cobaltstrike | df1f1d275af0e77f65163c62e68917c899cbfefc1cdedfd292cbdb3fd754c4bc

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-01-2025 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

be4270e22c46b4057dfa11ef616dd9d7
SHA1

ad22b387f9f694d5ca99631a86c67e020e9b7d30
SHA256

df1f1d275af0e77f65163c62e68917c899cbfefc1cdedfd292cbdb3fd754c4bc
SHA512

5918a3aec61026b2bfe376c66c903909784e7436611ddb914d695d3c94943089d5bab7846be22183e0be2d055fa10bde29562378aaa7c3158fb63ab3c665fb6f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012291-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c7c-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca5-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cb2-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cbc-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc4-30.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016ccd-36.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-48.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-131.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016bf7-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019371-45.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739f-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral1/memory/2972-0-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012291-3.dat	xmrig
behavioral1/files/0x0008000000016c7c-8.dat	xmrig
behavioral1/files/0x0007000000016ca5-15.dat	xmrig
behavioral1/files/0x0007000000016cb2-20.dat	xmrig
behavioral1/files/0x0007000000016cbc-26.dat	xmrig
behavioral1/files/0x0007000000016cc4-30.dat	xmrig
behavioral1/files/0x000a000000016ccd-36.dat	xmrig
behavioral1/files/0x000500000001937b-48.dat	xmrig
behavioral1/files/0x00050000000193e6-75.dat	xmrig
behavioral1/files/0x00050000000195c2-105.dat	xmrig
behavioral1/files/0x00050000000195c7-120.dat	xmrig
behavioral1/files/0x00050000000195d0-150.dat	xmrig
behavioral1/memory/2744-510-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2516-525-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2732-523-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2628-521-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2656-519-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1956-517-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2828-514-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2728-512-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2740-508-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2760-503-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2912-506-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/1848-496-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2344-501-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2068-499-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2972-529-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019624-161.dat	xmrig
behavioral1/files/0x00050000000195e0-154.dat	xmrig
behavioral1/files/0x00050000000195cc-141.dat	xmrig
behavioral1/files/0x00050000000195ce-145.dat	xmrig
behavioral1/files/0x00050000000195ca-131.dat	xmrig
behavioral1/files/0x0009000000016bf7-135.dat	xmrig
behavioral1/files/0x00050000000195c8-125.dat	xmrig
behavioral1/files/0x00050000000195c4-111.dat	xmrig
behavioral1/files/0x00050000000195c6-116.dat	xmrig
behavioral1/files/0x000500000001958b-100.dat	xmrig
behavioral1/files/0x00050000000194e2-95.dat	xmrig
behavioral1/files/0x000500000001948d-90.dat	xmrig
behavioral1/files/0x000500000001945c-85.dat	xmrig
behavioral1/files/0x00050000000193f0-80.dat	xmrig
behavioral1/files/0x00050000000193d1-70.dat	xmrig
behavioral1/files/0x00050000000193a8-65.dat	xmrig
behavioral1/files/0x000500000001938e-60.dat	xmrig
behavioral1/files/0x0005000000019382-55.dat	xmrig
behavioral1/files/0x0005000000019371-45.dat	xmrig
behavioral1/files/0x000800000001739f-40.dat	xmrig
behavioral1/memory/1848-3235-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/1956-3276-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2628-3275-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2760-3290-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2744-3291-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2912-3292-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2516-3289-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2656-3256-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2728-3273-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2740-3272-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2068-3271-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2732-3263-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2828-3249-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2344-3244-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2516	FeLoXeb.exe
1848	zfdBxCa.exe
2068	QMgpigh.exe
2344	pKaAkSD.exe
2760	uQdFdeL.exe
2912	YJhIWll.exe
2740	JpGatsK.exe
2744	SFzfgLr.exe
2728	dfAZljx.exe
2828	bXhVTEQ.exe
1956	EYDQFsh.exe
2656	EOdtGuz.exe
2628	aBeuLGO.exe
2732	vRoDOvk.exe
1784	aBFagJr.exe
3068	aZfYZGx.exe
1160	DLcESki.exe
1052	pxDNjkj.exe
1476	jkNHayK.exe
2840	opdwjRn.exe
1912	SFOlzgx.exe
2132	QtVjBtD.exe
1892	TGhlFfr.exe
1976	KGcyceU.exe
1752	jQkozxK.exe
2708	ooNMcfF.exe
588	JkFbYJH.exe
820	EDVbSpQ.exe
2592	VMAhUtn.exe
1676	ZwNQNSL.exe
2288	JHHUkaV.exe
1116	cCOftbf.exe
1276	UzRGLTz.exe
2376	ylrwqts.exe
1244	vjjddmK.exe
268	RxDwHmY.exe
1852	OfnAaPi.exe
1056	TSFCFAq.exe
396	sRLIwiY.exe
1356	vXEgiAW.exe
1536	sejFGpJ.exe
1644	NaBmKbe.exe
984	reLqBqT.exe
916	pZGMnev.exe
1712	TvuIXgs.exe
2292	FBbClMw.exe
2312	WpJhDfg.exe
2304	euFLCcx.exe
2064	BUzQLXN.exe
1688	ucluSQp.exe
2440	ZaAOolp.exe
1616	wkNvhgU.exe
2080	AefPdml.exe
2556	mBADedz.exe
2384	CQUfgJx.exe
1556	Hckqcxz.exe
2396	aWIYQrv.exe
2544	hZxEhBr.exe
1028	egdPVfs.exe
2916	adLQgyW.exe
2900	LMIUerR.exe
2820	mHBuXbz.exe
2648	YqdhNNo.exe
2652	tSVODzn.exe

