cobaltstrike | bb5c16268d6e35786770ce4cc734c3c7864108bf3e1f6eac0f8ed8e9a9a710fb

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
28-12-2024 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3890c00fdeada5e652cbd4c8cbbb780c
SHA1

7273f551f319f8b767b76f9f10c3886c4c667d02
SHA256

bb5c16268d6e35786770ce4cc734c3c7864108bf3e1f6eac0f8ed8e9a9a710fb
SHA512

8f01958c2ce2e5fe1343ae4a5ccd876d0a7e0e14672c7a197c64deb41e5d119244a6f0cd79f24025d3a5a7dbd9be6ed2148a081b02df025f647420721ca65498
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186f1-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018739-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018744-42.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018704-31.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001878e-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-103.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001749c-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019641-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962d-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962f-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f0-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019512-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019509-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ee-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b9-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f1-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a9-68.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019451-57.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ed-18.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186e7-10.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2628-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-3.dat	xmrig
behavioral1/memory/2164-9-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x00070000000186f1-21.dat	xmrig
behavioral1/memory/2544-36-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x0006000000018739-39.dat	xmrig
behavioral1/files/0x0006000000018744-42.dat	xmrig
behavioral1/memory/2840-41-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1284-32-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0006000000018704-31.dat	xmrig
behavioral1/files/0x000900000001878e-49.dat	xmrig
behavioral1/files/0x0005000000019502-103.dat	xmrig
behavioral1/files/0x000900000001749c-111.dat	xmrig
behavioral1/files/0x0005000000019624-159.dat	xmrig
behavioral1/files/0x0005000000019641-187.dat	xmrig
behavioral1/files/0x000500000001962d-179.dat	xmrig
behavioral1/memory/1284-3219-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2976-3270-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2020-3245-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2164-3240-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2808-3329-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2376-3361-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2692-3278-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2840-3277-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2864-3276-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2980-3272-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2796-3262-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2544-3260-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2616-3213-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2808-939-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2376-850-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2628-542-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2864-442-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2976-293-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019627-172.dat	xmrig
behavioral1/files/0x000500000001962f-185.dat	xmrig
behavioral1/files/0x000500000001962b-176.dat	xmrig
behavioral1/files/0x0005000000019621-150.dat	xmrig
behavioral1/files/0x0005000000019625-168.dat	xmrig
behavioral1/files/0x00050000000195ab-143.dat	xmrig
behavioral1/files/0x0005000000019623-155.dat	xmrig
behavioral1/files/0x00050000000195f0-146.dat	xmrig
behavioral1/files/0x000500000001957e-132.dat	xmrig
behavioral1/files/0x000500000001958e-137.dat	xmrig
behavioral1/files/0x0005000000019512-127.dat	xmrig
behavioral1/files/0x000500000001950e-123.dat	xmrig
behavioral1/memory/2808-104-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0005000000019509-108.dat	xmrig
behavioral1/files/0x00050000000194ee-102.dat	xmrig
behavioral1/files/0x00050000000194b9-101.dat	xmrig
behavioral1/files/0x0005000000019458-100.dat	xmrig
behavioral1/memory/2840-99-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2376-98-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2628-96-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x00050000000194f1-95.dat	xmrig
behavioral1/memory/2692-94-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2628-85-0x0000000002330000-0x0000000002684000-memory.dmp	xmrig
behavioral1/files/0x00050000000194c9-82.dat	xmrig
behavioral1/memory/2976-62-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2864-71-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2616-69-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a9-68.dat	xmrig
behavioral1/memory/2796-58-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0007000000019451-57.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2164	DYAnRuk.exe
2616	ZgYlCcD.exe
2020	YXRmYEb.exe
1284	fwkdgdb.exe
2544	oaHgNgc.exe
2840	xZRLbUz.exe
2980	HgAadyd.exe
2796	lAqCZSk.exe
2976	rShcWrH.exe
2864	fORMhbS.exe
2692	nnxDKJo.exe
2376	IZPBMrD.exe
2808	NaiHvWB.exe
2744	mwRMjwH.exe
2736	FnxCDTf.exe
2488	cOtDgvl.exe
2148	QtsiVde.exe
2012	YbJOISD.exe
2036	CAkQUVk.exe
1620	MuNQRVp.exe
1304	PrumMcW.exe
2892	qPhPDqf.exe
868	rnTFpcw.exe
3000	QnZjADn.exe
2136	nsprZMc.exe
3032	wezSNuP.exe
2900	JTMLoPf.exe
1920	xkzvAZt.exe
2792	QYzmHAg.exe
1616	HOLKiKc.exe
1740	LhQMunk.exe
2668	LMwYZyH.exe
1612	SpKcrBt.exe
2112	kBrrpiK.exe
1552	JDUVMfp.exe
1028	LWBHSvz.exe
1580	sficLSi.exe
1344	MNUNPBL.exe
700	OqbBzhx.exe
2776	WNKkurl.exe
1688	CutVEub.exe
2172	towxmEC.exe
2656	jQUHbah.exe
344	GXLIxFE.exe
2920	rlvGbxu.exe
2600	xlAfNix.exe
1852	iktAmum.exe
1960	rUirOqi.exe
900	yzUHWSz.exe
2648	sfMscQB.exe
1704	RLKTgtH.exe
2564	fgsWAhy.exe
652	LYZspDi.exe
1988	lEeIVlG.exe
2780	VvZPvYB.exe
2952	ClchfUS.exe
3016	IGQgxEW.exe
2716	RFWPNsj.exe
2552	jgSccML.exe
2224	TmOEINy.exe
2592	zTdNzNi.exe
2496	xqQdBdF.exe
1700	BMoBCRT.exe
1064	dTBIPNU.exe

