cobaltstrike | 83ad1ffd6bda19dc4cebf2c03056af291ee9eace1a1e9769eeab907525587665

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
31/12/2024, 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

c0db7e107fb090d00ddb004a642e7404
SHA1

841ff5438917117b4e957d866560722424fd6f8a
SHA256

83ad1ffd6bda19dc4cebf2c03056af291ee9eace1a1e9769eeab907525587665
SHA512

ea7f27f004bdfdcb6bfe8de2add1270c2a755738aae9ff9547713d7cad873fd269dc6e78fa940cbaf21d4cf336c2bb5ddd2c7ac96a3f28913cb2e2d52fc89d9c
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUo:eOl56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d5-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d5a-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016e1d-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016f45-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017342-37.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ce8-46.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017355-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019080-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-79.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-71.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2988-0-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d5-6.dat	xmrig
behavioral1/files/0x0008000000016d5a-13.dat	xmrig
behavioral1/memory/2392-14-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2228-12-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d71-11.dat	xmrig
behavioral1/memory/2280-21-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016e1d-23.dat	xmrig
behavioral1/memory/1072-28-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/1672-36-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2988-35-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x0007000000016f45-34.dat	xmrig
behavioral1/files/0x0007000000017342-37.dat	xmrig
behavioral1/memory/2392-48-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2968-50-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ce8-46.dat	xmrig
behavioral1/memory/3016-51-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x0009000000017355-52.dat	xmrig
behavioral1/memory/2988-58-0x00000000024E0000-0x0000000002834000-memory.dmp	xmrig
behavioral1/memory/2688-59-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2988-54-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0007000000019080-64.dat	xmrig
behavioral1/memory/2372-72-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2624-87-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019624-133.dat	xmrig
behavioral1/files/0x0005000000019931-148.dat	xmrig
behavioral1/files/0x0005000000019bf0-159.dat	xmrig
behavioral1/memory/2488-754-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2560-911-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2624-545-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2932-372-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2372-237-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f57-193.dat	xmrig
behavioral1/files/0x0005000000019d69-188.dat	xmrig
behavioral1/files/0x0005000000019cfc-178.dat	xmrig
behavioral1/files/0x0005000000019d5c-183.dat	xmrig
behavioral1/files/0x0005000000019cd5-173.dat	xmrig
behavioral1/files/0x0005000000019c0b-168.dat	xmrig
behavioral1/files/0x0005000000019bf2-162.dat	xmrig
behavioral1/files/0x0005000000019bec-153.dat	xmrig
behavioral1/files/0x00050000000196a0-143.dat	xmrig
behavioral1/files/0x0005000000019665-138.dat	xmrig
behavioral1/files/0x00050000000195e0-128.dat	xmrig
behavioral1/files/0x00050000000195d0-123.dat	xmrig
behavioral1/files/0x00050000000195ce-118.dat	xmrig
behavioral1/files/0x00050000000195cc-114.dat	xmrig
behavioral1/files/0x00050000000195ca-108.dat	xmrig
behavioral1/memory/2488-95-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2688-94-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-93.dat	xmrig
behavioral1/memory/2560-104-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c8-103.dat	xmrig
behavioral1/files/0x00050000000195c6-86.dat	xmrig
behavioral1/memory/2988-85-0x00000000024E0000-0x0000000002834000-memory.dmp	xmrig
behavioral1/memory/2932-80-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c4-79.dat	xmrig
behavioral1/memory/2628-65-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c2-71.dat	xmrig
behavioral1/memory/1672-69-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2988-62-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/1072-61-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2280-53-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2392-3420-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/1072-3418-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2228	gYRHhvy.exe
2392	tyxUvgS.exe
2280	SzJxMRD.exe
1072	gOMZhaR.exe
1672	fneKjyD.exe
2968	UiQLIan.exe
3016	wiTIuyb.exe
2688	dqveaGb.exe
2628	paMROiW.exe
2372	fUxphvO.exe
2932	qedrcoG.exe
2624	ZzSWUTa.exe
2488	secndjv.exe
2560	EqTtOIu.exe
2200	needdUE.exe
1844	YGUxsoW.exe
636	eOWwlNF.exe
2556	RqoQuYb.exe
1784	nMibdXW.exe
2032	qBLdyxi.exe
1184	dTjcPwh.exe
2320	hhQujMt.exe
2452	aGZHzJF.exe
676	kdITwvy.exe
1836	mxMEytD.exe
1912	vJFqVGe.exe
2712	OmLyzyn.exe
2836	fnSgHyM.exe
2096	vuheaJV.exe
340	Xifpbst.exe
2128	ELyNJdN.exe
2056	KRiudgX.exe
1720	TEpNIiw.exe
740	XRDwmFp.exe
1144	nTNQlWu.exe
992	PvueNeJ.exe
532	qbKRjYi.exe
956	FipfYEM.exe
1856	mNjUlrD.exe
1900	eAwRnpH.exe
612	VydHRzZ.exe
1764	hADrDZH.exe
1648	WgwzAiN.exe
880	GAilzGk.exe
1404	PSSSdha.exe
1616	dSbtjLd.exe
3060	JXNTWhi.exe
1644	ycwWOWS.exe
3064	pCAtNLX.exe
1956	wcyTCPY.exe
464	CsMyzHd.exe
3028	LTjlYlD.exe
2312	WZRDMbH.exe
2916	bZnZwQC.exe
2356	nZaTMec.exe
1592	uSZhyMw.exe
1572	XSgDdzy.exe
1576	NbcaFNa.exe
1708	nmXAVcB.exe
2444	tORlsBD.exe
760	KxbRWxm.exe
3068	GOwoDOv.exe
2708	erPOaFc.exe
2496	CMoXmzn.exe