Loads dropped DLL 64 IoCs

pid	Process
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2972-0-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x000a000000012291-3.dat	upx
behavioral1/files/0x0008000000016c7c-8.dat	upx
behavioral1/files/0x0007000000016ca5-15.dat	upx
behavioral1/files/0x0007000000016cb2-20.dat	upx
behavioral1/files/0x0007000000016cbc-26.dat	upx
behavioral1/files/0x0007000000016cc4-30.dat	upx
behavioral1/files/0x000a000000016ccd-36.dat	upx
behavioral1/files/0x000500000001937b-48.dat	upx
behavioral1/files/0x00050000000193e6-75.dat	upx
behavioral1/files/0x00050000000195c2-105.dat	upx
behavioral1/files/0x00050000000195c7-120.dat	upx
behavioral1/files/0x00050000000195d0-150.dat	upx
behavioral1/memory/2744-510-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2516-525-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2732-523-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2628-521-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2656-519-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1956-517-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2828-514-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2728-512-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2740-508-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2760-503-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2912-506-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/1848-496-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2344-501-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2068-499-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2972-529-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0005000000019624-161.dat	upx
behavioral1/files/0x00050000000195e0-154.dat	upx
behavioral1/files/0x00050000000195cc-141.dat	upx
behavioral1/files/0x00050000000195ce-145.dat	upx
behavioral1/files/0x00050000000195ca-131.dat	upx
behavioral1/files/0x0009000000016bf7-135.dat	upx
behavioral1/files/0x00050000000195c8-125.dat	upx
behavioral1/files/0x00050000000195c4-111.dat	upx
behavioral1/files/0x00050000000195c6-116.dat	upx
behavioral1/files/0x000500000001958b-100.dat	upx
behavioral1/files/0x00050000000194e2-95.dat	upx
behavioral1/files/0x000500000001948d-90.dat	upx
behavioral1/files/0x000500000001945c-85.dat	upx
behavioral1/files/0x00050000000193f0-80.dat	upx
behavioral1/files/0x00050000000193d1-70.dat	upx
behavioral1/files/0x00050000000193a8-65.dat	upx
behavioral1/files/0x000500000001938e-60.dat	upx
behavioral1/files/0x0005000000019382-55.dat	upx
behavioral1/files/0x0005000000019371-45.dat	upx
behavioral1/files/0x000800000001739f-40.dat	upx
behavioral1/memory/1848-3235-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/1956-3276-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2628-3275-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2760-3290-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2744-3291-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2912-3292-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2516-3289-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2656-3256-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2728-3273-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2740-3272-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2068-3271-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2732-3263-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2828-3249-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2344-3244-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\biQLZzQ.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgajVHJ.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DguWjvM.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRgdFWj.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\toHEBBh.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pKaAkSD.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Srqnjud.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWmrAGv.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuPMzrB.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sQcuDHU.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HeRkEjI.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVltyxO.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFrXLgo.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIThpsE.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgTdgbr.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkpEGZN.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KabOjcG.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChBzZQV.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFbNUIB.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TcmbRmy.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drDWUKG.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYSpYnQ.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKuIpkw.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YitxzpG.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIAKYSp.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWqQCSw.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xXbZmQg.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZKLdtQ.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGyVCwK.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmcfvRH.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dszppzM.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAxNZlC.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yOhZCnI.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfgsQKv.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ernirQw.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSFCFAq.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgDXqGF.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtpQlZU.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DiWeoZL.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLVVmxd.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwUAfVq.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBMYjwt.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsvcCYI.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YooqVff.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVfVldB.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhTAxUr.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enKUPYX.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXFjmEo.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMIUerR.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ieDmRHy.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRQwcSA.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWgyHpl.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TJABOVB.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyLobEX.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfMoxjK.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdwVYJA.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AuDmdwb.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UisZdtc.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqgmCuR.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORbGrrs.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNdyMZv.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKXORHS.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AzYdjxQ.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abjdbLO.exe	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2516	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2972 wrote to memory of 2516	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2972 wrote to memory of 2516	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2972 wrote to memory of 1848	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2972 wrote to memory of 1848	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2972 wrote to memory of 1848	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2972 wrote to memory of 2068	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2972 wrote to memory of 2068	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2972 wrote to memory of 2068	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2972 wrote to memory of 2344	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2972 wrote to memory of 2344	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2972 wrote to memory of 2344	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2972 wrote to memory of 2760	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2972 wrote to memory of 2760	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2972 wrote to memory of 2760	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2972 wrote to memory of 2912	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2972 wrote to memory of 2912	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2972 wrote to memory of 2912	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2972 wrote to memory of 2740	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2972 wrote to memory of 2740	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2972 wrote to memory of 2740	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2972 wrote to memory of 2744	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2972 wrote to memory of 2744	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2972 wrote to memory of 2744	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2972 wrote to memory of 2728	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2972 wrote to memory of 2728	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2972 wrote to memory of 2728	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2972 wrote to memory of 2828	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2972 wrote to memory of 2828	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2972 wrote to memory of 2828	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2972 wrote to memory of 1956	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2972 wrote to memory of 1956	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2972 wrote to memory of 1956	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2972 wrote to memory of 2656	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2972 wrote to memory of 2656	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2972 wrote to memory of 2656	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2972 wrote to memory of 2628	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2972 wrote to memory of 2628	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2972 wrote to memory of 2628	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2972 wrote to memory of 2732	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2972 wrote to memory of 2732	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2972 wrote to memory of 2732	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2972 wrote to memory of 1784	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2972 wrote to memory of 1784	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2972 wrote to memory of 1784	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2972 wrote to memory of 3068	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2972 wrote to memory of 3068	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2972 wrote to memory of 3068	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2972 wrote to memory of 1160	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2972 wrote to memory of 1160	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2972 wrote to memory of 1160	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2972 wrote to memory of 1052	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2972 wrote to memory of 1052	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2972 wrote to memory of 1052	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2972 wrote to memory of 1476	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2972 wrote to memory of 1476	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2972 wrote to memory of 1476	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2972 wrote to memory of 2840	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2972 wrote to memory of 2840	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2972 wrote to memory of 2840	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2972 wrote to memory of 1912	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2972 wrote to memory of 1912	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2972 wrote to memory of 1912	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2972 wrote to memory of 2132	2972	2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_be4270e22c46b4057dfa11ef616dd9d7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\System\FeLoXeb.exe
  C:\Windows\System\FeLoXeb.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\zfdBxCa.exe
  C:\Windows\System\zfdBxCa.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\QMgpigh.exe
  C:\Windows\System\QMgpigh.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\pKaAkSD.exe
  C:\Windows\System\pKaAkSD.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\uQdFdeL.exe
  C:\Windows\System\uQdFdeL.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\YJhIWll.exe
  C:\Windows\System\YJhIWll.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\JpGatsK.exe
  C:\Windows\System\JpGatsK.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\SFzfgLr.exe
  C:\Windows\System\SFzfgLr.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\dfAZljx.exe
  C:\Windows\System\dfAZljx.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\bXhVTEQ.exe
  C:\Windows\System\bXhVTEQ.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\EYDQFsh.exe
  C:\Windows\System\EYDQFsh.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\EOdtGuz.exe
  C:\Windows\System\EOdtGuz.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\aBeuLGO.exe
  C:\Windows\System\aBeuLGO.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\vRoDOvk.exe
  C:\Windows\System\vRoDOvk.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\aBFagJr.exe
  C:\Windows\System\aBFagJr.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\aZfYZGx.exe
  C:\Windows\System\aZfYZGx.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\DLcESki.exe
  C:\Windows\System\DLcESki.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\pxDNjkj.exe
  C:\Windows\System\pxDNjkj.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\jkNHayK.exe
  C:\Windows\System\jkNHayK.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\opdwjRn.exe
  C:\Windows\System\opdwjRn.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\SFOlzgx.exe
  C:\Windows\System\SFOlzgx.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\QtVjBtD.exe
  C:\Windows\System\QtVjBtD.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\TGhlFfr.exe
  C:\Windows\System\TGhlFfr.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\KGcyceU.exe
  C:\Windows\System\KGcyceU.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\jQkozxK.exe
  C:\Windows\System\jQkozxK.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\ooNMcfF.exe
  C:\Windows\System\ooNMcfF.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\JkFbYJH.exe
  C:\Windows\System\JkFbYJH.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\EDVbSpQ.exe
  C:\Windows\System\EDVbSpQ.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\VMAhUtn.exe
  C:\Windows\System\VMAhUtn.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ZwNQNSL.exe
  C:\Windows\System\ZwNQNSL.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\JHHUkaV.exe
  C:\Windows\System\JHHUkaV.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\cCOftbf.exe
  C:\Windows\System\cCOftbf.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\UzRGLTz.exe
  C:\Windows\System\UzRGLTz.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\ylrwqts.exe
  C:\Windows\System\ylrwqts.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\vjjddmK.exe
