cobaltstrike | 69507f23dd16a881e5e0f200d63a083818dd1a3d428d7f29219ce7d12f5c1711

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

608cd7186044de54e708febf59980e40
SHA1

4e9b49114155745f523dc3c0cd0f966d3b6d4246
SHA256

69507f23dd16a881e5e0f200d63a083818dd1a3d428d7f29219ce7d12f5c1711
SHA512

5ecf7202893c67c704150e85e89f3c941bb1b97d7638e855835d526fa0c49e9f130dd5941d94362d28a6ba0d94150bb3b06b84b96659cc487e1263e997ba46b8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120f1-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d89-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fdf-15.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000171a8-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017492-30.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186e4-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d68-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-75.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018676-51.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174cc-38.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173a9-22.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/768-0-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x00090000000120f1-6.dat	xmrig
behavioral1/files/0x0009000000016d89-8.dat	xmrig
behavioral1/files/0x0008000000016fdf-15.dat	xmrig
behavioral1/files/0x00080000000171a8-16.dat	xmrig
behavioral1/memory/2396-21-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x0007000000017492-30.dat	xmrig
behavioral1/memory/2016-28-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2704-48-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x00080000000186e4-46.dat	xmrig
behavioral1/memory/2756-54-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2772-64-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2684-78-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d68-81.dat	xmrig
behavioral1/files/0x0005000000019441-138.dat	xmrig
behavioral1/memory/768-1100-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961b-192.dat	xmrig
behavioral1/files/0x0005000000019617-178.dat	xmrig
behavioral1/files/0x0005000000019613-173.dat	xmrig
behavioral1/files/0x000500000001960f-170.dat	xmrig
behavioral1/files/0x0005000000019619-185.dat	xmrig
behavioral1/files/0x0005000000019615-177.dat	xmrig
behavioral1/files/0x000500000001960b-161.dat	xmrig
behavioral1/files/0x00050000000195c5-157.dat	xmrig
behavioral1/files/0x0005000000019461-156.dat	xmrig
behavioral1/files/0x0005000000019427-129.dat	xmrig
behavioral1/files/0x0005000000019611-165.dat	xmrig
behavioral1/files/0x000500000001960d-152.dat	xmrig
behavioral1/memory/2616-111-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2984-101-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193e1-97.dat	xmrig
behavioral1/files/0x0005000000019609-148.dat	xmrig
behavioral1/files/0x0005000000019582-133.dat	xmrig
behavioral1/files/0x000500000001944f-123.dat	xmrig
behavioral1/files/0x0005000000019431-114.dat	xmrig
behavioral1/files/0x000500000001941e-106.dat	xmrig
behavioral1/memory/1928-85-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2396-93-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/836-92-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/768-91-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c2-88.dat	xmrig
behavioral1/memory/2616-70-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x0005000000019350-68.dat	xmrig
behavioral1/files/0x00050000000193b4-75.dat	xmrig
behavioral1/memory/768-62-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2736-61-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2940-57-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/768-56-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2912-55-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x000e000000018676-51.dat	xmrig
behavioral1/memory/768-45-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/1296-41-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x00070000000174cc-38.dat	xmrig
behavioral1/files/0x00080000000173a9-22.dat	xmrig
behavioral1/memory/2940-3625-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2704-3618-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2016-3610-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2912-3609-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2756-3631-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2616-3688-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2736-3714-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2396-3712-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/1928-3702-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/1296-3685-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2396	gAAyonN.exe
2016	kILHKtl.exe
1296	OVxvMRI.exe
2704	cOxeZYc.exe
2756	hgurllf.exe
2912	kYoKWVq.exe
2736	aaKQUIe.exe
2940	werApKu.exe
2772	rVeoutG.exe
2616	YvbStOJ.exe
2684	ozzfqiG.exe
1928	HqWifqr.exe
836	ZwnubVP.exe
2984	vdFHhmE.exe
3008	bOCURsh.exe
3012	mCtTWjB.exe
1904	MWPCRzx.exe
1864	AeLEmbg.exe
1700	NuYkQxT.exe
2600	LtYWEiJ.exe
264	ndhKDDw.exe
2076	pHjiRIS.exe
1988	xVXNxSL.exe
1964	IXYGZUP.exe
928	PyuRIgs.exe
1856	lNVspSf.exe
796	omtTFYD.exe
3064	oEEKaRa.exe
2072	yezRqnF.exe
2028	tVEDaYs.exe
1516	TAbehuA.exe
1752	XSuusfN.exe
1144	JmnJbVG.exe
1812	qjmXXlw.exe
1364	poFGWfU.exe
760	OsWPxtl.exe
908	RhYcKBd.exe
2448	lZNhxpU.exe
2196	QYIXAII.exe
1184	dJsYchC.exe
1716	XEIjnGL.exe
2548	zHdhHnX.exe
2484	StRZASY.exe
1816	OkkcAux.exe
2536	ItsOHMf.exe
2124	ZfaSutN.exe
2856	iVdPNFk.exe
1740	ypcNSEi.exe
1984	BrwiTwY.exe
2280	GuAaAqz.exe
1748	oHAUIZV.exe
1552	ZtaWJwD.exe
1788	IuuZCQK.exe
1304	etnrHXb.exe
1272	WhMkoDA.exe
2260	nrNgbVa.exe
2936	ruywddN.exe
3040	RNLTsGB.exe
2648	rHugEyO.exe
2780	VTDwsQn.exe
2672	GJBOPcG.exe
2376	cpEikQr.exe
1976	pXfcGEs.exe
2980	EueYpqf.exe

Loads dropped DLL 64 IoCs

pid	Process
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/768-0-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x00090000000120f1-6.dat	upx
behavioral1/files/0x0009000000016d89-8.dat	upx
behavioral1/files/0x0008000000016fdf-15.dat	upx
behavioral1/files/0x00080000000171a8-16.dat	upx
behavioral1/memory/2396-21-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x0007000000017492-30.dat	upx
behavioral1/memory/2016-28-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2704-48-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x00080000000186e4-46.dat	upx
behavioral1/memory/2756-54-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2772-64-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2684-78-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0008000000016d68-81.dat	upx
behavioral1/files/0x0005000000019441-138.dat	upx
behavioral1/files/0x000500000001961b-192.dat	upx
behavioral1/files/0x0005000000019617-178.dat	upx
behavioral1/files/0x0005000000019613-173.dat	upx
behavioral1/files/0x000500000001960f-170.dat	upx
behavioral1/files/0x0005000000019619-185.dat	upx
behavioral1/files/0x0005000000019615-177.dat	upx
behavioral1/files/0x000500000001960b-161.dat	upx
behavioral1/files/0x00050000000195c5-157.dat	upx
behavioral1/files/0x0005000000019461-156.dat	upx
behavioral1/files/0x0005000000019427-129.dat	upx
behavioral1/files/0x0005000000019611-165.dat	upx
behavioral1/files/0x000500000001960d-152.dat	upx
behavioral1/memory/2616-111-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2984-101-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x00050000000193e1-97.dat	upx
behavioral1/files/0x0005000000019609-148.dat	upx
behavioral1/files/0x0005000000019582-133.dat	upx
behavioral1/files/0x000500000001944f-123.dat	upx
behavioral1/files/0x0005000000019431-114.dat	upx
