cobaltstrike | 1dd96d86c9d58bd51a4ed73690f87dcda7519f23313477f379027d5fdfedf7b1

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-01-2025 03:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7e914388d6c208fce98225884f034961
SHA1

0dd52ecf895595bf481f578e26f545aa7f8f8cb7
SHA256

1dd96d86c9d58bd51a4ed73690f87dcda7519f23313477f379027d5fdfedf7b1
SHA512

4553d80e08a915d1f90bed02d3c06b4e69cea77ed13e1f822946ab4799813f4c6cef83e6beea0481ed6e0f37afc3a0b232ea3194301680de69996c6fa47fdcb2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUW:T+q56utgpPF8u/7W

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d76-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d87-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015da7-20.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c84-42.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dbe-86.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-121.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-134.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-159.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-141.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-145.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-126.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-116.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001706d-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eca-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ea4-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd7-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd1-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9a-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d96-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-71.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3e-66.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d25-56.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cfc-51.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd1-46.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015e18-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015db1-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d9a-27.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 51 IoCs

miner

resource	yara_rule
behavioral1/memory/3008-0-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-6.dat	xmrig
behavioral1/files/0x0008000000015d76-8.dat	xmrig
behavioral1/files/0x0008000000015d87-15.dat	xmrig
behavioral1/files/0x0007000000015da7-20.dat	xmrig
behavioral1/files/0x0008000000016c84-42.dat	xmrig
behavioral1/files/0x0006000000016d36-61.dat	xmrig
behavioral1/files/0x0006000000016dbe-86.dat	xmrig
behavioral1/files/0x00060000000173f1-121.dat	xmrig
behavioral1/files/0x00060000000173fc-131.dat	xmrig
behavioral1/files/0x0006000000017472-134.dat	xmrig
behavioral1/files/0x0014000000018663-159.dat	xmrig
behavioral1/files/0x000d00000001866e-157.dat	xmrig
behavioral1/files/0x0006000000017525-151.dat	xmrig
behavioral1/files/0x0005000000018687-161.dat	xmrig
behavioral1/files/0x0006000000017487-141.dat	xmrig
behavioral1/files/0x00060000000174a2-145.dat	xmrig
behavioral1/files/0x00060000000173f4-126.dat	xmrig
behavioral1/files/0x00060000000173da-116.dat	xmrig
behavioral1/files/0x000600000001706d-111.dat	xmrig
behavioral1/files/0x0006000000016eca-106.dat	xmrig
behavioral1/files/0x0006000000016ea4-101.dat	xmrig
behavioral1/files/0x0006000000016dd7-96.dat	xmrig
behavioral1/files/0x0006000000016dd1-91.dat	xmrig
behavioral1/files/0x0006000000016d9a-81.dat	xmrig
behavioral1/files/0x0006000000016d96-76.dat	xmrig
behavioral1/files/0x0006000000016d46-71.dat	xmrig
behavioral1/files/0x0006000000016d3e-66.dat	xmrig
behavioral1/files/0x0006000000016d25-56.dat	xmrig
behavioral1/files/0x0006000000016cfc-51.dat	xmrig
behavioral1/files/0x0006000000016cd1-46.dat	xmrig
behavioral1/files/0x0009000000015e18-36.dat	xmrig
behavioral1/files/0x0007000000015db1-28.dat	xmrig
behavioral1/files/0x0007000000015d9a-27.dat	xmrig
behavioral1/memory/3008-18-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2156-2257-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/3008-2220-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/1300-2218-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/3008-2211-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2108-2210-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2276-2347-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2392-2554-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/1224-2589-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/3008-3168-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/3008-3273-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/1300-4160-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/1224-4161-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2156-4162-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2276-4163-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2108-4164-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2392-4165-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1224	iheDGTr.exe
2108	FLBeaXZ.exe
1300	bItSQOm.exe
2156	YrTyemR.exe
2276	ZEQiyjy.exe
2392	vjxEfjI.exe
2084	FRtqrFR.exe
2244	PkShsiy.exe
3056	GHMNaUC.exe
2152	DtRrrMZ.exe
2588	CTaeVQL.exe
2676	qYrVckM.exe
2668	uNolgEi.exe
2728	sySAkBL.exe
2712	PqxPYiJ.exe
2328	sFstaBR.exe
3016	JcOLdSQ.exe
2648	UFAzouU.exe
2480	NJewdoK.exe
2544	UHXPuXq.exe
2424	IUxCDbW.exe
2956	cCDxxeV.exe
1288	bstocin.exe
1604	XzVNsNw.exe
1568	EiQkuGq.exe
1596	TftoSjS.exe
836	pDLFwFY.exe
972	YtrUwUU.exe
776	Lnbowpv.exe
2692	dmLKwcX.exe
2920	sKHxrtq.exe
2816	MaUGvUy.exe
2924	QkfJtHS.exe
1152	fwBazuT.exe
904	iAyoENr.exe
1856	NSdGKEr.exe
2124	OoXhAjv.exe
1392	UQXvdUD.exe
1480	sDJVpVh.exe
908	YDchvMo.exe
1528	QHivljC.exe
2812	jIEVeVx.exe
800	tPStrJV.exe
892	FQcDcUm.exe
1628	lkNAirL.exe
2880	xbOzvin.exe
692	QwmHied.exe
2324	fTsCyus.exe
2656	RoPVuEI.exe
1488	nhYdhLa.exe
2460	ykIkqDt.exe
2912	fRCCbwN.exe
1880	JUTXfan.exe
1656	CWmqJyU.exe
2376	sMIXlMd.exe
1504	qMpXLbO.exe
2356	ciJBXpI.exe
1588	aKvDEbP.exe
2764	XProElv.exe
2368	GbjbeUF.exe
2408	qydjsCn.exe
2004	uHkYcAd.exe
2232	iCoxBpv.exe
2220	wlzHHJI.exe

