cobaltstrike | 587540f404a46af829b8219dc9ba4556cff83aefb2a64d11b7eb15cff6139519

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

89703eb34ba583eb0207657de7390a7f
SHA1

7212c9e73a7513b7eb63856f181feb2d6ed700f5
SHA256

587540f404a46af829b8219dc9ba4556cff83aefb2a64d11b7eb15cff6139519
SHA512

11ced98d49c7b40cd81cf6e4db415d8089d77f7e7a82f988fd3b45ed16347c46c9f5f081333bfe0c118fe6070bb250833850ee642bb9c50825016562d44f10cf
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012280-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0e-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d18-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d41-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d79-44.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d81-51.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf5-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d43-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-179.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-169.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-173.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-159.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-164.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-153.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-149.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-134.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-102.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d2a-79.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3a-88.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd7-66.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d89-55.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c88-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d59-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3036-0-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012280-6.dat	xmrig
behavioral1/files/0x0008000000015d0e-13.dat	xmrig
behavioral1/memory/2604-9-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/640-15-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d18-19.dat	xmrig
behavioral1/memory/2092-22-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d41-26.dat	xmrig
behavioral1/files/0x0007000000015d79-44.dat	xmrig
behavioral1/files/0x0009000000015d81-51.dat	xmrig
behavioral1/files/0x0006000000016cf5-74.dat	xmrig
behavioral1/memory/2204-73-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d43-94.dat	xmrig
behavioral1/files/0x0006000000016d77-129.dat	xmrig
behavioral1/memory/2960-3627-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2892-3657-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2568-3688-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2432-3661-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2216-3656-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2360-3645-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2092-3624-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2604-3623-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2884-3622-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2876-3620-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2804-3619-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2984-3630-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/640-3629-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2204-3628-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2360-1088-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2432-771-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2876-208-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ed-189.dat	xmrig
behavioral1/files/0x00050000000186e7-183.dat	xmrig
behavioral1/files/0x0005000000018686-179.dat	xmrig
behavioral1/files/0x000600000001749c-169.dat	xmrig
behavioral1/files/0x000600000001755b-173.dat	xmrig
behavioral1/files/0x0006000000017049-159.dat	xmrig
behavioral1/files/0x0006000000017497-164.dat	xmrig
behavioral1/files/0x0006000000016ecf-153.dat	xmrig
behavioral1/files/0x0006000000016df3-149.dat	xmrig
behavioral1/files/0x0006000000016de8-140.dat	xmrig
behavioral1/files/0x0006000000016dea-144.dat	xmrig
behavioral1/files/0x0006000000016d9f-134.dat	xmrig
behavioral1/files/0x0006000000016d6f-124.dat	xmrig
behavioral1/files/0x0006000000016d6b-119.dat	xmrig
behavioral1/files/0x0006000000016d67-114.dat	xmrig
behavioral1/files/0x0006000000016d54-110.dat	xmrig
behavioral1/memory/2092-104-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d4b-102.dat	xmrig
behavioral1/memory/2360-96-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2432-91-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2804-85-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2884-84-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2892-80-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d2a-79.dat	xmrig
behavioral1/memory/3036-78-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2216-77-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d3a-88.dat	xmrig
behavioral1/memory/3036-68-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cd7-66.dat	xmrig
behavioral1/memory/2984-59-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d89-55.dat	xmrig
behavioral1/memory/2568-54-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x0009000000016c88-52.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2604	omPgYFv.exe
640	yPjqOAW.exe
2092	lGDvOKc.exe
2876	JnoxQQq.exe
2204	mOZrffl.exe
2568	trUChSQ.exe
2984	gBoIOyz.exe
2960	CGzpRlF.exe
2216	RdEddzj.exe
2892	AkuWMig.exe
2884	BjgPIaq.exe
2804	rEuRkoj.exe
2432	aXlEuET.exe
2360	SbsPGFm.exe
872	YhCWfJX.exe
2596	AWBYaGR.exe
2392	fTFOUBH.exe
380	LSbimbv.exe
804	JxNzWKV.exe
1720	OoylJPZ.exe
1592	AUGvymk.exe
1568	bcPBWKx.exe
2908	NNTQlvo.exe
1324	XVizVOB.exe
2508	xYgjXeR.exe
2236	ChluQfX.exe
3008	HLkXTZI.exe
2064	TCrTXLn.exe
912	jopNAbk.exe
2272	aVdtaQG.exe
3052	VaUKcrj.exe
1336	gXdNcIs.exe
1668	vqgCLMa.exe
576	alDvciq.exe
1564	KMvSoWy.exe
1676	KEsDHZX.exe
2004	eCXGTnD.exe
884	yxCOExN.exe
1552	iSeuLNU.exe
588	YtazIPd.exe
2244	TRVgXeW.exe
3068	XYzDDcQ.exe
2208	aaECbUb.exe
2188	AWGwXhM.exe
696	vVuHVFz.exe
2648	FNSeUls.exe
568	WebrUJY.exe
2776	LEMQbTL.exe
1760	YMysBJb.exe
2456	tKYYWSG.exe
2224	RqvQKoe.exe
2636	qyvVbzs.exe
1712	yXtQCYc.exe
1728	mCUNjfr.exe
1488	lwJxAec.exe
2484	vbQWJnV.exe
2820	TYVcJHB.exe
2956	qNqZrmk.exe
2824	IUzjybG.exe
2688	RIFHqQk.exe
2428	asuhsVS.exe
2020	YtYDmYZ.exe
2140	iTwUMNB.exe
1260	xdQrWbE.exe

