cobaltstrike | 8a665fc2216c41c37f680ceddebb752a9f72951284550532ec8917862d9c0071

Analysis

max time kernel
148s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

349d04b07f873184b883efa8e38fdbd5
SHA1

eb1eff660bb764d9d197de8dac10a97bb41ed1c3
SHA256

8a665fc2216c41c37f680ceddebb752a9f72951284550532ec8917862d9c0071
SHA512

93f19c1519372742cd5e673c5101d11802a1ee196a43a9260e957b8182f119d9f6d95b42b08152e6011e599dc54ab0da1915e111462c636ae08bc0bb622b2ea2
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU1:T+q56utgpPF8u/71

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202c-7.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186f1-9.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f4-19.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018744-38.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001878e-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-79.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001755b-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962d-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f0-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019512-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019509-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f1-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ee-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b9-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-66.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019451-61.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000187a8-52.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a9-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018704-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018739-28.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2396-0-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-7.dat	xmrig
behavioral1/files/0x00070000000186f1-9.dat	xmrig
behavioral1/memory/2368-33-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x00060000000186f4-19.dat	xmrig
behavioral1/memory/2032-35-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018744-38.dat	xmrig
behavioral1/files/0x000800000001878e-45.dat	xmrig
behavioral1/memory/2868-73-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x00050000000194c9-79.dat	xmrig
behavioral1/memory/2588-89-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x000900000001755b-103.dat	xmrig
behavioral1/files/0x0005000000019502-107.dat	xmrig
behavioral1/memory/2344-3393-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2992-3448-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2368-3447-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2072-3451-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2868-3453-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/3052-3450-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/1952-3449-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2396-586-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2868-464-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x000500000001962d-168.dat	xmrig
behavioral1/files/0x0005000000019629-160.dat	xmrig
behavioral1/files/0x000500000001962b-163.dat	xmrig
behavioral1/files/0x0005000000019627-155.dat	xmrig
behavioral1/files/0x0005000000019625-152.dat	xmrig
behavioral1/files/0x0005000000019624-148.dat	xmrig
behavioral1/files/0x0005000000019623-143.dat	xmrig
behavioral1/files/0x0005000000019621-140.dat	xmrig
behavioral1/files/0x00050000000195f0-135.dat	xmrig
behavioral1/files/0x00050000000195ab-132.dat	xmrig
behavioral1/files/0x000500000001958e-127.dat	xmrig
behavioral1/files/0x000500000001957e-123.dat	xmrig
behavioral1/files/0x0005000000019512-119.dat	xmrig
behavioral1/files/0x000500000001950e-115.dat	xmrig
behavioral1/files/0x0005000000019509-111.dat	xmrig
behavioral1/files/0x00050000000194f1-100.dat	xmrig
behavioral1/memory/2396-97-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/2284-94-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2836-93-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ee-92.dat	xmrig
behavioral1/memory/2032-91-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/876-90-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2396-86-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x00050000000194b9-85.dat	xmrig
behavioral1/files/0x0005000000019458-66.dat	xmrig
behavioral1/memory/2992-64-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/3052-63-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x0007000000019451-61.dat	xmrig
behavioral1/files/0x00070000000187a8-52.dat	xmrig
behavioral1/memory/2344-71-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a9-69.dat	xmrig
behavioral1/memory/2972-48-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2396-47-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2836-41-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x0006000000018704-31.dat	xmrig
behavioral1/memory/2640-29-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x0006000000018739-28.dat	xmrig
behavioral1/memory/1952-27-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2072-12-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2588-4033-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2836-4034-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/876-4035-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2072	tQToLOn.exe
2640	PMiuZOM.exe
1952	eHIvWeU.exe
2368	AmlCIJb.exe
2032	UDyvBil.exe
2836	OCxRnUI.exe
2972	ujEShUi.exe
3052	IFVsvef.exe
2992	ACYWBBs.exe
2344	maoTYeH.exe
2868	WZSNcMt.exe
2588	wMgachz.exe
876	mncfJUv.exe
2284	VnIrPHF.exe
2940	MSrDjAI.exe
1672	racOHGp.exe
2044	CnncuIV.exe
2376	PJnPvhk.exe
1044	hqbOLgk.exe
2920	IihiFMn.exe
2872	BHVjKlB.exe
1244	RVPlwvs.exe
1932	sYCAXFA.exe
492	alPEbLp.exe
2240	WOUlXHf.exe
3068	CzskmMu.exe
2436	SlmdOeY.exe
2216	NmfAATI.exe
2160	RJvKiEL.exe
2572	WParECq.exe
1040	kahWRqS.exe
444	oMBtDax.exe
2136	SYOFeIx.exe
1612	pZonTsL.exe
236	CCaxtQv.exe
1712	mOdUseH.exe
1268	wvGaBTh.exe
1804	ORgxUCh.exe
760	RNmxydi.exe
1728	tmiUcKo.exe
2316	arZgBmh.exe
1020	CFktfEg.exe
912	WSAWDdZ.exe
1704	AYZgyuM.exe
1464	SfxgFDb.exe
968	uUxYdIa.exe
2464	HODoHAZ.exe
1624	WsYEUOA.exe
700	SfhqDZI.exe
2500	IdUsEzG.exe
2656	enlbpjn.exe
600	OJwlXfc.exe
2116	uTGyzFB.exe
2212	YsiGDnq.exe
2388	fZpKuml.exe
2320	RNdZgPx.exe
1864	VTEPDuE.exe
2512	OZrzEXs.exe
1912	PVUTNHU.exe
1580	DjqbRtk.exe
1444	TjFxepa.exe
1596	CzEspkD.exe
1532	iWVgCAj.exe
1656	FGyCYou.exe