  C:\Windows\System\vjjddmK.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\RxDwHmY.exe
  C:\Windows\System\RxDwHmY.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\OfnAaPi.exe
  C:\Windows\System\OfnAaPi.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\TSFCFAq.exe
  C:\Windows\System\TSFCFAq.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\sRLIwiY.exe
  C:\Windows\System\sRLIwiY.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\vXEgiAW.exe
  C:\Windows\System\vXEgiAW.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\sejFGpJ.exe
  C:\Windows\System\sejFGpJ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\reLqBqT.exe
  C:\Windows\System\reLqBqT.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\NaBmKbe.exe
  C:\Windows\System\NaBmKbe.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\pZGMnev.exe
  C:\Windows\System\pZGMnev.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\TvuIXgs.exe
  C:\Windows\System\TvuIXgs.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\FBbClMw.exe
  C:\Windows\System\FBbClMw.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\WpJhDfg.exe
  C:\Windows\System\WpJhDfg.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\euFLCcx.exe
  C:\Windows\System\euFLCcx.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\BUzQLXN.exe
  C:\Windows\System\BUzQLXN.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\ucluSQp.exe
  C:\Windows\System\ucluSQp.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\ZaAOolp.exe
  C:\Windows\System\ZaAOolp.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\wkNvhgU.exe
  C:\Windows\System\wkNvhgU.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\AefPdml.exe
  C:\Windows\System\AefPdml.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\mBADedz.exe
  C:\Windows\System\mBADedz.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\CQUfgJx.exe
  C:\Windows\System\CQUfgJx.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\aWIYQrv.exe
  C:\Windows\System\aWIYQrv.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\Hckqcxz.exe
  C:\Windows\System\Hckqcxz.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\hZxEhBr.exe
  C:\Windows\System\hZxEhBr.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\egdPVfs.exe
  C:\Windows\System\egdPVfs.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\adLQgyW.exe
  C:\Windows\System\adLQgyW.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\LMIUerR.exe
  C:\Windows\System\LMIUerR.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\mHBuXbz.exe
  C:\Windows\System\mHBuXbz.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\YqdhNNo.exe
  C:\Windows\System\YqdhNNo.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\tSVODzn.exe
  C:\Windows\System\tSVODzn.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\yVLIToa.exe
  C:\Windows\System\yVLIToa.exe
  2⤵
  PID:2612
- C:\Windows\System\SnZIbBw.exe
  C:\Windows\System\SnZIbBw.exe
  2⤵
  PID:2684
- C:\Windows\System\ECldlNC.exe
  C:\Windows\System\ECldlNC.exe
  2⤵
  PID:1620
- C:\Windows\System\VgVpLTs.exe
  C:\Windows\System\VgVpLTs.exe
  2⤵
  PID:1880
- C:\Windows\System\OQQjVTL.exe
  C:\Windows\System\OQQjVTL.exe
  2⤵
  PID:2824
- C:\Windows\System\ZSbVVGq.exe
  C:\Windows\System\ZSbVVGq.exe
  2⤵
  PID:1988
- C:\Windows\System\JIjusfM.exe
  C:\Windows\System\JIjusfM.exe
  2⤵
  PID:1812
- C:\Windows\System\rDerfEx.exe
  C:\Windows\System\rDerfEx.exe
  2⤵
  PID:660
- C:\Windows\System\mzcTJwa.exe
  C:\Windows\System\mzcTJwa.exe
  2⤵
  PID:2600
- C:\Windows\System\hymqjlZ.exe
  C:\Windows\System\hymqjlZ.exe
  2⤵
  PID:844
- C:\Windows\System\fItcihw.exe
  C:\Windows\System\fItcihw.exe
  2⤵
  PID:264
- C:\Windows\System\XSISUAW.exe
  C:\Windows\System\XSISUAW.exe
  2⤵
  PID:3012
- C:\Windows\System\ZidCLSY.exe
  C:\Windows\System\ZidCLSY.exe
  2⤵
  PID:816
- C:\Windows\System\LyDWfSl.exe
  C:\Windows\System\LyDWfSl.exe
  2⤵
  PID:1124
- C:\Windows\System\EKQSEat.exe
  C:\Windows\System\EKQSEat.exe
  2⤵
  PID:2800
- C:\Windows\System\AVetQYM.exe
  C:\Windows\System\AVetQYM.exe
  2⤵
  PID:1632
- C:\Windows\System\kjlSQoi.exe
  C:\Windows\System\kjlSQoi.exe
  2⤵
  PID:788
- C:\Windows\System\yuzuCtM.exe
  C:\Windows\System\yuzuCtM.exe
  2⤵
  PID:276
- C:\Windows\System\rWkMsPg.exe
  C:\Windows\System\rWkMsPg.exe
  2⤵
  PID:1296
- C:\Windows\System\xNvtuNb.exe
  C:\Windows\System\xNvtuNb.exe
  2⤵
  PID:1504
- C:\Windows\System\cBxLPeb.exe
  C:\Windows\System\cBxLPeb.exe
  2⤵
  PID:1628
- C:\Windows\System\NPmaSzs.exe
  C:\Windows\System\NPmaSzs.exe
  2⤵
  PID:2988
- C:\Windows\System\kqFYwIj.exe
  C:\Windows\System\kqFYwIj.exe
  2⤵
  PID:2444
- C:\Windows\System\KZkIstt.exe
  C:\Windows\System\KZkIstt.exe
  2⤵
  PID:2368
- C:\Windows\System\NiPBVcE.exe
  C:\Windows\System\NiPBVcE.exe
  2⤵
  PID:2168
- C:\Windows\System\hRIYuOu.exe
  C:\Windows\System\hRIYuOu.exe
  2⤵
  PID:896
- C:\Windows\System\SStavAj.exe
  C:\Windows\System\SStavAj.exe
  2⤵
  PID:804
- C:\Windows\System\IRjDzFJ.exe
  C:\Windows\System\IRjDzFJ.exe
  2⤵
  PID:3024
- C:\Windows\System\tywvSvP.exe
  C:\Windows\System\tywvSvP.exe
  2⤵
  PID:2520
- C:\Windows\System\OMiVFEO.exe
  C:\Windows\System\OMiVFEO.exe
  2⤵
  PID:2692
- C:\Windows\System\eVUmfkL.exe
  C:\Windows\System\eVUmfkL.exe
  2⤵
  PID:2756
- C:\Windows\System\zeomrmM.exe
  C:\Windows\System\zeomrmM.exe
  2⤵
  PID:2816
- C:\Windows\System\nSqsJlR.exe
  C:\Windows\System\nSqsJlR.exe
  2⤵
  PID:2664
- C:\Windows\System\fSSKYmW.exe
  C:\Windows\System\fSSKYmW.exe
  2⤵
  PID:3056
- C:\Windows\System\uWSgEhH.exe
  C:\Windows\System\uWSgEhH.exe
  2⤵
  PID:2028
- C:\Windows\System\biQLZzQ.exe
  C:\Windows\System\biQLZzQ.exe
  2⤵
  PID:1792
- C:\Windows\System\DlcqUDI.exe
  C:\Windows\System\DlcqUDI.exe
  2⤵
  PID:1272
- C:\Windows\System\CvOqzRF.exe
  C:\Windows\System\CvOqzRF.exe
  2⤵
  PID:1280
- C:\Windows\System\IhTAxUr.exe
  C:\Windows\System\IhTAxUr.exe
  2⤵
  PID:996
- C:\Windows\System\HwWbFqQ.exe
  C:\Windows\System\HwWbFqQ.exe
  2⤵
  PID:760
- C:\Windows\System\IwDiaFP.exe
  C:\Windows\System\IwDiaFP.exe
  2⤵
  PID:1492
- C:\Windows\System\qsyYOiz.exe
  C:\Windows\System\qsyYOiz.exe
  2⤵
  PID:1104
- C:\Windows\System\wgEzUKv.exe
  C:\Windows\System\wgEzUKv.exe
  2⤵
  PID:2056
- C:\Windows\System\UqRElpz.exe
  C:\Windows\System\UqRElpz.exe
  2⤵
  PID:1292
- C:\Windows\System\LUMqoxm.exe
  C:\Windows\System\LUMqoxm.exe
  2⤵
  PID:1032
- C:\Windows\System\FQdUnBb.exe
  C:\Windows\System\FQdUnBb.exe
  2⤵
  PID:2152
- C:\Windows\System\qCjLSgJ.exe
  C:\Windows\System\qCjLSgJ.exe
  2⤵
  PID:876
- C:\Windows\System\YhECaJN.exe
  C:\Windows\System\YhECaJN.exe
  2⤵
  PID:2100
- C:\Windows\System\fDucQKr.exe
  C:\Windows\System\fDucQKr.exe
  2⤵
  PID:112
- C:\Windows\System\mWMWsWG.exe
  C:\Windows\System\mWMWsWG.exe
  2⤵
  PID:2060
- C:\Windows\System\UgKiNQC.exe
  C:\Windows\System\UgKiNQC.exe
  2⤵
  PID:2992
- C:\Windows\System\MMhmTEf.exe
  C:\Windows\System\MMhmTEf.exe
  2⤵
  PID:1684
- C:\Windows\System\ONfqacJ.exe
  C:\Windows\System\ONfqacJ.exe
  2⤵
  PID:556
- C:\Windows\System\hbLMdgD.exe
  C:\Windows\System\hbLMdgD.exe
  2⤵
  PID:1524
- C:\Windows\System\iNEynxB.exe
  C:\Windows\System\iNEynxB.exe
  2⤵
  PID:2460
- C:\Windows\System\UhbKLDY.exe
  C:\Windows\System\UhbKLDY.exe
  2⤵
  PID:2024
- C:\Windows\System\oPXrDLP.exe
  C:\Windows\System\oPXrDLP.exe
  2⤵
  PID:440
- C:\Windows\System\bZVNVjm.exe
  C:\Windows\System\bZVNVjm.exe
  2⤵
  PID:1672
- C:\Windows\System\UwaLRux.exe
  C:\Windows\System\UwaLRux.exe
  2⤵
  PID:1348
- C:\Windows\System\OFdDdYc.exe
  C:\Windows\System\OFdDdYc.exe
  2⤵
  PID:2576
- C:\Windows\System\ehbFLxZ.exe
  C:\Windows\System\ehbFLxZ.exe
  2⤵
  PID:2848
- C:\Windows\System\rjjfbbr.exe
  C:\Windows\System\rjjfbbr.exe
  2⤵
  PID:1700
- C:\Windows\System\bENsmPC.exe
  C:\Windows\System\bENsmPC.exe
  2⤵
  PID:2964
- C:\Windows\System\hNpevom.exe
  C:\Windows\System\hNpevom.exe
  2⤵
  PID:2712
- C:\Windows\System\aCKExmD.exe
  C:\Windows\System\aCKExmD.exe
  2⤵
  PID:2836
- C:\Windows\System\qoexsXa.exe
  C:\Windows\System\qoexsXa.exe
  2⤵
  PID:1952
- C:\Windows\System\JmjAPtG.exe
  C:\Windows\System\JmjAPtG.exe
  2⤵
  PID:3092
- C:\Windows\System\wgAeLws.exe
  C:\Windows\System\wgAeLws.exe
  2⤵
  PID:3112
- C:\Windows\System\EdRCxrz.exe
  C:\Windows\System\EdRCxrz.exe
  2⤵
  PID:3128
- C:\Windows\System\hfKLpoJ.exe
  C:\Windows\System\hfKLpoJ.exe
  2⤵
  PID:3152
- C:\Windows\System\AJMahPo.exe
  C:\Windows\System\AJMahPo.exe
  2⤵
  PID:3172
- C:\Windows\System\ylnlBrT.exe
  C:\Windows\System\ylnlBrT.exe
  2⤵
  PID:3188
- C:\Windows\System\CKcURmo.exe
  C:\Windows\System\CKcURmo.exe
  2⤵
  PID:3208
- C:\Windows\System\AOChitr.exe
  C:\Windows\System\AOChitr.exe
  2⤵
  PID:3224
- C:\Windows\System\uABmCwb.exe
  C:\Windows\System\uABmCwb.exe
  2⤵
  PID:3244
- C:\Windows\System\qxfaemX.exe
  C:\Windows\System\qxfaemX.exe
  2⤵
  PID:3264
- C:\Windows\System\YzzUMEh.exe
  C:\Windows\System\YzzUMEh.exe
  2⤵
  PID:3284
- C:\Windows\System\ejpsNyN.exe
  C:\Windows\System\ejpsNyN.exe
  2⤵
  PID:3300
- C:\Windows\System\YjwSesl.exe
  C:\Windows\System\YjwSesl.exe
  2⤵
  PID:3316
- C:\Windows\System\jGHZmQm.exe
  C:\Windows\System\jGHZmQm.exe
  2⤵
  PID:3332
- C:\Windows\System\oBLAYTr.exe
  C:\Windows\System\oBLAYTr.exe
  2⤵
  PID:3348
- C:\Windows\System\twyxURl.exe
  C:\Windows\System\twyxURl.exe
  2⤵
  PID:3364
- C:\Windows\System\AMGDhzx.exe
  C:\Windows\System\AMGDhzx.exe
  2⤵
  PID:3412
- C:\Windows\System\KQuSXhx.exe
  C:\Windows\System\KQuSXhx.exe
  2⤵
  PID:3616
- C:\Windows\System\HmiomTZ.exe
  C:\Windows\System\HmiomTZ.exe
  2⤵
  PID:3632
- C:\Windows\System\iYDtQyI.exe
  C:\Windows\System\iYDtQyI.exe
  2⤵
  PID:3652
- C:\Windows\System\AxBjsDI.exe
  C:\Windows\System\AxBjsDI.exe
  2⤵
  PID:3668
- C:\Windows\System\bExdvCZ.exe
  C:\Windows\System\bExdvCZ.exe
  2⤵
  PID:3684
- C:\Windows\System\yabdUlw.exe
  C:\Windows\System\yabdUlw.exe
  2⤵
  PID:3700
- C:\Windows\System\ILRibUY.exe
  C:\Windows\System\ILRibUY.exe
  2⤵
  PID:3716
- C:\Windows\System\BIXrwaS.exe
  C:\Windows\System\BIXrwaS.exe
  2⤵
  PID:3732
- C:\Windows\System\vZVWFdA.exe
  C:\Windows\System\vZVWFdA.exe
  2⤵
  PID:3752
- C:\Windows\System\HsrvPPw.exe
  C:\Windows\System\HsrvPPw.exe
  2⤵
  PID:3768
- C:\Windows\System\ZuAeiKD.exe
  C:\Windows\System\ZuAeiKD.exe
  2⤵
  PID:3784
- C:\Windows\System\vWeEHiI.exe
  C:\Windows\System\vWeEHiI.exe
  2⤵
  PID:3804
- C:\Windows\System\jnQelXk.exe
  C:\Windows\System\jnQelXk.exe
  2⤵
  PID:3832
- C:\Windows\System\wfgxdQI.exe
  C:\Windows\System\wfgxdQI.exe
  2⤵
  PID:3848
- C:\Windows\System\SXqqtxg.exe
  C:\Windows\System\SXqqtxg.exe
  2⤵
  PID:3864
- C:\Windows\System\uusBSuj.exe
  C:\Windows\System\uusBSuj.exe
  2⤵
  PID:3880
- C:\Windows\System\jtxKPlH.exe
  C:\Windows\System\jtxKPlH.exe
  2⤵
  PID:3896
- C:\Windows\System\RFiyFrG.exe
  C:\Windows\System\RFiyFrG.exe
  2⤵
  PID:3912
- C:\Windows\System\YaDhNjX.exe
  C:\Windows\System\YaDhNjX.exe
  2⤵
  PID:3928
- C:\Windows\System\aIsMWOA.exe
  C:\Windows\System\aIsMWOA.exe
  2⤵
  PID:3944
- C:\Windows\System\oHKHHOC.exe
  C:\Windows\System\oHKHHOC.exe
  2⤵
  PID:3960
- C:\Windows\System\UYrYOFS.exe
  C:\Windows\System\UYrYOFS.exe
  2⤵
  PID:3976
- C:\Windows\System\tGWAvlC.exe
  C:\Windows\System\tGWAvlC.exe
  2⤵
  PID:3992
- C:\Windows\System\sehNOxQ.exe
  C:\Windows\System\sehNOxQ.exe
  2⤵
  PID:4008
- C:\Windows\System\xeUAcKi.exe
  C:\Windows\System\xeUAcKi.exe
  2⤵
  PID:4072
- C:\Windows\System\RxVnDgn.exe
  C:\Windows\System\RxVnDgn.exe
  2⤵
  PID:4092
- C:\Windows\System\TKUVhrU.exe
  C:\Windows\System\TKUVhrU.exe
  2⤵
  PID:2540
- C:\Windows\System\IRgMaqg.exe
  C:\Windows\System\IRgMaqg.exe
  2⤵
  PID:3000
- C:\Windows\System\AcSGyxa.exe
  C:\Windows\System\AcSGyxa.exe
  2⤵
  PID:2788
- C:\Windows\System\JxyPaTc.exe
  C:\Windows\System\JxyPaTc.exe
  2⤵
  PID:3144
- C:\Windows\System\nwFkiHL.exe
  C:\Windows\System\nwFkiHL.exe
  2⤵
  PID:2608
- C:\Windows\System\ELvjKhA.exe
  C:\Windows\System\ELvjKhA.exe
  2⤵
  PID:3180
- C:\Windows\System\mSWRGlp.exe
  C:\Windows\System\mSWRGlp.exe
  2⤵
  PID:3220
- C:\Windows\System\iNVsfkJ.exe
  C:\Windows\System\iNVsfkJ.exe
  2⤵
  PID:3324
- C:\Windows\System\HPedmnm.exe
  C:\Windows\System\HPedmnm.exe
  2⤵
  PID:3272
- C:\Windows\System\dBMBoSo.exe
  C:\Windows\System\dBMBoSo.exe
  2⤵
  PID:3280
- C:\Windows\System\nAoZSNh.exe
  C:\Windows\System\nAoZSNh.exe
  2⤵
  PID:3204
- C:\Windows\System\ZJLLnNU.exe
  C:\Windows\System\ZJLLnNU.exe
  2⤵
  PID:3276
- C:\Windows\System\mpvgABa.exe
  C:\Windows\System\mpvgABa.exe
  2⤵
  PID:3312
- C:\Windows\System\ABIBELm.exe
  C:\Windows\System\ABIBELm.exe
  2⤵
  PID:3524
- C:\Windows\System\kqbmzvk.exe
  C:\Windows\System\kqbmzvk.exe
  2⤵
  PID:372
- C:\Windows\System\iAcUAvO.exe
  C:\Windows\System\iAcUAvO.exe
  2⤵
  PID:3432
- C:\Windows\System\SfMoxjK.exe
  C:\Windows\System\SfMoxjK.exe
  2⤵
  PID:3436
- C:\Windows\System\ZsFINmi.exe
  C:\Windows\System\ZsFINmi.exe
  2⤵
  PID:3400
- C:\Windows\System\uImPmpk.exe
  C:\Windows\System\uImPmpk.exe
  2⤵
  PID:2296
- C:\Windows\System\Srqnjud.exe
  C:\Windows\System\Srqnjud.exe
  2⤵
  PID:2348
- C:\Windows\System\oJOotss.exe
  C:\Windows\System\oJOotss.exe
  2⤵
  PID:3496
- C:\Windows\System\DWcXgwH.exe
  C:\Windows\System\DWcXgwH.exe
  2⤵
  PID:2932
- C:\Windows\System\GrzPdCW.exe
  C:\Windows\System\GrzPdCW.exe
  2⤵
  PID:3544
- C:\Windows\System\TTdibOb.exe
  C:\Windows\System\TTdibOb.exe
  2⤵
  PID:2736
- C:\Windows\System\hetfueO.exe
  C:\Windows\System\hetfueO.exe
  2⤵
  PID:3580
- C:\Windows\System\GZBZPwK.exe
  C:\Windows\System\GZBZPwK.exe
  2⤵
  PID:3596
- C:\Windows\System\hTDxOJx.exe
  C:\Windows\System\hTDxOJx.exe
  2⤵
  PID:3600
- C:\Windows\System\lrBJyZh.exe
  C:\Windows\System\lrBJyZh.exe
  2⤵
  PID:3624
- C:\Windows\System\RHDxFnw.exe
  C:\Windows\System\RHDxFnw.exe
  2⤵
  PID:592
- C:\Windows\System\zoMNMtu.exe
  C:\Windows\System\zoMNMtu.exe
  2⤵
  PID:2240
- C:\Windows\System\DGaqSpL.exe
  C:\Windows\System\DGaqSpL.exe
  2⤵
  PID:3660
- C:\Windows\System\kQLTDFX.exe
  C:\Windows\System\kQLTDFX.exe
  2⤵
  PID:3712
- C:\Windows\System\ceQlwuT.exe
  C:\Windows\System\ceQlwuT.exe
  2⤵
  PID:3780
- C:\Windows\System\sKEJdyc.exe
  C:\Windows\System\sKEJdyc.exe
  2⤵
  PID:3728
- C:\Windows\System\nDGWiTd.exe
  C:\Windows\System\nDGWiTd.exe
  2⤵
  PID:3796
- C:\Windows\System\vmoJkoq.exe
  C:\Windows\System\vmoJkoq.exe
  2⤵
  PID:3828
- C:\Windows\System\tKaytHW.exe
  C:\Windows\System\tKaytHW.exe
  2⤵
  PID:3872
- C:\Windows\System\nbBLlND.exe
  C:\Windows\System\nbBLlND.exe
  2⤵
  PID:3892
- C:\Windows\System\aZFzoqO.exe
  C:\Windows\System\aZFzoqO.exe
  2⤵
  PID:2876
- C:\Windows\System\rUwGlGT.exe
  C:\Windows\System\rUwGlGT.exe
  2⤵
  PID:3940
- C:\Windows\System\hjIgcSp.exe
  C:\Windows\System\hjIgcSp.exe
  2⤵
  PID:3968
- C:\Windows\System\rKxVJCU.exe
  C:\Windows\System\rKxVJCU.exe
  2⤵
  PID:4000
- C:\Windows\System\NotipxK.exe
  C:\Windows\System\NotipxK.exe
  2⤵
  PID:4024
- C:\Windows\System\VJmNhBC.exe
  C:\Windows\System\VJmNhBC.exe
  2⤵
  PID:4036
- C:\Windows\System\QqsibhJ.exe
  C:\Windows\System\QqsibhJ.exe
  2⤵
  PID:4056
- C:\Windows\System\BzXKNWx.exe
  C:\Windows\System\BzXKNWx.exe
  2⤵
  PID:968
- C:\Windows\System\hQflUGJ.exe
  C:\Windows\System\hQflUGJ.exe
  2⤵
  PID:1516
- C:\Windows\System\BCncnFh.exe
  C:\Windows\System\BCncnFh.exe
  2⤵
  PID:2012
- C:\Windows\System\oOJOkYz.exe
  C:\Windows\System\oOJOkYz.exe
  2⤵
  PID:908
- C:\Windows\System\meclMZX.exe
  C:\Windows\System\meclMZX.exe
  2⤵
  PID:1576
- C:\Windows\System\QJDpVex.exe
  C:\Windows\System\QJDpVex.exe
  2⤵
  PID:1340
- C:\Windows\System\JyqemIW.exe
  C:\Windows\System\JyqemIW.exe
  2⤵
  PID:1496
- C:\Windows\System\SsJTgzy.exe
  C:\Windows\System\SsJTgzy.exe
  2⤵
  PID:2704
- C:\Windows\System\GSYzHCk.exe
  C:\Windows\System\GSYzHCk.exe
  2⤵
  PID:3104
- C:\Windows\System\HgONXvc.exe
  C:\Windows\System\HgONXvc.exe
  2⤵
  PID:1044
- C:\Windows\System\ZZKLdtQ.exe
