cobaltstrike | 8ae4f53c80196d084a6a5efae404949328c4eb8d4d95eb7e4b40745006910768

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
03-01-2025 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0a33e48cac738b716ae71b26f9107d41
SHA1

39f9898a35c8ea49c4c378b9dc52fa0da3968105
SHA256

8ae4f53c80196d084a6a5efae404949328c4eb8d4d95eb7e4b40745006910768
SHA512

3229202d0dfab32214e63e7686e9196feef579d5aa070d509daaf19af583e0b1a88e4337a71d251ead6dee332c5a74852072be9a0e022ee19427f678f4857919
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fe-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4e-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d4a-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d55-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-36.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d21-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dc6-51.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dc9-53.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd1-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e3-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e7-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e9-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019570-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019606-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019608-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019604-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d6-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001956c-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019524-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-85.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1976-0-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fe-3.dat	xmrig
behavioral1/files/0x0007000000016d4e-11.dat	xmrig
behavioral1/files/0x0008000000016d4a-7.dat	xmrig
behavioral1/memory/2596-10-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2560-22-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2420-21-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d55-23.dat	xmrig
behavioral1/memory/2712-29-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d71-36.dat	xmrig
behavioral1/memory/2216-35-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2780-43-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d21-34.dat	xmrig
behavioral1/memory/1976-40-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2784-52-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dc6-51.dat	xmrig
behavioral1/memory/2596-46-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0009000000016dc9-53.dat	xmrig
behavioral1/memory/2712-58-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2396-57-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x0008000000016dd1-60.dat	xmrig
behavioral1/memory/2216-65-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e3-71.dat	xmrig
behavioral1/files/0x00050000000194e7-75.dat	xmrig
behavioral1/files/0x00050000000194e9-80.dat	xmrig
behavioral1/files/0x00050000000194f3-88.dat	xmrig
behavioral1/files/0x0005000000019570-105.dat	xmrig
behavioral1/files/0x0005000000019606-130.dat	xmrig
behavioral1/files/0x000500000001961c-151.dat	xmrig
behavioral1/memory/2972-1127-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2644-1145-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2680-1138-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2708-1185-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/1976-1191-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2148-1198-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/1976-1200-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/1620-1202-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/1976-1203-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2780-1306-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3c-181.dat	xmrig
behavioral1/files/0x0005000000019926-170.dat	xmrig
behavioral1/files/0x0005000000019c34-175.dat	xmrig
behavioral1/files/0x00050000000196a1-165.dat	xmrig
behavioral1/files/0x0005000000019667-160.dat	xmrig
behavioral1/files/0x000500000001961e-154.dat	xmrig
behavioral1/files/0x000500000001960c-145.dat	xmrig
behavioral1/files/0x000500000001960a-140.dat	xmrig
behavioral1/files/0x0005000000019608-136.dat	xmrig
behavioral1/files/0x0005000000019604-121.dat	xmrig
behavioral1/files/0x0005000000019605-125.dat	xmrig
behavioral1/files/0x00050000000195d6-115.dat	xmrig
behavioral1/files/0x000500000001958e-110.dat	xmrig
behavioral1/files/0x000500000001956c-100.dat	xmrig
behavioral1/files/0x0005000000019524-95.dat	xmrig
behavioral1/files/0x00050000000194ef-85.dat	xmrig
behavioral1/memory/1976-1510-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2784-1762-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/1976-2092-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2396-2391-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2972-2410-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2560-3472-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2596-3474-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2420-3476-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2712-3583-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2596	mfkqtvb.exe
2420	qHFrNEI.exe
2560	FxVkIqf.exe
2712	AZjFYsv.exe
2216	QTaEDKw.exe
2780	lKHhcex.exe
2784	wrypYmr.exe
2396	cHqcvbS.exe
2972	VIhNumb.exe
2680	lDpiUQs.exe
2644	fyRneRV.exe
2708	GnafNPR.exe
2148	eecwiGu.exe
1620	UdcqgXd.exe
1128	bGESgAW.exe
2908	biIRgVR.exe
2964	GRiljGx.exe
2360	uumzByS.exe
2824	llhdzFE.exe
536	sHthPLm.exe
1340	cMynlPV.exe
2620	FUeYQxh.exe
1404	MtlsjSn.exe
1856	stIYpHX.exe
1752	AVIYHlF.exe
1644	pnqnhyw.exe
2056	YwxBhfD.exe
2468	tybbtep.exe
2308	MmwlqvG.exe
2088	vpgTcTl.exe
1904	iwqtuyF.exe
2672	IoLprdM.exe
448	BDGswJO.exe
296	xSaNVhg.exe
956	SavEUFa.exe
984	LcZEXKQ.exe
1808	skMZEGm.exe
1244	KkPNyMi.exe
376	vvnbcUh.exe
1740	lfInwdy.exe
688	YrXgtvc.exe
1016	KGIHxOT.exe
1400	hxweuTI.exe
968	NPWDlYf.exe
2100	qjJebbV.exe
572	IOckJBc.exe
2400	LyHXiqo.exe
544	KqkysNw.exe
2520	wGKKknS.exe
2392	kiKnTrv.exe
1696	wgnDjJj.exe
1080	rtKwIVP.exe
2508	BJKyiaL.exe
2240	RacjgyF.exe
1580	mwMMtKF.exe
2608	uwegLWf.exe
1684	zliPOlb.exe
2576	KVvFmDa.exe
2236	iDFbQOF.exe
2856	VXsXZbU.exe
2888	mloksZd.exe
2068	iqZPHuH.exe
1932	hNTaGru.exe
2860	UdhcrPb.exe

