cobaltstrike | 28a20d444b819c8454c610e767b8f47181943ac22308d4d13073e9d641ec67c8

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

36792dbb1b88be040a1d014f1ba482c8
SHA1

a631b2af8ee7a1ed011e111b7c408e47f42618bd
SHA256

28a20d444b819c8454c610e767b8f47181943ac22308d4d13073e9d641ec67c8
SHA512

f50ffda030a1b705a2419bf7ffafb3b6dd0a1423a3dfa751a34cc627a3a9bc46297d74087740ae8316a410f79cf0b4c988e6c9835c5b33473cb2c1e80c172022
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fc-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f4f-27.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160db-44.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016599-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019242-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941b-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019429-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939c-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938a-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001930d-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-89.dat	cobalt_reflective_dll
behavioral1/files/0x0038000000012275-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925b-77.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016307-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016239-42.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e8f-22.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d53-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d5b-16.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1692-0-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fc-3.dat	xmrig
behavioral1/memory/2780-8-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2828-21-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f4f-27.dat	xmrig
behavioral1/files/0x00070000000160db-44.dat	xmrig
behavioral1/files/0x0008000000016599-61.dat	xmrig
behavioral1/memory/2844-66-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0006000000019242-69.dat	xmrig
behavioral1/memory/2232-79-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/1284-84-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2408-93-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x000500000001938e-134.dat	xmrig
behavioral1/memory/1628-994-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/1284-546-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1692-545-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001955c-192.dat	xmrig
behavioral1/files/0x00050000000194e6-182.dat	xmrig
behavioral1/files/0x0005000000019551-187.dat	xmrig
behavioral1/files/0x00050000000194e4-178.dat	xmrig
behavioral1/files/0x00050000000194da-172.dat	xmrig
behavioral1/files/0x00050000000194d0-167.dat	xmrig
behavioral1/files/0x00050000000194c6-162.dat	xmrig
behavioral1/files/0x000500000001949d-157.dat	xmrig
behavioral1/files/0x0005000000019490-151.dat	xmrig
behavioral1/files/0x000500000001946b-141.dat	xmrig
behavioral1/files/0x0005000000019481-148.dat	xmrig
behavioral1/files/0x0005000000019377-129.dat	xmrig
behavioral1/files/0x000500000001941b-126.dat	xmrig
behavioral1/memory/332-111-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019429-133.dat	xmrig
behavioral1/files/0x000500000001939c-124.dat	xmrig
behavioral1/files/0x000500000001938a-121.dat	xmrig
behavioral1/memory/1692-115-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001932a-104.dat	xmrig
behavioral1/memory/1628-99-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001930d-96.dat	xmrig
behavioral1/files/0x000500000001925d-89.dat	xmrig
behavioral1/memory/2900-83-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x0038000000012275-82.dat	xmrig
behavioral1/files/0x000500000001925b-77.dat	xmrig
behavioral1/memory/332-71-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2760-65-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/1692-64-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2716-63-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/3012-57-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0007000000016307-55.dat	xmrig
behavioral1/memory/2140-50-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2852-48-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2900-47-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2780-46-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x0007000000016239-42.dat	xmrig
behavioral1/memory/1692-40-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2844-30-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0008000000015e8f-22.dat	xmrig
behavioral1/memory/2716-19-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d53-10.dat	xmrig
behavioral1/files/0x0008000000015d5b-16.dat	xmrig
behavioral1/memory/1284-3105-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/332-3097-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2140-3110-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2828-3092-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2780-3071-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2760-3115-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2780	SKiiZPB.exe
2716	OimdYeu.exe
2828	txCyHME.exe
2844	oIxVMxI.exe
2900	OiSlBCo.exe
2852	rxUPQyf.exe
2140	rnAlEei.exe
3012	JSVvysK.exe
2760	aSMqJxb.exe
332	XMUAWZJ.exe
2232	nalTUmF.exe
1284	YxCRLAe.exe
2408	QfGkfHZ.exe
1628	PTzlCNV.exe
2300	tPUFqWL.exe
2924	loeHYwa.exe
1788	fPLMiwl.exe
2772	cHMVciQ.exe
2044	rZGsGnX.exe
3048	gPGHoop.exe
2164	aTSjyrI.exe
544	Xpkcfrg.exe
2804	fflyJhw.exe
2572	kfoDgll.exe
2688	XyBbDFG.exe
2160	BCtvwPy.exe
2168	OXCdHoa.exe
2552	YBmmGyG.exe
1944	CMnpeKK.exe
1112	iuYHkqX.exe
1228	wyVoias.exe
448	YcLxgaZ.exe
1976	LhtBBxf.exe
1288	OpJsprH.exe
1760	erqMnwF.exe
1080	lJMLpEN.exe
1060	rtnOssK.exe
1376	VwunmHJ.exe
1860	ypjMoRK.exe
2920	XTPOBjL.exe
2192	nsyZeQY.exe
912	NKeiQvr.exe
1964	pSWkUBV.exe
1528	liLZZjw.exe
1792	deXHeLv.exe
760	UTBFwVy.exe
976	FNhZoxH.exe
1704	BFUKWWz.exe
3004	dneVykc.exe
764	WmlpaUA.exe
1784	OTbYGcl.exe
2512	GSXhxml.exe
1584	RQhPOQM.exe
1688	gmAdSXf.exe
2792	BbnNCVP.exe
2628	grNGcBC.exe
2856	BZzPscc.exe
2756	nwwKgbT.exe
3064	PaIPiJq.exe
3068	Ccbmgcl.exe
688	duuglIV.exe
2236	uWgUYQD.exe
2580	uMcwaoi.exe
3044	eGanmKI.exe