  C:\Windows\System\ZZKLdtQ.exe
  2⤵
  PID:3260
- C:\Windows\System\NBQflSz.exe
  C:\Windows\System\NBQflSz.exe
  2⤵
  PID:3088
- C:\Windows\System\UBdDAFX.exe
  C:\Windows\System\UBdDAFX.exe
  2⤵
  PID:3356
- C:\Windows\System\ieBGfWA.exe
  C:\Windows\System\ieBGfWA.exe
  2⤵
  PID:3340
- C:\Windows\System\erIxIyk.exe
  C:\Windows\System\erIxIyk.exe
  2⤵
  PID:3420
- C:\Windows\System\WxNpfuJ.exe
  C:\Windows\System\WxNpfuJ.exe
  2⤵
  PID:3468
- C:\Windows\System\dFJFWmy.exe
  C:\Windows\System\dFJFWmy.exe
  2⤵
  PID:3388
- C:\Windows\System\OZHAwrq.exe
  C:\Windows\System\OZHAwrq.exe
  2⤵
  PID:2872
- C:\Windows\System\YPkZSfV.exe
  C:\Windows\System\YPkZSfV.exe
  2⤵
  PID:3888
- C:\Windows\System\hSqPZGz.exe
  C:\Windows\System\hSqPZGz.exe
  2⤵
  PID:3988
- C:\Windows\System\loidrAh.exe
  C:\Windows\System\loidrAh.exe
  2⤵
  PID:4064
- C:\Windows\System\sQKEsvj.exe
  C:\Windows\System\sQKEsvj.exe
  2⤵
  PID:1148
- C:\Windows\System\OlGSufi.exe
  C:\Windows\System\OlGSufi.exe
  2⤵
  PID:2424
- C:\Windows\System\xKAYfmY.exe
  C:\Windows\System\xKAYfmY.exe
  2⤵
  PID:3776
- C:\Windows\System\VShixsm.exe
  C:\Windows\System\VShixsm.exe
  2⤵
  PID:3860
- C:\Windows\System\krbnaqc.exe
  C:\Windows\System\krbnaqc.exe
  2⤵
  PID:564
- C:\Windows\System\fJlHPDR.exe
  C:\Windows\System\fJlHPDR.exe
  2⤵
  PID:4044
- C:\Windows\System\MyhWYCK.exe
  C:\Windows\System\MyhWYCK.exe
  2⤵
  PID:1764
- C:\Windows\System\wQwLRfB.exe
  C:\Windows\System\wQwLRfB.exe
  2⤵
  PID:4068
- C:\Windows\System\vwLFTiS.exe
  C:\Windows\System\vwLFTiS.exe
  2⤵
  PID:3084
- C:\Windows\System\chuvMYb.exe
  C:\Windows\System\chuvMYb.exe
  2⤵
  PID:2640
- C:\Windows\System\yCPZilh.exe
  C:\Windows\System\yCPZilh.exe
  2⤵
  PID:3240
- C:\Windows\System\oieZzDr.exe
  C:\Windows\System\oieZzDr.exe
  2⤵
  PID:3196
- C:\Windows\System\WbSpiGm.exe
  C:\Windows\System\WbSpiGm.exe
  2⤵
  PID:3384
- C:\Windows\System\TTDMDiT.exe
  C:\Windows\System\TTDMDiT.exe
  2⤵
  PID:2892
- C:\Windows\System\tRCokMu.exe
  C:\Windows\System\tRCokMu.exe
  2⤵
  PID:3536
- C:\Windows\System\KjszIBc.exe
  C:\Windows\System\KjszIBc.exe
  2⤵
  PID:3476
- C:\Windows\System\nseqsgb.exe
  C:\Windows\System\nseqsgb.exe
  2⤵
  PID:3640
- C:\Windows\System\ohuGHCq.exe
  C:\Windows\System\ohuGHCq.exe
  2⤵
  PID:2940
- C:\Windows\System\yjgIcHO.exe
  C:\Windows\System\yjgIcHO.exe
  2⤵
  PID:3936
- C:\Windows\System\DqvlJlP.exe
  C:\Windows\System\DqvlJlP.exe
  2⤵
  PID:4028
- C:\Windows\System\LYGgTcO.exe
  C:\Windows\System\LYGgTcO.exe
  2⤵
  PID:3648
- C:\Windows\System\HWSBtIb.exe
  C:\Windows\System\HWSBtIb.exe
  2⤵
  PID:3764
- C:\Windows\System\IDcshtx.exe
  C:\Windows\System\IDcshtx.exe
  2⤵
  PID:1680
- C:\Windows\System\QDylieH.exe
  C:\Windows\System\QDylieH.exe
  2⤵
  PID:2572
- C:\Windows\System\OnkKqtD.exe
  C:\Windows\System\OnkKqtD.exe
  2⤵
  PID:3200
- C:\Windows\System\rrRasIU.exe
  C:\Windows\System\rrRasIU.exe
  2⤵
  PID:2660
- C:\Windows\System\qIzXePt.exe
  C:\Windows\System\qIzXePt.exe
  2⤵
  PID:1612
- C:\Windows\System\xOQyaKK.exe
  C:\Windows\System\xOQyaKK.exe
  2⤵
  PID:3360
- C:\Windows\System\rnFyHQc.exe
  C:\Windows\System\rnFyHQc.exe
  2⤵
  PID:3492
- C:\Windows\System\RSJURFt.exe
  C:\Windows\System\RSJURFt.exe
  2⤵
  PID:2928
- C:\Windows\System\iPPOEvX.exe
  C:\Windows\System\iPPOEvX.exe
  2⤵
  PID:2248
- C:\Windows\System\DXQkxVU.exe
  C:\Windows\System\DXQkxVU.exe
  2⤵
  PID:2364
- C:\Windows\System\MWLoakI.exe
  C:\Windows\System\MWLoakI.exe
  2⤵
  PID:3664
- C:\Windows\System\dWiuGZX.exe
  C:\Windows\System\dWiuGZX.exe
  2⤵
  PID:3404
- C:\Windows\System\VlYpScP.exe
  C:\Windows\System\VlYpScP.exe
  2⤵
  PID:3052
- C:\Windows\System\HbvdAKc.exe
  C:\Windows\System\HbvdAKc.exe
  2⤵
  PID:4004
- C:\Windows\System\tGgfbMg.exe
  C:\Windows\System\tGgfbMg.exe
  2⤵
  PID:3140
- C:\Windows\System\dTRaaFJ.exe
  C:\Windows\System\dTRaaFJ.exe
  2⤵
  PID:2400
- C:\Windows\System\XJBGMOl.exe
  C:\Windows\System\XJBGMOl.exe
  2⤵
  PID:2448
- C:\Windows\System\xqpDkFG.exe
  C:\Windows\System\xqpDkFG.exe
  2⤵
  PID:3120
- C:\Windows\System\wRzaqfD.exe
  C:\Windows\System\wRzaqfD.exe
  2⤵
  PID:2924
- C:\Windows\System\MPmUrfr.exe
  C:\Windows\System\MPmUrfr.exe
  2⤵
  PID:4124
- C:\Windows\System\gFZnDUW.exe
  C:\Windows\System\gFZnDUW.exe
  2⤵
  PID:4144
- C:\Windows\System\KSFiNFd.exe
  C:\Windows\System\KSFiNFd.exe
  2⤵
  PID:4164
- C:\Windows\System\imuvMzs.exe
  C:\Windows\System\imuvMzs.exe
  2⤵
  PID:4180
- C:\Windows\System\VKRLKOp.exe
  C:\Windows\System\VKRLKOp.exe
  2⤵
  PID:4200
- C:\Windows\System\aWniooE.exe
  C:\Windows\System\aWniooE.exe
  2⤵
  PID:4220
- C:\Windows\System\RAqxets.exe
  C:\Windows\System\RAqxets.exe
  2⤵
  PID:4236
- C:\Windows\System\brHAhpW.exe
  C:\Windows\System\brHAhpW.exe
  2⤵
  PID:4252
- C:\Windows\System\KgjXMEG.exe
  C:\Windows\System\KgjXMEG.exe
  2⤵
  PID:4268
- C:\Windows\System\zqGGnjA.exe
  C:\Windows\System\zqGGnjA.exe
  2⤵
  PID:4292
- C:\Windows\System\UTGTnJx.exe
  C:\Windows\System\UTGTnJx.exe
  2⤵
  PID:4340
- C:\Windows\System\WQTzMmn.exe
  C:\Windows\System\WQTzMmn.exe
  2⤵
  PID:4360
- C:\Windows\System\GZFSsCi.exe
  C:\Windows\System\GZFSsCi.exe
  2⤵
  PID:4384
- C:\Windows\System\JZhxGBN.exe
  C:\Windows\System\JZhxGBN.exe
  2⤵
  PID:4416
- C:\Windows\System\lhreYVV.exe
  C:\Windows\System\lhreYVV.exe
  2⤵
  PID:4432
- C:\Windows\System\liJZPvu.exe
  C:\Windows\System\liJZPvu.exe
  2⤵
  PID:4448
- C:\Windows\System\kMRNzDM.exe
  C:\Windows\System\kMRNzDM.exe
  2⤵
  PID:4464
- C:\Windows\System\cAyIWGx.exe
  C:\Windows\System\cAyIWGx.exe
  2⤵
  PID:4484
- C:\Windows\System\stKXuVP.exe
  C:\Windows\System\stKXuVP.exe
  2⤵
  PID:4504
- C:\Windows\System\yvbXdoZ.exe
  C:\Windows\System\yvbXdoZ.exe
  2⤵
  PID:4524
- C:\Windows\System\Aypgsoz.exe
  C:\Windows\System\Aypgsoz.exe
  2⤵
  PID:4544
- C:\Windows\System\epNIpes.exe
  C:\Windows\System\epNIpes.exe
  2⤵
  PID:4584
- C:\Windows\System\eYwumXR.exe
  C:\Windows\System\eYwumXR.exe
  2⤵
  PID:4600
- C:\Windows\System\SUsrGAI.exe
  C:\Windows\System\SUsrGAI.exe
  2⤵
  PID:4616
- C:\Windows\System\OcCJCRO.exe
  C:\Windows\System\OcCJCRO.exe
  2⤵
  PID:4632
- C:\Windows\System\lGyVCwK.exe
  C:\Windows\System\lGyVCwK.exe
  2⤵
  PID:4648
- C:\Windows\System\TWmrAGv.exe
  C:\Windows\System\TWmrAGv.exe
  2⤵
  PID:4664
- C:\Windows\System\cSgarQW.exe
  C:\Windows\System\cSgarQW.exe
  2⤵
  PID:4684
- C:\Windows\System\RKDLWkN.exe
  C:\Windows\System\RKDLWkN.exe
  2⤵
  PID:4700
- C:\Windows\System\obISzDd.exe
  C:\Windows\System\obISzDd.exe
  2⤵
  PID:4716
- C:\Windows\System\CdwVYJA.exe
  C:\Windows\System\CdwVYJA.exe
  2⤵
  PID:4736
- C:\Windows\System\FBAYodr.exe
  C:\Windows\System\FBAYodr.exe
  2⤵
  PID:4756
- C:\Windows\System\nQaaOIN.exe
  C:\Windows\System\nQaaOIN.exe
  2⤵
  PID:4776
- C:\Windows\System\PsCnezB.exe
  C:\Windows\System\PsCnezB.exe
  2⤵
  PID:4792
- C:\Windows\System\GYBqQlZ.exe
  C:\Windows\System\GYBqQlZ.exe
  2⤵
  PID:4832
- C:\Windows\System\fmALDmG.exe
  C:\Windows\System\fmALDmG.exe
  2⤵
  PID:4848
- C:\Windows\System\mjNqCZg.exe
  C:\Windows\System\mjNqCZg.exe
  2⤵
  PID:4864
- C:\Windows\System\eFgkkiZ.exe
  C:\Windows\System\eFgkkiZ.exe
  2⤵
  PID:4880
- C:\Windows\System\XYcZBNI.exe
  C:\Windows\System\XYcZBNI.exe
  2⤵
  PID:4896
- C:\Windows\System\aVPTpVe.exe
  C:\Windows\System\aVPTpVe.exe
  2⤵
  PID:4912
- C:\Windows\System\GXCZLal.exe
  C:\Windows\System\GXCZLal.exe
  2⤵
  PID:4956
- C:\Windows\System\eaQJDdA.exe
  C:\Windows\System\eaQJDdA.exe
  2⤵
  PID:4988
- C:\Windows\System\bndkENI.exe
  C:\Windows\System\bndkENI.exe
  2⤵
  PID:5016
- C:\Windows\System\AwxMawQ.exe
  C:\Windows\System\AwxMawQ.exe
  2⤵
  PID:5032
- C:\Windows\System\gZaQukb.exe
  C:\Windows\System\gZaQukb.exe
  2⤵
  PID:5048
- C:\Windows\System\RXDkwMW.exe
  C:\Windows\System\RXDkwMW.exe
  2⤵
  PID:5064
- C:\Windows\System\YdnfmUB.exe
  C:\Windows\System\YdnfmUB.exe
  2⤵
  PID:5096
- C:\Windows\System\AfMwuEF.exe
  C:\Windows\System\AfMwuEF.exe
  2⤵
  PID:2952
- C:\Windows\System\RlaCggB.exe
  C:\Windows\System\RlaCggB.exe
  2⤵
  PID:4112
- C:\Windows\System\xyxLbPv.exe
  C:\Windows\System\xyxLbPv.exe
  2⤵
  PID:4172
- C:\Windows\System\DwnUolR.exe
  C:\Windows\System\DwnUolR.exe
  2⤵
  PID:4212
- C:\Windows\System\vRtRkEY.exe
  C:\Windows\System\vRtRkEY.exe
  2⤵
  PID:1740
- C:\Windows\System\IJhiufT.exe
  C:\Windows\System\IJhiufT.exe
  2⤵
  PID:2796
- C:\Windows\System\KbafRBh.exe
  C:\Windows\System\KbafRBh.exe
  2⤵
  PID:2244
- C:\Windows\System\lfMXqgL.exe
  C:\Windows\System\lfMXqgL.exe
  2⤵
  PID:4052
- C:\Windows\System\ukGgBxH.exe
  C:\Windows\System\ukGgBxH.exe
  2⤵
  PID:3292
- C:\Windows\System\vgQDJCL.exe
  C:\Windows\System\vgQDJCL.exe
  2⤵
  PID:4188
- C:\Windows\System\jRRZdXw.exe
  C:\Windows\System\jRRZdXw.exe
  2⤵
  PID:4260
- C:\Windows\System\HfukiCC.exe
  C:\Windows\System\HfukiCC.exe
  2⤵
  PID:4304
- C:\Windows\System\AgDXqGF.exe
  C:\Windows\System\AgDXqGF.exe
  2⤵
  PID:4400
- C:\Windows\System\HmcfvRH.exe
  C:\Windows\System\HmcfvRH.exe
  2⤵
  PID:4512
- C:\Windows\System\JGSEGqq.exe
  C:\Windows\System\JGSEGqq.exe
  2⤵
  PID:4520
- C:\Windows\System\ipJdflK.exe
  C:\Windows\System\ipJdflK.exe
  2⤵
  PID:4368
- C:\Windows\System\ICTTmwJ.exe
  C:\Windows\System\ICTTmwJ.exe
  2⤵
  PID:4320
- C:\Windows\System\efWYiRd.exe
  C:\Windows\System\efWYiRd.exe
  2⤵
  PID:4428
- C:\Windows\System\uZFqZuc.exe
  C:\Windows\System\uZFqZuc.exe
  2⤵
  PID:4496
- C:\Windows\System\AyhEMTc.exe
  C:\Windows\System\AyhEMTc.exe
  2⤵
  PID:4424
- C:\Windows\System\HOYVZlF.exe
  C:\Windows\System\HOYVZlF.exe
  2⤵
  PID:4608
- C:\Windows\System\yuiQsqf.exe
  C:\Windows\System\yuiQsqf.exe
  2⤵
  PID:4680
- C:\Windows\System\UvNmckM.exe
  C:\Windows\System\UvNmckM.exe
  2⤵
  PID:4596
- C:\Windows\System\bFsqeOT.exe
  C:\Windows\System\bFsqeOT.exe
  2⤵
  PID:4692
- C:\Windows\System\qqmyQlf.exe
  C:\Windows\System\qqmyQlf.exe
  2⤵
  PID:4732
- C:\Windows\System\ttJYIck.exe
  C:\Windows\System\ttJYIck.exe
  2⤵
  PID:4804
- C:\Windows\System\KBZaSCK.exe
  C:\Windows\System\KBZaSCK.exe
  2⤵
  PID:4828
- C:\Windows\System\zoWxCSK.exe
  C:\Windows\System\zoWxCSK.exe
  2⤵
  PID:4920
- C:\Windows\System\cYElChM.exe
  C:\Windows\System\cYElChM.exe
  2⤵
  PID:4744
- C:\Windows\System\fjVXPVR.exe
  C:\Windows\System\fjVXPVR.exe
  2⤵
  PID:4940
- C:\Windows\System\xxiXjAS.exe
  C:\Windows\System\xxiXjAS.exe
  2⤵
  PID:4996
- C:\Windows\System\tzQtBhw.exe
  C:\Windows\System\tzQtBhw.exe
  2⤵
  PID:5004
- C:\Windows\System\qysrCco.exe
  C:\Windows\System\qysrCco.exe
  2⤵
  PID:5044
- C:\Windows\System\ZEBxHRG.exe
  C:\Windows\System\ZEBxHRG.exe
  2⤵
  PID:5092
- C:\Windows\System\LtpQlZU.exe
  C:\Windows\System\LtpQlZU.exe
  2⤵
  PID:5060
- C:\Windows\System\zVyaIUl.exe
  C:\Windows\System\zVyaIUl.exe
  2⤵
  PID:5112
- C:\Windows\System\yHKesDN.exe
  C:\Windows\System\yHKesDN.exe
  2⤵
  PID:1240
- C:\Windows\System\ddcpdzh.exe
  C:\Windows\System\ddcpdzh.exe
  2⤵
  PID:3396
- C:\Windows\System\amQAXSv.exe
  C:\Windows\System\amQAXSv.exe
  2⤵
  PID:4228
- C:\Windows\System\VMymNzG.exe
  C:\Windows\System\VMymNzG.exe
  2⤵
  PID:4232
- C:\Windows\System\tOAoubZ.exe
  C:\Windows\System\tOAoubZ.exe
  2⤵
  PID:4104
- C:\Windows\System\FlqfvjN.exe
  C:\Windows\System\FlqfvjN.exe
  2⤵
  PID:3548
- C:\Windows\System\halkhtD.exe
  C:\Windows\System\halkhtD.exe
  2⤵
  PID:4152
- C:\Windows\System\nbEBSXN.exe
  C:\Windows\System\nbEBSXN.exe
  2⤵
  PID:4396
- C:\Windows\System\cgajVHJ.exe
  C:\Windows\System\cgajVHJ.exe
  2⤵
  PID:3564
- C:\Windows\System\AzjxQMd.exe
  C:\Windows\System\AzjxQMd.exe
  2⤵
  PID:4380
- C:\Windows\System\TXPuIcG.exe
  C:\Windows\System\TXPuIcG.exe
  2⤵
  PID:4580
- C:\Windows\System\yCMWIHR.exe
  C:\Windows\System\yCMWIHR.exe
  2⤵
  PID:4560
- C:\Windows\System\AzXowjs.exe
  C:\Windows\System\AzXowjs.exe
  2⤵
  PID:4540
- C:\Windows\System\MNidRoY.exe
  C:\Windows\System\MNidRoY.exe
  2⤵
  PID:4824
- C:\Windows\System\ZqmXjVg.exe
  C:\Windows\System\ZqmXjVg.exe
  2⤵
  PID:4644
- C:\Windows\System\QuyIBCT.exe
  C:\Windows\System\QuyIBCT.exe
  2⤵
  PID:4660
- C:\Windows\System\LzWxZaU.exe
  C:\Windows\System\LzWxZaU.exe
  2⤵
  PID:4752
- C:\Windows\System\BDpCgOV.exe
  C:\Windows\System\BDpCgOV.exe
  2⤵
  PID:4788
- C:\Windows\System\bkCnlku.exe
  C:\Windows\System\bkCnlku.exe
  2⤵
  PID:4860
- C:\Windows\System\qZMbjmK.exe
  C:\Windows\System\qZMbjmK.exe
  2⤵
  PID:4936
- C:\Windows\System\yaDNOlN.exe
  C:\Windows\System\yaDNOlN.exe
  2⤵
  PID:4244
- C:\Windows\System\jviTRvm.exe
  C:\Windows\System\jviTRvm.exe
  2⤵
  PID:4300
- C:\Windows\System\HBqMAlz.exe
  C:\Windows\System\HBqMAlz.exe
  2⤵
  PID:5080
- C:\Windows\System\Nhssnbl.exe
  C:\Windows\System\Nhssnbl.exe
  2⤵
  PID:3608
- C:\Windows\System\LLofrvM.exe
  C:\Windows\System\LLofrvM.exe
  2⤵
  PID:4328
- C:\Windows\System\jIvqWqv.exe
  C:\Windows\System\jIvqWqv.exe
  2⤵
  PID:4800
- C:\Windows\System\iuSMAtZ.exe
  C:\Windows\System\iuSMAtZ.exe
  2⤵
  PID:4908
- C:\Windows\System\QQpmsyO.exe
  C:\Windows\System\QQpmsyO.exe
  2⤵
  PID:4984
- C:\Windows\System\TDWZoSX.exe
  C:\Windows\System\TDWZoSX.exe
  2⤵
  PID:4672
- C:\Windows\System\pvfClgk.exe
  C:\Windows\System\pvfClgk.exe
  2⤵
  PID:4352
- C:\Windows\System\UsBgPol.exe
  C:\Windows\System\UsBgPol.exe
  2⤵
  PID:5108
- C:\Windows\System\LSAEAyd.exe
  C:\Windows\System\LSAEAyd.exe
  2⤵
  PID:3724
- C:\Windows\System\CbsULlJ.exe
  C:\Windows\System\CbsULlJ.exe
  2⤵
  PID:4392
- C:\Windows\System\YxTCnEx.exe
  C:\Windows\System\YxTCnEx.exe
  2⤵
  PID:5040
- C:\Windows\System\audnoAi.exe
  C:\Windows\System\audnoAi.exe
  2⤵
  PID:4348
- C:\Windows\System\mKIxksz.exe
  C:\Windows\System\mKIxksz.exe
  2⤵
  PID:4472
- C:\Windows\System\VkLSQnq.exe
  C:\Windows\System\VkLSQnq.exe
  2⤵
  PID:4656
- C:\Windows\System\vlqPhFZ.exe
  C:\Windows\System\vlqPhFZ.exe
  2⤵
  PID:4892
- C:\Windows\System\KljCHpK.exe
  C:\Windows\System\KljCHpK.exe
  2⤵
  PID:1728
- C:\Windows\System\hkwBUkg.exe
  C:\Windows\System\hkwBUkg.exe
  2⤵
  PID:3532
- C:\Windows\System\dObzzlc.exe
  C:\Windows\System\dObzzlc.exe
  2⤵
  PID:4444
- C:\Windows\System\vaiWuty.exe
  C:\Windows\System\vaiWuty.exe
  2⤵
  PID:4820
- C:\Windows\System\ieDmRHy.exe
  C:\Windows\System\ieDmRHy.exe
  2⤵
  PID:3584
- C:\Windows\System\afaaIeI.exe
  C:\Windows\System\afaaIeI.exe
  2⤵
  PID:3572
- C:\Windows\System\ZXOCVLy.exe
  C:\Windows\System\ZXOCVLy.exe
  2⤵
  PID:5012
- C:\Windows\System\oSOrSDS.exe
  C:\Windows\System\oSOrSDS.exe
  2⤵
  PID:4324
- C:\Windows\System\VKSzvji.exe
  C:\Windows\System\VKSzvji.exe
  2⤵
  PID:3856
- C:\Windows\System\vDvDijo.exe
  C:\Windows\System\vDvDijo.exe
  2⤵
  PID:4280
- C:\Windows\System\KFrXLgo.exe
  C:\Windows\System\KFrXLgo.exe
  2⤵
  PID:4772
- C:\Windows\System\UyZrBFE.exe
  C:\Windows\System\UyZrBFE.exe
  2⤵
  PID:5128
- C:\Windows\System\kwPhagG.exe
  C:\Windows\System\kwPhagG.exe
  2⤵
  PID:5144
- C:\Windows\System\AcqOqbU.exe
  C:\Windows\System\AcqOqbU.exe
  2⤵
  PID:5160
- C:\Windows\System\rCyhqxw.exe
  C:\Windows\System\rCyhqxw.exe
  2⤵
  PID:5180
- C:\Windows\System\XRQwcSA.exe
  C:\Windows\System\XRQwcSA.exe
  2⤵
  PID:5200
- C:\Windows\System\NVmQXwt.exe
  C:\Windows\System\NVmQXwt.exe
  2⤵
  PID:5220
- C:\Windows\System\HqNNwai.exe
  C:\Windows\System\HqNNwai.exe
  2⤵
  PID:5240
- C:\Windows\System\JGZildv.exe
  C:\Windows\System\JGZildv.exe
  2⤵
  PID:5260
- C:\Windows\System\WFwJMnD.exe
  C:\Windows\System\WFwJMnD.exe
  2⤵
  PID:5276
- C:\Windows\System\DzEtHdc.exe
  C:\Windows\System\DzEtHdc.exe
  2⤵
  PID:5292
- C:\Windows\System\cIxbDmu.exe
  C:\Windows\System\cIxbDmu.exe
  2⤵
  PID:5308
- C:\Windows\System\bbJqQXC.exe
  C:\Windows\System\bbJqQXC.exe
  2⤵
  PID:5324
- C:\Windows\System\dSexBwH.exe
  C:\Windows\System\dSexBwH.exe
  2⤵
  PID:5380
- C:\Windows\System\IlCOOWA.exe
  C:\Windows\System\IlCOOWA.exe
  2⤵
  PID:5400
- C:\Windows\System\UyQnCZX.exe
  C:\Windows\System\UyQnCZX.exe
  2⤵
  PID:5420
- C:\Windows\System\UhiNzik.exe
