cobaltstrike | 007055cf57ec50c4cc5c7a5bf04b7ad75abb275cd406665bd8840321fb1d0b72

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

f6d48b2254fb4b609badbef520a9b180
SHA1

8c3c653388fb8f577e525cf24b3cac49f8cce178
SHA256

007055cf57ec50c4cc5c7a5bf04b7ad75abb275cd406665bd8840321fb1d0b72
SHA512

cf84e66446e05539402b347adad678b758d2d605691305eaca88e634da99b7eb0ac0c9b1e270c4fb1be86349c092921e64cfdcf8f1a826b25c39f5acaea960dd
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000017409-5.dat	cobalt_reflective_dll
behavioral1/files/0x000e00000001434d-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001747b-20.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174ac-26.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001752f-40.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000173e4-34.dat	cobalt_reflective_dll
behavioral1/files/0x001600000001866d-46.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000018678-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018690-62.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-101.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2120-0-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x0007000000017409-5.dat	xmrig
behavioral1/files/0x000e00000001434d-3.dat	xmrig
behavioral1/files/0x000800000001747b-20.dat	xmrig
behavioral1/memory/3004-21-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2968-19-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2344-12-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x00070000000174ac-26.dat	xmrig
behavioral1/memory/292-29-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2120-41-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2788-35-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2200-42-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x000700000001752f-40.dat	xmrig
behavioral1/files/0x00090000000173e4-34.dat	xmrig
behavioral1/memory/2344-44-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x001600000001866d-46.dat	xmrig
behavioral1/memory/2752-53-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2120-51-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/3004-49-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x000b000000018678-54.dat	xmrig
behavioral1/memory/2120-58-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/memory/292-57-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2888-61-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018690-62.dat	xmrig
behavioral1/memory/2588-69-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2120-67-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/memory/2788-65-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x00050000000193be-70.dat	xmrig
behavioral1/memory/2200-73-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2584-76-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2984-83-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193cc-84.dat	xmrig
behavioral1/memory/604-88-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2120-82-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c4-81.dat	xmrig
behavioral1/files/0x00050000000193d9-90.dat	xmrig
behavioral1/files/0x000500000001942f-113.dat	xmrig
behavioral1/files/0x0005000000019625-162.dat	xmrig
behavioral1/files/0x0005000000019639-173.dat	xmrig
behavioral1/memory/2584-193-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019629-169.dat	xmrig
behavioral1/files/0x0005000000019627-165.dat	xmrig
behavioral1/files/0x0005000000019623-157.dat	xmrig
behavioral1/files/0x0005000000019621-154.dat	xmrig
behavioral1/files/0x0005000000019620-150.dat	xmrig
behavioral1/files/0x000500000001961f-145.dat	xmrig
behavioral1/files/0x000500000001961d-142.dat	xmrig
behavioral1/files/0x000500000001961b-137.dat	xmrig
behavioral1/files/0x00050000000195e4-133.dat	xmrig
behavioral1/files/0x0005000000019539-129.dat	xmrig
behavioral1/files/0x00050000000194d8-125.dat	xmrig
behavioral1/files/0x000500000001947e-121.dat	xmrig
behavioral1/files/0x0005000000019441-117.dat	xmrig
behavioral1/files/0x0005000000019403-109.dat	xmrig
behavioral1/files/0x0005000000019401-106.dat	xmrig
behavioral1/files/0x00050000000193df-101.dat	xmrig
behavioral1/memory/1788-96-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2120-95-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/memory/2120-91-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/memory/2968-3274-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2344-3283-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/3004-3378-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/292-3382-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2788-3390-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2344	IQsQRQb.exe
2968	RGKiton.exe
3004	LbyEwSJ.exe
292	paymKvg.exe
2788	wpnMmpz.exe
2200	dykrClE.exe
2752	ZKIhWcL.exe
2888	ZCotteP.exe
2588	LFcmHED.exe
2584	tiCqDgz.exe
2984	YFaeRjN.exe
604	SsGSOol.exe
1788	KPRbvHT.exe
568	NbDGFdy.exe
1960	rcWwzee.exe
1660	tyHxhxG.exe
2508	ylevmah.exe
764	OLFLWMb.exe
1880	dcxFpHT.exe
2496	abrZUbw.exe
1144	uxOqjXh.exe
1516	OvKLpPy.exe
2040	ZjlPtqD.exe
2600	rxLSSpi.exe
1860	bibykJs.exe
1552	aOjibfJ.exe
2884	aVtsnZU.exe
2404	PijsOXC.exe
2836	vqXpcuB.exe
1472	VWxQNxR.exe
412	zbckQBE.exe
2400	wfGirdu.exe
740	LdaZDoB.exe
952	RxHyEfa.exe
1228	fMWLuJk.exe
1432	mCtusbb.exe
1640	gXtqiTm.exe
1916	qytmkgK.exe
1672	eRaFeaN.exe
736	GMUCDZs.exe
1576	abAucPA.exe
2240	UsFrSrG.exe
932	hwIMUlE.exe
2096	sQrsBCO.exe
1632	PKqmGqf.exe
1728	kjwiEmH.exe
1072	lhJXcRc.exe
676	AkWNzHE.exe
2276	gRCoVHE.exe
2068	EjjSgiH.exe
2056	qvAxUBp.exe
2264	aHsplxC.exe
2368	trzvvPc.exe
2212	qiYioGZ.exe
3052	LeLrwRR.exe
1000	NAsKwRx.exe
2464	eNNQfXa.exe
488	zkwJqva.exe
896	UfCnvvd.exe
1260	NoeouMR.exe
2044	tdpDqUP.exe
1980	RGtdyDO.exe
1544	EIkLVFo.exe
2612	NtcgaUX.exe