Loads dropped DLL 64 IoCs

pid	Process
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1692-0-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x00070000000120fc-3.dat	upx
behavioral1/memory/2780-8-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2828-21-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x0008000000015f4f-27.dat	upx
behavioral1/files/0x00070000000160db-44.dat	upx
behavioral1/files/0x0008000000016599-61.dat	upx
behavioral1/memory/2844-66-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0006000000019242-69.dat	upx
behavioral1/memory/2232-79-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/1284-84-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2408-93-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x000500000001938e-134.dat	upx
behavioral1/memory/1628-994-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/1284-546-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x000500000001955c-192.dat	upx
behavioral1/files/0x00050000000194e6-182.dat	upx
behavioral1/files/0x0005000000019551-187.dat	upx
behavioral1/files/0x00050000000194e4-178.dat	upx
behavioral1/files/0x00050000000194da-172.dat	upx
behavioral1/files/0x00050000000194d0-167.dat	upx
behavioral1/files/0x00050000000194c6-162.dat	upx
behavioral1/files/0x000500000001949d-157.dat	upx
behavioral1/files/0x0005000000019490-151.dat	upx
behavioral1/files/0x000500000001946b-141.dat	upx
behavioral1/files/0x0005000000019481-148.dat	upx
behavioral1/files/0x0005000000019377-129.dat	upx
behavioral1/files/0x000500000001941b-126.dat	upx
behavioral1/memory/332-111-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x0005000000019429-133.dat	upx
behavioral1/files/0x000500000001939c-124.dat	upx
behavioral1/files/0x000500000001938a-121.dat	upx
behavioral1/files/0x000500000001932a-104.dat	upx
behavioral1/memory/1628-99-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x000500000001930d-96.dat	upx
behavioral1/files/0x000500000001925d-89.dat	upx
behavioral1/memory/2900-83-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x0038000000012275-82.dat	upx
behavioral1/files/0x000500000001925b-77.dat	upx
behavioral1/memory/332-71-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2760-65-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2716-63-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/3012-57-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x0007000000016307-55.dat	upx
behavioral1/memory/2140-50-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2852-48-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2900-47-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2780-46-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x0007000000016239-42.dat	upx
behavioral1/memory/1692-40-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2844-30-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0008000000015e8f-22.dat	upx
behavioral1/memory/2716-19-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x0008000000015d53-10.dat	upx
behavioral1/files/0x0008000000015d5b-16.dat	upx
behavioral1/memory/1284-3105-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/332-3097-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2140-3110-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2828-3092-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2780-3071-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2760-3115-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/1628-3126-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2716-3129-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2900-3186-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wWCBPbb.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKLLMmR.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGfPAeB.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwqMfGV.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHIYpya.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfrRZHP.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odrFzQt.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wohEbjf.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzkppEF.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPEZLam.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmMImLw.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYnNRjK.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTbYGcl.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhpBkol.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otHImqz.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmixilR.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkFFWQz.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuXOvNH.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skbgfvX.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtzLAJG.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBgBGYC.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTyTCtj.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LujHgnD.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ykZyjiQ.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPkczRb.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EONNtpY.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIetcZf.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDOUwQI.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQtMjIN.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIpXYYv.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NbaMfLZ.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AyfTHjH.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwuiZbO.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbdPZRP.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsxIzpd.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVeokGX.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvczGWI.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmRRdzE.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZrapjy.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXCdHoa.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wglJqFA.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ckyFqpp.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsVGNTP.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\divyRCq.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTVOSlX.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNJXOAs.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSXJtQe.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOPQTXm.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVPoXYb.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojqbSIE.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AmmwxeQ.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJffock.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNtgnZr.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYBroyJ.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSaHeNl.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifYLHlI.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbsbRMj.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNaXGmW.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utSCBCu.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJOGcog.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FojzaXb.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzulRAA.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lRjwZTD.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icbedKc.exe	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2780	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1692 wrote to memory of 2780	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1692 wrote to memory of 2780	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1692 wrote to memory of 2828	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1692 wrote to memory of 2828	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1692 wrote to memory of 2828	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1692 wrote to memory of 2716	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1692 wrote to memory of 2716	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1692 wrote to memory of 2716	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1692 wrote to memory of 2844	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1692 wrote to memory of 2844	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1692 wrote to memory of 2844	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1692 wrote to memory of 2900	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1692 wrote to memory of 2900	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1692 wrote to memory of 2900	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1692 wrote to memory of 2140	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1692 wrote to memory of 2140	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1692 wrote to memory of 2140	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1692 wrote to memory of 2852	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1692 wrote to memory of 2852	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1692 wrote to memory of 2852	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1692 wrote to memory of 3012	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1692 wrote to memory of 3012	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1692 wrote to memory of 3012	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1692 wrote to memory of 2760	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1692 wrote to memory of 2760	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1692 wrote to memory of 2760	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1692 wrote to memory of 332	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1692 wrote to memory of 332	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1692 wrote to memory of 332	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1692 wrote to memory of 2232	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1692 wrote to memory of 2232	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1692 wrote to memory of 2232	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1692 wrote to memory of 1284	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1692 wrote to memory of 1284	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1692 wrote to memory of 1284	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1692 wrote to memory of 2408	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1692 wrote to memory of 2408	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1692 wrote to memory of 2408	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1692 wrote to memory of 1628	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1692 wrote to memory of 1628	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1692 wrote to memory of 1628	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1692 wrote to memory of 2300	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1692 wrote to memory of 2300	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1692 wrote to memory of 2300	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1692 wrote to memory of 2772	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1692 wrote to memory of 2772	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1692 wrote to memory of 2772	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1692 wrote to memory of 2924	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1692 wrote to memory of 2924	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1692 wrote to memory of 2924	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1692 wrote to memory of 3048	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1692 wrote to memory of 3048	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1692 wrote to memory of 3048	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1692 wrote to memory of 1788	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1692 wrote to memory of 1788	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1692 wrote to memory of 1788	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1692 wrote to memory of 2164	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1692 wrote to memory of 2164	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1692 wrote to memory of 2164	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1692 wrote to memory of 2044	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1692 wrote to memory of 2044	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1692 wrote to memory of 2044	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1692 wrote to memory of 544	1692	2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_36792dbb1b88be040a1d014f1ba482c8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\System\SKiiZPB.exe
  C:\Windows\System\SKiiZPB.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\txCyHME.exe
  C:\Windows\System\txCyHME.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\OimdYeu.exe
  C:\Windows\System\OimdYeu.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\oIxVMxI.exe
  C:\Windows\System\oIxVMxI.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\OiSlBCo.exe
  C:\Windows\System\OiSlBCo.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\rnAlEei.exe
  C:\Windows\System\rnAlEei.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\rxUPQyf.exe
  C:\Windows\System\rxUPQyf.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\JSVvysK.exe
  C:\Windows\System\JSVvysK.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\aSMqJxb.exe
  C:\Windows\System\aSMqJxb.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\XMUAWZJ.exe
  C:\Windows\System\XMUAWZJ.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\nalTUmF.exe
  C:\Windows\System\nalTUmF.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\YxCRLAe.exe
  C:\Windows\System\YxCRLAe.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\QfGkfHZ.exe
  C:\Windows\System\QfGkfHZ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\PTzlCNV.exe
  C:\Windows\System\PTzlCNV.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\tPUFqWL.exe
  C:\Windows\System\tPUFqWL.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\cHMVciQ.exe
  C:\Windows\System\cHMVciQ.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\loeHYwa.exe
  C:\Windows\System\loeHYwa.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\gPGHoop.exe
  C:\Windows\System\gPGHoop.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\fPLMiwl.exe
  C:\Windows\System\fPLMiwl.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\aTSjyrI.exe
  C:\Windows\System\aTSjyrI.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\rZGsGnX.exe
  C:\Windows\System\rZGsGnX.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\Xpkcfrg.exe
  C:\Windows\System\Xpkcfrg.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\fflyJhw.exe
  C:\Windows\System\fflyJhw.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\kfoDgll.exe
  C:\Windows\System\kfoDgll.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\XyBbDFG.exe
  C:\Windows\System\XyBbDFG.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\BCtvwPy.exe
  C:\Windows\System\BCtvwPy.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\OXCdHoa.exe
  C:\Windows\System\OXCdHoa.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\YBmmGyG.exe
  C:\Windows\System\YBmmGyG.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\CMnpeKK.exe
  C:\Windows\System\CMnpeKK.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\iuYHkqX.exe
  C:\Windows\System\iuYHkqX.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\wyVoias.exe
  C:\Windows\System\wyVoias.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\YcLxgaZ.exe
  C:\Windows\System\YcLxgaZ.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\LhtBBxf.exe
  C:\Windows\System\LhtBBxf.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\OpJsprH.exe
