

SHA512
0526952ae2f462f7ba7cc19677d3acda75463faf9246b987d59b4b0ccb1973c29d8892e93f06a1cebb78a41685062c176ad595edeb761dbe69420c3ce780d79c

Download Submit
C:\Windows\system\dSaVVHD.exe

Filesize
6.0MB

MD5
10bb8daaa7eb0722afcc5927765853fd

SHA1
279f7b5735d48fb633411cb9944690e3c66a5299

SHA256
cad3d364b96cc1a7ff7e8d59833929b3eac07b250d75776d3c03244070c999a8

SHA512
b38d5a89ade7307371dbcc0076b2d99c4faaf15924750cc63b00ab3d7c6a2aa94b5c10137c2b5838f4ec833c40f75b3ab2c5198f8b8768f92c9acb63f46a6e1d

Download Submit
C:\Windows\system\dyykAsS.exe

Filesize
8B

MD5
5f2a961acf27f98734426395ca459b13

SHA1
f4361fda9d6f0d257eb8b16f437b07fbcb5e70c7

SHA256
c0db544382d067ad8a84933742200215bd469f54e265de50d613eb85cae73416

SHA512
4b21f11bb3269f293a187974763ea724dd38ecc4a235b8e070aeff271fc11b158c960ca3d3ad113eee01310ae3b8779e47211cb90d49f14faf1f751afa218701

Download Submit
C:\Windows\system\ePMEzDz.exe

Filesize
6.0MB

MD5
64cd8adbc21d96af6011dbf51d26756f

SHA1
c6f7a711fce37094bc85146822ed5ddad343217e

SHA256
3effdf1518dffe8a4d6923ac2d1e4d6fcd1794434a1edc0f743b37016a68b43f

SHA512
11d54ebd946e346d2bf70d628b50cf4d837b9648743e47ed4eef5fa4b3d910fd669045ac08957eb26666c67ad05d50578beee1f390d2eff56ec0e8e1b6ba05bd

Download Submit
C:\Windows\system\flHsQPe.exe

Filesize
6.0MB

MD5
bbeb24d6a94e350cdc92dadd3da6031e

SHA1
aa75e381b2e2dcc38e4f5264f8568786b94d31b4

SHA256
607b2c8039418533a739a2d2b7752410603c9dd06d15a4c7f526f22f7752f094

SHA512
b59cd425d7ea01b37a838cf2c7d0c77e5c4427103b10ba134f2cc12bc6edceef5bfa85c3279996d2db4ac554312ab99b3508d86372626384406efd35d19a0753

Download Submit
C:\Windows\system\ggUhGtg.exe

Filesize
6.0MB

MD5
ff74425a4a36fdb2c039ac67c647837e

SHA1
e0e1477ca7b76cfe901edbc12aac75ecddf8ca65

SHA256
86f489a13b21439cb886fd512029640e9d79060d07bc00ef37971a831c969aff

SHA512
1687db51af9120e072f55d3704ec76cd2de895d1fac5dc8475a3dfdc69b99a0b26ee2ae7a1a6fe0078d1a454dd9d460cab6008d98a00a17ad925d9921c5bbfa5

Download Submit
C:\Windows\system\hckjYOn.exe

Filesize
6.0MB

MD5
330891b0175d36777347ad8f621e4c99

SHA1
512094440f90ef5260d8c26c616da9e40134cec9

SHA256
f7c6f2d8f1f039609c4d484fe96decd8babf83e5f332792756054977aad09fa7

SHA512
95ca4345c3ac1e6789b729994e49842645201b940919147d0b1b243dc77ddeef6c45dbd58c16fd61b6d30397d37e1b9c98c41eb03c44b895464bc27c903699b1

Download Submit
C:\Windows\system\irRFGiw.exe

Filesize
6.0MB

MD5
893643f144266f0d4227bff7342ac8d8

SHA1
3091aa8c9fea56921f3295ec48be675069e4ea4b

SHA256
b6c3d677ab922845b8d99205e5befea354b6ad782cdf5245780d7ff06693ffba

SHA512
4b08cd531f4853736ff5afcf050ce90bfb4842a7817340cfada00af1d78c9fd06a62aaedcb2f9982fd82defc2f74af6c7c1325b79c70f84ebf2c7b06edd26f30

Download Submit
C:\Windows\system\oLoQEBv.exe

Filesize
6.0MB

MD5
836ca09b0326e94f7b55343b4bd1e673

SHA1
b9e7d14df94c8c3fc36b26c672a05169b6aa6645

SHA256
af6e41545cbda3447970eccc31352a26762f37815da801a1af563f4970d91a47

SHA512
44a6c8dbe2e51f034db924d464c8a20f6cac7a3db310261d66f6fb13fbc8bd9491c4902b170695d9fd8ff609da0ac2ed4274fae2bbecd726fd3a604ed8a6c5b6

Download Submit
C:\Windows\system\qkuhNVW.exe

Filesize
6.0MB

MD5
8264e5289be648fdac0e6afa672493b1

SHA1
15b8f86971e982042503d281ff09076e3af7b725

SHA256
a3f2826cb0baf43f8e2baec3de7f2d01b8e89b60059a46ffb23d34d148951b20

SHA512
8de6c1d60fda0e4b8c123d573cdfccf609cc28ce9888961319a87ef654ce903637eba2ce89a9c722b5d551cf4edafddad5d97d1fd2dbc8c6444e5806de21c733

Download Submit
C:\Windows\system\rLfIEHW.exe

Filesize
6.0MB

MD5
415dd960fb8eaa6b50505f08bdee44a5

SHA1
b6ae354710a2aa227c1961897ac815879c12d8f9

SHA256
706bb41b6053d02e87e3d05aff964943198c13716adef4bf3719d7f16f1e8e71

SHA512
20aa91e591952cc88b07d2680bf1b4af3baf5e5b1a15f5eeec7e64949e02e406dc12c80ca13db6e8d1ae59a16e6c762f26693a31d5e70c8a878c5f2f01cabdc2

