cobaltstrike | 84b381ec86724d43b556b2a791df0eadfe63e61bc9f88e84c00a14ac91ae90bd

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-12-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

83adae321ad2eca40cbb3c46442116a2
SHA1

71c00168f8ee34fce5dc2423dd0fc9fef5c5b725
SHA256

84b381ec86724d43b556b2a791df0eadfe63e61bc9f88e84c00a14ac91ae90bd
SHA512

7c12a215362b5041371a8b6efaffd35a775f02e0c518b01674be6ca816ae2834bd14cead80fa5b89e44c7ddf0e136c350fa899e5f0b2a6cacc14023c4d66290e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 37 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f3-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016edb-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-20.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707c-13.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-50.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174c3-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017488-36.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019640-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-172.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174a6-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019642-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-91.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746a-83.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral1/memory/1832-0-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x00080000000173f3-16.dat	xmrig
behavioral1/files/0x0008000000016edb-23.dat	xmrig
behavioral1/files/0x0007000000017403-20.dat	xmrig
behavioral1/files/0x000800000001707c-13.dat	xmrig
behavioral1/memory/3040-12-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-57.dat	xmrig
behavioral1/files/0x000500000001926c-50.dat	xmrig
behavioral1/files/0x00080000000174c3-43.dat	xmrig
behavioral1/files/0x0007000000017488-36.dat	xmrig
behavioral1/files/0x0005000000019365-78.dat	xmrig
behavioral1/memory/3064-1233-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2404-1113-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/1832-987-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x000500000001929a-184.dat	xmrig
behavioral1/files/0x0005000000019640-181.dat	xmrig
behavioral1/files/0x0005000000019268-172.dat	xmrig
behavioral1/files/0x00080000000174a6-169.dat	xmrig
behavioral1/files/0x0005000000019513-167.dat	xmrig
behavioral1/files/0x00050000000194d7-159.dat	xmrig
behavioral1/files/0x00050000000194df-156.dat	xmrig
behavioral1/files/0x000500000001947d-150.dat	xmrig
behavioral1/memory/2816-149-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019485-145.dat	xmrig
behavioral1/files/0x000500000001946a-139.dat	xmrig
behavioral1/files/0x000500000001945b-138.dat	xmrig
behavioral1/files/0x0005000000019479-134.dat	xmrig
behavioral1/files/0x0005000000019446-125.dat	xmrig
behavioral1/files/0x0005000000019465-123.dat	xmrig
behavioral1/files/0x0005000000019450-116.dat	xmrig
behavioral1/files/0x00050000000193c1-111.dat	xmrig
behavioral1/files/0x0005000000019433-108.dat	xmrig
behavioral1/files/0x00050000000193b3-96.dat	xmrig
behavioral1/files/0x0005000000019387-86.dat	xmrig
behavioral1/memory/2404-69-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/1832-56-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019275-53.dat	xmrig
behavioral1/memory/2524-49-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/1860-35-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/3064-33-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019642-189.dat	xmrig
behavioral1/files/0x000500000001953e-175.dat	xmrig
behavioral1/files/0x000500000001950e-163.dat	xmrig
behavioral1/memory/2780-115-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2492-95-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a4-94.dat	xmrig
behavioral1/files/0x0005000000019377-93.dat	xmrig
behavioral1/files/0x0005000000019319-91.dat	xmrig
behavioral1/memory/3012-85-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/files/0x000700000001746a-83.dat	xmrig
behavioral1/memory/2732-75-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/3064-3947-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/3040-3955-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2780-3956-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2404-3954-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/3012-3953-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/1860-3952-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2732-3951-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2492-3950-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2524-3949-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2816-3948-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3040	vGPFJbY.exe
3064	AIOdwOj.exe
1860	CZBtWEb.exe
2524	mZpyWHn.exe
2404	vRNMKLV.exe
2732	QGdfKtH.exe
3012	azqlfom.exe
2492	suxPaWq.exe
2816	BfiThRN.exe
2780	WADRhwV.exe
2596	RmwIeTw.exe
968	DTqwOwW.exe
2160	CoJXSgN.exe
1944	VohCOlR.exe
2504	XQffNnl.exe
2588	YFfyFlL.exe
1768	aqYtbGK.exe
1192	WQYfqzb.exe
2940	mgkWhIU.exe
2960	wJxPAYq.exe
2828	NLAQsWe.exe
2708	SoxGUTA.exe
688	VJKxLgn.exe
2908	GGtiwKQ.exe
2644	bReUPlB.exe
2672	ryzqLrj.exe
2116	JHRqZAC.exe
2652	DmSnhhx.exe
1392	glmtrQY.exe
1920	fmaXHBX.exe
2092	BMYSogb.exe
2028	lpbWpvg.exe
2008	BikExVN.exe
2888	KzHLAwF.exe
2952	ntIsbXS.exe
1472	iCwZzEE.exe
560	eahnRTW.exe
2584	uUMTshf.exe
2456	CwsUroE.exe
1776	ovvSqyr.exe
1696	rPNVIGm.exe
896	RAVLvLC.exe
1876	hOkFynj.exe
1724	dKHVtPF.exe
1408	buOYPJe.exe
1200	EuTBdRa.exe
2020	kwKBTsa.exe
2052	RhRVrkn.exe
1520	CGNZdhD.exe
3056	zKCcdeg.exe
2760	kCKgItZ.exe
1660	OzQUCbm.exe
2824	ukqoGSE.exe
2388	SdRBBny.exe
2968	EBIMvmS.exe
1700	YvaOEYP.exe
2196	YHuWkeC.exe
876	YOvBcie.exe
2464	aIpHvyg.exe
1524	XBxXQLy.exe
2128	oaXQEGc.exe
2536	kVltqBb.exe
2976	NEIQRui.exe
992	OvjmxqR.exe

