cobaltstrike | 9e00cb4a41be10c1296c10c8d416b01dbebe036a6a519080cf48d7012683956d

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a391f1630009574519046002625e3e98
SHA1

af888cd1041d2e0d59c65e8cc9bcbff78d55c366
SHA256

9e00cb4a41be10c1296c10c8d416b01dbebe036a6a519080cf48d7012683956d
SHA512

1f3dfe561447158635216d8594113d2b4affc12f1a74cfa4d5944aab3398a883f3013bea184a87ddfe92d227c0af1961230157d622d4c51eeaf33517b500d2d2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225e-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018780-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018bdd-16.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001921d-26.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c32-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019999-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ed-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001969b-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-86.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001930d-53.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001925b-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019242-39.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001923e-35.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2064-0-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225e-3.dat	xmrig
behavioral1/memory/2352-9-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x0007000000018780-10.dat	xmrig
behavioral1/files/0x0008000000018bdd-16.dat	xmrig
behavioral1/memory/2884-22-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2064-20-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2600-15-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x000700000001921d-26.dat	xmrig
behavioral1/memory/2960-36-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2852-41-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2288-52-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x0005000000019581-74.dat	xmrig
behavioral1/files/0x00050000000195c0-96.dat	xmrig
behavioral1/files/0x00050000000195fe-129.dat	xmrig
behavioral1/memory/2884-4272-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2764-4271-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2808-4277-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2600-4276-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2852-4275-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2288-4270-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2960-4269-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2812-4267-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2912-4259-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2352-4256-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2692-4254-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2672-4253-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2984-4252-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2064-686-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/2732-444-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2288-443-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c50-192.dat	xmrig
behavioral1/files/0x0005000000019c34-184.dat	xmrig
behavioral1/files/0x0005000000019c36-187.dat	xmrig
behavioral1/files/0x0005000000019c32-177.dat	xmrig
behavioral1/files/0x0005000000019999-173.dat	xmrig
behavioral1/files/0x00050000000196ed-167.dat	xmrig
behavioral1/files/0x000500000001969b-163.dat	xmrig
behavioral1/files/0x0005000000019659-158.dat	xmrig
behavioral1/files/0x0005000000019615-153.dat	xmrig
behavioral1/files/0x0005000000019605-147.dat	xmrig
behavioral1/files/0x0005000000019603-143.dat	xmrig
behavioral1/files/0x00050000000195ff-133.dat	xmrig
behavioral1/files/0x0005000000019601-139.dat	xmrig
behavioral1/files/0x00050000000195fd-124.dat	xmrig
behavioral1/files/0x00050000000195fb-118.dat	xmrig
behavioral1/files/0x00050000000195f9-114.dat	xmrig
behavioral1/memory/2852-109-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/files/0x00050000000195f7-107.dat	xmrig
behavioral1/memory/2960-104-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2672-103-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2692-102-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2984-101-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2764-100-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2812-99-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2912-98-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001955c-93.dat	xmrig
behavioral1/files/0x00050000000194e6-91.dat	xmrig
behavioral1/files/0x0005000000019551-87.dat	xmrig
behavioral1/files/0x00050000000194e4-86.dat	xmrig
behavioral1/memory/2064-84-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/2064-83-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/2808-82-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2884-73-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2352	pbSbHgV.exe
2600	hBSnfji.exe
2884	xZtZuJq.exe
2808	FJSHTfB.exe
2960	nORABxD.exe
2852	KLaECah.exe
2288	daNkcMs.exe
2732	tvzikwl.exe
2912	wgMAUmC.exe
2812	eBoGgzm.exe
2764	SDMWhEe.exe
2984	jFycovb.exe
2692	GuPlNCm.exe
2672	XgjYsOq.exe
1604	ajbchUB.exe
1792	ndPzohL.exe
2756	tzmBUey.exe
1996	ApjuPVF.exe
1632	WiImEAV.exe
1624	RBmHWew.exe
356	GGEdqyN.exe
1692	nlbWefL.exe
2936	yPxxmPJ.exe
2892	tLJayMX.exe
2284	xspXghz.exe
2176	EbjHIIT.exe
1224	IbzsqsP.exe
1600	Iwiiwzs.exe
828	rTTjTOD.exe
2292	jWYprqL.exe
1616	yWSvVSJ.exe
1284	TKBfCPz.exe
352	bWXWLjZ.exe
1708	cFaPmhe.exe
1424	UywDbAE.exe
796	aKOpBTk.exe
1256	wXQPXMy.exe
1488	dIhVNXJ.exe
1920	WQbFdCK.exe
696	sZrLcLb.exe
1540	PtAaoqE.exe
2468	xKTIyOZ.exe
3032	OoXIdmx.exe
2520	iuVjreN.exe
896	eDSuuzx.exe
2880	gdrenOH.exe
1440	LVqDXoP.exe
2412	GLwUFsb.exe
2584	TZWZUyv.exe
2132	eewURtv.exe
1524	qVNqQPK.exe
2160	gJuUQJp.exe
2336	yZEgOdq.exe
2792	HxdYYxP.exe
2964	obfaDpN.exe
2992	DyRwwyP.exe
2724	HYmkaDA.exe
2820	IpIZwLl.exe
2728	mUdkMXG.exe
1760	DDZygEr.exe
2480	uwisjjr.exe
2004	sVwAKtl.exe
836	rPtrEUr.exe
1020	yDhkdjg.exe