Loads dropped DLL 64 IoCs

pid	Process
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1976-0-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x00080000000120fe-3.dat	upx
behavioral1/files/0x0007000000016d4e-11.dat	upx
behavioral1/files/0x0008000000016d4a-7.dat	upx
behavioral1/memory/2596-10-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2560-22-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2420-21-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0007000000016d55-23.dat	upx
behavioral1/memory/2712-29-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0007000000016d71-36.dat	upx
behavioral1/memory/2216-35-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2780-43-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0009000000016d21-34.dat	upx
behavioral1/memory/1976-40-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2784-52-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0007000000016dc6-51.dat	upx
behavioral1/memory/2596-46-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x0009000000016dc9-53.dat	upx
behavioral1/memory/2712-58-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2396-57-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x0008000000016dd1-60.dat	upx
behavioral1/memory/2216-65-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x00050000000194e3-71.dat	upx
behavioral1/files/0x00050000000194e7-75.dat	upx
behavioral1/files/0x00050000000194e9-80.dat	upx
behavioral1/files/0x00050000000194f3-88.dat	upx
behavioral1/files/0x0005000000019570-105.dat	upx
behavioral1/files/0x0005000000019606-130.dat	upx
behavioral1/files/0x000500000001961c-151.dat	upx
behavioral1/memory/2972-1127-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2644-1145-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2680-1138-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2708-1185-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2148-1198-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/1620-1202-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2780-1306-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0005000000019c3c-181.dat	upx
behavioral1/files/0x0005000000019926-170.dat	upx
behavioral1/files/0x0005000000019c34-175.dat	upx
behavioral1/files/0x00050000000196a1-165.dat	upx
behavioral1/files/0x0005000000019667-160.dat	upx
behavioral1/files/0x000500000001961e-154.dat	upx
behavioral1/files/0x000500000001960c-145.dat	upx
behavioral1/files/0x000500000001960a-140.dat	upx
behavioral1/files/0x0005000000019608-136.dat	upx
behavioral1/files/0x0005000000019604-121.dat	upx
behavioral1/files/0x0005000000019605-125.dat	upx
behavioral1/files/0x00050000000195d6-115.dat	upx
behavioral1/files/0x000500000001958e-110.dat	upx
behavioral1/files/0x000500000001956c-100.dat	upx
behavioral1/files/0x0005000000019524-95.dat	upx
behavioral1/files/0x00050000000194ef-85.dat	upx
behavioral1/memory/2784-1762-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2396-2391-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2972-2410-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2560-3472-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2596-3474-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2420-3476-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2712-3583-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2780-3594-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2216-3612-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2396-3862-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2972-3879-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2784-3890-0x000000013F040000-0x000000013F394000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DoHOWJe.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGNGWPY.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUnOGix.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmESoqJ.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RrjKCBd.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dlPNqlk.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxXBcch.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKYwJfb.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZvsgbd.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjIUHMI.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKWbamW.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwoPUNS.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLTUBjK.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYlXVEu.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySRrcLc.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMwQAXW.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdrHrYj.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjIzXSS.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHkmwPF.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMJnbPN.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMDnmSw.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngIUano.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Dbtmvfe.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYHmimN.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icWjFQV.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfJpuYK.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFnZDNw.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JFcSFVu.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTVoisL.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fGylKVi.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJxIUgN.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GiLPTsa.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XECIIGe.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGSgcyC.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhyZBxb.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SxrAMMZ.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QyTzvzr.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbasHLK.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yFuVRNp.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEVxrFr.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGhqWkm.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crBXqFB.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIcnLlr.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRgZNny.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyIYRyT.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QagejgS.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfAIfDx.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFdQMAR.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwfrNNb.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJnJwle.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFOqSpn.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PnKfASW.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jIWogRu.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWwccAY.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvfhIVv.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhKpHew.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axekQjS.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZSHeCu.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWMIpLE.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWjmPAW.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBuOOxg.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePmCbNG.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLAyJmQ.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yftBviM.exe	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2596	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1976 wrote to memory of 2596	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1976 wrote to memory of 2596	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1976 wrote to memory of 2560	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1976 wrote to memory of 2560	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1976 wrote to memory of 2560	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1976 wrote to memory of 2420	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1976 wrote to memory of 2420	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1976 wrote to memory of 2420	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1976 wrote to memory of 2712	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1976 wrote to memory of 2712	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1976 wrote to memory of 2712	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1976 wrote to memory of 2216	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1976 wrote to memory of 2216	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1976 wrote to memory of 2216	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1976 wrote to memory of 2780	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1976 wrote to memory of 2780	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1976 wrote to memory of 2780	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1976 wrote to memory of 2784	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1976 wrote to memory of 2784	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1976 wrote to memory of 2784	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1976 wrote to memory of 2396	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1976 wrote to memory of 2396	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1976 wrote to memory of 2396	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1976 wrote to memory of 2972	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1976 wrote to memory of 2972	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1976 wrote to memory of 2972	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1976 wrote to memory of 2680	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1976 wrote to memory of 2680	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1976 wrote to memory of 2680	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1976 wrote to memory of 2644	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1976 wrote to memory of 2644	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1976 wrote to memory of 2644	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1976 wrote to memory of 2708	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1976 wrote to memory of 2708	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1976 wrote to memory of 2708	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1976 wrote to memory of 2148	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1976 wrote to memory of 2148	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1976 wrote to memory of 2148	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1976 wrote to memory of 1620	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1976 wrote to memory of 1620	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1976 wrote to memory of 1620	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1976 wrote to memory of 1128	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1976 wrote to memory of 1128	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1976 wrote to memory of 1128	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1976 wrote to memory of 2908	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1976 wrote to memory of 2908	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1976 wrote to memory of 2908	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1976 wrote to memory of 2964	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1976 wrote to memory of 2964	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1976 wrote to memory of 2964	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1976 wrote to memory of 2360	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1976 wrote to memory of 2360	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1976 wrote to memory of 2360	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1976 wrote to memory of 2824	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1976 wrote to memory of 2824	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1976 wrote to memory of 2824	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1976 wrote to memory of 536	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1976 wrote to memory of 536	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1976 wrote to memory of 536	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1976 wrote to memory of 1340	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1976 wrote to memory of 1340	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1976 wrote to memory of 1340	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1976 wrote to memory of 2620	1976	2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_0a33e48cac738b716ae71b26f9107d41_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\System\mfkqtvb.exe
  C:\Windows\System\mfkqtvb.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\FxVkIqf.exe
  C:\Windows\System\FxVkIqf.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\qHFrNEI.exe
  C:\Windows\System\qHFrNEI.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\AZjFYsv.exe
  C:\Windows\System\AZjFYsv.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\QTaEDKw.exe
  C:\Windows\System\QTaEDKw.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\lKHhcex.exe
  C:\Windows\System\lKHhcex.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\wrypYmr.exe
  C:\Windows\System\wrypYmr.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\cHqcvbS.exe
  C:\Windows\System\cHqcvbS.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\VIhNumb.exe
  C:\Windows\System\VIhNumb.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\lDpiUQs.exe
  C:\Windows\System\lDpiUQs.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\fyRneRV.exe
  C:\Windows\System\fyRneRV.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\GnafNPR.exe
  C:\Windows\System\GnafNPR.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\eecwiGu.exe
  C:\Windows\System\eecwiGu.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\UdcqgXd.exe
  C:\Windows\System\UdcqgXd.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\bGESgAW.exe
  C:\Windows\System\bGESgAW.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\biIRgVR.exe
  C:\Windows\System\biIRgVR.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\GRiljGx.exe
  C:\Windows\System\GRiljGx.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\uumzByS.exe
  C:\Windows\System\uumzByS.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\llhdzFE.exe
  C:\Windows\System\llhdzFE.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\sHthPLm.exe
  C:\Windows\System\sHthPLm.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\cMynlPV.exe
  C:\Windows\System\cMynlPV.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\FUeYQxh.exe
  C:\Windows\System\FUeYQxh.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\MtlsjSn.exe
  C:\Windows\System\MtlsjSn.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\stIYpHX.exe
  C:\Windows\System\stIYpHX.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\AVIYHlF.exe
  C:\Windows\System\AVIYHlF.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\pnqnhyw.exe
  C:\Windows\System\pnqnhyw.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\YwxBhfD.exe
  C:\Windows\System\YwxBhfD.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\tybbtep.exe
  C:\Windows\System\tybbtep.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\MmwlqvG.exe
  C:\Windows\System\MmwlqvG.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\vpgTcTl.exe
  C:\Windows\System\vpgTcTl.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\iwqtuyF.exe
  C:\Windows\System\iwqtuyF.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\IoLprdM.exe
  C:\Windows\System\IoLprdM.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\BDGswJO.exe
  C:\Windows\System\BDGswJO.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\xSaNVhg.exe
