cobaltstrike | 1cb249ebe606adea0ee12a0d021b3b92cd24d37926fbbf1ddf1ebac2bf74946d

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31/01/2025, 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0c652d601684019b3b529faa96169477
SHA1

074bb2c04e5a5857a5777dd2da24b61e2ace085f
SHA256

1cb249ebe606adea0ee12a0d021b3b92cd24d37926fbbf1ddf1ebac2bf74946d
SHA512

f93bb22e18f7ab0fe278ca92fbb0d9294f9c174d32c204c52353d26f69b2eb3ef9bfc2e4a13620f8761e74f96d4d2da4ee22f96740490bc28af0f885e984e762
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUd:T+q56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016edb-8.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707c-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-22.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-47.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-166.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174a6-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-92.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746a-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-54.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f3-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-62.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-61.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174c3-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017488-42.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2056-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-3.dat	xmrig
behavioral1/files/0x0008000000016edb-8.dat	xmrig
behavioral1/files/0x000800000001707c-12.dat	xmrig
behavioral1/memory/804-25-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0007000000017403-22.dat	xmrig
behavioral1/files/0x0005000000019268-47.dat	xmrig
behavioral1/files/0x0005000000019433-186.dat	xmrig
behavioral1/memory/2756-1034-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2056-916-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b3-184.dat	xmrig
behavioral1/files/0x0005000000019513-180.dat	xmrig
behavioral1/files/0x0005000000019365-172.dat	xmrig
behavioral1/files/0x000500000001929a-169.dat	xmrig
behavioral1/files/0x00050000000194df-166.dat	xmrig
behavioral1/files/0x00080000000174a6-155.dat	xmrig
behavioral1/files/0x0005000000019485-153.dat	xmrig
behavioral1/files/0x000500000001946a-144.dat	xmrig
behavioral1/files/0x0005000000019479-142.dat	xmrig
behavioral1/files/0x000500000001945b-137.dat	xmrig
behavioral1/memory/2612-136-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019465-133.dat	xmrig
behavioral1/files/0x0005000000019450-125.dat	xmrig
behavioral1/memory/2016-95-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019387-92.dat	xmrig
behavioral1/files/0x000700000001746a-78.dat	xmrig
behavioral1/memory/2820-77-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2848-58-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019275-54.dat	xmrig
behavioral1/files/0x00080000000173f3-50.dat	xmrig
behavioral1/memory/2056-31-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2360-29-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001953e-189.dat	xmrig
behavioral1/files/0x000500000001950e-176.dat	xmrig
behavioral1/files/0x00050000000194d7-162.dat	xmrig
behavioral1/files/0x000500000001947d-150.dat	xmrig
behavioral1/memory/536-132-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2056-124-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/796-123-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019446-120.dat	xmrig
behavioral1/memory/2056-118-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/1660-116-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c1-108.dat	xmrig
behavioral1/files/0x00050000000193a4-107.dat	xmrig
behavioral1/memory/2056-99-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2860-91-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019377-86.dat	xmrig
behavioral1/files/0x0005000000019319-85.dat	xmrig
behavioral1/memory/2756-83-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-62.dat	xmrig
behavioral1/files/0x000500000001926c-61.dat	xmrig
behavioral1/memory/2056-44-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x00080000000174c3-43.dat	xmrig
behavioral1/files/0x0007000000017488-42.dat	xmrig
behavioral1/memory/3048-36-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2016-3970-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2860-3972-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2820-3976-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/3048-3975-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/796-4004-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/536-4003-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2848-3974-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/1660-3973-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2360-3971-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3048	PLOHlEE.exe
804	PErFnOS.exe
2360	cSmYnHx.exe
2848	bTOsuxw.exe
2820	QnoBdLw.exe
2756	EOPgyOC.exe
796	qlVJKlU.exe
2860	TEiDFQH.exe
2016	OjqMVUW.exe
536	AsXDbbe.exe
2612	zffrPkY.exe
1660	slCjaMX.exe
2380	iIolAIb.exe
2824	GxzSEaJ.exe
1912	VbvOqug.exe
1604	mdtmCcm.exe
1884	jdQliIL.exe
2936	URKPRnH.exe
2868	lRknYxs.exe
2492	wVPdKhD.exe
2212	zSYTBSF.exe
2816	HUDWDaS.exe
2716	JTPEcqw.exe
2672	SmSyNsm.exe
408	rTsfAjz.exe
1132	dSxOOGp.exe
1940	PJwkCNk.exe
2504	qJWdCWN.exe
632	VPRxonf.exe
2140	DdkdHFe.exe
2384	eBhYlTU.exe
1192	UAFNIBy.exe
1108	jZtaPcF.exe
2232	NEtDXSC.exe
1464	GHGjZoE.exe
1892	sZMJSVI.exe
1472	XQDAwqP.exe
2220	CtWZshC.exe
696	eOjwFiU.exe
2388	zosLWaY.exe
2488	nYUNWBn.exe
3016	JvcoRwo.exe
752	mHpsrHz.exe
1776	RrsfLuI.exe
1712	XtILeTQ.exe
1240	xcFZTbc.exe
2696	rcxVklQ.exe
852	XjiDVBk.exe
1724	EDZpatw.exe
556	fvFVCdN.exe
784	UldVZRN.exe
792	ZevexCJ.exe
2436	nfYBSUO.exe
876	OjnLTLA.exe
1488	dbNmOQw.exe
1520	cxyVYHw.exe
3064	qWrgoqR.exe
2692	eEKlSSZ.exe
2532	YqWFBwS.exe
2812	GlIMXPp.exe
2632	CsgoesT.exe
2496	xcCNGmC.exe
340	TTdlqJa.exe
2904	gcnAOoY.exe

