cobaltstrike | 0ba8b7680ad3460706e2f826142f72e6f28cb8df2793852f03ad064ddb67705a

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
03/01/2025, 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

803b75f197426db4f744a00923a2a9d0
SHA1

eb4b4dfe4f4c178ec6336c7a16ffe19414d73837
SHA256

0ba8b7680ad3460706e2f826142f72e6f28cb8df2793852f03ad064ddb67705a
SHA512

41f59f3e72c2c66f325a62a1a03ac7da8740cb5eb81c7f05e29c170872b01b3768ca9e2aa2cec5cf07def47a017cd0abcf1b1eff2f5f8121fa764af027ae6653
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001226d-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018718-11.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018766-12.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018780-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b68-38.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-71.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018bf3-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019223-56.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186cc-44.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b62-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2076-0-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x000c00000001226d-6.dat	xmrig
behavioral1/files/0x0007000000018718-11.dat	xmrig
behavioral1/files/0x0006000000018766-12.dat	xmrig
behavioral1/memory/880-23-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0006000000018780-24.dat	xmrig
behavioral1/memory/2268-22-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2684-20-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2076-17-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2880-35-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b68-38.dat	xmrig
behavioral1/memory/2076-53-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2724-52-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2788-68-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2880-77-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x00050000000196a1-80.dat	xmrig
behavioral1/memory/2352-97-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3e-106.dat	xmrig
behavioral1/files/0x000500000001a427-186.dat	xmrig
behavioral1/memory/484-1245-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2076-383-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-177.dat	xmrig
behavioral1/files/0x000500000001a42d-190.dat	xmrig
behavioral1/files/0x000500000001a41e-182.dat	xmrig
behavioral1/files/0x000500000001a41b-174.dat	xmrig
behavioral1/files/0x000500000001a359-169.dat	xmrig
behavioral1/files/0x000500000001a09e-159.dat	xmrig
behavioral1/files/0x000500000001a307-164.dat	xmrig
behavioral1/files/0x000500000001a07e-154.dat	xmrig
behavioral1/files/0x000500000001a075-148.dat	xmrig
behavioral1/files/0x0005000000019d8e-138.dat	xmrig
behavioral1/files/0x0005000000019cba-136.dat	xmrig
behavioral1/files/0x0005000000019f8a-131.dat	xmrig
behavioral1/files/0x0005000000019cca-124.dat	xmrig
behavioral1/memory/2076-123-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f94-141.dat	xmrig
behavioral1/files/0x0005000000019dbf-128.dat	xmrig
behavioral1/memory/484-98-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c34-96.dat	xmrig
behavioral1/files/0x0005000000019c57-111.dat	xmrig
behavioral1/files/0x0005000000019c3c-104.dat	xmrig
behavioral1/memory/2228-93-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2724-91-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2248-85-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2452-84-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0005000000019926-88.dat	xmrig
behavioral1/memory/2600-76-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/3004-74-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/3016-67-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961e-65.dat	xmrig
behavioral1/files/0x0005000000019667-71.dat	xmrig
behavioral1/files/0x0008000000018bf3-64.dat	xmrig
behavioral1/memory/2352-60-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2076-58-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x0007000000019223-56.dat	xmrig
behavioral1/files/0x00080000000186cc-44.dat	xmrig
behavioral1/memory/2248-40-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/3004-29-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b62-33.dat	xmrig
behavioral1/memory/2684-3831-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/880-3866-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2268-3868-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2788-3938-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/3004-3934-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
880	TzDynyv.exe
2684	gJMVuNl.exe
2268	kJkqkzw.exe
3004	ovXmHSx.exe
2880	bxUGWol.exe
2248	ssNofqG.exe
2724	GeibfjO.exe
2352	BUGDAZu.exe
3016	fUGBHuO.exe
2788	dvwRkAQ.exe
2600	aTDVOdt.exe
2452	nQzfdTV.exe
2228	pBxnjkW.exe
484	LucPvXP.exe
1820	CKBSQlt.exe
1464	NqWClPn.exe
1808	IDsJunG.exe
1168	HECANzg.exe
1132	jJGShNc.exe
1284	CxfVDxC.exe
2804	SYnDzCj.exe
1868	xVeNBTg.exe
2832	BFRVPsA.exe
2980	BNhEyid.exe
2944	oPYzyAT.exe
1472	qxAGfSe.exe
2376	mUGSByk.exe
1268	dsecpmf.exe
2068	AwlUBUE.exe
2384	eGZAhQm.exe
2968	zYzIFfq.exe
1872	qwMdQQc.exe
2996	tCkLixD.exe
1616	YguGwNy.exe
1240	YAoRKOW.exe
1524	IfHTbrT.exe
2976	pdcZGeS.exe
2544	XfKUCUl.exe
2100	xeQEWWc.exe
1676	XggVVaB.exe
1488	ShqgMTI.exe
1008	DmfRzWZ.exe
936	ECBhUnU.exe
2208	tXXHwQV.exe
2532	WkAzYum.exe
2456	pfyHGzZ.exe
1728	tAOgKvk.exe
2476	ucPtVBx.exe
2156	ujGXthF.exe
1084	UrpZTNC.exe
1644	kLuIIrM.exe
1888	EqTjmlq.exe
1592	iydBmHF.exe
1916	UInEdIi.exe
2860	kCaUvlb.exe
2928	HNfqRHO.exe
1764	iQbspjO.exe
2612	BxLmcib.exe
2336	uhYGRhH.exe
2348	GDmonrc.exe
1600	XuXbnVi.exe
2264	nKfLtBC.exe
2752	iSTfWBv.exe
2844	WQyGtoa.exe