  C:\Windows\System\OpJsprH.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\erqMnwF.exe
  C:\Windows\System\erqMnwF.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\lJMLpEN.exe
  C:\Windows\System\lJMLpEN.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\rtnOssK.exe
  C:\Windows\System\rtnOssK.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\VwunmHJ.exe
  C:\Windows\System\VwunmHJ.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\ypjMoRK.exe
  C:\Windows\System\ypjMoRK.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\XTPOBjL.exe
  C:\Windows\System\XTPOBjL.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\nsyZeQY.exe
  C:\Windows\System\nsyZeQY.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\NKeiQvr.exe
  C:\Windows\System\NKeiQvr.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\pSWkUBV.exe
  C:\Windows\System\pSWkUBV.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\liLZZjw.exe
  C:\Windows\System\liLZZjw.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\deXHeLv.exe
  C:\Windows\System\deXHeLv.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\UTBFwVy.exe
  C:\Windows\System\UTBFwVy.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\FNhZoxH.exe
  C:\Windows\System\FNhZoxH.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\BFUKWWz.exe
  C:\Windows\System\BFUKWWz.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\dneVykc.exe
  C:\Windows\System\dneVykc.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\WmlpaUA.exe
  C:\Windows\System\WmlpaUA.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\OTbYGcl.exe
  C:\Windows\System\OTbYGcl.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\GSXhxml.exe
  C:\Windows\System\GSXhxml.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\RQhPOQM.exe
  C:\Windows\System\RQhPOQM.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\gmAdSXf.exe
  C:\Windows\System\gmAdSXf.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\BbnNCVP.exe
  C:\Windows\System\BbnNCVP.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\grNGcBC.exe
  C:\Windows\System\grNGcBC.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\BZzPscc.exe
  C:\Windows\System\BZzPscc.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\nwwKgbT.exe
  C:\Windows\System\nwwKgbT.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\PaIPiJq.exe
  C:\Windows\System\PaIPiJq.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\Ccbmgcl.exe
  C:\Windows\System\Ccbmgcl.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\duuglIV.exe
  C:\Windows\System\duuglIV.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\uWgUYQD.exe
  C:\Windows\System\uWgUYQD.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\uMcwaoi.exe
  C:\Windows\System\uMcwaoi.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\eGanmKI.exe
  C:\Windows\System\eGanmKI.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\vWbzCto.exe
  C:\Windows\System\vWbzCto.exe
  2⤵
  PID:2056
- C:\Windows\System\nQUpxWn.exe
  C:\Windows\System\nQUpxWn.exe
  2⤵
  PID:2632
- C:\Windows\System\rmgJItR.exe
  C:\Windows\System\rmgJItR.exe
  2⤵
  PID:1040
- C:\Windows\System\YEbKiaV.exe
  C:\Windows\System\YEbKiaV.exe
  2⤵
  PID:1308
- C:\Windows\System\AmmwxeQ.exe
  C:\Windows\System\AmmwxeQ.exe
  2⤵
  PID:2400
- C:\Windows\System\tHpoMgL.exe
  C:\Windows\System\tHpoMgL.exe
  2⤵
  PID:2176
- C:\Windows\System\qbRYWmA.exe
  C:\Windows\System\qbRYWmA.exe
  2⤵
  PID:860
- C:\Windows\System\MeWHRQP.exe
  C:\Windows\System\MeWHRQP.exe
  2⤵
  PID:316
- C:\Windows\System\yFoaVbE.exe
  C:\Windows\System\yFoaVbE.exe
  2⤵
  PID:2244
- C:\Windows\System\QIIixRK.exe
  C:\Windows\System\QIIixRK.exe
  2⤵
  PID:2388
- C:\Windows\System\mkcgZGm.exe
  C:\Windows\System\mkcgZGm.exe
  2⤵
  PID:1332
- C:\Windows\System\LOwnjTE.exe
  C:\Windows\System\LOwnjTE.exe
  2⤵
  PID:1368
- C:\Windows\System\jkanLWa.exe
  C:\Windows\System\jkanLWa.exe
  2⤵
  PID:1592
- C:\Windows\System\LQXOLLq.exe
  C:\Windows\System\LQXOLLq.exe
  2⤵
  PID:2180
- C:\Windows\System\tOQrJBH.exe
  C:\Windows\System\tOQrJBH.exe
  2⤵
  PID:1984
- C:\Windows\System\bfREXgM.exe
  C:\Windows\System\bfREXgM.exe
  2⤵
  PID:608
- C:\Windows\System\BMQBLaZ.exe
  C:\Windows\System\BMQBLaZ.exe
  2⤵
  PID:1748
- C:\Windows\System\DaEQNSO.exe
  C:\Windows\System\DaEQNSO.exe
  2⤵
  PID:2672
- C:\Windows\System\nQvPXhM.exe
  C:\Windows\System\nQvPXhM.exe
  2⤵
  PID:2340
- C:\Windows\System\TNHWKSe.exe
  C:\Windows\System\TNHWKSe.exe
  2⤵
  PID:1732
- C:\Windows\System\FUYEZWQ.exe
  C:\Windows\System\FUYEZWQ.exe
  2⤵
  PID:2560
- C:\Windows\System\AgSAUhp.exe
  C:\Windows\System\AgSAUhp.exe
  2⤵
  PID:2732
- C:\Windows\System\SmNRFea.exe
  C:\Windows\System\SmNRFea.exe
  2⤵
  PID:3060
- C:\Windows\System\gOFpPlM.exe
  C:\Windows\System\gOFpPlM.exe
  2⤵
  PID:2736
- C:\Windows\System\HtgJhNr.exe
  C:\Windows\System\HtgJhNr.exe
  2⤵
  PID:2712
- C:\Windows\System\EzlBLlD.exe
  C:\Windows\System\EzlBLlD.exe
  2⤵
  PID:2840
- C:\Windows\System\fCVdlar.exe
  C:\Windows\System\fCVdlar.exe
  2⤵
  PID:1724
- C:\Windows\System\jChqISg.exe
  C:\Windows\System\jChqISg.exe
  2⤵
  PID:2652
- C:\Windows\System\PRiWJzK.exe
  C:\Windows\System\PRiWJzK.exe
  2⤵
  PID:1856
- C:\Windows\System\aYGFjdZ.exe
  C:\Windows\System\aYGFjdZ.exe
  2⤵
  PID:1892
- C:\Windows\System\DsTLWZM.exe
  C:\Windows\System\DsTLWZM.exe
  2⤵
  PID:2452
- C:\Windows\System\MSaklsD.exe
  C:\Windows\System\MSaklsD.exe
  2⤵
  PID:1500
- C:\Windows\System\oyVGHBc.exe
  C:\Windows\System\oyVGHBc.exe
  2⤵
  PID:3080
- C:\Windows\System\QXdEoIQ.exe
  C:\Windows\System\QXdEoIQ.exe
  2⤵
  PID:3104
- C:\Windows\System\goFFgKC.exe
  C:\Windows\System\goFFgKC.exe
  2⤵
  PID:3124
- C:\Windows\System\tLmAfLH.exe
  C:\Windows\System\tLmAfLH.exe
  2⤵
  PID:3144
- C:\Windows\System\UumATGK.exe
  C:\Windows\System\UumATGK.exe
  2⤵
  PID:3164
- C:\Windows\System\nxDpTzQ.exe
  C:\Windows\System\nxDpTzQ.exe
  2⤵
  PID:3184
- C:\Windows\System\KDLbcVW.exe
  C:\Windows\System\KDLbcVW.exe
  2⤵
  PID:3200
- C:\Windows\System\bNaXGmW.exe
  C:\Windows\System\bNaXGmW.exe
  2⤵
  PID:3224
- C:\Windows\System\oGMXFzg.exe
  C:\Windows\System\oGMXFzg.exe
  2⤵
  PID:3240
- C:\Windows\System\kTpcjZE.exe
  C:\Windows\System\kTpcjZE.exe
  2⤵
  PID:3260
- C:\Windows\System\mIwUoSn.exe
  C:\Windows\System\mIwUoSn.exe
  2⤵
  PID:3280
- C:\Windows\System\xfzQHiN.exe
  C:\Windows\System\xfzQHiN.exe
  2⤵
  PID:3304
- C:\Windows\System\gCIjrqb.exe
  C:\Windows\System\gCIjrqb.exe
  2⤵
  PID:3320
- C:\Windows\System\WwbHzIC.exe
  C:\Windows\System\WwbHzIC.exe
  2⤵
  PID:3344
- C:\Windows\System\ttNXjyk.exe
  C:\Windows\System\ttNXjyk.exe
  2⤵
  PID:3360
- C:\Windows\System\LtsQgKo.exe
  C:\Windows\System\LtsQgKo.exe
  2⤵
  PID:3384
- C:\Windows\System\socfRNI.exe
  C:\Windows\System\socfRNI.exe
  2⤵
  PID:3404
- C:\Windows\System\GgTiNiD.exe
  C:\Windows\System\GgTiNiD.exe
  2⤵
  PID:3424
- C:\Windows\System\PzrRRhv.exe
  C:\Windows\System\PzrRRhv.exe
  2⤵
  PID:3444
- C:\Windows\System\PCgVOjU.exe
  C:\Windows\System\PCgVOjU.exe
  2⤵
  PID:3464
- C:\Windows\System\ecTyDJG.exe
  C:\Windows\System\ecTyDJG.exe
  2⤵
  PID:3484
- C:\Windows\System\AyCEUgg.exe
  C:\Windows\System\AyCEUgg.exe
  2⤵
  PID:3504
- C:\Windows\System\dVlhFDM.exe
  C:\Windows\System\dVlhFDM.exe
  2⤵
  PID:3520
- C:\Windows\System\hVrUZYb.exe
  C:\Windows\System\hVrUZYb.exe
  2⤵
  PID:3536
- C:\Windows\System\iMoeVIk.exe
  C:\Windows\System\iMoeVIk.exe
  2⤵
  PID:3556
- C:\Windows\System\AZfGomH.exe
  C:\Windows\System\AZfGomH.exe
  2⤵
  PID:3584
- C:\Windows\System\PBeZTjy.exe
  C:\Windows\System\PBeZTjy.exe
  2⤵
  PID:3604
- C:\Windows\System\iEsHkFe.exe
  C:\Windows\System\iEsHkFe.exe
  2⤵
  PID:3624
- C:\Windows\System\aCjyuzO.exe
  C:\Windows\System\aCjyuzO.exe
  2⤵
  PID:3644
- C:\Windows\System\TbgZqIp.exe
  C:\Windows\System\TbgZqIp.exe
  2⤵
  PID:3664
- C:\Windows\System\BTVOSlX.exe
  C:\Windows\System\BTVOSlX.exe
  2⤵
  PID:3680
- C:\Windows\System\pVYRDNi.exe
  C:\Windows\System\pVYRDNi.exe
  2⤵
  PID:3704
- C:\Windows\System\XNUoJMy.exe
  C:\Windows\System\XNUoJMy.exe
  2⤵
  PID:3724
- C:\Windows\System\eEgCxuW.exe
  C:\Windows\System\eEgCxuW.exe
  2⤵
  PID:3744
- C:\Windows\System\tGRfPnV.exe
  C:\Windows\System\tGRfPnV.exe
  2⤵
  PID:3760
- C:\Windows\System\UIBCorE.exe
  C:\Windows\System\UIBCorE.exe
  2⤵
  PID:3780
- C:\Windows\System\nXccHtN.exe
  C:\Windows\System\nXccHtN.exe
  2⤵
  PID:3800
- C:\Windows\System\utSCBCu.exe
  C:\Windows\System\utSCBCu.exe
  2⤵
  PID:3820
- C:\Windows\System\cEwweyb.exe
  C:\Windows\System\cEwweyb.exe
  2⤵
  PID:3840
- C:\Windows\System\QVuJXys.exe
  C:\Windows\System\QVuJXys.exe
  2⤵
  PID:3864
- C:\Windows\System\NOtJafn.exe
  C:\Windows\System\NOtJafn.exe
  2⤵
  PID:3884
- C:\Windows\System\BhFjDls.exe
  C:\Windows\System\BhFjDls.exe
  2⤵
  PID:3904
- C:\Windows\System\yqdrNEk.exe
  C:\Windows\System\yqdrNEk.exe
  2⤵
  PID:3924
- C:\Windows\System\RdRYvnU.exe
  C:\Windows\System\RdRYvnU.exe
  2⤵
  PID:3944
- C:\Windows\System\rekretA.exe
  C:\Windows\System\rekretA.exe
  2⤵
  PID:3960
- C:\Windows\System\zbAOdpe.exe
  C:\Windows\System\zbAOdpe.exe
  2⤵
  PID:3984
- C:\Windows\System\QEYBQAa.exe
  C:\Windows\System\QEYBQAa.exe
  2⤵
  PID:4004
- C:\Windows\System\TXAJMdp.exe
  C:\Windows\System\TXAJMdp.exe
  2⤵
  PID:4024
- C:\Windows\System\XudHDAW.exe
  C:\Windows\System\XudHDAW.exe
  2⤵
  PID:4044
- C:\Windows\System\kSDnFzq.exe
  C:\Windows\System\kSDnFzq.exe
  2⤵
  PID:4064
- C:\Windows\System\BLUhEOU.exe
  C:\Windows\System\BLUhEOU.exe
  2⤵
  PID:4084
- C:\Windows\System\baPFgub.exe
  C:\Windows\System\baPFgub.exe
  2⤵
  PID:2132
- C:\Windows\System\hoVZKpa.exe
  C:\Windows\System\hoVZKpa.exe
  2⤵
  PID:1940
- C:\Windows\System\sNJXOAs.exe
  C:\Windows\System\sNJXOAs.exe
  2⤵
  PID:2020
- C:\Windows\System\QgdvfbZ.exe
  C:\Windows\System\QgdvfbZ.exe
  2⤵
  PID:1556
- C:\Windows\System\WqQoyAe.exe
  C:\Windows\System\WqQoyAe.exe
  2⤵
  PID:2016
- C:\Windows\System\KzLrghC.exe
  C:\Windows\System\KzLrghC.exe
  2⤵
  PID:2228
- C:\Windows\System\otHImqz.exe
  C:\Windows\System\otHImqz.exe
  2⤵
  PID:1552
- C:\Windows\System\hBvCqto.exe
  C:\Windows\System\hBvCqto.exe
  2⤵
  PID:2748
- C:\Windows\System\JSBtHXg.exe
  C:\Windows\System\JSBtHXg.exe
  2⤵
  PID:1492
- C:\Windows\System\cwQIEai.exe
  C:\Windows\System\cwQIEai.exe
  2⤵
  PID:1184
- C:\Windows\System\xEdggNW.exe
  C:\Windows\System\xEdggNW.exe
  2⤵
  PID:2948
- C:\Windows\System\lNwiTly.exe
  C:\Windows\System\lNwiTly.exe
  2⤵
  PID:2184
- C:\Windows\System\lCgtmId.exe
  C:\Windows\System\lCgtmId.exe
  2⤵
  PID:1768
- C:\Windows\System\TGeWfle.exe
  C:\Windows\System\TGeWfle.exe
  2⤵
  PID:2036
- C:\Windows\System\EFWmCHF.exe
  C:\Windows\System\EFWmCHF.exe
  2⤵
  PID:3100
- C:\Windows\System\GHSksnA.exe
  C:\Windows\System\GHSksnA.exe
  2⤵
  PID:3132
- C:\Windows\System\YngkSnT.exe
  C:\Windows\System\YngkSnT.exe
  2⤵
  PID:3172
- C:\Windows\System\aDHYter.exe
  C:\Windows\System\aDHYter.exe
  2⤵
  PID:3160
- C:\Windows\System\DYlXwEw.exe
  C:\Windows\System\DYlXwEw.exe
  2⤵
  PID:3212
- C:\Windows\System\mfHpCiF.exe
  C:\Windows\System\mfHpCiF.exe
  2⤵
  PID:3196
- C:\Windows\System\kvHlyoB.exe
  C:\Windows\System\kvHlyoB.exe
  2⤵
  PID:3300
- C:\Windows\System\ZmvhsWK.exe
  C:\Windows\System\ZmvhsWK.exe
  2⤵
  PID:3312
- C:\Windows\System\QYxrEtG.exe
  C:\Windows\System\QYxrEtG.exe
  2⤵
  PID:3352
- C:\Windows\System\pzwtMFB.exe
  C:\Windows\System\pzwtMFB.exe
  2⤵
  PID:3380
- C:\Windows\System\lNuTSns.exe
  C:\Windows\System\lNuTSns.exe
  2⤵
  PID:3420
- C:\Windows\System\hOPQTXm.exe
  C:\Windows\System\hOPQTXm.exe
  2⤵
  PID:3452
- C:\Windows\System\WbZGYDF.exe
  C:\Windows\System\WbZGYDF.exe
  2⤵
  PID:3492
- C:\Windows\System\vHOsIjk.exe
  C:\Windows\System\vHOsIjk.exe
  2⤵
  PID:3528
- C:\Windows\System\aVSjVod.exe
  C:\Windows\System\aVSjVod.exe
  2⤵
  PID:3580
- C:\Windows\System\TchUmFa.exe
  C:\Windows\System\TchUmFa.exe
  2⤵
  PID:3552
- C:\Windows\System\rGkeTSF.exe
  C:\Windows\System\rGkeTSF.exe
  2⤵
  PID:3600
- C:\Windows\System\ZMuvcwM.exe
  C:\Windows\System\ZMuvcwM.exe
  2⤵
  PID:3640
- C:\Windows\System\LYtMZZi.exe
  C:\Windows\System\LYtMZZi.exe
  2⤵
  PID:3676
- C:\Windows\System\AgGZwln.exe
  C:\Windows\System\AgGZwln.exe
  2⤵
  PID:3712
- C:\Windows\System\XpBjGNk.exe
  C:\Windows\System\XpBjGNk.exe
  2⤵
  PID:3768
- C:\Windows\System\ByvRyZu.exe
  C:\Windows\System\ByvRyZu.exe
  2⤵
  PID:3756
- C:\Windows\System\ozcQRTf.exe
  C:\Windows\System\ozcQRTf.exe
  2⤵
  PID:3792
- C:\Windows\System\PxBGXtD.exe
  C:\Windows\System\PxBGXtD.exe
  2⤵
  PID:3836
- C:\Windows\System\DDIUOFA.exe
  C:\Windows\System\DDIUOFA.exe
  2⤵
  PID:3896
- C:\Windows\System\IVHdcQX.exe
  C:\Windows\System\IVHdcQX.exe
  2⤵
  PID:3912
- C:\Windows\System\KUuPKiy.exe
  C:\Windows\System\KUuPKiy.exe
  2⤵
  PID:3940
- C:\Windows\System\wbdciCQ.exe
  C:\Windows\System\wbdciCQ.exe
  2⤵
  PID:3952
- C:\Windows\System\YnwFtcI.exe
  C:\Windows\System\YnwFtcI.exe
  2⤵
  PID:3996
- C:\Windows\System\GKPJgPK.exe
  C:\Windows\System\GKPJgPK.exe
  2⤵
  PID:4036
- C:\Windows\System\QFBVXbc.exe
  C:\Windows\System\QFBVXbc.exe
  2⤵
  PID:2440
- C:\Windows\System\iysABHd.exe
  C:\Windows\System\iysABHd.exe
  2⤵
  PID:1772
- C:\Windows\System\CteRRlx.exe
  C:\Windows\System\CteRRlx.exe
  2⤵
  PID:680
- C:\Windows\System\snDOtTY.exe
  C:\Windows\System\snDOtTY.exe
  2⤵
  PID:2136
- C:\Windows\System\aGfyYeR.exe
  C:\Windows\System\aGfyYeR.exe
  2⤵
  PID:1676
- C:\Windows\System\MNEidud.exe
  C:\Windows\System\MNEidud.exe
  2⤵
  PID:1620
- C:\Windows\System\mqbUHCI.exe
  C:\Windows\System\mqbUHCI.exe
  2⤵
  PID:2564
- C:\Windows\System\RsKUeTI.exe
  C:\Windows\System\RsKUeTI.exe
  2⤵
  PID:496
- C:\Windows\System\SScwpXk.exe
  C:\Windows\System\SScwpXk.exe
  2⤵
  PID:612
- C:\Windows\System\XqyBAKY.exe
  C:\Windows\System\XqyBAKY.exe
  2⤵
  PID:3096
- C:\Windows\System\cyJVtPS.exe
  C:\Windows\System\cyJVtPS.exe
  2⤵
  PID:3076
- C:\Windows\System\HJsHUhK.exe
  C:\Windows\System\HJsHUhK.exe
  2⤵
  PID:3216
- C:\Windows\System\GLLEtkq.exe
  C:\Windows\System\GLLEtkq.exe
  2⤵
  PID:3176
- C:\Windows\System\wJYhACS.exe
  C:\Windows\System\wJYhACS.exe
  2⤵
  PID:3332
- C:\Windows\System\BygSNQc.exe
  C:\Windows\System\BygSNQc.exe
  2⤵
  PID:3292
- C:\Windows\System\iUlyxkD.exe
  C:\Windows\System\iUlyxkD.exe
  2⤵
  PID:3356
- C:\Windows\System\hExPNkT.exe
  C:\Windows\System\hExPNkT.exe
  2⤵
  PID:3472
- C:\Windows\System\pHnQALN.exe
  C:\Windows\System\pHnQALN.exe
  2⤵
  PID:3544
- C:\Windows\System\VrRzNqb.exe
  C:\Windows\System\VrRzNqb.exe
  2⤵
  PID:3592
- C:\Windows\System\LSkbopw.exe
  C:\Windows\System\LSkbopw.exe
  2⤵
  PID:3512
- C:\Windows\System\qSUwXWZ.exe
  C:\Windows\System\qSUwXWZ.exe
  2⤵
  PID:3652
- C:\Windows\System\ptfrHGL.exe
  C:\Windows\System\ptfrHGL.exe
  2⤵
  PID:3700
- C:\Windows\System\rmvlZXt.exe
  C:\Windows\System\rmvlZXt.exe
  2⤵
  PID:3852
- C:\Windows\System\coRNymr.exe
  C:\Windows\System\coRNymr.exe
  2⤵
  PID:3752
- C:\Windows\System\NHeArBN.exe
  C:\Windows\System\NHeArBN.exe
  2⤵
  PID:3880
- C:\Windows\System\IIesdSs.exe
  C:\Windows\System\IIesdSs.exe
  2⤵
  PID:3916
- C:\Windows\System\FzvMAiE.exe
  C:\Windows\System\FzvMAiE.exe
  2⤵
  PID:3980
- C:\Windows\System\otvBeMh.exe
  C:\Windows\System\otvBeMh.exe
  2⤵
  PID:4052
- C:\Windows\System\WFMXGZH.exe
  C:\Windows\System\WFMXGZH.exe
  2⤵
  PID:1852
- C:\Windows\System\bLvLSDq.exe
  C:\Windows\System\bLvLSDq.exe
  2⤵
  PID:2868
- C:\Windows\System\MrjFSFY.exe
  C:\Windows\System\MrjFSFY.exe
  2⤵
  PID:4104
- C:\Windows\System\JVBEJdW.exe
  C:\Windows\System\JVBEJdW.exe
  2⤵
  PID:4128
- C:\Windows\System\WeDoRIf.exe
  C:\Windows\System\WeDoRIf.exe
  2⤵
  PID:4144
- C:\Windows\System\qxXmnrX.exe
  C:\Windows\System\qxXmnrX.exe
  2⤵
  PID:4160
- C:\Windows\System\trRhnym.exe
  C:\Windows\System\trRhnym.exe
  2⤵
  PID:4176
- C:\Windows\System\KaqMIHO.exe
  C:\Windows\System\KaqMIHO.exe
  2⤵
  PID:4200
- C:\Windows\System\OySEKnR.exe
