cobaltstrike | 33ef8e893f8eb58a9b8dcf202f3b5d6b31db6ed5c1e1e1887e53f21c1bc75e9e

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25/12/2024, 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9104dff372d6904e053e058238832caf
SHA1

d785de17253454685a95b455aaff840391d2666e
SHA256

33ef8e893f8eb58a9b8dcf202f3b5d6b31db6ed5c1e1e1887e53f21c1bc75e9e
SHA512

838e0166049af8215fc436ceace60468a6b1bca381179009e7676707f7ee731df95131ef7381c6b0893def9bbf91bfe817f6d47542aea952659a0b1938bd95aa
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUj:T+q56utgpPF8u/7j

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000900000001227e-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ccc-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0c-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1c-27.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-29.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cd8-37.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b05-53.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-62.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2412-0-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x000900000001227e-6.dat	xmrig
behavioral1/files/0x0009000000016ccc-8.dat	xmrig
behavioral1/files/0x0008000000016d0c-15.dat	xmrig
behavioral1/memory/2820-31-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2412-32-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d1c-27.dat	xmrig
behavioral1/files/0x0009000000016d3f-29.dat	xmrig
behavioral1/memory/1244-23-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2880-22-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2440-20-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cd8-37.dat	xmrig
behavioral1/memory/2412-51-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x0009000000018b05-53.dat	xmrig
behavioral1/memory/2440-54-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/3048-49-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-46.dat	xmrig
behavioral1/memory/2972-42-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2908-36-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2908-68-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019547-73.dat	xmrig
behavioral1/files/0x00050000000195a7-89.dat	xmrig
behavioral1/files/0x0005000000019515-85.dat	xmrig
behavioral1/files/0x00050000000195a9-103.dat	xmrig
behavioral1/files/0x00050000000195af-119.dat	xmrig
behavioral1/files/0x00050000000195b5-135.dat	xmrig
behavioral1/files/0x00050000000195c3-159.dat	xmrig
behavioral1/files/0x000500000001960c-179.dat	xmrig
behavioral1/files/0x0005000000019761-194.dat	xmrig
behavioral1/memory/2732-213-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2412-286-0x0000000002260000-0x00000000025B4000-memory.dmp	xmrig
behavioral1/memory/2708-239-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-184.dat	xmrig
behavioral1/files/0x000500000001975a-189.dat	xmrig
behavioral1/files/0x00050000000195c7-174.dat	xmrig
behavioral1/files/0x00050000000195c6-170.dat	xmrig
behavioral1/files/0x00050000000195c5-165.dat	xmrig
behavioral1/files/0x00050000000195c1-155.dat	xmrig
behavioral1/files/0x00050000000195bd-149.dat	xmrig
behavioral1/files/0x00050000000195bb-144.dat	xmrig
behavioral1/files/0x00050000000195b7-139.dat	xmrig
behavioral1/files/0x00050000000195b3-130.dat	xmrig
behavioral1/files/0x00050000000195b1-125.dat	xmrig
behavioral1/files/0x00050000000195ad-115.dat	xmrig
behavioral1/memory/2092-105-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ab-108.dat	xmrig
behavioral1/memory/2780-101-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2284-83-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2412-80-0x0000000002260000-0x00000000025B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001957c-76.dat	xmrig
behavioral1/memory/2972-72-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/1116-96-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2288-95-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/3048-94-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2708-67-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2732-59-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x000500000001950f-62.dat	xmrig
behavioral1/memory/2440-1658-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2880-1660-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/1244-1659-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2820-1661-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2972-1662-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/3048-1664-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2908-1663-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1244	XAbJaJA.exe
2440	xGyDwod.exe
2880	JmqhuDQ.exe
2820	rUDNOfi.exe
2908	LFgjpDY.exe
2972	ElhPsuA.exe
3048	WhzWrAJ.exe
2732	AkbInAy.exe
2708	IbONCrd.exe
2284	FbbhQhb.exe
2288	wjPtDIM.exe
1116	bBmgoEC.exe
2780	ylkgwal.exe
2092	PgXnqgU.exe
1732	NJeRCgZ.exe
1492	uTGbVqN.exe
3012	mKXyCim.exe
1208	iGjLHnd.exe
3040	GxwLVzI.exe
1072	QDBCsZz.exe
1816	lMEPSur.exe
1824	tdDeXkU.exe
2184	zLTowvf.exe
2448	hMRHnVo.exe
2248	BNwLmze.exe
2404	dxTuhKg.exe
2268	brVrhNb.exe
2180	RkVvbXA.exe
1008	VYBfceI.exe
2592	UdmERKv.exe
1128	tqPAIgg.exe
2240	sIpejiu.exe
1100	HNQwlUx.exe
1968	SCaLVoH.exe
1548	CJuUqVg.exe
1688	rGIbnwz.exe
1796	veIRFLp.exe
2616	XOeHczV.exe
752	GIUZYgH.exe
1704	MHZypzx.exe
2564	AcvWpkd.exe
928	yssJCFE.exe
2476	hPqnhdD.exe
2636	MLjrvuG.exe
2064	wFoSPZO.exe
1280	bpWtRPw.exe
2612	iglUYGq.exe
2444	OukfIvr.exe
2640	TvNraAg.exe
2112	CSCWnaf.exe
2656	MtsnMah.exe
1600	uHdugyK.exe
2548	UzbErbe.exe
844	oQNkmJx.exe
2408	Yyukqbh.exe
2860	QvWgXAX.exe
2156	XxMnMAu.exe
2012	Hccrxgt.exe
2948	JhdMIMb.exe
2668	fQBvbwu.exe
2884	sqHClie.exe
2764	htbppeJ.exe
1788	AoKVIgV.exe
2740	EWlKJdy.exe