behavioral1/files/0x000500000001941e-106.dat	upx
behavioral1/memory/1928-85-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2396-93-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/836-92-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/768-91-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x00050000000193c2-88.dat	upx
behavioral1/memory/2616-70-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x0005000000019350-68.dat	upx
behavioral1/files/0x00050000000193b4-75.dat	upx
behavioral1/memory/2736-61-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2940-57-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2912-55-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x000e000000018676-51.dat	upx
behavioral1/memory/1296-41-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x00070000000174cc-38.dat	upx
behavioral1/files/0x00080000000173a9-22.dat	upx
behavioral1/memory/2940-3625-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2704-3618-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2016-3610-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2912-3609-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2756-3631-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2616-3688-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2736-3714-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2396-3712-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/1928-3702-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/1296-3685-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/836-3756-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2684-3744-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2772-3730-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2984-3847-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qSNigyF.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGRoppb.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KoKBAbc.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuiToem.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItsOHMf.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tcauDat.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OENmVVb.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzHLijV.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GThsYgk.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDDPecc.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JeMvtiw.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SeljLEz.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEEKaRa.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yDhNCHw.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtXJZcL.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jImMxDy.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnFGgFE.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEJQMnt.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDFVMBk.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yEMJadK.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdCqmMk.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rWFFIAG.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTMPawe.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JceIBnn.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NbvrXgd.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUFHVLX.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UBpmZNZ.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eysmpcd.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxeaExo.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTVUqZa.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GDjbbhl.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlSrKZm.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJwnMal.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmafgGS.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYFPtSP.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGJDkUt.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsgykgb.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JmmUuTn.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKTVlGN.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYNkCdT.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxSuEXF.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltpVKjN.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtAGYrG.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efydJeV.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HtxlyfQ.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JKxssIj.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNLTsGB.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMeiAul.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AysbpRy.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJwkyTU.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aEbpGYZ.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzzqkvi.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhGiMgF.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KpsFwWX.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MwpGOrg.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kDfkMny.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJlhaiD.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnqTUju.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvQZrhn.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHElXzh.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZISEhN.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\McQQpTr.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUcrIDD.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhGjuJT.exe	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 2396	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 768 wrote to memory of 2396	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 768 wrote to memory of 2396	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 768 wrote to memory of 2016	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 768 wrote to memory of 2016	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 768 wrote to memory of 2016	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 768 wrote to memory of 1296	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 768 wrote to memory of 1296	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 768 wrote to memory of 1296	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 768 wrote to memory of 2704	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 768 wrote to memory of 2704	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 768 wrote to memory of 2704	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 768 wrote to memory of 2756	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 768 wrote to memory of 2756	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 768 wrote to memory of 2756	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 768 wrote to memory of 2912	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 768 wrote to memory of 2912	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 768 wrote to memory of 2912	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 768 wrote to memory of 2736	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 768 wrote to memory of 2736	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 768 wrote to memory of 2736	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 768 wrote to memory of 2940	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 768 wrote to memory of 2940	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 768 wrote to memory of 2940	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 768 wrote to memory of 2772	