cobaltstrike | 7355bcd959165a206bfc26d025afcbf97c86497b33ae32a0a46bd14016eba540

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
31/01/2025, 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4f9f5deebea664f5687b0225b6a5e201
SHA1

1030b25048ed80c8df5687590471d8b072fff9f7
SHA256

7355bcd959165a206bfc26d025afcbf97c86497b33ae32a0a46bd14016eba540
SHA512

7536a45281a4a2b416cb0d557d9910a2408a5e496a5301829f08ea2cb768db680f3c1b6faf415952a39e31d820a9bef994e036c16ea5176387971163a8f08fe9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012260-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf0-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5a-26.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-104.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018634-54.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ccd-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-62.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016f45-46.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016e1d-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d49-11.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2368-0-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x000b000000012260-3.dat	xmrig
behavioral1/memory/2348-8-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cf0-9.dat	xmrig
behavioral1/memory/1228-14-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d71-32.dat	xmrig
behavioral1/files/0x0007000000016d5a-26.dat	xmrig
behavioral1/memory/2928-35-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2012-41-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ce-104.dat	xmrig
behavioral1/files/0x0007000000018634-54.dat	xmrig
behavioral1/files/0x0009000000016ccd-126.dat	xmrig
behavioral1/files/0x0005000000019c0b-160.dat	xmrig
behavioral1/memory/2800-339-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2368-338-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2132-818-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2760-817-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2908-727-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2368-724-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2780-540-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2944-460-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cfc-168.dat	xmrig
behavioral1/files/0x0005000000019cd5-164.dat	xmrig
behavioral1/files/0x0005000000019bf0-153.dat	xmrig
behavioral1/files/0x0005000000019bf2-156.dat	xmrig
behavioral1/files/0x0005000000019bec-148.dat	xmrig
behavioral1/files/0x0005000000019931-144.dat	xmrig
behavioral1/files/0x00050000000196a0-140.dat	xmrig
behavioral1/files/0x0005000000019665-136.dat	xmrig
behavioral1/files/0x0005000000019624-132.dat	xmrig
behavioral1/files/0x00050000000195e0-125.dat	xmrig
behavioral1/files/0x00050000000195d0-121.dat	xmrig
behavioral1/files/0x00050000000195cc-120.dat	xmrig
behavioral1/files/0x00050000000195c8-119.dat	xmrig
behavioral1/files/0x00050000000195c6-118.dat	xmrig
behavioral1/files/0x00050000000195c2-117.dat	xmrig
behavioral1/files/0x00050000000194e2-116.dat	xmrig
behavioral1/memory/2012-115-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2760-103-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ca-102.dat	xmrig
behavioral1/files/0x00050000000195c7-94.dat	xmrig
behavioral1/files/0x00050000000195c4-85.dat	xmrig
behavioral1/memory/1752-83-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x000500000001958b-81.dat	xmrig
behavioral1/memory/2780-64-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x000500000001948d-62.dat	xmrig
behavioral1/memory/2928-108-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2132-107-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2908-89-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2944-59-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/1228-51-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2800-49-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2368-48-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2348-47-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016f45-46.dat	xmrig
behavioral1/memory/2368-40-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x000a000000016e1d-38.dat	xmrig
behavioral1/memory/1752-31-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2196-22-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d49-11.dat	xmrig
behavioral1/memory/2196-3001-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2348-3014-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2944-3017-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2928-3016-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2348	jGaYExt.exe
1228	fxAcnGw.exe
2196	wyibVWo.exe
1752	atZkfKK.exe
2928	pKHFTaV.exe
2012	rTPvpgJ.exe
2800	MJafMwj.exe
2944	EQZetIF.exe
2780	WryTmuw.exe
2908	GrxUfXI.exe
2760	NFFkxXT.exe
2132	BLQEMCa.exe
2092	DUHnYxa.exe
1732	nicozMX.exe
2940	ZZSZXdX.exe
2700	xQxhpgT.exe
2556	zZcEQNl.exe
2732	PdmIjnd.exe
1496	eAmuPdx.exe
860	bMBomWF.exe
768	bcuLXxR.exe
1984	qxurYMU.exe
1456	uaoAAPJ.exe
1588	FDMlydB.exe
2620	vyYspif.exe
2868	DYVUBbz.exe
1908	dJmthBd.exe
2276	mUhFrSJ.exe
2900	LfstuoF.exe
2240	psLBrlx.exe
2848	tftPXXh.exe
2160	vNXzjsD.exe
1088	WZUjNnC.exe
1740	SxSmrfm.exe
1660	GUrCBNJ.exe
2844	XtogcfR.exe
1136	HlfiJev.exe
848	ntkUnhB.exe
1772	zrztYxs.exe
828	SinWgiJ.exe
1352	EfnFMFK.exe
2404	pTsgyKS.exe
1324	eYxopQp.exe
620	kFiubcc.exe
1204	jECvRKD.exe
1532	IpPHSpg.exe
2016	HMpkzDt.exe
1356	pAmSxUI.exe
1852	VHBWTZV.exe
952	UjVZhuF.exe
2236	xQTpFwv.exe
1816	zZhLKeV.exe
2020	CjjqeQc.exe
1648	VLvdgkp.exe
1820	dQYZuVk.exe
560	eMWJFPJ.exe
2216	cqorHUr.exe
1964	UFTVEBb.exe
320	tWxeXDc.exe
2468	emlGipV.exe
1508	iBOEPIA.exe
1504	pDHKMqd.exe
784	KMWLEdc.exe
540	rgEYzbs.exe

