cobaltstrike | c2f0334c20d7a8577ca6f85106b2b1e7d5607e85df80d7093977f72106b161d7

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02-01-2025 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e59e3c76f487324074777c099b39d564
SHA1

62ad26942e95bb3becbc1c752edb6bf24de8c9a7
SHA256

c2f0334c20d7a8577ca6f85106b2b1e7d5607e85df80d7093977f72106b161d7
SHA512

b3b0a222c3c2ef50d71acd942aff1c9f8913d5078c58346579e4b3c19ad5a4f2f88c846609916cfb4061a42c2411c71ad953d0e1ec9744e252828e568c100bc4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000122cf-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018780-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b68-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018710-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018bf3-27.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019223-39.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000019230-49.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932d-63.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019240-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-79.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-70.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3004-0-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122cf-3.dat	xmrig
behavioral1/files/0x0007000000018780-13.dat	xmrig
behavioral1/memory/2388-14-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2124-16-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/3004-7-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b68-10.dat	xmrig
behavioral1/memory/2472-21-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018710-28.dat	xmrig
behavioral1/files/0x0007000000018bf3-27.dat	xmrig
behavioral1/memory/2812-38-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2852-44-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2932-40-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019223-39.dat	xmrig
behavioral1/memory/3004-53-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2904-50-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2784-58-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/3004-57-0x0000000002260000-0x00000000025B4000-memory.dmp	xmrig
behavioral1/files/0x0009000000019230-49.dat	xmrig
behavioral1/memory/2620-65-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x000600000001932d-63.dat	xmrig
behavioral1/files/0x0008000000019240-56.dat	xmrig
behavioral1/memory/2472-67-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2812-72-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2736-73-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x000500000001961e-81.dat	xmrig
behavioral1/memory/2904-85-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/664-87-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2620-101-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3e-120.dat	xmrig
behavioral1/files/0x0005000000019f8a-144.dat	xmrig
behavioral1/memory/664-449-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/1648-315-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2736-196-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-177.dat	xmrig
behavioral1/files/0x000500000001a41b-172.dat	xmrig
behavioral1/files/0x000500000001a359-168.dat	xmrig
behavioral1/files/0x000500000001a307-164.dat	xmrig
behavioral1/files/0x000500000001a09e-160.dat	xmrig
behavioral1/files/0x000500000001a07e-156.dat	xmrig
behavioral1/files/0x000500000001a075-152.dat	xmrig
behavioral1/files/0x0005000000019f94-148.dat	xmrig
behavioral1/files/0x0005000000019dbf-140.dat	xmrig
behavioral1/files/0x0005000000019d8e-136.dat	xmrig
behavioral1/files/0x0005000000019cca-132.dat	xmrig
behavioral1/files/0x0005000000019cba-128.dat	xmrig
behavioral1/files/0x0005000000019c57-124.dat	xmrig
behavioral1/files/0x0005000000019c3c-117.dat	xmrig
behavioral1/files/0x0005000000019c34-112.dat	xmrig
behavioral1/files/0x0005000000019926-108.dat	xmrig
behavioral1/memory/3004-105-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2016-102-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x00050000000196a1-100.dat	xmrig
behavioral1/memory/3004-98-0x0000000002260000-0x00000000025B4000-memory.dmp	xmrig
behavioral1/memory/3004-97-0x0000000002260000-0x00000000025B4000-memory.dmp	xmrig
behavioral1/memory/1948-94-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2784-93-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0005000000019667-92.dat	xmrig
behavioral1/memory/1648-80-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961c-79.dat	xmrig
behavioral1/files/0x000500000001960c-70.dat	xmrig
behavioral1/memory/3004-68-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/1948-1431-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2472-3501-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2388	bvtNpvX.exe
2124	IQHIsfJ.exe
2472	aGWrQYk.exe
2812	JfbYCRK.exe
2932	CKwFQzc.exe
2852	gmaYrhZ.exe
2904	lSUqqTi.exe
2784	VNDQwIt.exe
2620	rtppmnE.exe
2736	knEzdoe.exe
1648	kvlUwOf.exe
664	vLmmbAA.exe
1948	fdgrpIz.exe
2016	CvQSPmz.exe
2512	qHKBivs.exe
1876	TyKLQiu.exe
1164	WyYdNGl.exe
836	izsJlSA.exe
2792	awMqlxe.exe
1872	rinLgck.exe
1236	HnMMqaf.exe
2712	swokhUb.exe
2220	WfjOLtC.exe
2140	jHvmDrr.exe
2024	AdVxuuV.exe
1808	DrEMNYJ.exe
2212	iFNUeMR.exe
2592	eYgwruo.exe
2156	PQqNfTv.exe
1772	ThhOxAW.exe
2312	nVwvTwV.exe
2352	ssMWVCg.exe
1144	KIoQjNb.exe
1000	PmKqBHy.exe
2012	mtdOMyl.exe
2328	VXQtXht.exe
1584	aLlSnPq.exe
608	bNamRiM.exe
584	CHUGUxX.exe
1484	JsFRuOg.exe
1928	KpFsPhH.exe
1924	OihQRBd.exe
1304	vzUYIkz.exe
916	RhZFicS.exe
1488	QrXdgsL.exe
2088	UKxJPVE.exe
268	sYezSnO.exe
2248	uHtDsBN.exe
1256	jVefkaX.exe
2296	ucRgxNK.exe
3032	MjyQIaB.exe
1912	VYcxHHx.exe
680	FMqQkFn.exe
1600	wZbFIzT.exe
996	UwrATPH.exe
2064	ZsfxwaH.exe
2964	eHOUMKx.exe
1468	WEDHvbL.exe
2524	FDdmNNx.exe
1944	zEpvnhX.exe
2980	vrnhlRN.exe
2976	OABkkLO.exe
1552	eXStxie.exe
1548	hHRBAQM.exe

