cobaltstrike | dfeb85e5eefd8c48d8f171bd1c33bfb5df54afd48086f94b0d8a08d1142dccd2

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4951f7d7f45309f5b182d72cd200952e
SHA1

da26045ef4d1ccd65db737cca11187bf748fc433
SHA256

dfeb85e5eefd8c48d8f171bd1c33bfb5df54afd48086f94b0d8a08d1142dccd2
SHA512

e543390df065feb17ab4856fa96954629595e86720ff89f1ae031255291a73e1a5a09f7fcabce439c754a2aabfe30d22a9e9df066eed022b955d48cce9fa7a4d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUu:T+q56utgpPF8u/7u

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120fb-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017429-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017447-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017467-25.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000018617-33.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ed-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a05a-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a020-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a033-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f71-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019931-60.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000196a0-55.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739f-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018636-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018634-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2248-0-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x00090000000120fb-6.dat	xmrig
behavioral1/files/0x0008000000017429-12.dat	xmrig
behavioral1/memory/2484-15-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/1988-14-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x0007000000017447-10.dat	xmrig
behavioral1/files/0x0008000000017467-25.dat	xmrig
behavioral1/memory/1704-24-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/1920-29-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x000a000000018617-33.dat	xmrig
behavioral1/files/0x0005000000019cd5-85.dat	xmrig
behavioral1/files/0x0005000000019cfc-90.dat	xmrig
behavioral1/files/0x0005000000019d69-100.dat	xmrig
behavioral1/memory/2424-108-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3e4-142.dat	xmrig
behavioral1/memory/2248-1165-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2908-1167-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2728-1170-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2248-1174-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2248-1176-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2612-1175-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2248-1184-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2780-1188-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/1704-1550-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2248-2580-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2148-1179-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/3052-1177-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2560-1173-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2848-1164-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a445-172.dat	xmrig
behavioral1/files/0x000500000001a423-166.dat	xmrig
behavioral1/files/0x000500000001a3ed-161.dat	xmrig
behavioral1/files/0x000500000001a3ea-156.dat	xmrig
behavioral1/files/0x000500000001a3e8-152.dat	xmrig
behavioral1/files/0x000500000001a3e6-146.dat	xmrig
behavioral1/files/0x000500000001a2fc-136.dat	xmrig
behavioral1/files/0x000500000001a05a-126.dat	xmrig
behavioral1/files/0x000500000001a2b9-131.dat	xmrig
behavioral1/files/0x000500000001a020-116.dat	xmrig
behavioral1/files/0x000500000001a033-121.dat	xmrig
behavioral1/files/0x0005000000019f71-111.dat	xmrig
behavioral1/files/0x0005000000019f57-105.dat	xmrig
behavioral1/files/0x0005000000019d5c-95.dat	xmrig
behavioral1/files/0x0005000000019c0b-80.dat	xmrig
behavioral1/files/0x0005000000019bf2-75.dat	xmrig
behavioral1/files/0x0005000000019bf0-71.dat	xmrig
behavioral1/files/0x0005000000019bec-65.dat	xmrig
behavioral1/files/0x0006000000019931-60.dat	xmrig
behavioral1/files/0x00060000000196a0-55.dat	xmrig
behavioral1/files/0x000800000001739f-50.dat	xmrig
behavioral1/files/0x0006000000018636-45.dat	xmrig
behavioral1/memory/2248-41-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018634-40.dat	xmrig
behavioral1/memory/2812-39-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2484-3612-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/1988-3616-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/1920-3621-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/1704-3619-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2424-3641-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2612-3640-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2908-3639-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2560-3642-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/3052-3646-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2148-3638-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1988	MoKWajY.exe
2484	dBwjyWj.exe
1704	zsQNzmD.exe
1920	XOMMyUb.exe
2812	KNrokSz.exe
2780	vhXjJVk.exe
2424	SqqjRdY.exe
2848	KstOqny.exe
2908	LSxjUDm.exe
2728	pMKLuPA.exe
2560	bTHvnPK.exe
2612	dSRyqXp.exe
3052	JkStqhg.exe
2148	eOCwBRr.exe
628	sPQwALY.exe
372	EJpcnPU.exe
1264	zvxTOWQ.exe
2620	DCnueix.exe
2904	yjNjesQ.exe
1992	OTBNLNf.exe
1200	VHRlAMK.exe
1884	THTZmsB.exe
1072	KSsTMDV.exe
1648	hlAeeQU.exe
1576	GfyIcCW.exe
264	acVzVDM.exe
2428	rRUCyfC.exe
2520	ggCbRqd.exe
2736	WfYbSzn.exe
2024	QEJQPvr.exe
2304	IoSvvmD.exe
604	JxDaCdv.exe
1624	GeJECUx.exe
1536	txzrvsM.exe
692	ATLmQzE.exe
1608	jUeCWqA.exe
664	fsrlVds.exe
1944	FKxKyMX.exe
1372	dzoRtDG.exe
1724	ENiAwex.exe
1748	BgORatx.exe
764	OICYVqK.exe
2228	yzSYmiH.exe
2436	NlYdwKu.exe
2200	TxUXLfg.exe
3032	AFutzND.exe
1680	AXShzXg.exe
2404	qZXssiJ.exe
600	VoGnGfl.exe
808	qlCxqiL.exe
2496	jFGbCbr.exe
884	OCOAbee.exe
1628	hykkylU.exe
1728	dIsDHZZ.exe
1596	RZpGjWD.exe
1696	yxigiod.exe
2388	byttzSv.exe
2704	IrDHFQC.exe
1572	oAaGecj.exe
2968	HAeBUoR.exe
2892	fTCIsql.exe
2672	lpsTpcA.exe
2580	psbjdcI.exe
2396	RBdWNTs.exe