Loads dropped DLL 64 IoCs

pid	Process
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2056-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-3.dat	upx
behavioral1/files/0x0008000000016edb-8.dat	upx
behavioral1/files/0x000800000001707c-12.dat	upx
behavioral1/memory/804-25-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0007000000017403-22.dat	upx
behavioral1/files/0x0005000000019268-47.dat	upx
behavioral1/files/0x0005000000019433-186.dat	upx
behavioral1/memory/2756-1034-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2056-916-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x00050000000193b3-184.dat	upx
behavioral1/files/0x0005000000019513-180.dat	upx
behavioral1/files/0x0005000000019365-172.dat	upx
behavioral1/files/0x000500000001929a-169.dat	upx
behavioral1/files/0x00050000000194df-166.dat	upx
behavioral1/files/0x00080000000174a6-155.dat	upx
behavioral1/files/0x0005000000019485-153.dat	upx
behavioral1/files/0x000500000001946a-144.dat	upx
behavioral1/files/0x0005000000019479-142.dat	upx
behavioral1/files/0x000500000001945b-137.dat	upx
behavioral1/memory/2612-136-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0005000000019465-133.dat	upx
behavioral1/files/0x0005000000019450-125.dat	upx
behavioral1/memory/2016-95-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x0005000000019387-92.dat	upx
behavioral1/files/0x000700000001746a-78.dat	upx
behavioral1/memory/2820-77-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2848-58-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x0005000000019275-54.dat	upx
behavioral1/files/0x00080000000173f3-50.dat	upx
behavioral1/memory/2360-29-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x000500000001953e-189.dat	upx
behavioral1/files/0x000500000001950e-176.dat	upx
behavioral1/files/0x00050000000194d7-162.dat	upx
behavioral1/files/0x000500000001947d-150.dat	upx
behavioral1/memory/536-132-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/796-123-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0005000000019446-120.dat	upx
behavioral1/memory/1660-116-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x00050000000193c1-108.dat	upx
behavioral1/files/0x00050000000193a4-107.dat	upx
behavioral1/memory/2860-91-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x0005000000019377-86.dat	upx
behavioral1/files/0x0005000000019319-85.dat	upx
behavioral1/memory/2756-83-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0005000000019278-62.dat	upx
behavioral1/files/0x000500000001926c-61.dat	upx
behavioral1/files/0x00080000000174c3-43.dat	upx
behavioral1/files/0x0007000000017488-42.dat	upx
behavioral1/memory/3048-36-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2016-3970-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2860-3972-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2820-3976-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/3048-3975-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/796-4004-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/536-4003-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2848-3974-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/1660-3973-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2360-3971-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ySoJtJe.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\reYxnUG.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwLMsfZ.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgxiqGo.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZQtvnl.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgwejpP.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgGvKic.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdQliIL.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQDAwqP.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\toNvYcS.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWiyGak.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOjGsow.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtUJsSY.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYFasba.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\objcNIt.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\loUpIcs.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QgkKXsv.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GeghLFq.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhlyKCP.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\turuwCe.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOyqJoE.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHdDkcl.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQfQOLO.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RofrEFo.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcqRXKT.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctXyQYr.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QoDWVVD.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhUubGB.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItbuPRX.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULMhbqI.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdjaEhD.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTuJlef.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDTLSKi.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AadEKLo.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skofCWP.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSFPllH.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztcxpqr.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ugdSuIT.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RisqZGe.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQeDdEe.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrxmFJc.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlPxxHg.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQHRVck.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuYnHMa.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiEUbib.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbceXCD.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrWuhYm.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsmVKgW.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUEJzPS.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExppEcn.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GPnenSN.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHikvZz.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhGKftF.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twSGBMF.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFvyWqF.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMTJByL.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxLvFHk.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddPQbAV.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHNMKcA.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EosOKTh.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgkuNcU.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFkHWGg.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRFzbBf.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IktFeUC.exe	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 3048	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2056 wrote to memory of 3048	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2056 wrote to memory of 3048	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2056 wrote to memory of 804	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2056 wrote to memory of 804	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2056 wrote to memory of 804	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2056 wrote to memory of 2360	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2056 wrote to memory of 2360	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2056 wrote to memory of 2360	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2056 wrote to memory of 796	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2056 wrote to memory of 796	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2056 wrote to memory of 796	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2056 wrote to memory of 2848	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2056 wrote to memory of 2848	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2056 wrote to memory of 2848	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2056 wrote to memory of 536	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2056 wrote to memory of 536	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2056 wrote to memory of 536	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2056 wrote to memory of 2820	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2056 wrote to memory of 2820	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2056 wrote to memory of 2820	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2056 wrote to memory of 2868	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2056 wrote to memory of 2868	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2056 wrote to memory of 2868	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2056 wrote to memory of 2756	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2056 wrote to memory of 2756	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2056 wrote to memory of 2756	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2056 wrote to memory of 2492	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2056 wrote to memory of 2492	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2056 wrote to memory of 2492	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2056 wrote to memory of 2860	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2056 wrote to memory of 2860	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2056 wrote to memory of 2860	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2056 wrote to memory of 2816	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2056 wrote to memory of 2816	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2056 wrote to memory of 2816	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2056 wrote to memory of 2016	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2056 wrote to memory of 2016	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2056 wrote to memory of 2016	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2056 wrote to memory of 2716	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2056 wrote to memory of 2716	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2056 wrote to memory of 2716	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2056 wrote to memory of 2612	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2056 wrote to memory of 2612	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2056 wrote to memory of 2612	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2056 wrote to memory of 2672	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2056 wrote to memory of 2672	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2056 wrote to memory of 2672	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2056 wrote to memory of 1660	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2056 wrote to memory of 1660	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2056 wrote to memory of 1660	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2056 wrote to memory of 1132	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2056 wrote to memory of 1132	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2056 wrote to memory of 1132	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2056 wrote to memory of 2380	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2056 wrote to memory of 2380	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2056 wrote to memory of 2380	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2056 wrote to memory of 1940	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2056 wrote to memory of 1940	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2056 wrote to memory of 1940	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2056 wrote to memory of 2824	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2056 wrote to memory of 2824	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2056 wrote to memory of 2824	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2056 wrote to memory of 2504	2056	2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_0c652d601684019b3b529faa96169477_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\System\PLOHlEE.exe
  C:\Windows\System\PLOHlEE.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\PErFnOS.exe
  C:\Windows\System\PErFnOS.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\cSmYnHx.exe
  C:\Windows\System\cSmYnHx.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\qlVJKlU.exe
  C:\Windows\System\qlVJKlU.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\bTOsuxw.exe
  C:\Windows\System\bTOsuxw.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\AsXDbbe.exe
  C:\Windows\System\AsXDbbe.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\QnoBdLw.exe
  C:\Windows\System\QnoBdLw.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\lRknYxs.exe
  C:\Windows\System\lRknYxs.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\EOPgyOC.exe
  C:\Windows\System\EOPgyOC.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\wVPdKhD.exe
  C:\Windows\System\wVPdKhD.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\TEiDFQH.exe
  C:\Windows\System\TEiDFQH.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\HUDWDaS.exe
  C:\Windows\System\HUDWDaS.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\OjqMVUW.exe
  C:\Windows\System\OjqMVUW.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\JTPEcqw.exe
  C:\Windows\System\JTPEcqw.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\zffrPkY.exe
  C:\Windows\System\zffrPkY.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\SmSyNsm.exe
  C:\Windows\System\SmSyNsm.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\slCjaMX.exe
  C:\Windows\System\slCjaMX.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\dSxOOGp.exe
  C:\Windows\System\dSxOOGp.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\iIolAIb.exe
  C:\Windows\System\iIolAIb.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\PJwkCNk.exe
  C:\Windows\System\PJwkCNk.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\GxzSEaJ.exe
  C:\Windows\System\GxzSEaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\qJWdCWN.exe
  C:\Windows\System\qJWdCWN.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\VbvOqug.exe
  C:\Windows\System\VbvOqug.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\DdkdHFe.exe
  C:\Windows\System\DdkdHFe.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\mdtmCcm.exe
  C:\Windows\System\mdtmCcm.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\eBhYlTU.exe
  C:\Windows\System\eBhYlTU.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\jdQliIL.exe
  C:\Windows\System\jdQliIL.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\UAFNIBy.exe
  C:\Windows\System\UAFNIBy.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\URKPRnH.exe
  C:\Windows\System\URKPRnH.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\NEtDXSC.exe
  C:\Windows\System\NEtDXSC.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\zSYTBSF.exe
  C:\Windows\System\zSYTBSF.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\CtWZshC.exe
  C:\Windows\System\CtWZshC.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\rTsfAjz.exe
  C:\Windows\System\rTsfAjz.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\JvcoRwo.exe
  C:\Windows\System\JvcoRwo.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\VPRxonf.exe
  C:\Windows\System\VPRxonf.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\RrsfLuI.exe
  C:\Windows\System\RrsfLuI.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\jZtaPcF.exe