  C:\Windows\System\UhiNzik.exe
  2⤵
  PID:5440
- C:\Windows\System\TUhoVZL.exe
  C:\Windows\System\TUhoVZL.exe
  2⤵
  PID:5460
- C:\Windows\System\RKrsujp.exe
  C:\Windows\System\RKrsujp.exe
  2⤵
  PID:5480
- C:\Windows\System\kmUaOTe.exe
  C:\Windows\System\kmUaOTe.exe
  2⤵
  PID:5496
- C:\Windows\System\dPDeitu.exe
  C:\Windows\System\dPDeitu.exe
  2⤵
  PID:5512
- C:\Windows\System\HCqlqFa.exe
  C:\Windows\System\HCqlqFa.exe
  2⤵
  PID:5528
- C:\Windows\System\DKvsTUJ.exe
  C:\Windows\System\DKvsTUJ.exe
  2⤵
  PID:5544
- C:\Windows\System\rcZJbrL.exe
  C:\Windows\System\rcZJbrL.exe
  2⤵
  PID:5560
- C:\Windows\System\zhjdVGn.exe
  C:\Windows\System\zhjdVGn.exe
  2⤵
  PID:5620
- C:\Windows\System\kZxhZbW.exe
  C:\Windows\System\kZxhZbW.exe
  2⤵
  PID:5636
- C:\Windows\System\pGmFFlU.exe
  C:\Windows\System\pGmFFlU.exe
  2⤵
  PID:5652
- C:\Windows\System\GANISSQ.exe
  C:\Windows\System\GANISSQ.exe
  2⤵
  PID:5668
- C:\Windows\System\sRcJPEu.exe
  C:\Windows\System\sRcJPEu.exe
  2⤵
  PID:5684
- C:\Windows\System\BCCguxe.exe
  C:\Windows\System\BCCguxe.exe
  2⤵
  PID:5700
- C:\Windows\System\FxRIeBE.exe
  C:\Windows\System\FxRIeBE.exe
  2⤵
  PID:5716
- C:\Windows\System\UNRoARg.exe
  C:\Windows\System\UNRoARg.exe
  2⤵
  PID:5732
- C:\Windows\System\WYZnUjt.exe
  C:\Windows\System\WYZnUjt.exe
  2⤵
  PID:5748
- C:\Windows\System\yoCHlSO.exe
  C:\Windows\System\yoCHlSO.exe
  2⤵
  PID:5764
- C:\Windows\System\zugWPTM.exe
  C:\Windows\System\zugWPTM.exe
  2⤵
  PID:5784
- C:\Windows\System\VXtFeEe.exe
  C:\Windows\System\VXtFeEe.exe
  2⤵
  PID:5804
- C:\Windows\System\EclhpYE.exe
  C:\Windows\System\EclhpYE.exe
  2⤵
  PID:5824
- C:\Windows\System\OuKBcJi.exe
  C:\Windows\System\OuKBcJi.exe
  2⤵
  PID:5840
- C:\Windows\System\tROFBUR.exe
  C:\Windows\System\tROFBUR.exe
  2⤵
  PID:5856
- C:\Windows\System\TzRXhVe.exe
  C:\Windows\System\TzRXhVe.exe
  2⤵
  PID:5872
- C:\Windows\System\SYrDlga.exe
  C:\Windows\System\SYrDlga.exe
  2⤵
  PID:5888
- C:\Windows\System\uIThpsE.exe
  C:\Windows\System\uIThpsE.exe
  2⤵
  PID:5908
- C:\Windows\System\KnuDmJy.exe
  C:\Windows\System\KnuDmJy.exe
  2⤵
  PID:5928
- C:\Windows\System\azGomJp.exe
  C:\Windows\System\azGomJp.exe
  2⤵
  PID:5948
- C:\Windows\System\LIZLGmJ.exe
  C:\Windows\System\LIZLGmJ.exe
  2⤵
  PID:5968
- C:\Windows\System\AiIqfxh.exe
  C:\Windows\System\AiIqfxh.exe
  2⤵
  PID:5984
- C:\Windows\System\dPIPKFf.exe
  C:\Windows\System\dPIPKFf.exe
  2⤵
  PID:6004
- C:\Windows\System\wdPGvTV.exe
  C:\Windows\System\wdPGvTV.exe
  2⤵
  PID:6024
- C:\Windows\System\UmEGzmt.exe
  C:\Windows\System\UmEGzmt.exe
  2⤵
  PID:6044
- C:\Windows\System\dpzAfbP.exe
  C:\Windows\System\dpzAfbP.exe
  2⤵
  PID:6060
- C:\Windows\System\gwATvbU.exe
  C:\Windows\System\gwATvbU.exe
  2⤵
  PID:6076
- C:\Windows\System\TEYWfUO.exe
  C:\Windows\System\TEYWfUO.exe
  2⤵
  PID:6092
- C:\Windows\System\ecuxpdh.exe
  C:\Windows\System\ecuxpdh.exe
  2⤵
  PID:6108
- C:\Windows\System\vkJOqod.exe
  C:\Windows\System\vkJOqod.exe
  2⤵
  PID:6124
- C:\Windows\System\fmoGhKf.exe
  C:\Windows\System\fmoGhKf.exe
  2⤵
  PID:1856
- C:\Windows\System\UmUkUxy.exe
  C:\Windows\System\UmUkUxy.exe
  2⤵
  PID:4556
- C:\Windows\System\OGqSBtk.exe
  C:\Windows\System\OGqSBtk.exe
  2⤵
  PID:4964
- C:\Windows\System\bSBOdTs.exe
  C:\Windows\System\bSBOdTs.exe
  2⤵
  PID:5368
- C:\Windows\System\dUQPABU.exe
  C:\Windows\System\dUQPABU.exe
  2⤵
  PID:5168
- C:\Windows\System\eLGjZIp.exe
  C:\Windows\System\eLGjZIp.exe
  2⤵
  PID:5256
- C:\Windows\System\DiWeoZL.exe
  C:\Windows\System\DiWeoZL.exe
  2⤵
  PID:5388
- C:\Windows\System\EUCVfqJ.exe
  C:\Windows\System\EUCVfqJ.exe
  2⤵
  PID:5468
- C:\Windows\System\lfeZYaU.exe
  C:\Windows\System\lfeZYaU.exe
  2⤵
  PID:5540
- C:\Windows\System\QAEIXeM.exe
  C:\Windows\System\QAEIXeM.exe
  2⤵
  PID:5172
- C:\Windows\System\lDRtari.exe
  C:\Windows\System\lDRtari.exe
  2⤵
  PID:5436
- C:\Windows\System\nTyDaSx.exe
  C:\Windows\System\nTyDaSx.exe
  2⤵
  PID:5596
- C:\Windows\System\gvBopBa.exe
  C:\Windows\System\gvBopBa.exe
  2⤵
  PID:5616
- C:\Windows\System\cWwJYxj.exe
  C:\Windows\System\cWwJYxj.exe
  2⤵
  PID:5740
- C:\Windows\System\paNivfl.exe
  C:\Windows\System\paNivfl.exe
  2⤵
  PID:5772
- C:\Windows\System\tDiTRcb.exe
  C:\Windows\System\tDiTRcb.exe
  2⤵
  PID:5680
- C:\Windows\System\tJZsDAE.exe
  C:\Windows\System\tJZsDAE.exe
  2⤵
  PID:5916
- C:\Windows\System\pBNCdMo.exe
  C:\Windows\System\pBNCdMo.exe
  2⤵
  PID:5956
- C:\Windows\System\lrPoyKF.exe
  C:\Windows\System\lrPoyKF.exe
  2⤵
  PID:5556
- C:\Windows\System\iLVdVgu.exe
  C:\Windows\System\iLVdVgu.exe
  2⤵
  PID:5448
- C:\Windows\System\lPFGHqc.exe
  C:\Windows\System\lPFGHqc.exe
  2⤵
  PID:6040
- C:\Windows\System\msbRuQO.exe
  C:\Windows\System\msbRuQO.exe
  2⤵
  PID:5492
- C:\Windows\System\ecAfiZp.exe
  C:\Windows\System\ecAfiZp.exe
  2⤵
  PID:5976
- C:\Windows\System\kTLUHbx.exe
  C:\Windows\System\kTLUHbx.exe
  2⤵
  PID:5268
- C:\Windows\System\FrtGLWg.exe
  C:\Windows\System\FrtGLWg.exe
  2⤵
  PID:3568
- C:\Windows\System\FwclrwQ.exe
  C:\Windows\System\FwclrwQ.exe
  2⤵
  PID:6016
- C:\Windows\System\BCeXMJd.exe
  C:\Windows\System\BCeXMJd.exe
  2⤵
  PID:5632
- C:\Windows\System\XlgUECm.exe
  C:\Windows\System\XlgUECm.exe
  2⤵
  PID:5724
- C:\Windows\System\rFbUWkA.exe
  C:\Windows\System\rFbUWkA.exe
  2⤵
  PID:5796
- C:\Windows\System\efjWwIE.exe
  C:\Windows\System\efjWwIE.exe
  2⤵
  PID:5868
- C:\Windows\System\SOTXVyn.exe
  C:\Windows\System\SOTXVyn.exe
  2⤵
  PID:5936
- C:\Windows\System\IkizKEl.exe
  C:\Windows\System\IkizKEl.exe
  2⤵
  PID:6020
- C:\Windows\System\KgvCpCO.exe
  C:\Windows\System\KgvCpCO.exe
  2⤵
  PID:4748
- C:\Windows\System\RWgyHpl.exe
  C:\Windows\System\RWgyHpl.exe
  2⤵
  PID:5152
- C:\Windows\System\RAgepGn.exe
  C:\Windows\System\RAgepGn.exe
  2⤵
  PID:5356
- C:\Windows\System\NkpmGgO.exe
  C:\Windows\System\NkpmGgO.exe
  2⤵
  PID:3800
- C:\Windows\System\OzWUXDh.exe
  C:\Windows\System\OzWUXDh.exe
  2⤵
  PID:5208
- C:\Windows\System\tWuMwmS.exe
  C:\Windows\System\tWuMwmS.exe
  2⤵
  PID:5508
- C:\Windows\System\IjQspLj.exe
  C:\Windows\System\IjQspLj.exe
  2⤵
  PID:5600
- C:\Windows\System\VYyGMDK.exe
  C:\Windows\System\VYyGMDK.exe
  2⤵
  PID:5604
- C:\Windows\System\adancnI.exe
  C:\Windows\System\adancnI.exe
  2⤵
  PID:5852
- C:\Windows\System\dtbiHQO.exe
  C:\Windows\System\dtbiHQO.exe
  2⤵
  PID:5284
- C:\Windows\System\wXognpn.exe
  C:\Windows\System\wXognpn.exe
  2⤵
  PID:5996
- C:\Windows\System\zluSdwo.exe
  C:\Windows\System\zluSdwo.exe
  2⤵
  PID:5588
- C:\Windows\System\WHCpyfF.exe
  C:\Windows\System\WHCpyfF.exe
  2⤵
  PID:5488
- C:\Windows\System\CRdvaWE.exe
  C:\Windows\System\CRdvaWE.exe
  2⤵
  PID:5712
- C:\Windows\System\iXFPwqH.exe
  C:\Windows\System\iXFPwqH.exe
  2⤵
  PID:5552
- C:\Windows\System\xjnXYjn.exe
  C:\Windows\System\xjnXYjn.exe
  2⤵
  PID:5344
- C:\Windows\System\ohgIpZw.exe
  C:\Windows\System\ohgIpZw.exe
  2⤵
  PID:5900
- C:\Windows\System\XCJGucT.exe
  C:\Windows\System\XCJGucT.exe
  2⤵
  PID:5944
- C:\Windows\System\AYfFkdr.exe
  C:\Windows\System\AYfFkdr.exe
  2⤵
  PID:5236
- C:\Windows\System\zdharQM.exe
  C:\Windows\System\zdharQM.exe
  2⤵
  PID:5352
- C:\Windows\System\SvZyVnW.exe
  C:\Windows\System\SvZyVnW.exe
  2⤵
  PID:6136
- C:\Windows\System\UoYliZt.exe
  C:\Windows\System\UoYliZt.exe
  2⤵
  PID:5832
- C:\Windows\System\oiLCLVU.exe
  C:\Windows\System\oiLCLVU.exe
  2⤵
  PID:5212
- C:\Windows\System\XRNZVrJ.exe
  C:\Windows\System\XRNZVrJ.exe
  2⤵
  PID:5964
- C:\Windows\System\DHIXEsJ.exe
  C:\Windows\System\DHIXEsJ.exe
  2⤵
  PID:5316
- C:\Windows\System\TJABOVB.exe
  C:\Windows\System\TJABOVB.exe
  2⤵
  PID:5820
- C:\Windows\System\VFQgJkX.exe
  C:\Windows\System\VFQgJkX.exe
  2⤵
  PID:6032
- C:\Windows\System\GppreZe.exe
  C:\Windows\System\GppreZe.exe
  2⤵
  PID:5760
- C:\Windows\System\ignbgCh.exe
  C:\Windows\System\ignbgCh.exe
  2⤵
  PID:5232
- C:\Windows\System\WYUQsKr.exe
  C:\Windows\System\WYUQsKr.exe
  2⤵
  PID:5864
- C:\Windows\System\oFUmexY.exe
  C:\Windows\System\oFUmexY.exe
  2⤵
  PID:5252
- C:\Windows\System\WKXORHS.exe
  C:\Windows\System\WKXORHS.exe
  2⤵
  PID:6132
- C:\Windows\System\AnzTWNR.exe
  C:\Windows\System\AnzTWNR.exe
  2⤵
  PID:5088
- C:\Windows\System\IgqEsUx.exe
  C:\Windows\System\IgqEsUx.exe
  2⤵
  PID:5360
- C:\Windows\System\RsCwEdX.exe
  C:\Windows\System\RsCwEdX.exe
  2⤵
  PID:5228
- C:\Windows\System\ZLeFPnv.exe
  C:\Windows\System\ZLeFPnv.exe
  2⤵
  PID:3744
- C:\Windows\System\kYqsFQI.exe
  C:\Windows\System\kYqsFQI.exe
  2⤵
  PID:5612
- C:\Windows\System\lpTsgaD.exe
  C:\Windows\System\lpTsgaD.exe
  2⤵
  PID:5392
- C:\Windows\System\HFpMSqV.exe
  C:\Windows\System\HFpMSqV.exe
  2⤵
  PID:5792
- C:\Windows\System\TcmbRmy.exe
  C:\Windows\System\TcmbRmy.exe
  2⤵
  PID:6148
- C:\Windows\System\mpUZzgy.exe
  C:\Windows\System\mpUZzgy.exe
  2⤵
  PID:6164
- C:\Windows\System\FCejcTk.exe
  C:\Windows\System\FCejcTk.exe
  2⤵
  PID:6180
- C:\Windows\System\TDIinHV.exe
  C:\Windows\System\TDIinHV.exe
  2⤵
  PID:6200
- C:\Windows\System\vlBgdVW.exe
  C:\Windows\System\vlBgdVW.exe
  2⤵
  PID:6220
- C:\Windows\System\CNsOgHs.exe
  C:\Windows\System\CNsOgHs.exe
  2⤵
  PID:6256
- C:\Windows\System\fPHFend.exe
  C:\Windows\System\fPHFend.exe
  2⤵
  PID:6272
- C:\Windows\System\sfmojAz.exe
  C:\Windows\System\sfmojAz.exe
  2⤵
  PID:6288
- C:\Windows\System\BfEDYzX.exe
  C:\Windows\System\BfEDYzX.exe
  2⤵
  PID:6304
- C:\Windows\System\rVjdfru.exe
  C:\Windows\System\rVjdfru.exe
  2⤵
  PID:6320
- C:\Windows\System\LggkGZp.exe
  C:\Windows\System\LggkGZp.exe
  2⤵
  PID:6336
- C:\Windows\System\lOwIznM.exe
  C:\Windows\System\lOwIznM.exe
  2⤵
  PID:6360
- C:\Windows\System\XmIDAjw.exe
  C:\Windows\System\XmIDAjw.exe
  2⤵
  PID:6380
- C:\Windows\System\RbvbIbX.exe
  C:\Windows\System\RbvbIbX.exe
  2⤵
  PID:6412
- C:\Windows\System\oydmayk.exe
  C:\Windows\System\oydmayk.exe
  2⤵
  PID:6428
- C:\Windows\System\OyJpSdv.exe
  C:\Windows\System\OyJpSdv.exe
  2⤵
  PID:6444
- C:\Windows\System\SfFrWvJ.exe
  C:\Windows\System\SfFrWvJ.exe
  2⤵
  PID:6496
- C:\Windows\System\cVDjGMQ.exe
  C:\Windows\System\cVDjGMQ.exe
  2⤵
  PID:6512
- C:\Windows\System\QKWFvyS.exe
  C:\Windows\System\QKWFvyS.exe
  2⤵
  PID:6532
- C:\Windows\System\uuGpaVE.exe
  C:\Windows\System\uuGpaVE.exe
  2⤵
  PID:6548
- C:\Windows\System\zemCThs.exe
  C:\Windows\System\zemCThs.exe
  2⤵
  PID:6568
- C:\Windows\System\VzGQXai.exe
  C:\Windows\System\VzGQXai.exe
  2⤵
  PID:6584
- C:\Windows\System\zSZljpw.exe
  C:\Windows\System\zSZljpw.exe
  2⤵
  PID:6600
- C:\Windows\System\EhKgXNs.exe
  C:\Windows\System\EhKgXNs.exe
  2⤵
  PID:6620
- C:\Windows\System\EOfcbAi.exe
  C:\Windows\System\EOfcbAi.exe
  2⤵
  PID:6640
- C:\Windows\System\GOVKhbg.exe
  C:\Windows\System\GOVKhbg.exe
  2⤵
  PID:6656
- C:\Windows\System\XEBJSSU.exe
  C:\Windows\System\XEBJSSU.exe
  2⤵
  PID:6696
- C:\Windows\System\KaeCfOF.exe
  C:\Windows\System\KaeCfOF.exe
  2⤵
  PID:6712
- C:\Windows\System\XfgRVYz.exe
  C:\Windows\System\XfgRVYz.exe
  2⤵
  PID:6732
- C:\Windows\System\bXhjHiB.exe
  C:\Windows\System\bXhjHiB.exe
  2⤵
  PID:6748
- C:\Windows\System\UVyNXqB.exe
  C:\Windows\System\UVyNXqB.exe
  2⤵
  PID:6768
- C:\Windows\System\vLVVmxd.exe
  C:\Windows\System\vLVVmxd.exe
  2⤵
  PID:6792
- C:\Windows\System\MmywSZc.exe
  C:\Windows\System\MmywSZc.exe
  2⤵
  PID:6812
- C:\Windows\System\XppkmcU.exe
  C:\Windows\System\XppkmcU.exe
  2⤵
  PID:6828
- C:\Windows\System\ftTexoU.exe
  C:\Windows\System\ftTexoU.exe
  2⤵
  PID:6848
- C:\Windows\System\dszppzM.exe
  C:\Windows\System\dszppzM.exe
  2⤵
  PID:6868
- C:\Windows\System\KLUqgNp.exe
  C:\Windows\System\KLUqgNp.exe
  2⤵
  PID:6884
- C:\Windows\System\wKdXDvd.exe
  C:\Windows\System\wKdXDvd.exe
  2⤵
  PID:6900
- C:\Windows\System\flVgcUV.exe
  C:\Windows\System\flVgcUV.exe
  2⤵
  PID:6920
- C:\Windows\System\JKnGemT.exe
  C:\Windows\System\JKnGemT.exe
  2⤵
  PID:6936
- C:\Windows\System\cnPoBGb.exe
  C:\Windows\System\cnPoBGb.exe
  2⤵
  PID:6952
- C:\Windows\System\cmNcUSL.exe
  C:\Windows\System\cmNcUSL.exe
  2⤵
  PID:6972
- C:\Windows\System\cSasKrZ.exe
  C:\Windows\System\cSasKrZ.exe
  2⤵
  PID:6992
- C:\Windows\System\RrrcQmJ.exe
  C:\Windows\System\RrrcQmJ.exe
  2⤵
  PID:7008
- C:\Windows\System\UztQkOZ.exe
  C:\Windows\System\UztQkOZ.exe
  2⤵
  PID:7056
- C:\Windows\System\geNMRtX.exe
  C:\Windows\System\geNMRtX.exe
  2⤵
  PID:7072
- C:\Windows\System\djhjyOM.exe
  C:\Windows\System\djhjyOM.exe
  2⤵
  PID:7092
- C:\Windows\System\nJcHjLz.exe
  C:\Windows\System\nJcHjLz.exe
  2⤵
  PID:7108
- C:\Windows\System\diGQSFK.exe
  C:\Windows\System\diGQSFK.exe
  2⤵
  PID:7132
- C:\Windows\System\uselJSv.exe
  C:\Windows\System\uselJSv.exe
  2⤵
  PID:7148
- C:\Windows\System\yuzeMLd.exe
  C:\Windows\System\yuzeMLd.exe
  2⤵
  PID:6072
- C:\Windows\System\VykiXmn.exe
  C:\Windows\System\VykiXmn.exe
  2⤵
  PID:5708
- C:\Windows\System\yPWggeQ.exe
  C:\Windows\System\yPWggeQ.exe
  2⤵
  PID:5524
- C:\Windows\System\HanatHn.exe
  C:\Windows\System\HanatHn.exe
  2⤵
  PID:5300
- C:\Windows\System\pKxhJLq.exe
  C:\Windows\System\pKxhJLq.exe
  2⤵
  PID:1608
- C:\Windows\System\GGwZhwX.exe
  C:\Windows\System\GGwZhwX.exe
  2⤵
  PID:5980
- C:\Windows\System\YjStInL.exe
  C:\Windows\System\YjStInL.exe
  2⤵
  PID:6176
- C:\Windows\System\GCANqfH.exe
  C:\Windows\System\GCANqfH.exe
  2⤵
  PID:6268
- C:\Windows\System\ZrCSvyj.exe
  C:\Windows\System\ZrCSvyj.exe
  2⤵
  PID:6188
- C:\Windows\System\IqlLtOF.exe
  C:\Windows\System\IqlLtOF.exe
  2⤵
  PID:6252
- C:\Windows\System\kdWEkTC.exe
  C:\Windows\System\kdWEkTC.exe
  2⤵
  PID:6156
- C:\Windows\System\iUYQcfG.exe
  C:\Windows\System\iUYQcfG.exe
  2⤵
  PID:6352
- C:\Windows\System\SuEQIwc.exe
  C:\Windows\System\SuEQIwc.exe
  2⤵
  PID:6368
- C:\Windows\System\rQFImhr.exe
  C:\Windows\System\rQFImhr.exe
  2⤵
  PID:6508
- C:\Windows\System\SOOlgvd.exe
  C:\Windows\System\SOOlgvd.exe
  2⤵
  PID:6452
- C:\Windows\System\xkkDWgw.exe
  C:\Windows\System\xkkDWgw.exe
  2⤵
  PID:6580
- C:\Windows\System\wFTHvPw.exe
  C:\Windows\System\wFTHvPw.exe
  2⤵
  PID:6472
- C:\Windows\System\AuDmdwb.exe
  C:\Windows\System\AuDmdwb.exe
  2⤵
  PID:6648
- C:\Windows\System\YsifkIg.exe
  C:\Windows\System\YsifkIg.exe
  2⤵
  PID:6560
- C:\Windows\System\UdSVOyk.exe
  C:\Windows\System\UdSVOyk.exe
  2⤵
  PID:6464
- C:\Windows\System\OCVkeyU.exe
  C:\Windows\System\OCVkeyU.exe
  2⤵
  PID:6636
- C:\Windows\System\EEqUPLk.exe
  C:\Windows\System\EEqUPLk.exe
  2⤵
  PID:6708
- C:\Windows\System\drDWUKG.exe
  C:\Windows\System\drDWUKG.exe
  2⤵
  PID:6740
- C:\Windows\System\evqYxxJ.exe
  C:\Windows\System\evqYxxJ.exe
  2⤵
  PID:6680
- C:\Windows\System\HAxNZlC.exe
  C:\Windows\System\HAxNZlC.exe
  2⤵
  PID:6788
- C:\Windows\System\LoyVJla.exe
  C:\Windows\System\LoyVJla.exe
  2⤵
  PID:6864
- C:\Windows\System\lCpOfNL.exe
  C:\Windows\System\lCpOfNL.exe
  2⤵
  PID:6932
- C:\Windows\System\ttYbGmc.exe
  C:\Windows\System\ttYbGmc.exe
  2⤵
  PID:7000
- C:\Windows\System\cDOTrto.exe
  C:\Windows\System\cDOTrto.exe
  2⤵
  PID:6948
- C:\Windows\System\zhUZiIS.exe
  C:\Windows\System\zhUZiIS.exe
  2⤵
  PID:6876
- C:\Windows\System\sGOSHsU.exe
  C:\Windows\System\sGOSHsU.exe
  2⤵
  PID:6840
- C:\Windows\System\rLiWlts.exe
  C:\Windows\System\rLiWlts.exe
  2⤵
  PID:6908
- C:\Windows\System\kJmPTzJ.exe
  C:\Windows\System\kJmPTzJ.exe
  2⤵
  PID:6912
- C:\Windows\System\Fdanlmd.exe
  C:\Windows\System\Fdanlmd.exe
  2⤵
  PID:5348
- C:\Windows\System\tIaKYzP.exe
  C:\Windows\System\tIaKYzP.exe
  2⤵
  PID:6264
- C:\Windows\System\JXZHCgZ.exe
  C:\Windows\System\JXZHCgZ.exe
  2⤵
  PID:6216
- C:\Windows\System\HAYYXkG.exe
  C:\Windows\System\HAYYXkG.exe
  2⤵
  PID:7080
- C:\Windows\System\rEWUYXe.exe
  C:\Windows\System\rEWUYXe.exe
  2⤵
  PID:7160
- C:\Windows\System\UevZhVV.exe
  C:\Windows\System\UevZhVV.exe
  2⤵
  PID:5504
- C:\Windows\System\rcVYMCK.exe
  C:\Windows\System\rcVYMCK.exe
  2⤵
  PID:6172