Loads dropped DLL 64 IoCs

pid	Process
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-0-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x000b00000001225e-3.dat	upx
behavioral1/memory/2352-9-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x0007000000018780-10.dat	upx
behavioral1/files/0x0008000000018bdd-16.dat	upx
behavioral1/memory/2884-22-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2600-15-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x000700000001921d-26.dat	upx
behavioral1/memory/2960-36-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2852-41-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2288-52-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x0005000000019581-74.dat	upx
behavioral1/files/0x00050000000195c0-96.dat	upx
behavioral1/files/0x00050000000195fe-129.dat	upx
behavioral1/memory/2884-4272-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2764-4271-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2808-4277-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2600-4276-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2852-4275-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2288-4270-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2960-4269-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2812-4267-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2912-4259-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2352-4256-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2692-4254-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2672-4253-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2984-4252-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2732-444-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2288-443-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x0005000000019c50-192.dat	upx
behavioral1/files/0x0005000000019c34-184.dat	upx
behavioral1/files/0x0005000000019c36-187.dat	upx
behavioral1/files/0x0005000000019c32-177.dat	upx
behavioral1/files/0x0005000000019999-173.dat	upx
behavioral1/files/0x00050000000196ed-167.dat	upx
behavioral1/files/0x000500000001969b-163.dat	upx
behavioral1/files/0x0005000000019659-158.dat	upx
behavioral1/files/0x0005000000019615-153.dat	upx
behavioral1/files/0x0005000000019605-147.dat	upx
behavioral1/files/0x0005000000019603-143.dat	upx
behavioral1/files/0x00050000000195ff-133.dat	upx
behavioral1/files/0x0005000000019601-139.dat	upx
behavioral1/files/0x00050000000195fd-124.dat	upx
behavioral1/files/0x00050000000195fb-118.dat	upx
behavioral1/files/0x00050000000195f9-114.dat	upx
behavioral1/memory/2852-109-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/files/0x00050000000195f7-107.dat	upx
behavioral1/memory/2960-104-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2672-103-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2692-102-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2984-101-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2764-100-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2812-99-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2912-98-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x000500000001955c-93.dat	upx
behavioral1/files/0x00050000000194e6-91.dat	upx
behavioral1/files/0x0005000000019551-87.dat	upx
behavioral1/files/0x00050000000194e4-86.dat	upx
behavioral1/memory/2808-82-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2884-73-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x000800000001930d-53.dat	upx
behavioral1/memory/2732-61-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2600-51-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2064-40-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nORABxD.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKmHeOU.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsYuIIk.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlDLLad.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuzxFYV.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\orzsanz.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqWuyZG.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVWrnKa.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nualCjl.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPkFwcE.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JyZIBuH.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVwAKtl.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAbeYpH.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MvukpnD.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkHcMCW.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeYkeTU.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ictWoHB.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqxDsot.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxwWgLZ.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntMNbGp.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqANFcr.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WQCCsmL.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMWEYgh.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DCsVbwV.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfipuUl.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMhEWxS.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIoOaNy.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xTMgIIS.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXvUiUC.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btFFurN.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZPWwmn.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmQhcfn.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNclhIr.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRCYund.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpRgVLw.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvgVdeA.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YiPdNqG.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZiThwPA.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHLZosA.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxzXThS.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyQoszz.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odbIrSz.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGZgTfc.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKjSdxP.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlSsxPR.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhjqxaX.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhfUjTR.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\urwVZWH.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVeFXYG.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EaLFCVK.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMjOcqj.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjgufFJ.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtopIfl.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOrSNTU.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXjNHIg.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqRkENE.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjoIQpG.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZflJay.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZEgOdq.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUdkMXG.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAIOVIE.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vWLUHRH.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEKySqA.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSDRkhF.exe	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2352	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 2352	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 2352	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 2600	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 2600	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 2600	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 2884	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2884	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2884	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2808	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2808	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2808	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2960	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 2960	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 2960	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 2852	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2852	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2852	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2288	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2288	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2288	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2732	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2732	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2732	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2912	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2912	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2912	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2984	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2984	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2984	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2812	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2812	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2812	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2692	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2692	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2692	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2764	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2764	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2764	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2672	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 2672	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 2672	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 1604	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 1604	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 1604	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 1792	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 1792	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 1792	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 2756	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 2756	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 2756	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 1996	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 1996	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 1996	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 1632	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 1632	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 1632	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 1624	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 1624	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 1624	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 356	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 356	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 356	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 1692	2064	2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_a391f1630009574519046002625e3e98_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\System\pbSbHgV.exe
  C:\Windows\System\pbSbHgV.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\hBSnfji.exe
  C:\Windows\System\hBSnfji.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\xZtZuJq.exe
  C:\Windows\System\xZtZuJq.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\FJSHTfB.exe
  C:\Windows\System\FJSHTfB.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\nORABxD.exe
  C:\Windows\System\nORABxD.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\KLaECah.exe
  C:\Windows\System\KLaECah.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\daNkcMs.exe
  C:\Windows\System\daNkcMs.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\tvzikwl.exe
  C:\Windows\System\tvzikwl.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\wgMAUmC.exe
  C:\Windows\System\wgMAUmC.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\jFycovb.exe
  C:\Windows\System\jFycovb.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\eBoGgzm.exe
  C:\Windows\System\eBoGgzm.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\GuPlNCm.exe
  C:\Windows\System\GuPlNCm.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\SDMWhEe.exe
  C:\Windows\System\SDMWhEe.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\XgjYsOq.exe
  C:\Windows\System\XgjYsOq.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\ajbchUB.exe
  C:\Windows\System\ajbchUB.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\ndPzohL.exe
  C:\Windows\System\ndPzohL.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\tzmBUey.exe
  C:\Windows\System\tzmBUey.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\ApjuPVF.exe
  C:\Windows\System\ApjuPVF.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\WiImEAV.exe
  C:\Windows\System\WiImEAV.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\RBmHWew.exe
  C:\Windows\System\RBmHWew.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\GGEdqyN.exe
  C:\Windows\System\GGEdqyN.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\nlbWefL.exe
  C:\Windows\System\nlbWefL.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\yPxxmPJ.exe
  C:\Windows\System\yPxxmPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\tLJayMX.exe
  C:\Windows\System\tLJayMX.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\xspXghz.exe
  C:\Windows\System\xspXghz.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\EbjHIIT.exe
  C:\Windows\System\EbjHIIT.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\IbzsqsP.exe
  C:\Windows\System\IbzsqsP.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\Iwiiwzs.exe
  C:\Windows\System\Iwiiwzs.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\rTTjTOD.exe
  C:\Windows\System\rTTjTOD.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\jWYprqL.exe
  C:\Windows\System\jWYprqL.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\yWSvVSJ.exe
  C:\Windows\System\yWSvVSJ.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\TKBfCPz.exe
  C:\Windows\System\TKBfCPz.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\bWXWLjZ.exe
  C:\Windows\System\bWXWLjZ.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\cFaPmhe.exe
  C:\Windows\System\cFaPmhe.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\UywDbAE.exe
  C:\Windows\System\UywDbAE.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\aKOpBTk.exe
  C:\Windows\System\aKOpBTk.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\wXQPXMy.exe
  C:\Windows\System\wXQPXMy.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\dIhVNXJ.exe
  C:\Windows\System\dIhVNXJ.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\WQbFdCK.exe
  C:\Windows\System\WQbFdCK.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\sZrLcLb.exe
  C:\Windows\System\sZrLcLb.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\PtAaoqE.exe
  C:\Windows\System\PtAaoqE.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\xKTIyOZ.exe
  C:\Windows\System\xKTIyOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\OoXIdmx.exe
  C:\Windows\System\OoXIdmx.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\iuVjreN.exe
  C:\Windows\System\iuVjreN.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\eDSuuzx.exe
  C:\Windows\System\eDSuuzx.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\gdrenOH.exe
  C:\Windows\System\gdrenOH.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\LVqDXoP.exe