Loads dropped DLL 64 IoCs

pid	Process
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2120-0-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x0007000000017409-5.dat	upx
behavioral1/files/0x000e00000001434d-3.dat	upx
behavioral1/files/0x000800000001747b-20.dat	upx
behavioral1/memory/3004-21-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2968-19-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2344-12-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x00070000000174ac-26.dat	upx
behavioral1/memory/292-29-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2120-41-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2788-35-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2200-42-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x000700000001752f-40.dat	upx
behavioral1/files/0x00090000000173e4-34.dat	upx
behavioral1/memory/2344-44-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x001600000001866d-46.dat	upx
behavioral1/memory/2752-53-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/3004-49-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x000b000000018678-54.dat	upx
behavioral1/memory/292-57-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2888-61-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x0007000000018690-62.dat	upx
behavioral1/memory/2588-69-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2788-65-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x00050000000193be-70.dat	upx
behavioral1/memory/2200-73-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2584-76-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2984-83-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x00050000000193cc-84.dat	upx
behavioral1/memory/604-88-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x00050000000193c4-81.dat	upx
behavioral1/files/0x00050000000193d9-90.dat	upx
behavioral1/files/0x000500000001942f-113.dat	upx
behavioral1/files/0x0005000000019625-162.dat	upx
behavioral1/files/0x0005000000019639-173.dat	upx
behavioral1/memory/2584-193-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x0005000000019629-169.dat	upx
behavioral1/files/0x0005000000019627-165.dat	upx
behavioral1/files/0x0005000000019623-157.dat	upx
behavioral1/files/0x0005000000019621-154.dat	upx
behavioral1/files/0x0005000000019620-150.dat	upx
behavioral1/files/0x000500000001961f-145.dat	upx
behavioral1/files/0x000500000001961d-142.dat	upx
behavioral1/files/0x000500000001961b-137.dat	upx
behavioral1/files/0x00050000000195e4-133.dat	upx
behavioral1/files/0x0005000000019539-129.dat	upx
behavioral1/files/0x00050000000194d8-125.dat	upx
behavioral1/files/0x000500000001947e-121.dat	upx
behavioral1/files/0x0005000000019441-117.dat	upx
behavioral1/files/0x0005000000019403-109.dat	upx
behavioral1/files/0x0005000000019401-106.dat	upx
behavioral1/files/0x00050000000193df-101.dat	upx
behavioral1/memory/1788-96-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2968-3274-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2344-3283-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/3004-3378-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/292-3382-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2788-3390-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2200-3476-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2752-3692-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2888-3708-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2588-3777-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2584-3834-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/604-4064-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LgkPUle.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsijQfb.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdgXYxF.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDIyJfT.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWHoxpe.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggINWTS.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuzRuLz.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeouTNe.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekvqXHZ.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDtDdoT.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqbBeUf.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwQoZYD.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmhmaBv.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVTCcza.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWLSAuZ.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHhDBJK.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ugjZAUr.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ccFFern.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIaZSmm.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjzhGPb.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNpLYIM.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFrLvZJ.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\faMwEdY.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LeSDgMj.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqWuaVb.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGUZtvS.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajWSDgI.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPRbvHT.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EumvJMd.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIquqeN.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smXbbCZ.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKsmxRF.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVxpzhz.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjFRwoZ.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ONnwNUE.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngcwGJX.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rJSRrML.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rWpTdoM.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdBxPRm.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvWtSnt.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYkOuFt.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdBRsug.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maQQSZw.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSDfgKS.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEeEIhz.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LpsunmN.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDZfxVD.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdoIzTR.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLPRwzN.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TqeTBau.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJznSCY.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQwqvtL.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgMymJR.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAdFsyS.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGxWUGX.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJgbpxp.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcwGvUE.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKFniZx.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNqEZjv.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZefmWT.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EoOmaFm.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBrqBpF.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PLsqEKu.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KpllUKu.exe	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2344	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2120 wrote to memory of 2344	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2120 wrote to memory of 2344	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2120 wrote to memory of 2968	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2120 wrote to memory of 2968	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2120 wrote to memory of 2968	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2120 wrote to memory of 3004	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2120 wrote to memory of 3004	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2120 wrote to memory of 3004	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2120 wrote to memory of 292	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2120 wrote to memory of 292	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2120 wrote to memory of 292	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2120 wrote to memory of 2788	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2120 wrote to memory of 2788	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2120 wrote to memory of 2788	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2120 wrote to memory of 2200	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2120 wrote to memory of 2200	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2120 wrote to memory of 2200	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2120 wrote to memory of 2752	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2120 wrote to memory of 2752	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2120 wrote to memory of 2752	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2120 wrote to memory of 2888	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2120 wrote to memory of 2888	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2120 wrote to memory of 2888	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2120 wrote to memory of 2588	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2120 wrote to memory of 2588	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2120 wrote to memory of 2588	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2120 wrote to memory of 2584	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2120 wrote to memory of 2584	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2120 wrote to memory of 2584	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2120 wrote to memory of 2984	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2120 wrote to memory of 2984	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2120 wrote to memory of 2984	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2120 wrote to memory of 604	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2120 wrote to memory of 604	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2120 wrote to memory of 604	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2120 wrote to memory of 1788	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2120 wrote to memory of 1788	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2120 wrote to memory of 1788	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2120 wrote to memory of 568	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2120 wrote to memory of 568	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2120 wrote to memory of 568	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2120 wrote to memory of 1960	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2120 wrote to memory of 1960	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2120 wrote to memory of 1960	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2120 wrote to memory of 1660	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2120 wrote to memory of 1660	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2120 wrote to memory of 1660	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2120 wrote to memory of 2508	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2120 wrote to memory of 2508	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2120 wrote to memory of 2508	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2120 wrote to memory of 764	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2120 wrote to memory of 764	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2120 wrote to memory of 764	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2120 wrote to memory of 1880	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2120 wrote to memory of 1880	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2120 wrote to memory of 1880	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2120 wrote to memory of 2496	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2120 wrote to memory of 2496	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2120 wrote to memory of 2496	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2120 wrote to memory of 1144	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2120 wrote to memory of 1144	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2120 wrote to memory of 1144	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2120 wrote to memory of 1516	2120	2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_f6d48b2254fb4b609badbef520a9b180_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\System\IQsQRQb.exe
  C:\Windows\System\IQsQRQb.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\RGKiton.exe
  C:\Windows\System\RGKiton.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\LbyEwSJ.exe
  C:\Windows\System\LbyEwSJ.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\paymKvg.exe
  C:\Windows\System\paymKvg.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\wpnMmpz.exe
  C:\Windows\System\wpnMmpz.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\dykrClE.exe
  C:\Windows\System\dykrClE.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\ZKIhWcL.exe
  C:\Windows\System\ZKIhWcL.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\ZCotteP.exe
  C:\Windows\System\ZCotteP.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\LFcmHED.exe
  C:\Windows\System\LFcmHED.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\tiCqDgz.exe
  C:\Windows\System\tiCqDgz.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\YFaeRjN.exe
  C:\Windows\System\YFaeRjN.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\SsGSOol.exe
  C:\Windows\System\SsGSOol.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\KPRbvHT.exe
  C:\Windows\System\KPRbvHT.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\NbDGFdy.exe
  C:\Windows\System\NbDGFdy.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\rcWwzee.exe
  C:\Windows\System\rcWwzee.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\tyHxhxG.exe
  C:\Windows\System\tyHxhxG.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\ylevmah.exe
  C:\Windows\System\ylevmah.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\OLFLWMb.exe
  C:\Windows\System\OLFLWMb.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\dcxFpHT.exe
  C:\Windows\System\dcxFpHT.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\abrZUbw.exe
  C:\Windows\System\abrZUbw.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\uxOqjXh.exe
  C:\Windows\System\uxOqjXh.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\OvKLpPy.exe
  C:\Windows\System\OvKLpPy.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\ZjlPtqD.exe
  C:\Windows\System\ZjlPtqD.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\rxLSSpi.exe
  C:\Windows\System\rxLSSpi.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\bibykJs.exe
  C:\Windows\System\bibykJs.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\aOjibfJ.exe
  C:\Windows\System\aOjibfJ.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\aVtsnZU.exe
  C:\Windows\System\aVtsnZU.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\PijsOXC.exe
  C:\Windows\System\PijsOXC.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\vqXpcuB.exe
  C:\Windows\System\vqXpcuB.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\VWxQNxR.exe
  C:\Windows\System\VWxQNxR.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\zbckQBE.exe
  C:\Windows\System\zbckQBE.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\wfGirdu.exe
  C:\Windows\System\wfGirdu.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\LdaZDoB.exe
  C:\Windows\System\LdaZDoB.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\RxHyEfa.exe
