cobaltstrike | 2a4eea565c5a9e27e79f2e59be229ef945e5bfc1e81625f9520325fa9953b027

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-01-2025 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b149e65018f2439fdac51fdc14aa32a9
SHA1

4e66f297ed4cc2fd6fbb616ab5af2984d30fb0f6
SHA256

2a4eea565c5a9e27e79f2e59be229ef945e5bfc1e81625f9520325fa9953b027
SHA512

6e6cc4d117d407e54c7643c385e759446804aa04c8c874cec53e598c568470004b6e01e5940e500c9afccbceb87224ca48276de90428e8dc257bff2efca47fa4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019030-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018d68-16.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001920f-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019234-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018761-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a0-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ac-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a8-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a2-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a497-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a478-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a455-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41c-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a325-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08a-79.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194da-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2e7-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a061-66.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000192f0-55.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925c-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019241-39.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2376-0-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-3.dat	xmrig
behavioral1/files/0x0008000000019030-12.dat	xmrig
behavioral1/files/0x0008000000018d68-16.dat	xmrig
behavioral1/memory/3012-22-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2932-21-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2328-11-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x000700000001920f-23.dat	xmrig
behavioral1/memory/1056-35-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2760-33-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x0006000000019234-32.dat	xmrig
behavioral1/memory/2376-45-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2696-59-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2328-70-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2664-87-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2764-86-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/1592-85-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2732-83-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0007000000018761-99.dat	xmrig
behavioral1/files/0x000500000001a4a0-160.dat	xmrig
behavioral1/memory/2456-1172-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/3060-891-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2696-519-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/1056-323-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b1-193.dat	xmrig
behavioral1/files/0x000500000001a4af-187.dat	xmrig
behavioral1/files/0x000500000001a4aa-178.dat	xmrig
behavioral1/files/0x000500000001a4ac-182.dat	xmrig
behavioral1/files/0x000500000001a4a8-173.dat	xmrig
behavioral1/files/0x000500000001a4a2-167.dat	xmrig
behavioral1/files/0x000500000001a497-157.dat	xmrig
behavioral1/files/0x000500000001a486-147.dat	xmrig
behavioral1/files/0x000500000001a48a-152.dat	xmrig
behavioral1/files/0x000500000001a478-142.dat	xmrig
behavioral1/files/0x000500000001a477-137.dat	xmrig
behavioral1/files/0x000500000001a455-132.dat	xmrig
behavioral1/files/0x000500000001a41e-127.dat	xmrig
behavioral1/files/0x000500000001a41d-123.dat	xmrig
behavioral1/files/0x000500000001a41c-118.dat	xmrig
behavioral1/files/0x000500000001a41b-112.dat	xmrig
behavioral1/files/0x000500000001a41a-108.dat	xmrig
behavioral1/memory/2760-104-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2456-100-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/3060-94-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x000500000001a325-93.dat	xmrig
behavioral1/memory/2932-89-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x000500000001a08a-79.dat	xmrig
behavioral1/files/0x00070000000194da-74.dat	xmrig
behavioral1/memory/2772-73-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x000500000001a2e7-71.dat	xmrig
behavioral1/files/0x000500000001a061-66.dat	xmrig
behavioral1/memory/2780-64-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x00070000000192f0-55.dat	xmrig
behavioral1/memory/2376-50-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000600000001925c-46.dat	xmrig
behavioral1/files/0x0006000000019241-39.dat	xmrig
behavioral1/memory/2328-4012-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2932-4011-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/3012-4013-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2760-4014-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1056-4015-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2780-4016-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2772-4017-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2696-4018-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2328	gkWXAvQ.exe
2932	zxIhWZb.exe
3012	azvFMbG.exe
2760	rPLZRKK.exe
1056	OxLPdGC.exe
2780	yzpTDmR.exe
2772	eupAADT.exe
2696	FWksXfc.exe
2732	ZfCFYYS.exe
1592	OaLictj.exe
2764	FhuOtBA.exe
2664	pveYTTt.exe
3060	RLukGMZ.exe
2456	UnZUwzS.exe
2904	qolwrZY.exe
1244	haFcGfB.exe
1564	KnvUTXj.exe
2636	qyMVqAH.exe
1940	ILlyfEG.exe
1784	XKNVQJB.exe
2004	LbMRZEg.exe
2008	aOZtyQY.exe
1428	UnQwdkH.exe
2232	VhYIfKq.exe
2884	kQfUynI.exe
2200	PSTStrt.exe
1808	iOEwvtR.exe
1872	yjSWfQW.exe
1408	ORcMLTe.exe
1860	PpIBBik.exe
1140	aaGvhIq.exe
2556	YTwQoAf.exe
844	qdBPWuv.exe
352	CPrOOhU.exe
1324	hPviRCT.exe
956	EEBnKOD.exe
1124	yseRxwb.exe
1700	OTGyxWj.exe
1096	sfYfgvO.exe
912	CclfyDk.exe
2204	FQBIdFE.exe
1516	miLYIVJ.exe
692	wspcjOt.exe
784	HCHnZAb.exe
2968	EDDFWQX.exe
2412	sHrHDxO.exe
1924	rdHzSQL.exe
764	zWZYKlp.exe
2296	EJrYlsG.exe
2292	GuTtszE.exe
1624	horuzXs.exe
2508	NXZzvUA.exe
592	jWbbeac.exe
2056	hkMNQPL.exe
1608	aMaxacf.exe
2156	TqdxZhX.exe
1752	VyGHsKk.exe
1656	WIQHFjS.exe
2800	RiuPrML.exe
2856	UuWQjPq.exe
2748	JfdoWph.exe
2740	TSvuYhl.exe
2620	ORZukZp.exe
3040	HDlbRZi.exe

