cobaltstrike | 114de0395e0df8eebd191b0a850e5cd414f0af15a31c96dd0b86c3a9da2f8036

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

99c7248e3bdf51e37e37c78eb0682052
SHA1

3fd03500fa219aba0ce01ce4d299a8b2023254b6
SHA256

114de0395e0df8eebd191b0a850e5cd414f0af15a31c96dd0b86c3a9da2f8036
SHA512

e7ccaaede23d5056647b804f9c3e3c4ef20267b39c77596d2304a6c56d520dda603a4c9f56494fd87ef76cb3d6a967aa120bd9e9cef7beebe3b4248d483d7245
SSDEEP

98304:IapSdlWdfE0pZPD56utgpPFotBER/mQ32lUh:32Y56utgpPF8u/7h

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3e-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dbe-21.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d46-19.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018687-39.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-156.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cfc-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-110.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-68.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dd1-67.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-62.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-53.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ea4-36.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-80.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-79.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-52.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dd7-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2528-0-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225c-3.dat	xmrig
behavioral1/memory/680-11-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/1352-14-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d3e-12.dat	xmrig
behavioral1/files/0x0007000000016dbe-21.dat	xmrig
behavioral1/files/0x0008000000016d46-19.dat	xmrig
behavioral1/files/0x0006000000018687-39.dat	xmrig
behavioral1/files/0x0005000000018792-45.dat	xmrig
behavioral1/files/0x0005000000019266-141.dat	xmrig
behavioral1/files/0x0005000000019356-165.dat	xmrig
behavioral1/memory/2728-1011-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2900-27-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2888-1127-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2252-1126-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/1692-891-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/1860-890-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2640-887-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2720-768-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2900-636-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/1352-537-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2528-462-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/680-334-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019426-186.dat	xmrig
behavioral1/files/0x00050000000193a5-178.dat	xmrig
behavioral1/files/0x000500000001936b-171.dat	xmrig
behavioral1/files/0x0005000000019423-184.dat	xmrig
behavioral1/files/0x0005000000019397-175.dat	xmrig
behavioral1/files/0x0005000000019353-162.dat	xmrig
behavioral1/files/0x000500000001928c-156.dat	xmrig
behavioral1/files/0x0009000000016cfc-151.dat	xmrig
behavioral1/files/0x0005000000019259-131.dat	xmrig
behavioral1/files/0x0005000000019284-147.dat	xmrig
behavioral1/files/0x0005000000019263-136.dat	xmrig
behavioral1/files/0x0005000000019256-126.dat	xmrig
behavioral1/files/0x0005000000019244-122.dat	xmrig
behavioral1/memory/2888-106-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2252-105-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191ff-100.dat	xmrig
behavioral1/files/0x000500000001922c-110.dat	xmrig
behavioral1/files/0x00060000000190e0-74.dat	xmrig
behavioral1/memory/2892-69-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018f53-68.dat	xmrig
behavioral1/files/0x0007000000016dd1-67.dat	xmrig
behavioral1/memory/2720-66-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x000600000001903b-62.dat	xmrig
behavioral1/memory/2824-55-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c26-53.dat	xmrig
behavioral1/files/0x0008000000016ea4-36.dat	xmrig
behavioral1/memory/2528-90-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2728-89-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/1692-85-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/1860-84-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2640-82-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d4-80.dat	xmrig
behavioral1/files/0x00060000000190ce-79.dat	xmrig
behavioral1/files/0x0006000000018c1a-52.dat	xmrig
behavioral1/memory/2284-43-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x0009000000016dd7-40.dat	xmrig
behavioral1/memory/2528-31-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/680-4153-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/1352-4154-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/1692-4156-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2640-4155-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
680	oYtCRJl.exe
1352	aMFjzmT.exe
2900	TljUSul.exe
2284	SMEYGRq.exe
2824	eZEboMx.exe
2720	mGMnZys.exe
2892	wGVwCzg.exe
2728	kTonutz.exe
2640	NpaAKPS.exe
1860	SeStMyz.exe
1692	PvQqijI.exe
2252	jODaEnd.exe
2888	etdYFaq.exe
2096	vqDFDGs.exe
2588	UuGihHU.exe
2228	FNVQDVo.exe
1704	NOgZOWH.exe
2932	WeMaGVB.exe
1708	SDVNfZL.exe
2832	kILoIVn.exe
1780	rZyxtTR.exe
1016	GYcJyeM.exe
1836	AkptnpO.exe
2960	oErCZxR.exe
2944	Cezysdd.exe
2236	JzqGzCt.exe
1432	kvioNkn.exe
2568	MTfFuCY.exe
1532	EczbUbV.exe
1732	edtgGsA.exe
1604	LVPLHBu.exe
752	uhzsRPE.exe
1560	PTnIYPW.exe
984	soUZFCR.exe
1448	VNqSftR.exe
1460	QypZdlf.exe
3028	gVDjYxh.exe
1684	nFuvliu.exe
1756	KZBHhvT.exe
2120	OyhReYE.exe
2840	lHvwcFq.exe
1284	gFeXKOw.exe
2464	CjHBgNo.exe
2264	UMTUpUx.exe
888	lnOWZgQ.exe
304	jAixFdk.exe
2432	HxXvExE.exe
2428	uJHbLxx.exe
1516	mbAtodB.exe
1512	CevmKJQ.exe
2520	JvAGdwh.exe
2256	jnVvDxL.exe
2748	IzDCzye.exe
2324	puJMBhx.exe
3016	ZaAzNVu.exe
2760	SYZGEGJ.exe
3008	eHRzoOT.exe
2616	ygmXYTx.exe
2852	jjdoxPo.exe
1388	RfUXRil.exe
1592	gxdsNYJ.exe
1648	AbabOiq.exe
1920	iyFWPEI.exe
1380	oTxUzyg.exe