Loads dropped DLL 64 IoCs

pid	Process
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2628-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x0007000000012118-3.dat	upx
behavioral1/memory/2164-9-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x00070000000186f1-21.dat	upx
behavioral1/memory/2544-36-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x0006000000018739-39.dat	upx
behavioral1/files/0x0006000000018744-42.dat	upx
behavioral1/memory/2840-41-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1284-32-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0006000000018704-31.dat	upx
behavioral1/files/0x000900000001878e-49.dat	upx
behavioral1/files/0x0005000000019502-103.dat	upx
behavioral1/files/0x000900000001749c-111.dat	upx
behavioral1/files/0x0005000000019624-159.dat	upx
behavioral1/files/0x0005000000019641-187.dat	upx
behavioral1/files/0x000500000001962d-179.dat	upx
behavioral1/memory/1284-3219-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2976-3270-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2020-3245-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2164-3240-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2808-3329-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2376-3361-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2692-3278-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2840-3277-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2864-3276-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2980-3272-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2796-3262-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2544-3260-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2616-3213-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2808-939-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2376-850-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2864-442-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2976-293-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0005000000019627-172.dat	upx
behavioral1/files/0x000500000001962f-185.dat	upx
behavioral1/files/0x000500000001962b-176.dat	upx
behavioral1/files/0x0005000000019621-150.dat	upx
behavioral1/files/0x0005000000019625-168.dat	upx
behavioral1/files/0x00050000000195ab-143.dat	upx
behavioral1/files/0x0005000000019623-155.dat	upx
behavioral1/files/0x00050000000195f0-146.dat	upx
behavioral1/files/0x000500000001957e-132.dat	upx
behavioral1/files/0x000500000001958e-137.dat	upx
behavioral1/files/0x0005000000019512-127.dat	upx
behavioral1/files/0x000500000001950e-123.dat	upx
behavioral1/memory/2808-104-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0005000000019509-108.dat	upx
behavioral1/files/0x00050000000194ee-102.dat	upx
behavioral1/files/0x00050000000194b9-101.dat	upx
behavioral1/files/0x0005000000019458-100.dat	upx
behavioral1/memory/2840-99-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2376-98-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x00050000000194f1-95.dat	upx
behavioral1/memory/2692-94-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x00050000000194c9-82.dat	upx
behavioral1/memory/2976-62-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2864-71-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2616-69-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x00050000000194a9-68.dat	upx
behavioral1/memory/2796-58-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x0007000000019451-57.dat	upx
behavioral1/memory/2628-55-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2980-48-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2020-30-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PInaSaQ.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jkmtvqy.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClchfUS.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWmcKbQ.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OaPGzla.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeYnBSy.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhsjFqe.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtyPVgj.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gwfBHkb.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzxDEvH.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YGiKawc.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLKTgtH.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUsBvWz.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIwdmFB.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYiYhtS.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuMWUKP.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLUfrsY.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTFeOas.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pdaVcqY.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFOunsG.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkbWQlv.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvbVMBk.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeqsCSj.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYnlbIa.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSspAZt.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBbNFRB.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlAfaUK.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHjBbeV.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKXmSry.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNUNPBL.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLNXIQX.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvnACWW.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgVjfxy.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDEVOte.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udqWyOx.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmdsbUO.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyqLGIB.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqcEFDd.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mKKrNQO.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UuzIGPi.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSMlgUz.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzXErvA.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPXSDPh.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KyLMqod.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhKnCyX.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtwCfLs.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MufVcLe.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTflmgC.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCmvPOn.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQpXSAL.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXcnjTL.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIcCIUX.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWwuaeH.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzVAahB.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBIrXZU.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yeyOivv.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdCIalk.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gUOraqy.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IazbLDA.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phJhYQf.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOxEwwn.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XNfZyGA.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\godAqaB.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfApeSL.exe	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2164	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2628 wrote to memory of 2164	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2628 wrote to memory of 2164	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2628 wrote to memory of 2616	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2628 wrote to memory of 2616	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2628 wrote to memory of 2616	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2628 wrote to memory of 2020	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2628 wrote to memory of 2020	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2628 wrote to memory of 2020	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2628 wrote to memory of 1284	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2628 wrote to memory of 1284	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2628 wrote to memory of 1284	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2628 wrote to memory of 2544	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2628 wrote to memory of 2544	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2628 wrote to memory of 2544	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2628 wrote to memory of 2840	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2628 wrote to memory of 2840	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2628 wrote to memory of 2840	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2628 wrote to memory of 2980	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2628 wrote to memory of 2980	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2628 wrote to memory of 2980	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2628 wrote to memory of 2796	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2628 wrote to memory of 2796	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2628 wrote to memory of 2796	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2628 wrote to memory of 2976	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2628 wrote to memory of 2976	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2628 wrote to memory of 2976	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2628 wrote to memory of 2808	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2628 wrote to memory of 2808	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2628 wrote to memory of 2808	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2628 wrote to memory of 2864	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2628 wrote to memory of 2864	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2628 wrote to memory of 2864	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2628 wrote to memory of 2744	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2628 wrote to memory of 2744	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2628 wrote to memory of 2744	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2628 wrote to memory of 2692	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2628 wrote to memory of 2692	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2628 wrote to memory of 2692	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2628 wrote to memory of 2736	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2628 wrote to memory of 2736	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2628 wrote to memory of 2736	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2628 wrote to memory of 2376	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2628 wrote to memory of 2376	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2628 wrote to memory of 2376	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2628 wrote to memory of 2488	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2628 wrote to memory of 2488	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2628 wrote to memory of 2488	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2628 wrote to memory of 2148	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2628 wrote to memory of 2148	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2628 wrote to memory of 2148	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2628 wrote to memory of 2012	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2628 wrote to memory of 2012	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2628 wrote to memory of 2012	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2628 wrote to memory of 2036	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2628 wrote to memory of 2036	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2628 wrote to memory of 2036	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2628 wrote to memory of 1620	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2628 wrote to memory of 1620	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2628 wrote to memory of 1620	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2628 wrote to memory of 1304	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2628 wrote to memory of 1304	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2628 wrote to memory of 1304	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2628 wrote to memory of 2892	2628	2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-28_3890c00fdeada5e652cbd4c8cbbb780c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Windows\System\DYAnRuk.exe
  C:\Windows\System\DYAnRuk.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\ZgYlCcD.exe
  C:\Windows\System\ZgYlCcD.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\YXRmYEb.exe
  C:\Windows\System\YXRmYEb.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\fwkdgdb.exe
  C:\Windows\System\fwkdgdb.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\oaHgNgc.exe
  C:\Windows\System\oaHgNgc.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\xZRLbUz.exe
  C:\Windows\System\xZRLbUz.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\HgAadyd.exe
  C:\Windows\System\HgAadyd.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\lAqCZSk.exe
  C:\Windows\System\lAqCZSk.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\rShcWrH.exe
  C:\Windows\System\rShcWrH.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\NaiHvWB.exe
  C:\Windows\System\NaiHvWB.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\fORMhbS.exe
  C:\Windows\System\fORMhbS.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\mwRMjwH.exe
  C:\Windows\System\mwRMjwH.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\nnxDKJo.exe
  C:\Windows\System\nnxDKJo.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\FnxCDTf.exe
  C:\Windows\System\FnxCDTf.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\IZPBMrD.exe
  C:\Windows\System\IZPBMrD.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\cOtDgvl.exe
  C:\Windows\System\cOtDgvl.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\QtsiVde.exe
  C:\Windows\System\QtsiVde.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\YbJOISD.exe
  C:\Windows\System\YbJOISD.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\CAkQUVk.exe
  C:\Windows\System\CAkQUVk.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\MuNQRVp.exe
  C:\Windows\System\MuNQRVp.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\PrumMcW.exe
  C:\Windows\System\PrumMcW.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\qPhPDqf.exe
  C:\Windows\System\qPhPDqf.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\rnTFpcw.exe
  C:\Windows\System\rnTFpcw.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\QnZjADn.exe
  C:\Windows\System\QnZjADn.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\wezSNuP.exe
  C:\Windows\System\wezSNuP.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\nsprZMc.exe
  C:\Windows\System\nsprZMc.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\JTMLoPf.exe
  C:\Windows\System\JTMLoPf.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\xkzvAZt.exe
  C:\Windows\System\xkzvAZt.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\QYzmHAg.exe
  C:\Windows\System\QYzmHAg.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\HOLKiKc.exe
  C:\Windows\System\HOLKiKc.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\SpKcrBt.exe
  C:\Windows\System\SpKcrBt.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\LhQMunk.exe
  C:\Windows\System\LhQMunk.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\kBrrpiK.exe
  C:\Windows\System\kBrrpiK.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\LMwYZyH.exe