  C:\Windows\System\jZtaPcF.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\XtILeTQ.exe
  C:\Windows\System\XtILeTQ.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\GHGjZoE.exe
  C:\Windows\System\GHGjZoE.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\rcxVklQ.exe
  C:\Windows\System\rcxVklQ.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\sZMJSVI.exe
  C:\Windows\System\sZMJSVI.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\XjiDVBk.exe
  C:\Windows\System\XjiDVBk.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\XQDAwqP.exe
  C:\Windows\System\XQDAwqP.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\EDZpatw.exe
  C:\Windows\System\EDZpatw.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\eOjwFiU.exe
  C:\Windows\System\eOjwFiU.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\fvFVCdN.exe
  C:\Windows\System\fvFVCdN.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\zosLWaY.exe
  C:\Windows\System\zosLWaY.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\UldVZRN.exe
  C:\Windows\System\UldVZRN.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\nYUNWBn.exe
  C:\Windows\System\nYUNWBn.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\ZevexCJ.exe
  C:\Windows\System\ZevexCJ.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\mHpsrHz.exe
  C:\Windows\System\mHpsrHz.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\nfYBSUO.exe
  C:\Windows\System\nfYBSUO.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\xcFZTbc.exe
  C:\Windows\System\xcFZTbc.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\OjnLTLA.exe
  C:\Windows\System\OjnLTLA.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\dbNmOQw.exe
  C:\Windows\System\dbNmOQw.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\cxyVYHw.exe
  C:\Windows\System\cxyVYHw.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\qWrgoqR.exe
  C:\Windows\System\qWrgoqR.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\YqWFBwS.exe
  C:\Windows\System\YqWFBwS.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\eEKlSSZ.exe
  C:\Windows\System\eEKlSSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\GlIMXPp.exe
  C:\Windows\System\GlIMXPp.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\CsgoesT.exe
  C:\Windows\System\CsgoesT.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\xcCNGmC.exe
  C:\Windows\System\xcCNGmC.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\TTdlqJa.exe
  C:\Windows\System\TTdlqJa.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\gcnAOoY.exe
  C:\Windows\System\gcnAOoY.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\zbPoEta.exe
  C:\Windows\System\zbPoEta.exe
  2⤵
  PID:380
- C:\Windows\System\YokGtsm.exe
  C:\Windows\System\YokGtsm.exe
  2⤵
  PID:2940
- C:\Windows\System\okbWPFA.exe
  C:\Windows\System\okbWPFA.exe
  2⤵
  PID:236
- C:\Windows\System\FNIpdmH.exe
  C:\Windows\System\FNIpdmH.exe
  2⤵
  PID:1980
- C:\Windows\System\URzWFEv.exe
  C:\Windows\System\URzWFEv.exe
  2⤵
  PID:3008
- C:\Windows\System\EjjsGqM.exe
  C:\Windows\System\EjjsGqM.exe
  2⤵
  PID:2712
- C:\Windows\System\zfzclry.exe
  C:\Windows\System\zfzclry.exe
  2⤵
  PID:1208
- C:\Windows\System\tRWpxgx.exe
  C:\Windows\System\tRWpxgx.exe
  2⤵
  PID:2248
- C:\Windows\System\udcoMbZ.exe
  C:\Windows\System\udcoMbZ.exe
  2⤵
  PID:2792
- C:\Windows\System\VhsozwN.exe
  C:\Windows\System\VhsozwN.exe
  2⤵
  PID:2724
- C:\Windows\System\UJRbRDR.exe
  C:\Windows\System\UJRbRDR.exe
  2⤵
  PID:2892
- C:\Windows\System\xiEUbib.exe
  C:\Windows\System\xiEUbib.exe
  2⤵
  PID:1612
- C:\Windows\System\TDITjyC.exe
  C:\Windows\System\TDITjyC.exe
  2⤵
  PID:1672
- C:\Windows\System\yQKnGLS.exe
  C:\Windows\System\yQKnGLS.exe
  2⤵
  PID:1836
- C:\Windows\System\OMhrBxx.exe
  C:\Windows\System\OMhrBxx.exe
  2⤵
  PID:1412
- C:\Windows\System\dAQARxY.exe
  C:\Windows\System\dAQARxY.exe
  2⤵
  PID:2528
- C:\Windows\System\GPnenSN.exe
  C:\Windows\System\GPnenSN.exe
  2⤵
  PID:288
- C:\Windows\System\xLOgjaS.exe
  C:\Windows\System\xLOgjaS.exe
  2⤵
  PID:1648
- C:\Windows\System\acDpSzF.exe
  C:\Windows\System\acDpSzF.exe
  2⤵
  PID:2408
- C:\Windows\System\ycAsxQl.exe
  C:\Windows\System\ycAsxQl.exe
  2⤵
  PID:1792
- C:\Windows\System\AinwBub.exe
  C:\Windows\System\AinwBub.exe
  2⤵
  PID:1400
- C:\Windows\System\FWdgMJT.exe
  C:\Windows\System\FWdgMJT.exe
  2⤵
  PID:2500
- C:\Windows\System\fligKvU.exe
  C:\Windows\System\fligKvU.exe
  2⤵
  PID:884
- C:\Windows\System\KZSgvaY.exe
  C:\Windows\System\KZSgvaY.exe
  2⤵
  PID:2316
- C:\Windows\System\XfPZwKa.exe
  C:\Windows\System\XfPZwKa.exe
  2⤵
  PID:2420
- C:\Windows\System\ySoJtJe.exe
  C:\Windows\System\ySoJtJe.exe
  2⤵
  PID:2988
- C:\Windows\System\YrAJKGa.exe
  C:\Windows\System\YrAJKGa.exe
  2⤵
  PID:1512
- C:\Windows\System\dsihMaE.exe
  C:\Windows\System\dsihMaE.exe
  2⤵
  PID:2880
- C:\Windows\System\URXieMw.exe
  C:\Windows\System\URXieMw.exe
  2⤵
  PID:2244
- C:\Windows\System\ZoIgFMZ.exe
  C:\Windows\System\ZoIgFMZ.exe
  2⤵
  PID:2912
- C:\Windows\System\IktFeUC.exe
  C:\Windows\System\IktFeUC.exe
  2⤵
  PID:952
- C:\Windows\System\fhmSdIk.exe
  C:\Windows\System\fhmSdIk.exe
  2⤵
  PID:2900
- C:\Windows\System\BUpSRHP.exe
  C:\Windows\System\BUpSRHP.exe
  2⤵
  PID:880
- C:\Windows\System\mxDUzhf.exe
  C:\Windows\System\mxDUzhf.exe
  2⤵
  PID:2596
- C:\Windows\System\QDUaxAt.exe
  C:\Windows\System\QDUaxAt.exe
  2⤵
  PID:1688
- C:\Windows\System\CIrwMJJ.exe
  C:\Windows\System\CIrwMJJ.exe
  2⤵
  PID:2104
- C:\Windows\System\yriZhww.exe
  C:\Windows\System\yriZhww.exe
  2⤵
  PID:1456
- C:\Windows\System\ROktIXA.exe
  C:\Windows\System\ROktIXA.exe
  2⤵
  PID:3012
- C:\Windows\System\ZaYeywj.exe
  C:\Windows\System\ZaYeywj.exe
  2⤵
  PID:1396
- C:\Windows\System\GKMnuKU.exe
  C:\Windows\System\GKMnuKU.exe
  2⤵
  PID:2272
- C:\Windows\System\WHAUNar.exe
  C:\Windows\System\WHAUNar.exe
  2⤵
  PID:544
- C:\Windows\System\aQraXNa.exe
  C:\Windows\System\aQraXNa.exe
  2⤵
  PID:2464
- C:\Windows\System\adykjpi.exe
  C:\Windows\System\adykjpi.exe
  2⤵
  PID:2516
- C:\Windows\System\OAcfcpR.exe
  C:\Windows\System\OAcfcpR.exe
  2⤵
  PID:3076
- C:\Windows\System\qwfJHDn.exe
  C:\Windows\System\qwfJHDn.exe
  2⤵
  PID:3096
- C:\Windows\System\gyKDFOb.exe
  C:\Windows\System\gyKDFOb.exe
  2⤵
  PID:3112
- C:\Windows\System\kCGpoGL.exe
  C:\Windows\System\kCGpoGL.exe
  2⤵
  PID:3136
- C:\Windows\System\Femkznj.exe
  C:\Windows\System\Femkznj.exe
  2⤵
  PID:3152
- C:\Windows\System\YQGKPYz.exe
  C:\Windows\System\YQGKPYz.exe
  2⤵
  PID:3168
- C:\Windows\System\AQKWKGB.exe
  C:\Windows\System\AQKWKGB.exe
  2⤵
  PID:3196
- C:\Windows\System\WBZTxlg.exe
  C:\Windows\System\WBZTxlg.exe
  2⤵
  PID:3216
- C:\Windows\System\QMxuIBB.exe
  C:\Windows\System\QMxuIBB.exe
  2⤵
  PID:3236
- C:\Windows\System\xBQXHUf.exe
  C:\Windows\System\xBQXHUf.exe
  2⤵
  PID:3256
- C:\Windows\System\GofnIYL.exe
  C:\Windows\System\GofnIYL.exe
  2⤵
  PID:3276
- C:\Windows\System\QoPkjhz.exe
  C:\Windows\System\QoPkjhz.exe
  2⤵
  PID:3292
- C:\Windows\System\pfhmFnM.exe
  C:\Windows\System\pfhmFnM.exe
  2⤵
  PID:3308
- C:\Windows\System\jzgOIod.exe
  C:\Windows\System\jzgOIod.exe
  2⤵
  PID:3332
- C:\Windows\System\ibEGHfR.exe
  C:\Windows\System\ibEGHfR.exe
  2⤵
  PID:3348
- C:\Windows\System\MqGWhZN.exe
  C:\Windows\System\MqGWhZN.exe
  2⤵
  PID:3368
- C:\Windows\System\LYYAkAH.exe
  C:\Windows\System\LYYAkAH.exe
  2⤵
  PID:3384
- C:\Windows\System\yLMynXK.exe
  C:\Windows\System\yLMynXK.exe
  2⤵
  PID:3400
- C:\Windows\System\yTwWpch.exe
  C:\Windows\System\yTwWpch.exe
  2⤵
  PID:3416
- C:\Windows\System\yOXdzhh.exe
  C:\Windows\System\yOXdzhh.exe
  2⤵
  PID:3432
- C:\Windows\System\CIoeSka.exe
  C:\Windows\System\CIoeSka.exe
  2⤵
  PID:3448
- C:\Windows\System\QOSBZzU.exe
  C:\Windows\System\QOSBZzU.exe
  2⤵
  PID:3476
- C:\Windows\System\cVdxXEE.exe
  C:\Windows\System\cVdxXEE.exe
  2⤵
  PID:3504
- C:\Windows\System\aWINVpZ.exe
  C:\Windows\System\aWINVpZ.exe
  2⤵
  PID:3548
- C:\Windows\System\Qfgwhnm.exe
  C:\Windows\System\Qfgwhnm.exe
  2⤵
  PID:3564
- C:\Windows\System\onHWtAU.exe
  C:\Windows\System\onHWtAU.exe
  2⤵
  PID:3580
- C:\Windows\System\sxYQMUC.exe
  C:\Windows\System\sxYQMUC.exe
  2⤵
  PID:3604
- C:\Windows\System\HlzPIYd.exe
  C:\Windows\System\HlzPIYd.exe
  2⤵
  PID:3620
- C:\Windows\System\DJLxHZI.exe
  C:\Windows\System\DJLxHZI.exe
  2⤵
  PID:3644
- C:\Windows\System\AzorhpA.exe
  C:\Windows\System\AzorhpA.exe
  2⤵
  PID:3664
- C:\Windows\System\FqBBHlD.exe
  C:\Windows\System\FqBBHlD.exe
  2⤵
  PID:3684
- C:\Windows\System\kDIHqwp.exe
  C:\Windows\System\kDIHqwp.exe
  2⤵
  PID:3704
- C:\Windows\System\LJWphCd.exe
  C:\Windows\System\LJWphCd.exe
  2⤵
  PID:3720
- C:\Windows\System\vcdvGSE.exe
  C:\Windows\System\vcdvGSE.exe
  2⤵
  PID:3736
- C:\Windows\System\gXqALhI.exe
  C:\Windows\System\gXqALhI.exe
  2⤵
  PID:3752
- C:\Windows\System\lSgCane.exe
  C:\Windows\System\lSgCane.exe
  2⤵
  PID:3768
- C:\Windows\System\rlhbtwA.exe
  C:\Windows\System\rlhbtwA.exe
  2⤵
  PID:3788
- C:\Windows\System\RDRMufj.exe
  C:\Windows\System\RDRMufj.exe
  2⤵
  PID:3804
- C:\Windows\System\rbWKZhE.exe
  C:\Windows\System\rbWKZhE.exe
  2⤵
  PID:3832
- C:\Windows\System\dMVadUA.exe
  C:\Windows\System\dMVadUA.exe
  2⤵
  PID:3864
- C:\Windows\System\dByKybe.exe
  C:\Windows\System\dByKybe.exe
  2⤵
  PID:3888
- C:\Windows\System\hrKrcQL.exe
  C:\Windows\System\hrKrcQL.exe
  2⤵
  PID:3908
- C:\Windows\System\bFNVwnV.exe
  C:\Windows\System\bFNVwnV.exe
  2⤵
  PID:3928
- C:\Windows\System\etMVskH.exe
  C:\Windows\System\etMVskH.exe
  2⤵
  PID:3944
- C:\Windows\System\XpnoVRA.exe
  C:\Windows\System\XpnoVRA.exe
  2⤵
  PID:3960
- C:\Windows\System\YfKPBgW.exe
  C:\Windows\System\YfKPBgW.exe
  2⤵
  PID:3980
- C:\Windows\System\WHiqWCj.exe
  C:\Windows\System\WHiqWCj.exe
  2⤵
  PID:4008
- C:\Windows\System\PljXgXj.exe
  C:\Windows\System\PljXgXj.exe
  2⤵
  PID:4024
- C:\Windows\System\feFFKXq.exe
  C:\Windows\System\feFFKXq.exe
  2⤵
  PID:4048
- C:\Windows\System\bJhjUOu.exe
  C:\Windows\System\bJhjUOu.exe
  2⤵
  PID:4064
- C:\Windows\System\mBFMNKX.exe
  C:\Windows\System\mBFMNKX.exe
  2⤵
  PID:4088
- C:\Windows\System\FggqZGP.exe
  C:\Windows\System\FggqZGP.exe
  2⤵
  PID:1420
- C:\Windows\System\HCzRbhH.exe
  C:\Windows\System\HCzRbhH.exe
  2⤵
  PID:2128
- C:\Windows\System\IgJQyWr.exe
  C:\Windows\System\IgJQyWr.exe
  2⤵
  PID:2948
- C:\Windows\System\xcdRWQw.exe
  C:\Windows\System\xcdRWQw.exe
  2⤵
  PID:2456
- C:\Windows\System\BnWLXol.exe
  C:\Windows\System\BnWLXol.exe
  2⤵
  PID:1468
- C:\Windows\System\sfYlgMy.exe
  C:\Windows\System\sfYlgMy.exe
  2⤵
  PID:1852
- C:\Windows\System\SNqtDdq.exe
  C:\Windows\System\SNqtDdq.exe
  2⤵
  PID:700
- C:\Windows\System\wAGXhwc.exe
  C:\Windows\System\wAGXhwc.exe
  2⤵
  PID:2184
- C:\Windows\System\FfEQTpl.exe
  C:\Windows\System\FfEQTpl.exe
  2⤵
  PID:2828
- C:\Windows\System\QoPJVOO.exe
  C:\Windows\System\QoPJVOO.exe
  2⤵
  PID:3024
- C:\Windows\System\RbiTYjt.exe
  C:\Windows\System\RbiTYjt.exe
  2⤵
  PID:1896
- C:\Windows\System\HEQzHHV.exe
  C:\Windows\System\HEQzHHV.exe
  2⤵
  PID:2284
- C:\Windows\System\reYxnUG.exe
  C:\Windows\System\reYxnUG.exe
  2⤵
  PID:1848
- C:\Windows\System\hfBjfRa.exe
  C:\Windows\System\hfBjfRa.exe
  2⤵
  PID:3184
- C:\Windows\System\WufInLM.exe
  C:\Windows\System\WufInLM.exe
  2⤵
  PID:3228
- C:\Windows\System\eEWgTzM.exe
  C:\Windows\System\eEWgTzM.exe
  2⤵
  PID:2308
- C:\Windows\System\iRiKkua.exe
  C:\Windows\System\iRiKkua.exe
  2⤵
  PID:3164
- C:\Windows\System\YAsDSEU.exe
  C:\Windows\System\YAsDSEU.exe
  2⤵
  PID:3300
- C:\Windows\System\BRYiCwr.exe
  C:\Windows\System\BRYiCwr.exe
  2⤵
  PID:3376
- C:\Windows\System\uvEgcHO.exe
  C:\Windows\System\uvEgcHO.exe
  2⤵
  PID:3484
- C:\Windows\System\YPqjkCu.exe
  C:\Windows\System\YPqjkCu.exe
  2⤵
  PID:3324
- C:\Windows\System\VSjmtVA.exe
  C:\Windows\System\VSjmtVA.exe
  2⤵
  PID:3456
- C:\Windows\System\EmYfXbM.exe
  C:\Windows\System\EmYfXbM.exe
  2⤵
  PID:3284
- C:\Windows\System\QgkKXsv.exe
  C:\Windows\System\QgkKXsv.exe
  2⤵
  PID:3320
- C:\Windows\System\DMTZDvi.exe
  C:\Windows\System\DMTZDvi.exe
  2⤵
  PID:3592
- C:\Windows\System\ahYFDVP.exe
  C:\Windows\System\ahYFDVP.exe
  2⤵
  PID:3640
- C:\Windows\System\ReKwCiA.exe
  C:\Windows\System\ReKwCiA.exe
  2⤵
  PID:3528
- C:\Windows\System\SFOknRy.exe
  C:\Windows\System\SFOknRy.exe
  2⤵
  PID:3612
- C:\Windows\System\RhtwVnO.exe
  C:\Windows\System\RhtwVnO.exe
  2⤵
  PID:3680
- C:\Windows\System\hqZwbph.exe
  C:\Windows\System\hqZwbph.exe
  2⤵
  PID:3748
- C:\Windows\System\EpnBBNX.exe
  C:\Windows\System\EpnBBNX.exe
  2⤵
  PID:3820
- C:\Windows\System\TjEWmCb.exe
  C:\Windows\System\TjEWmCb.exe
  2⤵
  PID:3656
- C:\Windows\System\erundhP.exe
  C:\Windows\System\erundhP.exe
  2⤵
  PID:3764
- C:\Windows\System\bpElKCK.exe
  C:\Windows\System\bpElKCK.exe
  2⤵
  PID:3692
- C:\Windows\System\hOCtIZx.exe
  C:\Windows\System\hOCtIZx.exe
  2⤵
  PID:3852
- C:\Windows\System\jpdIyuA.exe
  C:\Windows\System\jpdIyuA.exe
  2⤵
  PID:3880
- C:\Windows\System\PEMZPEM.exe
  C:\Windows\System\PEMZPEM.exe
  2⤵
  PID:3956
- C:\Windows\System\ArKehIV.exe
  C:\Windows\System\ArKehIV.exe
  2⤵
  PID:3988
- C:\Windows\System\yVXemfa.exe
  C:\Windows\System\yVXemfa.exe
  2⤵
  PID:4032
- C:\Windows\System\OADTgbM.exe
  C:\Windows\System\OADTgbM.exe
  2⤵
  PID:4072
- C:\Windows\System\nFOpiov.exe
  C:\Windows\System\nFOpiov.exe
  2⤵
  PID:3044
- C:\Windows\System\cRguKbN.exe
  C:\Windows\System\cRguKbN.exe
  2⤵
  PID:4020
- C:\Windows\System\MKQRZmG.exe
  C:\Windows\System\MKQRZmG.exe
  2⤵
  PID:1700
- C:\Windows\System\bOyqJoE.exe
  C:\Windows\System\bOyqJoE.exe
  2⤵
  PID:2976
- C:\Windows\System\ekuRELO.exe
  C:\Windows\System\ekuRELO.exe
  2⤵
  PID:1136
- C:\Windows\System\KPmlWSy.exe
  C:\Windows\System\KPmlWSy.exe
  2⤵
  PID:2980
- C:\Windows\System\mIPkBAU.exe
  C:\Windows\System\mIPkBAU.exe
  2⤵
  PID:1732
- C:\Windows\System\iwBlqup.exe
  C:\Windows\System\iwBlqup.exe
  2⤵
  PID:2700
- C:\Windows\System\RrdExhL.exe
  C:\Windows\System\RrdExhL.exe
  2⤵
  PID:3104
- C:\Windows\System\USCElSx.exe
  C:\Windows\System\USCElSx.exe
  2⤵
  PID:3176
- C:\Windows\System\gtxCRhk.exe
  C:\Windows\System\gtxCRhk.exe
  2⤵
  PID:3084
- C:\Windows\System\gguaPZE.exe
  C:\Windows\System\gguaPZE.exe
  2⤵
  PID:3160
- C:\Windows\System\TMPJMvZ.exe
  C:\Windows\System\TMPJMvZ.exe
  2⤵
  PID:3344
- C:\Windows\System\ZhpsTBL.exe
  C:\Windows\System\ZhpsTBL.exe
  2⤵
  PID:3444
- C:\Windows\System\hINvywt.exe
  C:\Windows\System\hINvywt.exe
  2⤵
  PID:3288
- C:\Windows\System\PmHOjOS.exe
  C:\Windows\System\PmHOjOS.exe
  2⤵
  PID:3424
- C:\Windows\System\BwySxVt.exe
  C:\Windows\System\BwySxVt.exe
  2⤵
  PID:3516
- C:\Windows\System\mdoRzHh.exe
  C:\Windows\System\mdoRzHh.exe
  2⤵
  PID:3392
- C:\Windows\System\mwLMsfZ.exe
  C:\Windows\System\mwLMsfZ.exe
  2⤵
  PID:3780
- C:\Windows\System\IgjlwgN.exe
  C:\Windows\System\IgjlwgN.exe
  2⤵
  PID:3760
- C:\Windows\System\BUbSuxq.exe
  C:\Windows\System\BUbSuxq.exe
  2⤵
  PID:3952
- C:\Windows\System\lnhoPoQ.exe
  C:\Windows\System\lnhoPoQ.exe
  2⤵
  PID:3924
- C:\Windows\System\YqmYfbu.exe
  C:\Windows\System\YqmYfbu.exe
  2⤵
  PID:4004
- C:\Windows\System\DxMQYdR.exe
  C:\Windows\System\DxMQYdR.exe
  2⤵
  PID:3860
- C:\Windows\System\vOYuDoH.exe
  C:\Windows\System\vOYuDoH.exe
  2⤵
  PID:3900
- C:\Windows\System\lCfcyoI.exe
  C:\Windows\System\lCfcyoI.exe
  2⤵
  PID:2196
- C:\Windows\System\YymWJqe.exe
  C:\Windows\System\YymWJqe.exe
  2⤵
  PID:1536
- C:\Windows\System\KGLHpRe.exe
  C:\Windows\System\KGLHpRe.exe
  2⤵
  PID:1924
- C:\Windows\System\KHsORaa.exe
  C:\Windows\System\KHsORaa.exe
  2⤵
  PID:3224
- C:\Windows\System\eQbkvvT.exe
  C:\Windows\System\eQbkvvT.exe
  2⤵
  PID:4116
- C:\Windows\System\KfWeeRJ.exe
  C:\Windows\System\KfWeeRJ.exe
  2⤵
  PID:4136
- C:\Windows\System\cBKMNxz.exe
  C:\Windows\System\cBKMNxz.exe
  2⤵
  PID:4152
- C:\Windows\System\duptpNK.exe