Loads dropped DLL 64 IoCs

pid	Process
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2076-0-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x000c00000001226d-6.dat	upx
behavioral1/files/0x0007000000018718-11.dat	upx
behavioral1/files/0x0006000000018766-12.dat	upx
behavioral1/memory/880-23-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0006000000018780-24.dat	upx
behavioral1/memory/2268-22-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2684-20-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2880-35-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x0007000000018b68-38.dat	upx
behavioral1/memory/2724-52-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2788-68-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2880-77-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x00050000000196a1-80.dat	upx
behavioral1/memory/2352-97-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x0005000000019c3e-106.dat	upx
behavioral1/files/0x000500000001a427-186.dat	upx
behavioral1/memory/484-1245-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x000500000001a41d-177.dat	upx
behavioral1/files/0x000500000001a42d-190.dat	upx
behavioral1/files/0x000500000001a41e-182.dat	upx
behavioral1/files/0x000500000001a41b-174.dat	upx
behavioral1/files/0x000500000001a359-169.dat	upx
behavioral1/files/0x000500000001a09e-159.dat	upx
behavioral1/files/0x000500000001a307-164.dat	upx
behavioral1/files/0x000500000001a07e-154.dat	upx
behavioral1/files/0x000500000001a075-148.dat	upx
behavioral1/files/0x0005000000019d8e-138.dat	upx
behavioral1/files/0x0005000000019cba-136.dat	upx
behavioral1/files/0x0005000000019f8a-131.dat	upx
behavioral1/files/0x0005000000019cca-124.dat	upx
behavioral1/files/0x0005000000019f94-141.dat	upx
behavioral1/files/0x0005000000019dbf-128.dat	upx
behavioral1/memory/484-98-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x0005000000019c34-96.dat	upx
behavioral1/files/0x0005000000019c57-111.dat	upx
behavioral1/files/0x0005000000019c3c-104.dat	upx
behavioral1/memory/2228-93-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2724-91-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2248-85-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2452-84-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0005000000019926-88.dat	upx
behavioral1/memory/2600-76-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/3004-74-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/3016-67-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x000500000001961e-65.dat	upx
behavioral1/files/0x0005000000019667-71.dat	upx
behavioral1/files/0x0008000000018bf3-64.dat	upx
behavioral1/memory/2352-60-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2076-58-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x0007000000019223-56.dat	upx
behavioral1/files/0x00080000000186cc-44.dat	upx
behavioral1/memory/2248-40-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/3004-29-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x0007000000018b62-33.dat	upx
behavioral1/memory/2684-3831-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/880-3866-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2268-3868-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2788-3938-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/3004-3934-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2352-3933-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2880-3931-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2228-3974-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2600-3973-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PvJYMxY.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VHcqosf.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AysHDtT.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnuDqRn.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJWuLNA.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJNKeef.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JjNiprn.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XvTTUxv.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waMmaDS.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTpqqQr.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNxyscU.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAyuVDa.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExCUiLd.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjECwLg.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMPYjzX.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkzcEeS.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNmXNXW.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIVtlgP.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCZGKBJ.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXrpuqk.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArTNhGm.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKRtIga.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WucEJcY.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeYUdkQ.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsWeEWa.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZjQGld.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfyJjDQ.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyrOJIu.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfyHGzZ.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKsEobF.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bctpcon.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnwMmha.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJkqkzw.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEwbKVQ.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHCVlvf.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtQrHal.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFPufhP.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zisksBQ.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQtoEsV.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaNRriz.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgXnXrf.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAUnOnF.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTvkynA.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHsNJNT.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhLstYG.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbKnHHq.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwYNlhn.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkAzYum.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LapXvlP.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvgGhmR.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvYfKrs.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNgdROG.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRdAXqz.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzelnGO.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvZdqRC.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZmkAfGh.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kbqOUhT.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\llsLWxI.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwYoCWN.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTzeoZz.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVvjyXq.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\alpQPKN.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koUvjtS.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwiqUXH.exe	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 880	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2076 wrote to memory of 880	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2076 wrote to memory of 880	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2076 wrote to memory of 2684	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 2684	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 2684	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2076 wrote to memory of 2268	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 2268	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 2268	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2076 wrote to memory of 3004	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 3004	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 3004	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2076 wrote to memory of 2880	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 2880	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 2880	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2076 wrote to memory of 2248	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2248	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2248	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2076 wrote to memory of 2724	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 2724	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 2724	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2076 wrote to memory of 3016	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 3016	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 3016	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2076 wrote to memory of 2352	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 2352	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 2352	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2076 wrote to memory of 2788	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2788	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2788	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2076 wrote to memory of 2600	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2600	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2600	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2076 wrote to memory of 2452	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 2452	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 2452	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2076 wrote to memory of 2228	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 2228	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 2228	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2076 wrote to memory of 484	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 484	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 484	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2076 wrote to memory of 1820	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 1820	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 1820	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2076 wrote to memory of 1132	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 1132	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 1132	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2076 wrote to memory of 1464	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 1464	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 1464	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2076 wrote to memory of 1284	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 1284	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 1284	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2076 wrote to memory of 1808	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 1808	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 1808	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2076 wrote to memory of 2804	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2076 wrote to memory of 2804	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2076 wrote to memory of 2804	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2076 wrote to memory of 1168	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2076 wrote to memory of 1168	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2076 wrote to memory of 1168	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2076 wrote to memory of 2832	2076	2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_803b75f197426db4f744a00923a2a9d0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\System\TzDynyv.exe
  C:\Windows\System\TzDynyv.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\gJMVuNl.exe
  C:\Windows\System\gJMVuNl.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\kJkqkzw.exe
  C:\Windows\System\kJkqkzw.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\ovXmHSx.exe
  C:\Windows\System\ovXmHSx.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\bxUGWol.exe
  C:\Windows\System\bxUGWol.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ssNofqG.exe
  C:\Windows\System\ssNofqG.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\GeibfjO.exe
  C:\Windows\System\GeibfjO.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\fUGBHuO.exe
  C:\Windows\System\fUGBHuO.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\BUGDAZu.exe
  C:\Windows\System\BUGDAZu.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\dvwRkAQ.exe
  C:\Windows\System\dvwRkAQ.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\aTDVOdt.exe
  C:\Windows\System\aTDVOdt.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\nQzfdTV.exe
  C:\Windows\System\nQzfdTV.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\pBxnjkW.exe
  C:\Windows\System\pBxnjkW.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\LucPvXP.exe
  C:\Windows\System\LucPvXP.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\CKBSQlt.exe
  C:\Windows\System\CKBSQlt.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\jJGShNc.exe
  C:\Windows\System\jJGShNc.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\NqWClPn.exe
  C:\Windows\System\NqWClPn.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\CxfVDxC.exe
  C:\Windows\System\CxfVDxC.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\IDsJunG.exe
  C:\Windows\System\IDsJunG.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\SYnDzCj.exe
  C:\Windows\System\SYnDzCj.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\HECANzg.exe
  C:\Windows\System\HECANzg.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\BFRVPsA.exe
  C:\Windows\System\BFRVPsA.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\xVeNBTg.exe
  C:\Windows\System\xVeNBTg.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\BNhEyid.exe
  C:\Windows\System\BNhEyid.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\oPYzyAT.exe
  C:\Windows\System\oPYzyAT.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\qxAGfSe.exe
  C:\Windows\System\qxAGfSe.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\mUGSByk.exe
  C:\Windows\System\mUGSByk.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\dsecpmf.exe
  C:\Windows\System\dsecpmf.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\AwlUBUE.exe
  C:\Windows\System\AwlUBUE.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\zYzIFfq.exe
  C:\Windows\System\zYzIFfq.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\eGZAhQm.exe
  C:\Windows\System\eGZAhQm.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\tCkLixD.exe
  C:\Windows\System\tCkLixD.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\qwMdQQc.exe
  C:\Windows\System\qwMdQQc.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\YguGwNy.exe
  C:\Windows\System\YguGwNy.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\YAoRKOW.exe
  C:\Windows\System\YAoRKOW.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\pdcZGeS.exe
  C:\Windows\System\pdcZGeS.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\IfHTbrT.exe
  C:\Windows\System\IfHTbrT.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\XfKUCUl.exe
  C:\Windows\System\XfKUCUl.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\xeQEWWc.exe
  C:\Windows\System\xeQEWWc.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\XggVVaB.exe
  C:\Windows\System\XggVVaB.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\ShqgMTI.exe
  C:\Windows\System\ShqgMTI.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\DmfRzWZ.exe