Loads dropped DLL 64 IoCs

pid	Process
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1832-0-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x00080000000173f3-16.dat	upx
behavioral1/files/0x0008000000016edb-23.dat	upx
behavioral1/files/0x0007000000017403-20.dat	upx
behavioral1/files/0x000800000001707c-13.dat	upx
behavioral1/memory/3040-12-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0005000000019278-57.dat	upx
behavioral1/files/0x000500000001926c-50.dat	upx
behavioral1/files/0x00080000000174c3-43.dat	upx
behavioral1/files/0x0007000000017488-36.dat	upx
behavioral1/files/0x0005000000019365-78.dat	upx
behavioral1/memory/3064-1233-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2404-1113-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/1832-987-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x000500000001929a-184.dat	upx
behavioral1/files/0x0005000000019640-181.dat	upx
behavioral1/files/0x0005000000019268-172.dat	upx
behavioral1/files/0x00080000000174a6-169.dat	upx
behavioral1/files/0x0005000000019513-167.dat	upx
behavioral1/files/0x00050000000194d7-159.dat	upx
behavioral1/files/0x00050000000194df-156.dat	upx
behavioral1/files/0x000500000001947d-150.dat	upx
behavioral1/memory/2816-149-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0005000000019485-145.dat	upx
behavioral1/files/0x000500000001946a-139.dat	upx
behavioral1/files/0x000500000001945b-138.dat	upx
behavioral1/files/0x0005000000019479-134.dat	upx
behavioral1/files/0x0005000000019446-125.dat	upx
behavioral1/files/0x0005000000019465-123.dat	upx
behavioral1/files/0x0005000000019450-116.dat	upx
behavioral1/files/0x00050000000193c1-111.dat	upx
behavioral1/files/0x0005000000019433-108.dat	upx
behavioral1/files/0x00050000000193b3-96.dat	upx
behavioral1/files/0x0005000000019387-86.dat	upx
behavioral1/memory/2404-69-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0005000000019275-53.dat	upx
behavioral1/memory/2524-49-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/1860-35-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/3064-33-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0005000000019642-189.dat	upx
behavioral1/files/0x000500000001953e-175.dat	upx
behavioral1/files/0x000500000001950e-163.dat	upx
behavioral1/memory/2780-115-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2492-95-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x00050000000193a4-94.dat	upx
behavioral1/files/0x0005000000019377-93.dat	upx
behavioral1/files/0x0005000000019319-91.dat	upx
behavioral1/memory/3012-85-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x000700000001746a-83.dat	upx
behavioral1/memory/2732-75-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/3064-3947-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/3040-3955-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2780-3956-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2404-3954-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/3012-3953-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/1860-3952-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2732-3951-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2492-3950-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2524-3949-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2816-3948-0x000000013F730000-0x000000013FA84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DmSnhhx.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwfeyTX.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmGbOCZ.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rvvusre.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkAWlYi.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNrOvfb.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWqepRJ.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOLUIom.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEezYrm.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAyJEEM.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txvLAOq.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzjdGZR.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBDYnCs.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhnysmE.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOZjUXN.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydRaUyL.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfxdOCU.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iiBicFP.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onIdtnJ.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbnGhxy.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJaxEJW.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XORiiFH.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zVkaAJe.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUldEKp.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqzdfsr.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlCZeav.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsQdDPe.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgMGKTS.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRjGfWP.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcfhySu.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhqFWfH.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ObkWBTP.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqnMklv.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUYCang.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCmiPOV.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZfpuKT.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwQFvGA.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEMZRyF.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbqhVAO.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjAePNy.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRwMpHD.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVHDftb.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZUuBvT.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHHLmBP.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbxkqvg.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alamSxw.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUPXWRQ.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMwaYmA.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NokZLsL.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJFfyOQ.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlormdG.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdmSiLY.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VohCOlR.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghGdlFm.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqiPTZr.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESheotf.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlLQlrC.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxNEKcR.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwFTZfK.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAWmBZK.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqTyigq.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgfbRqz.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpbqZJp.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFUTUmF.exe	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 3040	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1832 wrote to memory of 3040	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1832 wrote to memory of 3040	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1832 wrote to memory of 3064	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1832 wrote to memory of 3064	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1832 wrote to memory of 3064	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1832 wrote to memory of 1860	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1832 wrote to memory of 1860	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1832 wrote to memory of 1860	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1832 wrote to memory of 2404	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1832 wrote to memory of 2404	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1832 wrote to memory of 2404	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1832 wrote to memory of 2524	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1832 wrote to memory of 2524	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1832 wrote to memory of 2524	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1832 wrote to memory of 2780	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1832 wrote to memory of 2780	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1832 wrote to memory of 2780	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1832 wrote to memory of 2732	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1832 wrote to memory of 2732	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1832 wrote to memory of 2732	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1832 wrote to memory of 2828	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1832 wrote to memory of 2828	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1832 wrote to memory of 2828	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1832 wrote to memory of 3012	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1832 wrote to memory of 3012	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1832 wrote to memory of 3012	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1832 wrote to memory of 2708	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1832 wrote to memory of 2708	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1832 wrote to memory of 2708	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1832 wrote to memory of 2492	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1832 wrote to memory of 2492	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1832 wrote to memory of 2492	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1832 wrote to memory of 2908	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1832 wrote to memory of 2908	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1832 wrote to memory of 2908	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1832 wrote to memory of 2816	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1832 wrote to memory of 2816	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1832 wrote to memory of 2816	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1832 wrote to memory of 2644	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1832 wrote to memory of 2644	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1832 wrote to memory of 2644	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1832 wrote to memory of 2596	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1832 wrote to memory of 2596	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1832 wrote to memory of 2596	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1832 wrote to memory of 2672	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1832 wrote to memory of 2672	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1832 wrote to memory of 2672	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1832 wrote to memory of 968	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1832 wrote to memory of 968	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1832 wrote to memory of 968	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1832 wrote to memory of 2652	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1832 wrote to memory of 2652	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1832 wrote to memory of 2652	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1832 wrote to memory of 2160	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1832 wrote to memory of 2160	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1832 wrote to memory of 2160	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1832 wrote to memory of 1392	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1832 wrote to memory of 1392	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1832 wrote to memory of 1392	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1832 wrote to memory of 1944	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1832 wrote to memory of 1944	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1832 wrote to memory of 1944	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1832 wrote to memory of 1920	1832	2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-17_83adae321ad2eca40cbb3c46442116a2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\System\vGPFJbY.exe
  C:\Windows\System\vGPFJbY.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\AIOdwOj.exe
  C:\Windows\System\AIOdwOj.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\CZBtWEb.exe
  C:\Windows\System\CZBtWEb.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\vRNMKLV.exe
  C:\Windows\System\vRNMKLV.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\mZpyWHn.exe
  C:\Windows\System\mZpyWHn.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\WADRhwV.exe
  C:\Windows\System\WADRhwV.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\QGdfKtH.exe
  C:\Windows\System\QGdfKtH.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\NLAQsWe.exe
  C:\Windows\System\NLAQsWe.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\azqlfom.exe
  C:\Windows\System\azqlfom.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\SoxGUTA.exe
  C:\Windows\System\SoxGUTA.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\suxPaWq.exe
  C:\Windows\System\suxPaWq.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\GGtiwKQ.exe
  C:\Windows\System\GGtiwKQ.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\BfiThRN.exe
  C:\Windows\System\BfiThRN.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\bReUPlB.exe
  C:\Windows\System\bReUPlB.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\RmwIeTw.exe
  C:\Windows\System\RmwIeTw.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\ryzqLrj.exe
  C:\Windows\System\ryzqLrj.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\DTqwOwW.exe
  C:\Windows\System\DTqwOwW.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\DmSnhhx.exe
  C:\Windows\System\DmSnhhx.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\CoJXSgN.exe
  C:\Windows\System\CoJXSgN.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\glmtrQY.exe
  C:\Windows\System\glmtrQY.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\VohCOlR.exe
  C:\Windows\System\VohCOlR.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\fmaXHBX.exe
  C:\Windows\System\fmaXHBX.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\XQffNnl.exe
  C:\Windows\System\XQffNnl.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\lpbWpvg.exe
  C:\Windows\System\lpbWpvg.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\YFfyFlL.exe
  C:\Windows\System\YFfyFlL.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\BikExVN.exe
  C:\Windows\System\BikExVN.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\aqYtbGK.exe
  C:\Windows\System\aqYtbGK.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\KzHLAwF.exe
  C:\Windows\System\KzHLAwF.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\WQYfqzb.exe
  C:\Windows\System\WQYfqzb.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\ntIsbXS.exe
  C:\Windows\System\ntIsbXS.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\mgkWhIU.exe
  C:\Windows\System\mgkWhIU.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\eahnRTW.exe
  C:\Windows\System\eahnRTW.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\wJxPAYq.exe
  C:\Windows\System\wJxPAYq.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\uUMTshf.exe
  C:\Windows\System\uUMTshf.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\VJKxLgn.exe
  C:\Windows\System\VJKxLgn.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\ovvSqyr.exe