Loads dropped DLL 64 IoCs

pid	Process
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 47 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3008-0-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x000700000001211a-6.dat	upx
behavioral1/files/0x0008000000015d76-8.dat	upx
behavioral1/files/0x0008000000015d87-15.dat	upx
behavioral1/files/0x0007000000015da7-20.dat	upx
behavioral1/files/0x0008000000016c84-42.dat	upx
behavioral1/files/0x0006000000016d36-61.dat	upx
behavioral1/files/0x0006000000016dbe-86.dat	upx
behavioral1/files/0x00060000000173f1-121.dat	upx
behavioral1/files/0x00060000000173fc-131.dat	upx
behavioral1/files/0x0006000000017472-134.dat	upx
behavioral1/files/0x0014000000018663-159.dat	upx
behavioral1/files/0x000d00000001866e-157.dat	upx
behavioral1/files/0x0006000000017525-151.dat	upx
behavioral1/files/0x0005000000018687-161.dat	upx
behavioral1/files/0x0006000000017487-141.dat	upx
behavioral1/files/0x00060000000174a2-145.dat	upx
behavioral1/files/0x00060000000173f4-126.dat	upx
behavioral1/files/0x00060000000173da-116.dat	upx
behavioral1/files/0x000600000001706d-111.dat	upx
behavioral1/files/0x0006000000016eca-106.dat	upx
behavioral1/files/0x0006000000016ea4-101.dat	upx
behavioral1/files/0x0006000000016dd7-96.dat	upx
behavioral1/files/0x0006000000016dd1-91.dat	upx
behavioral1/files/0x0006000000016d9a-81.dat	upx
behavioral1/files/0x0006000000016d96-76.dat	upx
behavioral1/files/0x0006000000016d46-71.dat	upx
behavioral1/files/0x0006000000016d3e-66.dat	upx
behavioral1/files/0x0006000000016d25-56.dat	upx
behavioral1/files/0x0006000000016cfc-51.dat	upx
behavioral1/files/0x0006000000016cd1-46.dat	upx
behavioral1/files/0x0009000000015e18-36.dat	upx
behavioral1/files/0x0007000000015db1-28.dat	upx
behavioral1/files/0x0007000000015d9a-27.dat	upx
behavioral1/memory/2156-2257-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/1300-2218-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2108-2210-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2276-2347-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2392-2554-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/1224-2589-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/3008-3168-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/1300-4160-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/1224-4161-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2156-4162-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2276-4163-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2108-4164-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2392-4165-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sFstaBR.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVsHJOA.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STAGFUs.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZOkmKV.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRKdHRA.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYtKGoH.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkfJtHS.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOtwodP.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHzpLLd.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCMTzBf.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jngNIwZ.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixAEiDc.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTsCyus.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkamtFC.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBrTyoj.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuluHPD.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\czahZwB.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHCbZzX.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekdFHWS.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usWnuKX.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDchvMo.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OhWyFfd.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiJcFWs.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWjJkFU.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAsQauQ.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BsmpqMD.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RoAvnul.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXorfCm.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZemjXvj.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPBBzcw.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKpbbyT.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYkIbbp.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JhTWbRy.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAiAEqj.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZIWZLh.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqFcBvH.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoXhAjv.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPdxzza.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBvvVUQ.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WinHbSS.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXfYCvp.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whcjyVG.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQnWMwp.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbLwrBj.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTulWSq.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hwtazvT.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpIcEeF.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcprsNn.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NryTsVM.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EAOtgaY.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZonyUC.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvNYNjZ.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYYUYvl.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vDiWefx.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhpcHuD.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhFcwJj.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKcyJNT.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVkYSLV.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjKdvHt.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWkPLgf.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oHaNKRO.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUDJTwb.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cIhRmvL.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTZXory.exe	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 1224	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 3008 wrote to memory of 1224	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 3008 wrote to memory of 1224	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 3008 wrote to memory of 2108	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 3008 wrote to memory of 2108	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 3008 wrote to memory of 2108	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 3008 wrote to memory of 1300	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3008 wrote to memory of 1300	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3008 wrote to memory of 1300	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3008 wrote to memory of 2276	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3008 wrote to memory of 2276	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3008 wrote to memory of 2276	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3008 wrote to memory of 2156	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3008 wrote to memory of 2156	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3008 wrote to memory of 2156	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3008 wrote to memory of 2392	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3008 wrote to memory of 2392	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3008 wrote to memory of 2392	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3008 wrote to memory of 2084	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3008 wrote to memory of 2084	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3008 wrote to memory of 2084	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3008 wrote to memory of 2244	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3008 wrote to memory of 2244	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3008 wrote to memory of 2244	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3008 wrote to memory of 3056	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3008 wrote to memory of 3056	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3008 wrote to memory of 3056	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3008 wrote to memory of 2152	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3008 wrote to memory of 2152	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3008 wrote to memory of 2152	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3008 wrote to memory of 2588	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3008 wrote to memory of 2588	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3008 wrote to memory of 2588	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3008 wrote to memory of 2676	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3008 wrote to memory of 2676	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3008 wrote to memory of 2676	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3008 wrote to memory of 2668	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3008 wrote to memory of 2668	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3008 wrote to memory of 2668	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3008 wrote to memory of 2728	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3008 wrote to memory of 2728	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3008 wrote to memory of 2728	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3008 wrote to memory of 2712	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3008 wrote to memory of 2712	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3008 wrote to memory of 2712	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3008 wrote to memory of 2328	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3008 wrote to memory of 2328	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3008 wrote to memory of 2328	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3008 wrote to memory of 3016	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3008 wrote to memory of 3016	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3008 wrote to memory of 3016	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3008 wrote to memory of 2648	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3008 wrote to memory of 2648	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3008 wrote to memory of 2648	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3008 wrote to memory of 2480	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3008 wrote to memory of 2480	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3008 wrote to memory of 2480	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3008 wrote to memory of 2544	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3008 wrote to memory of 2544	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3008 wrote to memory of 2544	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3008 wrote to memory of 2424	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3008 wrote to memory of 2424	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3008 wrote to memory of 2424	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3008 wrote to memory of 2956	3008	2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_7e914388d6c208fce98225884f034961_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\System\iheDGTr.exe
  C:\Windows\System\iheDGTr.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\FLBeaXZ.exe
  C:\Windows\System\FLBeaXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\bItSQOm.exe
  C:\Windows\System\bItSQOm.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\ZEQiyjy.exe
  C:\Windows\System\ZEQiyjy.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\YrTyemR.exe
  C:\Windows\System\YrTyemR.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\vjxEfjI.exe
  C:\Windows\System\vjxEfjI.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\FRtqrFR.exe
  C:\Windows\System\FRtqrFR.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\PkShsiy.exe
  C:\Windows\System\PkShsiy.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\GHMNaUC.exe
  C:\Windows\System\GHMNaUC.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\DtRrrMZ.exe
  C:\Windows\System\DtRrrMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\CTaeVQL.exe
  C:\Windows\System\CTaeVQL.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\qYrVckM.exe
  C:\Windows\System\qYrVckM.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\uNolgEi.exe
  C:\Windows\System\uNolgEi.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\sySAkBL.exe
  C:\Windows\System\sySAkBL.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\PqxPYiJ.exe
  C:\Windows\System\PqxPYiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\sFstaBR.exe
  C:\Windows\System\sFstaBR.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\JcOLdSQ.exe
  C:\Windows\System\JcOLdSQ.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\UFAzouU.exe
  C:\Windows\System\UFAzouU.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\NJewdoK.exe
  C:\Windows\System\NJewdoK.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\UHXPuXq.exe
  C:\Windows\System\UHXPuXq.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\IUxCDbW.exe
  C:\Windows\System\IUxCDbW.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\cCDxxeV.exe
  C:\Windows\System\cCDxxeV.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\bstocin.exe
  C:\Windows\System\bstocin.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\XzVNsNw.exe
  C:\Windows\System\XzVNsNw.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\EiQkuGq.exe
  C:\Windows\System\EiQkuGq.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\TftoSjS.exe
  C:\Windows\System\TftoSjS.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\pDLFwFY.exe
  C:\Windows\System\pDLFwFY.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\YtrUwUU.exe
  C:\Windows\System\YtrUwUU.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\Lnbowpv.exe
  C:\Windows\System\Lnbowpv.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\dmLKwcX.exe
  C:\Windows\System\dmLKwcX.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\sKHxrtq.exe
  C:\Windows\System\sKHxrtq.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\QkfJtHS.exe
  C:\Windows\System\QkfJtHS.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\MaUGvUy.exe
  C:\Windows\System\MaUGvUy.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\iAyoENr.exe
  C:\Windows\System\iAyoENr.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\fwBazuT.exe
  C:\Windows\System\fwBazuT.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\OoXhAjv.exe
  C:\Windows\System\OoXhAjv.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\NSdGKEr.exe
  C:\Windows\System\NSdGKEr.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\UQXvdUD.exe
  C:\Windows\System\UQXvdUD.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\sDJVpVh.exe
  C:\Windows\System\sDJVpVh.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\YDchvMo.exe
  C:\Windows\System\YDchvMo.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\QHivljC.exe
  C:\Windows\System\QHivljC.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\jIEVeVx.exe
  C:\Windows\System\jIEVeVx.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\tPStrJV.exe
