cobaltstrike | 06562efdb60011f0fd83809dae917ba298d55c4895a5b41874b26a7774d1e74e

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-01-2025 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

77286569ea73ca18bf296cd959831a18
SHA1

3257d2edb7c56ea6d128d4af0a0dd65a25daccff
SHA256

06562efdb60011f0fd83809dae917ba298d55c4895a5b41874b26a7774d1e74e
SHA512

7e554ac73c7b92e6190b61712212beb03af5a256581bc6c33600a81291eec3bf748457c0918c9b62de915fae336c22389b674be9a88a73ba9feaaf09f7c21ee1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUo:T+q56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001225b-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d9f-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016e74-16.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001739c-33.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-41.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-48.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-68.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-58.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-53.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173e4-38.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001739a-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016f9c-24.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral1/memory/2328-0-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001225b-3.dat	xmrig
behavioral1/memory/1860-8-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d9f-9.dat	xmrig
behavioral1/memory/1464-15-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x0007000000016e74-16.dat	xmrig
behavioral1/memory/804-20-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x000700000001739c-33.dat	xmrig
behavioral1/files/0x00050000000191f3-41.dat	xmrig
behavioral1/files/0x0009000000016d3f-48.dat	xmrig
behavioral1/files/0x0005000000019277-93.dat	xmrig
behavioral1/files/0x0005000000019539-163.dat	xmrig
behavioral1/files/0x00050000000194d8-158.dat	xmrig
behavioral1/files/0x000500000001947e-153.dat	xmrig
behavioral1/files/0x0005000000019441-148.dat	xmrig
behavioral1/files/0x000500000001942f-143.dat	xmrig
behavioral1/files/0x0005000000019403-138.dat	xmrig
behavioral1/files/0x0005000000019401-134.dat	xmrig
behavioral1/files/0x00050000000193df-128.dat	xmrig
behavioral1/files/0x00050000000193d9-123.dat	xmrig
behavioral1/files/0x00050000000193cc-118.dat	xmrig
behavioral1/files/0x00050000000193c4-113.dat	xmrig
behavioral1/files/0x00050000000193be-108.dat	xmrig
behavioral1/files/0x0005000000019389-103.dat	xmrig
behavioral1/files/0x0005000000019382-98.dat	xmrig
behavioral1/files/0x0005000000019273-88.dat	xmrig
behavioral1/files/0x0005000000019271-84.dat	xmrig
behavioral1/files/0x000500000001926b-78.dat	xmrig
behavioral1/files/0x000500000001924c-73.dat	xmrig
behavioral1/files/0x0005000000019234-68.dat	xmrig
behavioral1/files/0x0005000000019229-63.dat	xmrig
behavioral1/files/0x0005000000019218-58.dat	xmrig
behavioral1/files/0x00050000000191f7-53.dat	xmrig
behavioral1/files/0x00080000000173e4-38.dat	xmrig
behavioral1/files/0x000700000001739a-29.dat	xmrig
behavioral1/files/0x0007000000016f9c-24.dat	xmrig
behavioral1/memory/2236-2126-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/1472-2141-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2328-2129-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2860-2183-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2328-2188-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2784-2161-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2700-2209-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2888-2218-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2328-2434-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/1860-2579-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/1464-2739-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/804-2882-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2328-2966-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2328-2972-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2328-3069-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/1464-4001-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2236-4002-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/1472-4003-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2784-4004-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2860-4005-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2888-4006-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2700-4007-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/804-4008-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1860	fJvtSTh.exe
1464	NAhAmMU.exe
804	bIEaYLY.exe
2236	CqQpThv.exe
1472	lAHtmnT.exe
2784	zOQBHJe.exe
2860	syRPBGB.exe
2700	NgXqiQi.exe
2888	Rlfrizp.exe
2796	wonhWPi.exe
2836	XVfOVlG.exe
1908	QrBIvtV.exe
2572	gnbkFDN.exe
2652	LZEGghL.exe
3064	SaGICpt.exe
2204	zyuePyf.exe
2388	sBISsJz.exe
2028	voruikj.exe
2764	wgSSpsh.exe
1440	nLemsYa.exe
2024	JkumMab.exe
2392	EuICbMS.exe
2000	riSxnBx.exe
2116	VXzNHKZ.exe
856	IMuYoPj.exe
288	XeqovCa.exe
2944	veerEFe.exe
2912	MsDCUZl.exe
2928	ukuvDhi.exe
1116	gWlNiQb.exe
2248	DHKBgLo.exe
2956	rGuWZTp.exe
1608	GibzSAu.exe
800	mHJlkBn.exe
348	gIWGAnK.exe
600	EFFpJDb.exe
1272	leinNJC.exe
1300	xMNcXHz.exe
1080	qxpItpB.exe
1744	KScaiZJ.exe
2016	QwRyvYm.exe
2368	XerljHv.exe
680	JOyECRb.exe
3000	VltEzgT.exe
1868	JkFAtvL.exe
1520	GxPGKDN.exe
1508	aRFIhGf.exe
2432	CmlRhcN.exe
3024	kbqAzmT.exe
2924	gHrwtNU.exe
2288	RpgQaIS.exe
2412	qURnHCX.exe
2424	CdyNIuJ.exe
2524	aZqVriR.exe
308	kbZLBlH.exe
884	DSjaPiB.exe
1304	fnFlWGJ.exe
1620	WXeMAsx.exe
1564	pBOJxex.exe
1688	hpQQkiU.exe
2332	DJXAIFS.exe
1444	pUodwuX.exe
2320	OXipngV.exe
2872	MKHSNYf.exe

