cobaltstrike | 190d860a6f5290984e674f2995f9a4193ecedc49340d47553391b167c5cfdcf7

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/12/2024, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

81896f14709871767d4edabd9d4ba165
SHA1

20871bc9025352fa5da7212c03be4b17c509f409
SHA256

190d860a6f5290984e674f2995f9a4193ecedc49340d47553391b167c5cfdcf7
SHA512

00fa8d24246d1d1bd3519c9a16b6a3fdac7f0716fde0ad66c7c6843449b0931c64ea153746e0e9bcd8ca995dcaf3f4cee1c89e9fbcd241481d7946adb96abd19
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUE:eOl56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 37 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012102-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c47-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c53-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ccb-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d02-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0c-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d15-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019612-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-78.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d27-60.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d1f-55.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2100-0-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-6.dat	xmrig
behavioral1/files/0x0008000000016c47-8.dat	xmrig
behavioral1/files/0x0008000000016c53-10.dat	xmrig
behavioral1/memory/1740-22-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2100-19-0x00000000022B0000-0x0000000002604000-memory.dmp	xmrig
behavioral1/memory/1788-18-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ccb-23.dat	xmrig
behavioral1/files/0x0007000000016d02-29.dat	xmrig
behavioral1/memory/2448-35-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d0c-38.dat	xmrig
behavioral1/memory/2100-43-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d15-45.dat	xmrig
behavioral1/memory/2984-49-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/1740-56-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019610-132.dat	xmrig
behavioral1/files/0x0005000000019c3a-182.dat	xmrig
behavioral1/files/0x0005000000019c36-175.dat	xmrig
behavioral1/files/0x00050000000196e8-162.dat	xmrig
behavioral1/files/0x00050000000194bd-158.dat	xmrig
behavioral1/files/0x000500000001966c-154.dat	xmrig
behavioral1/memory/2448-241-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019618-146.dat	xmrig
behavioral1/files/0x0005000000019614-139.dat	xmrig
behavioral1/files/0x000500000001960c-127.dat	xmrig
behavioral1/files/0x00050000000195d9-126.dat	xmrig
behavioral1/files/0x0005000000019436-125.dat	xmrig
behavioral1/files/0x000500000001960d-121.dat	xmrig
behavioral1/memory/2752-242-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x000500000001960a-114.dat	xmrig
behavioral1/files/0x00050000000194f3-109.dat	xmrig
behavioral1/files/0x0005000000019417-108.dat	xmrig
behavioral1/memory/2652-107-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x0005000000019537-102.dat	xmrig
behavioral1/files/0x0005000000019c53-193.dat	xmrig
behavioral1/files/0x0005000000019c38-192.dat	xmrig
behavioral1/memory/2616-173-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x000500000001997c-172.dat	xmrig
behavioral1/files/0x00050000000196ac-171.dat	xmrig
behavioral1/files/0x000500000001962a-170.dat	xmrig
behavioral1/files/0x0005000000019616-169.dat	xmrig
behavioral1/files/0x0005000000019612-168.dat	xmrig
behavioral1/files/0x000500000001960e-167.dat	xmrig
behavioral1/memory/2984-243-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-96.dat	xmrig
behavioral1/files/0x000500000001941a-95.dat	xmrig
behavioral1/memory/2868-94-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d4-84.dat	xmrig
behavioral1/memory/2836-101-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2788-73-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2100-80-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x00050000000193ec-78.dat	xmrig
behavioral1/memory/2856-67-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2452-57-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2856-249-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2452-248-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d27-60.dat	xmrig
behavioral1/files/0x0009000000016d1f-55.dat	xmrig
behavioral1/memory/2752-42-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2788-28-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2520-17-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2520-4038-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/1740-4039-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/1788-4040-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2520	DCPRHME.exe
1788	rrrFsEy.exe
1740	BwngoXA.exe
2788	EhghoVM.exe
2448	pMKZWZr.exe
2752	vGgFRZy.exe
2984	szoooNh.exe
2452	lczPTXx.exe
2856	IxBrwQE.exe
2868	HjXTznF.exe
2836	pTHlIHU.exe
2616	CIHhuSg.exe
2652	RktfqRT.exe
1168	Ldrjamv.exe
932	sIghVjx.exe
2724	SCyGlIB.exe
1812	CzRejOd.exe
1508	tptunsz.exe
352	NMayeqW.exe
2012	kCoAzFL.exe
2904	lbEWHyT.exe
3040	SkEeapN.exe
2560	YchSGPg.exe
648	euSerWy.exe
2996	OAGJMvF.exe
2368	hLNsrSS.exe
3044	HJybyEi.exe
1656	CHXixhj.exe
800	qjrcTOR.exe
600	QeSYVjI.exe
1744	YLhlosL.exe
1968	hGpghEF.exe
2928	bxaWfUE.exe
1040	EXeXPpI.exe
1696	DIHFCKH.exe
1320	LpjkLlg.exe
1752	JdMnAgb.exe
924	TjZDGbN.exe
1708	FzBnuVd.exe
976	yfBKsMO.exe
3008	BpFfbAZ.exe
2312	CsxoBDx.exe
1928	HvbcfjY.exe
1568	nnMrsrP.exe
3052	HBQUnVS.exe
696	NZXYzrU.exe
2236	qoftDvk.exe
2112	bOUsMVD.exe
1064	RBmMLTW.exe
2388	HiTgUrv.exe
2348	QEcrgyS.exe
2060	LljPfWn.exe
2824	bUpVuVf.exe
2764	Uyihegr.exe
2656	bcaMwHH.exe
3068	UDsovai.exe
2588	RoLvgfX.exe
2300	KymknYb.exe
904	VCUVLGp.exe
2700	GOkzvnC.exe
2720	spUZdlq.exe
2848	VUQdDgD.exe
1636	TnhFJVR.exe
1624	BosZbJH.exe

