cobaltstrike | fbcca7b9f439de7c7a399ecf3520515f73b44352c0852e35d95d219f4efe4d59

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04-01-2025 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0f3ce44c9070293cda237c9aba365449
SHA1

7f745683cd0aa8011c7d5201a5ada036b63379f3
SHA256

fbcca7b9f439de7c7a399ecf3520515f73b44352c0852e35d95d219f4efe4d59
SHA512

dba6dab69393f5d71db7e538588938e4d2a47546886d529537f583a1a2a010120a9a42041d25efff285ef18702a447f3f6232e1b1fb49e8b8dc67d4667f95f28
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUl:T+q56utgpPF8u/7l

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001225f-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015fe0-8.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000161fb-12.dat	cobalt_reflective_dll
behavioral1/files/0x000a0000000163b8-21.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164b1-22.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d5a-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d71-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e1d-60.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a3-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018636-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018634-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001919c-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019080-155.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001907c-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018741-141.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d66-145.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017520-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017447-110.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018617-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017467-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017429-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017420-100.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173ab-95.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739f-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017355-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017349-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017342-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f45-65.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000169f5-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016be6-45.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001678f-36.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001653a-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 43 IoCs

miner

resource	yara_rule
behavioral1/memory/2388-0-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001225f-6.dat	xmrig
behavioral1/files/0x0008000000015fe0-8.dat	xmrig
behavioral1/files/0x00080000000161fb-12.dat	xmrig
behavioral1/files/0x000a0000000163b8-21.dat	xmrig
behavioral1/files/0x00070000000164b1-22.dat	xmrig
behavioral1/files/0x0006000000016d5a-50.dat	xmrig
behavioral1/files/0x0006000000016d71-55.dat	xmrig
behavioral1/files/0x0006000000016e1d-60.dat	xmrig
behavioral1/files/0x00060000000173a3-90.dat	xmrig
behavioral1/files/0x0005000000018636-131.dat	xmrig
behavioral1/files/0x0005000000018634-136.dat	xmrig
behavioral1/files/0x000500000001919c-160.dat	xmrig
behavioral1/memory/1616-2049-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2388-2153-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2892-2386-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1976-2283-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2516-2071-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019080-155.dat	xmrig
behavioral1/files/0x000600000001907c-150.dat	xmrig
behavioral1/files/0x0005000000018741-141.dat	xmrig
behavioral1/files/0x0009000000015d66-145.dat	xmrig
behavioral1/files/0x0006000000017520-120.dat	xmrig
behavioral1/files/0x0006000000017447-110.dat	xmrig
behavioral1/files/0x0009000000018617-125.dat	xmrig
behavioral1/files/0x0006000000017467-115.dat	xmrig
behavioral1/files/0x0006000000017429-105.dat	xmrig
behavioral1/files/0x0006000000017420-100.dat	xmrig
behavioral1/files/0x00060000000173ab-95.dat	xmrig
behavioral1/files/0x000600000001739f-85.dat	xmrig
behavioral1/files/0x0006000000017355-80.dat	xmrig
behavioral1/files/0x0006000000017349-75.dat	xmrig
behavioral1/files/0x0006000000017342-70.dat	xmrig
behavioral1/files/0x0006000000016f45-65.dat	xmrig
behavioral1/files/0x00080000000169f5-41.dat	xmrig
behavioral1/files/0x0008000000016be6-45.dat	xmrig
behavioral1/files/0x000700000001678f-36.dat	xmrig
behavioral1/files/0x000700000001653a-30.dat	xmrig
behavioral1/memory/2516-3874-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2892-3873-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1976-3872-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/1616-3871-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2388-3870-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1616	BVbvllz.exe
2516	oKcZMRa.exe
1976	PSjhjwi.exe
2892	OSNvzFE.exe
3060	SNTAyWn.exe
2280	aOeZksb.exe
2704	PULTDxx.exe
2808	pRSmyVl.exe
2800	KMHdHdN.exe
2868	msIkMOB.exe
2856	LzgXxqL.exe
2788	QydNLdt.exe
2736	BYWnUMC.exe
1564	sytfgrs.exe
2620	YxLiQNf.exe
2720	MOfLlsK.exe
2440	OmXgSaJ.exe
2024	xxAQYSC.exe
1536	JhbqFmy.exe
2996	DenWVey.exe
2976	gsnwtYZ.exe
2944	tesgbgL.exe
2932	LXkAUOS.exe
1120	uHPrBjj.exe
1444	QIVsHff.exe
2328	INovswY.exe
3020	XJDcjYM.exe
2044	jgEHxpQ.exe
2236	TYeZBle.exe
1012	GoySGLB.exe
884	vSOloXt.exe
596	ADlwZBk.exe
1136	YRsLIbk.exe
1244	UAVYUMQ.exe
956	XNtvCvf.exe
292	YnZnAYG.exe
2156	TjlwzIV.exe
1692	rvDVzoN.exe
1644	OHKlpql.exe
2964	CCABOxj.exe
896	bfLhpaV.exe
1684	KKfLcWT.exe
908	mQhEbWo.exe
2056	HytjzTn.exe
1316	TxSiPkA.exe
1500	OlMdnsk.exe
572	GMuaErc.exe
1668	FvVzppm.exe
2428	DpSbncP.exe
2164	rfqErdQ.exe
1952	txwyFmk.exe
1860	QfGiOqi.exe
1300	sLmXNsO.exe
2036	XrTXxwq.exe
1560	UkVgKdT.exe
1524	JcKfBCl.exe
1520	RLFIDVK.exe
340	kbWNaYY.exe
2684	xelqBcM.exe
2884	eMMJiot.exe
2728	YNrqIZb.exe
2844	WgHtsWO.exe
2716	PeXwbYG.exe
2912	TJXShcA.exe