Loads dropped DLL 64 IoCs

pid	Process
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 54 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2328-0-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x000c00000001225b-3.dat	upx
behavioral1/memory/1860-8-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0008000000016d9f-9.dat	upx
behavioral1/memory/1464-15-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x0007000000016e74-16.dat	upx
behavioral1/memory/804-20-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x000700000001739c-33.dat	upx
behavioral1/files/0x00050000000191f3-41.dat	upx
behavioral1/files/0x0009000000016d3f-48.dat	upx
behavioral1/files/0x0005000000019277-93.dat	upx
behavioral1/files/0x0005000000019539-163.dat	upx
behavioral1/files/0x00050000000194d8-158.dat	upx
behavioral1/files/0x000500000001947e-153.dat	upx
behavioral1/files/0x0005000000019441-148.dat	upx
behavioral1/files/0x000500000001942f-143.dat	upx
behavioral1/files/0x0005000000019403-138.dat	upx
behavioral1/files/0x0005000000019401-134.dat	upx
behavioral1/files/0x00050000000193df-128.dat	upx
behavioral1/files/0x00050000000193d9-123.dat	upx
behavioral1/files/0x00050000000193cc-118.dat	upx
behavioral1/files/0x00050000000193c4-113.dat	upx
behavioral1/files/0x00050000000193be-108.dat	upx
behavioral1/files/0x0005000000019389-103.dat	upx
behavioral1/files/0x0005000000019382-98.dat	upx
behavioral1/files/0x0005000000019273-88.dat	upx
behavioral1/files/0x0005000000019271-84.dat	upx
behavioral1/files/0x000500000001926b-78.dat	upx
behavioral1/files/0x000500000001924c-73.dat	upx
behavioral1/files/0x0005000000019234-68.dat	upx
behavioral1/files/0x0005000000019229-63.dat	upx
behavioral1/files/0x0005000000019218-58.dat	upx
behavioral1/files/0x00050000000191f7-53.dat	upx
behavioral1/files/0x00080000000173e4-38.dat	upx
behavioral1/files/0x000700000001739a-29.dat	upx
behavioral1/files/0x0007000000016f9c-24.dat	upx
behavioral1/memory/2236-2126-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/1472-2141-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2860-2183-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2784-2161-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2700-2209-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2888-2218-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2328-2434-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/1860-2579-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/1464-2739-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/804-2882-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/1464-4001-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2236-4002-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/1472-4003-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2784-4004-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2860-4005-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2888-4006-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2700-4007-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/804-4008-0x000000013FF40000-0x0000000140294000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jmOZFoY.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JkumMab.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNnCzwG.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptFwYYj.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUHadNH.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTXLhkG.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zyCHrLp.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eiveflh.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTiPxFW.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cSyLWOF.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JKbXHIz.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmjtDhs.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmDXogn.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXzNHKZ.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TsNdrGc.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHwsRwF.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqPFNKg.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJvtSTh.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTnGNxV.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxoiKkz.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KTwLvlg.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDKaLhY.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYVDxIO.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kbqAzmT.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtOidmn.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OaiZglC.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuHYvqK.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWJeguV.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLIQRLC.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JKWGnXt.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjAaVfe.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Uhppdbd.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwACWZX.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbyQsFD.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqiXKni.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVfLXqn.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDNIFdy.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlWiXCM.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXFAKKb.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqtZXyr.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OABELKE.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfyaSxe.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfxNiXp.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXppYyV.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FUdiCtJ.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIRNReJ.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlTEJNw.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoKjdbP.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dlYsbMA.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlHvOLG.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kVQFxAn.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMjTJtr.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aArNYZZ.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZxzjKmj.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQlsqSL.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfAwmKp.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftxkrnK.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ijqRhCV.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXKUBAg.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HnscEKp.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlVWewa.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCoVdvb.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZHEGuQ.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwjOYfF.exe	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 1860	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2328 wrote to memory of 1860	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2328 wrote to memory of 1860	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2328 wrote to memory of 1464	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2328 wrote to memory of 1464	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2328 wrote to memory of 1464	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2328 wrote to memory of 804	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2328 wrote to memory of 804	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2328 wrote to memory of 804	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2328 wrote to memory of 2236	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2328 wrote to memory of 2236	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2328 wrote to memory of 2236	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2328 wrote to memory of 1472	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2328 wrote to memory of 1472	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2328 wrote to memory of 1472	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2328 wrote to memory of 2784	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2328 wrote to memory of 2784	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2328 wrote to memory of 2784	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2328 wrote to memory of 2860	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2328 wrote to memory of 2860	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2328 wrote to memory of 2860	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2328 wrote to memory of 2700	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2328 wrote to memory of 2700	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2328 wrote to memory of 2700	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2328 wrote to memory of 2888	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2328 wrote to memory of 2888	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2328 wrote to memory of 2888	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2328 wrote to memory of 2796	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2328 wrote to memory of 2796	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2328 wrote to memory of 2796	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2328 wrote to memory of 2836	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2328 wrote to memory of 2836	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2328 wrote to memory of 2836	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2328 wrote to memory of 1908	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2328 wrote to memory of 1908	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2328 wrote to memory of 1908	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2328 wrote to memory of 2572	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2328 wrote to memory of 2572	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2328 wrote to memory of 2572	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2328 wrote to memory of 2652	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2328 wrote to memory of 2652	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2328 wrote to memory of 2652	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2328 wrote to memory of 3064	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2328 wrote to memory of 3064	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2328 wrote to memory of 3064	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2328 wrote to memory of 2204	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2328 wrote to memory of 2204	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2328 wrote to memory of 2204	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2328 wrote to memory of 2388	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2328 wrote to memory of 2388	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2328 wrote to memory of 2388	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2328 wrote to memory of 2028	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2328 wrote to memory of 2028	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2328 wrote to memory of 2028	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2328 wrote to memory of 2764	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2328 wrote to memory of 2764	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2328 wrote to memory of 2764	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2328 wrote to memory of 1440	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2328 wrote to memory of 1440	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2328 wrote to memory of 1440	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2328 wrote to memory of 2024	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2328 wrote to memory of 2024	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2328 wrote to memory of 2024	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2328 wrote to memory of 2392	2328	2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_77286569ea73ca18bf296cd959831a18_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\System\fJvtSTh.exe
  C:\Windows\System\fJvtSTh.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\NAhAmMU.exe
  C:\Windows\System\NAhAmMU.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\bIEaYLY.exe
  C:\Windows\System\bIEaYLY.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\CqQpThv.exe
  C:\Windows\System\CqQpThv.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\lAHtmnT.exe
  C:\Windows\System\lAHtmnT.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\zOQBHJe.exe
  C:\Windows\System\zOQBHJe.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\syRPBGB.exe
  C:\Windows\System\syRPBGB.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\NgXqiQi.exe
  C:\Windows\System\NgXqiQi.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\Rlfrizp.exe
  C:\Windows\System\Rlfrizp.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\wonhWPi.exe
  C:\Windows\System\wonhWPi.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\XVfOVlG.exe
  C:\Windows\System\XVfOVlG.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\QrBIvtV.exe
  C:\Windows\System\QrBIvtV.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\gnbkFDN.exe
  C:\Windows\System\gnbkFDN.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\LZEGghL.exe
  C:\Windows\System\LZEGghL.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\SaGICpt.exe
  C:\Windows\System\SaGICpt.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\zyuePyf.exe
  C:\Windows\System\zyuePyf.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\sBISsJz.exe
  C:\Windows\System\sBISsJz.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\voruikj.exe
  C:\Windows\System\voruikj.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\wgSSpsh.exe
  C:\Windows\System\wgSSpsh.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\nLemsYa.exe
  C:\Windows\System\nLemsYa.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\JkumMab.exe
  C:\Windows\System\JkumMab.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\EuICbMS.exe
  C:\Windows\System\EuICbMS.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\riSxnBx.exe
  C:\Windows\System\riSxnBx.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\VXzNHKZ.exe
  C:\Windows\System\VXzNHKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\IMuYoPj.exe
  C:\Windows\System\IMuYoPj.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\XeqovCa.exe
  C:\Windows\System\XeqovCa.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\veerEFe.exe
  C:\Windows\System\veerEFe.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\MsDCUZl.exe
  C:\Windows\System\MsDCUZl.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ukuvDhi.exe
  C:\Windows\System\ukuvDhi.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\gWlNiQb.exe
  C:\Windows\System\gWlNiQb.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\DHKBgLo.exe
  C:\Windows\System\DHKBgLo.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\rGuWZTp.exe
  C:\Windows\System\rGuWZTp.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\GibzSAu.exe
  C:\Windows\System\GibzSAu.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\mHJlkBn.exe
  C:\Windows\System\mHJlkBn.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\gIWGAnK.exe
  C:\Windows\System\gIWGAnK.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\EFFpJDb.exe
  C:\Windows\System\EFFpJDb.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\leinNJC.exe
  C:\Windows\System\leinNJC.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\xMNcXHz.exe
  C:\Windows\System\xMNcXHz.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\qxpItpB.exe