Loads dropped DLL 64 IoCs

pid	Process
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2376-0-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-3.dat	upx
behavioral1/files/0x0008000000019030-12.dat	upx
behavioral1/files/0x0008000000018d68-16.dat	upx
behavioral1/memory/3012-22-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2932-21-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2328-11-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x000700000001920f-23.dat	upx
behavioral1/memory/1056-35-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2760-33-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x0006000000019234-32.dat	upx
behavioral1/memory/2376-45-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2696-59-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2328-70-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2664-87-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2764-86-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/1592-85-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2732-83-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0007000000018761-99.dat	upx
behavioral1/files/0x000500000001a4a0-160.dat	upx
behavioral1/memory/2456-1172-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/3060-891-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2696-519-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/1056-323-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x000500000001a4b1-193.dat	upx
behavioral1/files/0x000500000001a4af-187.dat	upx
behavioral1/files/0x000500000001a4aa-178.dat	upx
behavioral1/files/0x000500000001a4ac-182.dat	upx
behavioral1/files/0x000500000001a4a8-173.dat	upx
behavioral1/files/0x000500000001a4a2-167.dat	upx
behavioral1/files/0x000500000001a497-157.dat	upx
behavioral1/files/0x000500000001a486-147.dat	upx
behavioral1/files/0x000500000001a48a-152.dat	upx
behavioral1/files/0x000500000001a478-142.dat	upx
behavioral1/files/0x000500000001a477-137.dat	upx
behavioral1/files/0x000500000001a455-132.dat	upx
behavioral1/files/0x000500000001a41e-127.dat	upx
behavioral1/files/0x000500000001a41d-123.dat	upx
behavioral1/files/0x000500000001a41c-118.dat	upx
behavioral1/files/0x000500000001a41b-112.dat	upx
behavioral1/files/0x000500000001a41a-108.dat	upx
behavioral1/memory/2760-104-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2456-100-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/3060-94-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x000500000001a325-93.dat	upx
behavioral1/memory/2932-89-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x000500000001a08a-79.dat	upx
behavioral1/files/0x00070000000194da-74.dat	upx
behavioral1/memory/2772-73-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x000500000001a2e7-71.dat	upx
behavioral1/files/0x000500000001a061-66.dat	upx
behavioral1/memory/2780-64-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x00070000000192f0-55.dat	upx
behavioral1/files/0x000600000001925c-46.dat	upx
behavioral1/files/0x0006000000019241-39.dat	upx
behavioral1/memory/2328-4012-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2932-4011-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/3012-4013-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2760-4014-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1056-4015-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2780-4016-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2772-4017-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2696-4018-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2732-4019-0x000000013F900000-0x000000013FC54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jWWIqTz.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJTJXyU.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLPZPrZ.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHbmxuy.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTICxbJ.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHrXHHX.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\upfVzis.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pveYTTt.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaHBjTL.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EeznrSN.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrTnzsZ.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTjePpD.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWCvTvA.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnwTTEs.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNSicaW.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afTxgOY.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwqWihq.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDaUEbl.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJSNsRr.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGMJYVp.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kkzlWnE.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZguHtJ.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPkpbuA.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZYmFJg.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdchGqV.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdzjCPn.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpoQZaT.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhuOtBA.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjEgtaX.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbubMGw.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcLJUxd.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omQxbuy.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSTStrt.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iStucwX.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuxfHtd.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhynLyJ.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QcecfRU.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwTHhrK.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YegvADI.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQQPUWu.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPPlFsd.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsTtqTF.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maPFxis.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMlfRfp.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YowMQdj.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeFrvNw.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBftIBX.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQSqljw.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyngjTP.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdTnVZG.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\octWQye.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLGipKT.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzAqXpS.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rgBNlyZ.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBBmbnM.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYNevML.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lhoewrs.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLsbTxJ.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLWmNZx.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELzdVgN.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCXNYOH.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJAGmPr.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORIDIhY.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWbbeac.exe	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2328	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2376 wrote to memory of 2328	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2376 wrote to memory of 2328	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2376 wrote to memory of 2932	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2376 wrote to memory of 2932	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2376 wrote to memory of 2932	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2376 wrote to memory of 3012	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2376 wrote to memory of 3012	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2376 wrote to memory of 3012	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2376 wrote to memory of 2760	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2376 wrote to memory of 2760	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2376 wrote to memory of 2760	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2376 wrote to memory of 1056	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2376 wrote to memory of 1056	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2376 wrote to memory of 1056	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2376 wrote to memory of 2780	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2376 wrote to memory of 2780	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2376 wrote to memory of 2780	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2376 wrote to memory of 2772	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2376 wrote to memory of 2772	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2376 wrote to memory of 2772	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2376 wrote to memory of 2696	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2376 wrote to memory of 2696	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2376 wrote to memory of 2696	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2376 wrote to memory of 2764	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2376 wrote to memory of 2764	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2376 wrote to memory of 2764	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2376 wrote to memory of 2732	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2376 wrote to memory of 2732	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2376 wrote to memory of 2732	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2376 wrote to memory of 2664	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2376 wrote to memory of 2664	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2376 wrote to memory of 2664	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2376 wrote to memory of 1592	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2376 wrote to memory of 1592	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2376 wrote to memory of 1592	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2376 wrote to memory of 3060	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2376 wrote to memory of 3060	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2376 wrote to memory of 3060	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2376 wrote to memory of 2456	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2376 wrote to memory of 2456	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2376 wrote to memory of 2456	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2376 wrote to memory of 2904	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2376 wrote to memory of 2904	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2376 wrote to memory of 2904	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2376 wrote to memory of 1244	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2376 wrote to memory of 1244	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2376 wrote to memory of 1244	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2376 wrote to memory of 1564	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2376 wrote to memory of 1564	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2376 wrote to memory of 1564	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2376 wrote to memory of 2636	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2376 wrote to memory of 2636	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2376 wrote to memory of 2636	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2376 wrote to memory of 1940	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2376 wrote to memory of 1940	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2376 wrote to memory of 1940	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2376 wrote to memory of 1784	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2376 wrote to memory of 1784	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2376 wrote to memory of 1784	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2376 wrote to memory of 2004	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2376 wrote to memory of 2004	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2376 wrote to memory of 2004	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2376 wrote to memory of 2008	2376	2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_b149e65018f2439fdac51fdc14aa32a9_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\System\gkWXAvQ.exe
  C:\Windows\System\gkWXAvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\zxIhWZb.exe
  C:\Windows\System\zxIhWZb.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\azvFMbG.exe
  C:\Windows\System\azvFMbG.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\rPLZRKK.exe
  C:\Windows\System\rPLZRKK.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\OxLPdGC.exe
  C:\Windows\System\OxLPdGC.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\yzpTDmR.exe
  C:\Windows\System\yzpTDmR.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\eupAADT.exe
  C:\Windows\System\eupAADT.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\FWksXfc.exe
  C:\Windows\System\FWksXfc.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\FhuOtBA.exe
  C:\Windows\System\FhuOtBA.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\ZfCFYYS.exe
  C:\Windows\System\ZfCFYYS.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\pveYTTt.exe
  C:\Windows\System\pveYTTt.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\OaLictj.exe
  C:\Windows\System\OaLictj.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\RLukGMZ.exe
  C:\Windows\System\RLukGMZ.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\UnZUwzS.exe
  C:\Windows\System\UnZUwzS.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\qolwrZY.exe
  C:\Windows\System\qolwrZY.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\haFcGfB.exe
  C:\Windows\System\haFcGfB.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\KnvUTXj.exe
  C:\Windows\System\KnvUTXj.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\qyMVqAH.exe
  C:\Windows\System\qyMVqAH.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\ILlyfEG.exe
  C:\Windows\System\ILlyfEG.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\XKNVQJB.exe
  C:\Windows\System\XKNVQJB.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\LbMRZEg.exe
  C:\Windows\System\LbMRZEg.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\aOZtyQY.exe
  C:\Windows\System\aOZtyQY.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\UnQwdkH.exe
  C:\Windows\System\UnQwdkH.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\VhYIfKq.exe
  C:\Windows\System\VhYIfKq.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\kQfUynI.exe
  C:\Windows\System\kQfUynI.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\PSTStrt.exe
  C:\Windows\System\PSTStrt.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\iOEwvtR.exe
  C:\Windows\System\iOEwvtR.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\yjSWfQW.exe
  C:\Windows\System\yjSWfQW.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\ORcMLTe.exe
  C:\Windows\System\ORcMLTe.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\PpIBBik.exe
  C:\Windows\System\PpIBBik.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\aaGvhIq.exe
  C:\Windows\System\aaGvhIq.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\YTwQoAf.exe
  C:\Windows\System\YTwQoAf.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\qdBPWuv.exe
  C:\Windows\System\qdBPWuv.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\CPrOOhU.exe