Loads dropped DLL 64 IoCs

pid	Process
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 42 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2388-0-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x000c00000001225f-6.dat	upx
behavioral1/files/0x0008000000015fe0-8.dat	upx
behavioral1/files/0x00080000000161fb-12.dat	upx
behavioral1/files/0x000a0000000163b8-21.dat	upx
behavioral1/files/0x00070000000164b1-22.dat	upx
behavioral1/files/0x0006000000016d5a-50.dat	upx
behavioral1/files/0x0006000000016d71-55.dat	upx
behavioral1/files/0x0006000000016e1d-60.dat	upx
behavioral1/files/0x00060000000173a3-90.dat	upx
behavioral1/files/0x0005000000018636-131.dat	upx
behavioral1/files/0x0005000000018634-136.dat	upx
behavioral1/files/0x000500000001919c-160.dat	upx
behavioral1/memory/1616-2049-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2892-2386-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1976-2283-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2516-2071-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0006000000019080-155.dat	upx
behavioral1/files/0x000600000001907c-150.dat	upx
behavioral1/files/0x0005000000018741-141.dat	upx
behavioral1/files/0x0009000000015d66-145.dat	upx
behavioral1/files/0x0006000000017520-120.dat	upx
behavioral1/files/0x0006000000017447-110.dat	upx
behavioral1/files/0x0009000000018617-125.dat	upx
behavioral1/files/0x0006000000017467-115.dat	upx
behavioral1/files/0x0006000000017429-105.dat	upx
behavioral1/files/0x0006000000017420-100.dat	upx
behavioral1/files/0x00060000000173ab-95.dat	upx
behavioral1/files/0x000600000001739f-85.dat	upx
behavioral1/files/0x0006000000017355-80.dat	upx
behavioral1/files/0x0006000000017349-75.dat	upx
behavioral1/files/0x0006000000017342-70.dat	upx
behavioral1/files/0x0006000000016f45-65.dat	upx
behavioral1/files/0x00080000000169f5-41.dat	upx
behavioral1/files/0x0008000000016be6-45.dat	upx
behavioral1/files/0x000700000001678f-36.dat	upx
behavioral1/files/0x000700000001653a-30.dat	upx
behavioral1/memory/2516-3874-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2892-3873-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1976-3872-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/1616-3871-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2388-3870-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YioTKGd.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeEcnJU.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZudhnm.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhxetTN.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HnPjfxk.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFCzlnd.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PWpPznT.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VZlTqQv.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzzMxLb.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geANVRp.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVlyxxI.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyNlnym.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWRgoHO.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdchDtG.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeUMQxL.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUMwaDP.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLeHwFD.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSoaeHm.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoMbLXw.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuAlUCO.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKQTUVR.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTEhHjC.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNJLUxR.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwpdVtO.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gAcagXi.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJSrjhK.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yENGfWB.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JKBuDfI.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqtlERC.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TgNTOac.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZnrIJU.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUOxLFM.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAzDsqA.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYGXEux.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veqWWkT.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddyFYFC.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iLuhPKe.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmiFdrb.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUIYxuT.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFjnsSd.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCAuAnV.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFliWEc.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DOfEOwf.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZeqHrd.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHdmKnz.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHEsvLq.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHjHcad.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXRiouD.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOQhpre.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhdHHNd.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMXPjFl.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqEEuhT.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPIeHly.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfsylCx.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIXqyhd.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyORsnW.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOeOWhv.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxwEsAJ.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmEpCHE.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNCNmcD.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkzuftI.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYGShvH.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnvpoYX.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FmZeTDD.exe	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 1616	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2388 wrote to memory of 1616	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2388 wrote to memory of 1616	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2388 wrote to memory of 2516	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2388 wrote to memory of 2516	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2388 wrote to memory of 2516	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2388 wrote to memory of 1976	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2388 wrote to memory of 1976	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2388 wrote to memory of 1976	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2388 wrote to memory of 2892	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2388 wrote to memory of 2892	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2388 wrote to memory of 2892	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2388 wrote to memory of 3060	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2388 wrote to memory of 3060	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2388 wrote to memory of 3060	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2388 wrote to memory of 2280	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2388 wrote to memory of 2280	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2388 wrote to memory of 2280	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2388 wrote to memory of 2704	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2388 wrote to memory of 2704	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2388 wrote to memory of 2704	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2388 wrote to memory of 2808	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2388 wrote to memory of 2808	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2388 wrote to memory of 2808	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2388 wrote to memory of 2800	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2388 wrote to memory of 2800	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2388 wrote to memory of 2800	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2388 wrote to memory of 2868	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2388 wrote to memory of 2868	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2388 wrote to memory of 2868	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2388 wrote to memory of 2856	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2388 wrote to memory of 2856	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2388 wrote to memory of 2856	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2388 wrote to memory of 2788	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2388 wrote to memory of 2788	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2388 wrote to memory of 2788	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2388 wrote to memory of 2736	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2388 wrote to memory of 2736	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2388 wrote to memory of 2736	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2388 wrote to memory of 1564	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2388 wrote to memory of 1564	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2388 wrote to memory of 1564	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2388 wrote to memory of 2620	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2388 wrote to memory of 2620	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2388 wrote to memory of 2620	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2388 wrote to memory of 2720	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2388 wrote to memory of 2720	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2388 wrote to memory of 2720	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2388 wrote to memory of 2440	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2388 wrote to memory of 2440	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2388 wrote to memory of 2440	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2388 wrote to memory of 2024	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2388 wrote to memory of 2024	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2388 wrote to memory of 2024	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2388 wrote to memory of 1536	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2388 wrote to memory of 1536	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2388 wrote to memory of 1536	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2388 wrote to memory of 2996	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2388 wrote to memory of 2996	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2388 wrote to memory of 2996	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2388 wrote to memory of 2976	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2388 wrote to memory of 2976	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2388 wrote to memory of 2976	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2388 wrote to memory of 2944	2388	2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-04_0f3ce44c9070293cda237c9aba365449_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\System\BVbvllz.exe
  C:\Windows\System\BVbvllz.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\oKcZMRa.exe
  C:\Windows\System\oKcZMRa.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\PSjhjwi.exe
  C:\Windows\System\PSjhjwi.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\OSNvzFE.exe
  C:\Windows\System\OSNvzFE.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\SNTAyWn.exe
  C:\Windows\System\SNTAyWn.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\aOeZksb.exe
  C:\Windows\System\aOeZksb.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\PULTDxx.exe
  C:\Windows\System\PULTDxx.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\pRSmyVl.exe
  C:\Windows\System\pRSmyVl.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\KMHdHdN.exe
  C:\Windows\System\KMHdHdN.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\msIkMOB.exe
  C:\Windows\System\msIkMOB.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\LzgXxqL.exe
  C:\Windows\System\LzgXxqL.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\QydNLdt.exe
  C:\Windows\System\QydNLdt.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\BYWnUMC.exe
  C:\Windows\System\BYWnUMC.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\sytfgrs.exe
  C:\Windows\System\sytfgrs.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\YxLiQNf.exe
  C:\Windows\System\YxLiQNf.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\MOfLlsK.exe
  C:\Windows\System\MOfLlsK.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\OmXgSaJ.exe
  C:\Windows\System\OmXgSaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\xxAQYSC.exe
  C:\Windows\System\xxAQYSC.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\JhbqFmy.exe
  C:\Windows\System\JhbqFmy.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\DenWVey.exe
  C:\Windows\System\DenWVey.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\gsnwtYZ.exe
  C:\Windows\System\gsnwtYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\tesgbgL.exe
  C:\Windows\System\tesgbgL.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\LXkAUOS.exe
  C:\Windows\System\LXkAUOS.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\uHPrBjj.exe
  C:\Windows\System\uHPrBjj.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\QIVsHff.exe
  C:\Windows\System\QIVsHff.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\XJDcjYM.exe
  C:\Windows\System\XJDcjYM.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\INovswY.exe
  C:\Windows\System\INovswY.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\jgEHxpQ.exe
  C:\Windows\System\jgEHxpQ.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\TYeZBle.exe
  C:\Windows\System\TYeZBle.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\GoySGLB.exe
  C:\Windows\System\GoySGLB.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\vSOloXt.exe
  C:\Windows\System\vSOloXt.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\ADlwZBk.exe
  C:\Windows\System\ADlwZBk.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\YRsLIbk.exe
  C:\Windows\System\YRsLIbk.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\UAVYUMQ.exe
  C:\Windows\System\UAVYUMQ.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\XNtvCvf.exe
  C:\Windows\System\XNtvCvf.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\YnZnAYG.exe
  C:\Windows\System\YnZnAYG.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\TjlwzIV.exe
  C:\Windows\System\TjlwzIV.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\rvDVzoN.exe
  C:\Windows\System\rvDVzoN.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\OHKlpql.exe
  C:\Windows\System\OHKlpql.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\CCABOxj.exe
  C:\Windows\System\CCABOxj.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\bfLhpaV.exe
  C:\Windows\System\bfLhpaV.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\KKfLcWT.exe
  C:\Windows\System\KKfLcWT.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\mQhEbWo.exe
  C:\Windows\System\mQhEbWo.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\HytjzTn.exe
  C:\Windows\System\HytjzTn.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\TxSiPkA.exe
  C:\Windows\System\TxSiPkA.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\OlMdnsk.exe