Loads dropped DLL 64 IoCs

pid	Process
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2248-0-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x00090000000120fb-6.dat	upx
behavioral1/files/0x0008000000017429-12.dat	upx
behavioral1/memory/2484-15-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/1988-14-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x0007000000017447-10.dat	upx
behavioral1/files/0x0008000000017467-25.dat	upx
behavioral1/memory/1704-24-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/1920-29-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x000a000000018617-33.dat	upx
behavioral1/files/0x0005000000019cd5-85.dat	upx
behavioral1/files/0x0005000000019cfc-90.dat	upx
behavioral1/files/0x0005000000019d69-100.dat	upx
behavioral1/memory/2424-108-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x000500000001a3e4-142.dat	upx
behavioral1/memory/2908-1167-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2728-1170-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2612-1175-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2248-1184-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2780-1188-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/1704-1550-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2148-1179-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/3052-1177-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2560-1173-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2848-1164-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x000500000001a445-172.dat	upx
behavioral1/files/0x000500000001a423-166.dat	upx
behavioral1/files/0x000500000001a3ed-161.dat	upx
behavioral1/files/0x000500000001a3ea-156.dat	upx
behavioral1/files/0x000500000001a3e8-152.dat	upx
behavioral1/files/0x000500000001a3e6-146.dat	upx
behavioral1/files/0x000500000001a2fc-136.dat	upx
behavioral1/files/0x000500000001a05a-126.dat	upx
behavioral1/files/0x000500000001a2b9-131.dat	upx
behavioral1/files/0x000500000001a020-116.dat	upx
behavioral1/files/0x000500000001a033-121.dat	upx
behavioral1/files/0x0005000000019f71-111.dat	upx
behavioral1/files/0x0005000000019f57-105.dat	upx
behavioral1/files/0x0005000000019d5c-95.dat	upx
behavioral1/files/0x0005000000019c0b-80.dat	upx
behavioral1/files/0x0005000000019bf2-75.dat	upx
behavioral1/files/0x0005000000019bf0-71.dat	upx
behavioral1/files/0x0005000000019bec-65.dat	upx
behavioral1/files/0x0006000000019931-60.dat	upx
behavioral1/files/0x00060000000196a0-55.dat	upx
behavioral1/files/0x000800000001739f-50.dat	upx
behavioral1/files/0x0006000000018636-45.dat	upx
behavioral1/files/0x0006000000018634-40.dat	upx
behavioral1/memory/2812-39-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2484-3612-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/1988-3616-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/1920-3621-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/1704-3619-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2424-3641-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2612-3640-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2908-3639-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2560-3642-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/3052-3646-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2148-3638-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2812-3686-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2848-3658-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2780-3655-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2728-3635-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CwRvXic.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnjSQum.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yxigiod.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADdrlJB.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKETfKi.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQpXrma.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mPajcBq.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvcBMRd.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgvDxcj.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UesFEcb.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLGonmz.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvmtDFo.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEDEzsx.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESqAOdQ.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DOiuuQR.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WQaxKxM.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPxGChp.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jAPmGvq.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUysTZL.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ivwbcht.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKHyoyN.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojvSGpF.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udjfTgo.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbtNthq.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWbpQUO.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpVvZNi.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\orPyeBa.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVZsJcg.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZorcvVr.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFrSFhZ.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VEieEtx.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyNFcKe.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPpHJQj.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSUJKWF.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkbiZKQ.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCIlURi.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wYWuvul.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJEyJjG.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgHvxIm.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHNRwYE.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBItvnc.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crisMMX.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QswEeJr.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqaDSxH.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYQRvjL.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vCDBmyc.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DnGNfdU.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyGfRhe.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbshHIZ.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGWFyzM.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojrRFfN.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFFUPqF.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\niIHpEZ.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vsNFVNZ.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMPEJon.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lAFFufB.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzpxJqL.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKMZmXk.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHYwEhy.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtCGxQT.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AmQTwPl.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uEkzHoh.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diWKAhG.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnhJFJP.exe	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 1988	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2248 wrote to memory of 1988	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2248 wrote to memory of 1988	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2248 wrote to memory of 2484	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2248 wrote to memory of 2484	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2248 wrote to memory of 2484	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2248 wrote to memory of 1704	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2248 wrote to memory of 1704	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2248 wrote to memory of 1704	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2248 wrote to memory of 1920	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2248 wrote to memory of 1920	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2248 wrote to memory of 1920	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2248 wrote to memory of 2812	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2248 wrote to memory of 2812	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2248 wrote to memory of 2812	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2248 wrote to memory of 2780	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2248 wrote to memory of 2780	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2248 wrote to memory of 2780	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2248 wrote to memory of 2424	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2248 wrote to memory of 2424	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2248 wrote to memory of 2424	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2248 wrote to memory of 2848	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2248 wrote to memory of 2848	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2248 wrote to memory of 2848	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2248 wrote to memory of 2908	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2248 wrote to memory of 2908	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2248 wrote to memory of 2908	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2248 wrote to memory of 2728	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2248 wrote to memory of 2728	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2248 wrote to memory of 2728	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2248 wrote to memory of 2560	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2248 wrote to memory of 2560	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2248 wrote to memory of 2560	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2248 wrote to memory of 2612	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2248 wrote to memory of 2612	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2248 wrote to memory of 2612	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2248 wrote to memory of 3052	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2248 wrote to memory of 3052	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2248 wrote to memory of 3052	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2248 wrote to memory of 2148	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2248 wrote to memory of 2148	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2248 wrote to memory of 2148	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2248 wrote to memory of 628	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2248 wrote to memory of 628	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2248 wrote to memory of 628	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2248 wrote to memory of 372	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2248 wrote to memory of 372	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2248 wrote to memory of 372	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2248 wrote to memory of 1264	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2248 wrote to memory of 1264	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2248 wrote to memory of 1264	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2248 wrote to memory of 2620	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2248 wrote to memory of 2620	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2248 wrote to memory of 2620	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2248 wrote to memory of 2904	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2248 wrote to memory of 2904	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2248 wrote to memory of 2904	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2248 wrote to memory of 1992	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2248 wrote to memory of 1992	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2248 wrote to memory of 1992	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2248 wrote to memory of 1200	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2248 wrote to memory of 1200	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2248 wrote to memory of 1200	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2248 wrote to memory of 1884	2248	2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_4951f7d7f45309f5b182d72cd200952e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\System\MoKWajY.exe
  C:\Windows\System\MoKWajY.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\dBwjyWj.exe
  C:\Windows\System\dBwjyWj.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\zsQNzmD.exe
  C:\Windows\System\zsQNzmD.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\XOMMyUb.exe
  C:\Windows\System\XOMMyUb.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\KNrokSz.exe
  C:\Windows\System\KNrokSz.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\vhXjJVk.exe
  C:\Windows\System\vhXjJVk.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\SqqjRdY.exe
  C:\Windows\System\SqqjRdY.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\KstOqny.exe
  C:\Windows\System\KstOqny.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\LSxjUDm.exe
  C:\Windows\System\LSxjUDm.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\pMKLuPA.exe
  C:\Windows\System\pMKLuPA.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\bTHvnPK.exe
  C:\Windows\System\bTHvnPK.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\dSRyqXp.exe
  C:\Windows\System\dSRyqXp.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\JkStqhg.exe
  C:\Windows\System\JkStqhg.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\eOCwBRr.exe
  C:\Windows\System\eOCwBRr.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\sPQwALY.exe
  C:\Windows\System\sPQwALY.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\EJpcnPU.exe
  C:\Windows\System\EJpcnPU.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\zvxTOWQ.exe
  C:\Windows\System\zvxTOWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\DCnueix.exe
  C:\Windows\System\DCnueix.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\yjNjesQ.exe
  C:\Windows\System\yjNjesQ.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\OTBNLNf.exe
  C:\Windows\System\OTBNLNf.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\VHRlAMK.exe
  C:\Windows\System\VHRlAMK.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\THTZmsB.exe
  C:\Windows\System\THTZmsB.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\KSsTMDV.exe
  C:\Windows\System\KSsTMDV.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\hlAeeQU.exe
  C:\Windows\System\hlAeeQU.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\GfyIcCW.exe
  C:\Windows\System\GfyIcCW.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\acVzVDM.exe
  C:\Windows\System\acVzVDM.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\rRUCyfC.exe
  C:\Windows\System\rRUCyfC.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\ggCbRqd.exe
  C:\Windows\System\ggCbRqd.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\WfYbSzn.exe
  C:\Windows\System\WfYbSzn.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\QEJQPvr.exe
  C:\Windows\System\QEJQPvr.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\IoSvvmD.exe
  C:\Windows\System\IoSvvmD.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\JxDaCdv.exe
  C:\Windows\System\JxDaCdv.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\GeJECUx.exe
  C:\Windows\System\GeJECUx.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\txzrvsM.exe