  C:\Windows\System\LMwYZyH.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\LWBHSvz.exe
  C:\Windows\System\LWBHSvz.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\JDUVMfp.exe
  C:\Windows\System\JDUVMfp.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\sficLSi.exe
  C:\Windows\System\sficLSi.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\MNUNPBL.exe
  C:\Windows\System\MNUNPBL.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\OqbBzhx.exe
  C:\Windows\System\OqbBzhx.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\WNKkurl.exe
  C:\Windows\System\WNKkurl.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\CutVEub.exe
  C:\Windows\System\CutVEub.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\towxmEC.exe
  C:\Windows\System\towxmEC.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\jQUHbah.exe
  C:\Windows\System\jQUHbah.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\GXLIxFE.exe
  C:\Windows\System\GXLIxFE.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\xlAfNix.exe
  C:\Windows\System\xlAfNix.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\rlvGbxu.exe
  C:\Windows\System\rlvGbxu.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\iktAmum.exe
  C:\Windows\System\iktAmum.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\rUirOqi.exe
  C:\Windows\System\rUirOqi.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\yzUHWSz.exe
  C:\Windows\System\yzUHWSz.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\sfMscQB.exe
  C:\Windows\System\sfMscQB.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\fgsWAhy.exe
  C:\Windows\System\fgsWAhy.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\RLKTgtH.exe
  C:\Windows\System\RLKTgtH.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\lEeIVlG.exe
  C:\Windows\System\lEeIVlG.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\LYZspDi.exe
  C:\Windows\System\LYZspDi.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\VvZPvYB.exe
  C:\Windows\System\VvZPvYB.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ClchfUS.exe
  C:\Windows\System\ClchfUS.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\IGQgxEW.exe
  C:\Windows\System\IGQgxEW.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\RFWPNsj.exe
  C:\Windows\System\RFWPNsj.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\jgSccML.exe
  C:\Windows\System\jgSccML.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\TmOEINy.exe
  C:\Windows\System\TmOEINy.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\zTdNzNi.exe
  C:\Windows\System\zTdNzNi.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\xqQdBdF.exe
  C:\Windows\System\xqQdBdF.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\BMoBCRT.exe
  C:\Windows\System\BMoBCRT.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\dTBIPNU.exe
  C:\Windows\System\dTBIPNU.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\nOxHwoS.exe
  C:\Windows\System\nOxHwoS.exe
  2⤵
  PID:1300
- C:\Windows\System\tNzDPta.exe
  C:\Windows\System\tNzDPta.exe
  2⤵
  PID:1072
- C:\Windows\System\cXLRoui.exe
  C:\Windows\System\cXLRoui.exe
  2⤵
  PID:640
- C:\Windows\System\XJmagXR.exe
  C:\Windows\System\XJmagXR.exe
  2⤵
  PID:556
- C:\Windows\System\SFDiknh.exe
  C:\Windows\System\SFDiknh.exe
  2⤵
  PID:2272
- C:\Windows\System\ywlGCIO.exe
  C:\Windows\System\ywlGCIO.exe
  2⤵
  PID:1632
- C:\Windows\System\nSPogpC.exe
  C:\Windows\System\nSPogpC.exe
  2⤵
  PID:1032
- C:\Windows\System\oTrgZKw.exe
  C:\Windows\System\oTrgZKw.exe
  2⤵
  PID:1036
- C:\Windows\System\ByFRCjC.exe
  C:\Windows\System\ByFRCjC.exe
  2⤵
  PID:1656
- C:\Windows\System\JQeoNLD.exe
  C:\Windows\System\JQeoNLD.exe
  2⤵
  PID:964
- C:\Windows\System\urENUNO.exe
  C:\Windows\System\urENUNO.exe
  2⤵
  PID:1664
- C:\Windows\System\hvqpWzH.exe
  C:\Windows\System\hvqpWzH.exe
  2⤵
  PID:576
- C:\Windows\System\uaGOvbs.exe
  C:\Windows\System\uaGOvbs.exe
  2⤵
  PID:2528
- C:\Windows\System\ejDJzrJ.exe
  C:\Windows\System\ejDJzrJ.exe
  2⤵
  PID:2540
- C:\Windows\System\ecrrWly.exe
  C:\Windows\System\ecrrWly.exe
  2⤵
  PID:1496
- C:\Windows\System\Psqclew.exe
  C:\Windows\System\Psqclew.exe
  2⤵
  PID:1872
- C:\Windows\System\ZPhsVac.exe
  C:\Windows\System\ZPhsVac.exe
  2⤵
  PID:2304
- C:\Windows\System\sDUNesT.exe
  C:\Windows\System\sDUNesT.exe
  2⤵
  PID:3044
- C:\Windows\System\FpYaLPt.exe
  C:\Windows\System\FpYaLPt.exe
  2⤵
  PID:2160
- C:\Windows\System\yOnpEVN.exe
  C:\Windows\System\yOnpEVN.exe
  2⤵
  PID:1592
- C:\Windows\System\gMiwrTT.exe
  C:\Windows\System\gMiwrTT.exe
  2⤵
  PID:3052
- C:\Windows\System\caURYNl.exe
  C:\Windows\System\caURYNl.exe
  2⤵
  PID:2604
- C:\Windows\System\LTrjGXt.exe
  C:\Windows\System\LTrjGXt.exe
  2⤵
  PID:2228
- C:\Windows\System\vZdGxhI.exe
  C:\Windows\System\vZdGxhI.exe
  2⤵
  PID:2812
- C:\Windows\System\ivfrHyq.exe
  C:\Windows\System\ivfrHyq.exe
  2⤵
  PID:3020
- C:\Windows\System\hyJKJPA.exe
  C:\Windows\System\hyJKJPA.exe
  2⤵
  PID:1672
- C:\Windows\System\psEmFrH.exe
  C:\Windows\System\psEmFrH.exe
  2⤵
  PID:2168
- C:\Windows\System\BRkHNrS.exe
  C:\Windows\System\BRkHNrS.exe
  2⤵
  PID:768
- C:\Windows\System\fCgaZHx.exe
  C:\Windows\System\fCgaZHx.exe
  2⤵
  PID:2336
- C:\Windows\System\NAZprJX.exe
  C:\Windows\System\NAZprJX.exe
  2⤵
  PID:1424
- C:\Windows\System\ALcoJbY.exe
  C:\Windows\System\ALcoJbY.exe
  2⤵
  PID:2912
- C:\Windows\System\GlEWaSi.exe
  C:\Windows\System\GlEWaSi.exe
  2⤵
  PID:920
- C:\Windows\System\WOpNXgJ.exe
  C:\Windows\System\WOpNXgJ.exe
  2⤵
  PID:932
- C:\Windows\System\GkAPKDp.exe
  C:\Windows\System\GkAPKDp.exe
  2⤵
  PID:2468
- C:\Windows\System\ueEuvWh.exe
  C:\Windows\System\ueEuvWh.exe
  2⤵
  PID:2520
- C:\Windows\System\wvZsgtU.exe
  C:\Windows\System\wvZsgtU.exe
  2⤵
  PID:3060
- C:\Windows\System\mUOUYIX.exe
  C:\Windows\System\mUOUYIX.exe
  2⤵
  PID:2072
- C:\Windows\System\PmEgaoL.exe
  C:\Windows\System\PmEgaoL.exe
  2⤵
  PID:1568
- C:\Windows\System\ZlYsbmV.exe
  C:\Windows\System\ZlYsbmV.exe
  2⤵
  PID:1088
- C:\Windows\System\EkguiUw.exe
  C:\Windows\System\EkguiUw.exe
  2⤵
  PID:1256
- C:\Windows\System\LeMXVsR.exe
  C:\Windows\System\LeMXVsR.exe
  2⤵
  PID:3028
- C:\Windows\System\yzjNCjc.exe
  C:\Windows\System\yzjNCjc.exe
  2⤵
  PID:1728
- C:\Windows\System\bzzaoXp.exe
  C:\Windows\System\bzzaoXp.exe
  2⤵
  PID:872
- C:\Windows\System\tGKGVGw.exe
  C:\Windows\System\tGKGVGw.exe
  2⤵
  PID:888
- C:\Windows\System\zUbSVII.exe
  C:\Windows\System\zUbSVII.exe
  2⤵
  PID:696
- C:\Windows\System\EeSWobE.exe
  C:\Windows\System\EeSWobE.exe
  2⤵
  PID:1536
- C:\Windows\System\eZpxTwn.exe
  C:\Windows\System\eZpxTwn.exe
  2⤵
  PID:3092
- C:\Windows\System\ADuvULB.exe
  C:\Windows\System\ADuvULB.exe
  2⤵
  PID:3112
- C:\Windows\System\drdYhDa.exe
  C:\Windows\System\drdYhDa.exe
  2⤵
  PID:3132
- C:\Windows\System\OCUslrH.exe
  C:\Windows\System\OCUslrH.exe
  2⤵
  PID:3160
- C:\Windows\System\UNEtMrq.exe
  C:\Windows\System\UNEtMrq.exe
  2⤵
  PID:3180
- C:\Windows\System\lBhbJYQ.exe
  C:\Windows\System\lBhbJYQ.exe
  2⤵
  PID:3196
- C:\Windows\System\bfFNaHT.exe
  C:\Windows\System\bfFNaHT.exe
  2⤵
  PID:3224
- C:\Windows\System\KiwVgxp.exe
  C:\Windows\System\KiwVgxp.exe
  2⤵
  PID:3248
- C:\Windows\System\xfHSgNm.exe
  C:\Windows\System\xfHSgNm.exe
  2⤵
  PID:3268
- C:\Windows\System\gmJYfOM.exe
  C:\Windows\System\gmJYfOM.exe
  2⤵
  PID:3288
- C:\Windows\System\nrySzlF.exe
  C:\Windows\System\nrySzlF.exe
  2⤵
  PID:3308
- C:\Windows\System\YcWIziX.exe
  C:\Windows\System\YcWIziX.exe
  2⤵
  PID:3328
- C:\Windows\System\MCmxPEs.exe
  C:\Windows\System\MCmxPEs.exe
  2⤵
  PID:3348
- C:\Windows\System\bjSJNVO.exe
  C:\Windows\System\bjSJNVO.exe
  2⤵
  PID:3364
- C:\Windows\System\tBoRxsR.exe
  C:\Windows\System\tBoRxsR.exe
  2⤵
  PID:3388
- C:\Windows\System\DUsBvWz.exe
  C:\Windows\System\DUsBvWz.exe
  2⤵
  PID:3404
- C:\Windows\System\FtHQoWP.exe
  C:\Windows\System\FtHQoWP.exe
  2⤵
  PID:3428
- C:\Windows\System\NoATtuO.exe
  C:\Windows\System\NoATtuO.exe
  2⤵
  PID:3444
- C:\Windows\System\oNjNZiD.exe
  C:\Windows\System\oNjNZiD.exe
  2⤵
  PID:3468
- C:\Windows\System\eRRaEGH.exe
  C:\Windows\System\eRRaEGH.exe
  2⤵
  PID:3484
- C:\Windows\System\eaDUxme.exe
  C:\Windows\System\eaDUxme.exe
  2⤵
  PID:3504
- C:\Windows\System\QsbgCVO.exe
  C:\Windows\System\QsbgCVO.exe
  2⤵
  PID:3528
- C:\Windows\System\hTjJewr.exe
  C:\Windows\System\hTjJewr.exe
  2⤵
  PID:3548
- C:\Windows\System\fIxfweH.exe
  C:\Windows\System\fIxfweH.exe
  2⤵
  PID:3564
- C:\Windows\System\eefZJji.exe
  C:\Windows\System\eefZJji.exe
  2⤵
  PID:3588
- C:\Windows\System\lxuikgp.exe
  C:\Windows\System\lxuikgp.exe
  2⤵
  PID:3608
- C:\Windows\System\KPOMgSg.exe
  C:\Windows\System\KPOMgSg.exe
  2⤵
  PID:3624
- C:\Windows\System\UBYiPta.exe
  C:\Windows\System\UBYiPta.exe
  2⤵
  PID:3640
- C:\Windows\System\yXnKvMu.exe
  C:\Windows\System\yXnKvMu.exe
  2⤵
  PID:3656
- C:\Windows\System\LvUwfpK.exe
  C:\Windows\System\LvUwfpK.exe
  2⤵
  PID:3684
- C:\Windows\System\LwTiIay.exe
  C:\Windows\System\LwTiIay.exe
  2⤵
  PID:3700
- C:\Windows\System\fQdaBBm.exe
  C:\Windows\System\fQdaBBm.exe
  2⤵
  PID:3720
- C:\Windows\System\XPvGqeQ.exe
  C:\Windows\System\XPvGqeQ.exe
  2⤵
  PID:3748
- C:\Windows\System\wRZuxpL.exe
  C:\Windows\System\wRZuxpL.exe
  2⤵
  PID:3768
- C:\Windows\System\SWmcKbQ.exe
  C:\Windows\System\SWmcKbQ.exe
  2⤵
  PID:3784
- C:\Windows\System\KdJdzTX.exe
  C:\Windows\System\KdJdzTX.exe
  2⤵
  PID:3800
- C:\Windows\System\hBiNeCD.exe
  C:\Windows\System\hBiNeCD.exe
  2⤵
  PID:3820
- C:\Windows\System\JySMkrs.exe
  C:\Windows\System\JySMkrs.exe
  2⤵
  PID:3840
- C:\Windows\System\qswveEw.exe
  C:\Windows\System\qswveEw.exe
  2⤵
  PID:3856
- C:\Windows\System\xLIRmWu.exe
  C:\Windows\System\xLIRmWu.exe
  2⤵
  PID:3876
- C:\Windows\System\HfHPUht.exe
  C:\Windows\System\HfHPUht.exe
  2⤵
  PID:3896
- C:\Windows\System\gRoNtvE.exe
  C:\Windows\System\gRoNtvE.exe
  2⤵
  PID:3916
- C:\Windows\System\llPdWRs.exe
  C:\Windows\System\llPdWRs.exe
  2⤵
  PID:3940
- C:\Windows\System\VbEBYsE.exe
  C:\Windows\System\VbEBYsE.exe
  2⤵
  PID:3960
- C:\Windows\System\PQnJqFB.exe
  C:\Windows\System\PQnJqFB.exe
  2⤵
  PID:3980
- C:\Windows\System\IaKaKpW.exe
  C:\Windows\System\IaKaKpW.exe
  2⤵
  PID:3996
- C:\Windows\System\RXUCakq.exe
  C:\Windows\System\RXUCakq.exe
  2⤵
  PID:4020
- C:\Windows\System\vCztyUN.exe
  C:\Windows\System\vCztyUN.exe
  2⤵
  PID:4036
- C:\Windows\System\FHEWFHi.exe
  C:\Windows\System\FHEWFHi.exe
  2⤵
  PID:4056
- C:\Windows\System\WzNAemQ.exe
  C:\Windows\System\WzNAemQ.exe
  2⤵
  PID:4076
- C:\Windows\System\BfAyzqI.exe
  C:\Windows\System\BfAyzqI.exe
  2⤵
  PID:4092
- C:\Windows\System\SsXCyuL.exe
  C:\Windows\System\SsXCyuL.exe
  2⤵
  PID:2248
- C:\Windows\System\CxlCHyX.exe
  C:\Windows\System\CxlCHyX.exe
  2⤵
  PID:1796
- C:\Windows\System\qQziRGH.exe
  C:\Windows\System\qQziRGH.exe
  2⤵
  PID:2204
- C:\Windows\System\bYFJkHC.exe
  C:\Windows\System\bYFJkHC.exe
  2⤵
  PID:1996
- C:\Windows\System\GhZMCHW.exe
  C:\Windows\System\GhZMCHW.exe
  2⤵
  PID:1196
- C:\Windows\System\UFbOttw.exe
  C:\Windows\System\UFbOttw.exe
  2⤵
  PID:3080
- C:\Windows\System\jaMopej.exe
  C:\Windows\System\jaMopej.exe
  2⤵
  PID:3128
- C:\Windows\System\ZPnvcka.exe
  C:\Windows\System\ZPnvcka.exe
  2⤵
  PID:2308
- C:\Windows\System\daYEtEg.exe
  C:\Windows\System\daYEtEg.exe
  2⤵
  PID:3156
- C:\Windows\System\UotRVdp.exe
  C:\Windows\System\UotRVdp.exe
  2⤵
  PID:3204
- C:\Windows\System\fjeymFq.exe
  C:\Windows\System\fjeymFq.exe
  2⤵
  PID:3232
- C:\Windows\System\iJJxeQf.exe
  C:\Windows\System\iJJxeQf.exe
  2⤵
  PID:3264
- C:\Windows\System\NnnlqrE.exe
  C:\Windows\System\NnnlqrE.exe
  2⤵
  PID:3304
- C:\Windows\System\mXFYeJe.exe
  C:\Windows\System\mXFYeJe.exe
  2⤵
  PID:3280
- C:\Windows\System\tFIrChk.exe
  C:\Windows\System\tFIrChk.exe
  2⤵
  PID:3324
- C:\Windows\System\HFzgtDv.exe
  C:\Windows\System\HFzgtDv.exe
  2⤵
  PID:3412
- C:\Windows\System\TwOZXCl.exe
  C:\Windows\System\TwOZXCl.exe
  2⤵
  PID:3416
- C:\Windows\System\bJYjPze.exe
  C:\Windows\System\bJYjPze.exe
  2⤵
  PID:3452
- C:\Windows\System\RpEVdOA.exe
  C:\Windows\System\RpEVdOA.exe
  2⤵
  PID:3496
- C:\Windows\System\udqWyOx.exe
  C:\Windows\System\udqWyOx.exe
  2⤵
  PID:3540
- C:\Windows\System\tlYspGo.exe
  C:\Windows\System\tlYspGo.exe
  2⤵
  PID:3616
- C:\Windows\System\BwWTTJB.exe
  C:\Windows\System\BwWTTJB.exe
  2⤵
  PID:3696
- C:\Windows\System\onGTrVo.exe
  C:\Windows\System\onGTrVo.exe
  2⤵
  PID:3732
- C:\Windows\System\JJlpfRq.exe
  C:\Windows\System\JJlpfRq.exe
  2⤵
  PID:3776
- C:\Windows\System\UzQqhJb.exe
  C:\Windows\System\UzQqhJb.exe
  2⤵
  PID:3848
- C:\Windows\System\uIwSikZ.exe
  C:\Windows\System\uIwSikZ.exe
  2⤵
  PID:3560
- C:\Windows\System\qliVAsJ.exe
  C:\Windows\System\qliVAsJ.exe
  2⤵
  PID:3928
- C:\Windows\System\lRRmWlp.exe
  C:\Windows\System\lRRmWlp.exe
  2⤵
  PID:4004
- C:\Windows\System\VvInvKE.exe
  C:\Windows\System\VvInvKE.exe
  2⤵
  PID:3672
- C:\Windows\System\MMThDSa.exe
  C:\Windows\System\MMThDSa.exe
  2⤵
  PID:3636
- C:\Windows\System\CQBTzRU.exe
  C:\Windows\System\CQBTzRU.exe
  2⤵
  PID:4012
- C:\Windows\System\UwWtQrL.exe
  C:\Windows\System\UwWtQrL.exe
  2⤵
  PID:3792
- C:\Windows\System\RoVekRD.exe
  C:\Windows\System\RoVekRD.exe
  2⤵
  PID:3836
- C:\Windows\System\Rdiolvz.exe
  C:\Windows\System\Rdiolvz.exe
  2⤵
  PID:2104
- C:\Windows\System\rMpNCxm.exe
  C:\Windows\System\rMpNCxm.exe
  2⤵
  PID:2084
- C:\Windows\System\CRAcZJC.exe
  C:\Windows\System\CRAcZJC.exe
  2⤵
  PID:4064
- C:\Windows\System\ANPzbEL.exe
  C:\Windows\System\ANPzbEL.exe
  2⤵
  PID:912
- C:\Windows\System\wzrMDlI.exe
  C:\Windows\System\wzrMDlI.exe
  2⤵
  PID:564
- C:\Windows\System\DefMLjG.exe
  C:\Windows\System\DefMLjG.exe
  2⤵
  PID:3992
- C:\Windows\System\PQfNQxQ.exe
  C:\Windows\System\PQfNQxQ.exe
  2⤵
  PID:2232
- C:\Windows\System\PhQTlAB.exe
  C:\Windows\System\PhQTlAB.exe
  2⤵
  PID:3140
- C:\Windows\System\UekEKBH.exe
  C:\Windows\System\UekEKBH.exe
  2⤵
  PID:3176
- C:\Windows\System\xoeVpSY.exe
  C:\Windows\System\xoeVpSY.exe
  2⤵
  PID:1820
- C:\Windows\System\pdaVcqY.exe
  C:\Windows\System\pdaVcqY.exe
  2⤵
  PID:3380
- C:\Windows\System\TTAakza.exe
  C:\Windows\System\TTAakza.exe
  2⤵
  PID:848
- C:\Windows\System\VYQUfTR.exe
  C:\Windows\System\VYQUfTR.exe
  2⤵
  PID:3088
- C:\Windows\System\HBXYguS.exe
  C:\Windows\System\HBXYguS.exe
  2⤵
  PID:3104
- C:\Windows\System\yuwXFTj.exe
  C:\Windows\System\yuwXFTj.exe
  2⤵
  PID:3208
- C:\Windows\System\ZbRewbk.exe
  C:\Windows\System\ZbRewbk.exe
  2⤵
  PID:3244
- C:\Windows\System\zEGPtiW.exe
  C:\Windows\System\zEGPtiW.exe
  2⤵
  PID:3692
- C:\Windows\System\jQypeMN.exe
  C:\Windows\System\jQypeMN.exe
  2⤵
  PID:3576
- C:\Windows\System\nkkRIli.exe
  C:\Windows\System\nkkRIli.exe
  2⤵
  PID:3320
- C:\Windows\System\xNJHOvy.exe
  C:\Windows\System\xNJHOvy.exe
  2⤵
  PID:3424
- C:\Windows\System\TNIdvzs.exe
  C:\Windows\System\TNIdvzs.exe
  2⤵
  PID:3520
- C:\Windows\System\zJSlNjK.exe
  C:\Windows\System\zJSlNjK.exe
  2⤵
  PID:3556
- C:\Windows\System\yEJirbR.exe
  C:\Windows\System\yEJirbR.exe
  2⤵
  PID:3968
- C:\Windows\System\OTZBUCR.exe
  C:\Windows\System\OTZBUCR.exe
  2⤵
  PID:3680
- C:\Windows\System\yjxBCIG.exe
  C:\Windows\System\yjxBCIG.exe
  2⤵
  PID:3760
- C:\Windows\System\fIwKSSI.exe
  C:\Windows\System\fIwKSSI.exe
  2⤵
  PID:3868
- C:\Windows\System\LvnrkVN.exe
  C:\Windows\System\LvnrkVN.exe
  2⤵
  PID:4028
- C:\Windows\System\sKCIuxt.exe
  C:\Windows\System\sKCIuxt.exe
  2⤵
  PID:2324
- C:\Windows\System\mkkSzGC.exe
  C:\Windows\System\mkkSzGC.exe
  2⤵
  PID:3812
- C:\Windows\System\QxyCuDi.exe
  C:\Windows\System\QxyCuDi.exe
  2⤵
  PID:3808
- C:\Windows\System\LVrFoeA.exe
  C:\Windows\System\LVrFoeA.exe
  2⤵
  PID:3668
- C:\Windows\System\HGNZOBO.exe
  C:\Windows\System\HGNZOBO.exe
  2⤵
  PID:3400
- C:\Windows\System\IPipGPx.exe
  C:\Windows\System\IPipGPx.exe
  2⤵
  PID:3716
- C:\Windows\System\oPaRDyY.exe