  C:\Windows\System\OlMdnsk.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\GMuaErc.exe
  C:\Windows\System\GMuaErc.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\FvVzppm.exe
  C:\Windows\System\FvVzppm.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\DpSbncP.exe
  C:\Windows\System\DpSbncP.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\rfqErdQ.exe
  C:\Windows\System\rfqErdQ.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\txwyFmk.exe
  C:\Windows\System\txwyFmk.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\QfGiOqi.exe
  C:\Windows\System\QfGiOqi.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\sLmXNsO.exe
  C:\Windows\System\sLmXNsO.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\XrTXxwq.exe
  C:\Windows\System\XrTXxwq.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\UkVgKdT.exe
  C:\Windows\System\UkVgKdT.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\JcKfBCl.exe
  C:\Windows\System\JcKfBCl.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\RLFIDVK.exe
  C:\Windows\System\RLFIDVK.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\kbWNaYY.exe
  C:\Windows\System\kbWNaYY.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\xelqBcM.exe
  C:\Windows\System\xelqBcM.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\eMMJiot.exe
  C:\Windows\System\eMMJiot.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\YNrqIZb.exe
  C:\Windows\System\YNrqIZb.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\WgHtsWO.exe
  C:\Windows\System\WgHtsWO.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\PeXwbYG.exe
  C:\Windows\System\PeXwbYG.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\TJXShcA.exe
  C:\Windows\System\TJXShcA.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\nsKawup.exe
  C:\Windows\System\nsKawup.exe
  2⤵
  PID:2900
- C:\Windows\System\VEaaovr.exe
  C:\Windows\System\VEaaovr.exe
  2⤵
  PID:2612
- C:\Windows\System\WsqNybA.exe
  C:\Windows\System\WsqNybA.exe
  2⤵
  PID:2880
- C:\Windows\System\uEJGcfX.exe
  C:\Windows\System\uEJGcfX.exe
  2⤵
  PID:3036
- C:\Windows\System\tkKzwKj.exe
  C:\Windows\System\tkKzwKj.exe
  2⤵
  PID:2896
- C:\Windows\System\MxwEsAJ.exe
  C:\Windows\System\MxwEsAJ.exe
  2⤵
  PID:1476
- C:\Windows\System\gZEpoWi.exe
  C:\Windows\System\gZEpoWi.exe
  2⤵
  PID:352
- C:\Windows\System\jpDmlfZ.exe
  C:\Windows\System\jpDmlfZ.exe
  2⤵
  PID:2776
- C:\Windows\System\trMxfxR.exe
  C:\Windows\System\trMxfxR.exe
  2⤵
  PID:2188
- C:\Windows\System\BSDAKwf.exe
  C:\Windows\System\BSDAKwf.exe
  2⤵
  PID:3032
- C:\Windows\System\XNczBLK.exe
  C:\Windows\System\XNczBLK.exe
  2⤵
  PID:1028
- C:\Windows\System\sVsHJtW.exe
  C:\Windows\System\sVsHJtW.exe
  2⤵
  PID:1172
- C:\Windows\System\sPIeHly.exe
  C:\Windows\System\sPIeHly.exe
  2⤵
  PID:824
- C:\Windows\System\NQsHBqv.exe
  C:\Windows\System\NQsHBqv.exe
  2⤵
  PID:1228
- C:\Windows\System\DGXYpnU.exe
  C:\Windows\System\DGXYpnU.exe
  2⤵
  PID:1932
- C:\Windows\System\tVjSAoA.exe
  C:\Windows\System\tVjSAoA.exe
  2⤵
  PID:2564
- C:\Windows\System\qWjPBga.exe
  C:\Windows\System\qWjPBga.exe
  2⤵
  PID:1656
- C:\Windows\System\KkxWKGl.exe
  C:\Windows\System\KkxWKGl.exe
  2⤵
  PID:1696
- C:\Windows\System\lihwQNY.exe
  C:\Windows\System\lihwQNY.exe
  2⤵
  PID:2152
- C:\Windows\System\ODjYUUf.exe
  C:\Windows\System\ODjYUUf.exe
  2⤵
  PID:272
- C:\Windows\System\CkgPcRW.exe
  C:\Windows\System\CkgPcRW.exe
  2⤵
  PID:1008
- C:\Windows\System\wWsMTWl.exe
  C:\Windows\System\wWsMTWl.exe
  2⤵
  PID:2104
- C:\Windows\System\KpPQHlk.exe
  C:\Windows\System\KpPQHlk.exe
  2⤵
  PID:880
- C:\Windows\System\LgngWyY.exe
  C:\Windows\System\LgngWyY.exe
  2⤵
  PID:2032
- C:\Windows\System\BBkVkCD.exe
  C:\Windows\System\BBkVkCD.exe
  2⤵
  PID:1528
- C:\Windows\System\ORTCJBB.exe
  C:\Windows\System\ORTCJBB.exe
  2⤵
  PID:1512
- C:\Windows\System\NyORsnW.exe
  C:\Windows\System\NyORsnW.exe
  2⤵
  PID:1544
- C:\Windows\System\BdBabwV.exe
  C:\Windows\System\BdBabwV.exe
  2⤵
  PID:1728
- C:\Windows\System\CMQdmQQ.exe
  C:\Windows\System\CMQdmQQ.exe
  2⤵
  PID:328
- C:\Windows\System\pDUCocB.exe
  C:\Windows\System\pDUCocB.exe
  2⤵
  PID:2608
- C:\Windows\System\bVoiVOd.exe
  C:\Windows\System\bVoiVOd.exe
  2⤵
  PID:2848
- C:\Windows\System\QuXDVuk.exe
  C:\Windows\System\QuXDVuk.exe
  2⤵
  PID:2656
- C:\Windows\System\jsvYsxU.exe
  C:\Windows\System\jsvYsxU.exe
  2⤵
  PID:2460
- C:\Windows\System\KbokFcj.exe
  C:\Windows\System\KbokFcj.exe
  2⤵
  PID:2372
- C:\Windows\System\jXCmKkH.exe
  C:\Windows\System\jXCmKkH.exe
  2⤵
  PID:3008
- C:\Windows\System\YJqtKHP.exe
  C:\Windows\System\YJqtKHP.exe
  2⤵
  PID:2936
- C:\Windows\System\hpnZxIa.exe
  C:\Windows\System\hpnZxIa.exe
  2⤵
  PID:2820
- C:\Windows\System\FutDUJM.exe
  C:\Windows\System\FutDUJM.exe
  2⤵
  PID:1992
- C:\Windows\System\hRYEuGd.exe
  C:\Windows\System\hRYEuGd.exe
  2⤵
  PID:1096
- C:\Windows\System\lCGYrcd.exe
  C:\Windows\System\lCGYrcd.exe
  2⤵
  PID:1880
- C:\Windows\System\MAupZSQ.exe
  C:\Windows\System\MAupZSQ.exe
  2⤵
  PID:1532
- C:\Windows\System\fKidmQm.exe
  C:\Windows\System\fKidmQm.exe
  2⤵
  PID:1232
- C:\Windows\System\lVRVovz.exe
  C:\Windows\System\lVRVovz.exe
  2⤵
  PID:2284
- C:\Windows\System\gjmZwGL.exe
  C:\Windows\System\gjmZwGL.exe
  2⤵
  PID:2092
- C:\Windows\System\cBKRYey.exe
  C:\Windows\System\cBKRYey.exe
  2⤵
  PID:980
- C:\Windows\System\FshZLOe.exe
  C:\Windows\System\FshZLOe.exe
  2⤵
  PID:688
- C:\Windows\System\lBXKXKm.exe
  C:\Windows\System\lBXKXKm.exe
  2⤵
  PID:2168
- C:\Windows\System\lssPkpY.exe
  C:\Windows\System\lssPkpY.exe
  2⤵
  PID:2244
- C:\Windows\System\LlyELvK.exe
  C:\Windows\System\LlyELvK.exe
  2⤵
  PID:3088
- C:\Windows\System\BbVhfPe.exe
  C:\Windows\System\BbVhfPe.exe
  2⤵
  PID:3108
- C:\Windows\System\qnLopHp.exe
  C:\Windows\System\qnLopHp.exe
  2⤵
  PID:3128
- C:\Windows\System\rcOeKlp.exe
  C:\Windows\System\rcOeKlp.exe
  2⤵
  PID:3148
- C:\Windows\System\tKukZJI.exe
  C:\Windows\System\tKukZJI.exe
  2⤵
  PID:3168
- C:\Windows\System\rvjiSKt.exe
  C:\Windows\System\rvjiSKt.exe
  2⤵
  PID:3188
- C:\Windows\System\tECQbPc.exe
  C:\Windows\System\tECQbPc.exe
  2⤵
  PID:3208
- C:\Windows\System\YtowgPV.exe
  C:\Windows\System\YtowgPV.exe
  2⤵
  PID:3228
- C:\Windows\System\oBTFjTi.exe
  C:\Windows\System\oBTFjTi.exe
  2⤵
  PID:3248
- C:\Windows\System\CiRRgBm.exe
  C:\Windows\System\CiRRgBm.exe
  2⤵
  PID:3268
- C:\Windows\System\ISCtNgq.exe
  C:\Windows\System\ISCtNgq.exe
  2⤵
  PID:3288
- C:\Windows\System\RXTowxZ.exe
  C:\Windows\System\RXTowxZ.exe
  2⤵
  PID:3308
- C:\Windows\System\NiPNERk.exe
  C:\Windows\System\NiPNERk.exe
  2⤵
  PID:3328
- C:\Windows\System\LZXmByd.exe
  C:\Windows\System\LZXmByd.exe
  2⤵
  PID:3348
- C:\Windows\System\jUdXpdk.exe
  C:\Windows\System\jUdXpdk.exe
  2⤵
  PID:3368
- C:\Windows\System\CbVeexw.exe
  C:\Windows\System\CbVeexw.exe
  2⤵
  PID:3388
- C:\Windows\System\KLBySsG.exe
  C:\Windows\System\KLBySsG.exe
  2⤵
  PID:3408
- C:\Windows\System\xbaWsBN.exe
  C:\Windows\System\xbaWsBN.exe
  2⤵
  PID:3428
- C:\Windows\System\XbJHoyM.exe
  C:\Windows\System\XbJHoyM.exe
  2⤵
  PID:3448
- C:\Windows\System\SeLObUp.exe
  C:\Windows\System\SeLObUp.exe
  2⤵
  PID:3468
- C:\Windows\System\DJDhydB.exe
  C:\Windows\System\DJDhydB.exe
  2⤵
  PID:3488
- C:\Windows\System\igfRPSy.exe
  C:\Windows\System\igfRPSy.exe
  2⤵
  PID:3508
- C:\Windows\System\hglosNu.exe
  C:\Windows\System\hglosNu.exe
  2⤵
  PID:3528
- C:\Windows\System\zuOJgIa.exe
  C:\Windows\System\zuOJgIa.exe
  2⤵
  PID:3548
- C:\Windows\System\wNGdaXP.exe
  C:\Windows\System\wNGdaXP.exe
  2⤵
  PID:3568
- C:\Windows\System\qVJHBaa.exe
  C:\Windows\System\qVJHBaa.exe
  2⤵
  PID:3588
- C:\Windows\System\xpoWWzV.exe
  C:\Windows\System\xpoWWzV.exe
  2⤵
  PID:3608
- C:\Windows\System\kLjxJWd.exe
  C:\Windows\System\kLjxJWd.exe
  2⤵
  PID:3628
- C:\Windows\System\KoaDDNX.exe
  C:\Windows\System\KoaDDNX.exe
  2⤵
  PID:3648
- C:\Windows\System\SNAjUyF.exe
  C:\Windows\System\SNAjUyF.exe
  2⤵
  PID:3668
- C:\Windows\System\KbZhNHk.exe
  C:\Windows\System\KbZhNHk.exe
  2⤵
  PID:3688
- C:\Windows\System\UVeszUj.exe
  C:\Windows\System\UVeszUj.exe
  2⤵
  PID:3708
- C:\Windows\System\hWYTxkH.exe
  C:\Windows\System\hWYTxkH.exe
  2⤵
  PID:3728
- C:\Windows\System\NJNuguK.exe
  C:\Windows\System\NJNuguK.exe
  2⤵
  PID:3748
- C:\Windows\System\wNJxacA.exe
  C:\Windows\System\wNJxacA.exe
  2⤵
  PID:3768
- C:\Windows\System\VcAqgon.exe
  C:\Windows\System\VcAqgon.exe
  2⤵
  PID:3788
- C:\Windows\System\zNEFDKl.exe
  C:\Windows\System\zNEFDKl.exe
  2⤵
  PID:3808
- C:\Windows\System\nWwoxVW.exe
  C:\Windows\System\nWwoxVW.exe
  2⤵
  PID:3828
- C:\Windows\System\NHqYDvB.exe
  C:\Windows\System\NHqYDvB.exe
  2⤵
  PID:3848
- C:\Windows\System\HnPjfxk.exe
  C:\Windows\System\HnPjfxk.exe
  2⤵
  PID:3868
- C:\Windows\System\txlXTCW.exe
  C:\Windows\System\txlXTCW.exe
  2⤵
  PID:3888
- C:\Windows\System\zOeOWhv.exe
  C:\Windows\System\zOeOWhv.exe
  2⤵
  PID:3908
- C:\Windows\System\TEblIWZ.exe
  C:\Windows\System\TEblIWZ.exe
  2⤵
  PID:3928
- C:\Windows\System\nlvusHR.exe
  C:\Windows\System\nlvusHR.exe
  2⤵
  PID:3948
- C:\Windows\System\gLeHwFD.exe
  C:\Windows\System\gLeHwFD.exe
  2⤵
  PID:3968
- C:\Windows\System\RuykzLf.exe
  C:\Windows\System\RuykzLf.exe
  2⤵
  PID:3988
- C:\Windows\System\bGzAUIR.exe
  C:\Windows\System\bGzAUIR.exe
  2⤵
  PID:4008
- C:\Windows\System\aTUkqnU.exe
  C:\Windows\System\aTUkqnU.exe
  2⤵
  PID:4028
- C:\Windows\System\ZXniuoC.exe
  C:\Windows\System\ZXniuoC.exe
  2⤵
  PID:4048
- C:\Windows\System\SsfYPcE.exe
  C:\Windows\System\SsfYPcE.exe
  2⤵
  PID:4068
- C:\Windows\System\RLDXzJh.exe
  C:\Windows\System\RLDXzJh.exe
  2⤵
  PID:4088
- C:\Windows\System\grYXWQL.exe
  C:\Windows\System\grYXWQL.exe
  2⤵
  PID:2532
- C:\Windows\System\ydYQfPI.exe
  C:\Windows\System\ydYQfPI.exe
  2⤵
  PID:2256
- C:\Windows\System\IddRAkD.exe
  C:\Windows\System\IddRAkD.exe
  2⤵
  PID:2604
- C:\Windows\System\oHILNnB.exe
  C:\Windows\System\oHILNnB.exe
  2⤵
  PID:2824
- C:\Windows\System\uUjrLCB.exe
  C:\Windows\System\uUjrLCB.exe
  2⤵
  PID:2980
- C:\Windows\System\pcLWDCG.exe
  C:\Windows\System\pcLWDCG.exe
  2⤵
  PID:2220
- C:\Windows\System\XwcNxdx.exe
  C:\Windows\System\XwcNxdx.exe
  2⤵
  PID:680
- C:\Windows\System\PkFtZbE.exe
  C:\Windows\System\PkFtZbE.exe
  2⤵
  PID:1944
- C:\Windows\System\uPEoLem.exe
  C:\Windows\System\uPEoLem.exe
  2⤵
  PID:2272
- C:\Windows\System\DPFKCoB.exe
  C:\Windows\System\DPFKCoB.exe
  2⤵
  PID:2184
- C:\Windows\System\VbcppJk.exe
  C:\Windows\System\VbcppJk.exe
  2⤵
  PID:2456
- C:\Windows\System\FmZeTDD.exe
  C:\Windows\System\FmZeTDD.exe
  2⤵
  PID:1420
- C:\Windows\System\XDfZnhY.exe
  C:\Windows\System\XDfZnhY.exe
  2⤵
  PID:3104
- C:\Windows\System\mVMrlHc.exe
  C:\Windows\System\mVMrlHc.exe
  2⤵
  PID:3124
- C:\Windows\System\NhbRzQl.exe
  C:\Windows\System\NhbRzQl.exe
  2⤵
  PID:3164
- C:\Windows\System\Saxkugf.exe
  C:\Windows\System\Saxkugf.exe
  2⤵
  PID:3196
- C:\Windows\System\pxUfzyz.exe
  C:\Windows\System\pxUfzyz.exe
  2⤵
  PID:3220
- C:\Windows\System\oCWzwNQ.exe
  C:\Windows\System\oCWzwNQ.exe
  2⤵
  PID:3240
- C:\Windows\System\OCMklnk.exe
  C:\Windows\System\OCMklnk.exe
  2⤵
  PID:3280
- C:\Windows\System\iTogrvB.exe
  C:\Windows\System\iTogrvB.exe
  2⤵
  PID:3320
- C:\Windows\System\JFVijcT.exe
  C:\Windows\System\JFVijcT.exe
  2⤵
  PID:3364
- C:\Windows\System\GbmPNip.exe
  C:\Windows\System\GbmPNip.exe
  2⤵
  PID:3396
- C:\Windows\System\mGYiBFJ.exe
  C:\Windows\System\mGYiBFJ.exe
  2⤵
  PID:3420
- C:\Windows\System\GcvyJXy.exe
  C:\Windows\System\GcvyJXy.exe
  2⤵
  PID:3464
- C:\Windows\System\ddQYPTt.exe
  C:\Windows\System\ddQYPTt.exe
  2⤵
  PID:3496
- C:\Windows\System\zmyrLlp.exe
  C:\Windows\System\zmyrLlp.exe
  2⤵
  PID:3520
- C:\Windows\System\pSpYnYD.exe
  C:\Windows\System\pSpYnYD.exe
  2⤵
  PID:3564
- C:\Windows\System\XFNXxXV.exe
  C:\Windows\System\XFNXxXV.exe
  2⤵
  PID:3580
- C:\Windows\System\HWSMKOV.exe
  C:\Windows\System\HWSMKOV.exe
  2⤵
  PID:3624
- C:\Windows\System\lOKStkq.exe
  C:\Windows\System\lOKStkq.exe
  2⤵
  PID:3656
- C:\Windows\System\qYCxwPU.exe
  C:\Windows\System\qYCxwPU.exe
  2⤵
  PID:3704
- C:\Windows\System\qoHPXds.exe
  C:\Windows\System\qoHPXds.exe
  2⤵
  PID:3720
- C:\Windows\System\KMWTYCH.exe
  C:\Windows\System\KMWTYCH.exe
  2⤵
  PID:3764
- C:\Windows\System\bEwGsRP.exe
  C:\Windows\System\bEwGsRP.exe
  2⤵
  PID:3780
- C:\Windows\System\VunGLSf.exe
  C:\Windows\System\VunGLSf.exe
  2⤵
  PID:3820
- C:\Windows\System\qUzUqVq.exe
  C:\Windows\System\qUzUqVq.exe
  2⤵
  PID:3840
- C:\Windows\System\JxBaTID.exe
  C:\Windows\System\JxBaTID.exe
  2⤵
  PID:3904
- C:\Windows\System\frFiLPR.exe
  C:\Windows\System\frFiLPR.exe
  2⤵
  PID:3920
- C:\Windows\System\hduMoTa.exe
  C:\Windows\System\hduMoTa.exe
  2⤵
  PID:3976
- C:\Windows\System\hXLvPLK.exe
  C:\Windows\System\hXLvPLK.exe
  2⤵
  PID:4004
- C:\Windows\System\nVsgvBA.exe
  C:\Windows\System\nVsgvBA.exe
  2⤵
  PID:4056
- C:\Windows\System\OTXISMt.exe
  C:\Windows\System\OTXISMt.exe
  2⤵
  PID:4084
- C:\Windows\System\gtacJJy.exe
  C:\Windows\System\gtacJJy.exe
  2⤵
  PID:2760
- C:\Windows\System\VjcMyJn.exe
  C:\Windows\System\VjcMyJn.exe
  2⤵
  PID:2648
- C:\Windows\System\SPjomYz.exe
  C:\Windows\System\SPjomYz.exe
  2⤵
  PID:2960
- C:\Windows\System\xRObMRX.exe
  C:\Windows\System\xRObMRX.exe
  2⤵
  PID:2312
- C:\Windows\System\GABReJv.exe
  C:\Windows\System\GABReJv.exe
  2⤵
  PID:1140
- C:\Windows\System\JdFcRXl.exe
  C:\Windows\System\JdFcRXl.exe
  2⤵
  PID:1396
- C:\Windows\System\sYaJTaL.exe
  C:\Windows\System\sYaJTaL.exe
  2⤵
  PID:2472
- C:\Windows\System\VEQFzCp.exe
  C:\Windows\System\VEQFzCp.exe
  2⤵
  PID:3136
- C:\Windows\System\vdFOpWO.exe
  C:\Windows\System\vdFOpWO.exe
  2⤵
  PID:3200
- C:\Windows\System\wkHFSBB.exe
  C:\Windows\System\wkHFSBB.exe
  2⤵
  PID:3296
- C:\Windows\System\tbpRkzo.exe
  C:\Windows\System\tbpRkzo.exe
  2⤵
  PID:3244
- C:\Windows\System\OFWaFgl.exe
  C:\Windows\System\OFWaFgl.exe
  2⤵
  PID:3324
- C:\Windows\System\HdkhcNz.exe
  C:\Windows\System\HdkhcNz.exe
  2⤵
  PID:3360
- C:\Windows\System\YITQYll.exe
  C:\Windows\System\YITQYll.exe
  2⤵
  PID:3480
- C:\Windows\System\gSCCPBh.exe
  C:\Windows\System\gSCCPBh.exe
  2⤵
  PID:3556
- C:\Windows\System\LnesWfj.exe
  C:\Windows\System\LnesWfj.exe
  2⤵
  PID:3500
- C:\Windows\System\cZSetoB.exe
  C:\Windows\System\cZSetoB.exe
  2⤵
  PID:3576
- C:\Windows\System\cojaRvg.exe
  C:\Windows\System\cojaRvg.exe
  2⤵
  PID:3696
- C:\Windows\System\RZhEqIK.exe
  C:\Windows\System\RZhEqIK.exe
  2⤵
  PID:3760
- C:\Windows\System\oZdtfFo.exe
  C:\Windows\System\oZdtfFo.exe
  2⤵
  PID:3856
- C:\Windows\System\hOQhpre.exe
  C:\Windows\System\hOQhpre.exe
  2⤵
  PID:3800
- C:\Windows\System\hROzoWU.exe
  C:\Windows\System\hROzoWU.exe
  2⤵
  PID:3884
- C:\Windows\System\gAcagXi.exe
  C:\Windows\System\gAcagXi.exe
  2⤵
  PID:3956
- C:\Windows\System\xqRmSmT.exe
  C:\Windows\System\xqRmSmT.exe
  2⤵
  PID:4044
- C:\Windows\System\SbdlFQR.exe
  C:\Windows\System\SbdlFQR.exe
  2⤵
  PID:872
- C:\Windows\System\zsRjCXU.exe
  C:\Windows\System\zsRjCXU.exe
  2⤵
  PID:2640
- C:\Windows\System\xEHzJlB.exe
  C:\Windows\System\xEHzJlB.exe
  2⤵
  PID:1432
- C:\Windows\System\aTdPjpQ.exe
  C:\Windows\System\aTdPjpQ.exe
  2⤵
  PID:664
- C:\Windows\System\JcFYkGi.exe
  C:\Windows\System\JcFYkGi.exe
  2⤵
  PID:3116
- C:\Windows\System\GRQzGnJ.exe
  C:\Windows\System\GRQzGnJ.exe
  2⤵
  PID:3144
- C:\Windows\System\MbsrBss.exe
  C:\Windows\System\MbsrBss.exe
  2⤵
  PID:3356
- C:\Windows\System\wXjZMpy.exe
  C:\Windows\System\wXjZMpy.exe
  2⤵
  PID:3184
- C:\Windows\System\Qlhmtus.exe
  C:\Windows\System\Qlhmtus.exe
  2⤵
  PID:3604
- C:\Windows\System\EDUmKGg.exe