  C:\Windows\System\txzrvsM.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\ATLmQzE.exe
  C:\Windows\System\ATLmQzE.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\jUeCWqA.exe
  C:\Windows\System\jUeCWqA.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\fsrlVds.exe
  C:\Windows\System\fsrlVds.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\FKxKyMX.exe
  C:\Windows\System\FKxKyMX.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\dzoRtDG.exe
  C:\Windows\System\dzoRtDG.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\ENiAwex.exe
  C:\Windows\System\ENiAwex.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\BgORatx.exe
  C:\Windows\System\BgORatx.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\OICYVqK.exe
  C:\Windows\System\OICYVqK.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\yzSYmiH.exe
  C:\Windows\System\yzSYmiH.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\NlYdwKu.exe
  C:\Windows\System\NlYdwKu.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\TxUXLfg.exe
  C:\Windows\System\TxUXLfg.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\AFutzND.exe
  C:\Windows\System\AFutzND.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\AXShzXg.exe
  C:\Windows\System\AXShzXg.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\qZXssiJ.exe
  C:\Windows\System\qZXssiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\VoGnGfl.exe
  C:\Windows\System\VoGnGfl.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\qlCxqiL.exe
  C:\Windows\System\qlCxqiL.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\jFGbCbr.exe
  C:\Windows\System\jFGbCbr.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\OCOAbee.exe
  C:\Windows\System\OCOAbee.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\hykkylU.exe
  C:\Windows\System\hykkylU.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\dIsDHZZ.exe
  C:\Windows\System\dIsDHZZ.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\RZpGjWD.exe
  C:\Windows\System\RZpGjWD.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\yxigiod.exe
  C:\Windows\System\yxigiod.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\byttzSv.exe
  C:\Windows\System\byttzSv.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\IrDHFQC.exe
  C:\Windows\System\IrDHFQC.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\oAaGecj.exe
  C:\Windows\System\oAaGecj.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\HAeBUoR.exe
  C:\Windows\System\HAeBUoR.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\fTCIsql.exe
  C:\Windows\System\fTCIsql.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\lpsTpcA.exe
  C:\Windows\System\lpsTpcA.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\psbjdcI.exe
  C:\Windows\System\psbjdcI.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\RBdWNTs.exe
  C:\Windows\System\RBdWNTs.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\BlCAugc.exe
  C:\Windows\System\BlCAugc.exe
  2⤵
  PID:832
- C:\Windows\System\IogneNd.exe
  C:\Windows\System\IogneNd.exe
  2⤵
  PID:2896
- C:\Windows\System\sIEVXjw.exe
  C:\Windows\System\sIEVXjw.exe
  2⤵
  PID:2912
- C:\Windows\System\HPCEJKb.exe
  C:\Windows\System\HPCEJKb.exe
  2⤵
  PID:1436
- C:\Windows\System\fVcBlSA.exe
  C:\Windows\System\fVcBlSA.exe
  2⤵
  PID:1752
- C:\Windows\System\sUOQPBw.exe
  C:\Windows\System\sUOQPBw.exe
  2⤵
  PID:1888
- C:\Windows\System\zYQRvjL.exe
  C:\Windows\System\zYQRvjL.exe
  2⤵
  PID:1632
- C:\Windows\System\oasUliO.exe
  C:\Windows\System\oasUliO.exe
  2⤵
  PID:2268
- C:\Windows\System\IYvfQpN.exe
  C:\Windows\System\IYvfQpN.exe
  2⤵
  PID:1964
- C:\Windows\System\LTBCSJR.exe
  C:\Windows\System\LTBCSJR.exe
  2⤵
  PID:308
- C:\Windows\System\XJGnyQf.exe
  C:\Windows\System\XJGnyQf.exe
  2⤵
  PID:440
- C:\Windows\System\hqoepus.exe
  C:\Windows\System\hqoepus.exe
  2⤵
  PID:1948
- C:\Windows\System\MxsmpME.exe
  C:\Windows\System\MxsmpME.exe
  2⤵
  PID:1044
- C:\Windows\System\DOiuuQR.exe
  C:\Windows\System\DOiuuQR.exe
  2⤵
  PID:1804
- C:\Windows\System\ACBHwDw.exe
  C:\Windows\System\ACBHwDw.exe
  2⤵
  PID:1056
- C:\Windows\System\sfEoLEL.exe
  C:\Windows\System\sfEoLEL.exe
  2⤵
  PID:1084
- C:\Windows\System\ytNAfHm.exe
  C:\Windows\System\ytNAfHm.exe
  2⤵
  PID:896
- C:\Windows\System\OolGhxQ.exe
  C:\Windows\System\OolGhxQ.exe
  2⤵
  PID:904
- C:\Windows\System\loelDbE.exe
  C:\Windows\System\loelDbE.exe
  2⤵
  PID:1364
- C:\Windows\System\SUlzEHs.exe
  C:\Windows\System\SUlzEHs.exe
  2⤵
  PID:2272
- C:\Windows\System\ZxXKCCz.exe
  C:\Windows\System\ZxXKCCz.exe
  2⤵
  PID:2160
- C:\Windows\System\atehpfk.exe
  C:\Windows\System\atehpfk.exe
  2⤵
  PID:756
- C:\Windows\System\CgWWGZY.exe
  C:\Windows\System\CgWWGZY.exe
  2⤵
  PID:880
- C:\Windows\System\rktgsvu.exe
  C:\Windows\System\rktgsvu.exe
  2⤵
  PID:2432
- C:\Windows\System\DNFhJgA.exe
  C:\Windows\System\DNFhJgA.exe
  2⤵
  PID:2964
- C:\Windows\System\xfLDVuj.exe
  C:\Windows\System\xfLDVuj.exe
  2⤵
  PID:2344
- C:\Windows\System\lLroYYN.exe
  C:\Windows\System\lLroYYN.exe
  2⤵
  PID:2984
- C:\Windows\System\bHOssxD.exe
  C:\Windows\System\bHOssxD.exe
  2⤵
  PID:2596
- C:\Windows\System\pvAcPNk.exe
  C:\Windows\System\pvAcPNk.exe
  2⤵
  PID:2696
- C:\Windows\System\frmDJWh.exe
  C:\Windows\System\frmDJWh.exe
  2⤵
  PID:2572
- C:\Windows\System\aFfWOdW.exe
  C:\Windows\System\aFfWOdW.exe
  2⤵
  PID:2820
- C:\Windows\System\AigVIOJ.exe
  C:\Windows\System\AigVIOJ.exe
  2⤵
  PID:2872
- C:\Windows\System\QZHvNqI.exe
  C:\Windows\System\QZHvNqI.exe
  2⤵
  PID:1612
- C:\Windows\System\CUqSTRh.exe
  C:\Windows\System\CUqSTRh.exe
  2⤵
  PID:2524
- C:\Windows\System\zfHlsyl.exe
  C:\Windows\System\zfHlsyl.exe
  2⤵
  PID:572
- C:\Windows\System\VICEgrD.exe
  C:\Windows\System\VICEgrD.exe
  2⤵
  PID:1476
- C:\Windows\System\BTljnMI.exe
  C:\Windows\System\BTljnMI.exe
  2⤵
  PID:2292
- C:\Windows\System\UYeIzUL.exe
  C:\Windows\System\UYeIzUL.exe
  2⤵
  PID:1548
- C:\Windows\System\mDZLDwG.exe
  C:\Windows\System\mDZLDwG.exe
  2⤵
  PID:1188
- C:\Windows\System\pcIxrHO.exe
  C:\Windows\System\pcIxrHO.exe
  2⤵
  PID:2192
- C:\Windows\System\CPotXBd.exe
  C:\Windows\System\CPotXBd.exe
  2⤵
  PID:556
- C:\Windows\System\ohSoisJ.exe
  C:\Windows\System\ohSoisJ.exe
  2⤵
  PID:1068
- C:\Windows\System\KnzNLLC.exe
  C:\Windows\System\KnzNLLC.exe
  2⤵
  PID:1388
- C:\Windows\System\tjjtDTq.exe
  C:\Windows\System\tjjtDTq.exe
  2⤵
  PID:2992
- C:\Windows\System\JXxrJfc.exe
  C:\Windows\System\JXxrJfc.exe
  2⤵
  PID:2140
- C:\Windows\System\oGGbReS.exe
  C:\Windows\System\oGGbReS.exe
  2⤵
  PID:2824
- C:\Windows\System\CYhCJcP.exe
  C:\Windows\System\CYhCJcP.exe
  2⤵
  PID:2772
- C:\Windows\System\GKDdVTB.exe
  C:\Windows\System\GKDdVTB.exe
  2⤵
  PID:2752
- C:\Windows\System\ZWZaNwv.exe
  C:\Windows\System\ZWZaNwv.exe
  2⤵
  PID:1960
- C:\Windows\System\LjjMdKq.exe
  C:\Windows\System\LjjMdKq.exe
  2⤵
  PID:2940
- C:\Windows\System\VzmJvsr.exe
  C:\Windows\System\VzmJvsr.exe
  2⤵
  PID:1864
- C:\Windows\System\AbEwHYJ.exe
  C:\Windows\System\AbEwHYJ.exe
  2⤵
  PID:1904
- C:\Windows\System\pXcZWHs.exe
  C:\Windows\System\pXcZWHs.exe
  2⤵
  PID:2288
- C:\Windows\System\lZuVItD.exe
  C:\Windows\System\lZuVItD.exe
  2⤵
  PID:944
- C:\Windows\System\AtXBmrD.exe
  C:\Windows\System\AtXBmrD.exe
  2⤵
  PID:1484
- C:\Windows\System\HomszxL.exe
  C:\Windows\System\HomszxL.exe
  2⤵
  PID:3068
- C:\Windows\System\SFoidbe.exe
  C:\Windows\System\SFoidbe.exe
  2⤵
  PID:2308
- C:\Windows\System\QkOAqWU.exe
  C:\Windows\System\QkOAqWU.exe
  2⤵
  PID:1592
- C:\Windows\System\WQaxKxM.exe
  C:\Windows\System\WQaxKxM.exe
  2⤵
  PID:2788
- C:\Windows\System\xVenwZQ.exe
  C:\Windows\System\xVenwZQ.exe
  2⤵
  PID:2300
- C:\Windows\System\tsaMxxS.exe
  C:\Windows\System\tsaMxxS.exe
  2⤵
  PID:992
- C:\Windows\System\YiNGYpj.exe
  C:\Windows\System\YiNGYpj.exe
  2⤵
  PID:2656
- C:\Windows\System\QAzcrUS.exe
  C:\Windows\System\QAzcrUS.exe
  2⤵
  PID:3088
- C:\Windows\System\EJLWcKZ.exe
  C:\Windows\System\EJLWcKZ.exe
  2⤵
  PID:3108
- C:\Windows\System\hzDlPeK.exe
  C:\Windows\System\hzDlPeK.exe
  2⤵
  PID:3128
- C:\Windows\System\TrFgaHm.exe
  C:\Windows\System\TrFgaHm.exe
  2⤵
  PID:3148
- C:\Windows\System\ywXTTTt.exe
  C:\Windows\System\ywXTTTt.exe
  2⤵
  PID:3168
- C:\Windows\System\juEsJLN.exe
  C:\Windows\System\juEsJLN.exe
  2⤵
  PID:3184
- C:\Windows\System\FOGoRgS.exe
  C:\Windows\System\FOGoRgS.exe
  2⤵
  PID:3208
- C:\Windows\System\sFZcSFz.exe
  C:\Windows\System\sFZcSFz.exe
  2⤵
  PID:3228
- C:\Windows\System\QRNLCpJ.exe
  C:\Windows\System\QRNLCpJ.exe
  2⤵
  PID:3248
- C:\Windows\System\byYXsED.exe
  C:\Windows\System\byYXsED.exe
  2⤵
  PID:3268
- C:\Windows\System\FRpnqEu.exe
  C:\Windows\System\FRpnqEu.exe
  2⤵
  PID:3288
- C:\Windows\System\KnBqVKz.exe
  C:\Windows\System\KnBqVKz.exe
  2⤵
  PID:3308
- C:\Windows\System\wbQttso.exe
  C:\Windows\System\wbQttso.exe
  2⤵
  PID:3328
- C:\Windows\System\tFHioZR.exe
  C:\Windows\System\tFHioZR.exe
  2⤵
  PID:3348
- C:\Windows\System\QOQArFN.exe
  C:\Windows\System\QOQArFN.exe
  2⤵
  PID:3368
- C:\Windows\System\ylWkgoa.exe
  C:\Windows\System\ylWkgoa.exe
  2⤵
  PID:3388
- C:\Windows\System\PPWFwEK.exe
  C:\Windows\System\PPWFwEK.exe
  2⤵
  PID:3408
- C:\Windows\System\BPxGChp.exe
  C:\Windows\System\BPxGChp.exe
  2⤵
  PID:3428
- C:\Windows\System\bHGRBkz.exe
  C:\Windows\System\bHGRBkz.exe
  2⤵
  PID:3448
- C:\Windows\System\mHZAYnO.exe
  C:\Windows\System\mHZAYnO.exe
  2⤵
  PID:3468
- C:\Windows\System\WmiNTFc.exe
  C:\Windows\System\WmiNTFc.exe
  2⤵
  PID:3488
- C:\Windows\System\FcJZmSb.exe
  C:\Windows\System\FcJZmSb.exe
  2⤵
  PID:3508
- C:\Windows\System\GYLQIXF.exe
  C:\Windows\System\GYLQIXF.exe
  2⤵
  PID:3528
- C:\Windows\System\QteNkeF.exe
  C:\Windows\System\QteNkeF.exe
  2⤵
  PID:3548
- C:\Windows\System\dYpFuTR.exe
  C:\Windows\System\dYpFuTR.exe
  2⤵
  PID:3568
- C:\Windows\System\zaJwBtE.exe
  C:\Windows\System\zaJwBtE.exe
  2⤵
  PID:3588
- C:\Windows\System\SqNOQDx.exe
  C:\Windows\System\SqNOQDx.exe
  2⤵
  PID:3608
- C:\Windows\System\aTaUgvj.exe
  C:\Windows\System\aTaUgvj.exe
  2⤵
  PID:3628
- C:\Windows\System\YhgPihM.exe
  C:\Windows\System\YhgPihM.exe
  2⤵
  PID:3648
- C:\Windows\System\aKitpto.exe
  C:\Windows\System\aKitpto.exe
  2⤵
  PID:3668
- C:\Windows\System\OQfGsyy.exe
  C:\Windows\System\OQfGsyy.exe
  2⤵
  PID:3688
- C:\Windows\System\hiymEiF.exe
  C:\Windows\System\hiymEiF.exe
  2⤵
  PID:3708
- C:\Windows\System\TltVXxr.exe
  C:\Windows\System\TltVXxr.exe
  2⤵
  PID:3728
- C:\Windows\System\YwHSlpE.exe
  C:\Windows\System\YwHSlpE.exe
  2⤵
  PID:3748
- C:\Windows\System\ufqKBlJ.exe
  C:\Windows\System\ufqKBlJ.exe
  2⤵
  PID:3772
- C:\Windows\System\owCmrku.exe
  C:\Windows\System\owCmrku.exe
  2⤵
  PID:3792
- C:\Windows\System\QQdFLPq.exe
  C:\Windows\System\QQdFLPq.exe
  2⤵
  PID:3812
- C:\Windows\System\qaJWGtZ.exe
  C:\Windows\System\qaJWGtZ.exe
  2⤵
  PID:3832
- C:\Windows\System\vKUzdSM.exe
  C:\Windows\System\vKUzdSM.exe
  2⤵
  PID:3852
- C:\Windows\System\aQfegRZ.exe
  C:\Windows\System\aQfegRZ.exe
  2⤵
  PID:3872
- C:\Windows\System\ChTJiIU.exe
  C:\Windows\System\ChTJiIU.exe
  2⤵
  PID:3892
- C:\Windows\System\TEAqVjv.exe
  C:\Windows\System\TEAqVjv.exe
  2⤵
  PID:3912
- C:\Windows\System\mdTdpOT.exe
  C:\Windows\System\mdTdpOT.exe
  2⤵
  PID:3932
- C:\Windows\System\AHvVfsN.exe
  C:\Windows\System\AHvVfsN.exe
  2⤵
  PID:3948
- C:\Windows\System\cQBcLGY.exe
  C:\Windows\System\cQBcLGY.exe
  2⤵
  PID:3972
- C:\Windows\System\oHGxTFA.exe
  C:\Windows\System\oHGxTFA.exe
  2⤵
  PID:3988
- C:\Windows\System\EcNcqqF.exe
  C:\Windows\System\EcNcqqF.exe
  2⤵
  PID:4012
- C:\Windows\System\LWCJHYs.exe
  C:\Windows\System\LWCJHYs.exe
  2⤵
  PID:4032
- C:\Windows\System\yFgWlBl.exe
  C:\Windows\System\yFgWlBl.exe
  2⤵
  PID:4052
- C:\Windows\System\nraLeiK.exe
  C:\Windows\System\nraLeiK.exe
  2⤵
  PID:4072
- C:\Windows\System\IjMRVRK.exe
  C:\Windows\System\IjMRVRK.exe
  2⤵
  PID:4092
- C:\Windows\System\tmSpzdI.exe
  C:\Windows\System\tmSpzdI.exe
  2⤵
  PID:2060
- C:\Windows\System\sJVnjez.exe
  C:\Windows\System\sJVnjez.exe
  2⤵
  PID:860
- C:\Windows\System\xWOzzHP.exe
  C:\Windows\System\xWOzzHP.exe
  2⤵
  PID:1668
- C:\Windows\System\fsBoFfo.exe
  C:\Windows\System\fsBoFfo.exe
  2⤵
  PID:2592
- C:\Windows\System\NQDnCYP.exe
  C:\Windows\System\NQDnCYP.exe
  2⤵
  PID:1408
- C:\Windows\System\rTSMrvF.exe
  C:\Windows\System\rTSMrvF.exe
  2⤵
  PID:3080
- C:\Windows\System\GLICEod.exe
  C:\Windows\System\GLICEod.exe
  2⤵
  PID:3120
- C:\Windows\System\hPnzZgc.exe
  C:\Windows\System\hPnzZgc.exe
  2⤵
  PID:3144
- C:\Windows\System\imLTGat.exe
  C:\Windows\System\imLTGat.exe
  2⤵
  PID:3192
- C:\Windows\System\xVMhaVJ.exe
  C:\Windows\System\xVMhaVJ.exe
  2⤵
  PID:3236
- C:\Windows\System\DJyvmbu.exe
  C:\Windows\System\DJyvmbu.exe
  2⤵
  PID:3224
- C:\Windows\System\EwYKxYM.exe
  C:\Windows\System\EwYKxYM.exe
  2⤵
  PID:3256
- C:\Windows\System\Siaonjs.exe
  C:\Windows\System\Siaonjs.exe
  2⤵
  PID:3324
- C:\Windows\System\DPqxukK.exe
  C:\Windows\System\DPqxukK.exe
  2⤵
  PID:3364
- C:\Windows\System\VIbQGdi.exe
  C:\Windows\System\VIbQGdi.exe
  2⤵
  PID:3376
- C:\Windows\System\gMYmyZm.exe
  C:\Windows\System\gMYmyZm.exe
  2⤵
  PID:3380
- C:\Windows\System\HPpHJQj.exe
  C:\Windows\System\HPpHJQj.exe
  2⤵
  PID:3424
- C:\Windows\System\dSEmWVS.exe
  C:\Windows\System\dSEmWVS.exe
  2⤵
  PID:3456
- C:\Windows\System\lkebKCa.exe
  C:\Windows\System\lkebKCa.exe
  2⤵
  PID:3524
- C:\Windows\System\kLbYlBc.exe
  C:\Windows\System\kLbYlBc.exe
  2⤵
  PID:3536
- C:\Windows\System\TJIUeGY.exe
  C:\Windows\System\TJIUeGY.exe
  2⤵
  PID:3540
- C:\Windows\System\vtzVxwo.exe
  C:\Windows\System\vtzVxwo.exe
  2⤵
  PID:3604
- C:\Windows\System\cmbXBNw.exe
  C:\Windows\System\cmbXBNw.exe
  2⤵
  PID:3640
- C:\Windows\System\NYgCwTC.exe
  C:\Windows\System\NYgCwTC.exe
  2⤵
  PID:3656
- C:\Windows\System\vDIYXBw.exe
  C:\Windows\System\vDIYXBw.exe
  2⤵
  PID:3716
- C:\Windows\System\bGjxGiQ.exe
  C:\Windows\System\bGjxGiQ.exe
  2⤵
  PID:3700
- C:\Windows\System\HaTiMRg.exe
  C:\Windows\System\HaTiMRg.exe
  2⤵
  PID:3760
- C:\Windows\System\aZuIYJR.exe
  C:\Windows\System\aZuIYJR.exe
  2⤵
  PID:3848
- C:\Windows\System\tuepvIx.exe
  C:\Windows\System\tuepvIx.exe
  2⤵
  PID:3844
- C:\Windows\System\ZPzcuSz.exe
  C:\Windows\System\ZPzcuSz.exe
  2⤵
  PID:3884
- C:\Windows\System\ePdVwcw.exe
  C:\Windows\System\ePdVwcw.exe
  2⤵
  PID:3864
- C:\Windows\System\UHWOHKG.exe
  C:\Windows\System\UHWOHKG.exe
  2⤵
  PID:3956
- C:\Windows\System\mODLmAo.exe
  C:\Windows\System\mODLmAo.exe
  2⤵
  PID:4004
- C:\Windows\System\DEzHzpU.exe
  C:\Windows\System\DEzHzpU.exe
  2⤵
  PID:3940
- C:\Windows\System\zjlHetL.exe
  C:\Windows\System\zjlHetL.exe
  2⤵
  PID:4028
- C:\Windows\System\wLZghzL.exe
  C:\Windows\System\wLZghzL.exe
  2⤵
  PID:4084
- C:\Windows\System\JkNJAmN.exe
  C:\Windows\System\JkNJAmN.exe
  2⤵
  PID:3024
- C:\Windows\System\XgjLQjQ.exe
  C:\Windows\System\XgjLQjQ.exe
  2⤵
  PID:1500
- C:\Windows\System\kWahZCy.exe
  C:\Windows\System\kWahZCy.exe
  2⤵
  PID:2312
- C:\Windows\System\MhQyMeM.exe
  C:\Windows\System\MhQyMeM.exe
  2⤵
  PID:1524
- C:\Windows\System\wPhbOvr.exe
  C:\Windows\System\wPhbOvr.exe
  2⤵
  PID:3100
- C:\Windows\System\vcPEwYT.exe
  C:\Windows\System\vcPEwYT.exe
  2⤵
  PID:3204
- C:\Windows\System\rfLSTta.exe
  C:\Windows\System\rfLSTta.exe
  2⤵
  PID:3176
- C:\Windows\System\MpMWbGQ.exe
  C:\Windows\System\MpMWbGQ.exe
  2⤵
  PID:3300
- C:\Windows\System\TCPBxqc.exe
  C:\Windows\System\TCPBxqc.exe
  2⤵
  PID:3264
- C:\Windows\System\XfGrllq.exe
  C:\Windows\System\XfGrllq.exe
  2⤵
  PID:2804
- C:\Windows\System\ZywEtqb.exe
  C:\Windows\System\ZywEtqb.exe
  2⤵
  PID:3404
- C:\Windows\System\mokIOYd.exe
  C:\Windows\System\mokIOYd.exe
  2⤵
  PID:3484
- C:\Windows\System\XgdLNGk.exe
  C:\Windows\System\XgdLNGk.exe
  2⤵
  PID:3504
- C:\Windows\System\ihRnGaD.exe
  C:\Windows\System\ihRnGaD.exe
  2⤵
  PID:3596
- C:\Windows\System\afCTuoU.exe
  C:\Windows\System\afCTuoU.exe