Loads dropped DLL 64 IoCs

pid	Process
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3004-0-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x000b0000000122cf-3.dat	upx
behavioral1/files/0x0007000000018780-13.dat	upx
behavioral1/memory/2388-14-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2124-16-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/3004-7-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0007000000018b68-10.dat	upx
behavioral1/memory/2472-21-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0008000000018710-28.dat	upx
behavioral1/files/0x0007000000018bf3-27.dat	upx
behavioral1/memory/2812-38-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2852-44-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2932-40-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x0006000000019223-39.dat	upx
behavioral1/memory/3004-53-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2904-50-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2784-58-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0009000000019230-49.dat	upx
behavioral1/memory/2620-65-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x000600000001932d-63.dat	upx
behavioral1/files/0x0008000000019240-56.dat	upx
behavioral1/memory/2472-67-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2812-72-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2736-73-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x000500000001961e-81.dat	upx
behavioral1/memory/2904-85-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/664-87-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2620-101-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x0005000000019c3e-120.dat	upx
behavioral1/files/0x0005000000019f8a-144.dat	upx
behavioral1/memory/664-449-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/1648-315-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2736-196-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x000500000001a41d-177.dat	upx
behavioral1/files/0x000500000001a41b-172.dat	upx
behavioral1/files/0x000500000001a359-168.dat	upx
behavioral1/files/0x000500000001a307-164.dat	upx
behavioral1/files/0x000500000001a09e-160.dat	upx
behavioral1/files/0x000500000001a07e-156.dat	upx
behavioral1/files/0x000500000001a075-152.dat	upx
behavioral1/files/0x0005000000019f94-148.dat	upx
behavioral1/files/0x0005000000019dbf-140.dat	upx
behavioral1/files/0x0005000000019d8e-136.dat	upx
behavioral1/files/0x0005000000019cca-132.dat	upx
behavioral1/files/0x0005000000019cba-128.dat	upx
behavioral1/files/0x0005000000019c57-124.dat	upx
behavioral1/files/0x0005000000019c3c-117.dat	upx
behavioral1/files/0x0005000000019c34-112.dat	upx
behavioral1/files/0x0005000000019926-108.dat	upx
behavioral1/memory/2016-102-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x00050000000196a1-100.dat	upx
behavioral1/memory/1948-94-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2784-93-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0005000000019667-92.dat	upx
behavioral1/memory/1648-80-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x000500000001961c-79.dat	upx
behavioral1/files/0x000500000001960c-70.dat	upx
behavioral1/memory/1948-1431-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2472-3501-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2852-3516-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2784-3520-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2812-3517-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2016-4067-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2736-4070-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DrEMNYJ.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaxDZJe.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDkfulp.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpGtMrT.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VabuYMN.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkfBsuJ.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MAJnmWk.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvlUwOf.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHtDsBN.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXStxie.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpoJPOk.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQQeiSp.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIZGuGr.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTfuvOg.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETuosRF.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxZGjVq.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RoeMmJK.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tcjndnm.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzrVTED.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhKBxBV.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxoqknE.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\toEiWlg.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awcoJNW.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHKBivs.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUpXZij.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAVDoLo.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEbQRGb.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGTUUAR.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSFzfzh.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqRwltL.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDuiDFo.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRPeSFA.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBJuyIy.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwtxCFN.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VSQMqgA.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zEpvnhX.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CeadiBZ.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACzCFqz.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEriBwG.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOKKVRV.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Nxbmial.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHWipuo.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tKbjMZs.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTqJEZm.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrXdgsL.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUjzqIg.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DnUulWV.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkDFuhu.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdfGbQs.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICnMxih.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXDKKRQ.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpReeuA.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeEvNpO.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypCAlRh.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpFDSeH.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DihHOfk.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvQSPmz.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTioyLS.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSMfULL.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTndOly.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DldqUNl.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djvjdDE.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGxCIbq.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBtoyLO.exe	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2388	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3004 wrote to memory of 2388	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3004 wrote to memory of 2388	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3004 wrote to memory of 2124	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3004 wrote to memory of 2124	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3004 wrote to memory of 2124	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3004 wrote to memory of 2472	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3004 wrote to memory of 2472	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3004 wrote to memory of 2472	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3004 wrote to memory of 2812	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3004 wrote to memory of 2812	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3004 wrote to memory of 2812	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3004 wrote to memory of 2932	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3004 wrote to memory of 2932	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3004 wrote to memory of 2932	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3004 wrote to memory of 2852	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3004 wrote to memory of 2852	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3004 wrote to memory of 2852	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3004 wrote to memory of 2904	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3004 wrote to memory of 2904	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3004 wrote to memory of 2904	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3004 wrote to memory of 2784	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3004 wrote to memory of 2784	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3004 wrote to memory of 2784	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3004 wrote to memory of 2620	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3004 wrote to memory of 2620	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3004 wrote to memory of 2620	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3004 wrote to memory of 2736	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3004 wrote to memory of 2736	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3004 wrote to memory of 2736	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3004 wrote to memory of 1648	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3004 wrote to memory of 1648	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3004 wrote to memory of 1648	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3004 wrote to memory of 664	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3004 wrote to memory of 664	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3004 wrote to memory of 664	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3004 wrote to memory of 1948	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3004 wrote to memory of 1948	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3004 wrote to memory of 1948	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3004 wrote to memory of 2016	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3004 wrote to memory of 2016	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3004 wrote to memory of 2016	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3004 wrote to memory of 2512	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3004 wrote to memory of 2512	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3004 wrote to memory of 2512	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3004 wrote to memory of 1876	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3004 wrote to memory of 1876	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3004 wrote to memory of 1876	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3004 wrote to memory of 1164	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3004 wrote to memory of 1164	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3004 wrote to memory of 1164	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3004 wrote to memory of 836	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3004 wrote to memory of 836	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3004 wrote to memory of 836	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3004 wrote to memory of 2792	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3004 wrote to memory of 2792	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3004 wrote to memory of 2792	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3004 wrote to memory of 1872	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3004 wrote to memory of 1872	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3004 wrote to memory of 1872	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3004 wrote to memory of 1236	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3004 wrote to memory of 1236	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3004 wrote to memory of 1236	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3004 wrote to memory of 2712	3004	2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_e59e3c76f487324074777c099b39d564_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\System\bvtNpvX.exe
  C:\Windows\System\bvtNpvX.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\IQHIsfJ.exe
  C:\Windows\System\IQHIsfJ.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\aGWrQYk.exe
  C:\Windows\System\aGWrQYk.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\JfbYCRK.exe
  C:\Windows\System\JfbYCRK.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\CKwFQzc.exe
  C:\Windows\System\CKwFQzc.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\gmaYrhZ.exe
  C:\Windows\System\gmaYrhZ.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\lSUqqTi.exe
  C:\Windows\System\lSUqqTi.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\VNDQwIt.exe
  C:\Windows\System\VNDQwIt.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\rtppmnE.exe
  C:\Windows\System\rtppmnE.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\knEzdoe.exe
  C:\Windows\System\knEzdoe.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\kvlUwOf.exe
  C:\Windows\System\kvlUwOf.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\vLmmbAA.exe
  C:\Windows\System\vLmmbAA.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\fdgrpIz.exe
  C:\Windows\System\fdgrpIz.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\CvQSPmz.exe
  C:\Windows\System\CvQSPmz.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\qHKBivs.exe
  C:\Windows\System\qHKBivs.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\TyKLQiu.exe
  C:\Windows\System\TyKLQiu.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\WyYdNGl.exe
  C:\Windows\System\WyYdNGl.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\izsJlSA.exe
  C:\Windows\System\izsJlSA.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\awMqlxe.exe
  C:\Windows\System\awMqlxe.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\rinLgck.exe
  C:\Windows\System\rinLgck.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\HnMMqaf.exe
  C:\Windows\System\HnMMqaf.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\swokhUb.exe
  C:\Windows\System\swokhUb.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\WfjOLtC.exe
  C:\Windows\System\WfjOLtC.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\jHvmDrr.exe
  C:\Windows\System\jHvmDrr.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\AdVxuuV.exe
  C:\Windows\System\AdVxuuV.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\DrEMNYJ.exe
  C:\Windows\System\DrEMNYJ.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\iFNUeMR.exe
  C:\Windows\System\iFNUeMR.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\eYgwruo.exe
  C:\Windows\System\eYgwruo.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\PQqNfTv.exe
  C:\Windows\System\PQqNfTv.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\ThhOxAW.exe
  C:\Windows\System\ThhOxAW.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\nVwvTwV.exe
  C:\Windows\System\nVwvTwV.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\ssMWVCg.exe
  C:\Windows\System\ssMWVCg.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\KIoQjNb.exe
  C:\Windows\System\KIoQjNb.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\PmKqBHy.exe