Loads dropped DLL 64 IoCs

pid	Process
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2396-0-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-7.dat	upx
behavioral1/files/0x00070000000186f1-9.dat	upx
behavioral1/memory/2368-33-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x00060000000186f4-19.dat	upx
behavioral1/memory/2032-35-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0006000000018744-38.dat	upx
behavioral1/files/0x000800000001878e-45.dat	upx
behavioral1/memory/2868-73-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x00050000000194c9-79.dat	upx
behavioral1/memory/2588-89-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x000900000001755b-103.dat	upx
behavioral1/files/0x0005000000019502-107.dat	upx
behavioral1/memory/2344-3393-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2992-3448-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2368-3447-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2072-3451-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2868-3453-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/3052-3450-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/1952-3449-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2868-464-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x000500000001962d-168.dat	upx
behavioral1/files/0x0005000000019629-160.dat	upx
behavioral1/files/0x000500000001962b-163.dat	upx
behavioral1/files/0x0005000000019627-155.dat	upx
behavioral1/files/0x0005000000019625-152.dat	upx
behavioral1/files/0x0005000000019624-148.dat	upx
behavioral1/files/0x0005000000019623-143.dat	upx
behavioral1/files/0x0005000000019621-140.dat	upx
behavioral1/files/0x00050000000195f0-135.dat	upx
behavioral1/files/0x00050000000195ab-132.dat	upx
behavioral1/files/0x000500000001958e-127.dat	upx
behavioral1/files/0x000500000001957e-123.dat	upx
behavioral1/files/0x0005000000019512-119.dat	upx
behavioral1/files/0x000500000001950e-115.dat	upx
behavioral1/files/0x0005000000019509-111.dat	upx
behavioral1/files/0x00050000000194f1-100.dat	upx
behavioral1/memory/2396-97-0x0000000002370000-0x00000000026C4000-memory.dmp	upx
behavioral1/memory/2284-94-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2836-93-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x00050000000194ee-92.dat	upx
behavioral1/memory/2032-91-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/876-90-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x00050000000194b9-85.dat	upx
behavioral1/files/0x0005000000019458-66.dat	upx
behavioral1/memory/2992-64-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/3052-63-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x0007000000019451-61.dat	upx
behavioral1/files/0x00070000000187a8-52.dat	upx
behavioral1/memory/2344-71-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x00050000000194a9-69.dat	upx
behavioral1/memory/2972-48-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2396-47-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2836-41-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x0006000000018704-31.dat	upx
behavioral1/memory/2640-29-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x0006000000018739-28.dat	upx
behavioral1/memory/1952-27-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2072-12-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2588-4033-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2836-4034-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/876-4035-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2284-4036-0x000000013FD00000-0x0000000140054000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kXEJwYP.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrlysFh.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxThaRs.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZHHNcj.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYPQTcF.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkdJyXI.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rhrHaLj.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afbHYFx.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIVBYGF.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfxgFDb.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoHhlQI.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiCHLdX.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNrANwn.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVsKegU.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyqbjvY.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkDYzYV.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYMTqGU.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ktZpWDY.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\brQhvyN.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOSVQNy.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMgwZti.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\weUkmFv.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPKVzYN.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUKEMuM.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDvEwQC.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTUrWvJ.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svzHVoH.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztmGYel.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSxibPC.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwIQofg.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnncuIV.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PWTkkgZ.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdlDPCm.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KEmyKru.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qTzaGfM.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmIqnPl.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxlRblJ.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpGfKfz.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctUKEdd.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBeIRZg.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znHOBpk.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BuwuOYX.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTOzdVT.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\racOHGp.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uheOKXJ.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTskCyY.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YatdSTH.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMRPzRX.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POzYoGZ.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOPuFGL.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACYWBBs.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dThVRNJ.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ipmVEGr.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cASzoAe.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVyggGO.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDvreJV.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiwlQmq.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rhMkJZj.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RITSfun.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGPTWjt.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZUcEcco.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nkSZOoa.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWEFUpW.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvehPeI.exe	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2072	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2396 wrote to memory of 2072	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2396 wrote to memory of 2072	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2396 wrote to memory of 1952	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2396 wrote to memory of 1952	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2396 wrote to memory of 1952	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2396 wrote to memory of 2640	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2396 wrote to memory of 2640	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2396 wrote to memory of 2640	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2396 wrote to memory of 2032	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2396 wrote to memory of 2032	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2396 wrote to memory of 2032	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2396 wrote to memory of 2368	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2396 wrote to memory of 2368	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2396 wrote to memory of 2368	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2396 wrote to memory of 2836	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2396 wrote to memory of 2836	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2396 wrote to memory of 2836	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2396 wrote to memory of 2972	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2396 wrote to memory of 2972	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2396 wrote to memory of 2972	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2396 wrote to memory of 3052	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2396 wrote to memory of 3052	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2396 wrote to memory of 3052	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2396 wrote to memory of 2992	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2396 wrote to memory of 2992	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2396 wrote to memory of 2992	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2396 wrote to memory of 2344	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2396 wrote to memory of 2344	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2396 wrote to memory of 2344	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2396 wrote to memory of 2868	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2396 wrote to memory of 2868	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2396 wrote to memory of 2868	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2396 wrote to memory of 876	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2396 wrote to memory of 876	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2396 wrote to memory of 876	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2396 wrote to memory of 2588	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2396 wrote to memory of 2588	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2396 wrote to memory of 2588	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2396 wrote to memory of 2284	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2396 wrote to memory of 2284	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2396 wrote to memory of 2284	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2396 wrote to memory of 2940	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2396 wrote to memory of 2940	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2396 wrote to memory of 2940	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2396 wrote to memory of 1672	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2396 wrote to memory of 1672	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2396 wrote to memory of 1672	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2396 wrote to memory of 2044	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2396 wrote to memory of 2044	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2396 wrote to memory of 2044	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2396 wrote to memory of 2376	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2396 wrote to memory of 2376	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2396 wrote to memory of 2376	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2396 wrote to memory of 1044	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2396 wrote to memory of 1044	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2396 wrote to memory of 1044	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2396 wrote to memory of 2920	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2396 wrote to memory of 2920	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2396 wrote to memory of 2920	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2396 wrote to memory of 2872	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2396 wrote to memory of 2872	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2396 wrote to memory of 2872	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2396 wrote to memory of 1244	2396	2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_349d04b07f873184b883efa8e38fdbd5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\System\tQToLOn.exe
  C:\Windows\System\tQToLOn.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\eHIvWeU.exe
  C:\Windows\System\eHIvWeU.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\PMiuZOM.exe
  C:\Windows\System\PMiuZOM.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\UDyvBil.exe
  C:\Windows\System\UDyvBil.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\AmlCIJb.exe
  C:\Windows\System\AmlCIJb.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\OCxRnUI.exe
  C:\Windows\System\OCxRnUI.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\ujEShUi.exe
  C:\Windows\System\ujEShUi.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\IFVsvef.exe
  C:\Windows\System\IFVsvef.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\ACYWBBs.exe
  C:\Windows\System\ACYWBBs.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\maoTYeH.exe
  C:\Windows\System\maoTYeH.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\WZSNcMt.exe
  C:\Windows\System\WZSNcMt.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\mncfJUv.exe
  C:\Windows\System\mncfJUv.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\wMgachz.exe
  C:\Windows\System\wMgachz.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\VnIrPHF.exe
  C:\Windows\System\VnIrPHF.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\MSrDjAI.exe
  C:\Windows\System\MSrDjAI.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\racOHGp.exe
  C:\Windows\System\racOHGp.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\CnncuIV.exe
  C:\Windows\System\CnncuIV.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\PJnPvhk.exe
  C:\Windows\System\PJnPvhk.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\hqbOLgk.exe
  C:\Windows\System\hqbOLgk.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\IihiFMn.exe
  C:\Windows\System\IihiFMn.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\BHVjKlB.exe
  C:\Windows\System\BHVjKlB.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\RVPlwvs.exe
  C:\Windows\System\RVPlwvs.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\sYCAXFA.exe
  C:\Windows\System\sYCAXFA.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\alPEbLp.exe
  C:\Windows\System\alPEbLp.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\WOUlXHf.exe
  C:\Windows\System\WOUlXHf.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\CzskmMu.exe
  C:\Windows\System\CzskmMu.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\SlmdOeY.exe
  C:\Windows\System\SlmdOeY.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\NmfAATI.exe
  C:\Windows\System\NmfAATI.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\RJvKiEL.exe
  C:\Windows\System\RJvKiEL.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\WParECq.exe
  C:\Windows\System\WParECq.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\kahWRqS.exe
  C:\Windows\System\kahWRqS.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\oMBtDax.exe
  C:\Windows\System\oMBtDax.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\SYOFeIx.exe
  C:\Windows\System\SYOFeIx.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\pZonTsL.exe
