cobaltstrike | 53e16c42e891ac68d37f625c9bf324a55b86718cda263e630cc9011e5c3ec595

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f974831b4e1e5ba791e4cd5ba5cea9a8
SHA1

a4de43301c8b3d7ac623a982d04ddbce359c6a97
SHA256

53e16c42e891ac68d37f625c9bf324a55b86718cda263e630cc9011e5c3ec595
SHA512

1ae13e7c118c0cf2996edd79d786d17e16036199e5e1e26a1c1b5e0b0a1694a54dd9a63fef5c23109534a0b8a9571753d09edd57df4fdf988964a733f5b5769d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUl:T+q56utgpPF8u/7l

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012259-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e25-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015dc3-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e47-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f2a-32.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160ae-36.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001903d-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-66.dat	cobalt_reflective_dll
behavioral1/files/0x0027000000015d6d-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-195.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-190.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-180.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-65.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160d5-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2312-0-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012259-3.dat	xmrig
behavioral1/memory/2716-7-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x0008000000015e25-11.dat	xmrig
behavioral1/files/0x0008000000015dc3-16.dat	xmrig
behavioral1/memory/2864-21-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2876-20-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0008000000015e47-22.dat	xmrig
behavioral1/memory/2724-28-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2312-34-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f2a-32.dat	xmrig
behavioral1/memory/2708-35-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x00070000000160ae-36.dat	xmrig
behavioral1/memory/2716-41-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2744-43-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2876-48-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x000700000001903d-59.dat	xmrig
behavioral1/files/0x0005000000019228-66.dat	xmrig
behavioral1/memory/2648-70-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2312-73-0x00000000021D0000-0x0000000002524000-memory.dmp	xmrig
behavioral1/memory/2724-72-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/3068-71-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/1900-86-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0027000000015d6d-74.dat	xmrig
behavioral1/memory/1832-93-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2796-102-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019384-135.dat	xmrig
behavioral1/files/0x00050000000193c9-150.dat	xmrig
behavioral1/memory/2144-477-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/1832-924-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2796-1038-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/1900-681-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2312-357-0x00000000021D0000-0x0000000002524000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e2-195.dat	xmrig
behavioral1/files/0x00050000000194da-190.dat	xmrig
behavioral1/files/0x00050000000194d4-185.dat	xmrig
behavioral1/files/0x00050000000194b4-180.dat	xmrig
behavioral1/files/0x00050000000194a7-175.dat	xmrig
behavioral1/files/0x0005000000019494-170.dat	xmrig
behavioral1/files/0x0005000000019408-165.dat	xmrig
behavioral1/files/0x00050000000193fa-160.dat	xmrig
behavioral1/files/0x00050000000193f8-156.dat	xmrig
behavioral1/files/0x00050000000193af-145.dat	xmrig
behavioral1/files/0x00050000000193a2-140.dat	xmrig
behavioral1/files/0x0005000000019346-130.dat	xmrig
behavioral1/files/0x000500000001933e-125.dat	xmrig
behavioral1/files/0x000500000001932a-120.dat	xmrig
behavioral1/files/0x00050000000192f0-115.dat	xmrig
behavioral1/files/0x0005000000019273-110.dat	xmrig
behavioral1/memory/2648-107-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2728-101-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x000500000001925c-100.dat	xmrig
behavioral1/memory/2312-97-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019241-92.dat	xmrig
behavioral1/memory/2720-89-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2144-82-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019234-80.dat	xmrig
behavioral1/files/0x000500000001920f-65.dat	xmrig
behavioral1/memory/2728-64-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2312-60-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2720-52-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x00070000000160d5-47.dat	xmrig
behavioral1/memory/2716-4007-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2876-4008-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2716	pXzzzJu.exe
2876	DYhQPwZ.exe
2864	yXzYRNz.exe
2724	joAMoNJ.exe
2708	YTINuDO.exe
2744	MeZsaWF.exe
2720	BFJazeQ.exe
2728	CBgFtIT.exe
3068	diiIiBx.exe
2648	nYIpCnZ.exe
2144	PmlUSZX.exe
1900	XjTndsz.exe
1832	slUbuun.exe
2796	oWlUGNH.exe
2152	wlsUBqs.exe
2824	RFydlkW.exe
1128	eLowQFK.exe
764	WmvETot.exe
2192	PGfWyld.exe
1580	iGWwvWD.exe
564	TJarcTg.exe
1788	LIQZWAx.exe
2284	OWKHKIx.exe
2248	NjLnBes.exe
2560	cSbwAbc.exe
2488	zAlOmvk.exe
1732	eYXjJbU.exe
1324	HDjzkwV.exe
2584	cyafSlW.exe
3052	QAAYtNd.exe
2320	UzsrMet.exe
1112	SlSUgpZ.exe
2292	TQpudjn.exe
292	pfOZOFH.exe
1640	LetDOHY.exe
1336	oxHAlRj.exe
1576	mSyANqI.exe
2528	SFabjET.exe
1756	jnKrbdv.exe
2328	LFaKMIR.exe
920	IvjXyKh.exe
2476	DCcTRFW.exe
2180	FRWrant.exe
1888	hoRfRUe.exe
772	YaUlKYL.exe
3020	tXSPDIC.exe
2176	nFFcAlg.exe
2536	AByKQeR.exe
1000	IziSzZB.exe
1692	pjmCnSo.exe
2408	yjcrdKU.exe
2692	wYKkiVs.exe
2388	HBwDlPY.exe
2356	SBxroTJ.exe
2140	wbiEBlI.exe
2872	PFMwxju.exe
2756	RYRBtgT.exe
2628	AyYXKRW.exe
2264	ePdeHHP.exe
3064	aCTwczT.exe
1196	VJsOyNW.exe
532	IxEvtEt.exe
1396	PKhHNXY.exe
2948	sraOtkO.exe