Loads dropped DLL 64 IoCs

pid	Process
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2100-0-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x0008000000012102-6.dat	upx
behavioral1/files/0x0008000000016c47-8.dat	upx
behavioral1/files/0x0008000000016c53-10.dat	upx
behavioral1/memory/1740-22-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1788-18-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x0008000000016ccb-23.dat	upx
behavioral1/files/0x0007000000016d02-29.dat	upx
behavioral1/memory/2448-35-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x0007000000016d0c-38.dat	upx
behavioral1/memory/2100-43-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x0007000000016d15-45.dat	upx
behavioral1/memory/2984-49-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/1740-56-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0005000000019610-132.dat	upx
behavioral1/files/0x0005000000019c3a-182.dat	upx
behavioral1/files/0x0005000000019c36-175.dat	upx
behavioral1/files/0x00050000000196e8-162.dat	upx
behavioral1/files/0x00050000000194bd-158.dat	upx
behavioral1/files/0x000500000001966c-154.dat	upx
behavioral1/memory/2448-241-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x0005000000019618-146.dat	upx
behavioral1/files/0x0005000000019614-139.dat	upx
behavioral1/files/0x000500000001960c-127.dat	upx
behavioral1/files/0x00050000000195d9-126.dat	upx
behavioral1/files/0x0005000000019436-125.dat	upx
behavioral1/files/0x000500000001960d-121.dat	upx
behavioral1/memory/2752-242-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x000500000001960a-114.dat	upx
behavioral1/files/0x00050000000194f3-109.dat	upx
behavioral1/files/0x0005000000019417-108.dat	upx
behavioral1/memory/2652-107-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x0005000000019537-102.dat	upx
behavioral1/files/0x0005000000019c53-193.dat	upx
behavioral1/files/0x0005000000019c38-192.dat	upx
behavioral1/memory/2616-173-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x000500000001997c-172.dat	upx
behavioral1/files/0x00050000000196ac-171.dat	upx
behavioral1/files/0x000500000001962a-170.dat	upx
behavioral1/files/0x0005000000019616-169.dat	upx
behavioral1/files/0x0005000000019612-168.dat	upx
behavioral1/files/0x000500000001960e-167.dat	upx
behavioral1/memory/2984-243-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0005000000019441-96.dat	upx
behavioral1/files/0x000500000001941a-95.dat	upx
behavioral1/memory/2868-94-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x00050000000193d4-84.dat	upx
behavioral1/memory/2836-101-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2788-73-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x00050000000193ec-78.dat	upx
behavioral1/memory/2856-67-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2452-57-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2856-249-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2452-248-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x0008000000016d27-60.dat	upx
behavioral1/files/0x0009000000016d1f-55.dat	upx
behavioral1/memory/2752-42-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2788-28-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2520-17-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2520-4038-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/1740-4039-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1788-4040-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2752-4044-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2984-4043-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PupkPnp.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCbMlag.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOYrocU.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgRTpWT.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pesZskw.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYKMvOg.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCKMUky.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LuBaRBQ.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMJchjq.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNBETqZ.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLNmXQo.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjziSvM.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twSBpKo.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qajTKhi.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbRCUfJ.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IFqPVpF.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMCZHlf.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ulrmXMj.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpKBluv.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVrLkkW.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkpBTyX.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Fmyhxvr.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwIoOdu.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdXDttf.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEsUTEf.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUCQrmg.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHXixhj.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cbvlugj.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TsGqQsF.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zsMuqtY.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VoJfSUF.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XotFAnl.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruSETRb.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSMuXqt.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOICisQ.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgPENXy.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FzBnuVd.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sfffCZh.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHDFhqU.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myQFPGl.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSVFecO.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hPPSSAs.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRTBBUx.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWIBZsi.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FekYHid.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XIXerTn.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiFWzRK.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EupknQN.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CozXSjK.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwkVTvV.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSaPoBA.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBmqLDR.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJvbOev.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alVKmgl.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JppkxIu.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEmkDbb.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgPUSRU.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzGinhS.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKaAcKF.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vudIUbM.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VkbbLqP.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygbYiTp.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdWpNFh.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsbRnQZ.exe	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2520	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 2520	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 2520	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2100 wrote to memory of 1788	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 1788	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 1788	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2100 wrote to memory of 1740	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 1740	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 1740	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2100 wrote to memory of 2788	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2788	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2788	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2100 wrote to memory of 2448	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2448	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2448	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2100 wrote to memory of 2752	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2752	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2752	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2100 wrote to memory of 2984	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2984	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2984	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2100 wrote to memory of 2452	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2452	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2452	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2100 wrote to memory of 2856	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2856	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2856	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2100 wrote to memory of 2836	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2836	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2836	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2100 wrote to memory of 2868	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2868	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 2868	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2100 wrote to memory of 1168	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 1168	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 1168	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2100 wrote to memory of 2616	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2616	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2616	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2100 wrote to memory of 2724	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2724	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2724	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2100 wrote to memory of 2652	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2652	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 2652	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2100 wrote to memory of 352	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 352	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 352	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2100 wrote to memory of 932	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 932	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 932	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2100 wrote to memory of 1656	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1656	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1656	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2100 wrote to memory of 1812	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1812	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 1812	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2100 wrote to memory of 800	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 800	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 800	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2100 wrote to memory of 1508	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 1508	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 1508	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2100 wrote to memory of 600	2100	2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_81896f14709871767d4edabd9d4ba165_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\System\DCPRHME.exe
  C:\Windows\System\DCPRHME.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\rrrFsEy.exe
  C:\Windows\System\rrrFsEy.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\BwngoXA.exe
  C:\Windows\System\BwngoXA.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\EhghoVM.exe
  C:\Windows\System\EhghoVM.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\pMKZWZr.exe
  C:\Windows\System\pMKZWZr.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\vGgFRZy.exe
  C:\Windows\System\vGgFRZy.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\szoooNh.exe
  C:\Windows\System\szoooNh.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\lczPTXx.exe
  C:\Windows\System\lczPTXx.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\IxBrwQE.exe
  C:\Windows\System\IxBrwQE.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\pTHlIHU.exe
  C:\Windows\System\pTHlIHU.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\HjXTznF.exe
  C:\Windows\System\HjXTznF.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\Ldrjamv.exe
  C:\Windows\System\Ldrjamv.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\CIHhuSg.exe
  C:\Windows\System\CIHhuSg.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\SCyGlIB.exe
  C:\Windows\System\SCyGlIB.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\RktfqRT.exe
  C:\Windows\System\RktfqRT.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\NMayeqW.exe
  C:\Windows\System\NMayeqW.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\sIghVjx.exe
  C:\Windows\System\sIghVjx.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\CHXixhj.exe
  C:\Windows\System\CHXixhj.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\CzRejOd.exe
  C:\Windows\System\CzRejOd.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\qjrcTOR.exe
  C:\Windows\System\qjrcTOR.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\tptunsz.exe
  C:\Windows\System\tptunsz.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\QeSYVjI.exe
  C:\Windows\System\QeSYVjI.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\kCoAzFL.exe
  C:\Windows\System\kCoAzFL.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\YLhlosL.exe
  C:\Windows\System\YLhlosL.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\lbEWHyT.exe
  C:\Windows\System\lbEWHyT.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\hGpghEF.exe
  C:\Windows\System\hGpghEF.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\SkEeapN.exe
  C:\Windows\System\SkEeapN.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\bxaWfUE.exe
  C:\Windows\System\bxaWfUE.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\YchSGPg.exe
  C:\Windows\System\YchSGPg.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\EXeXPpI.exe
  C:\Windows\System\EXeXPpI.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\euSerWy.exe
  C:\Windows\System\euSerWy.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\DIHFCKH.exe
  C:\Windows\System\DIHFCKH.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\OAGJMvF.exe
  C:\Windows\System\OAGJMvF.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\LpjkLlg.exe
  C:\Windows\System\LpjkLlg.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\hLNsrSS.exe
  C:\Windows\System\hLNsrSS.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\TjZDGbN.exe
  C:\Windows\System\TjZDGbN.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\HJybyEi.exe
  C:\Windows\System\HJybyEi.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\FzBnuVd.exe
  C:\Windows\System\FzBnuVd.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\JdMnAgb.exe
  C:\Windows\System\JdMnAgb.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\nnMrsrP.exe
  C:\Windows\System\nnMrsrP.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\yfBKsMO.exe
  C:\Windows\System\yfBKsMO.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\HBQUnVS.exe
  C:\Windows\System\HBQUnVS.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\BpFfbAZ.exe