  2⤵
  PID:3636
- C:\Windows\System\nRyEBWk.exe
  C:\Windows\System\nRyEBWk.exe
  2⤵
  PID:3676
- C:\Windows\System\OIMIHCk.exe
  C:\Windows\System\OIMIHCk.exe
  2⤵
  PID:3704
- C:\Windows\System\FmluHGJ.exe
  C:\Windows\System\FmluHGJ.exe
  2⤵
  PID:3764
- C:\Windows\System\qNeSatY.exe
  C:\Windows\System\qNeSatY.exe
  2⤵
  PID:3784
- C:\Windows\System\ZqFAkzn.exe
  C:\Windows\System\ZqFAkzn.exe
  2⤵
  PID:3900
- C:\Windows\System\pyLfKyl.exe
  C:\Windows\System\pyLfKyl.exe
  2⤵
  PID:4000
- C:\Windows\System\nNmJmYU.exe
  C:\Windows\System\nNmJmYU.exe
  2⤵
  PID:4020
- C:\Windows\System\GWFMoLk.exe
  C:\Windows\System\GWFMoLk.exe
  2⤵
  PID:1284
- C:\Windows\System\AXCrPfC.exe
  C:\Windows\System\AXCrPfC.exe
  2⤵
  PID:4064
- C:\Windows\System\dceKbzg.exe
  C:\Windows\System\dceKbzg.exe
  2⤵
  PID:2884
- C:\Windows\System\isMSlSk.exe
  C:\Windows\System\isMSlSk.exe
  2⤵
  PID:2152
- C:\Windows\System\aeezWkj.exe
  C:\Windows\System\aeezWkj.exe
  2⤵
  PID:3276
- C:\Windows\System\TKuvvgE.exe
  C:\Windows\System\TKuvvgE.exe
  2⤵
  PID:3284
- C:\Windows\System\JujzYnH.exe
  C:\Windows\System\JujzYnH.exe
  2⤵
  PID:3240
- C:\Windows\System\wDZkaEL.exe
  C:\Windows\System\wDZkaEL.exe
  2⤵
  PID:3336
- C:\Windows\System\prIjlLv.exe
  C:\Windows\System\prIjlLv.exe
  2⤵
  PID:3564
- C:\Windows\System\eCkhkKg.exe
  C:\Windows\System\eCkhkKg.exe
  2⤵
  PID:3544
- C:\Windows\System\vjYENhe.exe
  C:\Windows\System\vjYENhe.exe
  2⤵
  PID:3804
- C:\Windows\System\xDFahxl.exe
  C:\Windows\System\xDFahxl.exe
  2⤵
  PID:3744
- C:\Windows\System\RvhmQuv.exe
  C:\Windows\System\RvhmQuv.exe
  2⤵
  PID:3980
- C:\Windows\System\XfzDNdE.exe
  C:\Windows\System\XfzDNdE.exe
  2⤵
  PID:3904
- C:\Windows\System\QZGLKJf.exe
  C:\Windows\System\QZGLKJf.exe
  2⤵
  PID:3968
- C:\Windows\System\eyQrgHK.exe
  C:\Windows\System\eyQrgHK.exe
  2⤵
  PID:3156
- C:\Windows\System\QfPQEqJ.exe
  C:\Windows\System\QfPQEqJ.exe
  2⤵
  PID:3768
- C:\Windows\System\IabNlpq.exe
  C:\Windows\System\IabNlpq.exe
  2⤵
  PID:3116
- C:\Windows\System\XcrHkmf.exe
  C:\Windows\System\XcrHkmf.exe
  2⤵
  PID:3356
- C:\Windows\System\ERpcLlQ.exe
  C:\Windows\System\ERpcLlQ.exe
  2⤵
  PID:2284
- C:\Windows\System\bBhrcGb.exe
  C:\Windows\System\bBhrcGb.exe
  2⤵
  PID:3684
- C:\Windows\System\GoUCKZp.exe
  C:\Windows\System\GoUCKZp.exe
  2⤵
  PID:3996
- C:\Windows\System\hAiDHjh.exe
  C:\Windows\System\hAiDHjh.exe
  2⤵
  PID:4044
- C:\Windows\System\VLILHOQ.exe
  C:\Windows\System\VLILHOQ.exe
  2⤵
  PID:3736
- C:\Windows\System\PUICcpw.exe
  C:\Windows\System\PUICcpw.exe
  2⤵
  PID:3096
- C:\Windows\System\YRqKnUO.exe
  C:\Windows\System\YRqKnUO.exe
  2⤵
  PID:3344
- C:\Windows\System\uIXvTgv.exe
  C:\Windows\System\uIXvTgv.exe
  2⤵
  PID:3460
- C:\Windows\System\mfZaikC.exe
  C:\Windows\System\mfZaikC.exe
  2⤵
  PID:4108
- C:\Windows\System\JDYCeZh.exe
  C:\Windows\System\JDYCeZh.exe
  2⤵
  PID:4124
- C:\Windows\System\zmaZwHT.exe
  C:\Windows\System\zmaZwHT.exe
  2⤵
  PID:4148
- C:\Windows\System\ssobErS.exe
  C:\Windows\System\ssobErS.exe
  2⤵
  PID:4168
- C:\Windows\System\qGBGizi.exe
  C:\Windows\System\qGBGizi.exe
  2⤵
  PID:4188
- C:\Windows\System\haelSqd.exe
  C:\Windows\System\haelSqd.exe
  2⤵
  PID:4208
- C:\Windows\System\xLHRQgu.exe
  C:\Windows\System\xLHRQgu.exe
  2⤵
  PID:4232
- C:\Windows\System\HCWrLtB.exe
  C:\Windows\System\HCWrLtB.exe
  2⤵
  PID:4252
- C:\Windows\System\GRpahAF.exe
  C:\Windows\System\GRpahAF.exe
  2⤵
  PID:4272
- C:\Windows\System\xUuFyRT.exe
  C:\Windows\System\xUuFyRT.exe
  2⤵
  PID:4292
- C:\Windows\System\URDWHBO.exe
  C:\Windows\System\URDWHBO.exe
  2⤵
  PID:4312
- C:\Windows\System\YmnIKvf.exe
  C:\Windows\System\YmnIKvf.exe
  2⤵
  PID:4328
- C:\Windows\System\abPGNHY.exe
  C:\Windows\System\abPGNHY.exe
  2⤵
  PID:4352
- C:\Windows\System\hUNAapr.exe
  C:\Windows\System\hUNAapr.exe
  2⤵
  PID:4368
- C:\Windows\System\oHZaVVl.exe
  C:\Windows\System\oHZaVVl.exe
  2⤵
  PID:4392
- C:\Windows\System\hFgUKXu.exe
  C:\Windows\System\hFgUKXu.exe
  2⤵
  PID:4412
- C:\Windows\System\hqWZOeF.exe
  C:\Windows\System\hqWZOeF.exe
  2⤵
  PID:4432
- C:\Windows\System\FmSbdhs.exe
  C:\Windows\System\FmSbdhs.exe
  2⤵
  PID:4448
- C:\Windows\System\aiAaEmZ.exe
  C:\Windows\System\aiAaEmZ.exe
  2⤵
  PID:4472
- C:\Windows\System\uIlwHKD.exe
  C:\Windows\System\uIlwHKD.exe
  2⤵
  PID:4492
- C:\Windows\System\skEvISa.exe
  C:\Windows\System\skEvISa.exe
  2⤵
  PID:4512
- C:\Windows\System\MjPWpGD.exe
  C:\Windows\System\MjPWpGD.exe
  2⤵
  PID:4528
- C:\Windows\System\GDnwaoC.exe
  C:\Windows\System\GDnwaoC.exe
  2⤵
  PID:4548
- C:\Windows\System\riZPynY.exe
  C:\Windows\System\riZPynY.exe
  2⤵
  PID:4568
- C:\Windows\System\acwVcCH.exe
  C:\Windows\System\acwVcCH.exe
  2⤵
  PID:4592
- C:\Windows\System\DNXdkOp.exe
  C:\Windows\System\DNXdkOp.exe
  2⤵
  PID:4608
- C:\Windows\System\STfGhLW.exe
  C:\Windows\System\STfGhLW.exe
  2⤵
  PID:4632
- C:\Windows\System\zJtHLfK.exe
  C:\Windows\System\zJtHLfK.exe
  2⤵
  PID:4652
- C:\Windows\System\kXonXlp.exe
  C:\Windows\System\kXonXlp.exe
  2⤵
  PID:4672
- C:\Windows\System\xnKwKrm.exe
  C:\Windows\System\xnKwKrm.exe
  2⤵
  PID:4692
- C:\Windows\System\wqSjhtA.exe
  C:\Windows\System\wqSjhtA.exe
  2⤵
  PID:4712
- C:\Windows\System\OWmVDYy.exe
  C:\Windows\System\OWmVDYy.exe
  2⤵
  PID:4732
- C:\Windows\System\jVnLckv.exe
  C:\Windows\System\jVnLckv.exe
  2⤵
  PID:4752
- C:\Windows\System\aqeDKpd.exe
  C:\Windows\System\aqeDKpd.exe
  2⤵
  PID:4772
- C:\Windows\System\cRATQlh.exe
  C:\Windows\System\cRATQlh.exe
  2⤵
  PID:4792
- C:\Windows\System\LlUkloJ.exe
  C:\Windows\System\LlUkloJ.exe
  2⤵
  PID:4808
- C:\Windows\System\YjFvgIz.exe
  C:\Windows\System\YjFvgIz.exe
  2⤵
  PID:4832
- C:\Windows\System\cPBIqaa.exe
  C:\Windows\System\cPBIqaa.exe
  2⤵
  PID:4848
- C:\Windows\System\BqVTavu.exe
  C:\Windows\System\BqVTavu.exe
  2⤵
  PID:4872
- C:\Windows\System\rVCPkiO.exe
  C:\Windows\System\rVCPkiO.exe
  2⤵
  PID:4892
- C:\Windows\System\laXCudS.exe
  C:\Windows\System\laXCudS.exe
  2⤵
  PID:4912
- C:\Windows\System\dxJoEtI.exe
  C:\Windows\System\dxJoEtI.exe
  2⤵
  PID:4932
- C:\Windows\System\AkRZlWw.exe
  C:\Windows\System\AkRZlWw.exe
  2⤵
  PID:4952
- C:\Windows\System\lyqOYnB.exe
  C:\Windows\System\lyqOYnB.exe
  2⤵
  PID:4976
- C:\Windows\System\xDIWgQg.exe
  C:\Windows\System\xDIWgQg.exe
  2⤵
  PID:4996
- C:\Windows\System\oQWZsYd.exe
  C:\Windows\System\oQWZsYd.exe
  2⤵
  PID:5016
- C:\Windows\System\mkpTqUA.exe
  C:\Windows\System\mkpTqUA.exe
  2⤵
  PID:5036
- C:\Windows\System\hnKFpOy.exe
  C:\Windows\System\hnKFpOy.exe
  2⤵
  PID:5056
- C:\Windows\System\yGUYHfv.exe
  C:\Windows\System\yGUYHfv.exe
  2⤵
  PID:5076
- C:\Windows\System\JPkgfGF.exe
  C:\Windows\System\JPkgfGF.exe
  2⤵
  PID:5096
- C:\Windows\System\lmyuazO.exe
  C:\Windows\System\lmyuazO.exe
  2⤵
  PID:5116
- C:\Windows\System\jZAQwnh.exe
  C:\Windows\System\jZAQwnh.exe
  2⤵
  PID:4040
- C:\Windows\System\LtTDGsH.exe
  C:\Windows\System\LtTDGsH.exe
  2⤵
  PID:3820
- C:\Windows\System\lsXwHBf.exe
  C:\Windows\System\lsXwHBf.exe
  2⤵
  PID:1708
- C:\Windows\System\iopFjgr.exe
  C:\Windows\System\iopFjgr.exe
  2⤵
  PID:1060
- C:\Windows\System\IRkYudN.exe
  C:\Windows\System\IRkYudN.exe
  2⤵
  PID:4116
- C:\Windows\System\xBxUdyY.exe
  C:\Windows\System\xBxUdyY.exe
  2⤵
  PID:4156
- C:\Windows\System\uqJMxhY.exe
  C:\Windows\System\uqJMxhY.exe
  2⤵
  PID:4160
- C:\Windows\System\TrhWDVB.exe
  C:\Windows\System\TrhWDVB.exe
  2⤵
  PID:4224
- C:\Windows\System\ctexYJa.exe
  C:\Windows\System\ctexYJa.exe
  2⤵
  PID:4240
- C:\Windows\System\beNOsyx.exe
  C:\Windows\System\beNOsyx.exe
  2⤵
  PID:4248
- C:\Windows\System\YMmBkMB.exe
  C:\Windows\System\YMmBkMB.exe
  2⤵
  PID:4288
- C:\Windows\System\FvnisSo.exe
  C:\Windows\System\FvnisSo.exe
  2⤵
  PID:4320
- C:\Windows\System\fFvqmec.exe
  C:\Windows\System\fFvqmec.exe
  2⤵
  PID:4364
- C:\Windows\System\AsjHAgJ.exe
  C:\Windows\System\AsjHAgJ.exe
  2⤵
  PID:4464
- C:\Windows\System\EkYGKfj.exe
  C:\Windows\System\EkYGKfj.exe
  2⤵
  PID:4408
- C:\Windows\System\tPRMkPG.exe
  C:\Windows\System\tPRMkPG.exe
  2⤵
  PID:4444
- C:\Windows\System\jZnwhQI.exe
  C:\Windows\System\jZnwhQI.exe
  2⤵
  PID:4544
- C:\Windows\System\HuFpyfr.exe
  C:\Windows\System\HuFpyfr.exe
  2⤵
  PID:4576
- C:\Windows\System\iRmwNYU.exe
  C:\Windows\System\iRmwNYU.exe
  2⤵
  PID:4560
- C:\Windows\System\UTtYnNb.exe
  C:\Windows\System\UTtYnNb.exe
  2⤵
  PID:4620
- C:\Windows\System\gIybBCY.exe
  C:\Windows\System\gIybBCY.exe
  2⤵
  PID:4668
- C:\Windows\System\nSDbROK.exe
  C:\Windows\System\nSDbROK.exe
  2⤵
  PID:4648
- C:\Windows\System\plSIaNu.exe
  C:\Windows\System\plSIaNu.exe
  2⤵
  PID:4688
- C:\Windows\System\TGgyBkN.exe
  C:\Windows\System\TGgyBkN.exe
  2⤵
  PID:4724
- C:\Windows\System\XiRaaEO.exe
  C:\Windows\System\XiRaaEO.exe
  2⤵
  PID:2744
- C:\Windows\System\RGdvzNV.exe
  C:\Windows\System\RGdvzNV.exe
  2⤵
  PID:4824
- C:\Windows\System\hQZMgCM.exe
  C:\Windows\System\hQZMgCM.exe
  2⤵
  PID:4856
- C:\Windows\System\MEoNRCP.exe
  C:\Windows\System\MEoNRCP.exe
  2⤵
  PID:4860
- C:\Windows\System\IhondRi.exe
  C:\Windows\System\IhondRi.exe
  2⤵
  PID:4884
- C:\Windows\System\eONftfE.exe
  C:\Windows\System\eONftfE.exe
  2⤵
  PID:4924
- C:\Windows\System\kezMHef.exe
  C:\Windows\System\kezMHef.exe
  2⤵
  PID:4972
- C:\Windows\System\vCDBmyc.exe
  C:\Windows\System\vCDBmyc.exe
  2⤵
  PID:4988
- C:\Windows\System\ayzrvvv.exe
  C:\Windows\System\ayzrvvv.exe
  2⤵
  PID:5028
- C:\Windows\System\mcYnTqZ.exe
  C:\Windows\System\mcYnTqZ.exe
  2⤵
  PID:5052
- C:\Windows\System\jJEyJjG.exe
  C:\Windows\System\jJEyJjG.exe
  2⤵
  PID:5084
- C:\Windows\System\eeAcIND.exe
  C:\Windows\System\eeAcIND.exe
  2⤵
  PID:3928
- C:\Windows\System\vcqEtlG.exe
  C:\Windows\System\vcqEtlG.exe
  2⤵
  PID:3696
- C:\Windows\System\sUBysQy.exe
  C:\Windows\System\sUBysQy.exe
  2⤵
  PID:2688
- C:\Windows\System\igkGuxB.exe
  C:\Windows\System\igkGuxB.exe
  2⤵
  PID:4140
- C:\Windows\System\htewkIu.exe
  C:\Windows\System\htewkIu.exe
  2⤵
  PID:4204
- C:\Windows\System\cjgkHir.exe
  C:\Windows\System\cjgkHir.exe
  2⤵
  PID:4180
- C:\Windows\System\EWYMTGG.exe
  C:\Windows\System\EWYMTGG.exe
  2⤵
  PID:4268
- C:\Windows\System\YCSJkza.exe
  C:\Windows\System\YCSJkza.exe
  2⤵
  PID:4344
- C:\Windows\System\BSYzQGo.exe
  C:\Windows\System\BSYzQGo.exe
  2⤵
  PID:4380
- C:\Windows\System\pLDWcGK.exe
  C:\Windows\System\pLDWcGK.exe
  2⤵
  PID:4400
- C:\Windows\System\hMVkPKo.exe
  C:\Windows\System\hMVkPKo.exe
  2⤵
  PID:4520
- C:\Windows\System\PLwyZFq.exe
  C:\Windows\System\PLwyZFq.exe
  2⤵
  PID:4540
- C:\Windows\System\FPytREy.exe
  C:\Windows\System\FPytREy.exe
  2⤵
  PID:4556
- C:\Windows\System\utseLDV.exe
  C:\Windows\System\utseLDV.exe
  2⤵
  PID:4660
- C:\Windows\System\ZCyexHy.exe
  C:\Windows\System\ZCyexHy.exe
  2⤵
  PID:4744
- C:\Windows\System\IzYeNuz.exe
  C:\Windows\System\IzYeNuz.exe
  2⤵
  PID:4928
- C:\Windows\System\fCjJhJf.exe
  C:\Windows\System\fCjJhJf.exe
  2⤵
  PID:4992
- C:\Windows\System\HNiraei.exe
  C:\Windows\System\HNiraei.exe
  2⤵
  PID:5004
- C:\Windows\System\DeHlJoO.exe
  C:\Windows\System\DeHlJoO.exe
  2⤵
  PID:5088
- C:\Windows\System\eUyMqpJ.exe
  C:\Windows\System\eUyMqpJ.exe
  2⤵
  PID:3788
- C:\Windows\System\VoEztqC.exe
  C:\Windows\System\VoEztqC.exe
  2⤵
  PID:4132
- C:\Windows\System\bikMIOQ.exe
  C:\Windows\System\bikMIOQ.exe
  2⤵
  PID:4200
- C:\Windows\System\fKdmZmk.exe
  C:\Windows\System\fKdmZmk.exe
  2⤵
  PID:4136
- C:\Windows\System\WbNcBNO.exe
  C:\Windows\System\WbNcBNO.exe
  2⤵
  PID:2764
- C:\Windows\System\HnlriAM.exe
  C:\Windows\System\HnlriAM.exe
  2⤵
  PID:4164
- C:\Windows\System\peviWbZ.exe
  C:\Windows\System\peviWbZ.exe
  2⤵
  PID:1672
- C:\Windows\System\zYXmzqr.exe
  C:\Windows\System\zYXmzqr.exe
  2⤵
  PID:4508
- C:\Windows\System\roNrRtQ.exe
  C:\Windows\System\roNrRtQ.exe
  2⤵
  PID:4708
- C:\Windows\System\lkmaROO.exe
  C:\Windows\System\lkmaROO.exe
  2⤵
  PID:4604
- C:\Windows\System\kFjcOMT.exe
  C:\Windows\System\kFjcOMT.exe
  2⤵
  PID:2924
- C:\Windows\System\unnovYI.exe
  C:\Windows\System\unnovYI.exe
  2⤵
  PID:2880
- C:\Windows\System\wssrwRH.exe
  C:\Windows\System\wssrwRH.exe
  2⤵
  PID:4760
- C:\Windows\System\AvdEkKh.exe
  C:\Windows\System\AvdEkKh.exe
  2⤵
  PID:2684
- C:\Windows\System\HYGWOth.exe
  C:\Windows\System\HYGWOth.exe
  2⤵
  PID:1516
- C:\Windows\System\ZshrsUa.exe
  C:\Windows\System\ZshrsUa.exe
  2⤵
  PID:1488
- C:\Windows\System\VYILAzJ.exe
  C:\Windows\System\VYILAzJ.exe
  2⤵
  PID:4260
- C:\Windows\System\MoShllE.exe
  C:\Windows\System\MoShllE.exe
  2⤵
  PID:1916
- C:\Windows\System\gXAlYmY.exe
  C:\Windows\System\gXAlYmY.exe
  2⤵
  PID:5104
- C:\Windows\System\VFQycgH.exe
  C:\Windows\System\VFQycgH.exe
  2⤵
  PID:1868
- C:\Windows\System\gRRXMAA.exe
  C:\Windows\System\gRRXMAA.exe
  2⤵
  PID:4484
- C:\Windows\System\cyGTxLW.exe
  C:\Windows\System\cyGTxLW.exe
  2⤵
  PID:4376
- C:\Windows\System\EdOJxdr.exe
  C:\Windows\System\EdOJxdr.exe
  2⤵
  PID:2212
- C:\Windows\System\FkBvgBj.exe
  C:\Windows\System\FkBvgBj.exe
  2⤵
  PID:2516
- C:\Windows\System\gTxnBrQ.exe
  C:\Windows\System\gTxnBrQ.exe
  2⤵
  PID:2680
- C:\Windows\System\jeMuKcs.exe
  C:\Windows\System\jeMuKcs.exe
  2⤵
  PID:1692
- C:\Windows\System\yMMDQHe.exe
  C:\Windows\System\yMMDQHe.exe
  2⤵
  PID:2064
- C:\Windows\System\lzPqlFs.exe
  C:\Windows\System\lzPqlFs.exe
  2⤵
  PID:2828
- C:\Windows\System\iSZLoWh.exe
  C:\Windows\System\iSZLoWh.exe
  2⤵
  PID:2576
- C:\Windows\System\lbixVtg.exe
  C:\Windows\System\lbixVtg.exe
  2⤵
  PID:2644
- C:\Windows\System\EJOELMW.exe
  C:\Windows\System\EJOELMW.exe
  2⤵
  PID:4628
- C:\Windows\System\TJEUuJd.exe
  C:\Windows\System\TJEUuJd.exe
  2⤵
  PID:2676
- C:\Windows\System\LrwgKoF.exe
  C:\Windows\System\LrwgKoF.exe
  2⤵
  PID:4984
- C:\Windows\System\dmhFvUm.exe
  C:\Windows\System\dmhFvUm.exe
  2⤵
  PID:4460
- C:\Windows\System\YPuKRYg.exe
  C:\Windows\System\YPuKRYg.exe
  2⤵
  PID:4100
- C:\Windows\System\CHVGoRi.exe
  C:\Windows\System\CHVGoRi.exe
  2⤵
  PID:2852
- C:\Windows\System\JSatiAj.exe
  C:\Windows\System\JSatiAj.exe
  2⤵
  PID:4384
- C:\Windows\System\mBUtXNC.exe
  C:\Windows\System\mBUtXNC.exe
  2⤵
  PID:5008
- C:\Windows\System\ConGtub.exe
  C:\Windows\System\ConGtub.exe
  2⤵
  PID:2088
- C:\Windows\System\phMwqgd.exe
  C:\Windows\System\phMwqgd.exe
  2⤵
  PID:5064
- C:\Windows\System\ILfOVnR.exe
  C:\Windows\System\ILfOVnR.exe
  2⤵
  PID:2400
- C:\Windows\System\DxvoKXd.exe
  C:\Windows\System\DxvoKXd.exe
  2⤵
  PID:2660
- C:\Windows\System\jQUjyDv.exe
  C:\Windows\System\jQUjyDv.exe
  2⤵
  PID:480
- C:\Windows\System\mtddWpx.exe
  C:\Windows\System\mtddWpx.exe
  2⤵
  PID:2712
- C:\Windows\System\muYlXaG.exe
  C:\Windows\System\muYlXaG.exe
  2⤵
  PID:5128
- C:\Windows\System\whLpRkm.exe
  C:\Windows\System\whLpRkm.exe
  2⤵
  PID:5144
- C:\Windows\System\Otrphbr.exe
  C:\Windows\System\Otrphbr.exe
  2⤵
  PID:5168
- C:\Windows\System\CmXDujj.exe
  C:\Windows\System\CmXDujj.exe
  2⤵
  PID:5184
- C:\Windows\System\zYAiTTY.exe
  C:\Windows\System\zYAiTTY.exe
  2⤵
  PID:5204
- C:\Windows\System\ntNpwtD.exe
  C:\Windows\System\ntNpwtD.exe
  2⤵
  PID:5224
- C:\Windows\System\zJVebQd.exe
  C:\Windows\System\zJVebQd.exe
  2⤵
  PID:5240
- C:\Windows\System\xWijXxQ.exe
  C:\Windows\System\xWijXxQ.exe
  2⤵
  PID:5256
- C:\Windows\System\RTzljAP.exe
  C:\Windows\System\RTzljAP.exe
  2⤵
  PID:5276
- C:\Windows\System\BogSTKI.exe
  C:\Windows\System\BogSTKI.exe
  2⤵
  PID:5308
- C:\Windows\System\fqxeSxt.exe
  C:\Windows\System\fqxeSxt.exe
  2⤵
  PID:5324
- C:\Windows\System\ZorcvVr.exe
  C:\Windows\System\ZorcvVr.exe
  2⤵
  PID:5344
- C:\Windows\System\qmJasfU.exe
  C:\Windows\System\qmJasfU.exe
  2⤵
  PID:5364
- C:\Windows\System\OYtPgTB.exe
  C:\Windows\System\OYtPgTB.exe
  2⤵
  PID:5388
- C:\Windows\System\rVqFcWx.exe
  C:\Windows\System\rVqFcWx.exe
  2⤵
  PID:5404
- C:\Windows\System\fpxcJlR.exe
  C:\Windows\System\fpxcJlR.exe