Loads dropped DLL 64 IoCs

pid	Process
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2412-0-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/files/0x000900000001227e-6.dat	upx
behavioral1/files/0x0009000000016ccc-8.dat	upx
behavioral1/files/0x0008000000016d0c-15.dat	upx
behavioral1/memory/2820-31-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x0007000000016d1c-27.dat	upx
behavioral1/files/0x0009000000016d3f-29.dat	upx
behavioral1/memory/1244-23-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2880-22-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2440-20-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0009000000016cd8-37.dat	upx
behavioral1/memory/2412-51-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/files/0x0009000000018b05-53.dat	upx
behavioral1/memory/2440-54-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/3048-49-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x0002000000018334-46.dat	upx
behavioral1/memory/2972-42-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2908-36-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2908-68-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x0005000000019547-73.dat	upx
behavioral1/files/0x00050000000195a7-89.dat	upx
behavioral1/files/0x0005000000019515-85.dat	upx
behavioral1/files/0x00050000000195a9-103.dat	upx
behavioral1/files/0x00050000000195af-119.dat	upx
behavioral1/files/0x00050000000195b5-135.dat	upx
behavioral1/files/0x00050000000195c3-159.dat	upx
behavioral1/files/0x000500000001960c-179.dat	upx
behavioral1/files/0x0005000000019761-194.dat	upx
behavioral1/memory/2732-213-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2708-239-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x0005000000019643-184.dat	upx
behavioral1/files/0x000500000001975a-189.dat	upx
behavioral1/files/0x00050000000195c7-174.dat	upx
behavioral1/files/0x00050000000195c6-170.dat	upx
behavioral1/files/0x00050000000195c5-165.dat	upx
behavioral1/files/0x00050000000195c1-155.dat	upx
behavioral1/files/0x00050000000195bd-149.dat	upx
behavioral1/files/0x00050000000195bb-144.dat	upx
behavioral1/files/0x00050000000195b7-139.dat	upx
behavioral1/files/0x00050000000195b3-130.dat	upx
behavioral1/files/0x00050000000195b1-125.dat	upx
behavioral1/files/0x00050000000195ad-115.dat	upx
behavioral1/memory/2092-105-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x00050000000195ab-108.dat	upx
behavioral1/memory/2780-101-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2284-83-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x000500000001957c-76.dat	upx
behavioral1/memory/2972-72-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/1116-96-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2288-95-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/3048-94-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2708-67-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2732-59-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x000500000001950f-62.dat	upx
behavioral1/memory/2440-1658-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2880-1660-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1244-1659-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2820-1661-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2972-1662-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/3048-1664-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2908-1663-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2732-1786-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2708-1789-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2284-1799-0x000000013FD40000-0x0000000140094000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RlLNtXt.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hohHRdb.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utoiqiF.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylkgwal.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eIedwoX.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWlFpRe.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxjCunk.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqlMfdl.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHeXkWd.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjYfNql.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJlfZCF.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSmcSwn.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KoOmBWR.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpLTVRp.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\niJXUVd.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwDmkbj.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJpUGsi.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnNGzrW.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKKoaGZ.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erCHjQP.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkTUJYg.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxTuhKg.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBqufNf.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIEWpTM.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVbaRJu.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGlXxoU.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjXPyjK.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzpnTEw.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHcVghz.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBmgoEC.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hImDpLz.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNufokQ.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqNaRXf.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNwLmze.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJaFFxU.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwuHmSP.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdVheJV.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\izCVxmZ.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YBGqAvg.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SoCwkQM.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWEpDWs.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnwbydC.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcnUIon.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkTzBRf.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWYlYPo.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMMLShK.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFhRSLG.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypogmMT.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdUajzJ.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xdqXIwG.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTOBnBz.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\popoqQi.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsAljMM.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzNPEMJ.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFSXvNl.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlwLuae.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgXnqgU.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBxIIka.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVnxswU.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSFuICY.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grmPwUk.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FupQqJt.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udsuGRd.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUDXGiR.exe	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 1244	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2412 wrote to memory of 1244	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2412 wrote to memory of 1244	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2412 wrote to memory of 2440	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2412 wrote to memory of 2440	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2412 wrote to memory of 2440	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2412 wrote to memory of 2880	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2412 wrote to memory of 2880	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2412 wrote to memory of 2880	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2412 wrote to memory of 2820	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2412 wrote to memory of 2820	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2412 wrote to memory of 2820	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2412 wrote to memory of 2908	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2412 wrote to memory of 2908	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2412 wrote to memory of 2908	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2412 wrote to memory of 2972	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2412 wrote to memory of 2972	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2412 wrote to memory of 2972	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2412 wrote to memory of 3048	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2412 wrote to memory of 3048	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2412 wrote to memory of 3048	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2412 wrote to memory of 2732	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2412 wrote to memory of 2732	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2412 wrote to memory of 2732	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2412 wrote to memory of 2708	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2412 wrote to memory of 2708	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2412 wrote to memory of 2708	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2412 wrote to memory of 2288	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2412 wrote to memory of 2288	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2412 wrote to memory of 2288	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2412 wrote to memory of 2284	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2412 wrote to memory of 2284	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2412 wrote to memory of 2284	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2412 wrote to memory of 1116	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2412 wrote to memory of 1116	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2412 wrote to memory of 1116	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2412 wrote to memory of 2780	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2412 wrote to memory of 2780	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2412 wrote to memory of 2780	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2412 wrote to memory of 2092	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2412 wrote to memory of 2092	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2412 wrote to memory of 2092	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2412 wrote to memory of 1732	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2412 wrote to memory of 1732	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2412 wrote to memory of 1732	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2412 wrote to memory of 1492	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2412 wrote to memory of 1492	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2412 wrote to memory of 1492	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2412 wrote to memory of 3012	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2412 wrote to memory of 3012	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2412 wrote to memory of 3012	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2412 wrote to memory of 1208	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2412 wrote to memory of 1208	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2412 wrote to memory of 1208	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2412 wrote to memory of 3040	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2412 wrote to memory of 3040	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2412 wrote to memory of 3040	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2412 wrote to memory of 1072	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2412 wrote to memory of 1072	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2412 wrote to memory of 1072	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2412 wrote to memory of 1816	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2412 wrote to memory of 1816	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2412 wrote to memory of 1816	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2412 wrote to memory of 1824	2412	2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_9104dff372d6904e053e058238832caf_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\System\XAbJaJA.exe
  C:\Windows\System\XAbJaJA.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\xGyDwod.exe
  C:\Windows\System\xGyDwod.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\JmqhuDQ.exe
  C:\Windows\System\JmqhuDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\rUDNOfi.exe
  C:\Windows\System\rUDNOfi.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\LFgjpDY.exe
  C:\Windows\System\LFgjpDY.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\ElhPsuA.exe
  C:\Windows\System\ElhPsuA.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\WhzWrAJ.exe
  C:\Windows\System\WhzWrAJ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\AkbInAy.exe
  C:\Windows\System\AkbInAy.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\IbONCrd.exe
  C:\Windows\System\IbONCrd.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\wjPtDIM.exe
  C:\Windows\System\wjPtDIM.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\FbbhQhb.exe
  C:\Windows\System\FbbhQhb.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\bBmgoEC.exe
  C:\Windows\System\bBmgoEC.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\ylkgwal.exe
  C:\Windows\System\ylkgwal.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\PgXnqgU.exe
  C:\Windows\System\PgXnqgU.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\NJeRCgZ.exe
  C:\Windows\System\NJeRCgZ.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\uTGbVqN.exe
  C:\Windows\System\uTGbVqN.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\mKXyCim.exe
  C:\Windows\System\mKXyCim.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\iGjLHnd.exe
  C:\Windows\System\iGjLHnd.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\GxwLVzI.exe
  C:\Windows\System\GxwLVzI.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\QDBCsZz.exe
  C:\Windows\System\QDBCsZz.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\lMEPSur.exe
  C:\Windows\System\lMEPSur.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\tdDeXkU.exe
  C:\Windows\System\tdDeXkU.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\zLTowvf.exe
  C:\Windows\System\zLTowvf.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\hMRHnVo.exe
  C:\Windows\System\hMRHnVo.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\BNwLmze.exe
  C:\Windows\System\BNwLmze.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\dxTuhKg.exe
  C:\Windows\System\dxTuhKg.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\brVrhNb.exe
  C:\Windows\System\brVrhNb.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\RkVvbXA.exe
  C:\Windows\System\RkVvbXA.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\VYBfceI.exe
  C:\Windows\System\VYBfceI.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\UdmERKv.exe
  C:\Windows\System\UdmERKv.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\tqPAIgg.exe
  C:\Windows\System\tqPAIgg.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\sIpejiu.exe
  C:\Windows\System\sIpejiu.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\HNQwlUx.exe
  C:\Windows\System\HNQwlUx.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\SCaLVoH.exe