  C:\Windows\System\qxpItpB.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\KScaiZJ.exe
  C:\Windows\System\KScaiZJ.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\QwRyvYm.exe
  C:\Windows\System\QwRyvYm.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\XerljHv.exe
  C:\Windows\System\XerljHv.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\JOyECRb.exe
  C:\Windows\System\JOyECRb.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\VltEzgT.exe
  C:\Windows\System\VltEzgT.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\JkFAtvL.exe
  C:\Windows\System\JkFAtvL.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\GxPGKDN.exe
  C:\Windows\System\GxPGKDN.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\aRFIhGf.exe
  C:\Windows\System\aRFIhGf.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\CmlRhcN.exe
  C:\Windows\System\CmlRhcN.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\kbqAzmT.exe
  C:\Windows\System\kbqAzmT.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\gHrwtNU.exe
  C:\Windows\System\gHrwtNU.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\RpgQaIS.exe
  C:\Windows\System\RpgQaIS.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\qURnHCX.exe
  C:\Windows\System\qURnHCX.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\CdyNIuJ.exe
  C:\Windows\System\CdyNIuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\aZqVriR.exe
  C:\Windows\System\aZqVriR.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\kbZLBlH.exe
  C:\Windows\System\kbZLBlH.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\DSjaPiB.exe
  C:\Windows\System\DSjaPiB.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\fnFlWGJ.exe
  C:\Windows\System\fnFlWGJ.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\WXeMAsx.exe
  C:\Windows\System\WXeMAsx.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\pBOJxex.exe
  C:\Windows\System\pBOJxex.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\hpQQkiU.exe
  C:\Windows\System\hpQQkiU.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\DJXAIFS.exe
  C:\Windows\System\DJXAIFS.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\pUodwuX.exe
  C:\Windows\System\pUodwuX.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\OXipngV.exe
  C:\Windows\System\OXipngV.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\MKHSNYf.exe
  C:\Windows\System\MKHSNYf.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\LyXWfeD.exe
  C:\Windows\System\LyXWfeD.exe
  2⤵
  PID:2448
- C:\Windows\System\kWIJhKb.exe
  C:\Windows\System\kWIJhKb.exe
  2⤵
  PID:2936
- C:\Windows\System\GCzJtjN.exe
  C:\Windows\System\GCzJtjN.exe
  2⤵
  PID:2712
- C:\Windows\System\iDFzkiP.exe
  C:\Windows\System\iDFzkiP.exe
  2⤵
  PID:2576
- C:\Windows\System\ogYgDlY.exe
  C:\Windows\System\ogYgDlY.exe
  2⤵
  PID:3052
- C:\Windows\System\cRRsnHj.exe
  C:\Windows\System\cRRsnHj.exe
  2⤵
  PID:1580
- C:\Windows\System\UCnJcNr.exe
  C:\Windows\System\UCnJcNr.exe
  2⤵
  PID:1648
- C:\Windows\System\fgzTBbm.exe
  C:\Windows\System\fgzTBbm.exe
  2⤵
  PID:1372
- C:\Windows\System\hDCeGfN.exe
  C:\Windows\System\hDCeGfN.exe
  2⤵
  PID:1876
- C:\Windows\System\XXgqZBN.exe
  C:\Windows\System\XXgqZBN.exe
  2⤵
  PID:1968
- C:\Windows\System\mnpVrAL.exe
  C:\Windows\System\mnpVrAL.exe
  2⤵
  PID:1220
- C:\Windows\System\tQPYSmg.exe
  C:\Windows\System\tQPYSmg.exe
  2⤵
  PID:1852
- C:\Windows\System\kaauHcJ.exe
  C:\Windows\System\kaauHcJ.exe
  2⤵
  PID:2840
- C:\Windows\System\DtKzfLU.exe
  C:\Windows\System\DtKzfLU.exe
  2⤵
  PID:2356
- C:\Windows\System\MuJjjaS.exe
  C:\Windows\System\MuJjjaS.exe
  2⤵
  PID:3040
- C:\Windows\System\chqJlnt.exe
  C:\Windows\System\chqJlnt.exe
  2⤵
  PID:1696
- C:\Windows\System\pBBZmGW.exe
  C:\Windows\System\pBBZmGW.exe
  2⤵
  PID:1128
- C:\Windows\System\oNMknjc.exe
  C:\Windows\System\oNMknjc.exe
  2⤵
  PID:1204
- C:\Windows\System\qFkYmep.exe
  C:\Windows\System\qFkYmep.exe
  2⤵
  PID:976
- C:\Windows\System\nJSTdQC.exe
  C:\Windows\System\nJSTdQC.exe
  2⤵
  PID:1984
- C:\Windows\System\FsbNuUY.exe
  C:\Windows\System\FsbNuUY.exe
  2⤵
  PID:1708
- C:\Windows\System\fdBTlcH.exe
  C:\Windows\System\fdBTlcH.exe
  2⤵
  PID:2176
- C:\Windows\System\qjJalXd.exe
  C:\Windows\System\qjJalXd.exe
  2⤵
  PID:2400
- C:\Windows\System\GmXeMmK.exe
  C:\Windows\System\GmXeMmK.exe
  2⤵
  PID:1640
- C:\Windows\System\GHDWLCl.exe
  C:\Windows\System\GHDWLCl.exe
  2⤵
  PID:2136
- C:\Windows\System\RhFiFuc.exe
  C:\Windows\System\RhFiFuc.exe
  2⤵
  PID:2108
- C:\Windows\System\eTiPxFW.exe
  C:\Windows\System\eTiPxFW.exe
  2⤵
  PID:2228
- C:\Windows\System\jiuxRhX.exe
  C:\Windows\System\jiuxRhX.exe
  2⤵
  PID:616
- C:\Windows\System\jlWiXCM.exe
  C:\Windows\System\jlWiXCM.exe
  2⤵
  PID:2436
- C:\Windows\System\qXdJZgC.exe
  C:\Windows\System\qXdJZgC.exe
  2⤵
  PID:1740
- C:\Windows\System\CieSrHS.exe
  C:\Windows\System\CieSrHS.exe
  2⤵
  PID:2196
- C:\Windows\System\lrfMxkI.exe
  C:\Windows\System\lrfMxkI.exe
  2⤵
  PID:1692
- C:\Windows\System\ztWWMhZ.exe
  C:\Windows\System\ztWWMhZ.exe
  2⤵
  PID:3056
- C:\Windows\System\vPltSaA.exe
  C:\Windows\System\vPltSaA.exe
  2⤵
  PID:108
- C:\Windows\System\gchEXSM.exe
  C:\Windows\System\gchEXSM.exe
  2⤵
  PID:2984
- C:\Windows\System\pfhNceI.exe
  C:\Windows\System\pfhNceI.exe
  2⤵
  PID:1148
- C:\Windows\System\saFPGIC.exe
  C:\Windows\System\saFPGIC.exe
  2⤵
  PID:2640
- C:\Windows\System\kVQFxAn.exe
  C:\Windows\System\kVQFxAn.exe
  2⤵
  PID:1916
- C:\Windows\System\xlYvYZJ.exe
  C:\Windows\System\xlYvYZJ.exe
  2⤵
  PID:1904
- C:\Windows\System\qWEagrO.exe
  C:\Windows\System\qWEagrO.exe
  2⤵
  PID:2644
- C:\Windows\System\SuVVrIM.exe
  C:\Windows\System\SuVVrIM.exe
  2⤵
  PID:2312
- C:\Windows\System\hiGLDnx.exe
  C:\Windows\System\hiGLDnx.exe
  2⤵
  PID:2848
- C:\Windows\System\YovAhOI.exe
  C:\Windows\System\YovAhOI.exe
  2⤵
  PID:2260
- C:\Windows\System\RiPHFdd.exe
  C:\Windows\System\RiPHFdd.exe
  2⤵
  PID:904
- C:\Windows\System\Dxrkdkg.exe
  C:\Windows\System\Dxrkdkg.exe
  2⤵
  PID:836
- C:\Windows\System\lwCKlpE.exe
  C:\Windows\System\lwCKlpE.exe
  2⤵
  PID:944
- C:\Windows\System\oLnyoaI.exe
  C:\Windows\System\oLnyoaI.exe
  2⤵
  PID:1712
- C:\Windows\System\IqQFITj.exe
  C:\Windows\System\IqQFITj.exe
  2⤵
  PID:896
- C:\Windows\System\aVmZwhy.exe
  C:\Windows\System\aVmZwhy.exe
  2⤵
  PID:2372
- C:\Windows\System\LCoVdvb.exe
  C:\Windows\System\LCoVdvb.exe
  2⤵
  PID:2456
- C:\Windows\System\eVrBVKo.exe
  C:\Windows\System\eVrBVKo.exe
  2⤵
  PID:2272
- C:\Windows\System\arkrauH.exe
  C:\Windows\System\arkrauH.exe
  2⤵
  PID:988
- C:\Windows\System\tGltnWt.exe
  C:\Windows\System\tGltnWt.exe
  2⤵
  PID:3016
- C:\Windows\System\CyaojZb.exe
  C:\Windows\System\CyaojZb.exe
  2⤵
  PID:2064
- C:\Windows\System\NfSQnwJ.exe
  C:\Windows\System\NfSQnwJ.exe
  2⤵
  PID:2868
- C:\Windows\System\pscKjRc.exe
  C:\Windows\System\pscKjRc.exe
  2⤵
  PID:2612
- C:\Windows\System\sRnEVeA.exe
  C:\Windows\System\sRnEVeA.exe
  2⤵
  PID:2036
- C:\Windows\System\TuoXfaf.exe
  C:\Windows\System\TuoXfaf.exe
  2⤵
  PID:1064
- C:\Windows\System\IuMOLpR.exe
  C:\Windows\System\IuMOLpR.exe
  2⤵
  PID:1044
- C:\Windows\System\XTgvRuI.exe
  C:\Windows\System\XTgvRuI.exe
  2⤵
  PID:3084
- C:\Windows\System\qcLROSa.exe
  C:\Windows\System\qcLROSa.exe
  2⤵
  PID:3104
- C:\Windows\System\rMdNSPt.exe
  C:\Windows\System\rMdNSPt.exe
  2⤵
  PID:3124
- C:\Windows\System\mgRkAqU.exe
  C:\Windows\System\mgRkAqU.exe
  2⤵
  PID:3144
- C:\Windows\System\ijqRhCV.exe
  C:\Windows\System\ijqRhCV.exe
  2⤵
  PID:3164
- C:\Windows\System\ceNTbmO.exe
  C:\Windows\System\ceNTbmO.exe
  2⤵
  PID:3184
- C:\Windows\System\vpFISzi.exe
  C:\Windows\System\vpFISzi.exe
  2⤵
  PID:3204
- C:\Windows\System\EYrXPVF.exe
  C:\Windows\System\EYrXPVF.exe
  2⤵
  PID:3224
- C:\Windows\System\neQEsrN.exe
  C:\Windows\System\neQEsrN.exe
  2⤵
  PID:3240
- C:\Windows\System\DsNJiqT.exe
  C:\Windows\System\DsNJiqT.exe
  2⤵
  PID:3264
- C:\Windows\System\LHjUkGk.exe
  C:\Windows\System\LHjUkGk.exe
  2⤵
  PID:3284
- C:\Windows\System\thksfdq.exe
  C:\Windows\System\thksfdq.exe
  2⤵
  PID:3304
- C:\Windows\System\hiDialI.exe
  C:\Windows\System\hiDialI.exe
  2⤵
  PID:3324
- C:\Windows\System\lxEmOEs.exe
  C:\Windows\System\lxEmOEs.exe
  2⤵
  PID:3344
- C:\Windows\System\mXFAKKb.exe
  C:\Windows\System\mXFAKKb.exe
  2⤵
  PID:3364
- C:\Windows\System\KNEmbOg.exe
  C:\Windows\System\KNEmbOg.exe
  2⤵
  PID:3384
- C:\Windows\System\XVHXAkh.exe
  C:\Windows\System\XVHXAkh.exe
  2⤵
  PID:3404
- C:\Windows\System\aadOyfA.exe
  C:\Windows\System\aadOyfA.exe
  2⤵
  PID:3424
- C:\Windows\System\gQLAeGV.exe
  C:\Windows\System\gQLAeGV.exe
  2⤵
  PID:3440
- C:\Windows\System\zJXTMNM.exe
  C:\Windows\System\zJXTMNM.exe
  2⤵
  PID:3464
- C:\Windows\System\xJDthjr.exe
  C:\Windows\System\xJDthjr.exe
  2⤵
  PID:3484
- C:\Windows\System\sdgAQUB.exe
  C:\Windows\System\sdgAQUB.exe
  2⤵
  PID:3504
- C:\Windows\System\NOCPShY.exe
  C:\Windows\System\NOCPShY.exe
  2⤵
  PID:3524
- C:\Windows\System\oEjIojZ.exe
  C:\Windows\System\oEjIojZ.exe
  2⤵
  PID:3544
- C:\Windows\System\fuwVtWC.exe
  C:\Windows\System\fuwVtWC.exe
  2⤵
  PID:3564
- C:\Windows\System\saAGKoY.exe
  C:\Windows\System\saAGKoY.exe
  2⤵
  PID:3584
- C:\Windows\System\gzZwstW.exe
  C:\Windows\System\gzZwstW.exe
  2⤵
  PID:3604
- C:\Windows\System\KnIMriC.exe
  C:\Windows\System\KnIMriC.exe
  2⤵
  PID:3624
- C:\Windows\System\dqlWDBm.exe
  C:\Windows\System\dqlWDBm.exe
  2⤵
  PID:3644
- C:\Windows\System\NxapOaz.exe
  C:\Windows\System\NxapOaz.exe
  2⤵
  PID:3664
- C:\Windows\System\SsJfKZB.exe
  C:\Windows\System\SsJfKZB.exe
  2⤵
  PID:3684
- C:\Windows\System\MdDSYRe.exe
  C:\Windows\System\MdDSYRe.exe
  2⤵
  PID:3704
- C:\Windows\System\wTTYKGV.exe
  C:\Windows\System\wTTYKGV.exe
  2⤵
  PID:3724
- C:\Windows\System\QbGKMfZ.exe
  C:\Windows\System\QbGKMfZ.exe
  2⤵
  PID:3744
- C:\Windows\System\yDEhDSK.exe
  C:\Windows\System\yDEhDSK.exe
  2⤵
  PID:3764
- C:\Windows\System\XdofiYR.exe
  C:\Windows\System\XdofiYR.exe
  2⤵
  PID:3784
- C:\Windows\System\bQosyTG.exe
  C:\Windows\System\bQosyTG.exe
  2⤵
  PID:3804
- C:\Windows\System\hacVmof.exe
  C:\Windows\System\hacVmof.exe
  2⤵
  PID:3824
- C:\Windows\System\PldzeXI.exe
  C:\Windows\System\PldzeXI.exe
  2⤵
  PID:3844
- C:\Windows\System\slpJkcd.exe
  C:\Windows\System\slpJkcd.exe
  2⤵
  PID:3864
- C:\Windows\System\TYbhSaq.exe
  C:\Windows\System\TYbhSaq.exe
  2⤵
  PID:3884
- C:\Windows\System\CLYuSLE.exe
  C:\Windows\System\CLYuSLE.exe
  2⤵
  PID:3904
- C:\Windows\System\vsuDHxt.exe
  C:\Windows\System\vsuDHxt.exe
  2⤵
  PID:3924
- C:\Windows\System\JDqheBK.exe
  C:\Windows\System\JDqheBK.exe
  2⤵
  PID:3944
- C:\Windows\System\aqAIzJq.exe
  C:\Windows\System\aqAIzJq.exe
  2⤵
  PID:3964
- C:\Windows\System\GjMFjyG.exe
  C:\Windows\System\GjMFjyG.exe
  2⤵
  PID:3984
- C:\Windows\System\EeKDkSX.exe
  C:\Windows\System\EeKDkSX.exe
  2⤵
  PID:4004
- C:\Windows\System\jLjSVJE.exe
  C:\Windows\System\jLjSVJE.exe
  2⤵
  PID:4024
- C:\Windows\System\eaJHiHr.exe
  C:\Windows\System\eaJHiHr.exe
  2⤵
  PID:4044
- C:\Windows\System\fjeDvDJ.exe
  C:\Windows\System\fjeDvDJ.exe
  2⤵
  PID:4064
- C:\Windows\System\ZLwjIsY.exe
  C:\Windows\System\ZLwjIsY.exe
  2⤵
  PID:4084
- C:\Windows\System\kvgjmUa.exe
  C:\Windows\System\kvgjmUa.exe
  2⤵
  PID:2012
- C:\Windows\System\FOXicoY.exe
  C:\Windows\System\FOXicoY.exe
  2⤵
  PID:284
- C:\Windows\System\RqAeYWK.exe
  C:\Windows\System\RqAeYWK.exe
  2⤵
  PID:1276
- C:\Windows\System\dWhTPYQ.exe
  C:\Windows\System\dWhTPYQ.exe
  2⤵
  PID:1544
- C:\Windows\System\ZimsHyM.exe
  C:\Windows\System\ZimsHyM.exe
  2⤵
  PID:3028
- C:\Windows\System\ruBSQKs.exe
  C:\Windows\System\ruBSQKs.exe
  2⤵
  PID:1796
- C:\Windows\System\RNZXsUw.exe
  C:\Windows\System\RNZXsUw.exe
  2⤵
  PID:2160
- C:\Windows\System\HlpjPEK.exe
  C:\Windows\System\HlpjPEK.exe
  2⤵
  PID:2512
- C:\Windows\System\cnKKNbA.exe
  C:\Windows\System\cnKKNbA.exe
  2⤵
  PID:2688
- C:\Windows\System\nOdhtEd.exe
  C:\Windows\System\nOdhtEd.exe
  2⤵
  PID:1604
- C:\Windows\System\KHUGvLV.exe
  C:\Windows\System\KHUGvLV.exe
  2⤵
  PID:2768
- C:\Windows\System\pmGxQqH.exe
  C:\Windows\System\pmGxQqH.exe
  2⤵
  PID:3076
- C:\Windows\System\WpDWPCI.exe
  C:\Windows\System\WpDWPCI.exe
  2⤵
  PID:3120
- C:\Windows\System\KYripMk.exe
  C:\Windows\System\KYripMk.exe
  2⤵
  PID:3180
- C:\Windows\System\dZHEGuQ.exe
  C:\Windows\System\dZHEGuQ.exe
  2⤵
  PID:3212
- C:\Windows\System\lHdNrub.exe
  C:\Windows\System\lHdNrub.exe
  2⤵
  PID:3248
- C:\Windows\System\EFjncmf.exe
  C:\Windows\System\EFjncmf.exe
  2⤵
  PID:3252
- C:\Windows\System\ENlqDzv.exe
  C:\Windows\System\ENlqDzv.exe
  2⤵
  PID:3280
- C:\Windows\System\PlzIjfF.exe
  C:\Windows\System\PlzIjfF.exe
  2⤵
  PID:3332
- C:\Windows\System\hlGFEvP.exe
  C:\Windows\System\hlGFEvP.exe
  2⤵
  PID:3372
- C:\Windows\System\dzXKyWz.exe
  C:\Windows\System\dzXKyWz.exe
  2⤵
  PID:3356
- C:\Windows\System\iVmORGr.exe
  C:\Windows\System\iVmORGr.exe
  2⤵
  PID:3420
- C:\Windows\System\pGCpuGF.exe
  C:\Windows\System\pGCpuGF.exe
  2⤵
  PID:3432
- C:\Windows\System\EEJjUey.exe
  C:\Windows\System\EEJjUey.exe
  2⤵
  PID:3472
- C:\Windows\System\ZvrbWid.exe
  C:\Windows\System\ZvrbWid.exe
  2⤵
  PID:3512
- C:\Windows\System\mBYDUzN.exe
  C:\Windows\System\mBYDUzN.exe
  2⤵
  PID:3552
- C:\Windows\System\AGQyKOZ.exe
  C:\Windows\System\AGQyKOZ.exe
  2⤵
  PID:3576
- C:\Windows\System\QsHBFGk.exe
  C:\Windows\System\QsHBFGk.exe
  2⤵
  PID:3616
- C:\Windows\System\JdTNcHb.exe
  C:\Windows\System\JdTNcHb.exe
  2⤵
  PID:3656
- C:\Windows\System\rphTJHp.exe
  C:\Windows\System\rphTJHp.exe
  2⤵
  PID:3680
- C:\Windows\System\JHUUeWe.exe
  C:\Windows\System\JHUUeWe.exe
  2⤵
  PID:3720
- C:\Windows\System\vCSJIpr.exe
  C:\Windows\System\vCSJIpr.exe
  2⤵
  PID:3752
- C:\Windows\System\sfPCgJL.exe
  C:\Windows\System\sfPCgJL.exe
  2⤵
  PID:3760
- C:\Windows\System\aaREGSn.exe
  C:\Windows\System\aaREGSn.exe
  2⤵
  PID:3820
- C:\Windows\System\pQmfCHK.exe
  C:\Windows\System\pQmfCHK.exe
  2⤵
  PID:3836
- C:\Windows\System\dJMRzGz.exe
  C:\Windows\System\dJMRzGz.exe
  2⤵
  PID:3892
- C:\Windows\System\qAbmcnm.exe
  C:\Windows\System\qAbmcnm.exe
  2⤵
  PID:3920
- C:\Windows\System\yXkDaBj.exe
  C:\Windows\System\yXkDaBj.exe
  2⤵
  PID:3952
- C:\Windows\System\fxetAMC.exe
  C:\Windows\System\fxetAMC.exe
  2⤵
  PID:3976
- C:\Windows\System\ioDxZHh.exe
  C:\Windows\System\ioDxZHh.exe
  2⤵
  PID:4020
- C:\Windows\System\cWlaMzb.exe
  C:\Windows\System\cWlaMzb.exe
  2⤵
  PID:4040
- C:\Windows\System\poDrDrB.exe
  C:\Windows\System\poDrDrB.exe
  2⤵
  PID:4072
- C:\Windows\System\mjkgpvd.exe
  C:\Windows\System\mjkgpvd.exe
  2⤵
  PID:2800
- C:\Windows\System\HQRlzzw.exe
  C:\Windows\System\HQRlzzw.exe
  2⤵
  PID:1804
- C:\Windows\System\KwIapkP.exe
  C:\Windows\System\KwIapkP.exe
  2⤵
  PID:2460
- C:\Windows\System\aUQDfkE.exe
  C:\Windows\System\aUQDfkE.exe
  2⤵
  PID:336
- C:\Windows\System\oimgnzJ.exe
  C:\Windows\System\oimgnzJ.exe
  2⤵
  PID:2128
- C:\Windows\System\oRlVEty.exe
  C:\Windows\System\oRlVEty.exe
  2⤵
  PID:2696
- C:\Windows\System\pXppYyV.exe
  C:\Windows\System\pXppYyV.exe
  2⤵
  PID:3132
- C:\Windows\System\FHFWdCr.exe
  C:\Windows\System\FHFWdCr.exe
  2⤵
  PID:3156
- C:\Windows\System\tblMgsH.exe
  C:\Windows\System\tblMgsH.exe
  2⤵
  PID:3160
- C:\Windows\System\cMeLzyi.exe
  C:\Windows\System\cMeLzyi.exe
  2⤵
  PID:3236
- C:\Windows\System\EbWQaRN.exe
  C:\Windows\System\EbWQaRN.exe
  2⤵
  PID:3300
- C:\Windows\System\HApskvA.exe
  C:\Windows\System\HApskvA.exe
  2⤵
  PID:3340
- C:\Windows\System\QVwmmdl.exe
  C:\Windows\System\QVwmmdl.exe
  2⤵
  PID:3392
- C:\Windows\System\JDbcJnr.exe
  C:\Windows\System\JDbcJnr.exe
  2⤵
  PID:3456
- C:\Windows\System\MJmIFfP.exe
  C:\Windows\System\MJmIFfP.exe
  2⤵
  PID:3496
- C:\Windows\System\FDNgYKk.exe
  C:\Windows\System\FDNgYKk.exe
  2⤵
  PID:3540
- C:\Windows\System\foCFKwJ.exe
  C:\Windows\System\foCFKwJ.exe