Loads dropped DLL 64 IoCs

pid	Process
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2988-0-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x000a0000000120d5-6.dat	upx
behavioral1/files/0x0008000000016d5a-13.dat	upx
behavioral1/memory/2392-14-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2228-12-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0007000000016d71-11.dat	upx
behavioral1/memory/2280-21-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0007000000016e1d-23.dat	upx
behavioral1/memory/1072-28-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/1672-36-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2988-35-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x0007000000016f45-34.dat	upx
behavioral1/files/0x0007000000017342-37.dat	upx
behavioral1/memory/2392-48-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2968-50-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0009000000016ce8-46.dat	upx
behavioral1/memory/3016-51-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x0009000000017355-52.dat	upx
behavioral1/memory/2688-59-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0007000000019080-64.dat	upx
behavioral1/memory/2372-72-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2624-87-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0005000000019624-133.dat	upx
behavioral1/files/0x0005000000019931-148.dat	upx
behavioral1/files/0x0005000000019bf0-159.dat	upx
behavioral1/memory/2488-754-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2560-911-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2624-545-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2932-372-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2372-237-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x0005000000019f57-193.dat	upx
behavioral1/files/0x0005000000019d69-188.dat	upx
behavioral1/files/0x0005000000019cfc-178.dat	upx
behavioral1/files/0x0005000000019d5c-183.dat	upx
behavioral1/files/0x0005000000019cd5-173.dat	upx
behavioral1/files/0x0005000000019c0b-168.dat	upx
behavioral1/files/0x0005000000019bf2-162.dat	upx
behavioral1/files/0x0005000000019bec-153.dat	upx
behavioral1/files/0x00050000000196a0-143.dat	upx
behavioral1/files/0x0005000000019665-138.dat	upx
behavioral1/files/0x00050000000195e0-128.dat	upx
behavioral1/files/0x00050000000195d0-123.dat	upx
behavioral1/files/0x00050000000195ce-118.dat	upx
behavioral1/files/0x00050000000195cc-114.dat	upx
behavioral1/files/0x00050000000195ca-108.dat	upx
behavioral1/memory/2488-95-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2688-94-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-93.dat	upx
behavioral1/memory/2560-104-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x00050000000195c8-103.dat	upx
behavioral1/files/0x00050000000195c6-86.dat	upx
behavioral1/memory/2932-80-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x00050000000195c4-79.dat	upx
behavioral1/memory/2628-65-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x00050000000195c2-71.dat	upx
behavioral1/memory/1672-69-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/1072-61-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2280-53-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2392-3420-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/1072-3418-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2228-3441-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2280-3442-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2968-3465-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/1672-3476-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sVpVrtt.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljhaRkt.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NovGBjU.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIwyRHO.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvwxeLN.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLPLpwh.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GksXkyO.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycwWOWS.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDtzuCS.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjKFhjQ.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeewAlc.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\baKABIy.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZujJUPd.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PLRWqfP.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsHDkvk.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cViaMzL.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okDtomC.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UURYIdn.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFppnGH.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aacuzoq.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKeQZxY.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIUYjlB.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFEgkQd.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVVtZbx.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtuGCZM.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTRjtjk.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQMVXra.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GngHkYV.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgOJMCN.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YGqczBr.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJcuKjt.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHNnKLi.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbOEVvU.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlLfiuf.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDufYKy.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOUlldT.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xitOcpx.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvjgfpT.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAZaoRG.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mrkGIxr.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XltFmkx.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQhdTQV.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\byCqTij.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGOEtcY.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlABXGv.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POlbYHS.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbojoXJ.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwbEJTW.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJQlQVe.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lZKwYsD.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwQdFEd.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBQZsmS.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwGRSIp.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMbfcrs.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnQOGFg.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTGwnOj.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCrjxGR.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OdyUlwf.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xunakpT.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFgXmwm.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVHOaxT.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynJVsIG.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFFhgsP.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejTPTvT.exe	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2228	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2988 wrote to memory of 2228	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2988 wrote to memory of 2228	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2988 wrote to memory of 2392	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2988 wrote to memory of 2392	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2988 wrote to memory of 2392	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2988 wrote to memory of 2280	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2988 wrote to memory of 2280	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2988 wrote to memory of 2280	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2988 wrote to memory of 1072	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2988 wrote to memory of 1072	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2988 wrote to memory of 1072	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2988 wrote to memory of 1672	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2988 wrote to memory of 1672	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2988 wrote to memory of 1672	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2988 wrote to memory of 2968	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2988 wrote to memory of 2968	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2988 wrote to memory of 2968	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2988 wrote to memory of 3016	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2988 wrote to memory of 3016	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2988 wrote to memory of 3016	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2988 wrote to memory of 2688	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2988 wrote to memory of 2688	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2988 wrote to memory of 2688	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2988 wrote to memory of 2628	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2988 wrote to memory of 2628	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2988 wrote to memory of 2628	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2988 wrote to memory of 2372	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2988 wrote to memory of 2372	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2988 wrote to memory of 2372	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2988 wrote to memory of 2932	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2988 wrote to memory of 2932	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2988 wrote to memory of 2932	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2988 wrote to memory of 2624	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2988 wrote to memory of 2624	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2988 wrote to memory of 2624	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2988 wrote to memory of 2488	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2988 wrote to memory of 2488	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2988 wrote to memory of 2488	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2988 wrote to memory of 2560	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2988 wrote to memory of 2560	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2988 wrote to memory of 2560	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2988 wrote to memory of 2200	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2988 wrote to memory of 2200	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2988 wrote to memory of 2200	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2988 wrote to memory of 1844	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2988 wrote to memory of 1844	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2988 wrote to memory of 1844	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2988 wrote to memory of 636	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2988 wrote to memory of 636	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2988 wrote to memory of 636	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2988 wrote to memory of 2556	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2988 wrote to memory of 2556	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2988 wrote to memory of 2556	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2988 wrote to memory of 1784	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2988 wrote to memory of 1784	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2988 wrote to memory of 1784	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2988 wrote to memory of 2032	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2988 wrote to memory of 2032	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2988 wrote to memory of 2032	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2988 wrote to memory of 1184	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2988 wrote to memory of 1184	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2988 wrote to memory of 1184	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2988 wrote to memory of 2320	2988	2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-31_c0db7e107fb090d00ddb004a642e7404_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\System\gYRHhvy.exe
  C:\Windows\System\gYRHhvy.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\tyxUvgS.exe
  C:\Windows\System\tyxUvgS.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\SzJxMRD.exe
  C:\Windows\System\SzJxMRD.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\gOMZhaR.exe
  C:\Windows\System\gOMZhaR.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\fneKjyD.exe
  C:\Windows\System\fneKjyD.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\UiQLIan.exe
  C:\Windows\System\UiQLIan.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\wiTIuyb.exe
  C:\Windows\System\wiTIuyb.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\dqveaGb.exe
  C:\Windows\System\dqveaGb.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\paMROiW.exe
  C:\Windows\System\paMROiW.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\fUxphvO.exe
  C:\Windows\System\fUxphvO.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\qedrcoG.exe
  C:\Windows\System\qedrcoG.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\ZzSWUTa.exe
  C:\Windows\System\ZzSWUTa.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\secndjv.exe
  C:\Windows\System\secndjv.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\EqTtOIu.exe
  C:\Windows\System\EqTtOIu.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\needdUE.exe
  C:\Windows\System\needdUE.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\YGUxsoW.exe
  C:\Windows\System\YGUxsoW.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\eOWwlNF.exe
  C:\Windows\System\eOWwlNF.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\RqoQuYb.exe
  C:\Windows\System\RqoQuYb.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\nMibdXW.exe
  C:\Windows\System\nMibdXW.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\qBLdyxi.exe
  C:\Windows\System\qBLdyxi.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\dTjcPwh.exe
  C:\Windows\System\dTjcPwh.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\hhQujMt.exe
  C:\Windows\System\hhQujMt.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\aGZHzJF.exe
  C:\Windows\System\aGZHzJF.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\kdITwvy.exe
  C:\Windows\System\kdITwvy.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\mxMEytD.exe
  C:\Windows\System\mxMEytD.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\vJFqVGe.exe
  C:\Windows\System\vJFqVGe.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\OmLyzyn.exe
  C:\Windows\System\OmLyzyn.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\fnSgHyM.exe
  C:\Windows\System\fnSgHyM.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\vuheaJV.exe
  C:\Windows\System\vuheaJV.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\Xifpbst.exe
  C:\Windows\System\Xifpbst.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\ELyNJdN.exe
  C:\Windows\System\ELyNJdN.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\KRiudgX.exe
  C:\Windows\System\KRiudgX.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\TEpNIiw.exe
  C:\Windows\System\TEpNIiw.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\XRDwmFp.exe