  C:\Windows\System\LVqDXoP.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\GLwUFsb.exe
  C:\Windows\System\GLwUFsb.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\TZWZUyv.exe
  C:\Windows\System\TZWZUyv.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\eewURtv.exe
  C:\Windows\System\eewURtv.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\qVNqQPK.exe
  C:\Windows\System\qVNqQPK.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\gJuUQJp.exe
  C:\Windows\System\gJuUQJp.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\yZEgOdq.exe
  C:\Windows\System\yZEgOdq.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\HxdYYxP.exe
  C:\Windows\System\HxdYYxP.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\obfaDpN.exe
  C:\Windows\System\obfaDpN.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\DyRwwyP.exe
  C:\Windows\System\DyRwwyP.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\HYmkaDA.exe
  C:\Windows\System\HYmkaDA.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\IpIZwLl.exe
  C:\Windows\System\IpIZwLl.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\mUdkMXG.exe
  C:\Windows\System\mUdkMXG.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\DDZygEr.exe
  C:\Windows\System\DDZygEr.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\uwisjjr.exe
  C:\Windows\System\uwisjjr.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\sVwAKtl.exe
  C:\Windows\System\sVwAKtl.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\rPtrEUr.exe
  C:\Windows\System\rPtrEUr.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\yDhkdjg.exe
  C:\Windows\System\yDhkdjg.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\yYUVDyM.exe
  C:\Windows\System\yYUVDyM.exe
  2⤵
  PID:1944
- C:\Windows\System\WIhbYdv.exe
  C:\Windows\System\WIhbYdv.exe
  2⤵
  PID:2988
- C:\Windows\System\TdmZynT.exe
  C:\Windows\System\TdmZynT.exe
  2⤵
  PID:2240
- C:\Windows\System\xBmfiXu.exe
  C:\Windows\System\xBmfiXu.exe
  2⤵
  PID:2452
- C:\Windows\System\MedyTMa.exe
  C:\Windows\System\MedyTMa.exe
  2⤵
  PID:912
- C:\Windows\System\GxvSRjM.exe
  C:\Windows\System\GxvSRjM.exe
  2⤵
  PID:2184
- C:\Windows\System\MMZYtKq.exe
  C:\Windows\System\MMZYtKq.exe
  2⤵
  PID:1452
- C:\Windows\System\sJPBcbw.exe
  C:\Windows\System\sJPBcbw.exe
  2⤵
  PID:2124
- C:\Windows\System\KVwKRyB.exe
  C:\Windows\System\KVwKRyB.exe
  2⤵
  PID:1852
- C:\Windows\System\FzMFUOF.exe
  C:\Windows\System\FzMFUOF.exe
  2⤵
  PID:904
- C:\Windows\System\QJEacwP.exe
  C:\Windows\System\QJEacwP.exe
  2⤵
  PID:2592
- C:\Windows\System\zkeEkzJ.exe
  C:\Windows\System\zkeEkzJ.exe
  2⤵
  PID:2576
- C:\Windows\System\eiiuFBN.exe
  C:\Windows\System\eiiuFBN.exe
  2⤵
  PID:812
- C:\Windows\System\fqNOyWr.exe
  C:\Windows\System\fqNOyWr.exe
  2⤵
  PID:2360
- C:\Windows\System\ocLbkXJ.exe
  C:\Windows\System\ocLbkXJ.exe
  2⤵
  PID:468
- C:\Windows\System\TNkuhYV.exe
  C:\Windows\System\TNkuhYV.exe
  2⤵
  PID:1220
- C:\Windows\System\wggvOgd.exe
  C:\Windows\System\wggvOgd.exe
  2⤵
  PID:612
- C:\Windows\System\aMSbUYc.exe
  C:\Windows\System\aMSbUYc.exe
  2⤵
  PID:1532
- C:\Windows\System\kkHZJJK.exe
  C:\Windows\System\kkHZJJK.exe
  2⤵
  PID:2332
- C:\Windows\System\OWJmUpy.exe
  C:\Windows\System\OWJmUpy.exe
  2⤵
  PID:1628
- C:\Windows\System\LdjQmRN.exe
  C:\Windows\System\LdjQmRN.exe
  2⤵
  PID:3004
- C:\Windows\System\WXhwOpt.exe
  C:\Windows\System\WXhwOpt.exe
  2⤵
  PID:2928
- C:\Windows\System\RKmHeOU.exe
  C:\Windows\System\RKmHeOU.exe
  2⤵
  PID:2344
- C:\Windows\System\VAIOVIE.exe
  C:\Windows\System\VAIOVIE.exe
  2⤵
  PID:756
- C:\Windows\System\nyvcPjn.exe
  C:\Windows\System\nyvcPjn.exe
  2⤵
  PID:1784
- C:\Windows\System\sRendZQ.exe
  C:\Windows\System\sRendZQ.exe
  2⤵
  PID:3092
- C:\Windows\System\VBjyqjf.exe
  C:\Windows\System\VBjyqjf.exe
  2⤵
  PID:3112
- C:\Windows\System\dCGXNxQ.exe
  C:\Windows\System\dCGXNxQ.exe
  2⤵
  PID:3132
- C:\Windows\System\gyFFrDP.exe
  C:\Windows\System\gyFFrDP.exe
  2⤵
  PID:3152
- C:\Windows\System\ntMNbGp.exe
  C:\Windows\System\ntMNbGp.exe
  2⤵
  PID:3172
- C:\Windows\System\KaPTWVM.exe
  C:\Windows\System\KaPTWVM.exe
  2⤵
  PID:3192
- C:\Windows\System\ARkHuiR.exe
  C:\Windows\System\ARkHuiR.exe
  2⤵
  PID:3212
- C:\Windows\System\vEAjQLu.exe
  C:\Windows\System\vEAjQLu.exe
  2⤵
  PID:3232
- C:\Windows\System\dmPHZmp.exe
  C:\Windows\System\dmPHZmp.exe
  2⤵
  PID:3252
- C:\Windows\System\TIGIVeX.exe
  C:\Windows\System\TIGIVeX.exe
  2⤵
  PID:3272
- C:\Windows\System\GjzVATS.exe
  C:\Windows\System\GjzVATS.exe
  2⤵
  PID:3292
- C:\Windows\System\jHnxcUe.exe
  C:\Windows\System\jHnxcUe.exe
  2⤵
  PID:3312
- C:\Windows\System\dAKbpnt.exe
  C:\Windows\System\dAKbpnt.exe
  2⤵
  PID:3332
- C:\Windows\System\yRNGxhz.exe
  C:\Windows\System\yRNGxhz.exe
  2⤵
  PID:3352
- C:\Windows\System\vVDaJpZ.exe
  C:\Windows\System\vVDaJpZ.exe
  2⤵
  PID:3372
- C:\Windows\System\bmiHzDq.exe
  C:\Windows\System\bmiHzDq.exe
  2⤵
  PID:3392
- C:\Windows\System\hYxAyiz.exe
  C:\Windows\System\hYxAyiz.exe
  2⤵
  PID:3412
- C:\Windows\System\qpyyUAu.exe
  C:\Windows\System\qpyyUAu.exe
  2⤵
  PID:3432
- C:\Windows\System\hMFQAnX.exe
  C:\Windows\System\hMFQAnX.exe
  2⤵
  PID:3452
- C:\Windows\System\uRJDDma.exe
  C:\Windows\System\uRJDDma.exe
  2⤵
  PID:3472
- C:\Windows\System\taQaDeX.exe
  C:\Windows\System\taQaDeX.exe
  2⤵
  PID:3492
- C:\Windows\System\NrSZcSX.exe
  C:\Windows\System\NrSZcSX.exe
  2⤵
  PID:3512
- C:\Windows\System\yrHOxNM.exe
  C:\Windows\System\yrHOxNM.exe
  2⤵
  PID:3532
- C:\Windows\System\aDpvaOb.exe
  C:\Windows\System\aDpvaOb.exe
  2⤵
  PID:3552
- C:\Windows\System\krIRPLk.exe
  C:\Windows\System\krIRPLk.exe
  2⤵
  PID:3572
- C:\Windows\System\wBZzMIJ.exe
  C:\Windows\System\wBZzMIJ.exe
  2⤵
  PID:3592
- C:\Windows\System\dYeDmyM.exe
  C:\Windows\System\dYeDmyM.exe
  2⤵
  PID:3620
- C:\Windows\System\CFhdqNz.exe
  C:\Windows\System\CFhdqNz.exe
  2⤵
  PID:3640
- C:\Windows\System\xwkiBhj.exe
  C:\Windows\System\xwkiBhj.exe
  2⤵
  PID:3660
- C:\Windows\System\xMaNJQe.exe
  C:\Windows\System\xMaNJQe.exe
  2⤵
  PID:3680
- C:\Windows\System\fuSFVZv.exe
  C:\Windows\System\fuSFVZv.exe
  2⤵
  PID:3700
- C:\Windows\System\eiqOnZT.exe
  C:\Windows\System\eiqOnZT.exe
  2⤵
  PID:3720
- C:\Windows\System\KgiTlJG.exe
  C:\Windows\System\KgiTlJG.exe
  2⤵
  PID:3740
- C:\Windows\System\hqEhkLP.exe
  C:\Windows\System\hqEhkLP.exe
  2⤵
  PID:3760
- C:\Windows\System\KFbxorm.exe
  C:\Windows\System\KFbxorm.exe
  2⤵
  PID:3780
- C:\Windows\System\giRDDIu.exe
  C:\Windows\System\giRDDIu.exe
  2⤵
  PID:3800
- C:\Windows\System\aSHNEiG.exe
  C:\Windows\System\aSHNEiG.exe
  2⤵
  PID:3820
- C:\Windows\System\UASyhZb.exe
  C:\Windows\System\UASyhZb.exe
  2⤵
  PID:3840
- C:\Windows\System\augygcX.exe
  C:\Windows\System\augygcX.exe
  2⤵
  PID:3860
- C:\Windows\System\uftqlgy.exe
  C:\Windows\System\uftqlgy.exe
  2⤵
  PID:3880
- C:\Windows\System\cXPMUGs.exe
  C:\Windows\System\cXPMUGs.exe
  2⤵
  PID:3900
- C:\Windows\System\TONbesM.exe
  C:\Windows\System\TONbesM.exe
  2⤵
  PID:3920
- C:\Windows\System\ZHLnCBY.exe
  C:\Windows\System\ZHLnCBY.exe
  2⤵
  PID:3940
- C:\Windows\System\aznanCq.exe
  C:\Windows\System\aznanCq.exe
  2⤵
  PID:3960
- C:\Windows\System\xZpTVJE.exe
  C:\Windows\System\xZpTVJE.exe
  2⤵
  PID:3980
- C:\Windows\System\GMYfsNe.exe
  C:\Windows\System\GMYfsNe.exe
  2⤵
  PID:4000
- C:\Windows\System\wPJZPwM.exe
  C:\Windows\System\wPJZPwM.exe
  2⤵
  PID:4020
- C:\Windows\System\GdIsrju.exe
  C:\Windows\System\GdIsrju.exe
  2⤵
  PID:4040
- C:\Windows\System\PRlMIYX.exe
  C:\Windows\System\PRlMIYX.exe
  2⤵
  PID:4060
- C:\Windows\System\wuOqSwF.exe
  C:\Windows\System\wuOqSwF.exe
  2⤵
  PID:4080
- C:\Windows\System\gdIToZL.exe
  C:\Windows\System\gdIToZL.exe
  2⤵
  PID:1672
- C:\Windows\System\LiqtjwA.exe
  C:\Windows\System\LiqtjwA.exe
  2⤵
  PID:1928
- C:\Windows\System\mWcTNuX.exe
  C:\Windows\System\mWcTNuX.exe
  2⤵
  PID:2316
- C:\Windows\System\Bejxpia.exe
  C:\Windows\System\Bejxpia.exe
  2⤵
  PID:2208
- C:\Windows\System\FVKUVWe.exe
  C:\Windows\System\FVKUVWe.exe
  2⤵
  PID:1232
- C:\Windows\System\jnLNoGi.exe
  C:\Windows\System\jnLNoGi.exe
  2⤵
  PID:948
- C:\Windows\System\dsbCghX.exe
  C:\Windows\System\dsbCghX.exe
  2⤵
  PID:1012
- C:\Windows\System\CTbmacc.exe
  C:\Windows\System\CTbmacc.exe
  2⤵
  PID:2112
- C:\Windows\System\zKlpHNm.exe
  C:\Windows\System\zKlpHNm.exe
  2⤵
  PID:2224
- C:\Windows\System\ShzktuC.exe
  C:\Windows\System\ShzktuC.exe
  2⤵
  PID:2236
- C:\Windows\System\QHEWHLN.exe
  C:\Windows\System\QHEWHLN.exe
  2⤵
  PID:2272
- C:\Windows\System\fzEASas.exe
  C:\Windows\System\fzEASas.exe
  2⤵
  PID:2484
- C:\Windows\System\yWOcPmK.exe
  C:\Windows\System\yWOcPmK.exe
  2⤵
  PID:2508
- C:\Windows\System\HTtcLBt.exe
  C:\Windows\System\HTtcLBt.exe
  2⤵
  PID:2840
- C:\Windows\System\QFkQyoo.exe
  C:\Windows\System\QFkQyoo.exe
  2⤵
  PID:2868
- C:\Windows\System\yXNBBEQ.exe
  C:\Windows\System\yXNBBEQ.exe
  2⤵
  PID:592
- C:\Windows\System\xjGDDEP.exe
  C:\Windows\System\xjGDDEP.exe
  2⤵
  PID:3084
- C:\Windows\System\qrFAZbQ.exe
  C:\Windows\System\qrFAZbQ.exe
  2⤵
  PID:3128
- C:\Windows\System\ZFRkdrY.exe
  C:\Windows\System\ZFRkdrY.exe
  2⤵
  PID:3160
- C:\Windows\System\CZMixdJ.exe
  C:\Windows\System\CZMixdJ.exe
  2⤵
  PID:3200
- C:\Windows\System\mUVNBcg.exe
  C:\Windows\System\mUVNBcg.exe
  2⤵
  PID:3228
- C:\Windows\System\mhSYuws.exe
  C:\Windows\System\mhSYuws.exe
  2⤵
  PID:3260
- C:\Windows\System\QfNBGSI.exe
  C:\Windows\System\QfNBGSI.exe
  2⤵
  PID:3288
- C:\Windows\System\HvWyNqb.exe
  C:\Windows\System\HvWyNqb.exe
  2⤵
  PID:3328
- C:\Windows\System\tzrRlby.exe
  C:\Windows\System\tzrRlby.exe
  2⤵
  PID:3344
- C:\Windows\System\IMYHYPe.exe
  C:\Windows\System\IMYHYPe.exe
  2⤵
  PID:3384
- C:\Windows\System\beMgZzL.exe
  C:\Windows\System\beMgZzL.exe
  2⤵
  PID:3428
- C:\Windows\System\GErvqIq.exe
  C:\Windows\System\GErvqIq.exe
  2⤵
  PID:3460
- C:\Windows\System\jhqXlNS.exe
  C:\Windows\System\jhqXlNS.exe
  2⤵
  PID:3484
- C:\Windows\System\FFgfkAa.exe
  C:\Windows\System\FFgfkAa.exe
  2⤵
  PID:3528
- C:\Windows\System\aqFhyWc.exe
  C:\Windows\System\aqFhyWc.exe
  2⤵
  PID:3560
- C:\Windows\System\cuDeKVg.exe
  C:\Windows\System\cuDeKVg.exe
  2⤵
  PID:3584
- C:\Windows\System\zPGYeKM.exe
  C:\Windows\System\zPGYeKM.exe
  2⤵
  PID:3628
- C:\Windows\System\vrWWvpL.exe
  C:\Windows\System\vrWWvpL.exe
  2⤵
  PID:3668
- C:\Windows\System\WKxpFGS.exe
  C:\Windows\System\WKxpFGS.exe
  2⤵
  PID:3692
- C:\Windows\System\tLysZgx.exe
  C:\Windows\System\tLysZgx.exe
  2⤵
  PID:3736
- C:\Windows\System\mrhCZQa.exe
  C:\Windows\System\mrhCZQa.exe
  2⤵
  PID:3772
- C:\Windows\System\QcsNFvh.exe
  C:\Windows\System\QcsNFvh.exe
  2⤵
  PID:3792
- C:\Windows\System\kVKRtMO.exe
  C:\Windows\System\kVKRtMO.exe
  2⤵
  PID:3828
- C:\Windows\System\nualCjl.exe
  C:\Windows\System\nualCjl.exe
  2⤵
  PID:3896
- C:\Windows\System\VBSxCAh.exe
  C:\Windows\System\VBSxCAh.exe
  2⤵
  PID:3908
- C:\Windows\System\XZdcIwL.exe
  C:\Windows\System\XZdcIwL.exe
  2⤵
  PID:3932
- C:\Windows\System\ieKYeOw.exe
  C:\Windows\System\ieKYeOw.exe
  2⤵
  PID:3952
- C:\Windows\System\MxaIZRx.exe
  C:\Windows\System\MxaIZRx.exe
  2⤵
  PID:3992
- C:\Windows\System\NmgbNyi.exe
  C:\Windows\System\NmgbNyi.exe
  2⤵
  PID:4032
- C:\Windows\System\xyyYCrc.exe
  C:\Windows\System\xyyYCrc.exe
  2⤵
  PID:4076
- C:\Windows\System\qMHbJyn.exe
  C:\Windows\System\qMHbJyn.exe
  2⤵
  PID:1244
- C:\Windows\System\ZUmvWyD.exe
  C:\Windows\System\ZUmvWyD.exe
  2⤵
  PID:2916
- C:\Windows\System\kJejIqb.exe
  C:\Windows\System\kJejIqb.exe
  2⤵
  PID:716
- C:\Windows\System\CIBjHHh.exe
  C:\Windows\System\CIBjHHh.exe
  2⤵
  PID:320
- C:\Windows\System\qWGGEHp.exe
  C:\Windows\System\qWGGEHp.exe
  2⤵
  PID:1468
- C:\Windows\System\vAvisXd.exe
  C:\Windows\System\vAvisXd.exe
  2⤵
  PID:1872
- C:\Windows\System\alETnqa.exe
  C:\Windows\System\alETnqa.exe
  2⤵
  PID:1212
- C:\Windows\System\QlzurLe.exe
  C:\Windows\System\QlzurLe.exe
  2⤵
  PID:2624
- C:\Windows\System\vrSHoCB.exe
  C:\Windows\System\vrSHoCB.exe
  2⤵
  PID:2824
- C:\Windows\System\jTemgwG.exe
  C:\Windows\System\jTemgwG.exe
  2⤵
  PID:1088
- C:\Windows\System\AIsXzfB.exe
  C:\Windows\System\AIsXzfB.exe
  2⤵
  PID:3140
- C:\Windows\System\dITwWWd.exe
  C:\Windows\System\dITwWWd.exe
  2⤵
  PID:3188
- C:\Windows\System\rpecGcz.exe
  C:\Windows\System\rpecGcz.exe
  2⤵
  PID:3244
- C:\Windows\System\vbcCgls.exe
  C:\Windows\System\vbcCgls.exe
  2⤵
  PID:3308
- C:\Windows\System\FBMvwkY.exe
  C:\Windows\System\FBMvwkY.exe
  2⤵
  PID:3360
- C:\Windows\System\SIoOaNy.exe
  C:\Windows\System\SIoOaNy.exe
  2⤵
  PID:3404
- C:\Windows\System\zocQLQs.exe
  C:\Windows\System\zocQLQs.exe
  2⤵
  PID:3480
- C:\Windows\System\QISNnGb.exe
  C:\Windows\System\QISNnGb.exe
  2⤵
  PID:3508
- C:\Windows\System\vIudBgn.exe
  C:\Windows\System\vIudBgn.exe
  2⤵
  PID:3588
- C:\Windows\System\AbRkdCn.exe
  C:\Windows\System\AbRkdCn.exe
  2⤵
  PID:3656
- C:\Windows\System\opTQCXg.exe
  C:\Windows\System\opTQCXg.exe
  2⤵
  PID:3696
- C:\Windows\System\xkfgnzp.exe
  C:\Windows\System\xkfgnzp.exe
  2⤵
  PID:3712
- C:\Windows\System\QKTyMHQ.exe
  C:\Windows\System\QKTyMHQ.exe
  2⤵
  PID:3856
- C:\Windows\System\UNqvYpp.exe
  C:\Windows\System\UNqvYpp.exe
  2⤵
  PID:3876
- C:\Windows\System\Cgymjdr.exe
  C:\Windows\System\Cgymjdr.exe
  2⤵
  PID:4112
- C:\Windows\System\GuyZSfd.exe
  C:\Windows\System\GuyZSfd.exe
  2⤵
  PID:4132
- C:\Windows\System\upoLkxV.exe
  C:\Windows\System\upoLkxV.exe
  2⤵
  PID:4152
- C:\Windows\System\JxCeLKb.exe
  C:\Windows\System\JxCeLKb.exe
  2⤵
  PID:4172
- C:\Windows\System\lCSsdyP.exe
  C:\Windows\System\lCSsdyP.exe
  2⤵
  PID:4192
- C:\Windows\System\cqiJEju.exe
  C:\Windows\System\cqiJEju.exe
  2⤵
  PID:4212
- C:\Windows\System\EtJbdCw.exe
  C:\Windows\System\EtJbdCw.exe
  2⤵
  PID:4232
- C:\Windows\System\vCrPYEY.exe
  C:\Windows\System\vCrPYEY.exe
  2⤵
  PID:4252
- C:\Windows\System\mVXmOWZ.exe
  C:\Windows\System\mVXmOWZ.exe
  2⤵
  PID:4272
- C:\Windows\System\lqCmvgh.exe
  C:\Windows\System\lqCmvgh.exe
  2⤵
  PID:4292
- C:\Windows\System\trjoLYL.exe
  C:\Windows\System\trjoLYL.exe
  2⤵
  PID:4312
- C:\Windows\System\NrbtOBx.exe
  C:\Windows\System\NrbtOBx.exe
  2⤵
  PID:4332
- C:\Windows\System\ztyrTli.exe
  C:\Windows\System\ztyrTli.exe
  2⤵
  PID:4352
- C:\Windows\System\qKZxYxw.exe
  C:\Windows\System\qKZxYxw.exe
  2⤵
  PID:4376
- C:\Windows\System\hhMkScH.exe
  C:\Windows\System\hhMkScH.exe
  2⤵
  PID:4396
- C:\Windows\System\AxEdJdZ.exe
  C:\Windows\System\AxEdJdZ.exe
  2⤵
  PID:4416
- C:\Windows\System\PayNnxH.exe
  C:\Windows\System\PayNnxH.exe
  2⤵
  PID:4436
- C:\Windows\System\kiAvlRa.exe
  C:\Windows\System\kiAvlRa.exe
  2⤵
  PID:4456
- C:\Windows\System\IhoAuXI.exe
  C:\Windows\System\IhoAuXI.exe
  2⤵
  PID:4476
- C:\Windows\System\pKEcTkJ.exe
  C:\Windows\System\pKEcTkJ.exe
  2⤵
  PID:4492
- C:\Windows\System\Jepoaxq.exe
  C:\Windows\System\Jepoaxq.exe
  2⤵
  PID:4512
- C:\Windows\System\BPdsMUr.exe
  C:\Windows\System\BPdsMUr.exe
  2⤵
  PID:4532
- C:\Windows\System\tqDGghA.exe
  C:\Windows\System\tqDGghA.exe
  2⤵
  PID:4548
- C:\Windows\System\aTqntWF.exe
  C:\Windows\System\aTqntWF.exe
  2⤵
  PID:4576
- C:\Windows\System\FpvYkLz.exe
  C:\Windows\System\FpvYkLz.exe
  2⤵
  PID:4596
- C:\Windows\System\LQqfnNx.exe
  C:\Windows\System\LQqfnNx.exe
  2⤵
  PID:4616
- C:\Windows\System\IqyAiAr.exe
  C:\Windows\System\IqyAiAr.exe
  2⤵
  PID:4636
- C:\Windows\System\ymqfmeQ.exe
  C:\Windows\System\ymqfmeQ.exe
  2⤵
  PID:4652
- C:\Windows\System\SAmUEPm.exe
  C:\Windows\System\SAmUEPm.exe
  2⤵
  PID:4676
- C:\Windows\System\JKquILy.exe
  C:\Windows\System\JKquILy.exe
  2⤵
  PID:4692
- C:\Windows\System\XJFELeo.exe