  C:\Windows\System\oPaRDyY.exe
  2⤵
  PID:3544
- C:\Windows\System\kLmKcON.exe
  C:\Windows\System\kLmKcON.exe
  2⤵
  PID:2512
- C:\Windows\System\BtDzcUo.exe
  C:\Windows\System\BtDzcUo.exe
  2⤵
  PID:3580
- C:\Windows\System\vuBqsYG.exe
  C:\Windows\System\vuBqsYG.exe
  2⤵
  PID:1800
- C:\Windows\System\cOHGUJi.exe
  C:\Windows\System\cOHGUJi.exe
  2⤵
  PID:3296
- C:\Windows\System\FqiNUch.exe
  C:\Windows\System\FqiNUch.exe
  2⤵
  PID:2508
- C:\Windows\System\WEsLhuj.exe
  C:\Windows\System\WEsLhuj.exe
  2⤵
  PID:3512
- C:\Windows\System\OFxpxEi.exe
  C:\Windows\System\OFxpxEi.exe
  2⤵
  PID:3440
- C:\Windows\System\hMzgZYT.exe
  C:\Windows\System\hMzgZYT.exe
  2⤵
  PID:3460
- C:\Windows\System\kOdRSBc.exe
  C:\Windows\System\kOdRSBc.exe
  2⤵
  PID:3956
- C:\Windows\System\puwdKnD.exe
  C:\Windows\System\puwdKnD.exe
  2⤵
  PID:2820
- C:\Windows\System\tOHASpp.exe
  C:\Windows\System\tOHASpp.exe
  2⤵
  PID:4088
- C:\Windows\System\BvBfvAc.exe
  C:\Windows\System\BvBfvAc.exe
  2⤵
  PID:2264
- C:\Windows\System\dsdNzTU.exe
  C:\Windows\System\dsdNzTU.exe
  2⤵
  PID:3632
- C:\Windows\System\JOfZAbQ.exe
  C:\Windows\System\JOfZAbQ.exe
  2⤵
  PID:3344
- C:\Windows\System\cPeSaHf.exe
  C:\Windows\System\cPeSaHf.exe
  2⤵
  PID:4112
- C:\Windows\System\pxIlhXP.exe
  C:\Windows\System\pxIlhXP.exe
  2⤵
  PID:4128
- C:\Windows\System\IBWinaz.exe
  C:\Windows\System\IBWinaz.exe
  2⤵
  PID:4144
- C:\Windows\System\zJRNnDB.exe
  C:\Windows\System\zJRNnDB.exe
  2⤵
  PID:4160
- C:\Windows\System\EvhGQDT.exe
  C:\Windows\System\EvhGQDT.exe
  2⤵
  PID:4176
- C:\Windows\System\xmAivin.exe
  C:\Windows\System\xmAivin.exe
  2⤵
  PID:4192
- C:\Windows\System\KRJDdxi.exe
  C:\Windows\System\KRJDdxi.exe
  2⤵
  PID:4208
- C:\Windows\System\GIcnCNM.exe
  C:\Windows\System\GIcnCNM.exe
  2⤵
  PID:4224
- C:\Windows\System\GQZkYBI.exe
  C:\Windows\System\GQZkYBI.exe
  2⤵
  PID:4240
- C:\Windows\System\RcmXgff.exe
  C:\Windows\System\RcmXgff.exe
  2⤵
  PID:4256
- C:\Windows\System\zJRKvHx.exe
  C:\Windows\System\zJRKvHx.exe
  2⤵
  PID:4272
- C:\Windows\System\KLlLQJk.exe
  C:\Windows\System\KLlLQJk.exe
  2⤵
  PID:4288
- C:\Windows\System\LfXMvVM.exe
  C:\Windows\System\LfXMvVM.exe
  2⤵
  PID:4304
- C:\Windows\System\ojlzYsL.exe
  C:\Windows\System\ojlzYsL.exe
  2⤵
  PID:4320
- C:\Windows\System\sBeTgzN.exe
  C:\Windows\System\sBeTgzN.exe
  2⤵
  PID:4336
- C:\Windows\System\lSjxotB.exe
  C:\Windows\System\lSjxotB.exe
  2⤵
  PID:4352
- C:\Windows\System\qSgXggU.exe
  C:\Windows\System\qSgXggU.exe
  2⤵
  PID:4376
- C:\Windows\System\vBIrXZU.exe
  C:\Windows\System\vBIrXZU.exe
  2⤵
  PID:4392
- C:\Windows\System\NWNzbTd.exe
  C:\Windows\System\NWNzbTd.exe
  2⤵
  PID:4408
- C:\Windows\System\YItokRW.exe
  C:\Windows\System\YItokRW.exe
  2⤵
  PID:4424
- C:\Windows\System\rkRQjVV.exe
  C:\Windows\System\rkRQjVV.exe
  2⤵
  PID:4440
- C:\Windows\System\iucOOaQ.exe
  C:\Windows\System\iucOOaQ.exe
  2⤵
  PID:4456
- C:\Windows\System\IvMApam.exe
  C:\Windows\System\IvMApam.exe
  2⤵
  PID:4472
- C:\Windows\System\ZtcJGxu.exe
  C:\Windows\System\ZtcJGxu.exe
  2⤵
  PID:4488
- C:\Windows\System\fkIRQro.exe
  C:\Windows\System\fkIRQro.exe
  2⤵
  PID:4504
- C:\Windows\System\HfhQIbc.exe
  C:\Windows\System\HfhQIbc.exe
  2⤵
  PID:4520
- C:\Windows\System\ldHZYgy.exe
  C:\Windows\System\ldHZYgy.exe
  2⤵
  PID:4536
- C:\Windows\System\PqTbNlA.exe
  C:\Windows\System\PqTbNlA.exe
  2⤵
  PID:4552
- C:\Windows\System\CRVImnl.exe
  C:\Windows\System\CRVImnl.exe
  2⤵
  PID:4568
- C:\Windows\System\XsvSzEO.exe
  C:\Windows\System\XsvSzEO.exe
  2⤵
  PID:4584
- C:\Windows\System\aDXXiGB.exe
  C:\Windows\System\aDXXiGB.exe
  2⤵
  PID:4600
- C:\Windows\System\aofGBpa.exe
  C:\Windows\System\aofGBpa.exe
  2⤵
  PID:4616
- C:\Windows\System\CnWuMbp.exe
  C:\Windows\System\CnWuMbp.exe
  2⤵
  PID:4632
- C:\Windows\System\kgScyBR.exe
  C:\Windows\System\kgScyBR.exe
  2⤵
  PID:4648
- C:\Windows\System\tKrYCsg.exe
  C:\Windows\System\tKrYCsg.exe
  2⤵
  PID:4668
- C:\Windows\System\CHCLXSA.exe
  C:\Windows\System\CHCLXSA.exe
  2⤵
  PID:4684
- C:\Windows\System\OUpadHi.exe
  C:\Windows\System\OUpadHi.exe
  2⤵
  PID:4700
- C:\Windows\System\jZCoIBI.exe
  C:\Windows\System\jZCoIBI.exe
  2⤵
  PID:4716
- C:\Windows\System\EgXQBUg.exe
  C:\Windows\System\EgXQBUg.exe
  2⤵
  PID:4732
- C:\Windows\System\lmdsbUO.exe
  C:\Windows\System\lmdsbUO.exe
  2⤵
  PID:4748
- C:\Windows\System\DphQLYV.exe
  C:\Windows\System\DphQLYV.exe
  2⤵
  PID:4764
- C:\Windows\System\qYjNbGh.exe
  C:\Windows\System\qYjNbGh.exe
  2⤵
  PID:4780
- C:\Windows\System\AWkHwkz.exe
  C:\Windows\System\AWkHwkz.exe
  2⤵
  PID:4796
- C:\Windows\System\NaGJRig.exe
  C:\Windows\System\NaGJRig.exe
  2⤵
  PID:4812
- C:\Windows\System\rqxgWtZ.exe
  C:\Windows\System\rqxgWtZ.exe
  2⤵
  PID:4828
- C:\Windows\System\nqZgRFG.exe
  C:\Windows\System\nqZgRFG.exe
  2⤵
  PID:4844
- C:\Windows\System\ANrXves.exe
  C:\Windows\System\ANrXves.exe
  2⤵
  PID:4860
- C:\Windows\System\KsNcSqq.exe
  C:\Windows\System\KsNcSqq.exe
  2⤵
  PID:4876
- C:\Windows\System\YgdVuWl.exe
  C:\Windows\System\YgdVuWl.exe
  2⤵
  PID:4892
- C:\Windows\System\haRDvlP.exe
  C:\Windows\System\haRDvlP.exe
  2⤵
  PID:4908
- C:\Windows\System\QRKmcfk.exe
  C:\Windows\System\QRKmcfk.exe
  2⤵
  PID:4924
- C:\Windows\System\rqhLIgg.exe
  C:\Windows\System\rqhLIgg.exe
  2⤵
  PID:4940
- C:\Windows\System\FJJElvm.exe
  C:\Windows\System\FJJElvm.exe
  2⤵
  PID:4956
- C:\Windows\System\uGZlimH.exe
  C:\Windows\System\uGZlimH.exe
  2⤵
  PID:4972
- C:\Windows\System\yBadWXj.exe
  C:\Windows\System\yBadWXj.exe
  2⤵
  PID:4988
- C:\Windows\System\stbLPhE.exe
  C:\Windows\System\stbLPhE.exe
  2⤵
  PID:5004
- C:\Windows\System\HJoIlwE.exe
  C:\Windows\System\HJoIlwE.exe
  2⤵
  PID:5020
- C:\Windows\System\zfApeSL.exe
  C:\Windows\System\zfApeSL.exe
  2⤵
  PID:5036
- C:\Windows\System\jOEdVHE.exe
  C:\Windows\System\jOEdVHE.exe
  2⤵
  PID:5052
- C:\Windows\System\taZQAVd.exe
  C:\Windows\System\taZQAVd.exe
  2⤵
  PID:5068
- C:\Windows\System\XeobcUp.exe
  C:\Windows\System\XeobcUp.exe
  2⤵
  PID:5084
- C:\Windows\System\GDxTQsh.exe
  C:\Windows\System\GDxTQsh.exe
  2⤵
  PID:5100
- C:\Windows\System\fIcNahL.exe
  C:\Windows\System\fIcNahL.exe
  2⤵
  PID:5116
- C:\Windows\System\RPTxQJs.exe
  C:\Windows\System\RPTxQJs.exe
  2⤵
  PID:3256
- C:\Windows\System\CNCAIBc.exe
  C:\Windows\System\CNCAIBc.exe
  2⤵
  PID:3584
- C:\Windows\System\wjMvMXo.exe
  C:\Windows\System\wjMvMXo.exe
  2⤵
  PID:3236
- C:\Windows\System\uRZfuzS.exe
  C:\Windows\System\uRZfuzS.exe
  2⤵
  PID:1508
- C:\Windows\System\JTLMsiw.exe
  C:\Windows\System\JTLMsiw.exe
  2⤵
  PID:3172
- C:\Windows\System\jqAsOxI.exe
  C:\Windows\System\jqAsOxI.exe
  2⤵
  PID:4104
- C:\Windows\System\cpGqKwo.exe
  C:\Windows\System\cpGqKwo.exe
  2⤵
  PID:4136
- C:\Windows\System\zyhyAfJ.exe
  C:\Windows\System\zyhyAfJ.exe
  2⤵
  PID:4168
- C:\Windows\System\GFsBKzu.exe
  C:\Windows\System\GFsBKzu.exe
  2⤵
  PID:4236
- C:\Windows\System\wgNBKEa.exe
  C:\Windows\System\wgNBKEa.exe
  2⤵
  PID:3372
- C:\Windows\System\vkXeCxT.exe
  C:\Windows\System\vkXeCxT.exe
  2⤵
  PID:4264
- C:\Windows\System\yrEvPKC.exe
  C:\Windows\System\yrEvPKC.exe
  2⤵
  PID:4296
- C:\Windows\System\rYnlbIa.exe
  C:\Windows\System\rYnlbIa.exe
  2⤵
  PID:4220
- C:\Windows\System\WwgutTo.exe
  C:\Windows\System\WwgutTo.exe
  2⤵
  PID:4252
- C:\Windows\System\ppDURBn.exe
  C:\Windows\System\ppDURBn.exe
  2⤵
  PID:4360
- C:\Windows\System\MgqUKPR.exe
  C:\Windows\System\MgqUKPR.exe
  2⤵
  PID:4348
- C:\Windows\System\zYNgHbj.exe
  C:\Windows\System\zYNgHbj.exe
  2⤵
  PID:4432
- C:\Windows\System\hXcLzrB.exe
  C:\Windows\System\hXcLzrB.exe
  2⤵
  PID:4388
- C:\Windows\System\qvUEuMV.exe
  C:\Windows\System\qvUEuMV.exe
  2⤵
  PID:4500
- C:\Windows\System\dJEtBXx.exe
  C:\Windows\System\dJEtBXx.exe
  2⤵
  PID:4480
- C:\Windows\System\IsnwTBo.exe
  C:\Windows\System\IsnwTBo.exe
  2⤵
  PID:4560
- C:\Windows\System\xnaPdRs.exe
  C:\Windows\System\xnaPdRs.exe
  2⤵
  PID:4564
- C:\Windows\System\MufVcLe.exe
  C:\Windows\System\MufVcLe.exe
  2⤵
  PID:4544
- C:\Windows\System\QnzJHGP.exe
  C:\Windows\System\QnzJHGP.exe
  2⤵
  PID:4576
- C:\Windows\System\UXiWuKm.exe
  C:\Windows\System\UXiWuKm.exe
  2⤵
  PID:2828
- C:\Windows\System\YaKXGym.exe
  C:\Windows\System\YaKXGym.exe
  2⤵
  PID:4612
- C:\Windows\System\ICcyGir.exe
  C:\Windows\System\ICcyGir.exe
  2⤵
  PID:4696
- C:\Windows\System\bQEgPWq.exe
  C:\Windows\System\bQEgPWq.exe
  2⤵
  PID:4728
- C:\Windows\System\nznjvRB.exe
  C:\Windows\System\nznjvRB.exe
  2⤵
  PID:4792
- C:\Windows\System\qckarGa.exe
  C:\Windows\System\qckarGa.exe
  2⤵
  PID:4740
- C:\Windows\System\liDIOTr.exe
  C:\Windows\System\liDIOTr.exe
  2⤵
  PID:4856
- C:\Windows\System\xVaGEkl.exe
  C:\Windows\System\xVaGEkl.exe
  2⤵
  PID:4920
- C:\Windows\System\gFoahbw.exe
  C:\Windows\System\gFoahbw.exe
  2⤵
  PID:4804
- C:\Windows\System\zIwdmFB.exe
  C:\Windows\System\zIwdmFB.exe
  2⤵
  PID:4948
- C:\Windows\System\BAuijUE.exe
  C:\Windows\System\BAuijUE.exe
  2⤵
  PID:5012
- C:\Windows\System\pUFTUEP.exe
  C:\Windows\System\pUFTUEP.exe
  2⤵
  PID:4904
- C:\Windows\System\FLstipd.exe
  C:\Windows\System\FLstipd.exe
  2⤵
  PID:4900
- C:\Windows\System\RlHYInS.exe
  C:\Windows\System\RlHYInS.exe
  2⤵
  PID:5112
- C:\Windows\System\BXcnjTL.exe
  C:\Windows\System\BXcnjTL.exe
  2⤵
  PID:4048
- C:\Windows\System\lOVByIe.exe
  C:\Windows\System\lOVByIe.exe
  2⤵
  PID:5060
- C:\Windows\System\ZNQUlAI.exe
  C:\Windows\System\ZNQUlAI.exe
  2⤵
  PID:5064
- C:\Windows\System\tSEYGlg.exe
  C:\Windows\System\tSEYGlg.exe
  2⤵
  PID:1752
- C:\Windows\System\glLmGql.exe
  C:\Windows\System\glLmGql.exe
  2⤵
  PID:4172
- C:\Windows\System\CwIYIHb.exe
  C:\Windows\System\CwIYIHb.exe
  2⤵
  PID:4184
- C:\Windows\System\OMSdweO.exe
  C:\Windows\System\OMSdweO.exe
  2⤵
  PID:4156
- C:\Windows\System\YlOdLCX.exe
  C:\Windows\System\YlOdLCX.exe
  2⤵
  PID:4312
- C:\Windows\System\VmTaQcW.exe
  C:\Windows\System\VmTaQcW.exe
  2⤵
  PID:4204
- C:\Windows\System\OaPGzla.exe
  C:\Windows\System\OaPGzla.exe
  2⤵
  PID:4468
- C:\Windows\System\fdjQZYS.exe
  C:\Windows\System\fdjQZYS.exe
  2⤵
  PID:4512
- C:\Windows\System\FgqlBJx.exe
  C:\Windows\System\FgqlBJx.exe
  2⤵
  PID:4596
- C:\Windows\System\yjVvpcC.exe
  C:\Windows\System\yjVvpcC.exe
  2⤵
  PID:4724
- C:\Windows\System\pCkzwZs.exe
  C:\Windows\System\pCkzwZs.exe
  2⤵
  PID:4332
- C:\Windows\System\BYceRwe.exe
  C:\Windows\System\BYceRwe.exe
  2⤵
  PID:4888
- C:\Windows\System\ughkzQM.exe
  C:\Windows\System\ughkzQM.exe
  2⤵
  PID:4496
- C:\Windows\System\qtNXgrr.exe
  C:\Windows\System\qtNXgrr.exe
  2⤵
  PID:2728
- C:\Windows\System\qeHHRJs.exe
  C:\Windows\System\qeHHRJs.exe
  2⤵
  PID:4824
- C:\Windows\System\QVkfilV.exe
  C:\Windows\System\QVkfilV.exe
  2⤵
  PID:3952
- C:\Windows\System\EIGcNyu.exe
  C:\Windows\System\EIGcNyu.exe
  2⤵
  PID:3888
- C:\Windows\System\AnlvszB.exe
  C:\Windows\System\AnlvszB.exe
  2⤵
  PID:3536
- C:\Windows\System\LBGEYWG.exe
  C:\Windows\System\LBGEYWG.exe
  2⤵
  PID:2492
- C:\Windows\System\gjsZXfd.exe
  C:\Windows\System\gjsZXfd.exe
  2⤵
  PID:3600
- C:\Windows\System\qzXErvA.exe
  C:\Windows\System\qzXErvA.exe
  2⤵
  PID:4532
- C:\Windows\System\gjEjdau.exe
  C:\Windows\System\gjEjdau.exe
  2⤵
  PID:4664
- C:\Windows\System\ApYzDvB.exe
  C:\Windows\System\ApYzDvB.exe
  2⤵
  PID:3056
- C:\Windows\System\euqFMIl.exe
  C:\Windows\System\euqFMIl.exe
  2⤵
  PID:4248
- C:\Windows\System\OvSfqIO.exe
  C:\Windows\System\OvSfqIO.exe
  2⤵
  PID:4840
- C:\Windows\System\HOtMQOQ.exe
  C:\Windows\System\HOtMQOQ.exe
  2⤵
  PID:4984
- C:\Windows\System\LlOEWax.exe
  C:\Windows\System\LlOEWax.exe
  2⤵
  PID:2572
- C:\Windows\System\vVtpRQj.exe
  C:\Windows\System\vVtpRQj.exe
  2⤵
  PID:4216
- C:\Windows\System\qfVLGer.exe
  C:\Windows\System\qfVLGer.exe
  2⤵
  PID:4964
- C:\Windows\System\hfCxpul.exe
  C:\Windows\System\hfCxpul.exe
  2⤵
  PID:3708
- C:\Windows\System\wYiYhtS.exe
  C:\Windows\System\wYiYhtS.exe
  2⤵
  PID:4464
- C:\Windows\System\DJKmTFw.exe
  C:\Windows\System\DJKmTFw.exe
  2⤵
  PID:4760
- C:\Windows\System\nvfvcEO.exe
  C:\Windows\System\nvfvcEO.exe
  2⤵
  PID:4744
- C:\Windows\System\dFxMyuC.exe
  C:\Windows\System\dFxMyuC.exe
  2⤵
  PID:4608
- C:\Windows\System\XltAzvE.exe
  C:\Windows\System\XltAzvE.exe
  2⤵
  PID:4644
- C:\Windows\System\bWVZUZr.exe
  C:\Windows\System\bWVZUZr.exe
  2⤵
  PID:2956
- C:\Windows\System\YtuuxIn.exe
  C:\Windows\System\YtuuxIn.exe
  2⤵
  PID:4152
- C:\Windows\System\PvgMiqb.exe
  C:\Windows\System\PvgMiqb.exe
  2⤵
  PID:1204
- C:\Windows\System\jTnGBNN.exe
  C:\Windows\System\jTnGBNN.exe
  2⤵
  PID:4592
- C:\Windows\System\fYNEWNt.exe
  C:\Windows\System\fYNEWNt.exe
  2⤵
  PID:1156
- C:\Windows\System\hLfjKzP.exe
  C:\Windows\System\hLfjKzP.exe
  2⤵
  PID:5124
- C:\Windows\System\tecvrOd.exe
  C:\Windows\System\tecvrOd.exe
  2⤵
  PID:5140
- C:\Windows\System\fwGJmDy.exe
  C:\Windows\System\fwGJmDy.exe
  2⤵
  PID:5156
- C:\Windows\System\wIrevwP.exe
  C:\Windows\System\wIrevwP.exe
  2⤵
  PID:5172
- C:\Windows\System\GLVEowC.exe
  C:\Windows\System\GLVEowC.exe
  2⤵
  PID:5188
- C:\Windows\System\jldbCqq.exe
  C:\Windows\System\jldbCqq.exe
  2⤵
  PID:5204
- C:\Windows\System\bUCUcWL.exe
  C:\Windows\System\bUCUcWL.exe
  2⤵
  PID:5228
- C:\Windows\System\MdCIalk.exe
  C:\Windows\System\MdCIalk.exe
  2⤵
  PID:5248
- C:\Windows\System\zmvoLNh.exe
  C:\Windows\System\zmvoLNh.exe
  2⤵
  PID:5268
- C:\Windows\System\NSgVdZl.exe
  C:\Windows\System\NSgVdZl.exe
  2⤵
  PID:5296
- C:\Windows\System\bjzgKVK.exe
  C:\Windows\System\bjzgKVK.exe
  2⤵
  PID:5316
- C:\Windows\System\iYzFnwc.exe
  C:\Windows\System\iYzFnwc.exe
  2⤵
  PID:5448
- C:\Windows\System\CAuCZnP.exe
  C:\Windows\System\CAuCZnP.exe
  2⤵
  PID:5464
- C:\Windows\System\cTkrBjx.exe
  C:\Windows\System\cTkrBjx.exe
  2⤵
  PID:5480
- C:\Windows\System\UBGDklg.exe
  C:\Windows\System\UBGDklg.exe
  2⤵
  PID:5496
- C:\Windows\System\hUIDVzL.exe
  C:\Windows\System\hUIDVzL.exe
  2⤵
  PID:5520
- C:\Windows\System\eBIgckx.exe
  C:\Windows\System\eBIgckx.exe
  2⤵
  PID:5536
- C:\Windows\System\apQdWXV.exe
  C:\Windows\System\apQdWXV.exe
  2⤵
  PID:5552
- C:\Windows\System\ukqOFhb.exe
  C:\Windows\System\ukqOFhb.exe
  2⤵
  PID:5568
- C:\Windows\System\RMupGjV.exe
  C:\Windows\System\RMupGjV.exe
  2⤵
  PID:5584
- C:\Windows\System\fmyVUVY.exe
  C:\Windows\System\fmyVUVY.exe
  2⤵
  PID:5616
- C:\Windows\System\gUOraqy.exe
  C:\Windows\System\gUOraqy.exe
  2⤵
  PID:5632
- C:\Windows\System\ygwAnDD.exe
  C:\Windows\System\ygwAnDD.exe
  2⤵
  PID:5648
- C:\Windows\System\vKlUftL.exe
  C:\Windows\System\vKlUftL.exe
  2⤵
  PID:5664
- C:\Windows\System\RyqrCzM.exe
  C:\Windows\System\RyqrCzM.exe
  2⤵
  PID:5680
- C:\Windows\System\WSvBukT.exe
  C:\Windows\System\WSvBukT.exe
  2⤵
  PID:5696
- C:\Windows\System\iGDxwQz.exe
  C:\Windows\System\iGDxwQz.exe
  2⤵
  PID:5712
- C:\Windows\System\CTCmWxy.exe
  C:\Windows\System\CTCmWxy.exe
  2⤵
  PID:5728
- C:\Windows\System\UpMAyzX.exe
  C:\Windows\System\UpMAyzX.exe
  2⤵
  PID:5744
- C:\Windows\System\XZzRiIf.exe
  C:\Windows\System\XZzRiIf.exe
  2⤵
  PID:5760
- C:\Windows\System\eDcfmny.exe
  C:\Windows\System\eDcfmny.exe
  2⤵
  PID:5784
- C:\Windows\System\ulFXgCf.exe
  C:\Windows\System\ulFXgCf.exe
  2⤵
  PID:5800
- C:\Windows\System\AEalTSt.exe
  C:\Windows\System\AEalTSt.exe
  2⤵
  PID:5816
- C:\Windows\System\bYNBUdb.exe
  C:\Windows\System\bYNBUdb.exe
  2⤵
  PID:5900
- C:\Windows\System\ovtpzFN.exe
  C:\Windows\System\ovtpzFN.exe
  2⤵
  PID:5920
- C:\Windows\System\OsPfMrn.exe
  C:\Windows\System\OsPfMrn.exe
  2⤵
  PID:5936
- C:\Windows\System\gFOunsG.exe
  C:\Windows\System\gFOunsG.exe
  2⤵
  PID:5956
- C:\Windows\System\IvcqeuR.exe
  C:\Windows\System\IvcqeuR.exe
  2⤵
  PID:5972
- C:\Windows\System\VLIgCir.exe
  C:\Windows\System\VLIgCir.exe
  2⤵
  PID:5988
- C:\Windows\System\pgwakuT.exe
  C:\Windows\System\pgwakuT.exe
  2⤵
  PID:6004
- C:\Windows\System\omCQcAh.exe