- C:\Windows\System\brBSddC.exe
  C:\Windows\System\brBSddC.exe
  2⤵
  PID:6312
- C:\Windows\System\ejsCabh.exe
  C:\Windows\System\ejsCabh.exe
  2⤵
  PID:7088
- C:\Windows\System\zzAiMvk.exe
  C:\Windows\System\zzAiMvk.exe
  2⤵
  PID:6244
- C:\Windows\System\TSFlcai.exe
  C:\Windows\System\TSFlcai.exe
  2⤵
  PID:6404
- C:\Windows\System\xgTdgbr.exe
  C:\Windows\System\xgTdgbr.exe
  2⤵
  PID:6408
- C:\Windows\System\GOVDuiz.exe
  C:\Windows\System\GOVDuiz.exe
  2⤵
  PID:6460
- C:\Windows\System\SeKWWMg.exe
  C:\Windows\System\SeKWWMg.exe
  2⤵
  PID:6488
- C:\Windows\System\yaqSqQQ.exe
  C:\Windows\System\yaqSqQQ.exe
  2⤵
  PID:6596
- C:\Windows\System\LysTKYC.exe
  C:\Windows\System\LysTKYC.exe
  2⤵
  PID:6688
- C:\Windows\System\uwWBzWC.exe
  C:\Windows\System\uwWBzWC.exe
  2⤵
  PID:6764
- C:\Windows\System\uiwkyZf.exe
  C:\Windows\System\uiwkyZf.exe
  2⤵
  PID:6820
- C:\Windows\System\BvXtkom.exe
  C:\Windows\System\BvXtkom.exe
  2⤵
  PID:6968
- C:\Windows\System\LTigCcv.exe
  C:\Windows\System\LTigCcv.exe
  2⤵
  PID:6860
- C:\Windows\System\SSLjXsq.exe
  C:\Windows\System\SSLjXsq.exe
  2⤵
  PID:6808
- C:\Windows\System\dKEosao.exe
  C:\Windows\System\dKEosao.exe
  2⤵
  PID:6880
- C:\Windows\System\dcrSmNy.exe
  C:\Windows\System\dcrSmNy.exe
  2⤵
  PID:7028
- C:\Windows\System\iiOXJYG.exe
  C:\Windows\System\iiOXJYG.exe
  2⤵
  PID:7024
- C:\Windows\System\hMiahJG.exe
  C:\Windows\System\hMiahJG.exe
  2⤵
  PID:5416
- C:\Windows\System\jFbAZwm.exe
  C:\Windows\System\jFbAZwm.exe
  2⤵
  PID:6240
- C:\Windows\System\BXpTeDT.exe
  C:\Windows\System\BXpTeDT.exe
  2⤵
  PID:6228
- C:\Windows\System\FFXIkzi.exe
  C:\Windows\System\FFXIkzi.exe
  2⤵
  PID:6484
- C:\Windows\System\uMuSCDl.exe
  C:\Windows\System\uMuSCDl.exe
  2⤵
  PID:6668
- C:\Windows\System\iuMuLgu.exe
  C:\Windows\System\iuMuLgu.exe
  2⤵
  PID:6424
- C:\Windows\System\WoDtyuZ.exe
  C:\Windows\System\WoDtyuZ.exe
  2⤵
  PID:6776
- C:\Windows\System\jrMJgrh.exe
  C:\Windows\System\jrMJgrh.exe
  2⤵
  PID:6676
- C:\Windows\System\MKcTGZO.exe
  C:\Windows\System\MKcTGZO.exe
  2⤵
  PID:6720
- C:\Windows\System\ydtutxv.exe
  C:\Windows\System\ydtutxv.exe
  2⤵
  PID:7016
- C:\Windows\System\LYSpYnQ.exe
  C:\Windows\System\LYSpYnQ.exe
  2⤵
  PID:7100
- C:\Windows\System\vEyRUWn.exe
  C:\Windows\System\vEyRUWn.exe
  2⤵
  PID:5744
- C:\Windows\System\KwVFwlf.exe
  C:\Windows\System\KwVFwlf.exe
  2⤵
  PID:6944
- C:\Windows\System\dKgDZAt.exe
  C:\Windows\System\dKgDZAt.exe
  2⤵
  PID:6332
- C:\Windows\System\mMPJhTp.exe
  C:\Windows\System\mMPJhTp.exe
  2⤵
  PID:6780
- C:\Windows\System\gylFZrp.exe
  C:\Windows\System\gylFZrp.exe
  2⤵
  PID:6612
- C:\Windows\System\yOhZCnI.exe
  C:\Windows\System\yOhZCnI.exe
  2⤵
  PID:6372
- C:\Windows\System\QvQaYsZ.exe
  C:\Windows\System\QvQaYsZ.exe
  2⤵
  PID:6672
- C:\Windows\System\kmmYrPr.exe
  C:\Windows\System\kmmYrPr.exe
  2⤵
  PID:7020
- C:\Windows\System\zqhUJbO.exe
  C:\Windows\System\zqhUJbO.exe
  2⤵
  PID:6928
- C:\Windows\System\FlAZCzw.exe
  C:\Windows\System\FlAZCzw.exe
  2⤵
  PID:6036
- C:\Windows\System\IcCudMW.exe
  C:\Windows\System\IcCudMW.exe
  2⤵
  PID:3552
- C:\Windows\System\sTCuVXy.exe
  C:\Windows\System\sTCuVXy.exe
  2⤵
  PID:6468
- C:\Windows\System\IEqdOKY.exe
  C:\Windows\System\IEqdOKY.exe
  2⤵
  PID:6760
- C:\Windows\System\ILCWzdS.exe
  C:\Windows\System\ILCWzdS.exe
  2⤵
  PID:7172
- C:\Windows\System\HPBkmZe.exe
  C:\Windows\System\HPBkmZe.exe
  2⤵
  PID:7192
- C:\Windows\System\tEBqMlG.exe
  C:\Windows\System\tEBqMlG.exe
  2⤵
  PID:7208
- C:\Windows\System\TwQSrqO.exe
  C:\Windows\System\TwQSrqO.exe
  2⤵
  PID:7224
- C:\Windows\System\ZOrKFJm.exe
  C:\Windows\System\ZOrKFJm.exe
  2⤵
  PID:7252
- C:\Windows\System\EtqItqm.exe
  C:\Windows\System\EtqItqm.exe
  2⤵
  PID:7268
- C:\Windows\System\yVoJPdg.exe
  C:\Windows\System\yVoJPdg.exe
  2⤵
  PID:7288
- C:\Windows\System\XoPLQTA.exe
  C:\Windows\System\XoPLQTA.exe
  2⤵
  PID:7304
- C:\Windows\System\hosVpMS.exe
  C:\Windows\System\hosVpMS.exe
  2⤵
  PID:7328
- C:\Windows\System\JnYPFiu.exe
  C:\Windows\System\JnYPFiu.exe
  2⤵
  PID:7344
- C:\Windows\System\kZKfqJq.exe
  C:\Windows\System\kZKfqJq.exe
  2⤵
  PID:7364
- C:\Windows\System\QWYUpYK.exe
  C:\Windows\System\QWYUpYK.exe
  2⤵
  PID:7384
- C:\Windows\System\lNJncpt.exe
  C:\Windows\System\lNJncpt.exe
  2⤵
  PID:7404
- C:\Windows\System\QHfUBVt.exe
  C:\Windows\System\QHfUBVt.exe
  2⤵
  PID:7424
- C:\Windows\System\ULMLbhw.exe
  C:\Windows\System\ULMLbhw.exe
  2⤵
  PID:7444
- C:\Windows\System\JQBHhvj.exe
  C:\Windows\System\JQBHhvj.exe
  2⤵
  PID:7464
- C:\Windows\System\sKuIpkw.exe
  C:\Windows\System\sKuIpkw.exe
  2⤵
  PID:7480
- C:\Windows\System\AGrHJkV.exe
  C:\Windows\System\AGrHJkV.exe
  2⤵
  PID:7500
- C:\Windows\System\tJZVJsD.exe
  C:\Windows\System\tJZVJsD.exe
  2⤵
  PID:7520
- C:\Windows\System\fNSeYGC.exe
  C:\Windows\System\fNSeYGC.exe
  2⤵
  PID:7540
- C:\Windows\System\zUBZgYT.exe
  C:\Windows\System\zUBZgYT.exe
  2⤵
  PID:7560
- C:\Windows\System\qEkVsye.exe
  C:\Windows\System\qEkVsye.exe
  2⤵
  PID:7576
- C:\Windows\System\JbLXzAI.exe
  C:\Windows\System\JbLXzAI.exe
  2⤵
  PID:7628
- C:\Windows\System\cPCgqPV.exe
  C:\Windows\System\cPCgqPV.exe
  2⤵
  PID:7644
- C:\Windows\System\quiiKhg.exe
  C:\Windows\System\quiiKhg.exe
  2⤵
  PID:7660
- C:\Windows\System\QYnUaYN.exe
  C:\Windows\System\QYnUaYN.exe
  2⤵
  PID:7676
- C:\Windows\System\FftXJqZ.exe
  C:\Windows\System\FftXJqZ.exe
  2⤵
  PID:7696
- C:\Windows\System\ZtsMlNG.exe
  C:\Windows\System\ZtsMlNG.exe
  2⤵
  PID:7712
- C:\Windows\System\erzwOpE.exe
  C:\Windows\System\erzwOpE.exe
  2⤵
  PID:7732
- C:\Windows\System\PhfTPfq.exe
  C:\Windows\System\PhfTPfq.exe
  2⤵
  PID:7752
- C:\Windows\System\WTlKKax.exe
  C:\Windows\System\WTlKKax.exe
  2⤵
  PID:7768
- C:\Windows\System\DQQaCmh.exe
  C:\Windows\System\DQQaCmh.exe
  2⤵
  PID:7812
- C:\Windows\System\NDRRaCL.exe
  C:\Windows\System\NDRRaCL.exe
  2⤵
  PID:7828
- C:\Windows\System\zOfYwPE.exe
  C:\Windows\System\zOfYwPE.exe
  2⤵
  PID:7844
- C:\Windows\System\WwuTHBh.exe
  C:\Windows\System\WwuTHBh.exe
  2⤵
  PID:7860
- C:\Windows\System\qRPhtYw.exe
  C:\Windows\System\qRPhtYw.exe
  2⤵
  PID:7880
- C:\Windows\System\YitxzpG.exe
  C:\Windows\System\YitxzpG.exe
  2⤵
  PID:7900
- C:\Windows\System\dboFTeA.exe
  C:\Windows\System\dboFTeA.exe
  2⤵
  PID:7920
- C:\Windows\System\zawtUil.exe
  C:\Windows\System\zawtUil.exe
  2⤵
  PID:7936
- C:\Windows\System\yvkUzrX.exe
  C:\Windows\System\yvkUzrX.exe
  2⤵
  PID:7956
- C:\Windows\System\EMesvnZ.exe
  C:\Windows\System\EMesvnZ.exe
  2⤵
  PID:7972
- C:\Windows\System\rYDiYDn.exe
  C:\Windows\System\rYDiYDn.exe
  2⤵
  PID:7988
- C:\Windows\System\KzFgUSd.exe
  C:\Windows\System\KzFgUSd.exe
  2⤵
  PID:8004
- C:\Windows\System\NmBcHtt.exe
  C:\Windows\System\NmBcHtt.exe
  2⤵
  PID:8052
- C:\Windows\System\nMmPEeM.exe
  C:\Windows\System\nMmPEeM.exe
  2⤵
  PID:8072
- C:\Windows\System\mcNUJsk.exe
  C:\Windows\System\mcNUJsk.exe
  2⤵
  PID:8088
- C:\Windows\System\QGCCdiP.exe
  C:\Windows\System\QGCCdiP.exe
  2⤵
  PID:8104
- C:\Windows\System\UkcxMSh.exe
  C:\Windows\System\UkcxMSh.exe
  2⤵
  PID:8120
- C:\Windows\System\CwUAfVq.exe
  C:\Windows\System\CwUAfVq.exe
  2⤵
  PID:8136
- C:\Windows\System\njOKxPK.exe
  C:\Windows\System\njOKxPK.exe
  2⤵
  PID:8156
- C:\Windows\System\KUGAQRf.exe
  C:\Windows\System\KUGAQRf.exe
  2⤵
  PID:8172
- C:\Windows\System\cnSKQJu.exe
  C:\Windows\System\cnSKQJu.exe
  2⤵
  PID:6328
- C:\Windows\System\zKhHyNf.exe
  C:\Windows\System\zKhHyNf.exe
  2⤵
  PID:7200
- C:\Windows\System\VYrGOJJ.exe
  C:\Windows\System\VYrGOJJ.exe
  2⤵
  PID:7232
- C:\Windows\System\HIQPPDj.exe
  C:\Windows\System\HIQPPDj.exe
  2⤵
  PID:7240
- C:\Windows\System\zaNTCOc.exe
  C:\Windows\System\zaNTCOc.exe
  2⤵
  PID:7316
- C:\Windows\System\rARHIdx.exe
  C:\Windows\System\rARHIdx.exe
  2⤵
  PID:7360
- C:\Windows\System\VizRgJs.exe
  C:\Windows\System\VizRgJs.exe
  2⤵
  PID:6616
- C:\Windows\System\IuPMzrB.exe
  C:\Windows\System\IuPMzrB.exe
  2⤵
  PID:7440
- C:\Windows\System\TpSTEHH.exe
  C:\Windows\System\TpSTEHH.exe
  2⤵
  PID:7188
- C:\Windows\System\oexkdMm.exe
  C:\Windows\System\oexkdMm.exe
  2⤵
  PID:6856
- C:\Windows\System\BMzrCOF.exe
  C:\Windows\System\BMzrCOF.exe
  2⤵
  PID:6964
- C:\Windows\System\lOynWdc.exe
  C:\Windows\System\lOynWdc.exe
  2⤵
  PID:7340
- C:\Windows\System\AoXBLQk.exe
  C:\Windows\System\AoXBLQk.exe
  2⤵
  PID:7412
- C:\Windows\System\DguWjvM.exe
  C:\Windows\System\DguWjvM.exe
  2⤵
  PID:7488
- C:\Windows\System\STWXzsL.exe
  C:\Windows\System\STWXzsL.exe
  2⤵
  PID:7532
- C:\Windows\System\pyLobEX.exe
  C:\Windows\System\pyLobEX.exe
  2⤵
  PID:7608
- C:\Windows\System\YVngZOS.exe
  C:\Windows\System\YVngZOS.exe
  2⤵
  PID:7624
- C:\Windows\System\rdKBzuv.exe
  C:\Windows\System\rdKBzuv.exe
  2⤵
  PID:7684
- C:\Windows\System\KJoSTOR.exe
  C:\Windows\System\KJoSTOR.exe
  2⤵
  PID:7728
- C:\Windows\System\LTkvQEz.exe
  C:\Windows\System\LTkvQEz.exe
  2⤵
  PID:7672
- C:\Windows\System\ZCoWeoB.exe
  C:\Windows\System\ZCoWeoB.exe
  2⤵
  PID:7740
- C:\Windows\System\mMiYmTQ.exe
  C:\Windows\System\mMiYmTQ.exe
  2⤵
  PID:7780
- C:\Windows\System\dcZpeFR.exe
  C:\Windows\System\dcZpeFR.exe
  2⤵
  PID:7820
- C:\Windows\System\KocnvUT.exe
  C:\Windows\System\KocnvUT.exe
  2⤵
  PID:7888
- C:\Windows\System\fhiExou.exe
  C:\Windows\System\fhiExou.exe
  2⤵
  PID:7836
- C:\Windows\System\kdxOGmo.exe
  C:\Windows\System\kdxOGmo.exe
  2⤵
  PID:7840
- C:\Windows\System\oitaIPk.exe
  C:\Windows\System\oitaIPk.exe
  2⤵
  PID:7980
- C:\Windows\System\aHgRAkN.exe
  C:\Windows\System\aHgRAkN.exe
  2⤵
  PID:7912
- C:\Windows\System\bkpEGZN.exe
  C:\Windows\System\bkpEGZN.exe
  2⤵
  PID:8012
- C:\Windows\System\qySFSOS.exe
  C:\Windows\System\qySFSOS.exe
  2⤵
  PID:8064
- C:\Windows\System\wVzyVDo.exe
  C:\Windows\System\wVzyVDo.exe
  2⤵
  PID:8164
- C:\Windows\System\TbtUmAv.exe
  C:\Windows\System\TbtUmAv.exe
  2⤵
  PID:8044
- C:\Windows\System\ZolkPKA.exe
  C:\Windows\System\ZolkPKA.exe
  2⤵
  PID:7276
- C:\Windows\System\JRuwIfB.exe
  C:\Windows\System\JRuwIfB.exe
  2⤵
  PID:7352
- C:\Windows\System\sNFhAHW.exe
  C:\Windows\System\sNFhAHW.exe
  2⤵
  PID:6400
- C:\Windows\System\wPnrxgi.exe
  C:\Windows\System\wPnrxgi.exe
  2⤵
  PID:8148
- C:\Windows\System\enKUPYX.exe
  C:\Windows\System\enKUPYX.exe
  2⤵
  PID:7476
- C:\Windows\System\sQcuDHU.exe
  C:\Windows\System\sQcuDHU.exe
  2⤵
  PID:8188
- C:\Windows\System\plgsDga.exe
  C:\Windows\System\plgsDga.exe
  2⤵
  PID:7584
- C:\Windows\System\bTVgMOz.exe
  C:\Windows\System\bTVgMOz.exe
  2⤵
  PID:6896
- C:\Windows\System\FhlsMPs.exe
  C:\Windows\System\FhlsMPs.exe
  2⤵
  PID:7336
- C:\Windows\System\bsbxITm.exe
  C:\Windows\System\bsbxITm.exe
  2⤵
  PID:7420
- C:\Windows\System\geXnqTz.exe
  C:\Windows\System\geXnqTz.exe
  2⤵
  PID:7452
- C:\Windows\System\XVeQJnl.exe
  C:\Windows\System\XVeQJnl.exe
  2⤵
  PID:7656
- C:\Windows\System\oWqatrz.exe
  C:\Windows\System\oWqatrz.exe
  2⤵
  PID:7616
- C:\Windows\System\MVINneS.exe
  C:\Windows\System\MVINneS.exe
  2⤵
  PID:7496
- C:\Windows\System\RCPZUoS.exe
  C:\Windows\System\RCPZUoS.exe
  2⤵
  PID:7668
- C:\Windows\System\FvxEXbL.exe
  C:\Windows\System\FvxEXbL.exe
  2⤵
  PID:7852
- C:\Windows\System\JRAdSMn.exe
  C:\Windows\System\JRAdSMn.exe
  2⤵
  PID:7708
- C:\Windows\System\nXGqeNK.exe
  C:\Windows\System\nXGqeNK.exe
  2⤵
  PID:7784
- C:\Windows\System\FXBlEHm.exe
  C:\Windows\System\FXBlEHm.exe
  2⤵
  PID:7872
- C:\Windows\System\jVXmkek.exe
  C:\Windows\System\jVXmkek.exe
  2⤵
  PID:8036
- C:\Windows\System\CIAKYSp.exe
  C:\Windows\System\CIAKYSp.exe
  2⤵
  PID:6356
- C:\Windows\System\aHeZKfS.exe
  C:\Windows\System\aHeZKfS.exe
  2⤵
  PID:8116
- C:\Windows\System\ETSFfqQ.exe
  C:\Windows\System\ETSFfqQ.exe
  2⤵
  PID:6208
- C:\Windows\System\uKNCXqx.exe
  C:\Windows\System\uKNCXqx.exe
  2⤵
  PID:8084
- C:\Windows\System\jSLonvW.exe
  C:\Windows\System\jSLonvW.exe
  2⤵
  PID:5332
- C:\Windows\System\EgdtuYH.exe
  C:\Windows\System\EgdtuYH.exe
  2⤵
  PID:8144
- C:\Windows\System\xhvKokY.exe
  C:\Windows\System\xhvKokY.exe
  2⤵
  PID:7184
- C:\Windows\System\qcXJUfS.exe
  C:\Windows\System\qcXJUfS.exe
  2⤵
  PID:7180
- C:\Windows\System\PThXjbq.exe
  C:\Windows\System\PThXjbq.exe
  2⤵
  PID:7652
- C:\Windows\System\UisZdtc.exe
  C:\Windows\System\UisZdtc.exe
  2⤵
  PID:7776
- C:\Windows\System\FOYckUE.exe
  C:\Windows\System\FOYckUE.exe
  2⤵
  PID:8032
- C:\Windows\System\lGSGhro.exe
  C:\Windows\System\lGSGhro.exe
  2⤵
  PID:7432
- C:\Windows\System\wmfFZVM.exe
  C:\Windows\System\wmfFZVM.exe
  2⤵
  PID:7548
- C:\Windows\System\NJTHjbz.exe
  C:\Windows\System\NJTHjbz.exe
  2⤵
  PID:7640
- C:\Windows\System\EJOoNnn.exe
  C:\Windows\System\EJOoNnn.exe
  2⤵
  PID:7400
- C:\Windows\System\AsszUgZ.exe
  C:\Windows\System\AsszUgZ.exe
  2⤵
  PID:8208
- C:\Windows\System\gvwtuoH.exe
  C:\Windows\System\gvwtuoH.exe
  2⤵
  PID:8228
- C:\Windows\System\jVFEwMl.exe
  C:\Windows\System\jVFEwMl.exe
  2⤵
  PID:8244
- C:\Windows\System\syxCSwv.exe
  C:\Windows\System\syxCSwv.exe
  2⤵
  PID:8264
- C:\Windows\System\DBWvRYK.exe
  C:\Windows\System\DBWvRYK.exe
  2⤵
  PID:8280
- C:\Windows\System\KabOjcG.exe
  C:\Windows\System\KabOjcG.exe
  2⤵
  PID:8300
- C:\Windows\System\gvEsbjM.exe
  C:\Windows\System\gvEsbjM.exe
  2⤵
  PID:8316
- C:\Windows\System\huIwdkL.exe
  C:\Windows\System\huIwdkL.exe
  2⤵
  PID:8336
- C:\Windows\System\qTxJuVz.exe
  C:\Windows\System\qTxJuVz.exe
  2⤵
  PID:8356
- C:\Windows\System\yxOaEIx.exe
  C:\Windows\System\yxOaEIx.exe
  2⤵
  PID:8372
- C:\Windows\System\FCFGEWU.exe
  C:\Windows\System\FCFGEWU.exe
  2⤵
  PID:8388
- C:\Windows\System\TLmHPqR.exe
  C:\Windows\System\TLmHPqR.exe
  2⤵
  PID:8404
- C:\Windows\System\QyCRvtZ.exe
  C:\Windows\System\QyCRvtZ.exe
  2⤵
  PID:8420
- C:\Windows\System\skCOIrQ.exe
  C:\Windows\System\skCOIrQ.exe
  2⤵
  PID:8436
- C:\Windows\System\qAIaslh.exe
  C:\Windows\System\qAIaslh.exe
  2⤵
  PID:8452
- C:\Windows\System\LsvwCsa.exe
  C:\Windows\System\LsvwCsa.exe
  2⤵
  PID:8472
- C:\Windows\System\ZXCPoNv.exe
  C:\Windows\System\ZXCPoNv.exe
  2⤵
  PID:8488
- C:\Windows\System\EjMjLwb.exe
  C:\Windows\System\EjMjLwb.exe
  2⤵
  PID:8504
- C:\Windows\System\mRkXELk.exe
  C:\Windows\System\mRkXELk.exe
  2⤵
  PID:8520
- C:\Windows\System\XplZzbU.exe
  C:\Windows\System\XplZzbU.exe
  2⤵
  PID:8540
- C:\Windows\System\ceaGEsy.exe
  C:\Windows\System\ceaGEsy.exe
  2⤵
  PID:8556
- C:\Windows\System\FpdYFFZ.exe
  C:\Windows\System\FpdYFFZ.exe
  2⤵
  PID:8572
- C:\Windows\System\otKTLcz.exe
  C:\Windows\System\otKTLcz.exe
  2⤵
  PID:8588
- C:\Windows\System\SlmosaJ.exe
  C:\Windows\System\SlmosaJ.exe
  2⤵
  PID:8604
- C:\Windows\System\tXyJQlx.exe
  C:\Windows\System\tXyJQlx.exe
  2⤵
  PID:8620
- C:\Windows\System\HhUGLhQ.exe
  C:\Windows\System\HhUGLhQ.exe
  2⤵
  PID:8636
- C:\Windows\System\rgWBsod.exe
  C:\Windows\System\rgWBsod.exe
  2⤵
  PID:8652
- C:\Windows\System\FQlvXhP.exe
  C:\Windows\System\FQlvXhP.exe
  2⤵
  PID:8668
- C:\Windows\System\hipyfMZ.exe
  C:\Windows\System\hipyfMZ.exe
  2⤵
  PID:8684
- C:\Windows\System\zqgmCuR.exe
  C:\Windows\System\zqgmCuR.exe
  2⤵
  PID:8700
- C:\Windows\System\oPZUCBP.exe
  C:\Windows\System\oPZUCBP.exe
  2⤵
  PID:8716
- C:\Windows\System\pRmNqWn.exe
  C:\Windows\System\pRmNqWn.exe
  2⤵
  PID:8732
- C:\Windows\System\cvGNVro.exe
  C:\Windows\System\cvGNVro.exe
  2⤵
  PID:8748
- C:\Windows\System\NkbqbXG.exe
  C:\Windows\System\NkbqbXG.exe
  2⤵
  PID:8764
- C:\Windows\System\WMmNhCf.exe
  C:\Windows\System\WMmNhCf.exe
  2⤵
  PID:8780
- C:\Windows\System\wrDJbij.exe
  C:\Windows\System\wrDJbij.exe
  2⤵
  PID:8796
- C:\Windows\System\kFdVAcO.exe
  C:\Windows\System\kFdVAcO.exe
  2⤵
  PID:8812
- C:\Windows\System\IPaywmY.exe
  C:\Windows\System\IPaywmY.exe
  2⤵
  PID:8828
- C:\Windows\System\yCNIWnN.exe
  C:\Windows\System\yCNIWnN.exe
  2⤵
  PID:8852
- C:\Windows\System\zyMARgt.exe
  C:\Windows\System\zyMARgt.exe
  2⤵
  PID:8872