  C:\Windows\System\tPStrJV.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\FQcDcUm.exe
  C:\Windows\System\FQcDcUm.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\lkNAirL.exe
  C:\Windows\System\lkNAirL.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\xbOzvin.exe
  C:\Windows\System\xbOzvin.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\QwmHied.exe
  C:\Windows\System\QwmHied.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\RoPVuEI.exe
  C:\Windows\System\RoPVuEI.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\fTsCyus.exe
  C:\Windows\System\fTsCyus.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\CWmqJyU.exe
  C:\Windows\System\CWmqJyU.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\nhYdhLa.exe
  C:\Windows\System\nhYdhLa.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\sMIXlMd.exe
  C:\Windows\System\sMIXlMd.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\ykIkqDt.exe
  C:\Windows\System\ykIkqDt.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\qMpXLbO.exe
  C:\Windows\System\qMpXLbO.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\fRCCbwN.exe
  C:\Windows\System\fRCCbwN.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ciJBXpI.exe
  C:\Windows\System\ciJBXpI.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\JUTXfan.exe
  C:\Windows\System\JUTXfan.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\aKvDEbP.exe
  C:\Windows\System\aKvDEbP.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\XProElv.exe
  C:\Windows\System\XProElv.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\GbjbeUF.exe
  C:\Windows\System\GbjbeUF.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\qydjsCn.exe
  C:\Windows\System\qydjsCn.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\uHkYcAd.exe
  C:\Windows\System\uHkYcAd.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\iCoxBpv.exe
  C:\Windows\System\iCoxBpv.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\wlzHHJI.exe
  C:\Windows\System\wlzHHJI.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\cTLRZeZ.exe
  C:\Windows\System\cTLRZeZ.exe
  2⤵
  PID:2672
- C:\Windows\System\uRaZRkf.exe
  C:\Windows\System\uRaZRkf.exe
  2⤵
  PID:2604
- C:\Windows\System\BRMvKaJ.exe
  C:\Windows\System\BRMvKaJ.exe
  2⤵
  PID:2640
- C:\Windows\System\jjcivTY.exe
  C:\Windows\System\jjcivTY.exe
  2⤵
  PID:2808
- C:\Windows\System\fMhTWZV.exe
  C:\Windows\System\fMhTWZV.exe
  2⤵
  PID:2492
- C:\Windows\System\nkebsyi.exe
  C:\Windows\System\nkebsyi.exe
  2⤵
  PID:2600
- C:\Windows\System\Qvljvgo.exe
  C:\Windows\System\Qvljvgo.exe
  2⤵
  PID:2336
- C:\Windows\System\cvwwloB.exe
  C:\Windows\System\cvwwloB.exe
  2⤵
  PID:1452
- C:\Windows\System\OAZmKIA.exe
  C:\Windows\System\OAZmKIA.exe
  2⤵
  PID:1792
- C:\Windows\System\ZQqSaUM.exe
  C:\Windows\System\ZQqSaUM.exe
  2⤵
  PID:1848
- C:\Windows\System\xSNQDFI.exe
  C:\Windows\System\xSNQDFI.exe
  2⤵
  PID:2696
- C:\Windows\System\xTmCNPO.exe
  C:\Windows\System\xTmCNPO.exe
  2⤵
  PID:568
- C:\Windows\System\JPdxzza.exe
  C:\Windows\System\JPdxzza.exe
  2⤵
  PID:1112
- C:\Windows\System\dZpxtts.exe
  C:\Windows\System\dZpxtts.exe
  2⤵
  PID:2972
- C:\Windows\System\eAivjkq.exe
  C:\Windows\System\eAivjkq.exe
  2⤵
  PID:444
- C:\Windows\System\DJUIxJD.exe
  C:\Windows\System\DJUIxJD.exe
  2⤵
  PID:2140
- C:\Windows\System\zfGDKVm.exe
  C:\Windows\System\zfGDKVm.exe
  2⤵
  PID:1924
- C:\Windows\System\DRSAcMh.exe
  C:\Windows\System\DRSAcMh.exe
  2⤵
  PID:1476
- C:\Windows\System\AcIaqAH.exe
  C:\Windows\System\AcIaqAH.exe
  2⤵
  PID:1756
- C:\Windows\System\QYkaDeD.exe
  C:\Windows\System\QYkaDeD.exe
  2⤵
  PID:2992
- C:\Windows\System\tFXIzWM.exe
  C:\Windows\System\tFXIzWM.exe
  2⤵
  PID:584
- C:\Windows\System\EAOtgaY.exe
  C:\Windows\System\EAOtgaY.exe
  2⤵
  PID:856
- C:\Windows\System\WXhdzMf.exe
  C:\Windows\System\WXhdzMf.exe
  2⤵
  PID:1772
- C:\Windows\System\OMIuqgu.exe
  C:\Windows\System\OMIuqgu.exe
  2⤵
  PID:1736
- C:\Windows\System\hhDldwS.exe
  C:\Windows\System\hhDldwS.exe
  2⤵
  PID:2184
- C:\Windows\System\sRTiLyF.exe
  C:\Windows\System\sRTiLyF.exe
  2⤵
  PID:2136
- C:\Windows\System\TcwPABQ.exe
  C:\Windows\System\TcwPABQ.exe
  2⤵
  PID:1928
- C:\Windows\System\VOtwodP.exe
  C:\Windows\System\VOtwodP.exe
  2⤵
  PID:1688
- C:\Windows\System\MXorfCm.exe
  C:\Windows\System\MXorfCm.exe
  2⤵
  PID:2284
- C:\Windows\System\afQysam.exe
  C:\Windows\System\afQysam.exe
  2⤵
  PID:2416
- C:\Windows\System\uKmCoUX.exe
  C:\Windows\System\uKmCoUX.exe
  2⤵
  PID:1292
- C:\Windows\System\UEiuXsz.exe
  C:\Windows\System\UEiuXsz.exe
  2⤵
  PID:2856
- C:\Windows\System\kcMCQzr.exe
  C:\Windows\System\kcMCQzr.exe
  2⤵
  PID:2824
- C:\Windows\System\KuaWKni.exe
  C:\Windows\System\KuaWKni.exe
  2⤵
  PID:2720
- C:\Windows\System\YVTGZnC.exe
  C:\Windows\System\YVTGZnC.exe
  2⤵
  PID:2532
- C:\Windows\System\eFmHfnt.exe
  C:\Windows\System\eFmHfnt.exe
  2⤵
  PID:1764
- C:\Windows\System\BNojkak.exe
  C:\Windows\System\BNojkak.exe
  2⤵
  PID:1664
- C:\Windows\System\mAWHVQx.exe
  C:\Windows\System\mAWHVQx.exe
  2⤵
  PID:1536
- C:\Windows\System\OhWyFfd.exe
  C:\Windows\System\OhWyFfd.exe
  2⤵
  PID:2904
- C:\Windows\System\jypPsqb.exe
  C:\Windows\System\jypPsqb.exe
  2⤵
  PID:2776
- C:\Windows\System\wiiUNVp.exe
  C:\Windows\System\wiiUNVp.exe
  2⤵
  PID:544
- C:\Windows\System\RemhLkn.exe
  C:\Windows\System\RemhLkn.exe
  2⤵
  PID:988
- C:\Windows\System\IEmkqSM.exe
  C:\Windows\System\IEmkqSM.exe
  2⤵
  PID:1960
- C:\Windows\System\scbcqpF.exe
  C:\Windows\System\scbcqpF.exe
  2⤵
  PID:1864
- C:\Windows\System\ijlkUvC.exe
  C:\Windows\System\ijlkUvC.exe
  2⤵
  PID:2872
- C:\Windows\System\tgFoFAd.exe
  C:\Windows\System\tgFoFAd.exe
  2⤵
  PID:560
- C:\Windows\System\oeNlnpt.exe
  C:\Windows\System\oeNlnpt.exe
  2⤵
  PID:2456
- C:\Windows\System\sOwNiIN.exe
  C:\Windows\System\sOwNiIN.exe
  2⤵
  PID:1564
- C:\Windows\System\olOjlmV.exe
  C:\Windows\System\olOjlmV.exe
  2⤵
  PID:2044
- C:\Windows\System\kBjWJJK.exe
  C:\Windows\System\kBjWJJK.exe
  2⤵
  PID:2896
- C:\Windows\System\sNFJNsT.exe
  C:\Windows\System\sNFJNsT.exe
  2⤵
  PID:2188
- C:\Windows\System\NFfpcbN.exe
  C:\Windows\System\NFfpcbN.exe
  2⤵
  PID:1804
- C:\Windows\System\PnzaAGh.exe
  C:\Windows\System\PnzaAGh.exe
  2⤵
  PID:2520
- C:\Windows\System\PRCFETj.exe
  C:\Windows\System\PRCFETj.exe
  2⤵
  PID:2952
- C:\Windows\System\eNBWqQS.exe
  C:\Windows\System\eNBWqQS.exe
  2⤵
  PID:2804
- C:\Windows\System\VGiFBJn.exe
  C:\Windows\System\VGiFBJn.exe
  2⤵
  PID:300
- C:\Windows\System\ChPnnmL.exe
  C:\Windows\System\ChPnnmL.exe
  2⤵
  PID:3088
- C:\Windows\System\LSKuuBl.exe
  C:\Windows\System\LSKuuBl.exe
  2⤵
  PID:3108
- C:\Windows\System\ZDVXFMN.exe
  C:\Windows\System\ZDVXFMN.exe
  2⤵
  PID:3128
- C:\Windows\System\upRrroy.exe
  C:\Windows\System\upRrroy.exe
  2⤵
  PID:3148
- C:\Windows\System\dSNdnot.exe
  C:\Windows\System\dSNdnot.exe
  2⤵
  PID:3168
- C:\Windows\System\cJdwdft.exe
  C:\Windows\System\cJdwdft.exe
  2⤵
  PID:3184
- C:\Windows\System\GhFcwJj.exe
  C:\Windows\System\GhFcwJj.exe
  2⤵
  PID:3208
- C:\Windows\System\pPDEXaj.exe
  C:\Windows\System\pPDEXaj.exe
  2⤵
  PID:3224
- C:\Windows\System\eoFvBdZ.exe
  C:\Windows\System\eoFvBdZ.exe
  2⤵
  PID:3240
- C:\Windows\System\EothzvG.exe
  C:\Windows\System\EothzvG.exe
  2⤵
  PID:3264
- C:\Windows\System\YeSuPlt.exe
  C:\Windows\System\YeSuPlt.exe
  2⤵
  PID:3284
- C:\Windows\System\dIJZQUt.exe
  C:\Windows\System\dIJZQUt.exe
  2⤵
  PID:3308
- C:\Windows\System\oSVRdfp.exe
  C:\Windows\System\oSVRdfp.exe
  2⤵
  PID:3328
- C:\Windows\System\XfrJeSi.exe
  C:\Windows\System\XfrJeSi.exe
  2⤵
  PID:3344
- C:\Windows\System\WzqBkcx.exe
  C:\Windows\System\WzqBkcx.exe
  2⤵
  PID:3360
- C:\Windows\System\GHUldwJ.exe
  C:\Windows\System\GHUldwJ.exe
  2⤵
  PID:3376
- C:\Windows\System\mElUKUX.exe
  C:\Windows\System\mElUKUX.exe
  2⤵
  PID:3392
- C:\Windows\System\AFByJKo.exe
  C:\Windows\System\AFByJKo.exe
  2⤵
  PID:3408
- C:\Windows\System\kGmosNx.exe
  C:\Windows\System\kGmosNx.exe
  2⤵
  PID:3432
- C:\Windows\System\wkpinDC.exe
  C:\Windows\System\wkpinDC.exe
  2⤵
  PID:3448
- C:\Windows\System\dGokglV.exe
  C:\Windows\System\dGokglV.exe
  2⤵
  PID:3464
- C:\Windows\System\xzIpnJT.exe
  C:\Windows\System\xzIpnJT.exe
  2⤵
  PID:3480
- C:\Windows\System\cFvdmHt.exe
  C:\Windows\System\cFvdmHt.exe
  2⤵
  PID:3500
- C:\Windows\System\MFJgUMy.exe
  C:\Windows\System\MFJgUMy.exe
  2⤵
  PID:3528
- C:\Windows\System\ddBDgNe.exe
  C:\Windows\System\ddBDgNe.exe
  2⤵
  PID:3568
- C:\Windows\System\jRdHTdO.exe
  C:\Windows\System\jRdHTdO.exe
  2⤵
  PID:3588
- C:\Windows\System\bwQAeLw.exe
  C:\Windows\System\bwQAeLw.exe
  2⤵
  PID:3608
- C:\Windows\System\zXpacay.exe
  C:\Windows\System\zXpacay.exe
  2⤵
  PID:3624
- C:\Windows\System\PGfbFIy.exe
  C:\Windows\System\PGfbFIy.exe
  2⤵
  PID:3640
- C:\Windows\System\PQWxYHc.exe
  C:\Windows\System\PQWxYHc.exe
  2⤵
  PID:3660
- C:\Windows\System\BdYRHKq.exe
  C:\Windows\System\BdYRHKq.exe
  2⤵
  PID:3676
- C:\Windows\System\CdlenSx.exe
  C:\Windows\System\CdlenSx.exe
  2⤵
  PID:3692
- C:\Windows\System\lLCdlyP.exe
  C:\Windows\System\lLCdlyP.exe
  2⤵
  PID:3708
- C:\Windows\System\HbASLbJ.exe
  C:\Windows\System\HbASLbJ.exe
  2⤵
  PID:3724
- C:\Windows\System\uKqGXop.exe
  C:\Windows\System\uKqGXop.exe
  2⤵
  PID:3740
- C:\Windows\System\YhvjZjp.exe
  C:\Windows\System\YhvjZjp.exe
  2⤵
  PID:3756
- C:\Windows\System\iQPvtBN.exe
  C:\Windows\System\iQPvtBN.exe
  2⤵
  PID:3772
- C:\Windows\System\XSfpBsy.exe
  C:\Windows\System\XSfpBsy.exe
  2⤵
  PID:3792
- C:\Windows\System\cXJfmFj.exe
  C:\Windows\System\cXJfmFj.exe
  2⤵
  PID:3824
- C:\Windows\System\aNLkVfv.exe
  C:\Windows\System\aNLkVfv.exe
  2⤵
  PID:3848
- C:\Windows\System\DcflnKG.exe
  C:\Windows\System\DcflnKG.exe
  2⤵
  PID:3864
- C:\Windows\System\nOMZUTA.exe
  C:\Windows\System\nOMZUTA.exe
  2⤵
  PID:3912
- C:\Windows\System\BXcHSfu.exe
  C:\Windows\System\BXcHSfu.exe
  2⤵
  PID:3928
- C:\Windows\System\BCdcnlQ.exe
  C:\Windows\System\BCdcnlQ.exe
  2⤵
  PID:3952
- C:\Windows\System\Sxxawji.exe
  C:\Windows\System\Sxxawji.exe
  2⤵
  PID:3968
- C:\Windows\System\jSFPZAg.exe
  C:\Windows\System\jSFPZAg.exe
  2⤵
  PID:3988
- C:\Windows\System\QHuTfdb.exe
  C:\Windows\System\QHuTfdb.exe
  2⤵
  PID:4008
- C:\Windows\System\YmpXcDf.exe
  C:\Windows\System\YmpXcDf.exe
  2⤵
  PID:4028
- C:\Windows\System\HnqRigK.exe
  C:\Windows\System\HnqRigK.exe
  2⤵
  PID:4048
- C:\Windows\System\xAmijiU.exe
  C:\Windows\System\xAmijiU.exe
  2⤵
  PID:4064
- C:\Windows\System\pCwFoNf.exe
  C:\Windows\System\pCwFoNf.exe
  2⤵
  PID:4080
- C:\Windows\System\erWAwnm.exe
  C:\Windows\System\erWAwnm.exe
  2⤵
  PID:576
- C:\Windows\System\YiGdZSW.exe
  C:\Windows\System\YiGdZSW.exe
  2⤵
  PID:940
- C:\Windows\System\NKgkDah.exe
  C:\Windows\System\NKgkDah.exe
  2⤵
  PID:2340
- C:\Windows\System\gykFFgW.exe
  C:\Windows\System\gykFFgW.exe
  2⤵
  PID:2832
- C:\Windows\System\ZdXKKah.exe
  C:\Windows\System\ZdXKKah.exe
  2⤵
  PID:2320
- C:\Windows\System\HigxGmY.exe
  C:\Windows\System\HigxGmY.exe
  2⤵
  PID:2308
- C:\Windows\System\jShfHDv.exe
  C:\Windows\System\jShfHDv.exe
  2⤵
  PID:2412
- C:\Windows\System\emsbRYt.exe
  C:\Windows\System\emsbRYt.exe
  2⤵
  PID:1944
- C:\Windows\System\GMxSoow.exe
  C:\Windows\System\GMxSoow.exe
  2⤵
  PID:2256
- C:\Windows\System\hXXmUIl.exe
  C:\Windows\System\hXXmUIl.exe
  2⤵
  PID:2792
- C:\Windows\System\MEoDXUP.exe
  C:\Windows\System\MEoDXUP.exe
  2⤵
  PID:2932
- C:\Windows\System\QkZObdS.exe
  C:\Windows\System\QkZObdS.exe
  2⤵
  PID:3136
- C:\Windows\System\knWAqYl.exe
  C:\Windows\System\knWAqYl.exe
  2⤵
  PID:3252
- C:\Windows\System\KUmvPWJ.exe
  C:\Windows\System\KUmvPWJ.exe
  2⤵
  PID:1776
- C:\Windows\System\OXAGERm.exe
  C:\Windows\System\OXAGERm.exe
  2⤵
  PID:3116
- C:\Windows\System\gzgTtik.exe
  C:\Windows\System\gzgTtik.exe
  2⤵
  PID:3160
- C:\Windows\System\NBvmNUV.exe
  C:\Windows\System\NBvmNUV.exe
  2⤵
  PID:3472
- C:\Windows\System\CDLFpVk.exe
  C:\Windows\System\CDLFpVk.exe
  2⤵
  PID:3516
- C:\Windows\System\IZonyUC.exe
  C:\Windows\System\IZonyUC.exe
  2⤵
  PID:3580
- C:\Windows\System\BKOHhdl.exe
  C:\Windows\System\BKOHhdl.exe
  2⤵
  PID:3648
- C:\Windows\System\nyqPnhV.exe
  C:\Windows\System\nyqPnhV.exe
  2⤵
  PID:3192
- C:\Windows\System\DErUOYT.exe
  C:\Windows\System\DErUOYT.exe
  2⤵
  PID:3652
- C:\Windows\System\XruDNws.exe
  C:\Windows\System\XruDNws.exe
  2⤵
  PID:3716
- C:\Windows\System\ozhaIeK.exe
  C:\Windows\System\ozhaIeK.exe
  2⤵
  PID:3492
- C:\Windows\System\RbSAbhT.exe
  C:\Windows\System\RbSAbhT.exe
  2⤵
  PID:3388
- C:\Windows\System\xYkIbbp.exe
  C:\Windows\System\xYkIbbp.exe
  2⤵
  PID:3540
- C:\Windows\System\VxUOteV.exe
  C:\Windows\System\VxUOteV.exe
  2⤵
  PID:3560
- C:\Windows\System\IhmVaJn.exe
  C:\Windows\System\IhmVaJn.exe
  2⤵
  PID:3784
- C:\Windows\System\JkbsRqZ.exe
  C:\Windows\System\JkbsRqZ.exe
  2⤵
  PID:3600
- C:\Windows\System\NXytQxx.exe
  C:\Windows\System\NXytQxx.exe
  2⤵
  PID:3808
- C:\Windows\System\IBjMWbU.exe
  C:\Windows\System\IBjMWbU.exe
  2⤵
  PID:3856
- C:\Windows\System\BipWwQl.exe
  C:\Windows\System\BipWwQl.exe
  2⤵
  PID:3672
- C:\Windows\System\yFgGqvR.exe
  C:\Windows\System\yFgGqvR.exe
  2⤵
  PID:3860
- C:\Windows\System\RmxwRNZ.exe
  C:\Windows\System\RmxwRNZ.exe
  2⤵
  PID:3888
- C:\Windows\System\YHThyxE.exe
  C:\Windows\System\YHThyxE.exe
  2⤵
  PID:3920
- C:\Windows\System\xtwQbLl.exe
  C:\Windows\System\xtwQbLl.exe
  2⤵
  PID:3948
- C:\Windows\System\hrRmZKs.exe
  C:\Windows\System\hrRmZKs.exe
  2⤵
  PID:4020
- C:\Windows\System\KhZOXuY.exe
  C:\Windows\System\KhZOXuY.exe
  2⤵
  PID:4092
- C:\Windows\System\BBvvVUQ.exe
  C:\Windows\System\BBvvVUQ.exe
  2⤵
  PID:1592
- C:\Windows\System\kpmpVst.exe
  C:\Windows\System\kpmpVst.exe
  2⤵
  PID:1492
- C:\Windows\System\CKhhXnD.exe
  C:\Windows\System\CKhhXnD.exe
  2⤵
  PID:4000
- C:\Windows\System\BIdoXVE.exe
  C:\Windows\System\BIdoXVE.exe
  2⤵
  PID:3220
- C:\Windows\System\VGtUCkH.exe
  C:\Windows\System\VGtUCkH.exe
  2⤵
  PID:4040
- C:\Windows\System\bxIZlpi.exe
  C:\Windows\System\bxIZlpi.exe
  2⤵
  PID:3104
- C:\Windows\System\fyHzQmk.exe
  C:\Windows\System\fyHzQmk.exe
  2⤵
  PID:2584
- C:\Windows\System\oHaNKRO.exe
  C:\Windows\System\oHaNKRO.exe
  2⤵
  PID:2436
- C:\Windows\System\CiSHHjx.exe
  C:\Windows\System\CiSHHjx.exe
  2⤵
  PID:4076
- C:\Windows\System\axrPcZi.exe
  C:\Windows\System\axrPcZi.exe
  2⤵
  PID:3300
- C:\Windows\System\XzpjDuV.exe
  C:\Windows\System\XzpjDuV.exe
  2⤵
  PID:3372
- C:\Windows\System\hVpaDrL.exe
  C:\Windows\System\hVpaDrL.exe
  2⤵
  PID:3204
- C:\Windows\System\TnVcQvh.exe
  C:\Windows\System\TnVcQvh.exe
  2⤵
  PID:3276
- C:\Windows\System\pUccdaw.exe
  C:\Windows\System\pUccdaw.exe
  2⤵
  PID:3280
- C:\Windows\System\lyrruiQ.exe
  C:\Windows\System\lyrruiQ.exe
  2⤵
  PID:3420
- C:\Windows\System\mjPUOiX.exe
  C:\Windows\System\mjPUOiX.exe
  2⤵
  PID:3620
- C:\Windows\System\ZVwKZKz.exe
  C:\Windows\System\ZVwKZKz.exe
  2⤵
  PID:3428
- C:\Windows\System\sNOWxCD.exe
  C:\Windows\System\sNOWxCD.exe
  2⤵
  PID:3356
- C:\Windows\System\ooEZwOC.exe
  C:\Windows\System\ooEZwOC.exe
  2⤵
  PID:3844
- C:\Windows\System\ctxeIfc.exe
  C:\Windows\System\ctxeIfc.exe
  2⤵
  PID:3820
- C:\Windows\System\vwoOngt.exe
  C:\Windows\System\vwoOngt.exe
  2⤵
  PID:3736
- C:\Windows\System\pffQhcv.exe
  C:\Windows\System\pffQhcv.exe
  2⤵
  PID:3636
- C:\Windows\System\BbKIUff.exe
  C:\Windows\System\BbKIUff.exe
  2⤵
  PID:3876
- C:\Windows\System\uzbOprF.exe
  C:\Windows\System\uzbOprF.exe
  2⤵
  PID:4016
- C:\Windows\System\WvkhCHi.exe
  C:\Windows\System\WvkhCHi.exe
  2⤵
  PID:4088
- C:\Windows\System\exIrqrx.exe
  C:\Windows\System\exIrqrx.exe
  2⤵
  PID:3964
- C:\Windows\System\TxuAoGW.exe
  C:\Windows\System\TxuAoGW.exe