Loads dropped DLL 64 IoCs

pid	Process
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2312-0-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x000b000000012259-3.dat	upx
behavioral1/memory/2716-7-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x0008000000015e25-11.dat	upx
behavioral1/files/0x0008000000015dc3-16.dat	upx
behavioral1/memory/2864-21-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2876-20-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0008000000015e47-22.dat	upx
behavioral1/memory/2724-28-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2312-34-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0007000000015f2a-32.dat	upx
behavioral1/memory/2708-35-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x00070000000160ae-36.dat	upx
behavioral1/memory/2716-41-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2744-43-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2876-48-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x000700000001903d-59.dat	upx
behavioral1/files/0x0005000000019228-66.dat	upx
behavioral1/memory/2648-70-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2312-73-0x00000000021D0000-0x0000000002524000-memory.dmp	upx
behavioral1/memory/2724-72-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/3068-71-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/1900-86-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0027000000015d6d-74.dat	upx
behavioral1/memory/1832-93-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2796-102-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x0005000000019384-135.dat	upx
behavioral1/files/0x00050000000193c9-150.dat	upx
behavioral1/memory/2144-477-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/1832-924-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2796-1038-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/1900-681-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x00050000000194e2-195.dat	upx
behavioral1/files/0x00050000000194da-190.dat	upx
behavioral1/files/0x00050000000194d4-185.dat	upx
behavioral1/files/0x00050000000194b4-180.dat	upx
behavioral1/files/0x00050000000194a7-175.dat	upx
behavioral1/files/0x0005000000019494-170.dat	upx
behavioral1/files/0x0005000000019408-165.dat	upx
behavioral1/files/0x00050000000193fa-160.dat	upx
behavioral1/files/0x00050000000193f8-156.dat	upx
behavioral1/files/0x00050000000193af-145.dat	upx
behavioral1/files/0x00050000000193a2-140.dat	upx
behavioral1/files/0x0005000000019346-130.dat	upx
behavioral1/files/0x000500000001933e-125.dat	upx
behavioral1/files/0x000500000001932a-120.dat	upx
behavioral1/files/0x00050000000192f0-115.dat	upx
behavioral1/files/0x0005000000019273-110.dat	upx
behavioral1/memory/2648-107-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2728-101-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x000500000001925c-100.dat	upx
behavioral1/files/0x0005000000019241-92.dat	upx
behavioral1/memory/2720-89-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2144-82-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0005000000019234-80.dat	upx
behavioral1/files/0x000500000001920f-65.dat	upx
behavioral1/memory/2728-64-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2720-52-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x00070000000160d5-47.dat	upx
behavioral1/memory/2716-4007-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2876-4008-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2864-4009-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2724-4010-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2708-4011-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FeCXGVe.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyknTxX.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twfXogu.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJlDjnp.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFpVuDZ.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kbjzVol.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buCvRmv.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJmLCDp.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgDNYyj.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fiRzyBh.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhfkkZO.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUvTsDj.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBkLGJA.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGjcRbO.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExUUbmS.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JXUOcRm.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEiABTD.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOWteOC.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\spcuGvc.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXOaCzA.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qpFUChz.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCUrIgp.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXMcZni.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdwxvSz.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDTKIAB.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BuRQAOl.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCXErfe.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDtVtbk.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\siOFrDK.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KTAByCu.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaLzFEf.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfrogfV.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCsJTCL.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veMipvj.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lvuirkt.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaHzseI.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxEvtEt.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgxJpSx.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBBzaYA.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltVfpIC.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KzCMAGD.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTYxdEC.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBBBqnB.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IeKyEvD.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZJYWax.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLgRpqh.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxZZlNP.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFabjET.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JJTnfgJ.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLixhUD.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWuEOkZ.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZCyENj.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtSxPfM.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JAgjhMf.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfYntdi.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQqqjgN.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcRxpeE.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdSFauF.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxXuVSc.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\slUbuun.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNNOOsw.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABEUaiZ.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKmRvFz.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXVjBkb.exe	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2716	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2312 wrote to memory of 2716	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2312 wrote to memory of 2716	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2312 wrote to memory of 2876	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2312 wrote to memory of 2876	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2312 wrote to memory of 2876	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2312 wrote to memory of 2864	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2312 wrote to memory of 2864	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2312 wrote to memory of 2864	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2312 wrote to memory of 2724	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2312 wrote to memory of 2724	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2312 wrote to memory of 2724	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2312 wrote to memory of 2708	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2312 wrote to memory of 2708	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2312 wrote to memory of 2708	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2312 wrote to memory of 2744	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2312 wrote to memory of 2744	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2312 wrote to memory of 2744	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2312 wrote to memory of 2720	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2312 wrote to memory of 2720	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2312 wrote to memory of 2720	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2312 wrote to memory of 2728	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2312 wrote to memory of 2728	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2312 wrote to memory of 2728	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2312 wrote to memory of 3068	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2312 wrote to memory of 3068	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2312 wrote to memory of 3068	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2312 wrote to memory of 2648	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2312 wrote to memory of 2648	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2312 wrote to memory of 2648	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2312 wrote to memory of 1900	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2312 wrote to memory of 1900	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2312 wrote to memory of 1900	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2312 wrote to memory of 2144	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2312 wrote to memory of 2144	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2312 wrote to memory of 2144	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2312 wrote to memory of 1832	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2312 wrote to memory of 1832	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2312 wrote to memory of 1832	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2312 wrote to memory of 2796	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2312 wrote to memory of 2796	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2312 wrote to memory of 2796	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2312 wrote to memory of 2152	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2312 wrote to memory of 2152	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2312 wrote to memory of 2152	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2312 wrote to memory of 2824	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2312 wrote to memory of 2824	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2312 wrote to memory of 2824	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2312 wrote to memory of 1128	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2312 wrote to memory of 1128	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2312 wrote to memory of 1128	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2312 wrote to memory of 764	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2312 wrote to memory of 764	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2312 wrote to memory of 764	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2312 wrote to memory of 2192	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2312 wrote to memory of 2192	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2312 wrote to memory of 2192	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2312 wrote to memory of 1580	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2312 wrote to memory of 1580	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2312 wrote to memory of 1580	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2312 wrote to memory of 564	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2312 wrote to memory of 564	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2312 wrote to memory of 564	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2312 wrote to memory of 1788	2312	2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_f974831b4e1e5ba791e4cd5ba5cea9a8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\System\pXzzzJu.exe
  C:\Windows\System\pXzzzJu.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\DYhQPwZ.exe
  C:\Windows\System\DYhQPwZ.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\yXzYRNz.exe
  C:\Windows\System\yXzYRNz.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\joAMoNJ.exe
  C:\Windows\System\joAMoNJ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\YTINuDO.exe
  C:\Windows\System\YTINuDO.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\MeZsaWF.exe
  C:\Windows\System\MeZsaWF.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\BFJazeQ.exe
  C:\Windows\System\BFJazeQ.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\CBgFtIT.exe
  C:\Windows\System\CBgFtIT.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\diiIiBx.exe
  C:\Windows\System\diiIiBx.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\nYIpCnZ.exe
  C:\Windows\System\nYIpCnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\XjTndsz.exe
  C:\Windows\System\XjTndsz.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\PmlUSZX.exe
  C:\Windows\System\PmlUSZX.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\slUbuun.exe
  C:\Windows\System\slUbuun.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\oWlUGNH.exe
  C:\Windows\System\oWlUGNH.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\wlsUBqs.exe
  C:\Windows\System\wlsUBqs.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\RFydlkW.exe
  C:\Windows\System\RFydlkW.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\eLowQFK.exe
  C:\Windows\System\eLowQFK.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\WmvETot.exe
  C:\Windows\System\WmvETot.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\PGfWyld.exe
  C:\Windows\System\PGfWyld.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\iGWwvWD.exe
  C:\Windows\System\iGWwvWD.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\TJarcTg.exe
  C:\Windows\System\TJarcTg.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\LIQZWAx.exe
  C:\Windows\System\LIQZWAx.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\OWKHKIx.exe
  C:\Windows\System\OWKHKIx.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\NjLnBes.exe
  C:\Windows\System\NjLnBes.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\cSbwAbc.exe
  C:\Windows\System\cSbwAbc.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\zAlOmvk.exe
  C:\Windows\System\zAlOmvk.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\eYXjJbU.exe
  C:\Windows\System\eYXjJbU.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\HDjzkwV.exe
  C:\Windows\System\HDjzkwV.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\cyafSlW.exe
  C:\Windows\System\cyafSlW.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\QAAYtNd.exe
  C:\Windows\System\QAAYtNd.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\UzsrMet.exe
  C:\Windows\System\UzsrMet.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\SlSUgpZ.exe
  C:\Windows\System\SlSUgpZ.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\TQpudjn.exe
  C:\Windows\System\TQpudjn.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\pfOZOFH.exe