Loads dropped DLL 64 IoCs

pid	Process
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3036-0-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x000b000000012280-6.dat	upx
behavioral1/files/0x0008000000015d0e-13.dat	upx
behavioral1/memory/2604-9-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/640-15-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/files/0x0008000000015d18-19.dat	upx
behavioral1/memory/2092-22-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x0007000000015d41-26.dat	upx
behavioral1/files/0x0007000000015d79-44.dat	upx
behavioral1/files/0x0009000000015d81-51.dat	upx
behavioral1/files/0x0006000000016cf5-74.dat	upx
behavioral1/memory/2204-73-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x0006000000016d43-94.dat	upx
behavioral1/files/0x0006000000016d77-129.dat	upx
behavioral1/memory/2960-3627-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2892-3657-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2568-3688-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2432-3661-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2216-3656-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2360-3645-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2092-3624-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2604-3623-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2884-3622-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2876-3620-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2804-3619-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2984-3630-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/640-3629-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2204-3628-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2360-1088-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2432-771-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2876-208-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x00050000000186ed-189.dat	upx
behavioral1/files/0x00050000000186e7-183.dat	upx
behavioral1/files/0x0005000000018686-179.dat	upx
behavioral1/files/0x000600000001749c-169.dat	upx
behavioral1/files/0x000600000001755b-173.dat	upx
behavioral1/files/0x0006000000017049-159.dat	upx
behavioral1/files/0x0006000000017497-164.dat	upx
behavioral1/files/0x0006000000016ecf-153.dat	upx
behavioral1/files/0x0006000000016df3-149.dat	upx
behavioral1/files/0x0006000000016de8-140.dat	upx
behavioral1/files/0x0006000000016dea-144.dat	upx
behavioral1/files/0x0006000000016d9f-134.dat	upx
behavioral1/files/0x0006000000016d6f-124.dat	upx
behavioral1/files/0x0006000000016d6b-119.dat	upx
behavioral1/files/0x0006000000016d67-114.dat	upx
behavioral1/files/0x0006000000016d54-110.dat	upx
behavioral1/memory/2092-104-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x0006000000016d4b-102.dat	upx
behavioral1/memory/2360-96-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2432-91-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2804-85-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2884-84-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2892-80-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x0006000000016d2a-79.dat	upx
behavioral1/memory/2216-77-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0006000000016d3a-88.dat	upx
behavioral1/memory/3036-68-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x0006000000016cd7-66.dat	upx
behavioral1/memory/2984-59-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0009000000015d89-55.dat	upx
behavioral1/memory/2568-54-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x0009000000016c88-52.dat	upx
behavioral1/memory/2960-63-0x000000013F730000-0x000000013FA84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HGScNYr.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTkrzFl.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkuWMig.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtuKkGm.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFQbwBf.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDESGtR.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRSvfTt.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppNrukl.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbAvETD.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBHhLur.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qCuNEKd.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJQsinh.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hICdTdY.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SetCAgL.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJbBWyS.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzDmXGd.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIiOyJK.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gTrqyBC.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByXkESZ.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLmRlXv.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXBBDnC.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRlRJyY.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqLfAyA.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeyQUlc.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmIFleQ.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuzhSFK.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXRkVuT.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BsnufJs.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWVUQOj.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgwNRXq.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSPdjFM.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkSvZUk.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXFDDfG.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVZTVPL.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdEddzj.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyvVbzs.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFXLwti.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCtikoo.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBtYoKb.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysGPVzj.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgwAvWr.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNYZTgr.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzokseS.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrwVeTP.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFjfreX.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lImgRET.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIDnOnK.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLvovnB.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ockzbLH.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgFerRW.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKnVFUC.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPbfvHM.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCXGTnD.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REHrJTS.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcINvVZ.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qIjOZBV.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\poyQjQN.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgqmHTQ.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPwSczq.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhkHYZx.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kInvjxt.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMQcVgO.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlPMzWR.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXaOvMX.exe	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2604	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3036 wrote to memory of 2604	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3036 wrote to memory of 2604	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3036 wrote to memory of 640	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3036 wrote to memory of 640	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3036 wrote to memory of 640	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3036 wrote to memory of 2092	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3036 wrote to memory of 2092	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3036 wrote to memory of 2092	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3036 wrote to memory of 2876	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3036 wrote to memory of 2876	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3036 wrote to memory of 2876	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3036 wrote to memory of 2204	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3036 wrote to memory of 2204	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3036 wrote to memory of 2204	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3036 wrote to memory of 2568	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3036 wrote to memory of 2568	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3036 wrote to memory of 2568	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3036 wrote to memory of 2984	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3036 wrote to memory of 2984	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3036 wrote to memory of 2984	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3036 wrote to memory of 2216	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3036 wrote to memory of 2216	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3036 wrote to memory of 2216	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3036 wrote to memory of 2960	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3036 wrote to memory of 2960	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3036 wrote to memory of 2960	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3036 wrote to memory of 2892	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3036 wrote to memory of 2892	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3036 wrote to memory of 2892	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3036 wrote to memory of 2884	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3036 wrote to memory of 2884	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3036 wrote to memory of 2884	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3036 wrote to memory of 2804	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3036 wrote to memory of 2804	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3036 wrote to memory of 2804	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3036 wrote to memory of 2432	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3036 wrote to memory of 2432	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3036 wrote to memory of 2432	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3036 wrote to memory of 2360	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3036 wrote to memory of 2360	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3036 wrote to memory of 2360	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3036 wrote to memory of 872	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3036 wrote to memory of 872	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3036 wrote to memory of 872	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3036 wrote to memory of 2596	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3036 wrote to memory of 2596	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3036 wrote to memory of 2596	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3036 wrote to memory of 2392	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3036 wrote to memory of 2392	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3036 wrote to memory of 2392	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3036 wrote to memory of 380	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3036 wrote to memory of 380	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3036 wrote to memory of 380	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3036 wrote to memory of 804	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3036 wrote to memory of 804	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3036 wrote to memory of 804	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3036 wrote to memory of 1720	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3036 wrote to memory of 1720	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3036 wrote to memory of 1720	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3036 wrote to memory of 1592	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3036 wrote to memory of 1592	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3036 wrote to memory of 1592	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3036 wrote to memory of 1568	3036	2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_89703eb34ba583eb0207657de7390a7f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\System\omPgYFv.exe
  C:\Windows\System\omPgYFv.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\yPjqOAW.exe
  C:\Windows\System\yPjqOAW.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\lGDvOKc.exe
  C:\Windows\System\lGDvOKc.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\JnoxQQq.exe
  C:\Windows\System\JnoxQQq.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\mOZrffl.exe
  C:\Windows\System\mOZrffl.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\trUChSQ.exe
  C:\Windows\System\trUChSQ.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\gBoIOyz.exe
  C:\Windows\System\gBoIOyz.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\RdEddzj.exe
  C:\Windows\System\RdEddzj.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\CGzpRlF.exe
  C:\Windows\System\CGzpRlF.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\AkuWMig.exe
  C:\Windows\System\AkuWMig.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\BjgPIaq.exe
  C:\Windows\System\BjgPIaq.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\rEuRkoj.exe
  C:\Windows\System\rEuRkoj.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\aXlEuET.exe
  C:\Windows\System\aXlEuET.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\SbsPGFm.exe
  C:\Windows\System\SbsPGFm.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\YhCWfJX.exe
  C:\Windows\System\YhCWfJX.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\AWBYaGR.exe
  C:\Windows\System\AWBYaGR.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\fTFOUBH.exe
  C:\Windows\System\fTFOUBH.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\LSbimbv.exe
  C:\Windows\System\LSbimbv.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\JxNzWKV.exe
  C:\Windows\System\JxNzWKV.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\OoylJPZ.exe
  C:\Windows\System\OoylJPZ.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\AUGvymk.exe
  C:\Windows\System\AUGvymk.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\bcPBWKx.exe
  C:\Windows\System\bcPBWKx.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\NNTQlvo.exe
  C:\Windows\System\NNTQlvo.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\XVizVOB.exe
  C:\Windows\System\XVizVOB.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\xYgjXeR.exe
  C:\Windows\System\xYgjXeR.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\ChluQfX.exe
  C:\Windows\System\ChluQfX.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\HLkXTZI.exe
  C:\Windows\System\HLkXTZI.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\TCrTXLn.exe
  C:\Windows\System\TCrTXLn.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\jopNAbk.exe
  C:\Windows\System\jopNAbk.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\aVdtaQG.exe
  C:\Windows\System\aVdtaQG.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\VaUKcrj.exe
  C:\Windows\System\VaUKcrj.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\gXdNcIs.exe
  C:\Windows\System\gXdNcIs.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\vqgCLMa.exe
  C:\Windows\System\vqgCLMa.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\alDvciq.exe