  2⤵
  PID:4004
- C:\Windows\System\kKOQJom.exe
  C:\Windows\System\kKOQJom.exe
  2⤵
  PID:3176
- C:\Windows\System\LcHwjpE.exe
  C:\Windows\System\LcHwjpE.exe
  2⤵
  PID:3100
- C:\Windows\System\qJEKddC.exe
  C:\Windows\System\qJEKddC.exe
  2⤵
  PID:1248
- C:\Windows\System\rtoZRHO.exe
  C:\Windows\System\rtoZRHO.exe
  2⤵
  PID:4044
- C:\Windows\System\xxKawLC.exe
  C:\Windows\System\xxKawLC.exe
  2⤵
  PID:3404
- C:\Windows\System\TPKfNUx.exe
  C:\Windows\System\TPKfNUx.exe
  2⤵
  PID:3444
- C:\Windows\System\FbVGMei.exe
  C:\Windows\System\FbVGMei.exe
  2⤵
  PID:3512
- C:\Windows\System\aFIeKpo.exe
  C:\Windows\System\aFIeKpo.exe
  2⤵
  PID:3232
- C:\Windows\System\ELKQjAh.exe
  C:\Windows\System\ELKQjAh.exe
  2⤵
  PID:3804
- C:\Windows\System\MWxkzmV.exe
  C:\Windows\System\MWxkzmV.exe
  2⤵
  PID:3556
- C:\Windows\System\KSBtFKP.exe
  C:\Windows\System\KSBtFKP.exe
  2⤵
  PID:3780
- C:\Windows\System\ExsYmtU.exe
  C:\Windows\System\ExsYmtU.exe
  2⤵
  PID:2348
- C:\Windows\System\xdanVEW.exe
  C:\Windows\System\xdanVEW.exe
  2⤵
  PID:3704
- C:\Windows\System\LIQkkxQ.exe
  C:\Windows\System\LIQkkxQ.exe
  2⤵
  PID:3980
- C:\Windows\System\tUKVQiH.exe
  C:\Windows\System\tUKVQiH.exe
  2⤵
  PID:2644
- C:\Windows\System\kUxVYhW.exe
  C:\Windows\System\kUxVYhW.exe
  2⤵
  PID:3440
- C:\Windows\System\gIMyeEj.exe
  C:\Windows\System\gIMyeEj.exe
  2⤵
  PID:4116
- C:\Windows\System\gkamtFC.exe
  C:\Windows\System\gkamtFC.exe
  2⤵
  PID:4132
- C:\Windows\System\fdsJnfa.exe
  C:\Windows\System\fdsJnfa.exe
  2⤵
  PID:4152
- C:\Windows\System\DGmztaA.exe
  C:\Windows\System\DGmztaA.exe
  2⤵
  PID:4172
- C:\Windows\System\zipBQwO.exe
  C:\Windows\System\zipBQwO.exe
  2⤵
  PID:4192
- C:\Windows\System\oriTFxH.exe
  C:\Windows\System\oriTFxH.exe
  2⤵
  PID:4212
- C:\Windows\System\WinHbSS.exe
  C:\Windows\System\WinHbSS.exe
  2⤵
  PID:4232
- C:\Windows\System\VFrPzUI.exe
  C:\Windows\System\VFrPzUI.exe
  2⤵
  PID:4248
- C:\Windows\System\EiQJMOB.exe
  C:\Windows\System\EiQJMOB.exe
  2⤵
  PID:4264
- C:\Windows\System\HuCfFbZ.exe
  C:\Windows\System\HuCfFbZ.exe
  2⤵
  PID:4284
- C:\Windows\System\QvTCFCw.exe
  C:\Windows\System\QvTCFCw.exe
  2⤵
  PID:4304
- C:\Windows\System\BlDQUjl.exe
  C:\Windows\System\BlDQUjl.exe
  2⤵
  PID:4320
- C:\Windows\System\eoGNrWx.exe
  C:\Windows\System\eoGNrWx.exe
  2⤵
  PID:4336
- C:\Windows\System\VTWwPDI.exe
  C:\Windows\System\VTWwPDI.exe
  2⤵
  PID:4352
- C:\Windows\System\frmxHBP.exe
  C:\Windows\System\frmxHBP.exe
  2⤵
  PID:4368
- C:\Windows\System\HzvSKMx.exe
  C:\Windows\System\HzvSKMx.exe
  2⤵
  PID:4384
- C:\Windows\System\PjotRQx.exe
  C:\Windows\System\PjotRQx.exe
  2⤵
  PID:4404
- C:\Windows\System\WmCVmrk.exe
  C:\Windows\System\WmCVmrk.exe
  2⤵
  PID:4432
- C:\Windows\System\RzSWBYA.exe
  C:\Windows\System\RzSWBYA.exe
  2⤵
  PID:4452
- C:\Windows\System\cYneJen.exe
  C:\Windows\System\cYneJen.exe
  2⤵
  PID:4472
- C:\Windows\System\JUVIXPx.exe
  C:\Windows\System\JUVIXPx.exe
  2⤵
  PID:4492
- C:\Windows\System\sCLVCCC.exe
  C:\Windows\System\sCLVCCC.exe
  2⤵
  PID:4516
- C:\Windows\System\VvCfsUe.exe
  C:\Windows\System\VvCfsUe.exe
  2⤵
  PID:4532
- C:\Windows\System\XCyPTRj.exe
  C:\Windows\System\XCyPTRj.exe
  2⤵
  PID:4576
- C:\Windows\System\xnpqEMu.exe
  C:\Windows\System\xnpqEMu.exe
  2⤵
  PID:4596
- C:\Windows\System\PccnYLE.exe
  C:\Windows\System\PccnYLE.exe
  2⤵
  PID:4616
- C:\Windows\System\RcjUbAI.exe
  C:\Windows\System\RcjUbAI.exe
  2⤵
  PID:4636
- C:\Windows\System\KcoezxH.exe
  C:\Windows\System\KcoezxH.exe
  2⤵
  PID:4656
- C:\Windows\System\zieYUlE.exe
  C:\Windows\System\zieYUlE.exe
  2⤵
  PID:4676
- C:\Windows\System\raLWheZ.exe
  C:\Windows\System\raLWheZ.exe
  2⤵
  PID:4696
- C:\Windows\System\vcZhdVX.exe
  C:\Windows\System\vcZhdVX.exe
  2⤵
  PID:4716
- C:\Windows\System\ovXNDpX.exe
  C:\Windows\System\ovXNDpX.exe
  2⤵
  PID:4736
- C:\Windows\System\WioqEoG.exe
  C:\Windows\System\WioqEoG.exe
  2⤵
  PID:4756
- C:\Windows\System\GkLDjbq.exe
  C:\Windows\System\GkLDjbq.exe
  2⤵
  PID:4776
- C:\Windows\System\MnYISYL.exe
  C:\Windows\System\MnYISYL.exe
  2⤵
  PID:4796
- C:\Windows\System\BcssHmt.exe
  C:\Windows\System\BcssHmt.exe
  2⤵
  PID:4816
- C:\Windows\System\gBPLHHS.exe
  C:\Windows\System\gBPLHHS.exe
  2⤵
  PID:4836
- C:\Windows\System\QiGlhAx.exe
  C:\Windows\System\QiGlhAx.exe
  2⤵
  PID:4856
- C:\Windows\System\InbawTX.exe
  C:\Windows\System\InbawTX.exe
  2⤵
  PID:4876
- C:\Windows\System\FurFPJu.exe
  C:\Windows\System\FurFPJu.exe
  2⤵
  PID:4896
- C:\Windows\System\rSmsbxf.exe
  C:\Windows\System\rSmsbxf.exe
  2⤵
  PID:4916
- C:\Windows\System\GoYttWJ.exe
  C:\Windows\System\GoYttWJ.exe
  2⤵
  PID:4936
- C:\Windows\System\tFDAdDJ.exe
  C:\Windows\System\tFDAdDJ.exe
  2⤵
  PID:4956
- C:\Windows\System\UkNrKGX.exe
  C:\Windows\System\UkNrKGX.exe
  2⤵
  PID:4976
- C:\Windows\System\vSUGkne.exe
  C:\Windows\System\vSUGkne.exe
  2⤵
  PID:4996
- C:\Windows\System\cnchMaY.exe
  C:\Windows\System\cnchMaY.exe
  2⤵
  PID:5016
- C:\Windows\System\QlivLPx.exe
  C:\Windows\System\QlivLPx.exe
  2⤵
  PID:5036
- C:\Windows\System\YpZARhn.exe
  C:\Windows\System\YpZARhn.exe
  2⤵
  PID:5056
- C:\Windows\System\gboERgm.exe
  C:\Windows\System\gboERgm.exe
  2⤵
  PID:5076
- C:\Windows\System\VQrYDFQ.exe
  C:\Windows\System\VQrYDFQ.exe
  2⤵
  PID:5096
- C:\Windows\System\IjvyNhI.exe
  C:\Windows\System\IjvyNhI.exe
  2⤵
  PID:5116
- C:\Windows\System\edrBDHv.exe
  C:\Windows\System\edrBDHv.exe
  2⤵
  PID:2132
- C:\Windows\System\PEsWXJl.exe
  C:\Windows\System\PEsWXJl.exe
  2⤵
  PID:3324
- C:\Windows\System\QYBrNnr.exe
  C:\Windows\System\QYBrNnr.exe
  2⤵
  PID:3752
- C:\Windows\System\dNkPtfP.exe
  C:\Windows\System\dNkPtfP.exe
  2⤵
  PID:3884
- C:\Windows\System\hJTTUeL.exe
  C:\Windows\System\hJTTUeL.exe
  2⤵
  PID:3576
- C:\Windows\System\hwLXSXi.exe
  C:\Windows\System\hwLXSXi.exe
  2⤵
  PID:4160
- C:\Windows\System\DXXNINt.exe
  C:\Windows\System\DXXNINt.exe
  2⤵
  PID:3688
- C:\Windows\System\nGYdwrz.exe
  C:\Windows\System\nGYdwrz.exe
  2⤵
  PID:4280
- C:\Windows\System\BogBptv.exe
  C:\Windows\System\BogBptv.exe
  2⤵
  PID:3840
- C:\Windows\System\XdxikWg.exe
  C:\Windows\System\XdxikWg.exe
  2⤵
  PID:3788
- C:\Windows\System\ompIkyy.exe
  C:\Windows\System\ompIkyy.exe
  2⤵
  PID:4056
- C:\Windows\System\fqtAXhO.exe
  C:\Windows\System\fqtAXhO.exe
  2⤵
  PID:4412
- C:\Windows\System\pinXcKx.exe
  C:\Windows\System\pinXcKx.exe
  2⤵
  PID:4112
- C:\Windows\System\LyCJjeO.exe
  C:\Windows\System\LyCJjeO.exe
  2⤵
  PID:4148
- C:\Windows\System\CmooRnI.exe
  C:\Windows\System\CmooRnI.exe
  2⤵
  PID:4224
- C:\Windows\System\csJHupU.exe
  C:\Windows\System\csJHupU.exe
  2⤵
  PID:4260
- C:\Windows\System\PqNBPej.exe
  C:\Windows\System\PqNBPej.exe
  2⤵
  PID:4292
- C:\Windows\System\TjPJDBJ.exe
  C:\Windows\System\TjPJDBJ.exe
  2⤵
  PID:4484
- C:\Windows\System\BEbwEYm.exe
  C:\Windows\System\BEbwEYm.exe
  2⤵
  PID:4440
- C:\Windows\System\ohCnedS.exe
  C:\Windows\System\ohCnedS.exe
  2⤵
  PID:4332
- C:\Windows\System\kygFkGX.exe
  C:\Windows\System\kygFkGX.exe
  2⤵
  PID:4548
- C:\Windows\System\zuzIUnp.exe
  C:\Windows\System\zuzIUnp.exe
  2⤵
  PID:4572
- C:\Windows\System\UpbwPxM.exe
  C:\Windows\System\UpbwPxM.exe
  2⤵
  PID:4588
- C:\Windows\System\MioKJIH.exe
  C:\Windows\System\MioKJIH.exe
  2⤵
  PID:4632
- C:\Windows\System\aGaearZ.exe
  C:\Windows\System\aGaearZ.exe
  2⤵
  PID:4684
- C:\Windows\System\bUDJTwb.exe
  C:\Windows\System\bUDJTwb.exe
  2⤵
  PID:4688
- C:\Windows\System\UZXdWiA.exe
  C:\Windows\System\UZXdWiA.exe
  2⤵
  PID:4728
- C:\Windows\System\uZBaVhs.exe
  C:\Windows\System\uZBaVhs.exe
  2⤵
  PID:4752
- C:\Windows\System\bpPyzCU.exe
  C:\Windows\System\bpPyzCU.exe
  2⤵
  PID:4812
- C:\Windows\System\HsNgwFd.exe
  C:\Windows\System\HsNgwFd.exe
  2⤵
  PID:4844
- C:\Windows\System\grdJPhN.exe
  C:\Windows\System\grdJPhN.exe
  2⤵
  PID:4892
- C:\Windows\System\cMPYcpe.exe
  C:\Windows\System\cMPYcpe.exe
  2⤵
  PID:4904
- C:\Windows\System\DvTbZtK.exe
  C:\Windows\System\DvTbZtK.exe
  2⤵
  PID:4928
- C:\Windows\System\MpFfFNI.exe
  C:\Windows\System\MpFfFNI.exe
  2⤵
  PID:4968
- C:\Windows\System\cIhRmvL.exe
  C:\Windows\System\cIhRmvL.exe
  2⤵
  PID:5004
- C:\Windows\System\YVsHJOA.exe
  C:\Windows\System\YVsHJOA.exe
  2⤵
  PID:5048
- C:\Windows\System\UmMhoLI.exe
  C:\Windows\System\UmMhoLI.exe
  2⤵
  PID:5072
- C:\Windows\System\STXCsXk.exe
  C:\Windows\System\STXCsXk.exe
  2⤵
  PID:5104
- C:\Windows\System\fMwGEVD.exe
  C:\Windows\System\fMwGEVD.exe
  2⤵
  PID:3096
- C:\Windows\System\dhDPvgd.exe
  C:\Windows\System\dhDPvgd.exe
  2⤵
  PID:3292
- C:\Windows\System\RnLqiKe.exe
  C:\Windows\System\RnLqiKe.exe
  2⤵
  PID:3368
- C:\Windows\System\ZYRzcxr.exe
  C:\Windows\System\ZYRzcxr.exe
  2⤵
  PID:4204
- C:\Windows\System\FuqjGbh.exe
  C:\Windows\System\FuqjGbh.exe
  2⤵
  PID:4348
- C:\Windows\System\RwKNdLk.exe
  C:\Windows\System\RwKNdLk.exe
  2⤵
  PID:4060
- C:\Windows\System\xuWUfRH.exe
  C:\Windows\System\xuWUfRH.exe
  2⤵
  PID:4380
- C:\Windows\System\rVGvLjO.exe
  C:\Windows\System\rVGvLjO.exe
  2⤵
  PID:4428
- C:\Windows\System\IfRZvjt.exe
  C:\Windows\System\IfRZvjt.exe
  2⤵
  PID:4108
- C:\Windows\System\rgfojmx.exe
  C:\Windows\System\rgfojmx.exe
  2⤵
  PID:4508
- C:\Windows\System\KjcnquO.exe
  C:\Windows\System\KjcnquO.exe
  2⤵
  PID:4524
- C:\Windows\System\wRTtNsX.exe
  C:\Windows\System\wRTtNsX.exe
  2⤵
  PID:4528
- C:\Windows\System\sHbpoUE.exe
  C:\Windows\System\sHbpoUE.exe
  2⤵
  PID:4604
- C:\Windows\System\FuaErvz.exe
  C:\Windows\System\FuaErvz.exe
  2⤵
  PID:4584
- C:\Windows\System\BKyZyEQ.exe
  C:\Windows\System\BKyZyEQ.exe
  2⤵
  PID:4624
- C:\Windows\System\kgCMNhB.exe
  C:\Windows\System\kgCMNhB.exe
  2⤵
  PID:4668
- C:\Windows\System\QWwslcK.exe
  C:\Windows\System\QWwslcK.exe
  2⤵
  PID:4748
- C:\Windows\System\IOUkqnp.exe
  C:\Windows\System\IOUkqnp.exe
  2⤵
  PID:4808
- C:\Windows\System\wKrAvjf.exe
  C:\Windows\System\wKrAvjf.exe
  2⤵
  PID:4872
- C:\Windows\System\bzRuxTJ.exe
  C:\Windows\System\bzRuxTJ.exe
  2⤵
  PID:4912
- C:\Windows\System\zbbkNgu.exe
  C:\Windows\System\zbbkNgu.exe
  2⤵
  PID:4964
- C:\Windows\System\YxPFiWE.exe
  C:\Windows\System\YxPFiWE.exe
  2⤵
  PID:5044
- C:\Windows\System\XnkPGVT.exe
  C:\Windows\System\XnkPGVT.exe
  2⤵
  PID:5108
- C:\Windows\System\SFECbfa.exe
  C:\Windows\System\SFECbfa.exe
  2⤵
  PID:3456
- C:\Windows\System\KnKrBNv.exe
  C:\Windows\System\KnKrBNv.exe
  2⤵
  PID:3944
- C:\Windows\System\VTjFzDQ.exe
  C:\Windows\System\VTjFzDQ.exe
  2⤵
  PID:4124
- C:\Windows\System\TqUcohY.exe
  C:\Windows\System\TqUcohY.exe
  2⤵
  PID:3836
- C:\Windows\System\vMCaXbT.exe
  C:\Windows\System\vMCaXbT.exe
  2⤵
  PID:4180
- C:\Windows\System\baeWhNk.exe
  C:\Windows\System\baeWhNk.exe
  2⤵
  PID:4504
- C:\Windows\System\vDiWefx.exe
  C:\Windows\System\vDiWefx.exe
  2⤵
  PID:4364
- C:\Windows\System\gUjnAZX.exe
  C:\Windows\System\gUjnAZX.exe
  2⤵
  PID:4564
- C:\Windows\System\SyzkgYG.exe
  C:\Windows\System\SyzkgYG.exe
  2⤵
  PID:5132
- C:\Windows\System\xuIyGwf.exe
  C:\Windows\System\xuIyGwf.exe
  2⤵
  PID:5152
- C:\Windows\System\XdEfcmE.exe
  C:\Windows\System\XdEfcmE.exe
  2⤵
  PID:5172
- C:\Windows\System\fDyUXoX.exe
  C:\Windows\System\fDyUXoX.exe
  2⤵
  PID:5192
- C:\Windows\System\kUlFQkx.exe
  C:\Windows\System\kUlFQkx.exe
  2⤵
  PID:5212
- C:\Windows\System\OVNenXs.exe
  C:\Windows\System\OVNenXs.exe
  2⤵
  PID:5232
- C:\Windows\System\dEXtEHx.exe
  C:\Windows\System\dEXtEHx.exe
  2⤵
  PID:5252
- C:\Windows\System\teeiFMi.exe
  C:\Windows\System\teeiFMi.exe
  2⤵
  PID:5272
- C:\Windows\System\vZzRiap.exe
  C:\Windows\System\vZzRiap.exe
  2⤵
  PID:5292
- C:\Windows\System\MmfiKFp.exe
  C:\Windows\System\MmfiKFp.exe
  2⤵
  PID:5312
- C:\Windows\System\tlvJmXh.exe
  C:\Windows\System\tlvJmXh.exe
  2⤵
  PID:5332
- C:\Windows\System\kDldUdm.exe
  C:\Windows\System\kDldUdm.exe
  2⤵
  PID:5352
- C:\Windows\System\RydtPzB.exe
  C:\Windows\System\RydtPzB.exe
  2⤵
  PID:5372
- C:\Windows\System\QeSTjJl.exe
  C:\Windows\System\QeSTjJl.exe
  2⤵
  PID:5392
- C:\Windows\System\wcoczWb.exe
  C:\Windows\System\wcoczWb.exe
  2⤵
  PID:5412
- C:\Windows\System\OuJXaCx.exe
  C:\Windows\System\OuJXaCx.exe
  2⤵
  PID:5432
- C:\Windows\System\IGLQQnW.exe
  C:\Windows\System\IGLQQnW.exe
  2⤵
  PID:5452
- C:\Windows\System\rbdkVTl.exe
  C:\Windows\System\rbdkVTl.exe
  2⤵
  PID:5472
- C:\Windows\System\qptKymJ.exe
  C:\Windows\System\qptKymJ.exe
  2⤵
  PID:5492
- C:\Windows\System\FdGlnFN.exe
  C:\Windows\System\FdGlnFN.exe
  2⤵
  PID:5512
- C:\Windows\System\TOchxbH.exe
  C:\Windows\System\TOchxbH.exe
  2⤵
  PID:5536
- C:\Windows\System\gXLQZbY.exe
  C:\Windows\System\gXLQZbY.exe
  2⤵
  PID:5556
- C:\Windows\System\KXfYCvp.exe
  C:\Windows\System\KXfYCvp.exe
  2⤵
  PID:5576
- C:\Windows\System\mBGZaQA.exe
  C:\Windows\System\mBGZaQA.exe
  2⤵
  PID:5596
- C:\Windows\System\fGQtSxN.exe
  C:\Windows\System\fGQtSxN.exe
  2⤵
  PID:5612
- C:\Windows\System\UDJchjF.exe
  C:\Windows\System\UDJchjF.exe
  2⤵
  PID:5636
- C:\Windows\System\eIRVtfp.exe
  C:\Windows\System\eIRVtfp.exe
  2⤵
  PID:5656
- C:\Windows\System\ICxWsTJ.exe
  C:\Windows\System\ICxWsTJ.exe
  2⤵
  PID:5676
- C:\Windows\System\bZZxkkQ.exe
  C:\Windows\System\bZZxkkQ.exe
  2⤵
  PID:5692
- C:\Windows\System\hrRWyiV.exe
  C:\Windows\System\hrRWyiV.exe
  2⤵
  PID:5708
- C:\Windows\System\kvNYNjZ.exe
  C:\Windows\System\kvNYNjZ.exe
  2⤵
  PID:5732
- C:\Windows\System\kkprXJk.exe
  C:\Windows\System\kkprXJk.exe
  2⤵
  PID:5756
- C:\Windows\System\YrjYMjr.exe
  C:\Windows\System\YrjYMjr.exe
  2⤵
  PID:5772
- C:\Windows\System\HOMkYJV.exe
  C:\Windows\System\HOMkYJV.exe
  2⤵
  PID:5796
- C:\Windows\System\cKvGvgY.exe
  C:\Windows\System\cKvGvgY.exe
  2⤵
  PID:5816
- C:\Windows\System\yXpgsOB.exe
  C:\Windows\System\yXpgsOB.exe
  2⤵
  PID:5836
- C:\Windows\System\NchyAqR.exe
  C:\Windows\System\NchyAqR.exe
  2⤵
  PID:5856
- C:\Windows\System\kHzpLLd.exe
  C:\Windows\System\kHzpLLd.exe
  2⤵
  PID:5876
- C:\Windows\System\EtFPcAW.exe
  C:\Windows\System\EtFPcAW.exe
  2⤵
  PID:5896
- C:\Windows\System\NQgtxlp.exe
  C:\Windows\System\NQgtxlp.exe
  2⤵
  PID:5916
- C:\Windows\System\hrCaOwx.exe
  C:\Windows\System\hrCaOwx.exe
  2⤵
  PID:5932
- C:\Windows\System\VRAThDj.exe
  C:\Windows\System\VRAThDj.exe
  2⤵
  PID:5956
- C:\Windows\System\pZbbVRd.exe
  C:\Windows\System\pZbbVRd.exe
  2⤵
  PID:5976
- C:\Windows\System\EyNrsgT.exe
  C:\Windows\System\EyNrsgT.exe
  2⤵
  PID:5996
- C:\Windows\System\IIMXMJG.exe
  C:\Windows\System\IIMXMJG.exe
  2⤵
  PID:6016
- C:\Windows\System\VsxXSHb.exe
  C:\Windows\System\VsxXSHb.exe
  2⤵
  PID:6036
- C:\Windows\System\bWuUQyU.exe
  C:\Windows\System\bWuUQyU.exe
  2⤵
  PID:6052
- C:\Windows\System\NJdVrQc.exe
  C:\Windows\System\NJdVrQc.exe
  2⤵
  PID:6076
- C:\Windows\System\tWExutw.exe
  C:\Windows\System\tWExutw.exe
  2⤵
  PID:6096
- C:\Windows\System\yUvauCC.exe
  C:\Windows\System\yUvauCC.exe
  2⤵
  PID:6116
- C:\Windows\System\eSBHAQz.exe
  C:\Windows\System\eSBHAQz.exe
  2⤵
  PID:4608
- C:\Windows\System\RJrikvc.exe
  C:\Windows\System\RJrikvc.exe
  2⤵
  PID:4784
- C:\Windows\System\bTqWfIi.exe
  C:\Windows\System\bTqWfIi.exe
  2⤵
  PID:4884
- C:\Windows\System\XkfbisE.exe
  C:\Windows\System\XkfbisE.exe
  2⤵
  PID:4792
- C:\Windows\System\AltEFID.exe
  C:\Windows\System\AltEFID.exe
  2⤵
  PID:4988
- C:\Windows\System\WVAOtiU.exe
  C:\Windows\System\WVAOtiU.exe
  2⤵
  PID:5032
- C:\Windows\System\tvjGhwa.exe
  C:\Windows\System\tvjGhwa.exe
  2⤵
  PID:3296
- C:\Windows\System\iMCCYSM.exe
  C:\Windows\System\iMCCYSM.exe
  2⤵
  PID:2572
- C:\Windows\System\MOjQiBX.exe
  C:\Windows\System\MOjQiBX.exe
  2⤵
  PID:4420
- C:\Windows\System\UXTzYiV.exe
  C:\Windows\System\UXTzYiV.exe
  2⤵
  PID:4468
- C:\Windows\System\vIIWwan.exe
  C:\Windows\System\vIIWwan.exe