  C:\Windows\System\DmfRzWZ.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\ECBhUnU.exe
  C:\Windows\System\ECBhUnU.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\pfyHGzZ.exe
  C:\Windows\System\pfyHGzZ.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\tXXHwQV.exe
  C:\Windows\System\tXXHwQV.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\tAOgKvk.exe
  C:\Windows\System\tAOgKvk.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\WkAzYum.exe
  C:\Windows\System\WkAzYum.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\ucPtVBx.exe
  C:\Windows\System\ucPtVBx.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ujGXthF.exe
  C:\Windows\System\ujGXthF.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\UrpZTNC.exe
  C:\Windows\System\UrpZTNC.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\kLuIIrM.exe
  C:\Windows\System\kLuIIrM.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\iQbspjO.exe
  C:\Windows\System\iQbspjO.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\EqTjmlq.exe
  C:\Windows\System\EqTjmlq.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\uhYGRhH.exe
  C:\Windows\System\uhYGRhH.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\iydBmHF.exe
  C:\Windows\System\iydBmHF.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\XuXbnVi.exe
  C:\Windows\System\XuXbnVi.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\UInEdIi.exe
  C:\Windows\System\UInEdIi.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\nKfLtBC.exe
  C:\Windows\System\nKfLtBC.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\kCaUvlb.exe
  C:\Windows\System\kCaUvlb.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\iSTfWBv.exe
  C:\Windows\System\iSTfWBv.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\HNfqRHO.exe
  C:\Windows\System\HNfqRHO.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\WQyGtoa.exe
  C:\Windows\System\WQyGtoa.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\BxLmcib.exe
  C:\Windows\System\BxLmcib.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\UsvIrnh.exe
  C:\Windows\System\UsvIrnh.exe
  2⤵
  PID:2620
- C:\Windows\System\GDmonrc.exe
  C:\Windows\System\GDmonrc.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ifymcFd.exe
  C:\Windows\System\ifymcFd.exe
  2⤵
  PID:2104
- C:\Windows\System\msvrTpG.exe
  C:\Windows\System\msvrTpG.exe
  2⤵
  PID:2948
- C:\Windows\System\vqKojCJ.exe
  C:\Windows\System\vqKojCJ.exe
  2⤵
  PID:2840
- C:\Windows\System\WOHhlpG.exe
  C:\Windows\System\WOHhlpG.exe
  2⤵
  PID:2972
- C:\Windows\System\XhxcECW.exe
  C:\Windows\System\XhxcECW.exe
  2⤵
  PID:2380
- C:\Windows\System\WLnhjij.exe
  C:\Windows\System\WLnhjij.exe
  2⤵
  PID:2092
- C:\Windows\System\HsayAMQ.exe
  C:\Windows\System\HsayAMQ.exe
  2⤵
  PID:1668
- C:\Windows\System\OxNereF.exe
  C:\Windows\System\OxNereF.exe
  2⤵
  PID:1232
- C:\Windows\System\NeYUdkQ.exe
  C:\Windows\System\NeYUdkQ.exe
  2⤵
  PID:2188
- C:\Windows\System\QSJfJzl.exe
  C:\Windows\System\QSJfJzl.exe
  2⤵
  PID:2320
- C:\Windows\System\JkQRpzN.exe
  C:\Windows\System\JkQRpzN.exe
  2⤵
  PID:1632
- C:\Windows\System\PFvKsXT.exe
  C:\Windows\System\PFvKsXT.exe
  2⤵
  PID:1784
- C:\Windows\System\mGPmhZE.exe
  C:\Windows\System\mGPmhZE.exe
  2⤵
  PID:2700
- C:\Windows\System\CWvDtbC.exe
  C:\Windows\System\CWvDtbC.exe
  2⤵
  PID:1952
- C:\Windows\System\cwnTVZu.exe
  C:\Windows\System\cwnTVZu.exe
  2⤵
  PID:1672
- C:\Windows\System\zNISVCH.exe
  C:\Windows\System\zNISVCH.exe
  2⤵
  PID:1796
- C:\Windows\System\rhcSpSx.exe
  C:\Windows\System\rhcSpSx.exe
  2⤵
  PID:2792
- C:\Windows\System\IKHsPsC.exe
  C:\Windows\System\IKHsPsC.exe
  2⤵
  PID:2400
- C:\Windows\System\OoWQUrM.exe
  C:\Windows\System\OoWQUrM.exe
  2⤵
  PID:1596
- C:\Windows\System\gqTyOXz.exe
  C:\Windows\System\gqTyOXz.exe
  2⤵
  PID:1988
- C:\Windows\System\KhruXRG.exe
  C:\Windows\System\KhruXRG.exe
  2⤵
  PID:2340
- C:\Windows\System\hGemCZV.exe
  C:\Windows\System\hGemCZV.exe
  2⤵
  PID:1212
- C:\Windows\System\YEfNnwi.exe
  C:\Windows\System\YEfNnwi.exe
  2⤵
  PID:2656
- C:\Windows\System\BVehlUm.exe
  C:\Windows\System\BVehlUm.exe
  2⤵
  PID:2056
- C:\Windows\System\OLbeJTv.exe
  C:\Windows\System\OLbeJTv.exe
  2⤵
  PID:2608
- C:\Windows\System\tyEGBZF.exe
  C:\Windows\System\tyEGBZF.exe
  2⤵
  PID:1680
- C:\Windows\System\PYKEtiS.exe
  C:\Windows\System\PYKEtiS.exe
  2⤵
  PID:1156
- C:\Windows\System\hyaOiXJ.exe
  C:\Windows\System\hyaOiXJ.exe
  2⤵
  PID:2324
- C:\Windows\System\ydxhbNX.exe
  C:\Windows\System\ydxhbNX.exe
  2⤵
  PID:1480
- C:\Windows\System\JFWyBgy.exe
  C:\Windows\System\JFWyBgy.exe
  2⤵
  PID:1356
- C:\Windows\System\FmnrpMo.exe
  C:\Windows\System\FmnrpMo.exe
  2⤵
  PID:1080
- C:\Windows\System\AwGgMCB.exe
  C:\Windows\System\AwGgMCB.exe
  2⤵
  PID:1280
- C:\Windows\System\CokhENa.exe
  C:\Windows\System\CokhENa.exe
  2⤵
  PID:2444
- C:\Windows\System\bAWYbrl.exe
  C:\Windows\System\bAWYbrl.exe
  2⤵
  PID:2568
- C:\Windows\System\bJVEigR.exe
  C:\Windows\System\bJVEigR.exe
  2⤵
  PID:2196
- C:\Windows\System\hIIBJou.exe
  C:\Windows\System\hIIBJou.exe
  2⤵
  PID:300
- C:\Windows\System\xwUgLYF.exe
  C:\Windows\System\xwUgLYF.exe
  2⤵
  PID:308
- C:\Windows\System\nBxRutT.exe
  C:\Windows\System\nBxRutT.exe
  2⤵
  PID:992
- C:\Windows\System\LbTRELz.exe
  C:\Windows\System\LbTRELz.exe
  2⤵
  PID:896
- C:\Windows\System\hYOphXk.exe
  C:\Windows\System\hYOphXk.exe
  2⤵
  PID:1900
- C:\Windows\System\OwwMcvv.exe
  C:\Windows\System\OwwMcvv.exe
  2⤵
  PID:3084
- C:\Windows\System\JxxrYWv.exe
  C:\Windows\System\JxxrYWv.exe
  2⤵
  PID:3104
- C:\Windows\System\eiusFXR.exe
  C:\Windows\System\eiusFXR.exe
  2⤵
  PID:3124
- C:\Windows\System\DZssQZr.exe
  C:\Windows\System\DZssQZr.exe
  2⤵
  PID:3140
- C:\Windows\System\nYFGzRP.exe
  C:\Windows\System\nYFGzRP.exe
  2⤵
  PID:3160
- C:\Windows\System\ykBVuuu.exe
  C:\Windows\System\ykBVuuu.exe
  2⤵
  PID:3176
- C:\Windows\System\qCGNFhS.exe
  C:\Windows\System\qCGNFhS.exe
  2⤵
  PID:3196
- C:\Windows\System\EXtIpJY.exe
  C:\Windows\System\EXtIpJY.exe
  2⤵
  PID:3216
- C:\Windows\System\mVGUXJh.exe
  C:\Windows\System\mVGUXJh.exe
  2⤵
  PID:3232
- C:\Windows\System\cfEBLOg.exe
  C:\Windows\System\cfEBLOg.exe
  2⤵
  PID:3248
- C:\Windows\System\hxcfbty.exe
  C:\Windows\System\hxcfbty.exe
  2⤵
  PID:3268
- C:\Windows\System\IjCpHCr.exe
  C:\Windows\System\IjCpHCr.exe
  2⤵
  PID:3288
- C:\Windows\System\HlZsBDZ.exe
  C:\Windows\System\HlZsBDZ.exe
  2⤵
  PID:3312
- C:\Windows\System\nxlIaEz.exe
  C:\Windows\System\nxlIaEz.exe
  2⤵
  PID:3344
- C:\Windows\System\TGZOzHo.exe
  C:\Windows\System\TGZOzHo.exe
  2⤵
  PID:3364
- C:\Windows\System\DLexasG.exe
  C:\Windows\System\DLexasG.exe
  2⤵
  PID:3384
- C:\Windows\System\LXIHDwh.exe
  C:\Windows\System\LXIHDwh.exe
  2⤵
  PID:3404
- C:\Windows\System\JfNsvpK.exe
  C:\Windows\System\JfNsvpK.exe
  2⤵
  PID:3420
- C:\Windows\System\SaHPQsc.exe
  C:\Windows\System\SaHPQsc.exe
  2⤵
  PID:3440
- C:\Windows\System\MdfrpUv.exe
  C:\Windows\System\MdfrpUv.exe
  2⤵
  PID:3464
- C:\Windows\System\bEwbKVQ.exe
  C:\Windows\System\bEwbKVQ.exe
  2⤵
  PID:3484
- C:\Windows\System\EASulfK.exe
  C:\Windows\System\EASulfK.exe
  2⤵
  PID:3500
- C:\Windows\System\PPXEdzX.exe
  C:\Windows\System\PPXEdzX.exe
  2⤵
  PID:3524
- C:\Windows\System\tHCVlvf.exe
  C:\Windows\System\tHCVlvf.exe
  2⤵
  PID:3544
- C:\Windows\System\FlbnmjZ.exe
  C:\Windows\System\FlbnmjZ.exe
  2⤵
  PID:3564
- C:\Windows\System\eCwEipt.exe
  C:\Windows\System\eCwEipt.exe
  2⤵
  PID:3580
- C:\Windows\System\JbycUWv.exe
  C:\Windows\System\JbycUWv.exe
  2⤵
  PID:3604
- C:\Windows\System\GuJkPGv.exe
  C:\Windows\System\GuJkPGv.exe
  2⤵
  PID:3620
- C:\Windows\System\VmpNNYN.exe
  C:\Windows\System\VmpNNYN.exe
  2⤵
  PID:3636
- C:\Windows\System\pdAtFYH.exe
  C:\Windows\System\pdAtFYH.exe
  2⤵
  PID:3656
- C:\Windows\System\EsMoiIP.exe
  C:\Windows\System\EsMoiIP.exe
  2⤵
  PID:3676
- C:\Windows\System\PjdvXiy.exe
  C:\Windows\System\PjdvXiy.exe
  2⤵
  PID:3692
- C:\Windows\System\fcrPqah.exe
  C:\Windows\System\fcrPqah.exe
  2⤵
  PID:3712
- C:\Windows\System\bwRSMSy.exe
  C:\Windows\System\bwRSMSy.exe
  2⤵
  PID:3728
- C:\Windows\System\jydVqvn.exe
  C:\Windows\System\jydVqvn.exe
  2⤵
  PID:3748
- C:\Windows\System\eZzlKzt.exe
  C:\Windows\System\eZzlKzt.exe
  2⤵
  PID:3780
- C:\Windows\System\CwGbQbQ.exe
  C:\Windows\System\CwGbQbQ.exe
  2⤵
  PID:3804
- C:\Windows\System\ejbFXcq.exe
  C:\Windows\System\ejbFXcq.exe
  2⤵
  PID:3824
- C:\Windows\System\IiPEZOt.exe
  C:\Windows\System\IiPEZOt.exe
  2⤵
  PID:3844
- C:\Windows\System\lxmsWDp.exe
  C:\Windows\System\lxmsWDp.exe
  2⤵
  PID:3860
- C:\Windows\System\ewvvDwh.exe
  C:\Windows\System\ewvvDwh.exe
  2⤵
  PID:3884
- C:\Windows\System\JLtEQaq.exe
  C:\Windows\System\JLtEQaq.exe
  2⤵
  PID:3900
- C:\Windows\System\diWgban.exe
  C:\Windows\System\diWgban.exe
  2⤵
  PID:3924
- C:\Windows\System\XTXozwT.exe
  C:\Windows\System\XTXozwT.exe
  2⤵
  PID:3940
- C:\Windows\System\zuSJQtE.exe
  C:\Windows\System\zuSJQtE.exe
  2⤵
  PID:3960
- C:\Windows\System\gIKUpuQ.exe
  C:\Windows\System\gIKUpuQ.exe
  2⤵
  PID:3980
- C:\Windows\System\JZIbNso.exe
  C:\Windows\System\JZIbNso.exe
  2⤵
  PID:4000
- C:\Windows\System\abWQxDX.exe
  C:\Windows\System\abWQxDX.exe
  2⤵
  PID:4020
- C:\Windows\System\MwimLiM.exe
  C:\Windows\System\MwimLiM.exe
  2⤵
  PID:4044
- C:\Windows\System\JuENxFi.exe
  C:\Windows\System\JuENxFi.exe
  2⤵
  PID:4060
- C:\Windows\System\xueDHYM.exe
  C:\Windows\System\xueDHYM.exe
  2⤵
  PID:4084
- C:\Windows\System\ADpREPO.exe
  C:\Windows\System\ADpREPO.exe
  2⤵
  PID:2416
- C:\Windows\System\VIkQGGX.exe
  C:\Windows\System\VIkQGGX.exe
  2⤵
  PID:2464
- C:\Windows\System\gqXKzGM.exe
  C:\Windows\System\gqXKzGM.exe
  2⤵
  PID:2492
- C:\Windows\System\zsEXXEE.exe
  C:\Windows\System\zsEXXEE.exe
  2⤵
  PID:2800
- C:\Windows\System\vJkubYL.exe
  C:\Windows\System\vJkubYL.exe
  2⤵
  PID:2668
- C:\Windows\System\KTIpgJL.exe
  C:\Windows\System\KTIpgJL.exe
  2⤵
  PID:660
- C:\Windows\System\rgPnoKE.exe
  C:\Windows\System\rgPnoKE.exe
  2⤵
  PID:2096
- C:\Windows\System\JTrpsNb.exe
  C:\Windows\System\JTrpsNb.exe
  2⤵
  PID:1188
- C:\Windows\System\wcnwrCu.exe
  C:\Windows\System\wcnwrCu.exe
  2⤵
  PID:3056
- C:\Windows\System\fLgyaAD.exe
  C:\Windows\System\fLgyaAD.exe
  2⤵
  PID:1096
- C:\Windows\System\cJDkHrE.exe
  C:\Windows\System\cJDkHrE.exe
  2⤵
  PID:2528
- C:\Windows\System\xMAIUmm.exe
  C:\Windows\System\xMAIUmm.exe
  2⤵
  PID:3080
- C:\Windows\System\XVCNQrT.exe
  C:\Windows\System\XVCNQrT.exe
  2⤵
  PID:3092
- C:\Windows\System\qegnEFm.exe
  C:\Windows\System\qegnEFm.exe
  2⤵
  PID:3152
- C:\Windows\System\HGvKvpP.exe
  C:\Windows\System\HGvKvpP.exe
  2⤵
  PID:3132
- C:\Windows\System\NCgnlfx.exe
  C:\Windows\System\NCgnlfx.exe
  2⤵
  PID:3260
- C:\Windows\System\HqoljAi.exe
  C:\Windows\System\HqoljAi.exe
  2⤵
  PID:3240
- C:\Windows\System\sQlphPo.exe
  C:\Windows\System\sQlphPo.exe
  2⤵
  PID:3284
- C:\Windows\System\teXhBEN.exe
  C:\Windows\System\teXhBEN.exe
  2⤵
  PID:3304
- C:\Windows\System\AYDasHv.exe
  C:\Windows\System\AYDasHv.exe
  2⤵
  PID:3340
- C:\Windows\System\ZsaGjwJ.exe
  C:\Windows\System\ZsaGjwJ.exe
  2⤵
  PID:3392
- C:\Windows\System\KKwEHBx.exe
  C:\Windows\System\KKwEHBx.exe
  2⤵
  PID:3396
- C:\Windows\System\SGavNnV.exe
  C:\Windows\System\SGavNnV.exe
  2⤵
  PID:3480
- C:\Windows\System\kHPzTSI.exe
  C:\Windows\System\kHPzTSI.exe
  2⤵
  PID:3452
- C:\Windows\System\lILPwDN.exe
  C:\Windows\System\lILPwDN.exe
  2⤵
  PID:3492
- C:\Windows\System\ULawnBa.exe
  C:\Windows\System\ULawnBa.exe
  2⤵
  PID:3532
- C:\Windows\System\dCOmjZw.exe
  C:\Windows\System\dCOmjZw.exe
  2⤵
  PID:3588
- C:\Windows\System\pVxquBC.exe
  C:\Windows\System\pVxquBC.exe
  2⤵
  PID:3632
- C:\Windows\System\qktXKDV.exe
  C:\Windows\System\qktXKDV.exe
  2⤵
  PID:3672
- C:\Windows\System\AUozdPQ.exe
  C:\Windows\System\AUozdPQ.exe
  2⤵
  PID:3736
- C:\Windows\System\gzefXSp.exe
  C:\Windows\System\gzefXSp.exe
  2⤵
  PID:2432
- C:\Windows\System\KSAMBSb.exe
  C:\Windows\System\KSAMBSb.exe
  2⤵
  PID:3652
- C:\Windows\System\QgOlcvV.exe
  C:\Windows\System\QgOlcvV.exe
  2⤵
  PID:3760
- C:\Windows\System\IZrBIOB.exe
  C:\Windows\System\IZrBIOB.exe
  2⤵
  PID:3772
- C:\Windows\System\qBGXEzQ.exe
  C:\Windows\System\qBGXEzQ.exe
  2⤵
  PID:3832
- C:\Windows\System\MKyHnMv.exe
  C:\Windows\System\MKyHnMv.exe
  2⤵
  PID:3868
- C:\Windows\System\fhTvUFR.exe
  C:\Windows\System\fhTvUFR.exe
  2⤵
  PID:3856
- C:\Windows\System\mCDNYqy.exe
  C:\Windows\System\mCDNYqy.exe
  2⤵
  PID:3920
- C:\Windows\System\DCrJJWN.exe
  C:\Windows\System\DCrJJWN.exe
  2⤵
  PID:3952
- C:\Windows\System\nJWuLNA.exe
  C:\Windows\System\nJWuLNA.exe
  2⤵
  PID:3936
- C:\Windows\System\fNCLVtl.exe
  C:\Windows\System\fNCLVtl.exe
  2⤵
  PID:4012
- C:\Windows\System\KRrgVhe.exe
  C:\Windows\System\KRrgVhe.exe
  2⤵
  PID:4032
- C:\Windows\System\cTKvppJ.exe
  C:\Windows\System\cTKvppJ.exe
  2⤵
  PID:4068
- C:\Windows\System\rfZNuhq.exe
  C:\Windows\System\rfZNuhq.exe
  2⤵
  PID:2708
- C:\Windows\System\PmFytSP.exe
  C:\Windows\System\PmFytSP.exe
  2⤵
  PID:2764
- C:\Windows\System\KmASepD.exe
  C:\Windows\System\KmASepD.exe
  2⤵
  PID:468
- C:\Windows\System\UlVsvHU.exe
  C:\Windows\System\UlVsvHU.exe
  2⤵
  PID:2984
- C:\Windows\System\RcHYFqH.exe
  C:\Windows\System\RcHYFqH.exe
  2⤵
  PID:580
- C:\Windows\System\SLWcfAg.exe
  C:\Windows\System\SLWcfAg.exe
  2⤵
  PID:2824
- C:\Windows\System\UkaiJkT.exe
  C:\Windows\System\UkaiJkT.exe
  2⤵
  PID:2520
- C:\Windows\System\RpuKjYg.exe
  C:\Windows\System\RpuKjYg.exe
  2⤵
  PID:1656
- C:\Windows\System\ojdwAkw.exe
  C:\Windows\System\ojdwAkw.exe
  2⤵
  PID:3096
- C:\Windows\System\OuZwEgV.exe
  C:\Windows\System\OuZwEgV.exe
  2⤵
  PID:3188
- C:\Windows\System\WrVFETJ.exe
  C:\Windows\System\WrVFETJ.exe
  2⤵
  PID:3208
- C:\Windows\System\DUWXoFn.exe
  C:\Windows\System\DUWXoFn.exe
  2⤵
  PID:3204
- C:\Windows\System\IpjtvxB.exe
  C:\Windows\System\IpjtvxB.exe
  2⤵
  PID:3400
- C:\Windows\System\rnNyUWn.exe
  C:\Windows\System\rnNyUWn.exe
  2⤵
  PID:3436
- C:\Windows\System\sUOWvwg.exe
  C:\Windows\System\sUOWvwg.exe
  2⤵
  PID:3416
- C:\Windows\System\UfwtdqG.exe
  C:\Windows\System\UfwtdqG.exe
  2⤵
  PID:3552
- C:\Windows\System\faHARVu.exe
  C:\Windows\System\faHARVu.exe
  2⤵
  PID:3540
- C:\Windows\System\izthnmb.exe
  C:\Windows\System\izthnmb.exe
  2⤵
  PID:3708
- C:\Windows\System\sMXuEeF.exe
  C:\Windows\System\sMXuEeF.exe
  2⤵
  PID:3720
- C:\Windows\System\OerdZPM.exe
  C:\Windows\System\OerdZPM.exe
  2⤵
  PID:3616
- C:\Windows\System\qNPgiWA.exe
  C:\Windows\System\qNPgiWA.exe
  2⤵
  PID:3796
- C:\Windows\System\svjNJdQ.exe
  C:\Windows\System\svjNJdQ.exe
  2⤵
  PID:3812
- C:\Windows\System\gPbWjRV.exe
  C:\Windows\System\gPbWjRV.exe
  2⤵
  PID:3872
- C:\Windows\System\qfdsLgq.exe
  C:\Windows\System\qfdsLgq.exe
  2⤵
  PID:3996
- C:\Windows\System\uqAmJai.exe
  C:\Windows\System\uqAmJai.exe
  2⤵
  PID:4008
- C:\Windows\System\dwzhDEh.exe
  C:\Windows\System\dwzhDEh.exe
  2⤵
  PID:4104
- C:\Windows\System\wFjUziA.exe
  C:\Windows\System\wFjUziA.exe
  2⤵
  PID:4124
- C:\Windows\System\xGaDsNZ.exe
  C:\Windows\System\xGaDsNZ.exe
  2⤵
  PID:4144
- C:\Windows\System\bxKIgRj.exe
  C:\Windows\System\bxKIgRj.exe
  2⤵
  PID:4164
- C:\Windows\System\AnRDhKm.exe
  C:\Windows\System\AnRDhKm.exe
  2⤵
  PID:4184
- C:\Windows\System\IWLTmnn.exe
  C:\Windows\System\IWLTmnn.exe
  2⤵
  PID:4204
- C:\Windows\System\dTuFFAf.exe
  C:\Windows\System\dTuFFAf.exe
  2⤵
  PID:4224
- C:\Windows\System\FpAgmpC.exe
  C:\Windows\System\FpAgmpC.exe
  2⤵
  PID:4244
- C:\Windows\System\ebXvVGp.exe
  C:\Windows\System\ebXvVGp.exe
  2⤵
  PID:4264
- C:\Windows\System\RzTSYEi.exe
  C:\Windows\System\RzTSYEi.exe
  2⤵
  PID:4284
- C:\Windows\System\jjDFBKj.exe