  C:\Windows\System\BpFfbAZ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\NZXYzrU.exe
  C:\Windows\System\NZXYzrU.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\CsxoBDx.exe
  C:\Windows\System\CsxoBDx.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\qoftDvk.exe
  C:\Windows\System\qoftDvk.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\HvbcfjY.exe
  C:\Windows\System\HvbcfjY.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\bOUsMVD.exe
  C:\Windows\System\bOUsMVD.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\RBmMLTW.exe
  C:\Windows\System\RBmMLTW.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\HiTgUrv.exe
  C:\Windows\System\HiTgUrv.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\QEcrgyS.exe
  C:\Windows\System\QEcrgyS.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\LljPfWn.exe
  C:\Windows\System\LljPfWn.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\bUpVuVf.exe
  C:\Windows\System\bUpVuVf.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\Uyihegr.exe
  C:\Windows\System\Uyihegr.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\spUZdlq.exe
  C:\Windows\System\spUZdlq.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\bcaMwHH.exe
  C:\Windows\System\bcaMwHH.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\LFkpSsz.exe
  C:\Windows\System\LFkpSsz.exe
  2⤵
  PID:1068
- C:\Windows\System\UDsovai.exe
  C:\Windows\System\UDsovai.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\YYZkUeZ.exe
  C:\Windows\System\YYZkUeZ.exe
  2⤵
  PID:1052
- C:\Windows\System\RoLvgfX.exe
  C:\Windows\System\RoLvgfX.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\BWIBZsi.exe
  C:\Windows\System\BWIBZsi.exe
  2⤵
  PID:2896
- C:\Windows\System\KymknYb.exe
  C:\Windows\System\KymknYb.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\CAPqtyC.exe
  C:\Windows\System\CAPqtyC.exe
  2⤵
  PID:2768
- C:\Windows\System\VCUVLGp.exe
  C:\Windows\System\VCUVLGp.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\NigNJqP.exe
  C:\Windows\System\NigNJqP.exe
  2⤵
  PID:1700
- C:\Windows\System\GOkzvnC.exe
  C:\Windows\System\GOkzvnC.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\rqxUkWo.exe
  C:\Windows\System\rqxUkWo.exe
  2⤵
  PID:2248
- C:\Windows\System\VUQdDgD.exe
  C:\Windows\System\VUQdDgD.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\vcCAGPZ.exe
  C:\Windows\System\vcCAGPZ.exe
  2⤵
  PID:2136
- C:\Windows\System\TnhFJVR.exe
  C:\Windows\System\TnhFJVR.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\KQZhvPh.exe
  C:\Windows\System\KQZhvPh.exe
  2⤵
  PID:2372
- C:\Windows\System\BosZbJH.exe
  C:\Windows\System\BosZbJH.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\YdAPntu.exe
  C:\Windows\System\YdAPntu.exe
  2⤵
  PID:996
- C:\Windows\System\qUGKIVc.exe
  C:\Windows\System\qUGKIVc.exe
  2⤵
  PID:1260
- C:\Windows\System\peLEQkA.exe
  C:\Windows\System\peLEQkA.exe
  2⤵
  PID:1036
- C:\Windows\System\ibXcTmc.exe
  C:\Windows\System\ibXcTmc.exe
  2⤵
  PID:2244
- C:\Windows\System\cLsUxyV.exe
  C:\Windows\System\cLsUxyV.exe
  2⤵
  PID:2392
- C:\Windows\System\DCHYyyZ.exe
  C:\Windows\System\DCHYyyZ.exe
  2⤵
  PID:2892
- C:\Windows\System\MkOmojT.exe
  C:\Windows\System\MkOmojT.exe
  2⤵
  PID:2732
- C:\Windows\System\VOPocJV.exe
  C:\Windows\System\VOPocJV.exe
  2⤵
  PID:2844
- C:\Windows\System\MURGKRa.exe
  C:\Windows\System\MURGKRa.exe
  2⤵
  PID:2180
- C:\Windows\System\Bqxxyak.exe
  C:\Windows\System\Bqxxyak.exe
  2⤵
  PID:1112
- C:\Windows\System\KQHWAQY.exe
  C:\Windows\System\KQHWAQY.exe
  2⤵
  PID:596
- C:\Windows\System\KYrgkgU.exe
  C:\Windows\System\KYrgkgU.exe
  2⤵
  PID:536
- C:\Windows\System\WVOdAGk.exe
  C:\Windows\System\WVOdAGk.exe
  2⤵
  PID:2280
- C:\Windows\System\ynDtdYg.exe
  C:\Windows\System\ynDtdYg.exe
  2⤵
  PID:2464
- C:\Windows\System\hRCYjhu.exe
  C:\Windows\System\hRCYjhu.exe
  2⤵
  PID:2708
- C:\Windows\System\oUohqHW.exe
  C:\Windows\System\oUohqHW.exe
  2⤵
  PID:2712
- C:\Windows\System\UVjcPIc.exe
  C:\Windows\System\UVjcPIc.exe
  2⤵
  PID:2456
- C:\Windows\System\LOXgVze.exe
  C:\Windows\System\LOXgVze.exe
  2⤵
  PID:2428
- C:\Windows\System\FZbLdpG.exe
  C:\Windows\System\FZbLdpG.exe
  2⤵
  PID:388
- C:\Windows\System\IrnCgaY.exe
  C:\Windows\System\IrnCgaY.exe
  2⤵
  PID:1096
- C:\Windows\System\eZBvrAd.exe
  C:\Windows\System\eZBvrAd.exe
  2⤵
  PID:1368
- C:\Windows\System\EJfINZv.exe
  C:\Windows\System\EJfINZv.exe
  2⤵
  PID:1916
- C:\Windows\System\aaDbGWw.exe
  C:\Windows\System\aaDbGWw.exe
  2⤵
  PID:1920
- C:\Windows\System\RCmgxpC.exe
  C:\Windows\System\RCmgxpC.exe
  2⤵
  PID:1316
- C:\Windows\System\FCEtMwj.exe
  C:\Windows\System\FCEtMwj.exe
  2⤵
  PID:840
- C:\Windows\System\UaRfdiP.exe
  C:\Windows\System\UaRfdiP.exe
  2⤵
  PID:2792
- C:\Windows\System\scJeGNJ.exe
  C:\Windows\System\scJeGNJ.exe
  2⤵
  PID:3064
- C:\Windows\System\UMRsjFp.exe
  C:\Windows\System\UMRsjFp.exe
  2⤵
  PID:620
- C:\Windows\System\VyexXJB.exe
  C:\Windows\System\VyexXJB.exe
  2⤵
  PID:2268
- C:\Windows\System\mzLTMFZ.exe
  C:\Windows\System\mzLTMFZ.exe
  2⤵
  PID:864
- C:\Windows\System\Gaoobja.exe
  C:\Windows\System\Gaoobja.exe
  2⤵
  PID:2852
- C:\Windows\System\hGQPCdF.exe
  C:\Windows\System\hGQPCdF.exe
  2⤵
  PID:1500
- C:\Windows\System\ZYKMvOg.exe
  C:\Windows\System\ZYKMvOg.exe
  2⤵
  PID:2088
- C:\Windows\System\AQrJoxz.exe
  C:\Windows\System\AQrJoxz.exe
  2⤵
  PID:2796
- C:\Windows\System\TZhtMku.exe
  C:\Windows\System\TZhtMku.exe
  2⤵
  PID:2728
- C:\Windows\System\GuCfcIJ.exe
  C:\Windows\System\GuCfcIJ.exe
  2⤵
  PID:2812
- C:\Windows\System\OTshbsw.exe
  C:\Windows\System\OTshbsw.exe
  2⤵
  PID:572
- C:\Windows\System\WpzikaM.exe
  C:\Windows\System\WpzikaM.exe
  2⤵
  PID:2972
- C:\Windows\System\qeOAXJy.exe
  C:\Windows\System\qeOAXJy.exe
  2⤵
  PID:2544
- C:\Windows\System\fmFpbWM.exe
  C:\Windows\System\fmFpbWM.exe
  2⤵
  PID:1224
- C:\Windows\System\FLUCuZJ.exe
  C:\Windows\System\FLUCuZJ.exe
  2⤵
  PID:2716
- C:\Windows\System\IgbJAYe.exe
  C:\Windows\System\IgbJAYe.exe
  2⤵
  PID:1784
- C:\Windows\System\wBUYPIw.exe
  C:\Windows\System\wBUYPIw.exe
  2⤵
  PID:2784
- C:\Windows\System\DlsXqjI.exe
  C:\Windows\System\DlsXqjI.exe
  2⤵
  PID:3016
- C:\Windows\System\AKGcMBS.exe
  C:\Windows\System\AKGcMBS.exe
  2⤵
  PID:2876
- C:\Windows\System\CGXvAlR.exe
  C:\Windows\System\CGXvAlR.exe
  2⤵
  PID:3012
- C:\Windows\System\TYBQsKo.exe
  C:\Windows\System\TYBQsKo.exe
  2⤵
  PID:2320
- C:\Windows\System\ZnjfBOZ.exe
  C:\Windows\System\ZnjfBOZ.exe
  2⤵
  PID:2080
- C:\Windows\System\QbPKSoB.exe
  C:\Windows\System\QbPKSoB.exe
  2⤵
  PID:1992
- C:\Windows\System\NjiILUN.exe
  C:\Windows\System\NjiILUN.exe
  2⤵
  PID:3048
- C:\Windows\System\rSccUUL.exe
  C:\Windows\System\rSccUUL.exe
  2⤵
  PID:2288
- C:\Windows\System\keDipNX.exe
  C:\Windows\System\keDipNX.exe
  2⤵
  PID:1948
- C:\Windows\System\FKBgRmy.exe
  C:\Windows\System\FKBgRmy.exe
  2⤵
  PID:1356
- C:\Windows\System\BpijQqG.exe
  C:\Windows\System\BpijQqG.exe
  2⤵
  PID:980
- C:\Windows\System\afhYFJi.exe
  C:\Windows\System\afhYFJi.exe
  2⤵
  PID:1728
- C:\Windows\System\vtjTfDB.exe
  C:\Windows\System\vtjTfDB.exe
  2⤵
  PID:2664
- C:\Windows\System\EenOZWD.exe
  C:\Windows\System\EenOZWD.exe
  2⤵
  PID:1632
- C:\Windows\System\VHYMMQM.exe
  C:\Windows\System\VHYMMQM.exe
  2⤵
  PID:2364
- C:\Windows\System\favIhFW.exe
  C:\Windows\System\favIhFW.exe
  2⤵
  PID:2440
- C:\Windows\System\HjtvGKZ.exe
  C:\Windows\System\HjtvGKZ.exe
  2⤵
  PID:3172
- C:\Windows\System\IruqjWF.exe
  C:\Windows\System\IruqjWF.exe
  2⤵
  PID:3188
- C:\Windows\System\xxzClgb.exe
  C:\Windows\System\xxzClgb.exe
  2⤵
  PID:3204
- C:\Windows\System\VeVJprM.exe
  C:\Windows\System\VeVJprM.exe
  2⤵
  PID:3220
- C:\Windows\System\FaOXMDw.exe
  C:\Windows\System\FaOXMDw.exe
  2⤵
  PID:3252
- C:\Windows\System\qncTmQR.exe
  C:\Windows\System\qncTmQR.exe
  2⤵
  PID:3272
- C:\Windows\System\exljOOP.exe
  C:\Windows\System\exljOOP.exe
  2⤵
  PID:3288
- C:\Windows\System\HrvtJnO.exe
  C:\Windows\System\HrvtJnO.exe
  2⤵
  PID:3304
- C:\Windows\System\eEqGCYd.exe
  C:\Windows\System\eEqGCYd.exe
  2⤵
  PID:3320
- C:\Windows\System\qKRfOqb.exe
  C:\Windows\System\qKRfOqb.exe
  2⤵
  PID:3336
- C:\Windows\System\ygbYiTp.exe
  C:\Windows\System\ygbYiTp.exe
  2⤵
  PID:3352
- C:\Windows\System\fIZbONj.exe
  C:\Windows\System\fIZbONj.exe
  2⤵
  PID:3368
- C:\Windows\System\EyJFggT.exe
  C:\Windows\System\EyJFggT.exe
  2⤵
  PID:3384
- C:\Windows\System\gkvFDyM.exe
  C:\Windows\System\gkvFDyM.exe
  2⤵
  PID:3400
- C:\Windows\System\YgsoFcu.exe
  C:\Windows\System\YgsoFcu.exe
  2⤵
  PID:3420
- C:\Windows\System\MztiBOt.exe
  C:\Windows\System\MztiBOt.exe
  2⤵
  PID:3440
- C:\Windows\System\XymRIEf.exe
  C:\Windows\System\XymRIEf.exe
  2⤵
  PID:3456
- C:\Windows\System\mDrNfZE.exe
  C:\Windows\System\mDrNfZE.exe
  2⤵
  PID:3500
- C:\Windows\System\ANxscIx.exe
  C:\Windows\System\ANxscIx.exe
  2⤵
  PID:3516
- C:\Windows\System\SjziSvM.exe
  C:\Windows\System\SjziSvM.exe
  2⤵
  PID:3532
- C:\Windows\System\sWQBRub.exe
  C:\Windows\System\sWQBRub.exe
  2⤵
  PID:3552
- C:\Windows\System\AgcHCNV.exe
  C:\Windows\System\AgcHCNV.exe
  2⤵
  PID:3572
- C:\Windows\System\NDFstPC.exe
  C:\Windows\System\NDFstPC.exe
  2⤵
  PID:3588
- C:\Windows\System\sfffCZh.exe
  C:\Windows\System\sfffCZh.exe
  2⤵
  PID:3604
- C:\Windows\System\auOjVNw.exe
  C:\Windows\System\auOjVNw.exe
  2⤵
  PID:3620
- C:\Windows\System\vIsbSGQ.exe
  C:\Windows\System\vIsbSGQ.exe
  2⤵
  PID:3640
- C:\Windows\System\ZrLyiQS.exe
  C:\Windows\System\ZrLyiQS.exe
  2⤵
  PID:3660
- C:\Windows\System\fylxLsy.exe
  C:\Windows\System\fylxLsy.exe
  2⤵
  PID:3676
- C:\Windows\System\fOwieNf.exe
  C:\Windows\System\fOwieNf.exe
  2⤵
  PID:3696
- C:\Windows\System\ZpYwmcE.exe
  C:\Windows\System\ZpYwmcE.exe
  2⤵
  PID:3744
- C:\Windows\System\VvPaMql.exe
  C:\Windows\System\VvPaMql.exe
  2⤵
  PID:3764
- C:\Windows\System\asSbJxz.exe
  C:\Windows\System\asSbJxz.exe
  2⤵
  PID:3780
- C:\Windows\System\nGDyYKi.exe
  C:\Windows\System\nGDyYKi.exe
  2⤵
  PID:3796
- C:\Windows\System\uGGsUqL.exe
  C:\Windows\System\uGGsUqL.exe
  2⤵
  PID:3812
- C:\Windows\System\wHzRFHm.exe
  C:\Windows\System\wHzRFHm.exe
  2⤵
  PID:3828
- C:\Windows\System\vQzqUpe.exe
  C:\Windows\System\vQzqUpe.exe
  2⤵
  PID:3844
- C:\Windows\System\mkHXaAg.exe
  C:\Windows\System\mkHXaAg.exe
  2⤵
  PID:3860
- C:\Windows\System\JBuIBPn.exe
  C:\Windows\System\JBuIBPn.exe
  2⤵
  PID:3880
- C:\Windows\System\cGumuBz.exe
  C:\Windows\System\cGumuBz.exe
  2⤵
  PID:3900
- C:\Windows\System\NAqiqpV.exe
  C:\Windows\System\NAqiqpV.exe
  2⤵
  PID:3948
- C:\Windows\System\ZcTJnfG.exe
  C:\Windows\System\ZcTJnfG.exe
  2⤵
  PID:3964
- C:\Windows\System\BZTiyFS.exe
  C:\Windows\System\BZTiyFS.exe
  2⤵
  PID:3980
- C:\Windows\System\HbCQXNg.exe
  C:\Windows\System\HbCQXNg.exe
  2⤵
  PID:4000
- C:\Windows\System\CEGNOew.exe
  C:\Windows\System\CEGNOew.exe
  2⤵
  PID:4016
- C:\Windows\System\ZouijIv.exe
  C:\Windows\System\ZouijIv.exe
  2⤵
  PID:4032
- C:\Windows\System\uuPuUZF.exe
  C:\Windows\System\uuPuUZF.exe
  2⤵
  PID:4052
- C:\Windows\System\MyfeVOE.exe
  C:\Windows\System\MyfeVOE.exe
  2⤵
  PID:4068
- C:\Windows\System\InNSSfT.exe
  C:\Windows\System\InNSSfT.exe
  2⤵
  PID:4084
- C:\Windows\System\ddwBEmR.exe
  C:\Windows\System\ddwBEmR.exe
  2⤵
  PID:1828
- C:\Windows\System\XxXvXvP.exe
  C:\Windows\System\XxXvXvP.exe
  2⤵
  PID:2648
- C:\Windows\System\dOPPNYg.exe
  C:\Windows\System\dOPPNYg.exe
  2⤵
  PID:2264
- C:\Windows\System\CLwlrxm.exe
  C:\Windows\System\CLwlrxm.exe
  2⤵
  PID:3104
- C:\Windows\System\eNJUHaZ.exe
  C:\Windows\System\eNJUHaZ.exe
  2⤵
  PID:3124
- C:\Windows\System\TqvQBmS.exe
  C:\Windows\System\TqvQBmS.exe
  2⤵
  PID:3148
- C:\Windows\System\iyQHUaZ.exe
  C:\Windows\System\iyQHUaZ.exe
  2⤵
  PID:3152
- C:\Windows\System\JuQXqHY.exe
  C:\Windows\System\JuQXqHY.exe
  2⤵
  PID:3160
- C:\Windows\System\BCNFJKP.exe
  C:\Windows\System\BCNFJKP.exe
  2⤵
  PID:3196
- C:\Windows\System\bwuubog.exe
  C:\Windows\System\bwuubog.exe
  2⤵
  PID:552
- C:\Windows\System\koxQNOp.exe
  C:\Windows\System\koxQNOp.exe
  2⤵
  PID:1524
- C:\Windows\System\ThlnoLz.exe
  C:\Windows\System\ThlnoLz.exe
  2⤵
  PID:1252
- C:\Windows\System\ciRRVBA.exe
  C:\Windows\System\ciRRVBA.exe
  2⤵
  PID:2128
- C:\Windows\System\pHcdtZH.exe
  C:\Windows\System\pHcdtZH.exe
  2⤵
  PID:3180
- C:\Windows\System\DTcchpw.exe
  C:\Windows\System\DTcchpw.exe
  2⤵
  PID:3236
- C:\Windows\System\rqJzDxH.exe
  C:\Windows\System\rqJzDxH.exe
  2⤵
  PID:1572
- C:\Windows\System\mHEaAaw.exe
  C:\Windows\System\mHEaAaw.exe
  2⤵
  PID:2228
- C:\Windows\System\dQzpeRH.exe
  C:\Windows\System\dQzpeRH.exe
  2⤵
  PID:948
- C:\Windows\System\HjshLOl.exe
  C:\Windows\System\HjshLOl.exe
  2⤵
  PID:3232
- C:\Windows\System\xozOiqX.exe
  C:\Windows\System\xozOiqX.exe
  2⤵
  PID:1808
- C:\Windows\System\sjHBCOO.exe
  C:\Windows\System\sjHBCOO.exe
  2⤵
  PID:3344
- C:\Windows\System\VMHOTab.exe
  C:\Windows\System\VMHOTab.exe
  2⤵
  PID:3332
- C:\Windows\System\WDUfIxX.exe
  C:\Windows\System\WDUfIxX.exe
  2⤵
  PID:1844
- C:\Windows\System\kbECImG.exe
  C:\Windows\System\kbECImG.exe
  2⤵
  PID:3448
- C:\Windows\System\jjGyBpP.exe
  C:\Windows\System\jjGyBpP.exe
  2⤵
  PID:3484
- C:\Windows\System\CnLtPLI.exe
  C:\Windows\System\CnLtPLI.exe
  2⤵
  PID:3468
- C:\Windows\System\OGgKdLZ.exe
  C:\Windows\System\OGgKdLZ.exe
  2⤵
  PID:3544
- C:\Windows\System\gdnafRw.exe
  C:\Windows\System\gdnafRw.exe
  2⤵
  PID:3560
- C:\Windows\System\SKWSogD.exe
  C:\Windows\System\SKWSogD.exe
  2⤵
  PID:3600
- C:\Windows\System\CmkVuyR.exe
  C:\Windows\System\CmkVuyR.exe
  2⤵
  PID:3636
- C:\Windows\System\SVmHsqH.exe
  C:\Windows\System\SVmHsqH.exe
  2⤵
  PID:3652
- C:\Windows\System\JZbRHKQ.exe
  C:\Windows\System\JZbRHKQ.exe
  2⤵
  PID:3688
- C:\Windows\System\ygDjYXy.exe
  C:\Windows\System\ygDjYXy.exe
  2⤵
  PID:3708
- C:\Windows\System\ZgUAWFC.exe
  C:\Windows\System\ZgUAWFC.exe
  2⤵
  PID:3724
- C:\Windows\System\csJkKiF.exe
  C:\Windows\System\csJkKiF.exe
  2⤵
  PID:3756
- C:\Windows\System\QjpBnoe.exe
  C:\Windows\System\QjpBnoe.exe
  2⤵
  PID:3852
- C:\Windows\System\qgrhuCa.exe
  C:\Windows\System\qgrhuCa.exe
  2⤵
  PID:4028
- C:\Windows\System\hfPsZpr.exe
  C:\Windows\System\hfPsZpr.exe
  2⤵
  PID:3836
- C:\Windows\System\xAfXjEU.exe
  C:\Windows\System\xAfXjEU.exe
  2⤵
  PID:3908
- C:\Windows\System\uFTywqP.exe
  C:\Windows\System\uFTywqP.exe
  2⤵
  PID:3992
- C:\Windows\System\pxjxcMs.exe
  C:\Windows\System\pxjxcMs.exe
  2⤵
  PID:3116
- C:\Windows\System\gOLYeYJ.exe
  C:\Windows\System\gOLYeYJ.exe
  2⤵
  PID:3168
- C:\Windows\System\zSJaaqR.exe
  C:\Windows\System\zSJaaqR.exe
  2⤵
  PID:2632
- C:\Windows\System\kIupkpc.exe
  C:\Windows\System\kIupkpc.exe
  2⤵
  PID:2884
- C:\Windows\System\cBzcURv.exe
  C:\Windows\System\cBzcURv.exe
  2⤵
  PID:2296
- C:\Windows\System\ykbXXie.exe
  C:\Windows\System\ykbXXie.exe
  2⤵
  PID:3108
- C:\Windows\System\YqSUsQE.exe
  C:\Windows\System\YqSUsQE.exe
  2⤵
  PID:3944
- C:\Windows\System\fzaUqKu.exe
  C:\Windows\System\fzaUqKu.exe
  2⤵
  PID:3300
- C:\Windows\System\ecAyzmj.exe
  C:\Windows\System\ecAyzmj.exe
  2⤵
  PID:3348
- C:\Windows\System\WdvNvva.exe
  C:\Windows\System\WdvNvva.exe
  2⤵
  PID:3244
- C:\Windows\System\nrAtZsK.exe
  C:\Windows\System\nrAtZsK.exe
  2⤵
  PID:3392
- C:\Windows\System\OOEqtFV.exe
  C:\Windows\System\OOEqtFV.exe
  2⤵
  PID:3432
- C:\Windows\System\PQiXWzF.exe
  C:\Windows\System\PQiXWzF.exe
  2⤵
  PID:3972
- C:\Windows\System\asQJOqp.exe
  C:\Windows\System\asQJOqp.exe
  2⤵
  PID:3452
- C:\Windows\System\ripKpWE.exe
  C:\Windows\System\ripKpWE.exe
  2⤵
  PID:3136
- C:\Windows\System\VNyKZei.exe
  C:\Windows\System\VNyKZei.exe
  2⤵
  PID:2036
- C:\Windows\System\orjYGJD.exe
  C:\Windows\System\orjYGJD.exe
  2⤵
  PID:592
- C:\Windows\System\fhzmaGG.exe