  C:\Windows\System\omCQcAh.exe
  2⤵
  PID:6020
- C:\Windows\System\BIksAvK.exe
  C:\Windows\System\BIksAvK.exe
  2⤵
  PID:6036
- C:\Windows\System\ljqsbWs.exe
  C:\Windows\System\ljqsbWs.exe
  2⤵
  PID:6052
- C:\Windows\System\MdOPgEI.exe
  C:\Windows\System\MdOPgEI.exe
  2⤵
  PID:6072
- C:\Windows\System\MuKrwUO.exe
  C:\Windows\System\MuKrwUO.exe
  2⤵
  PID:6088
- C:\Windows\System\sKpblYA.exe
  C:\Windows\System\sKpblYA.exe
  2⤵
  PID:6104
- C:\Windows\System\JLYPqjt.exe
  C:\Windows\System\JLYPqjt.exe
  2⤵
  PID:6120
- C:\Windows\System\pVXikQy.exe
  C:\Windows\System\pVXikQy.exe
  2⤵
  PID:6136
- C:\Windows\System\jPXSDPh.exe
  C:\Windows\System\jPXSDPh.exe
  2⤵
  PID:5000
- C:\Windows\System\BevyyEX.exe
  C:\Windows\System\BevyyEX.exe
  2⤵
  PID:5032
- C:\Windows\System\JHxOBBd.exe
  C:\Windows\System\JHxOBBd.exe
  2⤵
  PID:4400
- C:\Windows\System\gVjJNWA.exe
  C:\Windows\System\gVjJNWA.exe
  2⤵
  PID:5180
- C:\Windows\System\AtmpjvR.exe
  C:\Windows\System\AtmpjvR.exe
  2⤵
  PID:5304
- C:\Windows\System\DowxbKu.exe
  C:\Windows\System\DowxbKu.exe
  2⤵
  PID:5472
- C:\Windows\System\pjQMMGK.exe
  C:\Windows\System\pjQMMGK.exe
  2⤵
  PID:5344
- C:\Windows\System\WAesbZb.exe
  C:\Windows\System\WAesbZb.exe
  2⤵
  PID:5376
- C:\Windows\System\IloRpEG.exe
  C:\Windows\System\IloRpEG.exe
  2⤵
  PID:5548
- C:\Windows\System\vIsknVE.exe
  C:\Windows\System\vIsknVE.exe
  2⤵
  PID:5528
- C:\Windows\System\qOhojsO.exe
  C:\Windows\System\qOhojsO.exe
  2⤵
  PID:5776
- C:\Windows\System\DuwgGmC.exe
  C:\Windows\System\DuwgGmC.exe
  2⤵
  PID:5852
- C:\Windows\System\OssPSIZ.exe
  C:\Windows\System\OssPSIZ.exe
  2⤵
  PID:2140
- C:\Windows\System\CXAMuRQ.exe
  C:\Windows\System\CXAMuRQ.exe
  2⤵
  PID:6096
- C:\Windows\System\tDkmafb.exe
  C:\Windows\System\tDkmafb.exe
  2⤵
  PID:5260
- C:\Windows\System\gsPLJos.exe
  C:\Windows\System\gsPLJos.exe
  2⤵
  PID:5244
- C:\Windows\System\rOFTNZO.exe
  C:\Windows\System\rOFTNZO.exe
  2⤵
  PID:5200
- C:\Windows\System\nWJUprf.exe
  C:\Windows\System\nWJUprf.exe
  2⤵
  PID:3740
- C:\Windows\System\HuGwndD.exe
  C:\Windows\System\HuGwndD.exe
  2⤵
  PID:5368
- C:\Windows\System\veyNMjW.exe
  C:\Windows\System\veyNMjW.exe
  2⤵
  PID:5388
- C:\Windows\System\vIQsdaX.exe
  C:\Windows\System\vIQsdaX.exe
  2⤵
  PID:5416
- C:\Windows\System\nuxyLBh.exe
  C:\Windows\System\nuxyLBh.exe
  2⤵
  PID:5440
- C:\Windows\System\rjyCyQi.exe
  C:\Windows\System\rjyCyQi.exe
  2⤵
  PID:5336
- C:\Windows\System\LmyaShi.exe
  C:\Windows\System\LmyaShi.exe
  2⤵
  PID:5396
- C:\Windows\System\bKvWIjw.exe
  C:\Windows\System\bKvWIjw.exe
  2⤵
  PID:5504
- C:\Windows\System\eYpbZKB.exe
  C:\Windows\System\eYpbZKB.exe
  2⤵
  PID:5576
- C:\Windows\System\jtwwQaK.exe
  C:\Windows\System\jtwwQaK.exe
  2⤵
  PID:5592
- C:\Windows\System\FblZlef.exe
  C:\Windows\System\FblZlef.exe
  2⤵
  PID:5692
- C:\Windows\System\CpaYRBi.exe
  C:\Windows\System\CpaYRBi.exe
  2⤵
  PID:5600
- C:\Windows\System\lbFxbkj.exe
  C:\Windows\System\lbFxbkj.exe
  2⤵
  PID:5608
- C:\Windows\System\zSOiJpK.exe
  C:\Windows\System\zSOiJpK.exe
  2⤵
  PID:5676
- C:\Windows\System\mKKrNQO.exe
  C:\Windows\System\mKKrNQO.exe
  2⤵
  PID:5736
- C:\Windows\System\SFLLNlG.exe
  C:\Windows\System\SFLLNlG.exe
  2⤵
  PID:5792
- C:\Windows\System\asmHXNN.exe
  C:\Windows\System\asmHXNN.exe
  2⤵
  PID:5836
- C:\Windows\System\dchyezL.exe
  C:\Windows\System\dchyezL.exe
  2⤵
  PID:5848
- C:\Windows\System\QOxEwwn.exe
  C:\Windows\System\QOxEwwn.exe
  2⤵
  PID:5868
- C:\Windows\System\VEZIHbi.exe
  C:\Windows\System\VEZIHbi.exe
  2⤵
  PID:5880
- C:\Windows\System\VdqjhTO.exe
  C:\Windows\System\VdqjhTO.exe
  2⤵
  PID:5916
- C:\Windows\System\OsoNzaq.exe
  C:\Windows\System\OsoNzaq.exe
  2⤵
  PID:5948
- C:\Windows\System\nqJQVja.exe
  C:\Windows\System\nqJQVja.exe
  2⤵
  PID:5928
- C:\Windows\System\XGKnpDk.exe
  C:\Windows\System\XGKnpDk.exe
  2⤵
  PID:5964
- C:\Windows\System\kNwKsiE.exe
  C:\Windows\System\kNwKsiE.exe
  2⤵
  PID:6044
- C:\Windows\System\HuMWUKP.exe
  C:\Windows\System\HuMWUKP.exe
  2⤵
  PID:6112
- C:\Windows\System\WvwGJoB.exe
  C:\Windows\System\WvwGJoB.exe
  2⤵
  PID:6068
- C:\Windows\System\UuzIGPi.exe
  C:\Windows\System\UuzIGPi.exe
  2⤵
  PID:5212
- C:\Windows\System\QvazcSQ.exe
  C:\Windows\System\QvazcSQ.exe
  2⤵
  PID:5164
- C:\Windows\System\fSKnJAm.exe
  C:\Windows\System\fSKnJAm.exe
  2⤵
  PID:5264
- C:\Windows\System\qwBzmWx.exe
  C:\Windows\System\qwBzmWx.exe
  2⤵
  PID:5356
- C:\Windows\System\RWJtWMX.exe
  C:\Windows\System\RWJtWMX.exe
  2⤵
  PID:5324
- C:\Windows\System\XHPRFie.exe
  C:\Windows\System\XHPRFie.exe
  2⤵
  PID:5424
- C:\Windows\System\YilOuRr.exe
  C:\Windows\System\YilOuRr.exe
  2⤵
  PID:2612
- C:\Windows\System\fkwGsRX.exe
  C:\Windows\System\fkwGsRX.exe
  2⤵
  PID:5688
- C:\Windows\System\JCHuFYa.exe
  C:\Windows\System\JCHuFYa.exe
  2⤵
  PID:5708
- C:\Windows\System\whiNruH.exe
  C:\Windows\System\whiNruH.exe
  2⤵
  PID:5864
- C:\Windows\System\gyKOJSp.exe
  C:\Windows\System\gyKOJSp.exe
  2⤵
  PID:1060
- C:\Windows\System\oiHOCBV.exe
  C:\Windows\System\oiHOCBV.exe
  2⤵
  PID:6064
- C:\Windows\System\tzJrrcl.exe
  C:\Windows\System\tzJrrcl.exe
  2⤵
  PID:5136
- C:\Windows\System\Javmxiu.exe
  C:\Windows\System\Javmxiu.exe
  2⤵
  PID:5656
- C:\Windows\System\dwJIKnD.exe
  C:\Windows\System\dwJIKnD.exe
  2⤵
  PID:5644
- C:\Windows\System\aJCwPUR.exe
  C:\Windows\System\aJCwPUR.exe
  2⤵
  PID:5372
- C:\Windows\System\CZGJvtr.exe
  C:\Windows\System\CZGJvtr.exe
  2⤵
  PID:5808
- C:\Windows\System\uUsYtEa.exe
  C:\Windows\System\uUsYtEa.exe
  2⤵
  PID:5896
- C:\Windows\System\ZKtFOTY.exe
  C:\Windows\System\ZKtFOTY.exe
  2⤵
  PID:2536
- C:\Windows\System\BTanUdL.exe
  C:\Windows\System\BTanUdL.exe
  2⤵
  PID:5892
- C:\Windows\System\SSspAZt.exe
  C:\Windows\System\SSspAZt.exe
  2⤵
  PID:6028
- C:\Windows\System\YXhLFmg.exe
  C:\Windows\System\YXhLFmg.exe
  2⤵
  PID:4852
- C:\Windows\System\pUErXKu.exe
  C:\Windows\System\pUErXKu.exe
  2⤵
  PID:5412
- C:\Windows\System\ZVPGlOL.exe
  C:\Windows\System\ZVPGlOL.exe
  2⤵
  PID:5392
- C:\Windows\System\qYjZKOi.exe
  C:\Windows\System\qYjZKOi.exe
  2⤵
  PID:5436
- C:\Windows\System\HAtFuDB.exe
  C:\Windows\System\HAtFuDB.exe
  2⤵
  PID:5420
- C:\Windows\System\tzWmEOg.exe
  C:\Windows\System\tzWmEOg.exe
  2⤵
  PID:1152
- C:\Windows\System\OuVyWRb.exe
  C:\Windows\System\OuVyWRb.exe
  2⤵
  PID:2028
- C:\Windows\System\WOQHKOH.exe
  C:\Windows\System\WOQHKOH.exe
  2⤵
  PID:5628
- C:\Windows\System\UfDDKNw.exe
  C:\Windows\System\UfDDKNw.exe
  2⤵
  PID:1948
- C:\Windows\System\mOQOivB.exe
  C:\Windows\System\mOQOivB.exe
  2⤵
  PID:5352
- C:\Windows\System\bTAEOmR.exe
  C:\Windows\System\bTAEOmR.exe
  2⤵
  PID:6152
- C:\Windows\System\YIbThMV.exe
  C:\Windows\System\YIbThMV.exe
  2⤵
  PID:6180
- C:\Windows\System\wrapmdW.exe
  C:\Windows\System\wrapmdW.exe
  2⤵
  PID:6204
- C:\Windows\System\opeJkrb.exe
  C:\Windows\System\opeJkrb.exe
  2⤵
  PID:6224
- C:\Windows\System\DfdHrtI.exe
  C:\Windows\System\DfdHrtI.exe
  2⤵
  PID:6248
- C:\Windows\System\CYRzDbK.exe
  C:\Windows\System\CYRzDbK.exe
  2⤵
  PID:6308
- C:\Windows\System\xzGAljo.exe
  C:\Windows\System\xzGAljo.exe
  2⤵
  PID:6324
- C:\Windows\System\cDinnox.exe
  C:\Windows\System\cDinnox.exe
  2⤵
  PID:6340
- C:\Windows\System\itnMoIL.exe
  C:\Windows\System\itnMoIL.exe
  2⤵
  PID:6356
- C:\Windows\System\AHoNzHG.exe
  C:\Windows\System\AHoNzHG.exe
  2⤵
  PID:6372
- C:\Windows\System\dnIRkdK.exe
  C:\Windows\System\dnIRkdK.exe
  2⤵
  PID:6388
- C:\Windows\System\uaeWZWf.exe
  C:\Windows\System\uaeWZWf.exe
  2⤵
  PID:6404
- C:\Windows\System\KufMOyt.exe
  C:\Windows\System\KufMOyt.exe
  2⤵
  PID:6420
- C:\Windows\System\FNFklFo.exe
  C:\Windows\System\FNFklFo.exe
  2⤵
  PID:6436
- C:\Windows\System\iXqLfLw.exe
  C:\Windows\System\iXqLfLw.exe
  2⤵
  PID:6452
- C:\Windows\System\qVUAXkH.exe
  C:\Windows\System\qVUAXkH.exe
  2⤵
  PID:6476
- C:\Windows\System\ATuDcsr.exe
  C:\Windows\System\ATuDcsr.exe
  2⤵
  PID:6500
- C:\Windows\System\yvOJipI.exe
  C:\Windows\System\yvOJipI.exe
  2⤵
  PID:6520
- C:\Windows\System\YfUIFKu.exe
  C:\Windows\System\YfUIFKu.exe
  2⤵
  PID:6540
- C:\Windows\System\tjvLENC.exe
  C:\Windows\System\tjvLENC.exe
  2⤵
  PID:6560
- C:\Windows\System\OEvMYRu.exe
  C:\Windows\System\OEvMYRu.exe
  2⤵
  PID:6576
- C:\Windows\System\wjBGmuE.exe
  C:\Windows\System\wjBGmuE.exe
  2⤵
  PID:6596
- C:\Windows\System\izgrBez.exe
  C:\Windows\System\izgrBez.exe
  2⤵
  PID:6616
- C:\Windows\System\pTrJSKI.exe
  C:\Windows\System\pTrJSKI.exe
  2⤵
  PID:6632
- C:\Windows\System\DWJssoE.exe
  C:\Windows\System\DWJssoE.exe
  2⤵
  PID:6672
- C:\Windows\System\LwlUnQO.exe
  C:\Windows\System\LwlUnQO.exe
  2⤵
  PID:6712
- C:\Windows\System\goIfaEa.exe
  C:\Windows\System\goIfaEa.exe
  2⤵
  PID:6728
- C:\Windows\System\icBIkTY.exe
  C:\Windows\System\icBIkTY.exe
  2⤵
  PID:6744
- C:\Windows\System\cCTsniq.exe
  C:\Windows\System\cCTsniq.exe
  2⤵
  PID:6764
- C:\Windows\System\GQRbrXZ.exe
  C:\Windows\System\GQRbrXZ.exe
  2⤵
  PID:6784
- C:\Windows\System\lVxaMKg.exe
  C:\Windows\System\lVxaMKg.exe
  2⤵
  PID:6800
- C:\Windows\System\OaMvjJF.exe
  C:\Windows\System\OaMvjJF.exe
  2⤵
  PID:6820
- C:\Windows\System\NYOXOtW.exe
  C:\Windows\System\NYOXOtW.exe
  2⤵
  PID:6836
- C:\Windows\System\DhubImP.exe
  C:\Windows\System\DhubImP.exe
  2⤵
  PID:6856
- C:\Windows\System\aEEqecS.exe
  C:\Windows\System\aEEqecS.exe
  2⤵
  PID:6892
- C:\Windows\System\rGgBrEL.exe
  C:\Windows\System\rGgBrEL.exe
  2⤵
  PID:6908
- C:\Windows\System\onbboYn.exe
  C:\Windows\System\onbboYn.exe
  2⤵
  PID:6924
- C:\Windows\System\jEfxsbs.exe
  C:\Windows\System\jEfxsbs.exe
  2⤵
  PID:6940
- C:\Windows\System\XLwUsiI.exe
  C:\Windows\System\XLwUsiI.exe
  2⤵
  PID:6960
- C:\Windows\System\OtoHMLB.exe
  C:\Windows\System\OtoHMLB.exe
  2⤵
  PID:6976
- C:\Windows\System\UyoXDem.exe
  C:\Windows\System\UyoXDem.exe
  2⤵
  PID:6992
- C:\Windows\System\lFFtEKs.exe
  C:\Windows\System\lFFtEKs.exe
  2⤵
  PID:7008
- C:\Windows\System\VFmDgLm.exe
  C:\Windows\System\VFmDgLm.exe
  2⤵
  PID:7052
- C:\Windows\System\jeRXWBB.exe
  C:\Windows\System\jeRXWBB.exe
  2⤵
  PID:7068
- C:\Windows\System\ZUkqDYM.exe
  C:\Windows\System\ZUkqDYM.exe
  2⤵
  PID:7084
- C:\Windows\System\sTOPqtZ.exe
  C:\Windows\System\sTOPqtZ.exe
  2⤵
  PID:7104
- C:\Windows\System\lySrsBU.exe
  C:\Windows\System\lySrsBU.exe
  2⤵
  PID:7124
- C:\Windows\System\mxWQMpO.exe
  C:\Windows\System\mxWQMpO.exe
  2⤵
  PID:7144
- C:\Windows\System\RdWMTTt.exe
  C:\Windows\System\RdWMTTt.exe
  2⤵
  PID:7160
- C:\Windows\System\LqqsXJi.exe
  C:\Windows\System\LqqsXJi.exe
  2⤵
  PID:5508
- C:\Windows\System\OVnllFB.exe
  C:\Windows\System\OVnllFB.exe
  2⤵
  PID:5856
- C:\Windows\System\VuexUaZ.exe
  C:\Windows\System\VuexUaZ.exe
  2⤵
  PID:6084
- C:\Windows\System\rcUAfMe.exe
  C:\Windows\System\rcUAfMe.exe
  2⤵
  PID:2848
- C:\Windows\System\HpTpxbh.exe
  C:\Windows\System\HpTpxbh.exe
  2⤵
  PID:5824
- C:\Windows\System\FtsymKI.exe
  C:\Windows\System\FtsymKI.exe
  2⤵
  PID:5256
- C:\Windows\System\uJFgKkH.exe
  C:\Windows\System\uJFgKkH.exe
  2⤵
  PID:5132
- C:\Windows\System\pzvagKp.exe
  C:\Windows\System\pzvagKp.exe
  2⤵
  PID:6160
- C:\Windows\System\fotPTUt.exe
  C:\Windows\System\fotPTUt.exe
  2⤵
  PID:6212
- C:\Windows\System\QfpxHGr.exe
  C:\Windows\System\QfpxHGr.exe
  2⤵
  PID:6272
- C:\Windows\System\lYRbuVd.exe
  C:\Windows\System\lYRbuVd.exe
  2⤵
  PID:6292
- C:\Windows\System\ELLwGnn.exe
  C:\Windows\System\ELLwGnn.exe
  2⤵
  PID:5884
- C:\Windows\System\zeGNCJA.exe
  C:\Windows\System\zeGNCJA.exe
  2⤵
  PID:6348
- C:\Windows\System\tczHeDj.exe
  C:\Windows\System\tczHeDj.exe
  2⤵
  PID:6492
- C:\Windows\System\MBtzFaJ.exe
  C:\Windows\System\MBtzFaJ.exe
  2⤵
  PID:6568
- C:\Windows\System\iccnEpd.exe
  C:\Windows\System\iccnEpd.exe
  2⤵
  PID:6608
- C:\Windows\System\RFLNKKE.exe
  C:\Windows\System\RFLNKKE.exe
  2⤵
  PID:6652
- C:\Windows\System\nKbetOM.exe
  C:\Windows\System\nKbetOM.exe
  2⤵
  PID:3892
- C:\Windows\System\qXEmpDG.exe
  C:\Windows\System\qXEmpDG.exe
  2⤵
  PID:6432
- C:\Windows\System\rpJbRrt.exe
  C:\Windows\System\rpJbRrt.exe
  2⤵
  PID:6464
- C:\Windows\System\IJzTgGi.exe
  C:\Windows\System\IJzTgGi.exe
  2⤵
  PID:6516
- C:\Windows\System\DakxSev.exe
  C:\Windows\System\DakxSev.exe
  2⤵
  PID:6624
- C:\Windows\System\aknmfkj.exe
  C:\Windows\System\aknmfkj.exe
  2⤵
  PID:6688
- C:\Windows\System\kNoopFv.exe
  C:\Windows\System\kNoopFv.exe
  2⤵
  PID:6700
- C:\Windows\System\YqMdzLU.exe
  C:\Windows\System\YqMdzLU.exe
  2⤵
  PID:6756
- C:\Windows\System\pTholnn.exe
  C:\Windows\System\pTholnn.exe
  2⤵
  PID:6828
- C:\Windows\System\hXLfevj.exe
  C:\Windows\System\hXLfevj.exe
  2⤵
  PID:6708
- C:\Windows\System\MhoORYw.exe
  C:\Windows\System\MhoORYw.exe
  2⤵
  PID:6780
- C:\Windows\System\hHGWGMo.exe
  C:\Windows\System\hHGWGMo.exe
  2⤵
  PID:6864
- C:\Windows\System\mDMAzfC.exe
  C:\Windows\System\mDMAzfC.exe
  2⤵
  PID:6848
- C:\Windows\System\OVTJhnV.exe
  C:\Windows\System\OVTJhnV.exe
  2⤵
  PID:6956
- C:\Windows\System\qAlHBdX.exe
  C:\Windows\System\qAlHBdX.exe
  2⤵
  PID:7016
- C:\Windows\System\hKDXpQF.exe
  C:\Windows\System\hKDXpQF.exe
  2⤵
  PID:6904
- C:\Windows\System\Iylmidp.exe
  C:\Windows\System\Iylmidp.exe
  2⤵
  PID:6968
- C:\Windows\System\HiZrlbF.exe
  C:\Windows\System\HiZrlbF.exe
  2⤵
  PID:7044
- C:\Windows\System\PYmprAj.exe
  C:\Windows\System\PYmprAj.exe
  2⤵
  PID:7080
- C:\Windows\System\rhpdedK.exe
  C:\Windows\System\rhpdedK.exe
  2⤵
  PID:7152
- C:\Windows\System\GwDBtKZ.exe
  C:\Windows\System\GwDBtKZ.exe
  2⤵
  PID:6200
- C:\Windows\System\fNbcOWC.exe
  C:\Windows\System\fNbcOWC.exe
  2⤵
  PID:2964
- C:\Windows\System\laBzhgn.exe
  C:\Windows\System\laBzhgn.exe
  2⤵
  PID:6260
- C:\Windows\System\ghBDYog.exe
  C:\Windows\System\ghBDYog.exe
  2⤵
  PID:7100
- C:\Windows\System\ErtHgbY.exe
  C:\Windows\System\ErtHgbY.exe
  2⤵
  PID:6080
- C:\Windows\System\RuCOKgU.exe
  C:\Windows\System\RuCOKgU.exe
  2⤵
  PID:6164
- C:\Windows\System\LtAUkzK.exe
  C:\Windows\System\LtAUkzK.exe
  2⤵
  PID:6284
- C:\Windows\System\vaPDuln.exe
  C:\Windows\System\vaPDuln.exe
  2⤵
  PID:7136
- C:\Windows\System\eivTFuS.exe
  C:\Windows\System\eivTFuS.exe
  2⤵
  PID:6196
- C:\Windows\System\PcaEWOT.exe
  C:\Windows\System\PcaEWOT.exe
  2⤵
  PID:6448
- C:\Windows\System\UzQLEtS.exe
  C:\Windows\System\UzQLEtS.exe
  2⤵
  PID:6416
- C:\Windows\System\mQiwLkb.exe
  C:\Windows\System\mQiwLkb.exe
  2⤵
  PID:6536
- C:\Windows\System\SFgEbss.exe
  C:\Windows\System\SFgEbss.exe
  2⤵
  PID:6336
- C:\Windows\System\TILgqIs.exe
  C:\Windows\System\TILgqIs.exe
  2⤵
  PID:6552
- C:\Windows\System\DwdbOCG.exe
  C:\Windows\System\DwdbOCG.exe
  2⤵
  PID:6368
- C:\Windows\System\fNrahPv.exe
  C:\Windows\System\fNrahPv.exe
  2⤵
  PID:2312
- C:\Windows\System\OgTwYVl.exe
  C:\Windows\System\OgTwYVl.exe
  2⤵
  PID:6696
- C:\Windows\System\BrpxORk.exe
  C:\Windows\System\BrpxORk.exe
  2⤵
  PID:2700
- C:\Windows\System\YAeuaSf.exe
  C:\Windows\System\YAeuaSf.exe
  2⤵
  PID:6876
- C:\Windows\System\tZwhZgl.exe
  C:\Windows\System\tZwhZgl.exe
  2⤵
  PID:6704
- C:\Windows\System\jltmIlV.exe
  C:\Windows\System\jltmIlV.exe
  2⤵
  PID:7040
- C:\Windows\System\CvEyIsY.exe
  C:\Windows\System\CvEyIsY.exe
  2⤵
  PID:5364
- C:\Windows\System\jkMTUtc.exe
  C:\Windows\System\jkMTUtc.exe
  2⤵
  PID:6948
- C:\Windows\System\MnyIUru.exe
  C:\Windows\System\MnyIUru.exe
  2⤵
  PID:7032
- C:\Windows\System\lKyOVaZ.exe
  C:\Windows\System\lKyOVaZ.exe
  2⤵
  PID:6188
- C:\Windows\System\VwKpBdC.exe
  C:\Windows\System\VwKpBdC.exe
  2⤵
  PID:6304
- C:\Windows\System\LTDVItY.exe
  C:\Windows\System\LTDVItY.exe
  2⤵
  PID:5460
- C:\Windows\System\oAbaZgU.exe
  C:\Windows\System\oAbaZgU.exe
  2⤵
  PID:6488
- C:\Windows\System\btjpUjd.exe
  C:\Windows\System\btjpUjd.exe
  2⤵
  PID:6264
- C:\Windows\System\xoUYPIN.exe
  C:\Windows\System\xoUYPIN.exe
  2⤵
  PID:6644
- C:\Windows\System\rUtJtPR.exe
  C:\Windows\System\rUtJtPR.exe