  C:\Windows\System\CPrOOhU.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\hPviRCT.exe
  C:\Windows\System\hPviRCT.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\EEBnKOD.exe
  C:\Windows\System\EEBnKOD.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\yseRxwb.exe
  C:\Windows\System\yseRxwb.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\OTGyxWj.exe
  C:\Windows\System\OTGyxWj.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\sfYfgvO.exe
  C:\Windows\System\sfYfgvO.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\CclfyDk.exe
  C:\Windows\System\CclfyDk.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\FQBIdFE.exe
  C:\Windows\System\FQBIdFE.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\miLYIVJ.exe
  C:\Windows\System\miLYIVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\wspcjOt.exe
  C:\Windows\System\wspcjOt.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\HCHnZAb.exe
  C:\Windows\System\HCHnZAb.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\EDDFWQX.exe
  C:\Windows\System\EDDFWQX.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\sHrHDxO.exe
  C:\Windows\System\sHrHDxO.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\rdHzSQL.exe
  C:\Windows\System\rdHzSQL.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\zWZYKlp.exe
  C:\Windows\System\zWZYKlp.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\EJrYlsG.exe
  C:\Windows\System\EJrYlsG.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\GuTtszE.exe
  C:\Windows\System\GuTtszE.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\horuzXs.exe
  C:\Windows\System\horuzXs.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\NXZzvUA.exe
  C:\Windows\System\NXZzvUA.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\jWbbeac.exe
  C:\Windows\System\jWbbeac.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\hkMNQPL.exe
  C:\Windows\System\hkMNQPL.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\aMaxacf.exe
  C:\Windows\System\aMaxacf.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\TqdxZhX.exe
  C:\Windows\System\TqdxZhX.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\VyGHsKk.exe
  C:\Windows\System\VyGHsKk.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\WIQHFjS.exe
  C:\Windows\System\WIQHFjS.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\RiuPrML.exe
  C:\Windows\System\RiuPrML.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\UuWQjPq.exe
  C:\Windows\System\UuWQjPq.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\JfdoWph.exe
  C:\Windows\System\JfdoWph.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\TSvuYhl.exe
  C:\Windows\System\TSvuYhl.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\ORZukZp.exe
  C:\Windows\System\ORZukZp.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\HDlbRZi.exe
  C:\Windows\System\HDlbRZi.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\RjbkCjD.exe
  C:\Windows\System\RjbkCjD.exe
  2⤵
  PID:1976
- C:\Windows\System\QjlgHAO.exe
  C:\Windows\System\QjlgHAO.exe
  2⤵
  PID:2880
- C:\Windows\System\HahobYY.exe
  C:\Windows\System\HahobYY.exe
  2⤵
  PID:756
- C:\Windows\System\aEcVBnb.exe
  C:\Windows\System\aEcVBnb.exe
  2⤵
  PID:2316
- C:\Windows\System\UgfXIAE.exe
  C:\Windows\System\UgfXIAE.exe
  2⤵
  PID:1372
- C:\Windows\System\WBXCAML.exe
  C:\Windows\System\WBXCAML.exe
  2⤵
  PID:1768
- C:\Windows\System\NcrNBgK.exe
  C:\Windows\System\NcrNBgK.exe
  2⤵
  PID:2268
- C:\Windows\System\kTetInL.exe
  C:\Windows\System\kTetInL.exe
  2⤵
  PID:2224
- C:\Windows\System\xJtgTsc.exe
  C:\Windows\System\xJtgTsc.exe
  2⤵
  PID:1480
- C:\Windows\System\lDMZlhp.exe
  C:\Windows\System\lDMZlhp.exe
  2⤵
  PID:584
- C:\Windows\System\kKNgjHo.exe
  C:\Windows\System\kKNgjHo.exe
  2⤵
  PID:2560
- C:\Windows\System\iOWQPVR.exe
  C:\Windows\System\iOWQPVR.exe
  2⤵
  PID:1996
- C:\Windows\System\RZBEAtO.exe
  C:\Windows\System\RZBEAtO.exe
  2⤵
  PID:1704
- C:\Windows\System\JmBMIKJ.exe
  C:\Windows\System\JmBMIKJ.exe
  2⤵
  PID:1748
- C:\Windows\System\JSXZBeO.exe
  C:\Windows\System\JSXZBeO.exe
  2⤵
  PID:1764
- C:\Windows\System\lxptmtq.exe
  C:\Windows\System\lxptmtq.exe
  2⤵
  PID:1712
- C:\Windows\System\octWQye.exe
  C:\Windows\System\octWQye.exe
  2⤵
  PID:568
- C:\Windows\System\CvIXYPr.exe
  C:\Windows\System\CvIXYPr.exe
  2⤵
  PID:2140
- C:\Windows\System\yUZuaaI.exe
  C:\Windows\System\yUZuaaI.exe
  2⤵
  PID:992
- C:\Windows\System\tPkoJXb.exe
  C:\Windows\System\tPkoJXb.exe
  2⤵
  PID:2452
- C:\Windows\System\jsyXpIv.exe
  C:\Windows\System\jsyXpIv.exe
  2⤵
  PID:2272
- C:\Windows\System\yiEHDFe.exe
  C:\Windows\System\yiEHDFe.exe
  2⤵
  PID:1812
- C:\Windows\System\cMocuci.exe
  C:\Windows\System\cMocuci.exe
  2⤵
  PID:792
- C:\Windows\System\vxYwPOU.exe
  C:\Windows\System\vxYwPOU.exe
  2⤵
  PID:2308
- C:\Windows\System\doIhwWp.exe
  C:\Windows\System\doIhwWp.exe
  2⤵
  PID:2520
- C:\Windows\System\DiZoNZj.exe
  C:\Windows\System\DiZoNZj.exe
  2⤵
  PID:2712
- C:\Windows\System\KYUQFCX.exe
  C:\Windows\System\KYUQFCX.exe
  2⤵
  PID:2704
- C:\Windows\System\XHmHShg.exe
  C:\Windows\System\XHmHShg.exe
  2⤵
  PID:2580
- C:\Windows\System\dKubfHa.exe
  C:\Windows\System\dKubfHa.exe
  2⤵
  PID:2708
- C:\Windows\System\tXtgkFn.exe
  C:\Windows\System\tXtgkFn.exe
  2⤵
  PID:868
- C:\Windows\System\hmNOyIb.exe
  C:\Windows\System\hmNOyIb.exe
  2⤵
  PID:1644
- C:\Windows\System\KAnmZAS.exe
  C:\Windows\System\KAnmZAS.exe
  2⤵
  PID:2900
- C:\Windows\System\HapVErO.exe
  C:\Windows\System\HapVErO.exe
  2⤵
  PID:2564
- C:\Windows\System\LtZMARM.exe
  C:\Windows\System\LtZMARM.exe
  2⤵
  PID:2400
- C:\Windows\System\jWWIqTz.exe
  C:\Windows\System\jWWIqTz.exe
  2⤵
  PID:2264
- C:\Windows\System\iMqEPDI.exe
  C:\Windows\System\iMqEPDI.exe
  2⤵
  PID:560
- C:\Windows\System\nZguHtJ.exe
  C:\Windows\System\nZguHtJ.exe
  2⤵
  PID:2288
- C:\Windows\System\tMvnyra.exe
  C:\Windows\System\tMvnyra.exe
  2⤵
  PID:2460
- C:\Windows\System\ECojzBH.exe
  C:\Windows\System\ECojzBH.exe
  2⤵
  PID:1004
- C:\Windows\System\hdPbNkt.exe
  C:\Windows\System\hdPbNkt.exe
  2⤵
  PID:760
- C:\Windows\System\VdBKMif.exe
  C:\Windows\System\VdBKMif.exe
  2⤵
  PID:3088
- C:\Windows\System\YowMQdj.exe
  C:\Windows\System\YowMQdj.exe
  2⤵
  PID:3108
- C:\Windows\System\qZnUydL.exe
  C:\Windows\System\qZnUydL.exe
  2⤵
  PID:3128
- C:\Windows\System\oPXJmHX.exe
  C:\Windows\System\oPXJmHX.exe
  2⤵
  PID:3148
- C:\Windows\System\ktulBei.exe
  C:\Windows\System\ktulBei.exe
  2⤵
  PID:3168
- C:\Windows\System\yHXCIOD.exe
  C:\Windows\System\yHXCIOD.exe
  2⤵
  PID:3188
- C:\Windows\System\BKkBUkO.exe
  C:\Windows\System\BKkBUkO.exe
  2⤵
  PID:3208
- C:\Windows\System\RKIhxlG.exe
  C:\Windows\System\RKIhxlG.exe
  2⤵
  PID:3228
- C:\Windows\System\RFwPWMV.exe
  C:\Windows\System\RFwPWMV.exe
  2⤵
  PID:3248
- C:\Windows\System\bHQBvuJ.exe
  C:\Windows\System\bHQBvuJ.exe
  2⤵
  PID:3268
- C:\Windows\System\fgfYHOA.exe
  C:\Windows\System\fgfYHOA.exe
  2⤵
  PID:3288
- C:\Windows\System\GvMAYdK.exe
  C:\Windows\System\GvMAYdK.exe
  2⤵
  PID:3308
- C:\Windows\System\ShYRtGH.exe
  C:\Windows\System\ShYRtGH.exe
  2⤵
  PID:3328
- C:\Windows\System\hnKfpnt.exe
  C:\Windows\System\hnKfpnt.exe
  2⤵
  PID:3348
- C:\Windows\System\DrLkZDo.exe
  C:\Windows\System\DrLkZDo.exe
  2⤵
  PID:3368
- C:\Windows\System\xeGbJVR.exe
  C:\Windows\System\xeGbJVR.exe
  2⤵
  PID:3388
- C:\Windows\System\DrQzoCX.exe
  C:\Windows\System\DrQzoCX.exe
  2⤵
  PID:3408
- C:\Windows\System\RiRuooL.exe
  C:\Windows\System\RiRuooL.exe
  2⤵
  PID:3428
- C:\Windows\System\naVPcrZ.exe
  C:\Windows\System\naVPcrZ.exe
  2⤵
  PID:3448
- C:\Windows\System\HffMIeq.exe
  C:\Windows\System\HffMIeq.exe
  2⤵
  PID:3468
- C:\Windows\System\NMsVqiV.exe
  C:\Windows\System\NMsVqiV.exe
  2⤵
  PID:3488
- C:\Windows\System\ulqUeqT.exe
  C:\Windows\System\ulqUeqT.exe
  2⤵
  PID:3508
- C:\Windows\System\AZAyFEX.exe
  C:\Windows\System\AZAyFEX.exe
  2⤵
  PID:3528
- C:\Windows\System\XBSmIwJ.exe
  C:\Windows\System\XBSmIwJ.exe
  2⤵
  PID:3548
- C:\Windows\System\YnPHcIH.exe
  C:\Windows\System\YnPHcIH.exe
  2⤵
  PID:3568
- C:\Windows\System\dxfIWRb.exe
  C:\Windows\System\dxfIWRb.exe
  2⤵
  PID:3588
- C:\Windows\System\MNFkJaO.exe
  C:\Windows\System\MNFkJaO.exe
  2⤵
  PID:3608
- C:\Windows\System\raDzqUA.exe
  C:\Windows\System\raDzqUA.exe
  2⤵
  PID:3628
- C:\Windows\System\vLHpBna.exe
  C:\Windows\System\vLHpBna.exe
  2⤵
  PID:3648
- C:\Windows\System\goYsCpb.exe
  C:\Windows\System\goYsCpb.exe
  2⤵
  PID:3668
- C:\Windows\System\eIbRegO.exe
  C:\Windows\System\eIbRegO.exe
  2⤵
  PID:3688
- C:\Windows\System\fjocwtS.exe
  C:\Windows\System\fjocwtS.exe
  2⤵
  PID:3760
- C:\Windows\System\msWNICh.exe
  C:\Windows\System\msWNICh.exe
  2⤵
  PID:3796
- C:\Windows\System\iXzdNxf.exe
  C:\Windows\System\iXzdNxf.exe
  2⤵
  PID:3812
- C:\Windows\System\cZNREVa.exe
  C:\Windows\System\cZNREVa.exe
  2⤵
  PID:3832
- C:\Windows\System\gMXSWWT.exe
  C:\Windows\System\gMXSWWT.exe
  2⤵
  PID:3924
- C:\Windows\System\ZzqCUEq.exe
  C:\Windows\System\ZzqCUEq.exe
  2⤵
  PID:3944
- C:\Windows\System\QCDSLhh.exe
  C:\Windows\System\QCDSLhh.exe
  2⤵
  PID:3960
- C:\Windows\System\qikAnvt.exe
  C:\Windows\System\qikAnvt.exe
  2⤵
  PID:3984
- C:\Windows\System\YrKbUNj.exe
  C:\Windows\System\YrKbUNj.exe
  2⤵
  PID:4000
- C:\Windows\System\wORjFdJ.exe
  C:\Windows\System\wORjFdJ.exe
  2⤵
  PID:4024
- C:\Windows\System\LkxFBPy.exe
  C:\Windows\System\LkxFBPy.exe
  2⤵
  PID:4044
- C:\Windows\System\xHmavmu.exe
  C:\Windows\System\xHmavmu.exe
  2⤵
  PID:4064
- C:\Windows\System\kWCOLYO.exe
  C:\Windows\System\kWCOLYO.exe
  2⤵
  PID:4084
- C:\Windows\System\QYpRmOh.exe
  C:\Windows\System\QYpRmOh.exe
  2⤵
  PID:2416
- C:\Windows\System\dsmubNl.exe
  C:\Windows\System\dsmubNl.exe
  2⤵
  PID:2248
- C:\Windows\System\CYXiPMm.exe
  C:\Windows\System\CYXiPMm.exe
  2⤵
  PID:2448
- C:\Windows\System\NEqUcXs.exe
  C:\Windows\System\NEqUcXs.exe
  2⤵
  PID:552
- C:\Windows\System\cqohdUv.exe
  C:\Windows\System\cqohdUv.exe
  2⤵
  PID:1612
- C:\Windows\System\jeFrvNw.exe
  C:\Windows\System\jeFrvNw.exe
  2⤵
  PID:2960
- C:\Windows\System\GndcxkM.exe
  C:\Windows\System\GndcxkM.exe
  2⤵
  PID:2836
- C:\Windows\System\jtlDlpL.exe
  C:\Windows\System\jtlDlpL.exe
  2⤵
  PID:3028
- C:\Windows\System\UGKXUxE.exe
  C:\Windows\System\UGKXUxE.exe
  2⤵
  PID:1856
- C:\Windows\System\iXldkPc.exe
  C:\Windows\System\iXldkPc.exe
  2⤵
  PID:2080
- C:\Windows\System\DZKzbna.exe
  C:\Windows\System\DZKzbna.exe
  2⤵
  PID:3004
- C:\Windows\System\EoiZfqD.exe
  C:\Windows\System\EoiZfqD.exe
  2⤵
  PID:2972
- C:\Windows\System\dJISqDD.exe
  C:\Windows\System\dJISqDD.exe
  2⤵
  PID:1560
- C:\Windows\System\MvbykXb.exe
  C:\Windows\System\MvbykXb.exe
  2⤵
  PID:620
- C:\Windows\System\YNSicaW.exe
  C:\Windows\System\YNSicaW.exe
  2⤵
  PID:3096
- C:\Windows\System\maRDnvS.exe
  C:\Windows\System\maRDnvS.exe
  2⤵
  PID:3124
- C:\Windows\System\DZTnLTi.exe
  C:\Windows\System\DZTnLTi.exe
  2⤵
  PID:3140
- C:\Windows\System\muEWLpy.exe
  C:\Windows\System\muEWLpy.exe
  2⤵
  PID:3196
- C:\Windows\System\iKCnSzy.exe
  C:\Windows\System\iKCnSzy.exe
  2⤵
  PID:3240
- C:\Windows\System\QdtMCOB.exe
  C:\Windows\System\QdtMCOB.exe
  2⤵
  PID:3216
- C:\Windows\System\cQoOrGX.exe
  C:\Windows\System\cQoOrGX.exe
  2⤵
  PID:3264
- C:\Windows\System\rWGILHd.exe
  C:\Windows\System\rWGILHd.exe
  2⤵
  PID:3324
- C:\Windows\System\gCCuSuV.exe
  C:\Windows\System\gCCuSuV.exe
  2⤵
  PID:3340
- C:\Windows\System\ceqqnFc.exe
  C:\Windows\System\ceqqnFc.exe
  2⤵
  PID:3400
- C:\Windows\System\EirEaBM.exe
  C:\Windows\System\EirEaBM.exe
  2⤵
  PID:3484
- C:\Windows\System\GYvoOyG.exe
  C:\Windows\System\GYvoOyG.exe
  2⤵
  PID:3556
- C:\Windows\System\FpduCRB.exe
  C:\Windows\System\FpduCRB.exe
  2⤵
  PID:3600
- C:\Windows\System\fGArqMS.exe
  C:\Windows\System\fGArqMS.exe
  2⤵
  PID:3684
- C:\Windows\System\cfcKjrt.exe
  C:\Windows\System\cfcKjrt.exe
  2⤵
  PID:3820
- C:\Windows\System\zMCJZXu.exe
  C:\Windows\System\zMCJZXu.exe
  2⤵
  PID:3380
- C:\Windows\System\CTtqVSb.exe
  C:\Windows\System\CTtqVSb.exe
  2⤵
  PID:3464
- C:\Windows\System\MNKwxnZ.exe
  C:\Windows\System\MNKwxnZ.exe
  2⤵
  PID:3500
- C:\Windows\System\xThQJnk.exe
  C:\Windows\System\xThQJnk.exe
  2⤵
  PID:3584
- C:\Windows\System\WMowpLJ.exe
  C:\Windows\System\WMowpLJ.exe
  2⤵
  PID:3656
- C:\Windows\System\SnTqUFT.exe
  C:\Windows\System\SnTqUFT.exe
  2⤵
  PID:3804
- C:\Windows\System\Lhoewrs.exe
  C:\Windows\System\Lhoewrs.exe
  2⤵
  PID:3908
- C:\Windows\System\nBWGbyD.exe
  C:\Windows\System\nBWGbyD.exe
  2⤵
  PID:3968
- C:\Windows\System\fwjthvg.exe
  C:\Windows\System\fwjthvg.exe
  2⤵
  PID:3956
- C:\Windows\System\ZLsbTxJ.exe
  C:\Windows\System\ZLsbTxJ.exe
  2⤵
  PID:3996
- C:\Windows\System\MFQABYf.exe
  C:\Windows\System\MFQABYf.exe
  2⤵
  PID:4040
- C:\Windows\System\sAobtpR.exe
  C:\Windows\System\sAobtpR.exe
  2⤵
  PID:2468
- C:\Windows\System\sOTJbap.exe
  C:\Windows\System\sOTJbap.exe
  2⤵
  PID:1488
- C:\Windows\System\puhpqvq.exe
  C:\Windows\System\puhpqvq.exe
  2⤵
  PID:1580
- C:\Windows\System\WPsJuJm.exe
  C:\Windows\System\WPsJuJm.exe
  2⤵
  PID:1724
- C:\Windows\System\qNyBOHY.exe
  C:\Windows\System\qNyBOHY.exe
  2⤵
  PID:1916
- C:\Windows\System\GadhPXk.exe
  C:\Windows\System\GadhPXk.exe
  2⤵
  PID:2924
- C:\Windows\System\ijZYEyX.exe
  C:\Windows\System\ijZYEyX.exe
  2⤵
  PID:1252
- C:\Windows\System\aOGMqcP.exe
  C:\Windows\System\aOGMqcP.exe
  2⤵
  PID:2180
- C:\Windows\System\lFUyMhe.exe
  C:\Windows\System\lFUyMhe.exe
  2⤵
  PID:3084
- C:\Windows\System\EZMlXWv.exe
  C:\Windows\System\EZMlXWv.exe
  2⤵
  PID:3136
- C:\Windows\System\lZXYmAz.exe
  C:\Windows\System\lZXYmAz.exe
  2⤵
  PID:3164
- C:\Windows\System\WbPzyMY.exe
  C:\Windows\System\WbPzyMY.exe
  2⤵
  PID:3720
- C:\Windows\System\GHzhycI.exe
  C:\Windows\System\GHzhycI.exe
  2⤵
  PID:3256
- C:\Windows\System\GrohaBV.exe
  C:\Windows\System\GrohaBV.exe
  2⤵
  PID:3336
- C:\Windows\System\UjXLodP.exe
  C:\Windows\System\UjXLodP.exe
  2⤵
  PID:3300
- C:\Windows\System\VoPWVWm.exe
  C:\Windows\System\VoPWVWm.exe
  2⤵
  PID:3476
- C:\Windows\System\SUzoWoO.exe
  C:\Windows\System\SUzoWoO.exe
  2⤵
  PID:3404
- C:\Windows\System\lsccbza.exe
  C:\Windows\System\lsccbza.exe
  2⤵
  PID:3596
- C:\Windows\System\hnwqdfW.exe
  C:\Windows\System\hnwqdfW.exe
  2⤵
  PID:3424
- C:\Windows\System\gpRSAuL.exe
  C:\Windows\System\gpRSAuL.exe
  2⤵
  PID:3640
- C:\Windows\System\SnZXywt.exe
  C:\Windows\System\SnZXywt.exe
  2⤵
  PID:3824
- C:\Windows\System\bQHQrUF.exe
  C:\Windows\System\bQHQrUF.exe
  2⤵
  PID:3540
- C:\Windows\System\HXcGabf.exe
  C:\Windows\System\HXcGabf.exe
  2⤵
  PID:3756
- C:\Windows\System\OzEDwxx.exe
  C:\Windows\System\OzEDwxx.exe
  2⤵
  PID:3616
- C:\Windows\System\sEogaKS.exe
  C:\Windows\System\sEogaKS.exe
  2⤵
  PID:3904
- C:\Windows\System\SLPVnJF.exe
  C:\Windows\System\SLPVnJF.exe
  2⤵
  PID:4016
- C:\Windows\System\DpojUkD.exe
  C:\Windows\System\DpojUkD.exe
  2⤵
  PID:3976
- C:\Windows\System\PXdushA.exe
  C:\Windows\System\PXdushA.exe
  2⤵
  PID:4060
- C:\Windows\System\ZhynLyJ.exe
  C:\Windows\System\ZhynLyJ.exe
  2⤵
  PID:2148
- C:\Windows\System\gKBLriY.exe
  C:\Windows\System\gKBLriY.exe
  2⤵
  PID:2480
- C:\Windows\System\OJjFndk.exe
  C:\Windows\System\OJjFndk.exe
  2⤵
  PID:744
- C:\Windows\System\GMDistO.exe
  C:\Windows\System\GMDistO.exe
  2⤵
  PID:1212
- C:\Windows\System\cSPTkVd.exe
  C:\Windows\System\cSPTkVd.exe
  2⤵
  PID:2160
- C:\Windows\System\Mdcpwpp.exe
  C:\Windows\System\Mdcpwpp.exe
  2⤵
  PID:1016
- C:\Windows\System\uoPToiV.exe
  C:\Windows\System\uoPToiV.exe
  2⤵
  PID:3236
- C:\Windows\System\afTxgOY.exe
  C:\Windows\System\afTxgOY.exe
  2⤵
  PID:3184
- C:\Windows\System\ymzdAKA.exe
  C:\Windows\System\ymzdAKA.exe
  2⤵
  PID:3296
- C:\Windows\System\esqtaqB.exe
  C:\Windows\System\esqtaqB.exe
  2⤵
  PID:3604
- C:\Windows\System\FcLQxfZ.exe
  C:\Windows\System\FcLQxfZ.exe
  2⤵
  PID:3520
- C:\Windows\System\AdzODDF.exe