  C:\Windows\System\fhzmaGG.exe
  2⤵
  PID:3140
- C:\Windows\System\epCYOqg.exe
  C:\Windows\System\epCYOqg.exe
  2⤵
  PID:3492
- C:\Windows\System\XgspgZu.exe
  C:\Windows\System\XgspgZu.exe
  2⤵
  PID:3596
- C:\Windows\System\DMsvIic.exe
  C:\Windows\System\DMsvIic.exe
  2⤵
  PID:3704
- C:\Windows\System\cqBPdQV.exe
  C:\Windows\System\cqBPdQV.exe
  2⤵
  PID:2568
- C:\Windows\System\ENYPfgE.exe
  C:\Windows\System\ENYPfgE.exe
  2⤵
  PID:3892
- C:\Windows\System\LJJzbnF.exe
  C:\Windows\System\LJJzbnF.exe
  2⤵
  PID:3956
- C:\Windows\System\UJOUZQe.exe
  C:\Windows\System\UJOUZQe.exe
  2⤵
  PID:3876
- C:\Windows\System\GUsinVK.exe
  C:\Windows\System\GUsinVK.exe
  2⤵
  PID:2900
- C:\Windows\System\JmAIVGW.exe
  C:\Windows\System\JmAIVGW.exe
  2⤵
  PID:4048
- C:\Windows\System\vLhzcbl.exe
  C:\Windows\System\vLhzcbl.exe
  2⤵
  PID:3940
- C:\Windows\System\yuCWCnT.exe
  C:\Windows\System\yuCWCnT.exe
  2⤵
  PID:3476
- C:\Windows\System\SaJjGXL.exe
  C:\Windows\System\SaJjGXL.exe
  2⤵
  PID:1560
- C:\Windows\System\GsGrylc.exe
  C:\Windows\System\GsGrylc.exe
  2⤵
  PID:1444
- C:\Windows\System\mdjLISu.exe
  C:\Windows\System\mdjLISu.exe
  2⤵
  PID:3656
- C:\Windows\System\nRtboOL.exe
  C:\Windows\System\nRtboOL.exe
  2⤵
  PID:4152
- C:\Windows\System\ZxkERTc.exe
  C:\Windows\System\ZxkERTc.exe
  2⤵
  PID:4172
- C:\Windows\System\RfqnsoF.exe
  C:\Windows\System\RfqnsoF.exe
  2⤵
  PID:4188
- C:\Windows\System\GdCUavD.exe
  C:\Windows\System\GdCUavD.exe
  2⤵
  PID:4204
- C:\Windows\System\VfcjTDg.exe
  C:\Windows\System\VfcjTDg.exe
  2⤵
  PID:4220
- C:\Windows\System\WRgOEOa.exe
  C:\Windows\System\WRgOEOa.exe
  2⤵
  PID:4236
- C:\Windows\System\YdExMjb.exe
  C:\Windows\System\YdExMjb.exe
  2⤵
  PID:4252
- C:\Windows\System\KYoCqeB.exe
  C:\Windows\System\KYoCqeB.exe
  2⤵
  PID:4272
- C:\Windows\System\bgqPRNz.exe
  C:\Windows\System\bgqPRNz.exe
  2⤵
  PID:4292
- C:\Windows\System\QErKRBD.exe
  C:\Windows\System\QErKRBD.exe
  2⤵
  PID:4308
- C:\Windows\System\bmfmFOo.exe
  C:\Windows\System\bmfmFOo.exe
  2⤵
  PID:4328
- C:\Windows\System\Cbvlugj.exe
  C:\Windows\System\Cbvlugj.exe
  2⤵
  PID:4348
- C:\Windows\System\yugrGuS.exe
  C:\Windows\System\yugrGuS.exe
  2⤵
  PID:4368
- C:\Windows\System\JrQiwXK.exe
  C:\Windows\System\JrQiwXK.exe
  2⤵
  PID:4388
- C:\Windows\System\ttDjTEJ.exe
  C:\Windows\System\ttDjTEJ.exe
  2⤵
  PID:4404
- C:\Windows\System\cWNazlM.exe
  C:\Windows\System\cWNazlM.exe
  2⤵
  PID:4420
- C:\Windows\System\JehQLIo.exe
  C:\Windows\System\JehQLIo.exe
  2⤵
  PID:4448
- C:\Windows\System\mPwHORf.exe
  C:\Windows\System\mPwHORf.exe
  2⤵
  PID:4468
- C:\Windows\System\PBUdPdR.exe
  C:\Windows\System\PBUdPdR.exe
  2⤵
  PID:4484
- C:\Windows\System\RnyirQU.exe
  C:\Windows\System\RnyirQU.exe
  2⤵
  PID:4540
- C:\Windows\System\PYELaJx.exe
  C:\Windows\System\PYELaJx.exe
  2⤵
  PID:4560
- C:\Windows\System\BcfPRgL.exe
  C:\Windows\System\BcfPRgL.exe
  2⤵
  PID:4576
- C:\Windows\System\KkkxJlm.exe
  C:\Windows\System\KkkxJlm.exe
  2⤵
  PID:4600
- C:\Windows\System\yuqIHKp.exe
  C:\Windows\System\yuqIHKp.exe
  2⤵
  PID:4620
- C:\Windows\System\djKMPYl.exe
  C:\Windows\System\djKMPYl.exe
  2⤵
  PID:4636
- C:\Windows\System\bYeCrhK.exe
  C:\Windows\System\bYeCrhK.exe
  2⤵
  PID:4656
- C:\Windows\System\xrwSULa.exe
  C:\Windows\System\xrwSULa.exe
  2⤵
  PID:4672
- C:\Windows\System\wfFutPh.exe
  C:\Windows\System\wfFutPh.exe
  2⤵
  PID:4688
- C:\Windows\System\kEmkDbb.exe
  C:\Windows\System\kEmkDbb.exe
  2⤵
  PID:4704
- C:\Windows\System\jOkWKPU.exe
  C:\Windows\System\jOkWKPU.exe
  2⤵
  PID:4724
- C:\Windows\System\wblKZxs.exe
  C:\Windows\System\wblKZxs.exe
  2⤵
  PID:4740
- C:\Windows\System\KNChXEi.exe
  C:\Windows\System\KNChXEi.exe
  2⤵
  PID:4756
- C:\Windows\System\GKCunNk.exe
  C:\Windows\System\GKCunNk.exe
  2⤵
  PID:4772
- C:\Windows\System\XunDwfR.exe
  C:\Windows\System\XunDwfR.exe
  2⤵
  PID:4788
- C:\Windows\System\muJTVWE.exe
  C:\Windows\System\muJTVWE.exe
  2⤵
  PID:4808
- C:\Windows\System\PFxjkMr.exe
  C:\Windows\System\PFxjkMr.exe
  2⤵
  PID:4860
- C:\Windows\System\MHpSvNs.exe
  C:\Windows\System\MHpSvNs.exe
  2⤵
  PID:4876
- C:\Windows\System\YULlEDw.exe
  C:\Windows\System\YULlEDw.exe
  2⤵
  PID:4892
- C:\Windows\System\TocCFed.exe
  C:\Windows\System\TocCFed.exe
  2⤵
  PID:4908
- C:\Windows\System\TgvxofM.exe
  C:\Windows\System\TgvxofM.exe
  2⤵
  PID:4928
- C:\Windows\System\vLKgxox.exe
  C:\Windows\System\vLKgxox.exe
  2⤵
  PID:4944
- C:\Windows\System\JDTfjOL.exe
  C:\Windows\System\JDTfjOL.exe
  2⤵
  PID:4964
- C:\Windows\System\TUcHUgL.exe
  C:\Windows\System\TUcHUgL.exe
  2⤵
  PID:4984
- C:\Windows\System\qaTjhkN.exe
  C:\Windows\System\qaTjhkN.exe
  2⤵
  PID:5004
- C:\Windows\System\WSBKMPh.exe
  C:\Windows\System\WSBKMPh.exe
  2⤵
  PID:5020
- C:\Windows\System\RLYQKgU.exe
  C:\Windows\System\RLYQKgU.exe
  2⤵
  PID:5044
- C:\Windows\System\utgiVDz.exe
  C:\Windows\System\utgiVDz.exe
  2⤵
  PID:5060
- C:\Windows\System\VJPWtcV.exe
  C:\Windows\System\VJPWtcV.exe
  2⤵
  PID:5080
- C:\Windows\System\RqoIbiR.exe
  C:\Windows\System\RqoIbiR.exe
  2⤵
  PID:5100
- C:\Windows\System\QkzhwYg.exe
  C:\Windows\System\QkzhwYg.exe
  2⤵
  PID:3740
- C:\Windows\System\pMBaMSI.exe
  C:\Windows\System\pMBaMSI.exe
  2⤵
  PID:3872
- C:\Windows\System\pcNaiwh.exe
  C:\Windows\System\pcNaiwh.exe
  2⤵
  PID:4112
- C:\Windows\System\TEuYudX.exe
  C:\Windows\System\TEuYudX.exe
  2⤵
  PID:1628
- C:\Windows\System\YKttiJN.exe
  C:\Windows\System\YKttiJN.exe
  2⤵
  PID:4148
- C:\Windows\System\uQEzXoK.exe
  C:\Windows\System\uQEzXoK.exe
  2⤵
  PID:3580
- C:\Windows\System\KpOcSXd.exe
  C:\Windows\System\KpOcSXd.exe
  2⤵
  PID:3788
- C:\Windows\System\wiKxZdf.exe
  C:\Windows\System\wiKxZdf.exe
  2⤵
  PID:4064
- C:\Windows\System\UVdMFjq.exe
  C:\Windows\System\UVdMFjq.exe
  2⤵
  PID:3808
- C:\Windows\System\PMITkaZ.exe
  C:\Windows\System\PMITkaZ.exe
  2⤵
  PID:3928
- C:\Windows\System\VLtPFwv.exe
  C:\Windows\System\VLtPFwv.exe
  2⤵
  PID:3100
- C:\Windows\System\ldDDuIv.exe
  C:\Windows\System\ldDDuIv.exe
  2⤵
  PID:3264
- C:\Windows\System\PupkPnp.exe
  C:\Windows\System\PupkPnp.exe
  2⤵
  PID:3396
- C:\Windows\System\Bgshpkl.exe
  C:\Windows\System\Bgshpkl.exe
  2⤵
  PID:3200
- C:\Windows\System\yiDSbOT.exe
  C:\Windows\System\yiDSbOT.exe
  2⤵
  PID:3568
- C:\Windows\System\uuXaWYo.exe
  C:\Windows\System\uuXaWYo.exe
  2⤵
  PID:4216
- C:\Windows\System\aFJulWH.exe
  C:\Windows\System\aFJulWH.exe
  2⤵
  PID:4280
- C:\Windows\System\rvdfDuE.exe
  C:\Windows\System\rvdfDuE.exe
  2⤵
  PID:4356
- C:\Windows\System\BhWKcNz.exe
  C:\Windows\System\BhWKcNz.exe
  2⤵
  PID:3776
- C:\Windows\System\EmXkjir.exe
  C:\Windows\System\EmXkjir.exe
  2⤵
  PID:2952
- C:\Windows\System\VTZIeHO.exe
  C:\Windows\System\VTZIeHO.exe
  2⤵
  PID:4168
- C:\Windows\System\wSxpHlH.exe
  C:\Windows\System\wSxpHlH.exe
  2⤵
  PID:4232
- C:\Windows\System\EwyFHXu.exe
  C:\Windows\System\EwyFHXu.exe
  2⤵
  PID:4300
- C:\Windows\System\QpKBluv.exe
  C:\Windows\System\QpKBluv.exe
  2⤵
  PID:4376
- C:\Windows\System\PfTjGmu.exe
  C:\Windows\System\PfTjGmu.exe
  2⤵
  PID:4476
- C:\Windows\System\DqQkeBP.exe
  C:\Windows\System\DqQkeBP.exe
  2⤵
  PID:4480
- C:\Windows\System\MaNVRkb.exe
  C:\Windows\System\MaNVRkb.exe
  2⤵
  PID:4512
- C:\Windows\System\LAKEaiR.exe
  C:\Windows\System\LAKEaiR.exe
  2⤵
  PID:4536
- C:\Windows\System\KeLPgug.exe
  C:\Windows\System\KeLPgug.exe
  2⤵
  PID:4552
- C:\Windows\System\rVrLkkW.exe
  C:\Windows\System\rVrLkkW.exe
  2⤵
  PID:4588
- C:\Windows\System\HHOWIVg.exe
  C:\Windows\System\HHOWIVg.exe
  2⤵
  PID:4668
- C:\Windows\System\ANpgxCB.exe
  C:\Windows\System\ANpgxCB.exe
  2⤵
  PID:4768
- C:\Windows\System\pFaZaUI.exe
  C:\Windows\System\pFaZaUI.exe
  2⤵
  PID:4796
- C:\Windows\System\tUVZVeq.exe
  C:\Windows\System\tUVZVeq.exe
  2⤵
  PID:4684
- C:\Windows\System\cZQMCRg.exe
  C:\Windows\System\cZQMCRg.exe
  2⤵
  PID:4748
- C:\Windows\System\sEGjhKR.exe
  C:\Windows\System\sEGjhKR.exe
  2⤵
  PID:4784
- C:\Windows\System\FaYuzVZ.exe
  C:\Windows\System\FaYuzVZ.exe
  2⤵
  PID:4832
- C:\Windows\System\qJzTTYP.exe
  C:\Windows\System\qJzTTYP.exe
  2⤵
  PID:4904
- C:\Windows\System\KRQvsOY.exe
  C:\Windows\System\KRQvsOY.exe
  2⤵
  PID:5012
- C:\Windows\System\qSTlIss.exe
  C:\Windows\System\qSTlIss.exe
  2⤵
  PID:4916
- C:\Windows\System\UCbMlag.exe
  C:\Windows\System\UCbMlag.exe
  2⤵
  PID:4888
- C:\Windows\System\fOEOBWv.exe
  C:\Windows\System\fOEOBWv.exe
  2⤵
  PID:4924
- C:\Windows\System\kzwVBlY.exe
  C:\Windows\System\kzwVBlY.exe
  2⤵
  PID:4992
- C:\Windows\System\RiqfyJm.exe
  C:\Windows\System\RiqfyJm.exe
  2⤵
  PID:5036
- C:\Windows\System\eDMezMi.exe
  C:\Windows\System\eDMezMi.exe
  2⤵
  PID:5108
- C:\Windows\System\nVDYFrW.exe
  C:\Windows\System\nVDYFrW.exe
  2⤵
  PID:3380
- C:\Windows\System\KUCkDWI.exe
  C:\Windows\System\KUCkDWI.exe
  2⤵
  PID:4116
- C:\Windows\System\zCrjBZl.exe
  C:\Windows\System\zCrjBZl.exe
  2⤵
  PID:3412
- C:\Windows\System\eRbLyzu.exe
  C:\Windows\System\eRbLyzu.exe
  2⤵
  PID:3820
- C:\Windows\System\mbfePwE.exe
  C:\Windows\System\mbfePwE.exe
  2⤵
  PID:3228
- C:\Windows\System\zcCuaGt.exe
  C:\Windows\System\zcCuaGt.exe
  2⤵
  PID:3856
- C:\Windows\System\LTYzPfU.exe
  C:\Windows\System\LTYzPfU.exe
  2⤵
  PID:3960
- C:\Windows\System\LhqosmK.exe
  C:\Windows\System\LhqosmK.exe
  2⤵
  PID:4136
- C:\Windows\System\dIPsDUJ.exe
  C:\Windows\System\dIPsDUJ.exe
  2⤵
  PID:3584
- C:\Windows\System\vAvOnYv.exe
  C:\Windows\System\vAvOnYv.exe
  2⤵
  PID:2932
- C:\Windows\System\tHTvvcq.exe
  C:\Windows\System\tHTvvcq.exe
  2⤵
  PID:4344
- C:\Windows\System\rfLcYlj.exe
  C:\Windows\System\rfLcYlj.exe
  2⤵
  PID:3616
- C:\Windows\System\EuDufWI.exe
  C:\Windows\System\EuDufWI.exe
  2⤵
  PID:3804
- C:\Windows\System\rFkukWc.exe
  C:\Windows\System\rFkukWc.exe
  2⤵
  PID:4040
- C:\Windows\System\dIlpbLH.exe
  C:\Windows\System\dIlpbLH.exe
  2⤵
  PID:4520
- C:\Windows\System\ZGqUdQb.exe
  C:\Windows\System\ZGqUdQb.exe
  2⤵
  PID:4732
- C:\Windows\System\rivpKlV.exe
  C:\Windows\System\rivpKlV.exe
  2⤵
  PID:4652
- C:\Windows\System\PMgOryu.exe
  C:\Windows\System\PMgOryu.exe
  2⤵
  PID:2292
- C:\Windows\System\HKorAZe.exe
  C:\Windows\System\HKorAZe.exe
  2⤵
  PID:4780
- C:\Windows\System\AJaxmDo.exe
  C:\Windows\System\AJaxmDo.exe
  2⤵
  PID:4412
- C:\Windows\System\KslutkF.exe
  C:\Windows\System\KslutkF.exe
  2⤵
  PID:4160
- C:\Windows\System\hszkzAX.exe
  C:\Windows\System\hszkzAX.exe
  2⤵
  PID:4432
- C:\Windows\System\XWDsCsE.exe
  C:\Windows\System\XWDsCsE.exe
  2⤵
  PID:4260
- C:\Windows\System\QfDyZyl.exe
  C:\Windows\System\QfDyZyl.exe
  2⤵
  PID:4712
- C:\Windows\System\HVNyjfK.exe
  C:\Windows\System\HVNyjfK.exe
  2⤵
  PID:5056
- C:\Windows\System\vzKwVbw.exe
  C:\Windows\System\vzKwVbw.exe
  2⤵
  PID:5032
- C:\Windows\System\ushAUFs.exe
  C:\Windows\System\ushAUFs.exe
  2⤵
  PID:4628
- C:\Windows\System\tQjejmq.exe
  C:\Windows\System\tQjejmq.exe
  2⤵
  PID:4972
- C:\Windows\System\lKhPydg.exe
  C:\Windows\System\lKhPydg.exe
  2⤵
  PID:4140
- C:\Windows\System\JMvpQTO.exe
  C:\Windows\System\JMvpQTO.exe
  2⤵
  PID:4288
- C:\Windows\System\cftIPeR.exe
  C:\Windows\System\cftIPeR.exe
  2⤵
  PID:3416
- C:\Windows\System\tOMbYxr.exe
  C:\Windows\System\tOMbYxr.exe
  2⤵
  PID:4228
- C:\Windows\System\zgPUSRU.exe
  C:\Windows\System\zgPUSRU.exe
  2⤵
  PID:580
- C:\Windows\System\CDfgEPR.exe
  C:\Windows\System\CDfgEPR.exe
  2⤵
  PID:2992
- C:\Windows\System\mTvLINc.exe
  C:\Windows\System\mTvLINc.exe
  2⤵
  PID:2628
- C:\Windows\System\CPrHiOP.exe
  C:\Windows\System\CPrHiOP.exe
  2⤵
  PID:5116
- C:\Windows\System\twSBpKo.exe
  C:\Windows\System\twSBpKo.exe
  2⤵
  PID:5136
- C:\Windows\System\KWJWczY.exe
  C:\Windows\System\KWJWczY.exe
  2⤵
  PID:5156
- C:\Windows\System\LzllnSU.exe
  C:\Windows\System\LzllnSU.exe
  2⤵
  PID:5176
- C:\Windows\System\RCxAkpq.exe
  C:\Windows\System\RCxAkpq.exe
  2⤵
  PID:5196
- C:\Windows\System\QCKMUky.exe
  C:\Windows\System\QCKMUky.exe
  2⤵
  PID:5216
- C:\Windows\System\hslAYBY.exe
  C:\Windows\System\hslAYBY.exe
  2⤵
  PID:5236
- C:\Windows\System\HrnNgCq.exe
  C:\Windows\System\HrnNgCq.exe
  2⤵
  PID:5256
- C:\Windows\System\NNsAzDu.exe
  C:\Windows\System\NNsAzDu.exe
  2⤵
  PID:5272
- C:\Windows\System\darwaPl.exe
  C:\Windows\System\darwaPl.exe
  2⤵
  PID:5292
- C:\Windows\System\MLZjYPO.exe
  C:\Windows\System\MLZjYPO.exe
  2⤵
  PID:5312
- C:\Windows\System\PNHsUfu.exe
  C:\Windows\System\PNHsUfu.exe
  2⤵
  PID:5336
- C:\Windows\System\EKMiSov.exe
  C:\Windows\System\EKMiSov.exe
  2⤵
  PID:5356
- C:\Windows\System\DYKWOQx.exe
  C:\Windows\System\DYKWOQx.exe
  2⤵
  PID:5376
- C:\Windows\System\RPvOumm.exe
  C:\Windows\System\RPvOumm.exe
  2⤵
  PID:5396
- C:\Windows\System\VZQBhbH.exe
  C:\Windows\System\VZQBhbH.exe
  2⤵
  PID:5412
- C:\Windows\System\SaMeLHT.exe
  C:\Windows\System\SaMeLHT.exe
  2⤵
  PID:5428
- C:\Windows\System\wUNoluG.exe
  C:\Windows\System\wUNoluG.exe
  2⤵
  PID:5448
- C:\Windows\System\EIHvMZd.exe
  C:\Windows\System\EIHvMZd.exe
  2⤵
  PID:5464
- C:\Windows\System\vULTZXU.exe
  C:\Windows\System\vULTZXU.exe
  2⤵
  PID:5480
- C:\Windows\System\iZvUsMr.exe
  C:\Windows\System\iZvUsMr.exe
  2⤵
  PID:5500
- C:\Windows\System\RNWsGtm.exe
  C:\Windows\System\RNWsGtm.exe
  2⤵
  PID:5520
- C:\Windows\System\dPzxhzx.exe
  C:\Windows\System\dPzxhzx.exe
  2⤵
  PID:5540
- C:\Windows\System\wibJhzX.exe
  C:\Windows\System\wibJhzX.exe
  2⤵
  PID:5556
- C:\Windows\System\hTpWosg.exe
  C:\Windows\System\hTpWosg.exe
  2⤵
  PID:5580
- C:\Windows\System\imXnsVg.exe
  C:\Windows\System\imXnsVg.exe
  2⤵
  PID:5596
- C:\Windows\System\aBZeUpj.exe
  C:\Windows\System\aBZeUpj.exe
  2⤵
  PID:5616
- C:\Windows\System\tYRaCTj.exe
  C:\Windows\System\tYRaCTj.exe
  2⤵
  PID:5644
- C:\Windows\System\XgqcGwM.exe
  C:\Windows\System\XgqcGwM.exe
  2⤵
  PID:5664
- C:\Windows\System\xZmvWJG.exe
  C:\Windows\System\xZmvWJG.exe
  2⤵
  PID:5684
- C:\Windows\System\ZSaPoBA.exe
  C:\Windows\System\ZSaPoBA.exe
  2⤵
  PID:5712
- C:\Windows\System\CozXSjK.exe
  C:\Windows\System\CozXSjK.exe
  2⤵
  PID:5728
- C:\Windows\System\fmrCFnm.exe
  C:\Windows\System\fmrCFnm.exe
  2⤵
  PID:5752
- C:\Windows\System\EonfdiP.exe
  C:\Windows\System\EonfdiP.exe
  2⤵
  PID:5768
- C:\Windows\System\ATRLwPw.exe
  C:\Windows\System\ATRLwPw.exe
  2⤵
  PID:5788
- C:\Windows\System\FSfQwQy.exe
  C:\Windows\System\FSfQwQy.exe
  2⤵
  PID:5808
- C:\Windows\System\rGOgGUc.exe
  C:\Windows\System\rGOgGUc.exe
  2⤵
  PID:5828
- C:\Windows\System\NjVlKMT.exe
  C:\Windows\System\NjVlKMT.exe
  2⤵
  PID:5844
- C:\Windows\System\SbkqHyB.exe
  C:\Windows\System\SbkqHyB.exe
  2⤵
  PID:5868
- C:\Windows\System\QnekUwD.exe
  C:\Windows\System\QnekUwD.exe
  2⤵
  PID:5892
- C:\Windows\System\MdgVjYk.exe
  C:\Windows\System\MdgVjYk.exe
  2⤵
  PID:5912
- C:\Windows\System\SYTOITM.exe
  C:\Windows\System\SYTOITM.exe
  2⤵
  PID:5932
- C:\Windows\System\dCHDimA.exe
  C:\Windows\System\dCHDimA.exe
  2⤵
  PID:5956
- C:\Windows\System\bklvrhT.exe
  C:\Windows\System\bklvrhT.exe
  2⤵
  PID:5972
- C:\Windows\System\hiSKgsp.exe
  C:\Windows\System\hiSKgsp.exe
  2⤵
  PID:5988
- C:\Windows\System\YqLUAsp.exe
  C:\Windows\System\YqLUAsp.exe
  2⤵
  PID:6008
- C:\Windows\System\ttlRdtp.exe
  C:\Windows\System\ttlRdtp.exe
  2⤵
  PID:6036
- C:\Windows\System\KHausLI.exe
  C:\Windows\System\KHausLI.exe
  2⤵
  PID:6052
- C:\Windows\System\zWegeba.exe
  C:\Windows\System\zWegeba.exe
  2⤵
  PID:6076
- C:\Windows\System\vooTBla.exe
  C:\Windows\System\vooTBla.exe
  2⤵
  PID:6092
- C:\Windows\System\hSYtKfu.exe
  C:\Windows\System\hSYtKfu.exe
  2⤵
  PID:6116
- C:\Windows\System\uOBXiYY.exe
  C:\Windows\System\uOBXiYY.exe
  2⤵
  PID:6140
- C:\Windows\System\SsvwAQZ.exe
  C:\Windows\System\SsvwAQZ.exe
  2⤵
  PID:3720
- C:\Windows\System\kAlSpEI.exe