  C:\Windows\System\SCaLVoH.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\CJuUqVg.exe
  C:\Windows\System\CJuUqVg.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\veIRFLp.exe
  C:\Windows\System\veIRFLp.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\rGIbnwz.exe
  C:\Windows\System\rGIbnwz.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\XOeHczV.exe
  C:\Windows\System\XOeHczV.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\GIUZYgH.exe
  C:\Windows\System\GIUZYgH.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\AcvWpkd.exe
  C:\Windows\System\AcvWpkd.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\MHZypzx.exe
  C:\Windows\System\MHZypzx.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\hPqnhdD.exe
  C:\Windows\System\hPqnhdD.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\yssJCFE.exe
  C:\Windows\System\yssJCFE.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\MLjrvuG.exe
  C:\Windows\System\MLjrvuG.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\wFoSPZO.exe
  C:\Windows\System\wFoSPZO.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\OukfIvr.exe
  C:\Windows\System\OukfIvr.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\bpWtRPw.exe
  C:\Windows\System\bpWtRPw.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\TvNraAg.exe
  C:\Windows\System\TvNraAg.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\iglUYGq.exe
  C:\Windows\System\iglUYGq.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\CSCWnaf.exe
  C:\Windows\System\CSCWnaf.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\MtsnMah.exe
  C:\Windows\System\MtsnMah.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\uHdugyK.exe
  C:\Windows\System\uHdugyK.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\UzbErbe.exe
  C:\Windows\System\UzbErbe.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\oQNkmJx.exe
  C:\Windows\System\oQNkmJx.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\Yyukqbh.exe
  C:\Windows\System\Yyukqbh.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\JhdMIMb.exe
  C:\Windows\System\JhdMIMb.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\QvWgXAX.exe
  C:\Windows\System\QvWgXAX.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\sqHClie.exe
  C:\Windows\System\sqHClie.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\XxMnMAu.exe
  C:\Windows\System\XxMnMAu.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\htbppeJ.exe
  C:\Windows\System\htbppeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\Hccrxgt.exe
  C:\Windows\System\Hccrxgt.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\AoKVIgV.exe
  C:\Windows\System\AoKVIgV.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\fQBvbwu.exe
  C:\Windows\System\fQBvbwu.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\JmOevEx.exe
  C:\Windows\System\JmOevEx.exe
  2⤵
  PID:2604
- C:\Windows\System\EWlKJdy.exe
  C:\Windows\System\EWlKJdy.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\oUtatTq.exe
  C:\Windows\System\oUtatTq.exe
  2⤵
  PID:236
- C:\Windows\System\DNtzNyG.exe
  C:\Windows\System\DNtzNyG.exe
  2⤵
  PID:2500
- C:\Windows\System\BdqUoou.exe
  C:\Windows\System\BdqUoou.exe
  2⤵
  PID:1976
- C:\Windows\System\CfDawfe.exe
  C:\Windows\System\CfDawfe.exe
  2⤵
  PID:2660
- C:\Windows\System\IgPpwRJ.exe
  C:\Windows\System\IgPpwRJ.exe
  2⤵
  PID:2536
- C:\Windows\System\qKHtROo.exe
  C:\Windows\System\qKHtROo.exe
  2⤵
  PID:2164
- C:\Windows\System\bhMtkcM.exe
  C:\Windows\System\bhMtkcM.exe
  2⤵
  PID:2252
- C:\Windows\System\zxZYNJN.exe
  C:\Windows\System\zxZYNJN.exe
  2⤵
  PID:3052
- C:\Windows\System\jWswAYR.exe
  C:\Windows\System\jWswAYR.exe
  2⤵
  PID:1056
- C:\Windows\System\vtfQGjE.exe
  C:\Windows\System\vtfQGjE.exe
  2⤵
  PID:2496
- C:\Windows\System\lmIvzJM.exe
  C:\Windows\System\lmIvzJM.exe
  2⤵
  PID:1536
- C:\Windows\System\cWLLBih.exe
  C:\Windows\System\cWLLBih.exe
  2⤵
  PID:1768
- C:\Windows\System\gnwapMb.exe
  C:\Windows\System\gnwapMb.exe
  2⤵
  PID:1888
- C:\Windows\System\VxxJbyw.exe
  C:\Windows\System\VxxJbyw.exe
  2⤵
  PID:1700
- C:\Windows\System\zVrbHFC.exe
  C:\Windows\System\zVrbHFC.exe
  2⤵
  PID:2644
- C:\Windows\System\OiKLmUs.exe
  C:\Windows\System\OiKLmUs.exe
  2⤵
  PID:2484
- C:\Windows\System\aimWkRN.exe
  C:\Windows\System\aimWkRN.exe
  2⤵
  PID:2116
- C:\Windows\System\UBtTZIO.exe
  C:\Windows\System\UBtTZIO.exe
  2⤵
  PID:1064
- C:\Windows\System\rnreeHl.exe
  C:\Windows\System\rnreeHl.exe
  2⤵
  PID:2464
- C:\Windows\System\ZYelwET.exe
  C:\Windows\System\ZYelwET.exe
  2⤵
  PID:1512
- C:\Windows\System\hXlmQmO.exe
  C:\Windows\System\hXlmQmO.exe
  2⤵
  PID:984
- C:\Windows\System\LYWgVNu.exe
  C:\Windows\System\LYWgVNu.exe
  2⤵
  PID:2344
- C:\Windows\System\WnbgQAY.exe
  C:\Windows\System\WnbgQAY.exe
  2⤵
  PID:2772
- C:\Windows\System\QGpjMZL.exe
  C:\Windows\System\QGpjMZL.exe
  2⤵
  PID:2912
- C:\Windows\System\jgVJDuh.exe
  C:\Windows\System\jgVJDuh.exe
  2⤵
  PID:2692
- C:\Windows\System\QiiCYuv.exe
  C:\Windows\System\QiiCYuv.exe
  2⤵
  PID:908
- C:\Windows\System\IhueRHu.exe
  C:\Windows\System\IhueRHu.exe
  2⤵
  PID:2512
- C:\Windows\System\oLEpdNW.exe
  C:\Windows\System\oLEpdNW.exe
  2⤵
  PID:2676
- C:\Windows\System\VnhQTma.exe
  C:\Windows\System\VnhQTma.exe
  2⤵
  PID:1520
- C:\Windows\System\sfXPjZz.exe
  C:\Windows\System\sfXPjZz.exe
  2⤵
  PID:1272
- C:\Windows\System\eYpMRTR.exe
  C:\Windows\System\eYpMRTR.exe
  2⤵
  PID:1408
- C:\Windows\System\hFDqRPB.exe
  C:\Windows\System\hFDqRPB.exe
  2⤵
  PID:1748
- C:\Windows\System\mrngZQA.exe
  C:\Windows\System\mrngZQA.exe
  2⤵
  PID:2204
- C:\Windows\System\SnnQXxi.exe
  C:\Windows\System\SnnQXxi.exe
  2⤵
  PID:2584
- C:\Windows\System\FdHdxzH.exe
  C:\Windows\System\FdHdxzH.exe
  2⤵
  PID:2580
- C:\Windows\System\ppzLWKa.exe
  C:\Windows\System\ppzLWKa.exe
  2⤵
  PID:2336
- C:\Windows\System\owoNBlx.exe
  C:\Windows\System\owoNBlx.exe
  2⤵
  PID:1096
- C:\Windows\System\QSCnjQS.exe
  C:\Windows\System\QSCnjQS.exe
  2⤵
  PID:1416
- C:\Windows\System\ckutQwV.exe
  C:\Windows\System\ckutQwV.exe
  2⤵
  PID:608
- C:\Windows\System\BZCswGN.exe
  C:\Windows\System\BZCswGN.exe
  2⤵
  PID:1676
- C:\Windows\System\UIDxTHR.exe
  C:\Windows\System\UIDxTHR.exe
  2⤵
  PID:2576
- C:\Windows\System\YcsEUJK.exe
  C:\Windows\System\YcsEUJK.exe
  2⤵
  PID:2712
- C:\Windows\System\xJsUmkU.exe
  C:\Windows\System\xJsUmkU.exe
  2⤵
  PID:2168
- C:\Windows\System\YxRzOmR.exe
  C:\Windows\System\YxRzOmR.exe
  2⤵
  PID:2608
- C:\Windows\System\atwQHZa.exe
  C:\Windows\System\atwQHZa.exe
  2⤵
  PID:2172
- C:\Windows\System\rrKZEEh.exe
  C:\Windows\System\rrKZEEh.exe
  2⤵
  PID:1832
- C:\Windows\System\sWSSZKf.exe
  C:\Windows\System\sWSSZKf.exe
  2⤵
  PID:1728
- C:\Windows\System\nvVduDK.exe
  C:\Windows\System\nvVduDK.exe
  2⤵
  PID:2856
- C:\Windows\System\hVgLPda.exe
  C:\Windows\System\hVgLPda.exe
  2⤵
  PID:1420
- C:\Windows\System\kxfkEyv.exe
  C:\Windows\System\kxfkEyv.exe
  2⤵
  PID:2040
- C:\Windows\System\tuPTwvO.exe
  C:\Windows\System\tuPTwvO.exe
  2⤵
  PID:2280
- C:\Windows\System\zYoWJHa.exe
  C:\Windows\System\zYoWJHa.exe
  2⤵
  PID:3088
- C:\Windows\System\VwxVlrQ.exe
  C:\Windows\System\VwxVlrQ.exe
  2⤵
  PID:3104
- C:\Windows\System\fDTXrmF.exe
  C:\Windows\System\fDTXrmF.exe
  2⤵
  PID:3124
- C:\Windows\System\fzsDkTS.exe
  C:\Windows\System\fzsDkTS.exe
  2⤵
  PID:3140
- C:\Windows\System\StSDxKI.exe
  C:\Windows\System\StSDxKI.exe
  2⤵
  PID:3156
- C:\Windows\System\aHhNDEo.exe
  C:\Windows\System\aHhNDEo.exe
  2⤵
  PID:3172
- C:\Windows\System\opFpcAT.exe
  C:\Windows\System\opFpcAT.exe
  2⤵
  PID:3232
- C:\Windows\System\vifPKED.exe
  C:\Windows\System\vifPKED.exe
  2⤵
  PID:3248
- C:\Windows\System\ZmwsRbe.exe
  C:\Windows\System\ZmwsRbe.exe
  2⤵
  PID:3264
- C:\Windows\System\wyQniVF.exe
  C:\Windows\System\wyQniVF.exe
  2⤵
  PID:3280
- C:\Windows\System\XISjQcz.exe
  C:\Windows\System\XISjQcz.exe
  2⤵
  PID:3296
- C:\Windows\System\rTmUBgt.exe
  C:\Windows\System\rTmUBgt.exe
  2⤵
  PID:3312
- C:\Windows\System\nBhUKjc.exe
  C:\Windows\System\nBhUKjc.exe
  2⤵
  PID:3328
- C:\Windows\System\GokiHne.exe
  C:\Windows\System\GokiHne.exe
  2⤵
  PID:3344
- C:\Windows\System\ZnMdcOv.exe
  C:\Windows\System\ZnMdcOv.exe
  2⤵
  PID:3360
- C:\Windows\System\PeSxqor.exe
  C:\Windows\System\PeSxqor.exe
  2⤵
  PID:3380
- C:\Windows\System\MUdJjTq.exe
  C:\Windows\System\MUdJjTq.exe
  2⤵
  PID:3396
- C:\Windows\System\KsGIqvP.exe
  C:\Windows\System\KsGIqvP.exe
  2⤵
  PID:3412
- C:\Windows\System\AhpGLez.exe
  C:\Windows\System\AhpGLez.exe
  2⤵
  PID:3428
- C:\Windows\System\lYKKVEz.exe
  C:\Windows\System\lYKKVEz.exe
  2⤵
  PID:3448
- C:\Windows\System\jHBtQBh.exe
  C:\Windows\System\jHBtQBh.exe
  2⤵
  PID:3464
- C:\Windows\System\ykFiaIQ.exe
  C:\Windows\System\ykFiaIQ.exe
  2⤵
  PID:3480
- C:\Windows\System\dPvJJpL.exe
  C:\Windows\System\dPvJJpL.exe
  2⤵
  PID:3496
- C:\Windows\System\JVQXlwR.exe
  C:\Windows\System\JVQXlwR.exe
  2⤵
  PID:3512
- C:\Windows\System\pFdxDvG.exe
  C:\Windows\System\pFdxDvG.exe
  2⤵
  PID:3528
- C:\Windows\System\PhLiLnd.exe
  C:\Windows\System\PhLiLnd.exe
  2⤵
  PID:3544
- C:\Windows\System\GdpeIjz.exe
  C:\Windows\System\GdpeIjz.exe
  2⤵
  PID:3560
- C:\Windows\System\DSktCVS.exe
  C:\Windows\System\DSktCVS.exe
  2⤵
  PID:3576
- C:\Windows\System\cvUUBFW.exe
  C:\Windows\System\cvUUBFW.exe
  2⤵
  PID:3592
- C:\Windows\System\GQGBiof.exe
  C:\Windows\System\GQGBiof.exe
  2⤵
  PID:3608
- C:\Windows\System\GgWDnZL.exe
  C:\Windows\System\GgWDnZL.exe
  2⤵
  PID:3624
- C:\Windows\System\nwXsEjE.exe
  C:\Windows\System\nwXsEjE.exe
  2⤵
  PID:3640
- C:\Windows\System\TmTLvyc.exe
  C:\Windows\System\TmTLvyc.exe
  2⤵
  PID:3656
- C:\Windows\System\ypqpojw.exe
  C:\Windows\System\ypqpojw.exe
  2⤵
  PID:3672
- C:\Windows\System\pVqRKVr.exe
  C:\Windows\System\pVqRKVr.exe
  2⤵
  PID:3688
- C:\Windows\System\mFhRSLG.exe
  C:\Windows\System\mFhRSLG.exe
  2⤵
  PID:3704
- C:\Windows\System\ZkcUlpD.exe
  C:\Windows\System\ZkcUlpD.exe
  2⤵
  PID:3720
- C:\Windows\System\wSPoKmf.exe
  C:\Windows\System\wSPoKmf.exe
  2⤵
  PID:3756
- C:\Windows\System\VXjZwQO.exe
  C:\Windows\System\VXjZwQO.exe
  2⤵
  PID:3820
- C:\Windows\System\AqlbFmZ.exe
  C:\Windows\System\AqlbFmZ.exe
  2⤵
  PID:3836
- C:\Windows\System\rhGnvay.exe
  C:\Windows\System\rhGnvay.exe
  2⤵
  PID:3852
- C:\Windows\System\otfZYNt.exe
  C:\Windows\System\otfZYNt.exe
  2⤵
  PID:3868
- C:\Windows\System\kJpUGsi.exe
  C:\Windows\System\kJpUGsi.exe
  2⤵
  PID:3884
- C:\Windows\System\bnBKLFC.exe
  C:\Windows\System\bnBKLFC.exe
  2⤵
  PID:3900
- C:\Windows\System\syUBwdJ.exe
  C:\Windows\System\syUBwdJ.exe
  2⤵
  PID:3916
- C:\Windows\System\CKhRtQD.exe
  C:\Windows\System\CKhRtQD.exe
  2⤵
  PID:3932
- C:\Windows\System\xUcIBpZ.exe
  C:\Windows\System\xUcIBpZ.exe
  2⤵
  PID:3948
- C:\Windows\System\MIlaoil.exe
  C:\Windows\System\MIlaoil.exe
  2⤵
  PID:3964
- C:\Windows\System\PjBtuVP.exe
  C:\Windows\System\PjBtuVP.exe
  2⤵
  PID:3980
- C:\Windows\System\GupxBPI.exe
  C:\Windows\System\GupxBPI.exe
  2⤵
  PID:3996
- C:\Windows\System\YMfbQdx.exe
  C:\Windows\System\YMfbQdx.exe
  2⤵
  PID:4012
- C:\Windows\System\grmPwUk.exe
  C:\Windows\System\grmPwUk.exe
  2⤵
  PID:4028
- C:\Windows\System\EUusRDR.exe
  C:\Windows\System\EUusRDR.exe
  2⤵
  PID:4044
- C:\Windows\System\mLMSthh.exe
  C:\Windows\System\mLMSthh.exe
  2⤵
  PID:4060
- C:\Windows\System\CzEVQRu.exe
  C:\Windows\System\CzEVQRu.exe
  2⤵
  PID:4076
- C:\Windows\System\vIAgzox.exe
  C:\Windows\System\vIAgzox.exe
  2⤵
  PID:4092
- C:\Windows\System\HnNDTLZ.exe
  C:\Windows\System\HnNDTLZ.exe
  2⤵
  PID:2652
- C:\Windows\System\TwOHdls.exe
  C:\Windows\System\TwOHdls.exe
  2⤵
  PID:2376
- C:\Windows\System\ohfDrEu.exe
  C:\Windows\System\ohfDrEu.exe
  2⤵
  PID:2348
- C:\Windows\System\gIHVoYE.exe
  C:\Windows\System\gIHVoYE.exe
  2⤵
  PID:3136
- C:\Windows\System\OewoPTq.exe
  C:\Windows\System\OewoPTq.exe
  2⤵
  PID:1264
- C:\Windows\System\CzFwXIs.exe
  C:\Windows\System\CzFwXIs.exe
  2⤵
  PID:3168
- C:\Windows\System\byyOEAD.exe
  C:\Windows\System\byyOEAD.exe
  2⤵
  PID:1736
- C:\Windows\System\iasafrT.exe
  C:\Windows\System\iasafrT.exe
  2⤵
  PID:2108
- C:\Windows\System\xjiIMgB.exe
  C:\Windows\System\xjiIMgB.exe
  2⤵
  PID:2224
- C:\Windows\System\nZDhTjg.exe
  C:\Windows\System\nZDhTjg.exe
  2⤵
  PID:756
- C:\Windows\System\bJrHrbl.exe
  C:\Windows\System\bJrHrbl.exe
  2⤵
  PID:276
- C:\Windows\System\VdYZoqH.exe
  C:\Windows\System\VdYZoqH.exe
  2⤵
  PID:2264
- C:\Windows\System\NnFXNQF.exe
  C:\Windows\System\NnFXNQF.exe
  2⤵
  PID:3084
- C:\Windows\System\XecEzKD.exe
  C:\Windows\System\XecEzKD.exe
  2⤵
  PID:3152
- C:\Windows\System\cTCwcgX.exe
  C:\Windows\System\cTCwcgX.exe
  2⤵
  PID:932
- C:\Windows\System\ZcsLmci.exe
  C:\Windows\System\ZcsLmci.exe
  2⤵
  PID:2492
- C:\Windows\System\popoqQi.exe
  C:\Windows\System\popoqQi.exe
  2⤵
  PID:3240
- C:\Windows\System\xctraRo.exe
  C:\Windows\System\xctraRo.exe
  2⤵
  PID:2928
- C:\Windows\System\gslcoWk.exe
  C:\Windows\System\gslcoWk.exe
  2⤵
  PID:3340
- C:\Windows\System\vLyFEck.exe
  C:\Windows\System\vLyFEck.exe
  2⤵
  PID:3292
- C:\Windows\System\DdQoHsy.exe
  C:\Windows\System\DdQoHsy.exe
  2⤵
  PID:2952
- C:\Windows\System\maAAqnE.exe
  C:\Windows\System\maAAqnE.exe
  2⤵
  PID:3120
- C:\Windows\System\ibnmJHh.exe
  C:\Windows\System\ibnmJHh.exe
  2⤵
  PID:3404
- C:\Windows\System\XDQvDSj.exe
  C:\Windows\System\XDQvDSj.exe
  2⤵
  PID:3436
- C:\Windows\System\hLIMwoE.exe
  C:\Windows\System\hLIMwoE.exe
  2⤵
  PID:3420
- C:\Windows\System\NhEEkAN.exe
  C:\Windows\System\NhEEkAN.exe
  2⤵
  PID:3476
- C:\Windows\System\WgdlhdO.exe
  C:\Windows\System\WgdlhdO.exe
  2⤵
  PID:3540
- C:\Windows\System\uWQmURI.exe
  C:\Windows\System\uWQmURI.exe
  2⤵
  PID:3600
- C:\Windows\System\YXobNYV.exe
  C:\Windows\System\YXobNYV.exe
  2⤵
  PID:3664
- C:\Windows\System\TxPfkpN.exe
  C:\Windows\System\TxPfkpN.exe
  2⤵
  PID:3696
- C:\Windows\System\mrYHlro.exe
  C:\Windows\System\mrYHlro.exe
  2⤵
  PID:3700
- C:\Windows\System\WknKmif.exe
  C:\Windows\System\WknKmif.exe
  2⤵
  PID:3732
- C:\Windows\System\tnwbydC.exe
  C:\Windows\System\tnwbydC.exe
  2⤵
  PID:3748
- C:\Windows\System\eBUUQZX.exe
  C:\Windows\System\eBUUQZX.exe
  2⤵
  PID:3652
- C:\Windows\System\rdwdIqq.exe
  C:\Windows\System\rdwdIqq.exe
  2⤵
  PID:3716
- C:\Windows\System\SpFkfOI.exe
  C:\Windows\System\SpFkfOI.exe
  2⤵
  PID:1564
- C:\Windows\System\fIPovFU.exe
  C:\Windows\System\fIPovFU.exe
  2⤵
  PID:3860
- C:\Windows\System\UWVAaEw.exe
  C:\Windows\System\UWVAaEw.exe
  2⤵
  PID:3924
- C:\Windows\System\mBzaSjT.exe
  C:\Windows\System\mBzaSjT.exe
  2⤵
  PID:3768
- C:\Windows\System\lClgxGS.exe
  C:\Windows\System\lClgxGS.exe
  2⤵
  PID:3784
- C:\Windows\System\pHdJCNo.exe
  C:\Windows\System\pHdJCNo.exe
  2⤵
  PID:3800
- C:\Windows\System\QEWZUCx.exe
  C:\Windows\System\QEWZUCx.exe
  2⤵
  PID:3992
- C:\Windows\System\IDFAeUz.exe
  C:\Windows\System\IDFAeUz.exe
  2⤵
  PID:4052
- C:\Windows\System\hSaFyPK.exe
  C:\Windows\System\hSaFyPK.exe
  2⤵
  PID:4088
- C:\Windows\System\CqdTxHw.exe
  C:\Windows\System\CqdTxHw.exe
  2⤵
  PID:3132
- C:\Windows\System\lOOGaTU.exe
  C:\Windows\System\lOOGaTU.exe
  2⤵
  PID:2944
- C:\Windows\System\crJfJzO.exe
  C:\Windows\System\crJfJzO.exe
  2⤵
  PID:2864
- C:\Windows\System\NUOeBME.exe
  C:\Windows\System\NUOeBME.exe
  2⤵
  PID:3812
- C:\Windows\System\ZmxpGOg.exe
  C:\Windows\System\ZmxpGOg.exe
  2⤵
  PID:3272
- C:\Windows\System\gHeXkWd.exe
  C:\Windows\System\gHeXkWd.exe
  2⤵
  PID:3064
- C:\Windows\System\lQdKfex.exe
  C:\Windows\System\lQdKfex.exe
  2⤵
  PID:3816
- C:\Windows\System\zEpDHEa.exe
  C:\Windows\System\zEpDHEa.exe
  2⤵
  PID:4036
- C:\Windows\System\UocOOBx.exe
  C:\Windows\System\UocOOBx.exe
  2⤵
  PID:4072
- C:\Windows\System\sYmuzhs.exe
  C:\Windows\System\sYmuzhs.exe
  2⤵
  PID:2560
- C:\Windows\System\XItfcOP.exe
  C:\Windows\System\XItfcOP.exe
  2⤵