  2⤵
  PID:5424
- C:\Windows\System\QSUJKWF.exe
  C:\Windows\System\QSUJKWF.exe
  2⤵
  PID:5448
- C:\Windows\System\qWelPGp.exe
  C:\Windows\System\qWelPGp.exe
  2⤵
  PID:5464
- C:\Windows\System\zjbENGA.exe
  C:\Windows\System\zjbENGA.exe
  2⤵
  PID:5484
- C:\Windows\System\pFDQAbH.exe
  C:\Windows\System\pFDQAbH.exe
  2⤵
  PID:5508
- C:\Windows\System\wURkgDG.exe
  C:\Windows\System\wURkgDG.exe
  2⤵
  PID:5524
- C:\Windows\System\BojMauq.exe
  C:\Windows\System\BojMauq.exe
  2⤵
  PID:5544
- C:\Windows\System\OkrjDrD.exe
  C:\Windows\System\OkrjDrD.exe
  2⤵
  PID:5564
- C:\Windows\System\avQvOUh.exe
  C:\Windows\System\avQvOUh.exe
  2⤵
  PID:5584
- C:\Windows\System\HFzOyPw.exe
  C:\Windows\System\HFzOyPw.exe
  2⤵
  PID:5600
- C:\Windows\System\hbboeWg.exe
  C:\Windows\System\hbboeWg.exe
  2⤵
  PID:5628
- C:\Windows\System\xwRXEKZ.exe
  C:\Windows\System\xwRXEKZ.exe
  2⤵
  PID:5644
- C:\Windows\System\Sxefgxe.exe
  C:\Windows\System\Sxefgxe.exe
  2⤵
  PID:5660
- C:\Windows\System\BVjAHvC.exe
  C:\Windows\System\BVjAHvC.exe
  2⤵
  PID:5676
- C:\Windows\System\UoCxZGA.exe
  C:\Windows\System\UoCxZGA.exe
  2⤵
  PID:5704
- C:\Windows\System\hVhYDvx.exe
  C:\Windows\System\hVhYDvx.exe
  2⤵
  PID:5720
- C:\Windows\System\yvCvPau.exe
  C:\Windows\System\yvCvPau.exe
  2⤵
  PID:5736
- C:\Windows\System\SqFrOul.exe
  C:\Windows\System\SqFrOul.exe
  2⤵
  PID:5752
- C:\Windows\System\oDXgFzs.exe
  C:\Windows\System\oDXgFzs.exe
  2⤵
  PID:5768
- C:\Windows\System\lyPzuaq.exe
  C:\Windows\System\lyPzuaq.exe
  2⤵
  PID:5784
- C:\Windows\System\Qlpenbi.exe
  C:\Windows\System\Qlpenbi.exe
  2⤵
  PID:5800
- C:\Windows\System\OiUffAC.exe
  C:\Windows\System\OiUffAC.exe
  2⤵
  PID:5816
- C:\Windows\System\DQzcoSI.exe
  C:\Windows\System\DQzcoSI.exe
  2⤵
  PID:5832
- C:\Windows\System\JZAPAhK.exe
  C:\Windows\System\JZAPAhK.exe
  2⤵
  PID:5888
- C:\Windows\System\tIWwgVl.exe
  C:\Windows\System\tIWwgVl.exe
  2⤵
  PID:5904
- C:\Windows\System\HCzVSZB.exe
  C:\Windows\System\HCzVSZB.exe
  2⤵
  PID:5924
- C:\Windows\System\PWjaNbh.exe
  C:\Windows\System\PWjaNbh.exe
  2⤵
  PID:5952
- C:\Windows\System\rQCDiMo.exe
  C:\Windows\System\rQCDiMo.exe
  2⤵
  PID:5968
- C:\Windows\System\RGjzUfr.exe
  C:\Windows\System\RGjzUfr.exe
  2⤵
  PID:5988
- C:\Windows\System\pVwizrK.exe
  C:\Windows\System\pVwizrK.exe
  2⤵
  PID:6008
- C:\Windows\System\nkPMBdY.exe
  C:\Windows\System\nkPMBdY.exe
  2⤵
  PID:6032
- C:\Windows\System\HWrLvdA.exe
  C:\Windows\System\HWrLvdA.exe
  2⤵
  PID:6052
- C:\Windows\System\YEHMHOC.exe
  C:\Windows\System\YEHMHOC.exe
  2⤵
  PID:6072
- C:\Windows\System\hGZNxIN.exe
  C:\Windows\System\hGZNxIN.exe
  2⤵
  PID:6092
- C:\Windows\System\LrAzKDZ.exe
  C:\Windows\System\LrAzKDZ.exe
  2⤵
  PID:6108
- C:\Windows\System\sxzgLzJ.exe
  C:\Windows\System\sxzgLzJ.exe
  2⤵
  PID:6128
- C:\Windows\System\NgWRMJm.exe
  C:\Windows\System\NgWRMJm.exe
  2⤵
  PID:5124
- C:\Windows\System\lRkBUdA.exe
  C:\Windows\System\lRkBUdA.exe
  2⤵
  PID:5140
- C:\Windows\System\bJegaka.exe
  C:\Windows\System\bJegaka.exe
  2⤵
  PID:5212
- C:\Windows\System\ZZggobr.exe
  C:\Windows\System\ZZggobr.exe
  2⤵
  PID:5252
- C:\Windows\System\IXfOIHe.exe
  C:\Windows\System\IXfOIHe.exe
  2⤵
  PID:5232
- C:\Windows\System\UDiwWqp.exe
  C:\Windows\System\UDiwWqp.exe
  2⤵
  PID:5288
- C:\Windows\System\lnfgIHI.exe
  C:\Windows\System\lnfgIHI.exe
  2⤵
  PID:5192
- C:\Windows\System\TdfAiJX.exe
  C:\Windows\System\TdfAiJX.exe
  2⤵
  PID:5352
- C:\Windows\System\cHTlvyN.exe
  C:\Windows\System\cHTlvyN.exe
  2⤵
  PID:5376
- C:\Windows\System\yNZZOaX.exe
  C:\Windows\System\yNZZOaX.exe
  2⤵
  PID:5432
- C:\Windows\System\WjzbGVM.exe
  C:\Windows\System\WjzbGVM.exe
  2⤵
  PID:5492
- C:\Windows\System\FDmdwpL.exe
  C:\Windows\System\FDmdwpL.exe
  2⤵
  PID:5472
- C:\Windows\System\ezJBLbY.exe
  C:\Windows\System\ezJBLbY.exe
  2⤵
  PID:5520
- C:\Windows\System\wJZQZFZ.exe
  C:\Windows\System\wJZQZFZ.exe
  2⤵
  PID:5580
- C:\Windows\System\ugMEFLI.exe
  C:\Windows\System\ugMEFLI.exe
  2⤵
  PID:5556
- C:\Windows\System\ckZatiO.exe
  C:\Windows\System\ckZatiO.exe
  2⤵
  PID:5684
- C:\Windows\System\OHlEQub.exe
  C:\Windows\System\OHlEQub.exe
  2⤵
  PID:5636
- C:\Windows\System\QlJHcvP.exe
  C:\Windows\System\QlJHcvP.exe
  2⤵
  PID:5760
- C:\Windows\System\QIcSief.exe
  C:\Windows\System\QIcSief.exe
  2⤵
  PID:5796
- C:\Windows\System\CoImWFn.exe
  C:\Windows\System\CoImWFn.exe
  2⤵
  PID:5876
- C:\Windows\System\jpvECsN.exe
  C:\Windows\System\jpvECsN.exe
  2⤵
  PID:5780
- C:\Windows\System\uOPVHdz.exe
  C:\Windows\System\uOPVHdz.exe
  2⤵
  PID:1928
- C:\Windows\System\BmmtUJJ.exe
  C:\Windows\System\BmmtUJJ.exe
  2⤵
  PID:5848
- C:\Windows\System\gIPqxJJ.exe
  C:\Windows\System\gIPqxJJ.exe
  2⤵
  PID:5868
- C:\Windows\System\VYlQcBI.exe
  C:\Windows\System\VYlQcBI.exe
  2⤵
  PID:5976
- C:\Windows\System\llLYxjd.exe
  C:\Windows\System\llLYxjd.exe
  2⤵
  PID:6020
- C:\Windows\System\GDAhzjJ.exe
  C:\Windows\System\GDAhzjJ.exe
  2⤵
  PID:5996
- C:\Windows\System\MayaUDZ.exe
  C:\Windows\System\MayaUDZ.exe
  2⤵
  PID:6068
- C:\Windows\System\nNGPBpd.exe
  C:\Windows\System\nNGPBpd.exe
  2⤵
  PID:4340
- C:\Windows\System\jDEXTjF.exe
  C:\Windows\System\jDEXTjF.exe
  2⤵
  PID:6116
- C:\Windows\System\rrYmAia.exe
  C:\Windows\System\rrYmAia.exe
  2⤵
  PID:6136
- C:\Windows\System\WovLFnE.exe
  C:\Windows\System\WovLFnE.exe
  2⤵
  PID:6124
- C:\Windows\System\dervxHT.exe
  C:\Windows\System\dervxHT.exe
  2⤵
  PID:5156
- C:\Windows\System\fJqLwoc.exe
  C:\Windows\System\fJqLwoc.exe
  2⤵
  PID:5296
- C:\Windows\System\QtahQPN.exe
  C:\Windows\System\QtahQPN.exe
  2⤵
  PID:5216
- C:\Windows\System\lOhrwQi.exe
  C:\Windows\System\lOhrwQi.exe
  2⤵
  PID:5268
- C:\Windows\System\PEZmRwm.exe
  C:\Windows\System\PEZmRwm.exe
  2⤵
  PID:5500
- C:\Windows\System\kRaUYdd.exe
  C:\Windows\System\kRaUYdd.exe
  2⤵
  PID:5576
- C:\Windows\System\BbWHhIB.exe
  C:\Windows\System\BbWHhIB.exe
  2⤵
  PID:5652
- C:\Windows\System\UhLrYpM.exe
  C:\Windows\System\UhLrYpM.exe
  2⤵
  PID:5624
- C:\Windows\System\wQxbepe.exe
  C:\Windows\System\wQxbepe.exe
  2⤵
  PID:4908
- C:\Windows\System\xTEuDTR.exe
  C:\Windows\System\xTEuDTR.exe
  2⤵
  PID:5900
- C:\Windows\System\vfCTlaY.exe
  C:\Windows\System\vfCTlaY.exe
  2⤵
  PID:5840
- C:\Windows\System\MSgzjRT.exe
  C:\Windows\System\MSgzjRT.exe
  2⤵
  PID:5912
- C:\Windows\System\iiCnqfT.exe
  C:\Windows\System\iiCnqfT.exe
  2⤵
  PID:5984
- C:\Windows\System\sXNKsPJ.exe
  C:\Windows\System\sXNKsPJ.exe
  2⤵
  PID:6004
- C:\Windows\System\xHwhVzO.exe
  C:\Windows\System\xHwhVzO.exe
  2⤵
  PID:6080
- C:\Windows\System\TrlYXzG.exe
  C:\Windows\System\TrlYXzG.exe
  2⤵
  PID:5272
- C:\Windows\System\mqlBBqV.exe
  C:\Windows\System\mqlBBqV.exe
  2⤵
  PID:6028
- C:\Windows\System\NxDlpXP.exe
  C:\Windows\System\NxDlpXP.exe
  2⤵
  PID:4504
- C:\Windows\System\GeFTUcv.exe
  C:\Windows\System\GeFTUcv.exe
  2⤵
  PID:5248
- C:\Windows\System\LxqOOjQ.exe
  C:\Windows\System\LxqOOjQ.exe
  2⤵
  PID:5320
- C:\Windows\System\BZODqBG.exe
  C:\Windows\System\BZODqBG.exe
  2⤵
  PID:5384
- C:\Windows\System\xFWbATI.exe
  C:\Windows\System\xFWbATI.exe
  2⤵
  PID:5596
- C:\Windows\System\AvmrMJP.exe
  C:\Windows\System\AvmrMJP.exe
  2⤵
  PID:5896
- C:\Windows\System\KdudosX.exe
  C:\Windows\System\KdudosX.exe
  2⤵
  PID:5852
- C:\Windows\System\ADdrlJB.exe
  C:\Windows\System\ADdrlJB.exe
  2⤵
  PID:5776
- C:\Windows\System\zZWrcNH.exe
  C:\Windows\System\zZWrcNH.exe
  2⤵
  PID:5864
- C:\Windows\System\mtqpFUK.exe
  C:\Windows\System\mtqpFUK.exe
  2⤵
  PID:6000
- C:\Windows\System\FmQpsNP.exe
  C:\Windows\System\FmQpsNP.exe
  2⤵
  PID:6084
- C:\Windows\System\kWxEbej.exe
  C:\Windows\System\kWxEbej.exe
  2⤵
  PID:5264
- C:\Windows\System\QEVvXYW.exe
  C:\Windows\System\QEVvXYW.exe
  2⤵
  PID:2608
- C:\Windows\System\eARDHcK.exe
  C:\Windows\System\eARDHcK.exe
  2⤵
  PID:2988
- C:\Windows\System\ODEXjbi.exe
  C:\Windows\System\ODEXjbi.exe
  2⤵
  PID:5476
- C:\Windows\System\bQQxoOZ.exe
  C:\Windows\System\bQQxoOZ.exe
  2⤵
  PID:5936
- C:\Windows\System\wcaVORU.exe
  C:\Windows\System\wcaVORU.exe
  2⤵
  PID:5860
- C:\Windows\System\XejbbND.exe
  C:\Windows\System\XejbbND.exe
  2⤵
  PID:5728
- C:\Windows\System\LflMVta.exe
  C:\Windows\System\LflMVta.exe
  2⤵
  PID:6044
- C:\Windows\System\nJTULhf.exe
  C:\Windows\System\nJTULhf.exe
  2⤵
  PID:4844
- C:\Windows\System\WXfgbYo.exe
  C:\Windows\System\WXfgbYo.exe
  2⤵
  PID:6160
- C:\Windows\System\FeAMVAn.exe
  C:\Windows\System\FeAMVAn.exe
  2⤵
  PID:6176
- C:\Windows\System\MZriQUR.exe
  C:\Windows\System\MZriQUR.exe
  2⤵
  PID:6192
- C:\Windows\System\yvTSiMq.exe
  C:\Windows\System\yvTSiMq.exe
  2⤵
  PID:6260
- C:\Windows\System\YcRmOny.exe
  C:\Windows\System\YcRmOny.exe
  2⤵
  PID:6276
- C:\Windows\System\YHjVvnl.exe
  C:\Windows\System\YHjVvnl.exe
  2⤵
  PID:6292
- C:\Windows\System\RTDQGqP.exe
  C:\Windows\System\RTDQGqP.exe
  2⤵
  PID:6312
- C:\Windows\System\LBaWEDY.exe
  C:\Windows\System\LBaWEDY.exe
  2⤵
  PID:6332
- C:\Windows\System\hEmXwYa.exe
  C:\Windows\System\hEmXwYa.exe
  2⤵
  PID:6348
- C:\Windows\System\BhzkITi.exe
  C:\Windows\System\BhzkITi.exe
  2⤵
  PID:6364
- C:\Windows\System\BuvXDGj.exe
  C:\Windows\System\BuvXDGj.exe
  2⤵
  PID:6392
- C:\Windows\System\WmnUINg.exe
  C:\Windows\System\WmnUINg.exe
  2⤵
  PID:6408
- C:\Windows\System\LCFJABG.exe
  C:\Windows\System\LCFJABG.exe
  2⤵
  PID:6424
- C:\Windows\System\QOYPtdZ.exe
  C:\Windows\System\QOYPtdZ.exe
  2⤵
  PID:6440
- C:\Windows\System\TLeAwMx.exe
  C:\Windows\System\TLeAwMx.exe
  2⤵
  PID:6460
- C:\Windows\System\TGmeIsj.exe
  C:\Windows\System\TGmeIsj.exe
  2⤵
  PID:6476
- C:\Windows\System\xxogNbu.exe
  C:\Windows\System\xxogNbu.exe
  2⤵
  PID:6492
- C:\Windows\System\qZHTUyx.exe
  C:\Windows\System\qZHTUyx.exe
  2⤵
  PID:6508
- C:\Windows\System\NMVCmNL.exe
  C:\Windows\System\NMVCmNL.exe
  2⤵
  PID:6524
- C:\Windows\System\IujEiiX.exe
  C:\Windows\System\IujEiiX.exe
  2⤵
  PID:6548
- C:\Windows\System\qIILGrb.exe
  C:\Windows\System\qIILGrb.exe
  2⤵
  PID:6564
- C:\Windows\System\MhLWAUA.exe
  C:\Windows\System\MhLWAUA.exe
  2⤵
  PID:6580
- C:\Windows\System\nIRBjjt.exe
  C:\Windows\System\nIRBjjt.exe
  2⤵
  PID:6600
- C:\Windows\System\otNArcV.exe
  C:\Windows\System\otNArcV.exe
  2⤵
  PID:6620
- C:\Windows\System\UfYoWxA.exe
  C:\Windows\System\UfYoWxA.exe
  2⤵
  PID:6636
- C:\Windows\System\VgoZUdD.exe
  C:\Windows\System\VgoZUdD.exe
  2⤵
  PID:6656
- C:\Windows\System\ccUTOlf.exe
  C:\Windows\System\ccUTOlf.exe
  2⤵
  PID:6688
- C:\Windows\System\MCzFTcm.exe
  C:\Windows\System\MCzFTcm.exe
  2⤵
  PID:6708
- C:\Windows\System\jzpnvHZ.exe
  C:\Windows\System\jzpnvHZ.exe
  2⤵
  PID:6760
- C:\Windows\System\OiqGrwV.exe
  C:\Windows\System\OiqGrwV.exe
  2⤵
  PID:6784
- C:\Windows\System\KoNlxup.exe
  C:\Windows\System\KoNlxup.exe
  2⤵
  PID:6800
- C:\Windows\System\gSZvQKX.exe
  C:\Windows\System\gSZvQKX.exe
  2⤵
  PID:6816
- C:\Windows\System\XYtFscn.exe
  C:\Windows\System\XYtFscn.exe
  2⤵
  PID:6832
- C:\Windows\System\xAwIAQl.exe
  C:\Windows\System\xAwIAQl.exe
  2⤵
  PID:6856
- C:\Windows\System\eIlaFwt.exe
  C:\Windows\System\eIlaFwt.exe
  2⤵
  PID:6880
- C:\Windows\System\eygcOWt.exe
  C:\Windows\System\eygcOWt.exe
  2⤵
  PID:6904
- C:\Windows\System\KaMmeic.exe
  C:\Windows\System\KaMmeic.exe
  2⤵
  PID:6924
- C:\Windows\System\dUSxTCz.exe
  C:\Windows\System\dUSxTCz.exe
  2⤵
  PID:6940
- C:\Windows\System\UICDmhe.exe
  C:\Windows\System\UICDmhe.exe
  2⤵
  PID:6972
- C:\Windows\System\AXNVkjt.exe
  C:\Windows\System\AXNVkjt.exe
  2⤵
  PID:6988
- C:\Windows\System\ZPiIcwX.exe
  C:\Windows\System\ZPiIcwX.exe
  2⤵
  PID:7004
- C:\Windows\System\DnGNfdU.exe
  C:\Windows\System\DnGNfdU.exe
  2⤵
  PID:7024
- C:\Windows\System\AmSsyRc.exe
  C:\Windows\System\AmSsyRc.exe
  2⤵
  PID:7040
- C:\Windows\System\zkhLniu.exe
  C:\Windows\System\zkhLniu.exe
  2⤵
  PID:7056
- C:\Windows\System\QxrIfhR.exe
  C:\Windows\System\QxrIfhR.exe
  2⤵
  PID:7072
- C:\Windows\System\gDOmlzM.exe
  C:\Windows\System\gDOmlzM.exe
  2⤵
  PID:7092
- C:\Windows\System\SsqmoHm.exe
  C:\Windows\System\SsqmoHm.exe
  2⤵
  PID:7112
- C:\Windows\System\XOsMPPQ.exe
  C:\Windows\System\XOsMPPQ.exe
  2⤵
  PID:7132
- C:\Windows\System\GWNoUZV.exe
  C:\Windows\System\GWNoUZV.exe
  2⤵
  PID:5372
- C:\Windows\System\uMoFGha.exe
  C:\Windows\System\uMoFGha.exe
  2⤵
  PID:6152
- C:\Windows\System\gpeerxp.exe
  C:\Windows\System\gpeerxp.exe
  2⤵
  PID:6188
- C:\Windows\System\nSfeIIt.exe
  C:\Windows\System\nSfeIIt.exe
  2⤵
  PID:4960
- C:\Windows\System\CkedIpR.exe
  C:\Windows\System\CkedIpR.exe
  2⤵
  PID:5160
- C:\Windows\System\dwdqefp.exe
  C:\Windows\System\dwdqefp.exe
  2⤵
  PID:5792
- C:\Windows\System\ZawplQl.exe
  C:\Windows\System\ZawplQl.exe
  2⤵
  PID:6200
- C:\Windows\System\xFuiEIJ.exe
  C:\Windows\System\xFuiEIJ.exe
  2⤵
  PID:6344
- C:\Windows\System\peVgzUy.exe
  C:\Windows\System\peVgzUy.exe
  2⤵
  PID:6232
- C:\Windows\System\GqkBWUM.exe
  C:\Windows\System\GqkBWUM.exe
  2⤵
  PID:6248
- C:\Windows\System\oEwOhbq.exe
  C:\Windows\System\oEwOhbq.exe
  2⤵
  PID:5032
- C:\Windows\System\EwvJYvW.exe
  C:\Windows\System\EwvJYvW.exe
  2⤵
  PID:6380
- C:\Windows\System\VAGtDMv.exe
  C:\Windows\System\VAGtDMv.exe
  2⤵
  PID:6484
- C:\Windows\System\XlNJoPm.exe
  C:\Windows\System\XlNJoPm.exe
  2⤵
  PID:6288
- C:\Windows\System\XeIlxpW.exe
  C:\Windows\System\XeIlxpW.exe
  2⤵
  PID:6516
- C:\Windows\System\PLWzVUc.exe
  C:\Windows\System\PLWzVUc.exe
  2⤵
  PID:6684
- C:\Windows\System\HRkLNgq.exe
  C:\Windows\System\HRkLNgq.exe
  2⤵
  PID:6592
- C:\Windows\System\SZjVNbl.exe
  C:\Windows\System\SZjVNbl.exe
  2⤵
  PID:6680
- C:\Windows\System\gPLnrct.exe
  C:\Windows\System\gPLnrct.exe
  2⤵
  PID:6644
- C:\Windows\System\TuOuyXe.exe
  C:\Windows\System\TuOuyXe.exe
  2⤵
  PID:6664
- C:\Windows\System\jfIZJcx.exe
  C:\Windows\System\jfIZJcx.exe
  2⤵
  PID:4584
- C:\Windows\System\JuHHGSF.exe
  C:\Windows\System\JuHHGSF.exe
  2⤵
  PID:6436
- C:\Windows\System\pviBeqM.exe
  C:\Windows\System\pviBeqM.exe
  2⤵
  PID:6540
- C:\Windows\System\aYyRsuQ.exe
  C:\Windows\System\aYyRsuQ.exe
  2⤵
  PID:6732
- C:\Windows\System\OUvJVwW.exe
  C:\Windows\System\OUvJVwW.exe
  2⤵
  PID:6700
- C:\Windows\System\yytGHLE.exe
  C:\Windows\System\yytGHLE.exe
  2⤵
  PID:6796
- C:\Windows\System\GKETfKi.exe
  C:\Windows\System\GKETfKi.exe
  2⤵
  PID:6768
- C:\Windows\System\FwmMtVc.exe
  C:\Windows\System\FwmMtVc.exe
  2⤵
  PID:6808
- C:\Windows\System\jAPmGvq.exe
  C:\Windows\System\jAPmGvq.exe
  2⤵
  PID:6848
- C:\Windows\System\EmvHtfJ.exe
  C:\Windows\System\EmvHtfJ.exe
  2⤵
  PID:6872
- C:\Windows\System\ZPBAKNH.exe
  C:\Windows\System\ZPBAKNH.exe
  2⤵
  PID:6896
- C:\Windows\System\zXXCpgd.exe
  C:\Windows\System\zXXCpgd.exe
  2⤵
  PID:6920
- C:\Windows\System\cRRHzta.exe
  C:\Windows\System\cRRHzta.exe
  2⤵
  PID:6960
- C:\Windows\System\cYxCsWS.exe
  C:\Windows\System\cYxCsWS.exe
  2⤵
  PID:6980
- C:\Windows\System\IjPJLOY.exe
  C:\Windows\System\IjPJLOY.exe
  2⤵
  PID:7064
- C:\Windows\System\SHSvBzc.exe
  C:\Windows\System\SHSvBzc.exe
  2⤵
  PID:6984
- C:\Windows\System\QFfBuBN.exe
  C:\Windows\System\QFfBuBN.exe
  2⤵
  PID:7020
- C:\Windows\System\elqfuJl.exe
  C:\Windows\System\elqfuJl.exe
  2⤵
  PID:7088
- C:\Windows\System\bLZdWJm.exe
  C:\Windows\System\bLZdWJm.exe
  2⤵
  PID:7104
- C:\Windows\System\tibmFOw.exe
  C:\Windows\System\tibmFOw.exe
  2⤵
  PID:5540
- C:\Windows\System\JdMKqTd.exe
  C:\Windows\System\JdMKqTd.exe
  2⤵
  PID:5436
- C:\Windows\System\bOSRrSN.exe
  C:\Windows\System\bOSRrSN.exe
  2⤵
  PID:6172
- C:\Windows\System\BKBWtXD.exe
  C:\Windows\System\BKBWtXD.exe
  2⤵
  PID:6224
- C:\Windows\System\PVnreuC.exe
  C:\Windows\System\PVnreuC.exe
  2⤵
  PID:6388
- C:\Windows\System\ApKgmZD.exe
  C:\Windows\System\ApKgmZD.exe
  2⤵
  PID:6456
- C:\Windows\System\Lhhinar.exe
  C:\Windows\System\Lhhinar.exe
  2⤵
  PID:6404
- C:\Windows\System\EXyFpAg.exe
  C:\Windows\System\EXyFpAg.exe
  2⤵