  C:\Windows\System\EDUmKGg.exe
  2⤵
  PID:3600
- C:\Windows\System\jskbrlx.exe
  C:\Windows\System\jskbrlx.exe
  2⤵
  PID:3524
- C:\Windows\System\qEuddeq.exe
  C:\Windows\System\qEuddeq.exe
  2⤵
  PID:3700
- C:\Windows\System\LZojDtp.exe
  C:\Windows\System\LZojDtp.exe
  2⤵
  PID:3804
- C:\Windows\System\cHeSTYS.exe
  C:\Windows\System\cHeSTYS.exe
  2⤵
  PID:4020
- C:\Windows\System\pJncPgE.exe
  C:\Windows\System\pJncPgE.exe
  2⤵
  PID:4112
- C:\Windows\System\CQthMJg.exe
  C:\Windows\System\CQthMJg.exe
  2⤵
  PID:4132
- C:\Windows\System\hOCgWRV.exe
  C:\Windows\System\hOCgWRV.exe
  2⤵
  PID:4148
- C:\Windows\System\HubhIpp.exe
  C:\Windows\System\HubhIpp.exe
  2⤵
  PID:4172
- C:\Windows\System\fGtYKYm.exe
  C:\Windows\System\fGtYKYm.exe
  2⤵
  PID:4188
- C:\Windows\System\RVGqiDz.exe
  C:\Windows\System\RVGqiDz.exe
  2⤵
  PID:4208
- C:\Windows\System\dwmHrJl.exe
  C:\Windows\System\dwmHrJl.exe
  2⤵
  PID:4228
- C:\Windows\System\yPejpJe.exe
  C:\Windows\System\yPejpJe.exe
  2⤵
  PID:4252
- C:\Windows\System\VbdVxDE.exe
  C:\Windows\System\VbdVxDE.exe
  2⤵
  PID:4268
- C:\Windows\System\QCEvngM.exe
  C:\Windows\System\QCEvngM.exe
  2⤵
  PID:4284
- C:\Windows\System\bTziwnB.exe
  C:\Windows\System\bTziwnB.exe
  2⤵
  PID:4308
- C:\Windows\System\kbdMHop.exe
  C:\Windows\System\kbdMHop.exe
  2⤵
  PID:4324
- C:\Windows\System\FvWdmev.exe
  C:\Windows\System\FvWdmev.exe
  2⤵
  PID:4348
- C:\Windows\System\zcsLDSN.exe
  C:\Windows\System\zcsLDSN.exe
  2⤵
  PID:4364
- C:\Windows\System\aDdCEgl.exe
  C:\Windows\System\aDdCEgl.exe
  2⤵
  PID:4388
- C:\Windows\System\DuQzJTq.exe
  C:\Windows\System\DuQzJTq.exe
  2⤵
  PID:4408
- C:\Windows\System\uFSsPVI.exe
  C:\Windows\System\uFSsPVI.exe
  2⤵
  PID:4428
- C:\Windows\System\tcvVfcr.exe
  C:\Windows\System\tcvVfcr.exe
  2⤵
  PID:4444
- C:\Windows\System\PwAHGvK.exe
  C:\Windows\System\PwAHGvK.exe
  2⤵
  PID:4468
- C:\Windows\System\bzDIHfA.exe
  C:\Windows\System\bzDIHfA.exe
  2⤵
  PID:4484
- C:\Windows\System\VJLqCIm.exe
  C:\Windows\System\VJLqCIm.exe
  2⤵
  PID:4508
- C:\Windows\System\CcJUKwu.exe
  C:\Windows\System\CcJUKwu.exe
  2⤵
  PID:4528
- C:\Windows\System\CYrReQE.exe
  C:\Windows\System\CYrReQE.exe
  2⤵
  PID:4552
- C:\Windows\System\YHmHcuU.exe
  C:\Windows\System\YHmHcuU.exe
  2⤵
  PID:4568
- C:\Windows\System\XLSMIyW.exe
  C:\Windows\System\XLSMIyW.exe
  2⤵
  PID:4592
- C:\Windows\System\sPaHejs.exe
  C:\Windows\System\sPaHejs.exe
  2⤵
  PID:4612
- C:\Windows\System\mWNxkcK.exe
  C:\Windows\System\mWNxkcK.exe
  2⤵
  PID:4628
- C:\Windows\System\RIXqyhd.exe
  C:\Windows\System\RIXqyhd.exe
  2⤵
  PID:4652
- C:\Windows\System\pbwPZYp.exe
  C:\Windows\System\pbwPZYp.exe
  2⤵
  PID:4676
- C:\Windows\System\ZkthutW.exe
  C:\Windows\System\ZkthutW.exe
  2⤵
  PID:4696
- C:\Windows\System\Nwbjwkm.exe
  C:\Windows\System\Nwbjwkm.exe
  2⤵
  PID:4712
- C:\Windows\System\QvMmsBO.exe
  C:\Windows\System\QvMmsBO.exe
  2⤵
  PID:4736
- C:\Windows\System\PkpkQRd.exe
  C:\Windows\System\PkpkQRd.exe
  2⤵
  PID:4756
- C:\Windows\System\idigSKe.exe
  C:\Windows\System\idigSKe.exe
  2⤵
  PID:4772
- C:\Windows\System\yksvrtJ.exe
  C:\Windows\System\yksvrtJ.exe
  2⤵
  PID:4792
- C:\Windows\System\HtVeSqk.exe
  C:\Windows\System\HtVeSqk.exe
  2⤵
  PID:4816
- C:\Windows\System\wpbqldN.exe
  C:\Windows\System\wpbqldN.exe
  2⤵
  PID:4832
- C:\Windows\System\LsAUZIm.exe
  C:\Windows\System\LsAUZIm.exe
  2⤵
  PID:4852
- C:\Windows\System\cKVruVr.exe
  C:\Windows\System\cKVruVr.exe
  2⤵
  PID:4872
- C:\Windows\System\vaWaMkO.exe
  C:\Windows\System\vaWaMkO.exe
  2⤵
  PID:4892
- C:\Windows\System\iBuTzYD.exe
  C:\Windows\System\iBuTzYD.exe
  2⤵
  PID:4912
- C:\Windows\System\tAKsMwh.exe
  C:\Windows\System\tAKsMwh.exe
  2⤵
  PID:4932
- C:\Windows\System\MDPYZmq.exe
  C:\Windows\System\MDPYZmq.exe
  2⤵
  PID:4952
- C:\Windows\System\ExURcMa.exe
  C:\Windows\System\ExURcMa.exe
  2⤵
  PID:4972
- C:\Windows\System\XFliWEc.exe
  C:\Windows\System\XFliWEc.exe
  2⤵
  PID:4992
- C:\Windows\System\rPXwtcl.exe
  C:\Windows\System\rPXwtcl.exe
  2⤵
  PID:5012
- C:\Windows\System\hRguYeF.exe
  C:\Windows\System\hRguYeF.exe
  2⤵
  PID:5032
- C:\Windows\System\sgBqsag.exe
  C:\Windows\System\sgBqsag.exe
  2⤵
  PID:5052
- C:\Windows\System\UVMqFUM.exe
  C:\Windows\System\UVMqFUM.exe
  2⤵
  PID:5076
- C:\Windows\System\KtsHUhn.exe
  C:\Windows\System\KtsHUhn.exe
  2⤵
  PID:5096
- C:\Windows\System\BFrVRPe.exe
  C:\Windows\System\BFrVRPe.exe
  2⤵
  PID:5116
- C:\Windows\System\KpDfhPW.exe
  C:\Windows\System\KpDfhPW.exe
  2⤵
  PID:4076
- C:\Windows\System\yVfHubv.exe
  C:\Windows\System\yVfHubv.exe
  2⤵
  PID:2128
- C:\Windows\System\vKjZNhA.exe
  C:\Windows\System\vKjZNhA.exe
  2⤵
  PID:2140
- C:\Windows\System\JpdKrzs.exe
  C:\Windows\System\JpdKrzs.exe
  2⤵
  PID:3264
- C:\Windows\System\bblxfyz.exe
  C:\Windows\System\bblxfyz.exe
  2⤵
  PID:3544
- C:\Windows\System\ePUjMzx.exe
  C:\Windows\System\ePUjMzx.exe
  2⤵
  PID:3440
- C:\Windows\System\XYxHWyg.exe
  C:\Windows\System\XYxHWyg.exe
  2⤵
  PID:3424
- C:\Windows\System\wXukvMM.exe
  C:\Windows\System\wXukvMM.exe
  2⤵
  PID:3516
- C:\Windows\System\TLBAPKI.exe
  C:\Windows\System\TLBAPKI.exe
  2⤵
  PID:3916
- C:\Windows\System\SyIvKIv.exe
  C:\Windows\System\SyIvKIv.exe
  2⤵
  PID:4164
- C:\Windows\System\iLuhPKe.exe
  C:\Windows\System\iLuhPKe.exe
  2⤵
  PID:4108
- C:\Windows\System\jyYUEmW.exe
  C:\Windows\System\jyYUEmW.exe
  2⤵
  PID:4236
- C:\Windows\System\syrTbEK.exe
  C:\Windows\System\syrTbEK.exe
  2⤵
  PID:4180
- C:\Windows\System\UVXmRkg.exe
  C:\Windows\System\UVXmRkg.exe
  2⤵
  PID:4216
- C:\Windows\System\hjHhLZi.exe
  C:\Windows\System\hjHhLZi.exe
  2⤵
  PID:4360
- C:\Windows\System\JUdsxUK.exe
  C:\Windows\System\JUdsxUK.exe
  2⤵
  PID:4300
- C:\Windows\System\opkDcQA.exe
  C:\Windows\System\opkDcQA.exe
  2⤵
  PID:4436
- C:\Windows\System\ERQABcO.exe
  C:\Windows\System\ERQABcO.exe
  2⤵
  PID:4340
- C:\Windows\System\omfVZlU.exe
  C:\Windows\System\omfVZlU.exe
  2⤵
  PID:4380
- C:\Windows\System\dTGGtYy.exe
  C:\Windows\System\dTGGtYy.exe
  2⤵
  PID:4424
- C:\Windows\System\ILZBdQM.exe
  C:\Windows\System\ILZBdQM.exe
  2⤵
  PID:4564
- C:\Windows\System\NpEmZBu.exe
  C:\Windows\System\NpEmZBu.exe
  2⤵
  PID:4492
- C:\Windows\System\WJVOTrs.exe
  C:\Windows\System\WJVOTrs.exe
  2⤵
  PID:4604
- C:\Windows\System\BSTBLEN.exe
  C:\Windows\System\BSTBLEN.exe
  2⤵
  PID:4640
- C:\Windows\System\AcLZbNR.exe
  C:\Windows\System\AcLZbNR.exe
  2⤵
  PID:4684
- C:\Windows\System\mGBlHau.exe
  C:\Windows\System\mGBlHau.exe
  2⤵
  PID:4720
- C:\Windows\System\OuPFryP.exe
  C:\Windows\System\OuPFryP.exe
  2⤵
  PID:4620
- C:\Windows\System\DwONMYO.exe
  C:\Windows\System\DwONMYO.exe
  2⤵
  PID:4724
- C:\Windows\System\fWIIMNw.exe
  C:\Windows\System\fWIIMNw.exe
  2⤵
  PID:4704
- C:\Windows\System\SSvaNLL.exe
  C:\Windows\System\SSvaNLL.exe
  2⤵
  PID:4840
- C:\Windows\System\luyDSCs.exe
  C:\Windows\System\luyDSCs.exe
  2⤵
  PID:4788
- C:\Windows\System\eKnRjaF.exe
  C:\Windows\System\eKnRjaF.exe
  2⤵
  PID:4884
- C:\Windows\System\khLkxjW.exe
  C:\Windows\System\khLkxjW.exe
  2⤵
  PID:4868
- C:\Windows\System\IAUZRYL.exe
  C:\Windows\System\IAUZRYL.exe
  2⤵
  PID:4968
- C:\Windows\System\tpTfAbG.exe
  C:\Windows\System\tpTfAbG.exe
  2⤵
  PID:4948
- C:\Windows\System\hQyTakC.exe
  C:\Windows\System\hQyTakC.exe
  2⤵
  PID:4984
- C:\Windows\System\wErpFGL.exe
  C:\Windows\System\wErpFGL.exe
  2⤵
  PID:5028
- C:\Windows\System\LNZIOoD.exe
  C:\Windows\System\LNZIOoD.exe
  2⤵
  PID:5072
- C:\Windows\System\JZlUyuY.exe
  C:\Windows\System\JZlUyuY.exe
  2⤵
  PID:5068
- C:\Windows\System\YioTKGd.exe
  C:\Windows\System\YioTKGd.exe
  2⤵
  PID:5108
- C:\Windows\System\cHMOIyf.exe
  C:\Windows\System\cHMOIyf.exe
  2⤵
  PID:3076
- C:\Windows\System\yscUJfb.exe
  C:\Windows\System\yscUJfb.exe
  2⤵
  PID:3384
- C:\Windows\System\ZvtOhhY.exe
  C:\Windows\System\ZvtOhhY.exe
  2⤵
  PID:3640
- C:\Windows\System\GWpTybK.exe
  C:\Windows\System\GWpTybK.exe
  2⤵
  PID:4124
- C:\Windows\System\ZzGmebp.exe
  C:\Windows\System\ZzGmebp.exe
  2⤵
  PID:3936
- C:\Windows\System\yQadTpf.exe
  C:\Windows\System\yQadTpf.exe
  2⤵
  PID:4248
- C:\Windows\System\ljAKOFE.exe
  C:\Windows\System\ljAKOFE.exe
  2⤵
  PID:4204
- C:\Windows\System\Gjgmwds.exe
  C:\Windows\System\Gjgmwds.exe
  2⤵
  PID:4276
- C:\Windows\System\CuMUJIr.exe
  C:\Windows\System\CuMUJIr.exe
  2⤵
  PID:4316
- C:\Windows\System\OZLuaPf.exe
  C:\Windows\System\OZLuaPf.exe
  2⤵
  PID:4376
- C:\Windows\System\FjIYWdD.exe
  C:\Windows\System\FjIYWdD.exe
  2⤵
  PID:4520
- C:\Windows\System\kMJMIAp.exe
  C:\Windows\System\kMJMIAp.exe
  2⤵
  PID:4496
- C:\Windows\System\EKIawik.exe
  C:\Windows\System\EKIawik.exe
  2⤵
  PID:4648
- C:\Windows\System\IpPVawt.exe
  C:\Windows\System\IpPVawt.exe
  2⤵
  PID:4456
- C:\Windows\System\UYhSuIP.exe
  C:\Windows\System\UYhSuIP.exe
  2⤵
  PID:4624
- C:\Windows\System\AVZbyay.exe
  C:\Windows\System\AVZbyay.exe
  2⤵
  PID:4804
- C:\Windows\System\NmiFdrb.exe
  C:\Windows\System\NmiFdrb.exe
  2⤵
  PID:4664
- C:\Windows\System\PjTfbkA.exe
  C:\Windows\System\PjTfbkA.exe
  2⤵
  PID:4748
- C:\Windows\System\uRXcCgp.exe
  C:\Windows\System\uRXcCgp.exe
  2⤵
  PID:4888
- C:\Windows\System\wLohCEh.exe
  C:\Windows\System\wLohCEh.exe
  2⤵
  PID:4944
- C:\Windows\System\oBzTBKV.exe
  C:\Windows\System\oBzTBKV.exe
  2⤵
  PID:5044
- C:\Windows\System\YqaWfKd.exe
  C:\Windows\System\YqaWfKd.exe
  2⤵
  PID:5092
- C:\Windows\System\KuamjnJ.exe
  C:\Windows\System\KuamjnJ.exe
  2⤵
  PID:5060
- C:\Windows\System\PXWdvOK.exe
  C:\Windows\System\PXWdvOK.exe
  2⤵
  PID:5112
- C:\Windows\System\JFCEqmE.exe
  C:\Windows\System\JFCEqmE.exe
  2⤵
  PID:3844
- C:\Windows\System\KAZxnYa.exe
  C:\Windows\System\KAZxnYa.exe
  2⤵
  PID:4100
- C:\Windows\System\QxbMZSU.exe
  C:\Windows\System\QxbMZSU.exe
  2⤵
  PID:4128
- C:\Windows\System\kUAWqDD.exe
  C:\Windows\System\kUAWqDD.exe
  2⤵
  PID:4296
- C:\Windows\System\PzawspP.exe
  C:\Windows\System\PzawspP.exe
  2⤵
  PID:4356
- C:\Windows\System\ouqECIm.exe
  C:\Windows\System\ouqECIm.exe
  2⤵
  PID:4608
- C:\Windows\System\ByJgAfX.exe
  C:\Windows\System\ByJgAfX.exe
  2⤵
  PID:4260
- C:\Windows\System\QdoeMFP.exe
  C:\Windows\System\QdoeMFP.exe
  2⤵
  PID:4420
- C:\Windows\System\veqWWkT.exe
  C:\Windows\System\veqWWkT.exe
  2⤵
  PID:4784
- C:\Windows\System\iSoaeHm.exe
  C:\Windows\System\iSoaeHm.exe
  2⤵
  PID:4800
- C:\Windows\System\OhTRLDS.exe
  C:\Windows\System\OhTRLDS.exe
  2⤵
  PID:5040
- C:\Windows\System\VRrAMPw.exe
  C:\Windows\System\VRrAMPw.exe
  2⤵
  PID:4752
- C:\Windows\System\GmCTAYI.exe
  C:\Windows\System\GmCTAYI.exe
  2⤵
  PID:4904
- C:\Windows\System\rhYoNtP.exe
  C:\Windows\System\rhYoNtP.exe
  2⤵
  PID:4980
- C:\Windows\System\PYoULkd.exe
  C:\Windows\System\PYoULkd.exe
  2⤵
  PID:4332
- C:\Windows\System\xPlhzdy.exe
  C:\Windows\System\xPlhzdy.exe
  2⤵
  PID:4344
- C:\Windows\System\mTxpiVO.exe
  C:\Windows\System\mTxpiVO.exe
  2⤵
  PID:5128
- C:\Windows\System\nNiHkbr.exe
  C:\Windows\System\nNiHkbr.exe
  2⤵
  PID:5148
- C:\Windows\System\MrpxFBM.exe
  C:\Windows\System\MrpxFBM.exe
  2⤵
  PID:5168
- C:\Windows\System\QJSArzQ.exe
  C:\Windows\System\QJSArzQ.exe
  2⤵
  PID:5188
- C:\Windows\System\ICqzNSP.exe
  C:\Windows\System\ICqzNSP.exe
  2⤵
  PID:5208
- C:\Windows\System\NeEcnJU.exe
  C:\Windows\System\NeEcnJU.exe
  2⤵
  PID:5228
- C:\Windows\System\zRtEndV.exe
  C:\Windows\System\zRtEndV.exe
  2⤵
  PID:5248
- C:\Windows\System\fSTkcrF.exe
  C:\Windows\System\fSTkcrF.exe
  2⤵
  PID:5268
- C:\Windows\System\xwCMCUY.exe
  C:\Windows\System\xwCMCUY.exe
  2⤵
  PID:5288
- C:\Windows\System\RjAbPeb.exe
  C:\Windows\System\RjAbPeb.exe
  2⤵
  PID:5308
- C:\Windows\System\FYDXULJ.exe
  C:\Windows\System\FYDXULJ.exe
  2⤵
  PID:5328
- C:\Windows\System\DuIsVpB.exe
  C:\Windows\System\DuIsVpB.exe
  2⤵
  PID:5348
- C:\Windows\System\UUEFPHE.exe
  C:\Windows\System\UUEFPHE.exe
  2⤵
  PID:5368
- C:\Windows\System\CqtlERC.exe
  C:\Windows\System\CqtlERC.exe
  2⤵
  PID:5388
- C:\Windows\System\kmoUMca.exe
  C:\Windows\System\kmoUMca.exe
  2⤵
  PID:5408
- C:\Windows\System\tzKEGfK.exe
  C:\Windows\System\tzKEGfK.exe
  2⤵
  PID:5428
- C:\Windows\System\pQNmpIH.exe
  C:\Windows\System\pQNmpIH.exe
  2⤵
  PID:5448
- C:\Windows\System\ULYSQEk.exe
  C:\Windows\System\ULYSQEk.exe
  2⤵
  PID:5468
- C:\Windows\System\waJKnHB.exe
  C:\Windows\System\waJKnHB.exe
  2⤵
  PID:5488
- C:\Windows\System\eNlNFkS.exe
  C:\Windows\System\eNlNFkS.exe
  2⤵
  PID:5508
- C:\Windows\System\DmPWScP.exe
  C:\Windows\System\DmPWScP.exe
  2⤵
  PID:5528
- C:\Windows\System\XaNdfEX.exe
  C:\Windows\System\XaNdfEX.exe
  2⤵
  PID:5544
- C:\Windows\System\zoAIWQu.exe
  C:\Windows\System\zoAIWQu.exe
  2⤵
  PID:5568
- C:\Windows\System\eRZuVVU.exe
  C:\Windows\System\eRZuVVU.exe
  2⤵
  PID:5584
- C:\Windows\System\QvamAgP.exe
  C:\Windows\System\QvamAgP.exe
  2⤵
  PID:5608
- C:\Windows\System\aqssVVv.exe
  C:\Windows\System\aqssVVv.exe
  2⤵
  PID:5628
- C:\Windows\System\tOnFKgp.exe
  C:\Windows\System\tOnFKgp.exe
  2⤵
  PID:5648
- C:\Windows\System\hOCuhRe.exe
  C:\Windows\System\hOCuhRe.exe
  2⤵
  PID:5668
- C:\Windows\System\AMryFkd.exe
  C:\Windows\System\AMryFkd.exe
  2⤵
  PID:5692
- C:\Windows\System\mnvpoYX.exe
  C:\Windows\System\mnvpoYX.exe
  2⤵
  PID:5708
- C:\Windows\System\VnkCyID.exe
  C:\Windows\System\VnkCyID.exe
  2⤵
  PID:5732
- C:\Windows\System\etpRufF.exe
  C:\Windows\System\etpRufF.exe
  2⤵
  PID:5748
- C:\Windows\System\SiUmGHs.exe
  C:\Windows\System\SiUmGHs.exe
  2⤵
  PID:5772
- C:\Windows\System\rCrcgon.exe
  C:\Windows\System\rCrcgon.exe
  2⤵
  PID:5788
- C:\Windows\System\mmtYqsD.exe
  C:\Windows\System\mmtYqsD.exe
  2⤵
  PID:5812
- C:\Windows\System\KcpDiXM.exe
  C:\Windows\System\KcpDiXM.exe
  2⤵
  PID:5828
- C:\Windows\System\HjNEgTw.exe
  C:\Windows\System\HjNEgTw.exe
  2⤵
  PID:5852
- C:\Windows\System\HsWHrya.exe
  C:\Windows\System\HsWHrya.exe
  2⤵
  PID:5872
- C:\Windows\System\alPPEVH.exe
  C:\Windows\System\alPPEVH.exe
  2⤵
  PID:5892
- C:\Windows\System\UGRTCPp.exe
  C:\Windows\System\UGRTCPp.exe
  2⤵
  PID:5912
- C:\Windows\System\ZWipBvL.exe
  C:\Windows\System\ZWipBvL.exe
  2⤵
  PID:5932
- C:\Windows\System\ZGJOEgd.exe
  C:\Windows\System\ZGJOEgd.exe
  2⤵
  PID:5952
- C:\Windows\System\VaTZBmI.exe
  C:\Windows\System\VaTZBmI.exe
  2⤵
  PID:5972
- C:\Windows\System\tGKKACu.exe
  C:\Windows\System\tGKKACu.exe
  2⤵
  PID:5988
- C:\Windows\System\nDkHuVw.exe
  C:\Windows\System\nDkHuVw.exe
  2⤵
  PID:6012
- C:\Windows\System\hqNfIRy.exe
  C:\Windows\System\hqNfIRy.exe
  2⤵
  PID:6032
- C:\Windows\System\LNUkOZD.exe
  C:\Windows\System\LNUkOZD.exe
  2⤵
  PID:6052
- C:\Windows\System\OsSOncK.exe
  C:\Windows\System\OsSOncK.exe
  2⤵
  PID:6072
- C:\Windows\System\FpPyuWs.exe
  C:\Windows\System\FpPyuWs.exe
  2⤵
  PID:6092
- C:\Windows\System\bpfKsKN.exe
  C:\Windows\System\bpfKsKN.exe
  2⤵
  PID:6112
- C:\Windows\System\xMkbIyW.exe
  C:\Windows\System\xMkbIyW.exe
  2⤵
  PID:6132
- C:\Windows\System\UMGldDv.exe
  C:\Windows\System\UMGldDv.exe
  2⤵
  PID:3876
- C:\Windows\System\ZxCjlQU.exe
  C:\Windows\System\ZxCjlQU.exe
  2⤵
  PID:4504
- C:\Windows\System\mtIFBDN.exe
  C:\Windows\System\mtIFBDN.exe
  2⤵
  PID:4576
- C:\Windows\System\onxQmXO.exe
  C:\Windows\System\onxQmXO.exe
  2⤵
  PID:3676
- C:\Windows\System\QmEpCHE.exe
  C:\Windows\System\QmEpCHE.exe
  2⤵
  PID:4460
- C:\Windows\System\HGVsvzF.exe
  C:\Windows\System\HGVsvzF.exe
  2⤵
  PID:1440
- C:\Windows\System\VcTnpVy.exe
  C:\Windows\System\VcTnpVy.exe
  2⤵
  PID:4660
- C:\Windows\System\mopmWrV.exe
  C:\Windows\System\mopmWrV.exe
  2⤵
  PID:5136
- C:\Windows\System\iJFesTM.exe
  C:\Windows\System\iJFesTM.exe
  2⤵
  PID:5160
- C:\Windows\System\eQdaljy.exe
  C:\Windows\System\eQdaljy.exe