  C:\Windows\System\XJFELeo.exe
  2⤵
  PID:4716
- C:\Windows\System\VPjyeVa.exe
  C:\Windows\System\VPjyeVa.exe
  2⤵
  PID:4736
- C:\Windows\System\JYyueYH.exe
  C:\Windows\System\JYyueYH.exe
  2⤵
  PID:4756
- C:\Windows\System\zEycQoQ.exe
  C:\Windows\System\zEycQoQ.exe
  2⤵
  PID:4772
- C:\Windows\System\UdNXDHd.exe
  C:\Windows\System\UdNXDHd.exe
  2⤵
  PID:4796
- C:\Windows\System\RCjtCpc.exe
  C:\Windows\System\RCjtCpc.exe
  2⤵
  PID:4816
- C:\Windows\System\zyxatQr.exe
  C:\Windows\System\zyxatQr.exe
  2⤵
  PID:4844
- C:\Windows\System\nXqDBGn.exe
  C:\Windows\System\nXqDBGn.exe
  2⤵
  PID:4860
- C:\Windows\System\wnwjceu.exe
  C:\Windows\System\wnwjceu.exe
  2⤵
  PID:4884
- C:\Windows\System\ylfSKCz.exe
  C:\Windows\System\ylfSKCz.exe
  2⤵
  PID:4904
- C:\Windows\System\WgNYAqo.exe
  C:\Windows\System\WgNYAqo.exe
  2⤵
  PID:4924
- C:\Windows\System\qDuisDU.exe
  C:\Windows\System\qDuisDU.exe
  2⤵
  PID:4944
- C:\Windows\System\gQgxGaz.exe
  C:\Windows\System\gQgxGaz.exe
  2⤵
  PID:4960
- C:\Windows\System\mokNyFg.exe
  C:\Windows\System\mokNyFg.exe
  2⤵
  PID:4980
- C:\Windows\System\SZNbBdV.exe
  C:\Windows\System\SZNbBdV.exe
  2⤵
  PID:5004
- C:\Windows\System\qPgtEyl.exe
  C:\Windows\System\qPgtEyl.exe
  2⤵
  PID:5024
- C:\Windows\System\cGyhMkR.exe
  C:\Windows\System\cGyhMkR.exe
  2⤵
  PID:5044
- C:\Windows\System\iuZbjGc.exe
  C:\Windows\System\iuZbjGc.exe
  2⤵
  PID:5064
- C:\Windows\System\AUMXaAq.exe
  C:\Windows\System\AUMXaAq.exe
  2⤵
  PID:5080
- C:\Windows\System\NRBXFaP.exe
  C:\Windows\System\NRBXFaP.exe
  2⤵
  PID:5100
- C:\Windows\System\GsseGGM.exe
  C:\Windows\System\GsseGGM.exe
  2⤵
  PID:3872
- C:\Windows\System\RSCrxRZ.exe
  C:\Windows\System\RSCrxRZ.exe
  2⤵
  PID:3928
- C:\Windows\System\UPkFwcE.exe
  C:\Windows\System\UPkFwcE.exe
  2⤵
  PID:4012
- C:\Windows\System\LkkNQRU.exe
  C:\Windows\System\LkkNQRU.exe
  2⤵
  PID:4072
- C:\Windows\System\nsGftXP.exe
  C:\Windows\System\nsGftXP.exe
  2⤵
  PID:2788
- C:\Windows\System\lKdIWTn.exe
  C:\Windows\System\lKdIWTn.exe
  2⤵
  PID:880
- C:\Windows\System\TvKaFjb.exe
  C:\Windows\System\TvKaFjb.exe
  2⤵
  PID:324
- C:\Windows\System\JiYVAjk.exe
  C:\Windows\System\JiYVAjk.exe
  2⤵
  PID:2180
- C:\Windows\System\itdTHfh.exe
  C:\Windows\System\itdTHfh.exe
  2⤵
  PID:768
- C:\Windows\System\MoNpZeC.exe
  C:\Windows\System\MoNpZeC.exe
  2⤵
  PID:2100
- C:\Windows\System\iSONvcT.exe
  C:\Windows\System\iSONvcT.exe
  2⤵
  PID:3220
- C:\Windows\System\JEMNeUL.exe
  C:\Windows\System\JEMNeUL.exe
  2⤵
  PID:3204
- C:\Windows\System\APmLCiy.exe
  C:\Windows\System\APmLCiy.exe
  2⤵
  PID:3264
- C:\Windows\System\hNFclRD.exe
  C:\Windows\System\hNFclRD.exe
  2⤵
  PID:3448
- C:\Windows\System\zRnMpkm.exe
  C:\Windows\System\zRnMpkm.exe
  2⤵
  PID:3564
- C:\Windows\System\bCaiqsP.exe
  C:\Windows\System\bCaiqsP.exe
  2⤵
  PID:3612
- C:\Windows\System\ZyottCJ.exe
  C:\Windows\System\ZyottCJ.exe
  2⤵
  PID:3752
- C:\Windows\System\hbretRn.exe
  C:\Windows\System\hbretRn.exe
  2⤵
  PID:4100
- C:\Windows\System\NrhqAmo.exe
  C:\Windows\System\NrhqAmo.exe
  2⤵
  PID:4140
- C:\Windows\System\EgkOLkT.exe
  C:\Windows\System\EgkOLkT.exe
  2⤵
  PID:4128
- C:\Windows\System\UFeguul.exe
  C:\Windows\System\UFeguul.exe
  2⤵
  PID:4188
- C:\Windows\System\iRdnqLS.exe
  C:\Windows\System\iRdnqLS.exe
  2⤵
  PID:4208
- C:\Windows\System\dlJChzn.exe
  C:\Windows\System\dlJChzn.exe
  2⤵
  PID:4244
- C:\Windows\System\JpRAxqq.exe
  C:\Windows\System\JpRAxqq.exe
  2⤵
  PID:4280
- C:\Windows\System\bxrXDQG.exe
  C:\Windows\System\bxrXDQG.exe
  2⤵
  PID:4348
- C:\Windows\System\VtmYvae.exe
  C:\Windows\System\VtmYvae.exe
  2⤵
  PID:4328
- C:\Windows\System\Fbvqfgq.exe
  C:\Windows\System\Fbvqfgq.exe
  2⤵
  PID:4388
- C:\Windows\System\oOLcUGp.exe
  C:\Windows\System\oOLcUGp.exe
  2⤵
  PID:4464
- C:\Windows\System\WJqtDbS.exe
  C:\Windows\System\WJqtDbS.exe
  2⤵
  PID:4508
- C:\Windows\System\ePOdxrg.exe
  C:\Windows\System\ePOdxrg.exe
  2⤵
  PID:4444
- C:\Windows\System\gZpKzij.exe
  C:\Windows\System\gZpKzij.exe
  2⤵
  PID:4484
- C:\Windows\System\qKpoQLq.exe
  C:\Windows\System\qKpoQLq.exe
  2⤵
  PID:4520
- C:\Windows\System\RqpflMs.exe
  C:\Windows\System\RqpflMs.exe
  2⤵
  PID:4572
- C:\Windows\System\sklCpVJ.exe
  C:\Windows\System\sklCpVJ.exe
  2⤵
  PID:4632
- C:\Windows\System\KZvVhCc.exe
  C:\Windows\System\KZvVhCc.exe
  2⤵
  PID:4664
- C:\Windows\System\PnzZgcu.exe
  C:\Windows\System\PnzZgcu.exe
  2⤵
  PID:4704
- C:\Windows\System\MMCKfeO.exe
  C:\Windows\System\MMCKfeO.exe
  2⤵
  PID:4724
- C:\Windows\System\fUtyMpN.exe
  C:\Windows\System\fUtyMpN.exe
  2⤵
  PID:4732
- C:\Windows\System\QpUdawl.exe
  C:\Windows\System\QpUdawl.exe
  2⤵
  PID:4764
- C:\Windows\System\DinOnTD.exe
  C:\Windows\System\DinOnTD.exe
  2⤵
  PID:4812
- C:\Windows\System\EfrATsU.exe
  C:\Windows\System\EfrATsU.exe
  2⤵
  PID:4880
- C:\Windows\System\pGzZEid.exe
  C:\Windows\System\pGzZEid.exe
  2⤵
  PID:4920
- C:\Windows\System\tNPnAlw.exe
  C:\Windows\System\tNPnAlw.exe
  2⤵
  PID:4900
- C:\Windows\System\kHDvjaI.exe
  C:\Windows\System\kHDvjaI.exe
  2⤵
  PID:5000
- C:\Windows\System\eynTJeK.exe
  C:\Windows\System\eynTJeK.exe
  2⤵
  PID:5012
- C:\Windows\System\BVObHfM.exe
  C:\Windows\System\BVObHfM.exe
  2⤵
  PID:5032
- C:\Windows\System\jXlYBOI.exe
  C:\Windows\System\jXlYBOI.exe
  2⤵
  PID:5060
- C:\Windows\System\lSDpMNM.exe
  C:\Windows\System\lSDpMNM.exe
  2⤵
  PID:5112
- C:\Windows\System\uEBRpGm.exe
  C:\Windows\System\uEBRpGm.exe
  2⤵
  PID:3912
- C:\Windows\System\wTrsvpp.exe
  C:\Windows\System\wTrsvpp.exe
  2⤵
  PID:3968
- C:\Windows\System\ulITJqd.exe
  C:\Windows\System\ulITJqd.exe
  2⤵
  PID:4036
- C:\Windows\System\cpSBbvO.exe
  C:\Windows\System\cpSBbvO.exe
  2⤵
  PID:1796
- C:\Windows\System\YFXtuVe.exe
  C:\Windows\System\YFXtuVe.exe
  2⤵
  PID:2780
- C:\Windows\System\OaPjuew.exe
  C:\Windows\System\OaPjuew.exe
  2⤵
  PID:3184
- C:\Windows\System\klucHwZ.exe
  C:\Windows\System\klucHwZ.exe
  2⤵
  PID:3348
- C:\Windows\System\sfLztvN.exe
  C:\Windows\System\sfLztvN.exe
  2⤵
  PID:3504
- C:\Windows\System\UOrSNTU.exe
  C:\Windows\System\UOrSNTU.exe
  2⤵
  PID:3284
- C:\Windows\System\bXppkVc.exe
  C:\Windows\System\bXppkVc.exe
  2⤵
  PID:3548
- C:\Windows\System\ozsEYUU.exe
  C:\Windows\System\ozsEYUU.exe
  2⤵
  PID:3768
- C:\Windows\System\YMVvZqz.exe
  C:\Windows\System\YMVvZqz.exe
  2⤵
  PID:4168
- C:\Windows\System\fHLZosA.exe
  C:\Windows\System\fHLZosA.exe
  2⤵
  PID:4224
- C:\Windows\System\Tqofsvw.exe
  C:\Windows\System\Tqofsvw.exe
  2⤵
  PID:4240
- C:\Windows\System\ZdoNwwc.exe
  C:\Windows\System\ZdoNwwc.exe
  2⤵
  PID:4360
- C:\Windows\System\fnaaWnV.exe
  C:\Windows\System\fnaaWnV.exe
  2⤵
  PID:4284
- C:\Windows\System\zOBElKt.exe
  C:\Windows\System\zOBElKt.exe
  2⤵
  PID:4468
- C:\Windows\System\iRCYund.exe
  C:\Windows\System\iRCYund.exe
  2⤵
  PID:4452
- C:\Windows\System\lnCpncv.exe
  C:\Windows\System\lnCpncv.exe
  2⤵
  PID:4544
- C:\Windows\System\rYsbmGq.exe
  C:\Windows\System\rYsbmGq.exe
  2⤵
  PID:4612
- C:\Windows\System\uwPIpQX.exe
  C:\Windows\System\uwPIpQX.exe
  2⤵
  PID:4604
- C:\Windows\System\EqJlDmz.exe
  C:\Windows\System\EqJlDmz.exe
  2⤵
  PID:4700
- C:\Windows\System\NvtBXVp.exe
  C:\Windows\System\NvtBXVp.exe
  2⤵
  PID:4752
- C:\Windows\System\MMcWzei.exe
  C:\Windows\System\MMcWzei.exe
  2⤵
  PID:4872
- C:\Windows\System\PtAcSPh.exe
  C:\Windows\System\PtAcSPh.exe
  2⤵
  PID:4852
- C:\Windows\System\QywQZlZ.exe
  C:\Windows\System\QywQZlZ.exe
  2⤵
  PID:4856
- C:\Windows\System\uOJlyyp.exe
  C:\Windows\System\uOJlyyp.exe
  2⤵
  PID:4992
- C:\Windows\System\PXALXpq.exe
  C:\Windows\System\PXALXpq.exe
  2⤵
  PID:5016
- C:\Windows\System\FaTVLUZ.exe
  C:\Windows\System\FaTVLUZ.exe
  2⤵
  PID:5108
- C:\Windows\System\dMUFntq.exe
  C:\Windows\System\dMUFntq.exe
  2⤵
  PID:3976
- C:\Windows\System\KqHTfJG.exe
  C:\Windows\System\KqHTfJG.exe
  2⤵
  PID:2464
- C:\Windows\System\xDdEgHY.exe
  C:\Windows\System\xDdEgHY.exe
  2⤵
  PID:2192
- C:\Windows\System\vOkHcQo.exe
  C:\Windows\System\vOkHcQo.exe
  2⤵
  PID:3080
- C:\Windows\System\HACHpes.exe
  C:\Windows\System\HACHpes.exe
  2⤵
  PID:3488
- C:\Windows\System\IYwvgOS.exe
  C:\Windows\System\IYwvgOS.exe
  2⤵
  PID:3632
- C:\Windows\System\nNiWUyR.exe
  C:\Windows\System\nNiWUyR.exe
  2⤵
  PID:4160
- C:\Windows\System\EUmaCDX.exe
  C:\Windows\System\EUmaCDX.exe
  2⤵
  PID:4340
- C:\Windows\System\kxMSmnS.exe
  C:\Windows\System\kxMSmnS.exe
  2⤵
  PID:4384
- C:\Windows\System\pSVsvLs.exe
  C:\Windows\System\pSVsvLs.exe
  2⤵
  PID:4344
- C:\Windows\System\GNCwRMz.exe
  C:\Windows\System\GNCwRMz.exe
  2⤵
  PID:4500
- C:\Windows\System\tioXspG.exe
  C:\Windows\System\tioXspG.exe
  2⤵
  PID:4524
- C:\Windows\System\rfpsyyo.exe
  C:\Windows\System\rfpsyyo.exe
  2⤵
  PID:5132
- C:\Windows\System\pEQsIPw.exe
  C:\Windows\System\pEQsIPw.exe
  2⤵
  PID:5152
- C:\Windows\System\tUgGmog.exe
  C:\Windows\System\tUgGmog.exe
  2⤵
  PID:5172
- C:\Windows\System\zCKgLkG.exe
  C:\Windows\System\zCKgLkG.exe
  2⤵
  PID:5188
- C:\Windows\System\WHFIyNJ.exe
  C:\Windows\System\WHFIyNJ.exe
  2⤵
  PID:5208
- C:\Windows\System\mAttjyq.exe
  C:\Windows\System\mAttjyq.exe
  2⤵
  PID:5232
- C:\Windows\System\VjbkGLF.exe
  C:\Windows\System\VjbkGLF.exe
  2⤵
  PID:5252
- C:\Windows\System\ipGKhyi.exe
  C:\Windows\System\ipGKhyi.exe
  2⤵
  PID:5272
- C:\Windows\System\oPlumfZ.exe
  C:\Windows\System\oPlumfZ.exe
  2⤵
  PID:5292
- C:\Windows\System\mrVVpph.exe
  C:\Windows\System\mrVVpph.exe
  2⤵
  PID:5312
- C:\Windows\System\sftRENv.exe
  C:\Windows\System\sftRENv.exe
  2⤵
  PID:5332
- C:\Windows\System\HOHUxnU.exe
  C:\Windows\System\HOHUxnU.exe
  2⤵
  PID:5352
- C:\Windows\System\LnbRfYQ.exe
  C:\Windows\System\LnbRfYQ.exe
  2⤵
  PID:5372
- C:\Windows\System\QJqHfDr.exe
  C:\Windows\System\QJqHfDr.exe
  2⤵
  PID:5392
- C:\Windows\System\gdDmugN.exe
  C:\Windows\System\gdDmugN.exe
  2⤵
  PID:5408
- C:\Windows\System\TqovIgX.exe
  C:\Windows\System\TqovIgX.exe
  2⤵
  PID:5432
- C:\Windows\System\GKjINEK.exe
  C:\Windows\System\GKjINEK.exe
  2⤵
  PID:5452
- C:\Windows\System\TIcxtnp.exe
  C:\Windows\System\TIcxtnp.exe
  2⤵
  PID:5472
- C:\Windows\System\OLfksqp.exe
  C:\Windows\System\OLfksqp.exe
  2⤵
  PID:5488
- C:\Windows\System\ixzMehx.exe
  C:\Windows\System\ixzMehx.exe
  2⤵
  PID:5512
- C:\Windows\System\wlNQKFx.exe
  C:\Windows\System\wlNQKFx.exe
  2⤵
  PID:5532
- C:\Windows\System\nSxQsui.exe
  C:\Windows\System\nSxQsui.exe
  2⤵
  PID:5552
- C:\Windows\System\LpjcQAQ.exe
  C:\Windows\System\LpjcQAQ.exe
  2⤵
  PID:5572
- C:\Windows\System\ARNfgmW.exe
  C:\Windows\System\ARNfgmW.exe
  2⤵
  PID:5592
- C:\Windows\System\EqlUrwq.exe
  C:\Windows\System\EqlUrwq.exe
  2⤵
  PID:5612
- C:\Windows\System\VnyUGwg.exe
  C:\Windows\System\VnyUGwg.exe
  2⤵
  PID:5632
- C:\Windows\System\JZXnymc.exe
  C:\Windows\System\JZXnymc.exe
  2⤵
  PID:5648
- C:\Windows\System\ZvoQEKm.exe
  C:\Windows\System\ZvoQEKm.exe
  2⤵
  PID:5672
- C:\Windows\System\CyQoszz.exe
  C:\Windows\System\CyQoszz.exe
  2⤵
  PID:5688
- C:\Windows\System\qCJwAUb.exe
  C:\Windows\System\qCJwAUb.exe
  2⤵
  PID:5704
- C:\Windows\System\wfnepJa.exe
  C:\Windows\System\wfnepJa.exe
  2⤵
  PID:5728
- C:\Windows\System\wimwBgc.exe
  C:\Windows\System\wimwBgc.exe
  2⤵
  PID:5748
- C:\Windows\System\ZIMelsf.exe
  C:\Windows\System\ZIMelsf.exe
  2⤵
  PID:5764
- C:\Windows\System\WXfUzcS.exe
  C:\Windows\System\WXfUzcS.exe
  2⤵
  PID:5788
- C:\Windows\System\BjrZnav.exe
  C:\Windows\System\BjrZnav.exe
  2⤵
  PID:5804
- C:\Windows\System\LMWmcLn.exe
  C:\Windows\System\LMWmcLn.exe
  2⤵
  PID:5824
- C:\Windows\System\TseeGLS.exe
  C:\Windows\System\TseeGLS.exe
  2⤵
  PID:5844
- C:\Windows\System\gHGhUUR.exe
  C:\Windows\System\gHGhUUR.exe
  2⤵
  PID:5864
- C:\Windows\System\ziOCJvL.exe
  C:\Windows\System\ziOCJvL.exe
  2⤵
  PID:5892
- C:\Windows\System\nPejpih.exe
  C:\Windows\System\nPejpih.exe
  2⤵
  PID:5916
- C:\Windows\System\JwVLHDZ.exe
  C:\Windows\System\JwVLHDZ.exe
  2⤵
  PID:5936
- C:\Windows\System\AKEtjtc.exe
  C:\Windows\System\AKEtjtc.exe
  2⤵
  PID:5956
- C:\Windows\System\xPoRxji.exe
  C:\Windows\System\xPoRxji.exe
  2⤵
  PID:5976
- C:\Windows\System\fItjZAP.exe
  C:\Windows\System\fItjZAP.exe
  2⤵
  PID:5996
- C:\Windows\System\dQyeJis.exe
  C:\Windows\System\dQyeJis.exe
  2⤵
  PID:6016
- C:\Windows\System\IEjeTln.exe
  C:\Windows\System\IEjeTln.exe
  2⤵
  PID:6036
- C:\Windows\System\EYrheUA.exe
  C:\Windows\System\EYrheUA.exe
  2⤵
  PID:6056
- C:\Windows\System\YwqFCrX.exe
  C:\Windows\System\YwqFCrX.exe
  2⤵
  PID:6072
- C:\Windows\System\RFMlYPI.exe
  C:\Windows\System\RFMlYPI.exe
  2⤵
  PID:6096
- C:\Windows\System\CtwNddR.exe
  C:\Windows\System\CtwNddR.exe
  2⤵
  PID:6116
- C:\Windows\System\NUoEMEs.exe
  C:\Windows\System\NUoEMEs.exe
  2⤵
  PID:6136
- C:\Windows\System\vEbtkQL.exe
  C:\Windows\System\vEbtkQL.exe
  2⤵
  PID:4668
- C:\Windows\System\cGwlymc.exe
  C:\Windows\System\cGwlymc.exe
  2⤵
  PID:4804
- C:\Windows\System\aMwEDRh.exe
  C:\Windows\System\aMwEDRh.exe
  2⤵
  PID:4988
- C:\Windows\System\QMyLFKS.exe
  C:\Windows\System\QMyLFKS.exe
  2⤵
  PID:5088
- C:\Windows\System\YNowTqN.exe
  C:\Windows\System\YNowTqN.exe
  2⤵
  PID:5056
- C:\Windows\System\yvTShiG.exe
  C:\Windows\System\yvTShiG.exe
  2⤵
  PID:4068
- C:\Windows\System\qPPXSzf.exe
  C:\Windows\System\qPPXSzf.exe
  2⤵
  PID:3388
- C:\Windows\System\ORUFpNW.exe
  C:\Windows\System\ORUFpNW.exe
  2⤵
  PID:4144
- C:\Windows\System\KRsTdIN.exe
  C:\Windows\System\KRsTdIN.exe
  2⤵
  PID:2092
- C:\Windows\System\RAWFqIN.exe
  C:\Windows\System\RAWFqIN.exe
  2⤵
  PID:3648
- C:\Windows\System\bYLAsZt.exe
  C:\Windows\System\bYLAsZt.exe
  2⤵
  PID:4592
- C:\Windows\System\klMORnQ.exe
  C:\Windows\System\klMORnQ.exe
  2⤵
  PID:4560
- C:\Windows\System\xuFFHvh.exe
  C:\Windows\System\xuFFHvh.exe
  2⤵
  PID:5180
- C:\Windows\System\FqteBMl.exe
  C:\Windows\System\FqteBMl.exe
  2⤵
  PID:5184
- C:\Windows\System\MHlquPc.exe
  C:\Windows\System\MHlquPc.exe
  2⤵
  PID:5268
- C:\Windows\System\KlSsxPR.exe
  C:\Windows\System\KlSsxPR.exe
  2⤵
  PID:5164
- C:\Windows\System\uAjoSst.exe
  C:\Windows\System\uAjoSst.exe
  2⤵
  PID:5240
- C:\Windows\System\GvXYBst.exe
  C:\Windows\System\GvXYBst.exe
  2⤵
  PID:5280
- C:\Windows\System\ZcUBBBO.exe
  C:\Windows\System\ZcUBBBO.exe
  2⤵
  PID:5344
- C:\Windows\System\KUnZnyl.exe
  C:\Windows\System\KUnZnyl.exe
  2⤵
  PID:5380
- C:\Windows\System\KTPUqQS.exe
  C:\Windows\System\KTPUqQS.exe
  2⤵
  PID:5364
- C:\Windows\System\hPKvytt.exe
  C:\Windows\System\hPKvytt.exe
  2⤵
  PID:5400
- C:\Windows\System\doLcRQj.exe
  C:\Windows\System\doLcRQj.exe
  2⤵
  PID:5448
- C:\Windows\System\ExbYifK.exe
  C:\Windows\System\ExbYifK.exe
  2⤵
  PID:5504
- C:\Windows\System\EInstWu.exe
  C:\Windows\System\EInstWu.exe
  2⤵
  PID:5480
- C:\Windows\System\CxqjMso.exe
  C:\Windows\System\CxqjMso.exe
  2⤵
  PID:5628
- C:\Windows\System\quTjDRJ.exe
  C:\Windows\System\quTjDRJ.exe
  2⤵
  PID:5656
- C:\Windows\System\LpkMgkf.exe
  C:\Windows\System\LpkMgkf.exe
  2⤵
  PID:5564
- C:\Windows\System\SUECTlt.exe
  C:\Windows\System\SUECTlt.exe
  2⤵
  PID:5644
- C:\Windows\System\crMKaRs.exe
  C:\Windows\System\crMKaRs.exe
  2⤵
  PID:5736
- C:\Windows\System\AeJzPmk.exe
  C:\Windows\System\AeJzPmk.exe
  2⤵
  PID:5740
- C:\Windows\System\UiMdWSQ.exe
  C:\Windows\System\UiMdWSQ.exe
  2⤵
  PID:5712
- C:\Windows\System\ysePeDH.exe
  C:\Windows\System\ysePeDH.exe
  2⤵
  PID:5820
- C:\Windows\System\XUYcxcQ.exe
  C:\Windows\System\XUYcxcQ.exe
  2⤵
  PID:5800
- C:\Windows\System\zLkWWOM.exe
  C:\Windows\System\zLkWWOM.exe
  2⤵
  PID:5840
- C:\Windows\System\TshFLhA.exe
  C:\Windows\System\TshFLhA.exe
  2⤵
  PID:5876
- C:\Windows\System\EpRgVLw.exe