  C:\Windows\System\RxHyEfa.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\fMWLuJk.exe
  C:\Windows\System\fMWLuJk.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\mCtusbb.exe
  C:\Windows\System\mCtusbb.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\gXtqiTm.exe
  C:\Windows\System\gXtqiTm.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\qytmkgK.exe
  C:\Windows\System\qytmkgK.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\eRaFeaN.exe
  C:\Windows\System\eRaFeaN.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\GMUCDZs.exe
  C:\Windows\System\GMUCDZs.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\abAucPA.exe
  C:\Windows\System\abAucPA.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\UsFrSrG.exe
  C:\Windows\System\UsFrSrG.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\hwIMUlE.exe
  C:\Windows\System\hwIMUlE.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\sQrsBCO.exe
  C:\Windows\System\sQrsBCO.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\PKqmGqf.exe
  C:\Windows\System\PKqmGqf.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\kjwiEmH.exe
  C:\Windows\System\kjwiEmH.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\lhJXcRc.exe
  C:\Windows\System\lhJXcRc.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\AkWNzHE.exe
  C:\Windows\System\AkWNzHE.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\gRCoVHE.exe
  C:\Windows\System\gRCoVHE.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\EjjSgiH.exe
  C:\Windows\System\EjjSgiH.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\qvAxUBp.exe
  C:\Windows\System\qvAxUBp.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\aHsplxC.exe
  C:\Windows\System\aHsplxC.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\trzvvPc.exe
  C:\Windows\System\trzvvPc.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\qiYioGZ.exe
  C:\Windows\System\qiYioGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\LeLrwRR.exe
  C:\Windows\System\LeLrwRR.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\NAsKwRx.exe
  C:\Windows\System\NAsKwRx.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\eNNQfXa.exe
  C:\Windows\System\eNNQfXa.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\zkwJqva.exe
  C:\Windows\System\zkwJqva.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\UfCnvvd.exe
  C:\Windows\System\UfCnvvd.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\NoeouMR.exe
  C:\Windows\System\NoeouMR.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\tdpDqUP.exe
  C:\Windows\System\tdpDqUP.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\RGtdyDO.exe
  C:\Windows\System\RGtdyDO.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\EIkLVFo.exe
  C:\Windows\System\EIkLVFo.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\NtcgaUX.exe
  C:\Windows\System\NtcgaUX.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\daQzFys.exe
  C:\Windows\System\daQzFys.exe
  2⤵
  PID:1976
- C:\Windows\System\YSYhOYq.exe
  C:\Windows\System\YSYhOYq.exe
  2⤵
  PID:2480
- C:\Windows\System\qocaPpf.exe
  C:\Windows\System\qocaPpf.exe
  2⤵
  PID:3044
- C:\Windows\System\hOnydBv.exe
  C:\Windows\System\hOnydBv.exe
  2⤵
  PID:2132
- C:\Windows\System\eTyiYBy.exe
  C:\Windows\System\eTyiYBy.exe
  2⤵
  PID:2640
- C:\Windows\System\iOiFVZk.exe
  C:\Windows\System\iOiFVZk.exe
  2⤵
  PID:3012
- C:\Windows\System\YzbTEVX.exe
  C:\Windows\System\YzbTEVX.exe
  2⤵
  PID:1084
- C:\Windows\System\wrePrKI.exe
  C:\Windows\System\wrePrKI.exe
  2⤵
  PID:3000
- C:\Windows\System\JZxemeS.exe
  C:\Windows\System\JZxemeS.exe
  2⤵
  PID:2656
- C:\Windows\System\PlxYOIf.exe
  C:\Windows\System\PlxYOIf.exe
  2⤵
  PID:1776
- C:\Windows\System\fJbMfqH.exe
  C:\Windows\System\fJbMfqH.exe
  2⤵
  PID:2692
- C:\Windows\System\EiuJKdf.exe
  C:\Windows\System\EiuJKdf.exe
  2⤵
  PID:2680
- C:\Windows\System\LrPjgeA.exe
  C:\Windows\System\LrPjgeA.exe
  2⤵
  PID:2560
- C:\Windows\System\uYNzmPG.exe
  C:\Windows\System\uYNzmPG.exe
  2⤵
  PID:1800
- C:\Windows\System\MZJUhAB.exe
  C:\Windows\System\MZJUhAB.exe
  2⤵
  PID:2348
- C:\Windows\System\HJOxtjf.exe
  C:\Windows\System\HJOxtjf.exe
  2⤵
  PID:3020
- C:\Windows\System\KkskJMX.exe
  C:\Windows\System\KkskJMX.exe
  2⤵
  PID:2564
- C:\Windows\System\SDsSsqn.exe
  C:\Windows\System\SDsSsqn.exe
  2⤵
  PID:2604
- C:\Windows\System\CKyOPhR.exe
  C:\Windows\System\CKyOPhR.exe
  2⤵
  PID:2260
- C:\Windows\System\vWrjizy.exe
  C:\Windows\System\vWrjizy.exe
  2⤵
  PID:1520
- C:\Windows\System\EumvJMd.exe
  C:\Windows\System\EumvJMd.exe
  2⤵
  PID:1932
- C:\Windows\System\nQhvsSn.exe
  C:\Windows\System\nQhvsSn.exe
  2⤵
  PID:760
- C:\Windows\System\ISafTzd.exe
  C:\Windows\System\ISafTzd.exe
  2⤵
  PID:108
- C:\Windows\System\qlyoxSo.exe
  C:\Windows\System\qlyoxSo.exe
  2⤵
  PID:1232
- C:\Windows\System\NsnVAfA.exe
  C:\Windows\System\NsnVAfA.exe
  2⤵
  PID:2820
- C:\Windows\System\KSpNjPw.exe
  C:\Windows\System\KSpNjPw.exe
  2⤵
  PID:2860
- C:\Windows\System\LpsunmN.exe
  C:\Windows\System\LpsunmN.exe
  2⤵
  PID:2628
- C:\Windows\System\aKFSupa.exe
  C:\Windows\System\aKFSupa.exe
  2⤵
  PID:2084
- C:\Windows\System\AuaxNYM.exe
  C:\Windows\System\AuaxNYM.exe
  2⤵
  PID:1456
- C:\Windows\System\mxMQmHk.exe
  C:\Windows\System\mxMQmHk.exe
  2⤵
  PID:2808
- C:\Windows\System\olMKKHZ.exe
  C:\Windows\System\olMKKHZ.exe
  2⤵
  PID:1308
- C:\Windows\System\ZUVgrjU.exe
  C:\Windows\System\ZUVgrjU.exe
  2⤵
  PID:1604
- C:\Windows\System\CvmFRHT.exe
  C:\Windows\System\CvmFRHT.exe
  2⤵
  PID:1680
- C:\Windows\System\HKhyolC.exe
  C:\Windows\System\HKhyolC.exe
  2⤵
  PID:2824
- C:\Windows\System\sNBftiQ.exe
  C:\Windows\System\sNBftiQ.exe
  2⤵
  PID:1792
- C:\Windows\System\XqamJif.exe
  C:\Windows\System\XqamJif.exe
  2⤵
  PID:2228
- C:\Windows\System\SNbQeLB.exe
  C:\Windows\System\SNbQeLB.exe
  2⤵
  PID:788
- C:\Windows\System\pmSxtQn.exe
  C:\Windows\System\pmSxtQn.exe
  2⤵
  PID:2444
- C:\Windows\System\PIPhPyg.exe
  C:\Windows\System\PIPhPyg.exe
  2⤵
  PID:1740
- C:\Windows\System\orjytaC.exe
  C:\Windows\System\orjytaC.exe
  2⤵
  PID:2432
- C:\Windows\System\LJoYvsh.exe
  C:\Windows\System\LJoYvsh.exe
  2⤵
  PID:1716
- C:\Windows\System\TPzdOXC.exe
  C:\Windows\System\TPzdOXC.exe
  2⤵
  PID:1596
- C:\Windows\System\MeUVEna.exe
  C:\Windows\System\MeUVEna.exe
  2⤵
  PID:1440
- C:\Windows\System\JnomdCb.exe
  C:\Windows\System\JnomdCb.exe
  2⤵
  PID:2940
- C:\Windows\System\GLsMezm.exe
  C:\Windows\System\GLsMezm.exe
  2⤵
  PID:1536
- C:\Windows\System\seDesrP.exe
  C:\Windows\System\seDesrP.exe
  2⤵
  PID:372
- C:\Windows\System\suDUcss.exe
  C:\Windows\System\suDUcss.exe
  2⤵
  PID:2716
- C:\Windows\System\GlIIboZ.exe
  C:\Windows\System\GlIIboZ.exe
  2⤵
  PID:2728
- C:\Windows\System\mYTdDJj.exe
  C:\Windows\System\mYTdDJj.exe
  2⤵
  PID:2376
- C:\Windows\System\ODzGhFy.exe
  C:\Windows\System\ODzGhFy.exe
  2⤵
  PID:2832
- C:\Windows\System\uKSLdpp.exe
  C:\Windows\System\uKSLdpp.exe
  2⤵
  PID:2676
- C:\Windows\System\NaAwsiV.exe
  C:\Windows\System\NaAwsiV.exe
  2⤵
  PID:3064
- C:\Windows\System\mTmAjEA.exe
  C:\Windows\System\mTmAjEA.exe
  2⤵
  PID:2696
- C:\Windows\System\QPnOxeI.exe
  C:\Windows\System\QPnOxeI.exe
  2⤵
  PID:2532
- C:\Windows\System\ljiZTFO.exe
  C:\Windows\System\ljiZTFO.exe
  2⤵
  PID:2580
- C:\Windows\System\vdwhnVB.exe
  C:\Windows\System\vdwhnVB.exe
  2⤵
  PID:1852
- C:\Windows\System\DObNHUO.exe
  C:\Windows\System\DObNHUO.exe
  2⤵
  PID:528
- C:\Windows\System\nLdMHLl.exe
  C:\Windows\System\nLdMHLl.exe
  2⤵
  PID:1760
- C:\Windows\System\dWURnAe.exe
  C:\Windows\System\dWURnAe.exe
  2⤵
  PID:1200
- C:\Windows\System\fehNflg.exe
  C:\Windows\System\fehNflg.exe
  2⤵
  PID:1408
- C:\Windows\System\VupRanE.exe
  C:\Windows\System\VupRanE.exe
  2⤵
  PID:1088
- C:\Windows\System\GEPzJQU.exe
  C:\Windows\System\GEPzJQU.exe
  2⤵
  PID:3024
- C:\Windows\System\yuYZWEt.exe
  C:\Windows\System\yuYZWEt.exe
  2⤵
  PID:3068
- C:\Windows\System\uRCiqjZ.exe
  C:\Windows\System\uRCiqjZ.exe
  2⤵
  PID:948
- C:\Windows\System\dEIkxii.exe
  C:\Windows\System\dEIkxii.exe
  2⤵
  PID:1524
- C:\Windows\System\pkbPaPY.exe
  C:\Windows\System\pkbPaPY.exe
  2⤵
  PID:684
- C:\Windows\System\FSDPVny.exe
  C:\Windows\System\FSDPVny.exe
  2⤵
  PID:1316
- C:\Windows\System\vysqYhr.exe
  C:\Windows\System\vysqYhr.exe
  2⤵
  PID:1212
- C:\Windows\System\JEzAqJs.exe
  C:\Windows\System\JEzAqJs.exe
  2⤵
  PID:1512
- C:\Windows\System\myXZxaK.exe
  C:\Windows\System\myXZxaK.exe
  2⤵
  PID:3016
- C:\Windows\System\NcyGhUw.exe
  C:\Windows\System\NcyGhUw.exe
  2⤵
  PID:3048
- C:\Windows\System\wjOtpBc.exe
  C:\Windows\System\wjOtpBc.exe
  2⤵
  PID:2712
- C:\Windows\System\pSjntBR.exe
  C:\Windows\System\pSjntBR.exe
  2⤵
  PID:2700
- C:\Windows\System\Xnyiflr.exe
  C:\Windows\System\Xnyiflr.exe
  2⤵
  PID:1964
- C:\Windows\System\POBQHxk.exe
  C:\Windows\System\POBQHxk.exe
  2⤵
  PID:336
- C:\Windows\System\EoOmaFm.exe
  C:\Windows\System\EoOmaFm.exe
  2⤵
  PID:2916
- C:\Windows\System\RSOTjBh.exe
  C:\Windows\System\RSOTjBh.exe
  2⤵
  PID:992
- C:\Windows\System\BJneDiQ.exe
  C:\Windows\System\BJneDiQ.exe
  2⤵
  PID:900
- C:\Windows\System\cGoekpV.exe
  C:\Windows\System\cGoekpV.exe
  2⤵
  PID:1628
- C:\Windows\System\FZqXzAx.exe
  C:\Windows\System\FZqXzAx.exe
  2⤵
  PID:988
- C:\Windows\System\NXcGOnb.exe
  C:\Windows\System\NXcGOnb.exe
  2⤵
  PID:1188
- C:\Windows\System\TwQoZYD.exe
  C:\Windows\System\TwQoZYD.exe
  2⤵
  PID:2800
- C:\Windows\System\rKFpAYU.exe
  C:\Windows\System\rKFpAYU.exe
  2⤵
  PID:2756
- C:\Windows\System\fZTjoJW.exe
  C:\Windows\System\fZTjoJW.exe
  2⤵
  PID:3088
- C:\Windows\System\dxjEaZk.exe
  C:\Windows\System\dxjEaZk.exe
  2⤵
  PID:3104
- C:\Windows\System\SZDbALC.exe
  C:\Windows\System\SZDbALC.exe
  2⤵
  PID:3120
- C:\Windows\System\aNrtKXQ.exe
  C:\Windows\System\aNrtKXQ.exe
  2⤵
  PID:3136
- C:\Windows\System\jofpfMa.exe
  C:\Windows\System\jofpfMa.exe
  2⤵
  PID:3152
- C:\Windows\System\mKqocrP.exe
  C:\Windows\System\mKqocrP.exe
  2⤵
  PID:3168
- C:\Windows\System\LMQsGWf.exe
  C:\Windows\System\LMQsGWf.exe
  2⤵
  PID:3184
- C:\Windows\System\kqNvNgV.exe
  C:\Windows\System\kqNvNgV.exe
  2⤵
  PID:3200
- C:\Windows\System\XurNTFA.exe
  C:\Windows\System\XurNTFA.exe
  2⤵
  PID:3216
- C:\Windows\System\jEGpxtW.exe
  C:\Windows\System\jEGpxtW.exe
  2⤵
  PID:3232
- C:\Windows\System\PBEVpzY.exe
  C:\Windows\System\PBEVpzY.exe
  2⤵
  PID:3248
- C:\Windows\System\XgbktnL.exe
  C:\Windows\System\XgbktnL.exe
  2⤵
  PID:3264
- C:\Windows\System\qHaBMGG.exe
  C:\Windows\System\qHaBMGG.exe
  2⤵
  PID:3280
- C:\Windows\System\yJavsIO.exe
  C:\Windows\System\yJavsIO.exe
  2⤵
  PID:3296
- C:\Windows\System\uhZeITr.exe
  C:\Windows\System\uhZeITr.exe
  2⤵
  PID:3312
- C:\Windows\System\NBGeGyV.exe
  C:\Windows\System\NBGeGyV.exe
  2⤵
  PID:3328
- C:\Windows\System\rKTfLHc.exe
  C:\Windows\System\rKTfLHc.exe
  2⤵
  PID:3344
- C:\Windows\System\dwaZdTU.exe
  C:\Windows\System\dwaZdTU.exe
  2⤵
  PID:3360
- C:\Windows\System\CSQxDGl.exe
  C:\Windows\System\CSQxDGl.exe
  2⤵
  PID:3376
- C:\Windows\System\ErIntQk.exe
  C:\Windows\System\ErIntQk.exe
  2⤵
  PID:3392
- C:\Windows\System\aDXsSHw.exe
  C:\Windows\System\aDXsSHw.exe
  2⤵
  PID:3408
- C:\Windows\System\CsCAaaz.exe
  C:\Windows\System\CsCAaaz.exe
  2⤵
  PID:3424
- C:\Windows\System\iPaCAwO.exe
  C:\Windows\System\iPaCAwO.exe
  2⤵
  PID:3440
- C:\Windows\System\gfityOH.exe
  C:\Windows\System\gfityOH.exe
  2⤵
  PID:3456
- C:\Windows\System\ZXiJJVF.exe
  C:\Windows\System\ZXiJJVF.exe
  2⤵
  PID:3472
- C:\Windows\System\rTsxMkx.exe
  C:\Windows\System\rTsxMkx.exe
  2⤵
  PID:3488
- C:\Windows\System\uJznSCY.exe
  C:\Windows\System\uJznSCY.exe
  2⤵
  PID:3504
- C:\Windows\System\VsuWdWV.exe
  C:\Windows\System\VsuWdWV.exe
  2⤵
  PID:3520
- C:\Windows\System\htTCrWy.exe
  C:\Windows\System\htTCrWy.exe
  2⤵
  PID:3536
- C:\Windows\System\SwgwJWw.exe
  C:\Windows\System\SwgwJWw.exe
  2⤵
  PID:3552
- C:\Windows\System\tCgKlZk.exe
  C:\Windows\System\tCgKlZk.exe
  2⤵
  PID:3568
- C:\Windows\System\WyeQxqt.exe
  C:\Windows\System\WyeQxqt.exe
  2⤵
  PID:3584
- C:\Windows\System\CGANcEG.exe
  C:\Windows\System\CGANcEG.exe
  2⤵
  PID:3600
- C:\Windows\System\JhCEWFv.exe
  C:\Windows\System\JhCEWFv.exe
  2⤵
  PID:3616
- C:\Windows\System\lgljrAH.exe
  C:\Windows\System\lgljrAH.exe
  2⤵
  PID:3632
- C:\Windows\System\ukJBWwM.exe
  C:\Windows\System\ukJBWwM.exe
  2⤵
  PID:3648
- C:\Windows\System\ZVeYsII.exe
  C:\Windows\System\ZVeYsII.exe
  2⤵
  PID:3664
- C:\Windows\System\fuHHHsz.exe
  C:\Windows\System\fuHHHsz.exe
  2⤵
  PID:3680
- C:\Windows\System\skTRvCs.exe
  C:\Windows\System\skTRvCs.exe
  2⤵
  PID:3700
- C:\Windows\System\OnwKTWn.exe
  C:\Windows\System\OnwKTWn.exe
  2⤵
  PID:3716
- C:\Windows\System\noRaMIt.exe
  C:\Windows\System\noRaMIt.exe
  2⤵
  PID:3732
- C:\Windows\System\FFaCVKc.exe
  C:\Windows\System\FFaCVKc.exe
  2⤵
  PID:3748
- C:\Windows\System\phcffcT.exe
  C:\Windows\System\phcffcT.exe
  2⤵
  PID:3764
- C:\Windows\System\nxHovJQ.exe
  C:\Windows\System\nxHovJQ.exe
  2⤵
  PID:3780
- C:\Windows\System\sDZfxVD.exe
  C:\Windows\System\sDZfxVD.exe
  2⤵
  PID:3796
- C:\Windows\System\vbAyGMj.exe
  C:\Windows\System\vbAyGMj.exe
  2⤵
  PID:3816
- C:\Windows\System\SkwoVzi.exe
  C:\Windows\System\SkwoVzi.exe
  2⤵
  PID:3832
- C:\Windows\System\xyxgiao.exe
  C:\Windows\System\xyxgiao.exe
  2⤵
  PID:3848
- C:\Windows\System\ovxIhUd.exe
  C:\Windows\System\ovxIhUd.exe
  2⤵
  PID:3864
- C:\Windows\System\AythWdr.exe
  C:\Windows\System\AythWdr.exe
  2⤵
  PID:3880
- C:\Windows\System\YqElxBF.exe
  C:\Windows\System\YqElxBF.exe
  2⤵
  PID:3896
- C:\Windows\System\xChWAVf.exe
  C:\Windows\System\xChWAVf.exe
  2⤵
  PID:3912
- C:\Windows\System\FcTNZAf.exe
  C:\Windows\System\FcTNZAf.exe
  2⤵
  PID:3928
- C:\Windows\System\DqHqUvX.exe
  C:\Windows\System\DqHqUvX.exe
  2⤵
  PID:3944
- C:\Windows\System\KbwqaBj.exe
  C:\Windows\System\KbwqaBj.exe
  2⤵
  PID:3960
- C:\Windows\System\vpVEasu.exe
  C:\Windows\System\vpVEasu.exe
  2⤵
  PID:3976
- C:\Windows\System\fehbqqv.exe
  C:\Windows\System\fehbqqv.exe
  2⤵
  PID:3992
- C:\Windows\System\HSyCVBR.exe
  C:\Windows\System\HSyCVBR.exe
  2⤵
  PID:4008
- C:\Windows\System\HWIapgg.exe
  C:\Windows\System\HWIapgg.exe
  2⤵
  PID:4024
- C:\Windows\System\GUikvnY.exe
  C:\Windows\System\GUikvnY.exe
  2⤵
  PID:4040
- C:\Windows\System\YAkJTCR.exe
  C:\Windows\System\YAkJTCR.exe
  2⤵
  PID:4056
- C:\Windows\System\PCBJrNE.exe
  C:\Windows\System\PCBJrNE.exe
  2⤵
  PID:4072
- C:\Windows\System\EwOEMOj.exe
  C:\Windows\System\EwOEMOj.exe
  2⤵
  PID:4088
- C:\Windows\System\dAuLXrC.exe
  C:\Windows\System\dAuLXrC.exe
  2⤵
  PID:2528
- C:\Windows\System\ekHcGxw.exe
  C:\Windows\System\ekHcGxw.exe
  2⤵
  PID:2396
- C:\Windows\System\QWCnquH.exe
  C:\Windows\System\QWCnquH.exe
  2⤵
  PID:2124
- C:\Windows\System\gqdNQOv.exe
  C:\Windows\System\gqdNQOv.exe
  2⤵
  PID:2256
- C:\Windows\System\uNsnCJq.exe
  C:\Windows\System\uNsnCJq.exe
  2⤵
  PID:532
- C:\Windows\System\PhltExI.exe
  C:\Windows\System\PhltExI.exe
  2⤵
  PID:3080
- C:\Windows\System\dZsZZRG.exe
  C:\Windows\System\dZsZZRG.exe
  2⤵
  PID:3132
- C:\Windows\System\YVFhrSV.exe
  C:\Windows\System\YVFhrSV.exe
  2⤵
  PID:3148
- C:\Windows\System\JuQMSeK.exe
  C:\Windows\System\JuQMSeK.exe
  2⤵
  PID:3180
- C:\Windows\System\bGYZRbv.exe
  C:\Windows\System\bGYZRbv.exe
  2⤵
  PID:3212
- C:\Windows\System\xcUAXed.exe
  C:\Windows\System\xcUAXed.exe
  2⤵
  PID:3244
- C:\Windows\System\hgLLgKe.exe
  C:\Windows\System\hgLLgKe.exe
  2⤵
  PID:3292
- C:\Windows\System\dCOIISK.exe
  C:\Windows\System\dCOIISK.exe
  2⤵
  PID:3324
- C:\Windows\System\cIkqxsc.exe
  C:\Windows\System\cIkqxsc.exe
  2⤵
  PID:3368
- C:\Windows\System\iIRlrTz.exe
  C:\Windows\System\iIRlrTz.exe
  2⤵
  PID:3400
- C:\Windows\System\VWHoxpe.exe
  C:\Windows\System\VWHoxpe.exe
  2⤵
  PID:3420
- C:\Windows\System\sKABynd.exe
  C:\Windows\System\sKABynd.exe
  2⤵
  PID:3452
- C:\Windows\System\xjzhGPb.exe