  C:\Windows\System\pfOZOFH.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\LetDOHY.exe
  C:\Windows\System\LetDOHY.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\oxHAlRj.exe
  C:\Windows\System\oxHAlRj.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\mSyANqI.exe
  C:\Windows\System\mSyANqI.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\SFabjET.exe
  C:\Windows\System\SFabjET.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\jnKrbdv.exe
  C:\Windows\System\jnKrbdv.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\LFaKMIR.exe
  C:\Windows\System\LFaKMIR.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\IvjXyKh.exe
  C:\Windows\System\IvjXyKh.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\DCcTRFW.exe
  C:\Windows\System\DCcTRFW.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\FRWrant.exe
  C:\Windows\System\FRWrant.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\hoRfRUe.exe
  C:\Windows\System\hoRfRUe.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\YaUlKYL.exe
  C:\Windows\System\YaUlKYL.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\tXSPDIC.exe
  C:\Windows\System\tXSPDIC.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\nFFcAlg.exe
  C:\Windows\System\nFFcAlg.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\AByKQeR.exe
  C:\Windows\System\AByKQeR.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\IziSzZB.exe
  C:\Windows\System\IziSzZB.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\pjmCnSo.exe
  C:\Windows\System\pjmCnSo.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\yjcrdKU.exe
  C:\Windows\System\yjcrdKU.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\wYKkiVs.exe
  C:\Windows\System\wYKkiVs.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\HBwDlPY.exe
  C:\Windows\System\HBwDlPY.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\SBxroTJ.exe
  C:\Windows\System\SBxroTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\wbiEBlI.exe
  C:\Windows\System\wbiEBlI.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\PFMwxju.exe
  C:\Windows\System\PFMwxju.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\RYRBtgT.exe
  C:\Windows\System\RYRBtgT.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\AyYXKRW.exe
  C:\Windows\System\AyYXKRW.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\ePdeHHP.exe
  C:\Windows\System\ePdeHHP.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\aCTwczT.exe
  C:\Windows\System\aCTwczT.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\VJsOyNW.exe
  C:\Windows\System\VJsOyNW.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\IxEvtEt.exe
  C:\Windows\System\IxEvtEt.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\PKhHNXY.exe
  C:\Windows\System\PKhHNXY.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\sraOtkO.exe
  C:\Windows\System\sraOtkO.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\rgxJpSx.exe
  C:\Windows\System\rgxJpSx.exe
  2⤵
  PID:1616
- C:\Windows\System\GvsIEGn.exe
  C:\Windows\System\GvsIEGn.exe
  2⤵
  PID:2452
- C:\Windows\System\XRwRWBf.exe
  C:\Windows\System\XRwRWBf.exe
  2⤵
  PID:1696
- C:\Windows\System\zVkTlRj.exe
  C:\Windows\System\zVkTlRj.exe
  2⤵
  PID:1304
- C:\Windows\System\xNNOOsw.exe
  C:\Windows\System\xNNOOsw.exe
  2⤵
  PID:2448
- C:\Windows\System\SPpSPWH.exe
  C:\Windows\System\SPpSPWH.exe
  2⤵
  PID:2120
- C:\Windows\System\LzfDore.exe
  C:\Windows\System\LzfDore.exe
  2⤵
  PID:1708
- C:\Windows\System\lfkTjpD.exe
  C:\Windows\System\lfkTjpD.exe
  2⤵
  PID:2200
- C:\Windows\System\jHmcZxU.exe
  C:\Windows\System\jHmcZxU.exe
  2⤵
  PID:1124
- C:\Windows\System\SVXmrfq.exe
  C:\Windows\System\SVXmrfq.exe
  2⤵
  PID:2500
- C:\Windows\System\KzCMAGD.exe
  C:\Windows\System\KzCMAGD.exe
  2⤵
  PID:1344
- C:\Windows\System\rjRhBza.exe
  C:\Windows\System\rjRhBza.exe
  2⤵
  PID:1768
- C:\Windows\System\qwqyMSA.exe
  C:\Windows\System\qwqyMSA.exe
  2⤵
  PID:1004
- C:\Windows\System\qgWHnmE.exe
  C:\Windows\System\qgWHnmE.exe
  2⤵
  PID:2308
- C:\Windows\System\ttmmoHc.exe
  C:\Windows\System\ttmmoHc.exe
  2⤵
  PID:892
- C:\Windows\System\kTZXTIH.exe
  C:\Windows\System\kTZXTIH.exe
  2⤵
  PID:1568
- C:\Windows\System\LEMrKIw.exe
  C:\Windows\System\LEMrKIw.exe
  2⤵
  PID:3044
- C:\Windows\System\xPZUPqT.exe
  C:\Windows\System\xPZUPqT.exe
  2⤵
  PID:2100
- C:\Windows\System\yTYxdEC.exe
  C:\Windows\System\yTYxdEC.exe
  2⤵
  PID:524
- C:\Windows\System\ieGiGWN.exe
  C:\Windows\System\ieGiGWN.exe
  2⤵
  PID:1712
- C:\Windows\System\LENbTrw.exe
  C:\Windows\System\LENbTrw.exe
  2⤵
  PID:864
- C:\Windows\System\kHagaed.exe
  C:\Windows\System\kHagaed.exe
  2⤵
  PID:2544
- C:\Windows\System\AFknETa.exe
  C:\Windows\System\AFknETa.exe
  2⤵
  PID:1600
- C:\Windows\System\AXWUPzi.exe
  C:\Windows\System\AXWUPzi.exe
  2⤵
  PID:2888
- C:\Windows\System\KXOiIdu.exe
  C:\Windows\System\KXOiIdu.exe
  2⤵
  PID:2868
- C:\Windows\System\nsQzUwp.exe
  C:\Windows\System\nsQzUwp.exe
  2⤵
  PID:2828
- C:\Windows\System\tvBZtHA.exe
  C:\Windows\System\tvBZtHA.exe
  2⤵
  PID:800
- C:\Windows\System\ksiqTVk.exe
  C:\Windows\System\ksiqTVk.exe
  2⤵
  PID:664
- C:\Windows\System\FbyaTOW.exe
  C:\Windows\System\FbyaTOW.exe
  2⤵
  PID:1248
- C:\Windows\System\KTAByCu.exe
  C:\Windows\System\KTAByCu.exe
  2⤵
  PID:3048
- C:\Windows\System\TakzfVk.exe
  C:\Windows\System\TakzfVk.exe
  2⤵
  PID:2024
- C:\Windows\System\LEKtJVM.exe
  C:\Windows\System\LEKtJVM.exe
  2⤵
  PID:544
- C:\Windows\System\FSqsIix.exe
  C:\Windows\System\FSqsIix.exe
  2⤵
  PID:1884
- C:\Windows\System\NQlzASa.exe
  C:\Windows\System\NQlzASa.exe
  2⤵
  PID:3016
- C:\Windows\System\hRxHprg.exe
  C:\Windows\System\hRxHprg.exe
  2⤵
  PID:740
- C:\Windows\System\DYevnaE.exe
  C:\Windows\System\DYevnaE.exe
  2⤵
  PID:2012
- C:\Windows\System\uIslVLA.exe
  C:\Windows\System\uIslVLA.exe
  2⤵
  PID:2272
- C:\Windows\System\oqtNNJU.exe
  C:\Windows\System\oqtNNJU.exe
  2⤵
  PID:1764
- C:\Windows\System\zNIIjUh.exe
  C:\Windows\System\zNIIjUh.exe
  2⤵
  PID:568
- C:\Windows\System\bNZtcbd.exe
  C:\Windows\System\bNZtcbd.exe
  2⤵
  PID:1008
- C:\Windows\System\BWEGQGZ.exe
  C:\Windows\System\BWEGQGZ.exe
  2⤵
  PID:2984
- C:\Windows\System\pnxkJBZ.exe
  C:\Windows\System\pnxkJBZ.exe
  2⤵
  PID:2432
- C:\Windows\System\HZCoZWv.exe
  C:\Windows\System\HZCoZWv.exe
  2⤵
  PID:3032
- C:\Windows\System\DztTHJT.exe
  C:\Windows\System\DztTHJT.exe
  2⤵
  PID:1596
- C:\Windows\System\XbRqlcf.exe
  C:\Windows\System\XbRqlcf.exe
  2⤵
  PID:2932
- C:\Windows\System\lNoByKI.exe
  C:\Windows\System\lNoByKI.exe
  2⤵
  PID:2572
- C:\Windows\System\eiejJDv.exe
  C:\Windows\System\eiejJDv.exe
  2⤵
  PID:2852
- C:\Windows\System\aDepmvs.exe
  C:\Windows\System\aDepmvs.exe
  2⤵
  PID:2000
- C:\Windows\System\VQFaZiu.exe
  C:\Windows\System\VQFaZiu.exe
  2⤵
  PID:1628
- C:\Windows\System\EuUcpzy.exe
  C:\Windows\System\EuUcpzy.exe
  2⤵
  PID:3012
- C:\Windows\System\Outlygt.exe
  C:\Windows\System\Outlygt.exe
  2⤵
  PID:3092
- C:\Windows\System\AzBTOCu.exe
  C:\Windows\System\AzBTOCu.exe
  2⤵
  PID:3112
- C:\Windows\System\eUsLALO.exe
  C:\Windows\System\eUsLALO.exe
  2⤵
  PID:3132
- C:\Windows\System\jZbPRLl.exe
  C:\Windows\System\jZbPRLl.exe
  2⤵
  PID:3152
- C:\Windows\System\PVcHaEr.exe
  C:\Windows\System\PVcHaEr.exe
  2⤵
  PID:3172
- C:\Windows\System\OyJLdiJ.exe
  C:\Windows\System\OyJLdiJ.exe
  2⤵
  PID:3188
- C:\Windows\System\VcUvDSa.exe
  C:\Windows\System\VcUvDSa.exe
  2⤵
  PID:3212
- C:\Windows\System\vqVQHXl.exe
  C:\Windows\System\vqVQHXl.exe
  2⤵
  PID:3232
- C:\Windows\System\UlEkMLJ.exe
  C:\Windows\System\UlEkMLJ.exe
  2⤵
  PID:3252
- C:\Windows\System\cCSGiII.exe
  C:\Windows\System\cCSGiII.exe
  2⤵
  PID:3268
- C:\Windows\System\DfYntdi.exe
  C:\Windows\System\DfYntdi.exe
  2⤵
  PID:3292
- C:\Windows\System\ADJYFgr.exe
  C:\Windows\System\ADJYFgr.exe
  2⤵
  PID:3316
- C:\Windows\System\uycoVzN.exe
  C:\Windows\System\uycoVzN.exe
  2⤵
  PID:3336
- C:\Windows\System\wZIXToz.exe
  C:\Windows\System\wZIXToz.exe
  2⤵
  PID:3356
- C:\Windows\System\hHAAxbu.exe
  C:\Windows\System\hHAAxbu.exe
  2⤵
  PID:3376
- C:\Windows\System\aavpwSO.exe
  C:\Windows\System\aavpwSO.exe
  2⤵
  PID:3396
- C:\Windows\System\JWEvLrf.exe
  C:\Windows\System\JWEvLrf.exe
  2⤵
  PID:3416
- C:\Windows\System\tkVoYUb.exe
  C:\Windows\System\tkVoYUb.exe
  2⤵
  PID:3432
- C:\Windows\System\PCFDuFW.exe
  C:\Windows\System\PCFDuFW.exe
  2⤵
  PID:3456
- C:\Windows\System\MwXtqtj.exe
  C:\Windows\System\MwXtqtj.exe
  2⤵
  PID:3472
- C:\Windows\System\MDGnjaS.exe
  C:\Windows\System\MDGnjaS.exe
  2⤵
  PID:3496
- C:\Windows\System\OVWcdWv.exe
  C:\Windows\System\OVWcdWv.exe
  2⤵
  PID:3512
- C:\Windows\System\JFbKycx.exe
  C:\Windows\System\JFbKycx.exe
  2⤵
  PID:3536
- C:\Windows\System\jGqusog.exe
  C:\Windows\System\jGqusog.exe
  2⤵
  PID:3552
- C:\Windows\System\OqLhThs.exe
  C:\Windows\System\OqLhThs.exe
  2⤵
  PID:3576
- C:\Windows\System\AAtISoo.exe
  C:\Windows\System\AAtISoo.exe
  2⤵
  PID:3596
- C:\Windows\System\eOStRsx.exe
  C:\Windows\System\eOStRsx.exe
  2⤵
  PID:3616
- C:\Windows\System\fYAkVvz.exe
  C:\Windows\System\fYAkVvz.exe
  2⤵
  PID:3632
- C:\Windows\System\Mrxaurq.exe
  C:\Windows\System\Mrxaurq.exe
  2⤵
  PID:3656
- C:\Windows\System\wtOeNmh.exe
  C:\Windows\System\wtOeNmh.exe
  2⤵
  PID:3672
- C:\Windows\System\kNVQpWI.exe
  C:\Windows\System\kNVQpWI.exe
  2⤵
  PID:3696
- C:\Windows\System\QgOtrGh.exe
  C:\Windows\System\QgOtrGh.exe
  2⤵
  PID:3712
- C:\Windows\System\mgoVUJQ.exe
  C:\Windows\System\mgoVUJQ.exe
  2⤵
  PID:3736
- C:\Windows\System\aWTamBu.exe
  C:\Windows\System\aWTamBu.exe
  2⤵
  PID:3756
- C:\Windows\System\UlunxcQ.exe
  C:\Windows\System\UlunxcQ.exe
  2⤵
  PID:3776
- C:\Windows\System\tIeFpKo.exe
  C:\Windows\System\tIeFpKo.exe
  2⤵
  PID:3792
- C:\Windows\System\xFehbWW.exe
  C:\Windows\System\xFehbWW.exe
  2⤵
  PID:3816
- C:\Windows\System\YuuphNZ.exe
  C:\Windows\System\YuuphNZ.exe
  2⤵
  PID:3832
- C:\Windows\System\UWOnVfb.exe
  C:\Windows\System\UWOnVfb.exe
  2⤵
  PID:3856
- C:\Windows\System\cEiABTD.exe
  C:\Windows\System\cEiABTD.exe
  2⤵
  PID:3872
- C:\Windows\System\SBCXBgF.exe
  C:\Windows\System\SBCXBgF.exe
  2⤵
  PID:3896
- C:\Windows\System\QudXZRe.exe
  C:\Windows\System\QudXZRe.exe
  2⤵
  PID:3912
- C:\Windows\System\wWVJMsq.exe
  C:\Windows\System\wWVJMsq.exe
  2⤵
  PID:3932
- C:\Windows\System\TXuRFdJ.exe
  C:\Windows\System\TXuRFdJ.exe
  2⤵
  PID:3952
- C:\Windows\System\mbdtcjh.exe
  C:\Windows\System\mbdtcjh.exe
  2⤵
  PID:3972
- C:\Windows\System\TGmHCJI.exe
  C:\Windows\System\TGmHCJI.exe
  2⤵
  PID:3988
- C:\Windows\System\bdzdlcZ.exe
  C:\Windows\System\bdzdlcZ.exe
  2⤵
  PID:4012
- C:\Windows\System\GcqCmgp.exe
  C:\Windows\System\GcqCmgp.exe
  2⤵
  PID:4032
- C:\Windows\System\kwgXLLV.exe
  C:\Windows\System\kwgXLLV.exe
  2⤵
  PID:4052
- C:\Windows\System\qPNpPHM.exe
  C:\Windows\System\qPNpPHM.exe
  2⤵
  PID:4068
- C:\Windows\System\PYeKQRV.exe
  C:\Windows\System\PYeKQRV.exe
  2⤵
  PID:4092
- C:\Windows\System\WAduhCg.exe
  C:\Windows\System\WAduhCg.exe
  2⤵
  PID:1608
- C:\Windows\System\ODrrxjT.exe
  C:\Windows\System\ODrrxjT.exe
  2⤵
  PID:1440
- C:\Windows\System\ZviIHrN.exe
  C:\Windows\System\ZviIHrN.exe
  2⤵
  PID:652
- C:\Windows\System\RDVzncc.exe
  C:\Windows\System\RDVzncc.exe
  2⤵
  PID:2516
- C:\Windows\System\gMBwSPt.exe
  C:\Windows\System\gMBwSPt.exe
  2⤵
  PID:680
- C:\Windows\System\iAEZoWS.exe
  C:\Windows\System\iAEZoWS.exe
  2⤵
  PID:2752
- C:\Windows\System\WjFpPiC.exe
  C:\Windows\System\WjFpPiC.exe
  2⤵
  PID:824
- C:\Windows\System\fqJrXgF.exe
  C:\Windows\System\fqJrXgF.exe
  2⤵
  PID:2064
- C:\Windows\System\UbGpfuF.exe
  C:\Windows\System\UbGpfuF.exe
  2⤵
  PID:548
- C:\Windows\System\mgPcrth.exe
  C:\Windows\System\mgPcrth.exe
  2⤵
  PID:3120
- C:\Windows\System\WspXglo.exe
  C:\Windows\System\WspXglo.exe
  2⤵
  PID:3108
- C:\Windows\System\yTdceNJ.exe
  C:\Windows\System\yTdceNJ.exe
  2⤵
  PID:3148
- C:\Windows\System\RMIDPGt.exe
  C:\Windows\System\RMIDPGt.exe
  2⤵
  PID:3200
- C:\Windows\System\qsMPLXr.exe
  C:\Windows\System\qsMPLXr.exe
  2⤵
  PID:3244
- C:\Windows\System\bIoEnem.exe
  C:\Windows\System\bIoEnem.exe
  2⤵
  PID:3284
- C:\Windows\System\JJTnfgJ.exe
  C:\Windows\System\JJTnfgJ.exe
  2⤵
  PID:3324
- C:\Windows\System\PncFohX.exe
  C:\Windows\System\PncFohX.exe
  2⤵
  PID:3308
- C:\Windows\System\bUmhwxM.exe
  C:\Windows\System\bUmhwxM.exe
  2⤵
  PID:3372
- C:\Windows\System\vqlCQnw.exe
  C:\Windows\System\vqlCQnw.exe
  2⤵
  PID:3388
- C:\Windows\System\RddSXQp.exe
  C:\Windows\System\RddSXQp.exe
  2⤵
  PID:3448
- C:\Windows\System\rGgKNmB.exe
  C:\Windows\System\rGgKNmB.exe
  2⤵
  PID:3488
- C:\Windows\System\Aubyvsw.exe
  C:\Windows\System\Aubyvsw.exe
  2⤵
  PID:2992
- C:\Windows\System\DSKaqbj.exe
  C:\Windows\System\DSKaqbj.exe
  2⤵
  PID:3560
- C:\Windows\System\qNOogRG.exe
  C:\Windows\System\qNOogRG.exe
  2⤵
  PID:3572
- C:\Windows\System\jJzuWDr.exe
  C:\Windows\System\jJzuWDr.exe
  2⤵
  PID:3604
- C:\Windows\System\ITbHuzG.exe
  C:\Windows\System\ITbHuzG.exe
  2⤵
  PID:3652
- C:\Windows\System\WXcVbVG.exe
  C:\Windows\System\WXcVbVG.exe
  2⤵
  PID:3588
- C:\Windows\System\jWsGbOW.exe
  C:\Windows\System\jWsGbOW.exe
  2⤵
  PID:2944
- C:\Windows\System\QzUBHiG.exe
  C:\Windows\System\QzUBHiG.exe
  2⤵
  PID:3664
- C:\Windows\System\lGatHmp.exe
  C:\Windows\System\lGatHmp.exe
  2⤵
  PID:3768
- C:\Windows\System\EMavEyf.exe
  C:\Windows\System\EMavEyf.exe
  2⤵
  PID:3808
- C:\Windows\System\QqfABMZ.exe
  C:\Windows\System\QqfABMZ.exe
  2⤵
  PID:3840
- C:\Windows\System\uSQPbHG.exe
  C:\Windows\System\uSQPbHG.exe
  2⤵
  PID:3888
- C:\Windows\System\BMNNMRF.exe
  C:\Windows\System\BMNNMRF.exe
  2⤵
  PID:3920
- C:\Windows\System\kJOBzxX.exe
  C:\Windows\System\kJOBzxX.exe
  2⤵
  PID:3960
- C:\Windows\System\nMVGEiF.exe
  C:\Windows\System\nMVGEiF.exe
  2⤵
  PID:4008
- C:\Windows\System\JLTOkXa.exe
  C:\Windows\System\JLTOkXa.exe
  2⤵
  PID:4048
- C:\Windows\System\gNvyOZx.exe
  C:\Windows\System\gNvyOZx.exe
  2⤵
  PID:4084
- C:\Windows\System\sHeZRAJ.exe
  C:\Windows\System\sHeZRAJ.exe
  2⤵
  PID:3948
- C:\Windows\System\fHBwtHb.exe
  C:\Windows\System\fHBwtHb.exe
  2⤵
  PID:3984
- C:\Windows\System\ABzbVTJ.exe
  C:\Windows\System\ABzbVTJ.exe
  2⤵
  PID:4020
- C:\Windows\System\MxQxlmX.exe
  C:\Windows\System\MxQxlmX.exe
  2⤵
  PID:4064
- C:\Windows\System\jlrxfQr.exe
  C:\Windows\System\jlrxfQr.exe
  2⤵
  PID:2656
- C:\Windows\System\QADruvW.exe
  C:\Windows\System\QADruvW.exe
  2⤵
  PID:584
- C:\Windows\System\mvievno.exe
  C:\Windows\System\mvievno.exe
  2⤵
  PID:3088
- C:\Windows\System\fsfBmqr.exe
  C:\Windows\System\fsfBmqr.exe
  2⤵
  PID:3164
- C:\Windows\System\hPxJQjO.exe
  C:\Windows\System\hPxJQjO.exe
  2⤵
  PID:3124
- C:\Windows\System\SOqjspR.exe
  C:\Windows\System\SOqjspR.exe
  2⤵
  PID:3184
- C:\Windows\System\GCGUIil.exe
  C:\Windows\System\GCGUIil.exe
  2⤵
  PID:3228
- C:\Windows\System\TSpGgnN.exe
  C:\Windows\System\TSpGgnN.exe
  2⤵
  PID:3364
- C:\Windows\System\CsWGewF.exe
  C:\Windows\System\CsWGewF.exe
  2⤵
  PID:3348
- C:\Windows\System\CpvtjAL.exe
  C:\Windows\System\CpvtjAL.exe
  2⤵
  PID:3412
- C:\Windows\System\TLHuSHB.exe
  C:\Windows\System\TLHuSHB.exe
  2⤵
  PID:3484
- C:\Windows\System\hOKpBZC.exe
  C:\Windows\System\hOKpBZC.exe
  2⤵
  PID:3564
- C:\Windows\System\QyJrnci.exe
  C:\Windows\System\QyJrnci.exe
  2⤵
  PID:3444
- C:\Windows\System\JljZUMv.exe
  C:\Windows\System\JljZUMv.exe
  2⤵
  PID:3680
- C:\Windows\System\bZQDVIW.exe
  C:\Windows\System\bZQDVIW.exe
  2⤵
  PID:3532
- C:\Windows\System\ANuRLIc.exe
  C:\Windows\System\ANuRLIc.exe
  2⤵
  PID:1956
- C:\Windows\System\vwAcjjI.exe
  C:\Windows\System\vwAcjjI.exe
  2⤵
  PID:3704
- C:\Windows\System\tVhcPdB.exe
  C:\Windows\System\tVhcPdB.exe
  2⤵
  PID:3744
- C:\Windows\System\tDOccQZ.exe
  C:\Windows\System\tDOccQZ.exe
  2⤵
  PID:3880
- C:\Windows\System\hNlXKRn.exe
  C:\Windows\System\hNlXKRn.exe
  2⤵
  PID:3788
- C:\Windows\System\IcVZojL.exe