  2⤵
  PID:6240
- C:\Windows\System\xGtoqCJ.exe
  C:\Windows\System\xGtoqCJ.exe
  2⤵
  PID:6816
- C:\Windows\System\fdXzNCO.exe
  C:\Windows\System\fdXzNCO.exe
  2⤵
  PID:6316
- C:\Windows\System\FURKnzx.exe
  C:\Windows\System\FURKnzx.exe
  2⤵
  PID:5756
- C:\Windows\System\eyrsYxm.exe
  C:\Windows\System\eyrsYxm.exe
  2⤵
  PID:7096
- C:\Windows\System\gVkvNGb.exe
  C:\Windows\System\gVkvNGb.exe
  2⤵
  PID:6796
- C:\Windows\System\TxsRNVH.exe
  C:\Windows\System\TxsRNVH.exe
  2⤵
  PID:6508
- C:\Windows\System\ESYttPd.exe
  C:\Windows\System\ESYttPd.exe
  2⤵
  PID:6680
- C:\Windows\System\gocGIWL.exe
  C:\Windows\System\gocGIWL.exe
  2⤵
  PID:2580
- C:\Windows\System\oZPnGma.exe
  C:\Windows\System\oZPnGma.exe
  2⤵
  PID:7036
- C:\Windows\System\GlPuIct.exe
  C:\Windows\System\GlPuIct.exe
  2⤵
  PID:6604
- C:\Windows\System\fHkwELl.exe
  C:\Windows\System\fHkwELl.exe
  2⤵
  PID:7028
- C:\Windows\System\xXNLXrh.exe
  C:\Windows\System\xXNLXrh.exe
  2⤵
  PID:6936
- C:\Windows\System\afXZwsN.exe
  C:\Windows\System\afXZwsN.exe
  2⤵
  PID:2432
- C:\Windows\System\rgzqQIj.exe
  C:\Windows\System\rgzqQIj.exe
  2⤵
  PID:7076
- C:\Windows\System\jrglHiw.exe
  C:\Windows\System\jrglHiw.exe
  2⤵
  PID:6256
- C:\Windows\System\qSPLHJK.exe
  C:\Windows\System\qSPLHJK.exe
  2⤵
  PID:6792
- C:\Windows\System\aKFImXf.exe
  C:\Windows\System\aKFImXf.exe
  2⤵
  PID:6384
- C:\Windows\System\gBbNFRB.exe
  C:\Windows\System\gBbNFRB.exe
  2⤵
  PID:6812
- C:\Windows\System\vPwCflm.exe
  C:\Windows\System\vPwCflm.exe
  2⤵
  PID:6400
- C:\Windows\System\mHOmTQp.exe
  C:\Windows\System\mHOmTQp.exe
  2⤵
  PID:6932
- C:\Windows\System\srhuJGA.exe
  C:\Windows\System\srhuJGA.exe
  2⤵
  PID:6280
- C:\Windows\System\XmVPxVJ.exe
  C:\Windows\System\XmVPxVJ.exe
  2⤵
  PID:1720
- C:\Windows\System\TUgnFTF.exe
  C:\Windows\System\TUgnFTF.exe
  2⤵
  PID:2696
- C:\Windows\System\vTjAUno.exe
  C:\Windows\System\vTjAUno.exe
  2⤵
  PID:7184
- C:\Windows\System\ygNMaZx.exe
  C:\Windows\System\ygNMaZx.exe
  2⤵
  PID:7200
- C:\Windows\System\OMucpWO.exe
  C:\Windows\System\OMucpWO.exe
  2⤵
  PID:7216
- C:\Windows\System\IEEdOLD.exe
  C:\Windows\System\IEEdOLD.exe
  2⤵
  PID:7232
- C:\Windows\System\XmsdoJZ.exe
  C:\Windows\System\XmsdoJZ.exe
  2⤵
  PID:7252
- C:\Windows\System\DHYYuHk.exe
  C:\Windows\System\DHYYuHk.exe
  2⤵
  PID:7312
- C:\Windows\System\ivRtPWZ.exe
  C:\Windows\System\ivRtPWZ.exe
  2⤵
  PID:7328
- C:\Windows\System\UWsYDpv.exe
  C:\Windows\System\UWsYDpv.exe
  2⤵
  PID:7348
- C:\Windows\System\pUVaRwU.exe
  C:\Windows\System\pUVaRwU.exe
  2⤵
  PID:7364
- C:\Windows\System\UvIFTVl.exe
  C:\Windows\System\UvIFTVl.exe
  2⤵
  PID:7380
- C:\Windows\System\VKzJCtk.exe
  C:\Windows\System\VKzJCtk.exe
  2⤵
  PID:7404
- C:\Windows\System\DKuAyQU.exe
  C:\Windows\System\DKuAyQU.exe
  2⤵
  PID:7420
- C:\Windows\System\PsScMmi.exe
  C:\Windows\System\PsScMmi.exe
  2⤵
  PID:7436
- C:\Windows\System\ZWyJjTF.exe
  C:\Windows\System\ZWyJjTF.exe
  2⤵
  PID:7460
- C:\Windows\System\qllzRXF.exe
  C:\Windows\System\qllzRXF.exe
  2⤵
  PID:7476
- C:\Windows\System\xtTRSIz.exe
  C:\Windows\System\xtTRSIz.exe
  2⤵
  PID:7496
- C:\Windows\System\zHIoMgP.exe
  C:\Windows\System\zHIoMgP.exe
  2⤵
  PID:7512
- C:\Windows\System\OzHXUQh.exe
  C:\Windows\System\OzHXUQh.exe
  2⤵
  PID:7528
- C:\Windows\System\KlWLQdb.exe
  C:\Windows\System\KlWLQdb.exe
  2⤵
  PID:7552
- C:\Windows\System\tWTqkDZ.exe
  C:\Windows\System\tWTqkDZ.exe
  2⤵
  PID:7572
- C:\Windows\System\LiDxklJ.exe
  C:\Windows\System\LiDxklJ.exe
  2⤵
  PID:7592
- C:\Windows\System\kJKvRBO.exe
  C:\Windows\System\kJKvRBO.exe
  2⤵
  PID:7612
- C:\Windows\System\HsnHwlj.exe
  C:\Windows\System\HsnHwlj.exe
  2⤵
  PID:7628
- C:\Windows\System\aSGuLSz.exe
  C:\Windows\System\aSGuLSz.exe
  2⤵
  PID:7644
- C:\Windows\System\EFITrRx.exe
  C:\Windows\System\EFITrRx.exe
  2⤵
  PID:7660
- C:\Windows\System\BNZuCAK.exe
  C:\Windows\System\BNZuCAK.exe
  2⤵
  PID:7680
- C:\Windows\System\VeibaPY.exe
  C:\Windows\System\VeibaPY.exe
  2⤵
  PID:7696
- C:\Windows\System\DwwKTVn.exe
  C:\Windows\System\DwwKTVn.exe
  2⤵
  PID:7716
- C:\Windows\System\EUMjElr.exe
  C:\Windows\System\EUMjElr.exe
  2⤵
  PID:7732
- C:\Windows\System\ZWXIvVl.exe
  C:\Windows\System\ZWXIvVl.exe
  2⤵
  PID:7752
- C:\Windows\System\kvqGIIV.exe
  C:\Windows\System\kvqGIIV.exe
  2⤵
  PID:7772
- C:\Windows\System\kFIHjFS.exe
  C:\Windows\System\kFIHjFS.exe
  2⤵
  PID:7792
- C:\Windows\System\PEiXNaI.exe
  C:\Windows\System\PEiXNaI.exe
  2⤵
  PID:7808
- C:\Windows\System\CRVIGKX.exe
  C:\Windows\System\CRVIGKX.exe
  2⤵
  PID:7832
- C:\Windows\System\sEbzjnd.exe
  C:\Windows\System\sEbzjnd.exe
  2⤵
  PID:7892
- C:\Windows\System\SnRdPNr.exe
  C:\Windows\System\SnRdPNr.exe
  2⤵
  PID:7908
- C:\Windows\System\sGwoYTl.exe
  C:\Windows\System\sGwoYTl.exe
  2⤵
  PID:7924
- C:\Windows\System\MjVZUGc.exe
  C:\Windows\System\MjVZUGc.exe
  2⤵
  PID:7944
- C:\Windows\System\qonyLmh.exe
  C:\Windows\System\qonyLmh.exe
  2⤵
  PID:7960
- C:\Windows\System\IGHIkmU.exe
  C:\Windows\System\IGHIkmU.exe
  2⤵
  PID:7980
- C:\Windows\System\UgBacsU.exe
  C:\Windows\System\UgBacsU.exe
  2⤵
  PID:7996
- C:\Windows\System\hHBbeae.exe
  C:\Windows\System\hHBbeae.exe
  2⤵
  PID:8012
- C:\Windows\System\ElrOVpD.exe
  C:\Windows\System\ElrOVpD.exe
  2⤵
  PID:8036
- C:\Windows\System\CHHDdPH.exe
  C:\Windows\System\CHHDdPH.exe
  2⤵
  PID:8056
- C:\Windows\System\hyAEGfK.exe
  C:\Windows\System\hyAEGfK.exe
  2⤵
  PID:8076
- C:\Windows\System\NcoNVLb.exe
  C:\Windows\System\NcoNVLb.exe
  2⤵
  PID:8096
- C:\Windows\System\kLNhexP.exe
  C:\Windows\System\kLNhexP.exe
  2⤵
  PID:8120
- C:\Windows\System\fewuKlH.exe
  C:\Windows\System\fewuKlH.exe
  2⤵
  PID:8144
- C:\Windows\System\BzfBruJ.exe
  C:\Windows\System\BzfBruJ.exe
  2⤵
  PID:8160
- C:\Windows\System\wnmleLt.exe
  C:\Windows\System\wnmleLt.exe
  2⤵
  PID:8176
- C:\Windows\System\moIyspt.exe
  C:\Windows\System\moIyspt.exe
  2⤵
  PID:6988
- C:\Windows\System\YRnZiZW.exe
  C:\Windows\System\YRnZiZW.exe
  2⤵
  PID:7176
- C:\Windows\System\zjfGYgf.exe
  C:\Windows\System\zjfGYgf.exe
  2⤵
  PID:7244
- C:\Windows\System\OujzMxJ.exe
  C:\Windows\System\OujzMxJ.exe
  2⤵
  PID:7092
- C:\Windows\System\xpRfjsK.exe
  C:\Windows\System\xpRfjsK.exe
  2⤵
  PID:6776
- C:\Windows\System\YkfOysN.exe
  C:\Windows\System\YkfOysN.exe
  2⤵
  PID:2712
- C:\Windows\System\VGYrIJM.exe
  C:\Windows\System\VGYrIJM.exe
  2⤵
  PID:6444
- C:\Windows\System\rZRwvVg.exe
  C:\Windows\System\rZRwvVg.exe
  2⤵
  PID:7224
- C:\Windows\System\dSiyaKW.exe
  C:\Windows\System\dSiyaKW.exe
  2⤵
  PID:6300
- C:\Windows\System\ZiGWLkq.exe
  C:\Windows\System\ZiGWLkq.exe
  2⤵
  PID:7284
- C:\Windows\System\AZsCAzX.exe
  C:\Windows\System\AZsCAzX.exe
  2⤵
  PID:7304
- C:\Windows\System\EYXGQJs.exe
  C:\Windows\System\EYXGQJs.exe
  2⤵
  PID:7300
- C:\Windows\System\ywkKFdT.exe
  C:\Windows\System\ywkKFdT.exe
  2⤵
  PID:7432
- C:\Windows\System\hfmpWyy.exe
  C:\Windows\System\hfmpWyy.exe
  2⤵
  PID:7472
- C:\Windows\System\EYpHKTk.exe
  C:\Windows\System\EYpHKTk.exe
  2⤵
  PID:7548
- C:\Windows\System\tMzSFOH.exe
  C:\Windows\System\tMzSFOH.exe
  2⤵
  PID:7688
- C:\Windows\System\pOFTshB.exe
  C:\Windows\System\pOFTshB.exe
  2⤵
  PID:7768
- C:\Windows\System\fvIZLsW.exe
  C:\Windows\System\fvIZLsW.exe
  2⤵
  PID:7416
- C:\Windows\System\NlYeEIx.exe
  C:\Windows\System\NlYeEIx.exe
  2⤵
  PID:7868
- C:\Windows\System\yoCXwUx.exe
  C:\Windows\System\yoCXwUx.exe
  2⤵
  PID:7864
- C:\Windows\System\eckscry.exe
  C:\Windows\System\eckscry.exe
  2⤵
  PID:7448
- C:\Windows\System\hsTETCP.exe
  C:\Windows\System\hsTETCP.exe
  2⤵
  PID:7784
- C:\Windows\System\lTBzgyS.exe
  C:\Windows\System\lTBzgyS.exe
  2⤵
  PID:7520
- C:\Windows\System\jvCUCKl.exe
  C:\Windows\System\jvCUCKl.exe
  2⤵
  PID:7568
- C:\Windows\System\QRETBwP.exe
  C:\Windows\System\QRETBwP.exe
  2⤵
  PID:7636
- C:\Windows\System\pPrcBqj.exe
  C:\Windows\System\pPrcBqj.exe
  2⤵
  PID:7740
- C:\Windows\System\ZmnHFIq.exe
  C:\Windows\System\ZmnHFIq.exe
  2⤵
  PID:7844
- C:\Windows\System\NBYcgVd.exe
  C:\Windows\System\NBYcgVd.exe
  2⤵
  PID:7952
- C:\Windows\System\VmrbCMs.exe
  C:\Windows\System\VmrbCMs.exe
  2⤵
  PID:7900
- C:\Windows\System\XZSLEfN.exe
  C:\Windows\System\XZSLEfN.exe
  2⤵
  PID:8032
- C:\Windows\System\RYDZZjV.exe
  C:\Windows\System\RYDZZjV.exe
  2⤵
  PID:8112
- C:\Windows\System\mfhMdTA.exe
  C:\Windows\System\mfhMdTA.exe
  2⤵
  PID:7940
- C:\Windows\System\eEBAsHO.exe
  C:\Windows\System\eEBAsHO.exe
  2⤵
  PID:7932
- C:\Windows\System\lHLXulE.exe
  C:\Windows\System\lHLXulE.exe
  2⤵
  PID:8128
- C:\Windows\System\NTflmgC.exe
  C:\Windows\System\NTflmgC.exe
  2⤵
  PID:8152
- C:\Windows\System\PfjxfeL.exe
  C:\Windows\System\PfjxfeL.exe
  2⤵
  PID:6472
- C:\Windows\System\GfhGJuf.exe
  C:\Windows\System\GfhGJuf.exe
  2⤵
  PID:7212
- C:\Windows\System\VBTupsh.exe
  C:\Windows\System\VBTupsh.exe
  2⤵
  PID:1040
- C:\Windows\System\ioPXsKR.exe
  C:\Windows\System\ioPXsKR.exe
  2⤵
  PID:5724
- C:\Windows\System\sEbHTaS.exe
  C:\Windows\System\sEbHTaS.exe
  2⤵
  PID:7296
- C:\Windows\System\cBlftAW.exe
  C:\Windows\System\cBlftAW.exe
  2⤵
  PID:7372
- C:\Windows\System\xQmYdur.exe
  C:\Windows\System\xQmYdur.exe
  2⤵
  PID:6584
- C:\Windows\System\XVfvHLF.exe
  C:\Windows\System\XVfvHLF.exe
  2⤵
  PID:7544
- C:\Windows\System\torIIBw.exe
  C:\Windows\System\torIIBw.exe
  2⤵
  PID:676
- C:\Windows\System\FFfRoci.exe
  C:\Windows\System\FFfRoci.exe
  2⤵
  PID:7280
- C:\Windows\System\KBkaIGC.exe
  C:\Windows\System\KBkaIGC.exe
  2⤵
  PID:7388
- C:\Windows\System\RDnvhpZ.exe
  C:\Windows\System\RDnvhpZ.exe
  2⤵
  PID:7584
- C:\Windows\System\ifLUnWh.exe
  C:\Windows\System\ifLUnWh.exe
  2⤵
  PID:7620
- C:\Windows\System\rqdyzjr.exe
  C:\Windows\System\rqdyzjr.exe
  2⤵
  PID:7724
- C:\Windows\System\YQKisvE.exe
  C:\Windows\System\YQKisvE.exe
  2⤵
  PID:2908
- C:\Windows\System\ZZiKdvt.exe
  C:\Windows\System\ZZiKdvt.exe
  2⤵
  PID:7604
- C:\Windows\System\YDLvpnv.exe
  C:\Windows\System\YDLvpnv.exe
  2⤵
  PID:7860
- C:\Windows\System\eXNHpyC.exe
  C:\Windows\System\eXNHpyC.exe
  2⤵
  PID:7820
- C:\Windows\System\ziibTGq.exe
  C:\Windows\System\ziibTGq.exe
  2⤵
  PID:7672
- C:\Windows\System\rGfbhao.exe
  C:\Windows\System\rGfbhao.exe
  2⤵
  PID:8072
- C:\Windows\System\rrsrBYE.exe
  C:\Windows\System\rrsrBYE.exe
  2⤵
  PID:8132
- C:\Windows\System\EvAzjzT.exe
  C:\Windows\System\EvAzjzT.exe
  2⤵
  PID:8024
- C:\Windows\System\MJghWwP.exe
  C:\Windows\System\MJghWwP.exe
  2⤵
  PID:8188
- C:\Windows\System\lQWCyss.exe
  C:\Windows\System\lQWCyss.exe
  2⤵
  PID:7920
- C:\Windows\System\NLAhXWG.exe
  C:\Windows\System\NLAhXWG.exe
  2⤵
  PID:7536
- C:\Windows\System\qPFdqrc.exe
  C:\Windows\System\qPFdqrc.exe
  2⤵
  PID:7580
- C:\Windows\System\qLpslVg.exe
  C:\Windows\System\qLpslVg.exe
  2⤵
  PID:7936
- C:\Windows\System\wOgDlLX.exe
  C:\Windows\System\wOgDlLX.exe
  2⤵
  PID:1236
- C:\Windows\System\FJMzBRA.exe
  C:\Windows\System\FJMzBRA.exe
  2⤵
  PID:2784
- C:\Windows\System\mIBJxYH.exe
  C:\Windows\System\mIBJxYH.exe
  2⤵
  PID:7360
- C:\Windows\System\LZATkUn.exe
  C:\Windows\System\LZATkUn.exe
  2⤵
  PID:7728
- C:\Windows\System\FIFHCsj.exe
  C:\Windows\System\FIFHCsj.exe
  2⤵
  PID:7484
- C:\Windows\System\aaJMmlI.exe
  C:\Windows\System\aaJMmlI.exe
  2⤵
  PID:6220
- C:\Windows\System\JhqAlka.exe
  C:\Windows\System\JhqAlka.exe
  2⤵
  PID:7564
- C:\Windows\System\pKMlXVg.exe
  C:\Windows\System\pKMlXVg.exe
  2⤵
  PID:7884
- C:\Windows\System\bhsjFqe.exe
  C:\Windows\System\bhsjFqe.exe
  2⤵
  PID:7976
- C:\Windows\System\JgTxfYK.exe
  C:\Windows\System\JgTxfYK.exe
  2⤵
  PID:6916
- C:\Windows\System\Kkaqkrt.exe
  C:\Windows\System\Kkaqkrt.exe
  2⤵
  PID:6012
- C:\Windows\System\sXYCajG.exe
  C:\Windows\System\sXYCajG.exe
  2⤵
  PID:7744
- C:\Windows\System\mYXRGti.exe
  C:\Windows\System\mYXRGti.exe
  2⤵
  PID:7712
- C:\Windows\System\LzNYBih.exe
  C:\Windows\System\LzNYBih.exe
  2⤵
  PID:8052
- C:\Windows\System\HaWRZWq.exe
  C:\Windows\System\HaWRZWq.exe
  2⤵
  PID:8116
- C:\Windows\System\ijpNIlO.exe
  C:\Windows\System\ijpNIlO.exe
  2⤵
  PID:7560
- C:\Windows\System\KElpYtZ.exe
  C:\Windows\System\KElpYtZ.exe
  2⤵
  PID:8028
- C:\Windows\System\tTYtwxZ.exe
  C:\Windows\System\tTYtwxZ.exe
  2⤵
  PID:7400
- C:\Windows\System\jxJfFqG.exe
  C:\Windows\System\jxJfFqG.exe
  2⤵
  PID:7800
- C:\Windows\System\hcnagCS.exe
  C:\Windows\System\hcnagCS.exe
  2⤵
  PID:7676
- C:\Windows\System\aSggOmh.exe
  C:\Windows\System\aSggOmh.exe
  2⤵
  PID:7764
- C:\Windows\System\kDUHoNy.exe
  C:\Windows\System\kDUHoNy.exe
  2⤵
  PID:7320
- C:\Windows\System\LsyjcGn.exe
  C:\Windows\System\LsyjcGn.exe
  2⤵
  PID:6692
- C:\Windows\System\GSCZUWV.exe
  C:\Windows\System\GSCZUWV.exe
  2⤵
  PID:7292
- C:\Windows\System\nBBARQA.exe
  C:\Windows\System\nBBARQA.exe
  2⤵
  PID:8020
- C:\Windows\System\rSuwSMF.exe
  C:\Windows\System\rSuwSMF.exe
  2⤵
  PID:7488
- C:\Windows\System\ylZfypI.exe
  C:\Windows\System\ylZfypI.exe
  2⤵
  PID:7344
- C:\Windows\System\YKAgceC.exe
  C:\Windows\System\YKAgceC.exe
  2⤵
  PID:7880
- C:\Windows\System\GGRQbxO.exe
  C:\Windows\System\GGRQbxO.exe
  2⤵
  PID:7468
- C:\Windows\System\hVKFuGE.exe
  C:\Windows\System\hVKFuGE.exe
  2⤵
  PID:7260
- C:\Windows\System\aehPfSf.exe
  C:\Windows\System\aehPfSf.exe
  2⤵
  PID:2788
- C:\Windows\System\WeVKAVp.exe
  C:\Windows\System\WeVKAVp.exe
  2⤵
  PID:4660
- C:\Windows\System\ZQENNXP.exe
  C:\Windows\System\ZQENNXP.exe
  2⤵
  PID:8204
- C:\Windows\System\gWXUuQs.exe
  C:\Windows\System\gWXUuQs.exe
  2⤵
  PID:8220
- C:\Windows\System\WJNsKIw.exe
  C:\Windows\System\WJNsKIw.exe
  2⤵
  PID:8236
- C:\Windows\System\WfxdsdQ.exe
  C:\Windows\System\WfxdsdQ.exe
  2⤵
  PID:8272
- C:\Windows\System\vwwzNOS.exe
  C:\Windows\System\vwwzNOS.exe
  2⤵
  PID:8288
- C:\Windows\System\hOVAwpH.exe
  C:\Windows\System\hOVAwpH.exe
  2⤵
  PID:8304
- C:\Windows\System\LRZBVNE.exe
  C:\Windows\System\LRZBVNE.exe
  2⤵
  PID:8328
- C:\Windows\System\sqrpVYF.exe
  C:\Windows\System\sqrpVYF.exe
  2⤵
  PID:8404
- C:\Windows\System\vDcnpbK.exe
  C:\Windows\System\vDcnpbK.exe
  2⤵
  PID:8420
- C:\Windows\System\taLbLtq.exe
  C:\Windows\System\taLbLtq.exe
  2⤵
  PID:8436
- C:\Windows\System\fmVGuwH.exe
  C:\Windows\System\fmVGuwH.exe
  2⤵
  PID:8464
- C:\Windows\System\qvHqqAw.exe
  C:\Windows\System\qvHqqAw.exe
  2⤵
  PID:8480
- C:\Windows\System\HbGlEdu.exe
  C:\Windows\System\HbGlEdu.exe
  2⤵
  PID:8496
- C:\Windows\System\kAgLhoh.exe
  C:\Windows\System\kAgLhoh.exe
  2⤵
  PID:8512
- C:\Windows\System\pWVEPKH.exe
  C:\Windows\System\pWVEPKH.exe
  2⤵
  PID:8528
- C:\Windows\System\HhhLzul.exe
  C:\Windows\System\HhhLzul.exe
  2⤵
  PID:8548
- C:\Windows\System\sBHMxpC.exe
  C:\Windows\System\sBHMxpC.exe
  2⤵
  PID:8564
- C:\Windows\System\vkLVkDc.exe
  C:\Windows\System\vkLVkDc.exe
  2⤵
  PID:8580
- C:\Windows\System\eGnAJCX.exe
  C:\Windows\System\eGnAJCX.exe
  2⤵
  PID:8596
- C:\Windows\System\QZeuAWu.exe
  C:\Windows\System\QZeuAWu.exe
  2⤵
  PID:8616
- C:\Windows\System\iqxBnfc.exe
  C:\Windows\System\iqxBnfc.exe
  2⤵
  PID:8636
- C:\Windows\System\AUyLoLt.exe
  C:\Windows\System\AUyLoLt.exe
  2⤵
  PID:8652
- C:\Windows\System\oUuMTsM.exe
  C:\Windows\System\oUuMTsM.exe
  2⤵
  PID:8668
- C:\Windows\System\ObGXDxC.exe
  C:\Windows\System\ObGXDxC.exe
  2⤵
  PID:8688
- C:\Windows\System\ccMULxx.exe
  C:\Windows\System\ccMULxx.exe
  2⤵
  PID:8704
- C:\Windows\System\CueTtzX.exe
  C:\Windows\System\CueTtzX.exe
  2⤵
  PID:8720
- C:\Windows\System\lZyGOAR.exe
  C:\Windows\System\lZyGOAR.exe
  2⤵
  PID:8736
- C:\Windows\System\wevzrqy.exe
  C:\Windows\System\wevzrqy.exe
  2⤵
  PID:8752
- C:\Windows\System\gKBeLds.exe
  C:\Windows\System\gKBeLds.exe
  2⤵
  PID:8768
- C:\Windows\System\lscoelo.exe
  C:\Windows\System\lscoelo.exe
  2⤵
  PID:8784
- C:\Windows\System\CLbKHuZ.exe
  C:\Windows\System\CLbKHuZ.exe
  2⤵
  PID:8800
- C:\Windows\System\wACdhlY.exe
  C:\Windows\System\wACdhlY.exe
  2⤵