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 768 wrote to memory of 2772	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 768 wrote to memory of 2772	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 768 wrote to memory of 2616	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 768 wrote to memory of 2616	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 768 wrote to memory of 2616	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 768 wrote to memory of 2684	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 768 wrote to memory of 2684	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 768 wrote to memory of 2684	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 768 wrote to memory of 1928	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 768 wrote to memory of 1928	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 768 wrote to memory of 1928	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 768 wrote to memory of 836	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 768 wrote to memory of 836	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 768 wrote to memory of 836	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 768 wrote to memory of 2984	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 768 wrote to memory of 2984	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 768 wrote to memory of 2984	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 768 wrote to memory of 3008	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 768 wrote to memory of 3008	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 768 wrote to memory of 3008	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 768 wrote to memory of 1864	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 768 wrote to memory of 1864	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 768 wrote to memory of 1864	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 768 wrote to memory of 3012	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 768 wrote to memory of 3012	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 768 wrote to memory of 3012	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 768 wrote to memory of 2600	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 768 wrote to memory of 2600	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 768 wrote to memory of 2600	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 768 wrote to memory of 1904	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 768 wrote to memory of 1904	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 768 wrote to memory of 1904	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 768 wrote to memory of 1988	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 768 wrote to memory of 1988	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 768 wrote to memory of 1988	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 768 wrote to memory of 1700	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 768 wrote to memory of 1700	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 768 wrote to memory of 1700	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 768 wrote to memory of 1964	768	2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_608cd7186044de54e708febf59980e40_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:768
- C:\Windows\System\gAAyonN.exe
  C:\Windows\System\gAAyonN.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\kILHKtl.exe
  C:\Windows\System\kILHKtl.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\OVxvMRI.exe
  C:\Windows\System\OVxvMRI.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\cOxeZYc.exe
  C:\Windows\System\cOxeZYc.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\hgurllf.exe
  C:\Windows\System\hgurllf.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\kYoKWVq.exe
  C:\Windows\System\kYoKWVq.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\aaKQUIe.exe
  C:\Windows\System\aaKQUIe.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\werApKu.exe
  C:\Windows\System\werApKu.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\rVeoutG.exe
  C:\Windows\System\rVeoutG.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\YvbStOJ.exe
  C:\Windows\System\YvbStOJ.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ozzfqiG.exe
  C:\Windows\System\ozzfqiG.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\HqWifqr.exe
  C:\Windows\System\HqWifqr.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\ZwnubVP.exe
  C:\Windows\System\ZwnubVP.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\vdFHhmE.exe
  C:\Windows\System\vdFHhmE.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\bOCURsh.exe
  C:\Windows\System\bOCURsh.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\AeLEmbg.exe
  C:\Windows\System\AeLEmbg.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\mCtTWjB.exe
  C:\Windows\System\mCtTWjB.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\LtYWEiJ.exe
  C:\Windows\System\LtYWEiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\MWPCRzx.exe
  C:\Windows\System\MWPCRzx.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\xVXNxSL.exe
  C:\Windows\System\xVXNxSL.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\NuYkQxT.exe
  C:\Windows\System\NuYkQxT.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\IXYGZUP.exe
  C:\Windows\System\IXYGZUP.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\ndhKDDw.exe
  C:\Windows\System\ndhKDDw.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\PyuRIgs.exe
  C:\Windows\System\PyuRIgs.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\pHjiRIS.exe
  C:\Windows\System\pHjiRIS.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\omtTFYD.exe
  C:\Windows\System\omtTFYD.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\lNVspSf.exe
  C:\Windows\System\lNVspSf.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\oEEKaRa.exe
  C:\Windows\System\oEEKaRa.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\yezRqnF.exe
  C:\Windows\System\yezRqnF.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\TAbehuA.exe
  C:\Windows\System\TAbehuA.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\tVEDaYs.exe
  C:\Windows\System\tVEDaYs.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\XSuusfN.exe
  C:\Windows\System\XSuusfN.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\JmnJbVG.exe
  C:\Windows\System\JmnJbVG.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\qjmXXlw.exe
  C:\Windows\System\qjmXXlw.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\poFGWfU.exe
  C:\Windows\System\poFGWfU.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\dJsYchC.exe
  C:\Windows\System\dJsYchC.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\OsWPxtl.exe
  C:\Windows\System\OsWPxtl.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\XEIjnGL.exe
  C:\Windows\System\XEIjnGL.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\RhYcKBd.exe
  C:\Windows\System\RhYcKBd.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\StRZASY.exe
  C:\Windows\System\StRZASY.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\lZNhxpU.exe
  C:\Windows\System\lZNhxpU.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\OkkcAux.exe
  C:\Windows\System\OkkcAux.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\QYIXAII.exe
  C:\Windows\System\QYIXAII.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\ItsOHMf.exe
  C:\Windows\System\ItsOHMf.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\zHdhHnX.exe
  C:\Windows\System\zHdhHnX.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\ZfaSutN.exe