Loads dropped DLL 64 IoCs

pid	Process
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2528-0-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x000a00000001225c-3.dat	upx
behavioral1/memory/680-11-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/1352-14-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0008000000016d3e-12.dat	upx
behavioral1/files/0x0007000000016dbe-21.dat	upx
behavioral1/files/0x0008000000016d46-19.dat	upx
behavioral1/files/0x0006000000018687-39.dat	upx
behavioral1/files/0x0005000000018792-45.dat	upx
behavioral1/files/0x0005000000019266-141.dat	upx
behavioral1/files/0x0005000000019356-165.dat	upx
behavioral1/memory/2728-1011-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2900-27-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2888-1127-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2252-1126-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/1692-891-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/1860-890-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2640-887-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2720-768-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2900-636-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/1352-537-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2528-462-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/680-334-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x0005000000019426-186.dat	upx
behavioral1/files/0x00050000000193a5-178.dat	upx
behavioral1/files/0x000500000001936b-171.dat	upx
behavioral1/files/0x0005000000019423-184.dat	upx
behavioral1/files/0x0005000000019397-175.dat	upx
behavioral1/files/0x0005000000019353-162.dat	upx
behavioral1/files/0x000500000001928c-156.dat	upx
behavioral1/files/0x0009000000016cfc-151.dat	upx
behavioral1/files/0x0005000000019259-131.dat	upx
behavioral1/files/0x0005000000019284-147.dat	upx
behavioral1/files/0x0005000000019263-136.dat	upx
behavioral1/files/0x0005000000019256-126.dat	upx
behavioral1/files/0x0005000000019244-122.dat	upx
behavioral1/memory/2888-106-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2252-105-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x00050000000191ff-100.dat	upx
behavioral1/files/0x000500000001922c-110.dat	upx
behavioral1/files/0x00060000000190e0-74.dat	upx
behavioral1/memory/2892-69-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x0006000000018f53-68.dat	upx
behavioral1/files/0x0007000000016dd1-67.dat	upx
behavioral1/memory/2720-66-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x000600000001903b-62.dat	upx
behavioral1/memory/2824-55-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0006000000018c26-53.dat	upx
behavioral1/files/0x0008000000016ea4-36.dat	upx
behavioral1/memory/2728-89-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/1692-85-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/1860-84-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2640-82-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x00050000000191d4-80.dat	upx
behavioral1/files/0x00060000000190ce-79.dat	upx
behavioral1/files/0x0006000000018c1a-52.dat	upx
behavioral1/memory/2284-43-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x0009000000016dd7-40.dat	upx
behavioral1/memory/680-4153-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/1352-4154-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/1692-4156-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2640-4155-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/1860-4163-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2284-4162-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mGMnZys.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puJMBhx.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\baSUvEX.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwwjgUh.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMVvwaU.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kclmUIM.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ajkggig.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRXEfXR.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JvAGdwh.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoleNBY.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNnLlNv.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozYwguL.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lifrOjG.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDqKREP.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzNHHrZ.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBwsjbi.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFqjupB.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wggekuG.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wVyJTQQ.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvPbupP.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oojIidI.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eqmuAcP.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvFXIdd.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnktRLN.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AiTGvVB.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDYxUwu.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\llrCeYK.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkqtGbs.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRBfRNh.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CevmKJQ.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axQbLMZ.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASZOUET.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnTQiKI.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWPDUoP.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NJqlPhx.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsdwDaY.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKRatAU.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLphEWF.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUVgWgg.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYVWSxz.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soUZFCR.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TiMZTXR.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTBffgc.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzqGzCt.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyhReYE.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnzyUxe.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEcPkpO.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLQTzLP.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDsXfTK.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebHLsxr.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pKcPtRB.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZTbyWi.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JADzXqn.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxHMqWL.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDODBTD.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdIYsnh.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxZlABC.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIoMkPA.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTovLKe.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erKtLow.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUFgkJl.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBiXeoe.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbWNdYm.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFkUBFj.exe	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 680	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 680	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 680	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 1352	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 1352	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 1352	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 2900	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2900	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2900	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2284	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2284	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2284	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2728	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2728	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2728	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2824	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2824	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2824	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2252	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2252	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2252	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2720	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2720	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2720	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2888	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2888	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2888	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2892	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 2892	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 2892	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 2096	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 2096	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 2096	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 2640	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 2640	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 2640	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 2588	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 2588	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 2588	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 1860	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 1860	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 1860	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 2228	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 2228	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 2228	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 1692	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 1692	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 1692	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 2932	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 2932	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 2932	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 1704	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 1704	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 1704	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 1708	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 1708	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 1708	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 2832	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 2832	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 2832	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 1780	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2528 wrote to memory of 1780	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2528 wrote to memory of 1780	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2528 wrote to memory of 1016	2528	2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-26_99c7248e3bdf51e37e37c78eb0682052_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\System\oYtCRJl.exe
  C:\Windows\System\oYtCRJl.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\aMFjzmT.exe
  C:\Windows\System\aMFjzmT.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\TljUSul.exe
  C:\Windows\System\TljUSul.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\SMEYGRq.exe
  C:\Windows\System\SMEYGRq.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\kTonutz.exe
  C:\Windows\System\kTonutz.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\eZEboMx.exe
  C:\Windows\System\eZEboMx.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\jODaEnd.exe
  C:\Windows\System\jODaEnd.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\mGMnZys.exe
  C:\Windows\System\mGMnZys.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\etdYFaq.exe
  C:\Windows\System\etdYFaq.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\wGVwCzg.exe
  C:\Windows\System\wGVwCzg.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\vqDFDGs.exe
  C:\Windows\System\vqDFDGs.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\NpaAKPS.exe
  C:\Windows\System\NpaAKPS.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\UuGihHU.exe
  C:\Windows\System\UuGihHU.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\SeStMyz.exe
  C:\Windows\System\SeStMyz.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\FNVQDVo.exe
  C:\Windows\System\FNVQDVo.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\PvQqijI.exe
  C:\Windows\System\PvQqijI.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\WeMaGVB.exe
  C:\Windows\System\WeMaGVB.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\NOgZOWH.exe
  C:\Windows\System\NOgZOWH.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\SDVNfZL.exe
  C:\Windows\System\SDVNfZL.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\kILoIVn.exe
  C:\Windows\System\kILoIVn.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\rZyxtTR.exe
  C:\Windows\System\rZyxtTR.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\GYcJyeM.exe
  C:\Windows\System\GYcJyeM.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\AkptnpO.exe
  C:\Windows\System\AkptnpO.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\oErCZxR.exe
  C:\Windows\System\oErCZxR.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\Cezysdd.exe
  C:\Windows\System\Cezysdd.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\JzqGzCt.exe
  C:\Windows\System\JzqGzCt.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\kvioNkn.exe
  C:\Windows\System\kvioNkn.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\MTfFuCY.exe
  C:\Windows\System\MTfFuCY.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\EczbUbV.exe
  C:\Windows\System\EczbUbV.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\edtgGsA.exe
  C:\Windows\System\edtgGsA.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\PTnIYPW.exe
  C:\Windows\System\PTnIYPW.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\LVPLHBu.exe
  C:\Windows\System\LVPLHBu.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\soUZFCR.exe
  C:\Windows\System\soUZFCR.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\uhzsRPE.exe
  C:\Windows\System\uhzsRPE.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\VNqSftR.exe
  C:\Windows\System\VNqSftR.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\QypZdlf.exe
  C:\Windows\System\QypZdlf.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\nFuvliu.exe
  C:\Windows\System\nFuvliu.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\gVDjYxh.exe
  C:\Windows\System\gVDjYxh.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\OyhReYE.exe
  C:\Windows\System\OyhReYE.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\KZBHhvT.exe
  C:\Windows\System\KZBHhvT.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\lHvwcFq.exe
  C:\Windows\System\lHvwcFq.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\gFeXKOw.exe
  C:\Windows\System\gFeXKOw.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\UMTUpUx.exe
  C:\Windows\System\UMTUpUx.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\CjHBgNo.exe
  C:\Windows\System\CjHBgNo.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\jAixFdk.exe
  C:\Windows\System\jAixFdk.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\lnOWZgQ.exe
  C:\Windows\System\lnOWZgQ.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\uJHbLxx.exe