  C:\Windows\System\EpRgVLw.exe
  2⤵
  PID:5944
- C:\Windows\System\dcBCGdX.exe
  C:\Windows\System\dcBCGdX.exe
  2⤵
  PID:5928
- C:\Windows\System\XTlIonO.exe
  C:\Windows\System\XTlIonO.exe
  2⤵
  PID:2536
- C:\Windows\System\pcfJhQo.exe
  C:\Windows\System\pcfJhQo.exe
  2⤵
  PID:6024
- C:\Windows\System\bWvFUqK.exe
  C:\Windows\System\bWvFUqK.exe
  2⤵
  PID:6068
- C:\Windows\System\chwIYow.exe
  C:\Windows\System\chwIYow.exe
  2⤵
  PID:6104
- C:\Windows\System\CkmqBIE.exe
  C:\Windows\System\CkmqBIE.exe
  2⤵
  PID:6108
- C:\Windows\System\AkpbIin.exe
  C:\Windows\System\AkpbIin.exe
  2⤵
  PID:4708
- C:\Windows\System\GthkWaO.exe
  C:\Windows\System\GthkWaO.exe
  2⤵
  PID:4972
- C:\Windows\System\YZKVdmK.exe
  C:\Windows\System\YZKVdmK.exe
  2⤵
  PID:4808
- C:\Windows\System\nuCvDIV.exe
  C:\Windows\System\nuCvDIV.exe
  2⤵
  PID:4392
- C:\Windows\System\pmkfiTy.exe
  C:\Windows\System\pmkfiTy.exe
  2⤵
  PID:1896
- C:\Windows\System\MHTdvwj.exe
  C:\Windows\System\MHTdvwj.exe
  2⤵
  PID:4432
- C:\Windows\System\PgIZNde.exe
  C:\Windows\System\PgIZNde.exe
  2⤵
  PID:5148
- C:\Windows\System\jduKAOz.exe
  C:\Windows\System\jduKAOz.exe
  2⤵
  PID:5228
- C:\Windows\System\QKjYsxV.exe
  C:\Windows\System\QKjYsxV.exe
  2⤵
  PID:4304
- C:\Windows\System\eWklbKy.exe
  C:\Windows\System\eWklbKy.exe
  2⤵
  PID:5348
- C:\Windows\System\cMODjCF.exe
  C:\Windows\System\cMODjCF.exe
  2⤵
  PID:5124
- C:\Windows\System\HUiwcuQ.exe
  C:\Windows\System\HUiwcuQ.exe
  2⤵
  PID:5160
- C:\Windows\System\zcRqZtI.exe
  C:\Windows\System\zcRqZtI.exe
  2⤵
  PID:5608
- C:\Windows\System\MRZjvOL.exe
  C:\Windows\System\MRZjvOL.exe
  2⤵
  PID:5308
- C:\Windows\System\lifOxKM.exe
  C:\Windows\System\lifOxKM.exe
  2⤵
  PID:5360
- C:\Windows\System\gVeFXYG.exe
  C:\Windows\System\gVeFXYG.exe
  2⤵
  PID:5420
- C:\Windows\System\BAbeYpH.exe
  C:\Windows\System\BAbeYpH.exe
  2⤵
  PID:5496
- C:\Windows\System\gadCYkU.exe
  C:\Windows\System\gadCYkU.exe
  2⤵
  PID:5584
- C:\Windows\System\PQLnqLk.exe
  C:\Windows\System\PQLnqLk.exe
  2⤵
  PID:5620
- C:\Windows\System\UjLNWwq.exe
  C:\Windows\System\UjLNWwq.exe
  2⤵
  PID:5568
- C:\Windows\System\ugpJLjA.exe
  C:\Windows\System\ugpJLjA.exe
  2⤵
  PID:5784
- C:\Windows\System\ngMajPF.exe
  C:\Windows\System\ngMajPF.exe
  2⤵
  PID:6084
- C:\Windows\System\eXjNHIg.exe
  C:\Windows\System\eXjNHIg.exe
  2⤵
  PID:5908
- C:\Windows\System\XnQfPIt.exe
  C:\Windows\System\XnQfPIt.exe
  2⤵
  PID:6048
- C:\Windows\System\MalZaaQ.exe
  C:\Windows\System\MalZaaQ.exe
  2⤵
  PID:5948
- C:\Windows\System\suBNoxY.exe
  C:\Windows\System\suBNoxY.exe
  2⤵
  PID:5972
- C:\Windows\System\ZaSvvof.exe
  C:\Windows\System\ZaSvvof.exe
  2⤵
  PID:6128
- C:\Windows\System\DEKnVZq.exe
  C:\Windows\System\DEKnVZq.exe
  2⤵
  PID:2744
- C:\Windows\System\fbXRHgh.exe
  C:\Windows\System\fbXRHgh.exe
  2⤵
  PID:4228
- C:\Windows\System\pqQoDnk.exe
  C:\Windows\System\pqQoDnk.exe
  2⤵
  PID:5216
- C:\Windows\System\BulDUCd.exe
  C:\Windows\System\BulDUCd.exe
  2⤵
  PID:3408
- C:\Windows\System\ZDfFwVD.exe
  C:\Windows\System\ZDfFwVD.exe
  2⤵
  PID:5204
- C:\Windows\System\PmaxvqV.exe
  C:\Windows\System\PmaxvqV.exe
  2⤵
  PID:5812
- C:\Windows\System\lIacrNq.exe
  C:\Windows\System\lIacrNq.exe
  2⤵
  PID:5368
- C:\Windows\System\JZbaLxz.exe
  C:\Windows\System\JZbaLxz.exe
  2⤵
  PID:5508
- C:\Windows\System\bemoZvH.exe
  C:\Windows\System\bemoZvH.exe
  2⤵
  PID:6064
- C:\Windows\System\VxjWhCd.exe
  C:\Windows\System\VxjWhCd.exe
  2⤵
  PID:5244
- C:\Windows\System\drLpNzQ.exe
  C:\Windows\System\drLpNzQ.exe
  2⤵
  PID:5872
- C:\Windows\System\BZKvUUG.exe
  C:\Windows\System\BZKvUUG.exe
  2⤵
  PID:6164
- C:\Windows\System\GlOTqiu.exe
  C:\Windows\System\GlOTqiu.exe
  2⤵
  PID:6184
- C:\Windows\System\jKKwwnx.exe
  C:\Windows\System\jKKwwnx.exe
  2⤵
  PID:6204
- C:\Windows\System\tgwCwXw.exe
  C:\Windows\System\tgwCwXw.exe
  2⤵
  PID:6224
- C:\Windows\System\XzCyaRq.exe
  C:\Windows\System\XzCyaRq.exe
  2⤵
  PID:6252
- C:\Windows\System\PrxYHEr.exe
  C:\Windows\System\PrxYHEr.exe
  2⤵
  PID:6272
- C:\Windows\System\jOaAMVg.exe
  C:\Windows\System\jOaAMVg.exe
  2⤵
  PID:6296
- C:\Windows\System\GwwZlAI.exe
  C:\Windows\System\GwwZlAI.exe
  2⤵
  PID:6312
- C:\Windows\System\wKYlapz.exe
  C:\Windows\System\wKYlapz.exe
  2⤵
  PID:6336
- C:\Windows\System\kINcmxQ.exe
  C:\Windows\System\kINcmxQ.exe
  2⤵
  PID:6360
- C:\Windows\System\ahooWGC.exe
  C:\Windows\System\ahooWGC.exe
  2⤵
  PID:6380
- C:\Windows\System\XFVJzqk.exe
  C:\Windows\System\XFVJzqk.exe
  2⤵
  PID:6396
- C:\Windows\System\flMlpxN.exe
  C:\Windows\System\flMlpxN.exe
  2⤵
  PID:6416
- C:\Windows\System\wfOYSux.exe
  C:\Windows\System\wfOYSux.exe
  2⤵
  PID:6440
- C:\Windows\System\gfYapIV.exe
  C:\Windows\System\gfYapIV.exe
  2⤵
  PID:6460
- C:\Windows\System\gAufpDa.exe
  C:\Windows\System\gAufpDa.exe
  2⤵
  PID:6480
- C:\Windows\System\RmUUCsV.exe
  C:\Windows\System\RmUUCsV.exe
  2⤵
  PID:6500
- C:\Windows\System\VAEuAfx.exe
  C:\Windows\System\VAEuAfx.exe
  2⤵
  PID:6520
- C:\Windows\System\UIVLJRw.exe
  C:\Windows\System\UIVLJRw.exe
  2⤵
  PID:6536
- C:\Windows\System\orCYiEY.exe
  C:\Windows\System\orCYiEY.exe
  2⤵
  PID:6560
- C:\Windows\System\TkHBtYw.exe
  C:\Windows\System\TkHBtYw.exe
  2⤵
  PID:6576
- C:\Windows\System\oKRsLzi.exe
  C:\Windows\System\oKRsLzi.exe
  2⤵
  PID:6596
- C:\Windows\System\UJnaSse.exe
  C:\Windows\System\UJnaSse.exe
  2⤵
  PID:6620
- C:\Windows\System\SOAEYEq.exe
  C:\Windows\System\SOAEYEq.exe
  2⤵
  PID:6640
- C:\Windows\System\yCpYwqv.exe
  C:\Windows\System\yCpYwqv.exe
  2⤵
  PID:6660
- C:\Windows\System\jfpyNOe.exe
  C:\Windows\System\jfpyNOe.exe
  2⤵
  PID:6680
- C:\Windows\System\KJNRnmg.exe
  C:\Windows\System\KJNRnmg.exe
  2⤵
  PID:6700
- C:\Windows\System\nfYhZBK.exe
  C:\Windows\System\nfYhZBK.exe
  2⤵
  PID:6720
- C:\Windows\System\EPFJReW.exe
  C:\Windows\System\EPFJReW.exe
  2⤵
  PID:6736
- C:\Windows\System\zjSzpBq.exe
  C:\Windows\System\zjSzpBq.exe
  2⤵
  PID:6752
- C:\Windows\System\cmioHoe.exe
  C:\Windows\System\cmioHoe.exe
  2⤵
  PID:6772
- C:\Windows\System\eJKtAAS.exe
  C:\Windows\System\eJKtAAS.exe
  2⤵
  PID:6788
- C:\Windows\System\dYzMNbw.exe
  C:\Windows\System\dYzMNbw.exe
  2⤵
  PID:6816
- C:\Windows\System\kQABLat.exe
  C:\Windows\System\kQABLat.exe
  2⤵
  PID:6836
- C:\Windows\System\WivEiyT.exe
  C:\Windows\System\WivEiyT.exe
  2⤵
  PID:6856
- C:\Windows\System\JQdquIV.exe
  C:\Windows\System\JQdquIV.exe
  2⤵
  PID:6872
- C:\Windows\System\FQYJKri.exe
  C:\Windows\System\FQYJKri.exe
  2⤵
  PID:6896
- C:\Windows\System\MtknLgt.exe
  C:\Windows\System\MtknLgt.exe
  2⤵
  PID:6920
- C:\Windows\System\wMlzvIh.exe
  C:\Windows\System\wMlzvIh.exe
  2⤵
  PID:6940
- C:\Windows\System\DPktdPQ.exe
  C:\Windows\System\DPktdPQ.exe
  2⤵
  PID:6956
- C:\Windows\System\xJLKpHu.exe
  C:\Windows\System\xJLKpHu.exe
  2⤵
  PID:6976
- C:\Windows\System\OvgVdeA.exe
  C:\Windows\System\OvgVdeA.exe
  2⤵
  PID:6996
- C:\Windows\System\XEitNZF.exe
  C:\Windows\System\XEitNZF.exe
  2⤵
  PID:7016
- C:\Windows\System\nyMGaiG.exe
  C:\Windows\System\nyMGaiG.exe
  2⤵
  PID:7036
- C:\Windows\System\PsYbHOr.exe
  C:\Windows\System\PsYbHOr.exe
  2⤵
  PID:7056
- C:\Windows\System\WHzEswa.exe
  C:\Windows\System\WHzEswa.exe
  2⤵
  PID:7076
- C:\Windows\System\efiZeGy.exe
  C:\Windows\System\efiZeGy.exe
  2⤵
  PID:7096
- C:\Windows\System\fIYdaNo.exe
  C:\Windows\System\fIYdaNo.exe
  2⤵
  PID:7112
- C:\Windows\System\fVvhICK.exe
  C:\Windows\System\fVvhICK.exe
  2⤵
  PID:7136
- C:\Windows\System\hCljRRN.exe
  C:\Windows\System\hCljRRN.exe
  2⤵
  PID:7152
- C:\Windows\System\eQeguaC.exe
  C:\Windows\System\eQeguaC.exe
  2⤵
  PID:5328
- C:\Windows\System\LhBpOUl.exe
  C:\Windows\System\LhBpOUl.exe
  2⤵
  PID:5052
- C:\Windows\System\maMRNVY.exe
  C:\Windows\System\maMRNVY.exe
  2⤵
  PID:5484
- C:\Windows\System\MoxrIHX.exe
  C:\Windows\System\MoxrIHX.exe
  2⤵
  PID:5776
- C:\Windows\System\UHNMPUK.exe
  C:\Windows\System\UHNMPUK.exe
  2⤵
  PID:5832
- C:\Windows\System\lICkYte.exe
  C:\Windows\System\lICkYte.exe
  2⤵
  PID:5544
- C:\Windows\System\Yfklvon.exe
  C:\Windows\System\Yfklvon.exe
  2⤵
  PID:5524
- C:\Windows\System\kOlTrxE.exe
  C:\Windows\System\kOlTrxE.exe
  2⤵
  PID:5140
- C:\Windows\System\rcFOxPC.exe
  C:\Windows\System\rcFOxPC.exe
  2⤵
  PID:5964
- C:\Windows\System\oZXKIEB.exe
  C:\Windows\System\oZXKIEB.exe
  2⤵
  PID:6172
- C:\Windows\System\aZrnEdQ.exe
  C:\Windows\System\aZrnEdQ.exe
  2⤵
  PID:5856
- C:\Windows\System\cqANFcr.exe
  C:\Windows\System\cqANFcr.exe
  2⤵
  PID:6196
- C:\Windows\System\MvBbtFO.exe
  C:\Windows\System\MvBbtFO.exe
  2⤵
  PID:6192
- C:\Windows\System\WSxpWYQ.exe
  C:\Windows\System\WSxpWYQ.exe
  2⤵
  PID:5424
- C:\Windows\System\rBERdZR.exe
  C:\Windows\System\rBERdZR.exe
  2⤵
  PID:6268
- C:\Windows\System\DjlrDux.exe
  C:\Windows\System\DjlrDux.exe
  2⤵
  PID:6240
- C:\Windows\System\aNzUzMB.exe
  C:\Windows\System\aNzUzMB.exe
  2⤵
  PID:6292
- C:\Windows\System\fvmrHbZ.exe
  C:\Windows\System\fvmrHbZ.exe
  2⤵
  PID:6324
- C:\Windows\System\ygUbEAe.exe
  C:\Windows\System\ygUbEAe.exe
  2⤵
  PID:6328
- C:\Windows\System\glPCSoS.exe
  C:\Windows\System\glPCSoS.exe
  2⤵
  PID:6432
- C:\Windows\System\qdsygEb.exe
  C:\Windows\System\qdsygEb.exe
  2⤵
  PID:6412
- C:\Windows\System\dMgMMkO.exe
  C:\Windows\System\dMgMMkO.exe
  2⤵
  PID:6508
- C:\Windows\System\VlTTpuA.exe
  C:\Windows\System\VlTTpuA.exe
  2⤵
  PID:6556
- C:\Windows\System\QmmfgIr.exe
  C:\Windows\System\QmmfgIr.exe
  2⤵
  PID:6488
- C:\Windows\System\CeupaeM.exe
  C:\Windows\System\CeupaeM.exe
  2⤵
  PID:6532
- C:\Windows\System\kZfTBoa.exe
  C:\Windows\System\kZfTBoa.exe
  2⤵
  PID:6572
- C:\Windows\System\ffetMPD.exe
  C:\Windows\System\ffetMPD.exe
  2⤵
  PID:6668
- C:\Windows\System\LCYdPCk.exe
  C:\Windows\System\LCYdPCk.exe
  2⤵
  PID:6712
- C:\Windows\System\orByaFQ.exe
  C:\Windows\System\orByaFQ.exe
  2⤵
  PID:6648
- C:\Windows\System\vUdkLWA.exe
  C:\Windows\System\vUdkLWA.exe
  2⤵
  PID:6748
- C:\Windows\System\lqcccdg.exe
  C:\Windows\System\lqcccdg.exe
  2⤵
  PID:6784
- C:\Windows\System\bVDjccT.exe
  C:\Windows\System\bVDjccT.exe
  2⤵
  PID:6828
- C:\Windows\System\eJYnrks.exe
  C:\Windows\System\eJYnrks.exe
  2⤵
  PID:6916
- C:\Windows\System\rAGJZaC.exe
  C:\Windows\System\rAGJZaC.exe
  2⤵
  PID:6804
- C:\Windows\System\rMQquzy.exe
  C:\Windows\System\rMQquzy.exe
  2⤵
  PID:6952
- C:\Windows\System\ELkQgkg.exe
  C:\Windows\System\ELkQgkg.exe
  2⤵
  PID:6844
- C:\Windows\System\uxUrJgq.exe
  C:\Windows\System\uxUrJgq.exe
  2⤵
  PID:7024
- C:\Windows\System\vWLUHRH.exe
  C:\Windows\System\vWLUHRH.exe
  2⤵
  PID:7064
- C:\Windows\System\HSKQhkt.exe
  C:\Windows\System\HSKQhkt.exe
  2⤵
  PID:7068
- C:\Windows\System\NjXcQKr.exe
  C:\Windows\System\NjXcQKr.exe
  2⤵
  PID:7148
- C:\Windows\System\xTMgIIS.exe
  C:\Windows\System\xTMgIIS.exe
  2⤵
  PID:3996
- C:\Windows\System\gjTdQAs.exe
  C:\Windows\System\gjTdQAs.exe
  2⤵
  PID:6964
- C:\Windows\System\uxzXThS.exe
  C:\Windows\System\uxzXThS.exe
  2⤵
  PID:6012
- C:\Windows\System\Cjhmkqa.exe
  C:\Windows\System\Cjhmkqa.exe
  2⤵
  PID:6004
- C:\Windows\System\SiklUmR.exe
  C:\Windows\System\SiklUmR.exe
  2⤵
  PID:6160
- C:\Windows\System\NlbYhLm.exe
  C:\Windows\System\NlbYhLm.exe
  2⤵
  PID:2524
- C:\Windows\System\TWyeuRB.exe
  C:\Windows\System\TWyeuRB.exe
  2⤵
  PID:6236
- C:\Windows\System\uUcFdBL.exe
  C:\Windows\System\uUcFdBL.exe
  2⤵
  PID:6424
- C:\Windows\System\dfFhjZd.exe
  C:\Windows\System\dfFhjZd.exe
  2⤵
  PID:6456
- C:\Windows\System\SVKIeyH.exe
  C:\Windows\System\SVKIeyH.exe
  2⤵
  PID:7120
- C:\Windows\System\LutQczq.exe
  C:\Windows\System\LutQczq.exe
  2⤵
  PID:7160
- C:\Windows\System\hMiyqHR.exe
  C:\Windows\System\hMiyqHR.exe
  2⤵
  PID:5724
- C:\Windows\System\MvukpnD.exe
  C:\Windows\System\MvukpnD.exe
  2⤵
  PID:3028
- C:\Windows\System\Gdodpvw.exe
  C:\Windows\System\Gdodpvw.exe
  2⤵
  PID:7008
- C:\Windows\System\DYwyDBK.exe
  C:\Windows\System\DYwyDBK.exe
  2⤵
  PID:5440
- C:\Windows\System\MeEzDWn.exe
  C:\Windows\System\MeEzDWn.exe
  2⤵
  PID:2228
- C:\Windows\System\WybdNrv.exe
  C:\Windows\System\WybdNrv.exe
  2⤵
  PID:5340
- C:\Windows\System\StUiOEb.exe
  C:\Windows\System\StUiOEb.exe
  2⤵
  PID:6200
- C:\Windows\System\sJzcAsD.exe
  C:\Windows\System\sJzcAsD.exe
  2⤵
  PID:6308
- C:\Windows\System\TZarHsI.exe
  C:\Windows\System\TZarHsI.exe
  2⤵
  PID:6388
- C:\Windows\System\xkTJbuq.exe
  C:\Windows\System\xkTJbuq.exe
  2⤵
  PID:6512
- C:\Windows\System\xQFlUpH.exe
  C:\Windows\System\xQFlUpH.exe
  2⤵
  PID:6592
- C:\Windows\System\PbPIHNa.exe
  C:\Windows\System\PbPIHNa.exe
  2⤵
  PID:6632
- C:\Windows\System\EqNdvBV.exe
  C:\Windows\System\EqNdvBV.exe
  2⤵
  PID:2816
- C:\Windows\System\UraccUs.exe
  C:\Windows\System\UraccUs.exe
  2⤵
  PID:2700
- C:\Windows\System\GAhaFgc.exe
  C:\Windows\System\GAhaFgc.exe
  2⤵
  PID:5324
- C:\Windows\System\EaLFCVK.exe
  C:\Windows\System\EaLFCVK.exe
  2⤵
  PID:6908
- C:\Windows\System\nzgzhym.exe
  C:\Windows\System\nzgzhym.exe
  2⤵
  PID:5700
- C:\Windows\System\kfsqbol.exe
  C:\Windows\System\kfsqbol.exe
  2⤵
  PID:2432
- C:\Windows\System\mKqRFJY.exe
  C:\Windows\System\mKqRFJY.exe
  2⤵
  PID:6692
- C:\Windows\System\jGXKLmE.exe
  C:\Windows\System\jGXKLmE.exe
  2⤵
  PID:4164
- C:\Windows\System\lhCIqry.exe
  C:\Windows\System\lhCIqry.exe
  2⤵
  PID:6928
- C:\Windows\System\gSCIaHE.exe
  C:\Windows\System\gSCIaHE.exe
  2⤵
  PID:6948
- C:\Windows\System\ukgYmPy.exe
  C:\Windows\System\ukgYmPy.exe
  2⤵
  PID:6232
- C:\Windows\System\smKOYnq.exe
  C:\Windows\System\smKOYnq.exe
  2⤵
  PID:6472
- C:\Windows\System\BdBBSSK.exe
  C:\Windows\System\BdBBSSK.exe
  2⤵
  PID:7132
- C:\Windows\System\OkHcMCW.exe
  C:\Windows\System\OkHcMCW.exe
  2⤵
  PID:2704
- C:\Windows\System\oqCiLwc.exe
  C:\Windows\System\oqCiLwc.exe
  2⤵
  PID:2340
- C:\Windows\System\odbIrSz.exe
  C:\Windows\System\odbIrSz.exe
  2⤵
  PID:1776
- C:\Windows\System\ZlqoHcV.exe
  C:\Windows\System\ZlqoHcV.exe
  2⤵
  PID:876
- C:\Windows\System\aUdiOSB.exe
  C:\Windows\System\aUdiOSB.exe
  2⤵
  PID:7108
- C:\Windows\System\ANHUAXU.exe
  C:\Windows\System\ANHUAXU.exe
  2⤵
  PID:7012
- C:\Windows\System\vxgZOFz.exe
  C:\Windows\System\vxgZOFz.exe
  2⤵
  PID:5640
- C:\Windows\System\oZRhXly.exe
  C:\Windows\System\oZRhXly.exe
  2⤵
  PID:6264
- C:\Windows\System\DHDRRIF.exe
  C:\Windows\System\DHDRRIF.exe
  2⤵
  PID:6404
- C:\Windows\System\KQlIXjR.exe
  C:\Windows\System\KQlIXjR.exe
  2⤵
  PID:6216
- C:\Windows\System\lTGxKYz.exe
  C:\Windows\System\lTGxKYz.exe
  2⤵
  PID:6492
- C:\Windows\System\hdRMRBB.exe
  C:\Windows\System\hdRMRBB.exe
  2⤵
  PID:6356
- C:\Windows\System\IflYyST.exe
  C:\Windows\System\IflYyST.exe
  2⤵
  PID:6728
- C:\Windows\System\MTUgXTJ.exe
  C:\Windows\System\MTUgXTJ.exe
  2⤵
  PID:6476
- C:\Windows\System\oGafisd.exe
  C:\Windows\System\oGafisd.exe
  2⤵
  PID:6888
- C:\Windows\System\ictWoHB.exe
  C:\Windows\System\ictWoHB.exe
  2⤵
  PID:6744
- C:\Windows\System\iBairEh.exe
  C:\Windows\System\iBairEh.exe
  2⤵
  PID:5968
- C:\Windows\System\oxZIQQL.exe
  C:\Windows\System\oxZIQQL.exe
  2⤵
  PID:7128
- C:\Windows\System\NlDLLad.exe
  C:\Windows\System\NlDLLad.exe
  2⤵
  PID:3108
- C:\Windows\System\HzcNLHR.exe
  C:\Windows\System\HzcNLHR.exe
  2⤵
  PID:4748
- C:\Windows\System\xDAQzmY.exe
  C:\Windows\System\xDAQzmY.exe
  2⤵
  PID:6408
- C:\Windows\System\JQLdMoe.exe
  C:\Windows\System\JQLdMoe.exe
  2⤵
  PID:6548
- C:\Windows\System\fAvVGgn.exe
  C:\Windows\System\fAvVGgn.exe
  2⤵
  PID:7048
- C:\Windows\System\vDbkhNE.exe
  C:\Windows\System\vDbkhNE.exe
  2⤵
  PID:6636
- C:\Windows\System\UoJnoJI.exe
  C:\Windows\System\UoJnoJI.exe
  2⤵
  PID:1932
- C:\Windows\System\hOMStBj.exe
  C:\Windows\System\hOMStBj.exe