  C:\Windows\System\alDvciq.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\KMvSoWy.exe
  C:\Windows\System\KMvSoWy.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\KEsDHZX.exe
  C:\Windows\System\KEsDHZX.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\eCXGTnD.exe
  C:\Windows\System\eCXGTnD.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\yxCOExN.exe
  C:\Windows\System\yxCOExN.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\iSeuLNU.exe
  C:\Windows\System\iSeuLNU.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\YtazIPd.exe
  C:\Windows\System\YtazIPd.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\TRVgXeW.exe
  C:\Windows\System\TRVgXeW.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\XYzDDcQ.exe
  C:\Windows\System\XYzDDcQ.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\aaECbUb.exe
  C:\Windows\System\aaECbUb.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\AWGwXhM.exe
  C:\Windows\System\AWGwXhM.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\vVuHVFz.exe
  C:\Windows\System\vVuHVFz.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\FNSeUls.exe
  C:\Windows\System\FNSeUls.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\WebrUJY.exe
  C:\Windows\System\WebrUJY.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\LEMQbTL.exe
  C:\Windows\System\LEMQbTL.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\YMysBJb.exe
  C:\Windows\System\YMysBJb.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\tKYYWSG.exe
  C:\Windows\System\tKYYWSG.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\RqvQKoe.exe
  C:\Windows\System\RqvQKoe.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\qyvVbzs.exe
  C:\Windows\System\qyvVbzs.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\yXtQCYc.exe
  C:\Windows\System\yXtQCYc.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\mCUNjfr.exe
  C:\Windows\System\mCUNjfr.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\lwJxAec.exe
  C:\Windows\System\lwJxAec.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\vbQWJnV.exe
  C:\Windows\System\vbQWJnV.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\TYVcJHB.exe
  C:\Windows\System\TYVcJHB.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\qNqZrmk.exe
  C:\Windows\System\qNqZrmk.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\IUzjybG.exe
  C:\Windows\System\IUzjybG.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\RIFHqQk.exe
  C:\Windows\System\RIFHqQk.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\asuhsVS.exe
  C:\Windows\System\asuhsVS.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\YtYDmYZ.exe
  C:\Windows\System\YtYDmYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\iTwUMNB.exe
  C:\Windows\System\iTwUMNB.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\xdQrWbE.exe
  C:\Windows\System\xdQrWbE.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\vHmOjAZ.exe
  C:\Windows\System\vHmOjAZ.exe
  2⤵
  PID:1256
- C:\Windows\System\zQqaebc.exe
  C:\Windows\System\zQqaebc.exe
  2⤵
  PID:1948
- C:\Windows\System\oHGLlxq.exe
  C:\Windows\System\oHGLlxq.exe
  2⤵
  PID:2760
- C:\Windows\System\aPBfHrH.exe
  C:\Windows\System\aPBfHrH.exe
  2⤵
  PID:2900
- C:\Windows\System\abzzxom.exe
  C:\Windows\System\abzzxom.exe
  2⤵
  PID:2284
- C:\Windows\System\UkQMYZt.exe
  C:\Windows\System\UkQMYZt.exe
  2⤵
  PID:3028
- C:\Windows\System\lzvBTIk.exe
  C:\Windows\System\lzvBTIk.exe
  2⤵
  PID:1136
- C:\Windows\System\KhInFCb.exe
  C:\Windows\System\KhInFCb.exe
  2⤵
  PID:692
- C:\Windows\System\MOcnHjr.exe
  C:\Windows\System\MOcnHjr.exe
  2⤵
  PID:1508
- C:\Windows\System\socjqoz.exe
  C:\Windows\System\socjqoz.exe
  2⤵
  PID:2404
- C:\Windows\System\iRaqEyk.exe
  C:\Windows\System\iRaqEyk.exe
  2⤵
  PID:2012
- C:\Windows\System\PIJBdwm.exe
  C:\Windows\System\PIJBdwm.exe
  2⤵
  PID:2008
- C:\Windows\System\mpFdkQA.exe
  C:\Windows\System\mpFdkQA.exe
  2⤵
  PID:1608
- C:\Windows\System\DZNUyHy.exe
  C:\Windows\System\DZNUyHy.exe
  2⤵
  PID:1036
- C:\Windows\System\ZuCJVlq.exe
  C:\Windows\System\ZuCJVlq.exe
  2⤵
  PID:2524
- C:\Windows\System\hFqboHE.exe
  C:\Windows\System\hFqboHE.exe
  2⤵
  PID:2076
- C:\Windows\System\djxLNdY.exe
  C:\Windows\System\djxLNdY.exe
  2⤵
  PID:2104
- C:\Windows\System\CZiTbNQ.exe
  C:\Windows\System\CZiTbNQ.exe
  2⤵
  PID:2240
- C:\Windows\System\QPPCLrD.exe
  C:\Windows\System\QPPCLrD.exe
  2⤵
  PID:352
- C:\Windows\System\LIOEbqf.exe
  C:\Windows\System\LIOEbqf.exe
  2⤵
  PID:2320
- C:\Windows\System\QyviTVO.exe
  C:\Windows\System\QyviTVO.exe
  2⤵
  PID:2616
- C:\Windows\System\xQsCuLi.exe
  C:\Windows\System\xQsCuLi.exe
  2⤵
  PID:2120
- C:\Windows\System\xudKRUz.exe
  C:\Windows\System\xudKRUz.exe
  2⤵
  PID:2500
- C:\Windows\System\BQSxIFQ.exe
  C:\Windows\System\BQSxIFQ.exe
  2⤵
  PID:2816
- C:\Windows\System\fLMCXgP.exe
  C:\Windows\System\fLMCXgP.exe
  2⤵
  PID:2944
- C:\Windows\System\BRtlIhS.exe
  C:\Windows\System\BRtlIhS.exe
  2⤵
  PID:2488
- C:\Windows\System\PBfyIta.exe
  C:\Windows\System\PBfyIta.exe
  2⤵
  PID:1288
- C:\Windows\System\yhlTjzo.exe
  C:\Windows\System\yhlTjzo.exe
  2⤵
  PID:1708
- C:\Windows\System\VchmGqz.exe
  C:\Windows\System\VchmGqz.exe
  2⤵
  PID:2080
- C:\Windows\System\rONChdH.exe
  C:\Windows\System\rONChdH.exe
  2⤵
  PID:2912
- C:\Windows\System\qCdNZEb.exe
  C:\Windows\System\qCdNZEb.exe
  2⤵
  PID:2128
- C:\Windows\System\xQpbeMo.exe
  C:\Windows\System\xQpbeMo.exe
  2⤵
  PID:1656
- C:\Windows\System\CGspHJC.exe
  C:\Windows\System\CGspHJC.exe
  2⤵
  PID:1544
- C:\Windows\System\mcUNIKE.exe
  C:\Windows\System\mcUNIKE.exe
  2⤵
  PID:3084
- C:\Windows\System\jnIUpqn.exe
  C:\Windows\System\jnIUpqn.exe
  2⤵
  PID:3104
- C:\Windows\System\jzDmXGd.exe
  C:\Windows\System\jzDmXGd.exe
  2⤵
  PID:3124
- C:\Windows\System\JQxNVLN.exe
  C:\Windows\System\JQxNVLN.exe
  2⤵
  PID:3144
- C:\Windows\System\BVPEYao.exe
  C:\Windows\System\BVPEYao.exe
  2⤵
  PID:3164
- C:\Windows\System\pgAWgfC.exe
  C:\Windows\System\pgAWgfC.exe
  2⤵
  PID:3184
- C:\Windows\System\mgHEOTs.exe
  C:\Windows\System\mgHEOTs.exe
  2⤵
  PID:3204
- C:\Windows\System\wZRBQWr.exe
  C:\Windows\System\wZRBQWr.exe
  2⤵
  PID:3224
- C:\Windows\System\HOqkibR.exe
  C:\Windows\System\HOqkibR.exe
  2⤵
  PID:3244
- C:\Windows\System\PdGdPVq.exe
  C:\Windows\System\PdGdPVq.exe
  2⤵
  PID:3264
- C:\Windows\System\OPUznOH.exe
  C:\Windows\System\OPUznOH.exe
  2⤵
  PID:3284
- C:\Windows\System\hiEFadG.exe
  C:\Windows\System\hiEFadG.exe
  2⤵
  PID:3304
- C:\Windows\System\dgqmHTQ.exe
  C:\Windows\System\dgqmHTQ.exe
  2⤵
  PID:3328
- C:\Windows\System\dSsDRsR.exe
  C:\Windows\System\dSsDRsR.exe
  2⤵
  PID:3348
- C:\Windows\System\kRRPmTL.exe
  C:\Windows\System\kRRPmTL.exe
  2⤵
  PID:3368
- C:\Windows\System\HiHuHpv.exe
  C:\Windows\System\HiHuHpv.exe
  2⤵
  PID:3388
- C:\Windows\System\qYdHNci.exe
  C:\Windows\System\qYdHNci.exe
  2⤵
  PID:3408
- C:\Windows\System\lbDIRRI.exe
  C:\Windows\System\lbDIRRI.exe
  2⤵
  PID:3428
- C:\Windows\System\FiNwiNo.exe
  C:\Windows\System\FiNwiNo.exe
  2⤵
  PID:3448
- C:\Windows\System\prezYpH.exe
  C:\Windows\System\prezYpH.exe
  2⤵
  PID:3468
- C:\Windows\System\REHrJTS.exe
  C:\Windows\System\REHrJTS.exe
  2⤵
  PID:3488
- C:\Windows\System\wquhAoS.exe
  C:\Windows\System\wquhAoS.exe
  2⤵
  PID:3508
- C:\Windows\System\HlinLOP.exe
  C:\Windows\System\HlinLOP.exe
  2⤵
  PID:3528
- C:\Windows\System\ULXBRmI.exe
  C:\Windows\System\ULXBRmI.exe
  2⤵
  PID:3548
- C:\Windows\System\FuyvUNw.exe
  C:\Windows\System\FuyvUNw.exe
  2⤵
  PID:3568
- C:\Windows\System\cfjuPRJ.exe
  C:\Windows\System\cfjuPRJ.exe
  2⤵
  PID:3588
- C:\Windows\System\HIWSpAI.exe
  C:\Windows\System\HIWSpAI.exe
  2⤵
  PID:3608
- C:\Windows\System\yTZMlUs.exe
  C:\Windows\System\yTZMlUs.exe
  2⤵
  PID:3628
- C:\Windows\System\svTbICO.exe
  C:\Windows\System\svTbICO.exe
  2⤵
  PID:3648
- C:\Windows\System\shrEayr.exe
  C:\Windows\System\shrEayr.exe
  2⤵
  PID:3668
- C:\Windows\System\agUFBZl.exe
  C:\Windows\System\agUFBZl.exe
  2⤵
  PID:3688
- C:\Windows\System\zGPShEb.exe
  C:\Windows\System\zGPShEb.exe
  2⤵
  PID:3708
- C:\Windows\System\gGNHkXJ.exe
  C:\Windows\System\gGNHkXJ.exe
  2⤵
  PID:3728
- C:\Windows\System\jiVMwym.exe
  C:\Windows\System\jiVMwym.exe
  2⤵
  PID:3748
- C:\Windows\System\fZsWcAb.exe
  C:\Windows\System\fZsWcAb.exe
  2⤵
  PID:3768
- C:\Windows\System\gWRyMWN.exe
  C:\Windows\System\gWRyMWN.exe
  2⤵
  PID:3792
- C:\Windows\System\MOSPFZu.exe
  C:\Windows\System\MOSPFZu.exe
  2⤵
  PID:3812
- C:\Windows\System\ONYAcfx.exe
  C:\Windows\System\ONYAcfx.exe
  2⤵
  PID:3832
- C:\Windows\System\RHAKJnV.exe
  C:\Windows\System\RHAKJnV.exe
  2⤵
  PID:3852
- C:\Windows\System\syArTIs.exe
  C:\Windows\System\syArTIs.exe
  2⤵
  PID:3872
- C:\Windows\System\DXHMaOB.exe
  C:\Windows\System\DXHMaOB.exe
  2⤵
  PID:3892
- C:\Windows\System\HGVtkmN.exe
  C:\Windows\System\HGVtkmN.exe
  2⤵
  PID:3912
- C:\Windows\System\fdnStKm.exe
  C:\Windows\System\fdnStKm.exe
  2⤵
  PID:3932
- C:\Windows\System\pZedbIS.exe
  C:\Windows\System\pZedbIS.exe
  2⤵
  PID:3952
- C:\Windows\System\CQxrWay.exe
  C:\Windows\System\CQxrWay.exe
  2⤵
  PID:3972
- C:\Windows\System\UsEqzWt.exe
  C:\Windows\System\UsEqzWt.exe
  2⤵
  PID:3992
- C:\Windows\System\QTPqAyU.exe
  C:\Windows\System\QTPqAyU.exe
  2⤵
  PID:4012
- C:\Windows\System\woIWUNe.exe
  C:\Windows\System\woIWUNe.exe
  2⤵
  PID:4032
- C:\Windows\System\dWpAxwT.exe
  C:\Windows\System\dWpAxwT.exe
  2⤵
  PID:4052
- C:\Windows\System\WmQstow.exe
  C:\Windows\System\WmQstow.exe
  2⤵
  PID:4072
- C:\Windows\System\mGdpYQa.exe
  C:\Windows\System\mGdpYQa.exe
  2⤵
  PID:4092
- C:\Windows\System\IHxUNxj.exe
  C:\Windows\System\IHxUNxj.exe
  2⤵
  PID:2068
- C:\Windows\System\NwgteqP.exe
  C:\Windows\System\NwgteqP.exe
  2⤵
  PID:1660
- C:\Windows\System\jjVBRrR.exe
  C:\Windows\System\jjVBRrR.exe
  2⤵
  PID:1808
- C:\Windows\System\upJsdpc.exe
  C:\Windows\System\upJsdpc.exe
  2⤵
  PID:2896
- C:\Windows\System\TTGWzxC.exe
  C:\Windows\System\TTGWzxC.exe
  2⤵
  PID:1496
- C:\Windows\System\gfRvGLr.exe
  C:\Windows\System\gfRvGLr.exe
  2⤵
  PID:1516
- C:\Windows\System\HtHGqdS.exe
  C:\Windows\System\HtHGqdS.exe
  2⤵
  PID:2148
- C:\Windows\System\LppAJpN.exe
  C:\Windows\System\LppAJpN.exe
  2⤵
  PID:2300
- C:\Windows\System\iyKOmuw.exe
  C:\Windows\System\iyKOmuw.exe
  2⤵
  PID:320
- C:\Windows\System\GYvCvoA.exe
  C:\Windows\System\GYvCvoA.exe
  2⤵
  PID:2724
- C:\Windows\System\IKhFYpG.exe
  C:\Windows\System\IKhFYpG.exe
  2⤵
  PID:1672
- C:\Windows\System\SAxpRAy.exe
  C:\Windows\System\SAxpRAy.exe
  2⤵
  PID:1280
- C:\Windows\System\nXCprdq.exe
  C:\Windows\System\nXCprdq.exe
  2⤵
  PID:3016
- C:\Windows\System\IWVUQOj.exe
  C:\Windows\System\IWVUQOj.exe
  2⤵
  PID:2464
- C:\Windows\System\jGGGLnK.exe
  C:\Windows\System\jGGGLnK.exe
  2⤵
  PID:3092
- C:\Windows\System\BbnKuvI.exe
  C:\Windows\System\BbnKuvI.exe
  2⤵
  PID:3116
- C:\Windows\System\jVUUlnV.exe
  C:\Windows\System\jVUUlnV.exe
  2⤵
  PID:3160
- C:\Windows\System\lpCgDWH.exe
  C:\Windows\System\lpCgDWH.exe
  2⤵
  PID:3180
- C:\Windows\System\RDkrcgX.exe
  C:\Windows\System\RDkrcgX.exe
  2⤵
  PID:3236
- C:\Windows\System\jGRchPy.exe
  C:\Windows\System\jGRchPy.exe
  2⤵
  PID:3216
- C:\Windows\System\GSAEkwd.exe
  C:\Windows\System\GSAEkwd.exe
  2⤵
  PID:3312
- C:\Windows\System\eCAZvAb.exe
  C:\Windows\System\eCAZvAb.exe
  2⤵
  PID:3316
- C:\Windows\System\zDFDoMs.exe
  C:\Windows\System\zDFDoMs.exe
  2⤵
  PID:3340
- C:\Windows\System\FQFHWqH.exe
  C:\Windows\System\FQFHWqH.exe
  2⤵
  PID:3380
- C:\Windows\System\yxXsUGU.exe
  C:\Windows\System\yxXsUGU.exe
  2⤵
  PID:3436
- C:\Windows\System\CqlHGQc.exe
  C:\Windows\System\CqlHGQc.exe
  2⤵
  PID:3456
- C:\Windows\System\EaeFkhK.exe
  C:\Windows\System\EaeFkhK.exe
  2⤵
  PID:3516
- C:\Windows\System\zcCpaAJ.exe
  C:\Windows\System\zcCpaAJ.exe
  2⤵
  PID:3496
- C:\Windows\System\qNLOAcz.exe
  C:\Windows\System\qNLOAcz.exe
  2⤵
  PID:3560
- C:\Windows\System\mlWZurQ.exe
  C:\Windows\System\mlWZurQ.exe
  2⤵
  PID:3580
- C:\Windows\System\pKuAFrj.exe
  C:\Windows\System\pKuAFrj.exe
  2⤵
  PID:3624
- C:\Windows\System\ERdupGd.exe
  C:\Windows\System\ERdupGd.exe
  2⤵
  PID:3656
- C:\Windows\System\wNgpCUp.exe
  C:\Windows\System\wNgpCUp.exe
  2⤵
  PID:3704
- C:\Windows\System\pKrzRpB.exe
  C:\Windows\System\pKrzRpB.exe
  2⤵
  PID:3736
- C:\Windows\System\ljRPIFJ.exe
  C:\Windows\System\ljRPIFJ.exe
  2⤵
  PID:3760
- C:\Windows\System\uWsPKCX.exe
  C:\Windows\System\uWsPKCX.exe
  2⤵
  PID:3784
- C:\Windows\System\bXFcIUG.exe
  C:\Windows\System\bXFcIUG.exe
  2⤵
  PID:3844
- C:\Windows\System\PuCxmeO.exe
  C:\Windows\System\PuCxmeO.exe
  2⤵
  PID:3864
- C:\Windows\System\nxTpWUq.exe
  C:\Windows\System\nxTpWUq.exe
  2⤵
  PID:3900
- C:\Windows\System\CAVuLsZ.exe
  C:\Windows\System\CAVuLsZ.exe
  2⤵
  PID:3960
- C:\Windows\System\ttgGXwg.exe
  C:\Windows\System\ttgGXwg.exe
  2⤵
  PID:3964
- C:\Windows\System\VtQFinr.exe
  C:\Windows\System\VtQFinr.exe
  2⤵
  PID:3984
- C:\Windows\System\uUrNnhM.exe
  C:\Windows\System\uUrNnhM.exe
  2⤵
  PID:4028
- C:\Windows\System\iRYiQYo.exe
  C:\Windows\System\iRYiQYo.exe
  2⤵
  PID:4064
- C:\Windows\System\QRGDaod.exe
  C:\Windows\System\QRGDaod.exe
  2⤵
  PID:1988
- C:\Windows\System\ockzbLH.exe
  C:\Windows\System\ockzbLH.exe
  2⤵
  PID:1380
- C:\Windows\System\ofREBqI.exe
  C:\Windows\System\ofREBqI.exe
  2⤵
  PID:880
- C:\Windows\System\lbmLxLw.exe
  C:\Windows\System\lbmLxLw.exe
  2⤵
  PID:900
- C:\Windows\System\BwMxAMW.exe
  C:\Windows\System\BwMxAMW.exe
  2⤵
  PID:892
- C:\Windows\System\VxqUGZb.exe
  C:\Windows\System\VxqUGZb.exe
  2⤵
  PID:2844
- C:\Windows\System\NcsYAyz.exe
  C:\Windows\System\NcsYAyz.exe
  2⤵
  PID:1432
- C:\Windows\System\kUPYugm.exe
  C:\Windows\System\kUPYugm.exe
  2⤵
  PID:2288
- C:\Windows\System\MXBBDnC.exe
  C:\Windows\System\MXBBDnC.exe
  2⤵
  PID:1352
- C:\Windows\System\mkidvEM.exe
  C:\Windows\System\mkidvEM.exe
  2⤵
  PID:3112
- C:\Windows\System\jZHnGXP.exe
  C:\Windows\System\jZHnGXP.exe
  2⤵
  PID:3212
- C:\Windows\System\sSOtDbW.exe
  C:\Windows\System\sSOtDbW.exe
  2⤵
  PID:3196
- C:\Windows\System\obTxjWL.exe
  C:\Windows\System\obTxjWL.exe
  2⤵
  PID:3296
- C:\Windows\System\ZTjDwlu.exe
  C:\Windows\System\ZTjDwlu.exe
  2⤵
  PID:3376
- C:\Windows\System\UvksjXk.exe
  C:\Windows\System\UvksjXk.exe
  2⤵
  PID:3400
- C:\Windows\System\DsoUVgv.exe
  C:\Windows\System\DsoUVgv.exe
  2⤵
  PID:3464
- C:\Windows\System\pNAirfs.exe
  C:\Windows\System\pNAirfs.exe
  2⤵
  PID:3556
- C:\Windows\System\XnIIxvN.exe
  C:\Windows\System\XnIIxvN.exe
  2⤵
  PID:3596
- C:\Windows\System\jNNGMCm.exe
  C:\Windows\System\jNNGMCm.exe
  2⤵
  PID:3616
- C:\Windows\System\GkSvZUk.exe
  C:\Windows\System\GkSvZUk.exe
  2⤵
  PID:3680
- C:\Windows\System\qrKRYaa.exe
  C:\Windows\System\qrKRYaa.exe
  2⤵
  PID:3800
- C:\Windows\System\dAtVEsA.exe
  C:\Windows\System\dAtVEsA.exe
  2⤵
  PID:3820
- C:\Windows\System\auTBgZc.exe
  C:\Windows\System\auTBgZc.exe
  2⤵
  PID:3840
- C:\Windows\System\nRRJHFz.exe
  C:\Windows\System\nRRJHFz.exe
  2⤵
  PID:3884
- C:\Windows\System\gXOYFIp.exe
  C:\Windows\System\gXOYFIp.exe
  2⤵
  PID:3948
- C:\Windows\System\ZtpRoKa.exe
  C:\Windows\System\ZtpRoKa.exe
  2⤵
  PID:4044
- C:\Windows\System\xArxleg.exe
  C:\Windows\System\xArxleg.exe
  2⤵
  PID:776
- C:\Windows\System\YlPMzWR.exe
  C:\Windows\System\YlPMzWR.exe
  2⤵
  PID:2172
- C:\Windows\System\PwHaOvf.exe
  C:\Windows\System\PwHaOvf.exe
  2⤵
  PID:2252
- C:\Windows\System\dSoGgyZ.exe
  C:\Windows\System\dSoGgyZ.exe
  2⤵
  PID:1444
- C:\Windows\System\bXevPYV.exe
  C:\Windows\System\bXevPYV.exe
  2⤵
  PID:2536
- C:\Windows\System\lONKKNr.exe
  C:\Windows\System\lONKKNr.exe
  2⤵
  PID:4108
- C:\Windows\System\ggmjJIS.exe
  C:\Windows\System\ggmjJIS.exe
  2⤵
  PID:4136
- C:\Windows\System\WniSmih.exe
  C:\Windows\System\WniSmih.exe
  2⤵
  PID:4156
- C:\Windows\System\yzLACAj.exe
  C:\Windows\System\yzLACAj.exe
  2⤵
  PID:4176