  C:\Windows\System\duptpNK.exe
  2⤵
  PID:4168
- C:\Windows\System\cfqMEUS.exe
  C:\Windows\System\cfqMEUS.exe
  2⤵
  PID:4188
- C:\Windows\System\sqiRNdr.exe
  C:\Windows\System\sqiRNdr.exe
  2⤵
  PID:4208
- C:\Windows\System\fMgtSbv.exe
  C:\Windows\System\fMgtSbv.exe
  2⤵
  PID:4228
- C:\Windows\System\LADjHEw.exe
  C:\Windows\System\LADjHEw.exe
  2⤵
  PID:4244
- C:\Windows\System\wYQHedr.exe
  C:\Windows\System\wYQHedr.exe
  2⤵
  PID:4264
- C:\Windows\System\chJbuwf.exe
  C:\Windows\System\chJbuwf.exe
  2⤵
  PID:4296
- C:\Windows\System\QBvUMVh.exe
  C:\Windows\System\QBvUMVh.exe
  2⤵
  PID:4316
- C:\Windows\System\ULMhbqI.exe
  C:\Windows\System\ULMhbqI.exe
  2⤵
  PID:4340
- C:\Windows\System\OZpclCa.exe
  C:\Windows\System\OZpclCa.exe
  2⤵
  PID:4356
- C:\Windows\System\mwBVjPm.exe
  C:\Windows\System\mwBVjPm.exe
  2⤵
  PID:4376
- C:\Windows\System\eBZCnXM.exe
  C:\Windows\System\eBZCnXM.exe
  2⤵
  PID:4396
- C:\Windows\System\BCpkjwO.exe
  C:\Windows\System\BCpkjwO.exe
  2⤵
  PID:4416
- C:\Windows\System\oCTdwLe.exe
  C:\Windows\System\oCTdwLe.exe
  2⤵
  PID:4436
- C:\Windows\System\pHivQEi.exe
  C:\Windows\System\pHivQEi.exe
  2⤵
  PID:4452
- C:\Windows\System\ZfPNeVu.exe
  C:\Windows\System\ZfPNeVu.exe
  2⤵
  PID:4476
- C:\Windows\System\yWthigB.exe
  C:\Windows\System\yWthigB.exe
  2⤵
  PID:4500
- C:\Windows\System\ZAWBdmf.exe
  C:\Windows\System\ZAWBdmf.exe
  2⤵
  PID:4516
- C:\Windows\System\EvSQPZL.exe
  C:\Windows\System\EvSQPZL.exe
  2⤵
  PID:4540
- C:\Windows\System\yunzHIt.exe
  C:\Windows\System\yunzHIt.exe
  2⤵
  PID:4560
- C:\Windows\System\szkoBeW.exe
  C:\Windows\System\szkoBeW.exe
  2⤵
  PID:4576
- C:\Windows\System\slUOBjH.exe
  C:\Windows\System\slUOBjH.exe
  2⤵
  PID:4600
- C:\Windows\System\kISgwxK.exe
  C:\Windows\System\kISgwxK.exe
  2⤵
  PID:4620
- C:\Windows\System\kCKxvVR.exe
  C:\Windows\System\kCKxvVR.exe
  2⤵
  PID:4640
- C:\Windows\System\qKnhLZi.exe
  C:\Windows\System\qKnhLZi.exe
  2⤵
  PID:4660
- C:\Windows\System\PtUJsSY.exe
  C:\Windows\System\PtUJsSY.exe
  2⤵
  PID:4680
- C:\Windows\System\rRsbTKa.exe
  C:\Windows\System\rRsbTKa.exe
  2⤵
  PID:4700
- C:\Windows\System\rSAxeqJ.exe
  C:\Windows\System\rSAxeqJ.exe
  2⤵
  PID:4716
- C:\Windows\System\KqgSJdQ.exe
  C:\Windows\System\KqgSJdQ.exe
  2⤵
  PID:4736
- C:\Windows\System\RpinjdX.exe
  C:\Windows\System\RpinjdX.exe
  2⤵
  PID:4756
- C:\Windows\System\GDvgHcS.exe
  C:\Windows\System\GDvgHcS.exe
  2⤵
  PID:4772
- C:\Windows\System\kqXdHWJ.exe
  C:\Windows\System\kqXdHWJ.exe
  2⤵
  PID:4792
- C:\Windows\System\gHZRCso.exe
  C:\Windows\System\gHZRCso.exe
  2⤵
  PID:4808
- C:\Windows\System\EhRsaRc.exe
  C:\Windows\System\EhRsaRc.exe
  2⤵
  PID:4828
- C:\Windows\System\nTPDDUM.exe
  C:\Windows\System\nTPDDUM.exe
  2⤵
  PID:4852
- C:\Windows\System\MWekTRm.exe
  C:\Windows\System\MWekTRm.exe
  2⤵
  PID:4876
- C:\Windows\System\jJMHDBQ.exe
  C:\Windows\System\jJMHDBQ.exe
  2⤵
  PID:4896
- C:\Windows\System\mPjhWfG.exe
  C:\Windows\System\mPjhWfG.exe
  2⤵
  PID:4912
- C:\Windows\System\vlzSVlF.exe
  C:\Windows\System\vlzSVlF.exe
  2⤵
  PID:4928
- C:\Windows\System\FzpRsMe.exe
  C:\Windows\System\FzpRsMe.exe
  2⤵
  PID:4952
- C:\Windows\System\CJPGsbT.exe
  C:\Windows\System\CJPGsbT.exe
  2⤵
  PID:4968
- C:\Windows\System\TsTpjFw.exe
  C:\Windows\System\TsTpjFw.exe
  2⤵
  PID:4984
- C:\Windows\System\IiOiVHl.exe
  C:\Windows\System\IiOiVHl.exe
  2⤵
  PID:5008
- C:\Windows\System\UcSvuwK.exe
  C:\Windows\System\UcSvuwK.exe
  2⤵
  PID:5032
- C:\Windows\System\HUFwHcc.exe
  C:\Windows\System\HUFwHcc.exe
  2⤵
  PID:5052
- C:\Windows\System\OWOVZVn.exe
  C:\Windows\System\OWOVZVn.exe
  2⤵
  PID:5080
- C:\Windows\System\PaPYyLI.exe
  C:\Windows\System\PaPYyLI.exe
  2⤵
  PID:5104
- C:\Windows\System\PdjaEhD.exe
  C:\Windows\System\PdjaEhD.exe
  2⤵
  PID:3268
- C:\Windows\System\VlPxxHg.exe
  C:\Windows\System\VlPxxHg.exe
  2⤵
  PID:3464
- C:\Windows\System\tNkcOuQ.exe
  C:\Windows\System\tNkcOuQ.exe
  2⤵
  PID:4016
- C:\Windows\System\RgKgmpv.exe
  C:\Windows\System\RgKgmpv.exe
  2⤵
  PID:3512
- C:\Windows\System\puBUWNU.exe
  C:\Windows\System\puBUWNU.exe
  2⤵
  PID:2708
- C:\Windows\System\aONOQKS.exe
  C:\Windows\System\aONOQKS.exe
  2⤵
  PID:3180
- C:\Windows\System\wpvGCly.exe
  C:\Windows\System\wpvGCly.exe
  2⤵
  PID:3920
- C:\Windows\System\IuTyeec.exe
  C:\Windows\System\IuTyeec.exe
  2⤵
  PID:3996
- C:\Windows\System\JrwymrL.exe
  C:\Windows\System\JrwymrL.exe
  2⤵
  PID:3968
- C:\Windows\System\eaRlUGn.exe
  C:\Windows\System\eaRlUGn.exe
  2⤵
  PID:3360
- C:\Windows\System\OLaNqVy.exe
  C:\Windows\System\OLaNqVy.exe
  2⤵
  PID:3896
- C:\Windows\System\Udtqemh.exe
  C:\Windows\System\Udtqemh.exe
  2⤵
  PID:3744
- C:\Windows\System\OxMOFUq.exe
  C:\Windows\System\OxMOFUq.exe
  2⤵
  PID:1212
- C:\Windows\System\wgiCshV.exe
  C:\Windows\System\wgiCshV.exe
  2⤵
  PID:4040
- C:\Windows\System\lrfbROP.exe
  C:\Windows\System\lrfbROP.exe
  2⤵
  PID:4164
- C:\Windows\System\ANdxlfO.exe
  C:\Windows\System\ANdxlfO.exe
  2⤵
  PID:4236
- C:\Windows\System\UwTbHuu.exe
  C:\Windows\System\UwTbHuu.exe
  2⤵
  PID:4112
- C:\Windows\System\GcPeTNI.exe
  C:\Windows\System\GcPeTNI.exe
  2⤵
  PID:4252
- C:\Windows\System\LhYFAgf.exe
  C:\Windows\System\LhYFAgf.exe
  2⤵
  PID:4216
- C:\Windows\System\QWTCMGR.exe
  C:\Windows\System\QWTCMGR.exe
  2⤵
  PID:4276
- C:\Windows\System\dxMErBW.exe
  C:\Windows\System\dxMErBW.exe
  2⤵
  PID:4292
- C:\Windows\System\pdgyzun.exe
  C:\Windows\System\pdgyzun.exe
  2⤵
  PID:4328
- C:\Windows\System\wbceXCD.exe
  C:\Windows\System\wbceXCD.exe
  2⤵
  PID:4364
- C:\Windows\System\ILUQHfb.exe
  C:\Windows\System\ILUQHfb.exe
  2⤵
  PID:4404
- C:\Windows\System\fnSsPyG.exe
  C:\Windows\System\fnSsPyG.exe
  2⤵
  PID:4448
- C:\Windows\System\LDntkme.exe
  C:\Windows\System\LDntkme.exe
  2⤵
  PID:4496
- C:\Windows\System\rvRmgDO.exe
  C:\Windows\System\rvRmgDO.exe
  2⤵
  PID:4460
- C:\Windows\System\FWPvPnl.exe
  C:\Windows\System\FWPvPnl.exe
  2⤵
  PID:4524
- C:\Windows\System\hsHROAJ.exe
  C:\Windows\System\hsHROAJ.exe
  2⤵
  PID:4572
- C:\Windows\System\coJurcX.exe
  C:\Windows\System\coJurcX.exe
  2⤵
  PID:4556
- C:\Windows\System\vFhwyMk.exe
  C:\Windows\System\vFhwyMk.exe
  2⤵
  PID:4628
- C:\Windows\System\wsERyMf.exe
  C:\Windows\System\wsERyMf.exe
  2⤵
  PID:4724
- C:\Windows\System\AfwOHql.exe
  C:\Windows\System\AfwOHql.exe
  2⤵
  PID:4804
- C:\Windows\System\HFIsvtH.exe
  C:\Windows\System\HFIsvtH.exe
  2⤵
  PID:4676
- C:\Windows\System\rqJGwYJ.exe
  C:\Windows\System\rqJGwYJ.exe
  2⤵
  PID:4748
- C:\Windows\System\LdAEKQW.exe
  C:\Windows\System\LdAEKQW.exe
  2⤵
  PID:4920
- C:\Windows\System\oXMEXaB.exe
  C:\Windows\System\oXMEXaB.exe
  2⤵
  PID:5000
- C:\Windows\System\iKDIWMW.exe
  C:\Windows\System\iKDIWMW.exe
  2⤵
  PID:4816
- C:\Windows\System\vHNMKcA.exe
  C:\Windows\System\vHNMKcA.exe
  2⤵
  PID:4864
- C:\Windows\System\kSopMvz.exe
  C:\Windows\System\kSopMvz.exe
  2⤵
  PID:4908
- C:\Windows\System\PTZHqcD.exe
  C:\Windows\System\PTZHqcD.exe
  2⤵
  PID:5020
- C:\Windows\System\DveOXFk.exe
  C:\Windows\System\DveOXFk.exe
  2⤵
  PID:5100
- C:\Windows\System\ZCzThIz.exe
  C:\Windows\System\ZCzThIz.exe
  2⤵
  PID:4980
- C:\Windows\System\CiIdnov.exe
  C:\Windows\System\CiIdnov.exe
  2⤵
  PID:3540
- C:\Windows\System\LbfSHko.exe
  C:\Windows\System\LbfSHko.exe
  2⤵
  PID:3696
- C:\Windows\System\gEvlIsO.exe
  C:\Windows\System\gEvlIsO.exe
  2⤵
  PID:3784
- C:\Windows\System\exzrsal.exe
  C:\Windows\System\exzrsal.exe
  2⤵
  PID:5076
- C:\Windows\System\CCyPVbs.exe
  C:\Windows\System\CCyPVbs.exe
  2⤵
  PID:4200
- C:\Windows\System\KilmMEp.exe
  C:\Windows\System\KilmMEp.exe
  2⤵
  PID:896
- C:\Windows\System\lYjNgJN.exe
  C:\Windows\System\lYjNgJN.exe
  2⤵
  PID:3408
- C:\Windows\System\qGZLqkc.exe
  C:\Windows\System\qGZLqkc.exe
  2⤵
  PID:4176
- C:\Windows\System\YnzTgFZ.exe
  C:\Windows\System\YnzTgFZ.exe
  2⤵
  PID:2548
- C:\Windows\System\gnmIuEW.exe
  C:\Windows\System\gnmIuEW.exe
  2⤵
  PID:4352
- C:\Windows\System\zXiDaUd.exe
  C:\Windows\System\zXiDaUd.exe
  2⤵
  PID:3616
- C:\Windows\System\zKaPwHS.exe
  C:\Windows\System\zKaPwHS.exe
  2⤵
  PID:4488
- C:\Windows\System\vhAdSvk.exe
  C:\Windows\System\vhAdSvk.exe
  2⤵
  PID:2476
- C:\Windows\System\QcygRFi.exe
  C:\Windows\System\QcygRFi.exe
  2⤵
  PID:4616
- C:\Windows\System\TKTKcOf.exe
  C:\Windows\System\TKTKcOf.exe
  2⤵
  PID:4548
- C:\Windows\System\pqnEJHs.exe
  C:\Windows\System\pqnEJHs.exe
  2⤵
  PID:4108
- C:\Windows\System\twpStVK.exe
  C:\Windows\System\twpStVK.exe
  2⤵
  PID:4424
- C:\Windows\System\mdhFecl.exe
  C:\Windows\System\mdhFecl.exe
  2⤵
  PID:4508
- C:\Windows\System\xhGdogM.exe
  C:\Windows\System\xhGdogM.exe
  2⤵
  PID:4288
- C:\Windows\System\DGBpbYv.exe
  C:\Windows\System\DGBpbYv.exe
  2⤵
  PID:4696
- C:\Windows\System\ADeuKzx.exe
  C:\Windows\System\ADeuKzx.exe
  2⤵
  PID:2608
- C:\Windows\System\MDJJEAo.exe
  C:\Windows\System\MDJJEAo.exe
  2⤵
  PID:4596
- C:\Windows\System\WEcEzoC.exe
  C:\Windows\System\WEcEzoC.exe
  2⤵
  PID:2656
- C:\Windows\System\SKIDVAF.exe
  C:\Windows\System\SKIDVAF.exe
  2⤵
  PID:4872
- C:\Windows\System\FmDEGUi.exe
  C:\Windows\System\FmDEGUi.exe
  2⤵
  PID:5024
- C:\Windows\System\UnWxRcN.exe
  C:\Windows\System\UnWxRcN.exe
  2⤵
  PID:3364
- C:\Windows\System\dtorXpb.exe
  C:\Windows\System\dtorXpb.exe
  2⤵
  PID:4824
- C:\Windows\System\cOuzQnr.exe
  C:\Windows\System\cOuzQnr.exe
  2⤵
  PID:2984
- C:\Windows\System\nLrCiDP.exe
  C:\Windows\System\nLrCiDP.exe
  2⤵
  PID:4992
- C:\Windows\System\QuWcGqg.exe
  C:\Windows\System\QuWcGqg.exe
  2⤵
  PID:4128
- C:\Windows\System\KVtfYIr.exe
  C:\Windows\System\KVtfYIr.exe
  2⤵
  PID:4652
- C:\Windows\System\xwGPKgG.exe
  C:\Windows\System\xwGPKgG.exe
  2⤵
  PID:5064
- C:\Windows\System\pcNFyGg.exe
  C:\Windows\System\pcNFyGg.exe
  2⤵
  PID:672
- C:\Windows\System\NMRuiaQ.exe
  C:\Windows\System\NMRuiaQ.exe
  2⤵
  PID:3700
- C:\Windows\System\WsvvvHq.exe
  C:\Windows\System\WsvvvHq.exe
  2⤵
  PID:5116
- C:\Windows\System\ksVFRJK.exe
  C:\Windows\System\ksVFRJK.exe
  2⤵
  PID:4100
- C:\Windows\System\UwEANTQ.exe
  C:\Windows\System\UwEANTQ.exe
  2⤵
  PID:4844
- C:\Windows\System\ZlqmMGA.exe
  C:\Windows\System\ZlqmMGA.exe
  2⤵
  PID:4432
- C:\Windows\System\EvoJDqF.exe
  C:\Windows\System\EvoJDqF.exe
  2⤵
  PID:4768
- C:\Windows\System\xwuzgPS.exe
  C:\Windows\System\xwuzgPS.exe
  2⤵
  PID:4904
- C:\Windows\System\RVKmrsa.exe
  C:\Windows\System\RVKmrsa.exe
  2⤵
  PID:3940
- C:\Windows\System\GBUwIGO.exe
  C:\Windows\System\GBUwIGO.exe
  2⤵
  PID:4948
- C:\Windows\System\mrKbJPs.exe
  C:\Windows\System\mrKbJPs.exe
  2⤵
  PID:4848
- C:\Windows\System\JwmQiSj.exe
  C:\Windows\System\JwmQiSj.exe
  2⤵
  PID:4608
- C:\Windows\System\MyiWMhd.exe
  C:\Windows\System\MyiWMhd.exe
  2⤵
  PID:2168
- C:\Windows\System\rrWuhYm.exe
  C:\Windows\System\rrWuhYm.exe
  2⤵
  PID:2460
- C:\Windows\System\KAjzMGI.exe
  C:\Windows\System\KAjzMGI.exe
  2⤵
  PID:4636
- C:\Windows\System\KhBRQtf.exe
  C:\Windows\System\KhBRQtf.exe
  2⤵
  PID:3132
- C:\Windows\System\ItfYivH.exe
  C:\Windows\System\ItfYivH.exe
  2⤵
  PID:5128
- C:\Windows\System\TjoCugD.exe
  C:\Windows\System\TjoCugD.exe
  2⤵
  PID:5148
- C:\Windows\System\uCANQbu.exe
  C:\Windows\System\uCANQbu.exe
  2⤵
  PID:5168
- C:\Windows\System\GeghLFq.exe
  C:\Windows\System\GeghLFq.exe
  2⤵
  PID:5188
- C:\Windows\System\nSacAxs.exe
  C:\Windows\System\nSacAxs.exe
  2⤵
  PID:5208
- C:\Windows\System\DxyfyrD.exe
  C:\Windows\System\DxyfyrD.exe
  2⤵
  PID:5228
- C:\Windows\System\bfheCHp.exe
  C:\Windows\System\bfheCHp.exe
  2⤵
  PID:5248
- C:\Windows\System\zlWoAFQ.exe
  C:\Windows\System\zlWoAFQ.exe
  2⤵
  PID:5268
- C:\Windows\System\rjjbUyw.exe
  C:\Windows\System\rjjbUyw.exe
  2⤵
  PID:5288
- C:\Windows\System\sRBlkKf.exe
  C:\Windows\System\sRBlkKf.exe
  2⤵
  PID:5308
- C:\Windows\System\PQJOMEB.exe
  C:\Windows\System\PQJOMEB.exe
  2⤵
  PID:5328
- C:\Windows\System\TnrotOl.exe
  C:\Windows\System\TnrotOl.exe
  2⤵
  PID:5348
- C:\Windows\System\iRiMMbp.exe
  C:\Windows\System\iRiMMbp.exe
  2⤵
  PID:5368
- C:\Windows\System\RqJZvKI.exe
  C:\Windows\System\RqJZvKI.exe
  2⤵
  PID:5388
- C:\Windows\System\pXKemeF.exe
  C:\Windows\System\pXKemeF.exe
  2⤵
  PID:5408
- C:\Windows\System\ODSdksP.exe
  C:\Windows\System\ODSdksP.exe
  2⤵
  PID:5428
- C:\Windows\System\tttKjmj.exe
  C:\Windows\System\tttKjmj.exe
  2⤵
  PID:5448
- C:\Windows\System\hYqJgtI.exe
  C:\Windows\System\hYqJgtI.exe
  2⤵
  PID:5468
- C:\Windows\System\RrSkQBl.exe
  C:\Windows\System\RrSkQBl.exe
  2⤵
  PID:5488
- C:\Windows\System\rrlrbPH.exe
  C:\Windows\System\rrlrbPH.exe
  2⤵
  PID:5504
- C:\Windows\System\QodzDwb.exe
  C:\Windows\System\QodzDwb.exe
  2⤵
  PID:5528
- C:\Windows\System\toNvYcS.exe
  C:\Windows\System\toNvYcS.exe
  2⤵
  PID:5548
- C:\Windows\System\bSaYyFG.exe
  C:\Windows\System\bSaYyFG.exe
  2⤵
  PID:5568
- C:\Windows\System\jmcvXBS.exe
  C:\Windows\System\jmcvXBS.exe
  2⤵
  PID:5588
- C:\Windows\System\BYEvMvm.exe
  C:\Windows\System\BYEvMvm.exe
  2⤵
  PID:5608
- C:\Windows\System\eTuJlef.exe
  C:\Windows\System\eTuJlef.exe
  2⤵
  PID:5628
- C:\Windows\System\xJrYZmL.exe
  C:\Windows\System\xJrYZmL.exe
  2⤵
  PID:5648
- C:\Windows\System\MOjAtsq.exe
  C:\Windows\System\MOjAtsq.exe
  2⤵
  PID:5668
- C:\Windows\System\WWoyXwV.exe
  C:\Windows\System\WWoyXwV.exe
  2⤵
  PID:5688
- C:\Windows\System\AYFasba.exe
  C:\Windows\System\AYFasba.exe
  2⤵
  PID:5708
- C:\Windows\System\NtYmMkG.exe
  C:\Windows\System\NtYmMkG.exe
  2⤵
  PID:5728
- C:\Windows\System\uczvvbO.exe
  C:\Windows\System\uczvvbO.exe
  2⤵
  PID:5748
- C:\Windows\System\qZFZHre.exe
  C:\Windows\System\qZFZHre.exe
  2⤵
  PID:5768
- C:\Windows\System\nCQMqHK.exe
  C:\Windows\System\nCQMqHK.exe
  2⤵
  PID:5788
- C:\Windows\System\DlfjdtW.exe
  C:\Windows\System\DlfjdtW.exe
  2⤵
  PID:5808
- C:\Windows\System\JgtQfXW.exe
  C:\Windows\System\JgtQfXW.exe
  2⤵
  PID:5828
- C:\Windows\System\kVLRSWE.exe
  C:\Windows\System\kVLRSWE.exe
  2⤵
  PID:5844
- C:\Windows\System\BSocHvI.exe
  C:\Windows\System\BSocHvI.exe
  2⤵
  PID:5868
- C:\Windows\System\TxAicSA.exe
  C:\Windows\System\TxAicSA.exe
  2⤵
  PID:5888
- C:\Windows\System\dqUzFIj.exe
  C:\Windows\System\dqUzFIj.exe
  2⤵
  PID:5904
- C:\Windows\System\tqduyvk.exe
  C:\Windows\System\tqduyvk.exe
  2⤵
  PID:5924
- C:\Windows\System\WNCTVdo.exe
  C:\Windows\System\WNCTVdo.exe
  2⤵
  PID:5944
- C:\Windows\System\vcqRXKT.exe
  C:\Windows\System\vcqRXKT.exe
  2⤵
  PID:5968
- C:\Windows\System\ABrLNwD.exe
  C:\Windows\System\ABrLNwD.exe
  2⤵
  PID:5988
- C:\Windows\System\wsjXqyM.exe
  C:\Windows\System\wsjXqyM.exe
  2⤵
  PID:6012
- C:\Windows\System\jUihZxZ.exe
  C:\Windows\System\jUihZxZ.exe
  2⤵
  PID:6036
- C:\Windows\System\edidCGa.exe
  C:\Windows\System\edidCGa.exe
  2⤵
  PID:6056
- C:\Windows\System\QsMWjxv.exe
  C:\Windows\System\QsMWjxv.exe
  2⤵
  PID:6076
- C:\Windows\System\ucDQtya.exe
  C:\Windows\System\ucDQtya.exe
  2⤵
  PID:6096
- C:\Windows\System\fjmTzxr.exe
  C:\Windows\System\fjmTzxr.exe
  2⤵
  PID:6116
- C:\Windows\System\ilYtXMc.exe
  C:\Windows\System\ilYtXMc.exe
  2⤵
  PID:6136
- C:\Windows\System\oXAuLMy.exe
  C:\Windows\System\oXAuLMy.exe
  2⤵
  PID:4884
- C:\Windows\System\sijhSdI.exe
  C:\Windows\System\sijhSdI.exe
  2⤵
  PID:1608
- C:\Windows\System\fYzwTkO.exe
  C:\Windows\System\fYzwTkO.exe
  2⤵
  PID:4444
- C:\Windows\System\SxegxWB.exe
  C:\Windows\System\SxegxWB.exe
  2⤵
  PID:4528
- C:\Windows\System\lGUBprD.exe
  C:\Windows\System\lGUBprD.exe
  2⤵
  PID:4148
- C:\Windows\System\OBOJMOn.exe
  C:\Windows\System\OBOJMOn.exe
  2⤵
  PID:4368
- C:\Windows\System\ZewFeAo.exe
  C:\Windows\System\ZewFeAo.exe
  2⤵
  PID:2008
- C:\Windows\System\ZRjsTtv.exe
  C:\Windows\System\ZRjsTtv.exe
  2⤵
  PID:4332
- C:\Windows\System\KfFxJvD.exe
  C:\Windows\System\KfFxJvD.exe
  2⤵
  PID:2340
- C:\Windows\System\RRYBZVA.exe
  C:\Windows\System\RRYBZVA.exe
  2⤵