  PID:8816
- C:\Windows\System\JrVKDNO.exe
  C:\Windows\System\JrVKDNO.exe
  2⤵
  PID:8832
- C:\Windows\System\LNNuARk.exe
  C:\Windows\System\LNNuARk.exe
  2⤵
  PID:8848
- C:\Windows\System\BJseATJ.exe
  C:\Windows\System\BJseATJ.exe
  2⤵
  PID:8864
- C:\Windows\System\LlzhtoW.exe
  C:\Windows\System\LlzhtoW.exe
  2⤵
  PID:8972
- C:\Windows\System\fqETqMj.exe
  C:\Windows\System\fqETqMj.exe
  2⤵
  PID:8988
- C:\Windows\System\agnCRAN.exe
  C:\Windows\System\agnCRAN.exe
  2⤵
  PID:9004
- C:\Windows\System\utxybCT.exe
  C:\Windows\System\utxybCT.exe
  2⤵
  PID:9040
- C:\Windows\System\axVWWNx.exe
  C:\Windows\System\axVWWNx.exe
  2⤵
  PID:9056
- C:\Windows\System\GjyHtMB.exe
  C:\Windows\System\GjyHtMB.exe
  2⤵
  PID:9072
- C:\Windows\System\MSpmbXp.exe
  C:\Windows\System\MSpmbXp.exe
  2⤵
  PID:9088
- C:\Windows\System\ajfcsTv.exe
  C:\Windows\System\ajfcsTv.exe
  2⤵
  PID:9104
- C:\Windows\System\GIcCIUX.exe
  C:\Windows\System\GIcCIUX.exe
  2⤵
  PID:9120
- C:\Windows\System\GBDeBul.exe
  C:\Windows\System\GBDeBul.exe
  2⤵
  PID:9144
- C:\Windows\System\CnwUYTO.exe
  C:\Windows\System\CnwUYTO.exe
  2⤵
  PID:9160
- C:\Windows\System\tKWdkAZ.exe
  C:\Windows\System\tKWdkAZ.exe
  2⤵
  PID:9176
- C:\Windows\System\ncxMPeA.exe
  C:\Windows\System\ncxMPeA.exe
  2⤵
  PID:9192
- C:\Windows\System\aMMgaTP.exe
  C:\Windows\System\aMMgaTP.exe
  2⤵
  PID:9208
- C:\Windows\System\PprfnlU.exe
  C:\Windows\System\PprfnlU.exe
  2⤵
  PID:8140
- C:\Windows\System\eVJRHfe.exe
  C:\Windows\System\eVJRHfe.exe
  2⤵
  PID:7140
- C:\Windows\System\zkEnEyC.exe
  C:\Windows\System\zkEnEyC.exe
  2⤵
  PID:8244
- C:\Windows\System\TjRlhPb.exe
  C:\Windows\System\TjRlhPb.exe
  2⤵
  PID:8232
- C:\Windows\System\xbgmORd.exe
  C:\Windows\System\xbgmORd.exe
  2⤵
  PID:8280
- C:\Windows\System\ynSLYSp.exe
  C:\Windows\System\ynSLYSp.exe
  2⤵
  PID:8316
- C:\Windows\System\mRiRQZn.exe
  C:\Windows\System\mRiRQZn.exe
  2⤵
  PID:8336
- C:\Windows\System\jaLazfb.exe
  C:\Windows\System\jaLazfb.exe
  2⤵
  PID:8356
- C:\Windows\System\ppBIxbq.exe
  C:\Windows\System\ppBIxbq.exe
  2⤵
  PID:8412
- C:\Windows\System\MXThoqT.exe
  C:\Windows\System\MXThoqT.exe
  2⤵
  PID:8428
- C:\Windows\System\gkbUDHu.exe
  C:\Windows\System\gkbUDHu.exe
  2⤵
  PID:8456
- C:\Windows\System\nLUfrsY.exe
  C:\Windows\System\nLUfrsY.exe
  2⤵
  PID:1640
- C:\Windows\System\ZSpRuvZ.exe
  C:\Windows\System\ZSpRuvZ.exe
  2⤵
  PID:8520
- C:\Windows\System\ZmQUXKb.exe
  C:\Windows\System\ZmQUXKb.exe
  2⤵
  PID:8540
- C:\Windows\System\YtYkpCE.exe
  C:\Windows\System\YtYkpCE.exe
  2⤵
  PID:8560
- C:\Windows\System\fLrKADG.exe
  C:\Windows\System\fLrKADG.exe
  2⤵
  PID:8588
- C:\Windows\System\zwHNHfs.exe
  C:\Windows\System\zwHNHfs.exe
  2⤵
  PID:8624
- C:\Windows\System\haxmykF.exe
  C:\Windows\System\haxmykF.exe
  2⤵
  PID:8608
- C:\Windows\System\ZGuLdOc.exe
  C:\Windows\System\ZGuLdOc.exe
  2⤵
  PID:560
- C:\Windows\System\FzZXmjh.exe
  C:\Windows\System\FzZXmjh.exe
  2⤵
  PID:8684
- C:\Windows\System\WSvqqge.exe
  C:\Windows\System\WSvqqge.exe
  2⤵
  PID:8716
- C:\Windows\System\NODdFex.exe
  C:\Windows\System\NODdFex.exe
  2⤵
  PID:8776
- C:\Windows\System\mAZRmEs.exe
  C:\Windows\System\mAZRmEs.exe
  2⤵
  PID:8760
- C:\Windows\System\hdcYlyr.exe
  C:\Windows\System\hdcYlyr.exe
  2⤵
  PID:8764
- C:\Windows\System\rPJsnmv.exe
  C:\Windows\System\rPJsnmv.exe
  2⤵
  PID:8860
- C:\Windows\System\BPWbpAS.exe
  C:\Windows\System\BPWbpAS.exe
  2⤵
  PID:8884
- C:\Windows\System\smPQuTF.exe
  C:\Windows\System\smPQuTF.exe
  2⤵
  PID:8900
- C:\Windows\System\lSSYOtm.exe
  C:\Windows\System\lSSYOtm.exe
  2⤵
  PID:8916
- C:\Windows\System\yUNsdDw.exe
  C:\Windows\System\yUNsdDw.exe
  2⤵
  PID:8944
- C:\Windows\System\KyLMqod.exe
  C:\Windows\System\KyLMqod.exe
  2⤵
  PID:8960
- C:\Windows\System\cjfTgFb.exe
  C:\Windows\System\cjfTgFb.exe
  2⤵
  PID:9000
- C:\Windows\System\tWxBsSw.exe
  C:\Windows\System\tWxBsSw.exe
  2⤵
  PID:8964
- C:\Windows\System\mklBFav.exe
  C:\Windows\System\mklBFav.exe
  2⤵
  PID:9068
- C:\Windows\System\MLNXIQX.exe
  C:\Windows\System\MLNXIQX.exe
  2⤵
  PID:7992
- C:\Windows\System\mtZHkSJ.exe
  C:\Windows\System\mtZHkSJ.exe
  2⤵
  PID:1268
- C:\Windows\System\PUMvEGZ.exe
  C:\Windows\System\PUMvEGZ.exe
  2⤵
  PID:8312
- C:\Windows\System\LSdFoKV.exe
  C:\Windows\System\LSdFoKV.exe
  2⤵
  PID:8196
- C:\Windows\System\gxdSZCW.exe
  C:\Windows\System\gxdSZCW.exe
  2⤵
  PID:7456
- C:\Windows\System\UVPGJQY.exe
  C:\Windows\System\UVPGJQY.exe
  2⤵
  PID:8364
- C:\Windows\System\KkbWQlv.exe
  C:\Windows\System\KkbWQlv.exe
  2⤵
  PID:8384
- C:\Windows\System\XwezTaW.exe
  C:\Windows\System\XwezTaW.exe
  2⤵
  PID:8396
- C:\Windows\System\FVQkPgG.exe
  C:\Windows\System\FVQkPgG.exe
  2⤵
  PID:8400
- C:\Windows\System\VSdZLNT.exe
  C:\Windows\System\VSdZLNT.exe
  2⤵
  PID:8432
- C:\Windows\System\nJQYVsQ.exe
  C:\Windows\System\nJQYVsQ.exe
  2⤵
  PID:2816
- C:\Windows\System\NFikfDl.exe
  C:\Windows\System\NFikfDl.exe
  2⤵
  PID:8556
- C:\Windows\System\cuEujmz.exe
  C:\Windows\System\cuEujmz.exe
  2⤵
  PID:1756
- C:\Windows\System\GfcsXEe.exe
  C:\Windows\System\GfcsXEe.exe
  2⤵
  PID:1732
- C:\Windows\System\DsIhAtt.exe
  C:\Windows\System\DsIhAtt.exe
  2⤵
  PID:8664
- C:\Windows\System\sVUkPZc.exe
  C:\Windows\System\sVUkPZc.exe
  2⤵
  PID:1912
- C:\Windows\System\UQapFtd.exe
  C:\Windows\System\UQapFtd.exe
  2⤵
  PID:8792
- C:\Windows\System\ZoyjjBo.exe
  C:\Windows\System\ZoyjjBo.exe
  2⤵
  PID:8872
- C:\Windows\System\hafEUuw.exe
  C:\Windows\System\hafEUuw.exe
  2⤵
  PID:8812
- C:\Windows\System\xLiTqaR.exe
  C:\Windows\System\xLiTqaR.exe
  2⤵
  PID:8932
- C:\Windows\System\xvnLxFc.exe
  C:\Windows\System\xvnLxFc.exe
  2⤵
  PID:8952
- C:\Windows\System\iNblyJe.exe
  C:\Windows\System\iNblyJe.exe
  2⤵
  PID:8896
- C:\Windows\System\vVDYBUQ.exe
  C:\Windows\System\vVDYBUQ.exe
  2⤵
  PID:9012
- C:\Windows\System\ZygHbpk.exe
  C:\Windows\System\ZygHbpk.exe
  2⤵
  PID:8940
- C:\Windows\System\WvccJyg.exe
  C:\Windows\System\WvccJyg.exe
  2⤵
  PID:9032
- C:\Windows\System\FAbmflZ.exe
  C:\Windows\System\FAbmflZ.exe
  2⤵
  PID:9132
- C:\Windows\System\HvnACWW.exe
  C:\Windows\System\HvnACWW.exe
  2⤵
  PID:1308
- C:\Windows\System\ZYLuMbt.exe
  C:\Windows\System\ZYLuMbt.exe
  2⤵
  PID:2032
- C:\Windows\System\lWMMzTZ.exe
  C:\Windows\System\lWMMzTZ.exe
  2⤵
  PID:2456
- C:\Windows\System\oiBoNXp.exe
  C:\Windows\System\oiBoNXp.exe
  2⤵
  PID:448
- C:\Windows\System\YHSSjLW.exe
  C:\Windows\System\YHSSjLW.exe
  2⤵
  PID:9080
- C:\Windows\System\rTFeOas.exe
  C:\Windows\System\rTFeOas.exe
  2⤵
  PID:9168
- C:\Windows\System\IzSCjml.exe
  C:\Windows\System\IzSCjml.exe
  2⤵
  PID:8376
- C:\Windows\System\gwEnkyj.exe
  C:\Windows\System\gwEnkyj.exe
  2⤵
  PID:1976
- C:\Windows\System\PeiMKbD.exe
  C:\Windows\System\PeiMKbD.exe
  2⤵
  PID:8492
- C:\Windows\System\HQzXpAS.exe
  C:\Windows\System\HQzXpAS.exe
  2⤵
  PID:8908
- C:\Windows\System\uypGDLT.exe
  C:\Windows\System\uypGDLT.exe
  2⤵
  PID:2972
- C:\Windows\System\SqrzQDL.exe
  C:\Windows\System\SqrzQDL.exe
  2⤵
  PID:8844
- C:\Windows\System\kLAPokv.exe
  C:\Windows\System\kLAPokv.exe
  2⤵
  PID:9100
- C:\Windows\System\VTDQEsf.exe
  C:\Windows\System\VTDQEsf.exe
  2⤵
  PID:8228
- C:\Windows\System\mlhiMyp.exe
  C:\Windows\System\mlhiMyp.exe
  2⤵
  PID:1680
- C:\Windows\System\eSYsdpz.exe
  C:\Windows\System\eSYsdpz.exe
  2⤵
  PID:8984
- C:\Windows\System\vlQYRXE.exe
  C:\Windows\System\vlQYRXE.exe
  2⤵
  PID:2984
- C:\Windows\System\hhZmwXM.exe
  C:\Windows\System\hhZmwXM.exe
  2⤵
  PID:9140
- C:\Windows\System\tEvAumH.exe
  C:\Windows\System\tEvAumH.exe
  2⤵
  PID:9064
- C:\Windows\System\eAoIAyK.exe
  C:\Windows\System\eAoIAyK.exe
  2⤵
  PID:2916
- C:\Windows\System\eWVqfhC.exe
  C:\Windows\System\eWVqfhC.exe
  2⤵
  PID:8572
- C:\Windows\System\IxBdYiV.exe
  C:\Windows\System\IxBdYiV.exe
  2⤵
  PID:8508
- C:\Windows\System\UJvWkcA.exe
  C:\Windows\System\UJvWkcA.exe
  2⤵
  PID:8748
- C:\Windows\System\GJegqHl.exe
  C:\Windows\System\GJegqHl.exe
  2⤵
  PID:8936
- C:\Windows\System\KHPJoPG.exe
  C:\Windows\System\KHPJoPG.exe
  2⤵
  PID:9204
- C:\Windows\System\jfqFFGz.exe
  C:\Windows\System\jfqFFGz.exe
  2⤵
  PID:9136
- C:\Windows\System\FeVcsjG.exe
  C:\Windows\System\FeVcsjG.exe
  2⤵
  PID:8216
- C:\Windows\System\onjDOLy.exe
  C:\Windows\System\onjDOLy.exe
  2⤵
  PID:8732
- C:\Windows\System\YGeIZKB.exe
  C:\Windows\System\YGeIZKB.exe
  2⤵
  PID:8980
- C:\Windows\System\vQeRXvp.exe
  C:\Windows\System\vQeRXvp.exe
  2⤵
  PID:8372
- C:\Windows\System\qaUmxWc.exe
  C:\Windows\System\qaUmxWc.exe
  2⤵
  PID:8660
- C:\Windows\System\wbtKWnz.exe
  C:\Windows\System\wbtKWnz.exe
  2⤵
  PID:9116
- C:\Windows\System\gPeOqpE.exe
  C:\Windows\System\gPeOqpE.exe
  2⤵
  PID:1012
- C:\Windows\System\VKbUKob.exe
  C:\Windows\System\VKbUKob.exe
  2⤵
  PID:8728
- C:\Windows\System\xtyPVgj.exe
  C:\Windows\System\xtyPVgj.exe
  2⤵
  PID:9232
- C:\Windows\System\ESFwKnD.exe
  C:\Windows\System\ESFwKnD.exe
  2⤵
  PID:9256
- C:\Windows\System\jOqRHRb.exe
  C:\Windows\System\jOqRHRb.exe
  2⤵
  PID:9272
- C:\Windows\System\GTWmKBD.exe
  C:\Windows\System\GTWmKBD.exe
  2⤵
  PID:9292
- C:\Windows\System\SJVFsxt.exe
  C:\Windows\System\SJVFsxt.exe
  2⤵
  PID:9308
- C:\Windows\System\lAOEIXw.exe
  C:\Windows\System\lAOEIXw.exe
  2⤵
  PID:9324
- C:\Windows\System\XQwriXJ.exe
  C:\Windows\System\XQwriXJ.exe
  2⤵
  PID:9340
- C:\Windows\System\SGNpeBE.exe
  C:\Windows\System\SGNpeBE.exe
  2⤵
  PID:9356
- C:\Windows\System\ZJvvGet.exe
  C:\Windows\System\ZJvvGet.exe
  2⤵
  PID:9372
- C:\Windows\System\OAwnFqW.exe
  C:\Windows\System\OAwnFqW.exe
  2⤵
  PID:9388
- C:\Windows\System\CkpLhOx.exe
  C:\Windows\System\CkpLhOx.exe
  2⤵
  PID:9404
- C:\Windows\System\dNNjOfq.exe
  C:\Windows\System\dNNjOfq.exe
  2⤵
  PID:9428
- C:\Windows\System\ouywCTy.exe
  C:\Windows\System\ouywCTy.exe
  2⤵
  PID:9448
- C:\Windows\System\klqnruA.exe
  C:\Windows\System\klqnruA.exe
  2⤵
  PID:9468
- C:\Windows\System\ZywAijZ.exe
  C:\Windows\System\ZywAijZ.exe
  2⤵
  PID:9488
- C:\Windows\System\gsAvFJE.exe
  C:\Windows\System\gsAvFJE.exe
  2⤵
  PID:9508
- C:\Windows\System\DssfaDO.exe
  C:\Windows\System\DssfaDO.exe
  2⤵
  PID:9528
- C:\Windows\System\bPeRPqT.exe
  C:\Windows\System\bPeRPqT.exe
  2⤵
  PID:9544
- C:\Windows\System\PIZDhxZ.exe
  C:\Windows\System\PIZDhxZ.exe
  2⤵
  PID:9564
- C:\Windows\System\NwyTNbJ.exe
  C:\Windows\System\NwyTNbJ.exe
  2⤵
  PID:9580
- C:\Windows\System\jbCCbmr.exe
  C:\Windows\System\jbCCbmr.exe
  2⤵
  PID:9596
- C:\Windows\System\AducrkI.exe
  C:\Windows\System\AducrkI.exe
  2⤵
  PID:9620
- C:\Windows\System\KKrXTgh.exe
  C:\Windows\System\KKrXTgh.exe
  2⤵
  PID:9640
- C:\Windows\System\kSdhYjY.exe
  C:\Windows\System\kSdhYjY.exe
  2⤵
  PID:9656
- C:\Windows\System\aRMcqAe.exe
  C:\Windows\System\aRMcqAe.exe
  2⤵
  PID:9676
- C:\Windows\System\BHFzUfZ.exe
  C:\Windows\System\BHFzUfZ.exe
  2⤵
  PID:9696
- C:\Windows\System\lJzpJsp.exe
  C:\Windows\System\lJzpJsp.exe
  2⤵
  PID:9712
- C:\Windows\System\YuXgzvw.exe
  C:\Windows\System\YuXgzvw.exe
  2⤵
  PID:9732
- C:\Windows\System\dkSeYoH.exe
  C:\Windows\System\dkSeYoH.exe
  2⤵
  PID:9748
- C:\Windows\System\ZPYqFEf.exe
  C:\Windows\System\ZPYqFEf.exe
  2⤵
  PID:9800
- C:\Windows\System\jaMFBKV.exe
  C:\Windows\System\jaMFBKV.exe
  2⤵
  PID:9836
- C:\Windows\System\HGrKKiq.exe
  C:\Windows\System\HGrKKiq.exe
  2⤵
  PID:9860
- C:\Windows\System\ihhEdLe.exe
  C:\Windows\System\ihhEdLe.exe
  2⤵
  PID:9880
- C:\Windows\System\phhjoyM.exe
  C:\Windows\System\phhjoyM.exe
  2⤵
  PID:9896
- C:\Windows\System\zMiVQYB.exe
  C:\Windows\System\zMiVQYB.exe
  2⤵
  PID:9912
- C:\Windows\System\QYyNMYM.exe
  C:\Windows\System\QYyNMYM.exe
  2⤵
  PID:9928
- C:\Windows\System\pqcIwNe.exe
  C:\Windows\System\pqcIwNe.exe
  2⤵
  PID:9948
- C:\Windows\System\umnwcoU.exe
  C:\Windows\System\umnwcoU.exe
  2⤵
  PID:9964
- C:\Windows\System\rCRhxni.exe
  C:\Windows\System\rCRhxni.exe
  2⤵
  PID:9984
- C:\Windows\System\XWgTKiu.exe
  C:\Windows\System\XWgTKiu.exe
  2⤵
  PID:10000
- C:\Windows\System\IDONOhC.exe
  C:\Windows\System\IDONOhC.exe
  2⤵
  PID:10016
- C:\Windows\System\iIpDTkJ.exe
  C:\Windows\System\iIpDTkJ.exe
  2⤵
  PID:10032
- C:\Windows\System\WSnNsyH.exe
  C:\Windows\System\WSnNsyH.exe
  2⤵
  PID:10048
- C:\Windows\System\OLzgepx.exe
  C:\Windows\System\OLzgepx.exe
  2⤵
  PID:10084
- C:\Windows\System\LQUFaFW.exe
  C:\Windows\System\LQUFaFW.exe
  2⤵
  PID:10100
- C:\Windows\System\qfgADwY.exe
  C:\Windows\System\qfgADwY.exe
  2⤵
  PID:10116
- C:\Windows\System\rgowIlf.exe
  C:\Windows\System\rgowIlf.exe
  2⤵
  PID:10132
- C:\Windows\System\gQlmntT.exe
  C:\Windows\System\gQlmntT.exe
  2⤵
  PID:10156
- C:\Windows\System\jyLNCDU.exe
  C:\Windows\System\jyLNCDU.exe
  2⤵
  PID:10172
- C:\Windows\System\fNlawCi.exe
  C:\Windows\System\fNlawCi.exe
  2⤵
  PID:10192
- C:\Windows\System\OTOrSxK.exe
  C:\Windows\System\OTOrSxK.exe
  2⤵
  PID:10212
- C:\Windows\System\nmfGgCS.exe
  C:\Windows\System\nmfGgCS.exe
  2⤵
  PID:10232
- C:\Windows\System\SFkYXmu.exe
  C:\Windows\System\SFkYXmu.exe
  2⤵
  PID:9228
- C:\Windows\System\kWwuaeH.exe
  C:\Windows\System\kWwuaeH.exe
  2⤵
  PID:9304
- C:\Windows\System\rgZyseS.exe
  C:\Windows\System\rgZyseS.exe
  2⤵
  PID:9484
- C:\Windows\System\EhKnCyX.exe
  C:\Windows\System\EhKnCyX.exe
  2⤵
  PID:9560
- C:\Windows\System\KtBcLlN.exe
  C:\Windows\System\KtBcLlN.exe
  2⤵
  PID:9636
- C:\Windows\System\SDNwWVy.exe
  C:\Windows\System\SDNwWVy.exe
  2⤵
  PID:9708
- C:\Windows\System\NqHFZXM.exe
  C:\Windows\System\NqHFZXM.exe
  2⤵
  PID:9380
- C:\Windows\System\BnmSqqf.exe
  C:\Windows\System\BnmSqqf.exe
  2⤵
  PID:9284
- C:\Windows\System\vamfbIp.exe
  C:\Windows\System\vamfbIp.exe
  2⤵
  PID:9724
- C:\Windows\System\tAGUOQt.exe
  C:\Windows\System\tAGUOQt.exe
  2⤵
  PID:9280
- C:\Windows\System\GALWfMt.exe
  C:\Windows\System\GALWfMt.exe
  2⤵
  PID:9572
- C:\Windows\System\bQlplwQ.exe
  C:\Windows\System\bQlplwQ.exe
  2⤵
  PID:9412
- C:\Windows\System\xgVjfxy.exe
  C:\Windows\System\xgVjfxy.exe
  2⤵
  PID:9464
- C:\Windows\System\dRAkWUe.exe
  C:\Windows\System\dRAkWUe.exe
  2⤵
  PID:9540
- C:\Windows\System\PZleiom.exe
  C:\Windows\System\PZleiom.exe
  2⤵
  PID:9688
- C:\Windows\System\UtKzFSg.exe
  C:\Windows\System\UtKzFSg.exe
  2⤵
  PID:9764
- C:\Windows\System\zEVJrNR.exe
  C:\Windows\System\zEVJrNR.exe
  2⤵
  PID:9784
- C:\Windows\System\uKCxgFA.exe
  C:\Windows\System\uKCxgFA.exe
  2⤵
  PID:8956
- C:\Windows\System\LgABRwL.exe
  C:\Windows\System\LgABRwL.exe
  2⤵
  PID:9868
- C:\Windows\System\hPygife.exe
  C:\Windows\System\hPygife.exe
  2⤵
  PID:9876
- C:\Windows\System\kMglPys.exe
  C:\Windows\System\kMglPys.exe
  2⤵
  PID:9956
- C:\Windows\System\vsmmGnZ.exe
  C:\Windows\System\vsmmGnZ.exe
  2⤵
  PID:10024
- C:\Windows\System\gHZBpof.exe
  C:\Windows\System\gHZBpof.exe
  2⤵
  PID:10068
- C:\Windows\System\VdiLkhK.exe
  C:\Windows\System\VdiLkhK.exe
  2⤵
  PID:10080
- C:\Windows\System\zkJFKuo.exe
  C:\Windows\System\zkJFKuo.exe
  2⤵
  PID:9976
- C:\Windows\System\tUiCDTZ.exe
  C:\Windows\System\tUiCDTZ.exe
  2⤵
  PID:10044
- C:\Windows\System\DkUvkgK.exe
  C:\Windows\System\DkUvkgK.exe
  2⤵
  PID:10112
- C:\Windows\System\PkKElRx.exe
  C:\Windows\System\PkKElRx.exe
  2⤵
  PID:9364
- C:\Windows\System\slGMlJx.exe
  C:\Windows\System\slGMlJx.exe
  2⤵
  PID:10152
- C:\Windows\System\EkNkMnS.exe
  C:\Windows\System\EkNkMnS.exe
  2⤵
  PID:10224
- C:\Windows\System\srBairt.exe
  C:\Windows\System\srBairt.exe
  2⤵
  PID:9300
- C:\Windows\System\JqXGvyv.exe
  C:\Windows\System\JqXGvyv.exe
  2⤵
  PID:9440
- C:\Windows\System\NrGJzmd.exe
  C:\Windows\System\NrGJzmd.exe
  2⤵
  PID:9552
- C:\Windows\System\mOaTYbc.exe
  C:\Windows\System\mOaTYbc.exe
  2⤵
  PID:9588
- C:\Windows\System\GEcVwRI.exe
  C:\Windows\System\GEcVwRI.exe
  2⤵
  PID:9744
- C:\Windows\System\PzNuoYR.exe
  C:\Windows\System\PzNuoYR.exe
  2⤵
  PID:9824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CAkQUVk.exe