- C:\Windows\System\QLigwee.exe
  C:\Windows\System\QLigwee.exe
  2⤵
  PID:4196
- C:\Windows\System\sgCLxzr.exe
  C:\Windows\System\sgCLxzr.exe
  2⤵
  PID:4216
- C:\Windows\System\rujGyVy.exe
  C:\Windows\System\rujGyVy.exe
  2⤵
  PID:4236
- C:\Windows\System\eazikQd.exe
  C:\Windows\System\eazikQd.exe
  2⤵
  PID:4256
- C:\Windows\System\kCngJZR.exe
  C:\Windows\System\kCngJZR.exe
  2⤵
  PID:4276
- C:\Windows\System\ljkFPJz.exe
  C:\Windows\System\ljkFPJz.exe
  2⤵
  PID:4296
- C:\Windows\System\AxfWgEM.exe
  C:\Windows\System\AxfWgEM.exe
  2⤵
  PID:4316
- C:\Windows\System\OrIFDjr.exe
  C:\Windows\System\OrIFDjr.exe
  2⤵
  PID:4336
- C:\Windows\System\hRLQgZT.exe
  C:\Windows\System\hRLQgZT.exe
  2⤵
  PID:4352
- C:\Windows\System\nTShnbn.exe
  C:\Windows\System\nTShnbn.exe
  2⤵
  PID:4376
- C:\Windows\System\QKOHEUs.exe
  C:\Windows\System\QKOHEUs.exe
  2⤵
  PID:4396
- C:\Windows\System\AHHkeww.exe
  C:\Windows\System\AHHkeww.exe
  2⤵
  PID:4416
- C:\Windows\System\JDfHMFl.exe
  C:\Windows\System\JDfHMFl.exe
  2⤵
  PID:4436
- C:\Windows\System\XpkHVSf.exe
  C:\Windows\System\XpkHVSf.exe
  2⤵
  PID:4456
- C:\Windows\System\mMLvAfk.exe
  C:\Windows\System\mMLvAfk.exe
  2⤵
  PID:4476
- C:\Windows\System\cbuYHVd.exe
  C:\Windows\System\cbuYHVd.exe
  2⤵
  PID:4496
- C:\Windows\System\EGvBfWh.exe
  C:\Windows\System\EGvBfWh.exe
  2⤵
  PID:4516
- C:\Windows\System\CqdSOjN.exe
  C:\Windows\System\CqdSOjN.exe
  2⤵
  PID:4536
- C:\Windows\System\GtScCjA.exe
  C:\Windows\System\GtScCjA.exe
  2⤵
  PID:4556
- C:\Windows\System\aWeziYD.exe
  C:\Windows\System\aWeziYD.exe
  2⤵
  PID:4580
- C:\Windows\System\QBufLiR.exe
  C:\Windows\System\QBufLiR.exe
  2⤵
  PID:4600
- C:\Windows\System\KXQFmVd.exe
  C:\Windows\System\KXQFmVd.exe
  2⤵
  PID:4620
- C:\Windows\System\MguqQfH.exe
  C:\Windows\System\MguqQfH.exe
  2⤵
  PID:4640
- C:\Windows\System\NFXYOzR.exe
  C:\Windows\System\NFXYOzR.exe
  2⤵
  PID:4660
- C:\Windows\System\CBeZYCu.exe
  C:\Windows\System\CBeZYCu.exe
  2⤵
  PID:4676
- C:\Windows\System\TyHDvly.exe
  C:\Windows\System\TyHDvly.exe
  2⤵
  PID:4700
- C:\Windows\System\DgHRiiZ.exe
  C:\Windows\System\DgHRiiZ.exe
  2⤵
  PID:4720
- C:\Windows\System\SnSYzgh.exe
  C:\Windows\System\SnSYzgh.exe
  2⤵
  PID:4740
- C:\Windows\System\tZkfpzS.exe
  C:\Windows\System\tZkfpzS.exe
  2⤵
  PID:4760
- C:\Windows\System\bNXCWCn.exe
  C:\Windows\System\bNXCWCn.exe
  2⤵
  PID:4780
- C:\Windows\System\EIfHcgQ.exe
  C:\Windows\System\EIfHcgQ.exe
  2⤵
  PID:4800
- C:\Windows\System\FgVrOQg.exe
  C:\Windows\System\FgVrOQg.exe
  2⤵
  PID:4820
- C:\Windows\System\ZxeGlqY.exe
  C:\Windows\System\ZxeGlqY.exe
  2⤵
  PID:4840
- C:\Windows\System\mROjdgd.exe
  C:\Windows\System\mROjdgd.exe
  2⤵
  PID:4860
- C:\Windows\System\jshrinJ.exe
  C:\Windows\System\jshrinJ.exe
  2⤵
  PID:4880
- C:\Windows\System\cIpyQON.exe
  C:\Windows\System\cIpyQON.exe
  2⤵
  PID:4900
- C:\Windows\System\OAXpBVd.exe
  C:\Windows\System\OAXpBVd.exe
  2⤵
  PID:4920
- C:\Windows\System\qdtsmeI.exe
  C:\Windows\System\qdtsmeI.exe
  2⤵
  PID:4940
- C:\Windows\System\UVNCdAC.exe
  C:\Windows\System\UVNCdAC.exe
  2⤵
  PID:4960
- C:\Windows\System\BzSlxkY.exe
  C:\Windows\System\BzSlxkY.exe
  2⤵
  PID:4980
- C:\Windows\System\rgwNRXq.exe
  C:\Windows\System\rgwNRXq.exe
  2⤵
  PID:5000
- C:\Windows\System\qgAtNUG.exe
  C:\Windows\System\qgAtNUG.exe
  2⤵
  PID:5020
- C:\Windows\System\WfyVVGe.exe
  C:\Windows\System\WfyVVGe.exe
  2⤵
  PID:5040
- C:\Windows\System\pTqdjWg.exe
  C:\Windows\System\pTqdjWg.exe
  2⤵
  PID:5060
- C:\Windows\System\ZcVibgN.exe
  C:\Windows\System\ZcVibgN.exe
  2⤵
  PID:5080
- C:\Windows\System\SDDploH.exe
  C:\Windows\System\SDDploH.exe
  2⤵
  PID:5100
- C:\Windows\System\IxrHhPU.exe
  C:\Windows\System\IxrHhPU.exe
  2⤵
  PID:3096
- C:\Windows\System\EdHDkNT.exe
  C:\Windows\System\EdHDkNT.exe
  2⤵
  PID:1696
- C:\Windows\System\bjODAHz.exe
  C:\Windows\System\bjODAHz.exe
  2⤵
  PID:3280
- C:\Windows\System\TFADEri.exe
  C:\Windows\System\TFADEri.exe
  2⤵
  PID:3260
- C:\Windows\System\uFRvSFK.exe
  C:\Windows\System\uFRvSFK.exe
  2⤵
  PID:3356
- C:\Windows\System\agPzeqL.exe
  C:\Windows\System\agPzeqL.exe
  2⤵
  PID:3564
- C:\Windows\System\bDFbaKt.exe
  C:\Windows\System\bDFbaKt.exe
  2⤵
  PID:3644
- C:\Windows\System\CHtoDmM.exe
  C:\Windows\System\CHtoDmM.exe
  2⤵
  PID:3664
- C:\Windows\System\WgpmHVz.exe
  C:\Windows\System\WgpmHVz.exe
  2⤵
  PID:3744
- C:\Windows\System\HFbMqPs.exe
  C:\Windows\System\HFbMqPs.exe
  2⤵
  PID:3904
- C:\Windows\System\baDBfZG.exe
  C:\Windows\System\baDBfZG.exe
  2⤵
  PID:4008
- C:\Windows\System\SvQCIkw.exe
  C:\Windows\System\SvQCIkw.exe
  2⤵
  PID:4084
- C:\Windows\System\SduBwXm.exe
  C:\Windows\System\SduBwXm.exe
  2⤵
  PID:1620
- C:\Windows\System\fZizAmV.exe
  C:\Windows\System\fZizAmV.exe
  2⤵
  PID:3040
- C:\Windows\System\wXFDDfG.exe
  C:\Windows\System\wXFDDfG.exe
  2⤵
  PID:4104
- C:\Windows\System\HGdDHSn.exe
  C:\Windows\System\HGdDHSn.exe
  2⤵
  PID:4144
- C:\Windows\System\yTMbhzx.exe
  C:\Windows\System\yTMbhzx.exe
  2⤵
  PID:4164
- C:\Windows\System\lKFtSKi.exe
  C:\Windows\System\lKFtSKi.exe
  2⤵
  PID:4204
- C:\Windows\System\AgaHeLh.exe
  C:\Windows\System\AgaHeLh.exe
  2⤵
  PID:4244
- C:\Windows\System\gOpFnpr.exe
  C:\Windows\System\gOpFnpr.exe
  2⤵
  PID:4268
- C:\Windows\System\yjPivCm.exe
  C:\Windows\System\yjPivCm.exe
  2⤵
  PID:4292
- C:\Windows\System\kmcHfyT.exe
  C:\Windows\System\kmcHfyT.exe
  2⤵
  PID:4344
- C:\Windows\System\TKxbuTH.exe
  C:\Windows\System\TKxbuTH.exe
  2⤵
  PID:4384
- C:\Windows\System\CFjTiFd.exe
  C:\Windows\System\CFjTiFd.exe
  2⤵
  PID:4412
- C:\Windows\System\JjCWTKT.exe
  C:\Windows\System\JjCWTKT.exe
  2⤵
  PID:4444
- C:\Windows\System\tnnPGGR.exe
  C:\Windows\System\tnnPGGR.exe
  2⤵
  PID:4468
- C:\Windows\System\WAUMSGL.exe
  C:\Windows\System\WAUMSGL.exe
  2⤵
  PID:4508
- C:\Windows\System\eLBjTSF.exe
  C:\Windows\System\eLBjTSF.exe
  2⤵
  PID:4552
- C:\Windows\System\HyFrFbQ.exe
  C:\Windows\System\HyFrFbQ.exe
  2⤵
  PID:4596
- C:\Windows\System\CFjlDLN.exe
  C:\Windows\System\CFjlDLN.exe
  2⤵
  PID:4616
- C:\Windows\System\XTMhumP.exe
  C:\Windows\System\XTMhumP.exe
  2⤵
  PID:4668
- C:\Windows\System\OBcKUGD.exe
  C:\Windows\System\OBcKUGD.exe
  2⤵
  PID:4684
- C:\Windows\System\UidlbfP.exe
  C:\Windows\System\UidlbfP.exe
  2⤵
  PID:4712
- C:\Windows\System\aTqfVMR.exe
  C:\Windows\System\aTqfVMR.exe
  2⤵
  PID:4756
- C:\Windows\System\ODHqAQy.exe
  C:\Windows\System\ODHqAQy.exe
  2⤵
  PID:4768
- C:\Windows\System\nqzfraP.exe
  C:\Windows\System\nqzfraP.exe
  2⤵
  PID:4836
- C:\Windows\System\olDrdLY.exe
  C:\Windows\System\olDrdLY.exe
  2⤵
  PID:4848
- C:\Windows\System\YZFnwui.exe
  C:\Windows\System\YZFnwui.exe
  2⤵
  PID:4888
- C:\Windows\System\qPwSczq.exe
  C:\Windows\System\qPwSczq.exe
  2⤵
  PID:4912
- C:\Windows\System\mgZQzAI.exe
  C:\Windows\System\mgZQzAI.exe
  2⤵
  PID:4956
- C:\Windows\System\oZaUApp.exe
  C:\Windows\System\oZaUApp.exe
  2⤵
  PID:4972
- C:\Windows\System\iIDnOnK.exe
  C:\Windows\System\iIDnOnK.exe
  2⤵
  PID:5036
- C:\Windows\System\rSNkcTH.exe
  C:\Windows\System\rSNkcTH.exe
  2⤵
  PID:5048
- C:\Windows\System\spmBHGC.exe
  C:\Windows\System\spmBHGC.exe
  2⤵
  PID:5108
- C:\Windows\System\mLdSqxK.exe
  C:\Windows\System\mLdSqxK.exe
  2⤵
  PID:5112
- C:\Windows\System\nrWoiFr.exe
  C:\Windows\System\nrWoiFr.exe
  2⤵
  PID:1520
- C:\Windows\System\jnEoLPa.exe
  C:\Windows\System\jnEoLPa.exe
  2⤵
  PID:3440
- C:\Windows\System\KZOWFvZ.exe
  C:\Windows\System\KZOWFvZ.exe
  2⤵
  PID:3424
- C:\Windows\System\SPfelNz.exe
  C:\Windows\System\SPfelNz.exe
  2⤵
  PID:3640
- C:\Windows\System\hngrVCm.exe
  C:\Windows\System\hngrVCm.exe
  2⤵
  PID:3824
- C:\Windows\System\iprqDuF.exe
  C:\Windows\System\iprqDuF.exe
  2⤵
  PID:3860
- C:\Windows\System\aItprzi.exe
  C:\Windows\System\aItprzi.exe
  2⤵
  PID:1284
- C:\Windows\System\yLlHlbW.exe
  C:\Windows\System\yLlHlbW.exe
  2⤵
  PID:2324
- C:\Windows\System\tQhBeem.exe
  C:\Windows\System\tQhBeem.exe
  2⤵
  PID:4192
- C:\Windows\System\HDHChgF.exe
  C:\Windows\System\HDHChgF.exe
  2⤵
  PID:4224
- C:\Windows\System\xHDxvGC.exe
  C:\Windows\System\xHDxvGC.exe
  2⤵
  PID:4272
- C:\Windows\System\lbUGkgW.exe
  C:\Windows\System\lbUGkgW.exe
  2⤵
  PID:4324
- C:\Windows\System\LXRuCqD.exe
  C:\Windows\System\LXRuCqD.exe
  2⤵
  PID:4388
- C:\Windows\System\ODnAqaS.exe
  C:\Windows\System\ODnAqaS.exe
  2⤵
  PID:4432
- C:\Windows\System\zkNwcuy.exe
  C:\Windows\System\zkNwcuy.exe
  2⤵
  PID:4472
- C:\Windows\System\rkUZyKy.exe
  C:\Windows\System\rkUZyKy.exe
  2⤵
  PID:4544
- C:\Windows\System\XfmHWPQ.exe
  C:\Windows\System\XfmHWPQ.exe
  2⤵
  PID:4636
- C:\Windows\System\GaTXWos.exe
  C:\Windows\System\GaTXWos.exe
  2⤵
  PID:4692
- C:\Windows\System\VWQYuDZ.exe
  C:\Windows\System\VWQYuDZ.exe
  2⤵
  PID:4736
- C:\Windows\System\AfrXvIB.exe
  C:\Windows\System\AfrXvIB.exe
  2⤵
  PID:4796
- C:\Windows\System\cZxUlES.exe
  C:\Windows\System\cZxUlES.exe
  2⤵
  PID:4816
- C:\Windows\System\NujFDEK.exe
  C:\Windows\System\NujFDEK.exe
  2⤵
  PID:4876
- C:\Windows\System\saSkqdZ.exe
  C:\Windows\System\saSkqdZ.exe
  2⤵
  PID:4932
- C:\Windows\System\lTvHCcH.exe
  C:\Windows\System\lTvHCcH.exe
  2⤵
  PID:5068
- C:\Windows\System\TkxrXJh.exe
  C:\Windows\System\TkxrXJh.exe
  2⤵
  PID:5052
- C:\Windows\System\VMJQKDU.exe
  C:\Windows\System\VMJQKDU.exe
  2⤵
  PID:5076
- C:\Windows\System\lpdtnef.exe
  C:\Windows\System\lpdtnef.exe
  2⤵
  PID:3416
- C:\Windows\System\dHhboVb.exe
  C:\Windows\System\dHhboVb.exe
  2⤵
  PID:3384
- C:\Windows\System\oNbCLxe.exe
  C:\Windows\System\oNbCLxe.exe
  2⤵
  PID:4048
- C:\Windows\System\zAtnfjQ.exe
  C:\Windows\System\zAtnfjQ.exe
  2⤵
  PID:1776
- C:\Windows\System\NuVVjtI.exe
  C:\Windows\System\NuVVjtI.exe
  2⤵
  PID:4124
- C:\Windows\System\YJzVoDA.exe
  C:\Windows\System\YJzVoDA.exe
  2⤵
  PID:4184
- C:\Windows\System\FffgBOg.exe
  C:\Windows\System\FffgBOg.exe
  2⤵
  PID:4308
- C:\Windows\System\uDNPJdD.exe
  C:\Windows\System\uDNPJdD.exe
  2⤵
  PID:5140
- C:\Windows\System\nBtYoKb.exe
  C:\Windows\System\nBtYoKb.exe
  2⤵
  PID:5160
- C:\Windows\System\uZFURlC.exe
  C:\Windows\System\uZFURlC.exe
  2⤵
  PID:5180
- C:\Windows\System\OYzTfoH.exe
  C:\Windows\System\OYzTfoH.exe
  2⤵
  PID:5200
- C:\Windows\System\CClAOjc.exe
  C:\Windows\System\CClAOjc.exe
  2⤵
  PID:5220
- C:\Windows\System\XfgjibW.exe
  C:\Windows\System\XfgjibW.exe
  2⤵
  PID:5240
- C:\Windows\System\CRIjgua.exe
  C:\Windows\System\CRIjgua.exe
  2⤵
  PID:5260
- C:\Windows\System\fnqhdPU.exe
  C:\Windows\System\fnqhdPU.exe
  2⤵
  PID:5280
- C:\Windows\System\yrHOFxT.exe
  C:\Windows\System\yrHOFxT.exe
  2⤵
  PID:5300
- C:\Windows\System\LIUePjD.exe
  C:\Windows\System\LIUePjD.exe
  2⤵
  PID:5320
- C:\Windows\System\GLyCmII.exe
  C:\Windows\System\GLyCmII.exe
  2⤵
  PID:5340
- C:\Windows\System\SgiQjqJ.exe
  C:\Windows\System\SgiQjqJ.exe
  2⤵
  PID:5360
- C:\Windows\System\YCHVeej.exe
  C:\Windows\System\YCHVeej.exe
  2⤵
  PID:5380
- C:\Windows\System\AvUsoVl.exe
  C:\Windows\System\AvUsoVl.exe
  2⤵
  PID:5400
- C:\Windows\System\DHumdcA.exe
  C:\Windows\System\DHumdcA.exe
  2⤵
  PID:5420
- C:\Windows\System\psYQsUj.exe
  C:\Windows\System\psYQsUj.exe
  2⤵
  PID:5440
- C:\Windows\System\sftaudT.exe
  C:\Windows\System\sftaudT.exe
  2⤵
  PID:5460
- C:\Windows\System\tiOjvkw.exe
  C:\Windows\System\tiOjvkw.exe
  2⤵
  PID:5476
- C:\Windows\System\mXaOvMX.exe
  C:\Windows\System\mXaOvMX.exe
  2⤵
  PID:5500
- C:\Windows\System\YGJuBQO.exe
  C:\Windows\System\YGJuBQO.exe
  2⤵
  PID:5520
- C:\Windows\System\oRBoUdr.exe
  C:\Windows\System\oRBoUdr.exe
  2⤵
  PID:5540
- C:\Windows\System\fwZgtqa.exe
  C:\Windows\System\fwZgtqa.exe
  2⤵
  PID:5560
- C:\Windows\System\TdmTTVo.exe
  C:\Windows\System\TdmTTVo.exe
  2⤵
  PID:5580
- C:\Windows\System\cNWOorx.exe
  C:\Windows\System\cNWOorx.exe
  2⤵
  PID:5600
- C:\Windows\System\KTqRrdI.exe
  C:\Windows\System\KTqRrdI.exe
  2⤵
  PID:5620
- C:\Windows\System\gCBgzyv.exe
  C:\Windows\System\gCBgzyv.exe
  2⤵
  PID:5640
- C:\Windows\System\rlCkBnN.exe
  C:\Windows\System\rlCkBnN.exe
  2⤵
  PID:5660
- C:\Windows\System\LarVgHh.exe
  C:\Windows\System\LarVgHh.exe
  2⤵
  PID:5676
- C:\Windows\System\WMzecaQ.exe
  C:\Windows\System\WMzecaQ.exe
  2⤵
  PID:5700
- C:\Windows\System\oDpSkEV.exe
  C:\Windows\System\oDpSkEV.exe
  2⤵
  PID:5720
- C:\Windows\System\jLItBhD.exe
  C:\Windows\System\jLItBhD.exe
  2⤵
  PID:5740
- C:\Windows\System\FQNWUgF.exe
  C:\Windows\System\FQNWUgF.exe
  2⤵
  PID:5760
- C:\Windows\System\FkpQWUI.exe
  C:\Windows\System\FkpQWUI.exe
  2⤵
  PID:5780
- C:\Windows\System\iGcYTWg.exe
  C:\Windows\System\iGcYTWg.exe
  2⤵
  PID:5800
- C:\Windows\System\jUedzXE.exe
  C:\Windows\System\jUedzXE.exe
  2⤵
  PID:5820
- C:\Windows\System\gAYhphq.exe
  C:\Windows\System\gAYhphq.exe
  2⤵
  PID:5840
- C:\Windows\System\kQXMNOa.exe
  C:\Windows\System\kQXMNOa.exe
  2⤵
  PID:5860
- C:\Windows\System\Biozzcu.exe
  C:\Windows\System\Biozzcu.exe
  2⤵
  PID:5876
- C:\Windows\System\rwEZTTo.exe
  C:\Windows\System\rwEZTTo.exe
  2⤵
  PID:5900
- C:\Windows\System\TRveHgc.exe
  C:\Windows\System\TRveHgc.exe
  2⤵
  PID:5920
- C:\Windows\System\jgYvmfQ.exe
  C:\Windows\System\jgYvmfQ.exe
  2⤵
  PID:5940
- C:\Windows\System\sqLfAyA.exe
  C:\Windows\System\sqLfAyA.exe
  2⤵
  PID:5960
- C:\Windows\System\ZhHupcI.exe
  C:\Windows\System\ZhHupcI.exe
  2⤵
  PID:5980
- C:\Windows\System\pmRDXMP.exe
  C:\Windows\System\pmRDXMP.exe
  2⤵
  PID:6000
- C:\Windows\System\ripvSHm.exe
  C:\Windows\System\ripvSHm.exe
  2⤵
  PID:6020
- C:\Windows\System\PLSTPtN.exe
  C:\Windows\System\PLSTPtN.exe
  2⤵
  PID:6040
- C:\Windows\System\SpUyWAj.exe
  C:\Windows\System\SpUyWAj.exe
  2⤵
  PID:6060
- C:\Windows\System\OfAicgr.exe
  C:\Windows\System\OfAicgr.exe
  2⤵
  PID:6080
- C:\Windows\System\XigoaZR.exe
  C:\Windows\System\XigoaZR.exe
  2⤵
  PID:6100
- C:\Windows\System\lBzKCFn.exe
  C:\Windows\System\lBzKCFn.exe
  2⤵
  PID:6120
- C:\Windows\System\jvGuZNV.exe
  C:\Windows\System\jvGuZNV.exe
  2⤵
  PID:6140
- C:\Windows\System\iHHlXcz.exe
  C:\Windows\System\iHHlXcz.exe
  2⤵
  PID:4428
- C:\Windows\System\QKmchxp.exe
  C:\Windows\System\QKmchxp.exe
  2⤵
  PID:4448
- C:\Windows\System\Ilwsdbe.exe
  C:\Windows\System\Ilwsdbe.exe
  2⤵
  PID:4652
- C:\Windows\System\FKDkeiB.exe
  C:\Windows\System\FKDkeiB.exe
  2⤵
  PID:4732
- C:\Windows\System\VExRTXM.exe
  C:\Windows\System\VExRTXM.exe
  2⤵
  PID:4812
- C:\Windows\System\LYetTRR.exe
  C:\Windows\System\LYetTRR.exe
  2⤵
  PID:4916
- C:\Windows\System\trkkzWe.exe
  C:\Windows\System\trkkzWe.exe
  2⤵
  PID:4948
- C:\Windows\System\ggpIVmY.exe
  C:\Windows\System\ggpIVmY.exe
  2⤵
  PID:5028
- C:\Windows\System\zkXcaMH.exe
  C:\Windows\System\zkXcaMH.exe
  2⤵
  PID:3220
- C:\Windows\System\gKejSkh.exe
  C:\Windows\System\gKejSkh.exe
  2⤵
  PID:3636
- C:\Windows\System\vjiALMt.exe
  C:\Windows\System\vjiALMt.exe
  2⤵
  PID:1972
- C:\Windows\System\bZlyaxJ.exe
  C:\Windows\System\bZlyaxJ.exe
  2⤵
  PID:4252
- C:\Windows\System\PaHrRVA.exe
  C:\Windows\System\PaHrRVA.exe
  2⤵
  PID:4168
- C:\Windows\System\PRyPBEV.exe
  C:\Windows\System\PRyPBEV.exe
  2⤵
  PID:5176
- C:\Windows\System\oczHccH.exe
  C:\Windows\System\oczHccH.exe
  2⤵
  PID:5212
- C:\Windows\System\dRXZGQD.exe
  C:\Windows\System\dRXZGQD.exe
  2⤵
  PID:5228
- C:\Windows\System\PtdTiTT.exe
  C:\Windows\System\PtdTiTT.exe
  2⤵
  PID:5288
- C:\Windows\System\kEuruif.exe
  C:\Windows\System\kEuruif.exe
  2⤵
  PID:5308
- C:\Windows\System\WKbxWFW.exe
  C:\Windows\System\WKbxWFW.exe
  2⤵
  PID:5332
- C:\Windows\System\CcINvVZ.exe
  C:\Windows\System\CcINvVZ.exe
  2⤵
  PID:5356
- C:\Windows\System\UkXNCWm.exe
  C:\Windows\System\UkXNCWm.exe
  2⤵
  PID:5416
- C:\Windows\System\XMllgYJ.exe
  C:\Windows\System\XMllgYJ.exe
  2⤵
  PID:5428
- C:\Windows\System\VbfUYfp.exe
  C:\Windows\System\VbfUYfp.exe
  2⤵
  PID:5484
- C:\Windows\System\SxdJDTH.exe
  C:\Windows\System\SxdJDTH.exe
  2⤵
  PID:5528
- C:\Windows\System\vtNJZPb.exe