  PID:4860
- C:\Windows\System\XukwOGm.exe
  C:\Windows\System\XukwOGm.exe
  2⤵
  PID:5136
- C:\Windows\System\bwiYXXN.exe
  C:\Windows\System\bwiYXXN.exe
  2⤵
  PID:5140
- C:\Windows\System\gLlpFOK.exe
  C:\Windows\System\gLlpFOK.exe
  2⤵
  PID:5200
- C:\Windows\System\HfwEIox.exe
  C:\Windows\System\HfwEIox.exe
  2⤵
  PID:5224
- C:\Windows\System\zOEseKi.exe
  C:\Windows\System\zOEseKi.exe
  2⤵
  PID:5284
- C:\Windows\System\DBTClfb.exe
  C:\Windows\System\DBTClfb.exe
  2⤵
  PID:5304
- C:\Windows\System\LhlyKCP.exe
  C:\Windows\System\LhlyKCP.exe
  2⤵
  PID:5356
- C:\Windows\System\cwIPfNo.exe
  C:\Windows\System\cwIPfNo.exe
  2⤵
  PID:5396
- C:\Windows\System\iCibkYJ.exe
  C:\Windows\System\iCibkYJ.exe
  2⤵
  PID:5380
- C:\Windows\System\hfLPFFO.exe
  C:\Windows\System\hfLPFFO.exe
  2⤵
  PID:5440
- C:\Windows\System\GrgzIEx.exe
  C:\Windows\System\GrgzIEx.exe
  2⤵
  PID:5516
- C:\Windows\System\rqgFMFe.exe
  C:\Windows\System\rqgFMFe.exe
  2⤵
  PID:5560
- C:\Windows\System\sHZwCcP.exe
  C:\Windows\System\sHZwCcP.exe
  2⤵
  PID:5596
- C:\Windows\System\OfLFaGh.exe
  C:\Windows\System\OfLFaGh.exe
  2⤵
  PID:5536
- C:\Windows\System\wRHgbXF.exe
  C:\Windows\System\wRHgbXF.exe
  2⤵
  PID:5576
- C:\Windows\System\KIUfZBh.exe
  C:\Windows\System\KIUfZBh.exe
  2⤵
  PID:5624
- C:\Windows\System\BLEtXVR.exe
  C:\Windows\System\BLEtXVR.exe
  2⤵
  PID:5680
- C:\Windows\System\LMsNPeC.exe
  C:\Windows\System\LMsNPeC.exe
  2⤵
  PID:5764
- C:\Windows\System\mEVIPrm.exe
  C:\Windows\System\mEVIPrm.exe
  2⤵
  PID:5660
- C:\Windows\System\EDIqdcP.exe
  C:\Windows\System\EDIqdcP.exe
  2⤵
  PID:5836
- C:\Windows\System\adBdBnS.exe
  C:\Windows\System\adBdBnS.exe
  2⤵
  PID:5840
- C:\Windows\System\cOdxNoL.exe
  C:\Windows\System\cOdxNoL.exe
  2⤵
  PID:5880
- C:\Windows\System\KwqpxtQ.exe
  C:\Windows\System\KwqpxtQ.exe
  2⤵
  PID:5860
- C:\Windows\System\wfnImHb.exe
  C:\Windows\System\wfnImHb.exe
  2⤵
  PID:5952
- C:\Windows\System\JcGqHbe.exe
  C:\Windows\System\JcGqHbe.exe
  2⤵
  PID:5960
- C:\Windows\System\WDTLSKi.exe
  C:\Windows\System\WDTLSKi.exe
  2⤵
  PID:5940
- C:\Windows\System\vLIJwkF.exe
  C:\Windows\System\vLIJwkF.exe
  2⤵
  PID:5980
- C:\Windows\System\mgkemtL.exe
  C:\Windows\System\mgkemtL.exe
  2⤵
  PID:6028
- C:\Windows\System\LMtzldS.exe
  C:\Windows\System\LMtzldS.exe
  2⤵
  PID:6068
- C:\Windows\System\eLwmiJe.exe
  C:\Windows\System\eLwmiJe.exe
  2⤵
  PID:6128
- C:\Windows\System\doBNBol.exe
  C:\Windows\System\doBNBol.exe
  2⤵
  PID:4888
- C:\Windows\System\rjLndDX.exe
  C:\Windows\System\rjLndDX.exe
  2⤵
  PID:4944
- C:\Windows\System\FVmjqBi.exe
  C:\Windows\System\FVmjqBi.exe
  2⤵
  PID:4820
- C:\Windows\System\vuINqWR.exe
  C:\Windows\System\vuINqWR.exe
  2⤵
  PID:4588
- C:\Windows\System\xaHUzAu.exe
  C:\Windows\System\xaHUzAu.exe
  2⤵
  PID:4744
- C:\Windows\System\UbgHkdG.exe
  C:\Windows\System\UbgHkdG.exe
  2⤵
  PID:4752
- C:\Windows\System\vPKQvoM.exe
  C:\Windows\System\vPKQvoM.exe
  2⤵
  PID:5164
- C:\Windows\System\DKbOqVd.exe
  C:\Windows\System\DKbOqVd.exe
  2⤵
  PID:5244
- C:\Windows\System\jYmfiLp.exe
  C:\Windows\System\jYmfiLp.exe
  2⤵
  PID:5236
- C:\Windows\System\aWdCwLI.exe
  C:\Windows\System\aWdCwLI.exe
  2⤵
  PID:5256
- C:\Windows\System\LUxFJGg.exe
  C:\Windows\System\LUxFJGg.exe
  2⤵
  PID:5320
- C:\Windows\System\ZYlHIUJ.exe
  C:\Windows\System\ZYlHIUJ.exe
  2⤵
  PID:5384
- C:\Windows\System\IPflxWu.exe
  C:\Windows\System\IPflxWu.exe
  2⤵
  PID:5564
- C:\Windows\System\WxcUXad.exe
  C:\Windows\System\WxcUXad.exe
  2⤵
  PID:5500
- C:\Windows\System\abaqdco.exe
  C:\Windows\System\abaqdco.exe
  2⤵
  PID:5640
- C:\Windows\System\vjgtkZo.exe
  C:\Windows\System\vjgtkZo.exe
  2⤵
  PID:5636
- C:\Windows\System\VWirgmU.exe
  C:\Windows\System\VWirgmU.exe
  2⤵
  PID:5684
- C:\Windows\System\wlGcHgv.exe
  C:\Windows\System\wlGcHgv.exe
  2⤵
  PID:5664
- C:\Windows\System\DgrRewm.exe
  C:\Windows\System\DgrRewm.exe
  2⤵
  PID:5744
- C:\Windows\System\akAhyxJ.exe
  C:\Windows\System\akAhyxJ.exe
  2⤵
  PID:5916
- C:\Windows\System\MNvSQZb.exe
  C:\Windows\System\MNvSQZb.exe
  2⤵
  PID:6004
- C:\Windows\System\YKfmrac.exe
  C:\Windows\System\YKfmrac.exe
  2⤵
  PID:5896
- C:\Windows\System\LOzSxrE.exe
  C:\Windows\System\LOzSxrE.exe
  2⤵
  PID:6020
- C:\Windows\System\QpMwUmk.exe
  C:\Windows\System\QpMwUmk.exe
  2⤵
  PID:6072
- C:\Windows\System\BZJShQp.exe
  C:\Windows\System\BZJShQp.exe
  2⤵
  PID:4220
- C:\Windows\System\ulFukuh.exe
  C:\Windows\System\ulFukuh.exe
  2⤵
  PID:1332
- C:\Windows\System\lplxZVg.exe
  C:\Windows\System\lplxZVg.exe
  2⤵
  PID:1944
- C:\Windows\System\xYNNXnR.exe
  C:\Windows\System\xYNNXnR.exe
  2⤵
  PID:6152
- C:\Windows\System\ExRtvlF.exe
  C:\Windows\System\ExRtvlF.exe
  2⤵
  PID:6172
- C:\Windows\System\UkQIXsH.exe
  C:\Windows\System\UkQIXsH.exe
  2⤵
  PID:6192
- C:\Windows\System\gTDkANo.exe
  C:\Windows\System\gTDkANo.exe
  2⤵
  PID:6212
- C:\Windows\System\fLnvNub.exe
  C:\Windows\System\fLnvNub.exe
  2⤵
  PID:6232
- C:\Windows\System\AVzhKQO.exe
  C:\Windows\System\AVzhKQO.exe
  2⤵
  PID:6252
- C:\Windows\System\SgulXyR.exe
  C:\Windows\System\SgulXyR.exe
  2⤵
  PID:6272
- C:\Windows\System\kKjZVQt.exe
  C:\Windows\System\kKjZVQt.exe
  2⤵
  PID:6292
- C:\Windows\System\vTyEALy.exe
  C:\Windows\System\vTyEALy.exe
  2⤵
  PID:6312
- C:\Windows\System\MtkrrBL.exe
  C:\Windows\System\MtkrrBL.exe
  2⤵
  PID:6332
- C:\Windows\System\oDjMowH.exe
  C:\Windows\System\oDjMowH.exe
  2⤵
  PID:6352
- C:\Windows\System\aldurOI.exe
  C:\Windows\System\aldurOI.exe
  2⤵
  PID:6372
- C:\Windows\System\uQJjDSp.exe
  C:\Windows\System\uQJjDSp.exe
  2⤵
  PID:6392
- C:\Windows\System\vaAWocU.exe
  C:\Windows\System\vaAWocU.exe
  2⤵
  PID:6416
- C:\Windows\System\flVIzrF.exe
  C:\Windows\System\flVIzrF.exe
  2⤵
  PID:6436
- C:\Windows\System\DFvGldX.exe
  C:\Windows\System\DFvGldX.exe
  2⤵
  PID:6456
- C:\Windows\System\XurEFyb.exe
  C:\Windows\System\XurEFyb.exe
  2⤵
  PID:6476
- C:\Windows\System\PSFPllH.exe
  C:\Windows\System\PSFPllH.exe
  2⤵
  PID:6496
- C:\Windows\System\MvmqzUf.exe
  C:\Windows\System\MvmqzUf.exe
  2⤵
  PID:6516
- C:\Windows\System\uJpvBAM.exe
  C:\Windows\System\uJpvBAM.exe
  2⤵
  PID:6536
- C:\Windows\System\QmoddTb.exe
  C:\Windows\System\QmoddTb.exe
  2⤵
  PID:6556
- C:\Windows\System\lVkfEhm.exe
  C:\Windows\System\lVkfEhm.exe
  2⤵
  PID:6576
- C:\Windows\System\BXiPCiO.exe
  C:\Windows\System\BXiPCiO.exe
  2⤵
  PID:6596
- C:\Windows\System\NaUdekd.exe
  C:\Windows\System\NaUdekd.exe
  2⤵
  PID:6616
- C:\Windows\System\isLPXzn.exe
  C:\Windows\System\isLPXzn.exe
  2⤵
  PID:6636
- C:\Windows\System\QVbRiHu.exe
  C:\Windows\System\QVbRiHu.exe
  2⤵
  PID:6656
- C:\Windows\System\FSsKSnn.exe
  C:\Windows\System\FSsKSnn.exe
  2⤵
  PID:6676
- C:\Windows\System\qeLuogm.exe
  C:\Windows\System\qeLuogm.exe
  2⤵
  PID:6696
- C:\Windows\System\uEXLupB.exe
  C:\Windows\System\uEXLupB.exe
  2⤵
  PID:6716
- C:\Windows\System\JWMPWaN.exe
  C:\Windows\System\JWMPWaN.exe
  2⤵
  PID:6736
- C:\Windows\System\QaNDCVK.exe
  C:\Windows\System\QaNDCVK.exe
  2⤵
  PID:6756
- C:\Windows\System\SydVRiF.exe
  C:\Windows\System\SydVRiF.exe
  2⤵
  PID:6776
- C:\Windows\System\JhFIAnq.exe
  C:\Windows\System\JhFIAnq.exe
  2⤵
  PID:6796
- C:\Windows\System\ZErXuyG.exe
  C:\Windows\System\ZErXuyG.exe
  2⤵
  PID:6816
- C:\Windows\System\cuUzzjT.exe
  C:\Windows\System\cuUzzjT.exe
  2⤵
  PID:6836
- C:\Windows\System\nVsimLb.exe
  C:\Windows\System\nVsimLb.exe
  2⤵
  PID:6856
- C:\Windows\System\etASWvX.exe
  C:\Windows\System\etASWvX.exe
  2⤵
  PID:6876
- C:\Windows\System\MRpJDZk.exe
  C:\Windows\System\MRpJDZk.exe
  2⤵
  PID:6896
- C:\Windows\System\fUXGEIj.exe
  C:\Windows\System\fUXGEIj.exe
  2⤵
  PID:6916
- C:\Windows\System\ORMAjLN.exe
  C:\Windows\System\ORMAjLN.exe
  2⤵
  PID:6936
- C:\Windows\System\ytZfGFI.exe
  C:\Windows\System\ytZfGFI.exe
  2⤵
  PID:6956
- C:\Windows\System\HsOKqwA.exe
  C:\Windows\System\HsOKqwA.exe
  2⤵
  PID:6976
- C:\Windows\System\mkbMfcl.exe
  C:\Windows\System\mkbMfcl.exe
  2⤵
  PID:6996
- C:\Windows\System\pQMmsPE.exe
  C:\Windows\System\pQMmsPE.exe
  2⤵
  PID:7016
- C:\Windows\System\tPjmlnS.exe
  C:\Windows\System\tPjmlnS.exe
  2⤵
  PID:7036
- C:\Windows\System\TGeofas.exe
  C:\Windows\System\TGeofas.exe
  2⤵
  PID:7056
- C:\Windows\System\PkCrJKO.exe
  C:\Windows\System\PkCrJKO.exe
  2⤵
  PID:7076
- C:\Windows\System\GMTJByL.exe
  C:\Windows\System\GMTJByL.exe
  2⤵
  PID:7096
- C:\Windows\System\vZYvGhq.exe
  C:\Windows\System\vZYvGhq.exe
  2⤵
  PID:7116
- C:\Windows\System\xgiIWKM.exe
  C:\Windows\System\xgiIWKM.exe
  2⤵
  PID:7136
- C:\Windows\System\TJOkIxK.exe
  C:\Windows\System\TJOkIxK.exe
  2⤵
  PID:7156
- C:\Windows\System\ypiveZK.exe
  C:\Windows\System\ypiveZK.exe
  2⤵
  PID:5216
- C:\Windows\System\zGxhtDe.exe
  C:\Windows\System\zGxhtDe.exe
  2⤵
  PID:5264
- C:\Windows\System\zZKRSwj.exe
  C:\Windows\System\zZKRSwj.exe
  2⤵
  PID:5184
- C:\Windows\System\COuzdHz.exe
  C:\Windows\System\COuzdHz.exe
  2⤵
  PID:5336
- C:\Windows\System\rPeIzrO.exe
  C:\Windows\System\rPeIzrO.exe
  2⤵
  PID:5424
- C:\Windows\System\TJNxuok.exe
  C:\Windows\System\TJNxuok.exe
  2⤵
  PID:5460
- C:\Windows\System\wTdjOej.exe
  C:\Windows\System\wTdjOej.exe
  2⤵
  PID:5704
- C:\Windows\System\DCECrHR.exe
  C:\Windows\System\DCECrHR.exe
  2⤵
  PID:5800
- C:\Windows\System\eZqyMKL.exe
  C:\Windows\System\eZqyMKL.exe
  2⤵
  PID:5780
- C:\Windows\System\NugABiq.exe
  C:\Windows\System\NugABiq.exe
  2⤵
  PID:5912
- C:\Windows\System\WkgZxcP.exe
  C:\Windows\System\WkgZxcP.exe
  2⤵
  PID:6048
- C:\Windows\System\WQzJCMd.exe
  C:\Windows\System\WQzJCMd.exe
  2⤵
  PID:2132
- C:\Windows\System\XAIGyap.exe
  C:\Windows\System\XAIGyap.exe
  2⤵
  PID:2664
- C:\Windows\System\pKTGOEd.exe
  C:\Windows\System\pKTGOEd.exe
  2⤵
  PID:6180
- C:\Windows\System\qwqiVys.exe
  C:\Windows\System\qwqiVys.exe
  2⤵
  PID:6200
- C:\Windows\System\ztcxpqr.exe
  C:\Windows\System\ztcxpqr.exe
  2⤵
  PID:6204
- C:\Windows\System\Vohzvbe.exe
  C:\Windows\System\Vohzvbe.exe
  2⤵
  PID:6244
- C:\Windows\System\MxLrVtF.exe
  C:\Windows\System\MxLrVtF.exe
  2⤵
  PID:6288
- C:\Windows\System\DwhUNZp.exe
  C:\Windows\System\DwhUNZp.exe
  2⤵
  PID:6328
- C:\Windows\System\hHfSSeY.exe
  C:\Windows\System\hHfSSeY.exe
  2⤵
  PID:6388
- C:\Windows\System\mRhknKF.exe
  C:\Windows\System\mRhknKF.exe
  2⤵
  PID:6400
- C:\Windows\System\dXwMMUT.exe
  C:\Windows\System\dXwMMUT.exe
  2⤵
  PID:6428
- C:\Windows\System\fjXddeh.exe
  C:\Windows\System\fjXddeh.exe
  2⤵
  PID:6448
- C:\Windows\System\INYWigU.exe
  C:\Windows\System\INYWigU.exe
  2⤵
  PID:6492
- C:\Windows\System\PsVaZUz.exe
  C:\Windows\System\PsVaZUz.exe
  2⤵
  PID:6532
- C:\Windows\System\ErjKqHZ.exe
  C:\Windows\System\ErjKqHZ.exe
  2⤵
  PID:6572
- C:\Windows\System\pBgNNiV.exe
  C:\Windows\System\pBgNNiV.exe
  2⤵
  PID:6588
- C:\Windows\System\CnOWLLD.exe
  C:\Windows\System\CnOWLLD.exe
  2⤵
  PID:6632
- C:\Windows\System\EVjQYvw.exe
  C:\Windows\System\EVjQYvw.exe
  2⤵
  PID:6664
- C:\Windows\System\OCkYpUs.exe
  C:\Windows\System\OCkYpUs.exe
  2⤵
  PID:1616
- C:\Windows\System\YNCcqIY.exe
  C:\Windows\System\YNCcqIY.exe
  2⤵
  PID:6708
- C:\Windows\System\uzeyhXo.exe
  C:\Windows\System\uzeyhXo.exe
  2⤵
  PID:6744
- C:\Windows\System\mbBggaj.exe
  C:\Windows\System\mbBggaj.exe
  2⤵
  PID:2312
- C:\Windows\System\YtJOsVG.exe
  C:\Windows\System\YtJOsVG.exe
  2⤵
  PID:1444
- C:\Windows\System\LHINfXJ.exe
  C:\Windows\System\LHINfXJ.exe
  2⤵
  PID:6812
- C:\Windows\System\LqXBEQp.exe
  C:\Windows\System\LqXBEQp.exe
  2⤵
  PID:6864
- C:\Windows\System\uHdDkcl.exe
  C:\Windows\System\uHdDkcl.exe
  2⤵
  PID:6884
- C:\Windows\System\uCMsOTE.exe
  C:\Windows\System\uCMsOTE.exe
  2⤵
  PID:6908
- C:\Windows\System\RCNzLmj.exe
  C:\Windows\System\RCNzLmj.exe
  2⤵
  PID:6952
- C:\Windows\System\ejCMNRO.exe
  C:\Windows\System\ejCMNRO.exe
  2⤵
  PID:6968
- C:\Windows\System\gbhwaar.exe
  C:\Windows\System\gbhwaar.exe
  2⤵
  PID:7024
- C:\Windows\System\HzJCjde.exe
  C:\Windows\System\HzJCjde.exe
  2⤵
  PID:7044
- C:\Windows\System\objcNIt.exe
  C:\Windows\System\objcNIt.exe
  2⤵
  PID:7068
- C:\Windows\System\uoviSwy.exe
  C:\Windows\System\uoviSwy.exe
  2⤵
  PID:7104
- C:\Windows\System\juKnJZl.exe
  C:\Windows\System\juKnJZl.exe
  2⤵
  PID:7128
- C:\Windows\System\lGhIpgm.exe
  C:\Windows\System\lGhIpgm.exe
  2⤵
  PID:3520
- C:\Windows\System\ilpzFBk.exe
  C:\Windows\System\ilpzFBk.exe
  2⤵
  PID:5400
- C:\Windows\System\bCnomxD.exe
  C:\Windows\System\bCnomxD.exe
  2⤵
  PID:5484
- C:\Windows\System\peTuXuB.exe
  C:\Windows\System\peTuXuB.exe
  2⤵
  PID:5512
- C:\Windows\System\wnMGYjG.exe
  C:\Windows\System\wnMGYjG.exe
  2⤵
  PID:5796
- C:\Windows\System\vjnoUuv.exe
  C:\Windows\System\vjnoUuv.exe
  2⤵
  PID:5856
- C:\Windows\System\ttGOfbw.exe
  C:\Windows\System\ttGOfbw.exe
  2⤵
  PID:6104
- C:\Windows\System\ILkXqFs.exe
  C:\Windows\System\ILkXqFs.exe
  2⤵
  PID:4592
- C:\Windows\System\aXrcGMi.exe
  C:\Windows\System\aXrcGMi.exe
  2⤵
  PID:2660
- C:\Windows\System\jmdFPDv.exe
  C:\Windows\System\jmdFPDv.exe
  2⤵
  PID:6164
- C:\Windows\System\CDBsNuc.exe
  C:\Windows\System\CDBsNuc.exe
  2⤵
  PID:6280
- C:\Windows\System\BJOEyde.exe
  C:\Windows\System\BJOEyde.exe
  2⤵
  PID:6340
- C:\Windows\System\OgDTTnF.exe
  C:\Windows\System\OgDTTnF.exe
  2⤵
  PID:6364
- C:\Windows\System\CyLQrua.exe
  C:\Windows\System\CyLQrua.exe
  2⤵
  PID:6452
- C:\Windows\System\rquiUnZ.exe
  C:\Windows\System\rquiUnZ.exe
  2⤵
  PID:6508
- C:\Windows\System\FlvpfFC.exe
  C:\Windows\System\FlvpfFC.exe
  2⤵
  PID:6524
- C:\Windows\System\WwIazPW.exe
  C:\Windows\System\WwIazPW.exe
  2⤵
  PID:2916
- C:\Windows\System\YpskMUP.exe
  C:\Windows\System\YpskMUP.exe
  2⤵
  PID:6648
- C:\Windows\System\xYYkTUv.exe
  C:\Windows\System\xYYkTUv.exe
  2⤵
  PID:6712
- C:\Windows\System\LrpcLMW.exe
  C:\Windows\System\LrpcLMW.exe
  2⤵
  PID:6784
- C:\Windows\System\QJmbSmO.exe
  C:\Windows\System\QJmbSmO.exe
  2⤵
  PID:6832
- C:\Windows\System\diQPqSX.exe
  C:\Windows\System\diQPqSX.exe
  2⤵
  PID:6804
- C:\Windows\System\HXczvVx.exe
  C:\Windows\System\HXczvVx.exe
  2⤵
  PID:6868
- C:\Windows\System\YXqqVym.exe
  C:\Windows\System\YXqqVym.exe
  2⤵
  PID:6972
- C:\Windows\System\pXjsHGO.exe
  C:\Windows\System\pXjsHGO.exe
  2⤵
  PID:7008
- C:\Windows\System\CwHpNui.exe
  C:\Windows\System\CwHpNui.exe
  2⤵
  PID:7092
- C:\Windows\System\ilHOhnK.exe
  C:\Windows\System\ilHOhnK.exe
  2⤵
  PID:7148
- C:\Windows\System\zUamLYv.exe
  C:\Windows\System\zUamLYv.exe
  2⤵
  PID:7132
- C:\Windows\System\BDMmPhp.exe
  C:\Windows\System\BDMmPhp.exe
  2⤵
  PID:4388
- C:\Windows\System\IilnjfK.exe
  C:\Windows\System\IilnjfK.exe
  2⤵
  PID:5496
- C:\Windows\System\pTVNsth.exe
  C:\Windows\System\pTVNsth.exe
  2⤵
  PID:5884
- C:\Windows\System\LJCddQH.exe
  C:\Windows\System\LJCddQH.exe
  2⤵
  PID:5124
- C:\Windows\System\VKxKBFx.exe
  C:\Windows\System\VKxKBFx.exe
  2⤵
  PID:6224
- C:\Windows\System\CXitIlu.exe
  C:\Windows\System\CXitIlu.exe
  2⤵
  PID:6184
- C:\Windows\System\ugdSuIT.exe
  C:\Windows\System\ugdSuIT.exe
  2⤵
  PID:6304
- C:\Windows\System\YZQACId.exe
  C:\Windows\System\YZQACId.exe
  2⤵
  PID:6504
- C:\Windows\System\wXPrAaN.exe
  C:\Windows\System\wXPrAaN.exe
  2⤵
  PID:6544
- C:\Windows\System\WuKbTeP.exe
  C:\Windows\System\WuKbTeP.exe
  2⤵
  PID:6628
- C:\Windows\System\rmHMSto.exe
  C:\Windows\System\rmHMSto.exe
  2⤵
  PID:6728
- C:\Windows\System\gKnwDhr.exe
  C:\Windows\System\gKnwDhr.exe
  2⤵
  PID:1692
- C:\Windows\System\nZjOLVb.exe
  C:\Windows\System\nZjOLVb.exe
  2⤵
  PID:6904
- C:\Windows\System\pluxodd.exe
  C:\Windows\System\pluxodd.exe
  2⤵
  PID:6964
- C:\Windows\System\ixOkIZZ.exe
  C:\Windows\System\ixOkIZZ.exe
  2⤵
  PID:7176
- C:\Windows\System\ncwnkBj.exe
  C:\Windows\System\ncwnkBj.exe
  2⤵
  PID:7196
- C:\Windows\System\RisqZGe.exe
  C:\Windows\System\RisqZGe.exe
  2⤵
  PID:7216
- C:\Windows\System\byGbEjB.exe