Loads dropped DLL 64 IoCs

pid	Process
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-0-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x000b000000012260-3.dat	upx
behavioral1/memory/2348-8-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x0008000000016cf0-9.dat	upx
behavioral1/memory/1228-14-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x0007000000016d71-32.dat	upx
behavioral1/files/0x0007000000016d5a-26.dat	upx
behavioral1/memory/2928-35-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2012-41-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x00050000000195ce-104.dat	upx
behavioral1/files/0x0007000000018634-54.dat	upx
behavioral1/files/0x0009000000016ccd-126.dat	upx
behavioral1/files/0x0005000000019c0b-160.dat	upx
behavioral1/memory/2800-339-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2132-818-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2760-817-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2908-727-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2780-540-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2944-460-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0005000000019cfc-168.dat	upx
behavioral1/files/0x0005000000019cd5-164.dat	upx
behavioral1/files/0x0005000000019bf0-153.dat	upx
behavioral1/files/0x0005000000019bf2-156.dat	upx
behavioral1/files/0x0005000000019bec-148.dat	upx
behavioral1/files/0x0005000000019931-144.dat	upx
behavioral1/files/0x00050000000196a0-140.dat	upx
behavioral1/files/0x0005000000019665-136.dat	upx
behavioral1/files/0x0005000000019624-132.dat	upx
behavioral1/files/0x00050000000195e0-125.dat	upx
behavioral1/files/0x00050000000195d0-121.dat	upx
behavioral1/files/0x00050000000195cc-120.dat	upx
behavioral1/files/0x00050000000195c8-119.dat	upx
behavioral1/files/0x00050000000195c6-118.dat	upx
behavioral1/files/0x00050000000195c2-117.dat	upx
behavioral1/files/0x00050000000194e2-116.dat	upx
behavioral1/memory/2012-115-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2760-103-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x00050000000195ca-102.dat	upx
behavioral1/files/0x00050000000195c7-94.dat	upx
behavioral1/files/0x00050000000195c4-85.dat	upx
behavioral1/memory/1752-83-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x000500000001958b-81.dat	upx
behavioral1/memory/2780-64-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x000500000001948d-62.dat	upx
behavioral1/memory/2928-108-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2132-107-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2908-89-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2944-59-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/1228-51-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2800-49-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2348-47-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x0009000000016f45-46.dat	upx
behavioral1/memory/2368-40-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x000a000000016e1d-38.dat	upx
behavioral1/memory/1752-31-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2196-22-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x0007000000016d49-11.dat	upx
behavioral1/memory/2196-3001-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2348-3014-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2944-3017-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2928-3016-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/1228-3013-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/1752-3063-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2012-3058-0x000000013FED0000-0x0000000140224000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XtogcfR.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XNEGpdt.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\muoQWBS.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vcNACdj.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUCfRZL.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjjqeQc.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHFfhvA.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRlESPB.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KorpEpn.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HthfNqW.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StTzrKU.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKQDPHA.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHnSyGL.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMRttOJ.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MATckpS.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqpeyZJ.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvIZvEM.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuTstJU.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekPpIrw.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwbXtDw.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuXxjJz.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nlZJUvF.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixHOLKv.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFaOoIx.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwesXAV.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLciBkj.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrbOsAU.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPzqmxE.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXPHjXt.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUdHPYx.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgNKIZc.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuAloHU.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EDbJgfn.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKXiVEK.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tBNywbu.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYdwntF.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCQwZwE.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLvFNaY.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amaLTfu.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTPvpgJ.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ryjfxmh.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfRivVN.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZzcEiq.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\seoGKOu.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYBUphp.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxdGKhV.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wILoyCz.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYIBDEu.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgalxDt.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQeFjaJ.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDchgAF.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRHBlHK.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TgjUxoF.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTQCsXP.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBuWTJA.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GnxEbvZ.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeqtvIh.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTjOLiH.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oizuWTf.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDWlOrV.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIUhyjH.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJjeUUw.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYfuGbB.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfYpgDz.exe	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2348	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 2348	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 2348	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2368 wrote to memory of 1228	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 1228	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 1228	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2368 wrote to memory of 2196	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 2196	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 2196	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2368 wrote to memory of 1752	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 1752	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 1752	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2368 wrote to memory of 2928	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2928	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2928	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2368 wrote to memory of 2012	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2012	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2012	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2368 wrote to memory of 2800	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2800	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2800	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2368 wrote to memory of 2944	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2944	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2944	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2368 wrote to memory of 2780	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2780	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2780	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2368 wrote to memory of 2940	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 2940	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 2940	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2368 wrote to memory of 2908	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 2908	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 2908	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2368 wrote to memory of 2700	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 2700	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 2700	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2368 wrote to memory of 2760	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 2760	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 2760	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2368 wrote to memory of 2556	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2556	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2556	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2368 wrote to memory of 2132	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2132	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2132	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2368 wrote to memory of 2732	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 2732	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 2732	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2368 wrote to memory of 2092	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 2092	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 2092	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2368 wrote to memory of 1496	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 1496	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 1496	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2368 wrote to memory of 1732	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 1732	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 1732	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2368 wrote to memory of 860	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 860	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 860	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2368 wrote to memory of 768	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 768	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 768	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2368 wrote to memory of 1984	2368	2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_4f9f5deebea664f5687b0225b6a5e201_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\System\jGaYExt.exe
  C:\Windows\System\jGaYExt.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\fxAcnGw.exe
  C:\Windows\System\fxAcnGw.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\wyibVWo.exe
  C:\Windows\System\wyibVWo.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\atZkfKK.exe
  C:\Windows\System\atZkfKK.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\pKHFTaV.exe
  C:\Windows\System\pKHFTaV.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\rTPvpgJ.exe
  C:\Windows\System\rTPvpgJ.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\MJafMwj.exe
  C:\Windows\System\MJafMwj.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\EQZetIF.exe
  C:\Windows\System\EQZetIF.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\WryTmuw.exe
  C:\Windows\System\WryTmuw.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ZZSZXdX.exe
  C:\Windows\System\ZZSZXdX.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\GrxUfXI.exe
  C:\Windows\System\GrxUfXI.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\xQxhpgT.exe
  C:\Windows\System\xQxhpgT.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\NFFkxXT.exe
  C:\Windows\System\NFFkxXT.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\zZcEQNl.exe
  C:\Windows\System\zZcEQNl.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\BLQEMCa.exe
  C:\Windows\System\BLQEMCa.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\PdmIjnd.exe
  C:\Windows\System\PdmIjnd.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\DUHnYxa.exe
  C:\Windows\System\DUHnYxa.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\eAmuPdx.exe
  C:\Windows\System\eAmuPdx.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\nicozMX.exe
  C:\Windows\System\nicozMX.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\bMBomWF.exe
  C:\Windows\System\bMBomWF.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\bcuLXxR.exe
  C:\Windows\System\bcuLXxR.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\qxurYMU.exe
  C:\Windows\System\qxurYMU.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\uaoAAPJ.exe
  C:\Windows\System\uaoAAPJ.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\FDMlydB.exe
  C:\Windows\System\FDMlydB.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\vyYspif.exe
  C:\Windows\System\vyYspif.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\DYVUBbz.exe
  C:\Windows\System\DYVUBbz.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\dJmthBd.exe
  C:\Windows\System\dJmthBd.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\mUhFrSJ.exe
  C:\Windows\System\mUhFrSJ.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\LfstuoF.exe
  C:\Windows\System\LfstuoF.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\psLBrlx.exe
  C:\Windows\System\psLBrlx.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\tftPXXh.exe
  C:\Windows\System\tftPXXh.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\vNXzjsD.exe
  C:\Windows\System\vNXzjsD.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\WZUjNnC.exe
  C:\Windows\System\WZUjNnC.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\SxSmrfm.exe
  C:\Windows\System\SxSmrfm.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\GUrCBNJ.exe
  C:\Windows\System\GUrCBNJ.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\XtogcfR.exe
  C:\Windows\System\XtogcfR.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\HlfiJev.exe
  C:\Windows\System\HlfiJev.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\ntkUnhB.exe
  C:\Windows\System\ntkUnhB.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\zrztYxs.exe
  C:\Windows\System\zrztYxs.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\EfnFMFK.exe
  C:\Windows\System\EfnFMFK.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\SinWgiJ.exe
  C:\Windows\System\SinWgiJ.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\pTsgyKS.exe
  C:\Windows\System\pTsgyKS.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\eYxopQp.exe