  C:\Windows\System\vtNJZPb.exe
  2⤵
  PID:5516
- C:\Windows\System\IeoXaIj.exe
  C:\Windows\System\IeoXaIj.exe
  2⤵
  PID:5576
- C:\Windows\System\CojVOIz.exe
  C:\Windows\System\CojVOIz.exe
  2⤵
  PID:5592
- C:\Windows\System\gZRqQDx.exe
  C:\Windows\System\gZRqQDx.exe
  2⤵
  PID:5632
- C:\Windows\System\JLvovnB.exe
  C:\Windows\System\JLvovnB.exe
  2⤵
  PID:5684
- C:\Windows\System\MtPrTUO.exe
  C:\Windows\System\MtPrTUO.exe
  2⤵
  PID:5728
- C:\Windows\System\JTatVqQ.exe
  C:\Windows\System\JTatVqQ.exe
  2⤵
  PID:5712
- C:\Windows\System\rmIWlym.exe
  C:\Windows\System\rmIWlym.exe
  2⤵
  PID:5756
- C:\Windows\System\cQdVCYe.exe
  C:\Windows\System\cQdVCYe.exe
  2⤵
  PID:5796
- C:\Windows\System\gfGscwI.exe
  C:\Windows\System\gfGscwI.exe
  2⤵
  PID:5836
- C:\Windows\System\eNrNYTx.exe
  C:\Windows\System\eNrNYTx.exe
  2⤵
  PID:1112
- C:\Windows\System\HubtcjT.exe
  C:\Windows\System\HubtcjT.exe
  2⤵
  PID:5872
- C:\Windows\System\NJqyEGI.exe
  C:\Windows\System\NJqyEGI.exe
  2⤵
  PID:5912
- C:\Windows\System\VSUIuzM.exe
  C:\Windows\System\VSUIuzM.exe
  2⤵
  PID:5976
- C:\Windows\System\bkGtbGT.exe
  C:\Windows\System\bkGtbGT.exe
  2⤵
  PID:5988
- C:\Windows\System\dUOhkyQ.exe
  C:\Windows\System\dUOhkyQ.exe
  2⤵
  PID:6048
- C:\Windows\System\OCTrMIn.exe
  C:\Windows\System\OCTrMIn.exe
  2⤵
  PID:6052
- C:\Windows\System\JneFGhd.exe
  C:\Windows\System\JneFGhd.exe
  2⤵
  PID:6096
- C:\Windows\System\oLsCTft.exe
  C:\Windows\System\oLsCTft.exe
  2⤵
  PID:6112
- C:\Windows\System\BTyFrZV.exe
  C:\Windows\System\BTyFrZV.exe
  2⤵
  PID:4332
- C:\Windows\System\ANiSGPy.exe
  C:\Windows\System\ANiSGPy.exe
  2⤵
  PID:4528
- C:\Windows\System\JEZMKNw.exe
  C:\Windows\System\JEZMKNw.exe
  2⤵
  PID:4908
- C:\Windows\System\wcoEFMS.exe
  C:\Windows\System\wcoEFMS.exe
  2⤵
  PID:4872
- C:\Windows\System\sYGYHij.exe
  C:\Windows\System\sYGYHij.exe
  2⤵
  PID:5008
- C:\Windows\System\SQcQCEx.exe
  C:\Windows\System\SQcQCEx.exe
  2⤵
  PID:3460
- C:\Windows\System\LJNkDIf.exe
  C:\Windows\System\LJNkDIf.exe
  2⤵
  PID:4148
- C:\Windows\System\fPngfhv.exe
  C:\Windows\System\fPngfhv.exe
  2⤵
  PID:5156
- C:\Windows\System\gtMMMZe.exe
  C:\Windows\System\gtMMMZe.exe
  2⤵
  PID:5132
- C:\Windows\System\CzbtgdP.exe
  C:\Windows\System\CzbtgdP.exe
  2⤵
  PID:5272
- C:\Windows\System\azwscuN.exe
  C:\Windows\System\azwscuN.exe
  2⤵
  PID:5372
- C:\Windows\System\hRlUNUv.exe
  C:\Windows\System\hRlUNUv.exe
  2⤵
  PID:5336
- C:\Windows\System\sNnZaFk.exe
  C:\Windows\System\sNnZaFk.exe
  2⤵
  PID:5396
- C:\Windows\System\ZMkwxHn.exe
  C:\Windows\System\ZMkwxHn.exe
  2⤵
  PID:5472
- C:\Windows\System\NmpliiH.exe
  C:\Windows\System\NmpliiH.exe
  2⤵
  PID:5488
- C:\Windows\System\SkDNcpL.exe
  C:\Windows\System\SkDNcpL.exe
  2⤵
  PID:5636
- C:\Windows\System\mezJhlT.exe
  C:\Windows\System\mezJhlT.exe
  2⤵
  PID:5672
- C:\Windows\System\LZlLVGb.exe
  C:\Windows\System\LZlLVGb.exe
  2⤵
  PID:5588
- C:\Windows\System\qCuNEKd.exe
  C:\Windows\System\qCuNEKd.exe
  2⤵
  PID:5808
- C:\Windows\System\utwFuGW.exe
  C:\Windows\System\utwFuGW.exe
  2⤵
  PID:5884
- C:\Windows\System\xxSwJbK.exe
  C:\Windows\System\xxSwJbK.exe
  2⤵
  PID:5888
- C:\Windows\System\QQReWYu.exe
  C:\Windows\System\QQReWYu.exe
  2⤵
  PID:5852
- C:\Windows\System\cvcluzA.exe
  C:\Windows\System\cvcluzA.exe
  2⤵
  PID:6016
- C:\Windows\System\ybmBsqV.exe
  C:\Windows\System\ybmBsqV.exe
  2⤵
  PID:6032
- C:\Windows\System\VVZTVPL.exe
  C:\Windows\System\VVZTVPL.exe
  2⤵
  PID:4564
- C:\Windows\System\gUIojzU.exe
  C:\Windows\System\gUIojzU.exe
  2⤵
  PID:4628
- C:\Windows\System\AKyVVgh.exe
  C:\Windows\System\AKyVVgh.exe
  2⤵
  PID:6116
- C:\Windows\System\WJQsinh.exe
  C:\Windows\System\WJQsinh.exe
  2⤵
  PID:4992
- C:\Windows\System\iASkUvk.exe
  C:\Windows\System\iASkUvk.exe
  2⤵
  PID:4852
- C:\Windows\System\aSDievx.exe
  C:\Windows\System\aSDievx.exe
  2⤵
  PID:3584
- C:\Windows\System\ClghEcy.exe
  C:\Windows\System\ClghEcy.exe
  2⤵
  PID:5136
- C:\Windows\System\jHfqoXB.exe
  C:\Windows\System\jHfqoXB.exe
  2⤵
  PID:4000
- C:\Windows\System\neuychX.exe
  C:\Windows\System\neuychX.exe
  2⤵
  PID:5312
- C:\Windows\System\jBpXMSk.exe
  C:\Windows\System\jBpXMSk.exe
  2⤵
  PID:5232
- C:\Windows\System\XWrPanr.exe
  C:\Windows\System\XWrPanr.exe
  2⤵
  PID:5452
- C:\Windows\System\KEIbLuI.exe
  C:\Windows\System\KEIbLuI.exe
  2⤵
  PID:5696
- C:\Windows\System\zAsqovR.exe
  C:\Windows\System\zAsqovR.exe
  2⤵
  PID:5772
- C:\Windows\System\SNjjmHM.exe
  C:\Windows\System\SNjjmHM.exe
  2⤵
  PID:5716
- C:\Windows\System\QTNfMYm.exe
  C:\Windows\System\QTNfMYm.exe
  2⤵
  PID:6164
- C:\Windows\System\TMCOzNl.exe
  C:\Windows\System\TMCOzNl.exe
  2⤵
  PID:6180
- C:\Windows\System\dXRtGqd.exe
  C:\Windows\System\dXRtGqd.exe
  2⤵
  PID:6204
- C:\Windows\System\dOyKywl.exe
  C:\Windows\System\dOyKywl.exe
  2⤵
  PID:6220
- C:\Windows\System\wnwXpAF.exe
  C:\Windows\System\wnwXpAF.exe
  2⤵
  PID:6244
- C:\Windows\System\ZuQLTbc.exe
  C:\Windows\System\ZuQLTbc.exe
  2⤵
  PID:6264
- C:\Windows\System\ofMEtKQ.exe
  C:\Windows\System\ofMEtKQ.exe
  2⤵
  PID:6280
- C:\Windows\System\vIEdsRH.exe
  C:\Windows\System\vIEdsRH.exe
  2⤵
  PID:6304
- C:\Windows\System\IGzUhhM.exe
  C:\Windows\System\IGzUhhM.exe
  2⤵
  PID:6324
- C:\Windows\System\LBTtGwn.exe
  C:\Windows\System\LBTtGwn.exe
  2⤵
  PID:6344
- C:\Windows\System\rrmoTSi.exe
  C:\Windows\System\rrmoTSi.exe
  2⤵
  PID:6364
- C:\Windows\System\FSRqeNL.exe
  C:\Windows\System\FSRqeNL.exe
  2⤵
  PID:6384
- C:\Windows\System\LJdPxfG.exe
  C:\Windows\System\LJdPxfG.exe
  2⤵
  PID:6404
- C:\Windows\System\jZghhuZ.exe
  C:\Windows\System\jZghhuZ.exe
  2⤵
  PID:6424
- C:\Windows\System\OkJXHcq.exe
  C:\Windows\System\OkJXHcq.exe
  2⤵
  PID:6440
- C:\Windows\System\PIxzQVJ.exe
  C:\Windows\System\PIxzQVJ.exe
  2⤵
  PID:6460
- C:\Windows\System\ZiQaaGh.exe
  C:\Windows\System\ZiQaaGh.exe
  2⤵
  PID:6484
- C:\Windows\System\MMxJpBJ.exe
  C:\Windows\System\MMxJpBJ.exe
  2⤵
  PID:6504
- C:\Windows\System\YbqBZrf.exe
  C:\Windows\System\YbqBZrf.exe
  2⤵
  PID:6524
- C:\Windows\System\rKjgnwv.exe
  C:\Windows\System\rKjgnwv.exe
  2⤵
  PID:6544
- C:\Windows\System\AIDubOv.exe
  C:\Windows\System\AIDubOv.exe
  2⤵
  PID:6564
- C:\Windows\System\nXKJJZa.exe
  C:\Windows\System\nXKJJZa.exe
  2⤵
  PID:6580
- C:\Windows\System\jVXpHuJ.exe
  C:\Windows\System\jVXpHuJ.exe
  2⤵
  PID:6604
- C:\Windows\System\tknYIyS.exe
  C:\Windows\System\tknYIyS.exe
  2⤵
  PID:6620
- C:\Windows\System\amQlMlH.exe
  C:\Windows\System\amQlMlH.exe
  2⤵
  PID:6640
- C:\Windows\System\yuIzjCQ.exe
  C:\Windows\System\yuIzjCQ.exe
  2⤵
  PID:6660
- C:\Windows\System\nNqgoDL.exe
  C:\Windows\System\nNqgoDL.exe
  2⤵
  PID:6684
- C:\Windows\System\wDdPaoM.exe
  C:\Windows\System\wDdPaoM.exe
  2⤵
  PID:6704
- C:\Windows\System\FmunLzm.exe
  C:\Windows\System\FmunLzm.exe
  2⤵
  PID:6728
- C:\Windows\System\HedVitV.exe
  C:\Windows\System\HedVitV.exe
  2⤵
  PID:6744
- C:\Windows\System\jrCSsuI.exe
  C:\Windows\System\jrCSsuI.exe
  2⤵
  PID:6768
- C:\Windows\System\rjwessi.exe
  C:\Windows\System\rjwessi.exe
  2⤵
  PID:6788
- C:\Windows\System\TeBBLxg.exe
  C:\Windows\System\TeBBLxg.exe
  2⤵
  PID:6808
- C:\Windows\System\weWBtCf.exe
  C:\Windows\System\weWBtCf.exe
  2⤵
  PID:6828
- C:\Windows\System\bmzxJVo.exe
  C:\Windows\System\bmzxJVo.exe
  2⤵
  PID:6848
- C:\Windows\System\qVxxMkF.exe
  C:\Windows\System\qVxxMkF.exe
  2⤵
  PID:6868
- C:\Windows\System\RmYYnSU.exe
  C:\Windows\System\RmYYnSU.exe
  2⤵
  PID:6888
- C:\Windows\System\EGBRsBl.exe
  C:\Windows\System\EGBRsBl.exe
  2⤵
  PID:6908
- C:\Windows\System\CnucVfO.exe
  C:\Windows\System\CnucVfO.exe
  2⤵
  PID:6928
- C:\Windows\System\YQHUVbw.exe
  C:\Windows\System\YQHUVbw.exe
  2⤵
  PID:6948
- C:\Windows\System\sKoAkBD.exe
  C:\Windows\System\sKoAkBD.exe
  2⤵
  PID:6968
- C:\Windows\System\kTRgCRy.exe
  C:\Windows\System\kTRgCRy.exe
  2⤵
  PID:6984
- C:\Windows\System\LxbqDFY.exe
  C:\Windows\System\LxbqDFY.exe
  2⤵
  PID:7004
- C:\Windows\System\YDPWWwL.exe
  C:\Windows\System\YDPWWwL.exe
  2⤵
  PID:7024
- C:\Windows\System\NsApqoq.exe
  C:\Windows\System\NsApqoq.exe
  2⤵
  PID:7040
- C:\Windows\System\cFDmoZJ.exe
  C:\Windows\System\cFDmoZJ.exe
  2⤵
  PID:7060
- C:\Windows\System\WrGySWW.exe
  C:\Windows\System\WrGySWW.exe
  2⤵
  PID:7084
- C:\Windows\System\lIDWHdH.exe
  C:\Windows\System\lIDWHdH.exe
  2⤵
  PID:7104
- C:\Windows\System\qoEwaBH.exe
  C:\Windows\System\qoEwaBH.exe
  2⤵
  PID:7124
- C:\Windows\System\EwAdBSz.exe
  C:\Windows\System\EwAdBSz.exe
  2⤵
  PID:7144
- C:\Windows\System\LFefzeh.exe
  C:\Windows\System\LFefzeh.exe
  2⤵
  PID:7164
- C:\Windows\System\MaZoxSD.exe
  C:\Windows\System\MaZoxSD.exe
  2⤵
  PID:5916
- C:\Windows\System\wbntJXD.exe
  C:\Windows\System\wbntJXD.exe
  2⤵
  PID:5856
- C:\Windows\System\YNfDMwp.exe
  C:\Windows\System\YNfDMwp.exe
  2⤵
  PID:6088
- C:\Windows\System\zKKgMti.exe
  C:\Windows\System\zKKgMti.exe
  2⤵
  PID:6072
- C:\Windows\System\VGEbmDG.exe
  C:\Windows\System\VGEbmDG.exe
  2⤵
  PID:4792
- C:\Windows\System\VRlRJyY.exe
  C:\Windows\System\VRlRJyY.exe
  2⤵
  PID:5128
- C:\Windows\System\oBRQPen.exe
  C:\Windows\System\oBRQPen.exe
  2⤵
  PID:5376
- C:\Windows\System\NQpDkAQ.exe
  C:\Windows\System\NQpDkAQ.exe
  2⤵
  PID:5296
- C:\Windows\System\QWRKSOc.exe
  C:\Windows\System\QWRKSOc.exe
  2⤵
  PID:5432
- C:\Windows\System\DSfmvXu.exe
  C:\Windows\System\DSfmvXu.exe
  2⤵
  PID:5692
- C:\Windows\System\CpTRNhl.exe
  C:\Windows\System\CpTRNhl.exe
  2⤵
  PID:6156
- C:\Windows\System\smOmLbV.exe
  C:\Windows\System\smOmLbV.exe
  2⤵
  PID:6196
- C:\Windows\System\tbZDWLQ.exe
  C:\Windows\System\tbZDWLQ.exe
  2⤵
  PID:6240
- C:\Windows\System\QWGtSsF.exe
  C:\Windows\System\QWGtSsF.exe
  2⤵
  PID:6216
- C:\Windows\System\MMlfhhy.exe
  C:\Windows\System\MMlfhhy.exe
  2⤵
  PID:6256
- C:\Windows\System\sPRrsGd.exe
  C:\Windows\System\sPRrsGd.exe
  2⤵
  PID:6296
- C:\Windows\System\AwfNtZz.exe
  C:\Windows\System\AwfNtZz.exe
  2⤵
  PID:6340
- C:\Windows\System\MUqdyVz.exe
  C:\Windows\System\MUqdyVz.exe
  2⤵
  PID:6392
- C:\Windows\System\eDQfGBy.exe
  C:\Windows\System\eDQfGBy.exe
  2⤵
  PID:6376
- C:\Windows\System\eTALNnz.exe
  C:\Windows\System\eTALNnz.exe
  2⤵
  PID:6420
- C:\Windows\System\emAJYPp.exe
  C:\Windows\System\emAJYPp.exe
  2⤵
  PID:6448
- C:\Windows\System\mrgmbFo.exe
  C:\Windows\System\mrgmbFo.exe
  2⤵
  PID:6500
- C:\Windows\System\TYSNmxW.exe
  C:\Windows\System\TYSNmxW.exe
  2⤵
  PID:6560
- C:\Windows\System\OxVnYyC.exe
  C:\Windows\System\OxVnYyC.exe
  2⤵
  PID:6592
- C:\Windows\System\YrIGgmt.exe
  C:\Windows\System\YrIGgmt.exe
  2⤵
  PID:6572
- C:\Windows\System\phGMgkF.exe
  C:\Windows\System\phGMgkF.exe
  2⤵
  PID:6672
- C:\Windows\System\xYxLxUO.exe
  C:\Windows\System\xYxLxUO.exe
  2⤵
  PID:6648
- C:\Windows\System\FJnrjnB.exe
  C:\Windows\System\FJnrjnB.exe
  2⤵
  PID:6712
- C:\Windows\System\iLilTqF.exe
  C:\Windows\System\iLilTqF.exe
  2⤵
  PID:6696
- C:\Windows\System\TGlVwrC.exe
  C:\Windows\System\TGlVwrC.exe
  2⤵
  PID:6800
- C:\Windows\System\OeHsezT.exe
  C:\Windows\System\OeHsezT.exe
  2⤵
  PID:6840
- C:\Windows\System\ThcKlpr.exe
  C:\Windows\System\ThcKlpr.exe
  2⤵
  PID:6784
- C:\Windows\System\WgDUNoK.exe
  C:\Windows\System\WgDUNoK.exe
  2⤵
  PID:6884
- C:\Windows\System\uEZEFyc.exe
  C:\Windows\System\uEZEFyc.exe
  2⤵
  PID:6856
- C:\Windows\System\ADkqfTO.exe
  C:\Windows\System\ADkqfTO.exe
  2⤵
  PID:6960
- C:\Windows\System\TkwtXaE.exe
  C:\Windows\System\TkwtXaE.exe
  2⤵
  PID:6896
- C:\Windows\System\qWAtxcY.exe
  C:\Windows\System\qWAtxcY.exe
  2⤵
  PID:6940
- C:\Windows\System\oCAEMlk.exe
  C:\Windows\System\oCAEMlk.exe
  2⤵
  PID:6980
- C:\Windows\System\IYvnwKx.exe
  C:\Windows\System\IYvnwKx.exe
  2⤵
  PID:7112
- C:\Windows\System\LrXnJLk.exe
  C:\Windows\System\LrXnJLk.exe
  2⤵
  PID:7016
- C:\Windows\System\NRWKOba.exe
  C:\Windows\System\NRWKOba.exe
  2⤵
  PID:7152
- C:\Windows\System\gTrqyBC.exe
  C:\Windows\System\gTrqyBC.exe
  2⤵
  PID:7100
- C:\Windows\System\XNhsVIc.exe
  C:\Windows\System\XNhsVIc.exe
  2⤵
  PID:2976
- C:\Windows\System\eQJgpOb.exe
  C:\Windows\System\eQJgpOb.exe
  2⤵
  PID:6036
- C:\Windows\System\QcJAoog.exe
  C:\Windows\System\QcJAoog.exe
  2⤵
  PID:2180
- C:\Windows\System\YwYHiYK.exe
  C:\Windows\System\YwYHiYK.exe
  2⤵
  PID:4632
- C:\Windows\System\InWaEoh.exe
  C:\Windows\System\InWaEoh.exe
  2⤵
  PID:3788
- C:\Windows\System\PIYAcgi.exe
  C:\Windows\System\PIYAcgi.exe
  2⤵
  PID:5148
- C:\Windows\System\nEtXSmL.exe
  C:\Windows\System\nEtXSmL.exe
  2⤵
  PID:6188
- C:\Windows\System\ODBIHPi.exe
  C:\Windows\System\ODBIHPi.exe
  2⤵
  PID:5568
- C:\Windows\System\vaUhmok.exe
  C:\Windows\System\vaUhmok.exe
  2⤵
  PID:6172
- C:\Windows\System\QleLxJf.exe
  C:\Windows\System\QleLxJf.exe
  2⤵
  PID:6356
- C:\Windows\System\PbrsKUP.exe
  C:\Windows\System\PbrsKUP.exe
  2⤵
  PID:6456
- C:\Windows\System\wAAxlek.exe
  C:\Windows\System\wAAxlek.exe
  2⤵
  PID:6532
- C:\Windows\System\GeWNJuP.exe
  C:\Windows\System\GeWNJuP.exe
  2⤵
  PID:6276
- C:\Windows\System\hMpkQHd.exe
  C:\Windows\System\hMpkQHd.exe
  2⤵
  PID:2528
- C:\Windows\System\vFYCVYz.exe
  C:\Windows\System\vFYCVYz.exe
  2⤵
  PID:6796
- C:\Windows\System\GIZZunO.exe
  C:\Windows\System\GIZZunO.exe
  2⤵
  PID:6352
- C:\Windows\System\HqFAOLQ.exe
  C:\Windows\System\HqFAOLQ.exe
  2⤵
  PID:6400
- C:\Windows\System\TeyQUlc.exe
  C:\Windows\System\TeyQUlc.exe
  2⤵
  PID:6476
- C:\Windows\System\ZqlZATy.exe
  C:\Windows\System\ZqlZATy.exe
  2⤵
  PID:6996
- C:\Windows\System\oeFkJhX.exe
  C:\Windows\System\oeFkJhX.exe
  2⤵
  PID:6540
- C:\Windows\System\lXfAfqO.exe
  C:\Windows\System\lXfAfqO.exe
  2⤵
  PID:7020
- C:\Windows\System\aFolFoH.exe
  C:\Windows\System\aFolFoH.exe
  2⤵
  PID:6612
- C:\Windows\System\KcrjXYG.exe
  C:\Windows\System\KcrjXYG.exe
  2⤵
  PID:5992
- C:\Windows\System\MjXNtLK.exe
  C:\Windows\System\MjXNtLK.exe
  2⤵
  PID:6836
- C:\Windows\System\glYaJTt.exe
  C:\Windows\System\glYaJTt.exe
  2⤵
  PID:2864
- C:\Windows\System\Pzbjtsq.exe
  C:\Windows\System\Pzbjtsq.exe
  2⤵
  PID:6816
- C:\Windows\System\ygAosol.exe
  C:\Windows\System\ygAosol.exe
  2⤵
  PID:5608
- C:\Windows\System\KNsydWh.exe
  C:\Windows\System\KNsydWh.exe
  2⤵
  PID:6676
- C:\Windows\System\jquGWGr.exe
  C:\Windows\System\jquGWGr.exe
  2⤵
  PID:6332
- C:\Windows\System\zeyRgOm.exe
  C:\Windows\System\zeyRgOm.exe
  2⤵
  PID:7080
- C:\Windows\System\WqoBXxY.exe
  C:\Windows\System\WqoBXxY.exe
  2⤵
  PID:7096
- C:\Windows\System\FIohCED.exe
  C:\Windows\System\FIohCED.exe
  2⤵
  PID:7140
- C:\Windows\System\OykxygC.exe
  C:\Windows\System\OykxygC.exe
  2⤵
  PID:5908
- C:\Windows\System\VHENXPP.exe
  C:\Windows\System\VHENXPP.exe
  2⤵
  PID:4424
- C:\Windows\System\nwnjoYu.exe
  C:\Windows\System\nwnjoYu.exe
  2⤵
  PID:5268
- C:\Windows\System\eqWMfuZ.exe
  C:\Windows\System\eqWMfuZ.exe
  2⤵
  PID:5536
- C:\Windows\System\sHMnYtl.exe
  C:\Windows\System\sHMnYtl.exe
  2⤵
  PID:6412
- C:\Windows\System\sDzftUV.exe
  C:\Windows\System\sDzftUV.exe
  2⤵
  PID:7000
- C:\Windows\System\AXTKzQZ.exe
  C:\Windows\System\AXTKzQZ.exe
  2⤵
  PID:6668
- C:\Windows\System\PtJPRKU.exe
  C:\Windows\System\PtJPRKU.exe
  2⤵
  PID:6736
- C:\Windows\System\TgNZgJt.exe
  C:\Windows\System\TgNZgJt.exe
  2⤵
  PID:6516
- C:\Windows\System\HZIiJLF.exe
  C:\Windows\System\HZIiJLF.exe
  2⤵
  PID:2540
- C:\Windows\System\oyQVVqJ.exe
  C:\Windows\System\oyQVVqJ.exe
  2⤵
  PID:6360
- C:\Windows\System\wsnVAvJ.exe
  C:\Windows\System\wsnVAvJ.exe
  2⤵
  PID:2368
- C:\Windows\System\dJGtEOi.exe
  C:\Windows\System\dJGtEOi.exe
  2⤵
  PID:7056
- C:\Windows\System\vFfQVKP.exe
  C:\Windows\System\vFfQVKP.exe
  2⤵
  PID:6860
- C:\Windows\System\vfibxyr.exe
  C:\Windows\System\vfibxyr.exe
  2⤵
  PID:5668
- C:\Windows\System\yagvsxC.exe
  C:\Windows\System\yagvsxC.exe
  2⤵
  PID:2356
- C:\Windows\System\JTbCgVX.exe
  C:\Windows\System\JTbCgVX.exe
  2⤵
  PID:1304
- C:\Windows\System\rIRiPvG.exe