  C:\Windows\System\pZonTsL.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\CCaxtQv.exe
  C:\Windows\System\CCaxtQv.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\mOdUseH.exe
  C:\Windows\System\mOdUseH.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\wvGaBTh.exe
  C:\Windows\System\wvGaBTh.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\ORgxUCh.exe
  C:\Windows\System\ORgxUCh.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\RNmxydi.exe
  C:\Windows\System\RNmxydi.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\tmiUcKo.exe
  C:\Windows\System\tmiUcKo.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\arZgBmh.exe
  C:\Windows\System\arZgBmh.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\CFktfEg.exe
  C:\Windows\System\CFktfEg.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\WSAWDdZ.exe
  C:\Windows\System\WSAWDdZ.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\SfxgFDb.exe
  C:\Windows\System\SfxgFDb.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\AYZgyuM.exe
  C:\Windows\System\AYZgyuM.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\uUxYdIa.exe
  C:\Windows\System\uUxYdIa.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\HODoHAZ.exe
  C:\Windows\System\HODoHAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\WsYEUOA.exe
  C:\Windows\System\WsYEUOA.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\SfhqDZI.exe
  C:\Windows\System\SfhqDZI.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\IdUsEzG.exe
  C:\Windows\System\IdUsEzG.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\enlbpjn.exe
  C:\Windows\System\enlbpjn.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\OJwlXfc.exe
  C:\Windows\System\OJwlXfc.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\uTGyzFB.exe
  C:\Windows\System\uTGyzFB.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\YsiGDnq.exe
  C:\Windows\System\YsiGDnq.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\fZpKuml.exe
  C:\Windows\System\fZpKuml.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\RNdZgPx.exe
  C:\Windows\System\RNdZgPx.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\VTEPDuE.exe
  C:\Windows\System\VTEPDuE.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\OZrzEXs.exe
  C:\Windows\System\OZrzEXs.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\PVUTNHU.exe
  C:\Windows\System\PVUTNHU.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\DjqbRtk.exe
  C:\Windows\System\DjqbRtk.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\TjFxepa.exe
  C:\Windows\System\TjFxepa.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\CzEspkD.exe
  C:\Windows\System\CzEspkD.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\iWVgCAj.exe
  C:\Windows\System\iWVgCAj.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\FGyCYou.exe
  C:\Windows\System\FGyCYou.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\uZJaRJC.exe
  C:\Windows\System\uZJaRJC.exe
  2⤵
  PID:1368
- C:\Windows\System\xzEzbjQ.exe
  C:\Windows\System\xzEzbjQ.exe
  2⤵
  PID:1256
- C:\Windows\System\NlJIAUD.exe
  C:\Windows\System\NlJIAUD.exe
  2⤵
  PID:3064
- C:\Windows\System\DBVsEUo.exe
  C:\Windows\System\DBVsEUo.exe
  2⤵
  PID:2460
- C:\Windows\System\XckwMJj.exe
  C:\Windows\System\XckwMJj.exe
  2⤵
  PID:800
- C:\Windows\System\clXvKSl.exe
  C:\Windows\System\clXvKSl.exe
  2⤵
  PID:2964
- C:\Windows\System\mzlqaJr.exe
  C:\Windows\System\mzlqaJr.exe
  2⤵
  PID:2176
- C:\Windows\System\xkYllKZ.exe
  C:\Windows\System\xkYllKZ.exe
  2⤵
  PID:2816
- C:\Windows\System\MdAluBq.exe
  C:\Windows\System\MdAluBq.exe
  2⤵
  PID:2856
- C:\Windows\System\wujMiBF.exe
  C:\Windows\System\wujMiBF.exe
  2⤵
  PID:480
- C:\Windows\System\SDsBsup.exe
  C:\Windows\System\SDsBsup.exe
  2⤵
  PID:1968
- C:\Windows\System\PPJeFXG.exe
  C:\Windows\System\PPJeFXG.exe
  2⤵
  PID:2000
- C:\Windows\System\oOSVQNy.exe
  C:\Windows\System\oOSVQNy.exe
  2⤵
  PID:848
- C:\Windows\System\unYBJoO.exe
  C:\Windows\System\unYBJoO.exe
  2⤵
  PID:3004
- C:\Windows\System\OeJtVvb.exe
  C:\Windows\System\OeJtVvb.exe
  2⤵
  PID:1180
- C:\Windows\System\ctUKEdd.exe
  C:\Windows\System\ctUKEdd.exe
  2⤵
  PID:1696
- C:\Windows\System\eqSpeSk.exe
  C:\Windows\System\eqSpeSk.exe
  2⤵
  PID:2484
- C:\Windows\System\IgjWflb.exe
  C:\Windows\System\IgjWflb.exe
  2⤵
  PID:1552
- C:\Windows\System\qUEBJfw.exe
  C:\Windows\System\qUEBJfw.exe
  2⤵
  PID:924
- C:\Windows\System\ULnBPGt.exe
  C:\Windows\System\ULnBPGt.exe
  2⤵
  PID:1124
- C:\Windows\System\hibItAK.exe
  C:\Windows\System\hibItAK.exe
  2⤵
  PID:1280
- C:\Windows\System\OSbPtvh.exe
  C:\Windows\System\OSbPtvh.exe
  2⤵
  PID:276
- C:\Windows\System\lrWYCCO.exe
  C:\Windows\System\lrWYCCO.exe
  2⤵
  PID:2476
- C:\Windows\System\kOWEoON.exe
  C:\Windows\System\kOWEoON.exe
  2⤵
  PID:1800
- C:\Windows\System\WUnXzqa.exe
  C:\Windows\System\WUnXzqa.exe
  2⤵
  PID:1896
- C:\Windows\System\ODUBRIn.exe
  C:\Windows\System\ODUBRIn.exe
  2⤵
  PID:2268
- C:\Windows\System\xTRqwHL.exe
  C:\Windows\System\xTRqwHL.exe
  2⤵
  PID:564
- C:\Windows\System\fmmUHKo.exe
  C:\Windows\System\fmmUHKo.exe
  2⤵
  PID:1072
- C:\Windows\System\LeJNnyN.exe
  C:\Windows\System\LeJNnyN.exe
  2⤵
  PID:2424
- C:\Windows\System\nCFJNGf.exe
  C:\Windows\System\nCFJNGf.exe
  2⤵
  PID:1284
- C:\Windows\System\ZUcEcco.exe
  C:\Windows\System\ZUcEcco.exe
  2⤵
  PID:2504
- C:\Windows\System\lAIdzrf.exe
  C:\Windows\System\lAIdzrf.exe
  2⤵
  PID:904
- C:\Windows\System\zYQYujK.exe
  C:\Windows\System\zYQYujK.exe
  2⤵
  PID:2328
- C:\Windows\System\WQadyVb.exe
  C:\Windows\System\WQadyVb.exe
  2⤵
  PID:1536
- C:\Windows\System\NdjRGCJ.exe
  C:\Windows\System\NdjRGCJ.exe
  2⤵
  PID:1540
- C:\Windows\System\NmVTxbt.exe
  C:\Windows\System\NmVTxbt.exe
  2⤵
  PID:1572
- C:\Windows\System\KqFfthV.exe
  C:\Windows\System\KqFfthV.exe
  2⤵
  PID:2848
- C:\Windows\System\tuzYCjV.exe
  C:\Windows\System\tuzYCjV.exe
  2⤵
  PID:2768
- C:\Windows\System\JlqcaXL.exe
  C:\Windows\System\JlqcaXL.exe
  2⤵
  PID:2832
- C:\Windows\System\wczSIvJ.exe
  C:\Windows\System\wczSIvJ.exe
  2⤵
  PID:2028
- C:\Windows\System\YuYlCuf.exe
  C:\Windows\System\YuYlCuf.exe
  2⤵
  PID:3020
- C:\Windows\System\LOHCqhX.exe
  C:\Windows\System\LOHCqhX.exe
  2⤵
  PID:2180
- C:\Windows\System\FdCqfwG.exe
  C:\Windows\System\FdCqfwG.exe
  2⤵
  PID:3088
- C:\Windows\System\GsBaSXC.exe
  C:\Windows\System\GsBaSXC.exe
  2⤵
  PID:3104
- C:\Windows\System\WKtplNS.exe
  C:\Windows\System\WKtplNS.exe
  2⤵
  PID:3120
- C:\Windows\System\llgJCrG.exe
  C:\Windows\System\llgJCrG.exe
  2⤵
  PID:3136
- C:\Windows\System\FkBzNey.exe
  C:\Windows\System\FkBzNey.exe
  2⤵
  PID:3152
- C:\Windows\System\vEoNZrJ.exe
  C:\Windows\System\vEoNZrJ.exe
  2⤵
  PID:3168
- C:\Windows\System\CoNRMXo.exe
  C:\Windows\System\CoNRMXo.exe
  2⤵
  PID:3184
- C:\Windows\System\jHCdvMM.exe
  C:\Windows\System\jHCdvMM.exe
  2⤵
  PID:3200
- C:\Windows\System\JYgBpnZ.exe
  C:\Windows\System\JYgBpnZ.exe
  2⤵
  PID:3216
- C:\Windows\System\uZMdzUD.exe
  C:\Windows\System\uZMdzUD.exe
  2⤵
  PID:3232
- C:\Windows\System\hMQuyCf.exe
  C:\Windows\System\hMQuyCf.exe
  2⤵
  PID:3248
- C:\Windows\System\yHfUCPu.exe
  C:\Windows\System\yHfUCPu.exe
  2⤵
  PID:3264
- C:\Windows\System\vQYWJwX.exe
  C:\Windows\System\vQYWJwX.exe
  2⤵
  PID:3280
- C:\Windows\System\taybQDo.exe
  C:\Windows\System\taybQDo.exe
  2⤵
  PID:3296
- C:\Windows\System\cplNrjz.exe
  C:\Windows\System\cplNrjz.exe
  2⤵
  PID:3312
- C:\Windows\System\GGPMQdu.exe
  C:\Windows\System\GGPMQdu.exe
  2⤵
  PID:3332
- C:\Windows\System\lIfkvrV.exe
  C:\Windows\System\lIfkvrV.exe
  2⤵
  PID:3348
- C:\Windows\System\vjwxgNk.exe
  C:\Windows\System\vjwxgNk.exe
  2⤵
  PID:3364
- C:\Windows\System\KwZBAHT.exe
  C:\Windows\System\KwZBAHT.exe
  2⤵
  PID:3380
- C:\Windows\System\BqlhIeR.exe
  C:\Windows\System\BqlhIeR.exe
  2⤵
  PID:3396
- C:\Windows\System\gGRTauw.exe
  C:\Windows\System\gGRTauw.exe
  2⤵
  PID:3412
- C:\Windows\System\eXddZfY.exe
  C:\Windows\System\eXddZfY.exe
  2⤵
  PID:3428
- C:\Windows\System\bjdVXXQ.exe
  C:\Windows\System\bjdVXXQ.exe
  2⤵
  PID:3444
- C:\Windows\System\LmnGgRH.exe
  C:\Windows\System\LmnGgRH.exe
  2⤵
  PID:3460
- C:\Windows\System\WsgJYyB.exe
  C:\Windows\System\WsgJYyB.exe
  2⤵
  PID:3476
- C:\Windows\System\eHqsKsM.exe
  C:\Windows\System\eHqsKsM.exe
  2⤵
  PID:3492
- C:\Windows\System\FhXhEGZ.exe
  C:\Windows\System\FhXhEGZ.exe
  2⤵
  PID:3508
- C:\Windows\System\kREMlrP.exe
  C:\Windows\System\kREMlrP.exe
  2⤵
  PID:3524
- C:\Windows\System\YfDANtQ.exe
  C:\Windows\System\YfDANtQ.exe
  2⤵
  PID:3540
- C:\Windows\System\hdHhYUA.exe
  C:\Windows\System\hdHhYUA.exe
  2⤵
  PID:3556
- C:\Windows\System\ZJCZfrB.exe
  C:\Windows\System\ZJCZfrB.exe
  2⤵
  PID:3572
- C:\Windows\System\BBeIRZg.exe
  C:\Windows\System\BBeIRZg.exe
  2⤵
  PID:3588
- C:\Windows\System\xUyZdQr.exe
  C:\Windows\System\xUyZdQr.exe
  2⤵
  PID:3604
- C:\Windows\System\yJsjhot.exe
  C:\Windows\System\yJsjhot.exe
  2⤵
  PID:3620
- C:\Windows\System\svzHVoH.exe
  C:\Windows\System\svzHVoH.exe
  2⤵
  PID:3636
- C:\Windows\System\nkSZOoa.exe
  C:\Windows\System\nkSZOoa.exe
  2⤵
  PID:3652
- C:\Windows\System\tWwuphK.exe
  C:\Windows\System\tWwuphK.exe
  2⤵
  PID:3668
- C:\Windows\System\QygPGoP.exe
  C:\Windows\System\QygPGoP.exe
  2⤵
  PID:3684
- C:\Windows\System\nOvYBju.exe
  C:\Windows\System\nOvYBju.exe
  2⤵
  PID:3700
- C:\Windows\System\cpiVdCd.exe
  C:\Windows\System\cpiVdCd.exe
  2⤵
  PID:3716
- C:\Windows\System\rTllvyC.exe
  C:\Windows\System\rTllvyC.exe
  2⤵
  PID:3736
- C:\Windows\System\lSvhBKf.exe
  C:\Windows\System\lSvhBKf.exe
  2⤵
  PID:3752
- C:\Windows\System\bRZwYXK.exe
  C:\Windows\System\bRZwYXK.exe
  2⤵
  PID:3768
- C:\Windows\System\lwxaCbv.exe
  C:\Windows\System\lwxaCbv.exe
  2⤵
  PID:3784
- C:\Windows\System\znHOBpk.exe
  C:\Windows\System\znHOBpk.exe
  2⤵
  PID:3800
- C:\Windows\System\GGxoLzU.exe
  C:\Windows\System\GGxoLzU.exe
  2⤵
  PID:3820
- C:\Windows\System\fbbYWAa.exe
  C:\Windows\System\fbbYWAa.exe
  2⤵
  PID:3836
- C:\Windows\System\qxkiesS.exe
  C:\Windows\System\qxkiesS.exe
  2⤵
  PID:3852
- C:\Windows\System\vXoiymV.exe
  C:\Windows\System\vXoiymV.exe
  2⤵
  PID:3868
- C:\Windows\System\qTzaGfM.exe
  C:\Windows\System\qTzaGfM.exe
  2⤵
  PID:3884
- C:\Windows\System\AJmbgdR.exe
  C:\Windows\System\AJmbgdR.exe
  2⤵
  PID:3900
- C:\Windows\System\BatxQag.exe
  C:\Windows\System\BatxQag.exe
  2⤵
  PID:3916
- C:\Windows\System\IWtMGpf.exe
  C:\Windows\System\IWtMGpf.exe
  2⤵
  PID:3932
- C:\Windows\System\iLMkkgL.exe
  C:\Windows\System\iLMkkgL.exe
  2⤵
  PID:3948
- C:\Windows\System\pYVdpYq.exe
  C:\Windows\System\pYVdpYq.exe
  2⤵
  PID:3964
- C:\Windows\System\KyPOOjB.exe
  C:\Windows\System\KyPOOjB.exe
  2⤵
  PID:3980
- C:\Windows\System\YMgwZti.exe
  C:\Windows\System\YMgwZti.exe
  2⤵
  PID:3996
- C:\Windows\System\qiTzkqn.exe
  C:\Windows\System\qiTzkqn.exe
  2⤵
  PID:4012
- C:\Windows\System\EoYgSVY.exe
  C:\Windows\System\EoYgSVY.exe
  2⤵
  PID:4028
- C:\Windows\System\hklBqLM.exe
  C:\Windows\System\hklBqLM.exe
  2⤵
  PID:4044
- C:\Windows\System\FOoBlsQ.exe
  C:\Windows\System\FOoBlsQ.exe
  2⤵
  PID:4060
- C:\Windows\System\VhQFtwX.exe
  C:\Windows\System\VhQFtwX.exe
  2⤵
  PID:4076
- C:\Windows\System\oadcVmm.exe
  C:\Windows\System\oadcVmm.exe
  2⤵
  PID:4092
- C:\Windows\System\AeiGaIA.exe
  C:\Windows\System\AeiGaIA.exe
  2⤵
  PID:2632
- C:\Windows\System\orJSNBR.exe
  C:\Windows\System\orJSNBR.exe
  2⤵
  PID:1928
- C:\Windows\System\DWKmtai.exe
  C:\Windows\System\DWKmtai.exe
  2⤵
  PID:992
- C:\Windows\System\yWEFUpW.exe
  C:\Windows\System\yWEFUpW.exe
  2⤵
  PID:1876
- C:\Windows\System\ltdsaEq.exe
  C:\Windows\System\ltdsaEq.exe
  2⤵
  PID:2664
- C:\Windows\System\ZjqkLAb.exe
  C:\Windows\System\ZjqkLAb.exe
  2⤵
  PID:2260
- C:\Windows\System\batpAcI.exe
  C:\Windows\System\batpAcI.exe
  2⤵
  PID:2996
- C:\Windows\System\oGHlVKt.exe
  C:\Windows\System\oGHlVKt.exe
  2⤵
  PID:2648
- C:\Windows\System\oPPmvVx.exe
  C:\Windows\System\oPPmvVx.exe
  2⤵
  PID:2288
- C:\Windows\System\kXjOeGP.exe
  C:\Windows\System\kXjOeGP.exe
  2⤵
  PID:1668
- C:\Windows\System\sqpKqIz.exe
  C:\Windows\System\sqpKqIz.exe
  2⤵
  PID:2516
- C:\Windows\System\AoiCfrb.exe
  C:\Windows\System\AoiCfrb.exe
  2⤵
  PID:3084
- C:\Windows\System\RLKBcet.exe
  C:\Windows\System\RLKBcet.exe
  2⤵
  PID:3096
- C:\Windows\System\nEkCDZJ.exe
  C:\Windows\System\nEkCDZJ.exe
  2⤵
  PID:3128
- C:\Windows\System\IRYhyMB.exe
  C:\Windows\System\IRYhyMB.exe
  2⤵
  PID:3160
- C:\Windows\System\oItgVey.exe
  C:\Windows\System\oItgVey.exe
  2⤵
  PID:3192
- C:\Windows\System\uCvdhbr.exe
  C:\Windows\System\uCvdhbr.exe
  2⤵
  PID:3224
- C:\Windows\System\XuOQynP.exe
  C:\Windows\System\XuOQynP.exe
  2⤵
  PID:3256
- C:\Windows\System\JgIGynA.exe
  C:\Windows\System\JgIGynA.exe
  2⤵
  PID:3288
- C:\Windows\System\VfsCQfC.exe
  C:\Windows\System\VfsCQfC.exe
  2⤵
  PID:3340
- C:\Windows\System\CCJYDae.exe
  C:\Windows\System\CCJYDae.exe
  2⤵
  PID:3372
- C:\Windows\System\bDvreJV.exe
  C:\Windows\System\bDvreJV.exe
  2⤵
  PID:3404
- C:\Windows\System\KfJxefR.exe
  C:\Windows\System\KfJxefR.exe
  2⤵
  PID:2576
- C:\Windows\System\iVuXLsb.exe
  C:\Windows\System\iVuXLsb.exe
  2⤵
  PID:3468
- C:\Windows\System\treBCbE.exe
  C:\Windows\System\treBCbE.exe
  2⤵
  PID:3484
- C:\Windows\System\SurudFE.exe
  C:\Windows\System\SurudFE.exe
  2⤵
  PID:3516
- C:\Windows\System\TGFMDKE.exe
  C:\Windows\System\TGFMDKE.exe
  2⤵
  PID:3564
- C:\Windows\System\OIeuqUo.exe
  C:\Windows\System\OIeuqUo.exe
  2⤵
  PID:3580
- C:\Windows\System\UxipDuF.exe
  C:\Windows\System\UxipDuF.exe
  2⤵
  PID:3612
- C:\Windows\System\HdJvgMh.exe
  C:\Windows\System\HdJvgMh.exe
  2⤵
  PID:3616
- C:\Windows\System\opeRIVC.exe
  C:\Windows\System\opeRIVC.exe
  2⤵
  PID:3692
- C:\Windows\System\jpGfKfz.exe
  C:\Windows\System\jpGfKfz.exe
  2⤵
  PID:3708
- C:\Windows\System\BmBXKFS.exe
  C:\Windows\System\BmBXKFS.exe
  2⤵
  PID:3744
- C:\Windows\System\vvRUcnP.exe
  C:\Windows\System\vvRUcnP.exe
  2⤵
  PID:3776
- C:\Windows\System\WfFaNMc.exe
  C:\Windows\System\WfFaNMc.exe
  2⤵
  PID:3828
- C:\Windows\System\urQGrlG.exe
  C:\Windows\System\urQGrlG.exe
  2⤵
  PID:3844
- C:\Windows\System\ypyalqq.exe
  C:\Windows\System\ypyalqq.exe
  2⤵
  PID:3892
- C:\Windows\System\unyDIWl.exe
  C:\Windows\System\unyDIWl.exe
  2⤵
  PID:3908
- C:\Windows\System\fmJnanU.exe
  C:\Windows\System\fmJnanU.exe
  2⤵
  PID:3940
- C:\Windows\System\JyWNEKZ.exe
  C:\Windows\System\JyWNEKZ.exe
  2⤵
  PID:3988
- C:\Windows\System\DxRkDMo.exe
  C:\Windows\System\DxRkDMo.exe
  2⤵
  PID:3976
- C:\Windows\System\fSGwmqm.exe
  C:\Windows\System\fSGwmqm.exe
  2⤵
  PID:4036
- C:\Windows\System\nxFTSed.exe
  C:\Windows\System\nxFTSed.exe
  2⤵
  PID:4068
- C:\Windows\System\dJrwlzf.exe
  C:\Windows\System\dJrwlzf.exe
  2⤵
  PID:4088
- C:\Windows\System\tOVIWNt.exe
  C:\Windows\System\tOVIWNt.exe
  2⤵
  PID:2184
- C:\Windows\System\TDzGuby.exe
  C:\Windows\System\TDzGuby.exe
  2⤵
  PID:2924
- C:\Windows\System\nJZIQUI.exe
  C:\Windows\System\nJZIQUI.exe
  2⤵
  PID:572
- C:\Windows\System\CmGKkkR.exe
  C:\Windows\System\CmGKkkR.exe
  2⤵
  PID:2132
- C:\Windows\System\dWlzXsk.exe
  C:\Windows\System\dWlzXsk.exe
  2⤵
  PID:2412
- C:\Windows\System\dGMGGoU.exe
  C:\Windows\System\dGMGGoU.exe
  2⤵
  PID:1636
- C:\Windows\System\WITVMqI.exe
  C:\Windows\System\WITVMqI.exe
  2⤵
  PID:3100
- C:\Windows\System\EkzdGUC.exe
  C:\Windows\System\EkzdGUC.exe
  2⤵
  PID:3132
- C:\Windows\System\QCgbrUK.exe
  C:\Windows\System\QCgbrUK.exe
  2⤵
  PID:3244
- C:\Windows\System\MdExHcK.exe
  C:\Windows\System\MdExHcK.exe
  2⤵
  PID:3308
- C:\Windows\System\OEvfLOR.exe
  C:\Windows\System\OEvfLOR.exe
  2⤵
  PID:3388
- C:\Windows\System\pQorDIT.exe
  C:\Windows\System\pQorDIT.exe
  2⤵
  PID:3440
- C:\Windows\System\VjxDThV.exe
  C:\Windows\System\VjxDThV.exe
  2⤵
  PID:3536
- C:\Windows\System\CRprNAI.exe
  C:\Windows\System\CRprNAI.exe
  2⤵
  PID:3584
- C:\Windows\System\nvfYvAN.exe