  PID:3556
- C:\Windows\System\dsAljMM.exe
  C:\Windows\System\dsAljMM.exe
  2⤵
  PID:3632
- C:\Windows\System\cMMYvkG.exe
  C:\Windows\System\cMMYvkG.exe
  2⤵
  PID:3588
- C:\Windows\System\eFvqEug.exe
  C:\Windows\System\eFvqEug.exe
  2⤵
  PID:3896
- C:\Windows\System\ajmoBWF.exe
  C:\Windows\System\ajmoBWF.exe
  2⤵
  PID:516
- C:\Windows\System\PYKxqxg.exe
  C:\Windows\System\PYKxqxg.exe
  2⤵
  PID:2832
- C:\Windows\System\jUAZejN.exe
  C:\Windows\System\jUAZejN.exe
  2⤵
  PID:3288
- C:\Windows\System\vNtgscH.exe
  C:\Windows\System\vNtgscH.exe
  2⤵
  PID:4008
- C:\Windows\System\iMlzcqs.exe
  C:\Windows\System\iMlzcqs.exe
  2⤵
  PID:3956
- C:\Windows\System\WLFRIgH.exe
  C:\Windows\System\WLFRIgH.exe
  2⤵
  PID:2980
- C:\Windows\System\cseOsVs.exe
  C:\Windows\System\cseOsVs.exe
  2⤵
  PID:3972
- C:\Windows\System\VEfMxYT.exe
  C:\Windows\System\VEfMxYT.exe
  2⤵
  PID:2060
- C:\Windows\System\PYrDUHX.exe
  C:\Windows\System\PYrDUHX.exe
  2⤵
  PID:3808
- C:\Windows\System\HlwfBrv.exe
  C:\Windows\System\HlwfBrv.exe
  2⤵
  PID:2312
- C:\Windows\System\hKhUXeK.exe
  C:\Windows\System\hKhUXeK.exe
  2⤵
  PID:3276
- C:\Windows\System\KYLdRIY.exe
  C:\Windows\System\KYLdRIY.exe
  2⤵
  PID:3912
- C:\Windows\System\tvdztyx.exe
  C:\Windows\System\tvdztyx.exe
  2⤵
  PID:2756
- C:\Windows\System\kyfWBxT.exe
  C:\Windows\System\kyfWBxT.exe
  2⤵
  PID:2044
- C:\Windows\System\vGAdVxS.exe
  C:\Windows\System\vGAdVxS.exe
  2⤵
  PID:2508
- C:\Windows\System\eSTRQlM.exe
  C:\Windows\System\eSTRQlM.exe
  2⤵
  PID:2532
- C:\Windows\System\YXMtzHp.exe
  C:\Windows\System\YXMtzHp.exe
  2⤵
  PID:2036
- C:\Windows\System\NlwLuae.exe
  C:\Windows\System\NlwLuae.exe
  2⤵
  PID:3308
- C:\Windows\System\ZqpUZbe.exe
  C:\Windows\System\ZqpUZbe.exe
  2⤵
  PID:2752
- C:\Windows\System\TgKaYmt.exe
  C:\Windows\System\TgKaYmt.exe
  2⤵
  PID:3444
- C:\Windows\System\zYvOqBc.exe
  C:\Windows\System\zYvOqBc.exe
  2⤵
  PID:3164
- C:\Windows\System\lnlYWzF.exe
  C:\Windows\System\lnlYWzF.exe
  2⤵
  PID:568
- C:\Windows\System\JLWnXFz.exe
  C:\Windows\System\JLWnXFz.exe
  2⤵
  PID:3508
- C:\Windows\System\fLXgGIs.exe
  C:\Windows\System\fLXgGIs.exe
  2⤵
  PID:3796
- C:\Windows\System\BlmLHEx.exe
  C:\Windows\System\BlmLHEx.exe
  2⤵
  PID:3100
- C:\Windows\System\PBKGYBs.exe
  C:\Windows\System\PBKGYBs.exe
  2⤵
  PID:3148
- C:\Windows\System\HFouGjM.exe
  C:\Windows\System\HFouGjM.exe
  2⤵
  PID:3764
- C:\Windows\System\zzoHmYI.exe
  C:\Windows\System\zzoHmYI.exe
  2⤵
  PID:4084
- C:\Windows\System\CnGzmMS.exe
  C:\Windows\System\CnGzmMS.exe
  2⤵
  PID:672
- C:\Windows\System\siFzMno.exe
  C:\Windows\System\siFzMno.exe
  2⤵
  PID:3460
- C:\Windows\System\uFiWtBh.exe
  C:\Windows\System\uFiWtBh.exe
  2⤵
  PID:3032
- C:\Windows\System\lqHPRHL.exe
  C:\Windows\System\lqHPRHL.exe
  2⤵
  PID:3536
- C:\Windows\System\OnfhhfJ.exe
  C:\Windows\System\OnfhhfJ.exe
  2⤵
  PID:880
- C:\Windows\System\GqZSQaM.exe
  C:\Windows\System\GqZSQaM.exe
  2⤵
  PID:872
- C:\Windows\System\ePJXpaJ.exe
  C:\Windows\System\ePJXpaJ.exe
  2⤵
  PID:2316
- C:\Windows\System\gMkoACU.exe
  C:\Windows\System\gMkoACU.exe
  2⤵
  PID:2176
- C:\Windows\System\Kukgaic.exe
  C:\Windows\System\Kukgaic.exe
  2⤵
  PID:3372
- C:\Windows\System\cbnlayB.exe
  C:\Windows\System\cbnlayB.exe
  2⤵
  PID:4108
- C:\Windows\System\kfHomvU.exe
  C:\Windows\System\kfHomvU.exe
  2⤵
  PID:4124
- C:\Windows\System\yRDAhhq.exe
  C:\Windows\System\yRDAhhq.exe
  2⤵
  PID:4140
- C:\Windows\System\rvYaPcF.exe
  C:\Windows\System\rvYaPcF.exe
  2⤵
  PID:4156
- C:\Windows\System\lEeikPQ.exe
  C:\Windows\System\lEeikPQ.exe
  2⤵
  PID:4296
- C:\Windows\System\vPtNFHW.exe
  C:\Windows\System\vPtNFHW.exe
  2⤵
  PID:4380
- C:\Windows\System\GOlqSUb.exe
  C:\Windows\System\GOlqSUb.exe
  2⤵
  PID:4548
- C:\Windows\System\eFktiFc.exe
  C:\Windows\System\eFktiFc.exe
  2⤵
  PID:4564
- C:\Windows\System\PNNVpgh.exe
  C:\Windows\System\PNNVpgh.exe
  2⤵
  PID:4588
- C:\Windows\System\WzviTcm.exe
  C:\Windows\System\WzviTcm.exe
  2⤵
  PID:4604
- C:\Windows\System\nLrmywj.exe
  C:\Windows\System\nLrmywj.exe
  2⤵
  PID:4620
- C:\Windows\System\YWBAtpb.exe
  C:\Windows\System\YWBAtpb.exe
  2⤵
  PID:4640
- C:\Windows\System\HZEgqsY.exe
  C:\Windows\System\HZEgqsY.exe
  2⤵
  PID:4656
- C:\Windows\System\EdQTAwZ.exe
  C:\Windows\System\EdQTAwZ.exe
  2⤵
  PID:4672
- C:\Windows\System\YtsgzVe.exe
  C:\Windows\System\YtsgzVe.exe
  2⤵
  PID:4712
- C:\Windows\System\HlWNsGZ.exe
  C:\Windows\System\HlWNsGZ.exe
  2⤵
  PID:4728
- C:\Windows\System\kHtGEon.exe
  C:\Windows\System\kHtGEon.exe
  2⤵
  PID:4748
- C:\Windows\System\GVAaKsF.exe
  C:\Windows\System\GVAaKsF.exe
  2⤵
  PID:4764
- C:\Windows\System\cnIfHeI.exe
  C:\Windows\System\cnIfHeI.exe
  2⤵
  PID:4788
- C:\Windows\System\sIDKYnE.exe
  C:\Windows\System\sIDKYnE.exe
  2⤵
  PID:4808
- C:\Windows\System\CDlYvvk.exe
  C:\Windows\System\CDlYvvk.exe
  2⤵
  PID:4828
- C:\Windows\System\dWxgzLG.exe
  C:\Windows\System\dWxgzLG.exe
  2⤵
  PID:4852
- C:\Windows\System\KhImlaD.exe
  C:\Windows\System\KhImlaD.exe
  2⤵
  PID:4876
- C:\Windows\System\ZzqmUwS.exe
  C:\Windows\System\ZzqmUwS.exe
  2⤵
  PID:4892
- C:\Windows\System\ytOepIf.exe
  C:\Windows\System\ytOepIf.exe
  2⤵
  PID:4916
- C:\Windows\System\TzjaugM.exe
  C:\Windows\System\TzjaugM.exe
  2⤵
  PID:4932
- C:\Windows\System\jpshKJM.exe
  C:\Windows\System\jpshKJM.exe
  2⤵
  PID:4948
- C:\Windows\System\MDUvthI.exe
  C:\Windows\System\MDUvthI.exe
  2⤵
  PID:4984
- C:\Windows\System\FkCLITD.exe
  C:\Windows\System\FkCLITD.exe
  2⤵
  PID:5000
- C:\Windows\System\kAQcCyt.exe
  C:\Windows\System\kAQcCyt.exe
  2⤵
  PID:5020
- C:\Windows\System\DuHNVgo.exe
  C:\Windows\System\DuHNVgo.exe
  2⤵
  PID:5040
- C:\Windows\System\SchfeDY.exe
  C:\Windows\System\SchfeDY.exe
  2⤵
  PID:5056
- C:\Windows\System\bbpXkyh.exe
  C:\Windows\System\bbpXkyh.exe
  2⤵
  PID:5072
- C:\Windows\System\xcXyPzJ.exe
  C:\Windows\System\xcXyPzJ.exe
  2⤵
  PID:5096
- C:\Windows\System\QwVfBKJ.exe
  C:\Windows\System\QwVfBKJ.exe
  2⤵
  PID:5112
- C:\Windows\System\vYkxckw.exe
  C:\Windows\System\vYkxckw.exe
  2⤵
  PID:3520
- C:\Windows\System\xxJdviE.exe
  C:\Windows\System\xxJdviE.exe
  2⤵
  PID:3008
- C:\Windows\System\yfQeqbb.exe
  C:\Windows\System\yfQeqbb.exe
  2⤵
  PID:4136
- C:\Windows\System\NDVRkVF.exe
  C:\Windows\System\NDVRkVF.exe
  2⤵
  PID:4184
- C:\Windows\System\eygfwVO.exe
  C:\Windows\System\eygfwVO.exe
  2⤵
  PID:4212
- C:\Windows\System\nvdkvic.exe
  C:\Windows\System\nvdkvic.exe
  2⤵
  PID:4216
- C:\Windows\System\LvqWazB.exe
  C:\Windows\System\LvqWazB.exe
  2⤵
  PID:4236
- C:\Windows\System\FfJEISw.exe
  C:\Windows\System\FfJEISw.exe
  2⤵
  PID:4252
- C:\Windows\System\PaYAtWB.exe
  C:\Windows\System\PaYAtWB.exe
  2⤵
  PID:4272
- C:\Windows\System\JbQdVXv.exe
  C:\Windows\System\JbQdVXv.exe
  2⤵
  PID:4292
- C:\Windows\System\mtDQTer.exe
  C:\Windows\System\mtDQTer.exe
  2⤵
  PID:1984
- C:\Windows\System\iERYRCd.exe
  C:\Windows\System\iERYRCd.exe
  2⤵
  PID:2896
- C:\Windows\System\VkJExfY.exe
  C:\Windows\System\VkJExfY.exe
  2⤵
  PID:2704
- C:\Windows\System\eWDvxkA.exe
  C:\Windows\System\eWDvxkA.exe
  2⤵
  PID:4152
- C:\Windows\System\vGfuajS.exe
  C:\Windows\System\vGfuajS.exe
  2⤵
  PID:4320
- C:\Windows\System\XmUTdlf.exe
  C:\Windows\System\XmUTdlf.exe
  2⤵
  PID:4340
- C:\Windows\System\QHdwpru.exe
  C:\Windows\System\QHdwpru.exe
  2⤵
  PID:4360
- C:\Windows\System\WyHPhzj.exe
  C:\Windows\System\WyHPhzj.exe
  2⤵
  PID:2728
- C:\Windows\System\RteRlFO.exe
  C:\Windows\System\RteRlFO.exe
  2⤵
  PID:4428
- C:\Windows\System\SPfFwWz.exe
  C:\Windows\System\SPfFwWz.exe
  2⤵
  PID:4444
- C:\Windows\System\wEajNeh.exe
  C:\Windows\System\wEajNeh.exe
  2⤵
  PID:584
- C:\Windows\System\HlIorbZ.exe
  C:\Windows\System\HlIorbZ.exe
  2⤵
  PID:2132
- C:\Windows\System\ZOxMEPD.exe
  C:\Windows\System\ZOxMEPD.exe
  2⤵
  PID:4472
- C:\Windows\System\OQlehdl.exe
  C:\Windows\System\OQlehdl.exe
  2⤵
  PID:4488
- C:\Windows\System\fXYPQHN.exe
  C:\Windows\System\fXYPQHN.exe
  2⤵
  PID:4504
- C:\Windows\System\mRbliMa.exe
  C:\Windows\System\mRbliMa.exe
  2⤵
  PID:580
- C:\Windows\System\xPoRRGR.exe
  C:\Windows\System\xPoRRGR.exe
  2⤵
  PID:4536
- C:\Windows\System\gmKVSJu.exe
  C:\Windows\System\gmKVSJu.exe
  2⤵
  PID:4544
- C:\Windows\System\dTllkqV.exe
  C:\Windows\System\dTllkqV.exe
  2⤵
  PID:4576
- C:\Windows\System\PUCvKFT.exe
  C:\Windows\System\PUCvKFT.exe
  2⤵
  PID:4612
- C:\Windows\System\zfLSPSk.exe
  C:\Windows\System\zfLSPSk.exe
  2⤵
  PID:4680
- C:\Windows\System\cqUZIEZ.exe
  C:\Windows\System\cqUZIEZ.exe
  2⤵
  PID:4700
- C:\Windows\System\fxzolwg.exe
  C:\Windows\System\fxzolwg.exe
  2⤵
  PID:4636
- C:\Windows\System\Cscfbha.exe
  C:\Windows\System\Cscfbha.exe
  2⤵
  PID:4664
- C:\Windows\System\VGFrNYZ.exe
  C:\Windows\System\VGFrNYZ.exe
  2⤵
  PID:4756
- C:\Windows\System\HIdIYNs.exe
  C:\Windows\System\HIdIYNs.exe
  2⤵
  PID:4760
- C:\Windows\System\kreTvIv.exe
  C:\Windows\System\kreTvIv.exe
  2⤵
  PID:4900
- C:\Windows\System\yYngwwg.exe
  C:\Windows\System\yYngwwg.exe
  2⤵
  PID:4848
- C:\Windows\System\CxRbCJi.exe
  C:\Windows\System\CxRbCJi.exe
  2⤵
  PID:4940
- C:\Windows\System\UbCKcUJ.exe
  C:\Windows\System\UbCKcUJ.exe
  2⤵
  PID:4888
- C:\Windows\System\xtEPrBr.exe
  C:\Windows\System\xtEPrBr.exe
  2⤵
  PID:4968
- C:\Windows\System\kLmkcdw.exe
  C:\Windows\System\kLmkcdw.exe
  2⤵
  PID:4992
- C:\Windows\System\cVmuaAj.exe
  C:\Windows\System\cVmuaAj.exe
  2⤵
  PID:5032
- C:\Windows\System\LzvWmHH.exe
  C:\Windows\System\LzvWmHH.exe
  2⤵
  PID:5080
- C:\Windows\System\dOgvbCm.exe
  C:\Windows\System\dOgvbCm.exe
  2⤵
  PID:5036
- C:\Windows\System\jreErHq.exe
  C:\Windows\System\jreErHq.exe
  2⤵
  PID:4228
- C:\Windows\System\LXXjUOT.exe
  C:\Windows\System\LXXjUOT.exe
  2⤵
  PID:4264
- C:\Windows\System\imEZaEI.exe
  C:\Windows\System\imEZaEI.exe
  2⤵
  PID:4232
- C:\Windows\System\zAQkYur.exe
  C:\Windows\System\zAQkYur.exe
  2⤵
  PID:5104
- C:\Windows\System\teyYRXD.exe
  C:\Windows\System\teyYRXD.exe
  2⤵
  PID:4168
- C:\Windows\System\MxkcAZu.exe
  C:\Windows\System\MxkcAZu.exe
  2⤵
  PID:4196
- C:\Windows\System\HQmyFII.exe
  C:\Windows\System\HQmyFII.exe
  2⤵
  PID:3524
- C:\Windows\System\lgwMSeQ.exe
  C:\Windows\System\lgwMSeQ.exe
  2⤵
  PID:4024
- C:\Windows\System\NWuUmLJ.exe
  C:\Windows\System\NWuUmLJ.exe
  2⤵
  PID:3324
- C:\Windows\System\KRyIFcD.exe
  C:\Windows\System\KRyIFcD.exe
  2⤵
  PID:4352
- C:\Windows\System\UNzCUSI.exe
  C:\Windows\System\UNzCUSI.exe
  2⤵
  PID:4328
- C:\Windows\System\bDTfEvv.exe
  C:\Windows\System\bDTfEvv.exe
  2⤵
  PID:4456
- C:\Windows\System\SHCUkhw.exe
  C:\Windows\System\SHCUkhw.exe
  2⤵
  PID:4416
- C:\Windows\System\ONyRxEV.exe
  C:\Windows\System\ONyRxEV.exe
  2⤵
  PID:4496
- C:\Windows\System\TtZtPsG.exe
  C:\Windows\System\TtZtPsG.exe
  2⤵
  PID:1624
- C:\Windows\System\AjqUVtC.exe
  C:\Windows\System\AjqUVtC.exe
  2⤵
  PID:4520
- C:\Windows\System\JgLvvKf.exe
  C:\Windows\System\JgLvvKf.exe
  2⤵
  PID:2852
- C:\Windows\System\ZDVlHKE.exe
  C:\Windows\System\ZDVlHKE.exe
  2⤵
  PID:4632
- C:\Windows\System\whRLweI.exe
  C:\Windows\System\whRLweI.exe
  2⤵
  PID:4528
- C:\Windows\System\HUgQwId.exe
  C:\Windows\System\HUgQwId.exe
  2⤵
  PID:700
- C:\Windows\System\CDSaWCH.exe
  C:\Windows\System\CDSaWCH.exe
  2⤵
  PID:4736
- C:\Windows\System\coJJIbr.exe
  C:\Windows\System\coJJIbr.exe
  2⤵
  PID:4872
- C:\Windows\System\otOxkWl.exe
  C:\Windows\System\otOxkWl.exe
  2⤵
  PID:4824
- C:\Windows\System\mgckgcQ.exe
  C:\Windows\System\mgckgcQ.exe
  2⤵
  PID:4924
- C:\Windows\System\rUwEgGJ.exe
  C:\Windows\System\rUwEgGJ.exe
  2⤵
  PID:4976
- C:\Windows\System\vegTxZO.exe
  C:\Windows\System\vegTxZO.exe
  2⤵
  PID:5008
- C:\Windows\System\namcnOk.exe
  C:\Windows\System\namcnOk.exe
  2⤵
  PID:2056
- C:\Windows\System\zCWRfXa.exe
  C:\Windows\System\zCWRfXa.exe
  2⤵
  PID:5088
- C:\Windows\System\kIsOJYa.exe
  C:\Windows\System\kIsOJYa.exe
  2⤵
  PID:5048
- C:\Windows\System\YNYldPA.exe
  C:\Windows\System\YNYldPA.exe
  2⤵
  PID:4224
- C:\Windows\System\EzvSUaX.exe
  C:\Windows\System\EzvSUaX.exe
  2⤵
  PID:3780
- C:\Windows\System\iaXKxRW.exe
  C:\Windows\System\iaXKxRW.exe
  2⤵
  PID:4244
- C:\Windows\System\DVPwGgn.exe
  C:\Windows\System\DVPwGgn.exe
  2⤵
  PID:944
- C:\Windows\System\hbRNuZU.exe
  C:\Windows\System\hbRNuZU.exe
  2⤵
  PID:4116
- C:\Windows\System\vbLgrpv.exe
  C:\Windows\System\vbLgrpv.exe
  2⤵
  PID:4980
- C:\Windows\System\AOnCDmn.exe
  C:\Windows\System\AOnCDmn.exe
  2⤵
  PID:4476
- C:\Windows\System\smjMUJA.exe
  C:\Windows\System\smjMUJA.exe
  2⤵
  PID:4436
- C:\Windows\System\onbWXiF.exe
  C:\Windows\System\onbWXiF.exe
  2⤵
  PID:2540
- C:\Windows\System\wqHXytr.exe
  C:\Windows\System\wqHXytr.exe
  2⤵
  PID:4572
- C:\Windows\System\edZzNsO.exe
  C:\Windows\System\edZzNsO.exe
  2⤵
  PID:2588
- C:\Windows\System\agsnxph.exe
  C:\Windows\System\agsnxph.exe
  2⤵
  PID:4460
- C:\Windows\System\vpctgeQ.exe
  C:\Windows\System\vpctgeQ.exe
  2⤵
  PID:1524
- C:\Windows\System\xrdcIhj.exe
  C:\Windows\System\xrdcIhj.exe
  2⤵
  PID:2128
- C:\Windows\System\ZImKTGg.exe
  C:\Windows\System\ZImKTGg.exe
  2⤵
  PID:2096
- C:\Windows\System\YLuIoSF.exe
  C:\Windows\System\YLuIoSF.exe
  2⤵
  PID:4800
- C:\Windows\System\aAtMfER.exe
  C:\Windows\System\aAtMfER.exe
  2⤵
  PID:4964
- C:\Windows\System\HLrJsbV.exe
  C:\Windows\System\HLrJsbV.exe
  2⤵
  PID:1808
- C:\Windows\System\LLllkGg.exe
  C:\Windows\System\LLllkGg.exe
  2⤵
  PID:4956
- C:\Windows\System\DpXOEHZ.exe
  C:\Windows\System\DpXOEHZ.exe
  2⤵
  PID:5016
- C:\Windows\System\QcqiSZi.exe
  C:\Windows\System\QcqiSZi.exe
  2⤵
  PID:1084
- C:\Windows\System\LfgcTCc.exe
  C:\Windows\System\LfgcTCc.exe
  2⤵
  PID:2760
- C:\Windows\System\IzMwGrr.exe
  C:\Windows\System\IzMwGrr.exe
  2⤵
  PID:4188
- C:\Windows\System\DoBRijf.exe
  C:\Windows\System\DoBRijf.exe
  2⤵
  PID:2276
- C:\Windows\System\bxvEhPn.exe
  C:\Windows\System\bxvEhPn.exe
  2⤵
  PID:4408
- C:\Windows\System\jpxSuTH.exe
  C:\Windows\System\jpxSuTH.exe
  2⤵
  PID:708
- C:\Windows\System\CEjlGoh.exe
  C:\Windows\System\CEjlGoh.exe
  2⤵
  PID:4468
- C:\Windows\System\vwjkiHD.exe
  C:\Windows\System\vwjkiHD.exe
  2⤵
  PID:1144
- C:\Windows\System\SOHLtho.exe
  C:\Windows\System\SOHLtho.exe
  2⤵
  PID:4648
- C:\Windows\System\BwAHdML.exe
  C:\Windows\System\BwAHdML.exe
  2⤵
  PID:3020
- C:\Windows\System\rVpmscA.exe
  C:\Windows\System\rVpmscA.exe
  2⤵
  PID:4596
- C:\Windows\System\QfdDyqC.exe
  C:\Windows\System\QfdDyqC.exe
  2⤵
  PID:4884
- C:\Windows\System\ZtFtMSs.exe
  C:\Windows\System\ZtFtMSs.exe
  2⤵
  PID:4312
- C:\Windows\System\ZXevRmO.exe
  C:\Windows\System\ZXevRmO.exe
  2⤵
  PID:4960
- C:\Windows\System\OyywMbh.exe
  C:\Windows\System\OyywMbh.exe
  2⤵
  PID:4268
- C:\Windows\System\rzNPEMJ.exe
  C:\Windows\System\rzNPEMJ.exe
  2⤵
  PID:4260
- C:\Windows\System\OjnkaUk.exe
  C:\Windows\System\OjnkaUk.exe
  2⤵
  PID:4356
- C:\Windows\System\RHigXqE.exe
  C:\Windows\System\RHigXqE.exe
  2⤵
  PID:4420
- C:\Windows\System\ksaHjnK.exe
  C:\Windows\System\ksaHjnK.exe
  2⤵
  PID:4740
- C:\Windows\System\SzqhoEp.exe
  C:\Windows\System\SzqhoEp.exe
  2⤵
  PID:4720
- C:\Windows\System\TBqufNf.exe
  C:\Windows\System\TBqufNf.exe
  2⤵
  PID:4364
- C:\Windows\System\eCQmGjo.exe
  C:\Windows\System\eCQmGjo.exe
  2⤵
  PID:4904
- C:\Windows\System\NztuUFM.exe
  C:\Windows\System\NztuUFM.exe
  2⤵
  PID:4176
- C:\Windows\System\RcoIiZo.exe
  C:\Windows\System\RcoIiZo.exe
  2⤵
  PID:1996
- C:\Windows\System\UVdVihd.exe
  C:\Windows\System\UVdVihd.exe
  2⤵
  PID:4284
- C:\Windows\System\vmgYcWw.exe
  C:\Windows\System\vmgYcWw.exe
  2⤵
  PID:852
- C:\Windows\System\AgMOizb.exe
  C:\Windows\System\AgMOizb.exe
  2⤵
  PID:4412
- C:\Windows\System\mQaxJgn.exe
  C:\Windows\System\mQaxJgn.exe
  2⤵
  PID:4844
- C:\Windows\System\VWeTLoN.exe
  C:\Windows\System\VWeTLoN.exe
  2⤵
  PID:1740
- C:\Windows\System\tLylRtv.exe
  C:\Windows\System\tLylRtv.exe
  2⤵
  PID:2392
- C:\Windows\System\qcnkFkv.exe