  C:\Windows\System\ovvSqyr.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\JHRqZAC.exe
  C:\Windows\System\JHRqZAC.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\rPNVIGm.exe
  C:\Windows\System\rPNVIGm.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\BMYSogb.exe
  C:\Windows\System\BMYSogb.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\RAVLvLC.exe
  C:\Windows\System\RAVLvLC.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\iCwZzEE.exe
  C:\Windows\System\iCwZzEE.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\dKHVtPF.exe
  C:\Windows\System\dKHVtPF.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\CwsUroE.exe
  C:\Windows\System\CwsUroE.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\SdRBBny.exe
  C:\Windows\System\SdRBBny.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\hOkFynj.exe
  C:\Windows\System\hOkFynj.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\YvaOEYP.exe
  C:\Windows\System\YvaOEYP.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\buOYPJe.exe
  C:\Windows\System\buOYPJe.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\YHuWkeC.exe
  C:\Windows\System\YHuWkeC.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\EuTBdRa.exe
  C:\Windows\System\EuTBdRa.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\YOvBcie.exe
  C:\Windows\System\YOvBcie.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\kwKBTsa.exe
  C:\Windows\System\kwKBTsa.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\aIpHvyg.exe
  C:\Windows\System\aIpHvyg.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\RhRVrkn.exe
  C:\Windows\System\RhRVrkn.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\XBxXQLy.exe
  C:\Windows\System\XBxXQLy.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\CGNZdhD.exe
  C:\Windows\System\CGNZdhD.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\oaXQEGc.exe
  C:\Windows\System\oaXQEGc.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\zKCcdeg.exe
  C:\Windows\System\zKCcdeg.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\kVltqBb.exe
  C:\Windows\System\kVltqBb.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\kCKgItZ.exe
  C:\Windows\System\kCKgItZ.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\NEIQRui.exe
  C:\Windows\System\NEIQRui.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\OzQUCbm.exe
  C:\Windows\System\OzQUCbm.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\OvjmxqR.exe
  C:\Windows\System\OvjmxqR.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\ukqoGSE.exe
  C:\Windows\System\ukqoGSE.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\oxZqINX.exe
  C:\Windows\System\oxZqINX.exe
  2⤵
  PID:1272
- C:\Windows\System\EBIMvmS.exe
  C:\Windows\System\EBIMvmS.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\XjAePNy.exe
  C:\Windows\System\XjAePNy.exe
  2⤵
  PID:1176
- C:\Windows\System\JVlIfPh.exe
  C:\Windows\System\JVlIfPh.exe
  2⤵
  PID:1712
- C:\Windows\System\ZPJnmYi.exe
  C:\Windows\System\ZPJnmYi.exe
  2⤵
  PID:1420
- C:\Windows\System\qkSlDST.exe
  C:\Windows\System\qkSlDST.exe
  2⤵
  PID:1488
- C:\Windows\System\TjRpVvc.exe
  C:\Windows\System\TjRpVvc.exe
  2⤵
  PID:1968
- C:\Windows\System\IGTfNdx.exe
  C:\Windows\System\IGTfNdx.exe
  2⤵
  PID:2868
- C:\Windows\System\FbmNhbR.exe
  C:\Windows\System\FbmNhbR.exe
  2⤵
  PID:2736
- C:\Windows\System\CrpWwnF.exe
  C:\Windows\System\CrpWwnF.exe
  2⤵
  PID:2724
- C:\Windows\System\goIietS.exe
  C:\Windows\System\goIietS.exe
  2⤵
  PID:1112
- C:\Windows\System\boYtbAU.exe
  C:\Windows\System\boYtbAU.exe
  2⤵
  PID:1916
- C:\Windows\System\cAVeIqm.exe
  C:\Windows\System\cAVeIqm.exe
  2⤵
  PID:1828
- C:\Windows\System\ctgEqiw.exe
  C:\Windows\System\ctgEqiw.exe
  2⤵
  PID:1884
- C:\Windows\System\BjNVgHk.exe
  C:\Windows\System\BjNVgHk.exe
  2⤵
  PID:2932
- C:\Windows\System\CIHMJhB.exe
  C:\Windows\System\CIHMJhB.exe
  2⤵
  PID:1476
- C:\Windows\System\hbJvuME.exe
  C:\Windows\System\hbJvuME.exe
  2⤵
  PID:584
- C:\Windows\System\kwJXIzf.exe
  C:\Windows\System\kwJXIzf.exe
  2⤵
  PID:1656
- C:\Windows\System\OucuQeT.exe
  C:\Windows\System\OucuQeT.exe
  2⤵
  PID:572
- C:\Windows\System\HivONYU.exe
  C:\Windows\System\HivONYU.exe
  2⤵
  PID:1836
- C:\Windows\System\zefSQSN.exe
  C:\Windows\System\zefSQSN.exe
  2⤵
  PID:2352
- C:\Windows\System\tOAOYSo.exe
  C:\Windows\System\tOAOYSo.exe
  2⤵
  PID:1592
- C:\Windows\System\LefvLFx.exe
  C:\Windows\System\LefvLFx.exe
  2⤵
  PID:2344
- C:\Windows\System\sOaIZQg.exe
  C:\Windows\System\sOaIZQg.exe
  2⤵
  PID:960
- C:\Windows\System\ptVVCLq.exe
  C:\Windows\System\ptVVCLq.exe
  2⤵
  PID:2892
- C:\Windows\System\UEWYmxS.exe
  C:\Windows\System\UEWYmxS.exe
  2⤵
  PID:632
- C:\Windows\System\YTnzNmH.exe
  C:\Windows\System\YTnzNmH.exe
  2⤵
  PID:996
- C:\Windows\System\TafyBHA.exe
  C:\Windows\System\TafyBHA.exe
  2⤵
  PID:2248
- C:\Windows\System\czzEhhn.exe
  C:\Windows\System\czzEhhn.exe
  2⤵
  PID:2144
- C:\Windows\System\iGYWALq.exe
  C:\Windows\System\iGYWALq.exe
  2⤵
  PID:1240
- C:\Windows\System\CuTatrp.exe
  C:\Windows\System\CuTatrp.exe
  2⤵
  PID:2480
- C:\Windows\System\WICFtrL.exe
  C:\Windows\System\WICFtrL.exe
  2⤵
  PID:3000
- C:\Windows\System\DaGWkXm.exe
  C:\Windows\System\DaGWkXm.exe
  2⤵
  PID:2712
- C:\Windows\System\DyVsweM.exe
  C:\Windows\System\DyVsweM.exe
  2⤵
  PID:2432
- C:\Windows\System\Devrumf.exe
  C:\Windows\System\Devrumf.exe
  2⤵
  PID:380
- C:\Windows\System\prfMGna.exe
  C:\Windows\System\prfMGna.exe
  2⤵
  PID:2980
- C:\Windows\System\nDeLQpM.exe
  C:\Windows\System\nDeLQpM.exe
  2⤵
  PID:1684
- C:\Windows\System\RTECoFu.exe
  C:\Windows\System\RTECoFu.exe
  2⤵
  PID:1260
- C:\Windows\System\ULHopcF.exe
  C:\Windows\System\ULHopcF.exe
  2⤵
  PID:2104
- C:\Windows\System\AIIeLQY.exe
  C:\Windows\System\AIIeLQY.exe
  2⤵
  PID:1840
- C:\Windows\System\PfQSnHa.exe
  C:\Windows\System\PfQSnHa.exe
  2⤵
  PID:884
- C:\Windows\System\pKYKQvh.exe
  C:\Windows\System\pKYKQvh.exe
  2⤵
  PID:3080
- C:\Windows\System\eGYdMpu.exe
  C:\Windows\System\eGYdMpu.exe
  2⤵
  PID:3100
- C:\Windows\System\FvhTJoC.exe
  C:\Windows\System\FvhTJoC.exe
  2⤵
  PID:3124
- C:\Windows\System\TOKqJPf.exe
  C:\Windows\System\TOKqJPf.exe
  2⤵
  PID:3144
- C:\Windows\System\DuiUWvU.exe
  C:\Windows\System\DuiUWvU.exe
  2⤵
  PID:3160
- C:\Windows\System\lxDEhDw.exe
  C:\Windows\System\lxDEhDw.exe
  2⤵
  PID:3180
- C:\Windows\System\dyYdMqL.exe
  C:\Windows\System\dyYdMqL.exe
  2⤵
  PID:3200
- C:\Windows\System\WErPVZj.exe
  C:\Windows\System\WErPVZj.exe
  2⤵
  PID:3220
- C:\Windows\System\GpeqJCU.exe
  C:\Windows\System\GpeqJCU.exe
  2⤵
  PID:3240
- C:\Windows\System\kIUvSSB.exe
  C:\Windows\System\kIUvSSB.exe
  2⤵
  PID:3264
- C:\Windows\System\DRwMpHD.exe
  C:\Windows\System\DRwMpHD.exe
  2⤵
  PID:3280
- C:\Windows\System\WDdqCfa.exe
  C:\Windows\System\WDdqCfa.exe
  2⤵
  PID:3304
- C:\Windows\System\QwyiBrN.exe
  C:\Windows\System\QwyiBrN.exe
  2⤵
  PID:3324
- C:\Windows\System\HjZRuRd.exe
  C:\Windows\System\HjZRuRd.exe
  2⤵
  PID:3340
- C:\Windows\System\xQFWBTc.exe
  C:\Windows\System\xQFWBTc.exe
  2⤵
  PID:3364
- C:\Windows\System\BsxKIZo.exe
  C:\Windows\System\BsxKIZo.exe
  2⤵
  PID:3384
- C:\Windows\System\DVSdeSh.exe
  C:\Windows\System\DVSdeSh.exe
  2⤵
  PID:3404
- C:\Windows\System\KfuyWEl.exe
  C:\Windows\System\KfuyWEl.exe
  2⤵
  PID:3424
- C:\Windows\System\ADTXXUH.exe
  C:\Windows\System\ADTXXUH.exe
  2⤵
  PID:3444
- C:\Windows\System\CUsFdQr.exe
  C:\Windows\System\CUsFdQr.exe
  2⤵
  PID:3460
- C:\Windows\System\jHBqimO.exe
  C:\Windows\System\jHBqimO.exe
  2⤵
  PID:3480
- C:\Windows\System\HQgEQSm.exe
  C:\Windows\System\HQgEQSm.exe
  2⤵
  PID:3504
- C:\Windows\System\LaLeLPg.exe
  C:\Windows\System\LaLeLPg.exe
  2⤵
  PID:3520
- C:\Windows\System\puMmTJO.exe
  C:\Windows\System\puMmTJO.exe
  2⤵
  PID:3540
- C:\Windows\System\cDHjIhE.exe
  C:\Windows\System\cDHjIhE.exe
  2⤵
  PID:3564
- C:\Windows\System\ZUnVQqs.exe
  C:\Windows\System\ZUnVQqs.exe
  2⤵
  PID:3584
- C:\Windows\System\AxCBdFt.exe
  C:\Windows\System\AxCBdFt.exe
  2⤵
  PID:3600
- C:\Windows\System\kcQiBJH.exe
  C:\Windows\System\kcQiBJH.exe
  2⤵
  PID:3620
- C:\Windows\System\ycbaXpm.exe
  C:\Windows\System\ycbaXpm.exe
  2⤵
  PID:3640
- C:\Windows\System\FoOKlIM.exe
  C:\Windows\System\FoOKlIM.exe
  2⤵
  PID:3664
- C:\Windows\System\KlFbPSI.exe
  C:\Windows\System\KlFbPSI.exe
  2⤵
  PID:3680
- C:\Windows\System\FwhTnjb.exe
  C:\Windows\System\FwhTnjb.exe
  2⤵
  PID:3700
- C:\Windows\System\ciuKgTo.exe
  C:\Windows\System\ciuKgTo.exe
  2⤵
  PID:3720
- C:\Windows\System\tdTEaxq.exe
  C:\Windows\System\tdTEaxq.exe
  2⤵
  PID:3740
- C:\Windows\System\qEXpBkp.exe
  C:\Windows\System\qEXpBkp.exe
  2⤵
  PID:3760
- C:\Windows\System\fxnnoHl.exe
  C:\Windows\System\fxnnoHl.exe
  2⤵
  PID:3780
- C:\Windows\System\AneihOK.exe
  C:\Windows\System\AneihOK.exe
  2⤵
  PID:3800
- C:\Windows\System\UwfeyTX.exe
  C:\Windows\System\UwfeyTX.exe
  2⤵
  PID:3824
- C:\Windows\System\QmBkgoa.exe
  C:\Windows\System\QmBkgoa.exe
  2⤵
  PID:3844
- C:\Windows\System\zhQiTFQ.exe
  C:\Windows\System\zhQiTFQ.exe
  2⤵
  PID:3864
- C:\Windows\System\PxzSaDJ.exe
  C:\Windows\System\PxzSaDJ.exe
  2⤵
  PID:3884
- C:\Windows\System\kvCcuyw.exe
  C:\Windows\System\kvCcuyw.exe
  2⤵
  PID:3904
- C:\Windows\System\fJNYGvG.exe
  C:\Windows\System\fJNYGvG.exe
  2⤵
  PID:3920
- C:\Windows\System\ULqTNCs.exe
  C:\Windows\System\ULqTNCs.exe
  2⤵
  PID:3940
- C:\Windows\System\jOrJCuF.exe
  C:\Windows\System\jOrJCuF.exe
  2⤵
  PID:3960
- C:\Windows\System\kCDEmuI.exe
  C:\Windows\System\kCDEmuI.exe
  2⤵
  PID:3980
- C:\Windows\System\OsHVlDz.exe
  C:\Windows\System\OsHVlDz.exe
  2⤵
  PID:3996
- C:\Windows\System\tyPxVlg.exe
  C:\Windows\System\tyPxVlg.exe
  2⤵
  PID:4024
- C:\Windows\System\PWTJMWZ.exe
  C:\Windows\System\PWTJMWZ.exe
  2⤵
  PID:4040
- C:\Windows\System\Vxihyyw.exe
  C:\Windows\System\Vxihyyw.exe
  2⤵
  PID:4064
- C:\Windows\System\evyKBwB.exe
  C:\Windows\System\evyKBwB.exe
  2⤵
  PID:4084
- C:\Windows\System\YXhuKnK.exe
  C:\Windows\System\YXhuKnK.exe
  2⤵
  PID:3044
- C:\Windows\System\ZJBDLqb.exe
  C:\Windows\System\ZJBDLqb.exe
  2⤵
  PID:348
- C:\Windows\System\FRVNksw.exe
  C:\Windows\System\FRVNksw.exe
  2⤵
  PID:2920
- C:\Windows\System\zkWFEqg.exe
  C:\Windows\System\zkWFEqg.exe
  2⤵
  PID:1652
- C:\Windows\System\MoXGNhM.exe
  C:\Windows\System\MoXGNhM.exe
  2⤵
  PID:2696
- C:\Windows\System\XanRvcL.exe
  C:\Windows\System\XanRvcL.exe
  2⤵
  PID:2164
- C:\Windows\System\XiWpeDq.exe
  C:\Windows\System\XiWpeDq.exe
  2⤵
  PID:2580
- C:\Windows\System\uycwDwn.exe
  C:\Windows\System\uycwDwn.exe
  2⤵
  PID:1236
- C:\Windows\System\MFkIdNd.exe
  C:\Windows\System\MFkIdNd.exe
  2⤵
  PID:2168
- C:\Windows\System\lkHYcBk.exe
  C:\Windows\System\lkHYcBk.exe
  2⤵
  PID:2664
- C:\Windows\System\XWLbfjV.exe
  C:\Windows\System\XWLbfjV.exe
  2⤵
  PID:2184
- C:\Windows\System\tmPadKx.exe
  C:\Windows\System\tmPadKx.exe
  2⤵
  PID:3092
- C:\Windows\System\ouvzYSp.exe
  C:\Windows\System\ouvzYSp.exe
  2⤵
  PID:3112
- C:\Windows\System\aMnnAHi.exe
  C:\Windows\System\aMnnAHi.exe
  2⤵
  PID:3152
- C:\Windows\System\HvRoZvl.exe
  C:\Windows\System\HvRoZvl.exe
  2⤵
  PID:3212
- C:\Windows\System\sYKAAaB.exe
  C:\Windows\System\sYKAAaB.exe
  2⤵
  PID:3188
- C:\Windows\System\djJuEQw.exe
  C:\Windows\System\djJuEQw.exe
  2⤵
  PID:3296
- C:\Windows\System\kAEWMDT.exe
  C:\Windows\System\kAEWMDT.exe
  2⤵
  PID:3292
- C:\Windows\System\jmKhOPp.exe
  C:\Windows\System\jmKhOPp.exe
  2⤵
  PID:3312
- C:\Windows\System\ctZHRnl.exe
  C:\Windows\System\ctZHRnl.exe
  2⤵
  PID:3348
- C:\Windows\System\MXgjqrC.exe
  C:\Windows\System\MXgjqrC.exe
  2⤵
  PID:3412
- C:\Windows\System\RLnfsRi.exe
  C:\Windows\System\RLnfsRi.exe
  2⤵
  PID:3396
- C:\Windows\System\kIfYeaA.exe
  C:\Windows\System\kIfYeaA.exe
  2⤵
  PID:3436
- C:\Windows\System\dSSJkKi.exe
  C:\Windows\System\dSSJkKi.exe
  2⤵
  PID:3468
- C:\Windows\System\zCvVdyV.exe
  C:\Windows\System\zCvVdyV.exe
  2⤵
  PID:3536
- C:\Windows\System\zIESEFt.exe
  C:\Windows\System\zIESEFt.exe
  2⤵
  PID:3548
- C:\Windows\System\ajcwTUw.exe
  C:\Windows\System\ajcwTUw.exe
  2⤵
  PID:3592
- C:\Windows\System\OiYXECh.exe
  C:\Windows\System\OiYXECh.exe
  2⤵
  PID:3648
- C:\Windows\System\bQAiFby.exe
  C:\Windows\System\bQAiFby.exe
  2⤵
  PID:3628
- C:\Windows\System\oqMHDQq.exe
  C:\Windows\System\oqMHDQq.exe
  2⤵
  PID:3688
- C:\Windows\System\bZfwYRh.exe
  C:\Windows\System\bZfwYRh.exe
  2⤵
  PID:3708
- C:\Windows\System\cIwrEWr.exe
  C:\Windows\System\cIwrEWr.exe
  2⤵
  PID:3772
- C:\Windows\System\BQYHuKp.exe
  C:\Windows\System\BQYHuKp.exe
  2⤵
  PID:3788
- C:\Windows\System\kBCPUVx.exe
  C:\Windows\System\kBCPUVx.exe
  2⤵
  PID:3860
- C:\Windows\System\WnbnaLr.exe
  C:\Windows\System\WnbnaLr.exe
  2⤵
  PID:3892
- C:\Windows\System\enGsYZl.exe
  C:\Windows\System\enGsYZl.exe
  2⤵
  PID:3880
- C:\Windows\System\hwDnktM.exe
  C:\Windows\System\hwDnktM.exe
  2⤵
  PID:3916
- C:\Windows\System\VFdiNno.exe
  C:\Windows\System\VFdiNno.exe
  2⤵
  PID:3956
- C:\Windows\System\LuLeyOM.exe
  C:\Windows\System\LuLeyOM.exe
  2⤵
  PID:3988
- C:\Windows\System\SbARpas.exe
  C:\Windows\System\SbARpas.exe
  2⤵
  PID:4052
- C:\Windows\System\VwdKoAd.exe
  C:\Windows\System\VwdKoAd.exe
  2⤵
  PID:4092
- C:\Windows\System\CKRWAPH.exe
  C:\Windows\System\CKRWAPH.exe
  2⤵
  PID:4080
- C:\Windows\System\Yxyzolo.exe
  C:\Windows\System\Yxyzolo.exe
  2⤵
  PID:2796
- C:\Windows\System\NLRjdYX.exe
  C:\Windows\System\NLRjdYX.exe
  2⤵
  PID:2808
- C:\Windows\System\QSdXTeL.exe
  C:\Windows\System\QSdXTeL.exe
  2⤵
  PID:1428
- C:\Windows\System\nAiXokv.exe
  C:\Windows\System\nAiXokv.exe
  2⤵
  PID:2484
- C:\Windows\System\ZHPQntU.exe
  C:\Windows\System\ZHPQntU.exe
  2⤵
  PID:3088
- C:\Windows\System\cBKLeMU.exe
  C:\Windows\System\cBKLeMU.exe
  2⤵
  PID:3096
- C:\Windows\System\cdwMLZB.exe
  C:\Windows\System\cdwMLZB.exe
  2⤵
  PID:3208
- C:\Windows\System\DDIHyeG.exe
  C:\Windows\System\DDIHyeG.exe
  2⤵
  PID:3260
- C:\Windows\System\FBMsDTv.exe
  C:\Windows\System\FBMsDTv.exe
  2⤵
  PID:3228
- C:\Windows\System\IThkXgo.exe
  C:\Windows\System\IThkXgo.exe
  2⤵
  PID:3372
- C:\Windows\System\EJXvaFz.exe
  C:\Windows\System\EJXvaFz.exe
  2⤵
  PID:3376
- C:\Windows\System\MUbNjhD.exe
  C:\Windows\System\MUbNjhD.exe
  2⤵
  PID:3416
- C:\Windows\System\RWcUgRA.exe
  C:\Windows\System\RWcUgRA.exe
  2⤵
  PID:3476
- C:\Windows\System\chYdgNz.exe
  C:\Windows\System\chYdgNz.exe
  2⤵
  PID:3492
- C:\Windows\System\HvMxifL.exe
  C:\Windows\System\HvMxifL.exe
  2⤵
  PID:3580
- C:\Windows\System\yjjOPqd.exe
  C:\Windows\System\yjjOPqd.exe
  2⤵
  PID:3616
- C:\Windows\System\HYdNdEA.exe
  C:\Windows\System\HYdNdEA.exe
  2⤵
  PID:3716
- C:\Windows\System\eRjGfWP.exe
  C:\Windows\System\eRjGfWP.exe
  2⤵
  PID:3756
- C:\Windows\System\gJGUBjI.exe
  C:\Windows\System\gJGUBjI.exe
  2⤵
  PID:3748
- C:\Windows\System\iDCTgQl.exe
  C:\Windows\System\iDCTgQl.exe
  2⤵
  PID:3976
- C:\Windows\System\bsCIpCT.exe
  C:\Windows\System\bsCIpCT.exe
  2⤵
  PID:3972
- C:\Windows\System\yCZDrbx.exe
  C:\Windows\System\yCZDrbx.exe
  2⤵
  PID:4076
- C:\Windows\System\NSNoWiO.exe
  C:\Windows\System\NSNoWiO.exe
  2⤵
  PID:4112
- C:\Windows\System\EeXKQQb.exe
  C:\Windows\System\EeXKQQb.exe
  2⤵
  PID:4136
- C:\Windows\System\LJFfyOQ.exe
  C:\Windows\System\LJFfyOQ.exe
  2⤵
  PID:4164
- C:\Windows\System\TudNPzV.exe
  C:\Windows\System\TudNPzV.exe
  2⤵
  PID:4196
- C:\Windows\System\kLdZnqx.exe
  C:\Windows\System\kLdZnqx.exe
  2⤵
  PID:4220
- C:\Windows\System\FlcOCYG.exe
  C:\Windows\System\FlcOCYG.exe
  2⤵
  PID:4240
- C:\Windows\System\WySpXfU.exe
  C:\Windows\System\WySpXfU.exe
  2⤵
  PID:4260
- C:\Windows\System\anCDStT.exe
  C:\Windows\System\anCDStT.exe
  2⤵
  PID:4280
- C:\Windows\System\KzFuCOj.exe
  C:\Windows\System\KzFuCOj.exe
  2⤵
  PID:4300
- C:\Windows\System\UezAWJQ.exe
  C:\Windows\System\UezAWJQ.exe
  2⤵
  PID:4316
- C:\Windows\System\oouJMDa.exe