  C:\Windows\System\nvfYvAN.exe
  2⤵
  PID:3644
- C:\Windows\System\UgnZsgZ.exe
  C:\Windows\System\UgnZsgZ.exe
  2⤵
  PID:3664
- C:\Windows\System\enccCuI.exe
  C:\Windows\System\enccCuI.exe
  2⤵
  PID:3764
- C:\Windows\System\vTcTXER.exe
  C:\Windows\System\vTcTXER.exe
  2⤵
  PID:3812
- C:\Windows\System\alRODrc.exe
  C:\Windows\System\alRODrc.exe
  2⤵
  PID:3896
- C:\Windows\System\dKFNcso.exe
  C:\Windows\System\dKFNcso.exe
  2⤵
  PID:3944
- C:\Windows\System\PdxZCiH.exe
  C:\Windows\System\PdxZCiH.exe
  2⤵
  PID:4024
- C:\Windows\System\mgjJFqa.exe
  C:\Windows\System\mgjJFqa.exe
  2⤵
  PID:4084
- C:\Windows\System\hhGUgDp.exe
  C:\Windows\System\hhGUgDp.exe
  2⤵
  PID:2008
- C:\Windows\System\mREFVqg.exe
  C:\Windows\System\mREFVqg.exe
  2⤵
  PID:1004
- C:\Windows\System\mfsQynP.exe
  C:\Windows\System\mfsQynP.exe
  2⤵
  PID:2828
- C:\Windows\System\fuMjkDs.exe
  C:\Windows\System\fuMjkDs.exe
  2⤵
  PID:4108
- C:\Windows\System\hvVZMem.exe
  C:\Windows\System\hvVZMem.exe
  2⤵
  PID:4132
- C:\Windows\System\qxcaBNi.exe
  C:\Windows\System\qxcaBNi.exe
  2⤵
  PID:4148
- C:\Windows\System\pTlXJWT.exe
  C:\Windows\System\pTlXJWT.exe
  2⤵
  PID:4164
- C:\Windows\System\dJrDMvG.exe
  C:\Windows\System\dJrDMvG.exe
  2⤵
  PID:4180
- C:\Windows\System\vTItwbD.exe
  C:\Windows\System\vTItwbD.exe
  2⤵
  PID:4196
- C:\Windows\System\ZewmsZh.exe
  C:\Windows\System\ZewmsZh.exe
  2⤵
  PID:4212
- C:\Windows\System\Vgzbinp.exe
  C:\Windows\System\Vgzbinp.exe
  2⤵
  PID:4228
- C:\Windows\System\pxDFwFf.exe
  C:\Windows\System\pxDFwFf.exe
  2⤵
  PID:4244
- C:\Windows\System\rXpyNeR.exe
  C:\Windows\System\rXpyNeR.exe
  2⤵
  PID:4260
- C:\Windows\System\xIDhfYK.exe
  C:\Windows\System\xIDhfYK.exe
  2⤵
  PID:4276
- C:\Windows\System\cIweMat.exe
  C:\Windows\System\cIweMat.exe
  2⤵
  PID:4292
- C:\Windows\System\AmWgrls.exe
  C:\Windows\System\AmWgrls.exe
  2⤵
  PID:4308
- C:\Windows\System\PWTkkgZ.exe
  C:\Windows\System\PWTkkgZ.exe
  2⤵
  PID:4324
- C:\Windows\System\GsgOJSv.exe
  C:\Windows\System\GsgOJSv.exe
  2⤵
  PID:4340
- C:\Windows\System\cvyAJGc.exe
  C:\Windows\System\cvyAJGc.exe
  2⤵
  PID:4356
- C:\Windows\System\TlHBlcO.exe
  C:\Windows\System\TlHBlcO.exe
  2⤵
  PID:4372
- C:\Windows\System\mScrefA.exe
  C:\Windows\System\mScrefA.exe
  2⤵
  PID:4388
- C:\Windows\System\mMOlLvi.exe
  C:\Windows\System\mMOlLvi.exe
  2⤵
  PID:4404
- C:\Windows\System\tzeoGeb.exe
  C:\Windows\System\tzeoGeb.exe
  2⤵
  PID:4420
- C:\Windows\System\ySijEJm.exe
  C:\Windows\System\ySijEJm.exe
  2⤵
  PID:4436
- C:\Windows\System\ZyqbjvY.exe
  C:\Windows\System\ZyqbjvY.exe
  2⤵
  PID:4452
- C:\Windows\System\iGmywme.exe
  C:\Windows\System\iGmywme.exe
  2⤵
  PID:4468
- C:\Windows\System\hGrJxEL.exe
  C:\Windows\System\hGrJxEL.exe
  2⤵
  PID:4484
- C:\Windows\System\weUkmFv.exe
  C:\Windows\System\weUkmFv.exe
  2⤵
  PID:4504
- C:\Windows\System\rQFQlUW.exe
  C:\Windows\System\rQFQlUW.exe
  2⤵
  PID:4520
- C:\Windows\System\ChlqEzu.exe
  C:\Windows\System\ChlqEzu.exe
  2⤵
  PID:4536
- C:\Windows\System\YGNnfLb.exe
  C:\Windows\System\YGNnfLb.exe
  2⤵
  PID:4552
- C:\Windows\System\hNbPkGy.exe
  C:\Windows\System\hNbPkGy.exe
  2⤵
  PID:4568
- C:\Windows\System\DeAnjjY.exe
  C:\Windows\System\DeAnjjY.exe
  2⤵
  PID:4584
- C:\Windows\System\fNGPKCc.exe
  C:\Windows\System\fNGPKCc.exe
  2⤵
  PID:4600
- C:\Windows\System\uLchArP.exe
  C:\Windows\System\uLchArP.exe
  2⤵
  PID:4616
- C:\Windows\System\nYpPrtk.exe
  C:\Windows\System\nYpPrtk.exe
  2⤵
  PID:4632
- C:\Windows\System\ioifqIm.exe
  C:\Windows\System\ioifqIm.exe
  2⤵
  PID:4648
- C:\Windows\System\YTsrNgI.exe
  C:\Windows\System\YTsrNgI.exe
  2⤵
  PID:4664
- C:\Windows\System\SARrHtC.exe
  C:\Windows\System\SARrHtC.exe
  2⤵
  PID:4680
- C:\Windows\System\OLgCbnB.exe
  C:\Windows\System\OLgCbnB.exe
  2⤵
  PID:4696
- C:\Windows\System\XsWzuDz.exe
  C:\Windows\System\XsWzuDz.exe
  2⤵
  PID:4712
- C:\Windows\System\KNGMLTW.exe
  C:\Windows\System\KNGMLTW.exe
  2⤵
  PID:4728
- C:\Windows\System\VBraZdX.exe
  C:\Windows\System\VBraZdX.exe
  2⤵
  PID:4744
- C:\Windows\System\TUMTDsZ.exe
  C:\Windows\System\TUMTDsZ.exe
  2⤵
  PID:4760
- C:\Windows\System\zDYUpdz.exe
  C:\Windows\System\zDYUpdz.exe
  2⤵
  PID:4776
- C:\Windows\System\hGbiNDV.exe
  C:\Windows\System\hGbiNDV.exe
  2⤵
  PID:4792
- C:\Windows\System\HmpziOD.exe
  C:\Windows\System\HmpziOD.exe
  2⤵
  PID:4808
- C:\Windows\System\JMzGnIS.exe
  C:\Windows\System\JMzGnIS.exe
  2⤵
  PID:4824
- C:\Windows\System\ryAehNx.exe
  C:\Windows\System\ryAehNx.exe
  2⤵
  PID:4840
- C:\Windows\System\ntJHZtK.exe
  C:\Windows\System\ntJHZtK.exe
  2⤵
  PID:4856
- C:\Windows\System\sLgWgwr.exe
  C:\Windows\System\sLgWgwr.exe
  2⤵
  PID:4872
- C:\Windows\System\lFejPSB.exe
  C:\Windows\System\lFejPSB.exe
  2⤵
  PID:4888
- C:\Windows\System\CkvSntp.exe
  C:\Windows\System\CkvSntp.exe
  2⤵
  PID:4904
- C:\Windows\System\xtNHAvA.exe
  C:\Windows\System\xtNHAvA.exe
  2⤵
  PID:4920
- C:\Windows\System\nSaHtgL.exe
  C:\Windows\System\nSaHtgL.exe
  2⤵
  PID:4936
- C:\Windows\System\fJmCqch.exe
  C:\Windows\System\fJmCqch.exe
  2⤵
  PID:4952
- C:\Windows\System\SpRAYor.exe
  C:\Windows\System\SpRAYor.exe
  2⤵
  PID:4972
- C:\Windows\System\EDiWblA.exe
  C:\Windows\System\EDiWblA.exe
  2⤵
  PID:4988
- C:\Windows\System\kWOYIzs.exe
  C:\Windows\System\kWOYIzs.exe
  2⤵
  PID:5004
- C:\Windows\System\KdHPIuC.exe
  C:\Windows\System\KdHPIuC.exe
  2⤵
  PID:5020
- C:\Windows\System\GPToLxv.exe
  C:\Windows\System\GPToLxv.exe
  2⤵
  PID:5036
- C:\Windows\System\TvSjKsn.exe
  C:\Windows\System\TvSjKsn.exe
  2⤵
  PID:5052
- C:\Windows\System\OelYkmA.exe
  C:\Windows\System\OelYkmA.exe
  2⤵
  PID:5072
- C:\Windows\System\zLijtYq.exe
  C:\Windows\System\zLijtYq.exe
  2⤵
  PID:5088
- C:\Windows\System\RUknuHY.exe
  C:\Windows\System\RUknuHY.exe
  2⤵
  PID:5104
- C:\Windows\System\tfPhusJ.exe
  C:\Windows\System\tfPhusJ.exe
  2⤵
  PID:3180
- C:\Windows\System\dpSdkKP.exe
  C:\Windows\System\dpSdkKP.exe
  2⤵
  PID:3032
- C:\Windows\System\tSVjMuh.exe
  C:\Windows\System\tSVjMuh.exe
  2⤵
  PID:3436
- C:\Windows\System\DfqMphN.exe
  C:\Windows\System\DfqMphN.exe
  2⤵
  PID:3520
- C:\Windows\System\yteNkCH.exe
  C:\Windows\System\yteNkCH.exe
  2⤵
  PID:3676
- C:\Windows\System\BtXUXhU.exe
  C:\Windows\System\BtXUXhU.exe
  2⤵
  PID:3832
- C:\Windows\System\ipWTLUH.exe
  C:\Windows\System\ipWTLUH.exe
  2⤵
  PID:3960
- C:\Windows\System\zRiSuoz.exe
  C:\Windows\System\zRiSuoz.exe
  2⤵
  PID:4072
- C:\Windows\System\ySvNrUO.exe
  C:\Windows\System\ySvNrUO.exe
  2⤵
  PID:2264
- C:\Windows\System\uheOKXJ.exe
  C:\Windows\System\uheOKXJ.exe
  2⤵
  PID:4104
- C:\Windows\System\pqQhoDq.exe
  C:\Windows\System\pqQhoDq.exe
  2⤵
  PID:3504
- C:\Windows\System\UMWAojW.exe
  C:\Windows\System\UMWAojW.exe
  2⤵
  PID:4156
- C:\Windows\System\vkDYzYV.exe
  C:\Windows\System\vkDYzYV.exe
  2⤵
  PID:4176
- C:\Windows\System\BVkyHyO.exe
  C:\Windows\System\BVkyHyO.exe
  2⤵
  PID:4236
- C:\Windows\System\sNhwsnz.exe
  C:\Windows\System\sNhwsnz.exe
  2⤵
  PID:4252
- C:\Windows\System\fsXvgkR.exe
  C:\Windows\System\fsXvgkR.exe
  2⤵
  PID:4300
- C:\Windows\System\zVjBnja.exe
  C:\Windows\System\zVjBnja.exe
  2⤵
  PID:4336
- C:\Windows\System\qsSSrEl.exe
  C:\Windows\System\qsSSrEl.exe
  2⤵
  PID:4364
- C:\Windows\System\RDdYqpv.exe
  C:\Windows\System\RDdYqpv.exe
  2⤵
  PID:4380
- C:\Windows\System\BXQeqQR.exe
  C:\Windows\System\BXQeqQR.exe
  2⤵
  PID:4412
- C:\Windows\System\XYwiyZR.exe
  C:\Windows\System\XYwiyZR.exe
  2⤵
  PID:4444
- C:\Windows\System\haeWvhY.exe
  C:\Windows\System\haeWvhY.exe
  2⤵
  PID:4492
- C:\Windows\System\cRuYPNe.exe
  C:\Windows\System\cRuYPNe.exe
  2⤵
  PID:4512
- C:\Windows\System\YWtHmvE.exe
  C:\Windows\System\YWtHmvE.exe
  2⤵
  PID:4544
- C:\Windows\System\WWZDEJG.exe
  C:\Windows\System\WWZDEJG.exe
  2⤵
  PID:4592
- C:\Windows\System\EfumBAw.exe
  C:\Windows\System\EfumBAw.exe
  2⤵
  PID:4608
- C:\Windows\System\ZlRLDoU.exe
  C:\Windows\System\ZlRLDoU.exe
  2⤵
  PID:4640
- C:\Windows\System\IxVgzbk.exe
  C:\Windows\System\IxVgzbk.exe
  2⤵
  PID:4660
- C:\Windows\System\CXBXSlE.exe
  C:\Windows\System\CXBXSlE.exe
  2⤵
  PID:4692
- C:\Windows\System\GlsKCwh.exe
  C:\Windows\System\GlsKCwh.exe
  2⤵
  PID:4724
- C:\Windows\System\dmqyQiK.exe
  C:\Windows\System\dmqyQiK.exe
  2⤵
  PID:4756
- C:\Windows\System\FyFhkMj.exe
  C:\Windows\System\FyFhkMj.exe
  2⤵
  PID:4772
- C:\Windows\System\YiIdKjr.exe
  C:\Windows\System\YiIdKjr.exe
  2⤵
  PID:4804
- C:\Windows\System\DJBBWzk.exe
  C:\Windows\System\DJBBWzk.exe
  2⤵
  PID:4852
- C:\Windows\System\WXLMsLP.exe
  C:\Windows\System\WXLMsLP.exe
  2⤵
  PID:4884
- C:\Windows\System\PhiGIVP.exe
  C:\Windows\System\PhiGIVP.exe
  2⤵
  PID:4916
- C:\Windows\System\oFrzqgT.exe
  C:\Windows\System\oFrzqgT.exe
  2⤵
  PID:4500
- C:\Windows\System\DtBFkgp.exe
  C:\Windows\System\DtBFkgp.exe
  2⤵
  PID:4984
- C:\Windows\System\dThVRNJ.exe
  C:\Windows\System\dThVRNJ.exe
  2⤵
  PID:4968
- C:\Windows\System\TFdFVUt.exe
  C:\Windows\System\TFdFVUt.exe
  2⤵
  PID:5032
- C:\Windows\System\zvsLvgs.exe
  C:\Windows\System\zvsLvgs.exe
  2⤵
  PID:5080
- C:\Windows\System\bRzLPsh.exe
  C:\Windows\System\bRzLPsh.exe
  2⤵
  PID:5116
- C:\Windows\System\ZyQOroH.exe
  C:\Windows\System\ZyQOroH.exe
  2⤵
  PID:3276
- C:\Windows\System\qXcDrcr.exe
  C:\Windows\System\qXcDrcr.exe
  2⤵
  PID:3472
- C:\Windows\System\CaandVI.exe
  C:\Windows\System\CaandVI.exe
  2⤵
  PID:3748
- C:\Windows\System\wYhnOPx.exe
  C:\Windows\System\wYhnOPx.exe
  2⤵
  PID:4056
- C:\Windows\System\IgrKpsW.exe
  C:\Windows\System\IgrKpsW.exe
  2⤵
  PID:2372
- C:\Windows\System\OpQQRmt.exe
  C:\Windows\System\OpQQRmt.exe
  2⤵
  PID:4160
- C:\Windows\System\eQTkWFo.exe
  C:\Windows\System\eQTkWFo.exe
  2⤵
  PID:264
- C:\Windows\System\SFXvBMR.exe
  C:\Windows\System\SFXvBMR.exe
  2⤵
  PID:4288
- C:\Windows\System\vxtUmuF.exe
  C:\Windows\System\vxtUmuF.exe
  2⤵
  PID:2788
- C:\Windows\System\sDvQzMz.exe
  C:\Windows\System\sDvQzMz.exe
  2⤵
  PID:4352
- C:\Windows\System\Xfwkxwp.exe
  C:\Windows\System\Xfwkxwp.exe
  2⤵
  PID:4432
- C:\Windows\System\QowbwYX.exe
  C:\Windows\System\QowbwYX.exe
  2⤵
  PID:4448
- C:\Windows\System\znAoUcA.exe
  C:\Windows\System\znAoUcA.exe
  2⤵
  PID:4548
- C:\Windows\System\hEddBzp.exe
  C:\Windows\System\hEddBzp.exe
  2⤵
  PID:4596
- C:\Windows\System\ztmGYel.exe
  C:\Windows\System\ztmGYel.exe
  2⤵
  PID:4672
- C:\Windows\System\vmmqWPM.exe
  C:\Windows\System\vmmqWPM.exe
  2⤵
  PID:4736
- C:\Windows\System\aAnohfg.exe
  C:\Windows\System\aAnohfg.exe
  2⤵
  PID:5068
- C:\Windows\System\FzMkUpJ.exe
  C:\Windows\System\FzMkUpJ.exe
  2⤵
  PID:4820
- C:\Windows\System\JxSnnsy.exe
  C:\Windows\System\JxSnnsy.exe
  2⤵
  PID:4912
- C:\Windows\System\guMfQyc.exe
  C:\Windows\System\guMfQyc.exe
  2⤵
  PID:4964
- C:\Windows\System\nFQeeij.exe
  C:\Windows\System\nFQeeij.exe
  2⤵
  PID:5028
- C:\Windows\System\OLxsXKI.exe
  C:\Windows\System\OLxsXKI.exe
  2⤵
  PID:5112
- C:\Windows\System\HfTIphf.exe
  C:\Windows\System\HfTIphf.exe
  2⤵
  PID:3696
- C:\Windows\System\xkdJyXI.exe
  C:\Windows\System\xkdJyXI.exe
  2⤵
  PID:4008
- C:\Windows\System\MWoZrzq.exe
  C:\Windows\System\MWoZrzq.exe
  2⤵
  PID:4204
- C:\Windows\System\ZxvvLob.exe
  C:\Windows\System\ZxvvLob.exe
  2⤵
  PID:4192
- C:\Windows\System\TpjOnyE.exe
  C:\Windows\System\TpjOnyE.exe
  2⤵
  PID:2804
- C:\Windows\System\cFoQPgv.exe
  C:\Windows\System\cFoQPgv.exe
  2⤵
  PID:4480
- C:\Windows\System\aYZrUJr.exe
  C:\Windows\System\aYZrUJr.exe
  2⤵
  PID:4628
- C:\Windows\System\csaoTXM.exe
  C:\Windows\System\csaoTXM.exe
  2⤵
  PID:5132
- C:\Windows\System\RSlMLzc.exe
  C:\Windows\System\RSlMLzc.exe
  2⤵
  PID:5148
- C:\Windows\System\FbXkSZp.exe
  C:\Windows\System\FbXkSZp.exe
  2⤵
  PID:5164
- C:\Windows\System\NcnvnXE.exe
  C:\Windows\System\NcnvnXE.exe
  2⤵
  PID:5180
- C:\Windows\System\Zzshpey.exe
  C:\Windows\System\Zzshpey.exe
  2⤵
  PID:5196
- C:\Windows\System\aVxMnjp.exe
  C:\Windows\System\aVxMnjp.exe
  2⤵
  PID:5212
- C:\Windows\System\qdNJHmJ.exe
  C:\Windows\System\qdNJHmJ.exe
  2⤵
  PID:5228
- C:\Windows\System\PWBXDhU.exe
  C:\Windows\System\PWBXDhU.exe
  2⤵
  PID:5244
- C:\Windows\System\MfOlwyG.exe
  C:\Windows\System\MfOlwyG.exe
  2⤵
  PID:5260
- C:\Windows\System\rQXMeUD.exe
  C:\Windows\System\rQXMeUD.exe
  2⤵
  PID:5276
- C:\Windows\System\yOIuXsf.exe
  C:\Windows\System\yOIuXsf.exe
  2⤵
  PID:5292
- C:\Windows\System\rxyuzFp.exe
  C:\Windows\System\rxyuzFp.exe
  2⤵
  PID:5308
- C:\Windows\System\rfEYfZV.exe
  C:\Windows\System\rfEYfZV.exe
  2⤵
  PID:5324
- C:\Windows\System\pcQQcdE.exe
  C:\Windows\System\pcQQcdE.exe
  2⤵
  PID:5340
- C:\Windows\System\wDSwJVw.exe
  C:\Windows\System\wDSwJVw.exe
  2⤵
  PID:5356
- C:\Windows\System\qnFYEOs.exe
  C:\Windows\System\qnFYEOs.exe
  2⤵
  PID:5372
- C:\Windows\System\NyaRhNN.exe
  C:\Windows\System\NyaRhNN.exe
  2⤵
  PID:5388
- C:\Windows\System\otRDxME.exe
  C:\Windows\System\otRDxME.exe
  2⤵
  PID:5404
- C:\Windows\System\YiLlYDz.exe
  C:\Windows\System\YiLlYDz.exe
  2⤵
  PID:5420
- C:\Windows\System\YUJzbzy.exe
  C:\Windows\System\YUJzbzy.exe
  2⤵
  PID:5436
- C:\Windows\System\wFgiWbV.exe
  C:\Windows\System\wFgiWbV.exe
  2⤵
  PID:5452
- C:\Windows\System\gtEKeJX.exe
  C:\Windows\System\gtEKeJX.exe
  2⤵
  PID:5468
- C:\Windows\System\XesEiXl.exe
  C:\Windows\System\XesEiXl.exe
  2⤵
  PID:5484
- C:\Windows\System\dJdoOzV.exe
  C:\Windows\System\dJdoOzV.exe
  2⤵
  PID:5500
- C:\Windows\System\gSkYhsT.exe
  C:\Windows\System\gSkYhsT.exe
  2⤵
  PID:5520
- C:\Windows\System\zmliQOR.exe
  C:\Windows\System\zmliQOR.exe
  2⤵
  PID:5536
- C:\Windows\System\ZUTDbll.exe
  C:\Windows\System\ZUTDbll.exe
  2⤵
  PID:5552
- C:\Windows\System\ixLOhfK.exe
  C:\Windows\System\ixLOhfK.exe
  2⤵
  PID:5568
- C:\Windows\System\gsrxiKG.exe
  C:\Windows\System\gsrxiKG.exe
  2⤵
  PID:5584
- C:\Windows\System\ejtJGTS.exe
  C:\Windows\System\ejtJGTS.exe
  2⤵
  PID:5600
- C:\Windows\System\AZxXSnz.exe
  C:\Windows\System\AZxXSnz.exe
  2⤵
  PID:5616
- C:\Windows\System\StPLovA.exe
  C:\Windows\System\StPLovA.exe
  2⤵
  PID:5632
- C:\Windows\System\sGVcbzP.exe
  C:\Windows\System\sGVcbzP.exe
  2⤵
  PID:5648
- C:\Windows\System\SDfJTyj.exe
  C:\Windows\System\SDfJTyj.exe
  2⤵
  PID:5664
- C:\Windows\System\ipmVEGr.exe
  C:\Windows\System\ipmVEGr.exe
  2⤵
  PID:5680
- C:\Windows\System\AUWvhuq.exe
  C:\Windows\System\AUWvhuq.exe
  2⤵
  PID:5696
- C:\Windows\System\JlzdDjy.exe
  C:\Windows\System\JlzdDjy.exe
  2⤵
  PID:5712
- C:\Windows\System\IDLONps.exe
  C:\Windows\System\IDLONps.exe
  2⤵
  PID:5728
- C:\Windows\System\QNGGXCV.exe
  C:\Windows\System\QNGGXCV.exe
  2⤵
  PID:5744
- C:\Windows\System\PjjNFdU.exe
  C:\Windows\System\PjjNFdU.exe
  2⤵
  PID:5760
- C:\Windows\System\xUWsZdS.exe
  C:\Windows\System\xUWsZdS.exe
  2⤵
  PID:5776
- C:\Windows\System\LXZRkXd.exe
  C:\Windows\System\LXZRkXd.exe
  2⤵
  PID:5792
- C:\Windows\System\ELIuhGP.exe
  C:\Windows\System\ELIuhGP.exe
  2⤵
  PID:5808
- C:\Windows\System\eqHipFw.exe
  C:\Windows\System\eqHipFw.exe
  2⤵
  PID:5824
- C:\Windows\System\RczKBDz.exe
  C:\Windows\System\RczKBDz.exe
  2⤵
  PID:5840
- C:\Windows\System\hGZHQYu.exe
  C:\Windows\System\hGZHQYu.exe
  2⤵
  PID:5856
- C:\Windows\System\cASzoAe.exe
  C:\Windows\System\cASzoAe.exe
  2⤵
  PID:5872
- C:\Windows\System\WMtuPxR.exe
  C:\Windows\System\WMtuPxR.exe
  2⤵
  PID:5888
- C:\Windows\System\mbUTBNf.exe
  C:\Windows\System\mbUTBNf.exe
  2⤵
  PID:5904
- C:\Windows\System\VJClZUI.exe
  C:\Windows\System\VJClZUI.exe
  2⤵
  PID:5920
- C:\Windows\System\zXICDyw.exe
  C:\Windows\System\zXICDyw.exe
  2⤵
  PID:5936
- C:\Windows\System\LfSbgzO.exe
  C:\Windows\System\LfSbgzO.exe
  2⤵
  PID:5952
- C:\Windows\System\nzqBmto.exe
  C:\Windows\System\nzqBmto.exe
  2⤵
  PID:5968
- C:\Windows\System\WjTojZF.exe
  C:\Windows\System\WjTojZF.exe
  2⤵
  PID:5984
- C:\Windows\System\FVQeAnp.exe
  C:\Windows\System\FVQeAnp.exe
  2⤵
  PID:6000
- C:\Windows\System\jGbwhVf.exe
  C:\Windows\System\jGbwhVf.exe