  C:\Windows\System\PmKqBHy.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\mtdOMyl.exe
  C:\Windows\System\mtdOMyl.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\VXQtXht.exe
  C:\Windows\System\VXQtXht.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\aLlSnPq.exe
  C:\Windows\System\aLlSnPq.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\bNamRiM.exe
  C:\Windows\System\bNamRiM.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\CHUGUxX.exe
  C:\Windows\System\CHUGUxX.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\JsFRuOg.exe
  C:\Windows\System\JsFRuOg.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\KpFsPhH.exe
  C:\Windows\System\KpFsPhH.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\OihQRBd.exe
  C:\Windows\System\OihQRBd.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\vzUYIkz.exe
  C:\Windows\System\vzUYIkz.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\RhZFicS.exe
  C:\Windows\System\RhZFicS.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\QrXdgsL.exe
  C:\Windows\System\QrXdgsL.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\UKxJPVE.exe
  C:\Windows\System\UKxJPVE.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\sYezSnO.exe
  C:\Windows\System\sYezSnO.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\uHtDsBN.exe
  C:\Windows\System\uHtDsBN.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\jVefkaX.exe
  C:\Windows\System\jVefkaX.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\ucRgxNK.exe
  C:\Windows\System\ucRgxNK.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\MjyQIaB.exe
  C:\Windows\System\MjyQIaB.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\VYcxHHx.exe
  C:\Windows\System\VYcxHHx.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\FMqQkFn.exe
  C:\Windows\System\FMqQkFn.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\wZbFIzT.exe
  C:\Windows\System\wZbFIzT.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\UwrATPH.exe
  C:\Windows\System\UwrATPH.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\ZsfxwaH.exe
  C:\Windows\System\ZsfxwaH.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\eHOUMKx.exe
  C:\Windows\System\eHOUMKx.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\WEDHvbL.exe
  C:\Windows\System\WEDHvbL.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\FDdmNNx.exe
  C:\Windows\System\FDdmNNx.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\zEpvnhX.exe
  C:\Windows\System\zEpvnhX.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\vrnhlRN.exe
  C:\Windows\System\vrnhlRN.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\OABkkLO.exe
  C:\Windows\System\OABkkLO.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\eXStxie.exe
  C:\Windows\System\eXStxie.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\hHRBAQM.exe
  C:\Windows\System\hHRBAQM.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\ZHRrRfQ.exe
  C:\Windows\System\ZHRrRfQ.exe
  2⤵
  PID:1644
- C:\Windows\System\CeadiBZ.exe
  C:\Windows\System\CeadiBZ.exe
  2⤵
  PID:2760
- C:\Windows\System\ryKdKeh.exe
  C:\Windows\System\ryKdKeh.exe
  2⤵
  PID:3068
- C:\Windows\System\bbUPZns.exe
  C:\Windows\System\bbUPZns.exe
  2⤵
  PID:2028
- C:\Windows\System\CxCqRmD.exe
  C:\Windows\System\CxCqRmD.exe
  2⤵
  PID:2392
- C:\Windows\System\RxVorIA.exe
  C:\Windows\System\RxVorIA.exe
  2⤵
  PID:2824
- C:\Windows\System\UDamqup.exe
  C:\Windows\System\UDamqup.exe
  2⤵
  PID:2944
- C:\Windows\System\YKDMhLN.exe
  C:\Windows\System\YKDMhLN.exe
  2⤵
  PID:2776
- C:\Windows\System\hfpYiFE.exe
  C:\Windows\System\hfpYiFE.exe
  2⤵
  PID:2912
- C:\Windows\System\ebFjOlk.exe
  C:\Windows\System\ebFjOlk.exe
  2⤵
  PID:2640
- C:\Windows\System\RnDjDXq.exe
  C:\Windows\System\RnDjDXq.exe
  2⤵
  PID:2688
- C:\Windows\System\YSebStJ.exe
  C:\Windows\System\YSebStJ.exe
  2⤵
  PID:2500
- C:\Windows\System\eCjcbtz.exe
  C:\Windows\System\eCjcbtz.exe
  2⤵
  PID:2068
- C:\Windows\System\aLaiiWU.exe
  C:\Windows\System\aLaiiWU.exe
  2⤵
  PID:2684
- C:\Windows\System\rPOklec.exe
  C:\Windows\System\rPOklec.exe
  2⤵
  PID:2900
- C:\Windows\System\stuDtuC.exe
  C:\Windows\System\stuDtuC.exe
  2⤵
  PID:1224
- C:\Windows\System\groTyMM.exe
  C:\Windows\System\groTyMM.exe
  2⤵
  PID:1976
- C:\Windows\System\pLRaQHx.exe
  C:\Windows\System\pLRaQHx.exe
  2⤵
  PID:2476
- C:\Windows\System\qoIbFHW.exe
  C:\Windows\System\qoIbFHW.exe
  2⤵
  PID:2428
- C:\Windows\System\HVKEaSC.exe
  C:\Windows\System\HVKEaSC.exe
  2⤵
  PID:2208
- C:\Windows\System\EiLtHXX.exe
  C:\Windows\System\EiLtHXX.exe
  2⤵
  PID:1004
- C:\Windows\System\FADsTpU.exe
  C:\Windows\System\FADsTpU.exe
  2⤵
  PID:380
- C:\Windows\System\qaOfeWd.exe
  C:\Windows\System\qaOfeWd.exe
  2⤵
  PID:1312
- C:\Windows\System\kGtAwoI.exe
  C:\Windows\System\kGtAwoI.exe
  2⤵
  PID:1816
- C:\Windows\System\yFBeWKt.exe
  C:\Windows\System\yFBeWKt.exe
  2⤵
  PID:2804
- C:\Windows\System\oByWLwR.exe
  C:\Windows\System\oByWLwR.exe
  2⤵
  PID:684
- C:\Windows\System\WHLtbYa.exe
  C:\Windows\System\WHLtbYa.exe
  2⤵
  PID:1920
- C:\Windows\System\bBtDtGg.exe
  C:\Windows\System\bBtDtGg.exe
  2⤵
  PID:1720
- C:\Windows\System\lqAHdmI.exe
  C:\Windows\System\lqAHdmI.exe
  2⤵
  PID:980
- C:\Windows\System\rXTgPCW.exe
  C:\Windows\System\rXTgPCW.exe
  2⤵
  PID:1084
- C:\Windows\System\HeXPANY.exe
  C:\Windows\System\HeXPANY.exe
  2⤵
  PID:1660
- C:\Windows\System\mTOCVvr.exe
  C:\Windows\System\mTOCVvr.exe
  2⤵
  PID:3024
- C:\Windows\System\WpSZIyr.exe
  C:\Windows\System\WpSZIyr.exe
  2⤵
  PID:2236
- C:\Windows\System\aKrXmRx.exe
  C:\Windows\System\aKrXmRx.exe
  2⤵
  PID:564
- C:\Windows\System\xrwkIuG.exe
  C:\Windows\System\xrwkIuG.exe
  2⤵
  PID:1964
- C:\Windows\System\ETuosRF.exe
  C:\Windows\System\ETuosRF.exe
  2⤵
  PID:2992
- C:\Windows\System\SdHZxWL.exe
  C:\Windows\System\SdHZxWL.exe
  2⤵
  PID:1260
- C:\Windows\System\Nxbmial.exe
  C:\Windows\System\Nxbmial.exe
  2⤵
  PID:2400
- C:\Windows\System\sSSgcLM.exe
  C:\Windows\System\sSSgcLM.exe
  2⤵
  PID:2808
- C:\Windows\System\WLkOKfc.exe
  C:\Windows\System\WLkOKfc.exe
  2⤵
  PID:2764
- C:\Windows\System\HRUQLqD.exe
  C:\Windows\System\HRUQLqD.exe
  2⤵
  PID:2884
- C:\Windows\System\tJYejfl.exe
  C:\Windows\System\tJYejfl.exe
  2⤵
  PID:2676
- C:\Windows\System\ACzCFqz.exe
  C:\Windows\System\ACzCFqz.exe
  2⤵
  PID:2040
- C:\Windows\System\NqRwltL.exe
  C:\Windows\System\NqRwltL.exe
  2⤵
  PID:1464
- C:\Windows\System\pNIflID.exe
  C:\Windows\System\pNIflID.exe
  2⤵
  PID:1496
- C:\Windows\System\XonnzQO.exe
  C:\Windows\System\XonnzQO.exe
  2⤵
  PID:2168
- C:\Windows\System\GJzKTzK.exe
  C:\Windows\System\GJzKTzK.exe
  2⤵
  PID:2200
- C:\Windows\System\oNGJSyD.exe
  C:\Windows\System\oNGJSyD.exe
  2⤵
  PID:1276
- C:\Windows\System\qsThEJZ.exe
  C:\Windows\System\qsThEJZ.exe
  2⤵
  PID:1592
- C:\Windows\System\oxZGjVq.exe
  C:\Windows\System\oxZGjVq.exe
  2⤵
  PID:1932
- C:\Windows\System\XNFFYuI.exe
  C:\Windows\System\XNFFYuI.exe
  2⤵
  PID:1776
- C:\Windows\System\RcFSYvi.exe
  C:\Windows\System\RcFSYvi.exe
  2⤵
  PID:1612
- C:\Windows\System\evezqmD.exe
  C:\Windows\System\evezqmD.exe
  2⤵
  PID:1632
- C:\Windows\System\aujJANj.exe
  C:\Windows\System\aujJANj.exe
  2⤵
  PID:2996
- C:\Windows\System\jiFTqQa.exe
  C:\Windows\System\jiFTqQa.exe
  2⤵
  PID:1996
- C:\Windows\System\cttrgaL.exe
  C:\Windows\System\cttrgaL.exe
  2⤵
  PID:2216
- C:\Windows\System\QuOuECB.exe
  C:\Windows\System\QuOuECB.exe
  2⤵
  PID:1992
- C:\Windows\System\DidHRUh.exe
  C:\Windows\System\DidHRUh.exe
  2⤵
  PID:3084
- C:\Windows\System\NhrCqyH.exe
  C:\Windows\System\NhrCqyH.exe
  2⤵
  PID:3100
- C:\Windows\System\TjBYpAL.exe
  C:\Windows\System\TjBYpAL.exe
  2⤵
  PID:3116
- C:\Windows\System\GEvDaXp.exe
  C:\Windows\System\GEvDaXp.exe
  2⤵
  PID:3132
- C:\Windows\System\VljXKBi.exe
  C:\Windows\System\VljXKBi.exe
  2⤵
  PID:3148
- C:\Windows\System\rGHskIv.exe
  C:\Windows\System\rGHskIv.exe
  2⤵
  PID:3164
- C:\Windows\System\zmDnhHh.exe
  C:\Windows\System\zmDnhHh.exe
  2⤵
  PID:3180
- C:\Windows\System\FUpXZij.exe
  C:\Windows\System\FUpXZij.exe
  2⤵
  PID:3196
- C:\Windows\System\fzuCyNV.exe
  C:\Windows\System\fzuCyNV.exe
  2⤵
  PID:3212
- C:\Windows\System\MyHYCEC.exe
  C:\Windows\System\MyHYCEC.exe
  2⤵
  PID:3228
- C:\Windows\System\PgUsHcn.exe
  C:\Windows\System\PgUsHcn.exe
  2⤵
  PID:3244
- C:\Windows\System\KKdQQnW.exe
  C:\Windows\System\KKdQQnW.exe
  2⤵
  PID:3260
- C:\Windows\System\opjLGmc.exe
  C:\Windows\System\opjLGmc.exe
  2⤵
  PID:3276
- C:\Windows\System\ZxHNOwm.exe
  C:\Windows\System\ZxHNOwm.exe
  2⤵
  PID:3296
- C:\Windows\System\jzsqoTs.exe
  C:\Windows\System\jzsqoTs.exe
  2⤵
  PID:3312
- C:\Windows\System\VeghXOh.exe
  C:\Windows\System\VeghXOh.exe
  2⤵
  PID:3328
- C:\Windows\System\dVVzwDS.exe
  C:\Windows\System\dVVzwDS.exe
  2⤵
  PID:3344
- C:\Windows\System\CCjbcBI.exe
  C:\Windows\System\CCjbcBI.exe
  2⤵
  PID:3360
- C:\Windows\System\TaxDZJe.exe
  C:\Windows\System\TaxDZJe.exe
  2⤵
  PID:3376
- C:\Windows\System\eqrdPBO.exe
  C:\Windows\System\eqrdPBO.exe
  2⤵
  PID:3396
- C:\Windows\System\jszMdVi.exe
  C:\Windows\System\jszMdVi.exe
  2⤵
  PID:3412
- C:\Windows\System\dpFqIMe.exe
  C:\Windows\System\dpFqIMe.exe
  2⤵
  PID:3428
- C:\Windows\System\Njwzfwg.exe
  C:\Windows\System\Njwzfwg.exe
  2⤵
  PID:3444
- C:\Windows\System\MOjgcxp.exe
  C:\Windows\System\MOjgcxp.exe
  2⤵
  PID:3460
- C:\Windows\System\VaYolml.exe
  C:\Windows\System\VaYolml.exe
  2⤵
  PID:3476
- C:\Windows\System\zYGJgeN.exe
  C:\Windows\System\zYGJgeN.exe
  2⤵
  PID:3492
- C:\Windows\System\MREFpbh.exe
  C:\Windows\System\MREFpbh.exe
  2⤵
  PID:3508
- C:\Windows\System\aFHbihF.exe
  C:\Windows\System\aFHbihF.exe
  2⤵
  PID:3524
- C:\Windows\System\DaxUwZu.exe
  C:\Windows\System\DaxUwZu.exe
  2⤵
  PID:3540
- C:\Windows\System\IfwMhMB.exe
  C:\Windows\System\IfwMhMB.exe
  2⤵
  PID:3556
- C:\Windows\System\ZIdakar.exe
  C:\Windows\System\ZIdakar.exe
  2⤵
  PID:3572
- C:\Windows\System\mvNxpWp.exe
  C:\Windows\System\mvNxpWp.exe
  2⤵
  PID:3588
- C:\Windows\System\eXUsLpI.exe
  C:\Windows\System\eXUsLpI.exe
  2⤵
  PID:3604
- C:\Windows\System\DRubOuZ.exe
  C:\Windows\System\DRubOuZ.exe
  2⤵
  PID:3620
- C:\Windows\System\LXdpHhI.exe
  C:\Windows\System\LXdpHhI.exe
  2⤵
  PID:3636
- C:\Windows\System\uAquBMA.exe
  C:\Windows\System\uAquBMA.exe
  2⤵
  PID:3652
- C:\Windows\System\xyZQmkz.exe
  C:\Windows\System\xyZQmkz.exe
  2⤵
  PID:3668
- C:\Windows\System\yyqeVZE.exe
  C:\Windows\System\yyqeVZE.exe
  2⤵
  PID:3684
- C:\Windows\System\gatufKO.exe
  C:\Windows\System\gatufKO.exe
  2⤵
  PID:3700
- C:\Windows\System\XEvNOrM.exe
  C:\Windows\System\XEvNOrM.exe
  2⤵
  PID:3716
- C:\Windows\System\RZSsywU.exe
  C:\Windows\System\RZSsywU.exe
  2⤵
  PID:3732
- C:\Windows\System\sVQjHYS.exe
  C:\Windows\System\sVQjHYS.exe
  2⤵
  PID:3748
- C:\Windows\System\ZJAdgIC.exe
  C:\Windows\System\ZJAdgIC.exe
  2⤵
  PID:3764
- C:\Windows\System\OPrxFcj.exe
  C:\Windows\System\OPrxFcj.exe
  2⤵
  PID:3780
- C:\Windows\System\hayEozH.exe
  C:\Windows\System\hayEozH.exe
  2⤵
  PID:3796
- C:\Windows\System\YUGUkyJ.exe
  C:\Windows\System\YUGUkyJ.exe
  2⤵
  PID:3816
- C:\Windows\System\HtYkQOK.exe
  C:\Windows\System\HtYkQOK.exe
  2⤵
  PID:3832
- C:\Windows\System\ubjzorN.exe
  C:\Windows\System\ubjzorN.exe
  2⤵
  PID:3848
- C:\Windows\System\fwTJuiD.exe
  C:\Windows\System\fwTJuiD.exe
  2⤵
  PID:3864
- C:\Windows\System\xdPMThz.exe
  C:\Windows\System\xdPMThz.exe
  2⤵
  PID:3880
- C:\Windows\System\flrpUyd.exe
  C:\Windows\System\flrpUyd.exe
  2⤵
  PID:3896
- C:\Windows\System\LzHtsqp.exe
  C:\Windows\System\LzHtsqp.exe
  2⤵
  PID:3912
- C:\Windows\System\LUjzqIg.exe
  C:\Windows\System\LUjzqIg.exe
  2⤵
  PID:3928
- C:\Windows\System\OzUnErS.exe
  C:\Windows\System\OzUnErS.exe
  2⤵
  PID:3944
- C:\Windows\System\VzUbFFL.exe
  C:\Windows\System\VzUbFFL.exe
  2⤵
  PID:3960
- C:\Windows\System\zfIJjUI.exe
  C:\Windows\System\zfIJjUI.exe
  2⤵
  PID:3976
- C:\Windows\System\RGWlTeW.exe
  C:\Windows\System\RGWlTeW.exe
  2⤵
  PID:3992
- C:\Windows\System\COJYVsH.exe
  C:\Windows\System\COJYVsH.exe
  2⤵
  PID:4008
- C:\Windows\System\cBkNNSn.exe
  C:\Windows\System\cBkNNSn.exe
  2⤵
  PID:4028
- C:\Windows\System\jBnvixj.exe
  C:\Windows\System\jBnvixj.exe
  2⤵
  PID:4044
- C:\Windows\System\pFrAYsE.exe
  C:\Windows\System\pFrAYsE.exe
  2⤵
  PID:4060
- C:\Windows\System\AyzRBFz.exe
  C:\Windows\System\AyzRBFz.exe
  2⤵
  PID:4076
- C:\Windows\System\TBLKDzD.exe
  C:\Windows\System\TBLKDzD.exe
  2⤵
  PID:4092
- C:\Windows\System\nXaKzKu.exe
  C:\Windows\System\nXaKzKu.exe
  2⤵
  PID:2728
- C:\Windows\System\cbsIHiZ.exe
  C:\Windows\System\cbsIHiZ.exe
  2⤵
  PID:1492
- C:\Windows\System\ejOSOEs.exe
  C:\Windows\System\ejOSOEs.exe
  2⤵
  PID:2204
- C:\Windows\System\qlIzLsA.exe
  C:\Windows\System\qlIzLsA.exe
  2⤵
  PID:1188
- C:\Windows\System\eDEiWwB.exe
  C:\Windows\System\eDEiWwB.exe
  2⤵
  PID:2536
- C:\Windows\System\mHNEdjI.exe
  C:\Windows\System\mHNEdjI.exe
  2⤵
  PID:904
- C:\Windows\System\XWPibGW.exe
  C:\Windows\System\XWPibGW.exe
  2⤵
  PID:2468
- C:\Windows\System\xVrNEat.exe
  C:\Windows\System\xVrNEat.exe
  2⤵
  PID:1524
- C:\Windows\System\XgTqVBm.exe
  C:\Windows\System\XgTqVBm.exe
  2⤵
  PID:3076
- C:\Windows\System\ZUDrFnb.exe
  C:\Windows\System\ZUDrFnb.exe
  2⤵
  PID:3108
- C:\Windows\System\tBSHIRl.exe
  C:\Windows\System\tBSHIRl.exe
  2⤵
  PID:3112
- C:\Windows\System\tHDVSZb.exe
  C:\Windows\System\tHDVSZb.exe
  2⤵
  PID:3144
- C:\Windows\System\vENGtBk.exe
  C:\Windows\System\vENGtBk.exe
  2⤵
  PID:3192
- C:\Windows\System\xTEsCYF.exe
  C:\Windows\System\xTEsCYF.exe
  2⤵
  PID:3208
- C:\Windows\System\BdEuCXY.exe
  C:\Windows\System\BdEuCXY.exe
  2⤵
  PID:3256
- C:\Windows\System\ijLYShi.exe
  C:\Windows\System\ijLYShi.exe
  2⤵
  PID:3272
- C:\Windows\System\yGmZfuU.exe
  C:\Windows\System\yGmZfuU.exe
  2⤵
  PID:3304
- C:\Windows\System\zMRMRPW.exe
  C:\Windows\System\zMRMRPW.exe
  2⤵
  PID:3336
- C:\Windows\System\kQjHUBx.exe
  C:\Windows\System\kQjHUBx.exe
  2⤵
  PID:3368
- C:\Windows\System\kUTCseI.exe
  C:\Windows\System\kUTCseI.exe
  2⤵
  PID:2876
- C:\Windows\System\RdsgddE.exe
  C:\Windows\System\RdsgddE.exe
  2⤵
  PID:3424
- C:\Windows\System\nGTalEs.exe
  C:\Windows\System\nGTalEs.exe
  2⤵
  PID:3440
- C:\Windows\System\GMrWfKt.exe
  C:\Windows\System\GMrWfKt.exe
  2⤵
  PID:3500
- C:\Windows\System\fUbMcjC.exe
  C:\Windows\System\fUbMcjC.exe
  2⤵
  PID:3532
- C:\Windows\System\afRHGWj.exe
  C:\Windows\System\afRHGWj.exe
  2⤵
  PID:3564
- C:\Windows\System\ZZrTACA.exe
  C:\Windows\System\ZZrTACA.exe
  2⤵
  PID:3596
- C:\Windows\System\oXMwUan.exe
  C:\Windows\System\oXMwUan.exe
  2⤵
  PID:3644
- C:\Windows\System\wQtccsl.exe
  C:\Windows\System\wQtccsl.exe
  2⤵
  PID:3676
- C:\Windows\System\rLNBXka.exe
  C:\Windows\System\rLNBXka.exe
  2⤵
  PID:3680
- C:\Windows\System\cOmNSlJ.exe
  C:\Windows\System\cOmNSlJ.exe
  2⤵
  PID:3712
- C:\Windows\System\MWxLMxL.exe
  C:\Windows\System\MWxLMxL.exe
  2⤵
  PID:3744
- C:\Windows\System\ijaOKuO.exe
  C:\Windows\System\ijaOKuO.exe
  2⤵
  PID:3760
- C:\Windows\System\laEWFaX.exe
  C:\Windows\System\laEWFaX.exe
  2⤵
  PID:3808
- C:\Windows\System\bEvvVIi.exe
  C:\Windows\System\bEvvVIi.exe
  2⤵
  PID:3844
- C:\Windows\System\LDuiDFo.exe
  C:\Windows\System\LDuiDFo.exe
  2⤵
  PID:3860
- C:\Windows\System\lDgRxkm.exe
  C:\Windows\System\lDgRxkm.exe
  2⤵
  PID:3908
- C:\Windows\System\oKudYzb.exe
  C:\Windows\System\oKudYzb.exe
  2⤵
  PID:3940
- C:\Windows\System\RvmHkiV.exe
  C:\Windows\System\RvmHkiV.exe
  2⤵
  PID:3972
- C:\Windows\System\mDkfulp.exe
  C:\Windows\System\mDkfulp.exe
  2⤵
  PID:4004
- C:\Windows\System\WQREXPf.exe
  C:\Windows\System\WQREXPf.exe
  2⤵
  PID:4040
- C:\Windows\System\CQLboki.exe
  C:\Windows\System\CQLboki.exe
  2⤵
  PID:4072
- C:\Windows\System\pvGyYYO.exe
  C:\Windows\System\pvGyYYO.exe
  2⤵
  PID:320
- C:\Windows\System\HqlbxLx.exe
  C:\Windows\System\HqlbxLx.exe
  2⤵
  PID:2104
- C:\Windows\System\kxNsVrB.exe