  C:\Windows\System\eYxopQp.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\kFiubcc.exe
  C:\Windows\System\kFiubcc.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\jECvRKD.exe
  C:\Windows\System\jECvRKD.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\IpPHSpg.exe
  C:\Windows\System\IpPHSpg.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\HMpkzDt.exe
  C:\Windows\System\HMpkzDt.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\pAmSxUI.exe
  C:\Windows\System\pAmSxUI.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\VHBWTZV.exe
  C:\Windows\System\VHBWTZV.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\UjVZhuF.exe
  C:\Windows\System\UjVZhuF.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\xQTpFwv.exe
  C:\Windows\System\xQTpFwv.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\zZhLKeV.exe
  C:\Windows\System\zZhLKeV.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\CjjqeQc.exe
  C:\Windows\System\CjjqeQc.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\VLvdgkp.exe
  C:\Windows\System\VLvdgkp.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\dQYZuVk.exe
  C:\Windows\System\dQYZuVk.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\eMWJFPJ.exe
  C:\Windows\System\eMWJFPJ.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\cqorHUr.exe
  C:\Windows\System\cqorHUr.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\UFTVEBb.exe
  C:\Windows\System\UFTVEBb.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\tWxeXDc.exe
  C:\Windows\System\tWxeXDc.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\emlGipV.exe
  C:\Windows\System\emlGipV.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\iBOEPIA.exe
  C:\Windows\System\iBOEPIA.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\pDHKMqd.exe
  C:\Windows\System\pDHKMqd.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\KMWLEdc.exe
  C:\Windows\System\KMWLEdc.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\rgEYzbs.exe
  C:\Windows\System\rgEYzbs.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\vVLgSiX.exe
  C:\Windows\System\vVLgSiX.exe
  2⤵
  PID:1576
- C:\Windows\System\TvISniN.exe
  C:\Windows\System\TvISniN.exe
  2⤵
  PID:1972
- C:\Windows\System\ZYQXcZL.exe
  C:\Windows\System\ZYQXcZL.exe
  2⤵
  PID:2316
- C:\Windows\System\VpwgiWS.exe
  C:\Windows\System\VpwgiWS.exe
  2⤵
  PID:1968
- C:\Windows\System\IhZYqEI.exe
  C:\Windows\System\IhZYqEI.exe
  2⤵
  PID:2056
- C:\Windows\System\qcSQOUn.exe
  C:\Windows\System\qcSQOUn.exe
  2⤵
  PID:2744
- C:\Windows\System\YqHwYjn.exe
  C:\Windows\System\YqHwYjn.exe
  2⤵
  PID:2808
- C:\Windows\System\CGJdTfH.exe
  C:\Windows\System\CGJdTfH.exe
  2⤵
  PID:2584
- C:\Windows\System\CnOzLbC.exe
  C:\Windows\System\CnOzLbC.exe
  2⤵
  PID:2792
- C:\Windows\System\rIqwGaN.exe
  C:\Windows\System\rIqwGaN.exe
  2⤵
  PID:696
- C:\Windows\System\emneOST.exe
  C:\Windows\System\emneOST.exe
  2⤵
  PID:2084
- C:\Windows\System\PrqjyhP.exe
  C:\Windows\System\PrqjyhP.exe
  2⤵
  PID:2596
- C:\Windows\System\JNylIXS.exe
  C:\Windows\System\JNylIXS.exe
  2⤵
  PID:2592
- C:\Windows\System\YjMxmAS.exe
  C:\Windows\System\YjMxmAS.exe
  2⤵
  PID:2496
- C:\Windows\System\GEFgJXw.exe
  C:\Windows\System\GEFgJXw.exe
  2⤵
  PID:1316
- C:\Windows\System\ZOiogQi.exe
  C:\Windows\System\ZOiogQi.exe
  2⤵
  PID:1160
- C:\Windows\System\uheyIMI.exe
  C:\Windows\System\uheyIMI.exe
  2⤵
  PID:2884
- C:\Windows\System\gpuhMQx.exe
  C:\Windows\System\gpuhMQx.exe
  2⤵
  PID:2912
- C:\Windows\System\xdoCQtX.exe
  C:\Windows\System\xdoCQtX.exe
  2⤵
  PID:2996
- C:\Windows\System\MoQRxvn.exe
  C:\Windows\System\MoQRxvn.exe
  2⤵
  PID:2904
- C:\Windows\System\zxwllFS.exe
  C:\Windows\System\zxwllFS.exe
  2⤵
  PID:1892
- C:\Windows\System\soLEvrm.exe
  C:\Windows\System\soLEvrm.exe
  2⤵
  PID:1796
- C:\Windows\System\bTjOLiH.exe
  C:\Windows\System\bTjOLiH.exe
  2⤵
  PID:1592
- C:\Windows\System\IvwcAbK.exe
  C:\Windows\System\IvwcAbK.exe
  2⤵
  PID:1720
- C:\Windows\System\jZWkAOe.exe
  C:\Windows\System\jZWkAOe.exe
  2⤵
  PID:1624
- C:\Windows\System\cGWsZsI.exe
  C:\Windows\System\cGWsZsI.exe
  2⤵
  PID:2080
- C:\Windows\System\QpoLmMY.exe
  C:\Windows\System\QpoLmMY.exe
  2⤵
  PID:2168
- C:\Windows\System\Yipnbvh.exe
  C:\Windows\System\Yipnbvh.exe
  2⤵
  PID:1564
- C:\Windows\System\cykhKoa.exe
  C:\Windows\System\cykhKoa.exe
  2⤵
  PID:1032
- C:\Windows\System\KemmgAi.exe
  C:\Windows\System\KemmgAi.exe
  2⤵
  PID:2416
- C:\Windows\System\Wvomair.exe
  C:\Windows\System\Wvomair.exe
  2⤵
  PID:760
- C:\Windows\System\WIbOIrO.exe
  C:\Windows\System\WIbOIrO.exe
  2⤵
  PID:3068
- C:\Windows\System\bKSnoHu.exe
  C:\Windows\System\bKSnoHu.exe
  2⤵
  PID:2440
- C:\Windows\System\AzYiKbq.exe
  C:\Windows\System\AzYiKbq.exe
  2⤵
  PID:1980
- C:\Windows\System\RxELCIL.exe
  C:\Windows\System\RxELCIL.exe
  2⤵
  PID:1560
- C:\Windows\System\mbERlev.exe
  C:\Windows\System\mbERlev.exe
  2⤵
  PID:2208
- C:\Windows\System\lOahcGT.exe
  C:\Windows\System\lOahcGT.exe
  2⤵
  PID:1708
- C:\Windows\System\jNQmllR.exe
  C:\Windows\System\jNQmllR.exe
  2⤵
  PID:2308
- C:\Windows\System\ShmNEVJ.exe
  C:\Windows\System\ShmNEVJ.exe
  2⤵
  PID:1996
- C:\Windows\System\ngsSwRI.exe
  C:\Windows\System\ngsSwRI.exe
  2⤵
  PID:2768
- C:\Windows\System\gHGRkgL.exe
  C:\Windows\System\gHGRkgL.exe
  2⤵
  PID:2736
- C:\Windows\System\fPnDuGK.exe
  C:\Windows\System\fPnDuGK.exe
  2⤵
  PID:2568
- C:\Windows\System\llaReKK.exe
  C:\Windows\System\llaReKK.exe
  2⤵
  PID:2624
- C:\Windows\System\INmqgfA.exe
  C:\Windows\System\INmqgfA.exe
  2⤵
  PID:500
- C:\Windows\System\kvRJjLB.exe
  C:\Windows\System\kvRJjLB.exe
  2⤵
  PID:1936
- C:\Windows\System\oIryImQ.exe
  C:\Windows\System\oIryImQ.exe
  2⤵
  PID:3084
- C:\Windows\System\CfrhBDZ.exe
  C:\Windows\System\CfrhBDZ.exe
  2⤵
  PID:3100
- C:\Windows\System\KuDlQEi.exe
  C:\Windows\System\KuDlQEi.exe
  2⤵
  PID:3116
- C:\Windows\System\gahOoAt.exe
  C:\Windows\System\gahOoAt.exe
  2⤵
  PID:3132
- C:\Windows\System\HLvVkxE.exe
  C:\Windows\System\HLvVkxE.exe
  2⤵
  PID:3148
- C:\Windows\System\fqWcYhG.exe
  C:\Windows\System\fqWcYhG.exe
  2⤵
  PID:3164
- C:\Windows\System\QfVxyeG.exe
  C:\Windows\System\QfVxyeG.exe
  2⤵
  PID:3180
- C:\Windows\System\xtdIdyG.exe
  C:\Windows\System\xtdIdyG.exe
  2⤵
  PID:3204
- C:\Windows\System\sBkrouJ.exe
  C:\Windows\System\sBkrouJ.exe
  2⤵
  PID:3220
- C:\Windows\System\UYOyNRu.exe
  C:\Windows\System\UYOyNRu.exe
  2⤵
  PID:3236
- C:\Windows\System\TYAumCd.exe
  C:\Windows\System\TYAumCd.exe
  2⤵
  PID:3252
- C:\Windows\System\atpnaiu.exe
  C:\Windows\System\atpnaiu.exe
  2⤵
  PID:3268
- C:\Windows\System\MATckpS.exe
  C:\Windows\System\MATckpS.exe
  2⤵
  PID:3284
- C:\Windows\System\veUdpVs.exe
  C:\Windows\System\veUdpVs.exe
  2⤵
  PID:3300
- C:\Windows\System\XlfXOTB.exe
  C:\Windows\System\XlfXOTB.exe
  2⤵
  PID:3316
- C:\Windows\System\dTEuZIY.exe
  C:\Windows\System\dTEuZIY.exe
  2⤵
  PID:3332
- C:\Windows\System\tBNywbu.exe
  C:\Windows\System\tBNywbu.exe
  2⤵
  PID:3348
- C:\Windows\System\cSmnskU.exe
  C:\Windows\System\cSmnskU.exe
  2⤵
  PID:3364
- C:\Windows\System\MMQqctw.exe
  C:\Windows\System\MMQqctw.exe
  2⤵
  PID:3380
- C:\Windows\System\UkiJvhx.exe
  C:\Windows\System\UkiJvhx.exe
  2⤵
  PID:3396
- C:\Windows\System\JtAYpuA.exe
  C:\Windows\System\JtAYpuA.exe
  2⤵
  PID:3412
- C:\Windows\System\mkyiftY.exe
  C:\Windows\System\mkyiftY.exe
  2⤵
  PID:3428
- C:\Windows\System\imhpoQy.exe
  C:\Windows\System\imhpoQy.exe
  2⤵
  PID:3444
- C:\Windows\System\prQvqeu.exe
  C:\Windows\System\prQvqeu.exe
  2⤵
  PID:3760
- C:\Windows\System\KeDmBrt.exe
  C:\Windows\System\KeDmBrt.exe
  2⤵
  PID:3784
- C:\Windows\System\FYdDbEc.exe
  C:\Windows\System\FYdDbEc.exe
  2⤵
  PID:3800
- C:\Windows\System\imAYPTz.exe
  C:\Windows\System\imAYPTz.exe
  2⤵
  PID:3816
- C:\Windows\System\iwnhCDk.exe
  C:\Windows\System\iwnhCDk.exe
  2⤵
  PID:3832
- C:\Windows\System\gxdGKhV.exe
  C:\Windows\System\gxdGKhV.exe
  2⤵
  PID:3848
- C:\Windows\System\xJsbPuB.exe
  C:\Windows\System\xJsbPuB.exe
  2⤵
  PID:3868
- C:\Windows\System\PLhDbBW.exe
  C:\Windows\System\PLhDbBW.exe
  2⤵
  PID:3884
- C:\Windows\System\cIWthhG.exe
  C:\Windows\System\cIWthhG.exe
  2⤵
  PID:3900
- C:\Windows\System\TyLfDKL.exe
  C:\Windows\System\TyLfDKL.exe
  2⤵
  PID:3916
- C:\Windows\System\tmEKcKL.exe
  C:\Windows\System\tmEKcKL.exe
  2⤵
  PID:3932
- C:\Windows\System\StTzrKU.exe
  C:\Windows\System\StTzrKU.exe
  2⤵
  PID:3948
- C:\Windows\System\femzbLG.exe
  C:\Windows\System\femzbLG.exe
  2⤵
  PID:3968
- C:\Windows\System\wtiCunH.exe
  C:\Windows\System\wtiCunH.exe
  2⤵
  PID:3984
- C:\Windows\System\hSVyqmU.exe
  C:\Windows\System\hSVyqmU.exe
  2⤵
  PID:4000
- C:\Windows\System\JFZxbCZ.exe
  C:\Windows\System\JFZxbCZ.exe
  2⤵
  PID:4016
- C:\Windows\System\NAqTRmw.exe
  C:\Windows\System\NAqTRmw.exe
  2⤵
  PID:4032
- C:\Windows\System\bpduMhk.exe
  C:\Windows\System\bpduMhk.exe
  2⤵
  PID:4048
- C:\Windows\System\YAkZczR.exe
  C:\Windows\System\YAkZczR.exe
  2⤵
  PID:4064
- C:\Windows\System\WyvPMyV.exe
  C:\Windows\System\WyvPMyV.exe
  2⤵
  PID:4080
- C:\Windows\System\DyqyXON.exe
  C:\Windows\System\DyqyXON.exe
  2⤵
  PID:2740
- C:\Windows\System\gXqnODY.exe
  C:\Windows\System\gXqnODY.exe
  2⤵
  PID:2392
- C:\Windows\System\tOnqEAZ.exe
  C:\Windows\System\tOnqEAZ.exe
  2⤵
  PID:796
- C:\Windows\System\AizfiaK.exe
  C:\Windows\System\AizfiaK.exe
  2⤵
  PID:1928
- C:\Windows\System\hHRNqBm.exe
  C:\Windows\System\hHRNqBm.exe
  2⤵
  PID:1176
- C:\Windows\System\AoPsQOU.exe
  C:\Windows\System\AoPsQOU.exe
  2⤵
  PID:1036
- C:\Windows\System\YLUvLYZ.exe
  C:\Windows\System\YLUvLYZ.exe
  2⤵
  PID:2300
- C:\Windows\System\vJHsyTq.exe
  C:\Windows\System\vJHsyTq.exe
  2⤵
  PID:352
- C:\Windows\System\QHWtHOy.exe
  C:\Windows\System\QHWtHOy.exe
  2⤵
  PID:992
- C:\Windows\System\QIiyDLs.exe
  C:\Windows\System\QIiyDLs.exe
  2⤵
  PID:1200
- C:\Windows\System\EZgoMMn.exe
  C:\Windows\System\EZgoMMn.exe
  2⤵
  PID:2500
- C:\Windows\System\fWfAxMh.exe
  C:\Windows\System\fWfAxMh.exe
  2⤵
  PID:2704
- C:\Windows\System\udcbNDJ.exe
  C:\Windows\System\udcbNDJ.exe
  2⤵
  PID:1152
- C:\Windows\System\TdOROvZ.exe
  C:\Windows\System\TdOROvZ.exe
  2⤵
  PID:3112
- C:\Windows\System\GPcTaMp.exe
  C:\Windows\System\GPcTaMp.exe
  2⤵
  PID:3176
- C:\Windows\System\BTGHOVv.exe
  C:\Windows\System\BTGHOVv.exe
  2⤵
  PID:3276
- C:\Windows\System\HwSVnlZ.exe
  C:\Windows\System\HwSVnlZ.exe
  2⤵
  PID:3340
- C:\Windows\System\oizuWTf.exe
  C:\Windows\System\oizuWTf.exe
  2⤵
  PID:3404
- C:\Windows\System\stYKzcU.exe
  C:\Windows\System\stYKzcU.exe
  2⤵
  PID:1992
- C:\Windows\System\OSwpIQz.exe
  C:\Windows\System\OSwpIQz.exe
  2⤵
  PID:2728
- C:\Windows\System\ABLzGlp.exe
  C:\Windows\System\ABLzGlp.exe
  2⤵
  PID:3096
- C:\Windows\System\ZXULVtZ.exe
  C:\Windows\System\ZXULVtZ.exe
  2⤵
  PID:3160
- C:\Windows\System\ZETrmZJ.exe
  C:\Windows\System\ZETrmZJ.exe
  2⤵
  PID:3264
- C:\Windows\System\PLQAXMm.exe
  C:\Windows\System\PLQAXMm.exe
  2⤵
  PID:3324
- C:\Windows\System\BVCoAFF.exe
  C:\Windows\System\BVCoAFF.exe
  2⤵
  PID:3388
- C:\Windows\System\RrJtRZl.exe
  C:\Windows\System\RrJtRZl.exe
  2⤵
  PID:3452
- C:\Windows\System\xGtmxea.exe
  C:\Windows\System\xGtmxea.exe
  2⤵
  PID:3468
- C:\Windows\System\KCLBqxW.exe
  C:\Windows\System\KCLBqxW.exe
  2⤵
  PID:3488
- C:\Windows\System\TKiqRJe.exe
  C:\Windows\System\TKiqRJe.exe
  2⤵
  PID:3504
- C:\Windows\System\TwoxDbt.exe
  C:\Windows\System\TwoxDbt.exe
  2⤵
  PID:3520
- C:\Windows\System\gmKcuzL.exe
  C:\Windows\System\gmKcuzL.exe
  2⤵
  PID:3536
- C:\Windows\System\HWizUVz.exe
  C:\Windows\System\HWizUVz.exe
  2⤵
  PID:3552
- C:\Windows\System\yeUHoyl.exe
  C:\Windows\System\yeUHoyl.exe
  2⤵
  PID:3576
- C:\Windows\System\UzMkSWT.exe
  C:\Windows\System\UzMkSWT.exe
  2⤵
  PID:3592
- C:\Windows\System\oFPagPq.exe
  C:\Windows\System\oFPagPq.exe
  2⤵
  PID:3608
- C:\Windows\System\kwAuRQG.exe
  C:\Windows\System\kwAuRQG.exe
  2⤵
  PID:3624
- C:\Windows\System\njfYJte.exe
  C:\Windows\System\njfYJte.exe
  2⤵
  PID:3640
- C:\Windows\System\avVAMCo.exe
  C:\Windows\System\avVAMCo.exe
  2⤵
  PID:3656
- C:\Windows\System\aoDJXWR.exe
  C:\Windows\System\aoDJXWR.exe
  2⤵
  PID:3672
- C:\Windows\System\dOELyDV.exe
  C:\Windows\System\dOELyDV.exe
  2⤵
  PID:3688
- C:\Windows\System\PMbEfAP.exe
  C:\Windows\System\PMbEfAP.exe
  2⤵
  PID:3704
- C:\Windows\System\jwwCIyW.exe
  C:\Windows\System\jwwCIyW.exe
  2⤵
  PID:3776
- C:\Windows\System\uwBgIOL.exe
  C:\Windows\System\uwBgIOL.exe
  2⤵
  PID:3812
- C:\Windows\System\nTNZyBf.exe
  C:\Windows\System\nTNZyBf.exe
  2⤵
  PID:3844
- C:\Windows\System\KcDyPFV.exe
  C:\Windows\System\KcDyPFV.exe
  2⤵
  PID:3864
- C:\Windows\System\zVyfAlU.exe
  C:\Windows\System\zVyfAlU.exe
  2⤵
  PID:3912
- C:\Windows\System\MziAdEB.exe
  C:\Windows\System\MziAdEB.exe
  2⤵
  PID:3928
- C:\Windows\System\iMIyfXK.exe
  C:\Windows\System\iMIyfXK.exe
  2⤵
  PID:3956
- C:\Windows\System\UWzshxG.exe
  C:\Windows\System\UWzshxG.exe
  2⤵
  PID:4008
- C:\Windows\System\BVtNqcc.exe
  C:\Windows\System\BVtNqcc.exe
  2⤵
  PID:4028
- C:\Windows\System\fumAJWV.exe
  C:\Windows\System\fumAJWV.exe
  2⤵
  PID:4060
- C:\Windows\System\XsPwaIK.exe
  C:\Windows\System\XsPwaIK.exe
  2⤵
  PID:4092
- C:\Windows\System\VZnsaPB.exe
  C:\Windows\System\VZnsaPB.exe
  2⤵
  PID:1016
- C:\Windows\System\eWPLQrI.exe
  C:\Windows\System\eWPLQrI.exe
  2⤵
  PID:356
- C:\Windows\System\VYFZjcV.exe
  C:\Windows\System\VYFZjcV.exe
  2⤵
  PID:2436
- C:\Windows\System\JfQRjEJ.exe
  C:\Windows\System\JfQRjEJ.exe
  2⤵
  PID:2116
- C:\Windows\System\gUhFVDt.exe
  C:\Windows\System\gUhFVDt.exe
  2⤵
  PID:2528
- C:\Windows\System\QYSodzT.exe
  C:\Windows\System\QYSodzT.exe
  2⤵
  PID:3036
- C:\Windows\System\FeNbpns.exe
  C:\Windows\System\FeNbpns.exe
  2⤵
  PID:3172
- C:\Windows\System\APTFUDw.exe
  C:\Windows\System\APTFUDw.exe
  2⤵
  PID:3312
- C:\Windows\System\KTLghDd.exe
  C:\Windows\System\KTLghDd.exe
  2⤵
  PID:3436
- C:\Windows\System\LqalgJz.exe
  C:\Windows\System\LqalgJz.exe
  2⤵
  PID:3156
- C:\Windows\System\XGHKFWW.exe
  C:\Windows\System\XGHKFWW.exe
  2⤵
  PID:3232
- C:\Windows\System\cXjFwWi.exe
  C:\Windows\System\cXjFwWi.exe
  2⤵
  PID:3360
- C:\Windows\System\JyBykYU.exe
  C:\Windows\System\JyBykYU.exe
  2⤵
  PID:3484
- C:\Windows\System\vLjScSm.exe
  C:\Windows\System\vLjScSm.exe
  2⤵
  PID:3500
- C:\Windows\System\mbyfAYR.exe
  C:\Windows\System\mbyfAYR.exe
  2⤵
  PID:3244
- C:\Windows\System\ktXldwH.exe
  C:\Windows\System\ktXldwH.exe
  2⤵
  PID:3572
- C:\Windows\System\kjykgSr.exe
  C:\Windows\System\kjykgSr.exe
  2⤵
  PID:3604
- C:\Windows\System\QbGoXuO.exe
  C:\Windows\System\QbGoXuO.exe
  2⤵
  PID:3636
- C:\Windows\System\jXDmstc.exe
  C:\Windows\System\jXDmstc.exe
  2⤵
  PID:3684
- C:\Windows\System\MtHZVbE.exe
  C:\Windows\System\MtHZVbE.exe
  2⤵
  PID:4108
- C:\Windows\System\zdBZFzq.exe
  C:\Windows\System\zdBZFzq.exe
  2⤵
  PID:4124
- C:\Windows\System\XDchgAF.exe
  C:\Windows\System\XDchgAF.exe
  2⤵
  PID:4140
- C:\Windows\System\VYdwntF.exe
  C:\Windows\System\VYdwntF.exe
  2⤵
  PID:4156
- C:\Windows\System\dmnkAgk.exe
  C:\Windows\System\dmnkAgk.exe
  2⤵
  PID:4172
- C:\Windows\System\anzWjMJ.exe
  C:\Windows\System\anzWjMJ.exe
  2⤵
  PID:4188
- C:\Windows\System\sGqGWQp.exe
  C:\Windows\System\sGqGWQp.exe
  2⤵
  PID:4212
- C:\Windows\System\LOHLoVG.exe
  C:\Windows\System\LOHLoVG.exe
  2⤵
  PID:4228
- C:\Windows\System\elkPhJU.exe
  C:\Windows\System\elkPhJU.exe
  2⤵
  PID:4252
- C:\Windows\System\vSJrJUv.exe
  C:\Windows\System\vSJrJUv.exe
  2⤵
  PID:4268
- C:\Windows\System\wrvgHAH.exe
  C:\Windows\System\wrvgHAH.exe
  2⤵
  PID:4284
- C:\Windows\System\NTmbOix.exe
  C:\Windows\System\NTmbOix.exe
  2⤵
  PID:4300
- C:\Windows\System\ZrtJwMP.exe