  2⤵
  PID:6016
- C:\Windows\System\XkDmfHT.exe
  C:\Windows\System\XkDmfHT.exe
  2⤵
  PID:6032
- C:\Windows\System\cqnPNUI.exe
  C:\Windows\System\cqnPNUI.exe
  2⤵
  PID:6048
- C:\Windows\System\pvHqyid.exe
  C:\Windows\System\pvHqyid.exe
  2⤵
  PID:6064
- C:\Windows\System\EQBcNHb.exe
  C:\Windows\System\EQBcNHb.exe
  2⤵
  PID:6080
- C:\Windows\System\BuwuOYX.exe
  C:\Windows\System\BuwuOYX.exe
  2⤵
  PID:6096
- C:\Windows\System\RxpkIFR.exe
  C:\Windows\System\RxpkIFR.exe
  2⤵
  PID:6116
- C:\Windows\System\WYivDjk.exe
  C:\Windows\System\WYivDjk.exe
  2⤵
  PID:6132
- C:\Windows\System\lKtHpoM.exe
  C:\Windows\System\lKtHpoM.exe
  2⤵
  PID:4676
- C:\Windows\System\CTskCyY.exe
  C:\Windows\System\CTskCyY.exe
  2⤵
  PID:4788
- C:\Windows\System\gIkvffJ.exe
  C:\Windows\System\gIkvffJ.exe
  2⤵
  PID:4944
- C:\Windows\System\geHzVah.exe
  C:\Windows\System\geHzVah.exe
  2⤵
  PID:5060
- C:\Windows\System\uKMGpOP.exe
  C:\Windows\System\uKMGpOP.exe
  2⤵
  PID:4100
- C:\Windows\System\RdCxgJM.exe
  C:\Windows\System\RdCxgJM.exe
  2⤵
  PID:4144
- C:\Windows\System\yaJKaAp.exe
  C:\Windows\System\yaJKaAp.exe
  2⤵
  PID:4384
- C:\Windows\System\mvmhNjW.exe
  C:\Windows\System\mvmhNjW.exe
  2⤵
  PID:5124
- C:\Windows\System\tbhKXQn.exe
  C:\Windows\System\tbhKXQn.exe
  2⤵
  PID:5156
- C:\Windows\System\KLXvXvW.exe
  C:\Windows\System\KLXvXvW.exe
  2⤵
  PID:5204
- C:\Windows\System\GlbXaKG.exe
  C:\Windows\System\GlbXaKG.exe
  2⤵
  PID:5220
- C:\Windows\System\LIUTykJ.exe
  C:\Windows\System\LIUTykJ.exe
  2⤵
  PID:5252
- C:\Windows\System\jNQgnzC.exe
  C:\Windows\System\jNQgnzC.exe
  2⤵
  PID:5284
- C:\Windows\System\sCsmaXe.exe
  C:\Windows\System\sCsmaXe.exe
  2⤵
  PID:5316
- C:\Windows\System\QUasRgT.exe
  C:\Windows\System\QUasRgT.exe
  2⤵
  PID:5348
- C:\Windows\System\eTiJDCh.exe
  C:\Windows\System\eTiJDCh.exe
  2⤵
  PID:5380
- C:\Windows\System\brlzRzw.exe
  C:\Windows\System\brlzRzw.exe
  2⤵
  PID:2852
- C:\Windows\System\eAJsCqt.exe
  C:\Windows\System\eAJsCqt.exe
  2⤵
  PID:5432
- C:\Windows\System\mHMSstt.exe
  C:\Windows\System\mHMSstt.exe
  2⤵
  PID:5464
- C:\Windows\System\BkCZvlV.exe
  C:\Windows\System\BkCZvlV.exe
  2⤵
  PID:5496
- C:\Windows\System\fHWcSkb.exe
  C:\Windows\System\fHWcSkb.exe
  2⤵
  PID:1144
- C:\Windows\System\McIdeTn.exe
  C:\Windows\System\McIdeTn.exe
  2⤵
  PID:5548
- C:\Windows\System\TbpOmEK.exe
  C:\Windows\System\TbpOmEK.exe
  2⤵
  PID:5592
- C:\Windows\System\IyQPqWw.exe
  C:\Windows\System\IyQPqWw.exe
  2⤵
  PID:5612
- C:\Windows\System\IvwuZkl.exe
  C:\Windows\System\IvwuZkl.exe
  2⤵
  PID:5644
- C:\Windows\System\siSOoPW.exe
  C:\Windows\System\siSOoPW.exe
  2⤵
  PID:2960
- C:\Windows\System\KkPSupR.exe
  C:\Windows\System\KkPSupR.exe
  2⤵
  PID:5720
- C:\Windows\System\ZEIPjWB.exe
  C:\Windows\System\ZEIPjWB.exe
  2⤵
  PID:5736
- C:\Windows\System\PtRGdyS.exe
  C:\Windows\System\PtRGdyS.exe
  2⤵
  PID:5768
- C:\Windows\System\YnQzOoq.exe
  C:\Windows\System\YnQzOoq.exe
  2⤵
  PID:5800
- C:\Windows\System\AKZoFhN.exe
  C:\Windows\System\AKZoFhN.exe
  2⤵
  PID:5832
- C:\Windows\System\vPNIFfj.exe
  C:\Windows\System\vPNIFfj.exe
  2⤵
  PID:2968
- C:\Windows\System\zSoYklU.exe
  C:\Windows\System\zSoYklU.exe
  2⤵
  PID:5884
- C:\Windows\System\jjUNchG.exe
  C:\Windows\System\jjUNchG.exe
  2⤵
  PID:5916
- C:\Windows\System\ULNIUIp.exe
  C:\Windows\System\ULNIUIp.exe
  2⤵
  PID:5948
- C:\Windows\System\fqXNUeF.exe
  C:\Windows\System\fqXNUeF.exe
  2⤵
  PID:5980
- C:\Windows\System\AvehPeI.exe
  C:\Windows\System\AvehPeI.exe
  2⤵
  PID:6012
- C:\Windows\System\uSrAYCn.exe
  C:\Windows\System\uSrAYCn.exe
  2⤵
  PID:6044
- C:\Windows\System\WxGvPYo.exe
  C:\Windows\System\WxGvPYo.exe
  2⤵
  PID:6076
- C:\Windows\System\ndrltNr.exe
  C:\Windows\System\ndrltNr.exe
  2⤵
  PID:2728
- C:\Windows\System\kFLsJyA.exe
  C:\Windows\System\kFLsJyA.exe
  2⤵
  PID:6128
- C:\Windows\System\iseqfUT.exe
  C:\Windows\System\iseqfUT.exe
  2⤵
  PID:4836
- C:\Windows\System\EXXerpT.exe
  C:\Windows\System\EXXerpT.exe
  2⤵
  PID:4980
- C:\Windows\System\cKvWsKF.exe
  C:\Windows\System\cKvWsKF.exe
  2⤵
  PID:4140
- C:\Windows\System\qYShDjP.exe
  C:\Windows\System\qYShDjP.exe
  2⤵
  PID:2112
- C:\Windows\System\OMrHUQS.exe
  C:\Windows\System\OMrHUQS.exe
  2⤵
  PID:5192
- C:\Windows\System\dhkXzKL.exe
  C:\Windows\System\dhkXzKL.exe
  2⤵
  PID:2772
- C:\Windows\System\AbgTKFa.exe
  C:\Windows\System\AbgTKFa.exe
  2⤵
  PID:5300
- C:\Windows\System\AQTzLbZ.exe
  C:\Windows\System\AQTzLbZ.exe
  2⤵
  PID:5336
- C:\Windows\System\UqgnwJy.exe
  C:\Windows\System\UqgnwJy.exe
  2⤵
  PID:2980
- C:\Windows\System\KcpNkqN.exe
  C:\Windows\System\KcpNkqN.exe
  2⤵
  PID:5416
- C:\Windows\System\hUIPnfQ.exe
  C:\Windows\System\hUIPnfQ.exe
  2⤵
  PID:5492
- C:\Windows\System\ZTCnrdn.exe
  C:\Windows\System\ZTCnrdn.exe
  2⤵
  PID:5560
- C:\Windows\System\whgZImB.exe
  C:\Windows\System\whgZImB.exe
  2⤵
  PID:5640
- C:\Windows\System\nizfDaY.exe
  C:\Windows\System\nizfDaY.exe
  2⤵
  PID:5676
- C:\Windows\System\RakoVsR.exe
  C:\Windows\System\RakoVsR.exe
  2⤵
  PID:5740
- C:\Windows\System\lFOVwFo.exe
  C:\Windows\System\lFOVwFo.exe
  2⤵
  PID:5804
- C:\Windows\System\KxgCaLX.exe
  C:\Windows\System\KxgCaLX.exe
  2⤵
  PID:5836
- C:\Windows\System\lEnxmnv.exe
  C:\Windows\System\lEnxmnv.exe
  2⤵
  PID:5912
- C:\Windows\System\zbakWwW.exe
  C:\Windows\System\zbakWwW.exe
  2⤵
  PID:5932
- C:\Windows\System\GdcJHdR.exe
  C:\Windows\System\GdcJHdR.exe
  2⤵
  PID:6008
- C:\Windows\System\weFhKMZ.exe
  C:\Windows\System\weFhKMZ.exe
  2⤵
  PID:1732
- C:\Windows\System\AKmgMWa.exe
  C:\Windows\System\AKmgMWa.exe
  2⤵
  PID:2016
- C:\Windows\System\bqIaNHf.exe
  C:\Windows\System\bqIaNHf.exe
  2⤵
  PID:1232
- C:\Windows\System\HaJmLHY.exe
  C:\Windows\System\HaJmLHY.exe
  2⤵
  PID:4880
- C:\Windows\System\xzwutHt.exe
  C:\Windows\System\xzwutHt.exe
  2⤵
  PID:2604
- C:\Windows\System\OoHhlQI.exe
  C:\Windows\System\OoHhlQI.exe
  2⤵
  PID:5144
- C:\Windows\System\VdlDPCm.exe
  C:\Windows\System\VdlDPCm.exe
  2⤵
  PID:5236
- C:\Windows\System\tJTLjgi.exe
  C:\Windows\System\tJTLjgi.exe
  2⤵
  PID:2580
- C:\Windows\System\MaPpXFk.exe
  C:\Windows\System\MaPpXFk.exe
  2⤵
  PID:5460
- C:\Windows\System\IkzhMkF.exe
  C:\Windows\System\IkzhMkF.exe
  2⤵
  PID:5580
- C:\Windows\System\tMeQswp.exe
  C:\Windows\System\tMeQswp.exe
  2⤵
  PID:5692
- C:\Windows\System\KSRNLEU.exe
  C:\Windows\System\KSRNLEU.exe
  2⤵
  PID:5880
- C:\Windows\System\prSwtPH.exe
  C:\Windows\System\prSwtPH.exe
  2⤵
  PID:5944
- C:\Windows\System\EhrJgIf.exe
  C:\Windows\System\EhrJgIf.exe
  2⤵
  PID:5996
- C:\Windows\System\NPyuZtz.exe
  C:\Windows\System\NPyuZtz.exe
  2⤵
  PID:6104
- C:\Windows\System\UhZNHQM.exe
  C:\Windows\System\UhZNHQM.exe
  2⤵
  PID:4704
- C:\Windows\System\ULMPRuy.exe
  C:\Windows\System\ULMPRuy.exe
  2⤵
  PID:3928
- C:\Windows\System\derxGmm.exe
  C:\Windows\System\derxGmm.exe
  2⤵
  PID:5208
- C:\Windows\System\Xymbsnl.exe
  C:\Windows\System\Xymbsnl.exe
  2⤵
  PID:5428
- C:\Windows\System\XKNOURy.exe
  C:\Windows\System\XKNOURy.exe
  2⤵
  PID:6156
- C:\Windows\System\VCPRLOO.exe
  C:\Windows\System\VCPRLOO.exe
  2⤵
  PID:6172
- C:\Windows\System\DncRzZb.exe
  C:\Windows\System\DncRzZb.exe
  2⤵
  PID:6188
- C:\Windows\System\XAbrNCT.exe
  C:\Windows\System\XAbrNCT.exe
  2⤵
  PID:6204
- C:\Windows\System\QYmgEPt.exe
  C:\Windows\System\QYmgEPt.exe
  2⤵
  PID:6220
- C:\Windows\System\LNsLwcP.exe
  C:\Windows\System\LNsLwcP.exe
  2⤵
  PID:6236
- C:\Windows\System\WDHAVet.exe
  C:\Windows\System\WDHAVet.exe
  2⤵
  PID:6252
- C:\Windows\System\AhQwAts.exe
  C:\Windows\System\AhQwAts.exe
  2⤵
  PID:6268
- C:\Windows\System\qgDbWWI.exe
  C:\Windows\System\qgDbWWI.exe
  2⤵
  PID:6284
- C:\Windows\System\lIJMXwe.exe
  C:\Windows\System\lIJMXwe.exe
  2⤵
  PID:6300
- C:\Windows\System\YJBnGgz.exe
  C:\Windows\System\YJBnGgz.exe
  2⤵
  PID:6316
- C:\Windows\System\FgOFftz.exe
  C:\Windows\System\FgOFftz.exe
  2⤵
  PID:6332
- C:\Windows\System\BRiAwQt.exe
  C:\Windows\System\BRiAwQt.exe
  2⤵
  PID:6348
- C:\Windows\System\WPNqzXK.exe
  C:\Windows\System\WPNqzXK.exe
  2⤵
  PID:6364
- C:\Windows\System\MqztzSQ.exe
  C:\Windows\System\MqztzSQ.exe
  2⤵
  PID:6380
- C:\Windows\System\aMNtKIm.exe
  C:\Windows\System\aMNtKIm.exe
  2⤵
  PID:6396
- C:\Windows\System\WlyxRAD.exe
  C:\Windows\System\WlyxRAD.exe
  2⤵
  PID:6412
- C:\Windows\System\zBNHxNE.exe
  C:\Windows\System\zBNHxNE.exe
  2⤵
  PID:6428
- C:\Windows\System\WkMuHTB.exe
  C:\Windows\System\WkMuHTB.exe
  2⤵
  PID:6444
- C:\Windows\System\cAdeUyn.exe
  C:\Windows\System\cAdeUyn.exe
  2⤵
  PID:6460
- C:\Windows\System\lShNARr.exe
  C:\Windows\System\lShNARr.exe
  2⤵
  PID:6476
- C:\Windows\System\WaLRZqW.exe
  C:\Windows\System\WaLRZqW.exe
  2⤵
  PID:6492
- C:\Windows\System\LLoJBNA.exe
  C:\Windows\System\LLoJBNA.exe
  2⤵
  PID:6508
- C:\Windows\System\yHUcwdD.exe
  C:\Windows\System\yHUcwdD.exe
  2⤵
  PID:6524
- C:\Windows\System\pFPGqhr.exe
  C:\Windows\System\pFPGqhr.exe
  2⤵
  PID:6540
- C:\Windows\System\fMoZUNA.exe
  C:\Windows\System\fMoZUNA.exe
  2⤵
  PID:6556
- C:\Windows\System\jjBWOEb.exe
  C:\Windows\System\jjBWOEb.exe
  2⤵
  PID:6572
- C:\Windows\System\YVdYCZH.exe
  C:\Windows\System\YVdYCZH.exe
  2⤵
  PID:6588
- C:\Windows\System\IeojvTT.exe
  C:\Windows\System\IeojvTT.exe
  2⤵
  PID:6604
- C:\Windows\System\aPTgtNy.exe
  C:\Windows\System\aPTgtNy.exe
  2⤵
  PID:6620
- C:\Windows\System\WUGuFHR.exe
  C:\Windows\System\WUGuFHR.exe
  2⤵
  PID:6636
- C:\Windows\System\CxKFQPJ.exe
  C:\Windows\System\CxKFQPJ.exe
  2⤵
  PID:6652
- C:\Windows\System\WiloUue.exe
  C:\Windows\System\WiloUue.exe
  2⤵
  PID:6668
- C:\Windows\System\TbvlCAR.exe
  C:\Windows\System\TbvlCAR.exe
  2⤵
  PID:6684
- C:\Windows\System\TKVvYZd.exe
  C:\Windows\System\TKVvYZd.exe
  2⤵
  PID:6700
- C:\Windows\System\TRmNrmp.exe
  C:\Windows\System\TRmNrmp.exe
  2⤵
  PID:6716
- C:\Windows\System\gMVKxOd.exe
  C:\Windows\System\gMVKxOd.exe
  2⤵
  PID:6732
- C:\Windows\System\wlJZVrN.exe
  C:\Windows\System\wlJZVrN.exe
  2⤵
  PID:6748
- C:\Windows\System\VlZYBRX.exe
  C:\Windows\System\VlZYBRX.exe
  2⤵
  PID:6764
- C:\Windows\System\kiwlQmq.exe
  C:\Windows\System\kiwlQmq.exe
  2⤵
  PID:6780
- C:\Windows\System\PTJbZVw.exe
  C:\Windows\System\PTJbZVw.exe
  2⤵
  PID:6796
- C:\Windows\System\CPSgYqX.exe
  C:\Windows\System\CPSgYqX.exe
  2⤵
  PID:6812
- C:\Windows\System\QgjrMrw.exe
  C:\Windows\System\QgjrMrw.exe
  2⤵
  PID:6828
- C:\Windows\System\arEUJxT.exe
  C:\Windows\System\arEUJxT.exe
  2⤵
  PID:6844
- C:\Windows\System\RMxkjmP.exe
  C:\Windows\System\RMxkjmP.exe
  2⤵
  PID:6864
- C:\Windows\System\bcifQZN.exe
  C:\Windows\System\bcifQZN.exe
  2⤵
  PID:6880
- C:\Windows\System\UcRqAFz.exe
  C:\Windows\System\UcRqAFz.exe
  2⤵
  PID:6896
- C:\Windows\System\carhAss.exe
  C:\Windows\System\carhAss.exe
  2⤵
  PID:6912
- C:\Windows\System\YVRBbmK.exe
  C:\Windows\System\YVRBbmK.exe
  2⤵
  PID:6928
- C:\Windows\System\NDehbWh.exe
  C:\Windows\System\NDehbWh.exe
  2⤵
  PID:6944
- C:\Windows\System\HPCXkBl.exe
  C:\Windows\System\HPCXkBl.exe
  2⤵
  PID:6960
- C:\Windows\System\zZQtMNi.exe
  C:\Windows\System\zZQtMNi.exe
  2⤵
  PID:6980
- C:\Windows\System\YNoGoRZ.exe
  C:\Windows\System\YNoGoRZ.exe
  2⤵
  PID:6996
- C:\Windows\System\OVhBPSK.exe
  C:\Windows\System\OVhBPSK.exe
  2⤵
  PID:7012
- C:\Windows\System\OzEuGDR.exe
  C:\Windows\System\OzEuGDR.exe
  2⤵
  PID:7028
- C:\Windows\System\rjvWbvC.exe
  C:\Windows\System\rjvWbvC.exe
  2⤵
  PID:7044
- C:\Windows\System\mrFPeko.exe
  C:\Windows\System\mrFPeko.exe
  2⤵
  PID:7060
- C:\Windows\System\VMfqmJc.exe
  C:\Windows\System\VMfqmJc.exe
  2⤵
  PID:7076
- C:\Windows\System\RArPuXf.exe
  C:\Windows\System\RArPuXf.exe
  2⤵
  PID:7092
- C:\Windows\System\FzLTraZ.exe
  C:\Windows\System\FzLTraZ.exe
  2⤵
  PID:7108
- C:\Windows\System\aREjVYF.exe
  C:\Windows\System\aREjVYF.exe
  2⤵
  PID:7124
- C:\Windows\System\zPEAKdn.exe
  C:\Windows\System\zPEAKdn.exe
  2⤵
  PID:7140
- C:\Windows\System\CYJcFGK.exe
  C:\Windows\System\CYJcFGK.exe
  2⤵
  PID:7156
- C:\Windows\System\zTOzdVT.exe
  C:\Windows\System\zTOzdVT.exe
  2⤵
  PID:5660
- C:\Windows\System\GXkZUYz.exe
  C:\Windows\System\GXkZUYz.exe
  2⤵
  PID:2520
- C:\Windows\System\YErsTEK.exe
  C:\Windows\System\YErsTEK.exe
  2⤵
  PID:1960
- C:\Windows\System\eKMATTX.exe
  C:\Windows\System\eKMATTX.exe
  2⤵
  PID:1884
- C:\Windows\System\WkSimBB.exe
  C:\Windows\System\WkSimBB.exe
  2⤵
  PID:5544
- C:\Windows\System\yVcVmhj.exe
  C:\Windows\System\yVcVmhj.exe
  2⤵
  PID:6180
- C:\Windows\System\RFwYaqy.exe
  C:\Windows\System\RFwYaqy.exe
  2⤵
  PID:6212
- C:\Windows\System\PaoLLzU.exe
  C:\Windows\System\PaoLLzU.exe
  2⤵
  PID:6244
- C:\Windows\System\eScejSn.exe
  C:\Windows\System\eScejSn.exe
  2⤵
  PID:6276
- C:\Windows\System\rPekLpZ.exe
  C:\Windows\System\rPekLpZ.exe
  2⤵
  PID:6308
- C:\Windows\System\sSXJZoO.exe
  C:\Windows\System\sSXJZoO.exe
  2⤵
  PID:6340
- C:\Windows\System\hIMrLMz.exe
  C:\Windows\System\hIMrLMz.exe
  2⤵
  PID:6372
- C:\Windows\System\OhvsdIA.exe
  C:\Windows\System\OhvsdIA.exe
  2⤵
  PID:6404
- C:\Windows\System\JmQAuMZ.exe
  C:\Windows\System\JmQAuMZ.exe
  2⤵
  PID:6424
- C:\Windows\System\EvyDNDb.exe
  C:\Windows\System\EvyDNDb.exe
  2⤵
  PID:6468
- C:\Windows\System\xqfvclM.exe
  C:\Windows\System\xqfvclM.exe
  2⤵
  PID:6500
- C:\Windows\System\sQdeLlq.exe
  C:\Windows\System\sQdeLlq.exe
  2⤵
  PID:6532
- C:\Windows\System\ZokiXws.exe
  C:\Windows\System\ZokiXws.exe
  2⤵
  PID:6564
- C:\Windows\System\ocFDsUn.exe
  C:\Windows\System\ocFDsUn.exe
  2⤵
  PID:6580
- C:\Windows\System\KpPfayn.exe
  C:\Windows\System\KpPfayn.exe
  2⤵
  PID:6612
- C:\Windows\System\umOVSHS.exe
  C:\Windows\System\umOVSHS.exe
  2⤵
  PID:6644
- C:\Windows\System\rGhSJTO.exe
  C:\Windows\System\rGhSJTO.exe
  2⤵
  PID:6676
- C:\Windows\System\iVPncjD.exe
  C:\Windows\System\iVPncjD.exe
  2⤵
  PID:6708
- C:\Windows\System\gyndOuM.exe
  C:\Windows\System\gyndOuM.exe
  2⤵
  PID:6740
- C:\Windows\System\PsJmptG.exe
  C:\Windows\System\PsJmptG.exe
  2⤵
  PID:6772
- C:\Windows\System\pELYRvj.exe
  C:\Windows\System\pELYRvj.exe
  2⤵
  PID:6804
- C:\Windows\System\OdgOVcF.exe
  C:\Windows\System\OdgOVcF.exe
  2⤵
  PID:6836
- C:\Windows\System\yFbuYHu.exe
  C:\Windows\System\yFbuYHu.exe
  2⤵
  PID:6872
- C:\Windows\System\GRIfnHd.exe
  C:\Windows\System\GRIfnHd.exe
  2⤵
  PID:6904
- C:\Windows\System\OhAKfmb.exe
  C:\Windows\System\OhAKfmb.exe
  2⤵
  PID:6936
- C:\Windows\System\EcrVamp.exe
  C:\Windows\System\EcrVamp.exe
  2⤵
  PID:6968
- C:\Windows\System\odBKSDy.exe
  C:\Windows\System\odBKSDy.exe
  2⤵
  PID:7004
- C:\Windows\System\AWJEkFW.exe
  C:\Windows\System\AWJEkFW.exe
  2⤵
  PID:7040
- C:\Windows\System\SHjlHZp.exe
  C:\Windows\System\SHjlHZp.exe
  2⤵
  PID:7084
- C:\Windows\System\XnfYUWv.exe
  C:\Windows\System\XnfYUWv.exe
  2⤵
  PID:7116
- C:\Windows\System\OOZadJy.exe
  C:\Windows\System\OOZadJy.exe
  2⤵
  PID:7148
- C:\Windows\System\bsPydJh.exe
  C:\Windows\System\bsPydJh.exe
  2⤵
  PID:5608
- C:\Windows\System\VlStGSD.exe
  C:\Windows\System\VlStGSD.exe
  2⤵
  PID:6072
- C:\Windows\System\AcDACJX.exe
  C:\Windows\System\AcDACJX.exe
  2⤵
  PID:6152
- C:\Windows\System\pSxibPC.exe
  C:\Windows\System\pSxibPC.exe
  2⤵
  PID:6184
- C:\Windows\System\ewsKTQe.exe
  C:\Windows\System\ewsKTQe.exe
  2⤵
  PID:6248
- C:\Windows\System\PHsvree.exe
  C:\Windows\System\PHsvree.exe
  2⤵
  PID:6312
- C:\Windows\System\rhrHaLj.exe
  C:\Windows\System\rhrHaLj.exe
  2⤵
  PID:6360
- C:\Windows\System\bDTpEoP.exe
  C:\Windows\System\bDTpEoP.exe
  2⤵
  PID:6440
- C:\Windows\System\SpwGrhE.exe
  C:\Windows\System\SpwGrhE.exe
  2⤵
  PID:6484
- C:\Windows\System\JDxUflk.exe
  C:\Windows\System\JDxUflk.exe
  2⤵
  PID:6536
- C:\Windows\System\kBbsqbT.exe
  C:\Windows\System\kBbsqbT.exe
  2⤵
  PID:6596
- C:\Windows\System\JPKVzYN.exe
  C:\Windows\System\JPKVzYN.exe
  2⤵
  PID:6648
- C:\Windows\System\LypQcpD.exe
  C:\Windows\System\LypQcpD.exe