  C:\Windows\System\xSaNVhg.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\SavEUFa.exe
  C:\Windows\System\SavEUFa.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\LcZEXKQ.exe
  C:\Windows\System\LcZEXKQ.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\skMZEGm.exe
  C:\Windows\System\skMZEGm.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\KkPNyMi.exe
  C:\Windows\System\KkPNyMi.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\vvnbcUh.exe
  C:\Windows\System\vvnbcUh.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\lfInwdy.exe
  C:\Windows\System\lfInwdy.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\YrXgtvc.exe
  C:\Windows\System\YrXgtvc.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\KGIHxOT.exe
  C:\Windows\System\KGIHxOT.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\hxweuTI.exe
  C:\Windows\System\hxweuTI.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\NPWDlYf.exe
  C:\Windows\System\NPWDlYf.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\qjJebbV.exe
  C:\Windows\System\qjJebbV.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\IOckJBc.exe
  C:\Windows\System\IOckJBc.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\LyHXiqo.exe
  C:\Windows\System\LyHXiqo.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\KqkysNw.exe
  C:\Windows\System\KqkysNw.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\wGKKknS.exe
  C:\Windows\System\wGKKknS.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\kiKnTrv.exe
  C:\Windows\System\kiKnTrv.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\wgnDjJj.exe
  C:\Windows\System\wgnDjJj.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\rtKwIVP.exe
  C:\Windows\System\rtKwIVP.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\BJKyiaL.exe
  C:\Windows\System\BJKyiaL.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\RacjgyF.exe
  C:\Windows\System\RacjgyF.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\mwMMtKF.exe
  C:\Windows\System\mwMMtKF.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\uwegLWf.exe
  C:\Windows\System\uwegLWf.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\zliPOlb.exe
  C:\Windows\System\zliPOlb.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\KVvFmDa.exe
  C:\Windows\System\KVvFmDa.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\iDFbQOF.exe
  C:\Windows\System\iDFbQOF.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\VXsXZbU.exe
  C:\Windows\System\VXsXZbU.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\mloksZd.exe
  C:\Windows\System\mloksZd.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\iqZPHuH.exe
  C:\Windows\System\iqZPHuH.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\hNTaGru.exe
  C:\Windows\System\hNTaGru.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\UdhcrPb.exe
  C:\Windows\System\UdhcrPb.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\XVdynrT.exe
  C:\Windows\System\XVdynrT.exe
  2⤵
  PID:2760
- C:\Windows\System\OeSFFBJ.exe
  C:\Windows\System\OeSFFBJ.exe
  2⤵
  PID:264
- C:\Windows\System\jNQqleI.exe
  C:\Windows\System\jNQqleI.exe
  2⤵
  PID:492
- C:\Windows\System\jTgPJTH.exe
  C:\Windows\System\jTgPJTH.exe
  2⤵
  PID:2732
- C:\Windows\System\nOvifcA.exe
  C:\Windows\System\nOvifcA.exe
  2⤵
  PID:3008
- C:\Windows\System\WbzNEpK.exe
  C:\Windows\System\WbzNEpK.exe
  2⤵
  PID:2704
- C:\Windows\System\josIHYc.exe
  C:\Windows\System\josIHYc.exe
  2⤵
  PID:1992
- C:\Windows\System\HEfRawy.exe
  C:\Windows\System\HEfRawy.exe
  2⤵
  PID:1088
- C:\Windows\System\itmAqXg.exe
  C:\Windows\System\itmAqXg.exe
  2⤵
  PID:1924
- C:\Windows\System\hkIyXyd.exe
  C:\Windows\System\hkIyXyd.exe
  2⤵
  PID:2004
- C:\Windows\System\qTozHzH.exe
  C:\Windows\System\qTozHzH.exe
  2⤵
  PID:576
- C:\Windows\System\olCKYQb.exe
  C:\Windows\System\olCKYQb.exe
  2⤵
  PID:1828
- C:\Windows\System\SSYpugR.exe
  C:\Windows\System\SSYpugR.exe
  2⤵
  PID:1948
- C:\Windows\System\PQoMICj.exe
  C:\Windows\System\PQoMICj.exe
  2⤵
  PID:2160
- C:\Windows\System\TrAObhq.exe
  C:\Windows\System\TrAObhq.exe
  2⤵
  PID:1180
- C:\Windows\System\ePkFSdt.exe
  C:\Windows\System\ePkFSdt.exe
  2⤵
  PID:2080
- C:\Windows\System\SUMBeyU.exe
  C:\Windows\System\SUMBeyU.exe
  2⤵
  PID:2124
- C:\Windows\System\VTDuBmf.exe
  C:\Windows\System\VTDuBmf.exe
  2⤵
  PID:1048
- C:\Windows\System\ilBXZNg.exe
  C:\Windows\System\ilBXZNg.exe
  2⤵
  PID:1548
- C:\Windows\System\BDhmDcQ.exe
  C:\Windows\System\BDhmDcQ.exe
  2⤵
  PID:1864
- C:\Windows\System\XadpIdS.exe
  C:\Windows\System\XadpIdS.exe
  2⤵
  PID:1236
- C:\Windows\System\JlbolVl.exe
  C:\Windows\System\JlbolVl.exe
  2⤵
  PID:952
- C:\Windows\System\vOFZgCZ.exe
  C:\Windows\System\vOFZgCZ.exe
  2⤵
  PID:1732
- C:\Windows\System\ROxTYcd.exe
  C:\Windows\System\ROxTYcd.exe
  2⤵
  PID:1708
- C:\Windows\System\oDENtvD.exe
  C:\Windows\System\oDENtvD.exe
  2⤵
  PID:2356
- C:\Windows\System\LKGGgKs.exe
  C:\Windows\System\LKGGgKs.exe
  2⤵
  PID:760
- C:\Windows\System\NKVPfOV.exe
  C:\Windows\System\NKVPfOV.exe
  2⤵
  PID:2440
- C:\Windows\System\TVqseEX.exe
  C:\Windows\System\TVqseEX.exe
  2⤵
  PID:1492
- C:\Windows\System\BucsidK.exe
  C:\Windows\System\BucsidK.exe
  2⤵
  PID:2296
- C:\Windows\System\CYGrivW.exe
  C:\Windows\System\CYGrivW.exe
  2⤵
  PID:1160
- C:\Windows\System\ZlkfPvm.exe
  C:\Windows\System\ZlkfPvm.exe
  2⤵
  PID:2280
- C:\Windows\System\XEumooi.exe
  C:\Windows\System\XEumooi.exe
  2⤵
  PID:1560
- C:\Windows\System\ubvXqkT.exe
  C:\Windows\System\ubvXqkT.exe
  2⤵
  PID:2272
- C:\Windows\System\nJlyEcU.exe
  C:\Windows\System\nJlyEcU.exe
  2⤵
  PID:2436
- C:\Windows\System\cyHopSM.exe
  C:\Windows\System\cyHopSM.exe
  2⤵
  PID:2412
- C:\Windows\System\uYXqEnp.exe
  C:\Windows\System\uYXqEnp.exe
  2⤵
  PID:2740
- C:\Windows\System\xjnZfin.exe
  C:\Windows\System\xjnZfin.exe
  2⤵
  PID:2900
- C:\Windows\System\kqTRmqA.exe
  C:\Windows\System\kqTRmqA.exe
  2⤵
  PID:3012
- C:\Windows\System\IjoUVzV.exe
  C:\Windows\System\IjoUVzV.exe
  2⤵
  PID:3020
- C:\Windows\System\wSKiFZd.exe
  C:\Windows\System\wSKiFZd.exe
  2⤵
  PID:2668
- C:\Windows\System\mLnRskc.exe
  C:\Windows\System\mLnRskc.exe
  2⤵
  PID:2676
- C:\Windows\System\hrWeryc.exe
  C:\Windows\System\hrWeryc.exe
  2⤵
  PID:2792
- C:\Windows\System\PmKYnua.exe
  C:\Windows\System\PmKYnua.exe
  2⤵
  PID:2932
- C:\Windows\System\twRketo.exe
  C:\Windows\System\twRketo.exe
  2⤵
  PID:2408
- C:\Windows\System\yFuVRNp.exe
  C:\Windows\System\yFuVRNp.exe
  2⤵
  PID:748
- C:\Windows\System\hEVQVMh.exe
  C:\Windows\System\hEVQVMh.exe
  2⤵
  PID:1064
- C:\Windows\System\LJMnqFG.exe
  C:\Windows\System\LJMnqFG.exe
  2⤵
  PID:1060
- C:\Windows\System\LYMyliV.exe
  C:\Windows\System\LYMyliV.exe
  2⤵
  PID:348
- C:\Windows\System\sKEeMOb.exe
  C:\Windows\System\sKEeMOb.exe
  2⤵
  PID:1796
- C:\Windows\System\XZAutWV.exe
  C:\Windows\System\XZAutWV.exe
  2⤵
  PID:548
- C:\Windows\System\evUWrsV.exe
  C:\Windows\System\evUWrsV.exe
  2⤵
  PID:2244
- C:\Windows\System\zCfhBsC.exe
  C:\Windows\System\zCfhBsC.exe
  2⤵
  PID:1512
- C:\Windows\System\LggKdOM.exe
  C:\Windows\System\LggKdOM.exe
  2⤵
  PID:1452
- C:\Windows\System\pEZUpBS.exe
  C:\Windows\System\pEZUpBS.exe
  2⤵
  PID:2612
- C:\Windows\System\rcrncOa.exe
  C:\Windows\System\rcrncOa.exe
  2⤵
  PID:2232
- C:\Windows\System\PrMTLDv.exe
  C:\Windows\System\PrMTLDv.exe
  2⤵
  PID:876
- C:\Windows\System\BWMKgAE.exe
  C:\Windows\System\BWMKgAE.exe
  2⤵
  PID:2564
- C:\Windows\System\XEKqNAC.exe
  C:\Windows\System\XEKqNAC.exe
  2⤵
  PID:2044
- C:\Windows\System\mNEgWva.exe
  C:\Windows\System\mNEgWva.exe
  2⤵
  PID:2212
- C:\Windows\System\plRxIJB.exe
  C:\Windows\System\plRxIJB.exe
  2⤵
  PID:1612
- C:\Windows\System\jEZbNzT.exe
  C:\Windows\System\jEZbNzT.exe
  2⤵
  PID:2864
- C:\Windows\System\rItNJDY.exe
  C:\Windows\System\rItNJDY.exe
  2⤵
  PID:2640
- C:\Windows\System\LXBnTPY.exe
  C:\Windows\System\LXBnTPY.exe
  2⤵
  PID:2796
- C:\Windows\System\GZjUbcQ.exe
  C:\Windows\System\GZjUbcQ.exe
  2⤵
  PID:1104
- C:\Windows\System\zPmhaEJ.exe
  C:\Windows\System\zPmhaEJ.exe
  2⤵
  PID:1176
- C:\Windows\System\lHuAtrb.exe
  C:\Windows\System\lHuAtrb.exe
  2⤵
  PID:2808
- C:\Windows\System\KDBGNqs.exe
  C:\Windows\System\KDBGNqs.exe
  2⤵
  PID:1264
- C:\Windows\System\WAFxgKR.exe
  C:\Windows\System\WAFxgKR.exe
  2⤵
  PID:2616
- C:\Windows\System\WRhBeGp.exe
  C:\Windows\System\WRhBeGp.exe
  2⤵
  PID:1764
- C:\Windows\System\nvsVQlR.exe
  C:\Windows\System\nvsVQlR.exe
  2⤵
  PID:1360
- C:\Windows\System\GfDLLbQ.exe
  C:\Windows\System\GfDLLbQ.exe
  2⤵
  PID:2224
- C:\Windows\System\fducAUS.exe
  C:\Windows\System\fducAUS.exe
  2⤵
  PID:1960
- C:\Windows\System\RJAikBA.exe
  C:\Windows\System\RJAikBA.exe
  2⤵
  PID:2660
- C:\Windows\System\ayBkgPm.exe
  C:\Windows\System\ayBkgPm.exe
  2⤵
  PID:2304
- C:\Windows\System\bUKMckh.exe
  C:\Windows\System\bUKMckh.exe
  2⤵
  PID:2764
- C:\Windows\System\KWbpkJW.exe
  C:\Windows\System\KWbpkJW.exe
  2⤵
  PID:2748
- C:\Windows\System\yLrtWxb.exe
  C:\Windows\System\yLrtWxb.exe
  2⤵
  PID:2628
- C:\Windows\System\ihAKyaO.exe
  C:\Windows\System\ihAKyaO.exe
  2⤵
  PID:1872
- C:\Windows\System\Dbtmvfe.exe
  C:\Windows\System\Dbtmvfe.exe
  2⤵
  PID:2960
- C:\Windows\System\aZLIXnq.exe
  C:\Windows\System\aZLIXnq.exe
  2⤵
  PID:336
- C:\Windows\System\xoCRHbK.exe
  C:\Windows\System\xoCRHbK.exe
  2⤵
  PID:2940
- C:\Windows\System\pMSilMb.exe
  C:\Windows\System\pMSilMb.exe
  2⤵
  PID:2896
- C:\Windows\System\IeMPuwR.exe
  C:\Windows\System\IeMPuwR.exe
  2⤵
  PID:2328
- C:\Windows\System\oeWfhtc.exe
  C:\Windows\System\oeWfhtc.exe
  2⤵
  PID:2716
- C:\Windows\System\LRuFZiY.exe
  C:\Windows\System\LRuFZiY.exe
  2⤵
  PID:3092
- C:\Windows\System\AEVxrFr.exe
  C:\Windows\System\AEVxrFr.exe
  2⤵
  PID:3116
- C:\Windows\System\ZyOKGCJ.exe
  C:\Windows\System\ZyOKGCJ.exe
  2⤵
  PID:3136
- C:\Windows\System\yMYYdNX.exe
  C:\Windows\System\yMYYdNX.exe
  2⤵
  PID:3156
- C:\Windows\System\DvXZZyb.exe
  C:\Windows\System\DvXZZyb.exe
  2⤵
  PID:3176
- C:\Windows\System\CJkGfhs.exe
  C:\Windows\System\CJkGfhs.exe
  2⤵
  PID:3196
- C:\Windows\System\gQTvdtO.exe
  C:\Windows\System\gQTvdtO.exe
  2⤵
  PID:3216
- C:\Windows\System\dSVIMXH.exe
  C:\Windows\System\dSVIMXH.exe
  2⤵
  PID:3236
- C:\Windows\System\fLupJvz.exe
  C:\Windows\System\fLupJvz.exe
  2⤵
  PID:3256
- C:\Windows\System\FCsHLsu.exe
  C:\Windows\System\FCsHLsu.exe
  2⤵
  PID:3276
- C:\Windows\System\roakAhU.exe
  C:\Windows\System\roakAhU.exe
  2⤵
  PID:3296
- C:\Windows\System\EtTlkaT.exe
  C:\Windows\System\EtTlkaT.exe
  2⤵
  PID:3316
- C:\Windows\System\mRkmGHK.exe
  C:\Windows\System\mRkmGHK.exe
  2⤵
  PID:3336
- C:\Windows\System\TpmylRo.exe
  C:\Windows\System\TpmylRo.exe
  2⤵
  PID:3356
- C:\Windows\System\PPpJWVy.exe
  C:\Windows\System\PPpJWVy.exe
  2⤵
  PID:3376
- C:\Windows\System\weAgDIE.exe
  C:\Windows\System\weAgDIE.exe
  2⤵
  PID:3396
- C:\Windows\System\LWtrmwg.exe
  C:\Windows\System\LWtrmwg.exe
  2⤵
  PID:3416
- C:\Windows\System\IDMVfAk.exe
  C:\Windows\System\IDMVfAk.exe
  2⤵
  PID:3436
- C:\Windows\System\kdhkYaY.exe
  C:\Windows\System\kdhkYaY.exe
  2⤵
  PID:3452
- C:\Windows\System\BuHCEtD.exe
  C:\Windows\System\BuHCEtD.exe
  2⤵
  PID:3472
- C:\Windows\System\TSWNEeT.exe
  C:\Windows\System\TSWNEeT.exe
  2⤵
  PID:3496
- C:\Windows\System\xivHFUF.exe
  C:\Windows\System\xivHFUF.exe
  2⤵
  PID:3516
- C:\Windows\System\SzrgPcA.exe
  C:\Windows\System\SzrgPcA.exe
  2⤵
  PID:3536
- C:\Windows\System\IIsIRrK.exe
  C:\Windows\System\IIsIRrK.exe
  2⤵
  PID:3556
- C:\Windows\System\bAmNtht.exe
  C:\Windows\System\bAmNtht.exe
  2⤵
  PID:3572
- C:\Windows\System\iJnABxD.exe
  C:\Windows\System\iJnABxD.exe
  2⤵
  PID:3592
- C:\Windows\System\qyRbHFu.exe
  C:\Windows\System\qyRbHFu.exe
  2⤵
  PID:3616
- C:\Windows\System\FOxzell.exe
  C:\Windows\System\FOxzell.exe
  2⤵
  PID:3636
- C:\Windows\System\fwuGdxN.exe
  C:\Windows\System\fwuGdxN.exe
  2⤵
  PID:3656
- C:\Windows\System\AoZvqMI.exe
  C:\Windows\System\AoZvqMI.exe
  2⤵
  PID:3676
- C:\Windows\System\EusGyWv.exe
  C:\Windows\System\EusGyWv.exe
  2⤵
  PID:3696
- C:\Windows\System\eyfKXLP.exe
  C:\Windows\System\eyfKXLP.exe
  2⤵
  PID:3716
- C:\Windows\System\tCIRqoq.exe
  C:\Windows\System\tCIRqoq.exe
  2⤵
  PID:3736
- C:\Windows\System\kVLoTPl.exe
  C:\Windows\System\kVLoTPl.exe
  2⤵
  PID:3756
- C:\Windows\System\XQlSFiN.exe
  C:\Windows\System\XQlSFiN.exe
  2⤵
  PID:3772
- C:\Windows\System\BDghaTs.exe
  C:\Windows\System\BDghaTs.exe
  2⤵
  PID:3792
- C:\Windows\System\GCpsivv.exe
  C:\Windows\System\GCpsivv.exe
  2⤵
  PID:3816
- C:\Windows\System\tIHNqsi.exe
  C:\Windows\System\tIHNqsi.exe
  2⤵
  PID:3836
- C:\Windows\System\fbhbTHw.exe
  C:\Windows\System\fbhbTHw.exe
  2⤵
  PID:3852
- C:\Windows\System\kKOQtwY.exe
  C:\Windows\System\kKOQtwY.exe
  2⤵
  PID:3876
- C:\Windows\System\xbUdOcp.exe
  C:\Windows\System\xbUdOcp.exe
  2⤵
  PID:3896
- C:\Windows\System\rVxXQQb.exe
  C:\Windows\System\rVxXQQb.exe
  2⤵
  PID:3916
- C:\Windows\System\VsvcNzn.exe
  C:\Windows\System\VsvcNzn.exe
  2⤵
  PID:3936
- C:\Windows\System\lSLNqni.exe
  C:\Windows\System\lSLNqni.exe
  2⤵
  PID:3956
- C:\Windows\System\vqjHzNF.exe
  C:\Windows\System\vqjHzNF.exe
  2⤵
  PID:3976
- C:\Windows\System\pFkAgXy.exe
  C:\Windows\System\pFkAgXy.exe
  2⤵
  PID:3996
- C:\Windows\System\piQYbMQ.exe
  C:\Windows\System\piQYbMQ.exe
  2⤵
  PID:4016
- C:\Windows\System\Ezjuvpq.exe
  C:\Windows\System\Ezjuvpq.exe
  2⤵
  PID:4036
- C:\Windows\System\TRuOQtO.exe
  C:\Windows\System\TRuOQtO.exe
  2⤵
  PID:4056
- C:\Windows\System\zBkEOyi.exe
  C:\Windows\System\zBkEOyi.exe
  2⤵
  PID:4076
- C:\Windows\System\jNRhsXF.exe
  C:\Windows\System\jNRhsXF.exe
  2⤵
  PID:2064
- C:\Windows\System\cDYNlTj.exe
  C:\Windows\System\cDYNlTj.exe
  2⤵
  PID:2484
- C:\Windows\System\UHRUmTt.exe
  C:\Windows\System\UHRUmTt.exe
  2⤵
  PID:1416
- C:\Windows\System\wRYodiP.exe
  C:\Windows\System\wRYodiP.exe
  2⤵
  PID:1044
- C:\Windows\System\kZqPAnk.exe
  C:\Windows\System\kZqPAnk.exe
  2⤵
  PID:1432
- C:\Windows\System\LNJrBHU.exe
  C:\Windows\System\LNJrBHU.exe
  2⤵
  PID:3104
- C:\Windows\System\wMLpUwV.exe
  C:\Windows\System\wMLpUwV.exe
  2⤵
  PID:3088
- C:\Windows\System\ohMPBHc.exe
  C:\Windows\System\ohMPBHc.exe
  2⤵
  PID:3148
- C:\Windows\System\ueSehJn.exe
  C:\Windows\System\ueSehJn.exe
  2⤵
  PID:3192
- C:\Windows\System\jfTDoUb.exe
  C:\Windows\System\jfTDoUb.exe
  2⤵
  PID:3208
- C:\Windows\System\kwYZhBp.exe
  C:\Windows\System\kwYZhBp.exe
  2⤵
  PID:3244
- C:\Windows\System\qiAzUpv.exe
  C:\Windows\System\qiAzUpv.exe
  2⤵
  PID:3284
- C:\Windows\System\TbMUWWF.exe
  C:\Windows\System\TbMUWWF.exe
  2⤵
  PID:3288
- C:\Windows\System\rfuPTLy.exe
  C:\Windows\System\rfuPTLy.exe
  2⤵
  PID:3328
- C:\Windows\System\kMxGOei.exe
  C:\Windows\System\kMxGOei.exe
  2⤵
  PID:3372
- C:\Windows\System\XKzhuCw.exe
  C:\Windows\System\XKzhuCw.exe
  2⤵
  PID:3404
- C:\Windows\System\vJKqRXQ.exe
  C:\Windows\System\vJKqRXQ.exe
  2⤵
  PID:3464
- C:\Windows\System\gKVKSIl.exe
  C:\Windows\System\gKVKSIl.exe
  2⤵
  PID:3484
- C:\Windows\System\GavlaGF.exe
  C:\Windows\System\GavlaGF.exe
  2⤵
  PID:3544
- C:\Windows\System\rBfUMSM.exe
  C:\Windows\System\rBfUMSM.exe
  2⤵
  PID:3528
- C:\Windows\System\wPLsRKk.exe
  C:\Windows\System\wPLsRKk.exe
  2⤵
  PID:3564
- C:\Windows\System\BGsAoKl.exe
  C:\Windows\System\BGsAoKl.exe
  2⤵
  PID:3604
- C:\Windows\System\aMSfrDH.exe
  C:\Windows\System\aMSfrDH.exe
  2⤵
  PID:3668
- C:\Windows\System\GXuCAuI.exe
  C:\Windows\System\GXuCAuI.exe
  2⤵
  PID:3684
- C:\Windows\System\lLAAfkR.exe
  C:\Windows\System\lLAAfkR.exe
  2⤵
  PID:3688
- C:\Windows\System\NOulzXl.exe
  C:\Windows\System\NOulzXl.exe
  2⤵
  PID:3728
- C:\Windows\System\BaeJbXP.exe
  C:\Windows\System\BaeJbXP.exe
  2⤵
  PID:3800
- C:\Windows\System\DhlbKRt.exe
  C:\Windows\System\DhlbKRt.exe
  2⤵
  PID:3812
- C:\Windows\System\AFVsjbs.exe
  C:\Windows\System\AFVsjbs.exe
  2⤵
  PID:3872