  C:\Windows\System\uJHbLxx.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\HxXvExE.exe
  C:\Windows\System\HxXvExE.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\CevmKJQ.exe
  C:\Windows\System\CevmKJQ.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\mbAtodB.exe
  C:\Windows\System\mbAtodB.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\JvAGdwh.exe
  C:\Windows\System\JvAGdwh.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\jnVvDxL.exe
  C:\Windows\System\jnVvDxL.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\ZaAzNVu.exe
  C:\Windows\System\ZaAzNVu.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\IzDCzye.exe
  C:\Windows\System\IzDCzye.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\SYZGEGJ.exe
  C:\Windows\System\SYZGEGJ.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\puJMBhx.exe
  C:\Windows\System\puJMBhx.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\eHRzoOT.exe
  C:\Windows\System\eHRzoOT.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\ygmXYTx.exe
  C:\Windows\System\ygmXYTx.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\jjdoxPo.exe
  C:\Windows\System\jjdoxPo.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\RfUXRil.exe
  C:\Windows\System\RfUXRil.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\gxdsNYJ.exe
  C:\Windows\System\gxdsNYJ.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\AbabOiq.exe
  C:\Windows\System\AbabOiq.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\oTxUzyg.exe
  C:\Windows\System\oTxUzyg.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\iyFWPEI.exe
  C:\Windows\System\iyFWPEI.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\dBsvmrD.exe
  C:\Windows\System\dBsvmrD.exe
  2⤵
  PID:1672
- C:\Windows\System\faqzJdX.exe
  C:\Windows\System\faqzJdX.exe
  2⤵
  PID:2160
- C:\Windows\System\FMTaSSL.exe
  C:\Windows\System\FMTaSSL.exe
  2⤵
  PID:1224
- C:\Windows\System\jmTuhoR.exe
  C:\Windows\System\jmTuhoR.exe
  2⤵
  PID:1940
- C:\Windows\System\TdIYsnh.exe
  C:\Windows\System\TdIYsnh.exe
  2⤵
  PID:824
- C:\Windows\System\ziInuBq.exe
  C:\Windows\System\ziInuBq.exe
  2⤵
  PID:2456
- C:\Windows\System\GmVeUUS.exe
  C:\Windows\System\GmVeUUS.exe
  2⤵
  PID:2064
- C:\Windows\System\KRQmpUK.exe
  C:\Windows\System\KRQmpUK.exe
  2⤵
  PID:1012
- C:\Windows\System\zPaJGwo.exe
  C:\Windows\System\zPaJGwo.exe
  2⤵
  PID:700
- C:\Windows\System\WxZlABC.exe
  C:\Windows\System\WxZlABC.exe
  2⤵
  PID:2352
- C:\Windows\System\egMkZYq.exe
  C:\Windows\System\egMkZYq.exe
  2⤵
  PID:876
- C:\Windows\System\ncAVieG.exe
  C:\Windows\System\ncAVieG.exe
  2⤵
  PID:2140
- C:\Windows\System\rqKKUWl.exe
  C:\Windows\System\rqKKUWl.exe
  2⤵
  PID:1484
- C:\Windows\System\GaGgpqX.exe
  C:\Windows\System\GaGgpqX.exe
  2⤵
  PID:2260
- C:\Windows\System\GcnDBfb.exe
  C:\Windows\System\GcnDBfb.exe
  2⤵
  PID:1932
- C:\Windows\System\KYrQxpX.exe
  C:\Windows\System\KYrQxpX.exe
  2⤵
  PID:2612
- C:\Windows\System\FNpICfV.exe
  C:\Windows\System\FNpICfV.exe
  2⤵
  PID:1996
- C:\Windows\System\VdXYKMq.exe
  C:\Windows\System\VdXYKMq.exe
  2⤵
  PID:2012
- C:\Windows\System\woRoMma.exe
  C:\Windows\System\woRoMma.exe
  2⤵
  PID:2740
- C:\Windows\System\lWFEnny.exe
  C:\Windows\System\lWFEnny.exe
  2⤵
  PID:584
- C:\Windows\System\EPjzpOE.exe
  C:\Windows\System\EPjzpOE.exe
  2⤵
  PID:1944
- C:\Windows\System\RaptDoS.exe
  C:\Windows\System\RaptDoS.exe
  2⤵
  PID:1248
- C:\Windows\System\GfubDbS.exe
  C:\Windows\System\GfubDbS.exe
  2⤵
  PID:316
- C:\Windows\System\SsEMbuF.exe
  C:\Windows\System\SsEMbuF.exe
  2⤵
  PID:1036
- C:\Windows\System\eDaOctZ.exe
  C:\Windows\System\eDaOctZ.exe
  2⤵
  PID:1080
- C:\Windows\System\uUqcdpS.exe
  C:\Windows\System\uUqcdpS.exe
  2⤵
  PID:2976
- C:\Windows\System\fndTPbc.exe
  C:\Windows\System\fndTPbc.exe
  2⤵
  PID:540
- C:\Windows\System\QlDJOHr.exe
  C:\Windows\System\QlDJOHr.exe
  2⤵
  PID:564
- C:\Windows\System\bpxSeeQ.exe
  C:\Windows\System\bpxSeeQ.exe
  2⤵
  PID:3088
- C:\Windows\System\hVDIKTD.exe
  C:\Windows\System\hVDIKTD.exe
  2⤵
  PID:3112
- C:\Windows\System\asOQQqv.exe
  C:\Windows\System\asOQQqv.exe
  2⤵
  PID:3132
- C:\Windows\System\gizrkNy.exe
  C:\Windows\System\gizrkNy.exe
  2⤵
  PID:3148
- C:\Windows\System\LXkacbE.exe
  C:\Windows\System\LXkacbE.exe
  2⤵
  PID:3172
- C:\Windows\System\KrNwPmf.exe
  C:\Windows\System\KrNwPmf.exe
  2⤵
  PID:3192
- C:\Windows\System\ifrsjFi.exe
  C:\Windows\System\ifrsjFi.exe
  2⤵
  PID:3208
- C:\Windows\System\mrNmmkU.exe
  C:\Windows\System\mrNmmkU.exe
  2⤵
  PID:3232
- C:\Windows\System\MNlxNJI.exe
  C:\Windows\System\MNlxNJI.exe
  2⤵
  PID:3248
- C:\Windows\System\DYIWFKM.exe
  C:\Windows\System\DYIWFKM.exe
  2⤵
  PID:3264
- C:\Windows\System\VOxrnKA.exe
  C:\Windows\System\VOxrnKA.exe
  2⤵
  PID:3284
- C:\Windows\System\BYaKsJb.exe
  C:\Windows\System\BYaKsJb.exe
  2⤵
  PID:3304
- C:\Windows\System\CZGvKMv.exe
  C:\Windows\System\CZGvKMv.exe
  2⤵
  PID:3328
- C:\Windows\System\OqiKdTP.exe
  C:\Windows\System\OqiKdTP.exe
  2⤵
  PID:3344
- C:\Windows\System\ArLlpmT.exe
  C:\Windows\System\ArLlpmT.exe
  2⤵
  PID:3364
- C:\Windows\System\juTYxJs.exe
  C:\Windows\System\juTYxJs.exe
  2⤵
  PID:3392
- C:\Windows\System\qgrVkJD.exe
  C:\Windows\System\qgrVkJD.exe
  2⤵
  PID:3412
- C:\Windows\System\VoAiraz.exe
  C:\Windows\System\VoAiraz.exe
  2⤵
  PID:3428
- C:\Windows\System\MypYfDB.exe
  C:\Windows\System\MypYfDB.exe
  2⤵
  PID:3448
- C:\Windows\System\oYdkJxI.exe
  C:\Windows\System\oYdkJxI.exe
  2⤵
  PID:3468
- C:\Windows\System\zIoMkPA.exe
  C:\Windows\System\zIoMkPA.exe
  2⤵
  PID:3488
- C:\Windows\System\JSQUMMi.exe
  C:\Windows\System\JSQUMMi.exe
  2⤵
  PID:3512
- C:\Windows\System\fbshKRa.exe
  C:\Windows\System\fbshKRa.exe
  2⤵
  PID:3528
- C:\Windows\System\JcnPlbj.exe
  C:\Windows\System\JcnPlbj.exe
  2⤵
  PID:3548
- C:\Windows\System\yNYjMLF.exe
  C:\Windows\System\yNYjMLF.exe
  2⤵
  PID:3564
- C:\Windows\System\NxRVGUq.exe
  C:\Windows\System\NxRVGUq.exe
  2⤵
  PID:3584
- C:\Windows\System\vcodUel.exe
  C:\Windows\System\vcodUel.exe
  2⤵
  PID:3604
- C:\Windows\System\GqgCrxT.exe
  C:\Windows\System\GqgCrxT.exe
  2⤵
  PID:3620
- C:\Windows\System\iMOjtPL.exe
  C:\Windows\System\iMOjtPL.exe
  2⤵
  PID:3636
- C:\Windows\System\TbBWLEP.exe
  C:\Windows\System\TbBWLEP.exe
  2⤵
  PID:3660
- C:\Windows\System\WIrlotp.exe
  C:\Windows\System\WIrlotp.exe
  2⤵
  PID:3688
- C:\Windows\System\tZfjdlH.exe
  C:\Windows\System\tZfjdlH.exe
  2⤵
  PID:3708
- C:\Windows\System\NDsXfTK.exe
  C:\Windows\System\NDsXfTK.exe
  2⤵
  PID:3728
- C:\Windows\System\iHnoHyf.exe
  C:\Windows\System\iHnoHyf.exe
  2⤵
  PID:3748
- C:\Windows\System\ovgvmNm.exe
  C:\Windows\System\ovgvmNm.exe
  2⤵
  PID:3768
- C:\Windows\System\rQMcqLl.exe
  C:\Windows\System\rQMcqLl.exe
  2⤵
  PID:3796
- C:\Windows\System\WnUjUUD.exe
  C:\Windows\System\WnUjUUD.exe
  2⤵
  PID:3816
- C:\Windows\System\rctrCyI.exe
  C:\Windows\System\rctrCyI.exe
  2⤵
  PID:3832
- C:\Windows\System\EtFIuLy.exe
  C:\Windows\System\EtFIuLy.exe
  2⤵
  PID:3852
- C:\Windows\System\fVnedjP.exe
  C:\Windows\System\fVnedjP.exe
  2⤵
  PID:3872
- C:\Windows\System\dXHIGdM.exe
  C:\Windows\System\dXHIGdM.exe
  2⤵
  PID:3892
- C:\Windows\System\DTgVeOC.exe
  C:\Windows\System\DTgVeOC.exe
  2⤵
  PID:3908
- C:\Windows\System\ALFZCzG.exe
  C:\Windows\System\ALFZCzG.exe
  2⤵
  PID:3936
- C:\Windows\System\oIXqMSU.exe
  C:\Windows\System\oIXqMSU.exe
  2⤵
  PID:3952
- C:\Windows\System\zKYJoxb.exe
  C:\Windows\System\zKYJoxb.exe
  2⤵
  PID:3968
- C:\Windows\System\VzVrdpp.exe
  C:\Windows\System\VzVrdpp.exe
  2⤵
  PID:3992
- C:\Windows\System\nxPjWxM.exe
  C:\Windows\System\nxPjWxM.exe
  2⤵
  PID:4016
- C:\Windows\System\MMWpwER.exe
  C:\Windows\System\MMWpwER.exe
  2⤵
  PID:4036
- C:\Windows\System\pmhWyna.exe
  C:\Windows\System\pmhWyna.exe
  2⤵
  PID:4056
- C:\Windows\System\hMHxDSt.exe
  C:\Windows\System\hMHxDSt.exe
  2⤵
  PID:4080
- C:\Windows\System\yIGUFxZ.exe
  C:\Windows\System\yIGUFxZ.exe
  2⤵
  PID:1160
- C:\Windows\System\LYxuwgz.exe
  C:\Windows\System\LYxuwgz.exe
  2⤵
  PID:1064
- C:\Windows\System\YNiRPlD.exe
  C:\Windows\System\YNiRPlD.exe
  2⤵
  PID:1660
- C:\Windows\System\rkwjykt.exe
  C:\Windows\System\rkwjykt.exe
  2⤵
  PID:2496
- C:\Windows\System\UMifltV.exe
  C:\Windows\System\UMifltV.exe
  2⤵
  PID:2992
- C:\Windows\System\QConrAT.exe
  C:\Windows\System\QConrAT.exe
  2⤵
  PID:1916
- C:\Windows\System\LgWOVLF.exe
  C:\Windows\System\LgWOVLF.exe
  2⤵
  PID:1908
- C:\Windows\System\jmnzpeo.exe
  C:\Windows\System\jmnzpeo.exe
  2⤵
  PID:2600
- C:\Windows\System\TwfkMFJ.exe
  C:\Windows\System\TwfkMFJ.exe
  2⤵
  PID:2912
- C:\Windows\System\nnBnRru.exe
  C:\Windows\System\nnBnRru.exe
  2⤵
  PID:2968
- C:\Windows\System\JCmnGwQ.exe
  C:\Windows\System\JCmnGwQ.exe
  2⤵
  PID:1620
- C:\Windows\System\dAApypA.exe
  C:\Windows\System\dAApypA.exe
  2⤵
  PID:2952
- C:\Windows\System\YyLWMvt.exe
  C:\Windows\System\YyLWMvt.exe
  2⤵
  PID:1244
- C:\Windows\System\cUnuDTY.exe
  C:\Windows\System\cUnuDTY.exe
  2⤵
  PID:3156
- C:\Windows\System\HqKVkZT.exe
  C:\Windows\System\HqKVkZT.exe
  2⤵
  PID:3108
- C:\Windows\System\zRyHkQw.exe
  C:\Windows\System\zRyHkQw.exe
  2⤵
  PID:3160
- C:\Windows\System\EuClKQm.exe
  C:\Windows\System\EuClKQm.exe
  2⤵
  PID:3272
- C:\Windows\System\TFVDZOv.exe
  C:\Windows\System\TFVDZOv.exe
  2⤵
  PID:3220
- C:\Windows\System\pUFtOUW.exe
  C:\Windows\System\pUFtOUW.exe
  2⤵
  PID:3312
- C:\Windows\System\QNWMfzW.exe
  C:\Windows\System\QNWMfzW.exe
  2⤵
  PID:3292
- C:\Windows\System\QsrqbXT.exe
  C:\Windows\System\QsrqbXT.exe
  2⤵
  PID:3300
- C:\Windows\System\QdpiNqe.exe
  C:\Windows\System\QdpiNqe.exe
  2⤵
  PID:3340
- C:\Windows\System\OLLXRfk.exe
  C:\Windows\System\OLLXRfk.exe
  2⤵
  PID:3440
- C:\Windows\System\VUlXPOx.exe
  C:\Windows\System\VUlXPOx.exe
  2⤵
  PID:3480
- C:\Windows\System\jUfDRnY.exe
  C:\Windows\System\jUfDRnY.exe
  2⤵
  PID:3424
- C:\Windows\System\eWWCrbo.exe
  C:\Windows\System\eWWCrbo.exe
  2⤵
  PID:3496
- C:\Windows\System\qdSApvG.exe
  C:\Windows\System\qdSApvG.exe
  2⤵
  PID:3592
- C:\Windows\System\ipxuYdi.exe
  C:\Windows\System\ipxuYdi.exe
  2⤵
  PID:3628
- C:\Windows\System\WeaewMy.exe
  C:\Windows\System\WeaewMy.exe
  2⤵
  PID:3672
- C:\Windows\System\wmUVXZq.exe
  C:\Windows\System\wmUVXZq.exe
  2⤵
  PID:3536
- C:\Windows\System\ikfdnun.exe
  C:\Windows\System\ikfdnun.exe
  2⤵
  PID:3696
- C:\Windows\System\YKLkmzx.exe
  C:\Windows\System\YKLkmzx.exe
  2⤵
  PID:3724
- C:\Windows\System\SxIIekg.exe
  C:\Windows\System\SxIIekg.exe
  2⤵
  PID:3764
- C:\Windows\System\SNGIWfQ.exe
  C:\Windows\System\SNGIWfQ.exe
  2⤵
  PID:3848
- C:\Windows\System\gfuzMAI.exe
  C:\Windows\System\gfuzMAI.exe
  2⤵
  PID:3880
- C:\Windows\System\BgbTogb.exe
  C:\Windows\System\BgbTogb.exe
  2⤵
  PID:3884
- C:\Windows\System\OHntfov.exe
  C:\Windows\System\OHntfov.exe
  2⤵
  PID:3916
- C:\Windows\System\TLzFBQq.exe
  C:\Windows\System\TLzFBQq.exe
  2⤵
  PID:3860
- C:\Windows\System\uEijtWi.exe
  C:\Windows\System\uEijtWi.exe
  2⤵
  PID:3924
- C:\Windows\System\JvPDHZY.exe
  C:\Windows\System\JvPDHZY.exe
  2⤵
  PID:3948
- C:\Windows\System\ctnjigv.exe
  C:\Windows\System\ctnjigv.exe
  2⤵
  PID:3976
- C:\Windows\System\ZUmpZgi.exe
  C:\Windows\System\ZUmpZgi.exe
  2⤵
  PID:4024
- C:\Windows\System\ZzcCMrk.exe
  C:\Windows\System\ZzcCMrk.exe
  2⤵
  PID:4088
- C:\Windows\System\DUmhWPp.exe
  C:\Windows\System\DUmhWPp.exe
  2⤵
  PID:352
- C:\Windows\System\EtMKbIj.exe
  C:\Windows\System\EtMKbIj.exe
  2⤵
  PID:1524
- C:\Windows\System\thqSHmD.exe
  C:\Windows\System\thqSHmD.exe
  2⤵
  PID:1256
- C:\Windows\System\ozGaEQA.exe
  C:\Windows\System\ozGaEQA.exe
  2⤵
  PID:2788
- C:\Windows\System\QUAMGVU.exe
  C:\Windows\System\QUAMGVU.exe
  2⤵
  PID:2360
- C:\Windows\System\AbkjTnf.exe
  C:\Windows\System\AbkjTnf.exe
  2⤵
  PID:3076
- C:\Windows\System\zFSbxjK.exe
  C:\Windows\System\zFSbxjK.exe
  2⤵
  PID:3164
- C:\Windows\System\mithMHW.exe
  C:\Windows\System\mithMHW.exe
  2⤵
  PID:3240
- C:\Windows\System\DBwsjbi.exe
  C:\Windows\System\DBwsjbi.exe
  2⤵
  PID:3144
- C:\Windows\System\aGpKiJK.exe
  C:\Windows\System\aGpKiJK.exe
  2⤵
  PID:3184
- C:\Windows\System\mqLljpv.exe
  C:\Windows\System\mqLljpv.exe
  2⤵
  PID:3316
- C:\Windows\System\XncUwRQ.exe
  C:\Windows\System\XncUwRQ.exe
  2⤵
  PID:3380
- C:\Windows\System\kGZxvOU.exe
  C:\Windows\System\kGZxvOU.exe
  2⤵
  PID:3400
- C:\Windows\System\mxYCNaV.exe
  C:\Windows\System\mxYCNaV.exe
  2⤵
  PID:3556
- C:\Windows\System\vVcyHNE.exe
  C:\Windows\System\vVcyHNE.exe
  2⤵
  PID:3456
- C:\Windows\System\bGaMkJq.exe
  C:\Windows\System\bGaMkJq.exe
  2⤵
  PID:3572
- C:\Windows\System\qoDoWdw.exe
  C:\Windows\System\qoDoWdw.exe
  2⤵
  PID:3580
- C:\Windows\System\GScevir.exe
  C:\Windows\System\GScevir.exe
  2⤵
  PID:3736
- C:\Windows\System\ZAxrXpK.exe
  C:\Windows\System\ZAxrXpK.exe
  2⤵
  PID:3740
- C:\Windows\System\glqapok.exe
  C:\Windows\System\glqapok.exe
  2⤵
  PID:3808
- C:\Windows\System\oPJUDdm.exe
  C:\Windows\System\oPJUDdm.exe
  2⤵
  PID:3920
- C:\Windows\System\WBZnqyG.exe
  C:\Windows\System\WBZnqyG.exe
  2⤵
  PID:4052
- C:\Windows\System\CPdZKNw.exe
  C:\Windows\System\CPdZKNw.exe
  2⤵
  PID:3828
- C:\Windows\System\aHwzNWD.exe
  C:\Windows\System\aHwzNWD.exe
  2⤵
  PID:3988
- C:\Windows\System\WWILaII.exe
  C:\Windows\System\WWILaII.exe
  2⤵
  PID:2424
- C:\Windows\System\GwzyBMY.exe
  C:\Windows\System\GwzyBMY.exe
  2⤵
  PID:1776
- C:\Windows\System\IyHMuxj.exe
  C:\Windows\System\IyHMuxj.exe
  2⤵
  PID:2212
- C:\Windows\System\fckYMJZ.exe
  C:\Windows\System\fckYMJZ.exe
  2⤵
  PID:1436
- C:\Windows\System\anlUcWU.exe
  C:\Windows\System\anlUcWU.exe
  2⤵
  PID:3204
- C:\Windows\System\ExFvzJP.exe
  C:\Windows\System\ExFvzJP.exe
  2⤵
  PID:4104
- C:\Windows\System\kJIxvqQ.exe
  C:\Windows\System\kJIxvqQ.exe
  2⤵
  PID:4120
- C:\Windows\System\MFqjupB.exe
  C:\Windows\System\MFqjupB.exe
  2⤵
  PID:4144
- C:\Windows\System\tTovLKe.exe
  C:\Windows\System\tTovLKe.exe
  2⤵
  PID:4164
- C:\Windows\System\WYTFNNf.exe
  C:\Windows\System\WYTFNNf.exe
  2⤵
  PID:4180
- C:\Windows\System\QgpCWao.exe
  C:\Windows\System\QgpCWao.exe
  2⤵
  PID:4196
- C:\Windows\System\IidExKI.exe
  C:\Windows\System\IidExKI.exe
  2⤵
  PID:4220
- C:\Windows\System\lPOEwBT.exe
  C:\Windows\System\lPOEwBT.exe
  2⤵
  PID:4240
- C:\Windows\System\emCZayM.exe
  C:\Windows\System\emCZayM.exe
  2⤵
  PID:4264
- C:\Windows\System\nQKrdRN.exe
  C:\Windows\System\nQKrdRN.exe
  2⤵
  PID:4280
- C:\Windows\System\YuGGJHm.exe
  C:\Windows\System\YuGGJHm.exe
  2⤵
  PID:4300
- C:\Windows\System\EWahINW.exe
  C:\Windows\System\EWahINW.exe
  2⤵
  PID:4324
- C:\Windows\System\gQBwGCl.exe
  C:\Windows\System\gQBwGCl.exe
  2⤵
  PID:4360
- C:\Windows\System\uUVnuvc.exe
  C:\Windows\System\uUVnuvc.exe
  2⤵
  PID:4380
- C:\Windows\System\FRQCcZQ.exe
  C:\Windows\System\FRQCcZQ.exe
  2⤵
  PID:4400
- C:\Windows\System\LJGWElA.exe
  C:\Windows\System\LJGWElA.exe
  2⤵
  PID:4416
- C:\Windows\System\BDlBeLm.exe
  C:\Windows\System\BDlBeLm.exe
  2⤵
  PID:4440
- C:\Windows\System\cTBBuPe.exe
  C:\Windows\System\cTBBuPe.exe
  2⤵
  PID:4460
- C:\Windows\System\qhfrOkQ.exe
  C:\Windows\System\qhfrOkQ.exe
  2⤵
  PID:4476
- C:\Windows\System\IkSBPZl.exe
  C:\Windows\System\IkSBPZl.exe
  2⤵
  PID:4500
- C:\Windows\System\iYbjngZ.exe
  C:\Windows\System\iYbjngZ.exe
  2⤵
  PID:4516
- C:\Windows\System\pXWQjIK.exe
  C:\Windows\System\pXWQjIK.exe
  2⤵
  PID:4536
- C:\Windows\System\IKilFgj.exe
  C:\Windows\System\IKilFgj.exe
  2⤵
  PID:4556
- C:\Windows\System\rpXUbMZ.exe
  C:\Windows\System\rpXUbMZ.exe
  2⤵
  PID:4576
- C:\Windows\System\IAgneFa.exe
  C:\Windows\System\IAgneFa.exe
  2⤵
  PID:4600