  C:\Windows\System\oouJMDa.exe
  2⤵
  PID:4336
- C:\Windows\System\noAGbVX.exe
  C:\Windows\System\noAGbVX.exe
  2⤵
  PID:4360
- C:\Windows\System\RDfHztn.exe
  C:\Windows\System\RDfHztn.exe
  2⤵
  PID:4376
- C:\Windows\System\YegMrFA.exe
  C:\Windows\System\YegMrFA.exe
  2⤵
  PID:4392
- C:\Windows\System\jOTKzpn.exe
  C:\Windows\System\jOTKzpn.exe
  2⤵
  PID:4412
- C:\Windows\System\ShfrhPI.exe
  C:\Windows\System\ShfrhPI.exe
  2⤵
  PID:4432
- C:\Windows\System\hbwDnLG.exe
  C:\Windows\System\hbwDnLG.exe
  2⤵
  PID:4448
- C:\Windows\System\UKPGXKZ.exe
  C:\Windows\System\UKPGXKZ.exe
  2⤵
  PID:4468
- C:\Windows\System\LxonrEz.exe
  C:\Windows\System\LxonrEz.exe
  2⤵
  PID:4488
- C:\Windows\System\xflpyuj.exe
  C:\Windows\System\xflpyuj.exe
  2⤵
  PID:4508
- C:\Windows\System\JzGVGtH.exe
  C:\Windows\System\JzGVGtH.exe
  2⤵
  PID:4528
- C:\Windows\System\qUHoXxU.exe
  C:\Windows\System\qUHoXxU.exe
  2⤵
  PID:4544
- C:\Windows\System\QZKHEJh.exe
  C:\Windows\System\QZKHEJh.exe
  2⤵
  PID:4564
- C:\Windows\System\LoBwRro.exe
  C:\Windows\System\LoBwRro.exe
  2⤵
  PID:4580
- C:\Windows\System\bvpdoNU.exe
  C:\Windows\System\bvpdoNU.exe
  2⤵
  PID:4600
- C:\Windows\System\pWystal.exe
  C:\Windows\System\pWystal.exe
  2⤵
  PID:4628
- C:\Windows\System\RjOnwdU.exe
  C:\Windows\System\RjOnwdU.exe
  2⤵
  PID:4660
- C:\Windows\System\NeVQbiX.exe
  C:\Windows\System\NeVQbiX.exe
  2⤵
  PID:4680
- C:\Windows\System\UZbEZNo.exe
  C:\Windows\System\UZbEZNo.exe
  2⤵
  PID:4696
- C:\Windows\System\ebVdwTw.exe
  C:\Windows\System\ebVdwTw.exe
  2⤵
  PID:4720
- C:\Windows\System\kFOZMin.exe
  C:\Windows\System\kFOZMin.exe
  2⤵
  PID:4736
- C:\Windows\System\nPmGGHG.exe
  C:\Windows\System\nPmGGHG.exe
  2⤵
  PID:4756
- C:\Windows\System\papFWmv.exe
  C:\Windows\System\papFWmv.exe
  2⤵
  PID:4776
- C:\Windows\System\pkwVwbS.exe
  C:\Windows\System\pkwVwbS.exe
  2⤵
  PID:4796
- C:\Windows\System\iCQxzOZ.exe
  C:\Windows\System\iCQxzOZ.exe
  2⤵
  PID:4816
- C:\Windows\System\irRaUEX.exe
  C:\Windows\System\irRaUEX.exe
  2⤵
  PID:4832
- C:\Windows\System\RXzvvkA.exe
  C:\Windows\System\RXzvvkA.exe
  2⤵
  PID:4852
- C:\Windows\System\nyBSKFb.exe
  C:\Windows\System\nyBSKFb.exe
  2⤵
  PID:4876
- C:\Windows\System\oZfpuKT.exe
  C:\Windows\System\oZfpuKT.exe
  2⤵
  PID:4896
- C:\Windows\System\keWDGWC.exe
  C:\Windows\System\keWDGWC.exe
  2⤵
  PID:4916
- C:\Windows\System\IzBxvbw.exe
  C:\Windows\System\IzBxvbw.exe
  2⤵
  PID:4936
- C:\Windows\System\RVTbqnz.exe
  C:\Windows\System\RVTbqnz.exe
  2⤵
  PID:4956
- C:\Windows\System\JYUfPYt.exe
  C:\Windows\System\JYUfPYt.exe
  2⤵
  PID:4976
- C:\Windows\System\Klovbwf.exe
  C:\Windows\System\Klovbwf.exe
  2⤵
  PID:5000
- C:\Windows\System\PJdqxku.exe
  C:\Windows\System\PJdqxku.exe
  2⤵
  PID:5020
- C:\Windows\System\kNoEjyY.exe
  C:\Windows\System\kNoEjyY.exe
  2⤵
  PID:5036
- C:\Windows\System\huXuSby.exe
  C:\Windows\System\huXuSby.exe
  2⤵
  PID:5060
- C:\Windows\System\uLOvXbx.exe
  C:\Windows\System\uLOvXbx.exe
  2⤵
  PID:5076
- C:\Windows\System\rAcJSIR.exe
  C:\Windows\System\rAcJSIR.exe
  2⤵
  PID:5092
- C:\Windows\System\dwkaUYl.exe
  C:\Windows\System\dwkaUYl.exe
  2⤵
  PID:5116
- C:\Windows\System\AwLybZf.exe
  C:\Windows\System\AwLybZf.exe
  2⤵
  PID:3836
- C:\Windows\System\GHYwBJG.exe
  C:\Windows\System\GHYwBJG.exe
  2⤵
  PID:4020
- C:\Windows\System\hhcamzo.exe
  C:\Windows\System\hhcamzo.exe
  2⤵
  PID:4036
- C:\Windows\System\OyWAPrq.exe
  C:\Windows\System\OyWAPrq.exe
  2⤵
  PID:1512
- C:\Windows\System\bdLBJob.exe
  C:\Windows\System\bdLBJob.exe
  2⤵
  PID:3120
- C:\Windows\System\TeLvjCS.exe
  C:\Windows\System\TeLvjCS.exe
  2⤵
  PID:2684
- C:\Windows\System\DeROPNW.exe
  C:\Windows\System\DeROPNW.exe
  2⤵
  PID:3400
- C:\Windows\System\UJIwBsE.exe
  C:\Windows\System\UJIwBsE.exe
  2⤵
  PID:3140
- C:\Windows\System\AmmusrA.exe
  C:\Windows\System\AmmusrA.exe
  2⤵
  PID:3500
- C:\Windows\System\bBVfCTD.exe
  C:\Windows\System\bBVfCTD.exe
  2⤵
  PID:3232
- C:\Windows\System\KQaasUa.exe
  C:\Windows\System\KQaasUa.exe
  2⤵
  PID:3732
- C:\Windows\System\onIdtnJ.exe
  C:\Windows\System\onIdtnJ.exe
  2⤵
  PID:4048
- C:\Windows\System\AwbKtkh.exe
  C:\Windows\System\AwbKtkh.exe
  2⤵
  PID:3852
- C:\Windows\System\BpyraKH.exe
  C:\Windows\System\BpyraKH.exe
  2⤵
  PID:4104
- C:\Windows\System\JcsOhff.exe
  C:\Windows\System\JcsOhff.exe
  2⤵
  PID:3432
- C:\Windows\System\CXxrKlu.exe
  C:\Windows\System\CXxrKlu.exe
  2⤵
  PID:3532
- C:\Windows\System\KfgKDZo.exe
  C:\Windows\System\KfgKDZo.exe
  2⤵
  PID:4192
- C:\Windows\System\sUSxRMm.exe
  C:\Windows\System\sUSxRMm.exe
  2⤵
  PID:4232
- C:\Windows\System\wiLpODp.exe
  C:\Windows\System\wiLpODp.exe
  2⤵
  PID:4156
- C:\Windows\System\oTgIphr.exe
  C:\Windows\System\oTgIphr.exe
  2⤵
  PID:4248
- C:\Windows\System\aYurpuQ.exe
  C:\Windows\System\aYurpuQ.exe
  2⤵
  PID:4288
- C:\Windows\System\WMFouZO.exe
  C:\Windows\System\WMFouZO.exe
  2⤵
  PID:4352
- C:\Windows\System\lAMAmQK.exe
  C:\Windows\System\lAMAmQK.exe
  2⤵
  PID:4424
- C:\Windows\System\ndIeprk.exe
  C:\Windows\System\ndIeprk.exe
  2⤵
  PID:4324
- C:\Windows\System\GpYkpMH.exe
  C:\Windows\System\GpYkpMH.exe
  2⤵
  PID:4480
- C:\Windows\System\LJwyoRB.exe
  C:\Windows\System\LJwyoRB.exe
  2⤵
  PID:4404
- C:\Windows\System\aIIJAfP.exe
  C:\Windows\System\aIIJAfP.exe
  2⤵
  PID:4504
- C:\Windows\System\QPvxrnK.exe
  C:\Windows\System\QPvxrnK.exe
  2⤵
  PID:4608
- C:\Windows\System\DdClCZk.exe
  C:\Windows\System\DdClCZk.exe
  2⤵
  PID:4524
- C:\Windows\System\IoiUUsJ.exe
  C:\Windows\System\IoiUUsJ.exe
  2⤵
  PID:4636
- C:\Windows\System\zGJcuLZ.exe
  C:\Windows\System\zGJcuLZ.exe
  2⤵
  PID:4640
- C:\Windows\System\RCGMwUR.exe
  C:\Windows\System\RCGMwUR.exe
  2⤵
  PID:4652
- C:\Windows\System\oINUbiK.exe
  C:\Windows\System\oINUbiK.exe
  2⤵
  PID:4688
- C:\Windows\System\TpDraKq.exe
  C:\Windows\System\TpDraKq.exe
  2⤵
  PID:4784
- C:\Windows\System\awAZntc.exe
  C:\Windows\System\awAZntc.exe
  2⤵
  PID:4764
- C:\Windows\System\BglhJeQ.exe
  C:\Windows\System\BglhJeQ.exe
  2⤵
  PID:4860
- C:\Windows\System\nDRDHOx.exe
  C:\Windows\System\nDRDHOx.exe
  2⤵
  PID:4840
- C:\Windows\System\hERpzgs.exe
  C:\Windows\System\hERpzgs.exe
  2⤵
  PID:4908
- C:\Windows\System\UEshKdw.exe
  C:\Windows\System\UEshKdw.exe
  2⤵
  PID:4812
- C:\Windows\System\vABkoKL.exe
  C:\Windows\System\vABkoKL.exe
  2⤵
  PID:4884
- C:\Windows\System\LnCGNrs.exe
  C:\Windows\System\LnCGNrs.exe
  2⤵
  PID:4932
- C:\Windows\System\FeEWFEa.exe
  C:\Windows\System\FeEWFEa.exe
  2⤵
  PID:4972
- C:\Windows\System\gXjAyxI.exe
  C:\Windows\System\gXjAyxI.exe
  2⤵
  PID:5104
- C:\Windows\System\vGMvYnv.exe
  C:\Windows\System\vGMvYnv.exe
  2⤵
  PID:4012
- C:\Windows\System\hGNAROV.exe
  C:\Windows\System\hGNAROV.exe
  2⤵
  PID:5016
- C:\Windows\System\ebgTiUM.exe
  C:\Windows\System\ebgTiUM.exe
  2⤵
  PID:5084
- C:\Windows\System\LsanZDm.exe
  C:\Windows\System\LsanZDm.exe
  2⤵
  PID:4060
- C:\Windows\System\lUvFhcC.exe
  C:\Windows\System\lUvFhcC.exe
  2⤵
  PID:3336
- C:\Windows\System\cjlINNQ.exe
  C:\Windows\System\cjlINNQ.exe
  2⤵
  PID:2768
- C:\Windows\System\AGBUAIY.exe
  C:\Windows\System\AGBUAIY.exe
  2⤵
  PID:3196
- C:\Windows\System\doEgMHT.exe
  C:\Windows\System\doEgMHT.exe
  2⤵
  PID:3392
- C:\Windows\System\jJghDIM.exe
  C:\Windows\System\jJghDIM.exe
  2⤵
  PID:4128
- C:\Windows\System\pmYDwhs.exe
  C:\Windows\System\pmYDwhs.exe
  2⤵
  PID:4132
- C:\Windows\System\GFJqtqW.exe
  C:\Windows\System\GFJqtqW.exe
  2⤵
  PID:3636
- C:\Windows\System\kNMlBUr.exe
  C:\Windows\System\kNMlBUr.exe
  2⤵
  PID:3496
- C:\Windows\System\gRWeODu.exe
  C:\Windows\System\gRWeODu.exe
  2⤵
  PID:4216
- C:\Windows\System\EnRQhwb.exe
  C:\Windows\System\EnRQhwb.exe
  2⤵
  PID:4188
- C:\Windows\System\NNVPokI.exe
  C:\Windows\System\NNVPokI.exe
  2⤵
  PID:4464
- C:\Windows\System\lJGvUdM.exe
  C:\Windows\System\lJGvUdM.exe
  2⤵
  PID:4388
- C:\Windows\System\TidRuFQ.exe
  C:\Windows\System\TidRuFQ.exe
  2⤵
  PID:4368
- C:\Windows\System\dmEinxS.exe
  C:\Windows\System\dmEinxS.exe
  2⤵
  PID:4496
- C:\Windows\System\MzbivBV.exe
  C:\Windows\System\MzbivBV.exe
  2⤵
  PID:4560
- C:\Windows\System\YvyKcAC.exe
  C:\Windows\System\YvyKcAC.exe
  2⤵
  PID:4624
- C:\Windows\System\HzTPjKr.exe
  C:\Windows\System\HzTPjKr.exe
  2⤵
  PID:4644
- C:\Windows\System\UTVXrAU.exe
  C:\Windows\System\UTVXrAU.exe
  2⤵
  PID:4716
- C:\Windows\System\VuNAXga.exe
  C:\Windows\System\VuNAXga.exe
  2⤵
  PID:4824
- C:\Windows\System\incHARn.exe
  C:\Windows\System\incHARn.exe
  2⤵
  PID:4732
- C:\Windows\System\VUETErG.exe
  C:\Windows\System\VUETErG.exe
  2⤵
  PID:4808
- C:\Windows\System\EmXxrtM.exe
  C:\Windows\System\EmXxrtM.exe
  2⤵
  PID:4952
- C:\Windows\System\vofzBCQ.exe
  C:\Windows\System\vofzBCQ.exe
  2⤵
  PID:4928
- C:\Windows\System\VMcwXof.exe
  C:\Windows\System\VMcwXof.exe
  2⤵
  PID:2764
- C:\Windows\System\aUldEKp.exe
  C:\Windows\System\aUldEKp.exe
  2⤵
  PID:640
- C:\Windows\System\KiFvPfh.exe
  C:\Windows\System\KiFvPfh.exe
  2⤵
  PID:3660
- C:\Windows\System\KsuFUFg.exe
  C:\Windows\System\KsuFUFg.exe
  2⤵
  PID:3928
- C:\Windows\System\xAWNPwY.exe
  C:\Windows\System\xAWNPwY.exe
  2⤵
  PID:4120
- C:\Windows\System\DOVThgm.exe
  C:\Windows\System\DOVThgm.exe
  2⤵
  PID:3380
- C:\Windows\System\BWUaviu.exe
  C:\Windows\System\BWUaviu.exe
  2⤵
  PID:4204
- C:\Windows\System\Tqyxvos.exe
  C:\Windows\System\Tqyxvos.exe
  2⤵
  PID:4252
- C:\Windows\System\puCMlgo.exe
  C:\Windows\System\puCMlgo.exe
  2⤵
  PID:3692
- C:\Windows\System\YCIbieD.exe
  C:\Windows\System\YCIbieD.exe
  2⤵
  PID:4576
- C:\Windows\System\fIaJcBV.exe
  C:\Windows\System\fIaJcBV.exe
  2⤵
  PID:4620
- C:\Windows\System\CpiFnDB.exe
  C:\Windows\System\CpiFnDB.exe
  2⤵
  PID:4408
- C:\Windows\System\AvOMDTL.exe
  C:\Windows\System\AvOMDTL.exe
  2⤵
  PID:4748
- C:\Windows\System\NwOZrzo.exe
  C:\Windows\System\NwOZrzo.exe
  2⤵
  PID:4804
- C:\Windows\System\kXXTWVX.exe
  C:\Windows\System\kXXTWVX.exe
  2⤵
  PID:4668
- C:\Windows\System\hiUzsos.exe
  C:\Windows\System\hiUzsos.exe
  2⤵
  PID:4828
- C:\Windows\System\OfuSerW.exe
  C:\Windows\System\OfuSerW.exe
  2⤵
  PID:5028
- C:\Windows\System\yqBHKFm.exe
  C:\Windows\System\yqBHKFm.exe
  2⤵
  PID:5136
- C:\Windows\System\FqYTxTR.exe
  C:\Windows\System\FqYTxTR.exe
  2⤵
  PID:5156
- C:\Windows\System\oZnrCuc.exe
  C:\Windows\System\oZnrCuc.exe
  2⤵
  PID:5180
- C:\Windows\System\GDBIqkC.exe
  C:\Windows\System\GDBIqkC.exe
  2⤵
  PID:5196
- C:\Windows\System\ZvGiSze.exe
  C:\Windows\System\ZvGiSze.exe
  2⤵
  PID:5216
- C:\Windows\System\fyqygwL.exe
  C:\Windows\System\fyqygwL.exe
  2⤵
  PID:5232
- C:\Windows\System\SkpkMTA.exe
  C:\Windows\System\SkpkMTA.exe
  2⤵
  PID:5256
- C:\Windows\System\ugIxcTM.exe
  C:\Windows\System\ugIxcTM.exe
  2⤵
  PID:5276
- C:\Windows\System\xrbciZk.exe
  C:\Windows\System\xrbciZk.exe
  2⤵
  PID:5296
- C:\Windows\System\EiQOLKR.exe
  C:\Windows\System\EiQOLKR.exe
  2⤵
  PID:5316
- C:\Windows\System\PBgyCHd.exe
  C:\Windows\System\PBgyCHd.exe
  2⤵
  PID:5340
- C:\Windows\System\yCnYygz.exe
  C:\Windows\System\yCnYygz.exe
  2⤵
  PID:5360
- C:\Windows\System\qjqPrcE.exe
  C:\Windows\System\qjqPrcE.exe
  2⤵
  PID:5376
- C:\Windows\System\KmeaIsf.exe
  C:\Windows\System\KmeaIsf.exe
  2⤵
  PID:5400
- C:\Windows\System\KpRxwso.exe
  C:\Windows\System\KpRxwso.exe
  2⤵
  PID:5420
- C:\Windows\System\anrxord.exe
  C:\Windows\System\anrxord.exe
  2⤵
  PID:5440
- C:\Windows\System\tsIGNdL.exe
  C:\Windows\System\tsIGNdL.exe
  2⤵
  PID:5456
- C:\Windows\System\qFVRBxR.exe
  C:\Windows\System\qFVRBxR.exe
  2⤵
  PID:5480
- C:\Windows\System\vkPHHmt.exe
  C:\Windows\System\vkPHHmt.exe
  2⤵
  PID:5500
- C:\Windows\System\sarjkZS.exe
  C:\Windows\System\sarjkZS.exe
  2⤵
  PID:5516
- C:\Windows\System\FVeacMy.exe
  C:\Windows\System\FVeacMy.exe
  2⤵
  PID:5540
- C:\Windows\System\CYEgwyd.exe
  C:\Windows\System\CYEgwyd.exe
  2⤵
  PID:5560
- C:\Windows\System\JAIaQnc.exe
  C:\Windows\System\JAIaQnc.exe
  2⤵
  PID:5580
- C:\Windows\System\rZJhQJN.exe
  C:\Windows\System\rZJhQJN.exe
  2⤵
  PID:5596
- C:\Windows\System\dBOAsQV.exe
  C:\Windows\System\dBOAsQV.exe
  2⤵
  PID:5616
- C:\Windows\System\XUfLCyk.exe
  C:\Windows\System\XUfLCyk.exe
  2⤵
  PID:5636
- C:\Windows\System\roVCAhf.exe
  C:\Windows\System\roVCAhf.exe
  2⤵
  PID:5668
- C:\Windows\System\oxNEKcR.exe
  C:\Windows\System\oxNEKcR.exe
  2⤵
  PID:5688
- C:\Windows\System\JYeMzdR.exe
  C:\Windows\System\JYeMzdR.exe
  2⤵
  PID:5708
- C:\Windows\System\GblGbCg.exe
  C:\Windows\System\GblGbCg.exe
  2⤵
  PID:5728
- C:\Windows\System\DqFcOQJ.exe
  C:\Windows\System\DqFcOQJ.exe
  2⤵
  PID:5748
- C:\Windows\System\bzZpzuC.exe
  C:\Windows\System\bzZpzuC.exe
  2⤵
  PID:5768
- C:\Windows\System\yVucUaX.exe
  C:\Windows\System\yVucUaX.exe
  2⤵
  PID:5788
- C:\Windows\System\dBYRDdx.exe
  C:\Windows\System\dBYRDdx.exe
  2⤵
  PID:5808
- C:\Windows\System\NcZQxWe.exe
  C:\Windows\System\NcZQxWe.exe
  2⤵
  PID:5828
- C:\Windows\System\DeUtpKg.exe
  C:\Windows\System\DeUtpKg.exe
  2⤵
  PID:5848
- C:\Windows\System\TWhjZKm.exe
  C:\Windows\System\TWhjZKm.exe
  2⤵
  PID:5868
- C:\Windows\System\wHmhhSF.exe
  C:\Windows\System\wHmhhSF.exe
  2⤵
  PID:5888
- C:\Windows\System\tjYiEWc.exe
  C:\Windows\System\tjYiEWc.exe
  2⤵
  PID:5908
- C:\Windows\System\aUPXWRQ.exe
  C:\Windows\System\aUPXWRQ.exe
  2⤵
  PID:5928
- C:\Windows\System\VSASELb.exe
  C:\Windows\System\VSASELb.exe
  2⤵
  PID:5948
- C:\Windows\System\qotlPIq.exe
  C:\Windows\System\qotlPIq.exe
  2⤵
  PID:5968
- C:\Windows\System\egJcFbt.exe
  C:\Windows\System\egJcFbt.exe
  2⤵
  PID:5988
- C:\Windows\System\WWCbLuW.exe
  C:\Windows\System\WWCbLuW.exe
  2⤵
  PID:6008
- C:\Windows\System\KBcvkfq.exe
  C:\Windows\System\KBcvkfq.exe
  2⤵
  PID:6028
- C:\Windows\System\QjMTuCE.exe
  C:\Windows\System\QjMTuCE.exe
  2⤵
  PID:6048
- C:\Windows\System\GjsGMlw.exe
  C:\Windows\System\GjsGMlw.exe
  2⤵
  PID:6068
- C:\Windows\System\gZGyzMv.exe
  C:\Windows\System\gZGyzMv.exe
  2⤵
  PID:6088
- C:\Windows\System\fkvUxfV.exe
  C:\Windows\System\fkvUxfV.exe
  2⤵
  PID:6108
- C:\Windows\System\uKzctRW.exe
  C:\Windows\System\uKzctRW.exe
  2⤵
  PID:6128
- C:\Windows\System\rueaaQB.exe
  C:\Windows\System\rueaaQB.exe
  2⤵
  PID:3840
- C:\Windows\System\nyyONQz.exe
  C:\Windows\System\nyyONQz.exe
  2⤵
  PID:236
- C:\Windows\System\EMwaYmA.exe
  C:\Windows\System\EMwaYmA.exe
  2⤵
  PID:2268
- C:\Windows\System\FoqQveN.exe
  C:\Windows\System\FoqQveN.exe
  2⤵
  PID:4292
- C:\Windows\System\WnIdyNX.exe
  C:\Windows\System\WnIdyNX.exe
  2⤵
  PID:4100
- C:\Windows\System\YKvmMbt.exe
  C:\Windows\System\YKvmMbt.exe
  2⤵
  PID:4356
- C:\Windows\System\WJcwElv.exe
  C:\Windows\System\WJcwElv.exe
  2⤵
  PID:4868
- C:\Windows\System\hseMhKL.exe
  C:\Windows\System\hseMhKL.exe
  2⤵
  PID:4500
- C:\Windows\System\GRFmMHM.exe
  C:\Windows\System\GRFmMHM.exe
  2⤵
  PID:4348
- C:\Windows\System\XRNxqKM.exe
  C:\Windows\System\XRNxqKM.exe
  2⤵
  PID:5132
- C:\Windows\System\EtrXdid.exe
  C:\Windows\System\EtrXdid.exe
  2⤵
  PID:5176
- C:\Windows\System\bXxuYWQ.exe
  C:\Windows\System\bXxuYWQ.exe
  2⤵
  PID:5144
- C:\Windows\System\omggjeI.exe
  C:\Windows\System\omggjeI.exe
  2⤵
  PID:5240
- C:\Windows\System\tGOLKAu.exe
  C:\Windows\System\tGOLKAu.exe
  2⤵
  PID:5192
- C:\Windows\System\IbnGhxy.exe
  C:\Windows\System\IbnGhxy.exe
  2⤵
  PID:5324
- C:\Windows\System\LdnfhvU.exe
  C:\Windows\System\LdnfhvU.exe
  2⤵
  PID:5408
- C:\Windows\System\scUjaEw.exe
  C:\Windows\System\scUjaEw.exe
  2⤵
  PID:5224
- C:\Windows\System\yjnamYr.exe
  C:\Windows\System\yjnamYr.exe
  2⤵
  PID:5304
- C:\Windows\System\cSzDAgt.exe
  C:\Windows\System\cSzDAgt.exe
  2⤵
  PID:5352
- C:\Windows\System\qoqabXt.exe
  C:\Windows\System\qoqabXt.exe
  2⤵
  PID:5392
- C:\Windows\System\XhhhiKG.exe
  C:\Windows\System\XhhhiKG.exe
  2⤵
  PID:5568
- C:\Windows\System\bReSCZY.exe
  C:\Windows\System\bReSCZY.exe
  2⤵
  PID:5604