  C:\Windows\System\AdzODDF.exe
  2⤵
  PID:3788
- C:\Windows\System\oazOxsa.exe
  C:\Windows\System\oazOxsa.exe
  2⤵
  PID:3420
- C:\Windows\System\pSMkpVv.exe
  C:\Windows\System\pSMkpVv.exe
  2⤵
  PID:3660
- C:\Windows\System\qBAUYJB.exe
  C:\Windows\System\qBAUYJB.exe
  2⤵
  PID:3940
- C:\Windows\System\kltdZmh.exe
  C:\Windows\System\kltdZmh.exe
  2⤵
  PID:3980
- C:\Windows\System\UJTJXyU.exe
  C:\Windows\System\UJTJXyU.exe
  2⤵
  PID:4036
- C:\Windows\System\pLxBLPi.exe
  C:\Windows\System\pLxBLPi.exe
  2⤵
  PID:1964
- C:\Windows\System\myScpVG.exe
  C:\Windows\System\myScpVG.exe
  2⤵
  PID:2276
- C:\Windows\System\NCEqwPi.exe
  C:\Windows\System\NCEqwPi.exe
  2⤵
  PID:3244
- C:\Windows\System\xfZRxGp.exe
  C:\Windows\System\xfZRxGp.exe
  2⤵
  PID:3444
- C:\Windows\System\kXWpYiV.exe
  C:\Windows\System\kXWpYiV.exe
  2⤵
  PID:3304
- C:\Windows\System\bZdZYJO.exe
  C:\Windows\System\bZdZYJO.exe
  2⤵
  PID:3576
- C:\Windows\System\VuRGlsa.exe
  C:\Windows\System\VuRGlsa.exe
  2⤵
  PID:3456
- C:\Windows\System\xqPjJxK.exe
  C:\Windows\System\xqPjJxK.exe
  2⤵
  PID:3992
- C:\Windows\System\HQQPUWu.exe
  C:\Windows\System\HQQPUWu.exe
  2⤵
  PID:1616
- C:\Windows\System\MPPlFsd.exe
  C:\Windows\System\MPPlFsd.exe
  2⤵
  PID:2256
- C:\Windows\System\JVnyLoC.exe
  C:\Windows\System\JVnyLoC.exe
  2⤵
  PID:2776
- C:\Windows\System\rNPTIJB.exe
  C:\Windows\System\rNPTIJB.exe
  2⤵
  PID:4104
- C:\Windows\System\aOAgSTR.exe
  C:\Windows\System\aOAgSTR.exe
  2⤵
  PID:4120
- C:\Windows\System\IVOuTSX.exe
  C:\Windows\System\IVOuTSX.exe
  2⤵
  PID:4136
- C:\Windows\System\RIrWoSJ.exe
  C:\Windows\System\RIrWoSJ.exe
  2⤵
  PID:4156
- C:\Windows\System\JBqUrit.exe
  C:\Windows\System\JBqUrit.exe
  2⤵
  PID:4200
- C:\Windows\System\mlStofH.exe
  C:\Windows\System\mlStofH.exe
  2⤵
  PID:4236
- C:\Windows\System\TDAtUkw.exe
  C:\Windows\System\TDAtUkw.exe
  2⤵
  PID:4256
- C:\Windows\System\XNASGll.exe
  C:\Windows\System\XNASGll.exe
  2⤵
  PID:4272
- C:\Windows\System\gQmStVE.exe
  C:\Windows\System\gQmStVE.exe
  2⤵
  PID:4288
- C:\Windows\System\IwIIpKt.exe
  C:\Windows\System\IwIIpKt.exe
  2⤵
  PID:4304
- C:\Windows\System\PdVGoum.exe
  C:\Windows\System\PdVGoum.exe
  2⤵
  PID:4320
- C:\Windows\System\ekDlxUW.exe
  C:\Windows\System\ekDlxUW.exe
  2⤵
  PID:4408
- C:\Windows\System\tBHeoXq.exe
  C:\Windows\System\tBHeoXq.exe
  2⤵
  PID:4424
- C:\Windows\System\cQFPCvU.exe
  C:\Windows\System\cQFPCvU.exe
  2⤵
  PID:4460
- C:\Windows\System\zeXxGTA.exe
  C:\Windows\System\zeXxGTA.exe
  2⤵
  PID:4504
- C:\Windows\System\foYYjEq.exe
  C:\Windows\System\foYYjEq.exe
  2⤵
  PID:4620
- C:\Windows\System\QPjFdQe.exe
  C:\Windows\System\QPjFdQe.exe
  2⤵
  PID:4660
- C:\Windows\System\mknodPN.exe
  C:\Windows\System\mknodPN.exe
  2⤵
  PID:4676
- C:\Windows\System\SIvJrTZ.exe
  C:\Windows\System\SIvJrTZ.exe
  2⤵
  PID:4696
- C:\Windows\System\hTEvjBZ.exe
  C:\Windows\System\hTEvjBZ.exe
  2⤵
  PID:4728
- C:\Windows\System\vJHHjan.exe
  C:\Windows\System\vJHHjan.exe
  2⤵
  PID:4744
- C:\Windows\System\HTtfqkh.exe
  C:\Windows\System\HTtfqkh.exe
  2⤵
  PID:4760
- C:\Windows\System\xZCdJSY.exe
  C:\Windows\System\xZCdJSY.exe
  2⤵
  PID:4780
- C:\Windows\System\gRzJspL.exe
  C:\Windows\System\gRzJspL.exe
  2⤵
  PID:4800
- C:\Windows\System\GAeLOaR.exe
  C:\Windows\System\GAeLOaR.exe
  2⤵
  PID:4820
- C:\Windows\System\wIlwjos.exe
  C:\Windows\System\wIlwjos.exe
  2⤵
  PID:4836
- C:\Windows\System\yuDrLSj.exe
  C:\Windows\System\yuDrLSj.exe
  2⤵
  PID:4856
- C:\Windows\System\sKoRjla.exe
  C:\Windows\System\sKoRjla.exe
  2⤵
  PID:4888
- C:\Windows\System\ixsBbqn.exe
  C:\Windows\System\ixsBbqn.exe
  2⤵
  PID:4904
- C:\Windows\System\ckykEwG.exe
  C:\Windows\System\ckykEwG.exe
  2⤵
  PID:4920
- C:\Windows\System\FybjfGr.exe
  C:\Windows\System\FybjfGr.exe
  2⤵
  PID:4940
- C:\Windows\System\iNNniKC.exe
  C:\Windows\System\iNNniKC.exe
  2⤵
  PID:4960
- C:\Windows\System\xsFYMQS.exe
  C:\Windows\System\xsFYMQS.exe
  2⤵
  PID:4980
- C:\Windows\System\QInKklG.exe
  C:\Windows\System\QInKklG.exe
  2⤵
  PID:5008
- C:\Windows\System\OPNPBTa.exe
  C:\Windows\System\OPNPBTa.exe
  2⤵
  PID:5024
- C:\Windows\System\JSskCWK.exe
  C:\Windows\System\JSskCWK.exe
  2⤵
  PID:5040
- C:\Windows\System\USIkYTZ.exe
  C:\Windows\System\USIkYTZ.exe
  2⤵
  PID:5060
- C:\Windows\System\BproxJL.exe
  C:\Windows\System\BproxJL.exe
  2⤵
  PID:5080
- C:\Windows\System\jfSmreD.exe
  C:\Windows\System\jfSmreD.exe
  2⤵
  PID:5096
- C:\Windows\System\ikxkHRP.exe
  C:\Windows\System\ikxkHRP.exe
  2⤵
  PID:3696
- C:\Windows\System\nVVUdyy.exe
  C:\Windows\System\nVVUdyy.exe
  2⤵
  PID:4116
- C:\Windows\System\JcDXcXf.exe
  C:\Windows\System\JcDXcXf.exe
  2⤵
  PID:4212
- C:\Windows\System\smDBFoe.exe
  C:\Windows\System\smDBFoe.exe
  2⤵
  PID:3360
- C:\Windows\System\QeRNWzQ.exe
  C:\Windows\System\QeRNWzQ.exe
  2⤵
  PID:4268
- C:\Windows\System\VcEjjhv.exe
  C:\Windows\System\VcEjjhv.exe
  2⤵
  PID:2608
- C:\Windows\System\rlHBCvL.exe
  C:\Windows\System\rlHBCvL.exe
  2⤵
  PID:4336
- C:\Windows\System\ryWYsFj.exe
  C:\Windows\System\ryWYsFj.exe
  2⤵
  PID:4356
- C:\Windows\System\ptJDYHu.exe
  C:\Windows\System\ptJDYHu.exe
  2⤵
  PID:4376
- C:\Windows\System\VlwMFxR.exe
  C:\Windows\System\VlwMFxR.exe
  2⤵
  PID:2824
- C:\Windows\System\rLfBXmR.exe
  C:\Windows\System\rLfBXmR.exe
  2⤵
  PID:4168
- C:\Windows\System\IxEtsWm.exe
  C:\Windows\System\IxEtsWm.exe
  2⤵
  PID:4188
- C:\Windows\System\LgfEvof.exe
  C:\Windows\System\LgfEvof.exe
  2⤵
  PID:4392
- C:\Windows\System\XjlXLBm.exe
  C:\Windows\System\XjlXLBm.exe
  2⤵
  PID:4284
- C:\Windows\System\MlNvmoe.exe
  C:\Windows\System\MlNvmoe.exe
  2⤵
  PID:2592
- C:\Windows\System\sSHeOBW.exe
  C:\Windows\System\sSHeOBW.exe
  2⤵
  PID:4404
- C:\Windows\System\tExoChR.exe
  C:\Windows\System\tExoChR.exe
  2⤵
  PID:4448
- C:\Windows\System\KjEeXZh.exe
  C:\Windows\System\KjEeXZh.exe
  2⤵
  PID:4520
- C:\Windows\System\RDcIayy.exe
  C:\Windows\System\RDcIayy.exe
  2⤵
  PID:4536
- C:\Windows\System\XPzMvEY.exe
  C:\Windows\System\XPzMvEY.exe
  2⤵
  PID:4556
- C:\Windows\System\LxLhmxY.exe
  C:\Windows\System\LxLhmxY.exe
  2⤵
  PID:4584
- C:\Windows\System\lfOHizQ.exe
  C:\Windows\System\lfOHizQ.exe
  2⤵
  PID:4600
- C:\Windows\System\wMkxiaZ.exe
  C:\Windows\System\wMkxiaZ.exe
  2⤵
  PID:4416
- C:\Windows\System\jyzoTcv.exe
  C:\Windows\System\jyzoTcv.exe
  2⤵
  PID:4476
- C:\Windows\System\kKQGJIr.exe
  C:\Windows\System\kKQGJIr.exe
  2⤵
  PID:4496
- C:\Windows\System\ubTPhFp.exe
  C:\Windows\System\ubTPhFp.exe
  2⤵
  PID:4632
- C:\Windows\System\kKIyzmv.exe
  C:\Windows\System\kKIyzmv.exe
  2⤵
  PID:2848
- C:\Windows\System\MstKyTM.exe
  C:\Windows\System\MstKyTM.exe
  2⤵
  PID:2332
- C:\Windows\System\PGIezfB.exe
  C:\Windows\System\PGIezfB.exe
  2⤵
  PID:3920
- C:\Windows\System\NLtYrSn.exe
  C:\Windows\System\NLtYrSn.exe
  2⤵
  PID:4704
- C:\Windows\System\heOiJga.exe
  C:\Windows\System\heOiJga.exe
  2⤵
  PID:4684
- C:\Windows\System\dWKagUv.exe
  C:\Windows\System\dWKagUv.exe
  2⤵
  PID:4720
- C:\Windows\System\JOzLnLA.exe
  C:\Windows\System\JOzLnLA.exe
  2⤵
  PID:4740
- C:\Windows\System\PHQZsTG.exe
  C:\Windows\System\PHQZsTG.exe
  2⤵
  PID:4792
- C:\Windows\System\VIYWTRC.exe
  C:\Windows\System\VIYWTRC.exe
  2⤵
  PID:4776
- C:\Windows\System\EhZtFVc.exe
  C:\Windows\System\EhZtFVc.exe
  2⤵
  PID:4844
- C:\Windows\System\jtMljId.exe
  C:\Windows\System\jtMljId.exe
  2⤵
  PID:4848
- C:\Windows\System\jyohbiG.exe
  C:\Windows\System\jyohbiG.exe
  2⤵
  PID:4872
- C:\Windows\System\pgfRXNu.exe
  C:\Windows\System\pgfRXNu.exe
  2⤵
  PID:4936
- C:\Windows\System\cLyPymP.exe
  C:\Windows\System\cLyPymP.exe
  2⤵
  PID:4988
- C:\Windows\System\GYNevML.exe
  C:\Windows\System\GYNevML.exe
  2⤵
  PID:5016
- C:\Windows\System\fxDYZgY.exe
  C:\Windows\System\fxDYZgY.exe
  2⤵
  PID:5036
- C:\Windows\System\nYiqeLc.exe
  C:\Windows\System\nYiqeLc.exe
  2⤵
  PID:5104
- C:\Windows\System\thBdtKE.exe
  C:\Windows\System\thBdtKE.exe
  2⤵
  PID:5092
- C:\Windows\System\tyqTxIp.exe
  C:\Windows\System\tyqTxIp.exe
  2⤵
  PID:5116
- C:\Windows\System\XUHIVPA.exe
  C:\Windows\System\XUHIVPA.exe
  2⤵
  PID:2548
- C:\Windows\System\IhcpoAk.exe
  C:\Windows\System\IhcpoAk.exe
  2⤵
  PID:4208
- C:\Windows\System\tDiAVJr.exe
  C:\Windows\System\tDiAVJr.exe
  2⤵
  PID:2828
- C:\Windows\System\RMSKwtN.exe
  C:\Windows\System\RMSKwtN.exe
  2⤵
  PID:3620
- C:\Windows\System\vAJCEWH.exe
  C:\Windows\System\vAJCEWH.exe
  2⤵
  PID:4328
- C:\Windows\System\iVciHuD.exe
  C:\Windows\System\iVciHuD.exe
  2⤵
  PID:4352
- C:\Windows\System\ZjaDeue.exe
  C:\Windows\System\ZjaDeue.exe
  2⤵
  PID:4100
- C:\Windows\System\tPNMXxI.exe
  C:\Windows\System\tPNMXxI.exe
  2⤵
  PID:2676
- C:\Windows\System\NMVitcB.exe
  C:\Windows\System\NMVitcB.exe
  2⤵
  PID:4176
- C:\Windows\System\ckvsnxr.exe
  C:\Windows\System\ckvsnxr.exe
  2⤵
  PID:4180
- C:\Windows\System\chThaGS.exe
  C:\Windows\System\chThaGS.exe
  2⤵
  PID:4512
- C:\Windows\System\zNBEvbN.exe
  C:\Windows\System\zNBEvbN.exe
  2⤵
  PID:4552
- C:\Windows\System\CojoTHC.exe
  C:\Windows\System\CojoTHC.exe
  2⤵
  PID:4580
- C:\Windows\System\RvnlZEg.exe
  C:\Windows\System\RvnlZEg.exe
  2⤵
  PID:4640
- C:\Windows\System\eDxmGCh.exe
  C:\Windows\System\eDxmGCh.exe
  2⤵
  PID:1540
- C:\Windows\System\woZmNog.exe
  C:\Windows\System\woZmNog.exe
  2⤵
  PID:4472
- C:\Windows\System\pFlgKlK.exe
  C:\Windows\System\pFlgKlK.exe
  2⤵
  PID:2648
- C:\Windows\System\OQWRtdh.exe
  C:\Windows\System\OQWRtdh.exe
  2⤵
  PID:4652
- C:\Windows\System\nZOgOuN.exe
  C:\Windows\System\nZOgOuN.exe
  2⤵
  PID:4672
- C:\Windows\System\YHhkXIl.exe
  C:\Windows\System\YHhkXIl.exe
  2⤵
  PID:4808
- C:\Windows\System\roUqNdR.exe
  C:\Windows\System\roUqNdR.exe
  2⤵
  PID:4788
- C:\Windows\System\sAAIEgb.exe
  C:\Windows\System\sAAIEgb.exe
  2⤵
  PID:4228
- C:\Windows\System\Axfifjg.exe
  C:\Windows\System\Axfifjg.exe
  2⤵
  PID:4756
- C:\Windows\System\CVweDuH.exe
  C:\Windows\System\CVweDuH.exe
  2⤵
  PID:4876
- C:\Windows\System\NcJgloT.exe
  C:\Windows\System\NcJgloT.exe
  2⤵
  PID:4368
- C:\Windows\System\NyxSFFD.exe
  C:\Windows\System\NyxSFFD.exe
  2⤵
  PID:2572
- C:\Windows\System\ortnFtM.exe
  C:\Windows\System\ortnFtM.exe
  2⤵
  PID:4956
- C:\Windows\System\PEVexiP.exe
  C:\Windows\System\PEVexiP.exe
  2⤵
  PID:2672
- C:\Windows\System\aVvgXBj.exe
  C:\Windows\System\aVvgXBj.exe
  2⤵
  PID:4444
- C:\Windows\System\iitgAed.exe
  C:\Windows\System\iitgAed.exe
  2⤵
  PID:2692
- C:\Windows\System\NOoIbPg.exe
  C:\Windows\System\NOoIbPg.exe
  2⤵
  PID:3052
- C:\Windows\System\KMFKGbN.exe
  C:\Windows\System\KMFKGbN.exe
  2⤵
  PID:4112
- C:\Windows\System\QDdXCcV.exe
  C:\Windows\System\QDdXCcV.exe
  2⤵
  PID:4344
- C:\Windows\System\DBGNvvx.exe
  C:\Windows\System\DBGNvvx.exe
  2⤵
  PID:4184
- C:\Windows\System\rtClgnx.exe
  C:\Windows\System\rtClgnx.exe
  2⤵
  PID:4852
- C:\Windows\System\DYFYrOF.exe
  C:\Windows\System\DYFYrOF.exe
  2⤵
  PID:4484
- C:\Windows\System\KbRkKJx.exe
  C:\Windows\System\KbRkKJx.exe
  2⤵
  PID:2796
- C:\Windows\System\zZVCwRc.exe
  C:\Windows\System\zZVCwRc.exe
  2⤵
  PID:4532
- C:\Windows\System\FCJcVXH.exe
  C:\Windows\System\FCJcVXH.exe
  2⤵
  PID:4708
- C:\Windows\System\pwqWihq.exe
  C:\Windows\System\pwqWihq.exe
  2⤵
  PID:3080
- C:\Windows\System\mBftIBX.exe
  C:\Windows\System\mBftIBX.exe
  2⤵
  PID:4312
- C:\Windows\System\csNfeYP.exe
  C:\Windows\System\csNfeYP.exe
  2⤵
  PID:4752
- C:\Windows\System\VIcQAVQ.exe
  C:\Windows\System\VIcQAVQ.exe
  2⤵
  PID:4896
- C:\Windows\System\RYTNaVm.exe
  C:\Windows\System\RYTNaVm.exe
  2⤵
  PID:5072
- C:\Windows\System\ZknvEDE.exe
  C:\Windows\System\ZknvEDE.exe
  2⤵
  PID:2616
- C:\Windows\System\UHnfXdB.exe
  C:\Windows\System\UHnfXdB.exe
  2⤵
  PID:4232
- C:\Windows\System\qBLXxsO.exe
  C:\Windows\System\qBLXxsO.exe
  2⤵
  PID:3056
- C:\Windows\System\qIlHgqI.exe
  C:\Windows\System\qIlHgqI.exe
  2⤵
  PID:4572
- C:\Windows\System\kisjmYv.exe
  C:\Windows\System\kisjmYv.exe
  2⤵
  PID:4152
- C:\Windows\System\MHDztro.exe
  C:\Windows\System\MHDztro.exe
  2⤵
  PID:4456
- C:\Windows\System\sKxtBDR.exe
  C:\Windows\System\sKxtBDR.exe
  2⤵
  PID:4528
- C:\Windows\System\ApNWpod.exe
  C:\Windows\System\ApNWpod.exe
  2⤵
  PID:3032
- C:\Windows\System\bioxhrz.exe
  C:\Windows\System\bioxhrz.exe
  2⤵
  PID:4968
- C:\Windows\System\RdvOJco.exe
  C:\Windows\System\RdvOJco.exe
  2⤵
  PID:3316
- C:\Windows\System\vjgMabO.exe
  C:\Windows\System\vjgMabO.exe
  2⤵
  PID:4692
- C:\Windows\System\zWBTbdo.exe
  C:\Windows\System\zWBTbdo.exe
  2⤵
  PID:4948
- C:\Windows\System\fkRbBhq.exe
  C:\Windows\System\fkRbBhq.exe
  2⤵
  PID:2324
- C:\Windows\System\DVNjPcY.exe
  C:\Windows\System\DVNjPcY.exe
  2⤵
  PID:4868
- C:\Windows\System\eVOZEHd.exe
  C:\Windows\System\eVOZEHd.exe
  2⤵
  PID:4280
- C:\Windows\System\URxrAfp.exe
  C:\Windows\System\URxrAfp.exe
  2⤵
  PID:4548
- C:\Windows\System\uqkwuDC.exe
  C:\Windows\System\uqkwuDC.exe
  2⤵
  PID:1792
- C:\Windows\System\xCUqILk.exe
  C:\Windows\System\xCUqILk.exe
  2⤵
  PID:3020
- C:\Windows\System\fTuruFc.exe
  C:\Windows\System\fTuruFc.exe
  2⤵
  PID:4972
- C:\Windows\System\EVocmsI.exe
  C:\Windows\System\EVocmsI.exe
  2⤵
  PID:4440
- C:\Windows\System\VRNjvsO.exe
  C:\Windows\System\VRNjvsO.exe
  2⤵
  PID:4468
- C:\Windows\System\pcbDElz.exe
  C:\Windows\System\pcbDElz.exe
  2⤵
  PID:2744
- C:\Windows\System\RwzrbKa.exe
  C:\Windows\System\RwzrbKa.exe
  2⤵
  PID:2032
- C:\Windows\System\AAfeDgH.exe
  C:\Windows\System\AAfeDgH.exe
  2⤵
  PID:2208
- C:\Windows\System\EQSqljw.exe
  C:\Windows\System\EQSqljw.exe
  2⤵
  PID:408
- C:\Windows\System\JQLXHbz.exe
  C:\Windows\System\JQLXHbz.exe
  2⤵
  PID:1068
- C:\Windows\System\PBDVQlZ.exe
  C:\Windows\System\PBDVQlZ.exe
  2⤵
  PID:4400
- C:\Windows\System\lwalyPO.exe
  C:\Windows\System\lwalyPO.exe
  2⤵
  PID:1108
- C:\Windows\System\tlmWHqx.exe
  C:\Windows\System\tlmWHqx.exe
  2⤵
  PID:5124
- C:\Windows\System\tDoVgnf.exe
  C:\Windows\System\tDoVgnf.exe
  2⤵
  PID:5152
- C:\Windows\System\frJHQoY.exe
  C:\Windows\System\frJHQoY.exe
  2⤵
  PID:5168
- C:\Windows\System\DTURtHU.exe
  C:\Windows\System\DTURtHU.exe
  2⤵
  PID:5192
- C:\Windows\System\nvTZpbU.exe
  C:\Windows\System\nvTZpbU.exe
  2⤵
  PID:5208
- C:\Windows\System\ITtrabn.exe
  C:\Windows\System\ITtrabn.exe
  2⤵
  PID:5224
- C:\Windows\System\ZtMrPBO.exe
  C:\Windows\System\ZtMrPBO.exe
  2⤵
  PID:5240
- C:\Windows\System\uqIFbrh.exe
  C:\Windows\System\uqIFbrh.exe
  2⤵
  PID:5264
- C:\Windows\System\lVlyApk.exe
  C:\Windows\System\lVlyApk.exe
  2⤵
  PID:5280
- C:\Windows\System\fDiOIPm.exe
  C:\Windows\System\fDiOIPm.exe
  2⤵
  PID:5296
- C:\Windows\System\HijveXy.exe
  C:\Windows\System\HijveXy.exe
  2⤵
  PID:5316
- C:\Windows\System\RvRSqPA.exe
  C:\Windows\System\RvRSqPA.exe
  2⤵
  PID:5344
- C:\Windows\System\LXIQbmU.exe
  C:\Windows\System\LXIQbmU.exe
  2⤵
  PID:5368
- C:\Windows\System\dHtoQlT.exe
  C:\Windows\System\dHtoQlT.exe
  2⤵
  PID:5384
- C:\Windows\System\iStucwX.exe
  C:\Windows\System\iStucwX.exe
  2⤵
  PID:5400
- C:\Windows\System\pgQzyuN.exe
  C:\Windows\System\pgQzyuN.exe
  2⤵
  PID:5416
- C:\Windows\System\YegvADI.exe
  C:\Windows\System\YegvADI.exe
  2⤵
  PID:5432
- C:\Windows\System\TynvBlS.exe
  C:\Windows\System\TynvBlS.exe
  2⤵
  PID:5468
- C:\Windows\System\GVOMYDw.exe
  C:\Windows\System\GVOMYDw.exe
  2⤵
  PID:5488
- C:\Windows\System\kcxJVRS.exe
  C:\Windows\System\kcxJVRS.exe
  2⤵
  PID:5504
- C:\Windows\System\fUaIISt.exe
  C:\Windows\System\fUaIISt.exe
  2⤵
  PID:5524
- C:\Windows\System\kTmiSpZ.exe
  C:\Windows\System\kTmiSpZ.exe
  2⤵
  PID:5540
- C:\Windows\System\XhHSmIb.exe
  C:\Windows\System\XhHSmIb.exe
  2⤵
  PID:5556
- C:\Windows\System\GCUGAIS.exe
  C:\Windows\System\GCUGAIS.exe
  2⤵
  PID:5604
- C:\Windows\System\zhdaizW.exe
  C:\Windows\System\zhdaizW.exe
  2⤵
  PID:5620
- C:\Windows\System\CeIcKHX.exe
  C:\Windows\System\CeIcKHX.exe
  2⤵
  PID:5648
- C:\Windows\System\FYdtaDT.exe