  C:\Windows\System\xjzhGPb.exe
  2⤵
  PID:3484
- C:\Windows\System\RGwOybK.exe
  C:\Windows\System\RGwOybK.exe
  2⤵
  PID:3500
- C:\Windows\System\uuMyxrB.exe
  C:\Windows\System\uuMyxrB.exe
  2⤵
  PID:3532
- C:\Windows\System\bDtBQcF.exe
  C:\Windows\System\bDtBQcF.exe
  2⤵
  PID:3564
- C:\Windows\System\RSBfBgZ.exe
  C:\Windows\System\RSBfBgZ.exe
  2⤵
  PID:3612
- C:\Windows\System\sihhObU.exe
  C:\Windows\System\sihhObU.exe
  2⤵
  PID:3628
- C:\Windows\System\XebKlJK.exe
  C:\Windows\System\XebKlJK.exe
  2⤵
  PID:3676
- C:\Windows\System\VtxxeSY.exe
  C:\Windows\System\VtxxeSY.exe
  2⤵
  PID:3712
- C:\Windows\System\jYbhOBV.exe
  C:\Windows\System\jYbhOBV.exe
  2⤵
  PID:3744
- C:\Windows\System\IwBqtSH.exe
  C:\Windows\System\IwBqtSH.exe
  2⤵
  PID:3756
- C:\Windows\System\khCCAfC.exe
  C:\Windows\System\khCCAfC.exe
  2⤵
  PID:3804
- C:\Windows\System\cJExOek.exe
  C:\Windows\System\cJExOek.exe
  2⤵
  PID:768
- C:\Windows\System\IKIrFfz.exe
  C:\Windows\System\IKIrFfz.exe
  2⤵
  PID:3844
- C:\Windows\System\JLIAxUG.exe
  C:\Windows\System\JLIAxUG.exe
  2⤵
  PID:3872
- C:\Windows\System\gjXMsha.exe
  C:\Windows\System\gjXMsha.exe
  2⤵
  PID:3888
- C:\Windows\System\CdoIzTR.exe
  C:\Windows\System\CdoIzTR.exe
  2⤵
  PID:3936
- C:\Windows\System\yxXWRao.exe
  C:\Windows\System\yxXWRao.exe
  2⤵
  PID:3968
- C:\Windows\System\HOMzrie.exe
  C:\Windows\System\HOMzrie.exe
  2⤵
  PID:4000
- C:\Windows\System\kxPZawR.exe
  C:\Windows\System\kxPZawR.exe
  2⤵
  PID:4016
- C:\Windows\System\aOkaiVU.exe
  C:\Windows\System\aOkaiVU.exe
  2⤵
  PID:3696
- C:\Windows\System\ZkJOYPQ.exe
  C:\Windows\System\ZkJOYPQ.exe
  2⤵
  PID:4068
- C:\Windows\System\qPAGslC.exe
  C:\Windows\System\qPAGslC.exe
  2⤵
  PID:1972
- C:\Windows\System\erSSquL.exe
  C:\Windows\System\erSSquL.exe
  2⤵
  PID:2868
- C:\Windows\System\QahqZpX.exe
  C:\Windows\System\QahqZpX.exe
  2⤵
  PID:2864
- C:\Windows\System\eeUUaRL.exe
  C:\Windows\System\eeUUaRL.exe
  2⤵
  PID:3116
- C:\Windows\System\mnNmHlo.exe
  C:\Windows\System\mnNmHlo.exe
  2⤵
  PID:3176
- C:\Windows\System\rStLztI.exe
  C:\Windows\System\rStLztI.exe
  2⤵
  PID:3228
- C:\Windows\System\WTdkFFx.exe
  C:\Windows\System\WTdkFFx.exe
  2⤵
  PID:3352
- C:\Windows\System\TTSnvkl.exe
  C:\Windows\System\TTSnvkl.exe
  2⤵
  PID:3416
- C:\Windows\System\ftPJHpw.exe
  C:\Windows\System\ftPJHpw.exe
  2⤵
  PID:1876
- C:\Windows\System\sTiIGjo.exe
  C:\Windows\System\sTiIGjo.exe
  2⤵
  PID:1276
- C:\Windows\System\SZHAVlG.exe
  C:\Windows\System\SZHAVlG.exe
  2⤵
  PID:3544
- C:\Windows\System\UzRzKgN.exe
  C:\Windows\System\UzRzKgN.exe
  2⤵
  PID:3608
- C:\Windows\System\wzullFJ.exe
  C:\Windows\System\wzullFJ.exe
  2⤵
  PID:3660
- C:\Windows\System\pGFvZje.exe
  C:\Windows\System\pGFvZje.exe
  2⤵
  PID:3740
- C:\Windows\System\rbcHXEn.exe
  C:\Windows\System\rbcHXEn.exe
  2⤵
  PID:3792
- C:\Windows\System\OgdFMji.exe
  C:\Windows\System\OgdFMji.exe
  2⤵
  PID:3840
- C:\Windows\System\BPAxYLe.exe
  C:\Windows\System\BPAxYLe.exe
  2⤵
  PID:3860
- C:\Windows\System\jxoyBKu.exe
  C:\Windows\System\jxoyBKu.exe
  2⤵
  PID:3924
- C:\Windows\System\knHXMLT.exe
  C:\Windows\System\knHXMLT.exe
  2⤵
  PID:4004
- C:\Windows\System\dkEaEGq.exe
  C:\Windows\System\dkEaEGq.exe
  2⤵
  PID:4032
- C:\Windows\System\HNccBcJ.exe
  C:\Windows\System\HNccBcJ.exe
  2⤵
  PID:4052
- C:\Windows\System\gwZHTQe.exe
  C:\Windows\System\gwZHTQe.exe
  2⤵
  PID:2136
- C:\Windows\System\nRrATgj.exe
  C:\Windows\System\nRrATgj.exe
  2⤵
  PID:3076
- C:\Windows\System\ggINWTS.exe
  C:\Windows\System\ggINWTS.exe
  2⤵
  PID:3308
- C:\Windows\System\vqdtAFX.exe
  C:\Windows\System\vqdtAFX.exe
  2⤵
  PID:3356
- C:\Windows\System\OeykKQv.exe
  C:\Windows\System\OeykKQv.exe
  2⤵
  PID:3512
- C:\Windows\System\kEoZBmo.exe
  C:\Windows\System\kEoZBmo.exe
  2⤵
  PID:3548
- C:\Windows\System\HAGydvn.exe
  C:\Windows\System\HAGydvn.exe
  2⤵
  PID:3776
- C:\Windows\System\vxPSgHe.exe
  C:\Windows\System\vxPSgHe.exe
  2⤵
  PID:3828
- C:\Windows\System\lTScNvN.exe
  C:\Windows\System\lTScNvN.exe
  2⤵
  PID:3952
- C:\Windows\System\FYkOuFt.exe
  C:\Windows\System\FYkOuFt.exe
  2⤵
  PID:3340
- C:\Windows\System\BENNcap.exe
  C:\Windows\System\BENNcap.exe
  2⤵
  PID:1280
- C:\Windows\System\jEPmyiE.exe
  C:\Windows\System\jEPmyiE.exe
  2⤵
  PID:3388
- C:\Windows\System\uTXWjiU.exe
  C:\Windows\System\uTXWjiU.exe
  2⤵
  PID:3580
- C:\Windows\System\TIAkFdS.exe
  C:\Windows\System\TIAkFdS.exe
  2⤵
  PID:4112
- C:\Windows\System\lihOkXs.exe
  C:\Windows\System\lihOkXs.exe
  2⤵
  PID:4128
- C:\Windows\System\RmcWQQn.exe
  C:\Windows\System\RmcWQQn.exe
  2⤵
  PID:4144
- C:\Windows\System\TAqHryq.exe
  C:\Windows\System\TAqHryq.exe
  2⤵
  PID:4160
- C:\Windows\System\GdBRsug.exe
  C:\Windows\System\GdBRsug.exe
  2⤵
  PID:4176
- C:\Windows\System\LLoRffN.exe
  C:\Windows\System\LLoRffN.exe
  2⤵
  PID:4192
- C:\Windows\System\caIZOFO.exe
  C:\Windows\System\caIZOFO.exe
  2⤵
  PID:4380
- C:\Windows\System\pNeSOLa.exe
  C:\Windows\System\pNeSOLa.exe
  2⤵
  PID:4396
- C:\Windows\System\Xybyswk.exe
  C:\Windows\System\Xybyswk.exe
  2⤵
  PID:4424
- C:\Windows\System\SnDdRVD.exe
  C:\Windows\System\SnDdRVD.exe
  2⤵
  PID:4516
- C:\Windows\System\xuzRuLz.exe
  C:\Windows\System\xuzRuLz.exe
  2⤵
  PID:4556
- C:\Windows\System\MXtoAlX.exe
  C:\Windows\System\MXtoAlX.exe
  2⤵
  PID:4580
- C:\Windows\System\ZupVcWY.exe
  C:\Windows\System\ZupVcWY.exe
  2⤵
  PID:4636
- C:\Windows\System\wegcHSS.exe
  C:\Windows\System\wegcHSS.exe
  2⤵
  PID:4692
- C:\Windows\System\VFTrPCC.exe
  C:\Windows\System\VFTrPCC.exe
  2⤵
  PID:4744
- C:\Windows\System\cneylNp.exe
  C:\Windows\System\cneylNp.exe
  2⤵
  PID:4760
- C:\Windows\System\uSJrJhd.exe
  C:\Windows\System\uSJrJhd.exe
  2⤵
  PID:4788
- C:\Windows\System\IQIyIou.exe
  C:\Windows\System\IQIyIou.exe
  2⤵
  PID:4804
- C:\Windows\System\pEYFxfd.exe
  C:\Windows\System\pEYFxfd.exe
  2⤵
  PID:4824
- C:\Windows\System\IoYBneO.exe
  C:\Windows\System\IoYBneO.exe
  2⤵
  PID:4848
- C:\Windows\System\DPhpFct.exe
  C:\Windows\System\DPhpFct.exe
  2⤵
  PID:4864
- C:\Windows\System\EieMNZH.exe
  C:\Windows\System\EieMNZH.exe
  2⤵
  PID:4908
- C:\Windows\System\vjgZhBm.exe
  C:\Windows\System\vjgZhBm.exe
  2⤵
  PID:4668
- C:\Windows\System\ZyUxlJr.exe
  C:\Windows\System\ZyUxlJr.exe
  2⤵
  PID:4704
- C:\Windows\System\TvnbIsF.exe
  C:\Windows\System\TvnbIsF.exe
  2⤵
  PID:4716
- C:\Windows\System\tdqlTBw.exe
  C:\Windows\System\tdqlTBw.exe
  2⤵
  PID:4732
- C:\Windows\System\ncbpXTw.exe
  C:\Windows\System\ncbpXTw.exe
  2⤵
  PID:4752
- C:\Windows\System\CzsRZyk.exe
  C:\Windows\System\CzsRZyk.exe
  2⤵
  PID:4812
- C:\Windows\System\kzyAHce.exe
  C:\Windows\System\kzyAHce.exe
  2⤵
  PID:4796
- C:\Windows\System\AMCDjTb.exe
  C:\Windows\System\AMCDjTb.exe
  2⤵
  PID:4840
- C:\Windows\System\fUgiSsW.exe
  C:\Windows\System\fUgiSsW.exe
  2⤵
  PID:4932
- C:\Windows\System\gFXqjaR.exe
  C:\Windows\System\gFXqjaR.exe
  2⤵
  PID:4948
- C:\Windows\System\bXsxSfW.exe
  C:\Windows\System\bXsxSfW.exe
  2⤵
  PID:4964
- C:\Windows\System\wsywdgv.exe
  C:\Windows\System\wsywdgv.exe
  2⤵
  PID:4988
- C:\Windows\System\omRarhE.exe
  C:\Windows\System\omRarhE.exe
  2⤵
  PID:5008
- C:\Windows\System\AIZRCRL.exe
  C:\Windows\System\AIZRCRL.exe
  2⤵
  PID:5032
- C:\Windows\System\YCQqzqz.exe
  C:\Windows\System\YCQqzqz.exe
  2⤵
  PID:5052
- C:\Windows\System\ullunHG.exe
  C:\Windows\System\ullunHG.exe
  2⤵
  PID:4872
- C:\Windows\System\TQWtRPw.exe
  C:\Windows\System\TQWtRPw.exe
  2⤵
  PID:4892
- C:\Windows\System\KryTSzV.exe
  C:\Windows\System\KryTSzV.exe
  2⤵
  PID:5088
- C:\Windows\System\XJobLkj.exe
  C:\Windows\System\XJobLkj.exe
  2⤵
  PID:5100
- C:\Windows\System\abZHnbG.exe
  C:\Windows\System\abZHnbG.exe
  2⤵
  PID:3640
- C:\Windows\System\ACTgyyi.exe
  C:\Windows\System\ACTgyyi.exe
  2⤵
  PID:3728
- C:\Windows\System\xHtFnnZ.exe
  C:\Windows\System\xHtFnnZ.exe
  2⤵
  PID:3984
- C:\Windows\System\AoqWjOB.exe
  C:\Windows\System\AoqWjOB.exe
  2⤵
  PID:4104
- C:\Windows\System\suCntzJ.exe
  C:\Windows\System\suCntzJ.exe
  2⤵
  PID:4168
- C:\Windows\System\UogWNVn.exe
  C:\Windows\System\UogWNVn.exe
  2⤵
  PID:1508
- C:\Windows\System\gdlRVfB.exe
  C:\Windows\System\gdlRVfB.exe
  2⤵
  PID:2776
- C:\Windows\System\CWXdtev.exe
  C:\Windows\System\CWXdtev.exe
  2⤵
  PID:4216
- C:\Windows\System\iLuWaIi.exe
  C:\Windows\System\iLuWaIi.exe
  2⤵
  PID:4232
- C:\Windows\System\jyYtYkV.exe
  C:\Windows\System\jyYtYkV.exe
  2⤵
  PID:4260
- C:\Windows\System\fKJtbXF.exe
  C:\Windows\System\fKJtbXF.exe
  2⤵
  PID:4280
- C:\Windows\System\TjhgzPR.exe
  C:\Windows\System\TjhgzPR.exe
  2⤵
  PID:4296
- C:\Windows\System\cHtpYxq.exe
  C:\Windows\System\cHtpYxq.exe
  2⤵
  PID:4320
- C:\Windows\System\SRVDeWQ.exe
  C:\Windows\System\SRVDeWQ.exe
  2⤵
  PID:4340
- C:\Windows\System\smsrGOG.exe
  C:\Windows\System\smsrGOG.exe
  2⤵
  PID:4352
- C:\Windows\System\cKsmxRF.exe
  C:\Windows\System\cKsmxRF.exe
  2⤵
  PID:4364
- C:\Windows\System\TnxKVPY.exe
  C:\Windows\System\TnxKVPY.exe
  2⤵
  PID:4184
- C:\Windows\System\brpYmJt.exe
  C:\Windows\System\brpYmJt.exe
  2⤵
  PID:4204
- C:\Windows\System\AZUQKWl.exe
  C:\Windows\System\AZUQKWl.exe
  2⤵
  PID:1744
- C:\Windows\System\DLEnrPZ.exe
  C:\Windows\System\DLEnrPZ.exe
  2⤵
  PID:4444
- C:\Windows\System\bCPDKQh.exe
  C:\Windows\System\bCPDKQh.exe
  2⤵
  PID:4488
- C:\Windows\System\APQpYED.exe
  C:\Windows\System\APQpYED.exe
  2⤵
  PID:4476
- C:\Windows\System\MUXZKOV.exe
  C:\Windows\System\MUXZKOV.exe
  2⤵
  PID:4544
- C:\Windows\System\KpWKXDB.exe
  C:\Windows\System\KpWKXDB.exe
  2⤵
  PID:4532
- C:\Windows\System\KvBMrVr.exe
  C:\Windows\System\KvBMrVr.exe
  2⤵
  PID:1908
- C:\Windows\System\FbxXsRA.exe
  C:\Windows\System\FbxXsRA.exe
  2⤵
  PID:4600
- C:\Windows\System\uosbUZf.exe
  C:\Windows\System\uosbUZf.exe
  2⤵
  PID:2812
- C:\Windows\System\RDXvZhn.exe
  C:\Windows\System\RDXvZhn.exe
  2⤵
  PID:4620
- C:\Windows\System\SJywtKu.exe
  C:\Windows\System\SJywtKu.exe
  2⤵
  PID:2964
- C:\Windows\System\ABHuTky.exe
  C:\Windows\System\ABHuTky.exe
  2⤵
  PID:2216
- C:\Windows\System\OnHvlRZ.exe
  C:\Windows\System\OnHvlRZ.exe
  2⤵
  PID:4644
- C:\Windows\System\KgBKpdP.exe
  C:\Windows\System\KgBKpdP.exe
  2⤵
  PID:1848
- C:\Windows\System\CwLJZgx.exe
  C:\Windows\System\CwLJZgx.exe
  2⤵
  PID:1996
- C:\Windows\System\OAkIRcp.exe
  C:\Windows\System\OAkIRcp.exe
  2⤵
  PID:4700
- C:\Windows\System\FzdLgym.exe
  C:\Windows\System\FzdLgym.exe
  2⤵
  PID:4728
- C:\Windows\System\NaVWUnF.exe
  C:\Windows\System\NaVWUnF.exe
  2⤵
  PID:4772
- C:\Windows\System\VdZUkLP.exe
  C:\Windows\System\VdZUkLP.exe
  2⤵
  PID:4956
- C:\Windows\System\IkReUHt.exe
  C:\Windows\System\IkReUHt.exe
  2⤵
  PID:4836
- C:\Windows\System\hGaAPCg.exe
  C:\Windows\System\hGaAPCg.exe
  2⤵
  PID:4996
- C:\Windows\System\EdwpPAl.exe
  C:\Windows\System\EdwpPAl.exe
  2⤵
  PID:4944
- C:\Windows\System\gosBGNe.exe
  C:\Windows\System\gosBGNe.exe
  2⤵
  PID:4984
- C:\Windows\System\PyAQjBC.exe
  C:\Windows\System\PyAQjBC.exe
  2⤵
  PID:2352
- C:\Windows\System\icbSWXE.exe
  C:\Windows\System\icbSWXE.exe
  2⤵
  PID:4888
- C:\Windows\System\oxeyTET.exe
  C:\Windows\System\oxeyTET.exe
  2⤵
  PID:5080
- C:\Windows\System\gsijQfb.exe
  C:\Windows\System\gsijQfb.exe
  2⤵
  PID:1076
- C:\Windows\System\jqPTBcs.exe
  C:\Windows\System\jqPTBcs.exe
  2⤵
  PID:3672
- C:\Windows\System\lnGyJtc.exe
  C:\Windows\System\lnGyJtc.exe
  2⤵
  PID:1668
- C:\Windows\System\dCQNYZs.exe
  C:\Windows\System\dCQNYZs.exe
  2⤵
  PID:3904
- C:\Windows\System\WwZRpOF.exe
  C:\Windows\System\WwZRpOF.exe
  2⤵
  PID:4120
- C:\Windows\System\fhYKVdv.exe
  C:\Windows\System\fhYKVdv.exe
  2⤵
  PID:2036
- C:\Windows\System\foBNdWp.exe
  C:\Windows\System\foBNdWp.exe
  2⤵
  PID:3196
- C:\Windows\System\xdMnEdx.exe
  C:\Windows\System\xdMnEdx.exe
  2⤵
  PID:4244
- C:\Windows\System\ZCYHQCR.exe
  C:\Windows\System\ZCYHQCR.exe
  2⤵
  PID:1736
- C:\Windows\System\jBYogCA.exe
  C:\Windows\System\jBYogCA.exe
  2⤵
  PID:4288
- C:\Windows\System\qMSaDOS.exe
  C:\Windows\System\qMSaDOS.exe
  2⤵
  PID:4304
- C:\Windows\System\aeFzdFi.exe
  C:\Windows\System\aeFzdFi.exe
  2⤵
  PID:4328
- C:\Windows\System\UiJpBSA.exe
  C:\Windows\System\UiJpBSA.exe
  2⤵
  PID:4360
- C:\Windows\System\vQbcmhf.exe
  C:\Windows\System\vQbcmhf.exe
  2⤵
  PID:4156
- C:\Windows\System\XaSsTzH.exe
  C:\Windows\System\XaSsTzH.exe
  2⤵
  PID:2784
- C:\Windows\System\Vhmgiyj.exe
  C:\Windows\System\Vhmgiyj.exe
  2⤵
  PID:4468
- C:\Windows\System\VOGIqRn.exe
  C:\Windows\System\VOGIqRn.exe
  2⤵
  PID:4508
- C:\Windows\System\huQysMJ.exe
  C:\Windows\System\huQysMJ.exe
  2⤵
  PID:1968
- C:\Windows\System\pusVwkq.exe
  C:\Windows\System\pusVwkq.exe
  2⤵
  PID:4596
- C:\Windows\System\pAqJrno.exe
  C:\Windows\System\pAqJrno.exe
  2⤵
  PID:4628
- C:\Windows\System\vAYQeQZ.exe
  C:\Windows\System\vAYQeQZ.exe
  2⤵
  PID:4568
- C:\Windows\System\WfjCKWj.exe
  C:\Windows\System\WfjCKWj.exe
  2⤵
  PID:4676
- C:\Windows\System\TvNRJYJ.exe
  C:\Windows\System\TvNRJYJ.exe
  2⤵
  PID:4856
- C:\Windows\System\gyzlbCt.exe
  C:\Windows\System\gyzlbCt.exe
  2⤵
  PID:5040
- C:\Windows\System\fCblBrc.exe
  C:\Windows\System\fCblBrc.exe
  2⤵
  PID:4780
- C:\Windows\System\HRvHzJp.exe
  C:\Windows\System\HRvHzJp.exe
  2⤵
  PID:5060
- C:\Windows\System\iLdjtEA.exe
  C:\Windows\System\iLdjtEA.exe
  2⤵
  PID:4684
- C:\Windows\System\AIgygOD.exe
  C:\Windows\System\AIgygOD.exe
  2⤵
  PID:4880
- C:\Windows\System\tNpLYIM.exe
  C:\Windows\System\tNpLYIM.exe
  2⤵
  PID:5068
- C:\Windows\System\rdxeuHI.exe
  C:\Windows\System\rdxeuHI.exe
  2⤵
  PID:4208
- C:\Windows\System\JjxkKLN.exe
  C:\Windows\System\JjxkKLN.exe
  2⤵
  PID:4200
- C:\Windows\System\dxeedwY.exe
  C:\Windows\System\dxeedwY.exe
  2⤵
  PID:2360
- C:\Windows\System\FQkwRLu.exe
  C:\Windows\System\FQkwRLu.exe
  2⤵
  PID:4228
- C:\Windows\System\ARQFZCm.exe
  C:\Windows\System\ARQFZCm.exe
  2⤵
  PID:2708
- C:\Windows\System\YkzppIB.exe
  C:\Windows\System\YkzppIB.exe
  2⤵
  PID:4252
- C:\Windows\System\UmWZZMS.exe
  C:\Windows\System\UmWZZMS.exe
  2⤵
  PID:4316
- C:\Windows\System\CnvOxmy.exe
  C:\Windows\System\CnvOxmy.exe
  2⤵
  PID:4464
- C:\Windows\System\DuFRVaH.exe
  C:\Windows\System\DuFRVaH.exe
  2⤵
  PID:4420
- C:\Windows\System\iqkFAbD.exe
  C:\Windows\System\iqkFAbD.exe
  2⤵
  PID:4372
- C:\Windows\System\LvAhAfb.exe
  C:\Windows\System\LvAhAfb.exe
  2⤵
  PID:4480
- C:\Windows\System\uNadGue.exe
  C:\Windows\System\uNadGue.exe
  2⤵
  PID:4512
- C:\Windows\System\TaGdnls.exe
  C:\Windows\System\TaGdnls.exe
  2⤵
  PID:2392
- C:\Windows\System\PmcEvuL.exe
  C:\Windows\System\PmcEvuL.exe
  2⤵
  PID:4664
- C:\Windows\System\tbVEAqs.exe
  C:\Windows\System\tbVEAqs.exe
  2⤵
  PID:1020
- C:\Windows\System\OzdPeij.exe
  C:\Windows\System\OzdPeij.exe
  2⤵
  PID:1928
- C:\Windows\System\ZJwDabi.exe
  C:\Windows\System\ZJwDabi.exe
  2⤵
  PID:4924
- C:\Windows\System\ZnaddCe.exe
  C:\Windows\System\ZnaddCe.exe
  2⤵
  PID:2472
- C:\Windows\System\vmhmaBv.exe
  C:\Windows\System\vmhmaBv.exe
  2⤵
  PID:3468
- C:\Windows\System\OYxGttH.exe
  C:\Windows\System\OYxGttH.exe
  2⤵
  PID:4272
- C:\Windows\System\YExrsSw.exe
  C:\Windows\System\YExrsSw.exe
  2⤵
  PID:4332
- C:\Windows\System\vrJHDHE.exe
  C:\Windows\System\vrJHDHE.exe
  2⤵
  PID:4408
- C:\Windows\System\bTAeNaG.exe
  C:\Windows\System\bTAeNaG.exe
  2⤵
  PID:2992
- C:\Windows\System\AdeDpOZ.exe
  C:\Windows\System\AdeDpOZ.exe
  2⤵
  PID:2936
- C:\Windows\System\LEKWysC.exe
  C:\Windows\System\LEKWysC.exe
  2⤵
  PID:4436
- C:\Windows\System\NEBsMRj.exe
  C:\Windows\System\NEBsMRj.exe
  2⤵
  PID:2060
- C:\Windows\System\clpgYaQ.exe
  C:\Windows\System\clpgYaQ.exe
  2⤵
  PID:4564
- C:\Windows\System\SCQDbBj.exe
  C:\Windows\System\SCQDbBj.exe
  2⤵
  PID:4904
- C:\Windows\System\aDWueiT.exe
  C:\Windows\System\aDWueiT.exe
  2⤵
  PID:4172
- C:\Windows\System\fvMmYbK.exe
  C:\Windows\System\fvMmYbK.exe
  2⤵
  PID:4264
- C:\Windows\System\PBwpHol.exe
  C:\Windows\System\PBwpHol.exe