- C:\Windows\System\SsqjXbO.exe
  C:\Windows\System\SsqjXbO.exe
  2⤵
  PID:8888
- C:\Windows\System\btWswOW.exe
  C:\Windows\System\btWswOW.exe
  2⤵
  PID:8904
- C:\Windows\System\uFkcUvP.exe
  C:\Windows\System\uFkcUvP.exe
  2⤵
  PID:8920
- C:\Windows\System\syGsMMk.exe
  C:\Windows\System\syGsMMk.exe
  2⤵
  PID:8936
- C:\Windows\System\kYUZQiu.exe
  C:\Windows\System\kYUZQiu.exe
  2⤵
  PID:8952
- C:\Windows\System\GLdgwJg.exe
  C:\Windows\System\GLdgwJg.exe
  2⤵
  PID:8968
- C:\Windows\System\TVszkgS.exe
  C:\Windows\System\TVszkgS.exe
  2⤵
  PID:8984
- C:\Windows\System\UyasFMG.exe
  C:\Windows\System\UyasFMG.exe
  2⤵
  PID:9000
- C:\Windows\System\AckxQJv.exe
  C:\Windows\System\AckxQJv.exe
  2⤵
  PID:9016
- C:\Windows\System\bvKSVDf.exe
  C:\Windows\System\bvKSVDf.exe
  2⤵
  PID:9032
- C:\Windows\System\oMzmHnV.exe
  C:\Windows\System\oMzmHnV.exe
  2⤵
  PID:9048
- C:\Windows\System\WzSSlfB.exe
  C:\Windows\System\WzSSlfB.exe
  2⤵
  PID:9064
- C:\Windows\System\ILBXfXr.exe
  C:\Windows\System\ILBXfXr.exe
  2⤵
  PID:9080
- C:\Windows\System\kgqwoCm.exe
  C:\Windows\System\kgqwoCm.exe
  2⤵
  PID:9096
- C:\Windows\System\zVhICwn.exe
  C:\Windows\System\zVhICwn.exe
  2⤵
  PID:9112
- C:\Windows\System\HZcvdFi.exe
  C:\Windows\System\HZcvdFi.exe
  2⤵
  PID:9128
- C:\Windows\System\KPFGmfE.exe
  C:\Windows\System\KPFGmfE.exe
  2⤵
  PID:9144
- C:\Windows\System\nKFaiHy.exe
  C:\Windows\System\nKFaiHy.exe
  2⤵
  PID:9160
- C:\Windows\System\MVIFUeB.exe
  C:\Windows\System\MVIFUeB.exe
  2⤵
  PID:9176
- C:\Windows\System\Rihjfbz.exe
  C:\Windows\System\Rihjfbz.exe
  2⤵
  PID:9192
- C:\Windows\System\GPSQQCD.exe
  C:\Windows\System\GPSQQCD.exe
  2⤵
  PID:9208
- C:\Windows\System\XTcdLJf.exe
  C:\Windows\System\XTcdLJf.exe
  2⤵
  PID:8204
- C:\Windows\System\AJLUXFW.exe
  C:\Windows\System\AJLUXFW.exe
  2⤵
  PID:8276
- C:\Windows\System\zgRRVSA.exe
  C:\Windows\System\zgRRVSA.exe
  2⤵
  PID:7376
- C:\Windows\System\XNdwwxE.exe
  C:\Windows\System\XNdwwxE.exe
  2⤵
  PID:7868
- C:\Windows\System\mAEKFIN.exe
  C:\Windows\System\mAEKFIN.exe
  2⤵
  PID:7968
- C:\Windows\System\GtJZdXO.exe
  C:\Windows\System\GtJZdXO.exe
  2⤵
  PID:7300
- C:\Windows\System\DqhEsyG.exe
  C:\Windows\System\DqhEsyG.exe
  2⤵
  PID:8328
- C:\Windows\System\mbcOHSk.exe
  C:\Windows\System\mbcOHSk.exe
  2⤵
  PID:8412
- C:\Windows\System\tCMNrVz.exe
  C:\Windows\System\tCMNrVz.exe
  2⤵
  PID:8448
- C:\Windows\System\JxtKxpP.exe
  C:\Windows\System\JxtKxpP.exe
  2⤵
  PID:5676
- C:\Windows\System\MksUtHi.exe
  C:\Windows\System\MksUtHi.exe
  2⤵
  PID:7896
- C:\Windows\System\BwFxOQS.exe
  C:\Windows\System\BwFxOQS.exe
  2⤵
  PID:8220
- C:\Windows\System\mCnpcqa.exe
  C:\Windows\System\mCnpcqa.exe
  2⤵
  PID:8288
- C:\Windows\System\aQIpylq.exe
  C:\Windows\System\aQIpylq.exe
  2⤵
  PID:7692
- C:\Windows\System\ZMXNanb.exe
  C:\Windows\System\ZMXNanb.exe
  2⤵
  PID:7724
- C:\Windows\System\CVpltea.exe
  C:\Windows\System\CVpltea.exe
  2⤵
  PID:8484
- C:\Windows\System\PytrRQU.exe
  C:\Windows\System\PytrRQU.exe
  2⤵
  PID:8548
- C:\Windows\System\DwvFMff.exe
  C:\Windows\System\DwvFMff.exe
  2⤵
  PID:8428
- C:\Windows\System\PGaWKlF.exe
  C:\Windows\System\PGaWKlF.exe
  2⤵
  PID:8584
- C:\Windows\System\EuuMXRW.exe
  C:\Windows\System\EuuMXRW.exe
  2⤵
  PID:8760
- C:\Windows\System\IChyPyJ.exe
  C:\Windows\System\IChyPyJ.exe
  2⤵
  PID:8772
- C:\Windows\System\FyeOfXu.exe
  C:\Windows\System\FyeOfXu.exe
  2⤵
  PID:1008
- C:\Windows\System\WYOjKvg.exe
  C:\Windows\System\WYOjKvg.exe
  2⤵
  PID:8912
- C:\Windows\System\AzYdjxQ.exe
  C:\Windows\System\AzYdjxQ.exe
  2⤵
  PID:8880
- C:\Windows\System\WJnUXih.exe
  C:\Windows\System\WJnUXih.exe
  2⤵
  PID:8960
- C:\Windows\System\ufCBPGS.exe
  C:\Windows\System\ufCBPGS.exe
  2⤵
  PID:8932
- C:\Windows\System\olcptRM.exe
  C:\Windows\System\olcptRM.exe
  2⤵
  PID:8996
- C:\Windows\System\touCkkq.exe
  C:\Windows\System\touCkkq.exe
  2⤵
  PID:9072
- C:\Windows\System\TuFmDJy.exe
  C:\Windows\System\TuFmDJy.exe
  2⤵
  PID:9108
- C:\Windows\System\fVDxnHf.exe
  C:\Windows\System\fVDxnHf.exe
  2⤵
  PID:9060
- C:\Windows\System\LcphVZa.exe
  C:\Windows\System\LcphVZa.exe
  2⤵
  PID:9124
- C:\Windows\System\ehNbOFp.exe
  C:\Windows\System\ehNbOFp.exe
  2⤵
  PID:9200
- C:\Windows\System\rCjzDOT.exe
  C:\Windows\System\rCjzDOT.exe
  2⤵
  PID:8344
- C:\Windows\System\MheSUiZ.exe
  C:\Windows\System\MheSUiZ.exe
  2⤵
  PID:7552
- C:\Windows\System\pcXIwtr.exe
  C:\Windows\System\pcXIwtr.exe
  2⤵
  PID:8252
- C:\Windows\System\eIqNFlv.exe
  C:\Windows\System\eIqNFlv.exe
  2⤵
  PID:8020
- C:\Windows\System\eqnheBJ.exe
  C:\Windows\System\eqnheBJ.exe
  2⤵
  PID:8384
- C:\Windows\System\TfgsQKv.exe
  C:\Windows\System\TfgsQKv.exe
  2⤵
  PID:8868
- C:\Windows\System\odURGHg.exe
  C:\Windows\System\odURGHg.exe
  2⤵
  PID:7572
- C:\Windows\System\IiVWWGg.exe
  C:\Windows\System\IiVWWGg.exe
  2⤵
  PID:9008
- C:\Windows\System\hYYtRBa.exe
  C:\Windows\System\hYYtRBa.exe
  2⤵
  PID:9104
- C:\Windows\System\yQVRTfH.exe
  C:\Windows\System\yQVRTfH.exe
  2⤵
  PID:9188
- C:\Windows\System\awFIldK.exe
  C:\Windows\System\awFIldK.exe
  2⤵
  PID:8256
- C:\Windows\System\hTDMkFG.exe
  C:\Windows\System\hTDMkFG.exe
  2⤵
  PID:8332
- C:\Windows\System\rQloRIc.exe
  C:\Windows\System\rQloRIc.exe
  2⤵
  PID:8460
- C:\Windows\System\XvvTjkC.exe
  C:\Windows\System\XvvTjkC.exe
  2⤵
  PID:8480
- C:\Windows\System\xIqNDqC.exe
  C:\Windows\System\xIqNDqC.exe
  2⤵
  PID:8644
- C:\Windows\System\GkvWWVc.exe
  C:\Windows\System\GkvWWVc.exe
  2⤵
  PID:8496
- C:\Windows\System\CYWDjbH.exe
  C:\Windows\System\CYWDjbH.exe
  2⤵
  PID:8500
- C:\Windows\System\MPRfOBK.exe
  C:\Windows\System\MPRfOBK.exe
  2⤵
  PID:8680
- C:\Windows\System\ZrjAgfU.exe
  C:\Windows\System\ZrjAgfU.exe
  2⤵
  PID:8628
- C:\Windows\System\NNDFTGr.exe
  C:\Windows\System\NNDFTGr.exe
  2⤵
  PID:8740
- C:\Windows\System\OtfoNmF.exe
  C:\Windows\System\OtfoNmF.exe
  2⤵
  PID:8824
- C:\Windows\System\kXPPgEW.exe
  C:\Windows\System\kXPPgEW.exe
  2⤵
  PID:8820
- C:\Windows\System\pkFtWPT.exe
  C:\Windows\System\pkFtWPT.exe
  2⤵
  PID:8944
- C:\Windows\System\mWdIhso.exe
  C:\Windows\System\mWdIhso.exe
  2⤵
  PID:8128
- C:\Windows\System\hIMnWGD.exe
  C:\Windows\System\hIMnWGD.exe
  2⤵
  PID:8948
- C:\Windows\System\nqIuSeS.exe
  C:\Windows\System\nqIuSeS.exe
  2⤵
  PID:8308
- C:\Windows\System\BjCALmq.exe
  C:\Windows\System\BjCALmq.exe
  2⤵
  PID:5000
- C:\Windows\System\avXQCSP.exe
  C:\Windows\System\avXQCSP.exe
  2⤵
  PID:6284
- C:\Windows\System\klPDLqX.exe
  C:\Windows\System\klPDLqX.exe
  2⤵
  PID:8580
- C:\Windows\System\IQRNoMU.exe
  C:\Windows\System\IQRNoMU.exe
  2⤵
  PID:7704
- C:\Windows\System\CDJMINr.exe
  C:\Windows\System\CDJMINr.exe
  2⤵
  PID:7264
- C:\Windows\System\bfClPpE.exe
  C:\Windows\System\bfClPpE.exe
  2⤵
  PID:8616
- C:\Windows\System\FHVAyyF.exe
  C:\Windows\System\FHVAyyF.exe
  2⤵
  PID:8660
- C:\Windows\System\BKqbekK.exe
  C:\Windows\System\BKqbekK.exe
  2⤵
  PID:8992
- C:\Windows\System\IVICORb.exe
  C:\Windows\System\IVICORb.exe
  2⤵
  PID:9140
- C:\Windows\System\vOBKQIC.exe
  C:\Windows\System\vOBKQIC.exe
  2⤵
  PID:4536
- C:\Windows\System\xGngQYE.exe
  C:\Windows\System\xGngQYE.exe
  2⤵
  PID:7964
- C:\Windows\System\FbutHze.exe
  C:\Windows\System\FbutHze.exe
  2⤵
  PID:8896
- C:\Windows\System\EecUJSp.exe
  C:\Windows\System\EecUJSp.exe
  2⤵
  PID:7948
- C:\Windows\System\oTiRrch.exe
  C:\Windows\System\oTiRrch.exe
  2⤵
  PID:8692
- C:\Windows\System\aMNzBTK.exe
  C:\Windows\System\aMNzBTK.exe
  2⤵
  PID:8200
- C:\Windows\System\nQQWdpl.exe
  C:\Windows\System\nQQWdpl.exe
  2⤵
  PID:8884
- C:\Windows\System\KoZsWug.exe
  C:\Windows\System\KoZsWug.exe
  2⤵
  PID:8860
- C:\Windows\System\lVcHceI.exe
  C:\Windows\System\lVcHceI.exe
  2⤵
  PID:8312
- C:\Windows\System\abjdbLO.exe
  C:\Windows\System\abjdbLO.exe
  2⤵
  PID:8724
- C:\Windows\System\LIgYKkP.exe
  C:\Windows\System\LIgYKkP.exe
  2⤵
  PID:8980
- C:\Windows\System\gKnsJrN.exe
  C:\Windows\System\gKnsJrN.exe
  2⤵
  PID:8712
- C:\Windows\System\Lmsmfrx.exe
  C:\Windows\System\Lmsmfrx.exe
  2⤵
  PID:8744
- C:\Windows\System\lGAwSKu.exe
  C:\Windows\System\lGAwSKu.exe
  2⤵
  PID:8536
- C:\Windows\System\ptFBnrB.exe
  C:\Windows\System\ptFBnrB.exe
  2⤵
  PID:8364
- C:\Windows\System\WrRTrwv.exe
  C:\Windows\System\WrRTrwv.exe
  2⤵
  PID:8756
- C:\Windows\System\wDQDeEO.exe
  C:\Windows\System\wDQDeEO.exe
  2⤵
  PID:9220
- C:\Windows\System\ZtYvavX.exe
  C:\Windows\System\ZtYvavX.exe
  2⤵
  PID:9244
- C:\Windows\System\fxhNvou.exe
  C:\Windows\System\fxhNvou.exe
  2⤵
  PID:9268
- C:\Windows\System\VLuzcyL.exe
  C:\Windows\System\VLuzcyL.exe
  2⤵
  PID:9288
- C:\Windows\System\TSLvPqv.exe
  C:\Windows\System\TSLvPqv.exe
  2⤵
  PID:9312
- C:\Windows\System\CXFjmEo.exe
  C:\Windows\System\CXFjmEo.exe
  2⤵
  PID:9332
- C:\Windows\System\UwUZKia.exe
  C:\Windows\System\UwUZKia.exe
  2⤵
  PID:9348
- C:\Windows\System\thidjVl.exe
  C:\Windows\System\thidjVl.exe
  2⤵
  PID:9364
- C:\Windows\System\qOYlCSX.exe
  C:\Windows\System\qOYlCSX.exe
  2⤵
  PID:9380
- C:\Windows\System\loIIiTl.exe
  C:\Windows\System\loIIiTl.exe
  2⤵
  PID:9396
- C:\Windows\System\jdnpUXn.exe
  C:\Windows\System\jdnpUXn.exe
  2⤵
  PID:9416
- C:\Windows\System\OZABzpJ.exe
  C:\Windows\System\OZABzpJ.exe
  2⤵
  PID:9436
- C:\Windows\System\KatkOnU.exe
  C:\Windows\System\KatkOnU.exe
  2⤵
  PID:9464
- C:\Windows\System\HFfwFoo.exe
  C:\Windows\System\HFfwFoo.exe
  2⤵
  PID:9492
- C:\Windows\System\YsRetNv.exe
  C:\Windows\System\YsRetNv.exe
  2⤵
  PID:9512
- C:\Windows\System\stAbwAQ.exe
  C:\Windows\System\stAbwAQ.exe
  2⤵
  PID:9528
- C:\Windows\System\UqlzwtV.exe
  C:\Windows\System\UqlzwtV.exe
  2⤵
  PID:9548
- C:\Windows\System\vcBKoNs.exe
  C:\Windows\System\vcBKoNs.exe
  2⤵
  PID:9564
- C:\Windows\System\LRHitSi.exe
  C:\Windows\System\LRHitSi.exe
  2⤵
  PID:9580
- C:\Windows\System\JhDhgre.exe
  C:\Windows\System\JhDhgre.exe
  2⤵
  PID:9596
- C:\Windows\System\oKmzsgg.exe
  C:\Windows\System\oKmzsgg.exe
  2⤵
  PID:9616
- C:\Windows\System\uEtzzqC.exe
  C:\Windows\System\uEtzzqC.exe
  2⤵
  PID:9632
- C:\Windows\System\TAvETIF.exe
  C:\Windows\System\TAvETIF.exe
  2⤵
  PID:9648
- C:\Windows\System\UqSMLLd.exe
  C:\Windows\System\UqSMLLd.exe
  2⤵
  PID:9664
- C:\Windows\System\GDTqESb.exe
  C:\Windows\System\GDTqESb.exe
  2⤵
  PID:9680
- C:\Windows\System\fApNiVP.exe
  C:\Windows\System\fApNiVP.exe
  2⤵
  PID:9696
- C:\Windows\System\rxvWryY.exe
  C:\Windows\System\rxvWryY.exe
  2⤵
  PID:9716
- C:\Windows\System\SmlHkOk.exe
  C:\Windows\System\SmlHkOk.exe
  2⤵
  PID:9740
- C:\Windows\System\fvKedlU.exe
  C:\Windows\System\fvKedlU.exe
  2⤵
  PID:9756
- C:\Windows\System\eQXSzGg.exe
  C:\Windows\System\eQXSzGg.exe
  2⤵
  PID:9780
- C:\Windows\System\SuYkWhu.exe
  C:\Windows\System\SuYkWhu.exe
  2⤵
  PID:9800
- C:\Windows\System\aioHgRl.exe
  C:\Windows\System\aioHgRl.exe
  2⤵
  PID:9816
- C:\Windows\System\ghofMWK.exe
  C:\Windows\System\ghofMWK.exe
  2⤵
  PID:9832
- C:\Windows\System\Sdxnbgb.exe
  C:\Windows\System\Sdxnbgb.exe
  2⤵
  PID:9852
- C:\Windows\System\kKrbHty.exe
  C:\Windows\System\kKrbHty.exe
  2⤵
  PID:9872
- C:\Windows\System\uVOVWNY.exe
  C:\Windows\System\uVOVWNY.exe
  2⤵
  PID:9896
- C:\Windows\System\XBNUrly.exe
  C:\Windows\System\XBNUrly.exe
  2⤵
  PID:9912
- C:\Windows\System\VUKKemX.exe
  C:\Windows\System\VUKKemX.exe
  2⤵
  PID:9932
- C:\Windows\System\YRxBEYN.exe
  C:\Windows\System\YRxBEYN.exe
  2⤵
  PID:9948
- C:\Windows\System\NQQtyYE.exe
  C:\Windows\System\NQQtyYE.exe
  2⤵
  PID:9968
- C:\Windows\System\EnmQmcK.exe
  C:\Windows\System\EnmQmcK.exe
  2⤵
  PID:9984
- C:\Windows\System\ORbGrrs.exe
  C:\Windows\System\ORbGrrs.exe
  2⤵
  PID:10004
- C:\Windows\System\TBWlZGd.exe
  C:\Windows\System\TBWlZGd.exe
  2⤵
  PID:10024
- C:\Windows\System\DMuXlpq.exe
  C:\Windows\System\DMuXlpq.exe
  2⤵
  PID:10040
- C:\Windows\System\CSiuDtA.exe
  C:\Windows\System\CSiuDtA.exe
  2⤵
  PID:10056
- C:\Windows\System\SxbvqAJ.exe
  C:\Windows\System\SxbvqAJ.exe
  2⤵
  PID:10076
- C:\Windows\System\qXWXQjj.exe
  C:\Windows\System\qXWXQjj.exe
  2⤵
  PID:10092
- C:\Windows\System\larjMNU.exe
  C:\Windows\System\larjMNU.exe
  2⤵
  PID:10108
- C:\Windows\System\xMKbHpR.exe
  C:\Windows\System\xMKbHpR.exe
  2⤵
  PID:10124
- C:\Windows\System\NwwbhZT.exe
  C:\Windows\System\NwwbhZT.exe
  2⤵
  PID:10140
- C:\Windows\System\CcGSuHg.exe
  C:\Windows\System\CcGSuHg.exe
  2⤵
  PID:10156
- C:\Windows\System\Bgghkld.exe
  C:\Windows\System\Bgghkld.exe
  2⤵
  PID:9236
- C:\Windows\System\FSsbYvQ.exe
  C:\Windows\System\FSsbYvQ.exe
  2⤵
  PID:9276
- C:\Windows\System\mdnJYpf.exe
  C:\Windows\System\mdnJYpf.exe
  2⤵
  PID:9304
- C:\Windows\System\vzWrMYD.exe
  C:\Windows\System\vzWrMYD.exe
  2⤵
  PID:9044
- C:\Windows\System\XeuHcLQ.exe
  C:\Windows\System\XeuHcLQ.exe
  2⤵
  PID:9372
- C:\Windows\System\SAZCySr.exe
  C:\Windows\System\SAZCySr.exe
  2⤵
  PID:9412
- C:\Windows\System\vWEQRfL.exe
  C:\Windows\System\vWEQRfL.exe
  2⤵
  PID:9360
- C:\Windows\System\HygSSxh.exe
  C:\Windows\System\HygSSxh.exe
  2⤵
  PID:9432
- C:\Windows\System\oMtRGJI.exe
  C:\Windows\System\oMtRGJI.exe
  2⤵
  PID:9476
- C:\Windows\System\EqnWrBi.exe
  C:\Windows\System\EqnWrBi.exe
  2⤵
  PID:9540
- C:\Windows\System\aJLhhta.exe
  C:\Windows\System\aJLhhta.exe
  2⤵
  PID:9576
- C:\Windows\System\fCpzFyP.exe
  C:\Windows\System\fCpzFyP.exe
  2⤵
  PID:9644
- C:\Windows\System\pyFbyPO.exe
  C:\Windows\System\pyFbyPO.exe
  2⤵
  PID:9676
- C:\Windows\System\qEIkjxF.exe
  C:\Windows\System\qEIkjxF.exe
  2⤵
  PID:9796
- C:\Windows\System\nhiBUex.exe
  C:\Windows\System\nhiBUex.exe
  2⤵
  PID:9860
- C:\Windows\System\svHbgqp.exe
  C:\Windows\System\svHbgqp.exe
  2⤵
  PID:9908
- C:\Windows\System\uuMPygm.exe
  C:\Windows\System\uuMPygm.exe
  2⤵
  PID:10012
- C:\Windows\System\mfltscU.exe
  C:\Windows\System\mfltscU.exe
  2⤵
  PID:10116
- C:\Windows\System\BrQCePZ.exe
  C:\Windows\System\BrQCePZ.exe
  2⤵
  PID:10052
- C:\Windows\System\EDQrMpN.exe
  C:\Windows\System\EDQrMpN.exe
  2⤵
  PID:9660
- C:\Windows\System\BjcCexU.exe
  C:\Windows\System\BjcCexU.exe
  2⤵
  PID:9556
- C:\Windows\System\sUwScLU.exe
  C:\Windows\System\sUwScLU.exe
  2⤵
  PID:9588
- C:\Windows\System\HeRkEjI.exe
  C:\Windows\System\HeRkEjI.exe
  2⤵
  PID:9656
- C:\Windows\System\NDAQuEd.exe
  C:\Windows\System\NDAQuEd.exe
  2⤵
  PID:9728
- C:\Windows\System\iWoqDKE.exe
  C:\Windows\System\iWoqDKE.exe
  2⤵
  PID:9736
- C:\Windows\System\aGVdHNk.exe
  C:\Windows\System\aGVdHNk.exe
  2⤵
  PID:9776
- C:\Windows\System\WrmBTGr.exe
  C:\Windows\System\WrmBTGr.exe
  2⤵
  PID:9884
- C:\Windows\System\inTHNbt.exe
  C:\Windows\System\inTHNbt.exe
  2⤵
  PID:9960
- C:\Windows\System\yRhuQUs.exe
  C:\Windows\System\yRhuQUs.exe
  2⤵
  PID:10036
- C:\Windows\System\QIGqjEQ.exe
  C:\Windows\System\QIGqjEQ.exe
  2⤵
  PID:10132
- C:\Windows\System\uXpoxwz.exe
  C:\Windows\System\uXpoxwz.exe
  2⤵
  PID:9308
- C:\Windows\System\aFRcqPv.exe
  C:\Windows\System\aFRcqPv.exe
  2⤵
  PID:10192
- C:\Windows\System\MUxUxBn.exe
  C:\Windows\System\MUxUxBn.exe
  2⤵
  PID:10212
- C:\Windows\System\aMSDTHO.exe
  C:\Windows\System\aMSDTHO.exe
  2⤵
  PID:9408
- C:\Windows\System\aOfVCCl.exe
  C:\Windows\System\aOfVCCl.exe
  2⤵
  PID:8596
- C:\Windows\System\wnswelA.exe
  C:\Windows\System\wnswelA.exe
  2⤵
  PID:9500
- C:\Windows\System\lhTnJmS.exe
  C:\Windows\System\lhTnJmS.exe
  2⤵
  PID:9640
- C:\Windows\System\DQJCvmQ.exe
  C:\Windows\System\DQJCvmQ.exe
  2⤵
  PID:9904
- C:\Windows\System\BJsMyoK.exe
  C:\Windows\System\BJsMyoK.exe
  2⤵
  PID:9964
- C:\Windows\System\qUvgEhT.exe
  C:\Windows\System\qUvgEhT.exe
  2⤵
  PID:10064
- C:\Windows\System\RserRWH.exe
  C:\Windows\System\RserRWH.exe
  2⤵
  PID:9772
- C:\Windows\System\rItFCVC.exe
  C:\Windows\System\rItFCVC.exe
  2⤵
  PID:9612
- C:\Windows\System\tSUlctg.exe
  C:\Windows\System\tSUlctg.exe
  2⤵
  PID:10104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DLcESki.exe