  C:\Windows\System\rIRiPvG.exe
  2⤵
  PID:7076
- C:\Windows\System\EMWyzED.exe
  C:\Windows\System\EMWyzED.exe
  2⤵
  PID:5532
- C:\Windows\System\aaoqdCw.exe
  C:\Windows\System\aaoqdCw.exe
  2⤵
  PID:6752
- C:\Windows\System\ujCMlBM.exe
  C:\Windows\System\ujCMlBM.exe
  2⤵
  PID:6692
- C:\Windows\System\GYzhTOA.exe
  C:\Windows\System\GYzhTOA.exe
  2⤵
  PID:6552
- C:\Windows\System\SCBdOre.exe
  C:\Windows\System\SCBdOre.exe
  2⤵
  PID:2868
- C:\Windows\System\PbEVEiz.exe
  C:\Windows\System\PbEVEiz.exe
  2⤵
  PID:6976
- C:\Windows\System\yHAwELZ.exe
  C:\Windows\System\yHAwELZ.exe
  2⤵
  PID:6228
- C:\Windows\System\rukQNzA.exe
  C:\Windows\System\rukQNzA.exe
  2⤵
  PID:7188
- C:\Windows\System\LqYCQvk.exe
  C:\Windows\System\LqYCQvk.exe
  2⤵
  PID:7208
- C:\Windows\System\LOWjwaS.exe
  C:\Windows\System\LOWjwaS.exe
  2⤵
  PID:7228
- C:\Windows\System\AsDeaTQ.exe
  C:\Windows\System\AsDeaTQ.exe
  2⤵
  PID:7248
- C:\Windows\System\opEZYOa.exe
  C:\Windows\System\opEZYOa.exe
  2⤵
  PID:7268
- C:\Windows\System\UYybdxR.exe
  C:\Windows\System\UYybdxR.exe
  2⤵
  PID:7288
- C:\Windows\System\WmkxpUA.exe
  C:\Windows\System\WmkxpUA.exe
  2⤵
  PID:7304
- C:\Windows\System\UQPQoGP.exe
  C:\Windows\System\UQPQoGP.exe
  2⤵
  PID:7328
- C:\Windows\System\YoJmQip.exe
  C:\Windows\System\YoJmQip.exe
  2⤵
  PID:7344
- C:\Windows\System\bgFtMKB.exe
  C:\Windows\System\bgFtMKB.exe
  2⤵
  PID:7360
- C:\Windows\System\SCscBCb.exe
  C:\Windows\System\SCscBCb.exe
  2⤵
  PID:7424
- C:\Windows\System\UYBynbN.exe
  C:\Windows\System\UYBynbN.exe
  2⤵
  PID:7484
- C:\Windows\System\UjLwzio.exe
  C:\Windows\System\UjLwzio.exe
  2⤵
  PID:7500
- C:\Windows\System\NzUGAHe.exe
  C:\Windows\System\NzUGAHe.exe
  2⤵
  PID:7516
- C:\Windows\System\XyizMYR.exe
  C:\Windows\System\XyizMYR.exe
  2⤵
  PID:7540
- C:\Windows\System\DkwGACy.exe
  C:\Windows\System\DkwGACy.exe
  2⤵
  PID:7564
- C:\Windows\System\wJVxxAR.exe
  C:\Windows\System\wJVxxAR.exe
  2⤵
  PID:7580
- C:\Windows\System\AhKoDdQ.exe
  C:\Windows\System\AhKoDdQ.exe
  2⤵
  PID:7608
- C:\Windows\System\apSDeto.exe
  C:\Windows\System\apSDeto.exe
  2⤵
  PID:7628
- C:\Windows\System\qPIHmwT.exe
  C:\Windows\System\qPIHmwT.exe
  2⤵
  PID:7648
- C:\Windows\System\sQGUYQS.exe
  C:\Windows\System\sQGUYQS.exe
  2⤵
  PID:7664
- C:\Windows\System\rJPkkrf.exe
  C:\Windows\System\rJPkkrf.exe
  2⤵
  PID:7680
- C:\Windows\System\zznBLeY.exe
  C:\Windows\System\zznBLeY.exe
  2⤵
  PID:7696
- C:\Windows\System\rEgMeQT.exe
  C:\Windows\System\rEgMeQT.exe
  2⤵
  PID:7712
- C:\Windows\System\PBOCvdg.exe
  C:\Windows\System\PBOCvdg.exe
  2⤵
  PID:7732
- C:\Windows\System\hGQwPOE.exe
  C:\Windows\System\hGQwPOE.exe
  2⤵
  PID:7748
- C:\Windows\System\sBhZXMm.exe
  C:\Windows\System\sBhZXMm.exe
  2⤵
  PID:7764
- C:\Windows\System\ZCdLnfY.exe
  C:\Windows\System\ZCdLnfY.exe
  2⤵
  PID:7792
- C:\Windows\System\vCxBFQd.exe
  C:\Windows\System\vCxBFQd.exe
  2⤵
  PID:7808
- C:\Windows\System\JKwWbAi.exe
  C:\Windows\System\JKwWbAi.exe
  2⤵
  PID:7828
- C:\Windows\System\eZQcDUc.exe
  C:\Windows\System\eZQcDUc.exe
  2⤵
  PID:7848
- C:\Windows\System\ZdfkGsk.exe
  C:\Windows\System\ZdfkGsk.exe
  2⤵
  PID:7876
- C:\Windows\System\jHsDnvM.exe
  C:\Windows\System\jHsDnvM.exe
  2⤵
  PID:7892
- C:\Windows\System\KqJwspW.exe
  C:\Windows\System\KqJwspW.exe
  2⤵
  PID:7908
- C:\Windows\System\TKddJhr.exe
  C:\Windows\System\TKddJhr.exe
  2⤵
  PID:7928
- C:\Windows\System\VucPHDd.exe
  C:\Windows\System\VucPHDd.exe
  2⤵
  PID:7948
- C:\Windows\System\rxRlnHI.exe
  C:\Windows\System\rxRlnHI.exe
  2⤵
  PID:7964
- C:\Windows\System\BkgLLbo.exe
  C:\Windows\System\BkgLLbo.exe
  2⤵
  PID:7980
- C:\Windows\System\HRpnudi.exe
  C:\Windows\System\HRpnudi.exe
  2⤵
  PID:8004
- C:\Windows\System\gUjqbZH.exe
  C:\Windows\System\gUjqbZH.exe
  2⤵
  PID:8024
- C:\Windows\System\oOyBlEY.exe
  C:\Windows\System\oOyBlEY.exe
  2⤵
  PID:8040
- C:\Windows\System\YbmWHCy.exe
  C:\Windows\System\YbmWHCy.exe
  2⤵
  PID:8056
- C:\Windows\System\VbHBjsc.exe
  C:\Windows\System\VbHBjsc.exe
  2⤵
  PID:8076
- C:\Windows\System\bxknZWS.exe
  C:\Windows\System\bxknZWS.exe
  2⤵
  PID:8096
- C:\Windows\System\ScTYtZe.exe
  C:\Windows\System\ScTYtZe.exe
  2⤵
  PID:8116
- C:\Windows\System\JPUgpOs.exe
  C:\Windows\System\JPUgpOs.exe
  2⤵
  PID:8132
- C:\Windows\System\icoIhPq.exe
  C:\Windows\System\icoIhPq.exe
  2⤵
  PID:8148
- C:\Windows\System\OipZpdg.exe
  C:\Windows\System\OipZpdg.exe
  2⤵
  PID:8168
- C:\Windows\System\jLHkaVU.exe
  C:\Windows\System\jLHkaVU.exe
  2⤵
  PID:8184
- C:\Windows\System\RhvoAhs.exe
  C:\Windows\System\RhvoAhs.exe
  2⤵
  PID:2708
- C:\Windows\System\IGVWIEm.exe
  C:\Windows\System\IGVWIEm.exe
  2⤵
  PID:6820
- C:\Windows\System\cqGQrMV.exe
  C:\Windows\System\cqGQrMV.exe
  2⤵
  PID:6108
- C:\Windows\System\htTzVAU.exe
  C:\Windows\System\htTzVAU.exe
  2⤵
  PID:7176
- C:\Windows\System\vpuWFQR.exe
  C:\Windows\System\vpuWFQR.exe
  2⤵
  PID:7224
- C:\Windows\System\ezSPaWp.exe
  C:\Windows\System\ezSPaWp.exe
  2⤵
  PID:5828
- C:\Windows\System\qfcGHhA.exe
  C:\Windows\System\qfcGHhA.exe
  2⤵
  PID:5208
- C:\Windows\System\FKjKxPJ.exe
  C:\Windows\System\FKjKxPJ.exe
  2⤵
  PID:7336
- C:\Windows\System\EIabgfo.exe
  C:\Windows\System\EIabgfo.exe
  2⤵
  PID:7324
- C:\Windows\System\eLdBcUt.exe
  C:\Windows\System\eLdBcUt.exe
  2⤵
  PID:7284
- C:\Windows\System\yyoLxJu.exe
  C:\Windows\System\yyoLxJu.exe
  2⤵
  PID:7312
- C:\Windows\System\DHddxmE.exe
  C:\Windows\System\DHddxmE.exe
  2⤵
  PID:1500
- C:\Windows\System\TZZQKJp.exe
  C:\Windows\System\TZZQKJp.exe
  2⤵
  PID:3540
- C:\Windows\System\jdvSdrY.exe
  C:\Windows\System\jdvSdrY.exe
  2⤵
  PID:7508
- C:\Windows\System\JEeZDex.exe
  C:\Windows\System\JEeZDex.exe
  2⤵
  PID:2492
- C:\Windows\System\CnhLjII.exe
  C:\Windows\System\CnhLjII.exe
  2⤵
  PID:7532
- C:\Windows\System\jYxKsWi.exe
  C:\Windows\System\jYxKsWi.exe
  2⤵
  PID:7588
- C:\Windows\System\vEGhTbg.exe
  C:\Windows\System\vEGhTbg.exe
  2⤵
  PID:2980
- C:\Windows\System\IrTVVMZ.exe
  C:\Windows\System\IrTVVMZ.exe
  2⤵
  PID:7576
- C:\Windows\System\SAaIfgg.exe
  C:\Windows\System\SAaIfgg.exe
  2⤵
  PID:7624
- C:\Windows\System\Ywblzav.exe
  C:\Windows\System\Ywblzav.exe
  2⤵
  PID:7708
- C:\Windows\System\HAlPCIF.exe
  C:\Windows\System\HAlPCIF.exe
  2⤵
  PID:7740
- C:\Windows\System\qlfPySO.exe
  C:\Windows\System\qlfPySO.exe
  2⤵
  PID:7780
- C:\Windows\System\JuGvswt.exe
  C:\Windows\System\JuGvswt.exe
  2⤵
  PID:7804
- C:\Windows\System\SDteWfI.exe
  C:\Windows\System\SDteWfI.exe
  2⤵
  PID:7920
- C:\Windows\System\KFvSeHp.exe
  C:\Windows\System\KFvSeHp.exe
  2⤵
  PID:7960
- C:\Windows\System\mbVqUDr.exe
  C:\Windows\System\mbVqUDr.exe
  2⤵
  PID:7924
- C:\Windows\System\SfQaoqa.exe
  C:\Windows\System\SfQaoqa.exe
  2⤵
  PID:8000
- C:\Windows\System\JPwgRGI.exe
  C:\Windows\System\JPwgRGI.exe
  2⤵
  PID:8068
- C:\Windows\System\PZryjiv.exe
  C:\Windows\System\PZryjiv.exe
  2⤵
  PID:8144
- C:\Windows\System\ByXkESZ.exe
  C:\Windows\System\ByXkESZ.exe
  2⤵
  PID:7036
- C:\Windows\System\ILJPHoy.exe
  C:\Windows\System\ILJPHoy.exe
  2⤵
  PID:7824
- C:\Windows\System\xtabKeo.exe
  C:\Windows\System\xtabKeo.exe
  2⤵
  PID:8020
- C:\Windows\System\sQzHKMR.exe
  C:\Windows\System\sQzHKMR.exe
  2⤵
  PID:7940
- C:\Windows\System\GeqkvOY.exe
  C:\Windows\System\GeqkvOY.exe
  2⤵
  PID:7872
- C:\Windows\System\RwddLHb.exe
  C:\Windows\System\RwddLHb.exe
  2⤵
  PID:8052
- C:\Windows\System\UscsCIo.exe
  C:\Windows\System\UscsCIo.exe
  2⤵
  PID:8092
- C:\Windows\System\vBBcpeM.exe
  C:\Windows\System\vBBcpeM.exe
  2⤵
  PID:8164
- C:\Windows\System\xOupqjS.exe
  C:\Windows\System\xOupqjS.exe
  2⤵
  PID:1156
- C:\Windows\System\ReCPgNe.exe
  C:\Windows\System\ReCPgNe.exe
  2⤵
  PID:5248
- C:\Windows\System\bOyrDZn.exe
  C:\Windows\System\bOyrDZn.exe
  2⤵
  PID:1340
- C:\Windows\System\VozxkpO.exe
  C:\Windows\System\VozxkpO.exe
  2⤵
  PID:596
- C:\Windows\System\hqQibhL.exe
  C:\Windows\System\hqQibhL.exe
  2⤵
  PID:984
- C:\Windows\System\AfYaszb.exe
  C:\Windows\System\AfYaszb.exe
  2⤵
  PID:7384
- C:\Windows\System\sRPUDPN.exe
  C:\Windows\System\sRPUDPN.exe
  2⤵
  PID:2264
- C:\Windows\System\EqlDqhM.exe
  C:\Windows\System\EqlDqhM.exe
  2⤵
  PID:7276
- C:\Windows\System\iOwXBwA.exe
  C:\Windows\System\iOwXBwA.exe
  2⤵
  PID:7240
- C:\Windows\System\lxxBWzQ.exe
  C:\Windows\System\lxxBWzQ.exe
  2⤵
  PID:7492
- C:\Windows\System\CqmoQnN.exe
  C:\Windows\System\CqmoQnN.exe
  2⤵
  PID:7552
- C:\Windows\System\GrsFnrF.exe
  C:\Windows\System\GrsFnrF.exe
  2⤵
  PID:7604
- C:\Windows\System\ugmUohx.exe
  C:\Windows\System\ugmUohx.exe
  2⤵
  PID:2316
- C:\Windows\System\TASXRiG.exe
  C:\Windows\System\TASXRiG.exe
  2⤵
  PID:7636
- C:\Windows\System\pCiOLfR.exe
  C:\Windows\System\pCiOLfR.exe
  2⤵
  PID:7704
- C:\Windows\System\jsyREXA.exe
  C:\Windows\System\jsyREXA.exe
  2⤵
  PID:7720
- C:\Windows\System\mGMxKho.exe
  C:\Windows\System\mGMxKho.exe
  2⤵
  PID:2796
- C:\Windows\System\rgwAvWr.exe
  C:\Windows\System\rgwAvWr.exe
  2⤵
  PID:1692
- C:\Windows\System\kxYtPYQ.exe
  C:\Windows\System\kxYtPYQ.exe
  2⤵
  PID:2856
- C:\Windows\System\RsLgykE.exe
  C:\Windows\System\RsLgykE.exe
  2⤵
  PID:7860
- C:\Windows\System\xRQvOkN.exe
  C:\Windows\System\xRQvOkN.exe
  2⤵
  PID:7528
- C:\Windows\System\kueXcJe.exe
  C:\Windows\System\kueXcJe.exe
  2⤵
  PID:7340
- C:\Windows\System\fLoAeHu.exe
  C:\Windows\System\fLoAeHu.exe
  2⤵
  PID:7380
- C:\Windows\System\ndbJKmT.exe
  C:\Windows\System\ndbJKmT.exe
  2⤵
  PID:7476
- C:\Windows\System\ysGPVzj.exe
  C:\Windows\System\ysGPVzj.exe
  2⤵
  PID:7560
- C:\Windows\System\SWLNRam.exe
  C:\Windows\System\SWLNRam.exe
  2⤵
  PID:7620
- C:\Windows\System\RynDLdo.exe
  C:\Windows\System\RynDLdo.exe
  2⤵
  PID:7864
- C:\Windows\System\RNYZTgr.exe
  C:\Windows\System\RNYZTgr.exe
  2⤵
  PID:2916
- C:\Windows\System\JIpjDDK.exe
  C:\Windows\System\JIpjDDK.exe
  2⤵
  PID:6760
- C:\Windows\System\IhkHYZx.exe
  C:\Windows\System\IhkHYZx.exe
  2⤵
  PID:8200
- C:\Windows\System\ETkKFUr.exe
  C:\Windows\System\ETkKFUr.exe
  2⤵
  PID:8216
- C:\Windows\System\iGZOcEu.exe
  C:\Windows\System\iGZOcEu.exe
  2⤵
  PID:8232
- C:\Windows\System\kcetIgV.exe
  C:\Windows\System\kcetIgV.exe
  2⤵
  PID:8264
- C:\Windows\System\JOtIUEP.exe
  C:\Windows\System\JOtIUEP.exe
  2⤵
  PID:8288
- C:\Windows\System\oDXwbmi.exe
  C:\Windows\System\oDXwbmi.exe
  2⤵
  PID:8312
- C:\Windows\System\rUEJjhz.exe
  C:\Windows\System\rUEJjhz.exe
  2⤵
  PID:8328
- C:\Windows\System\pYjRZoD.exe
  C:\Windows\System\pYjRZoD.exe
  2⤵
  PID:8352
- C:\Windows\System\dnRwSsg.exe
  C:\Windows\System\dnRwSsg.exe
  2⤵
  PID:8376
- C:\Windows\System\lcHgCht.exe
  C:\Windows\System\lcHgCht.exe
  2⤵
  PID:8392
- C:\Windows\System\ORSbysT.exe
  C:\Windows\System\ORSbysT.exe
  2⤵
  PID:8408
- C:\Windows\System\JdSKmbJ.exe
  C:\Windows\System\JdSKmbJ.exe
  2⤵
  PID:8452
- C:\Windows\System\EfqJHCp.exe
  C:\Windows\System\EfqJHCp.exe
  2⤵
  PID:8476
- C:\Windows\System\CtuKkGm.exe
  C:\Windows\System\CtuKkGm.exe
  2⤵
  PID:8504
- C:\Windows\System\oZkMBmG.exe
  C:\Windows\System\oZkMBmG.exe
  2⤵
  PID:8520
- C:\Windows\System\jgvwtes.exe
  C:\Windows\System\jgvwtes.exe
  2⤵
  PID:8540
- C:\Windows\System\qciUoVW.exe
  C:\Windows\System\qciUoVW.exe
  2⤵
  PID:8556
- C:\Windows\System\YgfFYNd.exe
  C:\Windows\System\YgfFYNd.exe
  2⤵
  PID:8572
- C:\Windows\System\PlOlowY.exe
  C:\Windows\System\PlOlowY.exe
  2⤵
  PID:8588
- C:\Windows\System\FRtOnhV.exe
  C:\Windows\System\FRtOnhV.exe
  2⤵
  PID:8604
- C:\Windows\System\NLKgaea.exe
  C:\Windows\System\NLKgaea.exe
  2⤵
  PID:8624
- C:\Windows\System\PcOPsmN.exe
  C:\Windows\System\PcOPsmN.exe
  2⤵
  PID:8640
- C:\Windows\System\blnZjyC.exe
  C:\Windows\System\blnZjyC.exe
  2⤵
  PID:8660
- C:\Windows\System\AQsNLbv.exe
  C:\Windows\System\AQsNLbv.exe
  2⤵
  PID:8680
- C:\Windows\System\dHEytRt.exe
  C:\Windows\System\dHEytRt.exe
  2⤵
  PID:8696
- C:\Windows\System\qcbaysb.exe
  C:\Windows\System\qcbaysb.exe
  2⤵
  PID:8716
- C:\Windows\System\WhIVrdi.exe
  C:\Windows\System\WhIVrdi.exe
  2⤵
  PID:8732
- C:\Windows\System\DowAwmE.exe
  C:\Windows\System\DowAwmE.exe
  2⤵
  PID:8752
- C:\Windows\System\TgFkyYF.exe
  C:\Windows\System\TgFkyYF.exe
  2⤵
  PID:8772
- C:\Windows\System\pIiOyJK.exe
  C:\Windows\System\pIiOyJK.exe
  2⤵
  PID:8792
- C:\Windows\System\jqFgxgO.exe
  C:\Windows\System\jqFgxgO.exe
  2⤵
  PID:8836
- C:\Windows\System\FEkYuRo.exe
  C:\Windows\System\FEkYuRo.exe
  2⤵
  PID:8852
- C:\Windows\System\ixSYGVc.exe
  C:\Windows\System\ixSYGVc.exe
  2⤵
  PID:8868
- C:\Windows\System\iVnpaMA.exe
  C:\Windows\System\iVnpaMA.exe
  2⤵
  PID:8884
- C:\Windows\System\eCsTcOO.exe
  C:\Windows\System\eCsTcOO.exe
  2⤵
  PID:8900
- C:\Windows\System\XVaxBER.exe
  C:\Windows\System\XVaxBER.exe
  2⤵
  PID:8916
- C:\Windows\System\TumzByO.exe
  C:\Windows\System\TumzByO.exe
  2⤵
  PID:8932
- C:\Windows\System\xwpCgUR.exe
  C:\Windows\System\xwpCgUR.exe
  2⤵
  PID:8948
- C:\Windows\System\qIjOZBV.exe
  C:\Windows\System\qIjOZBV.exe
  2⤵
  PID:8964
- C:\Windows\System\zZuownV.exe
  C:\Windows\System\zZuownV.exe
  2⤵
  PID:8980
- C:\Windows\System\SGwRDpS.exe
  C:\Windows\System\SGwRDpS.exe
  2⤵
  PID:8996
- C:\Windows\System\tZUTKBZ.exe
  C:\Windows\System\tZUTKBZ.exe
  2⤵
  PID:9012
- C:\Windows\System\EeemSan.exe
  C:\Windows\System\EeemSan.exe
  2⤵
  PID:9060
- C:\Windows\System\ZozPEHA.exe
  C:\Windows\System\ZozPEHA.exe
  2⤵
  PID:9076
- C:\Windows\System\PCegzjm.exe
  C:\Windows\System\PCegzjm.exe
  2⤵
  PID:9092
- C:\Windows\System\NMvUpFi.exe
  C:\Windows\System\NMvUpFi.exe
  2⤵
  PID:9108
- C:\Windows\System\GqZjxQX.exe
  C:\Windows\System\GqZjxQX.exe
  2⤵
  PID:9124
- C:\Windows\System\zRUNzfH.exe
  C:\Windows\System\zRUNzfH.exe
  2⤵
  PID:9140
- C:\Windows\System\VQdPnMl.exe
  C:\Windows\System\VQdPnMl.exe
  2⤵
  PID:9156
- C:\Windows\System\aQTWmlR.exe
  C:\Windows\System\aQTWmlR.exe
  2⤵
  PID:9172
- C:\Windows\System\HrgvGWE.exe
  C:\Windows\System\HrgvGWE.exe
  2⤵
  PID:9188
- C:\Windows\System\CdnmlLx.exe
  C:\Windows\System\CdnmlLx.exe
  2⤵
  PID:9204
- C:\Windows\System\wgfiDIX.exe
  C:\Windows\System\wgfiDIX.exe
  2⤵
  PID:7300
- C:\Windows\System\TGrvVeA.exe
  C:\Windows\System\TGrvVeA.exe
  2⤵
  PID:7356
- C:\Windows\System\SmIFleQ.exe
  C:\Windows\System\SmIFleQ.exe
  2⤵
  PID:8324
- C:\Windows\System\WUPyteS.exe
  C:\Windows\System\WUPyteS.exe
  2⤵
  PID:7844
- C:\Windows\System\wUGTnPi.exe
  C:\Windows\System\wUGTnPi.exe
  2⤵
  PID:7800
- C:\Windows\System\iEpyFOd.exe
  C:\Windows\System\iEpyFOd.exe
  2⤵
  PID:7120
- C:\Windows\System\HpepgQV.exe
  C:\Windows\System\HpepgQV.exe
  2⤵
  PID:2996
- C:\Windows\System\kDmqxvO.exe
  C:\Windows\System\kDmqxvO.exe
  2⤵
  PID:8084
- C:\Windows\System\BFXLwti.exe
  C:\Windows\System\BFXLwti.exe
  2⤵
  PID:7656
- C:\Windows\System\xnTGAtn.exe
  C:\Windows\System\xnTGAtn.exe
  2⤵
  PID:7760
- C:\Windows\System\LEaZmWo.exe
  C:\Windows\System\LEaZmWo.exe
  2⤵
  PID:7592
- C:\Windows\System\taBZQGg.exe
  C:\Windows\System\taBZQGg.exe
  2⤵
  PID:1580
- C:\Windows\System\YOQROYf.exe
  C:\Windows\System\YOQROYf.exe
  2⤵
  PID:8248
- C:\Windows\System\jOEwDgi.exe
  C:\Windows\System\jOEwDgi.exe
  2⤵
  PID:8296
- C:\Windows\System\MUPkkDB.exe
  C:\Windows\System\MUPkkDB.exe
  2⤵
  PID:8344
- C:\Windows\System\zZjlsZS.exe
  C:\Windows\System\zZjlsZS.exe
  2⤵
  PID:8384
- C:\Windows\System\RZgrYde.exe
  C:\Windows\System\RZgrYde.exe
  2⤵
  PID:8416
- C:\Windows\System\fcwYmWT.exe
  C:\Windows\System\fcwYmWT.exe
  2⤵
  PID:8448
- C:\Windows\System\aKVTxQd.exe
  C:\Windows\System\aKVTxQd.exe
  2⤵
  PID:8484
- C:\Windows\System\TVefHhO.exe
  C:\Windows\System\TVefHhO.exe
  2⤵
  PID:8492
- C:\Windows\System\kInvjxt.exe
  C:\Windows\System\kInvjxt.exe
  2⤵
  PID:8580
- C:\Windows\System\hoTSUIR.exe
  C:\Windows\System\hoTSUIR.exe
  2⤵
  PID:8620
- C:\Windows\System\EUJjEro.exe
  C:\Windows\System\EUJjEro.exe
  2⤵
  PID:8724
- C:\Windows\System\LXYGEEp.exe
  C:\Windows\System\LXYGEEp.exe