  2⤵
  PID:6712
- C:\Windows\System\RWdAEGm.exe
  C:\Windows\System\RWdAEGm.exe
  2⤵
  PID:2356
- C:\Windows\System\PQeiwJq.exe
  C:\Windows\System\PQeiwJq.exe
  2⤵
  PID:2708
- C:\Windows\System\LZVYxDs.exe
  C:\Windows\System\LZVYxDs.exe
  2⤵
  PID:6856
- C:\Windows\System\COqRoau.exe
  C:\Windows\System\COqRoau.exe
  2⤵
  PID:6924
- C:\Windows\System\ppIevIE.exe
  C:\Windows\System\ppIevIE.exe
  2⤵
  PID:6956
- C:\Windows\System\XHvExPu.exe
  C:\Windows\System\XHvExPu.exe
  2⤵
  PID:7024
- C:\Windows\System\WqaJqxe.exe
  C:\Windows\System\WqaJqxe.exe
  2⤵
  PID:7100
- C:\Windows\System\YdEBgVm.exe
  C:\Windows\System\YdEBgVm.exe
  2⤵
  PID:7152
- C:\Windows\System\uTVFpRp.exe
  C:\Windows\System\uTVFpRp.exe
  2⤵
  PID:6164
- C:\Windows\System\CJWWeOt.exe
  C:\Windows\System\CJWWeOt.exe
  2⤵
  PID:6228
- C:\Windows\System\qNYVGnA.exe
  C:\Windows\System\qNYVGnA.exe
  2⤵
  PID:6388
- C:\Windows\System\JkxFrVz.exe
  C:\Windows\System\JkxFrVz.exe
  2⤵
  PID:2392
- C:\Windows\System\BKlPKOz.exe
  C:\Windows\System\BKlPKOz.exe
  2⤵
  PID:6548
- C:\Windows\System\hhUAEFf.exe
  C:\Windows\System\hhUAEFf.exe
  2⤵
  PID:6664
- C:\Windows\System\JDWNvRp.exe
  C:\Windows\System\JDWNvRp.exe
  2⤵
  PID:6760
- C:\Windows\System\qyWgDUP.exe
  C:\Windows\System\qyWgDUP.exe
  2⤵
  PID:6892
- C:\Windows\System\oMUUFPd.exe
  C:\Windows\System\oMUUFPd.exe
  2⤵
  PID:2060
- C:\Windows\System\VgsolJb.exe
  C:\Windows\System\VgsolJb.exe
  2⤵
  PID:7088
- C:\Windows\System\FfIiFkO.exe
  C:\Windows\System\FfIiFkO.exe
  2⤵
  PID:2884
- C:\Windows\System\elgwJmQ.exe
  C:\Windows\System\elgwJmQ.exe
  2⤵
  PID:824
- C:\Windows\System\VWUHmqR.exe
  C:\Windows\System\VWUHmqR.exe
  2⤵
  PID:6420
- C:\Windows\System\WbECaUj.exe
  C:\Windows\System\WbECaUj.exe
  2⤵
  PID:1240
- C:\Windows\System\FXUIgKI.exe
  C:\Windows\System\FXUIgKI.exe
  2⤵
  PID:6852
- C:\Windows\System\YusLMSs.exe
  C:\Windows\System\YusLMSs.exe
  2⤵
  PID:4120
- C:\Windows\System\XYdhpww.exe
  C:\Windows\System\XYdhpww.exe
  2⤵
  PID:5820
- C:\Windows\System\sUGvKyS.exe
  C:\Windows\System\sUGvKyS.exe
  2⤵
  PID:2200
- C:\Windows\System\pCuOApZ.exe
  C:\Windows\System\pCuOApZ.exe
  2⤵
  PID:7184
- C:\Windows\System\VqeYTUR.exe
  C:\Windows\System\VqeYTUR.exe
  2⤵
  PID:7200
- C:\Windows\System\JDsRbnV.exe
  C:\Windows\System\JDsRbnV.exe
  2⤵
  PID:7216
- C:\Windows\System\uBIporG.exe
  C:\Windows\System\uBIporG.exe
  2⤵
  PID:7232
- C:\Windows\System\HbRfkmv.exe
  C:\Windows\System\HbRfkmv.exe
  2⤵
  PID:7248
- C:\Windows\System\lzOuKyU.exe
  C:\Windows\System\lzOuKyU.exe
  2⤵
  PID:7264
- C:\Windows\System\DoeCCRv.exe
  C:\Windows\System\DoeCCRv.exe
  2⤵
  PID:7280
- C:\Windows\System\CTSFHlu.exe
  C:\Windows\System\CTSFHlu.exe
  2⤵
  PID:7296
- C:\Windows\System\ugaVDuj.exe
  C:\Windows\System\ugaVDuj.exe
  2⤵
  PID:7312
- C:\Windows\System\qBFWMsw.exe
  C:\Windows\System\qBFWMsw.exe
  2⤵
  PID:7332
- C:\Windows\System\SfwBEst.exe
  C:\Windows\System\SfwBEst.exe
  2⤵
  PID:7348
- C:\Windows\System\tiXsEkn.exe
  C:\Windows\System\tiXsEkn.exe
  2⤵
  PID:7364
- C:\Windows\System\ymRLuwV.exe
  C:\Windows\System\ymRLuwV.exe
  2⤵
  PID:7380
- C:\Windows\System\cHeAOae.exe
  C:\Windows\System\cHeAOae.exe
  2⤵
  PID:7396
- C:\Windows\System\kNPBFDm.exe
  C:\Windows\System\kNPBFDm.exe
  2⤵
  PID:7412
- C:\Windows\System\WjyFJqW.exe
  C:\Windows\System\WjyFJqW.exe
  2⤵
  PID:7428
- C:\Windows\System\YatdSTH.exe
  C:\Windows\System\YatdSTH.exe
  2⤵
  PID:7444
- C:\Windows\System\BuCQXrM.exe
  C:\Windows\System\BuCQXrM.exe
  2⤵
  PID:7460
- C:\Windows\System\atCCGvj.exe
  C:\Windows\System\atCCGvj.exe
  2⤵
  PID:7476
- C:\Windows\System\Wnztwdm.exe
  C:\Windows\System\Wnztwdm.exe
  2⤵
  PID:7492
- C:\Windows\System\jOzTeVs.exe
  C:\Windows\System\jOzTeVs.exe
  2⤵
  PID:7508
- C:\Windows\System\JVPONox.exe
  C:\Windows\System\JVPONox.exe
  2⤵
  PID:7524
- C:\Windows\System\eGFRXoT.exe
  C:\Windows\System\eGFRXoT.exe
  2⤵
  PID:7540
- C:\Windows\System\xJipEGK.exe
  C:\Windows\System\xJipEGK.exe
  2⤵
  PID:7556
- C:\Windows\System\xhxkTNO.exe
  C:\Windows\System\xhxkTNO.exe
  2⤵
  PID:7572
- C:\Windows\System\cDlEvym.exe
  C:\Windows\System\cDlEvym.exe
  2⤵
  PID:7588
- C:\Windows\System\CfBLqMJ.exe
  C:\Windows\System\CfBLqMJ.exe
  2⤵
  PID:7604
- C:\Windows\System\GiSEoHP.exe
  C:\Windows\System\GiSEoHP.exe
  2⤵
  PID:7620
- C:\Windows\System\xqbKTfJ.exe
  C:\Windows\System\xqbKTfJ.exe
  2⤵
  PID:7636
- C:\Windows\System\QpQDkwM.exe
  C:\Windows\System\QpQDkwM.exe
  2⤵
  PID:7652
- C:\Windows\System\fWkoCzK.exe
  C:\Windows\System\fWkoCzK.exe
  2⤵
  PID:7668
- C:\Windows\System\FEawWXv.exe
  C:\Windows\System\FEawWXv.exe
  2⤵
  PID:7684
- C:\Windows\System\AkAiwdY.exe
  C:\Windows\System\AkAiwdY.exe
  2⤵
  PID:7700
- C:\Windows\System\fSKiIji.exe
  C:\Windows\System\fSKiIji.exe
  2⤵
  PID:7716
- C:\Windows\System\efCyuAO.exe
  C:\Windows\System\efCyuAO.exe
  2⤵
  PID:7732
- C:\Windows\System\RQohmaz.exe
  C:\Windows\System\RQohmaz.exe
  2⤵
  PID:7748
- C:\Windows\System\MiuiBlb.exe
  C:\Windows\System\MiuiBlb.exe
  2⤵
  PID:7764
- C:\Windows\System\CLDuhzV.exe
  C:\Windows\System\CLDuhzV.exe
  2⤵
  PID:7780
- C:\Windows\System\AyduifM.exe
  C:\Windows\System\AyduifM.exe
  2⤵
  PID:7796
- C:\Windows\System\tCYsAeX.exe
  C:\Windows\System\tCYsAeX.exe
  2⤵
  PID:7816
- C:\Windows\System\TioRmhZ.exe
  C:\Windows\System\TioRmhZ.exe
  2⤵
  PID:7832
- C:\Windows\System\eHODvxz.exe
  C:\Windows\System\eHODvxz.exe
  2⤵
  PID:7848
- C:\Windows\System\DqlEOSL.exe
  C:\Windows\System\DqlEOSL.exe
  2⤵
  PID:7864
- C:\Windows\System\kTyfLkw.exe
  C:\Windows\System\kTyfLkw.exe
  2⤵
  PID:7880
- C:\Windows\System\rizOZFO.exe
  C:\Windows\System\rizOZFO.exe
  2⤵
  PID:7896
- C:\Windows\System\IuyiqdT.exe
  C:\Windows\System\IuyiqdT.exe
  2⤵
  PID:7912
- C:\Windows\System\kuCSpHB.exe
  C:\Windows\System\kuCSpHB.exe
  2⤵
  PID:7928
- C:\Windows\System\FvsfpdO.exe
  C:\Windows\System\FvsfpdO.exe
  2⤵
  PID:7944
- C:\Windows\System\hWkOrXY.exe
  C:\Windows\System\hWkOrXY.exe
  2⤵
  PID:7960
- C:\Windows\System\OxWtzju.exe
  C:\Windows\System\OxWtzju.exe
  2⤵
  PID:7976
- C:\Windows\System\VAoAnbN.exe
  C:\Windows\System\VAoAnbN.exe
  2⤵
  PID:7992
- C:\Windows\System\XmRhfJd.exe
  C:\Windows\System\XmRhfJd.exe
  2⤵
  PID:8008
- C:\Windows\System\AGRnJTd.exe
  C:\Windows\System\AGRnJTd.exe
  2⤵
  PID:8024
- C:\Windows\System\IlTASvp.exe
  C:\Windows\System\IlTASvp.exe
  2⤵
  PID:8048
- C:\Windows\System\tyNqXry.exe
  C:\Windows\System\tyNqXry.exe
  2⤵
  PID:8064
- C:\Windows\System\TwMODZs.exe
  C:\Windows\System\TwMODZs.exe
  2⤵
  PID:8080
- C:\Windows\System\ITIMHzD.exe
  C:\Windows\System\ITIMHzD.exe
  2⤵
  PID:8096
- C:\Windows\System\UuvChDr.exe
  C:\Windows\System\UuvChDr.exe
  2⤵
  PID:8116
- C:\Windows\System\VICwmaY.exe
  C:\Windows\System\VICwmaY.exe
  2⤵
  PID:8132
- C:\Windows\System\OIMSrba.exe
  C:\Windows\System\OIMSrba.exe
  2⤵
  PID:8148
- C:\Windows\System\AkVXYHf.exe
  C:\Windows\System\AkVXYHf.exe
  2⤵
  PID:8168
- C:\Windows\System\JscEVQz.exe
  C:\Windows\System\JscEVQz.exe
  2⤵
  PID:8188
- C:\Windows\System\flMlxAl.exe
  C:\Windows\System\flMlxAl.exe
  2⤵
  PID:6744
- C:\Windows\System\YXszysG.exe
  C:\Windows\System\YXszysG.exe
  2⤵
  PID:7132
- C:\Windows\System\ZPkdfrB.exe
  C:\Windows\System\ZPkdfrB.exe
  2⤵
  PID:7180
- C:\Windows\System\hJbDnsD.exe
  C:\Windows\System\hJbDnsD.exe
  2⤵
  PID:7212
- C:\Windows\System\OVTwfAp.exe
  C:\Windows\System\OVTwfAp.exe
  2⤵
  PID:7292
- C:\Windows\System\KypmAcX.exe
  C:\Windows\System\KypmAcX.exe
  2⤵
  PID:2988
- C:\Windows\System\KQNBoPv.exe
  C:\Windows\System\KQNBoPv.exe
  2⤵
  PID:7356
- C:\Windows\System\xcKKipF.exe
  C:\Windows\System\xcKKipF.exe
  2⤵
  PID:2952
- C:\Windows\System\cUUiTuk.exe
  C:\Windows\System\cUUiTuk.exe
  2⤵
  PID:7408
- C:\Windows\System\xkxQxll.exe
  C:\Windows\System\xkxQxll.exe
  2⤵
  PID:7440
- C:\Windows\System\FCRNVXu.exe
  C:\Windows\System\FCRNVXu.exe
  2⤵
  PID:7472
- C:\Windows\System\XwiIxSr.exe
  C:\Windows\System\XwiIxSr.exe
  2⤵
  PID:2956
- C:\Windows\System\vsYWnrl.exe
  C:\Windows\System\vsYWnrl.exe
  2⤵
  PID:7520
- C:\Windows\System\PerVJCE.exe
  C:\Windows\System\PerVJCE.exe
  2⤵
  PID:7564
- C:\Windows\System\NShSdCB.exe
  C:\Windows\System\NShSdCB.exe
  2⤵
  PID:7584
- C:\Windows\System\MtXSpoN.exe
  C:\Windows\System\MtXSpoN.exe
  2⤵
  PID:7612
- C:\Windows\System\SNwnKWO.exe
  C:\Windows\System\SNwnKWO.exe
  2⤵
  PID:7644
- C:\Windows\System\bJXFwTj.exe
  C:\Windows\System\bJXFwTj.exe
  2⤵
  PID:2696
- C:\Windows\System\hxEkJjF.exe
  C:\Windows\System\hxEkJjF.exe
  2⤵
  PID:7696
- C:\Windows\System\RTRTfeS.exe
  C:\Windows\System\RTRTfeS.exe
  2⤵
  PID:7724
- C:\Windows\System\XVGEoQH.exe
  C:\Windows\System\XVGEoQH.exe
  2⤵
  PID:7756
- C:\Windows\System\HegdMPV.exe
  C:\Windows\System\HegdMPV.exe
  2⤵
  PID:7788
- C:\Windows\System\UzzGRWF.exe
  C:\Windows\System\UzzGRWF.exe
  2⤵
  PID:7808
- C:\Windows\System\ZCeMHkK.exe
  C:\Windows\System\ZCeMHkK.exe
  2⤵
  PID:7856
- C:\Windows\System\VAjpbwL.exe
  C:\Windows\System\VAjpbwL.exe
  2⤵
  PID:7872
- C:\Windows\System\HbrcslN.exe
  C:\Windows\System\HbrcslN.exe
  2⤵
  PID:2752
- C:\Windows\System\WSeaCqc.exe
  C:\Windows\System\WSeaCqc.exe
  2⤵
  PID:7924
- C:\Windows\System\SiCHLdX.exe
  C:\Windows\System\SiCHLdX.exe
  2⤵
  PID:7940
- C:\Windows\System\FFGyFIU.exe
  C:\Windows\System\FFGyFIU.exe
  2⤵
  PID:7972
- C:\Windows\System\kyUODTx.exe
  C:\Windows\System\kyUODTx.exe
  2⤵
  PID:8032
- C:\Windows\System\jUAYLaB.exe
  C:\Windows\System\jUAYLaB.exe
  2⤵
  PID:3000
- C:\Windows\System\clEYCrs.exe
  C:\Windows\System\clEYCrs.exe
  2⤵
  PID:1500
- C:\Windows\System\uQDgWdU.exe
  C:\Windows\System\uQDgWdU.exe
  2⤵
  PID:2692
- C:\Windows\System\VPnHydH.exe
  C:\Windows\System\VPnHydH.exe
  2⤵
  PID:2308
- C:\Windows\System\xYMTqGU.exe
  C:\Windows\System\xYMTqGU.exe
  2⤵
  PID:2908
- C:\Windows\System\KJeLMLj.exe
  C:\Windows\System\KJeLMLj.exe
  2⤵
  PID:8056
- C:\Windows\System\gzuVkAM.exe
  C:\Windows\System\gzuVkAM.exe
  2⤵
  PID:8092
- C:\Windows\System\JyCazZG.exe
  C:\Windows\System\JyCazZG.exe
  2⤵
  PID:8156
- C:\Windows\System\DVrhiEw.exe
  C:\Windows\System\DVrhiEw.exe
  2⤵
  PID:6324
- C:\Windows\System\UkeEXyE.exe
  C:\Windows\System\UkeEXyE.exe
  2⤵
  PID:3012
- C:\Windows\System\DNRkNdY.exe
  C:\Windows\System\DNRkNdY.exe
  2⤵
  PID:8144
- C:\Windows\System\lUBckBM.exe
  C:\Windows\System\lUBckBM.exe
  2⤵
  PID:7120
- C:\Windows\System\NBzytAR.exe
  C:\Windows\System\NBzytAR.exe
  2⤵
  PID:8076
- C:\Windows\System\LtIayTQ.exe
  C:\Windows\System\LtIayTQ.exe
  2⤵
  PID:7424
- C:\Windows\System\isxTQiy.exe
  C:\Windows\System\isxTQiy.exe
  2⤵
  PID:7456
- C:\Windows\System\jmIqnPl.exe
  C:\Windows\System\jmIqnPl.exe
  2⤵
  PID:7548
- C:\Windows\System\NDGPcPT.exe
  C:\Windows\System\NDGPcPT.exe
  2⤵
  PID:1544
- C:\Windows\System\jpLUdtH.exe
  C:\Windows\System\jpLUdtH.exe
  2⤵
  PID:7392
- C:\Windows\System\iXKTSVH.exe
  C:\Windows\System\iXKTSVH.exe
  2⤵
  PID:7568
- C:\Windows\System\FGvGgTA.exe
  C:\Windows\System\FGvGgTA.exe
  2⤵
  PID:7692
- C:\Windows\System\okAHhke.exe
  C:\Windows\System\okAHhke.exe
  2⤵
  PID:7708
- C:\Windows\System\hawyKjM.exe
  C:\Windows\System\hawyKjM.exe
  2⤵
  PID:7860
- C:\Windows\System\XXZfXmH.exe
  C:\Windows\System\XXZfXmH.exe
  2⤵
  PID:2812
- C:\Windows\System\juNYXnx.exe
  C:\Windows\System\juNYXnx.exe
  2⤵
  PID:2720
- C:\Windows\System\pGWPijV.exe
  C:\Windows\System\pGWPijV.exe
  2⤵
  PID:7920
- C:\Windows\System\OyIHDLJ.exe
  C:\Windows\System\OyIHDLJ.exe
  2⤵
  PID:8088
- C:\Windows\System\VsBkPcV.exe
  C:\Windows\System\VsBkPcV.exe
  2⤵
  PID:8140
- C:\Windows\System\qUmBIbl.exe
  C:\Windows\System\qUmBIbl.exe
  2⤵
  PID:7324
- C:\Windows\System\tOpaHme.exe
  C:\Windows\System\tOpaHme.exe
  2⤵
  PID:7516
- C:\Windows\System\KAprTdd.exe
  C:\Windows\System\KAprTdd.exe
  2⤵
  PID:2724
- C:\Windows\System\OvGipQu.exe
  C:\Windows\System\OvGipQu.exe
  2⤵
  PID:8000
- C:\Windows\System\FchTZiL.exe
  C:\Windows\System\FchTZiL.exe
  2⤵
  PID:7892
- C:\Windows\System\lOEwUsH.exe
  C:\Windows\System\lOEwUsH.exe
  2⤵
  PID:7436
- C:\Windows\System\tlMsTWY.exe
  C:\Windows\System\tlMsTWY.exe
  2⤵
  PID:7240
- C:\Windows\System\dcotiIk.exe
  C:\Windows\System\dcotiIk.exe
  2⤵
  PID:8164
- C:\Windows\System\KXoIpXr.exe
  C:\Windows\System\KXoIpXr.exe
  2⤵
  PID:7488
- C:\Windows\System\XKbgUxH.exe
  C:\Windows\System\XKbgUxH.exe
  2⤵
  PID:7840
- C:\Windows\System\GLCaHSI.exe
  C:\Windows\System\GLCaHSI.exe
  2⤵
  PID:7616
- C:\Windows\System\tgQczkh.exe
  C:\Windows\System\tgQczkh.exe
  2⤵
  PID:4124
- C:\Windows\System\JxfbatT.exe
  C:\Windows\System\JxfbatT.exe
  2⤵
  PID:7320
- C:\Windows\System\yOLpaFz.exe
  C:\Windows\System\yOLpaFz.exe
  2⤵
  PID:8044
- C:\Windows\System\xrnGScH.exe
  C:\Windows\System\xrnGScH.exe
  2⤵
  PID:7952
- C:\Windows\System\geTGQYY.exe
  C:\Windows\System\geTGQYY.exe
  2⤵
  PID:7824
- C:\Windows\System\JEvVysc.exe
  C:\Windows\System\JEvVysc.exe
  2⤵
  PID:8040
- C:\Windows\System\TGdSMBe.exe
  C:\Windows\System\TGdSMBe.exe
  2⤵
  PID:7536
- C:\Windows\System\cgFIRUm.exe
  C:\Windows\System\cgFIRUm.exe
  2⤵
  PID:8124
- C:\Windows\System\wWTIEIE.exe
  C:\Windows\System\wWTIEIE.exe
  2⤵
  PID:1724
- C:\Windows\System\MkkxslI.exe
  C:\Windows\System\MkkxslI.exe
  2⤵
  PID:8184
- C:\Windows\System\aXnLHeu.exe
  C:\Windows\System\aXnLHeu.exe
  2⤵
  PID:2748
- C:\Windows\System\LCFHoGZ.exe
  C:\Windows\System\LCFHoGZ.exe
  2⤵
  PID:8204
- C:\Windows\System\sQQfwrd.exe
  C:\Windows\System\sQQfwrd.exe
  2⤵
  PID:8220
- C:\Windows\System\tsdrmiI.exe
  C:\Windows\System\tsdrmiI.exe
  2⤵
  PID:8236
- C:\Windows\System\BzOTxFS.exe
  C:\Windows\System\BzOTxFS.exe
  2⤵
  PID:8252
- C:\Windows\System\KdzDOod.exe
  C:\Windows\System\KdzDOod.exe
  2⤵
  PID:8272
- C:\Windows\System\JiIICuf.exe
  C:\Windows\System\JiIICuf.exe
  2⤵
  PID:8304
- C:\Windows\System\fjYRUjW.exe
  C:\Windows\System\fjYRUjW.exe
  2⤵
  PID:8320
- C:\Windows\System\FpFLHyH.exe
  C:\Windows\System\FpFLHyH.exe
  2⤵
  PID:8376
- C:\Windows\System\kLkquop.exe
  C:\Windows\System\kLkquop.exe
  2⤵
  PID:8400
- C:\Windows\System\LtuBtNA.exe
  C:\Windows\System\LtuBtNA.exe
  2⤵
  PID:8424
- C:\Windows\System\bKmUqao.exe
  C:\Windows\System\bKmUqao.exe
  2⤵
  PID:8452
- C:\Windows\System\fmqDyQM.exe
  C:\Windows\System\fmqDyQM.exe
  2⤵
  PID:8480
- C:\Windows\System\JTgtDDL.exe
  C:\Windows\System\JTgtDDL.exe
  2⤵
  PID:8508
- C:\Windows\System\VltLMIK.exe
  C:\Windows\System\VltLMIK.exe
  2⤵
  PID:8532
- C:\Windows\System\NpGVIGF.exe
  C:\Windows\System\NpGVIGF.exe
  2⤵
  PID:8560
- C:\Windows\System\KeKnCAJ.exe
  C:\Windows\System\KeKnCAJ.exe
  2⤵
  PID:8588
- C:\Windows\System\sHxEFMa.exe
  C:\Windows\System\sHxEFMa.exe
  2⤵
  PID:8612
- C:\Windows\System\EYPQTcF.exe
  C:\Windows\System\EYPQTcF.exe
  2⤵
  PID:8636
- C:\Windows\System\FPePhSA.exe
  C:\Windows\System\FPePhSA.exe
  2⤵
  PID:8664
- C:\Windows\System\FepkxFZ.exe
  C:\Windows\System\FepkxFZ.exe
  2⤵
  PID:8688
- C:\Windows\System\REQdozB.exe
  C:\Windows\System\REQdozB.exe
  2⤵
  PID:8708
- C:\Windows\System\roYfxwD.exe
  C:\Windows\System\roYfxwD.exe
  2⤵
  PID:8728
- C:\Windows\System\oSwvVMK.exe
  C:\Windows\System\oSwvVMK.exe
  2⤵
  PID:8752
- C:\Windows\System\MWGROGO.exe
  C:\Windows\System\MWGROGO.exe
  2⤵
  PID:8776
- C:\Windows\System\QGNhLVC.exe
  C:\Windows\System\QGNhLVC.exe
  2⤵
  PID:8800
- C:\Windows\System\UjJRVrj.exe
  C:\Windows\System\UjJRVrj.exe
  2⤵
  PID:8816
- C:\Windows\System\qXXmmLF.exe
  C:\Windows\System\qXXmmLF.exe
  2⤵
  PID:8832
- C:\Windows\System\PSnuYQG.exe
  C:\Windows\System\PSnuYQG.exe
  2⤵
  PID:8848
- C:\Windows\System\mzZOjoB.exe
  C:\Windows\System\mzZOjoB.exe
  2⤵
  PID:9028
- C:\Windows\System\mmbhyRK.exe
  C:\Windows\System\mmbhyRK.exe
  2⤵
  PID:9044
- C:\Windows\System\CUKEMuM.exe
  C:\Windows\System\CUKEMuM.exe
  2⤵
  PID:9060
- C:\Windows\System\oEXbqNr.exe
  C:\Windows\System\oEXbqNr.exe
  2⤵
  PID:9076