- C:\Windows\System\diKQyex.exe
  C:\Windows\System\diKQyex.exe
  2⤵
  PID:4616
- C:\Windows\System\UPQpCpB.exe
  C:\Windows\System\UPQpCpB.exe
  2⤵
  PID:4640
- C:\Windows\System\nxoqwdJ.exe
  C:\Windows\System\nxoqwdJ.exe
  2⤵
  PID:4660
- C:\Windows\System\iKJwTxd.exe
  C:\Windows\System\iKJwTxd.exe
  2⤵
  PID:4676
- C:\Windows\System\oeSBWAT.exe
  C:\Windows\System\oeSBWAT.exe
  2⤵
  PID:4696
- C:\Windows\System\LlUYbbP.exe
  C:\Windows\System\LlUYbbP.exe
  2⤵
  PID:4720
- C:\Windows\System\FbRjRhq.exe
  C:\Windows\System\FbRjRhq.exe
  2⤵
  PID:4736
- C:\Windows\System\pPwfyqk.exe
  C:\Windows\System\pPwfyqk.exe
  2⤵
  PID:4760
- C:\Windows\System\daiArPe.exe
  C:\Windows\System\daiArPe.exe
  2⤵
  PID:4776
- C:\Windows\System\snrmwqR.exe
  C:\Windows\System\snrmwqR.exe
  2⤵
  PID:4800
- C:\Windows\System\sVyVhaQ.exe
  C:\Windows\System\sVyVhaQ.exe
  2⤵
  PID:4816
- C:\Windows\System\bYUTKcu.exe
  C:\Windows\System\bYUTKcu.exe
  2⤵
  PID:4840
- C:\Windows\System\FuJazTT.exe
  C:\Windows\System\FuJazTT.exe
  2⤵
  PID:4860
- C:\Windows\System\EGHdhVy.exe
  C:\Windows\System\EGHdhVy.exe
  2⤵
  PID:4876
- C:\Windows\System\yPGWiPP.exe
  C:\Windows\System\yPGWiPP.exe
  2⤵
  PID:4896
- C:\Windows\System\AplySkG.exe
  C:\Windows\System\AplySkG.exe
  2⤵
  PID:4916
- C:\Windows\System\cOuJjso.exe
  C:\Windows\System\cOuJjso.exe
  2⤵
  PID:4936
- C:\Windows\System\OKjKuCf.exe
  C:\Windows\System\OKjKuCf.exe
  2⤵
  PID:4952
- C:\Windows\System\mCRcDVE.exe
  C:\Windows\System\mCRcDVE.exe
  2⤵
  PID:4976
- C:\Windows\System\hqpdFBO.exe
  C:\Windows\System\hqpdFBO.exe
  2⤵
  PID:5000
- C:\Windows\System\erwiXCC.exe
  C:\Windows\System\erwiXCC.exe
  2⤵
  PID:5016
- C:\Windows\System\QbAcxWg.exe
  C:\Windows\System\QbAcxWg.exe
  2⤵
  PID:5040
- C:\Windows\System\sCTnOxl.exe
  C:\Windows\System\sCTnOxl.exe
  2⤵
  PID:5060
- C:\Windows\System\sFJSqHD.exe
  C:\Windows\System\sFJSqHD.exe
  2⤵
  PID:5088
- C:\Windows\System\AmglpGE.exe
  C:\Windows\System\AmglpGE.exe
  2⤵
  PID:5104
- C:\Windows\System\nnZUeUf.exe
  C:\Windows\System\nnZUeUf.exe
  2⤵
  PID:3356
- C:\Windows\System\IlDGbDo.exe
  C:\Windows\System\IlDGbDo.exe
  2⤵
  PID:3404
- C:\Windows\System\GFBFssf.exe
  C:\Windows\System\GFBFssf.exe
  2⤵
  PID:3676
- C:\Windows\System\RWBIMSO.exe
  C:\Windows\System\RWBIMSO.exe
  2⤵
  PID:3680
- C:\Windows\System\RbTerzn.exe
  C:\Windows\System\RbTerzn.exe
  2⤵
  PID:3324
- C:\Windows\System\byLVhfl.exe
  C:\Windows\System\byLVhfl.exe
  2⤵
  PID:3464
- C:\Windows\System\dnxkVFx.exe
  C:\Windows\System\dnxkVFx.exe
  2⤵
  PID:4044
- C:\Windows\System\bZIHQqd.exe
  C:\Windows\System\bZIHQqd.exe
  2⤵
  PID:3656
- C:\Windows\System\wmjIdNi.exe
  C:\Windows\System\wmjIdNi.exe
  2⤵
  PID:3544
- C:\Windows\System\LbDORWp.exe
  C:\Windows\System\LbDORWp.exe
  2⤵
  PID:3788
- C:\Windows\System\pOqWNZB.exe
  C:\Windows\System\pOqWNZB.exe
  2⤵
  PID:4068
- C:\Windows\System\bwkEeZW.exe
  C:\Windows\System\bwkEeZW.exe
  2⤵
  PID:1416
- C:\Windows\System\lvpqsgP.exe
  C:\Windows\System\lvpqsgP.exe
  2⤵
  PID:4176
- C:\Windows\System\DaozGGO.exe
  C:\Windows\System\DaozGGO.exe
  2⤵
  PID:4248
- C:\Windows\System\lEYDbYr.exe
  C:\Windows\System\lEYDbYr.exe
  2⤵
  PID:1204
- C:\Windows\System\QfFEcSq.exe
  C:\Windows\System\QfFEcSq.exe
  2⤵
  PID:4112
- C:\Windows\System\veTATCF.exe
  C:\Windows\System\veTATCF.exe
  2⤵
  PID:4152
- C:\Windows\System\zdMALEl.exe
  C:\Windows\System\zdMALEl.exe
  2⤵
  PID:4272
- C:\Windows\System\mlTcWXW.exe
  C:\Windows\System\mlTcWXW.exe
  2⤵
  PID:4232
- C:\Windows\System\otjzSBL.exe
  C:\Windows\System\otjzSBL.exe
  2⤵
  PID:4344
- C:\Windows\System\ngfLecE.exe
  C:\Windows\System\ngfLecE.exe
  2⤵
  PID:4320
- C:\Windows\System\nKWOhFG.exe
  C:\Windows\System\nKWOhFG.exe
  2⤵
  PID:4368
- C:\Windows\System\bubiXuR.exe
  C:\Windows\System\bubiXuR.exe
  2⤵
  PID:4412
- C:\Windows\System\VyuMZpg.exe
  C:\Windows\System\VyuMZpg.exe
  2⤵
  PID:4508
- C:\Windows\System\dhYBFax.exe
  C:\Windows\System\dhYBFax.exe
  2⤵
  PID:4484
- C:\Windows\System\BpYtUQu.exe
  C:\Windows\System\BpYtUQu.exe
  2⤵
  PID:4528
- C:\Windows\System\mLxnNWM.exe
  C:\Windows\System\mLxnNWM.exe
  2⤵
  PID:4584
- C:\Windows\System\LknrgkI.exe
  C:\Windows\System\LknrgkI.exe
  2⤵
  PID:4608
- C:\Windows\System\OavsjUc.exe
  C:\Windows\System\OavsjUc.exe
  2⤵
  PID:4628
- C:\Windows\System\ZgkENcv.exe
  C:\Windows\System\ZgkENcv.exe
  2⤵
  PID:4652
- C:\Windows\System\PTwlvGj.exe
  C:\Windows\System\PTwlvGj.exe
  2⤵
  PID:4712
- C:\Windows\System\MjCRwII.exe
  C:\Windows\System\MjCRwII.exe
  2⤵
  PID:4784
- C:\Windows\System\uLodFVQ.exe
  C:\Windows\System\uLodFVQ.exe
  2⤵
  PID:4684
- C:\Windows\System\nCapRRK.exe
  C:\Windows\System\nCapRRK.exe
  2⤵
  PID:4832
- C:\Windows\System\XdHsWFV.exe
  C:\Windows\System\XdHsWFV.exe
  2⤵
  PID:4732
- C:\Windows\System\NaAFFam.exe
  C:\Windows\System\NaAFFam.exe
  2⤵
  PID:4808
- C:\Windows\System\LwctXbs.exe
  C:\Windows\System\LwctXbs.exe
  2⤵
  PID:4944
- C:\Windows\System\lykHubM.exe
  C:\Windows\System\lykHubM.exe
  2⤵
  PID:4988
- C:\Windows\System\lNYXoQa.exe
  C:\Windows\System\lNYXoQa.exe
  2⤵
  PID:5076
- C:\Windows\System\mCYJWKb.exe
  C:\Windows\System\mCYJWKb.exe
  2⤵
  PID:3352
- C:\Windows\System\goXZVUq.exe
  C:\Windows\System\goXZVUq.exe
  2⤵
  PID:3484
- C:\Windows\System\nSwiTvA.exe
  C:\Windows\System\nSwiTvA.exe
  2⤵
  PID:4924
- C:\Windows\System\AsdwDaY.exe
  C:\Windows\System\AsdwDaY.exe
  2⤵
  PID:5048
- C:\Windows\System\JSHABXH.exe
  C:\Windows\System\JSHABXH.exe
  2⤵
  PID:5100
- C:\Windows\System\FWIYUMZ.exe
  C:\Windows\System\FWIYUMZ.exe
  2⤵
  PID:3508
- C:\Windows\System\hAEklAq.exe
  C:\Windows\System\hAEklAq.exe
  2⤵
  PID:4172
- C:\Windows\System\eHhsrff.exe
  C:\Windows\System\eHhsrff.exe
  2⤵
  PID:3756
- C:\Windows\System\svFeYfr.exe
  C:\Windows\System\svFeYfr.exe
  2⤵
  PID:3596
- C:\Windows\System\KwiNOhs.exe
  C:\Windows\System\KwiNOhs.exe
  2⤵
  PID:3648
- C:\Windows\System\SwFtHTT.exe
  C:\Windows\System\SwFtHTT.exe
  2⤵
  PID:3096
- C:\Windows\System\zLndNJZ.exe
  C:\Windows\System\zLndNJZ.exe
  2⤵
  PID:4208
- C:\Windows\System\cnptsLQ.exe
  C:\Windows\System\cnptsLQ.exe
  2⤵
  PID:4156
- C:\Windows\System\OVSIGLN.exe
  C:\Windows\System\OVSIGLN.exe
  2⤵
  PID:4188
- C:\Windows\System\nORtMlU.exe
  C:\Windows\System\nORtMlU.exe
  2⤵
  PID:3080
- C:\Windows\System\HVWbigk.exe
  C:\Windows\System\HVWbigk.exe
  2⤵
  PID:4548
- C:\Windows\System\OBpcpmj.exe
  C:\Windows\System\OBpcpmj.exe
  2⤵
  PID:4336
- C:\Windows\System\uExACVn.exe
  C:\Windows\System\uExACVn.exe
  2⤵
  PID:4468
- C:\Windows\System\WBVoHtG.exe
  C:\Windows\System\WBVoHtG.exe
  2⤵
  PID:4452
- C:\Windows\System\JITjHBf.exe
  C:\Windows\System\JITjHBf.exe
  2⤵
  PID:4632
- C:\Windows\System\puickur.exe
  C:\Windows\System\puickur.exe
  2⤵
  PID:4596
- C:\Windows\System\yBrBKcR.exe
  C:\Windows\System\yBrBKcR.exe
  2⤵
  PID:4848
- C:\Windows\System\TvxwOLZ.exe
  C:\Windows\System\TvxwOLZ.exe
  2⤵
  PID:1492
- C:\Windows\System\NpyTZgH.exe
  C:\Windows\System\NpyTZgH.exe
  2⤵
  PID:4872
- C:\Windows\System\XhuFnjY.exe
  C:\Windows\System\XhuFnjY.exe
  2⤵
  PID:4672
- C:\Windows\System\DRwGiSv.exe
  C:\Windows\System\DRwGiSv.exe
  2⤵
  PID:5028
- C:\Windows\System\wELATix.exe
  C:\Windows\System\wELATix.exe
  2⤵
  PID:4996
- C:\Windows\System\IbsNwXv.exe
  C:\Windows\System\IbsNwXv.exe
  2⤵
  PID:5008
- C:\Windows\System\RZVOjOd.exe
  C:\Windows\System\RZVOjOd.exe
  2⤵
  PID:4932
- C:\Windows\System\vdVTwCK.exe
  C:\Windows\System\vdVTwCK.exe
  2⤵
  PID:5052
- C:\Windows\System\lfuJxEA.exe
  C:\Windows\System\lfuJxEA.exe
  2⤵
  PID:4968
- C:\Windows\System\QKlzGky.exe
  C:\Windows\System\QKlzGky.exe
  2⤵
  PID:4136
- C:\Windows\System\NrWSyNr.exe
  C:\Windows\System\NrWSyNr.exe
  2⤵
  PID:2504
- C:\Windows\System\SNeTjoU.exe
  C:\Windows\System\SNeTjoU.exe
  2⤵
  PID:4288
- C:\Windows\System\yTUmMpW.exe
  C:\Windows\System\yTUmMpW.exe
  2⤵
  PID:3984
- C:\Windows\System\KkTyknW.exe
  C:\Windows\System\KkTyknW.exe
  2⤵
  PID:2396
- C:\Windows\System\iXoVHTn.exe
  C:\Windows\System\iXoVHTn.exe
  2⤵
  PID:4432
- C:\Windows\System\UiUlacF.exe
  C:\Windows\System\UiUlacF.exe
  2⤵
  PID:5148
- C:\Windows\System\lRfMUBE.exe
  C:\Windows\System\lRfMUBE.exe
  2⤵
  PID:5164
- C:\Windows\System\VUbaFXB.exe
  C:\Windows\System\VUbaFXB.exe
  2⤵
  PID:5184
- C:\Windows\System\NvZLlfx.exe
  C:\Windows\System\NvZLlfx.exe
  2⤵
  PID:5204
- C:\Windows\System\ZvYsaWP.exe
  C:\Windows\System\ZvYsaWP.exe
  2⤵
  PID:5224
- C:\Windows\System\OmWCrnt.exe
  C:\Windows\System\OmWCrnt.exe
  2⤵
  PID:5244
- C:\Windows\System\bewUmTt.exe
  C:\Windows\System\bewUmTt.exe
  2⤵
  PID:5260
- C:\Windows\System\nMVvwaU.exe
  C:\Windows\System\nMVvwaU.exe
  2⤵
  PID:5276
- C:\Windows\System\EqTuezS.exe
  C:\Windows\System\EqTuezS.exe
  2⤵
  PID:5300
- C:\Windows\System\Afrfswu.exe
  C:\Windows\System\Afrfswu.exe
  2⤵
  PID:5328
- C:\Windows\System\QkRmymI.exe
  C:\Windows\System\QkRmymI.exe
  2⤵
  PID:5344
- C:\Windows\System\MPklpeH.exe
  C:\Windows\System\MPklpeH.exe
  2⤵
  PID:5364
- C:\Windows\System\fpWywjL.exe
  C:\Windows\System\fpWywjL.exe
  2⤵
  PID:5388
- C:\Windows\System\kclmUIM.exe
  C:\Windows\System\kclmUIM.exe
  2⤵
  PID:5404
- C:\Windows\System\lqBegbz.exe
  C:\Windows\System\lqBegbz.exe
  2⤵
  PID:5428
- C:\Windows\System\fdVVAjj.exe
  C:\Windows\System\fdVVAjj.exe
  2⤵
  PID:5448
- C:\Windows\System\pvdbqoZ.exe
  C:\Windows\System\pvdbqoZ.exe
  2⤵
  PID:5468
- C:\Windows\System\mgTjJBT.exe
  C:\Windows\System\mgTjJBT.exe
  2⤵
  PID:5484
- C:\Windows\System\wsnDXRe.exe
  C:\Windows\System\wsnDXRe.exe
  2⤵
  PID:5504
- C:\Windows\System\dKiRKPn.exe
  C:\Windows\System\dKiRKPn.exe
  2⤵
  PID:5524
- C:\Windows\System\FmpwFRn.exe
  C:\Windows\System\FmpwFRn.exe
  2⤵
  PID:5544
- C:\Windows\System\UDBRTDO.exe
  C:\Windows\System\UDBRTDO.exe
  2⤵
  PID:5564
- C:\Windows\System\qphWIHh.exe
  C:\Windows\System\qphWIHh.exe
  2⤵
  PID:5584
- C:\Windows\System\NpOxtUb.exe
  C:\Windows\System\NpOxtUb.exe
  2⤵
  PID:5604
- C:\Windows\System\VtsmMUh.exe
  C:\Windows\System\VtsmMUh.exe
  2⤵
  PID:5624
- C:\Windows\System\fLJbiaJ.exe
  C:\Windows\System\fLJbiaJ.exe
  2⤵
  PID:5644
- C:\Windows\System\abxlPTN.exe
  C:\Windows\System\abxlPTN.exe
  2⤵
  PID:5664
- C:\Windows\System\ZkpOVHt.exe
  C:\Windows\System\ZkpOVHt.exe
  2⤵
  PID:5684
- C:\Windows\System\zWPrJyl.exe
  C:\Windows\System\zWPrJyl.exe
  2⤵
  PID:5708
- C:\Windows\System\sRThhXT.exe
  C:\Windows\System\sRThhXT.exe
  2⤵
  PID:5724
- C:\Windows\System\oBEvyMH.exe
  C:\Windows\System\oBEvyMH.exe
  2⤵
  PID:5744
- C:\Windows\System\eokkttZ.exe
  C:\Windows\System\eokkttZ.exe
  2⤵
  PID:5764
- C:\Windows\System\RSatcLD.exe
  C:\Windows\System\RSatcLD.exe
  2⤵
  PID:5788
- C:\Windows\System\otgIHvE.exe
  C:\Windows\System\otgIHvE.exe
  2⤵
  PID:5804
- C:\Windows\System\WjacSzd.exe
  C:\Windows\System\WjacSzd.exe
  2⤵
  PID:5824
- C:\Windows\System\LfHxINo.exe
  C:\Windows\System\LfHxINo.exe
  2⤵
  PID:5844
- C:\Windows\System\wmaGiCC.exe
  C:\Windows\System\wmaGiCC.exe
  2⤵
  PID:5864
- C:\Windows\System\fTCVRJL.exe
  C:\Windows\System\fTCVRJL.exe
  2⤵
  PID:5884
- C:\Windows\System\WVoivEg.exe
  C:\Windows\System\WVoivEg.exe
  2⤵
  PID:5904
- C:\Windows\System\fOWSXet.exe
  C:\Windows\System\fOWSXet.exe
  2⤵
  PID:5924
- C:\Windows\System\mSzcKnd.exe
  C:\Windows\System\mSzcKnd.exe
  2⤵
  PID:5944
- C:\Windows\System\MHQnsBs.exe
  C:\Windows\System\MHQnsBs.exe
  2⤵
  PID:5964
- C:\Windows\System\ihoKYEh.exe
  C:\Windows\System\ihoKYEh.exe
  2⤵
  PID:5980
- C:\Windows\System\XIHGKWy.exe
  C:\Windows\System\XIHGKWy.exe
  2⤵
  PID:6004
- C:\Windows\System\pPrQviG.exe
  C:\Windows\System\pPrQviG.exe
  2⤵
  PID:6024
- C:\Windows\System\cjLVXqa.exe
  C:\Windows\System\cjLVXqa.exe
  2⤵
  PID:6044
- C:\Windows\System\vqzOOfM.exe
  C:\Windows\System\vqzOOfM.exe
  2⤵
  PID:6068
- C:\Windows\System\HuQBjFP.exe
  C:\Windows\System\HuQBjFP.exe
  2⤵
  PID:6084
- C:\Windows\System\lrcuGnG.exe
  C:\Windows\System\lrcuGnG.exe
  2⤵
  PID:6108
- C:\Windows\System\ixAuAoT.exe
  C:\Windows\System\ixAuAoT.exe
  2⤵
  PID:6124
- C:\Windows\System\SjQWBwS.exe
  C:\Windows\System\SjQWBwS.exe
  2⤵
  PID:4392
- C:\Windows\System\vgYREGB.exe
  C:\Windows\System\vgYREGB.exe
  2⤵
  PID:4524
- C:\Windows\System\axQbLMZ.exe
  C:\Windows\System\axQbLMZ.exe
  2⤵
  PID:4636
- C:\Windows\System\anwCXqe.exe
  C:\Windows\System\anwCXqe.exe
  2⤵
  PID:4788
- C:\Windows\System\MteYggQ.exe
  C:\Windows\System\MteYggQ.exe
  2⤵
  PID:4756
- C:\Windows\System\NmaiTkS.exe
  C:\Windows\System\NmaiTkS.exe
  2⤵
  PID:4648
- C:\Windows\System\HhLrtzO.exe
  C:\Windows\System\HhLrtzO.exe
  2⤵
  PID:4888
- C:\Windows\System\LFdCSgw.exe
  C:\Windows\System\LFdCSgw.exe
  2⤵
  PID:3840
- C:\Windows\System\PDmFkzX.exe
  C:\Windows\System\PDmFkzX.exe
  2⤵
  PID:4132
- C:\Windows\System\AHeAzMa.exe
  C:\Windows\System\AHeAzMa.exe
  2⤵
  PID:3124
- C:\Windows\System\vOagrSV.exe
  C:\Windows\System\vOagrSV.exe
  2⤵
  PID:3960
- C:\Windows\System\KSgtWpz.exe
  C:\Windows\System\KSgtWpz.exe
  2⤵
  PID:4408
- C:\Windows\System\JFEtsec.exe
  C:\Windows\System\JFEtsec.exe
  2⤵
  PID:5136
- C:\Windows\System\hvyQupO.exe
  C:\Windows\System\hvyQupO.exe
  2⤵
  PID:2744
- C:\Windows\System\tXOMdVj.exe
  C:\Windows\System\tXOMdVj.exe
  2⤵
  PID:5180
- C:\Windows\System\WFHjZaA.exe
  C:\Windows\System\WFHjZaA.exe
  2⤵
  PID:5252
- C:\Windows\System\RkLnFdL.exe
  C:\Windows\System\RkLnFdL.exe
  2⤵
  PID:5192
- C:\Windows\System\bfseaZY.exe
  C:\Windows\System\bfseaZY.exe
  2⤵
  PID:5268
- C:\Windows\System\vWTCutI.exe
  C:\Windows\System\vWTCutI.exe
  2⤵
  PID:5236
- C:\Windows\System\neWwjUC.exe
  C:\Windows\System\neWwjUC.exe
  2⤵
  PID:5316
- C:\Windows\System\eVNrGkh.exe
  C:\Windows\System\eVNrGkh.exe
  2⤵
  PID:5384
- C:\Windows\System\RrItgPw.exe
  C:\Windows\System\RrItgPw.exe
  2⤵
  PID:5416
- C:\Windows\System\DECiqTY.exe
  C:\Windows\System\DECiqTY.exe
  2⤵
  PID:5460
- C:\Windows\System\wggekuG.exe
  C:\Windows\System\wggekuG.exe
  2⤵
  PID:5500
- C:\Windows\System\APLEPlS.exe
  C:\Windows\System\APLEPlS.exe
  2⤵
  PID:5540
- C:\Windows\System\qHptwvS.exe
  C:\Windows\System\qHptwvS.exe
  2⤵
  PID:5576
- C:\Windows\System\ASZOUET.exe
  C:\Windows\System\ASZOUET.exe
  2⤵
  PID:5620
- C:\Windows\System\JCNeXRN.exe
  C:\Windows\System\JCNeXRN.exe
  2⤵
  PID:5552
- C:\Windows\System\eLXdqhD.exe
  C:\Windows\System\eLXdqhD.exe
  2⤵
  PID:5592
- C:\Windows\System\wofhqOo.exe
  C:\Windows\System\wofhqOo.exe
  2⤵
  PID:5700
- C:\Windows\System\GeqtomH.exe
  C:\Windows\System\GeqtomH.exe
  2⤵
  PID:5736
- C:\Windows\System\jUOlJqX.exe
  C:\Windows\System\jUOlJqX.exe
  2⤵
  PID:5776
- C:\Windows\System\xKzcYOk.exe
  C:\Windows\System\xKzcYOk.exe
  2⤵
  PID:5820
- C:\Windows\System\QcUVLKb.exe
  C:\Windows\System\QcUVLKb.exe
  2⤵
  PID:5716
- C:\Windows\System\ESUKbEV.exe
  C:\Windows\System\ESUKbEV.exe
  2⤵
  PID:5892
- C:\Windows\System\uLKVVpU.exe
  C:\Windows\System\uLKVVpU.exe
  2⤵
  PID:5796
- C:\Windows\System\KQWrGeb.exe
  C:\Windows\System\KQWrGeb.exe
  2⤵
  PID:5932
- C:\Windows\System\diemSgM.exe
  C:\Windows\System\diemSgM.exe
  2⤵
  PID:5976
- C:\Windows\System\MReGVtr.exe
  C:\Windows\System\MReGVtr.exe
  2⤵
  PID:1392
- C:\Windows\System\NWuuUUx.exe
  C:\Windows\System\NWuuUUx.exe
  2⤵
  PID:5920
- C:\Windows\System\eqmuAcP.exe
  C:\Windows\System\eqmuAcP.exe
  2⤵
  PID:6092
- C:\Windows\System\mehOYNk.exe
  C:\Windows\System\mehOYNk.exe
  2⤵
  PID:5992
- C:\Windows\System\GqbbwAj.exe
  C:\Windows\System\GqbbwAj.exe
  2⤵
  PID:6000
- C:\Windows\System\XkoRQXL.exe
  C:\Windows\System\XkoRQXL.exe
  2⤵
  PID:6080
- C:\Windows\System\BiuXZAP.exe
  C:\Windows\System\BiuXZAP.exe
  2⤵
  PID:4496
- C:\Windows\System\qaumzHG.exe