  C:\Windows\System\qcnkFkv.exe
  2⤵
  PID:544
- C:\Windows\System\LVrVptV.exe
  C:\Windows\System\LVrVptV.exe
  2⤵
  PID:5124
- C:\Windows\System\MIOPQSJ.exe
  C:\Windows\System\MIOPQSJ.exe
  2⤵
  PID:5140
- C:\Windows\System\BjUxPhv.exe
  C:\Windows\System\BjUxPhv.exe
  2⤵
  PID:5160
- C:\Windows\System\JxCQnyW.exe
  C:\Windows\System\JxCQnyW.exe
  2⤵
  PID:5176
- C:\Windows\System\irQHPjh.exe
  C:\Windows\System\irQHPjh.exe
  2⤵
  PID:5196
- C:\Windows\System\zRcexSA.exe
  C:\Windows\System\zRcexSA.exe
  2⤵
  PID:5212
- C:\Windows\System\ypogmMT.exe
  C:\Windows\System\ypogmMT.exe
  2⤵
  PID:5236
- C:\Windows\System\hwPTtQt.exe
  C:\Windows\System\hwPTtQt.exe
  2⤵
  PID:5256
- C:\Windows\System\MqdBTQi.exe
  C:\Windows\System\MqdBTQi.exe
  2⤵
  PID:5272
- C:\Windows\System\CwGDVhJ.exe
  C:\Windows\System\CwGDVhJ.exe
  2⤵
  PID:5288
- C:\Windows\System\RZEyRVw.exe
  C:\Windows\System\RZEyRVw.exe
  2⤵
  PID:5308
- C:\Windows\System\HievUDy.exe
  C:\Windows\System\HievUDy.exe
  2⤵
  PID:5328
- C:\Windows\System\qYYHeaY.exe
  C:\Windows\System\qYYHeaY.exe
  2⤵
  PID:5348
- C:\Windows\System\DFmnaHC.exe
  C:\Windows\System\DFmnaHC.exe
  2⤵
  PID:5364
- C:\Windows\System\hImDpLz.exe
  C:\Windows\System\hImDpLz.exe
  2⤵
  PID:5380
- C:\Windows\System\zDpTjQG.exe
  C:\Windows\System\zDpTjQG.exe
  2⤵
  PID:5400
- C:\Windows\System\vStWbzy.exe
  C:\Windows\System\vStWbzy.exe
  2⤵
  PID:5424
- C:\Windows\System\SDmUsck.exe
  C:\Windows\System\SDmUsck.exe
  2⤵
  PID:5440
- C:\Windows\System\RzkewvH.exe
  C:\Windows\System\RzkewvH.exe
  2⤵
  PID:5456
- C:\Windows\System\aJSyvHZ.exe
  C:\Windows\System\aJSyvHZ.exe
  2⤵
  PID:5472
- C:\Windows\System\tEDUzoH.exe
  C:\Windows\System\tEDUzoH.exe
  2⤵
  PID:5488
- C:\Windows\System\JtycktP.exe
  C:\Windows\System\JtycktP.exe
  2⤵
  PID:5504
- C:\Windows\System\uPfoRbq.exe
  C:\Windows\System\uPfoRbq.exe
  2⤵
  PID:5520
- C:\Windows\System\okJzigZ.exe
  C:\Windows\System\okJzigZ.exe
  2⤵
  PID:5536
- C:\Windows\System\OULYzuK.exe
  C:\Windows\System\OULYzuK.exe
  2⤵
  PID:5552
- C:\Windows\System\drznBpz.exe
  C:\Windows\System\drznBpz.exe
  2⤵
  PID:5572
- C:\Windows\System\QyHTmIV.exe
  C:\Windows\System\QyHTmIV.exe
  2⤵
  PID:5588
- C:\Windows\System\YNufokQ.exe
  C:\Windows\System\YNufokQ.exe
  2⤵
  PID:5604
- C:\Windows\System\KoAHrGb.exe
  C:\Windows\System\KoAHrGb.exe
  2⤵
  PID:5620
- C:\Windows\System\HqsJBKF.exe
  C:\Windows\System\HqsJBKF.exe
  2⤵
  PID:5636
- C:\Windows\System\tqdtTLv.exe
  C:\Windows\System\tqdtTLv.exe
  2⤵
  PID:5652
- C:\Windows\System\VBWdUru.exe
  C:\Windows\System\VBWdUru.exe
  2⤵
  PID:5668
- C:\Windows\System\JGSGKMH.exe
  C:\Windows\System\JGSGKMH.exe
  2⤵
  PID:5684
- C:\Windows\System\NJZHZpi.exe
  C:\Windows\System\NJZHZpi.exe
  2⤵
  PID:5700
- C:\Windows\System\zxaBsCn.exe
  C:\Windows\System\zxaBsCn.exe
  2⤵
  PID:5716
- C:\Windows\System\bObtGJX.exe
  C:\Windows\System\bObtGJX.exe
  2⤵
  PID:5732
- C:\Windows\System\DWPFzKh.exe
  C:\Windows\System\DWPFzKh.exe
  2⤵
  PID:5748
- C:\Windows\System\mtruEZC.exe
  C:\Windows\System\mtruEZC.exe
  2⤵
  PID:5764
- C:\Windows\System\rZtfiFo.exe
  C:\Windows\System\rZtfiFo.exe
  2⤵
  PID:5780
- C:\Windows\System\nMxrxQw.exe
  C:\Windows\System\nMxrxQw.exe
  2⤵
  PID:5796
- C:\Windows\System\NAWaPoi.exe
  C:\Windows\System\NAWaPoi.exe
  2⤵
  PID:5812
- C:\Windows\System\gVFDBDA.exe
  C:\Windows\System\gVFDBDA.exe
  2⤵
  PID:5828
- C:\Windows\System\sFgJNZG.exe
  C:\Windows\System\sFgJNZG.exe
  2⤵
  PID:5844
- C:\Windows\System\rxUIRlB.exe
  C:\Windows\System\rxUIRlB.exe
  2⤵
  PID:5860
- C:\Windows\System\YqXhWVz.exe
  C:\Windows\System\YqXhWVz.exe
  2⤵
  PID:5876
- C:\Windows\System\biLPYXZ.exe
  C:\Windows\System\biLPYXZ.exe
  2⤵
  PID:5892
- C:\Windows\System\lOowiaj.exe
  C:\Windows\System\lOowiaj.exe
  2⤵
  PID:5908
- C:\Windows\System\GMThukq.exe
  C:\Windows\System\GMThukq.exe
  2⤵
  PID:5924
- C:\Windows\System\NHrYNYs.exe
  C:\Windows\System\NHrYNYs.exe
  2⤵
  PID:5940
- C:\Windows\System\ZSmcSwn.exe
  C:\Windows\System\ZSmcSwn.exe
  2⤵
  PID:5956
- C:\Windows\System\FkWxYGc.exe
  C:\Windows\System\FkWxYGc.exe
  2⤵
  PID:5972
- C:\Windows\System\yuPcZoC.exe
  C:\Windows\System\yuPcZoC.exe
  2⤵
  PID:5988
- C:\Windows\System\DvPoAdd.exe
  C:\Windows\System\DvPoAdd.exe
  2⤵
  PID:6004
- C:\Windows\System\INStynX.exe
  C:\Windows\System\INStynX.exe
  2⤵
  PID:6020
- C:\Windows\System\NGKNcyF.exe
  C:\Windows\System\NGKNcyF.exe
  2⤵
  PID:6036
- C:\Windows\System\TezwMsb.exe
  C:\Windows\System\TezwMsb.exe
  2⤵
  PID:6052
- C:\Windows\System\iCgGlpX.exe
  C:\Windows\System\iCgGlpX.exe
  2⤵
  PID:6068
- C:\Windows\System\BNEujuJ.exe
  C:\Windows\System\BNEujuJ.exe
  2⤵
  PID:6084
- C:\Windows\System\zDnMYYp.exe
  C:\Windows\System\zDnMYYp.exe
  2⤵
  PID:6104
- C:\Windows\System\VWMFnGr.exe
  C:\Windows\System\VWMFnGr.exe
  2⤵
  PID:6120
- C:\Windows\System\VfLSXDY.exe
  C:\Windows\System\VfLSXDY.exe
  2⤵
  PID:6136
- C:\Windows\System\ZgAvEWS.exe
  C:\Windows\System\ZgAvEWS.exe
  2⤵
  PID:5132
- C:\Windows\System\DMkFpTh.exe
  C:\Windows\System\DMkFpTh.exe
  2⤵
  PID:5204
- C:\Windows\System\nEYAGrO.exe
  C:\Windows\System\nEYAGrO.exe
  2⤵
  PID:5252
- C:\Windows\System\bLRRTzE.exe
  C:\Windows\System\bLRRTzE.exe
  2⤵
  PID:5316
- C:\Windows\System\TzfNyPo.exe
  C:\Windows\System\TzfNyPo.exe
  2⤵
  PID:5388
- C:\Windows\System\DlxYsCu.exe
  C:\Windows\System\DlxYsCu.exe
  2⤵
  PID:1928
- C:\Windows\System\QLyylbA.exe
  C:\Windows\System\QLyylbA.exe
  2⤵
  PID:5220
- C:\Windows\System\qzJQYcE.exe
  C:\Windows\System\qzJQYcE.exe
  2⤵
  PID:5268
- C:\Windows\System\fchFSDN.exe
  C:\Windows\System\fchFSDN.exe
  2⤵
  PID:5336
- C:\Windows\System\Gofvkmv.exe
  C:\Windows\System\Gofvkmv.exe
  2⤵
  PID:5376
- C:\Windows\System\ALDvPpr.exe
  C:\Windows\System\ALDvPpr.exe
  2⤵
  PID:5192
- C:\Windows\System\OtNEGBr.exe
  C:\Windows\System\OtNEGBr.exe
  2⤵
  PID:5416
- C:\Windows\System\gNUDqEq.exe
  C:\Windows\System\gNUDqEq.exe
  2⤵
  PID:4392
- C:\Windows\System\AoVlTek.exe
  C:\Windows\System\AoVlTek.exe
  2⤵
  PID:5480
- C:\Windows\System\dfYLMCH.exe
  C:\Windows\System\dfYLMCH.exe
  2⤵
  PID:5432
- C:\Windows\System\XSxjJlr.exe
  C:\Windows\System\XSxjJlr.exe
  2⤵
  PID:5464
- C:\Windows\System\UbzPqln.exe
  C:\Windows\System\UbzPqln.exe
  2⤵
  PID:5584
- C:\Windows\System\ehVrKNx.exe
  C:\Windows\System\ehVrKNx.exe
  2⤵
  PID:5560
- C:\Windows\System\HjeXlDU.exe
  C:\Windows\System\HjeXlDU.exe
  2⤵
  PID:5616
- C:\Windows\System\DHCejQu.exe
  C:\Windows\System\DHCejQu.exe
  2⤵
  PID:5632
- C:\Windows\System\ilHGaDd.exe
  C:\Windows\System\ilHGaDd.exe
  2⤵
  PID:5692
- C:\Windows\System\nVIaYcv.exe
  C:\Windows\System\nVIaYcv.exe
  2⤵
  PID:5744
- C:\Windows\System\EccoHeS.exe
  C:\Windows\System\EccoHeS.exe
  2⤵
  PID:5760
- C:\Windows\System\thUjMrw.exe
  C:\Windows\System\thUjMrw.exe
  2⤵
  PID:5804
- C:\Windows\System\azKokDW.exe
  C:\Windows\System\azKokDW.exe
  2⤵
  PID:5756
- C:\Windows\System\CbUheby.exe
  C:\Windows\System\CbUheby.exe
  2⤵
  PID:5840
- C:\Windows\System\gBobRTG.exe
  C:\Windows\System\gBobRTG.exe
  2⤵
  PID:5856
- C:\Windows\System\EZJisds.exe
  C:\Windows\System\EZJisds.exe
  2⤵
  PID:5936
- C:\Windows\System\OfrbndT.exe
  C:\Windows\System\OfrbndT.exe
  2⤵
  PID:5916
- C:\Windows\System\JFsYbaX.exe
  C:\Windows\System\JFsYbaX.exe
  2⤵
  PID:5952
- C:\Windows\System\cnRtBoc.exe
  C:\Windows\System\cnRtBoc.exe
  2⤵
  PID:5920
- C:\Windows\System\jPSdMNX.exe
  C:\Windows\System\jPSdMNX.exe
  2⤵
  PID:6028
- C:\Windows\System\asdIKyy.exe
  C:\Windows\System\asdIKyy.exe
  2⤵
  PID:6044
- C:\Windows\System\SsvZkWG.exe
  C:\Windows\System\SsvZkWG.exe
  2⤵
  PID:6080
- C:\Windows\System\dvjVGRK.exe
  C:\Windows\System\dvjVGRK.exe
  2⤵
  PID:5136
- C:\Windows\System\jkngjLu.exe
  C:\Windows\System\jkngjLu.exe
  2⤵
  PID:4400
- C:\Windows\System\NExHGiE.exe
  C:\Windows\System\NExHGiE.exe
  2⤵
  PID:4396
- C:\Windows\System\csJfltG.exe
  C:\Windows\System\csJfltG.exe
  2⤵
  PID:4524
- C:\Windows\System\WykAaZK.exe
  C:\Windows\System\WykAaZK.exe
  2⤵
  PID:5300
- C:\Windows\System\uaESxia.exe
  C:\Windows\System\uaESxia.exe
  2⤵
  PID:5148
- C:\Windows\System\LqidShU.exe
  C:\Windows\System\LqidShU.exe
  2⤵
  PID:5392
- C:\Windows\System\FoFMHIn.exe
  C:\Windows\System\FoFMHIn.exe
  2⤵
  PID:5468
- C:\Windows\System\DGmMZVm.exe
  C:\Windows\System\DGmMZVm.exe
  2⤵
  PID:5544
- C:\Windows\System\AtGescB.exe
  C:\Windows\System\AtGescB.exe
  2⤵
  PID:5660
- C:\Windows\System\VTbzntf.exe
  C:\Windows\System\VTbzntf.exe
  2⤵
  PID:5648
- C:\Windows\System\IjNRcaU.exe
  C:\Windows\System\IjNRcaU.exe
  2⤵
  PID:5696
- C:\Windows\System\niJXUVd.exe
  C:\Windows\System\niJXUVd.exe
  2⤵
  PID:5900
- C:\Windows\System\SkJQHAV.exe
  C:\Windows\System\SkJQHAV.exe
  2⤵
  PID:5984
- C:\Windows\System\OwDmkbj.exe
  C:\Windows\System\OwDmkbj.exe
  2⤵
  PID:5740
- C:\Windows\System\VsXNMWL.exe
  C:\Windows\System\VsXNMWL.exe
  2⤵
  PID:5932
- C:\Windows\System\hxlyFKZ.exe
  C:\Windows\System\hxlyFKZ.exe
  2⤵
  PID:6012
- C:\Windows\System\MhrLAbP.exe
  C:\Windows\System\MhrLAbP.exe
  2⤵
  PID:6092
- C:\Windows\System\uMewvng.exe
  C:\Windows\System\uMewvng.exe
  2⤵
  PID:5188
- C:\Windows\System\HGRsPkI.exe
  C:\Windows\System\HGRsPkI.exe
  2⤵
  PID:5412
- C:\Windows\System\gghCCTF.exe
  C:\Windows\System\gghCCTF.exe
  2⤵
  PID:5156
- C:\Windows\System\DJTEynb.exe
  C:\Windows\System\DJTEynb.exe
  2⤵
  PID:5532
- C:\Windows\System\OGAGkFQ.exe
  C:\Windows\System\OGAGkFQ.exe
  2⤵
  PID:5172
- C:\Windows\System\sxIErGN.exe
  C:\Windows\System\sxIErGN.exe
  2⤵
  PID:5244
- C:\Windows\System\FyVxZMH.exe
  C:\Windows\System\FyVxZMH.exe
  2⤵
  PID:5664
- C:\Windows\System\AdeBDsj.exe
  C:\Windows\System\AdeBDsj.exe
  2⤵
  PID:5948
- C:\Windows\System\aCjzGVT.exe
  C:\Windows\System\aCjzGVT.exe
  2⤵
  PID:6076
- C:\Windows\System\kZhibRl.exe
  C:\Windows\System\kZhibRl.exe
  2⤵
  PID:5324
- C:\Windows\System\kESTznW.exe
  C:\Windows\System\kESTznW.exe
  2⤵
  PID:6000
- C:\Windows\System\Xizyyfr.exe
  C:\Windows\System\Xizyyfr.exe
  2⤵
  PID:5512
- C:\Windows\System\ancMJQC.exe
  C:\Windows\System\ancMJQC.exe
  2⤵
  PID:5516
- C:\Windows\System\ETKNWZS.exe
  C:\Windows\System\ETKNWZS.exe
  2⤵
  PID:4288
- C:\Windows\System\vWpjYnC.exe
  C:\Windows\System\vWpjYnC.exe
  2⤵
  PID:5596
- C:\Windows\System\YlBefra.exe
  C:\Windows\System\YlBefra.exe
  2⤵
  PID:5872
- C:\Windows\System\QOpHtcK.exe
  C:\Windows\System\QOpHtcK.exe
  2⤵
  PID:6152
- C:\Windows\System\fwwJIaZ.exe
  C:\Windows\System\fwwJIaZ.exe
  2⤵
  PID:6168
- C:\Windows\System\gVpWpbx.exe
  C:\Windows\System\gVpWpbx.exe
  2⤵
  PID:6632
- C:\Windows\System\UJzQDGm.exe
  C:\Windows\System\UJzQDGm.exe
  2⤵
  PID:6668
- C:\Windows\System\kPRthvF.exe
  C:\Windows\System\kPRthvF.exe
  2⤵
  PID:6736
- C:\Windows\System\yeNWvhK.exe
  C:\Windows\System\yeNWvhK.exe
  2⤵
  PID:6752
- C:\Windows\System\RFfWWCo.exe
  C:\Windows\System\RFfWWCo.exe
  2⤵
  PID:6772
- C:\Windows\System\hkiIEQo.exe
  C:\Windows\System\hkiIEQo.exe
  2⤵
  PID:6788
- C:\Windows\System\VoGbkFG.exe
  C:\Windows\System\VoGbkFG.exe
  2⤵
  PID:6828
- C:\Windows\System\kdUCHVt.exe
  C:\Windows\System\kdUCHVt.exe
  2⤵
  PID:6844
- C:\Windows\System\gQQJPfc.exe
  C:\Windows\System\gQQJPfc.exe
  2⤵
  PID:6860
- C:\Windows\System\fHRfAwd.exe
  C:\Windows\System\fHRfAwd.exe
  2⤵
  PID:6884
- C:\Windows\System\FlitpGx.exe
  C:\Windows\System\FlitpGx.exe
  2⤵
  PID:6900
- C:\Windows\System\xXIAkbV.exe
  C:\Windows\System\xXIAkbV.exe
  2⤵
  PID:6916
- C:\Windows\System\xRkEUzl.exe
  C:\Windows\System\xRkEUzl.exe
  2⤵
  PID:6936
- C:\Windows\System\oAxvzYh.exe
  C:\Windows\System\oAxvzYh.exe
  2⤵
  PID:6952
- C:\Windows\System\xCFnFUJ.exe
  C:\Windows\System\xCFnFUJ.exe
  2⤵
  PID:6972
- C:\Windows\System\XnVPDEE.exe
  C:\Windows\System\XnVPDEE.exe
  2⤵
  PID:6996
- C:\Windows\System\DYzLqRo.exe
  C:\Windows\System\DYzLqRo.exe
  2⤵
  PID:7012
- C:\Windows\System\sxVqyPD.exe
  C:\Windows\System\sxVqyPD.exe
  2⤵
  PID:7044
- C:\Windows\System\YmhOssF.exe
  C:\Windows\System\YmhOssF.exe
  2⤵
  PID:7060
- C:\Windows\System\aNYBEfB.exe
  C:\Windows\System\aNYBEfB.exe
  2⤵
  PID:7076
- C:\Windows\System\jNIaEUB.exe
  C:\Windows\System\jNIaEUB.exe
  2⤵
  PID:7092
- C:\Windows\System\bjsynnZ.exe
  C:\Windows\System\bjsynnZ.exe
  2⤵
  PID:7108
- C:\Windows\System\VSGkLly.exe
  C:\Windows\System\VSGkLly.exe
  2⤵
  PID:7132
- C:\Windows\System\emmuHqC.exe
  C:\Windows\System\emmuHqC.exe
  2⤵
  PID:7152
- C:\Windows\System\JmOGdLv.exe
  C:\Windows\System\JmOGdLv.exe
  2⤵
  PID:5628
- C:\Windows\System\XcFriqu.exe
  C:\Windows\System\XcFriqu.exe
  2⤵
  PID:6160
- C:\Windows\System\CHFECor.exe
  C:\Windows\System\CHFECor.exe
  2⤵
  PID:6212
- C:\Windows\System\DIdIVrQ.exe
  C:\Windows\System\DIdIVrQ.exe
  2⤵
  PID:6236
- C:\Windows\System\dyEkNjA.exe
  C:\Windows\System\dyEkNjA.exe
  2⤵
  PID:6256
- C:\Windows\System\vjWIDss.exe
  C:\Windows\System\vjWIDss.exe
  2⤵
  PID:6280
- C:\Windows\System\cdUajzJ.exe
  C:\Windows\System\cdUajzJ.exe
  2⤵
  PID:6308
- C:\Windows\System\avLjZCl.exe
  C:\Windows\System\avLjZCl.exe
  2⤵
  PID:6304
- C:\Windows\System\zybFIUm.exe
  C:\Windows\System\zybFIUm.exe
  2⤵
  PID:6340
- C:\Windows\System\cpaeMWF.exe
  C:\Windows\System\cpaeMWF.exe
  2⤵
  PID:6356
- C:\Windows\System\FHmazxz.exe
  C:\Windows\System\FHmazxz.exe
  2⤵
  PID:6380
- C:\Windows\System\SZeJdfM.exe
  C:\Windows\System\SZeJdfM.exe
  2⤵
  PID:6400
- C:\Windows\System\KrwVLzu.exe
  C:\Windows\System\KrwVLzu.exe
  2⤵
  PID:6420
- C:\Windows\System\IaBbIvU.exe
  C:\Windows\System\IaBbIvU.exe
  2⤵
  PID:6428
- C:\Windows\System\CMVSJYH.exe
  C:\Windows\System\CMVSJYH.exe
  2⤵
  PID:6440
- C:\Windows\System\lZpnOJr.exe
  C:\Windows\System\lZpnOJr.exe
  2⤵
  PID:6460
- C:\Windows\System\NABvLse.exe
  C:\Windows\System\NABvLse.exe
  2⤵
  PID:6500
- C:\Windows\System\gQctdHS.exe
  C:\Windows\System\gQctdHS.exe
  2⤵
  PID:6516
- C:\Windows\System\aqNKCZA.exe
  C:\Windows\System\aqNKCZA.exe
  2⤵
  PID:6528
- C:\Windows\System\pszBjCQ.exe
  C:\Windows\System\pszBjCQ.exe
  2⤵
  PID:6552
- C:\Windows\System\QMsKBsL.exe
  C:\Windows\System\QMsKBsL.exe
  2⤵
  PID:6584
- C:\Windows\System\UmIzPkT.exe
  C:\Windows\System\UmIzPkT.exe
  2⤵
  PID:6608
- C:\Windows\System\jQxoRwj.exe
  C:\Windows\System\jQxoRwj.exe
  2⤵
  PID:6180
- C:\Windows\System\JApECZh.exe
  C:\Windows\System\JApECZh.exe
  2⤵
  PID:6612
- C:\Windows\System\gKqaagd.exe
  C:\Windows\System\gKqaagd.exe
  2⤵
  PID:6704
- C:\Windows\System\VaoHMJE.exe
  C:\Windows\System\VaoHMJE.exe
  2⤵
  PID:6648
- C:\Windows\System\FAcYgEN.exe
  C:\Windows\System\FAcYgEN.exe
  2⤵
  PID:6720
- C:\Windows\System\FbHOkfT.exe
  C:\Windows\System\FbHOkfT.exe
  2⤵
  PID:6784
- C:\Windows\System\iabCfZN.exe
  C:\Windows\System\iabCfZN.exe
  2⤵
  PID:6796
- C:\Windows\System\TJKlUxS.exe
  C:\Windows\System\TJKlUxS.exe
  2⤵
  PID:6840
- C:\Windows\System\VXjfqvP.exe
  C:\Windows\System\VXjfqvP.exe
  2⤵
  PID:6908
- C:\Windows\System\PUkdVpm.exe
  C:\Windows\System\PUkdVpm.exe
  2⤵
  PID:6980
- C:\Windows\System\UzOyHQq.exe
  C:\Windows\System\UzOyHQq.exe
  2⤵
  PID:6984
- C:\Windows\System\tHYJOww.exe
  C:\Windows\System\tHYJOww.exe
  2⤵
  PID:6964
- C:\Windows\System\dSnLMcj.exe
  C:\Windows\System\dSnLMcj.exe
  2⤵
  PID:6896
- C:\Windows\System\HJosNMp.exe
  C:\Windows\System\HJosNMp.exe
  2⤵
  PID:7056
- C:\Windows\System\ebaDTQx.exe
  C:\Windows\System\ebaDTQx.exe
  2⤵
  PID:7104
- C:\Windows\System\mJXsSKl.exe
  C:\Windows\System\mJXsSKl.exe
  2⤵
  PID:7084
- C:\Windows\System\FnLwJVd.exe
  C:\Windows\System\FnLwJVd.exe
  2⤵
  PID:6968
- C:\Windows\System\AcRooVF.exe
  C:\Windows\System\AcRooVF.exe
  2⤵
  PID:6220
- C:\Windows\System\uHFUSJT.exe
  C:\Windows\System\uHFUSJT.exe
  2⤵
  PID:6260
- C:\Windows\System\GBNwuBq.exe
  C:\Windows\System\GBNwuBq.exe
  2⤵
  PID:5884
- C:\Windows\System\OfizAmC.exe
  C:\Windows\System\OfizAmC.exe
  2⤵
  PID:6360
- C:\Windows\System\djDUoBi.exe