  C:\Windows\System\IcVZojL.exe
  2⤵
  PID:3824
- C:\Windows\System\CwdfLAq.exe
  C:\Windows\System\CwdfLAq.exe
  2⤵
  PID:4000
- C:\Windows\System\YrhEmVe.exe
  C:\Windows\System\YrhEmVe.exe
  2⤵
  PID:4080
- C:\Windows\System\lDTAcif.exe
  C:\Windows\System\lDTAcif.exe
  2⤵
  PID:4024
- C:\Windows\System\YpefHJq.exe
  C:\Windows\System\YpefHJq.exe
  2⤵
  PID:1044
- C:\Windows\System\IMPaoat.exe
  C:\Windows\System\IMPaoat.exe
  2⤵
  PID:2732
- C:\Windows\System\iznoaKm.exe
  C:\Windows\System\iznoaKm.exe
  2⤵
  PID:1816
- C:\Windows\System\LtVyKbd.exe
  C:\Windows\System\LtVyKbd.exe
  2⤵
  PID:2524
- C:\Windows\System\QlCVUWI.exe
  C:\Windows\System\QlCVUWI.exe
  2⤵
  PID:2484
- C:\Windows\System\NprsOVX.exe
  C:\Windows\System\NprsOVX.exe
  2⤵
  PID:3248
- C:\Windows\System\TnubWdk.exe
  C:\Windows\System\TnubWdk.exe
  2⤵
  PID:3344
- C:\Windows\System\hrZMzCB.exe
  C:\Windows\System\hrZMzCB.exe
  2⤵
  PID:2592
- C:\Windows\System\zwvWOUN.exe
  C:\Windows\System\zwvWOUN.exe
  2⤵
  PID:3440
- C:\Windows\System\uihYjUj.exe
  C:\Windows\System\uihYjUj.exe
  2⤵
  PID:3608
- C:\Windows\System\bZjeYds.exe
  C:\Windows\System\bZjeYds.exe
  2⤵
  PID:3544
- C:\Windows\System\BOqRnPm.exe
  C:\Windows\System\BOqRnPm.exe
  2⤵
  PID:3800
- C:\Windows\System\fOUEmeV.exe
  C:\Windows\System\fOUEmeV.exe
  2⤵
  PID:1080
- C:\Windows\System\fFkvxjp.exe
  C:\Windows\System\fFkvxjp.exe
  2⤵
  PID:2896
- C:\Windows\System\oxnqNbk.exe
  C:\Windows\System\oxnqNbk.exe
  2⤵
  PID:4004
- C:\Windows\System\tgxQwWQ.exe
  C:\Windows\System\tgxQwWQ.exe
  2⤵
  PID:3868
- C:\Windows\System\iqwWDRo.exe
  C:\Windows\System\iqwWDRo.exe
  2⤵
  PID:1240
- C:\Windows\System\EqOckci.exe
  C:\Windows\System\EqOckci.exe
  2⤵
  PID:876
- C:\Windows\System\MAqXWye.exe
  C:\Windows\System\MAqXWye.exe
  2⤵
  PID:2780
- C:\Windows\System\hnDFfPY.exe
  C:\Windows\System\hnDFfPY.exe
  2⤵
  PID:3204
- C:\Windows\System\lIKhUOs.exe
  C:\Windows\System\lIKhUOs.exe
  2⤵
  PID:2652
- C:\Windows\System\odDSGnc.exe
  C:\Windows\System\odDSGnc.exe
  2⤵
  PID:3648
- C:\Windows\System\pxRTldG.exe
  C:\Windows\System\pxRTldG.exe
  2⤵
  PID:2892
- C:\Windows\System\aZXoOVs.exe
  C:\Windows\System\aZXoOVs.exe
  2⤵
  PID:3688
- C:\Windows\System\aIYOoPQ.exe
  C:\Windows\System\aIYOoPQ.exe
  2⤵
  PID:3008
- C:\Windows\System\gHgOOJF.exe
  C:\Windows\System\gHgOOJF.exe
  2⤵
  PID:3924
- C:\Windows\System\EsfSHUn.exe
  C:\Windows\System\EsfSHUn.exe
  2⤵
  PID:2956
- C:\Windows\System\jVrXPDn.exe
  C:\Windows\System\jVrXPDn.exe
  2⤵
  PID:1948
- C:\Windows\System\qxUsmQc.exe
  C:\Windows\System\qxUsmQc.exe
  2⤵
  PID:848
- C:\Windows\System\RdwJQjh.exe
  C:\Windows\System\RdwJQjh.exe
  2⤵
  PID:3304
- C:\Windows\System\PaLzFEf.exe
  C:\Windows\System\PaLzFEf.exe
  2⤵
  PID:3220
- C:\Windows\System\qeZJyim.exe
  C:\Windows\System\qeZJyim.exe
  2⤵
  PID:2764
- C:\Windows\System\wMejQSo.exe
  C:\Windows\System\wMejQSo.exe
  2⤵
  PID:3764
- C:\Windows\System\RonETzE.exe
  C:\Windows\System\RonETzE.exe
  2⤵
  PID:3708
- C:\Windows\System\xarvoeV.exe
  C:\Windows\System\xarvoeV.exe
  2⤵
  PID:2160
- C:\Windows\System\gKpMgPH.exe
  C:\Windows\System\gKpMgPH.exe
  2⤵
  PID:3196
- C:\Windows\System\sjTwBrE.exe
  C:\Windows\System\sjTwBrE.exe
  2⤵
  PID:2672
- C:\Windows\System\eUbMRzt.exe
  C:\Windows\System\eUbMRzt.exe
  2⤵
  PID:3548
- C:\Windows\System\MPWhTuK.exe
  C:\Windows\System\MPWhTuK.exe
  2⤵
  PID:3408
- C:\Windows\System\jVANise.exe
  C:\Windows\System\jVANise.exe
  2⤵
  PID:4100
- C:\Windows\System\HNyrYwa.exe
  C:\Windows\System\HNyrYwa.exe
  2⤵
  PID:4120
- C:\Windows\System\oMpYJoo.exe
  C:\Windows\System\oMpYJoo.exe
  2⤵
  PID:4140
- C:\Windows\System\VFIuKBI.exe
  C:\Windows\System\VFIuKBI.exe
  2⤵
  PID:4160
- C:\Windows\System\SLVpUEm.exe
  C:\Windows\System\SLVpUEm.exe
  2⤵
  PID:4184
- C:\Windows\System\MJLGIcp.exe
  C:\Windows\System\MJLGIcp.exe
  2⤵
  PID:4204
- C:\Windows\System\LyhXeML.exe
  C:\Windows\System\LyhXeML.exe
  2⤵
  PID:4224
- C:\Windows\System\ixbuuua.exe
  C:\Windows\System\ixbuuua.exe
  2⤵
  PID:4244
- C:\Windows\System\zEokXnO.exe
  C:\Windows\System\zEokXnO.exe
  2⤵
  PID:4264
- C:\Windows\System\dxskzhp.exe
  C:\Windows\System\dxskzhp.exe
  2⤵
  PID:4284
- C:\Windows\System\YpkazkF.exe
  C:\Windows\System\YpkazkF.exe
  2⤵
  PID:4304
- C:\Windows\System\PtyHPEk.exe
  C:\Windows\System\PtyHPEk.exe
  2⤵
  PID:4324
- C:\Windows\System\VCsUQcs.exe
  C:\Windows\System\VCsUQcs.exe
  2⤵
  PID:4344
- C:\Windows\System\UGCxMmB.exe
  C:\Windows\System\UGCxMmB.exe
  2⤵
  PID:4360
- C:\Windows\System\zHPwogN.exe
  C:\Windows\System\zHPwogN.exe
  2⤵
  PID:4384
- C:\Windows\System\oferfyP.exe
  C:\Windows\System\oferfyP.exe
  2⤵
  PID:4400
- C:\Windows\System\uvUfLwu.exe
  C:\Windows\System\uvUfLwu.exe
  2⤵
  PID:4420
- C:\Windows\System\iIAKLie.exe
  C:\Windows\System\iIAKLie.exe
  2⤵
  PID:4440
- C:\Windows\System\ebEMDpn.exe
  C:\Windows\System\ebEMDpn.exe
  2⤵
  PID:4460
- C:\Windows\System\lJpDpoS.exe
  C:\Windows\System\lJpDpoS.exe
  2⤵
  PID:4476
- C:\Windows\System\IaqDMEN.exe
  C:\Windows\System\IaqDMEN.exe
  2⤵
  PID:4492
- C:\Windows\System\yplwLOE.exe
  C:\Windows\System\yplwLOE.exe
  2⤵
  PID:4512
- C:\Windows\System\iuAFqlU.exe
  C:\Windows\System\iuAFqlU.exe
  2⤵
  PID:4536
- C:\Windows\System\VLixhUD.exe
  C:\Windows\System\VLixhUD.exe
  2⤵
  PID:4552
- C:\Windows\System\IrULBzq.exe
  C:\Windows\System\IrULBzq.exe
  2⤵
  PID:4584
- C:\Windows\System\RCtDeMj.exe
  C:\Windows\System\RCtDeMj.exe
  2⤵
  PID:4600
- C:\Windows\System\IPhnqTd.exe
  C:\Windows\System\IPhnqTd.exe
  2⤵
  PID:4620
- C:\Windows\System\dislmzn.exe
  C:\Windows\System\dislmzn.exe
  2⤵
  PID:4640
- C:\Windows\System\qiBAMJN.exe
  C:\Windows\System\qiBAMJN.exe
  2⤵
  PID:4656
- C:\Windows\System\dnQHfRF.exe
  C:\Windows\System\dnQHfRF.exe
  2⤵
  PID:4672
- C:\Windows\System\lLoOgki.exe
  C:\Windows\System\lLoOgki.exe
  2⤵
  PID:4688
- C:\Windows\System\NrFsnYC.exe
  C:\Windows\System\NrFsnYC.exe
  2⤵
  PID:4704
- C:\Windows\System\APrSFyk.exe
  C:\Windows\System\APrSFyk.exe
  2⤵
  PID:4736
- C:\Windows\System\OHPhHMK.exe
  C:\Windows\System\OHPhHMK.exe
  2⤵
  PID:4752
- C:\Windows\System\SHlnbGo.exe
  C:\Windows\System\SHlnbGo.exe
  2⤵
  PID:4772
- C:\Windows\System\rVdsxGA.exe
  C:\Windows\System\rVdsxGA.exe
  2⤵
  PID:4804
- C:\Windows\System\trzPrIW.exe
  C:\Windows\System\trzPrIW.exe
  2⤵
  PID:4828
- C:\Windows\System\FpNKiEv.exe
  C:\Windows\System\FpNKiEv.exe
  2⤵
  PID:4844
- C:\Windows\System\upsXqux.exe
  C:\Windows\System\upsXqux.exe
  2⤵
  PID:4860
- C:\Windows\System\AdKEXzz.exe
  C:\Windows\System\AdKEXzz.exe
  2⤵
  PID:4876
- C:\Windows\System\MNhadeu.exe
  C:\Windows\System\MNhadeu.exe
  2⤵
  PID:4896
- C:\Windows\System\mJdRqUd.exe
  C:\Windows\System\mJdRqUd.exe
  2⤵
  PID:4924
- C:\Windows\System\IxfMvIu.exe
  C:\Windows\System\IxfMvIu.exe
  2⤵
  PID:4948
- C:\Windows\System\cuDVzrj.exe
  C:\Windows\System\cuDVzrj.exe
  2⤵
  PID:4968
- C:\Windows\System\IXHDiyw.exe
  C:\Windows\System\IXHDiyw.exe
  2⤵
  PID:4984
- C:\Windows\System\CHziPgp.exe
  C:\Windows\System\CHziPgp.exe
  2⤵
  PID:5000
- C:\Windows\System\fpzzYmO.exe
  C:\Windows\System\fpzzYmO.exe
  2⤵
  PID:5028
- C:\Windows\System\beIOqmA.exe
  C:\Windows\System\beIOqmA.exe
  2⤵
  PID:5048
- C:\Windows\System\oIbnffu.exe
  C:\Windows\System\oIbnffu.exe
  2⤵
  PID:5072
- C:\Windows\System\TAeMgrk.exe
  C:\Windows\System\TAeMgrk.exe
  2⤵
  PID:5088
- C:\Windows\System\ttNgLTa.exe
  C:\Windows\System\ttNgLTa.exe
  2⤵
  PID:5104
- C:\Windows\System\lMRTebo.exe
  C:\Windows\System\lMRTebo.exe
  2⤵
  PID:2784
- C:\Windows\System\PQqqjgN.exe
  C:\Windows\System\PQqqjgN.exe
  2⤵
  PID:2040
- C:\Windows\System\UoDnygt.exe
  C:\Windows\System\UoDnygt.exe
  2⤵
  PID:2208
- C:\Windows\System\NvwiiUJ.exe
  C:\Windows\System\NvwiiUJ.exe
  2⤵
  PID:4128
- C:\Windows\System\APmVkJM.exe
  C:\Windows\System\APmVkJM.exe
  2⤵
  PID:4108
- C:\Windows\System\LquIObW.exe
  C:\Windows\System\LquIObW.exe
  2⤵
  PID:4180
- C:\Windows\System\uTssNzK.exe
  C:\Windows\System\uTssNzK.exe
  2⤵
  PID:4212
- C:\Windows\System\uNBwhwN.exe
  C:\Windows\System\uNBwhwN.exe
  2⤵
  PID:4232
- C:\Windows\System\XkRjMHE.exe
  C:\Windows\System\XkRjMHE.exe
  2⤵
  PID:4260
- C:\Windows\System\RjmRemd.exe
  C:\Windows\System\RjmRemd.exe
  2⤵
  PID:4276
- C:\Windows\System\kkxdCeS.exe
  C:\Windows\System\kkxdCeS.exe
  2⤵
  PID:4332
- C:\Windows\System\uDvrJsA.exe
  C:\Windows\System\uDvrJsA.exe
  2⤵
  PID:4380
- C:\Windows\System\cWuEOkZ.exe
  C:\Windows\System\cWuEOkZ.exe
  2⤵
  PID:4356
- C:\Windows\System\lRVYoat.exe
  C:\Windows\System\lRVYoat.exe
  2⤵
  PID:1736
- C:\Windows\System\cHDOtAK.exe
  C:\Windows\System\cHDOtAK.exe
  2⤵
  PID:4408
- C:\Windows\System\AJBkRjg.exe
  C:\Windows\System\AJBkRjg.exe
  2⤵
  PID:4432
- C:\Windows\System\BTZbpQc.exe
  C:\Windows\System\BTZbpQc.exe
  2⤵
  PID:4456
- C:\Windows\System\bZFWKwC.exe
  C:\Windows\System\bZFWKwC.exe
  2⤵
  PID:4528
- C:\Windows\System\LVWsVwq.exe
  C:\Windows\System\LVWsVwq.exe
  2⤵
  PID:4500
- C:\Windows\System\IhawPIW.exe
  C:\Windows\System\IhawPIW.exe
  2⤵
  PID:4544
- C:\Windows\System\mZEhdEY.exe
  C:\Windows\System\mZEhdEY.exe
  2⤵
  PID:4576
- C:\Windows\System\gIYpnzt.exe
  C:\Windows\System\gIYpnzt.exe
  2⤵
  PID:4596
- C:\Windows\System\CtcJsuO.exe
  C:\Windows\System\CtcJsuO.exe
  2⤵
  PID:4652
- C:\Windows\System\AHOJRve.exe
  C:\Windows\System\AHOJRve.exe
  2⤵
  PID:4632
- C:\Windows\System\Rikxwun.exe
  C:\Windows\System\Rikxwun.exe
  2⤵
  PID:4668
- C:\Windows\System\rVwqHof.exe
  C:\Windows\System\rVwqHof.exe
  2⤵
  PID:4792
- C:\Windows\System\XHjdWXv.exe
  C:\Windows\System\XHjdWXv.exe
  2⤵
  PID:4744
- C:\Windows\System\XdCUghv.exe
  C:\Windows\System\XdCUghv.exe
  2⤵
  PID:4816
- C:\Windows\System\gyFpSDy.exe
  C:\Windows\System\gyFpSDy.exe
  2⤵
  PID:2976
- C:\Windows\System\YjbXdbL.exe
  C:\Windows\System\YjbXdbL.exe
  2⤵
  PID:4856
- C:\Windows\System\inoIfaD.exe
  C:\Windows\System\inoIfaD.exe
  2⤵
  PID:4840
- C:\Windows\System\iJTLltD.exe
  C:\Windows\System\iJTLltD.exe
  2⤵
  PID:4908
- C:\Windows\System\rPXWFZr.exe
  C:\Windows\System\rPXWFZr.exe
  2⤵
  PID:4944
- C:\Windows\System\ImkDFEc.exe
  C:\Windows\System\ImkDFEc.exe
  2⤵
  PID:4980
- C:\Windows\System\YsagrTT.exe
  C:\Windows\System\YsagrTT.exe
  2⤵
  PID:4992
- C:\Windows\System\BUFaVGT.exe
  C:\Windows\System\BUFaVGT.exe
  2⤵
  PID:4996
- C:\Windows\System\xNEwGam.exe
  C:\Windows\System\xNEwGam.exe
  2⤵
  PID:2792
- C:\Windows\System\OJdUoHr.exe
  C:\Windows\System\OJdUoHr.exe
  2⤵
  PID:5044
- C:\Windows\System\bCyeYnB.exe
  C:\Windows\System\bCyeYnB.exe
  2⤵
  PID:5060
- C:\Windows\System\HjkDHbQ.exe
  C:\Windows\System\HjkDHbQ.exe
  2⤵
  PID:3144
- C:\Windows\System\xMQilkQ.exe
  C:\Windows\System\xMQilkQ.exe
  2⤵
  PID:3732
- C:\Windows\System\iyfJehq.exe
  C:\Windows\System\iyfJehq.exe
  2⤵
  PID:2924
- C:\Windows\System\vraTzbA.exe
  C:\Windows\System\vraTzbA.exe
  2⤵
  PID:284
- C:\Windows\System\mgcIVIN.exe
  C:\Windows\System\mgcIVIN.exe
  2⤵
  PID:4076
- C:\Windows\System\DRyukxi.exe
  C:\Windows\System\DRyukxi.exe
  2⤵
  PID:2816
- C:\Windows\System\ygGlQtl.exe
  C:\Windows\System\ygGlQtl.exe
  2⤵
  PID:4152
- C:\Windows\System\ylCIQRM.exe
  C:\Windows\System\ylCIQRM.exe
  2⤵
  PID:2004
- C:\Windows\System\SUvTsDj.exe
  C:\Windows\System\SUvTsDj.exe
  2⤵
  PID:820
- C:\Windows\System\wkxbqTM.exe
  C:\Windows\System\wkxbqTM.exe
  2⤵
  PID:4428
- C:\Windows\System\eOWteOC.exe
  C:\Windows\System\eOWteOC.exe
  2⤵
  PID:4508
- C:\Windows\System\gdKKEaA.exe
  C:\Windows\System\gdKKEaA.exe
  2⤵
  PID:4684
- C:\Windows\System\mfrogfV.exe
  C:\Windows\System\mfrogfV.exe
  2⤵
  PID:4236
- C:\Windows\System\LBVVbjR.exe
  C:\Windows\System\LBVVbjR.exe
  2⤵
  PID:4292
- C:\Windows\System\yTRKYdf.exe
  C:\Windows\System\yTRKYdf.exe
  2⤵
  PID:4524
- C:\Windows\System\Mvhhtki.exe
  C:\Windows\System\Mvhhtki.exe
  2⤵
  PID:1612
- C:\Windows\System\OpFeULk.exe
  C:\Windows\System\OpFeULk.exe
  2⤵
  PID:4764
- C:\Windows\System\JzmLjWx.exe
  C:\Windows\System\JzmLjWx.exe
  2⤵
  PID:4780
- C:\Windows\System\ZixaADx.exe
  C:\Windows\System\ZixaADx.exe
  2⤵
  PID:4820
- C:\Windows\System\zzRFkMQ.exe
  C:\Windows\System\zzRFkMQ.exe
  2⤵
  PID:4572
- C:\Windows\System\HLVNtqM.exe
  C:\Windows\System\HLVNtqM.exe
  2⤵
  PID:4696
- C:\Windows\System\BYHLcrE.exe
  C:\Windows\System\BYHLcrE.exe
  2⤵
  PID:1744
- C:\Windows\System\tNYEFQu.exe
  C:\Windows\System\tNYEFQu.exe
  2⤵
  PID:4936
- C:\Windows\System\OHWOMrM.exe
  C:\Windows\System\OHWOMrM.exe
  2⤵
  PID:5024
- C:\Windows\System\uwiElkG.exe
  C:\Windows\System\uwiElkG.exe
  2⤵
  PID:4272
- C:\Windows\System\oCmAkzZ.exe
  C:\Windows\System\oCmAkzZ.exe
  2⤵
  PID:5116
- C:\Windows\System\ABEUaiZ.exe
  C:\Windows\System\ABEUaiZ.exe
  2⤵
  PID:5080
- C:\Windows\System\hzztrAY.exe
  C:\Windows\System\hzztrAY.exe
  2⤵
  PID:4368
- C:\Windows\System\CliMRSW.exe
  C:\Windows\System\CliMRSW.exe
  2⤵
  PID:4416
- C:\Windows\System\dpKBCAy.exe
  C:\Windows\System\dpKBCAy.exe
  2⤵
  PID:4352
- C:\Windows\System\ruwUULx.exe
  C:\Windows\System\ruwUULx.exe
  2⤵
  PID:4716
- C:\Windows\System\FEsyZBM.exe
  C:\Windows\System\FEsyZBM.exe
  2⤵
  PID:4592
- C:\Windows\System\OodPIzR.exe
  C:\Windows\System\OodPIzR.exe
  2⤵
  PID:1132
- C:\Windows\System\eWOMXds.exe
  C:\Windows\System\eWOMXds.exe
  2⤵
  PID:2772
- C:\Windows\System\AKVLEKk.exe
  C:\Windows\System\AKVLEKk.exe
  2⤵
  PID:4748
- C:\Windows\System\XbYNmEH.exe
  C:\Windows\System\XbYNmEH.exe
  2⤵
  PID:2588
- C:\Windows\System\sSarZas.exe
  C:\Windows\System\sSarZas.exe
  2⤵
  PID:2616
- C:\Windows\System\Ivbifhz.exe
  C:\Windows\System\Ivbifhz.exe
  2⤵
  PID:3480
- C:\Windows\System\ETaNQex.exe
  C:\Windows\System\ETaNQex.exe
  2⤵
  PID:4964
- C:\Windows\System\wBvVqWO.exe
  C:\Windows\System\wBvVqWO.exe
  2⤵
  PID:5056
- C:\Windows\System\gQUVraW.exe
  C:\Windows\System\gQUVraW.exe
  2⤵
  PID:1312
- C:\Windows\System\kTlYLAB.exe
  C:\Windows\System\kTlYLAB.exe
  2⤵
  PID:832
- C:\Windows\System\eOzSnRm.exe
  C:\Windows\System\eOzSnRm.exe
  2⤵
  PID:2032
- C:\Windows\System\ZytNHrB.exe
  C:\Windows\System\ZytNHrB.exe
  2⤵
  PID:4300
- C:\Windows\System\ETbMIuo.exe
  C:\Windows\System\ETbMIuo.exe
  2⤵
  PID:976
- C:\Windows\System\FeCXGVe.exe
  C:\Windows\System\FeCXGVe.exe
  2⤵
  PID:4700
- C:\Windows\System\rVUkJOE.exe
  C:\Windows\System\rVUkJOE.exe
  2⤵
  PID:1280
- C:\Windows\System\NpIXwtY.exe
  C:\Windows\System\NpIXwtY.exe
  2⤵
  PID:2424
- C:\Windows\System\pdpKgOC.exe
  C:\Windows\System\pdpKgOC.exe
  2⤵
  PID:2900
- C:\Windows\System\NzVDAJY.exe
  C:\Windows\System\NzVDAJY.exe
  2⤵
  PID:2568
- C:\Windows\System\GUANqBi.exe
  C:\Windows\System\GUANqBi.exe
  2⤵
  PID:4932
- C:\Windows\System\OaVaGMH.exe
  C:\Windows\System\OaVaGMH.exe
  2⤵
  PID:1724
- C:\Windows\System\YVELXMS.exe
  C:\Windows\System\YVELXMS.exe
  2⤵
  PID:4192
- C:\Windows\System\IDtJUbL.exe
  C:\Windows\System\IDtJUbL.exe
  2⤵
  PID:4448
- C:\Windows\System\FkqeMhr.exe
  C:\Windows\System\FkqeMhr.exe
  2⤵
  PID:3312
- C:\Windows\System\XWJSKTe.exe
  C:\Windows\System\XWJSKTe.exe
  2⤵
  PID:2740
- C:\Windows\System\Llfggby.exe
  C:\Windows\System\Llfggby.exe
  2⤵
  PID:1652
- C:\Windows\System\HPvxmQN.exe
  C:\Windows\System\HPvxmQN.exe
  2⤵
  PID:2668
- C:\Windows\System\iJqYuBn.exe
  C:\Windows\System\iJqYuBn.exe
  2⤵
  PID:4888
- C:\Windows\System\FAMmOkG.exe
  C:\Windows\System\FAMmOkG.exe
  2⤵
  PID:4520
- C:\Windows\System\dhgjXkS.exe
  C:\Windows\System\dhgjXkS.exe
  2⤵
  PID:4916
- C:\Windows\System\ifWlwfg.exe
  C:\Windows\System\ifWlwfg.exe
  2⤵
  PID:4168
- C:\Windows\System\wQjrkXr.exe
  C:\Windows\System\wQjrkXr.exe
  2⤵
  PID:5132
- C:\Windows\System\bxOeyQM.exe
  C:\Windows\System\bxOeyQM.exe
  2⤵
  PID:5148
- C:\Windows\System\ZMIYoSF.exe
  C:\Windows\System\ZMIYoSF.exe
  2⤵
  PID:5164
- C:\Windows\System\bNabwKH.exe
  C:\Windows\System\bNabwKH.exe
  2⤵
  PID:5184
- C:\Windows\System\gyknTxX.exe