  C:\Windows\System\ZfaSutN.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\iVdPNFk.exe
  C:\Windows\System\iVdPNFk.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\BrwiTwY.exe
  C:\Windows\System\BrwiTwY.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\ypcNSEi.exe
  C:\Windows\System\ypcNSEi.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\oHAUIZV.exe
  C:\Windows\System\oHAUIZV.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\GuAaAqz.exe
  C:\Windows\System\GuAaAqz.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\etnrHXb.exe
  C:\Windows\System\etnrHXb.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\ZtaWJwD.exe
  C:\Windows\System\ZtaWJwD.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\WhMkoDA.exe
  C:\Windows\System\WhMkoDA.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\IuuZCQK.exe
  C:\Windows\System\IuuZCQK.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\nrNgbVa.exe
  C:\Windows\System\nrNgbVa.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\ruywddN.exe
  C:\Windows\System\ruywddN.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\RNLTsGB.exe
  C:\Windows\System\RNLTsGB.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\rHugEyO.exe
  C:\Windows\System\rHugEyO.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\VTDwsQn.exe
  C:\Windows\System\VTDwsQn.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\GJBOPcG.exe
  C:\Windows\System\GJBOPcG.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\XzvBHYf.exe
  C:\Windows\System\XzvBHYf.exe
  2⤵
  PID:1800
- C:\Windows\System\cpEikQr.exe
  C:\Windows\System\cpEikQr.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\Wxxmezb.exe
  C:\Windows\System\Wxxmezb.exe
  2⤵
  PID:844
- C:\Windows\System\pXfcGEs.exe
  C:\Windows\System\pXfcGEs.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\KIHUYAV.exe
  C:\Windows\System\KIHUYAV.exe
  2⤵
  PID:2796
- C:\Windows\System\EueYpqf.exe
  C:\Windows\System\EueYpqf.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\izVWDwH.exe
  C:\Windows\System\izVWDwH.exe
  2⤵
  PID:812
- C:\Windows\System\amjsAUY.exe
  C:\Windows\System\amjsAUY.exe
  2⤵
  PID:1068
- C:\Windows\System\JoJBMOO.exe
  C:\Windows\System\JoJBMOO.exe
  2⤵
  PID:2160
- C:\Windows\System\DmjaYUO.exe
  C:\Windows\System\DmjaYUO.exe
  2⤵
  PID:1372
- C:\Windows\System\zgMOOVJ.exe
  C:\Windows\System\zgMOOVJ.exe
  2⤵
  PID:960
- C:\Windows\System\NNiWUIl.exe
  C:\Windows\System\NNiWUIl.exe
  2⤵
  PID:1340
- C:\Windows\System\KtAGYrG.exe
  C:\Windows\System\KtAGYrG.exe
  2⤵
  PID:1480
- C:\Windows\System\YuWkelP.exe
  C:\Windows\System\YuWkelP.exe
  2⤵
  PID:1356
- C:\Windows\System\kWzduMg.exe
  C:\Windows\System\kWzduMg.exe
  2⤵
  PID:2336
- C:\Windows\System\mdlBdZl.exe
  C:\Windows\System\mdlBdZl.exe
  2⤵
  PID:2324
- C:\Windows\System\MwpGOrg.exe
  C:\Windows\System\MwpGOrg.exe
  2⤵
  PID:1704
- C:\Windows\System\jJQYXPI.exe
  C:\Windows\System\jJQYXPI.exe
  2⤵
  PID:2480
- C:\Windows\System\Huwnder.exe
  C:\Windows\System\Huwnder.exe
  2⤵
  PID:268
- C:\Windows\System\IyrtWQT.exe
  C:\Windows\System\IyrtWQT.exe
  2⤵
  PID:2712
- C:\Windows\System\DgbPYDZ.exe
  C:\Windows\System\DgbPYDZ.exe
  2⤵
  PID:2256
- C:\Windows\System\ilhdyMu.exe
  C:\Windows\System\ilhdyMu.exe
  2⤵
  PID:1696
- C:\Windows\System\WMHHzkD.exe
  C:\Windows\System\WMHHzkD.exe
  2⤵
  PID:2696
- C:\Windows\System\TenvAsu.exe
  C:\Windows\System\TenvAsu.exe
  2⤵
  PID:1312
- C:\Windows\System\iIAHZvK.exe
  C:\Windows\System\iIAHZvK.exe
  2⤵
  PID:2148
- C:\Windows\System\yDhNCHw.exe
  C:\Windows\System\yDhNCHw.exe
  2⤵
  PID:1992
- C:\Windows\System\onRGQWy.exe
  C:\Windows\System\onRGQWy.exe
  2⤵
  PID:2456
- C:\Windows\System\scyqVDN.exe
  C:\Windows\System\scyqVDN.exe
  2⤵
  PID:1692
- C:\Windows\System\FoGYDMt.exe
  C:\Windows\System\FoGYDMt.exe
  2⤵
  PID:1792
- C:\Windows\System\nEnspIB.exe
  C:\Windows\System\nEnspIB.exe
  2⤵
  PID:2888
- C:\Windows\System\XiNbMnb.exe
  C:\Windows\System\XiNbMnb.exe
  2⤵
  PID:2636
- C:\Windows\System\gzMDGIn.exe
  C:\Windows\System\gzMDGIn.exe
  2⤵
  PID:2228
- C:\Windows\System\axjrgHP.exe
  C:\Windows\System\axjrgHP.exe
  2⤵
  PID:2088
- C:\Windows\System\rEFIueF.exe
  C:\Windows\System\rEFIueF.exe
  2⤵
  PID:1496
- C:\Windows\System\yBFDUPC.exe
  C:\Windows\System\yBFDUPC.exe
  2⤵
  PID:1484
- C:\Windows\System\xVRSbqc.exe
  C:\Windows\System\xVRSbqc.exe
  2⤵
  PID:3100
- C:\Windows\System\CMiQGBF.exe
  C:\Windows\System\CMiQGBF.exe
  2⤵
  PID:3120
- C:\Windows\System\siStxZo.exe
  C:\Windows\System\siStxZo.exe
  2⤵
  PID:3136
- C:\Windows\System\XALHDyl.exe
  C:\Windows\System\XALHDyl.exe
  2⤵
  PID:3220
- C:\Windows\System\yYZWsrl.exe
  C:\Windows\System\yYZWsrl.exe
  2⤵
  PID:3240
- C:\Windows\System\wnsbTTT.exe
  C:\Windows\System\wnsbTTT.exe
  2⤵
  PID:3256
- C:\Windows\System\JmmUuTn.exe
  C:\Windows\System\JmmUuTn.exe
  2⤵
  PID:3272
- C:\Windows\System\fqOfXHf.exe
  C:\Windows\System\fqOfXHf.exe
  2⤵
  PID:3288
- C:\Windows\System\pVtIGyp.exe
  C:\Windows\System\pVtIGyp.exe
  2⤵
  PID:3304
- C:\Windows\System\cITYTml.exe
  C:\Windows\System\cITYTml.exe
  2⤵
  PID:3328
- C:\Windows\System\bwoqtmw.exe
  C:\Windows\System\bwoqtmw.exe
  2⤵
  PID:3352
- C:\Windows\System\fSeTmMN.exe
  C:\Windows\System\fSeTmMN.exe
  2⤵
  PID:3376
- C:\Windows\System\BpGUHgi.exe
  C:\Windows\System\BpGUHgi.exe
  2⤵
  PID:3392
- C:\Windows\System\JXXbHoa.exe
  C:\Windows\System\JXXbHoa.exe
  2⤵
  PID:3420
- C:\Windows\System\PvPXEon.exe
  C:\Windows\System\PvPXEon.exe
  2⤵
  PID:3436
- C:\Windows\System\GxKXpuR.exe
  C:\Windows\System\GxKXpuR.exe
  2⤵
  PID:3452
- C:\Windows\System\goljksj.exe
  C:\Windows\System\goljksj.exe
  2⤵
  PID:3468
- C:\Windows\System\BSbSyvR.exe
  C:\Windows\System\BSbSyvR.exe
  2⤵
  PID:3484
- C:\Windows\System\hJKZwAh.exe
  C:\Windows\System\hJKZwAh.exe
  2⤵
  PID:3500
- C:\Windows\System\cvKtaFX.exe
  C:\Windows\System\cvKtaFX.exe
  2⤵
  PID:3520
- C:\Windows\System\azjAVOF.exe
  C:\Windows\System\azjAVOF.exe
  2⤵
  PID:3548
- C:\Windows\System\YQnIBLf.exe
  C:\Windows\System\YQnIBLf.exe
  2⤵
  PID:3568
- C:\Windows\System\CNnSwNs.exe
  C:\Windows\System\CNnSwNs.exe
  2⤵
  PID:3600
- C:\Windows\System\CUAChnl.exe
  C:\Windows\System\CUAChnl.exe
  2⤵
  PID:3624
- C:\Windows\System\NZuNhOi.exe
  C:\Windows\System\NZuNhOi.exe
  2⤵
  PID:3644
- C:\Windows\System\BYCGDaa.exe
  C:\Windows\System\BYCGDaa.exe
  2⤵
  PID:3664
- C:\Windows\System\kDfkMny.exe
  C:\Windows\System\kDfkMny.exe
  2⤵
  PID:3684
- C:\Windows\System\PBhPxMN.exe
  C:\Windows\System\PBhPxMN.exe
  2⤵
  PID:3704
- C:\Windows\System\pFGopjI.exe
  C:\Windows\System\pFGopjI.exe
  2⤵
  PID:3724
- C:\Windows\System\JJTzdvI.exe
  C:\Windows\System\JJTzdvI.exe
  2⤵
  PID:3744
- C:\Windows\System\mXkOtyQ.exe
  C:\Windows\System\mXkOtyQ.exe
  2⤵
  PID:3764
- C:\Windows\System\tJlhaiD.exe
  C:\Windows\System\tJlhaiD.exe
  2⤵
  PID:3784
- C:\Windows\System\axlAzma.exe
  C:\Windows\System\axlAzma.exe
  2⤵
  PID:3804
- C:\Windows\System\vVgjWKY.exe
  C:\Windows\System\vVgjWKY.exe
  2⤵
  PID:3824
- C:\Windows\System\FovvTVQ.exe
  C:\Windows\System\FovvTVQ.exe
  2⤵
  PID:3844
- C:\Windows\System\tNTlMFp.exe
  C:\Windows\System\tNTlMFp.exe
  2⤵
  PID:3864
- C:\Windows\System\CUgOMxn.exe
  C:\Windows\System\CUgOMxn.exe
  2⤵
  PID:3880
- C:\Windows\System\TOAoluS.exe
  C:\Windows\System\TOAoluS.exe
  2⤵
  PID:3900
- C:\Windows\System\dZBsXzq.exe
  C:\Windows\System\dZBsXzq.exe
  2⤵
  PID:3920
- C:\Windows\System\ZBskwrC.exe
  C:\Windows\System\ZBskwrC.exe
  2⤵
  PID:3944
- C:\Windows\System\jTzHtHT.exe
  C:\Windows\System\jTzHtHT.exe
  2⤵
  PID:3964
- C:\Windows\System\DqBcgbA.exe