  2⤵
  PID:4392
- C:\Windows\System\GlhaMCe.exe
  C:\Windows\System\GlhaMCe.exe
  2⤵
  PID:5128
- C:\Windows\System\tWJSuxa.exe
  C:\Windows\System\tWJSuxa.exe
  2⤵
  PID:5180
- C:\Windows\System\BVmSRcm.exe
  C:\Windows\System\BVmSRcm.exe
  2⤵
  PID:5228
- C:\Windows\System\xFIDYEH.exe
  C:\Windows\System\xFIDYEH.exe
  2⤵
  PID:5260
- C:\Windows\System\ecOmGAE.exe
  C:\Windows\System\ecOmGAE.exe
  2⤵
  PID:5248
- C:\Windows\System\mHYupJA.exe
  C:\Windows\System\mHYupJA.exe
  2⤵
  PID:5304
- C:\Windows\System\yjWlMiy.exe
  C:\Windows\System\yjWlMiy.exe
  2⤵
  PID:5328
- C:\Windows\System\kKBDVXw.exe
  C:\Windows\System\kKBDVXw.exe
  2⤵
  PID:5428
- C:\Windows\System\eEQJNKH.exe
  C:\Windows\System\eEQJNKH.exe
  2⤵
  PID:5404
- C:\Windows\System\pvzQlTJ.exe
  C:\Windows\System\pvzQlTJ.exe
  2⤵
  PID:5448
- C:\Windows\System\NVMjPDJ.exe
  C:\Windows\System\NVMjPDJ.exe
  2⤵
  PID:5504
- C:\Windows\System\AwaLwBc.exe
  C:\Windows\System\AwaLwBc.exe
  2⤵
  PID:5520
- C:\Windows\System\FpJAYBH.exe
  C:\Windows\System\FpJAYBH.exe
  2⤵
  PID:5588
- C:\Windows\System\JwtWTrU.exe
  C:\Windows\System\JwtWTrU.exe
  2⤵
  PID:5624
- C:\Windows\System\HlMSQbp.exe
  C:\Windows\System\HlMSQbp.exe
  2⤵
  PID:5664
- C:\Windows\System\eYnFFZf.exe
  C:\Windows\System\eYnFFZf.exe
  2⤵
  PID:5668
- C:\Windows\System\kHgoRhY.exe
  C:\Windows\System\kHgoRhY.exe
  2⤵
  PID:5740
- C:\Windows\System\hIEysCn.exe
  C:\Windows\System\hIEysCn.exe
  2⤵
  PID:5720
- C:\Windows\System\vUKkVWk.exe
  C:\Windows\System\vUKkVWk.exe
  2⤵
  PID:5792
- C:\Windows\System\GumSSWm.exe
  C:\Windows\System\GumSSWm.exe
  2⤵
  PID:5824
- C:\Windows\System\mQDkxGj.exe
  C:\Windows\System\mQDkxGj.exe
  2⤵
  PID:5864
- C:\Windows\System\IuathhA.exe
  C:\Windows\System\IuathhA.exe
  2⤵
  PID:5904
- C:\Windows\System\IrFznni.exe
  C:\Windows\System\IrFznni.exe
  2⤵
  PID:5908
- C:\Windows\System\mkxsjDe.exe
  C:\Windows\System\mkxsjDe.exe
  2⤵
  PID:5984
- C:\Windows\System\ALgtvDc.exe
  C:\Windows\System\ALgtvDc.exe
  2⤵
  PID:5972
- C:\Windows\System\vGqsvYy.exe
  C:\Windows\System\vGqsvYy.exe
  2⤵
  PID:6028
- C:\Windows\System\kTeXZjH.exe
  C:\Windows\System\kTeXZjH.exe
  2⤵
  PID:6064
- C:\Windows\System\wQpPvUh.exe
  C:\Windows\System\wQpPvUh.exe
  2⤵
  PID:6044
- C:\Windows\System\QSRGpjD.exe
  C:\Windows\System\QSRGpjD.exe
  2⤵
  PID:6132
- C:\Windows\System\MCvaaJO.exe
  C:\Windows\System\MCvaaJO.exe
  2⤵
  PID:4868
- C:\Windows\System\aixXpXw.exe
  C:\Windows\System\aixXpXw.exe
  2⤵
  PID:4692
- C:\Windows\System\koGaTrP.exe
  C:\Windows\System\koGaTrP.exe
  2⤵
  PID:4848
- C:\Windows\System\XabxEsj.exe
  C:\Windows\System\XabxEsj.exe
  2⤵
  PID:1908
- C:\Windows\System\JXnrhev.exe
  C:\Windows\System\JXnrhev.exe
  2⤵
  PID:4544
- C:\Windows\System\LdqESIK.exe
  C:\Windows\System\LdqESIK.exe
  2⤵
  PID:4300
- C:\Windows\System\wkZECbF.exe
  C:\Windows\System\wkZECbF.exe
  2⤵
  PID:5164
- C:\Windows\System\aDsGCxk.exe
  C:\Windows\System\aDsGCxk.exe
  2⤵
  PID:5308
- C:\Windows\System\DIjEJaB.exe
  C:\Windows\System\DIjEJaB.exe
  2⤵
  PID:5368
- C:\Windows\System\gzgLNtR.exe
  C:\Windows\System\gzgLNtR.exe
  2⤵
  PID:5344
- C:\Windows\System\JTNUmgd.exe
  C:\Windows\System\JTNUmgd.exe
  2⤵
  PID:5444
- C:\Windows\System\AMehLhd.exe
  C:\Windows\System\AMehLhd.exe
  2⤵
  PID:5500
- C:\Windows\System\BiaLTIL.exe
  C:\Windows\System\BiaLTIL.exe
  2⤵
  PID:5484
- C:\Windows\System\sUXXgaK.exe
  C:\Windows\System\sUXXgaK.exe
  2⤵
  PID:5592
- C:\Windows\System\dDwnwJY.exe
  C:\Windows\System\dDwnwJY.exe
  2⤵
  PID:5652
- C:\Windows\System\GtGNcVK.exe
  C:\Windows\System\GtGNcVK.exe
  2⤵
  PID:5688
- C:\Windows\System\jLjWxsL.exe
  C:\Windows\System\jLjWxsL.exe
  2⤵
  PID:5780
- C:\Windows\System\zuxJOtU.exe
  C:\Windows\System\zuxJOtU.exe
  2⤵
  PID:5828
- C:\Windows\System\TRIUAIU.exe
  C:\Windows\System\TRIUAIU.exe
  2⤵
  PID:5948
- C:\Windows\System\MbuWLcu.exe
  C:\Windows\System\MbuWLcu.exe
  2⤵
  PID:6032
- C:\Windows\System\bHmykbR.exe
  C:\Windows\System\bHmykbR.exe
  2⤵
  PID:5928
- C:\Windows\System\oepscQv.exe
  C:\Windows\System\oepscQv.exe
  2⤵
  PID:6008
- C:\Windows\System\UNbsaXa.exe
  C:\Windows\System\UNbsaXa.exe
  2⤵
  PID:6112
- C:\Windows\System\GAzgshI.exe
  C:\Windows\System\GAzgshI.exe
  2⤵
  PID:5028
- C:\Windows\System\UJKebBb.exe
  C:\Windows\System\UJKebBb.exe
  2⤵
  PID:3976
- C:\Windows\System\TQpWAZc.exe
  C:\Windows\System\TQpWAZc.exe
  2⤵
  PID:4220
- C:\Windows\System\KlfhmCW.exe
  C:\Windows\System\KlfhmCW.exe
  2⤵
  PID:5144
- C:\Windows\System\MqitZXn.exe
  C:\Windows\System\MqitZXn.exe
  2⤵
  PID:5200
- C:\Windows\System\uDSRPEn.exe
  C:\Windows\System\uDSRPEn.exe
  2⤵
  PID:5400
- C:\Windows\System\kBEspLQ.exe
  C:\Windows\System\kBEspLQ.exe
  2⤵
  PID:5568
- C:\Windows\System\NBrTyoj.exe
  C:\Windows\System\NBrTyoj.exe
  2⤵
  PID:6152
- C:\Windows\System\pcRRwMf.exe
  C:\Windows\System\pcRRwMf.exe
  2⤵
  PID:6172
- C:\Windows\System\DQWHiEH.exe
  C:\Windows\System\DQWHiEH.exe
  2⤵
  PID:6192
- C:\Windows\System\HdwtDVK.exe
  C:\Windows\System\HdwtDVK.exe
  2⤵
  PID:6212
- C:\Windows\System\uaSVKax.exe
  C:\Windows\System\uaSVKax.exe
  2⤵
  PID:6228
- C:\Windows\System\TdqAOlk.exe
  C:\Windows\System\TdqAOlk.exe
  2⤵
  PID:6248
- C:\Windows\System\ZKXYmeg.exe
  C:\Windows\System\ZKXYmeg.exe
  2⤵
  PID:6268
- C:\Windows\System\ppRBrjr.exe
  C:\Windows\System\ppRBrjr.exe
  2⤵
  PID:6292
- C:\Windows\System\BAnjsDX.exe
  C:\Windows\System\BAnjsDX.exe
  2⤵
  PID:6308
- C:\Windows\System\itgZSoG.exe
  C:\Windows\System\itgZSoG.exe
  2⤵
  PID:6328
- C:\Windows\System\UvwMzMa.exe
  C:\Windows\System\UvwMzMa.exe
  2⤵
  PID:6344
- C:\Windows\System\LbFXhOJ.exe
  C:\Windows\System\LbFXhOJ.exe
  2⤵
  PID:6368
- C:\Windows\System\IeJpHTl.exe
  C:\Windows\System\IeJpHTl.exe
  2⤵
  PID:6388
- C:\Windows\System\WrIWHwN.exe
  C:\Windows\System\WrIWHwN.exe
  2⤵
  PID:6412
- C:\Windows\System\yiJcFWs.exe
  C:\Windows\System\yiJcFWs.exe
  2⤵
  PID:6432
- C:\Windows\System\nHzpumm.exe
  C:\Windows\System\nHzpumm.exe
  2⤵
  PID:6452
- C:\Windows\System\monLiLc.exe
  C:\Windows\System\monLiLc.exe
  2⤵
  PID:6472
- C:\Windows\System\BfkWvwL.exe
  C:\Windows\System\BfkWvwL.exe
  2⤵
  PID:6492
- C:\Windows\System\vCXvFCh.exe
  C:\Windows\System\vCXvFCh.exe
  2⤵
  PID:6512
- C:\Windows\System\zjlJPLY.exe
  C:\Windows\System\zjlJPLY.exe
  2⤵
  PID:6532
- C:\Windows\System\jNqworo.exe
  C:\Windows\System\jNqworo.exe
  2⤵
  PID:6552
- C:\Windows\System\tioWeUz.exe
  C:\Windows\System\tioWeUz.exe
  2⤵
  PID:6572
- C:\Windows\System\OFGGIRk.exe
  C:\Windows\System\OFGGIRk.exe
  2⤵
  PID:6592
- C:\Windows\System\TQAhNDV.exe
  C:\Windows\System\TQAhNDV.exe
  2⤵
  PID:6612
- C:\Windows\System\RPnykrv.exe
  C:\Windows\System\RPnykrv.exe
  2⤵
  PID:6632
- C:\Windows\System\djxMpVY.exe
  C:\Windows\System\djxMpVY.exe
  2⤵
  PID:6652
- C:\Windows\System\havEphR.exe
  C:\Windows\System\havEphR.exe
  2⤵
  PID:6672
- C:\Windows\System\BTulWSq.exe
  C:\Windows\System\BTulWSq.exe
  2⤵
  PID:6692
- C:\Windows\System\pjmXmTy.exe
  C:\Windows\System\pjmXmTy.exe
  2⤵
  PID:6712
- C:\Windows\System\CrMvwpN.exe
  C:\Windows\System\CrMvwpN.exe
  2⤵
  PID:6732
- C:\Windows\System\pCMeDEc.exe
  C:\Windows\System\pCMeDEc.exe
  2⤵
  PID:6752
- C:\Windows\System\mZtByKI.exe
  C:\Windows\System\mZtByKI.exe
  2⤵
  PID:6772
- C:\Windows\System\fTZkMxS.exe
  C:\Windows\System\fTZkMxS.exe
  2⤵
  PID:6792
- C:\Windows\System\azANZWb.exe
  C:\Windows\System\azANZWb.exe
  2⤵
  PID:6812
- C:\Windows\System\MHZflMS.exe
  C:\Windows\System\MHZflMS.exe
  2⤵
  PID:6832
- C:\Windows\System\JOIBiJz.exe
  C:\Windows\System\JOIBiJz.exe
  2⤵
  PID:6852
- C:\Windows\System\QBCXQTI.exe
  C:\Windows\System\QBCXQTI.exe
  2⤵
  PID:6876
- C:\Windows\System\qazaCsS.exe
  C:\Windows\System\qazaCsS.exe
  2⤵
  PID:6896
- C:\Windows\System\rzMswtN.exe
  C:\Windows\System\rzMswtN.exe
  2⤵
  PID:6916
- C:\Windows\System\hwclzcq.exe
  C:\Windows\System\hwclzcq.exe
  2⤵
  PID:6936
- C:\Windows\System\QdmRYcc.exe
  C:\Windows\System\QdmRYcc.exe
  2⤵
  PID:6956
- C:\Windows\System\wTEgJdC.exe
  C:\Windows\System\wTEgJdC.exe
  2⤵
  PID:6976
- C:\Windows\System\tKMikEQ.exe
  C:\Windows\System\tKMikEQ.exe
  2⤵
  PID:6996
- C:\Windows\System\nrBgprI.exe
  C:\Windows\System\nrBgprI.exe
  2⤵
  PID:7016
- C:\Windows\System\wkCugmr.exe
  C:\Windows\System\wkCugmr.exe
  2⤵
  PID:7032
- C:\Windows\System\pCwXKae.exe
  C:\Windows\System\pCwXKae.exe
  2⤵
  PID:7052
- C:\Windows\System\SoJAoel.exe
  C:\Windows\System\SoJAoel.exe
  2⤵
  PID:7068
- C:\Windows\System\mPKAssY.exe
  C:\Windows\System\mPKAssY.exe
  2⤵
  PID:7088
- C:\Windows\System\STAGFUs.exe
  C:\Windows\System\STAGFUs.exe
  2⤵
  PID:7104
- C:\Windows\System\hwtazvT.exe
  C:\Windows\System\hwtazvT.exe
  2⤵
  PID:7128
- C:\Windows\System\fJDgelP.exe
  C:\Windows\System\fJDgelP.exe
  2⤵
  PID:7148
- C:\Windows\System\PHjlTgt.exe
  C:\Windows\System\PHjlTgt.exe
  2⤵
  PID:5644
- C:\Windows\System\CJsVJLf.exe
  C:\Windows\System\CJsVJLf.exe
  2⤵
  PID:5784
- C:\Windows\System\DyNPgwN.exe
  C:\Windows\System\DyNPgwN.exe
  2⤵
  PID:5852
- C:\Windows\System\jQndIXx.exe
  C:\Windows\System\jQndIXx.exe
  2⤵
  PID:5952
- C:\Windows\System\yCMTzBf.exe
  C:\Windows\System\yCMTzBf.exe
  2⤵
  PID:4712
- C:\Windows\System\PZiEhHV.exe
  C:\Windows\System\PZiEhHV.exe
  2⤵
  PID:4400
- C:\Windows\System\uWjJkFU.exe
  C:\Windows\System\uWjJkFU.exe
  2⤵
  PID:4200
- C:\Windows\System\UyYpDzu.exe
  C:\Windows\System\UyYpDzu.exe
  2⤵
  PID:5220
- C:\Windows\System\ukhwTqE.exe
  C:\Windows\System\ukhwTqE.exe
  2⤵
  PID:5364
- C:\Windows\System\bOkAOMn.exe
  C:\Windows\System\bOkAOMn.exe
  2⤵
  PID:6164
- C:\Windows\System\bsPIwpZ.exe
  C:\Windows\System\bsPIwpZ.exe
  2⤵
  PID:6208
- C:\Windows\System\ldIDpje.exe
  C:\Windows\System\ldIDpje.exe
  2⤵
  PID:5548
- C:\Windows\System\tvrKHNy.exe
  C:\Windows\System\tvrKHNy.exe
  2⤵
  PID:6240
- C:\Windows\System\KFmiCHP.exe
  C:\Windows\System\KFmiCHP.exe
  2⤵
  PID:6288
- C:\Windows\System\oShLxiA.exe
  C:\Windows\System\oShLxiA.exe
  2⤵
  PID:6256
- C:\Windows\System\KAeGrPy.exe
  C:\Windows\System\KAeGrPy.exe
  2⤵
  PID:6356
- C:\Windows\System\qosoOLz.exe
  C:\Windows\System\qosoOLz.exe
  2⤵
  PID:6340
- C:\Windows\System\QmtMGad.exe
  C:\Windows\System\QmtMGad.exe
  2⤵
  PID:6380
- C:\Windows\System\lRyfUfj.exe
  C:\Windows\System\lRyfUfj.exe
  2⤵
  PID:6448
- C:\Windows\System\xiyXceq.exe
  C:\Windows\System\xiyXceq.exe
  2⤵
  PID:6468
- C:\Windows\System\dsBASXy.exe
  C:\Windows\System\dsBASXy.exe
  2⤵
  PID:6500
- C:\Windows\System\GbZZwAQ.exe
  C:\Windows\System\GbZZwAQ.exe
  2⤵
  PID:6524
- C:\Windows\System\qoOBTBr.exe
  C:\Windows\System\qoOBTBr.exe
  2⤵
  PID:6544
- C:\Windows\System\hRdinwm.exe
  C:\Windows\System\hRdinwm.exe
  2⤵
  PID:6588
- C:\Windows\System\IotjBop.exe
  C:\Windows\System\IotjBop.exe
  2⤵
  PID:6648
- C:\Windows\System\uZOvSMM.exe
  C:\Windows\System\uZOvSMM.exe
  2⤵
  PID:6680
- C:\Windows\System\YQakTgg.exe
  C:\Windows\System\YQakTgg.exe
  2⤵
  PID:6724
- C:\Windows\System\seBmYMo.exe
  C:\Windows\System\seBmYMo.exe
  2⤵
  PID:6664
- C:\Windows\System\lfSeDKG.exe
  C:\Windows\System\lfSeDKG.exe
  2⤵
  PID:6704
- C:\Windows\System\NAusvzv.exe
  C:\Windows\System\NAusvzv.exe
  2⤵
  PID:6848
- C:\Windows\System\ADPLINK.exe
  C:\Windows\System\ADPLINK.exe
  2⤵
  PID:6820
- C:\Windows\System\hbNfMvI.exe
  C:\Windows\System\hbNfMvI.exe
  2⤵
  PID:6888
- C:\Windows\System\wOEdZSv.exe
  C:\Windows\System\wOEdZSv.exe
  2⤵
  PID:6972
- C:\Windows\System\HUcrDTq.exe
  C:\Windows\System\HUcrDTq.exe
  2⤵
  PID:6864
- C:\Windows\System\bpuOKRO.exe
  C:\Windows\System\bpuOKRO.exe
  2⤵
  PID:6908
- C:\Windows\System\VrTQvKB.exe
  C:\Windows\System\VrTQvKB.exe
  2⤵
  PID:6984
- C:\Windows\System\PIyOWIV.exe
  C:\Windows\System\PIyOWIV.exe
  2⤵
  PID:7044
- C:\Windows\System\uRafVng.exe
  C:\Windows\System\uRafVng.exe
  2⤵
  PID:7124
- C:\Windows\System\WVvPTlf.exe
  C:\Windows\System\WVvPTlf.exe
  2⤵
  PID:7024
- C:\Windows\System\NEIbldx.exe
  C:\Windows\System\NEIbldx.exe
  2⤵
  PID:7096
- C:\Windows\System\ffJGxxv.exe
  C:\Windows\System\ffJGxxv.exe
  2⤵
  PID:5716
- C:\Windows\System\qiYWrvx.exe
  C:\Windows\System\qiYWrvx.exe
  2⤵
  PID:5768
- C:\Windows\System\VDWjoiR.exe
  C:\Windows\System\VDWjoiR.exe
  2⤵
  PID:5988
- C:\Windows\System\ReARxCF.exe
  C:\Windows\System\ReARxCF.exe
  2⤵
  PID:5924
- C:\Windows\System\WgJTUGn.exe
  C:\Windows\System\WgJTUGn.exe
  2⤵
  PID:5204
- C:\Windows\System\qPuRXpq.exe
  C:\Windows\System\qPuRXpq.exe
  2⤵
  PID:2272
- C:\Windows\System\AfIbjbp.exe
  C:\Windows\System\AfIbjbp.exe
  2⤵
  PID:6168
- C:\Windows\System\kufvYgD.exe
  C:\Windows\System\kufvYgD.exe
  2⤵
  PID:6188
- C:\Windows\System\dPkNqfW.exe
  C:\Windows\System\dPkNqfW.exe
  2⤵
  PID:6148
- C:\Windows\System\whTAiff.exe
  C:\Windows\System\whTAiff.exe
  2⤵
  PID:6320
- C:\Windows\System\OimQznc.exe
  C:\Windows\System\OimQznc.exe
  2⤵
  PID:6376
- C:\Windows\System\jbzeGiP.exe
  C:\Windows\System\jbzeGiP.exe
  2⤵
  PID:6464
- C:\Windows\System\aSxuQJI.exe
  C:\Windows\System\aSxuQJI.exe
  2⤵
  PID:6400
- C:\Windows\System\yXoPAxH.exe
  C:\Windows\System\yXoPAxH.exe
  2⤵
  PID:6560
- C:\Windows\System\pWYhdLR.exe
  C:\Windows\System\pWYhdLR.exe
  2⤵
  PID:6504
- C:\Windows\System\pGYvsSV.exe
  C:\Windows\System\pGYvsSV.exe
  2⤵
  PID:6720
- C:\Windows\System\fJlrQeE.exe
  C:\Windows\System\fJlrQeE.exe
  2⤵
  PID:6700
- C:\Windows\System\KoOEgdz.exe
  C:\Windows\System\KoOEgdz.exe
  2⤵
  PID:6644
- C:\Windows\System\DVveLSq.exe
  C:\Windows\System\DVveLSq.exe
  2⤵
  PID:6788
- C:\Windows\System\diayNTO.exe
  C:\Windows\System\diayNTO.exe
  2⤵
  PID:6964
- C:\Windows\System\wIElBKN.exe
  C:\Windows\System\wIElBKN.exe
  2⤵
  PID:7012
- C:\Windows\System\UIKSSpn.exe
  C:\Windows\System\UIKSSpn.exe
  2⤵
  PID:6892
- C:\Windows\System\IRobIVb.exe
  C:\Windows\System\IRobIVb.exe
  2⤵
  PID:6952
- C:\Windows\System\mpLzERl.exe
  C:\Windows\System\mpLzERl.exe
  2⤵
  PID:7112
- C:\Windows\System\poTyimC.exe
  C:\Windows\System\poTyimC.exe
  2⤵
  PID:6104
- C:\Windows\System\fAZuvqh.exe
  C:\Windows\System\fAZuvqh.exe
  2⤵
  PID:7100
- C:\Windows\System\wtGaIft.exe
  C:\Windows\System\wtGaIft.exe
  2⤵
  PID:5912
- C:\Windows\System\lWWlLmC.exe
  C:\Windows\System\lWWlLmC.exe
  2⤵
  PID:4560
- C:\Windows\System\rVwmjzi.exe
  C:\Windows\System\rVwmjzi.exe
  2⤵
  PID:2280
- C:\Windows\System\sBiywek.exe
  C:\Windows\System\sBiywek.exe
  2⤵
  PID:6316
- C:\Windows\System\pDfiEyq.exe
  C:\Windows\System\pDfiEyq.exe
  2⤵
  PID:6324
- C:\Windows\System\YdxUQif.exe
  C:\Windows\System\YdxUQif.exe
  2⤵
  PID:6404
- C:\Windows\System\KQHbUaB.exe
  C:\Windows\System\KQHbUaB.exe
  2⤵
  PID:6420
- C:\Windows\System\kuluHPD.exe
  C:\Windows\System\kuluHPD.exe
  2⤵
  PID:6528
- C:\Windows\System\qjOMhhw.exe
  C:\Windows\System\qjOMhhw.exe
  2⤵
  PID:6640
- C:\Windows\System\ZblvxVS.exe
  C:\Windows\System\ZblvxVS.exe
  2⤵
  PID:6804
- C:\Windows\System\VAbAVLi.exe
  C:\Windows\System\VAbAVLi.exe
  2⤵
  PID:6660
- C:\Windows\System\YNaaJMs.exe
  C:\Windows\System\YNaaJMs.exe
  2⤵
  PID:6744
- C:\Windows\System\BkBwrJb.exe
  C:\Windows\System\BkBwrJb.exe
  2⤵
  PID:7040
- C:\Windows\System\vzXQJvO.exe
  C:\Windows\System\vzXQJvO.exe
  2⤵
  PID:5812
- C:\Windows\System\HvOozUN.exe
  C:\Windows\System\HvOozUN.exe
  2⤵
  PID:5872
- C:\Windows\System\pajvqjj.exe
  C:\Windows\System\pajvqjj.exe
  2⤵
  PID:5300
- C:\Windows\System\ItXMUjR.exe
  C:\Windows\System\ItXMUjR.exe
  2⤵
  PID:7188
- C:\Windows\System\DbkwJUY.exe
  C:\Windows\System\DbkwJUY.exe
  2⤵
  PID:7208
- C:\Windows\System\gBFuKAH.exe
  C:\Windows\System\gBFuKAH.exe
  2⤵
  PID:7228
- C:\Windows\System\kIJcOQJ.exe
  C:\Windows\System\kIJcOQJ.exe
  2⤵
  PID:7248
- C:\Windows\System\gxkEafh.exe
  C:\Windows\System\gxkEafh.exe