  C:\Windows\System\kAlSpEI.exe
  2⤵
  PID:5124
- C:\Windows\System\DIHYtlw.exe
  C:\Windows\System\DIHYtlw.exe
  2⤵
  PID:5204
- C:\Windows\System\YWBkrjm.exe
  C:\Windows\System\YWBkrjm.exe
  2⤵
  PID:5172
- C:\Windows\System\xrEwzaf.exe
  C:\Windows\System\xrEwzaf.exe
  2⤵
  PID:5288
- C:\Windows\System\xkpBTyX.exe
  C:\Windows\System\xkpBTyX.exe
  2⤵
  PID:4940
- C:\Windows\System\NtuYvlx.exe
  C:\Windows\System\NtuYvlx.exe
  2⤵
  PID:5372
- C:\Windows\System\RsLkyEF.exe
  C:\Windows\System\RsLkyEF.exe
  2⤵
  PID:3648
- C:\Windows\System\wntQfyR.exe
  C:\Windows\System\wntQfyR.exe
  2⤵
  PID:5548
- C:\Windows\System\kFpKvxi.exe
  C:\Windows\System\kFpKvxi.exe
  2⤵
  PID:2424
- C:\Windows\System\IlzfaQW.exe
  C:\Windows\System\IlzfaQW.exe
  2⤵
  PID:5636
- C:\Windows\System\HxaBhVV.exe
  C:\Windows\System\HxaBhVV.exe
  2⤵
  PID:5676
- C:\Windows\System\JIdYouy.exe
  C:\Windows\System\JIdYouy.exe
  2⤵
  PID:5760
- C:\Windows\System\RxOQmMz.exe
  C:\Windows\System\RxOQmMz.exe
  2⤵
  PID:5804
- C:\Windows\System\jnhYTvI.exe
  C:\Windows\System\jnhYTvI.exe
  2⤵
  PID:5888
- C:\Windows\System\NTMihav.exe
  C:\Windows\System\NTMihav.exe
  2⤵
  PID:5924
- C:\Windows\System\GSKhsTu.exe
  C:\Windows\System\GSKhsTu.exe
  2⤵
  PID:6004
- C:\Windows\System\yMevSoD.exe
  C:\Windows\System\yMevSoD.exe
  2⤵
  PID:4508
- C:\Windows\System\BKoZrQR.exe
  C:\Windows\System\BKoZrQR.exe
  2⤵
  PID:5152
- C:\Windows\System\qajTKhi.exe
  C:\Windows\System\qajTKhi.exe
  2⤵
  PID:6124
- C:\Windows\System\tMslytF.exe
  C:\Windows\System\tMslytF.exe
  2⤵
  PID:4716
- C:\Windows\System\oStpJfo.exe
  C:\Windows\System\oStpJfo.exe
  2⤵
  PID:5076
- C:\Windows\System\RHfHmka.exe
  C:\Windows\System\RHfHmka.exe
  2⤵
  PID:5328
- C:\Windows\System\bMhBaEl.exe
  C:\Windows\System\bMhBaEl.exe
  2⤵
  PID:4852
- C:\Windows\System\oibPEQC.exe
  C:\Windows\System\oibPEQC.exe
  2⤵
  PID:5444
- C:\Windows\System\AZShRRV.exe
  C:\Windows\System\AZShRRV.exe
  2⤵
  PID:5660
- C:\Windows\System\TRgtVvb.exe
  C:\Windows\System\TRgtVvb.exe
  2⤵
  PID:4460
- C:\Windows\System\OqJYIyh.exe
  C:\Windows\System\OqJYIyh.exe
  2⤵
  PID:1724
- C:\Windows\System\TdyXWXU.exe
  C:\Windows\System\TdyXWXU.exe
  2⤵
  PID:5928
- C:\Windows\System\UwHANQb.exe
  C:\Windows\System\UwHANQb.exe
  2⤵
  PID:4340
- C:\Windows\System\pMVwFYa.exe
  C:\Windows\System\pMVwFYa.exe
  2⤵
  PID:4504
- C:\Windows\System\plVSWyc.exe
  C:\Windows\System\plVSWyc.exe
  2⤵
  PID:6020
- C:\Windows\System\EZgykKF.exe
  C:\Windows\System\EZgykKF.exe
  2⤵
  PID:4616
- C:\Windows\System\YIIWTxX.exe
  C:\Windows\System\YIIWTxX.exe
  2⤵
  PID:4444
- C:\Windows\System\fMunQRI.exe
  C:\Windows\System\fMunQRI.exe
  2⤵
  PID:3612
- C:\Windows\System\XfAWxAv.exe
  C:\Windows\System\XfAWxAv.exe
  2⤵
  PID:4364
- C:\Windows\System\YziEEaq.exe
  C:\Windows\System\YziEEaq.exe
  2⤵
  PID:2600
- C:\Windows\System\mzcyzdt.exe
  C:\Windows\System\mzcyzdt.exe
  2⤵
  PID:5072
- C:\Windows\System\hvccqpy.exe
  C:\Windows\System\hvccqpy.exe
  2⤵
  PID:3924
- C:\Windows\System\cwVcLtT.exe
  C:\Windows\System\cwVcLtT.exe
  2⤵
  PID:5748
- C:\Windows\System\tFxfFOK.exe
  C:\Windows\System\tFxfFOK.exe
  2⤵
  PID:5884
- C:\Windows\System\yEMAtoc.exe
  C:\Windows\System\yEMAtoc.exe
  2⤵
  PID:5824
- C:\Windows\System\vyuRqAR.exe
  C:\Windows\System\vyuRqAR.exe
  2⤵
  PID:5964
- C:\Windows\System\SmgsPom.exe
  C:\Windows\System\SmgsPom.exe
  2⤵
  PID:5856
- C:\Windows\System\EvGRSAk.exe
  C:\Windows\System\EvGRSAk.exe
  2⤵
  PID:5028
- C:\Windows\System\adyVtaz.exe
  C:\Windows\System\adyVtaz.exe
  2⤵
  PID:4144
- C:\Windows\System\nzDhBKi.exe
  C:\Windows\System\nzDhBKi.exe
  2⤵
  PID:6016
- C:\Windows\System\GgGIiXS.exe
  C:\Windows\System\GgGIiXS.exe
  2⤵
  PID:6100
- C:\Windows\System\NMFGYZu.exe
  C:\Windows\System\NMFGYZu.exe
  2⤵
  PID:6136
- C:\Windows\System\dUEebUK.exe
  C:\Windows\System\dUEebUK.exe
  2⤵
  PID:5232
- C:\Windows\System\TcVaUVN.exe
  C:\Windows\System\TcVaUVN.exe
  2⤵
  PID:5344
- C:\Windows\System\xkbfgKN.exe
  C:\Windows\System\xkbfgKN.exe
  2⤵
  PID:5248
- C:\Windows\System\oWNZuZI.exe
  C:\Windows\System\oWNZuZI.exe
  2⤵
  PID:5424
- C:\Windows\System\OvlgJGh.exe
  C:\Windows\System\OvlgJGh.exe
  2⤵
  PID:5536
- C:\Windows\System\MHRiHhs.exe
  C:\Windows\System\MHRiHhs.exe
  2⤵
  PID:4872
- C:\Windows\System\EaIVQmF.exe
  C:\Windows\System\EaIVQmF.exe
  2⤵
  PID:5704
- C:\Windows\System\bvUSxCY.exe
  C:\Windows\System\bvUSxCY.exe
  2⤵
  PID:5860
- C:\Windows\System\TpqHvDW.exe
  C:\Windows\System\TpqHvDW.exe
  2⤵
  PID:5944
- C:\Windows\System\iViUlNz.exe
  C:\Windows\System\iViUlNz.exe
  2⤵
  PID:6032
- C:\Windows\System\SweMbMO.exe
  C:\Windows\System\SweMbMO.exe
  2⤵
  PID:5284
- C:\Windows\System\ikSirTW.exe
  C:\Windows\System\ikSirTW.exe
  2⤵
  PID:5476
- C:\Windows\System\qdtmJoG.exe
  C:\Windows\System\qdtmJoG.exe
  2⤵
  PID:5720
- C:\Windows\System\jrzPlBA.exe
  C:\Windows\System\jrzPlBA.exe
  2⤵
  PID:5148
- C:\Windows\System\UlTfQRt.exe
  C:\Windows\System\UlTfQRt.exe
  2⤵
  PID:5324
- C:\Windows\System\hXSzlCZ.exe
  C:\Windows\System\hXSzlCZ.exe
  2⤵
  PID:4828
- C:\Windows\System\oOuUYNg.exe
  C:\Windows\System\oOuUYNg.exe
  2⤵
  PID:4440
- C:\Windows\System\ncMgPjy.exe
  C:\Windows\System\ncMgPjy.exe
  2⤵
  PID:5040
- C:\Windows\System\wBAyxbT.exe
  C:\Windows\System\wBAyxbT.exe
  2⤵
  PID:5820
- C:\Windows\System\MAepnmq.exe
  C:\Windows\System\MAepnmq.exe
  2⤵
  PID:6044
- C:\Windows\System\OvPxEKG.exe
  C:\Windows\System\OvPxEKG.exe
  2⤵
  PID:5612
- C:\Windows\System\ScEBhlY.exe
  C:\Windows\System\ScEBhlY.exe
  2⤵
  PID:3364
- C:\Windows\System\ajlIRzQ.exe
  C:\Windows\System\ajlIRzQ.exe
  2⤵
  PID:5784
- C:\Windows\System\sVAyJtv.exe
  C:\Windows\System\sVAyJtv.exe
  2⤵
  PID:4500
- C:\Windows\System\lNMjuHJ.exe
  C:\Windows\System\lNMjuHJ.exe
  2⤵
  PID:2584
- C:\Windows\System\OjHNlet.exe
  C:\Windows\System\OjHNlet.exe
  2⤵
  PID:5492
- C:\Windows\System\qLytcHa.exe
  C:\Windows\System\qLytcHa.exe
  2⤵
  PID:5164
- C:\Windows\System\wbTgfEn.exe
  C:\Windows\System\wbTgfEn.exe
  2⤵
  PID:5188
- C:\Windows\System\bDLZmSb.exe
  C:\Windows\System\bDLZmSb.exe
  2⤵
  PID:4120
- C:\Windows\System\KBvjSVl.exe
  C:\Windows\System\KBvjSVl.exe
  2⤵
  PID:5184
- C:\Windows\System\iOcWQPA.exe
  C:\Windows\System\iOcWQPA.exe
  2⤵
  PID:5280
- C:\Windows\System\UqWYLbD.exe
  C:\Windows\System\UqWYLbD.exe
  2⤵
  PID:5952
- C:\Windows\System\UxjyJUS.exe
  C:\Windows\System\UxjyJUS.exe
  2⤵
  PID:5264
- C:\Windows\System\YWzPXfA.exe
  C:\Windows\System\YWzPXfA.exe
  2⤵
  PID:5392
- C:\Windows\System\DVRzwuV.exe
  C:\Windows\System\DVRzwuV.exe
  2⤵
  PID:3132
- C:\Windows\System\ZDZRyjS.exe
  C:\Windows\System\ZDZRyjS.exe
  2⤵
  PID:5516
- C:\Windows\System\okYUvyM.exe
  C:\Windows\System\okYUvyM.exe
  2⤵
  PID:4428
- C:\Windows\System\yRkECsq.exe
  C:\Windows\System\yRkECsq.exe
  2⤵
  PID:5300
- C:\Windows\System\NGTdWDi.exe
  C:\Windows\System\NGTdWDi.exe
  2⤵
  PID:4884
- C:\Windows\System\cXseeLN.exe
  C:\Windows\System\cXseeLN.exe
  2⤵
  PID:5304
- C:\Windows\System\zVNvFWU.exe
  C:\Windows\System\zVNvFWU.exe
  2⤵
  PID:4184
- C:\Windows\System\jOhrJlJ.exe
  C:\Windows\System\jOhrJlJ.exe
  2⤵
  PID:5592
- C:\Windows\System\VgoszMX.exe
  C:\Windows\System\VgoszMX.exe
  2⤵
  PID:5568
- C:\Windows\System\bvsblrw.exe
  C:\Windows\System\bvsblrw.exe
  2⤵
  PID:4492
- C:\Windows\System\iuThQJI.exe
  C:\Windows\System\iuThQJI.exe
  2⤵
  PID:5692
- C:\Windows\System\joVTOBG.exe
  C:\Windows\System\joVTOBG.exe
  2⤵
  PID:4592
- C:\Windows\System\nCwdgFT.exe
  C:\Windows\System\nCwdgFT.exe
  2⤵
  PID:5744
- C:\Windows\System\YxEPLzs.exe
  C:\Windows\System\YxEPLzs.exe
  2⤵
  PID:5880
- C:\Windows\System\xGbSUbz.exe
  C:\Windows\System\xGbSUbz.exe
  2⤵
  PID:5168
- C:\Windows\System\oHlcIja.exe
  C:\Windows\System\oHlcIja.exe
  2⤵
  PID:5796
- C:\Windows\System\XoIVIUG.exe
  C:\Windows\System\XoIVIUG.exe
  2⤵
  PID:5352
- C:\Windows\System\fZkxtAL.exe
  C:\Windows\System\fZkxtAL.exe
  2⤵
  PID:5436
- C:\Windows\System\YlDCNlm.exe
  C:\Windows\System\YlDCNlm.exe
  2⤵
  PID:5900
- C:\Windows\System\lRwjMGd.exe
  C:\Windows\System\lRwjMGd.exe
  2⤵
  PID:2508
- C:\Windows\System\LuBaRBQ.exe
  C:\Windows\System\LuBaRBQ.exe
  2⤵
  PID:5508
- C:\Windows\System\HkXwDjk.exe
  C:\Windows\System\HkXwDjk.exe
  2⤵
  PID:6028
- C:\Windows\System\qSnqwgZ.exe
  C:\Windows\System\qSnqwgZ.exe
  2⤵
  PID:2176
- C:\Windows\System\JNrSyNR.exe
  C:\Windows\System\JNrSyNR.exe
  2⤵
  PID:5740
- C:\Windows\System\jQUnKHb.exe
  C:\Windows\System\jQUnKHb.exe
  2⤵
  PID:5948
- C:\Windows\System\gdvrvyP.exe
  C:\Windows\System\gdvrvyP.exe
  2⤵
  PID:6160
- C:\Windows\System\uQOJNAn.exe
  C:\Windows\System\uQOJNAn.exe
  2⤵
  PID:6180
- C:\Windows\System\CzaaScx.exe
  C:\Windows\System\CzaaScx.exe
  2⤵
  PID:6200
- C:\Windows\System\fkRIeKs.exe
  C:\Windows\System\fkRIeKs.exe
  2⤵
  PID:6220
- C:\Windows\System\wPOCZpU.exe
  C:\Windows\System\wPOCZpU.exe
  2⤵
  PID:6240
- C:\Windows\System\pVLDVQw.exe
  C:\Windows\System\pVLDVQw.exe
  2⤵
  PID:6256
- C:\Windows\System\gQiZjhX.exe
  C:\Windows\System\gQiZjhX.exe
  2⤵
  PID:6276
- C:\Windows\System\ORiDjqi.exe
  C:\Windows\System\ORiDjqi.exe
  2⤵
  PID:6292
- C:\Windows\System\IiGBTdK.exe
  C:\Windows\System\IiGBTdK.exe
  2⤵
  PID:6312
- C:\Windows\System\TDuwppL.exe
  C:\Windows\System\TDuwppL.exe
  2⤵
  PID:6336
- C:\Windows\System\sJMqUPc.exe
  C:\Windows\System\sJMqUPc.exe
  2⤵
  PID:6352
- C:\Windows\System\UDwXLtx.exe
  C:\Windows\System\UDwXLtx.exe
  2⤵
  PID:6372
- C:\Windows\System\acQTaeI.exe
  C:\Windows\System\acQTaeI.exe
  2⤵
  PID:6392
- C:\Windows\System\OKKZcbe.exe
  C:\Windows\System\OKKZcbe.exe
  2⤵
  PID:6416
- C:\Windows\System\SHcnexu.exe
  C:\Windows\System\SHcnexu.exe
  2⤵
  PID:6436
- C:\Windows\System\PakTdbo.exe
  C:\Windows\System\PakTdbo.exe
  2⤵
  PID:6456
- C:\Windows\System\QGSkpjZ.exe
  C:\Windows\System\QGSkpjZ.exe
  2⤵
  PID:6476
- C:\Windows\System\aaEGnnz.exe
  C:\Windows\System\aaEGnnz.exe
  2⤵
  PID:6496
- C:\Windows\System\ROcyDKz.exe
  C:\Windows\System\ROcyDKz.exe
  2⤵
  PID:6516
- C:\Windows\System\WDummWB.exe
  C:\Windows\System\WDummWB.exe
  2⤵
  PID:6536
- C:\Windows\System\dxKJWmN.exe
  C:\Windows\System\dxKJWmN.exe
  2⤵
  PID:6556
- C:\Windows\System\zTXvofX.exe
  C:\Windows\System\zTXvofX.exe
  2⤵
  PID:6580
- C:\Windows\System\FDVbNxP.exe
  C:\Windows\System\FDVbNxP.exe
  2⤵
  PID:6600
- C:\Windows\System\QNUmtTl.exe
  C:\Windows\System\QNUmtTl.exe
  2⤵
  PID:6624
- C:\Windows\System\aHoSRPX.exe
  C:\Windows\System\aHoSRPX.exe
  2⤵
  PID:6640
- C:\Windows\System\wvnGHxZ.exe
  C:\Windows\System\wvnGHxZ.exe
  2⤵
  PID:6688
- C:\Windows\System\BrUfGMf.exe
  C:\Windows\System\BrUfGMf.exe
  2⤵
  PID:6708
- C:\Windows\System\iVbgyPE.exe
  C:\Windows\System\iVbgyPE.exe
  2⤵
  PID:6728
- C:\Windows\System\SwkVTvV.exe
  C:\Windows\System\SwkVTvV.exe
  2⤵
  PID:6744
- C:\Windows\System\gwXsSNH.exe
  C:\Windows\System\gwXsSNH.exe
  2⤵
  PID:6760
- C:\Windows\System\LPsGBcu.exe
  C:\Windows\System\LPsGBcu.exe
  2⤵
  PID:6780
- C:\Windows\System\dGNmHAT.exe
  C:\Windows\System\dGNmHAT.exe
  2⤵
  PID:6796
- C:\Windows\System\JhtcDOW.exe
  C:\Windows\System\JhtcDOW.exe
  2⤵
  PID:6820
- C:\Windows\System\JOvUxlz.exe
  C:\Windows\System\JOvUxlz.exe
  2⤵
  PID:6840
- C:\Windows\System\CoAsEKe.exe
  C:\Windows\System\CoAsEKe.exe
  2⤵
  PID:6856
- C:\Windows\System\WgHmgsz.exe
  C:\Windows\System\WgHmgsz.exe
  2⤵
  PID:6880
- C:\Windows\System\vnApiqP.exe
  C:\Windows\System\vnApiqP.exe
  2⤵
  PID:6896
- C:\Windows\System\UQAlJlL.exe
  C:\Windows\System\UQAlJlL.exe
  2⤵
  PID:6912
- C:\Windows\System\fVucwfF.exe
  C:\Windows\System\fVucwfF.exe
  2⤵
  PID:6928
- C:\Windows\System\NNewoqB.exe
  C:\Windows\System\NNewoqB.exe
  2⤵
  PID:6948
- C:\Windows\System\oMCBrPJ.exe
  C:\Windows\System\oMCBrPJ.exe
  2⤵
  PID:6964
- C:\Windows\System\Fmyhxvr.exe
  C:\Windows\System\Fmyhxvr.exe
  2⤵
  PID:6980
- C:\Windows\System\NHSjqfj.exe
  C:\Windows\System\NHSjqfj.exe
  2⤵
  PID:7004
- C:\Windows\System\rOREDZN.exe
  C:\Windows\System\rOREDZN.exe
  2⤵
  PID:7024
- C:\Windows\System\utUiWhE.exe
  C:\Windows\System\utUiWhE.exe
  2⤵
  PID:7040
- C:\Windows\System\ZMBxWkB.exe
  C:\Windows\System\ZMBxWkB.exe
  2⤵
  PID:7060
- C:\Windows\System\PWiWeMy.exe
  C:\Windows\System\PWiWeMy.exe
  2⤵
  PID:7076
- C:\Windows\System\dChCoYx.exe
  C:\Windows\System\dChCoYx.exe
  2⤵
  PID:7096
- C:\Windows\System\XAOfyER.exe
  C:\Windows\System\XAOfyER.exe
  2⤵
  PID:7112
- C:\Windows\System\crFQGJt.exe
  C:\Windows\System\crFQGJt.exe
  2⤵
  PID:7132
- C:\Windows\System\aFjfZJb.exe
  C:\Windows\System\aFjfZJb.exe
  2⤵
  PID:7148
- C:\Windows\System\YResXQz.exe
  C:\Windows\System\YResXQz.exe
  2⤵
  PID:5904
- C:\Windows\System\AyRJmeu.exe
  C:\Windows\System\AyRJmeu.exe
  2⤵
  PID:6172
- C:\Windows\System\NKWDTJY.exe
  C:\Windows\System\NKWDTJY.exe
  2⤵
  PID:6248
- C:\Windows\System\EBQheWi.exe
  C:\Windows\System\EBQheWi.exe
  2⤵
  PID:6320
- C:\Windows\System\kGJFbDa.exe
  C:\Windows\System\kGJFbDa.exe
  2⤵
  PID:6364
- C:\Windows\System\ZKeWokV.exe
  C:\Windows\System\ZKeWokV.exe
  2⤵
  PID:5268
- C:\Windows\System\CLYJqzb.exe
  C:\Windows\System\CLYJqzb.exe
  2⤵
  PID:6484
- C:\Windows\System\yUUINnM.exe
  C:\Windows\System\yUUINnM.exe
  2⤵
  PID:6532
- C:\Windows\System\wfpXgBo.exe
  C:\Windows\System\wfpXgBo.exe
  2⤵
  PID:6568
- C:\Windows\System\vWHmQiq.exe
  C:\Windows\System\vWHmQiq.exe
  2⤵
  PID:3868
- C:\Windows\System\tGOjEQP.exe
  C:\Windows\System\tGOjEQP.exe
  2⤵
  PID:6668
- C:\Windows\System\teTQKVg.exe
  C:\Windows\System\teTQKVg.exe
  2⤵
  PID:6196
- C:\Windows\System\hAFnghI.exe
  C:\Windows\System\hAFnghI.exe
  2⤵
  PID:6544
- C:\Windows\System\XfPFiQW.exe
  C:\Windows\System\XfPFiQW.exe
  2⤵
  PID:6304
- C:\Windows\System\nXZfIxv.exe
  C:\Windows\System\nXZfIxv.exe
  2⤵
  PID:5800
- C:\Windows\System\DYAnlQc.exe
  C:\Windows\System\DYAnlQc.exe
  2⤵
  PID:4960
- C:\Windows\System\umkgaKE.exe
  C:\Windows\System\umkgaKE.exe
  2⤵
  PID:6264
- C:\Windows\System\fmNsdDj.exe
  C:\Windows\System\fmNsdDj.exe
  2⤵
  PID:6464
- C:\Windows\System\XnODHlN.exe
  C:\Windows\System\XnODHlN.exe
  2⤵
  PID:6632
- C:\Windows\System\sWjkSpD.exe
  C:\Windows\System\sWjkSpD.exe
  2⤵
  PID:6792
- C:\Windows\System\IvThZec.exe
  C:\Windows\System\IvThZec.exe
  2⤵
  PID:6700
- C:\Windows\System\fRXpUXK.exe
  C:\Windows\System\fRXpUXK.exe
  2⤵
  PID:6868
- C:\Windows\System\QjkKrlA.exe
  C:\Windows\System\QjkKrlA.exe
  2⤵
  PID:6940
- C:\Windows\System\VbyjvLF.exe
  C:\Windows\System\VbyjvLF.exe
  2⤵
  PID:7016
- C:\Windows\System\nbsoisD.exe
  C:\Windows\System\nbsoisD.exe
  2⤵
  PID:7084
- C:\Windows\System\HGfiehL.exe
  C:\Windows\System\HGfiehL.exe
  2⤵
  PID:7124
- C:\Windows\System\caGrubR.exe
  C:\Windows\System\caGrubR.exe
  2⤵
  PID:6208
- C:\Windows\System\FERBLyY.exe
  C:\Windows\System\FERBLyY.exe
  2⤵
  PID:6332
- C:\Windows\System\uwIoOdu.exe
  C:\Windows\System\uwIoOdu.exe
  2⤵
  PID:6448
- C:\Windows\System\lmWikFF.exe
  C:\Windows\System\lmWikFF.exe
  2⤵
  PID:5532
- C:\Windows\System\LsRIJcg.exe
  C:\Windows\System\LsRIJcg.exe
  2⤵
  PID:6408
- C:\Windows\System\VtjDEVy.exe
  C:\Windows\System\VtjDEVy.exe
  2⤵
  PID:6740
- C:\Windows\System\SPcYaIv.exe
  C:\Windows\System\SPcYaIv.exe
  2⤵
  PID:6924
- C:\Windows\System\ChVPShG.exe
  C:\Windows\System\ChVPShG.exe
  2⤵
  PID:6996
- C:\Windows\System\ZPMlRlE.exe
  C:\Windows\System\ZPMlRlE.exe
  2⤵
  PID:6776
- C:\Windows\System\zwmSFpC.exe
  C:\Windows\System\zwmSFpC.exe
  2⤵
  PID:7144
- C:\Windows\System\mRrrhQD.exe
  C:\Windows\System\mRrrhQD.exe
  2⤵
  PID:6348
- C:\Windows\System\EVOngVz.exe
  C:\Windows\System\EVOngVz.exe
  2⤵
  PID:6652
- C:\Windows\System\PcpRqbI.exe
  C:\Windows\System\PcpRqbI.exe
  2⤵
  PID:7072