  C:\Windows\System\XRDwmFp.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\nTNQlWu.exe
  C:\Windows\System\nTNQlWu.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\PvueNeJ.exe
  C:\Windows\System\PvueNeJ.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\qbKRjYi.exe
  C:\Windows\System\qbKRjYi.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\FipfYEM.exe
  C:\Windows\System\FipfYEM.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\mNjUlrD.exe
  C:\Windows\System\mNjUlrD.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\eAwRnpH.exe
  C:\Windows\System\eAwRnpH.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\VydHRzZ.exe
  C:\Windows\System\VydHRzZ.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\hADrDZH.exe
  C:\Windows\System\hADrDZH.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\WgwzAiN.exe
  C:\Windows\System\WgwzAiN.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\GAilzGk.exe
  C:\Windows\System\GAilzGk.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\PSSSdha.exe
  C:\Windows\System\PSSSdha.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\dSbtjLd.exe
  C:\Windows\System\dSbtjLd.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\JXNTWhi.exe
  C:\Windows\System\JXNTWhi.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\ycwWOWS.exe
  C:\Windows\System\ycwWOWS.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\pCAtNLX.exe
  C:\Windows\System\pCAtNLX.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\wcyTCPY.exe
  C:\Windows\System\wcyTCPY.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\CsMyzHd.exe
  C:\Windows\System\CsMyzHd.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\LTjlYlD.exe
  C:\Windows\System\LTjlYlD.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\WZRDMbH.exe
  C:\Windows\System\WZRDMbH.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\bZnZwQC.exe
  C:\Windows\System\bZnZwQC.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\nZaTMec.exe
  C:\Windows\System\nZaTMec.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\uSZhyMw.exe
  C:\Windows\System\uSZhyMw.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\XSgDdzy.exe
  C:\Windows\System\XSgDdzy.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\NbcaFNa.exe
  C:\Windows\System\NbcaFNa.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\nmXAVcB.exe
  C:\Windows\System\nmXAVcB.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\tORlsBD.exe
  C:\Windows\System\tORlsBD.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\KxbRWxm.exe
  C:\Windows\System\KxbRWxm.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\GOwoDOv.exe
  C:\Windows\System\GOwoDOv.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\erPOaFc.exe
  C:\Windows\System\erPOaFc.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\CMoXmzn.exe
  C:\Windows\System\CMoXmzn.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\LLutpoj.exe
  C:\Windows\System\LLutpoj.exe
  2⤵
  PID:2660
- C:\Windows\System\IuNkHfu.exe
  C:\Windows\System\IuNkHfu.exe
  2⤵
  PID:2940
- C:\Windows\System\FGPGsDT.exe
  C:\Windows\System\FGPGsDT.exe
  2⤵
  PID:2948
- C:\Windows\System\kcEtDxb.exe
  C:\Windows\System\kcEtDxb.exe
  2⤵
  PID:2388
- C:\Windows\System\RIhIwNx.exe
  C:\Windows\System\RIhIwNx.exe
  2⤵
  PID:2548
- C:\Windows\System\wXftqMe.exe
  C:\Windows\System\wXftqMe.exe
  2⤵
  PID:1380
- C:\Windows\System\NfKVJmz.exe
  C:\Windows\System\NfKVJmz.exe
  2⤵
  PID:1948
- C:\Windows\System\QjsmBre.exe
  C:\Windows\System\QjsmBre.exe
  2⤵
  PID:1356
- C:\Windows\System\gOIACaF.exe
  C:\Windows\System\gOIACaF.exe
  2⤵
  PID:1860
- C:\Windows\System\GAXLZFK.exe
  C:\Windows\System\GAXLZFK.exe
  2⤵
  PID:2804
- C:\Windows\System\HzzmuQY.exe
  C:\Windows\System\HzzmuQY.exe
  2⤵
  PID:2176
- C:\Windows\System\TpHGLxP.exe
  C:\Windows\System\TpHGLxP.exe
  2⤵
  PID:2088
- C:\Windows\System\HZqinbO.exe
  C:\Windows\System\HZqinbO.exe
  2⤵
  PID:2584
- C:\Windows\System\smhwjZW.exe
  C:\Windows\System\smhwjZW.exe
  2⤵
  PID:1596
- C:\Windows\System\edHueSY.exe
  C:\Windows\System\edHueSY.exe
  2⤵
  PID:444
- C:\Windows\System\jJqdUJF.exe
  C:\Windows\System\jJqdUJF.exe
  2⤵
  PID:2344
- C:\Windows\System\AexGEZB.exe
  C:\Windows\System\AexGEZB.exe
  2⤵
  PID:1312
- C:\Windows\System\euDNiVp.exe
  C:\Windows\System\euDNiVp.exe
  2⤵
  PID:1980
- C:\Windows\System\YgNUpND.exe
  C:\Windows\System\YgNUpND.exe
  2⤵
  PID:1748
- C:\Windows\System\rWmultA.exe
  C:\Windows\System\rWmultA.exe
  2⤵
  PID:2080
- C:\Windows\System\BLIHSgs.exe
  C:\Windows\System\BLIHSgs.exe
  2⤵
  PID:2300
- C:\Windows\System\xvBrMRW.exe
  C:\Windows\System\xvBrMRW.exe
  2⤵
  PID:1732
- C:\Windows\System\DsgFZKg.exe
  C:\Windows\System\DsgFZKg.exe
  2⤵
  PID:3052
- C:\Windows\System\jOfhfhQ.exe
  C:\Windows\System\jOfhfhQ.exe
  2⤵
  PID:3012
- C:\Windows\System\USTHuuZ.exe
  C:\Windows\System\USTHuuZ.exe
  2⤵
  PID:3048
- C:\Windows\System\dVqyObm.exe
  C:\Windows\System\dVqyObm.exe
  2⤵
  PID:1704
- C:\Windows\System\fMIPxRB.exe
  C:\Windows\System\fMIPxRB.exe
  2⤵
  PID:884
- C:\Windows\System\xnlhLkQ.exe
  C:\Windows\System\xnlhLkQ.exe
  2⤵
  PID:1548
- C:\Windows\System\NcRWLrO.exe
  C:\Windows\System\NcRWLrO.exe
  2⤵
  PID:1680
- C:\Windows\System\OwMMIVs.exe
  C:\Windows\System\OwMMIVs.exe
  2⤵
  PID:2272
- C:\Windows\System\JLdsVHf.exe
  C:\Windows\System\JLdsVHf.exe
  2⤵
  PID:1284
- C:\Windows\System\vRuTzKP.exe
  C:\Windows\System\vRuTzKP.exe
  2⤵
  PID:2604
- C:\Windows\System\lDLXEfH.exe
  C:\Windows\System\lDLXEfH.exe
  2⤵
  PID:2800
- C:\Windows\System\KmpgPSl.exe
  C:\Windows\System\KmpgPSl.exe
  2⤵
  PID:2552
- C:\Windows\System\enOmxli.exe
  C:\Windows\System\enOmxli.exe
  2⤵
  PID:560
- C:\Windows\System\CIzirad.exe
  C:\Windows\System\CIzirad.exe
  2⤵
  PID:1068
- C:\Windows\System\aTxmaqx.exe
  C:\Windows\System\aTxmaqx.exe
  2⤵
  PID:2384
- C:\Windows\System\hXxSimq.exe
  C:\Windows\System\hXxSimq.exe
  2⤵
  PID:2044
- C:\Windows\System\UzuTdPP.exe
  C:\Windows\System\UzuTdPP.exe
  2⤵
  PID:2792
- C:\Windows\System\Cavmgwh.exe
  C:\Windows\System\Cavmgwh.exe
  2⤵
  PID:1692
- C:\Windows\System\JvRtDdw.exe
  C:\Windows\System\JvRtDdw.exe
  2⤵
  PID:2700
- C:\Windows\System\dHVUrmI.exe
  C:\Windows\System\dHVUrmI.exe
  2⤵
  PID:1172
- C:\Windows\System\pUmdIKl.exe
  C:\Windows\System\pUmdIKl.exe
  2⤵
  PID:2724
- C:\Windows\System\UgSUoeN.exe
  C:\Windows\System\UgSUoeN.exe
  2⤵
  PID:1348
- C:\Windows\System\OuOCzTD.exe
  C:\Windows\System\OuOCzTD.exe
  2⤵
  PID:2192
- C:\Windows\System\RjoyumJ.exe
  C:\Windows\System\RjoyumJ.exe
  2⤵
  PID:2892
- C:\Windows\System\XxkUSIp.exe
  C:\Windows\System\XxkUSIp.exe
  2⤵
  PID:3040
- C:\Windows\System\DByugqK.exe
  C:\Windows\System\DByugqK.exe
  2⤵
  PID:2092
- C:\Windows\System\JZUaHLR.exe
  C:\Windows\System\JZUaHLR.exe
  2⤵
  PID:2364
- C:\Windows\System\lwDNOKO.exe
  C:\Windows\System\lwDNOKO.exe
  2⤵
  PID:2024
- C:\Windows\System\aZlMBil.exe
  C:\Windows\System\aZlMBil.exe
  2⤵
  PID:852
- C:\Windows\System\HjYKias.exe
  C:\Windows\System\HjYKias.exe
  2⤵
  PID:2148
- C:\Windows\System\UXqYWXs.exe
  C:\Windows\System\UXqYWXs.exe
  2⤵
  PID:1676
- C:\Windows\System\WGZGAep.exe
  C:\Windows\System\WGZGAep.exe
  2⤵
  PID:3076
- C:\Windows\System\JpPyBuP.exe
  C:\Windows\System\JpPyBuP.exe
  2⤵
  PID:3096
- C:\Windows\System\pvrBmoJ.exe
  C:\Windows\System\pvrBmoJ.exe
  2⤵
  PID:3116
- C:\Windows\System\mJipTGg.exe
  C:\Windows\System\mJipTGg.exe
  2⤵
  PID:3136
- C:\Windows\System\GpNdJJj.exe
  C:\Windows\System\GpNdJJj.exe
  2⤵
  PID:3156
- C:\Windows\System\aKAsFrk.exe
  C:\Windows\System\aKAsFrk.exe
  2⤵
  PID:3176
- C:\Windows\System\jzoEFyD.exe
  C:\Windows\System\jzoEFyD.exe
  2⤵
  PID:3196
- C:\Windows\System\IYGvgky.exe
  C:\Windows\System\IYGvgky.exe
  2⤵
  PID:3216
- C:\Windows\System\WlLZyJC.exe
  C:\Windows\System\WlLZyJC.exe
  2⤵
  PID:3236
- C:\Windows\System\SuHpBfU.exe
  C:\Windows\System\SuHpBfU.exe
  2⤵
  PID:3256
- C:\Windows\System\dUsfuYg.exe
  C:\Windows\System\dUsfuYg.exe
  2⤵
  PID:3276
- C:\Windows\System\QyFnZZF.exe
  C:\Windows\System\QyFnZZF.exe
  2⤵
  PID:3296
- C:\Windows\System\aMyVBpN.exe
  C:\Windows\System\aMyVBpN.exe
  2⤵
  PID:3316
- C:\Windows\System\sWCChgG.exe
  C:\Windows\System\sWCChgG.exe
  2⤵
  PID:3336
- C:\Windows\System\adWdwhV.exe
  C:\Windows\System\adWdwhV.exe
  2⤵
  PID:3356
- C:\Windows\System\bCpAeLe.exe
  C:\Windows\System\bCpAeLe.exe
  2⤵
  PID:3376
- C:\Windows\System\TnsUjLK.exe
  C:\Windows\System\TnsUjLK.exe
  2⤵
  PID:3396
- C:\Windows\System\UHNifgX.exe
  C:\Windows\System\UHNifgX.exe
  2⤵
  PID:3416
- C:\Windows\System\PeClmvb.exe
  C:\Windows\System\PeClmvb.exe
  2⤵
  PID:3436
- C:\Windows\System\RoPsCDt.exe
  C:\Windows\System\RoPsCDt.exe
  2⤵
  PID:3456
- C:\Windows\System\QxNnQiZ.exe
  C:\Windows\System\QxNnQiZ.exe
  2⤵
  PID:3476
- C:\Windows\System\zClcFrZ.exe
  C:\Windows\System\zClcFrZ.exe
  2⤵
  PID:3496
- C:\Windows\System\SdmvGIE.exe
  C:\Windows\System\SdmvGIE.exe
  2⤵
  PID:3516
- C:\Windows\System\yhgDyCH.exe
  C:\Windows\System\yhgDyCH.exe
  2⤵
  PID:3536
- C:\Windows\System\NJhrEmX.exe
  C:\Windows\System\NJhrEmX.exe
  2⤵
  PID:3552
- C:\Windows\System\XvTeaOs.exe
  C:\Windows\System\XvTeaOs.exe
  2⤵
  PID:3576
- C:\Windows\System\SYBYhxO.exe
  C:\Windows\System\SYBYhxO.exe
  2⤵
  PID:3596
- C:\Windows\System\LWmzPmA.exe
  C:\Windows\System\LWmzPmA.exe
  2⤵
  PID:3616
- C:\Windows\System\rqSsHRf.exe
  C:\Windows\System\rqSsHRf.exe
  2⤵
  PID:3636
- C:\Windows\System\TNAiIKv.exe
  C:\Windows\System\TNAiIKv.exe
  2⤵
  PID:3656
- C:\Windows\System\KikTfGO.exe
  C:\Windows\System\KikTfGO.exe
  2⤵
  PID:3676
- C:\Windows\System\pDFTSvq.exe
  C:\Windows\System\pDFTSvq.exe
  2⤵
  PID:3696
- C:\Windows\System\inQhsYI.exe
  C:\Windows\System\inQhsYI.exe
  2⤵
  PID:3716
- C:\Windows\System\daVmjQM.exe
  C:\Windows\System\daVmjQM.exe
  2⤵
  PID:3740
- C:\Windows\System\MzzxovU.exe
  C:\Windows\System\MzzxovU.exe
  2⤵
  PID:3760
- C:\Windows\System\QyVjing.exe
  C:\Windows\System\QyVjing.exe
  2⤵
  PID:3780
- C:\Windows\System\rPQwdaY.exe
  C:\Windows\System\rPQwdaY.exe
  2⤵
  PID:3796
- C:\Windows\System\PTeDZTS.exe
  C:\Windows\System\PTeDZTS.exe
  2⤵
  PID:3820
- C:\Windows\System\AJcuKjt.exe
  C:\Windows\System\AJcuKjt.exe
  2⤵
  PID:3836
- C:\Windows\System\fAWtekO.exe
  C:\Windows\System\fAWtekO.exe
  2⤵
  PID:3860
- C:\Windows\System\TBmHRXc.exe
  C:\Windows\System\TBmHRXc.exe
  2⤵
  PID:3876
- C:\Windows\System\hieIcyi.exe
  C:\Windows\System\hieIcyi.exe
  2⤵
  PID:3900
- C:\Windows\System\QnOHnTS.exe
  C:\Windows\System\QnOHnTS.exe
  2⤵
  PID:3920
- C:\Windows\System\kVMNLOT.exe
  C:\Windows\System\kVMNLOT.exe
  2⤵
  PID:3940
- C:\Windows\System\bUIqSSL.exe
  C:\Windows\System\bUIqSSL.exe
  2⤵
  PID:3964
- C:\Windows\System\xLUGPgR.exe
  C:\Windows\System\xLUGPgR.exe
  2⤵
  PID:3984
- C:\Windows\System\DxnzgyO.exe
  C:\Windows\System\DxnzgyO.exe
  2⤵
  PID:4000
- C:\Windows\System\qHWZzMv.exe
  C:\Windows\System\qHWZzMv.exe
  2⤵
  PID:4020
- C:\Windows\System\qyoEbGQ.exe
  C:\Windows\System\qyoEbGQ.exe
  2⤵
  PID:4040
- C:\Windows\System\IhDnJTg.exe
  C:\Windows\System\IhDnJTg.exe
  2⤵
  PID:4060
- C:\Windows\System\kODCuFK.exe
  C:\Windows\System\kODCuFK.exe
  2⤵
  PID:4080
- C:\Windows\System\rPPqktQ.exe
  C:\Windows\System\rPPqktQ.exe
  2⤵
  PID:2744
- C:\Windows\System\FCYHkDw.exe
  C:\Windows\System\FCYHkDw.exe
  2⤵
  PID:664
- C:\Windows\System\nxlpuJz.exe
  C:\Windows\System\nxlpuJz.exe
  2⤵
  PID:2936
- C:\Windows\System\hehftfb.exe
  C:\Windows\System\hehftfb.exe
  2⤵
  PID:2072
- C:\Windows\System\AGbArjo.exe
  C:\Windows\System\AGbArjo.exe
  2⤵
  PID:404
- C:\Windows\System\MQsPIiS.exe
  C:\Windows\System\MQsPIiS.exe
  2⤵
  PID:1128
- C:\Windows\System\fLJlqoP.exe
  C:\Windows\System\fLJlqoP.exe
  2⤵
  PID:348
- C:\Windows\System\XHKcsaI.exe
  C:\Windows\System\XHKcsaI.exe
  2⤵
  PID:2012
- C:\Windows\System\fwuMGhL.exe
  C:\Windows\System\fwuMGhL.exe
  2⤵
  PID:2908
- C:\Windows\System\ltcNwzf.exe
  C:\Windows\System\ltcNwzf.exe
  2⤵
  PID:824
- C:\Windows\System\NWePUNw.exe
  C:\Windows\System\NWePUNw.exe
  2⤵
  PID:2676
- C:\Windows\System\sSPwsHI.exe
  C:\Windows\System\sSPwsHI.exe
  2⤵
  PID:2404
- C:\Windows\System\WaXMGdH.exe
  C:\Windows\System\WaXMGdH.exe
  2⤵
  PID:3132
- C:\Windows\System\tymoYVC.exe
  C:\Windows\System\tymoYVC.exe
  2⤵
  PID:3144
- C:\Windows\System\cwwtVPj.exe
  C:\Windows\System\cwwtVPj.exe
  2⤵
  PID:3172
- C:\Windows\System\eWZiELg.exe
  C:\Windows\System\eWZiELg.exe
  2⤵
  PID:3224
- C:\Windows\System\LmTmhdn.exe
  C:\Windows\System\LmTmhdn.exe
  2⤵
  PID:3228
- C:\Windows\System\CVvzWon.exe
  C:\Windows\System\CVvzWon.exe
  2⤵
  PID:3268
- C:\Windows\System\EkqrbAG.exe
  C:\Windows\System\EkqrbAG.exe
  2⤵
  PID:3304
- C:\Windows\System\fTRjtjk.exe
  C:\Windows\System\fTRjtjk.exe
  2⤵
  PID:3364
- C:\Windows\System\qohirXN.exe
  C:\Windows\System\qohirXN.exe
  2⤵
  PID:3412
- C:\Windows\System\ocJOYiG.exe
  C:\Windows\System\ocJOYiG.exe
  2⤵
  PID:3392
- C:\Windows\System\shKhMWJ.exe
  C:\Windows\System\shKhMWJ.exe
  2⤵
  PID:3448
- C:\Windows\System\boMSdVo.exe
  C:\Windows\System\boMSdVo.exe
  2⤵
  PID:3492
- C:\Windows\System\qzTqcMf.exe
  C:\Windows\System\qzTqcMf.exe
  2⤵
  PID:3504
- C:\Windows\System\THfgBrO.exe
  C:\Windows\System\THfgBrO.exe
  2⤵
  PID:3560
- C:\Windows\System\fvWDEUc.exe
  C:\Windows\System\fvWDEUc.exe
  2⤵
  PID:3564
- C:\Windows\System\elISVpA.exe
  C:\Windows\System\elISVpA.exe
  2⤵
  PID:3584
- C:\Windows\System\FiqqGQV.exe
  C:\Windows\System\FiqqGQV.exe
  2⤵
  PID:3648
- C:\Windows\System\POlbYHS.exe
  C:\Windows\System\POlbYHS.exe
  2⤵
  PID:3632
- C:\Windows\System\AGiklIo.exe
  C:\Windows\System\AGiklIo.exe
  2⤵
  PID:3704
- C:\Windows\System\eukOluf.exe
  C:\Windows\System\eukOluf.exe
  2⤵
  PID:3712
- C:\Windows\System\DKcoKxJ.exe
  C:\Windows\System\DKcoKxJ.exe
  2⤵
  PID:3756
- C:\Windows\System\WDcxnWy.exe
  C:\Windows\System\WDcxnWy.exe
  2⤵
  PID:3844
- C:\Windows\System\ICEjtSR.exe
  C:\Windows\System\ICEjtSR.exe
  2⤵
  PID:3792
- C:\Windows\System\cNsUhTO.exe
  C:\Windows\System\cNsUhTO.exe
  2⤵
  PID:3828
- C:\Windows\System\MyzWjJu.exe
  C:\Windows\System\MyzWjJu.exe
  2⤵
  PID:3972
- C:\Windows\System\cbUGktY.exe
  C:\Windows\System\cbUGktY.exe
  2⤵
  PID:3916
- C:\Windows\System\RhSnOGd.exe
  C:\Windows\System\RhSnOGd.exe
  2⤵
  PID:3956
- C:\Windows\System\sVpVrtt.exe
  C:\Windows\System\sVpVrtt.exe
  2⤵
  PID:4056
- C:\Windows\System\rQFgRgF.exe
  C:\Windows\System\rQFgRgF.exe
  2⤵
  PID:2568
- C:\Windows\System\cUlRmAz.exe
  C:\Windows\System\cUlRmAz.exe
  2⤵
  PID:1792
- C:\Windows\System\PIUjoSS.exe
  C:\Windows\System\PIUjoSS.exe
  2⤵
  PID:4068
- C:\Windows\System\aFxAtgt.exe
  C:\Windows\System\aFxAtgt.exe
  2⤵
  PID:736
- C:\Windows\System\phTegpn.exe
  C:\Windows\System\phTegpn.exe
  2⤵
  PID:2820
- C:\Windows\System\UDSrQjS.exe
  C:\Windows\System\UDSrQjS.exe
  2⤵
  PID:1640
- C:\Windows\System\JDAENgE.exe
  C:\Windows\System\JDAENgE.exe
  2⤵
  PID:1724
- C:\Windows\System\CysYWAW.exe
  C:\Windows\System\CysYWAW.exe
  2⤵
  PID:2428
- C:\Windows\System\mutvNFT.exe
  C:\Windows\System\mutvNFT.exe
  2⤵
  PID:1700
- C:\Windows\System\dBCNxJW.exe
  C:\Windows\System\dBCNxJW.exe
  2⤵
  PID:3088
- C:\Windows\System\szEBqkB.exe
  C:\Windows\System\szEBqkB.exe
  2⤵
  PID:3896
- C:\Windows\System\kfMPAfO.exe
  C:\Windows\System\kfMPAfO.exe
  2⤵
  PID:3212
- C:\Windows\System\UkrOGQg.exe
  C:\Windows\System\UkrOGQg.exe
  2⤵
  PID:3332
- C:\Windows\System\BFYmxuk.exe
  C:\Windows\System\BFYmxuk.exe
  2⤵
  PID:3404
- C:\Windows\System\lsjADlh.exe
  C:\Windows\System\lsjADlh.exe
  2⤵
  PID:3308
- C:\Windows\System\wObYQjj.exe
  C:\Windows\System\wObYQjj.exe
  2⤵
  PID:3464
- C:\Windows\System\ZKPAShA.exe
  C:\Windows\System\ZKPAShA.exe
  2⤵
  PID:3548
- C:\Windows\System\lLknmNL.exe
  C:\Windows\System\lLknmNL.exe
  2⤵
  PID:3484
- C:\Windows\System\HdmQPKK.exe
  C:\Windows\System\HdmQPKK.exe
  2⤵
  PID:3664
- C:\Windows\System\WtNXsDr.exe