  2⤵
  PID:4256
- C:\Windows\System\TNkYFIq.exe
  C:\Windows\System\TNkYFIq.exe
  2⤵
  PID:5020
- C:\Windows\System\GWrOIjX.exe
  C:\Windows\System\GWrOIjX.exe
  2⤵
  PID:4616
- C:\Windows\System\HExwymc.exe
  C:\Windows\System\HExwymc.exe
  2⤵
  PID:4656
- C:\Windows\System\PHvpDCT.exe
  C:\Windows\System\PHvpDCT.exe
  2⤵
  PID:5028
- C:\Windows\System\OUcCyRi.exe
  C:\Windows\System\OUcCyRi.exe
  2⤵
  PID:5164
- C:\Windows\System\OqWuaVb.exe
  C:\Windows\System\OqWuaVb.exe
  2⤵
  PID:5180
- C:\Windows\System\PiWOnyp.exe
  C:\Windows\System\PiWOnyp.exe
  2⤵
  PID:5200
- C:\Windows\System\vLymDyT.exe
  C:\Windows\System\vLymDyT.exe
  2⤵
  PID:5220
- C:\Windows\System\yIbSTWp.exe
  C:\Windows\System\yIbSTWp.exe
  2⤵
  PID:5240
- C:\Windows\System\rjXHCKA.exe
  C:\Windows\System\rjXHCKA.exe
  2⤵
  PID:5260
- C:\Windows\System\qiurFlH.exe
  C:\Windows\System\qiurFlH.exe
  2⤵
  PID:5280
- C:\Windows\System\xupnxUu.exe
  C:\Windows\System\xupnxUu.exe
  2⤵
  PID:5300
- C:\Windows\System\ijUKMWX.exe
  C:\Windows\System\ijUKMWX.exe
  2⤵
  PID:5320
- C:\Windows\System\dibOrxA.exe
  C:\Windows\System\dibOrxA.exe
  2⤵
  PID:5340
- C:\Windows\System\maicKms.exe
  C:\Windows\System\maicKms.exe
  2⤵
  PID:5356
- C:\Windows\System\xfjRvQl.exe
  C:\Windows\System\xfjRvQl.exe
  2⤵
  PID:5372
- C:\Windows\System\PdvzpBT.exe
  C:\Windows\System\PdvzpBT.exe
  2⤵
  PID:5396
- C:\Windows\System\tLLagVy.exe
  C:\Windows\System\tLLagVy.exe
  2⤵
  PID:5424
- C:\Windows\System\hwRkcPd.exe
  C:\Windows\System\hwRkcPd.exe
  2⤵
  PID:5440
- C:\Windows\System\cwTIGzE.exe
  C:\Windows\System\cwTIGzE.exe
  2⤵
  PID:5456
- C:\Windows\System\SIwBvpv.exe
  C:\Windows\System\SIwBvpv.exe
  2⤵
  PID:5472
- C:\Windows\System\BhWlfWD.exe
  C:\Windows\System\BhWlfWD.exe
  2⤵
  PID:5492
- C:\Windows\System\VeDrVAO.exe
  C:\Windows\System\VeDrVAO.exe
  2⤵
  PID:5508
- C:\Windows\System\LlCyrrF.exe
  C:\Windows\System\LlCyrrF.exe
  2⤵
  PID:5524
- C:\Windows\System\XVTCcza.exe
  C:\Windows\System\XVTCcza.exe
  2⤵
  PID:5540
- C:\Windows\System\PWoLpjo.exe
  C:\Windows\System\PWoLpjo.exe
  2⤵
  PID:5556
- C:\Windows\System\YYIWvoa.exe
  C:\Windows\System\YYIWvoa.exe
  2⤵
  PID:5572
- C:\Windows\System\WQxOUHO.exe
  C:\Windows\System\WQxOUHO.exe
  2⤵
  PID:5592
- C:\Windows\System\injKXGG.exe
  C:\Windows\System\injKXGG.exe
  2⤵
  PID:5612
- C:\Windows\System\gyaKdbR.exe
  C:\Windows\System\gyaKdbR.exe
  2⤵
  PID:5632
- C:\Windows\System\cLZsLpu.exe
  C:\Windows\System\cLZsLpu.exe
  2⤵
  PID:5668
- C:\Windows\System\jIXmddH.exe
  C:\Windows\System\jIXmddH.exe
  2⤵
  PID:5684
- C:\Windows\System\igyZPGU.exe
  C:\Windows\System\igyZPGU.exe
  2⤵
  PID:5724
- C:\Windows\System\EGwpGHf.exe
  C:\Windows\System\EGwpGHf.exe
  2⤵
  PID:5740
- C:\Windows\System\aVxpzhz.exe
  C:\Windows\System\aVxpzhz.exe
  2⤵
  PID:5756
- C:\Windows\System\GnqpSMR.exe
  C:\Windows\System\GnqpSMR.exe
  2⤵
  PID:5776
- C:\Windows\System\afFmEhR.exe
  C:\Windows\System\afFmEhR.exe
  2⤵
  PID:5792
- C:\Windows\System\kdntFxS.exe
  C:\Windows\System\kdntFxS.exe
  2⤵
  PID:5808
- C:\Windows\System\LEcfbOr.exe
  C:\Windows\System\LEcfbOr.exe
  2⤵
  PID:5828
- C:\Windows\System\UVVAaLW.exe
  C:\Windows\System\UVVAaLW.exe
  2⤵
  PID:5844
- C:\Windows\System\zTtHOWe.exe
  C:\Windows\System\zTtHOWe.exe
  2⤵
  PID:5860
- C:\Windows\System\QYKxTMQ.exe
  C:\Windows\System\QYKxTMQ.exe
  2⤵
  PID:5876
- C:\Windows\System\fQFPnXe.exe
  C:\Windows\System\fQFPnXe.exe
  2⤵
  PID:5896
- C:\Windows\System\iPrHLlj.exe
  C:\Windows\System\iPrHLlj.exe
  2⤵
  PID:5916
- C:\Windows\System\dbLeRYO.exe
  C:\Windows\System\dbLeRYO.exe
  2⤵
  PID:5968
- C:\Windows\System\hlbGarq.exe
  C:\Windows\System\hlbGarq.exe
  2⤵
  PID:5984
- C:\Windows\System\aXkOTCc.exe
  C:\Windows\System\aXkOTCc.exe
  2⤵
  PID:6004
- C:\Windows\System\RXfJbob.exe
  C:\Windows\System\RXfJbob.exe
  2⤵
  PID:6020
- C:\Windows\System\QIlLzkt.exe
  C:\Windows\System\QIlLzkt.exe
  2⤵
  PID:6036
- C:\Windows\System\zeouTNe.exe
  C:\Windows\System\zeouTNe.exe
  2⤵
  PID:6052
- C:\Windows\System\ebYbyVD.exe
  C:\Windows\System\ebYbyVD.exe
  2⤵
  PID:6068
- C:\Windows\System\oFGyIMF.exe
  C:\Windows\System\oFGyIMF.exe
  2⤵
  PID:6084
- C:\Windows\System\XGevIQj.exe
  C:\Windows\System\XGevIQj.exe
  2⤵
  PID:6108
- C:\Windows\System\tzbOZFf.exe
  C:\Windows\System\tzbOZFf.exe
  2⤵
  PID:6124
- C:\Windows\System\hkCOfOK.exe
  C:\Windows\System\hkCOfOK.exe
  2⤵
  PID:6140
- C:\Windows\System\DRghEoJ.exe
  C:\Windows\System\DRghEoJ.exe
  2⤵
  PID:4648
- C:\Windows\System\Bhlmrub.exe
  C:\Windows\System\Bhlmrub.exe
  2⤵
  PID:4776
- C:\Windows\System\dWGOmNi.exe
  C:\Windows\System\dWGOmNi.exe
  2⤵
  PID:4528
- C:\Windows\System\ToANxWW.exe
  C:\Windows\System\ToANxWW.exe
  2⤵
  PID:5132
- C:\Windows\System\ZpUXRmM.exe
  C:\Windows\System\ZpUXRmM.exe
  2⤵
  PID:5196
- C:\Windows\System\HhUydrD.exe
  C:\Windows\System\HhUydrD.exe
  2⤵
  PID:5228
- C:\Windows\System\yOjfQbB.exe
  C:\Windows\System\yOjfQbB.exe
  2⤵
  PID:5256
- C:\Windows\System\qagCnBg.exe
  C:\Windows\System\qagCnBg.exe
  2⤵
  PID:5292
- C:\Windows\System\SMVlqrd.exe
  C:\Windows\System\SMVlqrd.exe
  2⤵
  PID:5272
- C:\Windows\System\zRYBIhN.exe
  C:\Windows\System\zRYBIhN.exe
  2⤵
  PID:5316
- C:\Windows\System\dZLfTpU.exe
  C:\Windows\System\dZLfTpU.exe
  2⤵
  PID:5380
- C:\Windows\System\rMiPncd.exe
  C:\Windows\System\rMiPncd.exe
  2⤵
  PID:5408
- C:\Windows\System\JNHIjql.exe
  C:\Windows\System\JNHIjql.exe
  2⤵
  PID:5448
- C:\Windows\System\zmrXrLV.exe
  C:\Windows\System\zmrXrLV.exe
  2⤵
  PID:5484
- C:\Windows\System\nWFugJw.exe
  C:\Windows\System\nWFugJw.exe
  2⤵
  PID:5536
- C:\Windows\System\JfscAiN.exe
  C:\Windows\System\JfscAiN.exe
  2⤵
  PID:5604
- C:\Windows\System\OfCXwgR.exe
  C:\Windows\System\OfCXwgR.exe
  2⤵
  PID:5464
- C:\Windows\System\VENkbvF.exe
  C:\Windows\System\VENkbvF.exe
  2⤵
  PID:5644
- C:\Windows\System\dcvyWYO.exe
  C:\Windows\System\dcvyWYO.exe
  2⤵
  PID:5660
- C:\Windows\System\EQCCelH.exe
  C:\Windows\System\EQCCelH.exe
  2⤵
  PID:5704
- C:\Windows\System\XYeRIBN.exe
  C:\Windows\System\XYeRIBN.exe
  2⤵
  PID:5676
- C:\Windows\System\jxCcCKR.exe
  C:\Windows\System\jxCcCKR.exe
  2⤵
  PID:5884
- C:\Windows\System\WzKKHLl.exe
  C:\Windows\System\WzKKHLl.exe
  2⤵
  PID:5736
- C:\Windows\System\lGoivug.exe
  C:\Windows\System\lGoivug.exe
  2⤵
  PID:5800
- C:\Windows\System\CjrWAaT.exe
  C:\Windows\System\CjrWAaT.exe
  2⤵
  PID:5868
- C:\Windows\System\JYIuFrs.exe
  C:\Windows\System\JYIuFrs.exe
  2⤵
  PID:5912
- C:\Windows\System\JdgXYxF.exe
  C:\Windows\System\JdgXYxF.exe
  2⤵
  PID:5784
- C:\Windows\System\VSdmyFY.exe
  C:\Windows\System\VSdmyFY.exe
  2⤵
  PID:5980
- C:\Windows\System\OTJByXP.exe
  C:\Windows\System\OTJByXP.exe
  2⤵
  PID:5940
- C:\Windows\System\HNfKPwb.exe
  C:\Windows\System\HNfKPwb.exe
  2⤵
  PID:5956
- C:\Windows\System\gIQsrbD.exe
  C:\Windows\System\gIQsrbD.exe
  2⤵
  PID:5992
- C:\Windows\System\FRIbJoe.exe
  C:\Windows\System\FRIbJoe.exe
  2⤵
  PID:4124
- C:\Windows\System\zszagGp.exe
  C:\Windows\System\zszagGp.exe
  2⤵
  PID:4536
- C:\Windows\System\ZKKlkYc.exe
  C:\Windows\System\ZKKlkYc.exe
  2⤵
  PID:6100
- C:\Windows\System\mknrKjo.exe
  C:\Windows\System\mknrKjo.exe
  2⤵
  PID:6092
- C:\Windows\System\EZzAOye.exe
  C:\Windows\System\EZzAOye.exe
  2⤵
  PID:5144
- C:\Windows\System\zuCHNXV.exe
  C:\Windows\System\zuCHNXV.exe
  2⤵
  PID:5188
- C:\Windows\System\doAClif.exe
  C:\Windows\System\doAClif.exe
  2⤵
  PID:5232
- C:\Windows\System\kPxSkrz.exe
  C:\Windows\System\kPxSkrz.exe
  2⤵
  PID:5348
- C:\Windows\System\nJcUQSA.exe
  C:\Windows\System\nJcUQSA.exe
  2⤵
  PID:5388
- C:\Windows\System\rqDKqlj.exe
  C:\Windows\System\rqDKqlj.exe
  2⤵
  PID:5288
- C:\Windows\System\aWwsPqp.exe
  C:\Windows\System\aWwsPqp.exe
  2⤵
  PID:5452
- C:\Windows\System\GONQpfa.exe
  C:\Windows\System\GONQpfa.exe
  2⤵
  PID:5404
- C:\Windows\System\Zvsmsev.exe
  C:\Windows\System\Zvsmsev.exe
  2⤵
  PID:5436
- C:\Windows\System\JFmBZVz.exe
  C:\Windows\System\JFmBZVz.exe
  2⤵
  PID:5600
- C:\Windows\System\VYjwabE.exe
  C:\Windows\System\VYjwabE.exe
  2⤵
  PID:5628
- C:\Windows\System\XdpeNlA.exe
  C:\Windows\System\XdpeNlA.exe
  2⤵
  PID:5700
- C:\Windows\System\grWPvdF.exe
  C:\Windows\System\grWPvdF.exe
  2⤵
  PID:5680
- C:\Windows\System\WRiWzrj.exe
  C:\Windows\System\WRiWzrj.exe
  2⤵
  PID:5840
- C:\Windows\System\vDfCgNH.exe
  C:\Windows\System\vDfCgNH.exe
  2⤵
  PID:5852
- C:\Windows\System\dUNMcOR.exe
  C:\Windows\System\dUNMcOR.exe
  2⤵
  PID:5772
- C:\Windows\System\ieBLGgn.exe
  C:\Windows\System\ieBLGgn.exe
  2⤵
  PID:5948
- C:\Windows\System\EbOjNFQ.exe
  C:\Windows\System\EbOjNFQ.exe
  2⤵
  PID:6076
- C:\Windows\System\dOeujOh.exe
  C:\Windows\System\dOeujOh.exe
  2⤵
  PID:6136
- C:\Windows\System\FAYxGMa.exe
  C:\Windows\System\FAYxGMa.exe
  2⤵
  PID:5116
- C:\Windows\System\bOtLhup.exe
  C:\Windows\System\bOtLhup.exe
  2⤵
  PID:4604
- C:\Windows\System\aGpmZnR.exe
  C:\Windows\System\aGpmZnR.exe
  2⤵
  PID:5172
- C:\Windows\System\NlYJYBB.exe
  C:\Windows\System\NlYJYBB.exe
  2⤵
  PID:5328
- C:\Windows\System\tFGoSbL.exe
  C:\Windows\System\tFGoSbL.exe
  2⤵
  PID:5276
- C:\Windows\System\yjlLgSR.exe
  C:\Windows\System\yjlLgSR.exe
  2⤵
  PID:5564
- C:\Windows\System\fFrLvZJ.exe
  C:\Windows\System\fFrLvZJ.exe
  2⤵
  PID:6016
- C:\Windows\System\opQThvb.exe
  C:\Windows\System\opQThvb.exe
  2⤵
  PID:3320
- C:\Windows\System\WyJOsrg.exe
  C:\Windows\System\WyJOsrg.exe
  2⤵
  PID:5904
- C:\Windows\System\EEvoGYE.exe
  C:\Windows\System\EEvoGYE.exe
  2⤵
  PID:5976
- C:\Windows\System\NBzjFhD.exe
  C:\Windows\System\NBzjFhD.exe
  2⤵
  PID:5964
- C:\Windows\System\AOTdUoy.exe
  C:\Windows\System\AOTdUoy.exe
  2⤵
  PID:5504
- C:\Windows\System\AaDyFie.exe
  C:\Windows\System\AaDyFie.exe
  2⤵
  PID:5488
- C:\Windows\System\ENDwfFW.exe
  C:\Windows\System\ENDwfFW.exe
  2⤵
  PID:6120
- C:\Windows\System\SJrLfFu.exe
  C:\Windows\System\SJrLfFu.exe
  2⤵
  PID:6028
- C:\Windows\System\RGKsWxf.exe
  C:\Windows\System\RGKsWxf.exe
  2⤵
  PID:5932
- C:\Windows\System\VpQWLHq.exe
  C:\Windows\System\VpQWLHq.exe
  2⤵
  PID:5248
- C:\Windows\System\poFqRGe.exe
  C:\Windows\System\poFqRGe.exe
  2⤵
  PID:6032
- C:\Windows\System\GaAQEzs.exe
  C:\Windows\System\GaAQEzs.exe
  2⤵
  PID:5752
- C:\Windows\System\HGfDsMt.exe
  C:\Windows\System\HGfDsMt.exe
  2⤵
  PID:5468
- C:\Windows\System\mhMjSfZ.exe
  C:\Windows\System\mhMjSfZ.exe
  2⤵
  PID:5140
- C:\Windows\System\CwXPcPX.exe
  C:\Windows\System\CwXPcPX.exe
  2⤵
  PID:5836
- C:\Windows\System\uLzRcBU.exe
  C:\Windows\System\uLzRcBU.exe
  2⤵
  PID:6148
- C:\Windows\System\maQQSZw.exe
  C:\Windows\System\maQQSZw.exe
  2⤵
  PID:6168
- C:\Windows\System\LyIXKiW.exe
  C:\Windows\System\LyIXKiW.exe
  2⤵
  PID:6184
- C:\Windows\System\AbTeQPp.exe
  C:\Windows\System\AbTeQPp.exe
  2⤵
  PID:6204
- C:\Windows\System\qQwqvtL.exe
  C:\Windows\System\qQwqvtL.exe
  2⤵
  PID:6248
- C:\Windows\System\igSXPPY.exe
  C:\Windows\System\igSXPPY.exe
  2⤵
  PID:6264
- C:\Windows\System\iDRJQKj.exe
  C:\Windows\System\iDRJQKj.exe
  2⤵
  PID:6280
- C:\Windows\System\lqGuMYJ.exe
  C:\Windows\System\lqGuMYJ.exe
  2⤵
  PID:6300
- C:\Windows\System\cWnDjBV.exe
  C:\Windows\System\cWnDjBV.exe
  2⤵
  PID:6328
- C:\Windows\System\yGxWUGX.exe
  C:\Windows\System\yGxWUGX.exe
  2⤵
  PID:6344
- C:\Windows\System\CQNDnvI.exe
  C:\Windows\System\CQNDnvI.exe
  2⤵
  PID:6360
- C:\Windows\System\SMQeyCh.exe
  C:\Windows\System\SMQeyCh.exe
  2⤵
  PID:6380
- C:\Windows\System\PcVxzZh.exe
  C:\Windows\System\PcVxzZh.exe
  2⤵
  PID:6396
- C:\Windows\System\VWpuibK.exe
  C:\Windows\System\VWpuibK.exe
  2⤵
  PID:6412
- C:\Windows\System\ppDrzZj.exe
  C:\Windows\System\ppDrzZj.exe
  2⤵
  PID:6444
- C:\Windows\System\McYgxxC.exe
  C:\Windows\System\McYgxxC.exe
  2⤵
  PID:6464
- C:\Windows\System\mSSqvVw.exe
  C:\Windows\System\mSSqvVw.exe
  2⤵
  PID:6480
- C:\Windows\System\wThFevr.exe
  C:\Windows\System\wThFevr.exe
  2⤵
  PID:6496
- C:\Windows\System\yPJZDWB.exe
  C:\Windows\System\yPJZDWB.exe
  2⤵
  PID:6516
- C:\Windows\System\SyDbXtu.exe
  C:\Windows\System\SyDbXtu.exe
  2⤵
  PID:6536
- C:\Windows\System\mVOeRKF.exe
  C:\Windows\System\mVOeRKF.exe
  2⤵
  PID:6568
- C:\Windows\System\avhmAPM.exe
  C:\Windows\System\avhmAPM.exe
  2⤵
  PID:6584
- C:\Windows\System\RzbbeQI.exe
  C:\Windows\System\RzbbeQI.exe
  2⤵
  PID:6600
- C:\Windows\System\eCisqWv.exe
  C:\Windows\System\eCisqWv.exe
  2⤵
  PID:6620
- C:\Windows\System\KkyKDRO.exe
  C:\Windows\System\KkyKDRO.exe
  2⤵
  PID:6644
- C:\Windows\System\yWLSAuZ.exe
  C:\Windows\System\yWLSAuZ.exe
  2⤵
  PID:6664
- C:\Windows\System\aBQLbWW.exe
  C:\Windows\System\aBQLbWW.exe
  2⤵
  PID:6680
- C:\Windows\System\fuEwrkl.exe
  C:\Windows\System\fuEwrkl.exe
  2⤵
  PID:6696
- C:\Windows\System\LqxsMpa.exe
  C:\Windows\System\LqxsMpa.exe
  2⤵
  PID:6712
- C:\Windows\System\ZJRhEEw.exe
  C:\Windows\System\ZJRhEEw.exe
  2⤵
  PID:6728
- C:\Windows\System\AnDNSng.exe
  C:\Windows\System\AnDNSng.exe
  2⤵
  PID:6744
- C:\Windows\System\ayTZdNx.exe
  C:\Windows\System\ayTZdNx.exe
  2⤵
  PID:6764
- C:\Windows\System\jjCioZv.exe
  C:\Windows\System\jjCioZv.exe
  2⤵
  PID:6784
- C:\Windows\System\XLiEGCa.exe
  C:\Windows\System\XLiEGCa.exe
  2⤵
  PID:6804
- C:\Windows\System\lZkgFvv.exe
  C:\Windows\System\lZkgFvv.exe
  2⤵
  PID:6824
- C:\Windows\System\xfSbGvf.exe
  C:\Windows\System\xfSbGvf.exe
  2⤵
  PID:6840
- C:\Windows\System\YkEfaeq.exe
  C:\Windows\System\YkEfaeq.exe
  2⤵
  PID:6856
- C:\Windows\System\GvkWidf.exe
  C:\Windows\System\GvkWidf.exe
  2⤵
  PID:6876
- C:\Windows\System\wJSSUcm.exe
  C:\Windows\System\wJSSUcm.exe
  2⤵
  PID:6892
- C:\Windows\System\YYFzuMl.exe
  C:\Windows\System\YYFzuMl.exe
  2⤵
  PID:6908
- C:\Windows\System\kzkwZMH.exe
  C:\Windows\System\kzkwZMH.exe
  2⤵
  PID:6924
- C:\Windows\System\hsSBEMB.exe
  C:\Windows\System\hsSBEMB.exe
  2⤵
  PID:6940
- C:\Windows\System\kDcEmnM.exe
  C:\Windows\System\kDcEmnM.exe
  2⤵
  PID:6956
- C:\Windows\System\XXjXyKN.exe
  C:\Windows\System\XXjXyKN.exe
  2⤵
  PID:6992
- C:\Windows\System\HTSJCSH.exe
  C:\Windows\System\HTSJCSH.exe
  2⤵
  PID:7008
- C:\Windows\System\xNvwpQa.exe
  C:\Windows\System\xNvwpQa.exe
  2⤵
  PID:7024
- C:\Windows\System\juSapVv.exe
  C:\Windows\System\juSapVv.exe
  2⤵
  PID:7040
- C:\Windows\System\ocqkHBN.exe
  C:\Windows\System\ocqkHBN.exe
  2⤵
  PID:7056
- C:\Windows\System\BIAWiky.exe
  C:\Windows\System\BIAWiky.exe
  2⤵
  PID:7072
- C:\Windows\System\KbgSZfG.exe
  C:\Windows\System\KbgSZfG.exe
  2⤵
  PID:7088
- C:\Windows\System\lBuYeXL.exe
  C:\Windows\System\lBuYeXL.exe
  2⤵
  PID:7104
- C:\Windows\System\HizZYrJ.exe
  C:\Windows\System\HizZYrJ.exe
  2⤵
  PID:7120
- C:\Windows\System\XguHsLg.exe
  C:\Windows\System\XguHsLg.exe
  2⤵
  PID:7140
- C:\Windows\System\aYCqjJO.exe
  C:\Windows\System\aYCqjJO.exe
  2⤵
  PID:7156
- C:\Windows\System\ohmhmrS.exe
  C:\Windows\System\ohmhmrS.exe
  2⤵
  PID:5720
- C:\Windows\System\vKxwVuA.exe
  C:\Windows\System\vKxwVuA.exe
  2⤵
  PID:5824
- C:\Windows\System\wdNsauN.exe
  C:\Windows\System\wdNsauN.exe
  2⤵
  PID:5548
- C:\Windows\System\MaawxPe.exe
  C:\Windows\System\MaawxPe.exe
  2⤵
  PID:6192
- C:\Windows\System\PdUJbUQ.exe
  C:\Windows\System\PdUJbUQ.exe
  2⤵
  PID:5212
- C:\Windows\System\hjMVWLr.exe
  C:\Windows\System\hjMVWLr.exe
  2⤵
  PID:6228
- C:\Windows\System\GthCIDX.exe
  C:\Windows\System\GthCIDX.exe
  2⤵
  PID:6232
- C:\Windows\System\RviyRFS.exe
  C:\Windows\System\RviyRFS.exe
  2⤵
  PID:6216
- C:\Windows\System\inzqqBN.exe
  C:\Windows\System\inzqqBN.exe
  2⤵
  PID:6292
- C:\Windows\System\zwwEelI.exe
  C:\Windows\System\zwwEelI.exe
  2⤵
  PID:6308
- C:\Windows\System\hBrqBpF.exe
  C:\Windows\System\hBrqBpF.exe
  2⤵
  PID:6340
- C:\Windows\System\NcSgvMi.exe
  C:\Windows\System\NcSgvMi.exe
  2⤵
  PID:6408
- C:\Windows\System\aueydxy.exe
  C:\Windows\System\aueydxy.exe
  2⤵
  PID:6356
- C:\Windows\System\fMkjmzo.exe
  C:\Windows\System\fMkjmzo.exe