- C:\Windows\System\QZLSyWy.exe
  C:\Windows\System\QZLSyWy.exe
  2⤵
  PID:5436
- C:\Windows\System\wwGQrap.exe
  C:\Windows\System\wwGQrap.exe
  2⤵
  PID:5508
- C:\Windows\System\ldHEZhZ.exe
  C:\Windows\System\ldHEZhZ.exe
  2⤵
  PID:5652
- C:\Windows\System\WVrsGXg.exe
  C:\Windows\System\WVrsGXg.exe
  2⤵
  PID:5664
- C:\Windows\System\MBCcNsI.exe
  C:\Windows\System\MBCcNsI.exe
  2⤵
  PID:1932
- C:\Windows\System\MKWTGMQ.exe
  C:\Windows\System\MKWTGMQ.exe
  2⤵
  PID:5684
- C:\Windows\System\DjOyGjh.exe
  C:\Windows\System\DjOyGjh.exe
  2⤵
  PID:5716
- C:\Windows\System\LSItGqq.exe
  C:\Windows\System\LSItGqq.exe
  2⤵
  PID:5776
- C:\Windows\System\exsSvEP.exe
  C:\Windows\System\exsSvEP.exe
  2⤵
  PID:5796
- C:\Windows\System\beewNJf.exe
  C:\Windows\System\beewNJf.exe
  2⤵
  PID:5820
- C:\Windows\System\OaIFNWF.exe
  C:\Windows\System\OaIFNWF.exe
  2⤵
  PID:5896
- C:\Windows\System\IeEHRQP.exe
  C:\Windows\System\IeEHRQP.exe
  2⤵
  PID:5836
- C:\Windows\System\gzDELmq.exe
  C:\Windows\System\gzDELmq.exe
  2⤵
  PID:5880
- C:\Windows\System\aHArYUb.exe
  C:\Windows\System\aHArYUb.exe
  2⤵
  PID:5956
- C:\Windows\System\HzrTPeP.exe
  C:\Windows\System\HzrTPeP.exe
  2⤵
  PID:5980
- C:\Windows\System\cZTDbwp.exe
  C:\Windows\System\cZTDbwp.exe
  2⤵
  PID:6024
- C:\Windows\System\AjCdJPu.exe
  C:\Windows\System\AjCdJPu.exe
  2⤵
  PID:6096
- C:\Windows\System\gYVSKYo.exe
  C:\Windows\System\gYVSKYo.exe
  2⤵
  PID:6140
- C:\Windows\System\cqbMnwa.exe
  C:\Windows\System\cqbMnwa.exe
  2⤵
  PID:6040
- C:\Windows\System\XALOhEV.exe
  C:\Windows\System\XALOhEV.exe
  2⤵
  PID:2532
- C:\Windows\System\xKuEOen.exe
  C:\Windows\System\xKuEOen.exe
  2⤵
  PID:5108
- C:\Windows\System\LSfgEPP.exe
  C:\Windows\System\LSfgEPP.exe
  2⤵
  PID:4148
- C:\Windows\System\YZlQoaO.exe
  C:\Windows\System\YZlQoaO.exe
  2⤵
  PID:4236
- C:\Windows\System\ybpFIJH.exe
  C:\Windows\System\ybpFIJH.exe
  2⤵
  PID:4752
- C:\Windows\System\wcGkIxD.exe
  C:\Windows\System\wcGkIxD.exe
  2⤵
  PID:4180
- C:\Windows\System\zOWrhHI.exe
  C:\Windows\System\zOWrhHI.exe
  2⤵
  PID:5164
- C:\Windows\System\XXIxStU.exe
  C:\Windows\System\XXIxStU.exe
  2⤵
  PID:5208
- C:\Windows\System\pdWCApb.exe
  C:\Windows\System\pdWCApb.exe
  2⤵
  PID:5292
- C:\Windows\System\BYoAvjk.exe
  C:\Windows\System\BYoAvjk.exe
  2⤵
  PID:5372
- C:\Windows\System\jRQVRqm.exe
  C:\Windows\System\jRQVRqm.exe
  2⤵
  PID:5488
- C:\Windows\System\eFapnzq.exe
  C:\Windows\System\eFapnzq.exe
  2⤵
  PID:5268
- C:\Windows\System\lRSMIse.exe
  C:\Windows\System\lRSMIse.exe
  2⤵
  PID:5384
- C:\Windows\System\eKBnPey.exe
  C:\Windows\System\eKBnPey.exe
  2⤵
  PID:5644
- C:\Windows\System\OpZTDBs.exe
  C:\Windows\System\OpZTDBs.exe
  2⤵
  PID:5468
- C:\Windows\System\kpkFeIu.exe
  C:\Windows\System\kpkFeIu.exe
  2⤵
  PID:5660
- C:\Windows\System\mJgINvf.exe
  C:\Windows\System\mJgINvf.exe
  2⤵
  PID:5696
- C:\Windows\System\lVHDftb.exe
  C:\Windows\System\lVHDftb.exe
  2⤵
  PID:5736
- C:\Windows\System\RexbUZa.exe
  C:\Windows\System\RexbUZa.exe
  2⤵
  PID:5740
- C:\Windows\System\xrBCloP.exe
  C:\Windows\System\xrBCloP.exe
  2⤵
  PID:5800
- C:\Windows\System\taewqFV.exe
  C:\Windows\System\taewqFV.exe
  2⤵
  PID:5840
- C:\Windows\System\IeZSMnk.exe
  C:\Windows\System\IeZSMnk.exe
  2⤵
  PID:5940
- C:\Windows\System\kxwZqDU.exe
  C:\Windows\System\kxwZqDU.exe
  2⤵
  PID:5984
- C:\Windows\System\tAsAQkQ.exe
  C:\Windows\System\tAsAQkQ.exe
  2⤵
  PID:6000
- C:\Windows\System\kZoOEWa.exe
  C:\Windows\System\kZoOEWa.exe
  2⤵
  PID:3656
- C:\Windows\System\SOLUIom.exe
  C:\Windows\System\SOLUIom.exe
  2⤵
  PID:6116
- C:\Windows\System\xIEYwqv.exe
  C:\Windows\System\xIEYwqv.exe
  2⤵
  PID:3320
- C:\Windows\System\YmqXCNm.exe
  C:\Windows\System\YmqXCNm.exe
  2⤵
  PID:4144
- C:\Windows\System\UlqgqKo.exe
  C:\Windows\System\UlqgqKo.exe
  2⤵
  PID:4312
- C:\Windows\System\DiQYHEq.exe
  C:\Windows\System\DiQYHEq.exe
  2⤵
  PID:6160
- C:\Windows\System\dsxXlQi.exe
  C:\Windows\System\dsxXlQi.exe
  2⤵
  PID:6180
- C:\Windows\System\UcKaRsf.exe
  C:\Windows\System\UcKaRsf.exe
  2⤵
  PID:6200
- C:\Windows\System\OUZorUw.exe
  C:\Windows\System\OUZorUw.exe
  2⤵
  PID:6220
- C:\Windows\System\gpbMWOH.exe
  C:\Windows\System\gpbMWOH.exe
  2⤵
  PID:6240
- C:\Windows\System\dcfPkSo.exe
  C:\Windows\System\dcfPkSo.exe
  2⤵
  PID:6260
- C:\Windows\System\DHQLUzz.exe
  C:\Windows\System\DHQLUzz.exe
  2⤵
  PID:6280
- C:\Windows\System\mdFClOi.exe
  C:\Windows\System\mdFClOi.exe
  2⤵
  PID:6300
- C:\Windows\System\yuSOdZp.exe
  C:\Windows\System\yuSOdZp.exe
  2⤵
  PID:6320
- C:\Windows\System\mAUWwnr.exe
  C:\Windows\System\mAUWwnr.exe
  2⤵
  PID:6340
- C:\Windows\System\gSEUnwI.exe
  C:\Windows\System\gSEUnwI.exe
  2⤵
  PID:6360
- C:\Windows\System\ZcFGTnD.exe
  C:\Windows\System\ZcFGTnD.exe
  2⤵
  PID:6380
- C:\Windows\System\lcfhySu.exe
  C:\Windows\System\lcfhySu.exe
  2⤵
  PID:6400
- C:\Windows\System\lDKzrMC.exe
  C:\Windows\System\lDKzrMC.exe
  2⤵
  PID:6420
- C:\Windows\System\oDZluIP.exe
  C:\Windows\System\oDZluIP.exe
  2⤵
  PID:6440
- C:\Windows\System\FxPoEYl.exe
  C:\Windows\System\FxPoEYl.exe
  2⤵
  PID:6460
- C:\Windows\System\rQFGodS.exe
  C:\Windows\System\rQFGodS.exe
  2⤵
  PID:6480
- C:\Windows\System\LsuieMK.exe
  C:\Windows\System\LsuieMK.exe
  2⤵
  PID:6500
- C:\Windows\System\EEdaEwe.exe
  C:\Windows\System\EEdaEwe.exe
  2⤵
  PID:6520
- C:\Windows\System\mKYLgxA.exe
  C:\Windows\System\mKYLgxA.exe
  2⤵
  PID:6540
- C:\Windows\System\vzgaqAu.exe
  C:\Windows\System\vzgaqAu.exe
  2⤵
  PID:6560
- C:\Windows\System\mLYiWLo.exe
  C:\Windows\System\mLYiWLo.exe
  2⤵
  PID:6580
- C:\Windows\System\nCMqJRa.exe
  C:\Windows\System\nCMqJRa.exe
  2⤵
  PID:6600
- C:\Windows\System\AwQFvGA.exe
  C:\Windows\System\AwQFvGA.exe
  2⤵
  PID:6620
- C:\Windows\System\vDZIihk.exe
  C:\Windows\System\vDZIihk.exe
  2⤵
  PID:6640
- C:\Windows\System\lLGbImZ.exe
  C:\Windows\System\lLGbImZ.exe
  2⤵
  PID:6660
- C:\Windows\System\AbHzWaZ.exe
  C:\Windows\System\AbHzWaZ.exe
  2⤵
  PID:6680
- C:\Windows\System\vjuaeaz.exe
  C:\Windows\System\vjuaeaz.exe
  2⤵
  PID:6700
- C:\Windows\System\RIHiqlX.exe
  C:\Windows\System\RIHiqlX.exe
  2⤵
  PID:6720
- C:\Windows\System\OHpVSNt.exe
  C:\Windows\System\OHpVSNt.exe
  2⤵
  PID:6740
- C:\Windows\System\IawygjM.exe
  C:\Windows\System\IawygjM.exe
  2⤵
  PID:6760
- C:\Windows\System\TkPVWBG.exe
  C:\Windows\System\TkPVWBG.exe
  2⤵
  PID:6780
- C:\Windows\System\viXLLtS.exe
  C:\Windows\System\viXLLtS.exe
  2⤵
  PID:6800
- C:\Windows\System\PDlRCXp.exe
  C:\Windows\System\PDlRCXp.exe
  2⤵
  PID:6820
- C:\Windows\System\DPUPira.exe
  C:\Windows\System\DPUPira.exe
  2⤵
  PID:6840
- C:\Windows\System\irZuDcc.exe
  C:\Windows\System\irZuDcc.exe
  2⤵
  PID:6860
- C:\Windows\System\mYVcBVl.exe
  C:\Windows\System\mYVcBVl.exe
  2⤵
  PID:6880
- C:\Windows\System\WdunnPY.exe
  C:\Windows\System\WdunnPY.exe
  2⤵
  PID:6900
- C:\Windows\System\IEezYrm.exe
  C:\Windows\System\IEezYrm.exe
  2⤵
  PID:6920
- C:\Windows\System\HrDRBdY.exe
  C:\Windows\System\HrDRBdY.exe
  2⤵
  PID:6940
- C:\Windows\System\KHfhJSh.exe
  C:\Windows\System\KHfhJSh.exe
  2⤵
  PID:6960
- C:\Windows\System\nbXYPXM.exe
  C:\Windows\System\nbXYPXM.exe
  2⤵
  PID:6980
- C:\Windows\System\vdJNONW.exe
  C:\Windows\System\vdJNONW.exe
  2⤵
  PID:7000
- C:\Windows\System\qQBOscw.exe
  C:\Windows\System\qQBOscw.exe
  2⤵
  PID:7020
- C:\Windows\System\RmQiBKL.exe
  C:\Windows\System\RmQiBKL.exe
  2⤵
  PID:7044
- C:\Windows\System\SlDwChi.exe
  C:\Windows\System\SlDwChi.exe
  2⤵
  PID:7064
- C:\Windows\System\jbBuvyi.exe
  C:\Windows\System\jbBuvyi.exe
  2⤵
  PID:7084
- C:\Windows\System\OBYNFDZ.exe
  C:\Windows\System\OBYNFDZ.exe
  2⤵
  PID:7104
- C:\Windows\System\DUjLIZI.exe
  C:\Windows\System\DUjLIZI.exe
  2⤵
  PID:7124
- C:\Windows\System\XhqFWfH.exe
  C:\Windows\System\XhqFWfH.exe
  2⤵
  PID:7144
- C:\Windows\System\ABplzub.exe
  C:\Windows\System\ABplzub.exe
  2⤵
  PID:7164
- C:\Windows\System\qymQnii.exe
  C:\Windows\System\qymQnii.exe
  2⤵
  PID:5128
- C:\Windows\System\yglCygt.exe
  C:\Windows\System\yglCygt.exe
  2⤵
  PID:5332
- C:\Windows\System\dqzdfsr.exe
  C:\Windows\System\dqzdfsr.exe
  2⤵
  PID:5264
- C:\Windows\System\nRvJnFJ.exe
  C:\Windows\System\nRvJnFJ.exe
  2⤵
  PID:5396
- C:\Windows\System\MNZGdIb.exe
  C:\Windows\System\MNZGdIb.exe
  2⤵
  PID:5476
- C:\Windows\System\NEMZRyF.exe
  C:\Windows\System\NEMZRyF.exe
  2⤵
  PID:5588
- C:\Windows\System\fXEfsjv.exe
  C:\Windows\System\fXEfsjv.exe
  2⤵
  PID:5676
- C:\Windows\System\NslWRtS.exe
  C:\Windows\System\NslWRtS.exe
  2⤵
  PID:5860
- C:\Windows\System\aFGbwzv.exe
  C:\Windows\System\aFGbwzv.exe
  2⤵
  PID:5900
- C:\Windows\System\CaHHqYJ.exe
  C:\Windows\System\CaHHqYJ.exe
  2⤵
  PID:6004
- C:\Windows\System\YhviPZU.exe
  C:\Windows\System\YhviPZU.exe
  2⤵
  PID:6044
- C:\Windows\System\daNrDUu.exe
  C:\Windows\System\daNrDUu.exe
  2⤵
  PID:5052
- C:\Windows\System\hIfrRXz.exe
  C:\Windows\System\hIfrRXz.exe
  2⤵
  PID:4152
- C:\Windows\System\EQdSsaL.exe
  C:\Windows\System\EQdSsaL.exe
  2⤵
  PID:5100
- C:\Windows\System\XLmqdAd.exe
  C:\Windows\System\XLmqdAd.exe
  2⤵
  PID:6172
- C:\Windows\System\kGGDGSr.exe
  C:\Windows\System\kGGDGSr.exe
  2⤵
  PID:6216
- C:\Windows\System\ghGdlFm.exe
  C:\Windows\System\ghGdlFm.exe
  2⤵
  PID:6268
- C:\Windows\System\SbVmXrK.exe
  C:\Windows\System\SbVmXrK.exe
  2⤵
  PID:6288
- C:\Windows\System\rKKVxyv.exe
  C:\Windows\System\rKKVxyv.exe
  2⤵
  PID:6312
- C:\Windows\System\FglgPIE.exe
  C:\Windows\System\FglgPIE.exe
  2⤵
  PID:6332
- C:\Windows\System\YKDwMYo.exe
  C:\Windows\System\YKDwMYo.exe
  2⤵
  PID:6376
- C:\Windows\System\YitxnUz.exe
  C:\Windows\System\YitxnUz.exe
  2⤵
  PID:6428
- C:\Windows\System\iaMRwJH.exe
  C:\Windows\System\iaMRwJH.exe
  2⤵
  PID:6456
- C:\Windows\System\LbHtjkl.exe
  C:\Windows\System\LbHtjkl.exe
  2⤵
  PID:6488
- C:\Windows\System\EWcEPtK.exe
  C:\Windows\System\EWcEPtK.exe
  2⤵
  PID:6512
- C:\Windows\System\AWRKglr.exe
  C:\Windows\System\AWRKglr.exe
  2⤵
  PID:6532
- C:\Windows\System\jfjfOdF.exe
  C:\Windows\System\jfjfOdF.exe
  2⤵
  PID:6576
- C:\Windows\System\kqiPTZr.exe
  C:\Windows\System\kqiPTZr.exe
  2⤵
  PID:6628
- C:\Windows\System\VheNlwy.exe
  C:\Windows\System\VheNlwy.exe
  2⤵
  PID:6668
- C:\Windows\System\CEDQzkR.exe
  C:\Windows\System\CEDQzkR.exe
  2⤵
  PID:6688
- C:\Windows\System\PkxJdPn.exe
  C:\Windows\System\PkxJdPn.exe
  2⤵
  PID:6712
- C:\Windows\System\FeCFXtD.exe
  C:\Windows\System\FeCFXtD.exe
  2⤵
  PID:6732
- C:\Windows\System\JXkfvqD.exe
  C:\Windows\System\JXkfvqD.exe
  2⤵
  PID:6772
- C:\Windows\System\tbpsfug.exe
  C:\Windows\System\tbpsfug.exe
  2⤵
  PID:6828
- C:\Windows\System\IyCMgNC.exe
  C:\Windows\System\IyCMgNC.exe
  2⤵
  PID:6952
- C:\Windows\System\PuqQGmt.exe
  C:\Windows\System\PuqQGmt.exe
  2⤵
  PID:6972
- C:\Windows\System\sdaBUTO.exe
  C:\Windows\System\sdaBUTO.exe
  2⤵
  PID:7040
- C:\Windows\System\HmOYoWp.exe
  C:\Windows\System\HmOYoWp.exe
  2⤵
  PID:7060
- C:\Windows\System\RehXQgQ.exe
  C:\Windows\System\RehXQgQ.exe
  2⤵
  PID:7100
- C:\Windows\System\qDpJHMX.exe
  C:\Windows\System\qDpJHMX.exe
  2⤵
  PID:7096
- C:\Windows\System\qdoquTq.exe
  C:\Windows\System\qdoquTq.exe
  2⤵
  PID:7136
- C:\Windows\System\YMAtJqY.exe
  C:\Windows\System\YMAtJqY.exe
  2⤵
  PID:5204
- C:\Windows\System\pNakSCk.exe
  C:\Windows\System\pNakSCk.exe
  2⤵
  PID:5448
- C:\Windows\System\CuhPTIY.exe
  C:\Windows\System\CuhPTIY.exe
  2⤵
  PID:5552
- C:\Windows\System\rSGAEOH.exe
  C:\Windows\System\rSGAEOH.exe
  2⤵
  PID:5824
- C:\Windows\System\eTwAaCR.exe
  C:\Windows\System\eTwAaCR.exe
  2⤵
  PID:2632
- C:\Windows\System\cWosWDu.exe
  C:\Windows\System\cWosWDu.exe
  2⤵
  PID:5936
- C:\Windows\System\XyflxsH.exe
  C:\Windows\System\XyflxsH.exe
  2⤵
  PID:6064
- C:\Windows\System\wAsEKKu.exe
  C:\Windows\System\wAsEKKu.exe
  2⤵
  PID:6156
- C:\Windows\System\lgvMsZw.exe
  C:\Windows\System\lgvMsZw.exe
  2⤵
  PID:6228
- C:\Windows\System\OeZVvrQ.exe
  C:\Windows\System\OeZVvrQ.exe
  2⤵
  PID:6256
- C:\Windows\System\EQnTKnN.exe
  C:\Windows\System\EQnTKnN.exe
  2⤵
  PID:6252
- C:\Windows\System\SydFmnJ.exe
  C:\Windows\System\SydFmnJ.exe
  2⤵
  PID:6336
- C:\Windows\System\wXAlTGi.exe
  C:\Windows\System\wXAlTGi.exe
  2⤵
  PID:6388
- C:\Windows\System\waGSwzs.exe
  C:\Windows\System\waGSwzs.exe
  2⤵
  PID:6412
- C:\Windows\System\kaVCmWy.exe
  C:\Windows\System\kaVCmWy.exe
  2⤵
  PID:6492
- C:\Windows\System\TtITqKF.exe
  C:\Windows\System\TtITqKF.exe
  2⤵
  PID:6592
- C:\Windows\System\CHAbvZu.exe
  C:\Windows\System\CHAbvZu.exe
  2⤵
  PID:6652
- C:\Windows\System\kOndpEE.exe
  C:\Windows\System\kOndpEE.exe
  2⤵
  PID:6636
- C:\Windows\System\XjMcJVd.exe
  C:\Windows\System\XjMcJVd.exe
  2⤵
  PID:6696
- C:\Windows\System\NAxzuAc.exe
  C:\Windows\System\NAxzuAc.exe
  2⤵
  PID:6788
- C:\Windows\System\sDBwysA.exe
  C:\Windows\System\sDBwysA.exe
  2⤵
  PID:6932
- C:\Windows\System\esfgFfi.exe
  C:\Windows\System\esfgFfi.exe
  2⤵
  PID:7008
- C:\Windows\System\OdpuEdM.exe
  C:\Windows\System\OdpuEdM.exe
  2⤵
  PID:7052
- C:\Windows\System\BAyJEEM.exe
  C:\Windows\System\BAyJEEM.exe
  2⤵
  PID:7092
- C:\Windows\System\guJCJET.exe
  C:\Windows\System\guJCJET.exe
  2⤵
  PID:4988
- C:\Windows\System\wfdavyq.exe
  C:\Windows\System\wfdavyq.exe
  2⤵
  PID:5188
- C:\Windows\System\ZgmufSR.exe
  C:\Windows\System\ZgmufSR.exe
  2⤵
  PID:2880
- C:\Windows\System\YgXNEjW.exe
  C:\Windows\System\YgXNEjW.exe
  2⤵
  PID:5780
- C:\Windows\System\xUUefEJ.exe
  C:\Windows\System\xUUefEJ.exe
  2⤵
  PID:7192
- C:\Windows\System\wEKYIzq.exe
  C:\Windows\System\wEKYIzq.exe
  2⤵
  PID:7212
- C:\Windows\System\fwFTZfK.exe
  C:\Windows\System\fwFTZfK.exe
  2⤵
  PID:7232
- C:\Windows\System\qqEnPgL.exe
  C:\Windows\System\qqEnPgL.exe
  2⤵
  PID:7252
- C:\Windows\System\QOGBBRI.exe
  C:\Windows\System\QOGBBRI.exe
  2⤵
  PID:7272
- C:\Windows\System\kPXaXHb.exe
  C:\Windows\System\kPXaXHb.exe
  2⤵
  PID:7292
- C:\Windows\System\mDoOPTe.exe
  C:\Windows\System\mDoOPTe.exe
  2⤵
  PID:7312
- C:\Windows\System\deQlqtG.exe
  C:\Windows\System\deQlqtG.exe
  2⤵
  PID:7332
- C:\Windows\System\Enfyiez.exe
  C:\Windows\System\Enfyiez.exe
  2⤵
  PID:7352
- C:\Windows\System\SdWJVoU.exe
  C:\Windows\System\SdWJVoU.exe
  2⤵
  PID:7372
- C:\Windows\System\BbVrzFs.exe
  C:\Windows\System\BbVrzFs.exe
  2⤵
  PID:7392
- C:\Windows\System\yusIxBz.exe
  C:\Windows\System\yusIxBz.exe
  2⤵
  PID:7412
- C:\Windows\System\WdSIkZN.exe
  C:\Windows\System\WdSIkZN.exe
  2⤵
  PID:7432
- C:\Windows\System\MxSqsdU.exe
  C:\Windows\System\MxSqsdU.exe
  2⤵
  PID:7452
- C:\Windows\System\HbLrnLU.exe
  C:\Windows\System\HbLrnLU.exe
  2⤵
  PID:7472
- C:\Windows\System\LmYGjYR.exe
  C:\Windows\System\LmYGjYR.exe
  2⤵
  PID:7496
- C:\Windows\System\trxOGOc.exe
  C:\Windows\System\trxOGOc.exe
  2⤵
  PID:7516
- C:\Windows\System\YnLBLcb.exe
  C:\Windows\System\YnLBLcb.exe
  2⤵
  PID:7532
- C:\Windows\System\rIwOaaz.exe
  C:\Windows\System\rIwOaaz.exe
  2⤵
  PID:7556
- C:\Windows\System\zdEJjSU.exe
  C:\Windows\System\zdEJjSU.exe
  2⤵
  PID:7576
- C:\Windows\System\ceKEBOl.exe
  C:\Windows\System\ceKEBOl.exe
  2⤵
  PID:7596
- C:\Windows\System\VcVpGVP.exe
  C:\Windows\System\VcVpGVP.exe
  2⤵
  PID:7616
- C:\Windows\System\kOPDKpB.exe
  C:\Windows\System\kOPDKpB.exe
  2⤵
  PID:7636
- C:\Windows\System\fLUjeSr.exe
  C:\Windows\System\fLUjeSr.exe
  2⤵
  PID:7656
- C:\Windows\System\EhBpYBe.exe
  C:\Windows\System\EhBpYBe.exe
  2⤵
  PID:7676
- C:\Windows\System\kODfsnh.exe
  C:\Windows\System\kODfsnh.exe
  2⤵
  PID:7696
- C:\Windows\System\vbhwBGx.exe
  C:\Windows\System\vbhwBGx.exe
  2⤵
  PID:7716
- C:\Windows\System\cKmeQiN.exe
  C:\Windows\System\cKmeQiN.exe
  2⤵
  PID:7736
- C:\Windows\System\QzVKYse.exe
  C:\Windows\System\QzVKYse.exe
  2⤵
  PID:7756
- C:\Windows\System\BxNbnfr.exe
  C:\Windows\System\BxNbnfr.exe
  2⤵
  PID:7776
- C:\Windows\System\fHxsdue.exe
  C:\Windows\System\fHxsdue.exe