- C:\Windows\System\uzpZaVY.exe
  C:\Windows\System\uzpZaVY.exe
  2⤵
  PID:9092
- C:\Windows\System\XzPkZAy.exe
  C:\Windows\System\XzPkZAy.exe
  2⤵
  PID:9108
- C:\Windows\System\NxhHyIt.exe
  C:\Windows\System\NxhHyIt.exe
  2⤵
  PID:9124
- C:\Windows\System\CdlUoZy.exe
  C:\Windows\System\CdlUoZy.exe
  2⤵
  PID:9140
- C:\Windows\System\hYhuVKD.exe
  C:\Windows\System\hYhuVKD.exe
  2⤵
  PID:9160
- C:\Windows\System\RGIzxkh.exe
  C:\Windows\System\RGIzxkh.exe
  2⤵
  PID:9176
- C:\Windows\System\rYuEEcb.exe
  C:\Windows\System\rYuEEcb.exe
  2⤵
  PID:9192
- C:\Windows\System\HWRJSCt.exe
  C:\Windows\System\HWRJSCt.exe
  2⤵
  PID:9208
- C:\Windows\System\XRcLZLT.exe
  C:\Windows\System\XRcLZLT.exe
  2⤵
  PID:7908
- C:\Windows\System\hIVNjNm.exe
  C:\Windows\System\hIVNjNm.exe
  2⤵
  PID:8200
- C:\Windows\System\udCOxQe.exe
  C:\Windows\System\udCOxQe.exe
  2⤵
  PID:7376
- C:\Windows\System\pXdHoSX.exe
  C:\Windows\System\pXdHoSX.exe
  2⤵
  PID:8212
- C:\Windows\System\OepVYro.exe
  C:\Windows\System\OepVYro.exe
  2⤵
  PID:8288
- C:\Windows\System\NyQNfwI.exe
  C:\Windows\System\NyQNfwI.exe
  2⤵
  PID:8264
- C:\Windows\System\TeBrMjO.exe
  C:\Windows\System\TeBrMjO.exe
  2⤵
  PID:8396
- C:\Windows\System\KEmyKru.exe
  C:\Windows\System\KEmyKru.exe
  2⤵
  PID:8448
- C:\Windows\System\dhRYzxf.exe
  C:\Windows\System\dhRYzxf.exe
  2⤵
  PID:8332
- C:\Windows\System\nBsZzVK.exe
  C:\Windows\System\nBsZzVK.exe
  2⤵
  PID:8344
- C:\Windows\System\BgLXMKf.exe
  C:\Windows\System\BgLXMKf.exe
  2⤵
  PID:8364
- C:\Windows\System\EQuLNPU.exe
  C:\Windows\System\EQuLNPU.exe
  2⤵
  PID:8412
- C:\Windows\System\QrsgSaK.exe
  C:\Windows\System\QrsgSaK.exe
  2⤵
  PID:8464
- C:\Windows\System\ZXTqZrJ.exe
  C:\Windows\System\ZXTqZrJ.exe
  2⤵
  PID:8504
- C:\Windows\System\wDFbELB.exe
  C:\Windows\System\wDFbELB.exe
  2⤵
  PID:8568
- C:\Windows\System\bVsdMjb.exe
  C:\Windows\System\bVsdMjb.exe
  2⤵
  PID:8580
- C:\Windows\System\HtctQDo.exe
  C:\Windows\System\HtctQDo.exe
  2⤵
  PID:8628
- C:\Windows\System\frBZDWV.exe
  C:\Windows\System\frBZDWV.exe
  2⤵
  PID:8680
- C:\Windows\System\PpHvCCX.exe
  C:\Windows\System\PpHvCCX.exe
  2⤵
  PID:8724
- C:\Windows\System\QZgOcjB.exe
  C:\Windows\System\QZgOcjB.exe
  2⤵
  PID:8772
- C:\Windows\System\DlPxwEB.exe
  C:\Windows\System\DlPxwEB.exe
  2⤵
  PID:8844
- C:\Windows\System\rhMkJZj.exe
  C:\Windows\System\rhMkJZj.exe
  2⤵
  PID:8492
- C:\Windows\System\ghctPgF.exe
  C:\Windows\System\ghctPgF.exe
  2⤵
  PID:8552
- C:\Windows\System\MRjZAwD.exe
  C:\Windows\System\MRjZAwD.exe
  2⤵
  PID:8604
- C:\Windows\System\xRWMVdk.exe
  C:\Windows\System\xRWMVdk.exe
  2⤵
  PID:8736
- C:\Windows\System\QJBUHQa.exe
  C:\Windows\System\QJBUHQa.exe
  2⤵
  PID:8784
- C:\Windows\System\FESargO.exe
  C:\Windows\System\FESargO.exe
  2⤵
  PID:8824
- C:\Windows\System\ZAxVXOF.exe
  C:\Windows\System\ZAxVXOF.exe
  2⤵
  PID:8656
- C:\Windows\System\dInVbUj.exe
  C:\Windows\System\dInVbUj.exe
  2⤵
  PID:8704
- C:\Windows\System\oPRxGoz.exe
  C:\Windows\System\oPRxGoz.exe
  2⤵
  PID:8936
- C:\Windows\System\HGJgavN.exe
  C:\Windows\System\HGJgavN.exe
  2⤵
  PID:8952
- C:\Windows\System\QMRhNkF.exe
  C:\Windows\System\QMRhNkF.exe
  2⤵
  PID:8972
- C:\Windows\System\yBHLnMi.exe
  C:\Windows\System\yBHLnMi.exe
  2⤵
  PID:9004
- C:\Windows\System\EwIQofg.exe
  C:\Windows\System\EwIQofg.exe
  2⤵
  PID:9020
- C:\Windows\System\LtPyUnA.exe
  C:\Windows\System\LtPyUnA.exe
  2⤵
  PID:9056
- C:\Windows\System\DpOAImy.exe
  C:\Windows\System\DpOAImy.exe
  2⤵
  PID:8976
- C:\Windows\System\lklHOYE.exe
  C:\Windows\System\lklHOYE.exe
  2⤵
  PID:8980
- C:\Windows\System\GgXdtOt.exe
  C:\Windows\System\GgXdtOt.exe
  2⤵
  PID:9100
- C:\Windows\System\lrZqCjz.exe
  C:\Windows\System\lrZqCjz.exe
  2⤵
  PID:9148
- C:\Windows\System\qwvUcwI.exe
  C:\Windows\System\qwvUcwI.exe
  2⤵
  PID:9152
- C:\Windows\System\bUFwNVD.exe
  C:\Windows\System\bUFwNVD.exe
  2⤵
  PID:8180
- C:\Windows\System\RzSnOjj.exe
  C:\Windows\System\RzSnOjj.exe
  2⤵
  PID:9200
- C:\Windows\System\XELRPSI.exe
  C:\Windows\System\XELRPSI.exe
  2⤵
  PID:8268
- C:\Windows\System\gwKsYIF.exe
  C:\Windows\System\gwKsYIF.exe
  2⤵
  PID:8232
- C:\Windows\System\KclSWwv.exe
  C:\Windows\System\KclSWwv.exe
  2⤵
  PID:8392
- C:\Windows\System\LNgBdad.exe
  C:\Windows\System\LNgBdad.exe
  2⤵
  PID:8360
- C:\Windows\System\uqJrYpp.exe
  C:\Windows\System\uqJrYpp.exe
  2⤵
  PID:8524
- C:\Windows\System\GTMPNzk.exe
  C:\Windows\System\GTMPNzk.exe
  2⤵
  PID:8348
- C:\Windows\System\IYgmHlO.exe
  C:\Windows\System\IYgmHlO.exe
  2⤵
  PID:8572
- C:\Windows\System\RPmSupb.exe
  C:\Windows\System\RPmSupb.exe
  2⤵
  PID:8716
- C:\Windows\System\kXEJwYP.exe
  C:\Windows\System\kXEJwYP.exe
  2⤵
  PID:8840
- C:\Windows\System\QzGqJMG.exe
  C:\Windows\System\QzGqJMG.exe
  2⤵
  PID:8548
- C:\Windows\System\ZSPcIwG.exe
  C:\Windows\System\ZSPcIwG.exe
  2⤵
  PID:8676
- C:\Windows\System\fVqzejV.exe
  C:\Windows\System\fVqzejV.exe
  2⤵
  PID:8596
- C:\Windows\System\HsZeqFk.exe
  C:\Windows\System\HsZeqFk.exe
  2⤵
  PID:8792
- C:\Windows\System\ACWATQo.exe
  C:\Windows\System\ACWATQo.exe
  2⤵
  PID:8796
- C:\Windows\System\YIOSHWA.exe
  C:\Windows\System\YIOSHWA.exe
  2⤵
  PID:8996
- C:\Windows\System\zyXIdoQ.exe
  C:\Windows\System\zyXIdoQ.exe
  2⤵
  PID:9120
- C:\Windows\System\zdphKHj.exe
  C:\Windows\System\zdphKHj.exe
  2⤵
  PID:9084
- C:\Windows\System\uJaAkww.exe
  C:\Windows\System\uJaAkww.exe
  2⤵
  PID:7844
- C:\Windows\System\WPgeGnC.exe
  C:\Windows\System\WPgeGnC.exe
  2⤵
  PID:8472
- C:\Windows\System\ZNiaXpo.exe
  C:\Windows\System\ZNiaXpo.exe
  2⤵
  PID:8856
- C:\Windows\System\uNvjvPX.exe
  C:\Windows\System\uNvjvPX.exe
  2⤵
  PID:2244
- C:\Windows\System\OXOUBbl.exe
  C:\Windows\System\OXOUBbl.exe
  2⤵
  PID:8932
- C:\Windows\System\SDVCgAn.exe
  C:\Windows\System\SDVCgAn.exe
  2⤵
  PID:9016
- C:\Windows\System\HDOOdzx.exe
  C:\Windows\System\HDOOdzx.exe
  2⤵
  PID:9072
- C:\Windows\System\fzZZArk.exe
  C:\Windows\System\fzZZArk.exe
  2⤵
  PID:9156
- C:\Windows\System\xXCAaHq.exe
  C:\Windows\System\xXCAaHq.exe
  2⤵
  PID:8356
- C:\Windows\System\fGLFtPD.exe
  C:\Windows\System\fGLFtPD.exe
  2⤵
  PID:8624
- C:\Windows\System\kSdSssv.exe
  C:\Windows\System\kSdSssv.exe
  2⤵
  PID:8648
- C:\Windows\System\RfiPYXP.exe
  C:\Windows\System\RfiPYXP.exe
  2⤵
  PID:1924
- C:\Windows\System\JnVRocG.exe
  C:\Windows\System\JnVRocG.exe
  2⤵
  PID:8520
- C:\Windows\System\XvugIER.exe
  C:\Windows\System\XvugIER.exe
  2⤵
  PID:9136
- C:\Windows\System\MeTICXZ.exe
  C:\Windows\System\MeTICXZ.exe
  2⤵
  PID:2192
- C:\Windows\System\NJjUhXU.exe
  C:\Windows\System\NJjUhXU.exe
  2⤵
  PID:8768
- C:\Windows\System\BFRRXmP.exe
  C:\Windows\System\BFRRXmP.exe
  2⤵
  PID:1916
- C:\Windows\System\fDzzcRU.exe
  C:\Windows\System\fDzzcRU.exe
  2⤵
  PID:8672
- C:\Windows\System\WXoZXpm.exe
  C:\Windows\System\WXoZXpm.exe
  2⤵
  PID:8248
- C:\Windows\System\VHiXQRU.exe
  C:\Windows\System\VHiXQRU.exe
  2⤵
  PID:2400
- C:\Windows\System\dkioNjj.exe
  C:\Windows\System\dkioNjj.exe
  2⤵
  PID:8500
- C:\Windows\System\BaBYMnH.exe
  C:\Windows\System\BaBYMnH.exe
  2⤵
  PID:8388
- C:\Windows\System\aqTEzZV.exe
  C:\Windows\System\aqTEzZV.exe
  2⤵
  PID:8948
- C:\Windows\System\xLQvdiX.exe
  C:\Windows\System\xLQvdiX.exe
  2⤵
  PID:8984
- C:\Windows\System\RHAymlF.exe
  C:\Windows\System\RHAymlF.exe
  2⤵
  PID:8296
- C:\Windows\System\jCiYSjA.exe
  C:\Windows\System\jCiYSjA.exe
  2⤵
  PID:8300
- C:\Windows\System\GADuVgn.exe
  C:\Windows\System\GADuVgn.exe
  2⤵
  PID:9232
- C:\Windows\System\XlpZMct.exe
  C:\Windows\System\XlpZMct.exe
  2⤵
  PID:9248
- C:\Windows\System\GTJBVFI.exe
  C:\Windows\System\GTJBVFI.exe
  2⤵
  PID:9264
- C:\Windows\System\efMVfFJ.exe
  C:\Windows\System\efMVfFJ.exe
  2⤵
  PID:9280
- C:\Windows\System\oJaofiF.exe
  C:\Windows\System\oJaofiF.exe
  2⤵
  PID:9296
- C:\Windows\System\tMRPzRX.exe
  C:\Windows\System\tMRPzRX.exe
  2⤵
  PID:9312
- C:\Windows\System\bnorKtD.exe
  C:\Windows\System\bnorKtD.exe
  2⤵
  PID:9328
- C:\Windows\System\YDZlULO.exe
  C:\Windows\System\YDZlULO.exe
  2⤵
  PID:9344
- C:\Windows\System\MNrANwn.exe
  C:\Windows\System\MNrANwn.exe
  2⤵
  PID:9360
- C:\Windows\System\FkCTNgS.exe
  C:\Windows\System\FkCTNgS.exe
  2⤵
  PID:9376
- C:\Windows\System\DkXNBFv.exe
  C:\Windows\System\DkXNBFv.exe
  2⤵
  PID:9392
- C:\Windows\System\bDiHAma.exe
  C:\Windows\System\bDiHAma.exe
  2⤵
  PID:9408
- C:\Windows\System\YOvXQxS.exe
  C:\Windows\System\YOvXQxS.exe
  2⤵
  PID:9424
- C:\Windows\System\xWbWFxX.exe
  C:\Windows\System\xWbWFxX.exe
  2⤵
  PID:9440
- C:\Windows\System\amHVaJC.exe
  C:\Windows\System\amHVaJC.exe
  2⤵
  PID:9456
- C:\Windows\System\yJIcYke.exe
  C:\Windows\System\yJIcYke.exe
  2⤵
  PID:9472
- C:\Windows\System\AtqpCab.exe
  C:\Windows\System\AtqpCab.exe
  2⤵
  PID:9488
- C:\Windows\System\oHLEFEP.exe
  C:\Windows\System\oHLEFEP.exe
  2⤵
  PID:9504
- C:\Windows\System\fgZmuvg.exe
  C:\Windows\System\fgZmuvg.exe
  2⤵
  PID:9520
- C:\Windows\System\lQOLPLh.exe
  C:\Windows\System\lQOLPLh.exe
  2⤵
  PID:9536
- C:\Windows\System\SpCGNnA.exe
  C:\Windows\System\SpCGNnA.exe
  2⤵
  PID:9552
- C:\Windows\System\RlSVAcx.exe
  C:\Windows\System\RlSVAcx.exe
  2⤵
  PID:9568
- C:\Windows\System\XIqsRri.exe
  C:\Windows\System\XIqsRri.exe
  2⤵
  PID:9584
- C:\Windows\System\woXIsZF.exe
  C:\Windows\System\woXIsZF.exe
  2⤵
  PID:9600
- C:\Windows\System\FLiOEHz.exe
  C:\Windows\System\FLiOEHz.exe
  2⤵
  PID:9616
- C:\Windows\System\fIrTsRu.exe
  C:\Windows\System\fIrTsRu.exe
  2⤵
  PID:9632
- C:\Windows\System\psoezHj.exe
  C:\Windows\System\psoezHj.exe
  2⤵
  PID:9648
- C:\Windows\System\wYLbFGY.exe
  C:\Windows\System\wYLbFGY.exe
  2⤵
  PID:9664
- C:\Windows\System\VBabttu.exe
  C:\Windows\System\VBabttu.exe
  2⤵
  PID:9680
- C:\Windows\System\fvPqUDc.exe
  C:\Windows\System\fvPqUDc.exe
  2⤵
  PID:9696
- C:\Windows\System\DWimjlL.exe
  C:\Windows\System\DWimjlL.exe
  2⤵
  PID:9712
- C:\Windows\System\CSMYwKr.exe
  C:\Windows\System\CSMYwKr.exe
  2⤵
  PID:9728
- C:\Windows\System\BlYwdXN.exe
  C:\Windows\System\BlYwdXN.exe
  2⤵
  PID:9744
- C:\Windows\System\gLLHtNr.exe
  C:\Windows\System\gLLHtNr.exe
  2⤵
  PID:9760
- C:\Windows\System\WoHDnrd.exe
  C:\Windows\System\WoHDnrd.exe
  2⤵
  PID:9776
- C:\Windows\System\szwmekG.exe
  C:\Windows\System\szwmekG.exe
  2⤵
  PID:9792
- C:\Windows\System\uzAIRcp.exe
  C:\Windows\System\uzAIRcp.exe
  2⤵
  PID:9808
- C:\Windows\System\KCvVitM.exe
  C:\Windows\System\KCvVitM.exe
  2⤵
  PID:9824
- C:\Windows\System\KwbHReg.exe
  C:\Windows\System\KwbHReg.exe
  2⤵
  PID:9840
- C:\Windows\System\AvpNKcV.exe
  C:\Windows\System\AvpNKcV.exe
  2⤵
  PID:9856
- C:\Windows\System\tKJlsQW.exe
  C:\Windows\System\tKJlsQW.exe
  2⤵
  PID:9872
- C:\Windows\System\QccNCKK.exe
  C:\Windows\System\QccNCKK.exe
  2⤵
  PID:9888
- C:\Windows\System\bJlRTsR.exe
  C:\Windows\System\bJlRTsR.exe
  2⤵
  PID:9904
- C:\Windows\System\FgWgMKm.exe
  C:\Windows\System\FgWgMKm.exe
  2⤵
  PID:9920
- C:\Windows\System\xMminlq.exe
  C:\Windows\System\xMminlq.exe
  2⤵
  PID:9936
- C:\Windows\System\GxlRblJ.exe
  C:\Windows\System\GxlRblJ.exe
  2⤵
  PID:9952
- C:\Windows\System\TKGElwX.exe
  C:\Windows\System\TKGElwX.exe
  2⤵
  PID:9968
- C:\Windows\System\QxDKESf.exe
  C:\Windows\System\QxDKESf.exe
  2⤵
  PID:9984
- C:\Windows\System\ZTXlsGO.exe
  C:\Windows\System\ZTXlsGO.exe
  2⤵
  PID:10000
- C:\Windows\System\qfymyhf.exe
  C:\Windows\System\qfymyhf.exe
  2⤵
  PID:10016
- C:\Windows\System\AyPuxoa.exe
  C:\Windows\System\AyPuxoa.exe
  2⤵
  PID:10032
- C:\Windows\System\RUunSQI.exe
  C:\Windows\System\RUunSQI.exe
  2⤵
  PID:10052
- C:\Windows\System\QxzHrxr.exe
  C:\Windows\System\QxzHrxr.exe
  2⤵
  PID:10068
- C:\Windows\System\DOZCOSQ.exe
  C:\Windows\System\DOZCOSQ.exe
  2⤵
  PID:10084
- C:\Windows\System\RITSfun.exe
  C:\Windows\System\RITSfun.exe
  2⤵
  PID:10100
- C:\Windows\System\DfxEuPu.exe
  C:\Windows\System\DfxEuPu.exe
  2⤵
  PID:10116
- C:\Windows\System\IDzDYVW.exe
  C:\Windows\System\IDzDYVW.exe
  2⤵
  PID:10132
- C:\Windows\System\OusPldu.exe
  C:\Windows\System\OusPldu.exe
  2⤵
  PID:10148
- C:\Windows\System\toPAdSj.exe
  C:\Windows\System\toPAdSj.exe
  2⤵
  PID:10164
- C:\Windows\System\hOOGAcM.exe
  C:\Windows\System\hOOGAcM.exe
  2⤵
  PID:10180
- C:\Windows\System\rcerIdO.exe
  C:\Windows\System\rcerIdO.exe
  2⤵
  PID:10196
- C:\Windows\System\NCMNDMW.exe
  C:\Windows\System\NCMNDMW.exe
  2⤵
  PID:10212
- C:\Windows\System\czkZwAg.exe
  C:\Windows\System\czkZwAg.exe
  2⤵
  PID:10228
- C:\Windows\System\xEAFEIj.exe
  C:\Windows\System\xEAFEIj.exe
  2⤵
  PID:9240
- C:\Windows\System\rkwJYtn.exe
  C:\Windows\System\rkwJYtn.exe
  2⤵
  PID:9276
- C:\Windows\System\SfZwNBX.exe
  C:\Windows\System\SfZwNBX.exe
  2⤵
  PID:9040
- C:\Windows\System\upFfsNM.exe
  C:\Windows\System\upFfsNM.exe
  2⤵
  PID:8460
- C:\Windows\System\iEupWdM.exe
  C:\Windows\System\iEupWdM.exe
  2⤵
  PID:9340
- C:\Windows\System\WDvEwQC.exe
  C:\Windows\System\WDvEwQC.exe
  2⤵
  PID:9372
- C:\Windows\System\TZauzgh.exe
  C:\Windows\System\TZauzgh.exe
  2⤵
  PID:1432
- C:\Windows\System\tNfNyYy.exe
  C:\Windows\System\tNfNyYy.exe
  2⤵
  PID:2440
- C:\Windows\System\ZrlysFh.exe
  C:\Windows\System\ZrlysFh.exe
  2⤵
  PID:9292
- C:\Windows\System\VMgtIrg.exe
  C:\Windows\System\VMgtIrg.exe
  2⤵
  PID:9496
- C:\Windows\System\DxTSdpe.exe
  C:\Windows\System\DxTSdpe.exe
  2⤵
  PID:9384
- C:\Windows\System\sYHzVwe.exe
  C:\Windows\System\sYHzVwe.exe
  2⤵
  PID:2012
- C:\Windows\System\QzBcaIz.exe
  C:\Windows\System\QzBcaIz.exe
  2⤵
  PID:9532
- C:\Windows\System\vbJFeIH.exe
  C:\Windows\System\vbJFeIH.exe
  2⤵
  PID:9564
- C:\Windows\System\kOAPZjm.exe
  C:\Windows\System\kOAPZjm.exe
  2⤵
  PID:9624
- C:\Windows\System\MCkhuEw.exe
  C:\Windows\System\MCkhuEw.exe
  2⤵
  PID:584
- C:\Windows\System\dfyyNWH.exe
  C:\Windows\System\dfyyNWH.exe
  2⤵
  PID:9612
- C:\Windows\System\HSwTSKS.exe
  C:\Windows\System\HSwTSKS.exe
  2⤵
  PID:9688
- C:\Windows\System\mSyRAaW.exe
  C:\Windows\System\mSyRAaW.exe
  2⤵
  PID:9676
- C:\Windows\System\lUWWekw.exe
  C:\Windows\System\lUWWekw.exe
  2⤵
  PID:9720
- C:\Windows\System\iSXqBZm.exe
  C:\Windows\System\iSXqBZm.exe
  2⤵
  PID:9784
- C:\Windows\System\BNeBKUv.exe
  C:\Windows\System\BNeBKUv.exe
  2⤵
  PID:9768
- C:\Windows\System\BzEuQFu.exe
  C:\Windows\System\BzEuQFu.exe
  2⤵
  PID:9852
- C:\Windows\System\EKLbMYC.exe
  C:\Windows\System\EKLbMYC.exe
  2⤵
  PID:9864
- C:\Windows\System\yFEXRQf.exe
  C:\Windows\System\yFEXRQf.exe
  2⤵
  PID:9880
- C:\Windows\System\DiKsSOy.exe
  C:\Windows\System\DiKsSOy.exe
  2⤵
  PID:9916
- C:\Windows\System\LwRmtzB.exe
  C:\Windows\System\LwRmtzB.exe
  2⤵
  PID:9896
- C:\Windows\System\RbBbNJB.exe
  C:\Windows\System\RbBbNJB.exe
  2⤵
  PID:9960
- C:\Windows\System\afabwzM.exe
  C:\Windows\System\afabwzM.exe
  2⤵
  PID:10012
- C:\Windows\System\sanDANm.exe
  C:\Windows\System\sanDANm.exe
  2⤵
  PID:9996
- C:\Windows\System\DswIoxx.exe
  C:\Windows\System\DswIoxx.exe
  2⤵
  PID:10076
- C:\Windows\System\OfVNWLD.exe
  C:\Windows\System\OfVNWLD.exe
  2⤵
  PID:10060
- C:\Windows\System\UyWKjLY.exe
  C:\Windows\System\UyWKjLY.exe
  2⤵
  PID:10096
- C:\Windows\System\NNhGEqt.exe
  C:\Windows\System\NNhGEqt.exe
  2⤵
  PID:10156
- C:\Windows\System\Uhakduk.exe
  C:\Windows\System\Uhakduk.exe
  2⤵
  PID:10208
- C:\Windows\System\gDvECEG.exe
  C:\Windows\System\gDvECEG.exe
  2⤵
  PID:2340
- C:\Windows\System\ctWWFzS.exe
  C:\Windows\System\ctWWFzS.exe
  2⤵
  PID:10224
- C:\Windows\System\AbVbzkn.exe
  C:\Windows\System\AbVbzkn.exe
  2⤵
  PID:9256
- C:\Windows\System\yPfDdCu.exe
  C:\Windows\System\yPfDdCu.exe
  2⤵
  PID:9404
- C:\Windows\System\FVQfriT.exe
  C:\Windows\System\FVQfriT.exe
  2⤵
  PID:9356
- C:\Windows\System\PXsdGmQ.exe
  C:\Windows\System\PXsdGmQ.exe
  2⤵
  PID:9468
- C:\Windows\System\jHLHgSF.exe
  C:\Windows\System\jHLHgSF.exe
  2⤵
  PID:9324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACYWBBs.exe