  C:\Windows\System\qaumzHG.exe
  2⤵
  PID:4624
- C:\Windows\System\btoiAvq.exe
  C:\Windows\System\btoiAvq.exe
  2⤵
  PID:4752
- C:\Windows\System\TINeOMa.exe
  C:\Windows\System\TINeOMa.exe
  2⤵
  PID:3420
- C:\Windows\System\FAgqeLq.exe
  C:\Windows\System\FAgqeLq.exe
  2⤵
  PID:4748
- C:\Windows\System\pmvkJbt.exe
  C:\Windows\System\pmvkJbt.exe
  2⤵
  PID:4856
- C:\Windows\System\GeihXHe.exe
  C:\Windows\System\GeihXHe.exe
  2⤵
  PID:4544
- C:\Windows\System\tlepCgM.exe
  C:\Windows\System\tlepCgM.exe
  2⤵
  PID:5288
- C:\Windows\System\tKfEYPx.exe
  C:\Windows\System\tKfEYPx.exe
  2⤵
  PID:1656
- C:\Windows\System\KioRzwM.exe
  C:\Windows\System\KioRzwM.exe
  2⤵
  PID:5372
- C:\Windows\System\fzIDigN.exe
  C:\Windows\System\fzIDigN.exe
  2⤵
  PID:4396
- C:\Windows\System\Nhkbpxf.exe
  C:\Windows\System\Nhkbpxf.exe
  2⤵
  PID:5216
- C:\Windows\System\gGSTfiQ.exe
  C:\Windows\System\gGSTfiQ.exe
  2⤵
  PID:5420
- C:\Windows\System\VeDZPui.exe
  C:\Windows\System\VeDZPui.exe
  2⤵
  PID:5360
- C:\Windows\System\EiPrGqE.exe
  C:\Windows\System\EiPrGqE.exe
  2⤵
  PID:5336
- C:\Windows\System\bNwCuLu.exe
  C:\Windows\System\bNwCuLu.exe
  2⤵
  PID:5520
- C:\Windows\System\ngatLyO.exe
  C:\Windows\System\ngatLyO.exe
  2⤵
  PID:5640
- C:\Windows\System\FnPMjri.exe
  C:\Windows\System\FnPMjri.exe
  2⤵
  PID:5812
- C:\Windows\System\CUEaTPw.exe
  C:\Windows\System\CUEaTPw.exe
  2⤵
  PID:5412
- C:\Windows\System\NlgTEQk.exe
  C:\Windows\System\NlgTEQk.exe
  2⤵
  PID:5476
- C:\Windows\System\vpyQDbf.exe
  C:\Windows\System\vpyQDbf.exe
  2⤵
  PID:5656
- C:\Windows\System\BuXxamf.exe
  C:\Windows\System\BuXxamf.exe
  2⤵
  PID:5836
- C:\Windows\System\UGNlNYO.exe
  C:\Windows\System\UGNlNYO.exe
  2⤵
  PID:1924
- C:\Windows\System\RodIyUI.exe
  C:\Windows\System\RodIyUI.exe
  2⤵
  PID:2844
- C:\Windows\System\VCKkguR.exe
  C:\Windows\System\VCKkguR.exe
  2⤵
  PID:5800
- C:\Windows\System\VjclZSW.exe
  C:\Windows\System\VjclZSW.exe
  2⤵
  PID:6016
- C:\Windows\System\FQbsmBW.exe
  C:\Windows\System\FQbsmBW.exe
  2⤵
  PID:5760
- C:\Windows\System\cclydok.exe
  C:\Windows\System\cclydok.exe
  2⤵
  PID:6136
- C:\Windows\System\NYUsDQS.exe
  C:\Windows\System\NYUsDQS.exe
  2⤵
  PID:4332
- C:\Windows\System\uvFXIdd.exe
  C:\Windows\System\uvFXIdd.exe
  2⤵
  PID:4772
- C:\Windows\System\YsmzMDA.exe
  C:\Windows\System\YsmzMDA.exe
  2⤵
  PID:6076
- C:\Windows\System\bwTJdSl.exe
  C:\Windows\System\bwTJdSl.exe
  2⤵
  PID:5156
- C:\Windows\System\RwqNaem.exe
  C:\Windows\System\RwqNaem.exe
  2⤵
  PID:6036
- C:\Windows\System\fsUGzKx.exe
  C:\Windows\System\fsUGzKx.exe
  2⤵
  PID:1772
- C:\Windows\System\EovmvYf.exe
  C:\Windows\System\EovmvYf.exe
  2⤵
  PID:5308
- C:\Windows\System\SrwUrnK.exe
  C:\Windows\System\SrwUrnK.exe
  2⤵
  PID:2704
- C:\Windows\System\QCDmGtz.exe
  C:\Windows\System\QCDmGtz.exe
  2⤵
  PID:5160
- C:\Windows\System\YVOpOAs.exe
  C:\Windows\System\YVOpOAs.exe
  2⤵
  PID:5512
- C:\Windows\System\FytbwYw.exe
  C:\Windows\System\FytbwYw.exe
  2⤵
  PID:5464
- C:\Windows\System\SKJKWJr.exe
  C:\Windows\System\SKJKWJr.exe
  2⤵
  PID:5612
- C:\Windows\System\njXPyKy.exe
  C:\Windows\System\njXPyKy.exe
  2⤵
  PID:5876
- C:\Windows\System\IgkJVaa.exe
  C:\Windows\System\IgkJVaa.exe
  2⤵
  PID:6132
- C:\Windows\System\XQAVKlK.exe
  C:\Windows\System\XQAVKlK.exe
  2⤵
  PID:6160
- C:\Windows\System\RWKbTzw.exe
  C:\Windows\System\RWKbTzw.exe
  2⤵
  PID:6184
- C:\Windows\System\lnuEBLf.exe
  C:\Windows\System\lnuEBLf.exe
  2⤵
  PID:6204
- C:\Windows\System\gHZaDXL.exe
  C:\Windows\System\gHZaDXL.exe
  2⤵
  PID:6236
- C:\Windows\System\BkUYhwJ.exe
  C:\Windows\System\BkUYhwJ.exe
  2⤵
  PID:6256
- C:\Windows\System\HTHzqYk.exe
  C:\Windows\System\HTHzqYk.exe
  2⤵
  PID:6276
- C:\Windows\System\xAzvLgb.exe
  C:\Windows\System\xAzvLgb.exe
  2⤵
  PID:6296
- C:\Windows\System\wDCLRAQ.exe
  C:\Windows\System\wDCLRAQ.exe
  2⤵
  PID:6312
- C:\Windows\System\sENwOdS.exe
  C:\Windows\System\sENwOdS.exe
  2⤵
  PID:6332
- C:\Windows\System\cqCMIyB.exe
  C:\Windows\System\cqCMIyB.exe
  2⤵
  PID:6352
- C:\Windows\System\JlkOeHJ.exe
  C:\Windows\System\JlkOeHJ.exe
  2⤵
  PID:6368
- C:\Windows\System\BmJFAmz.exe
  C:\Windows\System\BmJFAmz.exe
  2⤵
  PID:6388
- C:\Windows\System\qvLFyiZ.exe
  C:\Windows\System\qvLFyiZ.exe
  2⤵
  PID:6404
- C:\Windows\System\uiaFaNm.exe
  C:\Windows\System\uiaFaNm.exe
  2⤵
  PID:6428
- C:\Windows\System\IKSRvaI.exe
  C:\Windows\System\IKSRvaI.exe
  2⤵
  PID:6444
- C:\Windows\System\kcquInn.exe
  C:\Windows\System\kcquInn.exe
  2⤵
  PID:6460
- C:\Windows\System\IIQfCom.exe
  C:\Windows\System\IIQfCom.exe
  2⤵
  PID:6480
- C:\Windows\System\ORhegVE.exe
  C:\Windows\System\ORhegVE.exe
  2⤵
  PID:6516
- C:\Windows\System\OOoImBv.exe
  C:\Windows\System\OOoImBv.exe
  2⤵
  PID:6536
- C:\Windows\System\AcXfHwQ.exe
  C:\Windows\System\AcXfHwQ.exe
  2⤵
  PID:6556
- C:\Windows\System\ZqElwRb.exe
  C:\Windows\System\ZqElwRb.exe
  2⤵
  PID:6576
- C:\Windows\System\bmcVOZn.exe
  C:\Windows\System\bmcVOZn.exe
  2⤵
  PID:6592
- C:\Windows\System\gVGbogI.exe
  C:\Windows\System\gVGbogI.exe
  2⤵
  PID:6608
- C:\Windows\System\iisjDHK.exe
  C:\Windows\System\iisjDHK.exe
  2⤵
  PID:6624
- C:\Windows\System\TjUGYga.exe
  C:\Windows\System\TjUGYga.exe
  2⤵
  PID:6644
- C:\Windows\System\dRCfjFR.exe
  C:\Windows\System\dRCfjFR.exe
  2⤵
  PID:6668
- C:\Windows\System\dTzaYRp.exe
  C:\Windows\System\dTzaYRp.exe
  2⤵
  PID:6684
- C:\Windows\System\EsNoBzI.exe
  C:\Windows\System\EsNoBzI.exe
  2⤵
  PID:6704
- C:\Windows\System\vKLCybB.exe
  C:\Windows\System\vKLCybB.exe
  2⤵
  PID:6728
- C:\Windows\System\kqoJjgZ.exe
  C:\Windows\System\kqoJjgZ.exe
  2⤵
  PID:6752
- C:\Windows\System\jiVJKYm.exe
  C:\Windows\System\jiVJKYm.exe
  2⤵
  PID:6772
- C:\Windows\System\gPiWNVi.exe
  C:\Windows\System\gPiWNVi.exe
  2⤵
  PID:6792
- C:\Windows\System\urHrqGq.exe
  C:\Windows\System\urHrqGq.exe
  2⤵
  PID:6808
- C:\Windows\System\tgAGEXI.exe
  C:\Windows\System\tgAGEXI.exe
  2⤵
  PID:6828
- C:\Windows\System\ypxqEse.exe
  C:\Windows\System\ypxqEse.exe
  2⤵
  PID:6848
- C:\Windows\System\YnqAowP.exe
  C:\Windows\System\YnqAowP.exe
  2⤵
  PID:6872
- C:\Windows\System\mnTQiKI.exe
  C:\Windows\System\mnTQiKI.exe
  2⤵
  PID:6892
- C:\Windows\System\YJzXlai.exe
  C:\Windows\System\YJzXlai.exe
  2⤵
  PID:6912
- C:\Windows\System\JwEQBVh.exe
  C:\Windows\System\JwEQBVh.exe
  2⤵
  PID:6932
- C:\Windows\System\bFeptcr.exe
  C:\Windows\System\bFeptcr.exe
  2⤵
  PID:6952
- C:\Windows\System\loCbyMD.exe
  C:\Windows\System\loCbyMD.exe
  2⤵
  PID:6972
- C:\Windows\System\bBMdFHj.exe
  C:\Windows\System\bBMdFHj.exe
  2⤵
  PID:6992
- C:\Windows\System\zdhomRX.exe
  C:\Windows\System\zdhomRX.exe
  2⤵
  PID:7012
- C:\Windows\System\MXWJXLe.exe
  C:\Windows\System\MXWJXLe.exe
  2⤵
  PID:7032
- C:\Windows\System\OXqaCUi.exe
  C:\Windows\System\OXqaCUi.exe
  2⤵
  PID:7052
- C:\Windows\System\SxUWVmi.exe
  C:\Windows\System\SxUWVmi.exe
  2⤵
  PID:7072
- C:\Windows\System\AuFHDAD.exe
  C:\Windows\System\AuFHDAD.exe
  2⤵
  PID:7096
- C:\Windows\System\IdimUns.exe
  C:\Windows\System\IdimUns.exe
  2⤵
  PID:7116
- C:\Windows\System\sHhgfRb.exe
  C:\Windows\System\sHhgfRb.exe
  2⤵
  PID:7136
- C:\Windows\System\FhdDxKK.exe
  C:\Windows\System\FhdDxKK.exe
  2⤵
  PID:7156
- C:\Windows\System\bDqKREP.exe
  C:\Windows\System\bDqKREP.exe
  2⤵
  PID:5952
- C:\Windows\System\dJiGFnd.exe
  C:\Windows\System\dJiGFnd.exe
  2⤵
  PID:5740
- C:\Windows\System\oLvQLsN.exe
  C:\Windows\System\oLvQLsN.exe
  2⤵
  PID:1576
- C:\Windows\System\Dywlawc.exe
  C:\Windows\System\Dywlawc.exe
  2⤵
  PID:4456
- C:\Windows\System\vnktRLN.exe
  C:\Windows\System\vnktRLN.exe
  2⤵
  PID:4656
- C:\Windows\System\FTSeauq.exe
  C:\Windows\System\FTSeauq.exe
  2⤵
  PID:5380
- C:\Windows\System\cIqlxHL.exe
  C:\Windows\System\cIqlxHL.exe
  2⤵
  PID:6140
- C:\Windows\System\DGWHDwX.exe
  C:\Windows\System\DGWHDwX.exe
  2⤵
  PID:4828
- C:\Windows\System\LKcDNpR.exe
  C:\Windows\System\LKcDNpR.exe
  2⤵
  PID:5292
- C:\Windows\System\qLKolop.exe
  C:\Windows\System\qLKolop.exe
  2⤵
  PID:5396
- C:\Windows\System\mjBhsZm.exe
  C:\Windows\System\mjBhsZm.exe
  2⤵
  PID:5916
- C:\Windows\System\KAHkdgw.exe
  C:\Windows\System\KAHkdgw.exe
  2⤵
  PID:5356
- C:\Windows\System\pVdXJRD.exe
  C:\Windows\System\pVdXJRD.exe
  2⤵
  PID:5880
- C:\Windows\System\KVFgkRb.exe
  C:\Windows\System\KVFgkRb.exe
  2⤵
  PID:6200
- C:\Windows\System\wDgVRbl.exe
  C:\Windows\System\wDgVRbl.exe
  2⤵
  PID:6252
- C:\Windows\System\hqNnqTt.exe
  C:\Windows\System\hqNnqTt.exe
  2⤵
  PID:6284
- C:\Windows\System\YspvFEa.exe
  C:\Windows\System\YspvFEa.exe
  2⤵
  PID:6228
- C:\Windows\System\JxbndLk.exe
  C:\Windows\System\JxbndLk.exe
  2⤵
  PID:6328
- C:\Windows\System\NclLcHP.exe
  C:\Windows\System\NclLcHP.exe
  2⤵
  PID:6364
- C:\Windows\System\LjowBze.exe
  C:\Windows\System\LjowBze.exe
  2⤵
  PID:6468
- C:\Windows\System\ZUmfRNI.exe
  C:\Windows\System\ZUmfRNI.exe
  2⤵
  PID:6384
- C:\Windows\System\MUmrGFv.exe
  C:\Windows\System\MUmrGFv.exe
  2⤵
  PID:6456
- C:\Windows\System\LCnrwBB.exe
  C:\Windows\System\LCnrwBB.exe
  2⤵
  PID:6476
- C:\Windows\System\stjSgsq.exe
  C:\Windows\System\stjSgsq.exe
  2⤵
  PID:6572
- C:\Windows\System\ZuRDHPM.exe
  C:\Windows\System\ZuRDHPM.exe
  2⤵
  PID:6496
- C:\Windows\System\jKRatAU.exe
  C:\Windows\System\jKRatAU.exe
  2⤵
  PID:2708
- C:\Windows\System\seeDHbc.exe
  C:\Windows\System\seeDHbc.exe
  2⤵
  PID:6600
- C:\Windows\System\MREpvaF.exe
  C:\Windows\System\MREpvaF.exe
  2⤵
  PID:6676
- C:\Windows\System\AkwPksD.exe
  C:\Windows\System\AkwPksD.exe
  2⤵
  PID:6716
- C:\Windows\System\vvmYhiJ.exe
  C:\Windows\System\vvmYhiJ.exe
  2⤵
  PID:6836
- C:\Windows\System\aiokSYm.exe
  C:\Windows\System\aiokSYm.exe
  2⤵
  PID:6820
- C:\Windows\System\HOElltJ.exe
  C:\Windows\System\HOElltJ.exe
  2⤵
  PID:1728
- C:\Windows\System\usCRLBa.exe
  C:\Windows\System\usCRLBa.exe
  2⤵
  PID:6868
- C:\Windows\System\sgYYVtA.exe
  C:\Windows\System\sgYYVtA.exe
  2⤵
  PID:6924
- C:\Windows\System\nclFRMG.exe
  C:\Windows\System\nclFRMG.exe
  2⤵
  PID:6900
- C:\Windows\System\erKtLow.exe
  C:\Windows\System\erKtLow.exe
  2⤵
  PID:6948
- C:\Windows\System\hsZPuuF.exe
  C:\Windows\System\hsZPuuF.exe
  2⤵
  PID:7020
- C:\Windows\System\OXDqsPI.exe
  C:\Windows\System\OXDqsPI.exe
  2⤵
  PID:7048
- C:\Windows\System\MtOrcqq.exe
  C:\Windows\System\MtOrcqq.exe
  2⤵
  PID:7088
- C:\Windows\System\DishCAI.exe
  C:\Windows\System\DishCAI.exe
  2⤵
  PID:7124
- C:\Windows\System\cXrdonv.exe
  C:\Windows\System\cXrdonv.exe
  2⤵
  PID:7144
- C:\Windows\System\xWPDUoP.exe
  C:\Windows\System\xWPDUoP.exe
  2⤵
  PID:7148
- C:\Windows\System\IcVKmia.exe
  C:\Windows\System\IcVKmia.exe
  2⤵
  PID:5492
- C:\Windows\System\NCFNoRv.exe
  C:\Windows\System\NCFNoRv.exe
  2⤵
  PID:4008
- C:\Windows\System\ClKHvdH.exe
  C:\Windows\System\ClKHvdH.exe
  2⤵
  PID:6056
- C:\Windows\System\FmFlxuG.exe
  C:\Windows\System\FmFlxuG.exe
  2⤵
  PID:3384
- C:\Windows\System\KugfBdE.exe
  C:\Windows\System\KugfBdE.exe
  2⤵
  PID:5660
- C:\Windows\System\xoleNBY.exe
  C:\Windows\System\xoleNBY.exe
  2⤵
  PID:5652
- C:\Windows\System\wIljHkr.exe
  C:\Windows\System\wIljHkr.exe
  2⤵
  PID:5312
- C:\Windows\System\hfgLgTw.exe
  C:\Windows\System\hfgLgTw.exe
  2⤵
  PID:6168
- C:\Windows\System\JFfHooa.exe
  C:\Windows\System\JFfHooa.exe
  2⤵
  PID:6320
- C:\Windows\System\LRusTuU.exe
  C:\Windows\System\LRusTuU.exe
  2⤵
  PID:6264
- C:\Windows\System\MbdTOjw.exe
  C:\Windows\System\MbdTOjw.exe
  2⤵
  PID:6340
- C:\Windows\System\ZcuFRVb.exe
  C:\Windows\System\ZcuFRVb.exe
  2⤵
  PID:6440
- C:\Windows\System\WHssqiC.exe
  C:\Windows\System\WHssqiC.exe
  2⤵
  PID:6376
- C:\Windows\System\tSFycCh.exe
  C:\Windows\System\tSFycCh.exe
  2⤵
  PID:6532
- C:\Windows\System\TiMZTXR.exe
  C:\Windows\System\TiMZTXR.exe
  2⤵
  PID:6568
- C:\Windows\System\RTPOLBl.exe
  C:\Windows\System\RTPOLBl.exe
  2⤵
  PID:6508
- C:\Windows\System\MCUlPzY.exe
  C:\Windows\System\MCUlPzY.exe
  2⤵
  PID:6636
- C:\Windows\System\kNWkshG.exe
  C:\Windows\System\kNWkshG.exe
  2⤵
  PID:6620
- C:\Windows\System\ZFqLagm.exe
  C:\Windows\System\ZFqLagm.exe
  2⤵
  PID:2016
- C:\Windows\System\ehJQtfJ.exe
  C:\Windows\System\ehJQtfJ.exe
  2⤵
  PID:7000
- C:\Windows\System\NJqlPhx.exe
  C:\Windows\System\NJqlPhx.exe
  2⤵
  PID:6944
- C:\Windows\System\WSXvvoP.exe
  C:\Windows\System\WSXvvoP.exe
  2⤵
  PID:6980
- C:\Windows\System\cfNeonH.exe
  C:\Windows\System\cfNeonH.exe
  2⤵
  PID:7084
- C:\Windows\System\tfiZBGN.exe
  C:\Windows\System\tfiZBGN.exe
  2⤵
  PID:7104
- C:\Windows\System\YQVUHvG.exe
  C:\Windows\System\YQVUHvG.exe
  2⤵
  PID:5720
- C:\Windows\System\UigdoMT.exe
  C:\Windows\System\UigdoMT.exe
  2⤵
  PID:5972
- C:\Windows\System\aqYVztg.exe
  C:\Windows\System\aqYVztg.exe
  2⤵
  PID:4100
- C:\Windows\System\CiZbCCm.exe
  C:\Windows\System\CiZbCCm.exe
  2⤵
  PID:4892
- C:\Windows\System\OnMMCUr.exe
  C:\Windows\System\OnMMCUr.exe
  2⤵
  PID:5572
- C:\Windows\System\blIYgnf.exe
  C:\Windows\System\blIYgnf.exe
  2⤵
  PID:6244
- C:\Windows\System\ueSPNAv.exe
  C:\Windows\System\ueSPNAv.exe
  2⤵
  PID:7184
- C:\Windows\System\ZwRABiS.exe
  C:\Windows\System\ZwRABiS.exe
  2⤵
  PID:7204
- C:\Windows\System\bNVBNmv.exe
  C:\Windows\System\bNVBNmv.exe
  2⤵
  PID:7224
- C:\Windows\System\gmDnQsi.exe
  C:\Windows\System\gmDnQsi.exe
  2⤵
  PID:7244
- C:\Windows\System\FylfIZt.exe
  C:\Windows\System\FylfIZt.exe
  2⤵
  PID:7264
- C:\Windows\System\TsesEvP.exe
  C:\Windows\System\TsesEvP.exe
  2⤵
  PID:7284
- C:\Windows\System\MyDdgrl.exe
  C:\Windows\System\MyDdgrl.exe
  2⤵
  PID:7304
- C:\Windows\System\Ajkggig.exe
  C:\Windows\System\Ajkggig.exe
  2⤵
  PID:7324
- C:\Windows\System\wWRTyYg.exe
  C:\Windows\System\wWRTyYg.exe
  2⤵
  PID:7344
- C:\Windows\System\fvswTch.exe
  C:\Windows\System\fvswTch.exe
  2⤵
  PID:7364
- C:\Windows\System\RUyxBhL.exe
  C:\Windows\System\RUyxBhL.exe
  2⤵
  PID:7384
- C:\Windows\System\gbctPYi.exe
  C:\Windows\System\gbctPYi.exe
  2⤵
  PID:7404
- C:\Windows\System\jagOCGe.exe
  C:\Windows\System\jagOCGe.exe
  2⤵
  PID:7424
- C:\Windows\System\jBqmNRA.exe
  C:\Windows\System\jBqmNRA.exe
  2⤵
  PID:7444
- C:\Windows\System\gPAGJNY.exe
  C:\Windows\System\gPAGJNY.exe
  2⤵
  PID:7464
- C:\Windows\System\kBYKqbN.exe
  C:\Windows\System\kBYKqbN.exe
  2⤵
  PID:7484
- C:\Windows\System\dnzyUxe.exe
  C:\Windows\System\dnzyUxe.exe
  2⤵
  PID:7504
- C:\Windows\System\HaLidzB.exe
  C:\Windows\System\HaLidzB.exe
  2⤵
  PID:7524
- C:\Windows\System\itzDejV.exe
  C:\Windows\System\itzDejV.exe
  2⤵
  PID:7544
- C:\Windows\System\DGxKTkk.exe
  C:\Windows\System\DGxKTkk.exe
  2⤵
  PID:7564
- C:\Windows\System\NodVxOC.exe
  C:\Windows\System\NodVxOC.exe
  2⤵
  PID:7584
- C:\Windows\System\GnMcHcZ.exe
  C:\Windows\System\GnMcHcZ.exe
  2⤵
  PID:7604
- C:\Windows\System\SvOwiMu.exe
  C:\Windows\System\SvOwiMu.exe
  2⤵
  PID:7624
- C:\Windows\System\rojODgJ.exe
  C:\Windows\System\rojODgJ.exe
  2⤵
  PID:7644
- C:\Windows\System\CeCkxgE.exe
  C:\Windows\System\CeCkxgE.exe
  2⤵
  PID:7664
- C:\Windows\System\NTvWfGQ.exe
  C:\Windows\System\NTvWfGQ.exe
  2⤵
  PID:7684
- C:\Windows\System\lvbkUXw.exe
  C:\Windows\System\lvbkUXw.exe
  2⤵
  PID:7704
- C:\Windows\System\dDcRggK.exe
  C:\Windows\System\dDcRggK.exe
  2⤵
  PID:7724
- C:\Windows\System\fdyrkxL.exe
  C:\Windows\System\fdyrkxL.exe
  2⤵
  PID:7744
- C:\Windows\System\ZFebrip.exe
  C:\Windows\System\ZFebrip.exe
  2⤵
  PID:7764
- C:\Windows\System\WFbZzBz.exe
  C:\Windows\System\WFbZzBz.exe
  2⤵
  PID:7784
- C:\Windows\System\dcmxezN.exe
  C:\Windows\System\dcmxezN.exe
  2⤵
  PID:7804
- C:\Windows\System\yTrVVnI.exe
  C:\Windows\System\yTrVVnI.exe
  2⤵
  PID:7824
- C:\Windows\System\bSXmDye.exe