  C:\Windows\System\DqBcgbA.exe
  2⤵
  PID:3984
- C:\Windows\System\qkMajaK.exe
  C:\Windows\System\qkMajaK.exe
  2⤵
  PID:4004
- C:\Windows\System\GUeQcxA.exe
  C:\Windows\System\GUeQcxA.exe
  2⤵
  PID:4024
- C:\Windows\System\tXCKTzF.exe
  C:\Windows\System\tXCKTzF.exe
  2⤵
  PID:4044
- C:\Windows\System\uyfgpkj.exe
  C:\Windows\System\uyfgpkj.exe
  2⤵
  PID:4064
- C:\Windows\System\ASVwEdC.exe
  C:\Windows\System\ASVwEdC.exe
  2⤵
  PID:4084
- C:\Windows\System\YXkaAoj.exe
  C:\Windows\System\YXkaAoj.exe
  2⤵
  PID:876
- C:\Windows\System\GAfeEwc.exe
  C:\Windows\System\GAfeEwc.exe
  2⤵
  PID:1052
- C:\Windows\System\qorVkBK.exe
  C:\Windows\System\qorVkBK.exe
  2⤵
  PID:1684
- C:\Windows\System\HAOGEfM.exe
  C:\Windows\System\HAOGEfM.exe
  2⤵
  PID:2276
- C:\Windows\System\YFRhIeS.exe
  C:\Windows\System\YFRhIeS.exe
  2⤵
  PID:2916
- C:\Windows\System\PGtINqE.exe
  C:\Windows\System\PGtINqE.exe
  2⤵
  PID:3108
- C:\Windows\System\hXROcfM.exe
  C:\Windows\System\hXROcfM.exe
  2⤵
  PID:1676
- C:\Windows\System\XjfMMqc.exe
  C:\Windows\System\XjfMMqc.exe
  2⤵
  PID:3144
- C:\Windows\System\swZAghm.exe
  C:\Windows\System\swZAghm.exe
  2⤵
  PID:3160
- C:\Windows\System\tArogdL.exe
  C:\Windows\System\tArogdL.exe
  2⤵
  PID:3176
- C:\Windows\System\ASSSqeg.exe
  C:\Windows\System\ASSSqeg.exe
  2⤵
  PID:3192
- C:\Windows\System\EeRnFPg.exe
  C:\Windows\System\EeRnFPg.exe
  2⤵
  PID:3208
- C:\Windows\System\DVjIgsf.exe
  C:\Windows\System\DVjIgsf.exe
  2⤵
  PID:2364
- C:\Windows\System\FUEmSMu.exe
  C:\Windows\System\FUEmSMu.exe
  2⤵
  PID:1632
- C:\Windows\System\uggfqEW.exe
  C:\Windows\System\uggfqEW.exe
  2⤵
  PID:840
- C:\Windows\System\BtcUoYC.exe
  C:\Windows\System\BtcUoYC.exe
  2⤵
  PID:3076
- C:\Windows\System\jLmIQdN.exe
  C:\Windows\System\jLmIQdN.exe
  2⤵
  PID:3092
- C:\Windows\System\OBCadka.exe
  C:\Windows\System\OBCadka.exe
  2⤵
  PID:2244
- C:\Windows\System\xYXwbXM.exe
  C:\Windows\System\xYXwbXM.exe
  2⤵
  PID:2928
- C:\Windows\System\HkuMCJy.exe
  C:\Windows\System\HkuMCJy.exe
  2⤵
  PID:3024
- C:\Windows\System\zSkSWvf.exe
  C:\Windows\System\zSkSWvf.exe
  2⤵
  PID:1256
- C:\Windows\System\lUcrIDD.exe
  C:\Windows\System\lUcrIDD.exe
  2⤵
  PID:772
- C:\Windows\System\qoeNBHP.exe
  C:\Windows\System\qoeNBHP.exe
  2⤵
  PID:2200
- C:\Windows\System\xaRCUsV.exe
  C:\Windows\System\xaRCUsV.exe
  2⤵
  PID:480
- C:\Windows\System\CMeiAul.exe
  C:\Windows\System\CMeiAul.exe
  2⤵
  PID:3248
- C:\Windows\System\SoDOCWl.exe
  C:\Windows\System\SoDOCWl.exe
  2⤵
  PID:3312
- C:\Windows\System\gsNQfRT.exe
  C:\Windows\System\gsNQfRT.exe
  2⤵
  PID:3360
- C:\Windows\System\gtoaGWZ.exe
  C:\Windows\System\gtoaGWZ.exe
  2⤵
  PID:3228
- C:\Windows\System\AdObjYH.exe
  C:\Windows\System\AdObjYH.exe
  2⤵
  PID:3268
- C:\Windows\System\iXAlkHu.exe
  C:\Windows\System\iXAlkHu.exe
  2⤵
  PID:3300
- C:\Windows\System\BRGeJXv.exe
  C:\Windows\System\BRGeJXv.exe
  2⤵
  PID:3400
- C:\Windows\System\YSiuGfw.exe
  C:\Windows\System\YSiuGfw.exe
  2⤵
  PID:3416
- C:\Windows\System\zgkxdPR.exe
  C:\Windows\System\zgkxdPR.exe
  2⤵
  PID:3476
- C:\Windows\System\KxsYQck.exe
  C:\Windows\System\KxsYQck.exe
  2⤵
  PID:3516
- C:\Windows\System\Jqyoxng.exe
  C:\Windows\System\Jqyoxng.exe
  2⤵
  PID:3532
- C:\Windows\System\LMPuYsH.exe
  C:\Windows\System\LMPuYsH.exe
  2⤵
  PID:3432
- C:\Windows\System\KYzasTC.exe
  C:\Windows\System\KYzasTC.exe
  2⤵
  PID:3492
- C:\Windows\System\FZzPfHB.exe
  C:\Windows\System\FZzPfHB.exe
  2⤵
  PID:3584
- C:\Windows\System\zCnXFXS.exe
  C:\Windows\System\zCnXFXS.exe
  2⤵
  PID:3620
- C:\Windows\System\YymXZrC.exe
  C:\Windows\System\YymXZrC.exe
  2⤵
  PID:3592
- C:\Windows\System\WZDcPry.exe
  C:\Windows\System\WZDcPry.exe
  2⤵
  PID:3632
- C:\Windows\System\ARMZMKS.exe
  C:\Windows\System\ARMZMKS.exe
  2⤵
  PID:3680
- C:\Windows\System\rcEDibf.exe
  C:\Windows\System\rcEDibf.exe
  2⤵
  PID:3676
- C:\Windows\System\oQjZcuE.exe
  C:\Windows\System\oQjZcuE.exe
  2⤵
  PID:3712
- C:\Windows\System\FCwRZYj.exe
  C:\Windows\System\FCwRZYj.exe
  2⤵
  PID:3780
- C:\Windows\System\omakfAw.exe
  C:\Windows\System\omakfAw.exe
  2⤵
  PID:3752
- C:\Windows\System\nBFRrOh.exe
  C:\Windows\System\nBFRrOh.exe
  2⤵
  PID:3800
- C:\Windows\System\lDGiYcx.exe
  C:\Windows\System\lDGiYcx.exe
  2⤵
  PID:3856
- C:\Windows\System\GmBVHXR.exe
  C:\Windows\System\GmBVHXR.exe
  2⤵
  PID:3836
- C:\Windows\System\vJQoPDg.exe
  C:\Windows\System\vJQoPDg.exe
  2⤵
  PID:3928
- C:\Windows\System\rJoSRJj.exe
  C:\Windows\System\rJoSRJj.exe
  2⤵
  PID:3876
- C:\Windows\System\BOLbdme.exe
  C:\Windows\System\BOLbdme.exe
  2⤵
  PID:3936
- C:\Windows\System\FSyPAvs.exe
  C:\Windows\System\FSyPAvs.exe
  2⤵
  PID:4012
- C:\Windows\System\kukhsJQ.exe
  C:\Windows\System\kukhsJQ.exe
  2⤵
  PID:4060
- C:\Windows\System\RSVqBfx.exe
  C:\Windows\System\RSVqBfx.exe
  2⤵
  PID:2900
- C:\Windows\System\oSxYhTJ.exe
  C:\Windows\System\oSxYhTJ.exe
  2⤵
  PID:2104
- C:\Windows\System\FnEgPHc.exe
  C:\Windows\System\FnEgPHc.exe
  2⤵
  PID:3156
- C:\Windows\System\WyymExt.exe
  C:\Windows\System\WyymExt.exe
  2⤵
  PID:3188
- C:\Windows\System\eEZrJNU.exe
  C:\Windows\System\eEZrJNU.exe
  2⤵
  PID:1444
- C:\Windows\System\KnSEBWi.exe
  C:\Windows\System\KnSEBWi.exe
  2⤵
  PID:3992
- C:\Windows\System\QonhlbA.exe
  C:\Windows\System\QonhlbA.exe
  2⤵
  PID:4040
- C:\Windows\System\MpvrGMW.exe
  C:\Windows\System\MpvrGMW.exe
  2⤵
  PID:352
- C:\Windows\System\lhnNvNt.exe
  C:\Windows\System\lhnNvNt.exe
  2⤵
  PID:1028
- C:\Windows\System\mBnSfcT.exe
  C:\Windows\System\mBnSfcT.exe
  2⤵
  PID:1100
- C:\Windows\System\zMUjoQl.exe
  C:\Windows\System\zMUjoQl.exe
  2⤵
  PID:328
- C:\Windows\System\hwgzGdx.exe
  C:\Windows\System\hwgzGdx.exe
  2⤵
  PID:3216
- C:\Windows\System\fXlwNmm.exe
  C:\Windows\System\fXlwNmm.exe
  2⤵
  PID:3236
- C:\Windows\System\eYfrHYo.exe
  C:\Windows\System\eYfrHYo.exe
  2⤵
  PID:3444
- C:\Windows\System\fslenYS.exe
  C:\Windows\System\fslenYS.exe
  2⤵
  PID:2688
- C:\Windows\System\CGIJGqW.exe
  C:\Windows\System\CGIJGqW.exe
  2⤵
  PID:3128
- C:\Windows\System\QvYVZbn.exe
  C:\Windows\System\QvYVZbn.exe
  2⤵
  PID:2512
- C:\Windows\System\DezmUCf.exe
  C:\Windows\System\DezmUCf.exe
  2⤵
  PID:3168
- C:\Windows\System\GoUTgug.exe
  C:\Windows\System\GoUTgug.exe
  2⤵
  PID:532
- C:\Windows\System\KFZVKgx.exe
  C:\Windows\System\KFZVKgx.exe
  2⤵
  PID:3528
- C:\Windows\System\ikipmnc.exe
  C:\Windows\System\ikipmnc.exe
  2⤵
  PID:3616
- C:\Windows\System\btbOSZo.exe
  C:\Windows\System\btbOSZo.exe
  2⤵
  PID:3716
- C:\Windows\System\YvnnYaP.exe
  C:\Windows\System\YvnnYaP.exe
  2⤵
  PID:3792
- C:\Windows\System\pNkLzSe.exe
  C:\Windows\System\pNkLzSe.exe
  2⤵
  PID:4116
- C:\Windows\System\rALqvRl.exe
  C:\Windows\System\rALqvRl.exe
  2⤵
  PID:4148
- C:\Windows\System\UcdbNeG.exe
  C:\Windows\System\UcdbNeG.exe
  2⤵
  PID:4164
- C:\Windows\System\AysbpRy.exe
  C:\Windows\System\AysbpRy.exe
  2⤵
  PID:4180
- C:\Windows\System\YUjFGBI.exe
  C:\Windows\System\YUjFGBI.exe
  2⤵
  PID:4196
- C:\Windows\System\FZycsfd.exe
  C:\Windows\System\FZycsfd.exe
  2⤵
  PID:4212
- C:\Windows\System\LLaxeYd.exe
  C:\Windows\System\LLaxeYd.exe
  2⤵
  PID:4228
- C:\Windows\System\vayzGAy.exe
  C:\Windows\System\vayzGAy.exe
  2⤵
  PID:4244
- C:\Windows\System\bQqtNKm.exe
  C:\Windows\System\bQqtNKm.exe
  2⤵
  PID:4264
- C:\Windows\System\dExTKse.exe
  C:\Windows\System\dExTKse.exe
  2⤵
  PID:4284
- C:\Windows\System\GQycNee.exe
  C:\Windows\System\GQycNee.exe
  2⤵
  PID:4304
- C:\Windows\System\smqSluw.exe
  C:\Windows\System\smqSluw.exe
  2⤵
  PID:4320
- C:\Windows\System\fNPjYLR.exe
  C:\Windows\System\fNPjYLR.exe