Filesize
6.0MB

MD5
523ead0a1392acee6a88d6497ee665bb

SHA1
31f0b7059a04e71d91248715b2a0408ee2f01fa4

SHA256
d89c63a5cd7cf0ee145ca9c3d30501baa7b89e50345c7f1ba17162917a61f7ea

SHA512
b8def7d7224173be84f54c6d9e4fff116f92b3c2cc3734e63fe7c581213db106c7e33ecf9d0536a445b668c6d1a6017c7576abef2d85f5207c1f8846d04ef66b

Download Submit
C:\Windows\system\EDVbSpQ.exe

Filesize
6.0MB

MD5
60797cb8cbb707978c5534b59bbb3d7b

SHA1
f9bb675f4566c4fedeb1b482000793918e4394e7

SHA256
23edf32f27f13ab16b588c6949727354f79472c3365c7caf2f02df0462a1b73f

SHA512
acc6953994e8dd9b5572fa13a664cbba3e59a1a05859b9b1fe863627021fa5c35904746f32eba54ab0e252240df35b41895a03a68b058dde2bbfd9edc1970995

Download Submit
C:\Windows\system\EOdtGuz.exe

Filesize
6.0MB

MD5
07e7e26092e84874987522230a67148a

SHA1
d2ad428f261a769d266ac20c09dbf4e36e6e2d29

SHA256
b161f3e5667527487f204ea8bec2a35d4ea6d22a0aeecec14297f9b7f87b2e4e

SHA512
cb5c43551d39fe98be306d1fcd010799dcc1fbeb17b0228e112f960e8b47009cc2e31d61fde9309955cdacee3c37dd55f5a314a2c8b8dd9a9247502a20b6da52

Download Submit
C:\Windows\system\EYDQFsh.exe

Filesize
6.0MB

MD5
598c3c4c3eaca7c1bb923fc8faf22c38

SHA1
01c629ca3c74a40681cc6e601a4ee10a69742682

SHA256
0db495928ad82e4d641557f5cb96a8e0147e5da9636c53da37665f767ec5aa8c

SHA512
0176e9d153a8d3f3765842343c7f6e44a54bc152c7b1c9448ffb2d8091922cc9ad9f8cb1ecde21cd594a07e13fe158a7df5352fb71cde22116fbdeedaaba1c04

Download Submit
C:\Windows\system\JHHUkaV.exe

Filesize
6.0MB

MD5
b5b80de912a8897ac64555692688101f

SHA1
8175c53cd1e80c1015997a75449e1905bcaa4ede

SHA256
787731f6e48f128c571cd16f26d50a80f7080f1b46f449ea5fa4e34f9c96e685

SHA512
56a69260c0d95f9fecb355aa08d4e562e8340632e1e8cf507a660d52326509ad1cbb515589ca059804e6bffc28f99dbac4f45c0267be1a9900109bb0c0ac5a2e

Download Submit
C:\Windows\system\JkFbYJH.exe

Filesize
6.0MB

MD5
92bc92cce377180e13672308a2785c06

SHA1
d207f9e23578738198cf4ba720e009aa17ee1064

SHA256
5eee06b8d74f80333a6105097c4d0980777692dfb552a919f4e2d18256474cd7

SHA512
3436349bac67ddc105b5d22d97db07cdcaa329bf40deb68d7432ac6a6ea3c68c7eefcc0e388b942460274128371f84b89ade32b7faac1455aa4b42b924b537fe

Download Submit
C:\Windows\system\JpGatsK.exe

Filesize
6.0MB

MD5
7dd11cddef50af66c33bdd8cfe44b88d

SHA1
b4b1f6925e3eb5ec68092ed2cd17cb2dea917f6d

SHA256
4c6a05bcefe8d81cedf19bc3c57df93e69135008b5f043ca4634de69892485bb

SHA512
fd4299e6ce80478bb1e2580cdda578ff10b7d9af6ff036e71e5e2adb33b7ba3511f44cc0da4a0107c9a18d4b55d1869bf06f0937cb498aae3d4b337f913c44bd

Download Submit
C:\Windows\system\KGcyceU.exe

Filesize
6.0MB

MD5
eb4574d477fece949afca96b5fdda415

SHA1
2818acbe1c7a2515a01320dd7e4f8c2f5306da8a

SHA256
0fc97167a307834ae592e438737c447bf4eb586d54250955f50ba2f4b8356a1e

SHA512
36d922591f8b252490b1c1de59e4b62c109081ed8ea188d18f7097e217a8647c6a4ad3c43cd89fd51004b48eb8b713260deb3937fc160c9dd0df4551e7a00de4

Download Submit
C:\Windows\system\QMgpigh.exe

Filesize
6.0MB

MD5
2a1b18bf07c309826b50595e6772ef22

SHA1
fcbf410b8872035bd0c7839808ee759110b5e4e6

SHA256
66c0fa5d635e7a1d022690e50332bce68d0c3ab691d9814669f003994edeb74f

SHA512
88899185ae74751b11c73c072c1c3d4e6bfd50214acd7e8c2693a47415a0b007ec10b191b028260ff675b4ffaaaf5936c180d48a1beb936e667d6e02d05d6ac4

Download Submit
C:\Windows\system\QtVjBtD.exe

Filesize
6.0MB

MD5
7d073bd031ef487a06ef62a05041b406

SHA1
693db3b520a95bcd23a2faeabb5ce01231013469

SHA256
5522ae6735992bd7b8b187c576e7dd3f53b0e6b992cb8aedff5ecbc53d45e5a4

SHA512
7f248e37b64e55dbef2091e10c05ea434936f7ff5b06f555b0cb9b14b1bbf97f2390be6a90310e5d47615b689e2cc975b8f651c39715236771021ece42651fb6

Download Submit
C:\Windows\system\SFOlzgx.exe

Filesize
6.0MB

MD5
287591236dc159302ce0b053e822104b

SHA1
0c01b50a9931dbc83ddfc927461c249b6aca723a

SHA256
45d5ea84851c05796317eba9bbb86032c49b2caa09567f925c861fda361ca691

SHA512
039e1ffa0bae22164a774541b46b85821a35112b00a50080ada6fcf3371e9887e0c18116be9e4b1b605a0d5a5581147c343c964976e8755c16e8c1a79e69d38e

Download Submit
C:\Windows\system\SFzfgLr.exe

Filesize
6.0MB

MD5
ee07fc9ac6ba0d53aa55591111c432d1

SHA1
db68b61baa89c9576c63c85168eb962fd013ec45

SHA256
1115036764f987e42234ced73a41bd8cc842260d9d77d49d97ab352ce406214c

SHA512
28b2b7ad7e292e17a4aaa60a0193aafd1dc863e0fcdc1d427e04c50bae84931163fff2a488776e5ddfba09c0ed36a0be9f6b911280306769d0dc05d6c6144b08

Download Submit
C:\Windows\system\TGhlFfr.exe

Filesize
6.0MB

MD5
14f49e612e276e90bc7a852d085d6ca8

SHA1
faba5c4cf5e7fe39558b23b0d89bc7ec09592215

SHA256
0f1081d65c6ba666cede70467c1b180051f116215e1fc61366bcde29ca078b6a

SHA512
3f9d8584fb9f959db5124be846d8a8db56314998a57b9f1f66ea7bd78f9669ce671f6c96fa8cb46078be250118bc4a518eb4f2299703d0197b8450859332153b

Download Submit
C:\Windows\system\VMAhUtn.exe

Filesize
6.0MB

MD5
c7331e19763bd1579c042ba2b6f1f831

SHA1
5ce8ca73ce16c491939cffb8de03857d2bbac306

SHA256
e26a219c12e80df3c626ea6255254ec4760134b6acf9b7eddfb0afbaffb95a37

SHA512
f5019ea41312045ff584ca7eb9dcfe651b269dae8bf742875d6f725b72ff00159e94032ceacce37c09667f7dab9e89cde43369afe25e8ddfe8ba3860fe10c1f4

Download Submit
C:\Windows\system\YJhIWll.exe

Filesize
6.0MB

MD5
3c4afed21b165c839f0e9f2f18cf5215

SHA1
ad0be49a6e82516b1ece97d7463a0594053722b4

SHA256
7fadd58e966aa70b43be04fd9e09388a4ed6692ff88eaae9b081171054b23ff3

SHA512
e62721215f1b17b27454243e88788a6c2abe0e1cab39c3fb4151b880a4653b22cbaec3941454bb876d1830d1e76c27e88a5dbc6024fdb69766689e883a0101d9

Download Submit
C:\Windows\system\ZwNQNSL.exe

Filesize
6.0MB

MD5
f5f375d1f32e0c2053a154dc77d2043c

SHA1
d5a2fe644e030999d41bfd6a9a27d42dc5ef83fc

SHA256
7c2e29b36a18b83fe623154f1da11007dac7ac280afaeff7ec86a327fde7399f

SHA512
86f06f884b44841b752bd9fc0e194cd6907c92f20dab359787c8126aa65197d01931e4b7b8a229a809a80da1e85ba7075ef9eaf75a0de5c9fc618f44ee96813a

Download Submit
C:\Windows\system\aBFagJr.exe

Filesize
6.0MB

MD5
b9d16f41dc84c2cb3c38b75029bdeaa7

SHA1
67a00e8a7e87110df3ba1638b7ffa6274e60a082

SHA256
f55c1d12b0c540626948c68b176792e8ad870ca10ee4264e40343ab384bdbef1

SHA512
8494889c7747d18bd8d6d9129fc76248b1dc180b315200b9d1c037e31bc25d65ea80572b2d42b47c34be02f0add3938ca1339bf87ca1ca8f47c4d824ef6493c5

Download Submit
C:\Windows\system\aBeuLGO.exe

Filesize
6.0MB

MD5
d6db16bbb093279014a447abfcc591f7

SHA1
1fa1e4d5ffe9fb0852e26b58c7d07826bd9184ea

SHA256
810e071bfe17ac3f7f23af2e73d824f2119ab3799c0e1228c67ac3f9fa74efac

SHA512
21a098a948ea19abd936ac45c62bcbf1b11b73b012737b4b88530ad097788c8074b8d8cc4f09bc4145868bba0e1d8eda0f93ca7a3ae6a37320d70e5e59534b7a

Download Submit
C:\Windows\system\aZfYZGx.exe

Filesize
6.0MB

MD5
abf05a6df304bc84bd1f9b8e66ef9159

SHA1
ab681fb312defec11da071e644698c561454564a

SHA256
1cbd602c2f88c845fdbf916fe2c3dc3103668584446826554fe758be7bb81fcf

SHA512
ca9b8d503afb57338929be5218af9edd13b85642a3cc995a92ade01c2e867fa5c305905158bc08f385db0e960e14c6c032c97c20503d09e767339bc8bfd0a7ba

Download Submit
C:\Windows\system\cCOftbf.exe

Filesize
6.0MB

MD5
66974dd010f911e1f44ac0df58ce12b2

SHA1
7604779f3eaa92530d63956c4aac073a86fc63e0

SHA256
8db52020a0dc0a15880a8927721c9a58b2003fef01bef0bba0f7a4e0522cf45d

SHA512
8d92090e8ed314797e537f979e9cd9faf668c58935805181c55f0786368e483ba16233233767754397f14f7fc8ee6d9378fa683a1bafec03e5570766799f9e00

Download Submit
C:\Windows\system\dfAZljx.exe

Filesize
6.0MB

MD5
93794b81d86f2a5e25e806235701eb4d

SHA1
fedfe400d38978df7f015faa66bbc25610c7e353

SHA256
448a4160de56d40efdfcccd7249c629049b0e5f5ce1ad29c29bf9e9b838c55a7

SHA512
605366ac900b214bb5cadf6bae21a968809aa2fe6f51ebbcf8c2870c0884eb52cc88ceafa1afa1d54fa93ecdc871cf7914341099cef855d87b3243773d3cf1fd

Download Submit
C:\Windows\system\jQkozxK.exe

Filesize
6.0MB

MD5
818cf7ec3f0c9b0f991d5e152f624839

SHA1
a8bdbc3be675aa619abeb4ca3334b053f3b4d77d

SHA256
cb931b254eba28532b50befb578ee11bc926935849981a769b7d2d88376548d4

SHA512
ed1152e443600b1349def8f6e037419b13bbe4065addc5a3c9a34b0def98bcad9bebe82d09f83b69aeae853538bd8ccd7726699949429f1c805be459b47caa68

Download Submit
C:\Windows\system\jkNHayK.exe

Filesize
6.0MB

MD5
3dd6cf074e1ff270e110db58b940f7c1

SHA1
cfa61285d59477cf2b8e110db1c8ecc0b6a6dd5e

SHA256
c2e4a465548e421be890329d494a45e16a1e517630e5cd7c80d10b1d02b3bdb6

SHA512
b67e025adb16fad1666788f3c29c49f9a3080c9e094302489be1dab7408c6c642cd45dc7367e4d277ab373c69f09dc9def4d9c8ecfe6efdea646c230f2f651ab

Download Submit
C:\Windows\system\ooNMcfF.exe

Filesize
6.0MB

MD5
69686e7d0302bed29581d1431b5b5f9b

SHA1
ac13d5aed8f2a1202bcbd60a2d70831aeebd0444

SHA256
141bab8c6fafb00193178d369d9221d672a05e3d43ef7ed3c8e19886f78b90f2

SHA512
ca25dc7680697e82cb4b482fbb18c55c94dea1377bf3f923c8a54e4df713296ef9ab707c3c0beb44a8bd62b29f2b78ec5a9e533bff6451e025efd87998e81f4d

Download Submit
C:\Windows\system\opdwjRn.exe

Filesize
6.0MB

MD5
4ac446e5a4846199f6e4d129ecc0d1ca

SHA1
4a6fdf9e40bf89f9d9d5ba520e22490ef50378f6

SHA256
19b2407b26310f82b5e88799d0c7a23cc5aa82ddf5e4407e63880dde5e916c16

SHA512
769a01c818d5fe271a5a807a4ad52705772d93964b8c5587fc04494b203811a4d7785e8224e372d77218b56d9c4504f485fbf413a6a779b21cb3d22a33d9fb80

Download Submit
C:\Windows\system\pKaAkSD.exe

Filesize
6.0MB

MD5
fbcf1c05fcf2dd69386680c9c26e9ee3

SHA1
75f6eee8612dbb7fc0b4be994b5da25a2eb0378b

SHA256
8892644d65712b76be9296e53bd831c706def0c18274eff8944bebac94fab50c

SHA512
bb8776d7410d8bfb0a013e3b5014e33c81900a7e99270a46b8fd657c03787b7b0ec8a6e503c6c912d768156fe167f47a2d6a0bfc4c95985c30e478f4b12cc056

Download Submit
C:\Windows\system\pxDNjkj.exe

Filesize
6.0MB

MD5
c671f641f371ffed22e6b87a288382d9

SHA1
59c0685b8e7cd7813c83ea3aa9944b4fe649e129

SHA256
d0ab96cf3feb2de1c2aea2334312a4a4af4b1e5c1ff654bc309ec0fbf26367c3

SHA512
62bf3c58ef30678b05f4339ee9e2771ead98330be1786597246c98886dff608097935dd3af929f2276adb4c845ab507da917ebfb75ba71eac824c2d8d1352840

Download Submit
C:\Windows\system\uQdFdeL.exe

Filesize
6.0MB

MD5
bfbeb83711589add0c779fc2c581c28f

SHA1
48de668e5b73e65c1ad7af0a4fdf2d2078176c32

SHA256
df87d20b0401c2167b63af991f7bb3c1eb64fb6fcfab00d21ce11470f8e5027b

SHA512
a10a5d9bafebd6f9c7e1809e218ddef2c2d28a54f79a9dad9f1671082123c1acc3a945c38d7e5db669e5c4650b6ee64c206b99a59ffaba52c942860d95d569ef

Download Submit
C:\Windows\system\vRoDOvk.exe

Filesize
6.0MB

MD5
eaeafe0384c84a4689da77c8bdb1bd7c

SHA1
f4da0fce5c4edf17f328454ca8d2a0649733c65a

SHA256
b9d53c45236a852aa879d4dabec6b21867370a95a51ea610c95338c50799ebc5

SHA512
4e42e13a7ffb064afce9d3f14fcaf54e7883bd924e52a529431250ad9936e6ed438565ae6025f3348144f6f99f8eba16b84fd7fdf957a20fa53dc61c74b2ec40

Download Submit
\Windows\system\FeLoXeb.exe

Filesize
6.0MB

MD5
0c3dd2c26b5abf30144d1dc4583ddf08

SHA1
aa781b20b812695801dff088c1165eb67dc31586

SHA256
f3a3940de42a98d7b09c51dbe936d8d54664140f023a166eaa5101e8bcafa602

SHA512
d2dea0101dc3aa5bb790f002bd69aae7c9ba7517524ff59facb3c377393f09b1bf6135597912bc32a51929ef34de6c2e23dbabfea1216f4ea65e5feeebdea6b1

Download Submit
\Windows\system\bXhVTEQ.exe

Filesize
6.0MB

MD5
0d929dcd6a03cdc1e9a98a81ef79b7bd

SHA1
4d9c7e3566ed5574d78049f5bafb068df56a0a7d

SHA256
ac42a1c2b6588d770eae14bd7ae282f99afe192033addc672cfc23351ad92d50

SHA512
d83cbae41e7ed505032a21195b872498e0c46880dfa28f5625ac02b6d9729d485c081050bd71570e2e99b66aa3abed3323f62f2c3041f29cb3aca87f8e1caaff

Download Submit
\Windows\system\zfdBxCa.exe

Filesize
6.0MB

MD5
3d32091f0fc18f6a3fcb82cfb8c872aa

SHA1
e7586e53906a1135b625c48b6a11c85a9c65a8e3

SHA256
0b529c463e7b5e4018742265683ab8105cad076e5e38143e7c9320d75ad3e365

SHA512
4fc6e5c70c0f7838efe1b0c75a114df7015ddb5801cd04deb92c81ac030c8af43021f92f5f31ee5ad00927cb9b39f154a0ce2f2f5aecf48a7180ca87dc9812a1

Download Submit
memory/1848-496-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-3235-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-3276-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1956-517-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2068-3271-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-499-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-501-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2344-3244-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2516-525-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3289-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3275-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-521-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-519-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3256-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2728-512-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3273-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2732-523-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3263-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-508-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3272-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2744-510-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3291-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3290-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-503-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-514-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3249-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3292-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-506-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-532-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-520-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-505-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-529-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-502-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-530-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-507-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2972-536-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2972-511-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2972-531-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2972-513-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2972-539-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2972-516-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2972-518-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2972-0-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-500-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2972-522-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-533-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-526-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-527-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-524-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-534-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2972-570-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-572-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-509-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2972-573-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-694-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-698-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-562-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2972-535-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2972-544-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2972-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download