  C:\Windows\System\jjDFBKj.exe
  2⤵
  PID:4304
- C:\Windows\System\NAegCpj.exe
  C:\Windows\System\NAegCpj.exe
  2⤵
  PID:4324
- C:\Windows\System\AquqqMN.exe
  C:\Windows\System\AquqqMN.exe
  2⤵
  PID:4344
- C:\Windows\System\UCCfcDg.exe
  C:\Windows\System\UCCfcDg.exe
  2⤵
  PID:4364
- C:\Windows\System\VJNKeef.exe
  C:\Windows\System\VJNKeef.exe
  2⤵
  PID:4384
- C:\Windows\System\oASHDSk.exe
  C:\Windows\System\oASHDSk.exe
  2⤵
  PID:4404
- C:\Windows\System\uNnkqel.exe
  C:\Windows\System\uNnkqel.exe
  2⤵
  PID:4424
- C:\Windows\System\HueXiPK.exe
  C:\Windows\System\HueXiPK.exe
  2⤵
  PID:4444
- C:\Windows\System\pIdooNS.exe
  C:\Windows\System\pIdooNS.exe
  2⤵
  PID:4464
- C:\Windows\System\bPGSMWJ.exe
  C:\Windows\System\bPGSMWJ.exe
  2⤵
  PID:4484
- C:\Windows\System\IXCxIOI.exe
  C:\Windows\System\IXCxIOI.exe
  2⤵
  PID:4504
- C:\Windows\System\gpAKPCF.exe
  C:\Windows\System\gpAKPCF.exe
  2⤵
  PID:4524
- C:\Windows\System\WUryWdL.exe
  C:\Windows\System\WUryWdL.exe
  2⤵
  PID:4544
- C:\Windows\System\cEHNMxJ.exe
  C:\Windows\System\cEHNMxJ.exe
  2⤵
  PID:4564
- C:\Windows\System\wzhcHwi.exe
  C:\Windows\System\wzhcHwi.exe
  2⤵
  PID:4584
- C:\Windows\System\mMrvOMc.exe
  C:\Windows\System\mMrvOMc.exe
  2⤵
  PID:4608
- C:\Windows\System\MbvfecG.exe
  C:\Windows\System\MbvfecG.exe
  2⤵
  PID:4628
- C:\Windows\System\aHdcbHM.exe
  C:\Windows\System\aHdcbHM.exe
  2⤵
  PID:4648
- C:\Windows\System\IdjGrTj.exe
  C:\Windows\System\IdjGrTj.exe
  2⤵
  PID:4668
- C:\Windows\System\NzPaUZZ.exe
  C:\Windows\System\NzPaUZZ.exe
  2⤵
  PID:4688
- C:\Windows\System\QTuWMqV.exe
  C:\Windows\System\QTuWMqV.exe
  2⤵
  PID:4708
- C:\Windows\System\SrHrJqC.exe
  C:\Windows\System\SrHrJqC.exe
  2⤵
  PID:4728
- C:\Windows\System\twsQVbe.exe
  C:\Windows\System\twsQVbe.exe
  2⤵
  PID:4748
- C:\Windows\System\FGJyhmg.exe
  C:\Windows\System\FGJyhmg.exe
  2⤵
  PID:4768
- C:\Windows\System\yeuvXUK.exe
  C:\Windows\System\yeuvXUK.exe
  2⤵
  PID:4788
- C:\Windows\System\lvXPfrg.exe
  C:\Windows\System\lvXPfrg.exe
  2⤵
  PID:4808
- C:\Windows\System\DUpFzJk.exe
  C:\Windows\System\DUpFzJk.exe
  2⤵
  PID:4828
- C:\Windows\System\olNeyya.exe
  C:\Windows\System\olNeyya.exe
  2⤵
  PID:4848
- C:\Windows\System\zLtHSKy.exe
  C:\Windows\System\zLtHSKy.exe
  2⤵
  PID:4868
- C:\Windows\System\TVgPjqS.exe
  C:\Windows\System\TVgPjqS.exe
  2⤵
  PID:4888
- C:\Windows\System\vPPzAEh.exe
  C:\Windows\System\vPPzAEh.exe
  2⤵
  PID:4908
- C:\Windows\System\jSkhykB.exe
  C:\Windows\System\jSkhykB.exe
  2⤵
  PID:4928
- C:\Windows\System\vdrjtAu.exe
  C:\Windows\System\vdrjtAu.exe
  2⤵
  PID:4948
- C:\Windows\System\mQNAtMr.exe
  C:\Windows\System\mQNAtMr.exe
  2⤵
  PID:4968
- C:\Windows\System\pRMXkmc.exe
  C:\Windows\System\pRMXkmc.exe
  2⤵
  PID:4988
- C:\Windows\System\HwrrPgU.exe
  C:\Windows\System\HwrrPgU.exe
  2⤵
  PID:5008
- C:\Windows\System\UoPlZfe.exe
  C:\Windows\System\UoPlZfe.exe
  2⤵
  PID:5028
- C:\Windows\System\Xfqlfvo.exe
  C:\Windows\System\Xfqlfvo.exe
  2⤵
  PID:5048
- C:\Windows\System\KFAeFIV.exe
  C:\Windows\System\KFAeFIV.exe
  2⤵
  PID:5064
- C:\Windows\System\sAyuVDa.exe
  C:\Windows\System\sAyuVDa.exe
  2⤵
  PID:5088
- C:\Windows\System\wMluEGR.exe
  C:\Windows\System\wMluEGR.exe
  2⤵
  PID:5104
- C:\Windows\System\KdcxRiV.exe
  C:\Windows\System\KdcxRiV.exe
  2⤵
  PID:4056
- C:\Windows\System\ZuucxeY.exe
  C:\Windows\System\ZuucxeY.exe
  2⤵
  PID:2312
- C:\Windows\System\gzelnGO.exe
  C:\Windows\System\gzelnGO.exe
  2⤵
  PID:1376
- C:\Windows\System\mrFIiZT.exe
  C:\Windows\System\mrFIiZT.exe
  2⤵
  PID:1520
- C:\Windows\System\jCxKGje.exe
  C:\Windows\System\jCxKGje.exe
  2⤵
  PID:304
- C:\Windows\System\qwilrTV.exe
  C:\Windows\System\qwilrTV.exe
  2⤵
  PID:1492
- C:\Windows\System\erzaVvE.exe
  C:\Windows\System\erzaVvE.exe
  2⤵
  PID:3256
- C:\Windows\System\JpBFkSi.exe
  C:\Windows\System\JpBFkSi.exe
  2⤵
  PID:3308
- C:\Windows\System\MtlOnPD.exe
  C:\Windows\System\MtlOnPD.exe
  2⤵
  PID:3336
- C:\Windows\System\WGPMpPf.exe
  C:\Windows\System\WGPMpPf.exe
  2⤵
  PID:3432
- C:\Windows\System\fcrNqot.exe
  C:\Windows\System\fcrNqot.exe
  2⤵
  PID:3560
- C:\Windows\System\cSUhMhR.exe
  C:\Windows\System\cSUhMhR.exe
  2⤵
  PID:2172
- C:\Windows\System\zXmGbMs.exe
  C:\Windows\System\zXmGbMs.exe
  2⤵
  PID:3612
- C:\Windows\System\yjPHtwR.exe
  C:\Windows\System\yjPHtwR.exe
  2⤵
  PID:3880
- C:\Windows\System\QvgnmUu.exe
  C:\Windows\System\QvgnmUu.exe
  2⤵
  PID:3908
- C:\Windows\System\BgvSgax.exe
  C:\Windows\System\BgvSgax.exe
  2⤵
  PID:3948
- C:\Windows\System\dwZmxVa.exe
  C:\Windows\System\dwZmxVa.exe
  2⤵
  PID:4120
- C:\Windows\System\DBhOSiL.exe
  C:\Windows\System\DBhOSiL.exe
  2⤵
  PID:4140
- C:\Windows\System\xSctghu.exe
  C:\Windows\System\xSctghu.exe
  2⤵
  PID:4192
- C:\Windows\System\CJVxVcy.exe
  C:\Windows\System\CJVxVcy.exe
  2⤵
  PID:4212
- C:\Windows\System\mojbhtX.exe
  C:\Windows\System\mojbhtX.exe
  2⤵
  PID:4252
- C:\Windows\System\PuEvDgl.exe
  C:\Windows\System\PuEvDgl.exe
  2⤵
  PID:4276
- C:\Windows\System\RTAVQtD.exe
  C:\Windows\System\RTAVQtD.exe
  2⤵
  PID:4316
- C:\Windows\System\NTfDXkn.exe
  C:\Windows\System\NTfDXkn.exe
  2⤵
  PID:4360
- C:\Windows\System\UWVfOnT.exe
  C:\Windows\System\UWVfOnT.exe
  2⤵
  PID:4376
- C:\Windows\System\fpILEgd.exe
  C:\Windows\System\fpILEgd.exe
  2⤵
  PID:4420
- C:\Windows\System\gVvjyXq.exe
  C:\Windows\System\gVvjyXq.exe
  2⤵
  PID:4472
- C:\Windows\System\wxkuwvQ.exe
  C:\Windows\System\wxkuwvQ.exe
  2⤵
  PID:4492
- C:\Windows\System\VIoUedC.exe
  C:\Windows\System\VIoUedC.exe
  2⤵
  PID:4516
- C:\Windows\System\PkFTXAI.exe
  C:\Windows\System\PkFTXAI.exe
  2⤵
  PID:4560
- C:\Windows\System\utKuBZz.exe
  C:\Windows\System\utKuBZz.exe
  2⤵
  PID:4592
- C:\Windows\System\SSAadsY.exe
  C:\Windows\System\SSAadsY.exe
  2⤵
  PID:4644
- C:\Windows\System\twVvClJ.exe
  C:\Windows\System\twVvClJ.exe
  2⤵
  PID:4676
- C:\Windows\System\RCIjtuH.exe
  C:\Windows\System\RCIjtuH.exe
  2⤵
  PID:4680
- C:\Windows\System\khrmUxn.exe
  C:\Windows\System\khrmUxn.exe
  2⤵
  PID:4700
- C:\Windows\System\OueYCrx.exe
  C:\Windows\System\OueYCrx.exe
  2⤵
  PID:4764
- C:\Windows\System\EpNxPlM.exe
  C:\Windows\System\EpNxPlM.exe
  2⤵
  PID:4780
- C:\Windows\System\yyGuxBa.exe
  C:\Windows\System\yyGuxBa.exe
  2⤵
  PID:4816
- C:\Windows\System\SGEjKRx.exe
  C:\Windows\System\SGEjKRx.exe
  2⤵
  PID:4824
- C:\Windows\System\KVCvhTm.exe
  C:\Windows\System\KVCvhTm.exe
  2⤵
  PID:4916
- C:\Windows\System\xqfuvYp.exe
  C:\Windows\System\xqfuvYp.exe
  2⤵
  PID:4964
- C:\Windows\System\ziDXRlm.exe
  C:\Windows\System\ziDXRlm.exe
  2⤵
  PID:4944
- C:\Windows\System\tKzASTX.exe
  C:\Windows\System\tKzASTX.exe
  2⤵
  PID:4976
- C:\Windows\System\KKzwqlo.exe
  C:\Windows\System\KKzwqlo.exe
  2⤵
  PID:5044
- C:\Windows\System\hMbXXpL.exe
  C:\Windows\System\hMbXXpL.exe
  2⤵
  PID:5020
- C:\Windows\System\eNGSfYB.exe
  C:\Windows\System\eNGSfYB.exe
  2⤵
  PID:2796
- C:\Windows\System\hUBYOvf.exe
  C:\Windows\System\hUBYOvf.exe
  2⤵
  PID:5100
- C:\Windows\System\GWzghXf.exe
  C:\Windows\System\GWzghXf.exe
  2⤵
  PID:4072
- C:\Windows\System\qfJFewS.exe
  C:\Windows\System\qfJFewS.exe
  2⤵
  PID:2120
- C:\Windows\System\odvJAyD.exe
  C:\Windows\System\odvJAyD.exe
  2⤵
  PID:3228
- C:\Windows\System\Maftkll.exe
  C:\Windows\System\Maftkll.exe
  2⤵
  PID:1968
- C:\Windows\System\qEgmdNK.exe
  C:\Windows\System\qEgmdNK.exe
  2⤵
  PID:3508
- C:\Windows\System\BKWlPdP.exe
  C:\Windows\System\BKWlPdP.exe
  2⤵
  PID:3744
- C:\Windows\System\zYwuhCP.exe
  C:\Windows\System\zYwuhCP.exe
  2⤵
  PID:3600
- C:\Windows\System\aOPVGVI.exe
  C:\Windows\System\aOPVGVI.exe
  2⤵
  PID:3896
- C:\Windows\System\zsfaHTF.exe
  C:\Windows\System\zsfaHTF.exe
  2⤵
  PID:2328
- C:\Windows\System\vdMSDFN.exe
  C:\Windows\System\vdMSDFN.exe
  2⤵
  PID:4152
- C:\Windows\System\BWViACU.exe
  C:\Windows\System\BWViACU.exe
  2⤵
  PID:4232
- C:\Windows\System\NRlGfMX.exe
  C:\Windows\System\NRlGfMX.exe
  2⤵
  PID:4196
- C:\Windows\System\rNgyAlh.exe
  C:\Windows\System\rNgyAlh.exe
  2⤵
  PID:4280
- C:\Windows\System\DfZeRsQ.exe
  C:\Windows\System\DfZeRsQ.exe
  2⤵
  PID:4380
- C:\Windows\System\HwNuiWD.exe
  C:\Windows\System\HwNuiWD.exe
  2⤵
  PID:4452
- C:\Windows\System\kNFoSBU.exe
  C:\Windows\System\kNFoSBU.exe
  2⤵
  PID:4512
- C:\Windows\System\lfaiMTr.exe
  C:\Windows\System\lfaiMTr.exe
  2⤵
  PID:4540
- C:\Windows\System\EiCPEDg.exe
  C:\Windows\System\EiCPEDg.exe
  2⤵
  PID:4580
- C:\Windows\System\cQdSVud.exe
  C:\Windows\System\cQdSVud.exe
  2⤵
  PID:4636
- C:\Windows\System\QzjOlks.exe
  C:\Windows\System\QzjOlks.exe
  2⤵
  PID:4660
- C:\Windows\System\BBEZGDi.exe
  C:\Windows\System\BBEZGDi.exe
  2⤵
  PID:4784
- C:\Windows\System\ExCUiLd.exe
  C:\Windows\System\ExCUiLd.exe
  2⤵
  PID:4844
- C:\Windows\System\uaerkjm.exe
  C:\Windows\System\uaerkjm.exe
  2⤵
  PID:4856
- C:\Windows\System\VpZiNxj.exe
  C:\Windows\System\VpZiNxj.exe
  2⤵
  PID:4864
- C:\Windows\System\SrBdjZa.exe
  C:\Windows\System\SrBdjZa.exe
  2⤵
  PID:4984
- C:\Windows\System\MmrvGzx.exe
  C:\Windows\System\MmrvGzx.exe
  2⤵
  PID:5016
- C:\Windows\System\NNCzqjG.exe
  C:\Windows\System\NNCzqjG.exe
  2⤵
  PID:5096
- C:\Windows\System\YtQrHal.exe
  C:\Windows\System\YtQrHal.exe
  2⤵
  PID:2736
- C:\Windows\System\WJnHXtg.exe
  C:\Windows\System\WJnHXtg.exe
  2⤵
  PID:3112
- C:\Windows\System\VHcqosf.exe
  C:\Windows\System\VHcqosf.exe
  2⤵
  PID:5136
- C:\Windows\System\AcviQaD.exe
  C:\Windows\System\AcviQaD.exe
  2⤵
  PID:5156
- C:\Windows\System\JvEjBoJ.exe
  C:\Windows\System\JvEjBoJ.exe
  2⤵
  PID:5176
- C:\Windows\System\GscykXH.exe
  C:\Windows\System\GscykXH.exe
  2⤵
  PID:5196
- C:\Windows\System\iZRdcrk.exe
  C:\Windows\System\iZRdcrk.exe
  2⤵
  PID:5216
- C:\Windows\System\qKlFfkR.exe
  C:\Windows\System\qKlFfkR.exe
  2⤵
  PID:5236
- C:\Windows\System\Wgwijmg.exe
  C:\Windows\System\Wgwijmg.exe
  2⤵
  PID:5256
- C:\Windows\System\mlcWTvn.exe
  C:\Windows\System\mlcWTvn.exe
  2⤵
  PID:5276
- C:\Windows\System\lnUfPnQ.exe
  C:\Windows\System\lnUfPnQ.exe
  2⤵
  PID:5296
- C:\Windows\System\ZeDKSar.exe
  C:\Windows\System\ZeDKSar.exe
  2⤵
  PID:5312
- C:\Windows\System\GqpJzyY.exe
  C:\Windows\System\GqpJzyY.exe
  2⤵
  PID:5328
- C:\Windows\System\EKQGJbF.exe
  C:\Windows\System\EKQGJbF.exe
  2⤵
  PID:5352
- C:\Windows\System\jdIZvUL.exe
  C:\Windows\System\jdIZvUL.exe
  2⤵
  PID:5376
- C:\Windows\System\wHHdnfV.exe
  C:\Windows\System\wHHdnfV.exe
  2⤵
  PID:5392
- C:\Windows\System\IRFuYqb.exe
  C:\Windows\System\IRFuYqb.exe
  2⤵
  PID:5416
- C:\Windows\System\iaotZmH.exe
  C:\Windows\System\iaotZmH.exe
  2⤵
  PID:5436
- C:\Windows\System\AHxZcSp.exe
  C:\Windows\System\AHxZcSp.exe
  2⤵
  PID:5456
- C:\Windows\System\DcvoSkd.exe
  C:\Windows\System\DcvoSkd.exe
  2⤵
  PID:5476
- C:\Windows\System\KvEGQBN.exe
  C:\Windows\System\KvEGQBN.exe
  2⤵
  PID:5496
- C:\Windows\System\VqojHQD.exe
  C:\Windows\System\VqojHQD.exe
  2⤵
  PID:5516
- C:\Windows\System\vVRiLsT.exe
  C:\Windows\System\vVRiLsT.exe
  2⤵
  PID:5536
- C:\Windows\System\jAZFlnD.exe
  C:\Windows\System\jAZFlnD.exe
  2⤵
  PID:5556
- C:\Windows\System\XSWATMU.exe
  C:\Windows\System\XSWATMU.exe
  2⤵
  PID:5576
- C:\Windows\System\CioEVRy.exe
  C:\Windows\System\CioEVRy.exe
  2⤵
  PID:5596
- C:\Windows\System\vWhJknJ.exe
  C:\Windows\System\vWhJknJ.exe
  2⤵
  PID:5616
- C:\Windows\System\zevXpJs.exe
  C:\Windows\System\zevXpJs.exe
  2⤵
  PID:5636
- C:\Windows\System\AoncqYi.exe
  C:\Windows\System\AoncqYi.exe
  2⤵
  PID:5656
- C:\Windows\System\efLbcwY.exe
  C:\Windows\System\efLbcwY.exe
  2⤵
  PID:5676
- C:\Windows\System\XWBWQvQ.exe
  C:\Windows\System\XWBWQvQ.exe
  2⤵
  PID:5696
- C:\Windows\System\rmNxbzG.exe
  C:\Windows\System\rmNxbzG.exe
  2⤵
  PID:5716
- C:\Windows\System\NaUJhlv.exe
  C:\Windows\System\NaUJhlv.exe
  2⤵
  PID:5736
- C:\Windows\System\DrZTqWh.exe
  C:\Windows\System\DrZTqWh.exe
  2⤵
  PID:5760
- C:\Windows\System\nTVHEZo.exe
  C:\Windows\System\nTVHEZo.exe
  2⤵
  PID:5780
- C:\Windows\System\LapXvlP.exe
  C:\Windows\System\LapXvlP.exe
  2⤵
  PID:5800
- C:\Windows\System\nvZdqRC.exe
  C:\Windows\System\nvZdqRC.exe
  2⤵
  PID:5820
- C:\Windows\System\sQmmyTx.exe
  C:\Windows\System\sQmmyTx.exe
  2⤵
  PID:5840
- C:\Windows\System\LwDaJkP.exe
  C:\Windows\System\LwDaJkP.exe
  2⤵
  PID:5860
- C:\Windows\System\iKDAhoX.exe
  C:\Windows\System\iKDAhoX.exe
  2⤵
  PID:5880
- C:\Windows\System\FwrLFUq.exe
  C:\Windows\System\FwrLFUq.exe
  2⤵
  PID:5900
- C:\Windows\System\QzsbmQk.exe
  C:\Windows\System\QzsbmQk.exe
  2⤵
  PID:5920
- C:\Windows\System\VHCLXJc.exe
  C:\Windows\System\VHCLXJc.exe
  2⤵
  PID:5940
- C:\Windows\System\CHLnfbv.exe
  C:\Windows\System\CHLnfbv.exe
  2⤵
  PID:5960
- C:\Windows\System\GARQFzP.exe
  C:\Windows\System\GARQFzP.exe
  2⤵
  PID:5980
- C:\Windows\System\ZTepxKp.exe
  C:\Windows\System\ZTepxKp.exe
  2⤵
  PID:6000
- C:\Windows\System\TzwvHGd.exe
  C:\Windows\System\TzwvHGd.exe
  2⤵
  PID:6020
- C:\Windows\System\yJsiUad.exe
  C:\Windows\System\yJsiUad.exe
  2⤵
  PID:6040
- C:\Windows\System\XUDrRuW.exe
  C:\Windows\System\XUDrRuW.exe
  2⤵
  PID:6060
- C:\Windows\System\BGqplmo.exe
  C:\Windows\System\BGqplmo.exe
  2⤵
  PID:6080
- C:\Windows\System\kxfkXRJ.exe
  C:\Windows\System\kxfkXRJ.exe
  2⤵
  PID:6100
- C:\Windows\System\LxlcWEz.exe
  C:\Windows\System\LxlcWEz.exe
  2⤵
  PID:6120
- C:\Windows\System\VBfheLW.exe
  C:\Windows\System\VBfheLW.exe
  2⤵
  PID:6140
- C:\Windows\System\FZumHFW.exe
  C:\Windows\System\FZumHFW.exe
  2⤵
  PID:2028
- C:\Windows\System\uBQfebq.exe
  C:\Windows\System\uBQfebq.exe
  2⤵
  PID:3536
- C:\Windows\System\ZyzoArb.exe
  C:\Windows\System\ZyzoArb.exe
  2⤵
  PID:3740
- C:\Windows\System\XJMxJIb.exe
  C:\Windows\System\XJMxJIb.exe
  2⤵
  PID:4016
- C:\Windows\System\vXvYfVU.exe
  C:\Windows\System\vXvYfVU.exe
  2⤵
  PID:4172
- C:\Windows\System\UzVWGfS.exe
  C:\Windows\System\UzVWGfS.exe
  2⤵
  PID:4256
- C:\Windows\System\hVILHTm.exe
  C:\Windows\System\hVILHTm.exe
  2⤵
  PID:4436
- C:\Windows\System\hPmXxVy.exe
  C:\Windows\System\hPmXxVy.exe
  2⤵
  PID:4536
- C:\Windows\System\REchBiN.exe
  C:\Windows\System\REchBiN.exe
  2⤵
  PID:4624
- C:\Windows\System\hcynqyh.exe
  C:\Windows\System\hcynqyh.exe
  2⤵
  PID:4656
- C:\Windows\System\unAPaYq.exe
  C:\Windows\System\unAPaYq.exe
  2⤵
  PID:4744
- C:\Windows\System\GoJLhAX.exe
  C:\Windows\System\GoJLhAX.exe
  2⤵
  PID:4836
- C:\Windows\System\DWPkLQR.exe
  C:\Windows\System\DWPkLQR.exe
  2⤵
  PID:5036
- C:\Windows\System\xfTvVEC.exe
  C:\Windows\System\xfTvVEC.exe
  2⤵
  PID:5112
- C:\Windows\System\UOEQRMs.exe
  C:\Windows\System\UOEQRMs.exe
  2⤵
  PID:5080
- C:\Windows\System\PzznvVB.exe
  C:\Windows\System\PzznvVB.exe
  2⤵
  PID:556
- C:\Windows\System\FsvqDah.exe
  C:\Windows\System\FsvqDah.exe
  2⤵
  PID:5148
- C:\Windows\System\eySLJtc.exe
  C:\Windows\System\eySLJtc.exe
  2⤵
  PID:5204
- C:\Windows\System\UKCVoff.exe
  C:\Windows\System\UKCVoff.exe
  2⤵
  PID:5224
- C:\Windows\System\ummxQnB.exe
  C:\Windows\System\ummxQnB.exe
  2⤵
  PID:5284
- C:\Windows\System\eaIKela.exe
  C:\Windows\System\eaIKela.exe
  2⤵
  PID:5272
- C:\Windows\System\mBETwFF.exe
  C:\Windows\System\mBETwFF.exe
  2⤵
  PID:5360
- C:\Windows\System\uTlWEml.exe
  C:\Windows\System\uTlWEml.exe
  2⤵
  PID:5340
- C:\Windows\System\FYLgqZy.exe
  C:\Windows\System\FYLgqZy.exe
  2⤵
  PID:5400
- C:\Windows\System\ZcFBbTK.exe
  C:\Windows\System\ZcFBbTK.exe
  2⤵
  PID:5424
- C:\Windows\System\JKMptDo.exe
  C:\Windows\System\JKMptDo.exe
  2⤵
  PID:5448
- C:\Windows\System\jsWeEWa.exe
  C:\Windows\System\jsWeEWa.exe
  2⤵
  PID:5492
- C:\Windows\System\MSXOBcP.exe
  C:\Windows\System\MSXOBcP.exe
  2⤵
  PID:5512
- C:\Windows\System\MEEpfdQ.exe
  C:\Windows\System\MEEpfdQ.exe
  2⤵
  PID:5544
- C:\Windows\System\oNMqWAB.exe
  C:\Windows\System\oNMqWAB.exe
  2⤵