  C:\Windows\System\bSXmDye.exe
  2⤵
  PID:7844
- C:\Windows\System\pbEXQYr.exe
  C:\Windows\System\pbEXQYr.exe
  2⤵
  PID:7864
- C:\Windows\System\wVBhVnW.exe
  C:\Windows\System\wVBhVnW.exe
  2⤵
  PID:7884
- C:\Windows\System\jLyVjsB.exe
  C:\Windows\System\jLyVjsB.exe
  2⤵
  PID:7904
- C:\Windows\System\DtsrmZp.exe
  C:\Windows\System\DtsrmZp.exe
  2⤵
  PID:7924
- C:\Windows\System\oEcPkpO.exe
  C:\Windows\System\oEcPkpO.exe
  2⤵
  PID:7944
- C:\Windows\System\cWLgXev.exe
  C:\Windows\System\cWLgXev.exe
  2⤵
  PID:7964
- C:\Windows\System\xhWSnYe.exe
  C:\Windows\System\xhWSnYe.exe
  2⤵
  PID:7984
- C:\Windows\System\sygCgbe.exe
  C:\Windows\System\sygCgbe.exe
  2⤵
  PID:8004
- C:\Windows\System\OwkoTOg.exe
  C:\Windows\System\OwkoTOg.exe
  2⤵
  PID:8024
- C:\Windows\System\rMepNMO.exe
  C:\Windows\System\rMepNMO.exe
  2⤵
  PID:8044
- C:\Windows\System\wWgarxw.exe
  C:\Windows\System\wWgarxw.exe
  2⤵
  PID:8064
- C:\Windows\System\ekHmqNe.exe
  C:\Windows\System\ekHmqNe.exe
  2⤵
  PID:8084
- C:\Windows\System\UVrOdCG.exe
  C:\Windows\System\UVrOdCG.exe
  2⤵
  PID:8104
- C:\Windows\System\TBLVlnK.exe
  C:\Windows\System\TBLVlnK.exe
  2⤵
  PID:8124
- C:\Windows\System\SURBOLj.exe
  C:\Windows\System\SURBOLj.exe
  2⤵
  PID:8144
- C:\Windows\System\AiTGvVB.exe
  C:\Windows\System\AiTGvVB.exe
  2⤵
  PID:8164
- C:\Windows\System\maiGDNl.exe
  C:\Windows\System\maiGDNl.exe
  2⤵
  PID:8184
- C:\Windows\System\RoqqGyJ.exe
  C:\Windows\System\RoqqGyJ.exe
  2⤵
  PID:6308
- C:\Windows\System\jfuDpFV.exe
  C:\Windows\System\jfuDpFV.exe
  2⤵
  PID:2700
- C:\Windows\System\lxlpUPF.exe
  C:\Windows\System\lxlpUPF.exe
  2⤵
  PID:3004
- C:\Windows\System\YyOazyz.exe
  C:\Windows\System\YyOazyz.exe
  2⤵
  PID:6548
- C:\Windows\System\etFNaFm.exe
  C:\Windows\System\etFNaFm.exe
  2⤵
  PID:6632
- C:\Windows\System\SgskBii.exe
  C:\Windows\System\SgskBii.exe
  2⤵
  PID:6816
- C:\Windows\System\zElVZCa.exe
  C:\Windows\System\zElVZCa.exe
  2⤵
  PID:6920
- C:\Windows\System\oBXtVCF.exe
  C:\Windows\System\oBXtVCF.exe
  2⤵
  PID:6988
- C:\Windows\System\WqOdxQj.exe
  C:\Windows\System\WqOdxQj.exe
  2⤵
  PID:7064
- C:\Windows\System\wLnuRho.exe
  C:\Windows\System\wLnuRho.exe
  2⤵
  PID:3188
- C:\Windows\System\vTBffgc.exe
  C:\Windows\System\vTBffgc.exe
  2⤵
  PID:5676
- C:\Windows\System\VxgwLaY.exe
  C:\Windows\System\VxgwLaY.exe
  2⤵
  PID:2208
- C:\Windows\System\yCOojZd.exe
  C:\Windows\System\yCOojZd.exe
  2⤵
  PID:7176
- C:\Windows\System\knYgnzT.exe
  C:\Windows\System\knYgnzT.exe
  2⤵
  PID:7200
- C:\Windows\System\KwmDooA.exe
  C:\Windows\System\KwmDooA.exe
  2⤵
  PID:7232
- C:\Windows\System\DcxEshK.exe
  C:\Windows\System\DcxEshK.exe
  2⤵
  PID:7272
- C:\Windows\System\gfWxqUV.exe
  C:\Windows\System\gfWxqUV.exe
  2⤵
  PID:7296
- C:\Windows\System\HGoLCmg.exe
  C:\Windows\System\HGoLCmg.exe
  2⤵
  PID:7316
- C:\Windows\System\goHaeox.exe
  C:\Windows\System\goHaeox.exe
  2⤵
  PID:7360
- C:\Windows\System\hMAZnry.exe
  C:\Windows\System\hMAZnry.exe
  2⤵
  PID:7420
- C:\Windows\System\nVUnfxe.exe
  C:\Windows\System\nVUnfxe.exe
  2⤵
  PID:7440
- C:\Windows\System\rRqlNAE.exe
  C:\Windows\System\rRqlNAE.exe
  2⤵
  PID:7472
- C:\Windows\System\ybHCRSz.exe
  C:\Windows\System\ybHCRSz.exe
  2⤵
  PID:7496
- C:\Windows\System\ZaHJbTR.exe
  C:\Windows\System\ZaHJbTR.exe
  2⤵
  PID:7516
- C:\Windows\System\HpaeBai.exe
  C:\Windows\System\HpaeBai.exe
  2⤵
  PID:7580
- C:\Windows\System\LUExiFc.exe
  C:\Windows\System\LUExiFc.exe
  2⤵
  PID:7620
- C:\Windows\System\aYDmtEk.exe
  C:\Windows\System\aYDmtEk.exe
  2⤵
  PID:7640
- C:\Windows\System\DyfiGod.exe
  C:\Windows\System\DyfiGod.exe
  2⤵
  PID:7692
- C:\Windows\System\HSGQGEv.exe
  C:\Windows\System\HSGQGEv.exe
  2⤵
  PID:7712
- C:\Windows\System\EmpbMjH.exe
  C:\Windows\System\EmpbMjH.exe
  2⤵
  PID:7736
- C:\Windows\System\BpErJHn.exe
  C:\Windows\System\BpErJHn.exe
  2⤵
  PID:7760
- C:\Windows\System\bqXRCjW.exe
  C:\Windows\System\bqXRCjW.exe
  2⤵
  PID:7792
- C:\Windows\System\wvFmYrA.exe
  C:\Windows\System\wvFmYrA.exe
  2⤵
  PID:7860
- C:\Windows\System\oAYrRKN.exe
  C:\Windows\System\oAYrRKN.exe
  2⤵
  PID:7872
- C:\Windows\System\IMxtmxU.exe
  C:\Windows\System\IMxtmxU.exe
  2⤵
  PID:7912
- C:\Windows\System\nMTVxSS.exe
  C:\Windows\System\nMTVxSS.exe
  2⤵
  PID:7936
- C:\Windows\System\rLPxgWk.exe
  C:\Windows\System\rLPxgWk.exe
  2⤵
  PID:7956
- C:\Windows\System\dCNZYis.exe
  C:\Windows\System\dCNZYis.exe
  2⤵
  PID:7996
- C:\Windows\System\AWxLhVu.exe
  C:\Windows\System\AWxLhVu.exe
  2⤵
  PID:8032
- C:\Windows\System\GjacBiU.exe
  C:\Windows\System\GjacBiU.exe
  2⤵
  PID:8080
- C:\Windows\System\zmvdttY.exe
  C:\Windows\System\zmvdttY.exe
  2⤵
  PID:8112
- C:\Windows\System\Xuywxpt.exe
  C:\Windows\System\Xuywxpt.exe
  2⤵
  PID:8116
- C:\Windows\System\EEiijIJ.exe
  C:\Windows\System\EEiijIJ.exe
  2⤵
  PID:8156
- C:\Windows\System\XtHCuCo.exe
  C:\Windows\System\XtHCuCo.exe
  2⤵
  PID:6216
- C:\Windows\System\WUFgkJl.exe
  C:\Windows\System\WUFgkJl.exe
  2⤵
  PID:2648
- C:\Windows\System\AZfEkTf.exe
  C:\Windows\System\AZfEkTf.exe
  2⤵
  PID:6860
- C:\Windows\System\nyleKVi.exe
  C:\Windows\System\nyleKVi.exe
  2⤵
  PID:6928
- C:\Windows\System\VmDLIpd.exe
  C:\Windows\System\VmDLIpd.exe
  2⤵
  PID:7040
- C:\Windows\System\cMHyFjp.exe
  C:\Windows\System\cMHyFjp.exe
  2⤵
  PID:6020
- C:\Windows\System\plMXUEc.exe
  C:\Windows\System\plMXUEc.exe
  2⤵
  PID:5320
- C:\Windows\System\YpsaFwf.exe
  C:\Windows\System\YpsaFwf.exe
  2⤵
  PID:6172
- C:\Windows\System\sVbraGJ.exe
  C:\Windows\System\sVbraGJ.exe
  2⤵
  PID:7256
- C:\Windows\System\nAZFvKw.exe
  C:\Windows\System\nAZFvKw.exe
  2⤵
  PID:7240
- C:\Windows\System\ijnoBzo.exe
  C:\Windows\System\ijnoBzo.exe
  2⤵
  PID:7320
- C:\Windows\System\BgamLEV.exe
  C:\Windows\System\BgamLEV.exe
  2⤵
  PID:7412
- C:\Windows\System\UoyfZTM.exe
  C:\Windows\System\UoyfZTM.exe
  2⤵
  PID:7436
- C:\Windows\System\BSGOTaM.exe
  C:\Windows\System\BSGOTaM.exe
  2⤵
  PID:7520
- C:\Windows\System\DPyGzkF.exe
  C:\Windows\System\DPyGzkF.exe
  2⤵
  PID:7552
- C:\Windows\System\StEGRDP.exe
  C:\Windows\System\StEGRDP.exe
  2⤵
  PID:7592
- C:\Windows\System\DWSTbWn.exe
  C:\Windows\System\DWSTbWn.exe
  2⤵
  PID:7672
- C:\Windows\System\oNRGnsh.exe
  C:\Windows\System\oNRGnsh.exe
  2⤵
  PID:7696
- C:\Windows\System\tMJrWrf.exe
  C:\Windows\System\tMJrWrf.exe
  2⤵
  PID:7820
- C:\Windows\System\xxRrfZJ.exe
  C:\Windows\System\xxRrfZJ.exe
  2⤵
  PID:7892
- C:\Windows\System\fXxFUuA.exe
  C:\Windows\System\fXxFUuA.exe
  2⤵
  PID:7876
- C:\Windows\System\mWVFIUm.exe
  C:\Windows\System\mWVFIUm.exe
  2⤵
  PID:7916
- C:\Windows\System\CkNAzcl.exe
  C:\Windows\System\CkNAzcl.exe
  2⤵
  PID:7980
- C:\Windows\System\bnZwRtv.exe
  C:\Windows\System\bnZwRtv.exe
  2⤵
  PID:8052
- C:\Windows\System\wOJDqpG.exe
  C:\Windows\System\wOJDqpG.exe
  2⤵
  PID:8092
- C:\Windows\System\iojlAwE.exe
  C:\Windows\System\iojlAwE.exe
  2⤵
  PID:8160
- C:\Windows\System\SiVETcw.exe
  C:\Windows\System\SiVETcw.exe
  2⤵
  PID:6420
- C:\Windows\System\jozAgbI.exe
  C:\Windows\System\jozAgbI.exe
  2⤵
  PID:6712
- C:\Windows\System\LAuVRjK.exe
  C:\Windows\System\LAuVRjK.exe
  2⤵
  PID:6784
- C:\Windows\System\LFLdBiM.exe
  C:\Windows\System\LFLdBiM.exe
  2⤵
  PID:1852
- C:\Windows\System\ezIOCph.exe
  C:\Windows\System\ezIOCph.exe
  2⤵
  PID:7192
- C:\Windows\System\TkSRnSl.exe
  C:\Windows\System\TkSRnSl.exe
  2⤵
  PID:2676
- C:\Windows\System\emjLDVa.exe
  C:\Windows\System\emjLDVa.exe
  2⤵
  PID:7280
- C:\Windows\System\NYuhkbu.exe
  C:\Windows\System\NYuhkbu.exe
  2⤵
  PID:7416
- C:\Windows\System\SOPcLsJ.exe
  C:\Windows\System\SOPcLsJ.exe
  2⤵
  PID:7432
- C:\Windows\System\ZzKXeAW.exe
  C:\Windows\System\ZzKXeAW.exe
  2⤵
  PID:7572
- C:\Windows\System\bxnEBck.exe
  C:\Windows\System\bxnEBck.exe
  2⤵
  PID:7612
- C:\Windows\System\ZTcEQmJ.exe
  C:\Windows\System\ZTcEQmJ.exe
  2⤵
  PID:8204
- C:\Windows\System\WtGTMlD.exe
  C:\Windows\System\WtGTMlD.exe
  2⤵
  PID:8224
- C:\Windows\System\xBiXeoe.exe
  C:\Windows\System\xBiXeoe.exe
  2⤵
  PID:8244
- C:\Windows\System\fYdplFD.exe
  C:\Windows\System\fYdplFD.exe
  2⤵
  PID:8264
- C:\Windows\System\usxRPfH.exe
  C:\Windows\System\usxRPfH.exe
  2⤵
  PID:8284
- C:\Windows\System\qmXWOWH.exe
  C:\Windows\System\qmXWOWH.exe
  2⤵
  PID:8304
- C:\Windows\System\bzxDOSC.exe
  C:\Windows\System\bzxDOSC.exe
  2⤵
  PID:8324
- C:\Windows\System\gxtsnny.exe
  C:\Windows\System\gxtsnny.exe
  2⤵
  PID:8344
- C:\Windows\System\czWIrtz.exe
  C:\Windows\System\czWIrtz.exe
  2⤵
  PID:8364
- C:\Windows\System\EyvwGNL.exe
  C:\Windows\System\EyvwGNL.exe
  2⤵
  PID:8384
- C:\Windows\System\AIlhqqr.exe
  C:\Windows\System\AIlhqqr.exe
  2⤵
  PID:8404
- C:\Windows\System\kRshWTS.exe
  C:\Windows\System\kRshWTS.exe
  2⤵
  PID:8424
- C:\Windows\System\GpwgnAw.exe
  C:\Windows\System\GpwgnAw.exe
  2⤵
  PID:8444
- C:\Windows\System\PKVOpxe.exe
  C:\Windows\System\PKVOpxe.exe
  2⤵
  PID:8464
- C:\Windows\System\cPUXEQq.exe
  C:\Windows\System\cPUXEQq.exe
  2⤵
  PID:8484
- C:\Windows\System\AnVtUhQ.exe
  C:\Windows\System\AnVtUhQ.exe
  2⤵
  PID:8504
- C:\Windows\System\rKTvPsx.exe
  C:\Windows\System\rKTvPsx.exe
  2⤵
  PID:8524
- C:\Windows\System\pXuJJbO.exe
  C:\Windows\System\pXuJJbO.exe
  2⤵
  PID:8544
- C:\Windows\System\NLEWXoa.exe
  C:\Windows\System\NLEWXoa.exe
  2⤵
  PID:8564
- C:\Windows\System\ebHLsxr.exe
  C:\Windows\System\ebHLsxr.exe
  2⤵
  PID:8584
- C:\Windows\System\HYoqWLR.exe
  C:\Windows\System\HYoqWLR.exe
  2⤵
  PID:8600
- C:\Windows\System\nCugJzi.exe
  C:\Windows\System\nCugJzi.exe
  2⤵
  PID:8624
- C:\Windows\System\tHOoeJA.exe
  C:\Windows\System\tHOoeJA.exe
  2⤵
  PID:8644
- C:\Windows\System\cgJjUjD.exe
  C:\Windows\System\cgJjUjD.exe
  2⤵
  PID:8664
- C:\Windows\System\KVGqOfD.exe
  C:\Windows\System\KVGqOfD.exe
  2⤵
  PID:8684
- C:\Windows\System\VKJESCc.exe
  C:\Windows\System\VKJESCc.exe
  2⤵
  PID:8704
- C:\Windows\System\qgzPaVH.exe
  C:\Windows\System\qgzPaVH.exe
  2⤵
  PID:8720
- C:\Windows\System\tAhfwnu.exe
  C:\Windows\System\tAhfwnu.exe
  2⤵
  PID:8748
- C:\Windows\System\DslwIKj.exe
  C:\Windows\System\DslwIKj.exe
  2⤵
  PID:8768
- C:\Windows\System\OcBYEaN.exe
  C:\Windows\System\OcBYEaN.exe
  2⤵
  PID:8788
- C:\Windows\System\dBDmRBf.exe
  C:\Windows\System\dBDmRBf.exe
  2⤵
  PID:8808
- C:\Windows\System\tjqUyOP.exe
  C:\Windows\System\tjqUyOP.exe
  2⤵
  PID:8828
- C:\Windows\System\CdgeIrZ.exe
  C:\Windows\System\CdgeIrZ.exe
  2⤵
  PID:8848
- C:\Windows\System\xxtiPNM.exe
  C:\Windows\System\xxtiPNM.exe
  2⤵
  PID:8868
- C:\Windows\System\IPZoKtH.exe
  C:\Windows\System\IPZoKtH.exe
  2⤵
  PID:8888
- C:\Windows\System\GZNbwwg.exe
  C:\Windows\System\GZNbwwg.exe
  2⤵
  PID:8908
- C:\Windows\System\anogQeg.exe
  C:\Windows\System\anogQeg.exe
  2⤵
  PID:8928
- C:\Windows\System\qWQEYVw.exe
  C:\Windows\System\qWQEYVw.exe
  2⤵
  PID:8948
- C:\Windows\System\jVMByKA.exe
  C:\Windows\System\jVMByKA.exe
  2⤵
  PID:8968
- C:\Windows\System\BWAoYve.exe
  C:\Windows\System\BWAoYve.exe
  2⤵
  PID:8988
- C:\Windows\System\crQggZL.exe
  C:\Windows\System\crQggZL.exe
  2⤵
  PID:9008
- C:\Windows\System\OgydPgu.exe
  C:\Windows\System\OgydPgu.exe
  2⤵
  PID:9028
- C:\Windows\System\bUqLNlX.exe
  C:\Windows\System\bUqLNlX.exe
  2⤵
  PID:9044
- C:\Windows\System\hHTYSAg.exe
  C:\Windows\System\hHTYSAg.exe
  2⤵
  PID:9060
- C:\Windows\System\JeYtrAX.exe
  C:\Windows\System\JeYtrAX.exe
  2⤵
  PID:9076
- C:\Windows\System\woLwcdR.exe
  C:\Windows\System\woLwcdR.exe
  2⤵
  PID:9096
- C:\Windows\System\zCWAyay.exe
  C:\Windows\System\zCWAyay.exe
  2⤵
  PID:9112
- C:\Windows\System\wadGTmG.exe
  C:\Windows\System\wadGTmG.exe
  2⤵
  PID:9128
- C:\Windows\System\mLvgpTP.exe
  C:\Windows\System\mLvgpTP.exe
  2⤵
  PID:9144
- C:\Windows\System\QoHowTe.exe
  C:\Windows\System\QoHowTe.exe
  2⤵
  PID:9192
- C:\Windows\System\wimNffM.exe
  C:\Windows\System\wimNffM.exe
  2⤵
  PID:9208
- C:\Windows\System\WRCgtgO.exe
  C:\Windows\System\WRCgtgO.exe
  2⤵
  PID:7720
- C:\Windows\System\mZqsHTw.exe
  C:\Windows\System\mZqsHTw.exe
  2⤵
  PID:7840
- C:\Windows\System\XttCPpc.exe
  C:\Windows\System\XttCPpc.exe
  2⤵
  PID:7960
- C:\Windows\System\JXbIXqG.exe
  C:\Windows\System\JXbIXqG.exe
  2⤵
  PID:8000
- C:\Windows\System\GruLegm.exe
  C:\Windows\System\GruLegm.exe
  2⤵
  PID:8016
- C:\Windows\System\gLzSqNR.exe
  C:\Windows\System\gLzSqNR.exe
  2⤵
  PID:6492
- C:\Windows\System\HLQTzLP.exe
  C:\Windows\System\HLQTzLP.exe
  2⤵
  PID:6788
- C:\Windows\System\cPPKECI.exe
  C:\Windows\System\cPPKECI.exe
  2⤵
  PID:5756
- C:\Windows\System\tuhmDZc.exe
  C:\Windows\System\tuhmDZc.exe
  2⤵
  PID:3964
- C:\Windows\System\YQGFSju.exe
  C:\Windows\System\YQGFSju.exe
  2⤵
  PID:7380
- C:\Windows\System\wxjtwcW.exe
  C:\Windows\System\wxjtwcW.exe
  2⤵
  PID:7500
- C:\Windows\System\pKcPtRB.exe
  C:\Windows\System\pKcPtRB.exe
  2⤵
  PID:7460
- C:\Windows\System\XGhzLWp.exe
  C:\Windows\System\XGhzLWp.exe
  2⤵
  PID:7476
- C:\Windows\System\YekipKZ.exe
  C:\Windows\System\YekipKZ.exe
  2⤵
  PID:8200
- C:\Windows\System\rnWPeor.exe
  C:\Windows\System\rnWPeor.exe
  2⤵
  PID:8232
- C:\Windows\System\mnBiAoO.exe
  C:\Windows\System\mnBiAoO.exe
  2⤵
  PID:8240
- C:\Windows\System\DgXNzkd.exe
  C:\Windows\System\DgXNzkd.exe
  2⤵
  PID:8280
- C:\Windows\System\VQmJyXS.exe
  C:\Windows\System\VQmJyXS.exe
  2⤵
  PID:8332
- C:\Windows\System\QLFhIIp.exe
  C:\Windows\System\QLFhIIp.exe
  2⤵
  PID:8320
- C:\Windows\System\ySCBzfi.exe
  C:\Windows\System\ySCBzfi.exe
  2⤵
  PID:8360
- C:\Windows\System\LwogxXO.exe
  C:\Windows\System\LwogxXO.exe
  2⤵
  PID:868
- C:\Windows\System\OnGNUxU.exe
  C:\Windows\System\OnGNUxU.exe
  2⤵
  PID:8400
- C:\Windows\System\byNIyKT.exe
  C:\Windows\System\byNIyKT.exe
  2⤵
  PID:8436
- C:\Windows\System\aNzxKYw.exe
  C:\Windows\System\aNzxKYw.exe
  2⤵
  PID:8476
- C:\Windows\System\GjBoqTP.exe
  C:\Windows\System\GjBoqTP.exe
  2⤵
  PID:8512
- C:\Windows\System\VAHeZDr.exe
  C:\Windows\System\VAHeZDr.exe
  2⤵
  PID:8536
- C:\Windows\System\degzwBU.exe
  C:\Windows\System\degzwBU.exe
  2⤵
  PID:8620
- C:\Windows\System\pQagQqZ.exe
  C:\Windows\System\pQagQqZ.exe
  2⤵
  PID:8652
- C:\Windows\System\lOTYQHK.exe
  C:\Windows\System\lOTYQHK.exe
  2⤵
  PID:8656
- C:\Windows\System\zhQfzJq.exe
  C:\Windows\System\zhQfzJq.exe
  2⤵
  PID:8728
- C:\Windows\System\HNnLlNv.exe
  C:\Windows\System\HNnLlNv.exe
  2⤵
  PID:8740
- C:\Windows\System\TSbYGYW.exe
  C:\Windows\System\TSbYGYW.exe
  2⤵
  PID:2716
- C:\Windows\System\rqlUXGd.exe
  C:\Windows\System\rqlUXGd.exe
  2⤵
  PID:8784
- C:\Windows\System\XphKWcV.exe
  C:\Windows\System\XphKWcV.exe
  2⤵
  PID:2908
- C:\Windows\System\RoXlAMI.exe
  C:\Windows\System\RoXlAMI.exe
  2⤵
  PID:8800
- C:\Windows\System\vsxKrGS.exe
  C:\Windows\System\vsxKrGS.exe
  2⤵
  PID:8836
- C:\Windows\System\AKZAsvA.exe
  C:\Windows\System\AKZAsvA.exe
  2⤵
  PID:8860
- C:\Windows\System\bOnuCWf.exe
  C:\Windows\System\bOnuCWf.exe
  2⤵
  PID:8884
- C:\Windows\System\wVyJTQQ.exe
  C:\Windows\System\wVyJTQQ.exe
  2⤵
  PID:8900
- C:\Windows\System\MBdOdRU.exe
  C:\Windows\System\MBdOdRU.exe
  2⤵
  PID:8920
- C:\Windows\System\MZylGqt.exe
  C:\Windows\System\MZylGqt.exe
  2⤵
  PID:8984
- C:\Windows\System\AOxfRGw.exe
  C:\Windows\System\AOxfRGw.exe
  2⤵
  PID:8964
- C:\Windows\System\wpaTvEd.exe
  C:\Windows\System\wpaTvEd.exe
  2⤵
  PID:9000
- C:\Windows\System\QKTZbbh.exe
  C:\Windows\System\QKTZbbh.exe
  2⤵
  PID:9036
- C:\Windows\System\MhWUNtT.exe
  C:\Windows\System\MhWUNtT.exe
  2⤵
  PID:9068
- C:\Windows\System\WugnQpN.exe
  C:\Windows\System\WugnQpN.exe
  2⤵
  PID:9092
- C:\Windows\System\fxMcPvE.exe
  C:\Windows\System\fxMcPvE.exe
  2⤵
  PID:9164
- C:\Windows\System\NGOckmG.exe
  C:\Windows\System\NGOckmG.exe
  2⤵