  C:\Windows\System\kxNsVrB.exe
  2⤵
  PID:792
- C:\Windows\System\vUsKkPL.exe
  C:\Windows\System\vUsKkPL.exe
  2⤵
  PID:932
- C:\Windows\System\sxJgmjb.exe
  C:\Windows\System\sxJgmjb.exe
  2⤵
  PID:2816
- C:\Windows\System\rKqjMkw.exe
  C:\Windows\System\rKqjMkw.exe
  2⤵
  PID:3124
- C:\Windows\System\YDJCJbo.exe
  C:\Windows\System\YDJCJbo.exe
  2⤵
  PID:3156
- C:\Windows\System\fXdgRro.exe
  C:\Windows\System\fXdgRro.exe
  2⤵
  PID:3204
- C:\Windows\System\ZCIggGt.exe
  C:\Windows\System\ZCIggGt.exe
  2⤵
  PID:3268
- C:\Windows\System\KoYCcaS.exe
  C:\Windows\System\KoYCcaS.exe
  2⤵
  PID:3320
- C:\Windows\System\DSdmreU.exe
  C:\Windows\System\DSdmreU.exe
  2⤵
  PID:3372
- C:\Windows\System\IRbnduz.exe
  C:\Windows\System\IRbnduz.exe
  2⤵
  PID:3452
- C:\Windows\System\CJjZaWf.exe
  C:\Windows\System\CJjZaWf.exe
  2⤵
  PID:3520
- C:\Windows\System\MIPTlfr.exe
  C:\Windows\System\MIPTlfr.exe
  2⤵
  PID:3580
- C:\Windows\System\mcUjPZK.exe
  C:\Windows\System\mcUjPZK.exe
  2⤵
  PID:3632
- C:\Windows\System\GVsYHfF.exe
  C:\Windows\System\GVsYHfF.exe
  2⤵
  PID:3708
- C:\Windows\System\bycEypE.exe
  C:\Windows\System\bycEypE.exe
  2⤵
  PID:2464
- C:\Windows\System\lzzLRQp.exe
  C:\Windows\System\lzzLRQp.exe
  2⤵
  PID:2664
- C:\Windows\System\RoeMmJK.exe
  C:\Windows\System\RoeMmJK.exe
  2⤵
  PID:3876
- C:\Windows\System\pjJMQKu.exe
  C:\Windows\System\pjJMQKu.exe
  2⤵
  PID:3924
- C:\Windows\System\HtCtgGJ.exe
  C:\Windows\System\HtCtgGJ.exe
  2⤵
  PID:3956
- C:\Windows\System\DnUulWV.exe
  C:\Windows\System\DnUulWV.exe
  2⤵
  PID:4036
- C:\Windows\System\WJWdkLx.exe
  C:\Windows\System\WJWdkLx.exe
  2⤵
  PID:4088
- C:\Windows\System\EpoJPOk.exe
  C:\Windows\System\EpoJPOk.exe
  2⤵
  PID:2340
- C:\Windows\System\yUYiiut.exe
  C:\Windows\System\yUYiiut.exe
  2⤵
  PID:4024
- C:\Windows\System\moDDVkB.exe
  C:\Windows\System\moDDVkB.exe
  2⤵
  PID:3096
- C:\Windows\System\HMrRlDK.exe
  C:\Windows\System\HMrRlDK.exe
  2⤵
  PID:3224
- C:\Windows\System\hPvCrWH.exe
  C:\Windows\System\hPvCrWH.exe
  2⤵
  PID:2612
- C:\Windows\System\pyJhghO.exe
  C:\Windows\System\pyJhghO.exe
  2⤵
  PID:3340
- C:\Windows\System\QsXXqYy.exe
  C:\Windows\System\QsXXqYy.exe
  2⤵
  PID:3456
- C:\Windows\System\UvcFNIk.exe
  C:\Windows\System\UvcFNIk.exe
  2⤵
  PID:3392
- C:\Windows\System\sZpUgQH.exe
  C:\Windows\System\sZpUgQH.exe
  2⤵
  PID:4112
- C:\Windows\System\uUauyDU.exe
  C:\Windows\System\uUauyDU.exe
  2⤵
  PID:4128
- C:\Windows\System\iAVDoLo.exe
  C:\Windows\System\iAVDoLo.exe
  2⤵
  PID:4144
- C:\Windows\System\uHxXZSY.exe
  C:\Windows\System\uHxXZSY.exe
  2⤵
  PID:4160
- C:\Windows\System\jxyhplE.exe
  C:\Windows\System\jxyhplE.exe
  2⤵
  PID:4176
- C:\Windows\System\lXJkeij.exe
  C:\Windows\System\lXJkeij.exe
  2⤵
  PID:4192
- C:\Windows\System\qXbySAA.exe
  C:\Windows\System\qXbySAA.exe
  2⤵
  PID:4208
- C:\Windows\System\NbObRYn.exe
  C:\Windows\System\NbObRYn.exe
  2⤵
  PID:4224
- C:\Windows\System\zFnIorX.exe
  C:\Windows\System\zFnIorX.exe
  2⤵
  PID:4240
- C:\Windows\System\BqSOPoZ.exe
  C:\Windows\System\BqSOPoZ.exe
  2⤵
  PID:4256
- C:\Windows\System\trhwuuR.exe
  C:\Windows\System\trhwuuR.exe
  2⤵
  PID:4272
- C:\Windows\System\MfpYfaA.exe
  C:\Windows\System\MfpYfaA.exe
  2⤵
  PID:4288
- C:\Windows\System\RRXDhQm.exe
  C:\Windows\System\RRXDhQm.exe
  2⤵
  PID:4304
- C:\Windows\System\pSuesmQ.exe
  C:\Windows\System\pSuesmQ.exe
  2⤵
  PID:4320
- C:\Windows\System\OOEmKfp.exe
  C:\Windows\System\OOEmKfp.exe
  2⤵
  PID:4336
- C:\Windows\System\sZPeHUX.exe
  C:\Windows\System\sZPeHUX.exe
  2⤵
  PID:4352
- C:\Windows\System\etXGgeS.exe
  C:\Windows\System\etXGgeS.exe
  2⤵
  PID:4368
- C:\Windows\System\sbgyloK.exe
  C:\Windows\System\sbgyloK.exe
  2⤵
  PID:4384
- C:\Windows\System\iOoXDVY.exe
  C:\Windows\System\iOoXDVY.exe
  2⤵
  PID:4400
- C:\Windows\System\uTJJfxD.exe
  C:\Windows\System\uTJJfxD.exe
  2⤵
  PID:4416
- C:\Windows\System\kpzIeGL.exe
  C:\Windows\System\kpzIeGL.exe
  2⤵
  PID:4432
- C:\Windows\System\TPeGgVB.exe
  C:\Windows\System\TPeGgVB.exe
  2⤵
  PID:4448
- C:\Windows\System\SmehvGR.exe
  C:\Windows\System\SmehvGR.exe
  2⤵
  PID:4464
- C:\Windows\System\HokqGcM.exe
  C:\Windows\System\HokqGcM.exe
  2⤵
  PID:4480
- C:\Windows\System\ZTaKBdC.exe
  C:\Windows\System\ZTaKBdC.exe
  2⤵
  PID:4496
- C:\Windows\System\hBYjdBj.exe
  C:\Windows\System\hBYjdBj.exe
  2⤵
  PID:4512
- C:\Windows\System\nILdOqK.exe
  C:\Windows\System\nILdOqK.exe
  2⤵
  PID:4528
- C:\Windows\System\JticLvZ.exe
  C:\Windows\System\JticLvZ.exe
  2⤵
  PID:4544
- C:\Windows\System\mzTxQol.exe
  C:\Windows\System\mzTxQol.exe
  2⤵
  PID:4560
- C:\Windows\System\zNmhPfE.exe
  C:\Windows\System\zNmhPfE.exe
  2⤵
  PID:4576
- C:\Windows\System\FNhHHcX.exe
  C:\Windows\System\FNhHHcX.exe
  2⤵
  PID:4592
- C:\Windows\System\xSuJmBI.exe
  C:\Windows\System\xSuJmBI.exe
  2⤵
  PID:4608
- C:\Windows\System\YCCASZB.exe
  C:\Windows\System\YCCASZB.exe
  2⤵
  PID:4624
- C:\Windows\System\RdLBPKO.exe
  C:\Windows\System\RdLBPKO.exe
  2⤵
  PID:4640
- C:\Windows\System\rTTcwoj.exe
  C:\Windows\System\rTTcwoj.exe
  2⤵
  PID:4656
- C:\Windows\System\WWMOueZ.exe
  C:\Windows\System\WWMOueZ.exe
  2⤵
  PID:4672
- C:\Windows\System\TpRLIQl.exe
  C:\Windows\System\TpRLIQl.exe
  2⤵
  PID:4688
- C:\Windows\System\ENPrICQ.exe
  C:\Windows\System\ENPrICQ.exe
  2⤵
  PID:4704
- C:\Windows\System\ovpAxxI.exe
  C:\Windows\System\ovpAxxI.exe
  2⤵
  PID:4720
- C:\Windows\System\lRDtTtp.exe
  C:\Windows\System\lRDtTtp.exe
  2⤵
  PID:4736
- C:\Windows\System\isiUBUI.exe
  C:\Windows\System\isiUBUI.exe
  2⤵
  PID:4752
- C:\Windows\System\swOkgsm.exe
  C:\Windows\System\swOkgsm.exe
  2⤵
  PID:4768
- C:\Windows\System\MGnhygj.exe
  C:\Windows\System\MGnhygj.exe
  2⤵
  PID:4784
- C:\Windows\System\WcWcmds.exe
  C:\Windows\System\WcWcmds.exe
  2⤵
  PID:4804
- C:\Windows\System\OWMSELU.exe
  C:\Windows\System\OWMSELU.exe
  2⤵
  PID:4820
- C:\Windows\System\DgGPhBg.exe
  C:\Windows\System\DgGPhBg.exe
  2⤵
  PID:4836
- C:\Windows\System\IKeSmeS.exe
  C:\Windows\System\IKeSmeS.exe
  2⤵
  PID:4852
- C:\Windows\System\chAODiA.exe
  C:\Windows\System\chAODiA.exe
  2⤵
  PID:4868
- C:\Windows\System\nILlrpO.exe
  C:\Windows\System\nILlrpO.exe
  2⤵
  PID:4884
- C:\Windows\System\lSfXWGu.exe
  C:\Windows\System\lSfXWGu.exe
  2⤵
  PID:4900
- C:\Windows\System\RwRCHhK.exe
  C:\Windows\System\RwRCHhK.exe
  2⤵
  PID:4916
- C:\Windows\System\odYELPu.exe
  C:\Windows\System\odYELPu.exe
  2⤵
  PID:4932
- C:\Windows\System\OtoyAUx.exe
  C:\Windows\System\OtoyAUx.exe
  2⤵
  PID:4948
- C:\Windows\System\Lrztwrw.exe
  C:\Windows\System\Lrztwrw.exe
  2⤵
  PID:4964
- C:\Windows\System\EGEpwfU.exe
  C:\Windows\System\EGEpwfU.exe
  2⤵
  PID:4980
- C:\Windows\System\hZSKnjH.exe
  C:\Windows\System\hZSKnjH.exe
  2⤵
  PID:4996
- C:\Windows\System\UQGHTVw.exe
  C:\Windows\System\UQGHTVw.exe
  2⤵
  PID:5012
- C:\Windows\System\XdBgncM.exe
  C:\Windows\System\XdBgncM.exe
  2⤵
  PID:5028
- C:\Windows\System\DJBMZiE.exe
  C:\Windows\System\DJBMZiE.exe
  2⤵
  PID:5044
- C:\Windows\System\qkFBwye.exe
  C:\Windows\System\qkFBwye.exe
  2⤵
  PID:5060
- C:\Windows\System\FiOaHZh.exe
  C:\Windows\System\FiOaHZh.exe
  2⤵
  PID:5076
- C:\Windows\System\TwUPOiS.exe
  C:\Windows\System\TwUPOiS.exe
  2⤵
  PID:5092
- C:\Windows\System\EjZWlhb.exe
  C:\Windows\System\EjZWlhb.exe
  2⤵
  PID:5108
- C:\Windows\System\OtlZpDy.exe
  C:\Windows\System\OtlZpDy.exe
  2⤵
  PID:3788
- C:\Windows\System\mbCYtup.exe
  C:\Windows\System\mbCYtup.exe
  2⤵
  PID:3828
- C:\Windows\System\UUdEpQV.exe
  C:\Windows\System\UUdEpQV.exe
  2⤵
  PID:2584
- C:\Windows\System\craEPWZ.exe
  C:\Windows\System\craEPWZ.exe
  2⤵
  PID:1116
- C:\Windows\System\MpGtMrT.exe
  C:\Windows\System\MpGtMrT.exe
  2⤵
  PID:1968
- C:\Windows\System\witBTPw.exe
  C:\Windows\System\witBTPw.exe
  2⤵
  PID:3128
- C:\Windows\System\ywZjqou.exe
  C:\Windows\System\ywZjqou.exe
  2⤵
  PID:3388
- C:\Windows\System\SOSdbGw.exe
  C:\Windows\System\SOSdbGw.exe
  2⤵
  PID:4104
- C:\Windows\System\pSrKPZc.exe
  C:\Windows\System\pSrKPZc.exe
  2⤵
  PID:4136
- C:\Windows\System\FdIlpfA.exe
  C:\Windows\System\FdIlpfA.exe
  2⤵
  PID:4156
- C:\Windows\System\QwgUcro.exe
  C:\Windows\System\QwgUcro.exe
  2⤵
  PID:4184
- C:\Windows\System\TogqySU.exe
  C:\Windows\System\TogqySU.exe
  2⤵
  PID:4220
- C:\Windows\System\tYtoSpR.exe
  C:\Windows\System\tYtoSpR.exe
  2⤵
  PID:4264
- C:\Windows\System\JkDCHIG.exe
  C:\Windows\System\JkDCHIG.exe
  2⤵
  PID:4284
- C:\Windows\System\VsVsoRt.exe
  C:\Windows\System\VsVsoRt.exe
  2⤵
  PID:4328
- C:\Windows\System\bsEXBou.exe
  C:\Windows\System\bsEXBou.exe
  2⤵
  PID:4360
- C:\Windows\System\euokUfn.exe
  C:\Windows\System\euokUfn.exe
  2⤵
  PID:4380
- C:\Windows\System\kBzeuTy.exe
  C:\Windows\System\kBzeuTy.exe
  2⤵
  PID:4412
- C:\Windows\System\gZSrkLX.exe
  C:\Windows\System\gZSrkLX.exe
  2⤵
  PID:4456
- C:\Windows\System\zdpPcJR.exe
  C:\Windows\System\zdpPcJR.exe
  2⤵
  PID:4488
- C:\Windows\System\WJIxmZd.exe
  C:\Windows\System\WJIxmZd.exe
  2⤵
  PID:4508
- C:\Windows\System\WXfMHNr.exe
  C:\Windows\System\WXfMHNr.exe
  2⤵
  PID:4540
- C:\Windows\System\MVOhagb.exe
  C:\Windows\System\MVOhagb.exe
  2⤵
  PID:4572
- C:\Windows\System\afdNfOF.exe
  C:\Windows\System\afdNfOF.exe
  2⤵
  PID:4604
- C:\Windows\System\VabuYMN.exe
  C:\Windows\System\VabuYMN.exe
  2⤵
  PID:4636
- C:\Windows\System\QZblhIa.exe
  C:\Windows\System\QZblhIa.exe
  2⤵
  PID:2832
- C:\Windows\System\uGaDYfP.exe
  C:\Windows\System\uGaDYfP.exe
  2⤵
  PID:4696
- C:\Windows\System\IVFwoAb.exe
  C:\Windows\System\IVFwoAb.exe
  2⤵
  PID:4728
- C:\Windows\System\jhPGGOF.exe
  C:\Windows\System\jhPGGOF.exe
  2⤵
  PID:4760
- C:\Windows\System\kgdmDiD.exe
  C:\Windows\System\kgdmDiD.exe
  2⤵
  PID:4792
- C:\Windows\System\gVtxeFo.exe
  C:\Windows\System\gVtxeFo.exe
  2⤵
  PID:4828
- C:\Windows\System\apptUXT.exe
  C:\Windows\System\apptUXT.exe
  2⤵
  PID:4860
- C:\Windows\System\nodoKtI.exe
  C:\Windows\System\nodoKtI.exe
  2⤵
  PID:4892
- C:\Windows\System\AZITQhy.exe
  C:\Windows\System\AZITQhy.exe
  2⤵
  PID:4924
- C:\Windows\System\VHxgtiK.exe
  C:\Windows\System\VHxgtiK.exe
  2⤵
  PID:4956
- C:\Windows\System\CPmBhKk.exe
  C:\Windows\System\CPmBhKk.exe
  2⤵
  PID:4988
- C:\Windows\System\NRrLbsu.exe
  C:\Windows\System\NRrLbsu.exe
  2⤵
  PID:5020
- C:\Windows\System\QOExHCC.exe
  C:\Windows\System\QOExHCC.exe
  2⤵
  PID:5052
- C:\Windows\System\PzVxCux.exe
  C:\Windows\System\PzVxCux.exe
  2⤵
  PID:5084
- C:\Windows\System\OJwINGM.exe
  C:\Windows\System\OJwINGM.exe
  2⤵
  PID:5116
- C:\Windows\System\vbWVkJV.exe
  C:\Windows\System\vbWVkJV.exe
  2⤵
  PID:3892
- C:\Windows\System\vXGiijC.exe
  C:\Windows\System\vXGiijC.exe
  2⤵
  PID:2260
- C:\Windows\System\ylNZhgb.exe
  C:\Windows\System\ylNZhgb.exe
  2⤵
  PID:3176
- C:\Windows\System\GTmJjks.exe
  C:\Windows\System\GTmJjks.exe
  2⤵
  PID:3664
- C:\Windows\System\iwyCGZx.exe
  C:\Windows\System\iwyCGZx.exe
  2⤵
  PID:4168
- C:\Windows\System\sCOqpyc.exe
  C:\Windows\System\sCOqpyc.exe
  2⤵
  PID:4236
- C:\Windows\System\ilsqdOl.exe
  C:\Windows\System\ilsqdOl.exe
  2⤵
  PID:4300
- C:\Windows\System\eJUDPpW.exe
  C:\Windows\System\eJUDPpW.exe
  2⤵
  PID:4364
- C:\Windows\System\VVWjdSi.exe
  C:\Windows\System\VVWjdSi.exe
  2⤵
  PID:4428
- C:\Windows\System\aZBNELJ.exe
  C:\Windows\System\aZBNELJ.exe
  2⤵
  PID:4492
- C:\Windows\System\veEUokz.exe
  C:\Windows\System\veEUokz.exe
  2⤵
  PID:4556
- C:\Windows\System\YYwiuQi.exe
  C:\Windows\System\YYwiuQi.exe
  2⤵
  PID:4620
- C:\Windows\System\djUAECg.exe
  C:\Windows\System\djUAECg.exe
  2⤵
  PID:4668
- C:\Windows\System\knEsSEq.exe
  C:\Windows\System\knEsSEq.exe
  2⤵
  PID:4732
- C:\Windows\System\NCcPowU.exe
  C:\Windows\System\NCcPowU.exe
  2⤵
  PID:4812
- C:\Windows\System\MyWCXLk.exe
  C:\Windows\System\MyWCXLk.exe
  2⤵
  PID:5128
- C:\Windows\System\RMIScdP.exe
  C:\Windows\System\RMIScdP.exe
  2⤵
  PID:5144
- C:\Windows\System\CpTbbjU.exe
  C:\Windows\System\CpTbbjU.exe
  2⤵
  PID:5160
- C:\Windows\System\BeTCmPy.exe
  C:\Windows\System\BeTCmPy.exe
  2⤵
  PID:5176
- C:\Windows\System\Hiwqndn.exe
  C:\Windows\System\Hiwqndn.exe
  2⤵
  PID:5192
- C:\Windows\System\LqOUSMK.exe
  C:\Windows\System\LqOUSMK.exe
  2⤵
  PID:5208
- C:\Windows\System\tcjndnm.exe
  C:\Windows\System\tcjndnm.exe
  2⤵
  PID:5224
- C:\Windows\System\WTXhRLb.exe
  C:\Windows\System\WTXhRLb.exe
  2⤵
  PID:5240
- C:\Windows\System\eUrgEOl.exe
  C:\Windows\System\eUrgEOl.exe
  2⤵
  PID:5256
- C:\Windows\System\BbstykQ.exe
  C:\Windows\System\BbstykQ.exe
  2⤵
  PID:5276
- C:\Windows\System\zjiWRQQ.exe
  C:\Windows\System\zjiWRQQ.exe
  2⤵
  PID:5292
- C:\Windows\System\qbicOmA.exe
  C:\Windows\System\qbicOmA.exe
  2⤵
  PID:5308
- C:\Windows\System\BlbZLwu.exe
  C:\Windows\System\BlbZLwu.exe
  2⤵
  PID:5324
- C:\Windows\System\VhHNrPC.exe
  C:\Windows\System\VhHNrPC.exe
  2⤵
  PID:5340
- C:\Windows\System\siQVKqX.exe
  C:\Windows\System\siQVKqX.exe
  2⤵
  PID:5356
- C:\Windows\System\afzoKVq.exe
  C:\Windows\System\afzoKVq.exe
  2⤵
  PID:5372
- C:\Windows\System\EHLqTDJ.exe
  C:\Windows\System\EHLqTDJ.exe
  2⤵
  PID:5388
- C:\Windows\System\MClWuov.exe
  C:\Windows\System\MClWuov.exe
  2⤵
  PID:5404
- C:\Windows\System\xPDFyiu.exe
  C:\Windows\System\xPDFyiu.exe
  2⤵
  PID:5420
- C:\Windows\System\fxUXjbC.exe
  C:\Windows\System\fxUXjbC.exe
  2⤵
  PID:5436
- C:\Windows\System\EGokrin.exe
  C:\Windows\System\EGokrin.exe
  2⤵
  PID:5452
- C:\Windows\System\xrNeqMv.exe
  C:\Windows\System\xrNeqMv.exe
  2⤵
  PID:5468
- C:\Windows\System\RWEuDRO.exe
  C:\Windows\System\RWEuDRO.exe
  2⤵
  PID:5484
- C:\Windows\System\nPmRQyI.exe
  C:\Windows\System\nPmRQyI.exe
  2⤵
  PID:5500
- C:\Windows\System\eZEYAdZ.exe
  C:\Windows\System\eZEYAdZ.exe
  2⤵
  PID:5516
- C:\Windows\System\PrqHXny.exe
  C:\Windows\System\PrqHXny.exe
  2⤵
  PID:5532
- C:\Windows\System\kLbacOr.exe
  C:\Windows\System\kLbacOr.exe
  2⤵
  PID:5548
- C:\Windows\System\UmxPGow.exe
  C:\Windows\System\UmxPGow.exe
  2⤵
  PID:5564
- C:\Windows\System\ITzILaQ.exe
  C:\Windows\System\ITzILaQ.exe
  2⤵
  PID:5580
- C:\Windows\System\EcycZNt.exe
  C:\Windows\System\EcycZNt.exe
  2⤵
  PID:5596
- C:\Windows\System\QkDFuhu.exe
  C:\Windows\System\QkDFuhu.exe
  2⤵
  PID:5612
- C:\Windows\System\nCAXYHR.exe
  C:\Windows\System\nCAXYHR.exe
  2⤵
  PID:5628
- C:\Windows\System\RrgIWia.exe
  C:\Windows\System\RrgIWia.exe
  2⤵
  PID:5644
- C:\Windows\System\mnbTgBZ.exe
  C:\Windows\System\mnbTgBZ.exe
  2⤵
  PID:5660
- C:\Windows\System\RdkfRaD.exe
  C:\Windows\System\RdkfRaD.exe
  2⤵
  PID:5676
- C:\Windows\System\YGtAgfz.exe
  C:\Windows\System\YGtAgfz.exe
  2⤵
  PID:5692
- C:\Windows\System\JpQFzwj.exe
  C:\Windows\System\JpQFzwj.exe
  2⤵
  PID:5708
- C:\Windows\System\vGQiUIm.exe
  C:\Windows\System\vGQiUIm.exe
  2⤵
  PID:5724
- C:\Windows\System\OQYPsCb.exe
  C:\Windows\System\OQYPsCb.exe
  2⤵
  PID:5740
- C:\Windows\System\ynjgdha.exe
  C:\Windows\System\ynjgdha.exe
  2⤵
  PID:5756
- C:\Windows\System\ZnwGFCH.exe
  C:\Windows\System\ZnwGFCH.exe
  2⤵
  PID:5772
- C:\Windows\System\StULJPW.exe
  C:\Windows\System\StULJPW.exe
  2⤵
  PID:5788
- C:\Windows\System\BGSpSAv.exe
  C:\Windows\System\BGSpSAv.exe
  2⤵
  PID:5804
- C:\Windows\System\VdIctYK.exe
  C:\Windows\System\VdIctYK.exe
  2⤵
  PID:5820
- C:\Windows\System\dXyixiU.exe
  C:\Windows\System\dXyixiU.exe
  2⤵
  PID:5836
- C:\Windows\System\DJZvkqM.exe
  C:\Windows\System\DJZvkqM.exe
  2⤵
  PID:5852
- C:\Windows\System\tSMAwuj.exe
  C:\Windows\System\tSMAwuj.exe
  2⤵
  PID:5868
- C:\Windows\System\fjlWQJA.exe
  C:\Windows\System\fjlWQJA.exe
  2⤵
  PID:5884
- C:\Windows\System\rNZTWna.exe
  C:\Windows\System\rNZTWna.exe
  2⤵
  PID:5900
- C:\Windows\System\sojFunk.exe
  C:\Windows\System\sojFunk.exe
  2⤵
  PID:5920
- C:\Windows\System\OfNcTng.exe
  C:\Windows\System\OfNcTng.exe
  2⤵
  PID:5936
- C:\Windows\System\NSJCdxW.exe
  C:\Windows\System\NSJCdxW.exe
  2⤵
  PID:5952
- C:\Windows\System\vkXaOxM.exe