  C:\Windows\System\djDUoBi.exe
  2⤵
  PID:6396
- C:\Windows\System\ytjBScL.exe
  C:\Windows\System\ytjBScL.exe
  2⤵
  PID:6452
- C:\Windows\System\KoOmBWR.exe
  C:\Windows\System\KoOmBWR.exe
  2⤵
  PID:6816
- C:\Windows\System\NmFujyj.exe
  C:\Windows\System\NmFujyj.exe
  2⤵
  PID:7008
- C:\Windows\System\KlpBfIN.exe
  C:\Windows\System\KlpBfIN.exe
  2⤵
  PID:6508
- C:\Windows\System\kumFtjh.exe
  C:\Windows\System\kumFtjh.exe
  2⤵
  PID:6332
- C:\Windows\System\uryDZEV.exe
  C:\Windows\System\uryDZEV.exe
  2⤵
  PID:6200
- C:\Windows\System\gTzpYCG.exe
  C:\Windows\System\gTzpYCG.exe
  2⤵
  PID:6292
- C:\Windows\System\ohjwoyL.exe
  C:\Windows\System\ohjwoyL.exe
  2⤵
  PID:6592
- C:\Windows\System\jCPYVsj.exe
  C:\Windows\System\jCPYVsj.exe
  2⤵
  PID:6620
- C:\Windows\System\mjiSZnR.exe
  C:\Windows\System\mjiSZnR.exe
  2⤵
  PID:6684
- C:\Windows\System\rafxioj.exe
  C:\Windows\System\rafxioj.exe
  2⤵
  PID:6568
- C:\Windows\System\EGMuVjI.exe
  C:\Windows\System\EGMuVjI.exe
  2⤵
  PID:6872
- C:\Windows\System\EJxUQey.exe
  C:\Windows\System\EJxUQey.exe
  2⤵
  PID:6660
- C:\Windows\System\fDuZhIM.exe
  C:\Windows\System\fDuZhIM.exe
  2⤵
  PID:6644
- C:\Windows\System\YiWlurU.exe
  C:\Windows\System\YiWlurU.exe
  2⤵
  PID:6680
- C:\Windows\System\lGAazcq.exe
  C:\Windows\System\lGAazcq.exe
  2⤵
  PID:7020
- C:\Windows\System\CQQYlBj.exe
  C:\Windows\System\CQQYlBj.exe
  2⤵
  PID:7040
- C:\Windows\System\mllvSIa.exe
  C:\Windows\System\mllvSIa.exe
  2⤵
  PID:6932
- C:\Windows\System\cMykbjD.exe
  C:\Windows\System\cMykbjD.exe
  2⤵
  PID:6392
- C:\Windows\System\VDzeThZ.exe
  C:\Windows\System\VDzeThZ.exe
  2⤵
  PID:6512
- C:\Windows\System\sBtDoZX.exe
  C:\Windows\System\sBtDoZX.exe
  2⤵
  PID:6436
- C:\Windows\System\GZTpAPa.exe
  C:\Windows\System\GZTpAPa.exe
  2⤵
  PID:6188
- C:\Windows\System\TnOVJyT.exe
  C:\Windows\System\TnOVJyT.exe
  2⤵
  PID:7004
- C:\Windows\System\ynrfwQQ.exe
  C:\Windows\System\ynrfwQQ.exe
  2⤵
  PID:6544
- C:\Windows\System\XlNftGM.exe
  C:\Windows\System\XlNftGM.exe
  2⤵
  PID:6288
- C:\Windows\System\PqLSKpf.exe
  C:\Windows\System\PqLSKpf.exe
  2⤵
  PID:6372
- C:\Windows\System\OSMlWNz.exe
  C:\Windows\System\OSMlWNz.exe
  2⤵
  PID:6604
- C:\Windows\System\hHToJKY.exe
  C:\Windows\System\hHToJKY.exe
  2⤵
  PID:7164
- C:\Windows\System\VPZvyGu.exe
  C:\Windows\System\VPZvyGu.exe
  2⤵
  PID:6572
- C:\Windows\System\NvsiBfZ.exe
  C:\Windows\System\NvsiBfZ.exe
  2⤵
  PID:6376
- C:\Windows\System\cJdpnmC.exe
  C:\Windows\System\cJdpnmC.exe
  2⤵
  PID:6492
- C:\Windows\System\TAiNEbk.exe
  C:\Windows\System\TAiNEbk.exe
  2⤵
  PID:6656
- C:\Windows\System\BuiCqpM.exe
  C:\Windows\System\BuiCqpM.exe
  2⤵
  PID:7032
- C:\Windows\System\VtySCJE.exe
  C:\Windows\System\VtySCJE.exe
  2⤵
  PID:6812
- C:\Windows\System\WfMtNLO.exe
  C:\Windows\System\WfMtNLO.exe
  2⤵
  PID:6948
- C:\Windows\System\ntbePSl.exe
  C:\Windows\System\ntbePSl.exe
  2⤵
  PID:6384
- C:\Windows\System\DiGCdBT.exe
  C:\Windows\System\DiGCdBT.exe
  2⤵
  PID:6232
- C:\Windows\System\JHzbgnZ.exe
  C:\Windows\System\JHzbgnZ.exe
  2⤵
  PID:6716
- C:\Windows\System\bNJokSG.exe
  C:\Windows\System\bNJokSG.exe
  2⤵
  PID:6412
- C:\Windows\System\nbKVzcn.exe
  C:\Windows\System\nbKVzcn.exe
  2⤵
  PID:6548
- C:\Windows\System\NGSOmzq.exe
  C:\Windows\System\NGSOmzq.exe
  2⤵
  PID:6328
- C:\Windows\System\JNEZhQb.exe
  C:\Windows\System\JNEZhQb.exe
  2⤵
  PID:6600
- C:\Windows\System\PzlbYVA.exe
  C:\Windows\System\PzlbYVA.exe
  2⤵
  PID:6696
- C:\Windows\System\lfcmEtt.exe
  C:\Windows\System\lfcmEtt.exe
  2⤵
  PID:6624
- C:\Windows\System\ullwatF.exe
  C:\Windows\System\ullwatF.exe
  2⤵
  PID:6484
- C:\Windows\System\vZJCYou.exe
  C:\Windows\System\vZJCYou.exe
  2⤵
  PID:6300
- C:\Windows\System\ZGaZonq.exe
  C:\Windows\System\ZGaZonq.exe
  2⤵
  PID:6296
- C:\Windows\System\BDpMRQX.exe
  C:\Windows\System\BDpMRQX.exe
  2⤵
  PID:7124
- C:\Windows\System\aQNSGqS.exe
  C:\Windows\System\aQNSGqS.exe
  2⤵
  PID:6724
- C:\Windows\System\Mxgwllh.exe
  C:\Windows\System\Mxgwllh.exe
  2⤵
  PID:6732
- C:\Windows\System\rWCvTHN.exe
  C:\Windows\System\rWCvTHN.exe
  2⤵
  PID:6836
- C:\Windows\System\WrOOWbm.exe
  C:\Windows\System\WrOOWbm.exe
  2⤵
  PID:6640
- C:\Windows\System\hfDyVmj.exe
  C:\Windows\System\hfDyVmj.exe
  2⤵
  PID:7052
- C:\Windows\System\dmQBcqT.exe
  C:\Windows\System\dmQBcqT.exe
  2⤵
  PID:7120
- C:\Windows\System\YOvonGg.exe
  C:\Windows\System\YOvonGg.exe
  2⤵
  PID:7180
- C:\Windows\System\DpfrgAW.exe
  C:\Windows\System\DpfrgAW.exe
  2⤵
  PID:7196
- C:\Windows\System\EbjBghy.exe
  C:\Windows\System\EbjBghy.exe
  2⤵
  PID:7212
- C:\Windows\System\mcXtBAH.exe
  C:\Windows\System\mcXtBAH.exe
  2⤵
  PID:7228
- C:\Windows\System\ImwNKEv.exe
  C:\Windows\System\ImwNKEv.exe
  2⤵
  PID:7244
- C:\Windows\System\NAAYrOs.exe
  C:\Windows\System\NAAYrOs.exe
  2⤵
  PID:7264
- C:\Windows\System\EbvzFSl.exe
  C:\Windows\System\EbvzFSl.exe
  2⤵
  PID:7280
- C:\Windows\System\ncrMnoM.exe
  C:\Windows\System\ncrMnoM.exe
  2⤵
  PID:7296
- C:\Windows\System\RXKTGrn.exe
  C:\Windows\System\RXKTGrn.exe
  2⤵
  PID:7312
- C:\Windows\System\cqaeaFF.exe
  C:\Windows\System\cqaeaFF.exe
  2⤵
  PID:7328
- C:\Windows\System\ukzTbuo.exe
  C:\Windows\System\ukzTbuo.exe
  2⤵
  PID:7344
- C:\Windows\System\wsYamTH.exe
  C:\Windows\System\wsYamTH.exe
  2⤵
  PID:7360
- C:\Windows\System\YXrNHbX.exe
  C:\Windows\System\YXrNHbX.exe
  2⤵
  PID:7376
- C:\Windows\System\BPEVqVq.exe
  C:\Windows\System\BPEVqVq.exe
  2⤵
  PID:7392
- C:\Windows\System\qZXOCJW.exe
  C:\Windows\System\qZXOCJW.exe
  2⤵
  PID:7408
- C:\Windows\System\BheaKpz.exe
  C:\Windows\System\BheaKpz.exe
  2⤵
  PID:7424
- C:\Windows\System\QSiKxAw.exe
  C:\Windows\System\QSiKxAw.exe
  2⤵
  PID:7444
- C:\Windows\System\mFqfECw.exe
  C:\Windows\System\mFqfECw.exe
  2⤵
  PID:7460
- C:\Windows\System\UhxDrlM.exe
  C:\Windows\System\UhxDrlM.exe
  2⤵
  PID:7480
- C:\Windows\System\KOILWEx.exe
  C:\Windows\System\KOILWEx.exe
  2⤵
  PID:7496
- C:\Windows\System\lURuwSD.exe
  C:\Windows\System\lURuwSD.exe
  2⤵
  PID:7512
- C:\Windows\System\iROTnUo.exe
  C:\Windows\System\iROTnUo.exe
  2⤵
  PID:7584
- C:\Windows\System\ZfdDhNv.exe
  C:\Windows\System\ZfdDhNv.exe
  2⤵
  PID:7604
- C:\Windows\System\MgXkpGs.exe
  C:\Windows\System\MgXkpGs.exe
  2⤵
  PID:7620
- C:\Windows\System\JPSKoVn.exe
  C:\Windows\System\JPSKoVn.exe
  2⤵
  PID:7636
- C:\Windows\System\jWxuHix.exe
  C:\Windows\System\jWxuHix.exe
  2⤵
  PID:7652
- C:\Windows\System\kesLiCq.exe
  C:\Windows\System\kesLiCq.exe
  2⤵
  PID:7668
- C:\Windows\System\vPgeUfU.exe
  C:\Windows\System\vPgeUfU.exe
  2⤵
  PID:7684
- C:\Windows\System\modXxkj.exe
  C:\Windows\System\modXxkj.exe
  2⤵
  PID:7700
- C:\Windows\System\ZMVoejf.exe
  C:\Windows\System\ZMVoejf.exe
  2⤵
  PID:7716
- C:\Windows\System\vVqruVk.exe
  C:\Windows\System\vVqruVk.exe
  2⤵
  PID:7732
- C:\Windows\System\oECWIJA.exe
  C:\Windows\System\oECWIJA.exe
  2⤵
  PID:7748
- C:\Windows\System\pfuBLpU.exe
  C:\Windows\System\pfuBLpU.exe
  2⤵
  PID:7764
- C:\Windows\System\hhKygay.exe
  C:\Windows\System\hhKygay.exe
  2⤵
  PID:7780
- C:\Windows\System\teXFOdG.exe
  C:\Windows\System\teXFOdG.exe
  2⤵
  PID:7796
- C:\Windows\System\JSfhYkG.exe
  C:\Windows\System\JSfhYkG.exe
  2⤵
  PID:7812
- C:\Windows\System\TAUMSsg.exe
  C:\Windows\System\TAUMSsg.exe
  2⤵
  PID:7828
- C:\Windows\System\trxznVc.exe
  C:\Windows\System\trxznVc.exe
  2⤵
  PID:7844
- C:\Windows\System\UlULfyu.exe
  C:\Windows\System\UlULfyu.exe
  2⤵
  PID:7860
- C:\Windows\System\KcKliQw.exe
  C:\Windows\System\KcKliQw.exe
  2⤵
  PID:7932
- C:\Windows\System\boBtfzO.exe
  C:\Windows\System\boBtfzO.exe
  2⤵
  PID:7952
- C:\Windows\System\HvDVMAJ.exe
  C:\Windows\System\HvDVMAJ.exe
  2⤵
  PID:7968
- C:\Windows\System\aMcGSIE.exe
  C:\Windows\System\aMcGSIE.exe
  2⤵
  PID:7984
- C:\Windows\System\fjteUVH.exe
  C:\Windows\System\fjteUVH.exe
  2⤵
  PID:8000
- C:\Windows\System\lhjcqfm.exe
  C:\Windows\System\lhjcqfm.exe
  2⤵
  PID:8016
- C:\Windows\System\qAfkMHg.exe
  C:\Windows\System\qAfkMHg.exe
  2⤵
  PID:8032
- C:\Windows\System\XFFFaUp.exe
  C:\Windows\System\XFFFaUp.exe
  2⤵
  PID:8048
- C:\Windows\System\RBxIIka.exe
  C:\Windows\System\RBxIIka.exe
  2⤵
  PID:8064
- C:\Windows\System\RgfcpqA.exe
  C:\Windows\System\RgfcpqA.exe
  2⤵
  PID:8080
- C:\Windows\System\gUNMkOp.exe
  C:\Windows\System\gUNMkOp.exe
  2⤵
  PID:8100
- C:\Windows\System\mzkdAPo.exe
  C:\Windows\System\mzkdAPo.exe
  2⤵
  PID:8116
- C:\Windows\System\nkuQqPz.exe
  C:\Windows\System\nkuQqPz.exe
  2⤵
  PID:8132
- C:\Windows\System\uIVeQHT.exe
  C:\Windows\System\uIVeQHT.exe
  2⤵
  PID:8148
- C:\Windows\System\FLYNFfK.exe
  C:\Windows\System\FLYNFfK.exe
  2⤵
  PID:8164
- C:\Windows\System\gBKjwzh.exe
  C:\Windows\System\gBKjwzh.exe
  2⤵
  PID:8180
- C:\Windows\System\hHOAwUa.exe
  C:\Windows\System\hHOAwUa.exe
  2⤵
  PID:6432
- C:\Windows\System\aZKmAcv.exe
  C:\Windows\System\aZKmAcv.exe
  2⤵
  PID:7188
- C:\Windows\System\RyseMWF.exe
  C:\Windows\System\RyseMWF.exe
  2⤵
  PID:7204
- C:\Windows\System\idXGGIY.exe
  C:\Windows\System\idXGGIY.exe
  2⤵
  PID:7220
- C:\Windows\System\dexEdcJ.exe
  C:\Windows\System\dexEdcJ.exe
  2⤵
  PID:7276
- C:\Windows\System\VLqmRXN.exe
  C:\Windows\System\VLqmRXN.exe
  2⤵
  PID:7336
- C:\Windows\System\fDdQCsb.exe
  C:\Windows\System\fDdQCsb.exe
  2⤵
  PID:7324
- C:\Windows\System\XrMtjsD.exe
  C:\Windows\System\XrMtjsD.exe
  2⤵
  PID:7320
- C:\Windows\System\VxdoyIh.exe
  C:\Windows\System\VxdoyIh.exe
  2⤵
  PID:7400
- C:\Windows\System\BzGaZjt.exe
  C:\Windows\System\BzGaZjt.exe
  2⤵
  PID:7476
- C:\Windows\System\xwVJYgp.exe
  C:\Windows\System\xwVJYgp.exe
  2⤵
  PID:7504
- C:\Windows\System\KddvCfd.exe
  C:\Windows\System\KddvCfd.exe
  2⤵
  PID:7488
- C:\Windows\System\SRObPwi.exe
  C:\Windows\System\SRObPwi.exe
  2⤵
  PID:7532
- C:\Windows\System\DoCuhnD.exe
  C:\Windows\System\DoCuhnD.exe
  2⤵
  PID:7548
- C:\Windows\System\kFlSZCg.exe
  C:\Windows\System\kFlSZCg.exe
  2⤵
  PID:7564
- C:\Windows\System\vzoXzhz.exe
  C:\Windows\System\vzoXzhz.exe
  2⤵
  PID:7580
- C:\Windows\System\aWFXRQw.exe
  C:\Windows\System\aWFXRQw.exe
  2⤵
  PID:7612
- C:\Windows\System\uIAsHjd.exe
  C:\Windows\System\uIAsHjd.exe
  2⤵
  PID:7644
- C:\Windows\System\lzowNal.exe
  C:\Windows\System\lzowNal.exe
  2⤵
  PID:7660
- C:\Windows\System\RlDVqlf.exe
  C:\Windows\System\RlDVqlf.exe
  2⤵
  PID:7676
- C:\Windows\System\CKsbpyt.exe
  C:\Windows\System\CKsbpyt.exe
  2⤵
  PID:7740
- C:\Windows\System\feqjNll.exe
  C:\Windows\System\feqjNll.exe
  2⤵
  PID:7804
- C:\Windows\System\ktxHYMj.exe
  C:\Windows\System\ktxHYMj.exe
  2⤵
  PID:7788
- C:\Windows\System\UsqIveX.exe
  C:\Windows\System\UsqIveX.exe
  2⤵
  PID:7852
- C:\Windows\System\emTtlmD.exe
  C:\Windows\System\emTtlmD.exe
  2⤵
  PID:7876
- C:\Windows\System\MGoQFRW.exe
  C:\Windows\System\MGoQFRW.exe
  2⤵
  PID:7896
- C:\Windows\System\nUCzmaH.exe
  C:\Windows\System\nUCzmaH.exe
  2⤵
  PID:7912
- C:\Windows\System\pjXPyjK.exe
  C:\Windows\System\pjXPyjK.exe
  2⤵
  PID:7928
- C:\Windows\System\LFyJnUM.exe
  C:\Windows\System\LFyJnUM.exe
  2⤵
  PID:7948
- C:\Windows\System\VNjqCsS.exe
  C:\Windows\System\VNjqCsS.exe
  2⤵
  PID:7992
- C:\Windows\System\ZBKBTLN.exe
  C:\Windows\System\ZBKBTLN.exe
  2⤵
  PID:8008
- C:\Windows\System\sxjjpfZ.exe
  C:\Windows\System\sxjjpfZ.exe
  2⤵
  PID:8028
- C:\Windows\System\NPUKuoV.exe
  C:\Windows\System\NPUKuoV.exe
  2⤵
  PID:8072
- C:\Windows\System\igbBcVO.exe
  C:\Windows\System\igbBcVO.exe
  2⤵
  PID:8108
- C:\Windows\System\QguFwkC.exe
  C:\Windows\System\QguFwkC.exe
  2⤵
  PID:8156
- C:\Windows\System\QGcFRlU.exe
  C:\Windows\System\QGcFRlU.exe
  2⤵
  PID:8172
- C:\Windows\System\RHCfiFZ.exe
  C:\Windows\System\RHCfiFZ.exe
  2⤵
  PID:7236
- C:\Windows\System\cLtTXPo.exe
  C:\Windows\System\cLtTXPo.exe
  2⤵
  PID:7272
- C:\Windows\System\GvyvXHi.exe
  C:\Windows\System\GvyvXHi.exe
  2⤵
  PID:6268
- C:\Windows\System\YVRADIE.exe
  C:\Windows\System\YVRADIE.exe
  2⤵
  PID:7224
- C:\Windows\System\ldFLdvx.exe
  C:\Windows\System\ldFLdvx.exe
  2⤵
  PID:7292
- C:\Windows\System\QEYGQMd.exe
  C:\Windows\System\QEYGQMd.exe
  2⤵
  PID:7340
- C:\Windows\System\iKcYxAm.exe
  C:\Windows\System\iKcYxAm.exe
  2⤵
  PID:7404
- C:\Windows\System\qeIEQpu.exe
  C:\Windows\System\qeIEQpu.exe
  2⤵
  PID:7472
- C:\Windows\System\kjNWlpR.exe
  C:\Windows\System\kjNWlpR.exe
  2⤵
  PID:7560
- C:\Windows\System\kSEzjzj.exe
  C:\Windows\System\kSEzjzj.exe
  2⤵
  PID:7600
- C:\Windows\System\vcacAqI.exe
  C:\Windows\System\vcacAqI.exe
  2⤵
  PID:7628
- C:\Windows\System\UnKgSRC.exe
  C:\Windows\System\UnKgSRC.exe
  2⤵
  PID:7696
- C:\Windows\System\NDccIXB.exe
  C:\Windows\System\NDccIXB.exe
  2⤵
  PID:7836
- C:\Windows\System\hjYfNql.exe
  C:\Windows\System\hjYfNql.exe
  2⤵
  PID:7856
- C:\Windows\System\STDIOxx.exe
  C:\Windows\System\STDIOxx.exe
  2⤵
  PID:7940
- C:\Windows\System\XFiCXrS.exe
  C:\Windows\System\XFiCXrS.exe
  2⤵
  PID:7792
- C:\Windows\System\yreBdrn.exe
  C:\Windows\System\yreBdrn.exe
  2⤵
  PID:7960
- C:\Windows\System\amlqgHB.exe
  C:\Windows\System\amlqgHB.exe
  2⤵
  PID:8044
- C:\Windows\System\vNWertf.exe
  C:\Windows\System\vNWertf.exe
  2⤵
  PID:8188
- C:\Windows\System\wlrfeju.exe
  C:\Windows\System\wlrfeju.exe
  2⤵
  PID:7356
- C:\Windows\System\kRolNip.exe
  C:\Windows\System\kRolNip.exe
  2⤵
  PID:8088
- C:\Windows\System\VQgCtYe.exe
  C:\Windows\System\VQgCtYe.exe
  2⤵
  PID:7172
- C:\Windows\System\xchrmwh.exe
  C:\Windows\System\xchrmwh.exe
  2⤵
  PID:7260
- C:\Windows\System\pqHIzfT.exe
  C:\Windows\System\pqHIzfT.exe
  2⤵
  PID:7520
- C:\Windows\System\OQyNmsK.exe
  C:\Windows\System\OQyNmsK.exe
  2⤵
  PID:7808
- C:\Windows\System\wBdYONc.exe
  C:\Windows\System\wBdYONc.exe
  2⤵
  PID:7576
- C:\Windows\System\DTTXdwm.exe
  C:\Windows\System\DTTXdwm.exe
  2⤵
  PID:7884
- C:\Windows\System\jKFYKtx.exe
  C:\Windows\System\jKFYKtx.exe
  2⤵
  PID:7524
- C:\Windows\System\lQHuGAJ.exe
  C:\Windows\System\lQHuGAJ.exe
  2⤵
  PID:7908
- C:\Windows\System\lMAOGMx.exe
  C:\Windows\System\lMAOGMx.exe
  2⤵
  PID:8196
- C:\Windows\System\voebLUN.exe
  C:\Windows\System\voebLUN.exe
  2⤵
  PID:8216
- C:\Windows\System\YMFunft.exe
  C:\Windows\System\YMFunft.exe
  2⤵
  PID:8232
- C:\Windows\System\cEAhPRx.exe
  C:\Windows\System\cEAhPRx.exe
  2⤵
  PID:8248
- C:\Windows\System\ufytQgH.exe
  C:\Windows\System\ufytQgH.exe
  2⤵
  PID:8264
- C:\Windows\System\MkTUJYg.exe
  C:\Windows\System\MkTUJYg.exe
  2⤵
  PID:8280
- C:\Windows\System\eIedwoX.exe
  C:\Windows\System\eIedwoX.exe
  2⤵
  PID:8296
- C:\Windows\System\AlCueaJ.exe
  C:\Windows\System\AlCueaJ.exe
  2⤵
  PID:8312
- C:\Windows\System\nEbOePi.exe
  C:\Windows\System\nEbOePi.exe
  2⤵
  PID:8328
- C:\Windows\System\COYLyQW.exe
  C:\Windows\System\COYLyQW.exe
  2⤵
  PID:8344
- C:\Windows\System\yqqRQBb.exe
  C:\Windows\System\yqqRQBb.exe
  2⤵
  PID:8360
- C:\Windows\System\AyvqUjd.exe
  C:\Windows\System\AyvqUjd.exe
  2⤵
  PID:8376
- C:\Windows\System\xxhuxSB.exe
  C:\Windows\System\xxhuxSB.exe
  2⤵
  PID:8392
- C:\Windows\System\wqohqNf.exe
  C:\Windows\System\wqohqNf.exe
  2⤵
  PID:8408
- C:\Windows\System\kXfalgN.exe
  C:\Windows\System\kXfalgN.exe
  2⤵
  PID:8424
- C:\Windows\System\BWXmMEy.exe
  C:\Windows\System\BWXmMEy.exe
  2⤵
  PID:8440
- C:\Windows\System\YpHHXJq.exe
  C:\Windows\System\YpHHXJq.exe
  2⤵
  PID:8456
- C:\Windows\System\ZrrdtYw.exe
  C:\Windows\System\ZrrdtYw.exe
  2⤵
  PID:8472
- C:\Windows\System\DpLTVRp.exe
  C:\Windows\System\DpLTVRp.exe
  2⤵
  PID:8492
- C:\Windows\System\OfKWkAq.exe
  C:\Windows\System\OfKWkAq.exe
  2⤵
  PID:8508
- C:\Windows\System\EEFlTYo.exe
  C:\Windows\System\EEFlTYo.exe
  2⤵
  PID:8524
- C:\Windows\System\dQhydqk.exe
  C:\Windows\System\dQhydqk.exe
  2⤵
  PID:8540
- C:\Windows\System\UAWpOqR.exe
  C:\Windows\System\UAWpOqR.exe
  2⤵
  PID:8556
- C:\Windows\System\jWgLBIh.exe
  C:\Windows\System\jWgLBIh.exe
  2⤵
  PID:8572
- C:\Windows\System\jWzExgM.exe
  C:\Windows\System\jWzExgM.exe