  2⤵
  PID:7184
- C:\Windows\System\DknDcDZ.exe
  C:\Windows\System\DknDcDZ.exe
  2⤵
  PID:7200
- C:\Windows\System\sjaHumJ.exe
  C:\Windows\System\sjaHumJ.exe
  2⤵
  PID:7216
- C:\Windows\System\VeEqElf.exe
  C:\Windows\System\VeEqElf.exe
  2⤵
  PID:7232
- C:\Windows\System\HVGshTc.exe
  C:\Windows\System\HVGshTc.exe
  2⤵
  PID:7248
- C:\Windows\System\YEyDZvt.exe
  C:\Windows\System\YEyDZvt.exe
  2⤵
  PID:7264
- C:\Windows\System\xqJQYIX.exe
  C:\Windows\System\xqJQYIX.exe
  2⤵
  PID:7280
- C:\Windows\System\wkiqHRx.exe
  C:\Windows\System\wkiqHRx.exe
  2⤵
  PID:7296
- C:\Windows\System\ulSrhQW.exe
  C:\Windows\System\ulSrhQW.exe
  2⤵
  PID:7312
- C:\Windows\System\PmMMIFj.exe
  C:\Windows\System\PmMMIFj.exe
  2⤵
  PID:7328
- C:\Windows\System\tEbjPXJ.exe
  C:\Windows\System\tEbjPXJ.exe
  2⤵
  PID:7344
- C:\Windows\System\iABIDfH.exe
  C:\Windows\System\iABIDfH.exe
  2⤵
  PID:7360
- C:\Windows\System\roUEPcL.exe
  C:\Windows\System\roUEPcL.exe
  2⤵
  PID:7376
- C:\Windows\System\CnJFqWb.exe
  C:\Windows\System\CnJFqWb.exe
  2⤵
  PID:7392
- C:\Windows\System\dllsXyy.exe
  C:\Windows\System\dllsXyy.exe
  2⤵
  PID:7408
- C:\Windows\System\LEjFZHk.exe
  C:\Windows\System\LEjFZHk.exe
  2⤵
  PID:7424
- C:\Windows\System\DoXKxBl.exe
  C:\Windows\System\DoXKxBl.exe
  2⤵
  PID:7440
- C:\Windows\System\JZldero.exe
  C:\Windows\System\JZldero.exe
  2⤵
  PID:7456
- C:\Windows\System\nxCLYxO.exe
  C:\Windows\System\nxCLYxO.exe
  2⤵
  PID:7472
- C:\Windows\System\Grertve.exe
  C:\Windows\System\Grertve.exe
  2⤵
  PID:7488
- C:\Windows\System\LSriTjx.exe
  C:\Windows\System\LSriTjx.exe
  2⤵
  PID:7508
- C:\Windows\System\tWwzTYj.exe
  C:\Windows\System\tWwzTYj.exe
  2⤵
  PID:7524
- C:\Windows\System\HnSdLxp.exe
  C:\Windows\System\HnSdLxp.exe
  2⤵
  PID:7540
- C:\Windows\System\XEIEBDc.exe
  C:\Windows\System\XEIEBDc.exe
  2⤵
  PID:7556
- C:\Windows\System\AihsQYh.exe
  C:\Windows\System\AihsQYh.exe
  2⤵
  PID:7572
- C:\Windows\System\vverSoM.exe
  C:\Windows\System\vverSoM.exe
  2⤵
  PID:7592
- C:\Windows\System\QezMknN.exe
  C:\Windows\System\QezMknN.exe
  2⤵
  PID:7608
- C:\Windows\System\QbbWuVT.exe
  C:\Windows\System\QbbWuVT.exe
  2⤵
  PID:7628
- C:\Windows\System\TZaRSpV.exe
  C:\Windows\System\TZaRSpV.exe
  2⤵
  PID:7648
- C:\Windows\System\EzliWHv.exe
  C:\Windows\System\EzliWHv.exe
  2⤵
  PID:7664
- C:\Windows\System\mgAuPJX.exe
  C:\Windows\System\mgAuPJX.exe
  2⤵
  PID:7680
- C:\Windows\System\WAmhZia.exe
  C:\Windows\System\WAmhZia.exe
  2⤵
  PID:7700
- C:\Windows\System\kukLIQv.exe
  C:\Windows\System\kukLIQv.exe
  2⤵
  PID:7716
- C:\Windows\System\gUWnoyr.exe
  C:\Windows\System\gUWnoyr.exe
  2⤵
  PID:7732
- C:\Windows\System\zCoiITA.exe
  C:\Windows\System\zCoiITA.exe
  2⤵
  PID:7756
- C:\Windows\System\TVOZuxl.exe
  C:\Windows\System\TVOZuxl.exe
  2⤵
  PID:8108
- C:\Windows\System\LeRmZEd.exe
  C:\Windows\System\LeRmZEd.exe
  2⤵
  PID:8128
- C:\Windows\System\DTLqXYM.exe
  C:\Windows\System\DTLqXYM.exe
  2⤵
  PID:8144
- C:\Windows\System\hzfaQcz.exe
  C:\Windows\System\hzfaQcz.exe
  2⤵
  PID:8160
- C:\Windows\System\zXJsbHv.exe
  C:\Windows\System\zXJsbHv.exe
  2⤵
  PID:8176
- C:\Windows\System\jiwEyrc.exe
  C:\Windows\System\jiwEyrc.exe
  2⤵
  PID:7176
- C:\Windows\System\oaGxKrz.exe
  C:\Windows\System\oaGxKrz.exe
  2⤵
  PID:7240
- C:\Windows\System\ZjujpKK.exe
  C:\Windows\System\ZjujpKK.exe
  2⤵
  PID:6248
- C:\Windows\System\SIuyvYi.exe
  C:\Windows\System\SIuyvYi.exe
  2⤵
  PID:6212
- C:\Windows\System\kyNtJQM.exe
  C:\Windows\System\kyNtJQM.exe
  2⤵
  PID:6852
- C:\Windows\System\IHfxTNj.exe
  C:\Windows\System\IHfxTNj.exe
  2⤵
  PID:6052
- C:\Windows\System\MIkjYHt.exe
  C:\Windows\System\MIkjYHt.exe
  2⤵
  PID:1888
- C:\Windows\System\EbirvMZ.exe
  C:\Windows\System\EbirvMZ.exe
  2⤵
  PID:7192
- C:\Windows\System\HaJOMhE.exe
  C:\Windows\System\HaJOMhE.exe
  2⤵
  PID:7256
- C:\Windows\System\MXyGfel.exe
  C:\Windows\System\MXyGfel.exe
  2⤵
  PID:7308
- C:\Windows\System\XEKySqA.exe
  C:\Windows\System\XEKySqA.exe
  2⤵
  PID:7292
- C:\Windows\System\HuzxFYV.exe
  C:\Windows\System\HuzxFYV.exe
  2⤵
  PID:7352
- C:\Windows\System\LfJKiKH.exe
  C:\Windows\System\LfJKiKH.exe
  2⤵
  PID:7356
- C:\Windows\System\PpwzjYC.exe
  C:\Windows\System\PpwzjYC.exe
  2⤵
  PID:7420
- C:\Windows\System\whnuzIk.exe
  C:\Windows\System\whnuzIk.exe
  2⤵
  PID:7464
- C:\Windows\System\kzndxrU.exe
  C:\Windows\System\kzndxrU.exe
  2⤵
  PID:7536
- C:\Windows\System\BGINgEa.exe
  C:\Windows\System\BGINgEa.exe
  2⤵
  PID:7452
- C:\Windows\System\oGTucAg.exe
  C:\Windows\System\oGTucAg.exe
  2⤵
  PID:7520
- C:\Windows\System\MeLaGls.exe
  C:\Windows\System\MeLaGls.exe
  2⤵
  PID:7588
- C:\Windows\System\lFnfCeQ.exe
  C:\Windows\System\lFnfCeQ.exe
  2⤵
  PID:7636
- C:\Windows\System\OCvMtbx.exe
  C:\Windows\System\OCvMtbx.exe
  2⤵
  PID:7660
- C:\Windows\System\tqrtOPV.exe
  C:\Windows\System\tqrtOPV.exe
  2⤵
  PID:7724
- C:\Windows\System\dObrMPq.exe
  C:\Windows\System\dObrMPq.exe
  2⤵
  PID:7728
- C:\Windows\System\MRJDkOE.exe
  C:\Windows\System\MRJDkOE.exe
  2⤵
  PID:7752
- C:\Windows\System\fYnBSbA.exe
  C:\Windows\System\fYnBSbA.exe
  2⤵
  PID:7812
- C:\Windows\System\eJQqjGS.exe
  C:\Windows\System\eJQqjGS.exe
  2⤵
  PID:7828
- C:\Windows\System\MDQYTHL.exe
  C:\Windows\System\MDQYTHL.exe
  2⤵
  PID:7844
- C:\Windows\System\qZzJgRF.exe
  C:\Windows\System\qZzJgRF.exe
  2⤵
  PID:7860
- C:\Windows\System\qveQOgi.exe
  C:\Windows\System\qveQOgi.exe
  2⤵
  PID:2540
- C:\Windows\System\EcMICbp.exe
  C:\Windows\System\EcMICbp.exe
  2⤵
  PID:7888
- C:\Windows\System\ivleNmT.exe
  C:\Windows\System\ivleNmT.exe
  2⤵
  PID:7904
- C:\Windows\System\wZAWTUw.exe
  C:\Windows\System\wZAWTUw.exe
  2⤵
  PID:7916
- C:\Windows\System\rmrlxAu.exe
  C:\Windows\System\rmrlxAu.exe
  2⤵
  PID:7932
- C:\Windows\System\DNnmwpU.exe
  C:\Windows\System\DNnmwpU.exe
  2⤵
  PID:7948
- C:\Windows\System\pNvXjUv.exe
  C:\Windows\System\pNvXjUv.exe
  2⤵
  PID:7964
- C:\Windows\System\jXvUiUC.exe
  C:\Windows\System\jXvUiUC.exe
  2⤵
  PID:7980
- C:\Windows\System\zypdlQh.exe
  C:\Windows\System\zypdlQh.exe
  2⤵
  PID:8012
- C:\Windows\System\iWuUyPI.exe
  C:\Windows\System\iWuUyPI.exe
  2⤵
  PID:7500
- C:\Windows\System\wqfmtKq.exe
  C:\Windows\System\wqfmtKq.exe
  2⤵
  PID:8052
- C:\Windows\System\VsfcBLz.exe
  C:\Windows\System\VsfcBLz.exe
  2⤵
  PID:8068
- C:\Windows\System\FEUlUqt.exe
  C:\Windows\System\FEUlUqt.exe
  2⤵
  PID:888
- C:\Windows\System\idTMSds.exe
  C:\Windows\System\idTMSds.exe
  2⤵
  PID:8096
- C:\Windows\System\ocecsLx.exe
  C:\Windows\System\ocecsLx.exe
  2⤵
  PID:8116
- C:\Windows\System\LivuPHc.exe
  C:\Windows\System\LivuPHc.exe
  2⤵
  PID:8188
- C:\Windows\System\UeqtdPW.exe
  C:\Windows\System\UeqtdPW.exe
  2⤵
  PID:8168
- C:\Windows\System\orzsanz.exe
  C:\Windows\System\orzsanz.exe
  2⤵
  PID:3040
- C:\Windows\System\XymDQjX.exe
  C:\Windows\System\XymDQjX.exe
  2⤵
  PID:6732
- C:\Windows\System\BqxDsot.exe
  C:\Windows\System\BqxDsot.exe
  2⤵
  PID:7272
- C:\Windows\System\MTrMUpw.exe
  C:\Windows\System\MTrMUpw.exe
  2⤵
  PID:7416
- C:\Windows\System\JaaefwY.exe
  C:\Windows\System\JaaefwY.exe
  2⤵
  PID:7624
- C:\Windows\System\WnfpQER.exe
  C:\Windows\System\WnfpQER.exe
  2⤵
  PID:8124
- C:\Windows\System\ZLTazYZ.exe
  C:\Windows\System\ZLTazYZ.exe
  2⤵
  PID:7820
- C:\Windows\System\MYzRDHc.exe
  C:\Windows\System\MYzRDHc.exe
  2⤵
  PID:6176
- C:\Windows\System\gYhyqEx.exe
  C:\Windows\System\gYhyqEx.exe
  2⤵
  PID:7336
- C:\Windows\System\UkENehm.exe
  C:\Windows\System\UkENehm.exe
  2⤵
  PID:7404
- C:\Windows\System\gZlTMvy.exe
  C:\Windows\System\gZlTMvy.exe
  2⤵
  PID:7448
- C:\Windows\System\nZBcbmy.exe
  C:\Windows\System\nZBcbmy.exe
  2⤵
  PID:7604
- C:\Windows\System\lAlAGtE.exe
  C:\Windows\System\lAlAGtE.exe
  2⤵
  PID:7808
- C:\Windows\System\yzBtsCO.exe
  C:\Windows\System\yzBtsCO.exe
  2⤵
  PID:7856
- C:\Windows\System\yhjqxaX.exe
  C:\Windows\System\yhjqxaX.exe
  2⤵
  PID:7884
- C:\Windows\System\bDbPBET.exe
  C:\Windows\System\bDbPBET.exe
  2⤵
  PID:7924
- C:\Windows\System\LVGotQa.exe
  C:\Windows\System\LVGotQa.exe
  2⤵
  PID:7912
- C:\Windows\System\sQJWUjZ.exe
  C:\Windows\System\sQJWUjZ.exe
  2⤵
  PID:7988
- C:\Windows\System\fprsDoX.exe
  C:\Windows\System\fprsDoX.exe
  2⤵
  PID:8020
- C:\Windows\System\HDQFtUk.exe
  C:\Windows\System\HDQFtUk.exe
  2⤵
  PID:8004
- C:\Windows\System\ErNfqho.exe
  C:\Windows\System\ErNfqho.exe
  2⤵
  PID:1936
- C:\Windows\System\qnofLRi.exe
  C:\Windows\System\qnofLRi.exe
  2⤵
  PID:8044
- C:\Windows\System\kUSXQUC.exe
  C:\Windows\System\kUSXQUC.exe
  2⤵
  PID:8048
- C:\Windows\System\IRShUin.exe
  C:\Windows\System\IRShUin.exe
  2⤵
  PID:8140
- C:\Windows\System\rmbWvPI.exe
  C:\Windows\System\rmbWvPI.exe
  2⤵
  PID:2268
- C:\Windows\System\OKKJaRm.exe
  C:\Windows\System\OKKJaRm.exe
  2⤵
  PID:7276
- C:\Windows\System\LvAprJv.exe
  C:\Windows\System\LvAprJv.exe
  2⤵
  PID:2640
- C:\Windows\System\mXPmAhW.exe
  C:\Windows\System\mXPmAhW.exe
  2⤵
  PID:7532
- C:\Windows\System\DeJyxpI.exe
  C:\Windows\System\DeJyxpI.exe
  2⤵
  PID:7484
- C:\Windows\System\aFhuZFH.exe
  C:\Windows\System\aFhuZFH.exe
  2⤵
  PID:8120
- C:\Windows\System\DMzDPIY.exe
  C:\Windows\System\DMzDPIY.exe
  2⤵
  PID:7740
- C:\Windows\System\JHXHjSz.exe
  C:\Windows\System\JHXHjSz.exe
  2⤵
  PID:2760
- C:\Windows\System\CdpVrat.exe
  C:\Windows\System\CdpVrat.exe
  2⤵
  PID:7400
- C:\Windows\System\solyTWB.exe
  C:\Windows\System\solyTWB.exe
  2⤵
  PID:7712
- C:\Windows\System\RKQUxnq.exe
  C:\Windows\System\RKQUxnq.exe
  2⤵
  PID:2804
- C:\Windows\System\PhBYgjV.exe
  C:\Windows\System\PhBYgjV.exe
  2⤵
  PID:2032
- C:\Windows\System\OvHMFSF.exe
  C:\Windows\System\OvHMFSF.exe
  2⤵
  PID:8104
- C:\Windows\System\SOgsUlS.exe
  C:\Windows\System\SOgsUlS.exe
  2⤵
  PID:8080
- C:\Windows\System\iXLEhMd.exe
  C:\Windows\System\iXLEhMd.exe
  2⤵
  PID:7580
- C:\Windows\System\ezUrfzl.exe
  C:\Windows\System\ezUrfzl.exe
  2⤵
  PID:6568
- C:\Windows\System\ADKHxSz.exe
  C:\Windows\System\ADKHxSz.exe
  2⤵
  PID:3000
- C:\Windows\System\aPWNzBT.exe
  C:\Windows\System\aPWNzBT.exe
  2⤵
  PID:7212
- C:\Windows\System\QFubWsn.exe
  C:\Windows\System\QFubWsn.exe
  2⤵
  PID:7872
- C:\Windows\System\jWZTuwB.exe
  C:\Windows\System\jWZTuwB.exe
  2⤵
  PID:2888
- C:\Windows\System\ElCtAPC.exe
  C:\Windows\System\ElCtAPC.exe
  2⤵
  PID:7944
- C:\Windows\System\ygPivEl.exe
  C:\Windows\System\ygPivEl.exe
  2⤵
  PID:7996
- C:\Windows\System\wVDpLPX.exe
  C:\Windows\System\wVDpLPX.exe
  2⤵
  PID:1668
- C:\Windows\System\wDRLhVL.exe
  C:\Windows\System\wDRLhVL.exe
  2⤵
  PID:1376
- C:\Windows\System\tAILSOl.exe
  C:\Windows\System\tAILSOl.exe
  2⤵
  PID:2620
- C:\Windows\System\inMUjeJ.exe
  C:\Windows\System\inMUjeJ.exe
  2⤵
  PID:8156
- C:\Windows\System\kMSqUAp.exe
  C:\Windows\System\kMSqUAp.exe
  2⤵
  PID:7692
- C:\Windows\System\uLzEDaO.exe
  C:\Windows\System\uLzEDaO.exe
  2⤵
  PID:7600
- C:\Windows\System\yzSrZlz.exe
  C:\Windows\System\yzSrZlz.exe
  2⤵
  PID:7940
- C:\Windows\System\vnuAuPC.exe
  C:\Windows\System\vnuAuPC.exe
  2⤵
  PID:7976
- C:\Windows\System\KVzKNng.exe
  C:\Windows\System\KVzKNng.exe
  2⤵
  PID:1240
- C:\Windows\System\ajLlEvR.exe
  C:\Windows\System\ajLlEvR.exe
  2⤵
  PID:7928
- C:\Windows\System\DRNUqfg.exe
  C:\Windows\System\DRNUqfg.exe
  2⤵
  PID:8204
- C:\Windows\System\WdWnoTw.exe
  C:\Windows\System\WdWnoTw.exe
  2⤵
  PID:8220
- C:\Windows\System\mvggjJw.exe
  C:\Windows\System\mvggjJw.exe
  2⤵
  PID:8236
- C:\Windows\System\csHRyWu.exe
  C:\Windows\System\csHRyWu.exe
  2⤵
  PID:8252
- C:\Windows\System\WfsuDtv.exe
  C:\Windows\System\WfsuDtv.exe
  2⤵
  PID:8268
- C:\Windows\System\eFULbzA.exe
  C:\Windows\System\eFULbzA.exe
  2⤵
  PID:8284
- C:\Windows\System\qZuXtUv.exe
  C:\Windows\System\qZuXtUv.exe
  2⤵
  PID:8300
- C:\Windows\System\TRCEQLl.exe
  C:\Windows\System\TRCEQLl.exe
  2⤵
  PID:8316
- C:\Windows\System\ISBCbUH.exe
  C:\Windows\System\ISBCbUH.exe
  2⤵
  PID:8340
- C:\Windows\System\dJqNPqL.exe
  C:\Windows\System\dJqNPqL.exe
  2⤵
  PID:8528
- C:\Windows\System\BvmqEGr.exe
  C:\Windows\System\BvmqEGr.exe
  2⤵
  PID:8544
- C:\Windows\System\lyrpPxz.exe
  C:\Windows\System\lyrpPxz.exe
  2⤵
  PID:8560
- C:\Windows\System\LUTIJhn.exe
  C:\Windows\System\LUTIJhn.exe
  2⤵
  PID:8576
- C:\Windows\System\MtOUEUC.exe
  C:\Windows\System\MtOUEUC.exe
  2⤵
  PID:8596
- C:\Windows\System\yMQQHSY.exe
  C:\Windows\System\yMQQHSY.exe
  2⤵
  PID:8612
- C:\Windows\System\MjLMCtG.exe
  C:\Windows\System\MjLMCtG.exe
  2⤵
  PID:8628
- C:\Windows\System\VLvSkUz.exe
  C:\Windows\System\VLvSkUz.exe
  2⤵
  PID:8644
- C:\Windows\System\dHTDvGQ.exe
  C:\Windows\System\dHTDvGQ.exe
  2⤵
  PID:8660
- C:\Windows\System\yIokQOj.exe
  C:\Windows\System\yIokQOj.exe
  2⤵
  PID:8676
- C:\Windows\System\nKjeoyJ.exe
  C:\Windows\System\nKjeoyJ.exe
  2⤵
  PID:8692
- C:\Windows\System\pbRNFyi.exe
  C:\Windows\System\pbRNFyi.exe
  2⤵
  PID:8712
- C:\Windows\System\CsYuIIk.exe
  C:\Windows\System\CsYuIIk.exe
  2⤵
  PID:8780
- C:\Windows\System\nxrCoNl.exe
  C:\Windows\System\nxrCoNl.exe
  2⤵
  PID:8796
- C:\Windows\System\jaRrrOO.exe
  C:\Windows\System\jaRrrOO.exe
  2⤵
  PID:8812
- C:\Windows\System\kgaAbqE.exe
  C:\Windows\System\kgaAbqE.exe
  2⤵
  PID:8828
- C:\Windows\System\GbnVNyO.exe
  C:\Windows\System\GbnVNyO.exe
  2⤵
  PID:8844
- C:\Windows\System\aetYIOd.exe
  C:\Windows\System\aetYIOd.exe
  2⤵
  PID:8860
- C:\Windows\System\EVTqzkM.exe
  C:\Windows\System\EVTqzkM.exe
  2⤵
  PID:8876
- C:\Windows\System\emEgbUs.exe
  C:\Windows\System\emEgbUs.exe
  2⤵
  PID:8892
- C:\Windows\System\geTCEUy.exe
  C:\Windows\System\geTCEUy.exe
  2⤵
  PID:8908
- C:\Windows\System\sRPSEyb.exe
  C:\Windows\System\sRPSEyb.exe
  2⤵
  PID:8924
- C:\Windows\System\ifchkYw.exe
  C:\Windows\System\ifchkYw.exe
  2⤵
  PID:8940
- C:\Windows\System\iaFyKhN.exe
  C:\Windows\System\iaFyKhN.exe
  2⤵
  PID:8956
- C:\Windows\System\cOVeWMJ.exe
  C:\Windows\System\cOVeWMJ.exe
  2⤵
  PID:8972
- C:\Windows\System\KYPGbGz.exe
  C:\Windows\System\KYPGbGz.exe
  2⤵
  PID:8988
- C:\Windows\System\xWrrUQB.exe
  C:\Windows\System\xWrrUQB.exe
  2⤵
  PID:9004
- C:\Windows\System\McQjtpp.exe
  C:\Windows\System\McQjtpp.exe
  2⤵
  PID:9020
- C:\Windows\System\alfUkqP.exe
  C:\Windows\System\alfUkqP.exe
  2⤵
  PID:9036
- C:\Windows\System\kkKzgbP.exe
  C:\Windows\System\kkKzgbP.exe
  2⤵
  PID:9052
- C:\Windows\System\ylUPdix.exe
  C:\Windows\System\ylUPdix.exe
  2⤵
  PID:9068
- C:\Windows\System\vurkeXH.exe
  C:\Windows\System\vurkeXH.exe
  2⤵
  PID:9084
- C:\Windows\System\YSDRkhF.exe
  C:\Windows\System\YSDRkhF.exe
  2⤵
  PID:9100
- C:\Windows\System\tJyiuPp.exe
  C:\Windows\System\tJyiuPp.exe
  2⤵
  PID:9116
- C:\Windows\System\PzksbMI.exe
  C:\Windows\System\PzksbMI.exe
  2⤵
  PID:9132
- C:\Windows\System\oZoiEpF.exe
  C:\Windows\System\oZoiEpF.exe
  2⤵
  PID:9148
- C:\Windows\System\dOMjRoE.exe
  C:\Windows\System\dOMjRoE.exe
  2⤵
  PID:9164
- C:\Windows\System\pqmqnWx.exe
  C:\Windows\System\pqmqnWx.exe
  2⤵
  PID:9180
- C:\Windows\System\VDNCCbY.exe
  C:\Windows\System\VDNCCbY.exe
  2⤵
  PID:9196
- C:\Windows\System\safvTWV.exe
  C:\Windows\System\safvTWV.exe
  2⤵
  PID:9212
- C:\Windows\System\jLGrIwN.exe
  C:\Windows\System\jLGrIwN.exe
  2⤵
  PID:7228
- C:\Windows\System\uXzOUTr.exe
  C:\Windows\System\uXzOUTr.exe
  2⤵
  PID:7852
- C:\Windows\System\gUoBlbG.exe
  C:\Windows\System\gUoBlbG.exe
  2⤵
  PID:7956
- C:\Windows\System\OrnLyTA.exe
  C:\Windows\System\OrnLyTA.exe
  2⤵
  PID:1292
- C:\Windows\System\MaFejTL.exe
  C:\Windows\System\MaFejTL.exe
  2⤵
  PID:8228
- C:\Windows\System\nuyzlEx.exe
  C:\Windows\System\nuyzlEx.exe
  2⤵
  PID:8244
- C:\Windows\System\hNppNOV.exe
  C:\Windows\System\hNppNOV.exe
  2⤵