  2⤵
  PID:7796
- C:\Windows\System\RBzJAld.exe
  C:\Windows\System\RBzJAld.exe
  2⤵
  PID:7816
- C:\Windows\System\fmcTuKg.exe
  C:\Windows\System\fmcTuKg.exe
  2⤵
  PID:7836
- C:\Windows\System\fRiSuso.exe
  C:\Windows\System\fRiSuso.exe
  2⤵
  PID:7856
- C:\Windows\System\LfmXMvU.exe
  C:\Windows\System\LfmXMvU.exe
  2⤵
  PID:7876
- C:\Windows\System\Jhrdvrr.exe
  C:\Windows\System\Jhrdvrr.exe
  2⤵
  PID:7896
- C:\Windows\System\YcNUbPi.exe
  C:\Windows\System\YcNUbPi.exe
  2⤵
  PID:7916
- C:\Windows\System\QDExjCX.exe
  C:\Windows\System\QDExjCX.exe
  2⤵
  PID:7936
- C:\Windows\System\zcDXLAf.exe
  C:\Windows\System\zcDXLAf.exe
  2⤵
  PID:7956
- C:\Windows\System\BjAfdFd.exe
  C:\Windows\System\BjAfdFd.exe
  2⤵
  PID:7976
- C:\Windows\System\YgaLYLO.exe
  C:\Windows\System\YgaLYLO.exe
  2⤵
  PID:7996
- C:\Windows\System\GftgaYA.exe
  C:\Windows\System\GftgaYA.exe
  2⤵
  PID:8016
- C:\Windows\System\ZVBgrOM.exe
  C:\Windows\System\ZVBgrOM.exe
  2⤵
  PID:8036
- C:\Windows\System\qWQFykW.exe
  C:\Windows\System\qWQFykW.exe
  2⤵
  PID:8056
- C:\Windows\System\tfHcfaM.exe
  C:\Windows\System\tfHcfaM.exe
  2⤵
  PID:8076
- C:\Windows\System\pkJNUlX.exe
  C:\Windows\System\pkJNUlX.exe
  2⤵
  PID:8096
- C:\Windows\System\wGhplSK.exe
  C:\Windows\System\wGhplSK.exe
  2⤵
  PID:8116
- C:\Windows\System\PkYyatg.exe
  C:\Windows\System\PkYyatg.exe
  2⤵
  PID:8136
- C:\Windows\System\txvLAOq.exe
  C:\Windows\System\txvLAOq.exe
  2⤵
  PID:8156
- C:\Windows\System\ftcnQZp.exe
  C:\Windows\System\ftcnQZp.exe
  2⤵
  PID:8176
- C:\Windows\System\DKfHtUx.exe
  C:\Windows\System\DKfHtUx.exe
  2⤵
  PID:6100
- C:\Windows\System\YzMKafn.exe
  C:\Windows\System\YzMKafn.exe
  2⤵
  PID:1852
- C:\Windows\System\pHyRAmq.exe
  C:\Windows\System\pHyRAmq.exe
  2⤵
  PID:4968
- C:\Windows\System\qzHkyZF.exe
  C:\Windows\System\qzHkyZF.exe
  2⤵
  PID:6176
- C:\Windows\System\DYEdNiq.exe
  C:\Windows\System\DYEdNiq.exe
  2⤵
  PID:6368
- C:\Windows\System\eGAhzuI.exe
  C:\Windows\System\eGAhzuI.exe
  2⤵
  PID:6416
- C:\Windows\System\EXUkqZP.exe
  C:\Windows\System\EXUkqZP.exe
  2⤵
  PID:6452
- C:\Windows\System\SGyaLnC.exe
  C:\Windows\System\SGyaLnC.exe
  2⤵
  PID:6496
- C:\Windows\System\NEEPQRO.exe
  C:\Windows\System\NEEPQRO.exe
  2⤵
  PID:6676
- C:\Windows\System\coKBySJ.exe
  C:\Windows\System\coKBySJ.exe
  2⤵
  PID:7036
- C:\Windows\System\oHQOQGW.exe
  C:\Windows\System\oHQOQGW.exe
  2⤵
  PID:2236
- C:\Windows\System\HFowhDR.exe
  C:\Windows\System\HFowhDR.exe
  2⤵
  PID:6976
- C:\Windows\System\CLhZMKM.exe
  C:\Windows\System\CLhZMKM.exe
  2⤵
  PID:340
- C:\Windows\System\mdnPeQZ.exe
  C:\Windows\System\mdnPeQZ.exe
  2⤵
  PID:2844
- C:\Windows\System\FVYWCOH.exe
  C:\Windows\System\FVYWCOH.exe
  2⤵
  PID:7116
- C:\Windows\System\iAWmBZK.exe
  C:\Windows\System\iAWmBZK.exe
  2⤵
  PID:5432
- C:\Windows\System\urHamrG.exe
  C:\Windows\System\urHamrG.exe
  2⤵
  PID:1004
- C:\Windows\System\PkghDsF.exe
  C:\Windows\System\PkghDsF.exe
  2⤵
  PID:7180
- C:\Windows\System\TlkIbXc.exe
  C:\Windows\System\TlkIbXc.exe
  2⤵
  PID:7204
- C:\Windows\System\uyThddt.exe
  C:\Windows\System\uyThddt.exe
  2⤵
  PID:7264
- C:\Windows\System\vhMWsEc.exe
  C:\Windows\System\vhMWsEc.exe
  2⤵
  PID:7288
- C:\Windows\System\ZTTwogb.exe
  C:\Windows\System\ZTTwogb.exe
  2⤵
  PID:7348
- C:\Windows\System\JLpMbuq.exe
  C:\Windows\System\JLpMbuq.exe
  2⤵
  PID:7360
- C:\Windows\System\DllgsmV.exe
  C:\Windows\System\DllgsmV.exe
  2⤵
  PID:7388
- C:\Windows\System\LMuUzmR.exe
  C:\Windows\System\LMuUzmR.exe
  2⤵
  PID:7428
- C:\Windows\System\UcOyKIm.exe
  C:\Windows\System\UcOyKIm.exe
  2⤵
  PID:7440
- C:\Windows\System\DeauMFh.exe
  C:\Windows\System\DeauMFh.exe
  2⤵
  PID:7492
- C:\Windows\System\JCihgrI.exe
  C:\Windows\System\JCihgrI.exe
  2⤵
  PID:7544
- C:\Windows\System\QbBhFyT.exe
  C:\Windows\System\QbBhFyT.exe
  2⤵
  PID:7548
- C:\Windows\System\VCDhlVA.exe
  C:\Windows\System\VCDhlVA.exe
  2⤵
  PID:7568
- C:\Windows\System\KJVlLrr.exe
  C:\Windows\System\KJVlLrr.exe
  2⤵
  PID:7612
- C:\Windows\System\sDsVlIB.exe
  C:\Windows\System\sDsVlIB.exe
  2⤵
  PID:7648
- C:\Windows\System\MPgPCNd.exe
  C:\Windows\System\MPgPCNd.exe
  2⤵
  PID:7712
- C:\Windows\System\SOQzmDA.exe
  C:\Windows\System\SOQzmDA.exe
  2⤵
  PID:7732
- C:\Windows\System\NqZSKDb.exe
  C:\Windows\System\NqZSKDb.exe
  2⤵
  PID:7764
- C:\Windows\System\zHERDYj.exe
  C:\Windows\System\zHERDYj.exe
  2⤵
  PID:7788
- C:\Windows\System\kEVtKwB.exe
  C:\Windows\System\kEVtKwB.exe
  2⤵
  PID:7808
- C:\Windows\System\uFZoaIq.exe
  C:\Windows\System\uFZoaIq.exe
  2⤵
  PID:7872
- C:\Windows\System\WftAvua.exe
  C:\Windows\System\WftAvua.exe
  2⤵
  PID:7892
- C:\Windows\System\sgLduYD.exe
  C:\Windows\System\sgLduYD.exe
  2⤵
  PID:7952
- C:\Windows\System\LLvXnRA.exe
  C:\Windows\System\LLvXnRA.exe
  2⤵
  PID:7984
- C:\Windows\System\nCUnftF.exe
  C:\Windows\System\nCUnftF.exe
  2⤵
  PID:7968
- C:\Windows\System\AKfoEYZ.exe
  C:\Windows\System\AKfoEYZ.exe
  2⤵
  PID:8012
- C:\Windows\System\iWIJcQD.exe
  C:\Windows\System\iWIJcQD.exe
  2⤵
  PID:8048
- C:\Windows\System\bVNmtZD.exe
  C:\Windows\System\bVNmtZD.exe
  2⤵
  PID:8108
- C:\Windows\System\swfShgx.exe
  C:\Windows\System\swfShgx.exe
  2⤵
  PID:8124
- C:\Windows\System\LHHIThG.exe
  C:\Windows\System\LHHIThG.exe
  2⤵
  PID:3176
- C:\Windows\System\eraCBAA.exe
  C:\Windows\System\eraCBAA.exe
  2⤵
  PID:5944
- C:\Windows\System\hBChkTH.exe
  C:\Windows\System\hBChkTH.exe
  2⤵
  PID:6148
- C:\Windows\System\HiaiaCC.exe
  C:\Windows\System\HiaiaCC.exe
  2⤵
  PID:6248
- C:\Windows\System\aCcjhaE.exe
  C:\Windows\System\aCcjhaE.exe
  2⤵
  PID:6748
- C:\Windows\System\zHzZKYg.exe
  C:\Windows\System\zHzZKYg.exe
  2⤵
  PID:6536
- C:\Windows\System\XrNQNbM.exe
  C:\Windows\System\XrNQNbM.exe
  2⤵
  PID:6768
- C:\Windows\System\NokZLsL.exe
  C:\Windows\System\NokZLsL.exe
  2⤵
  PID:7072
- C:\Windows\System\yLUtLCS.exe
  C:\Windows\System\yLUtLCS.exe
  2⤵
  PID:280
- C:\Windows\System\pQxLxWq.exe
  C:\Windows\System\pQxLxWq.exe
  2⤵
  PID:5252
- C:\Windows\System\wXFzVJR.exe
  C:\Windows\System\wXFzVJR.exe
  2⤵
  PID:6988
- C:\Windows\System\wZVnodw.exe
  C:\Windows\System\wZVnodw.exe
  2⤵
  PID:5572
- C:\Windows\System\zaSQxQw.exe
  C:\Windows\System\zaSQxQw.exe
  2⤵
  PID:7240
- C:\Windows\System\InFvQKc.exe
  C:\Windows\System\InFvQKc.exe
  2⤵
  PID:7320
- C:\Windows\System\HoISCkW.exe
  C:\Windows\System\HoISCkW.exe
  2⤵
  PID:7400
- C:\Windows\System\BhraGha.exe
  C:\Windows\System\BhraGha.exe
  2⤵
  PID:7380
- C:\Windows\System\xblQutR.exe
  C:\Windows\System\xblQutR.exe
  2⤵
  PID:7424
- C:\Windows\System\cGldFLO.exe
  C:\Windows\System\cGldFLO.exe
  2⤵
  PID:7540
- C:\Windows\System\fZJEUQC.exe
  C:\Windows\System\fZJEUQC.exe
  2⤵
  PID:7604
- C:\Windows\System\ESJXPTF.exe
  C:\Windows\System\ESJXPTF.exe
  2⤵
  PID:7644
- C:\Windows\System\NKTrZMv.exe
  C:\Windows\System\NKTrZMv.exe
  2⤵
  PID:7652
- C:\Windows\System\YyAhEmh.exe
  C:\Windows\System\YyAhEmh.exe
  2⤵
  PID:7724
- C:\Windows\System\rCgIWLO.exe
  C:\Windows\System\rCgIWLO.exe
  2⤵
  PID:7832
- C:\Windows\System\UveKnFJ.exe
  C:\Windows\System\UveKnFJ.exe
  2⤵
  PID:7848
- C:\Windows\System\UkQlPJk.exe
  C:\Windows\System\UkQlPJk.exe
  2⤵
  PID:7944
- C:\Windows\System\knPpRtj.exe
  C:\Windows\System\knPpRtj.exe
  2⤵
  PID:8028
- C:\Windows\System\uNxHQqF.exe
  C:\Windows\System\uNxHQqF.exe
  2⤵
  PID:8084
- C:\Windows\System\KQmfRTs.exe
  C:\Windows\System\KQmfRTs.exe
  2⤵
  PID:8044
- C:\Windows\System\lXZWSwB.exe
  C:\Windows\System\lXZWSwB.exe
  2⤵
  PID:8148
- C:\Windows\System\Ossxloq.exe
  C:\Windows\System\Ossxloq.exe
  2⤵
  PID:6036
- C:\Windows\System\EccGgla.exe
  C:\Windows\System\EccGgla.exe
  2⤵
  PID:8172
- C:\Windows\System\OiSicCx.exe
  C:\Windows\System\OiSicCx.exe
  2⤵
  PID:6812
- C:\Windows\System\lGhgseY.exe
  C:\Windows\System\lGhgseY.exe
  2⤵
  PID:1908
- C:\Windows\System\icVgZwX.exe
  C:\Windows\System\icVgZwX.exe
  2⤵
  PID:6816
- C:\Windows\System\vpPYyEH.exe
  C:\Windows\System\vpPYyEH.exe
  2⤵
  PID:7220
- C:\Windows\System\TvjtQqa.exe
  C:\Windows\System\TvjtQqa.exe
  2⤵
  PID:7160
- C:\Windows\System\AztLpDh.exe
  C:\Windows\System\AztLpDh.exe
  2⤵
  PID:7340
- C:\Windows\System\pCUNptF.exe
  C:\Windows\System\pCUNptF.exe
  2⤵
  PID:7268
- C:\Windows\System\nlhxOJM.exe
  C:\Windows\System\nlhxOJM.exe
  2⤵
  PID:7524
- C:\Windows\System\cPkrBQb.exe
  C:\Windows\System\cPkrBQb.exe
  2⤵
  PID:7460
- C:\Windows\System\EIUwYCP.exe
  C:\Windows\System\EIUwYCP.exe
  2⤵
  PID:7752
- C:\Windows\System\ROSgrJu.exe
  C:\Windows\System\ROSgrJu.exe
  2⤵
  PID:7592
- C:\Windows\System\sPixCff.exe
  C:\Windows\System\sPixCff.exe
  2⤵
  PID:7988
- C:\Windows\System\NQcZBfo.exe
  C:\Windows\System\NQcZBfo.exe
  2⤵
  PID:7964
- C:\Windows\System\CmIAoaq.exe
  C:\Windows\System\CmIAoaq.exe
  2⤵
  PID:8196
- C:\Windows\System\ODnance.exe
  C:\Windows\System\ODnance.exe
  2⤵
  PID:8212
- C:\Windows\System\VVwxlIQ.exe
  C:\Windows\System\VVwxlIQ.exe
  2⤵
  PID:8232
- C:\Windows\System\oowLLbj.exe
  C:\Windows\System\oowLLbj.exe
  2⤵
  PID:8252
- C:\Windows\System\ewqPCLg.exe
  C:\Windows\System\ewqPCLg.exe
  2⤵
  PID:8272
- C:\Windows\System\qegMfCi.exe
  C:\Windows\System\qegMfCi.exe
  2⤵
  PID:8292
- C:\Windows\System\UqyAQpc.exe
  C:\Windows\System\UqyAQpc.exe
  2⤵
  PID:8312
- C:\Windows\System\YnJHmTi.exe
  C:\Windows\System\YnJHmTi.exe
  2⤵
  PID:8332
- C:\Windows\System\gNkIzae.exe
  C:\Windows\System\gNkIzae.exe
  2⤵
  PID:8356
- C:\Windows\System\wODXWqC.exe
  C:\Windows\System\wODXWqC.exe
  2⤵
  PID:8376
- C:\Windows\System\rSsJgPl.exe
  C:\Windows\System\rSsJgPl.exe
  2⤵
  PID:8396
- C:\Windows\System\TpkyerN.exe
  C:\Windows\System\TpkyerN.exe
  2⤵
  PID:8416
- C:\Windows\System\sjFQnSd.exe
  C:\Windows\System\sjFQnSd.exe
  2⤵
  PID:8436
- C:\Windows\System\hBKogWu.exe
  C:\Windows\System\hBKogWu.exe
  2⤵
  PID:8456
- C:\Windows\System\dKvhpxD.exe
  C:\Windows\System\dKvhpxD.exe
  2⤵
  PID:8476
- C:\Windows\System\ZjfSQvc.exe
  C:\Windows\System\ZjfSQvc.exe
  2⤵
  PID:8500
- C:\Windows\System\yAzSMpZ.exe
  C:\Windows\System\yAzSMpZ.exe
  2⤵
  PID:8520
- C:\Windows\System\XkkcXrp.exe
  C:\Windows\System\XkkcXrp.exe
  2⤵
  PID:8540
- C:\Windows\System\iNBWbAq.exe
  C:\Windows\System\iNBWbAq.exe
  2⤵
  PID:8560
- C:\Windows\System\wLZCgVG.exe
  C:\Windows\System\wLZCgVG.exe
  2⤵
  PID:8580
- C:\Windows\System\LWGWZbO.exe
  C:\Windows\System\LWGWZbO.exe
  2⤵
  PID:8600
- C:\Windows\System\nYVqnKV.exe
  C:\Windows\System\nYVqnKV.exe
  2⤵
  PID:8620
- C:\Windows\System\FWIPMky.exe
  C:\Windows\System\FWIPMky.exe
  2⤵
  PID:8640
- C:\Windows\System\pzjdGZR.exe
  C:\Windows\System\pzjdGZR.exe
  2⤵
  PID:8660
- C:\Windows\System\ygCGDmP.exe
  C:\Windows\System\ygCGDmP.exe
  2⤵
  PID:8680
- C:\Windows\System\dryOOeo.exe
  C:\Windows\System\dryOOeo.exe
  2⤵
  PID:8700
- C:\Windows\System\rnIQkZA.exe
  C:\Windows\System\rnIQkZA.exe
  2⤵
  PID:8720
- C:\Windows\System\CjXITpH.exe
  C:\Windows\System\CjXITpH.exe
  2⤵
  PID:8736
- C:\Windows\System\QHbwDpw.exe
  C:\Windows\System\QHbwDpw.exe
  2⤵
  PID:8756
- C:\Windows\System\bjAjHCy.exe
  C:\Windows\System\bjAjHCy.exe
  2⤵
  PID:8772
- C:\Windows\System\VEUqPxA.exe
  C:\Windows\System\VEUqPxA.exe
  2⤵
  PID:8796
- C:\Windows\System\VhBQgVm.exe
  C:\Windows\System\VhBQgVm.exe
  2⤵
  PID:8816
- C:\Windows\System\bwTETvF.exe
  C:\Windows\System\bwTETvF.exe
  2⤵
  PID:8832
- C:\Windows\System\HzCzRDE.exe
  C:\Windows\System\HzCzRDE.exe
  2⤵
  PID:8856
- C:\Windows\System\WsbxgxB.exe
  C:\Windows\System\WsbxgxB.exe
  2⤵
  PID:8872
- C:\Windows\System\JlormdG.exe
  C:\Windows\System\JlormdG.exe
  2⤵
  PID:8888
- C:\Windows\System\WTZytfS.exe
  C:\Windows\System\WTZytfS.exe
  2⤵
  PID:8908
- C:\Windows\System\azkHkjE.exe
  C:\Windows\System\azkHkjE.exe
  2⤵
  PID:8924
- C:\Windows\System\FvciHML.exe
  C:\Windows\System\FvciHML.exe
  2⤵
  PID:8940
- C:\Windows\System\cmGbOCZ.exe
  C:\Windows\System\cmGbOCZ.exe
  2⤵
  PID:8956
- C:\Windows\System\rxXdVzA.exe
  C:\Windows\System\rxXdVzA.exe
  2⤵
  PID:8972
- C:\Windows\System\NapkExw.exe
  C:\Windows\System\NapkExw.exe
  2⤵
  PID:8988
- C:\Windows\System\GdZmFLF.exe
  C:\Windows\System\GdZmFLF.exe
  2⤵
  PID:9004
- C:\Windows\System\MobwHtC.exe
  C:\Windows\System\MobwHtC.exe
  2⤵
  PID:9020
- C:\Windows\System\zuApORg.exe
  C:\Windows\System\zuApORg.exe
  2⤵
  PID:9084
- C:\Windows\System\IUEzzzI.exe
  C:\Windows\System\IUEzzzI.exe
  2⤵
  PID:9100
- C:\Windows\System\gehxTxx.exe
  C:\Windows\System\gehxTxx.exe
  2⤵
  PID:9116
- C:\Windows\System\wxPHmqC.exe
  C:\Windows\System\wxPHmqC.exe
  2⤵
  PID:9132
- C:\Windows\System\QXdPHfZ.exe
  C:\Windows\System\QXdPHfZ.exe
  2⤵
  PID:9148
- C:\Windows\System\sFUnWLx.exe
  C:\Windows\System\sFUnWLx.exe
  2⤵
  PID:9164
- C:\Windows\System\hChVcjO.exe
  C:\Windows\System\hChVcjO.exe
  2⤵
  PID:9180
- C:\Windows\System\HWoIxta.exe
  C:\Windows\System\HWoIxta.exe
  2⤵
  PID:9196
- C:\Windows\System\MBDYnCs.exe
  C:\Windows\System\MBDYnCs.exe
  2⤵
  PID:9212
- C:\Windows\System\gmzZZUg.exe
  C:\Windows\System\gmzZZUg.exe
  2⤵
  PID:8184
- C:\Windows\System\iCPKxRM.exe
  C:\Windows\System\iCPKxRM.exe
  2⤵
  PID:6476
- C:\Windows\System\PLsrvEe.exe
  C:\Windows\System\PLsrvEe.exe
  2⤵
  PID:6648
- C:\Windows\System\CgMGKTS.exe
  C:\Windows\System\CgMGKTS.exe
  2⤵
  PID:7188
- C:\Windows\System\rXmoyYQ.exe
  C:\Windows\System\rXmoyYQ.exe
  2⤵
  PID:6588
- C:\Windows\System\LlqOPgQ.exe
  C:\Windows\System\LlqOPgQ.exe
  2⤵
  PID:7228
- C:\Windows\System\AWkeGGV.exe
  C:\Windows\System\AWkeGGV.exe
  2⤵
  PID:7308
- C:\Windows\System\srrPMwe.exe
  C:\Windows\System\srrPMwe.exe
  2⤵
  PID:7364
- C:\Windows\System\hhesiND.exe
  C:\Windows\System\hhesiND.exe
  2⤵
  PID:7468
- C:\Windows\System\eGliqyK.exe
  C:\Windows\System\eGliqyK.exe
  2⤵
  PID:7628
- C:\Windows\System\WNMHOYN.exe
  C:\Windows\System\WNMHOYN.exe
  2⤵
  PID:7932
- C:\Windows\System\SWEfsTj.exe
  C:\Windows\System\SWEfsTj.exe
  2⤵
  PID:7884
- C:\Windows\System\umwSWQQ.exe
  C:\Windows\System\umwSWQQ.exe
  2⤵
  PID:8268
- C:\Windows\System\enIyOhc.exe
  C:\Windows\System\enIyOhc.exe
  2⤵
  PID:8300
- C:\Windows\System\QSZmorn.exe
  C:\Windows\System\QSZmorn.exe
  2⤵
  PID:8340
- C:\Windows\System\TkgifrN.exe
  C:\Windows\System\TkgifrN.exe
  2⤵
  PID:8324
- C:\Windows\System\tduMpwJ.exe
  C:\Windows\System\tduMpwJ.exe
  2⤵
  PID:8388
- C:\Windows\System\lczBryL.exe
  C:\Windows\System\lczBryL.exe
  2⤵
  PID:8428
- C:\Windows\System\pCLOHNc.exe
  C:\Windows\System\pCLOHNc.exe
  2⤵
  PID:8452
- C:\Windows\System\pbsmHZx.exe
  C:\Windows\System\pbsmHZx.exe
  2⤵
  PID:8512
- C:\Windows\System\BHvrPnY.exe
  C:\Windows\System\BHvrPnY.exe
  2⤵
  PID:2628
- C:\Windows\System\mSQnsYT.exe
  C:\Windows\System\mSQnsYT.exe
  2⤵
  PID:8532
- C:\Windows\System\BtmseMc.exe
  C:\Windows\System\BtmseMc.exe
  2⤵
  PID:8592
- C:\Windows\System\dIJvZdm.exe
  C:\Windows\System\dIJvZdm.exe
  2⤵
  PID:8668
- C:\Windows\System\XVcXZxC.exe
  C:\Windows\System\XVcXZxC.exe
  2⤵
  PID:8688
- C:\Windows\System\YlCZeav.exe
  C:\Windows\System\YlCZeav.exe
  2⤵
  PID:8744
- C:\Windows\System\PljHitR.exe
  C:\Windows\System\PljHitR.exe
  2⤵
  PID:2016
- C:\Windows\System\exbATTJ.exe
  C:\Windows\System\exbATTJ.exe
  2⤵
  PID:8784
- C:\Windows\System\LHoureG.exe
  C:\Windows\System\LHoureG.exe
  2⤵
  PID:8788
- C:\Windows\System\sBtAvKv.exe
  C:\Windows\System\sBtAvKv.exe
  2⤵
  PID:8808
- C:\Windows\System\uIyngmm.exe
  C:\Windows\System\uIyngmm.exe
  2⤵
  PID:8864
- C:\Windows\System\NpOjBMp.exe
  C:\Windows\System\NpOjBMp.exe
  2⤵
  PID:8880
- C:\Windows\System\BcaaAYr.exe
  C:\Windows\System\BcaaAYr.exe
  2⤵
  PID:8900
- C:\Windows\System\urJBbjZ.exe
  C:\Windows\System\urJBbjZ.exe
  2⤵
  PID:8936
- C:\Windows\System\TqTmkGW.exe
  C:\Windows\System\TqTmkGW.exe
  2⤵
  PID:2616
- C:\Windows\System\PEbtYjX.exe
  C:\Windows\System\PEbtYjX.exe
  2⤵
  PID:1996
- C:\Windows\System\vZaOpTG.exe