  2⤵
  PID:4340
- C:\Windows\System\SLbKIqC.exe
  C:\Windows\System\SLbKIqC.exe
  2⤵
  PID:4356
- C:\Windows\System\sCgYolA.exe
  C:\Windows\System\sCgYolA.exe
  2⤵
  PID:4380
- C:\Windows\System\oeLGXkp.exe
  C:\Windows\System\oeLGXkp.exe
  2⤵
  PID:4396
- C:\Windows\System\atxPRdd.exe
  C:\Windows\System\atxPRdd.exe
  2⤵
  PID:4416
- C:\Windows\System\SKWRXqj.exe
  C:\Windows\System\SKWRXqj.exe
  2⤵
  PID:4436
- C:\Windows\System\TcDwCmC.exe
  C:\Windows\System\TcDwCmC.exe
  2⤵
  PID:4456
- C:\Windows\System\OmaoxCx.exe
  C:\Windows\System\OmaoxCx.exe
  2⤵
  PID:4480
- C:\Windows\System\tJUIOhV.exe
  C:\Windows\System\tJUIOhV.exe
  2⤵
  PID:4732
- C:\Windows\System\slZDUok.exe
  C:\Windows\System\slZDUok.exe
  2⤵
  PID:4788
- C:\Windows\System\jfAgleA.exe
  C:\Windows\System\jfAgleA.exe
  2⤵
  PID:4812
- C:\Windows\System\dmKLkZB.exe
  C:\Windows\System\dmKLkZB.exe
  2⤵
  PID:4828
- C:\Windows\System\bvzjcib.exe
  C:\Windows\System\bvzjcib.exe
  2⤵
  PID:4852
- C:\Windows\System\DyYBIWA.exe
  C:\Windows\System\DyYBIWA.exe
  2⤵
  PID:4868
- C:\Windows\System\HOOTdRz.exe
  C:\Windows\System\HOOTdRz.exe
  2⤵
  PID:4884
- C:\Windows\System\KWSnvRw.exe
  C:\Windows\System\KWSnvRw.exe
  2⤵
  PID:4908
- C:\Windows\System\TDHgtbK.exe
  C:\Windows\System\TDHgtbK.exe
  2⤵
  PID:4928
- C:\Windows\System\NMyhOif.exe
  C:\Windows\System\NMyhOif.exe
  2⤵
  PID:4944
- C:\Windows\System\fhWGVHQ.exe
  C:\Windows\System\fhWGVHQ.exe
  2⤵
  PID:4964
- C:\Windows\System\UNNekox.exe
  C:\Windows\System\UNNekox.exe
  2⤵
  PID:4988
- C:\Windows\System\tjCmmTd.exe
  C:\Windows\System\tjCmmTd.exe
  2⤵
  PID:5004
- C:\Windows\System\OPplzBF.exe
  C:\Windows\System\OPplzBF.exe
  2⤵
  PID:5024
- C:\Windows\System\UxdpCyp.exe
  C:\Windows\System\UxdpCyp.exe
  2⤵
  PID:5044
- C:\Windows\System\VTgaszI.exe
  C:\Windows\System\VTgaszI.exe
  2⤵
  PID:5064
- C:\Windows\System\hrwaFly.exe
  C:\Windows\System\hrwaFly.exe
  2⤵
  PID:5084
- C:\Windows\System\pabjECB.exe
  C:\Windows\System\pabjECB.exe
  2⤵
  PID:5104
- C:\Windows\System\LxvYsWO.exe
  C:\Windows\System\LxvYsWO.exe
  2⤵
  PID:3980
- C:\Windows\System\VVfAOYl.exe
  C:\Windows\System\VVfAOYl.exe
  2⤵
  PID:1744
- C:\Windows\System\RksqdaW.exe
  C:\Windows\System\RksqdaW.exe
  2⤵
  PID:2308
- C:\Windows\System\oZTzfEA.exe
  C:\Windows\System\oZTzfEA.exe
  2⤵
  PID:3372
- C:\Windows\System\nZXjFPE.exe
  C:\Windows\System\nZXjFPE.exe
  2⤵
  PID:3508
- C:\Windows\System\xdPwGdc.exe
  C:\Windows\System\xdPwGdc.exe
  2⤵
  PID:2540
- C:\Windows\System\psaFqIn.exe
  C:\Windows\System\psaFqIn.exe
  2⤵
  PID:3636
- C:\Windows\System\oeNvqMW.exe
  C:\Windows\System\oeNvqMW.exe
  2⤵
  PID:3812
- C:\Windows\System\lqfFLPg.exe
  C:\Windows\System\lqfFLPg.exe
  2⤵
  PID:2184
- C:\Windows\System\zzVysNr.exe
  C:\Windows\System\zzVysNr.exe
  2⤵
  PID:2652
- C:\Windows\System\YbUZRut.exe
  C:\Windows\System\YbUZRut.exe
  2⤵
  PID:4128
- C:\Windows\System\YzsNMOc.exe
  C:\Windows\System\YzsNMOc.exe
  2⤵
  PID:4132
- C:\Windows\System\VhSAZHU.exe
  C:\Windows\System\VhSAZHU.exe
  2⤵
  PID:4016
- C:\Windows\System\yEXIpVN.exe
  C:\Windows\System\yEXIpVN.exe
  2⤵
  PID:1772
- C:\Windows\System\srnyGVB.exe
  C:\Windows\System\srnyGVB.exe
  2⤵
  PID:4236
- C:\Windows\System\PHQzexK.exe
  C:\Windows\System\PHQzexK.exe
  2⤵
  PID:3956
- C:\Windows\System\HzYdavR.exe
  C:\Windows\System\HzYdavR.exe
  2⤵
  PID:1056
- C:\Windows\System\iqmycLM.exe
  C:\Windows\System\iqmycLM.exe
  2⤵
  PID:3344
- C:\Windows\System\jCKsVAz.exe
  C:\Windows\System\jCKsVAz.exe
  2⤵
  PID:3284
- C:\Windows\System\lWkDhGB.exe
  C:\Windows\System\lWkDhGB.exe
  2⤵
  PID:3696
- C:\Windows\System\JuMkfay.exe
  C:\Windows\System\JuMkfay.exe
  2⤵
  PID:4104
- C:\Windows\System\PhGjuJT.exe
  C:\Windows\System\PhGjuJT.exe
  2⤵
  PID:4188
- C:\Windows\System\EglKjfr.exe
  C:\Windows\System\EglKjfr.exe
  2⤵
  PID:4260
- C:\Windows\System\bBuqihj.exe
  C:\Windows\System\bBuqihj.exe
  2⤵
  PID:4292
- C:\Windows\System\ZAYqXVH.exe
  C:\Windows\System\ZAYqXVH.exe
  2⤵
  PID:4328
- C:\Windows\System\NXNuFsC.exe
  C:\Windows\System\NXNuFsC.exe
  2⤵
  PID:4432
- C:\Windows\System\sKTVlGN.exe
  C:\Windows\System\sKTVlGN.exe
  2⤵
  PID:4448
- C:\Windows\System\tzrYrmf.exe
  C:\Windows\System\tzrYrmf.exe
  2⤵
  PID:4476
- C:\Windows\System\MyfGZoq.exe
  C:\Windows\System\MyfGZoq.exe
  2⤵
  PID:4496
- C:\Windows\System\jFJXzMs.exe
  C:\Windows\System\jFJXzMs.exe
  2⤵
  PID:4512
- C:\Windows\System\fBTgBXB.exe
  C:\Windows\System\fBTgBXB.exe
  2⤵
  PID:4528
- C:\Windows\System\hpSduub.exe
  C:\Windows\System\hpSduub.exe
  2⤵
  PID:4548
- C:\Windows\System\fFJGoMK.exe
  C:\Windows\System\fFJGoMK.exe
  2⤵
  PID:4572
- C:\Windows\System\vYNkCdT.exe
  C:\Windows\System\vYNkCdT.exe
  2⤵
  PID:4588
- C:\Windows\System\DZIIOaL.exe
  C:\Windows\System\DZIIOaL.exe
  2⤵
  PID:4612
- C:\Windows\System\MNSvxpJ.exe
  C:\Windows\System\MNSvxpJ.exe
  2⤵
  PID:4632
- C:\Windows\System\rogRFsL.exe
  C:\Windows\System\rogRFsL.exe
  2⤵
  PID:4748
- C:\Windows\System\sMZHCZQ.exe
  C:\Windows\System\sMZHCZQ.exe
  2⤵
  PID:4752
- C:\Windows\System\NwoEREI.exe
  C:\Windows\System\NwoEREI.exe
  2⤵
  PID:4776
- C:\Windows\System\fTVUqZa.exe
  C:\Windows\System\fTVUqZa.exe
  2⤵
  PID:4652
- C:\Windows\System\GDjbbhl.exe
  C:\Windows\System\GDjbbhl.exe
  2⤵
  PID:4672
- C:\Windows\System\WmPNhoP.exe
  C:\Windows\System\WmPNhoP.exe
  2⤵
  PID:4692
- C:\Windows\System\IXtSOos.exe
  C:\Windows\System\IXtSOos.exe
  2⤵
  PID:4864
- C:\Windows\System\UQYXXBb.exe
  C:\Windows\System\UQYXXBb.exe
  2⤵
  PID:4716
- C:\Windows\System\RotdyBX.exe
  C:\Windows\System\RotdyBX.exe
  2⤵
  PID:4972
- C:\Windows\System\DxHISjk.exe
  C:\Windows\System\DxHISjk.exe
  2⤵
  PID:4980
- C:\Windows\System\FKePzqJ.exe
  C:\Windows\System\FKePzqJ.exe
  2⤵
  PID:5052
- C:\Windows\System\NhHswoV.exe
  C:\Windows\System\NhHswoV.exe
  2⤵
  PID:5100
- C:\Windows\System\GGoPWCO.exe
  C:\Windows\System\GGoPWCO.exe
  2⤵
  PID:3544
- C:\Windows\System\RfWuDoU.exe
  C:\Windows\System\RfWuDoU.exe
  2⤵
  PID:4800
- C:\Windows\System\shjYrju.exe
  C:\Windows\System\shjYrju.exe
  2⤵
  PID:2808
- C:\Windows\System\owsHxeV.exe
  C:\Windows\System\owsHxeV.exe
  2⤵
  PID:4844
- C:\Windows\System\jDsRLWY.exe
  C:\Windows\System\jDsRLWY.exe
  2⤵
  PID:4876
- C:\Windows\System\wTMcSaY.exe
  C:\Windows\System\wTMcSaY.exe
  2⤵
  PID:4916
- C:\Windows\System\HUrrFIx.exe
  C:\Windows\System\HUrrFIx.exe
  2⤵
  PID:4952
- C:\Windows\System\MUnkLMM.exe
  C:\Windows\System\MUnkLMM.exe
  2⤵
  PID:4280
- C:\Windows\System\smdJbet.exe
  C:\Windows\System\smdJbet.exe
  2⤵
  PID:5072
- C:\Windows\System\rmjmhQa.exe
  C:\Windows\System\rmjmhQa.exe
  2⤵
  PID:3700
- C:\Windows\System\JUpsWgl.exe
  C:\Windows\System\JUpsWgl.exe
  2⤵
  PID:4112
- C:\Windows\System\WPatKkN.exe
  C:\Windows\System\WPatKkN.exe
  2⤵
  PID:4160
- C:\Windows\System\siWXLst.exe
  C:\Windows\System\siWXLst.exe
  2⤵
  PID:3316
- C:\Windows\System\LITJqIx.exe
  C:\Windows\System\LITJqIx.exe
  2⤵
  PID:3852
- C:\Windows\System\gPToOnj.exe
  C:\Windows\System\gPToOnj.exe
  2⤵
  PID:3760
- C:\Windows\System\qXuFYKI.exe
  C:\Windows\System\qXuFYKI.exe
  2⤵
  PID:3916
- C:\Windows\System\DfWrMrc.exe
  C:\Windows\System\DfWrMrc.exe
  2⤵
  PID:3184
- C:\Windows\System\iaBMGlj.exe
  C:\Windows\System\iaBMGlj.exe
  2⤵
  PID:1568
- C:\Windows\System\IOsrfOB.exe
  C:\Windows\System\IOsrfOB.exe
  2⤵
  PID:3940
- C:\Windows\System\ghLXIdH.exe
  C:\Windows\System\ghLXIdH.exe
  2⤵
  PID:4252
- C:\Windows\System\zGaGsfj.exe
  C:\Windows\System\zGaGsfj.exe
  2⤵
  PID:4372
- C:\Windows\System\ODrqupB.exe
  C:\Windows\System\ODrqupB.exe
  2⤵
  PID:4404