  2⤵
  PID:7268
- C:\Windows\System\RbNjPBw.exe
  C:\Windows\System\RbNjPBw.exe
  2⤵
  PID:7288
- C:\Windows\System\nGkhbdR.exe
  C:\Windows\System\nGkhbdR.exe
  2⤵
  PID:7308
- C:\Windows\System\QGWsnRh.exe
  C:\Windows\System\QGWsnRh.exe
  2⤵
  PID:7328
- C:\Windows\System\LVLIbTW.exe
  C:\Windows\System\LVLIbTW.exe
  2⤵
  PID:7348
- C:\Windows\System\oDshKsY.exe
  C:\Windows\System\oDshKsY.exe
  2⤵
  PID:7368
- C:\Windows\System\qGFupPE.exe
  C:\Windows\System\qGFupPE.exe
  2⤵
  PID:7388
- C:\Windows\System\CKDHrCL.exe
  C:\Windows\System\CKDHrCL.exe
  2⤵
  PID:7408
- C:\Windows\System\ueCbdVj.exe
  C:\Windows\System\ueCbdVj.exe
  2⤵
  PID:7432
- C:\Windows\System\mnfDVUl.exe
  C:\Windows\System\mnfDVUl.exe
  2⤵
  PID:7448
- C:\Windows\System\mRNvrPP.exe
  C:\Windows\System\mRNvrPP.exe
  2⤵
  PID:7472
- C:\Windows\System\iCfiIyP.exe
  C:\Windows\System\iCfiIyP.exe
  2⤵
  PID:7492
- C:\Windows\System\WxKPZBx.exe
  C:\Windows\System\WxKPZBx.exe
  2⤵
  PID:7512
- C:\Windows\System\apBQKOW.exe
  C:\Windows\System\apBQKOW.exe
  2⤵
  PID:7532
- C:\Windows\System\xKDGhGS.exe
  C:\Windows\System\xKDGhGS.exe
  2⤵
  PID:7552
- C:\Windows\System\DkEuhal.exe
  C:\Windows\System\DkEuhal.exe
  2⤵
  PID:7572
- C:\Windows\System\WBRSKit.exe
  C:\Windows\System\WBRSKit.exe
  2⤵
  PID:7592
- C:\Windows\System\IBGBzuH.exe
  C:\Windows\System\IBGBzuH.exe
  2⤵
  PID:7612
- C:\Windows\System\usGYCdw.exe
  C:\Windows\System\usGYCdw.exe
  2⤵
  PID:7632
- C:\Windows\System\afFYpgK.exe
  C:\Windows\System\afFYpgK.exe
  2⤵
  PID:7652
- C:\Windows\System\BcSIoeu.exe
  C:\Windows\System\BcSIoeu.exe
  2⤵
  PID:7672
- C:\Windows\System\tjdKnrf.exe
  C:\Windows\System\tjdKnrf.exe
  2⤵
  PID:7692
- C:\Windows\System\GLFlnzQ.exe
  C:\Windows\System\GLFlnzQ.exe
  2⤵
  PID:7712
- C:\Windows\System\fDigCEL.exe
  C:\Windows\System\fDigCEL.exe
  2⤵
  PID:7732
- C:\Windows\System\tRcwmoB.exe
  C:\Windows\System\tRcwmoB.exe
  2⤵
  PID:7748
- C:\Windows\System\fxBjNcj.exe
  C:\Windows\System\fxBjNcj.exe
  2⤵
  PID:7768
- C:\Windows\System\zJnKNTi.exe
  C:\Windows\System\zJnKNTi.exe
  2⤵
  PID:7792
- C:\Windows\System\ugzxxkN.exe
  C:\Windows\System\ugzxxkN.exe
  2⤵
  PID:7812
- C:\Windows\System\YPWUnxu.exe
  C:\Windows\System\YPWUnxu.exe
  2⤵
  PID:7832
- C:\Windows\System\vpXanZh.exe
  C:\Windows\System\vpXanZh.exe
  2⤵
  PID:7852
- C:\Windows\System\KbzyTuw.exe
  C:\Windows\System\KbzyTuw.exe
  2⤵
  PID:7872
- C:\Windows\System\YBhDkwO.exe
  C:\Windows\System\YBhDkwO.exe
  2⤵
  PID:7892
- C:\Windows\System\FjUxiFD.exe
  C:\Windows\System\FjUxiFD.exe
  2⤵
  PID:7912
- C:\Windows\System\VNAQNBI.exe
  C:\Windows\System\VNAQNBI.exe
  2⤵
  PID:7932
- C:\Windows\System\YTjIOZv.exe
  C:\Windows\System\YTjIOZv.exe
  2⤵
  PID:7952
- C:\Windows\System\czahZwB.exe
  C:\Windows\System\czahZwB.exe
  2⤵
  PID:7972
- C:\Windows\System\SkZrZsr.exe
  C:\Windows\System\SkZrZsr.exe
  2⤵
  PID:7992
- C:\Windows\System\pRmjYHQ.exe
  C:\Windows\System\pRmjYHQ.exe
  2⤵
  PID:8012
- C:\Windows\System\EZYVLRT.exe
  C:\Windows\System\EZYVLRT.exe
  2⤵
  PID:8032
- C:\Windows\System\rpWjpSL.exe
  C:\Windows\System\rpWjpSL.exe
  2⤵
  PID:8052
- C:\Windows\System\qRvcSdR.exe
  C:\Windows\System\qRvcSdR.exe
  2⤵
  PID:8072
- C:\Windows\System\JMnsvHZ.exe
  C:\Windows\System\JMnsvHZ.exe
  2⤵
  PID:8092
- C:\Windows\System\LOZhZzA.exe
  C:\Windows\System\LOZhZzA.exe
  2⤵
  PID:8112
- C:\Windows\System\TBOGjDV.exe
  C:\Windows\System\TBOGjDV.exe
  2⤵
  PID:8128
- C:\Windows\System\aZJOqck.exe
  C:\Windows\System\aZJOqck.exe
  2⤵
  PID:8152
- C:\Windows\System\soHvYnb.exe
  C:\Windows\System\soHvYnb.exe
  2⤵
  PID:8168
- C:\Windows\System\PSIMAtr.exe
  C:\Windows\System\PSIMAtr.exe
  2⤵
  PID:8188
- C:\Windows\System\GSQedYj.exe
  C:\Windows\System\GSQedYj.exe
  2⤵
  PID:5964
- C:\Windows\System\GnYvlrL.exe
  C:\Windows\System\GnYvlrL.exe
  2⤵
  PID:6408
- C:\Windows\System\Cgbqmpd.exe
  C:\Windows\System\Cgbqmpd.exe
  2⤵
  PID:6276
- C:\Windows\System\AJTgKcS.exe
  C:\Windows\System\AJTgKcS.exe
  2⤵
  PID:6600
- C:\Windows\System\skbspDJ.exe
  C:\Windows\System\skbspDJ.exe
  2⤵
  PID:6684
- C:\Windows\System\vjzyeEf.exe
  C:\Windows\System\vjzyeEf.exe
  2⤵
  PID:6948
- C:\Windows\System\OykpMVO.exe
  C:\Windows\System\OykpMVO.exe
  2⤵
  PID:6872
- C:\Windows\System\YcfSNuE.exe
  C:\Windows\System\YcfSNuE.exe
  2⤵
  PID:5648
- C:\Windows\System\fllMPkh.exe
  C:\Windows\System\fllMPkh.exe
  2⤵
  PID:7180
- C:\Windows\System\aDpuCMo.exe
  C:\Windows\System\aDpuCMo.exe
  2⤵
  PID:7204
- C:\Windows\System\PwjGQrN.exe
  C:\Windows\System\PwjGQrN.exe
  2⤵
  PID:7236
- C:\Windows\System\RTZXory.exe
  C:\Windows\System\RTZXory.exe
  2⤵
  PID:7296
- C:\Windows\System\RsexAgY.exe
  C:\Windows\System\RsexAgY.exe
  2⤵
  PID:7284
- C:\Windows\System\ETnPkOc.exe
  C:\Windows\System\ETnPkOc.exe
  2⤵
  PID:7344
- C:\Windows\System\yYwnmpC.exe
  C:\Windows\System\yYwnmpC.exe
  2⤵
  PID:7340
- C:\Windows\System\eFNBEau.exe
  C:\Windows\System\eFNBEau.exe
  2⤵
  PID:7380
- C:\Windows\System\zIKNXai.exe
  C:\Windows\System\zIKNXai.exe
  2⤵
  PID:7400
- C:\Windows\System\KKfyCFm.exe
  C:\Windows\System\KKfyCFm.exe
  2⤵
  PID:7468
- C:\Windows\System\RHKktSs.exe
  C:\Windows\System\RHKktSs.exe
  2⤵
  PID:7480
- C:\Windows\System\TwZsFlY.exe
  C:\Windows\System\TwZsFlY.exe
  2⤵
  PID:7504
- C:\Windows\System\xaHlsvc.exe
  C:\Windows\System\xaHlsvc.exe
  2⤵
  PID:2700
- C:\Windows\System\veVmRsd.exe
  C:\Windows\System\veVmRsd.exe
  2⤵
  PID:2580
- C:\Windows\System\MIMWXvf.exe
  C:\Windows\System\MIMWXvf.exe
  2⤵
  PID:7600
- C:\Windows\System\mwwPLAD.exe
  C:\Windows\System\mwwPLAD.exe
  2⤵
  PID:7624
- C:\Windows\System\LfyjBMX.exe
  C:\Windows\System\LfyjBMX.exe
  2⤵
  PID:1236
- C:\Windows\System\PglkkTd.exe
  C:\Windows\System\PglkkTd.exe
  2⤵
  PID:2488
- C:\Windows\System\SllHiOA.exe
  C:\Windows\System\SllHiOA.exe
  2⤵
  PID:7684
- C:\Windows\System\FxsTrje.exe
  C:\Windows\System\FxsTrje.exe
  2⤵
  PID:7744
- C:\Windows\System\Ivigava.exe
  C:\Windows\System\Ivigava.exe
  2⤵
  PID:7788
- C:\Windows\System\eqkOzEF.exe
  C:\Windows\System\eqkOzEF.exe
  2⤵
  PID:1800
- C:\Windows\System\LrZFPYD.exe
  C:\Windows\System\LrZFPYD.exe
  2⤵
  PID:7808
- C:\Windows\System\ridGFxW.exe
  C:\Windows\System\ridGFxW.exe
  2⤵
  PID:1796
- C:\Windows\System\pXbmIPe.exe
  C:\Windows\System\pXbmIPe.exe
  2⤵
  PID:7864
- C:\Windows\System\aIjEWcc.exe
  C:\Windows\System\aIjEWcc.exe
  2⤵
  PID:7888
- C:\Windows\System\yRXzyIm.exe
  C:\Windows\System\yRXzyIm.exe
  2⤵
  PID:7924
- C:\Windows\System\yRFbfBs.exe
  C:\Windows\System\yRFbfBs.exe
  2⤵
  PID:7980
- C:\Windows\System\KyvCIWJ.exe
  C:\Windows\System\KyvCIWJ.exe
  2⤵
  PID:8028
- C:\Windows\System\juQzeYG.exe
  C:\Windows\System\juQzeYG.exe
  2⤵
  PID:8060
- C:\Windows\System\bllUUfV.exe
  C:\Windows\System\bllUUfV.exe
  2⤵
  PID:8108
- C:\Windows\System\xQhiDFL.exe
  C:\Windows\System\xQhiDFL.exe
  2⤵
  PID:924
- C:\Windows\System\JgkFctA.exe
  C:\Windows\System\JgkFctA.exe
  2⤵
  PID:8120
- C:\Windows\System\BaAhCGQ.exe
  C:\Windows\System\BaAhCGQ.exe
  2⤵
  PID:5388
- C:\Windows\System\wVDzjtB.exe
  C:\Windows\System\wVDzjtB.exe
  2⤵
  PID:8160
- C:\Windows\System\FDglEVe.exe
  C:\Windows\System\FDglEVe.exe
  2⤵
  PID:5572
- C:\Windows\System\gxsVKeg.exe
  C:\Windows\System\gxsVKeg.exe
  2⤵
  PID:6520
- C:\Windows\System\LMdiyBh.exe
  C:\Windows\System\LMdiyBh.exe
  2⤵
  PID:6608
- C:\Windows\System\ZemjXvj.exe
  C:\Windows\System\ZemjXvj.exe
  2⤵
  PID:6568
- C:\Windows\System\GeRerYm.exe
  C:\Windows\System\GeRerYm.exe
  2⤵
  PID:1952
- C:\Windows\System\sFURneZ.exe
  C:\Windows\System\sFURneZ.exe
  2⤵
  PID:7084
- C:\Windows\System\ADQuFTf.exe
  C:\Windows\System\ADQuFTf.exe
  2⤵
  PID:2268
- C:\Windows\System\IydJTxN.exe
  C:\Windows\System\IydJTxN.exe
  2⤵
  PID:7176
- C:\Windows\System\WBeaMCn.exe
  C:\Windows\System\WBeaMCn.exe
  2⤵
  PID:7216
- C:\Windows\System\IQDqkQi.exe
  C:\Windows\System\IQDqkQi.exe
  2⤵
  PID:7276
- C:\Windows\System\XgQdRxo.exe
  C:\Windows\System\XgQdRxo.exe
  2⤵
  PID:7376
- C:\Windows\System\GprNjpi.exe
  C:\Windows\System\GprNjpi.exe
  2⤵
  PID:7324
- C:\Windows\System\wXDuKRI.exe
  C:\Windows\System\wXDuKRI.exe
  2⤵
  PID:7456
- C:\Windows\System\DXgbABn.exe
  C:\Windows\System\DXgbABn.exe
  2⤵
  PID:7464
- C:\Windows\System\TgWgaBR.exe
  C:\Windows\System\TgWgaBR.exe
  2⤵
  PID:7444
- C:\Windows\System\jhAGnFP.exe
  C:\Windows\System\jhAGnFP.exe
  2⤵
  PID:2736
- C:\Windows\System\nQiREia.exe
  C:\Windows\System\nQiREia.exe
  2⤵
  PID:7628
- C:\Windows\System\rRCOnQn.exe
  C:\Windows\System\rRCOnQn.exe
  2⤵
  PID:7644
- C:\Windows\System\daGwAoo.exe
  C:\Windows\System\daGwAoo.exe
  2⤵
  PID:7664
- C:\Windows\System\rbXLFTp.exe
  C:\Windows\System\rbXLFTp.exe
  2⤵
  PID:2484
- C:\Windows\System\uugFKcx.exe
  C:\Windows\System\uugFKcx.exe
  2⤵
  PID:7704
- C:\Windows\System\BzAzCJG.exe
  C:\Windows\System\BzAzCJG.exe
  2⤵
  PID:7764
- C:\Windows\System\EVovwwN.exe
  C:\Windows\System\EVovwwN.exe
  2⤵
  PID:1660
- C:\Windows\System\whcjyVG.exe
  C:\Windows\System\whcjyVG.exe
  2⤵
  PID:7900
- C:\Windows\System\XTxKSRD.exe
  C:\Windows\System\XTxKSRD.exe
  2⤵
  PID:1788
- C:\Windows\System\bBUCBzR.exe
  C:\Windows\System\bBUCBzR.exe
  2⤵
  PID:7840
- C:\Windows\System\pbquCul.exe
  C:\Windows\System\pbquCul.exe
  2⤵
  PID:980
- C:\Windows\System\AuFkjIm.exe
  C:\Windows\System\AuFkjIm.exe
  2⤵
  PID:2780
- C:\Windows\System\LDzTliF.exe
  C:\Windows\System\LDzTliF.exe
  2⤵
  PID:2568
- C:\Windows\System\wGaokTZ.exe
  C:\Windows\System\wGaokTZ.exe
  2⤵
  PID:8000
- C:\Windows\System\VaRrTED.exe
  C:\Windows\System\VaRrTED.exe
  2⤵
  PID:2464
- C:\Windows\System\PALXBBK.exe
  C:\Windows\System\PALXBBK.exe
  2⤵
  PID:2980
- C:\Windows\System\EoTeoZI.exe
  C:\Windows\System\EoTeoZI.exe
  2⤵
  PID:6460
- C:\Windows\System\cINzTeq.exe
  C:\Windows\System\cINzTeq.exe
  2⤵
  PID:2180
- C:\Windows\System\NRJLuEO.exe
  C:\Windows\System\NRJLuEO.exe
  2⤵
  PID:7144
- C:\Windows\System\uTKTaMs.exe
  C:\Windows\System\uTKTaMs.exe
  2⤵
  PID:7336
- C:\Windows\System\fQQWqcw.exe
  C:\Windows\System\fQQWqcw.exe
  2⤵
  PID:8140
- C:\Windows\System\HyqQwnT.exe
  C:\Windows\System\HyqQwnT.exe
  2⤵
  PID:7304
- C:\Windows\System\DJJIvMR.exe
  C:\Windows\System\DJJIvMR.exe
  2⤵
  PID:7396
- C:\Windows\System\EVCUYcz.exe
  C:\Windows\System\EVCUYcz.exe
  2⤵
  PID:7548
- C:\Windows\System\nTsRmMI.exe
  C:\Windows\System\nTsRmMI.exe
  2⤵
  PID:8144
- C:\Windows\System\JhTWbRy.exe
  C:\Windows\System\JhTWbRy.exe
  2⤵
  PID:7564
- C:\Windows\System\QRKdHRA.exe
  C:\Windows\System\QRKdHRA.exe
  2⤵
  PID:7740
- C:\Windows\System\aqXdLBL.exe
  C:\Windows\System\aqXdLBL.exe
  2⤵
  PID:5608
- C:\Windows\System\BoHKLal.exe
  C:\Windows\System\BoHKLal.exe
  2⤵
  PID:784
- C:\Windows\System\OmYqcAz.exe
  C:\Windows\System\OmYqcAz.exe
  2⤵
  PID:7868
- C:\Windows\System\IcQkUNW.exe
  C:\Windows\System\IcQkUNW.exe
  2⤵
  PID:2592
- C:\Windows\System\aZbKdwO.exe
  C:\Windows\System\aZbKdwO.exe
  2⤵
  PID:7760
- C:\Windows\System\RWKcPZy.exe
  C:\Windows\System\RWKcPZy.exe
  2⤵
  PID:2236
- C:\Windows\System\BuAaxkj.exe
  C:\Windows\System\BuAaxkj.exe
  2⤵
  PID:2740
- C:\Windows\System\sXEnFdF.exe
  C:\Windows\System\sXEnFdF.exe
  2⤵
  PID:8044
- C:\Windows\System\FXYPDyU.exe
  C:\Windows\System\FXYPDyU.exe
  2⤵
  PID:7960
- C:\Windows\System\EpPeJoA.exe
  C:\Windows\System\EpPeJoA.exe
  2⤵
  PID:8048
- C:\Windows\System\xCgsiCv.exe
  C:\Windows\System\xCgsiCv.exe
  2⤵
  PID:2192
- C:\Windows\System\QCWbTqJ.exe
  C:\Windows\System\QCWbTqJ.exe
  2⤵
  PID:7224
- C:\Windows\System\gDxgiac.exe
  C:\Windows\System\gDxgiac.exe
  2⤵
  PID:2848
- C:\Windows\System\TzHVLfd.exe
  C:\Windows\System\TzHVLfd.exe
  2⤵
  PID:2332
- C:\Windows\System\NVcgYBe.exe
  C:\Windows\System\NVcgYBe.exe
  2⤵
  PID:7608
- C:\Windows\System\JMNkHND.exe
  C:\Windows\System\JMNkHND.exe
  2⤵
  PID:8064
- C:\Windows\System\eXkdgZT.exe
  C:\Windows\System\eXkdgZT.exe
  2⤵
  PID:7720
- C:\Windows\System\uEWTInV.exe
  C:\Windows\System\uEWTInV.exe
  2⤵
  PID:7700
- C:\Windows\System\UVoQcxt.exe
  C:\Windows\System\UVoQcxt.exe
  2⤵
  PID:2404
- C:\Windows\System\ByEqDUc.exe
  C:\Windows\System\ByEqDUc.exe
  2⤵
  PID:7776
- C:\Windows\System\uFemiTx.exe
  C:\Windows\System\uFemiTx.exe
  2⤵
  PID:8184
- C:\Windows\System\xKPqFTF.exe
  C:\Windows\System\xKPqFTF.exe
  2⤵
  PID:8100
- C:\Windows\System\BVNonYJ.exe
  C:\Windows\System\BVNonYJ.exe
  2⤵
  PID:6580
- C:\Windows\System\CLmNUMA.exe
  C:\Windows\System\CLmNUMA.exe
  2⤵
  PID:7260
- C:\Windows\System\TZEqaYF.exe
  C:\Windows\System\TZEqaYF.exe
  2⤵
  PID:752
- C:\Windows\System\Ysftcar.exe
  C:\Windows\System\Ysftcar.exe
  2⤵
  PID:7784
- C:\Windows\System\VodFBuY.exe
  C:\Windows\System\VodFBuY.exe
  2⤵
  PID:2504
- C:\Windows\System\WtFmoOB.exe
  C:\Windows\System\WtFmoOB.exe
  2⤵
  PID:8080
- C:\Windows\System\TeSGHRZ.exe
  C:\Windows\System\TeSGHRZ.exe
  2⤵
  PID:7584
- C:\Windows\System\SQIFYKz.exe
  C:\Windows\System\SQIFYKz.exe
  2⤵
  PID:2448
- C:\Windows\System\QwACrBc.exe
  C:\Windows\System\QwACrBc.exe
  2⤵
  PID:7508
- C:\Windows\System\hVWNkQp.exe
  C:\Windows\System\hVWNkQp.exe
  2⤵
  PID:7988
- C:\Windows\System\YBHMJiw.exe
  C:\Windows\System\YBHMJiw.exe
  2⤵
  PID:7844
- C:\Windows\System\yZudnlz.exe
  C:\Windows\System\yZudnlz.exe
  2⤵
  PID:7500
- C:\Windows\System\MydIFKD.exe
  C:\Windows\System\MydIFKD.exe
  2⤵
  PID:8208
- C:\Windows\System\DyBjqVj.exe
  C:\Windows\System\DyBjqVj.exe
  2⤵
  PID:8256
- C:\Windows\System\wBQHAQE.exe
  C:\Windows\System\wBQHAQE.exe
  2⤵
  PID:8276
- C:\Windows\System\QHYblgn.exe
  C:\Windows\System\QHYblgn.exe
  2⤵
  PID:8292
- C:\Windows\System\hvneBVz.exe
  C:\Windows\System\hvneBVz.exe
  2⤵
  PID:8308
- C:\Windows\System\VrejRHj.exe
  C:\Windows\System\VrejRHj.exe
  2⤵
  PID:8324
- C:\Windows\System\kjRxhhS.exe
  C:\Windows\System\kjRxhhS.exe
  2⤵
  PID:8340
- C:\Windows\System\cognigi.exe
  C:\Windows\System\cognigi.exe
  2⤵
  PID:8356
- C:\Windows\System\JBDCWsR.exe
  C:\Windows\System\JBDCWsR.exe
  2⤵
  PID:8372
- C:\Windows\System\cmRTIfZ.exe
  C:\Windows\System\cmRTIfZ.exe
  2⤵
  PID:8388
- C:\Windows\System\ZMSRLOF.exe
  C:\Windows\System\ZMSRLOF.exe
  2⤵
  PID:8404
- C:\Windows\System\mSSehgs.exe
  C:\Windows\System\mSSehgs.exe
  2⤵
  PID:8420
- C:\Windows\System\mxuXFAD.exe
  C:\Windows\System\mxuXFAD.exe
  2⤵
  PID:8436
- C:\Windows\System\PXosJyY.exe
  C:\Windows\System\PXosJyY.exe
  2⤵
  PID:8452
- C:\Windows\System\jPMlZam.exe
  C:\Windows\System\jPMlZam.exe
  2⤵
  PID:8468
- C:\Windows\System\ocIvnKv.exe
  C:\Windows\System\ocIvnKv.exe
  2⤵
  PID:8484
- C:\Windows\System\hwVBBom.exe
  C:\Windows\System\hwVBBom.exe
  2⤵
  PID:8500
- C:\Windows\System\gvmjRBZ.exe
  C:\Windows\System\gvmjRBZ.exe
  2⤵
  PID:8516
- C:\Windows\System\lXcEaDJ.exe
  C:\Windows\System\lXcEaDJ.exe
  2⤵
  PID:8532
- C:\Windows\System\AxvcjSa.exe
  C:\Windows\System\AxvcjSa.exe
  2⤵
  PID:8556
- C:\Windows\System\PPYJXhf.exe
  C:\Windows\System\PPYJXhf.exe
  2⤵
  PID:8576
- C:\Windows\System\jngNIwZ.exe
  C:\Windows\System\jngNIwZ.exe
  2⤵
  PID:8596
- C:\Windows\System\wNuBYSa.exe
  C:\Windows\System\wNuBYSa.exe
  2⤵
  PID:8612
- C:\Windows\System\jhVDOKz.exe
  C:\Windows\System\jhVDOKz.exe
  2⤵
  PID:8632
- C:\Windows\System\NocQTLg.exe
  C:\Windows\System\NocQTLg.exe
  2⤵
  PID:8648
- C:\Windows\System\vLMyBXu.exe
  C:\Windows\System\vLMyBXu.exe
  2⤵
  PID:8664
- C:\Windows\System\RfXtEzj.exe
  C:\Windows\System\RfXtEzj.exe
  2⤵
  PID:8680
- C:\Windows\System\RONjSpo.exe
  C:\Windows\System\RONjSpo.exe
  2⤵
  PID:8696
- C:\Windows\System\wqoOzYB.exe
  C:\Windows\System\wqoOzYB.exe
  2⤵
  PID:8712
- C:\Windows\System\ywJOgAb.exe
  C:\Windows\System\ywJOgAb.exe
  2⤵
  PID:8728
- C:\Windows\System\kpktnhw.exe
  C:\Windows\System\kpktnhw.exe
  2⤵
  PID:8744