  2⤵
  PID:5180
- C:\Windows\System\fEegPoJ.exe
  C:\Windows\System\fEegPoJ.exe
  2⤵
  PID:5220
- C:\Windows\System\HrFhDXs.exe
  C:\Windows\System\HrFhDXs.exe
  2⤵
  PID:5264
- C:\Windows\System\oJmOmAh.exe
  C:\Windows\System\oJmOmAh.exe
  2⤵
  PID:5260
- C:\Windows\System\DRfcePr.exe
  C:\Windows\System\DRfcePr.exe
  2⤵
  PID:5356
- C:\Windows\System\YLXYMit.exe
  C:\Windows\System\YLXYMit.exe
  2⤵
  PID:5344
- C:\Windows\System\vbgyIvw.exe
  C:\Windows\System\vbgyIvw.exe
  2⤵
  PID:5384
- C:\Windows\System\hfRsKiP.exe
  C:\Windows\System\hfRsKiP.exe
  2⤵
  PID:5440
- C:\Windows\System\aZnnxvb.exe
  C:\Windows\System\aZnnxvb.exe
  2⤵
  PID:5480
- C:\Windows\System\RPhuDyI.exe
  C:\Windows\System\RPhuDyI.exe
  2⤵
  PID:5524
- C:\Windows\System\mjFcPvv.exe
  C:\Windows\System\mjFcPvv.exe
  2⤵
  PID:5564
- C:\Windows\System\ZtxELDs.exe
  C:\Windows\System\ZtxELDs.exe
  2⤵
  PID:5540
- C:\Windows\System\mAKiOZx.exe
  C:\Windows\System\mAKiOZx.exe
  2⤵
  PID:5576
- C:\Windows\System\TZVwshE.exe
  C:\Windows\System\TZVwshE.exe
  2⤵
  PID:5616
- C:\Windows\System\MlYeMlN.exe
  C:\Windows\System\MlYeMlN.exe
  2⤵
  PID:5688
- C:\Windows\System\JWYRVdM.exe
  C:\Windows\System\JWYRVdM.exe
  2⤵
  PID:5724
- C:\Windows\System\orqAacB.exe
  C:\Windows\System\orqAacB.exe
  2⤵
  PID:5704
- C:\Windows\System\nWJsmys.exe
  C:\Windows\System\nWJsmys.exe
  2⤵
  PID:5804
- C:\Windows\System\oXxjzil.exe
  C:\Windows\System\oXxjzil.exe
  2⤵
  PID:5780
- C:\Windows\System\HILALJf.exe
  C:\Windows\System\HILALJf.exe
  2⤵
  PID:5848
- C:\Windows\System\TJccgfj.exe
  C:\Windows\System\TJccgfj.exe
  2⤵
  PID:5888
- C:\Windows\System\rBbOMnK.exe
  C:\Windows\System\rBbOMnK.exe
  2⤵
  PID:5868
- C:\Windows\System\AappUlX.exe
  C:\Windows\System\AappUlX.exe
  2⤵
  PID:5960
- C:\Windows\System\NVrhYce.exe
  C:\Windows\System\NVrhYce.exe
  2⤵
  PID:5948
- C:\Windows\System\ATXOIzh.exe
  C:\Windows\System\ATXOIzh.exe
  2⤵
  PID:5984
- C:\Windows\System\QTjXZRa.exe
  C:\Windows\System\QTjXZRa.exe
  2⤵
  PID:6020
- C:\Windows\System\fBZXSKA.exe
  C:\Windows\System\fBZXSKA.exe
  2⤵
  PID:6060
- C:\Windows\System\gEbJbGJ.exe
  C:\Windows\System\gEbJbGJ.exe
  2⤵
  PID:6100
- C:\Windows\System\ASCDiFf.exe
  C:\Windows\System\ASCDiFf.exe
  2⤵
  PID:6140
- C:\Windows\System\QrCGMnE.exe
  C:\Windows\System\QrCGMnE.exe
  2⤵
  PID:4156
- C:\Windows\System\loZISwq.exe
  C:\Windows\System\loZISwq.exe
  2⤵
  PID:4848
- C:\Windows\System\bHeUrvM.exe
  C:\Windows\System\bHeUrvM.exe
  2⤵
  PID:4828
- C:\Windows\System\NfTnBFP.exe
  C:\Windows\System\NfTnBFP.exe
  2⤵
  PID:3344
- C:\Windows\System\BCSTXXf.exe
  C:\Windows\System\BCSTXXf.exe
  2⤵
  PID:5196
- C:\Windows\System\YcQRCfU.exe
  C:\Windows\System\YcQRCfU.exe
  2⤵
  PID:5244
- C:\Windows\System\dHXcTLO.exe
  C:\Windows\System\dHXcTLO.exe
  2⤵
  PID:5256
- C:\Windows\System\NyNptlR.exe
  C:\Windows\System\NyNptlR.exe
  2⤵
  PID:5316
- C:\Windows\System\pJqQdds.exe
  C:\Windows\System\pJqQdds.exe
  2⤵
  PID:5400
- C:\Windows\System\vcjRcdG.exe
  C:\Windows\System\vcjRcdG.exe
  2⤵
  PID:5416
- C:\Windows\System\OKXVtBE.exe
  C:\Windows\System\OKXVtBE.exe
  2⤵
  PID:5516
- C:\Windows\System\NdpKktU.exe
  C:\Windows\System\NdpKktU.exe
  2⤵
  PID:5604
- C:\Windows\System\lyNlnym.exe
  C:\Windows\System\lyNlnym.exe
  2⤵
  PID:5620
- C:\Windows\System\mzoyKJM.exe
  C:\Windows\System\mzoyKJM.exe
  2⤵
  PID:5676
- C:\Windows\System\gzFsZKw.exe
  C:\Windows\System\gzFsZKw.exe
  2⤵
  PID:5684
- C:\Windows\System\iyyuSkm.exe
  C:\Windows\System\iyyuSkm.exe
  2⤵
  PID:5800
- C:\Windows\System\BjfZgnP.exe
  C:\Windows\System\BjfZgnP.exe
  2⤵
  PID:5880
- C:\Windows\System\QvFCSZy.exe
  C:\Windows\System\QvFCSZy.exe
  2⤵
  PID:5904
- C:\Windows\System\gCwDngg.exe
  C:\Windows\System\gCwDngg.exe
  2⤵
  PID:5964
- C:\Windows\System\wEYNrYj.exe
  C:\Windows\System\wEYNrYj.exe
  2⤵
  PID:6004
- C:\Windows\System\FyFRKrl.exe
  C:\Windows\System\FyFRKrl.exe
  2⤵
  PID:6044
- C:\Windows\System\fsYsFLz.exe
  C:\Windows\System\fsYsFLz.exe
  2⤵
  PID:6104
- C:\Windows\System\lBYcJXI.exe
  C:\Windows\System\lBYcJXI.exe
  2⤵
  PID:4808
- C:\Windows\System\sdMQDgf.exe
  C:\Windows\System\sdMQDgf.exe
  2⤵
  PID:5024
- C:\Windows\System\vzDRWWO.exe
  C:\Windows\System\vzDRWWO.exe
  2⤵
  PID:4404
- C:\Windows\System\zeHTors.exe
  C:\Windows\System\zeHTors.exe
  2⤵
  PID:5200
- C:\Windows\System\eefmBek.exe
  C:\Windows\System\eefmBek.exe
  2⤵
  PID:5236
- C:\Windows\System\goOcCiG.exe
  C:\Windows\System\goOcCiG.exe
  2⤵
  PID:5376
- C:\Windows\System\IXUHDXg.exe
  C:\Windows\System\IXUHDXg.exe
  2⤵
  PID:5600
- C:\Windows\System\xAUWcvY.exe
  C:\Windows\System\xAUWcvY.exe
  2⤵
  PID:6152
- C:\Windows\System\QbIpXmu.exe
  C:\Windows\System\QbIpXmu.exe
  2⤵
  PID:6172
- C:\Windows\System\XsBDOQS.exe
  C:\Windows\System\XsBDOQS.exe
  2⤵
  PID:6192
- C:\Windows\System\SDdrdDk.exe
  C:\Windows\System\SDdrdDk.exe
  2⤵
  PID:6212
- C:\Windows\System\utQDuPv.exe
  C:\Windows\System\utQDuPv.exe
  2⤵
  PID:6232
- C:\Windows\System\ofPrxSM.exe
  C:\Windows\System\ofPrxSM.exe
  2⤵
  PID:6252
- C:\Windows\System\AQTDDWO.exe
  C:\Windows\System\AQTDDWO.exe
  2⤵
  PID:6272
- C:\Windows\System\mThnHlq.exe
  C:\Windows\System\mThnHlq.exe
  2⤵
  PID:6292
- C:\Windows\System\lzYNXRl.exe
  C:\Windows\System\lzYNXRl.exe
  2⤵
  PID:6312
- C:\Windows\System\UuRAAtg.exe
  C:\Windows\System\UuRAAtg.exe
  2⤵
  PID:6332
- C:\Windows\System\ljzvgfn.exe
  C:\Windows\System\ljzvgfn.exe
  2⤵
  PID:6352
- C:\Windows\System\EbYIARE.exe
  C:\Windows\System\EbYIARE.exe
  2⤵
  PID:6372
- C:\Windows\System\Pvdvlay.exe
  C:\Windows\System\Pvdvlay.exe
  2⤵
  PID:6392
- C:\Windows\System\kwLvcRE.exe
  C:\Windows\System\kwLvcRE.exe
  2⤵
  PID:6412
- C:\Windows\System\WjHpaUo.exe
  C:\Windows\System\WjHpaUo.exe
  2⤵
  PID:6432
- C:\Windows\System\aDTRqws.exe
  C:\Windows\System\aDTRqws.exe
  2⤵
  PID:6452
- C:\Windows\System\PajujBz.exe
  C:\Windows\System\PajujBz.exe
  2⤵
  PID:6472
- C:\Windows\System\XYQJwBV.exe
  C:\Windows\System\XYQJwBV.exe
  2⤵
  PID:6492
- C:\Windows\System\rcXpNka.exe
  C:\Windows\System\rcXpNka.exe
  2⤵
  PID:6512
- C:\Windows\System\yMOkVAP.exe
  C:\Windows\System\yMOkVAP.exe
  2⤵
  PID:6532
- C:\Windows\System\Etmdexh.exe
  C:\Windows\System\Etmdexh.exe
  2⤵
  PID:6556
- C:\Windows\System\lLfomkR.exe
  C:\Windows\System\lLfomkR.exe
  2⤵
  PID:6576
- C:\Windows\System\SgsGSNL.exe
  C:\Windows\System\SgsGSNL.exe
  2⤵
  PID:6596
- C:\Windows\System\QqdwSYt.exe
  C:\Windows\System\QqdwSYt.exe
  2⤵
  PID:6616
- C:\Windows\System\POBJerh.exe
  C:\Windows\System\POBJerh.exe
  2⤵
  PID:6636
- C:\Windows\System\ilFYilr.exe
  C:\Windows\System\ilFYilr.exe
  2⤵
  PID:6656
- C:\Windows\System\ZnYSUMK.exe
  C:\Windows\System\ZnYSUMK.exe
  2⤵
  PID:6676
- C:\Windows\System\gABJrlC.exe
  C:\Windows\System\gABJrlC.exe
  2⤵
  PID:6696
- C:\Windows\System\XSOGMFF.exe
  C:\Windows\System\XSOGMFF.exe
  2⤵
  PID:6716
- C:\Windows\System\vtgEjLY.exe
  C:\Windows\System\vtgEjLY.exe
  2⤵
  PID:6736
- C:\Windows\System\TMiAZpf.exe
  C:\Windows\System\TMiAZpf.exe
  2⤵
  PID:6756
- C:\Windows\System\AXVVyMg.exe
  C:\Windows\System\AXVVyMg.exe
  2⤵
  PID:6776
- C:\Windows\System\yApMTok.exe
  C:\Windows\System\yApMTok.exe
  2⤵
  PID:6796
- C:\Windows\System\ijLRuwC.exe
  C:\Windows\System\ijLRuwC.exe
  2⤵
  PID:6816
- C:\Windows\System\gNKEKTJ.exe
  C:\Windows\System\gNKEKTJ.exe
  2⤵
  PID:6836
- C:\Windows\System\HtPEApW.exe
  C:\Windows\System\HtPEApW.exe
  2⤵
  PID:6856
- C:\Windows\System\RhdHHNd.exe
  C:\Windows\System\RhdHHNd.exe
  2⤵
  PID:6876
- C:\Windows\System\OqdIOgU.exe
  C:\Windows\System\OqdIOgU.exe
  2⤵
  PID:6896
- C:\Windows\System\IbfMgmR.exe
  C:\Windows\System\IbfMgmR.exe
  2⤵
  PID:6916
- C:\Windows\System\ddyFYFC.exe
  C:\Windows\System\ddyFYFC.exe
  2⤵
  PID:6936
- C:\Windows\System\eInCWGh.exe
  C:\Windows\System\eInCWGh.exe
  2⤵
  PID:6956
- C:\Windows\System\psetygy.exe
  C:\Windows\System\psetygy.exe
  2⤵
  PID:6976
- C:\Windows\System\xtbRaoh.exe
  C:\Windows\System\xtbRaoh.exe
  2⤵
  PID:6996
- C:\Windows\System\xGEADKy.exe
  C:\Windows\System\xGEADKy.exe
  2⤵
  PID:7016
- C:\Windows\System\ZuGnIng.exe
  C:\Windows\System\ZuGnIng.exe
  2⤵
  PID:7036
- C:\Windows\System\AdNZbIR.exe
  C:\Windows\System\AdNZbIR.exe
  2⤵
  PID:7056
- C:\Windows\System\QCxmlua.exe
  C:\Windows\System\QCxmlua.exe
  2⤵
  PID:7076
- C:\Windows\System\HJSFMMJ.exe
  C:\Windows\System\HJSFMMJ.exe
  2⤵
  PID:7096
- C:\Windows\System\wroggol.exe
  C:\Windows\System\wroggol.exe
  2⤵
  PID:7116
- C:\Windows\System\JYGdtHV.exe
  C:\Windows\System\JYGdtHV.exe
  2⤵
  PID:7136
- C:\Windows\System\rKMgygl.exe
  C:\Windows\System\rKMgygl.exe
  2⤵
  PID:7156
- C:\Windows\System\UlrSlaK.exe
  C:\Windows\System\UlrSlaK.exe
  2⤵
  PID:5680
- C:\Windows\System\fUIYxuT.exe
  C:\Windows\System\fUIYxuT.exe
  2⤵
  PID:5768
- C:\Windows\System\RxJCyRI.exe
  C:\Windows\System\RxJCyRI.exe
  2⤵
  PID:5824
- C:\Windows\System\bdXCdPo.exe
  C:\Windows\System\bdXCdPo.exe
  2⤵
  PID:5820
- C:\Windows\System\KhqfXCA.exe
  C:\Windows\System\KhqfXCA.exe
  2⤵
  PID:6008
- C:\Windows\System\YmAIgwM.exe
  C:\Windows\System\YmAIgwM.exe
  2⤵
  PID:6124
- C:\Windows\System\oFCzlnd.exe
  C:\Windows\System\oFCzlnd.exe
  2⤵
  PID:4580
- C:\Windows\System\kUbbfjS.exe
  C:\Windows\System\kUbbfjS.exe
  2⤵
  PID:4400
- C:\Windows\System\FfTvEnl.exe
  C:\Windows\System\FfTvEnl.exe
  2⤵
  PID:5224
- C:\Windows\System\IcyMjdZ.exe
  C:\Windows\System\IcyMjdZ.exe
  2⤵
  PID:5484
- C:\Windows\System\nCECsBy.exe
  C:\Windows\System\nCECsBy.exe
  2⤵
  PID:5552
- C:\Windows\System\OFgXQoN.exe
  C:\Windows\System\OFgXQoN.exe
  2⤵
  PID:6164
- C:\Windows\System\TqxKfhu.exe
  C:\Windows\System\TqxKfhu.exe
  2⤵
  PID:6220
- C:\Windows\System\FYCPaSK.exe
  C:\Windows\System\FYCPaSK.exe
  2⤵
  PID:6244
- C:\Windows\System\VgWhOfK.exe
  C:\Windows\System\VgWhOfK.exe
  2⤵
  PID:6300
- C:\Windows\System\DfuvPvu.exe
  C:\Windows\System\DfuvPvu.exe
  2⤵
  PID:6320
- C:\Windows\System\xUuNNhW.exe
  C:\Windows\System\xUuNNhW.exe
  2⤵
  PID:6344
- C:\Windows\System\KzMRdCA.exe
  C:\Windows\System\KzMRdCA.exe
  2⤵
  PID:6364
- C:\Windows\System\xvLTOOy.exe
  C:\Windows\System\xvLTOOy.exe
  2⤵
  PID:6428
- C:\Windows\System\xdAvsZn.exe
  C:\Windows\System\xdAvsZn.exe
  2⤵
  PID:6444
- C:\Windows\System\GRFoeTH.exe
  C:\Windows\System\GRFoeTH.exe
  2⤵
  PID:6488
- C:\Windows\System\dJLwDAv.exe
  C:\Windows\System\dJLwDAv.exe
  2⤵
  PID:6520
- C:\Windows\System\ccZigXB.exe
  C:\Windows\System\ccZigXB.exe
  2⤵
  PID:6544
- C:\Windows\System\jwAzYNC.exe
  C:\Windows\System\jwAzYNC.exe
  2⤵
  PID:6568
- C:\Windows\System\VEMnLUo.exe
  C:\Windows\System\VEMnLUo.exe
  2⤵
  PID:6608
- C:\Windows\System\eXCVxjY.exe
  C:\Windows\System\eXCVxjY.exe
  2⤵
  PID:6664
- C:\Windows\System\VOtFPfx.exe
  C:\Windows\System\VOtFPfx.exe
  2⤵
  PID:6692
- C:\Windows\System\xKuDepW.exe
  C:\Windows\System\xKuDepW.exe
  2⤵
  PID:6724
- C:\Windows\System\KvCdWhu.exe
  C:\Windows\System\KvCdWhu.exe
  2⤵
  PID:6728
- C:\Windows\System\yXxAsmz.exe
  C:\Windows\System\yXxAsmz.exe
  2⤵
  PID:6792
- C:\Windows\System\pjIvXZC.exe
  C:\Windows\System\pjIvXZC.exe
  2⤵
  PID:6832
- C:\Windows\System\EktlKIS.exe
  C:\Windows\System\EktlKIS.exe
  2⤵
  PID:6844
- C:\Windows\System\HRKSezO.exe
  C:\Windows\System\HRKSezO.exe
  2⤵
  PID:6892
- C:\Windows\System\LumpfXU.exe
  C:\Windows\System\LumpfXU.exe
  2⤵
  PID:6944
- C:\Windows\System\PWpPznT.exe
  C:\Windows\System\PWpPznT.exe
  2⤵
  PID:6948
- C:\Windows\System\SbtilhK.exe
  C:\Windows\System\SbtilhK.exe
  2⤵
  PID:6992
- C:\Windows\System\YhbNHES.exe
  C:\Windows\System\YhbNHES.exe
  2⤵
  PID:7032
- C:\Windows\System\LKhpWJf.exe
  C:\Windows\System\LKhpWJf.exe
  2⤵
  PID:7064
- C:\Windows\System\KZYgzCC.exe
  C:\Windows\System\KZYgzCC.exe
  2⤵
  PID:7084
- C:\Windows\System\moJSrOA.exe
  C:\Windows\System\moJSrOA.exe
  2⤵
  PID:7108
- C:\Windows\System\PxKaDUL.exe
  C:\Windows\System\PxKaDUL.exe
  2⤵
  PID:7148
- C:\Windows\System\fGPjmzp.exe
  C:\Windows\System\fGPjmzp.exe
  2⤵
  PID:5756
- C:\Windows\System\LQQpfqb.exe
  C:\Windows\System\LQQpfqb.exe
  2⤵
  PID:5660
- C:\Windows\System\EQAVzWr.exe
  C:\Windows\System\EQAVzWr.exe
  2⤵
  PID:6088
- C:\Windows\System\UvJkFdl.exe
  C:\Windows\System\UvJkFdl.exe
  2⤵
  PID:4336
- C:\Windows\System\LIZYDlt.exe
  C:\Windows\System\LIZYDlt.exe
  2⤵
  PID:5436
- C:\Windows\System\YNPtYwG.exe
  C:\Windows\System\YNPtYwG.exe
  2⤵
  PID:5320
- C:\Windows\System\ArUDUmn.exe
  C:\Windows\System\ArUDUmn.exe
  2⤵
  PID:6148
- C:\Windows\System\ZNcvQXx.exe
  C:\Windows\System\ZNcvQXx.exe
  2⤵
  PID:6248
- C:\Windows\System\yiywTdQ.exe
  C:\Windows\System\yiywTdQ.exe
  2⤵
  PID:6280
- C:\Windows\System\MyTLhyw.exe
  C:\Windows\System\MyTLhyw.exe
  2⤵
  PID:6324
- C:\Windows\System\WpVPrqA.exe
  C:\Windows\System\WpVPrqA.exe
  2⤵
  PID:6424
- C:\Windows\System\pfvkAQM.exe
  C:\Windows\System\pfvkAQM.exe
  2⤵
  PID:6468
- C:\Windows\System\VwezeHE.exe
  C:\Windows\System\VwezeHE.exe
  2⤵
  PID:6464
- C:\Windows\System\OFSpLvF.exe
  C:\Windows\System\OFSpLvF.exe
  2⤵
  PID:6588
- C:\Windows\System\VsSZSwg.exe
  C:\Windows\System\VsSZSwg.exe
  2⤵
  PID:6624
- C:\Windows\System\gQatJyw.exe
  C:\Windows\System\gQatJyw.exe
  2⤵
  PID:6684
- C:\Windows\System\DvWNffi.exe
  C:\Windows\System\DvWNffi.exe
  2⤵
  PID:6752
- C:\Windows\System\cOiMSxj.exe
  C:\Windows\System\cOiMSxj.exe
  2⤵
  PID:6768
- C:\Windows\System\FcrIGOh.exe
  C:\Windows\System\FcrIGOh.exe
  2⤵
  PID:6804
- C:\Windows\System\uzUJDnP.exe
  C:\Windows\System\uzUJDnP.exe
  2⤵
  PID:6848
- C:\Windows\System\BpfZfLc.exe
  C:\Windows\System\BpfZfLc.exe
  2⤵
  PID:6932
- C:\Windows\System\tAZmfty.exe
  C:\Windows\System\tAZmfty.exe
  2⤵
  PID:7024
- C:\Windows\System\otrmEdu.exe
  C:\Windows\System\otrmEdu.exe
  2⤵
  PID:7004
- C:\Windows\System\MNCNmcD.exe
  C:\Windows\System\MNCNmcD.exe
  2⤵
  PID:7048
- C:\Windows\System\DgMWTJc.exe
  C:\Windows\System\DgMWTJc.exe
  2⤵
  PID:5536
- C:\Windows\System\wYdXZCI.exe
  C:\Windows\System\wYdXZCI.exe
  2⤵
  PID:5908
- C:\Windows\System\gltKCti.exe
  C:\Windows\System\gltKCti.exe
  2⤵
  PID:5836
- C:\Windows\System\HAsCSWy.exe
  C:\Windows\System\HAsCSWy.exe
  2⤵
  PID:5300
- C:\Windows\System\slbRXhm.exe
  C:\Windows\System\slbRXhm.exe
  2⤵
  PID:5360
- C:\Windows\System\jhKOgmq.exe
  C:\Windows\System\jhKOgmq.exe
  2⤵
  PID:6204
- C:\Windows\System\YjaKZsk.exe
  C:\Windows\System\YjaKZsk.exe
  2⤵
  PID:6500
- C:\Windows\System\lhKHtbw.exe
  C:\Windows\System\lhKHtbw.exe
  2⤵
  PID:6348
- C:\Windows\System\aNqJMZt.exe
  C:\Windows\System\aNqJMZt.exe
  2⤵
  PID:6628
- C:\Windows\System\qjABgAa.exe
  C:\Windows\System\qjABgAa.exe
  2⤵
  PID:6440
- C:\Windows\System\mXRqGhV.exe
  C:\Windows\System\mXRqGhV.exe
  2⤵
  PID:6584
- C:\Windows\System\tvXNJgz.exe
  C:\Windows\System\tvXNJgz.exe
  2⤵
  PID:6984
- C:\Windows\System\nxvmNhp.exe
  C:\Windows\System\nxvmNhp.exe
  2⤵
  PID:7112
- C:\Windows\System\lMtqTyJ.exe
  C:\Windows\System\lMtqTyJ.exe
  2⤵
  PID:6812
- C:\Windows\System\PNsrmkh.exe
  C:\Windows\System\PNsrmkh.exe
  2⤵
  PID:6952
- C:\Windows\System\yqayVqi.exe
  C:\Windows\System\yqayVqi.exe
  2⤵
  PID:1612
- C:\Windows\System\TgNTOac.exe
  C:\Windows\System\TgNTOac.exe
  2⤵
  PID:7104
- C:\Windows\System\YkjdvkF.exe
  C:\Windows\System\YkjdvkF.exe
  2⤵
  PID:5944
- C:\Windows\System\TMoRFbx.exe
  C:\Windows\System\TMoRFbx.exe
  2⤵
  PID:6644
- C:\Windows\System\qbbpWrK.exe
  C:\Windows\System\qbbpWrK.exe
  2⤵
  PID:7044
- C:\Windows\System\MpEOXFf.exe
  C:\Windows\System\MpEOXFf.exe
  2⤵
  PID:6200
- C:\Windows\System\lRRKyOl.exe
  C:\Windows\System\lRRKyOl.exe
  2⤵
  PID:6380
- C:\Windows\System\YxmUbsl.exe
  C:\Windows\System\YxmUbsl.exe
  2⤵
  PID:6712