  C:\Windows\System\vkXaOxM.exe
  2⤵
  PID:5968
- C:\Windows\System\FFxOBoU.exe
  C:\Windows\System\FFxOBoU.exe
  2⤵
  PID:5984
- C:\Windows\System\KHWipuo.exe
  C:\Windows\System\KHWipuo.exe
  2⤵
  PID:6000
- C:\Windows\System\PPBhpoo.exe
  C:\Windows\System\PPBhpoo.exe
  2⤵
  PID:6016
- C:\Windows\System\fiQqowj.exe
  C:\Windows\System\fiQqowj.exe
  2⤵
  PID:6036
- C:\Windows\System\rSpAhzj.exe
  C:\Windows\System\rSpAhzj.exe
  2⤵
  PID:6052
- C:\Windows\System\fDuMoZp.exe
  C:\Windows\System\fDuMoZp.exe
  2⤵
  PID:6068
- C:\Windows\System\xRRxJIn.exe
  C:\Windows\System\xRRxJIn.exe
  2⤵
  PID:6084
- C:\Windows\System\oAdXQAR.exe
  C:\Windows\System\oAdXQAR.exe
  2⤵
  PID:6100
- C:\Windows\System\obYuRTy.exe
  C:\Windows\System\obYuRTy.exe
  2⤵
  PID:6116
- C:\Windows\System\qglLPpO.exe
  C:\Windows\System\qglLPpO.exe
  2⤵
  PID:6132
- C:\Windows\System\drJEcRe.exe
  C:\Windows\System\drJEcRe.exe
  2⤵
  PID:4848
- C:\Windows\System\JxZPrfd.exe
  C:\Windows\System\JxZPrfd.exe
  2⤵
  PID:4908
- C:\Windows\System\oTbwrJL.exe
  C:\Windows\System\oTbwrJL.exe
  2⤵
  PID:4944
- C:\Windows\System\qULWrCy.exe
  C:\Windows\System\qULWrCy.exe
  2⤵
  PID:5008
- C:\Windows\System\fWCiwAf.exe
  C:\Windows\System\fWCiwAf.exe
  2⤵
  PID:5088
- C:\Windows\System\oyLdoON.exe
  C:\Windows\System\oyLdoON.exe
  2⤵
  PID:3756
- C:\Windows\System\iqxuIGs.exe
  C:\Windows\System\iqxuIGs.exe
  2⤵
  PID:2880
- C:\Windows\System\tbsdRZW.exe
  C:\Windows\System\tbsdRZW.exe
  2⤵
  PID:4140
- C:\Windows\System\szJVYnB.exe
  C:\Windows\System\szJVYnB.exe
  2⤵
  PID:4268
- C:\Windows\System\SqzEPiI.exe
  C:\Windows\System\SqzEPiI.exe
  2⤵
  PID:4376
- C:\Windows\System\AURPWyM.exe
  C:\Windows\System\AURPWyM.exe
  2⤵
  PID:4472
- C:\Windows\System\SxJUtmI.exe
  C:\Windows\System\SxJUtmI.exe
  2⤵
  PID:4600
- C:\Windows\System\QLEcVaD.exe
  C:\Windows\System\QLEcVaD.exe
  2⤵
  PID:4716
- C:\Windows\System\zHWPCCC.exe
  C:\Windows\System\zHWPCCC.exe
  2⤵
  PID:5124
- C:\Windows\System\HmmMrSr.exe
  C:\Windows\System\HmmMrSr.exe
  2⤵
  PID:2496
- C:\Windows\System\lGxCIbq.exe
  C:\Windows\System\lGxCIbq.exe
  2⤵
  PID:5172
- C:\Windows\System\jgJfnlU.exe
  C:\Windows\System\jgJfnlU.exe
  2⤵
  PID:5204
- C:\Windows\System\cWgSYHs.exe
  C:\Windows\System\cWgSYHs.exe
  2⤵
  PID:5248
- C:\Windows\System\YRUTsAW.exe
  C:\Windows\System\YRUTsAW.exe
  2⤵
  PID:5268
- C:\Windows\System\fGiHjBF.exe
  C:\Windows\System\fGiHjBF.exe
  2⤵
  PID:5304
- C:\Windows\System\ySdGAuH.exe
  C:\Windows\System\ySdGAuH.exe
  2⤵
  PID:5336
- C:\Windows\System\mDGbwVU.exe
  C:\Windows\System\mDGbwVU.exe
  2⤵
  PID:5364
- C:\Windows\System\SXQQVXS.exe
  C:\Windows\System\SXQQVXS.exe
  2⤵
  PID:5396
- C:\Windows\System\xEZresx.exe
  C:\Windows\System\xEZresx.exe
  2⤵
  PID:5428
- C:\Windows\System\vkLxcQL.exe
  C:\Windows\System\vkLxcQL.exe
  2⤵
  PID:5460
- C:\Windows\System\oHubsxk.exe
  C:\Windows\System\oHubsxk.exe
  2⤵
  PID:5492
- C:\Windows\System\lHpastk.exe
  C:\Windows\System\lHpastk.exe
  2⤵
  PID:5524
- C:\Windows\System\TqeUHCh.exe
  C:\Windows\System\TqeUHCh.exe
  2⤵
  PID:5556
- C:\Windows\System\krtZdnj.exe
  C:\Windows\System\krtZdnj.exe
  2⤵
  PID:5588
- C:\Windows\System\aBKdwiH.exe
  C:\Windows\System\aBKdwiH.exe
  2⤵
  PID:5620
- C:\Windows\System\sBvhgIm.exe
  C:\Windows\System\sBvhgIm.exe
  2⤵
  PID:5652
- C:\Windows\System\aFRqYzc.exe
  C:\Windows\System\aFRqYzc.exe
  2⤵
  PID:5684
- C:\Windows\System\MsSvTuJ.exe
  C:\Windows\System\MsSvTuJ.exe
  2⤵
  PID:5716
- C:\Windows\System\dItSGhz.exe
  C:\Windows\System\dItSGhz.exe
  2⤵
  PID:5748
- C:\Windows\System\oYwFOvR.exe
  C:\Windows\System\oYwFOvR.exe
  2⤵
  PID:5780
- C:\Windows\System\gLrDtxZ.exe
  C:\Windows\System\gLrDtxZ.exe
  2⤵
  PID:5812
- C:\Windows\System\OmQWvxO.exe
  C:\Windows\System\OmQWvxO.exe
  2⤵
  PID:5860
- C:\Windows\System\BxtedeL.exe
  C:\Windows\System\BxtedeL.exe
  2⤵
  PID:5876
- C:\Windows\System\hIzpnSo.exe
  C:\Windows\System\hIzpnSo.exe
  2⤵
  PID:5896
- C:\Windows\System\cMMNbof.exe
  C:\Windows\System\cMMNbof.exe
  2⤵
  PID:5928
- C:\Windows\System\LzApwZN.exe
  C:\Windows\System\LzApwZN.exe
  2⤵
  PID:5960
- C:\Windows\System\qSaOPgt.exe
  C:\Windows\System\qSaOPgt.exe
  2⤵
  PID:5992
- C:\Windows\System\ZGxGyaU.exe
  C:\Windows\System\ZGxGyaU.exe
  2⤵
  PID:6032
- C:\Windows\System\VhmChka.exe
  C:\Windows\System\VhmChka.exe
  2⤵
  PID:1448
- C:\Windows\System\dSFcnzo.exe
  C:\Windows\System\dSFcnzo.exe
  2⤵
  PID:6092
- C:\Windows\System\RvQpGUs.exe
  C:\Windows\System\RvQpGUs.exe
  2⤵
  PID:6112
- C:\Windows\System\zQKhejj.exe
  C:\Windows\System\zQKhejj.exe
  2⤵
  PID:4876
- C:\Windows\System\KuNbjEP.exe
  C:\Windows\System\KuNbjEP.exe
  2⤵
  PID:5004
- C:\Windows\System\WAxJeDU.exe
  C:\Windows\System\WAxJeDU.exe
  2⤵
  PID:5104
- C:\Windows\System\CKpMioV.exe
  C:\Windows\System\CKpMioV.exe
  2⤵
  PID:1908
- C:\Windows\System\OsYqHSi.exe
  C:\Windows\System\OsYqHSi.exe
  2⤵
  PID:4216
- C:\Windows\System\gqDrpmk.exe
  C:\Windows\System\gqDrpmk.exe
  2⤵
  PID:4408
- C:\Windows\System\wjikwQE.exe
  C:\Windows\System\wjikwQE.exe
  2⤵
  PID:4816
- C:\Windows\System\hBVPLEX.exe
  C:\Windows\System\hBVPLEX.exe
  2⤵
  PID:5152
- C:\Windows\System\GoQYZvj.exe
  C:\Windows\System\GoQYZvj.exe
  2⤵
  PID:5168
- C:\Windows\System\oLSzGgO.exe
  C:\Windows\System\oLSzGgO.exe
  2⤵
  PID:2044
- C:\Windows\System\GTFKxlw.exe
  C:\Windows\System\GTFKxlw.exe
  2⤵
  PID:2648
- C:\Windows\System\RNRliyV.exe
  C:\Windows\System\RNRliyV.exe
  2⤵
  PID:5264
- C:\Windows\System\FKFiIBS.exe
  C:\Windows\System\FKFiIBS.exe
  2⤵
  PID:5332
- C:\Windows\System\bHHNEeh.exe
  C:\Windows\System\bHHNEeh.exe
  2⤵
  PID:5368
- C:\Windows\System\nwYKbRW.exe
  C:\Windows\System\nwYKbRW.exe
  2⤵
  PID:5444
- C:\Windows\System\PITpFnP.exe
  C:\Windows\System\PITpFnP.exe
  2⤵
  PID:5496
- C:\Windows\System\pRnbuVd.exe
  C:\Windows\System\pRnbuVd.exe
  2⤵
  PID:5572
- C:\Windows\System\ANDKVcC.exe
  C:\Windows\System\ANDKVcC.exe
  2⤵
  PID:5636
- C:\Windows\System\HiYEUhY.exe
  C:\Windows\System\HiYEUhY.exe
  2⤵
  PID:5688
- C:\Windows\System\RoKCnmU.exe
  C:\Windows\System\RoKCnmU.exe
  2⤵
  PID:5764
- C:\Windows\System\YOXGoXm.exe
  C:\Windows\System\YOXGoXm.exe
  2⤵
  PID:5768
- C:\Windows\System\MRCDHPZ.exe
  C:\Windows\System\MRCDHPZ.exe
  2⤵
  PID:5848
- C:\Windows\System\pJjGUSP.exe
  C:\Windows\System\pJjGUSP.exe
  2⤵
  PID:5880
- C:\Windows\System\JWpUKFS.exe
  C:\Windows\System\JWpUKFS.exe
  2⤵
  PID:5948
- C:\Windows\System\MQRefDz.exe
  C:\Windows\System\MQRefDz.exe
  2⤵
  PID:6008
- C:\Windows\System\dlrTTyx.exe
  C:\Windows\System\dlrTTyx.exe
  2⤵
  PID:6064
- C:\Windows\System\MleQDfo.exe
  C:\Windows\System\MleQDfo.exe
  2⤵
  PID:6128
- C:\Windows\System\sHHTzGM.exe
  C:\Windows\System\sHHTzGM.exe
  2⤵
  PID:4960
- C:\Windows\System\vQepYyM.exe
  C:\Windows\System\vQepYyM.exe
  2⤵
  PID:4056
- C:\Windows\System\LtzQyPp.exe
  C:\Windows\System\LtzQyPp.exe
  2⤵
  PID:4536
- C:\Windows\System\rWrlSMp.exe
  C:\Windows\System\rWrlSMp.exe
  2⤵
  PID:5916
- C:\Windows\System\kgSKCXd.exe
  C:\Windows\System\kgSKCXd.exe
  2⤵
  PID:5220
- C:\Windows\System\QNJtGtk.exe
  C:\Windows\System\QNJtGtk.exe
  2⤵
  PID:5288
- C:\Windows\System\WWabkFD.exe
  C:\Windows\System\WWabkFD.exe
  2⤵
  PID:4152
- C:\Windows\System\DmGejme.exe
  C:\Windows\System\DmGejme.exe
  2⤵
  PID:5480
- C:\Windows\System\aCYRNkn.exe
  C:\Windows\System\aCYRNkn.exe
  2⤵
  PID:5608
- C:\Windows\System\zrcUMCU.exe
  C:\Windows\System\zrcUMCU.exe
  2⤵
  PID:5736
- C:\Windows\System\cXwcwMR.exe
  C:\Windows\System\cXwcwMR.exe
  2⤵
  PID:5832
- C:\Windows\System\FSyOoqP.exe
  C:\Windows\System\FSyOoqP.exe
  2⤵
  PID:6160
- C:\Windows\System\QwcuSst.exe
  C:\Windows\System\QwcuSst.exe
  2⤵
  PID:6176
- C:\Windows\System\yxZQlyO.exe
  C:\Windows\System\yxZQlyO.exe
  2⤵
  PID:6192
- C:\Windows\System\BulYidH.exe
  C:\Windows\System\BulYidH.exe
  2⤵
  PID:6208
- C:\Windows\System\xveUEZY.exe
  C:\Windows\System\xveUEZY.exe
  2⤵
  PID:6224
- C:\Windows\System\LissLZZ.exe
  C:\Windows\System\LissLZZ.exe
  2⤵
  PID:6240
- C:\Windows\System\vaeygsh.exe
  C:\Windows\System\vaeygsh.exe
  2⤵
  PID:6256
- C:\Windows\System\jncEFNd.exe
  C:\Windows\System\jncEFNd.exe
  2⤵
  PID:6276
- C:\Windows\System\VsaWrTa.exe
  C:\Windows\System\VsaWrTa.exe
  2⤵
  PID:6292
- C:\Windows\System\AWSfjHd.exe
  C:\Windows\System\AWSfjHd.exe
  2⤵
  PID:6308
- C:\Windows\System\HDcVMoQ.exe
  C:\Windows\System\HDcVMoQ.exe
  2⤵
  PID:6324
- C:\Windows\System\kqczXfB.exe
  C:\Windows\System\kqczXfB.exe
  2⤵
  PID:6340
- C:\Windows\System\DDPSFIK.exe
  C:\Windows\System\DDPSFIK.exe
  2⤵
  PID:6356
- C:\Windows\System\wuaCeRC.exe
  C:\Windows\System\wuaCeRC.exe
  2⤵
  PID:6372
- C:\Windows\System\RIGjiYv.exe
  C:\Windows\System\RIGjiYv.exe
  2⤵
  PID:6388
- C:\Windows\System\BeKihOU.exe
  C:\Windows\System\BeKihOU.exe
  2⤵
  PID:6404
- C:\Windows\System\cdagHsj.exe
  C:\Windows\System\cdagHsj.exe
  2⤵
  PID:6420
- C:\Windows\System\yNXDVBR.exe
  C:\Windows\System\yNXDVBR.exe
  2⤵
  PID:6436
- C:\Windows\System\Wlafxzw.exe
  C:\Windows\System\Wlafxzw.exe
  2⤵
  PID:6452
- C:\Windows\System\qcNfMzi.exe
  C:\Windows\System\qcNfMzi.exe
  2⤵
  PID:6468
- C:\Windows\System\CAJNXtQ.exe
  C:\Windows\System\CAJNXtQ.exe
  2⤵
  PID:6484
- C:\Windows\System\NbDoIKw.exe
  C:\Windows\System\NbDoIKw.exe
  2⤵
  PID:6500
- C:\Windows\System\IDPKtfe.exe
  C:\Windows\System\IDPKtfe.exe
  2⤵
  PID:6516
- C:\Windows\System\DVGtTXt.exe
  C:\Windows\System\DVGtTXt.exe
  2⤵
  PID:6532
- C:\Windows\System\tyCysrJ.exe
  C:\Windows\System\tyCysrJ.exe
  2⤵
  PID:6552
- C:\Windows\System\tTioyLS.exe
  C:\Windows\System\tTioyLS.exe
  2⤵
  PID:6568
- C:\Windows\System\dzrVTED.exe
  C:\Windows\System\dzrVTED.exe
  2⤵
  PID:6584
- C:\Windows\System\ztjfMnK.exe
  C:\Windows\System\ztjfMnK.exe
  2⤵
  PID:6600
- C:\Windows\System\rDvSJtW.exe
  C:\Windows\System\rDvSJtW.exe
  2⤵
  PID:6616
- C:\Windows\System\QFxkHUe.exe
  C:\Windows\System\QFxkHUe.exe
  2⤵
  PID:6632
- C:\Windows\System\ItDomuL.exe
  C:\Windows\System\ItDomuL.exe
  2⤵
  PID:6648
- C:\Windows\System\bJcmeMs.exe
  C:\Windows\System\bJcmeMs.exe
  2⤵
  PID:6664
- C:\Windows\System\jYNKIFi.exe
  C:\Windows\System\jYNKIFi.exe
  2⤵
  PID:6680
- C:\Windows\System\PCMFnlh.exe
  C:\Windows\System\PCMFnlh.exe
  2⤵
  PID:6696
- C:\Windows\System\RlpaVFk.exe
  C:\Windows\System\RlpaVFk.exe
  2⤵
  PID:6712
- C:\Windows\System\PGcFekU.exe
  C:\Windows\System\PGcFekU.exe
  2⤵
  PID:6728
- C:\Windows\System\cQQeiSp.exe
  C:\Windows\System\cQQeiSp.exe
  2⤵
  PID:6744
- C:\Windows\System\aCoeTgs.exe
  C:\Windows\System\aCoeTgs.exe
  2⤵
  PID:6760
- C:\Windows\System\jBSUodZ.exe
  C:\Windows\System\jBSUodZ.exe
  2⤵
  PID:6776
- C:\Windows\System\YRKVpDD.exe
  C:\Windows\System\YRKVpDD.exe
  2⤵
  PID:6792
- C:\Windows\System\xXnNEcI.exe
  C:\Windows\System\xXnNEcI.exe
  2⤵
  PID:6808
- C:\Windows\System\fXBDjmJ.exe
  C:\Windows\System\fXBDjmJ.exe
  2⤵
  PID:6824
- C:\Windows\System\VUJWYmm.exe
  C:\Windows\System\VUJWYmm.exe
  2⤵
  PID:6840
- C:\Windows\System\KRPeSFA.exe
  C:\Windows\System\KRPeSFA.exe
  2⤵
  PID:6856
- C:\Windows\System\MriuZRT.exe
  C:\Windows\System\MriuZRT.exe
  2⤵
  PID:6872
- C:\Windows\System\zyKvapH.exe
  C:\Windows\System\zyKvapH.exe
  2⤵
  PID:6888
- C:\Windows\System\UYPdAOQ.exe
  C:\Windows\System\UYPdAOQ.exe
  2⤵
  PID:6904
- C:\Windows\System\orcPbBg.exe
  C:\Windows\System\orcPbBg.exe
  2⤵
  PID:6920
- C:\Windows\System\PBdyaCC.exe
  C:\Windows\System\PBdyaCC.exe
  2⤵
  PID:6936
- C:\Windows\System\SxbgbVe.exe
  C:\Windows\System\SxbgbVe.exe
  2⤵
  PID:6952
- C:\Windows\System\DHztqhL.exe
  C:\Windows\System\DHztqhL.exe
  2⤵
  PID:6968
- C:\Windows\System\mWTuXcs.exe
  C:\Windows\System\mWTuXcs.exe
  2⤵
  PID:6984
- C:\Windows\System\uFGhffh.exe
  C:\Windows\System\uFGhffh.exe
  2⤵
  PID:7000
- C:\Windows\System\MBeVqqZ.exe
  C:\Windows\System\MBeVqqZ.exe
  2⤵
  PID:7016
- C:\Windows\System\ihUHEMa.exe
  C:\Windows\System\ihUHEMa.exe
  2⤵
  PID:7032
- C:\Windows\System\CSYDWvT.exe
  C:\Windows\System\CSYDWvT.exe
  2⤵
  PID:7048
- C:\Windows\System\NEriBwG.exe
  C:\Windows\System\NEriBwG.exe
  2⤵
  PID:7064
- C:\Windows\System\iSTBRZf.exe
  C:\Windows\System\iSTBRZf.exe
  2⤵
  PID:7080
- C:\Windows\System\zKLlyUT.exe
  C:\Windows\System\zKLlyUT.exe
  2⤵
  PID:7096
- C:\Windows\System\DZJlidn.exe
  C:\Windows\System\DZJlidn.exe
  2⤵
  PID:7116
- C:\Windows\System\FxfXoWG.exe
  C:\Windows\System\FxfXoWG.exe
  2⤵
  PID:7132
- C:\Windows\System\eEbSdUo.exe
  C:\Windows\System\eEbSdUo.exe
  2⤵
  PID:7148
- C:\Windows\System\bpReeuA.exe
  C:\Windows\System\bpReeuA.exe
  2⤵
  PID:7164
- C:\Windows\System\jBtoyLO.exe
  C:\Windows\System\jBtoyLO.exe
  2⤵
  PID:5944
- C:\Windows\System\sXRHRzW.exe
  C:\Windows\System\sXRHRzW.exe
  2⤵
  PID:6060
- C:\Windows\System\qwjWOix.exe
  C:\Windows\System\qwjWOix.exe
  2⤵
  PID:2644
- C:\Windows\System\cAmWtQP.exe
  C:\Windows\System\cAmWtQP.exe
  2⤵
  PID:4440
- C:\Windows\System\lIdqJwI.exe
  C:\Windows\System\lIdqJwI.exe
  2⤵
  PID:3020
- C:\Windows\System\uXxVFZV.exe
  C:\Windows\System\uXxVFZV.exe
  2⤵
  PID:1972
- C:\Windows\System\REENnlK.exe
  C:\Windows\System\REENnlK.exe
  2⤵
  PID:5464
- C:\Windows\System\FeEvNpO.exe
  C:\Windows\System\FeEvNpO.exe
  2⤵
  PID:5796
- C:\Windows\System\qJZokvx.exe
  C:\Windows\System\qJZokvx.exe
  2⤵
  PID:6168
- C:\Windows\System\RRExfZU.exe
  C:\Windows\System\RRExfZU.exe
  2⤵
  PID:6188
- C:\Windows\System\VXgZwVK.exe
  C:\Windows\System\VXgZwVK.exe
  2⤵
  PID:6220
- C:\Windows\System\frzgnOT.exe
  C:\Windows\System\frzgnOT.exe
  2⤵
  PID:6264
- C:\Windows\System\CGAKZUR.exe
  C:\Windows\System\CGAKZUR.exe
  2⤵
  PID:6288
- C:\Windows\System\JwrsYeQ.exe
  C:\Windows\System\JwrsYeQ.exe
  2⤵
  PID:6332
- C:\Windows\System\ZjOFxPu.exe
  C:\Windows\System\ZjOFxPu.exe
  2⤵
  PID:6352
- C:\Windows\System\vcuetGB.exe
  C:\Windows\System\vcuetGB.exe
  2⤵
  PID:6396
- C:\Windows\System\gLQTpYN.exe
  C:\Windows\System\gLQTpYN.exe
  2⤵
  PID:6428
- C:\Windows\System\qkMLGNc.exe
  C:\Windows\System\qkMLGNc.exe
  2⤵
  PID:6448
- C:\Windows\System\zIZGuGr.exe
  C:\Windows\System\zIZGuGr.exe
  2⤵
  PID:6480
- C:\Windows\System\krPncoc.exe
  C:\Windows\System\krPncoc.exe
  2⤵
  PID:6524
- C:\Windows\System\cjsmrYz.exe
  C:\Windows\System\cjsmrYz.exe
  2⤵
  PID:6544
- C:\Windows\System\LCFImth.exe
  C:\Windows\System\LCFImth.exe
  2⤵
  PID:6580
- C:\Windows\System\KuAdKDI.exe
  C:\Windows\System\KuAdKDI.exe
  2⤵
  PID:6624
- C:\Windows\System\bviruVm.exe
  C:\Windows\System\bviruVm.exe
  2⤵
  PID:6644
- C:\Windows\System\sDRjWFa.exe
  C:\Windows\System\sDRjWFa.exe
  2⤵
  PID:6676
- C:\Windows\System\SrBLKqe.exe
  C:\Windows\System\SrBLKqe.exe
  2⤵
  PID:6720
- C:\Windows\System\tNCXcoY.exe
  C:\Windows\System\tNCXcoY.exe
  2⤵
  PID:6752
- C:\Windows\System\xhKBxBV.exe
  C:\Windows\System\xhKBxBV.exe
  2⤵
  PID:6772
- C:\Windows\System\MwzHnwo.exe
  C:\Windows\System\MwzHnwo.exe
  2⤵
  PID:6804
- C:\Windows\System\qMFvHPE.exe
  C:\Windows\System\qMFvHPE.exe
  2⤵
  PID:6848
- C:\Windows\System\ruPDcTT.exe
  C:\Windows\System\ruPDcTT.exe
  2⤵
  PID:6880
- C:\Windows\System\lBHeHFn.exe
  C:\Windows\System\lBHeHFn.exe
  2⤵
  PID:6912
- C:\Windows\System\lzljLLm.exe
  C:\Windows\System\lzljLLm.exe
  2⤵
  PID:6932
- C:\Windows\System\qMQJmPa.exe
  C:\Windows\System\qMQJmPa.exe
  2⤵
  PID:6964
- C:\Windows\System\JSMfULL.exe
  C:\Windows\System\JSMfULL.exe
  2⤵
  PID:7008
- C:\Windows\System\arKJRXa.exe
  C:\Windows\System\arKJRXa.exe
  2⤵
  PID:7040
- C:\Windows\System\tKbjMZs.exe
  C:\Windows\System\tKbjMZs.exe
  2⤵
  PID:7060
- C:\Windows\System\XzewOWH.exe
  C:\Windows\System\XzewOWH.exe
  2⤵
  PID:7092
- C:\Windows\System\ZgaRJNU.exe
  C:\Windows\System\ZgaRJNU.exe
  2⤵
  PID:7128
- C:\Windows\System\lkMbDrL.exe
  C:\Windows\System\lkMbDrL.exe
  2⤵
  PID:7160
- C:\Windows\System\IQNEmjP.exe
  C:\Windows\System\IQNEmjP.exe
  2⤵
  PID:2928
- C:\Windows\System\EJwrDZh.exe
  C:\Windows\System\EJwrDZh.exe