  C:\Windows\System\ZrtJwMP.exe
  2⤵
  PID:4316
- C:\Windows\System\zuqlmrv.exe
  C:\Windows\System\zuqlmrv.exe
  2⤵
  PID:4332
- C:\Windows\System\ObgtwgS.exe
  C:\Windows\System\ObgtwgS.exe
  2⤵
  PID:4348
- C:\Windows\System\yAWDjTW.exe
  C:\Windows\System\yAWDjTW.exe
  2⤵
  PID:4372
- C:\Windows\System\WCJGLQI.exe
  C:\Windows\System\WCJGLQI.exe
  2⤵
  PID:4388
- C:\Windows\System\DKqfcpZ.exe
  C:\Windows\System\DKqfcpZ.exe
  2⤵
  PID:4404
- C:\Windows\System\WoLYnVs.exe
  C:\Windows\System\WoLYnVs.exe
  2⤵
  PID:4420
- C:\Windows\System\eunZmUx.exe
  C:\Windows\System\eunZmUx.exe
  2⤵
  PID:4436
- C:\Windows\System\eSPqlWO.exe
  C:\Windows\System\eSPqlWO.exe
  2⤵
  PID:4452
- C:\Windows\System\MywPKZL.exe
  C:\Windows\System\MywPKZL.exe
  2⤵
  PID:4468
- C:\Windows\System\sfiqAPt.exe
  C:\Windows\System\sfiqAPt.exe
  2⤵
  PID:4484
- C:\Windows\System\CEhoDoV.exe
  C:\Windows\System\CEhoDoV.exe
  2⤵
  PID:4500
- C:\Windows\System\iizfgJv.exe
  C:\Windows\System\iizfgJv.exe
  2⤵
  PID:4516
- C:\Windows\System\mfFyltI.exe
  C:\Windows\System\mfFyltI.exe
  2⤵
  PID:4532
- C:\Windows\System\LEBvtDi.exe
  C:\Windows\System\LEBvtDi.exe
  2⤵
  PID:4548
- C:\Windows\System\BrykghC.exe
  C:\Windows\System\BrykghC.exe
  2⤵
  PID:4564
- C:\Windows\System\ktvHPAj.exe
  C:\Windows\System\ktvHPAj.exe
  2⤵
  PID:4580
- C:\Windows\System\MGeGdiv.exe
  C:\Windows\System\MGeGdiv.exe
  2⤵
  PID:4596
- C:\Windows\System\sPzjyAK.exe
  C:\Windows\System\sPzjyAK.exe
  2⤵
  PID:4612
- C:\Windows\System\GrHRhRZ.exe
  C:\Windows\System\GrHRhRZ.exe
  2⤵
  PID:4628
- C:\Windows\System\CAQFuNI.exe
  C:\Windows\System\CAQFuNI.exe
  2⤵
  PID:4644
- C:\Windows\System\mAfYrwR.exe
  C:\Windows\System\mAfYrwR.exe
  2⤵
  PID:4660
- C:\Windows\System\sXobAEt.exe
  C:\Windows\System\sXobAEt.exe
  2⤵
  PID:4676
- C:\Windows\System\JiwTGfE.exe
  C:\Windows\System\JiwTGfE.exe
  2⤵
  PID:4696
- C:\Windows\System\FBuWTJA.exe
  C:\Windows\System\FBuWTJA.exe
  2⤵
  PID:4712
- C:\Windows\System\mHZoxle.exe
  C:\Windows\System\mHZoxle.exe
  2⤵
  PID:4728
- C:\Windows\System\BlbdttC.exe
  C:\Windows\System\BlbdttC.exe
  2⤵
  PID:4744
- C:\Windows\System\cWwePDx.exe
  C:\Windows\System\cWwePDx.exe
  2⤵
  PID:4760
- C:\Windows\System\ReYYVUm.exe
  C:\Windows\System\ReYYVUm.exe
  2⤵
  PID:4776
- C:\Windows\System\yIxlnig.exe
  C:\Windows\System\yIxlnig.exe
  2⤵
  PID:4792
- C:\Windows\System\NvNCELs.exe
  C:\Windows\System\NvNCELs.exe
  2⤵
  PID:4808
- C:\Windows\System\EtIktnW.exe
  C:\Windows\System\EtIktnW.exe
  2⤵
  PID:4824
- C:\Windows\System\AdSHNJm.exe
  C:\Windows\System\AdSHNJm.exe
  2⤵
  PID:4840
- C:\Windows\System\CRUMNVy.exe
  C:\Windows\System\CRUMNVy.exe
  2⤵
  PID:4856
- C:\Windows\System\SiugnrV.exe
  C:\Windows\System\SiugnrV.exe
  2⤵
  PID:4872
- C:\Windows\System\CDcaJFg.exe
  C:\Windows\System\CDcaJFg.exe
  2⤵
  PID:4888
- C:\Windows\System\Modjgvw.exe
  C:\Windows\System\Modjgvw.exe
  2⤵
  PID:4904
- C:\Windows\System\fLClCLD.exe
  C:\Windows\System\fLClCLD.exe
  2⤵
  PID:4920
- C:\Windows\System\LZmJNHp.exe
  C:\Windows\System\LZmJNHp.exe
  2⤵
  PID:4940
- C:\Windows\System\HZanNVy.exe
  C:\Windows\System\HZanNVy.exe
  2⤵
  PID:4960
- C:\Windows\System\oRFEYky.exe
  C:\Windows\System\oRFEYky.exe
  2⤵
  PID:4980
- C:\Windows\System\PQtlPdc.exe
  C:\Windows\System\PQtlPdc.exe
  2⤵
  PID:5000
- C:\Windows\System\hvUDcoB.exe
  C:\Windows\System\hvUDcoB.exe
  2⤵
  PID:5016
- C:\Windows\System\HQghdEI.exe
  C:\Windows\System\HQghdEI.exe
  2⤵
  PID:5032
- C:\Windows\System\cbzHCqp.exe
  C:\Windows\System\cbzHCqp.exe
  2⤵
  PID:5048
- C:\Windows\System\wwJbNAT.exe
  C:\Windows\System\wwJbNAT.exe
  2⤵
  PID:5064
- C:\Windows\System\CZEhrGO.exe
  C:\Windows\System\CZEhrGO.exe
  2⤵
  PID:5080
- C:\Windows\System\Jiddkii.exe
  C:\Windows\System\Jiddkii.exe
  2⤵
  PID:5096
- C:\Windows\System\OSpkSBH.exe
  C:\Windows\System\OSpkSBH.exe
  2⤵
  PID:5112
- C:\Windows\System\bhzQbjG.exe
  C:\Windows\System\bhzQbjG.exe
  2⤵
  PID:3792
- C:\Windows\System\RqDCBBs.exe
  C:\Windows\System\RqDCBBs.exe
  2⤵
  PID:3860
- C:\Windows\System\EEYGoMu.exe
  C:\Windows\System\EEYGoMu.exe
  2⤵
  PID:3924
- C:\Windows\System\brvGVcx.exe
  C:\Windows\System\brvGVcx.exe
  2⤵
  PID:4040
- C:\Windows\System\joFOGvf.exe
  C:\Windows\System\joFOGvf.exe
  2⤵
  PID:4088
- C:\Windows\System\yNCwjlU.exe
  C:\Windows\System\yNCwjlU.exe
  2⤵
  PID:876
- C:\Windows\System\xRGAAyt.exe
  C:\Windows\System\xRGAAyt.exe
  2⤵
  PID:1516
- C:\Windows\System\sWimiXy.exe
  C:\Windows\System\sWimiXy.exe
  2⤵
  PID:2412
- C:\Windows\System\pEqcFSE.exe
  C:\Windows\System\pEqcFSE.exe
  2⤵
  PID:3372
- C:\Windows\System\XIUVxMi.exe
  C:\Windows\System\XIUVxMi.exe
  2⤵
  PID:2860
- C:\Windows\System\OqVwtRf.exe
  C:\Windows\System\OqVwtRf.exe
  2⤵
  PID:3356
- C:\Windows\System\SClbRnE.exe
  C:\Windows\System\SClbRnE.exe
  2⤵
  PID:3460
- C:\Windows\System\xkaXnGJ.exe
  C:\Windows\System\xkaXnGJ.exe
  2⤵
  PID:3544
- C:\Windows\System\TTblyeV.exe
  C:\Windows\System\TTblyeV.exe
  2⤵
  PID:3568
- C:\Windows\System\GUwbKWk.exe
  C:\Windows\System\GUwbKWk.exe
  2⤵
  PID:3664
- C:\Windows\System\NYXXSaf.exe
  C:\Windows\System\NYXXSaf.exe
  2⤵
  PID:4104
- C:\Windows\System\aZWarGD.exe
  C:\Windows\System\aZWarGD.exe
  2⤵
  PID:4136
- C:\Windows\System\hIiijMz.exe
  C:\Windows\System\hIiijMz.exe
  2⤵
  PID:4164
- C:\Windows\System\fmuFaHX.exe
  C:\Windows\System\fmuFaHX.exe
  2⤵
  PID:4200
- C:\Windows\System\kUCAllQ.exe
  C:\Windows\System\kUCAllQ.exe
  2⤵
  PID:4244
- C:\Windows\System\TXMzyAu.exe
  C:\Windows\System\TXMzyAu.exe
  2⤵
  PID:4324
- C:\Windows\System\OxlTdRp.exe
  C:\Windows\System\OxlTdRp.exe
  2⤵
  PID:4308
- C:\Windows\System\TwiXRrW.exe
  C:\Windows\System\TwiXRrW.exe
  2⤵
  PID:4356
- C:\Windows\System\CLVNTZL.exe
  C:\Windows\System\CLVNTZL.exe
  2⤵
  PID:4396
- C:\Windows\System\sAyLoND.exe
  C:\Windows\System\sAyLoND.exe
  2⤵
  PID:4432
- C:\Windows\System\qLVoCVm.exe
  C:\Windows\System\qLVoCVm.exe
  2⤵
  PID:4444
- C:\Windows\System\MnhKmPT.exe
  C:\Windows\System\MnhKmPT.exe
  2⤵
  PID:4524
- C:\Windows\System\YVZTApN.exe
  C:\Windows\System\YVZTApN.exe
  2⤵
  PID:4556
- C:\Windows\System\slVqxzf.exe
  C:\Windows\System\slVqxzf.exe
  2⤵
  PID:4620
- C:\Windows\System\FDWdYuf.exe
  C:\Windows\System\FDWdYuf.exe
  2⤵
  PID:4540
- C:\Windows\System\MotVtdo.exe
  C:\Windows\System\MotVtdo.exe
  2⤵
  PID:4604
- C:\Windows\System\stMdAGY.exe
  C:\Windows\System\stMdAGY.exe
  2⤵
  PID:4656
- C:\Windows\System\pUdHPYx.exe
  C:\Windows\System\pUdHPYx.exe
  2⤵
  PID:4692
- C:\Windows\System\jWDDIMU.exe
  C:\Windows\System\jWDDIMU.exe
  2⤵
  PID:4756
- C:\Windows\System\bTpKvsO.exe
  C:\Windows\System\bTpKvsO.exe
  2⤵
  PID:4820
- C:\Windows\System\RjYujJe.exe
  C:\Windows\System\RjYujJe.exe
  2⤵
  PID:4708
- C:\Windows\System\WBEmxYs.exe
  C:\Windows\System\WBEmxYs.exe
  2⤵
  PID:4772
- C:\Windows\System\MEcYVKD.exe
  C:\Windows\System\MEcYVKD.exe
  2⤵
  PID:4880
- C:\Windows\System\nqrIpEk.exe
  C:\Windows\System\nqrIpEk.exe
  2⤵
  PID:4884
- C:\Windows\System\xsmoSjM.exe
  C:\Windows\System\xsmoSjM.exe
  2⤵
  PID:4896
- C:\Windows\System\tJEpcNy.exe
  C:\Windows\System\tJEpcNy.exe
  2⤵
  PID:4988
- C:\Windows\System\wNSAKwI.exe
  C:\Windows\System\wNSAKwI.exe
  2⤵
  PID:5060
- C:\Windows\System\ZatqPwq.exe
  C:\Windows\System\ZatqPwq.exe
  2⤵
  PID:5104
- C:\Windows\System\CVEODyJ.exe
  C:\Windows\System\CVEODyJ.exe
  2⤵
  PID:4968
- C:\Windows\System\SzJkwFe.exe
  C:\Windows\System\SzJkwFe.exe
  2⤵
  PID:5040
- C:\Windows\System\bBtUfAv.exe
  C:\Windows\System\bBtUfAv.exe
  2⤵
  PID:3908
- C:\Windows\System\snSMpFC.exe
  C:\Windows\System\snSMpFC.exe
  2⤵
  PID:3960
- C:\Windows\System\jTkwjFW.exe
  C:\Windows\System\jTkwjFW.exe
  2⤵
  PID:2088
- C:\Windows\System\SzGHdMV.exe
  C:\Windows\System\SzGHdMV.exe
  2⤵
  PID:296
- C:\Windows\System\UPnbJJm.exe
  C:\Windows\System\UPnbJJm.exe
  2⤵
  PID:3216
- C:\Windows\System\VDSEiEr.exe
  C:\Windows\System\VDSEiEr.exe
  2⤵
  PID:3480
- C:\Windows\System\iLORmyt.exe
  C:\Windows\System\iLORmyt.exe
  2⤵
  PID:3420
- C:\Windows\System\zqpeyZJ.exe
  C:\Windows\System\zqpeyZJ.exe
  2⤵
  PID:4116
- C:\Windows\System\RBSWnIl.exe
  C:\Windows\System\RBSWnIl.exe
  2⤵
  PID:4196
- C:\Windows\System\hGnzGQu.exe
  C:\Windows\System\hGnzGQu.exe
  2⤵
  PID:4220
- C:\Windows\System\pEgQMmx.exe
  C:\Windows\System\pEgQMmx.exe
  2⤵
  PID:4260
- C:\Windows\System\KDzSZMl.exe
  C:\Windows\System\KDzSZMl.exe
  2⤵
  PID:4340
- C:\Windows\System\nqlaCyz.exe
  C:\Windows\System\nqlaCyz.exe
  2⤵
  PID:4380
- C:\Windows\System\kzbSNRy.exe
  C:\Windows\System\kzbSNRy.exe
  2⤵
  PID:4592
- C:\Windows\System\YRHBlHK.exe
  C:\Windows\System\YRHBlHK.exe
  2⤵
  PID:4476
- C:\Windows\System\xiwutTq.exe
  C:\Windows\System\xiwutTq.exe
  2⤵
  PID:4576
- C:\Windows\System\buBrEWd.exe
  C:\Windows\System\buBrEWd.exe
  2⤵
  PID:4672
- C:\Windows\System\YEISqbx.exe
  C:\Windows\System\YEISqbx.exe
  2⤵
  PID:4816
- C:\Windows\System\pDNdvZc.exe
  C:\Windows\System\pDNdvZc.exe
  2⤵
  PID:5136
- C:\Windows\System\tKZqbiE.exe
  C:\Windows\System\tKZqbiE.exe
  2⤵
  PID:5152
- C:\Windows\System\mWrmKfv.exe
  C:\Windows\System\mWrmKfv.exe
  2⤵
  PID:5172
- C:\Windows\System\puicXeV.exe
  C:\Windows\System\puicXeV.exe
  2⤵
  PID:5192
- C:\Windows\System\KUPzzOg.exe
  C:\Windows\System\KUPzzOg.exe
  2⤵
  PID:5208
- C:\Windows\System\MvYZZOb.exe
  C:\Windows\System\MvYZZOb.exe
  2⤵
  PID:5224
- C:\Windows\System\wRdrLcc.exe
  C:\Windows\System\wRdrLcc.exe
  2⤵
  PID:5240
- C:\Windows\System\lxroJos.exe
  C:\Windows\System\lxroJos.exe
  2⤵
  PID:5256
- C:\Windows\System\kXOxjBJ.exe
  C:\Windows\System\kXOxjBJ.exe
  2⤵
  PID:5272
- C:\Windows\System\IfNVRJU.exe
  C:\Windows\System\IfNVRJU.exe
  2⤵
  PID:5288
- C:\Windows\System\fiBawWO.exe
  C:\Windows\System\fiBawWO.exe
  2⤵
  PID:5304
- C:\Windows\System\hStDljU.exe
  C:\Windows\System\hStDljU.exe
  2⤵
  PID:5320
- C:\Windows\System\SFoOedu.exe
  C:\Windows\System\SFoOedu.exe
  2⤵
  PID:5336
- C:\Windows\System\fnBIjPv.exe
  C:\Windows\System\fnBIjPv.exe
  2⤵
  PID:5352
- C:\Windows\System\hZHOJsA.exe
  C:\Windows\System\hZHOJsA.exe
  2⤵
  PID:5368
- C:\Windows\System\ZTfDmpN.exe
  C:\Windows\System\ZTfDmpN.exe
  2⤵
  PID:5384
- C:\Windows\System\mysOLgj.exe
  C:\Windows\System\mysOLgj.exe
  2⤵
  PID:5400
- C:\Windows\System\XfxaJJZ.exe
  C:\Windows\System\XfxaJJZ.exe
  2⤵
  PID:5416
- C:\Windows\System\ZllUVAd.exe
  C:\Windows\System\ZllUVAd.exe
  2⤵
  PID:5432
- C:\Windows\System\igMkVxz.exe
  C:\Windows\System\igMkVxz.exe
  2⤵
  PID:5448
- C:\Windows\System\KhfKPjy.exe
  C:\Windows\System\KhfKPjy.exe
  2⤵
  PID:5464
- C:\Windows\System\LEMNYhS.exe
  C:\Windows\System\LEMNYhS.exe
  2⤵
  PID:5480
- C:\Windows\System\eIYBRnR.exe
  C:\Windows\System\eIYBRnR.exe
  2⤵
  PID:5496
- C:\Windows\System\acNcdKl.exe
  C:\Windows\System\acNcdKl.exe
  2⤵
  PID:5512
- C:\Windows\System\DEhSQTI.exe
  C:\Windows\System\DEhSQTI.exe
  2⤵
  PID:5528
- C:\Windows\System\rdwMvWV.exe
  C:\Windows\System\rdwMvWV.exe
  2⤵
  PID:5544
- C:\Windows\System\tPDwWOK.exe
  C:\Windows\System\tPDwWOK.exe
  2⤵
  PID:5560
- C:\Windows\System\EWTlNal.exe
  C:\Windows\System\EWTlNal.exe
  2⤵
  PID:5576
- C:\Windows\System\BPfCpOR.exe
  C:\Windows\System\BPfCpOR.exe
  2⤵
  PID:5596
- C:\Windows\System\rjqcgof.exe
  C:\Windows\System\rjqcgof.exe
  2⤵
  PID:5612
- C:\Windows\System\SdzIhAL.exe
  C:\Windows\System\SdzIhAL.exe
  2⤵
  PID:5628
- C:\Windows\System\fXwCjpV.exe
  C:\Windows\System\fXwCjpV.exe
  2⤵
  PID:5644
- C:\Windows\System\JLsForZ.exe
  C:\Windows\System\JLsForZ.exe
  2⤵
  PID:5660
- C:\Windows\System\wUZfdXG.exe
  C:\Windows\System\wUZfdXG.exe
  2⤵
  PID:5676
- C:\Windows\System\ffidVvr.exe
  C:\Windows\System\ffidVvr.exe
  2⤵
  PID:5692
- C:\Windows\System\JbhIflH.exe
  C:\Windows\System\JbhIflH.exe
  2⤵
  PID:5708
- C:\Windows\System\TKICxVK.exe
  C:\Windows\System\TKICxVK.exe
  2⤵
  PID:5724
- C:\Windows\System\UngyTeS.exe
  C:\Windows\System\UngyTeS.exe
  2⤵
  PID:5740
- C:\Windows\System\QAAQYYf.exe
  C:\Windows\System\QAAQYYf.exe
  2⤵
  PID:5756
- C:\Windows\System\QhietjF.exe
  C:\Windows\System\QhietjF.exe
  2⤵
  PID:5772
- C:\Windows\System\Kvnwhgx.exe
  C:\Windows\System\Kvnwhgx.exe
  2⤵
  PID:5788
- C:\Windows\System\bxXrRev.exe
  C:\Windows\System\bxXrRev.exe
  2⤵
  PID:5804
- C:\Windows\System\YNsBOGX.exe
  C:\Windows\System\YNsBOGX.exe
  2⤵
  PID:5820
- C:\Windows\System\DrocbwP.exe
  C:\Windows\System\DrocbwP.exe
  2⤵
  PID:5836
- C:\Windows\System\HYsjbIC.exe
  C:\Windows\System\HYsjbIC.exe
  2⤵
  PID:5852
- C:\Windows\System\HmjIgbs.exe
  C:\Windows\System\HmjIgbs.exe
  2⤵
  PID:5868
- C:\Windows\System\tgRBcsk.exe
  C:\Windows\System\tgRBcsk.exe
  2⤵
  PID:5884
- C:\Windows\System\nklsaLw.exe
  C:\Windows\System\nklsaLw.exe
  2⤵
  PID:5900
- C:\Windows\System\KugmMjy.exe
  C:\Windows\System\KugmMjy.exe
  2⤵
  PID:5916
- C:\Windows\System\VYLJtEa.exe
  C:\Windows\System\VYLJtEa.exe
  2⤵
  PID:5932
- C:\Windows\System\ahKojKz.exe
  C:\Windows\System\ahKojKz.exe
  2⤵
  PID:5948
- C:\Windows\System\kUhYiil.exe
  C:\Windows\System\kUhYiil.exe
  2⤵
  PID:5964
- C:\Windows\System\LKUnJzh.exe
  C:\Windows\System\LKUnJzh.exe
  2⤵
  PID:5980
- C:\Windows\System\EdSJVBY.exe
  C:\Windows\System\EdSJVBY.exe
  2⤵
  PID:5996
- C:\Windows\System\ejfmxKE.exe
  C:\Windows\System\ejfmxKE.exe
  2⤵
  PID:6012
- C:\Windows\System\aeweAwc.exe
  C:\Windows\System\aeweAwc.exe
  2⤵
  PID:6028
- C:\Windows\System\rzVZXco.exe
  C:\Windows\System\rzVZXco.exe
  2⤵
  PID:6044
- C:\Windows\System\NlNSdXE.exe
  C:\Windows\System\NlNSdXE.exe
  2⤵
  PID:6060
- C:\Windows\System\vMQCMee.exe
  C:\Windows\System\vMQCMee.exe
  2⤵
  PID:6076
- C:\Windows\System\nnhUfNA.exe
  C:\Windows\System\nnhUfNA.exe
  2⤵
  PID:6092
- C:\Windows\System\LzXydoV.exe
  C:\Windows\System\LzXydoV.exe
  2⤵
  PID:6108
- C:\Windows\System\GsMTkhp.exe
  C:\Windows\System\GsMTkhp.exe
  2⤵
  PID:6124
- C:\Windows\System\oRKplLh.exe
  C:\Windows\System\oRKplLh.exe
  2⤵
  PID:6140
- C:\Windows\System\SgIeYyj.exe
  C:\Windows\System\SgIeYyj.exe
  2⤵
  PID:2512
- C:\Windows\System\ZhHsTfV.exe
  C:\Windows\System\ZhHsTfV.exe
  2⤵
  PID:4868
- C:\Windows\System\KCKRUNz.exe
  C:\Windows\System\KCKRUNz.exe
  2⤵
  PID:4952
- C:\Windows\System\tvQDvYB.exe
  C:\Windows\System\tvQDvYB.exe
  2⤵
  PID:5024
- C:\Windows\System\olPftag.exe
  C:\Windows\System\olPftag.exe
  2⤵
  PID:4972
- C:\Windows\System\cwjvtUg.exe
  C:\Windows\System\cwjvtUg.exe
  2⤵
  PID:5108
- C:\Windows\System\SvEtdzg.exe
  C:\Windows\System\SvEtdzg.exe
  2⤵
  PID:264
- C:\Windows\System\oEvNQPL.exe
  C:\Windows\System\oEvNQPL.exe
  2⤵
  PID:4072
- C:\Windows\System\wXALoDU.exe
  C:\Windows\System\wXALoDU.exe
  2⤵
  PID:3600
- C:\Windows\System\ulleUZM.exe
  C:\Windows\System\ulleUZM.exe
  2⤵
  PID:4184
- C:\Windows\System\RZkKbsb.exe
  C:\Windows\System\RZkKbsb.exe
  2⤵
  PID:4280
- C:\Windows\System\cdncVvj.exe
  C:\Windows\System\cdncVvj.exe
  2⤵
  PID:4428
- C:\Windows\System\CjHHUcJ.exe
  C:\Windows\System\CjHHUcJ.exe
  2⤵
  PID:4508
- C:\Windows\System\AvytVXx.exe
  C:\Windows\System\AvytVXx.exe
  2⤵
  PID:4788
- C:\Windows\System\vfCXnOq.exe
  C:\Windows\System\vfCXnOq.exe
  2⤵
  PID:5144
- C:\Windows\System\rGLfSEC.exe
  C:\Windows\System\rGLfSEC.exe
  2⤵
  PID:5168
- C:\Windows\System\IRVLQSM.exe
  C:\Windows\System\IRVLQSM.exe
  2⤵
  PID:5216
- C:\Windows\System\wdrncPv.exe
  C:\Windows\System\wdrncPv.exe
  2⤵
  PID:5248
- C:\Windows\System\ArkbFZd.exe
  C:\Windows\System\ArkbFZd.exe
  2⤵
  PID:5280
- C:\Windows\System\vjvfSCu.exe
  C:\Windows\System\vjvfSCu.exe
  2⤵
  PID:5312
- C:\Windows\System\aSZJjOk.exe
  C:\Windows\System\aSZJjOk.exe
  2⤵
  PID:5328
- C:\Windows\System\bdVbfZu.exe
  C:\Windows\System\bdVbfZu.exe
  2⤵
  PID:5360
- C:\Windows\System\oaylRFP.exe