  2⤵
  PID:3620
- C:\Windows\System\qICxXAX.exe
  C:\Windows\System\qICxXAX.exe
  2⤵
  PID:3692
- C:\Windows\System\eElafoO.exe
  C:\Windows\System\eElafoO.exe
  2⤵
  PID:3736
- C:\Windows\System\UpkrkrH.exe
  C:\Windows\System\UpkrkrH.exe
  2⤵
  PID:3812
- C:\Windows\System\kzWcrRI.exe
  C:\Windows\System\kzWcrRI.exe
  2⤵
  PID:3840
- C:\Windows\System\nQlcLhM.exe
  C:\Windows\System\nQlcLhM.exe
  2⤵
  PID:3872
- C:\Windows\System\OvswQKd.exe
  C:\Windows\System\OvswQKd.exe
  2⤵
  PID:3940
- C:\Windows\System\VUHmSxv.exe
  C:\Windows\System\VUHmSxv.exe
  2⤵
  PID:4012
- C:\Windows\System\jjhfHcP.exe
  C:\Windows\System\jjhfHcP.exe
  2⤵
  PID:2676
- C:\Windows\System\DbgwrtE.exe
  C:\Windows\System\DbgwrtE.exe
  2⤵
  PID:1048
- C:\Windows\System\VQOmqaX.exe
  C:\Windows\System\VQOmqaX.exe
  2⤵
  PID:1380
- C:\Windows\System\nMpCKLd.exe
  C:\Windows\System\nMpCKLd.exe
  2⤵
  PID:2704
- C:\Windows\System\gkxzmeO.exe
  C:\Windows\System\gkxzmeO.exe
  2⤵
  PID:1888
- C:\Windows\System\WgGyfJR.exe
  C:\Windows\System\WgGyfJR.exe
  2⤵
  PID:3112
- C:\Windows\System\pGYLmEo.exe
  C:\Windows\System\pGYLmEo.exe
  2⤵
  PID:3256
- C:\Windows\System\wiQGEOx.exe
  C:\Windows\System\wiQGEOx.exe
  2⤵
  PID:3312
- C:\Windows\System\WQftStS.exe
  C:\Windows\System\WQftStS.exe
  2⤵
  PID:3376
- C:\Windows\System\Ovcwned.exe
  C:\Windows\System\Ovcwned.exe
  2⤵
  PID:3492
- C:\Windows\System\PJDDImV.exe
  C:\Windows\System\PJDDImV.exe
  2⤵
  PID:3660
- C:\Windows\System\MItNOmm.exe
  C:\Windows\System\MItNOmm.exe
  2⤵
  PID:3712
- C:\Windows\System\PTAmEBZ.exe
  C:\Windows\System\PTAmEBZ.exe
  2⤵
  PID:3852
- C:\Windows\System\CRQZdVl.exe
  C:\Windows\System\CRQZdVl.exe
  2⤵
  PID:4104
- C:\Windows\System\LsPPYXX.exe
  C:\Windows\System\LsPPYXX.exe
  2⤵
  PID:4124
- C:\Windows\System\Ogthbgn.exe
  C:\Windows\System\Ogthbgn.exe
  2⤵
  PID:4144
- C:\Windows\System\wUaNOxV.exe
  C:\Windows\System\wUaNOxV.exe
  2⤵
  PID:4164
- C:\Windows\System\HLLgsaj.exe
  C:\Windows\System\HLLgsaj.exe
  2⤵
  PID:4184
- C:\Windows\System\jUMsEzn.exe
  C:\Windows\System\jUMsEzn.exe
  2⤵
  PID:4204
- C:\Windows\System\rSrMpFt.exe
  C:\Windows\System\rSrMpFt.exe
  2⤵
  PID:4224
- C:\Windows\System\DtZyfyJ.exe
  C:\Windows\System\DtZyfyJ.exe
  2⤵
  PID:4244
- C:\Windows\System\eRhSHXs.exe
  C:\Windows\System\eRhSHXs.exe
  2⤵
  PID:4264
- C:\Windows\System\mRpZoUx.exe
  C:\Windows\System\mRpZoUx.exe
  2⤵
  PID:4284
- C:\Windows\System\XpZSXgl.exe
  C:\Windows\System\XpZSXgl.exe
  2⤵
  PID:4304
- C:\Windows\System\oePdhZy.exe
  C:\Windows\System\oePdhZy.exe
  2⤵
  PID:4324
- C:\Windows\System\xyaVBiz.exe
  C:\Windows\System\xyaVBiz.exe
  2⤵
  PID:4344
- C:\Windows\System\bSyufvF.exe
  C:\Windows\System\bSyufvF.exe
  2⤵
  PID:4364
- C:\Windows\System\JrubWnz.exe
  C:\Windows\System\JrubWnz.exe
  2⤵
  PID:4384
- C:\Windows\System\jloYYor.exe
  C:\Windows\System\jloYYor.exe
  2⤵
  PID:4404
- C:\Windows\System\MLxqruy.exe
  C:\Windows\System\MLxqruy.exe
  2⤵
  PID:4424
- C:\Windows\System\GQCqImG.exe
  C:\Windows\System\GQCqImG.exe
  2⤵
  PID:4444
- C:\Windows\System\GZTZBJp.exe
  C:\Windows\System\GZTZBJp.exe
  2⤵
  PID:4464
- C:\Windows\System\fGeuDcv.exe
  C:\Windows\System\fGeuDcv.exe
  2⤵
  PID:4484
- C:\Windows\System\loWAGCY.exe
  C:\Windows\System\loWAGCY.exe
  2⤵
  PID:4504
- C:\Windows\System\zMzHOTj.exe
  C:\Windows\System\zMzHOTj.exe
  2⤵
  PID:4524
- C:\Windows\System\eGzhWZF.exe
  C:\Windows\System\eGzhWZF.exe
  2⤵
  PID:4544
- C:\Windows\System\aVASvEj.exe
  C:\Windows\System\aVASvEj.exe
  2⤵
  PID:4564
- C:\Windows\System\dITWvCY.exe
  C:\Windows\System\dITWvCY.exe
  2⤵
  PID:4584
- C:\Windows\System\vlADhcJ.exe
  C:\Windows\System\vlADhcJ.exe
  2⤵
  PID:4604
- C:\Windows\System\waBvBJi.exe
  C:\Windows\System\waBvBJi.exe
  2⤵
  PID:4624
- C:\Windows\System\xsVWjKd.exe
  C:\Windows\System\xsVWjKd.exe
  2⤵
  PID:4644
- C:\Windows\System\kyGKfgy.exe
  C:\Windows\System\kyGKfgy.exe
  2⤵
  PID:4664
- C:\Windows\System\zwaRTCY.exe
  C:\Windows\System\zwaRTCY.exe
  2⤵
  PID:4684
- C:\Windows\System\aXOGTTk.exe
  C:\Windows\System\aXOGTTk.exe
  2⤵
  PID:4704
- C:\Windows\System\kvoJIxH.exe
  C:\Windows\System\kvoJIxH.exe
  2⤵
  PID:4724
- C:\Windows\System\frdZxmf.exe
  C:\Windows\System\frdZxmf.exe
  2⤵
  PID:4744
- C:\Windows\System\FUdiCtJ.exe
  C:\Windows\System\FUdiCtJ.exe
  2⤵
  PID:4764
- C:\Windows\System\yeErdUS.exe
  C:\Windows\System\yeErdUS.exe
  2⤵
  PID:4784
- C:\Windows\System\PTUXVob.exe
  C:\Windows\System\PTUXVob.exe
  2⤵
  PID:4804
- C:\Windows\System\XPYZOBz.exe
  C:\Windows\System\XPYZOBz.exe
  2⤵
  PID:4824
- C:\Windows\System\riDIeZD.exe
  C:\Windows\System\riDIeZD.exe
  2⤵
  PID:4844
- C:\Windows\System\oPEwuVf.exe
  C:\Windows\System\oPEwuVf.exe
  2⤵
  PID:4864
- C:\Windows\System\GIRNReJ.exe
  C:\Windows\System\GIRNReJ.exe
  2⤵
  PID:4884
- C:\Windows\System\QlKhajm.exe
  C:\Windows\System\QlKhajm.exe
  2⤵
  PID:4904
- C:\Windows\System\DqOPjaF.exe
  C:\Windows\System\DqOPjaF.exe
  2⤵
  PID:4924
- C:\Windows\System\IOTueTF.exe
  C:\Windows\System\IOTueTF.exe
  2⤵
  PID:4944
- C:\Windows\System\vXKUBAg.exe
  C:\Windows\System\vXKUBAg.exe
  2⤵
  PID:4964
- C:\Windows\System\rbbpglJ.exe
  C:\Windows\System\rbbpglJ.exe
  2⤵
  PID:4984
- C:\Windows\System\UdjYyqH.exe
  C:\Windows\System\UdjYyqH.exe
  2⤵
  PID:5004
- C:\Windows\System\tLPoFnS.exe
  C:\Windows\System\tLPoFnS.exe
  2⤵
  PID:5024
- C:\Windows\System\HkHHAvm.exe
  C:\Windows\System\HkHHAvm.exe
  2⤵
  PID:5044
- C:\Windows\System\LdxSNqJ.exe
  C:\Windows\System\LdxSNqJ.exe
  2⤵
  PID:5064
- C:\Windows\System\lWmOiWJ.exe
  C:\Windows\System\lWmOiWJ.exe
  2⤵
  PID:5084
- C:\Windows\System\pHMkWRd.exe
  C:\Windows\System\pHMkWRd.exe
  2⤵
  PID:5104
- C:\Windows\System\KOxgWbE.exe
  C:\Windows\System\KOxgWbE.exe
  2⤵
  PID:3900
- C:\Windows\System\RxHWABP.exe
  C:\Windows\System\RxHWABP.exe
  2⤵
  PID:3956
- C:\Windows\System\MsiNSBd.exe
  C:\Windows\System\MsiNSBd.exe
  2⤵
  PID:4000
- C:\Windows\System\TVLSgKD.exe
  C:\Windows\System\TVLSgKD.exe
  2⤵
  PID:1532
- C:\Windows\System\GlhRKyT.exe
  C:\Windows\System\GlhRKyT.exe
  2⤵
  PID:1748
- C:\Windows\System\byGeSHl.exe
  C:\Windows\System\byGeSHl.exe
  2⤵
  PID:3140
- C:\Windows\System\TsNdrGc.exe
  C:\Windows\System\TsNdrGc.exe
  2⤵
  PID:3196
- C:\Windows\System\xnXZhLw.exe
  C:\Windows\System\xnXZhLw.exe
  2⤵
  PID:3380
- C:\Windows\System\bNRcXkz.exe
  C:\Windows\System\bNRcXkz.exe
  2⤵
  PID:3452
- C:\Windows\System\mlzGHpX.exe
  C:\Windows\System\mlzGHpX.exe
  2⤵
  PID:3632
- C:\Windows\System\dlrXDKN.exe
  C:\Windows\System\dlrXDKN.exe
  2⤵
  PID:4100
- C:\Windows\System\ubhgWqb.exe
  C:\Windows\System\ubhgWqb.exe
  2⤵
  PID:4152
- C:\Windows\System\xuaObzY.exe
  C:\Windows\System\xuaObzY.exe
  2⤵
  PID:4172
- C:\Windows\System\IzlRGaA.exe
  C:\Windows\System\IzlRGaA.exe
  2⤵
  PID:4196
- C:\Windows\System\nDePcJg.exe
  C:\Windows\System\nDePcJg.exe
  2⤵
  PID:4240
- C:\Windows\System\HBSrIkt.exe
  C:\Windows\System\HBSrIkt.exe
  2⤵
  PID:4256
- C:\Windows\System\upVqxFp.exe
  C:\Windows\System\upVqxFp.exe
  2⤵
  PID:4296
- C:\Windows\System\dhFpucJ.exe
  C:\Windows\System\dhFpucJ.exe
  2⤵
  PID:4352
- C:\Windows\System\UhuEzjf.exe
  C:\Windows\System\UhuEzjf.exe
  2⤵
  PID:4372
- C:\Windows\System\ZrOGQec.exe
  C:\Windows\System\ZrOGQec.exe
  2⤵
  PID:4396
- C:\Windows\System\VIIyPUM.exe
  C:\Windows\System\VIIyPUM.exe
  2⤵
  PID:4440
- C:\Windows\System\KQkGOxL.exe
  C:\Windows\System\KQkGOxL.exe
  2⤵
  PID:4460
- C:\Windows\System\gqpYVIt.exe
  C:\Windows\System\gqpYVIt.exe
  2⤵
  PID:4512
- C:\Windows\System\gOzwgbP.exe
  C:\Windows\System\gOzwgbP.exe
  2⤵
  PID:4552
- C:\Windows\System\CZNxoNw.exe
  C:\Windows\System\CZNxoNw.exe
  2⤵
  PID:4572
- C:\Windows\System\nZGaCUp.exe
  C:\Windows\System\nZGaCUp.exe
  2⤵
  PID:4596
- C:\Windows\System\JALVfzV.exe
  C:\Windows\System\JALVfzV.exe
  2⤵
  PID:4616
- C:\Windows\System\AFekbYp.exe
  C:\Windows\System\AFekbYp.exe
  2⤵
  PID:4672
- C:\Windows\System\ZoBeMhi.exe
  C:\Windows\System\ZoBeMhi.exe
  2⤵
  PID:4700
- C:\Windows\System\PPdrsIt.exe
  C:\Windows\System\PPdrsIt.exe
  2⤵
  PID:4752
- C:\Windows\System\eQwNPta.exe
  C:\Windows\System\eQwNPta.exe
  2⤵
  PID:4772
- C:\Windows\System\mkSYCWD.exe
  C:\Windows\System\mkSYCWD.exe
  2⤵
  PID:4796
- C:\Windows\System\zLllYes.exe
  C:\Windows\System\zLllYes.exe
  2⤵
  PID:4840
- C:\Windows\System\YZZuqdI.exe
  C:\Windows\System\YZZuqdI.exe
  2⤵
  PID:4860
- C:\Windows\System\cKQlOVC.exe
  C:\Windows\System\cKQlOVC.exe
  2⤵
  PID:4892
- C:\Windows\System\PtpvVuE.exe
  C:\Windows\System\PtpvVuE.exe
  2⤵
  PID:4932
- C:\Windows\System\ReQdAab.exe
  C:\Windows\System\ReQdAab.exe
  2⤵
  PID:4956
- C:\Windows\System\nkrcUPM.exe
  C:\Windows\System\nkrcUPM.exe
  2⤵
  PID:5000
- C:\Windows\System\cKixuXc.exe
  C:\Windows\System\cKixuXc.exe
  2⤵
  PID:5016
- C:\Windows\System\XpklthK.exe
  C:\Windows\System\XpklthK.exe
  2⤵
  PID:5060
- C:\Windows\System\hHslUNR.exe
  C:\Windows\System\hHslUNR.exe
  2⤵
  PID:5112
- C:\Windows\System\YocFcYr.exe
  C:\Windows\System\YocFcYr.exe
  2⤵
  PID:3916
- C:\Windows\System\YpRGmfD.exe
  C:\Windows\System\YpRGmfD.exe
  2⤵
  PID:4060
- C:\Windows\System\EasxuYg.exe
  C:\Windows\System\EasxuYg.exe
  2⤵
  PID:2544
- C:\Windows\System\AYuEaLw.exe
  C:\Windows\System\AYuEaLw.exe
  2⤵
  PID:3136
- C:\Windows\System\AkDtCLx.exe
  C:\Windows\System\AkDtCLx.exe
  2⤵
  PID:3460
- C:\Windows\System\mgLkHmu.exe
  C:\Windows\System\mgLkHmu.exe
  2⤵
  PID:3700
- C:\Windows\System\XTrBnCQ.exe
  C:\Windows\System\XTrBnCQ.exe
  2⤵
  PID:3740
- C:\Windows\System\mamSaeU.exe
  C:\Windows\System\mamSaeU.exe
  2⤵
  PID:4156
- C:\Windows\System\jEuBvTP.exe
  C:\Windows\System\jEuBvTP.exe
  2⤵
  PID:4216
- C:\Windows\System\euNPUgv.exe
  C:\Windows\System\euNPUgv.exe
  2⤵
  PID:4272
- C:\Windows\System\bhDQngK.exe
  C:\Windows\System\bhDQngK.exe
  2⤵
  PID:4316
- C:\Windows\System\LtOidmn.exe
  C:\Windows\System\LtOidmn.exe
  2⤵
  PID:4432
- C:\Windows\System\VCYrHEp.exe
  C:\Windows\System\VCYrHEp.exe
  2⤵
  PID:4452
- C:\Windows\System\NDQeAyU.exe
  C:\Windows\System\NDQeAyU.exe
  2⤵
  PID:4492
- C:\Windows\System\raBHqKk.exe
  C:\Windows\System\raBHqKk.exe
  2⤵
  PID:4556
- C:\Windows\System\neNgcpA.exe
  C:\Windows\System\neNgcpA.exe
  2⤵
  PID:4576
- C:\Windows\System\wmJDvRm.exe
  C:\Windows\System\wmJDvRm.exe
  2⤵
  PID:4656
- C:\Windows\System\moaVYXD.exe
  C:\Windows\System\moaVYXD.exe
  2⤵
  PID:4736
- C:\Windows\System\zBwchND.exe
  C:\Windows\System\zBwchND.exe
  2⤵
  PID:4792
- C:\Windows\System\fNcJOUq.exe
  C:\Windows\System\fNcJOUq.exe
  2⤵
  PID:4816
- C:\Windows\System\AVvHidr.exe
  C:\Windows\System\AVvHidr.exe
  2⤵
  PID:4852
- C:\Windows\System\CAHELfh.exe
  C:\Windows\System\CAHELfh.exe
  2⤵
  PID:4916
- C:\Windows\System\tvRoowS.exe
  C:\Windows\System\tvRoowS.exe
  2⤵
  PID:4980
- C:\Windows\System\WVUZhrC.exe
  C:\Windows\System\WVUZhrC.exe
  2⤵
  PID:5036
- C:\Windows\System\XcCfXfE.exe
  C:\Windows\System\XcCfXfE.exe
  2⤵
  PID:5096
- C:\Windows\System\XwjOYfF.exe
  C:\Windows\System\XwjOYfF.exe
  2⤵
  PID:4032
- C:\Windows\System\yxByxBG.exe
  C:\Windows\System\yxByxBG.exe
  2⤵
  PID:3100
- C:\Windows\System\lCLCYaC.exe
  C:\Windows\System\lCLCYaC.exe
  2⤵
  PID:3448
- C:\Windows\System\tjpxJGS.exe
  C:\Windows\System\tjpxJGS.exe
  2⤵
  PID:4160
- C:\Windows\System\LdkLHqB.exe
  C:\Windows\System\LdkLHqB.exe
  2⤵
  PID:4232
- C:\Windows\System\Fdeebzp.exe
  C:\Windows\System\Fdeebzp.exe
  2⤵
  PID:4276
- C:\Windows\System\CgxHVUF.exe
  C:\Windows\System\CgxHVUF.exe
  2⤵
  PID:4380
- C:\Windows\System\SADKhqO.exe
  C:\Windows\System\SADKhqO.exe
  2⤵
  PID:4376
- C:\Windows\System\trMhslT.exe
  C:\Windows\System\trMhslT.exe
  2⤵
  PID:4516
- C:\Windows\System\fRcQJjm.exe
  C:\Windows\System\fRcQJjm.exe
  2⤵
  PID:4632
- C:\Windows\System\OOAsgpO.exe
  C:\Windows\System\OOAsgpO.exe
  2⤵
  PID:4716
- C:\Windows\System\PnQaicc.exe
  C:\Windows\System\PnQaicc.exe
  2⤵
  PID:4832
- C:\Windows\System\CIsijwB.exe
  C:\Windows\System\CIsijwB.exe
  2⤵
  PID:5140
- C:\Windows\System\EqTKnSX.exe
  C:\Windows\System\EqTKnSX.exe
  2⤵
  PID:5160
- C:\Windows\System\WZSXUhC.exe
  C:\Windows\System\WZSXUhC.exe
  2⤵
  PID:5180
- C:\Windows\System\qxItJSu.exe
  C:\Windows\System\qxItJSu.exe
  2⤵
  PID:5200
- C:\Windows\System\gggeTqt.exe
  C:\Windows\System\gggeTqt.exe
  2⤵
  PID:5220
- C:\Windows\System\lTIQckQ.exe
  C:\Windows\System\lTIQckQ.exe
  2⤵
  PID:5240
- C:\Windows\System\qRXkcWW.exe
  C:\Windows\System\qRXkcWW.exe
  2⤵
  PID:5260
- C:\Windows\System\crJhpwX.exe
  C:\Windows\System\crJhpwX.exe
  2⤵
  PID:5280
- C:\Windows\System\lVYbrUu.exe
  C:\Windows\System\lVYbrUu.exe
  2⤵
  PID:5300
- C:\Windows\System\lVubPeY.exe
  C:\Windows\System\lVubPeY.exe
  2⤵
  PID:5320
- C:\Windows\System\KzJNyfy.exe
  C:\Windows\System\KzJNyfy.exe
  2⤵
  PID:5340
- C:\Windows\System\QaeZSqt.exe
  C:\Windows\System\QaeZSqt.exe
  2⤵
  PID:5360
- C:\Windows\System\PHMjVNs.exe
  C:\Windows\System\PHMjVNs.exe
  2⤵
  PID:5380
- C:\Windows\System\FqssvSr.exe
  C:\Windows\System\FqssvSr.exe
  2⤵
  PID:5400
- C:\Windows\System\CIqjyag.exe
  C:\Windows\System\CIqjyag.exe
  2⤵
  PID:5420
- C:\Windows\System\nvNAesd.exe
  C:\Windows\System\nvNAesd.exe
  2⤵
  PID:5440
- C:\Windows\System\kcoVCES.exe
  C:\Windows\System\kcoVCES.exe
  2⤵
  PID:5460
- C:\Windows\System\CdpNYLG.exe
  C:\Windows\System\CdpNYLG.exe
  2⤵
  PID:5480
- C:\Windows\System\sIjMREa.exe
  C:\Windows\System\sIjMREa.exe
  2⤵
  PID:5500
- C:\Windows\System\sDdGMTH.exe
  C:\Windows\System\sDdGMTH.exe
  2⤵
  PID:5520
- C:\Windows\System\MtxlujX.exe
  C:\Windows\System\MtxlujX.exe
  2⤵
  PID:5540
- C:\Windows\System\DyCBwIj.exe
  C:\Windows\System\DyCBwIj.exe
  2⤵
  PID:5560
- C:\Windows\System\zVHvSzx.exe
  C:\Windows\System\zVHvSzx.exe
  2⤵
  PID:5580
- C:\Windows\System\WKlJsQJ.exe
  C:\Windows\System\WKlJsQJ.exe
  2⤵
  PID:5600
- C:\Windows\System\jjvjSnD.exe
  C:\Windows\System\jjvjSnD.exe
  2⤵
  PID:5620
- C:\Windows\System\VeUBOxA.exe
  C:\Windows\System\VeUBOxA.exe
  2⤵
  PID:5640
- C:\Windows\System\rOWAamt.exe
  C:\Windows\System\rOWAamt.exe
  2⤵
  PID:5660
- C:\Windows\System\AAOSfUu.exe
  C:\Windows\System\AAOSfUu.exe
  2⤵
  PID:5680
- C:\Windows\System\tgkZUHx.exe
  C:\Windows\System\tgkZUHx.exe
  2⤵
  PID:5700
- C:\Windows\System\DYUgqxl.exe
  C:\Windows\System\DYUgqxl.exe
  2⤵
  PID:5720
- C:\Windows\System\nrsxmwz.exe
  C:\Windows\System\nrsxmwz.exe
  2⤵
  PID:5740
- C:\Windows\System\CwACWZX.exe
  C:\Windows\System\CwACWZX.exe
  2⤵
  PID:5760
- C:\Windows\System\xHMmccs.exe
  C:\Windows\System\xHMmccs.exe
  2⤵
  PID:5780
- C:\Windows\System\IRmevCl.exe
  C:\Windows\System\IRmevCl.exe
  2⤵
  PID:5800
- C:\Windows\System\XUGtSBp.exe
  C:\Windows\System\XUGtSBp.exe
  2⤵
  PID:5820
- C:\Windows\System\uPNUFsd.exe
  C:\Windows\System\uPNUFsd.exe
  2⤵
  PID:5840
- C:\Windows\System\MTDAYXX.exe
  C:\Windows\System\MTDAYXX.exe
  2⤵
  PID:5860
- C:\Windows\System\AbQsUlO.exe
  C:\Windows\System\AbQsUlO.exe
  2⤵
  PID:5880
- C:\Windows\System\sOUtTlI.exe
  C:\Windows\System\sOUtTlI.exe
  2⤵
  PID:5900
- C:\Windows\System\HTtMUqp.exe
  C:\Windows\System\HTtMUqp.exe
  2⤵
  PID:5920
- C:\Windows\System\IGUpxTQ.exe
  C:\Windows\System\IGUpxTQ.exe
  2⤵
  PID:5940
- C:\Windows\System\ljAtgAe.exe
  C:\Windows\System\ljAtgAe.exe
  2⤵
  PID:5960
- C:\Windows\System\BHaYGLR.exe
  C:\Windows\System\BHaYGLR.exe
  2⤵
  PID:5980
- C:\Windows\System\xwjAXoK.exe
  C:\Windows\System\xwjAXoK.exe
  2⤵
  PID:6000
- C:\Windows\System\srVDbTN.exe
  C:\Windows\System\srVDbTN.exe
  2⤵
  PID:6020
- C:\Windows\System\fWgMZIM.exe
  C:\Windows\System\fWgMZIM.exe
  2⤵
  PID:6040
- C:\Windows\System\iUJQGbJ.exe
  C:\Windows\System\iUJQGbJ.exe
  2⤵
  PID:6060
- C:\Windows\System\bojwbhh.exe
  C:\Windows\System\bojwbhh.exe
  2⤵
  PID:6080
- C:\Windows\System\JZbyIxp.exe
  C:\Windows\System\JZbyIxp.exe
  2⤵
  PID:6100
- C:\Windows\System\FNnCrCV.exe