- C:\Windows\System\BzuIPGS.exe
  C:\Windows\System\BzuIPGS.exe
  2⤵
  PID:6888
- C:\Windows\System\aGVTuBZ.exe
  C:\Windows\System\aGVTuBZ.exe
  2⤵
  PID:7176
- C:\Windows\System\ceJJhQs.exe
  C:\Windows\System\ceJJhQs.exe
  2⤵
  PID:7196
- C:\Windows\System\SzoHbRW.exe
  C:\Windows\System\SzoHbRW.exe
  2⤵
  PID:7224
- C:\Windows\System\PnHJAao.exe
  C:\Windows\System\PnHJAao.exe
  2⤵
  PID:7244
- C:\Windows\System\MdSsIrV.exe
  C:\Windows\System\MdSsIrV.exe
  2⤵
  PID:7260
- C:\Windows\System\wlhNdKW.exe
  C:\Windows\System\wlhNdKW.exe
  2⤵
  PID:7284
- C:\Windows\System\BfsylCx.exe
  C:\Windows\System\BfsylCx.exe
  2⤵
  PID:7304
- C:\Windows\System\vMkHjZf.exe
  C:\Windows\System\vMkHjZf.exe
  2⤵
  PID:7320
- C:\Windows\System\nuqiRXW.exe
  C:\Windows\System\nuqiRXW.exe
  2⤵
  PID:7344
- C:\Windows\System\bPLocKi.exe
  C:\Windows\System\bPLocKi.exe
  2⤵
  PID:7360
- C:\Windows\System\ITgNsuC.exe
  C:\Windows\System\ITgNsuC.exe
  2⤵
  PID:7376
- C:\Windows\System\pAaesFt.exe
  C:\Windows\System\pAaesFt.exe
  2⤵
  PID:7396
- C:\Windows\System\ecjcJRd.exe
  C:\Windows\System\ecjcJRd.exe
  2⤵
  PID:7416
- C:\Windows\System\tBMejBV.exe
  C:\Windows\System\tBMejBV.exe
  2⤵
  PID:7440
- C:\Windows\System\kBzdApt.exe
  C:\Windows\System\kBzdApt.exe
  2⤵
  PID:7456
- C:\Windows\System\MTLyjdA.exe
  C:\Windows\System\MTLyjdA.exe
  2⤵
  PID:7480
- C:\Windows\System\rhGgBGx.exe
  C:\Windows\System\rhGgBGx.exe
  2⤵
  PID:7496
- C:\Windows\System\IcHZTIL.exe
  C:\Windows\System\IcHZTIL.exe
  2⤵
  PID:7520
- C:\Windows\System\jNpddQf.exe
  C:\Windows\System\jNpddQf.exe
  2⤵
  PID:7540
- C:\Windows\System\VPhcmvO.exe
  C:\Windows\System\VPhcmvO.exe
  2⤵
  PID:7556
- C:\Windows\System\qmPfcSv.exe
  C:\Windows\System\qmPfcSv.exe
  2⤵
  PID:7572
- C:\Windows\System\vPAfUhc.exe
  C:\Windows\System\vPAfUhc.exe
  2⤵
  PID:7596
- C:\Windows\System\MVuxFvQ.exe
  C:\Windows\System\MVuxFvQ.exe
  2⤵
  PID:7620
- C:\Windows\System\pmXOQYd.exe
  C:\Windows\System\pmXOQYd.exe
  2⤵
  PID:7636
- C:\Windows\System\WrbYxOZ.exe
  C:\Windows\System\WrbYxOZ.exe
  2⤵
  PID:7660
- C:\Windows\System\kwYVMOB.exe
  C:\Windows\System\kwYVMOB.exe
  2⤵
  PID:7680
- C:\Windows\System\JVHJDaR.exe
  C:\Windows\System\JVHJDaR.exe
  2⤵
  PID:7700
- C:\Windows\System\FhlXVJl.exe
  C:\Windows\System\FhlXVJl.exe
  2⤵
  PID:7716
- C:\Windows\System\CnTByJQ.exe
  C:\Windows\System\CnTByJQ.exe
  2⤵
  PID:7732
- C:\Windows\System\myTjKkT.exe
  C:\Windows\System\myTjKkT.exe
  2⤵
  PID:7752
- C:\Windows\System\dbvmLiu.exe
  C:\Windows\System\dbvmLiu.exe
  2⤵
  PID:7776
- C:\Windows\System\knyiPCV.exe
  C:\Windows\System\knyiPCV.exe
  2⤵
  PID:7896
- C:\Windows\System\AQPHvwy.exe
  C:\Windows\System\AQPHvwy.exe
  2⤵
  PID:7916
- C:\Windows\System\ClKFdLC.exe
  C:\Windows\System\ClKFdLC.exe
  2⤵
  PID:7936
- C:\Windows\System\ZvVGKKF.exe
  C:\Windows\System\ZvVGKKF.exe
  2⤵
  PID:7960
- C:\Windows\System\kIDhhgN.exe
  C:\Windows\System\kIDhhgN.exe
  2⤵
  PID:7980
- C:\Windows\System\jgRkROl.exe
  C:\Windows\System\jgRkROl.exe
  2⤵
  PID:8000
- C:\Windows\System\FoVlwRx.exe
  C:\Windows\System\FoVlwRx.exe
  2⤵
  PID:8016
- C:\Windows\System\ZsOJAPj.exe
  C:\Windows\System\ZsOJAPj.exe
  2⤵
  PID:8036
- C:\Windows\System\fnJXDCk.exe
  C:\Windows\System\fnJXDCk.exe
  2⤵
  PID:8052
- C:\Windows\System\aTVZCFz.exe
  C:\Windows\System\aTVZCFz.exe
  2⤵
  PID:8068
- C:\Windows\System\ZeMHgzW.exe
  C:\Windows\System\ZeMHgzW.exe
  2⤵
  PID:8084
- C:\Windows\System\neSkwzA.exe
  C:\Windows\System\neSkwzA.exe
  2⤵
  PID:8100
- C:\Windows\System\wTkVPIP.exe
  C:\Windows\System\wTkVPIP.exe
  2⤵
  PID:8116
- C:\Windows\System\WGFyKVx.exe
  C:\Windows\System\WGFyKVx.exe
  2⤵
  PID:8132
- C:\Windows\System\SZiBAGG.exe
  C:\Windows\System\SZiBAGG.exe
  2⤵
  PID:8148
- C:\Windows\System\sGXDlud.exe
  C:\Windows\System\sGXDlud.exe
  2⤵
  PID:8164
- C:\Windows\System\TcITHvY.exe
  C:\Windows\System\TcITHvY.exe
  2⤵
  PID:8184
- C:\Windows\System\YukXXzU.exe
  C:\Windows\System\YukXXzU.exe
  2⤵
  PID:5476
- C:\Windows\System\zqumvWu.exe
  C:\Windows\System\zqumvWu.exe
  2⤵
  PID:7128
- C:\Windows\System\gHqTUuO.exe
  C:\Windows\System\gHqTUuO.exe
  2⤵
  PID:6508
- C:\Windows\System\ABjwpJj.exe
  C:\Windows\System\ABjwpJj.exe
  2⤵
  PID:6048
- C:\Windows\System\zwfsDUB.exe
  C:\Windows\System\zwfsDUB.exe
  2⤵
  PID:6668
- C:\Windows\System\iYpLauP.exe
  C:\Windows\System\iYpLauP.exe
  2⤵
  PID:7188
- C:\Windows\System\HHLMseA.exe
  C:\Windows\System\HHLMseA.exe
  2⤵
  PID:6408
- C:\Windows\System\VXFGFnn.exe
  C:\Windows\System\VXFGFnn.exe
  2⤵
  PID:7296
- C:\Windows\System\kNUjZkc.exe
  C:\Windows\System\kNUjZkc.exe
  2⤵
  PID:7340
- C:\Windows\System\xPGCMjV.exe
  C:\Windows\System\xPGCMjV.exe
  2⤵
  PID:7236
- C:\Windows\System\YkzuftI.exe
  C:\Windows\System\YkzuftI.exe
  2⤵
  PID:7412
- C:\Windows\System\aVBOBNp.exe
  C:\Windows\System\aVBOBNp.exe
  2⤵
  PID:1836
- C:\Windows\System\wGNWQTT.exe
  C:\Windows\System\wGNWQTT.exe
  2⤵
  PID:7536
- C:\Windows\System\VZzVich.exe
  C:\Windows\System\VZzVich.exe
  2⤵
  PID:7564
- C:\Windows\System\CxBJvlb.exe
  C:\Windows\System\CxBJvlb.exe
  2⤵
  PID:7616
- C:\Windows\System\OEskPzw.exe
  C:\Windows\System\OEskPzw.exe
  2⤵
  PID:7652
- C:\Windows\System\OJxCdKp.exe
  C:\Windows\System\OJxCdKp.exe
  2⤵
  PID:7696
- C:\Windows\System\ijhwghk.exe
  C:\Windows\System\ijhwghk.exe
  2⤵
  PID:7388
- C:\Windows\System\MRSJMte.exe
  C:\Windows\System\MRSJMte.exe
  2⤵
  PID:7764
- C:\Windows\System\TKMidOZ.exe
  C:\Windows\System\TKMidOZ.exe
  2⤵
  PID:7436
- C:\Windows\System\LOmKdEY.exe
  C:\Windows\System\LOmKdEY.exe
  2⤵
  PID:7468
- C:\Windows\System\Czwzgoe.exe
  C:\Windows\System\Czwzgoe.exe
  2⤵
  PID:7708
- C:\Windows\System\yNFPGtg.exe
  C:\Windows\System\yNFPGtg.exe
  2⤵
  PID:2652
- C:\Windows\System\FNOqAvN.exe
  C:\Windows\System\FNOqAvN.exe
  2⤵
  PID:7924
- C:\Windows\System\yVMPREb.exe
  C:\Windows\System\yVMPREb.exe
  2⤵
  PID:2176
- C:\Windows\System\yFkPplv.exe
  C:\Windows\System\yFkPplv.exe
  2⤵
  PID:7944
- C:\Windows\System\YZnrIJU.exe
  C:\Windows\System\YZnrIJU.exe
  2⤵
  PID:1912
- C:\Windows\System\uiqAKEk.exe
  C:\Windows\System\uiqAKEk.exe
  2⤵
  PID:6648
- C:\Windows\System\LohGMBt.exe
  C:\Windows\System\LohGMBt.exe
  2⤵
  PID:8060
- C:\Windows\System\MApQAia.exe
  C:\Windows\System\MApQAia.exe
  2⤵
  PID:7824
- C:\Windows\System\mhSmDvC.exe
  C:\Windows\System\mhSmDvC.exe
  2⤵
  PID:6732
- C:\Windows\System\PrrpHXz.exe
  C:\Windows\System\PrrpHXz.exe
  2⤵
  PID:7328
- C:\Windows\System\GwyWPaw.exe
  C:\Windows\System\GwyWPaw.exe
  2⤵
  PID:2108
- C:\Windows\System\UuxDGeU.exe
  C:\Windows\System\UuxDGeU.exe
  2⤵
  PID:7268
- C:\Windows\System\sIlbWdJ.exe
  C:\Windows\System\sIlbWdJ.exe
  2⤵
  PID:7728
- C:\Windows\System\eSvghHS.exe
  C:\Windows\System\eSvghHS.exe
  2⤵
  PID:7828
- C:\Windows\System\fWRgoHO.exe
  C:\Windows\System\fWRgoHO.exe
  2⤵
  PID:2916
- C:\Windows\System\CpnsaAq.exe
  C:\Windows\System\CpnsaAq.exe
  2⤵
  PID:8176
- C:\Windows\System\EfClrug.exe
  C:\Windows\System\EfClrug.exe
  2⤵
  PID:6868
- C:\Windows\System\UdqrRVG.exe
  C:\Windows\System\UdqrRVG.exe
  2⤵
  PID:7216
- C:\Windows\System\jUyuBMS.exe
  C:\Windows\System\jUyuBMS.exe
  2⤵
  PID:7292
- C:\Windows\System\mEBdbfM.exe
  C:\Windows\System\mEBdbfM.exe
  2⤵
  PID:7280
- C:\Windows\System\vGYRGej.exe
  C:\Windows\System\vGYRGej.exe
  2⤵
  PID:7356
- C:\Windows\System\hucHdbS.exe
  C:\Windows\System\hucHdbS.exe
  2⤵
  PID:7428
- C:\Windows\System\CvTnDyU.exe
  C:\Windows\System\CvTnDyU.exe
  2⤵
  PID:8008
- C:\Windows\System\aqelLuQ.exe
  C:\Windows\System\aqelLuQ.exe
  2⤵
  PID:8144
- C:\Windows\System\JBEobeD.exe
  C:\Windows\System\JBEobeD.exe
  2⤵
  PID:8044
- C:\Windows\System\TdJNJRu.exe
  C:\Windows\System\TdJNJRu.exe
  2⤵
  PID:7788
- C:\Windows\System\qBSDdjp.exe
  C:\Windows\System\qBSDdjp.exe
  2⤵
  PID:7744
- C:\Windows\System\rRNCXMu.exe
  C:\Windows\System\rRNCXMu.exe
  2⤵
  PID:532
- C:\Windows\System\zhGmnSm.exe
  C:\Windows\System\zhGmnSm.exe
  2⤵
  PID:2628
- C:\Windows\System\vBXLdeJ.exe
  C:\Windows\System\vBXLdeJ.exe
  2⤵
  PID:7996
- C:\Windows\System\kZPyYQa.exe
  C:\Windows\System\kZPyYQa.exe
  2⤵
  PID:2768
- C:\Windows\System\SwWsWHA.exe
  C:\Windows\System\SwWsWHA.exe
  2⤵
  PID:6128
- C:\Windows\System\DOfEOwf.exe
  C:\Windows\System\DOfEOwf.exe
  2⤵
  PID:7404
- C:\Windows\System\QqSwxgX.exe
  C:\Windows\System\QqSwxgX.exe
  2⤵
  PID:7612
- C:\Windows\System\WzLFDje.exe
  C:\Windows\System\WzLFDje.exe
  2⤵
  PID:7352
- C:\Windows\System\dZeqHrd.exe
  C:\Windows\System\dZeqHrd.exe
  2⤵
  PID:2408
- C:\Windows\System\EILNhAo.exe
  C:\Windows\System\EILNhAo.exe
  2⤵
  PID:7976
- C:\Windows\System\RhQxXYr.exe
  C:\Windows\System\RhQxXYr.exe
  2⤵
  PID:7472
- C:\Windows\System\CIyVKuZ.exe
  C:\Windows\System\CIyVKuZ.exe
  2⤵
  PID:7208
- C:\Windows\System\ysQqvbZ.exe
  C:\Windows\System\ysQqvbZ.exe
  2⤵
  PID:7372
- C:\Windows\System\YwRDvvR.exe
  C:\Windows\System\YwRDvvR.exe
  2⤵
  PID:7820
- C:\Windows\System\LNqUpKW.exe
  C:\Windows\System\LNqUpKW.exe
  2⤵
  PID:8108
- C:\Windows\System\mjumcyX.exe
  C:\Windows\System\mjumcyX.exe
  2⤵
  PID:2732
- C:\Windows\System\GLceTgk.exe
  C:\Windows\System\GLceTgk.exe
  2⤵
  PID:7368
- C:\Windows\System\tVRKxDE.exe
  C:\Windows\System\tVRKxDE.exe
  2⤵
  PID:2764
- C:\Windows\System\rWnJzwe.exe
  C:\Windows\System\rWnJzwe.exe
  2⤵
  PID:2672
- C:\Windows\System\tAWMmCL.exe
  C:\Windows\System\tAWMmCL.exe
  2⤵
  PID:8180
- C:\Windows\System\WbGmHgR.exe
  C:\Windows\System\WbGmHgR.exe
  2⤵
  PID:8128
- C:\Windows\System\bAXWHJh.exe
  C:\Windows\System\bAXWHJh.exe
  2⤵
  PID:8096
- C:\Windows\System\mYTNmMI.exe
  C:\Windows\System\mYTNmMI.exe
  2⤵
  PID:2832
- C:\Windows\System\cRXyCPa.exe
  C:\Windows\System\cRXyCPa.exe
  2⤵
  PID:7464
- C:\Windows\System\gPUeNZu.exe
  C:\Windows\System\gPUeNZu.exe
  2⤵
  PID:2940
- C:\Windows\System\jOBdxuU.exe
  C:\Windows\System\jOBdxuU.exe
  2⤵
  PID:7312
- C:\Windows\System\qORJCgr.exe
  C:\Windows\System\qORJCgr.exe
  2⤵
  PID:7392
- C:\Windows\System\DZZMcow.exe
  C:\Windows\System\DZZMcow.exe
  2⤵
  PID:7656
- C:\Windows\System\dxKyIec.exe
  C:\Windows\System\dxKyIec.exe
  2⤵
  PID:2876
- C:\Windows\System\VZlTqQv.exe
  C:\Windows\System\VZlTqQv.exe
  2⤵
  PID:7932
- C:\Windows\System\eCNCPMQ.exe
  C:\Windows\System\eCNCPMQ.exe
  2⤵
  PID:2724
- C:\Windows\System\eMqeXrY.exe
  C:\Windows\System\eMqeXrY.exe
  2⤵
  PID:2792
- C:\Windows\System\VSDyLGJ.exe
  C:\Windows\System\VSDyLGJ.exe
  2⤵
  PID:5716
- C:\Windows\System\lBGqRRo.exe
  C:\Windows\System\lBGqRRo.exe
  2⤵
  PID:2452
- C:\Windows\System\UFjEAfZ.exe
  C:\Windows\System\UFjEAfZ.exe
  2⤵
  PID:8112
- C:\Windows\System\pbdUGsP.exe
  C:\Windows\System\pbdUGsP.exe
  2⤵
  PID:7972
- C:\Windows\System\JMLiKtw.exe
  C:\Windows\System\JMLiKtw.exe
  2⤵
  PID:2836
- C:\Windows\System\DAmNZix.exe
  C:\Windows\System\DAmNZix.exe
  2⤵
  PID:2368
- C:\Windows\System\cPYMVoJ.exe
  C:\Windows\System\cPYMVoJ.exe
  2⤵
  PID:7028
- C:\Windows\System\iMTJkTX.exe
  C:\Windows\System\iMTJkTX.exe
  2⤵
  PID:2780
- C:\Windows\System\GZHJeXI.exe
  C:\Windows\System\GZHJeXI.exe
  2⤵
  PID:976
- C:\Windows\System\nUxHwtm.exe
  C:\Windows\System\nUxHwtm.exe
  2⤵
  PID:7628
- C:\Windows\System\HZfCCVN.exe
  C:\Windows\System\HZfCCVN.exe
  2⤵
  PID:7424
- C:\Windows\System\axWWsVB.exe
  C:\Windows\System\axWWsVB.exe
  2⤵
  PID:7956
- C:\Windows\System\MrjeUQe.exe
  C:\Windows\System\MrjeUQe.exe
  2⤵
  PID:6864
- C:\Windows\System\ZFjnsSd.exe
  C:\Windows\System\ZFjnsSd.exe
  2⤵
  PID:7992
- C:\Windows\System\URBOLoH.exe
  C:\Windows\System\URBOLoH.exe
  2⤵
  PID:2496
- C:\Windows\System\mmwtUAG.exe
  C:\Windows\System\mmwtUAG.exe
  2⤵
  PID:5900
- C:\Windows\System\iJvhywe.exe
  C:\Windows\System\iJvhywe.exe
  2⤵
  PID:8268
- C:\Windows\System\fcsEINY.exe
  C:\Windows\System\fcsEINY.exe
  2⤵
  PID:8284
- C:\Windows\System\jVaETJU.exe
  C:\Windows\System\jVaETJU.exe
  2⤵
  PID:8300
- C:\Windows\System\CvCYdra.exe
  C:\Windows\System\CvCYdra.exe
  2⤵
  PID:8320
- C:\Windows\System\oCTznFH.exe
  C:\Windows\System\oCTznFH.exe
  2⤵
  PID:8336
- C:\Windows\System\FsXAMLX.exe
  C:\Windows\System\FsXAMLX.exe
  2⤵
  PID:8352
- C:\Windows\System\MxIHZpV.exe
  C:\Windows\System\MxIHZpV.exe
  2⤵
  PID:8368
- C:\Windows\System\cUHwjUC.exe
  C:\Windows\System\cUHwjUC.exe
  2⤵
  PID:8384
- C:\Windows\System\eVcUuGP.exe
  C:\Windows\System\eVcUuGP.exe
  2⤵
  PID:8400
- C:\Windows\System\LZfUuBZ.exe
  C:\Windows\System\LZfUuBZ.exe
  2⤵
  PID:8416
- C:\Windows\System\RzwrLvF.exe
  C:\Windows\System\RzwrLvF.exe
  2⤵
  PID:8432
- C:\Windows\System\PBvbzva.exe
  C:\Windows\System\PBvbzva.exe
  2⤵
  PID:8448
- C:\Windows\System\XOJoGGM.exe
  C:\Windows\System\XOJoGGM.exe
  2⤵
  PID:8464
- C:\Windows\System\xzHCcrD.exe
  C:\Windows\System\xzHCcrD.exe
  2⤵
  PID:8480
- C:\Windows\System\woorDEA.exe
  C:\Windows\System\woorDEA.exe
  2⤵
  PID:8496
- C:\Windows\System\cJFnqPg.exe
  C:\Windows\System\cJFnqPg.exe
  2⤵
  PID:8512
- C:\Windows\System\FLHhKYw.exe
  C:\Windows\System\FLHhKYw.exe
  2⤵
  PID:8528
- C:\Windows\System\vvGgQmo.exe
  C:\Windows\System\vvGgQmo.exe
  2⤵
  PID:8544
- C:\Windows\System\qGEBLaN.exe
  C:\Windows\System\qGEBLaN.exe
  2⤵
  PID:8560
- C:\Windows\System\OoMbLXw.exe
  C:\Windows\System\OoMbLXw.exe
  2⤵
  PID:8576
- C:\Windows\System\fXUzree.exe
  C:\Windows\System\fXUzree.exe
  2⤵
  PID:8592
- C:\Windows\System\UtGUOti.exe
  C:\Windows\System\UtGUOti.exe
  2⤵
  PID:8608
- C:\Windows\System\CTLTWtr.exe
  C:\Windows\System\CTLTWtr.exe
  2⤵
  PID:8624
- C:\Windows\System\KGftnfA.exe
  C:\Windows\System\KGftnfA.exe
  2⤵
  PID:8640
- C:\Windows\System\qiLAGTN.exe
  C:\Windows\System\qiLAGTN.exe
  2⤵
  PID:8660
- C:\Windows\System\ENrlfel.exe
  C:\Windows\System\ENrlfel.exe
  2⤵
  PID:8676
- C:\Windows\System\afCakWO.exe
  C:\Windows\System\afCakWO.exe
  2⤵
  PID:8692
- C:\Windows\System\UhnOWdS.exe
  C:\Windows\System\UhnOWdS.exe
  2⤵
  PID:8708
- C:\Windows\System\BPzeMmT.exe
  C:\Windows\System\BPzeMmT.exe
  2⤵
  PID:8724
- C:\Windows\System\oSgprgk.exe
  C:\Windows\System\oSgprgk.exe
  2⤵
  PID:8740
- C:\Windows\System\mzGhARQ.exe
  C:\Windows\System\mzGhARQ.exe
  2⤵
  PID:8756
- C:\Windows\System\oTWtTwM.exe
  C:\Windows\System\oTWtTwM.exe
  2⤵
  PID:8772
- C:\Windows\System\LBdQnar.exe
  C:\Windows\System\LBdQnar.exe
  2⤵
  PID:8788
- C:\Windows\System\bMYwUvQ.exe
  C:\Windows\System\bMYwUvQ.exe
  2⤵
  PID:8804
- C:\Windows\System\SXsaodJ.exe
  C:\Windows\System\SXsaodJ.exe
  2⤵
  PID:8820
- C:\Windows\System\ROkgNsq.exe
  C:\Windows\System\ROkgNsq.exe
  2⤵
  PID:8836
- C:\Windows\System\TagwiEa.exe
  C:\Windows\System\TagwiEa.exe
  2⤵
  PID:8852
- C:\Windows\System\EBZohWm.exe
  C:\Windows\System\EBZohWm.exe
  2⤵
  PID:8872
- C:\Windows\System\FgdeKAH.exe
  C:\Windows\System\FgdeKAH.exe
  2⤵
  PID:8888
- C:\Windows\System\FxsjxwA.exe
  C:\Windows\System\FxsjxwA.exe
  2⤵
  PID:8928
- C:\Windows\System\tFdwqjU.exe
  C:\Windows\System\tFdwqjU.exe
  2⤵
  PID:8960
- C:\Windows\System\EujgavC.exe
  C:\Windows\System\EujgavC.exe
  2⤵
  PID:8976
- C:\Windows\System\Obqjhto.exe
  C:\Windows\System\Obqjhto.exe
  2⤵
  PID:8992
- C:\Windows\System\bhYadwv.exe
  C:\Windows\System\bhYadwv.exe
  2⤵
  PID:9008
- C:\Windows\System\aRqLkPp.exe
  C:\Windows\System\aRqLkPp.exe
  2⤵
  PID:9024
- C:\Windows\System\LhOuXEf.exe
  C:\Windows\System\LhOuXEf.exe
  2⤵
  PID:9040
- C:\Windows\System\QatHDFh.exe
  C:\Windows\System\QatHDFh.exe
  2⤵
  PID:9056
- C:\Windows\System\CWsiLDq.exe
  C:\Windows\System\CWsiLDq.exe
  2⤵
  PID:9072
- C:\Windows\System\rHdmKnz.exe
  C:\Windows\System\rHdmKnz.exe
  2⤵
  PID:9092
- C:\Windows\System\AnWCiUf.exe
  C:\Windows\System\AnWCiUf.exe
  2⤵
  PID:9108
- C:\Windows\System\FkfqBqY.exe
  C:\Windows\System\FkfqBqY.exe