  2⤵
  PID:8764
- C:\Windows\System\dlrsMBQ.exe
  C:\Windows\System\dlrsMBQ.exe
  2⤵
  PID:8596
- C:\Windows\System\NJLyWDY.exe
  C:\Windows\System\NJLyWDY.exe
  2⤵
  PID:8812
- C:\Windows\System\fUkhjQM.exe
  C:\Windows\System\fUkhjQM.exe
  2⤵
  PID:8532
- C:\Windows\System\RpPOWkK.exe
  C:\Windows\System\RpPOWkK.exe
  2⤵
  PID:8600
- C:\Windows\System\GMAOdkl.exe
  C:\Windows\System\GMAOdkl.exe
  2⤵
  PID:8712
- C:\Windows\System\SdAGMTI.exe
  C:\Windows\System\SdAGMTI.exe
  2⤵
  PID:8748
- C:\Windows\System\DxXPylw.exe
  C:\Windows\System\DxXPylw.exe
  2⤵
  PID:8844
- C:\Windows\System\xTCUMTQ.exe
  C:\Windows\System\xTCUMTQ.exe
  2⤵
  PID:8908
- C:\Windows\System\YPqYQQO.exe
  C:\Windows\System\YPqYQQO.exe
  2⤵
  PID:9004
- C:\Windows\System\IoDDINN.exe
  C:\Windows\System\IoDDINN.exe
  2⤵
  PID:8992
- C:\Windows\System\QpSefoQ.exe
  C:\Windows\System\QpSefoQ.exe
  2⤵
  PID:9024
- C:\Windows\System\AZMZSnO.exe
  C:\Windows\System\AZMZSnO.exe
  2⤵
  PID:8960
- C:\Windows\System\BPJDhLz.exe
  C:\Windows\System\BPJDhLz.exe
  2⤵
  PID:9032
- C:\Windows\System\XBDrpVW.exe
  C:\Windows\System\XBDrpVW.exe
  2⤵
  PID:9044
- C:\Windows\System\sFVnjkg.exe
  C:\Windows\System\sFVnjkg.exe
  2⤵
  PID:9072
- C:\Windows\System\bbGuzvb.exe
  C:\Windows\System\bbGuzvb.exe
  2⤵
  PID:9136
- C:\Windows\System\BYedfZi.exe
  C:\Windows\System\BYedfZi.exe
  2⤵
  PID:8276
- C:\Windows\System\YWSoIjF.exe
  C:\Windows\System\YWSoIjF.exe
  2⤵
  PID:7904
- C:\Windows\System\AGuDDIH.exe
  C:\Windows\System\AGuDDIH.exe
  2⤵
  PID:8228
- C:\Windows\System\uhiBtly.exe
  C:\Windows\System\uhiBtly.exe
  2⤵
  PID:7888
- C:\Windows\System\NqgZfCd.exe
  C:\Windows\System\NqgZfCd.exe
  2⤵
  PID:8108
- C:\Windows\System\BGYkSvp.exe
  C:\Windows\System\BGYkSvp.exe
  2⤵
  PID:8180
- C:\Windows\System\YZGFIPH.exe
  C:\Windows\System\YZGFIPH.exe
  2⤵
  PID:4312
- C:\Windows\System\LhcpzxQ.exe
  C:\Windows\System\LhcpzxQ.exe
  2⤵
  PID:2832
- C:\Windows\System\gcGsgsV.exe
  C:\Windows\System\gcGsgsV.exe
  2⤵
  PID:7196
- C:\Windows\System\tYUQiwl.exe
  C:\Windows\System\tYUQiwl.exe
  2⤵
  PID:7536
- C:\Windows\System\RYKcdjx.exe
  C:\Windows\System\RYKcdjx.exe
  2⤵
  PID:6128
- C:\Windows\System\xHNqnad.exe
  C:\Windows\System\xHNqnad.exe
  2⤵
  PID:8304
- C:\Windows\System\CpbKJhl.exe
  C:\Windows\System\CpbKJhl.exe
  2⤵
  PID:2736
- C:\Windows\System\jKTEcJl.exe
  C:\Windows\System\jKTEcJl.exe
  2⤵
  PID:7600
- C:\Windows\System\MMroPZD.exe
  C:\Windows\System\MMroPZD.exe
  2⤵
  PID:8372
- C:\Windows\System\VyFuVZk.exe
  C:\Windows\System\VyFuVZk.exe
  2⤵
  PID:1788
- C:\Windows\System\XljOAor.exe
  C:\Windows\System\XljOAor.exe
  2⤵
  PID:8432
- C:\Windows\System\iNoTkQd.exe
  C:\Windows\System\iNoTkQd.exe
  2⤵
  PID:8436
- C:\Windows\System\LkYmSTh.exe
  C:\Windows\System\LkYmSTh.exe
  2⤵
  PID:8612
- C:\Windows\System\fkOJzpA.exe
  C:\Windows\System\fkOJzpA.exe
  2⤵
  PID:2248
- C:\Windows\System\QtLsrYT.exe
  C:\Windows\System\QtLsrYT.exe
  2⤵
  PID:1900
- C:\Windows\System\wEGxDjG.exe
  C:\Windows\System\wEGxDjG.exe
  2⤵
  PID:8824
- C:\Windows\System\uHVAZpt.exe
  C:\Windows\System\uHVAZpt.exe
  2⤵
  PID:8816
- C:\Windows\System\vllwLkG.exe
  C:\Windows\System\vllwLkG.exe
  2⤵
  PID:2780
- C:\Windows\System\Nnlckju.exe
  C:\Windows\System\Nnlckju.exe
  2⤵
  PID:8528
- C:\Windows\System\OhOprif.exe
  C:\Windows\System\OhOprif.exe
  2⤵
  PID:932
- C:\Windows\System\BNonGss.exe
  C:\Windows\System\BNonGss.exe
  2⤵
  PID:8832
- C:\Windows\System\CWXJddC.exe
  C:\Windows\System\CWXJddC.exe
  2⤵
  PID:2276
- C:\Windows\System\BflNMAP.exe
  C:\Windows\System\BflNMAP.exe
  2⤵
  PID:9180
- C:\Windows\System\CiphYYg.exe
  C:\Windows\System\CiphYYg.exe
  2⤵
  PID:9088
- C:\Windows\System\zgdpoAC.exe
  C:\Windows\System\zgdpoAC.exe
  2⤵
  PID:9052
- C:\Windows\System\qekqriV.exe
  C:\Windows\System\qekqriV.exe
  2⤵
  PID:9020
- C:\Windows\System\eysQRMY.exe
  C:\Windows\System\eysQRMY.exe
  2⤵
  PID:9132
- C:\Windows\System\HdXEGLc.exe
  C:\Windows\System\HdXEGLc.exe
  2⤵
  PID:7216
- C:\Windows\System\WQyvPPZ.exe
  C:\Windows\System\WQyvPPZ.exe
  2⤵
  PID:7944
- C:\Windows\System\FeGXKmx.exe
  C:\Windows\System\FeGXKmx.exe
  2⤵
  PID:8284
- C:\Windows\System\tsqgPeI.exe
  C:\Windows\System\tsqgPeI.exe
  2⤵
  PID:812
- C:\Windows\System\vBbIYGt.exe
  C:\Windows\System\vBbIYGt.exe
  2⤵
  PID:2732
- C:\Windows\System\aEpXouf.exe
  C:\Windows\System\aEpXouf.exe
  2⤵
  PID:7856
- C:\Windows\System\TvWyEAr.exe
  C:\Windows\System\TvWyEAr.exe
  2⤵
  PID:8808
- C:\Windows\System\fLmRlXv.exe
  C:\Windows\System\fLmRlXv.exe
  2⤵
  PID:8928
- C:\Windows\System\OEVMvny.exe
  C:\Windows\System\OEVMvny.exe
  2⤵
  PID:8784
- C:\Windows\System\hVFKbyj.exe
  C:\Windows\System\hVFKbyj.exe
  2⤵
  PID:8400
- C:\Windows\System\scZBruT.exe
  C:\Windows\System\scZBruT.exe
  2⤵
  PID:2752
- C:\Windows\System\QFbBmFx.exe
  C:\Windows\System\QFbBmFx.exe
  2⤵
  PID:8892
- C:\Windows\System\NhFKmVN.exe
  C:\Windows\System\NhFKmVN.exe
  2⤵
  PID:9148
- C:\Windows\System\RFQbwBf.exe
  C:\Windows\System\RFQbwBf.exe
  2⤵
  PID:1484
- C:\Windows\System\hKlXyaB.exe
  C:\Windows\System\hKlXyaB.exe
  2⤵
  PID:8708
- C:\Windows\System\ZeEaWwi.exe
  C:\Windows\System\ZeEaWwi.exe
  2⤵
  PID:8956
- C:\Windows\System\KkgJxot.exe
  C:\Windows\System\KkgJxot.exe
  2⤵
  PID:1852
- C:\Windows\System\OXOfnkO.exe
  C:\Windows\System\OXOfnkO.exe
  2⤵
  PID:9200
- C:\Windows\System\vfrwJXV.exe
  C:\Windows\System\vfrwJXV.exe
  2⤵
  PID:9056
- C:\Windows\System\ftVGNZX.exe
  C:\Windows\System\ftVGNZX.exe
  2⤵
  PID:2220
- C:\Windows\System\tzIhHgv.exe
  C:\Windows\System\tzIhHgv.exe
  2⤵
  PID:7260
- C:\Windows\System\pzRweCj.exe
  C:\Windows\System\pzRweCj.exe
  2⤵
  PID:3056
- C:\Windows\System\fZwvPLw.exe
  C:\Windows\System\fZwvPLw.exe
  2⤵
  PID:8348
- C:\Windows\System\PRXoPjk.exe
  C:\Windows\System\PRXoPjk.exe
  2⤵
  PID:8420
- C:\Windows\System\EPovhly.exe
  C:\Windows\System\EPovhly.exe
  2⤵
  PID:8368
- C:\Windows\System\zuzhSFK.exe
  C:\Windows\System\zuzhSFK.exe
  2⤵
  PID:7280
- C:\Windows\System\crknmdG.exe
  C:\Windows\System\crknmdG.exe
  2⤵
  PID:8616
- C:\Windows\System\DJlmwby.exe
  C:\Windows\System\DJlmwby.exe
  2⤵
  PID:8272
- C:\Windows\System\SjSJToR.exe
  C:\Windows\System\SjSJToR.exe
  2⤵
  PID:9152
- C:\Windows\System\JjeFhko.exe
  C:\Windows\System\JjeFhko.exe
  2⤵
  PID:1952
- C:\Windows\System\kffWdUC.exe
  C:\Windows\System\kffWdUC.exe
  2⤵
  PID:2928
- C:\Windows\System\aLeCkbJ.exe
  C:\Windows\System\aLeCkbJ.exe
  2⤵
  PID:8140
- C:\Windows\System\mymSKbj.exe
  C:\Windows\System\mymSKbj.exe
  2⤵
  PID:8460
- C:\Windows\System\SyNcIuU.exe
  C:\Windows\System\SyNcIuU.exe
  2⤵
  PID:6776
- C:\Windows\System\PxARmdK.exe
  C:\Windows\System\PxARmdK.exe
  2⤵
  PID:8012
- C:\Windows\System\ZwybQZH.exe
  C:\Windows\System\ZwybQZH.exe
  2⤵
  PID:8568
- C:\Windows\System\tMQcVgO.exe
  C:\Windows\System\tMQcVgO.exe
  2⤵
  PID:1320
- C:\Windows\System\FChINxB.exe
  C:\Windows\System\FChINxB.exe
  2⤵
  PID:7524
- C:\Windows\System\ElIUgwE.exe
  C:\Windows\System\ElIUgwE.exe
  2⤵
  PID:8760
- C:\Windows\System\llPXceV.exe
  C:\Windows\System\llPXceV.exe
  2⤵
  PID:408
- C:\Windows\System\tnXaxBz.exe
  C:\Windows\System\tnXaxBz.exe
  2⤵
  PID:8472
- C:\Windows\System\mpmNXVV.exe
  C:\Windows\System\mpmNXVV.exe
  2⤵
  PID:8788
- C:\Windows\System\BwYAryv.exe
  C:\Windows\System\BwYAryv.exe
  2⤵
  PID:9228
- C:\Windows\System\TEZEGwj.exe
  C:\Windows\System\TEZEGwj.exe
  2⤵
  PID:9248
- C:\Windows\System\KjhKCsl.exe
  C:\Windows\System\KjhKCsl.exe
  2⤵
  PID:9264
- C:\Windows\System\LRUeBcJ.exe
  C:\Windows\System\LRUeBcJ.exe
  2⤵
  PID:9316
- C:\Windows\System\PlgCmNs.exe
  C:\Windows\System\PlgCmNs.exe
  2⤵
  PID:9368
- C:\Windows\System\zrwTLel.exe
  C:\Windows\System\zrwTLel.exe
  2⤵
  PID:9396
- C:\Windows\System\TBtifkn.exe
  C:\Windows\System\TBtifkn.exe
  2⤵
  PID:9416
- C:\Windows\System\FoeAWhb.exe
  C:\Windows\System\FoeAWhb.exe
  2⤵
  PID:9436
- C:\Windows\System\FGUZEpa.exe
  C:\Windows\System\FGUZEpa.exe
  2⤵
  PID:9456
- C:\Windows\System\gKnunnx.exe
  C:\Windows\System\gKnunnx.exe
  2⤵
  PID:9472
- C:\Windows\System\IfzkQbj.exe
  C:\Windows\System\IfzkQbj.exe
  2⤵
  PID:9496
- C:\Windows\System\sjaFWtF.exe
  C:\Windows\System\sjaFWtF.exe
  2⤵
  PID:9516
- C:\Windows\System\ltYcEAA.exe
  C:\Windows\System\ltYcEAA.exe
  2⤵
  PID:9536
- C:\Windows\System\FJTGmKH.exe
  C:\Windows\System\FJTGmKH.exe
  2⤵
  PID:9556
- C:\Windows\System\vzxzaaf.exe
  C:\Windows\System\vzxzaaf.exe
  2⤵
  PID:9576
- C:\Windows\System\swOyHjo.exe
  C:\Windows\System\swOyHjo.exe
  2⤵
  PID:9596
- C:\Windows\System\yyrvuJv.exe
  C:\Windows\System\yyrvuJv.exe
  2⤵
  PID:9620
- C:\Windows\System\XPxhxAQ.exe
  C:\Windows\System\XPxhxAQ.exe
  2⤵
  PID:9636
- C:\Windows\System\wYjSSpv.exe
  C:\Windows\System\wYjSSpv.exe
  2⤵
  PID:9652
- C:\Windows\System\SSoVoEB.exe
  C:\Windows\System\SSoVoEB.exe
  2⤵
  PID:9668
- C:\Windows\System\NuAJVQQ.exe
  C:\Windows\System\NuAJVQQ.exe
  2⤵
  PID:9684
- C:\Windows\System\jaUEXEw.exe
  C:\Windows\System\jaUEXEw.exe
  2⤵
  PID:9700
- C:\Windows\System\tTXiNdL.exe
  C:\Windows\System\tTXiNdL.exe
  2⤵
  PID:9716
- C:\Windows\System\vFcPAWy.exe
  C:\Windows\System\vFcPAWy.exe
  2⤵
  PID:9732
- C:\Windows\System\LVCtFWo.exe
  C:\Windows\System\LVCtFWo.exe
  2⤵
  PID:9752
- C:\Windows\System\IbyFfjm.exe
  C:\Windows\System\IbyFfjm.exe
  2⤵
  PID:9772
- C:\Windows\System\gFnhdyL.exe
  C:\Windows\System\gFnhdyL.exe
  2⤵
  PID:9788
- C:\Windows\System\TXAouaq.exe
  C:\Windows\System\TXAouaq.exe
  2⤵
  PID:9808
- C:\Windows\System\slTubrV.exe
  C:\Windows\System\slTubrV.exe
  2⤵
  PID:9824
- C:\Windows\System\RzVnnmD.exe
  C:\Windows\System\RzVnnmD.exe
  2⤵
  PID:9840
- C:\Windows\System\HGScNYr.exe
  C:\Windows\System\HGScNYr.exe
  2⤵
  PID:9860
- C:\Windows\System\SUKjbXR.exe
  C:\Windows\System\SUKjbXR.exe
  2⤵
  PID:9920
- C:\Windows\System\guMSzEO.exe
  C:\Windows\System\guMSzEO.exe
  2⤵
  PID:9936
- C:\Windows\System\dOlIMXm.exe
  C:\Windows\System\dOlIMXm.exe
  2⤵
  PID:9952
- C:\Windows\System\fSarXBx.exe
  C:\Windows\System\fSarXBx.exe
  2⤵
  PID:9968
- C:\Windows\System\mhjfNJF.exe
  C:\Windows\System\mhjfNJF.exe
  2⤵
  PID:9988
- C:\Windows\System\VdnySQC.exe
  C:\Windows\System\VdnySQC.exe
  2⤵
  PID:10016
- C:\Windows\System\xBenpAp.exe
  C:\Windows\System\xBenpAp.exe
  2⤵
  PID:10040
- C:\Windows\System\udpQdiL.exe
  C:\Windows\System\udpQdiL.exe
  2⤵
  PID:10056
- C:\Windows\System\zrbnesY.exe
  C:\Windows\System\zrbnesY.exe
  2⤵
  PID:10076
- C:\Windows\System\jxHihDP.exe
  C:\Windows\System\jxHihDP.exe
  2⤵
  PID:10100
- C:\Windows\System\SzokseS.exe
  C:\Windows\System\SzokseS.exe
  2⤵
  PID:10120
- C:\Windows\System\dNiqKrW.exe
  C:\Windows\System\dNiqKrW.exe
  2⤵
  PID:10136
- C:\Windows\System\jjaBHdM.exe
  C:\Windows\System\jjaBHdM.exe
  2⤵
  PID:10160
- C:\Windows\System\GXRkVuT.exe
  C:\Windows\System\GXRkVuT.exe
  2⤵
  PID:10184
- C:\Windows\System\EeDIInE.exe
  C:\Windows\System\EeDIInE.exe
  2⤵
  PID:10200
- C:\Windows\System\XgFerRW.exe
  C:\Windows\System\XgFerRW.exe
  2⤵
  PID:10216
- C:\Windows\System\DTOKEUU.exe
  C:\Windows\System\DTOKEUU.exe
  2⤵
  PID:10232
- C:\Windows\System\HNouMbF.exe
  C:\Windows\System\HNouMbF.exe
  2⤵
  PID:1756
- C:\Windows\System\VXyeWqF.exe
  C:\Windows\System\VXyeWqF.exe
  2⤵
  PID:8360
- C:\Windows\System\mpLMNWo.exe
  C:\Windows\System\mpLMNWo.exe
  2⤵
  PID:8688
- C:\Windows\System\xYzacdy.exe
  C:\Windows\System\xYzacdy.exe
  2⤵
  PID:2728
- C:\Windows\System\esjDybW.exe
  C:\Windows\System\esjDybW.exe
  2⤵
  PID:468
- C:\Windows\System\SYeCuFa.exe
  C:\Windows\System\SYeCuFa.exe
  2⤵
  PID:7464
- C:\Windows\System\zdGghnT.exe
  C:\Windows\System\zdGghnT.exe
  2⤵
  PID:9288
- C:\Windows\System\FDKTQTe.exe
  C:\Windows\System\FDKTQTe.exe
  2⤵
  PID:9296
- C:\Windows\System\APekUOI.exe
  C:\Windows\System\APekUOI.exe
  2⤵
  PID:9312
- C:\Windows\System\KvVrIbA.exe
  C:\Windows\System\KvVrIbA.exe
  2⤵
  PID:9352
- C:\Windows\System\SWFasMy.exe
  C:\Windows\System\SWFasMy.exe
  2⤵
  PID:9376
- C:\Windows\System\qbXtLnK.exe
  C:\Windows\System\qbXtLnK.exe
  2⤵
  PID:9380
- C:\Windows\System\ldOgUJH.exe
  C:\Windows\System\ldOgUJH.exe
  2⤵
  PID:9428
- C:\Windows\System\gdgbABE.exe
  C:\Windows\System\gdgbABE.exe
  2⤵
  PID:9468
- C:\Windows\System\sJqvFXz.exe
  C:\Windows\System\sJqvFXz.exe
  2⤵
  PID:9504
- C:\Windows\System\LTRnhcF.exe
  C:\Windows\System\LTRnhcF.exe
  2⤵
  PID:9572
- C:\Windows\System\RzzRfyH.exe
  C:\Windows\System\RzzRfyH.exe
  2⤵
  PID:9604
- C:\Windows\System\YwkUGWe.exe
  C:\Windows\System\YwkUGWe.exe
  2⤵
  PID:9696
- C:\Windows\System\PYEWCSJ.exe
  C:\Windows\System\PYEWCSJ.exe
  2⤵
  PID:9760
- C:\Windows\System\BEtHcEy.exe
  C:\Windows\System\BEtHcEy.exe
  2⤵
  PID:9796
- C:\Windows\System\VlmPmbB.exe
  C:\Windows\System\VlmPmbB.exe
  2⤵
  PID:9832
- C:\Windows\System\ukKFyci.exe
  C:\Windows\System\ukKFyci.exe
  2⤵
  PID:9836
- C:\Windows\System\PjaNcUC.exe
  C:\Windows\System\PjaNcUC.exe
  2⤵
  PID:9708
- C:\Windows\System\IMRyRRm.exe
  C:\Windows\System\IMRyRRm.exe
  2⤵
  PID:9676
- C:\Windows\System\zvbUKJL.exe
  C:\Windows\System\zvbUKJL.exe
  2⤵
  PID:9816
- C:\Windows\System\JAsvNVc.exe
  C:\Windows\System\JAsvNVc.exe
  2⤵
  PID:9748
- C:\Windows\System\BAWqUdL.exe
  C:\Windows\System\BAWqUdL.exe
  2⤵
  PID:9852
- C:\Windows\System\dpoqLBf.exe
  C:\Windows\System\dpoqLBf.exe
  2⤵
  PID:9876
- C:\Windows\System\cSKxQKm.exe
  C:\Windows\System\cSKxQKm.exe
  2⤵
  PID:9928
- C:\Windows\System\URWgZOb.exe
  C:\Windows\System\URWgZOb.exe
  2⤵
  PID:9984
- C:\Windows\System\cXEsnui.exe
  C:\Windows\System\cXEsnui.exe
  2⤵
  PID:9996
- C:\Windows\System\FgOIiSM.exe
  C:\Windows\System\FgOIiSM.exe
  2⤵
  PID:10024
- C:\Windows\System\UVvSAhv.exe
  C:\Windows\System\UVvSAhv.exe
  2⤵
  PID:10152
- C:\Windows\System\OTAKpOF.exe
  C:\Windows\System\OTAKpOF.exe
  2⤵
  PID:10192
- C:\Windows\System\urLoXkq.exe
  C:\Windows\System\urLoXkq.exe
  2⤵
  PID:3048
- C:\Windows\System\bGLIaNO.exe
  C:\Windows\System\bGLIaNO.exe
  2⤵
  PID:9276
- C:\Windows\System\OLeFyUr.exe
  C:\Windows\System\OLeFyUr.exe
  2⤵
  PID:9388
- C:\Windows\System\yYkACkq.exe
  C:\Windows\System\yYkACkq.exe
  2⤵
  PID:9332
- C:\Windows\System\uHsspLg.exe
  C:\Windows\System\uHsspLg.exe
  2⤵
  PID:10172
- C:\Windows\System\ouUkgsH.exe
  C:\Windows\System\ouUkgsH.exe
  2⤵
  PID:10208
- C:\Windows\System\dKSKSfu.exe
  C:\Windows\System\dKSKSfu.exe
  2⤵
  PID:9224
- C:\Windows\System\DmJkyCn.exe
  C:\Windows\System\DmJkyCn.exe
  2⤵
  PID:9284
- C:\Windows\System\GCSIVJu.exe
  C:\Windows\System\GCSIVJu.exe
  2⤵
  PID:9364
- C:\Windows\System\TFWaJDE.exe
  C:\Windows\System\TFWaJDE.exe
  2⤵
  PID:9452
- C:\Windows\System\jtrTdYD.exe
  C:\Windows\System\jtrTdYD.exe
  2⤵
  PID:9524
- C:\Windows\System\uejMvxp.exe
  C:\Windows\System\uejMvxp.exe
  2⤵
  PID:9612
- C:\Windows\System\bIrPPai.exe
  C:\Windows\System\bIrPPai.exe
  2⤵
  PID:9584
- C:\Windows\System\UMqKiKH.exe
  C:\Windows\System\UMqKiKH.exe
  2⤵
  PID:9588
- C:\Windows\System\syTccGb.exe
  C:\Windows\System\syTccGb.exe
  2⤵
  PID:9692
- C:\Windows\System\wBpoiEz.exe
  C:\Windows\System\wBpoiEz.exe
  2⤵
  PID:9648
- C:\Windows\System\WEoqvUp.exe
  C:\Windows\System\WEoqvUp.exe
  2⤵
  PID:9744
- C:\Windows\System\BsnufJs.exe
  C:\Windows\System\BsnufJs.exe
  2⤵
  PID:9644
- C:\Windows\System\ehcyqcK.exe
  C:\Windows\System\ehcyqcK.exe
  2⤵
  PID:9944
- C:\Windows\System\rDHYmhf.exe
  C:\Windows\System\rDHYmhf.exe
  2⤵
  PID:9740
- C:\Windows\System\WZDmjZQ.exe
  C:\Windows\System\WZDmjZQ.exe
  2⤵
  PID:10156
- C:\Windows\System\ZfdNZNr.exe
  C:\Windows\System\ZfdNZNr.exe
  2⤵
  PID:10072
- C:\Windows\System\XBTbNbX.exe
  C:\Windows\System\XBTbNbX.exe
  2⤵
  PID:10112
- C:\Windows\System\OJkPWpI.exe
  C:\Windows\System\OJkPWpI.exe
  2⤵
  PID:10116
- C:\Windows\System\OIiQjpc.exe
  C:\Windows\System\OIiQjpc.exe
  2⤵
  PID:9336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AUGvymk.exe