Filesize
6.0MB

MD5
d30fce217de59370f0a5ce9cf9df1f8a

SHA1
5dfe831f629cbbe07b8451a693611b21d7dea310

SHA256
9d9f24bc6885b273ec529506dbb11fb8265d53d5eb9e2aeee05a239254699d11

SHA512
7589c24970fb8a51aeac766e6a88ee0f4108f0c8c0ef06353b966bf456209a0d0b5a62e3a369d59e14a83bfddb820409a57e0b7b783a1422e842b34d29a824ff

Download Submit
C:\Windows\system\AmlCIJb.exe

Filesize
6.0MB

MD5
026bd259a518f09a3dfdf85f121b19a1

SHA1
55e4d5e050d98652871971948786d50321c2b0f7

SHA256
ec4aaf1b0d0eb244ad6a662ca112ce4d5357059c7978db14c250f890f91b3f94

SHA512
9cd50f8b2aacd3eec7560a1fd9b9a64b2e28c1bcbabaf88c9e30c5ecabc5d04fc6fe9aedc79660f6a4a9233b1ee2e9c3a3cfeeb9f87c71462c002b847a45d9ac

Download Submit
C:\Windows\system\BHVjKlB.exe

Filesize
6.0MB

MD5
98dae86c28848274468fa6f9ae382b99

SHA1
4cc9bf9152078bd563a47a40621a7d719f2b8b5d

SHA256
1dd573f11d5efb1bc75b37fb799e03b1a4ccb6813dfd3c26170b34219dedca8c

SHA512
72f40592aebcbf68eb0f97e2d8a9a35d33fdf64947f0861d851abd721d4f13891d2c291fd3305b2ab7667503249a0c849874bafd02beee9ac148850470bf6963

Download Submit
C:\Windows\system\CnncuIV.exe

Filesize
6.0MB

MD5
55a4e973885480476dfb1bc54a01c72c

SHA1
a2ac66c0299b4d38b2790d6a0c7e3f3bb4295b71

SHA256
b97af6354d27ace1ba6359b3afabebeb4e4883c0529d3d5d84e1af97dd317818

SHA512
8fd621b141777177c6e97de33f8e67e5dc7ecf80043f12f12dc4e9f231c125ea828f8f2fcd1b500056cc27099c1f7e2b6a0c8ebc6b90f9cd2b0e9e6da4f45a79

Download Submit
C:\Windows\system\CzskmMu.exe

Filesize
6.0MB

MD5
114b835e5eb60b706c7626b5c441e121

SHA1
0958f8d18a03ea8b5f46ebc69da374813d4a7040

SHA256
ec51c70547679dbfd0ac9078a80e6868d7dccb0773b992f906294925c38260c0

SHA512
0008bccfcfc8e84caaeb8fa80d27351d440c3c0377d0a01e52c01a109f52c0e4c3ff253400dac50402bff9f10f055c32ecc4ebf1c588868fbe733bf23d8d35b3

Download Submit
C:\Windows\system\IFVsvef.exe

Filesize
6.0MB

MD5
4ca70116f3e8b0381677958ed8247a57

SHA1
11a30db9226a48981ca057e0d497ef56bd23a30b

SHA256
67132f9e6854677abd1c102688aef368bb8da8210bed4a42e8aeac1f1695c81e

SHA512
65d436c2b0f619b22ae9ebc6f27c75c91c7e72cfce42a580b76b7d47239946eeeb0a52dde819a56a28ff9ef85ac1ba67a551dfbca87312af1c3bd60fbb623a39

Download Submit
C:\Windows\system\IihiFMn.exe

Filesize
6.0MB

MD5
4caadb5021e19d269eb868df71d712a3

SHA1
10ac220c06945f4e295bc0108e19ae858bf6a9c6

SHA256
51a72d35c49c03fa9ad828030e7d5d5698e1a03ac10635ebea02061dbd34d7d3

SHA512
9337f317f44094dda86a46c9b4dc9f319a5fb142944d612964027bf49049f198600211eb1da2e74ebca55f319318475760cb2a70b5d31e11af6d3e4f056e50e6

Download Submit
C:\Windows\system\MSrDjAI.exe

Filesize
6.0MB

MD5
50750e767e4b94effd1880367c9e2dc5

SHA1
c345818bbbf0152b5e037f6dea79cc410519d5de

SHA256
98ea82342699a19d56704d0ce0d3039f30eb988f1bf292631db036b59afbc56a

SHA512
06a6ffb0c23b325fcd0622b36163a77ce9026a0beb2070110842cc00df4857524f19824f1f4a58da03cae591948776763a3b2a6c7511686de06cc963e2225ee6

Download Submit
C:\Windows\system\NmfAATI.exe

Filesize
6.0MB

MD5
643b766f701b8913eb515fd63da1e0b8

SHA1
6356dd00cf4867908c4111a85e832e64eb54cd13

SHA256
b36ecf9912b30e6afc3968a90c7c05068e5303adb01c18a1bad75b1d5dbc6034

SHA512
267693b8e4d8dff59c8b0ce30ca2eed2a0aaf8e98301a4c91adb507ba652fc705e42c5d0e90853f1282433fa2f10a55767ebf241ff82d5d20e0c10cb436e4eda

Download Submit
C:\Windows\system\OCxRnUI.exe

Filesize
6.0MB

MD5
8c8734c9ceee530b3c068339477208d4

SHA1
46f955aad5849bf206f7925aed043be31d9b41dc

SHA256
536667dad6610e4ad34f411dfd1be84fbff6d8f1a489b2eae184ba0672fc9f88

SHA512
8a541bc3d66cef875972a0d52bd815203b8b2a268155c8bea31f75194f29e6a84f3a118fdb2dab2a83f044056c4a23b55e6a3cdcd70e07883e536d2b6340bc07

Download Submit
C:\Windows\system\PJnPvhk.exe

Filesize
6.0MB

MD5
b899027b292953b6e75b8fd773e431e8

SHA1
3013780cd448e94b369bd3ba541a089c18fc1658

SHA256
45cdc801aa8b385cee01cb0aab5e2e67731f072c2df09d0ffbb990cdb53d927e

SHA512
e38facf37182b5507bca437dabd63aa7f02df5f521e8060e8ddb261823d8109ffc1e5a4f58cff6c88aee3376cb7ceccc68a47cb404697b23ddd8d51d7e6a2d51

Download Submit
C:\Windows\system\PMiuZOM.exe

Filesize
6.0MB

MD5
5016ad926646bbf026c8912fc8617d45

SHA1
4661c36f5405c60571d0b1a4ee187b18046dd472

SHA256
2fec3b96f5641b8109c14d8804bd3c4c26b7d8d2a5a94358f91cd06c83bf084f

SHA512
cbfe87774e68b59974a8bf9872bb82179e5aabd28c6516670ab83b356a8e3c4095d3548415f8259f31f95412407deead1913b5626d7caef8639b11290e66a0cf

Download Submit
C:\Windows\system\RJvKiEL.exe

Filesize
6.0MB

MD5
e476067d06a0f7a44b2e838c6b0dfc0b

SHA1
a8bc76179b9b213d3836e0111c46aa042d52e5f9

SHA256
c31c3d902bfec69251813c0b114b0e1bdbca33d31d040cd23e17028ecf6ed802

SHA512
36410161103f1cd1b98363a4fdee347581978a03394bd980c3ea6513e0dc205dcc75ceb79ca049f746616c2d9eff9ba2082ce905d70e639e87119c13bc956cc1

Download Submit
C:\Windows\system\RVPlwvs.exe

Filesize
6.0MB

MD5
6a634fe3863c6638a1929d85c1b28e94

SHA1
0072c723aea862005dc6f56a5b6d535a657d2ad1

SHA256
d296b869f6ce6ce0aae547048b47a9ba096247c8aad4ed0ecdc7b0926af0ec21

SHA512
5526f2d1f07737a56a6c258e7c50fc1e913f9d93e59bbfa6e3fb779e9bc756befb784102975f82cddf95ab0777261e3d8bd9330dc3783a95ca39250d17b849d7

Download Submit
C:\Windows\system\SlmdOeY.exe

Filesize
6.0MB

MD5
c19b03d675c42fa3a3019bdaef8a349d

SHA1
7d8aa6817031a5b5a08155f1fef07a6ea8c0c877

SHA256
74bc156c94e12c3240ef55df27cabd40fc7cdb3a97d5f44f8710fc37941dc222

SHA512
885003b5f130c4d54bed71ba5619b7cb82f5569516afcdad42615245db76d6b057f47366e2b200aa220963de06001365d792235a5eddca244174f7167f0cea8a

Download Submit
C:\Windows\system\UDyvBil.exe

Filesize
6.0MB

MD5
fa2a6b90a79393f22149f394e803fb98

SHA1
2eef090e7e93ae3b46d9b473bd1086f3099faa65

SHA256
3f54f0e3a34af411088141d0dc89b17594845076f8d139b7762a8d43a562f24a

SHA512
b62b25dc57a3dd07c549e64e079dc7ee4559e2cadd4e26d04b20f68d86ed7a7e0797f4bafe28ec2019dabcc2dc914d81c59a7454fb01d6547495f24b26f1c4e9

Download Submit
C:\Windows\system\VnIrPHF.exe

Filesize
6.0MB

MD5
1202b8f0d88a91b84cb82680aed2f2fb

SHA1
eb9eab09e8e62957cea5e8712d27c67bc5761d7c

SHA256
f8f8975b6f86feb9d6afe1ccd8c164494de132e3380f03054a17cb688e53ffca

SHA512
55132c683ec7c026b309382c324382880dd73599c2dac359d8068179ee7e4bffd7dc83752d71e1a011972de68768e33240f110c60861d7970a0c76df1e8c2e17

Download Submit
C:\Windows\system\WOUlXHf.exe

Filesize
6.0MB

MD5
22e1ed8c4071f2f597bd9a46c6bde0cb

SHA1
07fa9c1c177cdb40a9f2f90f8f3ef5b3601d33ab

SHA256
52b47cd9be260382c4b7ad3a67538940e8bf7d16705724881efccfb4e7a85271

SHA512
b441169656da011b9044647b93c631aa8c665aed87b245fb00d99102586f7ce035a09b50a46a0e952e63860dd72926acaa7cbfc3b9e17e87a56937bbc64ddd3b

Download Submit
C:\Windows\system\WParECq.exe

Filesize
6.0MB

MD5
8dd7035ed7aac72aa66775ed3a8e6d34

SHA1
0edca86918ca5d6a8114578aad106e9e601fc13f

SHA256
998fd7f2dad6e084da9b135e20560c7e198b923dccac3a56e44139cb9be17b64

SHA512
8dde4fa6375baf9444e3cd00f212def9bba98fbd8e5f44a3d64d7ecb9947d98bb0b27792b7647782579cb274c3e3f0c445716fcff44a0889e21831e6009c3bad

Download Submit
C:\Windows\system\WZSNcMt.exe

Filesize
6.0MB

MD5
6fa2089ffc57eda120da1c4a773fc762

SHA1
8ea48dd5fb17a93ad1da7477f916ac052d6f8253

SHA256
79f0642e3329f69c6add8225d79797aab8c4f2e23f31bb3c16d348995a1bb593

SHA512
e0e5a80b4c1dbae2cd7da04e6d5668feffa19beb24779afdd3226e79bd153dd9ce66732c776fcbb06a9fd289b9050e1fe58d3c2c6efca040ce1d41d8020fc1c3

Download Submit
C:\Windows\system\alPEbLp.exe

Filesize
6.0MB

MD5
abde1ef23c6696e945d8c62ecc7c4650

SHA1
75d474f9a18bb5c48beb1c2fc773e171689d71a2

SHA256
7f41a9a0c50aecca3c2c93d2701f20146a505f44e0f464d4150a32ea6b997bce

SHA512
4a1ba3fe8bb308376d13ffce7ba1a654405a48e482b9f5cdd7cb7cb05ac78cb4d78b933f98d241ecfadcbbd88c223cc571248471cca476af3306bcbb39fb8a19

Download Submit
C:\Windows\system\hqbOLgk.exe

Filesize
6.0MB

MD5
70e574988aa163e7a289093357416478

SHA1
fc4f9589b7a6604ebddee13f70723bd9b08e9d84

SHA256
3d724242e8316361a3b6bf4987c8a76df1bca6351f8afcf91db84f6feea22bba

SHA512
d25a58636471655d1ce41ff2af40e8c467de55845acb988d7541e66a3180d55fa14ae5523fa1fe90e755eb6837eb8351ef673f4b9d6c46c0120b06ff00eb550b

Download Submit
C:\Windows\system\kahWRqS.exe

Filesize
6.0MB

MD5
f1a67e51aeb5c03539c0fb7c7334b2aa

SHA1
3f24524d0dee0d1fd1b1cab9cc76438a7b2f67c1

SHA256
5e64dc626cf1371d727c1954e3f811c53bab33bc0a499a8b48a8737e60a1f232

SHA512
c17912a107ec08be092a48fae7d5c4190c23b3613eac37b7ce3f9355d7822f20ba83c3eb4ecc83572ca82b6a8ddcdf0d05c031f34033834af3d85bd8fb3e0af0

Download Submit
C:\Windows\system\maoTYeH.exe

Filesize
6.0MB

MD5
c4414afcb4978708425047da23dccc41

SHA1
f4674b17be9e554a2995cf679ea95fae924a8c44

SHA256
6774a4932609e03a93daa4cd2de9acbe3c24fa12b4a9ee17fa0c257577a64d1d

SHA512
589be2b8d4d08c58076f3aef12f6716e9f88bfcf9249934fb5c4593344e5ca5a1ec5d818b3fe12ddced8fa3ca806eeaf6869e9c3463bce70d32eb94aaeb3fe05

Download Submit
C:\Windows\system\mncfJUv.exe

Filesize
6.0MB

MD5
fc68e81d969ebf42c375c6c27ce875ec

SHA1
1e6d7e1eab345e856057c75c6fb8170c2b070fca

SHA256
2754c4c77e676e4e5fafb8e39eebafd716e52fee46c662fa3d382cef9460fd5a

SHA512
e61d3249b15d15868dd9ac2ca171bafcf29f8b7409febdcbc1970965c49ddfbeaff9d46a9d02ba26413e636a13392531045c37db5afaf88d502269795951d4e3

Download Submit
C:\Windows\system\oMBtDax.exe

Filesize
6.0MB

MD5
2f1160ff232d6be330cca86331003fe1

SHA1
77667bb865756c069aac1a01d5562eabc43e4b00

SHA256
ef7074c8d1d9c928994278a4b0d7b64134d3ce542d754b1922fda7c8ff7eb3e0

SHA512
ef5cecb38510f8dfa90bf683e309513a4c79c99f69b7fbbd8058dd98098617e4539b6dae18124fa5f5ef6a5ea3668fef3ff8fcdbab82c7e9023b30b53d7c50f2

Download Submit
C:\Windows\system\racOHGp.exe

Filesize
6.0MB

MD5
1d57d5003a597415ee289533fa3c6d5d

SHA1
e0db8bc2e2cbd7dc5d1220827d6e5e3dfb9e979c

SHA256
0a8517c419d1c4e5305ac1afa0eec192a7e9dbb437334db8ab3eee33de331bef

SHA512
af5b61591379dc95f2b4e68b4303b3732588b5d7cae45e5c258c4372bb84b0f4bb02e1e6f0405ca7ba8919b11f7dc40a8cf5f071ef8b9a82aed4e76504096b4c

Download Submit
C:\Windows\system\sYCAXFA.exe

Filesize
6.0MB

MD5
978f81c56b90568703b7d62068bd9bd2

SHA1
f3d46acf74c124d16c3728a5318598fc31aac6b7

SHA256
f751e250df626f26eac6fce3c7e3c2c8fb0900e417f77f0ccffea1c6356078b8

SHA512
5942421223c8bdf111e22db78790c4ea73014fff4b421f52e9b40e7ad37cf1cda6ddf628d89777405e9d1134a07db5f100d7172c3b74f62a7a928c5adc56c6a6

Download Submit
C:\Windows\system\tQToLOn.exe

Filesize
6.0MB

MD5
e37b81eb2d443d9513a16a0230eec60a

SHA1
02c69a2d65371b0269e8f1ab8b897a1921253d71

SHA256
b0a5b487cc6e8e127bd6614bb3c8e8cf46b8af45f592d1506f4664a0a693262d

SHA512
c4d5f8e47a0f61ee0b31832546945dfd8ecfa7bd30e0bdc0a3ec993ff83cd01a8fd85b1e3f03dc6ecf5bbb5933256163cf4083f6948e39524238dd3e1830bcfd

Download Submit
C:\Windows\system\ujEShUi.exe

Filesize
6.0MB

MD5
5756f8c0129cfed29c7706f31da5e4d8

SHA1
5aa7e56f033c5989f60712392a6108b0ed555561

SHA256
1a43650fc63d640110895748f0265b587f6f90ffef566a34ad31c07860dd026c

SHA512
e20e43a40a4768da8635f141314f9f6be1027bbe398da1102e4c9f374c1cade71d917226085f1cdca049c97a6550ee438639dfa57d4b6d18d7015fccb54d169b

Download Submit
\Windows\system\eHIvWeU.exe

Filesize
6.0MB

MD5
81d49495644c976ddc8483c272810f4d

SHA1
2f3cc460edc1ccf1f4ecebd8d3f00ade37f621aa

SHA256
f1615f5624a4590abf9becb3ef631cad45c0169f9b3664413ce060356338e69b

SHA512
4c696a02774a2c9b0508c63a8e2132c140df6230ed74e2b731edcb249e2fc620d490cb443dff74b34b9510399b8c25c8a0546f2ca67a2ba23f806049a353847b

Download Submit
\Windows\system\wMgachz.exe

Filesize
6.0MB

MD5
f11539046aa5b22561be105f4b0e4be9

SHA1
70bd0da5ce7c190014982bc55b7c8be1f407ae8a

SHA256
7d491733dad4ec0fba5f64efc02e894bb798a3d0e25e3e3aff976a518ff4e2a7

SHA512
8fe70e560840a8f0b785ec5ceff07b7a7e96c4c50d0585edfa6eb9ee463e8db7da837115df00c054c29a271fce6fb99958d9a48211b52f1b68d9071d4bf2dfcf

Download Submit
memory/876-90-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/876-4035-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/1952-3449-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1952-27-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-91-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-35-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-3451-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-12-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-94-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2284-4036-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2344-71-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2344-3393-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2368-33-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3447-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2396-40-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2396-97-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-57-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2396-346-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2396-586-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2396-587-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-88-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-87-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-86-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2396-821-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-26-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-65-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2396-32-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2396-6-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-0-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2396-72-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2396-463-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2396-398-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-47-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2588-4033-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-89-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-29-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2836-41-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2836-93-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2836-4034-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3453-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2868-73-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2868-464-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2972-48-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-64-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-3448-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-3450-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/3052-63-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download