  C:\Windows\System\FNnCrCV.exe
  2⤵
  PID:6120
- C:\Windows\System\dLRGrth.exe
  C:\Windows\System\dLRGrth.exe
  2⤵
  PID:6140
- C:\Windows\System\slSeABQ.exe
  C:\Windows\System\slSeABQ.exe
  2⤵
  PID:4912
- C:\Windows\System\xiFKoEo.exe
  C:\Windows\System\xiFKoEo.exe
  2⤵
  PID:5012
- C:\Windows\System\mUkueiF.exe
  C:\Windows\System\mUkueiF.exe
  2⤵
  PID:5080
- C:\Windows\System\jpNYfVT.exe
  C:\Windows\System\jpNYfVT.exe
  2⤵
  PID:3292
- C:\Windows\System\hrmFber.exe
  C:\Windows\System\hrmFber.exe
  2⤵
  PID:3536
- C:\Windows\System\cJfyXez.exe
  C:\Windows\System\cJfyXez.exe
  2⤵
  PID:4116
- C:\Windows\System\xceVbmV.exe
  C:\Windows\System\xceVbmV.exe
  2⤵
  PID:4332
- C:\Windows\System\nqJWWho.exe
  C:\Windows\System\nqJWWho.exe
  2⤵
  PID:4496
- C:\Windows\System\KAUoRvZ.exe
  C:\Windows\System\KAUoRvZ.exe
  2⤵
  PID:4720
- C:\Windows\System\eOlhWjo.exe
  C:\Windows\System\eOlhWjo.exe
  2⤵
  PID:4820
- C:\Windows\System\ZTdDsNV.exe
  C:\Windows\System\ZTdDsNV.exe
  2⤵
  PID:5132
- C:\Windows\System\zLXHjKX.exe
  C:\Windows\System\zLXHjKX.exe
  2⤵
  PID:5176
- C:\Windows\System\lXXOSDl.exe
  C:\Windows\System\lXXOSDl.exe
  2⤵
  PID:5212
- C:\Windows\System\ZNQmScb.exe
  C:\Windows\System\ZNQmScb.exe
  2⤵
  PID:5236
- C:\Windows\System\ExhITEO.exe
  C:\Windows\System\ExhITEO.exe
  2⤵
  PID:5288
- C:\Windows\System\gtikqfk.exe
  C:\Windows\System\gtikqfk.exe
  2⤵
  PID:5328
- C:\Windows\System\DOviKnt.exe
  C:\Windows\System\DOviKnt.exe
  2⤵
  PID:5332
- C:\Windows\System\owbyJod.exe
  C:\Windows\System\owbyJod.exe
  2⤵
  PID:5356
- C:\Windows\System\bKwaOLN.exe
  C:\Windows\System\bKwaOLN.exe
  2⤵
  PID:5392
- C:\Windows\System\nHPUezG.exe
  C:\Windows\System\nHPUezG.exe
  2⤵
  PID:5448
- C:\Windows\System\nFNNrMT.exe
  C:\Windows\System\nFNNrMT.exe
  2⤵
  PID:5476
- C:\Windows\System\TseXgWI.exe
  C:\Windows\System\TseXgWI.exe
  2⤵
  PID:5508
- C:\Windows\System\RAZpQcn.exe
  C:\Windows\System\RAZpQcn.exe
  2⤵
  PID:5532
- C:\Windows\System\rwkestR.exe
  C:\Windows\System\rwkestR.exe
  2⤵
  PID:5576
- C:\Windows\System\kfSrSnA.exe
  C:\Windows\System\kfSrSnA.exe
  2⤵
  PID:5608
- C:\Windows\System\AYBCZDq.exe
  C:\Windows\System\AYBCZDq.exe
  2⤵
  PID:5636
- C:\Windows\System\vSBxHiv.exe
  C:\Windows\System\vSBxHiv.exe
  2⤵
  PID:5668
- C:\Windows\System\PyMhJJE.exe
  C:\Windows\System\PyMhJJE.exe
  2⤵
  PID:5692
- C:\Windows\System\YNnCzwG.exe
  C:\Windows\System\YNnCzwG.exe
  2⤵
  PID:5736
- C:\Windows\System\fujZlof.exe
  C:\Windows\System\fujZlof.exe
  2⤵
  PID:5752
- C:\Windows\System\lbxoEaB.exe
  C:\Windows\System\lbxoEaB.exe
  2⤵
  PID:5792
- C:\Windows\System\LHwsRwF.exe
  C:\Windows\System\LHwsRwF.exe
  2⤵
  PID:5836
- C:\Windows\System\OSasfVQ.exe
  C:\Windows\System\OSasfVQ.exe
  2⤵
  PID:5868
- C:\Windows\System\YWzYBkc.exe
  C:\Windows\System\YWzYBkc.exe
  2⤵
  PID:5892
- C:\Windows\System\gfpXbDe.exe
  C:\Windows\System\gfpXbDe.exe
  2⤵
  PID:5936
- C:\Windows\System\IsQmiYu.exe
  C:\Windows\System\IsQmiYu.exe
  2⤵
  PID:5968
- C:\Windows\System\GsFrZnX.exe
  C:\Windows\System\GsFrZnX.exe
  2⤵
  PID:6008
- C:\Windows\System\DKLCmHj.exe
  C:\Windows\System\DKLCmHj.exe
  2⤵
  PID:6028
- C:\Windows\System\LAxgpcm.exe
  C:\Windows\System\LAxgpcm.exe
  2⤵
  PID:6052
- C:\Windows\System\TQGYSMS.exe
  C:\Windows\System\TQGYSMS.exe
  2⤵
  PID:6096
- C:\Windows\System\otdZHKU.exe
  C:\Windows\System\otdZHKU.exe
  2⤵
  PID:6136
- C:\Windows\System\BjsKbzp.exe
  C:\Windows\System\BjsKbzp.exe
  2⤵
  PID:4896
- C:\Windows\System\kFDAxAy.exe
  C:\Windows\System\kFDAxAy.exe
  2⤵
  PID:4052
- C:\Windows\System\iDXsjgh.exe
  C:\Windows\System\iDXsjgh.exe
  2⤵
  PID:2952
- C:\Windows\System\yYUeKZx.exe
  C:\Windows\System\yYUeKZx.exe
  2⤵
  PID:4132
- C:\Windows\System\OqQksOG.exe
  C:\Windows\System\OqQksOG.exe
  2⤵
  PID:4480
- C:\Windows\System\AcfIMlo.exe
  C:\Windows\System\AcfIMlo.exe
  2⤵
  PID:4592
- C:\Windows\System\tBZRryH.exe
  C:\Windows\System\tBZRryH.exe
  2⤵
  PID:5136
- C:\Windows\System\FaxUJBi.exe
  C:\Windows\System\FaxUJBi.exe
  2⤵
  PID:5208
- C:\Windows\System\OyeEpsM.exe
  C:\Windows\System\OyeEpsM.exe
  2⤵
  PID:5232
- C:\Windows\System\uEMtlWD.exe
  C:\Windows\System\uEMtlWD.exe
  2⤵
  PID:5252
- C:\Windows\System\VxCyybg.exe
  C:\Windows\System\VxCyybg.exe
  2⤵
  PID:5368
- C:\Windows\System\fqgOwBx.exe
  C:\Windows\System\fqgOwBx.exe
  2⤵
  PID:5412
- C:\Windows\System\ZIXUeFg.exe
  C:\Windows\System\ZIXUeFg.exe
  2⤵
  PID:5472
- C:\Windows\System\flIGvCD.exe
  C:\Windows\System\flIGvCD.exe
  2⤵
  PID:5536
- C:\Windows\System\VIWVMeu.exe
  C:\Windows\System\VIWVMeu.exe
  2⤵
  PID:5568
- C:\Windows\System\aKmeZaR.exe
  C:\Windows\System\aKmeZaR.exe
  2⤵
  PID:5596
- C:\Windows\System\dgZMnKy.exe
  C:\Windows\System\dgZMnKy.exe
  2⤵
  PID:5656
- C:\Windows\System\QhGJlgB.exe
  C:\Windows\System\QhGJlgB.exe
  2⤵
  PID:5728
- C:\Windows\System\lcsWAar.exe
  C:\Windows\System\lcsWAar.exe
  2⤵
  PID:5816
- C:\Windows\System\XCnWoZA.exe
  C:\Windows\System\XCnWoZA.exe
  2⤵
  PID:5848
- C:\Windows\System\ptFwYYj.exe
  C:\Windows\System\ptFwYYj.exe
  2⤵
  PID:5888
- C:\Windows\System\kDJuUTn.exe
  C:\Windows\System\kDJuUTn.exe
  2⤵
  PID:5912
- C:\Windows\System\kAsUxXw.exe
  C:\Windows\System\kAsUxXw.exe
  2⤵
  PID:5972
- C:\Windows\System\YKDzqKG.exe
  C:\Windows\System\YKDzqKG.exe
  2⤵
  PID:6056
- C:\Windows\System\PZbYpJG.exe
  C:\Windows\System\PZbYpJG.exe
  2⤵
  PID:6132
- C:\Windows\System\sjvbrkl.exe
  C:\Windows\System\sjvbrkl.exe
  2⤵
  PID:5076
- C:\Windows\System\gFrRofj.exe
  C:\Windows\System\gFrRofj.exe
  2⤵
  PID:3092
- C:\Windows\System\GiqFtPs.exe
  C:\Windows\System\GiqFtPs.exe
  2⤵
  PID:2968
- C:\Windows\System\zUDsvDF.exe
  C:\Windows\System\zUDsvDF.exe
  2⤵
  PID:5156
- C:\Windows\System\lUHadNH.exe
  C:\Windows\System\lUHadNH.exe
  2⤵
  PID:5192
- C:\Windows\System\xMOFPrc.exe
  C:\Windows\System\xMOFPrc.exe
  2⤵
  PID:5292
- C:\Windows\System\xCNQKwW.exe
  C:\Windows\System\xCNQKwW.exe
  2⤵
  PID:5376
- C:\Windows\System\CmHHaAs.exe
  C:\Windows\System\CmHHaAs.exe
  2⤵
  PID:5428
- C:\Windows\System\cLlPPRh.exe
  C:\Windows\System\cLlPPRh.exe
  2⤵
  PID:5516
- C:\Windows\System\oJiCftm.exe
  C:\Windows\System\oJiCftm.exe
  2⤵
  PID:5628
- C:\Windows\System\XqYjSDa.exe
  C:\Windows\System\XqYjSDa.exe
  2⤵
  PID:5748
- C:\Windows\System\PdzaAad.exe
  C:\Windows\System\PdzaAad.exe
  2⤵
  PID:5756
- C:\Windows\System\AgsUetJ.exe
  C:\Windows\System\AgsUetJ.exe
  2⤵
  PID:5788
- C:\Windows\System\fsYKAOy.exe
  C:\Windows\System\fsYKAOy.exe
  2⤵
  PID:5928
- C:\Windows\System\DPXKpaD.exe
  C:\Windows\System\DPXKpaD.exe
  2⤵
  PID:6076
- C:\Windows\System\gJqAFRw.exe
  C:\Windows\System\gJqAFRw.exe
  2⤵
  PID:2092
- C:\Windows\System\esnwpPW.exe
  C:\Windows\System\esnwpPW.exe
  2⤵
  PID:4936
- C:\Windows\System\jnQqbmN.exe
  C:\Windows\System\jnQqbmN.exe
  2⤵
  PID:6164
- C:\Windows\System\AqPFNKg.exe
  C:\Windows\System\AqPFNKg.exe
  2⤵
  PID:6184
- C:\Windows\System\qGfmMIS.exe
  C:\Windows\System\qGfmMIS.exe
  2⤵
  PID:6204
- C:\Windows\System\ktpRaNd.exe
  C:\Windows\System\ktpRaNd.exe
  2⤵
  PID:6224
- C:\Windows\System\FIxumpd.exe
  C:\Windows\System\FIxumpd.exe
  2⤵
  PID:6244
- C:\Windows\System\xivHpHO.exe
  C:\Windows\System\xivHpHO.exe
  2⤵
  PID:6264
- C:\Windows\System\RhoASDS.exe
  C:\Windows\System\RhoASDS.exe
  2⤵
  PID:6284
- C:\Windows\System\AqtZXyr.exe
  C:\Windows\System\AqtZXyr.exe
  2⤵
  PID:6304
- C:\Windows\System\osnGlAr.exe
  C:\Windows\System\osnGlAr.exe
  2⤵
  PID:6324
- C:\Windows\System\sfPgMVD.exe
  C:\Windows\System\sfPgMVD.exe
  2⤵
  PID:6344
- C:\Windows\System\ooJxPOx.exe
  C:\Windows\System\ooJxPOx.exe
  2⤵
  PID:6364
- C:\Windows\System\UaqFqFO.exe
  C:\Windows\System\UaqFqFO.exe
  2⤵
  PID:6384
- C:\Windows\System\oNDjRZV.exe
  C:\Windows\System\oNDjRZV.exe
  2⤵
  PID:6404
- C:\Windows\System\RuzsYNo.exe
  C:\Windows\System\RuzsYNo.exe
  2⤵
  PID:6424
- C:\Windows\System\cndFlcm.exe
  C:\Windows\System\cndFlcm.exe
  2⤵
  PID:6444
- C:\Windows\System\qLWBVUi.exe
  C:\Windows\System\qLWBVUi.exe
  2⤵
  PID:6464
- C:\Windows\System\WExgwna.exe
  C:\Windows\System\WExgwna.exe
  2⤵
  PID:6484
- C:\Windows\System\hdJZtTF.exe
  C:\Windows\System\hdJZtTF.exe
  2⤵
  PID:6504
- C:\Windows\System\ZZFYGpc.exe
  C:\Windows\System\ZZFYGpc.exe
  2⤵
  PID:6524
- C:\Windows\System\MyWwuqt.exe
  C:\Windows\System\MyWwuqt.exe
  2⤵
  PID:6544
- C:\Windows\System\AZNXPTc.exe
  C:\Windows\System\AZNXPTc.exe
  2⤵
  PID:6564
- C:\Windows\System\zTwahkk.exe
  C:\Windows\System\zTwahkk.exe
  2⤵
  PID:6584
- C:\Windows\System\lskZgRI.exe
  C:\Windows\System\lskZgRI.exe
  2⤵
  PID:6604
- C:\Windows\System\GdQIzQA.exe
  C:\Windows\System\GdQIzQA.exe
  2⤵
  PID:6624
- C:\Windows\System\dYDVDIW.exe
  C:\Windows\System\dYDVDIW.exe
  2⤵
  PID:6644
- C:\Windows\System\cSyLWOF.exe
  C:\Windows\System\cSyLWOF.exe
  2⤵
  PID:6664
- C:\Windows\System\wTuSVut.exe
  C:\Windows\System\wTuSVut.exe
  2⤵
  PID:6684
- C:\Windows\System\cIcJPQW.exe
  C:\Windows\System\cIcJPQW.exe
  2⤵
  PID:6704
- C:\Windows\System\JtrQWjG.exe
  C:\Windows\System\JtrQWjG.exe
  2⤵
  PID:6724
- C:\Windows\System\rCJTKYm.exe
  C:\Windows\System\rCJTKYm.exe
  2⤵
  PID:6744
- C:\Windows\System\gWKFnpp.exe
  C:\Windows\System\gWKFnpp.exe
  2⤵
  PID:6764
- C:\Windows\System\efStNZp.exe
  C:\Windows\System\efStNZp.exe
  2⤵
  PID:6784
- C:\Windows\System\lthdDVm.exe
  C:\Windows\System\lthdDVm.exe
  2⤵
  PID:6804
- C:\Windows\System\tJWkoRf.exe
  C:\Windows\System\tJWkoRf.exe
  2⤵
  PID:6824
- C:\Windows\System\XClYWYQ.exe
  C:\Windows\System\XClYWYQ.exe
  2⤵
  PID:6844
- C:\Windows\System\BwAFwPq.exe
  C:\Windows\System\BwAFwPq.exe
  2⤵
  PID:6864
- C:\Windows\System\TIpxdiY.exe
  C:\Windows\System\TIpxdiY.exe
  2⤵
  PID:6884
- C:\Windows\System\yFOTIUe.exe
  C:\Windows\System\yFOTIUe.exe
  2⤵
  PID:6904
- C:\Windows\System\GKZPZkO.exe
  C:\Windows\System\GKZPZkO.exe
  2⤵
  PID:6924
- C:\Windows\System\fgTeNRD.exe
  C:\Windows\System\fgTeNRD.exe
  2⤵
  PID:6944
- C:\Windows\System\PyTJAEr.exe
  C:\Windows\System\PyTJAEr.exe
  2⤵
  PID:6964
- C:\Windows\System\RntrZjD.exe
  C:\Windows\System\RntrZjD.exe
  2⤵
  PID:6984
- C:\Windows\System\iwCSAQx.exe
  C:\Windows\System\iwCSAQx.exe
  2⤵
  PID:7004
- C:\Windows\System\CKkxqEH.exe
  C:\Windows\System\CKkxqEH.exe
  2⤵
  PID:7024
- C:\Windows\System\OgzuHzY.exe
  C:\Windows\System\OgzuHzY.exe
  2⤵
  PID:7044
- C:\Windows\System\RJlnOqE.exe
  C:\Windows\System\RJlnOqE.exe
  2⤵
  PID:7064
- C:\Windows\System\cMOcsYa.exe
  C:\Windows\System\cMOcsYa.exe
  2⤵
  PID:7084
- C:\Windows\System\jIMzTDq.exe
  C:\Windows\System\jIMzTDq.exe
  2⤵
  PID:7104
- C:\Windows\System\ZCDjGIG.exe
  C:\Windows\System\ZCDjGIG.exe
  2⤵
  PID:7124
- C:\Windows\System\RIRcban.exe
  C:\Windows\System\RIRcban.exe
  2⤵
  PID:7144
- C:\Windows\System\YeXOqak.exe
  C:\Windows\System\YeXOqak.exe
  2⤵
  PID:7164
- C:\Windows\System\MWsVAaY.exe
  C:\Windows\System\MWsVAaY.exe
  2⤵
  PID:4600
- C:\Windows\System\RxPpfTw.exe
  C:\Windows\System\RxPpfTw.exe
  2⤵
  PID:5268
- C:\Windows\System\UFHusjK.exe
  C:\Windows\System\UFHusjK.exe
  2⤵
  PID:5456
- C:\Windows\System\ewKwscG.exe
  C:\Windows\System\ewKwscG.exe
  2⤵
  PID:2508
- C:\Windows\System\uTnGNxV.exe
  C:\Windows\System\uTnGNxV.exe
  2⤵
  PID:5652
- C:\Windows\System\gtKKRYY.exe
  C:\Windows\System\gtKKRYY.exe
  2⤵
  PID:5872
- C:\Windows\System\YMjTJtr.exe
  C:\Windows\System\YMjTJtr.exe
  2⤵
  PID:5956
- C:\Windows\System\eooLWkc.exe
  C:\Windows\System\eooLWkc.exe
  2⤵
  PID:6016
- C:\Windows\System\nhnNBBe.exe
  C:\Windows\System\nhnNBBe.exe
  2⤵
  PID:4940
- C:\Windows\System\MiBIqhB.exe
  C:\Windows\System\MiBIqhB.exe
  2⤵
  PID:6192
- C:\Windows\System\UqQEVNE.exe
  C:\Windows\System\UqQEVNE.exe
  2⤵
  PID:6232
- C:\Windows\System\cvWhvhS.exe
  C:\Windows\System\cvWhvhS.exe
  2⤵
  PID:6252
- C:\Windows\System\rFNPbob.exe
  C:\Windows\System\rFNPbob.exe
  2⤵
  PID:6276
- C:\Windows\System\rnKeYJH.exe
  C:\Windows\System\rnKeYJH.exe
  2⤵
  PID:6296
- C:\Windows\System\GahdftC.exe
  C:\Windows\System\GahdftC.exe
  2⤵
  PID:6360
- C:\Windows\System\fkyptAR.exe
  C:\Windows\System\fkyptAR.exe
  2⤵
  PID:6400
- C:\Windows\System\MamvaKu.exe
  C:\Windows\System\MamvaKu.exe
  2⤵
  PID:6432
- C:\Windows\System\eEZqHdZ.exe
  C:\Windows\System\eEZqHdZ.exe
  2⤵
  PID:6452
- C:\Windows\System\xudoNOH.exe
  C:\Windows\System\xudoNOH.exe
  2⤵
  PID:6476
- C:\Windows\System\WQHARDV.exe
  C:\Windows\System\WQHARDV.exe
  2⤵
  PID:6520
- C:\Windows\System\VwfyyMH.exe
  C:\Windows\System\VwfyyMH.exe
  2⤵
  PID:6536
- C:\Windows\System\IwCloRk.exe
  C:\Windows\System\IwCloRk.exe
  2⤵
  PID:6580
- C:\Windows\System\MDbJAYJ.exe
  C:\Windows\System\MDbJAYJ.exe
  2⤵
  PID:6632
- C:\Windows\System\vBJNZtH.exe
  C:\Windows\System\vBJNZtH.exe
  2⤵
  PID:6652
- C:\Windows\System\KyTRBzS.exe
  C:\Windows\System\KyTRBzS.exe
  2⤵
  PID:6676
- C:\Windows\System\efArwPF.exe
  C:\Windows\System\efArwPF.exe
  2⤵
  PID:6700
- C:\Windows\System\fXtLvRG.exe
  C:\Windows\System\fXtLvRG.exe
  2⤵
  PID:6736
- C:\Windows\System\bZZcrHc.exe
  C:\Windows\System\bZZcrHc.exe
  2⤵
  PID:6780
- C:\Windows\System\uijMDlv.exe
  C:\Windows\System\uijMDlv.exe
  2⤵
  PID:6832
- C:\Windows\System\vyeYfqQ.exe
  C:\Windows\System\vyeYfqQ.exe
  2⤵
  PID:6852
- C:\Windows\System\RFibIkz.exe
  C:\Windows\System\RFibIkz.exe
  2⤵
  PID:6860
- C:\Windows\System\sjVKtld.exe
  C:\Windows\System\sjVKtld.exe
  2⤵
  PID:6896
- C:\Windows\System\iaPeIDI.exe
  C:\Windows\System\iaPeIDI.exe
  2⤵
  PID:6952
- C:\Windows\System\CKXiPHL.exe
  C:\Windows\System\CKXiPHL.exe
  2⤵
  PID:6980
- C:\Windows\System\qCYVIJn.exe
  C:\Windows\System\qCYVIJn.exe
  2⤵
  PID:7032
- C:\Windows\System\YulLWHe.exe
  C:\Windows\System\YulLWHe.exe
  2⤵
  PID:7072
- C:\Windows\System\jggnVVn.exe
  C:\Windows\System\jggnVVn.exe
  2⤵
  PID:7060
- C:\Windows\System\nqDMPuF.exe
  C:\Windows\System\nqDMPuF.exe
  2⤵
  PID:7100
- C:\Windows\System\rAXstcp.exe
  C:\Windows\System\rAXstcp.exe
  2⤵
  PID:7140
- C:\Windows\System\kgaUoXA.exe
  C:\Windows\System\kgaUoXA.exe
  2⤵
  PID:4756
- C:\Windows\System\PyNAUqa.exe
  C:\Windows\System\PyNAUqa.exe
  2⤵
  PID:5336
- C:\Windows\System\fhHsitB.exe
  C:\Windows\System\fhHsitB.exe
  2⤵
  PID:5648
- C:\Windows\System\NoCEBKI.exe
  C:\Windows\System\NoCEBKI.exe
  2⤵
  PID:5772
- C:\Windows\System\xSTgTpM.exe
  C:\Windows\System\xSTgTpM.exe
  2⤵
  PID:5952
- C:\Windows\System\kGbudRf.exe
  C:\Windows\System\kGbudRf.exe
  2⤵
  PID:6152
- C:\Windows\System\NWRWaZT.exe
  C:\Windows\System\NWRWaZT.exe
  2⤵
  PID:6220
- C:\Windows\System\sivSXqh.exe
  C:\Windows\System\sivSXqh.exe
  2⤵
  PID:6312
- C:\Windows\System\zbhTWpt.exe
  C:\Windows\System\zbhTWpt.exe
  2⤵
  PID:6320
- C:\Windows\System\SUZabrE.exe
  C:\Windows\System\SUZabrE.exe
  2⤵
  PID:6340
- C:\Windows\System\KjyOaXH.exe
  C:\Windows\System\KjyOaXH.exe
  2⤵
  PID:6416
- C:\Windows\System\pdqyVQl.exe
  C:\Windows\System\pdqyVQl.exe
  2⤵
  PID:6480
- C:\Windows\System\SlTEJNw.exe
  C:\Windows\System\SlTEJNw.exe
  2⤵
  PID:6572
- C:\Windows\System\POmOMzW.exe
  C:\Windows\System\POmOMzW.exe
  2⤵
  PID:6592
- C:\Windows\System\WgWzZOG.exe
  C:\Windows\System\WgWzZOG.exe
  2⤵
  PID:6636
- C:\Windows\System\VDtZVuw.exe
  C:\Windows\System\VDtZVuw.exe
  2⤵
  PID:6680
- C:\Windows\System\uelAgFP.exe
  C:\Windows\System\uelAgFP.exe
  2⤵
  PID:6752
- C:\Windows\System\BroFibK.exe
  C:\Windows\System\BroFibK.exe
  2⤵
  PID:6836
- C:\Windows\System\lDrzwHo.exe
  C:\Windows\System\lDrzwHo.exe
  2⤵
  PID:6900
- C:\Windows\System\YJrwjeH.exe
  C:\Windows\System\YJrwjeH.exe
  2⤵
  PID:6960
- C:\Windows\System\FBxSRXR.exe
  C:\Windows\System\FBxSRXR.exe
  2⤵
  PID:6940
- C:\Windows\System\gpXEXLH.exe
  C:\Windows\System\gpXEXLH.exe
  2⤵
  PID:7016
- C:\Windows\System\iYLgGVo.exe
  C:\Windows\System\iYLgGVo.exe
  2⤵
  PID:7056
- C:\Windows\System\OaiZglC.exe
  C:\Windows\System\OaiZglC.exe
  2⤵
  PID:7156