  PID:5592
- C:\Windows\System\PaeHyEp.exe
  C:\Windows\System\PaeHyEp.exe
  2⤵
  PID:5624
- C:\Windows\System\clOOKCY.exe
  C:\Windows\System\clOOKCY.exe
  2⤵
  PID:5648
- C:\Windows\System\pqYNcRW.exe
  C:\Windows\System\pqYNcRW.exe
  2⤵
  PID:5692
- C:\Windows\System\RsKjVhs.exe
  C:\Windows\System\RsKjVhs.exe
  2⤵
  PID:5708
- C:\Windows\System\jRUrAxP.exe
  C:\Windows\System\jRUrAxP.exe
  2⤵
  PID:5748
- C:\Windows\System\nkBtrjj.exe
  C:\Windows\System\nkBtrjj.exe
  2⤵
  PID:5796
- C:\Windows\System\qvQKYaJ.exe
  C:\Windows\System\qvQKYaJ.exe
  2⤵
  PID:5828
- C:\Windows\System\vRfpaKZ.exe
  C:\Windows\System\vRfpaKZ.exe
  2⤵
  PID:5852
- C:\Windows\System\YwtOLxN.exe
  C:\Windows\System\YwtOLxN.exe
  2⤵
  PID:5896
- C:\Windows\System\wNasysA.exe
  C:\Windows\System\wNasysA.exe
  2⤵
  PID:5936
- C:\Windows\System\TcrXyZe.exe
  C:\Windows\System\TcrXyZe.exe
  2⤵
  PID:5948
- C:\Windows\System\ZmkAfGh.exe
  C:\Windows\System\ZmkAfGh.exe
  2⤵
  PID:5988
- C:\Windows\System\ZeOilye.exe
  C:\Windows\System\ZeOilye.exe
  2⤵
  PID:6016
- C:\Windows\System\sXukOeL.exe
  C:\Windows\System\sXukOeL.exe
  2⤵
  PID:6032
- C:\Windows\System\MkbprjK.exe
  C:\Windows\System\MkbprjK.exe
  2⤵
  PID:6096
- C:\Windows\System\NGyMhqx.exe
  C:\Windows\System\NGyMhqx.exe
  2⤵
  PID:6128
- C:\Windows\System\QowKxcI.exe
  C:\Windows\System\QowKxcI.exe
  2⤵
  PID:2908
- C:\Windows\System\eAqPqUG.exe
  C:\Windows\System\eAqPqUG.exe
  2⤵
  PID:3448
- C:\Windows\System\khEMftz.exe
  C:\Windows\System\khEMftz.exe
  2⤵
  PID:4156
- C:\Windows\System\XvCsLfj.exe
  C:\Windows\System\XvCsLfj.exe
  2⤵
  PID:4176
- C:\Windows\System\zmSLBMQ.exe
  C:\Windows\System\zmSLBMQ.exe
  2⤵
  PID:4480
- C:\Windows\System\RTXjeWi.exe
  C:\Windows\System\RTXjeWi.exe
  2⤵
  PID:4520
- C:\Windows\System\KitBQWl.exe
  C:\Windows\System\KitBQWl.exe
  2⤵
  PID:4740
- C:\Windows\System\mqBtSvO.exe
  C:\Windows\System\mqBtSvO.exe
  2⤵
  PID:4884
- C:\Windows\System\lPCnYTR.exe
  C:\Windows\System\lPCnYTR.exe
  2⤵
  PID:5060
- C:\Windows\System\MiJkYCv.exe
  C:\Windows\System\MiJkYCv.exe
  2⤵
  PID:5132
- C:\Windows\System\twYIWrF.exe
  C:\Windows\System\twYIWrF.exe
  2⤵
  PID:5152
- C:\Windows\System\geMaYBc.exe
  C:\Windows\System\geMaYBc.exe
  2⤵
  PID:5208
- C:\Windows\System\tMBCAAe.exe
  C:\Windows\System\tMBCAAe.exe
  2⤵
  PID:5304
- C:\Windows\System\kbBiwQK.exe
  C:\Windows\System\kbBiwQK.exe
  2⤵
  PID:5368
- C:\Windows\System\fRYnoLg.exe
  C:\Windows\System\fRYnoLg.exe
  2⤵
  PID:5404
- C:\Windows\System\obUJpIL.exe
  C:\Windows\System\obUJpIL.exe
  2⤵
  PID:5428
- C:\Windows\System\OrHRvWi.exe
  C:\Windows\System\OrHRvWi.exe
  2⤵
  PID:5468
- C:\Windows\System\kAUnOnF.exe
  C:\Windows\System\kAUnOnF.exe
  2⤵
  PID:2080
- C:\Windows\System\mGJyaFO.exe
  C:\Windows\System\mGJyaFO.exe
  2⤵
  PID:5628
- C:\Windows\System\vIrukyO.exe
  C:\Windows\System\vIrukyO.exe
  2⤵
  PID:5612
- C:\Windows\System\EKAbIqa.exe
  C:\Windows\System\EKAbIqa.exe
  2⤵
  PID:5668
- C:\Windows\System\ufKXSUq.exe
  C:\Windows\System\ufKXSUq.exe
  2⤵
  PID:5744
- C:\Windows\System\MfXVNWl.exe
  C:\Windows\System\MfXVNWl.exe
  2⤵
  PID:5792
- C:\Windows\System\kcXQhUX.exe
  C:\Windows\System\kcXQhUX.exe
  2⤵
  PID:5916
- C:\Windows\System\UZqdQqE.exe
  C:\Windows\System\UZqdQqE.exe
  2⤵
  PID:5932
- C:\Windows\System\sIabVtD.exe
  C:\Windows\System\sIabVtD.exe
  2⤵
  PID:6056
- C:\Windows\System\VhZhAAa.exe
  C:\Windows\System\VhZhAAa.exe
  2⤵
  PID:6088
- C:\Windows\System\dQtQPAg.exe
  C:\Windows\System\dQtQPAg.exe
  2⤵
  PID:3472
- C:\Windows\System\EbYjhaO.exe
  C:\Windows\System\EbYjhaO.exe
  2⤵
  PID:4236
- C:\Windows\System\LszAxwD.exe
  C:\Windows\System\LszAxwD.exe
  2⤵
  PID:4600
- C:\Windows\System\gAUzhnE.exe
  C:\Windows\System\gAUzhnE.exe
  2⤵
  PID:4296
- C:\Windows\System\jlGnKSK.exe
  C:\Windows\System\jlGnKSK.exe
  2⤵
  PID:4936
- C:\Windows\System\hFtoLZM.exe
  C:\Windows\System\hFtoLZM.exe
  2⤵
  PID:5192
- C:\Windows\System\TCMbdHV.exe
  C:\Windows\System\TCMbdHV.exe
  2⤵
  PID:5184
- C:\Windows\System\BPsxCqE.exe
  C:\Windows\System\BPsxCqE.exe
  2⤵
  PID:5324
- C:\Windows\System\SNfPHmT.exe
  C:\Windows\System\SNfPHmT.exe
  2⤵
  PID:5288
- C:\Windows\System\HlXUUXi.exe
  C:\Windows\System\HlXUUXi.exe
  2⤵
  PID:6152
- C:\Windows\System\SOkyviE.exe
  C:\Windows\System\SOkyviE.exe
  2⤵
  PID:6172
- C:\Windows\System\aDBMLLs.exe
  C:\Windows\System\aDBMLLs.exe
  2⤵
  PID:6192
- C:\Windows\System\oqmLWlH.exe
  C:\Windows\System\oqmLWlH.exe
  2⤵
  PID:6216
- C:\Windows\System\zKxVTaZ.exe
  C:\Windows\System\zKxVTaZ.exe
  2⤵
  PID:6236
- C:\Windows\System\WucEJcY.exe
  C:\Windows\System\WucEJcY.exe
  2⤵
  PID:6256
- C:\Windows\System\bJoUIFZ.exe
  C:\Windows\System\bJoUIFZ.exe
  2⤵
  PID:6276
- C:\Windows\System\DvgGhmR.exe
  C:\Windows\System\DvgGhmR.exe
  2⤵
  PID:6296
- C:\Windows\System\PtKoOmg.exe
  C:\Windows\System\PtKoOmg.exe
  2⤵
  PID:6316
- C:\Windows\System\XQOIbZN.exe
  C:\Windows\System\XQOIbZN.exe
  2⤵
  PID:6336
- C:\Windows\System\mvYfKrs.exe
  C:\Windows\System\mvYfKrs.exe
  2⤵
  PID:6356
- C:\Windows\System\XOfQXfR.exe
  C:\Windows\System\XOfQXfR.exe
  2⤵
  PID:6376
- C:\Windows\System\yoWZcak.exe
  C:\Windows\System\yoWZcak.exe
  2⤵
  PID:6396
- C:\Windows\System\cpNagUv.exe
  C:\Windows\System\cpNagUv.exe
  2⤵
  PID:6416
- C:\Windows\System\DNmXNXW.exe
  C:\Windows\System\DNmXNXW.exe
  2⤵
  PID:6436
- C:\Windows\System\CYobwWQ.exe
  C:\Windows\System\CYobwWQ.exe
  2⤵
  PID:6456
- C:\Windows\System\UFOKrIg.exe
  C:\Windows\System\UFOKrIg.exe
  2⤵
  PID:6476
- C:\Windows\System\FnybxIV.exe
  C:\Windows\System\FnybxIV.exe
  2⤵
  PID:6496
- C:\Windows\System\CyYuqHH.exe
  C:\Windows\System\CyYuqHH.exe
  2⤵
  PID:6516
- C:\Windows\System\gUYhzav.exe
  C:\Windows\System\gUYhzav.exe
  2⤵
  PID:6536
- C:\Windows\System\EfsHyjM.exe
  C:\Windows\System\EfsHyjM.exe
  2⤵
  PID:6556
- C:\Windows\System\hCLhqNy.exe
  C:\Windows\System\hCLhqNy.exe
  2⤵
  PID:6576
- C:\Windows\System\SYGzkMV.exe
  C:\Windows\System\SYGzkMV.exe
  2⤵
  PID:6596
- C:\Windows\System\vcYZHUl.exe
  C:\Windows\System\vcYZHUl.exe
  2⤵
  PID:6616
- C:\Windows\System\QstAynP.exe
  C:\Windows\System\QstAynP.exe
  2⤵
  PID:6636
- C:\Windows\System\fugFkas.exe
  C:\Windows\System\fugFkas.exe
  2⤵
  PID:6652
- C:\Windows\System\JDCVmjB.exe
  C:\Windows\System\JDCVmjB.exe
  2⤵
  PID:6676
- C:\Windows\System\mQWkFpD.exe
  C:\Windows\System\mQWkFpD.exe
  2⤵
  PID:6696
- C:\Windows\System\EsMzkGj.exe
  C:\Windows\System\EsMzkGj.exe
  2⤵
  PID:6716
- C:\Windows\System\LQfFuki.exe
  C:\Windows\System\LQfFuki.exe
  2⤵
  PID:6736
- C:\Windows\System\xyReYzK.exe
  C:\Windows\System\xyReYzK.exe
  2⤵
  PID:6756
- C:\Windows\System\zmqtSSZ.exe
  C:\Windows\System\zmqtSSZ.exe
  2⤵
  PID:6776
- C:\Windows\System\UFcHNAB.exe
  C:\Windows\System\UFcHNAB.exe
  2⤵
  PID:6796
- C:\Windows\System\NkDtabU.exe
  C:\Windows\System\NkDtabU.exe
  2⤵
  PID:6812
- C:\Windows\System\zueeYzw.exe
  C:\Windows\System\zueeYzw.exe
  2⤵
  PID:6836
- C:\Windows\System\NNHbJdZ.exe
  C:\Windows\System\NNHbJdZ.exe
  2⤵
  PID:6860
- C:\Windows\System\HQBMheu.exe
  C:\Windows\System\HQBMheu.exe
  2⤵
  PID:6880
- C:\Windows\System\fTvkynA.exe
  C:\Windows\System\fTvkynA.exe
  2⤵
  PID:6900
- C:\Windows\System\iVFjbJS.exe
  C:\Windows\System\iVFjbJS.exe
  2⤵
  PID:6920
- C:\Windows\System\vCxTPoW.exe
  C:\Windows\System\vCxTPoW.exe
  2⤵
  PID:6940
- C:\Windows\System\GypdHjo.exe
  C:\Windows\System\GypdHjo.exe
  2⤵
  PID:6960
- C:\Windows\System\lAlsBga.exe
  C:\Windows\System\lAlsBga.exe
  2⤵
  PID:6980
- C:\Windows\System\ZBbOIrA.exe
  C:\Windows\System\ZBbOIrA.exe
  2⤵
  PID:7000
- C:\Windows\System\Noouazh.exe
  C:\Windows\System\Noouazh.exe
  2⤵
  PID:7020
- C:\Windows\System\qhhnieo.exe
  C:\Windows\System\qhhnieo.exe
  2⤵
  PID:7040
- C:\Windows\System\cGThaLl.exe
  C:\Windows\System\cGThaLl.exe
  2⤵
  PID:7056
- C:\Windows\System\NqzqFKK.exe
  C:\Windows\System\NqzqFKK.exe
  2⤵
  PID:7080
- C:\Windows\System\clTixpx.exe
  C:\Windows\System\clTixpx.exe
  2⤵
  PID:7100
- C:\Windows\System\cKLpzGl.exe
  C:\Windows\System\cKLpzGl.exe
  2⤵
  PID:7120
- C:\Windows\System\JjNiprn.exe
  C:\Windows\System\JjNiprn.exe
  2⤵
  PID:7140
- C:\Windows\System\ukndils.exe
  C:\Windows\System\ukndils.exe
  2⤵
  PID:7160
- C:\Windows\System\jFnucnx.exe
  C:\Windows\System\jFnucnx.exe
  2⤵
  PID:5388
- C:\Windows\System\aWppucZ.exe
  C:\Windows\System\aWppucZ.exe
  2⤵
  PID:5584
- C:\Windows\System\HXkEYzH.exe
  C:\Windows\System\HXkEYzH.exe
  2⤵
  PID:5672
- C:\Windows\System\qgFBlLX.exe
  C:\Windows\System\qgFBlLX.exe
  2⤵
  PID:5776
- C:\Windows\System\VchTnVh.exe
  C:\Windows\System\VchTnVh.exe
  2⤵
  PID:5876
- C:\Windows\System\BDHmQlT.exe
  C:\Windows\System\BDHmQlT.exe
  2⤵
  PID:5848
- C:\Windows\System\YRhNmjK.exe
  C:\Windows\System\YRhNmjK.exe
  2⤵
  PID:6036
- C:\Windows\System\czREpoy.exe
  C:\Windows\System\czREpoy.exe
  2⤵
  PID:6112
- C:\Windows\System\yDrzSpq.exe
  C:\Windows\System\yDrzSpq.exe
  2⤵
  PID:4696
- C:\Windows\System\dRXGUZz.exe
  C:\Windows\System\dRXGUZz.exe
  2⤵
  PID:4980
- C:\Windows\System\BTgbeiJ.exe
  C:\Windows\System\BTgbeiJ.exe
  2⤵
  PID:876
- C:\Windows\System\fpoxtbv.exe
  C:\Windows\System\fpoxtbv.exe
  2⤵
  PID:5244
- C:\Windows\System\alpQPKN.exe
  C:\Windows\System\alpQPKN.exe
  2⤵
  PID:5252
- C:\Windows\System\vUCYgEx.exe
  C:\Windows\System\vUCYgEx.exe
  2⤵
  PID:6188
- C:\Windows\System\pLrlrpe.exe
  C:\Windows\System\pLrlrpe.exe
  2⤵
  PID:6232
- C:\Windows\System\xebgevJ.exe
  C:\Windows\System\xebgevJ.exe
  2⤵
  PID:6252
- C:\Windows\System\veEbuGS.exe
  C:\Windows\System\veEbuGS.exe
  2⤵
  PID:2332
- C:\Windows\System\nhlZPQf.exe
  C:\Windows\System\nhlZPQf.exe
  2⤵
  PID:6312
- C:\Windows\System\AysHDtT.exe
  C:\Windows\System\AysHDtT.exe
  2⤵
  PID:6348
- C:\Windows\System\DNCgUfQ.exe
  C:\Windows\System\DNCgUfQ.exe
  2⤵
  PID:6364
- C:\Windows\System\RaSCnJo.exe
  C:\Windows\System\RaSCnJo.exe
  2⤵
  PID:6372
- C:\Windows\System\cByuvrK.exe
  C:\Windows\System\cByuvrK.exe
  2⤵
  PID:6464
- C:\Windows\System\OTydPxa.exe
  C:\Windows\System\OTydPxa.exe
  2⤵
  PID:6448
- C:\Windows\System\vregjZH.exe
  C:\Windows\System\vregjZH.exe
  2⤵
  PID:6512
- C:\Windows\System\GLXlsQd.exe
  C:\Windows\System\GLXlsQd.exe
  2⤵
  PID:6552
- C:\Windows\System\pfWsQEt.exe
  C:\Windows\System\pfWsQEt.exe
  2⤵
  PID:6592
- C:\Windows\System\txEmxgL.exe
  C:\Windows\System\txEmxgL.exe
  2⤵
  PID:6624
- C:\Windows\System\nXHpROC.exe
  C:\Windows\System\nXHpROC.exe
  2⤵
  PID:6664
- C:\Windows\System\TKGwGKm.exe
  C:\Windows\System\TKGwGKm.exe
  2⤵
  PID:6644
- C:\Windows\System\LJnYyAm.exe
  C:\Windows\System\LJnYyAm.exe
  2⤵
  PID:6692
- C:\Windows\System\wbXgBUF.exe
  C:\Windows\System\wbXgBUF.exe
  2⤵
  PID:6744
- C:\Windows\System\ZhZtVOf.exe
  C:\Windows\System\ZhZtVOf.exe
  2⤵
  PID:6784
- C:\Windows\System\Xagdwrt.exe
  C:\Windows\System\Xagdwrt.exe
  2⤵
  PID:6768
- C:\Windows\System\xCzyToz.exe
  C:\Windows\System\xCzyToz.exe
  2⤵
  PID:6808
- C:\Windows\System\MpauBje.exe
  C:\Windows\System\MpauBje.exe
  2⤵
  PID:6876
- C:\Windows\System\CfHvOTU.exe
  C:\Windows\System\CfHvOTU.exe
  2⤵
  PID:6892
- C:\Windows\System\hPYTWRI.exe
  C:\Windows\System\hPYTWRI.exe
  2⤵
  PID:6932
- C:\Windows\System\RBcWTZo.exe
  C:\Windows\System\RBcWTZo.exe
  2⤵
  PID:6952
- C:\Windows\System\GxrsxZR.exe
  C:\Windows\System\GxrsxZR.exe
  2⤵
  PID:6972
- C:\Windows\System\tydzamO.exe
  C:\Windows\System\tydzamO.exe
  2⤵
  PID:7016
- C:\Windows\System\kJcFFAi.exe
  C:\Windows\System\kJcFFAi.exe
  2⤵
  PID:7068
- C:\Windows\System\kZkGVwV.exe
  C:\Windows\System\kZkGVwV.exe
  2⤵
  PID:7088
- C:\Windows\System\qAaLNOT.exe
  C:\Windows\System\qAaLNOT.exe
  2⤵
  PID:7112
- C:\Windows\System\keFUMTu.exe
  C:\Windows\System\keFUMTu.exe
  2⤵
  PID:7132
- C:\Windows\System\PyegOLe.exe
  C:\Windows\System\PyegOLe.exe
  2⤵
  PID:5472
- C:\Windows\System\ofYuVWT.exe
  C:\Windows\System\ofYuVWT.exe
  2⤵
  PID:5528
- C:\Windows\System\cJoxrnd.exe
  C:\Windows\System\cJoxrnd.exe
  2⤵
  PID:5872
- C:\Windows\System\UEQRKjW.exe
  C:\Windows\System\UEQRKjW.exe
  2⤵
  PID:5812
- C:\Windows\System\qekxMco.exe
  C:\Windows\System\qekxMco.exe
  2⤵
  PID:6008
- C:\Windows\System\mueERsK.exe
  C:\Windows\System\mueERsK.exe
  2⤵
  PID:2256
- C:\Windows\System\gjoLQQd.exe
  C:\Windows\System\gjoLQQd.exe
  2⤵
  PID:5308
- C:\Windows\System\ZFAewAz.exe
  C:\Windows\System\ZFAewAz.exe
  2⤵
  PID:4924
- C:\Windows\System\bfeKoNn.exe
  C:\Windows\System\bfeKoNn.exe
  2⤵
  PID:768
- C:\Windows\System\tUUVmDG.exe
  C:\Windows\System\tUUVmDG.exe
  2⤵
  PID:6148
- C:\Windows\System\tCxsMQg.exe
  C:\Windows\System\tCxsMQg.exe
  2⤵
  PID:6292
- C:\Windows\System\OmzUudW.exe
  C:\Windows\System\OmzUudW.exe
  2⤵
  PID:884
- C:\Windows\System\PvWsDAo.exe
  C:\Windows\System\PvWsDAo.exe
  2⤵
  PID:6352
- C:\Windows\System\UZjQGld.exe
  C:\Windows\System\UZjQGld.exe
  2⤵
  PID:6492
- C:\Windows\System\SHJPVZt.exe
  C:\Windows\System\SHJPVZt.exe
  2⤵
  PID:2896
- C:\Windows\System\lWvCPEv.exe
  C:\Windows\System\lWvCPEv.exe
  2⤵
  PID:6584
- C:\Windows\System\JvfozuC.exe
  C:\Windows\System\JvfozuC.exe
  2⤵
  PID:6564
- C:\Windows\System\WZFshjx.exe
  C:\Windows\System\WZFshjx.exe
  2⤵
  PID:2392
- C:\Windows\System\jMAwWwL.exe
  C:\Windows\System\jMAwWwL.exe
  2⤵
  PID:6732
- C:\Windows\System\DxMiPsq.exe
  C:\Windows\System\DxMiPsq.exe
  2⤵
  PID:6748
- C:\Windows\System\LAikDvH.exe
  C:\Windows\System\LAikDvH.exe
  2⤵
  PID:6828
- C:\Windows\System\goQfihV.exe
  C:\Windows\System\goQfihV.exe
  2⤵
  PID:2772
- C:\Windows\System\xiZVvNt.exe
  C:\Windows\System\xiZVvNt.exe
  2⤵
  PID:6916
- C:\Windows\System\mvQJHEI.exe
  C:\Windows\System\mvQJHEI.exe
  2⤵
  PID:6912
- C:\Windows\System\wiqpEih.exe
  C:\Windows\System\wiqpEih.exe
  2⤵
  PID:6996
- C:\Windows\System\uGweLZR.exe
  C:\Windows\System\uGweLZR.exe
  2⤵
  PID:7048
- C:\Windows\System\VfcPRes.exe
  C:\Windows\System\VfcPRes.exe
  2⤵
  PID:7032
- C:\Windows\System\AMbzepX.exe
  C:\Windows\System\AMbzepX.exe
  2⤵
  PID:7096
- C:\Windows\System\rLiUWxb.exe
  C:\Windows\System\rLiUWxb.exe
  2⤵
  PID:2472
- C:\Windows\System\NCavtQU.exe
  C:\Windows\System\NCavtQU.exe
  2⤵
  PID:5752
- C:\Windows\System\ZIuDzeD.exe
  C:\Windows\System\ZIuDzeD.exe
  2⤵
  PID:5728
- C:\Windows\System\PjDiztP.exe
  C:\Windows\System\PjDiztP.exe
  2⤵
  PID:4432
- C:\Windows\System\GugYMZV.exe
  C:\Windows\System\GugYMZV.exe
  2⤵
  PID:2360
- C:\Windows\System\udjrnOl.exe
  C:\Windows\System\udjrnOl.exe
  2⤵
  PID:4576
- C:\Windows\System\FBuCBui.exe
  C:\Windows\System\FBuCBui.exe
  2⤵
  PID:6204
- C:\Windows\System\cjVOazY.exe
  C:\Windows\System\cjVOazY.exe
  2⤵
  PID:6224
- C:\Windows\System\pxzMrwq.exe
  C:\Windows\System\pxzMrwq.exe
  2⤵
  PID:6272
- C:\Windows\System\PCpQqKI.exe
  C:\Windows\System\PCpQqKI.exe
  2⤵
  PID:6532
- C:\Windows\System\sKDnVbH.exe
  C:\Windows\System\sKDnVbH.exe
  2⤵
  PID:6608
- C:\Windows\System\BIyDRvg.exe
  C:\Windows\System\BIyDRvg.exe
  2⤵
  PID:6432
- C:\Windows\System\CWzsWOG.exe
  C:\Windows\System\CWzsWOG.exe
  2⤵
  PID:6684
- C:\Windows\System\TvsoDaZ.exe
  C:\Windows\System\TvsoDaZ.exe
  2⤵
  PID:6708
- C:\Windows\System\QIyUotJ.exe
  C:\Windows\System\QIyUotJ.exe
  2⤵
  PID:2676
- C:\Windows\System\MJYSatB.exe
  C:\Windows\System\MJYSatB.exe
  2⤵
  PID:7008
- C:\Windows\System\AijrJtH.exe
  C:\Windows\System\AijrJtH.exe
  2⤵
  PID:6956
- C:\Windows\System\kEbGNJE.exe
  C:\Windows\System\kEbGNJE.exe
  2⤵
  PID:7116
- C:\Windows\System\QQVKyAT.exe
  C:\Windows\System\QQVKyAT.exe
  2⤵
  PID:5484
- C:\Windows\System\wonfhzj.exe
  C:\Windows\System\wonfhzj.exe
  2⤵
  PID:5712
- C:\Windows\System\zooXBpe.exe
  C:\Windows\System\zooXBpe.exe
  2⤵
  PID:6180
- C:\Windows\System\AzizECQ.exe
  C:\Windows\System\AzizECQ.exe
  2⤵
  PID:772
- C:\Windows\System\ekYGCwc.exe