- C:\Windows\System\tyyXXmr.exe
  C:\Windows\System\tyyXXmr.exe
  2⤵
  PID:6492
- C:\Windows\System\RBxzrDD.exe
  C:\Windows\System\RBxzrDD.exe
  2⤵
  PID:6620
- C:\Windows\System\oXAbPEz.exe
  C:\Windows\System\oXAbPEz.exe
  2⤵
  PID:6380
- C:\Windows\System\XyJBXTq.exe
  C:\Windows\System\XyJBXTq.exe
  2⤵
  PID:6664
- C:\Windows\System\bWYLWHS.exe
  C:\Windows\System\bWYLWHS.exe
  2⤵
  PID:6236
- C:\Windows\System\GliJFrA.exe
  C:\Windows\System\GliJFrA.exe
  2⤵
  PID:6152
- C:\Windows\System\yODMFYX.exe
  C:\Windows\System\yODMFYX.exe
  2⤵
  PID:6552
- C:\Windows\System\MRsBIUv.exe
  C:\Windows\System\MRsBIUv.exe
  2⤵
  PID:6656
- C:\Windows\System\LDuTxKP.exe
  C:\Windows\System\LDuTxKP.exe
  2⤵
  PID:6724
- C:\Windows\System\tcOddOI.exe
  C:\Windows\System\tcOddOI.exe
  2⤵
  PID:6716
- C:\Windows\System\IEgDQrI.exe
  C:\Windows\System\IEgDQrI.exe
  2⤵
  PID:7048
- C:\Windows\System\kSBHfei.exe
  C:\Windows\System\kSBHfei.exe
  2⤵
  PID:7164
- C:\Windows\System\UHxheXh.exe
  C:\Windows\System\UHxheXh.exe
  2⤵
  PID:6988
- C:\Windows\System\EVQmgNB.exe
  C:\Windows\System\EVQmgNB.exe
  2⤵
  PID:6216
- C:\Windows\System\vAPUuiW.exe
  C:\Windows\System\vAPUuiW.exe
  2⤵
  PID:6736
- C:\Windows\System\wgufZPO.exe
  C:\Windows\System\wgufZPO.exe
  2⤵
  PID:7012
- C:\Windows\System\VdXDttf.exe
  C:\Windows\System\VdXDttf.exe
  2⤵
  PID:6768
- C:\Windows\System\IKLLhFe.exe
  C:\Windows\System\IKLLhFe.exe
  2⤵
  PID:6232
- C:\Windows\System\NXWTNuX.exe
  C:\Windows\System\NXWTNuX.exe
  2⤵
  PID:5640
- C:\Windows\System\SlNrQLE.exe
  C:\Windows\System\SlNrQLE.exe
  2⤵
  PID:6788
- C:\Windows\System\lwUEBnA.exe
  C:\Windows\System\lwUEBnA.exe
  2⤵
  PID:6756
- C:\Windows\System\CNBVVQX.exe
  C:\Windows\System\CNBVVQX.exe
  2⤵
  PID:6872
- C:\Windows\System\hwEfnSR.exe
  C:\Windows\System\hwEfnSR.exe
  2⤵
  PID:6752
- C:\Windows\System\EiVtfXm.exe
  C:\Windows\System\EiVtfXm.exe
  2⤵
  PID:7176
- C:\Windows\System\SGXVsDA.exe
  C:\Windows\System\SGXVsDA.exe
  2⤵
  PID:7200
- C:\Windows\System\AHQKYpG.exe
  C:\Windows\System\AHQKYpG.exe
  2⤵
  PID:7220
- C:\Windows\System\SoBAvYR.exe
  C:\Windows\System\SoBAvYR.exe
  2⤵
  PID:7276
- C:\Windows\System\FJOzKTc.exe
  C:\Windows\System\FJOzKTc.exe
  2⤵
  PID:7300
- C:\Windows\System\nlzygqn.exe
  C:\Windows\System\nlzygqn.exe
  2⤵
  PID:7320
- C:\Windows\System\WtNboEa.exe
  C:\Windows\System\WtNboEa.exe
  2⤵
  PID:7336
- C:\Windows\System\qZcuzkO.exe
  C:\Windows\System\qZcuzkO.exe
  2⤵
  PID:7360
- C:\Windows\System\KuvArsg.exe
  C:\Windows\System\KuvArsg.exe
  2⤵
  PID:7380
- C:\Windows\System\gohLVqj.exe
  C:\Windows\System\gohLVqj.exe
  2⤵
  PID:7400
- C:\Windows\System\djtgQxW.exe
  C:\Windows\System\djtgQxW.exe
  2⤵
  PID:7416
- C:\Windows\System\QWBikUc.exe
  C:\Windows\System\QWBikUc.exe
  2⤵
  PID:7432
- C:\Windows\System\vFdYStU.exe
  C:\Windows\System\vFdYStU.exe
  2⤵
  PID:7448
- C:\Windows\System\QaMVEbM.exe
  C:\Windows\System\QaMVEbM.exe
  2⤵
  PID:7464
- C:\Windows\System\kvNJyOR.exe
  C:\Windows\System\kvNJyOR.exe
  2⤵
  PID:7492
- C:\Windows\System\lTXiSuO.exe
  C:\Windows\System\lTXiSuO.exe
  2⤵
  PID:7512
- C:\Windows\System\dKmShtj.exe
  C:\Windows\System\dKmShtj.exe
  2⤵
  PID:7532
- C:\Windows\System\UCwXPMn.exe
  C:\Windows\System\UCwXPMn.exe
  2⤵
  PID:7548
- C:\Windows\System\tokvEGC.exe
  C:\Windows\System\tokvEGC.exe
  2⤵
  PID:7564
- C:\Windows\System\YaeDZzV.exe
  C:\Windows\System\YaeDZzV.exe
  2⤵
  PID:7580
- C:\Windows\System\oVxfvvP.exe
  C:\Windows\System\oVxfvvP.exe
  2⤵
  PID:7596
- C:\Windows\System\XzkjDWd.exe
  C:\Windows\System\XzkjDWd.exe
  2⤵
  PID:7612
- C:\Windows\System\cePcGHC.exe
  C:\Windows\System\cePcGHC.exe
  2⤵
  PID:7628
- C:\Windows\System\Yiwwvdk.exe
  C:\Windows\System\Yiwwvdk.exe
  2⤵
  PID:7644
- C:\Windows\System\PQtFqdZ.exe
  C:\Windows\System\PQtFqdZ.exe
  2⤵
  PID:7660
- C:\Windows\System\UqFXmdB.exe
  C:\Windows\System\UqFXmdB.exe
  2⤵
  PID:7680
- C:\Windows\System\lWZZPwL.exe
  C:\Windows\System\lWZZPwL.exe
  2⤵
  PID:7728
- C:\Windows\System\YFQawza.exe
  C:\Windows\System\YFQawza.exe
  2⤵
  PID:7752
- C:\Windows\System\hsGRRMh.exe
  C:\Windows\System\hsGRRMh.exe
  2⤵
  PID:7768
- C:\Windows\System\LMvDmkY.exe
  C:\Windows\System\LMvDmkY.exe
  2⤵
  PID:7784
- C:\Windows\System\JvLeKxY.exe
  C:\Windows\System\JvLeKxY.exe
  2⤵
  PID:7800
- C:\Windows\System\AlHwkXg.exe
  C:\Windows\System\AlHwkXg.exe
  2⤵
  PID:7820
- C:\Windows\System\CPIsZri.exe
  C:\Windows\System\CPIsZri.exe
  2⤵
  PID:7844
- C:\Windows\System\yVsWNnl.exe
  C:\Windows\System\yVsWNnl.exe
  2⤵
  PID:7860
- C:\Windows\System\aiyKvHu.exe
  C:\Windows\System\aiyKvHu.exe
  2⤵
  PID:7880
- C:\Windows\System\kkZYFOn.exe
  C:\Windows\System\kkZYFOn.exe
  2⤵
  PID:7896
- C:\Windows\System\atCfrMy.exe
  C:\Windows\System\atCfrMy.exe
  2⤵
  PID:7916
- C:\Windows\System\Iwopada.exe
  C:\Windows\System\Iwopada.exe
  2⤵
  PID:7932
- C:\Windows\System\piIawdt.exe
  C:\Windows\System\piIawdt.exe
  2⤵
  PID:7952
- C:\Windows\System\secvQrx.exe
  C:\Windows\System\secvQrx.exe
  2⤵
  PID:7972
- C:\Windows\System\vVGagHo.exe
  C:\Windows\System\vVGagHo.exe
  2⤵
  PID:7992
- C:\Windows\System\JyLNGmq.exe
  C:\Windows\System\JyLNGmq.exe
  2⤵
  PID:8016
- C:\Windows\System\TpHOSwU.exe
  C:\Windows\System\TpHOSwU.exe
  2⤵
  PID:8040
- C:\Windows\System\EzpirjJ.exe
  C:\Windows\System\EzpirjJ.exe
  2⤵
  PID:8060
- C:\Windows\System\dCMutfI.exe
  C:\Windows\System\dCMutfI.exe
  2⤵
  PID:8080
- C:\Windows\System\GPdQsHj.exe
  C:\Windows\System\GPdQsHj.exe
  2⤵
  PID:8108
- C:\Windows\System\cCMOSGh.exe
  C:\Windows\System\cCMOSGh.exe
  2⤵
  PID:8140
- C:\Windows\System\dFyDPvO.exe
  C:\Windows\System\dFyDPvO.exe
  2⤵
  PID:8164
- C:\Windows\System\FNAnNVb.exe
  C:\Windows\System\FNAnNVb.exe
  2⤵
  PID:8184
- C:\Windows\System\pPbrBFg.exe
  C:\Windows\System\pPbrBFg.exe
  2⤵
  PID:6508
- C:\Windows\System\ruSETRb.exe
  C:\Windows\System\ruSETRb.exe
  2⤵
  PID:6904
- C:\Windows\System\FmKTlDg.exe
  C:\Windows\System\FmKTlDg.exe
  2⤵
  PID:6404
- C:\Windows\System\nfDUtIz.exe
  C:\Windows\System\nfDUtIz.exe
  2⤵
  PID:6680
- C:\Windows\System\VXhChcq.exe
  C:\Windows\System\VXhChcq.exe
  2⤵
  PID:6432
- C:\Windows\System\oSMuXqt.exe
  C:\Windows\System\oSMuXqt.exe
  2⤵
  PID:6528
- C:\Windows\System\wzcvxbZ.exe
  C:\Windows\System\wzcvxbZ.exe
  2⤵
  PID:7188
- C:\Windows\System\bHXvFCa.exe
  C:\Windows\System\bHXvFCa.exe
  2⤵
  PID:6328
- C:\Windows\System\GUiNMRj.exe
  C:\Windows\System\GUiNMRj.exe
  2⤵
  PID:6956
- C:\Windows\System\MPlSohC.exe
  C:\Windows\System\MPlSohC.exe
  2⤵
  PID:6412
- C:\Windows\System\oWxHUln.exe
  C:\Windows\System\oWxHUln.exe
  2⤵
  PID:6660
- C:\Windows\System\zlpxbTa.exe
  C:\Windows\System\zlpxbTa.exe
  2⤵
  PID:7264
- C:\Windows\System\PhGuwLh.exe
  C:\Windows\System\PhGuwLh.exe
  2⤵
  PID:7268
- C:\Windows\System\QQevlRR.exe
  C:\Windows\System\QQevlRR.exe
  2⤵
  PID:7272
- C:\Windows\System\furKiQP.exe
  C:\Windows\System\furKiQP.exe
  2⤵
  PID:7312
- C:\Windows\System\lZDwXEL.exe
  C:\Windows\System\lZDwXEL.exe
  2⤵
  PID:7348
- C:\Windows\System\YcCVuUO.exe
  C:\Windows\System\YcCVuUO.exe
  2⤵
  PID:7412
- C:\Windows\System\nbjwtKP.exe
  C:\Windows\System\nbjwtKP.exe
  2⤵
  PID:7428
- C:\Windows\System\UCumgFr.exe
  C:\Windows\System\UCumgFr.exe
  2⤵
  PID:7440
- C:\Windows\System\UyVKTWq.exe
  C:\Windows\System\UyVKTWq.exe
  2⤵
  PID:7488
- C:\Windows\System\mMbaPSP.exe
  C:\Windows\System\mMbaPSP.exe
  2⤵
  PID:7588
- C:\Windows\System\WsXftAS.exe
  C:\Windows\System\WsXftAS.exe
  2⤵
  PID:7476
- C:\Windows\System\mIOKAMo.exe
  C:\Windows\System\mIOKAMo.exe
  2⤵
  PID:7696
- C:\Windows\System\mthOCPO.exe
  C:\Windows\System\mthOCPO.exe
  2⤵
  PID:7708
- C:\Windows\System\cEsUTEf.exe
  C:\Windows\System\cEsUTEf.exe
  2⤵
  PID:7636
- C:\Windows\System\lGFJSyS.exe
  C:\Windows\System\lGFJSyS.exe
  2⤵
  PID:7792
- C:\Windows\System\aCqsDBb.exe
  C:\Windows\System\aCqsDBb.exe
  2⤵
  PID:7840
- C:\Windows\System\EysEwPD.exe
  C:\Windows\System\EysEwPD.exe
  2⤵
  PID:7912
- C:\Windows\System\vVENbhe.exe
  C:\Windows\System\vVENbhe.exe
  2⤵
  PID:7988
- C:\Windows\System\IITlPij.exe
  C:\Windows\System\IITlPij.exe
  2⤵
  PID:8032
- C:\Windows\System\qaMjzaE.exe
  C:\Windows\System\qaMjzaE.exe
  2⤵
  PID:7812
- C:\Windows\System\oCUHjEz.exe
  C:\Windows\System\oCUHjEz.exe
  2⤵
  PID:8068
- C:\Windows\System\PYlEBxH.exe
  C:\Windows\System\PYlEBxH.exe
  2⤵
  PID:7572
- C:\Windows\System\XIXerTn.exe
  C:\Windows\System\XIXerTn.exe
  2⤵
  PID:8128
- C:\Windows\System\yiNvjWE.exe
  C:\Windows\System\yiNvjWE.exe
  2⤵
  PID:7740
- C:\Windows\System\xNpfEdL.exe
  C:\Windows\System\xNpfEdL.exe
  2⤵
  PID:8132
- C:\Windows\System\ineJwLS.exe
  C:\Windows\System\ineJwLS.exe
  2⤵
  PID:7668
- C:\Windows\System\xZIxSow.exe
  C:\Windows\System\xZIxSow.exe
  2⤵
  PID:7776
- C:\Windows\System\VihHvcN.exe
  C:\Windows\System\VihHvcN.exe
  2⤵
  PID:7928
- C:\Windows\System\vGkinbb.exe
  C:\Windows\System\vGkinbb.exe
  2⤵
  PID:8092
- C:\Windows\System\kVzoHXi.exe
  C:\Windows\System\kVzoHXi.exe
  2⤵
  PID:8172
- C:\Windows\System\vTZqNsO.exe
  C:\Windows\System\vTZqNsO.exe
  2⤵
  PID:8148
- C:\Windows\System\uMWFnbG.exe
  C:\Windows\System\uMWFnbG.exe
  2⤵
  PID:7216
- C:\Windows\System\dVWKIib.exe
  C:\Windows\System\dVWKIib.exe
  2⤵
  PID:6168
- C:\Windows\System\FekYHid.exe
  C:\Windows\System\FekYHid.exe
  2⤵
  PID:892
- C:\Windows\System\uXHSuwy.exe
  C:\Windows\System\uXHSuwy.exe
  2⤵
  PID:7160
- C:\Windows\System\HOrJVxR.exe
  C:\Windows\System\HOrJVxR.exe
  2⤵
  PID:7192
- C:\Windows\System\hDGRdNL.exe
  C:\Windows\System\hDGRdNL.exe
  2⤵
  PID:7284
- C:\Windows\System\sxUmYnl.exe
  C:\Windows\System\sxUmYnl.exe
  2⤵
  PID:6000
- C:\Windows\System\wwJYRqs.exe
  C:\Windows\System\wwJYRqs.exe
  2⤵
  PID:7456
- C:\Windows\System\fJwyXaH.exe
  C:\Windows\System\fJwyXaH.exe
  2⤵
  PID:7424
- C:\Windows\System\ypXMaPL.exe
  C:\Windows\System\ypXMaPL.exe
  2⤵
  PID:5840
- C:\Windows\System\MaJPMJJ.exe
  C:\Windows\System\MaJPMJJ.exe
  2⤵
  PID:7504
- C:\Windows\System\NDTqmAz.exe
  C:\Windows\System\NDTqmAz.exe
  2⤵
  PID:7288
- C:\Windows\System\kemvJWh.exe
  C:\Windows\System\kemvJWh.exe
  2⤵
  PID:7472
- C:\Windows\System\EaoMdpr.exe
  C:\Windows\System\EaoMdpr.exe
  2⤵
  PID:7704
- C:\Windows\System\DDBUJdZ.exe
  C:\Windows\System\DDBUJdZ.exe
  2⤵
  PID:7540
- C:\Windows\System\JWNIatL.exe
  C:\Windows\System\JWNIatL.exe
  2⤵
  PID:7872
- C:\Windows\System\YfoWqBI.exe
  C:\Windows\System\YfoWqBI.exe
  2⤵
  PID:7832
- C:\Windows\System\mtkekqU.exe
  C:\Windows\System\mtkekqU.exe
  2⤵
  PID:7948
- C:\Windows\System\QPWcwkS.exe
  C:\Windows\System\QPWcwkS.exe
  2⤵
  PID:7744
- C:\Windows\System\bmtJHWG.exe
  C:\Windows\System\bmtJHWG.exe
  2⤵
  PID:8120
- C:\Windows\System\kjUqfDv.exe
  C:\Windows\System\kjUqfDv.exe
  2⤵
  PID:8136
- C:\Windows\System\fSSGqZY.exe
  C:\Windows\System\fSSGqZY.exe
  2⤵
  PID:8180
- C:\Windows\System\tMSBISC.exe
  C:\Windows\System\tMSBISC.exe
  2⤵
  PID:336
- C:\Windows\System\QQVvDsV.exe
  C:\Windows\System\QQVvDsV.exe
  2⤵
  PID:7720
- C:\Windows\System\MFfolWh.exe
  C:\Windows\System\MFfolWh.exe
  2⤵
  PID:7656
- C:\Windows\System\lCAmZPj.exe
  C:\Windows\System\lCAmZPj.exe
  2⤵
  PID:8088
- C:\Windows\System\NCASBmd.exe
  C:\Windows\System\NCASBmd.exe
  2⤵
  PID:7156
- C:\Windows\System\WMHkxWN.exe
  C:\Windows\System\WMHkxWN.exe
  2⤵
  PID:7344
- C:\Windows\System\AIxGRgf.exe
  C:\Windows\System\AIxGRgf.exe
  2⤵
  PID:7332
- C:\Windows\System\cXzJvHV.exe
  C:\Windows\System\cXzJvHV.exe
  2⤵
  PID:7524
- C:\Windows\System\cQPFZXU.exe
  C:\Windows\System\cQPFZXU.exe
  2⤵
  PID:8036
- C:\Windows\System\zAMAUdr.exe
  C:\Windows\System\zAMAUdr.exe
  2⤵
  PID:8116
- C:\Windows\System\RiPUFaW.exe
  C:\Windows\System\RiPUFaW.exe
  2⤵
  PID:7700
- C:\Windows\System\rbRCUfJ.exe
  C:\Windows\System\rbRCUfJ.exe
  2⤵
  PID:7484
- C:\Windows\System\QNfzBwg.exe
  C:\Windows\System\QNfzBwg.exe
  2⤵
  PID:8124
- C:\Windows\System\rAyZEGn.exe
  C:\Windows\System\rAyZEGn.exe
  2⤵
  PID:7212
- C:\Windows\System\bmlNynG.exe
  C:\Windows\System\bmlNynG.exe
  2⤵
  PID:7196
- C:\Windows\System\bsoAjTJ.exe
  C:\Windows\System\bsoAjTJ.exe
  2⤵
  PID:7652
- C:\Windows\System\iXGifIr.exe
  C:\Windows\System\iXGifIr.exe
  2⤵
  PID:6616
- C:\Windows\System\ZqVqMHC.exe
  C:\Windows\System\ZqVqMHC.exe
  2⤵
  PID:7604
- C:\Windows\System\oZGRcsK.exe
  C:\Windows\System\oZGRcsK.exe
  2⤵
  PID:6576
- C:\Windows\System\dKAdBqi.exe
  C:\Windows\System\dKAdBqi.exe
  2⤵
  PID:7528
- C:\Windows\System\HyquYjJ.exe
  C:\Windows\System\HyquYjJ.exe
  2⤵
  PID:6832
- C:\Windows\System\ywXwcyK.exe
  C:\Windows\System\ywXwcyK.exe
  2⤵
  PID:8100
- C:\Windows\System\pgtxmxp.exe
  C:\Windows\System\pgtxmxp.exe
  2⤵
  PID:6892
- C:\Windows\System\sNkpthn.exe
  C:\Windows\System\sNkpthn.exe
  2⤵
  PID:7924
- C:\Windows\System\AleuSUO.exe
  C:\Windows\System\AleuSUO.exe
  2⤵
  PID:8200
- C:\Windows\System\vPixEwg.exe
  C:\Windows\System\vPixEwg.exe
  2⤵
  PID:8216
- C:\Windows\System\ifgcGgd.exe
  C:\Windows\System\ifgcGgd.exe
  2⤵
  PID:8232
- C:\Windows\System\pOLUgVY.exe
  C:\Windows\System\pOLUgVY.exe
  2⤵
  PID:8248
- C:\Windows\System\liFFbXb.exe
  C:\Windows\System\liFFbXb.exe
  2⤵
  PID:8288
- C:\Windows\System\apvGicM.exe
  C:\Windows\System\apvGicM.exe
  2⤵
  PID:8320
- C:\Windows\System\fzgotWU.exe
  C:\Windows\System\fzgotWU.exe
  2⤵
  PID:8340
- C:\Windows\System\QneZnxA.exe
  C:\Windows\System\QneZnxA.exe
  2⤵
  PID:8360
- C:\Windows\System\jvdiium.exe
  C:\Windows\System\jvdiium.exe
  2⤵
  PID:8376
- C:\Windows\System\QarITlS.exe
  C:\Windows\System\QarITlS.exe
  2⤵
  PID:8404
- C:\Windows\System\xnjuFcL.exe
  C:\Windows\System\xnjuFcL.exe
  2⤵
  PID:8448
- C:\Windows\System\ogEmfkG.exe
  C:\Windows\System\ogEmfkG.exe
  2⤵
  PID:8464
- C:\Windows\System\vJXnblg.exe
  C:\Windows\System\vJXnblg.exe
  2⤵
  PID:8484
- C:\Windows\System\PNYkinS.exe
  C:\Windows\System\PNYkinS.exe
  2⤵
  PID:8504
- C:\Windows\System\FAGBIfD.exe
  C:\Windows\System\FAGBIfD.exe
  2⤵
  PID:8520
- C:\Windows\System\wohMvDQ.exe
  C:\Windows\System\wohMvDQ.exe
  2⤵
  PID:8552
- C:\Windows\System\cJrigzO.exe
  C:\Windows\System\cJrigzO.exe
  2⤵
  PID:8568
- C:\Windows\System\UiFWzRK.exe
  C:\Windows\System\UiFWzRK.exe
  2⤵
  PID:8584
- C:\Windows\System\CYDQIiB.exe
  C:\Windows\System\CYDQIiB.exe
  2⤵
  PID:8604
- C:\Windows\System\kBSHuYQ.exe
  C:\Windows\System\kBSHuYQ.exe
  2⤵
  PID:8620
- C:\Windows\System\ZjqpEVq.exe
  C:\Windows\System\ZjqpEVq.exe
  2⤵
  PID:8664
- C:\Windows\System\DjuAImN.exe
  C:\Windows\System\DjuAImN.exe
  2⤵
  PID:8680
- C:\Windows\System\iawVsNU.exe
  C:\Windows\System\iawVsNU.exe
  2⤵
  PID:8696
- C:\Windows\System\KrpYsKA.exe
  C:\Windows\System\KrpYsKA.exe
  2⤵
  PID:8712
- C:\Windows\System\nihkaSE.exe
  C:\Windows\System\nihkaSE.exe
  2⤵
  PID:8732
- C:\Windows\System\iwIGxVB.exe
  C:\Windows\System\iwIGxVB.exe
  2⤵
  PID:8748
- C:\Windows\System\ECNqtoc.exe
  C:\Windows\System\ECNqtoc.exe
  2⤵
  PID:8764
- C:\Windows\System\uplxzMK.exe
  C:\Windows\System\uplxzMK.exe
  2⤵
  PID:8780
- C:\Windows\System\DXfpnmO.exe
  C:\Windows\System\DXfpnmO.exe
  2⤵
  PID:8796
- C:\Windows\System\umAhfut.exe
  C:\Windows\System\umAhfut.exe
  2⤵
  PID:8812
- C:\Windows\System\LMJGYmn.exe
  C:\Windows\System\LMJGYmn.exe
  2⤵
  PID:8828
- C:\Windows\System\OBVApXX.exe
  C:\Windows\System\OBVApXX.exe
  2⤵
  PID:8844
- C:\Windows\System\uMexmPJ.exe
  C:\Windows\System\uMexmPJ.exe
  2⤵
  PID:8860
- C:\Windows\System\lzAPDHk.exe
  C:\Windows\System\lzAPDHk.exe
  2⤵
  PID:8876
- C:\Windows\System\uUlAoSH.exe
  C:\Windows\System\uUlAoSH.exe
  2⤵
  PID:8892
- C:\Windows\System\WqLSErC.exe
  C:\Windows\System\WqLSErC.exe
  2⤵
  PID:8908
- C:\Windows\System\ZhKMYNQ.exe
  C:\Windows\System\ZhKMYNQ.exe
  2⤵
  PID:8924