  C:\Windows\System\WtNXsDr.exe
  2⤵
  PID:3668
- C:\Windows\System\dJPrmlT.exe
  C:\Windows\System\dJPrmlT.exe
  2⤵
  PID:3608
- C:\Windows\System\BJKTYvm.exe
  C:\Windows\System\BJKTYvm.exe
  2⤵
  PID:3628
- C:\Windows\System\dCYOBdJ.exe
  C:\Windows\System\dCYOBdJ.exe
  2⤵
  PID:3732
- C:\Windows\System\jakMdKR.exe
  C:\Windows\System\jakMdKR.exe
  2⤵
  PID:3804
- C:\Windows\System\qOkYutg.exe
  C:\Windows\System\qOkYutg.exe
  2⤵
  PID:3888
- C:\Windows\System\lfXcGTH.exe
  C:\Windows\System\lfXcGTH.exe
  2⤵
  PID:4088
- C:\Windows\System\RgUsuuT.exe
  C:\Windows\System\RgUsuuT.exe
  2⤵
  PID:2576
- C:\Windows\System\brTiZpG.exe
  C:\Windows\System\brTiZpG.exe
  2⤵
  PID:1712
- C:\Windows\System\nswQpjn.exe
  C:\Windows\System\nswQpjn.exe
  2⤵
  PID:1480
- C:\Windows\System\wYOMLPo.exe
  C:\Windows\System\wYOMLPo.exe
  2⤵
  PID:2776
- C:\Windows\System\cMNKGRm.exe
  C:\Windows\System\cMNKGRm.exe
  2⤵
  PID:2124
- C:\Windows\System\feyQCZl.exe
  C:\Windows\System\feyQCZl.exe
  2⤵
  PID:2368
- C:\Windows\System\raLFovO.exe
  C:\Windows\System\raLFovO.exe
  2⤵
  PID:3188
- C:\Windows\System\moiXUQG.exe
  C:\Windows\System\moiXUQG.exe
  2⤵
  PID:3816
- C:\Windows\System\shRZxia.exe
  C:\Windows\System\shRZxia.exe
  2⤵
  PID:3524
- C:\Windows\System\jldRuWm.exe
  C:\Windows\System\jldRuWm.exe
  2⤵
  PID:3468
- C:\Windows\System\TqtyfGR.exe
  C:\Windows\System\TqtyfGR.exe
  2⤵
  PID:3384
- C:\Windows\System\PGxeURG.exe
  C:\Windows\System\PGxeURG.exe
  2⤵
  PID:3512
- C:\Windows\System\ALnpIwj.exe
  C:\Windows\System\ALnpIwj.exe
  2⤵
  PID:3672
- C:\Windows\System\ntbiDaG.exe
  C:\Windows\System\ntbiDaG.exe
  2⤵
  PID:3848
- C:\Windows\System\RrfcaaT.exe
  C:\Windows\System\RrfcaaT.exe
  2⤵
  PID:3908
- C:\Windows\System\NOWStWp.exe
  C:\Windows\System\NOWStWp.exe
  2⤵
  PID:2780
- C:\Windows\System\SupoDRO.exe
  C:\Windows\System\SupoDRO.exe
  2⤵
  PID:1384
- C:\Windows\System\AqhOiqu.exe
  C:\Windows\System\AqhOiqu.exe
  2⤵
  PID:1324
- C:\Windows\System\vdkossv.exe
  C:\Windows\System\vdkossv.exe
  2⤵
  PID:1528
- C:\Windows\System\zliveAj.exe
  C:\Windows\System\zliveAj.exe
  2⤵
  PID:3108
- C:\Windows\System\AnkdHna.exe
  C:\Windows\System\AnkdHna.exe
  2⤵
  PID:3252
- C:\Windows\System\NGdqpkX.exe
  C:\Windows\System\NGdqpkX.exe
  2⤵
  PID:3544
- C:\Windows\System\eIMobQC.exe
  C:\Windows\System\eIMobQC.exe
  2⤵
  PID:4108
- C:\Windows\System\gGluKjW.exe
  C:\Windows\System\gGluKjW.exe
  2⤵
  PID:4128
- C:\Windows\System\VFOyEQB.exe
  C:\Windows\System\VFOyEQB.exe
  2⤵
  PID:4148
- C:\Windows\System\zMTmCHH.exe
  C:\Windows\System\zMTmCHH.exe
  2⤵
  PID:4168
- C:\Windows\System\zCAjnxW.exe
  C:\Windows\System\zCAjnxW.exe
  2⤵
  PID:4188
- C:\Windows\System\RgMedJn.exe
  C:\Windows\System\RgMedJn.exe
  2⤵
  PID:4208
- C:\Windows\System\SElqCAK.exe
  C:\Windows\System\SElqCAK.exe
  2⤵
  PID:4228
- C:\Windows\System\MLHRCMe.exe
  C:\Windows\System\MLHRCMe.exe
  2⤵
  PID:4248
- C:\Windows\System\DHZnxVV.exe
  C:\Windows\System\DHZnxVV.exe
  2⤵
  PID:4268
- C:\Windows\System\nugZpxu.exe
  C:\Windows\System\nugZpxu.exe
  2⤵
  PID:4288
- C:\Windows\System\zzccMvf.exe
  C:\Windows\System\zzccMvf.exe
  2⤵
  PID:4308
- C:\Windows\System\SQhdTQV.exe
  C:\Windows\System\SQhdTQV.exe
  2⤵
  PID:4328
- C:\Windows\System\LgLThOp.exe
  C:\Windows\System\LgLThOp.exe
  2⤵
  PID:4352
- C:\Windows\System\NRxBYxS.exe
  C:\Windows\System\NRxBYxS.exe
  2⤵
  PID:4376
- C:\Windows\System\GZnAKUT.exe
  C:\Windows\System\GZnAKUT.exe
  2⤵
  PID:4396
- C:\Windows\System\uvlYcjM.exe
  C:\Windows\System\uvlYcjM.exe
  2⤵
  PID:4416
- C:\Windows\System\atIGXfe.exe
  C:\Windows\System\atIGXfe.exe
  2⤵
  PID:4436
- C:\Windows\System\wwFYCfB.exe
  C:\Windows\System\wwFYCfB.exe
  2⤵
  PID:4456
- C:\Windows\System\mLliKBX.exe
  C:\Windows\System\mLliKBX.exe
  2⤵
  PID:4476
- C:\Windows\System\MzESiIR.exe
  C:\Windows\System\MzESiIR.exe
  2⤵
  PID:4496
- C:\Windows\System\MLKbIuS.exe
  C:\Windows\System\MLKbIuS.exe
  2⤵
  PID:4516
- C:\Windows\System\gGuhUsq.exe
  C:\Windows\System\gGuhUsq.exe
  2⤵
  PID:4536
- C:\Windows\System\ervqWUZ.exe
  C:\Windows\System\ervqWUZ.exe
  2⤵
  PID:4556
- C:\Windows\System\jfxAeIo.exe
  C:\Windows\System\jfxAeIo.exe
  2⤵
  PID:4576
- C:\Windows\System\JcwrkRH.exe
  C:\Windows\System\JcwrkRH.exe
  2⤵
  PID:4596
- C:\Windows\System\uUtfDzx.exe
  C:\Windows\System\uUtfDzx.exe
  2⤵
  PID:4616
- C:\Windows\System\vIjUwYm.exe
  C:\Windows\System\vIjUwYm.exe
  2⤵
  PID:4636
- C:\Windows\System\bvYAycM.exe
  C:\Windows\System\bvYAycM.exe
  2⤵
  PID:4656
- C:\Windows\System\tulBjHd.exe
  C:\Windows\System\tulBjHd.exe
  2⤵
  PID:4676
- C:\Windows\System\GQgJwyR.exe
  C:\Windows\System\GQgJwyR.exe
  2⤵
  PID:4696
- C:\Windows\System\sliohOc.exe
  C:\Windows\System\sliohOc.exe
  2⤵
  PID:4716
- C:\Windows\System\ouIsLOT.exe
  C:\Windows\System\ouIsLOT.exe
  2⤵
  PID:4732
- C:\Windows\System\oiRDZlB.exe
  C:\Windows\System\oiRDZlB.exe
  2⤵
  PID:4752
- C:\Windows\System\mMoNMfH.exe
  C:\Windows\System\mMoNMfH.exe
  2⤵
  PID:4776
- C:\Windows\System\lfANcKN.exe
  C:\Windows\System\lfANcKN.exe
  2⤵
  PID:4796
- C:\Windows\System\mveDVat.exe
  C:\Windows\System\mveDVat.exe
  2⤵
  PID:4816
- C:\Windows\System\NMhiysK.exe
  C:\Windows\System\NMhiysK.exe
  2⤵
  PID:4836
- C:\Windows\System\qXeOcda.exe
  C:\Windows\System\qXeOcda.exe
  2⤵
  PID:4856
- C:\Windows\System\suvaUoT.exe
  C:\Windows\System\suvaUoT.exe
  2⤵
  PID:4876
- C:\Windows\System\BLFQGOn.exe
  C:\Windows\System\BLFQGOn.exe
  2⤵
  PID:4896
- C:\Windows\System\HIvCXfZ.exe
  C:\Windows\System\HIvCXfZ.exe
  2⤵
  PID:4916
- C:\Windows\System\UdPbbxA.exe
  C:\Windows\System\UdPbbxA.exe
  2⤵
  PID:4940
- C:\Windows\System\HvsQLMT.exe
  C:\Windows\System\HvsQLMT.exe
  2⤵
  PID:4960
- C:\Windows\System\XkrpNZF.exe
  C:\Windows\System\XkrpNZF.exe
  2⤵
  PID:4980
- C:\Windows\System\IXSjkSA.exe
  C:\Windows\System\IXSjkSA.exe
  2⤵
  PID:5000
- C:\Windows\System\pPjVsGS.exe
  C:\Windows\System\pPjVsGS.exe
  2⤵
  PID:5024
- C:\Windows\System\nkDvBXG.exe
  C:\Windows\System\nkDvBXG.exe
  2⤵
  PID:5044
- C:\Windows\System\nmayRDJ.exe
  C:\Windows\System\nmayRDJ.exe
  2⤵
  PID:5064
- C:\Windows\System\ALLXxjx.exe
  C:\Windows\System\ALLXxjx.exe
  2⤵
  PID:5084
- C:\Windows\System\OAQLRIA.exe
  C:\Windows\System\OAQLRIA.exe
  2⤵
  PID:5104
- C:\Windows\System\zhERXDf.exe
  C:\Windows\System\zhERXDf.exe
  2⤵
  PID:3624
- C:\Windows\System\wuSOjGE.exe
  C:\Windows\System\wuSOjGE.exe
  2⤵
  PID:3652
- C:\Windows\System\AIwyRHO.exe
  C:\Windows\System\AIwyRHO.exe
  2⤵
  PID:3736
- C:\Windows\System\SEjcLDc.exe
  C:\Windows\System\SEjcLDc.exe
  2⤵
  PID:3872
- C:\Windows\System\HFEFXMd.exe
  C:\Windows\System\HFEFXMd.exe
  2⤵
  PID:2984
- C:\Windows\System\UiPvTHv.exe
  C:\Windows\System\UiPvTHv.exe
  2⤵
  PID:4036
- C:\Windows\System\xwRmDgD.exe
  C:\Windows\System\xwRmDgD.exe
  2⤵
  PID:3248
- C:\Windows\System\YktYmce.exe
  C:\Windows\System\YktYmce.exe
  2⤵
  PID:2268
- C:\Windows\System\ceQXJdl.exe
  C:\Windows\System\ceQXJdl.exe
  2⤵
  PID:4104
- C:\Windows\System\HFQxOSU.exe
  C:\Windows\System\HFQxOSU.exe
  2⤵
  PID:4136
- C:\Windows\System\kXIkvBX.exe
  C:\Windows\System\kXIkvBX.exe
  2⤵
  PID:4156
- C:\Windows\System\MuWUIiA.exe
  C:\Windows\System\MuWUIiA.exe
  2⤵
  PID:4180
- C:\Windows\System\VTYdmUE.exe
  C:\Windows\System\VTYdmUE.exe
  2⤵
  PID:4256
- C:\Windows\System\zAzJyLw.exe
  C:\Windows\System\zAzJyLw.exe
  2⤵
  PID:4196
- C:\Windows\System\sorjtdd.exe
  C:\Windows\System\sorjtdd.exe
  2⤵
  PID:2720
- C:\Windows\System\NzkRAfV.exe
  C:\Windows\System\NzkRAfV.exe
  2⤵
  PID:2692
- C:\Windows\System\rofMaag.exe
  C:\Windows\System\rofMaag.exe
  2⤵
  PID:4340
- C:\Windows\System\uLmCmXP.exe
  C:\Windows\System\uLmCmXP.exe
  2⤵
  PID:4372
- C:\Windows\System\sIKZOUX.exe
  C:\Windows\System\sIKZOUX.exe
  2⤵
  PID:4412
- C:\Windows\System\ENdFlgB.exe
  C:\Windows\System\ENdFlgB.exe
  2⤵
  PID:4444
- C:\Windows\System\iKzUrJF.exe
  C:\Windows\System\iKzUrJF.exe
  2⤵
  PID:4448
- C:\Windows\System\iFCyMKX.exe
  C:\Windows\System\iFCyMKX.exe
  2⤵
  PID:4492
- C:\Windows\System\xPwXHBP.exe
  C:\Windows\System\xPwXHBP.exe
  2⤵
  PID:4528
- C:\Windows\System\cvJTEXp.exe
  C:\Windows\System\cvJTEXp.exe
  2⤵
  PID:4592
- C:\Windows\System\jFEscIf.exe
  C:\Windows\System\jFEscIf.exe
  2⤵
  PID:4624
- C:\Windows\System\jSUupCx.exe
  C:\Windows\System\jSUupCx.exe
  2⤵
  PID:4644
- C:\Windows\System\kcLDxzW.exe
  C:\Windows\System\kcLDxzW.exe
  2⤵
  PID:4668
- C:\Windows\System\nlBtzqY.exe
  C:\Windows\System\nlBtzqY.exe
  2⤵
  PID:4692
- C:\Windows\System\PlTJlbx.exe
  C:\Windows\System\PlTJlbx.exe
  2⤵
  PID:4724
- C:\Windows\System\nJRFekR.exe
  C:\Windows\System\nJRFekR.exe
  2⤵
  PID:4784
- C:\Windows\System\mShUoXD.exe
  C:\Windows\System\mShUoXD.exe
  2⤵
  PID:4832
- C:\Windows\System\zEWxgEj.exe
  C:\Windows\System\zEWxgEj.exe
  2⤵
  PID:2748
- C:\Windows\System\JTWrNXW.exe
  C:\Windows\System\JTWrNXW.exe
  2⤵
  PID:4872
- C:\Windows\System\DcOTzQx.exe
  C:\Windows\System\DcOTzQx.exe
  2⤵
  PID:4908
- C:\Windows\System\jnJaKWY.exe
  C:\Windows\System\jnJaKWY.exe
  2⤵
  PID:4956
- C:\Windows\System\GsGTryR.exe
  C:\Windows\System\GsGTryR.exe
  2⤵
  PID:4968
- C:\Windows\System\ZnMjfSr.exe
  C:\Windows\System\ZnMjfSr.exe
  2⤵
  PID:4992
- C:\Windows\System\UgGPzLc.exe
  C:\Windows\System\UgGPzLc.exe
  2⤵
  PID:5040
- C:\Windows\System\yWuivlf.exe
  C:\Windows\System\yWuivlf.exe
  2⤵
  PID:5080
- C:\Windows\System\TNxIOgc.exe
  C:\Windows\System\TNxIOgc.exe
  2⤵
  PID:5100
- C:\Windows\System\zrjLhwS.exe
  C:\Windows\System\zrjLhwS.exe
  2⤵
  PID:3612
- C:\Windows\System\rLOhYKv.exe
  C:\Windows\System\rLOhYKv.exe
  2⤵
  PID:3892
- C:\Windows\System\ysnSfOV.exe
  C:\Windows\System\ysnSfOV.exe
  2⤵
  PID:3868
- C:\Windows\System\XXTRwcT.exe
  C:\Windows\System\XXTRwcT.exe
  2⤵
  PID:2928
- C:\Windows\System\kZjEYwZ.exe
  C:\Windows\System\kZjEYwZ.exe
  2⤵
  PID:2264
- C:\Windows\System\HriNrkW.exe
  C:\Windows\System\HriNrkW.exe
  2⤵
  PID:2448
- C:\Windows\System\hdWdrTn.exe
  C:\Windows\System\hdWdrTn.exe
  2⤵
  PID:2732
- C:\Windows\System\LFxSTgU.exe
  C:\Windows\System\LFxSTgU.exe
  2⤵
  PID:2752
- C:\Windows\System\aDETHTA.exe
  C:\Windows\System\aDETHTA.exe
  2⤵
  PID:4240
- C:\Windows\System\sVmYFur.exe
  C:\Windows\System\sVmYFur.exe
  2⤵
  PID:4236
- C:\Windows\System\XQfoMbA.exe
  C:\Windows\System\XQfoMbA.exe
  2⤵
  PID:4304
- C:\Windows\System\kotFscV.exe
  C:\Windows\System\kotFscV.exe
  2⤵
  PID:4404
- C:\Windows\System\UpYqfUa.exe
  C:\Windows\System\UpYqfUa.exe
  2⤵
  PID:4428
- C:\Windows\System\mKbzJJE.exe
  C:\Windows\System\mKbzJJE.exe
  2⤵
  PID:2736
- C:\Windows\System\ByxADeb.exe
  C:\Windows\System\ByxADeb.exe
  2⤵
  PID:4532
- C:\Windows\System\XMwIkDo.exe
  C:\Windows\System\XMwIkDo.exe
  2⤵
  PID:4572
- C:\Windows\System\AoJrGcE.exe
  C:\Windows\System\AoJrGcE.exe
  2⤵
  PID:4344
- C:\Windows\System\knqtJpt.exe
  C:\Windows\System\knqtJpt.exe
  2⤵
  PID:4652
- C:\Windows\System\qLVzJoZ.exe
  C:\Windows\System\qLVzJoZ.exe
  2⤵
  PID:4712
- C:\Windows\System\EpGzFmR.exe
  C:\Windows\System\EpGzFmR.exe
  2⤵
  PID:4824
- C:\Windows\System\zvkYdTr.exe
  C:\Windows\System\zvkYdTr.exe
  2⤵
  PID:4852
- C:\Windows\System\OAXymwD.exe
  C:\Windows\System\OAXymwD.exe
  2⤵
  PID:4888
- C:\Windows\System\TvZkuMR.exe
  C:\Windows\System\TvZkuMR.exe
  2⤵
  PID:4924
- C:\Windows\System\xsHNsnN.exe
  C:\Windows\System\xsHNsnN.exe
  2⤵
  PID:4952
- C:\Windows\System\uyPvQTa.exe
  C:\Windows\System\uyPvQTa.exe
  2⤵
  PID:5012
- C:\Windows\System\qnhEAji.exe
  C:\Windows\System\qnhEAji.exe
  2⤵
  PID:5076
- C:\Windows\System\huskdjB.exe
  C:\Windows\System\huskdjB.exe
  2⤵
  PID:2608
- C:\Windows\System\WuLumBi.exe
  C:\Windows\System\WuLumBi.exe
  2⤵
  PID:3996
- C:\Windows\System\fZAVWcz.exe
  C:\Windows\System\fZAVWcz.exe
  2⤵
  PID:3184
- C:\Windows\System\tofvdoO.exe
  C:\Windows\System\tofvdoO.exe
  2⤵
  PID:2064
- C:\Windows\System\zfKwLog.exe
  C:\Windows\System\zfKwLog.exe
  2⤵
  PID:3344
- C:\Windows\System\XbJAkUm.exe
  C:\Windows\System\XbJAkUm.exe
  2⤵
  PID:4160
- C:\Windows\System\hLYgEkf.exe
  C:\Windows\System\hLYgEkf.exe
  2⤵
  PID:4348
- C:\Windows\System\QOtQFuv.exe
  C:\Windows\System\QOtQFuv.exe
  2⤵
  PID:4320
- C:\Windows\System\UONeLZy.exe
  C:\Windows\System\UONeLZy.exe
  2⤵
  PID:4468
- C:\Windows\System\nikOBeS.exe
  C:\Windows\System\nikOBeS.exe
  2⤵
  PID:4584
- C:\Windows\System\crXtsHD.exe
  C:\Windows\System\crXtsHD.exe
  2⤵
  PID:4672
- C:\Windows\System\UIVmptM.exe
  C:\Windows\System\UIVmptM.exe
  2⤵
  PID:4744
- C:\Windows\System\bbhyfrh.exe
  C:\Windows\System\bbhyfrh.exe
  2⤵
  PID:4812
- C:\Windows\System\itfHcaK.exe
  C:\Windows\System\itfHcaK.exe
  2⤵
  PID:5132
- C:\Windows\System\gwxvOsd.exe
  C:\Windows\System\gwxvOsd.exe
  2⤵
  PID:5152
- C:\Windows\System\zkzTqDc.exe
  C:\Windows\System\zkzTqDc.exe
  2⤵
  PID:5172
- C:\Windows\System\UeQCjnS.exe
  C:\Windows\System\UeQCjnS.exe
  2⤵
  PID:5192
- C:\Windows\System\lGhIRjj.exe
  C:\Windows\System\lGhIRjj.exe
  2⤵
  PID:5212
- C:\Windows\System\HKwRQQU.exe
  C:\Windows\System\HKwRQQU.exe
  2⤵
  PID:5236
- C:\Windows\System\rsipPKP.exe
  C:\Windows\System\rsipPKP.exe
  2⤵
  PID:5256
- C:\Windows\System\cilbmfh.exe
  C:\Windows\System\cilbmfh.exe
  2⤵
  PID:5276
- C:\Windows\System\ZESLNxe.exe
  C:\Windows\System\ZESLNxe.exe
  2⤵
  PID:5296
- C:\Windows\System\OAldhEa.exe
  C:\Windows\System\OAldhEa.exe
  2⤵
  PID:5316
- C:\Windows\System\lrvoexB.exe
  C:\Windows\System\lrvoexB.exe
  2⤵
  PID:5336
- C:\Windows\System\eUghPqR.exe
  C:\Windows\System\eUghPqR.exe
  2⤵
  PID:5356
- C:\Windows\System\HRkQDQj.exe
  C:\Windows\System\HRkQDQj.exe
  2⤵
  PID:5376
- C:\Windows\System\WrtaIDw.exe
  C:\Windows\System\WrtaIDw.exe
  2⤵
  PID:5396
- C:\Windows\System\wdDxdtU.exe
  C:\Windows\System\wdDxdtU.exe
  2⤵
  PID:5416
- C:\Windows\System\fZUhhBy.exe
  C:\Windows\System\fZUhhBy.exe
  2⤵
  PID:5436
- C:\Windows\System\rFPogVa.exe
  C:\Windows\System\rFPogVa.exe
  2⤵
  PID:5456
- C:\Windows\System\zRTmKBV.exe
  C:\Windows\System\zRTmKBV.exe
  2⤵
  PID:5476
- C:\Windows\System\okDtomC.exe
  C:\Windows\System\okDtomC.exe
  2⤵
  PID:5496
- C:\Windows\System\Octrptt.exe
  C:\Windows\System\Octrptt.exe
  2⤵
  PID:5516
- C:\Windows\System\mCfBOZm.exe
  C:\Windows\System\mCfBOZm.exe
  2⤵
  PID:5536
- C:\Windows\System\mtHBsVt.exe
  C:\Windows\System\mtHBsVt.exe
  2⤵
  PID:5556
- C:\Windows\System\kmEImNq.exe
  C:\Windows\System\kmEImNq.exe
  2⤵
  PID:5576
- C:\Windows\System\pHSHRLo.exe
  C:\Windows\System\pHSHRLo.exe
  2⤵
  PID:5596
- C:\Windows\System\AzxjwQp.exe
  C:\Windows\System\AzxjwQp.exe
  2⤵
  PID:5616
- C:\Windows\System\WivPfyV.exe
  C:\Windows\System\WivPfyV.exe
  2⤵
  PID:5636
- C:\Windows\System\sODCVSK.exe
  C:\Windows\System\sODCVSK.exe
  2⤵
  PID:5656
- C:\Windows\System\iUuZgzb.exe
  C:\Windows\System\iUuZgzb.exe
  2⤵
  PID:5676
- C:\Windows\System\fMgUjuR.exe
  C:\Windows\System\fMgUjuR.exe
  2⤵
  PID:5696
- C:\Windows\System\ydPEBgO.exe
  C:\Windows\System\ydPEBgO.exe
  2⤵
  PID:5716
- C:\Windows\System\iyAlRyb.exe
  C:\Windows\System\iyAlRyb.exe
  2⤵
  PID:5736
- C:\Windows\System\TsVoJOF.exe
  C:\Windows\System\TsVoJOF.exe
  2⤵
  PID:5756
- C:\Windows\System\rwHhwgN.exe
  C:\Windows\System\rwHhwgN.exe
  2⤵
  PID:5776
- C:\Windows\System\ocQMjSF.exe
  C:\Windows\System\ocQMjSF.exe
  2⤵
  PID:5796
- C:\Windows\System\YCkgseq.exe
  C:\Windows\System\YCkgseq.exe
  2⤵
  PID:5816
- C:\Windows\System\OJKDvZE.exe
  C:\Windows\System\OJKDvZE.exe
  2⤵
  PID:5836
- C:\Windows\System\EQONoxe.exe
  C:\Windows\System\EQONoxe.exe
  2⤵
  PID:5856
- C:\Windows\System\zLsyhpZ.exe
  C:\Windows\System\zLsyhpZ.exe
  2⤵
  PID:5876
- C:\Windows\System\kGBnyLP.exe
  C:\Windows\System\kGBnyLP.exe
  2⤵
  PID:5896
- C:\Windows\System\VSOGbix.exe
  C:\Windows\System\VSOGbix.exe
  2⤵
  PID:5916
- C:\Windows\System\WgyXwwj.exe
  C:\Windows\System\WgyXwwj.exe
  2⤵
  PID:5936
- C:\Windows\System\dhWXSXt.exe
  C:\Windows\System\dhWXSXt.exe