  C:\Windows\System\FYdtaDT.exe
  2⤵
  PID:5664
- C:\Windows\System\fRVIxeD.exe
  C:\Windows\System\fRVIxeD.exe
  2⤵
  PID:5680
- C:\Windows\System\nTmesnj.exe
  C:\Windows\System\nTmesnj.exe
  2⤵
  PID:5696
- C:\Windows\System\wdKKGMu.exe
  C:\Windows\System\wdKKGMu.exe
  2⤵
  PID:5712
- C:\Windows\System\eYKcsyk.exe
  C:\Windows\System\eYKcsyk.exe
  2⤵
  PID:5732
- C:\Windows\System\IeCSLtP.exe
  C:\Windows\System\IeCSLtP.exe
  2⤵
  PID:5756
- C:\Windows\System\udLSqSb.exe
  C:\Windows\System\udLSqSb.exe
  2⤵
  PID:5772
- C:\Windows\System\dbvmMjV.exe
  C:\Windows\System\dbvmMjV.exe
  2⤵
  PID:5788
- C:\Windows\System\cKipKEn.exe
  C:\Windows\System\cKipKEn.exe
  2⤵
  PID:5820
- C:\Windows\System\MJurApO.exe
  C:\Windows\System\MJurApO.exe
  2⤵
  PID:5836
- C:\Windows\System\tpppJLG.exe
  C:\Windows\System\tpppJLG.exe
  2⤵
  PID:5852
- C:\Windows\System\KHxqMMB.exe
  C:\Windows\System\KHxqMMB.exe
  2⤵
  PID:5880
- C:\Windows\System\GcHogBV.exe
  C:\Windows\System\GcHogBV.exe
  2⤵
  PID:5896
- C:\Windows\System\dCwdPKH.exe
  C:\Windows\System\dCwdPKH.exe
  2⤵
  PID:5912
- C:\Windows\System\ETxhWvv.exe
  C:\Windows\System\ETxhWvv.exe
  2⤵
  PID:5928
- C:\Windows\System\LnWRWcl.exe
  C:\Windows\System\LnWRWcl.exe
  2⤵
  PID:5944
- C:\Windows\System\GcBANjG.exe
  C:\Windows\System\GcBANjG.exe
  2⤵
  PID:5960
- C:\Windows\System\SqGkTAv.exe
  C:\Windows\System\SqGkTAv.exe
  2⤵
  PID:5980
- C:\Windows\System\nZMGMVA.exe
  C:\Windows\System\nZMGMVA.exe
  2⤵
  PID:6000
- C:\Windows\System\IQNyAHY.exe
  C:\Windows\System\IQNyAHY.exe
  2⤵
  PID:6024
- C:\Windows\System\oSuNwAu.exe
  C:\Windows\System\oSuNwAu.exe
  2⤵
  PID:6044
- C:\Windows\System\jWMwpBS.exe
  C:\Windows\System\jWMwpBS.exe
  2⤵
  PID:6088
- C:\Windows\System\pxUsYXU.exe
  C:\Windows\System\pxUsYXU.exe
  2⤵
  PID:6104
- C:\Windows\System\NZUzMYB.exe
  C:\Windows\System\NZUzMYB.exe
  2⤵
  PID:6120
- C:\Windows\System\gqYEEdz.exe
  C:\Windows\System\gqYEEdz.exe
  2⤵
  PID:6136
- C:\Windows\System\TYlfZuk.exe
  C:\Windows\System\TYlfZuk.exe
  2⤵
  PID:2528
- C:\Windows\System\SzSkqaP.exe
  C:\Windows\System\SzSkqaP.exe
  2⤵
  PID:5180
- C:\Windows\System\GSIGWqR.exe
  C:\Windows\System\GSIGWqR.exe
  2⤵
  PID:2012
- C:\Windows\System\ibXobTq.exe
  C:\Windows\System\ibXobTq.exe
  2⤵
  PID:2804
- C:\Windows\System\oDkOEZa.exe
  C:\Windows\System\oDkOEZa.exe
  2⤵
  PID:5252
- C:\Windows\System\xLWmNZx.exe
  C:\Windows\System\xLWmNZx.exe
  2⤵
  PID:5324
- C:\Windows\System\GiIqyhh.exe
  C:\Windows\System\GiIqyhh.exe
  2⤵
  PID:2844
- C:\Windows\System\yVVvDgT.exe
  C:\Windows\System\yVVvDgT.exe
  2⤵
  PID:5200
- C:\Windows\System\VHolzGT.exe
  C:\Windows\System\VHolzGT.exe
  2⤵
  PID:5356
- C:\Windows\System\FQUPruU.exe
  C:\Windows\System\FQUPruU.exe
  2⤵
  PID:5276
- C:\Windows\System\zlJnowZ.exe
  C:\Windows\System\zlJnowZ.exe
  2⤵
  PID:5444
- C:\Windows\System\ydgdLTO.exe
  C:\Windows\System\ydgdLTO.exe
  2⤵
  PID:5464
- C:\Windows\System\xUhWynq.exe
  C:\Windows\System\xUhWynq.exe
  2⤵
  PID:5496
- C:\Windows\System\YMCIMbO.exe
  C:\Windows\System\YMCIMbO.exe
  2⤵
  PID:5500
- C:\Windows\System\OSjTfPF.exe
  C:\Windows\System\OSjTfPF.exe
  2⤵
  PID:5568
- C:\Windows\System\dJriTEl.exe
  C:\Windows\System\dJriTEl.exe
  2⤵
  PID:5516
- C:\Windows\System\uuaQfqI.exe
  C:\Windows\System\uuaQfqI.exe
  2⤵
  PID:5592
- C:\Windows\System\FKXWRxS.exe
  C:\Windows\System\FKXWRxS.exe
  2⤵
  PID:5636
- C:\Windows\System\NhbczNH.exe
  C:\Windows\System\NhbczNH.exe
  2⤵
  PID:5672
- C:\Windows\System\igzCcXX.exe
  C:\Windows\System\igzCcXX.exe
  2⤵
  PID:5720
- C:\Windows\System\FLfhcUF.exe
  C:\Windows\System\FLfhcUF.exe
  2⤵
  PID:5748
- C:\Windows\System\KSMjOiT.exe
  C:\Windows\System\KSMjOiT.exe
  2⤵
  PID:5796
- C:\Windows\System\cZDJYHn.exe
  C:\Windows\System\cZDJYHn.exe
  2⤵
  PID:5728
- C:\Windows\System\MeZmJSn.exe
  C:\Windows\System\MeZmJSn.exe
  2⤵
  PID:5812
- C:\Windows\System\LoAbGhY.exe
  C:\Windows\System\LoAbGhY.exe
  2⤵
  PID:5844
- C:\Windows\System\LSxHzIK.exe
  C:\Windows\System\LSxHzIK.exe
  2⤵
  PID:5872
- C:\Windows\System\QSsvUyR.exe
  C:\Windows\System\QSsvUyR.exe
  2⤵
  PID:5876
- C:\Windows\System\qcuEaqX.exe
  C:\Windows\System\qcuEaqX.exe
  2⤵
  PID:5940
- C:\Windows\System\vytGPsu.exe
  C:\Windows\System\vytGPsu.exe
  2⤵
  PID:6008
- C:\Windows\System\VZrFHRO.exe
  C:\Windows\System\VZrFHRO.exe
  2⤵
  PID:1732
- C:\Windows\System\BCrgMrB.exe
  C:\Windows\System\BCrgMrB.exe
  2⤵
  PID:5888
- C:\Windows\System\YFQddSf.exe
  C:\Windows\System\YFQddSf.exe
  2⤵
  PID:6064
- C:\Windows\System\CRkVeYJ.exe
  C:\Windows\System\CRkVeYJ.exe
  2⤵
  PID:6128
- C:\Windows\System\xGHkjIx.exe
  C:\Windows\System\xGHkjIx.exe
  2⤵
  PID:6132
- C:\Windows\System\baaSoxD.exe
  C:\Windows\System\baaSoxD.exe
  2⤵
  PID:5144
- C:\Windows\System\UCdeZEn.exe
  C:\Windows\System\UCdeZEn.exe
  2⤵
  PID:2396
- C:\Windows\System\qhNJbfW.exe
  C:\Windows\System\qhNJbfW.exe
  2⤵
  PID:5256
- C:\Windows\System\UUIvyJL.exe
  C:\Windows\System\UUIvyJL.exe
  2⤵
  PID:2252
- C:\Windows\System\VCDTTJA.exe
  C:\Windows\System\VCDTTJA.exe
  2⤵
  PID:5376
- C:\Windows\System\gjaGhoE.exe
  C:\Windows\System\gjaGhoE.exe
  2⤵
  PID:5308
- C:\Windows\System\tMvayjt.exe
  C:\Windows\System\tMvayjt.exe
  2⤵
  PID:5352
- C:\Windows\System\wWllHDJ.exe
  C:\Windows\System\wWllHDJ.exe
  2⤵
  PID:5312
- C:\Windows\System\vyphcif.exe
  C:\Windows\System\vyphcif.exe
  2⤵
  PID:5272
- C:\Windows\System\kCPhCkx.exe
  C:\Windows\System\kCPhCkx.exe
  2⤵
  PID:5476
- C:\Windows\System\mYwnDkf.exe
  C:\Windows\System\mYwnDkf.exe
  2⤵
  PID:5512
- C:\Windows\System\nLPZPrZ.exe
  C:\Windows\System\nLPZPrZ.exe
  2⤵
  PID:5644
- C:\Windows\System\yWLasYB.exe
  C:\Windows\System\yWLasYB.exe
  2⤵
  PID:5704
- C:\Windows\System\vsBKLEa.exe
  C:\Windows\System\vsBKLEa.exe
  2⤵
  PID:5764
- C:\Windows\System\pXDoKkP.exe
  C:\Windows\System\pXDoKkP.exe
  2⤵
  PID:5800
- C:\Windows\System\cxsaoQU.exe
  C:\Windows\System\cxsaoQU.exe
  2⤵
  PID:5972
- C:\Windows\System\GzKMlai.exe
  C:\Windows\System\GzKMlai.exe
  2⤵
  PID:5996
- C:\Windows\System\oITHcFN.exe
  C:\Windows\System\oITHcFN.exe
  2⤵
  PID:5936
- C:\Windows\System\TPwTowd.exe
  C:\Windows\System\TPwTowd.exe
  2⤵
  PID:6052
- C:\Windows\System\rSyVGtp.exe
  C:\Windows\System\rSyVGtp.exe
  2⤵
  PID:6068
- C:\Windows\System\endsaHJ.exe
  C:\Windows\System\endsaHJ.exe
  2⤵
  PID:6060
- C:\Windows\System\pbCzCoy.exe
  C:\Windows\System\pbCzCoy.exe
  2⤵
  PID:6080
- C:\Windows\System\JdORkdO.exe
  C:\Windows\System\JdORkdO.exe
  2⤵
  PID:6112
- C:\Windows\System\PbynJAD.exe
  C:\Windows\System\PbynJAD.exe
  2⤵
  PID:2040
- C:\Windows\System\YtCXiOI.exe
  C:\Windows\System\YtCXiOI.exe
  2⤵
  PID:5564
- C:\Windows\System\LTTwyyC.exe
  C:\Windows\System\LTTwyyC.exe
  2⤵
  PID:5424
- C:\Windows\System\MOLbRJe.exe
  C:\Windows\System\MOLbRJe.exe
  2⤵
  PID:5616
- C:\Windows\System\tvGTDlG.exe
  C:\Windows\System\tvGTDlG.exe
  2⤵
  PID:5552
- C:\Windows\System\PglPAbu.exe
  C:\Windows\System\PglPAbu.exe
  2⤵
  PID:5480
- C:\Windows\System\KDSnKZD.exe
  C:\Windows\System\KDSnKZD.exe
  2⤵
  PID:5828
- C:\Windows\System\NgbBSYw.exe
  C:\Windows\System\NgbBSYw.exe
  2⤵
  PID:2944
- C:\Windows\System\VbBVroj.exe
  C:\Windows\System\VbBVroj.exe
  2⤵
  PID:6020
- C:\Windows\System\tHcTxdz.exe
  C:\Windows\System\tHcTxdz.exe
  2⤵
  PID:5920
- C:\Windows\System\QdKghBM.exe
  C:\Windows\System\QdKghBM.exe
  2⤵
  PID:2576
- C:\Windows\System\oGlYRFY.exe
  C:\Windows\System\oGlYRFY.exe
  2⤵
  PID:5864
- C:\Windows\System\HjzCfVF.exe
  C:\Windows\System\HjzCfVF.exe
  2⤵
  PID:5216
- C:\Windows\System\rcyWWJZ.exe
  C:\Windows\System\rcyWWJZ.exe
  2⤵
  PID:5164
- C:\Windows\System\jVsUKQA.exe
  C:\Windows\System\jVsUKQA.exe
  2⤵
  PID:4900
- C:\Windows\System\kKwmzAF.exe
  C:\Windows\System\kKwmzAF.exe
  2⤵
  PID:2812
- C:\Windows\System\KLrQQGv.exe
  C:\Windows\System\KLrQQGv.exe
  2⤵
  PID:5628
- C:\Windows\System\HPShQQP.exe
  C:\Windows\System\HPShQQP.exe
  2⤵
  PID:6176
- C:\Windows\System\MnvAmxw.exe
  C:\Windows\System\MnvAmxw.exe
  2⤵
  PID:6200
- C:\Windows\System\aIFXxYu.exe
  C:\Windows\System\aIFXxYu.exe
  2⤵
  PID:6216
- C:\Windows\System\QZmlSIo.exe
  C:\Windows\System\QZmlSIo.exe
  2⤵
  PID:6232
- C:\Windows\System\HBbJMFb.exe
  C:\Windows\System\HBbJMFb.exe
  2⤵
  PID:6260
- C:\Windows\System\cvLKNNK.exe
  C:\Windows\System\cvLKNNK.exe
  2⤵
  PID:6280
- C:\Windows\System\uHbmxuy.exe
  C:\Windows\System\uHbmxuy.exe
  2⤵
  PID:6296
- C:\Windows\System\aIxIkBD.exe
  C:\Windows\System\aIxIkBD.exe
  2⤵
  PID:6316
- C:\Windows\System\RRLUMLd.exe
  C:\Windows\System\RRLUMLd.exe
  2⤵
  PID:6344
- C:\Windows\System\SiINGZu.exe
  C:\Windows\System\SiINGZu.exe
  2⤵
  PID:6364
- C:\Windows\System\wsTtqTF.exe
  C:\Windows\System\wsTtqTF.exe
  2⤵
  PID:6380
- C:\Windows\System\yOLiYuQ.exe
  C:\Windows\System\yOLiYuQ.exe
  2⤵
  PID:6400
- C:\Windows\System\VXtUjoP.exe
  C:\Windows\System\VXtUjoP.exe
  2⤵
  PID:6416
- C:\Windows\System\dTVOSyb.exe
  C:\Windows\System\dTVOSyb.exe
  2⤵
  PID:6448
- C:\Windows\System\gXSrqvO.exe
  C:\Windows\System\gXSrqvO.exe
  2⤵
  PID:6464
- C:\Windows\System\HkjeWAH.exe
  C:\Windows\System\HkjeWAH.exe
  2⤵
  PID:6484
- C:\Windows\System\asboJeA.exe
  C:\Windows\System\asboJeA.exe
  2⤵
  PID:6500
- C:\Windows\System\cAfVsnY.exe
  C:\Windows\System\cAfVsnY.exe
  2⤵
  PID:6516
- C:\Windows\System\aoPEvgb.exe
  C:\Windows\System\aoPEvgb.exe
  2⤵
  PID:6532
- C:\Windows\System\dCRiyrJ.exe
  C:\Windows\System\dCRiyrJ.exe
  2⤵
  PID:6548
- C:\Windows\System\jdYyten.exe
  C:\Windows\System\jdYyten.exe
  2⤵
  PID:6580
- C:\Windows\System\emmXEnh.exe
  C:\Windows\System\emmXEnh.exe
  2⤵
  PID:6600
- C:\Windows\System\DgmlEKy.exe
  C:\Windows\System\DgmlEKy.exe
  2⤵
  PID:6616
- C:\Windows\System\WxxSXdN.exe
  C:\Windows\System\WxxSXdN.exe
  2⤵
  PID:6632
- C:\Windows\System\RuGlvUy.exe
  C:\Windows\System\RuGlvUy.exe
  2⤵
  PID:6648
- C:\Windows\System\CpmZhIw.exe
  C:\Windows\System\CpmZhIw.exe
  2⤵
  PID:6664
- C:\Windows\System\OzaKFvd.exe
  C:\Windows\System\OzaKFvd.exe
  2⤵
  PID:6684
- C:\Windows\System\nNyfSjq.exe
  C:\Windows\System\nNyfSjq.exe
  2⤵
  PID:6700
- C:\Windows\System\IZMniZN.exe
  C:\Windows\System\IZMniZN.exe
  2⤵
  PID:6716
- C:\Windows\System\PNYbGKs.exe
  C:\Windows\System\PNYbGKs.exe
  2⤵
  PID:6732
- C:\Windows\System\JxJqMjJ.exe
  C:\Windows\System\JxJqMjJ.exe
  2⤵
  PID:6756
- C:\Windows\System\SdIxtMi.exe
  C:\Windows\System\SdIxtMi.exe
  2⤵
  PID:6772
- C:\Windows\System\LVIrTEI.exe
  C:\Windows\System\LVIrTEI.exe
  2⤵
  PID:6788
- C:\Windows\System\BLGipKT.exe
  C:\Windows\System\BLGipKT.exe
  2⤵
  PID:6808
- C:\Windows\System\VWCphsm.exe
  C:\Windows\System\VWCphsm.exe
  2⤵
  PID:6824
- C:\Windows\System\DKOTpUD.exe
  C:\Windows\System\DKOTpUD.exe
  2⤵
  PID:6840
- C:\Windows\System\LIjKqTJ.exe
  C:\Windows\System\LIjKqTJ.exe
  2⤵
  PID:6856
- C:\Windows\System\iyxcCvI.exe
  C:\Windows\System\iyxcCvI.exe
  2⤵
  PID:6872
- C:\Windows\System\AGkPMDB.exe
  C:\Windows\System\AGkPMDB.exe
  2⤵
  PID:6888
- C:\Windows\System\XxYNlqM.exe
  C:\Windows\System\XxYNlqM.exe
  2⤵
  PID:6904
- C:\Windows\System\lWGdPgA.exe
  C:\Windows\System\lWGdPgA.exe
  2⤵
  PID:6920
- C:\Windows\System\QiaofAW.exe
  C:\Windows\System\QiaofAW.exe
  2⤵
  PID:6944
- C:\Windows\System\KYRxksp.exe
  C:\Windows\System\KYRxksp.exe
  2⤵
  PID:6960
- C:\Windows\System\MSyUTPs.exe
  C:\Windows\System\MSyUTPs.exe
  2⤵
  PID:6980
- C:\Windows\System\RDGHonc.exe
  C:\Windows\System\RDGHonc.exe
  2⤵
  PID:6996
- C:\Windows\System\clkfqbl.exe
  C:\Windows\System\clkfqbl.exe
  2⤵
  PID:7012
- C:\Windows\System\nxWoygl.exe
  C:\Windows\System\nxWoygl.exe
  2⤵
  PID:7036
- C:\Windows\System\XRpIAAa.exe
  C:\Windows\System\XRpIAAa.exe
  2⤵
  PID:7052
- C:\Windows\System\ODrkVwt.exe
  C:\Windows\System\ODrkVwt.exe
  2⤵
  PID:7068
- C:\Windows\System\IyDnQyY.exe
  C:\Windows\System\IyDnQyY.exe
  2⤵
  PID:7084
- C:\Windows\System\YGguQMS.exe
  C:\Windows\System\YGguQMS.exe
  2⤵
  PID:7100
- C:\Windows\System\sTshqOC.exe
  C:\Windows\System\sTshqOC.exe
  2⤵
  PID:7116
- C:\Windows\System\lcWDmTd.exe
  C:\Windows\System\lcWDmTd.exe
  2⤵
  PID:7132
- C:\Windows\System\YrhLivv.exe
  C:\Windows\System\YrhLivv.exe
  2⤵
  PID:7148
- C:\Windows\System\VqVGrOS.exe
  C:\Windows\System\VqVGrOS.exe
  2⤵
  PID:7164
- C:\Windows\System\wfRuzbu.exe
  C:\Windows\System\wfRuzbu.exe
  2⤵
  PID:5908
- C:\Windows\System\tCTEfsS.exe
  C:\Windows\System\tCTEfsS.exe
  2⤵
  PID:5484
- C:\Windows\System\AIRimLA.exe
  C:\Windows\System\AIRimLA.exe
  2⤵
  PID:5456
- C:\Windows\System\wrEvMGo.exe
  C:\Windows\System\wrEvMGo.exe
  2⤵
  PID:6016
- C:\Windows\System\IVLeBAq.exe
  C:\Windows\System\IVLeBAq.exe
  2⤵
  PID:5220
- C:\Windows\System\oatGwAp.exe
  C:\Windows\System\oatGwAp.exe
  2⤵
  PID:6168
- C:\Windows\System\zFsGKaw.exe
  C:\Windows\System\zFsGKaw.exe
  2⤵
  PID:5548
- C:\Windows\System\hYYanWP.exe
  C:\Windows\System\hYYanWP.exe
  2⤵
  PID:6196
- C:\Windows\System\zKkmTgt.exe
  C:\Windows\System\zKkmTgt.exe
  2⤵
  PID:6252
- C:\Windows\System\lfGORoT.exe
  C:\Windows\System\lfGORoT.exe
  2⤵
  PID:6292
- C:\Windows\System\QCeOFrD.exe
  C:\Windows\System\QCeOFrD.exe
  2⤵
  PID:6304
- C:\Windows\System\ezyWSTR.exe
  C:\Windows\System\ezyWSTR.exe
  2⤵
  PID:6336
- C:\Windows\System\bTAlwcL.exe
  C:\Windows\System\bTAlwcL.exe
  2⤵
  PID:6352
- C:\Windows\System\kfArLFA.exe
  C:\Windows\System\kfArLFA.exe
  2⤵
  PID:6412
- C:\Windows\System\vQbmxsJ.exe
  C:\Windows\System\vQbmxsJ.exe
  2⤵
  PID:6440
- C:\Windows\System\oRPSrtQ.exe
  C:\Windows\System\oRPSrtQ.exe
  2⤵
  PID:6456
- C:\Windows\System\sirXsrz.exe
  C:\Windows\System\sirXsrz.exe
  2⤵
  PID:6524
- C:\Windows\System\WKrKpRT.exe
  C:\Windows\System\WKrKpRT.exe
  2⤵
  PID:6472
- C:\Windows\System\rkVegXO.exe
  C:\Windows\System\rkVegXO.exe
  2⤵
  PID:6572
- C:\Windows\System\fVpfKPP.exe
  C:\Windows\System\fVpfKPP.exe
  2⤵
  PID:6608
- C:\Windows\System\Ercwipd.exe
  C:\Windows\System\Ercwipd.exe
  2⤵
  PID:6672
- C:\Windows\System\aUwrUrJ.exe
  C:\Windows\System\aUwrUrJ.exe
  2⤵
  PID:6676
- C:\Windows\System\GXyDUMN.exe
  C:\Windows\System\GXyDUMN.exe
  2⤵
  PID:6624
- C:\Windows\System\LoKCmZM.exe
  C:\Windows\System\LoKCmZM.exe
  2⤵
  PID:6696
- C:\Windows\System\QBfaWtb.exe
  C:\Windows\System\QBfaWtb.exe
  2⤵
  PID:6724
- C:\Windows\System\dftzViY.exe
  C:\Windows\System\dftzViY.exe
  2⤵
  PID:6768
- C:\Windows\System\QCeVmcS.exe
  C:\Windows\System\QCeVmcS.exe
  2⤵
  PID:6752
- C:\Windows\System\gNaQwRm.exe
  C:\Windows\System\gNaQwRm.exe
  2⤵
  PID:6820
- C:\Windows\System\ycKlhIB.exe
  C:\Windows\System\ycKlhIB.exe
  2⤵
  PID:6864
- C:\Windows\System\hMbVMnw.exe
  C:\Windows\System\hMbVMnw.exe
  2⤵
  PID:6800
- C:\Windows\System\AOnxNZq.exe
  C:\Windows\System\AOnxNZq.exe
  2⤵
  PID:6884
- C:\Windows\System\iVzHloU.exe
  C:\Windows\System\iVzHloU.exe
  2⤵
  PID:6968
- C:\Windows\System\QuArKTk.exe
  C:\Windows\System\QuArKTk.exe
  2⤵
  PID:6896
- C:\Windows\System\ZvYLxiC.exe
  C:\Windows\System\ZvYLxiC.exe
  2⤵
  PID:6956
- C:\Windows\System\bdjfxfy.exe
  C:\Windows\System\bdjfxfy.exe
  2⤵
  PID:7008
- C:\Windows\System\akhHNZr.exe
  C:\Windows\System\akhHNZr.exe
  2⤵
  PID:7032
- C:\Windows\System\tzAqXpS.exe
  C:\Windows\System\tzAqXpS.exe
  2⤵
  PID:7076
- C:\Windows\System\ApFIYms.exe
  C:\Windows\System\ApFIYms.exe
  2⤵
  PID:7140
- C:\Windows\System\pfrthfU.exe
  C:\Windows\System\pfrthfU.exe
  2⤵
  PID:7156
- C:\Windows\System\wvVFKWS.exe
  C:\Windows\System\wvVFKWS.exe
  2⤵
  PID:7124
- C:\Windows\System\nopRJDd.exe
  C:\Windows\System\nopRJDd.exe
  2⤵
  PID:5924
- C:\Windows\System\OOyXhCe.exe
  C:\Windows\System\OOyXhCe.exe
  2⤵
  PID:5744
- C:\Windows\System\gRkdUUf.exe
  C:\Windows\System\gRkdUUf.exe
  2⤵
  PID:5580
- C:\Windows\System\PfycMyN.exe
  C:\Windows\System\PfycMyN.exe
  2⤵
  PID:6240
- C:\Windows\System\NzAkbgn.exe
  C:\Windows\System\NzAkbgn.exe
  2⤵
  PID:6228
- C:\Windows\System\weojHLb.exe
  C:\Windows\System\weojHLb.exe