  2⤵
  PID:8588
- C:\Windows\System\rVFuRrf.exe
  C:\Windows\System\rVFuRrf.exe
  2⤵
  PID:8604
- C:\Windows\System\csSpaKH.exe
  C:\Windows\System\csSpaKH.exe
  2⤵
  PID:8620
- C:\Windows\System\AxBJbvw.exe
  C:\Windows\System\AxBJbvw.exe
  2⤵
  PID:8636
- C:\Windows\System\JkJeKXK.exe
  C:\Windows\System\JkJeKXK.exe
  2⤵
  PID:8652
- C:\Windows\System\iBEZfxy.exe
  C:\Windows\System\iBEZfxy.exe
  2⤵
  PID:8668
- C:\Windows\System\sckkUww.exe
  C:\Windows\System\sckkUww.exe
  2⤵
  PID:8684
- C:\Windows\System\ZRRoAeR.exe
  C:\Windows\System\ZRRoAeR.exe
  2⤵
  PID:8700
- C:\Windows\System\RFWtcci.exe
  C:\Windows\System\RFWtcci.exe
  2⤵
  PID:8716
- C:\Windows\System\ctiIibS.exe
  C:\Windows\System\ctiIibS.exe
  2⤵
  PID:8732
- C:\Windows\System\IlhWFnM.exe
  C:\Windows\System\IlhWFnM.exe
  2⤵
  PID:8748
- C:\Windows\System\dbSiOej.exe
  C:\Windows\System\dbSiOej.exe
  2⤵
  PID:8764
- C:\Windows\System\UtRGzSL.exe
  C:\Windows\System\UtRGzSL.exe
  2⤵
  PID:8780
- C:\Windows\System\FSNoIex.exe
  C:\Windows\System\FSNoIex.exe
  2⤵
  PID:8796
- C:\Windows\System\iiuDQFw.exe
  C:\Windows\System\iiuDQFw.exe
  2⤵
  PID:8812
- C:\Windows\System\CtMvwCc.exe
  C:\Windows\System\CtMvwCc.exe
  2⤵
  PID:8828
- C:\Windows\System\xKgJFRC.exe
  C:\Windows\System\xKgJFRC.exe
  2⤵
  PID:8844
- C:\Windows\System\TNPOfQV.exe
  C:\Windows\System\TNPOfQV.exe
  2⤵
  PID:8860
- C:\Windows\System\asOhDes.exe
  C:\Windows\System\asOhDes.exe
  2⤵
  PID:8876
- C:\Windows\System\AoQYudU.exe
  C:\Windows\System\AoQYudU.exe
  2⤵
  PID:8892
- C:\Windows\System\HuEZxPE.exe
  C:\Windows\System\HuEZxPE.exe
  2⤵
  PID:8908
- C:\Windows\System\dmMatiL.exe
  C:\Windows\System\dmMatiL.exe
  2⤵
  PID:8924
- C:\Windows\System\duqYBuS.exe
  C:\Windows\System\duqYBuS.exe
  2⤵
  PID:8940
- C:\Windows\System\QxiDYJl.exe
  C:\Windows\System\QxiDYJl.exe
  2⤵
  PID:8956
- C:\Windows\System\jzpnTEw.exe
  C:\Windows\System\jzpnTEw.exe
  2⤵
  PID:8976
- C:\Windows\System\wjsHYHr.exe
  C:\Windows\System\wjsHYHr.exe
  2⤵
  PID:8992
- C:\Windows\System\PFNhxry.exe
  C:\Windows\System\PFNhxry.exe
  2⤵
  PID:9012
- C:\Windows\System\DjVgFQj.exe
  C:\Windows\System\DjVgFQj.exe
  2⤵
  PID:9028
- C:\Windows\System\AhEYLcW.exe
  C:\Windows\System\AhEYLcW.exe
  2⤵
  PID:9112
- C:\Windows\System\QimyKLG.exe
  C:\Windows\System\QimyKLG.exe
  2⤵
  PID:9136
- C:\Windows\System\KhbKZYz.exe
  C:\Windows\System\KhbKZYz.exe
  2⤵
  PID:9152
- C:\Windows\System\OUndYUe.exe
  C:\Windows\System\OUndYUe.exe
  2⤵
  PID:9168
- C:\Windows\System\lJaFFxU.exe
  C:\Windows\System\lJaFFxU.exe
  2⤵
  PID:9184
- C:\Windows\System\ovMeGnf.exe
  C:\Windows\System\ovMeGnf.exe
  2⤵
  PID:9200
- C:\Windows\System\QABPEgB.exe
  C:\Windows\System\QABPEgB.exe
  2⤵
  PID:8128
- C:\Windows\System\uURsZkP.exe
  C:\Windows\System\uURsZkP.exe
  2⤵
  PID:7176
- C:\Windows\System\pDVSYwY.exe
  C:\Windows\System\pDVSYwY.exe
  2⤵
  PID:8096
- C:\Windows\System\WgodxQf.exe
  C:\Windows\System\WgodxQf.exe
  2⤵
  PID:7556
- C:\Windows\System\EnDjHNN.exe
  C:\Windows\System\EnDjHNN.exe
  2⤵
  PID:8024
- C:\Windows\System\UoZjBNG.exe
  C:\Windows\System\UoZjBNG.exe
  2⤵
  PID:7288
- C:\Windows\System\AANnbKS.exe
  C:\Windows\System\AANnbKS.exe
  2⤵
  PID:7904
- C:\Windows\System\xUZUcjI.exe
  C:\Windows\System\xUZUcjI.exe
  2⤵
  PID:8256
- C:\Windows\System\dKjlueM.exe
  C:\Windows\System\dKjlueM.exe
  2⤵
  PID:8292
- C:\Windows\System\smkshVU.exe
  C:\Windows\System\smkshVU.exe
  2⤵
  PID:8272
- C:\Windows\System\OmuEdho.exe
  C:\Windows\System\OmuEdho.exe
  2⤵
  PID:8308
- C:\Windows\System\HprSoaV.exe
  C:\Windows\System\HprSoaV.exe
  2⤵
  PID:8388
- C:\Windows\System\HBCagHc.exe
  C:\Windows\System\HBCagHc.exe
  2⤵
  PID:8452
- C:\Windows\System\upXpPNW.exe
  C:\Windows\System\upXpPNW.exe
  2⤵
  PID:8484
- C:\Windows\System\OauXKSb.exe
  C:\Windows\System\OauXKSb.exe
  2⤵
  PID:8340
- C:\Windows\System\OKGZZiK.exe
  C:\Windows\System\OKGZZiK.exe
  2⤵
  PID:8616
- C:\Windows\System\GOgzwYm.exe
  C:\Windows\System\GOgzwYm.exe
  2⤵
  PID:8404
- C:\Windows\System\erFXscM.exe
  C:\Windows\System\erFXscM.exe
  2⤵
  PID:8468
- C:\Windows\System\KlPGJmR.exe
  C:\Windows\System\KlPGJmR.exe
  2⤵
  PID:8536
- C:\Windows\System\KwuHmSP.exe
  C:\Windows\System\KwuHmSP.exe
  2⤵
  PID:8600
- C:\Windows\System\KpbapsP.exe
  C:\Windows\System\KpbapsP.exe
  2⤵
  PID:8680
- C:\Windows\System\cuWEkxi.exe
  C:\Windows\System\cuWEkxi.exe
  2⤵
  PID:8696
- C:\Windows\System\ePNrmeT.exe
  C:\Windows\System\ePNrmeT.exe
  2⤵
  PID:8760
- C:\Windows\System\RCaWOOd.exe
  C:\Windows\System\RCaWOOd.exe
  2⤵
  PID:8712
- C:\Windows\System\FooIyCc.exe
  C:\Windows\System\FooIyCc.exe
  2⤵
  PID:8740
- C:\Windows\System\rqjDlNU.exe
  C:\Windows\System\rqjDlNU.exe
  2⤵
  PID:8836
- C:\Windows\System\tVIaTQG.exe
  C:\Windows\System\tVIaTQG.exe
  2⤵
  PID:8872
- C:\Windows\System\vveLNDx.exe
  C:\Windows\System\vveLNDx.exe
  2⤵
  PID:8936
- C:\Windows\System\cVRHBka.exe
  C:\Windows\System\cVRHBka.exe
  2⤵
  PID:8856
- C:\Windows\System\foZOaiR.exe
  C:\Windows\System\foZOaiR.exe
  2⤵
  PID:8952
- C:\Windows\System\aLFSAyG.exe
  C:\Windows\System\aLFSAyG.exe
  2⤵
  PID:9000
- C:\Windows\System\GFxElJG.exe
  C:\Windows\System\GFxElJG.exe
  2⤵
  PID:9036
- C:\Windows\System\ebJsjtS.exe
  C:\Windows\System\ebJsjtS.exe
  2⤵
  PID:8144
- C:\Windows\System\buirBoZ.exe
  C:\Windows\System\buirBoZ.exe
  2⤵
  PID:9052
- C:\Windows\System\AKvKLaJ.exe
  C:\Windows\System\AKvKLaJ.exe
  2⤵
  PID:9068
- C:\Windows\System\LrcLCOj.exe
  C:\Windows\System\LrcLCOj.exe
  2⤵
  PID:9088
- C:\Windows\System\xXugSga.exe
  C:\Windows\System\xXugSga.exe
  2⤵
  PID:9096
- C:\Windows\System\MSehgFb.exe
  C:\Windows\System\MSehgFb.exe
  2⤵
  PID:9176
- C:\Windows\System\NkoPbOx.exe
  C:\Windows\System\NkoPbOx.exe
  2⤵
  PID:9120
- C:\Windows\System\DRjbZmD.exe
  C:\Windows\System\DRjbZmD.exe
  2⤵
  PID:9160
- C:\Windows\System\bOhPOru.exe
  C:\Windows\System\bOhPOru.exe
  2⤵
  PID:7528
- C:\Windows\System\lDkGtpR.exe
  C:\Windows\System\lDkGtpR.exe
  2⤵
  PID:8092
- C:\Windows\System\zltsExt.exe
  C:\Windows\System\zltsExt.exe
  2⤵
  PID:8288
- C:\Windows\System\YBGqAvg.exe
  C:\Windows\System\YBGqAvg.exe
  2⤵
  PID:8304
- C:\Windows\System\ZkKfTVp.exe
  C:\Windows\System\ZkKfTVp.exe
  2⤵
  PID:8520
- C:\Windows\System\lAznTRJ.exe
  C:\Windows\System\lAznTRJ.exe
  2⤵
  PID:8224
- C:\Windows\System\yEWRUhU.exe
  C:\Windows\System\yEWRUhU.exe
  2⤵
  PID:8352
- C:\Windows\System\HCGzHTJ.exe
  C:\Windows\System\HCGzHTJ.exe
  2⤵
  PID:8612
- C:\Windows\System\lNEDzLB.exe
  C:\Windows\System\lNEDzLB.exe
  2⤵
  PID:8532
- C:\Windows\System\pqSEZAv.exe
  C:\Windows\System\pqSEZAv.exe
  2⤵
  PID:8464
- C:\Windows\System\WdAXFIP.exe
  C:\Windows\System\WdAXFIP.exe
  2⤵
  PID:8728
- C:\Windows\System\BQRikpD.exe
  C:\Windows\System\BQRikpD.exe
  2⤵
  PID:8776
- C:\Windows\System\rSoIcuK.exe
  C:\Windows\System\rSoIcuK.exe
  2⤵
  PID:8804
- C:\Windows\System\xBVhdlW.exe
  C:\Windows\System\xBVhdlW.exe
  2⤵
  PID:2076
- C:\Windows\System\KvkMUUU.exe
  C:\Windows\System\KvkMUUU.exe
  2⤵
  PID:8904
- C:\Windows\System\JlhlcBr.exe
  C:\Windows\System\JlhlcBr.exe
  2⤵
  PID:2596
- C:\Windows\System\lPrAMQZ.exe
  C:\Windows\System\lPrAMQZ.exe
  2⤵
  PID:9024
- C:\Windows\System\MkDOEsn.exe
  C:\Windows\System\MkDOEsn.exe
  2⤵
  PID:8888
- C:\Windows\System\YLPlDyx.exe
  C:\Windows\System\YLPlDyx.exe
  2⤵
  PID:9040
- C:\Windows\System\rDtUsjB.exe
  C:\Windows\System\rDtUsjB.exe
  2⤵
  PID:9104
- C:\Windows\System\tGFvTIN.exe
  C:\Windows\System\tGFvTIN.exe
  2⤵
  PID:9148
- C:\Windows\System\kZulTTW.exe
  C:\Windows\System\kZulTTW.exe
  2⤵
  PID:7416
- C:\Windows\System\ziTRjgD.exe
  C:\Windows\System\ziTRjgD.exe
  2⤵
  PID:7712
- C:\Windows\System\PUYQazb.exe
  C:\Windows\System\PUYQazb.exe
  2⤵
  PID:8448
- C:\Windows\System\GpcVKtp.exe
  C:\Windows\System\GpcVKtp.exe
  2⤵
  PID:7920
- C:\Windows\System\QxtJTqv.exe
  C:\Windows\System\QxtJTqv.exe
  2⤵
  PID:8676
- C:\Windows\System\xNKUkwd.exe
  C:\Windows\System\xNKUkwd.exe
  2⤵
  PID:8336
- C:\Windows\System\iRDOHiE.exe
  C:\Windows\System\iRDOHiE.exe
  2⤵
  PID:8648
- C:\Windows\System\NQSbnsF.exe
  C:\Windows\System\NQSbnsF.exe
  2⤵
  PID:2088
- C:\Windows\System\TiKAFXd.exe
  C:\Windows\System\TiKAFXd.exe
  2⤵
  PID:9064
- C:\Windows\System\RtjqwrM.exe
  C:\Windows\System\RtjqwrM.exe
  2⤵
  PID:2648
- C:\Windows\System\GvYUyzY.exe
  C:\Windows\System\GvYUyzY.exe
  2⤵
  PID:9192
- C:\Windows\System\OPyAlCd.exe
  C:\Windows\System\OPyAlCd.exe
  2⤵
  PID:9084
- C:\Windows\System\ZZnxiXw.exe
  C:\Windows\System\ZZnxiXw.exe
  2⤵
  PID:8420
- C:\Windows\System\hIOmCDy.exe
  C:\Windows\System\hIOmCDy.exe
  2⤵
  PID:8664
- C:\Windows\System\bjZVpva.exe
  C:\Windows\System\bjZVpva.exe
  2⤵
  PID:8504
- C:\Windows\System\QnNBbYc.exe
  C:\Windows\System\QnNBbYc.exe
  2⤵
  PID:8984
- C:\Windows\System\TnITFtW.exe
  C:\Windows\System\TnITFtW.exe
  2⤵
  PID:9224
- C:\Windows\System\qoDiRjc.exe
  C:\Windows\System\qoDiRjc.exe
  2⤵
  PID:9240
- C:\Windows\System\yFVWFsj.exe
  C:\Windows\System\yFVWFsj.exe
  2⤵
  PID:9256
- C:\Windows\System\IgNgRQo.exe
  C:\Windows\System\IgNgRQo.exe
  2⤵
  PID:9276
- C:\Windows\System\uBeSXIr.exe
  C:\Windows\System\uBeSXIr.exe
  2⤵
  PID:9292
- C:\Windows\System\inxOrnT.exe
  C:\Windows\System\inxOrnT.exe
  2⤵
  PID:9308
- C:\Windows\System\AzFtFub.exe
  C:\Windows\System\AzFtFub.exe
  2⤵
  PID:9324
- C:\Windows\System\ZuGrtgy.exe
  C:\Windows\System\ZuGrtgy.exe
  2⤵
  PID:9340
- C:\Windows\System\BPoGJzo.exe
  C:\Windows\System\BPoGJzo.exe
  2⤵
  PID:9356
- C:\Windows\System\yaWFUmZ.exe
  C:\Windows\System\yaWFUmZ.exe
  2⤵
  PID:9372
- C:\Windows\System\LwpaElM.exe
  C:\Windows\System\LwpaElM.exe
  2⤵
  PID:9388
- C:\Windows\System\xRolYrV.exe
  C:\Windows\System\xRolYrV.exe
  2⤵
  PID:9404
- C:\Windows\System\FVRhSwm.exe
  C:\Windows\System\FVRhSwm.exe
  2⤵
  PID:9420
- C:\Windows\System\NcnUIon.exe
  C:\Windows\System\NcnUIon.exe
  2⤵
  PID:9436
- C:\Windows\System\rDaaZru.exe
  C:\Windows\System\rDaaZru.exe
  2⤵
  PID:9452
- C:\Windows\System\WemCfZM.exe
  C:\Windows\System\WemCfZM.exe
  2⤵
  PID:9468
- C:\Windows\System\ecHHAFI.exe
  C:\Windows\System\ecHHAFI.exe
  2⤵
  PID:9484
- C:\Windows\System\aRQqqfF.exe
  C:\Windows\System\aRQqqfF.exe
  2⤵
  PID:9500
- C:\Windows\System\MMFyOrT.exe
  C:\Windows\System\MMFyOrT.exe
  2⤵
  PID:9516
- C:\Windows\System\EFDOpJX.exe
  C:\Windows\System\EFDOpJX.exe
  2⤵
  PID:9532
- C:\Windows\System\jfNiLAV.exe
  C:\Windows\System\jfNiLAV.exe
  2⤵
  PID:9548
- C:\Windows\System\iXNeWyh.exe
  C:\Windows\System\iXNeWyh.exe
  2⤵
  PID:9572
- C:\Windows\System\egeiEys.exe
  C:\Windows\System\egeiEys.exe
  2⤵
  PID:9592
- C:\Windows\System\nrXdESE.exe
  C:\Windows\System\nrXdESE.exe
  2⤵
  PID:9608
- C:\Windows\System\uSsiQND.exe
  C:\Windows\System\uSsiQND.exe
  2⤵
  PID:9624
- C:\Windows\System\LXHXxat.exe
  C:\Windows\System\LXHXxat.exe
  2⤵
  PID:9640
- C:\Windows\System\WrUBiKL.exe
  C:\Windows\System\WrUBiKL.exe
  2⤵
  PID:9656
- C:\Windows\System\GWmskby.exe
  C:\Windows\System\GWmskby.exe
  2⤵
  PID:9672
- C:\Windows\System\SkQfYPP.exe
  C:\Windows\System\SkQfYPP.exe
  2⤵
  PID:9688
- C:\Windows\System\KcpCaGF.exe
  C:\Windows\System\KcpCaGF.exe
  2⤵
  PID:9704
- C:\Windows\System\ghhbvjv.exe
  C:\Windows\System\ghhbvjv.exe
  2⤵
  PID:9720
- C:\Windows\System\lSfxKQV.exe
  C:\Windows\System\lSfxKQV.exe
  2⤵
  PID:9736
- C:\Windows\System\chnXHGv.exe
  C:\Windows\System\chnXHGv.exe
  2⤵
  PID:9760
- C:\Windows\System\pTSrTHl.exe
  C:\Windows\System\pTSrTHl.exe
  2⤵
  PID:9776
- C:\Windows\System\uGIorbY.exe
  C:\Windows\System\uGIorbY.exe
  2⤵
  PID:9792
- C:\Windows\System\gYJIxZH.exe
  C:\Windows\System\gYJIxZH.exe
  2⤵
  PID:9808
- C:\Windows\System\EVCGQJe.exe
  C:\Windows\System\EVCGQJe.exe
  2⤵
  PID:9824
- C:\Windows\System\ryhApFw.exe
  C:\Windows\System\ryhApFw.exe
  2⤵
  PID:9840
- C:\Windows\System\KnfoLyT.exe
  C:\Windows\System\KnfoLyT.exe
  2⤵
  PID:9856
- C:\Windows\System\fmYvVlK.exe
  C:\Windows\System\fmYvVlK.exe
  2⤵
  PID:9872
- C:\Windows\System\mkvzuJp.exe
  C:\Windows\System\mkvzuJp.exe
  2⤵
  PID:9888
- C:\Windows\System\fYFfvbf.exe
  C:\Windows\System\fYFfvbf.exe
  2⤵
  PID:9908
- C:\Windows\System\xeSMtUV.exe
  C:\Windows\System\xeSMtUV.exe
  2⤵
  PID:9924
- C:\Windows\System\rzmjxdu.exe
  C:\Windows\System\rzmjxdu.exe
  2⤵
  PID:9940
- C:\Windows\System\XRqlvvX.exe
  C:\Windows\System\XRqlvvX.exe
  2⤵
  PID:9956
- C:\Windows\System\fPCGclv.exe
  C:\Windows\System\fPCGclv.exe
  2⤵
  PID:9972
- C:\Windows\System\LWRUgOE.exe
  C:\Windows\System\LWRUgOE.exe
  2⤵
  PID:9988
- C:\Windows\System\WAVlJCX.exe
  C:\Windows\System\WAVlJCX.exe
  2⤵
  PID:10004
- C:\Windows\System\YlCJcyD.exe
  C:\Windows\System\YlCJcyD.exe
  2⤵
  PID:10020
- C:\Windows\System\CUBwRux.exe
  C:\Windows\System\CUBwRux.exe
  2⤵
  PID:10036
- C:\Windows\System\ZosOAkJ.exe
  C:\Windows\System\ZosOAkJ.exe
  2⤵
  PID:10052
- C:\Windows\System\zkbvQfj.exe
  C:\Windows\System\zkbvQfj.exe
  2⤵
  PID:10068
- C:\Windows\System\aDXjJbP.exe
  C:\Windows\System\aDXjJbP.exe
  2⤵
  PID:10084
- C:\Windows\System\hlyZpAR.exe
  C:\Windows\System\hlyZpAR.exe
  2⤵
  PID:10100
- C:\Windows\System\bDkcdPR.exe
  C:\Windows\System\bDkcdPR.exe
  2⤵
  PID:10116
- C:\Windows\System\IXcNixy.exe
  C:\Windows\System\IXcNixy.exe
  2⤵
  PID:10132
- C:\Windows\System\UqUZuVO.exe
  C:\Windows\System\UqUZuVO.exe
  2⤵
  PID:10148
- C:\Windows\System\vCYmbHB.exe
  C:\Windows\System\vCYmbHB.exe
  2⤵
  PID:10164
- C:\Windows\System\aEDdRnT.exe
  C:\Windows\System\aEDdRnT.exe
  2⤵
  PID:10180
- C:\Windows\System\qCITmWg.exe
  C:\Windows\System\qCITmWg.exe
  2⤵
  PID:10196
- C:\Windows\System\rdoweUA.exe
  C:\Windows\System\rdoweUA.exe
  2⤵
  PID:10212
- C:\Windows\System\TYiMBiz.exe
  C:\Windows\System\TYiMBiz.exe
  2⤵
  PID:10228
- C:\Windows\System\MVNGGqw.exe
  C:\Windows\System\MVNGGqw.exe
  2⤵
  PID:2160
- C:\Windows\System\ziJWtUF.exe
  C:\Windows\System\ziJWtUF.exe
  2⤵
  PID:8916
- C:\Windows\System\sweoQaY.exe
  C:\Windows\System\sweoQaY.exe
  2⤵
  PID:8596
- C:\Windows\System\jfqnPOO.exe
  C:\Windows\System\jfqnPOO.exe
  2⤵
  PID:9300
- C:\Windows\System\hKYPGyL.exe
  C:\Windows\System\hKYPGyL.exe
  2⤵
  PID:2840
- C:\Windows\System\utrpnEf.exe
  C:\Windows\System\utrpnEf.exe
  2⤵
  PID:9368
- C:\Windows\System\jcpqVPX.exe
  C:\Windows\System\jcpqVPX.exe
  2⤵
  PID:9432
- C:\Windows\System\dHvhqAj.exe
  C:\Windows\System\dHvhqAj.exe
  2⤵
  PID:8692
- C:\Windows\System\vmvSfAb.exe
  C:\Windows\System\vmvSfAb.exe
  2⤵
  PID:9556
- C:\Windows\System\xZQPMKg.exe
  C:\Windows\System\xZQPMKg.exe
  2⤵
  PID:8040
- C:\Windows\System\dfnooph.exe
  C:\Windows\System\dfnooph.exe
  2⤵
  PID:9568
- C:\Windows\System\rOEhxYr.exe
  C:\Windows\System\rOEhxYr.exe
  2⤵
  PID:8372
- C:\Windows\System\lIIOHUN.exe
  C:\Windows\System\lIIOHUN.exe
  2⤵
  PID:9252
- C:\Windows\System\URZaHkt.exe
  C:\Windows\System\URZaHkt.exe
  2⤵
  PID:9320
- C:\Windows\System\tAuxWtE.exe
  C:\Windows\System\tAuxWtE.exe
  2⤵
  PID:9384
- C:\Windows\System\AeCxeRh.exe
  C:\Windows\System\AeCxeRh.exe
  2⤵
  PID:9448
- C:\Windows\System\TMnyPBM.exe
  C:\Windows\System\TMnyPBM.exe
  2⤵
  PID:9512
- C:\Windows\System\JAlLoVe.exe
  C:\Windows\System\JAlLoVe.exe
  2⤵
  PID:9632
- C:\Windows\System\goEBXtM.exe
  C:\Windows\System\goEBXtM.exe
  2⤵
  PID:9588
- C:\Windows\System\XPOLnKL.exe
  C:\Windows\System\XPOLnKL.exe
  2⤵
  PID:9696
- C:\Windows\System\ytdIYqC.exe
  C:\Windows\System\ytdIYqC.exe
  2⤵
  PID:9712
- C:\Windows\System\chScIda.exe
  C:\Windows\System\chScIda.exe
  2⤵
  PID:9680
- C:\Windows\System\xxPLcKB.exe
  C:\Windows\System\xxPLcKB.exe
  2⤵
  PID:9748
- C:\Windows\System\bCIRtyQ.exe
  C:\Windows\System\bCIRtyQ.exe
  2⤵
  PID:9800
- C:\Windows\System\tnOjFUt.exe
  C:\Windows\System\tnOjFUt.exe
  2⤵
  PID:9864
- C:\Windows\System\LYVbMan.exe
  C:\Windows\System\LYVbMan.exe
  2⤵
  PID:9816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BNwLmze.exe