- C:\Windows\System\BEZfHvc.exe
  C:\Windows\System\BEZfHvc.exe
  2⤵
  PID:672
- C:\Windows\System\IUgxoCS.exe
  C:\Windows\System\IUgxoCS.exe
  2⤵
  PID:4508
- C:\Windows\System\XxgCCzo.exe
  C:\Windows\System\XxgCCzo.exe
  2⤵
  PID:4544
- C:\Windows\System\jflKKDX.exe
  C:\Windows\System\jflKKDX.exe
  2⤵
  PID:4520
- C:\Windows\System\klUhZrS.exe
  C:\Windows\System\klUhZrS.exe
  2⤵
  PID:4568
- C:\Windows\System\AmzRIXq.exe
  C:\Windows\System\AmzRIXq.exe
  2⤵
  PID:4620
- C:\Windows\System\wFkcxjt.exe
  C:\Windows\System\wFkcxjt.exe
  2⤵
  PID:4600
- C:\Windows\System\XlSrKZm.exe
  C:\Windows\System\XlSrKZm.exe
  2⤵
  PID:4820
- C:\Windows\System\MQEtUSx.exe
  C:\Windows\System\MQEtUSx.exe
  2⤵
  PID:4688
- C:\Windows\System\efydJeV.exe
  C:\Windows\System\efydJeV.exe
  2⤵
  PID:4976
- C:\Windows\System\IKEVawc.exe
  C:\Windows\System\IKEVawc.exe
  2⤵
  PID:5060
- C:\Windows\System\GRlRpVD.exe
  C:\Windows\System\GRlRpVD.exe
  2⤵
  PID:4668
- C:\Windows\System\zLLoDMt.exe
  C:\Windows\System\zLLoDMt.exe
  2⤵
  PID:4836
- C:\Windows\System\lbvkLmS.exe
  C:\Windows\System\lbvkLmS.exe
  2⤵
  PID:4240
- C:\Windows\System\jlbQIuY.exe
  C:\Windows\System\jlbQIuY.exe
  2⤵
  PID:5016
- C:\Windows\System\ujMscPw.exe
  C:\Windows\System\ujMscPw.exe
  2⤵
  PID:5080
- C:\Windows\System\quSGeGI.exe
  C:\Windows\System\quSGeGI.exe
  2⤵
  PID:4156
- C:\Windows\System\eEFvzOu.exe
  C:\Windows\System\eEFvzOu.exe
  2⤵
  PID:2552
- C:\Windows\System\hrFgBMD.exe
  C:\Windows\System\hrFgBMD.exe
  2⤵
  PID:4124
- C:\Windows\System\bNQDqWJ.exe
  C:\Windows\System\bNQDqWJ.exe
  2⤵
  PID:4076
- C:\Windows\System\NbvrXgd.exe
  C:\Windows\System\NbvrXgd.exe
  2⤵
  PID:4100
- C:\Windows\System\fJmdFbV.exe
  C:\Windows\System\fJmdFbV.exe
  2⤵
  PID:2784
- C:\Windows\System\IKijLOm.exe
  C:\Windows\System\IKijLOm.exe
  2⤵
  PID:5040
- C:\Windows\System\sPKwhAE.exe
  C:\Windows\System\sPKwhAE.exe
  2⤵
  PID:3384
- C:\Windows\System\mUchcxu.exe
  C:\Windows\System\mUchcxu.exe
  2⤵
  PID:4452
- C:\Windows\System\HOBLkqD.exe
  C:\Windows\System\HOBLkqD.exe
  2⤵
  PID:4488
- C:\Windows\System\dXVxtDs.exe
  C:\Windows\System\dXVxtDs.exe
  2⤵
  PID:4424
- C:\Windows\System\kUCMQzJ.exe
  C:\Windows\System\kUCMQzJ.exe
  2⤵
  PID:3200
- C:\Windows\System\FNBEUhl.exe
  C:\Windows\System\FNBEUhl.exe
  2⤵
  PID:4412
- C:\Windows\System\AllzPij.exe
  C:\Windows\System\AllzPij.exe
  2⤵
  PID:4540
- C:\Windows\System\eKBRHao.exe
  C:\Windows\System\eKBRHao.exe
  2⤵
  PID:4896
- C:\Windows\System\PCEWIGG.exe
  C:\Windows\System\PCEWIGG.exe
  2⤵
  PID:4604
- C:\Windows\System\XZPrRtH.exe
  C:\Windows\System\XZPrRtH.exe
  2⤵
  PID:4684
- C:\Windows\System\fTCosGR.exe
  C:\Windows\System\fTCosGR.exe
  2⤵
  PID:5128
- C:\Windows\System\bQGaugg.exe
  C:\Windows\System\bQGaugg.exe
  2⤵
  PID:5148
- C:\Windows\System\IDLiaIE.exe
  C:\Windows\System\IDLiaIE.exe
  2⤵
  PID:5168
- C:\Windows\System\JhJmBGq.exe
  C:\Windows\System\JhJmBGq.exe
  2⤵
  PID:5188
- C:\Windows\System\GlkIWwT.exe
  C:\Windows\System\GlkIWwT.exe
  2⤵
  PID:5208
- C:\Windows\System\VmBlLUg.exe
  C:\Windows\System\VmBlLUg.exe
  2⤵
  PID:5228
- C:\Windows\System\rQYlsGI.exe
  C:\Windows\System\rQYlsGI.exe
  2⤵
  PID:5248
- C:\Windows\System\RuRNXbx.exe
  C:\Windows\System\RuRNXbx.exe
  2⤵
  PID:5268
- C:\Windows\System\ddFqsrp.exe
  C:\Windows\System\ddFqsrp.exe
  2⤵
  PID:5288
- C:\Windows\System\EqsfMwy.exe
  C:\Windows\System\EqsfMwy.exe
  2⤵
  PID:5308
- C:\Windows\System\FhLtNGC.exe
  C:\Windows\System\FhLtNGC.exe
  2⤵
  PID:5328
- C:\Windows\System\MDSnCCX.exe
  C:\Windows\System\MDSnCCX.exe
  2⤵
  PID:5348
- C:\Windows\System\dkxHRan.exe
  C:\Windows\System\dkxHRan.exe
  2⤵
  PID:5368
- C:\Windows\System\PvgnkUM.exe
  C:\Windows\System\PvgnkUM.exe
  2⤵
  PID:5388
- C:\Windows\System\hgWaGdu.exe
  C:\Windows\System\hgWaGdu.exe
  2⤵
  PID:5408
- C:\Windows\System\kXyEDFg.exe
  C:\Windows\System\kXyEDFg.exe
  2⤵
  PID:5428
- C:\Windows\System\zkEQoHm.exe
  C:\Windows\System\zkEQoHm.exe
  2⤵
  PID:5448
- C:\Windows\System\wgUNmXQ.exe
  C:\Windows\System\wgUNmXQ.exe
  2⤵
  PID:5468
- C:\Windows\System\XtXJZcL.exe
  C:\Windows\System\XtXJZcL.exe
  2⤵
  PID:5488
- C:\Windows\System\QRMHnXW.exe
  C:\Windows\System\QRMHnXW.exe
  2⤵
  PID:5508
- C:\Windows\System\HdZUjDB.exe
  C:\Windows\System\HdZUjDB.exe
  2⤵
  PID:5532
- C:\Windows\System\dVYMTKp.exe
  C:\Windows\System\dVYMTKp.exe
  2⤵
  PID:5552
- C:\Windows\System\McGMBgY.exe
  C:\Windows\System\McGMBgY.exe
  2⤵
  PID:5572
- C:\Windows\System\UNCpaZX.exe
  C:\Windows\System\UNCpaZX.exe
  2⤵
  PID:5592
- C:\Windows\System\FoZAVfc.exe
  C:\Windows\System\FoZAVfc.exe
  2⤵
  PID:5612
- C:\Windows\System\redCAbv.exe
  C:\Windows\System\redCAbv.exe
  2⤵
  PID:5632
- C:\Windows\System\rhVrqDg.exe
  C:\Windows\System\rhVrqDg.exe
  2⤵
  PID:5652
- C:\Windows\System\qpTWlvD.exe
  C:\Windows\System\qpTWlvD.exe
  2⤵
  PID:5672
- C:\Windows\System\wUQbYap.exe
  C:\Windows\System\wUQbYap.exe
  2⤵
  PID:5692
- C:\Windows\System\TRTjizR.exe
  C:\Windows\System\TRTjizR.exe
  2⤵
  PID:5712
- C:\Windows\System\HtxlyfQ.exe
  C:\Windows\System\HtxlyfQ.exe
  2⤵
  PID:5732
- C:\Windows\System\CrUouXd.exe
  C:\Windows\System\CrUouXd.exe
  2⤵
  PID:5748
- C:\Windows\System\IuPXerP.exe
  C:\Windows\System\IuPXerP.exe
  2⤵
  PID:5772
- C:\Windows\System\rdVQyEV.exe
  C:\Windows\System\rdVQyEV.exe
  2⤵
  PID:5792
- C:\Windows\System\rKiVqyp.exe
  C:\Windows\System\rKiVqyp.exe
  2⤵
  PID:5812
- C:\Windows\System\CzoZtmg.exe
  C:\Windows\System\CzoZtmg.exe
  2⤵
  PID:5832
- C:\Windows\System\ZkvPqQP.exe
  C:\Windows\System\ZkvPqQP.exe
  2⤵
  PID:5852
- C:\Windows\System\kCfAAqm.exe
  C:\Windows\System\kCfAAqm.exe
  2⤵
  PID:5872
- C:\Windows\System\OyYnkYp.exe
  C:\Windows\System\OyYnkYp.exe
  2⤵
  PID:5892
- C:\Windows\System\sGCzRPN.exe
  C:\Windows\System\sGCzRPN.exe
  2⤵
  PID:5912
- C:\Windows\System\HvITzJJ.exe
  C:\Windows\System\HvITzJJ.exe
  2⤵
  PID:5932
- C:\Windows\System\DqIqujx.exe
  C:\Windows\System\DqIqujx.exe
  2⤵
  PID:5952
- C:\Windows\System\PfBDsXh.exe
  C:\Windows\System\PfBDsXh.exe
  2⤵
  PID:5972
- C:\Windows\System\inoZbCJ.exe
  C:\Windows\System\inoZbCJ.exe
  2⤵
  PID:5992
- C:\Windows\System\vzmolOf.exe
  C:\Windows\System\vzmolOf.exe
  2⤵
  PID:6012
- C:\Windows\System\FirPAqj.exe
  C:\Windows\System\FirPAqj.exe
  2⤵
  PID:6032
- C:\Windows\System\UkCCuvG.exe
  C:\Windows\System\UkCCuvG.exe
  2⤵
  PID:6052
- C:\Windows\System\laiBUdF.exe
  C:\Windows\System\laiBUdF.exe
  2⤵
  PID:6072
- C:\Windows\System\kyACpgE.exe
  C:\Windows\System\kyACpgE.exe
  2⤵
  PID:6092
- C:\Windows\System\ETOOUkk.exe
  C:\Windows\System\ETOOUkk.exe
  2⤵
  PID:6112
- C:\Windows\System\RpZklNw.exe
  C:\Windows\System\RpZklNw.exe
  2⤵
  PID:6132
- C:\Windows\System\VkaHqAb.exe
  C:\Windows\System\VkaHqAb.exe
  2⤵
  PID:4772
- C:\Windows\System\yAFtCRG.exe
  C:\Windows\System\yAFtCRG.exe
  2⤵
  PID:4704
- C:\Windows\System\JHoUXdu.exe
  C:\Windows\System\JHoUXdu.exe
  2⤵
  PID:2896
- C:\Windows\System\oOGGUPF.exe
  C:\Windows\System\oOGGUPF.exe
  2⤵
  PID:4808
- C:\Windows\System\OCKSUrv.exe
  C:\Windows\System\OCKSUrv.exe
  2⤵
  PID:3816
- C:\Windows\System\ELDzfNY.exe
  C:\Windows\System\ELDzfNY.exe
  2⤵
  PID:3912
- C:\Windows\System\FiAZoQI.exe
  C:\Windows\System\FiAZoQI.exe
  2⤵
  PID:4220
- C:\Windows\System\eGJDkUt.exe
  C:\Windows\System\eGJDkUt.exe
  2⤵
  PID:5032
- C:\Windows\System\zlmqjeZ.exe
  C:\Windows\System\zlmqjeZ.exe
  2⤵
  PID:2724
- C:\Windows\System\xbZeYjV.exe
  C:\Windows\System\xbZeYjV.exe
  2⤵
  PID:2208
- C:\Windows\System\sqioAgI.exe
  C:\Windows\System\sqioAgI.exe
  2⤵
  PID:4300