  C:\Windows\System\byGbEjB.exe
  2⤵
  PID:7236
- C:\Windows\System\eBmSIFn.exe
  C:\Windows\System\eBmSIFn.exe
  2⤵
  PID:7256
- C:\Windows\System\RkrxCod.exe
  C:\Windows\System\RkrxCod.exe
  2⤵
  PID:7272
- C:\Windows\System\poQynCM.exe
  C:\Windows\System\poQynCM.exe
  2⤵
  PID:7296
- C:\Windows\System\OUubkVt.exe
  C:\Windows\System\OUubkVt.exe
  2⤵
  PID:7316
- C:\Windows\System\EosOKTh.exe
  C:\Windows\System\EosOKTh.exe
  2⤵
  PID:7336
- C:\Windows\System\NVAKEXf.exe
  C:\Windows\System\NVAKEXf.exe
  2⤵
  PID:7356
- C:\Windows\System\zRmEAaL.exe
  C:\Windows\System\zRmEAaL.exe
  2⤵
  PID:7376
- C:\Windows\System\ZDgHpFZ.exe
  C:\Windows\System\ZDgHpFZ.exe
  2⤵
  PID:7396
- C:\Windows\System\LBLjPxW.exe
  C:\Windows\System\LBLjPxW.exe
  2⤵
  PID:7416
- C:\Windows\System\rrllYLR.exe
  C:\Windows\System\rrllYLR.exe
  2⤵
  PID:7436
- C:\Windows\System\CGHtXEE.exe
  C:\Windows\System\CGHtXEE.exe
  2⤵
  PID:7460
- C:\Windows\System\kHmyEjb.exe
  C:\Windows\System\kHmyEjb.exe
  2⤵
  PID:7480
- C:\Windows\System\bDutrcp.exe
  C:\Windows\System\bDutrcp.exe
  2⤵
  PID:7504
- C:\Windows\System\YUGAqXm.exe
  C:\Windows\System\YUGAqXm.exe
  2⤵
  PID:7524
- C:\Windows\System\mWiyGak.exe
  C:\Windows\System\mWiyGak.exe
  2⤵
  PID:7544
- C:\Windows\System\RFMfDSF.exe
  C:\Windows\System\RFMfDSF.exe
  2⤵
  PID:7564
- C:\Windows\System\qAIKniv.exe
  C:\Windows\System\qAIKniv.exe
  2⤵
  PID:7584
- C:\Windows\System\oNwsfdj.exe
  C:\Windows\System\oNwsfdj.exe
  2⤵
  PID:7604
- C:\Windows\System\SRbkpBd.exe
  C:\Windows\System\SRbkpBd.exe
  2⤵
  PID:7624
- C:\Windows\System\hiUwojF.exe
  C:\Windows\System\hiUwojF.exe
  2⤵
  PID:7640
- C:\Windows\System\DgHFgcr.exe
  C:\Windows\System\DgHFgcr.exe
  2⤵
  PID:7664
- C:\Windows\System\ynVbVAl.exe
  C:\Windows\System\ynVbVAl.exe
  2⤵
  PID:7684
- C:\Windows\System\IxUHmdS.exe
  C:\Windows\System\IxUHmdS.exe
  2⤵
  PID:7704
- C:\Windows\System\WAuuXLd.exe
  C:\Windows\System\WAuuXLd.exe
  2⤵
  PID:7720
- C:\Windows\System\mzUDPkr.exe
  C:\Windows\System\mzUDPkr.exe
  2⤵
  PID:7736
- C:\Windows\System\GDaybMG.exe
  C:\Windows\System\GDaybMG.exe
  2⤵
  PID:7756
- C:\Windows\System\iyPkXvo.exe
  C:\Windows\System\iyPkXvo.exe
  2⤵
  PID:7776
- C:\Windows\System\SsrpYjr.exe
  C:\Windows\System\SsrpYjr.exe
  2⤵
  PID:7800
- C:\Windows\System\thofSNP.exe
  C:\Windows\System\thofSNP.exe
  2⤵
  PID:7820
- C:\Windows\System\hzvMpsx.exe
  C:\Windows\System\hzvMpsx.exe
  2⤵
  PID:7840
- C:\Windows\System\WRPZbdR.exe
  C:\Windows\System\WRPZbdR.exe
  2⤵
  PID:7860
- C:\Windows\System\fIlwZqU.exe
  C:\Windows\System\fIlwZqU.exe
  2⤵
  PID:7884
- C:\Windows\System\dsaKfei.exe
  C:\Windows\System\dsaKfei.exe
  2⤵
  PID:7904
- C:\Windows\System\RNcAZZJ.exe
  C:\Windows\System\RNcAZZJ.exe
  2⤵
  PID:7920
- C:\Windows\System\CWeoWBG.exe
  C:\Windows\System\CWeoWBG.exe
  2⤵
  PID:7940
- C:\Windows\System\SijZHUH.exe
  C:\Windows\System\SijZHUH.exe
  2⤵
  PID:7956
- C:\Windows\System\ksJTNfM.exe
  C:\Windows\System\ksJTNfM.exe
  2⤵
  PID:7980
- C:\Windows\System\QRQPpWD.exe
  C:\Windows\System\QRQPpWD.exe
  2⤵
  PID:8000
- C:\Windows\System\JQHRVck.exe
  C:\Windows\System\JQHRVck.exe
  2⤵
  PID:8024
- C:\Windows\System\zFgMtwa.exe
  C:\Windows\System\zFgMtwa.exe
  2⤵
  PID:8040
- C:\Windows\System\XdXteME.exe
  C:\Windows\System\XdXteME.exe
  2⤵
  PID:8064
- C:\Windows\System\umAgzKd.exe
  C:\Windows\System\umAgzKd.exe
  2⤵
  PID:8084
- C:\Windows\System\AcyKUpQ.exe
  C:\Windows\System\AcyKUpQ.exe
  2⤵
  PID:8104
- C:\Windows\System\jJsIQQy.exe
  C:\Windows\System\jJsIQQy.exe
  2⤵
  PID:8124
- C:\Windows\System\OOvNvoT.exe
  C:\Windows\System\OOvNvoT.exe
  2⤵
  PID:8144
- C:\Windows\System\nwpgHoI.exe
  C:\Windows\System\nwpgHoI.exe
  2⤵
  PID:8164
- C:\Windows\System\QsXxSNC.exe
  C:\Windows\System\QsXxSNC.exe
  2⤵
  PID:8184
- C:\Windows\System\biDBdTz.exe
  C:\Windows\System\biDBdTz.exe
  2⤵
  PID:7152
- C:\Windows\System\riCSjbI.exe
  C:\Windows\System\riCSjbI.exe
  2⤵
  PID:5204
- C:\Windows\System\XNBTbpL.exe
  C:\Windows\System\XNBTbpL.exe
  2⤵
  PID:5464
- C:\Windows\System\WYWFyWc.exe
  C:\Windows\System\WYWFyWc.exe
  2⤵
  PID:6032
- C:\Windows\System\hmKAsxh.exe
  C:\Windows\System\hmKAsxh.exe
  2⤵
  PID:6108
- C:\Windows\System\CFMhZzq.exe
  C:\Windows\System\CFMhZzq.exe
  2⤵
  PID:6384
- C:\Windows\System\mqeqvnB.exe
  C:\Windows\System\mqeqvnB.exe
  2⤵
  PID:6472
- C:\Windows\System\SpXJZFC.exe
  C:\Windows\System\SpXJZFC.exe
  2⤵
  PID:6688
- C:\Windows\System\uecckjl.exe
  C:\Windows\System\uecckjl.exe
  2⤵
  PID:6772
- C:\Windows\System\neswGlq.exe
  C:\Windows\System\neswGlq.exe
  2⤵
  PID:6984
- C:\Windows\System\DNQCCrm.exe
  C:\Windows\System\DNQCCrm.exe
  2⤵
  PID:7004
- C:\Windows\System\ReMUEyD.exe
  C:\Windows\System\ReMUEyD.exe
  2⤵
  PID:7212
- C:\Windows\System\GoUOXzu.exe
  C:\Windows\System\GoUOXzu.exe
  2⤵
  PID:7232
- C:\Windows\System\QbqtYdm.exe
  C:\Windows\System\QbqtYdm.exe
  2⤵
  PID:7284
- C:\Windows\System\yvLdzXt.exe
  C:\Windows\System\yvLdzXt.exe
  2⤵
  PID:7304
- C:\Windows\System\AhGXNfm.exe
  C:\Windows\System\AhGXNfm.exe
  2⤵
  PID:7364
- C:\Windows\System\GtlIiNg.exe
  C:\Windows\System\GtlIiNg.exe
  2⤵
  PID:7368
- C:\Windows\System\OTmKZlZ.exe
  C:\Windows\System\OTmKZlZ.exe
  2⤵
  PID:7392
- C:\Windows\System\jBCtfCe.exe
  C:\Windows\System\jBCtfCe.exe
  2⤵
  PID:7488
- C:\Windows\System\BJNwsRI.exe
  C:\Windows\System\BJNwsRI.exe
  2⤵
  PID:7496
- C:\Windows\System\YfOCzRV.exe
  C:\Windows\System\YfOCzRV.exe
  2⤵
  PID:7492
- C:\Windows\System\fYHcdWB.exe
  C:\Windows\System\fYHcdWB.exe
  2⤵
  PID:7520
- C:\Windows\System\frrJEZy.exe
  C:\Windows\System\frrJEZy.exe
  2⤵
  PID:7612
- C:\Windows\System\FsHLBcG.exe
  C:\Windows\System\FsHLBcG.exe
  2⤵
  PID:7560
- C:\Windows\System\oRzfRfI.exe
  C:\Windows\System\oRzfRfI.exe
  2⤵
  PID:7600
- C:\Windows\System\vNnjuHA.exe
  C:\Windows\System\vNnjuHA.exe
  2⤵
  PID:7636
- C:\Windows\System\hgxiqGo.exe
  C:\Windows\System\hgxiqGo.exe
  2⤵
  PID:7676
- C:\Windows\System\nwrEDhP.exe
  C:\Windows\System\nwrEDhP.exe
  2⤵
  PID:7768
- C:\Windows\System\aVQKNdw.exe
  C:\Windows\System\aVQKNdw.exe
  2⤵
  PID:7716
- C:\Windows\System\WNLuMKX.exe
  C:\Windows\System\WNLuMKX.exe
  2⤵
  PID:7784
- C:\Windows\System\YSfYmWy.exe
  C:\Windows\System\YSfYmWy.exe
  2⤵
  PID:7856
- C:\Windows\System\IRvHZmP.exe
  C:\Windows\System\IRvHZmP.exe
  2⤵
  PID:7868
- C:\Windows\System\eKLOwAx.exe
  C:\Windows\System\eKLOwAx.exe
  2⤵
  PID:7928
- C:\Windows\System\RHpUlJf.exe
  C:\Windows\System\RHpUlJf.exe
  2⤵
  PID:7972
- C:\Windows\System\rpUcRBi.exe
  C:\Windows\System\rpUcRBi.exe
  2⤵
  PID:7948
- C:\Windows\System\zCabkmY.exe
  C:\Windows\System\zCabkmY.exe
  2⤵
  PID:7996
- C:\Windows\System\fzmJIHb.exe
  C:\Windows\System\fzmJIHb.exe
  2⤵
  PID:8048
- C:\Windows\System\zMBcleO.exe
  C:\Windows\System\zMBcleO.exe
  2⤵
  PID:8100
- C:\Windows\System\tECRzES.exe
  C:\Windows\System\tECRzES.exe
  2⤵
  PID:8076
- C:\Windows\System\ssfKtpk.exe
  C:\Windows\System\ssfKtpk.exe
  2⤵
  PID:8136
- C:\Windows\System\GDfjmEn.exe
  C:\Windows\System\GDfjmEn.exe
  2⤵
  PID:8152
- C:\Windows\System\ysedTbQ.exe
  C:\Windows\System\ysedTbQ.exe
  2⤵
  PID:4940
- C:\Windows\System\hZdPgSZ.exe
  C:\Windows\System\hZdPgSZ.exe
  2⤵
  PID:7052
- C:\Windows\System\TchHYeG.exe
  C:\Windows\System\TchHYeG.exe
  2⤵
  PID:6228
- C:\Windows\System\ATlmGpm.exe
  C:\Windows\System\ATlmGpm.exe
  2⤵
  PID:6380
- C:\Windows\System\KYJFtXl.exe
  C:\Windows\System\KYJFtXl.exe
  2⤵
  PID:6408
- C:\Windows\System\DwcAQqu.exe
  C:\Windows\System\DwcAQqu.exe
  2⤵
  PID:6824
- C:\Windows\System\FKmRHpL.exe
  C:\Windows\System\FKmRHpL.exe
  2⤵
  PID:7192
- C:\Windows\System\QpCnXyK.exe
  C:\Windows\System\QpCnXyK.exe
  2⤵
  PID:7224
- C:\Windows\System\SfmvHnh.exe
  C:\Windows\System\SfmvHnh.exe
  2⤵
  PID:7332
- C:\Windows\System\tgkuNcU.exe
  C:\Windows\System\tgkuNcU.exe
  2⤵
  PID:7308
- C:\Windows\System\ahCSswy.exe
  C:\Windows\System\ahCSswy.exe
  2⤵
  PID:7412
- C:\Windows\System\nnInebS.exe
  C:\Windows\System\nnInebS.exe
  2⤵
  PID:7468
- C:\Windows\System\fbnVtHU.exe
  C:\Windows\System\fbnVtHU.exe
  2⤵
  PID:7472
- C:\Windows\System\TPbSoxS.exe
  C:\Windows\System\TPbSoxS.exe
  2⤵
  PID:7512
- C:\Windows\System\YoblMLI.exe
  C:\Windows\System\YoblMLI.exe
  2⤵
  PID:7580
- C:\Windows\System\DHVMTCp.exe
  C:\Windows\System\DHVMTCp.exe
  2⤵
  PID:2448
- C:\Windows\System\OmhbaSS.exe
  C:\Windows\System\OmhbaSS.exe
  2⤵
  PID:7732
- C:\Windows\System\MioIPlU.exe
  C:\Windows\System\MioIPlU.exe
  2⤵
  PID:7764
- C:\Windows\System\XAXXbEJ.exe
  C:\Windows\System\XAXXbEJ.exe
  2⤵
  PID:7848
- C:\Windows\System\OnNlogQ.exe
  C:\Windows\System\OnNlogQ.exe
  2⤵
  PID:7852
- C:\Windows\System\jAxcqYf.exe
  C:\Windows\System\jAxcqYf.exe
  2⤵
  PID:7936
- C:\Windows\System\CngnbOE.exe
  C:\Windows\System\CngnbOE.exe
  2⤵
  PID:1764
- C:\Windows\System\ROWARoA.exe
  C:\Windows\System\ROWARoA.exe
  2⤵
  PID:2424
- C:\Windows\System\eMiNITR.exe
  C:\Windows\System\eMiNITR.exe
  2⤵
  PID:2636
- C:\Windows\System\YpewnAo.exe
  C:\Windows\System\YpewnAo.exe
  2⤵
  PID:8032
- C:\Windows\System\jKppILT.exe
  C:\Windows\System\jKppILT.exe
  2⤵
  PID:8140
- C:\Windows\System\TskwKke.exe
  C:\Windows\System\TskwKke.exe
  2⤵
  PID:8156
- C:\Windows\System\KBmkoUe.exe
  C:\Windows\System\KBmkoUe.exe
  2⤵
  PID:2164
- C:\Windows\System\axhsPNR.exe
  C:\Windows\System\axhsPNR.exe
  2⤵
  PID:8180
- C:\Windows\System\TLLtfMo.exe
  C:\Windows\System\TLLtfMo.exe
  2⤵
  PID:5600
- C:\Windows\System\usuJuWp.exe
  C:\Windows\System\usuJuWp.exe
  2⤵
  PID:6464
- C:\Windows\System\XUbhQYr.exe
  C:\Windows\System\XUbhQYr.exe
  2⤵
  PID:6644
- C:\Windows\System\GZQtvnl.exe
  C:\Windows\System\GZQtvnl.exe
  2⤵
  PID:2732
- C:\Windows\System\GCuHAVM.exe
  C:\Windows\System\GCuHAVM.exe
  2⤵
  PID:2152
- C:\Windows\System\ZYWtwPe.exe
  C:\Windows\System\ZYWtwPe.exe
  2⤵
  PID:7372
- C:\Windows\System\NmiXrOJ.exe
  C:\Windows\System\NmiXrOJ.exe
  2⤵
  PID:7448
- C:\Windows\System\DPcJiKy.exe
  C:\Windows\System\DPcJiKy.exe
  2⤵
  PID:7552
- C:\Windows\System\HnOFSgh.exe
  C:\Windows\System\HnOFSgh.exe
  2⤵
  PID:7660
- C:\Windows\System\RYGxpim.exe
  C:\Windows\System\RYGxpim.exe
  2⤵
  PID:7556
- C:\Windows\System\RbeMvbk.exe
  C:\Windows\System\RbeMvbk.exe
  2⤵
  PID:2748
- C:\Windows\System\gKCEzXF.exe
  C:\Windows\System\gKCEzXF.exe
  2⤵
  PID:7812
- C:\Windows\System\OsmVKgW.exe
  C:\Windows\System\OsmVKgW.exe
  2⤵
  PID:8012
- C:\Windows\System\SrHpTzg.exe
  C:\Windows\System\SrHpTzg.exe
  2⤵
  PID:7880
- C:\Windows\System\oWOvqmy.exe
  C:\Windows\System\oWOvqmy.exe
  2⤵
  PID:7912
- C:\Windows\System\bSYaSuF.exe
  C:\Windows\System\bSYaSuF.exe
  2⤵
  PID:8016
- C:\Windows\System\vhBRtid.exe
  C:\Windows\System\vhBRtid.exe
  2⤵
  PID:2228
- C:\Windows\System\dkzQCde.exe
  C:\Windows\System\dkzQCde.exe
  2⤵
  PID:8116
- C:\Windows\System\gmrmsRG.exe
  C:\Windows\System\gmrmsRG.exe
  2⤵
  PID:6564
- C:\Windows\System\owHoSkk.exe
  C:\Windows\System\owHoSkk.exe
  2⤵
  PID:6944
- C:\Windows\System\gQoigKn.exe
  C:\Windows\System\gQoigKn.exe
  2⤵
  PID:7280
- C:\Windows\System\kUNDhqj.exe
  C:\Windows\System\kUNDhqj.exe
  2⤵
  PID:7444
- C:\Windows\System\fisDbKK.exe
  C:\Windows\System\fisDbKK.exe
  2⤵
  PID:1968
- C:\Windows\System\thWWnNh.exe
  C:\Windows\System\thWWnNh.exe
  2⤵
  PID:1844
- C:\Windows\System\qPgWbvB.exe
  C:\Windows\System\qPgWbvB.exe
  2⤵
  PID:7572
- C:\Windows\System\khUlEnc.exe
  C:\Windows\System\khUlEnc.exe
  2⤵
  PID:2728
- C:\Windows\System\fVIhbSg.exe
  C:\Windows\System\fVIhbSg.exe
  2⤵
  PID:960
- C:\Windows\System\bmmznfk.exe
  C:\Windows\System\bmmznfk.exe
  2⤵
  PID:7896
- C:\Windows\System\WwJPUBg.exe
  C:\Windows\System\WwJPUBg.exe
  2⤵
  PID:5296
- C:\Windows\System\YdzcFff.exe
  C:\Windows\System\YdzcFff.exe
  2⤵
  PID:8112
- C:\Windows\System\Mwfoctq.exe
  C:\Windows\System\Mwfoctq.exe
  2⤵
  PID:5068
- C:\Windows\System\XHUykZN.exe
  C:\Windows\System\XHUykZN.exe
  2⤵
  PID:7248
- C:\Windows\System\HaIZPeJ.exe
  C:\Windows\System\HaIZPeJ.exe
  2⤵
  PID:2924
- C:\Windows\System\ayKGcbo.exe
  C:\Windows\System\ayKGcbo.exe
  2⤵
  PID:7632
- C:\Windows\System\vkhbGuR.exe
  C:\Windows\System\vkhbGuR.exe
  2⤵
  PID:1176
- C:\Windows\System\kuQQole.exe
  C:\Windows\System\kuQQole.exe
  2⤵
  PID:1260
- C:\Windows\System\pxqsLxW.exe
  C:\Windows\System\pxqsLxW.exe
  2⤵
  PID:7172
- C:\Windows\System\hgwejpP.exe
  C:\Windows\System\hgwejpP.exe
  2⤵
  PID:7832
- C:\Windows\System\QhHRMue.exe
  C:\Windows\System\QhHRMue.exe
  2⤵
  PID:5584
- C:\Windows\System\bNjrPqX.exe
  C:\Windows\System\bNjrPqX.exe
  2⤵
  PID:2972
- C:\Windows\System\zKpmMhR.exe
  C:\Windows\System\zKpmMhR.exe
  2⤵
  PID:7312
- C:\Windows\System\OfAqobj.exe
  C:\Windows\System\OfAqobj.exe
  2⤵
  PID:7696
- C:\Windows\System\pzIZWSP.exe
  C:\Windows\System\pzIZWSP.exe
  2⤵
  PID:4960
- C:\Windows\System\NRmZLal.exe
  C:\Windows\System\NRmZLal.exe
  2⤵
  PID:1484
- C:\Windows\System\uEszPAO.exe
  C:\Windows\System\uEszPAO.exe
  2⤵
  PID:8008
- C:\Windows\System\TrHbxGC.exe
  C:\Windows\System\TrHbxGC.exe
  2⤵
  PID:2920
- C:\Windows\System\CpWqdrl.exe
  C:\Windows\System\CpWqdrl.exe
  2⤵
  PID:2124
- C:\Windows\System\rkHaAnT.exe
  C:\Windows\System\rkHaAnT.exe
  2⤵
  PID:2192
- C:\Windows\System\FthbPLn.exe
  C:\Windows\System\FthbPLn.exe
  2⤵
  PID:2628
- C:\Windows\System\xnPOnVt.exe
  C:\Windows\System\xnPOnVt.exe
  2⤵
  PID:2744
- C:\Windows\System\bOMbMRD.exe
  C:\Windows\System\bOMbMRD.exe
  2⤵
  PID:8200
- C:\Windows\System\mgbyiOM.exe
  C:\Windows\System\mgbyiOM.exe
  2⤵
  PID:8216
- C:\Windows\System\XpNUNJT.exe
  C:\Windows\System\XpNUNJT.exe
  2⤵
  PID:8248
- C:\Windows\System\vNqDtjj.exe
  C:\Windows\System\vNqDtjj.exe
  2⤵
  PID:8268
- C:\Windows\System\cMSnoOH.exe
  C:\Windows\System\cMSnoOH.exe
  2⤵
  PID:8336
- C:\Windows\System\wBBZxVL.exe
  C:\Windows\System\wBBZxVL.exe
  2⤵
  PID:8352
- C:\Windows\System\rvHrRmp.exe
  C:\Windows\System\rvHrRmp.exe
  2⤵
  PID:8368
- C:\Windows\System\JfVNllw.exe
  C:\Windows\System\JfVNllw.exe
  2⤵
  PID:8384
- C:\Windows\System\eUEJzPS.exe
  C:\Windows\System\eUEJzPS.exe
  2⤵
  PID:8404
- C:\Windows\System\XdTMcLS.exe
  C:\Windows\System\XdTMcLS.exe
  2⤵
  PID:8420
- C:\Windows\System\pmwSjBf.exe
  C:\Windows\System\pmwSjBf.exe
  2⤵
  PID:8436
- C:\Windows\System\WOkdAVB.exe
  C:\Windows\System\WOkdAVB.exe
  2⤵
  PID:8452
- C:\Windows\System\KVRCVtg.exe
  C:\Windows\System\KVRCVtg.exe
  2⤵
  PID:8468
- C:\Windows\System\bOjGsow.exe
  C:\Windows\System\bOjGsow.exe
  2⤵
  PID:8520
- C:\Windows\System\qZYRhzE.exe
  C:\Windows\System\qZYRhzE.exe
  2⤵
  PID:8536
- C:\Windows\System\GGpRINW.exe
  C:\Windows\System\GGpRINW.exe
  2⤵
  PID:8552
- C:\Windows\System\gQkBGmQ.exe
  C:\Windows\System\gQkBGmQ.exe
  2⤵
  PID:8568
- C:\Windows\System\ctXyQYr.exe
  C:\Windows\System\ctXyQYr.exe
  2⤵
  PID:8584
- C:\Windows\System\KaevYwh.exe
  C:\Windows\System\KaevYwh.exe
  2⤵
  PID:8600
- C:\Windows\System\lZGZWkt.exe
  C:\Windows\System\lZGZWkt.exe
  2⤵
  PID:8616
- C:\Windows\System\eNkCcQG.exe
  C:\Windows\System\eNkCcQG.exe
  2⤵
  PID:8632
- C:\Windows\System\eivQXHq.exe
  C:\Windows\System\eivQXHq.exe
  2⤵
  PID:8652
- C:\Windows\System\LGsdSmW.exe
  C:\Windows\System\LGsdSmW.exe
  2⤵
  PID:8700
- C:\Windows\System\mvzAqMx.exe
  C:\Windows\System\mvzAqMx.exe
  2⤵
  PID:8716
- C:\Windows\System\hGdUyFD.exe
  C:\Windows\System\hGdUyFD.exe
  2⤵
  PID:8732
- C:\Windows\System\dQBiOcK.exe
  C:\Windows\System\dQBiOcK.exe
  2⤵
  PID:8748
- C:\Windows\System\yCbPcGm.exe
  C:\Windows\System\yCbPcGm.exe
  2⤵
  PID:8764
- C:\Windows\System\fYPadBP.exe
  C:\Windows\System\fYPadBP.exe
  2⤵
  PID:8804
- C:\Windows\System\LWVhmSZ.exe
  C:\Windows\System\LWVhmSZ.exe
  2⤵
  PID:8820
- C:\Windows\System\bybjHdQ.exe
  C:\Windows\System\bybjHdQ.exe
  2⤵
  PID:8836
- C:\Windows\System\uYLHaUD.exe
  C:\Windows\System\uYLHaUD.exe