  C:\Windows\System\oaylRFP.exe
  2⤵
  PID:5392
- C:\Windows\System\oOuHfxC.exe
  C:\Windows\System\oOuHfxC.exe
  2⤵
  PID:5440
- C:\Windows\System\wfkRaqe.exe
  C:\Windows\System\wfkRaqe.exe
  2⤵
  PID:5472
- C:\Windows\System\WePhEgR.exe
  C:\Windows\System\WePhEgR.exe
  2⤵
  PID:5504
- C:\Windows\System\REOcTji.exe
  C:\Windows\System\REOcTji.exe
  2⤵
  PID:5520
- C:\Windows\System\RlPhhqP.exe
  C:\Windows\System\RlPhhqP.exe
  2⤵
  PID:5568
- C:\Windows\System\pKUmLaH.exe
  C:\Windows\System\pKUmLaH.exe
  2⤵
  PID:5584
- C:\Windows\System\dIalYkn.exe
  C:\Windows\System\dIalYkn.exe
  2⤵
  PID:5620
- C:\Windows\System\amaLTfu.exe
  C:\Windows\System\amaLTfu.exe
  2⤵
  PID:5652
- C:\Windows\System\qKItrYg.exe
  C:\Windows\System\qKItrYg.exe
  2⤵
  PID:5700
- C:\Windows\System\Ycbemxv.exe
  C:\Windows\System\Ycbemxv.exe
  2⤵
  PID:5716
- C:\Windows\System\IlJWPOK.exe
  C:\Windows\System\IlJWPOK.exe
  2⤵
  PID:5736
- C:\Windows\System\XfEndOp.exe
  C:\Windows\System\XfEndOp.exe
  2⤵
  PID:5752
- C:\Windows\System\JoWFZdh.exe
  C:\Windows\System\JoWFZdh.exe
  2⤵
  PID:5800
- C:\Windows\System\tsjpPBU.exe
  C:\Windows\System\tsjpPBU.exe
  2⤵
  PID:5812
- C:\Windows\System\VnlaoVM.exe
  C:\Windows\System\VnlaoVM.exe
  2⤵
  PID:5860
- C:\Windows\System\XVNPPmR.exe
  C:\Windows\System\XVNPPmR.exe
  2⤵
  PID:2532
- C:\Windows\System\KexYrXp.exe
  C:\Windows\System\KexYrXp.exe
  2⤵
  PID:5924
- C:\Windows\System\oDpDWGB.exe
  C:\Windows\System\oDpDWGB.exe
  2⤵
  PID:2128
- C:\Windows\System\oXzqnkC.exe
  C:\Windows\System\oXzqnkC.exe
  2⤵
  PID:5940
- C:\Windows\System\kgfMmQr.exe
  C:\Windows\System\kgfMmQr.exe
  2⤵
  PID:5992
- C:\Windows\System\lLnAdmx.exe
  C:\Windows\System\lLnAdmx.exe
  2⤵
  PID:6004
- C:\Windows\System\SwtzJKh.exe
  C:\Windows\System\SwtzJKh.exe
  2⤵
  PID:6052
- C:\Windows\System\cJYoIrl.exe
  C:\Windows\System\cJYoIrl.exe
  2⤵
  PID:6116
- C:\Windows\System\yubSwob.exe
  C:\Windows\System\yubSwob.exe
  2⤵
  PID:6100
- C:\Windows\System\GzNSNqL.exe
  C:\Windows\System\GzNSNqL.exe
  2⤵
  PID:4740
- C:\Windows\System\RbLzVeE.exe
  C:\Windows\System\RbLzVeE.exe
  2⤵
  PID:4916
- C:\Windows\System\rBZewAe.exe
  C:\Windows\System\rBZewAe.exe
  2⤵
  PID:5008
- C:\Windows\System\ksQHfwd.exe
  C:\Windows\System\ksQHfwd.exe
  2⤵
  PID:3996
- C:\Windows\System\SXXWotV.exe
  C:\Windows\System\SXXWotV.exe
  2⤵
  PID:3584
- C:\Windows\System\ZMjSumE.exe
  C:\Windows\System\ZMjSumE.exe
  2⤵
  PID:3308
- C:\Windows\System\wGtItHG.exe
  C:\Windows\System\wGtItHG.exe
  2⤵
  PID:5056
- C:\Windows\System\CmNCYhD.exe
  C:\Windows\System\CmNCYhD.exe
  2⤵
  PID:4752
- C:\Windows\System\eMXGdkw.exe
  C:\Windows\System\eMXGdkw.exe
  2⤵
  PID:5188
- C:\Windows\System\CgVNwck.exe
  C:\Windows\System\CgVNwck.exe
  2⤵
  PID:5200
- C:\Windows\System\KrQtcAX.exe
  C:\Windows\System\KrQtcAX.exe
  2⤵
  PID:5284
- C:\Windows\System\befCezi.exe
  C:\Windows\System\befCezi.exe
  2⤵
  PID:5380
- C:\Windows\System\HodBpBd.exe
  C:\Windows\System\HodBpBd.exe
  2⤵
  PID:5348
- C:\Windows\System\KjcrMvi.exe
  C:\Windows\System\KjcrMvi.exe
  2⤵
  PID:5396
- C:\Windows\System\hKDLWyr.exe
  C:\Windows\System\hKDLWyr.exe
  2⤵
  PID:5552
- C:\Windows\System\oXnNCBZ.exe
  C:\Windows\System\oXnNCBZ.exe
  2⤵
  PID:5588
- C:\Windows\System\wHEPQVE.exe
  C:\Windows\System\wHEPQVE.exe
  2⤵
  PID:5656
- C:\Windows\System\IrDiwYC.exe
  C:\Windows\System\IrDiwYC.exe
  2⤵
  PID:5748
- C:\Windows\System\OHcAeAL.exe
  C:\Windows\System\OHcAeAL.exe
  2⤵
  PID:5780
- C:\Windows\System\WULLbkJ.exe
  C:\Windows\System\WULLbkJ.exe
  2⤵
  PID:5848
- C:\Windows\System\BsIpCbn.exe
  C:\Windows\System\BsIpCbn.exe
  2⤵
  PID:5880
- C:\Windows\System\wILoyCz.exe
  C:\Windows\System\wILoyCz.exe
  2⤵
  PID:6156
- C:\Windows\System\RaIvxrD.exe
  C:\Windows\System\RaIvxrD.exe
  2⤵
  PID:6172
- C:\Windows\System\mknQPDh.exe
  C:\Windows\System\mknQPDh.exe
  2⤵
  PID:6188
- C:\Windows\System\UGyvKqA.exe
  C:\Windows\System\UGyvKqA.exe
  2⤵
  PID:6204
- C:\Windows\System\RcpGHmT.exe
  C:\Windows\System\RcpGHmT.exe
  2⤵
  PID:6220
- C:\Windows\System\QXqFToj.exe
  C:\Windows\System\QXqFToj.exe
  2⤵
  PID:6236
- C:\Windows\System\mNLTVws.exe
  C:\Windows\System\mNLTVws.exe
  2⤵
  PID:6252
- C:\Windows\System\ZlUrePz.exe
  C:\Windows\System\ZlUrePz.exe
  2⤵
  PID:6268
- C:\Windows\System\PwjBGYW.exe
  C:\Windows\System\PwjBGYW.exe
  2⤵
  PID:6284
- C:\Windows\System\uzkkkin.exe
  C:\Windows\System\uzkkkin.exe
  2⤵
  PID:6300
- C:\Windows\System\EwOAewA.exe
  C:\Windows\System\EwOAewA.exe
  2⤵
  PID:6316
- C:\Windows\System\EaAYkrC.exe
  C:\Windows\System\EaAYkrC.exe
  2⤵
  PID:6332
- C:\Windows\System\yOTasDt.exe
  C:\Windows\System\yOTasDt.exe
  2⤵
  PID:6348
- C:\Windows\System\zlcqwqX.exe
  C:\Windows\System\zlcqwqX.exe
  2⤵
  PID:6364
- C:\Windows\System\gSsXBmb.exe
  C:\Windows\System\gSsXBmb.exe
  2⤵
  PID:6380
- C:\Windows\System\dVUkTXw.exe
  C:\Windows\System\dVUkTXw.exe
  2⤵
  PID:6396
- C:\Windows\System\bKbzUap.exe
  C:\Windows\System\bKbzUap.exe
  2⤵
  PID:6412
- C:\Windows\System\unSAAst.exe
  C:\Windows\System\unSAAst.exe
  2⤵
  PID:6428
- C:\Windows\System\LVTXdUY.exe
  C:\Windows\System\LVTXdUY.exe
  2⤵
  PID:6444
- C:\Windows\System\KidRpwq.exe
  C:\Windows\System\KidRpwq.exe
  2⤵
  PID:6460
- C:\Windows\System\SFXGwGV.exe
  C:\Windows\System\SFXGwGV.exe
  2⤵
  PID:6476
- C:\Windows\System\GYIBDEu.exe
  C:\Windows\System\GYIBDEu.exe
  2⤵
  PID:6492
- C:\Windows\System\rmJkdlE.exe
  C:\Windows\System\rmJkdlE.exe
  2⤵
  PID:6508
- C:\Windows\System\OiCAXMA.exe
  C:\Windows\System\OiCAXMA.exe
  2⤵
  PID:6524
- C:\Windows\System\rfuAkOm.exe
  C:\Windows\System\rfuAkOm.exe
  2⤵
  PID:6540
- C:\Windows\System\lTQTwis.exe
  C:\Windows\System\lTQTwis.exe
  2⤵
  PID:6556
- C:\Windows\System\zdcgIkK.exe
  C:\Windows\System\zdcgIkK.exe
  2⤵
  PID:6572
- C:\Windows\System\eVVDywI.exe
  C:\Windows\System\eVVDywI.exe
  2⤵
  PID:6588
- C:\Windows\System\pRLqPzQ.exe
  C:\Windows\System\pRLqPzQ.exe
  2⤵
  PID:6604
- C:\Windows\System\PUoFGcP.exe
  C:\Windows\System\PUoFGcP.exe
  2⤵
  PID:6620
- C:\Windows\System\clQPKml.exe
  C:\Windows\System\clQPKml.exe
  2⤵
  PID:6636
- C:\Windows\System\vJpfoJM.exe
  C:\Windows\System\vJpfoJM.exe
  2⤵
  PID:6652
- C:\Windows\System\FRnPpEV.exe
  C:\Windows\System\FRnPpEV.exe
  2⤵
  PID:6668
- C:\Windows\System\JyNaYmg.exe
  C:\Windows\System\JyNaYmg.exe
  2⤵
  PID:6684
- C:\Windows\System\rwRWbtI.exe
  C:\Windows\System\rwRWbtI.exe
  2⤵
  PID:6700
- C:\Windows\System\YbVEMzt.exe
  C:\Windows\System\YbVEMzt.exe
  2⤵
  PID:6716
- C:\Windows\System\XjocoRP.exe
  C:\Windows\System\XjocoRP.exe
  2⤵
  PID:6732
- C:\Windows\System\fspmwmr.exe
  C:\Windows\System\fspmwmr.exe
  2⤵
  PID:6764
- C:\Windows\System\gGiUJmF.exe
  C:\Windows\System\gGiUJmF.exe
  2⤵
  PID:6780
- C:\Windows\System\cZttIJA.exe
  C:\Windows\System\cZttIJA.exe
  2⤵
  PID:6796
- C:\Windows\System\eNUsrPG.exe
  C:\Windows\System\eNUsrPG.exe
  2⤵
  PID:6812
- C:\Windows\System\TBhZOeW.exe
  C:\Windows\System\TBhZOeW.exe
  2⤵
  PID:6892
- C:\Windows\System\FDWlOrV.exe
  C:\Windows\System\FDWlOrV.exe
  2⤵
  PID:6972
- C:\Windows\System\KsuyLUU.exe
  C:\Windows\System\KsuyLUU.exe
  2⤵
  PID:7012
- C:\Windows\System\DNCupFj.exe
  C:\Windows\System\DNCupFj.exe
  2⤵
  PID:7064
- C:\Windows\System\ZBpbDYq.exe
  C:\Windows\System\ZBpbDYq.exe
  2⤵
  PID:7092
- C:\Windows\System\NuWNvRn.exe
  C:\Windows\System\NuWNvRn.exe
  2⤵
  PID:7112
- C:\Windows\System\jOeSQLm.exe
  C:\Windows\System\jOeSQLm.exe
  2⤵
  PID:7156
- C:\Windows\System\eGjxIST.exe
  C:\Windows\System\eGjxIST.exe
  2⤵
  PID:6260
- C:\Windows\System\LBDoqxy.exe
  C:\Windows\System\LBDoqxy.exe
  2⤵
  PID:2668
- C:\Windows\System\lXrEJLB.exe
  C:\Windows\System\lXrEJLB.exe
  2⤵
  PID:7120
- C:\Windows\System\BIUhyjH.exe
  C:\Windows\System\BIUhyjH.exe
  2⤵
  PID:5252
- C:\Windows\System\FJnMFJK.exe
  C:\Windows\System\FJnMFJK.exe
  2⤵
  PID:5316
- C:\Windows\System\Ksitlvm.exe
  C:\Windows\System\Ksitlvm.exe
  2⤵
  PID:5424
- C:\Windows\System\QBOJUzx.exe
  C:\Windows\System\QBOJUzx.exe
  2⤵
  PID:5624
- C:\Windows\System\dkMMBrM.exe
  C:\Windows\System\dkMMBrM.exe
  2⤵
  PID:5688
- C:\Windows\System\HoyZdDB.exe
  C:\Windows\System\HoyZdDB.exe
  2⤵
  PID:5832
- C:\Windows\System\SlQnodi.exe
  C:\Windows\System\SlQnodi.exe
  2⤵
  PID:5844
- C:\Windows\System\UvIZvEM.exe
  C:\Windows\System\UvIZvEM.exe
  2⤵
  PID:6180
- C:\Windows\System\HolsDnU.exe
  C:\Windows\System\HolsDnU.exe
  2⤵
  PID:752
- C:\Windows\System\UxXSVgQ.exe
  C:\Windows\System\UxXSVgQ.exe
  2⤵
  PID:6184
- C:\Windows\System\EyWKwfc.exe
  C:\Windows\System\EyWKwfc.exe
  2⤵
  PID:6200
- C:\Windows\System\NVBhSgZ.exe
  C:\Windows\System\NVBhSgZ.exe
  2⤵
  PID:2776
- C:\Windows\System\HqlCJYC.exe
  C:\Windows\System\HqlCJYC.exe
  2⤵
  PID:1912
- C:\Windows\System\xEYTqfG.exe
  C:\Windows\System\xEYTqfG.exe
  2⤵
  PID:2072
- C:\Windows\System\lHFfhvA.exe
  C:\Windows\System\lHFfhvA.exe
  2⤵
  PID:6372
- C:\Windows\System\upkHkae.exe
  C:\Windows\System\upkHkae.exe
  2⤵
  PID:6404
- C:\Windows\System\rCIUdaQ.exe
  C:\Windows\System\rCIUdaQ.exe
  2⤵
  PID:6472
- C:\Windows\System\GMGAkOg.exe
  C:\Windows\System\GMGAkOg.exe
  2⤵
  PID:6568
- C:\Windows\System\wiJZqFG.exe
  C:\Windows\System\wiJZqFG.exe
  2⤵
  PID:6632
- C:\Windows\System\iADTcRX.exe
  C:\Windows\System\iADTcRX.exe
  2⤵
  PID:6724
- C:\Windows\System\RdvMOdI.exe
  C:\Windows\System\RdvMOdI.exe
  2⤵
  PID:2852
- C:\Windows\System\CntxwLY.exe
  C:\Windows\System\CntxwLY.exe
  2⤵
  PID:6420
- C:\Windows\System\XGiGJqP.exe
  C:\Windows\System\XGiGJqP.exe
  2⤵
  PID:6516
- C:\Windows\System\hVjuwdv.exe
  C:\Windows\System\hVjuwdv.exe
  2⤵
  PID:6708
- C:\Windows\System\LUksjEt.exe
  C:\Windows\System\LUksjEt.exe
  2⤵
  PID:4588
- C:\Windows\System\XBycQJd.exe
  C:\Windows\System\XBycQJd.exe
  2⤵
  PID:7192
- C:\Windows\System\gdPGTrs.exe
  C:\Windows\System\gdPGTrs.exe
  2⤵
  PID:7296
- C:\Windows\System\rErqrbI.exe
  C:\Windows\System\rErqrbI.exe
  2⤵
  PID:7316
- C:\Windows\System\YoavOCx.exe
  C:\Windows\System\YoavOCx.exe
  2⤵
  PID:7336
- C:\Windows\System\BqIYgxT.exe
  C:\Windows\System\BqIYgxT.exe
  2⤵
  PID:7356
- C:\Windows\System\ZfAVqIR.exe
  C:\Windows\System\ZfAVqIR.exe
  2⤵
  PID:7372
- C:\Windows\System\bgNKIZc.exe
  C:\Windows\System\bgNKIZc.exe
  2⤵
  PID:7388
- C:\Windows\System\LBkiozI.exe
  C:\Windows\System\LBkiozI.exe
  2⤵
  PID:7404
- C:\Windows\System\fdPXbHn.exe
  C:\Windows\System\fdPXbHn.exe
  2⤵
  PID:7420
- C:\Windows\System\fPbiiCT.exe
  C:\Windows\System\fPbiiCT.exe
  2⤵
  PID:7436
- C:\Windows\System\rfnTEIx.exe
  C:\Windows\System\rfnTEIx.exe
  2⤵
  PID:7452
- C:\Windows\System\NtmpFBx.exe
  C:\Windows\System\NtmpFBx.exe
  2⤵
  PID:7472
- C:\Windows\System\iEDgwoE.exe
  C:\Windows\System\iEDgwoE.exe
  2⤵
  PID:7492
- C:\Windows\System\DUCmQJW.exe
  C:\Windows\System\DUCmQJW.exe
  2⤵
  PID:7508
- C:\Windows\System\yCEfBxp.exe
  C:\Windows\System\yCEfBxp.exe
  2⤵
  PID:7524
- C:\Windows\System\MrrwHEJ.exe
  C:\Windows\System\MrrwHEJ.exe
  2⤵
  PID:7572
- C:\Windows\System\tQHuoBL.exe
  C:\Windows\System\tQHuoBL.exe
  2⤵
  PID:7592
- C:\Windows\System\gzOCLlN.exe
  C:\Windows\System\gzOCLlN.exe
  2⤵
  PID:7612
- C:\Windows\System\dxnLQPQ.exe
  C:\Windows\System\dxnLQPQ.exe
  2⤵
  PID:7628
- C:\Windows\System\zcmyyIK.exe
  C:\Windows\System\zcmyyIK.exe
  2⤵
  PID:7644
- C:\Windows\System\WvhCfpG.exe
  C:\Windows\System\WvhCfpG.exe
  2⤵
  PID:7660
- C:\Windows\System\xtGlpQm.exe
  C:\Windows\System\xtGlpQm.exe
  2⤵
  PID:7716
- C:\Windows\System\MPfXOTz.exe
  C:\Windows\System\MPfXOTz.exe
  2⤵
  PID:7732
- C:\Windows\System\sLWDVXv.exe
  C:\Windows\System\sLWDVXv.exe
  2⤵
  PID:7748
- C:\Windows\System\aWXIwhD.exe
  C:\Windows\System\aWXIwhD.exe
  2⤵
  PID:7764
- C:\Windows\System\PFSDUSw.exe
  C:\Windows\System\PFSDUSw.exe
  2⤵
  PID:7780
- C:\Windows\System\jTpYhVh.exe
  C:\Windows\System\jTpYhVh.exe
  2⤵
  PID:7800
- C:\Windows\System\ovVbNXf.exe
  C:\Windows\System\ovVbNXf.exe
  2⤵
  PID:7816
- C:\Windows\System\HwKTYnv.exe
  C:\Windows\System\HwKTYnv.exe
  2⤵
  PID:7832
- C:\Windows\System\FLdZFuN.exe
  C:\Windows\System\FLdZFuN.exe
  2⤵
  PID:7852
- C:\Windows\System\BIyyHBI.exe
  C:\Windows\System\BIyyHBI.exe
  2⤵
  PID:7868
- C:\Windows\System\eImynfH.exe
  C:\Windows\System\eImynfH.exe
  2⤵
  PID:7884
- C:\Windows\System\MewVhxX.exe
  C:\Windows\System\MewVhxX.exe
  2⤵
  PID:7904
- C:\Windows\System\wNQSymX.exe
  C:\Windows\System\wNQSymX.exe
  2⤵
  PID:7956
- C:\Windows\System\GPsLHfu.exe
  C:\Windows\System\GPsLHfu.exe
  2⤵
  PID:7972
- C:\Windows\System\VtnffnQ.exe
  C:\Windows\System\VtnffnQ.exe
  2⤵
  PID:7988
- C:\Windows\System\RUoayLP.exe
  C:\Windows\System\RUoayLP.exe
  2⤵
  PID:8004
- C:\Windows\System\yPxZhDf.exe
  C:\Windows\System\yPxZhDf.exe
  2⤵
  PID:8020
- C:\Windows\System\NtOoaHU.exe
  C:\Windows\System\NtOoaHU.exe
  2⤵
  PID:8040
- C:\Windows\System\IuAloHU.exe
  C:\Windows\System\IuAloHU.exe
  2⤵
  PID:8060
- C:\Windows\System\nlMKyGn.exe
  C:\Windows\System\nlMKyGn.exe
  2⤵
  PID:8080
- C:\Windows\System\zdqkFwJ.exe
  C:\Windows\System\zdqkFwJ.exe
  2⤵
  PID:8096
- C:\Windows\System\cPQkDkj.exe
  C:\Windows\System\cPQkDkj.exe
  2⤵
  PID:8116
- C:\Windows\System\clCewDP.exe
  C:\Windows\System\clCewDP.exe
  2⤵
  PID:8168
- C:\Windows\System\cGicxjD.exe
  C:\Windows\System\cGicxjD.exe
  2⤵
  PID:8184
- C:\Windows\System\uKsnQUA.exe
  C:\Windows\System\uKsnQUA.exe
  2⤵
  PID:6920
- C:\Windows\System\NYvqfyY.exe
  C:\Windows\System\NYvqfyY.exe
  2⤵
  PID:6936
- C:\Windows\System\RbvxYuv.exe
  C:\Windows\System\RbvxYuv.exe
  2⤵
  PID:6580
- C:\Windows\System\zRmmnwQ.exe
  C:\Windows\System\zRmmnwQ.exe
  2⤵
  PID:6616
- C:\Windows\System\bifFNxe.exe
  C:\Windows\System\bifFNxe.exe
  2⤵
  PID:6312
- C:\Windows\System\fFbWPBD.exe
  C:\Windows\System\fFbWPBD.exe
  2⤵
  PID:6436
- C:\Windows\System\VxNTHgZ.exe
  C:\Windows\System\VxNTHgZ.exe
  2⤵
  PID:6648
- C:\Windows\System\TgjUxoF.exe
  C:\Windows\System\TgjUxoF.exe
  2⤵
  PID:5492
- C:\Windows\System\JrdmTXc.exe
  C:\Windows\System\JrdmTXc.exe
  2⤵
  PID:4996
- C:\Windows\System\EDbJgfn.exe
  C:\Windows\System\EDbJgfn.exe
  2⤵
  PID:7344
- C:\Windows\System\eJfNNvZ.exe
  C:\Windows\System\eJfNNvZ.exe
  2⤵
  PID:7384
- C:\Windows\System\quETuPn.exe
  C:\Windows\System\quETuPn.exe
  2⤵
  PID:6804
- C:\Windows\System\IRarAtp.exe
  C:\Windows\System\IRarAtp.exe
  2⤵
  PID:6356
- C:\Windows\System\RCGnkac.exe
  C:\Windows\System\RCGnkac.exe
  2⤵
  PID:2044
- C:\Windows\System\Ryjfxmh.exe
  C:\Windows\System\Ryjfxmh.exe
  2⤵
  PID:6756
- C:\Windows\System\uFaOoIx.exe
  C:\Windows\System\uFaOoIx.exe
  2⤵
  PID:7480
- C:\Windows\System\vQNkmvC.exe
  C:\Windows\System\vQNkmvC.exe
  2⤵
  PID:6712
- C:\Windows\System\kajmxoi.exe
  C:\Windows\System\kajmxoi.exe
  2⤵
  PID:6960
- C:\Windows\System\SlBUzNp.exe
  C:\Windows\System\SlBUzNp.exe
  2⤵
  PID:7032
- C:\Windows\System\TPFvVDy.exe
  C:\Windows\System\TPFvVDy.exe
  2⤵
  PID:7048
- C:\Windows\System\pKwMsKw.exe
  C:\Windows\System\pKwMsKw.exe
  2⤵
  PID:7028
- C:\Windows\System\NwTiyha.exe
  C:\Windows\System\NwTiyha.exe
  2⤵
  PID:1096
- C:\Windows\System\pIKXdYz.exe
  C:\Windows\System\pIKXdYz.exe
  2⤵
  PID:6792
- C:\Windows\System\RyLdvqs.exe
  C:\Windows\System\RyLdvqs.exe
  2⤵
  PID:6832
- C:\Windows\System\ECyhNkw.exe
  C:\Windows\System\ECyhNkw.exe
  2⤵
  PID:6860
- C:\Windows\System\cwyzytl.exe
  C:\Windows\System\cwyzytl.exe
  2⤵
  PID:6876
- C:\Windows\System\neWfFzL.exe
  C:\Windows\System\neWfFzL.exe
  2⤵
  PID:6888
- C:\Windows\System\HkmXzlu.exe
  C:\Windows\System\HkmXzlu.exe
  2⤵
  PID:6992
- C:\Windows\System\BerOnPg.exe
  C:\Windows\System\BerOnPg.exe
  2⤵
  PID:7004
- C:\Windows\System\zelmzPv.exe
  C:\Windows\System\zelmzPv.exe
  2⤵
  PID:7084
- C:\Windows\System\oMwDOMe.exe
  C:\Windows\System\oMwDOMe.exe