  C:\Windows\System\OySEKnR.exe
  2⤵
  PID:4216
- C:\Windows\System\hpWRTEA.exe
  C:\Windows\System\hpWRTEA.exe
  2⤵
  PID:4232
- C:\Windows\System\vOetXGS.exe
  C:\Windows\System\vOetXGS.exe
  2⤵
  PID:4256
- C:\Windows\System\RmXjhvp.exe
  C:\Windows\System\RmXjhvp.exe
  2⤵
  PID:4292
- C:\Windows\System\GiSNpsz.exe
  C:\Windows\System\GiSNpsz.exe
  2⤵
  PID:4312
- C:\Windows\System\Fxymhqm.exe
  C:\Windows\System\Fxymhqm.exe
  2⤵
  PID:4328
- C:\Windows\System\xtEExhz.exe
  C:\Windows\System\xtEExhz.exe
  2⤵
  PID:4356
- C:\Windows\System\gmuwPnz.exe
  C:\Windows\System\gmuwPnz.exe
  2⤵
  PID:4376
- C:\Windows\System\QCmpyDh.exe
  C:\Windows\System\QCmpyDh.exe
  2⤵
  PID:4396
- C:\Windows\System\fLUPTba.exe
  C:\Windows\System\fLUPTba.exe
  2⤵
  PID:4412
- C:\Windows\System\CAokmeK.exe
  C:\Windows\System\CAokmeK.exe
  2⤵
  PID:4432
- C:\Windows\System\phOBRqe.exe
  C:\Windows\System\phOBRqe.exe
  2⤵
  PID:4456
- C:\Windows\System\eCWEZxG.exe
  C:\Windows\System\eCWEZxG.exe
  2⤵
  PID:4476
- C:\Windows\System\EinFgbW.exe
  C:\Windows\System\EinFgbW.exe
  2⤵
  PID:4492
- C:\Windows\System\qVDCHdI.exe
  C:\Windows\System\qVDCHdI.exe
  2⤵
  PID:4516
- C:\Windows\System\wRjmpjS.exe
  C:\Windows\System\wRjmpjS.exe
  2⤵
  PID:4536
- C:\Windows\System\yhKSgoN.exe
  C:\Windows\System\yhKSgoN.exe
  2⤵
  PID:4556
- C:\Windows\System\olgHwLt.exe
  C:\Windows\System\olgHwLt.exe
  2⤵
  PID:4572
- C:\Windows\System\CbXeGXW.exe
  C:\Windows\System\CbXeGXW.exe
  2⤵
  PID:4592
- C:\Windows\System\HFBFPbj.exe
  C:\Windows\System\HFBFPbj.exe
  2⤵
  PID:4608
- C:\Windows\System\DuXxofo.exe
  C:\Windows\System\DuXxofo.exe
  2⤵
  PID:4632
- C:\Windows\System\WoCFeiH.exe
  C:\Windows\System\WoCFeiH.exe
  2⤵
  PID:4648
- C:\Windows\System\WeYUYqU.exe
  C:\Windows\System\WeYUYqU.exe
  2⤵
  PID:4672
- C:\Windows\System\yuOrDMk.exe
  C:\Windows\System\yuOrDMk.exe
  2⤵
  PID:4692
- C:\Windows\System\UCcwgAP.exe
  C:\Windows\System\UCcwgAP.exe
  2⤵
  PID:4708
- C:\Windows\System\fEKBOLm.exe
  C:\Windows\System\fEKBOLm.exe
  2⤵
  PID:4728
- C:\Windows\System\cdRxtgu.exe
  C:\Windows\System\cdRxtgu.exe
  2⤵
  PID:4752
- C:\Windows\System\XvczGWI.exe
  C:\Windows\System\XvczGWI.exe
  2⤵
  PID:4772
- C:\Windows\System\spTeija.exe
  C:\Windows\System\spTeija.exe
  2⤵
  PID:4796
- C:\Windows\System\MaZMySH.exe
  C:\Windows\System\MaZMySH.exe
  2⤵
  PID:4816
- C:\Windows\System\UOXtvGo.exe
  C:\Windows\System\UOXtvGo.exe
  2⤵
  PID:4836
- C:\Windows\System\gUbjyuw.exe
  C:\Windows\System\gUbjyuw.exe
  2⤵
  PID:4852
- C:\Windows\System\UuJhVoc.exe
  C:\Windows\System\UuJhVoc.exe
  2⤵
  PID:4876
- C:\Windows\System\BPSimCy.exe
  C:\Windows\System\BPSimCy.exe
  2⤵
  PID:4896
- C:\Windows\System\CBtxCGQ.exe
  C:\Windows\System\CBtxCGQ.exe
  2⤵
  PID:4916
- C:\Windows\System\FiAkUxH.exe
  C:\Windows\System\FiAkUxH.exe
  2⤵
  PID:4936
- C:\Windows\System\lDZNdfB.exe
  C:\Windows\System\lDZNdfB.exe
  2⤵
  PID:4956
- C:\Windows\System\RUYcPfM.exe
  C:\Windows\System\RUYcPfM.exe
  2⤵
  PID:4972
- C:\Windows\System\cQvVJXn.exe
  C:\Windows\System\cQvVJXn.exe
  2⤵
  PID:4992
- C:\Windows\System\ZpWpDMA.exe
  C:\Windows\System\ZpWpDMA.exe
  2⤵
  PID:5012
- C:\Windows\System\eMsRIVe.exe
  C:\Windows\System\eMsRIVe.exe
  2⤵
  PID:5032
- C:\Windows\System\SFzppRI.exe
  C:\Windows\System\SFzppRI.exe
  2⤵
  PID:5052
- C:\Windows\System\GHVGdcU.exe
  C:\Windows\System\GHVGdcU.exe
  2⤵
  PID:5072
- C:\Windows\System\MKNbbQF.exe
  C:\Windows\System\MKNbbQF.exe
  2⤵
  PID:5096
- C:\Windows\System\gVsTVyo.exe
  C:\Windows\System\gVsTVyo.exe
  2⤵
  PID:5116
- C:\Windows\System\yGBxSzL.exe
  C:\Windows\System\yGBxSzL.exe
  2⤵
  PID:1924
- C:\Windows\System\wEdoLtw.exe
  C:\Windows\System\wEdoLtw.exe
  2⤵
  PID:1764
- C:\Windows\System\LFqMPis.exe
  C:\Windows\System\LFqMPis.exe
  2⤵
  PID:3140
- C:\Windows\System\pctDwnq.exe
  C:\Windows\System\pctDwnq.exe
  2⤵
  PID:3256
- C:\Windows\System\DWoMKxx.exe
  C:\Windows\System\DWoMKxx.exe
  2⤵
  PID:3336
- C:\Windows\System\lRBwCfI.exe
  C:\Windows\System\lRBwCfI.exe
  2⤵
  PID:3112
- C:\Windows\System\QTWSpBb.exe
  C:\Windows\System\QTWSpBb.exe
  2⤵
  PID:3396
- C:\Windows\System\VMeXfRk.exe
  C:\Windows\System\VMeXfRk.exe
  2⤵
  PID:3460
- C:\Windows\System\FTNJGog.exe
  C:\Windows\System\FTNJGog.exe
  2⤵
  PID:3548
- C:\Windows\System\famqFIN.exe
  C:\Windows\System\famqFIN.exe
  2⤵
  PID:3812
- C:\Windows\System\hWFOVpK.exe
  C:\Windows\System\hWFOVpK.exe
  2⤵
  PID:3976
- C:\Windows\System\uuYhoPM.exe
  C:\Windows\System\uuYhoPM.exe
  2⤵
  PID:3936
- C:\Windows\System\SGRtCLJ.exe
  C:\Windows\System\SGRtCLJ.exe
  2⤵
  PID:1516
- C:\Windows\System\lNOTgCh.exe
  C:\Windows\System\lNOTgCh.exe
  2⤵
  PID:4020
- C:\Windows\System\GHzVUpE.exe
  C:\Windows\System\GHzVUpE.exe
  2⤵
  PID:2600
- C:\Windows\System\NipAkth.exe
  C:\Windows\System\NipAkth.exe
  2⤵
  PID:4208
- C:\Windows\System\sOIShVu.exe
  C:\Windows\System\sOIShVu.exe
  2⤵
  PID:4116
- C:\Windows\System\bzDmHmn.exe
  C:\Windows\System\bzDmHmn.exe
  2⤵
  PID:4252
- C:\Windows\System\XxfKfNY.exe
  C:\Windows\System\XxfKfNY.exe
  2⤵
  PID:4188
- C:\Windows\System\nAQPUIq.exe
  C:\Windows\System\nAQPUIq.exe
  2⤵
  PID:4308
- C:\Windows\System\lbYrnuQ.exe
  C:\Windows\System\lbYrnuQ.exe
  2⤵
  PID:4264
- C:\Windows\System\iXrmaIH.exe
  C:\Windows\System\iXrmaIH.exe
  2⤵
  PID:4348
- C:\Windows\System\eHQEBxb.exe
  C:\Windows\System\eHQEBxb.exe
  2⤵
  PID:4320
- C:\Windows\System\etjzznT.exe
  C:\Windows\System\etjzznT.exe
  2⤵
  PID:4364
- C:\Windows\System\EXSznfk.exe
  C:\Windows\System\EXSznfk.exe
  2⤵
  PID:4372
- C:\Windows\System\YbxfBPF.exe
  C:\Windows\System\YbxfBPF.exe
  2⤵
  PID:4404
- C:\Windows\System\JifNRgR.exe
  C:\Windows\System\JifNRgR.exe
  2⤵
  PID:4448
- C:\Windows\System\WeezcdA.exe
  C:\Windows\System\WeezcdA.exe
  2⤵
  PID:4544
- C:\Windows\System\qtsAJCe.exe
  C:\Windows\System\qtsAJCe.exe
  2⤵
  PID:4528
- C:\Windows\System\JhzdJGK.exe
  C:\Windows\System\JhzdJGK.exe
  2⤵
  PID:4616
- C:\Windows\System\KNXabMa.exe
  C:\Windows\System\KNXabMa.exe
  2⤵
  PID:4624
- C:\Windows\System\TIpXYYv.exe
  C:\Windows\System\TIpXYYv.exe
  2⤵
  PID:4704
- C:\Windows\System\cLRuiRs.exe
  C:\Windows\System\cLRuiRs.exe
  2⤵
  PID:4780
- C:\Windows\System\hYYFzaA.exe
  C:\Windows\System\hYYFzaA.exe
  2⤵
  PID:4824
- C:\Windows\System\wbqYOvk.exe
  C:\Windows\System\wbqYOvk.exe
  2⤵
  PID:4644
- C:\Windows\System\skjBxzv.exe
  C:\Windows\System\skjBxzv.exe
  2⤵
  PID:4764
- C:\Windows\System\gLMycEH.exe
  C:\Windows\System\gLMycEH.exe
  2⤵
  PID:4844
- C:\Windows\System\gLNQbJr.exe
  C:\Windows\System\gLNQbJr.exe
  2⤵
  PID:4848
- C:\Windows\System\gLPlpaS.exe
  C:\Windows\System\gLPlpaS.exe
  2⤵
  PID:4944
- C:\Windows\System\kqzhGrR.exe
  C:\Windows\System\kqzhGrR.exe
  2⤵
  PID:4980
- C:\Windows\System\RvvAGIG.exe
  C:\Windows\System\RvvAGIG.exe
  2⤵
  PID:4892
- C:\Windows\System\LNVMspd.exe
  C:\Windows\System\LNVMspd.exe
  2⤵
  PID:5064
- C:\Windows\System\tTvqizi.exe
  C:\Windows\System\tTvqizi.exe
  2⤵
  PID:4928
- C:\Windows\System\eiiQkfj.exe
  C:\Windows\System\eiiQkfj.exe
  2⤵
  PID:5008
- C:\Windows\System\katrcqM.exe
  C:\Windows\System\katrcqM.exe
  2⤵
  PID:900
- C:\Windows\System\HCGMTCJ.exe
  C:\Windows\System\HCGMTCJ.exe
  2⤵
  PID:5092
- C:\Windows\System\GGOEeFP.exe
  C:\Windows\System\GGOEeFP.exe
  2⤵
  PID:2864
- C:\Windows\System\CqgSMaE.exe
  C:\Windows\System\CqgSMaE.exe
  2⤵
  PID:3632
- C:\Windows\System\BEeLkOb.exe
  C:\Windows\System\BEeLkOb.exe
  2⤵
  PID:3116
- C:\Windows\System\DvpPZSj.exe
  C:\Windows\System\DvpPZSj.exe
  2⤵
  PID:3276
- C:\Windows\System\yquqSXY.exe
  C:\Windows\System\yquqSXY.exe
  2⤵
  PID:3620
- C:\Windows\System\dBPdHkV.exe
  C:\Windows\System\dBPdHkV.exe
  2⤵
  PID:3992
- C:\Windows\System\shakqEH.exe
  C:\Windows\System\shakqEH.exe
  2⤵
  PID:3876
- C:\Windows\System\cDGWDeV.exe
  C:\Windows\System\cDGWDeV.exe
  2⤵
  PID:4168
- C:\Windows\System\YWubmDx.exe
  C:\Windows\System\YWubmDx.exe
  2⤵
  PID:4192
- C:\Windows\System\dhzrFxj.exe
  C:\Windows\System\dhzrFxj.exe
  2⤵
  PID:1600
- C:\Windows\System\ZlpTMox.exe
  C:\Windows\System\ZlpTMox.exe
  2⤵
  PID:4272
- C:\Windows\System\drjukmp.exe
  C:\Windows\System\drjukmp.exe
  2⤵
  PID:4388
- C:\Windows\System\xxqhcCq.exe
  C:\Windows\System\xxqhcCq.exe
  2⤵
  PID:4368
- C:\Windows\System\evCUjLc.exe
  C:\Windows\System\evCUjLc.exe
  2⤵
  PID:4444
- C:\Windows\System\GRzvpzK.exe
  C:\Windows\System\GRzvpzK.exe
  2⤵
  PID:4420
- C:\Windows\System\baqBfAu.exe
  C:\Windows\System\baqBfAu.exe
  2⤵
  PID:4524
- C:\Windows\System\MgCTaCS.exe
  C:\Windows\System\MgCTaCS.exe
  2⤵
  PID:4600
- C:\Windows\System\bPNocbN.exe
  C:\Windows\System\bPNocbN.exe
  2⤵
  PID:4604
- C:\Windows\System\OAfZFAm.exe
  C:\Windows\System\OAfZFAm.exe
  2⤵
  PID:4740
- C:\Windows\System\oGvsddu.exe
  C:\Windows\System\oGvsddu.exe
  2⤵
  PID:4784
- C:\Windows\System\oNqeZms.exe
  C:\Windows\System\oNqeZms.exe
  2⤵
  PID:4828
- C:\Windows\System\yxXJFgt.exe
  C:\Windows\System\yxXJFgt.exe
  2⤵
  PID:4804
- C:\Windows\System\iwXCpjP.exe
  C:\Windows\System\iwXCpjP.exe
  2⤵
  PID:4984
- C:\Windows\System\OnweDAN.exe
  C:\Windows\System\OnweDAN.exe
  2⤵
  PID:4932
- C:\Windows\System\PYOwSQx.exe
  C:\Windows\System\PYOwSQx.exe
  2⤵
  PID:4968
- C:\Windows\System\XarzjgM.exe
  C:\Windows\System\XarzjgM.exe
  2⤵
  PID:4964
- C:\Windows\System\NNAqdey.exe
  C:\Windows\System\NNAqdey.exe
  2⤵
  PID:5044
- C:\Windows\System\eWOiRdC.exe
  C:\Windows\System\eWOiRdC.exe
  2⤵
  PID:3456
- C:\Windows\System\DsZoLdj.exe
  C:\Windows\System\DsZoLdj.exe
  2⤵
  PID:3716
- C:\Windows\System\BqMDiuW.exe
  C:\Windows\System\BqMDiuW.exe
  2⤵
  PID:3828
- C:\Windows\System\XqhMqmK.exe
  C:\Windows\System\XqhMqmK.exe
  2⤵
  PID:5136
- C:\Windows\System\FNBUMXn.exe
  C:\Windows\System\FNBUMXn.exe
  2⤵
  PID:5156
- C:\Windows\System\lMJLhbx.exe
  C:\Windows\System\lMJLhbx.exe
  2⤵
  PID:5176
- C:\Windows\System\VUBSCGQ.exe
  C:\Windows\System\VUBSCGQ.exe
  2⤵
  PID:5200
- C:\Windows\System\pmRZXrW.exe
  C:\Windows\System\pmRZXrW.exe
  2⤵
  PID:5220
- C:\Windows\System\OrKBqaI.exe
  C:\Windows\System\OrKBqaI.exe
  2⤵
  PID:5240
- C:\Windows\System\divyRCq.exe
  C:\Windows\System\divyRCq.exe
  2⤵
  PID:5256
- C:\Windows\System\kZiueiI.exe
  C:\Windows\System\kZiueiI.exe
  2⤵
  PID:5272
- C:\Windows\System\CWbYLGV.exe
  C:\Windows\System\CWbYLGV.exe
  2⤵
  PID:5292
- C:\Windows\System\QOlvffS.exe
  C:\Windows\System\QOlvffS.exe
  2⤵
  PID:5312
- C:\Windows\System\nrgZbQM.exe
  C:\Windows\System\nrgZbQM.exe
  2⤵
  PID:5332
- C:\Windows\System\uJzqQgy.exe
  C:\Windows\System\uJzqQgy.exe
  2⤵
  PID:5356
- C:\Windows\System\STtrqlR.exe
  C:\Windows\System\STtrqlR.exe
  2⤵
  PID:5384
- C:\Windows\System\niAfYLX.exe
  C:\Windows\System\niAfYLX.exe
  2⤵
  PID:5404
- C:\Windows\System\njOQGjY.exe
  C:\Windows\System\njOQGjY.exe
  2⤵
  PID:5420
- C:\Windows\System\DBSlmXe.exe
  C:\Windows\System\DBSlmXe.exe
  2⤵
  PID:5444
- C:\Windows\System\yEJmjIu.exe
  C:\Windows\System\yEJmjIu.exe
  2⤵
  PID:5460
- C:\Windows\System\UMNqybv.exe
  C:\Windows\System\UMNqybv.exe
  2⤵
  PID:5484
- C:\Windows\System\WLHOrUk.exe
  C:\Windows\System\WLHOrUk.exe
  2⤵
  PID:5500
- C:\Windows\System\laxfXKV.exe
  C:\Windows\System\laxfXKV.exe
  2⤵
  PID:5524
- C:\Windows\System\IuDySUY.exe
  C:\Windows\System\IuDySUY.exe
  2⤵
  PID:5540
- C:\Windows\System\RJLZPyr.exe
  C:\Windows\System\RJLZPyr.exe
  2⤵
  PID:5560
- C:\Windows\System\CtvXpXi.exe
  C:\Windows\System\CtvXpXi.exe
  2⤵
  PID:5580
- C:\Windows\System\ZWIaTbb.exe
  C:\Windows\System\ZWIaTbb.exe
  2⤵
  PID:5596
- C:\Windows\System\NBZjiEF.exe
  C:\Windows\System\NBZjiEF.exe
  2⤵
  PID:5620
- C:\Windows\System\JmoyZcF.exe
  C:\Windows\System\JmoyZcF.exe
  2⤵
  PID:5636
- C:\Windows\System\JwKoxqD.exe
  C:\Windows\System\JwKoxqD.exe
  2⤵
  PID:5664
- C:\Windows\System\eqGJvtX.exe
  C:\Windows\System\eqGJvtX.exe
  2⤵
  PID:5680
- C:\Windows\System\vwoiTen.exe
  C:\Windows\System\vwoiTen.exe
  2⤵
  PID:5700
- C:\Windows\System\lRxncru.exe
  C:\Windows\System\lRxncru.exe
  2⤵
  PID:5724
- C:\Windows\System\tpHbIwb.exe
  C:\Windows\System\tpHbIwb.exe
  2⤵
  PID:5740
- C:\Windows\System\DRjvNGV.exe
  C:\Windows\System\DRjvNGV.exe
  2⤵
  PID:5760
- C:\Windows\System\hgCDVMe.exe
  C:\Windows\System\hgCDVMe.exe
  2⤵
  PID:5780
- C:\Windows\System\NirbhDT.exe
  C:\Windows\System\NirbhDT.exe
  2⤵
  PID:5804
- C:\Windows\System\JoYlnMZ.exe
  C:\Windows\System\JoYlnMZ.exe
  2⤵
  PID:5820
- C:\Windows\System\MzjCxIb.exe
  C:\Windows\System\MzjCxIb.exe
  2⤵
  PID:5844
- C:\Windows\System\ONbGffx.exe
  C:\Windows\System\ONbGffx.exe
  2⤵
  PID:5864
- C:\Windows\System\myejaRm.exe
  C:\Windows\System\myejaRm.exe
  2⤵
  PID:5884
- C:\Windows\System\pZXOKEU.exe
  C:\Windows\System\pZXOKEU.exe
  2⤵
  PID:5900
- C:\Windows\System\VLlPCAB.exe
  C:\Windows\System\VLlPCAB.exe
  2⤵
  PID:5920
- C:\Windows\System\zNVfRKg.exe
  C:\Windows\System\zNVfRKg.exe
  2⤵
  PID:5940
- C:\Windows\System\CcITUTF.exe
  C:\Windows\System\CcITUTF.exe
  2⤵
  PID:5960
- C:\Windows\System\HmZeCek.exe
  C:\Windows\System\HmZeCek.exe
  2⤵
  PID:5984
- C:\Windows\System\GbzIYWI.exe
  C:\Windows\System\GbzIYWI.exe
  2⤵
  PID:6004
- C:\Windows\System\dxSxmVQ.exe
  C:\Windows\System\dxSxmVQ.exe
  2⤵
  PID:6024
- C:\Windows\System\DapNTUn.exe
  C:\Windows\System\DapNTUn.exe
  2⤵
  PID:6044
- C:\Windows\System\RSnuxDZ.exe
  C:\Windows\System\RSnuxDZ.exe
  2⤵
  PID:6064
- C:\Windows\System\wJoghVh.exe
  C:\Windows\System\wJoghVh.exe
  2⤵
  PID:6084
- C:\Windows\System\GphSYQE.exe
  C:\Windows\System\GphSYQE.exe
  2⤵
  PID:6104
- C:\Windows\System\fZqUyST.exe
  C:\Windows\System\fZqUyST.exe
  2⤵
  PID:6124
- C:\Windows\System\wfLDyvl.exe
  C:\Windows\System\wfLDyvl.exe
  2⤵
  PID:3564
- C:\Windows\System\cWlLmuT.exe
  C:\Windows\System\cWlLmuT.exe
  2⤵
  PID:3720
- C:\Windows\System\SVZFGdD.exe
  C:\Windows\System\SVZFGdD.exe
  2⤵
  PID:4228
- C:\Windows\System\doHhBZb.exe
  C:\Windows\System\doHhBZb.exe
  2⤵
  PID:4172
- C:\Windows\System\aCRautU.exe
  C:\Windows\System\aCRautU.exe
  2⤵
  PID:4300
- C:\Windows\System\nEUCnXi.exe
  C:\Windows\System\nEUCnXi.exe
  2⤵
  PID:4112
- C:\Windows\System\ueANbgt.exe
  C:\Windows\System\ueANbgt.exe
  2⤵
  PID:4504
- C:\Windows\System\fHinCxN.exe
  C:\Windows\System\fHinCxN.exe
  2⤵
  PID:4664
- C:\Windows\System\RoTQtQt.exe
  C:\Windows\System\RoTQtQt.exe
  2⤵
  PID:4792
- C:\Windows\System\xlDAWKr.exe
  C:\Windows\System\xlDAWKr.exe
  2⤵
  PID:4872
- C:\Windows\System\tdTeFFe.exe
  C:\Windows\System\tdTeFFe.exe
  2⤵
  PID:4888
- C:\Windows\System\DutHdQr.exe
  C:\Windows\System\DutHdQr.exe
  2⤵
  PID:4808
- C:\Windows\System\WqrrsDR.exe
  C:\Windows\System\WqrrsDR.exe
  2⤵
  PID:5004
- C:\Windows\System\zwMcVuL.exe
  C:\Windows\System\zwMcVuL.exe
  2⤵
  PID:5024
- C:\Windows\System\xrLYtEW.exe
  C:\Windows\System\xrLYtEW.exe
  2⤵
  PID:3412
- C:\Windows\System\lUIpNaE.exe
  C:\Windows\System\lUIpNaE.exe
  2⤵
  PID:5148
- C:\Windows\System\TcjkKBT.exe
  C:\Windows\System\TcjkKBT.exe
  2⤵
  PID:5124
- C:\Windows\System\fJbSKVe.exe
  C:\Windows\System\fJbSKVe.exe
  2⤵
  PID:5168
- C:\Windows\System\VwqMfGV.exe
  C:\Windows\System\VwqMfGV.exe
  2⤵
  PID:5232
- C:\Windows\System\nzkppEF.exe
  C:\Windows\System\nzkppEF.exe
  2⤵
  PID:5300
- C:\Windows\System\gbRTKdU.exe
  C:\Windows\System\gbRTKdU.exe
  2⤵
  PID:5288
- C:\Windows\System\DIQhSFk.exe
  C:\Windows\System\DIQhSFk.exe
  2⤵
  PID:5392
- C:\Windows\System\EuISJom.exe
  C:\Windows\System\EuISJom.exe
  2⤵
  PID:5328
- C:\Windows\System\BkzvFDX.exe
  C:\Windows\System\BkzvFDX.exe
  2⤵
  PID:5400
- C:\Windows\System\jStiVXy.exe
  C:\Windows\System\jStiVXy.exe
  2⤵
  PID:5428
- C:\Windows\System\UCYfZkJ.exe
  C:\Windows\System\UCYfZkJ.exe
  2⤵
  PID:5188
- C:\Windows\System\LCIPqTn.exe
  C:\Windows\System\LCIPqTn.exe
  2⤵
  PID:5456
- C:\Windows\System\ICyVGqR.exe
  C:\Windows\System\ICyVGqR.exe
  2⤵
  PID:5520
- C:\Windows\System\CcWQapa.exe