- C:\Windows\System\eMdxZeP.exe
  C:\Windows\System\eMdxZeP.exe
  2⤵
  PID:1784
- C:\Windows\System\zkKjtHc.exe
  C:\Windows\System\zkKjtHc.exe
  2⤵
  PID:5316
- C:\Windows\System\jBWIXnV.exe
  C:\Windows\System\jBWIXnV.exe
  2⤵
  PID:5716
- C:\Windows\System\DUJDBFk.exe
  C:\Windows\System\DUJDBFk.exe
  2⤵
  PID:6160
- C:\Windows\System\FWlmrzH.exe
  C:\Windows\System\FWlmrzH.exe
  2⤵
  PID:6280
- C:\Windows\System\xNRqbXe.exe
  C:\Windows\System\xNRqbXe.exe
  2⤵
  PID:6420
- C:\Windows\System\QezAdaB.exe
  C:\Windows\System\QezAdaB.exe
  2⤵
  PID:6496
- C:\Windows\System\aVKsALe.exe
  C:\Windows\System\aVKsALe.exe
  2⤵
  PID:2804
- C:\Windows\System\LuUPYcw.exe
  C:\Windows\System\LuUPYcw.exe
  2⤵
  PID:6600
- C:\Windows\System\znrBDFa.exe
  C:\Windows\System\znrBDFa.exe
  2⤵
  PID:6756
- C:\Windows\System\PDUlneJ.exe
  C:\Windows\System\PDUlneJ.exe
  2⤵
  PID:6772
- C:\Windows\System\fHNEfjc.exe
  C:\Windows\System\fHNEfjc.exe
  2⤵
  PID:6800
- C:\Windows\System\rDPjycD.exe
  C:\Windows\System\rDPjycD.exe
  2⤵
  PID:6932
- C:\Windows\System\lCpJpzm.exe
  C:\Windows\System\lCpJpzm.exe
  2⤵
  PID:6996
- C:\Windows\System\flAYQsH.exe
  C:\Windows\System\flAYQsH.exe
  2⤵
  PID:4252
- C:\Windows\System\XxQdkIE.exe
  C:\Windows\System\XxQdkIE.exe
  2⤵
  PID:5408
- C:\Windows\System\aArNYZZ.exe
  C:\Windows\System\aArNYZZ.exe
  2⤵
  PID:5812
- C:\Windows\System\fVDjLVB.exe
  C:\Windows\System\fVDjLVB.exe
  2⤵
  PID:6156
- C:\Windows\System\AacTAfW.exe
  C:\Windows\System\AacTAfW.exe
  2⤵
  PID:6392
- C:\Windows\System\cnYIzYC.exe
  C:\Windows\System\cnYIzYC.exe
  2⤵
  PID:6500
- C:\Windows\System\iXqyZin.exe
  C:\Windows\System\iXqyZin.exe
  2⤵
  PID:6552
- C:\Windows\System\RigntvA.exe
  C:\Windows\System\RigntvA.exe
  2⤵
  PID:6612
- C:\Windows\System\gdStDKN.exe
  C:\Windows\System\gdStDKN.exe
  2⤵
  PID:6880
- C:\Windows\System\DjoDAPz.exe
  C:\Windows\System\DjoDAPz.exe
  2⤵
  PID:7176
- C:\Windows\System\PpDaOZm.exe
  C:\Windows\System\PpDaOZm.exe
  2⤵
  PID:7196
- C:\Windows\System\djVumgU.exe
  C:\Windows\System\djVumgU.exe
  2⤵
  PID:7216
- C:\Windows\System\yEIHPnS.exe
  C:\Windows\System\yEIHPnS.exe
  2⤵
  PID:7236
- C:\Windows\System\JKbXHIz.exe
  C:\Windows\System\JKbXHIz.exe
  2⤵
  PID:7256
- C:\Windows\System\eZklrJw.exe
  C:\Windows\System\eZklrJw.exe
  2⤵
  PID:7276
- C:\Windows\System\owyXRUF.exe
  C:\Windows\System\owyXRUF.exe
  2⤵
  PID:7296
- C:\Windows\System\TZYZYQN.exe
  C:\Windows\System\TZYZYQN.exe
  2⤵
  PID:7316
- C:\Windows\System\iIXNLen.exe
  C:\Windows\System\iIXNLen.exe
  2⤵
  PID:7336
- C:\Windows\System\ZoNZExe.exe
  C:\Windows\System\ZoNZExe.exe
  2⤵
  PID:7356
- C:\Windows\System\CDenMLt.exe
  C:\Windows\System\CDenMLt.exe
  2⤵
  PID:7376
- C:\Windows\System\LJfSnsm.exe
  C:\Windows\System\LJfSnsm.exe
  2⤵
  PID:7396
- C:\Windows\System\IydzCZh.exe
  C:\Windows\System\IydzCZh.exe
  2⤵
  PID:7416
- C:\Windows\System\wdzKqkO.exe
  C:\Windows\System\wdzKqkO.exe
  2⤵
  PID:7436
- C:\Windows\System\MWKPbHW.exe
  C:\Windows\System\MWKPbHW.exe
  2⤵
  PID:7456
- C:\Windows\System\RxoiKkz.exe
  C:\Windows\System\RxoiKkz.exe
  2⤵
  PID:7476
- C:\Windows\System\QMHpIzh.exe
  C:\Windows\System\QMHpIzh.exe
  2⤵
  PID:7496
- C:\Windows\System\afSTsBU.exe
  C:\Windows\System\afSTsBU.exe
  2⤵
  PID:7516
- C:\Windows\System\eYjliid.exe
  C:\Windows\System\eYjliid.exe
  2⤵
  PID:7536
- C:\Windows\System\mHuchdZ.exe
  C:\Windows\System\mHuchdZ.exe
  2⤵
  PID:7556
- C:\Windows\System\HfgXmwo.exe
  C:\Windows\System\HfgXmwo.exe
  2⤵
  PID:7576
- C:\Windows\System\KQHKdUm.exe
  C:\Windows\System\KQHKdUm.exe
  2⤵
  PID:7596
- C:\Windows\System\bQvONiR.exe
  C:\Windows\System\bQvONiR.exe
  2⤵
  PID:7620
- C:\Windows\System\ggFJmlm.exe
  C:\Windows\System\ggFJmlm.exe
  2⤵
  PID:7640
- C:\Windows\System\ZrWwikL.exe
  C:\Windows\System\ZrWwikL.exe
  2⤵
  PID:7660
- C:\Windows\System\ITQPyGr.exe
  C:\Windows\System\ITQPyGr.exe
  2⤵
  PID:7680
- C:\Windows\System\mxuVbSZ.exe
  C:\Windows\System\mxuVbSZ.exe
  2⤵
  PID:7700
- C:\Windows\System\XViOjGO.exe
  C:\Windows\System\XViOjGO.exe
  2⤵
  PID:7720
- C:\Windows\System\FnPzDwM.exe
  C:\Windows\System\FnPzDwM.exe
  2⤵
  PID:7740
- C:\Windows\System\uJcniyt.exe
  C:\Windows\System\uJcniyt.exe
  2⤵
  PID:7760
- C:\Windows\System\RbpLvGa.exe
  C:\Windows\System\RbpLvGa.exe
  2⤵
  PID:9492
- C:\Windows\System\DvyTYis.exe
  C:\Windows\System\DvyTYis.exe
  2⤵
  PID:9516
- C:\Windows\System\mXcDJrU.exe
  C:\Windows\System\mXcDJrU.exe
  2⤵
  PID:9536
- C:\Windows\System\bMjvAvy.exe
  C:\Windows\System\bMjvAvy.exe
  2⤵
  PID:9576
- C:\Windows\System\mpwAwWg.exe
  C:\Windows\System\mpwAwWg.exe
  2⤵
  PID:9592
- C:\Windows\System\KRvJFBJ.exe
  C:\Windows\System\KRvJFBJ.exe
  2⤵
  PID:9608
- C:\Windows\System\QqFLqEm.exe
  C:\Windows\System\QqFLqEm.exe
  2⤵
  PID:9624
- C:\Windows\System\WomGLgi.exe
  C:\Windows\System\WomGLgi.exe
  2⤵
  PID:9640
- C:\Windows\System\qRGoaYJ.exe
  C:\Windows\System\qRGoaYJ.exe
  2⤵
  PID:9656
- C:\Windows\System\yQzTkcU.exe
  C:\Windows\System\yQzTkcU.exe
  2⤵
  PID:9676
- C:\Windows\System\gOyxJyd.exe
  C:\Windows\System\gOyxJyd.exe
  2⤵
  PID:9692
- C:\Windows\System\iotHoyD.exe
  C:\Windows\System\iotHoyD.exe
  2⤵
  PID:9708
- C:\Windows\System\WkdSAjW.exe
  C:\Windows\System\WkdSAjW.exe
  2⤵
  PID:9724
- C:\Windows\System\eUvULpW.exe
  C:\Windows\System\eUvULpW.exe
  2⤵
  PID:9768
- C:\Windows\System\VlUhXjt.exe
  C:\Windows\System\VlUhXjt.exe
  2⤵
  PID:9796
- C:\Windows\System\gVVrvNG.exe
  C:\Windows\System\gVVrvNG.exe
  2⤵
  PID:9820
- C:\Windows\System\tvFahVw.exe
  C:\Windows\System\tvFahVw.exe
  2⤵
  PID:9848
- C:\Windows\System\gbItyPQ.exe
  C:\Windows\System\gbItyPQ.exe
  2⤵
  PID:9868
- C:\Windows\System\CBqNLKJ.exe
  C:\Windows\System\CBqNLKJ.exe
  2⤵
  PID:9888
- C:\Windows\System\RbnvVMw.exe
  C:\Windows\System\RbnvVMw.exe
  2⤵
  PID:9904
- C:\Windows\System\BWXwGLs.exe
  C:\Windows\System\BWXwGLs.exe
  2⤵
  PID:9944
- C:\Windows\System\bzPHXpJ.exe
  C:\Windows\System\bzPHXpJ.exe
  2⤵
  PID:9972
- C:\Windows\System\PETeSAK.exe
  C:\Windows\System\PETeSAK.exe
  2⤵
  PID:10028
- C:\Windows\System\mTskWjO.exe
  C:\Windows\System\mTskWjO.exe
  2⤵
  PID:10048
- C:\Windows\System\xVgIimJ.exe
  C:\Windows\System\xVgIimJ.exe
  2⤵
  PID:10068
- C:\Windows\System\yLSxpJS.exe
  C:\Windows\System\yLSxpJS.exe
  2⤵
  PID:10088
- C:\Windows\System\QYLNFpG.exe
  C:\Windows\System\QYLNFpG.exe
  2⤵
  PID:10108
- C:\Windows\System\eXsFMfh.exe
  C:\Windows\System\eXsFMfh.exe
  2⤵
  PID:10128
- C:\Windows\System\NFgxucn.exe
  C:\Windows\System\NFgxucn.exe
  2⤵
  PID:10148
- C:\Windows\System\TcxsgyH.exe
  C:\Windows\System\TcxsgyH.exe
  2⤵
  PID:10164
- C:\Windows\System\TdfOWZP.exe
  C:\Windows\System\TdfOWZP.exe
  2⤵
  PID:10180
- C:\Windows\System\KoSOzcH.exe
  C:\Windows\System\KoSOzcH.exe
  2⤵
  PID:10200
- C:\Windows\System\tmEQwfS.exe
  C:\Windows\System\tmEQwfS.exe
  2⤵
  PID:7772
- C:\Windows\System\fDPEVyE.exe
  C:\Windows\System\fDPEVyE.exe
  2⤵
  PID:9556
- C:\Windows\System\LCFZvAq.exe
  C:\Windows\System\LCFZvAq.exe
  2⤵
  PID:9532
- C:\Windows\System\hcRewKJ.exe
  C:\Windows\System\hcRewKJ.exe
  2⤵
  PID:9604
- C:\Windows\System\iZkewUF.exe
  C:\Windows\System\iZkewUF.exe
  2⤵
  PID:9672
- C:\Windows\System\oQLjOvP.exe
  C:\Windows\System\oQLjOvP.exe
  2⤵
  PID:9748
- C:\Windows\System\KZSOFur.exe
  C:\Windows\System\KZSOFur.exe
  2⤵
  PID:9740
- C:\Windows\System\ZydIcCD.exe
  C:\Windows\System\ZydIcCD.exe
  2⤵
  PID:9856
- C:\Windows\System\XmnxWAH.exe
  C:\Windows\System\XmnxWAH.exe
  2⤵
  PID:9896
- C:\Windows\System\oJfpeto.exe
  C:\Windows\System\oJfpeto.exe
  2⤵
  PID:9912
- C:\Windows\System\lOOzStC.exe
  C:\Windows\System\lOOzStC.exe
  2⤵
  PID:9880
- C:\Windows\System\AcXgiWF.exe
  C:\Windows\System\AcXgiWF.exe
  2⤵
  PID:9884
- C:\Windows\System\DSZupWQ.exe
  C:\Windows\System\DSZupWQ.exe
  2⤵
  PID:9832
- C:\Windows\System\VUOCGqF.exe
  C:\Windows\System\VUOCGqF.exe
  2⤵
  PID:9956
- C:\Windows\System\CYGOAUN.exe
  C:\Windows\System\CYGOAUN.exe
  2⤵
  PID:10044
- C:\Windows\System\WdhwrbZ.exe
  C:\Windows\System\WdhwrbZ.exe
  2⤵
  PID:10064
- C:\Windows\System\YQnftue.exe
  C:\Windows\System\YQnftue.exe
  2⤵
  PID:10120
- C:\Windows\System\CZSxaIf.exe
  C:\Windows\System\CZSxaIf.exe
  2⤵
  PID:10156
- C:\Windows\System\vMlKuLn.exe
  C:\Windows\System\vMlKuLn.exe
  2⤵
  PID:10140
- C:\Windows\System\VKYdvhR.exe
  C:\Windows\System\VKYdvhR.exe
  2⤵
  PID:10228
- C:\Windows\System\dQydCCb.exe
  C:\Windows\System\dQydCCb.exe
  2⤵
  PID:9736
- C:\Windows\System\vNjwvVN.exe
  C:\Windows\System\vNjwvVN.exe
  2⤵
  PID:9524
- C:\Windows\System\YiiIsNk.exe
  C:\Windows\System\YiiIsNk.exe
  2⤵
  PID:9968
- C:\Windows\System\CTBFBKe.exe
  C:\Windows\System\CTBFBKe.exe
  2⤵
  PID:10212
- C:\Windows\System\zRVnYQw.exe
  C:\Windows\System\zRVnYQw.exe
  2⤵
  PID:9636
- C:\Windows\System\fbCHcgh.exe
  C:\Windows\System\fbCHcgh.exe
  2⤵
  PID:9716
- C:\Windows\System\UTXLhkG.exe
  C:\Windows\System\UTXLhkG.exe
  2⤵
  PID:9952
- C:\Windows\System\EGCmpda.exe
  C:\Windows\System\EGCmpda.exe
  2⤵
  PID:10080
- C:\Windows\System\bcpSVgc.exe
  C:\Windows\System\bcpSVgc.exe
  2⤵
  PID:10196
- C:\Windows\System\lfdXvxu.exe
  C:\Windows\System\lfdXvxu.exe
  2⤵
  PID:10224
- C:\Windows\System\AaoawLN.exe
  C:\Windows\System\AaoawLN.exe
  2⤵
  PID:9616
- C:\Windows\System\ejboNWl.exe
  C:\Windows\System\ejboNWl.exe
  2⤵
  PID:9924
- C:\Windows\System\RrpwRHq.exe
  C:\Windows\System\RrpwRHq.exe
  2⤵
  PID:10036
- C:\Windows\System\RczdoZM.exe
  C:\Windows\System\RczdoZM.exe
  2⤵
  PID:9668
- C:\Windows\System\lZepUMe.exe
  C:\Windows\System\lZepUMe.exe
  2⤵
  PID:10192
- C:\Windows\System\JcIdjHi.exe
  C:\Windows\System\JcIdjHi.exe
  2⤵
  PID:1536
- C:\Windows\System\AwVNvHg.exe
  C:\Windows\System\AwVNvHg.exe
  2⤵
  PID:9648
- C:\Windows\System\MzNbGkz.exe
  C:\Windows\System\MzNbGkz.exe
  2⤵
  PID:9780
- C:\Windows\System\fUhpzpD.exe
  C:\Windows\System\fUhpzpD.exe
  2⤵
  PID:10076
- C:\Windows\System\DzecfFW.exe
  C:\Windows\System\DzecfFW.exe
  2⤵
  PID:10216
- C:\Windows\System\zjvdVHP.exe
  C:\Windows\System\zjvdVHP.exe
  2⤵
  PID:9864
- C:\Windows\System\WEYcTXz.exe
  C:\Windows\System\WEYcTXz.exe
  2⤵
  PID:10188
- C:\Windows\System\EWQtuUe.exe
  C:\Windows\System\EWQtuUe.exe
  2⤵
  PID:9552
- C:\Windows\System\QAYKaIE.exe
  C:\Windows\System\QAYKaIE.exe
  2⤵
  PID:9808
- C:\Windows\System\gRskIeD.exe
  C:\Windows\System\gRskIeD.exe
  2⤵
  PID:10220
- C:\Windows\System\fyIcusw.exe
  C:\Windows\System\fyIcusw.exe
  2⤵
  PID:9828
- C:\Windows\System\jvgqSvp.exe
  C:\Windows\System\jvgqSvp.exe
  2⤵
  PID:10024
- C:\Windows\System\vWaeCjA.exe
  C:\Windows\System\vWaeCjA.exe
  2⤵
  PID:9548
- C:\Windows\System\nYfyGRC.exe
  C:\Windows\System\nYfyGRC.exe
  2⤵
  PID:9812
- C:\Windows\System\vCGzBLi.exe
  C:\Windows\System\vCGzBLi.exe
  2⤵
  PID:9940
- C:\Windows\System\rtaGZbQ.exe
  C:\Windows\System\rtaGZbQ.exe
  2⤵
  PID:10260
- C:\Windows\System\ZQUIGGl.exe
  C:\Windows\System\ZQUIGGl.exe
  2⤵
  PID:10276
- C:\Windows\System\geckHhF.exe
  C:\Windows\System\geckHhF.exe
  2⤵
  PID:10292
- C:\Windows\System\QurFEwO.exe
  C:\Windows\System\QurFEwO.exe
  2⤵
  PID:10308
- C:\Windows\System\meVyLlS.exe
  C:\Windows\System\meVyLlS.exe
  2⤵
  PID:10324
- C:\Windows\System\UMuPtow.exe
  C:\Windows\System\UMuPtow.exe
  2⤵
  PID:10352
- C:\Windows\System\XAujLfo.exe
  C:\Windows\System\XAujLfo.exe
  2⤵
  PID:10392
- C:\Windows\System\xbyQsFD.exe
  C:\Windows\System\xbyQsFD.exe
  2⤵
  PID:10416
- C:\Windows\System\gNEBtXa.exe
  C:\Windows\System\gNEBtXa.exe
  2⤵
  PID:10436
- C:\Windows\System\oWKszre.exe
  C:\Windows\System\oWKszre.exe
  2⤵
  PID:10452
- C:\Windows\System\jmjtDhs.exe
  C:\Windows\System\jmjtDhs.exe
  2⤵
  PID:10472
- C:\Windows\System\cltwkee.exe
  C:\Windows\System\cltwkee.exe
  2⤵
  PID:10492
- C:\Windows\System\yUzOjyT.exe
  C:\Windows\System\yUzOjyT.exe
  2⤵
  PID:10508
- C:\Windows\System\GuHYvqK.exe
  C:\Windows\System\GuHYvqK.exe
  2⤵
  PID:10524
- C:\Windows\System\saylCYh.exe
  C:\Windows\System\saylCYh.exe
  2⤵
  PID:10540
- C:\Windows\System\DOkSIZR.exe
  C:\Windows\System\DOkSIZR.exe
  2⤵
  PID:10564
- C:\Windows\System\pUkTHyu.exe
  C:\Windows\System\pUkTHyu.exe
  2⤵
  PID:10592
- C:\Windows\System\gKJjEcl.exe
  C:\Windows\System\gKJjEcl.exe
  2⤵
  PID:10608
- C:\Windows\System\UBvkMvN.exe
  C:\Windows\System\UBvkMvN.exe
  2⤵
  PID:10632
- C:\Windows\System\vvRrgJd.exe
  C:\Windows\System\vvRrgJd.exe
  2⤵
  PID:10664
- C:\Windows\System\neeysjx.exe
  C:\Windows\System\neeysjx.exe
  2⤵
  PID:10680
- C:\Windows\System\DjKtWSw.exe
  C:\Windows\System\DjKtWSw.exe
  2⤵
  PID:10696
- C:\Windows\System\QuAszdW.exe
  C:\Windows\System\QuAszdW.exe
  2⤵
  PID:10712
- C:\Windows\System\HuHAalW.exe
  C:\Windows\System\HuHAalW.exe
  2⤵
  PID:10740
- C:\Windows\System\qnkyERb.exe
  C:\Windows\System\qnkyERb.exe
  2⤵
  PID:10764
- C:\Windows\System\dMvPctw.exe
  C:\Windows\System\dMvPctw.exe
  2⤵
  PID:10780
- C:\Windows\System\vxgycZu.exe
  C:\Windows\System\vxgycZu.exe
  2⤵
  PID:10800
- C:\Windows\System\MdQiVuS.exe
  C:\Windows\System\MdQiVuS.exe
  2⤵
  PID:10820
- C:\Windows\System\EKwkFaM.exe
  C:\Windows\System\EKwkFaM.exe
  2⤵
  PID:10836
- C:\Windows\System\RyQICmG.exe
  C:\Windows\System\RyQICmG.exe
  2⤵
  PID:10868
- C:\Windows\System\ZxzjKmj.exe
  C:\Windows\System\ZxzjKmj.exe
  2⤵
  PID:10884
- C:\Windows\System\XOAfDIv.exe
  C:\Windows\System\XOAfDIv.exe
  2⤵
  PID:10900
- C:\Windows\System\nnKHckx.exe
  C:\Windows\System\nnKHckx.exe
  2⤵
  PID:10916
- C:\Windows\System\uUsIidi.exe
  C:\Windows\System\uUsIidi.exe
  2⤵
  PID:10932
- C:\Windows\System\XtxWYVb.exe
  C:\Windows\System\XtxWYVb.exe
  2⤵
  PID:10956
- C:\Windows\System\aiDIFze.exe
  C:\Windows\System\aiDIFze.exe
  2⤵
  PID:10972
- C:\Windows\System\tzxfAZe.exe
  C:\Windows\System\tzxfAZe.exe
  2⤵
  PID:10988
- C:\Windows\System\qPfjaDZ.exe
  C:\Windows\System\qPfjaDZ.exe
  2⤵
  PID:11004
- C:\Windows\System\SdGMXHI.exe
  C:\Windows\System\SdGMXHI.exe
  2⤵
  PID:11024
- C:\Windows\System\ujwnAyB.exe
  C:\Windows\System\ujwnAyB.exe
  2⤵
  PID:11060
- C:\Windows\System\IeUhnwC.exe
  C:\Windows\System\IeUhnwC.exe
  2⤵
  PID:11076
- C:\Windows\System\YAmGkZN.exe
  C:\Windows\System\YAmGkZN.exe
  2⤵
  PID:11096
- C:\Windows\System\XjvGMJy.exe
  C:\Windows\System\XjvGMJy.exe
  2⤵
  PID:11112
- C:\Windows\System\hPOMnqG.exe
  C:\Windows\System\hPOMnqG.exe
  2⤵
  PID:11128
- C:\Windows\System\etCDRVE.exe
  C:\Windows\System\etCDRVE.exe
  2⤵
  PID:11152
- C:\Windows\System\dpmDiYv.exe
  C:\Windows\System\dpmDiYv.exe
  2⤵
  PID:11172
- C:\Windows\System\qjNKrMq.exe
  C:\Windows\System\qjNKrMq.exe
  2⤵
  PID:11188
- C:\Windows\System\FWRpKUL.exe
  C:\Windows\System\FWRpKUL.exe
  2⤵
  PID:11204
- C:\Windows\System\yfPHTnI.exe
  C:\Windows\System\yfPHTnI.exe
  2⤵
  PID:11236
- C:\Windows\System\ikjoBYX.exe
  C:\Windows\System\ikjoBYX.exe
  2⤵
  PID:11252
- C:\Windows\System\VoqIUEj.exe
  C:\Windows\System\VoqIUEj.exe
  2⤵
  PID:10252
- C:\Windows\System\gjyRicN.exe
  C:\Windows\System\gjyRicN.exe
  2⤵
  PID:10272
- C:\Windows\System\mfhFhGq.exe
  C:\Windows\System\mfhFhGq.exe
  2⤵
  PID:10344
- C:\Windows\System\zTcgRBd.exe
  C:\Windows\System\zTcgRBd.exe
  2⤵
  PID:10316
- C:\Windows\System\RRGOkSC.exe
  C:\Windows\System\RRGOkSC.exe
  2⤵
  PID:10360
- C:\Windows\System\aOqDsBo.exe
  C:\Windows\System\aOqDsBo.exe
  2⤵
  PID:10380
- C:\Windows\System\SZtVunD.exe
  C:\Windows\System\SZtVunD.exe
  2⤵
  PID:10408
- C:\Windows\System\jPqZsnR.exe
  C:\Windows\System\jPqZsnR.exe
  2⤵
  PID:10428
- C:\Windows\System\qPcoGwW.exe
  C:\Windows\System\qPcoGwW.exe
  2⤵
  PID:10464
- C:\Windows\System\xLGDZcG.exe
  C:\Windows\System\xLGDZcG.exe
  2⤵
  PID:10488
- C:\Windows\System\IisBEDn.exe
  C:\Windows\System\IisBEDn.exe
  2⤵
  PID:10504
- C:\Windows\System\pMjOivt.exe
  C:\Windows\System\pMjOivt.exe
  2⤵
  PID:10576
- C:\Windows\System\bEsLPaJ.exe