  C:\Windows\System\vZaOpTG.exe
  2⤵
  PID:9012
- C:\Windows\System\rQLWRrL.exe
  C:\Windows\System\rQLWRrL.exe
  2⤵
  PID:2328
- C:\Windows\System\ZCQXAHC.exe
  C:\Windows\System\ZCQXAHC.exe
  2⤵
  PID:1132
- C:\Windows\System\Jsvpqrx.exe
  C:\Windows\System\Jsvpqrx.exe
  2⤵
  PID:9052
- C:\Windows\System\emFjyyO.exe
  C:\Windows\System\emFjyyO.exe
  2⤵
  PID:9068
- C:\Windows\System\cNKBcOX.exe
  C:\Windows\System\cNKBcOX.exe
  2⤵
  PID:2348
- C:\Windows\System\JqTyigq.exe
  C:\Windows\System\JqTyigq.exe
  2⤵
  PID:9108
- C:\Windows\System\QYvcIrT.exe
  C:\Windows\System\QYvcIrT.exe
  2⤵
  PID:9124
- C:\Windows\System\lsQdDPe.exe
  C:\Windows\System\lsQdDPe.exe
  2⤵
  PID:9172
- C:\Windows\System\xdTGkiK.exe
  C:\Windows\System\xdTGkiK.exe
  2⤵
  PID:9188
- C:\Windows\System\WwDMBLq.exe
  C:\Windows\System\WwDMBLq.exe
  2⤵
  PID:2384
- C:\Windows\System\xMdueUB.exe
  C:\Windows\System\xMdueUB.exe
  2⤵
  PID:8168
- C:\Windows\System\OfKhgoP.exe
  C:\Windows\System\OfKhgoP.exe
  2⤵
  PID:8064
- C:\Windows\System\Bwzrpyp.exe
  C:\Windows\System\Bwzrpyp.exe
  2⤵
  PID:6232
- C:\Windows\System\nbYxewj.exe
  C:\Windows\System\nbYxewj.exe
  2⤵
  PID:2408
- C:\Windows\System\zaxzlHG.exe
  C:\Windows\System\zaxzlHG.exe
  2⤵
  PID:2476
- C:\Windows\System\qnrhiEN.exe
  C:\Windows\System\qnrhiEN.exe
  2⤵
  PID:7684
- C:\Windows\System\MhfVVuG.exe
  C:\Windows\System\MhfVVuG.exe
  2⤵
  PID:7748
- C:\Windows\System\BDqaWOU.exe
  C:\Windows\System\BDqaWOU.exe
  2⤵
  PID:7852
- C:\Windows\System\ylxbXbj.exe
  C:\Windows\System\ylxbXbj.exe
  2⤵
  PID:8204
- C:\Windows\System\Rvvusre.exe
  C:\Windows\System\Rvvusre.exe
  2⤵
  PID:8284
- C:\Windows\System\paHqiwh.exe
  C:\Windows\System\paHqiwh.exe
  2⤵
  PID:2100
- C:\Windows\System\qgFytZD.exe
  C:\Windows\System\qgFytZD.exe
  2⤵
  PID:5048
- C:\Windows\System\ZlcrRUW.exe
  C:\Windows\System\ZlcrRUW.exe
  2⤵
  PID:5612
- C:\Windows\System\SGZEdZf.exe
  C:\Windows\System\SGZEdZf.exe
  2⤵
  PID:8412
- C:\Windows\System\ldamrwl.exe
  C:\Windows\System\ldamrwl.exe
  2⤵
  PID:8444
- C:\Windows\System\SVcnLxP.exe
  C:\Windows\System\SVcnLxP.exe
  2⤵
  PID:8552
- C:\Windows\System\XyhOjta.exe
  C:\Windows\System\XyhOjta.exe
  2⤵
  PID:8528
- C:\Windows\System\DUYbwOq.exe
  C:\Windows\System\DUYbwOq.exe
  2⤵
  PID:8636
- C:\Windows\System\OmtQJoq.exe
  C:\Windows\System\OmtQJoq.exe
  2⤵
  PID:2140
- C:\Windows\System\OJJvcZA.exe
  C:\Windows\System\OJJvcZA.exe
  2⤵
  PID:1612
- C:\Windows\System\KYWlzYg.exe
  C:\Windows\System\KYWlzYg.exe
  2⤵
  PID:288
- C:\Windows\System\FawJNfu.exe
  C:\Windows\System\FawJNfu.exe
  2⤵
  PID:2656
- C:\Windows\System\TvIYxTu.exe
  C:\Windows\System\TvIYxTu.exe
  2⤵
  PID:1868
- C:\Windows\System\mknNSAz.exe
  C:\Windows\System\mknNSAz.exe
  2⤵
  PID:1728
- C:\Windows\System\PKrfZBF.exe
  C:\Windows\System\PKrfZBF.exe
  2⤵
  PID:3016
- C:\Windows\System\nHdboep.exe
  C:\Windows\System\nHdboep.exe
  2⤵
  PID:2260
- C:\Windows\System\pUiTRxd.exe
  C:\Windows\System\pUiTRxd.exe
  2⤵
  PID:8716
- C:\Windows\System\fnUyUdc.exe
  C:\Windows\System\fnUyUdc.exe
  2⤵
  PID:8692
- C:\Windows\System\cQkNTWh.exe
  C:\Windows\System\cQkNTWh.exe
  2⤵
  PID:8844
- C:\Windows\System\KWSTsbT.exe
  C:\Windows\System\KWSTsbT.exe
  2⤵
  PID:8964
- C:\Windows\System\OOIWthS.exe
  C:\Windows\System\OOIWthS.exe
  2⤵
  PID:9036
- C:\Windows\System\mPbhdTv.exe
  C:\Windows\System\mPbhdTv.exe
  2⤵
  PID:9092
- C:\Windows\System\elyrppE.exe
  C:\Windows\System\elyrppE.exe
  2⤵
  PID:8980
- C:\Windows\System\luzgGLQ.exe
  C:\Windows\System\luzgGLQ.exe
  2⤵
  PID:8764
- C:\Windows\System\jFPDBEU.exe
  C:\Windows\System\jFPDBEU.exe
  2⤵
  PID:2276
- C:\Windows\System\WJpTKLP.exe
  C:\Windows\System\WJpTKLP.exe
  2⤵
  PID:3048
- C:\Windows\System\koUoHyl.exe
  C:\Windows\System\koUoHyl.exe
  2⤵
  PID:612
- C:\Windows\System\iMHSpQN.exe
  C:\Windows\System\iMHSpQN.exe
  2⤵
  PID:7408
- C:\Windows\System\NzQkxhT.exe
  C:\Windows\System\NzQkxhT.exe
  2⤵
  PID:7248
- C:\Windows\System\mUeiZid.exe
  C:\Windows\System\mUeiZid.exe
  2⤵
  PID:956
- C:\Windows\System\yNWQQPX.exe
  C:\Windows\System\yNWQQPX.exe
  2⤵
  PID:8220
- C:\Windows\System\DsstyqC.exe
  C:\Windows\System\DsstyqC.exe
  2⤵
  PID:8228
- C:\Windows\System\ZeosHEn.exe
  C:\Windows\System\ZeosHEn.exe
  2⤵
  PID:8304
- C:\Windows\System\gcXepdB.exe
  C:\Windows\System\gcXepdB.exe
  2⤵
  PID:2360
- C:\Windows\System\gtVnDyS.exe
  C:\Windows\System\gtVnDyS.exe
  2⤵
  PID:8404
- C:\Windows\System\LPKSJwZ.exe
  C:\Windows\System\LPKSJwZ.exe
  2⤵
  PID:2928
- C:\Windows\System\XTzcsGf.exe
  C:\Windows\System\XTzcsGf.exe
  2⤵
  PID:8372
- C:\Windows\System\eNOsnhY.exe
  C:\Windows\System\eNOsnhY.exe
  2⤵
  PID:8468
- C:\Windows\System\MGPCSMX.exe
  C:\Windows\System\MGPCSMX.exe
  2⤵
  PID:1740
- C:\Windows\System\tDeCdsR.exe
  C:\Windows\System\tDeCdsR.exe
  2⤵
  PID:8656
- C:\Windows\System\tvoIGqe.exe
  C:\Windows\System\tvoIGqe.exe
  2⤵
  PID:8648
- C:\Windows\System\cSVSIXp.exe
  C:\Windows\System\cSVSIXp.exe
  2⤵
  PID:8712
- C:\Windows\System\yIuAZhb.exe
  C:\Windows\System\yIuAZhb.exe
  2⤵
  PID:8904
- C:\Windows\System\wwfcYbn.exe
  C:\Windows\System\wwfcYbn.exe
  2⤵
  PID:1248
- C:\Windows\System\jeMiMDA.exe
  C:\Windows\System\jeMiMDA.exe
  2⤵
  PID:9064
- C:\Windows\System\CwRykqv.exe
  C:\Windows\System\CwRykqv.exe
  2⤵
  PID:8848
- C:\Windows\System\uuvRZEV.exe
  C:\Windows\System\uuvRZEV.exe
  2⤵
  PID:9044
- C:\Windows\System\OkhyYou.exe
  C:\Windows\System\OkhyYou.exe
  2⤵
  PID:2776
- C:\Windows\System\ZcXNgIC.exe
  C:\Windows\System\ZcXNgIC.exe
  2⤵
  PID:7744
- C:\Windows\System\qhxHRjM.exe
  C:\Windows\System\qhxHRjM.exe
  2⤵
  PID:9112
- C:\Windows\System\Xwmhlhd.exe
  C:\Windows\System\Xwmhlhd.exe
  2⤵
  PID:9160
- C:\Windows\System\SLuSENv.exe
  C:\Windows\System\SLuSENv.exe
  2⤵
  PID:5312
- C:\Windows\System\nTXlCtR.exe
  C:\Windows\System\nTXlCtR.exe
  2⤵
  PID:8364
- C:\Windows\System\BDhpYqf.exe
  C:\Windows\System\BDhpYqf.exe
  2⤵
  PID:2944
- C:\Windows\System\tqtxhoP.exe
  C:\Windows\System\tqtxhoP.exe
  2⤵
  PID:8240
- C:\Windows\System\PGzLrmK.exe
  C:\Windows\System\PGzLrmK.exe
  2⤵
  PID:8572
- C:\Windows\System\GBwJnQX.exe
  C:\Windows\System\GBwJnQX.exe
  2⤵
  PID:2864
- C:\Windows\System\yBPhcOs.exe
  C:\Windows\System\yBPhcOs.exe
  2⤵
  PID:8672
- C:\Windows\System\kLmZFdk.exe
  C:\Windows\System\kLmZFdk.exe
  2⤵
  PID:8840
- C:\Windows\System\eiedNWc.exe
  C:\Windows\System\eiedNWc.exe
  2⤵
  PID:2852
- C:\Windows\System\fDVLfJu.exe
  C:\Windows\System\fDVLfJu.exe
  2⤵
  PID:2792
- C:\Windows\System\wuwsZUP.exe
  C:\Windows\System\wuwsZUP.exe
  2⤵
  PID:9048
- C:\Windows\System\JxijxBs.exe
  C:\Windows\System\JxijxBs.exe
  2⤵
  PID:8780
- C:\Windows\System\QuEhJMN.exe
  C:\Windows\System\QuEhJMN.exe
  2⤵
  PID:8576
- C:\Windows\System\yNNrJZW.exe
  C:\Windows\System\yNNrJZW.exe
  2⤵
  PID:7632
- C:\Windows\System\vAXyCfG.exe
  C:\Windows\System\vAXyCfG.exe
  2⤵
  PID:8328
- C:\Windows\System\rnBUaSv.exe
  C:\Windows\System\rnBUaSv.exe
  2⤵
  PID:7304
- C:\Windows\System\QheDijo.exe
  C:\Windows\System\QheDijo.exe
  2⤵
  PID:2600
- C:\Windows\System\VaASztG.exe
  C:\Windows\System\VaASztG.exe
  2⤵
  PID:2884
- C:\Windows\System\errGLyp.exe
  C:\Windows\System\errGLyp.exe
  2⤵
  PID:8320
- C:\Windows\System\dLzaCev.exe
  C:\Windows\System\dLzaCev.exe
  2⤵
  PID:8812
- C:\Windows\System\kRbeXko.exe
  C:\Windows\System\kRbeXko.exe
  2⤵
  PID:8432
- C:\Windows\System\XlGjLsI.exe
  C:\Windows\System\XlGjLsI.exe
  2⤵
  PID:9248
- C:\Windows\System\JbjJbOt.exe
  C:\Windows\System\JbjJbOt.exe
  2⤵
  PID:9280
- C:\Windows\System\wUiJQrz.exe
  C:\Windows\System\wUiJQrz.exe
  2⤵
  PID:9300
- C:\Windows\System\mlTouVm.exe
  C:\Windows\System\mlTouVm.exe
  2⤵
  PID:9328
- C:\Windows\System\yJaxEJW.exe
  C:\Windows\System\yJaxEJW.exe
  2⤵
  PID:9348
- C:\Windows\System\pVJAuAO.exe
  C:\Windows\System\pVJAuAO.exe
  2⤵
  PID:9372
- C:\Windows\System\lTQarWe.exe
  C:\Windows\System\lTQarWe.exe
  2⤵
  PID:9392
- C:\Windows\System\jsaPpUA.exe
  C:\Windows\System\jsaPpUA.exe
  2⤵
  PID:9408
- C:\Windows\System\mVJJvuZ.exe
  C:\Windows\System\mVJJvuZ.exe
  2⤵
  PID:9424
- C:\Windows\System\jeIMIVW.exe
  C:\Windows\System\jeIMIVW.exe
  2⤵
  PID:9448
- C:\Windows\System\cFaUauT.exe
  C:\Windows\System\cFaUauT.exe
  2⤵
  PID:9468
- C:\Windows\System\WnRWvdO.exe
  C:\Windows\System\WnRWvdO.exe
  2⤵
  PID:9484
- C:\Windows\System\avlYSwn.exe
  C:\Windows\System\avlYSwn.exe
  2⤵
  PID:9504
- C:\Windows\System\yrFQOkI.exe
  C:\Windows\System\yrFQOkI.exe
  2⤵
  PID:9548
- C:\Windows\System\aQVTUTB.exe
  C:\Windows\System\aQVTUTB.exe
  2⤵
  PID:9580
- C:\Windows\System\wXzBDAn.exe
  C:\Windows\System\wXzBDAn.exe
  2⤵
  PID:9604
- C:\Windows\System\DNdIjvI.exe
  C:\Windows\System\DNdIjvI.exe
  2⤵
  PID:9624
- C:\Windows\System\vucuPUm.exe
  C:\Windows\System\vucuPUm.exe
  2⤵
  PID:9676
- C:\Windows\System\MAGCjse.exe
  C:\Windows\System\MAGCjse.exe
  2⤵
  PID:9704
- C:\Windows\System\ObkWBTP.exe
  C:\Windows\System\ObkWBTP.exe
  2⤵
  PID:9720
- C:\Windows\System\zVkaAJe.exe
  C:\Windows\System\zVkaAJe.exe
  2⤵
  PID:9740
- C:\Windows\System\DmRkcxW.exe
  C:\Windows\System\DmRkcxW.exe
  2⤵
  PID:9756
- C:\Windows\System\TQMDZUN.exe
  C:\Windows\System\TQMDZUN.exe
  2⤵
  PID:9772
- C:\Windows\System\VuTMLDr.exe
  C:\Windows\System\VuTMLDr.exe
  2⤵
  PID:9788
- C:\Windows\System\cHhXfrw.exe
  C:\Windows\System\cHhXfrw.exe
  2⤵
  PID:9804
- C:\Windows\System\xYHYLVA.exe
  C:\Windows\System\xYHYLVA.exe
  2⤵
  PID:9824
- C:\Windows\System\bIRpRbc.exe
  C:\Windows\System\bIRpRbc.exe
  2⤵
  PID:9840
- C:\Windows\System\yQTMkJz.exe
  C:\Windows\System\yQTMkJz.exe
  2⤵
  PID:9856
- C:\Windows\System\oOJvXKy.exe
  C:\Windows\System\oOJvXKy.exe
  2⤵
  PID:9872
- C:\Windows\System\LhYZNFm.exe
  C:\Windows\System\LhYZNFm.exe
  2⤵
  PID:9888
- C:\Windows\System\eQcktob.exe
  C:\Windows\System\eQcktob.exe
  2⤵
  PID:9904
- C:\Windows\System\nxoCCBo.exe
  C:\Windows\System\nxoCCBo.exe
  2⤵
  PID:9920
- C:\Windows\System\BOCKNzq.exe
  C:\Windows\System\BOCKNzq.exe
  2⤵
  PID:9940
- C:\Windows\System\JgfbRqz.exe
  C:\Windows\System\JgfbRqz.exe
  2⤵
  PID:9956
- C:\Windows\System\LTbbxAY.exe
  C:\Windows\System\LTbbxAY.exe
  2⤵
  PID:9980
- C:\Windows\System\tkkQuHv.exe
  C:\Windows\System\tkkQuHv.exe
  2⤵
  PID:9996
- C:\Windows\System\CJYwAes.exe
  C:\Windows\System\CJYwAes.exe
  2⤵
  PID:10012
- C:\Windows\System\UhnysmE.exe
  C:\Windows\System\UhnysmE.exe
  2⤵
  PID:10028
- C:\Windows\System\ulYKrgz.exe
  C:\Windows\System\ulYKrgz.exe
  2⤵
  PID:10048
- C:\Windows\System\MZUuBvT.exe
  C:\Windows\System\MZUuBvT.exe
  2⤵
  PID:10064
- C:\Windows\System\bSeIBUe.exe
  C:\Windows\System\bSeIBUe.exe
  2⤵
  PID:10080
- C:\Windows\System\qkAWlYi.exe
  C:\Windows\System\qkAWlYi.exe
  2⤵
  PID:10096
- C:\Windows\System\TfHtybc.exe
  C:\Windows\System\TfHtybc.exe
  2⤵
  PID:10124
- C:\Windows\System\ompApnv.exe
  C:\Windows\System\ompApnv.exe
  2⤵
  PID:10140
- C:\Windows\System\BqVCdoE.exe
  C:\Windows\System\BqVCdoE.exe
  2⤵
  PID:10160
- C:\Windows\System\eEmKruo.exe
  C:\Windows\System\eEmKruo.exe
  2⤵
  PID:10176
- C:\Windows\System\YBXiWDE.exe
  C:\Windows\System\YBXiWDE.exe
  2⤵
  PID:10192
- C:\Windows\System\CYeFiFe.exe
  C:\Windows\System\CYeFiFe.exe
  2⤵
  PID:10208
- C:\Windows\System\VNzWUIS.exe
  C:\Windows\System\VNzWUIS.exe
  2⤵
  PID:10224
- C:\Windows\System\lhmHgSk.exe
  C:\Windows\System\lhmHgSk.exe
  2⤵
  PID:8748
- C:\Windows\System\LmZMNnT.exe
  C:\Windows\System\LmZMNnT.exe
  2⤵
  PID:4572
- C:\Windows\System\eFJGGzG.exe
  C:\Windows\System\eFJGGzG.exe
  2⤵
  PID:9224
- C:\Windows\System\BhUKbCM.exe
  C:\Windows\System\BhUKbCM.exe
  2⤵
  PID:9240
- C:\Windows\System\gfYjEAO.exe
  C:\Windows\System\gfYjEAO.exe
  2⤵
  PID:9268
- C:\Windows\System\nPcldGc.exe
  C:\Windows\System\nPcldGc.exe
  2⤵
  PID:9272
- C:\Windows\System\tsMEJiE.exe
  C:\Windows\System\tsMEJiE.exe
  2⤵
  PID:9316
- C:\Windows\System\KEwoLmr.exe
  C:\Windows\System\KEwoLmr.exe
  2⤵
  PID:9360
- C:\Windows\System\MtKgchI.exe
  C:\Windows\System\MtKgchI.exe
  2⤵
  PID:9416
- C:\Windows\System\LIhYKFh.exe
  C:\Windows\System\LIhYKFh.exe
  2⤵
  PID:9384
- C:\Windows\System\BtJAggr.exe
  C:\Windows\System\BtJAggr.exe
  2⤵
  PID:9432
- C:\Windows\System\NPOMRwS.exe
  C:\Windows\System\NPOMRwS.exe
  2⤵
  PID:9456
- C:\Windows\System\gxFBkow.exe
  C:\Windows\System\gxFBkow.exe
  2⤵
  PID:9464
- C:\Windows\System\HJXAZHS.exe
  C:\Windows\System\HJXAZHS.exe
  2⤵
  PID:9496
- C:\Windows\System\mNJkijX.exe
  C:\Windows\System\mNJkijX.exe
  2⤵
  PID:9524
- C:\Windows\System\LoRSOpU.exe
  C:\Windows\System\LoRSOpU.exe
  2⤵
  PID:9564
- C:\Windows\System\QbJCnxg.exe
  C:\Windows\System\QbJCnxg.exe
  2⤵
  PID:9544
- C:\Windows\System\jeRIIbW.exe
  C:\Windows\System\jeRIIbW.exe
  2⤵
  PID:9576
- C:\Windows\System\zCyBAWx.exe
  C:\Windows\System\zCyBAWx.exe
  2⤵
  PID:9616
- C:\Windows\System\NlOVRCh.exe
  C:\Windows\System\NlOVRCh.exe
  2⤵
  PID:9236
- C:\Windows\System\iaxnGpt.exe
  C:\Windows\System\iaxnGpt.exe
  2⤵
  PID:9648
- C:\Windows\System\oAJfwph.exe
  C:\Windows\System\oAJfwph.exe
  2⤵
  PID:9664
- C:\Windows\System\rJezfoT.exe
  C:\Windows\System\rJezfoT.exe
  2⤵
  PID:9688
- C:\Windows\System\hRoiBMO.exe
  C:\Windows\System\hRoiBMO.exe
  2⤵
  PID:9712
- C:\Windows\System\PGNkhwT.exe
  C:\Windows\System\PGNkhwT.exe
  2⤵
  PID:9736
- C:\Windows\System\RuKypPm.exe
  C:\Windows\System\RuKypPm.exe
  2⤵
  PID:9780
- C:\Windows\System\dlcUXvn.exe
  C:\Windows\System\dlcUXvn.exe
  2⤵
  PID:9820
- C:\Windows\System\WVOcQSf.exe
  C:\Windows\System\WVOcQSf.exe
  2⤵
  PID:9800
- C:\Windows\System\QCxTivG.exe
  C:\Windows\System\QCxTivG.exe
  2⤵
  PID:9864
- C:\Windows\System\hclpxEN.exe
  C:\Windows\System\hclpxEN.exe
  2⤵
  PID:9928
- C:\Windows\System\cKCVgWz.exe
  C:\Windows\System\cKCVgWz.exe
  2⤵
  PID:9932
- C:\Windows\System\lEOGwbK.exe
  C:\Windows\System\lEOGwbK.exe
  2⤵
  PID:9968
- C:\Windows\System\ogYjOwz.exe
  C:\Windows\System\ogYjOwz.exe
  2⤵
  PID:10036
- C:\Windows\System\ODvNqfM.exe
  C:\Windows\System\ODvNqfM.exe
  2⤵
  PID:9952
- C:\Windows\System\GPqlbWp.exe
  C:\Windows\System\GPqlbWp.exe
  2⤵
  PID:10024
- C:\Windows\System\ZIeDhAc.exe
  C:\Windows\System\ZIeDhAc.exe
  2⤵
  PID:10072
- C:\Windows\System\bkXDaxD.exe
  C:\Windows\System\bkXDaxD.exe
  2⤵
  PID:10088
- C:\Windows\System\nMjdAZS.exe
  C:\Windows\System\nMjdAZS.exe
  2⤵
  PID:10168
- C:\Windows\System\wbMnTWZ.exe
  C:\Windows\System\wbMnTWZ.exe
  2⤵
  PID:10156
- C:\Windows\System\IzYzrDG.exe
  C:\Windows\System\IzYzrDG.exe
  2⤵
  PID:10188
- C:\Windows\System\CdFDavd.exe
  C:\Windows\System\CdFDavd.exe
  2⤵
  PID:2640
- C:\Windows\System\bvRkcwy.exe
  C:\Windows\System\bvRkcwy.exe
  2⤵
  PID:10236
- C:\Windows\System\VTisFCo.exe
  C:\Windows\System\VTisFCo.exe
  2⤵
  PID:9292
- C:\Windows\System\CqnMklv.exe
  C:\Windows\System\CqnMklv.exe
  2⤵
  PID:9480
- C:\Windows\System\eYNmDZh.exe
  C:\Windows\System\eYNmDZh.exe
  2⤵
  PID:9368
- C:\Windows\System\wTZnmqm.exe
  C:\Windows\System\wTZnmqm.exe
  2⤵
  PID:9572
- C:\Windows\System\yPdTvff.exe
  C:\Windows\System\yPdTvff.exe
  2⤵
  PID:9404
- C:\Windows\System\EcSFXQY.exe
  C:\Windows\System\EcSFXQY.exe
  2⤵
  PID:9516
- C:\Windows\System\laRXoVU.exe
  C:\Windows\System\laRXoVU.exe
  2⤵
  PID:9596
- C:\Windows\System\FFALlgS.exe
  C:\Windows\System\FFALlgS.exe
  2⤵
  PID:9520
- C:\Windows\System\aWqepRJ.exe
  C:\Windows\System\aWqepRJ.exe
  2⤵
  PID:9660
- C:\Windows\System\thesWRO.exe
  C:\Windows\System\thesWRO.exe
  2⤵
  PID:9936
- C:\Windows\System\wpFtbjN.exe
  C:\Windows\System\wpFtbjN.exe
  2⤵
  PID:9728
- C:\Windows\System\GdmSiLY.exe
  C:\Windows\System\GdmSiLY.exe
  2⤵
  PID:9752
- C:\Windows\System\YZlyuzl.exe
  C:\Windows\System\YZlyuzl.exe
  2⤵
  PID:9880
- C:\Windows\System\icLzJUf.exe
  C:\Windows\System\icLzJUf.exe
  2⤵
  PID:9976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AIOdwOj.exe