  C:\Windows\System\CcWQapa.exe
  2⤵
  PID:5536
- C:\Windows\System\nWyyyNV.exe
  C:\Windows\System\nWyyyNV.exe
  2⤵
  PID:5628
- C:\Windows\System\TXgaEou.exe
  C:\Windows\System\TXgaEou.exe
  2⤵
  PID:5608
- C:\Windows\System\JtYrTsO.exe
  C:\Windows\System\JtYrTsO.exe
  2⤵
  PID:5572
- C:\Windows\System\pIIuIcg.exe
  C:\Windows\System\pIIuIcg.exe
  2⤵
  PID:5672
- C:\Windows\System\FVIFALm.exe
  C:\Windows\System\FVIFALm.exe
  2⤵
  PID:5696
- C:\Windows\System\XNdODPL.exe
  C:\Windows\System\XNdODPL.exe
  2⤵
  PID:5736
- C:\Windows\System\XRMbBBm.exe
  C:\Windows\System\XRMbBBm.exe
  2⤵
  PID:5792
- C:\Windows\System\IIbzQRg.exe
  C:\Windows\System\IIbzQRg.exe
  2⤵
  PID:5828
- C:\Windows\System\BvVUqnZ.exe
  C:\Windows\System\BvVUqnZ.exe
  2⤵
  PID:5872
- C:\Windows\System\QYyNHKH.exe
  C:\Windows\System\QYyNHKH.exe
  2⤵
  PID:5860
- C:\Windows\System\BkbXxEJ.exe
  C:\Windows\System\BkbXxEJ.exe
  2⤵
  PID:5956
- C:\Windows\System\FXVmCXC.exe
  C:\Windows\System\FXVmCXC.exe
  2⤵
  PID:5892
- C:\Windows\System\cbzUHGc.exe
  C:\Windows\System\cbzUHGc.exe
  2⤵
  PID:5992
- C:\Windows\System\UEWYqJu.exe
  C:\Windows\System\UEWYqJu.exe
  2⤵
  PID:6040
- C:\Windows\System\YOXvHsT.exe
  C:\Windows\System\YOXvHsT.exe
  2⤵
  PID:6016
- C:\Windows\System\vDoJRnI.exe
  C:\Windows\System\vDoJRnI.exe
  2⤵
  PID:6060
- C:\Windows\System\rfKGbGd.exe
  C:\Windows\System\rfKGbGd.exe
  2⤵
  PID:6100
- C:\Windows\System\HjlMOds.exe
  C:\Windows\System\HjlMOds.exe
  2⤵
  PID:1996
- C:\Windows\System\CIculKH.exe
  C:\Windows\System\CIculKH.exe
  2⤵
  PID:6136
- C:\Windows\System\bZxqNNg.exe
  C:\Windows\System\bZxqNNg.exe
  2⤵
  PID:3816
- C:\Windows\System\oWgxJYB.exe
  C:\Windows\System\oWgxJYB.exe
  2⤵
  PID:4568
- C:\Windows\System\RBZZDJF.exe
  C:\Windows\System\RBZZDJF.exe
  2⤵
  PID:4868
- C:\Windows\System\zsJIiqi.exe
  C:\Windows\System\zsJIiqi.exe
  2⤵
  PID:4720
- C:\Windows\System\gkOokWZ.exe
  C:\Windows\System\gkOokWZ.exe
  2⤵
  PID:5028
- C:\Windows\System\InryakC.exe
  C:\Windows\System\InryakC.exe
  2⤵
  PID:3432
- C:\Windows\System\kxBQPBh.exe
  C:\Windows\System\kxBQPBh.exe
  2⤵
  PID:2644
- C:\Windows\System\TPhfHhj.exe
  C:\Windows\System\TPhfHhj.exe
  2⤵
  PID:3672
- C:\Windows\System\wYMFzWa.exe
  C:\Windows\System\wYMFzWa.exe
  2⤵
  PID:5216
- C:\Windows\System\UmixilR.exe
  C:\Windows\System\UmixilR.exe
  2⤵
  PID:5212
- C:\Windows\System\IzIrIQq.exe
  C:\Windows\System\IzIrIQq.exe
  2⤵
  PID:5228
- C:\Windows\System\CJlWRpq.exe
  C:\Windows\System\CJlWRpq.exe
  2⤵
  PID:5372
- C:\Windows\System\DknxtGX.exe
  C:\Windows\System\DknxtGX.exe
  2⤵
  PID:5416
- C:\Windows\System\Spirngb.exe
  C:\Windows\System\Spirngb.exe
  2⤵
  PID:5376
- C:\Windows\System\EXOaKXO.exe
  C:\Windows\System\EXOaKXO.exe
  2⤵
  PID:5512
- C:\Windows\System\aJjKiDR.exe
  C:\Windows\System\aJjKiDR.exe
  2⤵
  PID:5592
- C:\Windows\System\yGAXQij.exe
  C:\Windows\System\yGAXQij.exe
  2⤵
  PID:5644
- C:\Windows\System\ulWsbAQ.exe
  C:\Windows\System\ulWsbAQ.exe
  2⤵
  PID:5576
- C:\Windows\System\QdYJTWL.exe
  C:\Windows\System\QdYJTWL.exe
  2⤵
  PID:5648
- C:\Windows\System\fnmLZfg.exe
  C:\Windows\System\fnmLZfg.exe
  2⤵
  PID:5800
- C:\Windows\System\pTJjznE.exe
  C:\Windows\System\pTJjznE.exe
  2⤵
  PID:5908
- C:\Windows\System\TWhgrlF.exe
  C:\Windows\System\TWhgrlF.exe
  2⤵
  PID:5912
- C:\Windows\System\bRrCooz.exe
  C:\Windows\System\bRrCooz.exe
  2⤵
  PID:5952
- C:\Windows\System\SCVVube.exe
  C:\Windows\System\SCVVube.exe
  2⤵
  PID:6072
- C:\Windows\System\vavFQZf.exe
  C:\Windows\System\vavFQZf.exe
  2⤵
  PID:5996
- C:\Windows\System\sIaUnCy.exe
  C:\Windows\System\sIaUnCy.exe
  2⤵
  PID:6120
- C:\Windows\System\jUbOGwY.exe
  C:\Windows\System\jUbOGwY.exe
  2⤵
  PID:4276
- C:\Windows\System\kXyWjSo.exe
  C:\Windows\System\kXyWjSo.exe
  2⤵
  PID:4076
- C:\Windows\System\pQgJJUG.exe
  C:\Windows\System\pQgJJUG.exe
  2⤵
  PID:4336
- C:\Windows\System\FFcJSKP.exe
  C:\Windows\System\FFcJSKP.exe
  2⤵
  PID:4748
- C:\Windows\System\wNPKDoO.exe
  C:\Windows\System\wNPKDoO.exe
  2⤵
  PID:5144
- C:\Windows\System\rGXdcUv.exe
  C:\Windows\System\rGXdcUv.exe
  2⤵
  PID:4760
- C:\Windows\System\oSoYJbI.exe
  C:\Windows\System\oSoYJbI.exe
  2⤵
  PID:5352
- C:\Windows\System\dYLjOWx.exe
  C:\Windows\System\dYLjOWx.exe
  2⤵
  PID:5196
- C:\Windows\System\cxDmYWL.exe
  C:\Windows\System\cxDmYWL.exe
  2⤵
  PID:5340
- C:\Windows\System\gRUveRj.exe
  C:\Windows\System\gRUveRj.exe
  2⤵
  PID:6168
- C:\Windows\System\NcxaGXS.exe
  C:\Windows\System\NcxaGXS.exe
  2⤵
  PID:6188
- C:\Windows\System\KlPzffj.exe
  C:\Windows\System\KlPzffj.exe
  2⤵
  PID:6208
- C:\Windows\System\zaMVLFf.exe
  C:\Windows\System\zaMVLFf.exe
  2⤵
  PID:6228
- C:\Windows\System\etEPUvG.exe
  C:\Windows\System\etEPUvG.exe
  2⤵
  PID:6248
- C:\Windows\System\CTBehnX.exe
  C:\Windows\System\CTBehnX.exe
  2⤵
  PID:6272
- C:\Windows\System\vjkmgDk.exe
  C:\Windows\System\vjkmgDk.exe
  2⤵
  PID:6292
- C:\Windows\System\PUwXEVM.exe
  C:\Windows\System\PUwXEVM.exe
  2⤵
  PID:6308
- C:\Windows\System\aeRofsM.exe
  C:\Windows\System\aeRofsM.exe
  2⤵
  PID:6332
- C:\Windows\System\OCxWBGF.exe
  C:\Windows\System\OCxWBGF.exe
  2⤵
  PID:6348
- C:\Windows\System\SCmnnBr.exe
  C:\Windows\System\SCmnnBr.exe
  2⤵
  PID:6376
- C:\Windows\System\NWyLETn.exe
  C:\Windows\System\NWyLETn.exe
  2⤵
  PID:6392
- C:\Windows\System\tpTjCOY.exe
  C:\Windows\System\tpTjCOY.exe
  2⤵
  PID:6416
- C:\Windows\System\TQheKVm.exe
  C:\Windows\System\TQheKVm.exe
  2⤵
  PID:6432
- C:\Windows\System\JVolxOE.exe
  C:\Windows\System\JVolxOE.exe
  2⤵
  PID:6456
- C:\Windows\System\ZlohqzQ.exe
  C:\Windows\System\ZlohqzQ.exe
  2⤵
  PID:6476
- C:\Windows\System\mjQaSOu.exe
  C:\Windows\System\mjQaSOu.exe
  2⤵
  PID:6496
- C:\Windows\System\EQIaWKX.exe
  C:\Windows\System\EQIaWKX.exe
  2⤵
  PID:6516
- C:\Windows\System\gizBmcF.exe
  C:\Windows\System\gizBmcF.exe
  2⤵
  PID:6536
- C:\Windows\System\QDcBwOh.exe
  C:\Windows\System\QDcBwOh.exe
  2⤵
  PID:6552
- C:\Windows\System\wEeIxcw.exe
  C:\Windows\System\wEeIxcw.exe
  2⤵
  PID:6572
- C:\Windows\System\AVPoXYb.exe
  C:\Windows\System\AVPoXYb.exe
  2⤵
  PID:6596
- C:\Windows\System\UoKIDJR.exe
  C:\Windows\System\UoKIDJR.exe
  2⤵
  PID:6612
- C:\Windows\System\cWjuVhf.exe
  C:\Windows\System\cWjuVhf.exe
  2⤵
  PID:6632
- C:\Windows\System\sHfRJIJ.exe
  C:\Windows\System\sHfRJIJ.exe
  2⤵
  PID:6656
- C:\Windows\System\NqrZJee.exe
  C:\Windows\System\NqrZJee.exe
  2⤵
  PID:6676
- C:\Windows\System\KXYBCer.exe
  C:\Windows\System\KXYBCer.exe
  2⤵
  PID:6696
- C:\Windows\System\jPCDuMH.exe
  C:\Windows\System\jPCDuMH.exe
  2⤵
  PID:6712
- C:\Windows\System\WlFMqFl.exe
  C:\Windows\System\WlFMqFl.exe
  2⤵
  PID:6736
- C:\Windows\System\wlsXJlS.exe
  C:\Windows\System\wlsXJlS.exe
  2⤵
  PID:6752
- C:\Windows\System\BUnJVDs.exe
  C:\Windows\System\BUnJVDs.exe
  2⤵
  PID:6772
- C:\Windows\System\YcSLRfv.exe
  C:\Windows\System\YcSLRfv.exe
  2⤵
  PID:6796
- C:\Windows\System\NYFjBeN.exe
  C:\Windows\System\NYFjBeN.exe
  2⤵
  PID:6816
- C:\Windows\System\toOYaMZ.exe
  C:\Windows\System\toOYaMZ.exe
  2⤵
  PID:6832
- C:\Windows\System\CyGwgeO.exe
  C:\Windows\System\CyGwgeO.exe
  2⤵
  PID:6852
- C:\Windows\System\WNomxUe.exe
  C:\Windows\System\WNomxUe.exe
  2⤵
  PID:6876
- C:\Windows\System\KRLTOAb.exe
  C:\Windows\System\KRLTOAb.exe
  2⤵
  PID:6896
- C:\Windows\System\tsaXlWO.exe
  C:\Windows\System\tsaXlWO.exe
  2⤵
  PID:6916
- C:\Windows\System\XSXBXrX.exe
  C:\Windows\System\XSXBXrX.exe
  2⤵
  PID:6940
- C:\Windows\System\VoNwYLO.exe
  C:\Windows\System\VoNwYLO.exe
  2⤵
  PID:6960
- C:\Windows\System\LWUYVkA.exe
  C:\Windows\System\LWUYVkA.exe
  2⤵
  PID:6980
- C:\Windows\System\KiJmnMC.exe
  C:\Windows\System\KiJmnMC.exe
  2⤵
  PID:6996
- C:\Windows\System\DgNOSEA.exe
  C:\Windows\System\DgNOSEA.exe
  2⤵
  PID:7016
- C:\Windows\System\fFdVQZV.exe
  C:\Windows\System\fFdVQZV.exe
  2⤵
  PID:7036
- C:\Windows\System\MtBZTZu.exe
  C:\Windows\System\MtBZTZu.exe
  2⤵
  PID:7056
- C:\Windows\System\cjZmSBC.exe
  C:\Windows\System\cjZmSBC.exe
  2⤵
  PID:7076
- C:\Windows\System\WZaHbJu.exe
  C:\Windows\System\WZaHbJu.exe
  2⤵
  PID:7092
- C:\Windows\System\irSgOVN.exe
  C:\Windows\System\irSgOVN.exe
  2⤵
  PID:7112
- C:\Windows\System\zXSvYXy.exe
  C:\Windows\System\zXSvYXy.exe
  2⤵
  PID:7140
- C:\Windows\System\lloCKTs.exe
  C:\Windows\System\lloCKTs.exe
  2⤵
  PID:7160
- C:\Windows\System\unbFohC.exe
  C:\Windows\System\unbFohC.exe
  2⤵
  PID:5344
- C:\Windows\System\dhkBkSx.exe
  C:\Windows\System\dhkBkSx.exe
  2⤵
  PID:5480
- C:\Windows\System\dHIVHuy.exe
  C:\Windows\System\dHIVHuy.exe
  2⤵
  PID:5548
- C:\Windows\System\vEARkij.exe
  C:\Windows\System\vEARkij.exe
  2⤵
  PID:5568
- C:\Windows\System\hUiEEcK.exe
  C:\Windows\System\hUiEEcK.exe
  2⤵
  PID:2620
- C:\Windows\System\ZerJUsA.exe
  C:\Windows\System\ZerJUsA.exe
  2⤵
  PID:5840
- C:\Windows\System\HxZnRrJ.exe
  C:\Windows\System\HxZnRrJ.exe
  2⤵
  PID:5932
- C:\Windows\System\vgKwwwU.exe
  C:\Windows\System\vgKwwwU.exe
  2⤵
  PID:5968
- C:\Windows\System\tRsWnnw.exe
  C:\Windows\System\tRsWnnw.exe
  2⤵
  PID:6012
- C:\Windows\System\ELpahCb.exe
  C:\Windows\System\ELpahCb.exe
  2⤵
  PID:4152
- C:\Windows\System\ViulvIN.exe
  C:\Windows\System\ViulvIN.exe
  2⤵
  PID:3772
- C:\Windows\System\NTLppnX.exe
  C:\Windows\System\NTLppnX.exe
  2⤵
  PID:4424
- C:\Windows\System\JnVKFaM.exe
  C:\Windows\System\JnVKFaM.exe
  2⤵
  PID:4884
- C:\Windows\System\iZpdGTy.exe
  C:\Windows\System\iZpdGTy.exe
  2⤵
  PID:3088
- C:\Windows\System\XGqbrog.exe
  C:\Windows\System\XGqbrog.exe
  2⤵
  PID:5268
- C:\Windows\System\WuzStQd.exe
  C:\Windows\System\WuzStQd.exe
  2⤵
  PID:5248
- C:\Windows\System\UmRRdzE.exe
  C:\Windows\System\UmRRdzE.exe
  2⤵
  PID:6176
- C:\Windows\System\EfWmwtI.exe
  C:\Windows\System\EfWmwtI.exe
  2⤵
  PID:6236
- C:\Windows\System\BcOfhgf.exe
  C:\Windows\System\BcOfhgf.exe
  2⤵
  PID:6280
- C:\Windows\System\YrSudMS.exe
  C:\Windows\System\YrSudMS.exe
  2⤵
  PID:6284
- C:\Windows\System\mBuyHkE.exe
  C:\Windows\System\mBuyHkE.exe
  2⤵
  PID:6328
- C:\Windows\System\eggTekP.exe
  C:\Windows\System\eggTekP.exe
  2⤵
  PID:6340
- C:\Windows\System\lmOtckK.exe
  C:\Windows\System\lmOtckK.exe
  2⤵
  PID:6400
- C:\Windows\System\wgOtQJz.exe
  C:\Windows\System\wgOtQJz.exe
  2⤵
  PID:6408
- C:\Windows\System\wkebJtu.exe
  C:\Windows\System\wkebJtu.exe
  2⤵
  PID:6444
- C:\Windows\System\pmWzXEL.exe
  C:\Windows\System\pmWzXEL.exe
  2⤵
  PID:6484
- C:\Windows\System\hwXXBVH.exe
  C:\Windows\System\hwXXBVH.exe
  2⤵
  PID:6524
- C:\Windows\System\NrOBpiW.exe
  C:\Windows\System\NrOBpiW.exe
  2⤵
  PID:6532
- C:\Windows\System\zdvmdUe.exe
  C:\Windows\System\zdvmdUe.exe
  2⤵
  PID:6544
- C:\Windows\System\ipGoFTL.exe
  C:\Windows\System\ipGoFTL.exe
  2⤵
  PID:6604
- C:\Windows\System\SdxXDaN.exe
  C:\Windows\System\SdxXDaN.exe
  2⤵
  PID:6640
- C:\Windows\System\IwkhjZd.exe
  C:\Windows\System\IwkhjZd.exe
  2⤵
  PID:6628
- C:\Windows\System\XUhmDCv.exe
  C:\Windows\System\XUhmDCv.exe
  2⤵
  PID:6672
- C:\Windows\System\UnYvcOj.exe
  C:\Windows\System\UnYvcOj.exe
  2⤵
  PID:6692
- C:\Windows\System\OLUdvRJ.exe
  C:\Windows\System\OLUdvRJ.exe
  2⤵
  PID:6724
- C:\Windows\System\aeSSGtj.exe
  C:\Windows\System\aeSSGtj.exe
  2⤵
  PID:6732
- C:\Windows\System\iyompDr.exe
  C:\Windows\System\iyompDr.exe
  2⤵
  PID:6748
- C:\Windows\System\zHJDCOP.exe
  C:\Windows\System\zHJDCOP.exe
  2⤵
  PID:6808
- C:\Windows\System\JVdsCSm.exe
  C:\Windows\System\JVdsCSm.exe
  2⤵
  PID:6844
- C:\Windows\System\xShTcvE.exe
  C:\Windows\System\xShTcvE.exe
  2⤵
  PID:6928
- C:\Windows\System\AvugmrI.exe
  C:\Windows\System\AvugmrI.exe
  2⤵
  PID:6824
- C:\Windows\System\YYBroyJ.exe
  C:\Windows\System\YYBroyJ.exe
  2⤵
  PID:6904
- C:\Windows\System\RoiqkVl.exe
  C:\Windows\System\RoiqkVl.exe
  2⤵
  PID:6976
- C:\Windows\System\onOTRLK.exe
  C:\Windows\System\onOTRLK.exe
  2⤵
  PID:6988
- C:\Windows\System\roBukVv.exe
  C:\Windows\System\roBukVv.exe
  2⤵
  PID:7044
- C:\Windows\System\ulzhXhn.exe
  C:\Windows\System\ulzhXhn.exe
  2⤵
  PID:7032
- C:\Windows\System\cEVDExl.exe
  C:\Windows\System\cEVDExl.exe
  2⤵
  PID:7088
- C:\Windows\System\zsKlLAx.exe
  C:\Windows\System\zsKlLAx.exe
  2⤵
  PID:7136
- C:\Windows\System\zEgJWEw.exe
  C:\Windows\System\zEgJWEw.exe
  2⤵
  PID:5348
- C:\Windows\System\FHROpdb.exe
  C:\Windows\System\FHROpdb.exe
  2⤵
  PID:7108
- C:\Windows\System\tBZDjXV.exe
  C:\Windows\System\tBZDjXV.exe
  2⤵
  PID:5476
- C:\Windows\System\dLNldDI.exe
  C:\Windows\System\dLNldDI.exe
  2⤵
  PID:6140
- C:\Windows\System\syZCcMA.exe
  C:\Windows\System\syZCcMA.exe
  2⤵
  PID:876
- C:\Windows\System\icbedKc.exe
  C:\Windows\System\icbedKc.exe
  2⤵
  PID:2280
- C:\Windows\System\IDksNRW.exe
  C:\Windows\System\IDksNRW.exe
  2⤵
  PID:6244
- C:\Windows\System\dpNglxh.exe
  C:\Windows\System\dpNglxh.exe
  2⤵
  PID:6316
- C:\Windows\System\nKHsOQP.exe
  C:\Windows\System\nKHsOQP.exe
  2⤵
  PID:6440
- C:\Windows\System\THiJAuP.exe
  C:\Windows\System\THiJAuP.exe
  2⤵
  PID:6468
- C:\Windows\System\lbqSNsR.exe
  C:\Windows\System\lbqSNsR.exe
  2⤵
  PID:6052
- C:\Windows\System\FDqRytv.exe
  C:\Windows\System\FDqRytv.exe
  2⤵
  PID:6548
- C:\Windows\System\mOIzPMQ.exe
  C:\Windows\System\mOIzPMQ.exe
  2⤵
  PID:2332
- C:\Windows\System\CnhPizl.exe
  C:\Windows\System\CnhPizl.exe
  2⤵
  PID:2836
- C:\Windows\System\vbVpmnE.exe
  C:\Windows\System\vbVpmnE.exe
  2⤵
  PID:4908
- C:\Windows\System\CAcjpxd.exe
  C:\Windows\System\CAcjpxd.exe
  2⤵
  PID:4700
- C:\Windows\System\MqoBRhV.exe
  C:\Windows\System\MqoBRhV.exe
  2⤵
  PID:2796
- C:\Windows\System\pJzybzn.exe
  C:\Windows\System\pJzybzn.exe
  2⤵
  PID:6968
- C:\Windows\System\brbeRxo.exe
  C:\Windows\System\brbeRxo.exe
  2⤵
  PID:6260
- C:\Windows\System\PMpVasu.exe
  C:\Windows\System\PMpVasu.exe
  2⤵
  PID:7008
- C:\Windows\System\LQYvBah.exe
  C:\Windows\System\LQYvBah.exe
  2⤵
  PID:980
- C:\Windows\System\CyPIzVK.exe
  C:\Windows\System\CyPIzVK.exe
  2⤵
  PID:1548
- C:\Windows\System\bvqNJbz.exe
  C:\Windows\System\bvqNJbz.exe
  2⤵
  PID:6428
- C:\Windows\System\lUPgXme.exe
  C:\Windows\System\lUPgXme.exe
  2⤵
  PID:5516
- C:\Windows\System\hEFeqMD.exe
  C:\Windows\System\hEFeqMD.exe
  2⤵
  PID:6868
- C:\Windows\System\RmanVMn.exe
  C:\Windows\System\RmanVMn.exe
  2⤵
  PID:7120
- C:\Windows\System\qYdFkAA.exe
  C:\Windows\System\qYdFkAA.exe
  2⤵
  PID:6932
- C:\Windows\System\NmtMteY.exe
  C:\Windows\System\NmtMteY.exe
  2⤵
  PID:2704
- C:\Windows\System\lTCaIpW.exe
  C:\Windows\System\lTCaIpW.exe
  2⤵
  PID:6508
- C:\Windows\System\nLGuhAn.exe
  C:\Windows\System\nLGuhAn.exe
  2⤵
  PID:5552
- C:\Windows\System\qFWIrGa.exe
  C:\Windows\System\qFWIrGa.exe
  2⤵
  PID:5616
- C:\Windows\System\dBXUAfn.exe
  C:\Windows\System\dBXUAfn.exe
  2⤵
  PID:2588
- C:\Windows\System\QZImIPz.exe
  C:\Windows\System\QZImIPz.exe
  2⤵
  PID:6364
- C:\Windows\System\CcyBcnm.exe
  C:\Windows\System\CcyBcnm.exe
  2⤵
  PID:5876
- C:\Windows\System\oOgmqFK.exe
  C:\Windows\System\oOgmqFK.exe
  2⤵
  PID:6764
- C:\Windows\System\WuXOvNH.exe
  C:\Windows\System\WuXOvNH.exe
  2⤵
  PID:5164
- C:\Windows\System\rkGYJQU.exe
  C:\Windows\System\rkGYJQU.exe
  2⤵
  PID:6152
- C:\Windows\System\VHQmukA.exe
  C:\Windows\System\VHQmukA.exe
  2⤵
  PID:6848
- C:\Windows\System\dQyIXzg.exe
  C:\Windows\System\dQyIXzg.exe
  2⤵
  PID:5812
- C:\Windows\System\qwuiZbO.exe
  C:\Windows\System\qwuiZbO.exe
  2⤵
  PID:7128
- C:\Windows\System\KFboYdY.exe
  C:\Windows\System\KFboYdY.exe
  2⤵
  PID:6492
- C:\Windows\System\lXoPdAI.exe
  C:\Windows\System\lXoPdAI.exe
  2⤵
  PID:6892
- C:\Windows\System\kZKnuod.exe
  C:\Windows\System\kZKnuod.exe
  2⤵
  PID:6992
- C:\Windows\System\VgAQVkR.exe
  C:\Windows\System\VgAQVkR.exe
  2⤵
  PID:536
- C:\Windows\System\CCgNgow.exe
  C:\Windows\System\CCgNgow.exe
  2⤵
  PID:2768
- C:\Windows\System\mbdPZRP.exe
  C:\Windows\System\mbdPZRP.exe
  2⤵
  PID:6564
- C:\Windows\System\rTJimBR.exe
  C:\Windows\System\rTJimBR.exe