  C:\Windows\System\bEsLPaJ.exe
  2⤵
  PID:10588
- C:\Windows\System\muNgJHu.exe
  C:\Windows\System\muNgJHu.exe
  2⤵
  PID:9764
- C:\Windows\System\KTwLvlg.exe
  C:\Windows\System\KTwLvlg.exe
  2⤵
  PID:10672
- C:\Windows\System\LfgomJv.exe
  C:\Windows\System\LfgomJv.exe
  2⤵
  PID:10704
- C:\Windows\System\mDueZZV.exe
  C:\Windows\System\mDueZZV.exe
  2⤵
  PID:10724
- C:\Windows\System\EkLkQcj.exe
  C:\Windows\System\EkLkQcj.exe
  2⤵
  PID:10752
- C:\Windows\System\BOsUuoC.exe
  C:\Windows\System\BOsUuoC.exe
  2⤵
  PID:10792
- C:\Windows\System\eLtnFFo.exe
  C:\Windows\System\eLtnFFo.exe
  2⤵
  PID:10856
- C:\Windows\System\qWeyPNg.exe
  C:\Windows\System\qWeyPNg.exe
  2⤵
  PID:10892
- C:\Windows\System\HEKksxH.exe
  C:\Windows\System\HEKksxH.exe
  2⤵
  PID:10996
- C:\Windows\System\lufyWfW.exe
  C:\Windows\System\lufyWfW.exe
  2⤵
  PID:11032
- C:\Windows\System\knsAWvz.exe
  C:\Windows\System\knsAWvz.exe
  2⤵
  PID:11052
- C:\Windows\System\pMyYtmP.exe
  C:\Windows\System\pMyYtmP.exe
  2⤵
  PID:10984
- C:\Windows\System\PFopIMw.exe
  C:\Windows\System\PFopIMw.exe
  2⤵
  PID:11020
- C:\Windows\System\wBHFeJO.exe
  C:\Windows\System\wBHFeJO.exe
  2⤵
  PID:11160
- C:\Windows\System\VNklwuT.exe
  C:\Windows\System\VNklwuT.exe
  2⤵
  PID:11140
- C:\Windows\System\AlLqwqc.exe
  C:\Windows\System\AlLqwqc.exe
  2⤵
  PID:11196
- C:\Windows\System\JuyxJTt.exe
  C:\Windows\System\JuyxJTt.exe
  2⤵
  PID:11228
- C:\Windows\System\cqOBJRj.exe
  C:\Windows\System\cqOBJRj.exe
  2⤵
  PID:11260
- C:\Windows\System\pHfYJji.exe
  C:\Windows\System\pHfYJji.exe
  2⤵
  PID:9732
- C:\Windows\System\lNPsWWH.exe
  C:\Windows\System\lNPsWWH.exe
  2⤵
  PID:10248
- C:\Windows\System\IhxLiXT.exe
  C:\Windows\System\IhxLiXT.exe
  2⤵
  PID:10372
- C:\Windows\System\sYWBlfi.exe
  C:\Windows\System\sYWBlfi.exe
  2⤵
  PID:10432
- C:\Windows\System\xiYtXOU.exe
  C:\Windows\System\xiYtXOU.exe
  2⤵
  PID:10536
- C:\Windows\System\zyCHrLp.exe
  C:\Windows\System\zyCHrLp.exe
  2⤵
  PID:10644
- C:\Windows\System\TsjsERP.exe
  C:\Windows\System\TsjsERP.exe
  2⤵
  PID:10732
- C:\Windows\System\kvsEOfc.exe
  C:\Windows\System\kvsEOfc.exe
  2⤵
  PID:10368
- C:\Windows\System\XKCWRoL.exe
  C:\Windows\System\XKCWRoL.exe
  2⤵
  PID:10364
- C:\Windows\System\PxABRCT.exe
  C:\Windows\System\PxABRCT.exe
  2⤵
  PID:10648
- C:\Windows\System\WScVAmm.exe
  C:\Windows\System\WScVAmm.exe
  2⤵
  PID:10656
- C:\Windows\System\FGnovjJ.exe
  C:\Windows\System\FGnovjJ.exe
  2⤵
  PID:10828
- C:\Windows\System\bcPyDZO.exe
  C:\Windows\System\bcPyDZO.exe
  2⤵
  PID:10832
- C:\Windows\System\bgCwyMc.exe
  C:\Windows\System\bgCwyMc.exe
  2⤵
  PID:11044
- C:\Windows\System\UZLPWHY.exe
  C:\Windows\System\UZLPWHY.exe
  2⤵
  PID:11048
- C:\Windows\System\ZVxwWaP.exe
  C:\Windows\System\ZVxwWaP.exe
  2⤵
  PID:10880
- C:\Windows\System\cRYiMzk.exe
  C:\Windows\System\cRYiMzk.exe
  2⤵
  PID:10952
- C:\Windows\System\JmdNXIG.exe
  C:\Windows\System\JmdNXIG.exe
  2⤵
  PID:11120
- C:\Windows\System\WeWobiQ.exe
  C:\Windows\System\WeWobiQ.exe
  2⤵
  PID:11136
- C:\Windows\System\JhEUlPa.exe
  C:\Windows\System\JhEUlPa.exe
  2⤵
  PID:11220
- C:\Windows\System\CoKjdbP.exe
  C:\Windows\System\CoKjdbP.exe
  2⤵
  PID:10116
- C:\Windows\System\edFlNTN.exe
  C:\Windows\System\edFlNTN.exe
  2⤵
  PID:10340
- C:\Windows\System\JBWsZPR.exe
  C:\Windows\System\JBWsZPR.exe
  2⤵
  PID:10424
- C:\Windows\System\OMDXNum.exe
  C:\Windows\System\OMDXNum.exe
  2⤵
  PID:10692
- C:\Windows\System\rZFeXKN.exe
  C:\Windows\System\rZFeXKN.exe
  2⤵
  PID:10624
- C:\Windows\System\uADfxhD.exe
  C:\Windows\System\uADfxhD.exe
  2⤵
  PID:10816
- C:\Windows\System\nneZjUf.exe
  C:\Windows\System\nneZjUf.exe
  2⤵
  PID:10584
- C:\Windows\System\kKtTpGm.exe
  C:\Windows\System\kKtTpGm.exe
  2⤵
  PID:10924
- C:\Windows\System\UVadsCv.exe
  C:\Windows\System\UVadsCv.exe
  2⤵
  PID:10940
- C:\Windows\System\RZnLgjs.exe
  C:\Windows\System\RZnLgjs.exe
  2⤵
  PID:11144
- C:\Windows\System\qwvAhew.exe
  C:\Windows\System\qwvAhew.exe
  2⤵
  PID:10852
- C:\Windows\System\UISGWOW.exe
  C:\Windows\System\UISGWOW.exe
  2⤵
  PID:11016
- C:\Windows\System\MztyPKc.exe
  C:\Windows\System\MztyPKc.exe
  2⤵
  PID:9760
- C:\Windows\System\aBJJWIx.exe
  C:\Windows\System\aBJJWIx.exe
  2⤵
  PID:10944
- C:\Windows\System\SjtciBM.exe
  C:\Windows\System\SjtciBM.exe
  2⤵
  PID:10284
- C:\Windows\System\ITJfpGp.exe
  C:\Windows\System\ITJfpGp.exe
  2⤵
  PID:10640
- C:\Windows\System\WderIUq.exe
  C:\Windows\System\WderIUq.exe
  2⤵
  PID:11164
- C:\Windows\System\YvMDqHG.exe
  C:\Windows\System\YvMDqHG.exe
  2⤵
  PID:11040
- C:\Windows\System\FcAlHFc.exe
  C:\Windows\System\FcAlHFc.exe
  2⤵
  PID:10876
- C:\Windows\System\hzVqezo.exe
  C:\Windows\System\hzVqezo.exe
  2⤵
  PID:9964
- C:\Windows\System\oJrgBsn.exe
  C:\Windows\System\oJrgBsn.exe
  2⤵
  PID:10400
- C:\Windows\System\siRSFJN.exe
  C:\Windows\System\siRSFJN.exe
  2⤵
  PID:10948
- C:\Windows\System\xvIfnpu.exe
  C:\Windows\System\xvIfnpu.exe
  2⤵
  PID:10176
- C:\Windows\System\FWhSjmU.exe
  C:\Windows\System\FWhSjmU.exe
  2⤵
  PID:10620
- C:\Windows\System\nPlxjvp.exe
  C:\Windows\System\nPlxjvp.exe
  2⤵
  PID:11224
- C:\Windows\System\tYQrIoA.exe
  C:\Windows\System\tYQrIoA.exe
  2⤵
  PID:10548
- C:\Windows\System\MDUjbNx.exe
  C:\Windows\System\MDUjbNx.exe
  2⤵
  PID:11272
- C:\Windows\System\fplBBEB.exe
  C:\Windows\System\fplBBEB.exe
  2⤵
  PID:11288
- C:\Windows\System\CyjxyZp.exe
  C:\Windows\System\CyjxyZp.exe
  2⤵
  PID:11304
- C:\Windows\System\kisLBVz.exe
  C:\Windows\System\kisLBVz.exe
  2⤵
  PID:11320
- C:\Windows\System\NWJeguV.exe
  C:\Windows\System\NWJeguV.exe
  2⤵
  PID:11344
- C:\Windows\System\PqYQWXk.exe
  C:\Windows\System\PqYQWXk.exe
  2⤵
  PID:11384
- C:\Windows\System\HnESCJn.exe
  C:\Windows\System\HnESCJn.exe
  2⤵
  PID:11400
- C:\Windows\System\vHRJgUN.exe
  C:\Windows\System\vHRJgUN.exe
  2⤵
  PID:11420
- C:\Windows\System\iqiXKni.exe
  C:\Windows\System\iqiXKni.exe
  2⤵
  PID:11436
- C:\Windows\System\HCeSpru.exe
  C:\Windows\System\HCeSpru.exe
  2⤵
  PID:11456
- C:\Windows\System\xocAMwZ.exe
  C:\Windows\System\xocAMwZ.exe
  2⤵
  PID:11472
- C:\Windows\System\yvacheR.exe
  C:\Windows\System\yvacheR.exe
  2⤵
  PID:11492
- C:\Windows\System\EolaXqU.exe
  C:\Windows\System\EolaXqU.exe
  2⤵
  PID:11508
- C:\Windows\System\KmwZKEs.exe
  C:\Windows\System\KmwZKEs.exe
  2⤵
  PID:11524
- C:\Windows\System\kNyPryz.exe
  C:\Windows\System\kNyPryz.exe
  2⤵
  PID:11540
- C:\Windows\System\Kbmsxpf.exe
  C:\Windows\System\Kbmsxpf.exe
  2⤵
  PID:11556
- C:\Windows\System\kYkmfgI.exe
  C:\Windows\System\kYkmfgI.exe
  2⤵
  PID:11572
- C:\Windows\System\dOusIVn.exe
  C:\Windows\System\dOusIVn.exe
  2⤵
  PID:11588
- C:\Windows\System\cwAkVnw.exe
  C:\Windows\System\cwAkVnw.exe
  2⤵
  PID:11640
- C:\Windows\System\NLXCtvQ.exe
  C:\Windows\System\NLXCtvQ.exe
  2⤵
  PID:11656
- C:\Windows\System\KisTMTH.exe
  C:\Windows\System\KisTMTH.exe
  2⤵
  PID:11672
- C:\Windows\System\MyriwOy.exe
  C:\Windows\System\MyriwOy.exe
  2⤵
  PID:11688
- C:\Windows\System\jOCmJAz.exe
  C:\Windows\System\jOCmJAz.exe
  2⤵
  PID:11704
- C:\Windows\System\DQgeTyF.exe
  C:\Windows\System\DQgeTyF.exe
  2⤵
  PID:11720
- C:\Windows\System\WfHynnq.exe
  C:\Windows\System\WfHynnq.exe
  2⤵
  PID:11736
- C:\Windows\System\czPLgJO.exe
  C:\Windows\System\czPLgJO.exe
  2⤵
  PID:11752
- C:\Windows\System\iQgpjhT.exe
  C:\Windows\System\iQgpjhT.exe
  2⤵
  PID:11768
- C:\Windows\System\ujBunvn.exe
  C:\Windows\System\ujBunvn.exe
  2⤵
  PID:11784
- C:\Windows\System\BKvGqMc.exe
  C:\Windows\System\BKvGqMc.exe
  2⤵
  PID:11800
- C:\Windows\System\WzKqPAV.exe
  C:\Windows\System\WzKqPAV.exe
  2⤵
  PID:11816
- C:\Windows\System\RInCOml.exe
  C:\Windows\System\RInCOml.exe
  2⤵
  PID:11832
- C:\Windows\System\TvrYfOW.exe
  C:\Windows\System\TvrYfOW.exe
  2⤵
  PID:11848
- C:\Windows\System\QhHAnZt.exe
  C:\Windows\System\QhHAnZt.exe
  2⤵
  PID:11864
- C:\Windows\System\MmrtjCK.exe
  C:\Windows\System\MmrtjCK.exe
  2⤵
  PID:11880
- C:\Windows\System\tFqlKFj.exe
  C:\Windows\System\tFqlKFj.exe
  2⤵
  PID:11896
- C:\Windows\System\elWbHdT.exe
  C:\Windows\System\elWbHdT.exe
  2⤵
  PID:11912
- C:\Windows\System\kVoolqW.exe
  C:\Windows\System\kVoolqW.exe
  2⤵
  PID:11932
- C:\Windows\System\tEckQie.exe
  C:\Windows\System\tEckQie.exe
  2⤵
  PID:11948
- C:\Windows\System\uvORRSr.exe
  C:\Windows\System\uvORRSr.exe
  2⤵
  PID:11964
- C:\Windows\System\EjbSvlK.exe
  C:\Windows\System\EjbSvlK.exe
  2⤵
  PID:12064
- C:\Windows\System\fDFoADP.exe
  C:\Windows\System\fDFoADP.exe
  2⤵
  PID:12080
- C:\Windows\System\BGkuLRX.exe
  C:\Windows\System\BGkuLRX.exe
  2⤵
  PID:12116
- C:\Windows\System\ntCyZkV.exe
  C:\Windows\System\ntCyZkV.exe
  2⤵
  PID:12144
- C:\Windows\System\FuXvEFy.exe
  C:\Windows\System\FuXvEFy.exe
  2⤵
  PID:12160
- C:\Windows\System\qtUGGTF.exe
  C:\Windows\System\qtUGGTF.exe
  2⤵
  PID:12180
- C:\Windows\System\GQlsqSL.exe
  C:\Windows\System\GQlsqSL.exe
  2⤵
  PID:12196
- C:\Windows\System\TuyUEvD.exe
  C:\Windows\System\TuyUEvD.exe
  2⤵
  PID:12212
- C:\Windows\System\KXsgGbi.exe
  C:\Windows\System\KXsgGbi.exe
  2⤵
  PID:12228
- C:\Windows\System\OABELKE.exe
  C:\Windows\System\OABELKE.exe
  2⤵
  PID:12248
- C:\Windows\System\oIfwsjG.exe
  C:\Windows\System\oIfwsjG.exe
  2⤵
  PID:12276
- C:\Windows\System\TZGdtYm.exe
  C:\Windows\System\TZGdtYm.exe
  2⤵
  PID:11312
- C:\Windows\System\yvTYfDZ.exe
  C:\Windows\System\yvTYfDZ.exe
  2⤵
  PID:11268
- C:\Windows\System\NazyVMX.exe
  C:\Windows\System\NazyVMX.exe
  2⤵
  PID:11328
- C:\Windows\System\yBajmxK.exe
  C:\Windows\System\yBajmxK.exe
  2⤵
  PID:11352
- C:\Windows\System\WbUDhGy.exe
  C:\Windows\System\WbUDhGy.exe
  2⤵
  PID:11372
- C:\Windows\System\xjBYoYG.exe
  C:\Windows\System\xjBYoYG.exe
  2⤵
  PID:11380
- C:\Windows\System\YoQgbRf.exe
  C:\Windows\System\YoQgbRf.exe
  2⤵
  PID:11428
- C:\Windows\System\SEfzZwe.exe
  C:\Windows\System\SEfzZwe.exe
  2⤵
  PID:11452
- C:\Windows\System\miavmxB.exe
  C:\Windows\System\miavmxB.exe
  2⤵
  PID:11548
- C:\Windows\System\tqGayNx.exe
  C:\Windows\System\tqGayNx.exe
  2⤵
  PID:11464
- C:\Windows\System\fLIQRLC.exe
  C:\Windows\System\fLIQRLC.exe
  2⤵
  PID:11648
- C:\Windows\System\KUiBXgP.exe
  C:\Windows\System\KUiBXgP.exe
  2⤵
  PID:11716
- C:\Windows\System\QHHbrOL.exe
  C:\Windows\System\QHHbrOL.exe
  2⤵
  PID:11780
- C:\Windows\System\YWuTEXU.exe
  C:\Windows\System\YWuTEXU.exe
  2⤵
  PID:11536
- C:\Windows\System\nZcwPPH.exe
  C:\Windows\System\nZcwPPH.exe
  2⤵
  PID:11596
- C:\Windows\System\tpMCmcz.exe
  C:\Windows\System\tpMCmcz.exe
  2⤵
  PID:11612
- C:\Windows\System\TEsCSzk.exe
  C:\Windows\System\TEsCSzk.exe
  2⤵
  PID:11628
- C:\Windows\System\dBbCeUQ.exe
  C:\Windows\System\dBbCeUQ.exe
  2⤵
  PID:11764
- C:\Windows\System\saGUfQo.exe
  C:\Windows\System\saGUfQo.exe
  2⤵
  PID:11840
- C:\Windows\System\RYcLkQI.exe
  C:\Windows\System\RYcLkQI.exe
  2⤵
  PID:11664
- C:\Windows\System\lckQtIQ.exe
  C:\Windows\System\lckQtIQ.exe
  2⤵
  PID:11928
- C:\Windows\System\xXCcnEj.exe
  C:\Windows\System\xXCcnEj.exe
  2⤵
  PID:11960
- C:\Windows\System\rtTMKFv.exe
  C:\Windows\System\rtTMKFv.exe
  2⤵
  PID:11696
- C:\Windows\System\HsLnNMk.exe
  C:\Windows\System\HsLnNMk.exe
  2⤵
  PID:12048
- C:\Windows\System\swvxyXY.exe
  C:\Windows\System\swvxyXY.exe
  2⤵
  PID:12032
- C:\Windows\System\DUaryBl.exe
  C:\Windows\System\DUaryBl.exe
  2⤵
  PID:12016
- C:\Windows\System\eSETWyo.exe
  C:\Windows\System\eSETWyo.exe
  2⤵
  PID:11988
- C:\Windows\System\MxmAMmM.exe
  C:\Windows\System\MxmAMmM.exe
  2⤵
  PID:12076
- C:\Windows\System\qyJQIES.exe
  C:\Windows\System\qyJQIES.exe
  2⤵
  PID:12140
- C:\Windows\System\hEwJmVr.exe
  C:\Windows\System\hEwJmVr.exe
  2⤵
  PID:12188
- C:\Windows\System\eiveflh.exe
  C:\Windows\System\eiveflh.exe
  2⤵
  PID:12256
- C:\Windows\System\IhFCGrR.exe
  C:\Windows\System\IhFCGrR.exe
  2⤵
  PID:12284
- C:\Windows\System\UjwlkVa.exe
  C:\Windows\System\UjwlkVa.exe
  2⤵
  PID:11104
- C:\Windows\System\peVeWQj.exe
  C:\Windows\System\peVeWQj.exe
  2⤵
  PID:11416
- C:\Windows\System\OOVYVsi.exe
  C:\Windows\System\OOVYVsi.exe
  2⤵
  PID:11748
- C:\Windows\System\QCkpQtA.exe
  C:\Windows\System\QCkpQtA.exe
  2⤵
  PID:11700
- C:\Windows\System\sIhmUiU.exe
  C:\Windows\System\sIhmUiU.exe
  2⤵
  PID:11668
- C:\Windows\System\pSkKbaF.exe
  C:\Windows\System\pSkKbaF.exe
  2⤵
  PID:11684
- C:\Windows\System\pEFjAQs.exe
  C:\Windows\System\pEFjAQs.exe
  2⤵
  PID:11444
- C:\Windows\System\quIKRZo.exe
  C:\Windows\System\quIKRZo.exe
  2⤵
  PID:11876
- C:\Windows\System\EktMAvc.exe
  C:\Windows\System\EktMAvc.exe
  2⤵
  PID:11860
- C:\Windows\System\JKWGnXt.exe
  C:\Windows\System\JKWGnXt.exe
  2⤵
  PID:12060
- C:\Windows\System\pdAisvi.exe
  C:\Windows\System\pdAisvi.exe
  2⤵
  PID:12040
- C:\Windows\System\mRuWUvc.exe
  C:\Windows\System\mRuWUvc.exe
  2⤵
  PID:11992
- C:\Windows\System\aIcMqOK.exe
  C:\Windows\System\aIcMqOK.exe
  2⤵
  PID:12132
- C:\Windows\System\JhGVPqU.exe
  C:\Windows\System\JhGVPqU.exe
  2⤵
  PID:11980
- C:\Windows\System\UtHoqiI.exe
  C:\Windows\System\UtHoqiI.exe
  2⤵
  PID:12168
- C:\Windows\System\BewvYGe.exe
  C:\Windows\System\BewvYGe.exe
  2⤵
  PID:12236
- C:\Windows\System\qhqYDBm.exe
  C:\Windows\System\qhqYDBm.exe
  2⤵
  PID:12268
- C:\Windows\System\TFDzWBg.exe
  C:\Windows\System\TFDzWBg.exe
  2⤵
  PID:11280
- C:\Windows\System\zbMNmjN.exe
  C:\Windows\System\zbMNmjN.exe
  2⤵
  PID:11340
- C:\Windows\System\JRhtBzj.exe
  C:\Windows\System\JRhtBzj.exe
  2⤵
  PID:11488
- C:\Windows\System\deiRblS.exe
  C:\Windows\System\deiRblS.exe
  2⤵
  PID:11580
- C:\Windows\System\vRUzFUs.exe
  C:\Windows\System\vRUzFUs.exe
  2⤵
  PID:11520
- C:\Windows\System\gHVSsiD.exe
  C:\Windows\System\gHVSsiD.exe
  2⤵
  PID:11972
- C:\Windows\System\mmJNUhh.exe
  C:\Windows\System\mmJNUhh.exe
  2⤵
  PID:11856
- C:\Windows\System\kxGjPDe.exe
  C:\Windows\System\kxGjPDe.exe
  2⤵
  PID:12036
- C:\Windows\System\EhfYgzD.exe
  C:\Windows\System\EhfYgzD.exe
  2⤵
  PID:11904
- C:\Windows\System\ffVLJPP.exe
  C:\Windows\System\ffVLJPP.exe
  2⤵
  PID:11924
- C:\Windows\System\MYIIVaK.exe
  C:\Windows\System\MYIIVaK.exe
  2⤵
  PID:12108
- C:\Windows\System\VkzGREZ.exe
  C:\Windows\System\VkzGREZ.exe
  2⤵
  PID:12088
- C:\Windows\System\cAnafco.exe
  C:\Windows\System\cAnafco.exe
  2⤵
  PID:12220
- C:\Windows\System\itdzmSn.exe
  C:\Windows\System\itdzmSn.exe
  2⤵
  PID:11432
- C:\Windows\System\evYTSha.exe
  C:\Windows\System\evYTSha.exe
  2⤵
  PID:11732
- C:\Windows\System\UOlgbdM.exe
  C:\Windows\System\UOlgbdM.exe
  2⤵
  PID:11796
- C:\Windows\System\qybBkyE.exe
  C:\Windows\System\qybBkyE.exe
  2⤵
  PID:11892
- C:\Windows\System\GEoMovE.exe
  C:\Windows\System\GEoMovE.exe
  2⤵
  PID:10124
- C:\Windows\System\YTwtKPF.exe
  C:\Windows\System\YTwtKPF.exe
  2⤵
  PID:11872
- C:\Windows\System\lrkOTsZ.exe
  C:\Windows\System\lrkOTsZ.exe
  2⤵
  PID:12172
- C:\Windows\System\YqsiFDj.exe
  C:\Windows\System\YqsiFDj.exe
  2⤵
  PID:11392
- C:\Windows\System\PZzeFEI.exe
  C:\Windows\System\PZzeFEI.exe
  2⤵
  PID:11364
- C:\Windows\System\kEEEAyp.exe
  C:\Windows\System\kEEEAyp.exe
  2⤵
  PID:12204
- C:\Windows\System\WSgmbfg.exe
  C:\Windows\System\WSgmbfg.exe
  2⤵
  PID:10388
- C:\Windows\System\SbTldAJ.exe
  C:\Windows\System\SbTldAJ.exe
  2⤵
  PID:12008
- C:\Windows\System\GlDovOS.exe
  C:\Windows\System\GlDovOS.exe
  2⤵
  PID:11284
- C:\Windows\System\KKQmBxZ.exe
  C:\Windows\System\KKQmBxZ.exe
  2⤵
  PID:12324
- C:\Windows\System\pkeCrcD.exe
  C:\Windows\System\pkeCrcD.exe
  2⤵
  PID:12340
- C:\Windows\System\EcjQrTp.exe
  C:\Windows\System\EcjQrTp.exe
  2⤵
  PID:12360
- C:\Windows\System\IdoPYAX.exe
  C:\Windows\System\IdoPYAX.exe
  2⤵
  PID:12376
- C:\Windows\System\RFyMPdV.exe
  C:\Windows\System\RFyMPdV.exe
  2⤵
  PID:12396
- C:\Windows\System\edUzWJY.exe
  C:\Windows\System\edUzWJY.exe
  2⤵
  PID:12420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CqQpThv.exe