- C:\Windows\System\yvpVLau.exe
  C:\Windows\System\yvpVLau.exe
  2⤵
  PID:3904
- C:\Windows\System\jTcnoxF.exe
  C:\Windows\System\jTcnoxF.exe
  2⤵
  PID:3944
- C:\Windows\System\ruhQlre.exe
  C:\Windows\System\ruhQlre.exe
  2⤵
  PID:3932
- C:\Windows\System\PvZNDyV.exe
  C:\Windows\System\PvZNDyV.exe
  2⤵
  PID:3988
- C:\Windows\System\yaZjHKZ.exe
  C:\Windows\System\yaZjHKZ.exe
  2⤵
  PID:4032
- C:\Windows\System\QYaEKVb.exe
  C:\Windows\System\QYaEKVb.exe
  2⤵
  PID:4072
- C:\Windows\System\VxtaFVP.exe
  C:\Windows\System\VxtaFVP.exe
  2⤵
  PID:1076
- C:\Windows\System\iFOqSpn.exe
  C:\Windows\System\iFOqSpn.exe
  2⤵
  PID:4088
- C:\Windows\System\OToYgxb.exe
  C:\Windows\System\OToYgxb.exe
  2⤵
  PID:2180
- C:\Windows\System\tsDihgW.exe
  C:\Windows\System\tsDihgW.exe
  2⤵
  PID:1284
- C:\Windows\System\pcVXOWw.exe
  C:\Windows\System\pcVXOWw.exe
  2⤵
  PID:3128
- C:\Windows\System\lKSnxSs.exe
  C:\Windows\System\lKSnxSs.exe
  2⤵
  PID:3168
- C:\Windows\System\tMlpFja.exe
  C:\Windows\System\tMlpFja.exe
  2⤵
  PID:3272
- C:\Windows\System\dEQVzRu.exe
  C:\Windows\System\dEQVzRu.exe
  2⤵
  PID:3264
- C:\Windows\System\OlzBSQW.exe
  C:\Windows\System\OlzBSQW.exe
  2⤵
  PID:3308
- C:\Windows\System\khVkQHi.exe
  C:\Windows\System\khVkQHi.exe
  2⤵
  PID:3428
- C:\Windows\System\wgTyaAG.exe
  C:\Windows\System\wgTyaAG.exe
  2⤵
  PID:3512
- C:\Windows\System\dqyNbRh.exe
  C:\Windows\System\dqyNbRh.exe
  2⤵
  PID:3488
- C:\Windows\System\yoFUuLz.exe
  C:\Windows\System\yoFUuLz.exe
  2⤵
  PID:3588
- C:\Windows\System\JqgMvnO.exe
  C:\Windows\System\JqgMvnO.exe
  2⤵
  PID:3632
- C:\Windows\System\AEqExVk.exe
  C:\Windows\System\AEqExVk.exe
  2⤵
  PID:3704
- C:\Windows\System\iUbZSnF.exe
  C:\Windows\System\iUbZSnF.exe
  2⤵
  PID:3692
- C:\Windows\System\IImyvaO.exe
  C:\Windows\System\IImyvaO.exe
  2⤵
  PID:3828
- C:\Windows\System\KyxjnRx.exe
  C:\Windows\System\KyxjnRx.exe
  2⤵
  PID:3844
- C:\Windows\System\mKDtfkB.exe
  C:\Windows\System\mKDtfkB.exe
  2⤵
  PID:3952
- C:\Windows\System\JHNoFvU.exe
  C:\Windows\System\JHNoFvU.exe
  2⤵
  PID:4024
- C:\Windows\System\uBpEnys.exe
  C:\Windows\System\uBpEnys.exe
  2⤵
  PID:3992
- C:\Windows\System\usVlYcl.exe
  C:\Windows\System\usVlYcl.exe
  2⤵
  PID:4008
- C:\Windows\System\kwSQpZU.exe
  C:\Windows\System\kwSQpZU.exe
  2⤵
  PID:792
- C:\Windows\System\KhFusPT.exe
  C:\Windows\System\KhFusPT.exe
  2⤵
  PID:4084
- C:\Windows\System\uMEiCyY.exe
  C:\Windows\System\uMEiCyY.exe
  2⤵
  PID:2104
- C:\Windows\System\SqBoFuN.exe
  C:\Windows\System\SqBoFuN.exe
  2⤵
  PID:3084
- C:\Windows\System\aVcrXOp.exe
  C:\Windows\System\aVcrXOp.exe
  2⤵
  PID:3228
- C:\Windows\System\JOgwhcA.exe
  C:\Windows\System\JOgwhcA.exe
  2⤵
  PID:3432
- C:\Windows\System\FqxHwoR.exe
  C:\Windows\System\FqxHwoR.exe
  2⤵
  PID:3532
- C:\Windows\System\IukfaLB.exe
  C:\Windows\System\IukfaLB.exe
  2⤵
  PID:3624
- C:\Windows\System\TWUABIn.exe
  C:\Windows\System\TWUABIn.exe
  2⤵
  PID:3664
- C:\Windows\System\mYHmimN.exe
  C:\Windows\System\mYHmimN.exe
  2⤵
  PID:3768
- C:\Windows\System\wFmRVwg.exe
  C:\Windows\System\wFmRVwg.exe
  2⤵
  PID:3848
- C:\Windows\System\fjYwrRa.exe
  C:\Windows\System\fjYwrRa.exe
  2⤵
  PID:3948
- C:\Windows\System\zLqBLuP.exe
  C:\Windows\System\zLqBLuP.exe
  2⤵
  PID:4048
- C:\Windows\System\PKGEVmf.exe
  C:\Windows\System\PKGEVmf.exe
  2⤵
  PID:2836
- C:\Windows\System\dbkIhcH.exe
  C:\Windows\System\dbkIhcH.exe
  2⤵
  PID:3124
- C:\Windows\System\PPHproi.exe
  C:\Windows\System\PPHproi.exe
  2⤵
  PID:3332
- C:\Windows\System\dWCprEr.exe
  C:\Windows\System\dWCprEr.exe
  2⤵
  PID:2980
- C:\Windows\System\hirsLrn.exe
  C:\Windows\System\hirsLrn.exe
  2⤵
  PID:3672
- C:\Windows\System\YFraCdY.exe
  C:\Windows\System\YFraCdY.exe
  2⤵
  PID:2656
- C:\Windows\System\zFTjuCZ.exe
  C:\Windows\System\zFTjuCZ.exe
  2⤵
  PID:3748
- C:\Windows\System\BSjzTJu.exe
  C:\Windows\System\BSjzTJu.exe
  2⤵
  PID:4112
- C:\Windows\System\LsWFPQl.exe
  C:\Windows\System\LsWFPQl.exe
  2⤵
  PID:4132
- C:\Windows\System\oilFBkX.exe
  C:\Windows\System\oilFBkX.exe
  2⤵
  PID:4152
- C:\Windows\System\LCHSKEI.exe
  C:\Windows\System\LCHSKEI.exe
  2⤵
  PID:4172
- C:\Windows\System\oRpCqqk.exe
  C:\Windows\System\oRpCqqk.exe
  2⤵
  PID:4192
- C:\Windows\System\PIWcgep.exe
  C:\Windows\System\PIWcgep.exe
  2⤵
  PID:4212
- C:\Windows\System\FBVgRVx.exe
  C:\Windows\System\FBVgRVx.exe
  2⤵
  PID:4232
- C:\Windows\System\pOiLhFd.exe
  C:\Windows\System\pOiLhFd.exe
  2⤵
  PID:4252
- C:\Windows\System\VRXgwux.exe
  C:\Windows\System\VRXgwux.exe
  2⤵
  PID:4272
- C:\Windows\System\uvgrIeD.exe
  C:\Windows\System\uvgrIeD.exe
  2⤵
  PID:4292
- C:\Windows\System\LasJihc.exe
  C:\Windows\System\LasJihc.exe
  2⤵
  PID:4312
- C:\Windows\System\tjahCLA.exe
  C:\Windows\System\tjahCLA.exe
  2⤵
  PID:4332
- C:\Windows\System\zArbpqX.exe
  C:\Windows\System\zArbpqX.exe
  2⤵
  PID:4352
- C:\Windows\System\smTDdre.exe
  C:\Windows\System\smTDdre.exe
  2⤵
  PID:4372
- C:\Windows\System\BSydBbZ.exe
  C:\Windows\System\BSydBbZ.exe
  2⤵
  PID:4392
- C:\Windows\System\pXzEWgy.exe
  C:\Windows\System\pXzEWgy.exe
  2⤵
  PID:4412
- C:\Windows\System\fmvSwkq.exe
  C:\Windows\System\fmvSwkq.exe
  2⤵
  PID:4432
- C:\Windows\System\jMqophG.exe
  C:\Windows\System\jMqophG.exe
  2⤵
  PID:4452
- C:\Windows\System\FteDUni.exe
  C:\Windows\System\FteDUni.exe
  2⤵
  PID:4472
- C:\Windows\System\lKSpoqL.exe
  C:\Windows\System\lKSpoqL.exe
  2⤵
  PID:4492
- C:\Windows\System\dfOugPk.exe
  C:\Windows\System\dfOugPk.exe
  2⤵
  PID:4512
- C:\Windows\System\PMBwgwa.exe
  C:\Windows\System\PMBwgwa.exe
  2⤵
  PID:4532
- C:\Windows\System\XpiGgUY.exe
  C:\Windows\System\XpiGgUY.exe
  2⤵
  PID:4552
- C:\Windows\System\HIPlJgq.exe
  C:\Windows\System\HIPlJgq.exe
  2⤵
  PID:4572
- C:\Windows\System\wJPAZsV.exe
  C:\Windows\System\wJPAZsV.exe
  2⤵
  PID:4592
- C:\Windows\System\xwftkhS.exe
  C:\Windows\System\xwftkhS.exe
  2⤵
  PID:4612
- C:\Windows\System\IWACtvC.exe
  C:\Windows\System\IWACtvC.exe
  2⤵
  PID:4632
- C:\Windows\System\OZPGUvk.exe
  C:\Windows\System\OZPGUvk.exe
  2⤵
  PID:4648
- C:\Windows\System\WvKhoAT.exe
  C:\Windows\System\WvKhoAT.exe
  2⤵
  PID:4672
- C:\Windows\System\ewHhSqB.exe
  C:\Windows\System\ewHhSqB.exe
  2⤵
  PID:4692
- C:\Windows\System\ResNSDB.exe
  C:\Windows\System\ResNSDB.exe
  2⤵
  PID:4712
- C:\Windows\System\UWFoBSE.exe
  C:\Windows\System\UWFoBSE.exe
  2⤵
  PID:4732
- C:\Windows\System\yRIueoL.exe
  C:\Windows\System\yRIueoL.exe
  2⤵
  PID:4752
- C:\Windows\System\SOOaGIT.exe
  C:\Windows\System\SOOaGIT.exe
  2⤵
  PID:4768
- C:\Windows\System\fyLQTmr.exe
  C:\Windows\System\fyLQTmr.exe
  2⤵
  PID:4792
- C:\Windows\System\vefuGBZ.exe
  C:\Windows\System\vefuGBZ.exe
  2⤵
  PID:4812
- C:\Windows\System\cdWdqqF.exe
  C:\Windows\System\cdWdqqF.exe
  2⤵
  PID:4832
- C:\Windows\System\BFheqzw.exe
  C:\Windows\System\BFheqzw.exe
  2⤵
  PID:4852
- C:\Windows\System\MBnpwvr.exe
  C:\Windows\System\MBnpwvr.exe
  2⤵
  PID:4872
- C:\Windows\System\GqKQmaL.exe
  C:\Windows\System\GqKQmaL.exe
  2⤵
  PID:4892
- C:\Windows\System\LYEXCEM.exe
  C:\Windows\System\LYEXCEM.exe
  2⤵
  PID:4912
- C:\Windows\System\abEEoVK.exe
  C:\Windows\System\abEEoVK.exe
  2⤵
  PID:4932
- C:\Windows\System\VUVBMxb.exe
  C:\Windows\System\VUVBMxb.exe
  2⤵
  PID:4952
- C:\Windows\System\SufZBNZ.exe
  C:\Windows\System\SufZBNZ.exe
  2⤵
  PID:4972
- C:\Windows\System\mrWhzSu.exe
  C:\Windows\System\mrWhzSu.exe
  2⤵
  PID:4992
- C:\Windows\System\LGOgrWQ.exe
  C:\Windows\System\LGOgrWQ.exe
  2⤵
  PID:5012
- C:\Windows\System\YzaFDoP.exe
  C:\Windows\System\YzaFDoP.exe
  2⤵
  PID:5032
- C:\Windows\System\ozQBWCR.exe
  C:\Windows\System\ozQBWCR.exe
  2⤵
  PID:5052
- C:\Windows\System\mqOUFyF.exe
  C:\Windows\System\mqOUFyF.exe
  2⤵
  PID:5072
- C:\Windows\System\MLRsudh.exe
  C:\Windows\System\MLRsudh.exe
  2⤵
  PID:5092
- C:\Windows\System\TOCOwOm.exe
  C:\Windows\System\TOCOwOm.exe
  2⤵
  PID:5112
- C:\Windows\System\fNThFMb.exe
  C:\Windows\System\fNThFMb.exe
  2⤵
  PID:3864
- C:\Windows\System\adFwFro.exe
  C:\Windows\System\adFwFro.exe
  2⤵
  PID:2904
- C:\Windows\System\rstfzqn.exe
  C:\Windows\System\rstfzqn.exe
  2⤵
  PID:3480
- C:\Windows\System\sFhIsRO.exe
  C:\Windows\System\sFhIsRO.exe
  2⤵
  PID:3524
- C:\Windows\System\zqAOJmZ.exe
  C:\Windows\System\zqAOJmZ.exe
  2⤵
  PID:4100
- C:\Windows\System\RwbWvFZ.exe
  C:\Windows\System\RwbWvFZ.exe
  2⤵
  PID:3752
- C:\Windows\System\DpHgKHK.exe
  C:\Windows\System\DpHgKHK.exe
  2⤵
  PID:4148
- C:\Windows\System\FEkFmed.exe
  C:\Windows\System\FEkFmed.exe
  2⤵
  PID:4160
- C:\Windows\System\UnsEHUj.exe
  C:\Windows\System\UnsEHUj.exe
  2⤵
  PID:4220
- C:\Windows\System\MNXsJGA.exe
  C:\Windows\System\MNXsJGA.exe
  2⤵
  PID:4240
- C:\Windows\System\yeJDnqT.exe
  C:\Windows\System\yeJDnqT.exe
  2⤵
  PID:4264
- C:\Windows\System\zEBvLjJ.exe
  C:\Windows\System\zEBvLjJ.exe
  2⤵
  PID:4308
- C:\Windows\System\wETYwoi.exe
  C:\Windows\System\wETYwoi.exe
  2⤵
  PID:4340
- C:\Windows\System\mFHassc.exe
  C:\Windows\System\mFHassc.exe
  2⤵
  PID:4388
- C:\Windows\System\yYmdSpL.exe
  C:\Windows\System\yYmdSpL.exe
  2⤵
  PID:4364
- C:\Windows\System\NurlPWn.exe
  C:\Windows\System\NurlPWn.exe
  2⤵
  PID:4408
- C:\Windows\System\XiAKXCO.exe
  C:\Windows\System\XiAKXCO.exe
  2⤵
  PID:4468
- C:\Windows\System\NIyLtej.exe
  C:\Windows\System\NIyLtej.exe
  2⤵
  PID:4488
- C:\Windows\System\sIaXwLw.exe
  C:\Windows\System\sIaXwLw.exe
  2⤵
  PID:4540
- C:\Windows\System\XSpVYoZ.exe
  C:\Windows\System\XSpVYoZ.exe
  2⤵
  PID:4560
- C:\Windows\System\TOrTvIz.exe
  C:\Windows\System\TOrTvIz.exe
  2⤵
  PID:4584
- C:\Windows\System\zmXXSar.exe
  C:\Windows\System\zmXXSar.exe
  2⤵
  PID:4656
- C:\Windows\System\XRFQhTs.exe
  C:\Windows\System\XRFQhTs.exe
  2⤵
  PID:4644
- C:\Windows\System\brOsGYn.exe
  C:\Windows\System\brOsGYn.exe
  2⤵
  PID:2488
- C:\Windows\System\VHkxbvd.exe
  C:\Windows\System\VHkxbvd.exe
  2⤵
  PID:4724
- C:\Windows\System\bzyuSEs.exe
  C:\Windows\System\bzyuSEs.exe
  2⤵
  PID:4776
- C:\Windows\System\RgBxocg.exe
  C:\Windows\System\RgBxocg.exe
  2⤵
  PID:1092
- C:\Windows\System\zbFicMS.exe
  C:\Windows\System\zbFicMS.exe
  2⤵
  PID:4820
- C:\Windows\System\kajOIvx.exe
  C:\Windows\System\kajOIvx.exe
  2⤵
  PID:1972
- C:\Windows\System\PUYqCYE.exe
  C:\Windows\System\PUYqCYE.exe
  2⤵
  PID:4848
- C:\Windows\System\NtyTJXI.exe
  C:\Windows\System\NtyTJXI.exe
  2⤵
  PID:4900
- C:\Windows\System\HGPZVol.exe
  C:\Windows\System\HGPZVol.exe
  2⤵
  PID:4888
- C:\Windows\System\DpHoBgA.exe
  C:\Windows\System\DpHoBgA.exe
  2⤵
  PID:4944
- C:\Windows\System\phtDRFb.exe
  C:\Windows\System\phtDRFb.exe
  2⤵
  PID:4924
- C:\Windows\System\yjdbsEb.exe
  C:\Windows\System\yjdbsEb.exe
  2⤵
  PID:4964
- C:\Windows\System\WNQLrui.exe
  C:\Windows\System\WNQLrui.exe
  2⤵
  PID:5008
- C:\Windows\System\GvGaaSs.exe
  C:\Windows\System\GvGaaSs.exe
  2⤵
  PID:5064
- C:\Windows\System\MlCbXwS.exe
  C:\Windows\System\MlCbXwS.exe
  2⤵
  PID:5100
- C:\Windows\System\xxVSDNX.exe
  C:\Windows\System\xxVSDNX.exe
  2⤵
  PID:1860
- C:\Windows\System\FiiBhmH.exe
  C:\Windows\System\FiiBhmH.exe
  2⤵
  PID:3408
- C:\Windows\System\yScZcJz.exe
  C:\Windows\System\yScZcJz.exe
  2⤵
  PID:1256
- C:\Windows\System\QDiDqcY.exe
  C:\Windows\System\QDiDqcY.exe
  2⤵
  PID:3732
- C:\Windows\System\Kqtzzji.exe
  C:\Windows\System\Kqtzzji.exe
  2⤵
  PID:4184
- C:\Windows\System\tDKjcFz.exe
  C:\Windows\System\tDKjcFz.exe
  2⤵
  PID:4164
- C:\Windows\System\uHOmhkf.exe
  C:\Windows\System\uHOmhkf.exe
  2⤵
  PID:2572
- C:\Windows\System\ythVPiK.exe
  C:\Windows\System\ythVPiK.exe
  2⤵
  PID:4244
- C:\Windows\System\oLgSVSV.exe
  C:\Windows\System\oLgSVSV.exe
  2⤵
  PID:4344
- C:\Windows\System\PGdDNbp.exe
  C:\Windows\System\PGdDNbp.exe
  2⤵
  PID:4424
- C:\Windows\System\JVGDerL.exe
  C:\Windows\System\JVGDerL.exe
  2⤵
  PID:2652
- C:\Windows\System\dmEDjVB.exe
  C:\Windows\System\dmEDjVB.exe
  2⤵
  PID:4480
- C:\Windows\System\QZHzcsZ.exe
  C:\Windows\System\QZHzcsZ.exe
  2⤵
  PID:4524
- C:\Windows\System\eqOhLHr.exe
  C:\Windows\System\eqOhLHr.exe
  2⤵
  PID:4580
- C:\Windows\System\uqagsKN.exe
  C:\Windows\System\uqagsKN.exe
  2⤵
  PID:1596
- C:\Windows\System\fMGInYG.exe
  C:\Windows\System\fMGInYG.exe
  2⤵
  PID:4504
- C:\Windows\System\UcieuuZ.exe
  C:\Windows\System\UcieuuZ.exe
  2⤵
  PID:4680
- C:\Windows\System\aZaJmws.exe
  C:\Windows\System\aZaJmws.exe
  2⤵
  PID:4748
- C:\Windows\System\GDhwSnD.exe
  C:\Windows\System\GDhwSnD.exe
  2⤵
  PID:4840
- C:\Windows\System\QWEHzpb.exe
  C:\Windows\System\QWEHzpb.exe
  2⤵
  PID:4904
- C:\Windows\System\kpYhyRq.exe
  C:\Windows\System\kpYhyRq.exe
  2⤵
  PID:4684
- C:\Windows\System\bjCmAYK.exe
  C:\Windows\System\bjCmAYK.exe
  2⤵
  PID:1408
- C:\Windows\System\jERsqUu.exe
  C:\Windows\System\jERsqUu.exe
  2⤵
  PID:1280
- C:\Windows\System\hlXsDYs.exe
  C:\Windows\System\hlXsDYs.exe
  2⤵
  PID:4940
- C:\Windows\System\JFcSFVu.exe
  C:\Windows\System\JFcSFVu.exe
  2⤵
  PID:4984
- C:\Windows\System\ckXQZdS.exe
  C:\Windows\System\ckXQZdS.exe
  2⤵
  PID:5048
- C:\Windows\System\GLeOJRv.exe
  C:\Windows\System\GLeOJRv.exe
  2⤵
  PID:1540
- C:\Windows\System\DxNBHRE.exe
  C:\Windows\System\DxNBHRE.exe
  2⤵
  PID:3908
- C:\Windows\System\XmnIxub.exe
  C:\Windows\System\XmnIxub.exe
  2⤵
  PID:3184
- C:\Windows\System\CZLoiMj.exe
  C:\Windows\System\CZLoiMj.exe
  2⤵
  PID:3584
- C:\Windows\System\kBuOOxg.exe
  C:\Windows\System\kBuOOxg.exe
  2⤵
  PID:4124
- C:\Windows\System\IrRbjdd.exe
  C:\Windows\System\IrRbjdd.exe
  2⤵
  PID:4300
- C:\Windows\System\IMWhSeh.exe
  C:\Windows\System\IMWhSeh.exe
  2⤵
  PID:2720
- C:\Windows\System\wUNWVlV.exe
  C:\Windows\System\wUNWVlV.exe
  2⤵
  PID:4444
- C:\Windows\System\UxaHfEL.exe
  C:\Windows\System\UxaHfEL.exe
  2⤵
  PID:4548
- C:\Windows\System\JhOwnLV.exe
  C:\Windows\System\JhOwnLV.exe
  2⤵
  PID:2132
- C:\Windows\System\OCcxUVt.exe
  C:\Windows\System\OCcxUVt.exe
  2⤵
  PID:2692
- C:\Windows\System\IgsiTsB.exe
  C:\Windows\System\IgsiTsB.exe
  2⤵
  PID:1804
- C:\Windows\System\jjKaOSe.exe
  C:\Windows\System\jjKaOSe.exe
  2⤵
  PID:4564
- C:\Windows\System\SpgqWIF.exe
  C:\Windows\System\SpgqWIF.exe
  2⤵
  PID:1892
- C:\Windows\System\GhTLooZ.exe
  C:\Windows\System\GhTLooZ.exe
  2⤵
  PID:1072
- C:\Windows\System\pXdkNlO.exe
  C:\Windows\System\pXdkNlO.exe
  2⤵
  PID:5080
- C:\Windows\System\NIptitH.exe
  C:\Windows\System\NIptitH.exe
  2⤵
  PID:1576
- C:\Windows\System\CYpHTFx.exe
  C:\Windows\System\CYpHTFx.exe
  2⤵
  PID:3892
- C:\Windows\System\sXaywQA.exe
  C:\Windows\System\sXaywQA.exe
  2⤵
  PID:2164
- C:\Windows\System\nkwILRO.exe
  C:\Windows\System\nkwILRO.exe
  2⤵
  PID:3224
- C:\Windows\System\nGtOhAR.exe
  C:\Windows\System\nGtOhAR.exe
  2⤵
  PID:2036
- C:\Windows\System\xCiSZrs.exe
  C:\Windows\System\xCiSZrs.exe
  2⤵
  PID:4180
- C:\Windows\System\uFzLInl.exe
  C:\Windows\System\uFzLInl.exe
  2⤵
  PID:4268
- C:\Windows\System\mQtKejz.exe
  C:\Windows\System\mQtKejz.exe
  2⤵
  PID:4500
- C:\Windows\System\sVKAhvU.exe
  C:\Windows\System\sVKAhvU.exe
  2⤵
  PID:4628
- C:\Windows\System\ciMDiMP.exe
  C:\Windows\System\ciMDiMP.exe
  2⤵
  PID:2632
- C:\Windows\System\OpDedWr.exe
  C:\Windows\System\OpDedWr.exe
  2⤵
  PID:4928
- C:\Windows\System\vJajCzv.exe
  C:\Windows\System\vJajCzv.exe
  2⤵
  PID:4988
- C:\Windows\System\nJFOeJQ.exe
  C:\Windows\System\nJFOeJQ.exe
  2⤵
  PID:3324
- C:\Windows\System\SEumZfQ.exe
  C:\Windows\System\SEumZfQ.exe
  2⤵
  PID:5004
- C:\Windows\System\IjcbIUh.exe
  C:\Windows\System\IjcbIUh.exe
  2⤵
  PID:4604
- C:\Windows\System\EdsryRR.exe
  C:\Windows\System\EdsryRR.exe
  2⤵
  PID:4804
- C:\Windows\System\HuYIAxc.exe
  C:\Windows\System\HuYIAxc.exe
  2⤵
  PID:4360
- C:\Windows\System\yDyepDh.exe
  C:\Windows\System\yDyepDh.exe
  2⤵
  PID:4188
- C:\Windows\System\vNtlIwm.exe
  C:\Windows\System\vNtlIwm.exe
  2⤵
  PID:1556
- C:\Windows\System\TGFrcrz.exe
  C:\Windows\System\TGFrcrz.exe
  2⤵
  PID:5144
- C:\Windows\System\NOXtLqL.exe