  PID:9180
- C:\Windows\System\tBxzWUI.exe
  C:\Windows\System\tBxzWUI.exe
  2⤵
  PID:5068
- C:\Windows\System\sowYvcX.exe
  C:\Windows\System\sowYvcX.exe
  2⤵
  PID:9188
- C:\Windows\System\eqaFJSb.exe
  C:\Windows\System\eqaFJSb.exe
  2⤵
  PID:7832
- C:\Windows\System\aiMlVFH.exe
  C:\Windows\System\aiMlVFH.exe
  2⤵
  PID:9200
- C:\Windows\System\OMoTMGL.exe
  C:\Windows\System\OMoTMGL.exe
  2⤵
  PID:1720
- C:\Windows\System\pEIdBiX.exe
  C:\Windows\System\pEIdBiX.exe
  2⤵
  PID:6324
- C:\Windows\System\MsBtvOY.exe
  C:\Windows\System\MsBtvOY.exe
  2⤵
  PID:2200
- C:\Windows\System\TURPcmx.exe
  C:\Windows\System\TURPcmx.exe
  2⤵
  PID:2712
- C:\Windows\System\snyCDjy.exe
  C:\Windows\System\snyCDjy.exe
  2⤵
  PID:2508
- C:\Windows\System\JcDjpTY.exe
  C:\Windows\System\JcDjpTY.exe
  2⤵
  PID:8132
- C:\Windows\System\yllyovm.exe
  C:\Windows\System\yllyovm.exe
  2⤵
  PID:2972
- C:\Windows\System\uXxUJJT.exe
  C:\Windows\System\uXxUJJT.exe
  2⤵
  PID:344
- C:\Windows\System\QxmWHRP.exe
  C:\Windows\System\QxmWHRP.exe
  2⤵
  PID:2664
- C:\Windows\System\rkzGTTU.exe
  C:\Windows\System\rkzGTTU.exe
  2⤵
  PID:7252
- C:\Windows\System\fEfQeXn.exe
  C:\Windows\System\fEfQeXn.exe
  2⤵
  PID:7560
- C:\Windows\System\VWPVibA.exe
  C:\Windows\System\VWPVibA.exe
  2⤵
  PID:6908
- C:\Windows\System\RnyyDFS.exe
  C:\Windows\System\RnyyDFS.exe
  2⤵
  PID:1108
- C:\Windows\System\dTKkzFj.exe
  C:\Windows\System\dTKkzFj.exe
  2⤵
  PID:8260
- C:\Windows\System\Pmvmgom.exe
  C:\Windows\System\Pmvmgom.exe
  2⤵
  PID:8336
- C:\Windows\System\cpFjudV.exe
  C:\Windows\System\cpFjudV.exe
  2⤵
  PID:8440
- C:\Windows\System\RAKfdQZ.exe
  C:\Windows\System\RAKfdQZ.exe
  2⤵
  PID:8296
- C:\Windows\System\codSiIX.exe
  C:\Windows\System\codSiIX.exe
  2⤵
  PID:8292
- C:\Windows\System\lhTDLiJ.exe
  C:\Windows\System\lhTDLiJ.exe
  2⤵
  PID:8552
- C:\Windows\System\kfRUeei.exe
  C:\Windows\System\kfRUeei.exe
  2⤵
  PID:8472
- C:\Windows\System\pVxafqY.exe
  C:\Windows\System\pVxafqY.exe
  2⤵
  PID:8560
- C:\Windows\System\ycmbyzE.exe
  C:\Windows\System\ycmbyzE.exe
  2⤵
  PID:8576
- C:\Windows\System\xWjBDge.exe
  C:\Windows\System\xWjBDge.exe
  2⤵
  PID:8712
- C:\Windows\System\fzCeOrF.exe
  C:\Windows\System\fzCeOrF.exe
  2⤵
  PID:8804
- C:\Windows\System\eRXEfXR.exe
  C:\Windows\System\eRXEfXR.exe
  2⤵
  PID:2680
- C:\Windows\System\AovNvWe.exe
  C:\Windows\System\AovNvWe.exe
  2⤵
  PID:8616
- C:\Windows\System\dcUcXZj.exe
  C:\Windows\System\dcUcXZj.exe
  2⤵
  PID:8716
- C:\Windows\System\eTsizqk.exe
  C:\Windows\System\eTsizqk.exe
  2⤵
  PID:8820
- C:\Windows\System\VrNBRAb.exe
  C:\Windows\System\VrNBRAb.exe
  2⤵
  PID:8880
- C:\Windows\System\zNMnFTg.exe
  C:\Windows\System\zNMnFTg.exe
  2⤵
  PID:9052
- C:\Windows\System\qKkWEAx.exe
  C:\Windows\System\qKkWEAx.exe
  2⤵
  PID:8924
- C:\Windows\System\HgNewZu.exe
  C:\Windows\System\HgNewZu.exe
  2⤵
  PID:9020
- C:\Windows\System\xdDqctB.exe
  C:\Windows\System\xdDqctB.exe
  2⤵
  PID:9056
- C:\Windows\System\yLYflqi.exe
  C:\Windows\System\yLYflqi.exe
  2⤵
  PID:9120
- C:\Windows\System\jFdcOoj.exe
  C:\Windows\System\jFdcOoj.exe
  2⤵
  PID:9156
- C:\Windows\System\wnmYfYQ.exe
  C:\Windows\System\wnmYfYQ.exe
  2⤵
  PID:9152
- C:\Windows\System\WFQAWYd.exe
  C:\Windows\System\WFQAWYd.exe
  2⤵
  PID:9172
- C:\Windows\System\fBvneyR.exe
  C:\Windows\System\fBvneyR.exe
  2⤵
  PID:2916
- C:\Windows\System\IMNjIkw.exe
  C:\Windows\System\IMNjIkw.exe
  2⤵
  PID:2856
- C:\Windows\System\PgzhqJx.exe
  C:\Windows\System\PgzhqJx.exe
  2⤵
  PID:1084
- C:\Windows\System\xWiwVcW.exe
  C:\Windows\System\xWiwVcW.exe
  2⤵
  PID:1888
- C:\Windows\System\VbgMirM.exe
  C:\Windows\System\VbgMirM.exe
  2⤵
  PID:7812
- C:\Windows\System\XOGSMos.exe
  C:\Windows\System\XOGSMos.exe
  2⤵
  PID:1528
- C:\Windows\System\QbDwred.exe
  C:\Windows\System\QbDwred.exe
  2⤵
  PID:2660
- C:\Windows\System\xkqtGbs.exe
  C:\Windows\System\xkqtGbs.exe
  2⤵
  PID:7900
- C:\Windows\System\mkvnToc.exe
  C:\Windows\System\mkvnToc.exe
  2⤵
  PID:2928
- C:\Windows\System\PHxBQzI.exe
  C:\Windows\System\PHxBQzI.exe
  2⤵
  PID:792
- C:\Windows\System\roXETMt.exe
  C:\Windows\System\roXETMt.exe
  2⤵
  PID:7236
- C:\Windows\System\RtlDJnN.exe
  C:\Windows\System\RtlDJnN.exe
  2⤵
  PID:8432
- C:\Windows\System\JrubBLL.exe
  C:\Windows\System\JrubBLL.exe
  2⤵
  PID:8140
- C:\Windows\System\NjeKcYw.exe
  C:\Windows\System\NjeKcYw.exe
  2⤵
  PID:8376
- C:\Windows\System\eErTvVT.exe
  C:\Windows\System\eErTvVT.exe
  2⤵
  PID:8420
- C:\Windows\System\puGeXxY.exe
  C:\Windows\System\puGeXxY.exe
  2⤵
  PID:8676
- C:\Windows\System\AxOczaP.exe
  C:\Windows\System\AxOczaP.exe
  2⤵
  PID:8636
- C:\Windows\System\NmRgOhU.exe
  C:\Windows\System\NmRgOhU.exe
  2⤵
  PID:1556
- C:\Windows\System\tXZloZn.exe
  C:\Windows\System\tXZloZn.exe
  2⤵
  PID:1716
- C:\Windows\System\IFryhgG.exe
  C:\Windows\System\IFryhgG.exe
  2⤵
  PID:8816
- C:\Windows\System\HSGoiEW.exe
  C:\Windows\System\HSGoiEW.exe
  2⤵
  PID:2608
- C:\Windows\System\eUmiaqI.exe
  C:\Windows\System\eUmiaqI.exe
  2⤵
  PID:1964
- C:\Windows\System\JKkaUKE.exe
  C:\Windows\System\JKkaUKE.exe
  2⤵
  PID:7352
- C:\Windows\System\dXDcDcV.exe
  C:\Windows\System\dXDcDcV.exe
  2⤵
  PID:8940
- C:\Windows\System\eusLEdI.exe
  C:\Windows\System\eusLEdI.exe
  2⤵
  PID:9004
- C:\Windows\System\OLphEWF.exe
  C:\Windows\System\OLphEWF.exe
  2⤵
  PID:9136
- C:\Windows\System\AtKlbpU.exe
  C:\Windows\System\AtKlbpU.exe
  2⤵
  PID:2924
- C:\Windows\System\eAnNGcH.exe
  C:\Windows\System\eAnNGcH.exe
  2⤵
  PID:944
- C:\Windows\System\UjwLSsL.exe
  C:\Windows\System\UjwLSsL.exe
  2⤵
  PID:7776
- C:\Windows\System\XjaRuFH.exe
  C:\Windows\System\XjaRuFH.exe
  2⤵
  PID:7852
- C:\Windows\System\ucQJHqL.exe
  C:\Windows\System\ucQJHqL.exe
  2⤵
  PID:2356
- C:\Windows\System\EBpLFPd.exe
  C:\Windows\System\EBpLFPd.exe
  2⤵
  PID:8196
- C:\Windows\System\WXjuoNz.exe
  C:\Windows\System\WXjuoNz.exe
  2⤵
  PID:6452
- C:\Windows\System\AYgWREm.exe
  C:\Windows\System\AYgWREm.exe
  2⤵
  PID:8352
- C:\Windows\System\fTfZUVO.exe
  C:\Windows\System\fTfZUVO.exe
  2⤵
  PID:8700
- C:\Windows\System\gxTPFLK.exe
  C:\Windows\System\gxTPFLK.exe
  2⤵
  PID:8864
- C:\Windows\System\RXKRjoO.exe
  C:\Windows\System\RXKRjoO.exe
  2⤵
  PID:5080
- C:\Windows\System\HmNJHBV.exe
  C:\Windows\System\HmNJHBV.exe
  2⤵
  PID:2828
- C:\Windows\System\ijZuLXe.exe
  C:\Windows\System\ijZuLXe.exe
  2⤵
  PID:8096
- C:\Windows\System\CYUzOXb.exe
  C:\Windows\System\CYUzOXb.exe
  2⤵
  PID:2444
- C:\Windows\System\wGWeBrR.exe
  C:\Windows\System\wGWeBrR.exe
  2⤵
  PID:6564
- C:\Windows\System\vztVjkc.exe
  C:\Windows\System\vztVjkc.exe
  2⤵
  PID:1848
- C:\Windows\System\oXCPAms.exe
  C:\Windows\System\oXCPAms.exe
  2⤵
  PID:8540
- C:\Windows\System\vqfptvL.exe
  C:\Windows\System\vqfptvL.exe
  2⤵
  PID:2628
- C:\Windows\System\VwazRtm.exe
  C:\Windows\System\VwazRtm.exe
  2⤵
  PID:8608
- C:\Windows\System\ozYwguL.exe
  C:\Windows\System\ozYwguL.exe
  2⤵
  PID:9016
- C:\Windows\System\zEnEGBD.exe
  C:\Windows\System\zEnEGBD.exe
  2⤵
  PID:9240
- C:\Windows\System\vwoyvgv.exe
  C:\Windows\System\vwoyvgv.exe
  2⤵
  PID:9264
- C:\Windows\System\kNfbwSp.exe
  C:\Windows\System\kNfbwSp.exe
  2⤵
  PID:9280
- C:\Windows\System\SIAXEXc.exe
  C:\Windows\System\SIAXEXc.exe
  2⤵
  PID:9296
- C:\Windows\System\zYNakqx.exe
  C:\Windows\System\zYNakqx.exe
  2⤵
  PID:9312
- C:\Windows\System\VpazMfX.exe
  C:\Windows\System\VpazMfX.exe
  2⤵
  PID:9328
- C:\Windows\System\KmBQXDz.exe
  C:\Windows\System\KmBQXDz.exe
  2⤵
  PID:9352
- C:\Windows\System\ZlyUMzw.exe
  C:\Windows\System\ZlyUMzw.exe
  2⤵
  PID:9368
- C:\Windows\System\hbcZDYd.exe
  C:\Windows\System\hbcZDYd.exe
  2⤵
  PID:9384
- C:\Windows\System\RBZeqhe.exe
  C:\Windows\System\RBZeqhe.exe
  2⤵
  PID:9400
- C:\Windows\System\hXbjjOc.exe
  C:\Windows\System\hXbjjOc.exe
  2⤵
  PID:9416
- C:\Windows\System\HlLdCAg.exe
  C:\Windows\System\HlLdCAg.exe
  2⤵
  PID:9444
- C:\Windows\System\ZlHIQfK.exe
  C:\Windows\System\ZlHIQfK.exe
  2⤵
  PID:9464
- C:\Windows\System\vQPrdLW.exe
  C:\Windows\System\vQPrdLW.exe
  2⤵
  PID:9480
- C:\Windows\System\nyEZBMd.exe
  C:\Windows\System\nyEZBMd.exe
  2⤵
  PID:9504
- C:\Windows\System\RwAXNbo.exe
  C:\Windows\System\RwAXNbo.exe
  2⤵
  PID:9528
- C:\Windows\System\RbWNdYm.exe
  C:\Windows\System\RbWNdYm.exe
  2⤵
  PID:9548
- C:\Windows\System\rNtkBbE.exe
  C:\Windows\System\rNtkBbE.exe
  2⤵
  PID:9568
- C:\Windows\System\RHzRYEa.exe
  C:\Windows\System\RHzRYEa.exe
  2⤵
  PID:9584
- C:\Windows\System\xwqkKbb.exe
  C:\Windows\System\xwqkKbb.exe
  2⤵
  PID:9600
- C:\Windows\System\bvHONVN.exe
  C:\Windows\System\bvHONVN.exe
  2⤵
  PID:9616
- C:\Windows\System\VfdnIUl.exe
  C:\Windows\System\VfdnIUl.exe
  2⤵
  PID:9640
- C:\Windows\System\kMiRMDL.exe
  C:\Windows\System\kMiRMDL.exe
  2⤵
  PID:9656
- C:\Windows\System\cWgErAK.exe
  C:\Windows\System\cWgErAK.exe
  2⤵
  PID:9672
- C:\Windows\System\wMLblLO.exe
  C:\Windows\System\wMLblLO.exe
  2⤵
  PID:9688
- C:\Windows\System\dBiPkxb.exe
  C:\Windows\System\dBiPkxb.exe
  2⤵
  PID:9704
- C:\Windows\System\kbimuSV.exe
  C:\Windows\System\kbimuSV.exe
  2⤵
  PID:9720
- C:\Windows\System\JnXmmSG.exe
  C:\Windows\System\JnXmmSG.exe
  2⤵
  PID:9744
- C:\Windows\System\gvYtbDl.exe
  C:\Windows\System\gvYtbDl.exe
  2⤵
  PID:9764
- C:\Windows\System\RqPYtdD.exe
  C:\Windows\System\RqPYtdD.exe
  2⤵
  PID:9784
- C:\Windows\System\RntHRQw.exe
  C:\Windows\System\RntHRQw.exe
  2⤵
  PID:9804
- C:\Windows\System\blNCAUl.exe
  C:\Windows\System\blNCAUl.exe
  2⤵
  PID:9824
- C:\Windows\System\PwdPWvt.exe
  C:\Windows\System\PwdPWvt.exe
  2⤵
  PID:9856
- C:\Windows\System\sKEQBSk.exe
  C:\Windows\System\sKEQBSk.exe
  2⤵
  PID:9908
- C:\Windows\System\YFfTgse.exe
  C:\Windows\System\YFfTgse.exe
  2⤵
  PID:9928
- C:\Windows\System\FUgXcBS.exe
  C:\Windows\System\FUgXcBS.exe
  2⤵
  PID:9956
- C:\Windows\System\DQqdORp.exe
  C:\Windows\System\DQqdORp.exe
  2⤵
  PID:9972
- C:\Windows\System\WBdCHRr.exe
  C:\Windows\System\WBdCHRr.exe
  2⤵
  PID:10008
- C:\Windows\System\uQHZRAI.exe
  C:\Windows\System\uQHZRAI.exe
  2⤵
  PID:10032
- C:\Windows\System\DKXZRPS.exe
  C:\Windows\System\DKXZRPS.exe
  2⤵
  PID:10052
- C:\Windows\System\ojuONRQ.exe
  C:\Windows\System\ojuONRQ.exe
  2⤵
  PID:10072
- C:\Windows\System\zJhQEOq.exe
  C:\Windows\System\zJhQEOq.exe
  2⤵
  PID:10092
- C:\Windows\System\HVxwmGo.exe
  C:\Windows\System\HVxwmGo.exe
  2⤵
  PID:10112
- C:\Windows\System\CBVHMCh.exe
  C:\Windows\System\CBVHMCh.exe
  2⤵
  PID:10132
- C:\Windows\System\OMbQZTx.exe
  C:\Windows\System\OMbQZTx.exe
  2⤵
  PID:10148
- C:\Windows\System\aJcQaOh.exe
  C:\Windows\System\aJcQaOh.exe
  2⤵
  PID:10172
- C:\Windows\System\UxWoGzY.exe
  C:\Windows\System\UxWoGzY.exe
  2⤵
  PID:10192
- C:\Windows\System\MlLkNwe.exe
  C:\Windows\System\MlLkNwe.exe
  2⤵
  PID:10212
- C:\Windows\System\iCUphKC.exe
  C:\Windows\System\iCUphKC.exe
  2⤵
  PID:10228
- C:\Windows\System\vDqBGYw.exe
  C:\Windows\System\vDqBGYw.exe
  2⤵
  PID:9256
- C:\Windows\System\hnwIJud.exe
  C:\Windows\System\hnwIJud.exe
  2⤵
  PID:2940
- C:\Windows\System\KIvhwYI.exe
  C:\Windows\System\KIvhwYI.exe
  2⤵
  PID:9232
- C:\Windows\System\CGwviuk.exe
  C:\Windows\System\CGwviuk.exe
  2⤵
  PID:9272
- C:\Windows\System\MjQjBhs.exe
  C:\Windows\System\MjQjBhs.exe
  2⤵
  PID:9308
- C:\Windows\System\iyfEwiR.exe
  C:\Windows\System\iyfEwiR.exe
  2⤵
  PID:9292
- C:\Windows\System\GoDJTUQ.exe
  C:\Windows\System\GoDJTUQ.exe
  2⤵
  PID:9324
- C:\Windows\System\CuouKGj.exe
  C:\Windows\System\CuouKGj.exe
  2⤵
  PID:9592
- C:\Windows\System\dhBRPqI.exe
  C:\Windows\System\dhBRPqI.exe
  2⤵
  PID:9476
- C:\Windows\System\WunbtzO.exe
  C:\Windows\System\WunbtzO.exe
  2⤵
  PID:9556
- C:\Windows\System\imThIqk.exe
  C:\Windows\System\imThIqk.exe
  2⤵
  PID:9636
- C:\Windows\System\DDuLCAU.exe
  C:\Windows\System\DDuLCAU.exe
  2⤵
  PID:9460
- C:\Windows\System\plQpDlf.exe
  C:\Windows\System\plQpDlf.exe
  2⤵
  PID:9500
- C:\Windows\System\gLSgEjR.exe
  C:\Windows\System\gLSgEjR.exe
  2⤵
  PID:9576
- C:\Windows\System\tgwhnff.exe
  C:\Windows\System\tgwhnff.exe
  2⤵
  PID:9648
- C:\Windows\System\aKqTQDK.exe
  C:\Windows\System\aKqTQDK.exe
  2⤵
  PID:9696
- C:\Windows\System\bySyycb.exe
  C:\Windows\System\bySyycb.exe
  2⤵
  PID:9732
- C:\Windows\System\mcJFLkp.exe
  C:\Windows\System\mcJFLkp.exe
  2⤵
  PID:9772
- C:\Windows\System\vTVPiJR.exe
  C:\Windows\System\vTVPiJR.exe
  2⤵
  PID:9812
- C:\Windows\System\IPcDdui.exe
  C:\Windows\System\IPcDdui.exe
  2⤵
  PID:9816
- C:\Windows\System\YemkLXD.exe
  C:\Windows\System\YemkLXD.exe
  2⤵
  PID:9796
- C:\Windows\System\uOJrwWp.exe
  C:\Windows\System\uOJrwWp.exe
  2⤵
  PID:9876
- C:\Windows\System\bYaJsWt.exe
  C:\Windows\System\bYaJsWt.exe
  2⤵
  PID:9900
- C:\Windows\System\hhhSCEY.exe
  C:\Windows\System\hhhSCEY.exe
  2⤵
  PID:9840
- C:\Windows\System\qvXCyHW.exe
  C:\Windows\System\qvXCyHW.exe
  2⤵
  PID:9948
- C:\Windows\System\ePuRuoL.exe
  C:\Windows\System\ePuRuoL.exe
  2⤵
  PID:9968
- C:\Windows\System\hiHCtXO.exe
  C:\Windows\System\hiHCtXO.exe
  2⤵
  PID:9992
- C:\Windows\System\xCgesMY.exe
  C:\Windows\System\xCgesMY.exe
  2⤵
  PID:10016
- C:\Windows\System\VDYxUwu.exe
  C:\Windows\System\VDYxUwu.exe
  2⤵
  PID:10048
- C:\Windows\System\OcIiZfc.exe
  C:\Windows\System\OcIiZfc.exe
  2⤵
  PID:10084
- C:\Windows\System\RmmDcoJ.exe
  C:\Windows\System\RmmDcoJ.exe
  2⤵
  PID:10100
- C:\Windows\System\XTSoinz.exe
  C:\Windows\System\XTSoinz.exe
  2⤵
  PID:10128
- C:\Windows\System\CEVwUvg.exe
  C:\Windows\System\CEVwUvg.exe
  2⤵
  PID:10144
- C:\Windows\System\DFUivcJ.exe
  C:\Windows\System\DFUivcJ.exe
  2⤵
  PID:10188
- C:\Windows\System\DsXIekV.exe
  C:\Windows\System\DsXIekV.exe
  2⤵
  PID:9224
- C:\Windows\System\ZOpbrvT.exe
  C:\Windows\System\ZOpbrvT.exe
  2⤵
  PID:992
- C:\Windows\System\AltXova.exe
  C:\Windows\System\AltXova.exe
  2⤵
  PID:10208
- C:\Windows\System\llrCeYK.exe
  C:\Windows\System\llrCeYK.exe
  2⤵
  PID:9380
- C:\Windows\System\nRBfRNh.exe
  C:\Windows\System\nRBfRNh.exe
  2⤵
  PID:9348
- C:\Windows\System\snkPose.exe
  C:\Windows\System\snkPose.exe
  2⤵
  PID:9320
- C:\Windows\System\CFkUBFj.exe
  C:\Windows\System\CFkUBFj.exe
  2⤵
  PID:9424
- C:\Windows\System\nUVgWgg.exe
  C:\Windows\System\nUVgWgg.exe
  2⤵
  PID:9516
- C:\Windows\System\SQiSaHY.exe
  C:\Windows\System\SQiSaHY.exe
  2⤵
  PID:9564
- C:\Windows\System\oRTLvgu.exe
  C:\Windows\System\oRTLvgu.exe
  2⤵
  PID:9492
- C:\Windows\System\MPcvWPF.exe
  C:\Windows\System\MPcvWPF.exe
  2⤵
  PID:9596
- C:\Windows\System\mWykgTt.exe
  C:\Windows\System\mWykgTt.exe
  2⤵
  PID:9884
- C:\Windows\System\rVmTzuH.exe
  C:\Windows\System\rVmTzuH.exe
  2⤵
  PID:9792
- C:\Windows\System\cABRCZy.exe
  C:\Windows\System\cABRCZy.exe
  2⤵
  PID:9544
- C:\Windows\System\UahqVwF.exe
  C:\Windows\System\UahqVwF.exe
  2⤵
  PID:10252
- C:\Windows\System\zyFgGaO.exe
  C:\Windows\System\zyFgGaO.exe
  2⤵
  PID:10268
- C:\Windows\System\awgoLVa.exe
  C:\Windows\System\awgoLVa.exe
  2⤵
  PID:10288
- C:\Windows\System\rvymWRd.exe
  C:\Windows\System\rvymWRd.exe
  2⤵
  PID:10324
- C:\Windows\System\henFPmH.exe
  C:\Windows\System\henFPmH.exe
  2⤵
  PID:10360
- C:\Windows\System\yebyPde.exe
  C:\Windows\System\yebyPde.exe
  2⤵
  PID:10376
- C:\Windows\System\FjugDkk.exe
  C:\Windows\System\FjugDkk.exe
  2⤵
  PID:10392
- C:\Windows\System\HBpMQUH.exe
  C:\Windows\System\HBpMQUH.exe
  2⤵
  PID:10424
- C:\Windows\System\TKthRhg.exe
  C:\Windows\System\TKthRhg.exe
  2⤵
  PID:10444
- C:\Windows\System\JZyoqeu.exe
  C:\Windows\System\JZyoqeu.exe
  2⤵
  PID:10460
- C:\Windows\System\BVRIWsc.exe
  C:\Windows\System\BVRIWsc.exe
  2⤵
  PID:10480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AkptnpO.exe