  2⤵
  PID:5956
- C:\Windows\System\PKLwIDp.exe
  C:\Windows\System\PKLwIDp.exe
  2⤵
  PID:5976
- C:\Windows\System\Pccijhv.exe
  C:\Windows\System\Pccijhv.exe
  2⤵
  PID:5996
- C:\Windows\System\leoYSaI.exe
  C:\Windows\System\leoYSaI.exe
  2⤵
  PID:6016
- C:\Windows\System\dZQtPzs.exe
  C:\Windows\System\dZQtPzs.exe
  2⤵
  PID:6036
- C:\Windows\System\lWRFkcA.exe
  C:\Windows\System\lWRFkcA.exe
  2⤵
  PID:6056
- C:\Windows\System\bWaKDmq.exe
  C:\Windows\System\bWaKDmq.exe
  2⤵
  PID:6076
- C:\Windows\System\ICvdYJU.exe
  C:\Windows\System\ICvdYJU.exe
  2⤵
  PID:6096
- C:\Windows\System\wEzUySD.exe
  C:\Windows\System\wEzUySD.exe
  2⤵
  PID:6116
- C:\Windows\System\qfnWUlF.exe
  C:\Windows\System\qfnWUlF.exe
  2⤵
  PID:6136
- C:\Windows\System\pZMQbOL.exe
  C:\Windows\System\pZMQbOL.exe
  2⤵
  PID:4948
- C:\Windows\System\grioNlZ.exe
  C:\Windows\System\grioNlZ.exe
  2⤵
  PID:2244
- C:\Windows\System\ExjdUNB.exe
  C:\Windows\System\ExjdUNB.exe
  2⤵
  PID:5092
- C:\Windows\System\dHbdxYM.exe
  C:\Windows\System\dHbdxYM.exe
  2⤵
  PID:3776
- C:\Windows\System\TJNCHYN.exe
  C:\Windows\System\TJNCHYN.exe
  2⤵
  PID:2640
- C:\Windows\System\tkyaUkI.exe
  C:\Windows\System\tkyaUkI.exe
  2⤵
  PID:4124
- C:\Windows\System\GZAbFOH.exe
  C:\Windows\System\GZAbFOH.exe
  2⤵
  PID:4224
- C:\Windows\System\CHlIgIz.exe
  C:\Windows\System\CHlIgIz.exe
  2⤵
  PID:4368
- C:\Windows\System\IKnWhsv.exe
  C:\Windows\System\IKnWhsv.exe
  2⤵
  PID:4628
- C:\Windows\System\bdEHezs.exe
  C:\Windows\System\bdEHezs.exe
  2⤵
  PID:4828
- C:\Windows\System\luQeBny.exe
  C:\Windows\System\luQeBny.exe
  2⤵
  PID:5128
- C:\Windows\System\BtoQeuX.exe
  C:\Windows\System\BtoQeuX.exe
  2⤵
  PID:5160
- C:\Windows\System\gFeJViK.exe
  C:\Windows\System\gFeJViK.exe
  2⤵
  PID:5184
- C:\Windows\System\ypbviTS.exe
  C:\Windows\System\ypbviTS.exe
  2⤵
  PID:2260
- C:\Windows\System\JGjdvMi.exe
  C:\Windows\System\JGjdvMi.exe
  2⤵
  PID:5244
- C:\Windows\System\RpaIFox.exe
  C:\Windows\System\RpaIFox.exe
  2⤵
  PID:5268
- C:\Windows\System\MeswhIj.exe
  C:\Windows\System\MeswhIj.exe
  2⤵
  PID:5292
- C:\Windows\System\kdgDRIC.exe
  C:\Windows\System\kdgDRIC.exe
  2⤵
  PID:5352
- C:\Windows\System\CuoQUzX.exe
  C:\Windows\System\CuoQUzX.exe
  2⤵
  PID:5384
- C:\Windows\System\wcPPVCS.exe
  C:\Windows\System\wcPPVCS.exe
  2⤵
  PID:5404
- C:\Windows\System\UURYIdn.exe
  C:\Windows\System\UURYIdn.exe
  2⤵
  PID:5408
- C:\Windows\System\pzchrFa.exe
  C:\Windows\System\pzchrFa.exe
  2⤵
  PID:5464
- C:\Windows\System\pAPBZuI.exe
  C:\Windows\System\pAPBZuI.exe
  2⤵
  PID:5492
- C:\Windows\System\xnjhbql.exe
  C:\Windows\System\xnjhbql.exe
  2⤵
  PID:2236
- C:\Windows\System\WymMapn.exe
  C:\Windows\System\WymMapn.exe
  2⤵
  PID:5552
- C:\Windows\System\hXJgFwv.exe
  C:\Windows\System\hXJgFwv.exe
  2⤵
  PID:5584
- C:\Windows\System\nVeYqMz.exe
  C:\Windows\System\nVeYqMz.exe
  2⤵
  PID:5624
- C:\Windows\System\ZPRWHtm.exe
  C:\Windows\System\ZPRWHtm.exe
  2⤵
  PID:5644
- C:\Windows\System\XwOLGnh.exe
  C:\Windows\System\XwOLGnh.exe
  2⤵
  PID:5684
- C:\Windows\System\OYKxVAZ.exe
  C:\Windows\System\OYKxVAZ.exe
  2⤵
  PID:5708
- C:\Windows\System\RYucttG.exe
  C:\Windows\System\RYucttG.exe
  2⤵
  PID:5728
- C:\Windows\System\zTSqocU.exe
  C:\Windows\System\zTSqocU.exe
  2⤵
  PID:4792
- C:\Windows\System\IKxbRok.exe
  C:\Windows\System\IKxbRok.exe
  2⤵
  PID:5824
- C:\Windows\System\vaoksRb.exe
  C:\Windows\System\vaoksRb.exe
  2⤵
  PID:5864
- C:\Windows\System\kmRbMJc.exe
  C:\Windows\System\kmRbMJc.exe
  2⤵
  PID:5868
- C:\Windows\System\QGPrLHM.exe
  C:\Windows\System\QGPrLHM.exe
  2⤵
  PID:5912
- C:\Windows\System\JycrrGG.exe
  C:\Windows\System\JycrrGG.exe
  2⤵
  PID:5932
- C:\Windows\System\AaewCUY.exe
  C:\Windows\System\AaewCUY.exe
  2⤵
  PID:5984
- C:\Windows\System\MTLNmgX.exe
  C:\Windows\System\MTLNmgX.exe
  2⤵
  PID:6012
- C:\Windows\System\DsqkOCu.exe
  C:\Windows\System\DsqkOCu.exe
  2⤵
  PID:6008
- C:\Windows\System\iRWSbEQ.exe
  C:\Windows\System\iRWSbEQ.exe
  2⤵
  PID:6052
- C:\Windows\System\EMMchKs.exe
  C:\Windows\System\EMMchKs.exe
  2⤵
  PID:6088
- C:\Windows\System\lEaJLMT.exe
  C:\Windows\System\lEaJLMT.exe
  2⤵
  PID:6124
- C:\Windows\System\VRgDlOP.exe
  C:\Windows\System\VRgDlOP.exe
  2⤵
  PID:4976
- C:\Windows\System\yxPTrNA.exe
  C:\Windows\System\yxPTrNA.exe
  2⤵
  PID:2808
- C:\Windows\System\TsduHYs.exe
  C:\Windows\System\TsduHYs.exe
  2⤵
  PID:4048
- C:\Windows\System\hSMTxgc.exe
  C:\Windows\System\hSMTxgc.exe
  2⤵
  PID:3368
- C:\Windows\System\trxtHMK.exe
  C:\Windows\System\trxtHMK.exe
  2⤵
  PID:4508
- C:\Windows\System\UcRJgrz.exe
  C:\Windows\System\UcRJgrz.exe
  2⤵
  PID:836
- C:\Windows\System\lTGwnOj.exe
  C:\Windows\System\lTGwnOj.exe
  2⤵
  PID:4764
- C:\Windows\System\ycrqkPZ.exe
  C:\Windows\System\ycrqkPZ.exe
  2⤵
  PID:5144
- C:\Windows\System\YuYJsEp.exe
  C:\Windows\System\YuYJsEp.exe
  2⤵
  PID:5228
- C:\Windows\System\OSacrDQ.exe
  C:\Windows\System\OSacrDQ.exe
  2⤵
  PID:5272
- C:\Windows\System\YhYNBAY.exe
  C:\Windows\System\YhYNBAY.exe
  2⤵
  PID:5364
- C:\Windows\System\CUECAxM.exe
  C:\Windows\System\CUECAxM.exe
  2⤵
  PID:5388
- C:\Windows\System\XYXjPGK.exe
  C:\Windows\System\XYXjPGK.exe
  2⤵
  PID:5428
- C:\Windows\System\EWYPPmB.exe
  C:\Windows\System\EWYPPmB.exe
  2⤵
  PID:5468
- C:\Windows\System\DmBaHAU.exe
  C:\Windows\System\DmBaHAU.exe
  2⤵
  PID:5508
- C:\Windows\System\xbjSyRG.exe
  C:\Windows\System\xbjSyRG.exe
  2⤵
  PID:5568
- C:\Windows\System\UebRQzf.exe
  C:\Windows\System\UebRQzf.exe
  2⤵
  PID:5608
- C:\Windows\System\xQZMgRv.exe
  C:\Windows\System\xQZMgRv.exe
  2⤵
  PID:5704
- C:\Windows\System\LpvoyOG.exe
  C:\Windows\System\LpvoyOG.exe
  2⤵
  PID:5768
- C:\Windows\System\KPsuxQA.exe
  C:\Windows\System\KPsuxQA.exe
  2⤵
  PID:5772
- C:\Windows\System\MGIXMcR.exe
  C:\Windows\System\MGIXMcR.exe
  2⤵
  PID:5828
- C:\Windows\System\BSxqLss.exe
  C:\Windows\System\BSxqLss.exe
  2⤵
  PID:5924
- C:\Windows\System\ATIbLCE.exe
  C:\Windows\System\ATIbLCE.exe
  2⤵
  PID:6004
- C:\Windows\System\zAlxKkE.exe
  C:\Windows\System\zAlxKkE.exe
  2⤵
  PID:6072
- C:\Windows\System\pfcJHrR.exe
  C:\Windows\System\pfcJHrR.exe
  2⤵
  PID:2440
- C:\Windows\System\gzfcLGj.exe
  C:\Windows\System\gzfcLGj.exe
  2⤵
  PID:6104
- C:\Windows\System\LpzFijB.exe
  C:\Windows\System\LpzFijB.exe
  2⤵
  PID:6128
- C:\Windows\System\qYtAPLu.exe
  C:\Windows\System\qYtAPLu.exe
  2⤵
  PID:2544
- C:\Windows\System\mOAfzXn.exe
  C:\Windows\System\mOAfzXn.exe
  2⤵
  PID:4316
- C:\Windows\System\AoZNYas.exe
  C:\Windows\System\AoZNYas.exe
  2⤵
  PID:5188
- C:\Windows\System\xzrZKdX.exe
  C:\Windows\System\xzrZKdX.exe
  2⤵
  PID:3692
- C:\Windows\System\bZsaGfi.exe
  C:\Windows\System\bZsaGfi.exe
  2⤵
  PID:5308
- C:\Windows\System\SjDphCQ.exe
  C:\Windows\System\SjDphCQ.exe
  2⤵
  PID:5348
- C:\Windows\System\iKloDnf.exe
  C:\Windows\System\iKloDnf.exe
  2⤵
  PID:5484
- C:\Windows\System\ORklOoc.exe
  C:\Windows\System\ORklOoc.exe
  2⤵
  PID:2600
- C:\Windows\System\yEaBCIh.exe
  C:\Windows\System\yEaBCIh.exe
  2⤵
  PID:5564
- C:\Windows\System\NEABkbv.exe
  C:\Windows\System\NEABkbv.exe
  2⤵
  PID:5648
- C:\Windows\System\kzfppdI.exe
  C:\Windows\System\kzfppdI.exe
  2⤵
  PID:5724
- C:\Windows\System\kYFbQuJ.exe
  C:\Windows\System\kYFbQuJ.exe
  2⤵
  PID:5904
- C:\Windows\System\rZaiAgg.exe
  C:\Windows\System\rZaiAgg.exe
  2⤵
  PID:5964
- C:\Windows\System\lRomQtX.exe
  C:\Windows\System\lRomQtX.exe
  2⤵
  PID:5988
- C:\Windows\System\PlAoVdX.exe
  C:\Windows\System\PlAoVdX.exe
  2⤵
  PID:4904
- C:\Windows\System\taWCzBR.exe
  C:\Windows\System\taWCzBR.exe
  2⤵
  PID:1220
- C:\Windows\System\HShzlMl.exe
  C:\Windows\System\HShzlMl.exe
  2⤵
  PID:2528
- C:\Windows\System\SXHnwbH.exe
  C:\Windows\System\SXHnwbH.exe
  2⤵
  PID:4808
- C:\Windows\System\vhYevHg.exe
  C:\Windows\System\vhYevHg.exe
  2⤵
  PID:5324
- C:\Windows\System\IpFTgcj.exe
  C:\Windows\System\IpFTgcj.exe
  2⤵
  PID:2396
- C:\Windows\System\quuJduP.exe
  C:\Windows\System\quuJduP.exe
  2⤵
  PID:5368
- C:\Windows\System\iJsuRgb.exe
  C:\Windows\System\iJsuRgb.exe
  2⤵
  PID:5712
- C:\Windows\System\UWfBqbw.exe
  C:\Windows\System\UWfBqbw.exe
  2⤵
  PID:5848
- C:\Windows\System\wzsVsnC.exe
  C:\Windows\System\wzsVsnC.exe
  2⤵
  PID:5788
- C:\Windows\System\WbZbttZ.exe
  C:\Windows\System\WbZbttZ.exe
  2⤵
  PID:4260
- C:\Windows\System\LKQksUC.exe
  C:\Windows\System\LKQksUC.exe
  2⤵
  PID:5204
- C:\Windows\System\OlCkIpi.exe
  C:\Windows\System\OlCkIpi.exe
  2⤵
  PID:2500
- C:\Windows\System\hpTqCWI.exe
  C:\Windows\System\hpTqCWI.exe
  2⤵
  PID:6148
- C:\Windows\System\oLGOkKr.exe
  C:\Windows\System\oLGOkKr.exe
  2⤵
  PID:6168
- C:\Windows\System\cHTIFXo.exe
  C:\Windows\System\cHTIFXo.exe
  2⤵
  PID:6188
- C:\Windows\System\fFmXgCc.exe
  C:\Windows\System\fFmXgCc.exe
  2⤵
  PID:6208
- C:\Windows\System\UqMPriu.exe
  C:\Windows\System\UqMPriu.exe
  2⤵
  PID:6232
- C:\Windows\System\rdRtIcz.exe
  C:\Windows\System\rdRtIcz.exe
  2⤵
  PID:6256
- C:\Windows\System\IdcynUS.exe
  C:\Windows\System\IdcynUS.exe
  2⤵
  PID:6284
- C:\Windows\System\mnCujbv.exe
  C:\Windows\System\mnCujbv.exe
  2⤵
  PID:6300
- C:\Windows\System\WIzvISP.exe
  C:\Windows\System\WIzvISP.exe
  2⤵
  PID:6324
- C:\Windows\System\KJTFMRq.exe
  C:\Windows\System\KJTFMRq.exe
  2⤵
  PID:6344
- C:\Windows\System\niLPCSR.exe
  C:\Windows\System\niLPCSR.exe
  2⤵
  PID:6376
- C:\Windows\System\MiTWIeI.exe
  C:\Windows\System\MiTWIeI.exe
  2⤵
  PID:6396
- C:\Windows\System\CVAZPSG.exe
  C:\Windows\System\CVAZPSG.exe
  2⤵
  PID:6420
- C:\Windows\System\dtNwFJL.exe
  C:\Windows\System\dtNwFJL.exe
  2⤵
  PID:6440
- C:\Windows\System\beVeini.exe
  C:\Windows\System\beVeini.exe
  2⤵
  PID:6460
- C:\Windows\System\SjqNbPp.exe
  C:\Windows\System\SjqNbPp.exe
  2⤵
  PID:6480
- C:\Windows\System\ARpoeFZ.exe
  C:\Windows\System\ARpoeFZ.exe
  2⤵
  PID:6500
- C:\Windows\System\sIwmdCG.exe
  C:\Windows\System\sIwmdCG.exe
  2⤵
  PID:6516
- C:\Windows\System\lgkisUZ.exe
  C:\Windows\System\lgkisUZ.exe
  2⤵
  PID:6540
- C:\Windows\System\CZcvaSP.exe
  C:\Windows\System\CZcvaSP.exe
  2⤵
  PID:6560
- C:\Windows\System\yveAobU.exe
  C:\Windows\System\yveAobU.exe
  2⤵
  PID:6580
- C:\Windows\System\uoKPUfa.exe
  C:\Windows\System\uoKPUfa.exe
  2⤵
  PID:6600
- C:\Windows\System\pVSnWic.exe
  C:\Windows\System\pVSnWic.exe
  2⤵
  PID:6620
- C:\Windows\System\ExNGllJ.exe
  C:\Windows\System\ExNGllJ.exe
  2⤵
  PID:6640
- C:\Windows\System\fhUcrLk.exe
  C:\Windows\System\fhUcrLk.exe
  2⤵
  PID:6664
- C:\Windows\System\GToczLY.exe
  C:\Windows\System\GToczLY.exe
  2⤵
  PID:6684
- C:\Windows\System\uniIqWO.exe
  C:\Windows\System\uniIqWO.exe
  2⤵
  PID:6704
- C:\Windows\System\tGAjoBp.exe
  C:\Windows\System\tGAjoBp.exe
  2⤵
  PID:6732
- C:\Windows\System\SdwZufq.exe
  C:\Windows\System\SdwZufq.exe
  2⤵
  PID:6752
- C:\Windows\System\vktuORG.exe
  C:\Windows\System\vktuORG.exe
  2⤵
  PID:6772
- C:\Windows\System\XsnFAIm.exe
  C:\Windows\System\XsnFAIm.exe
  2⤵
  PID:6804
- C:\Windows\System\BwSTYxH.exe
  C:\Windows\System\BwSTYxH.exe
  2⤵
  PID:6824
- C:\Windows\System\qmYBxkQ.exe
  C:\Windows\System\qmYBxkQ.exe
  2⤵
  PID:6860
- C:\Windows\System\kiFRkXo.exe
  C:\Windows\System\kiFRkXo.exe
  2⤵
  PID:6880
- C:\Windows\System\AwiDKps.exe
  C:\Windows\System\AwiDKps.exe
  2⤵
  PID:6900
- C:\Windows\System\OHwLaEC.exe
  C:\Windows\System\OHwLaEC.exe
  2⤵
  PID:6920
- C:\Windows\System\tclYxxo.exe
  C:\Windows\System\tclYxxo.exe
  2⤵
  PID:6940
- C:\Windows\System\SgboTkD.exe
  C:\Windows\System\SgboTkD.exe
  2⤵
  PID:6960
- C:\Windows\System\sRJXdIA.exe
  C:\Windows\System\sRJXdIA.exe
  2⤵
  PID:6984
- C:\Windows\System\bGztSny.exe
  C:\Windows\System\bGztSny.exe
  2⤵
  PID:7004
- C:\Windows\System\UoxbWZH.exe
  C:\Windows\System\UoxbWZH.exe
  2⤵
  PID:7024
- C:\Windows\System\yWXTTNb.exe
  C:\Windows\System\yWXTTNb.exe
  2⤵
  PID:7044
- C:\Windows\System\qWjlBdc.exe
  C:\Windows\System\qWjlBdc.exe
  2⤵
  PID:7064
- C:\Windows\System\OKfzUgd.exe
  C:\Windows\System\OKfzUgd.exe
  2⤵
  PID:7084
- C:\Windows\System\NGtFDRJ.exe
  C:\Windows\System\NGtFDRJ.exe
  2⤵
  PID:7100
- C:\Windows\System\SISXCPW.exe
  C:\Windows\System\SISXCPW.exe
  2⤵
  PID:7124
- C:\Windows\System\nLZynmm.exe
  C:\Windows\System\nLZynmm.exe
  2⤵
  PID:7144
- C:\Windows\System\AtsEnhC.exe
  C:\Windows\System\AtsEnhC.exe
  2⤵
  PID:7164
- C:\Windows\System\CqhmDtd.exe
  C:\Windows\System\CqhmDtd.exe
  2⤵
  PID:5888
- C:\Windows\System\ljLYMeU.exe
  C:\Windows\System\ljLYMeU.exe
  2⤵
  PID:5892
- C:\Windows\System\NAaoEXz.exe
  C:\Windows\System\NAaoEXz.exe
  2⤵
  PID:6032
- C:\Windows\System\ThhYmmm.exe
  C:\Windows\System\ThhYmmm.exe
  2⤵
  PID:5544
- C:\Windows\System\ZjdFwAG.exe
  C:\Windows\System\ZjdFwAG.exe
  2⤵
  PID:6176
- C:\Windows\System\toQTIOs.exe
  C:\Windows\System\toQTIOs.exe
  2⤵
  PID:6180
- C:\Windows\System\RtMxoKF.exe
  C:\Windows\System\RtMxoKF.exe
  2⤵
  PID:6220
- C:\Windows\System\bIDiFAY.exe
  C:\Windows\System\bIDiFAY.exe
  2⤵
  PID:6264
- C:\Windows\System\RWAPuGo.exe
  C:\Windows\System\RWAPuGo.exe
  2⤵
  PID:6308
- C:\Windows\System\iuEDSRE.exe
  C:\Windows\System\iuEDSRE.exe
  2⤵
  PID:6312
- C:\Windows\System\OQPPmSz.exe
  C:\Windows\System\OQPPmSz.exe
  2⤵
  PID:2592
- C:\Windows\System\SHrMuQQ.exe
  C:\Windows\System\SHrMuQQ.exe
  2⤵
  PID:6412
- C:\Windows\System\bwPDIti.exe
  C:\Windows\System\bwPDIti.exe
  2⤵
  PID:6468
- C:\Windows\System\IkBgvEH.exe
  C:\Windows\System\IkBgvEH.exe
  2⤵
  PID:6532
- C:\Windows\System\twpaMNl.exe
  C:\Windows\System\twpaMNl.exe
  2⤵
  PID:6512
- C:\Windows\System\jdsLUKr.exe
  C:\Windows\System\jdsLUKr.exe
  2⤵
  PID:6572
- C:\Windows\System\yUgdshu.exe
  C:\Windows\System\yUgdshu.exe
  2⤵
  PID:6648
- C:\Windows\System\CfdcrAH.exe
  C:\Windows\System\CfdcrAH.exe
  2⤵
  PID:6692
- C:\Windows\System\zwjvlnq.exe
  C:\Windows\System\zwjvlnq.exe
  2⤵
  PID:6672
- C:\Windows\System\CcugJHz.exe
  C:\Windows\System\CcugJHz.exe
  2⤵
  PID:6716
- C:\Windows\System\vfmgBkT.exe
  C:\Windows\System\vfmgBkT.exe
  2⤵
  PID:6748
- C:\Windows\System\kLDUXkG.exe
  C:\Windows\System\kLDUXkG.exe
  2⤵
  PID:6788
- C:\Windows\System\SlAHnrP.exe
  C:\Windows\System\SlAHnrP.exe
  2⤵
  PID:6784
- C:\Windows\System\ZCrjxGR.exe
  C:\Windows\System\ZCrjxGR.exe
  2⤵
  PID:6836
- C:\Windows\System\vHMnaoH.exe
  C:\Windows\System\vHMnaoH.exe
  2⤵
  PID:6916
- C:\Windows\System\oavSowl.exe
  C:\Windows\System\oavSowl.exe
  2⤵
  PID:6956
- C:\Windows\System\VbApFFC.exe
  C:\Windows\System\VbApFFC.exe
  2⤵
  PID:6936
- C:\Windows\System\DGOhxwE.exe
  C:\Windows\System\DGOhxwE.exe
  2⤵
  PID:6968
- C:\Windows\System\JHLqZgS.exe
  C:\Windows\System\JHLqZgS.exe
  2⤵
  PID:7072
- C:\Windows\System\VJXDmuX.exe
  C:\Windows\System\VJXDmuX.exe
  2⤵
  PID:7076
- C:\Windows\System\kcPDhob.exe
  C:\Windows\System\kcPDhob.exe
  2⤵
  PID:7056
- C:\Windows\System\XAGDAqh.exe
  C:\Windows\System\XAGDAqh.exe
  2⤵
  PID:2456
- C:\Windows\System\dzGHJsT.exe
  C:\Windows\System\dzGHJsT.exe
  2⤵
  PID:7112
- C:\Windows\System\TwQTzzD.exe
  C:\Windows\System\TwQTzzD.exe
  2⤵
  PID:7136
- C:\Windows\System\xwQdFEd.exe
  C:\Windows\System\xwQdFEd.exe
  2⤵
  PID:2704
- C:\Windows\System\XHEJplc.exe
  C:\Windows\System\XHEJplc.exe
  2⤵
  PID:5604
- C:\Windows\System\vHqSsCu.exe
  C:\Windows\System\vHqSsCu.exe
  2⤵
  PID:5844
- C:\Windows\System\JdFidsC.exe
  C:\Windows\System\JdFidsC.exe
  2⤵
  PID:2636
- C:\Windows\System\RBDrEjW.exe
  C:\Windows\System\RBDrEjW.exe
  2⤵
  PID:6240
- C:\Windows\System\kqKfows.exe
  C:\Windows\System\kqKfows.exe
  2⤵
  PID:6404
- C:\Windows\System\VAyGbPa.exe
  C:\Windows\System\VAyGbPa.exe
  2⤵
  PID:6244
- C:\Windows\System\VnDWpPb.exe
  C:\Windows\System\VnDWpPb.exe
  2⤵
  PID:6384
- C:\Windows\System\sZektwu.exe
  C:\Windows\System\sZektwu.exe
  2⤵
  PID:6452
- C:\Windows\System\KCkhQjD.exe
  C:\Windows\System\KCkhQjD.exe
  2⤵
  PID:2512
- C:\Windows\System\UTqDjKB.exe
  C:\Windows\System\UTqDjKB.exe