  2⤵
  PID:4932
- C:\Windows\System\uCmSnYD.exe
  C:\Windows\System\uCmSnYD.exe
  2⤵
  PID:6328
- C:\Windows\System\FddEeZz.exe
  C:\Windows\System\FddEeZz.exe
  2⤵
  PID:6664
- C:\Windows\System\ZmCjFnN.exe
  C:\Windows\System\ZmCjFnN.exe
  2⤵
  PID:6452
- C:\Windows\System\iQgBYZh.exe
  C:\Windows\System\iQgBYZh.exe
  2⤵
  PID:3200
- C:\Windows\System\MdmNDbk.exe
  C:\Windows\System\MdmNDbk.exe
  2⤵
  PID:7164
- C:\Windows\System\qHmUsQO.exe
  C:\Windows\System\qHmUsQO.exe
  2⤵
  PID:5956
- C:\Windows\System\lgvyrgK.exe
  C:\Windows\System\lgvyrgK.exe
  2⤵
  PID:6036
- C:\Windows\System\keFjvKt.exe
  C:\Windows\System\keFjvKt.exe
  2⤵
  PID:6088
- C:\Windows\System\tmiHQIc.exe
  C:\Windows\System\tmiHQIc.exe
  2⤵
  PID:6132
- C:\Windows\System\AizRnfC.exe
  C:\Windows\System\AizRnfC.exe
  2⤵
  PID:4864
- C:\Windows\System\mTDZIou.exe
  C:\Windows\System\mTDZIou.exe
  2⤵
  PID:2388
- C:\Windows\System\sJjeUUw.exe
  C:\Windows\System\sJjeUUw.exe
  2⤵
  PID:2452
- C:\Windows\System\jgXAwix.exe
  C:\Windows\System\jgXAwix.exe
  2⤵
  PID:7208
- C:\Windows\System\YjkuMCS.exe
  C:\Windows\System\YjkuMCS.exe
  2⤵
  PID:7220
- C:\Windows\System\qSlgKkb.exe
  C:\Windows\System\qSlgKkb.exe
  2⤵
  PID:7236
- C:\Windows\System\sWnedXi.exe
  C:\Windows\System\sWnedXi.exe
  2⤵
  PID:7256
- C:\Windows\System\KLxvcxF.exe
  C:\Windows\System\KLxvcxF.exe
  2⤵
  PID:7276
- C:\Windows\System\vkyxxPO.exe
  C:\Windows\System\vkyxxPO.exe
  2⤵
  PID:7468
- C:\Windows\System\vCJhQOP.exe
  C:\Windows\System\vCJhQOP.exe
  2⤵
  PID:7548
- C:\Windows\System\oirqMiB.exe
  C:\Windows\System\oirqMiB.exe
  2⤵
  PID:4976
- C:\Windows\System\DRrfvWa.exe
  C:\Windows\System\DRrfvWa.exe
  2⤵
  PID:4640
- C:\Windows\System\oKQDPHA.exe
  C:\Windows\System\oKQDPHA.exe
  2⤵
  PID:684
- C:\Windows\System\BneAsJA.exe
  C:\Windows\System\BneAsJA.exe
  2⤵
  PID:2888
- C:\Windows\System\MhbGFrK.exe
  C:\Windows\System\MhbGFrK.exe
  2⤵
  PID:7368
- C:\Windows\System\JDcFDwe.exe
  C:\Windows\System\JDcFDwe.exe
  2⤵
  PID:7428
- C:\Windows\System\PUaVtlL.exe
  C:\Windows\System\PUaVtlL.exe
  2⤵
  PID:7500
- C:\Windows\System\SfgqCGw.exe
  C:\Windows\System\SfgqCGw.exe
  2⤵
  PID:2876
- C:\Windows\System\VvdTHvH.exe
  C:\Windows\System\VvdTHvH.exe
  2⤵
  PID:2804
- C:\Windows\System\hzSotMh.exe
  C:\Windows\System\hzSotMh.exe
  2⤵
  PID:2576
- C:\Windows\System\ezDcsoN.exe
  C:\Windows\System\ezDcsoN.exe
  2⤵
  PID:1484
- C:\Windows\System\EkbHAJC.exe
  C:\Windows\System\EkbHAJC.exe
  2⤵
  PID:1328
- C:\Windows\System\UiptWOi.exe
  C:\Windows\System\UiptWOi.exe
  2⤵
  PID:2328
- C:\Windows\System\XkMIcBa.exe
  C:\Windows\System\XkMIcBa.exe
  2⤵
  PID:7584
- C:\Windows\System\lFljAcw.exe
  C:\Windows\System\lFljAcw.exe
  2⤵
  PID:7656
- C:\Windows\System\ShEdjyU.exe
  C:\Windows\System\ShEdjyU.exe
  2⤵
  PID:1108
- C:\Windows\System\edYOKGE.exe
  C:\Windows\System\edYOKGE.exe
  2⤵
  PID:7600
- C:\Windows\System\GwepjZS.exe
  C:\Windows\System\GwepjZS.exe
  2⤵
  PID:7676
- C:\Windows\System\camaheD.exe
  C:\Windows\System\camaheD.exe
  2⤵
  PID:7684
- C:\Windows\System\tbtTYPn.exe
  C:\Windows\System\tbtTYPn.exe
  2⤵
  PID:7708
- C:\Windows\System\cgLXDbw.exe
  C:\Windows\System\cgLXDbw.exe
  2⤵
  PID:7772
- C:\Windows\System\iZJyMrB.exe
  C:\Windows\System\iZJyMrB.exe
  2⤵
  PID:7760
- C:\Windows\System\jRSdWDV.exe
  C:\Windows\System\jRSdWDV.exe
  2⤵
  PID:7828
- C:\Windows\System\ihYMwXI.exe
  C:\Windows\System\ihYMwXI.exe
  2⤵
  PID:7900
- C:\Windows\System\nyKyuUc.exe
  C:\Windows\System\nyKyuUc.exe
  2⤵
  PID:7844
- C:\Windows\System\BDRkdMc.exe
  C:\Windows\System\BDRkdMc.exe
  2⤵
  PID:7916
- C:\Windows\System\aFGvhMt.exe
  C:\Windows\System\aFGvhMt.exe
  2⤵
  PID:7948
- C:\Windows\System\DCSnOAn.exe
  C:\Windows\System\DCSnOAn.exe
  2⤵
  PID:8012
- C:\Windows\System\qEaYbhO.exe
  C:\Windows\System\qEaYbhO.exe
  2⤵
  PID:8056
- C:\Windows\System\vRAxYfj.exe
  C:\Windows\System\vRAxYfj.exe
  2⤵
  PID:8092
- C:\Windows\System\OcjehQa.exe
  C:\Windows\System\OcjehQa.exe
  2⤵
  PID:8028
- C:\Windows\System\YtNTNiI.exe
  C:\Windows\System\YtNTNiI.exe
  2⤵
  PID:8104
- C:\Windows\System\wpNnlrP.exe
  C:\Windows\System\wpNnlrP.exe
  2⤵
  PID:8140
- C:\Windows\System\ngzBwGm.exe
  C:\Windows\System\ngzBwGm.exe
  2⤵
  PID:8132
- C:\Windows\System\obffOVp.exe
  C:\Windows\System\obffOVp.exe
  2⤵
  PID:8128
- C:\Windows\System\ynnwygT.exe
  C:\Windows\System\ynnwygT.exe
  2⤵
  PID:6552
- C:\Windows\System\PEFdGUx.exe
  C:\Windows\System\PEFdGUx.exe
  2⤵
  PID:8176
- C:\Windows\System\RDMZVNx.exe
  C:\Windows\System\RDMZVNx.exe
  2⤵
  PID:6340
- C:\Windows\System\pcXFRZh.exe
  C:\Windows\System\pcXFRZh.exe
  2⤵
  PID:6900
- C:\Windows\System\yFZJkfL.exe
  C:\Windows\System\yFZJkfL.exe
  2⤵
  PID:6148
- C:\Windows\System\GnxEbvZ.exe
  C:\Windows\System\GnxEbvZ.exe
  2⤵
  PID:7380
- C:\Windows\System\OuKKozs.exe
  C:\Windows\System\OuKKozs.exe
  2⤵
  PID:7024
- C:\Windows\System\ErynQem.exe
  C:\Windows\System\ErynQem.exe
  2⤵
  PID:6788
- C:\Windows\System\akwkYbU.exe
  C:\Windows\System\akwkYbU.exe
  2⤵
  PID:6852
- C:\Windows\System\BPBHxLX.exe
  C:\Windows\System\BPBHxLX.exe
  2⤵
  PID:6488
- C:\Windows\System\DwzZaEt.exe
  C:\Windows\System\DwzZaEt.exe
  2⤵
  PID:6836
- C:\Windows\System\WEkZWRC.exe
  C:\Windows\System\WEkZWRC.exe
  2⤵
  PID:6984
- C:\Windows\System\hQyZwZt.exe
  C:\Windows\System\hQyZwZt.exe
  2⤵
  PID:5264
- C:\Windows\System\KzidLbT.exe
  C:\Windows\System\KzidLbT.exe
  2⤵
  PID:5232
- C:\Windows\System\qKqgbiz.exe
  C:\Windows\System\qKqgbiz.exe
  2⤵
  PID:1696
- C:\Windows\System\VTYcMSk.exe
  C:\Windows\System\VTYcMSk.exe
  2⤵
  PID:6536
- C:\Windows\System\IeTJPqF.exe
  C:\Windows\System\IeTJPqF.exe
  2⤵
  PID:2784
- C:\Windows\System\qCORESg.exe
  C:\Windows\System\qCORESg.exe
  2⤵
  PID:6280
- C:\Windows\System\BNYaAHR.exe
  C:\Windows\System\BNYaAHR.exe
  2⤵
  PID:4900
- C:\Windows\System\OFAfzGo.exe
  C:\Windows\System\OFAfzGo.exe
  2⤵
  PID:7212
- C:\Windows\System\tgalxDt.exe
  C:\Windows\System\tgalxDt.exe
  2⤵
  PID:6532
- C:\Windows\System\jaoVACu.exe
  C:\Windows\System\jaoVACu.exe
  2⤵
  PID:3696
- C:\Windows\System\gsLoOkJ.exe
  C:\Windows\System\gsLoOkJ.exe
  2⤵
  PID:3560
- C:\Windows\System\WBkaaIb.exe
  C:\Windows\System\WBkaaIb.exe
  2⤵
  PID:1312
- C:\Windows\System\UXVgcYb.exe
  C:\Windows\System\UXVgcYb.exe
  2⤵
  PID:2304
- C:\Windows\System\OKTAFup.exe
  C:\Windows\System\OKTAFup.exe
  2⤵
  PID:2788
- C:\Windows\System\CDvVjWP.exe
  C:\Windows\System\CDvVjWP.exe
  2⤵
  PID:4804
- C:\Windows\System\DwesXAV.exe
  C:\Windows\System\DwesXAV.exe
  2⤵
  PID:6760
- C:\Windows\System\lNKtgpW.exe
  C:\Windows\System\lNKtgpW.exe
  2⤵
  PID:7536
- C:\Windows\System\SrgFmGk.exe
  C:\Windows\System\SrgFmGk.exe
  2⤵
  PID:7228
- C:\Windows\System\ivOJazS.exe
  C:\Windows\System\ivOJazS.exe
  2⤵
  PID:7268
- C:\Windows\System\hkWBEHo.exe
  C:\Windows\System\hkWBEHo.exe
  2⤵
  PID:3964
- C:\Windows\System\AlPEPIg.exe
  C:\Windows\System\AlPEPIg.exe
  2⤵
  PID:1488
- C:\Windows\System\tuwPmBg.exe
  C:\Windows\System\tuwPmBg.exe
  2⤵
  PID:2724
- C:\Windows\System\SDCZiLB.exe
  C:\Windows\System\SDCZiLB.exe
  2⤵
  PID:1100
- C:\Windows\System\ofosFkN.exe
  C:\Windows\System\ofosFkN.exe
  2⤵
  PID:7396
- C:\Windows\System\lewNVQP.exe
  C:\Windows\System\lewNVQP.exe
  2⤵
  PID:7324
- C:\Windows\System\GKeuHsI.exe
  C:\Windows\System\GKeuHsI.exe
  2⤵
  PID:2648
- C:\Windows\System\NIbatLS.exe
  C:\Windows\System\NIbatLS.exe
  2⤵
  PID:2144
- C:\Windows\System\qOTCrnY.exe
  C:\Windows\System\qOTCrnY.exe
  2⤵
  PID:7932
- C:\Windows\System\qDZCFgg.exe
  C:\Windows\System\qDZCFgg.exe
  2⤵
  PID:7964
- C:\Windows\System\Fozqwvp.exe
  C:\Windows\System\Fozqwvp.exe
  2⤵
  PID:8112
- C:\Windows\System\zzcOiJV.exe
  C:\Windows\System\zzcOiJV.exe
  2⤵
  PID:8180
- C:\Windows\System\MgNeWRC.exe
  C:\Windows\System\MgNeWRC.exe
  2⤵
  PID:1008
- C:\Windows\System\tfIqxBc.exe
  C:\Windows\System\tfIqxBc.exe
  2⤵
  PID:7304
- C:\Windows\System\WuOqhKj.exe
  C:\Windows\System\WuOqhKj.exe
  2⤵
  PID:5128
- C:\Windows\System\XGuoDie.exe
  C:\Windows\System\XGuoDie.exe
  2⤵
  PID:6212
- C:\Windows\System\VrXVpxV.exe
  C:\Windows\System\VrXVpxV.exe
  2⤵
  PID:7672
- C:\Windows\System\pQbbHJy.exe
  C:\Windows\System\pQbbHJy.exe
  2⤵
  PID:7724
- C:\Windows\System\NkPcXZX.exe
  C:\Windows\System\NkPcXZX.exe
  2⤵
  PID:7880
- C:\Windows\System\WbsFxIQ.exe
  C:\Windows\System\WbsFxIQ.exe
  2⤵
  PID:7928
- C:\Windows\System\lGLnKlM.exe
  C:\Windows\System\lGLnKlM.exe
  2⤵
  PID:8068
- C:\Windows\System\mYrAzxp.exe
  C:\Windows\System\mYrAzxp.exe
  2⤵
  PID:8148
- C:\Windows\System\XPpWpKq.exe
  C:\Windows\System\XPpWpKq.exe
  2⤵
  PID:6548
- C:\Windows\System\EHnSyGL.exe
  C:\Windows\System\EHnSyGL.exe
  2⤵
  PID:6468
- C:\Windows\System\VuTstJU.exe
  C:\Windows\System\VuTstJU.exe
  2⤵
  PID:7348
- C:\Windows\System\YNJSdCA.exe
  C:\Windows\System\YNJSdCA.exe
  2⤵
  PID:7848
- C:\Windows\System\lWUicQQ.exe
  C:\Windows\System\lWUicQQ.exe
  2⤵
  PID:6244
- C:\Windows\System\pxxKexF.exe
  C:\Windows\System\pxxKexF.exe
  2⤵
  PID:2604
- C:\Windows\System\oPSbhhc.exe
  C:\Windows\System\oPSbhhc.exe
  2⤵
  PID:6392
- C:\Windows\System\CTQCsXP.exe
  C:\Windows\System\CTQCsXP.exe
  2⤵
  PID:7200
- C:\Windows\System\pTmWfFQ.exe
  C:\Windows\System\pTmWfFQ.exe
  2⤵
  PID:2632
- C:\Windows\System\FbKyPOP.exe
  C:\Windows\System\FbKyPOP.exe
  2⤵
  PID:2656
- C:\Windows\System\MVtcWKG.exe
  C:\Windows\System\MVtcWKG.exe
  2⤵
  PID:2916
- C:\Windows\System\XEjHzjS.exe
  C:\Windows\System\XEjHzjS.exe
  2⤵
  PID:7696
- C:\Windows\System\ChdJLPf.exe
  C:\Windows\System\ChdJLPf.exe
  2⤵
  PID:7744
- C:\Windows\System\HljCOMn.exe
  C:\Windows\System\HljCOMn.exe
  2⤵
  PID:7488
- C:\Windows\System\NxFQqno.exe
  C:\Windows\System\NxFQqno.exe
  2⤵
  PID:7076
- C:\Windows\System\RKptkwI.exe
  C:\Windows\System\RKptkwI.exe
  2⤵
  PID:6564
- C:\Windows\System\AVAEtIB.exe
  C:\Windows\System\AVAEtIB.exe
  2⤵
  PID:6084
- C:\Windows\System\kaqmDas.exe
  C:\Windows\System\kaqmDas.exe
  2⤵
  PID:5184
- C:\Windows\System\oHTVcYT.exe
  C:\Windows\System\oHTVcYT.exe
  2⤵
  PID:7560
- C:\Windows\System\cRLLeon.exe
  C:\Windows\System\cRLLeon.exe
  2⤵
  PID:4704
- C:\Windows\System\ekPpIrw.exe
  C:\Windows\System\ekPpIrw.exe
  2⤵
  PID:8000
- C:\Windows\System\erOqXuY.exe
  C:\Windows\System\erOqXuY.exe
  2⤵
  PID:7188
- C:\Windows\System\mlGuemf.exe
  C:\Windows\System\mlGuemf.exe
  2⤵
  PID:7864
- C:\Windows\System\TygISRV.exe
  C:\Windows\System\TygISRV.exe
  2⤵
  PID:8088
- C:\Windows\System\aJwFemT.exe
  C:\Windows\System\aJwFemT.exe
  2⤵
  PID:6968
- C:\Windows\System\DMWPneo.exe
  C:\Windows\System\DMWPneo.exe
  2⤵
  PID:2356
- C:\Windows\System\pMUdvHW.exe
  C:\Windows\System\pMUdvHW.exe
  2⤵
  PID:7180
- C:\Windows\System\aSHLRQq.exe
  C:\Windows\System\aSHLRQq.exe
  2⤵
  PID:7704
- C:\Windows\System\lKdVLBT.exe
  C:\Windows\System\lKdVLBT.exe
  2⤵
  PID:6612
- C:\Windows\System\SZJLDEf.exe
  C:\Windows\System\SZJLDEf.exe
  2⤵
  PID:6848
- C:\Windows\System\vTtZPVN.exe
  C:\Windows\System\vTtZPVN.exe
  2⤵
  PID:7056
- C:\Windows\System\VqWKxds.exe
  C:\Windows\System\VqWKxds.exe
  2⤵
  PID:5476
- C:\Windows\System\dFZDBgP.exe
  C:\Windows\System\dFZDBgP.exe
  2⤵
  PID:2628
- C:\Windows\System\YPyDFur.exe
  C:\Windows\System\YPyDFur.exe
  2⤵
  PID:7740
- C:\Windows\System\aczoAwR.exe
  C:\Windows\System\aczoAwR.exe
  2⤵
  PID:6828
- C:\Windows\System\AfUjote.exe
  C:\Windows\System\AfUjote.exe
  2⤵
  PID:2716
- C:\Windows\System\VrpDYjJ.exe
  C:\Windows\System\VrpDYjJ.exe
  2⤵
  PID:1296
- C:\Windows\System\OPCoyxZ.exe
  C:\Windows\System\OPCoyxZ.exe
  2⤵
  PID:2396
- C:\Windows\System\zOzHtSP.exe
  C:\Windows\System\zOzHtSP.exe
  2⤵
  PID:2588
- C:\Windows\System\RMVzTzh.exe
  C:\Windows\System\RMVzTzh.exe
  2⤵
  PID:7332
- C:\Windows\System\WGVINLS.exe
  C:\Windows\System\WGVINLS.exe
  2⤵
  PID:7568
- C:\Windows\System\skxuPZd.exe
  C:\Windows\System\skxuPZd.exe
  2⤵
  PID:2312
- C:\Windows\System\AybtrZJ.exe
  C:\Windows\System\AybtrZJ.exe
  2⤵
  PID:7272
- C:\Windows\System\iKCEGYV.exe
  C:\Windows\System\iKCEGYV.exe
  2⤵
  PID:7608
- C:\Windows\System\mrYlCpe.exe
  C:\Windows\System\mrYlCpe.exe
  2⤵
  PID:6376
- C:\Windows\System\ETnvRIJ.exe
  C:\Windows\System\ETnvRIJ.exe
  2⤵
  PID:7108
- C:\Windows\System\UJPEfkt.exe
  C:\Windows\System\UJPEfkt.exe
  2⤵
  PID:7544
- C:\Windows\System\tRCmLAq.exe
  C:\Windows\System\tRCmLAq.exe
  2⤵
  PID:7652
- C:\Windows\System\KoosBpT.exe
  C:\Windows\System\KoosBpT.exe
  2⤵
  PID:2772
- C:\Windows\System\RkRrCux.exe
  C:\Windows\System\RkRrCux.exe
  2⤵
  PID:2096
- C:\Windows\System\aJBRAQA.exe
  C:\Windows\System\aJBRAQA.exe
  2⤵
  PID:7464
- C:\Windows\System\IRAzgbg.exe
  C:\Windows\System\IRAzgbg.exe
  2⤵
  PID:6360
- C:\Windows\System\YvDggbU.exe
  C:\Windows\System\YvDggbU.exe
  2⤵
  PID:6484
- C:\Windows\System\MqiKvBw.exe
  C:\Windows\System\MqiKvBw.exe
  2⤵
  PID:1248
- C:\Windows\System\VVSdNWG.exe
  C:\Windows\System\VVSdNWG.exe
  2⤵
  PID:7620
- C:\Windows\System\pZBYHKU.exe
  C:\Windows\System\pZBYHKU.exe
  2⤵
  PID:5640
- C:\Windows\System\eRYiOHE.exe
  C:\Windows\System\eRYiOHE.exe
  2⤵
  PID:1932
- C:\Windows\System\MSCSUNN.exe
  C:\Windows\System\MSCSUNN.exe
  2⤵
  PID:7896
- C:\Windows\System\gcOpXLL.exe
  C:\Windows\System\gcOpXLL.exe
  2⤵
  PID:7040
- C:\Windows\System\ZPpIzza.exe
  C:\Windows\System\ZPpIzza.exe
  2⤵
  PID:3496
- C:\Windows\System\PECPTVi.exe
  C:\Windows\System\PECPTVi.exe
  2⤵
  PID:6956
- C:\Windows\System\YFqampM.exe
  C:\Windows\System\YFqampM.exe
  2⤵
  PID:8204
- C:\Windows\System\ZtEJbvi.exe
  C:\Windows\System\ZtEJbvi.exe
  2⤵
  PID:8224
- C:\Windows\System\TIlWRyC.exe
  C:\Windows\System\TIlWRyC.exe
  2⤵
  PID:8244
- C:\Windows\System\XNEGpdt.exe
  C:\Windows\System\XNEGpdt.exe
  2⤵
  PID:8260
- C:\Windows\System\ZRZLjUI.exe
  C:\Windows\System\ZRZLjUI.exe
  2⤵
  PID:8288
- C:\Windows\System\JnXuchk.exe
  C:\Windows\System\JnXuchk.exe
  2⤵
  PID:8304
- C:\Windows\System\kyVlhxE.exe
  C:\Windows\System\kyVlhxE.exe
  2⤵
  PID:8320
- C:\Windows\System\ctHeMoR.exe
  C:\Windows\System\ctHeMoR.exe
  2⤵
  PID:8336
- C:\Windows\System\VNcwkKn.exe
  C:\Windows\System\VNcwkKn.exe
  2⤵
  PID:8356
- C:\Windows\System\FRtQqEJ.exe
  C:\Windows\System\FRtQqEJ.exe
  2⤵
  PID:8372
- C:\Windows\System\AXebDyr.exe
  C:\Windows\System\AXebDyr.exe
  2⤵
  PID:8392
- C:\Windows\System\BgbpacT.exe
  C:\Windows\System\BgbpacT.exe
  2⤵
  PID:8408
- C:\Windows\System\TVdEEmf.exe
  C:\Windows\System\TVdEEmf.exe
  2⤵
  PID:8432
- C:\Windows\System\dUsPtZr.exe
  C:\Windows\System\dUsPtZr.exe
  2⤵
  PID:8448
- C:\Windows\System\mcrZVHD.exe
  C:\Windows\System\mcrZVHD.exe
  2⤵
  PID:8548
- C:\Windows\System\WTsuDdZ.exe
  C:\Windows\System\WTsuDdZ.exe
  2⤵
  PID:8572
- C:\Windows\System\WHlFXls.exe
  C:\Windows\System\WHlFXls.exe
  2⤵
  PID:8592
- C:\Windows\System\JIcPlFZ.exe
  C:\Windows\System\JIcPlFZ.exe
  2⤵
  PID:8620
- C:\Windows\System\JoYvkkh.exe
  C:\Windows\System\JoYvkkh.exe
  2⤵
  PID:8664
- C:\Windows\System\SjkUteE.exe
  C:\Windows\System\SjkUteE.exe
  2⤵
  PID:8680
- C:\Windows\System\JhBxTqh.exe
  C:\Windows\System\JhBxTqh.exe
  2⤵
  PID:8696
- C:\Windows\System\hZeNnpZ.exe
  C:\Windows\System\hZeNnpZ.exe
  2⤵
  PID:8712
- C:\Windows\System\JMyQRRo.exe
  C:\Windows\System\JMyQRRo.exe
  2⤵
  PID:8728
- C:\Windows\System\NhgQyrJ.exe
  C:\Windows\System\NhgQyrJ.exe
  2⤵
  PID:8748
- C:\Windows\System\dnohcWj.exe
  C:\Windows\System\dnohcWj.exe
  2⤵
  PID:8764
- C:\Windows\System\ppFjPEK.exe
  C:\Windows\System\ppFjPEK.exe
  2⤵
  PID:8780
- C:\Windows\System\VwVNvUB.exe
  C:\Windows\System\VwVNvUB.exe
  2⤵
  PID:8796
- C:\Windows\System\lOuMnJO.exe
  C:\Windows\System\lOuMnJO.exe
  2⤵
  PID:8812
- C:\Windows\System\bKWpqWU.exe
  C:\Windows\System\bKWpqWU.exe
  2⤵