  2⤵
  PID:6308
- C:\Windows\System\FPezzul.exe
  C:\Windows\System\FPezzul.exe
  2⤵
  PID:6372
- C:\Windows\System\yPkpbuA.exe
  C:\Windows\System\yPkpbuA.exe
  2⤵
  PID:6392
- C:\Windows\System\bllUcXz.exe
  C:\Windows\System\bllUcXz.exe
  2⤵
  PID:6556
- C:\Windows\System\tOyNwRf.exe
  C:\Windows\System\tOyNwRf.exe
  2⤵
  PID:6660
- C:\Windows\System\yJAdPAB.exe
  C:\Windows\System\yJAdPAB.exe
  2⤵
  PID:6492
- C:\Windows\System\tkPhZtt.exe
  C:\Windows\System\tkPhZtt.exe
  2⤵
  PID:6644
- C:\Windows\System\bAddvlo.exe
  C:\Windows\System\bAddvlo.exe
  2⤵
  PID:1388
- C:\Windows\System\VyEvYhO.exe
  C:\Windows\System\VyEvYhO.exe
  2⤵
  PID:6764
- C:\Windows\System\bjnoMsH.exe
  C:\Windows\System\bjnoMsH.exe
  2⤵
  PID:6868
- C:\Windows\System\vycOMgC.exe
  C:\Windows\System\vycOMgC.exe
  2⤵
  PID:6880
- C:\Windows\System\UWZnOzL.exe
  C:\Windows\System\UWZnOzL.exe
  2⤵
  PID:6972
- C:\Windows\System\rDubHFg.exe
  C:\Windows\System\rDubHFg.exe
  2⤵
  PID:7024
- C:\Windows\System\ojyTCbf.exe
  C:\Windows\System\ojyTCbf.exe
  2⤵
  PID:7048
- C:\Windows\System\dpiKcgx.exe
  C:\Windows\System\dpiKcgx.exe
  2⤵
  PID:7064
- C:\Windows\System\YAlJhkX.exe
  C:\Windows\System\YAlJhkX.exe
  2⤵
  PID:5260
- C:\Windows\System\TjtoKJH.exe
  C:\Windows\System\TjtoKJH.exe
  2⤵
  PID:1632
- C:\Windows\System\KPycRGy.exe
  C:\Windows\System\KPycRGy.exe
  2⤵
  PID:1972
- C:\Windows\System\HelpoIw.exe
  C:\Windows\System\HelpoIw.exe
  2⤵
  PID:6160
- C:\Windows\System\ELzdVgN.exe
  C:\Windows\System\ELzdVgN.exe
  2⤵
  PID:5868
- C:\Windows\System\NqxPdCf.exe
  C:\Windows\System\NqxPdCf.exe
  2⤵
  PID:6376
- C:\Windows\System\tRHrQox.exe
  C:\Windows\System\tRHrQox.exe
  2⤵
  PID:6188
- C:\Windows\System\MlnPVAY.exe
  C:\Windows\System\MlnPVAY.exe
  2⤵
  PID:6360
- C:\Windows\System\uwVsMgJ.exe
  C:\Windows\System\uwVsMgJ.exe
  2⤵
  PID:6512
- C:\Windows\System\yfBrNMt.exe
  C:\Windows\System\yfBrNMt.exe
  2⤵
  PID:6436
- C:\Windows\System\YVOwsdn.exe
  C:\Windows\System\YVOwsdn.exe
  2⤵
  PID:6640
- C:\Windows\System\xHOwHfq.exe
  C:\Windows\System\xHOwHfq.exe
  2⤵
  PID:6816
- C:\Windows\System\pUtBkcv.exe
  C:\Windows\System\pUtBkcv.exe
  2⤵
  PID:6940
- C:\Windows\System\lICmtLo.exe
  C:\Windows\System\lICmtLo.exe
  2⤵
  PID:2388
- C:\Windows\System\hfsrcxX.exe
  C:\Windows\System\hfsrcxX.exe
  2⤵
  PID:5332
- C:\Windows\System\zeUIhUe.exe
  C:\Windows\System\zeUIhUe.exe
  2⤵
  PID:6976
- C:\Windows\System\oSxnioD.exe
  C:\Windows\System\oSxnioD.exe
  2⤵
  PID:6804
- C:\Windows\System\FFaTlqx.exe
  C:\Windows\System\FFaTlqx.exe
  2⤵
  PID:6288
- C:\Windows\System\vZdHvxc.exe
  C:\Windows\System\vZdHvxc.exe
  2⤵
  PID:6272
- C:\Windows\System\BNbiqTQ.exe
  C:\Windows\System\BNbiqTQ.exe
  2⤵
  PID:6712
- C:\Windows\System\NAjXuuy.exe
  C:\Windows\System\NAjXuuy.exe
  2⤵
  PID:6748
- C:\Windows\System\CtyunaX.exe
  C:\Windows\System\CtyunaX.exe
  2⤵
  PID:7044
- C:\Windows\System\GEgdBsL.exe
  C:\Windows\System\GEgdBsL.exe
  2⤵
  PID:2872
- C:\Windows\System\iJLwxtY.exe
  C:\Windows\System\iJLwxtY.exe
  2⤵
  PID:6332
- C:\Windows\System\wNlJBVw.exe
  C:\Windows\System\wNlJBVw.exe
  2⤵
  PID:7172
- C:\Windows\System\wBNvTIz.exe
  C:\Windows\System\wBNvTIz.exe
  2⤵
  PID:7188
- C:\Windows\System\vuDEVbj.exe
  C:\Windows\System\vuDEVbj.exe
  2⤵
  PID:7208
- C:\Windows\System\ILHTKyU.exe
  C:\Windows\System\ILHTKyU.exe
  2⤵
  PID:7224
- C:\Windows\System\cLzHAUC.exe
  C:\Windows\System\cLzHAUC.exe
  2⤵
  PID:7240
- C:\Windows\System\jYuimpF.exe
  C:\Windows\System\jYuimpF.exe
  2⤵
  PID:7256
- C:\Windows\System\PpNnIom.exe
  C:\Windows\System\PpNnIom.exe
  2⤵
  PID:7272
- C:\Windows\System\LibMwwl.exe
  C:\Windows\System\LibMwwl.exe
  2⤵
  PID:7288
- C:\Windows\System\pdTbkZr.exe
  C:\Windows\System\pdTbkZr.exe
  2⤵
  PID:7304
- C:\Windows\System\PPKdxJI.exe
  C:\Windows\System\PPKdxJI.exe
  2⤵
  PID:7320
- C:\Windows\System\eqsoVVz.exe
  C:\Windows\System\eqsoVVz.exe
  2⤵
  PID:7336
- C:\Windows\System\bXvAiGP.exe
  C:\Windows\System\bXvAiGP.exe
  2⤵
  PID:7352
- C:\Windows\System\RUQKTey.exe
  C:\Windows\System\RUQKTey.exe
  2⤵
  PID:7368
- C:\Windows\System\vPGrzsn.exe
  C:\Windows\System\vPGrzsn.exe
  2⤵
  PID:7384
- C:\Windows\System\uayjBKN.exe
  C:\Windows\System\uayjBKN.exe
  2⤵
  PID:7400
- C:\Windows\System\ClRtbQA.exe
  C:\Windows\System\ClRtbQA.exe
  2⤵
  PID:7416
- C:\Windows\System\wfcnPqT.exe
  C:\Windows\System\wfcnPqT.exe
  2⤵
  PID:7432
- C:\Windows\System\jksVnpL.exe
  C:\Windows\System\jksVnpL.exe
  2⤵
  PID:7448
- C:\Windows\System\AAHnvVS.exe
  C:\Windows\System\AAHnvVS.exe
  2⤵
  PID:7464
- C:\Windows\System\EbdXcBA.exe
  C:\Windows\System\EbdXcBA.exe
  2⤵
  PID:7496
- C:\Windows\System\YaDabQl.exe
  C:\Windows\System\YaDabQl.exe
  2⤵
  PID:7512
- C:\Windows\System\rEuqQsZ.exe
  C:\Windows\System\rEuqQsZ.exe
  2⤵
  PID:7532
- C:\Windows\System\hgSHjRs.exe
  C:\Windows\System\hgSHjRs.exe
  2⤵
  PID:7548
- C:\Windows\System\GQPXSdG.exe
  C:\Windows\System\GQPXSdG.exe
  2⤵
  PID:7564
- C:\Windows\System\dlhgiMA.exe
  C:\Windows\System\dlhgiMA.exe
  2⤵
  PID:7580
- C:\Windows\System\SgjpNxJ.exe
  C:\Windows\System\SgjpNxJ.exe
  2⤵
  PID:7596
- C:\Windows\System\IDJCaEu.exe
  C:\Windows\System\IDJCaEu.exe
  2⤵
  PID:7616
- C:\Windows\System\ROrVJII.exe
  C:\Windows\System\ROrVJII.exe
  2⤵
  PID:7632
- C:\Windows\System\rxYrilW.exe
  C:\Windows\System\rxYrilW.exe
  2⤵
  PID:7648
- C:\Windows\System\YnMziOQ.exe
  C:\Windows\System\YnMziOQ.exe
  2⤵
  PID:7664
- C:\Windows\System\bKxDHjl.exe
  C:\Windows\System\bKxDHjl.exe
  2⤵
  PID:7680
- C:\Windows\System\IQWVhoI.exe
  C:\Windows\System\IQWVhoI.exe
  2⤵
  PID:7696
- C:\Windows\System\sHTpHyV.exe
  C:\Windows\System\sHTpHyV.exe
  2⤵
  PID:7712
- C:\Windows\System\cFjgmgc.exe
  C:\Windows\System\cFjgmgc.exe
  2⤵
  PID:7728
- C:\Windows\System\KIrOQuV.exe
  C:\Windows\System\KIrOQuV.exe
  2⤵
  PID:7744
- C:\Windows\System\lKCKSjJ.exe
  C:\Windows\System\lKCKSjJ.exe
  2⤵
  PID:7796
- C:\Windows\System\ozuOJKw.exe
  C:\Windows\System\ozuOJKw.exe
  2⤵
  PID:7816
- C:\Windows\System\BdVUmiI.exe
  C:\Windows\System\BdVUmiI.exe
  2⤵
  PID:7836
- C:\Windows\System\dVcfoDL.exe
  C:\Windows\System\dVcfoDL.exe
  2⤵
  PID:7852
- C:\Windows\System\uMZifWo.exe
  C:\Windows\System\uMZifWo.exe
  2⤵
  PID:7868
- C:\Windows\System\HbkJMUR.exe
  C:\Windows\System\HbkJMUR.exe
  2⤵
  PID:7884
- C:\Windows\System\VVJmAIp.exe
  C:\Windows\System\VVJmAIp.exe
  2⤵
  PID:7900
- C:\Windows\System\QroVhrE.exe
  C:\Windows\System\QroVhrE.exe
  2⤵
  PID:7916
- C:\Windows\System\TbhzOhM.exe
  C:\Windows\System\TbhzOhM.exe
  2⤵
  PID:7932
- C:\Windows\System\ciFHpSy.exe
  C:\Windows\System\ciFHpSy.exe
  2⤵
  PID:7948
- C:\Windows\System\ewnJUUB.exe
  C:\Windows\System\ewnJUUB.exe
  2⤵
  PID:7964
- C:\Windows\System\ZEwWSlz.exe
  C:\Windows\System\ZEwWSlz.exe
  2⤵
  PID:7984
- C:\Windows\System\MqrrsAf.exe
  C:\Windows\System\MqrrsAf.exe
  2⤵
  PID:8016
- C:\Windows\System\DlXUGno.exe
  C:\Windows\System\DlXUGno.exe
  2⤵
  PID:8032
- C:\Windows\System\QIOpPSr.exe
  C:\Windows\System\QIOpPSr.exe
  2⤵
  PID:8048
- C:\Windows\System\OslKNWh.exe
  C:\Windows\System\OslKNWh.exe
  2⤵
  PID:8064
- C:\Windows\System\CUohTQa.exe
  C:\Windows\System\CUohTQa.exe
  2⤵
  PID:8080
- C:\Windows\System\Kmjwbtr.exe
  C:\Windows\System\Kmjwbtr.exe
  2⤵
  PID:8100
- C:\Windows\System\jLMsWPK.exe
  C:\Windows\System\jLMsWPK.exe
  2⤵
  PID:8116
- C:\Windows\System\VlVmbCZ.exe
  C:\Windows\System\VlVmbCZ.exe
  2⤵
  PID:8132
- C:\Windows\System\YZIEqKb.exe
  C:\Windows\System\YZIEqKb.exe
  2⤵
  PID:8148
- C:\Windows\System\zAiDBQo.exe
  C:\Windows\System\zAiDBQo.exe
  2⤵
  PID:8172
- C:\Windows\System\iepXQdo.exe
  C:\Windows\System\iepXQdo.exe
  2⤵
  PID:8188
- C:\Windows\System\yVQMDvS.exe
  C:\Windows\System\yVQMDvS.exe
  2⤵
  PID:5336
- C:\Windows\System\jvtzgCR.exe
  C:\Windows\System\jvtzgCR.exe
  2⤵
  PID:6568
- C:\Windows\System\PpgjbvQ.exe
  C:\Windows\System\PpgjbvQ.exe
  2⤵
  PID:640
- C:\Windows\System\PpEikLg.exe
  C:\Windows\System\PpEikLg.exe
  2⤵
  PID:6244
- C:\Windows\System\YGDTvlJ.exe
  C:\Windows\System\YGDTvlJ.exe
  2⤵
  PID:6708
- C:\Windows\System\thjeNNB.exe
  C:\Windows\System\thjeNNB.exe
  2⤵
  PID:7268
- C:\Windows\System\GCZkfgQ.exe
  C:\Windows\System\GCZkfgQ.exe
  2⤵
  PID:7328
- C:\Windows\System\mafMsuY.exe
  C:\Windows\System\mafMsuY.exe
  2⤵
  PID:7216
- C:\Windows\System\sVeuYIc.exe
  C:\Windows\System\sVeuYIc.exe
  2⤵
  PID:7280
- C:\Windows\System\rLiTOjd.exe
  C:\Windows\System\rLiTOjd.exe
  2⤵
  PID:7344
- C:\Windows\System\scpEpxt.exe
  C:\Windows\System\scpEpxt.exe
  2⤵
  PID:7408
- C:\Windows\System\KWaujwX.exe
  C:\Windows\System\KWaujwX.exe
  2⤵
  PID:7440
- C:\Windows\System\bWPkKgS.exe
  C:\Windows\System\bWPkKgS.exe
  2⤵
  PID:7484
- C:\Windows\System\mzoIdZS.exe
  C:\Windows\System\mzoIdZS.exe
  2⤵
  PID:7428
- C:\Windows\System\HOuzPuW.exe
  C:\Windows\System\HOuzPuW.exe
  2⤵
  PID:7528
- C:\Windows\System\lVGlUhX.exe
  C:\Windows\System\lVGlUhX.exe
  2⤵
  PID:7460
- C:\Windows\System\JlyIiXq.exe
  C:\Windows\System\JlyIiXq.exe
  2⤵
  PID:7560
- C:\Windows\System\ybPHQLL.exe
  C:\Windows\System\ybPHQLL.exe
  2⤵
  PID:7576
- C:\Windows\System\PFxhajz.exe
  C:\Windows\System\PFxhajz.exe
  2⤵
  PID:7624
- C:\Windows\System\oTnCKKV.exe
  C:\Windows\System\oTnCKKV.exe
  2⤵
  PID:7688
- C:\Windows\System\HCdGVlq.exe
  C:\Windows\System\HCdGVlq.exe
  2⤵
  PID:7704
- C:\Windows\System\eyuIzdA.exe
  C:\Windows\System\eyuIzdA.exe
  2⤵
  PID:7672
- C:\Windows\System\GRgnUHB.exe
  C:\Windows\System\GRgnUHB.exe
  2⤵
  PID:7740
- C:\Windows\System\jekblCp.exe
  C:\Windows\System\jekblCp.exe
  2⤵
  PID:7760
- C:\Windows\System\MVcqaUU.exe
  C:\Windows\System\MVcqaUU.exe
  2⤵
  PID:8088
- C:\Windows\System\fJkvvgv.exe
  C:\Windows\System\fJkvvgv.exe
  2⤵
  PID:7364
- C:\Windows\System\ysKXLaD.exe
  C:\Windows\System\ysKXLaD.exe
  2⤵
  PID:8156
- C:\Windows\System\TEOYTlq.exe
  C:\Windows\System\TEOYTlq.exe
  2⤵
  PID:7412
- C:\Windows\System\gKzDWiK.exe
  C:\Windows\System\gKzDWiK.exe
  2⤵
  PID:7592
- C:\Windows\System\lZMjrKO.exe
  C:\Windows\System\lZMjrKO.exe
  2⤵
  PID:6992
- C:\Windows\System\XhJGwgN.exe
  C:\Windows\System\XhJGwgN.exe
  2⤵
  PID:6564
- C:\Windows\System\rZnbite.exe
  C:\Windows\System\rZnbite.exe
  2⤵
  PID:7376
- C:\Windows\System\wwomjjF.exe
  C:\Windows\System\wwomjjF.exe
  2⤵
  PID:7828
- C:\Windows\System\DvVYPTu.exe
  C:\Windows\System\DvVYPTu.exe
  2⤵
  PID:7248
- C:\Windows\System\qQzoOYk.exe
  C:\Windows\System\qQzoOYk.exe
  2⤵
  PID:1696
- C:\Windows\System\JPqfbLV.exe
  C:\Windows\System\JPqfbLV.exe
  2⤵
  PID:6040
- C:\Windows\System\htuJbpB.exe
  C:\Windows\System\htuJbpB.exe
  2⤵
  PID:7608
- C:\Windows\System\YMOROwa.exe
  C:\Windows\System\YMOROwa.exe
  2⤵
  PID:7756
- C:\Windows\System\zktksbn.exe
  C:\Windows\System\zktksbn.exe
  2⤵
  PID:876
- C:\Windows\System\YXjhCps.exe
  C:\Windows\System\YXjhCps.exe
  2⤵
  PID:7572
- C:\Windows\System\ZNxUSOJ.exe
  C:\Windows\System\ZNxUSOJ.exe
  2⤵
  PID:7128
- C:\Windows\System\maPFxis.exe
  C:\Windows\System\maPFxis.exe
  2⤵
  PID:7780
- C:\Windows\System\hQgRHsM.exe
  C:\Windows\System\hQgRHsM.exe
  2⤵
  PID:7848
- C:\Windows\System\ucXsdPM.exe
  C:\Windows\System\ucXsdPM.exe
  2⤵
  PID:7832
- C:\Windows\System\hMuRKDE.exe
  C:\Windows\System\hMuRKDE.exe
  2⤵
  PID:7896
- C:\Windows\System\fKJLzlF.exe
  C:\Windows\System\fKJLzlF.exe
  2⤵
  PID:7912
- C:\Windows\System\PLbuUdM.exe
  C:\Windows\System\PLbuUdM.exe
  2⤵
  PID:8004
- C:\Windows\System\YvWNchS.exe
  C:\Windows\System\YvWNchS.exe
  2⤵
  PID:7380
- C:\Windows\System\neXfotJ.exe
  C:\Windows\System\neXfotJ.exe
  2⤵
  PID:8140
- C:\Windows\System\FqUEraw.exe
  C:\Windows\System\FqUEraw.exe
  2⤵
  PID:7184
- C:\Windows\System\AJNjPKL.exe
  C:\Windows\System\AJNjPKL.exe
  2⤵
  PID:7232
- C:\Windows\System\dcrpGqb.exe
  C:\Windows\System\dcrpGqb.exe
  2⤵
  PID:7144
- C:\Windows\System\QoExcem.exe
  C:\Windows\System\QoExcem.exe
  2⤵
  PID:7640
- C:\Windows\System\YatHlad.exe
  C:\Windows\System\YatHlad.exe
  2⤵
  PID:7316
- C:\Windows\System\NngcVid.exe
  C:\Windows\System\NngcVid.exe
  2⤵
  PID:7644
- C:\Windows\System\lMlnoto.exe
  C:\Windows\System\lMlnoto.exe
  2⤵
  PID:7424
- C:\Windows\System\jLQqwYz.exe
  C:\Windows\System\jLQqwYz.exe
  2⤵
  PID:8060
- C:\Windows\System\SucRXdE.exe
  C:\Windows\System\SucRXdE.exe
  2⤵
  PID:7824
- C:\Windows\System\cIXcwwr.exe
  C:\Windows\System\cIXcwwr.exe
  2⤵
  PID:7812
- C:\Windows\System\rIKNjth.exe
  C:\Windows\System\rIKNjth.exe
  2⤵
  PID:8044
- C:\Windows\System\sFOIWKb.exe
  C:\Windows\System\sFOIWKb.exe
  2⤵
  PID:7612
- C:\Windows\System\pjEgtaX.exe
  C:\Windows\System\pjEgtaX.exe
  2⤵
  PID:7956
- C:\Windows\System\sKeLTPb.exe
  C:\Windows\System\sKeLTPb.exe
  2⤵
  PID:8180
- C:\Windows\System\sDBvqtj.exe
  C:\Windows\System\sDBvqtj.exe
  2⤵
  PID:8112
- C:\Windows\System\FuYWRTD.exe
  C:\Windows\System\FuYWRTD.exe
  2⤵
  PID:7660
- C:\Windows\System\wyngjTP.exe
  C:\Windows\System\wyngjTP.exe
  2⤵
  PID:7792
- C:\Windows\System\pqWDqRV.exe
  C:\Windows\System\pqWDqRV.exe
  2⤵
  PID:8040
- C:\Windows\System\zAdwaDa.exe
  C:\Windows\System\zAdwaDa.exe
  2⤵
  PID:2212
- C:\Windows\System\fiNEBdN.exe
  C:\Windows\System\fiNEBdN.exe
  2⤵
  PID:8196
- C:\Windows\System\YBMZUud.exe
  C:\Windows\System\YBMZUud.exe
  2⤵
  PID:8216
- C:\Windows\System\usPWOuI.exe
  C:\Windows\System\usPWOuI.exe
  2⤵
  PID:8244
- C:\Windows\System\XCduTdg.exe
  C:\Windows\System\XCduTdg.exe
  2⤵
  PID:8268
- C:\Windows\System\BECkyTI.exe
  C:\Windows\System\BECkyTI.exe
  2⤵
  PID:8292
- C:\Windows\System\cJIBezH.exe
  C:\Windows\System\cJIBezH.exe
  2⤵
  PID:8312
- C:\Windows\System\FYQSoLu.exe
  C:\Windows\System\FYQSoLu.exe
  2⤵
  PID:8336
- C:\Windows\System\wvaaYjr.exe
  C:\Windows\System\wvaaYjr.exe
  2⤵
  PID:8356
- C:\Windows\System\qwsngcY.exe
  C:\Windows\System\qwsngcY.exe
  2⤵
  PID:8376
- C:\Windows\System\xTridLD.exe
  C:\Windows\System\xTridLD.exe
  2⤵
  PID:8396
- C:\Windows\System\jCUGaWZ.exe
  C:\Windows\System\jCUGaWZ.exe
  2⤵
  PID:8420
- C:\Windows\System\oTICxbJ.exe
  C:\Windows\System\oTICxbJ.exe
  2⤵
  PID:8436
- C:\Windows\System\TgVsqWF.exe
  C:\Windows\System\TgVsqWF.exe
  2⤵
  PID:8464
- C:\Windows\System\TRVZpgk.exe
  C:\Windows\System\TRVZpgk.exe
  2⤵
  PID:8480
- C:\Windows\System\xCXNYOH.exe
  C:\Windows\System\xCXNYOH.exe
  2⤵
  PID:8528
- C:\Windows\System\eWbMNoU.exe
  C:\Windows\System\eWbMNoU.exe
  2⤵
  PID:8552
- C:\Windows\System\azSDRff.exe
  C:\Windows\System\azSDRff.exe
  2⤵
  PID:8568
- C:\Windows\System\aPUPlsQ.exe
  C:\Windows\System\aPUPlsQ.exe
  2⤵
  PID:8584
- C:\Windows\System\houygbc.exe
  C:\Windows\System\houygbc.exe
  2⤵
  PID:8600
- C:\Windows\System\boVKNQV.exe
  C:\Windows\System\boVKNQV.exe
  2⤵
  PID:8616
- C:\Windows\System\DGCRwlZ.exe
  C:\Windows\System\DGCRwlZ.exe
  2⤵
  PID:8640
- C:\Windows\System\gsfDpLj.exe
  C:\Windows\System\gsfDpLj.exe
  2⤵
  PID:8656
- C:\Windows\System\UBaVNJk.exe
  C:\Windows\System\UBaVNJk.exe
  2⤵
  PID:8672
- C:\Windows\System\USeUShY.exe
  C:\Windows\System\USeUShY.exe
  2⤵
  PID:8688
- C:\Windows\System\pxrqGWp.exe
  C:\Windows\System\pxrqGWp.exe
  2⤵
  PID:8728
- C:\Windows\System\YZHXpBu.exe
  C:\Windows\System\YZHXpBu.exe
  2⤵
  PID:8748
- C:\Windows\System\jjIOKLs.exe
  C:\Windows\System\jjIOKLs.exe
  2⤵
  PID:8768
- C:\Windows\System\VioWlOO.exe
  C:\Windows\System\VioWlOO.exe
  2⤵
  PID:8784
- C:\Windows\System\DMVOmjA.exe
  C:\Windows\System\DMVOmjA.exe
  2⤵
  PID:8812
- C:\Windows\System\jVDeeME.exe
  C:\Windows\System\jVDeeME.exe
  2⤵
  PID:8832
- C:\Windows\System\OqstnRl.exe
  C:\Windows\System\OqstnRl.exe
  2⤵
  PID:8848
- C:\Windows\System\vEHjBXb.exe
  C:\Windows\System\vEHjBXb.exe
  2⤵
  PID:8864
- C:\Windows\System\uJhJfHP.exe
  C:\Windows\System\uJhJfHP.exe
  2⤵
  PID:8888
- C:\Windows\System\bbQTWDs.exe
  C:\Windows\System\bbQTWDs.exe
  2⤵
  PID:8916
- C:\Windows\System\oPZJpbL.exe
  C:\Windows\System\oPZJpbL.exe
  2⤵