  2⤵
  PID:4684
- C:\Windows\System\jKZJbsF.exe
  C:\Windows\System\jKZJbsF.exe
  2⤵
  PID:5416
- C:\Windows\System\qdKQyCn.exe
  C:\Windows\System\qdKQyCn.exe
  2⤵
  PID:2544
- C:\Windows\System\sxoGMDW.exe
  C:\Windows\System\sxoGMDW.exe
  2⤵
  PID:2148
- C:\Windows\System\OZILllE.exe
  C:\Windows\System\OZILllE.exe
  2⤵
  PID:6248
- C:\Windows\System\ypNHOYQ.exe
  C:\Windows\System\ypNHOYQ.exe
  2⤵
  PID:6316
- C:\Windows\System\kqGERLR.exe
  C:\Windows\System\kqGERLR.exe
  2⤵
  PID:1068
- C:\Windows\System\anpOcGq.exe
  C:\Windows\System\anpOcGq.exe
  2⤵
  PID:2608
- C:\Windows\System\ZcDnqAN.exe
  C:\Windows\System\ZcDnqAN.exe
  2⤵
  PID:6464
- C:\Windows\System\HUKACTZ.exe
  C:\Windows\System\HUKACTZ.exe
  2⤵
  PID:6508
- C:\Windows\System\FcgGdRA.exe
  C:\Windows\System\FcgGdRA.exe
  2⤵
  PID:6576
- C:\Windows\System\aXABZoB.exe
  C:\Windows\System\aXABZoB.exe
  2⤵
  PID:6640
- C:\Windows\System\avlpCDW.exe
  C:\Windows\System\avlpCDW.exe
  2⤵
  PID:6708
- C:\Windows\System\vQUlSdw.exe
  C:\Windows\System\vQUlSdw.exe
  2⤵
  PID:6784
- C:\Windows\System\ZFEKOvM.exe
  C:\Windows\System\ZFEKOvM.exe
  2⤵
  PID:6836
- C:\Windows\System\wklcfcD.exe
  C:\Windows\System\wklcfcD.exe
  2⤵
  PID:6900
- C:\Windows\System\rCkcbJu.exe
  C:\Windows\System\rCkcbJu.exe
  2⤵
  PID:6976
- C:\Windows\System\wKeJqRM.exe
  C:\Windows\System\wKeJqRM.exe
  2⤵
  PID:7028
- C:\Windows\System\cYYgFbr.exe
  C:\Windows\System\cYYgFbr.exe
  2⤵
  PID:7088
- C:\Windows\System\EYlQvTz.exe
  C:\Windows\System\EYlQvTz.exe
  2⤵
  PID:5908
- C:\Windows\System\pfWOApf.exe
  C:\Windows\System\pfWOApf.exe
  2⤵
  PID:4280
- C:\Windows\System\ZXhiGLa.exe
  C:\Windows\System\ZXhiGLa.exe
  2⤵
  PID:5672
- C:\Windows\System\fvAMqXg.exe
  C:\Windows\System\fvAMqXg.exe
  2⤵
  PID:6200
- C:\Windows\System\HlRWnpQ.exe
  C:\Windows\System\HlRWnpQ.exe
  2⤵
  PID:6380
- C:\Windows\System\bSVUUSU.exe
  C:\Windows\System\bSVUUSU.exe
  2⤵
  PID:6496
- C:\Windows\System\AEMfQNY.exe
  C:\Windows\System\AEMfQNY.exe
  2⤵
  PID:6628
- C:\Windows\System\olSHFqd.exe
  C:\Windows\System\olSHFqd.exe
  2⤵
  PID:6736
- C:\Windows\System\uJyNqAU.exe
  C:\Windows\System\uJyNqAU.exe
  2⤵
  PID:6656
- C:\Windows\System\EtrcZSM.exe
  C:\Windows\System\EtrcZSM.exe
  2⤵
  PID:6960
- C:\Windows\System\tusgmYF.exe
  C:\Windows\System\tusgmYF.exe
  2⤵
  PID:7184
- C:\Windows\System\bxyERcG.exe
  C:\Windows\System\bxyERcG.exe
  2⤵
  PID:7216
- C:\Windows\System\fypKKmr.exe
  C:\Windows\System\fypKKmr.exe
  2⤵
  PID:7260
- C:\Windows\System\NlEwNAc.exe
  C:\Windows\System\NlEwNAc.exe
  2⤵
  PID:7512
- C:\Windows\System\zAiQgtW.exe
  C:\Windows\System\zAiQgtW.exe
  2⤵
  PID:7544
- C:\Windows\System\SlqBPZn.exe
  C:\Windows\System\SlqBPZn.exe
  2⤵
  PID:7564
- C:\Windows\System\MylolAc.exe
  C:\Windows\System\MylolAc.exe
  2⤵
  PID:7580
- C:\Windows\System\AjuUGPX.exe
  C:\Windows\System\AjuUGPX.exe
  2⤵
  PID:7596
- C:\Windows\System\IoFONyE.exe
  C:\Windows\System\IoFONyE.exe
  2⤵
  PID:7612
- C:\Windows\System\BwfaGpq.exe
  C:\Windows\System\BwfaGpq.exe
  2⤵
  PID:7628
- C:\Windows\System\yKMTeFq.exe
  C:\Windows\System\yKMTeFq.exe
  2⤵
  PID:7644
- C:\Windows\System\wnfrfMs.exe
  C:\Windows\System\wnfrfMs.exe
  2⤵
  PID:7660
- C:\Windows\System\NDREuRb.exe
  C:\Windows\System\NDREuRb.exe
  2⤵
  PID:7676
- C:\Windows\System\tCMyjJK.exe
  C:\Windows\System\tCMyjJK.exe
  2⤵
  PID:7692
- C:\Windows\System\LeDWkrs.exe
  C:\Windows\System\LeDWkrs.exe
  2⤵
  PID:7708
- C:\Windows\System\SDbFKcP.exe
  C:\Windows\System\SDbFKcP.exe
  2⤵
  PID:7724
- C:\Windows\System\BKghbEl.exe
  C:\Windows\System\BKghbEl.exe
  2⤵
  PID:7740
- C:\Windows\System\ubaxBNd.exe
  C:\Windows\System\ubaxBNd.exe
  2⤵
  PID:7812
- C:\Windows\System\aOjIlvE.exe
  C:\Windows\System\aOjIlvE.exe
  2⤵
  PID:7828
- C:\Windows\System\mLEavSp.exe
  C:\Windows\System\mLEavSp.exe
  2⤵
  PID:7844
- C:\Windows\System\ZIzLMnN.exe
  C:\Windows\System\ZIzLMnN.exe
  2⤵
  PID:7864
- C:\Windows\System\DstaDKL.exe
  C:\Windows\System\DstaDKL.exe
  2⤵
  PID:7884
- C:\Windows\System\ZrbAxSJ.exe
  C:\Windows\System\ZrbAxSJ.exe
  2⤵
  PID:7900
- C:\Windows\System\LeOSOQz.exe
  C:\Windows\System\LeOSOQz.exe
  2⤵
  PID:7916
- C:\Windows\System\EINUFrS.exe
  C:\Windows\System\EINUFrS.exe
  2⤵
  PID:7932
- C:\Windows\System\TQQFSZL.exe
  C:\Windows\System\TQQFSZL.exe
  2⤵
  PID:7952
- C:\Windows\System\ROwWxQh.exe
  C:\Windows\System\ROwWxQh.exe
  2⤵
  PID:7968
- C:\Windows\System\iXJpfHW.exe
  C:\Windows\System\iXJpfHW.exe
  2⤵
  PID:7992
- C:\Windows\System\MSxKzLv.exe
  C:\Windows\System\MSxKzLv.exe
  2⤵
  PID:8012
- C:\Windows\System\xbhIBwh.exe
  C:\Windows\System\xbhIBwh.exe
  2⤵
  PID:8028
- C:\Windows\System\MdfGbQs.exe
  C:\Windows\System\MdfGbQs.exe
  2⤵
  PID:8152
- C:\Windows\System\BooJKTL.exe
  C:\Windows\System\BooJKTL.exe
  2⤵
  PID:8168
- C:\Windows\System\WnTkzWd.exe
  C:\Windows\System\WnTkzWd.exe
  2⤵
  PID:8184
- C:\Windows\System\DvfPTbR.exe
  C:\Windows\System\DvfPTbR.exe
  2⤵
  PID:2888
- C:\Windows\System\ipOFSXH.exe
  C:\Windows\System\ipOFSXH.exe
  2⤵
  PID:7056
- C:\Windows\System\ivKfgHx.exe
  C:\Windows\System\ivKfgHx.exe
  2⤵
  PID:6012
- C:\Windows\System\roCFCHJ.exe
  C:\Windows\System\roCFCHJ.exe
  2⤵
  PID:6156
- C:\Windows\System\anvRnmq.exe
  C:\Windows\System\anvRnmq.exe
  2⤵
  PID:2652
- C:\Windows\System\CcZkdbf.exe
  C:\Windows\System\CcZkdbf.exe
  2⤵
  PID:3812
- C:\Windows\System\XogjuMy.exe
  C:\Windows\System\XogjuMy.exe
  2⤵
  PID:6832
- C:\Windows\System\kVgmfmK.exe
  C:\Windows\System\kVgmfmK.exe
  2⤵
  PID:7180
- C:\Windows\System\wvhExVO.exe
  C:\Windows\System\wvhExVO.exe
  2⤵
  PID:3044
- C:\Windows\System\mwJHofc.exe
  C:\Windows\System\mwJHofc.exe
  2⤵
  PID:2780
- C:\Windows\System\jWPlYLK.exe
  C:\Windows\System\jWPlYLK.exe
  2⤵
  PID:2668
- C:\Windows\System\sTbmzSb.exe
  C:\Windows\System\sTbmzSb.exe
  2⤵
  PID:1204
- C:\Windows\System\sOcjkaa.exe
  C:\Windows\System\sOcjkaa.exe
  2⤵
  PID:2184
- C:\Windows\System\TASdFxK.exe
  C:\Windows\System\TASdFxK.exe
  2⤵
  PID:2172
- C:\Windows\System\ICnMxih.exe
  C:\Windows\System\ICnMxih.exe
  2⤵
  PID:1040
- C:\Windows\System\fdigKUs.exe
  C:\Windows\System\fdigKUs.exe
  2⤵
  PID:1280
- C:\Windows\System\YpUSCQh.exe
  C:\Windows\System\YpUSCQh.exe
  2⤵
  PID:2056
- C:\Windows\System\zhoMsAr.exe
  C:\Windows\System\zhoMsAr.exe
  2⤵
  PID:1892
- C:\Windows\System\WwejKcZ.exe
  C:\Windows\System\WwejKcZ.exe
  2⤵
  PID:2596
- C:\Windows\System\uDFSRCV.exe
  C:\Windows\System\uDFSRCV.exe
  2⤵
  PID:624
- C:\Windows\System\gccthdg.exe
  C:\Windows\System\gccthdg.exe
  2⤵
  PID:1572
- C:\Windows\System\WCynNOx.exe
  C:\Windows\System\WCynNOx.exe
  2⤵
  PID:2080
- C:\Windows\System\TiYVxUx.exe
  C:\Windows\System\TiYVxUx.exe
  2⤵
  PID:7332
- C:\Windows\System\FoTAUuV.exe
  C:\Windows\System\FoTAUuV.exe
  2⤵
  PID:7368
- C:\Windows\System\fIrvAaz.exe
  C:\Windows\System\fIrvAaz.exe
  2⤵
  PID:7292
- C:\Windows\System\eDkfxqA.exe
  C:\Windows\System\eDkfxqA.exe
  2⤵
  PID:7308
- C:\Windows\System\uGTOOzt.exe
  C:\Windows\System\uGTOOzt.exe
  2⤵
  PID:7360
- C:\Windows\System\zYWclGO.exe
  C:\Windows\System\zYWclGO.exe
  2⤵
  PID:7380
- C:\Windows\System\zkGvVXd.exe
  C:\Windows\System\zkGvVXd.exe
  2⤵
  PID:7244
- C:\Windows\System\KdgsNuQ.exe
  C:\Windows\System\KdgsNuQ.exe
  2⤵
  PID:7408
- C:\Windows\System\ZcEPaBM.exe
  C:\Windows\System\ZcEPaBM.exe
  2⤵
  PID:7444
- C:\Windows\System\zrTNmjR.exe
  C:\Windows\System\zrTNmjR.exe
  2⤵
  PID:7452
- C:\Windows\System\GrmyDgI.exe
  C:\Windows\System\GrmyDgI.exe
  2⤵
  PID:7472
- C:\Windows\System\KrNGlIO.exe
  C:\Windows\System\KrNGlIO.exe
  2⤵
  PID:7488
- C:\Windows\System\qUAsFiw.exe
  C:\Windows\System\qUAsFiw.exe
  2⤵
  PID:7500
- C:\Windows\System\xoWspHR.exe
  C:\Windows\System\xoWspHR.exe
  2⤵
  PID:7508
- C:\Windows\System\vgcBrTp.exe
  C:\Windows\System\vgcBrTp.exe
  2⤵
  PID:7536
- C:\Windows\System\iVsUPEb.exe
  C:\Windows\System\iVsUPEb.exe
  2⤵
  PID:7608
- C:\Windows\System\yMUDZor.exe
  C:\Windows\System\yMUDZor.exe
  2⤵
  PID:7588
- C:\Windows\System\ZUjGeYO.exe
  C:\Windows\System\ZUjGeYO.exe
  2⤵
  PID:7656
- C:\Windows\System\jncKYOu.exe
  C:\Windows\System\jncKYOu.exe
  2⤵
  PID:7636
- C:\Windows\System\ZaUOzJN.exe
  C:\Windows\System\ZaUOzJN.exe
  2⤵
  PID:7732
- C:\Windows\System\DhUPywr.exe
  C:\Windows\System\DhUPywr.exe
  2⤵
  PID:7700
- C:\Windows\System\axqUlJr.exe
  C:\Windows\System\axqUlJr.exe
  2⤵
  PID:7760
- C:\Windows\System\LDIkmxo.exe
  C:\Windows\System\LDIkmxo.exe
  2⤵
  PID:7768
- C:\Windows\System\GxoqknE.exe
  C:\Windows\System\GxoqknE.exe
  2⤵
  PID:7792
- C:\Windows\System\zwJhtTq.exe
  C:\Windows\System\zwJhtTq.exe
  2⤵
  PID:7808
- C:\Windows\System\DECvdFv.exe
  C:\Windows\System\DECvdFv.exe
  2⤵
  PID:7860
- C:\Windows\System\yCTLGXc.exe
  C:\Windows\System\yCTLGXc.exe
  2⤵
  PID:7892
- C:\Windows\System\eoAPMhv.exe
  C:\Windows\System\eoAPMhv.exe
  2⤵
  PID:7908
- C:\Windows\System\zKJExTw.exe
  C:\Windows\System\zKJExTw.exe
  2⤵
  PID:7948
- C:\Windows\System\ZiNguvB.exe
  C:\Windows\System\ZiNguvB.exe
  2⤵
  PID:7984
- C:\Windows\System\DwSPkJv.exe
  C:\Windows\System\DwSPkJv.exe
  2⤵
  PID:7960
- C:\Windows\System\eFZuYqR.exe
  C:\Windows\System\eFZuYqR.exe
  2⤵
  PID:8004
- C:\Windows\System\yCaflRE.exe
  C:\Windows\System\yCaflRE.exe
  2⤵
  PID:8040
- C:\Windows\System\gsGUyCR.exe
  C:\Windows\System\gsGUyCR.exe
  2⤵
  PID:8056
- C:\Windows\System\anOsDSq.exe
  C:\Windows\System\anOsDSq.exe
  2⤵
  PID:8072
- C:\Windows\System\vmDdTit.exe
  C:\Windows\System\vmDdTit.exe
  2⤵
  PID:8088
- C:\Windows\System\FjzROhV.exe
  C:\Windows\System\FjzROhV.exe
  2⤵
  PID:8104
- C:\Windows\System\qhHylpL.exe
  C:\Windows\System\qhHylpL.exe
  2⤵
  PID:8120
- C:\Windows\System\eRwRtNJ.exe
  C:\Windows\System\eRwRtNJ.exe
  2⤵
  PID:8136
- C:\Windows\System\KfseFRr.exe
  C:\Windows\System\KfseFRr.exe
  2⤵
  PID:8160
- C:\Windows\System\puAZXWj.exe
  C:\Windows\System\puAZXWj.exe
  2⤵
  PID:7076
- C:\Windows\System\JFIENbk.exe
  C:\Windows\System\JFIENbk.exe
  2⤵
  PID:6432
- C:\Windows\System\mFcvGwR.exe
  C:\Windows\System\mFcvGwR.exe
  2⤵
  PID:7176
- C:\Windows\System\qEPhTvs.exe
  C:\Windows\System\qEPhTvs.exe
  2⤵
  PID:2988
- C:\Windows\System\tYBHDDl.exe
  C:\Windows\System\tYBHDDl.exe
  2⤵
  PID:7236
- C:\Windows\System\TDdtOPX.exe
  C:\Windows\System\TDdtOPX.exe
  2⤵
  PID:844
- C:\Windows\System\UfOwZeu.exe
  C:\Windows\System\UfOwZeu.exe
  2⤵
  PID:900
- C:\Windows\System\FIEhQYD.exe
  C:\Windows\System\FIEhQYD.exe
  2⤵
  PID:2576
- C:\Windows\System\ydkRrvd.exe
  C:\Windows\System\ydkRrvd.exe
  2⤵
  PID:2196
- C:\Windows\System\oIGDDII.exe
  C:\Windows\System\oIGDDII.exe
  2⤵
  PID:280
- C:\Windows\System\MclQrtB.exe
  C:\Windows\System\MclQrtB.exe
  2⤵
  PID:2240
- C:\Windows\System\VPZHxPD.exe
  C:\Windows\System\VPZHxPD.exe
  2⤵
  PID:3016
- C:\Windows\System\SYUEEIL.exe
  C:\Windows\System\SYUEEIL.exe
  2⤵
  PID:7328
- C:\Windows\System\edsLWLA.exe
  C:\Windows\System\edsLWLA.exe
  2⤵
  PID:7352
- C:\Windows\System\GaQpzOl.exe
  C:\Windows\System\GaQpzOl.exe
  2⤵
  PID:7440
- C:\Windows\System\XhpCgch.exe
  C:\Windows\System\XhpCgch.exe
  2⤵
  PID:7424
- C:\Windows\System\QepdxMs.exe
  C:\Windows\System\QepdxMs.exe
  2⤵
  PID:7432
- C:\Windows\System\iQuZaHI.exe
  C:\Windows\System\iQuZaHI.exe
  2⤵
  PID:7276
- C:\Windows\System\ToKSFuN.exe
  C:\Windows\System\ToKSFuN.exe
  2⤵
  PID:7528
- C:\Windows\System\QDfqRjl.exe
  C:\Windows\System\QDfqRjl.exe
  2⤵
  PID:7652
- C:\Windows\System\RVeuMQr.exe
  C:\Windows\System\RVeuMQr.exe
  2⤵
  PID:7560
- C:\Windows\System\MHZfCZE.exe
  C:\Windows\System\MHZfCZE.exe
  2⤵
  PID:7640
- C:\Windows\System\VNDxlvH.exe
  C:\Windows\System\VNDxlvH.exe
  2⤵
  PID:7756
- C:\Windows\System\TscLGbX.exe
  C:\Windows\System\TscLGbX.exe
  2⤵
  PID:7764
- C:\Windows\System\fzCtCDw.exe
  C:\Windows\System\fzCtCDw.exe
  2⤵
  PID:7840
- C:\Windows\System\EbHZhFt.exe
  C:\Windows\System\EbHZhFt.exe
  2⤵
  PID:7944
- C:\Windows\System\flgjEeG.exe
  C:\Windows\System\flgjEeG.exe
  2⤵
  PID:8036
- C:\Windows\System\rzijaEM.exe
  C:\Windows\System\rzijaEM.exe
  2⤵
  PID:7896
- C:\Windows\System\CZBlWha.exe
  C:\Windows\System\CZBlWha.exe
  2⤵
  PID:7876
- C:\Windows\System\NfBekMz.exe
  C:\Windows\System\NfBekMz.exe
  2⤵
  PID:8100
- C:\Windows\System\jhQydYN.exe
  C:\Windows\System\jhQydYN.exe
  2⤵
  PID:6992
- C:\Windows\System\TmIYmFG.exe
  C:\Windows\System\TmIYmFG.exe
  2⤵
  PID:8180
- C:\Windows\System\clAsqFZ.exe
  C:\Windows\System\clAsqFZ.exe
  2⤵
  PID:8144
- C:\Windows\System\DNJNitK.exe
  C:\Windows\System\DNJNitK.exe
  2⤵
  PID:6320
- C:\Windows\System\gpDxiii.exe
  C:\Windows\System\gpDxiii.exe
  2⤵
  PID:3008
- C:\Windows\System\rPvFwpq.exe
  C:\Windows\System\rPvFwpq.exe
  2⤵
  PID:2336
- C:\Windows\System\TrOQXAc.exe
  C:\Windows\System\TrOQXAc.exe
  2⤵
  PID:488
- C:\Windows\System\IEbQRGb.exe
  C:\Windows\System\IEbQRGb.exe
  2⤵
  PID:7344
- C:\Windows\System\CldQPBP.exe
  C:\Windows\System\CldQPBP.exe
  2⤵
  PID:7404
- C:\Windows\System\BInATTk.exe
  C:\Windows\System\BInATTk.exe
  2⤵
  PID:7376
- C:\Windows\System\WSllAtJ.exe
  C:\Windows\System\WSllAtJ.exe
  2⤵
  PID:7496
- C:\Windows\System\AZkFCuF.exe
  C:\Windows\System\AZkFCuF.exe
  2⤵
  PID:7704
- C:\Windows\System\dyHHdNp.exe
  C:\Windows\System\dyHHdNp.exe
  2⤵
  PID:7620
- C:\Windows\System\vIbHDxt.exe
  C:\Windows\System\vIbHDxt.exe
  2⤵
  PID:7716
- C:\Windows\System\FTVwgtO.exe
  C:\Windows\System\FTVwgtO.exe
  2⤵
  PID:7836
- C:\Windows\System\rncEhPa.exe
  C:\Windows\System\rncEhPa.exe
  2⤵
  PID:8000
- C:\Windows\System\kaEUuRc.exe
  C:\Windows\System\kaEUuRc.exe
  2⤵
  PID:8112
- C:\Windows\System\EHmXJgo.exe
  C:\Windows\System\EHmXJgo.exe
  2⤵
  PID:5544
- C:\Windows\System\KYukVVL.exe
  C:\Windows\System\KYukVVL.exe
  2⤵
  PID:7240
- C:\Windows\System\HsMMLiz.exe
  C:\Windows\System\HsMMLiz.exe
  2⤵
  PID:7304
- C:\Windows\System\dVNRmCt.exe
  C:\Windows\System\dVNRmCt.exe
  2⤵
  PID:7880
- C:\Windows\System\VyQlPPc.exe
  C:\Windows\System\VyQlPPc.exe
  2⤵
  PID:2436
- C:\Windows\System\QpHkCeO.exe
  C:\Windows\System\QpHkCeO.exe
  2⤵
  PID:7776
- C:\Windows\System\ZsIuiZg.exe
  C:\Windows\System\ZsIuiZg.exe
  2⤵
  PID:8116
- C:\Windows\System\dXDKKRQ.exe
  C:\Windows\System\dXDKKRQ.exe
  2⤵
  PID:7024
- C:\Windows\System\wHwMuAE.exe
  C:\Windows\System\wHwMuAE.exe
  2⤵
  PID:7504
- C:\Windows\System\bTRvAKl.exe
  C:\Windows\System\bTRvAKl.exe
  2⤵
  PID:7912
- C:\Windows\System\hNKiHoq.exe
  C:\Windows\System\hNKiHoq.exe
  2⤵
  PID:8084
- C:\Windows\System\YyRgPKz.exe
  C:\Windows\System\YyRgPKz.exe
  2⤵
  PID:7348
- C:\Windows\System\PUZWMzm.exe
  C:\Windows\System\PUZWMzm.exe
  2⤵
  PID:7480
- C:\Windows\System\VtFqWUH.exe
  C:\Windows\System\VtFqWUH.exe
  2⤵
  PID:6216
- C:\Windows\System\QIPyJES.exe
  C:\Windows\System\QIPyJES.exe
  2⤵
  PID:8096
- C:\Windows\System\OkCxJaK.exe
  C:\Windows\System\OkCxJaK.exe
  2⤵
  PID:8208
- C:\Windows\System\JVOCOfp.exe
  C:\Windows\System\JVOCOfp.exe
  2⤵
  PID:8224
- C:\Windows\System\amYHAel.exe
  C:\Windows\System\amYHAel.exe
  2⤵
  PID:8240
- C:\Windows\System\GoQULPM.exe
  C:\Windows\System\GoQULPM.exe
  2⤵
  PID:8256
- C:\Windows\System\cvBUTSI.exe
  C:\Windows\System\cvBUTSI.exe
  2⤵
  PID:8272
- C:\Windows\System\MYzPwOr.exe
  C:\Windows\System\MYzPwOr.exe
  2⤵
  PID:8288
- C:\Windows\System\ApywtNY.exe
  C:\Windows\System\ApywtNY.exe
  2⤵
  PID:8304
- C:\Windows\System\jEwNFxp.exe
  C:\Windows\System\jEwNFxp.exe
  2⤵
  PID:8320
- C:\Windows\System\oFFKLez.exe
  C:\Windows\System\oFFKLez.exe
  2⤵
  PID:8336
- C:\Windows\System\XikgZXq.exe
  C:\Windows\System\XikgZXq.exe
  2⤵
  PID:8352
- C:\Windows\System\mkbiwuk.exe
  C:\Windows\System\mkbiwuk.exe
  2⤵
  PID:8368
- C:\Windows\System\LAXAzNg.exe
  C:\Windows\System\LAXAzNg.exe
  2⤵
  PID:8384
- C:\Windows\System\AZyqjbw.exe
  C:\Windows\System\AZyqjbw.exe
  2⤵
  PID:8400
- C:\Windows\System\SIwJCrX.exe
  C:\Windows\System\SIwJCrX.exe
  2⤵