  PID:8828
- C:\Windows\System\auSopWQ.exe
  C:\Windows\System\auSopWQ.exe
  2⤵
  PID:8844
- C:\Windows\System\vNbhHzi.exe
  C:\Windows\System\vNbhHzi.exe
  2⤵
  PID:8860
- C:\Windows\System\hfyKeGO.exe
  C:\Windows\System\hfyKeGO.exe
  2⤵
  PID:8876
- C:\Windows\System\MeEdavQ.exe
  C:\Windows\System\MeEdavQ.exe
  2⤵
  PID:8900
- C:\Windows\System\jsGvJiD.exe
  C:\Windows\System\jsGvJiD.exe
  2⤵
  PID:8920
- C:\Windows\System\XIQNpJM.exe
  C:\Windows\System\XIQNpJM.exe
  2⤵
  PID:8940
- C:\Windows\System\qDuIvLC.exe
  C:\Windows\System\qDuIvLC.exe
  2⤵
  PID:8996
- C:\Windows\System\HNOmZUv.exe
  C:\Windows\System\HNOmZUv.exe
  2⤵
  PID:9012
- C:\Windows\System\HYTfRcu.exe
  C:\Windows\System\HYTfRcu.exe
  2⤵
  PID:9028
- C:\Windows\System\oiMBEyG.exe
  C:\Windows\System\oiMBEyG.exe
  2⤵
  PID:9044
- C:\Windows\System\ZkdTNTk.exe
  C:\Windows\System\ZkdTNTk.exe
  2⤵
  PID:9064
- C:\Windows\System\AsMFDwD.exe
  C:\Windows\System\AsMFDwD.exe
  2⤵
  PID:9080
- C:\Windows\System\OzwudBj.exe
  C:\Windows\System\OzwudBj.exe
  2⤵
  PID:9096
- C:\Windows\System\eQGCdzM.exe
  C:\Windows\System\eQGCdzM.exe
  2⤵
  PID:9112
- C:\Windows\System\KkmmhIW.exe
  C:\Windows\System\KkmmhIW.exe
  2⤵
  PID:9132
- C:\Windows\System\ZDAHgoW.exe
  C:\Windows\System\ZDAHgoW.exe
  2⤵
  PID:9152
- C:\Windows\System\rpSDGmS.exe
  C:\Windows\System\rpSDGmS.exe
  2⤵
  PID:9168
- C:\Windows\System\LtIMjUp.exe
  C:\Windows\System\LtIMjUp.exe
  2⤵
  PID:9184
- C:\Windows\System\ZZqJmYo.exe
  C:\Windows\System\ZZqJmYo.exe
  2⤵
  PID:9200
- C:\Windows\System\DfRivVN.exe
  C:\Windows\System\DfRivVN.exe
  2⤵
  PID:7984
- C:\Windows\System\TtdyiNv.exe
  C:\Windows\System\TtdyiNv.exe
  2⤵
  PID:8216
- C:\Windows\System\BdeEwPS.exe
  C:\Windows\System\BdeEwPS.exe
  2⤵
  PID:8256
- C:\Windows\System\UhVRfrQ.exe
  C:\Windows\System\UhVRfrQ.exe
  2⤵
  PID:8328
- C:\Windows\System\AePzUiq.exe
  C:\Windows\System\AePzUiq.exe
  2⤵
  PID:8400
- C:\Windows\System\UgiqpUD.exe
  C:\Windows\System\UgiqpUD.exe
  2⤵
  PID:8440
- C:\Windows\System\sOjJzyy.exe
  C:\Windows\System\sOjJzyy.exe
  2⤵
  PID:8312
- C:\Windows\System\byMscWc.exe
  C:\Windows\System\byMscWc.exe
  2⤵
  PID:8164
- C:\Windows\System\OSTLTGn.exe
  C:\Windows\System\OSTLTGn.exe
  2⤵
  PID:8268
- C:\Windows\System\SwbXtDw.exe
  C:\Windows\System\SwbXtDw.exe
  2⤵
  PID:6872
- C:\Windows\System\iwkkguQ.exe
  C:\Windows\System\iwkkguQ.exe
  2⤵
  PID:8488
- C:\Windows\System\YvqFDwr.exe
  C:\Windows\System\YvqFDwr.exe
  2⤵
  PID:8236
- C:\Windows\System\gduYDPd.exe
  C:\Windows\System\gduYDPd.exe
  2⤵
  PID:8284
- C:\Windows\System\QuTXBPl.exe
  C:\Windows\System\QuTXBPl.exe
  2⤵
  PID:8380
- C:\Windows\System\UujDEHh.exe
  C:\Windows\System\UujDEHh.exe
  2⤵
  PID:8564
- C:\Windows\System\FpmrJgV.exe
  C:\Windows\System\FpmrJgV.exe
  2⤵
  PID:8612
- C:\Windows\System\OECtSoI.exe
  C:\Windows\System\OECtSoI.exe
  2⤵
  PID:8608
- C:\Windows\System\RzOPRtO.exe
  C:\Windows\System\RzOPRtO.exe
  2⤵
  PID:8660
- C:\Windows\System\RMoSaSE.exe
  C:\Windows\System\RMoSaSE.exe
  2⤵
  PID:8692
- C:\Windows\System\encyhUr.exe
  C:\Windows\System\encyhUr.exe
  2⤵
  PID:8740
- C:\Windows\System\SmXPlnk.exe
  C:\Windows\System\SmXPlnk.exe
  2⤵
  PID:8836
- C:\Windows\System\iVUzCUM.exe
  C:\Windows\System\iVUzCUM.exe
  2⤵
  PID:8788
- C:\Windows\System\MDRoqVV.exe
  C:\Windows\System\MDRoqVV.exe
  2⤵
  PID:8852
- C:\Windows\System\lgMXnUa.exe
  C:\Windows\System\lgMXnUa.exe
  2⤵
  PID:8892
- C:\Windows\System\tawgRWl.exe
  C:\Windows\System\tawgRWl.exe
  2⤵
  PID:8932
- C:\Windows\System\SBYIQHg.exe
  C:\Windows\System\SBYIQHg.exe
  2⤵
  PID:8964
- C:\Windows\System\PDqhkLe.exe
  C:\Windows\System\PDqhkLe.exe
  2⤵
  PID:9036
- C:\Windows\System\Nsszjzz.exe
  C:\Windows\System\Nsszjzz.exe
  2⤵
  PID:9024
- C:\Windows\System\sRlESPB.exe
  C:\Windows\System\sRlESPB.exe
  2⤵
  PID:8988
- C:\Windows\System\zLavPrQ.exe
  C:\Windows\System\zLavPrQ.exe
  2⤵
  PID:9104
- C:\Windows\System\lPfDxzq.exe
  C:\Windows\System\lPfDxzq.exe
  2⤵
  PID:9072
- C:\Windows\System\XlNhqaP.exe
  C:\Windows\System\XlNhqaP.exe
  2⤵
  PID:9092
- C:\Windows\System\BbsBrIy.exe
  C:\Windows\System\BbsBrIy.exe
  2⤵
  PID:9148
- C:\Windows\System\zqSqYkY.exe
  C:\Windows\System\zqSqYkY.exe
  2⤵
  PID:6024
- C:\Windows\System\uyZGueT.exe
  C:\Windows\System\uyZGueT.exe
  2⤵
  PID:9192
- C:\Windows\System\WXLAOcI.exe
  C:\Windows\System\WXLAOcI.exe
  2⤵
  PID:8296
- C:\Windows\System\BbRTXeF.exe
  C:\Windows\System\BbRTXeF.exe
  2⤵
  PID:8444
- C:\Windows\System\cLnTtUP.exe
  C:\Windows\System\cLnTtUP.exe
  2⤵
  PID:7400
- C:\Windows\System\NmlCZDr.exe
  C:\Windows\System\NmlCZDr.exe
  2⤵
  PID:7944
- C:\Windows\System\VWLRYFL.exe
  C:\Windows\System\VWLRYFL.exe
  2⤵
  PID:1808
- C:\Windows\System\KnTNAtu.exe
  C:\Windows\System\KnTNAtu.exe
  2⤵
  PID:8504
- C:\Windows\System\zsIzSWb.exe
  C:\Windows\System\zsIzSWb.exe
  2⤵
  PID:8384
- C:\Windows\System\lUwUAZh.exe
  C:\Windows\System\lUwUAZh.exe
  2⤵
  PID:8424
- C:\Windows\System\LNgUNoq.exe
  C:\Windows\System\LNgUNoq.exe
  2⤵
  PID:8464
- C:\Windows\System\fGTPtnx.exe
  C:\Windows\System\fGTPtnx.exe
  2⤵
  PID:8492
- C:\Windows\System\hZOlqAW.exe
  C:\Windows\System\hZOlqAW.exe
  2⤵
  PID:8520
- C:\Windows\System\rWkHDDL.exe
  C:\Windows\System\rWkHDDL.exe
  2⤵
  PID:8540
- C:\Windows\System\vctmcuu.exe
  C:\Windows\System\vctmcuu.exe
  2⤵
  PID:8544
- C:\Windows\System\DLJYHma.exe
  C:\Windows\System\DLJYHma.exe
  2⤵
  PID:8588
- C:\Windows\System\PXHdsic.exe
  C:\Windows\System\PXHdsic.exe
  2⤵
  PID:8992
- C:\Windows\System\tKdunAv.exe
  C:\Windows\System\tKdunAv.exe
  2⤵
  PID:8760
- C:\Windows\System\GQUOLfS.exe
  C:\Windows\System\GQUOLfS.exe
  2⤵
  PID:8428
- C:\Windows\System\VlqwKEe.exe
  C:\Windows\System\VlqwKEe.exe
  2⤵
  PID:8928
- C:\Windows\System\AoKhNqo.exe
  C:\Windows\System\AoKhNqo.exe
  2⤵
  PID:8952
- C:\Windows\System\rQIkNMh.exe
  C:\Windows\System\rQIkNMh.exe
  2⤵
  PID:9124
- C:\Windows\System\TdIxuOQ.exe
  C:\Windows\System\TdIxuOQ.exe
  2⤵
  PID:9128
- C:\Windows\System\fFcscwx.exe
  C:\Windows\System\fFcscwx.exe
  2⤵
  PID:8972
- C:\Windows\System\AKJgSMs.exe
  C:\Windows\System\AKJgSMs.exe
  2⤵
  PID:8364
- C:\Windows\System\QkVrKyQ.exe
  C:\Windows\System\QkVrKyQ.exe
  2⤵
  PID:8348
- C:\Windows\System\tBjMiuA.exe
  C:\Windows\System\tBjMiuA.exe
  2⤵
  PID:7564
- C:\Windows\System\aMDcGzd.exe
  C:\Windows\System\aMDcGzd.exe
  2⤵
  PID:8512
- C:\Windows\System\gtGqgVL.exe
  C:\Windows\System\gtGqgVL.exe
  2⤵
  PID:8556
- C:\Windows\System\PbKwpRQ.exe
  C:\Windows\System\PbKwpRQ.exe
  2⤵
  PID:8688
- C:\Windows\System\ADCXwCy.exe
  C:\Windows\System\ADCXwCy.exe
  2⤵
  PID:8704
- C:\Windows\System\gZtUlrt.exe
  C:\Windows\System\gZtUlrt.exe
  2⤵
  PID:8896
- C:\Windows\System\lIHVSyL.exe
  C:\Windows\System\lIHVSyL.exe
  2⤵
  PID:8912
- C:\Windows\System\nWEccVt.exe
  C:\Windows\System\nWEccVt.exe
  2⤵
  PID:8884
- C:\Windows\System\DgGjfir.exe
  C:\Windows\System\DgGjfir.exe
  2⤵
  PID:8344
- C:\Windows\System\drFAYCh.exe
  C:\Windows\System\drFAYCh.exe
  2⤵
  PID:8528
- C:\Windows\System\zJwNAbj.exe
  C:\Windows\System\zJwNAbj.exe
  2⤵
  PID:8536
- C:\Windows\System\AVaiYOe.exe
  C:\Windows\System\AVaiYOe.exe
  2⤵
  PID:8676
- C:\Windows\System\sioeyjz.exe
  C:\Windows\System\sioeyjz.exe
  2⤵
  PID:9140
- C:\Windows\System\ZPRjeLO.exe
  C:\Windows\System\ZPRjeLO.exe
  2⤵
  PID:8640
- C:\Windows\System\KqkOqmo.exe
  C:\Windows\System\KqkOqmo.exe
  2⤵
  PID:9212
- C:\Windows\System\JIyJoFh.exe
  C:\Windows\System\JIyJoFh.exe
  2⤵
  PID:8480
- C:\Windows\System\WzMoOuF.exe
  C:\Windows\System\WzMoOuF.exe
  2⤵
  PID:8824
- C:\Windows\System\faXpXfE.exe
  C:\Windows\System\faXpXfE.exe
  2⤵
  PID:8948
- C:\Windows\System\pNOjFeb.exe
  C:\Windows\System\pNOjFeb.exe
  2⤵
  PID:8980
- C:\Windows\System\WiJHyTt.exe
  C:\Windows\System\WiJHyTt.exe
  2⤵
  PID:9060
- C:\Windows\System\xXdJWtE.exe
  C:\Windows\System\xXdJWtE.exe
  2⤵
  PID:9180
- C:\Windows\System\WLwmhpM.exe
  C:\Windows\System\WLwmhpM.exe
  2⤵
  PID:8500
- C:\Windows\System\goTlhFL.exe
  C:\Windows\System\goTlhFL.exe
  2⤵
  PID:9220
- C:\Windows\System\UdyoeUx.exe
  C:\Windows\System\UdyoeUx.exe
  2⤵
  PID:9236
- C:\Windows\System\cfvhrQD.exe
  C:\Windows\System\cfvhrQD.exe
  2⤵
  PID:9252
- C:\Windows\System\xWVkZbp.exe
  C:\Windows\System\xWVkZbp.exe
  2⤵
  PID:9268
- C:\Windows\System\JAMFMNA.exe
  C:\Windows\System\JAMFMNA.exe
  2⤵
  PID:9284
- C:\Windows\System\mtVOkxZ.exe
  C:\Windows\System\mtVOkxZ.exe
  2⤵
  PID:9300
- C:\Windows\System\LkQaWmw.exe
  C:\Windows\System\LkQaWmw.exe
  2⤵
  PID:9316
- C:\Windows\System\zszRpQf.exe
  C:\Windows\System\zszRpQf.exe
  2⤵
  PID:9332
- C:\Windows\System\lfvoMeU.exe
  C:\Windows\System\lfvoMeU.exe
  2⤵
  PID:9348
- C:\Windows\System\cMVxZst.exe
  C:\Windows\System\cMVxZst.exe
  2⤵
  PID:9364
- C:\Windows\System\fSNNtYa.exe
  C:\Windows\System\fSNNtYa.exe
  2⤵
  PID:9380
- C:\Windows\System\DcEtVcN.exe
  C:\Windows\System\DcEtVcN.exe
  2⤵
  PID:9396
- C:\Windows\System\eTqVxEJ.exe
  C:\Windows\System\eTqVxEJ.exe
  2⤵
  PID:9412
- C:\Windows\System\GBkcpYD.exe
  C:\Windows\System\GBkcpYD.exe
  2⤵
  PID:9428
- C:\Windows\System\FEglgJa.exe
  C:\Windows\System\FEglgJa.exe
  2⤵
  PID:9444
- C:\Windows\System\OmubxOQ.exe
  C:\Windows\System\OmubxOQ.exe
  2⤵
  PID:9460
- C:\Windows\System\FmkYhvl.exe
  C:\Windows\System\FmkYhvl.exe
  2⤵
  PID:9480
- C:\Windows\System\lxxPUTM.exe
  C:\Windows\System\lxxPUTM.exe
  2⤵
  PID:9496
- C:\Windows\System\GSmLMPW.exe
  C:\Windows\System\GSmLMPW.exe
  2⤵
  PID:9516
- C:\Windows\System\xDFhhDE.exe
  C:\Windows\System\xDFhhDE.exe
  2⤵
  PID:9532
- C:\Windows\System\ruHDKKd.exe
  C:\Windows\System\ruHDKKd.exe
  2⤵
  PID:9548
- C:\Windows\System\tKcbflk.exe
  C:\Windows\System\tKcbflk.exe
  2⤵
  PID:9564
- C:\Windows\System\WQsbsBF.exe
  C:\Windows\System\WQsbsBF.exe
  2⤵
  PID:9580
- C:\Windows\System\cctjjHt.exe
  C:\Windows\System\cctjjHt.exe
  2⤵
  PID:9596
- C:\Windows\System\pikrhgr.exe
  C:\Windows\System\pikrhgr.exe
  2⤵
  PID:9612
- C:\Windows\System\mYMArpq.exe
  C:\Windows\System\mYMArpq.exe
  2⤵
  PID:9628
- C:\Windows\System\pjCqQpE.exe
  C:\Windows\System\pjCqQpE.exe
  2⤵
  PID:9660
- C:\Windows\System\dRrstVd.exe
  C:\Windows\System\dRrstVd.exe
  2⤵
  PID:9680
- C:\Windows\System\EEkYDkQ.exe
  C:\Windows\System\EEkYDkQ.exe
  2⤵
  PID:9696
- C:\Windows\System\rGIIPzb.exe
  C:\Windows\System\rGIIPzb.exe
  2⤵
  PID:9712
- C:\Windows\System\RynHxhd.exe
  C:\Windows\System\RynHxhd.exe
  2⤵
  PID:9728
- C:\Windows\System\rdUWwGM.exe
  C:\Windows\System\rdUWwGM.exe
  2⤵
  PID:9744
- C:\Windows\System\ZJZOoAH.exe
  C:\Windows\System\ZJZOoAH.exe
  2⤵
  PID:9760
- C:\Windows\System\JpQYteP.exe
  C:\Windows\System\JpQYteP.exe
  2⤵
  PID:9776
- C:\Windows\System\eXFjzjx.exe
  C:\Windows\System\eXFjzjx.exe
  2⤵
  PID:9792
- C:\Windows\System\WcuCUoH.exe
  C:\Windows\System\WcuCUoH.exe
  2⤵
  PID:9808
- C:\Windows\System\PZzcEiq.exe
  C:\Windows\System\PZzcEiq.exe
  2⤵
  PID:9824
- C:\Windows\System\NglikTe.exe
  C:\Windows\System\NglikTe.exe
  2⤵
  PID:9840
- C:\Windows\System\ZkMxmfz.exe
  C:\Windows\System\ZkMxmfz.exe
  2⤵
  PID:9856
- C:\Windows\System\LreozMz.exe
  C:\Windows\System\LreozMz.exe
  2⤵
  PID:9872
- C:\Windows\System\JwaCroY.exe
  C:\Windows\System\JwaCroY.exe
  2⤵
  PID:9888
- C:\Windows\System\vaOaGsr.exe
  C:\Windows\System\vaOaGsr.exe
  2⤵
  PID:9904
- C:\Windows\System\vxMWoQI.exe
  C:\Windows\System\vxMWoQI.exe
  2⤵
  PID:9920
- C:\Windows\System\BBvQybu.exe
  C:\Windows\System\BBvQybu.exe
  2⤵
  PID:9936
- C:\Windows\System\SBZLWcg.exe
  C:\Windows\System\SBZLWcg.exe
  2⤵
  PID:9952
- C:\Windows\System\OQlHgKs.exe
  C:\Windows\System\OQlHgKs.exe
  2⤵
  PID:9968
- C:\Windows\System\tGgqyyp.exe
  C:\Windows\System\tGgqyyp.exe
  2⤵
  PID:9984
- C:\Windows\System\BfIqRZB.exe
  C:\Windows\System\BfIqRZB.exe
  2⤵
  PID:10040
- C:\Windows\System\uOOLczi.exe
  C:\Windows\System\uOOLczi.exe
  2⤵
  PID:10140
- C:\Windows\System\GcImblh.exe
  C:\Windows\System\GcImblh.exe
  2⤵
  PID:10156
- C:\Windows\System\UWAwvZF.exe
  C:\Windows\System\UWAwvZF.exe
  2⤵
  PID:10172
- C:\Windows\System\WWTMQPW.exe
  C:\Windows\System\WWTMQPW.exe
  2⤵
  PID:10188
- C:\Windows\System\ciYxvUf.exe
  C:\Windows\System\ciYxvUf.exe
  2⤵
  PID:10204
- C:\Windows\System\DPyrCHc.exe
  C:\Windows\System\DPyrCHc.exe
  2⤵
  PID:10220
- C:\Windows\System\xOiJcXP.exe
  C:\Windows\System\xOiJcXP.exe
  2⤵
  PID:10236
- C:\Windows\System\KoGTVuh.exe
  C:\Windows\System\KoGTVuh.exe
  2⤵
  PID:8472
- C:\Windows\System\UXOfsVz.exe
  C:\Windows\System\UXOfsVz.exe
  2⤵
  PID:9020
- C:\Windows\System\AUalzOd.exe
  C:\Windows\System\AUalzOd.exe
  2⤵
  PID:9280
- C:\Windows\System\rOWbplA.exe
  C:\Windows\System\rOWbplA.exe
  2⤵
  PID:9408
- C:\Windows\System\NSHjsmo.exe
  C:\Windows\System\NSHjsmo.exe
  2⤵
  PID:9420
- C:\Windows\System\vwkQhoV.exe
  C:\Windows\System\vwkQhoV.exe
  2⤵
  PID:9344
- C:\Windows\System\niAyWPI.exe
  C:\Windows\System\niAyWPI.exe
  2⤵
  PID:9472
- C:\Windows\System\KVlZXtY.exe
  C:\Windows\System\KVlZXtY.exe
  2⤵
  PID:9592
- C:\Windows\System\DTUYrxQ.exe
  C:\Windows\System\DTUYrxQ.exe
  2⤵
  PID:9624
- C:\Windows\System\KLciBkj.exe
  C:\Windows\System\KLciBkj.exe
  2⤵
  PID:9508
- C:\Windows\System\RzyXZlb.exe
  C:\Windows\System\RzyXZlb.exe
  2⤵
  PID:9608
- C:\Windows\System\wZPEKUd.exe
  C:\Windows\System\wZPEKUd.exe
  2⤵
  PID:9688
- C:\Windows\System\AIDweDN.exe
  C:\Windows\System\AIDweDN.exe
  2⤵
  PID:9512
- C:\Windows\System\UruxIhY.exe
  C:\Windows\System\UruxIhY.exe
  2⤵
  PID:9820
- C:\Windows\System\svqoPuf.exe
  C:\Windows\System\svqoPuf.exe
  2⤵
  PID:9884
- C:\Windows\System\idtrAaS.exe
  C:\Windows\System\idtrAaS.exe
  2⤵
  PID:9948
- C:\Windows\System\pDFMFpF.exe
  C:\Windows\System\pDFMFpF.exe
  2⤵
  PID:9704
- C:\Windows\System\IVjQkmD.exe
  C:\Windows\System\IVjQkmD.exe
  2⤵
  PID:9896
- C:\Windows\System\KdxKVnF.exe
  C:\Windows\System\KdxKVnF.exe
  2⤵
  PID:8720
- C:\Windows\System\JynfMwL.exe
  C:\Windows\System\JynfMwL.exe
  2⤵
  PID:10016
- C:\Windows\System\OyvZNWn.exe
  C:\Windows\System\OyvZNWn.exe
  2⤵
  PID:10036
- C:\Windows\System\HnkZCUq.exe
  C:\Windows\System\HnkZCUq.exe
  2⤵
  PID:10184
- C:\Windows\System\jZINjKi.exe
  C:\Windows\System\jZINjKi.exe
  2⤵
  PID:10056
- C:\Windows\System\InJvNWw.exe
  C:\Windows\System\InJvNWw.exe
  2⤵
  PID:8200
- C:\Windows\System\wGxyjbi.exe
  C:\Windows\System\wGxyjbi.exe
  2⤵
  PID:10088
- C:\Windows\System\qJLSrTx.exe
  C:\Windows\System\qJLSrTx.exe
  2⤵
  PID:10104
- C:\Windows\System\kZilVbi.exe
  C:\Windows\System\kZilVbi.exe
  2⤵
  PID:10228
- C:\Windows\System\YzGegLD.exe
  C:\Windows\System\YzGegLD.exe
  2⤵
  PID:9076
- C:\Windows\System\zCmPQgk.exe
  C:\Windows\System\zCmPQgk.exe
  2⤵
  PID:9488
- C:\Windows\System\wRkYTiT.exe
  C:\Windows\System\wRkYTiT.exe
  2⤵
  PID:9572
- C:\Windows\System\TtrDFoz.exe
  C:\Windows\System\TtrDFoz.exe
  2⤵
  PID:9356
- C:\Windows\System\ZHLTHVe.exe
  C:\Windows\System\ZHLTHVe.exe
  2⤵
  PID:9056
- C:\Windows\System\LeMvNLx.exe
  C:\Windows\System\LeMvNLx.exe
  2⤵
  PID:9440
- C:\Windows\System\NiXricY.exe
  C:\Windows\System\NiXricY.exe
  2⤵
  PID:9524
- C:\Windows\System\wgTiqgO.exe
  C:\Windows\System\wgTiqgO.exe
  2⤵
  PID:9724
- C:\Windows\System\dvBpEih.exe
  C:\Windows\System\dvBpEih.exe
  2⤵
  PID:9816
- C:\Windows\System\HWXRyDP.exe
  C:\Windows\System\HWXRyDP.exe
  2⤵
  PID:9928
- C:\Windows\System\FnNYyDW.exe
  C:\Windows\System\FnNYyDW.exe
  2⤵
  PID:10032
- C:\Windows\System\SFFZtot.exe
  C:\Windows\System\SFFZtot.exe
  2⤵
  PID:10168
- C:\Windows\System\BtfNNmR.exe
  C:\Windows\System\BtfNNmR.exe
  2⤵
  PID:9772
- C:\Windows\System\srZdfCq.exe
  C:\Windows\System\srZdfCq.exe
  2⤵
  PID:9976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BLQEMCa.exe