  2⤵
  PID:9160
- C:\Windows\System\MTTUXkA.exe
  C:\Windows\System\MTTUXkA.exe
  2⤵
  PID:9176
- C:\Windows\System\QlPmevG.exe
  C:\Windows\System\QlPmevG.exe
  2⤵
  PID:9196
- C:\Windows\System\tSdPmpa.exe
  C:\Windows\System\tSdPmpa.exe
  2⤵
  PID:9212
- C:\Windows\System\anMpLVR.exe
  C:\Windows\System\anMpLVR.exe
  2⤵
  PID:8200
- C:\Windows\System\yzzMxLb.exe
  C:\Windows\System\yzzMxLb.exe
  2⤵
  PID:8208
- C:\Windows\System\RfSSTYm.exe
  C:\Windows\System\RfSSTYm.exe
  2⤵
  PID:2540
- C:\Windows\System\PWXiIcS.exe
  C:\Windows\System\PWXiIcS.exe
  2⤵
  PID:8240
- C:\Windows\System\dqtNcLK.exe
  C:\Windows\System\dqtNcLK.exe
  2⤵
  PID:8296
- C:\Windows\System\QYthDFD.exe
  C:\Windows\System\QYthDFD.exe
  2⤵
  PID:8376
- C:\Windows\System\ruLWeku.exe
  C:\Windows\System\ruLWeku.exe
  2⤵
  PID:8412
- C:\Windows\System\fdIRYmo.exe
  C:\Windows\System\fdIRYmo.exe
  2⤵
  PID:8360
- C:\Windows\System\wYXWvRk.exe
  C:\Windows\System\wYXWvRk.exe
  2⤵
  PID:8424
- C:\Windows\System\TUmJWUf.exe
  C:\Windows\System\TUmJWUf.exe
  2⤵
  PID:8476
- C:\Windows\System\LWfEGZd.exe
  C:\Windows\System\LWfEGZd.exe
  2⤵
  PID:8540
- C:\Windows\System\duirDNw.exe
  C:\Windows\System\duirDNw.exe
  2⤵
  PID:8552
- C:\Windows\System\MHaeagu.exe
  C:\Windows\System\MHaeagu.exe
  2⤵
  PID:8488
- C:\Windows\System\jiivmqn.exe
  C:\Windows\System\jiivmqn.exe
  2⤵
  PID:8684
- C:\Windows\System\znPKVkg.exe
  C:\Windows\System\znPKVkg.exe
  2⤵
  PID:8620
- C:\Windows\System\ZZJRflC.exe
  C:\Windows\System\ZZJRflC.exe
  2⤵
  PID:8752
- C:\Windows\System\iDxpixE.exe
  C:\Windows\System\iDxpixE.exe
  2⤵
  PID:8600
- C:\Windows\System\ZkUrfSZ.exe
  C:\Windows\System\ZkUrfSZ.exe
  2⤵
  PID:8668
- C:\Windows\System\wIjdNek.exe
  C:\Windows\System\wIjdNek.exe
  2⤵
  PID:8736
- C:\Windows\System\RFCFyIx.exe
  C:\Windows\System\RFCFyIx.exe
  2⤵
  PID:8796
- C:\Windows\System\RUOxLFM.exe
  C:\Windows\System\RUOxLFM.exe
  2⤵
  PID:8828
- C:\Windows\System\vsJFwkW.exe
  C:\Windows\System\vsJFwkW.exe
  2⤵
  PID:8896
- C:\Windows\System\PGuDHrf.exe
  C:\Windows\System\PGuDHrf.exe
  2⤵
  PID:8912
- C:\Windows\System\OUfFYeX.exe
  C:\Windows\System\OUfFYeX.exe
  2⤵
  PID:8028
- C:\Windows\System\joqTlrr.exe
  C:\Windows\System\joqTlrr.exe
  2⤵
  PID:8968
- C:\Windows\System\TpCnhaK.exe
  C:\Windows\System\TpCnhaK.exe
  2⤵
  PID:9000
- C:\Windows\System\GSlutZv.exe
  C:\Windows\System\GSlutZv.exe
  2⤵
  PID:9052
- C:\Windows\System\tMhZNlr.exe
  C:\Windows\System\tMhZNlr.exe
  2⤵
  PID:9080
- C:\Windows\System\dSCrfnP.exe
  C:\Windows\System\dSCrfnP.exe
  2⤵
  PID:9156
- C:\Windows\System\LkHaCoI.exe
  C:\Windows\System\LkHaCoI.exe
  2⤵
  PID:9116
- C:\Windows\System\UKnESzf.exe
  C:\Windows\System\UKnESzf.exe
  2⤵
  PID:9124
- C:\Windows\System\aWdFRxI.exe
  C:\Windows\System\aWdFRxI.exe
  2⤵
  PID:9136
- C:\Windows\System\DOXtICH.exe
  C:\Windows\System\DOXtICH.exe
  2⤵
  PID:9184
- C:\Windows\System\WlfeRYp.exe
  C:\Windows\System\WlfeRYp.exe
  2⤵
  PID:9208
- C:\Windows\System\eYYUFPe.exe
  C:\Windows\System\eYYUFPe.exe
  2⤵
  PID:2988
- C:\Windows\System\RbxPJCk.exe
  C:\Windows\System\RbxPJCk.exe
  2⤵
  PID:2688
- C:\Windows\System\nNkvLBJ.exe
  C:\Windows\System\nNkvLBJ.exe
  2⤵
  PID:8160
- C:\Windows\System\kKyXJRJ.exe
  C:\Windows\System\kKyXJRJ.exe
  2⤵
  PID:8224
- C:\Windows\System\Rtjgfvw.exe
  C:\Windows\System\Rtjgfvw.exe
  2⤵
  PID:1492
- C:\Windows\System\ZfoDCka.exe
  C:\Windows\System\ZfoDCka.exe
  2⤵
  PID:8260
- C:\Windows\System\uXRUCUo.exe
  C:\Windows\System\uXRUCUo.exe
  2⤵
  PID:8292
- C:\Windows\System\qrzYkKB.exe
  C:\Windows\System\qrzYkKB.exe
  2⤵
  PID:8264
- C:\Windows\System\WtZBfvv.exe
  C:\Windows\System\WtZBfvv.exe
  2⤵
  PID:8308
- C:\Windows\System\gleBybw.exe
  C:\Windows\System\gleBybw.exe
  2⤵
  PID:8460
- C:\Windows\System\ZrPImXm.exe
  C:\Windows\System\ZrPImXm.exe
  2⤵
  PID:8456
- C:\Windows\System\XWOSEKi.exe
  C:\Windows\System\XWOSEKi.exe
  2⤵
  PID:8408
- C:\Windows\System\AJssYBK.exe
  C:\Windows\System\AJssYBK.exe
  2⤵
  PID:8588
- C:\Windows\System\wajzZhe.exe
  C:\Windows\System\wajzZhe.exe
  2⤵
  PID:8780
- C:\Windows\System\TtZNPYT.exe
  C:\Windows\System\TtZNPYT.exe
  2⤵
  PID:8816
- C:\Windows\System\eIGQmvc.exe
  C:\Windows\System\eIGQmvc.exe
  2⤵
  PID:8584
- C:\Windows\System\cZGUrsr.exe
  C:\Windows\System\cZGUrsr.exe
  2⤵
  PID:8524
- C:\Windows\System\LbLlsAk.exe
  C:\Windows\System\LbLlsAk.exe
  2⤵
  PID:8844
- C:\Windows\System\KDIbunE.exe
  C:\Windows\System\KDIbunE.exe
  2⤵
  PID:8864
- C:\Windows\System\WkiaNpj.exe
  C:\Windows\System\WkiaNpj.exe
  2⤵
  PID:8940
- C:\Windows\System\TdchDtG.exe
  C:\Windows\System\TdchDtG.exe
  2⤵
  PID:7512
- C:\Windows\System\dZRlNmy.exe
  C:\Windows\System\dZRlNmy.exe
  2⤵
  PID:9064
- C:\Windows\System\MvtfUOb.exe
  C:\Windows\System\MvtfUOb.exe
  2⤵
  PID:9148
- C:\Windows\System\KrnDYQn.exe
  C:\Windows\System\KrnDYQn.exe
  2⤵
  PID:7252
- C:\Windows\System\bZudhnm.exe
  C:\Windows\System\bZudhnm.exe
  2⤵
  PID:8248
- C:\Windows\System\FWUBvbS.exe
  C:\Windows\System\FWUBvbS.exe
  2⤵
  PID:8900
- C:\Windows\System\GuAlUCO.exe
  C:\Windows\System\GuAlUCO.exe
  2⤵
  PID:8748
- C:\Windows\System\GUQGInX.exe
  C:\Windows\System\GUQGInX.exe
  2⤵
  PID:8196
- C:\Windows\System\LCtngKS.exe
  C:\Windows\System\LCtngKS.exe
  2⤵
  PID:9168
- C:\Windows\System\rzJaKpZ.exe
  C:\Windows\System\rzJaKpZ.exe
  2⤵
  PID:8396
- C:\Windows\System\qArMEya.exe
  C:\Windows\System\qArMEya.exe
  2⤵
  PID:8632
- C:\Windows\System\iKQTUVR.exe
  C:\Windows\System\iKQTUVR.exe
  2⤵
  PID:8948
- C:\Windows\System\muAFgGi.exe
  C:\Windows\System\muAFgGi.exe
  2⤵
  PID:9100
- C:\Windows\System\KYbswKz.exe
  C:\Windows\System\KYbswKz.exe
  2⤵
  PID:9172
- C:\Windows\System\SQoNVjG.exe
  C:\Windows\System\SQoNVjG.exe
  2⤵
  PID:9088
- C:\Windows\System\zswXzIS.exe
  C:\Windows\System\zswXzIS.exe
  2⤵
  PID:8220
- C:\Windows\System\nMrFuKV.exe
  C:\Windows\System\nMrFuKV.exe
  2⤵
  PID:8232
- C:\Windows\System\hIrnZti.exe
  C:\Windows\System\hIrnZti.exe
  2⤵
  PID:8520
- C:\Windows\System\xtogcRb.exe
  C:\Windows\System\xtogcRb.exe
  2⤵
  PID:8472
- C:\Windows\System\nuSBiGX.exe
  C:\Windows\System\nuSBiGX.exe
  2⤵
  PID:8880
- C:\Windows\System\dBjTqiS.exe
  C:\Windows\System\dBjTqiS.exe
  2⤵
  PID:2160
- C:\Windows\System\geANVRp.exe
  C:\Windows\System\geANVRp.exe
  2⤵
  PID:2968
- C:\Windows\System\NZHAQRH.exe
  C:\Windows\System\NZHAQRH.exe
  2⤵
  PID:8276
- C:\Windows\System\aOBwviF.exe
  C:\Windows\System\aOBwviF.exe
  2⤵
  PID:8316
- C:\Windows\System\KgJaKsL.exe
  C:\Windows\System\KgJaKsL.exe
  2⤵
  PID:8944
- C:\Windows\System\ChEaYYL.exe
  C:\Windows\System\ChEaYYL.exe
  2⤵
  PID:1848
- C:\Windows\System\bvVqiZZ.exe
  C:\Windows\System\bvVqiZZ.exe
  2⤵
  PID:9084
- C:\Windows\System\CzGmeys.exe
  C:\Windows\System\CzGmeys.exe
  2⤵
  PID:8280
- C:\Windows\System\gRtJhly.exe
  C:\Windows\System\gRtJhly.exe
  2⤵
  PID:9152
- C:\Windows\System\xLphyrO.exe
  C:\Windows\System\xLphyrO.exe
  2⤵
  PID:8956
- C:\Windows\System\VQEGBEN.exe
  C:\Windows\System\VQEGBEN.exe
  2⤵
  PID:8212
- C:\Windows\System\ppDLtYO.exe
  C:\Windows\System\ppDLtYO.exe
  2⤵
  PID:9232
- C:\Windows\System\sFsPnSK.exe
  C:\Windows\System\sFsPnSK.exe
  2⤵
  PID:9260
- C:\Windows\System\uOQpaHB.exe
  C:\Windows\System\uOQpaHB.exe
  2⤵
  PID:9280
- C:\Windows\System\YfCqfNs.exe
  C:\Windows\System\YfCqfNs.exe
  2⤵
  PID:9296
- C:\Windows\System\JhLYyar.exe
  C:\Windows\System\JhLYyar.exe
  2⤵
  PID:9316
- C:\Windows\System\djRedJm.exe
  C:\Windows\System\djRedJm.exe
  2⤵
  PID:9332
- C:\Windows\System\pSPpfPg.exe
  C:\Windows\System\pSPpfPg.exe
  2⤵
  PID:9348
- C:\Windows\System\YCOeFHJ.exe
  C:\Windows\System\YCOeFHJ.exe
  2⤵
  PID:9364
- C:\Windows\System\GyqodZc.exe
  C:\Windows\System\GyqodZc.exe
  2⤵
  PID:9380
- C:\Windows\System\RAPEfpP.exe
  C:\Windows\System\RAPEfpP.exe
  2⤵
  PID:9396
- C:\Windows\System\osBjNOB.exe
  C:\Windows\System\osBjNOB.exe
  2⤵
  PID:9440
- C:\Windows\System\DuiuJyh.exe
  C:\Windows\System\DuiuJyh.exe
  2⤵
  PID:9460
- C:\Windows\System\CDJoRfB.exe
  C:\Windows\System\CDJoRfB.exe
  2⤵
  PID:9476
- C:\Windows\System\gEAShKA.exe
  C:\Windows\System\gEAShKA.exe
  2⤵
  PID:9492
- C:\Windows\System\xmvUbvf.exe
  C:\Windows\System\xmvUbvf.exe
  2⤵
  PID:9512
- C:\Windows\System\xqQhppu.exe
  C:\Windows\System\xqQhppu.exe
  2⤵
  PID:9528
- C:\Windows\System\juZVJIg.exe
  C:\Windows\System\juZVJIg.exe
  2⤵
  PID:9544
- C:\Windows\System\RrYCshc.exe
  C:\Windows\System\RrYCshc.exe
  2⤵
  PID:9568
- C:\Windows\System\RglqudL.exe
  C:\Windows\System\RglqudL.exe
  2⤵
  PID:9588
- C:\Windows\System\lZYqMmJ.exe
  C:\Windows\System\lZYqMmJ.exe
  2⤵
  PID:9604
- C:\Windows\System\RedREuU.exe
  C:\Windows\System\RedREuU.exe
  2⤵
  PID:9624
- C:\Windows\System\rWNRgYg.exe
  C:\Windows\System\rWNRgYg.exe
  2⤵
  PID:9664
- C:\Windows\System\GbHEQTK.exe
  C:\Windows\System\GbHEQTK.exe
  2⤵
  PID:9680
- C:\Windows\System\ErDeDCn.exe
  C:\Windows\System\ErDeDCn.exe
  2⤵
  PID:9696
- C:\Windows\System\kzPKDnS.exe
  C:\Windows\System\kzPKDnS.exe
  2⤵
  PID:9712
- C:\Windows\System\dHogzMU.exe
  C:\Windows\System\dHogzMU.exe
  2⤵
  PID:9728
- C:\Windows\System\BenPnON.exe
  C:\Windows\System\BenPnON.exe
  2⤵
  PID:9748
- C:\Windows\System\TjxPvPx.exe
  C:\Windows\System\TjxPvPx.exe
  2⤵
  PID:9768
- C:\Windows\System\bAZeWfc.exe
  C:\Windows\System\bAZeWfc.exe
  2⤵
  PID:9784
- C:\Windows\System\hqBQxpU.exe
  C:\Windows\System\hqBQxpU.exe
  2⤵
  PID:9824
- C:\Windows\System\YyDEHIk.exe
  C:\Windows\System\YyDEHIk.exe
  2⤵
  PID:9844
- C:\Windows\System\zDfTxsT.exe
  C:\Windows\System\zDfTxsT.exe
  2⤵
  PID:9864
- C:\Windows\System\TPgweNb.exe
  C:\Windows\System\TPgweNb.exe
  2⤵
  PID:9884
- C:\Windows\System\wMaXjli.exe
  C:\Windows\System\wMaXjli.exe
  2⤵
  PID:9900
- C:\Windows\System\gEEJOlI.exe
  C:\Windows\System\gEEJOlI.exe
  2⤵
  PID:9916
- C:\Windows\System\mSjFsCi.exe
  C:\Windows\System\mSjFsCi.exe
  2⤵
  PID:9932
- C:\Windows\System\bdbcgXg.exe
  C:\Windows\System\bdbcgXg.exe
  2⤵
  PID:9948
- C:\Windows\System\Vxmegyn.exe
  C:\Windows\System\Vxmegyn.exe
  2⤵
  PID:9976
- C:\Windows\System\APWmMNv.exe
  C:\Windows\System\APWmMNv.exe
  2⤵
  PID:9992
- C:\Windows\System\vUuwhso.exe
  C:\Windows\System\vUuwhso.exe
  2⤵
  PID:10008
- C:\Windows\System\GjpDBaK.exe
  C:\Windows\System\GjpDBaK.exe
  2⤵
  PID:10024
- C:\Windows\System\SGwkkoS.exe
  C:\Windows\System\SGwkkoS.exe
  2⤵
  PID:10040
- C:\Windows\System\UYyKTLE.exe
  C:\Windows\System\UYyKTLE.exe
  2⤵
  PID:10056
- C:\Windows\System\cTGWmSN.exe
  C:\Windows\System\cTGWmSN.exe
  2⤵
  PID:10072
- C:\Windows\System\GwGPcpD.exe
  C:\Windows\System\GwGPcpD.exe
  2⤵
  PID:10088
- C:\Windows\System\NLKnWPz.exe
  C:\Windows\System\NLKnWPz.exe
  2⤵
  PID:10104
- C:\Windows\System\qtSAIgR.exe
  C:\Windows\System\qtSAIgR.exe
  2⤵
  PID:10120
- C:\Windows\System\jFtJokB.exe
  C:\Windows\System\jFtJokB.exe
  2⤵
  PID:10140
- C:\Windows\System\geHvbre.exe
  C:\Windows\System\geHvbre.exe
  2⤵
  PID:10156
- C:\Windows\System\DyJKkBP.exe
  C:\Windows\System\DyJKkBP.exe
  2⤵
  PID:10172
- C:\Windows\System\MfreZAr.exe
  C:\Windows\System\MfreZAr.exe
  2⤵
  PID:10188
- C:\Windows\System\NnRRUpi.exe
  C:\Windows\System\NnRRUpi.exe
  2⤵
  PID:10204
- C:\Windows\System\fzSNNlW.exe
  C:\Windows\System\fzSNNlW.exe
  2⤵
  PID:10220
- C:\Windows\System\BxiETfY.exe
  C:\Windows\System\BxiETfY.exe
  2⤵
  PID:10236
- C:\Windows\System\uvwijRP.exe
  C:\Windows\System\uvwijRP.exe
  2⤵
  PID:9016
- C:\Windows\System\OnCODbI.exe
  C:\Windows\System\OnCODbI.exe
  2⤵
  PID:9252
- C:\Windows\System\EsvogRd.exe
  C:\Windows\System\EsvogRd.exe
  2⤵
  PID:9276
- C:\Windows\System\BgwyQty.exe
  C:\Windows\System\BgwyQty.exe
  2⤵
  PID:9356
- C:\Windows\System\nRkkfKs.exe
  C:\Windows\System\nRkkfKs.exe
  2⤵
  PID:9344
- C:\Windows\System\aFtmTAz.exe
  C:\Windows\System\aFtmTAz.exe
  2⤵
  PID:9448
- C:\Windows\System\bKuaGXN.exe
  C:\Windows\System\bKuaGXN.exe
  2⤵
  PID:9404
- C:\Windows\System\PbaoIUJ.exe
  C:\Windows\System\PbaoIUJ.exe
  2⤵
  PID:9408
- C:\Windows\System\nHmYORV.exe
  C:\Windows\System\nHmYORV.exe
  2⤵
  PID:9484
- C:\Windows\System\OAglRtW.exe
  C:\Windows\System\OAglRtW.exe
  2⤵
  PID:9560
- C:\Windows\System\tjYaqbb.exe
  C:\Windows\System\tjYaqbb.exe
  2⤵
  PID:9472
- C:\Windows\System\xsTEwzc.exe
  C:\Windows\System\xsTEwzc.exe
  2⤵
  PID:9640
- C:\Windows\System\jWmhOJH.exe
  C:\Windows\System\jWmhOJH.exe
  2⤵
  PID:9692
- C:\Windows\System\XaOoiHG.exe
  C:\Windows\System\XaOoiHG.exe
  2⤵
  PID:9504
- C:\Windows\System\zYGShvH.exe
  C:\Windows\System\zYGShvH.exe
  2⤵
  PID:9580
- C:\Windows\System\eChVggz.exe
  C:\Windows\System\eChVggz.exe
  2⤵
  PID:9756
- C:\Windows\System\LWFDgOp.exe
  C:\Windows\System\LWFDgOp.exe
  2⤵
  PID:9672
- C:\Windows\System\wuaiVoW.exe
  C:\Windows\System\wuaiVoW.exe
  2⤵
  PID:9804
- C:\Windows\System\vmgcUCW.exe
  C:\Windows\System\vmgcUCW.exe
  2⤵
  PID:9740
- C:\Windows\System\eeEieta.exe
  C:\Windows\System\eeEieta.exe
  2⤵
  PID:9832
- C:\Windows\System\FRvwYJJ.exe
  C:\Windows\System\FRvwYJJ.exe
  2⤵
  PID:9852
- C:\Windows\System\McEFPTY.exe
  C:\Windows\System\McEFPTY.exe
  2⤵
  PID:988
- C:\Windows\System\SBEGzjE.exe
  C:\Windows\System\SBEGzjE.exe
  2⤵
  PID:9892
- C:\Windows\System\kWWAQIb.exe
  C:\Windows\System\kWWAQIb.exe
  2⤵
  PID:9956
- C:\Windows\System\fPMLhvb.exe
  C:\Windows\System\fPMLhvb.exe
  2⤵
  PID:10068
- C:\Windows\System\KLdYxkb.exe
  C:\Windows\System\KLdYxkb.exe
  2⤵
  PID:10200
- C:\Windows\System\Lzirdqt.exe
  C:\Windows\System\Lzirdqt.exe
  2⤵
  PID:9244
- C:\Windows\System\lNGhLFg.exe
  C:\Windows\System\lNGhLFg.exe
  2⤵
  PID:9308
- C:\Windows\System\qRABlso.exe
  C:\Windows\System\qRABlso.exe
  2⤵
  PID:9432
- C:\Windows\System\CUWGXcr.exe
  C:\Windows\System\CUWGXcr.exe
  2⤵
  PID:9468
- C:\Windows\System\vdcSVYX.exe
  C:\Windows\System\vdcSVYX.exe
  2⤵
  PID:10180
- C:\Windows\System\bJfzwIC.exe
  C:\Windows\System\bJfzwIC.exe
  2⤵
  PID:9500
- C:\Windows\System\TXrXSSl.exe
  C:\Windows\System\TXrXSSl.exe
  2⤵
  PID:9816
- C:\Windows\System\nGkFRTS.exe
  C:\Windows\System\nGkFRTS.exe
  2⤵
  PID:9860
- C:\Windows\System\iWWBSAB.exe
  C:\Windows\System\iWWBSAB.exe
  2⤵
  PID:9780
- C:\Windows\System\aBWwpAX.exe
  C:\Windows\System\aBWwpAX.exe
  2⤵
  PID:9224
- C:\Windows\System\OGkbvYj.exe
  C:\Windows\System\OGkbvYj.exe
  2⤵
  PID:10080
- C:\Windows\System\wrYYcij.exe
  C:\Windows\System\wrYYcij.exe
  2⤵
  PID:10216
- C:\Windows\System\IOZELNv.exe
  C:\Windows\System\IOZELNv.exe
  2⤵
  PID:9392
- C:\Windows\System\FFTGbyB.exe
  C:\Windows\System\FFTGbyB.exe
  2⤵
  PID:9372
- C:\Windows\System\HvOyhAV.exe
  C:\Windows\System\HvOyhAV.exe
  2⤵
  PID:9652
- C:\Windows\System\nDLAmZi.exe
  C:\Windows\System\nDLAmZi.exe
  2⤵
  PID:9540
- C:\Windows\System\OJgBXQV.exe
  C:\Windows\System\OJgBXQV.exe
  2⤵
  PID:9796
- C:\Windows\System\oiiyyuu.exe
  C:\Windows\System\oiiyyuu.exe
  2⤵
  PID:9840
- C:\Windows\System\KKFxCfa.exe
  C:\Windows\System\KKFxCfa.exe
  2⤵
  PID:9944
- C:\Windows\System\ObImFmb.exe
  C:\Windows\System\ObImFmb.exe
  2⤵
  PID:10004
- C:\Windows\System\LeVSyrj.exe
  C:\Windows\System\LeVSyrj.exe
  2⤵
  PID:10132
- C:\Windows\System\lihGIaU.exe
  C:\Windows\System\lihGIaU.exe
  2⤵
  PID:10196
- C:\Windows\System\SGHlGEC.exe
  C:\Windows\System\SGHlGEC.exe
  2⤵
  PID:9524
- C:\Windows\System\FdNwwsg.exe
  C:\Windows\System\FdNwwsg.exe
  2⤵
  PID:9820
- C:\Windows\System\wXYLKdO.exe
  C:\Windows\System\wXYLKdO.exe
  2⤵
  PID:10184
- C:\Windows\System\lOoqenh.exe
  C:\Windows\System\lOoqenh.exe
  2⤵
  PID:9428
- C:\Windows\System\qZoOvHe.exe
  C:\Windows\System\qZoOvHe.exe
  2⤵
  PID:9928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ADlwZBk.exe