- C:\Windows\System\zYRdaCE.exe
  C:\Windows\System\zYRdaCE.exe
  2⤵
  PID:8940
- C:\Windows\System\yoTpHvj.exe
  C:\Windows\System\yoTpHvj.exe
  2⤵
  PID:8956
- C:\Windows\System\BXWsRTM.exe
  C:\Windows\System\BXWsRTM.exe
  2⤵
  PID:8972
- C:\Windows\System\xFDkqZL.exe
  C:\Windows\System\xFDkqZL.exe
  2⤵
  PID:8988
- C:\Windows\System\dMVNTMR.exe
  C:\Windows\System\dMVNTMR.exe
  2⤵
  PID:9004
- C:\Windows\System\bsNHsfC.exe
  C:\Windows\System\bsNHsfC.exe
  2⤵
  PID:9020
- C:\Windows\System\GMOfaSo.exe
  C:\Windows\System\GMOfaSo.exe
  2⤵
  PID:9036
- C:\Windows\System\EQQtnMv.exe
  C:\Windows\System\EQQtnMv.exe
  2⤵
  PID:9052
- C:\Windows\System\EqTciIB.exe
  C:\Windows\System\EqTciIB.exe
  2⤵
  PID:9068
- C:\Windows\System\EfrcHGG.exe
  C:\Windows\System\EfrcHGG.exe
  2⤵
  PID:9084
- C:\Windows\System\BAaINLl.exe
  C:\Windows\System\BAaINLl.exe
  2⤵
  PID:9100
- C:\Windows\System\IFqPVpF.exe
  C:\Windows\System\IFqPVpF.exe
  2⤵
  PID:9116
- C:\Windows\System\FLGKyPv.exe
  C:\Windows\System\FLGKyPv.exe
  2⤵
  PID:9132
- C:\Windows\System\EWrGeru.exe
  C:\Windows\System\EWrGeru.exe
  2⤵
  PID:9148
- C:\Windows\System\CsBatHH.exe
  C:\Windows\System\CsBatHH.exe
  2⤵
  PID:9164
- C:\Windows\System\IXpQbJl.exe
  C:\Windows\System\IXpQbJl.exe
  2⤵
  PID:9180
- C:\Windows\System\nJbmCRi.exe
  C:\Windows\System\nJbmCRi.exe
  2⤵
  PID:9196
- C:\Windows\System\XKADvyM.exe
  C:\Windows\System\XKADvyM.exe
  2⤵
  PID:9212
- C:\Windows\System\mpLVlFq.exe
  C:\Windows\System\mpLVlFq.exe
  2⤵
  PID:4608
- C:\Windows\System\yCpZHeA.exe
  C:\Windows\System\yCpZHeA.exe
  2⤵
  PID:7944
- C:\Windows\System\mcoDIxn.exe
  C:\Windows\System\mcoDIxn.exe
  2⤵
  PID:8196
- C:\Windows\System\NtQRuyx.exe
  C:\Windows\System\NtQRuyx.exe
  2⤵
  PID:6608
- C:\Windows\System\iZcIMbY.exe
  C:\Windows\System\iZcIMbY.exe
  2⤵
  PID:8304
- C:\Windows\System\UWeqJAh.exe
  C:\Windows\System\UWeqJAh.exe
  2⤵
  PID:8348
- C:\Windows\System\skBDHHy.exe
  C:\Windows\System\skBDHHy.exe
  2⤵
  PID:7828
- C:\Windows\System\sYTZIPA.exe
  C:\Windows\System\sYTZIPA.exe
  2⤵
  PID:6972
- C:\Windows\System\XCyxiWx.exe
  C:\Windows\System\XCyxiWx.exe
  2⤵
  PID:7836
- C:\Windows\System\aHlGXTK.exe
  C:\Windows\System\aHlGXTK.exe
  2⤵
  PID:8336
- C:\Windows\System\hqKdsfI.exe
  C:\Windows\System\hqKdsfI.exe
  2⤵
  PID:8392
- C:\Windows\System\WMUpjOI.exe
  C:\Windows\System\WMUpjOI.exe
  2⤵
  PID:8368
- C:\Windows\System\wVjrdwb.exe
  C:\Windows\System\wVjrdwb.exe
  2⤵
  PID:8432
- C:\Windows\System\uKKFgLK.exe
  C:\Windows\System\uKKFgLK.exe
  2⤵
  PID:8444
- C:\Windows\System\tbxJBQa.exe
  C:\Windows\System\tbxJBQa.exe
  2⤵
  PID:8528
- C:\Windows\System\qTRlVLr.exe
  C:\Windows\System\qTRlVLr.exe
  2⤵
  PID:8512
- C:\Windows\System\uRFZCgM.exe
  C:\Windows\System\uRFZCgM.exe
  2⤵
  PID:8576
- C:\Windows\System\kGHeedB.exe
  C:\Windows\System\kGHeedB.exe
  2⤵
  PID:8616
- C:\Windows\System\UkrOoHa.exe
  C:\Windows\System\UkrOoHa.exe
  2⤵
  PID:8596
- C:\Windows\System\mFqqBpq.exe
  C:\Windows\System\mFqqBpq.exe
  2⤵
  PID:8640
- C:\Windows\System\jFAgOcC.exe
  C:\Windows\System\jFAgOcC.exe
  2⤵
  PID:8656
- C:\Windows\System\EupknQN.exe
  C:\Windows\System\EupknQN.exe
  2⤵
  PID:8744
- C:\Windows\System\qyyAodx.exe
  C:\Windows\System\qyyAodx.exe
  2⤵
  PID:8808
- C:\Windows\System\lhILSrU.exe
  C:\Windows\System\lhILSrU.exe
  2⤵
  PID:8872
- C:\Windows\System\mzMUiPi.exe
  C:\Windows\System\mzMUiPi.exe
  2⤵
  PID:8760
- C:\Windows\System\qaViUpX.exe
  C:\Windows\System\qaViUpX.exe
  2⤵
  PID:2960
- C:\Windows\System\PBmqLDR.exe
  C:\Windows\System\PBmqLDR.exe
  2⤵
  PID:8884
- C:\Windows\System\zImGQMt.exe
  C:\Windows\System\zImGQMt.exe
  2⤵
  PID:8936
- C:\Windows\System\jsLTcTC.exe
  C:\Windows\System\jsLTcTC.exe
  2⤵
  PID:8728
- C:\Windows\System\NCQKKsA.exe
  C:\Windows\System\NCQKKsA.exe
  2⤵
  PID:8792
- C:\Windows\System\qMeTGSn.exe
  C:\Windows\System\qMeTGSn.exe
  2⤵
  PID:9032
- C:\Windows\System\HlhGfQx.exe
  C:\Windows\System\HlhGfQx.exe
  2⤵
  PID:8984
- C:\Windows\System\HLTEaNq.exe
  C:\Windows\System\HLTEaNq.exe
  2⤵
  PID:9064
- C:\Windows\System\AoNswEo.exe
  C:\Windows\System\AoNswEo.exe
  2⤵
  PID:9156
- C:\Windows\System\fvnXpCn.exe
  C:\Windows\System\fvnXpCn.exe
  2⤵
  PID:9112
- C:\Windows\System\lMoDxex.exe
  C:\Windows\System\lMoDxex.exe
  2⤵
  PID:8244
- C:\Windows\System\gLSOUAn.exe
  C:\Windows\System\gLSOUAn.exe
  2⤵
  PID:9208
- C:\Windows\System\mLQevIC.exe
  C:\Windows\System\mLQevIC.exe
  2⤵
  PID:7408
- C:\Windows\System\AUDgwWL.exe
  C:\Windows\System\AUDgwWL.exe
  2⤵
  PID:8296
- C:\Windows\System\pordvaj.exe
  C:\Windows\System\pordvaj.exe
  2⤵
  PID:8316
- C:\Windows\System\OYjdMCL.exe
  C:\Windows\System\OYjdMCL.exe
  2⤵
  PID:8260
- C:\Windows\System\TycQXDt.exe
  C:\Windows\System\TycQXDt.exe
  2⤵
  PID:7260
- C:\Windows\System\gqCEuas.exe
  C:\Windows\System\gqCEuas.exe
  2⤵
  PID:8400
- C:\Windows\System\NmBEVtx.exe
  C:\Windows\System\NmBEVtx.exe
  2⤵
  PID:8284
- C:\Windows\System\tOqRCcy.exe
  C:\Windows\System\tOqRCcy.exe
  2⤵
  PID:8280
- C:\Windows\System\mXzUmOw.exe
  C:\Windows\System\mXzUmOw.exe
  2⤵
  PID:8412
- C:\Windows\System\QyGiMAZ.exe
  C:\Windows\System\QyGiMAZ.exe
  2⤵
  PID:8480
- C:\Windows\System\XTODlkc.exe
  C:\Windows\System\XTODlkc.exe
  2⤵
  PID:8436
- C:\Windows\System\ldRyIoV.exe
  C:\Windows\System\ldRyIoV.exe
  2⤵
  PID:8536
- C:\Windows\System\DLuBQsN.exe
  C:\Windows\System\DLuBQsN.exe
  2⤵
  PID:8600
- C:\Windows\System\BSNTJNO.exe
  C:\Windows\System\BSNTJNO.exe
  2⤵
  PID:8804
- C:\Windows\System\sYuIazX.exe
  C:\Windows\System\sYuIazX.exe
  2⤵
  PID:8672
- C:\Windows\System\mdTvrCc.exe
  C:\Windows\System\mdTvrCc.exe
  2⤵
  PID:8868
- C:\Windows\System\ewTVhXj.exe
  C:\Windows\System\ewTVhXj.exe
  2⤵
  PID:8704
- C:\Windows\System\jhORGtt.exe
  C:\Windows\System\jhORGtt.exe
  2⤵
  PID:8856
- C:\Windows\System\jOICisQ.exe
  C:\Windows\System\jOICisQ.exe
  2⤵
  PID:8916
- C:\Windows\System\kZCJKqp.exe
  C:\Windows\System\kZCJKqp.exe
  2⤵
  PID:9044
- C:\Windows\System\kOXKFQR.exe
  C:\Windows\System\kOXKFQR.exe
  2⤵
  PID:9060
- C:\Windows\System\uEhMMJJ.exe
  C:\Windows\System\uEhMMJJ.exe
  2⤵
  PID:8788
- C:\Windows\System\jTlfiZO.exe
  C:\Windows\System\jTlfiZO.exe
  2⤵
  PID:7888
- C:\Windows\System\zkSioRS.exe
  C:\Windows\System\zkSioRS.exe
  2⤵
  PID:9128
- C:\Windows\System\goLcSGh.exe
  C:\Windows\System\goLcSGh.exe
  2⤵
  PID:8240
- C:\Windows\System\xSncAqI.exe
  C:\Windows\System\xSncAqI.exe
  2⤵
  PID:8300
- C:\Windows\System\eHDFhqU.exe
  C:\Windows\System\eHDFhqU.exe
  2⤵
  PID:7624
- C:\Windows\System\uizdLGg.exe
  C:\Windows\System\uizdLGg.exe
  2⤵
  PID:8264
- C:\Windows\System\HOpZOri.exe
  C:\Windows\System\HOpZOri.exe
  2⤵
  PID:8644
- C:\Windows\System\bobEBIj.exe
  C:\Windows\System\bobEBIj.exe
  2⤵
  PID:1756
- C:\Windows\System\rhYjUXU.exe
  C:\Windows\System\rhYjUXU.exe
  2⤵
  PID:9016
- C:\Windows\System\nOYrocU.exe
  C:\Windows\System\nOYrocU.exe
  2⤵
  PID:8460
- C:\Windows\System\URSBgqE.exe
  C:\Windows\System\URSBgqE.exe
  2⤵
  PID:8580
- C:\Windows\System\bxmUNXb.exe
  C:\Windows\System\bxmUNXb.exe
  2⤵
  PID:8052
- C:\Windows\System\xeuzEax.exe
  C:\Windows\System\xeuzEax.exe
  2⤵
  PID:8272
- C:\Windows\System\XzOAPpn.exe
  C:\Windows\System\XzOAPpn.exe
  2⤵
  PID:9204
- C:\Windows\System\pdfznUm.exe
  C:\Windows\System\pdfznUm.exe
  2⤵
  PID:9076
- C:\Windows\System\GlfNlWm.exe
  C:\Windows\System\GlfNlWm.exe
  2⤵
  PID:8440
- C:\Windows\System\sWzXIbj.exe
  C:\Windows\System\sWzXIbj.exe
  2⤵
  PID:9000
- C:\Windows\System\rmKGHTQ.exe
  C:\Windows\System\rmKGHTQ.exe
  2⤵
  PID:8428
- C:\Windows\System\OMHJCzC.exe
  C:\Windows\System\OMHJCzC.exe
  2⤵
  PID:8224
- C:\Windows\System\wJaFzUT.exe
  C:\Windows\System\wJaFzUT.exe
  2⤵
  PID:8980
- C:\Windows\System\JVmlJEn.exe
  C:\Windows\System\JVmlJEn.exe
  2⤵
  PID:8276
- C:\Windows\System\sbyjsCp.exe
  C:\Windows\System\sbyjsCp.exe
  2⤵
  PID:9268
- C:\Windows\System\CqMMgul.exe
  C:\Windows\System\CqMMgul.exe
  2⤵
  PID:9296
- C:\Windows\System\DTXMSKx.exe
  C:\Windows\System\DTXMSKx.exe
  2⤵
  PID:9364
- C:\Windows\System\zrovxUN.exe
  C:\Windows\System\zrovxUN.exe
  2⤵
  PID:9384
- C:\Windows\System\xRYziod.exe
  C:\Windows\System\xRYziod.exe
  2⤵
  PID:9424
- C:\Windows\System\TSrOgTU.exe
  C:\Windows\System\TSrOgTU.exe
  2⤵
  PID:9448
- C:\Windows\System\GrhaCpD.exe
  C:\Windows\System\GrhaCpD.exe
  2⤵
  PID:9480
- C:\Windows\System\XtppycO.exe
  C:\Windows\System\XtppycO.exe
  2⤵
  PID:9500
- C:\Windows\System\uGOaJIU.exe
  C:\Windows\System\uGOaJIU.exe
  2⤵
  PID:9516
- C:\Windows\System\RUCQrmg.exe
  C:\Windows\System\RUCQrmg.exe
  2⤵
  PID:9532
- C:\Windows\System\mKfVMZK.exe
  C:\Windows\System\mKfVMZK.exe
  2⤵
  PID:9560
- C:\Windows\System\QKTJLMR.exe
  C:\Windows\System\QKTJLMR.exe
  2⤵
  PID:9588
- C:\Windows\System\YNfPLLz.exe
  C:\Windows\System\YNfPLLz.exe
  2⤵
  PID:9612
- C:\Windows\System\MUmCGcM.exe
  C:\Windows\System\MUmCGcM.exe
  2⤵
  PID:9628
- C:\Windows\System\KatYzFe.exe
  C:\Windows\System\KatYzFe.exe
  2⤵
  PID:9644
- C:\Windows\System\zWtCMVk.exe
  C:\Windows\System\zWtCMVk.exe
  2⤵
  PID:9660
- C:\Windows\System\OoLCnjv.exe
  C:\Windows\System\OoLCnjv.exe
  2⤵
  PID:9676
- C:\Windows\System\ZyjVlUb.exe
  C:\Windows\System\ZyjVlUb.exe
  2⤵
  PID:9692
- C:\Windows\System\XpxTnrP.exe
  C:\Windows\System\XpxTnrP.exe
  2⤵
  PID:9708
- C:\Windows\System\kSVKtFG.exe
  C:\Windows\System\kSVKtFG.exe
  2⤵
  PID:9736
- C:\Windows\System\WXMKriu.exe
  C:\Windows\System\WXMKriu.exe
  2⤵
  PID:9828
- C:\Windows\System\jFefZCX.exe
  C:\Windows\System\jFefZCX.exe
  2⤵
  PID:9848
- C:\Windows\System\wIxmLpK.exe
  C:\Windows\System\wIxmLpK.exe
  2⤵
  PID:9868
- C:\Windows\System\KsmUgDN.exe
  C:\Windows\System\KsmUgDN.exe
  2⤵
  PID:9904
- C:\Windows\System\XHsozVj.exe
  C:\Windows\System\XHsozVj.exe
  2⤵
  PID:9920
- C:\Windows\System\oNBETqZ.exe
  C:\Windows\System\oNBETqZ.exe
  2⤵
  PID:9956
- C:\Windows\System\vjNylxJ.exe
  C:\Windows\System\vjNylxJ.exe
  2⤵
  PID:9972
- C:\Windows\System\JYHOFXU.exe
  C:\Windows\System\JYHOFXU.exe
  2⤵
  PID:9988
- C:\Windows\System\HRqQoGg.exe
  C:\Windows\System\HRqQoGg.exe
  2⤵
  PID:10004
- C:\Windows\System\ZekHYYt.exe
  C:\Windows\System\ZekHYYt.exe
  2⤵
  PID:10020
- C:\Windows\System\GRBqyYr.exe
  C:\Windows\System\GRBqyYr.exe
  2⤵
  PID:10036
- C:\Windows\System\PBxRISM.exe
  C:\Windows\System\PBxRISM.exe
  2⤵
  PID:10052
- C:\Windows\System\mDBnmAV.exe
  C:\Windows\System\mDBnmAV.exe
  2⤵
  PID:10068
- C:\Windows\System\JpYgcZe.exe
  C:\Windows\System\JpYgcZe.exe
  2⤵
  PID:10084
- C:\Windows\System\PvlNEKy.exe
  C:\Windows\System\PvlNEKy.exe
  2⤵
  PID:10100
- C:\Windows\System\KNpnvBk.exe
  C:\Windows\System\KNpnvBk.exe
  2⤵
  PID:10116
- C:\Windows\System\uURbyvx.exe
  C:\Windows\System\uURbyvx.exe
  2⤵
  PID:10132
- C:\Windows\System\brLYRnR.exe
  C:\Windows\System\brLYRnR.exe
  2⤵
  PID:10148
- C:\Windows\System\IxTMVNS.exe
  C:\Windows\System\IxTMVNS.exe
  2⤵
  PID:10164
- C:\Windows\System\lriwinn.exe
  C:\Windows\System\lriwinn.exe
  2⤵
  PID:10180
- C:\Windows\System\MbULqTN.exe
  C:\Windows\System\MbULqTN.exe
  2⤵
  PID:10196
- C:\Windows\System\eAyibfW.exe
  C:\Windows\System\eAyibfW.exe
  2⤵
  PID:10212
- C:\Windows\System\LRjlEbN.exe
  C:\Windows\System\LRjlEbN.exe
  2⤵
  PID:10228
- C:\Windows\System\rMJchjq.exe
  C:\Windows\System\rMJchjq.exe
  2⤵
  PID:9276
- C:\Windows\System\YeaWAmA.exe
  C:\Windows\System\YeaWAmA.exe
  2⤵
  PID:8724
- C:\Windows\System\GgVQCpC.exe
  C:\Windows\System\GgVQCpC.exe
  2⤵
  PID:9096
- C:\Windows\System\TItMIDn.exe
  C:\Windows\System\TItMIDn.exe
  2⤵
  PID:9232
- C:\Windows\System\gEZfELb.exe
  C:\Windows\System\gEZfELb.exe
  2⤵
  PID:9244
- C:\Windows\System\HPONMBl.exe
  C:\Windows\System\HPONMBl.exe
  2⤵
  PID:9264
- C:\Windows\System\pLsrwrQ.exe
  C:\Windows\System\pLsrwrQ.exe
  2⤵
  PID:9280
- C:\Windows\System\KHGsPrk.exe
  C:\Windows\System\KHGsPrk.exe
  2⤵
  PID:9324
- C:\Windows\System\HJvbOev.exe
  C:\Windows\System\HJvbOev.exe
  2⤵
  PID:9340
- C:\Windows\System\WeHJhCm.exe
  C:\Windows\System\WeHJhCm.exe
  2⤵
  PID:9352
- C:\Windows\System\PeegoJg.exe
  C:\Windows\System\PeegoJg.exe
  2⤵
  PID:9380
- C:\Windows\System\HfISKhv.exe
  C:\Windows\System\HfISKhv.exe
  2⤵
  PID:9620
- C:\Windows\System\GWICSRJ.exe
  C:\Windows\System\GWICSRJ.exe
  2⤵
  PID:9716
- C:\Windows\System\UpUPLHx.exe
  C:\Windows\System\UpUPLHx.exe
  2⤵
  PID:9596
- C:\Windows\System\UAvOaFa.exe
  C:\Windows\System\UAvOaFa.exe
  2⤵
  PID:9636
- C:\Windows\System\jpMwrFX.exe
  C:\Windows\System\jpMwrFX.exe
  2⤵
  PID:9728
- C:\Windows\System\OdYToCO.exe
  C:\Windows\System\OdYToCO.exe
  2⤵
  PID:9552
- C:\Windows\System\tSelGfL.exe
  C:\Windows\System\tSelGfL.exe
  2⤵
  PID:9768
- C:\Windows\System\hVQIpzt.exe
  C:\Windows\System\hVQIpzt.exe
  2⤵
  PID:9784
- C:\Windows\System\tUgXZBB.exe
  C:\Windows\System\tUgXZBB.exe
  2⤵
  PID:9836
- C:\Windows\System\fPbQPSi.exe
  C:\Windows\System\fPbQPSi.exe
  2⤵
  PID:9812
- C:\Windows\System\UJpyiLi.exe
  C:\Windows\System\UJpyiLi.exe
  2⤵
  PID:9876
- C:\Windows\System\ZXyArft.exe
  C:\Windows\System\ZXyArft.exe
  2⤵
  PID:9880
- C:\Windows\System\hCDGBZS.exe
  C:\Windows\System\hCDGBZS.exe
  2⤵
  PID:9928
- C:\Windows\System\eeEqsOc.exe
  C:\Windows\System\eeEqsOc.exe
  2⤵
  PID:9944
- C:\Windows\System\ePrxsha.exe
  C:\Windows\System\ePrxsha.exe
  2⤵
  PID:10012
- C:\Windows\System\OcZmzrp.exe
  C:\Windows\System\OcZmzrp.exe
  2⤵
  PID:10108
- C:\Windows\System\Htrunsa.exe
  C:\Windows\System\Htrunsa.exe
  2⤵
  PID:10172
- C:\Windows\System\YbzWiVb.exe
  C:\Windows\System\YbzWiVb.exe
  2⤵
  PID:10176
- C:\Windows\System\aCtZvZm.exe
  C:\Windows\System\aCtZvZm.exe
  2⤵
  PID:8720
- C:\Windows\System\dOEApWN.exe
  C:\Windows\System\dOEApWN.exe
  2⤵
  PID:9292
- C:\Windows\System\kZfAXoZ.exe
  C:\Windows\System\kZfAXoZ.exe
  2⤵
  PID:10028
- C:\Windows\System\zjTRmPt.exe
  C:\Windows\System\zjTRmPt.exe
  2⤵
  PID:10124
- C:\Windows\System\pMwrvLa.exe
  C:\Windows\System\pMwrvLa.exe
  2⤵
  PID:9360
- C:\Windows\System\KxEaSFO.exe
  C:\Windows\System\KxEaSFO.exe
  2⤵
  PID:8836
- C:\Windows\System\zcevPXJ.exe
  C:\Windows\System\zcevPXJ.exe
  2⤵
  PID:9344
- C:\Windows\System\jmedKWh.exe
  C:\Windows\System\jmedKWh.exe
  2⤵
  PID:9400
- C:\Windows\System\qqFekQB.exe
  C:\Windows\System\qqFekQB.exe
  2⤵
  PID:9260
- C:\Windows\System\zRWwtbT.exe
  C:\Windows\System\zRWwtbT.exe
  2⤵
  PID:8540
- C:\Windows\System\qlJsVZe.exe
  C:\Windows\System\qlJsVZe.exe
  2⤵
  PID:9604
- C:\Windows\System\gyQTDgn.exe
  C:\Windows\System\gyQTDgn.exe
  2⤵
  PID:9524
- C:\Windows\System\GniqLAM.exe
  C:\Windows\System\GniqLAM.exe
  2⤵
  PID:9568
- C:\Windows\System\MOgkLJa.exe
  C:\Windows\System\MOgkLJa.exe
  2⤵
  PID:9540
- C:\Windows\System\EEIxeHs.exe
  C:\Windows\System\EEIxeHs.exe
  2⤵
  PID:9732
- C:\Windows\System\alVKmgl.exe
  C:\Windows\System\alVKmgl.exe
  2⤵
  PID:9752
- C:\Windows\System\QzjNUuL.exe
  C:\Windows\System\QzjNUuL.exe
  2⤵
  PID:9856
- C:\Windows\System\OUQaCcp.exe
  C:\Windows\System\OUQaCcp.exe
  2⤵
  PID:10208
- C:\Windows\System\JnAPqBU.exe
  C:\Windows\System\JnAPqBU.exe
  2⤵
  PID:10076
- C:\Windows\System\XvHtMwX.exe
  C:\Windows\System\XvHtMwX.exe
  2⤵
  PID:9240
- C:\Windows\System\cSxWYYZ.exe
  C:\Windows\System\cSxWYYZ.exe
  2⤵
  PID:10060
- C:\Windows\System\YtCuczR.exe
  C:\Windows\System\YtCuczR.exe
  2⤵
  PID:10096
- C:\Windows\System\REPjXfR.exe
  C:\Windows\System\REPjXfR.exe
  2⤵
  PID:9432
- C:\Windows\System\fqYyEsm.exe
  C:\Windows\System\fqYyEsm.exe
  2⤵
  PID:10156
- C:\Windows\System\QGTFzeW.exe
  C:\Windows\System\QGTFzeW.exe
  2⤵
  PID:10188
- C:\Windows\System\NsfYEUw.exe
  C:\Windows\System\NsfYEUw.exe
  2⤵
  PID:9408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BwngoXA.exe