Filesize
6.0MB

MD5
2992bca2e4c72ba421566e18f0f64701

SHA1
8c74140c6b7769bda1b3664076478c8c0d5791ae

SHA256
aca2d6c05ef7c5863f38469a302c296b3bbbb95b29db35f501badf1aa4711ee8

SHA512
8fe8eca433e3f1a2a4acc93bec49a84b9e83fe4d6c3b763532d60efa1ad42a6dae129bd08a2a857520c393f3f5a3a4c81f00994036fa973d8fae51c76e81eb49

Download Submit
C:\Windows\system\CoJXSgN.exe

Filesize
6.0MB

MD5
9e7f56ce732dbdf6a20a27ab6e9ba1c3

SHA1
24c6c2d946f9dc652cf259f6a90ccfb0b8a2a017

SHA256
1c0a0e86dc3d4953da23fcc03482d1956cb6bf2fd54dd88126536d0ccc8cca55

SHA512
4331fa2c86d10a4ee795a40da5831eead3e9a047e445cadfe2b5f0808bd407a837f33d1ad33fa2f536570041a5b2dfdb796d9fe7d925229dada44bb0398dc029

Download Submit
C:\Windows\system\DTqwOwW.exe

Filesize
6.0MB

MD5
eae2ef5a08fa994bd838ad8309683de2

SHA1
9039d3e9397eec47db440cad8ebbabe98ee8cd7c

SHA256
c9c9de57bad37c333ecdd805437cccf59b951f877ba5523d1cc494ccaac5f82f

SHA512
453d74446396bc12d29526fcc0b5d6075fa932e6d3e08441c96dbb6cd31e5784d95d74a569cc939af8a644a308171cc1d375cc8c90c790236e34b5854e34f4bd

Download Submit
C:\Windows\system\JHRqZAC.exe

Filesize
6.0MB

MD5
3d3d6fd4863c93329bbfea64978b359e

SHA1
f615b16c1ad0ea3eae050e2953b23dc1290bb6d1

SHA256
d75bddff9a1412b915101a1fe322809157836d216b80a12af462c95378db0982

SHA512
c6c5254d01b53345c89ef117c593c8183f3af1069f9114d4a80ba5f3dd7bdd284970e8d7830de98aaf2d14079c42a636b671c76887857bc04093628bae93b551

Download Submit
C:\Windows\system\NLAQsWe.exe

Filesize
6.0MB

MD5
e32a6cc9846cd2bdec4501159998acff

SHA1
a2ce88bd88e10e68738e641dc46fe39ea2d55962

SHA256
c13ef51e6124860f5d4d9a64c07c27e7d3e8345f704a00c408cdb1a835ad006b

SHA512
acea5a26a7739422e5cc5db1ede17ef4f7066b824a90b41200aeb716dd3431299f8549a2ffd7c228028029463f6af758715c3d923d3ecc1615f13f2f4ef0b01c

Download Submit
C:\Windows\system\RmwIeTw.exe

Filesize
6.0MB

MD5
e3bd0969cdf1b8ef6ee3d20cc7731666

SHA1
544523ebe8bc19293adc22cdd19a6f9b665571c1

SHA256
9a1676135af8668d29f3f351fd718cc7be6e8445f7cf9261e7de36cf865c5a9b

SHA512
ff28c45c997712c52ec678c4af1b70a5853bf658f8b0ebaf67be65d15dd4beb4a1009077b8b3339a7fc1041fb30e65811e9360e16bfc576fca91a75ba11e1b32

Download Submit
C:\Windows\system\SoxGUTA.exe

Filesize
6.0MB

MD5
73b3420193cc6a261d857e63426df7ba

SHA1
22c5197d9694da8c0e416be9ea9af51efd777acc

SHA256
eb5335b757d5b416b92a7d91c81bcbcf05f703e3989fad96cfd4d97e2bf84e33

SHA512
405ac300df2737a3fb849afd665fc861de18c4bb3b6ba9d557bc2a687903b60c3e15e5d623e70f7ce739766d0b3a16125081144b32c1f9b4812a3ffa9647702c

Download Submit
C:\Windows\system\VJKxLgn.exe

Filesize
6.0MB

MD5
f41a563a1c93e68b312b29bfb7dd2236

SHA1
40782295356427c4d2c3f6b9ffd968bc39086880

SHA256
855cb0a16345810ff5ad527768cff44dd7e3437a5aff57cf0c3db9d41856d5f2

SHA512
d8157cd874877d465cdc304cd9612631122520ad2706258d73f030b4dc51adbb35add7be5bfdd19b426d7e28be73330f54856e8f87b9ab2aa284bb0a669592f0

Download Submit
C:\Windows\system\VohCOlR.exe

Filesize
6.0MB

MD5
7b79d981be3b458ab65c03a8ad1c9130

SHA1
d094d163a938fa2288c48e967babc2db6bf2ef62

SHA256
b9808f0ab18ffcf8ac93d9949341be129e8913a140dc5df9a35d80b56f8e2059

SHA512
e26c22dc4223a395d527423a02afe103265697f258380900a5806732cad155ec62202c1531188b0167d2d5daf322c5ecc13e2a40358e446b44f0e4ae77ace272

Download Submit
C:\Windows\system\WADRhwV.exe

Filesize
6.0MB

MD5
3348a7c50ce31cafd2fadff572ed4d3e

SHA1
c445d89f45d9120bc607ce59156a4a1da8283e61

SHA256
72e1d4f27b2b4aff04177e39bba362266b00d5f6fe5daab3526d1797d31b32a7

SHA512
d3cd75642c6520bb689e4a703386063f3b6efcb2d805ade5ef872f2e8f8e1d94d69e9e510377d00c94280526573b2780f6b7d38d04ffbf97dab2be71308a5491

Download Submit
C:\Windows\system\WQYfqzb.exe

Filesize
6.0MB

MD5
92d53c7fdfa7ca4261e25e661864c06d

SHA1
a5fdfbe6cf492f55bc1e7fea21cc41cfe5bea13f

SHA256
0a418c30ebc9a7c09b94f17d5f8f9279261fb52a3ee9986905b5ba898e7b269f

SHA512
a258256f46fe31c5276b0398c1e377ed5601e759875cc7d0e636ffbea474b87e37dd90ceb19233c565c55df4a6bd583c152661c58ca4f98036610a68655e549c

Download Submit
C:\Windows\system\XQffNnl.exe

Filesize
6.0MB

MD5
8783b6835a5eeedf75c09853ce75e63b

SHA1
fcdc780005d3407b20fec0cc23205be7d12a9167

SHA256
ea5163611fbf48d3e7d1dee6d87fa307a0562327aa1c47cfe970013bfb5699ef

SHA512
d37f51681ef3b4c61284d2881a0762cf1ee2081e74ae32eeaa065a76b4ad4376c78f6a0dcf076d9b72f5add4c08e70190982fac5ffe69c1fa9817ecfe8bf51dc

Download Submit
C:\Windows\system\YFfyFlL.exe

Filesize
6.0MB

MD5
dc5f7f60f1ed0428f1230bd4bfba05a0

SHA1
73b60550daeb2f0dbd72a3f88850ad03cbdd78f5

SHA256
27e03649dab1e7dbae2926e577703b02ffd239f36b48fa3f46db802ce29702b8

SHA512
8d5d6460bff81bb39190cd4bacb862d600e5ee609ce0da2ed52282f6bda52390f1f0011ecb5e028c6004c49f5b1e87207540737dfc1f57bc5c9cab70a1aed4b7

Download Submit
C:\Windows\system\aqYtbGK.exe

Filesize
6.0MB

MD5
a5f7e2e3f1f1d142f79c65bc740646c4

SHA1
0bad384b0401ba386ceef63f87c65e260cffba21

SHA256
9d4bf323d6666a16f4b12f8709bd55683a97f1b2b80601ed04266da0e53f3d99

SHA512
a5a5f2a94fe669e6f3383b7d137b0d94a361ab3c03311519bba6d8394db5b4d90e1a81394f56f3d34402a66765a718ad4d6ba3708c8fd7c7a5a79d3208cf2afb

Download Submit
C:\Windows\system\bReUPlB.exe

Filesize
6.0MB

MD5
256f15048f60ebb2999d3db136676799

SHA1
0670533a6732dc2cb9fa15b7fc80b26a7672be6d

SHA256
adf19d6a6fe077959d8e61c2cce1288f005c0707d3c9707312ea643ef10c8c22

SHA512
1fa537bb6e722ae2a7d40e018ed0e73ab500c538b17701c9b8b165ca6c75e2e5b9cde8d826be8e1c568cb70ee20a94468d5bc135bcebe29eeaa4d6031ea7c716

Download Submit
C:\Windows\system\mgkWhIU.exe

Filesize
6.0MB

MD5
690b8da563ac08f677138e583fd23577

SHA1
1cbdcdcbadac4f149f05a447c8426daf19dfd03d

SHA256
9a21854db98312a811c333ca01a52031161096e59ab707aeefd48baf97887089

SHA512
7436c8cf9d3bcef325703f884ea97289da6617eeb301399bd1b39825d2447f62a8fbe6a897146fc09ad0c52f368299f9270a96baf99bc405142799359ce8118f

Download Submit
C:\Windows\system\vGPFJbY.exe

Filesize
6.0MB

MD5
21b2f6551d79fdcc615481747544851f

SHA1
33e777d25760d1a51f42ac7425c60dbbc14f06e3

SHA256
98a02e787859e1804e5c4b1505fe6c6a95b02014117b6d6dcce44959391d7745

SHA512
268c86d6cd1fec6dba8298cbc9db0ee72315746ace8914a3c3aa2dd77fa2a38edf694f0b0d144d271d8e0fc705e56177effffaca4805bbfb20ae694aebe180c5

Download Submit
C:\Windows\system\wJxPAYq.exe

Filesize
6.0MB

MD5
0aa7953cc2f8a46cb511ec8067db15c7

SHA1
5d8360d6f3e8e23f32a6df3367a21afd8173ba03

SHA256
929c6d0d642ed7cc9a88434e80505762e7539ad2b59001cbd789be2678c94891

SHA512
588fc1e7a548f0cf9afb4e607cb18f53c482ed8cb513d18df2ae08179cec4e64e17966783a17fcb0a507159c5224203f9517894258b29455fdd071dd82b065b9

Download Submit
\Windows\system\BfiThRN.exe

Filesize
6.0MB

MD5
4051a0acbb3fd565df6eccba4f7b7633

SHA1
f1f9bf825aeb5082d36819a67817e7ed4eb36cb4

SHA256
e432087b9f8c541d8283cc2b9fe2d2c4401f4274350c8a1932bc0b1ed945780a

SHA512
78e8f375ad2e8b801faf22cd3e7e7169331c24c65c671a8cd6f24309054133c763664736e31a9d90f74a73fa7e134dd1b734639b33c8ea277ec8d662adb7cf46

Download Submit
\Windows\system\BikExVN.exe

Filesize
6.0MB

MD5
3ccda4b1d28efdd06dbfbcb73329dddb

SHA1
3e9cabf2f8c8413f43ad0a6e1a4b9a0fd147e9ad

SHA256
9e17564df4cc6d8011b787e83c5a75c7cd00f662a1e98321867bb9dc840c6260

SHA512
fd6f05d1b72d9fad71ef2ab08f78343ed38f98347a5f36a8ff45b9197863fa0dc8a03e32b4cc0b3e56be210bfcd193e9b75d43df9e46d47162b5f33bbf89922e

Download Submit
\Windows\system\CZBtWEb.exe

Filesize
6.0MB

MD5
e265ec978d1741a54e18748ba9725b47

SHA1
d0d38b51b18d482e11dcc88ffe05e1eb9c4b881a

SHA256
ab7b60c9d95467fe2e4c2eb52f4b2f5fc2b9f35520b623930bafe4d81304a1fa

SHA512
3c21e4ece719689a79766ea095dd641a8b49645be996fe8ea399fd248685edea79bcb8a7dae5bc0fec61e347926f21e777fadb09cd5872f956528a0981264a97

Download Submit
\Windows\system\DmSnhhx.exe

Filesize
6.0MB

MD5
62994399abc50f59c71d504b134a4bda

SHA1
fac3c810fb7b8855888819bea1ec1110256c36a9

SHA256
9287f2945b1898d346ac9721b38a5619aac103270bbcaf52d9778eb2f388ecb3

SHA512
342cf41c13d3963a59fe0228aef208e8b38a433bfe54a9a3b68d9a1c61653a8c1479a45c81ac7ea1d454a4572e6da78e3ec7e890e8dff8ef13bbf370d8a265c9

Download Submit
\Windows\system\GGtiwKQ.exe

Filesize
6.0MB

MD5
95f2fd132121855ae6da85259b86335a

SHA1
90307c492c5fd30f9ba1e6ff4b3e440552191b32

SHA256
20069bdb122613a3f020ba02315027f3a542eac610dd6f5bd4daca286cd9b8d5

SHA512
bc575a46624193447f249bffc22dd26bdb22a0a02ff7e11ef81a3f36e09318f2bb18f24b64c7b0cdde753af4912d806381ecfd89d8865d7d04024013f9883eb2

Download Submit
\Windows\system\KzHLAwF.exe

Filesize
6.0MB

MD5
0e5690e672ee28276a3fca0e781274c6

SHA1
0fa67f8e9cf29d67a9512d3c0c1308efbb682764

SHA256
62d755f9285eac53b29dc0c883a2c19af5d23f2c89abe6d379ff5411ec7582af

SHA512
58199f92da6c3beb82d2cfc4432efdd4f63d85a44eb3d6ffd8a6d19ba25eed8f9373b04f3792e9fde611085880dd095921e082cdb7dee45699c5e3020089176b

Download Submit
\Windows\system\QGdfKtH.exe

Filesize
6.0MB

MD5
9990b88c49af8474b4891a9e4df53c8c

SHA1
178270d7c908975f2d6ab9919fa6694d333ef1df

SHA256
a61649d5d507b2b5b31b1f362c83234dd4ab87e1e02372cf9d0e5106b7a320be

SHA512
d4f40866ab7549ecb56f9fce388f14b57a9a5ea0f0d35d73bd5ff60a2d8a4b8fcdd186f6ac3b4a913c2b5b47d25bd957fec24eada5edb83c357f9b0e098e4e52

Download Submit
\Windows\system\azqlfom.exe

Filesize
6.0MB

MD5
735cbeb7c040dc83d9e88267b32af2f0

SHA1
dc9827e56a53d4289b463093aee2613e3012ed2e

SHA256
46f41035e7543c18479010a9a8b542f7f8fded413de4005d862a461552c4a989

SHA512
f88d0c75c8139fa1de555c504b0f61c7be90d50674aa164c985fb4af3061230285a235e154f78dcde0b17e2922b5176f3c7c821e4daa392c14348c2eef4d6046

Download Submit
\Windows\system\eahnRTW.exe

Filesize
6.0MB

MD5
b8ee26889e336280c01fcea9c16c9d69

SHA1
d84c619fdcb1390f6dc7c1f898d8038b9974f12a

SHA256
1d8e4899a0baf50758c2825a33a950622f36c41b093ebaa56ef85995fe698dd0

SHA512
0d11116e8a01bd319836fb99fe196637bed4d96ae297a25d07ebdddb69e0e0819b8e4020d934a941504e1dd72903321226b4c96ddfbbebd9ee059e5364c2a3cd

Download Submit
\Windows\system\fmaXHBX.exe

Filesize
6.0MB

MD5
bee63d76517540c4beca33c21ab5640d

SHA1
4ce9eabe25f740b18baf36f9073eb21addbb133e

SHA256
dcd95fa70477e5f851b74d25f9f11b8c959cfdde29db8d0f87162debdc3c8abf

SHA512
9d31cc343be5bfe264161b3ae65a85163f74fda35838f86d87d85ecf28374bde2ebc1029495a8dcdbc233774548177745d7fa00a133c5f7c58bd9e1f4d8728b0

Download Submit
\Windows\system\glmtrQY.exe

Filesize
6.0MB

MD5
fb915cd0060a53622d6e0f19178f89cd

SHA1
f82f172a381b507f9e65e55d22dadb0b8b7a99f5

SHA256
ef8c71a5df66e62fc61d356ff7860180ad8fe8e24d131b72a135897c25772736

SHA512
cf071799b670ac939790371373c60e4e1900582eac3be96ebd14fffe92e153b1b5ef0b1f00f30b4cc9de1720c4069a2548079ce3fd0f204ca324672f03e4916f

Download Submit
\Windows\system\lpbWpvg.exe

Filesize
6.0MB

MD5
ff53a27d132d685a394de4e9a6ef9a4d

SHA1
4b0cd77f06990be3e3b06a1a1dbb9f6976aeffd0

SHA256
40ea0308f876880704ca297213676584f7f622341a7adea3fb903d2cfb1db5a3

SHA512
d5b6e19fb53f5fe559703bd7ac290a23195e33e0a5215b5c1ca3401f0cf541507f6c638ef86f3e0cb2a3591233be3f45dd83923300d982b3c499884460833ce0

Download Submit
\Windows\system\mZpyWHn.exe

Filesize
6.0MB

MD5
f1bbf0e52ccff0264235727db2289152

SHA1
4a55200097b13030a3964eead4b3be7323c909c0

SHA256
91dbbe07169ed5fc9ae0eeadfdc547f9712670b46b080d202b83e2c2bbd247c4

SHA512
b24b4eb1933bf04c3ff9b32ec6b2b064bbc222dca1e566bccca987829bc6fd659e6478778a8fb488eb5eebdbd7c02bdb94c7bf4151aef73ef1183066a5062c58

Download Submit
\Windows\system\ntIsbXS.exe

Filesize
6.0MB

MD5
48ea0179196301614b59cfd0fe39635c

SHA1
6ccda85c2ffbbe0f53571e843f025f895142b5a4

SHA256
94d0774b87d3b45d7cf95a37690999b988b14a9dbb025921fb5519eae1138056

SHA512
cd3de5c2688aa73226c5bff40858bfea9cbbc7e20f3a7e69cd94d70dc66b307fab02bc6a84c38f8dd699580d78bd5fb289a8b1457bf42303ce6ae5e844f4f8e6

Download Submit
\Windows\system\ovvSqyr.exe

Filesize
6.0MB

MD5
099a8f4026ab8f976cf9a40ae50ea18a

SHA1
abf60c9a49635dc74b8b7d58d7adeb5dce69dfab

SHA256
920d8e77ebe8059ce223d17704185c6f62cec0b86e117fbb00feef97196465e0

SHA512
410802b72e358c0971c2fdc131fce58d73c399434986b75a327723d2a94c19cbd7843b4b8743a1b01f4aedc5df4668ce4b48bf3b64af38abc7bf40940dc225f0

Download Submit
\Windows\system\ryzqLrj.exe

Filesize
6.0MB

MD5
470b3696602b67989de751a726abfe33

SHA1
5c4632101bcef840fee5ed6e8cef213d547bddac

SHA256
53c9de35637c48aaa826c1ff9097dc1e7c484425b4de994925b984de26c0da75

SHA512
033ce1e4c66479c20b9fe3a850348e2597e4949f24375f8a41af0ad2be53cda75123ce532f55dae4125e261d18fb9dda1712f0e6027ba9541eae16697964bdf6

Download Submit
\Windows\system\suxPaWq.exe

Filesize
6.0MB

MD5
13dbc3c2d09afe7a49257f95864dfc33

SHA1
d4d9fa2083ae90a4179df2a22105270c1493f80c

SHA256
33bd6918294352b536eec88f65dffe493ad1e479681cbd6cbd99e61fee12e973

SHA512
2945af120b3b20b04df0d4cffba8c6dabe85e1c94b735c64e3d86ac1617007826322f1f1bcae4ed414f1f64665e8f50136e77267b174dfc6fc85eb131583aed3

Download Submit
\Windows\system\uUMTshf.exe

Filesize
6.0MB

MD5
84e18a18ee03bcf6d9bb7f9933a6a632

SHA1
fed721881380f623797bcf02f15728b08798c00f

SHA256
dab177435d3dd12b97e46b6894bc8a1f6edcb0c0cab6c1a1eb4f1e54d5c5af4d

SHA512
e228fd88751d7fc6b401045dfdf82ce71fd1e930fbcd42e1c5a45ea472f070c00ef1202d8e402fbb387616067253e328c8ba141709070a232dc7fb9d9d540a6d

Download Submit
\Windows\system\vRNMKLV.exe

Filesize
6.0MB

MD5
8081a0cd87daaedcb8693138a80341e5

SHA1
e15420a78419e8822278db172b0ac7539825a65f

SHA256
db6a5045197a2eca3866146e74970a20ca96c52178653d968a5c0d61312973af

SHA512
8e7e24d74afa5dcc77639ab1068f622f37cf2f6ca61f8b5d2c1fbaeb75413f1d50bd26a57b07ece191753264c07c96638f87fa73f5dbc0ccc579567d6cc3921a

Download Submit
memory/1832-1112-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-129-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1832-119-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1832-136-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1832-148-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-155-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-101-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/1832-98-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1832-987-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1832-0-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1832-71-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1832-144-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-56-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1832-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1832-19-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-133-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/1832-34-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-8-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-28-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-1336-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1832-1236-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-35-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1860-3952-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2404-69-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1113-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2404-3954-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2492-95-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2492-3950-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3949-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2524-49-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2732-75-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3951-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3956-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2780-115-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2816-149-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3948-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/3012-85-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3953-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-3955-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-12-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-1233-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3947-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-33-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download