Filesize
6.0MB

MD5
7cee169b9029dc1f26c7d92f4ed87265

SHA1
c09b87b29ad0bcf252454ed41746e2b1ea9adf29

SHA256
24ae346076f348b35309698b3e65827d3a5eb35da97717c99ff5974259d38cce

SHA512
420bc1a07a1794525bb2d19a585ecf59315fa3d94ee903e57d0d38ef1a966f5b3a6ee6ed99b981c7549a9f931969d3591d9d577a702be58d3f8fa8261f427138

Download Submit
C:\Windows\system\BVbvllz.exe

Filesize
6.0MB

MD5
6374c6197351b927ddda622fe52b1c2f

SHA1
fe1d47c7dd8df41abf49cb4b807682f9e2846d27

SHA256
950914c82b8448589d4f7b0834ef8cc5f58bf5093d6cdaf49b182ef76dd78de5

SHA512
be518cc5c651a43dd5db606b02ac0980f0ea89951c01cac03d606130e7de2516c45fb8871620927d25278e3f3ffa7912abd4608c078f9ac6e9d9cf42bf9503b3

Download Submit
C:\Windows\system\BYWnUMC.exe

Filesize
6.0MB

MD5
1807424aa1f470caf7387b006b7d87d6

SHA1
572f7897f5b93793cce0bc568987d8b959da3bbb

SHA256
4df14f206bc78450ad5fb65a653e18511016f025f84cd781d75e66272fbd4a74

SHA512
2d8878fe0701b7e2b7168f52eb790ef15fa661a3162e95f06d33c1dc10a70554aa329a94cb73ef843be3a88f97bfc751c5731c1205927d6a1e6b7726e8635684

Download Submit
C:\Windows\system\DenWVey.exe

Filesize
6.0MB

MD5
df2251d7fd208685fc40da45774c43bb

SHA1
12a799e6b6e4fa0320e1d2cf2b46498e46f6de70

SHA256
3d4fd593231a13f0f679d3234a81b7e007dabc73d9e65d762217b88edbcee9bd

SHA512
855575675e3207e40160ce0c8eb5ab3689f0fd5575d0d9b8d19139974876917c439d37445343ac3d88d87f269a32474cabda8dff1803922f1d4c9da91c628d26

Download Submit
C:\Windows\system\GoySGLB.exe

Filesize
6.0MB

MD5
42b95a87f1ac2d38f6434a12696c19c5

SHA1
af2ded65a1403cd2500fb60f7813f636cfbac24e

SHA256
971b830219e89e03b262f627b7141bdcabeaf83fbac4d552923922333adb5068

SHA512
3dc4de0385f78df186c68b7b6aceb817a54ed8e2eececb134d01d644948825d349581637da402f0f614b7396b0680d1cf6e9df54586b641f94a2b54ab7beba91

Download Submit
C:\Windows\system\JhbqFmy.exe

Filesize
6.0MB

MD5
d2c9b7c2525a5539dfbc6c0634153f89

SHA1
c7ef46861c517b8c0a57d191ce008c28194e1d61

SHA256
134e2ef4005a41d8ebc0e55d1cbea4a25fda726ed3d183201789485a1e36931b

SHA512
d80f11dfe540a8302da854bbbe00ebba8cd788d44455e6a4678c17a8f41d28f98b1c7e0f86908836f7b598d43b3726f0491a14d777e1b72d2383b9333d74b9af

Download Submit
C:\Windows\system\KMHdHdN.exe

Filesize
6.0MB

MD5
92eb14b02641bb620dfb1f310e640d77

SHA1
e23e37c18380811d0dcb5f472244eccc4b5bf1f8

SHA256
65a1e26b31f44766fabc6f27c43b7e03220210fbeb27db5babeb51336d0f87a6

SHA512
ff9c9073c66d725d91394ecd28b77116078cf03517c2c30681301a1290247cea27d9f4bc58b2ec0ec5c4b0a9b96c9f0b70cdd59cc61c6ed0326853e8108db136

Download Submit
C:\Windows\system\LXkAUOS.exe

Filesize
6.0MB

MD5
75e0752c6513d32af162c57315bd7252

SHA1
720fa060b991ba66c4ffe688ab92c2cacf26cc81

SHA256
30800cbd1b89f9e51466ec8ff7410b646f1d0838d5fbe2da60ac8136c7d3729d

SHA512
41f480738ad2459511374df75a8a22336b7142383cb945a66f92c80137549e7b301316d5cd3b9e0f9fd93f15a9f070fadf49166419dbae6df0f974ca596676a0

Download Submit
C:\Windows\system\LzgXxqL.exe

Filesize
6.0MB

MD5
307df031c9164ebbd533204f3b5de0f9

SHA1
ed8c5b922f774add0f5d457fd95f71c5e8795e0b

SHA256
a7077f5f38f76b9061efe085ed4e314d6ef3b87c8087387c6228d72f3e8fa5e1

SHA512
70814ab3ae02b05d1c2f1517d24b4710d7e3fa2897da0da9c4f78ff23c477c2c637921f5c412c70fdee59ee42922fcc7c229f7a28c4a69385e4f62f4709c0f7e

Download Submit
C:\Windows\system\MOfLlsK.exe

Filesize
6.0MB

MD5
72c883c9c6e90c06f0a64c14b8dc56ef

SHA1
450bc25e61ac8059a313eb94e459bd2690c06cca

SHA256
32708305ca1b4a8efcc0ad7674923de6667ecdb40d1aead0b9f6f7d8b79877d8

SHA512
a5e45e87168131b7a6b1c66c0666317513963ffe720147cf2b06a7a8ab31a98f74e07931eaced2682e43ade5a597313e0fec7c71a7b26bb3cd0f41fff7298db7

Download Submit
C:\Windows\system\OSNvzFE.exe

Filesize
6.0MB

MD5
4e85c49c31c131ab1033e2ecfff1e30c

SHA1
98e43eb942a2ee93afa71228134334ac5634a7b6

SHA256
0763272e7b41513996b463785572d29f4d9fc0487c933932ec6b0260e0c4086f

SHA512
dded9751fcd7cdc8122c53a7604d5cb01de6ec993829833cf3e1a907a87fbf53f5dfc5c048352e94f06c841a42bdb27d71d1bfab216e4ecdb71cc35e06191c73

Download Submit
C:\Windows\system\OmXgSaJ.exe

Filesize
6.0MB

MD5
a39b06a8f5c4fa4a7b9c79fda24f4a6e

SHA1
2f84149ff61159a56a2bdb16342f159ced186bd3

SHA256
c1279e5b1b2add491a49c478d1f31568e3c7280da3faa655e96697edca2e6bb4

SHA512
6ac060cd32dbba7be3b0f65425ccdc24615f208c51396187e8585bb3e3fd73201f4e6fc69cddba4e0f3234dcdb18913a70a7d58b1cb2e042af6e02e13dbcbc87

Download Submit
C:\Windows\system\PULTDxx.exe

Filesize
6.0MB

MD5
fd9bc872fb745e614c677d30b0692d22

SHA1
75386d48457295448c17073b87b4f1f19041d1f7

SHA256
fba454b759e777b957dd22754e27a40360bf24e277c9db645e3b7737e599cc98

SHA512
e14ec7bb91ac11c64370094fcd8ef6ae39ec037544550b00c8eae2f2ffe73adb570b6280010b7ba8611589bb3e7b20d80ac1d01cb2cbd7dfd1f4766d603d0b8a

Download Submit
C:\Windows\system\QIVsHff.exe

Filesize
6.0MB

MD5
da10c22e203504235fe2b96f94e45757

SHA1
01fbc9336bfc5611545dfd1ec7ce5b72d75b7117

SHA256
558386a8accccb742d75b9a8ae5efc17f1010b3e61e864f919d787352767cd0b

SHA512
6c1c9d51a034abb8747f923bc5edb946130c848e182379bb80935c9e10492428f31d765894f60300f5a0b221aa9ba36ea1205ebf7fb447645e0374c93336de9e

Download Submit
C:\Windows\system\QydNLdt.exe

Filesize
6.0MB

MD5
3c169f9a7ef10ce2ec0b6dcbd4143300

SHA1
8e95f6cdeb3c28c668e9a66604ad1bbdc84ff10a

SHA256
614bd6ea7df533acf4f2f4a3e41f49bbb0e8444297f09d4ec454afbe571e57be

SHA512
f7b8d786a6e800ba3549722736b9e05cc455a44badeabe3cea213e894f110e7434cb7b114e1c8b3982e0536516430d8cb6700007251b3c4a768543b5223a33c7

Download Submit
C:\Windows\system\TYeZBle.exe

Filesize
6.0MB

MD5
647ac1dacad8af1dfe02af34028d5f20

SHA1
ecbb8d76e13f91f7c98bcd64b6e2b4b86ab5c75d

SHA256
b95c601cbb331453687ab5d2d6a6d4179274e248af988855b295f87c526ac4e4

SHA512
39292caf6299cd4cbc0e2b479b671b0afd2bab11eaea63dbd88cb6e2c70de58a35f6bf5adc2143224b3630b5e3af07548684911ce37bbddc015c7b6ac398c6b2

Download Submit
C:\Windows\system\XJDcjYM.exe

Filesize
6.0MB

MD5
7128164877d6b46f367c152c8f9f873a

SHA1
d9f76e6d64463052f46a6701cb384c035304c0a7

SHA256
8eea0b1fa5fd36186db01509e07987d5273fff1db3756685cf974b1be7649a85

SHA512
4660bcb980ee0a06a3078d6eeba20bc4160bd0f07d8156c50460641bb1cd34e0a9474216641a726db4f99deda8a98ec9dc19f1857a40ed5661d3fca7abffff52

Download Submit
C:\Windows\system\YxLiQNf.exe

Filesize
6.0MB

MD5
24c4a7c24c891eae9a502e6069c1df89

SHA1
ab3fe50112e0ed3a7186d5afb28e8708984dff56

SHA256
a2cb5bfa957902657d1fba8ec27bab32993920fa4626f5914e8ead21d9e709a9

SHA512
1c07482c30bc71110cf9bef8c1519ae179b4e1f771fbce4d624b1f81fbaf930688a7bd2038771a0ce870eda38897b56af66380f85ec67b8982901c994bb4b8d5

Download Submit
C:\Windows\system\aOeZksb.exe

Filesize
6.0MB

MD5
44b87aeaf3fa8cfa94f20d69ade079eb

SHA1
9e25b355d79d07dfead5b528fd5c847f3eaf9523

SHA256
84b04ac00c560416168847fa02c6871d53c097e9b13e7c962dcce43b19520946

SHA512
a551a77cf1ffb32f5e35024874cf6634aa5abf4b5ea6e804ea6cfa1553b005396d393101efe9547d58fe9394da1e79a2b08e14e52052710e3879d6971710dfa4

Download Submit
C:\Windows\system\gsnwtYZ.exe

Filesize
6.0MB

MD5
e4e1f87fdf7816c582940d473b66afaf

SHA1
d57b2639be70ffe0036edeb341083d4f0f1d1df9

SHA256
f43564617872fbd3b48551c9f06821be94360a8dbdccc56648119068629dd543

SHA512
86101b6abae6c0d8607b87c8b0f7da51f50554e8694a63977f5121379561b15bbbdb75e3ecac434c26afae6e8f70cdc5763a4618fca48efb37fdfbe4150efc87

Download Submit
C:\Windows\system\jgEHxpQ.exe

Filesize
6.0MB

MD5
b1aa968cd43c4aa302fd39d4e66cdb84

SHA1
639fd043f193a5b0d2562b65bb69fc24592fd5ca

SHA256
da2bf4a6919aee1a9f90fb76dbbd226e35633ec47a9a02512ae9c7928113b2f5

SHA512
518f9d5597a158e3be050fa71bff0e8edb4049bda4d0978367d61be53a01ea56bdd82dc5cdd77c016aa71021533ab96efe8973944a5a0bd5a093845b4da3eeb5

Download Submit
C:\Windows\system\msIkMOB.exe

Filesize
6.0MB

MD5
a8b739fd824a865e455d1a77a78367a5

SHA1
03c4b22b43726cb9c918e455598d11e1a16b9e27

SHA256
00211a64444edccf81bbf6ea14968a5464234b685832a3d243a40cd5b45b3ef6

SHA512
76b2c8dcba7169d0b1427f7f425050040d5aa3c959fd25abb8c4d1352d61141153835423dd8338d26186a70ef1d2dc0c081701c8e7f70cd57bfc0d03f5432abe

Download Submit
C:\Windows\system\pRSmyVl.exe

Filesize
6.0MB

MD5
67bf8f8f805b14718195f60f90bd16a3

SHA1
58eafd9d6473df38766bfa09edb5442c86cd5cbd

SHA256
cf657dcc4fbfc78f1745c83baa2ea07a85b76ec319ae29038dd04269f2f9fb8e

SHA512
d5c7b3b7742712ca63fc5699c0358f3d1e5af21512c1f42cfdfea546d86af8292791be49dfa2b2485a6964b418f1192d57b64ca1b0c3ecad948c2d2851671041

Download Submit
C:\Windows\system\sytfgrs.exe

Filesize
6.0MB

MD5
796336ee0165b1c1e42ba257b557a658

SHA1
797bf50411e13b072abc37014712bd6130247f5e

SHA256
5725b1614d78be8e9a99507ffe445ed0e74cd39e197c06a3521a652adf5060a6

SHA512
5d0597f8f61f7228f4157e0f3897e9d2fd0444a0948b6d9af2fb5c147dda5ce78fa6e6fcddafb2ca62889b5a48119d936e3517bcb48a53af00d33ed05f1d884d

Download Submit
C:\Windows\system\tesgbgL.exe

Filesize
6.0MB

MD5
f09b7d4d5774781aa5cf8a4adbedb36d

SHA1
a490309c2bfbe4c435a69c4b305b8b3dbca29fe5

SHA256
1dfe5895ddca320ba67007f45e592b1eb5af81c4e34ab7a18185f5c26fca0f26

SHA512
25f1b753fb19fe5805c856399c80cd186dc0bd25c03c2022e43f9b6682c005628ecf5344e6b93f47aa9389b7b4c204ae56110859a2ef2752b1d015421e073b2b

Download Submit
C:\Windows\system\uHPrBjj.exe

Filesize
6.0MB

MD5
4542cb073faf8b715a236ffe6413ca77

SHA1
c11bdde7a6aa341597620dda046dbeb595893ae3

SHA256
07d39573949a01d6cae988749ae4c6144cb3dd5c0ea434bbe03c0c63af90895b

SHA512
b673327f331faa0d6b453190ef7c7a11bc5e2b381394bbfcc00853eb81b1c2010b6a54d23f02f74cf25a323f441ec5087c98b4b3422540615ea296a976986e95

Download Submit
C:\Windows\system\vSOloXt.exe

Filesize
6.0MB

MD5
9ffe560c63bd9e0dae3b30670eccce5d

SHA1
bd4319bbd180db193c266caa8f516aaf863c0369

SHA256
eddd4eb7df0de81b1f2e672d8103d35126cbf3cdf73080dd911f94f548d4f953

SHA512
bf2e2b622ddec3b52828e9e11be54b1971a2e100d9ebd332f8bfd9685be799bfe28ed0f9480643534cfdd208edbe5281468a1beb9dd72ffe5d0bd63af16a935a

Download Submit
C:\Windows\system\xxAQYSC.exe

Filesize
6.0MB

MD5
cc16a6ceba9f48150c48fe563dbcc169

SHA1
9c2e2c7ecc76abf8b5a8c410804b5633b1ff2f96

SHA256
3cf2ccc7b97a91f5e7798a9db99de6e32e5d82dca1ee7ae187d3fa5000cc203c

SHA512
3178cc951d1b322493790cfb896ec13e5e9404c3eb804ae87ac6d6bde2241cae1b0a1abe6b24628a4d8de9714fdcf6f66b5b2616fc10d2ba73ea73a494502764

Download Submit
\Windows\system\INovswY.exe

Filesize
6.0MB

MD5
8f723bd1500a4e03cdb6788e20c5514e

SHA1
6ba42b5d7f49de81b126c18916d82441189bc2d1

SHA256
99e141e4a7b4fee7a0e6e7eeed036070a3627865dea20a1eba765f7b010a6539

SHA512
8ea7e15960cccc653a7c1dc4934d0ad39e83dbd585031b3b4e5c57e769faacaa8ec55d78d92e570c356b8969cea565a55771f89293a9840e2e341690d6992eb2

Download Submit
\Windows\system\PSjhjwi.exe

Filesize
6.0MB

MD5
61c7ce3806124f142c453122fa0f0851

SHA1
e4b6734dff03eb156cc755864b61f765c6ee7168

SHA256
ed2f40e38aa0b98bf2a3c33247fd756eda868724e0d9f1de8aa8ea43bd7f7356

SHA512
d7a20ee7e0af9d36eca2279d059f54e28461dc2ddc0e959560717c0368576a1c7be0c00fc3b5764add2aa63bb85c865ca481b5564020496377b0a3c6c5d2a402

Download Submit
\Windows\system\SNTAyWn.exe

Filesize
6.0MB

MD5
0ff28b267a0eb0a430fbb26c90add91a

SHA1
567a2e6f807217ee9d255d5b6742b7782d52c725

SHA256
1a520351d8ef6a672d6e6ec24a769b82a2d13618c52ae1e725046e1f7b54efea

SHA512
7ede3723aa0c3d95f928b844e0500a81cd90ffd42d8a8858d037216b0c03e2352332ebf7ec9525749529bbddd800c5527771e7b4b5841e0be14bf70fbd60e136

Download Submit
\Windows\system\oKcZMRa.exe

Filesize
6.0MB

MD5
bf92d0a602aa92e7526d12ae182cbef3

SHA1
8d29e0cff959bed04e45aac1438aa3cd424489a5

SHA256
2498e1e5cbb6ae93f4e9b658611165d9324757eec1d0dcc8540988a2f2b0b216

SHA512
e9f0b1d8d4c00bfc7ead3d5b5179a45c682d9b1bd78f7c8a4cdf181343af77c8bf7a5fd5a6d93c5c65209f8ffc4bdf670f86e25104710ee2ea675198f7bf2a37

Download Submit
memory/1616-2049-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1616-3871-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2283-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-3872-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2293-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-2153-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2388-0-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-3870-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3874-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-2071-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2386-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3873-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download