  C:\Windows\System\NOXtLqL.exe
  2⤵
  PID:5168
- C:\Windows\System\gvOaCcV.exe
  C:\Windows\System\gvOaCcV.exe
  2⤵
  PID:5192
- C:\Windows\System\Tqtxwsz.exe
  C:\Windows\System\Tqtxwsz.exe
  2⤵
  PID:5212
- C:\Windows\System\KBMvugO.exe
  C:\Windows\System\KBMvugO.exe
  2⤵
  PID:5252
- C:\Windows\System\GNtTZYY.exe
  C:\Windows\System\GNtTZYY.exe
  2⤵
  PID:5268
- C:\Windows\System\HsovjaN.exe
  C:\Windows\System\HsovjaN.exe
  2⤵
  PID:5284
- C:\Windows\System\hesGUVN.exe
  C:\Windows\System\hesGUVN.exe
  2⤵
  PID:5300
- C:\Windows\System\eujGWhm.exe
  C:\Windows\System\eujGWhm.exe
  2⤵
  PID:5316
- C:\Windows\System\NAuBcNd.exe
  C:\Windows\System\NAuBcNd.exe
  2⤵
  PID:5340
- C:\Windows\System\GHdMmQo.exe
  C:\Windows\System\GHdMmQo.exe
  2⤵
  PID:5364
- C:\Windows\System\foVCbnY.exe
  C:\Windows\System\foVCbnY.exe
  2⤵
  PID:5380
- C:\Windows\System\rBzmHkg.exe
  C:\Windows\System\rBzmHkg.exe
  2⤵
  PID:5404
- C:\Windows\System\VbBELCj.exe
  C:\Windows\System\VbBELCj.exe
  2⤵
  PID:5424
- C:\Windows\System\wxFTjYq.exe
  C:\Windows\System\wxFTjYq.exe
  2⤵
  PID:5444
- C:\Windows\System\VnxwreZ.exe
  C:\Windows\System\VnxwreZ.exe
  2⤵
  PID:5464
- C:\Windows\System\cYjiFpI.exe
  C:\Windows\System\cYjiFpI.exe
  2⤵
  PID:5480
- C:\Windows\System\Ynchmon.exe
  C:\Windows\System\Ynchmon.exe
  2⤵
  PID:5500
- C:\Windows\System\CEcdMWl.exe
  C:\Windows\System\CEcdMWl.exe
  2⤵
  PID:5516
- C:\Windows\System\aepaPxQ.exe
  C:\Windows\System\aepaPxQ.exe
  2⤵
  PID:5532
- C:\Windows\System\bcqylss.exe
  C:\Windows\System\bcqylss.exe
  2⤵
  PID:5556
- C:\Windows\System\oiEIFeD.exe
  C:\Windows\System\oiEIFeD.exe
  2⤵
  PID:5572
- C:\Windows\System\nxVTbLe.exe
  C:\Windows\System\nxVTbLe.exe
  2⤵
  PID:5588
- C:\Windows\System\scxLzJn.exe
  C:\Windows\System\scxLzJn.exe
  2⤵
  PID:5612
- C:\Windows\System\Afwljzt.exe
  C:\Windows\System\Afwljzt.exe
  2⤵
  PID:5636
- C:\Windows\System\wyIYRyT.exe
  C:\Windows\System\wyIYRyT.exe
  2⤵
  PID:5656
- C:\Windows\System\QfhgnCd.exe
  C:\Windows\System\QfhgnCd.exe
  2⤵
  PID:5696
- C:\Windows\System\KoNtoXA.exe
  C:\Windows\System\KoNtoXA.exe
  2⤵
  PID:5712
- C:\Windows\System\JpVqjoX.exe
  C:\Windows\System\JpVqjoX.exe
  2⤵
  PID:5728
- C:\Windows\System\ALJvPYV.exe
  C:\Windows\System\ALJvPYV.exe
  2⤵
  PID:5744
- C:\Windows\System\AeXNsid.exe
  C:\Windows\System\AeXNsid.exe
  2⤵
  PID:5760
- C:\Windows\System\KfpEpPl.exe
  C:\Windows\System\KfpEpPl.exe
  2⤵
  PID:5776
- C:\Windows\System\xyvqzut.exe
  C:\Windows\System\xyvqzut.exe
  2⤵
  PID:5792
- C:\Windows\System\OCmfmzD.exe
  C:\Windows\System\OCmfmzD.exe
  2⤵
  PID:5808
- C:\Windows\System\xJqItlT.exe
  C:\Windows\System\xJqItlT.exe
  2⤵
  PID:5824
- C:\Windows\System\eIHcxET.exe
  C:\Windows\System\eIHcxET.exe
  2⤵
  PID:5840
- C:\Windows\System\DClOIQL.exe
  C:\Windows\System\DClOIQL.exe
  2⤵
  PID:5856
- C:\Windows\System\PanZhdN.exe
  C:\Windows\System\PanZhdN.exe
  2⤵
  PID:5872
- C:\Windows\System\OKfvMGW.exe
  C:\Windows\System\OKfvMGW.exe
  2⤵
  PID:5888
- C:\Windows\System\AUrEqGN.exe
  C:\Windows\System\AUrEqGN.exe
  2⤵
  PID:5904
- C:\Windows\System\OVeyiDq.exe
  C:\Windows\System\OVeyiDq.exe
  2⤵
  PID:5968
- C:\Windows\System\ejLiTeT.exe
  C:\Windows\System\ejLiTeT.exe
  2⤵
  PID:5992
- C:\Windows\System\ypRIBMX.exe
  C:\Windows\System\ypRIBMX.exe
  2⤵
  PID:6008
- C:\Windows\System\ozPTyyI.exe
  C:\Windows\System\ozPTyyI.exe
  2⤵
  PID:6028
- C:\Windows\System\MQLqkhP.exe
  C:\Windows\System\MQLqkhP.exe
  2⤵
  PID:6044
- C:\Windows\System\HKSEZIK.exe
  C:\Windows\System\HKSEZIK.exe
  2⤵
  PID:6060
- C:\Windows\System\lVbXpKc.exe
  C:\Windows\System\lVbXpKc.exe
  2⤵
  PID:6080
- C:\Windows\System\DEutdaT.exe
  C:\Windows\System\DEutdaT.exe
  2⤵
  PID:6100
- C:\Windows\System\cvcQpcW.exe
  C:\Windows\System\cvcQpcW.exe
  2⤵
  PID:6132
- C:\Windows\System\zcCOKon.exe
  C:\Windows\System\zcCOKon.exe
  2⤵
  PID:3068
- C:\Windows\System\WZKMpRK.exe
  C:\Windows\System\WZKMpRK.exe
  2⤵
  PID:1944
- C:\Windows\System\VFMYLVV.exe
  C:\Windows\System\VFMYLVV.exe
  2⤵
  PID:5128
- C:\Windows\System\oDvUgce.exe
  C:\Windows\System\oDvUgce.exe
  2⤵
  PID:5176
- C:\Windows\System\mqhvQIF.exe
  C:\Windows\System\mqhvQIF.exe
  2⤵
  PID:5152
- C:\Windows\System\qmbCiUB.exe
  C:\Windows\System\qmbCiUB.exe
  2⤵
  PID:4428
- C:\Windows\System\hZMPOwR.exe
  C:\Windows\System\hZMPOwR.exe
  2⤵
  PID:5164
- C:\Windows\System\YgVvviw.exe
  C:\Windows\System\YgVvviw.exe
  2⤵
  PID:1568
- C:\Windows\System\gZSHeCu.exe
  C:\Windows\System\gZSHeCu.exe
  2⤵
  PID:5208
- C:\Windows\System\EEkeqQW.exe
  C:\Windows\System\EEkeqQW.exe
  2⤵
  PID:4864
- C:\Windows\System\DWcSycD.exe
  C:\Windows\System\DWcSycD.exe
  2⤵
  PID:5244
- C:\Windows\System\kLNxZiE.exe
  C:\Windows\System\kLNxZiE.exe
  2⤵
  PID:5308
- C:\Windows\System\rSBmEEp.exe
  C:\Windows\System\rSBmEEp.exe
  2⤵
  PID:5260
- C:\Windows\System\hWxWQDY.exe
  C:\Windows\System\hWxWQDY.exe
  2⤵
  PID:5396
- C:\Windows\System\gthoWRL.exe
  C:\Windows\System\gthoWRL.exe
  2⤵
  PID:5324
- C:\Windows\System\EXkzVeF.exe
  C:\Windows\System\EXkzVeF.exe
  2⤵
  PID:5336
- C:\Windows\System\ivzhzuS.exe
  C:\Windows\System\ivzhzuS.exe
  2⤵
  PID:5440
- C:\Windows\System\uRyATtu.exe
  C:\Windows\System\uRyATtu.exe
  2⤵
  PID:5452
- C:\Windows\System\ekDlkto.exe
  C:\Windows\System\ekDlkto.exe
  2⤵
  PID:5664
- C:\Windows\System\eTbhMwn.exe
  C:\Windows\System\eTbhMwn.exe
  2⤵
  PID:5600
- C:\Windows\System\pQPRoHy.exe
  C:\Windows\System\pQPRoHy.exe
  2⤵
  PID:5420
- C:\Windows\System\fFgYQbu.exe
  C:\Windows\System\fFgYQbu.exe
  2⤵
  PID:5644
- C:\Windows\System\PVXPXna.exe
  C:\Windows\System\PVXPXna.exe
  2⤵
  PID:5676
- C:\Windows\System\ElabrIx.exe
  C:\Windows\System\ElabrIx.exe
  2⤵
  PID:5692
- C:\Windows\System\xaYlvYA.exe
  C:\Windows\System\xaYlvYA.exe
  2⤵
  PID:5736
- C:\Windows\System\tsqXSWM.exe
  C:\Windows\System\tsqXSWM.exe
  2⤵
  PID:5756
- C:\Windows\System\LysxMKe.exe
  C:\Windows\System\LysxMKe.exe
  2⤵
  PID:5820
- C:\Windows\System\pLVxXmT.exe
  C:\Windows\System\pLVxXmT.exe
  2⤵
  PID:5884
- C:\Windows\System\EMcVpCw.exe
  C:\Windows\System\EMcVpCw.exe
  2⤵
  PID:5928
- C:\Windows\System\LQEUtlX.exe
  C:\Windows\System\LQEUtlX.exe
  2⤵
  PID:5956
- C:\Windows\System\GHvIbAr.exe
  C:\Windows\System\GHvIbAr.exe
  2⤵
  PID:5772
- C:\Windows\System\cfaSPaF.exe
  C:\Windows\System\cfaSPaF.exe
  2⤵
  PID:5832
- C:\Windows\System\fMQMqRl.exe
  C:\Windows\System\fMQMqRl.exe
  2⤵
  PID:5976
- C:\Windows\System\VixdfMv.exe
  C:\Windows\System\VixdfMv.exe
  2⤵
  PID:6040
- C:\Windows\System\LErAXLe.exe
  C:\Windows\System\LErAXLe.exe
  2⤵
  PID:5984
- C:\Windows\System\DHrVyVV.exe
  C:\Windows\System\DHrVyVV.exe
  2⤵
  PID:6108
- C:\Windows\System\VYGLgaO.exe
  C:\Windows\System\VYGLgaO.exe
  2⤵
  PID:6056
- C:\Windows\System\HmzQmjM.exe
  C:\Windows\System\HmzQmjM.exe
  2⤵
  PID:6140
- C:\Windows\System\oobjxOl.exe
  C:\Windows\System\oobjxOl.exe
  2⤵
  PID:6096
- C:\Windows\System\polpCEI.exe
  C:\Windows\System\polpCEI.exe
  2⤵
  PID:5140
- C:\Windows\System\dUuqnOz.exe
  C:\Windows\System\dUuqnOz.exe
  2⤵
  PID:4284
- C:\Windows\System\pvHwMtB.exe
  C:\Windows\System\pvHwMtB.exe
  2⤵
  PID:4324
- C:\Windows\System\YvISqgR.exe
  C:\Windows\System\YvISqgR.exe
  2⤵
  PID:5224
- C:\Windows\System\MAyHSkX.exe
  C:\Windows\System\MAyHSkX.exe
  2⤵
  PID:5360
- C:\Windows\System\yitwlWi.exe
  C:\Windows\System\yitwlWi.exe
  2⤵
  PID:5332
- C:\Windows\System\PbkSRae.exe
  C:\Windows\System\PbkSRae.exe
  2⤵
  PID:5476
- C:\Windows\System\FaDQVwB.exe
  C:\Windows\System\FaDQVwB.exe
  2⤵
  PID:5552
- C:\Windows\System\hUgyrLv.exe
  C:\Windows\System\hUgyrLv.exe
  2⤵
  PID:5508
- C:\Windows\System\ZKpCtTm.exe
  C:\Windows\System\ZKpCtTm.exe
  2⤵
  PID:5356
- C:\Windows\System\FSUkwyb.exe
  C:\Windows\System\FSUkwyb.exe
  2⤵
  PID:5436
- C:\Windows\System\icOJftu.exe
  C:\Windows\System\icOJftu.exe
  2⤵
  PID:4668
- C:\Windows\System\grmhtsn.exe
  C:\Windows\System\grmhtsn.exe
  2⤵
  PID:5240
- C:\Windows\System\qWNjwno.exe
  C:\Windows\System\qWNjwno.exe
  2⤵
  PID:5492
- C:\Windows\System\NcybLIs.exe
  C:\Windows\System\NcybLIs.exe
  2⤵
  PID:5724
- C:\Windows\System\KsmReGn.exe
  C:\Windows\System\KsmReGn.exe
  2⤵
  PID:5936
- C:\Windows\System\UyGrZuX.exe
  C:\Windows\System\UyGrZuX.exe
  2⤵
  PID:5952
- C:\Windows\System\DjOLjQo.exe
  C:\Windows\System\DjOLjQo.exe
  2⤵
  PID:5528
- C:\Windows\System\wrOXNpY.exe
  C:\Windows\System\wrOXNpY.exe
  2⤵
  PID:5916
- C:\Windows\System\nNAYKfT.exe
  C:\Windows\System\nNAYKfT.exe
  2⤵
  PID:5768
- C:\Windows\System\OnSJJRS.exe
  C:\Windows\System\OnSJJRS.exe
  2⤵
  PID:5896
- C:\Windows\System\AdQnWYy.exe
  C:\Windows\System\AdQnWYy.exe
  2⤵
  PID:5920
- C:\Windows\System\NibKxOP.exe
  C:\Windows\System\NibKxOP.exe
  2⤵
  PID:6020
- C:\Windows\System\VwmeMUM.exe
  C:\Windows\System\VwmeMUM.exe
  2⤵
  PID:6072
- C:\Windows\System\fqerivX.exe
  C:\Windows\System\fqerivX.exe
  2⤵
  PID:4980
- C:\Windows\System\FJVjayF.exe
  C:\Windows\System\FJVjayF.exe
  2⤵
  PID:2128
- C:\Windows\System\WSuCWbj.exe
  C:\Windows\System\WSuCWbj.exe
  2⤵
  PID:6052
- C:\Windows\System\upLqdXC.exe
  C:\Windows\System\upLqdXC.exe
  2⤵
  PID:3460
- C:\Windows\System\WgeeDBa.exe
  C:\Windows\System\WgeeDBa.exe
  2⤵
  PID:5432
- C:\Windows\System\jtjWpit.exe
  C:\Windows\System\jtjWpit.exe
  2⤵
  PID:5548
- C:\Windows\System\BXRiAVv.exe
  C:\Windows\System\BXRiAVv.exe
  2⤵
  PID:5232
- C:\Windows\System\oDGgBbd.exe
  C:\Windows\System\oDGgBbd.exe
  2⤵
  PID:5720
- C:\Windows\System\KrzEoCR.exe
  C:\Windows\System\KrzEoCR.exe
  2⤵
  PID:5980
- C:\Windows\System\OeomyNB.exe
  C:\Windows\System\OeomyNB.exe
  2⤵
  PID:5028
- C:\Windows\System\ZJqdDRm.exe
  C:\Windows\System\ZJqdDRm.exe
  2⤵
  PID:5488
- C:\Windows\System\pNatUaM.exe
  C:\Windows\System\pNatUaM.exe
  2⤵
  PID:5416
- C:\Windows\System\CsDKwNI.exe
  C:\Windows\System\CsDKwNI.exe
  2⤵
  PID:5788
- C:\Windows\System\dUTJCPI.exe
  C:\Windows\System\dUTJCPI.exe
  2⤵
  PID:6024
- C:\Windows\System\UhuoPOj.exe
  C:\Windows\System\UhuoPOj.exe
  2⤵
  PID:5280
- C:\Windows\System\EgRWpHr.exe
  C:\Windows\System\EgRWpHr.exe
  2⤵
  PID:5292
- C:\Windows\System\qlFmtED.exe
  C:\Windows\System\qlFmtED.exe
  2⤵
  PID:5136
- C:\Windows\System\wUALGTu.exe
  C:\Windows\System\wUALGTu.exe
  2⤵
  PID:5948
- C:\Windows\System\QYZWwCu.exe
  C:\Windows\System\QYZWwCu.exe
  2⤵
  PID:5412
- C:\Windows\System\WPvmgJx.exe
  C:\Windows\System\WPvmgJx.exe
  2⤵
  PID:6128
- C:\Windows\System\tzyGDwy.exe
  C:\Windows\System\tzyGDwy.exe
  2⤵
  PID:5388
- C:\Windows\System\LxofTbD.exe
  C:\Windows\System\LxofTbD.exe
  2⤵
  PID:5608
- C:\Windows\System\sfPbrmT.exe
  C:\Windows\System\sfPbrmT.exe
  2⤵
  PID:5688
- C:\Windows\System\NDypjql.exe
  C:\Windows\System\NDypjql.exe
  2⤵
  PID:5392
- C:\Windows\System\bMDOjVw.exe
  C:\Windows\System\bMDOjVw.exe
  2⤵
  PID:5496
- C:\Windows\System\bdIscGL.exe
  C:\Windows\System\bdIscGL.exe
  2⤵
  PID:1912
- C:\Windows\System\DbcZCKp.exe
  C:\Windows\System\DbcZCKp.exe
  2⤵
  PID:6036
- C:\Windows\System\EMtpMgJ.exe
  C:\Windows\System\EMtpMgJ.exe
  2⤵
  PID:6160
- C:\Windows\System\PPQvUAb.exe
  C:\Windows\System\PPQvUAb.exe
  2⤵
  PID:6184
- C:\Windows\System\HXQBtiI.exe
  C:\Windows\System\HXQBtiI.exe
  2⤵
  PID:6200
- C:\Windows\System\AvIbPIg.exe
  C:\Windows\System\AvIbPIg.exe
  2⤵
  PID:6224
- C:\Windows\System\ZjhcoHu.exe
  C:\Windows\System\ZjhcoHu.exe
  2⤵
  PID:6240
- C:\Windows\System\tqETHeG.exe
  C:\Windows\System\tqETHeG.exe
  2⤵
  PID:6256
- C:\Windows\System\rDOYqUf.exe
  C:\Windows\System\rDOYqUf.exe
  2⤵
  PID:6276
- C:\Windows\System\jOPRKCf.exe
  C:\Windows\System\jOPRKCf.exe
  2⤵
  PID:6292
- C:\Windows\System\sDfvnUx.exe
  C:\Windows\System\sDfvnUx.exe
  2⤵
  PID:6308
- C:\Windows\System\KQEZbuJ.exe
  C:\Windows\System\KQEZbuJ.exe
  2⤵
  PID:6324
- C:\Windows\System\WhFlRmS.exe
  C:\Windows\System\WhFlRmS.exe
  2⤵
  PID:6344
- C:\Windows\System\ZeYHsaG.exe
  C:\Windows\System\ZeYHsaG.exe
  2⤵
  PID:6380
- C:\Windows\System\qIJEoTe.exe
  C:\Windows\System\qIJEoTe.exe
  2⤵
  PID:6396
- C:\Windows\System\oSjrkMT.exe
  C:\Windows\System\oSjrkMT.exe
  2⤵
  PID:6412
- C:\Windows\System\cLBicss.exe
  C:\Windows\System\cLBicss.exe
  2⤵
  PID:6432
- C:\Windows\System\KeBvmAm.exe
  C:\Windows\System\KeBvmAm.exe
  2⤵
  PID:6452
- C:\Windows\System\MGiYvMr.exe
  C:\Windows\System\MGiYvMr.exe
  2⤵
  PID:6472
- C:\Windows\System\vWHkbBE.exe
  C:\Windows\System\vWHkbBE.exe
  2⤵
  PID:6500
- C:\Windows\System\mIkchuo.exe
  C:\Windows\System\mIkchuo.exe
  2⤵
  PID:6520
- C:\Windows\System\vcWIFgb.exe
  C:\Windows\System\vcWIFgb.exe
  2⤵
  PID:6540
- C:\Windows\System\eldAmuw.exe
  C:\Windows\System\eldAmuw.exe
  2⤵
  PID:6560
- C:\Windows\System\KPZLrOt.exe
  C:\Windows\System\KPZLrOt.exe
  2⤵
  PID:6576
- C:\Windows\System\aTWzwyN.exe
  C:\Windows\System\aTWzwyN.exe
  2⤵
  PID:6592
- C:\Windows\System\QJqoAce.exe
  C:\Windows\System\QJqoAce.exe
  2⤵
  PID:6624
- C:\Windows\System\SxrAMMZ.exe
  C:\Windows\System\SxrAMMZ.exe
  2⤵
  PID:6640
- C:\Windows\System\dvGlikp.exe
  C:\Windows\System\dvGlikp.exe
  2⤵
  PID:6656
- C:\Windows\System\jIWogRu.exe
  C:\Windows\System\jIWogRu.exe
  2⤵
  PID:6672
- C:\Windows\System\JCzcOBt.exe
  C:\Windows\System\JCzcOBt.exe
  2⤵
  PID:6688
- C:\Windows\System\zHlnaco.exe
  C:\Windows\System\zHlnaco.exe
  2⤵
  PID:6708
- C:\Windows\System\osQruyJ.exe
  C:\Windows\System\osQruyJ.exe
  2⤵
  PID:6728
- C:\Windows\System\VgbCOpZ.exe
  C:\Windows\System\VgbCOpZ.exe
  2⤵
  PID:6764
- C:\Windows\System\CkbtmPv.exe
  C:\Windows\System\CkbtmPv.exe
  2⤵
  PID:6788
- C:\Windows\System\rkYXmWN.exe
  C:\Windows\System\rkYXmWN.exe
  2⤵
  PID:6808
- C:\Windows\System\UcIbSdA.exe
  C:\Windows\System\UcIbSdA.exe
  2⤵
  PID:6824
- C:\Windows\System\ogFNoNN.exe
  C:\Windows\System\ogFNoNN.exe
  2⤵
  PID:6844
- C:\Windows\System\vAtGJNK.exe
  C:\Windows\System\vAtGJNK.exe
  2⤵
  PID:6860
- C:\Windows\System\arbsUcf.exe
  C:\Windows\System\arbsUcf.exe
  2⤵
  PID:6876
- C:\Windows\System\upHqqHw.exe
  C:\Windows\System\upHqqHw.exe
  2⤵
  PID:6896
- C:\Windows\System\fYamuTX.exe
  C:\Windows\System\fYamuTX.exe
  2⤵
  PID:6916
- C:\Windows\System\qGSgcyC.exe
  C:\Windows\System\qGSgcyC.exe
  2⤵
  PID:6932
- C:\Windows\System\EmTiKGL.exe
  C:\Windows\System\EmTiKGL.exe
  2⤵
  PID:6948
- C:\Windows\System\mBEXbCt.exe
  C:\Windows\System\mBEXbCt.exe
  2⤵
  PID:6964
- C:\Windows\System\rvOYuQK.exe
  C:\Windows\System\rvOYuQK.exe
  2⤵
  PID:7012
- C:\Windows\System\hENciSx.exe
  C:\Windows\System\hENciSx.exe
  2⤵
  PID:7028
- C:\Windows\System\ikkgcHW.exe
  C:\Windows\System\ikkgcHW.exe
  2⤵
  PID:7044
- C:\Windows\System\lrKHDeq.exe
  C:\Windows\System\lrKHDeq.exe
  2⤵
  PID:7064
- C:\Windows\System\pvFqNPs.exe
  C:\Windows\System\pvFqNPs.exe
  2⤵
  PID:7080
- C:\Windows\System\dWEEKnI.exe
  C:\Windows\System\dWEEKnI.exe
  2⤵
  PID:7096
- C:\Windows\System\rljjQPi.exe
  C:\Windows\System\rljjQPi.exe
  2⤵
  PID:7112
- C:\Windows\System\VPQbpQD.exe
  C:\Windows\System\VPQbpQD.exe
  2⤵
  PID:7128
- C:\Windows\System\zVoXsbe.exe
  C:\Windows\System\zVoXsbe.exe
  2⤵
  PID:7156
- C:\Windows\System\IlKDsDT.exe
  C:\Windows\System\IlKDsDT.exe
  2⤵
  PID:5220
- C:\Windows\System\nBCjFxQ.exe
  C:\Windows\System\nBCjFxQ.exe
  2⤵
  PID:6168
- C:\Windows\System\CUgqoNN.exe
  C:\Windows\System\CUgqoNN.exe
  2⤵
  PID:6216
- C:\Windows\System\vJYWEkJ.exe
  C:\Windows\System\vJYWEkJ.exe
  2⤵
  PID:6284
- C:\Windows\System\NTVoisL.exe
  C:\Windows\System\NTVoisL.exe
  2⤵
  PID:6232
- C:\Windows\System\HjSNnHa.exe
  C:\Windows\System\HjSNnHa.exe
  2⤵
  PID:6272
- C:\Windows\System\rWEQXhP.exe
  C:\Windows\System\rWEQXhP.exe
  2⤵
  PID:6364
- C:\Windows\System\woqkgci.exe
  C:\Windows\System\woqkgci.exe
  2⤵
  PID:6376
- C:\Windows\System\yhrHBUV.exe
  C:\Windows\System\yhrHBUV.exe
  2⤵
  PID:6440
- C:\Windows\System\eYRigOP.exe
  C:\Windows\System\eYRigOP.exe
  2⤵
  PID:6488
- C:\Windows\System\YcKqmtQ.exe