Filesize
6.0MB

MD5
fe4ebbe228e95a9513dca65760f3047e

SHA1
366c12ee9feb65f491f2c5fc8189c773a4a9ff03

SHA256
bb4b1df1dd5b3071d3ffc2188e2938f5ac6a3dba171da86731dbda2c3ba43fb3

SHA512
c648a8758e0ec7b7f4c37558b4183dd331e7c535d0fc090f2bab6714ff36c7e39addf2e62f591f8a82dc972736a7da80955b1d9666b0cbf37fbb759358aa2af8

Download Submit
C:\Windows\system\GxwLVzI.exe

Filesize
6.0MB

MD5
e084af08ef99a691c21f860dbf953606

SHA1
260105ce1d87c1acdd1ac3ec2bfc6179d5c6c3eb

SHA256
04eca09d2cc9aede70553592290ea51e18294def80e5750bd3264279be632412

SHA512
f55da66d204ca4e4ecb069363a4fa280fb0bce58b7197d7a074d8cfe21902d997ff7dc3fda8bfffd6a04d45cd182b5fc702616d6a5ee9e92fe4f128e3850fc26

Download Submit
C:\Windows\system\IbONCrd.exe

Filesize
6.0MB

MD5
24dcd4c1856439fa23aa66b58bca7455

SHA1
621a5e1bcf6afb9c77a1fe22322452a03f1bf7ca

SHA256
15accf7697b4d2062ed15b21a0174201a2f7b66f7a4da73ec4486883289d42e4

SHA512
2d702b931f18465d131a232cfe5250f2ea5877e11b6732be9ffe7e47e8bf1825dc6d7078ef93b58f6d64a6e211815a472b3aca169733cf08a6db910c080351e9

Download Submit
C:\Windows\system\JmqhuDQ.exe

Filesize
6.0MB

MD5
60713424a70e0aa2fd5bcede56c99d39

SHA1
04b14f83feabf4886c00be27cdb5f115c5b1018c

SHA256
13ac36ac31c18109ef8c6a91912b5f7e9004d2e6f4dc961f881d80e3b95dc7f2

SHA512
0557b4434d8196ca3df4f8e1115f13f0f8a8549fefc85d1dbb5b529f1fd088252a48606269f5fa80fcfae17a3c781ffa89667ae482834df0a7cfc8c680e8b922

Download Submit
C:\Windows\system\NJeRCgZ.exe

Filesize
6.0MB

MD5
2e4e95e9616efcf44872309f3ea512ed

SHA1
c41ef3850f6bfa69657c080078e174dd61510f94

SHA256
1dea3386bf65228ab17d8b018e7c7cc74a983e00b3ad16b26ab81050a6d5ae31

SHA512
0c46dcbcf5f456dfb39497c11ab1f3b1cb338e09c981c86ae786e5a8d6b0a45b48c2298a11b9375aec9693c526e06c14482f4213bac96c3423c9ceaa0f4c89a6

Download Submit
C:\Windows\system\PgXnqgU.exe

Filesize
6.0MB

MD5
091c38df2636d0145f7aafc86feb42a6

SHA1
3ae17fc7ea12d874d6040e1a0c8de6cd3d618fa7

SHA256
b53b3eee54ff10a51211d5189a2f12d545aa12d00e1660a3011559b708b1a19d

SHA512
4e0cc5a3f76a01b1def413417f9e1bcacea973ee39cbb14389d6154c2fa2dc34cf4eb64ba02cd90c1be24507164d69fe2448894385cd1942f26b1ba507ee3424

Download Submit
C:\Windows\system\QDBCsZz.exe

Filesize
6.0MB

MD5
d0f34f59c60034e8103d0c0183194667

SHA1
626929e376fa36fd82875fb327005c15c49b18cc

SHA256
6ae209a9f9977bb4ff180243818d330c53f20dbbbd52f63990d0830509735ce4

SHA512
426c5ebd8cd57b072d84ca20c0d3bf4290bbf27c7cc80953999fc6fdb5e06f9ccea263e8cd143c7dbf23e74d586f16ed6fb8ec38a6dc51bde0a66ba1b5c9e288

Download Submit
C:\Windows\system\RkVvbXA.exe

Filesize
6.0MB

MD5
f14898eefd1cd1ef9b773077f3020a13

SHA1
1b222859c0fc3789cb38a3c41f10c68e489f0847

SHA256
c9aa2124a5cce219c8666a4d0b78401a62a205ba0e5a0573f3252c5fa5b1fb79

SHA512
3d81a7c130508640ad7d67acbf63599c2df7aab3de18c3906c7b8c68fe78b12fd2abb1b7e73e3a3332e8f3e2821ee7e72bdd79a33f7d92f0c5d752ebdb4a56f4

Download Submit
C:\Windows\system\UdmERKv.exe

Filesize
6.0MB

MD5
a6cd5738c5d36decb0de05a909cfc0a5

SHA1
d31973f5857a3197549f686872c3c0660c606e76

SHA256
4e0783a5495223b03e266582ac49fc1dd6a9b145c33d7190ca3334cfedd9adba

SHA512
f78957497ea9c370f9fcd39ddda13ae4493cbb9be5f52eb983ed7625c91bd20b972b9fbb9bde158ef8ac2a86d94c5204b95a1e0aad5bdaccf0de95482cb8fa66

Download Submit
C:\Windows\system\VYBfceI.exe

Filesize
6.0MB

MD5
2f73f93d451762b6aa45cc822e339252

SHA1
618e654463a8c29921db85be2632019c1a081973

SHA256
914cd22dbe01b1321d9503d09bb1ded7d3a28ae371da1077538fa6129fd10819

SHA512
16ed6ba60d70f487350230d2803090e7073fe2cbda7720ca1474fac9966d657faca65e82690d531b70288b057583939a5abf9382ce619fdf20fcbec9d34ae9cf

Download Submit
C:\Windows\system\WhzWrAJ.exe

Filesize
6.0MB

MD5
1b524bff5adb6496e53eecd64c142d61

SHA1
ba45afbbf2e21792a400ae9334f9b0e028798a6c

SHA256
e31c4a1a5ca426f27c22f0664d5c4169288ff8787fec175b3d5adb7094afdf7d

SHA512
453dae81b42b7826fedb76c02396b3266ac8b925ed6ce760c51876fbc9abb7d583e4032c172b98721d092f2f9c9cb6a0f186c6fbbc0849b403483f53a3ac36f0

Download Submit
C:\Windows\system\XAbJaJA.exe

Filesize
6.0MB

MD5
6715972a5f002717e7308911563d979e

SHA1
705c74ae1dc985ee77c8167310869f5ddcf12b82

SHA256
65dc840420a9f52a15e52a0f6125a94a9b28d0a789f887105bf7feecb1d9b14b

SHA512
212d85585959eda1320cbdbe26ec32c2c1303f98063445f49b040dc2e159c2c8d9947d2e8d061c2bfd6eb09da21de2f57021009a0204278ae39a0a5186d79a9d

Download Submit
C:\Windows\system\brVrhNb.exe

Filesize
6.0MB

MD5
5d48d7bf89af55e1c9f165f00966f174

SHA1
667ac3c93438f32ed62f875a579d691ba1a5deb0

SHA256
b378ea0663c558bff21ad319c3f46c339ff314b3cfd3f600b6f9ac48db3cc5d3

SHA512
d88d59082f2078e91c125e9eff4172a4e737f4ac25a52d5998812779a6caaf9dd4799622cd43bbbc8dc6e5b685057e4abc8eabdfc579fb1bd3d809ab000513d0

Download Submit
C:\Windows\system\dxTuhKg.exe

Filesize
6.0MB

MD5
d6d2398083c99d57caf76aeef4df9b2e

SHA1
b372513abb81ecca3a9502a075a14a01b3f3f4c7

SHA256
d5f7a26d3b8cec77cb1f1766f5ce57f275205008839b8924cf898306c5ae3b0d

SHA512
741ca75d9b75ea17ebfc29e6c7716e98622e3e0492f3ad521492444a5daa9af52a2944a020312ba0cdbc8af0eaae7f3cf0cdeec5b429b81d8f0cf9313be40ce3

Download Submit
C:\Windows\system\hMRHnVo.exe

Filesize
6.0MB

MD5
72ced290c771583e72c9e6bc029ddd7b

SHA1
7bcc860d97506465e1f9158b8731862e1d669d88

SHA256
3eb2c008475f0e704c79e64c297edb4dae70e13544f2c632e7cb8812777c4201

SHA512
1387aa6d226687a5c7cfdbf52b4ef352a0f1203a58ce04d799c590bdcbb713a1cd991e845c35f59887e3404b5756ec0afaa73096515b5b0c1da11b509ab1a7b3

Download Submit
C:\Windows\system\iGjLHnd.exe

Filesize
6.0MB

MD5
935ca34c66da71a4e33b458b926d8730

SHA1
a55fbbcde53c50d7eccd84a4764976ba1d90011a

SHA256
2483bf08c41016ef65772cbffa5697a5666915b96aa60664f172c40bf3992a03

SHA512
ffe2f8dec4dde9210acb85a2b0830dc8409c15c5325db734238b77cc04a339a455c705db105cfaae2bc1d8be2633e67cd896ace8a0eac6f9fac9ff9d7d06c975

Download Submit
C:\Windows\system\lMEPSur.exe

Filesize
6.0MB

MD5
bc87b7316eaaec273c1c48c7a8035f16

SHA1
ec0cbbc8d3fad6eb1889c899bd78f00bb0c6e881

SHA256
74d7bac0c2f0494eddbc2619372ca4b3d9ed0111a5067fff6d4a67e792e0b0c9

SHA512
8ea0a9071755ee7ee880b10bfb5b884bb94345ce2a9b63a96e19e1423cdae02554e773ffbf1c5187bf9d02cf906885955fb9732dcc98eb7f9b2805008b3c39bf

Download Submit
C:\Windows\system\mKXyCim.exe

Filesize
6.0MB

MD5
796a3a7f6a5c98e4107215806cba2e4a

SHA1
5edf8881cbf4a49b4621c484aae3db29ef0218b3

SHA256
4a2296ed7052d4616c9aa9a5537549ca63fa93bb20060db832c59971ada09d78

SHA512
6315363315602bec93cbfbc3eb9d4663d6a32eed96dbceed8c12c105d2b8123a241dc857774ffede7d1e7ccfeba0134a034d4cd320ebfb4a2b46d33f8827fe0a

Download Submit
C:\Windows\system\rUDNOfi.exe

Filesize
6.0MB

MD5
abc97eadff0805d7cf0415acf6597e1f

SHA1
ae8fc11cacb8e5f72642d9ce5aeb1c0d25ca294f

SHA256
634fabd09c80d9652a5540cc612fb4fe226c39b8b53346237d8e3efbe2647184

SHA512
0e58502c833a9d85d8d961937670b38cf52359d512bb249908ec47f04e7d0664a006b220cc47a764e601ef1d42fe2ba520d26f29bd60cdde0d85426f0d9aef01

Download Submit
C:\Windows\system\sIpejiu.exe

Filesize
6.0MB

MD5
82d17470d8647e77455888c37c25a798

SHA1
3e0faab9d6f2933e650d1b398202167913e34854

SHA256
24d0a3b0921992775e4c1b8e210c907df6952c1781c5a428fd6bd17c66c6d0d4

SHA512
4704ac5cae75a750a68261495b6c735c21a399156eb395306417a78bfc48cd534e99eaac131bfc0146c6aa11a92c9b052400091e403cc9651ed883cc761b8b06

Download Submit
C:\Windows\system\tdDeXkU.exe

Filesize
6.0MB

MD5
99b7314366adfec690368563b9f50320

SHA1
e89d7192a4d8ece9b9c84e9e6ed19839d092d877

SHA256
2777e130abfe9b7c0cb5d7b3291266b7d6d0dd577d1857dce856320a2c438f8c

SHA512
b0afd984cc6816362a99a215bd5c552c6bf8b1166a8ec18540fc13bc175dd9c788d5e1619f9cfacb4fff23a1c91d5e4b732aaf561ffbb885d6b7597bc090d43f

Download Submit
C:\Windows\system\tqPAIgg.exe

Filesize
6.0MB

MD5
b63e0682a1b5f902abbce734751a9c94

SHA1
f223bcabb1784b1e35b14ddf5b91ed4cfccdb81c

SHA256
59e76a02b72efaaeccf40d8d9008abfb7909f9fc18d3fb4185ac57bb922ff946

SHA512
5079aa2cb9a018921ddbbfdcf3ee6ec5fbf5cb7551c42555356ecc158b517deddab4c33bcbe9329254b7d3cab6e577446b49af834279845a2792082f4a11a8fc

Download Submit
C:\Windows\system\uTGbVqN.exe

Filesize
6.0MB

MD5
7268b31ae3cf2b530ef3b89597634241

SHA1
c5a3de30799411b6099502d053ffaa0e616d7521

SHA256
31f6d6e33506bf4489053343f555466d8b0cb01aaa050cb4512b92d8dd6d79ab

SHA512
ae838e709fa9440ae142211d022608cbf883ab615b49fb5722788bfb015185eca7faf15934adc1d36357b366fbf33a3c78271a7c5fbeaf0498c75272f2ab4eeb

Download Submit
C:\Windows\system\wjPtDIM.exe

Filesize
6.0MB

MD5
4e6aa166b00b9fba7cbf735aa5486627

SHA1
11f0c09dd5d4db5b53f1e93076abcdb4ce90e0e5

SHA256
fedd294f8a3b82a02b4945c2498d4cf563eb1f448c6db182925500636728e53e

SHA512
7238a002631759dab60fbb9a20f7536a8023c97359986d5e7037a411b2acbb73e617b87e1e7e2ecb8d5e765415d63270f23b866ed60c28b39bbe10c5ddf34911

Download Submit
C:\Windows\system\ylkgwal.exe

Filesize
6.0MB

MD5
41a290e1f6e4f6777cfb4aa3245edc9f

SHA1
90f42759260ad63201d3d0a2d1629c511c78893d

SHA256
4cd45e44e770f3e2d2e3f5cbcadecbe186b7fedc1e75b13a6f7a1e890450d5d8

SHA512
ed4a6c8585aca2d8c8562dd3c82209c527ccd5d5d87fa82977a4d1df15e8e484a6ffaba6fe5c7d18e9f698e46a91c8d4ed079b0c84df52e5e7c62ed6689bf45e

Download Submit
C:\Windows\system\zLTowvf.exe

Filesize
6.0MB

MD5
b137ff365891ed59a5e2fa596f3c0d45

SHA1
eb15f4d822f2b424b652102b8471357db7e6df60

SHA256
e3568e9fd21bd4e46f26a9c0a1941a67245ea99125e17029d3ab17c2eae5071a

SHA512
59df3b7dd62e6b80a96fcf40fffb5ba3c3db1a8c3bb8e3dfa01e550d25e64aad98c59d7c4f9c59f366b6668afa650bd20f3d309285324168c34cc76affcec556

Download Submit
\Windows\system\AkbInAy.exe

Filesize
6.0MB

MD5
db14b10c8ddbed75b515bbae7c9c000a

SHA1
b17f2b8e065307ef368ce6d5f9bb1599c6b2f5b8

SHA256
c7200ddd27c5df8bbe14810c5c49d158434534ae3f61b7036142b8ed15faa4e5

SHA512
7ab89c93abfbfcc573be6fa47f325299ebeefe807dcd33da53d1433459cd024eb106e8140a2cfe4be609e52120287b7f522b086367f1f4cd3948f304d3fafcfc

Download Submit
\Windows\system\ElhPsuA.exe

Filesize
6.0MB

MD5
73e2615ee575ee092741b8a84c600953

SHA1
118a930ccdeeb5a1e2053a9548de5b9938d5b55b

SHA256
adb072c5fced2a6f29c3515b84cb0e921fd188cb352a459f8693e545acf2e224

SHA512
a0c0d374005b798af26d7e5bfb6fa445db11a511490f05adafa4c67634926e2b2a849484662add676c6b3f4b62bf178d32c40815b7365d2c304e085a31f89b8d

Download Submit
\Windows\system\FbbhQhb.exe

Filesize
6.0MB

MD5
7368ebec1f525c52e2ec3729978ae164

SHA1
9f7b2f68d25a53c8ffc0a8ceea4fdc3be609a00a

SHA256
d3946a02f2eaaa1a497b255a699f977ddfc38a131ce793b60cbd59d6d5e15c66

SHA512
957e5eefe8df3195a3637a4c4a65548d8cffaeaba0394ff33d16795d3917203cd5a53372ca4ab47ccc9a3d97e89d97991c22541b28a61600581d604f8351b34d

Download Submit
\Windows\system\LFgjpDY.exe

Filesize
6.0MB

MD5
c895381f71124a5681deb2126ecc841d

SHA1
aa12d2742cf8a2e57a03257426a961aaf1dded68

SHA256
681d57a0d11fb6cb3ccece2789926a8112b9b6a18d0f9462f7bb108232874203

SHA512
3b039918ccf3aa25b98c23fd351a3d192a3c54ac93dc3c872a989294c8e0dc97719b370a2b3ff32889606488335db3e695d00770d11bdf9b616a5e25bb9da870

Download Submit
\Windows\system\bBmgoEC.exe

Filesize
6.0MB

MD5
c53635eca82682c372c45e6c11561c75

SHA1
b72ad50aaa1154827868b90a1c11d71dbf50aea6

SHA256
600518ccb9c9ad735e8bf9a08793c5a5d9fd886219c0dda2d610e6350992948b

SHA512
3c345a3a604fe66f39a51b8f2422027beed00994a3aa542d545df6103371d892c3ecfaa6c3d412c927f4323e872f4d44a781c636642ec4656b73ba986a83a8b3

Download Submit
\Windows\system\xGyDwod.exe

Filesize
6.0MB

MD5
dbe2ee9d06e62daa548101df45246d2d

SHA1
85f561b9ce76d40f36e189d9e81fb5f958b78f9f

SHA256
7977bd127d1db2cc2bb1af906ed6f957135b4ca95bc337be6ffa3e5acf58570d

SHA512
9edd448ae91f6bc94adb36c0902effaccd856f78972e137a30cee794b92b7be881fabe19d0180530b8f5d14878b6886b52405f2bf703dc881a615a2823652179

Download Submit
memory/1116-1812-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1116-96-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1244-23-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1244-1659-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-105-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-1846-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-83-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2284-1799-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2288-95-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-1804-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-80-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-16-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-286-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-383-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2412-84-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2412-32-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-30-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2412-21-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2412-47-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-64-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-52-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-18-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2412-111-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2412-55-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-102-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-0-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2412-100-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-51-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2412-82-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2440-54-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1658-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2440-20-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1789-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-67-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-239-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-59-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2732-213-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1786-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2780-101-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1802-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2820-31-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2820-1661-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1660-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2880-22-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2908-68-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-36-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-1663-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-42-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2972-1662-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2972-72-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1664-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/3048-49-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/3048-94-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download