  2⤵
  PID:6424
- C:\Windows\System\CsnxeTV.exe
  C:\Windows\System\CsnxeTV.exe
  2⤵
  PID:6436
- C:\Windows\System\GADvrBQ.exe
  C:\Windows\System\GADvrBQ.exe
  2⤵
  PID:6512
- C:\Windows\System\JwYzlMI.exe
  C:\Windows\System\JwYzlMI.exe
  2⤵
  PID:6492
- C:\Windows\System\wwdPKwY.exe
  C:\Windows\System\wwdPKwY.exe
  2⤵
  PID:6452
- C:\Windows\System\bcvnmOn.exe
  C:\Windows\System\bcvnmOn.exe
  2⤵
  PID:6576
- C:\Windows\System\VdGqfOs.exe
  C:\Windows\System\VdGqfOs.exe
  2⤵
  PID:6612
- C:\Windows\System\ACzcwhU.exe
  C:\Windows\System\ACzcwhU.exe
  2⤵
  PID:6556
- C:\Windows\System\zAJihzt.exe
  C:\Windows\System\zAJihzt.exe
  2⤵
  PID:6628
- C:\Windows\System\cQYIhQX.exe
  C:\Windows\System\cQYIhQX.exe
  2⤵
  PID:6656
- C:\Windows\System\sNWbYEm.exe
  C:\Windows\System\sNWbYEm.exe
  2⤵
  PID:6708
- C:\Windows\System\ibbWwVN.exe
  C:\Windows\System\ibbWwVN.exe
  2⤵
  PID:6776
- C:\Windows\System\iKrrMPc.exe
  C:\Windows\System\iKrrMPc.exe
  2⤵
  PID:6692
- C:\Windows\System\dFqhcRC.exe
  C:\Windows\System\dFqhcRC.exe
  2⤵
  PID:6756
- C:\Windows\System\OMoAnmi.exe
  C:\Windows\System\OMoAnmi.exe
  2⤵
  PID:6816
- C:\Windows\System\vSKLBnR.exe
  C:\Windows\System\vSKLBnR.exe
  2⤵
  PID:6852
- C:\Windows\System\vZHaoux.exe
  C:\Windows\System\vZHaoux.exe
  2⤵
  PID:6920
- C:\Windows\System\fVXkbBJ.exe
  C:\Windows\System\fVXkbBJ.exe
  2⤵
  PID:6904
- C:\Windows\System\xAePpVl.exe
  C:\Windows\System\xAePpVl.exe
  2⤵
  PID:6972
- C:\Windows\System\oIhqZVk.exe
  C:\Windows\System\oIhqZVk.exe
  2⤵
  PID:6796
- C:\Windows\System\bXNIyFW.exe
  C:\Windows\System\bXNIyFW.exe
  2⤵
  PID:6864
- C:\Windows\System\QWqWSdk.exe
  C:\Windows\System\QWqWSdk.exe
  2⤵
  PID:7004
- C:\Windows\System\HyHEjXK.exe
  C:\Windows\System\HyHEjXK.exe
  2⤵
  PID:7032
- C:\Windows\System\TeSVDuf.exe
  C:\Windows\System\TeSVDuf.exe
  2⤵
  PID:7052
- C:\Windows\System\LApmRJu.exe
  C:\Windows\System\LApmRJu.exe
  2⤵
  PID:7116
- C:\Windows\System\fRFyqZB.exe
  C:\Windows\System\fRFyqZB.exe
  2⤵
  PID:7128
- C:\Windows\System\XUmGBcE.exe
  C:\Windows\System\XUmGBcE.exe
  2⤵
  PID:5624
- C:\Windows\System\TCTOaLa.exe
  C:\Windows\System\TCTOaLa.exe
  2⤵
  PID:5552
- C:\Windows\System\bcKlPFM.exe
  C:\Windows\System\bcKlPFM.exe
  2⤵
  PID:6160
- C:\Windows\System\AWFdrWJ.exe
  C:\Windows\System\AWFdrWJ.exe
  2⤵
  PID:6352
- C:\Windows\System\DBYwhYY.exe
  C:\Windows\System\DBYwhYY.exe
  2⤵
  PID:6176
- C:\Windows\System\lldLHAk.exe
  C:\Windows\System\lldLHAk.exe
  2⤵
  PID:6272
- C:\Windows\System\KyMNYms.exe
  C:\Windows\System\KyMNYms.exe
  2⤵
  PID:6320
- C:\Windows\System\KVEozim.exe
  C:\Windows\System\KVEozim.exe
  2⤵
  PID:6392
- C:\Windows\System\LDtDdoT.exe
  C:\Windows\System\LDtDdoT.exe
  2⤵
  PID:6488
- C:\Windows\System\OuMwmiL.exe
  C:\Windows\System\OuMwmiL.exe
  2⤵
  PID:6528
- C:\Windows\System\lCotfSp.exe
  C:\Windows\System\lCotfSp.exe
  2⤵
  PID:6616
- C:\Windows\System\nvTLdYM.exe
  C:\Windows\System\nvTLdYM.exe
  2⤵
  PID:6848
- C:\Windows\System\nkgnjew.exe
  C:\Windows\System\nkgnjew.exe
  2⤵
  PID:6752
- C:\Windows\System\KjYcrAz.exe
  C:\Windows\System\KjYcrAz.exe
  2⤵
  PID:6676
- C:\Windows\System\hSrCWnZ.exe
  C:\Windows\System\hSrCWnZ.exe
  2⤵
  PID:6832
- C:\Windows\System\lJgbpxp.exe
  C:\Windows\System\lJgbpxp.exe
  2⤵
  PID:7096
- C:\Windows\System\TiaXTlM.exe
  C:\Windows\System\TiaXTlM.exe
  2⤵
  PID:6800
- C:\Windows\System\CBjOBfj.exe
  C:\Windows\System\CBjOBfj.exe
  2⤵
  PID:6936
- C:\Windows\System\xYGaKTz.exe
  C:\Windows\System\xYGaKTz.exe
  2⤵
  PID:7020
- C:\Windows\System\NrMFOlB.exe
  C:\Windows\System\NrMFOlB.exe
  2⤵
  PID:7100
- C:\Windows\System\tjegcWV.exe
  C:\Windows\System\tjegcWV.exe
  2⤵
  PID:6116
- C:\Windows\System\rEeWmZf.exe
  C:\Windows\System\rEeWmZf.exe
  2⤵
  PID:6260
- C:\Windows\System\PLsqEKu.exe
  C:\Windows\System\PLsqEKu.exe
  2⤵
  PID:6372
- C:\Windows\System\CUYYSNK.exe
  C:\Windows\System\CUYYSNK.exe
  2⤵
  PID:6432
- C:\Windows\System\vxDdWDA.exe
  C:\Windows\System\vxDdWDA.exe
  2⤵
  PID:6544
- C:\Windows\System\fpbUeUF.exe
  C:\Windows\System\fpbUeUF.exe
  2⤵
  PID:6476
- C:\Windows\System\BjgpvGz.exe
  C:\Windows\System\BjgpvGz.exe
  2⤵
  PID:6772
- C:\Windows\System\SZHfRSC.exe
  C:\Windows\System\SZHfRSC.exe
  2⤵
  PID:7064
- C:\Windows\System\zLbcLtx.exe
  C:\Windows\System\zLbcLtx.exe
  2⤵
  PID:7084
- C:\Windows\System\DcwGvUE.exe
  C:\Windows\System\DcwGvUE.exe
  2⤵
  PID:6812
- C:\Windows\System\mBgvttY.exe
  C:\Windows\System\mBgvttY.exe
  2⤵
  PID:5732
- C:\Windows\System\DmXwTfi.exe
  C:\Windows\System\DmXwTfi.exe
  2⤵
  PID:6164
- C:\Windows\System\GgMymJR.exe
  C:\Windows\System\GgMymJR.exe
  2⤵
  PID:6636
- C:\Windows\System\bEAVOjw.exe
  C:\Windows\System\bEAVOjw.exe
  2⤵
  PID:6548
- C:\Windows\System\jxUWJJx.exe
  C:\Windows\System\jxUWJJx.exe
  2⤵
  PID:6984
- C:\Windows\System\fMKZPcj.exe
  C:\Windows\System\fMKZPcj.exe
  2⤵
  PID:6792
- C:\Windows\System\VRiPoac.exe
  C:\Windows\System\VRiPoac.exe
  2⤵
  PID:6060
- C:\Windows\System\oCHahDI.exe
  C:\Windows\System\oCHahDI.exe
  2⤵
  PID:6916
- C:\Windows\System\PYicjUD.exe
  C:\Windows\System\PYicjUD.exe
  2⤵
  PID:6596
- C:\Windows\System\rOonfou.exe
  C:\Windows\System\rOonfou.exe
  2⤵
  PID:7184
- C:\Windows\System\wIkJYRF.exe
  C:\Windows\System\wIkJYRF.exe
  2⤵
  PID:7200
- C:\Windows\System\ormsQOQ.exe
  C:\Windows\System\ormsQOQ.exe
  2⤵
  PID:7216
- C:\Windows\System\makBdfF.exe
  C:\Windows\System\makBdfF.exe
  2⤵
  PID:7232
- C:\Windows\System\quLELyi.exe
  C:\Windows\System\quLELyi.exe
  2⤵
  PID:7248
- C:\Windows\System\Yatyyeo.exe
  C:\Windows\System\Yatyyeo.exe
  2⤵
  PID:7264
- C:\Windows\System\tHhDBJK.exe
  C:\Windows\System\tHhDBJK.exe
  2⤵
  PID:7280
- C:\Windows\System\VKkdqfx.exe
  C:\Windows\System\VKkdqfx.exe
  2⤵
  PID:7296
- C:\Windows\System\KStipLZ.exe
  C:\Windows\System\KStipLZ.exe
  2⤵
  PID:7312
- C:\Windows\System\isalzYI.exe
  C:\Windows\System\isalzYI.exe
  2⤵
  PID:7328
- C:\Windows\System\UDxMYNH.exe
  C:\Windows\System\UDxMYNH.exe
  2⤵
  PID:7344
- C:\Windows\System\iVpAHPt.exe
  C:\Windows\System\iVpAHPt.exe
  2⤵
  PID:7360
- C:\Windows\System\DpaKOMy.exe
  C:\Windows\System\DpaKOMy.exe
  2⤵
  PID:7376
- C:\Windows\System\xTUSLeB.exe
  C:\Windows\System\xTUSLeB.exe
  2⤵
  PID:7392
- C:\Windows\System\WmTaOee.exe
  C:\Windows\System\WmTaOee.exe
  2⤵
  PID:7412
- C:\Windows\System\VidcwOY.exe
  C:\Windows\System\VidcwOY.exe
  2⤵
  PID:7432
- C:\Windows\System\oWZytFo.exe
  C:\Windows\System\oWZytFo.exe
  2⤵
  PID:7448
- C:\Windows\System\ndUKGAU.exe
  C:\Windows\System\ndUKGAU.exe
  2⤵
  PID:7464
- C:\Windows\System\pcxzSaP.exe
  C:\Windows\System\pcxzSaP.exe
  2⤵
  PID:7480
- C:\Windows\System\qUTardK.exe
  C:\Windows\System\qUTardK.exe
  2⤵
  PID:7496
- C:\Windows\System\pAyPCHU.exe
  C:\Windows\System\pAyPCHU.exe
  2⤵
  PID:7512
- C:\Windows\System\phVlsfi.exe
  C:\Windows\System\phVlsfi.exe
  2⤵
  PID:7528
- C:\Windows\System\LUgMMNy.exe
  C:\Windows\System\LUgMMNy.exe
  2⤵
  PID:7544
- C:\Windows\System\gxpMSbf.exe
  C:\Windows\System\gxpMSbf.exe
  2⤵
  PID:7560
- C:\Windows\System\Rhizqhv.exe
  C:\Windows\System\Rhizqhv.exe
  2⤵
  PID:7576
- C:\Windows\System\vrWhSfq.exe
  C:\Windows\System\vrWhSfq.exe
  2⤵
  PID:7592
- C:\Windows\System\vgVCZEr.exe
  C:\Windows\System\vgVCZEr.exe
  2⤵
  PID:7788
- C:\Windows\System\CSUxSAV.exe
  C:\Windows\System\CSUxSAV.exe
  2⤵
  PID:7812
- C:\Windows\System\DQIsUSw.exe
  C:\Windows\System\DQIsUSw.exe
  2⤵
  PID:7856
- C:\Windows\System\zAvujjG.exe
  C:\Windows\System\zAvujjG.exe
  2⤵
  PID:7884
- C:\Windows\System\jOHHFbK.exe
  C:\Windows\System\jOHHFbK.exe
  2⤵
  PID:7904
- C:\Windows\System\VDPfwJB.exe
  C:\Windows\System\VDPfwJB.exe
  2⤵
  PID:7920
- C:\Windows\System\JcGDnSt.exe
  C:\Windows\System\JcGDnSt.exe
  2⤵
  PID:7936
- C:\Windows\System\OQJdhxK.exe
  C:\Windows\System\OQJdhxK.exe
  2⤵
  PID:7956
- C:\Windows\System\ikYYTMv.exe
  C:\Windows\System\ikYYTMv.exe
  2⤵
  PID:7972
- C:\Windows\System\sELgkmr.exe
  C:\Windows\System\sELgkmr.exe
  2⤵
  PID:7988
- C:\Windows\System\QPYGxvq.exe
  C:\Windows\System\QPYGxvq.exe
  2⤵
  PID:8004
- C:\Windows\System\lyLYYwu.exe
  C:\Windows\System\lyLYYwu.exe
  2⤵
  PID:8020
- C:\Windows\System\WaYORjI.exe
  C:\Windows\System\WaYORjI.exe
  2⤵
  PID:8040
- C:\Windows\System\vjFRwoZ.exe
  C:\Windows\System\vjFRwoZ.exe
  2⤵
  PID:8056
- C:\Windows\System\kavJnwa.exe
  C:\Windows\System\kavJnwa.exe
  2⤵
  PID:8072
- C:\Windows\System\Arcwegl.exe
  C:\Windows\System\Arcwegl.exe
  2⤵
  PID:8088
- C:\Windows\System\OuGeJCy.exe
  C:\Windows\System\OuGeJCy.exe
  2⤵
  PID:8104
- C:\Windows\System\BMKZyWS.exe
  C:\Windows\System\BMKZyWS.exe
  2⤵
  PID:8120
- C:\Windows\System\oTYqqMK.exe
  C:\Windows\System\oTYqqMK.exe
  2⤵
  PID:8136
- C:\Windows\System\QxttlSg.exe
  C:\Windows\System\QxttlSg.exe
  2⤵
  PID:8160
- C:\Windows\System\PHvqulx.exe
  C:\Windows\System\PHvqulx.exe
  2⤵
  PID:8176
- C:\Windows\System\rJSRrML.exe
  C:\Windows\System\rJSRrML.exe
  2⤵
  PID:6244
- C:\Windows\System\pGLTreH.exe
  C:\Windows\System\pGLTreH.exe
  2⤵
  PID:7228
- C:\Windows\System\aOlslUk.exe
  C:\Windows\System\aOlslUk.exe
  2⤵
  PID:6240
- C:\Windows\System\cAllUNl.exe
  C:\Windows\System\cAllUNl.exe
  2⤵
  PID:7212
- C:\Windows\System\iIpDvvd.exe
  C:\Windows\System\iIpDvvd.exe
  2⤵
  PID:7276
- C:\Windows\System\WWZGtLp.exe
  C:\Windows\System\WWZGtLp.exe
  2⤵
  PID:7340
- C:\Windows\System\bXGvrQf.exe
  C:\Windows\System\bXGvrQf.exe
  2⤵
  PID:7404
- C:\Windows\System\GcYowlR.exe
  C:\Windows\System\GcYowlR.exe
  2⤵
  PID:7320
- C:\Windows\System\zVTYveM.exe
  C:\Windows\System\zVTYveM.exe
  2⤵
  PID:7384
- C:\Windows\System\Zickgvk.exe
  C:\Windows\System\Zickgvk.exe
  2⤵
  PID:7456
- C:\Windows\System\aFqHkeG.exe
  C:\Windows\System\aFqHkeG.exe
  2⤵
  PID:7520
- C:\Windows\System\lHWOcSj.exe
  C:\Windows\System\lHWOcSj.exe
  2⤵
  PID:7584
- C:\Windows\System\JBYycHR.exe
  C:\Windows\System\JBYycHR.exe
  2⤵
  PID:7568
- C:\Windows\System\kuBhdJT.exe
  C:\Windows\System\kuBhdJT.exe
  2⤵
  PID:7472
- C:\Windows\System\lbEZDNG.exe
  C:\Windows\System\lbEZDNG.exe
  2⤵
  PID:7600
- C:\Windows\System\YDIyJfT.exe
  C:\Windows\System\YDIyJfT.exe
  2⤵
  PID:7616
- C:\Windows\System\fqSvvde.exe
  C:\Windows\System\fqSvvde.exe
  2⤵
  PID:7636
- C:\Windows\System\lyiUaaD.exe
  C:\Windows\System\lyiUaaD.exe
  2⤵
  PID:7656
- C:\Windows\System\xRELabN.exe
  C:\Windows\System\xRELabN.exe
  2⤵
  PID:7664
- C:\Windows\System\wIgcess.exe
  C:\Windows\System\wIgcess.exe
  2⤵
  PID:7688
- C:\Windows\System\ugjZAUr.exe
  C:\Windows\System\ugjZAUr.exe
  2⤵
  PID:7704
- C:\Windows\System\CBjWAwD.exe
  C:\Windows\System\CBjWAwD.exe
  2⤵
  PID:7720
- C:\Windows\System\UJxdnrN.exe
  C:\Windows\System\UJxdnrN.exe
  2⤵
  PID:7740
- C:\Windows\System\BBOALrW.exe
  C:\Windows\System\BBOALrW.exe
  2⤵
  PID:7772
- C:\Windows\System\rWpTdoM.exe
  C:\Windows\System\rWpTdoM.exe
  2⤵
  PID:7776
- C:\Windows\System\xSDfgKS.exe
  C:\Windows\System\xSDfgKS.exe
  2⤵
  PID:7800
- C:\Windows\System\mcWtqCb.exe
  C:\Windows\System\mcWtqCb.exe
  2⤵
  PID:7828
- C:\Windows\System\qBNBXyo.exe
  C:\Windows\System\qBNBXyo.exe
  2⤵
  PID:7844
- C:\Windows\System\hfzCYKa.exe
  C:\Windows\System\hfzCYKa.exe
  2⤵
  PID:7864
- C:\Windows\System\rVuPVsP.exe
  C:\Windows\System\rVuPVsP.exe
  2⤵
  PID:7932
- C:\Windows\System\xQCDWOL.exe
  C:\Windows\System\xQCDWOL.exe
  2⤵
  PID:7912
- C:\Windows\System\PtvqRno.exe
  C:\Windows\System\PtvqRno.exe
  2⤵
  PID:7868
- C:\Windows\System\sWkxyXD.exe
  C:\Windows\System\sWkxyXD.exe
  2⤵
  PID:8016
- C:\Windows\System\RWpPhBu.exe
  C:\Windows\System\RWpPhBu.exe
  2⤵
  PID:8080
- C:\Windows\System\IfdqwmJ.exe
  C:\Windows\System\IfdqwmJ.exe
  2⤵
  PID:8148
- C:\Windows\System\iqmYhPa.exe
  C:\Windows\System\iqmYhPa.exe
  2⤵
  PID:8116
- C:\Windows\System\IxwAdUQ.exe
  C:\Windows\System\IxwAdUQ.exe
  2⤵
  PID:7272
- C:\Windows\System\seSlSgB.exe
  C:\Windows\System\seSlSgB.exe
  2⤵
  PID:7488
- C:\Windows\System\rhpyojH.exe
  C:\Windows\System\rhpyojH.exe
  2⤵
  PID:7244
- C:\Windows\System\VlRJFWa.exe
  C:\Windows\System\VlRJFWa.exe
  2⤵
  PID:8000
- C:\Windows\System\GsWYxcb.exe
  C:\Windows\System\GsWYxcb.exe
  2⤵
  PID:7508
- C:\Windows\System\rARfBBF.exe
  C:\Windows\System\rARfBBF.exe
  2⤵
  PID:7624
- C:\Windows\System\KWeAFju.exe
  C:\Windows\System\KWeAFju.exe
  2⤵
  PID:8068
- C:\Windows\System\rgEBegw.exe
  C:\Windows\System\rgEBegw.exe
  2⤵
  PID:7180
- C:\Windows\System\EJabmRf.exe
  C:\Windows\System\EJabmRf.exe
  2⤵
  PID:7444
- C:\Windows\System\FDfBAsF.exe
  C:\Windows\System\FDfBAsF.exe
  2⤵
  PID:7428
- C:\Windows\System\DuPMDRo.exe
  C:\Windows\System\DuPMDRo.exe
  2⤵
  PID:7336
- C:\Windows\System\BKQYbXG.exe
  C:\Windows\System\BKQYbXG.exe
  2⤵
  PID:7196
- C:\Windows\System\LZQYTUq.exe
  C:\Windows\System\LZQYTUq.exe
  2⤵
  PID:7640
- C:\Windows\System\FxtiWmD.exe
  C:\Windows\System\FxtiWmD.exe
  2⤵
  PID:7692
- C:\Windows\System\lgNMhhe.exe
  C:\Windows\System\lgNMhhe.exe
  2⤵
  PID:7712
- C:\Windows\System\uAuYKuX.exe
  C:\Windows\System\uAuYKuX.exe
  2⤵
  PID:7764
- C:\Windows\System\NOdEWUi.exe
  C:\Windows\System\NOdEWUi.exe
  2⤵
  PID:7836
- C:\Windows\System\QryWekG.exe
  C:\Windows\System\QryWekG.exe
  2⤵
  PID:7820
- C:\Windows\System\vasQVvg.exe
  C:\Windows\System\vasQVvg.exe
  2⤵
  PID:7880
- C:\Windows\System\xuzFIFL.exe
  C:\Windows\System\xuzFIFL.exe
  2⤵
  PID:8144
- C:\Windows\System\WfkGNEI.exe
  C:\Windows\System\WfkGNEI.exe
  2⤵
  PID:7536
- C:\Windows\System\bxRenff.exe
  C:\Windows\System\bxRenff.exe
  2⤵
  PID:8064
- C:\Windows\System\nBGamtn.exe
  C:\Windows\System\nBGamtn.exe
  2⤵
  PID:7980
- C:\Windows\System\uBzhTEd.exe
  C:\Windows\System\uBzhTEd.exe
  2⤵
  PID:7256
- C:\Windows\System\fROpzMD.exe
  C:\Windows\System\fROpzMD.exe
  2⤵
  PID:7356
- C:\Windows\System\pCYczCc.exe
  C:\Windows\System\pCYczCc.exe
  2⤵
  PID:7632
- C:\Windows\System\ItKmZVO.exe
  C:\Windows\System\ItKmZVO.exe
  2⤵
  PID:8132
- C:\Windows\System\izbCrUw.exe
  C:\Windows\System\izbCrUw.exe
  2⤵
  PID:7696
- C:\Windows\System\EhPMcfE.exe
  C:\Windows\System\EhPMcfE.exe
  2⤵
  PID:7680
- C:\Windows\System\xDoJjEv.exe
  C:\Windows\System\xDoJjEv.exe
  2⤵
  PID:7352
- C:\Windows\System\wMGYyya.exe
  C:\Windows\System\wMGYyya.exe
  2⤵
  PID:7892
- C:\Windows\System\pFZdleD.exe
  C:\Windows\System\pFZdleD.exe
  2⤵
  PID:7948
- C:\Windows\System\xSzCnbb.exe
  C:\Windows\System\xSzCnbb.exe
  2⤵
  PID:7552
- C:\Windows\System\pSWXViJ.exe
  C:\Windows\System\pSWXViJ.exe
  2⤵
  PID:7996
- C:\Windows\System\wIquqeN.exe
  C:\Windows\System\wIquqeN.exe
  2⤵
  PID:7224
- C:\Windows\System\cMDLKJc.exe
  C:\Windows\System\cMDLKJc.exe
  2⤵
  PID:7604
- C:\Windows\System\JTWhosM.exe
  C:\Windows\System\JTWhosM.exe
  2⤵
  PID:7824
- C:\Windows\System\XndHMfK.exe
  C:\Windows\System\XndHMfK.exe
  2⤵
  PID:7260
- C:\Windows\System\wWMdXyV.exe
  C:\Windows\System\wWMdXyV.exe
  2⤵
  PID:7652
- C:\Windows\System\Qsebcoq.exe
  C:\Windows\System\Qsebcoq.exe
  2⤵
  PID:7400
- C:\Windows\System\CyIKkfG.exe
  C:\Windows\System\CyIKkfG.exe
  2⤵
  PID:8212
- C:\Windows\System\DRrKdkd.exe
  C:\Windows\System\DRrKdkd.exe
  2⤵
  PID:8228
- C:\Windows\System\iQMioEv.exe
  C:\Windows\System\iQMioEv.exe
  2⤵
  PID:8244
- C:\Windows\System\SPZIuVs.exe
  C:\Windows\System\SPZIuVs.exe
  2⤵
  PID:8260
- C:\Windows\System\dugdRCs.exe
  C:\Windows\System\dugdRCs.exe
  2⤵
  PID:8276
- C:\Windows\System\Dgacccf.exe
  C:\Windows\System\Dgacccf.exe
  2⤵
  PID:8292
- C:\Windows\System\xpgjAba.exe
  C:\Windows\System\xpgjAba.exe
  2⤵
  PID:8308
- C:\Windows\System\EHRDzSY.exe
  C:\Windows\System\EHRDzSY.exe
  2⤵
  PID:8324
- C:\Windows\System\NCphYbX.exe
  C:\Windows\System\NCphYbX.exe
  2⤵
  PID:8340
- C:\Windows\System\SfOEZwK.exe
  C:\Windows\System\SfOEZwK.exe
  2⤵
  PID:8356
- C:\Windows\System\daXLqfN.exe
  C:\Windows\System\daXLqfN.exe
  2⤵
  PID:8372
- C:\Windows\System\nLDlqMf.exe
  C:\Windows\System\nLDlqMf.exe
  2⤵
  PID:8392