  2⤵
  PID:8852
- C:\Windows\System\QbSZEcQ.exe
  C:\Windows\System\QbSZEcQ.exe
  2⤵
  PID:8868
- C:\Windows\System\IUopqsU.exe
  C:\Windows\System\IUopqsU.exe
  2⤵
  PID:8884
- C:\Windows\System\AEDKSDy.exe
  C:\Windows\System\AEDKSDy.exe
  2⤵
  PID:8900
- C:\Windows\System\PeoFIlJ.exe
  C:\Windows\System\PeoFIlJ.exe
  2⤵
  PID:8916
- C:\Windows\System\ayBpqLN.exe
  C:\Windows\System\ayBpqLN.exe
  2⤵
  PID:8936
- C:\Windows\System\aYZJaua.exe
  C:\Windows\System\aYZJaua.exe
  2⤵
  PID:8952
- C:\Windows\System\UriNRMP.exe
  C:\Windows\System\UriNRMP.exe
  2⤵
  PID:9004
- C:\Windows\System\OZoQMrM.exe
  C:\Windows\System\OZoQMrM.exe
  2⤵
  PID:9020
- C:\Windows\System\bsgxwzD.exe
  C:\Windows\System\bsgxwzD.exe
  2⤵
  PID:9036
- C:\Windows\System\pfWOlIv.exe
  C:\Windows\System\pfWOlIv.exe
  2⤵
  PID:9056
- C:\Windows\System\TRSbOTi.exe
  C:\Windows\System\TRSbOTi.exe
  2⤵
  PID:9076
- C:\Windows\System\FJgBvwu.exe
  C:\Windows\System\FJgBvwu.exe
  2⤵
  PID:9092
- C:\Windows\System\nnWhsJp.exe
  C:\Windows\System\nnWhsJp.exe
  2⤵
  PID:9112
- C:\Windows\System\QOwRxhH.exe
  C:\Windows\System\QOwRxhH.exe
  2⤵
  PID:9128
- C:\Windows\System\NfhUebP.exe
  C:\Windows\System\NfhUebP.exe
  2⤵
  PID:9144
- C:\Windows\System\onhhqri.exe
  C:\Windows\System\onhhqri.exe
  2⤵
  PID:9184
- C:\Windows\System\KptOwgF.exe
  C:\Windows\System\KptOwgF.exe
  2⤵
  PID:9200
- C:\Windows\System\BbBPuXG.exe
  C:\Windows\System\BbBPuXG.exe
  2⤵
  PID:7576
- C:\Windows\System\ZnpwiYC.exe
  C:\Windows\System\ZnpwiYC.exe
  2⤵
  PID:3208
- C:\Windows\System\mXtQwLE.exe
  C:\Windows\System\mXtQwLE.exe
  2⤵
  PID:8212
- C:\Windows\System\DBhjVEw.exe
  C:\Windows\System\DBhjVEw.exe
  2⤵
  PID:688
- C:\Windows\System\nkIcDoD.exe
  C:\Windows\System\nkIcDoD.exe
  2⤵
  PID:2224
- C:\Windows\System\cxzUkBB.exe
  C:\Windows\System\cxzUkBB.exe
  2⤵
  PID:7404
- C:\Windows\System\nottpvx.exe
  C:\Windows\System\nottpvx.exe
  2⤵
  PID:8224
- C:\Windows\System\OxLvFHk.exe
  C:\Windows\System\OxLvFHk.exe
  2⤵
  PID:992
- C:\Windows\System\IUfqNCA.exe
  C:\Windows\System\IUfqNCA.exe
  2⤵
  PID:1428
- C:\Windows\System\vrxEEEz.exe
  C:\Windows\System\vrxEEEz.exe
  2⤵
  PID:8292
- C:\Windows\System\sKXHEEf.exe
  C:\Windows\System\sKXHEEf.exe
  2⤵
  PID:8308
- C:\Windows\System\FfKiYZF.exe
  C:\Windows\System\FfKiYZF.exe
  2⤵
  PID:1860
- C:\Windows\System\QOHPuyf.exe
  C:\Windows\System\QOHPuyf.exe
  2⤵
  PID:8364
- C:\Windows\System\PLQDaaT.exe
  C:\Windows\System\PLQDaaT.exe
  2⤵
  PID:8428
- C:\Windows\System\ZsbZbXB.exe
  C:\Windows\System\ZsbZbXB.exe
  2⤵
  PID:8460
- C:\Windows\System\mHikvZz.exe
  C:\Windows\System\mHikvZz.exe
  2⤵
  PID:8504
- C:\Windows\System\XsIRvHB.exe
  C:\Windows\System\XsIRvHB.exe
  2⤵
  PID:8484
- C:\Windows\System\OBoHfUR.exe
  C:\Windows\System\OBoHfUR.exe
  2⤵
  PID:8512
- C:\Windows\System\bWobDUp.exe
  C:\Windows\System\bWobDUp.exe
  2⤵
  PID:8532
- C:\Windows\System\boezZbr.exe
  C:\Windows\System\boezZbr.exe
  2⤵
  PID:8612
- C:\Windows\System\deeKFuw.exe
  C:\Windows\System\deeKFuw.exe
  2⤵
  PID:8684
- C:\Windows\System\GIWZOWe.exe
  C:\Windows\System\GIWZOWe.exe
  2⤵
  PID:8712
- C:\Windows\System\HjdxWEv.exe
  C:\Windows\System\HjdxWEv.exe
  2⤵
  PID:8760
- C:\Windows\System\LYTrKMy.exe
  C:\Windows\System\LYTrKMy.exe
  2⤵
  PID:8788
- C:\Windows\System\KSuQEEP.exe
  C:\Windows\System\KSuQEEP.exe
  2⤵
  PID:8812
- C:\Windows\System\QMHEdYR.exe
  C:\Windows\System\QMHEdYR.exe
  2⤵
  PID:8896
- C:\Windows\System\rgYKpLL.exe
  C:\Windows\System\rgYKpLL.exe
  2⤵
  PID:8944
- C:\Windows\System\wLBCZqf.exe
  C:\Windows\System\wLBCZqf.exe
  2⤵
  PID:8876
- C:\Windows\System\RoMRGpA.exe
  C:\Windows\System\RoMRGpA.exe
  2⤵
  PID:8948
- C:\Windows\System\xWDfPva.exe
  C:\Windows\System\xWDfPva.exe
  2⤵
  PID:8976
- C:\Windows\System\cyZOztd.exe
  C:\Windows\System\cyZOztd.exe
  2⤵
  PID:8992
- C:\Windows\System\wVDeSHw.exe
  C:\Windows\System\wVDeSHw.exe
  2⤵
  PID:9016
- C:\Windows\System\CezcaHV.exe
  C:\Windows\System\CezcaHV.exe
  2⤵
  PID:9084
- C:\Windows\System\AdbNuWB.exe
  C:\Windows\System\AdbNuWB.exe
  2⤵
  PID:9064
- C:\Windows\System\DTrDnDy.exe
  C:\Windows\System\DTrDnDy.exe
  2⤵
  PID:9168
- C:\Windows\System\BksITJE.exe
  C:\Windows\System\BksITJE.exe
  2⤵
  PID:9172
- C:\Windows\System\OoFylEQ.exe
  C:\Windows\System\OoFylEQ.exe
  2⤵
  PID:9100
- C:\Windows\System\umParUB.exe
  C:\Windows\System\umParUB.exe
  2⤵
  PID:9180
- C:\Windows\System\GWiDLbJ.exe
  C:\Windows\System\GWiDLbJ.exe
  2⤵
  PID:1496
- C:\Windows\System\FfTUcrt.exe
  C:\Windows\System\FfTUcrt.exe
  2⤵
  PID:7432
- C:\Windows\System\eIlLrUG.exe
  C:\Windows\System\eIlLrUG.exe
  2⤵
  PID:8296
- C:\Windows\System\wHUulfA.exe
  C:\Windows\System\wHUulfA.exe
  2⤵
  PID:7124
- C:\Windows\System\exfhcMN.exe
  C:\Windows\System\exfhcMN.exe
  2⤵
  PID:8416
- C:\Windows\System\tXtNmkK.exe
  C:\Windows\System\tXtNmkK.exe
  2⤵
  PID:8528
- C:\Windows\System\QxkUbjZ.exe
  C:\Windows\System\QxkUbjZ.exe
  2⤵
  PID:8288
- C:\Windows\System\QoDWVVD.exe
  C:\Windows\System\QoDWVVD.exe
  2⤵
  PID:9196
- C:\Windows\System\MCxxFhG.exe
  C:\Windows\System\MCxxFhG.exe
  2⤵
  PID:8380
- C:\Windows\System\qDmIyxD.exe
  C:\Windows\System\qDmIyxD.exe
  2⤵
  PID:8664
- C:\Windows\System\lxEjWKi.exe
  C:\Windows\System\lxEjWKi.exe
  2⤵
  PID:8672
- C:\Windows\System\vASNIkd.exe
  C:\Windows\System\vASNIkd.exe
  2⤵
  PID:8708
- C:\Windows\System\zxiEGNX.exe
  C:\Windows\System\zxiEGNX.exe
  2⤵
  PID:8724
- C:\Windows\System\VTuOyVA.exe
  C:\Windows\System\VTuOyVA.exe
  2⤵
  PID:8928
- C:\Windows\System\AadEKLo.exe
  C:\Windows\System\AadEKLo.exe
  2⤵
  PID:8932
- C:\Windows\System\ETNblvk.exe
  C:\Windows\System\ETNblvk.exe
  2⤵
  PID:9052
- C:\Windows\System\pPYcqUy.exe
  C:\Windows\System\pPYcqUy.exe
  2⤵
  PID:9104
- C:\Windows\System\psMdttM.exe
  C:\Windows\System\psMdttM.exe
  2⤵
  PID:8444
- C:\Windows\System\ACJqZiG.exe
  C:\Windows\System\ACJqZiG.exe
  2⤵
  PID:8972
- C:\Windows\System\WZqodxi.exe
  C:\Windows\System\WZqodxi.exe
  2⤵
  PID:9120
- C:\Windows\System\RItrgEX.exe
  C:\Windows\System\RItrgEX.exe
  2⤵
  PID:1364
- C:\Windows\System\SimKzCe.exe
  C:\Windows\System\SimKzCe.exe
  2⤵
  PID:9176
- C:\Windows\System\VvVSXwy.exe
  C:\Windows\System\VvVSXwy.exe
  2⤵
  PID:2208
- C:\Windows\System\HmUwjiJ.exe
  C:\Windows\System\HmUwjiJ.exe
  2⤵
  PID:8400
- C:\Windows\System\LdJnLtR.exe
  C:\Windows\System\LdJnLtR.exe
  2⤵
  PID:1880
- C:\Windows\System\KoDgtqA.exe
  C:\Windows\System\KoDgtqA.exe
  2⤵
  PID:8260
- C:\Windows\System\jFXJktC.exe
  C:\Windows\System\jFXJktC.exe
  2⤵
  PID:8628
- C:\Windows\System\FJfFcas.exe
  C:\Windows\System\FJfFcas.exe
  2⤵
  PID:8676
- C:\Windows\System\boRzhWZ.exe
  C:\Windows\System\boRzhWZ.exe
  2⤵
  PID:8596
- C:\Windows\System\SlcwlnI.exe
  C:\Windows\System\SlcwlnI.exe
  2⤵
  PID:8860
- C:\Windows\System\wfhhKJy.exe
  C:\Windows\System\wfhhKJy.exe
  2⤵
  PID:8196
- C:\Windows\System\XuYnHMa.exe
  C:\Windows\System\XuYnHMa.exe
  2⤵
  PID:2956
- C:\Windows\System\lWxxiHv.exe
  C:\Windows\System\lWxxiHv.exe
  2⤵
  PID:8580
- C:\Windows\System\ESYSTKL.exe
  C:\Windows\System\ESYSTKL.exe
  2⤵
  PID:9000
- C:\Windows\System\nzAWeSg.exe
  C:\Windows\System\nzAWeSg.exe
  2⤵
  PID:8476
- C:\Windows\System\sWYwCUS.exe
  C:\Windows\System\sWYwCUS.exe
  2⤵
  PID:8624
- C:\Windows\System\mnrqUMk.exe
  C:\Windows\System\mnrqUMk.exe
  2⤵
  PID:8668
- C:\Windows\System\DhLJOvv.exe
  C:\Windows\System\DhLJOvv.exe
  2⤵
  PID:8832
- C:\Windows\System\VQfQOLO.exe
  C:\Windows\System\VQfQOLO.exe
  2⤵
  PID:8772
- C:\Windows\System\oszOKCO.exe
  C:\Windows\System\oszOKCO.exe
  2⤵
  PID:8488
- C:\Windows\System\EHNogEZ.exe
  C:\Windows\System\EHNogEZ.exe
  2⤵
  PID:2872
- C:\Windows\System\FvBwgHo.exe
  C:\Windows\System\FvBwgHo.exe
  2⤵
  PID:9048
- C:\Windows\System\lEaOwqD.exe
  C:\Windows\System\lEaOwqD.exe
  2⤵
  PID:2040
- C:\Windows\System\IrVlMMn.exe
  C:\Windows\System\IrVlMMn.exe
  2⤵
  PID:8688
- C:\Windows\System\nlZMXor.exe
  C:\Windows\System\nlZMXor.exe
  2⤵
  PID:9160
- C:\Windows\System\EiQtEKg.exe
  C:\Windows\System\EiQtEKg.exe
  2⤵
  PID:8988
- C:\Windows\System\woWljov.exe
  C:\Windows\System\woWljov.exe
  2⤵
  PID:8264
- C:\Windows\System\MKdhGvx.exe
  C:\Windows\System\MKdhGvx.exe
  2⤵
  PID:8800
- C:\Windows\System\aqWTxBY.exe
  C:\Windows\System\aqWTxBY.exe
  2⤵
  PID:9156
- C:\Windows\System\UqFOvRJ.exe
  C:\Windows\System\UqFOvRJ.exe
  2⤵
  PID:8328
- C:\Windows\System\PyXaAUL.exe
  C:\Windows\System\PyXaAUL.exe
  2⤵
  PID:8908
- C:\Windows\System\ZIymTLa.exe
  C:\Windows\System\ZIymTLa.exe
  2⤵
  PID:8828
- C:\Windows\System\xIphdRu.exe
  C:\Windows\System\xIphdRu.exe
  2⤵
  PID:9224
- C:\Windows\System\wZgJJEw.exe
  C:\Windows\System\wZgJJEw.exe
  2⤵
  PID:9244
- C:\Windows\System\iozYkqd.exe
  C:\Windows\System\iozYkqd.exe
  2⤵
  PID:9264
- C:\Windows\System\vDYrNOc.exe
  C:\Windows\System\vDYrNOc.exe
  2⤵
  PID:9280
- C:\Windows\System\VMRYikw.exe
  C:\Windows\System\VMRYikw.exe
  2⤵
  PID:9296
- C:\Windows\System\kAldFmn.exe
  C:\Windows\System\kAldFmn.exe
  2⤵
  PID:9320
- C:\Windows\System\ILcWSBm.exe
  C:\Windows\System\ILcWSBm.exe
  2⤵
  PID:9348
- C:\Windows\System\TpJxJrO.exe
  C:\Windows\System\TpJxJrO.exe
  2⤵
  PID:9368
- C:\Windows\System\oKeupOb.exe
  C:\Windows\System\oKeupOb.exe
  2⤵
  PID:9384
- C:\Windows\System\iJIXPqi.exe
  C:\Windows\System\iJIXPqi.exe
  2⤵
  PID:9408
- C:\Windows\System\RmaYnVw.exe
  C:\Windows\System\RmaYnVw.exe
  2⤵
  PID:9424
- C:\Windows\System\PZiAWdQ.exe
  C:\Windows\System\PZiAWdQ.exe
  2⤵
  PID:9444
- C:\Windows\System\faQdZGe.exe
  C:\Windows\System\faQdZGe.exe
  2⤵
  PID:9468
- C:\Windows\System\SenNaZb.exe
  C:\Windows\System\SenNaZb.exe
  2⤵
  PID:9488
- C:\Windows\System\jcjQIyY.exe
  C:\Windows\System\jcjQIyY.exe
  2⤵
  PID:9508
- C:\Windows\System\elXPVzh.exe
  C:\Windows\System\elXPVzh.exe
  2⤵
  PID:9524
- C:\Windows\System\SDEqgKQ.exe
  C:\Windows\System\SDEqgKQ.exe
  2⤵
  PID:9540
- C:\Windows\System\rUInpvs.exe
  C:\Windows\System\rUInpvs.exe
  2⤵
  PID:9564
- C:\Windows\System\QFGcQHb.exe
  C:\Windows\System\QFGcQHb.exe
  2⤵
  PID:9584
- C:\Windows\System\JAVRbxG.exe
  C:\Windows\System\JAVRbxG.exe
  2⤵
  PID:9604
- C:\Windows\System\ghSJkQu.exe
  C:\Windows\System\ghSJkQu.exe
  2⤵
  PID:9620
- C:\Windows\System\yvBwNkF.exe
  C:\Windows\System\yvBwNkF.exe
  2⤵
  PID:9640
- C:\Windows\System\KMFQFFs.exe
  C:\Windows\System\KMFQFFs.exe
  2⤵
  PID:9660
- C:\Windows\System\tMRJZgC.exe
  C:\Windows\System\tMRJZgC.exe
  2⤵
  PID:9676
- C:\Windows\System\fottjlZ.exe
  C:\Windows\System\fottjlZ.exe
  2⤵
  PID:9692
- C:\Windows\System\spRyUei.exe
  C:\Windows\System\spRyUei.exe
  2⤵
  PID:9712
- C:\Windows\System\UsVhqST.exe
  C:\Windows\System\UsVhqST.exe
  2⤵
  PID:9728
- C:\Windows\System\NNEUwiN.exe
  C:\Windows\System\NNEUwiN.exe
  2⤵
  PID:9748
- C:\Windows\System\HlIRBHd.exe
  C:\Windows\System\HlIRBHd.exe
  2⤵
  PID:9764
- C:\Windows\System\RvYfDti.exe
  C:\Windows\System\RvYfDti.exe
  2⤵
  PID:9788
- C:\Windows\System\THfmgtY.exe
  C:\Windows\System\THfmgtY.exe
  2⤵
  PID:9804
- C:\Windows\System\gFxyhiw.exe
  C:\Windows\System\gFxyhiw.exe
  2⤵
  PID:9828
- C:\Windows\System\idLLoxA.exe
  C:\Windows\System\idLLoxA.exe
  2⤵
  PID:9844
- C:\Windows\System\loUpIcs.exe
  C:\Windows\System\loUpIcs.exe
  2⤵
  PID:9868
- C:\Windows\System\WhtYaAC.exe
  C:\Windows\System\WhtYaAC.exe
  2⤵
  PID:9892
- C:\Windows\System\ZTwQWtL.exe
  C:\Windows\System\ZTwQWtL.exe
  2⤵
  PID:9928
- C:\Windows\System\RfNOkyt.exe
  C:\Windows\System\RfNOkyt.exe
  2⤵
  PID:9944
- C:\Windows\System\kqBzuDl.exe
  C:\Windows\System\kqBzuDl.exe
  2⤵
  PID:9964
- C:\Windows\System\tcifcPH.exe
  C:\Windows\System\tcifcPH.exe
  2⤵
  PID:9980
- C:\Windows\System\bbbAbdP.exe
  C:\Windows\System\bbbAbdP.exe
  2⤵
  PID:10000
- C:\Windows\System\kjzKnlm.exe
  C:\Windows\System\kjzKnlm.exe
  2⤵
  PID:10020
- C:\Windows\System\GIwEgrQ.exe
  C:\Windows\System\GIwEgrQ.exe
  2⤵
  PID:10036
- C:\Windows\System\FmefrEv.exe
  C:\Windows\System\FmefrEv.exe
  2⤵
  PID:10056
- C:\Windows\System\qmoOQjb.exe
  C:\Windows\System\qmoOQjb.exe
  2⤵
  PID:10076
- C:\Windows\System\tEwnwpu.exe
  C:\Windows\System\tEwnwpu.exe
  2⤵
  PID:10092
- C:\Windows\System\VACuGro.exe
  C:\Windows\System\VACuGro.exe
  2⤵
  PID:10132
- C:\Windows\System\eEjlhvU.exe
  C:\Windows\System\eEjlhvU.exe
  2⤵
  PID:10148
- C:\Windows\System\fNaSwBU.exe
  C:\Windows\System\fNaSwBU.exe
  2⤵
  PID:10164
- C:\Windows\System\tJpYbYt.exe
  C:\Windows\System\tJpYbYt.exe
  2⤵
  PID:10180
- C:\Windows\System\ehZvbKG.exe
  C:\Windows\System\ehZvbKG.exe
  2⤵
  PID:10196
- C:\Windows\System\QOAbYtr.exe
  C:\Windows\System\QOAbYtr.exe
  2⤵
  PID:10216
- C:\Windows\System\yPElFOk.exe
  C:\Windows\System\yPElFOk.exe
  2⤵
  PID:10232
- C:\Windows\System\VNaANRm.exe
  C:\Windows\System\VNaANRm.exe
  2⤵
  PID:9232
- C:\Windows\System\ibscSbu.exe
  C:\Windows\System\ibscSbu.exe
  2⤵
  PID:9256
- C:\Windows\System\yGGXsMo.exe
  C:\Windows\System\yGGXsMo.exe
  2⤵
  PID:9292
- C:\Windows\System\tJBHufq.exe
  C:\Windows\System\tJBHufq.exe
  2⤵
  PID:9344
- C:\Windows\System\AuTlNwR.exe
  C:\Windows\System\AuTlNwR.exe
  2⤵
  PID:9308
- C:\Windows\System\OFkHWGg.exe
  C:\Windows\System\OFkHWGg.exe
  2⤵
  PID:9376
- C:\Windows\System\iONyJxP.exe
  C:\Windows\System\iONyJxP.exe
  2⤵
  PID:9404
- C:\Windows\System\PxiYEVY.exe
  C:\Windows\System\PxiYEVY.exe
  2⤵
  PID:9432
- C:\Windows\System\fPsyQvl.exe
  C:\Windows\System\fPsyQvl.exe
  2⤵
  PID:9440
- C:\Windows\System\YQeDdEe.exe
  C:\Windows\System\YQeDdEe.exe
  2⤵
  PID:9480
- C:\Windows\System\ZBNzWsz.exe
  C:\Windows\System\ZBNzWsz.exe
  2⤵
  PID:9516
- C:\Windows\System\cgykVpo.exe
  C:\Windows\System\cgykVpo.exe
  2⤵
  PID:9552
- C:\Windows\System\gCAPsrZ.exe
  C:\Windows\System\gCAPsrZ.exe
  2⤵
  PID:9572
- C:\Windows\System\YKpgrKh.exe
  C:\Windows\System\YKpgrKh.exe
  2⤵
  PID:9616
- C:\Windows\System\iIlhXtQ.exe
  C:\Windows\System\iIlhXtQ.exe
  2⤵
  PID:9656
- C:\Windows\System\CrbraVB.exe
  C:\Windows\System\CrbraVB.exe
  2⤵
  PID:9772
- C:\Windows\System\cOJwRGp.exe
  C:\Windows\System\cOJwRGp.exe
  2⤵
  PID:9632
- C:\Windows\System\LPTwBEx.exe
  C:\Windows\System\LPTwBEx.exe
  2⤵
  PID:9784
- C:\Windows\System\LpuvDmO.exe
  C:\Windows\System\LpuvDmO.exe
  2⤵
  PID:9672
- C:\Windows\System\MFoegqM.exe
  C:\Windows\System\MFoegqM.exe
  2⤵
  PID:9884
- C:\Windows\System\yMrPdVs.exe
  C:\Windows\System\yMrPdVs.exe
  2⤵
  PID:9916
- C:\Windows\System\YEVIpUo.exe
  C:\Windows\System\YEVIpUo.exe
  2⤵
  PID:9940
- C:\Windows\System\HRGONBK.exe
  C:\Windows\System\HRGONBK.exe
  2⤵
  PID:10012
- C:\Windows\System\UuWkzbn.exe
  C:\Windows\System\UuWkzbn.exe
  2⤵
  PID:9988
- C:\Windows\System\HSRxLrs.exe
  C:\Windows\System\HSRxLrs.exe
  2⤵
  PID:9956
- C:\Windows\System\fOqQxYO.exe
  C:\Windows\System\fOqQxYO.exe
  2⤵
  PID:10032
- C:\Windows\System\xePtbNy.exe
  C:\Windows\System\xePtbNy.exe
  2⤵
  PID:10104
- C:\Windows\System\WYhZqCv.exe
  C:\Windows\System\WYhZqCv.exe
  2⤵
  PID:10128
- C:\Windows\System\XSGqRgD.exe
  C:\Windows\System\XSGqRgD.exe
  2⤵
  PID:10208
- C:\Windows\System\OHJtvpj.exe
  C:\Windows\System\OHJtvpj.exe
  2⤵
  PID:9272
- C:\Windows\System\CNYNixm.exe
  C:\Windows\System\CNYNixm.exe
  2⤵
  PID:9316
- C:\Windows\System\viwQvFg.exe
  C:\Windows\System\viwQvFg.exe
  2⤵
  PID:10188
- C:\Windows\System\XojpDVw.exe
  C:\Windows\System\XojpDVw.exe
  2⤵
  PID:9364
- C:\Windows\System\xTDwxtr.exe
  C:\Windows\System\xTDwxtr.exe
  2⤵
  PID:9452
- C:\Windows\System\ddPQbAV.exe
  C:\Windows\System\ddPQbAV.exe
  2⤵
  PID:9580
- C:\Windows\System\RofrEFo.exe
  C:\Windows\System\RofrEFo.exe
  2⤵
  PID:9576
- C:\Windows\System\IQGaDlD.exe
  C:\Windows\System\IQGaDlD.exe
  2⤵
  PID:9724
- C:\Windows\System\ouZFREs.exe
  C:\Windows\System\ouZFREs.exe
  2⤵
  PID:9600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AsXDbbe.exe