  2⤵
  PID:2812
- C:\Windows\System\kJnZBZI.exe
  C:\Windows\System\kJnZBZI.exe
  2⤵
  PID:6392
- C:\Windows\System\LRxjruz.exe
  C:\Windows\System\LRxjruz.exe
  2⤵
  PID:1504
- C:\Windows\System\UyUivtt.exe
  C:\Windows\System\UyUivtt.exe
  2⤵
  PID:6556
- C:\Windows\System\pQXEHDo.exe
  C:\Windows\System\pQXEHDo.exe
  2⤵
  PID:2484
- C:\Windows\System\OcYudIg.exe
  C:\Windows\System\OcYudIg.exe
  2⤵
  PID:6616
- C:\Windows\System\jjFbLKG.exe
  C:\Windows\System\jjFbLKG.exe
  2⤵
  PID:2408
- C:\Windows\System\HbTRJgR.exe
  C:\Windows\System\HbTRJgR.exe
  2⤵
  PID:6780
- C:\Windows\System\OPXQaSf.exe
  C:\Windows\System\OPXQaSf.exe
  2⤵
  PID:6892
- C:\Windows\System\qideVTD.exe
  C:\Windows\System\qideVTD.exe
  2⤵
  PID:2952
- C:\Windows\System\DntbAVR.exe
  C:\Windows\System\DntbAVR.exe
  2⤵
  PID:6996
- C:\Windows\System\qSvsAko.exe
  C:\Windows\System\qSvsAko.exe
  2⤵
  PID:6760
- C:\Windows\System\xUiZSBT.exe
  C:\Windows\System\xUiZSBT.exe
  2⤵
  PID:6768
- C:\Windows\System\EWUDIsE.exe
  C:\Windows\System\EWUDIsE.exe
  2⤵
  PID:7160
- C:\Windows\System\aacuzoq.exe
  C:\Windows\System\aacuzoq.exe
  2⤵
  PID:6164
- C:\Windows\System\whLyUTw.exe
  C:\Windows\System\whLyUTw.exe
  2⤵
  PID:2108
- C:\Windows\System\ktinagh.exe
  C:\Windows\System\ktinagh.exe
  2⤵
  PID:7032
- C:\Windows\System\KJWPMlS.exe
  C:\Windows\System\KJWPMlS.exe
  2⤵
  PID:1608
- C:\Windows\System\epNfNLV.exe
  C:\Windows\System\epNfNLV.exe
  2⤵
  PID:3812
- C:\Windows\System\TEBFeAk.exe
  C:\Windows\System\TEBFeAk.exe
  2⤵
  PID:6908
- C:\Windows\System\WLsCJOy.exe
  C:\Windows\System\WLsCJOy.exe
  2⤵
  PID:7040
- C:\Windows\System\BgeSbBi.exe
  C:\Windows\System\BgeSbBi.exe
  2⤵
  PID:5532
- C:\Windows\System\pbFcOgK.exe
  C:\Windows\System\pbFcOgK.exe
  2⤵
  PID:6252
- C:\Windows\System\BVFxfUL.exe
  C:\Windows\System\BVFxfUL.exe
  2⤵
  PID:2864
- C:\Windows\System\IBQZsmS.exe
  C:\Windows\System\IBQZsmS.exe
  2⤵
  PID:1968
- C:\Windows\System\vgzBQaG.exe
  C:\Windows\System\vgzBQaG.exe
  2⤵
  PID:2616
- C:\Windows\System\avZeINf.exe
  C:\Windows\System\avZeINf.exe
  2⤵
  PID:1272
- C:\Windows\System\baKABIy.exe
  C:\Windows\System\baKABIy.exe
  2⤵
  PID:4932
- C:\Windows\System\EitvDId.exe
  C:\Windows\System\EitvDId.exe
  2⤵
  PID:1080
- C:\Windows\System\EJFkwRi.exe
  C:\Windows\System\EJFkwRi.exe
  2⤵
  PID:296
- C:\Windows\System\RVrzIjl.exe
  C:\Windows\System\RVrzIjl.exe
  2⤵
  PID:6700
- C:\Windows\System\qbRedyN.exe
  C:\Windows\System\qbRedyN.exe
  2⤵
  PID:7116
- C:\Windows\System\ZmrOniY.exe
  C:\Windows\System\ZmrOniY.exe
  2⤵
  PID:2728
- C:\Windows\System\UKJwfyc.exe
  C:\Windows\System\UKJwfyc.exe
  2⤵
  PID:2860
- C:\Windows\System\FAUMjHM.exe
  C:\Windows\System\FAUMjHM.exe
  2⤵
  PID:6952
- C:\Windows\System\ofKphqa.exe
  C:\Windows\System\ofKphqa.exe
  2⤵
  PID:7108
- C:\Windows\System\UelPVgt.exe
  C:\Windows\System\UelPVgt.exe
  2⤵
  PID:6156
- C:\Windows\System\tZrSens.exe
  C:\Windows\System\tZrSens.exe
  2⤵
  PID:2588
- C:\Windows\System\eXIobSr.exe
  C:\Windows\System\eXIobSr.exe
  2⤵
  PID:6612
- C:\Windows\System\nFQUimH.exe
  C:\Windows\System\nFQUimH.exe
  2⤵
  PID:6268
- C:\Windows\System\GhAfgov.exe
  C:\Windows\System\GhAfgov.exe
  2⤵
  PID:2360
- C:\Windows\System\GDZRrTv.exe
  C:\Windows\System\GDZRrTv.exe
  2⤵
  PID:6656
- C:\Windows\System\GFsZDPl.exe
  C:\Windows\System\GFsZDPl.exe
  2⤵
  PID:6696
- C:\Windows\System\AqNbgMi.exe
  C:\Windows\System\AqNbgMi.exe
  2⤵
  PID:7016
- C:\Windows\System\cpgbzzQ.exe
  C:\Windows\System\cpgbzzQ.exe
  2⤵
  PID:6976
- C:\Windows\System\FWuPxrY.exe
  C:\Windows\System\FWuPxrY.exe
  2⤵
  PID:1580
- C:\Windows\System\jaJGVDi.exe
  C:\Windows\System\jaJGVDi.exe
  2⤵
  PID:5452
- C:\Windows\System\HpcZZMN.exe
  C:\Windows\System\HpcZZMN.exe
  2⤵
  PID:6948
- C:\Windows\System\ICzJBNd.exe
  C:\Windows\System\ICzJBNd.exe
  2⤵
  PID:6896
- C:\Windows\System\peCktKr.exe
  C:\Windows\System\peCktKr.exe
  2⤵
  PID:6488
- C:\Windows\System\OWHkTdF.exe
  C:\Windows\System\OWHkTdF.exe
  2⤵
  PID:6472
- C:\Windows\System\QpAfylc.exe
  C:\Windows\System\QpAfylc.exe
  2⤵
  PID:1132
- C:\Windows\System\PXKfrtq.exe
  C:\Windows\System\PXKfrtq.exe
  2⤵
  PID:6872
- C:\Windows\System\XyjHYQF.exe
  C:\Windows\System\XyjHYQF.exe
  2⤵
  PID:5852
- C:\Windows\System\dAxqMWi.exe
  C:\Windows\System\dAxqMWi.exe
  2⤵
  PID:5032
- C:\Windows\System\pAkccOY.exe
  C:\Windows\System\pAkccOY.exe
  2⤵
  PID:6508
- C:\Windows\System\MjVqero.exe
  C:\Windows\System\MjVqero.exe
  2⤵
  PID:6660
- C:\Windows\System\FYVnUAl.exe
  C:\Windows\System\FYVnUAl.exe
  2⤵
  PID:6292
- C:\Windows\System\fIDDtlN.exe
  C:\Windows\System\fIDDtlN.exe
  2⤵
  PID:7180
- C:\Windows\System\wvQSZdR.exe
  C:\Windows\System\wvQSZdR.exe
  2⤵
  PID:7196
- C:\Windows\System\wyOAWAf.exe
  C:\Windows\System\wyOAWAf.exe
  2⤵
  PID:7212
- C:\Windows\System\iGFjSIz.exe
  C:\Windows\System\iGFjSIz.exe
  2⤵
  PID:7228
- C:\Windows\System\hwijSQy.exe
  C:\Windows\System\hwijSQy.exe
  2⤵
  PID:7244
- C:\Windows\System\NiwbTxK.exe
  C:\Windows\System\NiwbTxK.exe
  2⤵
  PID:7300
- C:\Windows\System\NVswOFj.exe
  C:\Windows\System\NVswOFj.exe
  2⤵
  PID:7316
- C:\Windows\System\houKBxQ.exe
  C:\Windows\System\houKBxQ.exe
  2⤵
  PID:7336
- C:\Windows\System\mOdpykE.exe
  C:\Windows\System\mOdpykE.exe
  2⤵
  PID:7352
- C:\Windows\System\favKfIJ.exe
  C:\Windows\System\favKfIJ.exe
  2⤵
  PID:7368
- C:\Windows\System\eplrMfR.exe
  C:\Windows\System\eplrMfR.exe
  2⤵
  PID:7384
- C:\Windows\System\qUJqSKx.exe
  C:\Windows\System\qUJqSKx.exe
  2⤵
  PID:7404
- C:\Windows\System\aOYeBGa.exe
  C:\Windows\System\aOYeBGa.exe
  2⤵
  PID:7424
- C:\Windows\System\sGFMwph.exe
  C:\Windows\System\sGFMwph.exe
  2⤵
  PID:7452
- C:\Windows\System\TUSugOf.exe
  C:\Windows\System\TUSugOf.exe
  2⤵
  PID:7476
- C:\Windows\System\pogBwKi.exe
  C:\Windows\System\pogBwKi.exe
  2⤵
  PID:7500
- C:\Windows\System\gcIXlYP.exe
  C:\Windows\System\gcIXlYP.exe
  2⤵
  PID:7524
- C:\Windows\System\NPbttXw.exe
  C:\Windows\System\NPbttXw.exe
  2⤵
  PID:7544
- C:\Windows\System\kYpbBHI.exe
  C:\Windows\System\kYpbBHI.exe
  2⤵
  PID:7560
- C:\Windows\System\jiEokdW.exe
  C:\Windows\System\jiEokdW.exe
  2⤵
  PID:7576
- C:\Windows\System\pgqludX.exe
  C:\Windows\System\pgqludX.exe
  2⤵
  PID:7596
- C:\Windows\System\HYCqsTP.exe
  C:\Windows\System\HYCqsTP.exe
  2⤵
  PID:7612
- C:\Windows\System\WhtAOuz.exe
  C:\Windows\System\WhtAOuz.exe
  2⤵
  PID:7636
- C:\Windows\System\emzhkLt.exe
  C:\Windows\System\emzhkLt.exe
  2⤵
  PID:7664
- C:\Windows\System\jGToXNt.exe
  C:\Windows\System\jGToXNt.exe
  2⤵
  PID:7680
- C:\Windows\System\qEHBrKQ.exe
  C:\Windows\System\qEHBrKQ.exe
  2⤵
  PID:7696
- C:\Windows\System\TXxOHrD.exe
  C:\Windows\System\TXxOHrD.exe
  2⤵
  PID:7720
- C:\Windows\System\aocBZFY.exe
  C:\Windows\System\aocBZFY.exe
  2⤵
  PID:7736
- C:\Windows\System\JUMuWkD.exe
  C:\Windows\System\JUMuWkD.exe
  2⤵
  PID:7756
- C:\Windows\System\IbMCATk.exe
  C:\Windows\System\IbMCATk.exe
  2⤵
  PID:7772
- C:\Windows\System\Lgpsgng.exe
  C:\Windows\System\Lgpsgng.exe
  2⤵
  PID:7788
- C:\Windows\System\gFnhalK.exe
  C:\Windows\System\gFnhalK.exe
  2⤵
  PID:7804
- C:\Windows\System\IUYEUKq.exe
  C:\Windows\System\IUYEUKq.exe
  2⤵
  PID:7828
- C:\Windows\System\DweJTPe.exe
  C:\Windows\System\DweJTPe.exe
  2⤵
  PID:7864
- C:\Windows\System\sixbIkU.exe
  C:\Windows\System\sixbIkU.exe
  2⤵
  PID:7880
- C:\Windows\System\HQFWFrn.exe
  C:\Windows\System\HQFWFrn.exe
  2⤵
  PID:7896
- C:\Windows\System\JLvpoHt.exe
  C:\Windows\System\JLvpoHt.exe
  2⤵
  PID:7912
- C:\Windows\System\EvRwwJr.exe
  C:\Windows\System\EvRwwJr.exe
  2⤵
  PID:7932
- C:\Windows\System\CVooiWp.exe
  C:\Windows\System\CVooiWp.exe
  2⤵
  PID:7952
- C:\Windows\System\tOSyIbA.exe
  C:\Windows\System\tOSyIbA.exe
  2⤵
  PID:7984
- C:\Windows\System\CoCXCCE.exe
  C:\Windows\System\CoCXCCE.exe
  2⤵
  PID:8000
- C:\Windows\System\dpdNIVU.exe
  C:\Windows\System\dpdNIVU.exe
  2⤵
  PID:8016
- C:\Windows\System\vfraWtR.exe
  C:\Windows\System\vfraWtR.exe
  2⤵
  PID:8032
- C:\Windows\System\CrsZFoB.exe
  C:\Windows\System\CrsZFoB.exe
  2⤵
  PID:8056
- C:\Windows\System\AjFUOoP.exe
  C:\Windows\System\AjFUOoP.exe
  2⤵
  PID:8076
- C:\Windows\System\ipaNOZH.exe
  C:\Windows\System\ipaNOZH.exe
  2⤵
  PID:8092
- C:\Windows\System\pMYBOwh.exe
  C:\Windows\System\pMYBOwh.exe
  2⤵
  PID:8108
- C:\Windows\System\fsRrRGX.exe
  C:\Windows\System\fsRrRGX.exe
  2⤵
  PID:8124
- C:\Windows\System\YTlHKMU.exe
  C:\Windows\System\YTlHKMU.exe
  2⤵
  PID:8144
- C:\Windows\System\qYHttZZ.exe
  C:\Windows\System\qYHttZZ.exe
  2⤵
  PID:8160
- C:\Windows\System\gCSTQrx.exe
  C:\Windows\System\gCSTQrx.exe
  2⤵
  PID:8184
- C:\Windows\System\SBzrpAU.exe
  C:\Windows\System\SBzrpAU.exe
  2⤵
  PID:7096
- C:\Windows\System\AuywsAQ.exe
  C:\Windows\System\AuywsAQ.exe
  2⤵
  PID:1992
- C:\Windows\System\trMYZsP.exe
  C:\Windows\System\trMYZsP.exe
  2⤵
  PID:7192
- C:\Windows\System\zywfapL.exe
  C:\Windows\System\zywfapL.exe
  2⤵
  PID:7256
- C:\Windows\System\wpxnyUl.exe
  C:\Windows\System\wpxnyUl.exe
  2⤵
  PID:7276
- C:\Windows\System\dfzRsfX.exe
  C:\Windows\System\dfzRsfX.exe
  2⤵
  PID:7208
- C:\Windows\System\AQeuFnN.exe
  C:\Windows\System\AQeuFnN.exe
  2⤵
  PID:7364
- C:\Windows\System\rftXlLK.exe
  C:\Windows\System\rftXlLK.exe
  2⤵
  PID:7312
- C:\Windows\System\GEsQkPX.exe
  C:\Windows\System\GEsQkPX.exe
  2⤵
  PID:7416
- C:\Windows\System\ctqYRUf.exe
  C:\Windows\System\ctqYRUf.exe
  2⤵
  PID:7440
- C:\Windows\System\pQiqmvK.exe
  C:\Windows\System\pQiqmvK.exe
  2⤵
  PID:7472
- C:\Windows\System\YBmYaoP.exe
  C:\Windows\System\YBmYaoP.exe
  2⤵
  PID:7492
- C:\Windows\System\UjOjxXn.exe
  C:\Windows\System\UjOjxXn.exe
  2⤵
  PID:7516
- C:\Windows\System\CaVrHAU.exe
  C:\Windows\System\CaVrHAU.exe
  2⤵
  PID:7552
- C:\Windows\System\fqazYGt.exe
  C:\Windows\System\fqazYGt.exe
  2⤵
  PID:7608
- C:\Windows\System\pqxqZfi.exe
  C:\Windows\System\pqxqZfi.exe
  2⤵
  PID:7620
- C:\Windows\System\coSpLKH.exe
  C:\Windows\System\coSpLKH.exe
  2⤵
  PID:7676
- C:\Windows\System\zIrUBUQ.exe
  C:\Windows\System\zIrUBUQ.exe
  2⤵
  PID:7744
- C:\Windows\System\eBWiKdm.exe
  C:\Windows\System\eBWiKdm.exe
  2⤵
  PID:7656
- C:\Windows\System\rZDTzGP.exe
  C:\Windows\System\rZDTzGP.exe
  2⤵
  PID:7728
- C:\Windows\System\BQpVTDz.exe
  C:\Windows\System\BQpVTDz.exe
  2⤵
  PID:7816
- C:\Windows\System\ilQYJQr.exe
  C:\Windows\System\ilQYJQr.exe
  2⤵
  PID:7844
- C:\Windows\System\lgWBhjR.exe
  C:\Windows\System\lgWBhjR.exe
  2⤵
  PID:7888
- C:\Windows\System\oSxShYP.exe
  C:\Windows\System\oSxShYP.exe
  2⤵
  PID:7876
- C:\Windows\System\MYlLnFj.exe
  C:\Windows\System\MYlLnFj.exe
  2⤵
  PID:7908
- C:\Windows\System\cznKpOh.exe
  C:\Windows\System\cznKpOh.exe
  2⤵
  PID:7976
- C:\Windows\System\IgKDqbu.exe
  C:\Windows\System\IgKDqbu.exe
  2⤵
  PID:7992
- C:\Windows\System\QymDMar.exe
  C:\Windows\System\QymDMar.exe
  2⤵
  PID:8052
- C:\Windows\System\MgjLVXD.exe
  C:\Windows\System\MgjLVXD.exe
  2⤵
  PID:8120
- C:\Windows\System\XQdnyzW.exe
  C:\Windows\System\XQdnyzW.exe
  2⤵
  PID:8156
- C:\Windows\System\TtTXfqG.exe
  C:\Windows\System\TtTXfqG.exe
  2⤵
  PID:8072
- C:\Windows\System\sKHJUtq.exe
  C:\Windows\System\sKHJUtq.exe
  2⤵
  PID:8140
- C:\Windows\System\nAaBDew.exe
  C:\Windows\System\nAaBDew.exe
  2⤵
  PID:8168
- C:\Windows\System\MqsXDyv.exe
  C:\Windows\System\MqsXDyv.exe
  2⤵
  PID:7172
- C:\Windows\System\stcRwbX.exe
  C:\Windows\System\stcRwbX.exe
  2⤵
  PID:7204
- C:\Windows\System\pCoGkMY.exe
  C:\Windows\System\pCoGkMY.exe
  2⤵
  PID:7268
- C:\Windows\System\ZagmeXP.exe
  C:\Windows\System\ZagmeXP.exe
  2⤵
  PID:7236
- C:\Windows\System\lbwpoIC.exe
  C:\Windows\System\lbwpoIC.exe
  2⤵
  PID:7412
- C:\Windows\System\ImdiRjj.exe
  C:\Windows\System\ImdiRjj.exe
  2⤵
  PID:7432
- C:\Windows\System\tmVyFqp.exe
  C:\Windows\System\tmVyFqp.exe
  2⤵
  PID:2788
- C:\Windows\System\ZnZkYej.exe
  C:\Windows\System\ZnZkYej.exe
  2⤵
  PID:7592
- C:\Windows\System\cGgqzTW.exe
  C:\Windows\System\cGgqzTW.exe
  2⤵
  PID:7628
- C:\Windows\System\NxZiYjK.exe
  C:\Windows\System\NxZiYjK.exe
  2⤵
  PID:7572
- C:\Windows\System\lhBpzDV.exe
  C:\Windows\System\lhBpzDV.exe
  2⤵
  PID:7716
- C:\Windows\System\JXAUxER.exe
  C:\Windows\System\JXAUxER.exe
  2⤵
  PID:7708
- C:\Windows\System\csGSPgi.exe
  C:\Windows\System\csGSPgi.exe
  2⤵
  PID:7732
- C:\Windows\System\WbzbrKa.exe
  C:\Windows\System\WbzbrKa.exe
  2⤵
  PID:7856
- C:\Windows\System\FATfJtO.exe
  C:\Windows\System\FATfJtO.exe
  2⤵
  PID:7920
- C:\Windows\System\oxjYNCe.exe
  C:\Windows\System\oxjYNCe.exe
  2⤵
  PID:7972
- C:\Windows\System\jFoVJXt.exe
  C:\Windows\System\jFoVJXt.exe
  2⤵
  PID:8044
- C:\Windows\System\DFdnrJN.exe
  C:\Windows\System\DFdnrJN.exe
  2⤵
  PID:8116
- C:\Windows\System\jZhkQNZ.exe
  C:\Windows\System\jZhkQNZ.exe
  2⤵
  PID:8064
- C:\Windows\System\JmDmvry.exe
  C:\Windows\System\JmDmvry.exe
  2⤵
  PID:7188
- C:\Windows\System\xbyVsal.exe
  C:\Windows\System\xbyVsal.exe
  2⤵
  PID:8028
- C:\Windows\System\JlVrZbk.exe
  C:\Windows\System\JlVrZbk.exe
  2⤵
  PID:8104
- C:\Windows\System\wjBRvzF.exe
  C:\Windows\System\wjBRvzF.exe
  2⤵
  PID:7308
- C:\Windows\System\hIXsHxL.exe
  C:\Windows\System\hIXsHxL.exe
  2⤵
  PID:2632
- C:\Windows\System\iVTpTBd.exe
  C:\Windows\System\iVTpTBd.exe
  2⤵
  PID:7748
- C:\Windows\System\mJSOaes.exe
  C:\Windows\System\mJSOaes.exe
  2⤵
  PID:7584
- C:\Windows\System\PxIgQjd.exe
  C:\Windows\System\PxIgQjd.exe
  2⤵
  PID:8040
- C:\Windows\System\oDYwtHi.exe
  C:\Windows\System\oDYwtHi.exe
  2⤵
  PID:7288
- C:\Windows\System\nJCtdqn.exe
  C:\Windows\System\nJCtdqn.exe
  2⤵
  PID:7904
- C:\Windows\System\EOmJoNj.exe
  C:\Windows\System\EOmJoNj.exe
  2⤵
  PID:7324
- C:\Windows\System\lqnkhwz.exe
  C:\Windows\System\lqnkhwz.exe
  2⤵
  PID:8172
- C:\Windows\System\CPrYcKd.exe
  C:\Windows\System\CPrYcKd.exe
  2⤵
  PID:7460
- C:\Windows\System\RvVJbAB.exe
  C:\Windows\System\RvVJbAB.exe
  2⤵
  PID:8012
- C:\Windows\System\tMbwBlF.exe
  C:\Windows\System\tMbwBlF.exe
  2⤵
  PID:7508
- C:\Windows\System\VXRypcz.exe
  C:\Windows\System\VXRypcz.exe
  2⤵
  PID:7840
- C:\Windows\System\XkwFcKa.exe
  C:\Windows\System\XkwFcKa.exe
  2⤵
  PID:7964
- C:\Windows\System\zHNnKLi.exe
  C:\Windows\System\zHNnKLi.exe
  2⤵
  PID:7968
- C:\Windows\System\hUJKmnd.exe
  C:\Windows\System\hUJKmnd.exe
  2⤵
  PID:7796
- C:\Windows\System\huejXya.exe
  C:\Windows\System\huejXya.exe
  2⤵
  PID:7156
- C:\Windows\System\FBExwve.exe
  C:\Windows\System\FBExwve.exe
  2⤵
  PID:7860
- C:\Windows\System\LYYanxi.exe
  C:\Windows\System\LYYanxi.exe
  2⤵
  PID:7568
- C:\Windows\System\DzWBYmE.exe
  C:\Windows\System\DzWBYmE.exe
  2⤵
  PID:7444
- C:\Windows\System\lQfgvvG.exe
  C:\Windows\System\lQfgvvG.exe
  2⤵
  PID:7852
- C:\Windows\System\vAzofNj.exe
  C:\Windows\System\vAzofNj.exe
  2⤵
  PID:7704
- C:\Windows\System\GoKPUNA.exe
  C:\Windows\System\GoKPUNA.exe
  2⤵
  PID:7284
- C:\Windows\System\aqVjwaU.exe
  C:\Windows\System\aqVjwaU.exe
  2⤵
  PID:7812
- C:\Windows\System\IaTEgOZ.exe
  C:\Windows\System\IaTEgOZ.exe
  2⤵
  PID:7328
- C:\Windows\System\EZKLvxU.exe
  C:\Windows\System\EZKLvxU.exe
  2⤵
  PID:8204
- C:\Windows\System\rCoLRjA.exe
  C:\Windows\System\rCoLRjA.exe
  2⤵
  PID:8228
- C:\Windows\System\MvqwttC.exe
  C:\Windows\System\MvqwttC.exe
  2⤵
  PID:8244
- C:\Windows\System\sdWUtLa.exe
  C:\Windows\System\sdWUtLa.exe
  2⤵
  PID:8276
- C:\Windows\System\pVlWfxU.exe
  C:\Windows\System\pVlWfxU.exe
  2⤵
  PID:8292
- C:\Windows\System\wwGGfVy.exe
  C:\Windows\System\wwGGfVy.exe
  2⤵
  PID:8312
- C:\Windows\System\HiCCloS.exe
  C:\Windows\System\HiCCloS.exe
  2⤵
  PID:8336
- C:\Windows\System\IdQlRuS.exe
  C:\Windows\System\IdQlRuS.exe
  2⤵
  PID:8356
- C:\Windows\System\POPMrBx.exe
  C:\Windows\System\POPMrBx.exe
  2⤵
  PID:8372
- C:\Windows\System\GNUVzFr.exe
  C:\Windows\System\GNUVzFr.exe
  2⤵
  PID:8388
- C:\Windows\System\hddyAmn.exe
  C:\Windows\System\hddyAmn.exe
  2⤵
  PID:8412