  PID:8292
- C:\Windows\System\uxuPZnO.exe
  C:\Windows\System\uxuPZnO.exe
  2⤵
  PID:8308
- C:\Windows\System\mdIWiRB.exe
  C:\Windows\System\mdIWiRB.exe
  2⤵
  PID:8348
- C:\Windows\System\rrNtOUg.exe
  C:\Windows\System\rrNtOUg.exe
  2⤵
  PID:8364
- C:\Windows\System\yJgdRXK.exe
  C:\Windows\System\yJgdRXK.exe
  2⤵
  PID:8360
- C:\Windows\System\cMSMaKY.exe
  C:\Windows\System\cMSMaKY.exe
  2⤵
  PID:8372
- C:\Windows\System\xdbLtYg.exe
  C:\Windows\System\xdbLtYg.exe
  2⤵
  PID:8408
- C:\Windows\System\GRFuWZX.exe
  C:\Windows\System\GRFuWZX.exe
  2⤵
  PID:8424
- C:\Windows\System\YKtFwcH.exe
  C:\Windows\System\YKtFwcH.exe
  2⤵
  PID:8440
- C:\Windows\System\tkzmsFt.exe
  C:\Windows\System\tkzmsFt.exe
  2⤵
  PID:8456
- C:\Windows\System\MqtEsoE.exe
  C:\Windows\System\MqtEsoE.exe
  2⤵
  PID:8472
- C:\Windows\System\TsmrGuv.exe
  C:\Windows\System\TsmrGuv.exe
  2⤵
  PID:8488
- C:\Windows\System\ZBMvvoT.exe
  C:\Windows\System\ZBMvvoT.exe
  2⤵
  PID:8512
- C:\Windows\System\Vchclpr.exe
  C:\Windows\System\Vchclpr.exe
  2⤵
  PID:8604
- C:\Windows\System\UqYDZCX.exe
  C:\Windows\System\UqYDZCX.exe
  2⤵
  PID:8524
- C:\Windows\System\RpLGxhu.exe
  C:\Windows\System\RpLGxhu.exe
  2⤵
  PID:2260
- C:\Windows\System\CiGyEca.exe
  C:\Windows\System\CiGyEca.exe
  2⤵
  PID:8792
- C:\Windows\System\GxkSExz.exe
  C:\Windows\System\GxkSExz.exe
  2⤵
  PID:8852
- C:\Windows\System\qqWuyZG.exe
  C:\Windows\System\qqWuyZG.exe
  2⤵
  PID:8808
- C:\Windows\System\JHDtqFw.exe
  C:\Windows\System\JHDtqFw.exe
  2⤵
  PID:8872
- C:\Windows\System\fVNYqMX.exe
  C:\Windows\System\fVNYqMX.exe
  2⤵
  PID:8968
- C:\Windows\System\wMjOcqj.exe
  C:\Windows\System\wMjOcqj.exe
  2⤵
  PID:9000
- C:\Windows\System\gHGoiuq.exe
  C:\Windows\System\gHGoiuq.exe
  2⤵
  PID:8984
- C:\Windows\System\lOcvTHy.exe
  C:\Windows\System\lOcvTHy.exe
  2⤵
  PID:9048
- C:\Windows\System\fjoiRbu.exe
  C:\Windows\System\fjoiRbu.exe
  2⤵
  PID:9060
- C:\Windows\System\ERHlZOJ.exe
  C:\Windows\System\ERHlZOJ.exe
  2⤵
  PID:316
- C:\Windows\System\NYjVQXv.exe
  C:\Windows\System\NYjVQXv.exe
  2⤵
  PID:8216
- C:\Windows\System\CifBNRH.exe
  C:\Windows\System\CifBNRH.exe
  2⤵
  PID:9176
- C:\Windows\System\dDkFpxI.exe
  C:\Windows\System\dDkFpxI.exe
  2⤵
  PID:9140
- C:\Windows\System\EhslWXc.exe
  C:\Windows\System\EhslWXc.exe
  2⤵
  PID:8264
- C:\Windows\System\zDVNbBy.exe
  C:\Windows\System\zDVNbBy.exe
  2⤵
  PID:7372
- C:\Windows\System\dqdfxcP.exe
  C:\Windows\System\dqdfxcP.exe
  2⤵
  PID:9124
- C:\Windows\System\FYiwRwc.exe
  C:\Windows\System\FYiwRwc.exe
  2⤵
  PID:2108
- C:\Windows\System\HfCZvbW.exe
  C:\Windows\System\HfCZvbW.exe
  2⤵
  PID:2828
- C:\Windows\System\btFFurN.exe
  C:\Windows\System\btFFurN.exe
  2⤵
  PID:8420
- C:\Windows\System\VOwvDdC.exe
  C:\Windows\System\VOwvDdC.exe
  2⤵
  PID:8324
- C:\Windows\System\TPgKICc.exe
  C:\Windows\System\TPgKICc.exe
  2⤵
  PID:8504
- C:\Windows\System\EwbhCcS.exe
  C:\Windows\System\EwbhCcS.exe
  2⤵
  PID:8436
- C:\Windows\System\PnhlIdz.exe
  C:\Windows\System\PnhlIdz.exe
  2⤵
  PID:8480
- C:\Windows\System\QLuSTMs.exe
  C:\Windows\System\QLuSTMs.exe
  2⤵
  PID:3052
- C:\Windows\System\cIiQZnQ.exe
  C:\Windows\System\cIiQZnQ.exe
  2⤵
  PID:8540
- C:\Windows\System\nmWqABi.exe
  C:\Windows\System\nmWqABi.exe
  2⤵
  PID:8636
- C:\Windows\System\dtofDji.exe
  C:\Windows\System\dtofDji.exe
  2⤵
  PID:2040
- C:\Windows\System\kVrzgpt.exe
  C:\Windows\System\kVrzgpt.exe
  2⤵
  PID:8700
- C:\Windows\System\GBxivJQ.exe
  C:\Windows\System\GBxivJQ.exe
  2⤵
  PID:8584
- C:\Windows\System\dcETGtJ.exe
  C:\Windows\System\dcETGtJ.exe
  2⤵
  PID:8620
- C:\Windows\System\sXGDOee.exe
  C:\Windows\System\sXGDOee.exe
  2⤵
  PID:1548
- C:\Windows\System\KoawcJW.exe
  C:\Windows\System\KoawcJW.exe
  2⤵
  PID:8724
- C:\Windows\System\GdSUzrB.exe
  C:\Windows\System\GdSUzrB.exe
  2⤵
  PID:332
- C:\Windows\System\hnUJRWV.exe
  C:\Windows\System\hnUJRWV.exe
  2⤵
  PID:8748
- C:\Windows\System\jSJdCUq.exe
  C:\Windows\System\jSJdCUq.exe
  2⤵
  PID:2768
- C:\Windows\System\UyzxYsD.exe
  C:\Windows\System\UyzxYsD.exe
  2⤵
  PID:8768
- C:\Windows\System\YbBaRhr.exe
  C:\Windows\System\YbBaRhr.exe
  2⤵
  PID:8824
- C:\Windows\System\EjggvVm.exe
  C:\Windows\System\EjggvVm.exe
  2⤵
  PID:2684
- C:\Windows\System\JyZIBuH.exe
  C:\Windows\System\JyZIBuH.exe
  2⤵
  PID:8804
- C:\Windows\System\YCDOwFy.exe
  C:\Windows\System\YCDOwFy.exe
  2⤵
  PID:8996
- C:\Windows\System\opKxyIY.exe
  C:\Windows\System\opKxyIY.exe
  2⤵
  PID:9064
- C:\Windows\System\hJyAAiX.exe
  C:\Windows\System\hJyAAiX.exe
  2⤵
  PID:9144
- C:\Windows\System\PSOpWEq.exe
  C:\Windows\System\PSOpWEq.exe
  2⤵
  PID:8900
- C:\Windows\System\YkBxkeG.exe
  C:\Windows\System\YkBxkeG.exe
  2⤵
  PID:8980
- C:\Windows\System\WQCCsmL.exe
  C:\Windows\System\WQCCsmL.exe
  2⤵
  PID:2908
- C:\Windows\System\SkZxRlQ.exe
  C:\Windows\System\SkZxRlQ.exe
  2⤵
  PID:9192
- C:\Windows\System\sBNEBRW.exe
  C:\Windows\System\sBNEBRW.exe
  2⤵
  PID:7824
- C:\Windows\System\kfvTSIz.exe
  C:\Windows\System\kfvTSIz.exe
  2⤵
  PID:8336
- C:\Windows\System\pjNHSFG.exe
  C:\Windows\System\pjNHSFG.exe
  2⤵
  PID:8468
- C:\Windows\System\Riapfrm.exe
  C:\Windows\System\Riapfrm.exe
  2⤵
  PID:8572
- C:\Windows\System\FyVLWmX.exe
  C:\Windows\System\FyVLWmX.exe
  2⤵
  PID:9160
- C:\Windows\System\NfflpRt.exe
  C:\Windows\System\NfflpRt.exe
  2⤵
  PID:8392
- C:\Windows\System\jQQLNjS.exe
  C:\Windows\System\jQQLNjS.exe
  2⤵
  PID:8368
- C:\Windows\System\pDdhlIL.exe
  C:\Windows\System\pDdhlIL.exe
  2⤵
  PID:8520
- C:\Windows\System\FwCMTFv.exe
  C:\Windows\System\FwCMTFv.exe
  2⤵
  PID:8556
- C:\Windows\System\eVWrnKa.exe
  C:\Windows\System\eVWrnKa.exe
  2⤵
  PID:8688
- C:\Windows\System\FATYKhj.exe
  C:\Windows\System\FATYKhj.exe
  2⤵
  PID:8740
- C:\Windows\System\wxqemGi.exe
  C:\Windows\System\wxqemGi.exe
  2⤵
  PID:8836
- C:\Windows\System\YiPdNqG.exe
  C:\Windows\System\YiPdNqG.exe
  2⤵
  PID:8820
- C:\Windows\System\PMfeaFk.exe
  C:\Windows\System\PMfeaFk.exe
  2⤵
  PID:9188
- C:\Windows\System\emvXnRw.exe
  C:\Windows\System\emvXnRw.exe
  2⤵
  PID:8752
- C:\Windows\System\kwPeUli.exe
  C:\Windows\System\kwPeUli.exe
  2⤵
  PID:7340
- C:\Windows\System\YwHJjrm.exe
  C:\Windows\System\YwHJjrm.exe
  2⤵
  PID:2848
- C:\Windows\System\aRLuxoJ.exe
  C:\Windows\System\aRLuxoJ.exe
  2⤵
  PID:9232
- C:\Windows\System\oGloSBe.exe
  C:\Windows\System\oGloSBe.exe
  2⤵
  PID:9248
- C:\Windows\System\oAmQQzc.exe
  C:\Windows\System\oAmQQzc.exe
  2⤵
  PID:9264
- C:\Windows\System\zmqPrgi.exe
  C:\Windows\System\zmqPrgi.exe
  2⤵
  PID:9280
- C:\Windows\System\fRlfIIj.exe
  C:\Windows\System\fRlfIIj.exe
  2⤵
  PID:9296
- C:\Windows\System\ipxxXmG.exe
  C:\Windows\System\ipxxXmG.exe
  2⤵
  PID:9312
- C:\Windows\System\omfPcIy.exe
  C:\Windows\System\omfPcIy.exe
  2⤵
  PID:9336
- C:\Windows\System\ZSFasrz.exe
  C:\Windows\System\ZSFasrz.exe
  2⤵
  PID:9352
- C:\Windows\System\lAyjVOJ.exe
  C:\Windows\System\lAyjVOJ.exe
  2⤵
  PID:9368
- C:\Windows\System\NzaRWWr.exe
  C:\Windows\System\NzaRWWr.exe
  2⤵
  PID:9384
- C:\Windows\System\ktxtejD.exe
  C:\Windows\System\ktxtejD.exe
  2⤵
  PID:9400
- C:\Windows\System\EYPHjFt.exe
  C:\Windows\System\EYPHjFt.exe
  2⤵
  PID:9416
- C:\Windows\System\hiHWcYd.exe
  C:\Windows\System\hiHWcYd.exe
  2⤵
  PID:9432
- C:\Windows\System\ccjaByP.exe
  C:\Windows\System\ccjaByP.exe
  2⤵
  PID:9448
- C:\Windows\System\yZQQflL.exe
  C:\Windows\System\yZQQflL.exe
  2⤵
  PID:9464
- C:\Windows\System\VpAuFQp.exe
  C:\Windows\System\VpAuFQp.exe
  2⤵
  PID:9480
- C:\Windows\System\gABdSoV.exe
  C:\Windows\System\gABdSoV.exe
  2⤵
  PID:9496
- C:\Windows\System\bxUAlmg.exe
  C:\Windows\System\bxUAlmg.exe
  2⤵
  PID:9512
- C:\Windows\System\uLHAjmt.exe
  C:\Windows\System\uLHAjmt.exe
  2⤵
  PID:9528
- C:\Windows\System\YtzMxrv.exe
  C:\Windows\System\YtzMxrv.exe
  2⤵
  PID:9548
- C:\Windows\System\eMaGHos.exe
  C:\Windows\System\eMaGHos.exe
  2⤵
  PID:9564
- C:\Windows\System\WuuzIrc.exe
  C:\Windows\System\WuuzIrc.exe
  2⤵
  PID:9580
- C:\Windows\System\IUvxBYn.exe
  C:\Windows\System\IUvxBYn.exe
  2⤵
  PID:9596
- C:\Windows\System\XEprowP.exe
  C:\Windows\System\XEprowP.exe
  2⤵
  PID:9612
- C:\Windows\System\BeYkeTU.exe
  C:\Windows\System\BeYkeTU.exe
  2⤵
  PID:9628
- C:\Windows\System\pjgwrWd.exe
  C:\Windows\System\pjgwrWd.exe
  2⤵
  PID:9644
- C:\Windows\System\NGVhifL.exe
  C:\Windows\System\NGVhifL.exe
  2⤵
  PID:9660
- C:\Windows\System\dCPLsfl.exe
  C:\Windows\System\dCPLsfl.exe
  2⤵
  PID:9676
- C:\Windows\System\ZYacjzp.exe
  C:\Windows\System\ZYacjzp.exe
  2⤵
  PID:9692
- C:\Windows\System\oNGPkiv.exe
  C:\Windows\System\oNGPkiv.exe
  2⤵
  PID:9708
- C:\Windows\System\FfbqIKv.exe
  C:\Windows\System\FfbqIKv.exe
  2⤵
  PID:9724
- C:\Windows\System\yNnYblZ.exe
  C:\Windows\System\yNnYblZ.exe
  2⤵
  PID:9740
- C:\Windows\System\FJRvwCt.exe
  C:\Windows\System\FJRvwCt.exe
  2⤵
  PID:9756
- C:\Windows\System\CMEXLRg.exe
  C:\Windows\System\CMEXLRg.exe
  2⤵
  PID:9772
- C:\Windows\System\vFLPKsr.exe
  C:\Windows\System\vFLPKsr.exe
  2⤵
  PID:9788
- C:\Windows\System\NtjzNYa.exe
  C:\Windows\System\NtjzNYa.exe
  2⤵
  PID:9804
- C:\Windows\System\GtpmTeX.exe
  C:\Windows\System\GtpmTeX.exe
  2⤵
  PID:9820
- C:\Windows\System\JTZNFfj.exe
  C:\Windows\System\JTZNFfj.exe
  2⤵
  PID:9840
- C:\Windows\System\fbgFYBq.exe
  C:\Windows\System\fbgFYBq.exe
  2⤵
  PID:9860
- C:\Windows\System\fQRTESR.exe
  C:\Windows\System\fQRTESR.exe
  2⤵
  PID:9876
- C:\Windows\System\RzyTwcP.exe
  C:\Windows\System\RzyTwcP.exe
  2⤵
  PID:9892
- C:\Windows\System\xCjzICP.exe
  C:\Windows\System\xCjzICP.exe
  2⤵
  PID:9916
- C:\Windows\System\Dlnfwgt.exe
  C:\Windows\System\Dlnfwgt.exe
  2⤵
  PID:9936
- C:\Windows\System\BnqbxYR.exe
  C:\Windows\System\BnqbxYR.exe
  2⤵
  PID:10040
- C:\Windows\System\xwOklav.exe
  C:\Windows\System\xwOklav.exe
  2⤵
  PID:10064
- C:\Windows\System\VgasRmM.exe
  C:\Windows\System\VgasRmM.exe
  2⤵
  PID:10080
- C:\Windows\System\eQWSVDP.exe
  C:\Windows\System\eQWSVDP.exe
  2⤵
  PID:10104
- C:\Windows\System\ZQPTfpQ.exe
  C:\Windows\System\ZQPTfpQ.exe
  2⤵
  PID:10172
- C:\Windows\System\hFyxmix.exe
  C:\Windows\System\hFyxmix.exe
  2⤵
  PID:8728
- C:\Windows\System\cXNVRYF.exe
  C:\Windows\System\cXNVRYF.exe
  2⤵
  PID:2072
- C:\Windows\System\qksFYuW.exe
  C:\Windows\System\qksFYuW.exe
  2⤵
  PID:8840
- C:\Windows\System\PKFXkzs.exe
  C:\Windows\System\PKFXkzs.exe
  2⤵
  PID:8328
- C:\Windows\System\iHuDpLV.exe
  C:\Windows\System\iHuDpLV.exe
  2⤵
  PID:9240
- C:\Windows\System\hLmzBmC.exe
  C:\Windows\System\hLmzBmC.exe
  2⤵
  PID:2088
- C:\Windows\System\FcQphzd.exe
  C:\Windows\System\FcQphzd.exe
  2⤵
  PID:2276
- C:\Windows\System\tbjeMQB.exe
  C:\Windows\System\tbjeMQB.exe
  2⤵
  PID:9260
- C:\Windows\System\QtkafZw.exe
  C:\Windows\System\QtkafZw.exe
  2⤵
  PID:9304
- C:\Windows\System\KspXEzR.exe
  C:\Windows\System\KspXEzR.exe
  2⤵
  PID:9348
- C:\Windows\System\tCIrzqg.exe
  C:\Windows\System\tCIrzqg.exe
  2⤵
  PID:9456
- C:\Windows\System\EhjBwwO.exe
  C:\Windows\System\EhjBwwO.exe
  2⤵
  PID:9764
- C:\Windows\System\FKAxXUQ.exe
  C:\Windows\System\FKAxXUQ.exe
  2⤵
  PID:9652
- C:\Windows\System\psNVWEl.exe
  C:\Windows\System\psNVWEl.exe
  2⤵
  PID:9884
- C:\Windows\System\lmNDxLH.exe
  C:\Windows\System\lmNDxLH.exe
  2⤵
  PID:9872
- C:\Windows\System\xSAVjji.exe
  C:\Windows\System\xSAVjji.exe
  2⤵
  PID:9928
- C:\Windows\System\ceAEIOg.exe
  C:\Windows\System\ceAEIOg.exe
  2⤵
  PID:9964
- C:\Windows\System\xdZOwbX.exe
  C:\Windows\System\xdZOwbX.exe
  2⤵
  PID:9972
- C:\Windows\System\bhKfbdg.exe
  C:\Windows\System\bhKfbdg.exe
  2⤵
  PID:7800
- C:\Windows\System\HMWEYgh.exe
  C:\Windows\System\HMWEYgh.exe
  2⤵
  PID:9992
- C:\Windows\System\hyGMAAX.exe
  C:\Windows\System\hyGMAAX.exe
  2⤵
  PID:10000
- C:\Windows\System\uBMncKt.exe
  C:\Windows\System\uBMncKt.exe
  2⤵
  PID:10016
- C:\Windows\System\bcMsaTf.exe
  C:\Windows\System\bcMsaTf.exe
  2⤵
  PID:10056
- C:\Windows\System\HmVCwXX.exe
  C:\Windows\System\HmVCwXX.exe
  2⤵
  PID:10088
- C:\Windows\System\THaWLMc.exe
  C:\Windows\System\THaWLMc.exe
  2⤵
  PID:1152
- C:\Windows\System\eZPWwmn.exe
  C:\Windows\System\eZPWwmn.exe
  2⤵
  PID:10136
- C:\Windows\System\sBFWeeR.exe
  C:\Windows\System\sBFWeeR.exe
  2⤵
  PID:10168
- C:\Windows\System\aafAWgt.exe
  C:\Windows\System\aafAWgt.exe
  2⤵
  PID:2248
- C:\Windows\System\kpaGXIJ.exe
  C:\Windows\System\kpaGXIJ.exe
  2⤵
  PID:10204
- C:\Windows\System\jigBAuC.exe
  C:\Windows\System\jigBAuC.exe
  2⤵
  PID:10224
- C:\Windows\System\bUILCXQ.exe
  C:\Windows\System\bUILCXQ.exe
  2⤵
  PID:8708
- C:\Windows\System\ctJIPRf.exe
  C:\Windows\System\ctJIPRf.exe
  2⤵
  PID:8720
- C:\Windows\System\Myzeasn.exe
  C:\Windows\System\Myzeasn.exe
  2⤵
  PID:9108
- C:\Windows\System\okOnOFe.exe
  C:\Windows\System\okOnOFe.exe
  2⤵
  PID:8500
- C:\Windows\System\PjOIuQb.exe
  C:\Windows\System\PjOIuQb.exe
  2⤵
  PID:8704
- C:\Windows\System\nYGyJdu.exe
  C:\Windows\System\nYGyJdu.exe
  2⤵
  PID:9016
- C:\Windows\System\joldokc.exe
  C:\Windows\System\joldokc.exe
  2⤵
  PID:9256
- C:\Windows\System\runubXJ.exe
  C:\Windows\System\runubXJ.exe
  2⤵
  PID:9292
- C:\Windows\System\YfipuUl.exe
  C:\Windows\System\YfipuUl.exe
  2⤵
  PID:9332
- C:\Windows\System\kijqenI.exe
  C:\Windows\System\kijqenI.exe
  2⤵
  PID:9376
- C:\Windows\System\QQvoXGV.exe
  C:\Windows\System\QQvoXGV.exe
  2⤵
  PID:9424
- C:\Windows\System\VJrqiWw.exe
  C:\Windows\System\VJrqiWw.exe
  2⤵
  PID:9504
- C:\Windows\System\EfNZeoQ.exe
  C:\Windows\System\EfNZeoQ.exe
  2⤵
  PID:9556
- C:\Windows\System\kPaQfkW.exe
  C:\Windows\System\kPaQfkW.exe
  2⤵
  PID:9476
- C:\Windows\System\uaFELzk.exe
  C:\Windows\System\uaFELzk.exe
  2⤵
  PID:9428
- C:\Windows\System\nBQVtIr.exe
  C:\Windows\System\nBQVtIr.exe
  2⤵
  PID:9636
- C:\Windows\System\IVTxPHD.exe
  C:\Windows\System\IVTxPHD.exe
  2⤵
  PID:9672
- C:\Windows\System\uXTfLip.exe
  C:\Windows\System\uXTfLip.exe
  2⤵
  PID:9668
- C:\Windows\System\KGRsido.exe
  C:\Windows\System\KGRsido.exe
  2⤵
  PID:9656
- C:\Windows\System\ECmbAvU.exe
  C:\Windows\System\ECmbAvU.exe
  2⤵
  PID:9688
- C:\Windows\System\LkfHPRG.exe
  C:\Windows\System\LkfHPRG.exe
  2⤵
  PID:9784
- C:\Windows\System\nDKSBZk.exe
  C:\Windows\System\nDKSBZk.exe
  2⤵
  PID:9832
- C:\Windows\System\gsOsvcd.exe
  C:\Windows\System\gsOsvcd.exe
  2⤵
  PID:9856
- C:\Windows\System\gomGmpO.exe
  C:\Windows\System\gomGmpO.exe
  2⤵
  PID:9828
- C:\Windows\System\CdRauqA.exe
  C:\Windows\System\CdRauqA.exe
  2⤵
  PID:984
- C:\Windows\System\JKGfatk.exe
  C:\Windows\System\JKGfatk.exe
  2⤵
  PID:9944
- C:\Windows\System\rAzGvVI.exe
  C:\Windows\System\rAzGvVI.exe
  2⤵
  PID:2676
- C:\Windows\System\ixEsmow.exe
  C:\Windows\System\ixEsmow.exe
  2⤵
  PID:9328
- C:\Windows\System\vpfXPlH.exe
  C:\Windows\System\vpfXPlH.exe
  2⤵
  PID:10012
- C:\Windows\System\vPCUttt.exe
  C:\Windows\System\vPCUttt.exe
  2⤵
  PID:10008
- C:\Windows\System\tGvSHDm.exe
  C:\Windows\System\tGvSHDm.exe
  2⤵
  PID:10072
- C:\Windows\System\GkEvCCp.exe
  C:\Windows\System\GkEvCCp.exe
  2⤵
  PID:10116
- C:\Windows\System\BWoXiCr.exe
  C:\Windows\System\BWoXiCr.exe
  2⤵
  PID:10152
- C:\Windows\System\jUMYUob.exe
  C:\Windows\System\jUMYUob.exe
  2⤵
  PID:10184
- C:\Windows\System\onHIteT.exe
  C:\Windows\System\onHIteT.exe
  2⤵
  PID:10200
- C:\Windows\System\mBhWMzu.exe
  C:\Windows\System\mBhWMzu.exe
  2⤵
  PID:10232
- C:\Windows\System\zzBiETb.exe
  C:\Windows\System\zzBiETb.exe
  2⤵
  PID:8384
- C:\Windows\System\QMhEWxS.exe
  C:\Windows\System\QMhEWxS.exe
  2⤵
  PID:9904
- C:\Windows\System\WQwmGRO.exe
  C:\Windows\System\WQwmGRO.exe
  2⤵
  PID:9324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ApjuPVF.exe