  PID:8932
- C:\Windows\System\saMGIbs.exe
  C:\Windows\System\saMGIbs.exe
  2⤵
  PID:8948
- C:\Windows\System\gerfPcV.exe
  C:\Windows\System\gerfPcV.exe
  2⤵
  PID:8972
- C:\Windows\System\cFbHrgc.exe
  C:\Windows\System\cFbHrgc.exe
  2⤵
  PID:8988
- C:\Windows\System\qgwSvzr.exe
  C:\Windows\System\qgwSvzr.exe
  2⤵
  PID:9008
- C:\Windows\System\pNwTkcO.exe
  C:\Windows\System\pNwTkcO.exe
  2⤵
  PID:9024
- C:\Windows\System\POCKkim.exe
  C:\Windows\System\POCKkim.exe
  2⤵
  PID:9044
- C:\Windows\System\wMnAWKB.exe
  C:\Windows\System\wMnAWKB.exe
  2⤵
  PID:9060
- C:\Windows\System\KdBXXdJ.exe
  C:\Windows\System\KdBXXdJ.exe
  2⤵
  PID:9076
- C:\Windows\System\eVUYiLt.exe
  C:\Windows\System\eVUYiLt.exe
  2⤵
  PID:9092
- C:\Windows\System\hRTSFpu.exe
  C:\Windows\System\hRTSFpu.exe
  2⤵
  PID:9108
- C:\Windows\System\NGSDNDW.exe
  C:\Windows\System\NGSDNDW.exe
  2⤵
  PID:9124
- C:\Windows\System\IAebPEK.exe
  C:\Windows\System\IAebPEK.exe
  2⤵
  PID:9168
- C:\Windows\System\exnANTT.exe
  C:\Windows\System\exnANTT.exe
  2⤵
  PID:9184
- C:\Windows\System\oyzRiCu.exe
  C:\Windows\System\oyzRiCu.exe
  2⤵
  PID:9204
- C:\Windows\System\QbgNYKG.exe
  C:\Windows\System\QbgNYKG.exe
  2⤵
  PID:8160
- C:\Windows\System\SXZmToi.exe
  C:\Windows\System\SXZmToi.exe
  2⤵
  PID:8204
- C:\Windows\System\fUgKTWR.exe
  C:\Windows\System\fUgKTWR.exe
  2⤵
  PID:7508
- C:\Windows\System\ompxkIj.exe
  C:\Windows\System\ompxkIj.exe
  2⤵
  PID:7996
- C:\Windows\System\QuUcQBv.exe
  C:\Windows\System\QuUcQBv.exe
  2⤵
  PID:8304
- C:\Windows\System\FJQMrxG.exe
  C:\Windows\System\FJQMrxG.exe
  2⤵
  PID:8260
- C:\Windows\System\KmagsQl.exe
  C:\Windows\System\KmagsQl.exe
  2⤵
  PID:8344
- C:\Windows\System\cDdshvv.exe
  C:\Windows\System\cDdshvv.exe
  2⤵
  PID:8432
- C:\Windows\System\OhyFqff.exe
  C:\Windows\System\OhyFqff.exe
  2⤵
  PID:7972
- C:\Windows\System\knpRCqW.exe
  C:\Windows\System\knpRCqW.exe
  2⤵
  PID:7924
- C:\Windows\System\BgeQWfQ.exe
  C:\Windows\System\BgeQWfQ.exe
  2⤵
  PID:8232
- C:\Windows\System\VdiVWkb.exe
  C:\Windows\System\VdiVWkb.exe
  2⤵
  PID:8280
- C:\Windows\System\HTciNZG.exe
  C:\Windows\System\HTciNZG.exe
  2⤵
  PID:8288
- C:\Windows\System\HmNoyZm.exe
  C:\Windows\System\HmNoyZm.exe
  2⤵
  PID:8364
- C:\Windows\System\JDaUEbl.exe
  C:\Windows\System\JDaUEbl.exe
  2⤵
  PID:8412
- C:\Windows\System\NzScUFp.exe
  C:\Windows\System\NzScUFp.exe
  2⤵
  PID:8452
- C:\Windows\System\UUmxVlQ.exe
  C:\Windows\System\UUmxVlQ.exe
  2⤵
  PID:8476
- C:\Windows\System\kDJPhwO.exe
  C:\Windows\System\kDJPhwO.exe
  2⤵
  PID:8500
- C:\Windows\System\FilQxDs.exe
  C:\Windows\System\FilQxDs.exe
  2⤵
  PID:8516
- C:\Windows\System\qfbDJQL.exe
  C:\Windows\System\qfbDJQL.exe
  2⤵
  PID:8028
- C:\Windows\System\EAmavkq.exe
  C:\Windows\System\EAmavkq.exe
  2⤵
  PID:1164
- C:\Windows\System\qUQBxLP.exe
  C:\Windows\System\qUQBxLP.exe
  2⤵
  PID:8580
- C:\Windows\System\skMYdZb.exe
  C:\Windows\System\skMYdZb.exe
  2⤵
  PID:8564
- C:\Windows\System\HQUtPbv.exe
  C:\Windows\System\HQUtPbv.exe
  2⤵
  PID:8632
- C:\Windows\System\YHrXHHX.exe
  C:\Windows\System\YHrXHHX.exe
  2⤵
  PID:8636
- C:\Windows\System\RbagSym.exe
  C:\Windows\System\RbagSym.exe
  2⤵
  PID:8736
- C:\Windows\System\vljTYGX.exe
  C:\Windows\System\vljTYGX.exe
  2⤵
  PID:8712
- C:\Windows\System\yDuxMjz.exe
  C:\Windows\System\yDuxMjz.exe
  2⤵
  PID:8724
- C:\Windows\System\TEnqLMH.exe
  C:\Windows\System\TEnqLMH.exe
  2⤵
  PID:8780
- C:\Windows\System\niWtnnC.exe
  C:\Windows\System\niWtnnC.exe
  2⤵
  PID:8800
- C:\Windows\System\OaCsTJo.exe
  C:\Windows\System\OaCsTJo.exe
  2⤵
  PID:8820
- C:\Windows\System\MdTnVZG.exe
  C:\Windows\System\MdTnVZG.exe
  2⤵
  PID:8856
- C:\Windows\System\TbIyyMr.exe
  C:\Windows\System\TbIyyMr.exe
  2⤵
  PID:8876
- C:\Windows\System\TNcztHo.exe
  C:\Windows\System\TNcztHo.exe
  2⤵
  PID:8536
- C:\Windows\System\nqPxPkp.exe
  C:\Windows\System\nqPxPkp.exe
  2⤵
  PID:8940
- C:\Windows\System\WCuyUQZ.exe
  C:\Windows\System\WCuyUQZ.exe
  2⤵
  PID:8964
- C:\Windows\System\fcscDBo.exe
  C:\Windows\System\fcscDBo.exe
  2⤵
  PID:9000
- C:\Windows\System\BfDIibI.exe
  C:\Windows\System\BfDIibI.exe
  2⤵
  PID:9100
- C:\Windows\System\spAbBBG.exe
  C:\Windows\System\spAbBBG.exe
  2⤵
  PID:9072
- C:\Windows\System\YhNwlzp.exe
  C:\Windows\System\YhNwlzp.exe
  2⤵
  PID:9152
- C:\Windows\System\EtEUxRV.exe
  C:\Windows\System\EtEUxRV.exe
  2⤵
  PID:9200
- C:\Windows\System\OqPuNuh.exe
  C:\Windows\System\OqPuNuh.exe
  2⤵
  PID:7720
- C:\Windows\System\KauuiAZ.exe
  C:\Windows\System\KauuiAZ.exe
  2⤵
  PID:8388
- C:\Windows\System\XzXLcmh.exe
  C:\Windows\System\XzXLcmh.exe
  2⤵
  PID:9176
- C:\Windows\System\ZMDyxRU.exe
  C:\Windows\System\ZMDyxRU.exe
  2⤵
  PID:9016
- C:\Windows\System\qNhCDwt.exe
  C:\Windows\System\qNhCDwt.exe
  2⤵
  PID:9180
- C:\Windows\System\AaaAHPX.exe
  C:\Windows\System\AaaAHPX.exe
  2⤵
  PID:8308
- C:\Windows\System\lHUgTtW.exe
  C:\Windows\System\lHUgTtW.exe
  2⤵
  PID:8224
- C:\Windows\System\HumQMOs.exe
  C:\Windows\System\HumQMOs.exe
  2⤵
  PID:8228
- C:\Windows\System\zvdZejH.exe
  C:\Windows\System\zvdZejH.exe
  2⤵
  PID:8460
- C:\Windows\System\snfZBwr.exe
  C:\Windows\System\snfZBwr.exe
  2⤵
  PID:8924
- C:\Windows\System\HCfKJfc.exe
  C:\Windows\System\HCfKJfc.exe
  2⤵
  PID:8960
- C:\Windows\System\kZGvRKm.exe
  C:\Windows\System\kZGvRKm.exe
  2⤵
  PID:8904
- C:\Windows\System\isMLdkB.exe
  C:\Windows\System\isMLdkB.exe
  2⤵
  PID:9144
- C:\Windows\System\acsRHwh.exe
  C:\Windows\System\acsRHwh.exe
  2⤵
  PID:8256
- C:\Windows\System\aFmFDtu.exe
  C:\Windows\System\aFmFDtu.exe
  2⤵
  PID:8096
- C:\Windows\System\OuxfHtd.exe
  C:\Windows\System\OuxfHtd.exe
  2⤵
  PID:9084
- C:\Windows\System\PpvuvRS.exe
  C:\Windows\System\PpvuvRS.exe
  2⤵
  PID:9056
- C:\Windows\System\tnwTTEs.exe
  C:\Windows\System\tnwTTEs.exe
  2⤵
  PID:7992
- C:\Windows\System\kLcVkfJ.exe
  C:\Windows\System\kLcVkfJ.exe
  2⤵
  PID:8240
- C:\Windows\System\UMvxnbx.exe
  C:\Windows\System\UMvxnbx.exe
  2⤵
  PID:8472
- C:\Windows\System\UaAYajh.exe
  C:\Windows\System\UaAYajh.exe
  2⤵
  PID:8548
- C:\Windows\System\WYBdQkM.exe
  C:\Windows\System\WYBdQkM.exe
  2⤵
  PID:8332
- C:\Windows\System\WJSNsRr.exe
  C:\Windows\System\WJSNsRr.exe
  2⤵
  PID:8680
- C:\Windows\System\BPoTiTi.exe
  C:\Windows\System\BPoTiTi.exe
  2⤵
  PID:1208
- C:\Windows\System\RlAmWyt.exe
  C:\Windows\System\RlAmWyt.exe
  2⤵
  PID:8700
- C:\Windows\System\pctCUVg.exe
  C:\Windows\System\pctCUVg.exe
  2⤵
  PID:8756
- C:\Windows\System\hIvmnev.exe
  C:\Windows\System\hIvmnev.exe
  2⤵
  PID:8860
- C:\Windows\System\IrDVQRj.exe
  C:\Windows\System\IrDVQRj.exe
  2⤵
  PID:8968
- C:\Windows\System\faVJRHA.exe
  C:\Windows\System\faVJRHA.exe
  2⤵
  PID:8980
- C:\Windows\System\eKeXVCv.exe
  C:\Windows\System\eKeXVCv.exe
  2⤵
  PID:8984
- C:\Windows\System\qzMzhnn.exe
  C:\Windows\System\qzMzhnn.exe
  2⤵
  PID:9148
- C:\Windows\System\UPJeaGN.exe
  C:\Windows\System\UPJeaGN.exe
  2⤵
  PID:7976
- C:\Windows\System\JJmNEZr.exe
  C:\Windows\System\JJmNEZr.exe
  2⤵
  PID:8108
- C:\Windows\System\PgdCAGJ.exe
  C:\Windows\System\PgdCAGJ.exe
  2⤵
  PID:8540
- C:\Windows\System\pNIcILy.exe
  C:\Windows\System\pNIcILy.exe
  2⤵
  PID:8512
- C:\Windows\System\sFYQgiW.exe
  C:\Windows\System\sFYQgiW.exe
  2⤵
  PID:8300
- C:\Windows\System\tGtiFfK.exe
  C:\Windows\System\tGtiFfK.exe
  2⤵
  PID:8628
- C:\Windows\System\VlBjKfh.exe
  C:\Windows\System\VlBjKfh.exe
  2⤵
  PID:8384
- C:\Windows\System\FqiiiVj.exe
  C:\Windows\System\FqiiiVj.exe
  2⤵
  PID:8024
- C:\Windows\System\LvFZEGW.exe
  C:\Windows\System\LvFZEGW.exe
  2⤵
  PID:8372
- C:\Windows\System\ZIXqMGq.exe
  C:\Windows\System\ZIXqMGq.exe
  2⤵
  PID:8824
- C:\Windows\System\PdWOsmK.exe
  C:\Windows\System\PdWOsmK.exe
  2⤵
  PID:8448
- C:\Windows\System\wVCTPuy.exe
  C:\Windows\System\wVCTPuy.exe
  2⤵
  PID:8840
- C:\Windows\System\dBmeDvy.exe
  C:\Windows\System\dBmeDvy.exe
  2⤵
  PID:9032
- C:\Windows\System\bkZIANy.exe
  C:\Windows\System\bkZIANy.exe
  2⤵
  PID:9132
- C:\Windows\System\qwmdyrZ.exe
  C:\Windows\System\qwmdyrZ.exe
  2⤵
  PID:2920
- C:\Windows\System\CGcWVmL.exe
  C:\Windows\System\CGcWVmL.exe
  2⤵
  PID:9068
- C:\Windows\System\YaYubUu.exe
  C:\Windows\System\YaYubUu.exe
  2⤵
  PID:8744
- C:\Windows\System\hxzEeBc.exe
  C:\Windows\System\hxzEeBc.exe
  2⤵
  PID:7892
- C:\Windows\System\FmPtGzv.exe
  C:\Windows\System\FmPtGzv.exe
  2⤵
  PID:1576
- C:\Windows\System\QRYaIlI.exe
  C:\Windows\System\QRYaIlI.exe
  2⤵
  PID:8612
- C:\Windows\System\kVghNMm.exe
  C:\Windows\System\kVghNMm.exe
  2⤵
  PID:9220
- C:\Windows\System\BufCoZw.exe
  C:\Windows\System\BufCoZw.exe
  2⤵
  PID:9236
- C:\Windows\System\RsMHuRe.exe
  C:\Windows\System\RsMHuRe.exe
  2⤵
  PID:9256
- C:\Windows\System\HRXSJrO.exe
  C:\Windows\System\HRXSJrO.exe
  2⤵
  PID:9272
- C:\Windows\System\DGEHYGM.exe
  C:\Windows\System\DGEHYGM.exe
  2⤵
  PID:9304
- C:\Windows\System\TAxDKbp.exe
  C:\Windows\System\TAxDKbp.exe
  2⤵
  PID:9324
- C:\Windows\System\DsehLBN.exe
  C:\Windows\System\DsehLBN.exe
  2⤵
  PID:9340
- C:\Windows\System\uuaiGds.exe
  C:\Windows\System\uuaiGds.exe
  2⤵
  PID:9356
- C:\Windows\System\ULMBWSi.exe
  C:\Windows\System\ULMBWSi.exe
  2⤵
  PID:9384
- C:\Windows\System\vbubMGw.exe
  C:\Windows\System\vbubMGw.exe
  2⤵
  PID:9400
- C:\Windows\System\BZpAkFq.exe
  C:\Windows\System\BZpAkFq.exe
  2⤵
  PID:9416
- C:\Windows\System\SvIURCa.exe
  C:\Windows\System\SvIURCa.exe
  2⤵
  PID:9440
- C:\Windows\System\fotyQDj.exe
  C:\Windows\System\fotyQDj.exe
  2⤵
  PID:9464
- C:\Windows\System\OfMoYQm.exe
  C:\Windows\System\OfMoYQm.exe
  2⤵
  PID:9480
- C:\Windows\System\kChWZVr.exe
  C:\Windows\System\kChWZVr.exe
  2⤵
  PID:9496
- C:\Windows\System\TGyxLiW.exe
  C:\Windows\System\TGyxLiW.exe
  2⤵
  PID:9520
- C:\Windows\System\Jeftwut.exe
  C:\Windows\System\Jeftwut.exe
  2⤵
  PID:9540
- C:\Windows\System\XTIoVZo.exe
  C:\Windows\System\XTIoVZo.exe
  2⤵
  PID:9560
- C:\Windows\System\HKRlxDs.exe
  C:\Windows\System\HKRlxDs.exe
  2⤵
  PID:9584
- C:\Windows\System\WXlhEfC.exe
  C:\Windows\System\WXlhEfC.exe
  2⤵
  PID:9604
- C:\Windows\System\CBCnUwA.exe
  C:\Windows\System\CBCnUwA.exe
  2⤵
  PID:9628
- C:\Windows\System\JxvXHuF.exe
  C:\Windows\System\JxvXHuF.exe
  2⤵
  PID:9648
- C:\Windows\System\wlqUPCR.exe
  C:\Windows\System\wlqUPCR.exe
  2⤵
  PID:9664
- C:\Windows\System\LqoaWky.exe
  C:\Windows\System\LqoaWky.exe
  2⤵
  PID:9684
- C:\Windows\System\TnsSsUt.exe
  C:\Windows\System\TnsSsUt.exe
  2⤵
  PID:9704
- C:\Windows\System\vkiktaK.exe
  C:\Windows\System\vkiktaK.exe
  2⤵
  PID:9724
- C:\Windows\System\ZYndWcq.exe
  C:\Windows\System\ZYndWcq.exe
  2⤵
  PID:9748
- C:\Windows\System\wRxLxkq.exe
  C:\Windows\System\wRxLxkq.exe
  2⤵
  PID:9768
- C:\Windows\System\HXhBSJQ.exe
  C:\Windows\System\HXhBSJQ.exe
  2⤵
  PID:9784
- C:\Windows\System\SrTnzsZ.exe
  C:\Windows\System\SrTnzsZ.exe
  2⤵
  PID:9800
- C:\Windows\System\IIUkxpG.exe
  C:\Windows\System\IIUkxpG.exe
  2⤵
  PID:9824
- C:\Windows\System\TtqlNuQ.exe
  C:\Windows\System\TtqlNuQ.exe
  2⤵
  PID:9840
- C:\Windows\System\EgIJxPd.exe
  C:\Windows\System\EgIJxPd.exe
  2⤵
  PID:9856
- C:\Windows\System\wsjpOUX.exe
  C:\Windows\System\wsjpOUX.exe
  2⤵
  PID:9880
- C:\Windows\System\vhrJTcq.exe
  C:\Windows\System\vhrJTcq.exe
  2⤵
  PID:9904
- C:\Windows\System\vaXvbBm.exe
  C:\Windows\System\vaXvbBm.exe
  2⤵
  PID:9920
- C:\Windows\System\yGhWNiZ.exe
  C:\Windows\System\yGhWNiZ.exe
  2⤵
  PID:9936
- C:\Windows\System\mcWpBfR.exe
  C:\Windows\System\mcWpBfR.exe
  2⤵
  PID:9968
- C:\Windows\System\HTjePpD.exe
  C:\Windows\System\HTjePpD.exe
  2⤵
  PID:9992
- C:\Windows\System\zWqbsJB.exe
  C:\Windows\System\zWqbsJB.exe
  2⤵
  PID:10012
- C:\Windows\System\mXBUVFY.exe
  C:\Windows\System\mXBUVFY.exe
  2⤵
  PID:10028
- C:\Windows\System\RWQDIDV.exe
  C:\Windows\System\RWQDIDV.exe
  2⤵
  PID:10044
- C:\Windows\System\xHpDScV.exe
  C:\Windows\System\xHpDScV.exe
  2⤵
  PID:10072
- C:\Windows\System\vjJBNKB.exe
  C:\Windows\System\vjJBNKB.exe
  2⤵
  PID:10088
- C:\Windows\System\VkIAfzS.exe
  C:\Windows\System\VkIAfzS.exe
  2⤵
  PID:10112
- C:\Windows\System\RtgFTXV.exe
  C:\Windows\System\RtgFTXV.exe
  2⤵
  PID:10132
- C:\Windows\System\pspZUId.exe
  C:\Windows\System\pspZUId.exe
  2⤵
  PID:10148
- C:\Windows\System\pQcwBsJ.exe
  C:\Windows\System\pQcwBsJ.exe
  2⤵
  PID:10164
- C:\Windows\System\HBnQnnH.exe
  C:\Windows\System\HBnQnnH.exe
  2⤵
  PID:10188
- C:\Windows\System\LGqpzmo.exe
  C:\Windows\System\LGqpzmo.exe
  2⤵
  PID:10208
- C:\Windows\System\TEQtkmj.exe
  C:\Windows\System\TEQtkmj.exe
  2⤵
  PID:10232
- C:\Windows\System\nqFGoIJ.exe
  C:\Windows\System\nqFGoIJ.exe
  2⤵
  PID:9244
- C:\Windows\System\nNtaRgz.exe
  C:\Windows\System\nNtaRgz.exe
  2⤵
  PID:9280
- C:\Windows\System\TXTsrwC.exe
  C:\Windows\System\TXTsrwC.exe
  2⤵
  PID:9292
- C:\Windows\System\RJAGmPr.exe
  C:\Windows\System\RJAGmPr.exe
  2⤵
  PID:9316
- C:\Windows\System\pudTCFT.exe
  C:\Windows\System\pudTCFT.exe
  2⤵
  PID:9348
- C:\Windows\System\ZvqQITr.exe
  C:\Windows\System\ZvqQITr.exe
  2⤵
  PID:9392
- C:\Windows\System\gofgFEZ.exe
  C:\Windows\System\gofgFEZ.exe
  2⤵
  PID:9432
- C:\Windows\System\eEyInBE.exe
  C:\Windows\System\eEyInBE.exe
  2⤵
  PID:9456
- C:\Windows\System\HuitwsI.exe
  C:\Windows\System\HuitwsI.exe
  2⤵
  PID:9476
- C:\Windows\System\LdWZxfl.exe
  C:\Windows\System\LdWZxfl.exe
  2⤵
  PID:9548
- C:\Windows\System\LxHHtkf.exe
  C:\Windows\System\LxHHtkf.exe
  2⤵
  PID:9572
- C:\Windows\System\ozIMZGf.exe
  C:\Windows\System\ozIMZGf.exe
  2⤵
  PID:9612
- C:\Windows\System\rbWteBc.exe
  C:\Windows\System\rbWteBc.exe
  2⤵
  PID:9624
- C:\Windows\System\UQAbzQf.exe
  C:\Windows\System\UQAbzQf.exe
  2⤵
  PID:9660
- C:\Windows\System\EqEkMgO.exe
  C:\Windows\System\EqEkMgO.exe
  2⤵
  PID:9692
- C:\Windows\System\WLaxaux.exe
  C:\Windows\System\WLaxaux.exe
  2⤵
  PID:9736
- C:\Windows\System\FbufSoX.exe
  C:\Windows\System\FbufSoX.exe
  2⤵
  PID:9764
- C:\Windows\System\AetMtKZ.exe
  C:\Windows\System\AetMtKZ.exe
  2⤵
  PID:9808
- C:\Windows\System\BwhVzeA.exe
  C:\Windows\System\BwhVzeA.exe
  2⤵
  PID:9424
- C:\Windows\System\vhLZlgD.exe
  C:\Windows\System\vhLZlgD.exe
  2⤵
  PID:9892
- C:\Windows\System\NOEYGTS.exe
  C:\Windows\System\NOEYGTS.exe
  2⤵
  PID:9900
- C:\Windows\System\PnEDVUa.exe
  C:\Windows\System\PnEDVUa.exe
  2⤵
  PID:9948
- C:\Windows\System\lIlDlea.exe
  C:\Windows\System\lIlDlea.exe
  2⤵
  PID:9956
- C:\Windows\System\xEigwFr.exe
  C:\Windows\System\xEigwFr.exe
  2⤵
  PID:9984
- C:\Windows\System\hjxfUqJ.exe
  C:\Windows\System\hjxfUqJ.exe
  2⤵
  PID:10024
- C:\Windows\System\WTfMNGA.exe
  C:\Windows\System\WTfMNGA.exe
  2⤵
  PID:10068
- C:\Windows\System\FyNYWyA.exe
  C:\Windows\System\FyNYWyA.exe
  2⤵
  PID:10096
- C:\Windows\System\OaFPSHB.exe
  C:\Windows\System\OaFPSHB.exe
  2⤵
  PID:10128
- C:\Windows\System\npObFvK.exe
  C:\Windows\System\npObFvK.exe
  2⤵
  PID:10172
- C:\Windows\System\fhhGHDi.exe
  C:\Windows\System\fhhGHDi.exe
  2⤵
  PID:10196
- C:\Windows\System\fksfNTG.exe
  C:\Windows\System\fksfNTG.exe
  2⤵
  PID:10220
- C:\Windows\System\NUsQTmW.exe
  C:\Windows\System\NUsQTmW.exe
  2⤵
  PID:9228
- C:\Windows\System\NwmZQQk.exe
  C:\Windows\System\NwmZQQk.exe
  2⤵
  PID:9312
- C:\Windows\System\ubHGeCG.exe
  C:\Windows\System\ubHGeCG.exe
  2⤵
  PID:9376
- C:\Windows\System\wttwIKI.exe
  C:\Windows\System\wttwIKI.exe
  2⤵
  PID:9380
- C:\Windows\System\ImDDkRO.exe
  C:\Windows\System\ImDDkRO.exe
  2⤵
  PID:9436
- C:\Windows\System\HiuTIyL.exe
  C:\Windows\System\HiuTIyL.exe
  2⤵
  PID:9492
- C:\Windows\System\wKpkjFE.exe
  C:\Windows\System\wKpkjFE.exe
  2⤵
  PID:9528
- C:\Windows\System\gzZKfWT.exe
  C:\Windows\System\gzZKfWT.exe
  2⤵
  PID:9576
- C:\Windows\System\OOFXZnv.exe
  C:\Windows\System\OOFXZnv.exe
  2⤵
  PID:9696
- C:\Windows\System\YnHIMqA.exe
  C:\Windows\System\YnHIMqA.exe
  2⤵
  PID:9676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FWksXfc.exe