  2⤵
  PID:1640
- C:\Windows\System\qZVjfrY.exe
  C:\Windows\System\qZVjfrY.exe
  2⤵
  PID:5492
- C:\Windows\System\YVWKGBw.exe
  C:\Windows\System\YVWKGBw.exe
  2⤵
  PID:5928
- C:\Windows\System\GAaGmQR.exe
  C:\Windows\System\GAaGmQR.exe
  2⤵
  PID:6592
- C:\Windows\System\PZcdxvT.exe
  C:\Windows\System\PZcdxvT.exe
  2⤵
  PID:6720
- C:\Windows\System\PNlYKYA.exe
  C:\Windows\System\PNlYKYA.exe
  2⤵
  PID:2680
- C:\Windows\System\odrFzQt.exe
  C:\Windows\System\odrFzQt.exe
  2⤵
  PID:5368
- C:\Windows\System\ZCfUcTc.exe
  C:\Windows\System\ZCfUcTc.exe
  2⤵
  PID:6184
- C:\Windows\System\HjxiKuQ.exe
  C:\Windows\System\HjxiKuQ.exe
  2⤵
  PID:5776
- C:\Windows\System\CWFbSSe.exe
  C:\Windows\System\CWFbSSe.exe
  2⤵
  PID:2808
- C:\Windows\System\psZmjxK.exe
  C:\Windows\System\psZmjxK.exe
  2⤵
  PID:2276
- C:\Windows\System\plTKqjY.exe
  C:\Windows\System\plTKqjY.exe
  2⤵
  PID:4508
- C:\Windows\System\YKHLTRs.exe
  C:\Windows\System\YKHLTRs.exe
  2⤵
  PID:1708
- C:\Windows\System\vEMSOlc.exe
  C:\Windows\System\vEMSOlc.exe
  2⤵
  PID:2404
- C:\Windows\System\GgkmJRG.exe
  C:\Windows\System\GgkmJRG.exe
  2⤵
  PID:1100
- C:\Windows\System\TYZfLVO.exe
  C:\Windows\System\TYZfLVO.exe
  2⤵
  PID:2364
- C:\Windows\System\MNiFhip.exe
  C:\Windows\System\MNiFhip.exe
  2⤵
  PID:1636
- C:\Windows\System\OxzkvGW.exe
  C:\Windows\System\OxzkvGW.exe
  2⤵
  PID:868
- C:\Windows\System\DIbfueg.exe
  C:\Windows\System\DIbfueg.exe
  2⤵
  PID:6580
- C:\Windows\System\lkMgFNk.exe
  C:\Windows\System\lkMgFNk.exe
  2⤵
  PID:2484
- C:\Windows\System\AljmxPi.exe
  C:\Windows\System\AljmxPi.exe
  2⤵
  PID:6788
- C:\Windows\System\DFoGdBU.exe
  C:\Windows\System\DFoGdBU.exe
  2⤵
  PID:2336
- C:\Windows\System\hfydbbG.exe
  C:\Windows\System\hfydbbG.exe
  2⤵
  PID:1844
- C:\Windows\System\uGdmTGQ.exe
  C:\Windows\System\uGdmTGQ.exe
  2⤵
  PID:2956
- C:\Windows\System\DQjpoSZ.exe
  C:\Windows\System\DQjpoSZ.exe
  2⤵
  PID:6164
- C:\Windows\System\uYHEigY.exe
  C:\Windows\System\uYHEigY.exe
  2⤵
  PID:1536
- C:\Windows\System\aqeGsJA.exe
  C:\Windows\System\aqeGsJA.exe
  2⤵
  PID:784
- C:\Windows\System\sSNeIhe.exe
  C:\Windows\System\sSNeIhe.exe
  2⤵
  PID:2396
- C:\Windows\System\twfcMQZ.exe
  C:\Windows\System\twfcMQZ.exe
  2⤵
  PID:6560
- C:\Windows\System\dZbQvZf.exe
  C:\Windows\System\dZbQvZf.exe
  2⤵
  PID:1136
- C:\Windows\System\jHIYpya.exe
  C:\Windows\System\jHIYpya.exe
  2⤵
  PID:2076
- C:\Windows\System\qrzBfvj.exe
  C:\Windows\System\qrzBfvj.exe
  2⤵
  PID:6728
- C:\Windows\System\UMBtnlp.exe
  C:\Windows\System\UMBtnlp.exe
  2⤵
  PID:6220
- C:\Windows\System\ZTrRive.exe
  C:\Windows\System\ZTrRive.exe
  2⤵
  PID:1744
- C:\Windows\System\ZIetcZf.exe
  C:\Windows\System\ZIetcZf.exe
  2⤵
  PID:2640
- C:\Windows\System\BmZUOiW.exe
  C:\Windows\System\BmZUOiW.exe
  2⤵
  PID:528
- C:\Windows\System\AiWiQdY.exe
  C:\Windows\System\AiWiQdY.exe
  2⤵
  PID:1444
- C:\Windows\System\lSGMwXq.exe
  C:\Windows\System\lSGMwXq.exe
  2⤵
  PID:2052
- C:\Windows\System\VVBXgBt.exe
  C:\Windows\System\VVBXgBt.exe
  2⤵
  PID:2784
- C:\Windows\System\xtyPkGH.exe
  C:\Windows\System\xtyPkGH.exe
  2⤵
  PID:2916
- C:\Windows\System\UmhlpdU.exe
  C:\Windows\System\UmhlpdU.exe
  2⤵
  PID:7172
- C:\Windows\System\kAmGVvw.exe
  C:\Windows\System\kAmGVvw.exe
  2⤵
  PID:7188
- C:\Windows\System\wFheSiJ.exe
  C:\Windows\System\wFheSiJ.exe
  2⤵
  PID:7208
- C:\Windows\System\MlIaBIg.exe
  C:\Windows\System\MlIaBIg.exe
  2⤵
  PID:7224
- C:\Windows\System\mScUhRF.exe
  C:\Windows\System\mScUhRF.exe
  2⤵
  PID:7240
- C:\Windows\System\skbgfvX.exe
  C:\Windows\System\skbgfvX.exe
  2⤵
  PID:7256
- C:\Windows\System\fzMUFrV.exe
  C:\Windows\System\fzMUFrV.exe
  2⤵
  PID:7276
- C:\Windows\System\sgIwhdf.exe
  C:\Windows\System\sgIwhdf.exe
  2⤵
  PID:7296
- C:\Windows\System\vMkrGeI.exe
  C:\Windows\System\vMkrGeI.exe
  2⤵
  PID:7316
- C:\Windows\System\wYRQlhm.exe
  C:\Windows\System\wYRQlhm.exe
  2⤵
  PID:7332
- C:\Windows\System\sGLbYgE.exe
  C:\Windows\System\sGLbYgE.exe
  2⤵
  PID:7348
- C:\Windows\System\APcGbIr.exe
  C:\Windows\System\APcGbIr.exe
  2⤵
  PID:7376
- C:\Windows\System\hiOxdbE.exe
  C:\Windows\System\hiOxdbE.exe
  2⤵
  PID:7392
- C:\Windows\System\OrQJaTO.exe
  C:\Windows\System\OrQJaTO.exe
  2⤵
  PID:7408
- C:\Windows\System\iDYYirr.exe
  C:\Windows\System\iDYYirr.exe
  2⤵
  PID:7428
- C:\Windows\System\vFYEGJD.exe
  C:\Windows\System\vFYEGJD.exe
  2⤵
  PID:7444
- C:\Windows\System\udQgWhL.exe
  C:\Windows\System\udQgWhL.exe
  2⤵
  PID:7460
- C:\Windows\System\CDzVGsh.exe
  C:\Windows\System\CDzVGsh.exe
  2⤵
  PID:7480
- C:\Windows\System\vtHPcSQ.exe
  C:\Windows\System\vtHPcSQ.exe
  2⤵
  PID:7500
- C:\Windows\System\LtwuKml.exe
  C:\Windows\System\LtwuKml.exe
  2⤵
  PID:7520
- C:\Windows\System\FxBSQIB.exe
  C:\Windows\System\FxBSQIB.exe
  2⤵
  PID:7540
- C:\Windows\System\djxaibl.exe
  C:\Windows\System\djxaibl.exe
  2⤵
  PID:7556
- C:\Windows\System\KcbpqUG.exe
  C:\Windows\System\KcbpqUG.exe
  2⤵
  PID:7576
- C:\Windows\System\hPEZLam.exe
  C:\Windows\System\hPEZLam.exe
  2⤵
  PID:7592
- C:\Windows\System\xbGSVGJ.exe
  C:\Windows\System\xbGSVGJ.exe
  2⤵
  PID:7608
- C:\Windows\System\hfNWTcC.exe
  C:\Windows\System\hfNWTcC.exe
  2⤵
  PID:7628
- C:\Windows\System\VQsyBMK.exe
  C:\Windows\System\VQsyBMK.exe
  2⤵
  PID:7644
- C:\Windows\System\JRnvwNk.exe
  C:\Windows\System\JRnvwNk.exe
  2⤵
  PID:7664
- C:\Windows\System\IRLhFZI.exe
  C:\Windows\System\IRLhFZI.exe
  2⤵
  PID:7680
- C:\Windows\System\DLYxcvg.exe
  C:\Windows\System\DLYxcvg.exe
  2⤵
  PID:7700
- C:\Windows\System\zkdyXjr.exe
  C:\Windows\System\zkdyXjr.exe
  2⤵
  PID:7716
- C:\Windows\System\bpNZfsg.exe
  C:\Windows\System\bpNZfsg.exe
  2⤵
  PID:7732
- C:\Windows\System\HObUipF.exe
  C:\Windows\System\HObUipF.exe
  2⤵
  PID:7748
- C:\Windows\System\IDOUwQI.exe
  C:\Windows\System\IDOUwQI.exe
  2⤵
  PID:7772
- C:\Windows\System\dEPPFjX.exe
  C:\Windows\System\dEPPFjX.exe
  2⤵
  PID:7792
- C:\Windows\System\giutkOn.exe
  C:\Windows\System\giutkOn.exe
  2⤵
  PID:7812
- C:\Windows\System\JXtMTCY.exe
  C:\Windows\System\JXtMTCY.exe
  2⤵
  PID:7828
- C:\Windows\System\aTiuZgs.exe
  C:\Windows\System\aTiuZgs.exe
  2⤵
  PID:7848
- C:\Windows\System\vkOmqoF.exe
  C:\Windows\System\vkOmqoF.exe
  2⤵
  PID:7864
- C:\Windows\System\zSDAkVq.exe
  C:\Windows\System\zSDAkVq.exe
  2⤵
  PID:7884
- C:\Windows\System\OqZRyCU.exe
  C:\Windows\System\OqZRyCU.exe
  2⤵
  PID:7900
- C:\Windows\System\rDqYqAD.exe
  C:\Windows\System\rDqYqAD.exe
  2⤵
  PID:7916
- C:\Windows\System\vvuEDhe.exe
  C:\Windows\System\vvuEDhe.exe
  2⤵
  PID:7936
- C:\Windows\System\vTdnEbm.exe
  C:\Windows\System\vTdnEbm.exe
  2⤵
  PID:7960
- C:\Windows\System\ZGCZATg.exe
  C:\Windows\System\ZGCZATg.exe
  2⤵
  PID:7976
- C:\Windows\System\ZSvfiXC.exe
  C:\Windows\System\ZSvfiXC.exe
  2⤵
  PID:7996
- C:\Windows\System\wglJqFA.exe
  C:\Windows\System\wglJqFA.exe
  2⤵
  PID:8020
- C:\Windows\System\OjTLijW.exe
  C:\Windows\System\OjTLijW.exe
  2⤵
  PID:8036
- C:\Windows\System\fnAYLZX.exe
  C:\Windows\System\fnAYLZX.exe
  2⤵
  PID:8052
- C:\Windows\System\FwkRvyL.exe
  C:\Windows\System\FwkRvyL.exe
  2⤵
  PID:8100
- C:\Windows\System\UNkonyT.exe
  C:\Windows\System\UNkonyT.exe
  2⤵
  PID:8116
- C:\Windows\System\GmCmjHp.exe
  C:\Windows\System\GmCmjHp.exe
  2⤵
  PID:8132
- C:\Windows\System\NvJlxgQ.exe
  C:\Windows\System\NvJlxgQ.exe
  2⤵
  PID:8148
- C:\Windows\System\setuwOV.exe
  C:\Windows\System\setuwOV.exe
  2⤵
  PID:8164
- C:\Windows\System\mVWQXGo.exe
  C:\Windows\System\mVWQXGo.exe
  2⤵
  PID:8180
- C:\Windows\System\ZYeXhPb.exe
  C:\Windows\System\ZYeXhPb.exe
  2⤵
  PID:592
- C:\Windows\System\zqkmgtz.exe
  C:\Windows\System\zqkmgtz.exe
  2⤵
  PID:7220
- C:\Windows\System\MXkxHfa.exe
  C:\Windows\System\MXkxHfa.exe
  2⤵
  PID:7288
- C:\Windows\System\VZMZIXK.exe
  C:\Windows\System\VZMZIXK.exe
  2⤵
  PID:7324
- C:\Windows\System\fwxrjoo.exe
  C:\Windows\System\fwxrjoo.exe
  2⤵
  PID:7472
- C:\Windows\System\wcVGsSm.exe
  C:\Windows\System\wcVGsSm.exe
  2⤵
  PID:7512
- C:\Windows\System\vnvnEWt.exe
  C:\Windows\System\vnvnEWt.exe
  2⤵
  PID:1296
- C:\Windows\System\BDTFSUN.exe
  C:\Windows\System\BDTFSUN.exe
  2⤵
  PID:7588
- C:\Windows\System\cCftxAS.exe
  C:\Windows\System\cCftxAS.exe
  2⤵
  PID:7656
- C:\Windows\System\apzrgFi.exe
  C:\Windows\System\apzrgFi.exe
  2⤵
  PID:7696
- C:\Windows\System\Idjamaa.exe
  C:\Windows\System\Idjamaa.exe
  2⤵
  PID:7724
- C:\Windows\System\OgyabZI.exe
  C:\Windows\System\OgyabZI.exe
  2⤵
  PID:7756
- C:\Windows\System\LZdLPuV.exe
  C:\Windows\System\LZdLPuV.exe
  2⤵
  PID:7804
- C:\Windows\System\tesXACN.exe
  C:\Windows\System\tesXACN.exe
  2⤵
  PID:7908
- C:\Windows\System\NNmLPIU.exe
  C:\Windows\System\NNmLPIU.exe
  2⤵
  PID:7952
- C:\Windows\System\GIJENDt.exe
  C:\Windows\System\GIJENDt.exe
  2⤵
  PID:7956
- C:\Windows\System\YISZLoM.exe
  C:\Windows\System\YISZLoM.exe
  2⤵
  PID:5732
- C:\Windows\System\xEkXgVu.exe
  C:\Windows\System\xEkXgVu.exe
  2⤵
  PID:8076
- C:\Windows\System\JNOdyut.exe
  C:\Windows\System\JNOdyut.exe
  2⤵
  PID:8092
- C:\Windows\System\ruCkGGH.exe
  C:\Windows\System\ruCkGGH.exe
  2⤵
  PID:8160
- C:\Windows\System\cxMQiAh.exe
  C:\Windows\System\cxMQiAh.exe
  2⤵
  PID:7360
- C:\Windows\System\yNFQMqP.exe
  C:\Windows\System\yNFQMqP.exe
  2⤵
  PID:7400
- C:\Windows\System\WSSIqpP.exe
  C:\Windows\System\WSSIqpP.exe
  2⤵
  PID:7372
- C:\Windows\System\xLsRecb.exe
  C:\Windows\System\xLsRecb.exe
  2⤵
  PID:6648
- C:\Windows\System\nZIKkSo.exe
  C:\Windows\System\nZIKkSo.exe
  2⤵
  PID:2604
- C:\Windows\System\gkUWDFO.exe
  C:\Windows\System\gkUWDFO.exe
  2⤵
  PID:8028
- C:\Windows\System\bMGxxLE.exe
  C:\Windows\System\bMGxxLE.exe
  2⤵
  PID:8188
- C:\Windows\System\enQDJYO.exe
  C:\Windows\System\enQDJYO.exe
  2⤵
  PID:7468
- C:\Windows\System\mzCCPYt.exe
  C:\Windows\System\mzCCPYt.exe
  2⤵
  PID:7624
- C:\Windows\System\eUFBfoL.exe
  C:\Windows\System\eUFBfoL.exe
  2⤵
  PID:8088
- C:\Windows\System\PqqkheQ.exe
  C:\Windows\System\PqqkheQ.exe
  2⤵
  PID:5324
- C:\Windows\System\jWULnJc.exe
  C:\Windows\System\jWULnJc.exe
  2⤵
  PID:8208
- C:\Windows\System\QqXDadY.exe
  C:\Windows\System\QqXDadY.exe
  2⤵
  PID:8228
- C:\Windows\System\ICOIPOJ.exe
  C:\Windows\System\ICOIPOJ.exe
  2⤵
  PID:8248
- C:\Windows\System\JdPTFnt.exe
  C:\Windows\System\JdPTFnt.exe
  2⤵
  PID:8264
- C:\Windows\System\FuyaWTn.exe
  C:\Windows\System\FuyaWTn.exe
  2⤵
  PID:8280
- C:\Windows\System\qzqVNAS.exe
  C:\Windows\System\qzqVNAS.exe
  2⤵
  PID:8296
- C:\Windows\System\zjCMyEn.exe
  C:\Windows\System\zjCMyEn.exe
  2⤵
  PID:8324
- C:\Windows\System\izkqeai.exe
  C:\Windows\System\izkqeai.exe
  2⤵
  PID:8340
- C:\Windows\System\ggYEjJV.exe
  C:\Windows\System\ggYEjJV.exe
  2⤵
  PID:8356
- C:\Windows\System\bVTpvGx.exe
  C:\Windows\System\bVTpvGx.exe
  2⤵
  PID:8372
- C:\Windows\System\oSbFgLr.exe
  C:\Windows\System\oSbFgLr.exe
  2⤵
  PID:8392
- C:\Windows\System\XcmaENa.exe
  C:\Windows\System\XcmaENa.exe
  2⤵
  PID:8408
- C:\Windows\System\lHKphuN.exe
  C:\Windows\System\lHKphuN.exe
  2⤵
  PID:8428
- C:\Windows\System\EhAPEIK.exe
  C:\Windows\System\EhAPEIK.exe
  2⤵
  PID:8448
- C:\Windows\System\GuqRAoT.exe
  C:\Windows\System\GuqRAoT.exe
  2⤵
  PID:8468
- C:\Windows\System\rFRVdvG.exe
  C:\Windows\System\rFRVdvG.exe
  2⤵
  PID:8484
- C:\Windows\System\gudReJY.exe
  C:\Windows\System\gudReJY.exe
  2⤵
  PID:8504
- C:\Windows\System\SDhRShd.exe
  C:\Windows\System\SDhRShd.exe
  2⤵
  PID:8524
- C:\Windows\System\YYOKpFx.exe
  C:\Windows\System\YYOKpFx.exe
  2⤵
  PID:8544
- C:\Windows\System\ctguwkQ.exe
  C:\Windows\System\ctguwkQ.exe
  2⤵
  PID:8560
- C:\Windows\System\OZVMFNy.exe
  C:\Windows\System\OZVMFNy.exe
  2⤵
  PID:8576
- C:\Windows\System\ZKcQhkc.exe
  C:\Windows\System\ZKcQhkc.exe
  2⤵
  PID:8596
- C:\Windows\System\tHsTokV.exe
  C:\Windows\System\tHsTokV.exe
  2⤵
  PID:8612
- C:\Windows\System\bBnodtO.exe
  C:\Windows\System\bBnodtO.exe
  2⤵
  PID:8628
- C:\Windows\System\YqfvjBe.exe
  C:\Windows\System\YqfvjBe.exe
  2⤵
  PID:8644
- C:\Windows\System\QaFnnZy.exe
  C:\Windows\System\QaFnnZy.exe
  2⤵
  PID:8664
- C:\Windows\System\bWHpMKa.exe
  C:\Windows\System\bWHpMKa.exe
  2⤵
  PID:8680
- C:\Windows\System\YNqUqDC.exe
  C:\Windows\System\YNqUqDC.exe
  2⤵
  PID:8696
- C:\Windows\System\hHnVGIU.exe
  C:\Windows\System\hHnVGIU.exe
  2⤵
  PID:8712
- C:\Windows\System\irdqNID.exe
  C:\Windows\System\irdqNID.exe
  2⤵
  PID:8732
- C:\Windows\System\bxaNCpe.exe
  C:\Windows\System\bxaNCpe.exe
  2⤵
  PID:8756
- C:\Windows\System\yOqkPTM.exe
  C:\Windows\System\yOqkPTM.exe
  2⤵
  PID:8772
- C:\Windows\System\ODWQUFC.exe
  C:\Windows\System\ODWQUFC.exe
  2⤵
  PID:8788
- C:\Windows\System\vhpBkol.exe
  C:\Windows\System\vhpBkol.exe
  2⤵
  PID:8808
- C:\Windows\System\vQtMjIN.exe
  C:\Windows\System\vQtMjIN.exe
  2⤵
  PID:8824
- C:\Windows\System\pUTqnFb.exe
  C:\Windows\System\pUTqnFb.exe
  2⤵
  PID:8844
- C:\Windows\System\RweFCtY.exe
  C:\Windows\System\RweFCtY.exe
  2⤵
  PID:8860
- C:\Windows\System\uWyhYFb.exe
  C:\Windows\System\uWyhYFb.exe
  2⤵
  PID:8876
- C:\Windows\System\zslNmzO.exe
  C:\Windows\System\zslNmzO.exe
  2⤵
  PID:8892
- C:\Windows\System\QbhdhCO.exe
  C:\Windows\System\QbhdhCO.exe
  2⤵
  PID:8908
- C:\Windows\System\mhIkzpZ.exe
  C:\Windows\System\mhIkzpZ.exe
  2⤵
  PID:8924
- C:\Windows\System\HevnUjm.exe
  C:\Windows\System\HevnUjm.exe
  2⤵
  PID:8944
- C:\Windows\System\RRWiiIw.exe
  C:\Windows\System\RRWiiIw.exe
  2⤵
  PID:8968
- C:\Windows\System\yHKgCtQ.exe
  C:\Windows\System\yHKgCtQ.exe
  2⤵
  PID:8984
- C:\Windows\System\LSXJtQe.exe
  C:\Windows\System\LSXJtQe.exe
  2⤵
  PID:9008
- C:\Windows\System\AJAJVLu.exe
  C:\Windows\System\AJAJVLu.exe
  2⤵
  PID:9024
- C:\Windows\System\sgAiIcy.exe
  C:\Windows\System\sgAiIcy.exe
  2⤵
  PID:9044
- C:\Windows\System\DQAiruz.exe
  C:\Windows\System\DQAiruz.exe
  2⤵
  PID:9064
- C:\Windows\System\SSPFByI.exe
  C:\Windows\System\SSPFByI.exe
  2⤵
  PID:9080
- C:\Windows\System\OuQhxuM.exe
  C:\Windows\System\OuQhxuM.exe
  2⤵
  PID:9100
- C:\Windows\System\AIrBRzI.exe
  C:\Windows\System\AIrBRzI.exe
  2⤵
  PID:9120
- C:\Windows\System\LJskOJs.exe
  C:\Windows\System\LJskOJs.exe
  2⤵
  PID:9136
- C:\Windows\System\ylpAsgk.exe
  C:\Windows\System\ylpAsgk.exe
  2⤵
  PID:9160
- C:\Windows\System\hNGLDOq.exe
  C:\Windows\System\hNGLDOq.exe
  2⤵
  PID:9176
- C:\Windows\System\CTHexpZ.exe
  C:\Windows\System\CTHexpZ.exe
  2⤵
  PID:9196
- C:\Windows\System\kpHCfwr.exe
  C:\Windows\System\kpHCfwr.exe
  2⤵
  PID:9212
- C:\Windows\System\lfunlIT.exe
  C:\Windows\System\lfunlIT.exe
  2⤵
  PID:8220
- C:\Windows\System\jUEMHgj.exe
  C:\Windows\System\jUEMHgj.exe
  2⤵
  PID:8288
- C:\Windows\System\krCOMIF.exe
  C:\Windows\System\krCOMIF.exe
  2⤵
  PID:8336
- C:\Windows\System\odsnYBv.exe
  C:\Windows\System\odsnYBv.exe
  2⤵
  PID:8400
- C:\Windows\System\tAZSHnr.exe
  C:\Windows\System\tAZSHnr.exe
  2⤵
  PID:8516
- C:\Windows\System\GmCTWUS.exe
  C:\Windows\System\GmCTWUS.exe
  2⤵
  PID:8620
- C:\Windows\System\qhVDLqj.exe
  C:\Windows\System\qhVDLqj.exe
  2⤵
  PID:8652
- C:\Windows\System\Vbkikut.exe
  C:\Windows\System\Vbkikut.exe
  2⤵
  PID:8720
- C:\Windows\System\JtHTAev.exe
  C:\Windows\System\JtHTAev.exe
  2⤵
  PID:8800
- C:\Windows\System\JERxdwP.exe
  C:\Windows\System\JERxdwP.exe
  2⤵
  PID:8804
- C:\Windows\System\IvcrsQl.exe
  C:\Windows\System\IvcrsQl.exe
  2⤵
  PID:8932
- C:\Windows\System\zUvJKho.exe
  C:\Windows\System\zUvJKho.exe
  2⤵
  PID:8904
- C:\Windows\System\oiohArK.exe
  C:\Windows\System\oiohArK.exe
  2⤵
  PID:9016
- C:\Windows\System\jWGpGKx.exe
  C:\Windows\System\jWGpGKx.exe
  2⤵
  PID:9088
- C:\Windows\System\WtukovV.exe
  C:\Windows\System\WtukovV.exe
  2⤵
  PID:9132
- C:\Windows\System\laDmVGO.exe
  C:\Windows\System\laDmVGO.exe
  2⤵
  PID:9208
- C:\Windows\System\lFeMahr.exe
  C:\Windows\System\lFeMahr.exe
  2⤵
  PID:8444
- C:\Windows\System\bBNVsdh.exe
  C:\Windows\System\bBNVsdh.exe
  2⤵
  PID:8688