  PID:6328
- C:\Windows\System\XoOBSvA.exe
  C:\Windows\System\XoOBSvA.exe
  2⤵
  PID:4820
- C:\Windows\System\ClDuszE.exe
  C:\Windows\System\ClDuszE.exe
  2⤵
  PID:6616
- C:\Windows\System\vFMjNOW.exe
  C:\Windows\System\vFMjNOW.exe
  2⤵
  PID:6500
- C:\Windows\System\ICbVWIE.exe
  C:\Windows\System\ICbVWIE.exe
  2⤵
  PID:6612
- C:\Windows\System\DaUgaHp.exe
  C:\Windows\System\DaUgaHp.exe
  2⤵
  PID:6360
- C:\Windows\System\YuBcZkK.exe
  C:\Windows\System\YuBcZkK.exe
  2⤵
  PID:4940
- C:\Windows\System\pcSfucT.exe
  C:\Windows\System\pcSfucT.exe
  2⤵
  PID:6724
- C:\Windows\System\dXONcMg.exe
  C:\Windows\System\dXONcMg.exe
  2⤵
  PID:6772
- C:\Windows\System\kQWdOhL.exe
  C:\Windows\System\kQWdOhL.exe
  2⤵
  PID:6932
- C:\Windows\System\gxUidDn.exe
  C:\Windows\System\gxUidDn.exe
  2⤵
  PID:6852
- C:\Windows\System\iFLNFRD.exe
  C:\Windows\System\iFLNFRD.exe
  2⤵
  PID:7036
- C:\Windows\System\kkwsmQI.exe
  C:\Windows\System\kkwsmQI.exe
  2⤵
  PID:7068
- C:\Windows\System\gGxcmLY.exe
  C:\Windows\System\gGxcmLY.exe
  2⤵
  PID:7148
- C:\Windows\System\oxWJnGC.exe
  C:\Windows\System\oxWJnGC.exe
  2⤵
  PID:4868
- C:\Windows\System\RjnYgaP.exe
  C:\Windows\System\RjnYgaP.exe
  2⤵
  PID:6104
- C:\Windows\System\bdJkZSl.exe
  C:\Windows\System\bdJkZSl.exe
  2⤵
  PID:5336
- C:\Windows\System\CffbQwK.exe
  C:\Windows\System\CffbQwK.exe
  2⤵
  PID:6240
- C:\Windows\System\PuIlRYc.exe
  C:\Windows\System\PuIlRYc.exe
  2⤵
  PID:6308
- C:\Windows\System\NhnlDgt.exe
  C:\Windows\System\NhnlDgt.exe
  2⤵
  PID:4764
- C:\Windows\System\RDugbOY.exe
  C:\Windows\System\RDugbOY.exe
  2⤵
  PID:6576
- C:\Windows\System\ggaxkLc.exe
  C:\Windows\System\ggaxkLc.exe
  2⤵
  PID:6744
- C:\Windows\System\uRnpsxf.exe
  C:\Windows\System\uRnpsxf.exe
  2⤵
  PID:6756
- C:\Windows\System\qdUvxGM.exe
  C:\Windows\System\qdUvxGM.exe
  2⤵
  PID:6792
- C:\Windows\System\pDZWVqw.exe
  C:\Windows\System\pDZWVqw.exe
  2⤵
  PID:6996
- C:\Windows\System\QQsxrRX.exe
  C:\Windows\System\QQsxrRX.exe
  2⤵
  PID:4800
- C:\Windows\System\ahtdnow.exe
  C:\Windows\System\ahtdnow.exe
  2⤵
  PID:7128
- C:\Windows\System\MdRwpKB.exe
  C:\Windows\System\MdRwpKB.exe
  2⤵
  PID:7052
- C:\Windows\System\QfJNcXf.exe
  C:\Windows\System\QfJNcXf.exe
  2⤵
  PID:6876
- C:\Windows\System\YqJhaZF.exe
  C:\Windows\System\YqJhaZF.exe
  2⤵
  PID:6304
- C:\Windows\System\foxEfVv.exe
  C:\Windows\System\foxEfVv.exe
  2⤵
  PID:1564
- C:\Windows\System\WcKjbRw.exe
  C:\Windows\System\WcKjbRw.exe
  2⤵
  PID:2604
- C:\Windows\System\XxlDpfx.exe
  C:\Windows\System\XxlDpfx.exe
  2⤵
  PID:6628
- C:\Windows\System\QuewWDt.exe
  C:\Windows\System\QuewWDt.exe
  2⤵
  PID:6400
- C:\Windows\System\biMaNXy.exe
  C:\Windows\System\biMaNXy.exe
  2⤵
  PID:6696
- C:\Windows\System\MNUAIps.exe
  C:\Windows\System\MNUAIps.exe
  2⤵
  PID:5716
- C:\Windows\System\CITMrlf.exe
  C:\Windows\System\CITMrlf.exe
  2⤵
  PID:6748
- C:\Windows\System\UEOOfKk.exe
  C:\Windows\System\UEOOfKk.exe
  2⤵
  PID:1432
- C:\Windows\System\sCoqTjM.exe
  C:\Windows\System\sCoqTjM.exe
  2⤵
  PID:5948
- C:\Windows\System\BPQRNKS.exe
  C:\Windows\System\BPQRNKS.exe
  2⤵
  PID:6888
- C:\Windows\System\rkXDOgo.exe
  C:\Windows\System\rkXDOgo.exe
  2⤵
  PID:7100
- C:\Windows\System\aIkKXwz.exe
  C:\Windows\System\aIkKXwz.exe
  2⤵
  PID:6828
- C:\Windows\System\BoQHSFD.exe
  C:\Windows\System\BoQHSFD.exe
  2⤵
  PID:6588
- C:\Windows\System\TzwysFX.exe
  C:\Windows\System\TzwysFX.exe
  2⤵
  PID:6556
- C:\Windows\System\JSqLzPv.exe
  C:\Windows\System\JSqLzPv.exe
  2⤵
  PID:1336
- C:\Windows\System\XtgcLui.exe
  C:\Windows\System\XtgcLui.exe
  2⤵
  PID:7012
- C:\Windows\System\obeAwfa.exe
  C:\Windows\System\obeAwfa.exe
  2⤵
  PID:1140
- C:\Windows\System\WlnbiDL.exe
  C:\Windows\System\WlnbiDL.exe
  2⤵
  PID:7188
- C:\Windows\System\ggGxmOq.exe
  C:\Windows\System\ggGxmOq.exe
  2⤵
  PID:7204
- C:\Windows\System\VBiPJeM.exe
  C:\Windows\System\VBiPJeM.exe
  2⤵
  PID:7224
- C:\Windows\System\aVyqKMA.exe
  C:\Windows\System\aVyqKMA.exe
  2⤵
  PID:7244
- C:\Windows\System\cciOexL.exe
  C:\Windows\System\cciOexL.exe
  2⤵
  PID:7260
- C:\Windows\System\jJlkWcX.exe
  C:\Windows\System\jJlkWcX.exe
  2⤵
  PID:7276
- C:\Windows\System\bKMlBRD.exe
  C:\Windows\System\bKMlBRD.exe
  2⤵
  PID:7296
- C:\Windows\System\iWQAVpX.exe
  C:\Windows\System\iWQAVpX.exe
  2⤵
  PID:7312
- C:\Windows\System\owuPIDs.exe
  C:\Windows\System\owuPIDs.exe
  2⤵
  PID:7328
- C:\Windows\System\vaUTfqr.exe
  C:\Windows\System\vaUTfqr.exe
  2⤵
  PID:7344
- C:\Windows\System\kgWqiOk.exe
  C:\Windows\System\kgWqiOk.exe
  2⤵
  PID:7360
- C:\Windows\System\eKQyGmo.exe
  C:\Windows\System\eKQyGmo.exe
  2⤵
  PID:7384
- C:\Windows\System\jxSPZVS.exe
  C:\Windows\System\jxSPZVS.exe
  2⤵
  PID:7400
- C:\Windows\System\JfGBcuW.exe
  C:\Windows\System\JfGBcuW.exe
  2⤵
  PID:7420
- C:\Windows\System\RagUmEk.exe
  C:\Windows\System\RagUmEk.exe
  2⤵
  PID:7436
- C:\Windows\System\SPVoDRI.exe
  C:\Windows\System\SPVoDRI.exe
  2⤵
  PID:7452
- C:\Windows\System\zGFpQVY.exe
  C:\Windows\System\zGFpQVY.exe
  2⤵
  PID:7468
- C:\Windows\System\YTnbFcY.exe
  C:\Windows\System\YTnbFcY.exe
  2⤵
  PID:7484
- C:\Windows\System\Trmpzfx.exe
  C:\Windows\System\Trmpzfx.exe
  2⤵
  PID:7500
- C:\Windows\System\LyWnaIH.exe
  C:\Windows\System\LyWnaIH.exe
  2⤵
  PID:7516
- C:\Windows\System\WrijVjr.exe
  C:\Windows\System\WrijVjr.exe
  2⤵
  PID:7532
- C:\Windows\System\YmVwxhx.exe
  C:\Windows\System\YmVwxhx.exe
  2⤵
  PID:7548
- C:\Windows\System\PJTgoBI.exe
  C:\Windows\System\PJTgoBI.exe
  2⤵
  PID:7564
- C:\Windows\System\TyErnod.exe
  C:\Windows\System\TyErnod.exe
  2⤵
  PID:7580
- C:\Windows\System\ZDrFXuG.exe
  C:\Windows\System\ZDrFXuG.exe
  2⤵
  PID:7596
- C:\Windows\System\XqYkZif.exe
  C:\Windows\System\XqYkZif.exe
  2⤵
  PID:7612
- C:\Windows\System\gCZyKGd.exe
  C:\Windows\System\gCZyKGd.exe
  2⤵
  PID:7628
- C:\Windows\System\TKNsfim.exe
  C:\Windows\System\TKNsfim.exe
  2⤵
  PID:7644
- C:\Windows\System\yTJkeJx.exe
  C:\Windows\System\yTJkeJx.exe
  2⤵
  PID:7660
- C:\Windows\System\HwmPSnm.exe
  C:\Windows\System\HwmPSnm.exe
  2⤵
  PID:7676
- C:\Windows\System\Xaqqucp.exe
  C:\Windows\System\Xaqqucp.exe
  2⤵
  PID:7692
- C:\Windows\System\SKDIqxU.exe
  C:\Windows\System\SKDIqxU.exe
  2⤵
  PID:7708
- C:\Windows\System\ZptFLeI.exe
  C:\Windows\System\ZptFLeI.exe
  2⤵
  PID:7724
- C:\Windows\System\EqJwhQf.exe
  C:\Windows\System\EqJwhQf.exe
  2⤵
  PID:7740
- C:\Windows\System\GtSXoHh.exe
  C:\Windows\System\GtSXoHh.exe
  2⤵
  PID:7756
- C:\Windows\System\aBXyTvW.exe
  C:\Windows\System\aBXyTvW.exe
  2⤵
  PID:7776
- C:\Windows\System\JoJKrKQ.exe
  C:\Windows\System\JoJKrKQ.exe
  2⤵
  PID:7792
- C:\Windows\System\VdacIUK.exe
  C:\Windows\System\VdacIUK.exe
  2⤵
  PID:7816
- C:\Windows\System\JcxEhHk.exe
  C:\Windows\System\JcxEhHk.exe
  2⤵
  PID:7832
- C:\Windows\System\MOrXKqp.exe
  C:\Windows\System\MOrXKqp.exe
  2⤵
  PID:7852
- C:\Windows\System\HeDDYSw.exe
  C:\Windows\System\HeDDYSw.exe
  2⤵
  PID:7868
- C:\Windows\System\GYJVEqq.exe
  C:\Windows\System\GYJVEqq.exe
  2⤵
  PID:7892
- C:\Windows\System\vsNFVNZ.exe
  C:\Windows\System\vsNFVNZ.exe
  2⤵
  PID:7916
- C:\Windows\System\NcFeYRg.exe
  C:\Windows\System\NcFeYRg.exe
  2⤵
  PID:7952
- C:\Windows\System\mEBtzrn.exe
  C:\Windows\System\mEBtzrn.exe
  2⤵
  PID:7968
- C:\Windows\System\omywIIf.exe
  C:\Windows\System\omywIIf.exe
  2⤵
  PID:7984
- C:\Windows\System\szLoQPn.exe
  C:\Windows\System\szLoQPn.exe
  2⤵
  PID:8000
- C:\Windows\System\VJtUyVL.exe
  C:\Windows\System\VJtUyVL.exe
  2⤵
  PID:8024
- C:\Windows\System\XFkJHco.exe
  C:\Windows\System\XFkJHco.exe
  2⤵
  PID:8040
- C:\Windows\System\FZIckJo.exe
  C:\Windows\System\FZIckJo.exe
  2⤵
  PID:8060
- C:\Windows\System\LFRHbMC.exe
  C:\Windows\System\LFRHbMC.exe
  2⤵
  PID:8076
- C:\Windows\System\zJJUREE.exe
  C:\Windows\System\zJJUREE.exe
  2⤵
  PID:8092
- C:\Windows\System\gZXRSOn.exe
  C:\Windows\System\gZXRSOn.exe
  2⤵
  PID:8112
- C:\Windows\System\YccRpOP.exe
  C:\Windows\System\YccRpOP.exe
  2⤵
  PID:8128
- C:\Windows\System\LwJVNDU.exe
  C:\Windows\System\LwJVNDU.exe
  2⤵
  PID:8144
- C:\Windows\System\yLeoIgn.exe
  C:\Windows\System\yLeoIgn.exe
  2⤵
  PID:8176
- C:\Windows\System\tbIOOWe.exe
  C:\Windows\System\tbIOOWe.exe
  2⤵
  PID:6900
- C:\Windows\System\pNKUZRx.exe
  C:\Windows\System\pNKUZRx.exe
  2⤵
  PID:6272
- C:\Windows\System\OwswRgr.exe
  C:\Windows\System\OwswRgr.exe
  2⤵
  PID:2536
- C:\Windows\System\jGhJxub.exe
  C:\Windows\System\jGhJxub.exe
  2⤵
  PID:7176
- C:\Windows\System\WyGfRhe.exe
  C:\Windows\System\WyGfRhe.exe
  2⤵
  PID:7252
- C:\Windows\System\wvcmEky.exe
  C:\Windows\System\wvcmEky.exe
  2⤵
  PID:7292
- C:\Windows\System\sYCLOIy.exe
  C:\Windows\System\sYCLOIy.exe
  2⤵
  PID:7356
- C:\Windows\System\ieUTpBt.exe
  C:\Windows\System\ieUTpBt.exe
  2⤵
  PID:7016
- C:\Windows\System\UbeWoLv.exe
  C:\Windows\System\UbeWoLv.exe
  2⤵
  PID:7240
- C:\Windows\System\MhKPqZk.exe
  C:\Windows\System\MhKPqZk.exe
  2⤵
  PID:7304
- C:\Windows\System\ToXmgLe.exe
  C:\Windows\System\ToXmgLe.exe
  2⤵
  PID:7232
- C:\Windows\System\TDXQXkh.exe
  C:\Windows\System\TDXQXkh.exe
  2⤵
  PID:7408
- C:\Windows\System\gUwxgWE.exe
  C:\Windows\System\gUwxgWE.exe
  2⤵
  PID:7212
- C:\Windows\System\wKPTqqL.exe
  C:\Windows\System\wKPTqqL.exe
  2⤵
  PID:7464
- C:\Windows\System\TIXQCnZ.exe
  C:\Windows\System\TIXQCnZ.exe
  2⤵
  PID:7460
- C:\Windows\System\ynnYfop.exe
  C:\Windows\System\ynnYfop.exe
  2⤵
  PID:7524
- C:\Windows\System\wmlMohC.exe
  C:\Windows\System\wmlMohC.exe
  2⤵
  PID:7572
- C:\Windows\System\lNwDIJL.exe
  C:\Windows\System\lNwDIJL.exe
  2⤵
  PID:7588
- C:\Windows\System\UmgrBVk.exe
  C:\Windows\System\UmgrBVk.exe
  2⤵
  PID:7560
- C:\Windows\System\NCNLcOx.exe
  C:\Windows\System\NCNLcOx.exe
  2⤵
  PID:7700
- C:\Windows\System\clojmMc.exe
  C:\Windows\System\clojmMc.exe
  2⤵
  PID:7732
- C:\Windows\System\JTjnRKT.exe
  C:\Windows\System\JTjnRKT.exe
  2⤵
  PID:7748
- C:\Windows\System\dGUNgiZ.exe
  C:\Windows\System\dGUNgiZ.exe
  2⤵
  PID:7656
- C:\Windows\System\dnDdEpm.exe
  C:\Windows\System\dnDdEpm.exe
  2⤵
  PID:7800
- C:\Windows\System\PnohDEr.exe
  C:\Windows\System\PnohDEr.exe
  2⤵
  PID:7812
- C:\Windows\System\oYZmfub.exe
  C:\Windows\System\oYZmfub.exe
  2⤵
  PID:7876
- C:\Windows\System\ErfSzZq.exe
  C:\Windows\System\ErfSzZq.exe
  2⤵
  PID:7828
- C:\Windows\System\gQqnxUQ.exe
  C:\Windows\System\gQqnxUQ.exe
  2⤵
  PID:7900
- C:\Windows\System\iWroxjg.exe
  C:\Windows\System\iWroxjg.exe
  2⤵
  PID:7912
- C:\Windows\System\LJrzVup.exe
  C:\Windows\System\LJrzVup.exe
  2⤵
  PID:7992
- C:\Windows\System\SGjbaLh.exe
  C:\Windows\System\SGjbaLh.exe
  2⤵
  PID:7948
- C:\Windows\System\IWmcQPk.exe
  C:\Windows\System\IWmcQPk.exe
  2⤵
  PID:8016
- C:\Windows\System\YwzOYwX.exe
  C:\Windows\System\YwzOYwX.exe
  2⤵
  PID:8048
- C:\Windows\System\OCgZiWi.exe
  C:\Windows\System\OCgZiWi.exe
  2⤵
  PID:8088
- C:\Windows\System\VcyRueT.exe
  C:\Windows\System\VcyRueT.exe
  2⤵
  PID:8032
- C:\Windows\System\hpKOnuu.exe
  C:\Windows\System\hpKOnuu.exe
  2⤵
  PID:580
- C:\Windows\System\jRCkPuw.exe
  C:\Windows\System\jRCkPuw.exe
  2⤵
  PID:8152
- C:\Windows\System\ZPMDMWH.exe
  C:\Windows\System\ZPMDMWH.exe
  2⤵
  PID:8168
- C:\Windows\System\acmDgaA.exe
  C:\Windows\System\acmDgaA.exe
  2⤵
  PID:7928
- C:\Windows\System\JnWwdny.exe
  C:\Windows\System\JnWwdny.exe
  2⤵
  PID:8020
- C:\Windows\System\syjWMyU.exe
  C:\Windows\System\syjWMyU.exe
  2⤵
  PID:6776
- C:\Windows\System\XDoWsIW.exe
  C:\Windows\System\XDoWsIW.exe
  2⤵
  PID:8184
- C:\Windows\System\UkGhyZP.exe
  C:\Windows\System\UkGhyZP.exe
  2⤵
  PID:7172
- C:\Windows\System\FPaiSDZ.exe
  C:\Windows\System\FPaiSDZ.exe
  2⤵
  PID:4788
- C:\Windows\System\ieltOzP.exe
  C:\Windows\System\ieltOzP.exe
  2⤵
  PID:7288
- C:\Windows\System\UQTtCfW.exe
  C:\Windows\System\UQTtCfW.exe
  2⤵
  PID:7236
- C:\Windows\System\VYTiCwO.exe
  C:\Windows\System\VYTiCwO.exe
  2⤵
  PID:7380
- C:\Windows\System\icJCgrf.exe
  C:\Windows\System\icJCgrf.exe
  2⤵
  PID:7576
- C:\Windows\System\jlHLRji.exe
  C:\Windows\System\jlHLRji.exe
  2⤵
  PID:7672
- C:\Windows\System\NuyheNF.exe
  C:\Windows\System\NuyheNF.exe
  2⤵
  PID:7848
- C:\Windows\System\ohPkzvP.exe
  C:\Windows\System\ohPkzvP.exe
  2⤵
  PID:7528
- C:\Windows\System\YpCWDby.exe
  C:\Windows\System\YpCWDby.exe
  2⤵
  PID:7652
- C:\Windows\System\mQqMcjl.exe
  C:\Windows\System\mQqMcjl.exe
  2⤵
  PID:7936
- C:\Windows\System\LmryBqV.exe
  C:\Windows\System\LmryBqV.exe
  2⤵
  PID:8008
- C:\Windows\System\Kyqnsei.exe
  C:\Windows\System\Kyqnsei.exe
  2⤵
  PID:7908
- C:\Windows\System\RvsmtsT.exe
  C:\Windows\System\RvsmtsT.exe
  2⤵
  PID:8160
- C:\Windows\System\QcKCsEC.exe
  C:\Windows\System\QcKCsEC.exe
  2⤵
  PID:8140
- C:\Windows\System\QGtFShw.exe
  C:\Windows\System\QGtFShw.exe
  2⤵
  PID:7284
- C:\Windows\System\WBNfWEA.exe
  C:\Windows\System\WBNfWEA.exe
  2⤵
  PID:8124
- C:\Windows\System\RPreyRE.exe
  C:\Windows\System\RPreyRE.exe
  2⤵
  PID:7336
- C:\Windows\System\MKZArhC.exe
  C:\Windows\System\MKZArhC.exe
  2⤵
  PID:7480
- C:\Windows\System\JWwpvHy.exe
  C:\Windows\System\JWwpvHy.exe
  2⤵
  PID:7668
- C:\Windows\System\OXxooXW.exe
  C:\Windows\System\OXxooXW.exe
  2⤵
  PID:7884
- C:\Windows\System\pgHvxIm.exe
  C:\Windows\System\pgHvxIm.exe
  2⤵
  PID:7808
- C:\Windows\System\TuZrUzQ.exe
  C:\Windows\System\TuZrUzQ.exe
  2⤵
  PID:7396
- C:\Windows\System\ZznJnhe.exe
  C:\Windows\System\ZznJnhe.exe
  2⤵
  PID:7604
- C:\Windows\System\kovkifY.exe
  C:\Windows\System\kovkifY.exe
  2⤵
  PID:7368
- C:\Windows\System\ZjvihsY.exe
  C:\Windows\System\ZjvihsY.exe
  2⤵
  PID:8164
- C:\Windows\System\KBCWEQA.exe
  C:\Windows\System\KBCWEQA.exe
  2⤵
  PID:7624
- C:\Windows\System\hAONTSQ.exe
  C:\Windows\System\hAONTSQ.exe
  2⤵
  PID:7684
- C:\Windows\System\UmhSmug.exe
  C:\Windows\System\UmhSmug.exe
  2⤵
  PID:7432
- C:\Windows\System\pCxQVKp.exe
  C:\Windows\System\pCxQVKp.exe
  2⤵
  PID:8204
- C:\Windows\System\ZLGVLIa.exe
  C:\Windows\System\ZLGVLIa.exe
  2⤵
  PID:8220
- C:\Windows\System\RrIQUqv.exe
  C:\Windows\System\RrIQUqv.exe
  2⤵
  PID:8236
- C:\Windows\System\bnuTGqU.exe
  C:\Windows\System\bnuTGqU.exe
  2⤵
  PID:8260
- C:\Windows\System\ksoWNgL.exe
  C:\Windows\System\ksoWNgL.exe
  2⤵
  PID:8276
- C:\Windows\System\GSxQZCZ.exe
  C:\Windows\System\GSxQZCZ.exe
  2⤵
  PID:8292
- C:\Windows\System\JFBZrFO.exe
  C:\Windows\System\JFBZrFO.exe
  2⤵
  PID:8316
- C:\Windows\System\mAeOFeB.exe
  C:\Windows\System\mAeOFeB.exe
  2⤵
  PID:8332
- C:\Windows\System\EpcCgOH.exe
  C:\Windows\System\EpcCgOH.exe
  2⤵
  PID:8356
- C:\Windows\System\rKNPykh.exe
  C:\Windows\System\rKNPykh.exe
  2⤵
  PID:8396
- C:\Windows\System\ERzUMco.exe
  C:\Windows\System\ERzUMco.exe
  2⤵
  PID:8424
- C:\Windows\System\SdsisiE.exe
  C:\Windows\System\SdsisiE.exe
  2⤵
  PID:8440
- C:\Windows\System\XgRbUao.exe
  C:\Windows\System\XgRbUao.exe
  2⤵
  PID:8456
- C:\Windows\System\ehREPwG.exe
  C:\Windows\System\ehREPwG.exe
  2⤵
  PID:8492
- C:\Windows\System\vBodiqu.exe
  C:\Windows\System\vBodiqu.exe
  2⤵
  PID:8516
- C:\Windows\System\VhRmWWj.exe
  C:\Windows\System\VhRmWWj.exe
  2⤵
  PID:8548
- C:\Windows\System\yPDTIPU.exe
  C:\Windows\System\yPDTIPU.exe
  2⤵
  PID:8568
- C:\Windows\System\xOwQCsU.exe
  C:\Windows\System\xOwQCsU.exe
  2⤵
  PID:8588
- C:\Windows\System\lhtyksn.exe
  C:\Windows\System\lhtyksn.exe
  2⤵
  PID:8604
- C:\Windows\System\ybjFqyE.exe
  C:\Windows\System\ybjFqyE.exe
  2⤵
  PID:8624
- C:\Windows\System\sWZrRun.exe
  C:\Windows\System\sWZrRun.exe
  2⤵
  PID:8640
- C:\Windows\System\rJJgTyJ.exe
  C:\Windows\System\rJJgTyJ.exe
  2⤵
  PID:8664
- C:\Windows\System\GraZTgW.exe
  C:\Windows\System\GraZTgW.exe
  2⤵
  PID:8680
- C:\Windows\System\EXTuyTE.exe
  C:\Windows\System\EXTuyTE.exe
  2⤵
  PID:8700
- C:\Windows\System\FcmykQA.exe
  C:\Windows\System\FcmykQA.exe
  2⤵
  PID:8724
- C:\Windows\System\moIaqba.exe
  C:\Windows\System\moIaqba.exe
  2⤵
  PID:8740