Download Submit
C:\Windows\system\sXcuilj.exe

Filesize
6.0MB

MD5
713401397f573e240cae82b3ea42b742

SHA1
0b8a934fe447493d0ef956d9a57883153dc95d55

SHA256
e56e0a026bdfa801a8c8308815aafc48788e4fa0e9be464a0519bfb7eb601406

SHA512
0fb791623664ef1c73093659d310e91060a86918940076dab87c59ce61ae73d59b94828e90d33219628d4413605718630491f85f29042cec1cfee731b2ad74e7

Download Submit
C:\Windows\system\uIumpFL.exe

Filesize
6.0MB

MD5
82cb65e34a4375acd5c28646852e61a8

SHA1
25aeafbe7f01cf6d8f9db16318d54550530c9f2d

SHA256
187608036aa360f5a8dee7b998813a2762ec2fea2c81be7455a462669d158c88

SHA512
0d7b14804c6502a28e2eb569b87d752c328f6f142a0e73da5f75c96a45d5825bae57b4a43c97ecc77b54bbe91d2db30a352e8dd82767ca64fa603acaeffadeaf

Download Submit
C:\Windows\system\vsliaEg.exe

Filesize
6.0MB

MD5
3ade2b57520ccd1d8ce6c928df730b50

SHA1
6ba044200b3a31eb484ae4a7f36672b2338a1779

SHA256
a4064aba1b1875aaefb5dd713d74e6f61f2714b1f7e4adb77f241b0532fdd7d3

SHA512
36df05b18c358f09e6a66a2531a6f1be3e87c20f3a90f5dd49cbc8d51159f1e5ac2151387d7bdd7ec87cc25407bc779bf79a5bf453f668d0256da848a1970378

Download Submit
C:\Windows\system\wnYmRWQ.exe

Filesize
6.0MB

MD5
f1408a7166d109da896414d8a759ff51

SHA1
d6e513d020d5f0d71605cf1c6783caa604a5e288

SHA256
b61905fd70912894de1dabba72b027bf1b96a8477d4df5b8f310f40931877d92

SHA512
2e981f15ce3e6c3638014745026b57542c48cfaf539e41a3e9a7bfd8a5c40621fd89099a0e7b9c8321aecc2e99f65069f67e5038aa622e093c94b6388a637460

Download Submit
\Windows\system\JoCMDPg.exe

Filesize
6.0MB

MD5
6af83c540d560eb635348eacfb9d5eb6

SHA1
bcb1d52e582305a11b1a7e4f66aa441744fb3144

SHA256
1982e5c8e0e2b00256073c447594bff3679b9dd246a91c68b32b4e66353d3b7c

SHA512
1bf4481db8ee120522c1fbc900e1283240349adc60d5b5f1cb54a5a4c87c6f51d7ac73a1cc0eebe40d2548bfff81865b61c68370e23c02528bd0624824495cc5

Download Submit
\Windows\system\LUVXZNM.exe

Filesize
6.0MB

MD5
1be8580bf8280ed06b3012bfa8ebffd9

SHA1
19e75b7a19a3a4a126a43d92e9a710b6c8871aab

SHA256
b85c2c0d8e26d00f0699d51d6998080a4305d2628fd4842648b2565e9034fb8b

SHA512
e2e0f7097b3364a6671c564f034cddd6a2f1f6e034958016822a8a246ebadddd474732e455af86900187f664b2c6e692d5d46c273d77e4446a499ee1ba342ac0

Download Submit
\Windows\system\VCrGTCD.exe

Filesize
6.0MB

MD5
19b90e2066a51786d6d188f6ccfc93c0

SHA1
e29adcb14edc0d35babb8e711ad621eee9e26b64

SHA256
f226eec3b5aa1b7fefbf6b0e42d37f0185725ff0cb6458caaa7830dd662afe94

SHA512
c9f1daf12ca3e1e8eb3844fb51ad2be50b262d50494cd1d3431d82aab84dee6aaa0af9ecc36d05a170021e4f04cf0b765f155cfb038c2d5aa9d1cc4aaa3b9f7c

Download Submit
\Windows\system\gxOmkzV.exe

Filesize
6.0MB

MD5
aad7f0238b2950d89fa2d33f831e205a

SHA1
2e2e4c4473cbd102c8fe0ad35e7fa4ec1ab4162f

SHA256
e3f2b4d6f9f4ec5d567659fe53ee7ed6846758af74c716d4ac79edfc431fa62a

SHA512
9ad5ea090816185761165be3ec4d081e48f36c7b2168176d07b7361889b478f7b37c04714f4e9fc26dfd549a2ef98cc082bf608a1f3f323296ec757d6dbac648

Download Submit
memory/800-904-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/800-3564-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/800-109-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1080-384-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1080-3558-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1080-83-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1368-108-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1368-3554-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1368-67-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1748-187-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1748-3557-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1748-75-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1876-0-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1876-86-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-47-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-55-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-36-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1876-114-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1876-113-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1876-448-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1876-25-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-105-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-104-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-17-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1876-32-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-8-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1876-96-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1876-95-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-10-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-87-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1876-63-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-655-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1876-997-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1876-846-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-71-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-757-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2088-3560-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2088-101-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2108-22-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2108-3537-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2108-59-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2160-553-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2160-91-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3559-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2544-42-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-82-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3546-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-60-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-100-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3555-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3552-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-90-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-52-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-74-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-37-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3549-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-29-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-66-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3526-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3516-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2792-13-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2792-46-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3518-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-15-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-51-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download