Filesize
6.0MB

MD5
fbeb6a1fc30bf737a3175ec611460d27

SHA1
27da1ef563e8984539d01f85e00d436f10730e71

SHA256
fede166d9f8ab155188ba96c62ba0bfab0211b3696d9f99dcb66945dfa143d40

SHA512
bce3addd32b973ab9568770f6e803b2795d9dd449a6af245dc8c823e3175b92f24cd68332b797ad78a8d54533b1a5fff8ecbd619b24b3f9b21631d2933fd9913

Download Submit
C:\Windows\system\CIHhuSg.exe

Filesize
6.0MB

MD5
794572b17977f60bee58e85bd6f3340e

SHA1
2679af8f4bd323a98d34b3b95963e1fb76dc4551

SHA256
0cadf3d8ccb47c40b07820abd08b6a1464835609640c757faadc02d4d8acef70

SHA512
e862432bedbf9e690d6fe7b339eacd61389e0989c1148c8a559ac2cb92dd08bfa8a4e21954adaa82ebdd7604f0199d74984c895c4b126bf28771bc145b47ae5e

Download Submit
C:\Windows\system\CzRejOd.exe

Filesize
6.0MB

MD5
3c18464e91c660409255c5c2819e9c3a

SHA1
1bc5a07425f9bd10355bec3fe7b3e8b5f8223664

SHA256
fc57bdb6bca915026cb70bd42e7d5429e4253ccdd2306ffc38b924f3640c530f

SHA512
cacfa77a6f07378b95b8913fffc52ba5fa9d7b617d8103bebdf3ff8500b59cef3e949458840775ec0d9fe5e0b1d33d05624489360ce3b02c7329d843283e7164

Download Submit
C:\Windows\system\DCPRHME.exe

Filesize
6.0MB

MD5
605afbf2437624ba57f3ffbf8120aeaa

SHA1
657e4d77686d3ecb81dd088abed791d957147239

SHA256
7b9154fb05550c7b3bb1c60d389cfd2b6f5f9fbdfbb494e1b54154a521365cec

SHA512
2eace0e79cb4be9b6fbf62f808d6de8b2e1740143d352920a91fdcc689ae1a3b89ecd1fe7bd19dfda17a73625aff217c7b55f9fb69155b0f6264f8f7b35e55bf

Download Submit
C:\Windows\system\HJybyEi.exe

Filesize
6.0MB

MD5
f228b4c270485539bd3b5d583ae421bb

SHA1
bc93d2d10e9a80ab62a7afb5689d4922124ca5c4

SHA256
3863884cc32e4a989a3dbf8c0c6de70524a43c7c0395dd389963850b9e6c82b8

SHA512
c3ef31e46b826ada46f18116e4d6f3975ee31ae4685bfea2c6025c5d1840214cebc386f97cd9a7b5616e06d6406d933efddad5a5691ef731f1031db882e2a8df

Download Submit
C:\Windows\system\HjXTznF.exe

Filesize
6.0MB

MD5
14685f39d5c5c2b309e06b7d32450cf4

SHA1
13f9edc55503a205907116b1ce15a009e132c078

SHA256
ea6427df0e41ff5e15b5d0220054ed559cc8e0fecae73d777f2ed799b8de0fb0

SHA512
9c8d88aa18ba6c2036b36e456f8e330c746df7a1922634c978c2a1b231863fc09e41ab6bbc77d1632a6ca340082962216e0f0a3223922c421e71b81ccb60fb30

Download Submit
C:\Windows\system\IxBrwQE.exe

Filesize
6.0MB

MD5
c7adf6c50e7ffa9b2dfb42f540ed4cc2

SHA1
02a7197d201455a058adef37baa8eff0978c8505

SHA256
8e0f7b29ec22f2b539405dc1ef2840c29d1f076c12871fadb013bfe422041558

SHA512
e5876e22dce0e18028289f382521dfae8ebdcbc9e3f0ca2428c0b651487afb49db6b527676bb63f5be518ab5266a32d26313fca283344e3116836101aacdedb2

Download Submit
C:\Windows\system\Ldrjamv.exe

Filesize
6.0MB

MD5
b71c0307f62d69b3ff27cf6e1f337245

SHA1
2c1730779b42c2014ec67a90ed0981e87fa49c37

SHA256
97d53cc17fcc9fc27f9b6a1fc1985724fb33d6290c69993092a983a02c545863

SHA512
1791f7c5cf76874e1d01960220268c6d2381cfbec8c3c2f3f6e181f140327bbebba08348a1c1ba9656dea417f7c5539ab4b068a0c77db3956545756254945110

Download Submit
C:\Windows\system\NMayeqW.exe

Filesize
6.0MB

MD5
d89000dcf4e156598de7947a8146132c

SHA1
8035104b13caf28c265151337ccccd9677ea57d0

SHA256
83886fbff4eee13fc2da8813949fa5e02529773fc68a58a007a8a7a13fb524f2

SHA512
8578dcbc000c6b3aa3380dcaa5d266a3cae6f4f74545f281c932109bd19d6fd9a81f227a73b7015333e52087f0d5a129f73e2f0bc98d34074c1ed09a14c2c6e1

Download Submit
C:\Windows\system\OAGJMvF.exe

Filesize
6.0MB

MD5
edd9fe860e3834cadc1ac3e81b434512

SHA1
ca10cb0c9f96cba1c23407d48e1d392206f18a75

SHA256
fafc3dbb5c2f47e10587bee8ba33458babbe785ae9a3d6bdbd319f1ff8e253e8

SHA512
3439d4783566665cfc0cc1f35ffc848498074b318b12957c706365f4498a8d0d4ff01e5cd1e2fe3f6f252068a7ae132173a5afb874428259fe2a145b0a6572e8

Download Submit
C:\Windows\system\RktfqRT.exe

Filesize
6.0MB

MD5
ed67ef8a89d84611e68308c5906a0fba

SHA1
b2b95cb2ead711af844b4aa94bc7e69ff508e383

SHA256
2955c320b58ecbb594d9fefb88b7a46a6ccbbe25ed494711b347c4747e85ed19

SHA512
2a07280138caf71c2a754bc7f15fe130477903b3a444cb08ec0658c49e764d429604de3aed433a538871a3d3e4446224d2c0935f8d1f764c317aee151c3c6951

Download Submit
C:\Windows\system\SCyGlIB.exe

Filesize
6.0MB

MD5
6a75d57025c479da2205a8c120362696

SHA1
5ae9a4235fa0a03a82b4950fa4a6a3b5f88a2aad

SHA256
0104440dbef707501e045710c590145e1047454aece01dbb2219db6d9da41d61

SHA512
3d7071239625091d6dab271a75c1b25cd42c2ace697bf4809151f9ab6e4ec0923976cf31291b04273a9e062fc6b1f0fac1eed2aa416e96a304d9a7101795513e

Download Submit
C:\Windows\system\SkEeapN.exe

Filesize
6.0MB

MD5
bfd8398c07e6a7afd3f6bcf46072fd6a

SHA1
eb596676b86f12c8d8c57efb6adc5f64a71a1b79

SHA256
acaaef96aa87d751ecfd734656156a701cea7ce7a69f296ef02702d43a9f55dd

SHA512
d256883725980946be72266c27f77b2ef38026954d1bfdc33ae4b4eaea152f5607d5f02e18d35f0bdda49187241e55ba75c265de4d704501beea675383796593

Download Submit
C:\Windows\system\YchSGPg.exe

Filesize
6.0MB

MD5
39353e9a58f58f6a6cdf16e740ec50fa

SHA1
a99b87fe0d2004affaf83c333cd72ad3d0f1e24e

SHA256
dedb1cc1c58417915ab0330d997e2dc90d86d956886f4c4d3877c1aa510a28ac

SHA512
728e515168b5de9aa0fa24662cde6b595a6b9218867fec8b135377f99fedb4ed1cb34c63b4c8de94bea90f754c57696756d4484cce2020f864d3c64cc2c8084c

Download Submit
C:\Windows\system\euSerWy.exe

Filesize
6.0MB

MD5
97f3f93febcbd658a12fc0933620008e

SHA1
7b4afef1079ae3142850152c53bfc584099899d8

SHA256
fee11c37ccfb9c098f88c86cac2bb0e11f1f76a8b2debd4f839e35a9258eef69

SHA512
f631a6bebcdf8782571f6391ec350c24f122cf362edad4c2d7681adbd187ca460e3013aa43dfb6bf5abadb4e9e2225e95299f790851848c298888bab93730686

Download Submit
C:\Windows\system\hLNsrSS.exe

Filesize
6.0MB

MD5
fadea46b2c652651a37b4fd4c265e052

SHA1
1d1f443ce2acb9b92c326d4c5ca3362bf8106f90

SHA256
036b6866638cd67a81de4415a9e324c029d1faf06e474db38b90cdd2b1b46da8

SHA512
4e502830ac0079e2ce38da43ec979c898f9e244534b5607120c7efb7f23ec54a5d057a4a0cec0358e8fa5769ebb969d31ab87ec81fc3508dea88927ecd0e4e70

Download Submit
C:\Windows\system\kCoAzFL.exe

Filesize
6.0MB

MD5
111be2ec30a600982b23d1f659c52d67

SHA1
97e8dbf2b0be497b296350e179a8e84f5d4f2a49

SHA256
be26d6c21b102d486de14478f72387f9702dac2e1422cdf97c4667e0c1b2d642

SHA512
03a4ab5699f24c119ec212c932266be20212ff57f9f739fe101de645c4f7d2226c1a9230dd0d1f2fb5ab9aa3978492e239ed81fddbe9921287282c40c264f3a4

Download Submit
C:\Windows\system\lbEWHyT.exe

Filesize
6.0MB

MD5
75ea727a00d24131392a91b6c1cc5da6

SHA1
2d48b383e6df46027085ab67e13158023d363d40

SHA256
78b88b0c2b4bb797333d31b9aebcfae1f20de990bd65d1c78c1b747a5ab654ec

SHA512
a170142cecc42da99eeba9ccd872c60bccfd6b9ae98c86a621664f37c40fcfea73d737ed43959ae9383251ca7bcd1853fe0e79c96abde3c25981b1706d015c14

Download Submit
C:\Windows\system\lczPTXx.exe

Filesize
6.0MB

MD5
6c271225f122acfbb907275ebb68e0fb

SHA1
144eaf49cc3ec1fda102d268161b9e0ed4b546d9

SHA256
44ff9d5ca33e765074f31dc554d87e416ca07332363149d44fa4114087a9cbac

SHA512
1988f90cdfa65e65c900dc9bd42c22d72bb884913f243813f7110e503abda3477e9f834b322f6717f82801f0c3be785dac1930f698f1fde05b0e7a89bc25e56c

Download Submit
C:\Windows\system\pTHlIHU.exe

Filesize
6.0MB

MD5
4bc4d8026e58ff673d11c53501ebdb05

SHA1
7a5eaef7b8c8e0536fe26a9cbca4514f58d3c029

SHA256
eb338864e9fcedbaf8cfa93a031ec1166f7af236d9a70b2123ec487ce5a36797

SHA512
7fdcedd14abfc3d97054896c4b6386c6a4a6ce567d01e183d44c45f6d8578a848dc279dff2b5cde3ddeb44fc275bc9373c8c2033d707f60b9f7da3be7091f545

Download Submit
C:\Windows\system\sIghVjx.exe

Filesize
6.0MB

MD5
409c08ac5cf57c81fe0722ceb385f043

SHA1
28fc648690d5718519b7e90948ee4de302a18967

SHA256
02b423315f37d2786df44d4dc1c1760d25616cb85bc663a1d9ba4cb355f070af

SHA512
9988076a5b6db160877cfcebb1079158bea721d5d860eb9eaff3dd2cd279c0de4348182d5a704b0aaf12887213a4f2320e51d7e3c658bc5b94260bf3623a1397

Download Submit
C:\Windows\system\tptunsz.exe

Filesize
6.0MB

MD5
27afc6fc6e69ac7e138d3bac77e3bae9

SHA1
cac27f616e908829bbd49c4fb9a2580984e8c99c

SHA256
6dcb4ea3b3c3f8fc32902ab307d8643852f7b8ed866a220eadce72a35b4aea26

SHA512
cc9ff27e7f26ed4f4608b4b824b3adf6ef9d6bb51625080f706e7eb4b6a9e40ded49af2cfa10b0a4853916d1d737550042fc10dd9fb51a76c71264ec89d3d382

Download Submit
C:\Windows\system\vGgFRZy.exe

Filesize
6.0MB

MD5
7eba7122aed66c9552a059b7ba9936d8

SHA1
16b1f0f492fffe9a0b11b961b6bebcd4cb12cb18

SHA256
23296d589f33fac4dd5d5732ad6e40c1aabd6147c462d543bce75344ccca1692

SHA512
e4c9b8571c20f897824303d8f6d8d475c24a00c2720250c0e8ffe1f856005de7f6108aeb41a2d7544d6b009e04562a487fe2bcbb19982ff5feeff21e467fb91a

Download Submit
\Windows\system\CHXixhj.exe

Filesize
6.0MB

MD5
143d601b360c52ae867cb7074526dc39

SHA1
83dd2777460bdced42eb577d9db34f33aa02076e

SHA256
306aa0cec9dd7321768651b1b8932f6e603f17b16f206898b076f2b94f95feee

SHA512
affa76395d659bba52f0421f98e7e1e596b6a447f4b067ae733129b093687494df0a40990efe4306b3115c2d1721ee9ccd6fd2d16aa5c762aed915136b83cdd2

Download Submit
\Windows\system\DIHFCKH.exe

Filesize
6.0MB

MD5
ff3a6dc616fe72ab414f46f4c86a97ea

SHA1
2fecb7cb0b370b1ecb49fe0d7e27d336ca60373b

SHA256
2ea9e463f5c6323a27901f43dc4b13dcb63cc2b0966023a792b0ae8177803b10

SHA512
d3ddf59e38195c45578a77c0937c9cfa8b5b0802590de4025697ff412c11aa005a9d8a87e4a4472368a01cce7b8ad021901e0a244ce65a16d4785c32b6f1321b

Download Submit
\Windows\system\EXeXPpI.exe

Filesize
6.0MB

MD5
48c4397db6deb6336140ded22561cf3a

SHA1
aefa8cc34b57e68e640c41cda5045353364a98ff

SHA256
1c1da715b448d051e794f78c52202f3c4ffc6af2afead0da70770660dc7eca44

SHA512
2c62a5a23ce215f46d93d7d3d623061790e7b7c2bb7408ad406d74668132ae358d35605d58366b08e78238370f2e7d97154362b6329625087c92da44730d551b

Download Submit
\Windows\system\EhghoVM.exe

Filesize
6.0MB

MD5
5fe08d24596cc1646fbbc71f4cad9c4f

SHA1
62bf025f46652fb50ce8d4202b3104332ef7d5d6

SHA256
d7f2e0ceeaef0d1f477d38aa5ea8da331369ad719e7260489b9ffa05f4160484

SHA512
e0308794a1f023a1149e96b54293a0df8abf36283bb1ad2c30a6065c0209cac58baaf58e52cea0809113ecb4fd83209646c10faa92ef04c823a6b9f28096a4c2

Download Submit
\Windows\system\LpjkLlg.exe

Filesize
6.0MB

MD5
f21a73f9b9faa143b380b04ec444eb8b

SHA1
b7ddb39e435a589abad6f6e1c6801e8a3bc5ead2

SHA256
cae77fdac20fd63583634cd05169263a5635adfae9a98ab949f1581534453b87

SHA512
7b15224e24552f0853f717186f5b574479695ec7227a4890e77ca89785a0f3a77394bad923b39ece716286b4537fc54ee74adab68b8948991a828315ae2fa9a1

Download Submit
\Windows\system\QeSYVjI.exe

Filesize
6.0MB

MD5
47c325503fffc42d832df888568b2bfd

SHA1
b35b9beb0fd6130794418cecb92a1b94e63d7f17

SHA256
df5f77220bb3d6fb50b5b04c9201790f3eee5b614a02af1772480a832df57724

SHA512
913ddf651ae62a88f1e900f69be32156a49f6c2e130f54f90ba84d67e94e0ff01d492f934791aa20a2f31fc8af0bf0dcc5dd90533389da4b4a15326b83a6215a

Download Submit
\Windows\system\TjZDGbN.exe

Filesize
6.0MB

MD5
1243f1f37961ac8e297b99cce9fc46df

SHA1
415ce80255ddeab761948f3cfef0d1a4b2789c0e

SHA256
27e1b87d235c91a91ed65fef9b2a4f21b6818121f1a860a42f5fe9be84664cdf

SHA512
9e8ea6c05f9e2dd07a61f17375eeeef58385083b466cf47633442c1f67eeaf816450bdfc16e053b27e953dbe266a0237aad6795b853b7c0760f62222dc27118e

Download Submit
\Windows\system\YLhlosL.exe

Filesize
6.0MB

MD5
9b8ff6266b471f0e84d4bcffe2a8643f

SHA1
d1fe0c02de27547f658555223a2ce928070f6121

SHA256
5dcd6661d66fed1ea2ab144c17accda798dae7e8affb5637a96556782274c6d7

SHA512
601f3a438b03f49e131d001edcbb4e344bd6ef55af428c07082708c0f0ef7135915881b3ec330b7370de46e17f3f3929b3716f07a49ef00ff63b34e25dfd03dd

Download Submit
\Windows\system\bxaWfUE.exe

Filesize
6.0MB

MD5
603b5245ede9cab91cbdf4abcff6b520

SHA1
6be13467d4033f46b7bc2f83237c975fd4a3b315

SHA256
c34be4237638e66a1b382534f36d0e0f219950b38a535a5d575510f3a01ab7e1

SHA512
f1a6d6f4826db9277c7b614e66d691ac0698eb93464ff5c30e29f1b2f3c6eb88906efa1b15effb0bcf11e2ca4ccb47cef2396ea029b47367b5ebec429905f1b2

Download Submit
\Windows\system\hGpghEF.exe

Filesize
6.0MB

MD5
71427b6943dbdad2d9208a3336f62b81

SHA1
c2fe526bddf96ef73757c8cf479346a149c8a869

SHA256
875fed450cc80938344df47116630f99ce4ca03d1dabc8965857340c88bb3822

SHA512
37795f3623d7e57d7479cd4b66b85f8d8f2659ce1474ee5145d20605ceede9017169101d2976fccc17451c8ebb10f50ba9b40b40e1ec42fd63a77f7763523da8

Download Submit
\Windows\system\pMKZWZr.exe

Filesize
6.0MB

MD5
a0b02992b0daaef8f0f958ce58691839

SHA1
06602cf0f35d49dc522a7fed0144b8001e7d4a02

SHA256
cbc0b77dd884e0f002fea63ad39f6f47c013be358c9e852011df9b4a926bb765

SHA512
8e0ac77c57c3dd546b6ee16938ec11235308a45edea47e9ea89f6c811924d88aa2bdda84413610b7bbe68867441007e15930735cbbad3b792d1b186fd9db0af5

Download Submit
\Windows\system\qjrcTOR.exe

Filesize
6.0MB

MD5
6cdbc4a313931a6adcb4dd53ca5dcad3

SHA1
7210ec7af8b5b72bf0394665aa6a1c19904e26ad

SHA256
b09ad6d4d071deda8c9b50b7f7a7d11fe60cbab4a2cf78a457ee030ef8d8ef8f

SHA512
948ff9cb5b32fac25a35ab9deeb8ec1121fca659b9965747861d3fdd9dbee549c2ee728d536acfcf9e83939e514db233c00ab94a15f3bb95303b2e7e90485c14

Download Submit
\Windows\system\rrrFsEy.exe

Filesize
6.0MB

MD5
5b9eab9d9ca66b52067430cdd47f3c78

SHA1
2971c40f74316757ad38d87a302b5cf8971118a9

SHA256
65f02bd7c64d5ff976055c1a83862f2a2ace11899451ea8167b4e56dd9184868

SHA512
928aee5dfba4adbfa82be028b582aa084c01c539427877eb87ee1738e4b3edb98f26ae513554f1c2f396df547c0c2ed6758eca475d018479c55c0fb987e4eeca

Download Submit
\Windows\system\szoooNh.exe

Filesize
6.0MB

MD5
38363543faf5f2c58900667e7d7e126b

SHA1
21b0cc59789887ad5f6475764b06c678183608c7

SHA256
d78ceebb97147bf375ac3ab33324d0186dc1ca813a2d074ce3d0b735104bdfb6

SHA512
18ecedb96479fc0bd94b37aa64ae5438e044141df1c45883fbe02364a8634605239d7e5bc770cf5e3d1dee9acf875ea15ff78cbd8158f87ea39d5be10a7a83a0

Download Submit
memory/1740-4039-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1740-22-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1740-56-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1788-4040-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1788-18-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2100-33-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2100-849-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2100-43-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2100-26-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-135-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2100-105-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2100-153-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2100-40-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2100-130-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2100-54-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2100-19-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2100-244-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2100-0-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2100-110-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-374-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2100-88-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2100-80-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2100-11-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-563-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2100-63-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2448-35-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-4041-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-241-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-248-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2452-57-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2452-4046-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2520-17-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-4038-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-4048-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2616-173-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2652-107-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4049-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2752-42-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4044-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2752-242-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2788-73-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-4042-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-28-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-101-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2836-4050-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2856-249-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4045-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2856-67-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2868-94-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-4047-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-4043-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2984-49-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2984-243-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download