- C:\Windows\System\jWiQtph.exe
  C:\Windows\System\jWiQtph.exe
  2⤵
  PID:8760
- C:\Windows\System\gomGpQV.exe
  C:\Windows\System\gomGpQV.exe
  2⤵
  PID:8784
- C:\Windows\System\KXwzDSF.exe
  C:\Windows\System\KXwzDSF.exe
  2⤵
  PID:8832
- C:\Windows\System\WAJKezb.exe
  C:\Windows\System\WAJKezb.exe
  2⤵
  PID:8864
- C:\Windows\System\CljRnvd.exe
  C:\Windows\System\CljRnvd.exe
  2⤵
  PID:8880
- C:\Windows\System\LWzvfIZ.exe
  C:\Windows\System\LWzvfIZ.exe
  2⤵
  PID:8900
- C:\Windows\System\wxnqKEs.exe
  C:\Windows\System\wxnqKEs.exe
  2⤵
  PID:8920
- C:\Windows\System\uKBfCfl.exe
  C:\Windows\System\uKBfCfl.exe
  2⤵
  PID:8944
- C:\Windows\System\KZlpGno.exe
  C:\Windows\System\KZlpGno.exe
  2⤵
  PID:8960
- C:\Windows\System\uHYgQCh.exe
  C:\Windows\System\uHYgQCh.exe
  2⤵
  PID:8980
- C:\Windows\System\jHRJjQH.exe
  C:\Windows\System\jHRJjQH.exe
  2⤵
  PID:8996
- C:\Windows\System\haTuRiO.exe
  C:\Windows\System\haTuRiO.exe
  2⤵
  PID:9012
- C:\Windows\System\nnTlOOg.exe
  C:\Windows\System\nnTlOOg.exe
  2⤵
  PID:9052
- C:\Windows\System\PeGEmBX.exe
  C:\Windows\System\PeGEmBX.exe
  2⤵
  PID:9068
- C:\Windows\System\eySfdmV.exe
  C:\Windows\System\eySfdmV.exe
  2⤵
  PID:9084
- C:\Windows\System\CCuXTUf.exe
  C:\Windows\System\CCuXTUf.exe
  2⤵
  PID:9104
- C:\Windows\System\kEybImI.exe
  C:\Windows\System\kEybImI.exe
  2⤵
  PID:9124
- C:\Windows\System\qOIknIJ.exe
  C:\Windows\System\qOIknIJ.exe
  2⤵
  PID:9140
- C:\Windows\System\KkSWnqG.exe
  C:\Windows\System\KkSWnqG.exe
  2⤵
  PID:9168
- C:\Windows\System\KcRkoJv.exe
  C:\Windows\System\KcRkoJv.exe
  2⤵
  PID:9184
- C:\Windows\System\NeVoMhR.exe
  C:\Windows\System\NeVoMhR.exe
  2⤵
  PID:9200
- C:\Windows\System\IgYCZSk.exe
  C:\Windows\System\IgYCZSk.exe
  2⤵
  PID:7340
- C:\Windows\System\zJQVmlT.exe
  C:\Windows\System\zJQVmlT.exe
  2⤵
  PID:8196
- C:\Windows\System\Rmkbucu.exe
  C:\Windows\System\Rmkbucu.exe
  2⤵
  PID:8268
- C:\Windows\System\UokdPzA.exe
  C:\Windows\System\UokdPzA.exe
  2⤵
  PID:8312
- C:\Windows\System\zxgxluV.exe
  C:\Windows\System\zxgxluV.exe
  2⤵
  PID:8344
- C:\Windows\System\rsootTa.exe
  C:\Windows\System\rsootTa.exe
  2⤵
  PID:7720
- C:\Windows\System\qQwEbHB.exe
  C:\Windows\System\qQwEbHB.exe
  2⤵
  PID:8256
- C:\Windows\System\mPtlnuG.exe
  C:\Windows\System\mPtlnuG.exe
  2⤵
  PID:8212
- C:\Windows\System\TFRHQZG.exe
  C:\Windows\System\TFRHQZG.exe
  2⤵
  PID:8324
- C:\Windows\System\ttqNtjN.exe
  C:\Windows\System\ttqNtjN.exe
  2⤵
  PID:8452
- C:\Windows\System\dPpojxI.exe
  C:\Windows\System\dPpojxI.exe
  2⤵
  PID:8468
- C:\Windows\System\CWyFkfz.exe
  C:\Windows\System\CWyFkfz.exe
  2⤵
  PID:8484
- C:\Windows\System\PGLVTAE.exe
  C:\Windows\System\PGLVTAE.exe
  2⤵
  PID:8512
- C:\Windows\System\uGQDOrk.exe
  C:\Windows\System\uGQDOrk.exe
  2⤵
  PID:8544
- C:\Windows\System\zQgfPKX.exe
  C:\Windows\System\zQgfPKX.exe
  2⤵
  PID:8596
- C:\Windows\System\yLFUOVv.exe
  C:\Windows\System\yLFUOVv.exe
  2⤵
  PID:8676
- C:\Windows\System\DPwcPNc.exe
  C:\Windows\System\DPwcPNc.exe
  2⤵
  PID:8748
- C:\Windows\System\Kafrsip.exe
  C:\Windows\System\Kafrsip.exe
  2⤵
  PID:8824
- C:\Windows\System\NuSMMFG.exe
  C:\Windows\System\NuSMMFG.exe
  2⤵
  PID:8584
- C:\Windows\System\zSUxavG.exe
  C:\Windows\System\zSUxavG.exe
  2⤵
  PID:8652
- C:\Windows\System\UesFEcb.exe
  C:\Windows\System\UesFEcb.exe
  2⤵
  PID:8780
- C:\Windows\System\rPNIIds.exe
  C:\Windows\System\rPNIIds.exe
  2⤵
  PID:8856
- C:\Windows\System\VjUCRQq.exe
  C:\Windows\System\VjUCRQq.exe
  2⤵
  PID:8908
- C:\Windows\System\RKAblBf.exe
  C:\Windows\System\RKAblBf.exe
  2⤵
  PID:8896
- C:\Windows\System\FMJTgtu.exe
  C:\Windows\System\FMJTgtu.exe
  2⤵
  PID:8932
- C:\Windows\System\SwzqNil.exe
  C:\Windows\System\SwzqNil.exe
  2⤵
  PID:8992
- C:\Windows\System\KdYzgQP.exe
  C:\Windows\System\KdYzgQP.exe
  2⤵
  PID:8976
- C:\Windows\System\lqcrzJJ.exe
  C:\Windows\System\lqcrzJJ.exe
  2⤵
  PID:9060
- C:\Windows\System\QwJvHvh.exe
  C:\Windows\System\QwJvHvh.exe
  2⤵
  PID:9152
- C:\Windows\System\dVynYHd.exe
  C:\Windows\System\dVynYHd.exe
  2⤵
  PID:9192
- C:\Windows\System\udjfTgo.exe
  C:\Windows\System\udjfTgo.exe
  2⤵
  PID:9132
- C:\Windows\System\ZRtWJnX.exe
  C:\Windows\System\ZRtWJnX.exe
  2⤵
  PID:9180
- C:\Windows\System\sqtGemk.exe
  C:\Windows\System\sqtGemk.exe
  2⤵
  PID:7636
- C:\Windows\System\DvIbHjm.exe
  C:\Windows\System\DvIbHjm.exe
  2⤵
  PID:7444
- C:\Windows\System\TDcSDob.exe
  C:\Windows\System\TDcSDob.exe
  2⤵
  PID:8232
- C:\Windows\System\MbnlZIr.exe
  C:\Windows\System\MbnlZIr.exe
  2⤵
  PID:7352
- C:\Windows\System\hoZCsOJ.exe
  C:\Windows\System\hoZCsOJ.exe
  2⤵
  PID:8252
- C:\Windows\System\MCAyawc.exe
  C:\Windows\System\MCAyawc.exe
  2⤵
  PID:8380
- C:\Windows\System\xFuVBPC.exe
  C:\Windows\System\xFuVBPC.exe
  2⤵
  PID:8436
- C:\Windows\System\oXYTRvG.exe
  C:\Windows\System\oXYTRvG.exe
  2⤵
  PID:8480
- C:\Windows\System\RNfMbOG.exe
  C:\Windows\System\RNfMbOG.exe
  2⤵
  PID:8524
- C:\Windows\System\PtLabIL.exe
  C:\Windows\System\PtLabIL.exe
  2⤵
  PID:8560
- C:\Windows\System\ArNfSzT.exe
  C:\Windows\System\ArNfSzT.exe
  2⤵
  PID:8576
- C:\Windows\System\QXjMAqQ.exe
  C:\Windows\System\QXjMAqQ.exe
  2⤵
  PID:8688
- C:\Windows\System\XzDcngD.exe
  C:\Windows\System\XzDcngD.exe
  2⤵
  PID:8844
- C:\Windows\System\zklPpzm.exe
  C:\Windows\System\zklPpzm.exe
  2⤵
  PID:8916
- C:\Windows\System\loeNMmO.exe
  C:\Windows\System\loeNMmO.exe
  2⤵
  PID:8988
- C:\Windows\System\emNkfgy.exe
  C:\Windows\System\emNkfgy.exe
  2⤵
  PID:9040
- C:\Windows\System\AKHIqLR.exe
  C:\Windows\System\AKHIqLR.exe
  2⤵
  PID:8972
- C:\Windows\System\RIHyvzK.exe
  C:\Windows\System\RIHyvzK.exe
  2⤵
  PID:9096
- C:\Windows\System\MorsZBl.exe
  C:\Windows\System\MorsZBl.exe
  2⤵
  PID:9196
- C:\Windows\System\LMsWzxz.exe
  C:\Windows\System\LMsWzxz.exe
  2⤵
  PID:7716
- C:\Windows\System\GrNuBJI.exe
  C:\Windows\System\GrNuBJI.exe
  2⤵
  PID:7428
- C:\Windows\System\chIpshr.exe
  C:\Windows\System\chIpshr.exe
  2⤵
  PID:8284
- C:\Windows\System\wOrQaQd.exe
  C:\Windows\System\wOrQaQd.exe
  2⤵
  PID:8200
- C:\Windows\System\gEMcCeA.exe
  C:\Windows\System\gEMcCeA.exe
  2⤵
  PID:8796
- C:\Windows\System\pClJSju.exe
  C:\Windows\System\pClJSju.exe
  2⤵
  PID:8736
- C:\Windows\System\fRUOVso.exe
  C:\Windows\System\fRUOVso.exe
  2⤵
  PID:8852
- C:\Windows\System\wHumdiR.exe
  C:\Windows\System\wHumdiR.exe
  2⤵
  PID:8936
- C:\Windows\System\tEMrECP.exe
  C:\Windows\System\tEMrECP.exe
  2⤵
  PID:9112
- C:\Windows\System\ZUzZbbL.exe
  C:\Windows\System\ZUzZbbL.exe
  2⤵
  PID:8536
- C:\Windows\System\zXHGXdl.exe
  C:\Windows\System\zXHGXdl.exe
  2⤵
  PID:8300
- C:\Windows\System\opLuLaR.exe
  C:\Windows\System\opLuLaR.exe
  2⤵
  PID:8288
- C:\Windows\System\WMGlDEv.exe
  C:\Windows\System\WMGlDEv.exe
  2⤵
  PID:8636
- C:\Windows\System\EsngviE.exe
  C:\Windows\System\EsngviE.exe
  2⤵
  PID:8532
- C:\Windows\System\RITGPlX.exe
  C:\Windows\System\RITGPlX.exe
  2⤵
  PID:8616
- C:\Windows\System\UPanJRE.exe
  C:\Windows\System\UPanJRE.exe
  2⤵
  PID:9080
- C:\Windows\System\JuaeXpX.exe
  C:\Windows\System\JuaeXpX.exe
  2⤵
  PID:8928
- C:\Windows\System\xTplvjr.exe
  C:\Windows\System\xTplvjr.exe
  2⤵
  PID:8108
- C:\Windows\System\rbtNthq.exe
  C:\Windows\System\rbtNthq.exe
  2⤵
  PID:8804
- C:\Windows\System\ZeqqObI.exe
  C:\Windows\System\ZeqqObI.exe
  2⤵
  PID:8648
- C:\Windows\System\RTJlIZl.exe
  C:\Windows\System\RTJlIZl.exe
  2⤵
  PID:9044
- C:\Windows\System\kxBxans.exe
  C:\Windows\System\kxBxans.exe
  2⤵
  PID:5744
- C:\Windows\System\GgrEjMF.exe
  C:\Windows\System\GgrEjMF.exe
  2⤵
  PID:8776
- C:\Windows\System\qrucnrq.exe
  C:\Windows\System\qrucnrq.exe
  2⤵
  PID:8620
- C:\Windows\System\QisKEQo.exe
  C:\Windows\System\QisKEQo.exe
  2⤵
  PID:9148
- C:\Windows\System\rouEKAw.exe
  C:\Windows\System\rouEKAw.exe
  2⤵
  PID:8808
- C:\Windows\System\yQmTsqW.exe
  C:\Windows\System\yQmTsqW.exe
  2⤵
  PID:8488
- C:\Windows\System\dgQNBTG.exe
  C:\Windows\System\dgQNBTG.exe
  2⤵
  PID:8812
- C:\Windows\System\qhfWvoR.exe
  C:\Windows\System\qhfWvoR.exe
  2⤵
  PID:8800
- C:\Windows\System\mqWGdQb.exe
  C:\Windows\System\mqWGdQb.exe
  2⤵
  PID:9244
- C:\Windows\System\HXHrjJe.exe
  C:\Windows\System\HXHrjJe.exe
  2⤵
  PID:9264
- C:\Windows\System\cwqCZvt.exe
  C:\Windows\System\cwqCZvt.exe
  2⤵
  PID:9280
- C:\Windows\System\zJWZDiA.exe
  C:\Windows\System\zJWZDiA.exe
  2⤵
  PID:9296
- C:\Windows\System\CDHppVZ.exe
  C:\Windows\System\CDHppVZ.exe
  2⤵
  PID:9328
- C:\Windows\System\BtfJcjD.exe
  C:\Windows\System\BtfJcjD.exe
  2⤵
  PID:9344
- C:\Windows\System\ZqxBEBX.exe
  C:\Windows\System\ZqxBEBX.exe
  2⤵
  PID:9360
- C:\Windows\System\MerRANH.exe
  C:\Windows\System\MerRANH.exe
  2⤵
  PID:9376
- C:\Windows\System\ahgxFaW.exe
  C:\Windows\System\ahgxFaW.exe
  2⤵
  PID:9400
- C:\Windows\System\JnMHIlw.exe
  C:\Windows\System\JnMHIlw.exe
  2⤵
  PID:9416
- C:\Windows\System\fjAqbQu.exe
  C:\Windows\System\fjAqbQu.exe
  2⤵
  PID:9436
- C:\Windows\System\aEnIRAu.exe
  C:\Windows\System\aEnIRAu.exe
  2⤵
  PID:9452
- C:\Windows\System\XNBOUhN.exe
  C:\Windows\System\XNBOUhN.exe
  2⤵
  PID:9492
- C:\Windows\System\ZBWepYd.exe
  C:\Windows\System\ZBWepYd.exe
  2⤵
  PID:9508
- C:\Windows\System\mLUgZCi.exe
  C:\Windows\System\mLUgZCi.exe
  2⤵
  PID:9524
- C:\Windows\System\VVrzNYa.exe
  C:\Windows\System\VVrzNYa.exe
  2⤵
  PID:9548
- C:\Windows\System\nmSGCCX.exe
  C:\Windows\System\nmSGCCX.exe
  2⤵
  PID:9568
- C:\Windows\System\KcstFKM.exe
  C:\Windows\System\KcstFKM.exe
  2⤵
  PID:9584
- C:\Windows\System\MrkBZxM.exe
  C:\Windows\System\MrkBZxM.exe
  2⤵
  PID:9604
- C:\Windows\System\wlYJceu.exe
  C:\Windows\System\wlYJceu.exe
  2⤵
  PID:9624
- C:\Windows\System\qtVVKQD.exe
  C:\Windows\System\qtVVKQD.exe
  2⤵
  PID:9648
- C:\Windows\System\uVMVIrc.exe
  C:\Windows\System\uVMVIrc.exe
  2⤵
  PID:9668
- C:\Windows\System\weErOrQ.exe
  C:\Windows\System\weErOrQ.exe
  2⤵
  PID:9688
- C:\Windows\System\huLwYeQ.exe
  C:\Windows\System\huLwYeQ.exe
  2⤵
  PID:9708
- C:\Windows\System\dLnqBfB.exe
  C:\Windows\System\dLnqBfB.exe
  2⤵
  PID:9728
- C:\Windows\System\DYLcJry.exe
  C:\Windows\System\DYLcJry.exe
  2⤵
  PID:9748
- C:\Windows\System\YAVTvEK.exe
  C:\Windows\System\YAVTvEK.exe
  2⤵
  PID:9768
- C:\Windows\System\XFBqGeX.exe
  C:\Windows\System\XFBqGeX.exe
  2⤵
  PID:9788
- C:\Windows\System\UAXEIku.exe
  C:\Windows\System\UAXEIku.exe
  2⤵
  PID:9808
- C:\Windows\System\WHPnjQg.exe
  C:\Windows\System\WHPnjQg.exe
  2⤵
  PID:9828
- C:\Windows\System\mlZWikV.exe
  C:\Windows\System\mlZWikV.exe
  2⤵
  PID:9848
- C:\Windows\System\SFrSFhZ.exe
  C:\Windows\System\SFrSFhZ.exe
  2⤵
  PID:9872
- C:\Windows\System\oIoMnHi.exe
  C:\Windows\System\oIoMnHi.exe
  2⤵
  PID:9892
- C:\Windows\System\XXgnLMo.exe
  C:\Windows\System\XXgnLMo.exe
  2⤵
  PID:9912
- C:\Windows\System\QhpUpLq.exe
  C:\Windows\System\QhpUpLq.exe
  2⤵
  PID:9928
- C:\Windows\System\BYtwMFO.exe
  C:\Windows\System\BYtwMFO.exe
  2⤵
  PID:9956
- C:\Windows\System\uUfQOjv.exe
  C:\Windows\System\uUfQOjv.exe
  2⤵
  PID:9972
- C:\Windows\System\kLsQrTh.exe
  C:\Windows\System\kLsQrTh.exe
  2⤵
  PID:9988
- C:\Windows\System\BLhEHsQ.exe
  C:\Windows\System\BLhEHsQ.exe
  2⤵
  PID:10012
- C:\Windows\System\pTRMwei.exe
  C:\Windows\System\pTRMwei.exe
  2⤵
  PID:10036
- C:\Windows\System\bFwCvaj.exe
  C:\Windows\System\bFwCvaj.exe
  2⤵
  PID:10056
- C:\Windows\System\ppUaQsC.exe
  C:\Windows\System\ppUaQsC.exe
  2⤵
  PID:10072
- C:\Windows\System\pFGJhdm.exe
  C:\Windows\System\pFGJhdm.exe
  2⤵
  PID:10092
- C:\Windows\System\bHYwEhy.exe
  C:\Windows\System\bHYwEhy.exe
  2⤵
  PID:10112
- C:\Windows\System\hWcgela.exe
  C:\Windows\System\hWcgela.exe
  2⤵
  PID:10132
- C:\Windows\System\nowtFAV.exe
  C:\Windows\System\nowtFAV.exe
  2⤵
  PID:10152
- C:\Windows\System\zOnxuBr.exe
  C:\Windows\System\zOnxuBr.exe
  2⤵
  PID:10172
- C:\Windows\System\egcusoL.exe
  C:\Windows\System\egcusoL.exe
  2⤵
  PID:10192
- C:\Windows\System\EUWaGDW.exe
  C:\Windows\System\EUWaGDW.exe
  2⤵
  PID:10208
- C:\Windows\System\IsApyXP.exe
  C:\Windows\System\IsApyXP.exe
  2⤵
  PID:10236
- C:\Windows\System\izInaaI.exe
  C:\Windows\System\izInaaI.exe
  2⤵
  PID:7860
- C:\Windows\System\EEtFikr.exe
  C:\Windows\System\EEtFikr.exe
  2⤵
  PID:9232
- C:\Windows\System\EwoKoWV.exe
  C:\Windows\System\EwoKoWV.exe
  2⤵
  PID:9260
- C:\Windows\System\XNvaxwd.exe
  C:\Windows\System\XNvaxwd.exe
  2⤵
  PID:9276
- C:\Windows\System\wBFJtSg.exe
  C:\Windows\System\wBFJtSg.exe
  2⤵
  PID:9320
- C:\Windows\System\HFyUOgm.exe
  C:\Windows\System\HFyUOgm.exe
  2⤵
  PID:9368
- C:\Windows\System\kgFbVmV.exe
  C:\Windows\System\kgFbVmV.exe
  2⤵
  PID:9048
- C:\Windows\System\oCGIdIs.exe
  C:\Windows\System\oCGIdIs.exe
  2⤵
  PID:9388
- C:\Windows\System\qCHIUae.exe
  C:\Windows\System\qCHIUae.exe
  2⤵
  PID:9432
- C:\Windows\System\vuPhQjR.exe
  C:\Windows\System\vuPhQjR.exe
  2⤵
  PID:9472
- C:\Windows\System\ZquBBnt.exe
  C:\Windows\System\ZquBBnt.exe
  2⤵
  PID:9488
- C:\Windows\System\tkMHTWW.exe
  C:\Windows\System\tkMHTWW.exe
  2⤵
  PID:9520
- C:\Windows\System\oleJGGO.exe
  C:\Windows\System\oleJGGO.exe
  2⤵
  PID:9560
- C:\Windows\System\VFacpAR.exe
  C:\Windows\System\VFacpAR.exe
  2⤵
  PID:9616
- C:\Windows\System\HgRstET.exe
  C:\Windows\System\HgRstET.exe
  2⤵
  PID:9640
- C:\Windows\System\SdqVYuK.exe
  C:\Windows\System\SdqVYuK.exe
  2⤵
  PID:9676
- C:\Windows\System\OgicUNd.exe
  C:\Windows\System\OgicUNd.exe
  2⤵
  PID:9704
- C:\Windows\System\PZeWjbv.exe
  C:\Windows\System\PZeWjbv.exe
  2⤵
  PID:9756
- C:\Windows\System\NYdvkcg.exe
  C:\Windows\System\NYdvkcg.exe
  2⤵
  PID:9784
- C:\Windows\System\bCwWRVo.exe
  C:\Windows\System\bCwWRVo.exe
  2⤵
  PID:9824
- C:\Windows\System\eZRimhR.exe
  C:\Windows\System\eZRimhR.exe
  2⤵
  PID:9868
- C:\Windows\System\uVaSUNg.exe
  C:\Windows\System\uVaSUNg.exe
  2⤵
  PID:9880
- C:\Windows\System\neTWvDQ.exe
  C:\Windows\System\neTWvDQ.exe
  2⤵
  PID:9904
- C:\Windows\System\SHQuzvy.exe
  C:\Windows\System\SHQuzvy.exe
  2⤵
  PID:9948
- C:\Windows\System\gjcAQdo.exe
  C:\Windows\System\gjcAQdo.exe
  2⤵
  PID:9968
- C:\Windows\System\gKcKmKj.exe
  C:\Windows\System\gKcKmKj.exe
  2⤵
  PID:10032
- C:\Windows\System\QlMuUXS.exe
  C:\Windows\System\QlMuUXS.exe
  2⤵
  PID:10048
- C:\Windows\System\ZTrZMOu.exe
  C:\Windows\System\ZTrZMOu.exe
  2⤵
  PID:10084
- C:\Windows\System\MRryPbY.exe
  C:\Windows\System\MRryPbY.exe
  2⤵
  PID:10124
- C:\Windows\System\ljAEHan.exe
  C:\Windows\System\ljAEHan.exe
  2⤵
  PID:10160
- C:\Windows\System\AlrCAfE.exe
  C:\Windows\System\AlrCAfE.exe
  2⤵
  PID:10164
- C:\Windows\System\WqWhuIL.exe
  C:\Windows\System\WqWhuIL.exe
  2⤵
  PID:10204
- C:\Windows\System\nWNegDv.exe
  C:\Windows\System\nWNegDv.exe
  2⤵
  PID:296
- C:\Windows\System\hkeSffG.exe
  C:\Windows\System\hkeSffG.exe
  2⤵
  PID:9288
- C:\Windows\System\HrftGBN.exe
  C:\Windows\System\HrftGBN.exe
  2⤵
  PID:9308
- C:\Windows\System\HKbwAGx.exe
  C:\Windows\System\HKbwAGx.exe
  2⤵
  PID:9468
- C:\Windows\System\ZDpvONJ.exe
  C:\Windows\System\ZDpvONJ.exe
  2⤵
  PID:9384
- C:\Windows\System\FoWxFWr.exe
  C:\Windows\System\FoWxFWr.exe
  2⤵
  PID:9540
- C:\Windows\System\dHnIYkL.exe
  C:\Windows\System\dHnIYkL.exe
  2⤵
  PID:9600
- C:\Windows\System\AbtLzES.exe
  C:\Windows\System\AbtLzES.exe
  2⤵
  PID:9660
- C:\Windows\System\AYOaAlX.exe
  C:\Windows\System\AYOaAlX.exe
  2⤵
  PID:9744
- C:\Windows\System\yTeiaJW.exe
  C:\Windows\System\yTeiaJW.exe
  2⤵
  PID:9596
- C:\Windows\System\WoohYSs.exe
  C:\Windows\System\WoohYSs.exe
  2⤵
  PID:9680
- C:\Windows\System\JxxnTmm.exe
  C:\Windows\System\JxxnTmm.exe
  2⤵
  PID:9804
- C:\Windows\System\IqXdPoQ.exe
  C:\Windows\System\IqXdPoQ.exe
  2⤵
  PID:9936
- C:\Windows\System\cKOMzXR.exe
  C:\Windows\System\cKOMzXR.exe
  2⤵
  PID:9856
- C:\Windows\System\LFNXRPB.exe
  C:\Windows\System\LFNXRPB.exe
  2⤵
  PID:10024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DCnueix.exe