  C:\Windows\System\ekYGCwc.exe
  2⤵
  PID:6168
- C:\Windows\System\XtaySgy.exe
  C:\Windows\System\XtaySgy.exe
  2⤵
  PID:6444
- C:\Windows\System\kbqOUhT.exe
  C:\Windows\System\kbqOUhT.exe
  2⤵
  PID:7188
- C:\Windows\System\hnuDqRn.exe
  C:\Windows\System\hnuDqRn.exe
  2⤵
  PID:7208
- C:\Windows\System\wnkLYaZ.exe
  C:\Windows\System\wnkLYaZ.exe
  2⤵
  PID:7228
- C:\Windows\System\ENjfPUc.exe
  C:\Windows\System\ENjfPUc.exe
  2⤵
  PID:7248
- C:\Windows\System\OYZcNxR.exe
  C:\Windows\System\OYZcNxR.exe
  2⤵
  PID:7268
- C:\Windows\System\saxAoDO.exe
  C:\Windows\System\saxAoDO.exe
  2⤵
  PID:7292
- C:\Windows\System\ceSxijc.exe
  C:\Windows\System\ceSxijc.exe
  2⤵
  PID:7312
- C:\Windows\System\hfBbJYW.exe
  C:\Windows\System\hfBbJYW.exe
  2⤵
  PID:7332
- C:\Windows\System\AlZdFJG.exe
  C:\Windows\System\AlZdFJG.exe
  2⤵
  PID:7352
- C:\Windows\System\IyZccxJ.exe
  C:\Windows\System\IyZccxJ.exe
  2⤵
  PID:7372
- C:\Windows\System\yeUdEhF.exe
  C:\Windows\System\yeUdEhF.exe
  2⤵
  PID:7392
- C:\Windows\System\xQbCkzK.exe
  C:\Windows\System\xQbCkzK.exe
  2⤵
  PID:7412
- C:\Windows\System\uArpZwd.exe
  C:\Windows\System\uArpZwd.exe
  2⤵
  PID:7432
- C:\Windows\System\dsTyAch.exe
  C:\Windows\System\dsTyAch.exe
  2⤵
  PID:7452
- C:\Windows\System\DICzmWJ.exe
  C:\Windows\System\DICzmWJ.exe
  2⤵
  PID:7472
- C:\Windows\System\xDiahin.exe
  C:\Windows\System\xDiahin.exe
  2⤵
  PID:7492
- C:\Windows\System\cjTbGdw.exe
  C:\Windows\System\cjTbGdw.exe
  2⤵
  PID:7512
- C:\Windows\System\bVbuuuZ.exe
  C:\Windows\System\bVbuuuZ.exe
  2⤵
  PID:7532
- C:\Windows\System\nrcbibH.exe
  C:\Windows\System\nrcbibH.exe
  2⤵
  PID:7552
- C:\Windows\System\WgNuUIC.exe
  C:\Windows\System\WgNuUIC.exe
  2⤵
  PID:7572
- C:\Windows\System\iytvuOS.exe
  C:\Windows\System\iytvuOS.exe
  2⤵
  PID:7592
- C:\Windows\System\FsWlIYu.exe
  C:\Windows\System\FsWlIYu.exe
  2⤵
  PID:7612
- C:\Windows\System\eZJRsPN.exe
  C:\Windows\System\eZJRsPN.exe
  2⤵
  PID:7632
- C:\Windows\System\fwnXyTL.exe
  C:\Windows\System\fwnXyTL.exe
  2⤵
  PID:7652
- C:\Windows\System\byClTmw.exe
  C:\Windows\System\byClTmw.exe
  2⤵
  PID:7672
- C:\Windows\System\feKTYAI.exe
  C:\Windows\System\feKTYAI.exe
  2⤵
  PID:7692
- C:\Windows\System\GXVKwoW.exe
  C:\Windows\System\GXVKwoW.exe
  2⤵
  PID:7712
- C:\Windows\System\fQyClTU.exe
  C:\Windows\System\fQyClTU.exe
  2⤵
  PID:7728
- C:\Windows\System\xRoZnmy.exe
  C:\Windows\System\xRoZnmy.exe
  2⤵
  PID:7752
- C:\Windows\System\tLKvnhS.exe
  C:\Windows\System\tLKvnhS.exe
  2⤵
  PID:7772
- C:\Windows\System\ZVkoIqV.exe
  C:\Windows\System\ZVkoIqV.exe
  2⤵
  PID:7788
- C:\Windows\System\HUqCfaS.exe
  C:\Windows\System\HUqCfaS.exe
  2⤵
  PID:7808
- C:\Windows\System\UPceNAu.exe
  C:\Windows\System\UPceNAu.exe
  2⤵
  PID:7832
- C:\Windows\System\CocfDJP.exe
  C:\Windows\System\CocfDJP.exe
  2⤵
  PID:7852
- C:\Windows\System\EoROWxH.exe
  C:\Windows\System\EoROWxH.exe
  2⤵
  PID:7872
- C:\Windows\System\DNJCMBv.exe
  C:\Windows\System\DNJCMBv.exe
  2⤵
  PID:7892
- C:\Windows\System\XJLkudQ.exe
  C:\Windows\System\XJLkudQ.exe
  2⤵
  PID:7912
- C:\Windows\System\OcYitPE.exe
  C:\Windows\System\OcYitPE.exe
  2⤵
  PID:7932
- C:\Windows\System\ViQndwh.exe
  C:\Windows\System\ViQndwh.exe
  2⤵
  PID:7952
- C:\Windows\System\sdpkhYX.exe
  C:\Windows\System\sdpkhYX.exe
  2⤵
  PID:7972
- C:\Windows\System\GfhtdbJ.exe
  C:\Windows\System\GfhtdbJ.exe
  2⤵
  PID:7992
- C:\Windows\System\IVplJus.exe
  C:\Windows\System\IVplJus.exe
  2⤵
  PID:8012
- C:\Windows\System\CJbXUvl.exe
  C:\Windows\System\CJbXUvl.exe
  2⤵
  PID:8032
- C:\Windows\System\hXwiYRT.exe
  C:\Windows\System\hXwiYRT.exe
  2⤵
  PID:8052
- C:\Windows\System\JsbHvLj.exe
  C:\Windows\System\JsbHvLj.exe
  2⤵
  PID:8072
- C:\Windows\System\amPfnlK.exe
  C:\Windows\System\amPfnlK.exe
  2⤵
  PID:8092
- C:\Windows\System\DYntVLZ.exe
  C:\Windows\System\DYntVLZ.exe
  2⤵
  PID:8112
- C:\Windows\System\eEguAWH.exe
  C:\Windows\System\eEguAWH.exe
  2⤵
  PID:8132
- C:\Windows\System\wwycHDS.exe
  C:\Windows\System\wwycHDS.exe
  2⤵
  PID:8152
- C:\Windows\System\DsqFBjE.exe
  C:\Windows\System\DsqFBjE.exe
  2⤵
  PID:8172
- C:\Windows\System\eFMPTyj.exe
  C:\Windows\System\eFMPTyj.exe
  2⤵
  PID:6392
- C:\Windows\System\EzNvVzY.exe
  C:\Windows\System\EzNvVzY.exe
  2⤵
  PID:6660
- C:\Windows\System\jrigAaS.exe
  C:\Windows\System\jrigAaS.exe
  2⤵
  PID:6712
- C:\Windows\System\YNpuQGl.exe
  C:\Windows\System\YNpuQGl.exe
  2⤵
  PID:6888
- C:\Windows\System\uVLNPzL.exe
  C:\Windows\System\uVLNPzL.exe
  2⤵
  PID:1816
- C:\Windows\System\JbmLmsV.exe
  C:\Windows\System\JbmLmsV.exe
  2⤵
  PID:5572
- C:\Windows\System\zYIUeIZ.exe
  C:\Windows\System\zYIUeIZ.exe
  2⤵
  PID:2224
- C:\Windows\System\GNhKUNP.exe
  C:\Windows\System\GNhKUNP.exe
  2⤵
  PID:6160
- C:\Windows\System\UOZWflc.exe
  C:\Windows\System\UOZWflc.exe
  2⤵
  PID:6404
- C:\Windows\System\HIxtFER.exe
  C:\Windows\System\HIxtFER.exe
  2⤵
  PID:7180
- C:\Windows\System\HzXVVDa.exe
  C:\Windows\System\HzXVVDa.exe
  2⤵
  PID:7224
- C:\Windows\System\uVUeukH.exe
  C:\Windows\System\uVUeukH.exe
  2⤵
  PID:7240
- C:\Windows\System\InrXBKi.exe
  C:\Windows\System\InrXBKi.exe
  2⤵
  PID:7260
- C:\Windows\System\WPgwIuc.exe
  C:\Windows\System\WPgwIuc.exe
  2⤵
  PID:7308
- C:\Windows\System\jnLywhP.exe
  C:\Windows\System\jnLywhP.exe
  2⤵
  PID:7344
- C:\Windows\System\AJbbidj.exe
  C:\Windows\System\AJbbidj.exe
  2⤵
  PID:7408
- C:\Windows\System\adNkSaW.exe
  C:\Windows\System\adNkSaW.exe
  2⤵
  PID:7448
- C:\Windows\System\AOqYAWk.exe
  C:\Windows\System\AOqYAWk.exe
  2⤵
  PID:7480
- C:\Windows\System\rRXuvUF.exe
  C:\Windows\System\rRXuvUF.exe
  2⤵
  PID:7468
- C:\Windows\System\ItIKAjx.exe
  C:\Windows\System\ItIKAjx.exe
  2⤵
  PID:7508
- C:\Windows\System\akGEuky.exe
  C:\Windows\System\akGEuky.exe
  2⤵
  PID:7568
- C:\Windows\System\RxqVURJ.exe
  C:\Windows\System\RxqVURJ.exe
  2⤵
  PID:7600
- C:\Windows\System\NkZagfu.exe
  C:\Windows\System\NkZagfu.exe
  2⤵
  PID:7584
- C:\Windows\System\jFLTUsQ.exe
  C:\Windows\System\jFLTUsQ.exe
  2⤵
  PID:7624
- C:\Windows\System\kAYAfkL.exe
  C:\Windows\System\kAYAfkL.exe
  2⤵
  PID:7684
- C:\Windows\System\neogUFP.exe
  C:\Windows\System\neogUFP.exe
  2⤵
  PID:7708
- C:\Windows\System\dvsIFIL.exe
  C:\Windows\System\dvsIFIL.exe
  2⤵
  PID:7768
- C:\Windows\System\cstuLsc.exe
  C:\Windows\System\cstuLsc.exe
  2⤵
  PID:7740
- C:\Windows\System\azooCdf.exe
  C:\Windows\System\azooCdf.exe
  2⤵
  PID:7784
- C:\Windows\System\lihmRVT.exe
  C:\Windows\System\lihmRVT.exe
  2⤵
  PID:7844
- C:\Windows\System\MjECwLg.exe
  C:\Windows\System\MjECwLg.exe
  2⤵
  PID:544
- C:\Windows\System\dNsqNSy.exe
  C:\Windows\System\dNsqNSy.exe
  2⤵
  PID:7920
- C:\Windows\System\vFzHTSW.exe
  C:\Windows\System\vFzHTSW.exe
  2⤵
  PID:7960
- C:\Windows\System\gaedYBI.exe
  C:\Windows\System\gaedYBI.exe
  2⤵
  PID:2920
- C:\Windows\System\QRvumOb.exe
  C:\Windows\System\QRvumOb.exe
  2⤵
  PID:7980
- C:\Windows\System\eTuxyqy.exe
  C:\Windows\System\eTuxyqy.exe
  2⤵
  PID:8028
- C:\Windows\System\RZOtKhc.exe
  C:\Windows\System\RZOtKhc.exe
  2⤵
  PID:8088
- C:\Windows\System\njkNnkm.exe
  C:\Windows\System\njkNnkm.exe
  2⤵
  PID:8128
- C:\Windows\System\BQVvsZQ.exe
  C:\Windows\System\BQVvsZQ.exe
  2⤵
  PID:8140
- C:\Windows\System\RteEoFu.exe
  C:\Windows\System\RteEoFu.exe
  2⤵
  PID:8144
- C:\Windows\System\nfUwfAT.exe
  C:\Windows\System\nfUwfAT.exe
  2⤵
  PID:8188
- C:\Windows\System\zGPKWDm.exe
  C:\Windows\System\zGPKWDm.exe
  2⤵
  PID:7136
- C:\Windows\System\lpSYkWB.exe
  C:\Windows\System\lpSYkWB.exe
  2⤵
  PID:6804
- C:\Windows\System\DIVtlgP.exe
  C:\Windows\System\DIVtlgP.exe
  2⤵
  PID:5992
- C:\Windows\System\yswVvqC.exe
  C:\Windows\System\yswVvqC.exe
  2⤵
  PID:2488
- C:\Windows\System\jIsMEkZ.exe
  C:\Windows\System\jIsMEkZ.exe
  2⤵
  PID:7244
- C:\Windows\System\MJIxryO.exe
  C:\Windows\System\MJIxryO.exe
  2⤵
  PID:7200
- C:\Windows\System\XwRKbMU.exe
  C:\Windows\System\XwRKbMU.exe
  2⤵
  PID:7264
- C:\Windows\System\hBrvYae.exe
  C:\Windows\System\hBrvYae.exe
  2⤵
  PID:7428
- C:\Windows\System\pFRmgoN.exe
  C:\Windows\System\pFRmgoN.exe
  2⤵
  PID:7328
- C:\Windows\System\ZQtaTYZ.exe
  C:\Windows\System\ZQtaTYZ.exe
  2⤵
  PID:7500
- C:\Windows\System\bFPufhP.exe
  C:\Windows\System\bFPufhP.exe
  2⤵
  PID:7460
- C:\Windows\System\cbApsow.exe
  C:\Windows\System\cbApsow.exe
  2⤵
  PID:7628
- C:\Windows\System\DPUPCjF.exe
  C:\Windows\System\DPUPCjF.exe
  2⤵
  PID:7604
- C:\Windows\System\maitwdk.exe
  C:\Windows\System\maitwdk.exe
  2⤵
  PID:7720
- C:\Windows\System\HIFxqQe.exe
  C:\Windows\System\HIFxqQe.exe
  2⤵
  PID:7668
- C:\Windows\System\FAjfJRj.exe
  C:\Windows\System\FAjfJRj.exe
  2⤵
  PID:7760
- C:\Windows\System\wCZGKBJ.exe
  C:\Windows\System\wCZGKBJ.exe
  2⤵
  PID:7828
- C:\Windows\System\UjGPkJp.exe
  C:\Windows\System\UjGPkJp.exe
  2⤵
  PID:7840
- C:\Windows\System\ryCjZJb.exe
  C:\Windows\System\ryCjZJb.exe
  2⤵
  PID:7948
- C:\Windows\System\OhjbuPv.exe
  C:\Windows\System\OhjbuPv.exe
  2⤵
  PID:7908
- C:\Windows\System\MSfJosr.exe
  C:\Windows\System\MSfJosr.exe
  2⤵
  PID:8040
- C:\Windows\System\JdTVLzj.exe
  C:\Windows\System\JdTVLzj.exe
  2⤵
  PID:8064
- C:\Windows\System\CLQsTzT.exe
  C:\Windows\System\CLQsTzT.exe
  2⤵
  PID:8148
- C:\Windows\System\tvAnUCY.exe
  C:\Windows\System\tvAnUCY.exe
  2⤵
  PID:6428
- C:\Windows\System\tkHOMph.exe
  C:\Windows\System\tkHOMph.exe
  2⤵
  PID:6628
- C:\Windows\System\TJVTWax.exe
  C:\Windows\System\TJVTWax.exe
  2⤵
  PID:6408
- C:\Windows\System\bSkUYWR.exe
  C:\Windows\System\bSkUYWR.exe
  2⤵
  PID:7320
- C:\Windows\System\QssPQtA.exe
  C:\Windows\System\QssPQtA.exe
  2⤵
  PID:7028
- C:\Windows\System\RbhasPk.exe
  C:\Windows\System\RbhasPk.exe
  2⤵
  PID:7380
- C:\Windows\System\PyduZvn.exe
  C:\Windows\System\PyduZvn.exe
  2⤵
  PID:7400
- C:\Windows\System\owPggcY.exe
  C:\Windows\System\owPggcY.exe
  2⤵
  PID:7560
- C:\Windows\System\PvjPXIe.exe
  C:\Windows\System\PvjPXIe.exe
  2⤵
  PID:7660
- C:\Windows\System\zvpccLU.exe
  C:\Windows\System\zvpccLU.exe
  2⤵
  PID:1964
- C:\Windows\System\HYfRfUs.exe
  C:\Windows\System\HYfRfUs.exe
  2⤵
  PID:2924
- C:\Windows\System\SddNsMK.exe
  C:\Windows\System\SddNsMK.exe
  2⤵
  PID:7804
- C:\Windows\System\BWZKqkC.exe
  C:\Windows\System\BWZKqkC.exe
  2⤵
  PID:7800
- C:\Windows\System\cdqxETV.exe
  C:\Windows\System\cdqxETV.exe
  2⤵
  PID:8020
- C:\Windows\System\XvTTUxv.exe
  C:\Windows\System\XvTTUxv.exe
  2⤵
  PID:6792
- C:\Windows\System\XZUAwDx.exe
  C:\Windows\System\XZUAwDx.exe
  2⤵
  PID:7092
- C:\Windows\System\JKRlkkD.exe
  C:\Windows\System\JKRlkkD.exe
  2⤵
  PID:8068
- C:\Windows\System\FWzhdlu.exe
  C:\Windows\System\FWzhdlu.exe
  2⤵
  PID:7184
- C:\Windows\System\bLtHOqY.exe
  C:\Windows\System\bLtHOqY.exe
  2⤵
  PID:3768
- C:\Windows\System\KwqokwQ.exe
  C:\Windows\System\KwqokwQ.exe
  2⤵
  PID:7276
- C:\Windows\System\ArHmHoK.exe
  C:\Windows\System\ArHmHoK.exe
  2⤵
  PID:7524
- C:\Windows\System\ogTemmq.exe
  C:\Windows\System\ogTemmq.exe
  2⤵
  PID:2272
- C:\Windows\System\MrXPvxj.exe
  C:\Windows\System\MrXPvxj.exe
  2⤵
  PID:8204
- C:\Windows\System\mBFUSbW.exe
  C:\Windows\System\mBFUSbW.exe
  2⤵
  PID:8224
- C:\Windows\System\QNHSZZW.exe
  C:\Windows\System\QNHSZZW.exe
  2⤵
  PID:8244
- C:\Windows\System\jzzHnQJ.exe
  C:\Windows\System\jzzHnQJ.exe
  2⤵
  PID:8268
- C:\Windows\System\omWGaXo.exe
  C:\Windows\System\omWGaXo.exe
  2⤵
  PID:8284
- C:\Windows\System\wMFyJxI.exe
  C:\Windows\System\wMFyJxI.exe
  2⤵
  PID:8308
- C:\Windows\System\cozWgCU.exe
  C:\Windows\System\cozWgCU.exe
  2⤵
  PID:8324
- C:\Windows\System\FblPQqp.exe
  C:\Windows\System\FblPQqp.exe
  2⤵
  PID:8348
- C:\Windows\System\iqRVSRx.exe
  C:\Windows\System\iqRVSRx.exe
  2⤵
  PID:8368
- C:\Windows\System\abCIlSa.exe
  C:\Windows\System\abCIlSa.exe
  2⤵
  PID:8388
- C:\Windows\System\NKsEobF.exe
  C:\Windows\System\NKsEobF.exe
  2⤵
  PID:8408
- C:\Windows\System\ATtFXcc.exe
  C:\Windows\System\ATtFXcc.exe
  2⤵
  PID:8428
- C:\Windows\System\LyDvolE.exe
  C:\Windows\System\LyDvolE.exe
  2⤵
  PID:8448
- C:\Windows\System\eutqQOK.exe
  C:\Windows\System\eutqQOK.exe
  2⤵
  PID:8468
- C:\Windows\System\FScDVKu.exe
  C:\Windows\System\FScDVKu.exe
  2⤵
  PID:8484
- C:\Windows\System\DoGFyMB.exe
  C:\Windows\System\DoGFyMB.exe
  2⤵
  PID:8508
- C:\Windows\System\tijFrRd.exe
  C:\Windows\System\tijFrRd.exe
  2⤵
  PID:8524
- C:\Windows\System\LwLbFua.exe
  C:\Windows\System\LwLbFua.exe
  2⤵
  PID:8540
- C:\Windows\System\GCemZtl.exe
  C:\Windows\System\GCemZtl.exe
  2⤵
  PID:8556
- C:\Windows\System\AjDbnAp.exe
  C:\Windows\System\AjDbnAp.exe
  2⤵
  PID:8572
- C:\Windows\System\kmYhrNK.exe
  C:\Windows\System\kmYhrNK.exe
  2⤵
  PID:8588
- C:\Windows\System\lITkfYl.exe
  C:\Windows\System\lITkfYl.exe
  2⤵
  PID:8604
- C:\Windows\System\DRqJhpe.exe
  C:\Windows\System\DRqJhpe.exe
  2⤵
  PID:8620
- C:\Windows\System\nmjQjAb.exe
  C:\Windows\System\nmjQjAb.exe
  2⤵
  PID:8636
- C:\Windows\System\Uhrswpe.exe
  C:\Windows\System\Uhrswpe.exe
  2⤵
  PID:8652
- C:\Windows\System\oKeaTmv.exe
  C:\Windows\System\oKeaTmv.exe
  2⤵
  PID:8668
- C:\Windows\System\PujAWgZ.exe
  C:\Windows\System\PujAWgZ.exe
  2⤵
  PID:8732
- C:\Windows\System\lZUzJLR.exe
  C:\Windows\System\lZUzJLR.exe
  2⤵
  PID:8760
- C:\Windows\System\HJjitCR.exe
  C:\Windows\System\HJjitCR.exe
  2⤵
  PID:8776
- C:\Windows\System\GaxfJVa.exe
  C:\Windows\System\GaxfJVa.exe
  2⤵
  PID:8792
- C:\Windows\System\MwxyIER.exe
  C:\Windows\System\MwxyIER.exe
  2⤵
  PID:8808
- C:\Windows\System\SLsNwtS.exe
  C:\Windows\System\SLsNwtS.exe
  2⤵
  PID:8824
- C:\Windows\System\gAZmXwz.exe
  C:\Windows\System\gAZmXwz.exe
  2⤵
  PID:8840
- C:\Windows\System\WJiwsAX.exe
  C:\Windows\System\WJiwsAX.exe
  2⤵
  PID:8860
- C:\Windows\System\RqxghhC.exe
  C:\Windows\System\RqxghhC.exe
  2⤵
  PID:8876
- C:\Windows\System\UFnfLLi.exe
  C:\Windows\System\UFnfLLi.exe
  2⤵
  PID:8892
- C:\Windows\System\qgLlrhZ.exe
  C:\Windows\System\qgLlrhZ.exe
  2⤵
  PID:8908
- C:\Windows\System\GVorknd.exe
  C:\Windows\System\GVorknd.exe
  2⤵
  PID:8924
- C:\Windows\System\MCNqFqL.exe
  C:\Windows\System\MCNqFqL.exe
  2⤵
  PID:8940
- C:\Windows\System\iuPlhhr.exe
  C:\Windows\System\iuPlhhr.exe
  2⤵
  PID:8988
- C:\Windows\System\TGeWmhc.exe
  C:\Windows\System\TGeWmhc.exe
  2⤵
  PID:9004
- C:\Windows\System\ZXrpuqk.exe
  C:\Windows\System\ZXrpuqk.exe
  2⤵
  PID:9020
- C:\Windows\System\SwysAsx.exe
  C:\Windows\System\SwysAsx.exe
  2⤵
  PID:9036
- C:\Windows\System\wJTyzgL.exe
  C:\Windows\System\wJTyzgL.exe
  2⤵
  PID:9056
- C:\Windows\System\TYFPqkr.exe
  C:\Windows\System\TYFPqkr.exe
  2⤵
  PID:9072
- C:\Windows\System\rmPyjsl.exe
  C:\Windows\System\rmPyjsl.exe
  2⤵
  PID:9148
- C:\Windows\System\VsqhaRX.exe
  C:\Windows\System\VsqhaRX.exe
  2⤵
  PID:9164
- C:\Windows\System\lkBvYxx.exe
  C:\Windows\System\lkBvYxx.exe
  2⤵
  PID:9180
- C:\Windows\System\ajkotcS.exe
  C:\Windows\System\ajkotcS.exe
  2⤵
  PID:9196
- C:\Windows\System\dsSAOaH.exe
  C:\Windows\System\dsSAOaH.exe
  2⤵
  PID:9212
- C:\Windows\System\aLULPoY.exe
  C:\Windows\System\aLULPoY.exe
  2⤵
  PID:7984
- C:\Windows\System\ttNyPjD.exe
  C:\Windows\System\ttNyPjD.exe
  2⤵
  PID:6528
- C:\Windows\System\yhcLHYB.exe
  C:\Windows\System\yhcLHYB.exe
  2⤵
  PID:6668
- C:\Windows\System\IBQAVxK.exe
  C:\Windows\System\IBQAVxK.exe
  2⤵
  PID:8084
- C:\Windows\System\qzpboZZ.exe
  C:\Windows\System\qzpboZZ.exe
  2⤵
  PID:8212
- C:\Windows\System\xVtkRrs.exe
  C:\Windows\System\xVtkRrs.exe
  2⤵
  PID:8220
- C:\Windows\System\wVRcDzr.exe
  C:\Windows\System\wVRcDzr.exe
  2⤵
  PID:8264
- C:\Windows\System\WhRYYxy.exe
  C:\Windows\System\WhRYYxy.exe
  2⤵
  PID:8232
- C:\Windows\System\PdvyGng.exe
  C:\Windows\System\PdvyGng.exe
  2⤵
  PID:8292
- C:\Windows\System\QarGBSf.exe
  C:\Windows\System\QarGBSf.exe