Filesize
6.0MB

MD5
29268639316bec07bb18d95a69892d97

SHA1
46ee8228b1442dc5ca64e4aa007bde4cbb562a99

SHA256
2fba9e15dcf2610a315dfa3000777bd71eb3d680a56d75c61adaaee05fe4285f

SHA512
400246e960207187801815828451866263719375041b58369af75bd53b7ef4986e613c289e2f174f5d563bed62c2cf34f4f28ec108e3f1425ad7cb8e5b20f11a

Download Submit
C:\Windows\system\FhuOtBA.exe

Filesize
6.0MB

MD5
a36681b7a00d8aeba7ef190e3cba5413

SHA1
a226c062382bae40df9c22f2ccf51ee3df3a9653

SHA256
11543e810f80f271112c23af2ef7cb395289ed13d27ce53122d2ea7afa38eaa2

SHA512
06c8b342c1be3101ebaf60516abeb076e9d08d61d744cabc29c33acd23465d705d24a6eb32e951b306eb8d3bc85f08d2032ac7fd9e7242febb2cd73388748a14

Download Submit
C:\Windows\system\ILlyfEG.exe

Filesize
6.0MB

MD5
6e6c30ad25a698f5a7a17503fd2aafa2

SHA1
2b6527fb751c68311e6a6261874df4ff9016251b

SHA256
6f8e5bdf5b70615c8befcc330e49342bf62348f475223cdc5033d268badc5b15

SHA512
b95fd88b181a37fa76f2e357d99df8ccf73e6b3e5e645ff8530e904eca4fe76bdc1381070b8b1c838ad1d5cded5260358f8acec61a88a7cbbc4825a5f45481d4

Download Submit
C:\Windows\system\KnvUTXj.exe

Filesize
6.0MB

MD5
344f7e93417a133cee8c3de41d4795bc

SHA1
a78392e7d1e6924f9fa9c3ef783682848dbf09e3

SHA256
d602b1ac13705b1eb22716a262121ce7c01a49881b7a24e2e10f24d84fb568e9

SHA512
abb53686a189e7bc465d4e4556c6be519bb63ccec8b487c82ac717bf32c79fa3f55393cdfba53c1af989a9b38ff5711750e2a918de916df37250867a0784e842

Download Submit
C:\Windows\system\LbMRZEg.exe

Filesize
6.0MB

MD5
739c167ec11a1649be86caccb5c82499

SHA1
ef4ca2ec737e8ef7f0c3eb9d5278de5eb9248692

SHA256
1271518e4eafdff6d89339db2d212ae59b7a4e500434f27261a5069b23a8b04a

SHA512
71e65f202c00a0043daaa6b2d0db894973de3199d2c1290a1fe5d7bf882ac979ffb33fd979f2fe47c9110c1a719923ed61327c8aecbe88a96882eee03507f636

Download Submit
C:\Windows\system\ORcMLTe.exe

Filesize
6.0MB

MD5
c7e5085ff6f3c7e469ab2f810ff556b7

SHA1
e624d54dc6665bbb7e13770909d132fdc1ee3c4e

SHA256
919a7b304171e131975c6e88c981529af7fb948e91e940ff88dc835432cd1bb6

SHA512
a54c06d58dcca04e578a8e74ed295a07e10daf0d92b8d96c56405f8e8016f91c851450709656278740431ce9e68d569f61a3bb8319fd0c2350445d72cd02ef91

Download Submit
C:\Windows\system\OaLictj.exe

Filesize
6.0MB

MD5
8b86f27454baef8a466b2ac73d606849

SHA1
29073da6f4638ce8fb30e4be6d65d187e5793782

SHA256
f4aaafdd779e345fa1ededaa558f58fddb423f5bdd752101a21181a0ed11a3e0

SHA512
011f75f6a591b46aa5363359160adedba61e98e36162adfa4a428689f3b33fe8c906307030ecf49e605d9d14c3ccb44f2db0f8a57d35fbc5dd6f45896e0527b9

Download Submit
C:\Windows\system\OxLPdGC.exe

Filesize
6.0MB

MD5
7a2589d34c7bd5d2ccadfcdc4184702f

SHA1
dc1b834d778b5c4ccabe2c937193cb692558bdc5

SHA256
7e540b0ecb15fe5a9e3201efe9377390fc52fd3a25d766ff01643aa8f51b0317

SHA512
b3b693ed034d0fb1745b02d969e67c9382e1ae313e178c333c540bbdec2b71c0f1b0bba850a176cea1fa1ca4043ca0b5b05f9f39c7b6d9ea5fe1461f7d23aa37

Download Submit
C:\Windows\system\PpIBBik.exe

Filesize
6.0MB

MD5
e397ddc17bc5d5b701627b52fd20d037

SHA1
954523ed24787ee175feefda7c779c0085f8a5a5

SHA256
9343ee5cb00aa3150c6b41a40d91756e83031dcf26f5780645bfb75d582c9944

SHA512
67b7c554834a45376974e140d21dad2bf452354456137527d9f7f1392f644d9a1ce3400bb41de7e04fbc78ef66c7bdfba24ec2bc203268618112b8f83149cae0

Download Submit
C:\Windows\system\RLukGMZ.exe

Filesize
6.0MB

MD5
f80a31fad6be64d51dc6789e9f97422f

SHA1
f7bc8acddbe0c732341ff9ec55a0052ffdb3f1f9

SHA256
9408b29aa23701aa1c3c9c2bf3f40d3144f6d90557e8cab41bd1393081fd8181

SHA512
224b9d7124cb4d12546ccd0894e75200e8d023abc7e4452ccc44deb5b9eb14545681cff6ab27cfdeb80d55120dbffc44625c5679aef1d26306bea80a4316ee6b

Download Submit
C:\Windows\system\UnQwdkH.exe

Filesize
6.0MB

MD5
783cb21264707838cf0abbe91b0d0f16

SHA1
fce718ebabe77ffad76d0be1b16dc0417cd693fa

SHA256
5a635b98d1370f077dff1accc741b3ad2b14a84dc91a0878e5de5030b8636320

SHA512
e151c4eb291150c658206a9571f01030e6d1381891b46d26bfb0f2fea2420fdc997b7e06fb850d0614418edd1feacd43b23e2d3b50be78abeee681b3d7e97f38

Download Submit
C:\Windows\system\UnZUwzS.exe

Filesize
6.0MB

MD5
4df2ca3d90eaa36a6cb51db068a4cc71

SHA1
e63d96cc13c6571ff4bea5ecbcf0f558da476ed2

SHA256
bb8e53aeba080bbf9fdafa94de71c4750956cd2ba876846da2bdfac2bc05742d

SHA512
9332c8c299a970b9b76302f28ae4389defdbb86050fff0835dd7e6f4da31bf115b1178821c27b19a75929fba92902f1f9390508e981d268cf771fc005fffe9ca

Download Submit
C:\Windows\system\VhYIfKq.exe

Filesize
6.0MB

MD5
b020cbc66b19a5f0826703bd30b77278

SHA1
4890238befb1f74d3f655fc740d17185a0c1580a

SHA256
037bcfbd8ed036e428b948baaaa51ed59998befb8ecd1f8bc7d4485405edb889

SHA512
3edc6eb3e2fc1374105fc1e361cee034091e5f8e816899d2e7ca2ccf97b8ddd5624c13b18a4f4280184c4c6674dc3c820f6f25c18f1482d59449017659c586bb

Download Submit
C:\Windows\system\XKNVQJB.exe

Filesize
6.0MB

MD5
e7919881f234edb4e8d303dffe9774ec

SHA1
61fa854e4d95e6e841147fdcc47be861324c43b6

SHA256
3d85486a4519b76098953721870e7e7032634cc6945a06ed5bba38b85576d50a

SHA512
7d28edf77bde90981cbddecf60650e9143bfea00aa906f3e39eba9095e054ddb86bbf95093e6d45524b6bbdcd77b4cad37e3e8a7db7e30f4323df70eb4ffd8f6

Download Submit
C:\Windows\system\YTwQoAf.exe

Filesize
6.0MB

MD5
bc21a3df4f1aa302e315fa69940f5b64

SHA1
4fc2dae911f159ef947d6c9980b3bfdc861862ea

SHA256
d6137fd025287240e951c61f4878ef1c23c3f17cc2e6b719c0a40ed6108609b0

SHA512
b2036c97a1aa8c9a96040e9a4ab92e09e7eebc9610d4aba0a19f877cf0ddb30780f200e013e0b38c2c346a16a9ea5e05516e9b78a015dc7ed73ca32dc21d455e

Download Submit
C:\Windows\system\ZfCFYYS.exe

Filesize
6.0MB

MD5
37a3ee023ed035fba9b5de1e5c0193a9

SHA1
a844bb69734f678cf183964a50be464637369434

SHA256
83f2395beb9e26c73c702b8fabf8665b062365fa117f8845d285e2d7d68c7ae4

SHA512
29575c397736cc6cfaf35fb3c8aa77567ed286af0c1a0f91f61558da2314ee1b794412b63d7a327492405fba7ed46c7c2d4a8855ec333fa75ba51d3a68e9d6b1

Download Submit
C:\Windows\system\aOZtyQY.exe

Filesize
6.0MB

MD5
2fc35206fb11b4b22a0372cd84c44376

SHA1
917222177a00b66059d753eecf5b6e0741be9043

SHA256
cbcb7edf42eab4f28f3d14405796c9e0b9e57dae97470812c3925fee806dd292

SHA512
63e228175950ec378428ac7687c3a8f7aa5d9811c4ee1ec4800019665fbab8ac1669593cc586e3cf46ebcda01a655b17176e2be54e0ebeead694cf04994cb58f

Download Submit
C:\Windows\system\aaGvhIq.exe

Filesize
6.0MB

MD5
abdbeea857ea139491b9e577ec916c6e

SHA1
b0e3f9d1c60ddf352f674a3089c3a0c59a84f074

SHA256
559473dca02f040a734cd0e79e0dbbcd86d459466141973ba2f6e493072b6e0c

SHA512
152d0d3e1ea3792ae884f9f68963c41fdcf202fb7ab37cfbb986fbd2ebbe9df24d865f53a9ea87cad4ed4da30c57dfa1eece795e0c84896394bcd16fee6a08ef

Download Submit
C:\Windows\system\eupAADT.exe

Filesize
6.0MB

MD5
95401898b1d9d5e327383b86c39e1e4c

SHA1
b56839cfc0185cd7bfca7676c7162c6ec2b7c727

SHA256
7d9ec549f18698fbc13335d8c456f009686088de3babd333a6a550bb4843b3cd

SHA512
b866f05d91c44b7e0b07bfa5a517d2ec882e5311bd84cb64b15915c924a403f08e46200145c19a393363ace6bc8ce33d34611894158e9df5d9ea1999df025f79

Download Submit
C:\Windows\system\haFcGfB.exe

Filesize
6.0MB

MD5
b94451dcacb1880ea133177e31c81d3c

SHA1
7792d27eee35dfabd37755c519af8453150584be

SHA256
a7e609f5caab4708d92bcbf0bd0762f44be11c1248411eb61e87467411aea147

SHA512
7468101f166ead561cfe17e64bfa14d1f6e024a7e5476fa06f29db8b3ef530398c9340fbb3119eedc9050cf97317e3d457417fa166aec8018ec84bd007591f30

Download Submit
C:\Windows\system\iOEwvtR.exe

Filesize
6.0MB

MD5
c286e58fc71a05fbd61604002fa823a7

SHA1
627efedd9848fcbfad30a0bd2ddfd9cae429c57b

SHA256
2888cca94e4e2612629fa65de4a56522a7bb2cc2500e2fdc3ffe06ff0ae72a24

SHA512
612ba0aac505869fa261221abb808478a45a51f51ca2914d5f5e97fe7c730dce72e2031ab57acaaf9bfc1694a111f137e8ebc38ded9b8e2895f663da0dab40e2

Download Submit
C:\Windows\system\kQfUynI.exe

Filesize
6.0MB

MD5
378841963d1b871207ac8d068afb9c59

SHA1
a5e7f5e26c90fdf998f33542766954efa4257cb1

SHA256
759ef1361c4b9795daba81c0697a4873a88fe272d986476ccadd37aa70036efd

SHA512
b3e514f0f9a48397d84bd3cc3b333b7b3bb0febeb67453562f495b1396e45698b7f87a4b230a14b73db9b94dcd149bd1a3537288cd4b7d4b70cc5580d77809bc

Download Submit
C:\Windows\system\pveYTTt.exe

Filesize
6.0MB

MD5
202af3a9e45088dad4c13e862272252f

SHA1
566adf54ccf004ad869d7898a5d78f7207512ff7

SHA256
ed26d1a866581b618dea4f6c133ed6e6a6d573012335ca1557b6f42230540958

SHA512
373b974587d0492bf8176ce9d0aef22dd78512e7ac1e9d6afc5a9510caf48c69b073bb1bf84013e91d340fd95c45175f20f7dad5c008052419ba8c76b47ba2a1

Download Submit
C:\Windows\system\qolwrZY.exe

Filesize
6.0MB

MD5
eb4c8036b642cde3c8b9989c912d6ea3

SHA1
4c1b5f99009879aa920893a0f778f44c2f9dde99

SHA256
dfcb06bce846c3951c5daeffe6613d16e8c86b86c5da7761fe74d07da9aac1b9

SHA512
6d0bd9c6a2a02ec9d5f7836f3c65a39efb41fa999557bf6140ad0dcf85dc8909cf511b1881c1e2a40ced3f27c16d5bd77e5dad03ac9ef464528b59a698bbd537

Download Submit
C:\Windows\system\qyMVqAH.exe

Filesize
6.0MB

MD5
0f8b7f904afe74906568e1e223d8829e

SHA1
27d6a17b7d813267c3afa7928bb805b2776a9d13

SHA256
24ce3994f43b9c207e4f54eef6a4846582b993231d704052fccdec08983835d9

SHA512
d05182bf269e9e9d75c043af9d36aafe743315f18ccd010b0b9aa7fcd5dfc743a78a51c68b1da8a2d125024becc3ab44d7b283f2d83dcef79220b92202ac018b

Download Submit
C:\Windows\system\yjSWfQW.exe

Filesize
6.0MB

MD5
7cd16894aca8225a4a4fb63f531f2792

SHA1
49b484f0ca6879815518499786f4a2096090c99e

SHA256
344a188209831eb6ae5b85ac57afe630e44f98649285735476e1333db7fbefc1

SHA512
3618527386b9e24d72490500725f70fbbea104de2e71217150036ab3115c975489f782f2efd2b7adba62dbc3ee187bff29de93886029ed1a7244dd8aad9fe741

Download Submit
C:\Windows\system\yzpTDmR.exe

Filesize
6.0MB

MD5
98ab85ef52d5dbb53c4410b115bc1365

SHA1
a6455f831dcef7f02de18417355222e90917d30e

SHA256
75b64d855f8ca988194e7165eed410b88afd7cbc6c7d673015fc44dee05dae17

SHA512
544101d2ee5b42566e4d71ac392daaea291b69de75ae0ea8cd9702430947db0ab30d8f1083f72324879c76785b3502caaf11ffd2f1998a511a3686f8095a54f3

Download Submit
C:\Windows\system\zxIhWZb.exe

Filesize
6.0MB

MD5
19da3b723ffce3aabc90a493f170b5c7

SHA1
2d4793a6102109f52265565b68e1ea1643720baf

SHA256
d202052baf488c97f8cb14a2b8003b92df55c1c5b61b46a8a4947bb166e9f84c

SHA512
c5be60788d8e9fd551bb496feecb13801c2757a33cd12044f8d25f41e2df4a44663afcac369cff32fa64481e9d6a0fbe2685ff39e46c4c7f563c822c8ac889dc

Download Submit
\Windows\system\PSTStrt.exe

Filesize
6.0MB

MD5
841248ae8f7cd680e056d18c09acf0fb

SHA1
c72eb34665930d3b1add2dc8d5daecdc1d8b61b1

SHA256
517e6e707f96cef64b3db8e630bd76b1bc8b2b750794769e10c1374c473706f1

SHA512
47363018342cc05a16ce9de1f262d66dd2f152250238a37e3b051f98199be2f06e17a69169fdd58762cdc16f3f740716122123aa3958a7397771ec109e96052e

Download Submit
\Windows\system\azvFMbG.exe

Filesize
6.0MB

MD5
1332a7ac45bb56bfa763b027906a7ce1

SHA1
a15e0d8e8bc8689486e854b862f3dbe157ce5f50

SHA256
345ce2222cfd32634f9fe8d856390f902fe3fa78526da64c3ccf20ad6aa69e4e

SHA512
6b98cf8f79bc64d67fcdf207f7fdb07ad3c3185ba74f8bf7ce72afa39795f47b6ba837318f8a93032412cf40fa789c0f2597fcb27e6cb81d940c27a04e656381

Download Submit
\Windows\system\gkWXAvQ.exe

Filesize
6.0MB

MD5
ebde65fab10c30c3e38df6ab72e6e4a9

SHA1
4920856acca368bf8f882d88136cc9df325be88d

SHA256
cd916446b2c01139ad13401b6eb31c2982c3c371c574d8ab8401af612c53992a

SHA512
92e35ff6a49272a2e1a7af82168c26588ae565e63696052ad2f781e4eea1e2f77ab59f1349dbd4d2e6c523bd2387da4e16a664b807c88f374c95c8687f28f820

Download Submit
\Windows\system\rPLZRKK.exe

Filesize
6.0MB

MD5
12e1499c61f2264c94759659f023166b

SHA1
e890b53624b056443de7f0523aae41f74854691c

SHA256
9698ec56200890b75979e2d7757ab75c822b229ed84584418500d4a7e792cd2e

SHA512
edcf000ff8ae7510a9b4cbbb31102a81a0f8a8660b384b987dd3046c9255b66279a480040957da6ff7467c164766be283e244e82294934e5e000e164472d404f

Download Submit
memory/1056-4015-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1056-35-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1056-323-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1592-4020-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1592-85-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2328-4012-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2328-70-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2328-11-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2376-50-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-803-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2376-82-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2376-84-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2376-76-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2376-45-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2376-881-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2376-36-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2376-324-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-26-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2376-518-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2376-6-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2376-0-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2376-679-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1036-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2376-56-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2376-105-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2376-17-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1371-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2376-97-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2376-78-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2376-90-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2376-81-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2456-4024-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-100-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1172-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4022-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2664-87-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2696-519-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2696-4018-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2696-59-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2732-83-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2732-4019-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2760-33-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2760-4014-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2760-104-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2764-86-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4021-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2772-73-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4017-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4016-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-64-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-89-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2932-21-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2932-4011-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/3012-4013-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/3012-22-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/3060-94-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/3060-891-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/3060-4023-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download