  C:\Windows\System\gyknTxX.exe
  2⤵
  PID:5204
- C:\Windows\System\wYBeRAC.exe
  C:\Windows\System\wYBeRAC.exe
  2⤵
  PID:5240
- C:\Windows\System\lICNvpl.exe
  C:\Windows\System\lICNvpl.exe
  2⤵
  PID:5260
- C:\Windows\System\EgDvQuS.exe
  C:\Windows\System\EgDvQuS.exe
  2⤵
  PID:5280
- C:\Windows\System\wOlvhvN.exe
  C:\Windows\System\wOlvhvN.exe
  2⤵
  PID:5300
- C:\Windows\System\MTgDAzT.exe
  C:\Windows\System\MTgDAzT.exe
  2⤵
  PID:5316
- C:\Windows\System\hTJaXzV.exe
  C:\Windows\System\hTJaXzV.exe
  2⤵
  PID:5336
- C:\Windows\System\smAOCuS.exe
  C:\Windows\System\smAOCuS.exe
  2⤵
  PID:5352
- C:\Windows\System\JpkYVVW.exe
  C:\Windows\System\JpkYVVW.exe
  2⤵
  PID:5368
- C:\Windows\System\qmMgDff.exe
  C:\Windows\System\qmMgDff.exe
  2⤵
  PID:5388
- C:\Windows\System\BtdItBH.exe
  C:\Windows\System\BtdItBH.exe
  2⤵
  PID:5404
- C:\Windows\System\TnSDBqq.exe
  C:\Windows\System\TnSDBqq.exe
  2⤵
  PID:5424
- C:\Windows\System\EKKYNMH.exe
  C:\Windows\System\EKKYNMH.exe
  2⤵
  PID:5448
- C:\Windows\System\AokBrFk.exe
  C:\Windows\System\AokBrFk.exe
  2⤵
  PID:5464
- C:\Windows\System\VrQSqYh.exe
  C:\Windows\System\VrQSqYh.exe
  2⤵
  PID:5480
- C:\Windows\System\bewYbSH.exe
  C:\Windows\System\bewYbSH.exe
  2⤵
  PID:5500
- C:\Windows\System\HQdILYa.exe
  C:\Windows\System\HQdILYa.exe
  2⤵
  PID:5532
- C:\Windows\System\UUfGHcF.exe
  C:\Windows\System\UUfGHcF.exe
  2⤵
  PID:5552
- C:\Windows\System\mhGjSnP.exe
  C:\Windows\System\mhGjSnP.exe
  2⤵
  PID:5580
- C:\Windows\System\XPvaAub.exe
  C:\Windows\System\XPvaAub.exe
  2⤵
  PID:5596
- C:\Windows\System\KSKotYp.exe
  C:\Windows\System\KSKotYp.exe
  2⤵
  PID:5612
- C:\Windows\System\ehhMvpF.exe
  C:\Windows\System\ehhMvpF.exe
  2⤵
  PID:5640
- C:\Windows\System\aQMKmks.exe
  C:\Windows\System\aQMKmks.exe
  2⤵
  PID:5660
- C:\Windows\System\sFypKkU.exe
  C:\Windows\System\sFypKkU.exe
  2⤵
  PID:5680
- C:\Windows\System\uuFiJiA.exe
  C:\Windows\System\uuFiJiA.exe
  2⤵
  PID:5700
- C:\Windows\System\qwfsaaF.exe
  C:\Windows\System\qwfsaaF.exe
  2⤵
  PID:5720
- C:\Windows\System\RNPpGhf.exe
  C:\Windows\System\RNPpGhf.exe
  2⤵
  PID:5736
- C:\Windows\System\ZAKDgjo.exe
  C:\Windows\System\ZAKDgjo.exe
  2⤵
  PID:5760
- C:\Windows\System\WzKyLiO.exe
  C:\Windows\System\WzKyLiO.exe
  2⤵
  PID:5776
- C:\Windows\System\WJwEhVr.exe
  C:\Windows\System\WJwEhVr.exe
  2⤵
  PID:5792
- C:\Windows\System\XLFTQOg.exe
  C:\Windows\System\XLFTQOg.exe
  2⤵
  PID:5808
- C:\Windows\System\TrZxWsR.exe
  C:\Windows\System\TrZxWsR.exe
  2⤵
  PID:5824
- C:\Windows\System\FVcNxHk.exe
  C:\Windows\System\FVcNxHk.exe
  2⤵
  PID:5844
- C:\Windows\System\duDCHAu.exe
  C:\Windows\System\duDCHAu.exe
  2⤵
  PID:5864
- C:\Windows\System\YjsHgyk.exe
  C:\Windows\System\YjsHgyk.exe
  2⤵
  PID:5880
- C:\Windows\System\HYsRBNz.exe
  C:\Windows\System\HYsRBNz.exe
  2⤵
  PID:5896
- C:\Windows\System\VWckCCR.exe
  C:\Windows\System\VWckCCR.exe
  2⤵
  PID:5932
- C:\Windows\System\VySwuZL.exe
  C:\Windows\System\VySwuZL.exe
  2⤵
  PID:5960
- C:\Windows\System\HTwhHEf.exe
  C:\Windows\System\HTwhHEf.exe
  2⤵
  PID:5976
- C:\Windows\System\wnDaxVK.exe
  C:\Windows\System\wnDaxVK.exe
  2⤵
  PID:5992
- C:\Windows\System\uflrYbb.exe
  C:\Windows\System\uflrYbb.exe
  2⤵
  PID:6008
- C:\Windows\System\DrWkIOo.exe
  C:\Windows\System\DrWkIOo.exe
  2⤵
  PID:6024
- C:\Windows\System\xklpVMc.exe
  C:\Windows\System\xklpVMc.exe
  2⤵
  PID:6048
- C:\Windows\System\AgViIma.exe
  C:\Windows\System\AgViIma.exe
  2⤵
  PID:6064
- C:\Windows\System\PWhFRMp.exe
  C:\Windows\System\PWhFRMp.exe
  2⤵
  PID:6080
- C:\Windows\System\pLxRAFi.exe
  C:\Windows\System\pLxRAFi.exe
  2⤵
  PID:6096
- C:\Windows\System\xJYhRjA.exe
  C:\Windows\System\xJYhRjA.exe
  2⤵
  PID:6116
- C:\Windows\System\nmIMgNI.exe
  C:\Windows\System\nmIMgNI.exe
  2⤵
  PID:1096
- C:\Windows\System\XxpwwDG.exe
  C:\Windows\System\XxpwwDG.exe
  2⤵
  PID:5128
- C:\Windows\System\dxTXfHu.exe
  C:\Windows\System\dxTXfHu.exe
  2⤵
  PID:5196
- C:\Windows\System\fMEjOkN.exe
  C:\Windows\System\fMEjOkN.exe
  2⤵
  PID:4372
- C:\Windows\System\PxODCCH.exe
  C:\Windows\System\PxODCCH.exe
  2⤵
  PID:5220
- C:\Windows\System\CPOiNvF.exe
  C:\Windows\System\CPOiNvF.exe
  2⤵
  PID:5248
- C:\Windows\System\ngWkVhl.exe
  C:\Windows\System\ngWkVhl.exe
  2⤵
  PID:5288
- C:\Windows\System\zNPzxVQ.exe
  C:\Windows\System\zNPzxVQ.exe
  2⤵
  PID:5332
- C:\Windows\System\wbyEyXw.exe
  C:\Windows\System\wbyEyXw.exe
  2⤵
  PID:5396
- C:\Windows\System\prSoDXL.exe
  C:\Windows\System\prSoDXL.exe
  2⤵
  PID:5268
- C:\Windows\System\etqrZNX.exe
  C:\Windows\System\etqrZNX.exe
  2⤵
  PID:5476
- C:\Windows\System\ChnZssa.exe
  C:\Windows\System\ChnZssa.exe
  2⤵
  PID:5512
- C:\Windows\System\mzsVcAN.exe
  C:\Windows\System\mzsVcAN.exe
  2⤵
  PID:5348
- C:\Windows\System\SYxFCxC.exe
  C:\Windows\System\SYxFCxC.exe
  2⤵
  PID:5520
- C:\Windows\System\VktWkSv.exe
  C:\Windows\System\VktWkSv.exe
  2⤵
  PID:5492
- C:\Windows\System\jGskEEN.exe
  C:\Windows\System\jGskEEN.exe
  2⤵
  PID:5496
- C:\Windows\System\fiHrDSe.exe
  C:\Windows\System\fiHrDSe.exe
  2⤵
  PID:5548
- C:\Windows\System\XIsVAON.exe
  C:\Windows\System\XIsVAON.exe
  2⤵
  PID:5632
- C:\Windows\System\wCVGpIz.exe
  C:\Windows\System\wCVGpIz.exe
  2⤵
  PID:752
- C:\Windows\System\JDnbXOK.exe
  C:\Windows\System\JDnbXOK.exe
  2⤵
  PID:5672
- C:\Windows\System\JAcSlOX.exe
  C:\Windows\System\JAcSlOX.exe
  2⤵
  PID:5696
- C:\Windows\System\eqFbncE.exe
  C:\Windows\System\eqFbncE.exe
  2⤵
  PID:5712
- C:\Windows\System\Urkywja.exe
  C:\Windows\System\Urkywja.exe
  2⤵
  PID:5800
- C:\Windows\System\sbjqrbV.exe
  C:\Windows\System\sbjqrbV.exe
  2⤵
  PID:5872
- C:\Windows\System\gHJSumv.exe
  C:\Windows\System\gHJSumv.exe
  2⤵
  PID:5912
- C:\Windows\System\OvBDAdQ.exe
  C:\Windows\System\OvBDAdQ.exe
  2⤵
  PID:5928
- C:\Windows\System\QtqMFXU.exe
  C:\Windows\System\QtqMFXU.exe
  2⤵
  PID:5816
- C:\Windows\System\sqQdVHp.exe
  C:\Windows\System\sqQdVHp.exe
  2⤵
  PID:5860
- C:\Windows\System\SGLYQQl.exe
  C:\Windows\System\SGLYQQl.exe
  2⤵
  PID:5972
- C:\Windows\System\pOXgbRx.exe
  C:\Windows\System\pOXgbRx.exe
  2⤵
  PID:6072
- C:\Windows\System\BYRRFLq.exe
  C:\Windows\System\BYRRFLq.exe
  2⤵
  PID:6112
- C:\Windows\System\TlUwWVs.exe
  C:\Windows\System\TlUwWVs.exe
  2⤵
  PID:4712
- C:\Windows\System\XFdeGWH.exe
  C:\Windows\System\XFdeGWH.exe
  2⤵
  PID:6128
- C:\Windows\System\ntwzlzw.exe
  C:\Windows\System\ntwzlzw.exe
  2⤵
  PID:5212
- C:\Windows\System\weaZTgZ.exe
  C:\Windows\System\weaZTgZ.exe
  2⤵
  PID:5952
- C:\Windows\System\FKmRvFz.exe
  C:\Windows\System\FKmRvFz.exe
  2⤵
  PID:6140
- C:\Windows\System\oTsjCxo.exe
  C:\Windows\System\oTsjCxo.exe
  2⤵
  PID:5160
- C:\Windows\System\rFMdTXO.exe
  C:\Windows\System\rFMdTXO.exe
  2⤵
  PID:6092
- C:\Windows\System\YaLiWcK.exe
  C:\Windows\System\YaLiWcK.exe
  2⤵
  PID:1620
- C:\Windows\System\FJrmLDN.exe
  C:\Windows\System\FJrmLDN.exe
  2⤵
  PID:4648
- C:\Windows\System\CKQOkKX.exe
  C:\Windows\System\CKQOkKX.exe
  2⤵
  PID:5180
- C:\Windows\System\yCABont.exe
  C:\Windows\System\yCABont.exe
  2⤵
  PID:5232
- C:\Windows\System\TRHazwa.exe
  C:\Windows\System\TRHazwa.exe
  2⤵
  PID:5420
- C:\Windows\System\tFrrMpR.exe
  C:\Windows\System\tFrrMpR.exe
  2⤵
  PID:5472
- C:\Windows\System\swgPJlA.exe
  C:\Windows\System\swgPJlA.exe
  2⤵
  PID:5732
- C:\Windows\System\SusTroC.exe
  C:\Windows\System\SusTroC.exe
  2⤵
  PID:5604
- C:\Windows\System\stlWJFn.exe
  C:\Windows\System\stlWJFn.exe
  2⤵
  PID:5852
- C:\Windows\System\jkBqTAl.exe
  C:\Windows\System\jkBqTAl.exe
  2⤵
  PID:6036
- C:\Windows\System\eODiEMi.exe
  C:\Windows\System\eODiEMi.exe
  2⤵
  PID:5716
- C:\Windows\System\zfRHilk.exe
  C:\Windows\System\zfRHilk.exe
  2⤵
  PID:4768
- C:\Windows\System\wPriJMc.exe
  C:\Windows\System\wPriJMc.exe
  2⤵
  PID:5380
- C:\Windows\System\xwITWqd.exe
  C:\Windows\System\xwITWqd.exe
  2⤵
  PID:5440
- C:\Windows\System\WbKbdRG.exe
  C:\Windows\System\WbKbdRG.exe
  2⤵
  PID:5568
- C:\Windows\System\HCCNtlT.exe
  C:\Windows\System\HCCNtlT.exe
  2⤵
  PID:5772
- C:\Windows\System\fGEjulI.exe
  C:\Windows\System\fGEjulI.exe
  2⤵
  PID:5908
- C:\Windows\System\pAxWQZT.exe
  C:\Windows\System\pAxWQZT.exe
  2⤵
  PID:5892
- C:\Windows\System\ROgDTMk.exe
  C:\Windows\System\ROgDTMk.exe
  2⤵
  PID:6076
- C:\Windows\System\vaNfxON.exe
  C:\Windows\System\vaNfxON.exe
  2⤵
  PID:6016
- C:\Windows\System\IeGBeng.exe
  C:\Windows\System\IeGBeng.exe
  2⤵
  PID:6124
- C:\Windows\System\MdyVpbI.exe
  C:\Windows\System\MdyVpbI.exe
  2⤵
  PID:5620
- C:\Windows\System\DAMkAhN.exe
  C:\Windows\System\DAMkAhN.exe
  2⤵
  PID:5608
- C:\Windows\System\OtnMiQI.exe
  C:\Windows\System\OtnMiQI.exe
  2⤵
  PID:5836
- C:\Windows\System\LJKLgNt.exe
  C:\Windows\System\LJKLgNt.exe
  2⤵
  PID:5920
- C:\Windows\System\RCUrIgp.exe
  C:\Windows\System\RCUrIgp.exe
  2⤵
  PID:628
- C:\Windows\System\GdmnvqW.exe
  C:\Windows\System\GdmnvqW.exe
  2⤵
  PID:6136
- C:\Windows\System\uCGLpLC.exe
  C:\Windows\System\uCGLpLC.exe
  2⤵
  PID:5572
- C:\Windows\System\TiqlWWY.exe
  C:\Windows\System\TiqlWWY.exe
  2⤵
  PID:5140
- C:\Windows\System\kbjzVol.exe
  C:\Windows\System\kbjzVol.exe
  2⤵
  PID:6060
- C:\Windows\System\ysrXvYu.exe
  C:\Windows\System\ysrXvYu.exe
  2⤵
  PID:5692
- C:\Windows\System\SqzJYgJ.exe
  C:\Windows\System\SqzJYgJ.exe
  2⤵
  PID:5364
- C:\Windows\System\kkhiUQI.exe
  C:\Windows\System\kkhiUQI.exe
  2⤵
  PID:5308
- C:\Windows\System\yjgtkFA.exe
  C:\Windows\System\yjgtkFA.exe
  2⤵
  PID:5456
- C:\Windows\System\bhjvtkr.exe
  C:\Windows\System\bhjvtkr.exe
  2⤵
  PID:5228
- C:\Windows\System\OVshkiM.exe
  C:\Windows\System\OVshkiM.exe
  2⤵
  PID:5708
- C:\Windows\System\WXZKDsG.exe
  C:\Windows\System\WXZKDsG.exe
  2⤵
  PID:5832
- C:\Windows\System\NQkPudS.exe
  C:\Windows\System\NQkPudS.exe
  2⤵
  PID:5544
- C:\Windows\System\drgedHg.exe
  C:\Windows\System\drgedHg.exe
  2⤵
  PID:6104
- C:\Windows\System\DhsMWvX.exe
  C:\Windows\System\DhsMWvX.exe
  2⤵
  PID:5668
- C:\Windows\System\UNumOyD.exe
  C:\Windows\System\UNumOyD.exe
  2⤵
  PID:5768
- C:\Windows\System\BJdqdxb.exe
  C:\Windows\System\BJdqdxb.exe
  2⤵
  PID:4172
- C:\Windows\System\MVXhVmd.exe
  C:\Windows\System\MVXhVmd.exe
  2⤵
  PID:5648
- C:\Windows\System\AZOzhZI.exe
  C:\Windows\System\AZOzhZI.exe
  2⤵
  PID:5540
- C:\Windows\System\QxZJmAu.exe
  C:\Windows\System\QxZJmAu.exe
  2⤵
  PID:6160
- C:\Windows\System\HSblMiT.exe
  C:\Windows\System\HSblMiT.exe
  2⤵
  PID:6176
- C:\Windows\System\CpmaotY.exe
  C:\Windows\System\CpmaotY.exe
  2⤵
  PID:6192
- C:\Windows\System\feilrUR.exe
  C:\Windows\System\feilrUR.exe
  2⤵
  PID:6220
- C:\Windows\System\RzSZEbm.exe
  C:\Windows\System\RzSZEbm.exe
  2⤵
  PID:6236
- C:\Windows\System\rYLZVFQ.exe
  C:\Windows\System\rYLZVFQ.exe
  2⤵
  PID:6264
- C:\Windows\System\foJJtbu.exe
  C:\Windows\System\foJJtbu.exe
  2⤵
  PID:6284
- C:\Windows\System\dUgFWPS.exe
  C:\Windows\System\dUgFWPS.exe
  2⤵
  PID:6300
- C:\Windows\System\FwBWjio.exe
  C:\Windows\System\FwBWjio.exe
  2⤵
  PID:6320
- C:\Windows\System\CWPetnn.exe
  C:\Windows\System\CWPetnn.exe
  2⤵
  PID:6336
- C:\Windows\System\oGgbFBb.exe
  C:\Windows\System\oGgbFBb.exe
  2⤵
  PID:6356
- C:\Windows\System\agNinaO.exe
  C:\Windows\System\agNinaO.exe
  2⤵
  PID:6380
- C:\Windows\System\onlxCfd.exe
  C:\Windows\System\onlxCfd.exe
  2⤵
  PID:6404
- C:\Windows\System\kRwFbqi.exe
  C:\Windows\System\kRwFbqi.exe
  2⤵
  PID:6424
- C:\Windows\System\BocpCwa.exe
  C:\Windows\System\BocpCwa.exe
  2⤵
  PID:6444
- C:\Windows\System\klqqufD.exe
  C:\Windows\System\klqqufD.exe
  2⤵
  PID:6460
- C:\Windows\System\dGtSsiU.exe
  C:\Windows\System\dGtSsiU.exe
  2⤵
  PID:6484
- C:\Windows\System\LiYXIJL.exe
  C:\Windows\System\LiYXIJL.exe
  2⤵
  PID:6504
- C:\Windows\System\lBdjlHc.exe
  C:\Windows\System\lBdjlHc.exe
  2⤵
  PID:6520
- C:\Windows\System\btTFrNq.exe
  C:\Windows\System\btTFrNq.exe
  2⤵
  PID:6536
- C:\Windows\System\UqrdIbA.exe
  C:\Windows\System\UqrdIbA.exe
  2⤵
  PID:6552
- C:\Windows\System\ZcnMnBJ.exe
  C:\Windows\System\ZcnMnBJ.exe
  2⤵
  PID:6572
- C:\Windows\System\qugwtJy.exe
  C:\Windows\System\qugwtJy.exe
  2⤵
  PID:6592
- C:\Windows\System\QcykiAS.exe
  C:\Windows\System\QcykiAS.exe
  2⤵
  PID:6624
- C:\Windows\System\PwAaJth.exe
  C:\Windows\System\PwAaJth.exe
  2⤵
  PID:6648
- C:\Windows\System\vcRxpeE.exe
  C:\Windows\System\vcRxpeE.exe
  2⤵
  PID:6664
- C:\Windows\System\EBBCviW.exe
  C:\Windows\System\EBBCviW.exe
  2⤵
  PID:6684
- C:\Windows\System\lqkOKGp.exe
  C:\Windows\System\lqkOKGp.exe
  2⤵
  PID:6704
- C:\Windows\System\JgSwYfb.exe
  C:\Windows\System\JgSwYfb.exe
  2⤵
  PID:6724
- C:\Windows\System\iFujONN.exe
  C:\Windows\System\iFujONN.exe
  2⤵
  PID:6740
- C:\Windows\System\CBkLGJA.exe
  C:\Windows\System\CBkLGJA.exe
  2⤵
  PID:6760
- C:\Windows\System\jQARCId.exe
  C:\Windows\System\jQARCId.exe
  2⤵
  PID:6780
- C:\Windows\System\msccBPY.exe
  C:\Windows\System\msccBPY.exe
  2⤵
  PID:6812
- C:\Windows\System\MUvPwoT.exe
  C:\Windows\System\MUvPwoT.exe
  2⤵
  PID:6828
- C:\Windows\System\peZrvPc.exe
  C:\Windows\System\peZrvPc.exe
  2⤵
  PID:6848
- C:\Windows\System\wnxYeHb.exe
  C:\Windows\System\wnxYeHb.exe
  2⤵
  PID:6864
- C:\Windows\System\ftkDJGS.exe
  C:\Windows\System\ftkDJGS.exe
  2⤵
  PID:6880
- C:\Windows\System\EhTCfVl.exe
  C:\Windows\System\EhTCfVl.exe
  2⤵
  PID:6900
- C:\Windows\System\QQPswbP.exe
  C:\Windows\System\QQPswbP.exe
  2⤵
  PID:6920
- C:\Windows\System\fhvUVuH.exe
  C:\Windows\System\fhvUVuH.exe
  2⤵
  PID:6936
- C:\Windows\System\uCoRxYU.exe
  C:\Windows\System\uCoRxYU.exe
  2⤵
  PID:6952
- C:\Windows\System\sAyaJIx.exe
  C:\Windows\System\sAyaJIx.exe
  2⤵
  PID:6968
- C:\Windows\System\tIMAGES.exe
  C:\Windows\System\tIMAGES.exe
  2⤵
  PID:6984
- C:\Windows\System\FxClZpi.exe
  C:\Windows\System\FxClZpi.exe
  2⤵
  PID:7000
- C:\Windows\System\vuxhHgA.exe
  C:\Windows\System\vuxhHgA.exe
  2⤵
  PID:7020
- C:\Windows\System\JocaQrA.exe
  C:\Windows\System\JocaQrA.exe
  2⤵
  PID:7068
- C:\Windows\System\CyuNqhA.exe
  C:\Windows\System\CyuNqhA.exe
  2⤵
  PID:7088
- C:\Windows\System\OyBqDPb.exe
  C:\Windows\System\OyBqDPb.exe
  2⤵
  PID:7104
- C:\Windows\System\ZwihqIw.exe
  C:\Windows\System\ZwihqIw.exe
  2⤵
  PID:7128
- C:\Windows\System\CRgTfaa.exe
  C:\Windows\System\CRgTfaa.exe
  2⤵
  PID:7144
- C:\Windows\System\wngKBFj.exe
  C:\Windows\System\wngKBFj.exe
  2⤵
  PID:7164
- C:\Windows\System\iSwVUrt.exe
  C:\Windows\System\iSwVUrt.exe
  2⤵
  PID:6200
- C:\Windows\System\uIftWRI.exe
  C:\Windows\System\uIftWRI.exe
  2⤵
  PID:2136
- C:\Windows\System\VGugwxr.exe
  C:\Windows\System\VGugwxr.exe
  2⤵
  PID:6216
- C:\Windows\System\onHbhmz.exe
  C:\Windows\System\onHbhmz.exe
  2⤵
  PID:6148
- C:\Windows\System\dhFagyq.exe
  C:\Windows\System\dhFagyq.exe
  2⤵
  PID:6244
- C:\Windows\System\GvxmmKM.exe
  C:\Windows\System\GvxmmKM.exe
  2⤵
  PID:6292
- C:\Windows\System\mDjZCub.exe
  C:\Windows\System\mDjZCub.exe
  2⤵
  PID:6328
- C:\Windows\System\EhsGIOi.exe
  C:\Windows\System\EhsGIOi.exe
  2⤵
  PID:4920
- C:\Windows\System\HIfmDsP.exe
  C:\Windows\System\HIfmDsP.exe
  2⤵
  PID:6344
- C:\Windows\System\RWKmLeT.exe
  C:\Windows\System\RWKmLeT.exe
  2⤵
  PID:6376
- C:\Windows\System\mNmKQmI.exe
  C:\Windows\System\mNmKQmI.exe
  2⤵
  PID:6412
- C:\Windows\System\nLpCLAR.exe
  C:\Windows\System\nLpCLAR.exe
  2⤵
  PID:6496
- C:\Windows\System\vGLxBZD.exe
  C:\Windows\System\vGLxBZD.exe
  2⤵
  PID:6568
- C:\Windows\System\AVeiFuY.exe
  C:\Windows\System\AVeiFuY.exe
  2⤵
  PID:6516
- C:\Windows\System\nLVHUGt.exe
  C:\Windows\System\nLVHUGt.exe
  2⤵
  PID:6616
- C:\Windows\System\jvRptXf.exe
  C:\Windows\System\jvRptXf.exe
  2⤵
  PID:6656
- C:\Windows\System\EgcmFcZ.exe
  C:\Windows\System\EgcmFcZ.exe
  2⤵
  PID:6580
- C:\Windows\System\AxMMDBm.exe
  C:\Windows\System\AxMMDBm.exe
  2⤵
  PID:2252
- C:\Windows\System\pTSmhDC.exe
  C:\Windows\System\pTSmhDC.exe
  2⤵
  PID:6644
- C:\Windows\System\bHswwxV.exe
  C:\Windows\System\bHswwxV.exe