Filesize
6.0MB

MD5
e0400d971751343cbdedb3ed3f2b1bae

SHA1
10c47d2ef155ef3d2966d4af3432f88f764c9c2e

SHA256
6c11b77573fa429a4eac4754458ec315fdfd4134ce753f1771b20e763b50e1fb

SHA512
19e868cc95ed3c91b74fc1b3d9e6ab30c060b065f26bdeb67f0a79760fd658baf42395edce5b04fc7a49d768a1df0139c562ade420ee3cd13e788561cada2fd6

Download Submit
C:\Windows\system\DHKBgLo.exe

Filesize
6.0MB

MD5
40d14fce118bebc0efc32ec06c6cca44

SHA1
f7c39253426c9d313a3c40aa1d97bd964200c7da

SHA256
d5c58be05a69e917de6d4f3bca458e79e25b2f9fb152ed257d6e73467f1c7c49

SHA512
c12222e47545fcc0b80bf46c3e4f3b684f7e6b04e5c32ccd481697da0903168ed54b4eb5daf8b60aa8d76e5348f2cbb5ed237490cefacc01324971d37cf21489

Download Submit
C:\Windows\system\EuICbMS.exe

Filesize
6.0MB

MD5
2a7f59709632fce1c1fc8782e1e03b7c

SHA1
14467e4d4984d66c3343fce50cb213c74ae7b82c

SHA256
89228ee283d7a21a12c07ba29cced5a073d894057d158ddfebff5a9767c82273

SHA512
02e92b7a6823b09bd31ff9c3011a7eca0bb0e045daef1ec29f9ac7282351b115b12347d7d27c047418dbd9189cb29d7f802d7cfd43ba4f9e3f2d8724d1add838

Download Submit
C:\Windows\system\IMuYoPj.exe

Filesize
6.0MB

MD5
d8caf9d4c10a0b6c8d75f2d5bb2a5bd0

SHA1
1c8da1c3000207e9b1d687075a528a1ad87617e2

SHA256
9cd150ec4e56e92b4932e9a6b0952a8d2dab7011abbb98ae04852ea04c7ef140

SHA512
ca842611d723b64b60e5e502515a08e633f54291c68c15343d35d737c40bdf9c9091871fccf54478e444b321343911e19a83533a1b178707b3437d84b8f8c572

Download Submit
C:\Windows\system\JkumMab.exe

Filesize
6.0MB

MD5
d563c8cb588b5989edafa9ad3189f2b7

SHA1
bf038658c00d270344e9b43c2123917a19354ba7

SHA256
7f0eeac2753e0e8be60779edc817e26d61f604ae30cdce9030cab5b06d3463cb

SHA512
9d2522bd457b999e12b21f5e243aca9bc717df38c27d77d51b3512869ca8803355359ff5bca3d2230aebc04d7c01953f8e3d4a05ec5c04e79f51383f189f2231

Download Submit
C:\Windows\system\LZEGghL.exe

Filesize
6.0MB

MD5
de203ab311ebd39f4d7ee21cc0ff574d

SHA1
bf4843d499586e4cb65f0f3d5e1097245024ce28

SHA256
3f2a750a4fdc35db88a28da35b034eda90d58505dbe7e8e00a8b41138ed1aa0a

SHA512
867dfbb6df8ef9fe90e3a67a582467a270bea374c183399f784129b4cf29642a185025c50bb62c1e76c495dd4804fbb02cbd9b01758980ba634270ed36e7895b

Download Submit
C:\Windows\system\MsDCUZl.exe

Filesize
6.0MB

MD5
95615cdd91b9cba33943dee0a4b98fd5

SHA1
d729cad1a557790757776fe39b14f8fa4c88b8c0

SHA256
5376cd4098ffcf635cf9b5e8177bc232fb16dc4010fc17acc8cc0f706e745f2f

SHA512
7ddf4398b04d1d496d9dbf68e9e03a265ddb8a42a11f41ac800e491d61b706bab396deb983ca4487f99bc168846f5f8559d1d0b6ea94bbbe541259f7f6a686e2

Download Submit
C:\Windows\system\QrBIvtV.exe

Filesize
6.0MB

MD5
ce9e077c26fd948c1199757462c968b1

SHA1
9d804bcfe64009ef2049c4ab9777914678a6f5de

SHA256
19dcb49593464735f6d14c2d1290438c9ad8f50290893a4b4108d57006c49294

SHA512
6269356667aba321ce54f06fe5267d2dbb9d039973f6febb3ebde530e1231a80c72f6087449d52d44e77b320be478cfb5ec746553347075ce252fd4144d1b7f5

Download Submit
C:\Windows\system\Rlfrizp.exe

Filesize
6.0MB

MD5
2482332c8719cc26242c38e2f049313b

SHA1
5c2b4458c0e6a1156cc11e52005aa74c9ae2f4b8

SHA256
b5ae25ae4fcf97d058293aa6d9ecfe35710cad2c062993761f3b04c5c36a67d5

SHA512
4145c0323ac839372ae13c56147ca5b49e2c6c380a8088871da132b22a3c33ee47ad38103d2b6e973565e0d1acf058d7e9f0b08cd26701f888c55b7ad7c73271

Download Submit
C:\Windows\system\SaGICpt.exe

Filesize
6.0MB

MD5
4dc154d81613208e6ae69c5b27b50c0d

SHA1
7a8f8658bf416b3bf7e9c5dd11fb817567d52540

SHA256
c3dc13930a3d4cb9e9de815bcd725324efa5058b62c74a32022251d2a9cfb8c7

SHA512
6bbf9b39b634009194d15287e53e3d39109fe167f3501149e2639bffb6f72e1435fa568141b503fdfe17aa0796562e3c59e56a0646e292ffa4eb93c08aa5b770

Download Submit
C:\Windows\system\VXzNHKZ.exe

Filesize
6.0MB

MD5
6e1c882d117afccdedf0aac91e8ac538

SHA1
2d0a031d4ee9bef3c7ff1b1947e934e65084c887

SHA256
89e79856c195862b6030023c1bf1318016605a9b8a0c641d972861d87331bfaf

SHA512
0db2c0d20f2ba9ac607b0878f878f79f87250ae0e3eec715f6ce3ab29d02e58bfb5374724aa9efa3a5ed101a6626e9e5ce0093c2b320bb1dd643f4c1c27c18ed

Download Submit
C:\Windows\system\XVfOVlG.exe

Filesize
6.0MB

MD5
4513a97f47db26dc3d6e51467bf57dac

SHA1
3adb7034f06f1c669b4ed64c5b0a3280a86bf6e0

SHA256
9985efcd53438ce0e6f6656b7797b695458e7ab8a568d91d330a9351c2106a31

SHA512
4921d4994e04fcb3006d1e9df22d1b9a59ac2418324d49320641d0ba46eb427c9f7d51747a1094204c7e886b0acd0ce52cd6666d5c4bcc47070e791ac62e2f94

Download Submit
C:\Windows\system\XeqovCa.exe

Filesize
6.0MB

MD5
a3e1ecf9663c8b5132d20e1a24213ddf

SHA1
dc7a9348dbc988cdcd1a213fa527419bc5a54f72

SHA256
a600e15ee1f11989756a73293634db7c6c7480616c817e699d86eae943b2778b

SHA512
bce6eb7132b4904b8059d584a9d38384dffc2afc2af2f25dd49bdf676d97838f391ad0179554d9316f6a697f99f81d7ac462aa47243819ede4aa9b50c75aa7ff

Download Submit
C:\Windows\system\gWlNiQb.exe

Filesize
6.0MB

MD5
51ce1257a6e36df7be6b4b4988588f0a

SHA1
9872e82881a7be71c452e60d1d64acc8c0f5c026

SHA256
3d19ee2b43574816ab4c8ad00fbddcbdff89a678eed71f0fa83fcca14825dde0

SHA512
27e69db3903b553c43903ffa55145bbe9885e579dbb5f614d10e81a6c1197b293e0e356af701687935330c250c5bb89135a6ffb06b24b43be88c1964ff660def

Download Submit
C:\Windows\system\gnbkFDN.exe

Filesize
6.0MB

MD5
93df9ecfd136dd3367406ccbcb03cd14

SHA1
0c61f7684c03f0cfbf9c577e1c3ef28307d8f9c7

SHA256
adf61e5725c4ec4964a25d40c20042e1f267db6d94611abc20fe2975e26c1932

SHA512
39b8078f33c6abb9033a34946e87e1fecc6e106d7d8346887dc82bffdf20365aa6e09a488800decf886ed5609849306885dd42aa0362ee73efb04966c352dfd1

Download Submit
C:\Windows\system\lAHtmnT.exe

Filesize
6.0MB

MD5
bc20ed052fd1f2afceeab5208e8ef5cf

SHA1
40f14d7b2091c22e411bbd8f0d4b47f5f8d2d783

SHA256
c30b445406c7f1923a32043b79cc54fc2077c02e09aa16657de6adaa12fd25bc

SHA512
58cdd2085688ff3ff4eb92bb986cf2c80752a4f03c163c7cb5d745db5b02153941ce4a23df60ecd5a01d85cc72b6f1036f2b8ba26d74bc7ab678b884270c77c8

Download Submit
C:\Windows\system\nLemsYa.exe

Filesize
6.0MB

MD5
b8e3fff0f0305b85d5dc4bd13c2cb26e

SHA1
8cd73a1cf8b2c28acd4de903b05e0e1007aa2672

SHA256
8fbd136aec4ea2c9fa4dbb392b4bf8d6621e40d1905d8d92f2e7474833896bd8

SHA512
a66cc415330581648ef989442ca2fa3c86202f31fc3255e588a3f664ebeee3813ac48a29c8970a0f08a602131d943c6a2907eb7179261d31520ccd904488488a

Download Submit
C:\Windows\system\rGuWZTp.exe

Filesize
6.0MB

MD5
a142bea459bd9c057777ef269e94b34a

SHA1
cdf5a6061438913bb2ac283859c777f7a51adefe

SHA256
f3003c281af7a8a3539e64575ba6d14e30bb8bf9c82c03efd7463de6f278758d

SHA512
5798b30774863460498fa2f2e85c1bbbfb329434a9c8b2d69e9409796298518104a068d04454c0cef0c52c69b37592b4e7c83e9577e461a613b14582e9355738

Download Submit
C:\Windows\system\riSxnBx.exe

Filesize
6.0MB

MD5
3af52fed236bc940533b81bac43683eb

SHA1
f1d17b1b9d988d6c67f2691880e33e170e329bd6

SHA256
ffb0caae9b62d154a3cd2205a61e4322d25fa9b271e406cb96d449889d63a9f9

SHA512
1a2ed4e9486354cc8425e216b9f289d1a67482c7c4c052b9af813ca250c722c52053d29ed91d7133024be45eaf209fb7f87201e7d105324b5897e3cab884f5a3

Download Submit
C:\Windows\system\sBISsJz.exe

Filesize
6.0MB

MD5
e3bc79b2b3cd0d26a0235b191966d4c4

SHA1
e1d5c27c37d086bde1badeaa5630602a113d14c5

SHA256
179c0301162c97a73fbdd020522cb374a87b2541bf04a241d4b864a15795532a

SHA512
537dc3a8b26e558fa973ae9b100384e06c5a1d08a7ba26d347f3a3ac31bdb8122e8e14db00d7a313f3e63cc9e4da1f5887859e8748b7c7f2ce2cdcd7679e971b

Download Submit
C:\Windows\system\syRPBGB.exe

Filesize
6.0MB

MD5
97ac20632037c5bfeb1aea2ff557146d

SHA1
0f8a3cc6c542d2c25ad875a9747c918e2edf81e2

SHA256
bf69fe3b218308fe232dc12de93c7d92dd032acd82f2964a9e11b70d32872980

SHA512
9a1cd53d292be8aef468105b508b7c7259ed769267f2d41fed5a24f4c52b0726e00008ffe92111661d3a1c0f2da2b4cc715bd93e066629cf81e71e40f272f63f

Download Submit
C:\Windows\system\ukuvDhi.exe

Filesize
6.0MB

MD5
28b82ff1008459925b1a5a960a842443

SHA1
311707d27c72bb56def390d96dc390c00d726176

SHA256
e08583c635b4794dfb3b80092e02568374d3372bfbb39ba3da0d4ddc3028cde3

SHA512
1d8421aae65453862e8c043fc6465cfe448ae87336ed3b68da149a6e4bf29113e3558445b22c8389105464e5741babeb0fbdd69fc35b6215267f97df9724b28a

Download Submit
C:\Windows\system\veerEFe.exe

Filesize
6.0MB

MD5
70fbcc60b2944565c80eb28bb6a652e5

SHA1
46b3df5e2d802eaa67a5a4542a43ed3ab46584bc

SHA256
9d358007a9ca7f72006d6f6208e3af980c6ccdd386f6fb7e138863851ae92d51

SHA512
c870c8b61cba57b381a79c19e84ba94798e89148af43321a0456db4764cec477bd00a29b10191fb45f7355c9035b5d907b4b5f6419e9a99418a5a0c7cba739e5

Download Submit
C:\Windows\system\voruikj.exe

Filesize
6.0MB

MD5
d01c31c5fad54c7d8624fe483afc3960

SHA1
210b69b0171dee3fe43ac752ec5bd3e51477675f

SHA256
7fb4b22a59551a67b6ecac64df1b8ce90e9940b2509656c78e008b60d9029569

SHA512
d4af03bfa32b34e77f0dcfd54547c1f6bdd9df1d6526c3b4ad6b13f89db8af5d94216dfe2eea5736f34e710ee13ef38be4742f1b9751b93a3408658c61c604f1

Download Submit
C:\Windows\system\wgSSpsh.exe

Filesize
6.0MB

MD5
966b6aba3454454c53802ed63bb1b9f7

SHA1
755a27510d3be3789d6728f6485b6b1377d5392b

SHA256
63da63e667e27d8e9fd740511c5a4b2d94875cf37ef91e585d5a244fe560b3de

SHA512
d52cc121d2c9ad1c4d58fdae89cc08fbdbc6684af34a641aa6873e14833ba55cf663603e78db055ed6d9ec302a7dda0dd9502dad71c3f2518e7df6b76868bb50

Download Submit
C:\Windows\system\wonhWPi.exe

Filesize
6.0MB

MD5
e850dccae7cb2205d5e20659bf0d774d

SHA1
663237d181a248656f8095785efac8c827dc1a46

SHA256
df63441bff73c7cd4bb85bc0366789a2199fbe0674b93c9cedf9ac5b9cab7302

SHA512
c2e7ed84b080d909a6e09360b41863481ac506ac0db012623cdf606f9134ae6b4456632d658e184396df65e2f140476a1013ddd3399370c22c250cab52980d03

Download Submit
C:\Windows\system\zOQBHJe.exe

Filesize
6.0MB

MD5
c9e9108c424af5cc14d9f9de4551ad56

SHA1
b9fd8a9921ee9c96722d2d61adfc4cfa2a09b2a3

SHA256
00f239485694c3ab82400b030003e438c03f246be9500cf321feebfc82a502ca

SHA512
eebfbf1e046c16fabe294ddf8c79bb6740b57e4bc2a53d5eabbb761563b625952058df78a65ca9457f8d3651198b09b91e23a7b32070fabf69a4e46e73fa290f

Download Submit
C:\Windows\system\zyuePyf.exe

Filesize
6.0MB

MD5
d0de3c04e0a84173fbc47138ff0da22d

SHA1
de476e4ad5f2e9a6cbf9ec2329f0caf9a36ed7aa

SHA256
1cee9229da5007f91d9f4d1a8d7fb5f6494cc2379ca64148dabaeb47358e2c4d

SHA512
d428850ac10e0c3d0fc4d74899cd8b5f0a3229077e927c533dae8004608de5cb16225659cd55f396d3faa961533ea97a815a09dbfa52b449d4389b40361f46bb

Download Submit
\Windows\system\NAhAmMU.exe

Filesize
6.0MB

MD5
fb2a32dfa60655002d970824ccb54b45

SHA1
d38534e83e975f71b44646d1186261d5b3f9f31e

SHA256
780774748af772381de57f2654c1d0479074bd85dd4a841e791deb7def96180b

SHA512
e5ac29e89dfc0cfcfcacec8f9a66bf15209a915d721275646bde28ad908db855d0c1e192ed2820d7cbfa4cdb3ee2c1abb2df2e60caeed657ea0b189aabe5f8a0

Download Submit
\Windows\system\NgXqiQi.exe

Filesize
6.0MB

MD5
4ffe41a68e34f199fe36aa39504d74be

SHA1
64624e600bc261b5f34ae0d8f097ca5521f29c99

SHA256
b4b709a1217965e328c61a79c68eb63aa012498b37b789088b95276f52a2be24

SHA512
3e01c05a4fb083e78567dbe236d8d5bf609fe44dcaec513eb08b2b48397d2340e8ad1425639f31bc39af054c522c522561ad19fd6631b420e9fd7bf7730ca644

Download Submit
\Windows\system\bIEaYLY.exe

Filesize
6.0MB

MD5
17848ccb6b4b9b1d2496546398ede084

SHA1
ed5360a7989035db520431206198d1bdbf433052

SHA256
6590b5fb27449037a01023ca4f50200e23b91d1c9173de41242b3fd83480acad

SHA512
20b43d2b3b5e432cbb893f8c9d312abf2ca000f8932c6e71a96da3f06005a503ec421d468f2d1f45ac5cbf36c185546f2aa7374e8ce9dea2e29de9cd131f0551

Download Submit
\Windows\system\fJvtSTh.exe

Filesize
6.0MB

MD5
1a38fee3286d46660fd64958e1cc782b

SHA1
f81d54818155fb6578f89a89a0e57c942581183c

SHA256
c9f52970ae76c6786514130d5694589485a7a20c451370d2e9065292469a4b43

SHA512
56b2839d1ba89c0e3fd58324ff524ad69b2e10f8509351b1c9d5dc6ac69dc0c6fd7051a479cfdf6d6e5fc07c3dea7c056e6087047852de45f06725f33a9a110c

Download Submit
memory/804-20-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/804-4008-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/804-2882-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1464-15-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1464-4001-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1464-2739-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1472-4003-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-2141-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-8-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1860-2579-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2236-2126-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2236-4002-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2215-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2962-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2188-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-0-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-12-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2230-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2434-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2497-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2328-2613-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2129-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2165-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2966-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2150-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2971-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2957-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-2972-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2328-3069-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2700-4007-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-2209-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-2161-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2784-4004-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2183-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2860-4005-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2888-2218-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2888-4006-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download