- C:\Windows\System\tKizmIZ.exe
  C:\Windows\System\tKizmIZ.exe
  2⤵
  PID:8764
- C:\Windows\System\ruQLoFg.exe
  C:\Windows\System\ruQLoFg.exe
  2⤵
  PID:9052
- C:\Windows\System\gdxmCWq.exe
  C:\Windows\System\gdxmCWq.exe
  2⤵
  PID:9220
- C:\Windows\System\yzMGvBN.exe
  C:\Windows\System\yzMGvBN.exe
  2⤵
  PID:9236
- C:\Windows\System\mkEGLaT.exe
  C:\Windows\System\mkEGLaT.exe
  2⤵
  PID:9252
- C:\Windows\System\AqvTlTX.exe
  C:\Windows\System\AqvTlTX.exe
  2⤵
  PID:9268
- C:\Windows\System\HUDJFds.exe
  C:\Windows\System\HUDJFds.exe
  2⤵
  PID:9296
- C:\Windows\System\wvPOpfm.exe
  C:\Windows\System\wvPOpfm.exe
  2⤵
  PID:9320
- C:\Windows\System\knWFsyV.exe
  C:\Windows\System\knWFsyV.exe
  2⤵
  PID:9340
- C:\Windows\System\XwPmGWN.exe
  C:\Windows\System\XwPmGWN.exe
  2⤵
  PID:9356
- C:\Windows\System\fRAoEdc.exe
  C:\Windows\System\fRAoEdc.exe
  2⤵
  PID:9372
- C:\Windows\System\xiOKufd.exe
  C:\Windows\System\xiOKufd.exe
  2⤵
  PID:9392
- C:\Windows\System\tqqBGhP.exe
  C:\Windows\System\tqqBGhP.exe
  2⤵
  PID:9408
- C:\Windows\System\PqWcNRh.exe
  C:\Windows\System\PqWcNRh.exe
  2⤵
  PID:9424
- C:\Windows\System\ZJOGcog.exe
  C:\Windows\System\ZJOGcog.exe
  2⤵
  PID:9448
- C:\Windows\System\tkILEzg.exe
  C:\Windows\System\tkILEzg.exe
  2⤵
  PID:9468
- C:\Windows\System\SVkXsGN.exe
  C:\Windows\System\SVkXsGN.exe
  2⤵
  PID:9484
- C:\Windows\System\cSfhhyl.exe
  C:\Windows\System\cSfhhyl.exe
  2⤵
  PID:9500
- C:\Windows\System\CHeCLrz.exe
  C:\Windows\System\CHeCLrz.exe
  2⤵
  PID:9520
- C:\Windows\System\KkKtqby.exe
  C:\Windows\System\KkKtqby.exe
  2⤵
  PID:9536
- C:\Windows\System\ldQeVWx.exe
  C:\Windows\System\ldQeVWx.exe
  2⤵
  PID:9552
- C:\Windows\System\gAchkKu.exe
  C:\Windows\System\gAchkKu.exe
  2⤵
  PID:9572
- C:\Windows\System\eCEHUfh.exe
  C:\Windows\System\eCEHUfh.exe
  2⤵
  PID:9592
- C:\Windows\System\gcoWJFh.exe
  C:\Windows\System\gcoWJFh.exe
  2⤵
  PID:9612
- C:\Windows\System\YjwBGqc.exe
  C:\Windows\System\YjwBGqc.exe
  2⤵
  PID:9628
- C:\Windows\System\HRkCeas.exe
  C:\Windows\System\HRkCeas.exe
  2⤵
  PID:9644
- C:\Windows\System\zGwYIns.exe
  C:\Windows\System\zGwYIns.exe
  2⤵
  PID:9660
- C:\Windows\System\SZCDboS.exe
  C:\Windows\System\SZCDboS.exe
  2⤵
  PID:9676
- C:\Windows\System\tKEUApU.exe
  C:\Windows\System\tKEUApU.exe
  2⤵
  PID:9700
- C:\Windows\System\cxyfnrZ.exe
  C:\Windows\System\cxyfnrZ.exe
  2⤵
  PID:9716
- C:\Windows\System\BYHxcFp.exe
  C:\Windows\System\BYHxcFp.exe
  2⤵
  PID:9732
- C:\Windows\System\AtnRYmt.exe
  C:\Windows\System\AtnRYmt.exe
  2⤵
  PID:9752
- C:\Windows\System\NOgPIma.exe
  C:\Windows\System\NOgPIma.exe
  2⤵
  PID:9772
- C:\Windows\System\ByLLCtS.exe
  C:\Windows\System\ByLLCtS.exe
  2⤵
  PID:9788
- C:\Windows\System\HzEIEMa.exe
  C:\Windows\System\HzEIEMa.exe
  2⤵
  PID:9804
- C:\Windows\System\enERmrv.exe
  C:\Windows\System\enERmrv.exe
  2⤵
  PID:9820
- C:\Windows\System\VSnUpXu.exe
  C:\Windows\System\VSnUpXu.exe
  2⤵
  PID:9836
- C:\Windows\System\jmbwYMJ.exe
  C:\Windows\System\jmbwYMJ.exe
  2⤵
  PID:9852
- C:\Windows\System\PkYYcvz.exe
  C:\Windows\System\PkYYcvz.exe
  2⤵
  PID:9868
- C:\Windows\System\ITCCJWK.exe
  C:\Windows\System\ITCCJWK.exe
  2⤵
  PID:9884
- C:\Windows\System\MtfZWEu.exe
  C:\Windows\System\MtfZWEu.exe
  2⤵
  PID:9900
- C:\Windows\System\GihdIjj.exe
  C:\Windows\System\GihdIjj.exe
  2⤵
  PID:9916
- C:\Windows\System\XXkUsuL.exe
  C:\Windows\System\XXkUsuL.exe
  2⤵
  PID:9932
- C:\Windows\System\MVHFcTo.exe
  C:\Windows\System\MVHFcTo.exe
  2⤵
  PID:9948
- C:\Windows\System\FDecbFp.exe
  C:\Windows\System\FDecbFp.exe
  2⤵
  PID:9964
- C:\Windows\System\WaAcxcY.exe
  C:\Windows\System\WaAcxcY.exe
  2⤵
  PID:10004
- C:\Windows\System\nEKogmI.exe
  C:\Windows\System\nEKogmI.exe
  2⤵
  PID:10020
- C:\Windows\System\adIuryF.exe
  C:\Windows\System\adIuryF.exe
  2⤵
  PID:10036
- C:\Windows\System\wPqPsqo.exe
  C:\Windows\System\wPqPsqo.exe
  2⤵
  PID:10052
- C:\Windows\System\jCYSKJn.exe
  C:\Windows\System\jCYSKJn.exe
  2⤵
  PID:10068
- C:\Windows\System\jzCBLaR.exe
  C:\Windows\System\jzCBLaR.exe
  2⤵
  PID:10084
- C:\Windows\System\jlxrVWA.exe
  C:\Windows\System\jlxrVWA.exe
  2⤵
  PID:10100
- C:\Windows\System\eFIxMfe.exe
  C:\Windows\System\eFIxMfe.exe
  2⤵
  PID:10116
- C:\Windows\System\yWCHdus.exe
  C:\Windows\System\yWCHdus.exe
  2⤵
  PID:10132
- C:\Windows\System\RsxIzpd.exe
  C:\Windows\System\RsxIzpd.exe
  2⤵
  PID:10148
- C:\Windows\System\utNOKsI.exe
  C:\Windows\System\utNOKsI.exe
  2⤵
  PID:10164
- C:\Windows\System\uIglMVF.exe
  C:\Windows\System\uIglMVF.exe
  2⤵
  PID:10180
- C:\Windows\System\hLxRHBn.exe
  C:\Windows\System\hLxRHBn.exe
  2⤵
  PID:10196
- C:\Windows\System\GJKwDwS.exe
  C:\Windows\System\GJKwDwS.exe
  2⤵
  PID:10212
- C:\Windows\System\lZRjZaE.exe
  C:\Windows\System\lZRjZaE.exe
  2⤵
  PID:10232
- C:\Windows\System\chpOfrU.exe
  C:\Windows\System\chpOfrU.exe
  2⤵
  PID:9228
- C:\Windows\System\GQOGGfU.exe
  C:\Windows\System\GQOGGfU.exe
  2⤵
  PID:9304
- C:\Windows\System\QWOawkh.exe
  C:\Windows\System\QWOawkh.exe
  2⤵
  PID:9384
- C:\Windows\System\qPkczRb.exe
  C:\Windows\System\qPkczRb.exe
  2⤵
  PID:9496
- C:\Windows\System\sjvuHXr.exe
  C:\Windows\System\sjvuHXr.exe
  2⤵
  PID:9456
- C:\Windows\System\UxRUfHa.exe
  C:\Windows\System\UxRUfHa.exe
  2⤵
  PID:9560
- C:\Windows\System\hpEinWZ.exe
  C:\Windows\System\hpEinWZ.exe
  2⤵
  PID:9600
- C:\Windows\System\ojqbSIE.exe
  C:\Windows\System\ojqbSIE.exe
  2⤵
  PID:9668
- C:\Windows\System\pVOuuJC.exe
  C:\Windows\System\pVOuuJC.exe
  2⤵
  PID:9740
- C:\Windows\System\LZqpDsl.exe
  C:\Windows\System\LZqpDsl.exe
  2⤵
  PID:6196
- C:\Windows\System\eyfPwAb.exe
  C:\Windows\System\eyfPwAb.exe
  2⤵
  PID:2288
- C:\Windows\System\aZZKZcJ.exe
  C:\Windows\System\aZZKZcJ.exe
  2⤵
  PID:7340
- C:\Windows\System\dmoKihh.exe
  C:\Windows\System\dmoKihh.exe
  2⤵
  PID:1840
- C:\Windows\System\KwNkOzq.exe
  C:\Windows\System\KwNkOzq.exe
  2⤵
  PID:7568
- C:\Windows\System\MDDEIih.exe
  C:\Windows\System\MDDEIih.exe
  2⤵
  PID:9876
- C:\Windows\System\qGpbOSf.exe
  C:\Windows\System\qGpbOSf.exe
  2⤵
  PID:9940
- C:\Windows\System\XTBLsMI.exe
  C:\Windows\System\XTBLsMI.exe
  2⤵
  PID:1540
- C:\Windows\System\OjGUtlB.exe
  C:\Windows\System\OjGUtlB.exe
  2⤵
  PID:6076
- C:\Windows\System\zMHEUCu.exe
  C:\Windows\System\zMHEUCu.exe
  2⤵
  PID:1520
- C:\Windows\System\iZyaHVR.exe
  C:\Windows\System\iZyaHVR.exe
  2⤵
  PID:1920
- C:\Windows\System\lxDLUVo.exe
  C:\Windows\System\lxDLUVo.exe
  2⤵
  PID:7232
- C:\Windows\System\WQGfSDs.exe
  C:\Windows\System\WQGfSDs.exe
  2⤵
  PID:7312
- C:\Windows\System\JyFStSR.exe
  C:\Windows\System\JyFStSR.exe
  2⤵
  PID:7620
- C:\Windows\System\wJKtWFS.exe
  C:\Windows\System\wJKtWFS.exe
  2⤵
  PID:7488
- C:\Windows\System\lVaKtEq.exe
  C:\Windows\System\lVaKtEq.exe
  2⤵
  PID:9004
- C:\Windows\System\MVqaFUS.exe
  C:\Windows\System\MVqaFUS.exe
  2⤵
  PID:7600
- C:\Windows\System\oyVTXfz.exe
  C:\Windows\System\oyVTXfz.exe
  2⤵
  PID:9436
- C:\Windows\System\IuPfijg.exe
  C:\Windows\System\IuPfijg.exe
  2⤵
  PID:7712
- C:\Windows\System\KiVPfmu.exe
  C:\Windows\System\KiVPfmu.exe
  2⤵
  PID:7784
- C:\Windows\System\pOTOxml.exe
  C:\Windows\System\pOTOxml.exe
  2⤵
  PID:7860
- C:\Windows\System\dyaWjWG.exe
  C:\Windows\System\dyaWjWG.exe
  2⤵
  PID:7928
- C:\Windows\System\DlgwGSo.exe
  C:\Windows\System\DlgwGSo.exe
  2⤵
  PID:8008
- C:\Windows\System\uAMrMHU.exe
  C:\Windows\System\uAMrMHU.exe
  2⤵
  PID:8048
- C:\Windows\System\bqIJmkS.exe
  C:\Windows\System\bqIJmkS.exe
  2⤵
  PID:8144
- C:\Windows\System\UToYwHV.exe
  C:\Windows\System\UToYwHV.exe
  2⤵
  PID:7216
- C:\Windows\System\AuPuZeC.exe
  C:\Windows\System\AuPuZeC.exe
  2⤵
  PID:7836
- C:\Windows\System\ibnZAbA.exe
  C:\Windows\System\ibnZAbA.exe
  2⤵
  PID:8072
- C:\Windows\System\oZGzwBE.exe
  C:\Windows\System\oZGzwBE.exe
  2⤵
  PID:7368
- C:\Windows\System\OzFSkoI.exe
  C:\Windows\System\OzFSkoI.exe
  2⤵
  PID:8320
- C:\Windows\System\BwrmuGg.exe
  C:\Windows\System\BwrmuGg.exe
  2⤵
  PID:8456
- C:\Windows\System\qaXubyI.exe
  C:\Windows\System\qaXubyI.exe
  2⤵
  PID:8836
- C:\Windows\System\OPeSvnM.exe
  C:\Windows\System\OPeSvnM.exe
  2⤵
  PID:9976
- C:\Windows\System\tPbZerP.exe
  C:\Windows\System\tPbZerP.exe
  2⤵
  PID:9960
- C:\Windows\System\JGISSyi.exe
  C:\Windows\System\JGISSyi.exe
  2⤵
  PID:10092
- C:\Windows\System\BnaSZfZ.exe
  C:\Windows\System\BnaSZfZ.exe
  2⤵
  PID:10156
- C:\Windows\System\CMIbWLq.exe
  C:\Windows\System\CMIbWLq.exe
  2⤵
  PID:10220
- C:\Windows\System\knvUkmF.exe
  C:\Windows\System\knvUkmF.exe
  2⤵
  PID:9232
- C:\Windows\System\HVRInLC.exe
  C:\Windows\System\HVRInLC.exe
  2⤵
  PID:10108
- C:\Windows\System\LaUyOGf.exe
  C:\Windows\System\LaUyOGf.exe
  2⤵
  PID:9348
- C:\Windows\System\DhSCVAg.exe
  C:\Windows\System\DhSCVAg.exe
  2⤵
  PID:10176
- C:\Windows\System\VmVGlgQ.exe
  C:\Windows\System\VmVGlgQ.exe
  2⤵
  PID:9060
- C:\Windows\System\pVNvAdM.exe
  C:\Windows\System\pVNvAdM.exe
  2⤵
  PID:9416
- C:\Windows\System\mnIdjaT.exe
  C:\Windows\System\mnIdjaT.exe
  2⤵
  PID:9532
- C:\Windows\System\bUdLMwq.exe
  C:\Windows\System\bUdLMwq.exe
  2⤵
  PID:988
- C:\Windows\System\omPPjBO.exe
  C:\Windows\System\omPPjBO.exe
  2⤵
  PID:7536
- C:\Windows\System\pFBwLnJ.exe
  C:\Windows\System\pFBwLnJ.exe
  2⤵
  PID:7820
- C:\Windows\System\IIsrDKK.exe
  C:\Windows\System\IIsrDKK.exe
  2⤵
  PID:2144
- C:\Windows\System\aFkgrAx.exe
  C:\Windows\System\aFkgrAx.exe
  2⤵
  PID:7456
- C:\Windows\System\xYMLyio.exe
  C:\Windows\System\xYMLyio.exe
  2⤵
  PID:9812
- C:\Windows\System\mgkDYkg.exe
  C:\Windows\System\mgkDYkg.exe
  2⤵
  PID:9712
- C:\Windows\System\gWnTrVi.exe
  C:\Windows\System\gWnTrVi.exe
  2⤵
  PID:9848
- C:\Windows\System\IvmCDoO.exe
  C:\Windows\System\IvmCDoO.exe
  2⤵
  PID:2936
- C:\Windows\System\TfxyHOd.exe
  C:\Windows\System\TfxyHOd.exe
  2⤵
  PID:7416
- C:\Windows\System\RdeGHKT.exe
  C:\Windows\System\RdeGHKT.exe
  2⤵
  PID:7708
- C:\Windows\System\lrlJXgV.exe
  C:\Windows\System\lrlJXgV.exe
  2⤵
  PID:8112
- C:\Windows\System\rcOqTZQ.exe
  C:\Windows\System\rcOqTZQ.exe
  2⤵
  PID:7476
- C:\Windows\System\IAEmSif.exe
  C:\Windows\System\IAEmSif.exe
  2⤵
  PID:1084
- C:\Windows\System\UTyTCtj.exe
  C:\Windows\System\UTyTCtj.exe
  2⤵
  PID:7304
- C:\Windows\System\YplnLpR.exe
  C:\Windows\System\YplnLpR.exe
  2⤵
  PID:8244
- C:\Windows\System\qdTUVHF.exe
  C:\Windows\System\qdTUVHF.exe
  2⤵
  PID:8316
- C:\Windows\System\uALnOjO.exe
  C:\Windows\System\uALnOjO.exe
  2⤵
  PID:8424
- C:\Windows\System\HzGxbdb.exe
  C:\Windows\System\HzGxbdb.exe
  2⤵
  PID:8500
- C:\Windows\System\rcMhXZz.exe
  C:\Windows\System\rcMhXZz.exe
  2⤵
  PID:8540
- C:\Windows\System\CbZrexy.exe
  C:\Windows\System\CbZrexy.exe
  2⤵
  PID:8704
- C:\Windows\System\bhBWhFj.exe
  C:\Windows\System\bhBWhFj.exe
  2⤵
  PID:8752
- C:\Windows\System\CmPdvny.exe
  C:\Windows\System\CmPdvny.exe
  2⤵
  PID:8820
- C:\Windows\System\TqvcrAV.exe
  C:\Windows\System\TqvcrAV.exe
  2⤵
  PID:8992
- C:\Windows\System\XEZSmHr.exe
  C:\Windows\System\XEZSmHr.exe
  2⤵
  PID:9108
- C:\Windows\System\gFTYhQb.exe
  C:\Windows\System\gFTYhQb.exe
  2⤵
  PID:9148
- C:\Windows\System\TzfEuap.exe
  C:\Windows\System\TzfEuap.exe
  2⤵
  PID:8216
- C:\Windows\System\NoEcQbn.exe
  C:\Windows\System\NoEcQbn.exe
  2⤵
  PID:9192
- C:\Windows\System\FOlfbBw.exe
  C:\Windows\System\FOlfbBw.exe
  2⤵
  PID:8480
- C:\Windows\System\KwDGHvB.exe
  C:\Windows\System\KwDGHvB.exe
  2⤵
  PID:8656
- C:\Windows\System\CUgdvRX.exe
  C:\Windows\System\CUgdvRX.exe
  2⤵
  PID:8872
- C:\Windows\System\VaQhvLf.exe
  C:\Windows\System\VaQhvLf.exe
  2⤵
  PID:8980
- C:\Windows\System\kvLLrAA.exe
  C:\Windows\System\kvLLrAA.exe
  2⤵
  PID:8260
- C:\Windows\System\AXAGZes.exe
  C:\Windows\System\AXAGZes.exe
  2⤵
  PID:8556
- C:\Windows\System\WQnXCRd.exe
  C:\Windows\System\WQnXCRd.exe
  2⤵
  PID:9276
- C:\Windows\System\JTMJCTi.exe
  C:\Windows\System\JTMJCTi.exe
  2⤵
  PID:9328
- C:\Windows\System\YZMfzEJ.exe
  C:\Windows\System\YZMfzEJ.exe
  2⤵
  PID:9368
- C:\Windows\System\zqzxBeG.exe
  C:\Windows\System\zqzxBeG.exe
  2⤵
  PID:9440
- C:\Windows\System\fqasxCc.exe
  C:\Windows\System\fqasxCc.exe
  2⤵
  PID:9512
- C:\Windows\System\RCJaMdI.exe
  C:\Windows\System\RCJaMdI.exe
  2⤵
  PID:9624
- C:\Windows\System\OFBRiUz.exe
  C:\Windows\System\OFBRiUz.exe
  2⤵
  PID:9688
- C:\Windows\System\aVplAie.exe
  C:\Windows\System\aVplAie.exe
  2⤵
  PID:9728
- C:\Windows\System\tpsekeE.exe
  C:\Windows\System\tpsekeE.exe
  2⤵
  PID:9800
- C:\Windows\System\bUkVVSb.exe
  C:\Windows\System\bUkVVSb.exe
  2⤵
  PID:9896
- C:\Windows\System\iyhnSKp.exe
  C:\Windows\System\iyhnSKp.exe
  2⤵
  PID:9928
- C:\Windows\System\sfTsjsW.exe
  C:\Windows\System\sfTsjsW.exe
  2⤵
  PID:9972
- C:\Windows\System\IqEfXep.exe
  C:\Windows\System\IqEfXep.exe
  2⤵
  PID:10188
- C:\Windows\System\lBdRTCS.exe
  C:\Windows\System\lBdRTCS.exe
  2⤵
  PID:9568
- C:\Windows\System\ppvOJff.exe
  C:\Windows\System\ppvOJff.exe
  2⤵
  PID:9264
- C:\Windows\System\lxSoGhQ.exe
  C:\Windows\System\lxSoGhQ.exe
  2⤵
  PID:7640
- C:\Windows\System\hfdWZrJ.exe
  C:\Windows\System\hfdWZrJ.exe
  2⤵
  PID:6384
- C:\Windows\System\NQnTiWQ.exe
  C:\Windows\System\NQnTiWQ.exe
  2⤵
  PID:7780
- C:\Windows\System\gaNoqPK.exe
  C:\Windows\System\gaNoqPK.exe
  2⤵
  PID:10124
- C:\Windows\System\wCQnXuf.exe
  C:\Windows\System\wCQnXuf.exe
  2⤵
  PID:7924
- C:\Windows\System\lQSxgvw.exe
  C:\Windows\System\lQSxgvw.exe
  2⤵
  PID:7764
- C:\Windows\System\glrFAYn.exe
  C:\Windows\System\glrFAYn.exe
  2⤵
  PID:6116
- C:\Windows\System\UHUXEat.exe
  C:\Windows\System\UHUXEat.exe
  2⤵
  PID:8032
- C:\Windows\System\vVCTmSY.exe
  C:\Windows\System\vVCTmSY.exe
  2⤵
  PID:7284
- C:\Windows\System\PPSMaxA.exe
  C:\Windows\System\PPSMaxA.exe
  2⤵
  PID:8304
- C:\Windows\System\FojzaXb.exe
  C:\Windows\System\FojzaXb.exe
  2⤵
  PID:8416
- C:\Windows\System\jQMvxhZ.exe
  C:\Windows\System\jQMvxhZ.exe
  2⤵
  PID:8536
- C:\Windows\System\RIxWmvg.exe
  C:\Windows\System\RIxWmvg.exe
  2⤵
  PID:8672
- C:\Windows\System\mEpgmRy.exe
  C:\Windows\System\mEpgmRy.exe
  2⤵
  PID:8748
- C:\Windows\System\twkGmUe.exe
  C:\Windows\System\twkGmUe.exe
  2⤵
  PID:9000
- C:\Windows\System\pXFOsCa.exe
  C:\Windows\System\pXFOsCa.exe
  2⤵
  PID:8960
- C:\Windows\System\hSQptek.exe
  C:\Windows\System\hSQptek.exe
  2⤵
  PID:9116
- C:\Windows\System\oqgCwvW.exe
  C:\Windows\System\oqgCwvW.exe
  2⤵
  PID:9152
- C:\Windows\System\FlgsKRh.exe
  C:\Windows\System\FlgsKRh.exe
  2⤵
  PID:8512
- C:\Windows\System\BZmsiRM.exe
  C:\Windows\System\BZmsiRM.exe
  2⤵
  PID:9696
- C:\Windows\System\LYSEwDm.exe
  C:\Windows\System\LYSEwDm.exe
  2⤵
  PID:8976
- C:\Windows\System\BtzLAJG.exe
  C:\Windows\System\BtzLAJG.exe
  2⤵
  PID:8768
- C:\Windows\System\cQTcWzO.exe
  C:\Windows\System\cQTcWzO.exe
  2⤵
  PID:8364
- C:\Windows\System\xQsiamO.exe
  C:\Windows\System\xQsiamO.exe
  2⤵
  PID:10064
- C:\Windows\System\ocnpEQb.exe
  C:\Windows\System\ocnpEQb.exe
  2⤵
  PID:9316
- C:\Windows\System\ypKbFrq.exe
  C:\Windows\System\ypKbFrq.exe
  2⤵
  PID:10080
- C:\Windows\System\pxhLJhl.exe
  C:\Windows\System\pxhLJhl.exe
  2⤵
  PID:9352
- C:\Windows\System\jfClCXS.exe
  C:\Windows\System\jfClCXS.exe
  2⤵
  PID:9748
- C:\Windows\System\pmUfmSy.exe
  C:\Windows\System\pmUfmSy.exe
  2⤵
  PID:2608
- C:\Windows\System\xXdefip.exe
  C:\Windows\System\xXdefip.exe
  2⤵
  PID:7388
- C:\Windows\System\lLmWulj.exe
  C:\Windows\System\lLmWulj.exe
  2⤵
  PID:9056
- C:\Windows\System\yVbFWPX.exe
  C:\Windows\System\yVbFWPX.exe
  2⤵
  PID:7972
- C:\Windows\System\WNeGCEx.exe
  C:\Windows\System\WNeGCEx.exe
  2⤵
  PID:7440
- C:\Windows\System\ogwBYim.exe
  C:\Windows\System\ogwBYim.exe
  2⤵
  PID:8852
- C:\Windows\System\cSKklta.exe
  C:\Windows\System\cSKklta.exe
  2⤵
  PID:9032
- C:\Windows\System\gfMhPTd.exe
  C:\Windows\System\gfMhPTd.exe
  2⤵
  PID:8604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BCtvwPy.exe