  2⤵
  PID:2968
- C:\Windows\System\psecMaw.exe
  C:\Windows\System\psecMaw.exe
  2⤵
  PID:6712
- C:\Windows\System\uZpSEkL.exe
  C:\Windows\System\uZpSEkL.exe
  2⤵
  PID:348
- C:\Windows\System\hhUTtti.exe
  C:\Windows\System\hhUTtti.exe
  2⤵
  PID:6792
- C:\Windows\System\WniUXNM.exe
  C:\Windows\System\WniUXNM.exe
  2⤵
  PID:6804
- C:\Windows\System\PiMqpNO.exe
  C:\Windows\System\PiMqpNO.exe
  2⤵
  PID:1148
- C:\Windows\System\QBjNbbd.exe
  C:\Windows\System\QBjNbbd.exe
  2⤵
  PID:6888
- C:\Windows\System\KZkDHFj.exe
  C:\Windows\System\KZkDHFj.exe
  2⤵
  PID:6876
- C:\Windows\System\FtavsXz.exe
  C:\Windows\System\FtavsXz.exe
  2⤵
  PID:6964
- C:\Windows\System\XUzZvkn.exe
  C:\Windows\System\XUzZvkn.exe
  2⤵
  PID:7036
- C:\Windows\System\MuRRQfe.exe
  C:\Windows\System\MuRRQfe.exe
  2⤵
  PID:6840
- C:\Windows\System\mmdFARI.exe
  C:\Windows\System\mmdFARI.exe
  2⤵
  PID:6944
- C:\Windows\System\FXzgOoP.exe
  C:\Windows\System\FXzgOoP.exe
  2⤵
  PID:7012
- C:\Windows\System\TujDUKx.exe
  C:\Windows\System\TujDUKx.exe
  2⤵
  PID:7080
- C:\Windows\System\xyOzaIa.exe
  C:\Windows\System\xyOzaIa.exe
  2⤵
  PID:7120
- C:\Windows\System\YDPtMqX.exe
  C:\Windows\System\YDPtMqX.exe
  2⤵
  PID:6172
- C:\Windows\System\EhgtKGa.exe
  C:\Windows\System\EhgtKGa.exe
  2⤵
  PID:6232
- C:\Windows\System\YCHjQLI.exe
  C:\Windows\System\YCHjQLI.exe
  2⤵
  PID:6312
- C:\Windows\System\rAKIdFS.exe
  C:\Windows\System\rAKIdFS.exe
  2⤵
  PID:6392
- C:\Windows\System\GhWXuVD.exe
  C:\Windows\System\GhWXuVD.exe
  2⤵
  PID:7156
- C:\Windows\System\DMsyLyY.exe
  C:\Windows\System\DMsyLyY.exe
  2⤵
  PID:6188
- C:\Windows\System\zzDeuiy.exe
  C:\Windows\System\zzDeuiy.exe
  2⤵
  PID:6480
- C:\Windows\System\GqxSnmM.exe
  C:\Windows\System\GqxSnmM.exe
  2⤵
  PID:6476
- C:\Windows\System\hocGExv.exe
  C:\Windows\System\hocGExv.exe
  2⤵
  PID:6560
- C:\Windows\System\MDQMQrS.exe
  C:\Windows\System\MDQMQrS.exe
  2⤵
  PID:6692
- C:\Windows\System\MgqzOEH.exe
  C:\Windows\System\MgqzOEH.exe
  2⤵
  PID:6748
- C:\Windows\System\nntULdM.exe
  C:\Windows\System\nntULdM.exe
  2⤵
  PID:6776
- C:\Windows\System\snoLeHB.exe
  C:\Windows\System\snoLeHB.exe
  2⤵
  PID:6672
- C:\Windows\System\rrsVudc.exe
  C:\Windows\System\rrsVudc.exe
  2⤵
  PID:2128
- C:\Windows\System\ttpmgwv.exe
  C:\Windows\System\ttpmgwv.exe
  2⤵
  PID:6836
- C:\Windows\System\pvSWQwV.exe
  C:\Windows\System\pvSWQwV.exe
  2⤵
  PID:7032
- C:\Windows\System\GQFcHEy.exe
  C:\Windows\System\GQFcHEy.exe
  2⤵
  PID:7040
- C:\Windows\System\JxtGlEG.exe
  C:\Windows\System\JxtGlEG.exe
  2⤵
  PID:6844
- C:\Windows\System\vzkJAvC.exe
  C:\Windows\System\vzkJAvC.exe
  2⤵
  PID:6296
- C:\Windows\System\CnuynYm.exe
  C:\Windows\System\CnuynYm.exe
  2⤵
  PID:6440
- C:\Windows\System\ujhXNVr.exe
  C:\Windows\System\ujhXNVr.exe
  2⤵
  PID:6212
- C:\Windows\System\vOIepOG.exe
  C:\Windows\System\vOIepOG.exe
  2⤵
  PID:6860
- C:\Windows\System\ESBdpsP.exe
  C:\Windows\System\ESBdpsP.exe
  2⤵
  PID:7008
- C:\Windows\System\IKTrmzk.exe
  C:\Windows\System\IKTrmzk.exe
  2⤵
  PID:6468
- C:\Windows\System\gzhcWSP.exe
  C:\Windows\System\gzhcWSP.exe
  2⤵
  PID:6432
- C:\Windows\System\sDdvZIG.exe
  C:\Windows\System\sDdvZIG.exe
  2⤵
  PID:2044
- C:\Windows\System\MlrtUVJ.exe
  C:\Windows\System\MlrtUVJ.exe
  2⤵
  PID:6352
- C:\Windows\System\mveXpNa.exe
  C:\Windows\System\mveXpNa.exe
  2⤵
  PID:6772
- C:\Windows\System\OpJoFRH.exe
  C:\Windows\System\OpJoFRH.exe
  2⤵
  PID:6788
- C:\Windows\System\qlLCZmD.exe
  C:\Windows\System\qlLCZmD.exe
  2⤵
  PID:6916
- C:\Windows\System\ugCoeGO.exe
  C:\Windows\System\ugCoeGO.exe
  2⤵
  PID:6696
- C:\Windows\System\WvLnQSR.exe
  C:\Windows\System\WvLnQSR.exe
  2⤵
  PID:7048
- C:\Windows\System\MGkyWEB.exe
  C:\Windows\System\MGkyWEB.exe
  2⤵
  PID:7152
- C:\Windows\System\OIyuzNU.exe
  C:\Windows\System\OIyuzNU.exe
  2⤵
  PID:7056
- C:\Windows\System\lJZXDYg.exe
  C:\Windows\System\lJZXDYg.exe
  2⤵
  PID:6456
- C:\Windows\System\aTJRikJ.exe
  C:\Windows\System\aTJRikJ.exe
  2⤵
  PID:6388
- C:\Windows\System\QodnjtR.exe
  C:\Windows\System\QodnjtR.exe
  2⤵
  PID:6548
- C:\Windows\System\bgQLhfb.exe
  C:\Windows\System\bgQLhfb.exe
  2⤵
  PID:2076
- C:\Windows\System\snMOGEN.exe
  C:\Windows\System\snMOGEN.exe
  2⤵
  PID:6280
- C:\Windows\System\UlsLDHh.exe
  C:\Windows\System\UlsLDHh.exe
  2⤵
  PID:6932
- C:\Windows\System\nfoggJc.exe
  C:\Windows\System\nfoggJc.exe
  2⤵
  PID:6808
- C:\Windows\System\MJFjZjG.exe
  C:\Windows\System\MJFjZjG.exe
  2⤵
  PID:7112
- C:\Windows\System\buCvRmv.exe
  C:\Windows\System\buCvRmv.exe
  2⤵
  PID:6248
- C:\Windows\System\XiQlCMM.exe
  C:\Windows\System\XiQlCMM.exe
  2⤵
  PID:6640
- C:\Windows\System\EMuekLH.exe
  C:\Windows\System\EMuekLH.exe
  2⤵
  PID:7096
- C:\Windows\System\XepzjNs.exe
  C:\Windows\System\XepzjNs.exe
  2⤵
  PID:7060
- C:\Windows\System\dLqgMTE.exe
  C:\Windows\System\dLqgMTE.exe
  2⤵
  PID:6512
- C:\Windows\System\NPAcisD.exe
  C:\Windows\System\NPAcisD.exe
  2⤵
  PID:7184
- C:\Windows\System\SirVaUG.exe
  C:\Windows\System\SirVaUG.exe
  2⤵
  PID:7200
- C:\Windows\System\wCJcfUo.exe
  C:\Windows\System\wCJcfUo.exe
  2⤵
  PID:7220
- C:\Windows\System\TsrHKJX.exe
  C:\Windows\System\TsrHKJX.exe
  2⤵
  PID:7236
- C:\Windows\System\PuxNmSB.exe
  C:\Windows\System\PuxNmSB.exe
  2⤵
  PID:7292
- C:\Windows\System\mXMcZni.exe
  C:\Windows\System\mXMcZni.exe
  2⤵
  PID:7312
- C:\Windows\System\YpZnnRX.exe
  C:\Windows\System\YpZnnRX.exe
  2⤵
  PID:7328
- C:\Windows\System\bCctMAI.exe
  C:\Windows\System\bCctMAI.exe
  2⤵
  PID:7344
- C:\Windows\System\ensZjdF.exe
  C:\Windows\System\ensZjdF.exe
  2⤵
  PID:7360
- C:\Windows\System\rnGIXPz.exe
  C:\Windows\System\rnGIXPz.exe
  2⤵
  PID:7380
- C:\Windows\System\eVCVrIk.exe
  C:\Windows\System\eVCVrIk.exe
  2⤵
  PID:7396
- C:\Windows\System\wLuRkuj.exe
  C:\Windows\System\wLuRkuj.exe
  2⤵
  PID:7416
- C:\Windows\System\zQaPhUm.exe
  C:\Windows\System\zQaPhUm.exe
  2⤵
  PID:7436
- C:\Windows\System\TsILbnS.exe
  C:\Windows\System\TsILbnS.exe
  2⤵
  PID:7452
- C:\Windows\System\ZfeMgoU.exe
  C:\Windows\System\ZfeMgoU.exe
  2⤵
  PID:7468
- C:\Windows\System\yQfjqXy.exe
  C:\Windows\System\yQfjqXy.exe
  2⤵
  PID:7484
- C:\Windows\System\UdciQnx.exe
  C:\Windows\System\UdciQnx.exe
  2⤵
  PID:7500
- C:\Windows\System\mgbHyrs.exe
  C:\Windows\System\mgbHyrs.exe
  2⤵
  PID:7516
- C:\Windows\System\rwGTvHL.exe
  C:\Windows\System\rwGTvHL.exe
  2⤵
  PID:7540
- C:\Windows\System\RjaOFbO.exe
  C:\Windows\System\RjaOFbO.exe
  2⤵
  PID:7560
- C:\Windows\System\udlIGwe.exe
  C:\Windows\System\udlIGwe.exe
  2⤵
  PID:7584
- C:\Windows\System\TWxpmcT.exe
  C:\Windows\System\TWxpmcT.exe
  2⤵
  PID:7600
- C:\Windows\System\ufalIFc.exe
  C:\Windows\System\ufalIFc.exe
  2⤵
  PID:7620
- C:\Windows\System\JNoxUWi.exe
  C:\Windows\System\JNoxUWi.exe
  2⤵
  PID:7636
- C:\Windows\System\yHTgtyi.exe
  C:\Windows\System\yHTgtyi.exe
  2⤵
  PID:7656
- C:\Windows\System\wgXLjsM.exe
  C:\Windows\System\wgXLjsM.exe
  2⤵
  PID:7688
- C:\Windows\System\jEyaJfl.exe
  C:\Windows\System\jEyaJfl.exe
  2⤵
  PID:7712
- C:\Windows\System\jjzJuqF.exe
  C:\Windows\System\jjzJuqF.exe
  2⤵
  PID:7728
- C:\Windows\System\sHjaaXp.exe
  C:\Windows\System\sHjaaXp.exe
  2⤵
  PID:7748
- C:\Windows\System\qBInYfE.exe
  C:\Windows\System\qBInYfE.exe
  2⤵
  PID:7764
- C:\Windows\System\BdwxvSz.exe
  C:\Windows\System\BdwxvSz.exe
  2⤵
  PID:7780
- C:\Windows\System\JtJZgkR.exe
  C:\Windows\System\JtJZgkR.exe
  2⤵
  PID:7808
- C:\Windows\System\kBoaXAY.exe
  C:\Windows\System\kBoaXAY.exe
  2⤵
  PID:7828
- C:\Windows\System\zYkBZee.exe
  C:\Windows\System\zYkBZee.exe
  2⤵
  PID:7844
- C:\Windows\System\IqxHmma.exe
  C:\Windows\System\IqxHmma.exe
  2⤵
  PID:7860
- C:\Windows\System\qDYOsFt.exe
  C:\Windows\System\qDYOsFt.exe
  2⤵
  PID:7884
- C:\Windows\System\TyQuWeD.exe
  C:\Windows\System\TyQuWeD.exe
  2⤵
  PID:7904
- C:\Windows\System\txyYgUt.exe
  C:\Windows\System\txyYgUt.exe
  2⤵
  PID:7928
- C:\Windows\System\pNVjKDI.exe
  C:\Windows\System\pNVjKDI.exe
  2⤵
  PID:7952
- C:\Windows\System\CpsyniL.exe
  C:\Windows\System\CpsyniL.exe
  2⤵
  PID:7972
- C:\Windows\System\HlHKArp.exe
  C:\Windows\System\HlHKArp.exe
  2⤵
  PID:7988
- C:\Windows\System\bYOjKgH.exe
  C:\Windows\System\bYOjKgH.exe
  2⤵
  PID:8016
- C:\Windows\System\gfvBTFm.exe
  C:\Windows\System\gfvBTFm.exe
  2⤵
  PID:8032
- C:\Windows\System\XLPsEsf.exe
  C:\Windows\System\XLPsEsf.exe
  2⤵
  PID:8052
- C:\Windows\System\TffIQZw.exe
  C:\Windows\System\TffIQZw.exe
  2⤵
  PID:8076
- C:\Windows\System\YJjwGGR.exe
  C:\Windows\System\YJjwGGR.exe
  2⤵
  PID:8100
- C:\Windows\System\MzKZSVG.exe
  C:\Windows\System\MzKZSVG.exe
  2⤵
  PID:8116
- C:\Windows\System\hutBdAv.exe
  C:\Windows\System\hutBdAv.exe
  2⤵
  PID:8136
- C:\Windows\System\UGCiyRT.exe
  C:\Windows\System\UGCiyRT.exe
  2⤵
  PID:8164
- C:\Windows\System\PTPRJad.exe
  C:\Windows\System\PTPRJad.exe
  2⤵
  PID:8180
- C:\Windows\System\OknCqBd.exe
  C:\Windows\System\OknCqBd.exe
  2⤵
  PID:5296
- C:\Windows\System\vjYsXCi.exe
  C:\Windows\System\vjYsXCi.exe
  2⤵
  PID:6632
- C:\Windows\System\NdaCNlp.exe
  C:\Windows\System\NdaCNlp.exe
  2⤵
  PID:7176
- C:\Windows\System\IlKtnVP.exe
  C:\Windows\System\IlKtnVP.exe
  2⤵
  PID:7244
- C:\Windows\System\iAmjHAq.exe
  C:\Windows\System\iAmjHAq.exe
  2⤵
  PID:7276
- C:\Windows\System\EMgEavz.exe
  C:\Windows\System\EMgEavz.exe
  2⤵
  PID:7284
- C:\Windows\System\AoJfsay.exe
  C:\Windows\System\AoJfsay.exe
  2⤵
  PID:7336
- C:\Windows\System\MJvYSMj.exe
  C:\Windows\System\MJvYSMj.exe
  2⤵
  PID:7408
- C:\Windows\System\SWhZGrU.exe
  C:\Windows\System\SWhZGrU.exe
  2⤵
  PID:7448
- C:\Windows\System\BcUxBEI.exe
  C:\Windows\System\BcUxBEI.exe
  2⤵
  PID:7548
- C:\Windows\System\SZCyENj.exe
  C:\Windows\System\SZCyENj.exe
  2⤵
  PID:7596
- C:\Windows\System\DPFADKe.exe
  C:\Windows\System\DPFADKe.exe
  2⤵
  PID:7672
- C:\Windows\System\CTJKmFR.exe
  C:\Windows\System\CTJKmFR.exe
  2⤵
  PID:7724
- C:\Windows\System\pzYVhst.exe
  C:\Windows\System\pzYVhst.exe
  2⤵
  PID:7796
- C:\Windows\System\fYCsEIZ.exe
  C:\Windows\System\fYCsEIZ.exe
  2⤵
  PID:7388
- C:\Windows\System\USAeVTN.exe
  C:\Windows\System\USAeVTN.exe
  2⤵
  PID:7876
- C:\Windows\System\fYdMRRZ.exe
  C:\Windows\System\fYdMRRZ.exe
  2⤵
  PID:7924
- C:\Windows\System\WWOejKP.exe
  C:\Windows\System\WWOejKP.exe
  2⤵
  PID:7528
- C:\Windows\System\fdSFauF.exe
  C:\Windows\System\fdSFauF.exe
  2⤵
  PID:7324
- C:\Windows\System\YQqxUWz.exe
  C:\Windows\System\YQqxUWz.exe
  2⤵
  PID:7612
- C:\Windows\System\RQIcxzV.exe
  C:\Windows\System\RQIcxzV.exe
  2⤵
  PID:7816
- C:\Windows\System\rzXhhuo.exe
  C:\Windows\System\rzXhhuo.exe
  2⤵
  PID:8048
- C:\Windows\System\OzctQcu.exe
  C:\Windows\System\OzctQcu.exe
  2⤵
  PID:7464
- C:\Windows\System\PicWytF.exe
  C:\Windows\System\PicWytF.exe
  2⤵
  PID:7616
- C:\Windows\System\sZpgxVZ.exe
  C:\Windows\System\sZpgxVZ.exe
  2⤵
  PID:7892
- C:\Windows\System\OsHwchb.exe
  C:\Windows\System\OsHwchb.exe
  2⤵
  PID:7652
- C:\Windows\System\mGfbXXd.exe
  C:\Windows\System\mGfbXXd.exe
  2⤵
  PID:7708
- C:\Windows\System\NVOWmKk.exe
  C:\Windows\System\NVOWmKk.exe
  2⤵
  PID:7736
- C:\Windows\System\EYFetjA.exe
  C:\Windows\System\EYFetjA.exe
  2⤵
  PID:7944
- C:\Windows\System\pHUdPKy.exe
  C:\Windows\System\pHUdPKy.exe
  2⤵
  PID:7852
- C:\Windows\System\NOggCKp.exe
  C:\Windows\System\NOggCKp.exe
  2⤵
  PID:8156
- C:\Windows\System\xlcwjyQ.exe
  C:\Windows\System\xlcwjyQ.exe
  2⤵
  PID:8112
- C:\Windows\System\zpaZHqh.exe
  C:\Windows\System\zpaZHqh.exe
  2⤵
  PID:6584
- C:\Windows\System\QsopDJV.exe
  C:\Windows\System\QsopDJV.exe
  2⤵
  PID:6372
- C:\Windows\System\SHQipqN.exe
  C:\Windows\System\SHQipqN.exe
  2⤵
  PID:7196
- C:\Windows\System\GzIzmdA.exe
  C:\Windows\System\GzIzmdA.exe
  2⤵
  PID:7264
- C:\Windows\System\IsOussm.exe
  C:\Windows\System\IsOussm.exe
  2⤵
  PID:7368
- C:\Windows\System\HEBKPII.exe
  C:\Windows\System\HEBKPII.exe
  2⤵
  PID:7248
- C:\Windows\System\jArLHbg.exe
  C:\Windows\System\jArLHbg.exe
  2⤵
  PID:7792
- C:\Windows\System\jqKacWU.exe
  C:\Windows\System\jqKacWU.exe
  2⤵
  PID:7872
- C:\Windows\System\dJmLCDp.exe
  C:\Windows\System\dJmLCDp.exe
  2⤵
  PID:7508
- C:\Windows\System\YKGItkA.exe
  C:\Windows\System\YKGItkA.exe
  2⤵
  PID:7424
- C:\Windows\System\VsNOMHq.exe
  C:\Windows\System\VsNOMHq.exe
  2⤵
  PID:7720
- C:\Windows\System\OObwhID.exe
  C:\Windows\System\OObwhID.exe
  2⤵
  PID:7532
- C:\Windows\System\zcUEJaJ.exe
  C:\Windows\System\zcUEJaJ.exe
  2⤵
  PID:8040
- C:\Windows\System\xZafeTt.exe
  C:\Windows\System\xZafeTt.exe
  2⤵
  PID:8008
- C:\Windows\System\ZBsKmME.exe
  C:\Windows\System\ZBsKmME.exe
  2⤵
  PID:8088
- C:\Windows\System\QxPDdsg.exe
  C:\Windows\System\QxPDdsg.exe
  2⤵
  PID:7644
- C:\Windows\System\MVJFmlf.exe
  C:\Windows\System\MVJFmlf.exe
  2⤵
  PID:7936
- C:\Windows\System\GbvXnpB.exe
  C:\Windows\System\GbvXnpB.exe
  2⤵
  PID:8060
- C:\Windows\System\nJEPaoa.exe
  C:\Windows\System\nJEPaoa.exe
  2⤵
  PID:952
- C:\Windows\System\Hiypfww.exe
  C:\Windows\System\Hiypfww.exe
  2⤵
  PID:7772
- C:\Windows\System\iRnBIPp.exe
  C:\Windows\System\iRnBIPp.exe
  2⤵
  PID:7280
- C:\Windows\System\rkhebEx.exe
  C:\Windows\System\rkhebEx.exe
  2⤵
  PID:7840
- C:\Windows\System\nXCYWAa.exe
  C:\Windows\System\nXCYWAa.exe
  2⤵
  PID:7232
- C:\Windows\System\NJVRHpP.exe
  C:\Windows\System\NJVRHpP.exe
  2⤵
  PID:7268
- C:\Windows\System\KGjcRbO.exe
  C:\Windows\System\KGjcRbO.exe
  2⤵
  PID:7524
- C:\Windows\System\UEeksXW.exe
  C:\Windows\System\UEeksXW.exe
  2⤵
  PID:7412
- C:\Windows\System\QBBzaYA.exe
  C:\Windows\System\QBBzaYA.exe
  2⤵
  PID:7916
- C:\Windows\System\zsRojHM.exe
  C:\Windows\System\zsRojHM.exe
  2⤵
  PID:8132
- C:\Windows\System\SixKVcL.exe
  C:\Windows\System\SixKVcL.exe
  2⤵
  PID:8108
- C:\Windows\System\UaIgWpW.exe
  C:\Windows\System\UaIgWpW.exe
  2⤵
  PID:7432
- C:\Windows\System\njXlDhp.exe
  C:\Windows\System\njXlDhp.exe
  2⤵
  PID:7700
- C:\Windows\System\VWDXOTQ.exe
  C:\Windows\System\VWDXOTQ.exe
  2⤵
  PID:7940
- C:\Windows\System\LfzWcuL.exe
  C:\Windows\System\LfzWcuL.exe
  2⤵
  PID:7308
- C:\Windows\System\vxxdZma.exe
  C:\Windows\System\vxxdZma.exe
  2⤵
  PID:7320
- C:\Windows\System\APjWdgD.exe
  C:\Windows\System\APjWdgD.exe
  2⤵
  PID:7820
- C:\Windows\System\uYaLbDS.exe
  C:\Windows\System\uYaLbDS.exe
  2⤵
  PID:7800
- C:\Windows\System\EpARbYE.exe
  C:\Windows\System\EpARbYE.exe
  2⤵
  PID:7760
- C:\Windows\System\vFaoVFO.exe
  C:\Windows\System\vFaoVFO.exe
  2⤵
  PID:8128
- C:\Windows\System\yyJkAmF.exe
  C:\Windows\System\yyJkAmF.exe
  2⤵
  PID:1560
- C:\Windows\System\cxXuVSc.exe
  C:\Windows\System\cxXuVSc.exe
  2⤵
  PID:8068
- C:\Windows\System\ChHGPou.exe
  C:\Windows\System\ChHGPou.exe
  2⤵
  PID:7608
- C:\Windows\System\weJgoXN.exe
  C:\Windows\System\weJgoXN.exe
  2⤵
  PID:8204
- C:\Windows\System\hotNIBF.exe
  C:\Windows\System\hotNIBF.exe
  2⤵
  PID:8220
- C:\Windows\System\EqzmKNW.exe
  C:\Windows\System\EqzmKNW.exe
  2⤵
  PID:8240
- C:\Windows\System\mEpHYBs.exe
  C:\Windows\System\mEpHYBs.exe
  2⤵
  PID:8264
- C:\Windows\System\BIInbJx.exe
  C:\Windows\System\BIInbJx.exe
  2⤵
  PID:8284
- C:\Windows\System\jMAznZP.exe
  C:\Windows\System\jMAznZP.exe
  2⤵
  PID:8300
- C:\Windows\System\VYCyqun.exe
  C:\Windows\System\VYCyqun.exe
  2⤵
  PID:8316
- C:\Windows\System\ExUUbmS.exe
  C:\Windows\System\ExUUbmS.exe
  2⤵
  PID:8336
- C:\Windows\System\LEbtsQL.exe
  C:\Windows\System\LEbtsQL.exe
  2⤵
  PID:8352
- C:\Windows\System\TlgAnas.exe
  C:\Windows\System\TlgAnas.exe
  2⤵
  PID:8380
- C:\Windows\System\spcuGvc.exe
  C:\Windows\System\spcuGvc.exe
  2⤵
  PID:8400
- C:\Windows\System\SdcEwhe.exe
  C:\Windows\System\SdcEwhe.exe
  2⤵
  PID:8472
- C:\Windows\System\XtsUITw.exe
  C:\Windows\System\XtsUITw.exe
  2⤵
  PID:8488
- C:\Windows\System\TvWKPcc.exe
  C:\Windows\System\TvWKPcc.exe
  2⤵
  PID:8508
- C:\Windows\System\LOOvqpt.exe
  C:\Windows\System\LOOvqpt.exe
  2⤵