Filesize
6.1MB

MD5
80fc71a3977dc4fcaf18c7e35c050a18

SHA1
7be9fc2aafa295fc9db061170b0045330f531817

SHA256
ea78fdfe14397d4dbf2ce4ff4a62ac6195365bfc10f4f1e77ca439e4245b8ae4

SHA512
82cdc29b7fc7a4d745968950e9890fb8a67800923537582b47fdce7fa95a666491f010e10a58cc50b325edccbe5f4becc7345a3125dc1f695fd21b01407f26cf

Download Submit
C:\Windows\system\Cezysdd.exe

Filesize
6.1MB

MD5
9de154e29688ad282f430667007a4025

SHA1
f47c1828b9f05a1f0091337dcfd3b9c835e88707

SHA256
c47ecd80c60d6739a38f940c11b41b8242c405c6d7f1d1969a18c462843e53d4

SHA512
82527e3d4004050d0c4f7641c44e88bfce4d29d27a2274d08a2afd83599cbd7aaba871aff80cb008dc334a057785b00a90dfe858285d18003066c90cba5826e9

Download Submit
C:\Windows\system\EczbUbV.exe

Filesize
6.1MB

MD5
a8c9e6bc22a6c6d537c8edaf9843c269

SHA1
601d2bdbd55414ae828c88ce5b06680f2a8d1e64

SHA256
cfdac72a2a4cd4b528d88311813223d31c17b77c5c85d88d7600021760ed6785

SHA512
bcd7c7474dec31ffb97e554a670bc92a524b165ceb0d52d1520d2f5d1923ce4de24d0d16bdc57b491e08a97a77015ff4c9cca4f8f5bc8ffcd926dff17cbf8f60

Download Submit
C:\Windows\system\GYcJyeM.exe

Filesize
6.1MB

MD5
ebb21bd12f1043e7cb4dc438ca23e2bf

SHA1
d3bfcaf2f3306e347e2f345e104695dfa951d9b3

SHA256
be15c0b124db0ee5790c1ae5e72fe5a6af5acb88ce601c64e46187597193bc52

SHA512
127a4d914afdb68ecdba4ca60b4712d5e04c541ad9e6c2c456693c8493dd4e00d566dcc5575e5ff08ead3d07e8799ce2ce9766e5610960ffefb84883379b9daa

Download Submit
C:\Windows\system\JzqGzCt.exe

Filesize
6.1MB

MD5
99b7b508e522194bce3fc2a6bb3e2993

SHA1
bfff4f0f35635727fb70fbc8273667d411875a9d

SHA256
6d03c0dc636236b657d8dfb6d62edaf73dcec6c45d601f7dbfa74b1acabff2c0

SHA512
d7154d377a7fde3f1ce7eb9d70b49a69f72cc4003238ad83b5d54be1270b152a183dc2b1e633e362694776abb6c336b2ddd59e5c13d981519dbaf04f8287e815

Download Submit
C:\Windows\system\LVPLHBu.exe

Filesize
6.1MB

MD5
1aedede4993700ecd66f04d324c46b44

SHA1
6870d23cb90796be071d0c23fedb9749b7860964

SHA256
3e81c892168c70c4253062a92f3d627a4f1916eb9dd2a5b5320424249367002d

SHA512
2e994388ff134e67c157a9ab66b1e51af4d8f7c4d416878beb74a25b900c1a0569f5f194af217097d31e5fc3b4b76d60c7f1009a8622c452b125fce1c6a0c97b

Download Submit
C:\Windows\system\MTfFuCY.exe

Filesize
6.1MB

MD5
20b43169b91ffa5ff6f924344237853f

SHA1
62dcda765ca807d054ab3180b93e8ae343ea4f09

SHA256
f45d786f8d2fb58370ddcfd67d143b89c67d5b91b074b11d365c588b426cde74

SHA512
de203e8b666d867ec9abd5cf70bf3dbfcfb3548a6466b8e1149d1add793f9bcc652d2350355f848070b5932471860c97b962cc849386e788369307b04a7b1069

Download Submit
C:\Windows\system\NOgZOWH.exe

Filesize
6.1MB

MD5
08e7f5ce4c3f5e13c57f67d5dbf4a9d7

SHA1
26cfd4e41261cc88bda5657f714d38d6e5a0348d

SHA256
ddf013cc42fa6f827c4ad577110259c9d6db555442a8ea38aa5b611c2bd81773

SHA512
db7a8c90b2e0f20a05ac2efd8b41606ddbdf16cc8d355f676812defcfc3cffd2ec7de024bd8a35b6036c745c95c4fbb9777f4b4f176f945a35d617bec4073253

Download Submit
C:\Windows\system\NpaAKPS.exe

Filesize
6.1MB

MD5
f943992ae532501183367415003c94a6

SHA1
fd9691a202ccdf783ccbcfd360c6977c9115904c

SHA256
75539f85b47c4495a0b336230c94af60b659cfe99e8bcd8648025b1552fc9ab3

SHA512
7142ae28746a946bb5e9b3ad053bd37c9c4d4d42aae705426b7e83752ef81aec0d29ce3a675e1e2676709fffee8622764693e503af16d2e5bc85b32a768d238a

Download Submit
C:\Windows\system\PvQqijI.exe

Filesize
6.1MB

MD5
f8252815030e49bab2e57293f9bd9301

SHA1
9da85ce060b36e7af3a9b20696243f5d0de7764d

SHA256
4306347f58605cd077fbc8da70b6ebfe7e454dc44527dcbc9275e31867eee339

SHA512
09f50384dcff7d3aa8bc2015cc3c853118f042831bb18da3d3d2c52a89478a16c9df588e025c533ca704ff5f2c5d18b94c63aa3bc1d46f27e4310c916a66dace

Download Submit
C:\Windows\system\SDVNfZL.exe

Filesize
6.1MB

MD5
71f90f3acea8969a147cdef6b0a2393a

SHA1
7c2048f396a0f9b1e943d87fd23c66f5a3605d6e

SHA256
bc23a1082d130eb8bf3b630b8a5859cc9245d55d21d9736e3732a8b5d3fcd4e8

SHA512
db97d3caa07255f164161bebb97a220eca235ef424f600e1e295a6116888e0625efa7c15d2176066d3eb359baf557ede7f5e0d0d5bd0daae6d78673dc5622f2f

Download Submit
C:\Windows\system\SeStMyz.exe

Filesize
6.1MB

MD5
e5b6e4a33518fa05ccb3dbc13fd476d4

SHA1
90a4a9065be47b101e22541f6de600840cf35af3

SHA256
c1dfa6d4f2d7abca441c015738d99b2564622bb6fe42ae8ca0b586808c5caaad

SHA512
2201fc9bb6f0917817c52d4e26e5ef97898945a589b5521355adc154903eaa73c11c26fe22f1f7f3ade31e5a84fda87c1d24c200ef551f5618dc11e543c75677

Download Submit
C:\Windows\system\TljUSul.exe

Filesize
6.1MB

MD5
052f4011a49975d457962144a3791a26

SHA1
bf5192457584827eaa3f7754c48a274b85e62c58

SHA256
c624a7ef117566cfed45bf33b899fdb48246efd1d940ab36ab17f5a60eb6d02e

SHA512
467090cabbe709235cddd828c3710ca0132841bad3e3a1bcfc5ac6fbe20e22f1e5bb0ff53436f6cfd3482ece86c005c1cb7596cdf6f594ab8e2aca4ba5f4381a

Download Submit
C:\Windows\system\aMFjzmT.exe

Filesize
6.1MB

MD5
ebbf0189465fb076de1e20a0db4bc159

SHA1
c82f7407817cead842ab8d3f66a50be3412bf9c4

SHA256
94cd49b4d96d04e66993f6f3b198a1c82016887c55c60aad7c147ab5339dc2fb

SHA512
d9bea11fed0565feed073ab499a99c6f92505bb06d392aca401356280465f3f18d4417f72996aaec9f6dedc340c61fb923567f107508487d7ee52e4f1b6aeb07

Download Submit
C:\Windows\system\eZEboMx.exe

Filesize
6.1MB

MD5
6b182cfa1ddda040b93e0458a1542842

SHA1
ecb2a4dbe815d919b350bd8c834b56ee7c8ecd9a

SHA256
c05c950c070b502ec59baf1d11688b6390318b885773b5f53cc9f2de93f35a24

SHA512
6588602aac3ac7aac79f4eb29b9e8d4367e8571d31ebb0bed8237d657e250a52acc35e6819c8df3beb537726427c07d3df261733485c771c2c2ee3d5b4fa0c80

Download Submit
C:\Windows\system\edtgGsA.exe

Filesize
6.1MB

MD5
36fd8ce64b4f705e93f3db01b822dcc1

SHA1
323ae7ba1d182fdcf0150d8ff44167399e765a62

SHA256
c5bf85def06f93c6d477e76053d6bff45525cdff36ed4ff33928299d394d0867

SHA512
99df152ccba7e5e51ad8d20bfb262bad5da63ad35cd54c0419a7745c7e0efe71919607fbddecd2d36edfd1afbf2551dda78b886bcd115728881f895becdfb74a

Download Submit
C:\Windows\system\kILoIVn.exe

Filesize
6.1MB

MD5
fffecb359a0cf14e5273ac065ac51fb9

SHA1
b0051af16a0ce1778e6e5cdce5fa83e9be5857d3

SHA256
c7c1552c1f307e9fd80b6258ee6107374535060693d8a637786eb8fe7ed7641f

SHA512
5133627049bdcba0bac122fa66c0bc84317ad7d729b9d8215f36c7fc259ccf0d41ab0c9c7f61ac77bd8b9f1a86adf656c7283c82636c6bbec3cd19bac07f8594

Download Submit
C:\Windows\system\kTonutz.exe

Filesize
6.1MB

MD5
b0106492a32eb05cc0ba7758c0fb2cc2

SHA1
ac708de7f2682d5d5e2f62ad7df23dc1eb9229ac

SHA256
01e06192f7319f98ad26f4f0ae6e727a5d3bb3a64cf95ef0c4ecf118b1633d37

SHA512
86a803f9cd469e9c8b7af8fe4c601d2acd97ba9de72dcc6fc42cc88e348b98e93e6ad57a8506cae7caaa3d18fa30f8940260d7bdfa68d6e68f77307a653294e2

Download Submit
C:\Windows\system\kvioNkn.exe

Filesize
6.1MB

MD5
2502c3b17b03206ee7cd59b1d6609ddb

SHA1
f80f69310d37d34e6760fa6e8a74dfad0da27e0e

SHA256
a4a75e7dce4f3fcec533c065bb11483006ee76a8726da8c64ed45af99d81765b

SHA512
e99cecff641f65395712147913a042d6f24b2580f0c80534e5e653854465e1d323ffca74782341e327098a3e29ff76f9d9c72a3211503b9c6338b10c29ff01ed

Download Submit
C:\Windows\system\oErCZxR.exe

Filesize
6.1MB

MD5
c7819f96b164d64b03829b6306682697

SHA1
6299c57e1345332d09fe9abc31585ed865f447d9

SHA256
1d46e620f6611d949e845d55d30724f98aa6b2c9a1867073b4a9e37df6850270

SHA512
973e3af27776d8d4c1c958a0ba392ed45e83eb7b200c33ea8e7f409f3675577d0f1c3987aaeb7e504af84d22faa739c3b3c16cd84d6b6f673bcf063b35381e78

Download Submit
C:\Windows\system\rZyxtTR.exe

Filesize
6.1MB

MD5
059d2a3f6a7d8e4aab8a98edaff6cd4a

SHA1
0bb2e3aadfbb00eb5ab0ee0ec37cc1889f7557d5

SHA256
ca7400892f897f73fc8f8f000c36d8f59c1b1c67d4740300e1cab668a02ce617

SHA512
64da37e8236b3eaf5c3c3ae6c1fb42141ca3f35c43327e804669f6b0a56ad161a100b4cb1fa6c33583ad5a9efb9c5b09634a53a981f52ae9e705d4cb948a43a3

Download Submit
C:\Windows\system\wGVwCzg.exe

Filesize
6.1MB

MD5
a941c7982c8c1b4d07eb8880645fe6f6

SHA1
fdfe81999838eb856aa16f67a94edabc81efafbf

SHA256
8aaf6fc9b55c72278eb84bd393af10b5030d35d47b82ab80d7849ae2facdeeb6

SHA512
a892162aa5cc3244197bcb90478c43272e4a42c99ac9590d2fb028eefc0c5dd28c18baf087f25c63912689b968bef0f4473777b6ed7cce1d576137702f2dff2a

Download Submit
\Windows\system\FNVQDVo.exe

Filesize
6.1MB

MD5
9e6bb928d27b7156e7a2ad96c1f7d14b

SHA1
bee3c01f2e2ff13d5dc7f8202f326cf565dc7594

SHA256
a648c820e26bf389ac7795c3af80593b8f075c93c7e58dfde4d6ce0176f3bcc5

SHA512
76b8d890dc53c177eb406dce7f56e692bb6f6894a468389cf3647f4f5c9caf94dcf9dfaf6f87b568763731dad42fb6d7ce7efaff7582befea42a855fdb5e2f3f

Download Submit
\Windows\system\PTnIYPW.exe

Filesize
6.1MB

MD5
123bfc846161f39ea3261884d5d0cbdf

SHA1
9058c127a068c02be8ab4411295f9407a3d93ece

SHA256
46570a4b704f1149f43078a2044110ed1edfd210a383008cd73f4b03b6b89d91

SHA512
7474c53562874c76f6692033d912452a4e9c0433b1f9b07e889fd27d679fd93761b3cb7b493b207bece73868b23b56682f34cbaceba9821a6e58b548518b732b

Download Submit
\Windows\system\SMEYGRq.exe

Filesize
6.1MB

MD5
70d2e08af8f118bf65e96a975f22110b

SHA1
6c87e3bc220897a3a2e5cd93370f36c3fc8e390d

SHA256
3d3179008be411d4c153a67d00bd75f9e3a540bbe62edeefd906b75cf2dd17af

SHA512
96f446a112fe8d0ed407e54550c2d34d5e4867cf2511acbd3a4b330fe13248c2f5e10d68b6dc9f2e77de64c41acae53c1682fd9dd29a2a06b87ee17da14ba604

Download Submit
\Windows\system\UuGihHU.exe

Filesize
6.1MB

MD5
9143b9c1e9a91950160b8927e946b53f

SHA1
5171325f95824cc5bde46320744f7d8c3b609611

SHA256
76ca1c4dd8307318e927bc0eec963a5695d661ca233552f463a88407d5ef224d

SHA512
4fab26e62dc6ad516a8bbac18eb1fc196f2ef2ed2715aea901b103d13de1154445d7afd70da138ccab3822f373604f8e9e91ba181848601f596eedcf5e6a4384

Download Submit
\Windows\system\WeMaGVB.exe

Filesize
6.1MB

MD5
d617d7ff643bf429a299ce6ea7931606

SHA1
c748aa705553041db5fb26f75183d22b3a8b746b

SHA256
fac7157c33070891481812670b1205d772378bdfb3d155bb7876e3e7974a9620

SHA512
f3294b0fc704a31a366d254b5b6d939ab7e53f045556489b2b8c1a302fd78b79ef28f80aba190db47bec8658a02607a53c8e174b29b69a6a5dff43472dfd2be9

Download Submit
\Windows\system\etdYFaq.exe

Filesize
6.1MB

MD5
c60534e5c8aa0188009337fd6506dd80

SHA1
45ac282db59a885fc1ccd03a294b407458574f13

SHA256
62aa4c976b0c274fadf36121c9758ac8d406901ee4d73a3ba6c5c70a65777f62

SHA512
691c655b8c6b481df107ff9110d5dd75a61c2b8a9c8eec5b9f03aa4deae926da022608995f2814c8d71d1b5b72b83004a23811d7c913be62ea401a946302434b

Download Submit
\Windows\system\jODaEnd.exe

Filesize
6.1MB

MD5
0655db4e94615adcab3a184d96cc814f

SHA1
4572cfb8a60591476dc05a8b63b94bb4f644b9d8

SHA256
0f04e53aee37716f8fb34109faf1fa02b96fcb0701e283a74386d1ab0510c9b2

SHA512
f7ba565213ea16291d7b47e78fae53e326b0386ca28a3e8bae6e89cb963de1e2e4e1744a30910cf32b1580e507ef6e4275d12c97bc6b661c5e12c7be738a7caa

Download Submit
\Windows\system\mGMnZys.exe

Filesize
6.1MB

MD5
9321282cdfbb20db8c324f198535ef78

SHA1
3f030a96881f195be3c421c486c1df6436634d81

SHA256
57af378b242e1ce1b313a5657700cd5b0fb771c92f52e8cd388c7ac32d849672

SHA512
03e14aa49e43781df3978186974ac092ff5861ed82c2db675f701c7593cab07ea104fc6bb9a4fef01afcccb49908345da9ea149f00630419e472fbf234fca8f0

Download Submit
\Windows\system\oYtCRJl.exe

Filesize
6.1MB

MD5
3e72d492d14d6d7ba2b972edf3cc5f69

SHA1
119088f42e3dea49e9404e98080c24e0a6eccab9

SHA256
4c6542a5bfd4d1465a37b29e8310ac4a0c88d8da5b98755aae33e820bd1160cb

SHA512
7e9eca2689676624107a40e5400784fc4c1fc15ae6e8c0308e63b40745c63f5bce374a5d3212c2a1a8a09dffe703f4befd16425d8f1e16ed52fe75e0a6b72874

Download Submit
\Windows\system\soUZFCR.exe

Filesize
6.1MB

MD5
7e963a115d08a6920fa9fee9e43d39bf

SHA1
38ec1b23011d3472d434e4bb02a8b15bcbe8c33d

SHA256
815940f324d43e35188fee72d8e84cbb30ea82328641877cc00972cdd9a72af9

SHA512
cee715dcede59c7c897c424346e05977bb2187c6df185c36c757fc8c3422a22a3518e6065ed5e6e3cfec8993e38e38d58abb7a200ff42c744ac59c1b2421bfc4

Download Submit
\Windows\system\vqDFDGs.exe

Filesize
6.1MB

MD5
5cdc187a9f7d1d617d0f3f8db9d314ca

SHA1
5b4cca3a36ebda725ae095a6042e81dc0b343153

SHA256
c6020f9b9439bfc5a0364312d1c1bd8d8b007cb444816726723c2bee440f9a2a

SHA512
09881afb4721068d180e65fdf2607199bc2ceac8b855ef23ee1d7c2ee37471aa8d264fdd50be37554e5a250bbe783bca5bc91b10cfc332eb4daaf042173d7b10

Download Submit
memory/680-334-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/680-11-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/680-4153-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/1352-4154-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1352-14-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1352-537-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1692-891-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1692-85-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1692-4156-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1860-890-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1860-84-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1860-4163-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2252-1126-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-105-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-4157-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-43-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2284-4162-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2528-769-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-639-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-20-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2528-57-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-31-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-462-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2528-536-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-91-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2528-90-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2528-15-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2528-87-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2528-86-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-35-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-88-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2528-83-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1010-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-81-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-886-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-0-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2528-72-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-887-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2640-82-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4155-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2720-768-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4160-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2720-66-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2728-89-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1011-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-4164-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2824-4161-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-55-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1127-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2888-4158-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2888-106-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2892-69-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-4159-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-27-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2900-636-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2900-4165-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download