  C:\Windows\System\YcKqmtQ.exe
  2⤵
  PID:6492
- C:\Windows\System\RhWYlia.exe
  C:\Windows\System\RhWYlia.exe
  2⤵
  PID:6424
- C:\Windows\System\chVLAZp.exe
  C:\Windows\System\chVLAZp.exe
  2⤵
  PID:6536
- C:\Windows\System\PUbjsIA.exe
  C:\Windows\System\PUbjsIA.exe
  2⤵
  PID:6516
- C:\Windows\System\siSFqzB.exe
  C:\Windows\System\siSFqzB.exe
  2⤵
  PID:6680
- C:\Windows\System\ogPNFbu.exe
  C:\Windows\System\ogPNFbu.exe
  2⤵
  PID:6584
- C:\Windows\System\CTLQtKR.exe
  C:\Windows\System\CTLQtKR.exe
  2⤵
  PID:6776
- C:\Windows\System\sJjfXeY.exe
  C:\Windows\System\sJjfXeY.exe
  2⤵
  PID:6556
- C:\Windows\System\SmARzgP.exe
  C:\Windows\System\SmARzgP.exe
  2⤵
  PID:6744
- C:\Windows\System\VZKmRCS.exe
  C:\Windows\System\VZKmRCS.exe
  2⤵
  PID:6752
- C:\Windows\System\jdtcPpJ.exe
  C:\Windows\System\jdtcPpJ.exe
  2⤵
  PID:6852
- C:\Windows\System\mDpzZbJ.exe
  C:\Windows\System\mDpzZbJ.exe
  2⤵
  PID:6892
- C:\Windows\System\XnowOkz.exe
  C:\Windows\System\XnowOkz.exe
  2⤵
  PID:6836
- C:\Windows\System\aokfLWV.exe
  C:\Windows\System\aokfLWV.exe
  2⤵
  PID:6960
- C:\Windows\System\AoHYCUZ.exe
  C:\Windows\System\AoHYCUZ.exe
  2⤵
  PID:6800
- C:\Windows\System\nmrEkdp.exe
  C:\Windows\System\nmrEkdp.exe
  2⤵
  PID:6988
- C:\Windows\System\XAAnZDG.exe
  C:\Windows\System\XAAnZDG.exe
  2⤵
  PID:7088
- C:\Windows\System\jenXFFp.exe
  C:\Windows\System\jenXFFp.exe
  2⤵
  PID:7060
- C:\Windows\System\esoGBct.exe
  C:\Windows\System\esoGBct.exe
  2⤵
  PID:7008
- C:\Windows\System\JnNgHql.exe
  C:\Windows\System\JnNgHql.exe
  2⤵
  PID:6004
- C:\Windows\System\oLhdoSc.exe
  C:\Windows\System\oLhdoSc.exe
  2⤵
  PID:7108
- C:\Windows\System\VwkkyKJ.exe
  C:\Windows\System\VwkkyKJ.exe
  2⤵
  PID:7148
- C:\Windows\System\QjiMwRZ.exe
  C:\Windows\System\QjiMwRZ.exe
  2⤵
  PID:7076
- C:\Windows\System\bJwPlBQ.exe
  C:\Windows\System\bJwPlBQ.exe
  2⤵
  PID:6208
- C:\Windows\System\oKPGdsX.exe
  C:\Windows\System\oKPGdsX.exe
  2⤵
  PID:6316
- C:\Windows\System\rpYlxQZ.exe
  C:\Windows\System\rpYlxQZ.exe
  2⤵
  PID:6248
- C:\Windows\System\jrQDxXq.exe
  C:\Windows\System\jrQDxXq.exe
  2⤵
  PID:6372
- C:\Windows\System\krbYsaB.exe
  C:\Windows\System\krbYsaB.exe
  2⤵
  PID:6304
- C:\Windows\System\hJfzZdl.exe
  C:\Windows\System\hJfzZdl.exe
  2⤵
  PID:6468
- C:\Windows\System\kFsCSgK.exe
  C:\Windows\System\kFsCSgK.exe
  2⤵
  PID:6604
- C:\Windows\System\ewvLUoP.exe
  C:\Windows\System\ewvLUoP.exe
  2⤵
  PID:6648
- C:\Windows\System\MdYsjSS.exe
  C:\Windows\System\MdYsjSS.exe
  2⤵
  PID:6664
- C:\Windows\System\VOQQney.exe
  C:\Windows\System\VOQQney.exe
  2⤵
  PID:6820
- C:\Windows\System\giWPUdC.exe
  C:\Windows\System\giWPUdC.exe
  2⤵
  PID:6736
- C:\Windows\System\TvoDhhY.exe
  C:\Windows\System\TvoDhhY.exe
  2⤵
  PID:6888
- C:\Windows\System\kbOsVYk.exe
  C:\Windows\System\kbOsVYk.exe
  2⤵
  PID:6740
- C:\Windows\System\IlzYFTb.exe
  C:\Windows\System\IlzYFTb.exe
  2⤵
  PID:6912
- C:\Windows\System\HJPbfWa.exe
  C:\Windows\System\HJPbfWa.exe
  2⤵
  PID:6984
- C:\Windows\System\JuhHjzq.exe
  C:\Windows\System\JuhHjzq.exe
  2⤵
  PID:5652
- C:\Windows\System\zErlFnU.exe
  C:\Windows\System\zErlFnU.exe
  2⤵
  PID:6196
- C:\Windows\System\GVCMKHN.exe
  C:\Windows\System\GVCMKHN.exe
  2⤵
  PID:7140
- C:\Windows\System\PnKfASW.exe
  C:\Windows\System\PnKfASW.exe
  2⤵
  PID:7052
- C:\Windows\System\McGKPhn.exe
  C:\Windows\System\McGKPhn.exe
  2⤵
  PID:6340
- C:\Windows\System\jIqrmZV.exe
  C:\Windows\System\jIqrmZV.exe
  2⤵
  PID:6484
- C:\Windows\System\egTAYYO.exe
  C:\Windows\System\egTAYYO.exe
  2⤵
  PID:6832
- C:\Windows\System\WHBiprC.exe
  C:\Windows\System\WHBiprC.exe
  2⤵
  PID:6748
- C:\Windows\System\CifYrNA.exe
  C:\Windows\System\CifYrNA.exe
  2⤵
  PID:6620
- C:\Windows\System\HTboFPq.exe
  C:\Windows\System\HTboFPq.exe
  2⤵
  PID:6956
- C:\Windows\System\CQkTBYv.exe
  C:\Windows\System\CQkTBYv.exe
  2⤵
  PID:7040
- C:\Windows\System\GBYxrfg.exe
  C:\Windows\System\GBYxrfg.exe
  2⤵
  PID:6352
- C:\Windows\System\BVjPFhV.exe
  C:\Windows\System\BVjPFhV.exe
  2⤵
  PID:7124
- C:\Windows\System\SmleUPA.exe
  C:\Windows\System\SmleUPA.exe
  2⤵
  PID:6704
- C:\Windows\System\uJKPTbo.exe
  C:\Windows\System\uJKPTbo.exe
  2⤵
  PID:6700
- C:\Windows\System\QZedTvB.exe
  C:\Windows\System\QZedTvB.exe
  2⤵
  PID:6392
- C:\Windows\System\Gifcwse.exe
  C:\Windows\System\Gifcwse.exe
  2⤵
  PID:6608
- C:\Windows\System\ZNKwKUc.exe
  C:\Windows\System\ZNKwKUc.exe
  2⤵
  PID:6480
- C:\Windows\System\XwRgKkT.exe
  C:\Windows\System\XwRgKkT.exe
  2⤵
  PID:7180
- C:\Windows\System\jgGwNbo.exe
  C:\Windows\System\jgGwNbo.exe
  2⤵
  PID:7196
- C:\Windows\System\xYhlaLq.exe
  C:\Windows\System\xYhlaLq.exe
  2⤵
  PID:7236
- C:\Windows\System\NPyOsMw.exe
  C:\Windows\System\NPyOsMw.exe
  2⤵
  PID:7252
- C:\Windows\System\lIHoUSD.exe
  C:\Windows\System\lIHoUSD.exe
  2⤵
  PID:7268
- C:\Windows\System\MGANGJn.exe
  C:\Windows\System\MGANGJn.exe
  2⤵
  PID:7284
- C:\Windows\System\WECVnNy.exe
  C:\Windows\System\WECVnNy.exe
  2⤵
  PID:7304
- C:\Windows\System\CzUviGC.exe
  C:\Windows\System\CzUviGC.exe
  2⤵
  PID:7320
- C:\Windows\System\pJLslsr.exe
  C:\Windows\System\pJLslsr.exe
  2⤵
  PID:7344
- C:\Windows\System\sBfVBVN.exe
  C:\Windows\System\sBfVBVN.exe
  2⤵
  PID:7360
- C:\Windows\System\ZiesryH.exe
  C:\Windows\System\ZiesryH.exe
  2⤵
  PID:7376
- C:\Windows\System\qvgOukH.exe
  C:\Windows\System\qvgOukH.exe
  2⤵
  PID:7404
- C:\Windows\System\YghGKvt.exe
  C:\Windows\System\YghGKvt.exe
  2⤵
  PID:7436
- C:\Windows\System\BNnFbYS.exe
  C:\Windows\System\BNnFbYS.exe
  2⤵
  PID:7452
- C:\Windows\System\NscvNnH.exe
  C:\Windows\System\NscvNnH.exe
  2⤵
  PID:7468
- C:\Windows\System\ieaGCHw.exe
  C:\Windows\System\ieaGCHw.exe
  2⤵
  PID:7488
- C:\Windows\System\VrtayZs.exe
  C:\Windows\System\VrtayZs.exe
  2⤵
  PID:7504
- C:\Windows\System\DdJhHvs.exe
  C:\Windows\System\DdJhHvs.exe
  2⤵
  PID:7520
- C:\Windows\System\HfnYZdN.exe
  C:\Windows\System\HfnYZdN.exe
  2⤵
  PID:7536
- C:\Windows\System\yrNCvEs.exe
  C:\Windows\System\yrNCvEs.exe
  2⤵
  PID:7556
- C:\Windows\System\dhValHL.exe
  C:\Windows\System\dhValHL.exe
  2⤵
  PID:7576
- C:\Windows\System\hWGZeAB.exe
  C:\Windows\System\hWGZeAB.exe
  2⤵
  PID:7596
- C:\Windows\System\DmgKCcv.exe
  C:\Windows\System\DmgKCcv.exe
  2⤵
  PID:7612
- C:\Windows\System\cDCwKjW.exe
  C:\Windows\System\cDCwKjW.exe
  2⤵
  PID:7628
- C:\Windows\System\YXnwhsZ.exe
  C:\Windows\System\YXnwhsZ.exe
  2⤵
  PID:7652
- C:\Windows\System\ULLOIdr.exe
  C:\Windows\System\ULLOIdr.exe
  2⤵
  PID:7668
- C:\Windows\System\VcGwuJz.exe
  C:\Windows\System\VcGwuJz.exe
  2⤵
  PID:7684
- C:\Windows\System\TQTOCfn.exe
  C:\Windows\System\TQTOCfn.exe
  2⤵
  PID:7708
- C:\Windows\System\xebpnMi.exe
  C:\Windows\System\xebpnMi.exe
  2⤵
  PID:7732
- C:\Windows\System\ErrYwqn.exe
  C:\Windows\System\ErrYwqn.exe
  2⤵
  PID:7752
- C:\Windows\System\CyNmCQa.exe
  C:\Windows\System\CyNmCQa.exe
  2⤵
  PID:7768
- C:\Windows\System\CpyyxAb.exe
  C:\Windows\System\CpyyxAb.exe
  2⤵
  PID:7792
- C:\Windows\System\nSvbncZ.exe
  C:\Windows\System\nSvbncZ.exe
  2⤵
  PID:7812
- C:\Windows\System\ecVpqgo.exe
  C:\Windows\System\ecVpqgo.exe
  2⤵
  PID:7832
- C:\Windows\System\NLCOnyZ.exe
  C:\Windows\System\NLCOnyZ.exe
  2⤵
  PID:7848
- C:\Windows\System\LRAxbmo.exe
  C:\Windows\System\LRAxbmo.exe
  2⤵
  PID:7876
- C:\Windows\System\cKgKFjw.exe
  C:\Windows\System\cKgKFjw.exe
  2⤵
  PID:7892
- C:\Windows\System\DlWikzd.exe
  C:\Windows\System\DlWikzd.exe
  2⤵
  PID:7916
- C:\Windows\System\EUQEGuk.exe
  C:\Windows\System\EUQEGuk.exe
  2⤵
  PID:7932
- C:\Windows\System\nlXUicD.exe
  C:\Windows\System\nlXUicD.exe
  2⤵
  PID:7956
- C:\Windows\System\rhHanEr.exe
  C:\Windows\System\rhHanEr.exe
  2⤵
  PID:7976
- C:\Windows\System\gMEKKzv.exe
  C:\Windows\System\gMEKKzv.exe
  2⤵
  PID:7992
- C:\Windows\System\aJykcwP.exe
  C:\Windows\System\aJykcwP.exe
  2⤵
  PID:8020
- C:\Windows\System\yLaSzEb.exe
  C:\Windows\System\yLaSzEb.exe
  2⤵
  PID:8044
- C:\Windows\System\sAhiBRE.exe
  C:\Windows\System\sAhiBRE.exe
  2⤵
  PID:8072
- C:\Windows\System\yMwQAXW.exe
  C:\Windows\System\yMwQAXW.exe
  2⤵
  PID:8088
- C:\Windows\System\IBfSpzp.exe
  C:\Windows\System\IBfSpzp.exe
  2⤵
  PID:8104
- C:\Windows\System\GYkarof.exe
  C:\Windows\System\GYkarof.exe
  2⤵
  PID:8128
- C:\Windows\System\MCXnkRq.exe
  C:\Windows\System\MCXnkRq.exe
  2⤵
  PID:8148
- C:\Windows\System\YHDJykc.exe
  C:\Windows\System\YHDJykc.exe
  2⤵
  PID:8172
- C:\Windows\System\NmibUlW.exe
  C:\Windows\System\NmibUlW.exe
  2⤵
  PID:7172
- C:\Windows\System\HbAaleS.exe
  C:\Windows\System\HbAaleS.exe
  2⤵
  PID:6884
- C:\Windows\System\oFWgOvl.exe
  C:\Windows\System\oFWgOvl.exe
  2⤵
  PID:6872
- C:\Windows\System\lfgYwjT.exe
  C:\Windows\System\lfgYwjT.exe
  2⤵
  PID:7192
- C:\Windows\System\cUrRHKn.exe
  C:\Windows\System\cUrRHKn.exe
  2⤵
  PID:7220
- C:\Windows\System\LBVfHbh.exe
  C:\Windows\System\LBVfHbh.exe
  2⤵
  PID:7264
- C:\Windows\System\bFctfNF.exe
  C:\Windows\System\bFctfNF.exe
  2⤵
  PID:7300
- C:\Windows\System\DwRcQCb.exe
  C:\Windows\System\DwRcQCb.exe
  2⤵
  PID:7340
- C:\Windows\System\jvVteID.exe
  C:\Windows\System\jvVteID.exe
  2⤵
  PID:7356
- C:\Windows\System\ePmCbNG.exe
  C:\Windows\System\ePmCbNG.exe
  2⤵
  PID:7420
- C:\Windows\System\SeUXuPb.exe
  C:\Windows\System\SeUXuPb.exe
  2⤵
  PID:7312
- C:\Windows\System\wrASwwL.exe
  C:\Windows\System\wrASwwL.exe
  2⤵
  PID:7352
- C:\Windows\System\ZTDfcWd.exe
  C:\Windows\System\ZTDfcWd.exe
  2⤵
  PID:7532
- C:\Windows\System\GQnxhkp.exe
  C:\Windows\System\GQnxhkp.exe
  2⤵
  PID:7604
- C:\Windows\System\VoIDPBd.exe
  C:\Windows\System\VoIDPBd.exe
  2⤵
  PID:7676
- C:\Windows\System\AqiqdEk.exe
  C:\Windows\System\AqiqdEk.exe
  2⤵
  PID:7680
- C:\Windows\System\ZUuabiU.exe
  C:\Windows\System\ZUuabiU.exe
  2⤵
  PID:7764
- C:\Windows\System\szVFJYl.exe
  C:\Windows\System\szVFJYl.exe
  2⤵
  PID:7844
- C:\Windows\System\BEeRLYw.exe
  C:\Windows\System\BEeRLYw.exe
  2⤵
  PID:7544
- C:\Windows\System\PfuhFLL.exe
  C:\Windows\System\PfuhFLL.exe
  2⤵
  PID:7928
- C:\Windows\System\zAiYgQg.exe
  C:\Windows\System\zAiYgQg.exe
  2⤵
  PID:7968
- C:\Windows\System\UJETBjU.exe
  C:\Windows\System\UJETBjU.exe
  2⤵
  PID:8016
- C:\Windows\System\ACfTqZD.exe
  C:\Windows\System\ACfTqZD.exe
  2⤵
  PID:7748
- C:\Windows\System\xJJQQTl.exe
  C:\Windows\System\xJJQQTl.exe
  2⤵
  PID:7788
- C:\Windows\System\MhQBbPj.exe
  C:\Windows\System\MhQBbPj.exe
  2⤵
  PID:7692
- C:\Windows\System\vwoPUNS.exe
  C:\Windows\System\vwoPUNS.exe
  2⤵
  PID:7820
- C:\Windows\System\XMwfGDw.exe
  C:\Windows\System\XMwfGDw.exe
  2⤵
  PID:7700
- C:\Windows\System\lHXEert.exe
  C:\Windows\System\lHXEert.exe
  2⤵
  PID:8052
- C:\Windows\System\FejvEqU.exe
  C:\Windows\System\FejvEqU.exe
  2⤵
  PID:7984
- C:\Windows\System\bZQFXzP.exe
  C:\Windows\System\bZQFXzP.exe
  2⤵
  PID:7872
- C:\Windows\System\SEFzIgh.exe
  C:\Windows\System\SEFzIgh.exe
  2⤵
  PID:8060
- C:\Windows\System\attmgCj.exe
  C:\Windows\System\attmgCj.exe
  2⤵
  PID:8136
- C:\Windows\System\eghDkuT.exe
  C:\Windows\System\eghDkuT.exe
  2⤵
  PID:8168
- C:\Windows\System\ScTeHxH.exe
  C:\Windows\System\ScTeHxH.exe
  2⤵
  PID:6180
- C:\Windows\System\piatSOZ.exe
  C:\Windows\System\piatSOZ.exe
  2⤵
  PID:6636
- C:\Windows\System\fCCbuVM.exe
  C:\Windows\System\fCCbuVM.exe
  2⤵
  PID:7212
- C:\Windows\System\wZnCCHC.exe
  C:\Windows\System\wZnCCHC.exe
  2⤵
  PID:7296
- C:\Windows\System\wqMvQXF.exe
  C:\Windows\System\wqMvQXF.exe
  2⤵
  PID:7428
- C:\Windows\System\Gbszggt.exe
  C:\Windows\System\Gbszggt.exe
  2⤵
  PID:7528
- C:\Windows\System\OMJrLHk.exe
  C:\Windows\System\OMJrLHk.exe
  2⤵
  PID:7648
- C:\Windows\System\fTwaLmC.exe
  C:\Windows\System\fTwaLmC.exe
  2⤵
  PID:7760
- C:\Windows\System\JludNCl.exe
  C:\Windows\System\JludNCl.exe
  2⤵
  PID:7332
- C:\Windows\System\hEFJqqC.exe
  C:\Windows\System\hEFJqqC.exe
  2⤵
  PID:7568
- C:\Windows\System\VxvXLHs.exe
  C:\Windows\System\VxvXLHs.exe
  2⤵
  PID:7584
- C:\Windows\System\eZCOvSs.exe
  C:\Windows\System\eZCOvSs.exe
  2⤵
  PID:7804
- C:\Windows\System\BPthCQf.exe
  C:\Windows\System\BPthCQf.exe
  2⤵
  PID:7744
- C:\Windows\System\DyhRgHP.exe
  C:\Windows\System\DyhRgHP.exe
  2⤵
  PID:7444
- C:\Windows\System\mzkLSXg.exe
  C:\Windows\System\mzkLSXg.exe
  2⤵
  PID:7664
- C:\Windows\System\NyEtWll.exe
  C:\Windows\System\NyEtWll.exe
  2⤵
  PID:7952
- C:\Windows\System\uIsdqtX.exe
  C:\Windows\System\uIsdqtX.exe
  2⤵
  PID:8032
- C:\Windows\System\qlhAutk.exe
  C:\Windows\System\qlhAutk.exe
  2⤵
  PID:7868
- C:\Windows\System\SLYPLnB.exe
  C:\Windows\System\SLYPLnB.exe
  2⤵
  PID:8056
- C:\Windows\System\vcAGOLm.exe
  C:\Windows\System\vcAGOLm.exe
  2⤵
  PID:8120
- C:\Windows\System\WceBSoK.exe
  C:\Windows\System\WceBSoK.exe
  2⤵
  PID:8116
- C:\Windows\System\PlzyykV.exe
  C:\Windows\System\PlzyykV.exe
  2⤵
  PID:6600
- C:\Windows\System\RrjKCBd.exe
  C:\Windows\System\RrjKCBd.exe
  2⤵
  PID:7396
- C:\Windows\System\FqPJRrE.exe
  C:\Windows\System\FqPJRrE.exe
  2⤵
  PID:6720
- C:\Windows\System\BYpqYvf.exe
  C:\Windows\System\BYpqYvf.exe
  2⤵
  PID:7412
- C:\Windows\System\ypcKmzg.exe
  C:\Windows\System\ypcKmzg.exe
  2⤵
  PID:7260
- C:\Windows\System\bCalxyD.exe
  C:\Windows\System\bCalxyD.exe
  2⤵
  PID:7400
- C:\Windows\System\VZjXWJd.exe
  C:\Windows\System\VZjXWJd.exe
  2⤵
  PID:7512
- C:\Windows\System\VDkTKJs.exe
  C:\Windows\System\VDkTKJs.exe
  2⤵
  PID:7392
- C:\Windows\System\SopPKeg.exe
  C:\Windows\System\SopPKeg.exe
  2⤵
  PID:7948
- C:\Windows\System\yznZKBb.exe
  C:\Windows\System\yznZKBb.exe
  2⤵
  PID:7480
- C:\Windows\System\eZKnpyL.exe
  C:\Windows\System\eZKnpyL.exe
  2⤵
  PID:8080
- C:\Windows\System\AiTHvtD.exe
  C:\Windows\System\AiTHvtD.exe
  2⤵
  PID:7924
- C:\Windows\System\yVisRve.exe
  C:\Windows\System\yVisRve.exe
  2⤵
  PID:7780
- C:\Windows\System\KIPJFbv.exe
  C:\Windows\System\KIPJFbv.exe
  2⤵
  PID:8144
- C:\Windows\System\EwpIiTd.exe
  C:\Windows\System\EwpIiTd.exe
  2⤵
  PID:7640
- C:\Windows\System\OOXbeJd.exe
  C:\Windows\System\OOXbeJd.exe
  2⤵
  PID:7500
- C:\Windows\System\OXGhUsq.exe
  C:\Windows\System\OXGhUsq.exe
  2⤵
  PID:8004
- C:\Windows\System\JXoCdMG.exe
  C:\Windows\System\JXoCdMG.exe
  2⤵
  PID:7728
- C:\Windows\System\NHQLEIA.exe
  C:\Windows\System\NHQLEIA.exe
  2⤵
  PID:8124
- C:\Windows\System\AVpslKs.exe
  C:\Windows\System\AVpslKs.exe
  2⤵
  PID:7856
- C:\Windows\System\dFynnAw.exe
  C:\Windows\System\dFynnAw.exe
  2⤵
  PID:7776
- C:\Windows\System\rwpbddv.exe
  C:\Windows\System\rwpbddv.exe
  2⤵
  PID:7388
- C:\Windows\System\xRZnPsF.exe
  C:\Windows\System\xRZnPsF.exe
  2⤵
  PID:8180
- C:\Windows\System\bxkBoUh.exe
  C:\Windows\System\bxkBoUh.exe
  2⤵
  PID:7572
- C:\Windows\System\boiEMCX.exe
  C:\Windows\System\boiEMCX.exe
  2⤵
  PID:7516
- C:\Windows\System\vyoPQhM.exe
  C:\Windows\System\vyoPQhM.exe
  2⤵
  PID:7204
- C:\Windows\System\vaePRKM.exe
  C:\Windows\System\vaePRKM.exe
  2⤵
  PID:8208
- C:\Windows\System\RsOJBau.exe
  C:\Windows\System\RsOJBau.exe
  2⤵
  PID:8228
- C:\Windows\System\FSNVTXQ.exe
  C:\Windows\System\FSNVTXQ.exe
  2⤵
  PID:8260
- C:\Windows\System\BnUipJw.exe
  C:\Windows\System\BnUipJw.exe
  2⤵
  PID:8276
- C:\Windows\System\YkRaAOC.exe
  C:\Windows\System\YkRaAOC.exe
  2⤵
  PID:8292
- C:\Windows\System\WZDkpdA.exe
  C:\Windows\System\WZDkpdA.exe
  2⤵
  PID:8308
- C:\Windows\System\YUMgqFK.exe
  C:\Windows\System\YUMgqFK.exe
  2⤵
  PID:8324
- C:\Windows\System\zPWlqsc.exe
  C:\Windows\System\zPWlqsc.exe
  2⤵
  PID:8344
- C:\Windows\System\ajNmNBa.exe
  C:\Windows\System\ajNmNBa.exe
  2⤵
  PID:8360
- C:\Windows\System\FtlKkKV.exe
  C:\Windows\System\FtlKkKV.exe
  2⤵
  PID:8376
- C:\Windows\System\VjnkUMF.exe
  C:\Windows\System\VjnkUMF.exe
  2⤵
  PID:8392
- C:\Windows\System\YNbLSVx.exe
  C:\Windows\System\YNbLSVx.exe
  2⤵
  PID:8412
- C:\Windows\System\iYhEnEi.exe
  C:\Windows\System\iYhEnEi.exe
  2⤵
  PID:8428
- C:\Windows\System\fPPLktv.exe
  C:\Windows\System\fPPLktv.exe