  PID:8524
- C:\Windows\System\Vjnmfrv.exe
  C:\Windows\System\Vjnmfrv.exe
  2⤵
  PID:8548
- C:\Windows\System\WlwbwSk.exe
  C:\Windows\System\WlwbwSk.exe
  2⤵
  PID:8564
- C:\Windows\System\pORcQmK.exe
  C:\Windows\System\pORcQmK.exe
  2⤵
  PID:8580
- C:\Windows\System\turYZpj.exe
  C:\Windows\System\turYZpj.exe
  2⤵
  PID:8604
- C:\Windows\System\YCVGmlL.exe
  C:\Windows\System\YCVGmlL.exe
  2⤵
  PID:8620
- C:\Windows\System\QYtVNlE.exe
  C:\Windows\System\QYtVNlE.exe
  2⤵
  PID:8640
- C:\Windows\System\TXzzHqK.exe
  C:\Windows\System\TXzzHqK.exe
  2⤵
  PID:8656
- C:\Windows\System\ToSPNRm.exe
  C:\Windows\System\ToSPNRm.exe
  2⤵
  PID:8676
- C:\Windows\System\FSiuzmH.exe
  C:\Windows\System\FSiuzmH.exe
  2⤵
  PID:8692
- C:\Windows\System\kPYYTDw.exe
  C:\Windows\System\kPYYTDw.exe
  2⤵
  PID:8712
- C:\Windows\System\cmomaom.exe
  C:\Windows\System\cmomaom.exe
  2⤵
  PID:8732
- C:\Windows\System\HqoBCPp.exe
  C:\Windows\System\HqoBCPp.exe
  2⤵
  PID:8748
- C:\Windows\System\qqGJItD.exe
  C:\Windows\System\qqGJItD.exe
  2⤵
  PID:8764
- C:\Windows\System\coHWEqd.exe
  C:\Windows\System\coHWEqd.exe
  2⤵
  PID:8780
- C:\Windows\System\FnqdJta.exe
  C:\Windows\System\FnqdJta.exe
  2⤵
  PID:8804
- C:\Windows\System\pwCESYa.exe
  C:\Windows\System\pwCESYa.exe
  2⤵
  PID:8820
- C:\Windows\System\LgOxXNN.exe
  C:\Windows\System\LgOxXNN.exe
  2⤵
  PID:8836
- C:\Windows\System\eTAeQcL.exe
  C:\Windows\System\eTAeQcL.exe
  2⤵
  PID:8852
- C:\Windows\System\KmEUCft.exe
  C:\Windows\System\KmEUCft.exe
  2⤵
  PID:8868
- C:\Windows\System\HrAAquX.exe
  C:\Windows\System\HrAAquX.exe
  2⤵
  PID:8884
- C:\Windows\System\ssBMFZZ.exe
  C:\Windows\System\ssBMFZZ.exe
  2⤵
  PID:8900
- C:\Windows\System\FHwOxSU.exe
  C:\Windows\System\FHwOxSU.exe
  2⤵
  PID:8916
- C:\Windows\System\oVudDSB.exe
  C:\Windows\System\oVudDSB.exe
  2⤵
  PID:8932
- C:\Windows\System\NnnnyoR.exe
  C:\Windows\System\NnnnyoR.exe
  2⤵
  PID:8948
- C:\Windows\System\RQznmpU.exe
  C:\Windows\System\RQznmpU.exe
  2⤵
  PID:8964
- C:\Windows\System\QbshahW.exe
  C:\Windows\System\QbshahW.exe
  2⤵
  PID:8980
- C:\Windows\System\aKwjwec.exe
  C:\Windows\System\aKwjwec.exe
  2⤵
  PID:8996
- C:\Windows\System\ZuMDdxj.exe
  C:\Windows\System\ZuMDdxj.exe
  2⤵
  PID:9012
- C:\Windows\System\bCNZcWh.exe
  C:\Windows\System\bCNZcWh.exe
  2⤵
  PID:9028
- C:\Windows\System\ZlSjYAq.exe
  C:\Windows\System\ZlSjYAq.exe
  2⤵
  PID:9044
- C:\Windows\System\Nkcncjg.exe
  C:\Windows\System\Nkcncjg.exe
  2⤵
  PID:9060
- C:\Windows\System\XowFuld.exe
  C:\Windows\System\XowFuld.exe
  2⤵
  PID:9076
- C:\Windows\System\pIuTyui.exe
  C:\Windows\System\pIuTyui.exe
  2⤵
  PID:9092
- C:\Windows\System\XYAXkYG.exe
  C:\Windows\System\XYAXkYG.exe
  2⤵
  PID:9108
- C:\Windows\System\djXXpqC.exe
  C:\Windows\System\djXXpqC.exe
  2⤵
  PID:9124
- C:\Windows\System\TvFZwhP.exe
  C:\Windows\System\TvFZwhP.exe
  2⤵
  PID:9140
- C:\Windows\System\fqpNNyH.exe
  C:\Windows\System\fqpNNyH.exe
  2⤵
  PID:8324
- C:\Windows\System\eLQydqY.exe
  C:\Windows\System\eLQydqY.exe
  2⤵
  PID:8196
- C:\Windows\System\UPUEQuM.exe
  C:\Windows\System\UPUEQuM.exe
  2⤵
  PID:8236
- C:\Windows\System\ShznhUm.exe
  C:\Windows\System\ShznhUm.exe
  2⤵
  PID:8312
- C:\Windows\System\CKOimdl.exe
  C:\Windows\System\CKOimdl.exe
  2⤵
  PID:8364
- C:\Windows\System\smlmoDh.exe
  C:\Windows\System\smlmoDh.exe
  2⤵
  PID:8420
- C:\Windows\System\nHxvubo.exe
  C:\Windows\System\nHxvubo.exe
  2⤵
  PID:8444
- C:\Windows\System\NzolmVx.exe
  C:\Windows\System\NzolmVx.exe
  2⤵
  PID:8468
- C:\Windows\System\esadgXw.exe
  C:\Windows\System\esadgXw.exe
  2⤵
  PID:8504
- C:\Windows\System\rEwLMvh.exe
  C:\Windows\System\rEwLMvh.exe
  2⤵
  PID:8612
- C:\Windows\System\hXvoPCE.exe
  C:\Windows\System\hXvoPCE.exe
  2⤵
  PID:8684
- C:\Windows\System\wWLHnzv.exe
  C:\Windows\System\wWLHnzv.exe
  2⤵
  PID:8720
- C:\Windows\System\AELIfaU.exe
  C:\Windows\System\AELIfaU.exe
  2⤵
  PID:8664
- C:\Windows\System\yjQeKnq.exe
  C:\Windows\System\yjQeKnq.exe
  2⤵
  PID:8632
- C:\Windows\System\nRoCmgt.exe
  C:\Windows\System\nRoCmgt.exe
  2⤵
  PID:8672
- C:\Windows\System\GMQxpSq.exe
  C:\Windows\System\GMQxpSq.exe
  2⤵
  PID:8596
- C:\Windows\System\lLffnPJ.exe
  C:\Windows\System\lLffnPJ.exe
  2⤵
  PID:8740
- C:\Windows\System\AyjoIFn.exe
  C:\Windows\System\AyjoIFn.exe
  2⤵
  PID:8812
- C:\Windows\System\EvjHorm.exe
  C:\Windows\System\EvjHorm.exe
  2⤵
  PID:8896
- C:\Windows\System\tjcPspD.exe
  C:\Windows\System\tjcPspD.exe
  2⤵
  PID:8928
- C:\Windows\System\jdRARBT.exe
  C:\Windows\System\jdRARBT.exe
  2⤵
  PID:8992
- C:\Windows\System\BYMJMsh.exe
  C:\Windows\System\BYMJMsh.exe
  2⤵
  PID:8944
- C:\Windows\System\iOCZGQp.exe
  C:\Windows\System\iOCZGQp.exe
  2⤵
  PID:8972
- C:\Windows\System\SgrMJcR.exe
  C:\Windows\System\SgrMJcR.exe
  2⤵
  PID:9072
- C:\Windows\System\bTdJZiJ.exe
  C:\Windows\System\bTdJZiJ.exe
  2⤵
  PID:9104
- C:\Windows\System\ictJYLW.exe
  C:\Windows\System\ictJYLW.exe
  2⤵
  PID:9152
- C:\Windows\System\KenbDdi.exe
  C:\Windows\System\KenbDdi.exe
  2⤵
  PID:9168
- C:\Windows\System\LHRaDxZ.exe
  C:\Windows\System\LHRaDxZ.exe
  2⤵
  PID:9184
- C:\Windows\System\mtbBgna.exe
  C:\Windows\System\mtbBgna.exe
  2⤵
  PID:9136
- C:\Windows\System\DVTLsfe.exe
  C:\Windows\System\DVTLsfe.exe
  2⤵
  PID:7824
- C:\Windows\System\rTMcekO.exe
  C:\Windows\System\rTMcekO.exe
  2⤵
  PID:8260
- C:\Windows\System\WKOzMKr.exe
  C:\Windows\System\WKOzMKr.exe
  2⤵
  PID:8232
- C:\Windows\System\qhWcmTs.exe
  C:\Windows\System\qhWcmTs.exe
  2⤵
  PID:8012
- C:\Windows\System\ytznkrF.exe
  C:\Windows\System\ytznkrF.exe
  2⤵
  PID:8280
- C:\Windows\System\vzVyrMb.exe
  C:\Windows\System\vzVyrMb.exe
  2⤵
  PID:8392
- C:\Windows\System\cIpEITH.exe
  C:\Windows\System\cIpEITH.exe
  2⤵
  PID:8484
- C:\Windows\System\FuXgXLV.exe
  C:\Windows\System\FuXgXLV.exe
  2⤵
  PID:8544
- C:\Windows\System\CKPbESl.exe
  C:\Windows\System\CKPbESl.exe
  2⤵
  PID:8652
- C:\Windows\System\ffYcFEm.exe
  C:\Windows\System\ffYcFEm.exe
  2⤵
  PID:8728
- C:\Windows\System\hssoxqj.exe
  C:\Windows\System\hssoxqj.exe
  2⤵
  PID:8828
- C:\Windows\System\HwHaneX.exe
  C:\Windows\System\HwHaneX.exe
  2⤵
  PID:8556
- C:\Windows\System\VVRTmnl.exe
  C:\Windows\System\VVRTmnl.exe
  2⤵
  PID:8988
- C:\Windows\System\eaIAmxq.exe
  C:\Windows\System\eaIAmxq.exe
  2⤵
  PID:9024
- C:\Windows\System\uraPiEj.exe
  C:\Windows\System\uraPiEj.exe
  2⤵
  PID:9004
- C:\Windows\System\kPYbLAi.exe
  C:\Windows\System\kPYbLAi.exe
  2⤵
  PID:8908
- C:\Windows\System\SkdhLpH.exe
  C:\Windows\System\SkdhLpH.exe
  2⤵
  PID:9116
- C:\Windows\System\SZUMCtK.exe
  C:\Windows\System\SZUMCtK.exe
  2⤵
  PID:9180
- C:\Windows\System\CWkBGpc.exe
  C:\Windows\System\CWkBGpc.exe
  2⤵
  PID:9204
- C:\Windows\System\wJLrvfw.exe
  C:\Windows\System\wJLrvfw.exe
  2⤵
  PID:9208
- C:\Windows\System\MSaQmXS.exe
  C:\Windows\System\MSaQmXS.exe
  2⤵
  PID:7356
- C:\Windows\System\QkXldFe.exe
  C:\Windows\System\QkXldFe.exe
  2⤵
  PID:8376
- C:\Windows\System\JeIGVQl.exe
  C:\Windows\System\JeIGVQl.exe
  2⤵
  PID:8172
- C:\Windows\System\YxbJRqu.exe
  C:\Windows\System\YxbJRqu.exe
  2⤵
  PID:7392
- C:\Windows\System\DVkSonH.exe
  C:\Windows\System\DVkSonH.exe
  2⤵
  PID:8500
- C:\Windows\System\KTgVsmF.exe
  C:\Windows\System\KTgVsmF.exe
  2⤵
  PID:8576
- C:\Windows\System\ChVYgHv.exe
  C:\Windows\System\ChVYgHv.exe
  2⤵
  PID:8832
- C:\Windows\System\jMMoKEU.exe
  C:\Windows\System\jMMoKEU.exe
  2⤵
  PID:9084
- C:\Windows\System\SuvTnEl.exe
  C:\Windows\System\SuvTnEl.exe
  2⤵
  PID:9164
- C:\Windows\System\tBYylTy.exe
  C:\Windows\System\tBYylTy.exe
  2⤵
  PID:8844
- C:\Windows\System\oLjLWVV.exe
  C:\Windows\System\oLjLWVV.exe
  2⤵
  PID:9212
- C:\Windows\System\GCsJTCL.exe
  C:\Windows\System\GCsJTCL.exe
  2⤵
  PID:8396
- C:\Windows\System\vPszAbq.exe
  C:\Windows\System\vPszAbq.exe
  2⤵
  PID:6720
- C:\Windows\System\hXOaCzA.exe
  C:\Windows\System\hXOaCzA.exe
  2⤵
  PID:8452
- C:\Windows\System\ysDyYFn.exe
  C:\Windows\System\ysDyYFn.exe
  2⤵
  PID:8756
- C:\Windows\System\zQyGrrO.exe
  C:\Windows\System\zQyGrrO.exe
  2⤵
  PID:8960
- C:\Windows\System\cdgNCxU.exe
  C:\Windows\System\cdgNCxU.exe
  2⤵
  PID:8560
- C:\Windows\System\vnTXBQj.exe
  C:\Windows\System\vnTXBQj.exe
  2⤵
  PID:8348
- C:\Windows\System\IOMhWbm.exe
  C:\Windows\System\IOMhWbm.exe
  2⤵
  PID:8228
- C:\Windows\System\DfnOrwo.exe
  C:\Windows\System\DfnOrwo.exe
  2⤵
  PID:8176
- C:\Windows\System\TuvAmxa.exe
  C:\Windows\System\TuvAmxa.exe
  2⤵
  PID:8628
- C:\Windows\System\JosKpZr.exe
  C:\Windows\System\JosKpZr.exe
  2⤵
  PID:8700
- C:\Windows\System\idkAFsa.exe
  C:\Windows\System\idkAFsa.exe
  2⤵
  PID:9196
- C:\Windows\System\fvdPHBn.exe
  C:\Windows\System\fvdPHBn.exe
  2⤵
  PID:8864
- C:\Windows\System\dYHXujG.exe
  C:\Windows\System\dYHXujG.exe
  2⤵
  PID:9148
- C:\Windows\System\XXABqUw.exe
  C:\Windows\System\XXABqUw.exe
  2⤵
  PID:8592
- C:\Windows\System\UcPJtft.exe
  C:\Windows\System\UcPJtft.exe
  2⤵
  PID:9176
- C:\Windows\System\bDreXGU.exe
  C:\Windows\System\bDreXGU.exe
  2⤵
  PID:8276
- C:\Windows\System\YMGRVct.exe
  C:\Windows\System\YMGRVct.exe
  2⤵
  PID:9228
- C:\Windows\System\VnwmRGw.exe
  C:\Windows\System\VnwmRGw.exe
  2⤵
  PID:9244
- C:\Windows\System\JFLQzkn.exe
  C:\Windows\System\JFLQzkn.exe
  2⤵
  PID:9268
- C:\Windows\System\vTVsrBt.exe
  C:\Windows\System\vTVsrBt.exe
  2⤵
  PID:9284
- C:\Windows\System\TVkXVME.exe
  C:\Windows\System\TVkXVME.exe
  2⤵
  PID:9300
- C:\Windows\System\nGiPaWt.exe
  C:\Windows\System\nGiPaWt.exe
  2⤵
  PID:9316
- C:\Windows\System\FqPrvuG.exe
  C:\Windows\System\FqPrvuG.exe
  2⤵
  PID:9348
- C:\Windows\System\fQRcqxV.exe
  C:\Windows\System\fQRcqxV.exe
  2⤵
  PID:9364
- C:\Windows\System\asrEkoG.exe
  C:\Windows\System\asrEkoG.exe
  2⤵
  PID:9384
- C:\Windows\System\pZJYWax.exe
  C:\Windows\System\pZJYWax.exe
  2⤵
  PID:9400
- C:\Windows\System\BnChGjE.exe
  C:\Windows\System\BnChGjE.exe
  2⤵
  PID:9416
- C:\Windows\System\rlWxTKS.exe
  C:\Windows\System\rlWxTKS.exe
  2⤵
  PID:9432
- C:\Windows\System\UQDAGSn.exe
  C:\Windows\System\UQDAGSn.exe
  2⤵
  PID:9448
- C:\Windows\System\SsjYOTx.exe
  C:\Windows\System\SsjYOTx.exe
  2⤵
  PID:9468
- C:\Windows\System\jBpDqQi.exe
  C:\Windows\System\jBpDqQi.exe
  2⤵
  PID:9484
- C:\Windows\System\uOyIpcy.exe
  C:\Windows\System\uOyIpcy.exe
  2⤵
  PID:9500
- C:\Windows\System\HwoHnCV.exe
  C:\Windows\System\HwoHnCV.exe
  2⤵
  PID:9520
- C:\Windows\System\FtvmtZk.exe
  C:\Windows\System\FtvmtZk.exe
  2⤵
  PID:9544
- C:\Windows\System\ChgOeFT.exe
  C:\Windows\System\ChgOeFT.exe
  2⤵
  PID:9560
- C:\Windows\System\FBjEffA.exe
  C:\Windows\System\FBjEffA.exe
  2⤵
  PID:9576
- C:\Windows\System\wEeMZUB.exe
  C:\Windows\System\wEeMZUB.exe
  2⤵
  PID:9636
- C:\Windows\System\hSNBcOM.exe
  C:\Windows\System\hSNBcOM.exe
  2⤵
  PID:9660
- C:\Windows\System\VFILNAT.exe
  C:\Windows\System\VFILNAT.exe
  2⤵
  PID:9680
- C:\Windows\System\DhQPOhd.exe
  C:\Windows\System\DhQPOhd.exe
  2⤵
  PID:9696
- C:\Windows\System\Svpronh.exe
  C:\Windows\System\Svpronh.exe
  2⤵
  PID:9720
- C:\Windows\System\ZUNlooN.exe
  C:\Windows\System\ZUNlooN.exe
  2⤵
  PID:9740
- C:\Windows\System\samCEyF.exe
  C:\Windows\System\samCEyF.exe
  2⤵
  PID:9760
- C:\Windows\System\gsARaxt.exe
  C:\Windows\System\gsARaxt.exe
  2⤵
  PID:9776
- C:\Windows\System\yUYCOrb.exe
  C:\Windows\System\yUYCOrb.exe
  2⤵
  PID:9800
- C:\Windows\System\IgMrTdi.exe
  C:\Windows\System\IgMrTdi.exe
  2⤵
  PID:9820
- C:\Windows\System\QkHpooH.exe
  C:\Windows\System\QkHpooH.exe
  2⤵
  PID:9840
- C:\Windows\System\uUgVfwc.exe
  C:\Windows\System\uUgVfwc.exe
  2⤵
  PID:9856
- C:\Windows\System\IjMXJzI.exe
  C:\Windows\System\IjMXJzI.exe
  2⤵
  PID:9876
- C:\Windows\System\NaUjUnS.exe
  C:\Windows\System\NaUjUnS.exe
  2⤵
  PID:9892
- C:\Windows\System\rpTimyl.exe
  C:\Windows\System\rpTimyl.exe
  2⤵
  PID:9916
- C:\Windows\System\FMNETFl.exe
  C:\Windows\System\FMNETFl.exe
  2⤵
  PID:9936
- C:\Windows\System\PNNcpsO.exe
  C:\Windows\System\PNNcpsO.exe
  2⤵
  PID:9952
- C:\Windows\System\KCnVulI.exe
  C:\Windows\System\KCnVulI.exe
  2⤵
  PID:9968
- C:\Windows\System\lPNKqvX.exe
  C:\Windows\System\lPNKqvX.exe
  2⤵
  PID:9988
- C:\Windows\System\FCGDwRo.exe
  C:\Windows\System\FCGDwRo.exe
  2⤵
  PID:10020
- C:\Windows\System\cGyXCOp.exe
  C:\Windows\System\cGyXCOp.exe
  2⤵
  PID:10040
- C:\Windows\System\BadRFRM.exe
  C:\Windows\System\BadRFRM.exe
  2⤵
  PID:10056
- C:\Windows\System\kbJitHg.exe
  C:\Windows\System\kbJitHg.exe
  2⤵
  PID:10072
- C:\Windows\System\rLgRpqh.exe
  C:\Windows\System\rLgRpqh.exe
  2⤵
  PID:10104
- C:\Windows\System\OpBtYzz.exe
  C:\Windows\System\OpBtYzz.exe
  2⤵
  PID:10120
- C:\Windows\System\mknkqTG.exe
  C:\Windows\System\mknkqTG.exe
  2⤵
  PID:10136
- C:\Windows\System\qkTzITo.exe
  C:\Windows\System\qkTzITo.exe
  2⤵
  PID:10152
- C:\Windows\System\wCUssDV.exe
  C:\Windows\System\wCUssDV.exe
  2⤵
  PID:10172
- C:\Windows\System\lazHfWr.exe
  C:\Windows\System\lazHfWr.exe
  2⤵
  PID:10188
- C:\Windows\System\IrmjQIE.exe
  C:\Windows\System\IrmjQIE.exe
  2⤵
  PID:10204
- C:\Windows\System\SQsTUNT.exe
  C:\Windows\System\SQsTUNT.exe
  2⤵
  PID:10220
- C:\Windows\System\brYZPvf.exe
  C:\Windows\System\brYZPvf.exe
  2⤵
  PID:10236
- C:\Windows\System\OoRjYnT.exe
  C:\Windows\System\OoRjYnT.exe
  2⤵
  PID:9220
- C:\Windows\System\veMipvj.exe
  C:\Windows\System\veMipvj.exe
  2⤵
  PID:9264
- C:\Windows\System\pTVxsCd.exe
  C:\Windows\System\pTVxsCd.exe
  2⤵
  PID:9340
- C:\Windows\System\BwfiEJH.exe
  C:\Windows\System\BwfiEJH.exe
  2⤵
  PID:9376
- C:\Windows\System\rRIFYkH.exe
  C:\Windows\System\rRIFYkH.exe
  2⤵
  PID:9444
- C:\Windows\System\LOLgKXR.exe
  C:\Windows\System\LOLgKXR.exe
  2⤵
  PID:9312
- C:\Windows\System\wyczglS.exe
  C:\Windows\System\wyczglS.exe
  2⤵
  PID:9528
- C:\Windows\System\gwlboOl.exe
  C:\Windows\System\gwlboOl.exe
  2⤵
  PID:9572
- C:\Windows\System\gdmVpfJ.exe
  C:\Windows\System\gdmVpfJ.exe
  2⤵
  PID:9512
- C:\Windows\System\hzPmNHo.exe
  C:\Windows\System\hzPmNHo.exe
  2⤵
  PID:9584
- C:\Windows\System\fbRGKKq.exe
  C:\Windows\System\fbRGKKq.exe
  2⤵
  PID:9600
- C:\Windows\System\IcEQfKA.exe
  C:\Windows\System\IcEQfKA.exe
  2⤵
  PID:9624
- C:\Windows\System\BbTIzTc.exe
  C:\Windows\System\BbTIzTc.exe
  2⤵
  PID:9644
- C:\Windows\System\zaxfRzN.exe
  C:\Windows\System\zaxfRzN.exe
  2⤵
  PID:9668
- C:\Windows\System\LNFzVnB.exe
  C:\Windows\System\LNFzVnB.exe
  2⤵
  PID:9692
- C:\Windows\System\loHohyU.exe
  C:\Windows\System\loHohyU.exe
  2⤵
  PID:9716
- C:\Windows\System\uaNoFPE.exe
  C:\Windows\System\uaNoFPE.exe
  2⤵
  PID:9752
- C:\Windows\System\MjjATzt.exe
  C:\Windows\System\MjjATzt.exe
  2⤵
  PID:9772
- C:\Windows\System\ZfLIFWH.exe
  C:\Windows\System\ZfLIFWH.exe
  2⤵
  PID:9792
- C:\Windows\System\ADfYzaI.exe
  C:\Windows\System\ADfYzaI.exe
  2⤵
  PID:9828
- C:\Windows\System\grgcYtZ.exe
  C:\Windows\System\grgcYtZ.exe
  2⤵
  PID:9884
- C:\Windows\System\YwFRNfo.exe
  C:\Windows\System\YwFRNfo.exe
  2⤵
  PID:9868
- C:\Windows\System\qZTrwLj.exe
  C:\Windows\System\qZTrwLj.exe
  2⤵
  PID:9960
- C:\Windows\System\zNErDVD.exe
  C:\Windows\System\zNErDVD.exe
  2⤵
  PID:9908
- C:\Windows\System\zpWVpZW.exe
  C:\Windows\System\zpWVpZW.exe
  2⤵
  PID:9980
- C:\Windows\System\EZJoNbQ.exe
  C:\Windows\System\EZJoNbQ.exe
  2⤵
  PID:9996
- C:\Windows\System\aAdCDOD.exe
  C:\Windows\System\aAdCDOD.exe
  2⤵
  PID:10012
- C:\Windows\System\LqvPpNK.exe
  C:\Windows\System\LqvPpNK.exe
  2⤵
  PID:10032
- C:\Windows\System\zatXCKU.exe
  C:\Windows\System\zatXCKU.exe
  2⤵
  PID:10052
- C:\Windows\System\KdzGmVm.exe
  C:\Windows\System\KdzGmVm.exe
  2⤵
  PID:10092
- C:\Windows\System\bzEZwwn.exe
  C:\Windows\System\bzEZwwn.exe
  2⤵
  PID:10116
- C:\Windows\System\LWYChTK.exe
  C:\Windows\System\LWYChTK.exe
  2⤵
  PID:10184
- C:\Windows\System\KnNqgsX.exe
  C:\Windows\System\KnNqgsX.exe
  2⤵
  PID:10196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BFJazeQ.exe