  2⤵
  PID:8276
- C:\Windows\System\rHYCLwt.exe
  C:\Windows\System\rHYCLwt.exe
  2⤵
  PID:8320
- C:\Windows\System\aqfufTo.exe
  C:\Windows\System\aqfufTo.exe
  2⤵
  PID:8364
- C:\Windows\System\JbcKyAN.exe
  C:\Windows\System\JbcKyAN.exe
  2⤵
  PID:8436
- C:\Windows\System\jUpIdBm.exe
  C:\Windows\System\jUpIdBm.exe
  2⤵
  PID:1732
- C:\Windows\System\BskYFWA.exe
  C:\Windows\System\BskYFWA.exe
  2⤵
  PID:8496
- C:\Windows\System\QDUQBhW.exe
  C:\Windows\System\QDUQBhW.exe
  2⤵
  PID:2596
- C:\Windows\System\RBhNjbh.exe
  C:\Windows\System\RBhNjbh.exe
  2⤵
  PID:8532
- C:\Windows\System\YkJBKwb.exe
  C:\Windows\System\YkJBKwb.exe
  2⤵
  PID:8564
- C:\Windows\System\KfpxpZD.exe
  C:\Windows\System\KfpxpZD.exe
  2⤵
  PID:8596
- C:\Windows\System\qSXmszg.exe
  C:\Windows\System\qSXmszg.exe
  2⤵
  PID:8628
- C:\Windows\System\WKnTArg.exe
  C:\Windows\System\WKnTArg.exe
  2⤵
  PID:8692
- C:\Windows\System\sdVfEHR.exe
  C:\Windows\System\sdVfEHR.exe
  2⤵
  PID:8708
- C:\Windows\System\JMobDNj.exe
  C:\Windows\System\JMobDNj.exe
  2⤵
  PID:800
- C:\Windows\System\WNBQjUU.exe
  C:\Windows\System\WNBQjUU.exe
  2⤵
  PID:2836
- C:\Windows\System\tbnYppV.exe
  C:\Windows\System\tbnYppV.exe
  2⤵
  PID:1976
- C:\Windows\System\lzKdmbc.exe
  C:\Windows\System\lzKdmbc.exe
  2⤵
  PID:1984
- C:\Windows\System\MobLzDu.exe
  C:\Windows\System\MobLzDu.exe
  2⤵
  PID:2116
- C:\Windows\System\HwWORez.exe
  C:\Windows\System\HwWORez.exe
  2⤵
  PID:2216
- C:\Windows\System\wQTfaqH.exe
  C:\Windows\System\wQTfaqH.exe
  2⤵
  PID:1072
- C:\Windows\System\jlsTGUF.exe
  C:\Windows\System\jlsTGUF.exe
  2⤵
  PID:668
- C:\Windows\System\CCMbbHz.exe
  C:\Windows\System\CCMbbHz.exe
  2⤵
  PID:2152
- C:\Windows\System\wcUkYCF.exe
  C:\Windows\System\wcUkYCF.exe
  2⤵
  PID:1456
- C:\Windows\System\rfyJjDQ.exe
  C:\Windows\System\rfyJjDQ.exe
  2⤵
  PID:8788
- C:\Windows\System\PbGPoro.exe
  C:\Windows\System\PbGPoro.exe
  2⤵
  PID:8820
- C:\Windows\System\UZvUDiW.exe
  C:\Windows\System\UZvUDiW.exe
  2⤵
  PID:8884
- C:\Windows\System\yQfsUpn.exe
  C:\Windows\System\yQfsUpn.exe
  2⤵
  PID:8920
- C:\Windows\System\kSHoovk.exe
  C:\Windows\System\kSHoovk.exe
  2⤵
  PID:8980
- C:\Windows\System\OAaOXDP.exe
  C:\Windows\System\OAaOXDP.exe
  2⤵
  PID:9000
- C:\Windows\System\bJFjBpH.exe
  C:\Windows\System\bJFjBpH.exe
  2⤵
  PID:9052
- C:\Windows\System\JhoFqQd.exe
  C:\Windows\System\JhoFqQd.exe
  2⤵
  PID:9088
- C:\Windows\System\rZTGfbZ.exe
  C:\Windows\System\rZTGfbZ.exe
  2⤵
  PID:9104
- C:\Windows\System\DYxcRAd.exe
  C:\Windows\System\DYxcRAd.exe
  2⤵
  PID:9120
- C:\Windows\System\VsPwsPg.exe
  C:\Windows\System\VsPwsPg.exe
  2⤵
  PID:9144
- C:\Windows\System\SBdDSya.exe
  C:\Windows\System\SBdDSya.exe
  2⤵
  PID:2820
- C:\Windows\System\LrDtlbG.exe
  C:\Windows\System\LrDtlbG.exe
  2⤵
  PID:9160
- C:\Windows\System\dUMcwil.exe
  C:\Windows\System\dUMcwil.exe
  2⤵
  PID:9188
- C:\Windows\System\rFrnJVe.exe
  C:\Windows\System\rFrnJVe.exe
  2⤵
  PID:9204
- C:\Windows\System\onztxon.exe
  C:\Windows\System\onztxon.exe
  2⤵
  PID:7940
- C:\Windows\System\zcKIIFK.exe
  C:\Windows\System\zcKIIFK.exe
  2⤵
  PID:8104
- C:\Windows\System\KzcHLpV.exe
  C:\Windows\System\KzcHLpV.exe
  2⤵
  PID:1828
- C:\Windows\System\oNgeCNb.exe
  C:\Windows\System\oNgeCNb.exe
  2⤵
  PID:988
- C:\Windows\System\DHcrKCM.exe
  C:\Windows\System\DHcrKCM.exe
  2⤵
  PID:7688
- C:\Windows\System\Ksmshwa.exe
  C:\Windows\System\Ksmshwa.exe
  2⤵
  PID:8252
- C:\Windows\System\zisksBQ.exe
  C:\Windows\System\zisksBQ.exe
  2⤵
  PID:8356
- C:\Windows\System\HKoSVrG.exe
  C:\Windows\System\HKoSVrG.exe
  2⤵
  PID:8340
- C:\Windows\System\HMSonEb.exe
  C:\Windows\System\HMSonEb.exe
  2⤵
  PID:8360
- C:\Windows\System\MIfYBqn.exe
  C:\Windows\System\MIfYBqn.exe
  2⤵
  PID:8424
- C:\Windows\System\MRSKOYZ.exe
  C:\Windows\System\MRSKOYZ.exe
  2⤵
  PID:8660
- C:\Windows\System\PllqoWL.exe
  C:\Windows\System\PllqoWL.exe
  2⤵
  PID:8676
- C:\Windows\System\tWTZWjX.exe
  C:\Windows\System\tWTZWjX.exe
  2⤵
  PID:3356
- C:\Windows\System\acxIKVx.exe
  C:\Windows\System\acxIKVx.exe
  2⤵
  PID:8716
- C:\Windows\System\ZuqylWN.exe
  C:\Windows\System\ZuqylWN.exe
  2⤵
  PID:8704
- C:\Windows\System\VnyKoSu.exe
  C:\Windows\System\VnyKoSu.exe
  2⤵
  PID:1648
- C:\Windows\System\HhxfSwq.exe
  C:\Windows\System\HhxfSwq.exe
  2⤵
  PID:956
- C:\Windows\System\wKkkPtn.exe
  C:\Windows\System\wKkkPtn.exe
  2⤵
  PID:2240
- C:\Windows\System\NzDNCIe.exe
  C:\Windows\System\NzDNCIe.exe
  2⤵
  PID:8728
- C:\Windows\System\lkhHgks.exe
  C:\Windows\System\lkhHgks.exe
  2⤵
  PID:1076
- C:\Windows\System\roCDieD.exe
  C:\Windows\System\roCDieD.exe
  2⤵
  PID:8832
- C:\Windows\System\mhNyopH.exe
  C:\Windows\System\mhNyopH.exe
  2⤵
  PID:8784
- C:\Windows\System\aqRFkCh.exe
  C:\Windows\System\aqRFkCh.exe
  2⤵
  PID:8816
- C:\Windows\System\ATGceuY.exe
  C:\Windows\System\ATGceuY.exe
  2⤵
  PID:8400
- C:\Windows\System\wqMWZit.exe
  C:\Windows\System\wqMWZit.exe
  2⤵
  PID:8888
- C:\Windows\System\uoIXfej.exe
  C:\Windows\System\uoIXfej.exe
  2⤵
  PID:9044
- C:\Windows\System\xJqiUzm.exe
  C:\Windows\System\xJqiUzm.exe
  2⤵
  PID:9096
- C:\Windows\System\vDTzNcx.exe
  C:\Windows\System\vDTzNcx.exe
  2⤵
  PID:9136
- C:\Windows\System\fnutieh.exe
  C:\Windows\System\fnutieh.exe
  2⤵
  PID:7520
- C:\Windows\System\BMKruTv.exe
  C:\Windows\System\BMKruTv.exe
  2⤵
  PID:9116
- C:\Windows\System\dicdVcF.exe
  C:\Windows\System\dicdVcF.exe
  2⤵
  PID:8256
- C:\Windows\System\zJvNTDK.exe
  C:\Windows\System\zJvNTDK.exe
  2⤵
  PID:7820
- C:\Windows\System\iBwuevt.exe
  C:\Windows\System\iBwuevt.exe
  2⤵
  PID:8500
- C:\Windows\System\EMBPsCN.exe
  C:\Windows\System\EMBPsCN.exe
  2⤵
  PID:8476
- C:\Windows\System\rvCgkKB.exe
  C:\Windows\System\rvCgkKB.exe
  2⤵
  PID:8612
- C:\Windows\System\wFgLGSp.exe
  C:\Windows\System\wFgLGSp.exe
  2⤵
  PID:8680
- C:\Windows\System\akdCFep.exe
  C:\Windows\System\akdCFep.exe
  2⤵
  PID:2960
- C:\Windows\System\jVXalXq.exe
  C:\Windows\System\jVXalXq.exe
  2⤵
  PID:8748
- C:\Windows\System\TlCcBnw.exe
  C:\Windows\System\TlCcBnw.exe
  2⤵
  PID:8700
- C:\Windows\System\RmZmMSR.exe
  C:\Windows\System\RmZmMSR.exe
  2⤵
  PID:2808
- C:\Windows\System\jdACCWN.exe
  C:\Windows\System\jdACCWN.exe
  2⤵
  PID:8752
- C:\Windows\System\WLCENYt.exe
  C:\Windows\System\WLCENYt.exe
  2⤵
  PID:836
- C:\Windows\System\UniJgkA.exe
  C:\Windows\System\UniJgkA.exe
  2⤵
  PID:9064
- C:\Windows\System\mjLEXRU.exe
  C:\Windows\System\mjLEXRU.exe
  2⤵
  PID:9112
- C:\Windows\System\NNOCqYN.exe
  C:\Windows\System\NNOCqYN.exe
  2⤵
  PID:576
- C:\Windows\System\uQCKRqK.exe
  C:\Windows\System\uQCKRqK.exe
  2⤵
  PID:7824
- C:\Windows\System\mkDzgOB.exe
  C:\Windows\System\mkDzgOB.exe
  2⤵
  PID:8976
- C:\Windows\System\ctPNShh.exe
  C:\Windows\System\ctPNShh.exe
  2⤵
  PID:8440
- C:\Windows\System\dSOcVxK.exe
  C:\Windows\System\dSOcVxK.exe
  2⤵
  PID:8616
- C:\Windows\System\dkdwwLb.exe
  C:\Windows\System\dkdwwLb.exe
  2⤵
  PID:1108
- C:\Windows\System\jOHYIqg.exe
  C:\Windows\System\jOHYIqg.exe
  2⤵
  PID:8872
- C:\Windows\System\mQCJKzp.exe
  C:\Windows\System\mQCJKzp.exe
  2⤵
  PID:8200
- C:\Windows\System\IqKLEIG.exe
  C:\Windows\System\IqKLEIG.exe
  2⤵
  PID:8664
- C:\Windows\System\hYKchhB.exe
  C:\Windows\System\hYKchhB.exe
  2⤵
  PID:9192
- C:\Windows\System\JLaGZGy.exe
  C:\Windows\System\JLaGZGy.exe
  2⤵
  PID:8968
- C:\Windows\System\LgBZuys.exe
  C:\Windows\System\LgBZuys.exe
  2⤵
  PID:8376
- C:\Windows\System\ZJfqilq.exe
  C:\Windows\System\ZJfqilq.exe
  2⤵
  PID:8196
- C:\Windows\System\hDVrMAe.exe
  C:\Windows\System\hDVrMAe.exe
  2⤵
  PID:8568
- C:\Windows\System\mbJRYqe.exe
  C:\Windows\System\mbJRYqe.exe
  2⤵
  PID:8600
- C:\Windows\System\XLSYpvN.exe
  C:\Windows\System\XLSYpvN.exe
  2⤵
  PID:8852
- C:\Windows\System\IMPYjzX.exe
  C:\Windows\System\IMPYjzX.exe
  2⤵
  PID:9208
- C:\Windows\System\dfZxEyN.exe
  C:\Windows\System\dfZxEyN.exe
  2⤵
  PID:9172
- C:\Windows\System\nSpGJWz.exe
  C:\Windows\System\nSpGJWz.exe
  2⤵
  PID:2588
- C:\Windows\System\MtENbTD.exe
  C:\Windows\System\MtENbTD.exe
  2⤵
  PID:8480
- C:\Windows\System\CtFonCF.exe
  C:\Windows\System\CtFonCF.exe
  2⤵
  PID:8972
- C:\Windows\System\fMeNwXT.exe
  C:\Windows\System\fMeNwXT.exe
  2⤵
  PID:8492
- C:\Windows\System\OwYoshU.exe
  C:\Windows\System\OwYoshU.exe
  2⤵
  PID:9228
- C:\Windows\System\GcdQEIt.exe
  C:\Windows\System\GcdQEIt.exe
  2⤵
  PID:9288
- C:\Windows\System\qszPPNz.exe
  C:\Windows\System\qszPPNz.exe
  2⤵
  PID:9316
- C:\Windows\System\bENMHeE.exe
  C:\Windows\System\bENMHeE.exe
  2⤵
  PID:9332
- C:\Windows\System\wQtoEsV.exe
  C:\Windows\System\wQtoEsV.exe
  2⤵
  PID:9352
- C:\Windows\System\UQFjAjF.exe
  C:\Windows\System\UQFjAjF.exe
  2⤵
  PID:9392
- C:\Windows\System\BuRehuq.exe
  C:\Windows\System\BuRehuq.exe
  2⤵
  PID:9408
- C:\Windows\System\ArTNhGm.exe
  C:\Windows\System\ArTNhGm.exe
  2⤵
  PID:9428
- C:\Windows\System\SgbShOE.exe
  C:\Windows\System\SgbShOE.exe
  2⤵
  PID:9448
- C:\Windows\System\GmmyQba.exe
  C:\Windows\System\GmmyQba.exe
  2⤵
  PID:9468
- C:\Windows\System\sgXnpHh.exe
  C:\Windows\System\sgXnpHh.exe
  2⤵
  PID:9488
- C:\Windows\System\Ofdlwkq.exe
  C:\Windows\System\Ofdlwkq.exe
  2⤵
  PID:9512
- C:\Windows\System\gpzzMxE.exe
  C:\Windows\System\gpzzMxE.exe
  2⤵
  PID:9528
- C:\Windows\System\TWiYvtr.exe
  C:\Windows\System\TWiYvtr.exe
  2⤵
  PID:9552
- C:\Windows\System\HfdjvED.exe
  C:\Windows\System\HfdjvED.exe
  2⤵
  PID:9568
- C:\Windows\System\nZaFKzH.exe
  C:\Windows\System\nZaFKzH.exe
  2⤵
  PID:9588
- C:\Windows\System\KkzcEeS.exe
  C:\Windows\System\KkzcEeS.exe
  2⤵
  PID:9608
- C:\Windows\System\IEzFbGi.exe
  C:\Windows\System\IEzFbGi.exe
  2⤵
  PID:9628
- C:\Windows\System\oCiXqSo.exe
  C:\Windows\System\oCiXqSo.exe
  2⤵
  PID:9652
- C:\Windows\System\HUaYBQv.exe
  C:\Windows\System\HUaYBQv.exe
  2⤵
  PID:9672
- C:\Windows\System\LMqoNkp.exe
  C:\Windows\System\LMqoNkp.exe
  2⤵
  PID:9696
- C:\Windows\System\ZvWZtem.exe
  C:\Windows\System\ZvWZtem.exe
  2⤵
  PID:9716
- C:\Windows\System\aliSQzr.exe
  C:\Windows\System\aliSQzr.exe
  2⤵
  PID:9736
- C:\Windows\System\qqvhgTO.exe
  C:\Windows\System\qqvhgTO.exe
  2⤵
  PID:9756
- C:\Windows\System\nqLbYZZ.exe
  C:\Windows\System\nqLbYZZ.exe
  2⤵
  PID:9776
- C:\Windows\System\GlEeJMM.exe
  C:\Windows\System\GlEeJMM.exe
  2⤵
  PID:9792
- C:\Windows\System\iHQAlyu.exe
  C:\Windows\System\iHQAlyu.exe
  2⤵
  PID:9816
- C:\Windows\System\OONvAsb.exe
  C:\Windows\System\OONvAsb.exe
  2⤵
  PID:9836
- C:\Windows\System\zwbscFy.exe
  C:\Windows\System\zwbscFy.exe
  2⤵
  PID:9856
- C:\Windows\System\HFlmZlN.exe
  C:\Windows\System\HFlmZlN.exe
  2⤵
  PID:9876
- C:\Windows\System\UEAalbW.exe
  C:\Windows\System\UEAalbW.exe
  2⤵
  PID:9896
- C:\Windows\System\waMmaDS.exe
  C:\Windows\System\waMmaDS.exe
  2⤵
  PID:9912
- C:\Windows\System\wVFzasV.exe
  C:\Windows\System\wVFzasV.exe
  2⤵
  PID:9932
- C:\Windows\System\VBomsWW.exe
  C:\Windows\System\VBomsWW.exe
  2⤵
  PID:9952
- C:\Windows\System\zhtHTXu.exe
  C:\Windows\System\zhtHTXu.exe
  2⤵
  PID:9972
- C:\Windows\System\MBArImn.exe
  C:\Windows\System\MBArImn.exe
  2⤵
  PID:9992
- C:\Windows\System\yhIQcyu.exe
  C:\Windows\System\yhIQcyu.exe
  2⤵
  PID:10008
- C:\Windows\System\QONhYxY.exe
  C:\Windows\System\QONhYxY.exe
  2⤵
  PID:10028
- C:\Windows\System\nCcHQjt.exe
  C:\Windows\System\nCcHQjt.exe
  2⤵
  PID:10044
- C:\Windows\System\ldHJFEO.exe
  C:\Windows\System\ldHJFEO.exe
  2⤵
  PID:10064
- C:\Windows\System\lllZviJ.exe
  C:\Windows\System\lllZviJ.exe
  2⤵
  PID:10088
- C:\Windows\System\bXBgyhU.exe
  C:\Windows\System\bXBgyhU.exe
  2⤵
  PID:10108
- C:\Windows\System\FUNrHaH.exe
  C:\Windows\System\FUNrHaH.exe
  2⤵
  PID:10124
- C:\Windows\System\hISOlww.exe
  C:\Windows\System\hISOlww.exe
  2⤵
  PID:10140
- C:\Windows\System\NbGFUMT.exe
  C:\Windows\System\NbGFUMT.exe
  2⤵
  PID:10160
- C:\Windows\System\twBcoto.exe
  C:\Windows\System\twBcoto.exe
  2⤵
  PID:10176
- C:\Windows\System\mZgdjzb.exe
  C:\Windows\System\mZgdjzb.exe
  2⤵
  PID:10196
- C:\Windows\System\ZEbPRfD.exe
  C:\Windows\System\ZEbPRfD.exe
  2⤵
  PID:10216
- C:\Windows\System\xEzhsrd.exe
  C:\Windows\System\xEzhsrd.exe
  2⤵
  PID:10232
- C:\Windows\System\tVOcBba.exe
  C:\Windows\System\tVOcBba.exe
  2⤵
  PID:8536
- C:\Windows\System\HYwGZje.exe
  C:\Windows\System\HYwGZje.exe
  2⤵
  PID:9244
- C:\Windows\System\ZspyzuY.exe
  C:\Windows\System\ZspyzuY.exe
  2⤵
  PID:9260
- C:\Windows\System\MMfoVzn.exe
  C:\Windows\System\MMfoVzn.exe
  2⤵
  PID:9272
- C:\Windows\System\lnwMmha.exe
  C:\Windows\System\lnwMmha.exe
  2⤵
  PID:9324
- C:\Windows\System\pemlHMF.exe
  C:\Windows\System\pemlHMF.exe
  2⤵
  PID:9364
- C:\Windows\System\QVphJlD.exe
  C:\Windows\System\QVphJlD.exe
  2⤵
  PID:9416
- C:\Windows\System\AgkWvBj.exe
  C:\Windows\System\AgkWvBj.exe
  2⤵
  PID:9436
- C:\Windows\System\svXCwOh.exe
  C:\Windows\System\svXCwOh.exe
  2⤵
  PID:9460
- C:\Windows\System\oOdEket.exe
  C:\Windows\System\oOdEket.exe
  2⤵
  PID:9484
- C:\Windows\System\vvsgJrq.exe
  C:\Windows\System\vvsgJrq.exe
  2⤵
  PID:9520
- C:\Windows\System\ppPuAdk.exe
  C:\Windows\System\ppPuAdk.exe
  2⤵
  PID:9560
- C:\Windows\System\rBzKRWA.exe
  C:\Windows\System\rBzKRWA.exe
  2⤵
  PID:9620
- C:\Windows\System\ndYdiIO.exe
  C:\Windows\System\ndYdiIO.exe
  2⤵
  PID:9636
- C:\Windows\System\ogwKiWY.exe
  C:\Windows\System\ogwKiWY.exe
  2⤵
  PID:9640
- C:\Windows\System\gUXZfes.exe
  C:\Windows\System\gUXZfes.exe
  2⤵
  PID:9680
- C:\Windows\System\nwkhHaR.exe
  C:\Windows\System\nwkhHaR.exe
  2⤵
  PID:9712
- C:\Windows\System\aRgkYGr.exe
  C:\Windows\System\aRgkYGr.exe
  2⤵
  PID:9728
- C:\Windows\System\QRwiniA.exe
  C:\Windows\System\QRwiniA.exe
  2⤵
  PID:9772
- C:\Windows\System\JXDnWPQ.exe
  C:\Windows\System\JXDnWPQ.exe
  2⤵
  PID:9808
- C:\Windows\System\UqZsycU.exe
  C:\Windows\System\UqZsycU.exe
  2⤵
  PID:9864
- C:\Windows\System\bhetZWP.exe
  C:\Windows\System\bhetZWP.exe
  2⤵
  PID:9884
- C:\Windows\System\eOddAzK.exe
  C:\Windows\System\eOddAzK.exe
  2⤵
  PID:9908
- C:\Windows\System\FmAGjoQ.exe
  C:\Windows\System\FmAGjoQ.exe
  2⤵
  PID:9940
- C:\Windows\System\VNEBhHz.exe
  C:\Windows\System\VNEBhHz.exe
  2⤵
  PID:9988
- C:\Windows\System\tKgKIFY.exe
  C:\Windows\System\tKgKIFY.exe
  2⤵
  PID:10052
- C:\Windows\System\WeZlTOV.exe
  C:\Windows\System\WeZlTOV.exe
  2⤵
  PID:10100
- C:\Windows\System\yKBysVp.exe
  C:\Windows\System\yKBysVp.exe
  2⤵
  PID:10172
- C:\Windows\System\ycxPyFc.exe
  C:\Windows\System\ycxPyFc.exe
  2⤵
  PID:10072
- C:\Windows\System\ATOhmIy.exe
  C:\Windows\System\ATOhmIy.exe
  2⤵
  PID:7888
- C:\Windows\System\jifZtmz.exe
  C:\Windows\System\jifZtmz.exe
  2⤵
  PID:10148
- C:\Windows\System\tjizhNz.exe
  C:\Windows\System\tjizhNz.exe
  2⤵
  PID:10120
- C:\Windows\System\GpVlUAC.exe
  C:\Windows\System\GpVlUAC.exe
  2⤵
  PID:1708
- C:\Windows\System\OjJSnqa.exe
  C:\Windows\System\OjJSnqa.exe
  2⤵
  PID:9240
- C:\Windows\System\mknHFSa.exe
  C:\Windows\System\mknHFSa.exe
  2⤵
  PID:8416
- C:\Windows\System\gfrOgRo.exe
  C:\Windows\System\gfrOgRo.exe
  2⤵
  PID:9360
- C:\Windows\System\jzYPPDF.exe
  C:\Windows\System\jzYPPDF.exe
  2⤵
  PID:9376
- C:\Windows\System\wAWowKg.exe
  C:\Windows\System\wAWowKg.exe
  2⤵
  PID:9688
- C:\Windows\System\IwlfcpZ.exe
  C:\Windows\System\IwlfcpZ.exe
  2⤵
  PID:9464
- C:\Windows\System\fvTFDhV.exe
  C:\Windows\System\fvTFDhV.exe
  2⤵
  PID:9576
- C:\Windows\System\NwowzTx.exe
  C:\Windows\System\NwowzTx.exe
  2⤵
  PID:9524
- C:\Windows\System\GnlOXsY.exe
  C:\Windows\System\GnlOXsY.exe
  2⤵
  PID:9600
- C:\Windows\System\meMVjxm.exe
  C:\Windows\System\meMVjxm.exe
  2⤵
  PID:9764
- C:\Windows\System\BTXIrqK.exe
  C:\Windows\System\BTXIrqK.exe
  2⤵
  PID:9724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AwlUBUE.exe