  PID:8416
- C:\Windows\System\VuCnGbT.exe
  C:\Windows\System\VuCnGbT.exe
  2⤵
  PID:8432
- C:\Windows\System\TXrKMmJ.exe
  C:\Windows\System\TXrKMmJ.exe
  2⤵
  PID:8448
- C:\Windows\System\eYvXquy.exe
  C:\Windows\System\eYvXquy.exe
  2⤵
  PID:8464
- C:\Windows\System\oRarhYo.exe
  C:\Windows\System\oRarhYo.exe
  2⤵
  PID:8480
- C:\Windows\System\itpFRaJ.exe
  C:\Windows\System\itpFRaJ.exe
  2⤵
  PID:8496
- C:\Windows\System\WoxaiRi.exe
  C:\Windows\System\WoxaiRi.exe
  2⤵
  PID:8512
- C:\Windows\System\rLpTFuI.exe
  C:\Windows\System\rLpTFuI.exe
  2⤵
  PID:8528
- C:\Windows\System\gWFbGTM.exe
  C:\Windows\System\gWFbGTM.exe
  2⤵
  PID:8544
- C:\Windows\System\riWCYux.exe
  C:\Windows\System\riWCYux.exe
  2⤵
  PID:8560
- C:\Windows\System\yijQyuj.exe
  C:\Windows\System\yijQyuj.exe
  2⤵
  PID:8576
- C:\Windows\System\UsKvVYm.exe
  C:\Windows\System\UsKvVYm.exe
  2⤵
  PID:8592
- C:\Windows\System\dqzUIhk.exe
  C:\Windows\System\dqzUIhk.exe
  2⤵
  PID:8608
- C:\Windows\System\iNnVvJU.exe
  C:\Windows\System\iNnVvJU.exe
  2⤵
  PID:8624
- C:\Windows\System\NXXVOUX.exe
  C:\Windows\System\NXXVOUX.exe
  2⤵
  PID:8640
- C:\Windows\System\kSZzjMn.exe
  C:\Windows\System\kSZzjMn.exe
  2⤵
  PID:8656
- C:\Windows\System\aoghgtW.exe
  C:\Windows\System\aoghgtW.exe
  2⤵
  PID:8672
- C:\Windows\System\RIQEnNl.exe
  C:\Windows\System\RIQEnNl.exe
  2⤵
  PID:8688
- C:\Windows\System\MOBlNxD.exe
  C:\Windows\System\MOBlNxD.exe
  2⤵
  PID:8704
- C:\Windows\System\KDqjdgb.exe
  C:\Windows\System\KDqjdgb.exe
  2⤵
  PID:8720
- C:\Windows\System\wCFwpqA.exe
  C:\Windows\System\wCFwpqA.exe
  2⤵
  PID:8736
- C:\Windows\System\hYEbHMD.exe
  C:\Windows\System\hYEbHMD.exe
  2⤵
  PID:8752
- C:\Windows\System\JVXYqAQ.exe
  C:\Windows\System\JVXYqAQ.exe
  2⤵
  PID:8768
- C:\Windows\System\rjFEcFf.exe
  C:\Windows\System\rjFEcFf.exe
  2⤵
  PID:8784
- C:\Windows\System\aIVrvCj.exe
  C:\Windows\System\aIVrvCj.exe
  2⤵
  PID:8804
- C:\Windows\System\YGJpMpu.exe
  C:\Windows\System\YGJpMpu.exe
  2⤵
  PID:8820
- C:\Windows\System\CgYtvAl.exe
  C:\Windows\System\CgYtvAl.exe
  2⤵
  PID:8836
- C:\Windows\System\HbVBTKH.exe
  C:\Windows\System\HbVBTKH.exe
  2⤵
  PID:8852
- C:\Windows\System\jDoBxyp.exe
  C:\Windows\System\jDoBxyp.exe
  2⤵
  PID:8868
- C:\Windows\System\kFehzln.exe
  C:\Windows\System\kFehzln.exe
  2⤵
  PID:8884
- C:\Windows\System\RMZnqTm.exe
  C:\Windows\System\RMZnqTm.exe
  2⤵
  PID:8900
- C:\Windows\System\UwLIQWz.exe
  C:\Windows\System\UwLIQWz.exe
  2⤵
  PID:8916
- C:\Windows\System\SDebUta.exe
  C:\Windows\System\SDebUta.exe
  2⤵
  PID:8932
- C:\Windows\System\AtEtrhH.exe
  C:\Windows\System\AtEtrhH.exe
  2⤵
  PID:8948
- C:\Windows\System\RhsNfvc.exe
  C:\Windows\System\RhsNfvc.exe
  2⤵
  PID:8964
- C:\Windows\System\Paaytcd.exe
  C:\Windows\System\Paaytcd.exe
  2⤵
  PID:8980
- C:\Windows\System\PZpNVgm.exe
  C:\Windows\System\PZpNVgm.exe
  2⤵
  PID:8996
- C:\Windows\System\gxiRhzo.exe
  C:\Windows\System\gxiRhzo.exe
  2⤵
  PID:9012
- C:\Windows\System\gpFDSeH.exe
  C:\Windows\System\gpFDSeH.exe
  2⤵
  PID:9028
- C:\Windows\System\VMUxjHu.exe
  C:\Windows\System\VMUxjHu.exe
  2⤵
  PID:9044
- C:\Windows\System\SLIJmMp.exe
  C:\Windows\System\SLIJmMp.exe
  2⤵
  PID:9060
- C:\Windows\System\cwKQxnr.exe
  C:\Windows\System\cwKQxnr.exe
  2⤵
  PID:9076
- C:\Windows\System\tlUEQgO.exe
  C:\Windows\System\tlUEQgO.exe
  2⤵
  PID:9092
- C:\Windows\System\eGTUUAR.exe
  C:\Windows\System\eGTUUAR.exe
  2⤵
  PID:9112
- C:\Windows\System\exkjdXb.exe
  C:\Windows\System\exkjdXb.exe
  2⤵
  PID:9128
- C:\Windows\System\XTfuvOg.exe
  C:\Windows\System\XTfuvOg.exe
  2⤵
  PID:9144
- C:\Windows\System\psNDtbc.exe
  C:\Windows\System\psNDtbc.exe
  2⤵
  PID:9160
- C:\Windows\System\uklNkDs.exe
  C:\Windows\System\uklNkDs.exe
  2⤵
  PID:9176
- C:\Windows\System\tkeJuYM.exe
  C:\Windows\System\tkeJuYM.exe
  2⤵
  PID:9192
- C:\Windows\System\UQtTFNU.exe
  C:\Windows\System\UQtTFNU.exe
  2⤵
  PID:9208
- C:\Windows\System\nLDffRc.exe
  C:\Windows\System\nLDffRc.exe
  2⤵
  PID:8204
- C:\Windows\System\fhPTRrY.exe
  C:\Windows\System\fhPTRrY.exe
  2⤵
  PID:8268
- C:\Windows\System\srxuQDu.exe
  C:\Windows\System\srxuQDu.exe
  2⤵
  PID:8216
- C:\Windows\System\qEDIxVX.exe
  C:\Windows\System\qEDIxVX.exe
  2⤵
  PID:8280
- C:\Windows\System\lESWFPw.exe
  C:\Windows\System\lESWFPw.exe
  2⤵
  PID:8360
- C:\Windows\System\vdkVKvv.exe
  C:\Windows\System\vdkVKvv.exe
  2⤵
  PID:8380
- C:\Windows\System\QKLtWVG.exe
  C:\Windows\System\QKLtWVG.exe
  2⤵
  PID:8504
- C:\Windows\System\rOjNEYW.exe
  C:\Windows\System\rOjNEYW.exe
  2⤵
  PID:8460
- C:\Windows\System\sugeyhu.exe
  C:\Windows\System\sugeyhu.exe
  2⤵
  PID:8524
- C:\Windows\System\eQSKdxp.exe
  C:\Windows\System\eQSKdxp.exe
  2⤵
  PID:8588
- C:\Windows\System\WJhXNwg.exe
  C:\Windows\System\WJhXNwg.exe
  2⤵
  PID:8652
- C:\Windows\System\hlRdpse.exe
  C:\Windows\System\hlRdpse.exe
  2⤵
  PID:8572
- C:\Windows\System\LhTOoWG.exe
  C:\Windows\System\LhTOoWG.exe
  2⤵
  PID:8748
- C:\Windows\System\odpvJGl.exe
  C:\Windows\System\odpvJGl.exe
  2⤵
  PID:8816
- C:\Windows\System\QSFzfzh.exe
  C:\Windows\System\QSFzfzh.exe
  2⤵
  PID:8880
- C:\Windows\System\nPKyHne.exe
  C:\Windows\System\nPKyHne.exe
  2⤵
  PID:8944
- C:\Windows\System\pNXxTmo.exe
  C:\Windows\System\pNXxTmo.exe
  2⤵
  PID:8976
- C:\Windows\System\UDtrqFD.exe
  C:\Windows\System\UDtrqFD.exe
  2⤵
  PID:8668
- C:\Windows\System\BErVHzu.exe
  C:\Windows\System\BErVHzu.exe
  2⤵
  PID:8732
- C:\Windows\System\PZNgRsP.exe
  C:\Windows\System\PZNgRsP.exe
  2⤵
  PID:9004
- C:\Windows\System\tSQsWbt.exe
  C:\Windows\System\tSQsWbt.exe
  2⤵
  PID:9068
- C:\Windows\System\nNBxYkv.exe
  C:\Windows\System\nNBxYkv.exe
  2⤵
  PID:8864
- C:\Windows\System\yfejTJU.exe
  C:\Windows\System\yfejTJU.exe
  2⤵
  PID:8956
- C:\Windows\System\CTQPyWZ.exe
  C:\Windows\System\CTQPyWZ.exe
  2⤵
  PID:9052
- C:\Windows\System\teyXHgF.exe
  C:\Windows\System\teyXHgF.exe
  2⤵
  PID:8924
- C:\Windows\System\iFLIlVq.exe
  C:\Windows\System\iFLIlVq.exe
  2⤵
  PID:7624
- C:\Windows\System\zzgBhhs.exe
  C:\Windows\System\zzgBhhs.exe
  2⤵
  PID:9140
- C:\Windows\System\mRqLoIC.exe
  C:\Windows\System\mRqLoIC.exe
  2⤵
  PID:9152
- C:\Windows\System\jdakMyp.exe
  C:\Windows\System\jdakMyp.exe
  2⤵
  PID:9204
- C:\Windows\System\EOwkbof.exe
  C:\Windows\System\EOwkbof.exe
  2⤵
  PID:8252
- C:\Windows\System\IioaGtZ.exe
  C:\Windows\System\IioaGtZ.exe
  2⤵
  PID:8424
- C:\Windows\System\hedAbPw.exe
  C:\Windows\System\hedAbPw.exe
  2⤵
  PID:8376
- C:\Windows\System\aIaEbmL.exe
  C:\Windows\System\aIaEbmL.exe
  2⤵
  PID:8556
- C:\Windows\System\WWCeBFS.exe
  C:\Windows\System\WWCeBFS.exe
  2⤵
  PID:8780
- C:\Windows\System\FJntaJc.exe
  C:\Windows\System\FJntaJc.exe
  2⤵
  PID:8912
- C:\Windows\System\kBSNMrS.exe
  C:\Windows\System\kBSNMrS.exe
  2⤵
  PID:8440
- C:\Windows\System\aiXinFo.exe
  C:\Windows\System\aiXinFo.exe
  2⤵
  PID:9184
- C:\Windows\System\JhNkZCD.exe
  C:\Windows\System\JhNkZCD.exe
  2⤵
  PID:8552
- C:\Windows\System\PSZQLrx.exe
  C:\Windows\System\PSZQLrx.exe
  2⤵
  PID:8716
- C:\Windows\System\NNtXaHv.exe
  C:\Windows\System\NNtXaHv.exe
  2⤵
  PID:8636
- C:\Windows\System\objWHiF.exe
  C:\Windows\System\objWHiF.exe
  2⤵
  PID:8664
- C:\Windows\System\iHAZjLz.exe
  C:\Windows\System\iHAZjLz.exe
  2⤵
  PID:8792
- C:\Windows\System\mVxutcN.exe
  C:\Windows\System\mVxutcN.exe
  2⤵
  PID:9036
- C:\Windows\System\YjVsaJL.exe
  C:\Windows\System\YjVsaJL.exe
  2⤵
  PID:9020
- C:\Windows\System\YIYTHUc.exe
  C:\Windows\System\YIYTHUc.exe
  2⤵
  PID:9172
- C:\Windows\System\SLsLJEA.exe
  C:\Windows\System\SLsLJEA.exe
  2⤵
  PID:9056
- C:\Windows\System\EcPFlFY.exe
  C:\Windows\System\EcPFlFY.exe
  2⤵
  PID:8264
- C:\Windows\System\HyIjhGA.exe
  C:\Windows\System\HyIjhGA.exe
  2⤵
  PID:8684
- C:\Windows\System\rKkqsIh.exe
  C:\Windows\System\rKkqsIh.exe
  2⤵
  PID:8396
- C:\Windows\System\xRHAsDP.exe
  C:\Windows\System\xRHAsDP.exe
  2⤵
  PID:8812
- C:\Windows\System\eOVbnJg.exe
  C:\Windows\System\eOVbnJg.exe
  2⤵
  PID:7980
- C:\Windows\System\vIFlZdz.exe
  C:\Windows\System\vIFlZdz.exe
  2⤵
  PID:8764
- C:\Windows\System\AERxgFp.exe
  C:\Windows\System\AERxgFp.exe
  2⤵
  PID:8604
- C:\Windows\System\IKZRLVi.exe
  C:\Windows\System\IKZRLVi.exe
  2⤵
  PID:9136
- C:\Windows\System\dlSolcD.exe
  C:\Windows\System\dlSolcD.exe
  2⤵
  PID:9104
- C:\Windows\System\lXXhOer.exe
  C:\Windows\System\lXXhOer.exe
  2⤵
  PID:8328
- C:\Windows\System\SbtOhlP.exe
  C:\Windows\System\SbtOhlP.exe
  2⤵
  PID:9124
- C:\Windows\System\NYSYPXU.exe
  C:\Windows\System\NYSYPXU.exe
  2⤵
  PID:8492
- C:\Windows\System\DGcXvIA.exe
  C:\Windows\System\DGcXvIA.exe
  2⤵
  PID:8728
- C:\Windows\System\MfYgmiw.exe
  C:\Windows\System\MfYgmiw.exe
  2⤵
  PID:8472
- C:\Windows\System\DxkDWcX.exe
  C:\Windows\System\DxkDWcX.exe
  2⤵
  PID:9236
- C:\Windows\System\tSvWsJc.exe
  C:\Windows\System\tSvWsJc.exe
  2⤵
  PID:9256
- C:\Windows\System\SOWzwAU.exe
  C:\Windows\System\SOWzwAU.exe
  2⤵
  PID:9292
- C:\Windows\System\oGfmmrZ.exe
  C:\Windows\System\oGfmmrZ.exe
  2⤵
  PID:9556
- C:\Windows\System\WlVQDMx.exe
  C:\Windows\System\WlVQDMx.exe
  2⤵
  PID:9576
- C:\Windows\System\zLjoKLE.exe
  C:\Windows\System\zLjoKLE.exe
  2⤵
  PID:9596
- C:\Windows\System\HkdYMMi.exe
  C:\Windows\System\HkdYMMi.exe
  2⤵
  PID:9612
- C:\Windows\System\NHBruDj.exe
  C:\Windows\System\NHBruDj.exe
  2⤵
  PID:9628
- C:\Windows\System\zKsnDGK.exe
  C:\Windows\System\zKsnDGK.exe
  2⤵
  PID:9644
- C:\Windows\System\iOcLbZA.exe
  C:\Windows\System\iOcLbZA.exe
  2⤵
  PID:9732
- C:\Windows\System\jRZkrQz.exe
  C:\Windows\System\jRZkrQz.exe
  2⤵
  PID:9780
- C:\Windows\System\maaXOdS.exe
  C:\Windows\System\maaXOdS.exe
  2⤵
  PID:9796
- C:\Windows\System\svagBbS.exe
  C:\Windows\System\svagBbS.exe
  2⤵
  PID:9820
- C:\Windows\System\StThIoB.exe
  C:\Windows\System\StThIoB.exe
  2⤵
  PID:9840
- C:\Windows\System\BLoryqq.exe
  C:\Windows\System\BLoryqq.exe
  2⤵
  PID:9856
- C:\Windows\System\LPSDeqM.exe
  C:\Windows\System\LPSDeqM.exe
  2⤵
  PID:9900
- C:\Windows\System\lwagYDE.exe
  C:\Windows\System\lwagYDE.exe
  2⤵
  PID:10172
- C:\Windows\System\xZxWtLG.exe
  C:\Windows\System\xZxWtLG.exe
  2⤵
  PID:10188
- C:\Windows\System\BqqaYys.exe
  C:\Windows\System\BqqaYys.exe
  2⤵
  PID:10204
- C:\Windows\System\OgOTRxA.exe
  C:\Windows\System\OgOTRxA.exe
  2⤵
  PID:10220
- C:\Windows\System\rGEIZkH.exe
  C:\Windows\System\rGEIZkH.exe
  2⤵
  PID:10236
- C:\Windows\System\wQeRJEe.exe
  C:\Windows\System\wQeRJEe.exe
  2⤵
  PID:8876
- C:\Windows\System\SAawYeD.exe
  C:\Windows\System\SAawYeD.exe
  2⤵
  PID:7392
- C:\Windows\System\qCoptim.exe
  C:\Windows\System\qCoptim.exe
  2⤵
  PID:9272
- C:\Windows\System\WGWGHEp.exe
  C:\Windows\System\WGWGHEp.exe
  2⤵
  PID:8928
- C:\Windows\System\OLCrkPw.exe
  C:\Windows\System\OLCrkPw.exe
  2⤵
  PID:9252
- C:\Windows\System\eaqdkkN.exe
  C:\Windows\System\eaqdkkN.exe
  2⤵
  PID:9468
- C:\Windows\System\CTfAKrV.exe
  C:\Windows\System\CTfAKrV.exe
  2⤵
  PID:9316
- C:\Windows\System\TwuKjQi.exe
  C:\Windows\System\TwuKjQi.exe
  2⤵
  PID:9348
- C:\Windows\System\CjIUNWY.exe
  C:\Windows\System\CjIUNWY.exe
  2⤵
  PID:9396
- C:\Windows\System\wEhXojz.exe
  C:\Windows\System\wEhXojz.exe
  2⤵
  PID:9420
- C:\Windows\System\xehkdJQ.exe
  C:\Windows\System\xehkdJQ.exe
  2⤵
  PID:9456
- C:\Windows\System\IRTRpLN.exe
  C:\Windows\System\IRTRpLN.exe
  2⤵
  PID:9484
- C:\Windows\System\MugmGhP.exe
  C:\Windows\System\MugmGhP.exe
  2⤵
  PID:9520
- C:\Windows\System\DvMlABR.exe
  C:\Windows\System\DvMlABR.exe
  2⤵
  PID:9788
- C:\Windows\System\FYXMeiC.exe
  C:\Windows\System\FYXMeiC.exe
  2⤵
  PID:9816
- C:\Windows\System\NeUMBGB.exe
  C:\Windows\System\NeUMBGB.exe
  2⤵
  PID:9908
- C:\Windows\System\VvmJSxW.exe
  C:\Windows\System\VvmJSxW.exe
  2⤵
  PID:9924
- C:\Windows\System\GoJvGFw.exe
  C:\Windows\System\GoJvGFw.exe
  2⤵
  PID:9940
- C:\Windows\System\RzMCNVj.exe
  C:\Windows\System\RzMCNVj.exe
  2⤵
  PID:9956
- C:\Windows\System\kxzSjHE.exe
  C:\Windows\System\kxzSjHE.exe
  2⤵
  PID:9972
- C:\Windows\System\IWZYLtW.exe
  C:\Windows\System\IWZYLtW.exe
  2⤵
  PID:9988
- C:\Windows\System\DihHOfk.exe
  C:\Windows\System\DihHOfk.exe
  2⤵
  PID:10004
- C:\Windows\System\uHeVHXw.exe
  C:\Windows\System\uHeVHXw.exe
  2⤵
  PID:10024
- C:\Windows\System\nuYQhyR.exe
  C:\Windows\System\nuYQhyR.exe
  2⤵
  PID:9832
- C:\Windows\System\jdXnvXd.exe
  C:\Windows\System\jdXnvXd.exe
  2⤵
  PID:9876
- C:\Windows\System\VrQEsjY.exe
  C:\Windows\System\VrQEsjY.exe
  2⤵
  PID:9892
- C:\Windows\System\yqURipA.exe
  C:\Windows\System\yqURipA.exe
  2⤵
  PID:10040
- C:\Windows\System\GyftXEe.exe
  C:\Windows\System\GyftXEe.exe
  2⤵
  PID:10060
- C:\Windows\System\tEvJhsA.exe
  C:\Windows\System\tEvJhsA.exe
  2⤵
  PID:10076
- C:\Windows\System\MXPumAP.exe
  C:\Windows\System\MXPumAP.exe
  2⤵
  PID:10092
- C:\Windows\System\RPZSEQX.exe
  C:\Windows\System\RPZSEQX.exe
  2⤵
  PID:10108
- C:\Windows\System\hzBUKGW.exe
  C:\Windows\System\hzBUKGW.exe
  2⤵
  PID:10124
- C:\Windows\System\QIEQYWj.exe
  C:\Windows\System\QIEQYWj.exe
  2⤵
  PID:10140
- C:\Windows\System\ZgGqrLo.exe
  C:\Windows\System\ZgGqrLo.exe
  2⤵
  PID:10156
- C:\Windows\System\RUYUdeK.exe
  C:\Windows\System\RUYUdeK.exe
  2⤵
  PID:10180
- C:\Windows\System\OkhKypT.exe
  C:\Windows\System\OkhKypT.exe
  2⤵
  PID:9100
- C:\Windows\System\wkfBsuJ.exe
  C:\Windows\System\wkfBsuJ.exe
  2⤵
  PID:9268
- C:\Windows\System\GcIShFD.exe
  C:\Windows\System\GcIShFD.exe
  2⤵
  PID:9340
- C:\Windows\System\PhsTNSn.exe
  C:\Windows\System\PhsTNSn.exe
  2⤵
  PID:9372
- C:\Windows\System\CDvWAos.exe
  C:\Windows\System\CDvWAos.exe
  2⤵
  PID:9300
- C:\Windows\System\VzELNid.exe
  C:\Windows\System\VzELNid.exe
  2⤵
  PID:9368
- C:\Windows\System\JPTfzvJ.exe
  C:\Windows\System\JPTfzvJ.exe
  2⤵
  PID:9524
- C:\Windows\System\EWtMulF.exe
  C:\Windows\System\EWtMulF.exe
  2⤵
  PID:9448
- C:\Windows\System\bcltICD.exe
  C:\Windows\System\bcltICD.exe
  2⤵
  PID:10196
- C:\Windows\System\PYZwONH.exe
  C:\Windows\System\PYZwONH.exe
  2⤵
  PID:9412
- C:\Windows\System\gZFwSks.exe
  C:\Windows\System\gZFwSks.exe
  2⤵
  PID:10232
- C:\Windows\System\QopUNjE.exe
  C:\Windows\System\QopUNjE.exe
  2⤵
  PID:9544
- C:\Windows\System\NbgCdcN.exe
  C:\Windows\System\NbgCdcN.exe
  2⤵
  PID:9452
- C:\Windows\System\JbuYqeY.exe
  C:\Windows\System\JbuYqeY.exe
  2⤵
  PID:9408
- C:\Windows\System\epnCbPe.exe
  C:\Windows\System\epnCbPe.exe
  2⤵
  PID:9476
- C:\Windows\System\tcumjBo.exe
  C:\Windows\System\tcumjBo.exe
  2⤵
  PID:9548
- C:\Windows\System\GOhSGel.exe
  C:\Windows\System\GOhSGel.exe
  2⤵
  PID:9620
- C:\Windows\System\tDkyPod.exe
  C:\Windows\System\tDkyPod.exe
  2⤵
  PID:9660
- C:\Windows\System\TuKTMmB.exe
  C:\Windows\System\TuKTMmB.exe
  2⤵
  PID:9608
- C:\Windows\System\FmVSxHH.exe
  C:\Windows\System\FmVSxHH.exe
  2⤵
  PID:9744
- C:\Windows\System\lrxjaGq.exe
  C:\Windows\System\lrxjaGq.exe
  2⤵
  PID:9752
- C:\Windows\System\svzjGuB.exe
  C:\Windows\System\svzjGuB.exe
  2⤵
  PID:9772
- C:\Windows\System\kZTTiui.exe
  C:\Windows\System\kZTTiui.exe
  2⤵
  PID:9664
- C:\Windows\System\arWMkHX.exe
  C:\Windows\System\arWMkHX.exe
  2⤵
  PID:9688
- C:\Windows\System\mdofFLz.exe
  C:\Windows\System\mdofFLz.exe
  2⤵
  PID:9700
- C:\Windows\System\mdKpAaK.exe
  C:\Windows\System\mdKpAaK.exe
  2⤵
  PID:9716
- C:\Windows\System\wPaFlJb.exe
  C:\Windows\System\wPaFlJb.exe
  2⤵
  PID:9804
- C:\Windows\System\xBIcCUB.exe
  C:\Windows\System\xBIcCUB.exe
  2⤵
  PID:9948
- C:\Windows\System\hPSlQPp.exe
  C:\Windows\System\hPSlQPp.exe
  2⤵
  PID:9848
- C:\Windows\System\TuWzNCK.exe
  C:\Windows\System\TuWzNCK.exe
  2⤵
  PID:9868
- C:\Windows\System\HieXfYP.exe
  C:\Windows\System\HieXfYP.exe
  2⤵
  PID:10068
- C:\Windows\System\ClmFVHH.exe
  C:\Windows\System\ClmFVHH.exe
  2⤵
  PID:9964
- C:\Windows\System\hziaXOf.exe
  C:\Windows\System\hziaXOf.exe
  2⤵
  PID:9828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AdVxuuV.exe