- C:\Windows\System\TSzyYdJ.exe
  C:\Windows\System\TSzyYdJ.exe
  2⤵
  PID:8760
- C:\Windows\System\upLBhjb.exe
  C:\Windows\System\upLBhjb.exe
  2⤵
  PID:8776
- C:\Windows\System\jiDLNAZ.exe
  C:\Windows\System\jiDLNAZ.exe
  2⤵
  PID:8792
- C:\Windows\System\EFSpxrN.exe
  C:\Windows\System\EFSpxrN.exe
  2⤵
  PID:8808
- C:\Windows\System\HvlLtHy.exe
  C:\Windows\System\HvlLtHy.exe
  2⤵
  PID:8824
- C:\Windows\System\JoLHpaq.exe
  C:\Windows\System\JoLHpaq.exe
  2⤵
  PID:8840
- C:\Windows\System\zEPRxVY.exe
  C:\Windows\System\zEPRxVY.exe
  2⤵
  PID:8996
- C:\Windows\System\xXxgvRi.exe
  C:\Windows\System\xXxgvRi.exe
  2⤵
  PID:9100
- C:\Windows\System\sPBBzcw.exe
  C:\Windows\System\sPBBzcw.exe
  2⤵
  PID:9124
- C:\Windows\System\ODIwgxo.exe
  C:\Windows\System\ODIwgxo.exe
  2⤵
  PID:9140
- C:\Windows\System\mqYQxQt.exe
  C:\Windows\System\mqYQxQt.exe
  2⤵
  PID:9156
- C:\Windows\System\gMvRDZA.exe
  C:\Windows\System\gMvRDZA.exe
  2⤵
  PID:9176
- C:\Windows\System\tyWnNcW.exe
  C:\Windows\System\tyWnNcW.exe
  2⤵
  PID:9192
- C:\Windows\System\bqGdxMV.exe
  C:\Windows\System\bqGdxMV.exe
  2⤵
  PID:9212
- C:\Windows\System\gLLCMMc.exe
  C:\Windows\System\gLLCMMc.exe
  2⤵
  PID:8104
- C:\Windows\System\uiAuYSR.exe
  C:\Windows\System\uiAuYSR.exe
  2⤵
  PID:8204
- C:\Windows\System\IKyLulM.exe
  C:\Windows\System\IKyLulM.exe
  2⤵
  PID:8232
- C:\Windows\System\kHacYXG.exe
  C:\Windows\System\kHacYXG.exe
  2⤵
  PID:8264
- C:\Windows\System\jIVzFDf.exe
  C:\Windows\System\jIVzFDf.exe
  2⤵
  PID:8288
- C:\Windows\System\SbQButT.exe
  C:\Windows\System\SbQButT.exe
  2⤵
  PID:7008
- C:\Windows\System\dJYoGnB.exe
  C:\Windows\System\dJYoGnB.exe
  2⤵
  PID:8332
- C:\Windows\System\JvOsKDJ.exe
  C:\Windows\System\JvOsKDJ.exe
  2⤵
  PID:8400
- C:\Windows\System\nmJhdCq.exe
  C:\Windows\System\nmJhdCq.exe
  2⤵
  PID:8416
- C:\Windows\System\HkPrYTn.exe
  C:\Windows\System\HkPrYTn.exe
  2⤵
  PID:8512
- C:\Windows\System\KUZMKdp.exe
  C:\Windows\System\KUZMKdp.exe
  2⤵
  PID:8432
- C:\Windows\System\jpUyOWP.exe
  C:\Windows\System\jpUyOWP.exe
  2⤵
  PID:8552
- C:\Windows\System\IuyqFSh.exe
  C:\Windows\System\IuyqFSh.exe
  2⤵
  PID:8572
- C:\Windows\System\EQHGDCG.exe
  C:\Windows\System\EQHGDCG.exe
  2⤵
  PID:8592
- C:\Windows\System\GwoacNb.exe
  C:\Windows\System\GwoacNb.exe
  2⤵
  PID:8588
- C:\Windows\System\KmYCDOF.exe
  C:\Windows\System\KmYCDOF.exe
  2⤵
  PID:8656
- C:\Windows\System\XWiHDmi.exe
  C:\Windows\System\XWiHDmi.exe
  2⤵
  PID:8672
- C:\Windows\System\rmNRqZe.exe
  C:\Windows\System\rmNRqZe.exe
  2⤵
  PID:8736
- C:\Windows\System\gFdRwaQ.exe
  C:\Windows\System\gFdRwaQ.exe
  2⤵
  PID:8740
- C:\Windows\System\zdkeuyT.exe
  C:\Windows\System\zdkeuyT.exe
  2⤵
  PID:8724
- C:\Windows\System\GKpbbyT.exe
  C:\Windows\System\GKpbbyT.exe
  2⤵
  PID:8784
- C:\Windows\System\nUhQrny.exe
  C:\Windows\System\nUhQrny.exe
  2⤵
  PID:8832
- C:\Windows\System\uLNHBxN.exe
  C:\Windows\System\uLNHBxN.exe
  2⤵
  PID:8860
- C:\Windows\System\HYMhgjp.exe
  C:\Windows\System\HYMhgjp.exe
  2⤵
  PID:8948
- C:\Windows\System\mlrMxQT.exe
  C:\Windows\System\mlrMxQT.exe
  2⤵
  PID:8964
- C:\Windows\System\iDwIIOj.exe
  C:\Windows\System\iDwIIOj.exe
  2⤵
  PID:8984
- C:\Windows\System\ipUIGsZ.exe
  C:\Windows\System\ipUIGsZ.exe
  2⤵
  PID:9020
- C:\Windows\System\rEUWlqY.exe
  C:\Windows\System\rEUWlqY.exe
  2⤵
  PID:9036
- C:\Windows\System\XaFOZuc.exe
  C:\Windows\System\XaFOZuc.exe
  2⤵
  PID:9056
- C:\Windows\System\FrwmkvW.exe
  C:\Windows\System\FrwmkvW.exe
  2⤵
  PID:9072
- C:\Windows\System\vpIcEeF.exe
  C:\Windows\System\vpIcEeF.exe
  2⤵
  PID:9084
- C:\Windows\System\rbIQLtX.exe
  C:\Windows\System\rbIQLtX.exe
  2⤵
  PID:9108
- C:\Windows\System\EdXDoZH.exe
  C:\Windows\System\EdXDoZH.exe
  2⤵
  PID:9120
- C:\Windows\System\ckuUVOe.exe
  C:\Windows\System\ckuUVOe.exe
  2⤵
  PID:9164
- C:\Windows\System\BXsDqLs.exe
  C:\Windows\System\BXsDqLs.exe
  2⤵
  PID:9136
- C:\Windows\System\MLqUEME.exe
  C:\Windows\System\MLqUEME.exe
  2⤵
  PID:6904
- C:\Windows\System\GHecPGp.exe
  C:\Windows\System\GHecPGp.exe
  2⤵
  PID:6352
- C:\Windows\System\PMQFZtq.exe
  C:\Windows\System\PMQFZtq.exe
  2⤵
  PID:8224
- C:\Windows\System\hfpfZpk.exe
  C:\Windows\System\hfpfZpk.exe
  2⤵
  PID:8248
- C:\Windows\System\UNXCYod.exe
  C:\Windows\System\UNXCYod.exe
  2⤵
  PID:8528
- C:\Windows\System\DKaltjw.exe
  C:\Windows\System\DKaltjw.exe
  2⤵
  PID:8628
- C:\Windows\System\KtBICHd.exe
  C:\Windows\System\KtBICHd.exe
  2⤵
  PID:8496
- C:\Windows\System\GphMiCF.exe
  C:\Windows\System\GphMiCF.exe
  2⤵
  PID:8544
- C:\Windows\System\HXZWiGe.exe
  C:\Windows\System\HXZWiGe.exe
  2⤵
  PID:8816
- C:\Windows\System\KrWcMzl.exe
  C:\Windows\System\KrWcMzl.exe
  2⤵
  PID:8880
- C:\Windows\System\KfkIRyu.exe
  C:\Windows\System\KfkIRyu.exe
  2⤵
  PID:8904
- C:\Windows\System\FCAbSRV.exe
  C:\Windows\System\FCAbSRV.exe
  2⤵
  PID:8928
- C:\Windows\System\WGliQYf.exe
  C:\Windows\System\WGliQYf.exe
  2⤵
  PID:8924
- C:\Windows\System\NbKcchu.exe
  C:\Windows\System\NbKcchu.exe
  2⤵
  PID:8972
- C:\Windows\System\kAGrKMg.exe
  C:\Windows\System\kAGrKMg.exe
  2⤵
  PID:9044
- C:\Windows\System\BsmpqMD.exe
  C:\Windows\System\BsmpqMD.exe
  2⤵
  PID:9032
- C:\Windows\System\LcZnBoH.exe
  C:\Windows\System\LcZnBoH.exe
  2⤵
  PID:8960
- C:\Windows\System\WwnOvfb.exe
  C:\Windows\System\WwnOvfb.exe
  2⤵
  PID:9080
- C:\Windows\System\CPdzGjr.exe
  C:\Windows\System\CPdzGjr.exe
  2⤵
  PID:3052
- C:\Windows\System\RZvYvbW.exe
  C:\Windows\System\RZvYvbW.exe
  2⤵
  PID:8316
- C:\Windows\System\kgXwvgr.exe
  C:\Windows\System\kgXwvgr.exe
  2⤵
  PID:7360
- C:\Windows\System\OrvVVwU.exe
  C:\Windows\System\OrvVVwU.exe
  2⤵
  PID:8220
- C:\Windows\System\dbkSOgv.exe
  C:\Windows\System\dbkSOgv.exe
  2⤵
  PID:8304
- C:\Windows\System\HPXcOsW.exe
  C:\Windows\System\HPXcOsW.exe
  2⤵
  PID:8380
- C:\Windows\System\QkuFkqe.exe
  C:\Windows\System\QkuFkqe.exe
  2⤵
  PID:5884
- C:\Windows\System\DdDKFbD.exe
  C:\Windows\System\DdDKFbD.exe
  2⤵
  PID:8708
- C:\Windows\System\cYtKGoH.exe
  C:\Windows\System\cYtKGoH.exe
  2⤵
  PID:8464
- C:\Windows\System\khUQbfI.exe
  C:\Windows\System\khUQbfI.exe
  2⤵
  PID:8804
- C:\Windows\System\clIhHUu.exe
  C:\Windows\System\clIhHUu.exe
  2⤵
  PID:8956
- C:\Windows\System\hjwGUKK.exe
  C:\Windows\System\hjwGUKK.exe
  2⤵
  PID:8272
- C:\Windows\System\TFamOJv.exe
  C:\Windows\System\TFamOJv.exe
  2⤵
  PID:2216
- C:\Windows\System\UfeHqVa.exe
  C:\Windows\System\UfeHqVa.exe
  2⤵
  PID:8912
- C:\Windows\System\xKKeIZP.exe
  C:\Windows\System\xKKeIZP.exe
  2⤵
  PID:9028
- C:\Windows\System\RBxHwrz.exe
  C:\Windows\System\RBxHwrz.exe
  2⤵
  PID:8200
- C:\Windows\System\dPDPvrf.exe
  C:\Windows\System\dPDPvrf.exe
  2⤵
  PID:8868
- C:\Windows\System\HRzkhhp.exe
  C:\Windows\System\HRzkhhp.exe
  2⤵
  PID:8348
- C:\Windows\System\AtvDBDf.exe
  C:\Windows\System\AtvDBDf.exe
  2⤵
  PID:8908
- C:\Windows\System\ZZOkmKV.exe
  C:\Windows\System\ZZOkmKV.exe
  2⤵
  PID:9008
- C:\Windows\System\AoUdWtO.exe
  C:\Windows\System\AoUdWtO.exe
  2⤵
  PID:9200
- C:\Windows\System\TzHfCsW.exe
  C:\Windows\System\TzHfCsW.exe
  2⤵
  PID:8368
- C:\Windows\System\yCxVKTL.exe
  C:\Windows\System\yCxVKTL.exe
  2⤵
  PID:9116
- C:\Windows\System\kxiFubH.exe
  C:\Windows\System\kxiFubH.exe
  2⤵
  PID:8568
- C:\Windows\System\sJnZlAm.exe
  C:\Windows\System\sJnZlAm.exe
  2⤵
  PID:8932
- C:\Windows\System\YpjlHmo.exe
  C:\Windows\System\YpjlHmo.exe
  2⤵
  PID:8772
- C:\Windows\System\ocNSlYs.exe
  C:\Windows\System\ocNSlYs.exe
  2⤵
  PID:9208
- C:\Windows\System\joEKEHf.exe
  C:\Windows\System\joEKEHf.exe
  2⤵
  PID:8564
- C:\Windows\System\foNYyQs.exe
  C:\Windows\System\foNYyQs.exe
  2⤵
  PID:8476
- C:\Windows\System\VXpLvrL.exe
  C:\Windows\System\VXpLvrL.exe
  2⤵
  PID:8892
- C:\Windows\System\WdQmiZv.exe
  C:\Windows\System\WdQmiZv.exe
  2⤵
  PID:9220
- C:\Windows\System\coQmysp.exe
  C:\Windows\System\coQmysp.exe
  2⤵
  PID:9236
- C:\Windows\System\TFGkiDr.exe
  C:\Windows\System\TFGkiDr.exe
  2⤵
  PID:9256
- C:\Windows\System\xjAkIEn.exe
  C:\Windows\System\xjAkIEn.exe
  2⤵
  PID:9276
- C:\Windows\System\IoGgTWh.exe
  C:\Windows\System\IoGgTWh.exe
  2⤵
  PID:9292
- C:\Windows\System\QMPjUkv.exe
  C:\Windows\System\QMPjUkv.exe
  2⤵
  PID:9308
- C:\Windows\System\acKdjKx.exe
  C:\Windows\System\acKdjKx.exe
  2⤵
  PID:9328
- C:\Windows\System\qJwAsYn.exe
  C:\Windows\System\qJwAsYn.exe
  2⤵
  PID:9352
- C:\Windows\System\pjehrys.exe
  C:\Windows\System\pjehrys.exe
  2⤵
  PID:9372
- C:\Windows\System\RwimHpd.exe
  C:\Windows\System\RwimHpd.exe
  2⤵
  PID:9388
- C:\Windows\System\hbqCfxm.exe
  C:\Windows\System\hbqCfxm.exe
  2⤵
  PID:9408
- C:\Windows\System\tMdzVna.exe
  C:\Windows\System\tMdzVna.exe
  2⤵
  PID:9424
- C:\Windows\System\UYWNqHB.exe
  C:\Windows\System\UYWNqHB.exe
  2⤵
  PID:9440
- C:\Windows\System\lLRDdKT.exe
  C:\Windows\System\lLRDdKT.exe
  2⤵
  PID:9456
- C:\Windows\System\aFFQhQm.exe
  C:\Windows\System\aFFQhQm.exe
  2⤵
  PID:9476
- C:\Windows\System\YOxPaZT.exe
  C:\Windows\System\YOxPaZT.exe
  2⤵
  PID:9492
- C:\Windows\System\YKOdjSR.exe
  C:\Windows\System\YKOdjSR.exe
  2⤵
  PID:9512
- C:\Windows\System\LFfkfUO.exe
  C:\Windows\System\LFfkfUO.exe
  2⤵
  PID:9536
- C:\Windows\System\oYhFxYF.exe
  C:\Windows\System\oYhFxYF.exe
  2⤵
  PID:9556
- C:\Windows\System\XRCIOfW.exe
  C:\Windows\System\XRCIOfW.exe
  2⤵
  PID:9572
- C:\Windows\System\tqyjyIO.exe
  C:\Windows\System\tqyjyIO.exe
  2⤵
  PID:9596
- C:\Windows\System\rCSixcz.exe
  C:\Windows\System\rCSixcz.exe
  2⤵
  PID:9616
- C:\Windows\System\OVdtbuT.exe
  C:\Windows\System\OVdtbuT.exe
  2⤵
  PID:9648
- C:\Windows\System\YLpRcmk.exe
  C:\Windows\System\YLpRcmk.exe
  2⤵
  PID:9680
- C:\Windows\System\fGbmInT.exe
  C:\Windows\System\fGbmInT.exe
  2⤵
  PID:9696
- C:\Windows\System\MKRBMAC.exe
  C:\Windows\System\MKRBMAC.exe
  2⤵
  PID:9740
- C:\Windows\System\KhpcHuD.exe
  C:\Windows\System\KhpcHuD.exe
  2⤵
  PID:9756
- C:\Windows\System\VHlxgPF.exe
  C:\Windows\System\VHlxgPF.exe
  2⤵
  PID:9772
- C:\Windows\System\gYipCwj.exe
  C:\Windows\System\gYipCwj.exe
  2⤵
  PID:9788
- C:\Windows\System\qHpAbZR.exe
  C:\Windows\System\qHpAbZR.exe
  2⤵
  PID:9804
- C:\Windows\System\lovbrFU.exe
  C:\Windows\System\lovbrFU.exe
  2⤵
  PID:9824
- C:\Windows\System\RMSoaMo.exe
  C:\Windows\System\RMSoaMo.exe
  2⤵
  PID:9844
- C:\Windows\System\ZYxiBUT.exe
  C:\Windows\System\ZYxiBUT.exe
  2⤵
  PID:9864
- C:\Windows\System\cQaNOUK.exe
  C:\Windows\System\cQaNOUK.exe
  2⤵
  PID:9896
- C:\Windows\System\mnDBUPT.exe
  C:\Windows\System\mnDBUPT.exe
  2⤵
  PID:9916
- C:\Windows\System\ZwfyYZu.exe
  C:\Windows\System\ZwfyYZu.exe
  2⤵
  PID:9936
- C:\Windows\System\LPmppbW.exe
  C:\Windows\System\LPmppbW.exe
  2⤵
  PID:9952
- C:\Windows\System\fWKPktQ.exe
  C:\Windows\System\fWKPktQ.exe
  2⤵
  PID:9968
- C:\Windows\System\TUZBzFl.exe
  C:\Windows\System\TUZBzFl.exe
  2⤵
  PID:9984
- C:\Windows\System\hXKWOVD.exe
  C:\Windows\System\hXKWOVD.exe
  2⤵
  PID:10000
- C:\Windows\System\jdysEWL.exe
  C:\Windows\System\jdysEWL.exe
  2⤵
  PID:10016
- C:\Windows\System\LHCbZzX.exe
  C:\Windows\System\LHCbZzX.exe
  2⤵
  PID:10040
- C:\Windows\System\bevOdYr.exe
  C:\Windows\System\bevOdYr.exe
  2⤵
  PID:10068
- C:\Windows\System\ZFcKpNN.exe
  C:\Windows\System\ZFcKpNN.exe
  2⤵
  PID:10084
- C:\Windows\System\kzOayEJ.exe
  C:\Windows\System\kzOayEJ.exe
  2⤵
  PID:10112
- C:\Windows\System\TnubrXv.exe
  C:\Windows\System\TnubrXv.exe
  2⤵
  PID:10128
- C:\Windows\System\hNbHrju.exe
  C:\Windows\System\hNbHrju.exe
  2⤵
  PID:10144
- C:\Windows\System\PDbzOIG.exe
  C:\Windows\System\PDbzOIG.exe
  2⤵
  PID:10160
- C:\Windows\System\YuZRGwM.exe
  C:\Windows\System\YuZRGwM.exe
  2⤵
  PID:10184
- C:\Windows\System\VJWqpzi.exe
  C:\Windows\System\VJWqpzi.exe
  2⤵
  PID:10204
- C:\Windows\System\DqSJJjJ.exe
  C:\Windows\System\DqSJJjJ.exe
  2⤵
  PID:10224
- C:\Windows\System\OuUSYqJ.exe
  C:\Windows\System\OuUSYqJ.exe
  2⤵
  PID:9324
- C:\Windows\System\OwppKvr.exe
  C:\Windows\System\OwppKvr.exe
  2⤵
  PID:9252
- C:\Windows\System\otlsZBE.exe
  C:\Windows\System\otlsZBE.exe
  2⤵
  PID:9368
- C:\Windows\System\qgIRTCF.exe
  C:\Windows\System\qgIRTCF.exe
  2⤵
  PID:9504
- C:\Windows\System\fhqOWlJ.exe
  C:\Windows\System\fhqOWlJ.exe
  2⤵
  PID:9552
- C:\Windows\System\iABpWoG.exe
  C:\Windows\System\iABpWoG.exe
  2⤵
  PID:8364
- C:\Windows\System\ocLoJYn.exe
  C:\Windows\System\ocLoJYn.exe
  2⤵
  PID:9264
- C:\Windows\System\wxhwMec.exe
  C:\Windows\System\wxhwMec.exe
  2⤵
  PID:9336
- C:\Windows\System\zmLKZtI.exe
  C:\Windows\System\zmLKZtI.exe
  2⤵
  PID:9384
- C:\Windows\System\xjKdvHt.exe
  C:\Windows\System\xjKdvHt.exe
  2⤵
  PID:9488
- C:\Windows\System\waQblfs.exe
  C:\Windows\System\waQblfs.exe
  2⤵
  PID:9528
- C:\Windows\System\labgFUr.exe
  C:\Windows\System\labgFUr.exe
  2⤵
  PID:9592
- C:\Windows\System\FRIuXZl.exe
  C:\Windows\System\FRIuXZl.exe
  2⤵
  PID:9604
- C:\Windows\System\DGvUBOD.exe
  C:\Windows\System\DGvUBOD.exe
  2⤵
  PID:9636
- C:\Windows\System\RyIMGOd.exe
  C:\Windows\System\RyIMGOd.exe
  2⤵
  PID:9692
- C:\Windows\System\hReUHve.exe
  C:\Windows\System\hReUHve.exe
  2⤵
  PID:9664
- C:\Windows\System\RoAvnul.exe
  C:\Windows\System\RoAvnul.exe
  2⤵
  PID:9752
- C:\Windows\System\EevDklf.exe
  C:\Windows\System\EevDklf.exe
  2⤵
  PID:9816
- C:\Windows\System\vHIcPzH.exe
  C:\Windows\System\vHIcPzH.exe
  2⤵
  PID:9728
- C:\Windows\System\ShCLsYL.exe
  C:\Windows\System\ShCLsYL.exe
  2⤵
  PID:9796
- C:\Windows\System\qwQdWCi.exe
  C:\Windows\System\qwQdWCi.exe
  2⤵
  PID:9856
- C:\Windows\System\ITzcgVX.exe
  C:\Windows\System\ITzcgVX.exe
  2⤵
  PID:9944
- C:\Windows\System\DpncqGw.exe
  C:\Windows\System\DpncqGw.exe
  2⤵
  PID:9980
- C:\Windows\System\bXQOvfj.exe
  C:\Windows\System\bXQOvfj.exe
  2⤵
  PID:9992
- C:\Windows\System\YAsQauQ.exe
  C:\Windows\System\YAsQauQ.exe
  2⤵
  PID:10036
- C:\Windows\System\fvcFuiy.exe
  C:\Windows\System\fvcFuiy.exe
  2⤵
  PID:10056
- C:\Windows\System\fBYiNOK.exe
  C:\Windows\System\fBYiNOK.exe
  2⤵
  PID:10104
- C:\Windows\System\sgXScSf.exe
  C:\Windows\System\sgXScSf.exe
  2⤵
  PID:10168
- C:\Windows\System\zTJfPfQ.exe
  C:\Windows\System\zTJfPfQ.exe
  2⤵
  PID:10212
- C:\Windows\System\RuzzBDK.exe
  C:\Windows\System\RuzzBDK.exe
  2⤵
  PID:9464
- C:\Windows\System\rSrvMfS.exe
  C:\Windows\System\rSrvMfS.exe
  2⤵
  PID:9396
- C:\Windows\System\YHGdSwf.exe
  C:\Windows\System\YHGdSwf.exe
  2⤵
  PID:10216
- C:\Windows\System\rIsOvDM.exe
  C:\Windows\System\rIsOvDM.exe
  2⤵
  PID:10236
- C:\Windows\System\VlyDtEB.exe
  C:\Windows\System\VlyDtEB.exe
  2⤵
  PID:10196
- C:\Windows\System\haRxUMS.exe
  C:\Windows\System\haRxUMS.exe
  2⤵
  PID:9320
- C:\Windows\System\CpgAMgq.exe
  C:\Windows\System\CpgAMgq.exe
  2⤵
  PID:9472
- C:\Windows\System\ekdFHWS.exe
  C:\Windows\System\ekdFHWS.exe
  2⤵
  PID:9272
- C:\Windows\System\IWfnteB.exe
  C:\Windows\System\IWfnteB.exe
  2⤵
  PID:9568
- C:\Windows\System\NTUFhdq.exe
  C:\Windows\System\NTUFhdq.exe
  2⤵
  PID:9588
- C:\Windows\System\RSSnufm.exe
  C:\Windows\System\RSSnufm.exe
  2⤵
  PID:9712
- C:\Windows\System\OUMoNUR.exe
  C:\Windows\System\OUMoNUR.exe
  2⤵
  PID:9708
- C:\Windows\System\Mljkphh.exe
  C:\Windows\System\Mljkphh.exe
  2⤵
  PID:9672
- C:\Windows\System\voWuFAk.exe
  C:\Windows\System\voWuFAk.exe
  2⤵
  PID:9832
- C:\Windows\System\DsScoNF.exe
  C:\Windows\System\DsScoNF.exe
  2⤵
  PID:9380
- C:\Windows\System\FWxuCEu.exe
  C:\Windows\System\FWxuCEu.exe
  2⤵
  PID:9748
- C:\Windows\System\IFbSrbz.exe
  C:\Windows\System\IFbSrbz.exe
  2⤵
  PID:9880
- C:\Windows\System\ZmCrKIL.exe
  C:\Windows\System\ZmCrKIL.exe
  2⤵
  PID:9876
- C:\Windows\System\SGarHoh.exe
  C:\Windows\System\SGarHoh.exe
  2⤵
  PID:9912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CTaeVQL.exe