- C:\Windows\System\CdPkTtb.exe
  C:\Windows\System\CdPkTtb.exe
  2⤵
  PID:8408
- C:\Windows\System\lYnMGWW.exe
  C:\Windows\System\lYnMGWW.exe
  2⤵
  PID:8424
- C:\Windows\System\kTWdSfI.exe
  C:\Windows\System\kTWdSfI.exe
  2⤵
  PID:8444
- C:\Windows\System\IWzhgeN.exe
  C:\Windows\System\IWzhgeN.exe
  2⤵
  PID:8460
- C:\Windows\System\XGUZtvS.exe
  C:\Windows\System\XGUZtvS.exe
  2⤵
  PID:8476
- C:\Windows\System\OAdFsyS.exe
  C:\Windows\System\OAdFsyS.exe
  2⤵
  PID:8492
- C:\Windows\System\FYuHrZB.exe
  C:\Windows\System\FYuHrZB.exe
  2⤵
  PID:8508
- C:\Windows\System\YtOXMLR.exe
  C:\Windows\System\YtOXMLR.exe
  2⤵
  PID:8524
- C:\Windows\System\rzdVjox.exe
  C:\Windows\System\rzdVjox.exe
  2⤵
  PID:8540
- C:\Windows\System\wvTKItJ.exe
  C:\Windows\System\wvTKItJ.exe
  2⤵
  PID:8564
- C:\Windows\System\rQSXDpT.exe
  C:\Windows\System\rQSXDpT.exe
  2⤵
  PID:8580
- C:\Windows\System\ryhUoBA.exe
  C:\Windows\System\ryhUoBA.exe
  2⤵
  PID:8596
- C:\Windows\System\tnNsDYT.exe
  C:\Windows\System\tnNsDYT.exe
  2⤵
  PID:8612
- C:\Windows\System\aBtwums.exe
  C:\Windows\System\aBtwums.exe
  2⤵
  PID:8628
- C:\Windows\System\egaOuce.exe
  C:\Windows\System\egaOuce.exe
  2⤵
  PID:8644
- C:\Windows\System\ajWSDgI.exe
  C:\Windows\System\ajWSDgI.exe
  2⤵
  PID:8660
- C:\Windows\System\MRggbCP.exe
  C:\Windows\System\MRggbCP.exe
  2⤵
  PID:8676
- C:\Windows\System\VINCuFO.exe
  C:\Windows\System\VINCuFO.exe
  2⤵
  PID:8692
- C:\Windows\System\nqdVcCf.exe
  C:\Windows\System\nqdVcCf.exe
  2⤵
  PID:8708
- C:\Windows\System\wKFniZx.exe
  C:\Windows\System\wKFniZx.exe
  2⤵
  PID:8724
- C:\Windows\System\IYfneUz.exe
  C:\Windows\System\IYfneUz.exe
  2⤵
  PID:8740
- C:\Windows\System\WlJqqoj.exe
  C:\Windows\System\WlJqqoj.exe
  2⤵
  PID:8756
- C:\Windows\System\kiNFaQZ.exe
  C:\Windows\System\kiNFaQZ.exe
  2⤵
  PID:8820
- C:\Windows\System\JblHquE.exe
  C:\Windows\System\JblHquE.exe
  2⤵
  PID:8836
- C:\Windows\System\bCSsgrC.exe
  C:\Windows\System\bCSsgrC.exe
  2⤵
  PID:8864
- C:\Windows\System\CISnAui.exe
  C:\Windows\System\CISnAui.exe
  2⤵
  PID:8880
- C:\Windows\System\ShFMpOk.exe
  C:\Windows\System\ShFMpOk.exe
  2⤵
  PID:8896
- C:\Windows\System\nKpfowm.exe
  C:\Windows\System\nKpfowm.exe
  2⤵
  PID:8932
- C:\Windows\System\GJzxMkH.exe
  C:\Windows\System\GJzxMkH.exe
  2⤵
  PID:8956
- C:\Windows\System\bovUojv.exe
  C:\Windows\System\bovUojv.exe
  2⤵
  PID:8988
- C:\Windows\System\yYjkENe.exe
  C:\Windows\System\yYjkENe.exe
  2⤵
  PID:9020
- C:\Windows\System\DSKYzoP.exe
  C:\Windows\System\DSKYzoP.exe
  2⤵
  PID:9060
- C:\Windows\System\tsFTBdj.exe
  C:\Windows\System\tsFTBdj.exe
  2⤵
  PID:9100
- C:\Windows\System\TLklqOc.exe
  C:\Windows\System\TLklqOc.exe
  2⤵
  PID:9116
- C:\Windows\System\lyrBqkP.exe
  C:\Windows\System\lyrBqkP.exe
  2⤵
  PID:9136
- C:\Windows\System\zTtfPbU.exe
  C:\Windows\System\zTtfPbU.exe
  2⤵
  PID:9160
- C:\Windows\System\EOWDMHp.exe
  C:\Windows\System\EOWDMHp.exe
  2⤵
  PID:9188
- C:\Windows\System\SuTDFNg.exe
  C:\Windows\System\SuTDFNg.exe
  2⤵
  PID:7208
- C:\Windows\System\ATlecxU.exe
  C:\Windows\System\ATlecxU.exe
  2⤵
  PID:7796
- C:\Windows\System\EqyIoox.exe
  C:\Windows\System\EqyIoox.exe
  2⤵
  PID:8236
- C:\Windows\System\SQJuEnY.exe
  C:\Windows\System\SQJuEnY.exe
  2⤵
  PID:8256
- C:\Windows\System\GeiPFDP.exe
  C:\Windows\System\GeiPFDP.exe
  2⤵
  PID:8588
- C:\Windows\System\pBOKrnd.exe
  C:\Windows\System\pBOKrnd.exe
  2⤵
  PID:8860
- C:\Windows\System\PwvhFjN.exe
  C:\Windows\System\PwvhFjN.exe
  2⤵
  PID:8208
- C:\Windows\System\kXoKLAg.exe
  C:\Windows\System\kXoKLAg.exe
  2⤵
  PID:8052
- C:\Windows\System\qqbBeUf.exe
  C:\Windows\System\qqbBeUf.exe
  2⤵
  PID:8156
- C:\Windows\System\tEcbUtn.exe
  C:\Windows\System\tEcbUtn.exe
  2⤵
  PID:8400
- C:\Windows\System\YMmjIDl.exe
  C:\Windows\System\YMmjIDl.exe
  2⤵
  PID:8168
- C:\Windows\System\TXMQjWY.exe
  C:\Windows\System\TXMQjWY.exe
  2⤵
  PID:7288
- C:\Windows\System\STQyjgv.exe
  C:\Windows\System\STQyjgv.exe
  2⤵
  PID:8380
- C:\Windows\System\QsNBSIp.exe
  C:\Windows\System\QsNBSIp.exe
  2⤵
  PID:8420
- C:\Windows\System\ffEqMzx.exe
  C:\Windows\System\ffEqMzx.exe
  2⤵
  PID:8536
- C:\Windows\System\JnfsUhp.exe
  C:\Windows\System\JnfsUhp.exe
  2⤵
  PID:8560
- C:\Windows\System\JENwIxo.exe
  C:\Windows\System\JENwIxo.exe
  2⤵
  PID:8684
- C:\Windows\System\bLtjkvE.exe
  C:\Windows\System\bLtjkvE.exe
  2⤵
  PID:8608
- C:\Windows\System\sECzgxD.exe
  C:\Windows\System\sECzgxD.exe
  2⤵
  PID:8772
- C:\Windows\System\qgTveji.exe
  C:\Windows\System\qgTveji.exe
  2⤵
  PID:8736
- C:\Windows\System\NMszxSf.exe
  C:\Windows\System\NMszxSf.exe
  2⤵
  PID:8764
- C:\Windows\System\rawkcJQ.exe
  C:\Windows\System\rawkcJQ.exe
  2⤵
  PID:8780
- C:\Windows\System\pJPSuJz.exe
  C:\Windows\System\pJPSuJz.exe
  2⤵
  PID:8804
- C:\Windows\System\npnLZdt.exe
  C:\Windows\System\npnLZdt.exe
  2⤵
  PID:8872
- C:\Windows\System\UGslXWi.exe
  C:\Windows\System\UGslXWi.exe
  2⤵
  PID:8852
- C:\Windows\System\ONnwNUE.exe
  C:\Windows\System\ONnwNUE.exe
  2⤵
  PID:8964
- C:\Windows\System\MhszdSS.exe
  C:\Windows\System\MhszdSS.exe
  2⤵
  PID:8436
- C:\Windows\System\yxrwsaC.exe
  C:\Windows\System\yxrwsaC.exe
  2⤵
  PID:8856
- C:\Windows\System\tRVHzRD.exe
  C:\Windows\System\tRVHzRD.exe
  2⤵
  PID:9056
- C:\Windows\System\OupvyZD.exe
  C:\Windows\System\OupvyZD.exe
  2⤵
  PID:9112
- C:\Windows\System\MMydYLh.exe
  C:\Windows\System\MMydYLh.exe
  2⤵
  PID:9012
- C:\Windows\System\HBKBGdv.exe
  C:\Windows\System\HBKBGdv.exe
  2⤵
  PID:8996
- C:\Windows\System\QEIdwfP.exe
  C:\Windows\System\QEIdwfP.exe
  2⤵
  PID:9084
- C:\Windows\System\KBDabpr.exe
  C:\Windows\System\KBDabpr.exe
  2⤵
  PID:9156
- C:\Windows\System\HkalUgz.exe
  C:\Windows\System\HkalUgz.exe
  2⤵
  PID:9204
- C:\Windows\System\LDEBqOf.exe
  C:\Windows\System\LDEBqOf.exe
  2⤵
  PID:8404
- C:\Windows\System\fPyxeRH.exe
  C:\Windows\System\fPyxeRH.exe
  2⤵
  PID:7760
- C:\Windows\System\xeLJSLb.exe
  C:\Windows\System\xeLJSLb.exe
  2⤵
  PID:8432
- C:\Windows\System\VcVshCO.exe
  C:\Windows\System\VcVshCO.exe
  2⤵
  PID:8456
- C:\Windows\System\YgqpSfA.exe
  C:\Windows\System\YgqpSfA.exe
  2⤵
  PID:8532
- C:\Windows\System\zLPRwzN.exe
  C:\Windows\System\zLPRwzN.exe
  2⤵
  PID:8624
- C:\Windows\System\thxtTRC.exe
  C:\Windows\System\thxtTRC.exe
  2⤵
  PID:8572
- C:\Windows\System\SNfhFhr.exe
  C:\Windows\System\SNfhFhr.exe
  2⤵
  PID:8636
- C:\Windows\System\jQgLHgf.exe
  C:\Windows\System\jQgLHgf.exe
  2⤵
  PID:8800
- C:\Windows\System\NHbweGo.exe
  C:\Windows\System\NHbweGo.exe
  2⤵
  PID:8788
- C:\Windows\System\rtITHri.exe
  C:\Windows\System\rtITHri.exe
  2⤵
  PID:8816
- C:\Windows\System\BaHMxGF.exe
  C:\Windows\System\BaHMxGF.exe
  2⤵
  PID:8924
- C:\Windows\System\XmgbXac.exe
  C:\Windows\System\XmgbXac.exe
  2⤵
  PID:9032
- C:\Windows\System\dYrhUSs.exe
  C:\Windows\System\dYrhUSs.exe
  2⤵
  PID:9004
- C:\Windows\System\qrddgHZ.exe
  C:\Windows\System\qrddgHZ.exe
  2⤵
  PID:9068
- C:\Windows\System\HkteyzE.exe
  C:\Windows\System\HkteyzE.exe
  2⤵
  PID:9076
- C:\Windows\System\jOmPUmx.exe
  C:\Windows\System\jOmPUmx.exe
  2⤵
  PID:9096
- C:\Windows\System\ThpsoKk.exe
  C:\Windows\System\ThpsoKk.exe
  2⤵
  PID:9212
- C:\Windows\System\JtwBrFj.exe
  C:\Windows\System\JtwBrFj.exe
  2⤵
  PID:9184
- C:\Windows\System\UbilhbB.exe
  C:\Windows\System\UbilhbB.exe
  2⤵
  PID:8220
- C:\Windows\System\hTJrveq.exe
  C:\Windows\System\hTJrveq.exe
  2⤵
  PID:8388
- C:\Windows\System\sNnrfwy.exe
  C:\Windows\System\sNnrfwy.exe
  2⤵
  PID:8520
- C:\Windows\System\uVfXRYb.exe
  C:\Windows\System\uVfXRYb.exe
  2⤵
  PID:8688
- C:\Windows\System\TCZFqmp.exe
  C:\Windows\System\TCZFqmp.exe
  2⤵
  PID:8828
- C:\Windows\System\xUMrjiR.exe
  C:\Windows\System\xUMrjiR.exe
  2⤵
  PID:8916
- C:\Windows\System\LiEQgeQ.exe
  C:\Windows\System\LiEQgeQ.exe
  2⤵
  PID:9036
- C:\Windows\System\eoACfpw.exe
  C:\Windows\System\eoACfpw.exe
  2⤵
  PID:9124
- C:\Windows\System\tylULGy.exe
  C:\Windows\System\tylULGy.exe
  2⤵
  PID:9196
- C:\Windows\System\EzcJyFp.exe
  C:\Windows\System\EzcJyFp.exe
  2⤵
  PID:8488
- C:\Windows\System\Jyyzzna.exe
  C:\Windows\System\Jyyzzna.exe
  2⤵
  PID:9180
- C:\Windows\System\FkBkxlW.exe
  C:\Windows\System\FkBkxlW.exe
  2⤵
  PID:8752
- C:\Windows\System\IWdPWHI.exe
  C:\Windows\System\IWdPWHI.exe
  2⤵
  PID:8796
- C:\Windows\System\gAQuHuz.exe
  C:\Windows\System\gAQuHuz.exe
  2⤵
  PID:9028
- C:\Windows\System\DjKnSFn.exe
  C:\Windows\System\DjKnSFn.exe
  2⤵
  PID:9108
- C:\Windows\System\YzHoQyG.exe
  C:\Windows\System\YzHoQyG.exe
  2⤵
  PID:8368
- C:\Windows\System\KBuMzBb.exe
  C:\Windows\System\KBuMzBb.exe
  2⤵
  PID:9092
- C:\Windows\System\sxhYMUK.exe
  C:\Windows\System\sxhYMUK.exe
  2⤵
  PID:8700
- C:\Windows\System\GPngEIG.exe
  C:\Windows\System\GPngEIG.exe
  2⤵
  PID:8976
- C:\Windows\System\DCgTQrU.exe
  C:\Windows\System\DCgTQrU.exe
  2⤵
  PID:8188
- C:\Windows\System\nwYMDPv.exe
  C:\Windows\System\nwYMDPv.exe
  2⤵
  PID:8668
- C:\Windows\System\DhPzVEI.exe
  C:\Windows\System\DhPzVEI.exe
  2⤵
  PID:9132
- C:\Windows\System\NdRcEQs.exe
  C:\Windows\System\NdRcEQs.exe
  2⤵
  PID:9080
- C:\Windows\System\gFaFOYu.exe
  C:\Windows\System\gFaFOYu.exe
  2⤵
  PID:8552
- C:\Windows\System\PQHFymH.exe
  C:\Windows\System\PQHFymH.exe
  2⤵
  PID:9052
- C:\Windows\System\AfqvhSB.exe
  C:\Windows\System\AfqvhSB.exe
  2⤵
  PID:9232
- C:\Windows\System\uLLUxkx.exe
  C:\Windows\System\uLLUxkx.exe
  2⤵
  PID:9252
- C:\Windows\System\ewLynuF.exe
  C:\Windows\System\ewLynuF.exe
  2⤵
  PID:9276
- C:\Windows\System\YRWvSXb.exe
  C:\Windows\System\YRWvSXb.exe
  2⤵
  PID:9292
- C:\Windows\System\hksIVRM.exe
  C:\Windows\System\hksIVRM.exe
  2⤵
  PID:9316
- C:\Windows\System\VfICodf.exe
  C:\Windows\System\VfICodf.exe
  2⤵
  PID:9336
- C:\Windows\System\AnjOfWM.exe
  C:\Windows\System\AnjOfWM.exe
  2⤵
  PID:9352
- C:\Windows\System\HJzvUTS.exe
  C:\Windows\System\HJzvUTS.exe
  2⤵
  PID:9376
- C:\Windows\System\XMVFigV.exe
  C:\Windows\System\XMVFigV.exe
  2⤵
  PID:9392
- C:\Windows\System\oszuGOU.exe
  C:\Windows\System\oszuGOU.exe
  2⤵
  PID:9408
- C:\Windows\System\EDksihz.exe
  C:\Windows\System\EDksihz.exe
  2⤵
  PID:9428
- C:\Windows\System\TzUvljj.exe
  C:\Windows\System\TzUvljj.exe
  2⤵
  PID:9448
- C:\Windows\System\CEMfgzo.exe
  C:\Windows\System\CEMfgzo.exe
  2⤵
  PID:9476
- C:\Windows\System\RrNiCAX.exe
  C:\Windows\System\RrNiCAX.exe
  2⤵
  PID:9496
- C:\Windows\System\GKUajlH.exe
  C:\Windows\System\GKUajlH.exe
  2⤵
  PID:9516
- C:\Windows\System\AZSAjYh.exe
  C:\Windows\System\AZSAjYh.exe
  2⤵
  PID:9536
- C:\Windows\System\OwKygem.exe
  C:\Windows\System\OwKygem.exe
  2⤵
  PID:9556
- C:\Windows\System\sgzdVyV.exe
  C:\Windows\System\sgzdVyV.exe
  2⤵
  PID:9576
- C:\Windows\System\bwbsmtB.exe
  C:\Windows\System\bwbsmtB.exe
  2⤵
  PID:9596
- C:\Windows\System\AIxpooC.exe
  C:\Windows\System\AIxpooC.exe
  2⤵
  PID:9616
- C:\Windows\System\AhVTsLN.exe
  C:\Windows\System\AhVTsLN.exe
  2⤵
  PID:9636
- C:\Windows\System\qtfgCxU.exe
  C:\Windows\System\qtfgCxU.exe
  2⤵
  PID:9652
- C:\Windows\System\yszYOLV.exe
  C:\Windows\System\yszYOLV.exe
  2⤵
  PID:9672
- C:\Windows\System\gMnicQo.exe
  C:\Windows\System\gMnicQo.exe
  2⤵
  PID:9692
- C:\Windows\System\GiLDCQr.exe
  C:\Windows\System\GiLDCQr.exe
  2⤵
  PID:9720
- C:\Windows\System\qqeCWef.exe
  C:\Windows\System\qqeCWef.exe
  2⤵
  PID:9736
- C:\Windows\System\qQNDWlp.exe
  C:\Windows\System\qQNDWlp.exe
  2⤵
  PID:9752
- C:\Windows\System\cTLJUlM.exe
  C:\Windows\System\cTLJUlM.exe
  2⤵
  PID:9768
- C:\Windows\System\OlmZfam.exe
  C:\Windows\System\OlmZfam.exe
  2⤵
  PID:9784
- C:\Windows\System\IwPFVmN.exe
  C:\Windows\System\IwPFVmN.exe
  2⤵
  PID:9800
- C:\Windows\System\aZLmzyy.exe
  C:\Windows\System\aZLmzyy.exe
  2⤵
  PID:9816
- C:\Windows\System\kcjlujZ.exe
  C:\Windows\System\kcjlujZ.exe
  2⤵
  PID:9832
- C:\Windows\System\kFpMQtI.exe
  C:\Windows\System\kFpMQtI.exe
  2⤵
  PID:9852
- C:\Windows\System\TPhBbKt.exe
  C:\Windows\System\TPhBbKt.exe
  2⤵
  PID:9888
- C:\Windows\System\VHngcSS.exe
  C:\Windows\System\VHngcSS.exe
  2⤵
  PID:9916
- C:\Windows\System\AcJPfTp.exe
  C:\Windows\System\AcJPfTp.exe
  2⤵
  PID:9932
- C:\Windows\System\UTcVDKV.exe
  C:\Windows\System\UTcVDKV.exe
  2⤵
  PID:9956
- C:\Windows\System\IJJEfyZ.exe
  C:\Windows\System\IJJEfyZ.exe
  2⤵
  PID:9972
- C:\Windows\System\jyTQVXw.exe
  C:\Windows\System\jyTQVXw.exe
  2⤵
  PID:10000
- C:\Windows\System\imUKMpI.exe
  C:\Windows\System\imUKMpI.exe
  2⤵
  PID:10020
- C:\Windows\System\iuHKXDK.exe
  C:\Windows\System\iuHKXDK.exe
  2⤵
  PID:10036
- C:\Windows\System\YNXueoL.exe
  C:\Windows\System\YNXueoL.exe
  2⤵
  PID:10052
- C:\Windows\System\KHVgObM.exe
  C:\Windows\System\KHVgObM.exe
  2⤵
  PID:10068
- C:\Windows\System\yCPPrJg.exe
  C:\Windows\System\yCPPrJg.exe
  2⤵
  PID:10084
- C:\Windows\System\RWMKkHP.exe
  C:\Windows\System\RWMKkHP.exe
  2⤵
  PID:10100
- C:\Windows\System\MfKqAdj.exe
  C:\Windows\System\MfKqAdj.exe
  2⤵
  PID:10116
- C:\Windows\System\BlBbYxb.exe
  C:\Windows\System\BlBbYxb.exe
  2⤵
  PID:10132
- C:\Windows\System\DouAMpI.exe
  C:\Windows\System\DouAMpI.exe
  2⤵
  PID:10148
- C:\Windows\System\awntBNn.exe
  C:\Windows\System\awntBNn.exe
  2⤵
  PID:10196
- C:\Windows\System\OCMciPF.exe
  C:\Windows\System\OCMciPF.exe
  2⤵
  PID:10212
- C:\Windows\System\jCLCZBz.exe
  C:\Windows\System\jCLCZBz.exe
  2⤵
  PID:8948
- C:\Windows\System\jCYnpfd.exe
  C:\Windows\System\jCYnpfd.exe
  2⤵
  PID:9240
- C:\Windows\System\nnxfNVT.exe
  C:\Windows\System\nnxfNVT.exe
  2⤵
  PID:9272
- C:\Windows\System\dagDRHn.exe
  C:\Windows\System\dagDRHn.exe
  2⤵
  PID:9300
- C:\Windows\System\iRHcKLw.exe
  C:\Windows\System\iRHcKLw.exe
  2⤵
  PID:9324
- C:\Windows\System\loHeMXl.exe
  C:\Windows\System\loHeMXl.exe
  2⤵
  PID:9348
- C:\Windows\System\DrdKGCF.exe
  C:\Windows\System\DrdKGCF.exe
  2⤵
  PID:9372
- C:\Windows\System\wErIaNP.exe
  C:\Windows\System\wErIaNP.exe
  2⤵
  PID:9400
- C:\Windows\System\FmVTfap.exe
  C:\Windows\System\FmVTfap.exe
  2⤵
  PID:9436
- C:\Windows\System\QgCjyeD.exe
  C:\Windows\System\QgCjyeD.exe
  2⤵
  PID:9492
- C:\Windows\System\iVbIBSz.exe
  C:\Windows\System\iVbIBSz.exe
  2⤵
  PID:9544
- C:\Windows\System\yFMhYVF.exe
  C:\Windows\System\yFMhYVF.exe
  2⤵
  PID:9572
- C:\Windows\System\anjnTeW.exe
  C:\Windows\System\anjnTeW.exe
  2⤵
  PID:9604
- C:\Windows\System\PnInesp.exe
  C:\Windows\System\PnInesp.exe
  2⤵
  PID:9628
- C:\Windows\System\wIpznUr.exe
  C:\Windows\System\wIpznUr.exe
  2⤵
  PID:9648
- C:\Windows\System\hKgciVA.exe
  C:\Windows\System\hKgciVA.exe
  2⤵
  PID:9704
- C:\Windows\System\srcpZhl.exe
  C:\Windows\System\srcpZhl.exe
  2⤵
  PID:9732
- C:\Windows\System\KaadlTp.exe
  C:\Windows\System\KaadlTp.exe
  2⤵
  PID:9824
- C:\Windows\System\kqzEPuR.exe
  C:\Windows\System\kqzEPuR.exe
  2⤵
  PID:9780
- C:\Windows\System\dHxbGbS.exe
  C:\Windows\System\dHxbGbS.exe
  2⤵
  PID:9848
- C:\Windows\System\AIWdUwC.exe
  C:\Windows\System\AIWdUwC.exe
  2⤵
  PID:9872
- C:\Windows\System\VCwcpCA.exe
  C:\Windows\System\VCwcpCA.exe
  2⤵
  PID:9928
- C:\Windows\System\OGmxMmi.exe
  C:\Windows\System\OGmxMmi.exe
  2⤵
  PID:9944
- C:\Windows\System\DLhAxUr.exe
  C:\Windows\System\DLhAxUr.exe
  2⤵
  PID:9952
- C:\Windows\System\TqeTBau.exe
  C:\Windows\System\TqeTBau.exe
  2⤵
  PID:9984
- C:\Windows\System\OtILiuN.exe
  C:\Windows\System\OtILiuN.exe
  2⤵
  PID:10044
- C:\Windows\System\nFzKqcG.exe
  C:\Windows\System\nFzKqcG.exe
  2⤵
  PID:10128
- C:\Windows\System\DDdHjkm.exe
  C:\Windows\System\DDdHjkm.exe
  2⤵
  PID:10028
- C:\Windows\System\EhPyhsI.exe
  C:\Windows\System\EhPyhsI.exe
  2⤵
  PID:10160
- C:\Windows\System\kAgVQxV.exe
  C:\Windows\System\kAgVQxV.exe
  2⤵
  PID:10168
- C:\Windows\System\ozXojBn.exe
  C:\Windows\System\ozXojBn.exe
  2⤵
  PID:10192
- C:\Windows\System\bsBbyid.exe
  C:\Windows\System\bsBbyid.exe
  2⤵
  PID:10236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\LbyEwSJ.exe