Filesize
6.0MB

MD5
dfc6a43005b52de9cc439f90245d5f73

SHA1
b839d1eef591dc44bc2644a0451bb5ffe1df006b

SHA256
0600ca60fc64d765c5959160e0171caa0dba7067d0ba21d2fd89500294094ab4

SHA512
96b4af19b29b77778a1ac40611e93f680170314d35bd8ff60412fc127e8b692179016f98e4e818ad0cc238b733313fcf5352e29632369b0f81099c7cac36dadd

Download Submit
C:\Windows\system\DUHnYxa.exe

Filesize
6.0MB

MD5
64ee261bc8b010cc9337bab298e010a4

SHA1
066fc2110bea758be6b2bd83fc9053e6d2b806c5

SHA256
b670867007f1893eeeb69380b2fddbe4c6d5a5671ca64f9d18cf6ff2ee29cd84

SHA512
942db1a4de9d22695c6a51d7052b563d21b63284e0758c287b37fd95092bd67a91bc7ea6b83da6a82d0f41b8c19109d6186ba70212d129b8030ecf36ef979d05

Download Submit
C:\Windows\system\DYVUBbz.exe

Filesize
6.0MB

MD5
c7d6a9c1e48cf021a065d9f75fe41ecc

SHA1
b770435c28454f02963a7b7673ade228b52fffa2

SHA256
b133ee020c6d4b09089b7d694c4379a1af88caf3483dc85ac84598f2d714c6a0

SHA512
526998f44a462ebf4cd6c53bcd054bf3df8cfa55664d9c31cfeed1a2074c0631b24ed2e972bb74d0512e8d42e35309dfe122c8979d87cbd720726601266ab1d2

Download Submit
C:\Windows\system\EQZetIF.exe

Filesize
6.0MB

MD5
c7c158caf4cbbd6adf05c1a3e6c9e699

SHA1
939705bf85b61a0bb9f96fe7543bd2aeafc8f164

SHA256
b9a8537e2eb46df9d145986b9804c37f61f479ed7920c2e9a27a1469b0a2da49

SHA512
0afcf76dcae599ac0c8c013cc6b789f563825f7b1bdec1fae59e1c03e40ebfeeb10632aae9d1d691c128a1c0227023105c1322a943de692246c35fbab51441ff

Download Submit
C:\Windows\system\FDMlydB.exe

Filesize
6.0MB

MD5
193d9835f6a321ae31e0553fd9b78047

SHA1
6f7ed37d851ad3fdc163419bdcb31de7893cc8bd

SHA256
702dc751ef38b28e21706cbba5cbf268906fd48d074ce2b2d9560e902c626e1b

SHA512
f6b9b81dc003cbb3d9109e82acfb9bf5c0df087f428e3e094b47a22cb3c17177a4a1c0d27f5cb530cc60e5463f5603214f326a214a973c5b3912c87e8b4f62d8

Download Submit
C:\Windows\system\GrxUfXI.exe

Filesize
6.0MB

MD5
8869e6ed30d8c13c6d54275e8c28122d

SHA1
807549f7cb57171cda30a13489546ea1666581a3

SHA256
19d280421fe3a28fd683bb54fc0e9c3674af7d734bd835391e69bafe22589987

SHA512
4dc6c91ecb9fd878b62005c8d7a1d1da4a45a4500e1b73d2d6d98eca066525f0301c91b274d60e4a049f43aa6e5fd574932a81b8bceb20fcaf5d177f22236711

Download Submit
C:\Windows\system\LfstuoF.exe

Filesize
6.0MB

MD5
21836c31dc46dfd300d1bcf60116688e

SHA1
9fe5b7e07baec2e0d13499ed4771a2413b6d3692

SHA256
725242e18677a9b1455bd133b8587549ff2573e7effc7481da578605a4cb3bf0

SHA512
2134a6454980fc47cdc85a661400eb8dedaed5ad02c7940d11ca854ea4f3971f956401b7c0fc36250e72e0a312bec2a3e0daf0c964cca2f15d18b04e01724e7b

Download Submit
C:\Windows\system\MJafMwj.exe

Filesize
6.0MB

MD5
8eb62c961ec889e00e342a7c5f5fe9ee

SHA1
d93079c02733a4a2bb253e5da226eff4b20f75a4

SHA256
5a102ae7639b320645037b66d61a5c3701633218bb1078dc985f7e18e107be47

SHA512
0a1568121d0fa53979d1a061b4975eef7d17378d3399611643d2a07deef4d8a5e4b71fa4c1026aa222e4b50b3a8033205f87f29bee731b8f586830e68b89f6fb

Download Submit
C:\Windows\system\NFFkxXT.exe

Filesize
6.0MB

MD5
65005a09046458e1c352d91975103275

SHA1
7048a31af4798f658595a71e61f2745027059158

SHA256
c6bf89005dc5d89c30c7100fd12da22f1c8983489373d4d24f3c2fde5df216b9

SHA512
86b6a79505427d22983061931b64c8df960bacf07b12a4ed61f9fb8b6a5d32047a94078861e3b2807845b61c5b0eecadc51ec5b26736e1f86558bd6583d9f92f

Download Submit
C:\Windows\system\PdmIjnd.exe

Filesize
6.0MB

MD5
f7b34220977dc5b249d837d6d7fa4ce3

SHA1
9845ca828a95040c7e0052379fe6662be6f7deca

SHA256
5100846ea368a23af872795c8b9cd2a30bd06e96af2dd6b1d23a9d5d89aeba8a

SHA512
b4b9e9c65e9d5f123b68e2298a10b4acc90de7f18249af21750379c27fbfbd89aa4aa22767fefe53a08db927c02817696e48a04973f7ed720cd736f535d97ef1

Download Submit
C:\Windows\system\WryTmuw.exe

Filesize
6.0MB

MD5
8ae1cbca9572fde4a1331d301b6dbada

SHA1
ce8d090bedefc90843f7e21553c3d553cb81f725

SHA256
91d3c7a6b6192bcd9524c4f9ffb232929aabe7e9d9d752ae367be6e0a0395a1e

SHA512
e4b2ac1a4d406ad1f995da21123d2038ef498078ab500c82589e8eed64e608c3c07e82c2d881cb0a86b9403431594097ef3dd298ae3f85ac3667f80288321284

Download Submit
C:\Windows\system\ZZSZXdX.exe

Filesize
6.0MB

MD5
bc2af94c98d7a9a5038849ed23a8ea3f

SHA1
be6e0fc073a0f3099edfdd13f84d77c076574160

SHA256
9fa15476b58e913f5134c10358861bc3dcfe4d81510b39806a942cb766dd7ccd

SHA512
7b2071773ba983fd09988bce0de01667b0c61e1e26c1d5cbdd618194c449bb4c992467cd4ab44713742b9771667c54f35ae4e51aa091897234c9cef906ab6f7b

Download Submit
C:\Windows\system\atZkfKK.exe

Filesize
6.0MB

MD5
47e10b2f06e40f0946f0bfd461b963e9

SHA1
3b8741c91ee90372af15194910537688496d18bf

SHA256
a2fb3faa1aba5613c2ce254d1ac8acebd3a9f89ef949a684762ec814ef859ca6

SHA512
90072040ee55589e45e99cd9c7a90f146b9f09730b94ed1b09e16ee28ea6ee558488fe4bc1f43f17f35b9770b247c5c0c6326da97aa7bdd25e0e4bc74d5e31ed

Download Submit
C:\Windows\system\bMBomWF.exe

Filesize
6.0MB

MD5
147801abcb50f850abb9fec36bb4fedc

SHA1
7f97b6c5f3f76355fdf5be021bb9f2f1d2a57dff

SHA256
1bb440f374aba66ffae8eacd78b1039cbee6eae8945830b5b8b8ec5eb20ec647

SHA512
1e538bad9b7b5b07d5d6ea27a5781417713537d503d8b341a0e3a739e3ca020253a9c6ad31376fc83f011823418cbb2562d982ef25f23a259d9f6e7cb8e94eb1

Download Submit
C:\Windows\system\bcuLXxR.exe

Filesize
6.0MB

MD5
0948773a5a6ff61e8e60399c7522b16c

SHA1
541a40c2f14baf1931d313faf9749a2bef4d7bbe

SHA256
d4b812ace345591e61170c7a6e7b50ac141fdfc6f0e31868d8b0bd57493a3ae2

SHA512
c02d48362eb1f7454a9b234989c94fa63b3ba64ffedeb2253108ec980fa0ec463e96d19a190a64186c08bddb470db6020b43690562f0fcace449cdde1a37e038

Download Submit
C:\Windows\system\dJmthBd.exe

Filesize
6.0MB

MD5
9641007bf44262426634bda676b39cc2

SHA1
ab356a7996a9fa6c79c0fb8105b3708f07c073f1

SHA256
28f56109ad357db7eaf07882540c3d416fb9001f5b9776c5ccfc5ad87009ddbe

SHA512
6d69719a51219649975938b7cd46e00222f2af9700ee5c79afcde16d25326601734a102c6ca123a30cbd840433307cce0a9d229be64f91124c5128bf5ac7e6b3

Download Submit
C:\Windows\system\eAmuPdx.exe

Filesize
6.0MB

MD5
c1cf882e37ad5743af83302d2e0ce16d

SHA1
346fe3260063c340078eefe53b16c781a1111ba0

SHA256
b1d5e364286e5d8fadb60447a7daf3561d1c416837a78ebec4341f3cb3a8c0cd

SHA512
f2e8aab9cb423f074f1c5b8a5197c6daf4129316a949b8784418adafb1457ee6e7049ea1e9e4f2e1c6246613872e9744a53151e00e72c1c8e2c1f5cb80868476

Download Submit
C:\Windows\system\mUhFrSJ.exe

Filesize
6.0MB

MD5
1b07aca7ad2ab08f949599eea8c688d3

SHA1
30dbce34d1ca8de734d208299cc8a73647544bc0

SHA256
85fd5584a0232b370109b71f380ba0420151f2ecae4feee10ee08c5dbd219ffd

SHA512
7eec06c0d1a6975b06a51dad1b727edd637063f1072916bf86791b1bd0f3a376e363e7c1fa48340d4562541ddbb153c18dd2960058707bd6c052f2e1def7c5dc

Download Submit
C:\Windows\system\pKHFTaV.exe

Filesize
6.0MB

MD5
a6ced941c1c1fe428297e930c96ae530

SHA1
64d397155d98e99c08e85f30719cb2b53b327602

SHA256
ad3586ced0e739c804702e34663348250a6bb45086cc6d3c9d5d91629f56cf1b

SHA512
25960bf593c0372402d638bcc6383e8456af22f48e2038e4f7846bd42386a681f694a4a40b08af0b44a4f4431885fe78adadc27bcb663347f7628643d779a32f

Download Submit
C:\Windows\system\psLBrlx.exe

Filesize
6.0MB

MD5
82185013d2d72d0a1c4215439874b08b

SHA1
d0c2c01056db21005dcfb5d69883d47bf189af44

SHA256
4efa5542a90729c03056e9417ee323b9eb2c6a10b86d94e2ae1694dc7b2d172e

SHA512
ffb83fcf8226f24b036c829443552dd092cbacd326b86fc088e2dc852bf094900a2bf4897c081436b46973609b83323c76d34d1b0ae6863d18cc1074accd70aa

Download Submit
C:\Windows\system\rTPvpgJ.exe

Filesize
6.0MB

MD5
0d5027fec68546a52314f49a5a3a2087

SHA1
462bc336e1cd7c4108d95c74042c452c9ce557bd

SHA256
f735ece6d75cb4fbdffba09549165fe1f5e0e85c8e1a5958e04a71377064e413

SHA512
98e17f35d7347dc17a7bd156887433c5f7fea682cb3ae138892476f2877fd0910e4b699f399a10304804f2a0953084056b3ac8879173c0b40ae97851b6921917

Download Submit
C:\Windows\system\tftPXXh.exe

Filesize
6.0MB

MD5
d49cf33adbb79c1679d33d5222b0e674

SHA1
3b09821ee60c8f8f8e16cfca742ff81898da1558

SHA256
90894e914256dbdcfe68cea7b6bbd92132e34e2f87c0fa7f218136cf1c3bf15c

SHA512
b13b6dbcd979322cc17edc56ea7b0aa02b999033f3cb6cef0db27643af9ebd04665e43996373549b9c8ad4c42890ab96e2de3d768fc0b0f3b26d41db45ae3358

Download Submit
C:\Windows\system\uaoAAPJ.exe

Filesize
6.0MB

MD5
40a15b92c2c30792e72e9c1bd573ffe8

SHA1
a85aa871f1216402b6c49d02c3f8f2dd9aa416ae

SHA256
005fe3ef0a90deaa6d21334c7031e9b4b78be29979906840887b54f97ce56038

SHA512
18af7f04a301d451d07f2f2dbbed305bc2123c88d5b0f3d07b5783b20f1f6b44f7cf699357fed734d8ce33b4d1d00c6c2227efad72f51807e212bd92dbc9f187

Download Submit
C:\Windows\system\vNXzjsD.exe

Filesize
6.0MB

MD5
6cc2ea118341505566f8fd250b73cb7b

SHA1
27d407de81835fc73319a625199e561e4e9924fc

SHA256
220a230d4820ce39f2c9c00d08edb11f4db344552cb8113389c479a9cfa88479

SHA512
07153d85cf998f3cb51650cecdc434827e3aacf372d9939e2db2ad1a8b683bacf5c8abbe4bf2fe294ff1627fff366a426b7509325999577561a0a6838ffae11d

Download Submit
C:\Windows\system\vyYspif.exe

Filesize
6.0MB

MD5
4085b6016b55cb9cb65de7318a679eaf

SHA1
060274add58662f4cd09a748453d2e3a9e67b7f0

SHA256
66fc63249ffcb4304ea8a8146d7357a821f9ff5955c97b796c07463ef51fec1f

SHA512
a78c1c731f8a3a1ea4b43503b0cc8cdc880cce5c35d3dd06fec7ca181fee189d9e24315bcdda0d32154c83dc587b9c04379aa88635feb4b575b0c695fa321c5e

Download Submit
C:\Windows\system\wyibVWo.exe

Filesize
6.0MB

MD5
a59a66b5e15823ee7abff0bae3d889a4

SHA1
799870a7c8cdf0edddf35a81250b0882105104b4

SHA256
adc331db80cbd668edc52372023089a12bbfd00e354c479196aae4337a28a6a4

SHA512
988eccf4aeef7829329f9f9f2098b93971b725158ada87ec366144cd50e4af1b20bf059fb6008cbd3c4a2c0670494709ca5ab69a6be2806a527ab0cf9ce321c6

Download Submit
C:\Windows\system\xQxhpgT.exe

Filesize
6.0MB

MD5
983ee5d50ab33bd4043b871199a8e244

SHA1
ff54908de384e931633b49e78294f1f8e3acfbb6

SHA256
56a5697538c2f8f9b4970687dd4ed45536d9bbab513ff9c0756da0fa5449486f

SHA512
aa5ab0a4e86e565c4a86b45dc55cdd5df95e14debd2fed7fcf7f505e48a7a3d68ea28b8232d320d9556ff25403727665a5878490852a92560396cf0417142b07

Download Submit
C:\Windows\system\zZcEQNl.exe

Filesize
6.0MB

MD5
5da214807a297f7fc50a8f93e745fd2f

SHA1
c97ab023de3c63c593e4401af7e92a88ff1017af

SHA256
7a3524404aaaab038a4ebeef3ed56828556ba1f4ee7d3cfe70c544da8ed65bec

SHA512
88cd7eea98102dc3f5dc2278ec5589c8205b24b7b0925ae0714b19c89c1788ae59a4686ff37ebe14f8f635a5027217bae6cfb50bed0542f0e0c948a9a75d90f0

Download Submit
\Windows\system\fxAcnGw.exe

Filesize
6.0MB

MD5
f8ed0c4d9b121a473a2d1df5014d34f7

SHA1
e304797f275d797cf5584f22682074f0771386e5

SHA256
ea13daee0aaab5a554a4300c1ff644e5e0b78be31bd3690ec959083516519cda

SHA512
aabec28f9e064a4b21d1019a9dc3f424ed86f4efd5a5479b85dfe0b5f75de9eed027236dc14f49440a42ce2b207daa174d4a08fdf7e019a347048e0d4ceef274

Download Submit
\Windows\system\jGaYExt.exe

Filesize
6.0MB

MD5
11f42f66c2a62c0b2ac1ebe5ec61b15c

SHA1
5f6db0c50a9aa6e54a2306343db6df65cace897e

SHA256
e82156c76699f960ecd2e68a65cd96ca412f48d64de5346b2232f214dcd9fb7d

SHA512
27c886b7fcbc0ea8cb340b17e54407ddc67d81ae633527d11c807c664146dc2e775708c7a414c3ee2b7bf585abd5f0418276c460ffea8d46a2044b5cbce6aac8

Download Submit
\Windows\system\nicozMX.exe

Filesize
6.0MB

MD5
b6973900c6c6cac66e644237fe35b8b3

SHA1
34206150d1666667fca2395e00d9dde9e00d7b59

SHA256
f7788a42060967346d45928535d24584325b961592808370c1c330752428611a

SHA512
7e7889e83e6813014e7b619e307b95c8b263630014c4a7862b50cdfbdd3876dab6e1de3b1cf437bcf4f888913a9894192beb1ba6abc4e9291220f2b35e282400

Download Submit
\Windows\system\qxurYMU.exe

Filesize
6.0MB

MD5
c24326372b540800b5fc729df942ca9a

SHA1
46d5ce4249db2c50206f4f07a70fc9273a375c0d

SHA256
fc3719a79bfbfa15f20b70a46a52a05de1ebe684150a632776fd7dacb36f6d6a

SHA512
7150ae23ac4772b500255b02e4dd9f4c1327cb8f697d3d6ff232605ae6d25d67563a355d42d2b077eb96d0c3bdac64df2e63a7e3d67e326a9c1bdeca343452b6

Download Submit
memory/1228-14-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1228-51-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1228-3013-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1752-31-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1752-83-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1752-3063-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2012-115-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2012-41-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2012-3058-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2132-107-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-818-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-3259-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-3001-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-22-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-3014-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-47-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-8-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-50-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2368-730-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2368-338-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2368-113-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2368-84-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-114-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-82-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2368-20-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2368-63-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2368-539-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2368-880-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2368-28-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2368-95-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2368-88-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2368-68-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2368-12-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2368-633-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2368-0-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2368-33-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2368-48-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2368-724-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-435-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2368-40-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2760-817-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3237-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-103-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3226-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2780-540-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2780-64-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2800-339-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2800-49-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3227-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2908-727-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2908-89-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3260-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3016-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2928-35-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2928-108-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3017-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2944-59-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2944-460-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download