  2⤵
  PID:8476
- C:\Windows\System\HiLDZmi.exe
  C:\Windows\System\HiLDZmi.exe
  2⤵
  PID:8500
- C:\Windows\System\PFAJAwF.exe
  C:\Windows\System\PFAJAwF.exe
  2⤵
  PID:8520
- C:\Windows\System\UfQZknj.exe
  C:\Windows\System\UfQZknj.exe
  2⤵
  PID:8544
- C:\Windows\System\kdrHrYj.exe
  C:\Windows\System\kdrHrYj.exe
  2⤵
  PID:8560
- C:\Windows\System\oGgOwGp.exe
  C:\Windows\System\oGgOwGp.exe
  2⤵
  PID:8580
- C:\Windows\System\AJxIUgN.exe
  C:\Windows\System\AJxIUgN.exe
  2⤵
  PID:8604
- C:\Windows\System\iUBcgRR.exe
  C:\Windows\System\iUBcgRR.exe
  2⤵
  PID:8620
- C:\Windows\System\bQruMOf.exe
  C:\Windows\System\bQruMOf.exe
  2⤵
  PID:8640
- C:\Windows\System\hfzHejF.exe
  C:\Windows\System\hfzHejF.exe
  2⤵
  PID:8680
- C:\Windows\System\htdBhwC.exe
  C:\Windows\System\htdBhwC.exe
  2⤵
  PID:8696
- C:\Windows\System\hFzsakI.exe
  C:\Windows\System\hFzsakI.exe
  2⤵
  PID:8716
- C:\Windows\System\eXwmycU.exe
  C:\Windows\System\eXwmycU.exe
  2⤵
  PID:8736
- C:\Windows\System\sgDxjhI.exe
  C:\Windows\System\sgDxjhI.exe
  2⤵
  PID:8756
- C:\Windows\System\WFjejBz.exe
  C:\Windows\System\WFjejBz.exe
  2⤵
  PID:8780
- C:\Windows\System\OysvnDN.exe
  C:\Windows\System\OysvnDN.exe
  2⤵
  PID:8796
- C:\Windows\System\HPHHYdG.exe
  C:\Windows\System\HPHHYdG.exe
  2⤵
  PID:8816
- C:\Windows\System\JPGVopi.exe
  C:\Windows\System\JPGVopi.exe
  2⤵
  PID:8832
- C:\Windows\System\PDVCZlP.exe
  C:\Windows\System\PDVCZlP.exe
  2⤵
  PID:8852
- C:\Windows\System\RYXPLhY.exe
  C:\Windows\System\RYXPLhY.exe
  2⤵
  PID:8868
- C:\Windows\System\zEWGXnv.exe
  C:\Windows\System\zEWGXnv.exe
  2⤵
  PID:8884
- C:\Windows\System\fPDisgD.exe
  C:\Windows\System\fPDisgD.exe
  2⤵
  PID:8904
- C:\Windows\System\cXyzYAb.exe
  C:\Windows\System\cXyzYAb.exe
  2⤵
  PID:8944
- C:\Windows\System\bIeipqA.exe
  C:\Windows\System\bIeipqA.exe
  2⤵
  PID:8960
- C:\Windows\System\fGKEHvG.exe
  C:\Windows\System\fGKEHvG.exe
  2⤵
  PID:8980
- C:\Windows\System\vliIccO.exe
  C:\Windows\System\vliIccO.exe
  2⤵
  PID:8996
- C:\Windows\System\fPpvKku.exe
  C:\Windows\System\fPpvKku.exe
  2⤵
  PID:9012
- C:\Windows\System\fFVFHLA.exe
  C:\Windows\System\fFVFHLA.exe
  2⤵
  PID:9044
- C:\Windows\System\BSVzQFW.exe
  C:\Windows\System\BSVzQFW.exe
  2⤵
  PID:9060
- C:\Windows\System\MtHfozK.exe
  C:\Windows\System\MtHfozK.exe
  2⤵
  PID:9076
- C:\Windows\System\QnkSIFm.exe
  C:\Windows\System\QnkSIFm.exe
  2⤵
  PID:9096
- C:\Windows\System\beheevQ.exe
  C:\Windows\System\beheevQ.exe
  2⤵
  PID:9120
- C:\Windows\System\zMdLinb.exe
  C:\Windows\System\zMdLinb.exe
  2⤵
  PID:9140
- C:\Windows\System\KifGDtp.exe
  C:\Windows\System\KifGDtp.exe
  2⤵
  PID:9156
- C:\Windows\System\VwQHOEa.exe
  C:\Windows\System\VwQHOEa.exe
  2⤵
  PID:9176
- C:\Windows\System\WUKQwgm.exe
  C:\Windows\System\WUKQwgm.exe
  2⤵
  PID:9192
- C:\Windows\System\OhUZUcB.exe
  C:\Windows\System\OhUZUcB.exe
  2⤵
  PID:9212
- C:\Windows\System\nUNMSDZ.exe
  C:\Windows\System\nUNMSDZ.exe
  2⤵
  PID:8188
- C:\Windows\System\LliGTct.exe
  C:\Windows\System\LliGTct.exe
  2⤵
  PID:8244
- C:\Windows\System\wDqgsFI.exe
  C:\Windows\System\wDqgsFI.exe
  2⤵
  PID:7912
- C:\Windows\System\BpahebD.exe
  C:\Windows\System\BpahebD.exe
  2⤵
  PID:8220
- C:\Windows\System\FKGGgaI.exe
  C:\Windows\System\FKGGgaI.exe
  2⤵
  PID:8320
- C:\Windows\System\Vytdwsm.exe
  C:\Windows\System\Vytdwsm.exe
  2⤵
  PID:8356
- C:\Windows\System\yqegTUb.exe
  C:\Windows\System\yqegTUb.exe
  2⤵
  PID:8300
- C:\Windows\System\Tsxouhn.exe
  C:\Windows\System\Tsxouhn.exe
  2⤵
  PID:8340
- C:\Windows\System\YzMGgVz.exe
  C:\Windows\System\YzMGgVz.exe
  2⤵
  PID:8440
- C:\Windows\System\CHHnEXV.exe
  C:\Windows\System\CHHnEXV.exe
  2⤵
  PID:8452
- C:\Windows\System\GLJRtHE.exe
  C:\Windows\System\GLJRtHE.exe
  2⤵
  PID:8496
- C:\Windows\System\SVodBZT.exe
  C:\Windows\System\SVodBZT.exe
  2⤵
  PID:8512
- C:\Windows\System\sOyPDtq.exe
  C:\Windows\System\sOyPDtq.exe
  2⤵
  PID:8556
- C:\Windows\System\WuYBDMH.exe
  C:\Windows\System\WuYBDMH.exe
  2⤵
  PID:8588
- C:\Windows\System\lLGLcjK.exe
  C:\Windows\System\lLGLcjK.exe
  2⤵
  PID:8656
- C:\Windows\System\OalfIzQ.exe
  C:\Windows\System\OalfIzQ.exe
  2⤵
  PID:8688
- C:\Windows\System\owNQnSi.exe
  C:\Windows\System\owNQnSi.exe
  2⤵
  PID:8712
- C:\Windows\System\bROtKAv.exe
  C:\Windows\System\bROtKAv.exe
  2⤵
  PID:8744
- C:\Windows\System\jJahbvQ.exe
  C:\Windows\System\jJahbvQ.exe
  2⤵
  PID:8768
- C:\Windows\System\YErXvzi.exe
  C:\Windows\System\YErXvzi.exe
  2⤵
  PID:8792
- C:\Windows\System\VzkXmcu.exe
  C:\Windows\System\VzkXmcu.exe
  2⤵
  PID:8812
- C:\Windows\System\eRQEXqw.exe
  C:\Windows\System\eRQEXqw.exe
  2⤵
  PID:8864
- C:\Windows\System\kojKzHy.exe
  C:\Windows\System\kojKzHy.exe
  2⤵
  PID:8900
- C:\Windows\System\YnwWkRp.exe
  C:\Windows\System\YnwWkRp.exe
  2⤵
  PID:8912
- C:\Windows\System\PsicaWk.exe
  C:\Windows\System\PsicaWk.exe
  2⤵
  PID:8952
- C:\Windows\System\uhTCvFz.exe
  C:\Windows\System\uhTCvFz.exe
  2⤵
  PID:9028
- C:\Windows\System\obwcsRA.exe
  C:\Windows\System\obwcsRA.exe
  2⤵
  PID:9036
- C:\Windows\System\vbaNbvh.exe
  C:\Windows\System\vbaNbvh.exe
  2⤵
  PID:9052
- C:\Windows\System\Rkbcqrc.exe
  C:\Windows\System\Rkbcqrc.exe
  2⤵
  PID:9104
- C:\Windows\System\BPAKvZI.exe
  C:\Windows\System\BPAKvZI.exe
  2⤵
  PID:9092
- C:\Windows\System\icWjFQV.exe
  C:\Windows\System\icWjFQV.exe
  2⤵
  PID:9084
- C:\Windows\System\zrmuyNO.exe
  C:\Windows\System\zrmuyNO.exe
  2⤵
  PID:8256
- C:\Windows\System\PwtMTWj.exe
  C:\Windows\System\PwtMTWj.exe
  2⤵
  PID:8284
- C:\Windows\System\UHckOHk.exe
  C:\Windows\System\UHckOHk.exe
  2⤵
  PID:9204
- C:\Windows\System\tEErSJM.exe
  C:\Windows\System\tEErSJM.exe
  2⤵
  PID:9164
- C:\Windows\System\hBNFtjK.exe
  C:\Windows\System\hBNFtjK.exe
  2⤵
  PID:8408
- C:\Windows\System\GwIlosA.exe
  C:\Windows\System\GwIlosA.exe
  2⤵
  PID:8472
- C:\Windows\System\trvVqAD.exe
  C:\Windows\System\trvVqAD.exe
  2⤵
  PID:8444
- C:\Windows\System\pZqBBjI.exe
  C:\Windows\System\pZqBBjI.exe
  2⤵
  PID:8352
- C:\Windows\System\fukdbpC.exe
  C:\Windows\System\fukdbpC.exe
  2⤵
  PID:8336
- C:\Windows\System\WvZMBVl.exe
  C:\Windows\System\WvZMBVl.exe
  2⤵
  PID:8600
- C:\Windows\System\mMjIYkE.exe
  C:\Windows\System\mMjIYkE.exe
  2⤵
  PID:8692
- C:\Windows\System\HSFlfOL.exe
  C:\Windows\System\HSFlfOL.exe
  2⤵
  PID:8764
- C:\Windows\System\oKOlLyz.exe
  C:\Windows\System\oKOlLyz.exe
  2⤵
  PID:8828
- C:\Windows\System\nFlinxY.exe
  C:\Windows\System\nFlinxY.exe
  2⤵
  PID:8672
- C:\Windows\System\tbozThn.exe
  C:\Windows\System\tbozThn.exe
  2⤵
  PID:9032
- C:\Windows\System\UcBhEGl.exe
  C:\Windows\System\UcBhEGl.exe
  2⤵
  PID:9072
- C:\Windows\System\SMyoAvi.exe
  C:\Windows\System\SMyoAvi.exe
  2⤵
  PID:8988
- C:\Windows\System\jMgTsoM.exe
  C:\Windows\System\jMgTsoM.exe
  2⤵
  PID:8972
- C:\Windows\System\xjtKOtw.exe
  C:\Windows\System\xjtKOtw.exe
  2⤵
  PID:7372
- C:\Windows\System\ttKgkQa.exe
  C:\Windows\System\ttKgkQa.exe
  2⤵
  PID:8252
- C:\Windows\System\sOKkZEJ.exe
  C:\Windows\System\sOKkZEJ.exe
  2⤵
  PID:9200
- C:\Windows\System\dOyfRSs.exe
  C:\Windows\System\dOyfRSs.exe
  2⤵
  PID:9168
- C:\Windows\System\jfkSFyQ.exe
  C:\Windows\System\jfkSFyQ.exe
  2⤵
  PID:8540
- C:\Windows\System\ZzriyMF.exe
  C:\Windows\System\ZzriyMF.exe
  2⤵
  PID:8372
- C:\Windows\System\LgraERd.exe
  C:\Windows\System\LgraERd.exe
  2⤵
  PID:8612
- C:\Windows\System\pQOrTTa.exe
  C:\Windows\System\pQOrTTa.exe
  2⤵
  PID:992
- C:\Windows\System\bPeSLZY.exe
  C:\Windows\System\bPeSLZY.exe
  2⤵
  PID:8708
- C:\Windows\System\eHqKBbY.exe
  C:\Windows\System\eHqKBbY.exe
  2⤵
  PID:8652
- C:\Windows\System\ssuiUtN.exe
  C:\Windows\System\ssuiUtN.exe
  2⤵
  PID:9020
- C:\Windows\System\jhapCvP.exe
  C:\Windows\System\jhapCvP.exe
  2⤵
  PID:8236
- C:\Windows\System\eCAqdSF.exe
  C:\Windows\System\eCAqdSF.exe
  2⤵
  PID:9008
- C:\Windows\System\sJPvQCU.exe
  C:\Windows\System\sJPvQCU.exe
  2⤵
  PID:9152
- C:\Windows\System\JGMxZhL.exe
  C:\Windows\System\JGMxZhL.exe
  2⤵
  PID:8272
- C:\Windows\System\LRMzoXf.exe
  C:\Windows\System\LRMzoXf.exe
  2⤵
  PID:7888
- C:\Windows\System\vsmWmFN.exe
  C:\Windows\System\vsmWmFN.exe
  2⤵
  PID:8628
- C:\Windows\System\mccCaTf.exe
  C:\Windows\System\mccCaTf.exe
  2⤵
  PID:8748
- C:\Windows\System\qPJIvSk.exe
  C:\Windows\System\qPJIvSk.exe
  2⤵
  PID:9108
- C:\Windows\System\uNkJjyK.exe
  C:\Windows\System\uNkJjyK.exe
  2⤵
  PID:8940
- C:\Windows\System\mDQJCnR.exe
  C:\Windows\System\mDQJCnR.exe
  2⤵
  PID:9132
- C:\Windows\System\SnNyfhs.exe
  C:\Windows\System\SnNyfhs.exe
  2⤵
  PID:9172
- C:\Windows\System\avISeTJ.exe
  C:\Windows\System\avISeTJ.exe
  2⤵
  PID:8632
- C:\Windows\System\GDKBqLF.exe
  C:\Windows\System\GDKBqLF.exe
  2⤵
  PID:9136
- C:\Windows\System\PiWgQqV.exe
  C:\Windows\System\PiWgQqV.exe
  2⤵
  PID:8932
- C:\Windows\System\sPvguiI.exe
  C:\Windows\System\sPvguiI.exe
  2⤵
  PID:8860
- C:\Windows\System\BvtZmzD.exe
  C:\Windows\System\BvtZmzD.exe
  2⤵
  PID:8532
- C:\Windows\System\lwDfeis.exe
  C:\Windows\System\lwDfeis.exe
  2⤵
  PID:8916
- C:\Windows\System\bXiQtpT.exe
  C:\Windows\System\bXiQtpT.exe
  2⤵
  PID:8508
- C:\Windows\System\xbrLgsG.exe
  C:\Windows\System\xbrLgsG.exe
  2⤵
  PID:9188
- C:\Windows\System\xpuevvK.exe
  C:\Windows\System\xpuevvK.exe
  2⤵
  PID:9224
- C:\Windows\System\NgQDpCy.exe
  C:\Windows\System\NgQDpCy.exe
  2⤵
  PID:9244
- C:\Windows\System\PWxFQoR.exe
  C:\Windows\System\PWxFQoR.exe
  2⤵
  PID:9264
- C:\Windows\System\HahNFay.exe
  C:\Windows\System\HahNFay.exe
  2⤵
  PID:9280
- C:\Windows\System\wBnTFKC.exe
  C:\Windows\System\wBnTFKC.exe
  2⤵
  PID:9304
- C:\Windows\System\PeSvphG.exe
  C:\Windows\System\PeSvphG.exe
  2⤵
  PID:9320
- C:\Windows\System\ePBgDAX.exe
  C:\Windows\System\ePBgDAX.exe
  2⤵
  PID:9344
- C:\Windows\System\BnFKees.exe
  C:\Windows\System\BnFKees.exe
  2⤵
  PID:9364
- C:\Windows\System\MheMXvo.exe
  C:\Windows\System\MheMXvo.exe
  2⤵
  PID:9380
- C:\Windows\System\fZFYSUc.exe
  C:\Windows\System\fZFYSUc.exe
  2⤵
  PID:9404
- C:\Windows\System\bEvwxNQ.exe
  C:\Windows\System\bEvwxNQ.exe
  2⤵
  PID:9420
- C:\Windows\System\LWqxRsp.exe
  C:\Windows\System\LWqxRsp.exe
  2⤵
  PID:9436
- C:\Windows\System\dTpbzFW.exe
  C:\Windows\System\dTpbzFW.exe
  2⤵
  PID:9452
- C:\Windows\System\dDCbpeC.exe
  C:\Windows\System\dDCbpeC.exe
  2⤵
  PID:9476
- C:\Windows\System\kVToukf.exe
  C:\Windows\System\kVToukf.exe
  2⤵
  PID:9500
- C:\Windows\System\uxZFMTe.exe
  C:\Windows\System\uxZFMTe.exe
  2⤵
  PID:9520
- C:\Windows\System\TqWPICG.exe
  C:\Windows\System\TqWPICG.exe
  2⤵
  PID:9536
- C:\Windows\System\sMelDLg.exe
  C:\Windows\System\sMelDLg.exe
  2⤵
  PID:9556
- C:\Windows\System\zjPJevt.exe
  C:\Windows\System\zjPJevt.exe
  2⤵
  PID:9576
- C:\Windows\System\ydqUjIn.exe
  C:\Windows\System\ydqUjIn.exe
  2⤵
  PID:9600
- C:\Windows\System\mAYzCkc.exe
  C:\Windows\System\mAYzCkc.exe
  2⤵
  PID:9624
- C:\Windows\System\jlbpEsU.exe
  C:\Windows\System\jlbpEsU.exe
  2⤵
  PID:9648
- C:\Windows\System\uaLeuyR.exe
  C:\Windows\System\uaLeuyR.exe
  2⤵
  PID:9664
- C:\Windows\System\VYtiOei.exe
  C:\Windows\System\VYtiOei.exe
  2⤵
  PID:9680
- C:\Windows\System\lWiBOwQ.exe
  C:\Windows\System\lWiBOwQ.exe
  2⤵
  PID:9708
- C:\Windows\System\HVzzQZn.exe
  C:\Windows\System\HVzzQZn.exe
  2⤵
  PID:9728
- C:\Windows\System\FlHqjHX.exe
  C:\Windows\System\FlHqjHX.exe
  2⤵
  PID:9744
- C:\Windows\System\eAIeRoh.exe
  C:\Windows\System\eAIeRoh.exe
  2⤵
  PID:9760
- C:\Windows\System\hcJyvEm.exe
  C:\Windows\System\hcJyvEm.exe
  2⤵
  PID:9780
- C:\Windows\System\nPpaNwX.exe
  C:\Windows\System\nPpaNwX.exe
  2⤵
  PID:9804
- C:\Windows\System\MIiFsAb.exe
  C:\Windows\System\MIiFsAb.exe
  2⤵
  PID:9820
- C:\Windows\System\DTUzHAE.exe
  C:\Windows\System\DTUzHAE.exe
  2⤵
  PID:9836
- C:\Windows\System\lRkRwOO.exe
  C:\Windows\System\lRkRwOO.exe
  2⤵
  PID:9856
- C:\Windows\System\yfxcggj.exe
  C:\Windows\System\yfxcggj.exe
  2⤵
  PID:9876
- C:\Windows\System\RlfdFzn.exe
  C:\Windows\System\RlfdFzn.exe
  2⤵
  PID:9896
- C:\Windows\System\LjYveck.exe
  C:\Windows\System\LjYveck.exe
  2⤵
  PID:9912
- C:\Windows\System\UtdPgFP.exe
  C:\Windows\System\UtdPgFP.exe
  2⤵
  PID:9932
- C:\Windows\System\PIZhFCi.exe
  C:\Windows\System\PIZhFCi.exe
  2⤵
  PID:9948
- C:\Windows\System\PoeXGfa.exe
  C:\Windows\System\PoeXGfa.exe
  2⤵
  PID:9976
- C:\Windows\System\tAVBapN.exe
  C:\Windows\System\tAVBapN.exe
  2⤵
  PID:9996
- C:\Windows\System\eyUfCMV.exe
  C:\Windows\System\eyUfCMV.exe
  2⤵
  PID:10016
- C:\Windows\System\deSLbfM.exe
  C:\Windows\System\deSLbfM.exe
  2⤵
  PID:10032
- C:\Windows\System\WhwawpQ.exe
  C:\Windows\System\WhwawpQ.exe
  2⤵
  PID:10060
- C:\Windows\System\KcgoYNo.exe
  C:\Windows\System\KcgoYNo.exe
  2⤵
  PID:10080
- C:\Windows\System\sTnmaoU.exe
  C:\Windows\System\sTnmaoU.exe
  2⤵
  PID:10100
- C:\Windows\System\NYnfRcs.exe
  C:\Windows\System\NYnfRcs.exe
  2⤵
  PID:10116
- C:\Windows\System\zEGrbGw.exe
  C:\Windows\System\zEGrbGw.exe
  2⤵
  PID:10136
- C:\Windows\System\OIovZMv.exe
  C:\Windows\System\OIovZMv.exe
  2⤵
  PID:10156
- C:\Windows\System\mLJLVwZ.exe
  C:\Windows\System\mLJLVwZ.exe
  2⤵
  PID:10180
- C:\Windows\System\CxICCVO.exe
  C:\Windows\System\CxICCVO.exe
  2⤵
  PID:10196
- C:\Windows\System\SOtHmMD.exe
  C:\Windows\System\SOtHmMD.exe
  2⤵
  PID:10232
- C:\Windows\System\ZhBSeXG.exe
  C:\Windows\System\ZhBSeXG.exe
  2⤵
  PID:9220
- C:\Windows\System\DoHOWJe.exe
  C:\Windows\System\DoHOWJe.exe
  2⤵
  PID:9256
- C:\Windows\System\csIVtuw.exe
  C:\Windows\System\csIVtuw.exe
  2⤵
  PID:9300
- C:\Windows\System\rwFEMpJ.exe
  C:\Windows\System\rwFEMpJ.exe
  2⤵
  PID:9316
- C:\Windows\System\ZYUeFyP.exe
  C:\Windows\System\ZYUeFyP.exe
  2⤵
  PID:9388
- C:\Windows\System\LfuVVcc.exe
  C:\Windows\System\LfuVVcc.exe
  2⤵
  PID:9460
- C:\Windows\System\jWwwimI.exe
  C:\Windows\System\jWwwimI.exe
  2⤵
  PID:9336
- C:\Windows\System\kacXxyr.exe
  C:\Windows\System\kacXxyr.exe
  2⤵
  PID:9544
- C:\Windows\System\XGzemLo.exe
  C:\Windows\System\XGzemLo.exe
  2⤵
  PID:9584
- C:\Windows\System\DZOMBpl.exe
  C:\Windows\System\DZOMBpl.exe
  2⤵
  PID:9412
- C:\Windows\System\nenJQvP.exe
  C:\Windows\System\nenJQvP.exe
  2⤵
  PID:9632
- C:\Windows\System\QQzOBVf.exe
  C:\Windows\System\QQzOBVf.exe
  2⤵
  PID:9484
- C:\Windows\System\xlomtic.exe
  C:\Windows\System\xlomtic.exe
  2⤵
  PID:9568
- C:\Windows\System\hEFzsxE.exe
  C:\Windows\System\hEFzsxE.exe
  2⤵
  PID:9672
- C:\Windows\System\SCYGImY.exe
  C:\Windows\System\SCYGImY.exe
  2⤵
  PID:9688
- C:\Windows\System\Thvgwwx.exe
  C:\Windows\System\Thvgwwx.exe
  2⤵
  PID:9720
- C:\Windows\System\QYmXKXw.exe
  C:\Windows\System\QYmXKXw.exe
  2⤵
  PID:9828
- C:\Windows\System\HWWZRJg.exe
  C:\Windows\System\HWWZRJg.exe
  2⤵
  PID:9872
- C:\Windows\System\iqhdvNq.exe
  C:\Windows\System\iqhdvNq.exe
  2⤵
  PID:9984
- C:\Windows\System\juIpKEv.exe
  C:\Windows\System\juIpKEv.exe
  2⤵
  PID:9740
- C:\Windows\System\tFXCfiV.exe
  C:\Windows\System\tFXCfiV.exe
  2⤵
  PID:10068
- C:\Windows\System\BIyrpbs.exe
  C:\Windows\System\BIyrpbs.exe
  2⤵
  PID:9812
- C:\Windows\System\DPUXnjg.exe
  C:\Windows\System\DPUXnjg.exe
  2⤵
  PID:10112
- C:\Windows\System\gZPFYtv.exe
  C:\Windows\System\gZPFYtv.exe
  2⤵
  PID:10148
- C:\Windows\System\sqxPZar.exe
  C:\Windows\System\sqxPZar.exe
  2⤵
  PID:9956
- C:\Windows\System\PMEcIdF.exe
  C:\Windows\System\PMEcIdF.exe
  2⤵
  PID:10128
- C:\Windows\System\xPibwcL.exe
  C:\Windows\System\xPibwcL.exe
  2⤵
  PID:10132
- C:\Windows\System\AjIzXSS.exe
  C:\Windows\System\AjIzXSS.exe
  2⤵
  PID:10048
- C:\Windows\System\CcsmbqF.exe
  C:\Windows\System\CcsmbqF.exe
  2⤵
  PID:10088
- C:\Windows\System\kBtFyhK.exe
  C:\Windows\System\kBtFyhK.exe
  2⤵
  PID:10096
- C:\Windows\System\JAAuBxC.exe
  C:\Windows\System\JAAuBxC.exe
  2⤵
  PID:10228
- C:\Windows\System\OGDVPHs.exe
  C:\Windows\System\OGDVPHs.exe
  2⤵
  PID:8464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AVIYHlF.exe