Filesize
6.0MB

MD5
9ec95dbc023e3fdabaa4e4e58429a59d

SHA1
33abe5a8d3cde5be13d19ff41a38115e0272541d

SHA256
71d72cb4b4ce71085b7720abb28115e1e4e852deb8dc5fde5ec74da5c1d4e9ef

SHA512
84aacfe4a25276322b7ab200ee9a76087b8f1c9173dba0f950cba2b2711bb9f3c505ecdecd97071c327e17006495df44ad55bff9bf1225fe5d952e0611fc2cc2

Download Submit
C:\Windows\system\CBgFtIT.exe

Filesize
6.0MB

MD5
4294211c1d678251695a2cb182c0375b

SHA1
c0c7ce392f3b340bf7331912f36b50d48b7299bc

SHA256
8ead52328f149a39d8648aaa6667c4c169c0d0f238a4c7607c06c5764c213598

SHA512
d8a3a3356deb994a3f19f3ec7d68153338f42250573d382f47bb5f5c35c2960c4faea3125127b5cba0d9e601d2510e24ba9db445929787e4096a72de346a1b0b

Download Submit
C:\Windows\system\DYhQPwZ.exe

Filesize
6.0MB

MD5
6ccaeecbefaccb2d41003aef9a63f773

SHA1
982bc71357bca77be2da1ae584f3f12acca6e9ee

SHA256
f6dc31817d2e77c19da833e1a49d130057a4f2f3a1cb40683f88b38c417d3e70

SHA512
26d683d781454ec29fc925ba538f3485b98bc173de1bf4ea2c7d8ae7ccb5bc0205843cd38bd63d94875cfa914ebe364fc3220b8063f65c5589357c0277b97bc4

Download Submit
C:\Windows\system\HDjzkwV.exe

Filesize
6.0MB

MD5
c4daecf56a562b8bc6a0ae983574b702

SHA1
0aefbb884afae1458640498f4d7ee29c2b67853c

SHA256
8f809ffbffcdb8e73e99d5f7048e7888d392bca4ac4b74f58ac778fbdfba40bb

SHA512
1769cc8a71f94821d7deffd5056f9c7c0c98fcbe1bdfb65bb20be7245400bc36afc9ffd0f6e6271eb71502b7068644f3cf25207ea691ec057a2e9400788e04b1

Download Submit
C:\Windows\system\LIQZWAx.exe

Filesize
6.0MB

MD5
8db5c6e7ca8f112f9a056915758e3c2a

SHA1
2f7da42f016ca5baabfc747ba7a5ed11ec0af2dc

SHA256
ead20a7213c58e59f6f5b540557ab785c29e3f0f7945feb7c2114c480c704f83

SHA512
78510e32a394d7a9057efe2b8228ce438b83918bcab0534f2f10c674500abfc1f97e85ddeac353fa4d15ef93b6cda54df6b66a09dcd6bbd489a77288d632b7da

Download Submit
C:\Windows\system\NjLnBes.exe

Filesize
6.0MB

MD5
f3ebd88de819f7907088af4e01676c89

SHA1
2bbcb5a454e0f9b8c439bd54f6b4166e2131a4a0

SHA256
46e2e55f4b1696edcd86c1f317b8fd0ab0bc8789770c1072f6d27e3af9b9fc27

SHA512
db1925f66b6324210f1d2129e94f2ce6ff4967421d7ccbd33505b6f4ff47f61b91da78822dd7a470e2d070f62919952e77c2a688c80c189bbc8a783b08aabd13

Download Submit
C:\Windows\system\OWKHKIx.exe

Filesize
6.0MB

MD5
286ede740b39721f11148743bdee005b

SHA1
74aa5d5e6f91fd63c9fe7b26a28dbdacb993927f

SHA256
23282f2bdf8454f650ba5cc9aa2e8799a6b00ef0c18e4ecca136e3123cb8eb2a

SHA512
30b5d8d245409003f759e5932efda5efa2f90f797c44d17b05ff146ea0994007844c89a4a504794500f4c787c6edd3963e4b5a032e354e7ee1b64729710b385a

Download Submit
C:\Windows\system\PGfWyld.exe

Filesize
6.0MB

MD5
cd03995339089c9aa59624a54f799e14

SHA1
92088244852326693c43de38c20ec62f0f2b619b

SHA256
84f0e8661b9df954b14e816229e74868ae0b8ab3ffb8dcb9f9ed6d7072e14ccd

SHA512
5eb5a1c321c7095a291832aae74f867a72ef8df6196b5cdb6fac2c2f2a977b19ad8fb8c171b1ed2f92b65a1d46fb358f9b4dc3e91836655d53f1da3d487246d9

Download Submit
C:\Windows\system\PmlUSZX.exe

Filesize
6.0MB

MD5
055b6318b25717cd52444ccee197d003

SHA1
f9cbd1a666daaafa41053ba47bdc3fa57a37373a

SHA256
648cc7bc89bfce625702a4949bcb599be892153f72239f2d000a87c9a10248ef

SHA512
a8278ddf265bc00457d7ad3dcd81338367932d4d6e423234bd1e68cf2dd022c9adeaa91019d0d0855888de8344f05b25c0eac1e4d3e2ed1783880f91816ee5e9

Download Submit
C:\Windows\system\QAAYtNd.exe

Filesize
6.0MB

MD5
922dbc3d59bd52108b00725ea46d36b3

SHA1
7ce1d945a55e00a516cbb0439b55932989d3884d

SHA256
fff555501c5e4af0cb33a418b2120214c8ae71d74f2008e0a5c15a18870f87c8

SHA512
ca32ec4d3c19bb1ed4255b6c5ed19bd5f1460251cfd1047f5dab79e34d9874556fb462e94cc9cbb1e89ec695a19db1890ad105c1d8be3959446253970f7b04b4

Download Submit
C:\Windows\system\RFydlkW.exe

Filesize
6.0MB

MD5
5e67155556ac572a4cc89054c1dfd69d

SHA1
0300967524529ea01c045e49fb6802507aed5b6c

SHA256
aaa9163d679373510ffc2ec744c43169cee6426436f66330193ec99399c0881d

SHA512
1566693cee8e0aa3b81c732bc76d178a57dc790498ba07be9cfa538a2c51f7af3399b80cfdfcfff8f92679ca0da1f880bca5c6ab8eae5513fa13575d46903589

Download Submit
C:\Windows\system\SlSUgpZ.exe

Filesize
6.0MB

MD5
a8e946130c9361e1681f759240ad1b29

SHA1
d81dfe58b19900ba0c8cc4a46871c7e51afe0b64

SHA256
ab10c4edfc5fdaaf6b8fba72f9215cf5e2c7f93faf02ae03ddec287d75783582

SHA512
0a2f34ee957c630d2595fbd0983dc7329e5b554535840bb8c26c0de447283508ae97ee5d25c9453b818aa916c7718aa0b3bae6268b017aa18e446e3c2105f19c

Download Submit
C:\Windows\system\TJarcTg.exe

Filesize
6.0MB

MD5
10a5efc4ab6ffd17048469aa3b656981

SHA1
6135ea2f19ca825fba2c919ae0faa55abab8b23a

SHA256
3cf05b16156ca3759f69f6f390649ce7fb4243e17bdb0c0ac64fb2a9c7e612f8

SHA512
d3f1b5e02903e35baf8b32a80ee0c609cb1ba5417d77658e3c8f517fbfd856afb0efd8328ef2f943b1b63b3fe21051e5c7e665ce8e33a31797a61e6f99d3f512

Download Submit
C:\Windows\system\UzsrMet.exe

Filesize
6.0MB

MD5
5c204770448f9d066543fc9629a401cd

SHA1
22ba5cca9bf2225707453b9edaaa602a9427d281

SHA256
254fa71e98596c80a749128227549f0d562ce5fdc077b06b22e167c605eda11f

SHA512
0d8e272fde1cb4f1647fd5e04f2c9f16156ff13505a2b160f61b219e2962b5f2d0190efd3fda170d1f52ff48aae7b24bfd377ad9dab636dc8f5b49d9f62cd6cc

Download Submit
C:\Windows\system\WmvETot.exe

Filesize
6.0MB

MD5
9b8dd915410eb4e337c91a6766f73c12

SHA1
879d118bb464f46acdafc827a475053900011845

SHA256
0099d3704fd5fd5b39a570395d1624e6776c2fa6678e229951ebf0cc299f2c5d

SHA512
902313d928e5ffc88d339cd5a69860440caa03625e45846a4f2e3d457cdb2e29e534a66ee1ed323f76644c1820a4f3530407d6e04350a138148e50a4f3015ab4

Download Submit
C:\Windows\system\YTINuDO.exe

Filesize
6.0MB

MD5
543f184ec00dec46ccd0522eb5520b2e

SHA1
75ddbf104d439ced5a4503354204525334519727

SHA256
a8d0b95c8daa5da0cead1f5d9ef3aae7590e8a3b578a7e5de13cc5ba77bb3220

SHA512
347cba6bba4a5b5c1e8228272331e05a33316f99183e144709c98aab69628c1d249541d7a7ca3cefedb7595c600f5005d6363100949e4d0e7678b25e350bb7e2

Download Submit
C:\Windows\system\cSbwAbc.exe

Filesize
6.0MB

MD5
34b419bf472e6ce9db355dcabdedc304

SHA1
b846511272a06a092fda4caa03763d92b591ecc9

SHA256
781dbe2a803fd298c800c7bd36c8e4e0474bf9a6e433a2e18836a5a7878a03b6

SHA512
9fe45040bf162f00b3a4aa784afa8c1049f9edafdf218e04f66bf6093a0c7e8aed13e6ecbb21b79f47cb39fe33fdc995a0d4aa61098c02b367ae593b36254c23

Download Submit
C:\Windows\system\cyafSlW.exe

Filesize
6.0MB

MD5
f40fab9e59cfe9b468499b700d148d10

SHA1
a2791fdc21c4a340a0c4d98f6bbf97dd9dc3db86

SHA256
34244b49786cdc70e2e58741d6164fcd80eb56a1ab6ef1e8dcd0bb32c54d5e8a

SHA512
4bcc22272de2a546f727528f2e1ceb1b993b6fd4fcead5c96aa4e14f5419df0371811335edd49a17fa1c209bf46af57824e842f2916d1c32b56a0a91ae1018d0

Download Submit
C:\Windows\system\diiIiBx.exe

Filesize
6.0MB

MD5
a43185d4b866f4dbd0d0773708a36e2f

SHA1
af8f80ae8881572ff28d2c160c6fb7b70863a366

SHA256
7b5c1a81facba5c14796f6dbcf05aaa110a214c39d69dc93708d97c26e57b75f

SHA512
a5d74acd78a8df66871bd3848fa8305e5123a189856d078d33fd4071df33fa567a5f0c56967c1af46aadeb9c57ee70b2cce63c7fc97de1bb57a5db1ae3745de8

Download Submit
C:\Windows\system\eLowQFK.exe

Filesize
6.0MB

MD5
dc40d6b5f7d2ff87552a350f2a80f8ac

SHA1
11d02c52f546d17fd054b57739121d2447a4f95a

SHA256
3c14e4314ea71c4839754f5cf8898bf6c71d5bc645fdead3103c3682eec13c70

SHA512
b0b4b4494c7373bc2bbce02babd3b5fb4d371b66079cb56bb5b07ed8bc98867c9c4114eff1320c84ccc53c6fac6e29b3c2efaf7e29f62b9155d47b42754baeea

Download Submit
C:\Windows\system\eYXjJbU.exe

Filesize
6.0MB

MD5
e7845762928fbbe31e54803a23a91a1c

SHA1
f543299b9d873449e23948cd58ed1778ff889d01

SHA256
bde2c5c0f08ea18785e18448b6d83d26fd00db763353e0e813082c12914681b3

SHA512
c89ab6ef54848d3c0b74cd861b5005098e73552d003cb5aaf8702b78ccac47d99c385e15e5951ba87d67aaa624b92024e367c953e91a4d0c960f25bc6bbcd2b9

Download Submit
C:\Windows\system\iGWwvWD.exe

Filesize
6.0MB

MD5
2dc9de7b30800121fd057a1de749f1dc

SHA1
a5da6e7fd44a518b395337b7acc9a4bcbe6651b7

SHA256
6beb7eaa28dc38aa155b77c4e6cca877a91fec946ec83e5deb85fd336fb90469

SHA512
147a9eb25c4bea7a9007f41d71bc4d4b595afa48e119dcad16d0d60a4894e6f0f8d21cc383dee4a78af05894a768c084c884699b00ecae6a67d76793ed3b1081

Download Submit
C:\Windows\system\nYIpCnZ.exe

Filesize
6.0MB

MD5
2eb1bd6cb1b2973d10ba43c64c587eca

SHA1
47b5c812c9d214dbbf6e180365c09c287e9eb927

SHA256
0ef2d968dbba57e5f1c8ea861a375342e06a9dd92266c4185adb34d6581271c8

SHA512
9bbcc254e867a6e15065cc3f192a55396ce5d2c76ecf31eda4890db698f79b778b516ec5a79613e5cc06bb6ca1a9d88cf95f284b6aa481e3f611734ecce6a253

Download Submit
C:\Windows\system\oWlUGNH.exe

Filesize
6.0MB

MD5
9076e2b842be020d2758237a296481c4

SHA1
ec5fb530b1db432c32dc59524b84d56f16f06c76

SHA256
4a2fe0359ba223d79c16f045d8f1f984833493c59a818def98ff908199ce471e

SHA512
856d45cf4d2c347b65861e899c68914f63a68c968b117d2ee2b4212747d473f64d25f0a6bb87efb64f0b6f6ade2a230a239f7d0172661c4cbab3a4bf28ad4ba7

Download Submit
C:\Windows\system\slUbuun.exe

Filesize
6.0MB

MD5
1b872886180f39dd0df18703d5995b15

SHA1
e84bcf3525cacd46c4ebe0f6ed131d4863c40d17

SHA256
4fb5a547d6940af7a5e5cec43ccfc3925dd3df575f9729061a7eda8a03546754

SHA512
783056e06d05729373a8a8275ca7953df70be1b83b83ed18eff22009859b32e053f28731866586d4b35ef9e59d586ce5153a3d9d20f80ac1388d8f195079d207

Download Submit
C:\Windows\system\wlsUBqs.exe

Filesize
6.0MB

MD5
5a01aa2eb5fd48a67b98955be19a0b7f

SHA1
dcc10acaf98af6508e0ed432db96d9557546d211

SHA256
00446dfc153d791fcf496f26a67974585482071d00591f3db1c9b1054812f7a0

SHA512
925ea32634f488c52a18b12fea899cb9057584a599ccda6d92f159a6a2a7c1943a5d782795db3b21dc62fd1aac49612f4f85ede9b816e77ac410312c5930d710

Download Submit
C:\Windows\system\yXzYRNz.exe

Filesize
6.0MB

MD5
908f61413978f3d19fbdeca451ba3933

SHA1
37e52e4b62d5a08ca30fa60ee110a71a3fe8460b

SHA256
c7d025598bbdd5105913d15c91131a034904e699442a9221db123c4791c8c792

SHA512
5197adb8914821fc00ff5e98c61eb4f151dc89a6a1b5b3315d0fdb59743b58ebd3c666433d10fab62f3deb0e78d974eeb16389c0856c300acca447b02f057862

Download Submit
C:\Windows\system\zAlOmvk.exe

Filesize
6.0MB

MD5
25c53a1a46a27724cacb88e15d9add42

SHA1
0c9750377cb7d3183b790f94a230b2c8c9e14fae

SHA256
a7c61b5fe61c7b7236fbb0f30f64d50e30c5445f82b85f672f10b223a7767627

SHA512
42e1a36840cf429e4403817924c6e3dfe3a7d7a198bacc16163495d60faf579dc1483847d8fde9900e167042c079348a7e1cb69d01748bc433d8789bf6d90081

Download Submit
\Windows\system\MeZsaWF.exe

Filesize
6.0MB

MD5
dda1aa3541c6f9bcf288995cb3ab03b0

SHA1
6d1b07c4e00838490b39aef93e54511fc72c484a

SHA256
65b3d77bb028c03f337e9b40f134ed0bb4be0ba7ca4e459dbc3b223f9c5d972b

SHA512
1ac0400ad8269d44314a5a856c17af7b65d112e80978661e34a8daa1ee6a61c2155adf082b58bfa4821f6808cfe0d756dfa84b67b43a3abe636dc52428fc1b9b

Download Submit
\Windows\system\XjTndsz.exe

Filesize
6.0MB

MD5
ceb5ebc2024de56eeca3186359a113f1

SHA1
17c1e951f22cd3fef394ea0e3c16ecafdcd8c1d2

SHA256
6d90f9d97808beda8aa382d9efe1c2af2857e0a7fc2b57b4379971196e2ae1c0

SHA512
8956dcdd36814a5ec4ce6b44037e91f290473522edf0579bc5a5cb95a80e2d3a6195388dd9c135bb64a647109c7da1b8be289fbc61d1dcd6ed5fd13ce99fe6d8

Download Submit
\Windows\system\joAMoNJ.exe

Filesize
6.0MB

MD5
9e675d0fe09b19fdc56688798660ab9d

SHA1
4fd907c25ac1123882a4f225de652167a7d63b7b

SHA256
2276dd0a0f0e82cdee233c09a32c77ec0739568e8b3352cd4990bf3089f88bc5

SHA512
aaea9587823b80470c05f091170be9f2659ee5f8428915636d3e8a30797054f6c4d51ecdcc1dadb89a6d1906108b0176e2a2544ed4720b64e22840e2cbf37b4e

Download Submit
\Windows\system\pXzzzJu.exe

Filesize
6.0MB

MD5
b14b4afbddf51eea4715375f96a7fc67

SHA1
c3f0f0b09cfb3c92e0f66c36f9f00af8a7ea414e

SHA256
e06f02ebf83372d1a832118b2154501693b4ce518a045669798be73d97038de0

SHA512
4ab4a0c6c5276556ece1d53931669482b127ab926f866b3c1d38331db60d68fbb92e9835e46c8a590386ca618e7bf92a087f04e361d75ca9fd8997f78cbb562e

Download Submit
memory/1832-93-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1832-924-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1832-4019-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/1900-86-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-4018-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-681-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-477-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-4017-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-82-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-73-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2312-803-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1222-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2312-98-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2312-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2312-992-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2312-97-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2312-84-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2312-81-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-25-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2312-60-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2312-0-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-90-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2312-357-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2312-39-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2312-108-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2312-57-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2312-34-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-67-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2312-106-0x00000000021D0000-0x0000000002524000-memory.dmp

Filesize
3.3MB

Download
memory/2312-15-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2648-107-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-70-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4015-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-35-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2708-4011-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2716-41-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4007-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2716-7-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2720-52-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4013-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2720-89-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2724-72-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2724-28-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4010-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2728-4014-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2728-101-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2728-64-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2744-43-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2744-4012-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2796-4020-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2796-102-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1038-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2864-21-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4009-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2876-48-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4008-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2876-20-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/3068-4016-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3068-71-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download