- C:\Windows\System\kVehisF.exe
  C:\Windows\System\kVehisF.exe
  2⤵
  PID:8432
- C:\Windows\System\HJErUsD.exe
  C:\Windows\System\HJErUsD.exe
  2⤵
  PID:8452
- C:\Windows\System\DnFfjEt.exe
  C:\Windows\System\DnFfjEt.exe
  2⤵
  PID:8468
- C:\Windows\System\ZoEkKnc.exe
  C:\Windows\System\ZoEkKnc.exe
  2⤵
  PID:8492
- C:\Windows\System\CsLrLhc.exe
  C:\Windows\System\CsLrLhc.exe
  2⤵
  PID:8512
- C:\Windows\System\uGoCLlT.exe
  C:\Windows\System\uGoCLlT.exe
  2⤵
  PID:8528
- C:\Windows\System\zimOpuV.exe
  C:\Windows\System\zimOpuV.exe
  2⤵
  PID:8552
- C:\Windows\System\TywRgxY.exe
  C:\Windows\System\TywRgxY.exe
  2⤵
  PID:8580
- C:\Windows\System\zwrTsMA.exe
  C:\Windows\System\zwrTsMA.exe
  2⤵
  PID:8596
- C:\Windows\System\byOUhrn.exe
  C:\Windows\System\byOUhrn.exe
  2⤵
  PID:8616
- C:\Windows\System\FOPDNMf.exe
  C:\Windows\System\FOPDNMf.exe
  2⤵
  PID:8632
- C:\Windows\System\KIwJVsE.exe
  C:\Windows\System\KIwJVsE.exe
  2⤵
  PID:8648
- C:\Windows\System\CxPWKds.exe
  C:\Windows\System\CxPWKds.exe
  2⤵
  PID:8680
- C:\Windows\System\GyIzulS.exe
  C:\Windows\System\GyIzulS.exe
  2⤵
  PID:8696
- C:\Windows\System\bZkQWpF.exe
  C:\Windows\System\bZkQWpF.exe
  2⤵
  PID:8712
- C:\Windows\System\ruZbfRY.exe
  C:\Windows\System\ruZbfRY.exe
  2⤵
  PID:8728
- C:\Windows\System\HuPUryB.exe
  C:\Windows\System\HuPUryB.exe
  2⤵
  PID:8744
- C:\Windows\System\FyxIqFD.exe
  C:\Windows\System\FyxIqFD.exe
  2⤵
  PID:8776
- C:\Windows\System\VrOFOjT.exe
  C:\Windows\System\VrOFOjT.exe
  2⤵
  PID:8812
- C:\Windows\System\MHkPULM.exe
  C:\Windows\System\MHkPULM.exe
  2⤵
  PID:8828
- C:\Windows\System\JpgMqPm.exe
  C:\Windows\System\JpgMqPm.exe
  2⤵
  PID:8848
- C:\Windows\System\HGsmyxd.exe
  C:\Windows\System\HGsmyxd.exe
  2⤵
  PID:8864
- C:\Windows\System\GdCbYFf.exe
  C:\Windows\System\GdCbYFf.exe
  2⤵
  PID:8892
- C:\Windows\System\kOXmyqj.exe
  C:\Windows\System\kOXmyqj.exe
  2⤵
  PID:8916
- C:\Windows\System\IefjHwj.exe
  C:\Windows\System\IefjHwj.exe
  2⤵
  PID:8932
- C:\Windows\System\tPNUviW.exe
  C:\Windows\System\tPNUviW.exe
  2⤵
  PID:8956
- C:\Windows\System\NOBvucK.exe
  C:\Windows\System\NOBvucK.exe
  2⤵
  PID:8972
- C:\Windows\System\NaxLIoD.exe
  C:\Windows\System\NaxLIoD.exe
  2⤵
  PID:8988
- C:\Windows\System\zatYTKy.exe
  C:\Windows\System\zatYTKy.exe
  2⤵
  PID:9012
- C:\Windows\System\NRVHtUl.exe
  C:\Windows\System\NRVHtUl.exe
  2⤵
  PID:9032
- C:\Windows\System\kHlpZJO.exe
  C:\Windows\System\kHlpZJO.exe
  2⤵
  PID:9052
- C:\Windows\System\kwUPqrS.exe
  C:\Windows\System\kwUPqrS.exe
  2⤵
  PID:9068
- C:\Windows\System\xzsaVhN.exe
  C:\Windows\System\xzsaVhN.exe
  2⤵
  PID:9088
- C:\Windows\System\ACRjefP.exe
  C:\Windows\System\ACRjefP.exe
  2⤵
  PID:9116
- C:\Windows\System\YCxcgZS.exe
  C:\Windows\System\YCxcgZS.exe
  2⤵
  PID:9136
- C:\Windows\System\pKiXdsg.exe
  C:\Windows\System\pKiXdsg.exe
  2⤵
  PID:9156
- C:\Windows\System\wFvEZvW.exe
  C:\Windows\System\wFvEZvW.exe
  2⤵
  PID:9172
- C:\Windows\System\ndhmzxq.exe
  C:\Windows\System\ndhmzxq.exe
  2⤵
  PID:9192
- C:\Windows\System\BlQDFbt.exe
  C:\Windows\System\BlQDFbt.exe
  2⤵
  PID:9212
- C:\Windows\System\GslMMgw.exe
  C:\Windows\System\GslMMgw.exe
  2⤵
  PID:8224
- C:\Windows\System\WqTchiC.exe
  C:\Windows\System\WqTchiC.exe
  2⤵
  PID:8252
- C:\Windows\System\WxhUwbF.exe
  C:\Windows\System\WxhUwbF.exe
  2⤵
  PID:8264
- C:\Windows\System\dNeEPcd.exe
  C:\Windows\System\dNeEPcd.exe
  2⤵
  PID:8320
- C:\Windows\System\AxINJjI.exe
  C:\Windows\System\AxINJjI.exe
  2⤵
  PID:8348
- C:\Windows\System\QDKjsrz.exe
  C:\Windows\System\QDKjsrz.exe
  2⤵
  PID:8408
- C:\Windows\System\PZLCUYm.exe
  C:\Windows\System\PZLCUYm.exe
  2⤵
  PID:8384
- C:\Windows\System\avvhDtr.exe
  C:\Windows\System\avvhDtr.exe
  2⤵
  PID:8476
- C:\Windows\System\KONcuKq.exe
  C:\Windows\System\KONcuKq.exe
  2⤵
  PID:8500
- C:\Windows\System\BwBWuCT.exe
  C:\Windows\System\BwBWuCT.exe
  2⤵
  PID:8520
- C:\Windows\System\NNcEOem.exe
  C:\Windows\System\NNcEOem.exe
  2⤵
  PID:8548
- C:\Windows\System\VIObcaN.exe
  C:\Windows\System\VIObcaN.exe
  2⤵
  PID:8588
- C:\Windows\System\NfJkGll.exe
  C:\Windows\System\NfJkGll.exe
  2⤵
  PID:8644
- C:\Windows\System\gVrCWDV.exe
  C:\Windows\System\gVrCWDV.exe
  2⤵
  PID:8660
- C:\Windows\System\ZxYRkGu.exe
  C:\Windows\System\ZxYRkGu.exe
  2⤵
  PID:8688
- C:\Windows\System\cgKtbpU.exe
  C:\Windows\System\cgKtbpU.exe
  2⤵
  PID:8708
- C:\Windows\System\kUqTbHH.exe
  C:\Windows\System\kUqTbHH.exe
  2⤵
  PID:8772
- C:\Windows\System\cvinhrU.exe
  C:\Windows\System\cvinhrU.exe
  2⤵
  PID:8784
- C:\Windows\System\wbtlQug.exe
  C:\Windows\System\wbtlQug.exe
  2⤵
  PID:1004
- C:\Windows\System\jxWRZrd.exe
  C:\Windows\System\jxWRZrd.exe
  2⤵
  PID:8856
- C:\Windows\System\tdeFyRH.exe
  C:\Windows\System\tdeFyRH.exe
  2⤵
  PID:8844
- C:\Windows\System\uMRolqR.exe
  C:\Windows\System\uMRolqR.exe
  2⤵
  PID:8900
- C:\Windows\System\osFNrGs.exe
  C:\Windows\System\osFNrGs.exe
  2⤵
  PID:8928
- C:\Windows\System\MzFlKOX.exe
  C:\Windows\System\MzFlKOX.exe
  2⤵
  PID:9020
- C:\Windows\System\oZnZRCx.exe
  C:\Windows\System\oZnZRCx.exe
  2⤵
  PID:9008
- C:\Windows\System\kRnyZmx.exe
  C:\Windows\System\kRnyZmx.exe
  2⤵
  PID:9060
- C:\Windows\System\VjodIgO.exe
  C:\Windows\System\VjodIgO.exe
  2⤵
  PID:9096
- C:\Windows\System\IuvbQGp.exe
  C:\Windows\System\IuvbQGp.exe
  2⤵
  PID:9108
- C:\Windows\System\ugOrPwQ.exe
  C:\Windows\System\ugOrPwQ.exe
  2⤵
  PID:9144
- C:\Windows\System\CdiqNmr.exe
  C:\Windows\System\CdiqNmr.exe
  2⤵
  PID:9188
- C:\Windows\System\ljbHugz.exe
  C:\Windows\System\ljbHugz.exe
  2⤵
  PID:8308
- C:\Windows\System\pfxQmJu.exe
  C:\Windows\System\pfxQmJu.exe
  2⤵
  PID:8344
- C:\Windows\System\TanZjdB.exe
  C:\Windows\System\TanZjdB.exe
  2⤵
  PID:9208
- C:\Windows\System\gbUqBQS.exe
  C:\Windows\System\gbUqBQS.exe
  2⤵
  PID:8268
- C:\Windows\System\ebdZtxd.exe
  C:\Windows\System\ebdZtxd.exe
  2⤵
  PID:8440
- C:\Windows\System\PNhkGRE.exe
  C:\Windows\System\PNhkGRE.exe
  2⤵
  PID:8464
- C:\Windows\System\kwUPbbw.exe
  C:\Windows\System\kwUPbbw.exe
  2⤵
  PID:8508
- C:\Windows\System\UmYinqT.exe
  C:\Windows\System\UmYinqT.exe
  2⤵
  PID:8604
- C:\Windows\System\knimwkm.exe
  C:\Windows\System\knimwkm.exe
  2⤵
  PID:8608
- C:\Windows\System\tVpwbLi.exe
  C:\Windows\System\tVpwbLi.exe
  2⤵
  PID:8676
- C:\Windows\System\jWXUfjf.exe
  C:\Windows\System\jWXUfjf.exe
  2⤵
  PID:8796
- C:\Windows\System\FIJKlcn.exe
  C:\Windows\System\FIJKlcn.exe
  2⤵
  PID:8740
- C:\Windows\System\NCTfQuP.exe
  C:\Windows\System\NCTfQuP.exe
  2⤵
  PID:8764
- C:\Windows\System\NlZfwjI.exe
  C:\Windows\System\NlZfwjI.exe
  2⤵
  PID:8944
- C:\Windows\System\flWuisU.exe
  C:\Windows\System\flWuisU.exe
  2⤵
  PID:8884
- C:\Windows\System\KWsQmKS.exe
  C:\Windows\System\KWsQmKS.exe
  2⤵
  PID:6636
- C:\Windows\System\PNvlVWV.exe
  C:\Windows\System\PNvlVWV.exe
  2⤵
  PID:8908
- C:\Windows\System\AqBsBrD.exe
  C:\Windows\System\AqBsBrD.exe
  2⤵
  PID:9084
- C:\Windows\System\zzPAMBr.exe
  C:\Windows\System\zzPAMBr.exe
  2⤵
  PID:9184
- C:\Windows\System\gtJfTdM.exe
  C:\Windows\System\gtJfTdM.exe
  2⤵
  PID:8332
- C:\Windows\System\EuQsRte.exe
  C:\Windows\System\EuQsRte.exe
  2⤵
  PID:9200
- C:\Windows\System\IzvOISE.exe
  C:\Windows\System\IzvOISE.exe
  2⤵
  PID:8488
- C:\Windows\System\sEORgUJ.exe
  C:\Windows\System\sEORgUJ.exe
  2⤵
  PID:8752
- C:\Windows\System\HEUUben.exe
  C:\Windows\System\HEUUben.exe
  2⤵
  PID:8284
- C:\Windows\System\aIGePgF.exe
  C:\Windows\System\aIGePgF.exe
  2⤵
  PID:8424
- C:\Windows\System\taxHZMu.exe
  C:\Windows\System\taxHZMu.exe
  2⤵
  PID:8564
- C:\Windows\System\ANJEVik.exe
  C:\Windows\System\ANJEVik.exe
  2⤵
  PID:8996
- C:\Windows\System\zZaSnGb.exe
  C:\Windows\System\zZaSnGb.exe
  2⤵
  PID:9064
- C:\Windows\System\gCitxbr.exe
  C:\Windows\System\gCitxbr.exe
  2⤵
  PID:9128
- C:\Windows\System\vGDuTWm.exe
  C:\Windows\System\vGDuTWm.exe
  2⤵
  PID:9168
- C:\Windows\System\vbmzvLv.exe
  C:\Windows\System\vbmzvLv.exe
  2⤵
  PID:8840
- C:\Windows\System\snpkmql.exe
  C:\Windows\System\snpkmql.exe
  2⤵
  PID:8404
- C:\Windows\System\yFCrupE.exe
  C:\Windows\System\yFCrupE.exe
  2⤵
  PID:8576
- C:\Windows\System\hVPkgqP.exe
  C:\Windows\System\hVPkgqP.exe
  2⤵
  PID:8560
- C:\Windows\System\BkNDzYn.exe
  C:\Windows\System\BkNDzYn.exe
  2⤵
  PID:8948
- C:\Windows\System\cuacXjE.exe
  C:\Windows\System\cuacXjE.exe
  2⤵
  PID:9004
- C:\Windows\System\kLqqJsf.exe
  C:\Windows\System\kLqqJsf.exe
  2⤵
  PID:8256
- C:\Windows\System\qoJqzVB.exe
  C:\Windows\System\qoJqzVB.exe
  2⤵
  PID:8460
- C:\Windows\System\QjIlKuV.exe
  C:\Windows\System\QjIlKuV.exe
  2⤵
  PID:8448
- C:\Windows\System\tcIvEwQ.exe
  C:\Windows\System\tcIvEwQ.exe
  2⤵
  PID:8628
- C:\Windows\System\ysAXQmv.exe
  C:\Windows\System\ysAXQmv.exe
  2⤵
  PID:9080
- C:\Windows\System\IkHSckw.exe
  C:\Windows\System\IkHSckw.exe
  2⤵
  PID:9204
- C:\Windows\System\vvDTzDm.exe
  C:\Windows\System\vvDTzDm.exe
  2⤵
  PID:8888
- C:\Windows\System\QZrbPAK.exe
  C:\Windows\System\QZrbPAK.exe
  2⤵
  PID:8260
- C:\Windows\System\PkyWMGs.exe
  C:\Windows\System\PkyWMGs.exe
  2⤵
  PID:9048
- C:\Windows\System\REgUxBm.exe
  C:\Windows\System\REgUxBm.exe
  2⤵
  PID:8624
- C:\Windows\System\LJtMdTl.exe
  C:\Windows\System\LJtMdTl.exe
  2⤵
  PID:9236
- C:\Windows\System\CEeBcFp.exe
  C:\Windows\System\CEeBcFp.exe
  2⤵
  PID:9252
- C:\Windows\System\YUVEnPc.exe
  C:\Windows\System\YUVEnPc.exe
  2⤵
  PID:9276
- C:\Windows\System\sgBsOGd.exe
  C:\Windows\System\sgBsOGd.exe
  2⤵
  PID:9292
- C:\Windows\System\ZMDeluR.exe
  C:\Windows\System\ZMDeluR.exe
  2⤵
  PID:9312
- C:\Windows\System\kePlKac.exe
  C:\Windows\System\kePlKac.exe
  2⤵
  PID:9336
- C:\Windows\System\TCKKnen.exe
  C:\Windows\System\TCKKnen.exe
  2⤵
  PID:9360
- C:\Windows\System\ompbCiS.exe
  C:\Windows\System\ompbCiS.exe
  2⤵
  PID:9376
- C:\Windows\System\vevydxZ.exe
  C:\Windows\System\vevydxZ.exe
  2⤵
  PID:9392
- C:\Windows\System\FmJTZCo.exe
  C:\Windows\System\FmJTZCo.exe
  2⤵
  PID:9408
- C:\Windows\System\HZIiyID.exe
  C:\Windows\System\HZIiyID.exe
  2⤵
  PID:9428
- C:\Windows\System\pDCkzHm.exe
  C:\Windows\System\pDCkzHm.exe
  2⤵
  PID:9452
- C:\Windows\System\owvwKDn.exe
  C:\Windows\System\owvwKDn.exe
  2⤵
  PID:9476
- C:\Windows\System\fvwxeLN.exe
  C:\Windows\System\fvwxeLN.exe
  2⤵
  PID:9492
- C:\Windows\System\DuitqLH.exe
  C:\Windows\System\DuitqLH.exe
  2⤵
  PID:9516
- C:\Windows\System\UbgcMBG.exe
  C:\Windows\System\UbgcMBG.exe
  2⤵
  PID:9540
- C:\Windows\System\bqZxikq.exe
  C:\Windows\System\bqZxikq.exe
  2⤵
  PID:9556
- C:\Windows\System\fJswHAn.exe
  C:\Windows\System\fJswHAn.exe
  2⤵
  PID:9576
- C:\Windows\System\TTuIkJD.exe
  C:\Windows\System\TTuIkJD.exe
  2⤵
  PID:9592
- C:\Windows\System\HItgLHh.exe
  C:\Windows\System\HItgLHh.exe
  2⤵
  PID:9608
- C:\Windows\System\FFcMehr.exe
  C:\Windows\System\FFcMehr.exe
  2⤵
  PID:9624
- C:\Windows\System\ZPVGsjH.exe
  C:\Windows\System\ZPVGsjH.exe
  2⤵
  PID:9644
- C:\Windows\System\wZEngrP.exe
  C:\Windows\System\wZEngrP.exe
  2⤵
  PID:9680
- C:\Windows\System\eOGGOgz.exe
  C:\Windows\System\eOGGOgz.exe
  2⤵
  PID:9696
- C:\Windows\System\BIQruGP.exe
  C:\Windows\System\BIQruGP.exe
  2⤵
  PID:9712
- C:\Windows\System\znAKQAD.exe
  C:\Windows\System\znAKQAD.exe
  2⤵
  PID:9736
- C:\Windows\System\MIWRldf.exe
  C:\Windows\System\MIWRldf.exe
  2⤵
  PID:9752
- C:\Windows\System\zLPLpwh.exe
  C:\Windows\System\zLPLpwh.exe
  2⤵
  PID:9772
- C:\Windows\System\dJwqqXj.exe
  C:\Windows\System\dJwqqXj.exe
  2⤵
  PID:9788
- C:\Windows\System\eMQBweQ.exe
  C:\Windows\System\eMQBweQ.exe
  2⤵
  PID:9812
- C:\Windows\System\tvaMBmO.exe
  C:\Windows\System\tvaMBmO.exe
  2⤵
  PID:9828
- C:\Windows\System\VmLOGYB.exe
  C:\Windows\System\VmLOGYB.exe
  2⤵
  PID:9844
- C:\Windows\System\tnFDeYX.exe
  C:\Windows\System\tnFDeYX.exe
  2⤵
  PID:9868
- C:\Windows\System\QmSBaiy.exe
  C:\Windows\System\QmSBaiy.exe
  2⤵
  PID:9884
- C:\Windows\System\FQVnlMm.exe
  C:\Windows\System\FQVnlMm.exe
  2⤵
  PID:9904
- C:\Windows\System\SIUeLUq.exe
  C:\Windows\System\SIUeLUq.exe
  2⤵
  PID:9920
- C:\Windows\System\XLKzxIW.exe
  C:\Windows\System\XLKzxIW.exe
  2⤵
  PID:9944
- C:\Windows\System\scElSWb.exe
  C:\Windows\System\scElSWb.exe
  2⤵
  PID:9964
- C:\Windows\System\DGImpqE.exe
  C:\Windows\System\DGImpqE.exe
  2⤵
  PID:9996
- C:\Windows\System\rrDxZSC.exe
  C:\Windows\System\rrDxZSC.exe
  2⤵
  PID:10020
- C:\Windows\System\MXjdRrN.exe
  C:\Windows\System\MXjdRrN.exe
  2⤵
  PID:10036
- C:\Windows\System\pJtTWPx.exe
  C:\Windows\System\pJtTWPx.exe
  2⤵
  PID:10056
- C:\Windows\System\uWJFkYY.exe
  C:\Windows\System\uWJFkYY.exe
  2⤵
  PID:10076
- C:\Windows\System\qnlHzrE.exe
  C:\Windows\System\qnlHzrE.exe
  2⤵
  PID:10096
- C:\Windows\System\FmthMmz.exe
  C:\Windows\System\FmthMmz.exe
  2⤵
  PID:10116
- C:\Windows\System\cZrAbTn.exe
  C:\Windows\System\cZrAbTn.exe
  2⤵
  PID:10132
- C:\Windows\System\AMUIixu.exe
  C:\Windows\System\AMUIixu.exe
  2⤵
  PID:10164
- C:\Windows\System\PFrZBXf.exe
  C:\Windows\System\PFrZBXf.exe
  2⤵
  PID:10180
- C:\Windows\System\ItTpqQl.exe
  C:\Windows\System\ItTpqQl.exe
  2⤵
  PID:10196
- C:\Windows\System\qNCNdDV.exe
  C:\Windows\System\qNCNdDV.exe
  2⤵
  PID:10212
- C:\Windows\System\OByMkvD.exe
  C:\Windows\System\OByMkvD.exe
  2⤵
  PID:10228
- C:\Windows\System\RpHzIrQ.exe
  C:\Windows\System\RpHzIrQ.exe
  2⤵
  PID:8720
- C:\Windows\System\SGMjSsf.exe
  C:\Windows\System\SGMjSsf.exe
  2⤵
  PID:9248
- C:\Windows\System\cSlGjMo.exe
  C:\Windows\System\cSlGjMo.exe
  2⤵
  PID:9308
- C:\Windows\System\aevGgbw.exe
  C:\Windows\System\aevGgbw.exe
  2⤵
  PID:9324
- C:\Windows\System\MlXYjka.exe
  C:\Windows\System\MlXYjka.exe
  2⤵
  PID:9384
- C:\Windows\System\rTQIstp.exe
  C:\Windows\System\rTQIstp.exe
  2⤵
  PID:9424
- C:\Windows\System\fddcBeX.exe
  C:\Windows\System\fddcBeX.exe
  2⤵
  PID:9464
- C:\Windows\System\HeIEfZz.exe
  C:\Windows\System\HeIEfZz.exe
  2⤵
  PID:9472
- C:\Windows\System\maTWjCT.exe
  C:\Windows\System\maTWjCT.exe
  2⤵
  PID:9448
- C:\Windows\System\GksXkyO.exe
  C:\Windows\System\GksXkyO.exe
  2⤵
  PID:9488
- C:\Windows\System\bHWpRRY.exe
  C:\Windows\System\bHWpRRY.exe
  2⤵
  PID:9548
- C:\Windows\System\IUxdnqE.exe
  C:\Windows\System\IUxdnqE.exe
  2⤵
  PID:9584
- C:\Windows\System\inVoFdt.exe
  C:\Windows\System\inVoFdt.exe
  2⤵
  PID:9636
- C:\Windows\System\EgOGehz.exe
  C:\Windows\System\EgOGehz.exe
  2⤵
  PID:9640
- C:\Windows\System\dRgAerO.exe
  C:\Windows\System\dRgAerO.exe
  2⤵
  PID:9672
- C:\Windows\System\NGsuTGb.exe
  C:\Windows\System\NGsuTGb.exe
  2⤵
  PID:9744
- C:\Windows\System\zQMVXra.exe
  C:\Windows\System\zQMVXra.exe
  2⤵
  PID:9852
- C:\Windows\System\sDgdSuT.exe
  C:\Windows\System\sDgdSuT.exe
  2⤵
  PID:9860
- C:\Windows\System\MWBgFZn.exe
  C:\Windows\System\MWBgFZn.exe
  2⤵
  PID:9928
- C:\Windows\System\SSwpbxU.exe
  C:\Windows\System\SSwpbxU.exe
  2⤵
  PID:9764
- C:\Windows\System\GKXyHeW.exe
  C:\Windows\System\GKXyHeW.exe
  2⤵
  PID:9912
- C:\Windows\System\sHFCVgT.exe
  C:\Windows\System\sHFCVgT.exe
  2⤵
  PID:9836
- C:\Windows\System\GngHkYV.exe
  C:\Windows\System\GngHkYV.exe
  2⤵
  PID:9980
- C:\Windows\System\zxLXJUE.exe
  C:\Windows\System\zxLXJUE.exe
  2⤵
  PID:10016
- C:\Windows\System\eVgBlvk.exe
  C:\Windows\System\eVgBlvk.exe
  2⤵
  PID:10032
- C:\Windows\System\mrCTnOq.exe
  C:\Windows\System\mrCTnOq.exe
  2⤵
  PID:10064
- C:\Windows\System\GRjidHK.exe
  C:\Windows\System\GRjidHK.exe
  2⤵
  PID:10108
- C:\Windows\System\UqkUZZP.exe
  C:\Windows\System\UqkUZZP.exe
  2⤵
  PID:10124
- C:\Windows\System\tUIUktD.exe
  C:\Windows\System\tUIUktD.exe
  2⤵
  PID:10152
- C:\Windows\System\gggETjr.exe
  C:\Windows\System\gggETjr.exe
  2⤵
  PID:10188
- C:\Windows\System\CYwPQbH.exe
  C:\Windows\System\CYwPQbH.exe
  2⤵
  PID:9244
- C:\Windows\System\aKLKfjs.exe
  C:\Windows\System\aKLKfjs.exe
  2⤵
  PID:10204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ELyNJdN.exe