Filesize
6.0MB

MD5
fae207bb9dfc7a9f633a8939c73f05ee

SHA1
5fa0354b40d7f1186b7451c2db70362644e59f46

SHA256
4098b1a94b385b5cdf36a9e95222da2526ac02c21ecdb24db2d7f2c8e9aa37e8

SHA512
33af9d1ddb54752efd3567acace9c32d18c422f05f14b3e30677e1ae93217a8265edd5d396b133737767c9d06230e14d50097bb91ccfb37bc4d866980fa6c00a

Download Submit
C:\Windows\system\EbjHIIT.exe

Filesize
6.0MB

MD5
af712f407223e5d0dd5a9876aa66d69c

SHA1
9e17548893d0b38e76cf2243d73de3ec268b3614

SHA256
9efd785e5449296e525c9eaf38f1290dc18a786c8016921e3b6129fcfa7da2b8

SHA512
cde605d0c0fe5b0482860eceedb5134300659b761aaaefcc3ac3f6b865f80a279853eeba76cbfa68592a494c54a118e97c58402c28384708c5fde1516735b985

Download Submit
C:\Windows\system\FJSHTfB.exe

Filesize
6.0MB

MD5
b1c9bdb4179cdd584e32a3743295881e

SHA1
90a01ed2a01ba6e5f08099ed8465ba4603aa362d

SHA256
c9af09f6d2e2394927d39b39dee1b6c1a9c3874b5edcbddbef3e66a72bae1ea7

SHA512
44f9b93e3ea2ff3acb3ff7d8f0ecb640ff0607a7587b6b2696f67ecf98cf549055cbd6ae9c8c12e66bd5ad72e733a8fc4824fcf721a77083b9f98e016518dc0e

Download Submit
C:\Windows\system\GGEdqyN.exe

Filesize
6.0MB

MD5
c0eec6ea7c88d4b3b71d9911a6cdcae0

SHA1
a78a1a6b24ec448197c7ea1c7a64ba472a922c14

SHA256
0bfe08549e48328c51b6a584785f9031de1613c3df373604cee8bfc8e8e93cf6

SHA512
1a39c38b23d9f2be80724b05d5ebc0f570d922a4de4122729cb2680366d8b5803d23f961e4a196969ff2de139c7e62cdc1684232715d6358986f4a8659562c26

Download Submit
C:\Windows\system\GuPlNCm.exe

Filesize
6.0MB

MD5
086e27917003a2d6f50fbb6ec4f0f244

SHA1
15a7d48afa156a7e54a6f4a1b4a964fed845471e

SHA256
9411e23749527799badea8bc35154e9bf1a012deac1b99e792904f30bad7559d

SHA512
eb8413cd8088aff9c0d1cdf37137fc941103a08d7235bdf4fe709e63136972ebbaa7fef8661a58ac9184240b5aeb3e9f90548cede25c9d7fdf0f29ca6fb8c4c5

Download Submit
C:\Windows\system\IbzsqsP.exe

Filesize
6.0MB

MD5
d2768be8a652d22e443f18f10e042c6b

SHA1
d958e59cde95f726362236613ba43cd0056c9a26

SHA256
15a77adc2389aea23bc3ea86feafc3670382a76164e6c57f412f02284f579ae5

SHA512
882f55cbb4a021aa18f2b3f7ba0e446a9997456a393f6a2462c5adbd664d06cea4a8ad78cde37881819c856573af361ed8e707f9ac8ce20f81ae5957f6ccd78c

Download Submit
C:\Windows\system\Iwiiwzs.exe

Filesize
6.0MB

MD5
8123b9f165938c56ea3a1b8f600cfe7b

SHA1
61b22137f41e12a22694610732b981b5bdf3d285

SHA256
26fe09a29a9481de17e30144dbc2f45e3f7eff18032887bdfb6f499db0073900

SHA512
840482b0e7654a9de333c633489a61046135adb255015e5b8e4df87a6f30a338a51c788b5c223c0b2481b235ca71bcbdbc19305bd1eaeda5ab0e6be5d5c1418e

Download Submit
C:\Windows\system\KLaECah.exe

Filesize
6.0MB

MD5
09d6508ef0449a5fa1e1c7b1a47bd26a

SHA1
bfae766dcee9d75885e40221c139c5cd481d61c9

SHA256
727ab4778f68ccbd4a47ef9915dbee63e667273eed344352d2a261ddfa2a7890

SHA512
f59bc0217d2537ebe68c19c17dee7b72f0f90234ea50cb156a6ea6508e0206608357104e1e685afb4a93c8bdec750beef9d9139f6965cc23f74654d216365f53

Download Submit
C:\Windows\system\RBmHWew.exe

Filesize
6.0MB

MD5
98892d4532a37c93fb85b27652adc44e

SHA1
8efbfc536e0567127a1fe8d1d68739ec0900f0b4

SHA256
c6e23486ab39e46b77f5e601755d9a2670a3b03eb3fb6d57b7910c79b125148e

SHA512
8bded5ae4a75d5a1cd85cb7eac11390eacdbb9f7ddf374e2925434018e773f6d2cf26a85a637056536b7ae42ad31bb9e9f486e26f63f50148a5eed56c12f1da0

Download Submit
C:\Windows\system\TKBfCPz.exe

Filesize
6.0MB

MD5
16c41b172f003af2511f3db0da44de0d

SHA1
c9199eea709431853dd9420fdd58ee9eabdb63a0

SHA256
1cd18bc972c8215bc431ab31cb281f3eb050ba35be727b1c5f161465a5611b67

SHA512
65b94cf5f153194ea444ae05f779acbd6114a9a222656a2b0b46abb4e9eed780ee8229ac6394a551c69283a60ea734bbf7b71ac6d4daa5424ce61302e816051f

Download Submit
C:\Windows\system\WiImEAV.exe

Filesize
6.0MB

MD5
67edccea7fef7000a1915c132ca12793

SHA1
7ef47d9ed2854b71ba9304a925f2bf69b01194f1

SHA256
1c28f754eeec65913a42b3b56a89f2b186c854db6249cb8c9527396af9b1b4a2

SHA512
7bdeee838f444318cb93b98ec359ada215fbbc177b1aa7bdc0c3e9df65b2d730c48f229d70e18068f9dfd5d1b392175adb13867e885a21b3908d6d17b4fd43cb

Download Submit
C:\Windows\system\XgjYsOq.exe

Filesize
6.0MB

MD5
f8572a287b9d8aca3685ff3638f2884c

SHA1
1704ac9de086802dce21aeb51001fc63e16f542c

SHA256
91fdfd80345a592313efea07cad15224d400c7d93abf78c0dd97a8244bbc552c

SHA512
98da7c2254cd1cd2ab8948d3f234c4db1a547782f16c0051a1f1c438526f5a0437b9eb13d01c36835c9a0ae8245526ee97474dde7acde8714af52626e982a5e4

Download Submit
C:\Windows\system\ajbchUB.exe

Filesize
6.0MB

MD5
a522c4a85d21539e0be8714d17a7d129

SHA1
01be746294e3e75f1a63ce175effba579c35cfbe

SHA256
befb5b35498aa4dce324dee4c943500913f444ff68b95e378bd4c19fb0e9c9c2

SHA512
0b78dca6f559070a041e84b741ece57b4146213968949dcd0663c2649da05511cb69675b84e45c6d4158ba226cc6f503fc091804af564b9cb4ad93fa41d94bb6

Download Submit
C:\Windows\system\daNkcMs.exe

Filesize
6.0MB

MD5
2a7e79f4345ec4797695c1f1bfd04097

SHA1
eb8b6cc1ac0123de8ae1dd4161c8185c99c7f6f4

SHA256
3c1b7e9f6050ea982c1d4d8c3fb70da6c1eb5605ed88e41b575ed677630c0f59

SHA512
58588f0c34d197f1288712c5a03058c70feb074c1f054c6c2b8a67da9550203f4c77f6a3fd11eff5166c45e68223740b2ffc221d5e97b0bf40632dd055671c14

Download Submit
C:\Windows\system\eBoGgzm.exe

Filesize
6.0MB

MD5
1616f3b7d85b676bd4115112769901aa

SHA1
79876941c3c068b77953b53c03bb019115d8fac8

SHA256
5b429fab03e083e3ed00e2cc8d709967be9d27c0436a5b3b77a809e6ca7075f2

SHA512
f30caf9084b91997c7122a89802881a0d62852650a821d75cdee01b62336a914c425f7b2aa577786fe2b3471f0402bc4a94cf984efe25e138d58484a2dbffdb6

Download Submit
C:\Windows\system\jFycovb.exe

Filesize
6.0MB

MD5
a041b6580eb9e303981da1191df92ce7

SHA1
050a52acc9020681ea48fc28bd35ac27899c8088

SHA256
3b2698ce06320326c23b9c9466b4913bf2322ea16e8073db9ad6fb00a158ffdf

SHA512
9a9e079c2dbc587a010f6639d878f6c0b9bf578f6cb8c4ccf58bb0b3f65a6618f0813fb1302273ad6c9467b8842e37da86ff998c22fda2a4c0f6cb23cb82f81a

Download Submit
C:\Windows\system\jWYprqL.exe

Filesize
6.0MB

MD5
2de8beefe88ad0a5a79a658584d0ea0b

SHA1
5b2bb333e49cc26a53265d31c95b7c609afd373a

SHA256
7dd3a964affcdf9f4d58ad051fa90bba64e2cb4b7221b958c682bed50bb499bf

SHA512
9b669c1ffa7c21dfd302cd5bad9bc0860242a064688c10040e16ba1f32d43a4a333f3c59bd619fb825f093fc3b27bd66e58d5948c548fac03b2e0097e339b470

Download Submit
C:\Windows\system\nORABxD.exe

Filesize
6.0MB

MD5
daadad03043a66fb2213edc63ae719f2

SHA1
8dc18934601179cdc4e009d0878b442d54b52c28

SHA256
302b7283b40bfeeea98a4508ac052f7d5f44311d83ff9fc61ca2456b5e9dd38f

SHA512
ebacacc983f3fb1eb02aab46179451ea330d25dac23710fd9316dfc63ac56d495c642ea3303a678375b3845ab133af62a74e5d061e00bcf7e38719201e11c662

Download Submit
C:\Windows\system\ndPzohL.exe

Filesize
6.0MB

MD5
5b929e16ae5d24ed51b5f414148f0fd9

SHA1
c52737200027686b85d359fa1af431b06ffe6442

SHA256
dbd34a326fe83e3b0d1ff35a6a873bfd0fab71f39569ae864e270524405184d0

SHA512
c9e101c2c51252488dc5016d26a6950a3d5ac9663475d5e40bc2bf00dd8463e7510de87f8dacdacc812abd423d78825788fc2dfa60b672727e739cc0066f343e

Download Submit
C:\Windows\system\nlbWefL.exe

Filesize
6.0MB

MD5
8de03315c4a9a3037cb1d5025bbb203e

SHA1
ff129dff7706af82d6a959b61a866385617c7bc9

SHA256
8447d07e05c52f35c60a93249609d091cf297e1cb4d3624593632463fdb42f46

SHA512
b03bd7a3e6ec8e98ddeeb9d247a56a78cc4e2ed943a44c7117787697b8ed595119de86a108ab4810cc0c5fe9d376a25229329716c79295b154ac0ca624e56612

Download Submit
C:\Windows\system\rTTjTOD.exe

Filesize
6.0MB

MD5
6d94cbfc091ad869209c29845a89b0c8

SHA1
ceb2d471263c8ad0a425850b0b9bd1f78d4a541b

SHA256
e4d770bd34845dd07c2b72f386e4c924128954212e16e01b4e9be0de44797f6d

SHA512
eebe3ab95ec4b642746e8d956419ee68585c8f6855b3a4b0cdbb56c4218176537d2af7fae3fb6b26610943ccdeb4cd5f1c823bbbfd09f89e4ed35bbb462dba2b

Download Submit
C:\Windows\system\tLJayMX.exe

Filesize
6.0MB

MD5
12401160e00a404920148eed5a3f5f6b

SHA1
6ddd453a04c1993bbd29f98c72d9e68b5bfec9a9

SHA256
50ba360fba468e652615c98bd71ab292a4dcee91c1a69e3c7733ca04c1ad1b7e

SHA512
1804688517db7ba4a86f5cd7d9a9708168174c6a1dde2bac5e2a0f37cd814efb41bb0cb23fb5272dbb5d673d2a85490053055619e0d2fe2bc027420fd5c5c9ac

Download Submit
C:\Windows\system\tzmBUey.exe

Filesize
6.0MB

MD5
e0cf8163eaffbe67a2f59667c4854ded

SHA1
f5b9225c0909fee39b2d56d6bdc9c4102a5f7483

SHA256
e66d1a63fda20a955cb579cc4b1185d07e549703da5ee396989d52a22a17d91a

SHA512
2995fda6a47f336677f0738a0f9427389cdd0ae1541c1be9403b72549617a21a1b36fce28add3f99c20f5e185671a4e76bf4dce5b50fddbef82a95e70d3b5f15

Download Submit
C:\Windows\system\wgMAUmC.exe

Filesize
6.0MB

MD5
5fface71248a463fa9ea79b5b9a5fc0b

SHA1
c28f60e3fbea5a2b47f5afa6fdfcaad443f0454d

SHA256
1c11b0b71e92a27bf3cab7fe11622c434eb5dd1cebcfbe0d415e718fed84830e

SHA512
45113e267e5367fe98634322ff6e9489ab0819559858dc0cbc7835cad88235bf67d38f5acc31a7de2084f6dc7e94641cb43eeb6514df354672ffdbc453e03456

Download Submit
C:\Windows\system\xspXghz.exe

Filesize
6.0MB

MD5
2b109d9052919f6751a1859edac896d4

SHA1
ede7c4153e84d97d572d38097b45abac2575dfe9

SHA256
b0e47d0cb07e020664f8c7fcbb4365f1acaa6d24eec5a927f7c05e0b929bdd10

SHA512
e1b7a22a7c71a335fe92085d54b9eddc66df3aa3d9ddb4bd75dfc8653743ab0b6bda9b4492b9a6a4da4f2573f68e7e15d89854879ebec80472db14471c3aedc6

Download Submit
C:\Windows\system\yPxxmPJ.exe

Filesize
6.0MB

MD5
3052911584f6b10f74fca756e0bb0b3e

SHA1
999f0446f1647a158853f1b0fa160ce70184e294

SHA256
114fc64a1340d2f5df1bba0244484066fece83dd272af7663c3b17fc5b615261

SHA512
f5317cfb86f6a081e94e08b40ecb6297e944fe8b51f9a0503142639df05c6fe26aa0f37fe2262ea1eb264fe4977f27049baa9c565d90604ee0d7a333b027622c

Download Submit
C:\Windows\system\yWSvVSJ.exe

Filesize
6.0MB

MD5
8abebb6a16aafd5b7d845fac7cfe3115

SHA1
b575799e363ad81b659f8a218cc1ba5d9b8aab50

SHA256
62fe93bf047b9e12a0c89586cd671fac2d8c819e2d3f1c232c5f8290c2eee413

SHA512
e09ac18b030890dc207de9dfb0275bc837c9966e378878bc3be115a2f8d1285e539fd0aab119d74424020e9b237b43abf1861ff6de5be49da2a0ee51a6389693

Download Submit
\Windows\system\SDMWhEe.exe

Filesize
6.0MB

MD5
1db5394a7c9202371c02fa7f79661c5d

SHA1
bda7ee1b93bb8e0064b6ee4cb245b1a1ae917b9a

SHA256
c19b13d3fc9e50dcfa61fd3c8d360d4bcc2295b7e867b617cb9938e4e6f6bbb6

SHA512
6529c340cb5154085cb31a7ef60a1196bddf59c206911f7b4db359fb2d1c32bc30fb7ffbb237d6f8957c2a846b0d8f0fd801043a3f0bb8fb71aa778b71e06cb4

Download Submit
\Windows\system\hBSnfji.exe

Filesize
6.0MB

MD5
037b47279b37d6dc05546b588ac4ebb1

SHA1
ab5daf769c847e4d84e7daf779145d67439415a6

SHA256
98aaed9857c3a56f381b77cdcfc4e32db8a94257bb8765e38d16ea286e733ad4

SHA512
3f714dee249581334d72e350766f1b81702fc71c283d7d781137395413c4ae21617b129e3562b24dda45bbb095a0deaba3010013c6adda3b80597a5a870731ef

Download Submit
\Windows\system\pbSbHgV.exe

Filesize
6.0MB

MD5
745351d3f106e7e3507e97c8d36ab289

SHA1
a3e763206c6a0c71c0ef95f70c2150b0affe23fa

SHA256
52c5387b6a2b9a3d7c8158729069fcdcf4a42e8a6e8fe8b9122d97a9156aaeb6

SHA512
0243d35d9ab0443192739e71b8cccd28257b9a3ce70e91f30b7a17910f93434ec0df975518cb167f9caa7b1fdf41aa98213a23e5748c11053c007d4e58e1f159

Download Submit
\Windows\system\tvzikwl.exe

Filesize
6.0MB

MD5
0ae4f6337622b16e10f2508ab340c9a8

SHA1
8c507a99455ac0f06456000db0db9d857d505985

SHA256
580ab034d784c837c23b143fac46fb320b98852b7046363bd275e847d0e5361a

SHA512
b3d25119192ea9e82861ab8f4bb9217550f8f61dc99eb5f15ce5d99719a5c150b26218e36dc45457ccee60e890812eabbd67dfa229338a5166658e6268ae0577

Download Submit
\Windows\system\xZtZuJq.exe

Filesize
6.0MB

MD5
324d91c464d5ce8c0680586b99755052

SHA1
bcdbc35bd44166b8012b56fc372343fceae442aa

SHA256
69df48be94c96f3f9003788eb606d77ab174c17dd732a1c99437308b030722e9

SHA512
bceb5d4f235f12f5f10ba93d0d7657280ef4c5d9442095f19201e66b0f6bcde83637bb0e471323cb6e30b3246f8443ffd578fa698989458ff6faad2ba79c1ccf

Download Submit
memory/2064-20-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-27-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2064-686-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2064-561-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2064-13-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-79-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2064-34-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2064-840-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2064-83-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2064-0-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2064-68-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2064-6-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2064-839-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2064-85-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2064-84-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1511-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2064-40-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-43-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2064-57-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2288-4270-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2288-52-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2288-443-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2352-49-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2352-9-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2352-4256-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2600-51-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4276-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-15-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-103-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2672-4253-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2692-4254-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-102-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-61-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-444-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4271-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2764-100-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2808-82-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-32-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4277-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-4267-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2812-99-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4275-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2852-41-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2852-109-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4272-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-22-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-73-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-98-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4259-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-4269-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2960-36-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2960-104-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2984-4252-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2984-101-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download