Filesize
6.0MB

MD5
2d4e0013569e82b4e4c04414a5c586b8

SHA1
ed3d4e49589ecbe75f397d8fbf3f7e9dc9d20050

SHA256
35f697111a446900585cbe875e894b780c1b8fc710732d6953f9001ffe2e0b91

SHA512
394b812753a1459be314d2ab06e1ffe6309a9c9955a7220769243fb9282bf6a5cf2d9aa95867279c164932da5a7889d9c646c8250b72ca6c5487f388f7a52976

Download Submit
C:\Windows\system\DtRrrMZ.exe

Filesize
6.0MB

MD5
e1505acb8805fc123cd8f52eaafdee36

SHA1
cbabb8d66ba62aeab26d9ebb408ef09ad0c389d4

SHA256
912d86bde6dcce43f5b328c25a80a95d72ed91b1d8378d10fb882b62510c9630

SHA512
29d3e7d0a9e127d6991640a7b6c44cd02f27cf0ee6f57fe3835c085cc7eee37637c4274cf3d287f2cad43fb732ba427ed0c42679b1fe40fdb876fd06e9743a9f

Download Submit
C:\Windows\system\EiQkuGq.exe

Filesize
6.0MB

MD5
d5c544118b9a147bff4cf9e58c043bb1

SHA1
c9408489ee2efb65efe8ac2d80ed67896960a3aa

SHA256
f85b56cfd7e8d549c10a04131b08bb52222aaaafd3903c1279d7c2ecc5880481

SHA512
4a76b73ee85abd1e48f1dc2647e19c4e2b2632bc04a30c47e596d7bd5ca52845c74be4b090b918df82a7e9faff65224ba2198b3193156a9040e99433ca39930c

Download Submit
C:\Windows\system\FRtqrFR.exe

Filesize
6.0MB

MD5
f46c041739c14db05b412ccddff201b0

SHA1
a3e0df84f78d99951ed52fab1f01d940bc899e4d

SHA256
40a8a75503df339b0448ead90afc126cf68633713370a047aafd68a536be6aa8

SHA512
2ea8ecca375ac356006774db354e9b4c0e258bd14e5e5df08bcafc482037dcf88ea45dd6f50e61938bcd0ff07493ae11b30814be81260acae8956426f22135a1

Download Submit
C:\Windows\system\GHMNaUC.exe

Filesize
6.0MB

MD5
622e2f148513c4e18833e3a7740cc374

SHA1
749c9d3bd7ccd732ba42ec6027bc771a2054c9e5

SHA256
8fa28d805068ea1df5734cc62876372d4d45d2730f03ead36b42a21fa2413603

SHA512
80655b8c77be480d39f351bede5f723ec46babdf7ee24c2004fb36c371ac6b6d805bf6840002514d61627be73104a173c34564283bcfcd0fc555141045051a60

Download Submit
C:\Windows\system\IUxCDbW.exe

Filesize
6.0MB

MD5
1e608087355501e1226d583ca558a9ff

SHA1
6686e392da4f3e3d0c361c20c54e600e7cfe8e35

SHA256
8e2de39b1b03cf07f41131825182ba31179a9e995380d605d8a788182cb4e3e8

SHA512
ecc70aea1977cdf770a71e032ec7da2a06efd082233c303e258e66b14cfb560ce3f61e0cacfabdbe2ff5a46f9b0716901f16a737ff0df8a853f6d539a922f2e2

Download Submit
C:\Windows\system\JcOLdSQ.exe

Filesize
6.0MB

MD5
4ae9a1205fcdbea7b09c63debd33058f

SHA1
3b1a3616f2ebdc7aba2b9ee893af84ec2d7d18a2

SHA256
4cb59b65f816190765482321622f71b64eaf66f1bf69c9381c284bab290b8d9a

SHA512
95d82f099a959880ac0ebdd5189b3d14f60a84841a860f0460edf2054a80d70f77cbd682538af49249bbbde48941a67232cb86864ad7dd086e9f490ee2ca2738

Download Submit
C:\Windows\system\Lnbowpv.exe

Filesize
6.0MB

MD5
89c006c03d569bf85e84ef7a8c99dc1b

SHA1
36ebd0eccff107ba7c14f4c20708d8179e8f4758

SHA256
8a9971589f3278ef401c32a2e302c88a9bb21b5309c567785d19d9587c143b3f

SHA512
7488cbacfc604da58202068b8b92d9d910227fe926db6edbae8301429265d69619d15377b63bc2442f5c8a5ade51aff80c4cae212ab3d7db1302e4ec7e3ef02b

Download Submit
C:\Windows\system\NJewdoK.exe

Filesize
6.0MB

MD5
c01ed34b3f618066e304643071bd2904

SHA1
f05f22038b4aab5d37d58ccfb72edb8bf5c78f70

SHA256
67b78ac03941ac28aa312c76737004423333a519af89fb8800f48e679cb8b283

SHA512
4c1b187a675b3f19c785a21f1cd0d6f79244b1996835dfaa18668051b172f49d64ce9ad94d9cdc07a5d7b67d66c42b46bdbe2c56d906cf4a96174b6d41711cc2

Download Submit
C:\Windows\system\PkShsiy.exe

Filesize
6.0MB

MD5
7176b03c1e2681251e26cce84507daa6

SHA1
d95fca6d4e53fc2ecf1bcc5b3385db8523277353

SHA256
000a01aa2157f3a131c82fcda5631d3d5509a4721afda265cc783454f86f18c5

SHA512
01e160ed1e0c5b377a39dec950afd2efbb9e6e7bfb1dd53df0a8940b3b7795bb36d45d78357f1c6999740d06c3af0793e7b14d9c0c9994f93087d2254488f3ec

Download Submit
C:\Windows\system\PqxPYiJ.exe

Filesize
6.0MB

MD5
08cb4a80d373682aa7107a2aa3343135

SHA1
49b5974e2fe745d16a78b0484753042f16b6bb2f

SHA256
6bebe6dabd51af119d73ea490a5363d793796aecbfd2101813a9a1352c4e8752

SHA512
90771d69cf1863642ea8a7d51525ff34d50b7f80c87899b9c94a26627d8e55d46598102cb81f5e4610b4ff8c1f21ef1fa8e3bac1e6b42375c1efa3757fbba21a

Download Submit
C:\Windows\system\TftoSjS.exe

Filesize
6.0MB

MD5
e081a5c426dabf6d6b8733fbe8ebdfa9

SHA1
d07b939a2a451faac668207752ee8d29c9881d87

SHA256
42fe79b718f3310aa4eab6aa604af5a96b0482ada9d95c7361fd749ab55dc871

SHA512
7358244f7b7bd7664525a3506173486a24d94a848d1e2a63c497b801d7001b80dede9604b71aa98ca22da1107d0d50a64c7878156a6337160c5dcc6592000bb7

Download Submit
C:\Windows\system\UFAzouU.exe

Filesize
6.0MB

MD5
8fa9367cab9e9fc0b48b046896262201

SHA1
4499fe12f2e7341432706176c3a8787b7772ea95

SHA256
9a973de503d4becf171d1d9746d7811cb94e377d9f0b32eba571feca237cfc72

SHA512
26b5c7f375e938e755d3c2ec5397e3853a5773375094531048bec2129490bb5a030b2b79630b13657bba0d2449a6c1881fdddbe643535e97921410314bdb993c

Download Submit
C:\Windows\system\UHXPuXq.exe

Filesize
6.0MB

MD5
aa63782dc84c35f5cb501e0cd8b7d345

SHA1
575c4a0e8b11f93c1e55ee55d08bc2d7dec9bdc5

SHA256
e728b52b658dd104bac3c3b843a68b433afa506752d5e10171237eee28cc2a06

SHA512
e90e81a053ec415f1fe3b4554bc496ae0ebb1050b672f32c566320447bcbdedf66eaf2a09c2f0a61c108acf01ba5fed6b8ddda449b9a07114bd1a06e82a440e7

Download Submit
C:\Windows\system\XzVNsNw.exe

Filesize
6.0MB

MD5
3d64a6d70b847e1c61a66a86afa35a5a

SHA1
460956fc0e70214cacfd22875cda5bc52b413887

SHA256
08672e32cf282777e3d661a20c12c90a246edb305a8f5469258b45a901854a44

SHA512
9fa64052d7ae7429c4dfd3c06f8c3e79d99f05dad56f8ede254e474d6aa846398b377b4d9b0e3655fb6c3c016be9ee1d20aaf15d78b98061e27d9a999471e17a

Download Submit
C:\Windows\system\YtrUwUU.exe

Filesize
6.0MB

MD5
66ff208324efd25fa679a7b948dda6d9

SHA1
6dbecd25eab68b78d7a96b6b33d1ec8127a6cf65

SHA256
b200452123242577c73c68d4222825d4b6a90796309774f73fc9e25695f571e6

SHA512
e940e9e7074de19a044bb71424ffe20b469bbd13dac0d189b682c36375dd4f03fb5e4c9e04a7e58ddd4d0046cfbb4c8e2b7568aa83f8557e163fb86dce41a396

Download Submit
C:\Windows\system\ZEQiyjy.exe

Filesize
6.0MB

MD5
cbd584378d8bf7f3ff9437daac527e53

SHA1
f818c23e63ea4b35926c5ccdc2f9aea6a058f4ab

SHA256
51262f6976c42340527c684a25c7329c646dd561cfacaf77f10e23fc8b4edfb1

SHA512
55e7fc6c315985be485c257a9ca1a0cf38fc7c7bdde82543abcbf9b1adc06976b3abff7cbb6c325f891734d43676f932df2ca89fa2c404671dfca503f60beaa7

Download Submit
C:\Windows\system\bItSQOm.exe

Filesize
6.0MB

MD5
1d47b4989540c0f0fd07ab54d72b981a

SHA1
da301e67612de65ceead7b7fea402edb0d77f225

SHA256
fcecb3f268fb14de31694274c30d38f2472c3712c0d5162e10a3b0e1b6e045c5

SHA512
c23cb598f9144f1a3495d22e7383efd2e67dff47f7482245a66708c8aee156630d1f1ae3229331f425dadf090235b7501158bf40e0f408c3a0d0c9bc400ec371

Download Submit
C:\Windows\system\bstocin.exe

Filesize
6.0MB

MD5
def0a702f683a6fe8186ed06aa5509fa

SHA1
aac43a842d55dc53af23ab5b7aad52fe8c19b999

SHA256
4f8680e42ae0d977e46d9e5bd303b97efcaa866d35750f144dd4c12d3e3df3c2

SHA512
e9de2c6ac357ddcea46da910504121908e80a684ee118a92285b1bff0f2da581f80f2c1e5281ccf0ad5ba77e26de78609949f00fa205b8ad2f338f8041e0b9a2

Download Submit
C:\Windows\system\cCDxxeV.exe

Filesize
6.0MB

MD5
be628ba97a64a12f40188c6229e128b7

SHA1
4a4440518723943368cc323b0fb9f8a4881f89d7

SHA256
ebf3f6d10e683985c5d37bb0e0a60233ab62481c3848ec607eb168bbb3a4a44e

SHA512
b1f6b2932c8668707a23bd660442959f9cc0d2998ed58c10ae40dce199c46b6425e2ecf0f596370ff253a1b2ddd646acc42d1e27e2f46914e6a64b726c9876af

Download Submit
C:\Windows\system\dmLKwcX.exe

Filesize
6.0MB

MD5
66e9b30d804ca40f8c6cbdd7dadae008

SHA1
f9248a4dbe13cb433a3863ff4e856347c46c2ff9

SHA256
4dcade762e8970b3a2db49353974c536e7dabd8f862110dd009dccf66a608b11

SHA512
ac06472d3ecdc4a60fb204a4fa4672163fc00376c6313d6d43a11fdf1d1d1fe9224f2c2188fc5e5c8736926b2697900198660a6d24b53a6b24b972566866305a

Download Submit
C:\Windows\system\iheDGTr.exe

Filesize
6.0MB

MD5
59ffbe5da46127f24a89089a12fc0b06

SHA1
423ce69fb74dd3df7219f823497d232377a1b898

SHA256
c8a516dabfa7b6de4cc27a2b4e47555ce59df38d099b5532ce2ecc396c7b08c7

SHA512
33b4f6e9b109272636d930194ec253c47c531d9adef191f04ae16a8cdad32e5c95024e44f73790d0faaea6ffa2431d2f742f38ccc4bc8c29dee5ea1b7f33214a

Download Submit
C:\Windows\system\qYrVckM.exe

Filesize
6.0MB

MD5
edb21d55041a873fe43c0c9d77f587ce

SHA1
e749997c92c1243dcd8f3e8ac5ba2c4a1fdba259

SHA256
59a01b87d8b776b3906d100c28b3938cd9f0d0c784da96b3698dab7ef7dfa363

SHA512
37a96917ef1fa37f9fe799f62f22641aec7324b120e7bc78da81221bc9460db1a8a56a94cff9256ec7d9e18d5ed8620ab66ca6c5ea01dd5206b30773d32038c1

Download Submit
C:\Windows\system\sFstaBR.exe

Filesize
6.0MB

MD5
1543c075ff4deb56b60b3fb781608355

SHA1
c1c4d837c4e1940e6bbf6ebaed3f35f622dbc4db

SHA256
8d6df1b563687144c0939863c9a2c6c0e3c455291a28a10980b94f870e217869

SHA512
6c85ee4cb9ddfa892ed603e2bdab415e3e6eb2313d9a32001e3e7902a62cf45c52410bb64a94acb7315a14a672b324d62ee8af2c5b8a3cd8dbfcf5d54ebb362a

Download Submit
C:\Windows\system\sKHxrtq.exe

Filesize
6.0MB

MD5
c20fe3a6ecbb6a37941d778decd5766f

SHA1
9f1be66a5df5ffcbd2cdafab74000963e6e46c2c

SHA256
2dfda8999254d117b0a85eec92d6c2d8ec95bf94bfefe305902b0d813d5cc77e

SHA512
610bbba0043e7f16ff23b1999f00970f5d5fab16449d572f3c3f21ea22d08064edc5fe2b02178882f7f3b3512b0167d55aafe767909c52e10a6ac32a7d8dac4e

Download Submit
C:\Windows\system\sySAkBL.exe

Filesize
6.0MB

MD5
0ab6982b15ad8ee8d958d230aef0f3d8

SHA1
52f15205b825f94930053f4fa6ad6fdc6f47802b

SHA256
2fb2123065c63e5da81e3d847ee58e6dcfea816e6da79d27ef03656af3c5d869

SHA512
f54d7f5ab1312ef7b857650b6f15ccffc2e573d35d7a8739373a9d1b86295df4d5fdffc839e3a78dcc65d5a98a0395fe7d3521e1c2c56d65178d626b486c52c5

Download Submit
C:\Windows\system\uNolgEi.exe

Filesize
6.0MB

MD5
6821612c94b8746ec1554b4602e26e05

SHA1
8f2ac643b631dd72bf09e2297128e5ef2d071a00

SHA256
e7b81b3bff1e5f4ae10156f03cfab0d75c4b387a43a775fdfbcc0cbda335679c

SHA512
2d25b65506d4de94da5c1dbbb89503b49e5a8592ea64a0178289df7041b03782e048e09f9436c36e40a312be276405d18bb600ded1259926af50c97f050ca097

Download Submit
C:\Windows\system\vjxEfjI.exe

Filesize
6.0MB

MD5
909a12e083dd3688900ef349a155708b

SHA1
557fea28fcabb8d123e0a3f63a9901d44d200a00

SHA256
f3d5ce3e2ef74a720c37fc94a645738907ab06b295ce442184e2c66def9fbad9

SHA512
5e74dc7b1bf42d89e6d95ca1759d493e223527073f26cfcb71b40bba4a06adee895b1fe7390e360011468d82f02114f6425e500019bf1299d3f37ce587c00f96

Download Submit
\Windows\system\FLBeaXZ.exe

Filesize
6.0MB

MD5
0c12132dc6f149842e0c6ec3130d2ab0

SHA1
bafdcddcd8995bd6fc907aeaffe0c044df52d411

SHA256
366bbc328f4689260da8d21d269fc73c958e240a30c7c42e096d301e7510569a

SHA512
b77c35a96397a194e01112347c3aa28acbaa197c442005b134f00851d3bddb5e9fa795c7e9c208e8f9b40eba6b9d019d770081ee83b3202f57bdb7c74b794838

Download Submit
\Windows\system\MaUGvUy.exe

Filesize
6.0MB

MD5
848b28ff1db281e55f179ac331b4ce62

SHA1
356c66399f11632e1a8f9b461f3123bc85212bab

SHA256
ae5a700b9fd58d45da941bbfd154b97a8763a6149d1380fc37de6caf90ecaac7

SHA512
6e94e3715318d2a143c9966d2c8fe1daa8b1b52873b3bcb7eaf6e36f1ea2aa6126b7691dde2debbfef43d0aff7e1e5b2e5a580d07e522fb6b27e5705cc7b9c23

Download Submit
\Windows\system\QkfJtHS.exe

Filesize
6.0MB

MD5
67c7c744de9e78514d425212fdbeb4f7

SHA1
ed1d34db84c41332605fcaa6322b9e5919d71b4c

SHA256
5a45fadf60d09213f9e78778a192f3449a75df3fe0490c3a35cea1cc0df3c616

SHA512
86c393e31c5001b2c7431cdaa326238216939f3e16989d0dec030fe15a9dc434791276634fc7091bfae74e5c8ec418f9ed316caa8e2fe5ccdb55b4835147e45a

Download Submit
\Windows\system\YrTyemR.exe

Filesize
6.0MB

MD5
c977b5d924002f4d8a93406b1a66f1f2

SHA1
9997ec74c8702d5ee39a904e8673a42f8ecd99ce

SHA256
f6bd9657cce6a58066d4210ebe6f2c5e5f524db31dea2533372063eb5aa8e6b9

SHA512
00054fa9f7eccbc6983102d179a92cc75d11935f4ebb4593eb449281da5e0c4afb6843306a1f07aee2063f41f7b01ba658748b59229e942bc22d40a5dcc97403

Download Submit
\Windows\system\pDLFwFY.exe

Filesize
6.0MB

MD5
dc1b06e679089e9f5d9802a2fcc50353

SHA1
5b62d6b954b82b4e99754c0575df905ac15a4678

SHA256
732e6cb53e0e742c671d749ac0e2331674e1e49e1f34ccd0d1a9ae8a7350ab6f

SHA512
4043c81a8bb31b8000b13f2d7e8249ccae739225c9c2c5d4243418dec4153c53350334e872d8a7105ec27e723fbaaae653d70d04293e2bed1e4346ee93ce2275

Download Submit
memory/1224-4161-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-2589-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1300-2218-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/1300-4160-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2108-2210-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2108-4164-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2156-4162-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-2257-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-4163-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2347-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-4165-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2392-2554-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3170-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3273-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3171-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3008-2253-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3265-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3295-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3278-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3168-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/3008-2200-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3008-0-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3008-18-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-2211-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/3008-2220-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download