Filesize
6.1MB

MD5
92290f698b1a6d9da810606c9ceb65d2

SHA1
79413197f901e341ea4fe3a8c24ce356ed39dcb0

SHA256
01e76a8a23fba8128257cb9117672d13daf07bc5861e6d7a911f75d0b38726ed

SHA512
2f58a72f11f4164ccdb412e54b03f2e799612e7e88ca5cd6fae28eca76a43d9ee3c2020441c7940f407c0bf62a252296cc9f20e99345a1d71b0a3710d4aee40d

Download Submit
C:\Windows\system\EqTtOIu.exe

Filesize
6.1MB

MD5
cc041dae7583db268b7017ca6817c169

SHA1
417f087781abc5ccab6f83a9569b8d748688b5ea

SHA256
4b844eefcbc2a531788fe6e224996add346fcad4fec9a42fcb2d3d1aeeacf1d1

SHA512
3a5f8e410cdf84592c46491a6197a63c53366626336d4eebbf689512c5029f757741ceb1908d8a44d72bf4b523d6b960a09f3909d15f4f4d6981a0976e78f195

Download Submit
C:\Windows\system\KRiudgX.exe

Filesize
6.1MB

MD5
225c91e5c6e7a6fd4c6e76a0b199afa7

SHA1
53792ec5e3d82bbcc94ad85c74d34161ce66a46e

SHA256
407aebda1ffc378cb9f67f5ac63c04307c07d3f6adf56774e29c1d59ab8619ce

SHA512
389537d5a86c770785ee3c31bfe19cc4187da870178f8c2f12cc03d1cff002798354aa156d2ba9efb65486be012e35c71b21ce542d86075945859f669f306df4

Download Submit
C:\Windows\system\OmLyzyn.exe

Filesize
6.1MB

MD5
e84079608be5c7247955099e18c07751

SHA1
d95d07a590f6b3e4697736db4c6de94a76814e00

SHA256
17ae018c4ed8aad40c917636e8bacd436e3b5178e6de22bc74e6afdbd14d2d92

SHA512
0c3b72a14c712861e1cf11a29d2ce30ee2dcab720a6b65a2342890b1466272f3f876e6ebd8a16a1f8594ff461f41f5b20a7b19488475139c6413f64a9b659596

Download Submit
C:\Windows\system\RqoQuYb.exe

Filesize
6.1MB

MD5
6e7c9489163a3a7e56daeb320964178e

SHA1
cf2f74fbeced35370cb411f835462076965bf5ce

SHA256
4519df94845584c05b13414420204d353e31f458767fd132da12e6933c3ecd51

SHA512
a4692c45186ceeba87b5d7a5155a4f39f7a007dae38f6bdccc3148630c8ffd01d0453ebc9f94035fbdfe5279328bc1b0119d28f5da47b7ec68ada197b2ad427a

Download Submit
C:\Windows\system\SzJxMRD.exe

Filesize
6.1MB

MD5
2d0bb9d97cd9fb1b41d1fe75e386b4cf

SHA1
a3d7fe291c5bc32003fc604432433d36cb829713

SHA256
429ef9865f06c460eef10d3ed12f40f4968cefa23240e6ebb2dfe977bcd05ed8

SHA512
8b1daa9f822985f4b7e7c64c41a22c3ee60d6e84921ee2b527035dbb202a47d3eeb59d7354aff88fd4618f2892b156b5a360808a07e7ac171b8825890357dcaa

Download Submit
C:\Windows\system\Xifpbst.exe

Filesize
6.1MB

MD5
7fab03ace69641466133df7f6cd4e3d1

SHA1
7ab3259de068dfe3301f6c802566352fcb2c2ca0

SHA256
89afcd95fd478a5c38fe864717429adf0d07a46fe7bd21d1d3180e3c87a5926b

SHA512
12eda2da7b4dca07d6ccd9aa4066f0bf3549f04334303c9989fbc44ba6c7af506ff9bbaeeb6c3807d7ff222a2cc2b3173520082e9eb16e2bb212a04035319e38

Download Submit
C:\Windows\system\YGUxsoW.exe

Filesize
6.1MB

MD5
e60d602e1b3f771907ebae281e3069b3

SHA1
3d977dc0aaa925038698490ff62dfa1ee7a91157

SHA256
ee0a70413eefa2c33c82d5b32d2d6c59fc02cbff87d94328d5da4e9db2c808db

SHA512
ef4d68f24ceedf97948cf32e49e9885fda9db9d5bd69d0cce6a36666b6f286888dcf1470fdd6fc26189218e7d1146d6a4dfb5e28928d699f20b37c660494ace4

Download Submit
C:\Windows\system\ZzSWUTa.exe

Filesize
6.1MB

MD5
a78c572e40ad93dbd7333cb30f37b233

SHA1
a6d3102503c3cac0288d9af0fa7d79f853402b93

SHA256
17f1d5208ee90726f57fa094cab7e0cc154a5eb115a3fe6c39c1193275a5650e

SHA512
5cda3076b3e316b7fdc9999f709c6a79a1e6fc1293d20b35748abe9d6a0ca7dc78379fe71d8eabc5a3158425ce9ecef9fd50cf1a13a6d2d86c8a16d2daf9a216

Download Submit
C:\Windows\system\aGZHzJF.exe

Filesize
6.1MB

MD5
4e8ddc16c42aa0609bd2a2f5291cb4ba

SHA1
523ca9a9e6aacc45aa39dce5c89e0df39a60cc2a

SHA256
29faff662f2d0c2921f6f58b5689e6a6ad35785e6c3c0b3f0eec16701cca48f5

SHA512
bcfe777cb85a3f067424cf70c8bce6bb975084ccdfd8a25793ecde85978b386c1af72fc278152d08a4ae0a75339272f2c3464a42e0693cd028fbdf8c73824083

Download Submit
C:\Windows\system\dTjcPwh.exe

Filesize
6.1MB

MD5
8664db69e854f54d8c8af0025eb1d9c0

SHA1
d717382db9f46440381a605d9c969852044958c5

SHA256
32b7683d81e6678efc235e3a01a5cd35941c5a76a4383ff917d259d1058fbfb6

SHA512
7c4d71adc13cf40f8ce0078a8d5ca5e5d94b99ea96100fbd548806786bad3240c49123c407dee3c3dfbea42f9d0f8af48590a4146f39d6fabfbc81a0f98083db

Download Submit
C:\Windows\system\eOWwlNF.exe

Filesize
6.1MB

MD5
99b9a97992bd628a208d7fe5127a60a5

SHA1
220fa6282876ebb244d959325ed8555cc927f9a1

SHA256
f1dc9a97e72a849e746fe400012f8bde20f7a134a14c0a133d84c205eeffa722

SHA512
3912c16c1d41e5ec694d1cee15107a5593ed98916163ae06464c2da496f0cf4c0f5238c06e274b7c2b39e27f22b80176b63d3b31f77ae277a03c0fc15e15303e

Download Submit
C:\Windows\system\fUxphvO.exe

Filesize
6.1MB

MD5
d848a17dca8f1c1b6394924fb3f46623

SHA1
3f882087d88ada495b3765da6b65df3a83c5cabc

SHA256
5ac52c77dab291c32aee3303e6a121b2ab968e1c92e309ec87f372970c7cf49a

SHA512
03b75fa25a6665ec42ec0f62311179c8f63a85bc1b5ba6efe29975c6b20ec12d8d38c19a50bbaf395a156882233ff4e613ba4c2f5f3286437543747aae7e5584

Download Submit
C:\Windows\system\fnSgHyM.exe

Filesize
6.1MB

MD5
8816f1dd7fe95a77383b092d4b355632

SHA1
696ab3332fb28516ee26ff44de25d61afcb1f4d1

SHA256
b59a939cf8152059c0de594132e10c82757bfab4ecbce14f752dc80fc11ab2d6

SHA512
64df9bb1f1b6fd987158d4c7211fc14091e525c8765050fdc47647723174f557930481e6feb80eb199f44a5c97d969aeec0c85e18eb965dc558ee446233a9653

Download Submit
C:\Windows\system\fneKjyD.exe

Filesize
6.1MB

MD5
fbe296616b2120df89916ca135bd9cda

SHA1
44ad7644d1a102c7f82e07485df406bf06681c84

SHA256
27b1a78609d1b6c1652d5623f171fa518fd94049c3f313bc4ba174d895d912f7

SHA512
75fe5c4c263b2c546d34da5982aa7a09bd8d63b6102fa87af59027d9946a19f8509c30d5b50b97054664a39f916fe550e466b45d6f2c75002d325da83cf00bd5

Download Submit
C:\Windows\system\gYRHhvy.exe

Filesize
6.1MB

MD5
18556022e8fa595849f17b815de8d69f

SHA1
df41a7e488c5540b8efca873d194a6a491898e6a

SHA256
395b881303027c7c9856f651ead0eece3dcfd4d2fd5eb9b31fb0ba3bf5eb94fa

SHA512
dc15f6cf675a1edf34c68956977f8670ba312d4ae668b99d114126bb5a279fb26792203f02dde6deee7fa0a7c50f0f49b1df7586f4ce1cbdb3df5695142a82fd

Download Submit
C:\Windows\system\hhQujMt.exe

Filesize
6.1MB

MD5
d8d1541dc6ea1b1ee84b5d886fc121e7

SHA1
21e75d6f479912dbb1779d53a63848eb277bea93

SHA256
ea444fe5c260a47a10e3189a6771842f7090fab8518c9b4a38e6d25303084d6d

SHA512
5b26cfca57e4f3bbdb1265abd8058814c7ae6aefd91ffd198eda9f026f66f59c34c0cd3e642bb339f52ce1eb0c9718f6f7a29b8cf3fa637e936955c1ca449da8

Download Submit
C:\Windows\system\kdITwvy.exe

Filesize
6.1MB

MD5
43ae3d77388a94c5e4ea19669cae7cee

SHA1
efea1ff050c904844df28f67e4ab19246f4b9bbd

SHA256
bba30586a2531af2d873d495d24132a3c0e7c5a3f6353bf1660d9e9e2ecbcc72

SHA512
5768813804ace8c273b9bcd387126bd3573d4bec5695591767e5f12dce706d388bba3f2d76561273b83f67292053d01c7887d8bf0240da74726ea6e244d7bba2

Download Submit
C:\Windows\system\mxMEytD.exe

Filesize
6.1MB

MD5
58479156a65751b4ff7fd841899d4df0

SHA1
632d605c5574c9ce0f9993e2b029f563e6eccc17

SHA256
819cd64775e32c23480a26f1686c0850b8f7adb66584a4ec10bf4025be622caa

SHA512
d17aceb76183dd34ce829cf0be9a9d1be538237597ef0796478a9bce51d9b35ff2a2c32cb316007e6f2ffa9a76659da34dcc23bb86183239e90501376f4ba24b

Download Submit
C:\Windows\system\nMibdXW.exe

Filesize
6.1MB

MD5
2cdfbbd8c893908cefaa2586eedca2a0

SHA1
b86260bc0c816b28a7e83682cd167cf87ca4813d

SHA256
b701ca855f02eafca57a3d30b27349883860a75c3318dae3bf9da190ed366a0d

SHA512
da1db0c947073d3b02779a549c7df395bb8329f84cb1222635b0a2733e06f71129c1427ccd1ed962599cd25aceef01f6d8e90e5a6368bed285fdd41b64bf8aa2

Download Submit
C:\Windows\system\needdUE.exe

Filesize
6.1MB

MD5
31b29e39c777d7a354d269e364ef1d43

SHA1
10f24210e080966fa96b5919bdf8d8818e8862f9

SHA256
2b9b1b6c9b6115905e3b1b2e15c293010cce2cbb8f10dc7a73a1abf3bd927eee

SHA512
43e42a2a555912a95cdade97c33192ae2e4e08d4d3fb86794a1a06996a9b755bea30ea467c80a6dfe99250869dd9551bc7a4b243d60ee90417be0692a22da1a1

Download Submit
C:\Windows\system\paMROiW.exe

Filesize
6.1MB

MD5
86ee823aa2ad65b5820b0797f48e9028

SHA1
325c6ef7a5c26888794a8281f73b710a60d27824

SHA256
fd7a21ad236949effd27050891ead2c6af8c2e4c347db16399dba695fbb7eced

SHA512
349c7272594f136be95b67baafab9262397c390a009b89bd441165ed51130ae22b2c07655e1834e0a0976fd4e03c5ab5830d4ca71c6cdf170fef0592579d23dc

Download Submit
C:\Windows\system\qBLdyxi.exe

Filesize
6.1MB

MD5
91dd319f09ed8cfc20257c6d9619c301

SHA1
de26a4915a80f71e62cbb45bb408175459200d01

SHA256
087e3cb5c41c84e958ba3028a35de738bd73a78fd312ddcfe899285e6e873046

SHA512
ca49b14f4a7918ef7a54a24b9f27caa32e15022a76cf487d82226da6c1f9572ab71e3cd055c56401072b0d60d26dbe2e57bb14bf71cb8b0e4b930b20c552bba4

Download Submit
C:\Windows\system\qedrcoG.exe

Filesize
6.1MB

MD5
63f509d0dcbbe6a08780741b60c3c516

SHA1
ebae050bf6e5cd04910be4571327e81a273e02a9

SHA256
e69dedf3ac3078d5a8f53521fe950dc55c3c8658d96ef16a4c1554be702618a8

SHA512
3c179eadbd45e5c532c9615a66f8ad353f19c5d25740bfdd6b4624231273203d92da5bf00024cdb824c3f0fb101a5519f2c90e3b031390d83c9a4a6326617141

Download Submit
C:\Windows\system\rxVpCQB.exe

Filesize
8B

MD5
fb2f361055568ff26bcbfd9c16ee821b

SHA1
5326a2b38ec3449a809e0eb0ed481a1b77e029ba

SHA256
a59230f585d38c02e38728640faad16503f853c4efa7a0a8c21f1499b5455f10

SHA512
01c7be201fdb9ef86cd7ba3602af97a057d230d33e37047e95e1a0e28b52a724234267ae5bad888fa806d1623246777851dadf2bbc96fc0ab13f1d999368e165

Download Submit
C:\Windows\system\secndjv.exe

Filesize
6.1MB

MD5
18f38bbce68f573af9decbf53330a6f0

SHA1
70cebe54e3ef3d37aa061654ce35f28d3e14da75

SHA256
94308cad05ff03f8a93840046341cb117951caae7124258193603d9501f07708

SHA512
1d5ca565642b21d67081039d74ac020b90634f913fa8f5dcbfdd3a635464d64ceffa6d42c237295eeb70567a583b28974efc0aeec37879ec146c47a8aa356630

Download Submit
C:\Windows\system\tyxUvgS.exe

Filesize
6.1MB

MD5
6e4a20a1c70b0a69585f8670b0a4d776

SHA1
2f2077ecbe98322c3e349783e50db2eb9fe55c29

SHA256
14c0942be7b622d4321e0732ff78738579ae174bdb6ce29bb547730b4ae6cc6d

SHA512
fa0df1c4c2ebc0c0195bfc0d927a4767f237d7bf4c2df78acb2d67f3f3ef442a4ebe9a0219e810a0d3f980ab2e4b009d2d9675711be29afaa9e6b8004666d3db

Download Submit
C:\Windows\system\vJFqVGe.exe

Filesize
6.1MB

MD5
aa29aa0117b39a254e70bcf4cd2d4941

SHA1
ddd2a449b8cb34a08bfdfb12e8e8c761f86db4c2

SHA256
2506352bb9a66218c5b6f26868dfb1d9f0e7a7e4aa15e3d879718e621de81faf

SHA512
1febde1113bf251ae97a4aba689aec39f8cc8b6d4355278cf2b87cb716d0c329bfc31bf87f0ff72d4f75ca169fa13d26a8a46e820fe9108d3544b082d85449ef

Download Submit
C:\Windows\system\vuheaJV.exe

Filesize
6.1MB

MD5
1d07de45ad0213c856713940ab0266aa

SHA1
37ca3e8409f05fdf9269fdffa2d2974683970431

SHA256
2ced6261c326d4fff75a6b727d68f15c6c6f16cde3691f5a9b8c1b45e93b5717

SHA512
2eae1ee5a13b3ecec20d55c6a33e333b4333fad9eaaf422f5c06f89bc4bafa916491004e26d666073258db5b6a733a0aae9f85764c6f815d9ab44ddb520283d5

Download Submit
C:\Windows\system\wiTIuyb.exe

Filesize
6.1MB

MD5
62d069b09e69b141e9909777fe190f06

SHA1
b8b045e5181708af223b3805af98cbb401b84979

SHA256
7f81e9abae7c95614812880c68a27431c76577303e500f20ab8280ccd17ea19e

SHA512
233a6e93ede8405f91859120df97c2b847e7c52e25494e5a3443794f44389ee2e2492488b1f4d1d57b3c24011e0b948f0c42e80d2ab59f2ca2c3dcbfd8b21747

Download Submit
\Windows\system\UiQLIan.exe

Filesize
6.1MB

MD5
51aa0620d03eadc330d015dd1f8f9517

SHA1
439340aee8081b8b240bab7671bfdb81c310924a

SHA256
03f5b8e1de8ba5cddc8d23d22b1ce499449e67859ad64af3da779b41d43e5c09

SHA512
cde2e86a2cf34d5d7b2a86d6c6ef1e6486e703204b2d4640199916d54b804e758cab84bef3ae51d82f808cd60755ab87be236d03b6f99ee7f9ee75451a6d302d

Download Submit
\Windows\system\dqveaGb.exe

Filesize
6.1MB

MD5
2137504882e5273a475871145ac1db57

SHA1
db6252550693b31ec4d7e69c29a3ca8248abfd92

SHA256
9e5b40d56d77ca97f6bfc7930b924b6c1b60f58e0709ab130694d5864476c875

SHA512
4db11d047f43965855e8f7e7a06094b96131cfdf85fc79a27766aa65a88b537b896d2867ea5b18265c55ee92bb473c874b923921f68314bc69889b8e0d53c516

Download Submit
\Windows\system\gOMZhaR.exe

Filesize
6.1MB

MD5
2a82df6ef0a359c98786cb15ab392ae7

SHA1
a161cfae80fbe03263f5bb37f0021b0c3e5d93d2

SHA256
6eafe85f815e2f1b10ee10122eb77325ef5edb25c8a3f1649a9fd75bb4a43892

SHA512
6795904743c93f3ef27fe83369d753daec87a329fc0d19fbd6e378167793596a4b2b9e9498ad27f57bbe57305886048b5b033aa73ae5edc474505f14fdac428f

Download Submit
memory/1072-3418-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1072-28-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1072-61-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1672-36-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-69-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-3476-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-3441-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-12-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-21-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2280-3442-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2280-53-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2372-237-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3503-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2372-72-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2392-3420-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2392-14-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2392-48-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2488-754-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2488-95-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2488-3521-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3513-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2560-104-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2560-911-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2624-545-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3506-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-87-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4896-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2628-65-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2688-94-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3495-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2688-59-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2932-80-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2932-372-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3510-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2968-50-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3465-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-91-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2988-44-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2988-90-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2988-445-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2988-651-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2988-62-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2988-810-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2988-997-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2988-99-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2988-54-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2988-58-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2988-76-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2988-0-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2988-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2988-7-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-85-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2988-17-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2988-31-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2988-100-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2988-35-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2988-24-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3475-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/3016-51-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download