Filesize
6.0MB

MD5
5ec659f175c3462bb815ac6ce8dcadd6

SHA1
93d5d776e08a9f55b6e0f0f8d6ec2a8054ae506c

SHA256
8e2cbc9ae2faa3d3df7131c23cd897282ffea5b70cb5c7af7c5e57c0fbe92bf2

SHA512
a803b9694fbbacd4fe1fe04485f5af1ce1d4dbb55c6170ae0a3314dee0958fd71e3e4a218eb93d2d103360421a57b5dd9c53b6a0f814387b7f372a3ffa2b6380

Download Submit
C:\Windows\system\CMnpeKK.exe

Filesize
6.0MB

MD5
7cb63ee09921fc51fd8b142eb91be14e

SHA1
6ccc1579c3005046323bdfa0a8925921f88dac12

SHA256
5ef7800162d18a16a6e46a5545e97d6d611a15e068230b9c573a0d84ab4ee705

SHA512
958702442d416c2e5a14558c7130d4dff1e42d1e1b27684f8aacec051b6744bfca5c1ff2f4d6ce863c587d8fef5648beeb53ce30cbf782822e9261f664202257

Download Submit
C:\Windows\system\JSVvysK.exe

Filesize
6.0MB

MD5
6b8ca8ff534ef22d3d3bb8b6446c741e

SHA1
e4e056f584cfb2f194253fcec18b509ee383baae

SHA256
6b5042112dfca341fa277532d36feba0450a832a223966b338dd67b4ccf0186e

SHA512
eb5f1297902b04ada91351a8124dceaee2ee7a90544b908ffa3632472dc52c190832af376d4c036b1fa925f731acdba33ef28fcf1e0011de0bfa73c98e42d287

Download Submit
C:\Windows\system\OXCdHoa.exe

Filesize
6.0MB

MD5
0d1bcf1abe72ec840ef4ab2b1b5e251e

SHA1
aae8f103181a69439ff555021606431ce3251f83

SHA256
46ed2f16d21b71078c8e0642562a652acc353412b98caf082fe35f7fd76bd4a0

SHA512
e80d919747a3fa8e35ee17b5ce708f89210eca238e37bc48f109e39ba6f16149acc335f4472b7a44bb2fff43a52692b8bd296bc856db729a324cdb4636c1865c

Download Submit
C:\Windows\system\OimdYeu.exe

Filesize
6.0MB

MD5
32100dcdef3b91befc10927b0c5c17f5

SHA1
73d09e75544e2333d551a0a22d5b73c8f133c1c4

SHA256
b75625a02afd373c8eb90e573ada438906eafed90e67d166f41dc08375c9ee83

SHA512
dde6fb7c7f9ed799114342bc77758b99ce2074a83130845143c0c24760a542d39b906a7b7b5e93a7f13360ac88ccb205a5a750c3dc76fa5bf9ed4abb12b3b61c

Download Submit
C:\Windows\system\PTzlCNV.exe

Filesize
6.0MB

MD5
4062acc479d1151bd401f283c130bc78

SHA1
27848874a7bee1c0c64c519e18d9a9e0a7f2a285

SHA256
9a45ee808958e57d9939808a8e70063e4cf90498fa2799d8f07468242cba60d4

SHA512
5ef413a1203e9efe96d775633c53a593c29d575129c60535e87eb16583139d12ac09f4cca784622ebe7642d10eeda6363e91727541f375f3b03401690013bf98

Download Submit
C:\Windows\system\QfGkfHZ.exe

Filesize
6.0MB

MD5
c4473df8fefa0d311a29a784d8c80ccb

SHA1
000ed965216b082df3d3da912da8b2a1f8ec4929

SHA256
2f11bf9201fb3acb77c0e086ade146b9f4f37c26d69246e12479f17d518f6e33

SHA512
cb4e7d561266b028eef74fb780680106cb29c5cb6ee01cb05ca038541272176d4045342d7b6eb3b68fcd9153c40c16f921347bba3fc7f30358f547279af7e89e

Download Submit
C:\Windows\system\XMUAWZJ.exe

Filesize
6.0MB

MD5
ce605291598893dbe559319dd23859aa

SHA1
dee4f478f96da60191667ba9e3fdc65aedfdcb8b

SHA256
e37e2d7ef9095dd25d38e2f3565374278f3229e5335954b79e113a86cf8d312d

SHA512
728645594a88df2c3849e6242ec67f8f568ff176680a39d95b9955c920f557cf3e664ac39a86e084860bb36d8884808e4daedfec28a054052b5baa0ab7dab5c6

Download Submit
C:\Windows\system\Xpkcfrg.exe

Filesize
6.0MB

MD5
da40c65fc2251a00a406efeb3c648b9f

SHA1
5f85a43f37c881d05215d94df6b2de30ffd3ecbf

SHA256
6c1f224915ca11af7923ec223465a6a05beca69463be0927e8bcfd82a19b95ca

SHA512
a7541a835374cab6cedf51d69cb89ae57d5d9f76e041743aaf1346a6fb0a59d2dd958ac2dee7a4cc2cc5f95fdbd4b7e699eda94191649e0c14fed2b9de709351

Download Submit
C:\Windows\system\XyBbDFG.exe

Filesize
6.0MB

MD5
8022ae015e19313783b6d31ba6042022

SHA1
63387cb31266cf504359164e5e64d5693dd7e966

SHA256
1c4f72d843ab8dc662de41e10c7285a8b1fd8ffb3fd4a90357b7d9c0f5201d29

SHA512
5a340a1c0aeb0da113d433bb6bc514a6d68004cddc361567665440b227a64faf627c2a4c62a3e8623467708553bbb249104c66b6a7f1113df392fb8a3f535b22

Download Submit
C:\Windows\system\YBmmGyG.exe

Filesize
6.0MB

MD5
cf361e52038fc597ca0fcd2bffba8931

SHA1
6385718742f77ef2c8b9a5d171b6cfc8376d74ab

SHA256
1bfff44c2657032b6f80d6961d372e893d183feca2529f281800c829371cce87

SHA512
60727a516f922b7bbf005efbff0fc8b04a09eae467ac386274d1490c483f8d25ac734159b1ec59f0d2f24483625924bfdbac11425bd3d3397fa470e6e1603a9a

Download Submit
C:\Windows\system\YcLxgaZ.exe

Filesize
6.0MB

MD5
96fcfff4e8f688ab44e426db16d34a84

SHA1
d44344dae3bf30a005013ac442bce6c190ee8096

SHA256
d1cf967a1d53c8f3c51591b5a7dc3241f6f4c8ae99f21cfa1a9654a9acc80d08

SHA512
4d812a4a730ed01cedd3512867b51ac5ddfea6c60350a5a601ba686e71c4c1ac2c47ee49c68951a02afbcfbccd166a2ced5e93d3e34ade05083468057919f65c

Download Submit
C:\Windows\system\YxCRLAe.exe

Filesize
6.0MB

MD5
468508203f1c3c947e3407f055208c26

SHA1
ab6c07b4ce1638609d2eccf339efeee63d381570

SHA256
a801971de324d987c2009f9230dbc23df4dd2b10655e2506aaf9d32460e77cca

SHA512
dd3dc35651879cc56d73ca8587c8ce0b54fbe6d8146a2a7e07853c3cd692212fab173121ab64500883b1acf343486be425cb9f45e01733c4aca33d3fec812e31

Download Submit
C:\Windows\system\aSMqJxb.exe

Filesize
6.0MB

MD5
1d62e9892a4b0130f084ae71bc1bab9d

SHA1
116ee662214d70ac3feeaf51eca70431627632ae

SHA256
bc09f730ad847e1703527997fee949894830ca87665c0ea8c4a2fe411c6100fb

SHA512
20d93943145a6647b3fd50dba533ed125ef480f7e3431c9f12b55ed79cae67d18baee664be3ccdd0d9ad5a6e11639a535c74e232abc0f630bce02180054f4c3b

Download Submit
C:\Windows\system\cHMVciQ.exe

Filesize
6.0MB

MD5
6a52a61f419123f7fb52be0e745b5433

SHA1
b89826d28600a822afcbcd24336840edb13be6cf

SHA256
7e7bfaccb8d5c24a2bd5906e6bbcff5a3c702c91e99f2f2ed917b90788c8f95b

SHA512
a98e3b5a957e27e6bb8472771828dd1f2446466801827bfe1d011f2fd6d7a644118a27ed03e6f7ebedb25c5bdb72ae2f7a2041bf9c40614c7abd49ed3ddc4820

Download Submit
C:\Windows\system\fPLMiwl.exe

Filesize
6.0MB

MD5
78beb4274dd20dfc50d544bd2b708c0f

SHA1
5014bbd1729604bd59a94266c8e99a69cb97c18c

SHA256
42507a640dcf6b3e9140548a18dfc669e3147815ce911163ba6f1d87f64f7b98

SHA512
46792727020c93a0d1b08c6d41df03bbf4a71708bdfc5e94d020805299c42b659b3c4ced590cc761fc7d8a5ab0f1f9e055c4f7474dd6a03588b8f4cd5ddb567e

Download Submit
C:\Windows\system\fflyJhw.exe

Filesize
6.0MB

MD5
9612f9bbf8e1c078e3728ed500a6547f

SHA1
826daf4f746e5e1b4a53800880e187d79e487536

SHA256
a8b0ab904ea253c76973965660d146404304972704057210d7bf25c63f58154a

SHA512
83a24b828e40c0505e9d7ca942deaec60a7e8987efed1fa837fefab5041cebed620b6e791651348f1e1ce0c06079244b03e647978eee80ee680767d83e33dee7

Download Submit
C:\Windows\system\gPGHoop.exe

Filesize
6.0MB

MD5
1bef91a5fd7a8326025c5509076c032d

SHA1
8c6bc635e0346724101806c7e7edcaf1333427ca

SHA256
9ef938561ecaa05b3e2af4ecc23f18af6b960f3f3b4d742082fe0cf66108f5d8

SHA512
a2cce79b94dbb3df94bccc64cf7184375bea1e80f2dea8b115bab2b320f14f9612d63a8c1026879ba1723587d088705a8a0c15b25206c29a1198e43ed35f668c

Download Submit
C:\Windows\system\iuYHkqX.exe

Filesize
6.0MB

MD5
90077d70e218ee3a494c49b53e2fa7a5

SHA1
c367d0f924f8f03e1472a6811c68ba6c299b48a9

SHA256
eaf2c622df70c249b39980a9c288db5f1b12092e61c906c8623d159f72958d97

SHA512
b825afe6ffdd22e93573e1123c558763adf891d5520a88be370073bdc4e0c28975870aeadb906759b8dffd7098492dc03f2f51a74325e9f0c633a0b0617710df

Download Submit
C:\Windows\system\kfoDgll.exe

Filesize
6.0MB

MD5
9dabd20d9ffdb74b8b6c1687476fb324

SHA1
fca57c0c0e4140b181d0c3557f7a814cf5c8c025

SHA256
c97638d70b994896014cb83e644070ba6dfd1f4faca16cb5afa6c675e7c60b09

SHA512
8ed0ba6e9747fcfa272aa798606245df537d323c30e700a391f704e9bc18962b84931c0e5bbdf5d3870536bc7517afd325f7c939a27c2296e0c378a8bc2edbd8

Download Submit
C:\Windows\system\loeHYwa.exe

Filesize
6.0MB

MD5
66fdf34c200188237cea55258d1679cf

SHA1
35b51b757b3fad1f5e5cdc9ef64edad63e0b09b2

SHA256
0ee0b8e81e619e386b164f07d0a6a078fcf5f6554ade77945cbda0c74c94e39d

SHA512
cdc4d05ff03ac1798d3690125c3582cabf71ff0fee997c1ae15ea14aa4baca520c3668722bcd966d7f0d948b6f5cf1a15017356e2aef2411a3dda142cfe43703

Download Submit
C:\Windows\system\nalTUmF.exe

Filesize
6.0MB

MD5
c84528e1ab1902269e7d7460cbedda1a

SHA1
530e822920f701e4594204e207b953ec63baa247

SHA256
2d4db1d2be154c02a6e294b0cd0481c848e69ea09f427e914269395b310899d6

SHA512
a81f18509a8604348e953d78743697e653c622c2f6557d6eff5982e14e0115e8955c672228d46e43e5a2cf564b5fc282e32b4788a606a50bff85ef0f95f1253e

Download Submit
C:\Windows\system\rZGsGnX.exe

Filesize
6.0MB

MD5
aaa3c255ffb9cbf531baede76367d50c

SHA1
bcf5706a26dc6ae3aaa25f657584c4c163f24d79

SHA256
473b92b0b169f259de6eafda79effa9c288231fffb801a9221e2a77966509bb4

SHA512
492f627d66a596ea16ed15f5bdfc0a83c0f6a58d6022c9efd2a0273cd1b2b23341c234c5b76b3f1feb08832e98cf0d3c73dc9ab3a2dc4a28529f5c04d402c980

Download Submit
C:\Windows\system\rnAlEei.exe

Filesize
6.0MB

MD5
8efd84a511d610d061ab5063f7b5d961

SHA1
4debd9945bec9db81788001abc7dc55e55f0eac1

SHA256
5631140ead81e94ddc0f21d2737fc4b42b2e593d66c0249fef8db5b3526b6bf4

SHA512
4b06996f0a136c47888c2f70ea4a3f49bf80024ec63bdca5175304c652c032250f9f9b41926fd680984b63bb41523ad884d61ee069c848632c4eebda4bfee635

Download Submit
C:\Windows\system\rxUPQyf.exe

Filesize
6.0MB

MD5
f71b058da17737e2cc0f17732b81f262

SHA1
d79e3d0f0c1286a8146cd7c9a36fbe9a01182e94

SHA256
85e80074b8a33a92818aa2b25a1bd4a53827a35d262f3aaabd3f91042962d0b0

SHA512
a0ee8573669b34fb8b7039e062bfef7373a08680a13663cd55ef86cca6451a4e823a50b6fc2b46e169df63f8f16b2093d211827dd2e4f788eea2c04b039ea20c

Download Submit
C:\Windows\system\tPUFqWL.exe

Filesize
6.0MB

MD5
5f4cb230ab54ca349626ec15c1a12384

SHA1
64fe1046242190a4bd3f35cf20bcf9f57d415f24

SHA256
226086e80ff02da696a18a58e2b1d3319d097bf307b31d41487144fdcdbcd9dc

SHA512
87978193b6dc1b8fb09a9824ca6b966a5b19f5ebe574d2ed7d544cf8fb8185929697415f333272e5446b46055ba9005b7d4978ce4b5e478da53c28b893b0c9fb

Download Submit
C:\Windows\system\txCyHME.exe

Filesize
6.0MB

MD5
0460b4f82590f5c8b318fffb9397d6d6

SHA1
79040f9b41663d2f54612002e634b5aa7524bb1f

SHA256
43585c750f9ba480517675657a668be02409321ee9229c08d3cb5dddb0999faa

SHA512
1991bebfb1c3e5607f4977cf371d9e8134c14a51cbc795b24dbc848c657107906502fd37c62a02054c4ed59a7e5a770f00ef68fea918fe900637ec210f5020bc

Download Submit
C:\Windows\system\wyVoias.exe

Filesize
6.0MB

MD5
a9f5e10dc326deab8cb5003429bbbec0

SHA1
8776da1c273a5cc6a3a127436f9521d6fcca545e

SHA256
d9802efa87f37ed78cba5588023b4caed4d619437872dcda37c091bfad4a65e4

SHA512
c7cbd70e0d8e1deb891845e652a71024e439fdd9842c8a648cbb2708a6495a4581fa2b5aa29372d668e2e1d232af6a2ff81280805055e29c4a6e243f47419718

Download Submit
\Windows\system\OiSlBCo.exe

Filesize
6.0MB

MD5
b23b5a06e15420b4f1d9192cf31bfb4e

SHA1
20c232c14ce83b50638af60b86aa26843fdea542

SHA256
7bd497564cb60063a4f87722683050025182e880624824d9079a8168f6e447d6

SHA512
f143a96ad79b2e7245c5d326576854f604a7dd2d79fa2465e99e0dec875d3c29ad54e63a9c950a8cd4fe987d474c3e778ecc3b644fd9fe9fa36c58d9e5510d09

Download Submit
\Windows\system\SKiiZPB.exe

Filesize
6.0MB

MD5
461ff0c735551e6a4efa0ff2e469beb6

SHA1
65683365dc2a405e608f82f8ad4707c9c45aafd1

SHA256
07ba53824857719823e2b4c7f9c6dfcb88813990deeb2cdb40d322daf764131d

SHA512
142a736ae5909dc800205d77671646c347a6d44034e5fa4396bbf100fa9f504687458726571160d0649563d8dca95ca0f6f67786adf2e427e0f26136183c7d1e

Download Submit
\Windows\system\aTSjyrI.exe

Filesize
6.0MB

MD5
c484611f773c51146f209b5e9adbbd03

SHA1
12b521c778c7d5c37d8411c00bb66759f4b262b7

SHA256
49196861c2cb4e44cb09884a2b23945ca097f9442090142e124b10abb027715f

SHA512
35c91b68c5d999d125235c353343915910e40d6eab9362cfac3fbc68365aed15af569433dca10ecfae8c52c959fc35fe25886b32635c84b7c78523e7d99baf0a

Download Submit
\Windows\system\oIxVMxI.exe

Filesize
6.0MB

MD5
96920e2dd1903d0def62aa10af7b2204

SHA1
d08285769e1f6ec066dc3f456df23374e551c9a4

SHA256
d4954a41c2a8ff47e44427042d8bd8c96ab0a95d78e5f78ff1c4c7ef0c6ab54c

SHA512
a100006948b4767c75e8ec6f65eeed66aa2d725647710b23c8e7cb9fbf96ce90afab99a77b54a527f6f0da9645b266dd5d0174d3c1370b4690c58be66bf3513a

Download Submit
memory/332-71-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/332-3097-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/332-111-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1284-546-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1284-3105-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1284-84-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1628-3126-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-99-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-994-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-993-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-26-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-109-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-545-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-98-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-1173-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-92-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-0-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1692-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1692-758-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-97-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-12-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-70-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-51-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-64-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-56-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1692-38-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-40-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1692-115-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-34-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-50-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-3110-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-79-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-3208-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-3135-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2408-93-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2716-19-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3129-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2716-63-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2760-65-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3115-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-8-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3071-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2780-46-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2828-21-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3092-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2844-30-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3087-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2844-66-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3114-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2852-48-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2900-83-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3186-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2900-47-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/3012-57-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/3012-4916-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download