Filesize
6.0MB

MD5
fbfcc315cdcc8cbb185704a2786fb9ef

SHA1
10216b408a4b2a67c88a98de01558f7861b01791

SHA256
c84feeac206a3981a288b935f3b4a54a35654a16ad716dfe79105733be700c5f

SHA512
e1a7c9e393db6eb57e9aaf186a48199d5f88ddacfff371b5f70adc29009af14781ee7c8e4633ae3a65167ec4c6ccd21e2d9157cfa683e0f854c23bda0cd7f527

Download Submit
C:\Windows\system\NbDGFdy.exe

Filesize
6.0MB

MD5
68528a772430e414bc5c488f6babc56f

SHA1
88733066e7859ecfdae9ed516a192e1b57830122

SHA256
aa64830768399a2923231a31491485be63b6010281d72415bf08d8012524e2ab

SHA512
9192964dae9f5ef29a4fdfbe86ee3d846349ccf5ed6c26e056ba6d86a618461c2a373bdd76ba418b23eaccdee89edb841a931f7ed70c76799d6452e2000c0efa

Download Submit
C:\Windows\system\OLFLWMb.exe

Filesize
6.0MB

MD5
3d022ed7cd34ce386fc320579dc79e0b

SHA1
c976c185ba1e93e3c9ea0a92d277db0553f2bcaa

SHA256
f4f68463ec5ba942552fac7b6e09b97d0d522b92b684052dc36663e7d2779dcc

SHA512
c0252f06f2cf784b5d0c8f17fa0e6a0fedb29bbdabbccd42be6a59c9e61228bcdd5a71d9ec469c9710c055553c87a27950eb41365d9decf294362aeb2e3cac3f

Download Submit
C:\Windows\system\OvKLpPy.exe

Filesize
6.0MB

MD5
82e58b6828db8bb66cfa82c80e389dc8

SHA1
10e6c72765e8ee5cdf6069bcc69c60f2b7c9c7ca

SHA256
9361c8a6945f28f19d66a77a9bd8c0e231e04820e40082eec93e91731ee49be4

SHA512
3125e47cb04469613dab3ed948861a2a0e72bf109d5194e23b008e8158276888e648ba23d230e7530869500433fdc535c0f4c88c262b75c0a0217b4447cf2197

Download Submit
C:\Windows\system\PijsOXC.exe

Filesize
6.0MB

MD5
2e0e22fbb75ee769ab9470bbcdd94dc8

SHA1
17be3e4a10f02d690bfd10a58887277e6bee92ce

SHA256
9d3061c365e621426c52c4f148ae9e6a85acf435aa3e4f1419e5d1a92e3992d0

SHA512
c5b049ac602bfece789e778528317f9c08bc3a3bc7809fbb4a43bda6fc2369aac1092060c5de8a32d54ad834db0fefa7f850e12652840902920d5b8fe246c28c

Download Submit
C:\Windows\system\RGKiton.exe

Filesize
6.0MB

MD5
31650d6af960d924c22b354140aa5c88

SHA1
6fac805ccb861f75db2288ba9d8cdeb34361a68f

SHA256
08df666074ca9525251e155b39616ee3ec2a0a14de1f35e9aa82194a58b2889c

SHA512
cd8faacb1d5bc0d663d214a29f88ccc4d508d7928b72249815212e83ae816d99c738fd53423df3c3b3925577380eff7df6764c8799c3793657afdbaa03da572c

Download Submit
C:\Windows\system\VWxQNxR.exe

Filesize
6.0MB

MD5
a8909b5fa71ed12c60e6ca7f70b1f517

SHA1
e8f925ca77559430eff279582b088136bed51f79

SHA256
1d132f281ec373b3fa69b51701f5c32192d066940712b0fb2f449bec3077f6c9

SHA512
359d4c4520c4e841b3613ae5318ad93834aa914a05f2bd63c8a6c3f5b021a0968a757d1247b5d201ef8d195baf65f241cceffe1eabdddd497cfc35bb487ffaab

Download Submit
C:\Windows\system\YFaeRjN.exe

Filesize
6.0MB

MD5
25f96e987d8564c3a8cb258d41ed52d3

SHA1
6cef5429af452a9b74b0c6c4e1788229c3a4eb7e

SHA256
1e74696176d1180c006c5f3d9c94505f4754f82e8f1d12c0745de5a365723386

SHA512
cfb82a19c1e17112710579c45a2c8122057def1533d4d4ec47e614868227618f65f2178e2dd25d2b04b3614009f11ac6c6554fc0bf5246037aeb68080af1c527

Download Submit
C:\Windows\system\ZjlPtqD.exe

Filesize
6.0MB

MD5
4a9bed59e5cb1dc9ca37b695d99fbffb

SHA1
79fc9dda80491ff58f2bde4bcc2569e21e8776e3

SHA256
8dd0470ceb8d8c0cddc4e38a68ceedfc7da0e5db15ea07fca1ca44adbfb0cf4c

SHA512
ca28f083a0d68caeadb77896e0e47f7660846e80c463ee653bd4a3d2d6dd6a5d0475e5f02f6678b798fcce92d458236eb88a3ce4ebf9dc83f43219aaac6ce862

Download Submit
C:\Windows\system\aOjibfJ.exe

Filesize
6.0MB

MD5
ba3c5b33952db94eb924b9755c5009e4

SHA1
4fa609a668e9bcb0a07a8c9d71c51a7966cade98

SHA256
0dee4ac3d8a347f75014d342eea0436e9a5cce9905dbe496147e6859845fdcfc

SHA512
993bf3f2c87531cea1d97af8681d0902f25028dd0b5963a3245adf57d8cafa20e05d9ae08ccf1118e5496b473f27842db8a713ad3a23799f163d4a39c6147ccf

Download Submit
C:\Windows\system\aVtsnZU.exe

Filesize
6.0MB

MD5
46702c61bbd89ed3ea06db9f3669173e

SHA1
ba4e8da4057313116939191d1c8dc9db260e3b5f

SHA256
9c53098ef2eeef4eee1380ab0685cff0ca080b81186f574d8a41a784bf322654

SHA512
eb5e0f6f817b31ee5acc8ca6ce051d44dd8fa6e5ebcdfe9b53049beaf871518c1842c9f58739cd02bab5fd981a425c11e8daffbb064b269d789438fba4ce5bad

Download Submit
C:\Windows\system\abrZUbw.exe

Filesize
6.0MB

MD5
8d4f7cdfb9d53406ce3295f007cca79d

SHA1
a789e63c80c9ccc43bc5b4655b56250aa6972d81

SHA256
4319e8e0cc4d18d32bb08b76820bb2de8d68e9617ddd0045f1981e474581eebe

SHA512
27ec76d7e53554f0fd02ae458683870123618354775d83f0642e5f3f8060160a9b12164032880749c9a16be81c9904f3ba2040122fa026a8e9e1fcca6873dde2

Download Submit
C:\Windows\system\bibykJs.exe

Filesize
6.0MB

MD5
6427c9dc50a90077ef9b44e21d2de3ec

SHA1
c18cdffe7ff2de3361895564279a41d003babb21

SHA256
83a536918097bd28008c3dcb8c54c566eff48dd9d873d6c1e7fdaba5b80672ef

SHA512
48cb6902236d131354273c2f63c25aa2b038972afd0aa36db101260b58d88d02488005e93e5061a163f79ddd05405ec25e4e736433220161316c736dca1a29f8

Download Submit
C:\Windows\system\dcxFpHT.exe

Filesize
6.0MB

MD5
c994f6809c3209d4aacff179fa42174a

SHA1
66a53c6195cec5959d81d0af537f2678b14f9a95

SHA256
14b8fa2ec73139731414ea24022c6832822dda34ef70a7e9dd49dbe97c566658

SHA512
a927b08c9f44577b369db1c17844a0d4484c73b737c5b1b4a779fc048a6b8fde6be1e4b9ffe9f4dd5e01875b7b61831bb78e85e9095e877be6aaf10929a72b48

Download Submit
C:\Windows\system\dykrClE.exe

Filesize
6.0MB

MD5
f63c88d2daf06b61dbb778e90e696a67

SHA1
16f392faddf7c9dae52e463ed9ce145548d16b29

SHA256
75bcefd7e500cf1ba6d87686e799ade79d3712cfab16ec57873e69279bce7d68

SHA512
a24966d0a97951afcbb965ccd602fcc03a396c8ebc56a2017d891aa41c377e79af8e403d9b443b2c3a13f3a2d6feb46c63c2992b7a28c6cdec43344fe2ac70ea

Download Submit
C:\Windows\system\paymKvg.exe

Filesize
6.0MB

MD5
e66b45f121dd94b07ccdda9ad2f4e8ea

SHA1
56eb32cd564919ce9011a750d344e20e355387b9

SHA256
1cfbaf6c1226ca751a8318fe977178f4c06f54831c3aeb7cdc468daafde779e4

SHA512
53aacee1ccc2eadc928cce2e7de06fd7df70a5542ad849580447c8516e644723ed6e7e0fc97d49c55b46af5ba1e115aa46011300d26043df6bedfc88143ac814

Download Submit
C:\Windows\system\rcWwzee.exe

Filesize
6.0MB

MD5
5d59e20bae73dc818913f8aa3b9c9d06

SHA1
3f8cb8b66fcc7b5d3a1e29a678989f1fc6a1d472

SHA256
0bf4ba0ad16187c4bf780c0434c059fe9c1c6f97a8e7f397dbc61c93ee9667a1

SHA512
c2a806933e7dc01fa94bae28086a6ef818eb32c0db2ac9d8816c579b3444cbf6518db4a590abc1ee9b78f0f5a49bd088918390353bd2aabff4d5f0b2bffc37c8

Download Submit
C:\Windows\system\rxLSSpi.exe

Filesize
6.0MB

MD5
84ce3a5769babfc2e25c9d50fdc70a2c

SHA1
9fd78260e3febd00c238477092d699c10a7e7545

SHA256
ffeb2688a60e84e37cafa17d2617f08a2016c4d5afb637971670c2aafc113c0b

SHA512
833b2bd0e60d53a5aa22a4cb59ccfa40596760eba09c166ed799d421d4094c9861673a17cbc606e3d52327ac3083e094ee243514112685f01b619e25233cfe6f

Download Submit
C:\Windows\system\tyHxhxG.exe

Filesize
6.0MB

MD5
4b02faafb3a16e07bbcee00086726b4b

SHA1
4941535c5c85b37a05f3dd657bc9bb5a4db415b9

SHA256
5c3ccb77b410298130062c0341f7dd5a384332ab96b60d90f35064ead8352a6e

SHA512
25b46107663dfdfa5a89b898f95be03adfe70e33b21c7255aaceafaaa4d5922b48d3b1a770e2183f26fef6c7fbe55cbc637644fa0e62156d9e49a520b2699c22

Download Submit
C:\Windows\system\uxOqjXh.exe

Filesize
6.0MB

MD5
4e08b721aa60ed630f1f85936f7a4a5d

SHA1
da174e741bf1b5759e9252b419ffba506ac26931

SHA256
6d123a25658e791ff5827b075b0e406e5b670427e823a3f57b84d857c4b14662

SHA512
0eda4b9d30e2e69fcfdb93f63cad2df4eb9d0ca3d58c521c1e8fb9ce4cde1e54011e10ba04f9e4c28336fc38a4ecd1f9308eed6ca97cb727c53add5d4fa93bcb

Download Submit
C:\Windows\system\vqXpcuB.exe

Filesize
6.0MB

MD5
d8f8c0ba4b7e6b4579dfd3e0587c4ebe

SHA1
40750dd08c28564694361c10e11d422544f59593

SHA256
b7712bf9bd6117eb5de335f856331a0ab6f0d34d4af884af14c5228dcb6a52f2

SHA512
a5a04a017ffc67031b6aaff06a2a21203447fdee3d3f457bc3fba7b3e048a8dd61d538c84b80439fb614f2204a4f0fc66b6a7cabb4722b99e4578955aea54bcb

Download Submit
C:\Windows\system\wfGirdu.exe

Filesize
6.0MB

MD5
13d6ad05d44c8bf0cf870a48863cbcc0

SHA1
df3d3a730aae449d80d20f6a8179db676300f576

SHA256
208872e5eb9de3ee989278038cadf3e4ff1043083832fad128707972a64a9dbe

SHA512
f8230aae338eadd917c25d029e6e8ce89cd6984c4cd13ff644a5339f361194c3ee6d6f04bb4bff39918e88b740189809d4066186e5552c8d2f5895c5edfb5851

Download Submit
C:\Windows\system\wpnMmpz.exe

Filesize
6.0MB

MD5
bf9b19ae7f37d7c076d16e24ebfd4db9

SHA1
c770cf832c0c90aacd259e248802eaea0a3a31ec

SHA256
e029729b466eefb8145964084e795a10b2ae74e06b0a12b466981bb04f2ebb5d

SHA512
25b242cfaab24156471a5ef98bc1a1d5a83bb5c239f30d7902cdf9781a99e11e208b45fb43257d9e61b33d1b7f7e556c251502b7df18b64af12f9e464e550816

Download Submit
C:\Windows\system\ylevmah.exe

Filesize
6.0MB

MD5
0ae9cf4fcd1cf1763d335e50423d8f07

SHA1
f15d448e9da6d8c0814e0efedfdab62fc304bdb0

SHA256
1b0925a1d5e1999bbc93d29a309ee4d2a775c7ced5291354702de15772d419f9

SHA512
84f2fbea3471d4120e391a4ea0f15ff7d098f4cda7c5c835721ff46021219e98361eb7f8ff30d9192333c367bb8c233bbcd8a00120b8d6736dfba4b290abccc4

Download Submit
C:\Windows\system\zbckQBE.exe

Filesize
6.0MB

MD5
049f34a49e1d15fa06942fd1d22fd8af

SHA1
6d197ef02ca008466824af34dca1b9e4eb88c028

SHA256
15dbb45bcc30d9c6fb8ee80968b80b72c36ff0f0760b02a35faad1317a5048d6

SHA512
e2fc081c923e58b68e174da6252cf860a1a7f99eef5346ec9f5e7866a27f1abf9e904d77d09bd88be411c799e72c5ef99578ac5680c51a87d88fb516db12686a

Download Submit
\Windows\system\IQsQRQb.exe

Filesize
6.0MB

MD5
8154995837a9219c9acae18482680c75

SHA1
fad053755a0c6570d749bad8f0a90a13d52086fb

SHA256
3ff7b2396a5e65211a03afcec831453e475d9f276f39edc1aedf0099eebb3131

SHA512
6c3f40fb7f7bab1e309ab9105ee69cbfcb9aba8916c67a739c248c6e27c3a7f80d12ec405cc005bb9d44b6ed4dc5e14293e4ea38de519d8086bfddc4492d8bf0

Download Submit
\Windows\system\KPRbvHT.exe

Filesize
6.0MB

MD5
a0d1ca0693b1b7098e55edbab35fbba8

SHA1
2eb9d65f873fb21ef714e523e5d448329140a96b

SHA256
02c193a92edcc50813c1dd8ebfe4c6bb065a033ae297f4714a00ca869037f419

SHA512
4d07c334cf62d61e8ea2a0cd1798a354cf4bc34bbd96ae1bd0e438553787c169715dc81fe32a60532a6f52f59034e2eb48273825d2cacdf089e896a3845daa25

Download Submit
\Windows\system\LFcmHED.exe

Filesize
6.0MB

MD5
6aeda3ef0e0692c5db6ac3618ad648d4

SHA1
dfa3f292dfc8554dc4db358dcc9ebcb5647381df

SHA256
21288faec3f2b1361fac7e6cbbb67fb8d6f411f10a148d4d619241011fd8c64a

SHA512
109bc0ed61819131e0e977bd54f290a9d09fb69428023ba48514cdf5b2df7cc07644a91401f03484a68e3025d983f8b737b24237fd4528e2175500f7c8822f86

Download Submit
\Windows\system\SsGSOol.exe

Filesize
6.0MB

MD5
dd46adf6ce9e9e6ec7cab1502ee69d46

SHA1
50dff03c551486be38c7c98dab001262d017c87d

SHA256
10bf62cdaf980ede294daf34eeb9a3668bc9b0e3bf8736587ea16e4a95f79709

SHA512
9a0aa992ecd4e35aaf5ed6921228fedd7a135349e1c8e8e7a46cf4cedd2552a1cc3236f2ee6cf3cf83bc053f3a1f68aeade9e5d5001ee4ba2f98f9756c89d6a1

Download Submit
\Windows\system\ZCotteP.exe

Filesize
6.0MB

MD5
39e7ace569dc5aad7a08e08e5907345e

SHA1
1d7742de6967ae9ed006642f04d8d5eb51b71fba

SHA256
6548324b69c77a879928c3e70b578bcccd30803aac815696d9451e2588a12fb8

SHA512
ddcf47cb1505d3d13e0bcb51f15b85e0d453c6f8616195ae1ce78bdfc420301a61a41fd86a5cb4f8eb28fb82d54a83094d76307faed9cfa502f6241305ddb0b4

Download Submit
\Windows\system\ZKIhWcL.exe

Filesize
6.0MB

MD5
32844eacaf2534f07bfb6e3823047ced

SHA1
72a46fba31795b0ee83fa3e2800b58145868fc72

SHA256
11ea78d82cc0f2e087402e7f5471f592b0c6ad2562bdc3d731352ede1ad7aa94

SHA512
5f575e63b7e15d7f4a397308f14a0f24513b969905f97deeb80c923292137a52f27dc074f0ab3ca755a3f786106d7fe9d74d4774a9bb3d1995d9bd5fd48d4c1d

Download Submit
\Windows\system\tiCqDgz.exe

Filesize
6.0MB

MD5
f884478a4a54c6523f8cb71e96fa2035

SHA1
d88cb2235327c386da16d4f4ce1cab60819e6606

SHA256
532ebae7b0d1aa2d75d0c1c005d1d5066023c1f3ba522592d25aeae74f29d877

SHA512
d3ee017552ff2c18d2dff88cba65723db11058f4dfd9a67146cc4387af973ade39dc7442c9341ca01c25ebe66faf7a031632c3ecfd2ecdbf284597f4077d2fd4

Download Submit
memory/292-57-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/292-3382-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/292-29-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/568-4065-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/604-4064-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/604-88-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-4062-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1788-96-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2120-92-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2120-80-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2120-82-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2120-18-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2120-16-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2120-85-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-621-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2120-921-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2120-496-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2120-67-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2120-91-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2120-58-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2120-33-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2120-39-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2120-95-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2120-99-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2120-41-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2120-23-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2120-51-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2120-0-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2200-42-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2200-73-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3476-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2344-3283-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-12-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-44-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3834-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-193-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-76-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3777-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-69-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3692-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2752-53-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3390-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2788-35-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2788-65-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2888-61-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3708-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3274-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2968-19-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2984-83-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-4063-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-21-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3378-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/3004-49-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download