Filesize
6.0MB

MD5
3f29c9a2e0ef042048a28bc76272c08c

SHA1
e919fb9281f720995a744a80d4af8571fe40dfb4

SHA256
9a724aba45b47eff7480e27d3ff63ef0fee21fd033c2fcbe937d525f8e446b12

SHA512
f03307a94f7cfddb2f025f8e7fc64ab818d74a5e16b56f43f45276ba1dabdd851fa23ce4932b1b53d41d765b2f49664ae7acaec578770ec1de5fe0b918271c77

Download Submit
C:\Windows\system\FnxCDTf.exe

Filesize
6.0MB

MD5
a6515f514ce846ca2269b2a01cbcff9c

SHA1
129d517572c1a33868ae7b781b67f9a682e719db

SHA256
c1b6def2df99ec6a1a0807ed42d574892f186b1fbc073f205b07a79d11c1ad4c

SHA512
78ace10890dfc0ecbfdf3a632d7844bfa09e88d9e5db77093ffdd345c62e606ea4230b4cc8b7568fca2f09440eb1e2a0885e5644c9b0d4401a47fb523d49d37a

Download Submit
C:\Windows\system\HOLKiKc.exe

Filesize
6.0MB

MD5
f1a49dc2b772264e82f8346190dc6288

SHA1
10b30dddd746f9592308810c92568b28d1d26a43

SHA256
bee11fbfcba03a06045532be72a7168beafd0d0bc63f366031a5793f71c4f587

SHA512
78dab0deda66c1b0f3f7ef18bb011a31262002b28c80b0280792dbd95bbcc05f885ecc3c1b949a4cee0c95810097081a1f2910ec2d7059eb9796254b7b45124c

Download Submit
C:\Windows\system\IZPBMrD.exe

Filesize
6.0MB

MD5
1facf1d80a66ae475cd4b88d49455d02

SHA1
7e8511ca4d88b29d9947a0a42f75c08c1b0a2bad

SHA256
572d7120c9aaa9bfb314ea4b6fc37cff906db456e2fbdd75797c060c306d3501

SHA512
4c9af29c16d1ad6ffd572d5d25878eb89a2e889381bdad6eea106d572b7db95c8ae58aac5ff24acde9f719fc96fa85a255f73dc4fc0301e40a7dc70d521bc937

Download Submit
C:\Windows\system\LhQMunk.exe

Filesize
6.0MB

MD5
750969cfbd5608c036a60cd989efa22d

SHA1
acce03093d8f21c0951a4a57d851d2b45d9edce8

SHA256
4484f7ed33d865f8d9d2bab57edb801211f1264350c6f3022ff9fa391f2e81dd

SHA512
08e688d1f3c95bf1563c621137067df1e326109c8a3e0fb027449f74d97bd1be975e066056354d2c9c4260db4a56ae3818ca895437a302508bf3929a30c35817

Download Submit
C:\Windows\system\MuNQRVp.exe

Filesize
6.0MB

MD5
185674753703c217a607d5a165ab1f8e

SHA1
31dd9f8a7f5e161c1bb074babb11836e3aafe479

SHA256
b93ea6583fc14bd60c284ccc1722a58b6aff8bfdb4dc29b7a5e3d319473750da

SHA512
93e3f8e9f790af27d84c4d4a616acb1b5f017b1400f3ca56536a6c45a088faeeb04ef5e928b6a3f5c24a56a7e21e79b4db16c8eb0c2a670184403810e1bf6008

Download Submit
C:\Windows\system\NaiHvWB.exe

Filesize
6.0MB

MD5
f2540f0ea54f88e8effba0e2676dd34b

SHA1
ac64695f5d5c2d7d16ad7f180d1c152568f876ba

SHA256
6e12170f12c3604c912087a6f2267acbd391e05416a5680e33b810eeb810f690

SHA512
168eee4e27e5a1f20b80fe94103e278cc5c8b2e964347bb07f71556e39a89d99f1d3731835665a846c9a7496703a5b8b9189b5ef6e29eb1fc97be7c4fdaf1b57

Download Submit
C:\Windows\system\PrumMcW.exe

Filesize
6.0MB

MD5
c0ff6e2471dcd91f83ea1abb3105be2b

SHA1
5a660ada78addddedf8cc6c15971a0abd653e1af

SHA256
eac2210862bb84bd6e154e4b6cf19c4fb4eed0f9fc60045c8eb53bef362a4b8b

SHA512
eb3f36db072c96c7e4e470fa2c415df192b152957b1a717a865d8ff04c5b752c2e50caa986ecdc8c594585f866338b64a1823b93c89b326e0ee3333387815ce7

Download Submit
C:\Windows\system\QYzmHAg.exe

Filesize
6.0MB

MD5
584d28719811ab53e63ae78e6026c17a

SHA1
373f8b0c977c1e6a293c262d319c9cadf32a9127

SHA256
dde159b5ca1163ec26e44da140fc123eeb4902e54b2a11c88149dd31bfb7d049

SHA512
c979e2bdfceefb96001d29161e038b42c07d0997f4f9a0c08c369c17f2b90a93ef69833a9876c602c6551d761b0f849dd44eb1baa4724b5f2e17d515a3a215f4

Download Submit
C:\Windows\system\QnZjADn.exe

Filesize
6.0MB

MD5
f07b358610057209c8a8ed35eb9f925f

SHA1
43a9762abae09c08685ac9ce2349e7bf58dabe68

SHA256
2b449e964cd24bc972a29dd0796dec0a224cdf59207d6dcb5df586f62b7820c9

SHA512
c5f4a3989b057b72ccf4a47220be4fb0adf1e8694ee9661e82ee1f0ac91ae4b9421c9dcc41e917f93849959acd3c5ae44a0ccd9c7fb631012be4c1c658f628d8

Download Submit
C:\Windows\system\QtsiVde.exe

Filesize
6.0MB

MD5
65921f184213a2d38c3c87e303b64e5c

SHA1
c739e28ecad29ea0b8c8f9e123faf96b6ee867df

SHA256
af3aa1f6b0bb8a5b38201f4fe5c61fe40d98f8a86687534814175301498ce2ce

SHA512
7c6d90dacab42a6aeefcdb1c8dd85a2b8102216ca37e3daf8c262ace0bdbe651ccfd8630776750c4684100791be0e42345693a3f1b7431a75d6441a2ecc90896

Download Submit
C:\Windows\system\YXRmYEb.exe

Filesize
6.0MB

MD5
9767dac4a2b92569576ea79635738106

SHA1
a14c49219fcb97203ed6e0c13d7ac894ebef6426

SHA256
7ca053bf42774a41c35d0c208cfd383d19046364799247191b6023279fe7e863

SHA512
a5915c8c96ea9a5323933d69a0b7f27f699e851d2877add14a32c534504828b3f5087d746856f2c3bd5922b9f09731fa0416476955041fd77f5df5900fbe2e54

Download Submit
C:\Windows\system\YbJOISD.exe

Filesize
6.0MB

MD5
d6073c0cc85ab9d1f9202caf6a84831f

SHA1
92fc70f1a0cd2f4799dd2c2890a32e5f3c0d32ec

SHA256
bcffe21c6443887b5b8f8f3ee051299a366c5cac14db043cb89bb3f6050b47c6

SHA512
46a0ec895208c4ec65390e99e910032dbf6a84cfa4f9bd82d8d37041f861c67ebcf11623d7070afb13d514c4fd648e9936af049a24a6fb729583cfee3559c5c3

Download Submit
C:\Windows\system\cOtDgvl.exe

Filesize
6.0MB

MD5
e61e5a97966734c50c09cc1db82f7855

SHA1
0eda46792fe17467e384d11f39aa0b45561535d8

SHA256
0e06d1040f65a6e6a459497bbffb9befb2360cfb4fb264ebb27a1e63807e2729

SHA512
762d010e01c9bae211bd7b9928b4ecdf4124ff6c5737a78ec9478428f502d169c24bf5bba2f448cf27b39799ee772ea8cc209c2911818d1ff29591be27e3479f

Download Submit
C:\Windows\system\fORMhbS.exe

Filesize
6.0MB

MD5
89cfeff784443f6cff3c36073d4be308

SHA1
398e6073277115b99fdea09a1ee3b4078b04ca87

SHA256
cf6a1aa3d1adb9f389f1465ea398ae3cd09a46b5e8efd3b00d0f861eb4689534

SHA512
d6f65e7451c3b3c703497c7a581c52af5205073dd9543a35c5a21363a2df2ca834cf4aeabba035ffa6891d43a3a5dd9832c0bbe87fd8d057b2a236205bdddbf5

Download Submit
C:\Windows\system\mwRMjwH.exe

Filesize
6.0MB

MD5
47ad89f565dc23904c159cf27e6d02cb

SHA1
17b37c10177eb65fedc7c9364b37abe67198715a

SHA256
256261627e0d3052b6e6e7671a57d7b5343988f30e884b7ed800b264d8a748db

SHA512
1994952fc3104011b073727454bec3a7a12231acc110f5ef5600b0cd3a7718d07fb5b80d6ad6a505841e63409dec580d679fc9c13b5669528464723763f76563

Download Submit
C:\Windows\system\nnxDKJo.exe

Filesize
6.0MB

MD5
7a45a4fd73c9260e886f3d1250d86e18

SHA1
0cab4ad1c255fd469ee12e25445bb9efc31b26aa

SHA256
6cf819699dbed14bec831d8ff1b1cc2267964b27bfa3f81e034b7e2d1fae691b

SHA512
b6c9e806f6c7f05b76478781ef919c992a764dca5314098e3b8ad96d1005e2c56d8774435353d19df0247758b6629468813cc10da08642897fd36c7c0cd4bd8b

Download Submit
C:\Windows\system\nsprZMc.exe

Filesize
6.0MB

MD5
4af1a1e32601d3ce676989202f69f6d3

SHA1
69e66f74e6b966590ded80ebc37136c833b1b285

SHA256
459febf0fbc00735820470f1e0f0671cf9ec5cb8424de5c1a5277a91b535528e

SHA512
cdff7b072906aa5087c19f818bbb7a13c44b0023528b8de97c2b9b78731918b891407f6c895d627b0e33cc0b431ccc997ba227534b23510e0ab91eb781e08ef3

Download Submit
C:\Windows\system\oaHgNgc.exe

Filesize
6.0MB

MD5
e085820548716c4006a9b8e335aecb85

SHA1
ceada0331d2eefea1c693cc02ed2296101dd1596

SHA256
0a062b936e38305b3d72507313b0fbf43b9f8b765c67eeabcb056da5c3acafe7

SHA512
477169d015052a409581ec5552a569f0be8e014f22f30a3e131c42115b13d1e1d38d881e0bde776e7664137863099caa9c001cb6274f916c3cc05c3ee29177fe

Download Submit
C:\Windows\system\qPhPDqf.exe

Filesize
6.0MB

MD5
d098225725879f58d2fa994a8828ddc6

SHA1
59fc3371a441f13c46ed930d2a7188ed33ecc29c

SHA256
08ec7b58a44dc9be895b40baf3e3e5cca151c071e815125f07728558cffe3336

SHA512
294200a967380cbcb5294aba9efa89e229bf090846f6911b238db077f732f08aaaf40747faa0fd7f27ac7a246a8e1861e5295d36b44a2d907977d7ff9c4820d8

Download Submit
C:\Windows\system\rShcWrH.exe

Filesize
6.0MB

MD5
6709c74a1e135ff22e68f7e115437f9f

SHA1
2c8f706134ea63a19e7a9524b2a46b834e34944e

SHA256
ea9b95e230a71406e21b3408704fe1023c31d718d29278bb4246034610ae2eb8

SHA512
28d32243f49e8e431a9bfad08f69342009965b3aed3e3b3ff3201b3ff70799578c5fe1d424dc678c84e3a1bf87be300e058965314e1998b6bdc992e1d6e3fce9

Download Submit
C:\Windows\system\rnTFpcw.exe

Filesize
6.0MB

MD5
e377035354c510183c746ccc94879bbb

SHA1
45afba30164d0c37c04878b994282cdb3b8e7333

SHA256
96bc726c3e1a4100187c9e915ff7a3c790680958931c8beb1d7c02ee17cd05a8

SHA512
ee776815933619ff08f4e85e0bc93feb4e557ed5edb05fe5d4d7b5612b585af2aaca1df168453dc694302d75da824ad6fe89d6362fedb7fde4f74196247c08af

Download Submit
C:\Windows\system\xZRLbUz.exe

Filesize
6.0MB

MD5
d24064d52d9e6c61210c1aed8d888131

SHA1
2742cf846da59902e5fe30842a210adc89a04e29

SHA256
aff950a9f80c8fcc008eed88d75cf61d0de573588e3c03584036e01154aad5e5

SHA512
a2248fbfb18b8dfb3a98b4be2a52b42b46df1749c5aac8d2a730e79578d9091f0609ca74ea23cec0f8215dea262745a874c9b4fdd81ab23422695bd1fb4fd593

Download Submit
C:\Windows\system\xkzvAZt.exe

Filesize
6.0MB

MD5
67a0ebe4f87de1934c82bb18eda22a98

SHA1
f1661035aefb03902f893d68bff8f9730a756522

SHA256
04c087ce9db048c2c1c9d85e1783362ba1ac75c78772be30ae74e0e4d537b4c1

SHA512
3b0562b1d7ca0e98b44f412448b093351454467ba08214624195e4f499235442d8a1cf900062b62ca5c7dcb07523266c788c7f735f2a1c54a4d80e49cb6bf633

Download Submit
\Windows\system\DYAnRuk.exe

Filesize
6.0MB

MD5
2800317fcc07eae42c112387c6096ac1

SHA1
c9cf5fe35ff3601348726e42b61db37f1b679530

SHA256
7dd933f010ab914f0b86973b817a3e0c3e166253a989bd0c5ae1fd03df52dddb

SHA512
84bd78fee50edc7ace810636a9b8bac4ed22d9a7c3362f0deb3d8846988961234a60eed488c35b0d721d2b36ae0b5a0d639bf3818f12e134c1567eee35a70a2e

Download Submit
\Windows\system\HgAadyd.exe

Filesize
6.0MB

MD5
e077f5d89bd9e989c1982dad680e08f0

SHA1
64009a407af9ca0b04e987f2fda8a26581a41e4c

SHA256
0cfc49c6f7159cc2f025a9a9c46b31c28d89157b5cda82950551b7b11d9d62f4

SHA512
ea827c6193a4d21a6610c645ab50e48846a97fd67741bc51e52f26318c4354fe44d07e12ac2283eb77db56fe02e3b1ea0759c99b7162d537871455e5c49539e9

Download Submit
\Windows\system\JTMLoPf.exe

Filesize
6.0MB

MD5
d83e222daf6a95273d9522f1dc961f33

SHA1
fdc34538079d3e076ab630a7cc7f75a3c1bdefb3

SHA256
3f5f1ec3e9d92f4d9595567e4305adb209f262b1656c23809addab85753f412b

SHA512
418b208da0bef59c2dfc666e922c51f4e33df5c6bad24a78bab009484c29da5e742d55c6afede100a0b8c840d8c089abd67d413a38da1a1093e9b3ba23862b73

Download Submit
\Windows\system\SpKcrBt.exe

Filesize
6.0MB

MD5
0f0cb831c7df0e9e99389ace4879f697

SHA1
035e24dae51babb1f487a8ccaa27a36eab6a8ec5

SHA256
e04987a19933e463fe96af2eb52a6bf3e2403fc9c00da15d36abec036a6d0bb3

SHA512
5f58dae257776120d4751d17b773f57ef1315ee11311b063d59bb2cdcb3fbce75818ae89209bbc52bed8bdf5353425b00822a3fb41fa25391615528351662b3f

Download Submit
\Windows\system\ZgYlCcD.exe

Filesize
6.0MB

MD5
7b4fa7f98bd4c8362f8f94832b5b27f1

SHA1
ce64aaeaa85fea526c0ea18080d16db6a68c8f41

SHA256
70ad36c9bd6dc01c0563c8f0655e0e347a3fcc94d8f3dff515bb41758b320654

SHA512
e7e57b50358974eb78ba2fe6094b9e69a960dee1d0e20b83475f3cc936b8766464955f19cc96c009832d6dbe9ff07cf71148d6d89a8521c1dcac4c44301c86f2

Download Submit
\Windows\system\fwkdgdb.exe

Filesize
6.0MB

MD5
50e16e020302f2a71fa67ec592a2448e

SHA1
e9b17e7d133b83d2252254648425ce0eeb21fba7

SHA256
52d8ab0cd5680b508084e828aa19ee79630b2de771a375366592f0c2adcb4ba8

SHA512
82a54a5e947154a7b69f1e874868fc67d013efd8aec23cb47a41413b2de5f302c8f70b0aff99ad92c172d1909cbfb7c2453c52fb5e7fa990b34f84cd8d4ac109

Download Submit
\Windows\system\kBrrpiK.exe

Filesize
6.0MB

MD5
cd264cec805dc810cec66a330a7e28a8

SHA1
6e9465dc6bce76a43e112313102135da57785f00

SHA256
3326886d797092f82ea18d02f735e06201a41044d3fa790e77b7d22ad1e709d1

SHA512
4d46be67b11daf731d8ef2847184b481f80172e276f4e5ad0b618b56121f8f52efad2708b45fcb29fdf5a0e7a47d6c8e9ff9f6c1e0be315b65385ab4de46e104

Download Submit
\Windows\system\lAqCZSk.exe

Filesize
6.0MB

MD5
ecf9616626e39ca3908ca16a4680ebd8

SHA1
92b553e2ab7b56cd933391026d2a187d42d5e9e9

SHA256
aa3a99466ac419a1e396e9e2e5df94f8e0365b7262fbe0721d83a7b2b4305cc3

SHA512
9ae87b52816de4bb12280cd30a82ec6dc1e1221d9a7d141e0fb106f797213ac8e6c59695f4386fcd53863c6c9327464f05995d399a183d314f324339840e6725

Download Submit
\Windows\system\wezSNuP.exe

Filesize
6.0MB

MD5
e7f776b628149e5c4885b7d5eac1cd4e

SHA1
2db1307b70ae6e9a4b5e7f39f675c2f1a116ce9c

SHA256
bc6688b48c731e458f6ce3a30452f9742b6d6a617e7cfab641e6863d410b25b5

SHA512
0531ca41773e6841f47a1ba184f4d5dacd0f93daaba6bddaf727c41a005c98d808ab551d246fdcef52a730e27edf189c9d0ecd67b4cfc77979ca0e348d027eae

Download Submit
memory/1284-3219-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1284-32-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2020-30-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2020-3245-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-9-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-3240-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-850-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3361-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2376-98-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2544-36-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3260-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2616-19-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3213-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-69-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-441-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2628-35-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2628-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2628-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2628-542-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2628-545-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2628-724-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2628-8-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2628-76-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2628-14-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-34-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2628-70-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2628-55-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2628-814-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2628-43-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2628-85-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2628-90-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2628-97-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2628-96-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2628-813-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2692-94-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3278-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-58-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3262-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2808-104-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3329-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2808-939-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3277-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-41-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-99-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-71-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3276-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2864-442-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2976-3270-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2976-293-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2976-62-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2980-48-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3272-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download