Filesize
6.0MB

MD5
50f0d247d02d72f96c32f610dda095c3

SHA1
78a3a0990aef297436c85d988b6d078345241494

SHA256
3647df50e938a5b6057dd8a71b2e05ea0449e126866d70c9c233dea385a9282e

SHA512
2e208165aa979aa015858d7bfa714df1078e21793949dbfe20247f40415350cb68c8e02bec6b3c3d09a64489e31164090150b684597fbceb176a8b293b3aee64

Download Submit
C:\Windows\system\AWBYaGR.exe

Filesize
6.0MB

MD5
ca6974395601df1429fe798da38595b2

SHA1
e3dbf3300aa0c7f2eecd8fa76ad5abc0661a8248

SHA256
3f3aa463dda99005485cd36fc31d216bc4766aa87aad94d7087e7c749cb02f34

SHA512
400be6dd99a91db4818ebb59351a2b2de06e7e00818489d2fb71c83483bdfefbbd25609ff811fec91267c0478afb99f98320279270743e8d31e64c96779009df

Download Submit
C:\Windows\system\AkuWMig.exe

Filesize
6.0MB

MD5
855b863a0faad3c5b3dd5d5f025cfeb2

SHA1
a1312988c0981ae7e6d94f040ecb3b57085b44cd

SHA256
92e0d12e4feef42b4c7734bc3d61dae2ab46e2df0f1eec8e5ce0d0cc25515073

SHA512
5ee1a58da7602bd6377a89828e9cd3ad0fac3b4dd16727ef7a2a483ef4bd186266d53f4ccfba92d9bf83e5b15a90b95c0acdd23f4e9ebb108f1a93ca51baf07a

Download Submit
C:\Windows\system\BjgPIaq.exe

Filesize
6.0MB

MD5
f062f4080ff98be88adbac98094fdae6

SHA1
05018a8084f48f949b645dab47074a90a54b072b

SHA256
b970a87705a092fa8d8656f5037e41fd9ca746a8f44885428775c271b3c246fa

SHA512
90dd54c816b52a48a5de6ff23a51f6b3cdbe3b6510e98dbaf219390dbd53cd8f547d5c61885b4bb3d9300b6d93fda51651d4b138ffcf3383aed0c13c987396cf

Download Submit
C:\Windows\system\CGzpRlF.exe

Filesize
6.0MB

MD5
10b741db385601111f90fd631cdd7786

SHA1
fbec3a3a8f5043f09342c578e2fd572aff4a1d98

SHA256
7056dcb4dcf8694473ffc32d6d70300c26b47a000a60f628644ce3460cae1d24

SHA512
90703c2fd74082442401536f93f25b67d2a9e7d6b9d4dc4a14e63a788ef7ac2d1f083eed59ac4f29f7f7b3b2fb35946f299017eb071e56cc1b5f90e41d89c368

Download Submit
C:\Windows\system\ChluQfX.exe

Filesize
6.0MB

MD5
7666be483c46878116405321e4457e8b

SHA1
4af19a9f10c0d6daf97174805c10b21d6c09cc43

SHA256
355f42aa1cab588b11491685a7dde3f176b6742e789820968adc55aa09ff7b39

SHA512
9d295a52b8a98fc99824110e75ac715badae10418957ca1d68e7c39c6ac84cb1d182aa30c73cf5a5d04eb3002e64905f10198ec1708503602b779c4d185e1bd6

Download Submit
C:\Windows\system\HLkXTZI.exe

Filesize
6.0MB

MD5
9b1e49126b7b98466a2f1e8015e8def4

SHA1
ca5b764433dd188e9950d1391cdcc37c6c03439a

SHA256
ddbe7be43b9818f70f23ef3d130803b299e14ec1e43d98b00859aa777e5f314b

SHA512
ca4118a79634473762c671bcc6e237efb4c107b5c25026576874ea7c0d9ad615518bbe226d679fcfe20133d918233a4e61231be62ab517e02b4346d892ca31e6

Download Submit
C:\Windows\system\JnoxQQq.exe

Filesize
6.0MB

MD5
c2465094978b24f526289c2074cf1392

SHA1
fa3fcced8963cac30bce0d42fa151ffaa3a690fe

SHA256
bb1c358bcb25e491fa407ed57607c9b7ac749639f4e3dd9feed5bc8ba7777dd9

SHA512
8c2bc1bc6caa4af35f36b7d51416dde799fef91d53ec8c9466665ee561189f985cc72aa6ff981d1ff77ed6cf7c32325a664e5e7951653e853546867306d6c31d

Download Submit
C:\Windows\system\JxNzWKV.exe

Filesize
6.0MB

MD5
f3ca9bae9065a29310e1063b27e8c16b

SHA1
577bed59db05fccd73706b2374768e6f0824f75e

SHA256
8f75d074844414c2858c5e5f6d49d867c7ed115cb50b41a15b52db0dc0fde6ef

SHA512
7bdfd760241a0b12461e128fb58da1da637a0b2b8120356bb54f3da62cd95703c816efbd0235b3ab8d1148928fd5bde112e5cc76160a6add594f7e1356cd66ff

Download Submit
C:\Windows\system\LSbimbv.exe

Filesize
6.0MB

MD5
4b779876cf2cf6fe050018585a80abf8

SHA1
9ae4d179eed8c93d02d35b68075a17405ace1e10

SHA256
e7e46c374ba5615b55be850e4e21ecf1d82c4971f5ebd2e1831d3a555f2a5f03

SHA512
d512eb6b3d82c2de1f640d61ad780171242777c73fd28cbed5c61945c5e406904ae2c2ff2beefa6129a2e134ddde55a7d419e80547e1a2bc52750eb320283464

Download Submit
C:\Windows\system\NNTQlvo.exe

Filesize
6.0MB

MD5
14dcd66a33938d71834935adede23dfd

SHA1
76501aab5ba2427c884f1a5d35bfdf7a10ebf764

SHA256
277ca6ec27d4be2565c3af4656066852dbb3efa43925808857ea2feec3f78f6f

SHA512
cde68326c54ea2c4ec24143459e46158824f9188c2bbd567327cb6a39bbcb2203fa915e55fbca99548b22191edc6f09c46d0ce23b41252e85e37d269e68f714b

Download Submit
C:\Windows\system\OoylJPZ.exe

Filesize
6.0MB

MD5
609ef3d55d2b280fa34656d69bd02f23

SHA1
88c50b5ee1b4f02d500df9af2008a8156f937d78

SHA256
a39ac155d73e4645184fbbff6bb7d798221575b26417764e4bc3589f09d8649e

SHA512
a321e8f51b05149b6286b38fe11a51e9b3e232414b8d64e356275e3707a51179a95602fce343a4cea805b63b60f2fe444dc9512e22b622fc4472f4f15af1ca36

Download Submit
C:\Windows\system\RdEddzj.exe

Filesize
6.0MB

MD5
19615596d0cdcede4bf07acebcd20b36

SHA1
d62d980f2fecb92597b856117878063725782531

SHA256
b475182f2514b30e0dd926d04d7f0d45561b965c15f951b9cb0d330b3caf9085

SHA512
2359a89dcf947b68a822e428ca7ada22b47b5ad2d47fccdb6dd0634a9069c65b6fda0c57cfbd5a77e8da9c6cf79a37e63ad56a8dc976c4040b087b9b67d7f6bb

Download Submit
C:\Windows\system\SbsPGFm.exe

Filesize
6.0MB

MD5
9e9336ce2b5adc071c494058c3c91e36

SHA1
bdf1d5cafd97fc0ff46df79acd30c0eb1bf3ff83

SHA256
edd75156e980851c108f9681917c599e8cbf10f00dedd6fbf6ad15b1642e9525

SHA512
5cbb26ad45cd4ca982934af64780202411d81e20a5df4f85cb638d7f60efdb2229632ef5c896447021f132295d99fa9b8358360455a1ad00bc64db0643f6274a

Download Submit
C:\Windows\system\TCrTXLn.exe

Filesize
6.0MB

MD5
1ce3d579d6741505dd7c8efb950d67e9

SHA1
dba1211662489a1b74a4f9fc8d68c506d0803d07

SHA256
396fb6dee2be3a9cecb6c7310a71fbbcb37cee5a3c85a2017cfce422a0052a75

SHA512
fce14f086c9a2c51b966296d2c6594bf9d1f645e90b446e963c80dda5d2e23c8a4a022306093b30a6d9a62400617fccb39c820c51c24fdf7309ffb0265a4b891

Download Submit
C:\Windows\system\VaUKcrj.exe

Filesize
6.0MB

MD5
e2789f6ea581b832ee751ab81621e29e

SHA1
4471ea5075cf5da5316c2ccba3da6aa9cc47963a

SHA256
bde218819ab61ee8cee1ce793948461432fb77659b351c42af86838a4652946f

SHA512
7d07aed762cf0d61ced49f35575e496561cdabbb18f17cdc8f06d8fa2036018294e7fdf20b2589ddd497ed46fca2ce2cef78e1248ea0e204746c7541f4256078

Download Submit
C:\Windows\system\XVizVOB.exe

Filesize
6.0MB

MD5
dbefe39a723ffd9511c9a277e1f82f42

SHA1
6f9e4e163c33a152e45109db012f248929818f8f

SHA256
5c67fd5019bcb63a2e87d4e67707cd0da3f3058caf108d5e45b025eb99777db7

SHA512
1577535135b5ebf0205668305e84ce25084b4ca0b8205c9745ea9683c9391ea4ff33ae971554031efb7941bac7ee7f877ddce2d830d60a1cf2439685a3f39bf0

Download Submit
C:\Windows\system\YhCWfJX.exe

Filesize
6.0MB

MD5
d2786aab05d7a902b451c3f803f476df

SHA1
3e06eedd85fe08b2d7cd1b93a6059d33d29b443b

SHA256
3c3bfca857a7f63d7ad28a4d4c59a40a6350d0486dc4f1d20fb9a13d0eedc3e9

SHA512
130a882a4a8273a1a7fde66bf41e979be36c965ecbd875355e9d6147605980b372cbb77e532f8b5a07bfb30980c30b13f2c62a68c6fcc15fd6ebfeb75b7f1457

Download Submit
C:\Windows\system\aVdtaQG.exe

Filesize
6.0MB

MD5
d782191f1762425f3936c9e67baa87fb

SHA1
7822b165c5db52e9a063708bb5b009eafa8ce787

SHA256
309915e64f3abfc6f5c3c168fb5a368fce1afa80dfabba9fdff8f6661da2c230

SHA512
9ccd62711569a2e34b63e1c540d26e1fc30096fa150cff5345e97cfed9e26e121ad337cd2e7bd360d3831e4a5724846d3bd78b3be63c626df9a4becba077663d

Download Submit
C:\Windows\system\aXlEuET.exe

Filesize
6.0MB

MD5
9886108942ad4a65ae2595031fe85c85

SHA1
03eaf0fffaecdb896576d8f3ffbd187ed13bcca4

SHA256
48d2c493da27e1a6736f8899126a3f23db71c4a6db12c00dac3c22a095a4f18e

SHA512
5057405cdcd53db030df877747ca6d01f0260047be2b711db6322f7998146c9f1f5a487638115857957906cbef7bd8002286d02553537b9b6d4322718f0cc921

Download Submit
C:\Windows\system\bcPBWKx.exe

Filesize
6.0MB

MD5
e5d1b23c9592d7de97df344ba6f03be9

SHA1
800c4f16fecbbc860e9388a41044eaf81cb00a44

SHA256
50fc4efc036d9aa211ecee6c29737694ac63cbf0da431e609c731deca176cddc

SHA512
587962f436205c6e4d755586133f40137985139513309e93480d671d7223a5f4ecf4d90ffe66cb1850c12ae51a951ff248e40be97761ea3a663276e0addd3469

Download Submit
C:\Windows\system\fTFOUBH.exe

Filesize
6.0MB

MD5
cdfb47407ceb54608da6c071475c4f10

SHA1
c9e83ef77da35b5f137c03383602febd1ac2f517

SHA256
499d8d5e44872544f5b114ab363f4d1beed9795dd96f889de409a641d158dec2

SHA512
30a9e575d820d3de61260daf3b81655647bc4848639e79c8bddcc1638895a767b7ea20c33ae0b6aaa9015f1a0bfc73fbaf470fd0538ac3a9430f004479e73eab

Download Submit
C:\Windows\system\gBoIOyz.exe

Filesize
6.0MB

MD5
8dc4d3cd42ce548f1bbee1333b5a133d

SHA1
035618ce13d51555eb1923305a63c4ce387a5491

SHA256
8c64a8f62aec0a866e7bc902072585d8bbf6d4b00c5e7037acd638b009828537

SHA512
e9614916cdfeb70f6c7b2c1f95d0dd198378a68377d0189c92035a67a66ab6eee38024848edfa71a80fd69d60a7f2b882477560fa11c1cc50ff6ef20eadf38f4

Download Submit
C:\Windows\system\gXdNcIs.exe

Filesize
6.0MB

MD5
946b5b5db7d946235d7929a9e57b8d12

SHA1
3a2d44fc13ff36e016a417f70eb9fa1d5c5129ae

SHA256
2175a99a8bef6a507d9346b55821cf62e2f6f14857af3b15bdfa2e17bdec7e28

SHA512
cb5172702e0d9e1498f1ad26b55d1d70bc656c51e9c6f52cc6757560526e488adc32d1fbf7606928bbaf3f1c7b74542aaeb2d783880d253d8415b25d8bdfff58

Download Submit
C:\Windows\system\jopNAbk.exe

Filesize
6.0MB

MD5
67ec4a3d1d4c55f797ec4ef1dc2705df

SHA1
52ee74a9ce91cf5a57ea76949d1c9de09df32731

SHA256
9aa8c3b10747d589daa2b754eef416f3aab3a6ae8d57f01a291c41e829889926

SHA512
838a0d28664685a50a1fceec248846023bf822ae342b788eec14b03ad3b4762499b27e4d6a3e50a723d6905d46a281f5aa54d629e0f620b63b7181458e795409

Download Submit
C:\Windows\system\lGDvOKc.exe

Filesize
6.0MB

MD5
6d9d3f1bdf9205d69303a5f513761dd3

SHA1
bf56c09178e469cb43996dfbf9b8fc4a98cbc456

SHA256
dc2253dbfbe93551d0d53e5a0dea8937813e079a4a791dc7f78e059548d5d07f

SHA512
15b25c7fe9cf933effeaac2a98f4e67c3f71bb206a6a91cb8275c9b3fa30c7260562ad8b166ad18b381b7418bbcac1e1fbfe8ff08c6d3f99d222a16b631acf88

Download Submit
C:\Windows\system\mOZrffl.exe

Filesize
6.0MB

MD5
c9af537c44ef52df44d126fb87929684

SHA1
d350807c181ec9a972d5728918c1b06b1f3751ce

SHA256
a97ef75d1576d855b735015c7dd44fb34805934daa9ac62a6086a86b162f897b

SHA512
e02bfd2e5ec579ad292390a8385a19f8ee0509769543c8500d3281dcba325395d422e134cfed5e65dddb00ee62ac7877916ee90099c05f0359f4d7da841e8f97

Download Submit
C:\Windows\system\omPgYFv.exe

Filesize
6.0MB

MD5
db829158a9b1434f8f72f166a7dc313c

SHA1
da56724334380587c7933f86def29eb9ea71782b

SHA256
29fa5f827e2a479fb0b28af1a3af267d0dc15020948e50bee063d6ed198488de

SHA512
b62868c9760a57c62db95d8bf13b485a9d711d6f32dc92566fc96db4933d75293e6e80be28d02e81ebb1f2a7dd959e428f85e0d21c6d7fee3bb210d7593b1557

Download Submit
C:\Windows\system\rEuRkoj.exe

Filesize
6.0MB

MD5
5deef98bd411bec5f14dc345e77c2193

SHA1
7df00ef6c3a4456971d22b69aa851733333cff8f

SHA256
636e7c3c4e281b744cbdd478684089f6dac41a3695eadddfa7e98e619a7d2eab

SHA512
732349e18461acd77e9a69a092018cecf8c29de1174fcf6cc4b7ca5d88316526bbf13faff4feaffd6033d4168e0a14dbe017cae9bd0e55086ce25fbc3326106b

Download Submit
C:\Windows\system\trUChSQ.exe

Filesize
6.0MB

MD5
33fb67393cb3761d4a8b460deb86ea58

SHA1
d850efc60ec0ca6ad3cb1a1de21f07623c069d10

SHA256
000baf9dc3ecda506e425f00fe6ef9d49591b1b4955cc4f35dcaa2e1a6b4da6d

SHA512
49ae70d8caa612e97c0892a59a4cc2506b00f1b694270881bbd1cacb32d16590cc5f6f06f8d4c185c05a937835408f3534371013a274ff18e7af1d3dcd36a526

Download Submit
C:\Windows\system\xYgjXeR.exe

Filesize
6.0MB

MD5
de1b67adf1b7e3a74645182f8cb99b0c

SHA1
015e6b40515e1e1141be63f6472c91b9488d9560

SHA256
0769a3c4da2f6f8327680e37dadc16b427c2eaa0ed0cb837b16613718b668b62

SHA512
b264f5b81b9c8907fbc4c1d424a158395165c938483f3ff7594797a0b33f46f677f1b3c1efc4d6429640fa6bfefd1a82cd9dd7fac14732938f3842dd7164afbd

Download Submit
C:\Windows\system\yPjqOAW.exe

Filesize
6.0MB

MD5
90112a89da1e28758ffde2d6632ad3f6

SHA1
e38fce68ceaca7ef9eff573897e4e5834f5235ea

SHA256
02e2279d9c7ecee420587689b333dd2ba282b45220ef3dc3a38e47374a9cbb33

SHA512
afcce06dfbb98d2a6d9451d17e21ade228d704ab4017a785396d787300e2d847bad2b66aea538f8ac51b1c15815d78dcde3c9624569d63decb1ff051c2934e5e

Download Submit
memory/640-3629-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/640-15-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2092-104-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2092-3624-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2092-22-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2204-73-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2204-3628-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2216-77-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3656-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2360-1088-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-96-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-3645-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3661-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-771-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-91-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-54-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3688-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3623-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2604-9-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3619-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2804-85-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2876-208-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3620-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-34-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-84-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3622-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3657-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2892-80-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2960-63-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3627-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3630-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2984-59-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/3036-1421-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3036-770-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3036-90-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3036-81-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/3036-1087-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3036-0-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-78-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/3036-95-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3036-105-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3036-68-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-82-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/3036-490-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3036-75-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3036-46-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/3036-53-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3036-20-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/3036-625-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/3036-37-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3036-8-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3036-28-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/3036-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download