Filesize
6.0MB

MD5
9455dc7d5066b949e2b89b8773c579a6

SHA1
0a0e3ef4dc7ddba4bb41dfd64092e56e8ec49dd5

SHA256
82174adbb9404cbab383e21be16172ac1677f770f269a573a34a6c79897ab042

SHA512
4a69d14b455556a0cad9ffa3184f49584c5b1ce571e7343204b556c18e8bc88d80b11f95d456462e0d20aa842f6c610f72adfa5afc9d5f930f7f159bdcb9842b

Download Submit
C:\Windows\system\EJpcnPU.exe

Filesize
6.0MB

MD5
e69ee138274b62d9b627a3884255c8db

SHA1
06b3305abb42cbe3d8a866251591cad6b2a18bd6

SHA256
a7c63cd53543752c31807a12e2c332cdc2865e79090c4ecdd90fd9ea927f1426

SHA512
8e96e3adfd912dafcd653871c6ab34c25aabb1cfd948226712fc87e772c43683c127ac7afa1c961b48fadbd8294e440b07dbfeda93ffc8ff4ebfd807b07753e5

Download Submit
C:\Windows\system\GfyIcCW.exe

Filesize
6.0MB

MD5
b85a8df5006960d510df76643b665ac0

SHA1
cff0ac75e45910a7a3ec4922c79a4c7f7be16890

SHA256
5c056fe9aed5e20ca704836a79cb8f4493632d4ca04c8af0223e279f72c8437d

SHA512
2d171e3aaf947a421846b6beb9732c254ef858da7c945fd039bac19d74c3faa04b6c933ed60087633a5478037b415c4f18ccfe4e1a23b50b9077dfee9d4248c9

Download Submit
C:\Windows\system\IoSvvmD.exe

Filesize
6.0MB

MD5
c4304b445c1733e023fbeda9c3e607ed

SHA1
6232fb74e5e3b5f5610aa36dd48085d08afccd50

SHA256
54fc1a47fd4be008cdcbca02546f730b06ecbf3111d41c2448164e9276c11c77

SHA512
7792d3ae9475a5d86e6a188c7936abf95ff24dc615c468e24cb1fbe4be7cb18bd16b1a83b147bcbfb509223949b578218f5952520acd96ebf099aad6bfc5ef29

Download Submit
C:\Windows\system\JkStqhg.exe

Filesize
6.0MB

MD5
e690b36ef177560fd1baf5c6410663e9

SHA1
e29e839e8290a1ac860b9cf9d70a41ce187c0430

SHA256
92e917a03ee87a4b678c6b9af015f849a0a46a124b09b7bf571e1851d545486e

SHA512
8554e6c0bad151bcf450adc1b208d6472ca25e18f3df66be8d0a88a2cef301de96afa09aa0e9a83b9d2e25b7e2cecfc8aaa540e8b988576961c3407693c77d6b

Download Submit
C:\Windows\system\JxDaCdv.exe

Filesize
6.0MB

MD5
0494b1dccedee9e3881674546111cd52

SHA1
095b2360836aaea8f9affc0eedfa1d6ef39f7526

SHA256
1652e69dbb299dbd68137b6b5a5d7852cb7ff1595bcef7ec29723bba082562a0

SHA512
e8163aec235c8ae7abb66a519dda443da0a81045607c6e228653e9ae42fbdef21f7298c1165c0cf4968c74a156a932c3ab19ce615eb420a80b5e45b05ef8c47a

Download Submit
C:\Windows\system\KNrokSz.exe

Filesize
6.0MB

MD5
4e5ad68651f526f81e8d6e75fbaa952f

SHA1
117c66c9017750ec5621d4e3f001dfe253eb3855

SHA256
e3b79f406e1d2304785ccbd4dc503b147bded88ba44f773010c127770a0da408

SHA512
e80ad38544260e5cb1fdb62b418fe3b3a7d53060408d4debb2f56796da80c17eeae823efcd59e4e4a195bae66fb8ae1763f875a082bf02416164f588d890dd15

Download Submit
C:\Windows\system\KSsTMDV.exe

Filesize
6.0MB

MD5
f214ba88dd1670298247aa2f9dfd7055

SHA1
44bb16ead362958a138cf4f002df7bb104cee523

SHA256
9a00551f62087cee48d1894c0a8910c1e36ecce65da3c12f7f2c6c69c41795bf

SHA512
cd804b7964a89243745cc069eb61050cb02955c83de0a3988d19526693050ce0adc2cf5da7a42cb64585c1a6cef515cff60328f96167dfbc577d3e432ab2d64f

Download Submit
C:\Windows\system\KstOqny.exe

Filesize
6.0MB

MD5
4f2031735f41588bc0886e997c8e667a

SHA1
96b0a1074bc22cf2bbbf1007ac99259c293a9008

SHA256
6a88ebe4c514286eecb22f06f107cf36cd0c836ddbd39d74668fbfea2a404aca

SHA512
469a2905be69277c57ded023a5cc3a461a68a7d40e2ac265490aa0321054761851e541cb0f12178c84730cda7cb3c6112862cb5d7a1a31e52b0896f43289cae7

Download Submit
C:\Windows\system\LSxjUDm.exe

Filesize
6.0MB

MD5
d7b011bc4a06b3777707ead277cebaf3

SHA1
6659e5481ca37640b1aa600b24aa3775840370d6

SHA256
cacfbaf96ac747cfb905fe6a80a92bcbd5b8eed8465ffed40df053907921ad5b

SHA512
59a6dfd9c11009391e1b82caeb8fc0f5bbd8f5be79e4b2d74451e2eae1828bd003c7d1ba41621382e703af71cbc0b4686309227941f600b306e665cced99065d

Download Submit
C:\Windows\system\MoKWajY.exe

Filesize
6.0MB

MD5
a13b9192a5221a6f99f85fe3e5fff23d

SHA1
cf6812f33929977d83d0b74205828953bc8d2906

SHA256
2530db265a82bcb2c18c289fae73e80b207f50e94c0a489da1e75940062d1f3b

SHA512
3fda687ef2d954bd1f95f7a1d9b5ab6ed6ce1cfffbf4f2043e4ac0073c2fb2bced6a46205c6c888d7a072975feae652a6feb7a4b9836a95a1389586511e4bbb2

Download Submit
C:\Windows\system\OTBNLNf.exe

Filesize
6.0MB

MD5
6411e1ca3e203e3b6df5eb936e043830

SHA1
963cdba53f7293645168f37e8ae31ab81d870c4c

SHA256
011899473b77cbb6de565648f5c6f02c6b76fe9ac233f1bc2e1fa8e977804031

SHA512
af7e52acd7143b48aa13917433a6a39af3b94335da1de0186c07d7bfea232686311ca3e947133d34dd51acca377de041c43b637fda8f7a636e1493834d1273cd

Download Submit
C:\Windows\system\QEJQPvr.exe

Filesize
6.0MB

MD5
c711f171bc32280f478f1a301104fee4

SHA1
adea99252dcd2ca0a995ae16ef0e599aa6082eb2

SHA256
9e3bcdde492a4d35b89d6778769116101db340aacb0a6bd373a9969a0a2609c7

SHA512
229f1c29a700b24137d3cffb1b40814c51d1120d1c625a4781ee7cab14387be4a06867c96c23ccfa33de3f3a0f747bd44a05aa28537e15e539d76894def594b7

Download Submit
C:\Windows\system\SqqjRdY.exe

Filesize
6.0MB

MD5
05adb360361892c5bdbed2e5dd17df71

SHA1
998d8a52e0429144e73f912cb2cf4567a5618819

SHA256
1330132346fa99a2448aad9af9e0485fd98d4f54790a131d3caaf73e331a2781

SHA512
28da191b0208f60d73efdd758df3d95dc3edd4e4fcc8a3fc2cd30170f002fa7d698b0fc1644f602c11ec7134d534f8c020de82b2d8042a1d69c1975bebb11bdb

Download Submit
C:\Windows\system\THTZmsB.exe

Filesize
6.0MB

MD5
a511d945f657cc7430a738a9f9f867d4

SHA1
5966f2b5cc718d785331f517ad8cb7061bcb76ba

SHA256
2c3bb05b3058a6ff3941a89716c49f7fada1538e65f6aed06b7cdd4a0e2454a0

SHA512
53fe623daa7df50151e6e12dfda286175db4b21de39bf49961182f1e831ad1841ebddca363eec3b4e83db75b99dff4ee3e667f3e1072a4b96b8b8b7372a2f44c

Download Submit
C:\Windows\system\VHRlAMK.exe

Filesize
6.0MB

MD5
1a1b30b49a0a17a0aaa3d33a9b825259

SHA1
a533d9c238bc6ffb673310d65a0107fbd85bb256

SHA256
59fa0583af181b6b51073b2ed0b16bbcadea6320533864366460f5e64d373e9b

SHA512
4d5d5d931cbb40666847f935dab87df1259229edf3eb9072d5634cdd6cb76776508db22fe69bc63278f4f82632a5da735cf9b8a2da34b13f89e8676842d6252f

Download Submit
C:\Windows\system\WfYbSzn.exe

Filesize
6.0MB

MD5
6fbb8532ff2a0783e3db5b07f47229f1

SHA1
5be4e04a07a9d76f315187f3cba49e36eddf5d24

SHA256
84e62cd61e97d3ee4dd75b63a1b0bcc810136a0cf5b5c4ad28beaf99bcba0694

SHA512
2e60eb233acbea184c95c3b065111d5f3d0ab288c69ce8501debc5b52545ca6820894bb36551ff00eb06b7c231774f6308d86731b47ea1d7f2fd68aafd5cf0b6

Download Submit
C:\Windows\system\XOMMyUb.exe

Filesize
6.0MB

MD5
c3acf193002ef942e83f82cdef6081e3

SHA1
b27c0832eab1a8db147c68d19f71c1e93bece7c7

SHA256
2afd19660238ae444b53b88a064eda5fde249e69802176ef87777264858a9053

SHA512
2f410feef05e82224d7ead583d374617380a1b103d54e29725360bab7ddc10efbf214e21ae31e0224debe027fc5d1bad11fef7912e923f70ada87318605db62e

Download Submit
C:\Windows\system\ZCyVIeC.exe

Filesize
8B

MD5
0b305402a097835aad3f2fa0818d402a

SHA1
672336e427a92cab5cba6b4775f93bc8fde74f1e

SHA256
0cfff047129afee86f9d9b59549c9fc3a0bef9ca26189c4f5540edf1be32dd08

SHA512
7b284013ed4200d107562db97cddd2ddd29937303c3b8a2a2e952659b391e6eb094a87ca44516c556a4d548556b2a19ea2363be7474cbc501f3a1420e04c9760

Download Submit
C:\Windows\system\acVzVDM.exe

Filesize
6.0MB

MD5
9ff911db17692c98355be86d6b14f897

SHA1
69bdd4f7049ba622a44cd5c88d1d8fd989f9d282

SHA256
575bc93a8f48faafbf61ecef47a5f7919dcd16921fa63f3b0d94f9bf0af676be

SHA512
79dac0650cf15fe5ab47781f910219ea795c1b7ddee16363be4252d310ec3b23fe74c1687a656e0207196d1ad8b9555af9c48aa7cf072b02386bdaebe57d945f

Download Submit
C:\Windows\system\bTHvnPK.exe

Filesize
6.0MB

MD5
b65690172d02171322330b69082384a4

SHA1
b5c5ecd61d0210f8e6a43821d251d18fbf9b263d

SHA256
b55a46f61c2b23514149158da1943003e7993fd3ff9bdd8afb10428520a86d34

SHA512
5abd9152ead34abd7466e9c74d58d0f92bd0420c6066d0b5ebca08e855dd744f993c0edfc7c8bc0e765171fcc880cdb048a7f5817aa228b3e4101c932656abdb

Download Submit
C:\Windows\system\dBwjyWj.exe

Filesize
6.0MB

MD5
863a17353aba1ea1e725df808d4f3071

SHA1
32df57ecd9dcfbb047ed773fb525cf2d802ab9b4

SHA256
3a28819709156fc5a0bb24d91981d87c34b9a56f4081b7a9fb5d53a667ec4e92

SHA512
c62c7a17d9c6b8911996eb71212bcf5221d1fbdbe71ac148d1108fd94f90b73d5a8a7d9f71d324a7b7c1faa0e7a12351f09e00b78e6b2b2a50b9b25fc480543c

Download Submit
C:\Windows\system\dSRyqXp.exe

Filesize
6.0MB

MD5
b76933050e0d0309a6d6fc8abdae75b7

SHA1
4169a975de550c7fac78c78bc0461b32082524d8

SHA256
79c28c679ef9c4ebf32b1ae5488af27154a2c6590473c9089ad67588626fdca1

SHA512
a39232535d56a021a562d00f2e46ce73c12fa6b999b76879c3133340a56fd3ac41c4457da541c658f1d895a8ed8189f81f6695e31a6432565707a2a9ef810483

Download Submit
C:\Windows\system\eOCwBRr.exe

Filesize
6.0MB

MD5
56b096b902a7f230648cf65e78e03e60

SHA1
0b71685b749ce28b44fd717d5ef985419c3c1067

SHA256
d33648b68983b39a0b21b7ca83581d51ddbd88a8f67b93601bab4cec592cf9a7

SHA512
c8b68412286d8794cae7fe6616c5255c079a90fb7f9ede730ab4e17bf28a5703a819024e872c67a0a5f677361515bd75d5966965eda518f5245180dd626b508c

Download Submit
C:\Windows\system\ggCbRqd.exe

Filesize
6.0MB

MD5
e3882af0addcd219d8871bd22fafd941

SHA1
176771e582e74515f3aeeb5440408febd24fe01b

SHA256
a7ef31f12fd4d8d4948c765c7a5d389d52a4683c7d9b8a5287536e4eedbfc2b7

SHA512
9c08a254500be34b5a36d912bbfbddf88e40cfa388e8076165af7a5e218063979ccfaef13748a680b816db8d5bf8cc455bce7c126e2fa2c39a123b1d66747c8f

Download Submit
C:\Windows\system\hlAeeQU.exe

Filesize
6.0MB

MD5
8489fd3ba2e0fa8819237f46e5a64765

SHA1
2783d583813d2b9c5dfd06cad702ba1cda34e6b7

SHA256
c55336f8c5e53957a76c16b275ed9162c369ca6c77b053b9c2ccb29a116c817e

SHA512
89259a6026ade8d228ba6819f05b99a2f5bafee7757bfa1cab560760e8fc9145611fe4833d71b1c24634c3a901334b044916d75bae1c813ff916cb27e1e30cb4

Download Submit
C:\Windows\system\pMKLuPA.exe

Filesize
6.0MB

MD5
2534d72c10f6b242aaae9352da385acc

SHA1
fc09ec4ae8719758a0c58d26d4bcb0dab61c8196

SHA256
d274914a00f1b95348a2fce65ee091a02473bf274ec6f5a871d4d57c18e9d7ec

SHA512
2d9302d5fddf0c1efc6293312a96b1a17ab7a720f7a5034f5fac6c56536709751ee483546bd95d1c5e3fb416fb138cc2e1c869dfd0921f31f3d7098dac55cbce

Download Submit
C:\Windows\system\rRUCyfC.exe

Filesize
6.0MB

MD5
8254af3fbe2376dadc33c14b1aaeed74

SHA1
565917e9c463562e691a97fb817410ba5ed42441

SHA256
af0d7afeb0d9d01ec32001c36eae328ffc550f4c8325780b03e4778b85a80bd0

SHA512
5eb9b544afa2e983ad9fe174c64b2c616fcdd3e0ae4245f663670fcc357d7ded390a1c25e13a572501c6ecb92b29f233a528a69cee48b1bc9668389c3ea7e7a8

Download Submit
C:\Windows\system\sPQwALY.exe

Filesize
6.0MB

MD5
382e602eea081e60c8e7e014ad1478a2

SHA1
03c1a99dd5f301663cfc4b9cd059dce547b46790

SHA256
165075cff86dd1cb4cc6c4bba41ccb047807b7aaa86f6363b3da89e310c01a10

SHA512
2796d2273e5b4fc3a89a780bccd4eccee88ad22adff7abc4e337186044c02ef7a95ca7c13015561c0a1456a0e30bd7c3d78587cbc7547cfed796ea924253162a

Download Submit
C:\Windows\system\vhXjJVk.exe

Filesize
6.0MB

MD5
51113330648a562858dfe78ac0980eea

SHA1
ac143e5a5bd877dd2b054d38e4d5b6aa80031436

SHA256
7027537b4f19f8b4b8aee8be718d29391f72ba6344ac5891e269fe2eef722537

SHA512
4a77c9ba0992df36f6e4fca797a26ddb50d2c6493b606670b081bceec94f6f16a45bc4bc14fe72959d4af791344ff1ba4d59e480c7302b25de960668cff06b09

Download Submit
C:\Windows\system\yjNjesQ.exe

Filesize
6.0MB

MD5
6a2b3332495692e767b46068f3f0f55e

SHA1
67a5b081880ffee5604af21da0b7fa158dc44ae5

SHA256
3464c819e37dbd98da2977b653d74e911ed84ebae60feeee97671d3c342aef16

SHA512
a116a673dc9f3659d7ec1f74b9fdaa0494a114124f770f2ff13fa181d82fcb692cd19cebff9ac6b2053b48adfd5667851d6bdd86494e02b2fc354f721f13f734

Download Submit
C:\Windows\system\zsQNzmD.exe

Filesize
6.0MB

MD5
9bcc1e128ba5a3a918b84a1c36aa7b4e

SHA1
888e01b7a6fe9b3d3ce21d5b31f9b871a4593120

SHA256
b88a0d08514948c7c02e7f2722e2735ca96f49290f23c7decd13c20f70a88648

SHA512
c7df71832bfbb92163865a01a06a9cbd919f1c3cb6573ad130865b995e75a4e588736421e0f839d9ccb2bbee48b2a9ba1962981ee9282baff1c868af916e846c

Download Submit
C:\Windows\system\zvxTOWQ.exe

Filesize
6.0MB

MD5
48e5741e20b1b1efd728f29e17f9bc65

SHA1
e4ea397c37f7d5f1e10f9550d0a5398d84de1824

SHA256
89c2b9c016ec98eb3fe808bd46d7dc9730e8634d5a385c1dabcfad5ac1b1a639

SHA512
637e942342608fd336691c543e9de6c9c78ad45a99fd0c10fd16e18f2af9282d6ea394400c64b5e569db707d78e14d7d9998f08d56a855f75966d6f2f4ebaf0a

Download Submit
memory/1704-24-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-1550-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-3619-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-29-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-3621-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-14-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1988-3616-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2148-1179-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2148-3638-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1169-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-19-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2618-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1875-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2580-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2248-7-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2248-28-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2555-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2560-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2581-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2578-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2565-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2569-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2542-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1182-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-2577-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1195-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1184-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1178-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2248-34-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1176-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1174-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2248-41-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1172-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-0-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1156-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1165-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-108-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2424-3641-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2484-15-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-3612-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1173-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3642-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3640-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2612-1175-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3635-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1170-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1188-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3655-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2812-39-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3686-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3658-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1164-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-1167-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3639-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-3646-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/3052-1177-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download