Filesize
6.0MB

MD5
81bd4c17d0cf226d14bc879b018fe9d2

SHA1
0fc5c014a9d74c1f49acf8ba552cdf7cfd2a5871

SHA256
ff6f4fc844a82cf2f6f20d9420a2032eb4f9a73f533768cf1bc26cc0f5653293

SHA512
54e14252bec7904611b64b4451b5682ab09e693513a1da7c05c1d03a3b5f99382f02a4ca49e3ed913d7719ffaeb33d2c3faec93a263330ef7d0453e6adb4fa0a

Download Submit
C:\Windows\system\FUeYQxh.exe

Filesize
6.0MB

MD5
3d0738d9c6423e8eacc846f34088756e

SHA1
07d1958658d5014b15426fe1c047a8b0c26e8dbd

SHA256
5920a9147fd3a006c1467efc5ac9c254b6e66acb0fa117560c8cd4da45655385

SHA512
a94ad8ea5ad2c21c492bf0a4c3d8623d6f3013b345ac563dc388ca40c96d0a7d175b7c144fb3ebbea57806f012e93576bb6761c03a08c8fc6defbdb2596ae3e7

Download Submit
C:\Windows\system\GRiljGx.exe

Filesize
6.0MB

MD5
6f9a2d189243d75b542fecce05e1d17b

SHA1
eb74f5e415faf0e9c536c72888a5b03b6b498e95

SHA256
7da7daab2aaa41e963dd9638784c97dfe4fdcb8d539af954b70359b1f08d5baa

SHA512
3875f704e0ec4230c514529a9e74ac3ac0c0c552d4ead6b0519d52d953d71ef7449924f1a8612418e3f9ce9d7737dbdaac7e03c7a218cdbc496b964bed9cdd46

Download Submit
C:\Windows\system\GnafNPR.exe

Filesize
6.0MB

MD5
2eee309b4f7531f6622a00064c044089

SHA1
959d54d86b74aa10991e5c7994c336adb30bc672

SHA256
9c513eed693317f1ebb86f76e1f70db40b776e75aa0ecee625b64dadb71bdfb3

SHA512
cbef6821b65a31f33c1bbb78b31fc6f8f4ada0100168e06e07d3c95405b4816da389b6c920bfa18e2d9640ef2dd1287ac9f20a2c65253c3eb5da0856cde1bf02

Download Submit
C:\Windows\system\IoLprdM.exe

Filesize
6.0MB

MD5
2c46d1f5a4a1b56194af72b325fa4806

SHA1
c736fa420c534c69582e053b0179004dd3835920

SHA256
07e49e4e227e2d4cf9da7e6de081643e40eba4ade99c3a38acfe7c8db0acb80e

SHA512
c471df4887baca29cb8c70404313f009350f66da5bf9ffb6b9b6bf28f06fb3ed41b4e4b99dfc9c03baf90e5719e627e570a5ce4a45e3ac966b4922ef93057d59

Download Submit
C:\Windows\system\MmwlqvG.exe

Filesize
6.0MB

MD5
9bfae2c8e357e40e3935266cdb03187b

SHA1
7e635be329038955c72f159e07442e2f300e2566

SHA256
903e4a959919880f79f42d3c77724c3632d13856b564d160a8353caf9fc0ba10

SHA512
b1c9dd621a78fbf0436e7068e42fa051d5da6903f1f1739c20b675ba55625fe042a512aa49a5210b0be8a9cf51905a2993cc0d95803c456e3627bbcda277143f

Download Submit
C:\Windows\system\MtlsjSn.exe

Filesize
6.0MB

MD5
6f4a460cfc4353aab9ad9514533f5a01

SHA1
26e3822e668a71e3d874d46549ca1b5adf5ec94b

SHA256
3925a7230c934e2279840354de96a41eb6d846bb07cb2a281568c0c824ca95d0

SHA512
504622ce602adf1ac4e42464a7cb23cb39dbfe66f89dc0f434387969bb78894b6b2bf190b95f56eebb616ee82149368c84f5c701fcf0b14bcebcb422303d3156

Download Submit
C:\Windows\system\QTaEDKw.exe

Filesize
6.0MB

MD5
c731212c00451b244cb960c98e340fa9

SHA1
832f7716e2b4cbd68a61f29037618c25f60593c3

SHA256
d9a6530eac2b2a88db646937098c5eb9bb49ad670ca4edcb352b063abb72893e

SHA512
c4fc791b50c514b01fc112785c9da48f9a9a9de6966c158bf991d283a3cc9668a46834f7c39d485ec68dcbef5c9c09951dd97490fad732a2042792f543c6b61b

Download Submit
C:\Windows\system\YwxBhfD.exe

Filesize
6.0MB

MD5
0086ceb0695ae2985fa25dbdf9aa5daa

SHA1
cedf3a543ba2075b35fd2ee4bc75ed86e1d3a9b2

SHA256
315d8b9ec1fc731ecbc86335db687d7ca8c7c9f5fb5205373aef71af96cdd069

SHA512
8c1b0dd7f57a6cca70d32843aa2d938191966ca08a25574b0d50e51f4001a5b883a0fbe20866d8d14f5c6470dc91bf7950b6e0c7ecd8dfe90a3b5182373db331

Download Submit
C:\Windows\system\bGESgAW.exe

Filesize
6.0MB

MD5
bbe3d527e482b70984da1ec29cb266d8

SHA1
ab20b556bf28228fff58220a7d8ecebd642269dc

SHA256
1e9a58c772778dc8008d7b0d31ac89e13a5b1b491f828f7a4cd78a63aed59029

SHA512
e37adbddaf89410b8fcb75777c10ea0d171ce3a71025152053f8fe2db2c211c4f68459f2c109c85c1ec54858968fce41f0fc2518cb76d4067b11a0faa4b9a88e

Download Submit
C:\Windows\system\biIRgVR.exe

Filesize
6.0MB

MD5
16f3ea6ddadef881117bebef7cb1df75

SHA1
c7b541bb43ce04c42e47f555ea582110b4358ec0

SHA256
02fdc0f03642f325e3eef9ad70e53cabe291ce0ffe3363ac4ceff87d65e3d089

SHA512
76d0f4f7d18a3878d7e1867393aef8f8f4a2f53efc02c3508e40e0a8ebb45ad3086bf91d475625a3267a346faf646d27ce6308222f7662f16ff553bb922e6e60

Download Submit
C:\Windows\system\cMynlPV.exe

Filesize
6.0MB

MD5
cd4d5225ba4af5a05024fa5f12a7561f

SHA1
34abda7b33a8a9252bdbaebd3bb7ea56e2bb16a0

SHA256
4679d6ccef4d3802c0a6a1f0eaf76ff819397f88e89fbc2d6cb53fcdaf8e685f

SHA512
8b5fc37c38871a08b6b8acaa593257efefb62f2dd67e95eb4f1fb0b9cf86be3708d109156e0b44499a361de9beb424d5c654664cc77753de2775e9a4e6a26267

Download Submit
C:\Windows\system\cZYcNjR.exe

Filesize
8B

MD5
8b11cf7ac6d1e4c63dbf5963c2d4d490

SHA1
d7e4a50f001ca0534cd01c76e3630c47c8b8f286

SHA256
e1ee7151b96ec3d7979c7d1603800dd7ae00ef080d4eaf6c0ae358922d2ba1d2

SHA512
f2e929db60bb81ce18ddac3ff21945e7d71677126a18bfe349e227b0e4f5cd9f4048a9c48a95cdadd199993bd27db1e7b9d1eaf153320f7d3e76479c92b9e12c

Download Submit
C:\Windows\system\eecwiGu.exe

Filesize
6.0MB

MD5
41043a43fd8ee14ef83ce952aa18ca08

SHA1
418d3b68e112844f1759f3c686ba0fe3fd3a4d55

SHA256
a1dc59c2c977646577d8b488aad5c538d58998d56b6c4cbeb5b792c91f8b5ea4

SHA512
a6567fd754006e9aca77a9783e0a8f50cadf77364cec6c74072593687d4e68c1970da974836c878179687c3f79e0808d6fb96e7f5ae4dd885094e7681711dc14

Download Submit
C:\Windows\system\fyRneRV.exe

Filesize
6.0MB

MD5
bfd9e1b8f23ff8ab167119fd88df8fe7

SHA1
2baa15e3af7001333972a746fe02f913d9c87a1e

SHA256
b2ae09eabfc760a9b82bb7620707f513e298b56a76f29d50a146bb2f420b094d

SHA512
fa0ea5552e76cfc53749b2e9cd04bf8619a951d0df46c03b28abf5135d524aa6e63ca59072575d149998f3bac8f2c3f3b176f928a8e3c7b3d954919ff4f59116

Download Submit
C:\Windows\system\iwqtuyF.exe

Filesize
6.0MB

MD5
a47cc9eb611139064503568b3e057752

SHA1
62b63e66afaed2e8f8e13543cab896e29dde7e24

SHA256
928215b30af8cbd60704f65f3e35ad9ce4fac65ff82f90981e4a326f3d416639

SHA512
2a5a9552db82b2e3f517fad0bbb2276492cf80a1034995696119726635a485ebab3fb5c96807ceacc741db533797b1f839a5a3caec029c309c02595fd19695fc

Download Submit
C:\Windows\system\lDpiUQs.exe

Filesize
6.0MB

MD5
9c4bead16c1fa8ededce776c14d7ba5d

SHA1
0181fa5ee8168098b13998732edca3c7a4cbc8f5

SHA256
9d909c128173bd55ce292b2029cf7641b41a973203ddc256416233ebcb803db7

SHA512
148c196c22c3631cd7ce42734d43e06cef988d391aece464f421c9c81b84429bbb8763ab54a39b45f6703b136db80333c315d328f4bb21f9465f4e9defafb589

Download Submit
C:\Windows\system\llhdzFE.exe

Filesize
6.0MB

MD5
b46d22480b91ca0f6e37f7fefeb098fc

SHA1
cb0d8ec5a0b251f9677ff6eb1a867d7ff5d68b09

SHA256
cf020956a3f3ff2498a54ff83a0c4b6183119131c41c157fa71789f3742d0d13

SHA512
e594038d8ea8cbb10c04a7218ba5640251f5a897339e6d2681d378df992c5f7ee54cc73fac456892c02b79f9fd55bd51adbc3e25d7621a23699e83beb972e003

Download Submit
C:\Windows\system\pnqnhyw.exe

Filesize
6.0MB

MD5
115e83fba5ffed51359878a1e312a6af

SHA1
75f0ec88a10e5900850b1e3212695a699b71ce41

SHA256
68b881111cb4bdcc952787de2d2710fcba94aa0101483651b91ece55b248d9d2

SHA512
d6887cf9f07aa67d1dcffdf8a6bc5f0e104cb846fb23ff889fd111bc30833ad2d865eea5e69a8d44c2702dcd3359345211fc94383f5d54f4748b7c5eddd21a47

Download Submit
C:\Windows\system\sHthPLm.exe

Filesize
6.0MB

MD5
56907b1083f0e6790659781bc1980250

SHA1
b2fe434a8f97c4a10a7dec9581bcfe93c73fa2a0

SHA256
69162925813cd6e4c58c66479f4c52862818b2195d335d98df93a4818e5a4d3f

SHA512
84c89c959c7464db984ec8e10049a91d6fd4139330d94a0e8995cd85ccbe429ef3d6d43e1ce707315c0617b43a71bb9a547a9539c9c673f86fb24fefd2e263ab

Download Submit
C:\Windows\system\stIYpHX.exe

Filesize
6.0MB

MD5
8e2eaebd7547a6048605d3c62041581c

SHA1
ec0ce9351474c3bf7986c43681a9d1524b615773

SHA256
7ef5816424dad0c5b67e3c122209d2ed235c1d0deffbdcdde586b2344026364f

SHA512
0f39342560465a18c150a955f3733094ea2eb694c41a1e9be7b36ee9340aab3f6accb26f420e7f5ae6b617fed0142113ae92105ae48b1acafe710344e6daed4b

Download Submit
C:\Windows\system\tybbtep.exe

Filesize
6.0MB

MD5
96e9916f3e5d718c03893e278caa0f79

SHA1
552278d43c88399aaaba533617ad472d6f282a8a

SHA256
f7c4f70406b3c53b192befdf52ccf36aafd3b76aaf2858e9fcc4d8c361770039

SHA512
a7ca49e0fb961674d3bbb94d517fd5b2808eb8b214e3214933f30effb7b197c7879f3faf9e8b68818f4d93c6fe37b3079914d1830449a20c8ce9836d275ca5e2

Download Submit
C:\Windows\system\uumzByS.exe

Filesize
6.0MB

MD5
61d0452a8d448191f1251b6d68e83fa0

SHA1
f17da19a8bde88b4c192bcc9fa225f8256a24fc8

SHA256
63a32b95449e0fd6f171dda2a41c339c5e056276a804d79c935f599a0e86a7ce

SHA512
3bc0879662a005abf0b07e184783baf638e025f97f56532e8d1802d7eb68b58876c2ab8de8189a2017e6c431f1e7636796e7af2fceae593c0350c1626d428fab

Download Submit
C:\Windows\system\vpgTcTl.exe

Filesize
6.0MB

MD5
8a68d7d57c588d65678d226be3f5da34

SHA1
bf46e8d0b051500e484402a74a88dd035786f7c7

SHA256
026e1316c4a254ed68f2bb7cc705df8d98353348b2e14a435871463c7cbb132b

SHA512
61d759edc80fd928ded5c011be5ba5072fdaba30ac18493ab5008cef46af4f0485825cf705285a9dc873595f3f5352bb913c83e38cd695afeec13bd05258a52d

Download Submit
C:\Windows\system\wrypYmr.exe

Filesize
6.0MB

MD5
5d220fc7aa252c5e94de3990a57b6a69

SHA1
d07e7fb57a659cc58c7c51180560c8615ea54376

SHA256
50fcc58e5679c37696fc67a5caa388a9a02ddba1508c6e3aebe9d6a568006830

SHA512
a1ec9e1d5b35d06031289102c0153effc013e786dfede54e13c2047123452e48aff28f37846e7d88b5572f01ca1b1a947b5eda41ee534d03f399a4eb764b78d7

Download Submit
\Windows\system\AZjFYsv.exe

Filesize
6.0MB

MD5
9b215a0c40ae9cfad244a995a8093988

SHA1
58b7b0431cedfaf2e3c58e78427fd7e033401027

SHA256
f0d897782f4e58996a101535884bd19b65e9151dd66cb3afc96c5e0c7404a5a8

SHA512
88d0f5e1d7b0a2085c30e4a8e6205788b9ce45d36eab10e51bfd5b2b4539ee25993f132b4336bee54062968f99aac4b6ac17c9683ab032fd5d48f9169e6fa773

Download Submit
\Windows\system\FxVkIqf.exe

Filesize
6.0MB

MD5
2067b1f619fb2024d1253c4b15309eaa

SHA1
dfa6820e7219c87a857b24259caa0f878e4ff621

SHA256
aeb89f25c8097b4a9ba10c792a0c97ca8528b3fcf6ebef8864610550dcb3375a

SHA512
45f1153d68d9dd64320bfbb6ceeb1df7cd5f229040b06d2e0321061fec25aec6cf2e8bf5c1496ed13c5d2ce8cd720b98ebd5d78206ee0e51dd42fbdf79d1b1a9

Download Submit
\Windows\system\UdcqgXd.exe

Filesize
6.0MB

MD5
b8daeacc2959a29ccdc6e9d4b25d4188

SHA1
16ea67fa084ff379b5154aa899c7ffbd4baeb7ef

SHA256
39b249b996d3080bdb11dffdcdd3b2fda399f7148e33f59b051b3c149f5e4c78

SHA512
b6f0ff37e5cb21face69f6b5702eb6ead75970723806e644c20b9ab41f00b0754c1c18d33d32b734f98ab6be0e45a1ead1eb53b8a6846e59df9afebbea07567b

Download Submit
\Windows\system\VIhNumb.exe

Filesize
6.0MB

MD5
8eda3615480ccfdc923dcff68f333a45

SHA1
0e760e7c87cda28a1f94295d4e6459939ba4f31c

SHA256
56c30b041c43692cf0542540a628df11b8c5625ab6de98d6bc4ef1951f1c8589

SHA512
621df5da9437700e174c6f45fdd0dd2b48a47d7ff58781c2c63c385ae6787c9beedac9b3c8b64842342f0f733206a0c2374c2ce94f06ab495097f2cdfda0cbab

Download Submit
\Windows\system\cHqcvbS.exe

Filesize
6.0MB

MD5
8c83a9fe1525071df5a3cface09b943b

SHA1
d2620614f41a90052c7c101b1ca839a35da4f105

SHA256
53507faaff872077428bb5c4c760939099d87a519f078dc6dfc85b3d45494361

SHA512
e03ec378eb8abae59581f9b65f61abfb748bc8dbf994119ccdea08f71c7001de15090f689356b659ca522f394d7322eed63f3b76c3ed649e750f7129f5bfdf15

Download Submit
\Windows\system\lKHhcex.exe

Filesize
6.0MB

MD5
44408f03b0bf27d439f0f447619c04a6

SHA1
58d32f640faf36944540881187e0b6643d73b541

SHA256
8b729b4bfead53e110dd9a0bebfa38b0cebcd830b379baebde97dec2025b1338

SHA512
f30687f2eb192eca729d4baa4ba5dead78f7d0ca862c3118caf3ba52ce24e60e5cb852a001f07f87357df56445fe0431c75706c955b641a9a8474a60dc85878e

Download Submit
\Windows\system\mfkqtvb.exe

Filesize
6.0MB

MD5
4d37ba2e7e579b366acd5aebde46d171

SHA1
5534493d79f93ceb30e4a9f6b48f33c9d8a82335

SHA256
6cc3e84be3e278b0e446c42e0cfd7b06544f7623d65b7c424ece56fb7b6c64e5

SHA512
e07e1cad0c45131a2958b7bcb7fb83a4c160ae23de2ebfc181dbf5c3b51c7fec3aec3df88fe338a74c09ace774bfaf459329416737492abb86d79ba64e8ab25b

Download Submit
\Windows\system\qHFrNEI.exe

Filesize
6.0MB

MD5
fcd9bc2f083bde4c092192f87d86a246

SHA1
71eff957788f31b120b4183b44d550d2664ec729

SHA256
5670fed6b63088a134abfc4ed79d6e71a9a26843c91f8b241b5468f52486095a

SHA512
14c7c8a9e64a29d0a55cfe676cbc45d1ff6b979daa91c9c945d20bd4cc7a81ee926cd871472176b3a1428dc5004e34bfbc47497327341d9300da0f55dcdfbd37

Download Submit
memory/1620-1202-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3908-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1200-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1976-15-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-63-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1976-2523-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1148-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1141-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2470-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2475-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2465-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1191-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2459-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1976-0-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2453-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1203-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1208-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2407-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-54-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1976-31-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2092-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1976-47-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-1510-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1976-48-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1976-37-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-40-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-19-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-25-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2148-1198-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-3906-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-35-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2216-65-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3612-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2396-57-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3862-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2396-2391-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2420-21-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2420-3476-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2560-22-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3472-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-46-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2596-10-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3474-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3897-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1145-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1138-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2680-4830-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1185-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3907-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2712-29-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2712-58-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3583-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3594-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1306-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-43-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-1762-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3890-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2784-52-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2972-3879-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2410-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2972-1127-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download