Filesize
6.0MB

MD5
488f34ae98f67dd501ab6546e00b14ad

SHA1
00121a87365131d9b0313ee61500afbd71e155c3

SHA256
332907626d8f167936a41be1a4c8f8bef1330417ec9f8211af22c789d529bde5

SHA512
6ae8013109af9d920291b0633658ef3b9a1ca1ca27215f18e9d198fa72a5f40fea87dee23371f82eb83693f3e1935b506021192b3fa77d25226ae9ac1982ee64

Download Submit
C:\Windows\system\EOPgyOC.exe

Filesize
6.0MB

MD5
9c72027898366dc3e9416736a4fe0bb7

SHA1
35b99de9f20589d40ff5db733741f1635a840e83

SHA256
ba0c454572197ca72f5545f070875f2836bd97eb4b00dc2c760425967f1e0114

SHA512
b3138ee6b51bb0c60d28d96d1c00abc705b5515dcd049a4d4348581d0ab3d648056b6db87f4c505ec8b7af1819da4531091b3df26eb0c7dd1cf6013b8473bed5

Download Submit
C:\Windows\system\GxzSEaJ.exe

Filesize
6.0MB

MD5
e0676823b37ca791894988c9abe12f29

SHA1
148a68261a42efd9ad0c1df49e9373639d2aa7d8

SHA256
bae86647331505e99bbe491cf16c0149d9ad1f4773773b4d989176df370421e9

SHA512
9456510abe26573af456e75a5f9807f35c1c32b2bc45b0d965bee79f1b46ddf5da6a71bb2125a12792c61f2ce5676874b8fbe7667c51dcc4a60f19b2de1b39c0

Download Submit
C:\Windows\system\JTPEcqw.exe

Filesize
6.0MB

MD5
d58eb9893fab3280fa02e962e3a94519

SHA1
f02b47a41217ff64f31439c0ad88ccc6149d62cf

SHA256
2c30d01504b7c17d7c50b99d93b62c295d29e588c26cc83da43fab8a3a538dee

SHA512
eda3931107328225ed43ec0d761d11553231e39e5f54e0da83c86d5763e673ab92fd908650048fa9c9603491478fc44fc311608ec53951b8cf5a5cb12df12ab0

Download Submit
C:\Windows\system\OjqMVUW.exe

Filesize
6.0MB

MD5
5dfec4be95ff8e57440fe4c8e3f421e0

SHA1
d1da8c567901d5dc63a435e0cfe7d3b404febc1b

SHA256
bcbb8fa4d27939497480d8685783cf66610736156b3727377a8bfd94e23fd4ef

SHA512
694e221769030daf4c1b5b93e05f11d398ad55dccd4f5ce16e8c9569a19d56c8d66460bd1526683f5921706c817e0ed5d7ccc47ac9a2fd8202f9b960e9c7badf

Download Submit
C:\Windows\system\PJwkCNk.exe

Filesize
6.0MB

MD5
f27dc6f90a55b4897c600f9a2e53e0b4

SHA1
604e18738764b4d8161972cba3085866ebf9f20e

SHA256
665425f22b71bb118ca46551c654787ba196650851c7ac996d35747cdf3f43ed

SHA512
5391bce890eaf967e752f375e886b81fb0e865c35cc0e2c0ed20fc75e59b6cbc77ceb4e7e6c9725693cff9c6e2f391f70f2ea4593d9649d711a28c04ab9755f4

Download Submit
C:\Windows\system\QnoBdLw.exe

Filesize
6.0MB

MD5
c714a38ecce95abfd925b2b70921eda0

SHA1
f6f464023119f1666ced2e1a299f12f4979e80ab

SHA256
50e56ed8431dc965bdaeee38ae1ff54699a0bf1678b606f73609b1b28b4c002d

SHA512
e84b5165205f930a6c63b9942d76c6f1bc6f17026cd667684260398734f0e11867dc79c40969573a6877e92937f8c0608bd3b03c0008479edf3e53f19a8c88a6

Download Submit
C:\Windows\system\SmSyNsm.exe

Filesize
6.0MB

MD5
04d3ebafe968f7565f30fd686d4375ce

SHA1
257f1250f45177dcae42275ca0e6ce0aa87c7b1e

SHA256
dbddeccb6f6f9359406cc266a19e51a91710959e4befd62722088b165c518e2a

SHA512
e122f820169dabb4c31ccfbba287b82f0522b345966e9f095a6f3a155b07dbba4b9c0e7fe6dc5526d35ded8e5bb60f79dddb64d39e9ff9e9faec3745e15787ef

Download Submit
C:\Windows\system\TEiDFQH.exe

Filesize
6.0MB

MD5
ef7b7e6186ee92ceef24e5956d46facb

SHA1
7e99c2858bd3e0f3e9ad949061ba96bb8ac7e90b

SHA256
3e03a72b09e7fd59b9a1b280c6a0e3098430ce8351c8a83a9f3319280f3b6de1

SHA512
0afff88d783368ccdab61571c357ec476d6ac54deec22f0d27d9743b3a09f63c09d9d3f8a167d260291dcb9097549a7ced3d07fa965667390d3106fe64f51833

Download Submit
C:\Windows\system\URKPRnH.exe

Filesize
6.0MB

MD5
790a87042b2c6c78d058b4b11b000b15

SHA1
bc0bf8ead8f02cb2ddce4740c5f42093ed24bd1e

SHA256
a2e4ebc429fccd5d9bf6ac6282257973d534f7e0b75a9937776243f27b2b21d7

SHA512
88cd29ae613e6b10205cdc27413bcc2610616e51647ad95c91c5091f3e4d3c5789d3d30fde9fa59ac54d7e54f6f86f2f6a6c0742bf0eb2f7c102a1f13d785795

Download Submit
C:\Windows\system\VPRxonf.exe

Filesize
6.0MB

MD5
0284a11bc8e4cb3f25a3b1377333ee5b

SHA1
abf8138b0d84c4d585ac0b72da3114c04a4f1836

SHA256
21149bfed6a3bbce31982bba7cae261f44b2514e9c4ecc697a571f0784e2f110

SHA512
7a92245e6b76a64351cf67b724719d90e58c0aa4d3bcf79f9a20f419d765902f1c6f3f8988e5cf445e9017ce7e3d7e4b54edda8b3f1243dea36dc2a7fc2fd0fa

Download Submit
C:\Windows\system\VbvOqug.exe

Filesize
6.0MB

MD5
aa8900ecf18722816a30f3477b2a5295

SHA1
e7ba5f2e943d0bdbd965edf5319f7985c1a08906

SHA256
8b5d90915b5868a41e869ffcdbd883e38edf0b04c7a1764cc3702eea093b75dc

SHA512
3e122eddd00adcff5e187f7cc29c5fce8e3efc536bbcf3a79665aedfced6f01b24a74f5b7732882ac165cf9bf17f25c4aef666c98f544a6f717a5fed021037d2

Download Submit
C:\Windows\system\iIolAIb.exe

Filesize
6.0MB

MD5
e124ed0ee5d0e427146e07588cdaa508

SHA1
5e51c19487ea836429ed8c6be4d87619a3b991c9

SHA256
b48775d6bc4f45d36d8540c399d7a14b7cd1a9e15735a4872eeab77c6d17cb27

SHA512
0457bce63e9117548455fd95a56dc966f9686a4d67d620a6e489dbc826c279f5798be14b310856b9d84f1e93611a0a4c94f7345fa9f69578a636aae036bd2002

Download Submit
C:\Windows\system\jdQliIL.exe

Filesize
6.0MB

MD5
084b1f3e953f133aab3ffea2306610ec

SHA1
1c85e8d08ccbe0890dac9260a5e7fe2ffc29f833

SHA256
b3f509fffc708fda617e2b8a6002b984084d28ce1a56d610147b4f35bb626309

SHA512
4d49213e58dbeb2f72659bd1b9a523a70657b790b7ede09759716ff30af571c4cd7ed3793161c9a220ef445c2adbe82df9455853ce0d90fea62c7dd7e6303e19

Download Submit
C:\Windows\system\lRknYxs.exe

Filesize
6.0MB

MD5
4a68a304c2ca25bd14db8facaedafd8a

SHA1
7509258823e7139eb361b064d47f6b726fe2ea7c

SHA256
1611d6d4b6c2ae3931e1bb49b8a1e063054dd27f2599c250d7b985f4c67566ab

SHA512
f683126978bbbce4e95ea38d30b29e4606c59402d39fedcb3a3c03824421c2bed928ab6f00654391ebba86b03bda91945a04d265b2ed0b6e946615001fed7580

Download Submit
C:\Windows\system\mdtmCcm.exe

Filesize
6.0MB

MD5
6f14c5d9de3c1b148f737574b197d2bd

SHA1
e7c561bd316bceca2e3d0752469bcc4afbca7131

SHA256
3e47d649496be1be1a0bb9565e4e11774df297346bdf3d127164e32b6d6313a9

SHA512
0e514add85b97623afbfd344f0f47921620f579b01bed721a0d9a19c65775c6b24e2b34d4e0a5a9835ce8817ad8b255769cae4bd87c7c7e1859bbe78e8f2472b

Download Submit
C:\Windows\system\qJWdCWN.exe

Filesize
6.0MB

MD5
32e079d313d5b40b2ba593afa4e6a849

SHA1
07454a4e76b71a258d98385533af417cba12a10c

SHA256
cccc0d1c338622936d604b3ec7fa62e9886803d52dda0e4b67b991da23706921

SHA512
52f6177fd9d31e0257e46af9b15512ef87293c8230a1a2f54820faa7d7b3571333c14e71590909903d55ca17b32140623c36c189e2e6ee40d79ce1b6f7eb4f19

Download Submit
C:\Windows\system\qlVJKlU.exe

Filesize
6.0MB

MD5
c6987b72656c394f2ea847adb2966b27

SHA1
8e3680182bf13a654a7a87e84a69809fdc93b3c8

SHA256
676d7aad79f7208054d396c3afbd51a6374102aa05b342c540d54e5d66159825

SHA512
8e0bf30d282c727079dd0ab505d649b25203d223b3e9ca10dbf27dd765f5b63de948168c253771945fdce2e0f0101f061a362d9ca840fb9e6b6a41691b6aede8

Download Submit
C:\Windows\system\rTsfAjz.exe

Filesize
6.0MB

MD5
29eb2d8cd7fd5f2068961010afdb15ba

SHA1
cefbc60ea34a6bba0c1d13d823cab5076279f483

SHA256
2ff3192c86b5c8ec29e565cb1ad711837a50ebe9d09c5efcf6e570436098d8e3

SHA512
fe3f4c22820058a860fc609226c4e5d1ebdd81876d31a393d222a4640a3480629536295e3977245919c3574ff3611f667968fe9a83724e1dde6ba03ea185fcea

Download Submit
C:\Windows\system\slCjaMX.exe

Filesize
6.0MB

MD5
fab7fbe31f08e72c04e11c89fae4604c

SHA1
d8e7db4b7ec395261f14b8e739e6a1d3fd3c7150

SHA256
46af5250b423e5788cf7c288264ba0f2db5fd2985b5f057ae7c3a27065a755a3

SHA512
928785fd0a72db8f8d1a7bf22cd405398f40e22d5cc504c2b1ae29aa8f49fdd5e9dc973e52ad63e36014e75527b6761b8819d0e90ddbff4e5ddc201fe8ee2455

Download Submit
C:\Windows\system\zSYTBSF.exe

Filesize
6.0MB

MD5
69c13566c785f1a6a805a0954fb9c81d

SHA1
be4178639bcaa212837f0487e91dae47f7b14f8c

SHA256
6826b11cbc3db02b0a532d90cab60e65bd557d9eebb5c4bd7c5518c4ec288d8f

SHA512
b09d6e8e957d29d7342eff271bf6a8f438894bf5342434a0ed1ed87ab24fd165472873398d5052028f8c431fedef4659f3cc51620d7db5380ce334f207004472

Download Submit
C:\Windows\system\zffrPkY.exe

Filesize
6.0MB

MD5
8ef183da123a56059ce46f0c56437dd0

SHA1
9b32219147fd3e155665f3dc1632092474c50dbc

SHA256
b91c1006972670d047dcfa1be25b9e179fd3cfbdaea3d9de8dbcb3fef3f1337b

SHA512
d8e12e11e11524edef4009bcd7d0a7d34495ef71ca612ab31c07d6d0d17135c74dfd543afcbbb57a5df7639a622e1bbb5776f19daa72be4da80811725dd9ef63

Download Submit
\Windows\system\CtWZshC.exe

Filesize
6.0MB

MD5
135c7e7a8b085b96a26e34c065b8dbc7

SHA1
3c31f8e68340872788c1917dec8991fddee154ea

SHA256
74693cb447c98d4013d0931f4e7f3a9c4e6d874547fb4314a005eee19301568d

SHA512
df56364103d498a2ac9bda643a43454ef3fd665a02e88415f11f221e7d507f94ba1aa9a9e02e1bcf0e29e24844e389fce08891d43ef79eb0acb1f18fc6cb22c5

Download Submit
\Windows\system\DdkdHFe.exe

Filesize
6.0MB

MD5
d24c94de299789c43e5725c81200805a

SHA1
42f296b9f82eff52b15bf5ebffeeb0be01b24738

SHA256
a194bef1897aaf6176b765f3a5332cc20334a3b87141ef1924c72e2d622523ee

SHA512
63ef23b46f388462476468c57cc23b379883284ddd39e2cae9ef4c4e21611a754f8b0bef5447ccbdf48f562f6c69eec9c04dab5ab26cde02c52d8f7f96f9ab0b

Download Submit
\Windows\system\HUDWDaS.exe

Filesize
6.0MB

MD5
4dedbbafaad90299c31e82f9bb2c3dda

SHA1
c21c871486d6f7e9ef916d0d756f25b6e3a2f1d4

SHA256
45b5c806c92404ba95b8d578d193fde2b66463615e1f2f89c10ce42a0b553e8b

SHA512
269f8a61ed0b7f11d9ce8555b5e5b443fce38ae7cb167926680f424d060355668d2bce999933bc5ff25c7bf405a1642f0debc114de105f5c1df9e488172cf0c0

Download Submit
\Windows\system\JvcoRwo.exe

Filesize
6.0MB

MD5
418fec034295be8487990459ba48407c

SHA1
a632220f8f0d8af80304cf3a580f9e2ac53a310e

SHA256
043bc3e578db3acc4a3d171858054f0f82ff325bb0afef8827cf44094a0bf183

SHA512
2b7d77486a3d91e59fa3c9aa42f05a4e790b398e1d6449c8ab49d8cbd2105a90a65ad4dc53de0c371e968c8b0c661f4ea429481160e60b452dc634ef0e613052

Download Submit
\Windows\system\NEtDXSC.exe

Filesize
6.0MB

MD5
047c96aab09a90d11f1e26ce7825d636

SHA1
b54041c159d7207020b4a63ac68cbbb8f06dbc16

SHA256
bb88e2621c1eadadfa3588ed20f4ee648f128175c088304bdeb7861a45b21f4f

SHA512
9b240b433a15e89cc4745e6b2006d976a3f5699044cb65fb782242f02afb1ec2edc1d5dfaa62f9edd063381cc0182661515f69097795535a41e37aff4b0061da

Download Submit
\Windows\system\PErFnOS.exe

Filesize
6.0MB

MD5
c1b9559851267d94e1ea40aff0b5b115

SHA1
d020d3907f73036c17db6fde0bfffb1c9755cdbf

SHA256
38c39ae69bb9cf3c05ce822b8f1bfa94bfea2a38e4ecef591ffa863d050f4ff0

SHA512
a8d70e98d6327f48fb1ea1b812515b32c067f248e4f90c2892fb629a4c19ea078f4d0f6d845d089957b2e6af4bf84f3bbc0695f07e6e1b170cea5c11b047c6f3

Download Submit
\Windows\system\PLOHlEE.exe

Filesize
6.0MB

MD5
75d9180adb9959a7d2ebac149b819200

SHA1
3ebaee21562f294232f1ad311dad98bd4fdc1244

SHA256
4c6a229ab8291aa865347d9f9e51b585a940620456e78f9b699fbf48f67a1e19

SHA512
007ff7821d12d1e14da99f9e6c1e05e643eadbee46f69bdd035fe2259338225f8ab978c3b8a3558bc1a89432b9d287463a677ec93b3725e3a520ab8f6affc936

Download Submit
\Windows\system\UAFNIBy.exe

Filesize
6.0MB

MD5
e5fbdfaa8b9cf3ee3a86894241620600

SHA1
ebda9e4611c4c71856f14ff49df0939b6c346f7c

SHA256
91b1f1359bc775679192d021424897c27dd061e94214c153fe6b0de4336f920a

SHA512
50925b9f53af33c413ad7b746a09cc32388b22627907db17417dc6dab065028768f4131b201948179633b0797783bc1597bf0a919c0b128b59a4240d97cd39d2

Download Submit
\Windows\system\bTOsuxw.exe

Filesize
6.0MB

MD5
ed79277951fad6877ea51f83a4ea591a

SHA1
f23c5eb00e22721cd7ced2a25ae13274dbb734be

SHA256
4ee073f6ca44212e8f1f053ae39200b1ffac62b5ca46dd4bd8316a72c34d38f0

SHA512
6e10ba174d1c9faf4f44a6a91fc97478b735635109573fda78b7b69a625b8de6341eabf87140e80a4bc3abe80fd62ace9861f5fd17f6863dc509cbdde10be496

Download Submit
\Windows\system\cSmYnHx.exe

Filesize
6.0MB

MD5
9ad428d5171245994cf3baef1f0699ec

SHA1
e416a34bde27fe0c05944574839e07d2046dfcde

SHA256
d74bd9a0eba18605fd293e25de3ba6036f6263c470aea3c1800be382d845da4a

SHA512
c82894fb081482808f989fcbc2aa4483d1fc57270c752caba6f0652dffe3bf2e174abc7509a9bb995879a0822c704720bab892dd42cde4ca1f8604eeb665a7d7

Download Submit
\Windows\system\dSxOOGp.exe

Filesize
6.0MB

MD5
c1011beff9f35f346775fce7ed93b8e7

SHA1
510e1092ca184c38366c6fda7cea884b71a783e8

SHA256
77b8e38d60548596b58ad2661e2b4720b2ef906f0d69adaa438102ffd2a9771d

SHA512
d0605de8870d9bdf1272b5e641db2517238da8138c1c7ad34b68a26f1e7d733ff5fdfbd54d701f6df6133cb7229823b93e086587c8caa67fc62edce2fc62cffd

Download Submit
\Windows\system\eBhYlTU.exe

Filesize
6.0MB

MD5
27622db186b75bd9fef3dd370f1244a9

SHA1
efff32e6dfc49d424aefbf1af49317f3f9d1669e

SHA256
204a5673969fb20438f11bc2d946da529205221b5f4a8a796fac10aec6d99bd4

SHA512
96568689d1ad7373e869baca5193852e0ddcc781795641747a3c6c631153618f7c92f49e41691084f403aba4ae710f4e4a3703234faa03d6b4894a5fb7f8a135

Download Submit
\Windows\system\wVPdKhD.exe

Filesize
6.0MB

MD5
da5ea75f072a87f7073dce34dd61e7c9

SHA1
ad82d113943c20d85f9989f5660cf7cc947b3931

SHA256
19389653c10a22693ba1a8eab940298caf91049c3ede2488198ea395e80b15bc

SHA512
769e172483eaee43f3e1dd1f9091598e33b53046ece9dd6a913db4fa3ce71aac4889990ffc7fefdaca1bdb66829c344c25a3cf00580ab6d44068a139b3841c0c

Download Submit
memory/536-4003-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/536-132-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/796-4004-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/796-123-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/804-25-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1660-3973-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1660-116-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2016-95-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-3970-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-916-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-89-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-124-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-1160-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-122-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2056-1033-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-119-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2056-118-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2056-1-0x0000000001B20000-0x0000000001B30000-memory.dmp

Filesize
64KB

Download
memory/2056-917-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-18-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-99-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-112-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2056-101-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-88-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-44-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2056-31-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-1320-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-64-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2056-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-128-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2056-46-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2360-29-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-3971-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-136-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2756-83-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1034-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3976-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2820-77-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2848-58-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3974-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3972-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-91-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-36-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3975-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download