Filesize
6.0MB

MD5
3de61cc4895385b1ec512435be9f02fe

SHA1
bb52218d6fadcd6db56927695a91aaadc1d1fb95

SHA256
413c70e83336adad5d112f4120857a88a925a2aec9bca0f62d76d2bf79d00ba1

SHA512
d84f2912bcb36b3fdec30f964a98ef4e19a19e601c41cbfbd7d6cdcfca9e791667dbefd29113fcdaf04719b602e51cc067a32c723cc3a621e5e6af4c0841b79b

Download Submit
C:\Windows\system\BNhEyid.exe

Filesize
6.0MB

MD5
3ee395571a9797424baaf06925ab98b5

SHA1
ce0779ac03a9b87329e2567e410f625c90963195

SHA256
7cac80d5d5d52d552d34a8a7271fc8b5b4dbc7cfae4cf01486d1761f4429c8ed

SHA512
095409d234cd50408ea33e003eb71838f55e8f801750aeea6e8f677583b1708000edcf5bba6558762640956aed20a4c10651d4db91e5ea6734676b7f879d2dbb

Download Submit
C:\Windows\system\BUGDAZu.exe

Filesize
6.0MB

MD5
ede71b5a2ce43ff82da44670b735db4c

SHA1
2d9c34bc2e5955f618f088500a6d397b04a72b87

SHA256
e42a12875073c47c1b0856031cd356506ea93af524646b16fe4c02b9cebe303a

SHA512
6c91a3a415bd78d1ce2b3513ae05a3b9c14fd632f07c89e82143be16e4732167f27c44bae691f2bd7095c9018f44073ef44397746bf58e80622322e493625483

Download Submit
C:\Windows\system\CKBSQlt.exe

Filesize
6.0MB

MD5
f047ec1f31b2f0a8a15b09ce68f50169

SHA1
f183bcaab4952447108bd775790ea2f8c8b01082

SHA256
eda3ea9ebafc383ff51e19843475fc8e64c6781e038617ba9f5dcc52dabc2820

SHA512
b1a5d1fe3d00a34c681876768cc295cf212f3565734d2c4f8dcb8ad14de6e1255b4d37a0caa381aed083d71900bff068b2ecc24516f9df8598fe15d0e5bc0f8b

Download Submit
C:\Windows\system\CxfVDxC.exe

Filesize
6.0MB

MD5
f80f0f792ddfe7d42ebfbcdf9ce1e172

SHA1
5884859b92b74d1cef38891fbfe2851af6b014e2

SHA256
1e164dc78d6a8321e23403f50b18f10bd0b4d5f7d0abca281b27fd740e585418

SHA512
f257bf7cd4a376f005ce0b0e7318b5eb46370d5fd6b739e29c58d2dc8a3be4319718a9714026a01ee35bf0792ac4bac70f1753209865036b81ed9f96f79c833b

Download Submit
C:\Windows\system\GeibfjO.exe

Filesize
6.0MB

MD5
bb55a7ef798a70fd6c137a19bd217e8c

SHA1
dc1c0e41b17f92ae3b5c0909b38a0aaf6d8d5b0e

SHA256
e4546f2c0e527a3d8d80ff90eb6540fbba5827edb999d3546457cbdf008689a0

SHA512
4331e8c8a8406f47617d0894075902ce847a66413d30487c4da263c6375543e048e63335a4e279c9ca9e2ce8637a53ed5511a772249954e9229752864a53cdf0

Download Submit
C:\Windows\system\HECANzg.exe

Filesize
6.0MB

MD5
10d14cafdbec3b113b9a151d445ce659

SHA1
6efcf44087d401703f34892e9765f8af72bc76a8

SHA256
2cb4c01fa3a6c575205886587ecc90ed25e5879a36842945a4c2056e6b11472c

SHA512
af5de53e48fbf6bd0e546d24dde66364fda32206623e1ce9086f837e1911f1029f044f342e00dfbbfe44e2f386a7d681d0abb5617d0ae92954e6d0eb6330ac28

Download Submit
C:\Windows\system\IDsJunG.exe

Filesize
6.0MB

MD5
128c9ba121c37977264ab59697b6476f

SHA1
46a24637c6da859608cc92222a922bf5ce6e5723

SHA256
b8076eddfe0de932c53776c97f84a2d3e0d2238d5c2ec022034d96457f6df088

SHA512
89190d183692a6b567300c27c57d1dde51eb01862afde785892610fd84566f6d5791b0e8060d73bd1511f982ad6e2853181d16b1ed45fded59c127727b30cfad

Download Submit
C:\Windows\system\LucPvXP.exe

Filesize
6.0MB

MD5
8ba70baf477781f64d141c828a64bbfc

SHA1
a0c399187a27da0331b5b3b176b159a287db9b55

SHA256
932ecfb213e32e39a70af2cb852f01a5b179d4da90f585771bea5331b8459fea

SHA512
c63194496b58e1b94106755d633fdfef4e36dbb51d6920b493c92d45ebaeb379e9ecd0204f1b6ed37ec9fe6c99f29ad4b9be3b05d83b3e2dde8fbf2ab9a3c2dd

Download Submit
C:\Windows\system\NqWClPn.exe

Filesize
6.0MB

MD5
6e6b8b89e3444ca8a6c800fb10e9f9e3

SHA1
8d0de2288269cc9b277ffef0a1993d4f3eaf83fb

SHA256
d52200ff311d326cd0264edccd571c1e1f2b246528d0514db21145046dc18dd7

SHA512
8ed0a4833d722ee4f10030ec98713d0c92cb8eae53b1632332a68e36714d8d314e42bf9d54928b5d45c3aa811dd9b7b40ae814909b4be6d96eb7b36a9f80384a

Download Submit
C:\Windows\system\SYnDzCj.exe

Filesize
6.0MB

MD5
e6fe0a772a0bcadc1d020f6aab2851d4

SHA1
9346b8a432ab0ad91ce635e622d2fb2081dc2cc1

SHA256
b4fed06318ba60772daefffe6d8ea156f292fd115a105cafe75e9edd15b0ac99

SHA512
32300dce9aab679706b6456041d7fb2b24083c30b70c0a7f3cb70ccfd17da8eb1806bca3e395a77685fab52f57daef4dee77355da2742c9081502766befeb301

Download Submit
C:\Windows\system\TzDynyv.exe

Filesize
6.0MB

MD5
ea126b3a1b64530a472aaaee63508457

SHA1
34ca0512743a6bfd6727c7e680475c6fe4a9a6b3

SHA256
67758c340b787eba8dcf629da9fc8385a454deae5581e711c6de610291e00825

SHA512
231ddb3a0ef09a077e11eea4a5b798fcbd9ad5f242117c89f2b64aabd3661aaaf2a3c27211db17d6a3f4e9a58b5e86c30e19942ef47f3c4cb08ebdc06863a4fd

Download Submit
C:\Windows\system\aTDVOdt.exe

Filesize
6.0MB

MD5
67828da846b9b6c3d68b08b14d9d4dc3

SHA1
dea5f8ae6b93804965d664ec808e9f9e5f13a3f6

SHA256
e2ca230ea8d629e74b00107a47d727080b4790e6b67bfc2860345595403023e6

SHA512
d8d422c212781ca3759239f44224527bf2e526e2953b81bf123b96ba831d1937f907b643162eb50d8c06c80374d9e80a92eb176f438b22514ccafe90838477ce

Download Submit
C:\Windows\system\bxUGWol.exe

Filesize
6.0MB

MD5
e2ab1ea8604943ae5dfff9d75d8058af

SHA1
3dd40f9642c757ee80ed07979511a5746fccff01

SHA256
423e07171153cfe45da283576820d0dbdb920f2f2b105bf4d1f2980994a1b556

SHA512
0bc363e3a754425e045aad4d5b411115b2555966d72c4f53aacacaf5ec41372ba6f542efbe24fc28a2b62b59e61d05d380558541d5ea38a5e518b5798a8224c1

Download Submit
C:\Windows\system\dsecpmf.exe

Filesize
6.0MB

MD5
04130a2682730038abc1ee7cf0807bbc

SHA1
ea7df2834c72bfa9c92c1a4b709024847e79ae3e

SHA256
30d7dbb0a49f03010abed5780b0bd9b97361e8114d8ff41c1432f03d1e80e552

SHA512
84ca002774acc2184917de4b5870d6f3fc9fbc58d4bc8211f89658415b98b8040a1899b924774bf2bf005ae3f7eec5896b16c481b14b12534c88484bc48b6760

Download Submit
C:\Windows\system\dvwRkAQ.exe

Filesize
6.0MB

MD5
440b2aa77af5dfca5e86f7a9a06ee3dc

SHA1
f0cd4c53560805fbc67f9e05d357268e953b1b98

SHA256
acf26da8acd21daedceb17ca395505ae62ba5ce507220d9da50d4e0909c0db53

SHA512
8db52b3fd6c24925a120cb7a8821120472d8b78e93f354d06e893dee675f7c777bdae7d8b8d8787b70129cc489cd76d3d61e5fe35d1fa68d598439f8ad35b6bf

Download Submit
C:\Windows\system\eGZAhQm.exe

Filesize
6.0MB

MD5
5bf05dc41fc993282ada5f7fc341e4f3

SHA1
be02aacaa06fb1e8036f38c02e890245166eeeb1

SHA256
bdcdb1a3909e72876a81b27286c1b3259bb69291103c6ed62c752a09f2497b8a

SHA512
a300d910df15f7fa7c2096aad76a8d260f36e8cfd754d2029387dfd21d9e79f319745b86f457bf6656a6706d3d2313cc3f349100564b95171c2372f0f188d5a1

Download Submit
C:\Windows\system\fUGBHuO.exe

Filesize
6.0MB

MD5
1a47d8921a30f7005cf4c3092cf5d0a9

SHA1
b3bd7e9ff9684b313e6728ae478163b8ebdd5f4f

SHA256
8f61ad63b781b0051367bf81406e260d313bbcef135de1ec3e92c50b4cc2df8e

SHA512
1bf46b1370a80e6454ee962a79dc66963b4b8ae2a7fc6a557403c1ffe5ce7d35d7bf9846051f00b00c421ff023f8732f3a1d777657bc2912b6464c3a835e5cd4

Download Submit
C:\Windows\system\gJMVuNl.exe

Filesize
6.0MB

MD5
fb5cd34637533bd4abcd69b9d8fabfe6

SHA1
ef6f48f3a8b191456b66d3eff65db4c85c80c5e8

SHA256
ce295a5bcfba14a9f6bfa9fc68e270a971e68c39b7ca980ffb3649492c7c6e34

SHA512
457bc77c73601673e8476acd51ae6703730bd2f4964f5ffd512da3aec5e8481dae98ff308f11bbf9b91b5ff5a7ac93fa46ff58f58e0a88e1316552d289b37228

Download Submit
C:\Windows\system\mUGSByk.exe

Filesize
6.0MB

MD5
3bef01171bb4472f60d9c93c4292820f

SHA1
03ad364766239b2673fbfb345803457636a9f141

SHA256
baec5eafbe6de99dd896d7525f9b16ae56f94aa7e3cda6389834ade78137a2cb

SHA512
3977dbb53e488fae853698e4323cd28c1a4b780a4d5f595fcd04b77a42cc4c81e3a6c6fd6dd36dee02260d9384c85c2a642bf35343fef9a25d9580c0504160d9

Download Submit
C:\Windows\system\nQzfdTV.exe

Filesize
6.0MB

MD5
83d62df34408f2fe55b960276e343644

SHA1
daa3e083a0ff2d7503de888b53cf15425efa091e

SHA256
77d3780a32146e5699de3886d087dd224bcf42f6760718244f88ebdfd1018f6f

SHA512
ba825cb441fc8c07981bee71ff0543aa9226f21bc4887c92d7521f5093689415b0386bed0a8b799f104d345331e6fb6b5933372d24bdb57cbf5eb81dcfccea47

Download Submit
C:\Windows\system\oPYzyAT.exe

Filesize
6.0MB

MD5
680a7116fc3e0b67da8d44828c2399e6

SHA1
58f9053c9361a12054e104a55597fc3859bab859

SHA256
0a8e25ac60f0433e8ab411975ffee5eb0ce07623a7a591b1b5a348a64f3d3f89

SHA512
57a3f749bb4cdde47f0f308bfe65fae9aa5a9c77ac845b8fbca61c3652618a8f8f7ad48dd0cafae8339ea777738954cc4e6b0328eb3071b877c5e44ddb5e7c36

Download Submit
C:\Windows\system\pBxnjkW.exe

Filesize
6.0MB

MD5
eae8d3d9d083a8ad8a40ccc36c97e34f

SHA1
3259c5be2a95d861a66d5a4fdf85fc1ccc69f5cb

SHA256
f5a695873dd36737e5eab6bea8217d3640bee8aae97fadfd43784884c0047d70

SHA512
f88b6527b38cbb96edd3e33a7a9b689a42950d664465c9938cdd2e0bebf7667988d6b67b3c361cdef0ff54215cab1bdefee6c918f77ee7fd91aa32f8e8e04ebf

Download Submit
C:\Windows\system\qxAGfSe.exe

Filesize
6.0MB

MD5
6d539658904e81c36224f2dfdb2ba6e6

SHA1
6ed4a50804bd387bb286070383ac838e0749d212

SHA256
8bb7bd3158460d80e08886dd7b169b270a12cf479ee1b040c0a409116c34b452

SHA512
7a4803d242dab86c33c1580e6764eba756fafcf91eae359872f2d743451b383f52f9d7674830f66d6a822ab35a25b8fe9de530c2a44e21e9c86e3df1bfc49b57

Download Submit
C:\Windows\system\ssNofqG.exe

Filesize
6.0MB

MD5
2b27da8a312392cf8655e72366efec3d

SHA1
ffb76112eacd71f02edf5a68ab10ab8c1e69b201

SHA256
2bbd63b7821701f5072aec75bcb69ef986641ecaf0034da13367b3f2d8c6780a

SHA512
b8bfb33cddd2f99a8a25166f51eeb5a9a3384b85490f2b5d1492c66bf8561e8ba790d9fa0dfc5ef4614613056aa9163db7631da62af8b8a42dd91b68e1abee1a

Download Submit
C:\Windows\system\xVeNBTg.exe

Filesize
6.0MB

MD5
03d9a758f1ae8a2d3a2b1c7eea9886b0

SHA1
5de3b956d2aaae91b8ae59c4ea3ea34c0335f4cf

SHA256
ff57dfb5d44f1640d3bef79d81ef61509e2310093f91d8ab15c1c8a1c1feac2a

SHA512
8693bd8c25e7121c071c9f7df399d839867a7e62ddbfe14f7336bc4d902ae8643954a4597b9eb099050284d25f64d611caccef5ccdeb44e3c7c7d45c6c020118

Download Submit
\Windows\system\BFRVPsA.exe

Filesize
6.0MB

MD5
f66d9d7f5a816fa19443b05967ed3a62

SHA1
50082b32fd6a72d22e2454eb745f81dd2ac32724

SHA256
0275be4970556f34dbf12b671dbb7381f8d38c544c58adba958d38411e95c4be

SHA512
82e75eefb9a4cf8dbc66883ebafe04a5f6356fb6cfe7f9e9257d76804cc65d887d7e82aaa0571ce6d8bcd7ee240ea8709f6ae5bdd91a56d2afaa8927ba203296

Download Submit
\Windows\system\jJGShNc.exe

Filesize
6.0MB

MD5
2c5d99bd801575b3b3d3b591bf4e6add

SHA1
42314d81862243eed5b82c35f06de3c7f002e37d

SHA256
c214afeb54e9519952917238ed9559c559ecaaff97aaf7f543a002ada4f8df66

SHA512
8a5e6d1f965c2f01147d9f827286bed3d7063ad020f0ba3f9be3c86e1563b6ee5f9700359747c9948b01af37e13439228b5aeb6686ee89cf1cdc4fa7162596ab

Download Submit
\Windows\system\kJkqkzw.exe

Filesize
6.0MB

MD5
129679119fd7cff8a413788856a7a78f

SHA1
3040489178630850559696a1d6c8fba819d28ed4

SHA256
327419f004de7cee5c3e5b4355679dd31cb28a2d4f034385546d7c8bd1e751fc

SHA512
a60a455484d4f233ece95d0dace82b1c1da8028707e9ce35fefbe169a4c6c89f9c67ec796218ac4da140930a348b765836f263282d26140f32e0a1c2f3cced35

Download Submit
\Windows\system\ovXmHSx.exe

Filesize
6.0MB

MD5
46369e52d4f8982da1f82ce95cade961

SHA1
17ff7a047be8da38c61b948b84c99ac539fb5f08

SHA256
e33f2424bbfba0a5923a443e4857542c763d2ba8bc4bfce3ec94ec9b58e85466

SHA512
d63f16ada130e234d11f9d0453d18fc01dc36fa2e0f0cd55b8361fe9ed823d46c4995ed3889228e397d3086607662e2057ae205a1d057f804a2f364ce9313d7e

Download Submit
\Windows\system\qwMdQQc.exe

Filesize
6.0MB

MD5
eba65854440a989add535883ee226780

SHA1
f7a842e27abff23adf49ae769b63607868d1decc

SHA256
3cab72bb40fd3fd81aba0a51e904154e5c3de7e7c3395687d721cc9644a51a34

SHA512
9f6c5332c31f74257e6460f673dc148f4b110ae5173b29df774e5a3edde66af8615e4e59d672c1df037e69e1bd4b3be68e9b79cdcdf28f16091c535ffd624288

Download Submit
\Windows\system\tCkLixD.exe

Filesize
6.0MB

MD5
ff6dd9a7b419bc8de12d459b0eeb8971

SHA1
510efb05dcf2d0569c4ab464dbec10262ca2aae4

SHA256
59d04a1ae155855a6a41786799ad79a4b01ce88bddfa89afdff55a903ed2525f

SHA512
06fcada050a3b8964cc754f7782b8cb25f966cca8a6b7c59654dc99c89661167c4accc94218d2d6baa7929b89ec7fd13dca3f292620348b6c2b7066d1529ae3d

Download Submit
\Windows\system\zYzIFfq.exe

Filesize
6.0MB

MD5
dc63d46c68deff7b68095f7dae1f005c

SHA1
d00b790121fe7ab094764a6ddec642c2a92bd67c

SHA256
57581323a277aefbac2d9b106de018fa69c44436a4f888c34758251a887ad04d

SHA512
2c584e6022aa4ad812dc4f894356ee361d39eb553d1651874abde07fa89004922f93f8b2963c5ddb98b742c4d4016df4e4f50861f09c1ec00e841217c7dd1c7a

Download Submit
memory/484-98-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/484-4007-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/484-1245-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/880-3866-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/880-23-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2076-92-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2076-53-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2076-123-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2076-19-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-34-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2076-383-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2076-17-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2076-45-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2076-21-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2076-25-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-58-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2076-0-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2076-75-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2076-604-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2076-83-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2076-926-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2228-93-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-3974-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-85-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2248-40-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2248-4292-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2268-22-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-3868-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-97-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2352-3933-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2352-60-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2452-3966-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2452-84-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3973-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2600-76-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2684-20-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3831-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-52-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3930-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-91-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3938-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2788-68-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3931-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2880-77-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2880-35-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3934-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-29-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-74-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-67-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-4293-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download