Filesize
6.0MB

MD5
7845a714ca4c7628ffeaa8266a36d445

SHA1
0a4dbc8d0036ffef6d645eaad3277b020b914f14

SHA256
a2333c401d9adabdc03c970f79ef7ee0a16a388d8a9124af7e45719e7fda6810

SHA512
5ab62d6ddc5d2bd00358a1fe9563a78635c631ac6184f8faf5592c5585d714b3617010dcaac438122ad4484dd44c89883fcbabca7e6cf59e3f25a1901dbd7221

Download Submit
C:\Windows\system\CvQSPmz.exe

Filesize
6.0MB

MD5
2cd7be07b4e53491e642126ab5a58853

SHA1
667191d9602ab53771595bfee08f71462007c062

SHA256
f74301ad799e3a9654245fa9056d21d2d8485716ad3717863512bfca1a2fe3a6

SHA512
0625b2ec7e123a835c1888eae5e542fe0c463cb26a2f436fdb7aa729261a060518274de8b694ca93a43eae8dd8a47070f760284472598f189370e9bcf7293cd7

Download Submit
C:\Windows\system\DrEMNYJ.exe

Filesize
6.0MB

MD5
4972bdc3f805e0f83eca8cb1c1efc0f8

SHA1
8a230f37193f18fa86bddd4aabec11c9d52d8263

SHA256
70ee90789e66b2f03c8e7dfccf784b1d2dccc5e1c78a9d4fd36ee3489186e605

SHA512
d66bcaf322095c23fa69c5a3e63e36f7431cac4d8bb9a774c26e2886ea1111cea055e51a394073263439dd6bd6af56e4146849368eb119b90ebc5d28fcf6aa9e

Download Submit
C:\Windows\system\HnMMqaf.exe

Filesize
6.0MB

MD5
391b62ff5152f9e3a4da00ca21f24a29

SHA1
fff2decb11ad36aa45c2e229e4a8f20bdfd3881a

SHA256
4deff082182b1cbcd10208679dbc083f7cda5b574f84149f155ce7457ce929d3

SHA512
4c2241637d552047186c672afd5d0b94a1fe28d220d058a99ad40f5fb760593a1cca339799d272f957172d875a7f103a3505e799bf712ea7cba47669feb5784d

Download Submit
C:\Windows\system\IQHIsfJ.exe

Filesize
6.0MB

MD5
8239dbe6d4e8c7b24eea8aecc6d13efc

SHA1
f39faae37b8f74ac63cac475eabfb9af40852f02

SHA256
ebe594d6fb8f8c80b575aed686ecdd42fdaee6d496080abcd41af7db2057ab3d

SHA512
774bd5bc748f18de7871e82f94e24e194113c0e6149b7d6b58378cd014d423ca19e5f616ad6932e8ddf9b596bd9e9f7c2669e389a1151447f41810c401681424

Download Submit
C:\Windows\system\JfbYCRK.exe

Filesize
6.0MB

MD5
0d412b225ec8c4d327c4809d0ce30b9f

SHA1
feec5a3e9b523ac4e5fd3b84c6e8b564846b38f1

SHA256
e814a04af5c042a372083fe10c9bb4259ee010a8ac15460c2edc2e4e8fb47207

SHA512
a8b372a7f609b6d8750ace43917c6c51034684b54d96fb1671eb926c7dd61ec184ec6b343c42556fd72f841f28476118520cb5e3222359e9234512e50dccc354

Download Submit
C:\Windows\system\PQqNfTv.exe

Filesize
6.0MB

MD5
a97c2d3267ecc08d0673125bcb8f1406

SHA1
94c4c9836dc100991464adab0efc74934ad11dd8

SHA256
e7d3dca8b2f9205f73bb1234621bd2a335d9033f244b686bd1d24f4b3cea05c4

SHA512
df96e4f18e25d0b9f26f2540748465b465089268a37585b2c76f95788df9d8450043c6a05af54351ad7fde124d77badea91c958095f8b427f4d3359bdf0ecb28

Download Submit
C:\Windows\system\ThhOxAW.exe

Filesize
6.0MB

MD5
30d823f0187236315553bbb988d9bbb7

SHA1
d852f51d92579ecfa02885202daac83b9be1919b

SHA256
791412acdb18938dfd46f63ffdbdfbc026fac4970188ad9e45b6b8cd186f82c3

SHA512
d4d31ed0dda0c403e1e5da082c8550e1df7c21377df301843e34c761b9a7c423319f5f5489bb19e3dca3cd8bc7e6d86c25c1b5f6ee1ca5cf0e349dfdef9da85a

Download Submit
C:\Windows\system\TyKLQiu.exe

Filesize
6.0MB

MD5
ab5304720953b4849cc976421b9dbe5c

SHA1
f8e816abc0adc495580330bf6cacc63caef1aa17

SHA256
1207dce89dce53e03bbdac0239465e905de083cb3dbc4417124e2908ffe0febc

SHA512
b7ae39a434126d53af8d9f82508f978116e14038d684728ac9adb5a0e3662d124853dae0f3688142d1021eae166238a9be0b1a3470fcda1f50f4a956b4259603

Download Submit
C:\Windows\system\VNDQwIt.exe

Filesize
6.0MB

MD5
7408cde0ced4eb8eabdfb6d5ca2aa0c9

SHA1
47561a039153c223d9dee3b63bf03e6668a447bc

SHA256
53a2b414a1f5dc156fc0472bec8bbe566170bba2a31ae3787e8d10bcd041acf1

SHA512
99da5d6516e86dde1eb454ce55a97a3378c61447cff3b13b07b6711baf847950a1cfbab4e1567eb1c7deeadac6fd35312d6eea2a1ed0be24c1c69fa7f6c4f46a

Download Submit
C:\Windows\system\WfjOLtC.exe

Filesize
6.0MB

MD5
d9a00b0e603aaa7099f30f167390df3c

SHA1
ec2e731b03b1e953687190e1c012c899fe3f929b

SHA256
69b1c47f73d2406fb2c24414418bb09ae6f81fe8354437bcfa856544b0ac0c5f

SHA512
fded9bb6190fc9f479dde34f3a40667e79fcb6ad331fb6c9fb7aea954135e12547cf3f9c8cbbc53c4f641bdee2475c398c5d9f37405db400b72f53e557de37a9

Download Submit
C:\Windows\system\WyYdNGl.exe

Filesize
6.0MB

MD5
db76219b8f7d86945771e51edf1b0297

SHA1
40b1d165d8087fc6ce97792ade395e961e256903

SHA256
3afc0e8101a4f65db84f4c5ce9b5a3696e28b4757679493b0690a02cc9919d45

SHA512
d50647b25895a38ad8b56ea97039dd793dfda7eccaf6427cef4230ef2203558d0f2ba0ad6a02d701cabb5b2ae364a128ca600279ddaf868ba2f6da3f6086d2ca

Download Submit
C:\Windows\system\aGWrQYk.exe

Filesize
6.0MB

MD5
a260d11f60d0ff8e1bc41e14da343c65

SHA1
65a3707d8e845e93873142546a0bf48b5ca5de43

SHA256
37d98211923bd10afc0fafb4ef4010f95b2cd0307e5a14fe43a244311d8a5848

SHA512
817c015c886355a8f0ef9104c9f0ae135cdba4dbb6e8bed1f69eeb9f06cfd38f20657356c9607fbcb64dd9afd15147c2fe630bf38397980f37822f18a80306a0

Download Submit
C:\Windows\system\awMqlxe.exe

Filesize
6.0MB

MD5
f93f4a3cd306711abd37871ee1ca7394

SHA1
4cbdd2086b9c7f06a16e4fb65ffed68c42e264fc

SHA256
3098f525389180927f977e830c99e3da50e26453af33e15664a12c693281123a

SHA512
9c16a5b29b82aa766f02eb30e67b17412d6af443a64ebe0ffd5efbaf9d3b5c27798d67ad323d37fd02f9f755444be730a42af5a42963f9bf996dc1546bdfb7ec

Download Submit
C:\Windows\system\eYgwruo.exe

Filesize
6.0MB

MD5
8bfb85fd68169a92f9936092b1896a84

SHA1
b9bd01f64a15db7d213d3b2ae21a193a5ae27966

SHA256
e9509bc26fe68a614b8d8bbac9365acf1eea347f4ff1bd2acfb9370fd20c78ad

SHA512
931ecf1a4d85271e5c71986533cc728a48df78a83781730ca75b51633360248ef70c9e4e2525e0d1233be72f86ba27e3c99f7a3fcf8e18d055232b83336abfd3

Download Submit
C:\Windows\system\fdgrpIz.exe

Filesize
6.0MB

MD5
1568f9a7d047aa7f10d50e518dd4ac34

SHA1
9b52299506f28945a9dd117cad2a5115a9a4427e

SHA256
134f7cf00becc5df6ba93dbe7a3eb6a45e002bc5ccdcda80995a3561dced636c

SHA512
cf51c0aa591741aafebc5754cfd83c47e499b8a6b4157567b73477b4d70802b8d8668cffd388379ef8a7249ad4b95182266d401299b9aadc54565e92df4ecefd

Download Submit
C:\Windows\system\gmaYrhZ.exe

Filesize
6.0MB

MD5
ae53a0171b0bed91c60ad3ba4bceec74

SHA1
8f72bc4e10ccfb32f161df210e8fabff2fee1af6

SHA256
177a9f09a09755b12da1d58f1452a8f3c23ec1d413ff10c9d20c5e224ed23f2c

SHA512
c8ef326689174cc1223e03d96ec8dc0a034e4befdf17c217bee30854734515c654d90f2e14002cb013e7980256644c0ef0d2b435e9ed2eb9bcfeec5bb008448c

Download Submit
C:\Windows\system\iFNUeMR.exe

Filesize
6.0MB

MD5
8649199f4e9558464b7763b63f49edc7

SHA1
7e7ffd8a9576874be762e10926a69cd5e3a3b112

SHA256
693209e1348c860fc4b5bd01c210e2e029a156ee7c8df2dec022fdec8f3e2009

SHA512
a2d4ed00893ed44340fcb39fba3dc697090d269fe04272b843bbbdd8c6afd41b4f56f372caf7576e51304bf1efe09b3e8bcfaff6947e5db5493e4fb7986be772

Download Submit
C:\Windows\system\izsJlSA.exe

Filesize
6.0MB

MD5
cfc532d734c5c0a72a0d620e30091f3a

SHA1
76ef333cb96ad599f0f1379bc5da77a7d4272cd1

SHA256
226c2b44e9d7dcc783ad268e8922c91c4fec8f9efe8d5c4b382e679432923d25

SHA512
a19deee09c018aec1136c1c9ccfca3845acf1b5348dff47d75af3a7570c5be2e0bcb5f348b0c87652e29eec64ce98c0d0b9cd9cc752f6e82f3b6d42ffbb60250

Download Submit
C:\Windows\system\jHvmDrr.exe

Filesize
6.0MB

MD5
f07d6d314518619ac3eb964fbfeff14c

SHA1
658854a0d3ec538add7fac4e7bdfea9bb66c0168

SHA256
ef6b5348f01a8d7b0a8a79bdf1a6c9e24812980df95800bb8368d82604697baa

SHA512
33b756ba6b4474401dcfde6aebcf6a1851a8f6c8935470863e0646d1b058af999f4930952b30b8684c4609e80f198932b9bbbfb8e1be4d5cd68535de72595297

Download Submit
C:\Windows\system\knEzdoe.exe

Filesize
6.0MB

MD5
65a1f1be1487cac9d95a7d568847908f

SHA1
31be51b4c37f2979879dbf521fcc01a58dc82e40

SHA256
fe917247b2bdbf28a6d863bb2c76b46b6a32984d25ad561fe20d3f8cc3958a21

SHA512
09bb8e022d1395b741edcf2c5001832be741571bc3a70c39b2b0976f5777f23bd276249ca7197b0c577992138d26a853c3f8e4efa55596227476ba720168d910

Download Submit
C:\Windows\system\kvlUwOf.exe

Filesize
6.0MB

MD5
a5693e4717b7c7f19874240081adfa71

SHA1
94e5885a1ffd0895dfeedbe4ef86711ecb0d473f

SHA256
897c0578c94d1e722f20fbbc579818f539840f86cbd6a0a29b9355a7a22d99e0

SHA512
5f608f454f243da3b1217233ec7d6c9393ee13f228ddf2fe5bb79cbf317b698568e368c39f93b8e0e2eb513273702e3b9da35b0f480a3be8c8c7736ddd8a1c1d

Download Submit
C:\Windows\system\lSUqqTi.exe

Filesize
6.0MB

MD5
2a79403f042478060c2740c79693e0fd

SHA1
dd7a53fe85ee8ed4fe66718719350a3c4ff7ea6a

SHA256
79e230b393b2a0be9d8d9bfcc1bb38a65e491dcaf486cda6c8d462f446d60996

SHA512
daab10c1a221c65fddf16bca6f65dfe99be5cf3523cda85a082c8a94fae0eb8e0cfd81f9d65af5cd745448894ff4d3192da413f986d9160b055fd574b9f3434c

Download Submit
C:\Windows\system\nVwvTwV.exe

Filesize
6.0MB

MD5
1385f9cd63c88a07e1b506e6fb5bb480

SHA1
eb47dc13a22130fbac2d32657f73eca4a5b4955f

SHA256
c553268cde756abb94645c8f34f98ccd7c9facad347d9ff3b2b29b09fb709f59

SHA512
ebb741d3357e7fa46dfd7560489dddcbe30dd08e878db58c7bc66aa92dadb23291bef9132e0ca5783aea814ed3ca7882770594075b09733f32334469e803107e

Download Submit
C:\Windows\system\qHKBivs.exe

Filesize
6.0MB

MD5
2c6ca0e2528fcdb34f73adeeba9c6a2f

SHA1
fd8097daa88fb1381c291dfc5d61c85fcd0fcabb

SHA256
14c7fc23d4eabc8d04628d27b9af0fab25139156faa39c7d8ce7efe0d05734c3

SHA512
174d69d8a79ee7a6ccb63f7544a35e95763271cc56b947b47c192f53cc3b41be511e5a65f7cdf5a0cdb9bbd060526b8b714eee359409f17c5d9e44d642dc4c59

Download Submit
C:\Windows\system\rinLgck.exe

Filesize
6.0MB

MD5
d16e08db6d0bd049d4445e2cc4a29d15

SHA1
16fdd29ff04cc30eddb445ec2c256848e1f6971c

SHA256
05daf609fe78f13c772116e50b7ca750aaa00714b2f61b95b7d564f7a0b619ec

SHA512
ff47c657e3c0ca78df1e2c486b90922c9665a9cb9910443cb3c6118437b2e2b03f9fdc0521636e69891a62d52fd9a512e8c5475645cc6154d2f7b62f0886f35f

Download Submit
C:\Windows\system\rtppmnE.exe

Filesize
6.0MB

MD5
5d79c5aaaff23302e2a4744fdb681b56

SHA1
14b180a85c31f013225edba8d171150b223d7098

SHA256
244aa739fa8a8221ff92d7645ef4e3a70b962d18d205d19f9aaed15ed23216f0

SHA512
fc77482d12ff7e0e769a0e5ef3ed627ef8373a9b93880d42069a2c02f00663caa7123f924ccb3204df5889db700d30d3b1f6ea2f6923cc85563e24609088f7bd

Download Submit
C:\Windows\system\ssMWVCg.exe

Filesize
6.0MB

MD5
3df7748c2afc84ba28414ab7a1a2d1a7

SHA1
c4eaf31f418ddec6a5319ed2d18186102d8acb87

SHA256
9f96726463f0850b96c301e4c2a858b847e256b7c55979ce637b9d249dce54b1

SHA512
f5ecdddfc4889ebeeb1b3d6dc819d4a0ef01d369cd1e62340542777e0f4f3361a6bc3a75d296d7aa7377692c8c2b6c1082312eba75797ba71ba4b9dbb185b30c

Download Submit
C:\Windows\system\swokhUb.exe

Filesize
6.0MB

MD5
387e7e0f1f38dfd75013b60e96ca5b45

SHA1
3d10e123a79c63a8a9f68ed21d023b8542d85db5

SHA256
fb40fdd31f5f052e7b4ea64cdbf4fda5e3f1f9e8c7f40b478b3e0fe16fa74009

SHA512
143ab58bfe445c4fa34fc7679f27fbb8be793ec947b5ebea9761a2458abc83bada8ae6731095a8663da041aa164648be0331d08ecc48ba8ed3ce168c098bef83

Download Submit
\Windows\system\CKwFQzc.exe

Filesize
6.0MB

MD5
11abb593f63800b47b129a22dcbbfac1

SHA1
544191be5f560c3bb6f776b97fd544f86601f66e

SHA256
ac7a3f9fba47ed9d925f7c652066e9c5584931949dfe901adf219459d8415d0f

SHA512
fb5d1c58c19376a8bf278c1034acc377bc02898ad6b49a3143f84a64238375e06085017657e84fdb9dcec6d1cc0feb1091d0bf1fbb6ac5586f91f35fc76b65dc

Download Submit
\Windows\system\bvtNpvX.exe

Filesize
6.0MB

MD5
ed9813b2e5c41e29356d89ea26c4cd51

SHA1
7704615ec49c16c575e9d271d0d8bc1f61a6d52c

SHA256
77885b609337c6444305bdbbb5e90158f31b2e0afaa179f6b84cf62518e24bc2

SHA512
c4b910303de131c35eb3bea7109b6d41ab7b6294480ccf5bf4da60f2fdf54817ce9891d83489930c46e084eb816d31400c70a0eddee12542e8c81cccdae82fa0

Download Submit
\Windows\system\vLmmbAA.exe

Filesize
6.0MB

MD5
9b1c3439972b4f9dca14958cad7c5b23

SHA1
da963fcedcd2d4664fc5e46d12dac6b0aab94a4b

SHA256
5ae5a577e3a6c52f50b77c7ea9d6655f8b77fc0a457d6bc000a96068151937b4

SHA512
88864fe8fa38590ee653b4283de8b573f54e6bea65dd9b1e27c7279169c483aa7949f287e75251aee3a3963d852e7d8399cdd51591f8e6082c12bdd9b231862b

Download Submit
memory/664-4071-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/664-449-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/664-87-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1648-80-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-4073-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-315-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-4072-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-94-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1948-1431-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-4069-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2016-4067-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2016-102-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2124-16-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-14-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-3501-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-21-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-67-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-65-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-101-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-4074-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4070-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2736-196-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2736-73-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2784-93-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2784-58-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3520-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2812-38-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2812-72-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3517-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3516-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-44-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-85-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2904-50-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2932-40-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-31-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-42-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-0-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-12-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-76-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-86-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-82-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-71-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-19-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-68-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3004-46-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1429-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-53-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-90-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-97-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-98-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-7-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-4066-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-43-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-4068-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-57-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-62-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/3004-105-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3004-384-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-106-0x0000000002260000-0x00000000025B4000-memory.dmp

Filesize
3.3MB

Download