- C:\Windows\System\hxLRPqC.exe
  C:\Windows\System\hxLRPqC.exe
  2⤵
  PID:4640
- C:\Windows\System\iVQiIve.exe
  C:\Windows\System\iVQiIve.exe
  2⤵
  PID:4596
- C:\Windows\System\KEDtXFw.exe
  C:\Windows\System\KEDtXFw.exe
  2⤵
  PID:4664
- C:\Windows\System\jitvOBg.exe
  C:\Windows\System\jitvOBg.exe
  2⤵
  PID:4676
- C:\Windows\System\CPiXmEI.exe
  C:\Windows\System\CPiXmEI.exe
  2⤵
  PID:5140
- C:\Windows\System\gTlDDil.exe
  C:\Windows\System\gTlDDil.exe
  2⤵
  PID:5184
- C:\Windows\System\hPtEnHW.exe
  C:\Windows\System\hPtEnHW.exe
  2⤵
  PID:5224
- C:\Windows\System\hTXhgQY.exe
  C:\Windows\System\hTXhgQY.exe
  2⤵
  PID:5264
- C:\Windows\System\WHwcufe.exe
  C:\Windows\System\WHwcufe.exe
  2⤵
  PID:5316
- C:\Windows\System\ysyOyAc.exe
  C:\Windows\System\ysyOyAc.exe
  2⤵
  PID:5356
- C:\Windows\System\spPIBfR.exe
  C:\Windows\System\spPIBfR.exe
  2⤵
  PID:5340
- C:\Windows\System\gWkontQ.exe
  C:\Windows\System\gWkontQ.exe
  2⤵
  PID:5384
- C:\Windows\System\qWHvtNI.exe
  C:\Windows\System\qWHvtNI.exe
  2⤵
  PID:5424
- C:\Windows\System\SyZSKgO.exe
  C:\Windows\System\SyZSKgO.exe
  2⤵
  PID:5476
- C:\Windows\System\jvLfDLI.exe
  C:\Windows\System\jvLfDLI.exe
  2⤵
  PID:5496
- C:\Windows\System\IJVYnjg.exe
  C:\Windows\System\IJVYnjg.exe
  2⤵
  PID:5540
- C:\Windows\System\ktcBflF.exe
  C:\Windows\System\ktcBflF.exe
  2⤵
  PID:5544
- C:\Windows\System\VwaMEHT.exe
  C:\Windows\System\VwaMEHT.exe
  2⤵
  PID:5604
- C:\Windows\System\QYlNehX.exe
  C:\Windows\System\QYlNehX.exe
  2⤵
  PID:5628
- C:\Windows\System\uNHiNWc.exe
  C:\Windows\System\uNHiNWc.exe
  2⤵
  PID:5668
- C:\Windows\System\kedIvQI.exe
  C:\Windows\System\kedIvQI.exe
  2⤵
  PID:5708
- C:\Windows\System\NjLYcUo.exe
  C:\Windows\System\NjLYcUo.exe
  2⤵
  PID:5760
- C:\Windows\System\EBGtPfg.exe
  C:\Windows\System\EBGtPfg.exe
  2⤵
  PID:5800
- C:\Windows\System\mRocZFc.exe
  C:\Windows\System\mRocZFc.exe
  2⤵
  PID:5804
- C:\Windows\System\cCYpkaA.exe
  C:\Windows\System\cCYpkaA.exe
  2⤵
  PID:5824
- C:\Windows\System\YqUxMrE.exe
  C:\Windows\System\YqUxMrE.exe
  2⤵
  PID:5888
- C:\Windows\System\cJAoKHn.exe
  C:\Windows\System\cJAoKHn.exe
  2⤵
  PID:5928
- C:\Windows\System\lgoXRRU.exe
  C:\Windows\System\lgoXRRU.exe
  2⤵
  PID:5960
- C:\Windows\System\NePKIcd.exe
  C:\Windows\System\NePKIcd.exe
  2⤵
  PID:1996
- C:\Windows\System\PLySgfC.exe
  C:\Windows\System\PLySgfC.exe
  2⤵
  PID:5984
- C:\Windows\System\ZRjFefX.exe
  C:\Windows\System\ZRjFefX.exe
  2⤵
  PID:6044
- C:\Windows\System\wyCESLn.exe
  C:\Windows\System\wyCESLn.exe
  2⤵
  PID:6088
- C:\Windows\System\eIYiXTZ.exe
  C:\Windows\System\eIYiXTZ.exe
  2⤵
  PID:6100
- C:\Windows\System\rHaBDmG.exe
  C:\Windows\System\rHaBDmG.exe
  2⤵
  PID:6124
- C:\Windows\System\FweaZdJ.exe
  C:\Windows\System\FweaZdJ.exe
  2⤵
  PID:4768
- C:\Windows\System\GgxTOkE.exe
  C:\Windows\System\GgxTOkE.exe
  2⤵
  PID:4960
- C:\Windows\System\wDJDlsQ.exe
  C:\Windows\System\wDJDlsQ.exe
  2⤵
  PID:2356
- C:\Windows\System\bNMbnzM.exe
  C:\Windows\System\bNMbnzM.exe
  2⤵
  PID:5036
- C:\Windows\System\eUxROSc.exe
  C:\Windows\System\eUxROSc.exe
  2⤵
  PID:3976
- C:\Windows\System\IpDjepW.exe
  C:\Windows\System\IpDjepW.exe
  2⤵
  PID:4464
- C:\Windows\System\ALCQSMy.exe
  C:\Windows\System\ALCQSMy.exe
  2⤵
  PID:4560
- C:\Windows\System\GnyYBEU.exe
  C:\Windows\System\GnyYBEU.exe
  2⤵
  PID:4564
- C:\Windows\System\TfNWTXO.exe
  C:\Windows\System\TfNWTXO.exe
  2⤵
  PID:4444
- C:\Windows\System\kZYXPhj.exe
  C:\Windows\System\kZYXPhj.exe
  2⤵
  PID:5216
- C:\Windows\System\MbncliC.exe
  C:\Windows\System\MbncliC.exe
  2⤵
  PID:5244
- C:\Windows\System\LklXbPi.exe
  C:\Windows\System\LklXbPi.exe
  2⤵
  PID:5296
- C:\Windows\System\BgEDIro.exe
  C:\Windows\System\BgEDIro.exe
  2⤵
  PID:5320
- C:\Windows\System\UsZaPeM.exe
  C:\Windows\System\UsZaPeM.exe
  2⤵
  PID:5404
- C:\Windows\System\xljJKZq.exe
  C:\Windows\System\xljJKZq.exe
  2⤵
  PID:5460
- C:\Windows\System\cYafcxu.exe
  C:\Windows\System\cYafcxu.exe
  2⤵
  PID:5500
- C:\Windows\System\sQvafBj.exe
  C:\Windows\System\sQvafBj.exe
  2⤵
  PID:5564
- C:\Windows\System\CCWizmI.exe
  C:\Windows\System\CCWizmI.exe
  2⤵
  PID:5648
- C:\Windows\System\cksAHTS.exe
  C:\Windows\System\cksAHTS.exe
  2⤵
  PID:5660
- C:\Windows\System\ftskhLu.exe
  C:\Windows\System\ftskhLu.exe
  2⤵
  PID:5744
- C:\Windows\System\VBvAJOD.exe
  C:\Windows\System\VBvAJOD.exe
  2⤵
  PID:5828
- C:\Windows\System\vrfcjXd.exe
  C:\Windows\System\vrfcjXd.exe
  2⤵
  PID:5860
- C:\Windows\System\TObmEUk.exe
  C:\Windows\System\TObmEUk.exe
  2⤵
  PID:5900
- C:\Windows\System\SFfBQpD.exe
  C:\Windows\System\SFfBQpD.exe
  2⤵
  PID:5964
- C:\Windows\System\EMqjSqb.exe
  C:\Windows\System\EMqjSqb.exe
  2⤵
  PID:5988
- C:\Windows\System\ddGiffi.exe
  C:\Windows\System\ddGiffi.exe
  2⤵
  PID:6064
- C:\Windows\System\AamRAuO.exe
  C:\Windows\System\AamRAuO.exe
  2⤵
  PID:4764
- C:\Windows\System\bybcuhv.exe
  C:\Windows\System\bybcuhv.exe
  2⤵
  PID:2752
- C:\Windows\System\mPfUsZz.exe
  C:\Windows\System\mPfUsZz.exe
  2⤵
  PID:4032
- C:\Windows\System\AdGLXar.exe
  C:\Windows\System\AdGLXar.exe
  2⤵
  PID:2612
- C:\Windows\System\dLhGubw.exe
  C:\Windows\System\dLhGubw.exe
  2⤵
  PID:3412
- C:\Windows\System\iSKYxsI.exe
  C:\Windows\System\iSKYxsI.exe
  2⤵
  PID:4648
- C:\Windows\System\PYfHCiu.exe
  C:\Windows\System\PYfHCiu.exe
  2⤵
  PID:2180
- C:\Windows\System\JnvJuIl.exe
  C:\Windows\System\JnvJuIl.exe
  2⤵
  PID:5176
- C:\Windows\System\FJFCABQ.exe
  C:\Windows\System\FJFCABQ.exe
  2⤵
  PID:5360
- C:\Windows\System\GVYCzUu.exe
  C:\Windows\System\GVYCzUu.exe
  2⤵
  PID:5336
- C:\Windows\System\hcfTDHh.exe
  C:\Windows\System\hcfTDHh.exe
  2⤵
  PID:5444
- C:\Windows\System\CFurLnY.exe
  C:\Windows\System\CFurLnY.exe
  2⤵
  PID:5456
- C:\Windows\System\ousnAmB.exe
  C:\Windows\System\ousnAmB.exe
  2⤵
  PID:5720
- C:\Windows\System\TYJXrdb.exe
  C:\Windows\System\TYJXrdb.exe
  2⤵
  PID:5724
- C:\Windows\System\FNMsfxE.exe
  C:\Windows\System\FNMsfxE.exe
  2⤵
  PID:5808
- C:\Windows\System\jtcHOXj.exe
  C:\Windows\System\jtcHOXj.exe
  2⤵
  PID:5868
- C:\Windows\System\MlXzQDd.exe
  C:\Windows\System\MlXzQDd.exe
  2⤵
  PID:6048
- C:\Windows\System\GdQLqne.exe
  C:\Windows\System\GdQLqne.exe
  2⤵
  PID:6108
- C:\Windows\System\FLgyULQ.exe
  C:\Windows\System\FLgyULQ.exe
  2⤵
  PID:6160
- C:\Windows\System\SpcohxU.exe
  C:\Windows\System\SpcohxU.exe
  2⤵
  PID:6180
- C:\Windows\System\urlVBoC.exe
  C:\Windows\System\urlVBoC.exe
  2⤵
  PID:6200
- C:\Windows\System\PqzIwEh.exe
  C:\Windows\System\PqzIwEh.exe
  2⤵
  PID:6224
- C:\Windows\System\whyTZVV.exe
  C:\Windows\System\whyTZVV.exe
  2⤵
  PID:6244
- C:\Windows\System\rWFFIAG.exe
  C:\Windows\System\rWFFIAG.exe
  2⤵
  PID:6264
- C:\Windows\System\ZGslkFo.exe
  C:\Windows\System\ZGslkFo.exe
  2⤵
  PID:6284
- C:\Windows\System\EMxtRAg.exe
  C:\Windows\System\EMxtRAg.exe
  2⤵
  PID:6304
- C:\Windows\System\lIIOiyz.exe
  C:\Windows\System\lIIOiyz.exe
  2⤵
  PID:6324
- C:\Windows\System\cQyDxPX.exe
  C:\Windows\System\cQyDxPX.exe
  2⤵
  PID:6344
- C:\Windows\System\mTmjIVi.exe
  C:\Windows\System\mTmjIVi.exe
  2⤵
  PID:6364
- C:\Windows\System\IQPRFhA.exe
  C:\Windows\System\IQPRFhA.exe
  2⤵
  PID:6384
- C:\Windows\System\YSmtglK.exe
  C:\Windows\System\YSmtglK.exe
  2⤵
  PID:6404
- C:\Windows\System\ZjaMvlC.exe
  C:\Windows\System\ZjaMvlC.exe
  2⤵
  PID:6424
- C:\Windows\System\kCWLYOJ.exe
  C:\Windows\System\kCWLYOJ.exe
  2⤵
  PID:6444
- C:\Windows\System\qexHsJq.exe
  C:\Windows\System\qexHsJq.exe
  2⤵
  PID:6464
- C:\Windows\System\bgsfqMd.exe
  C:\Windows\System\bgsfqMd.exe
  2⤵
  PID:6484
- C:\Windows\System\OeWsUPZ.exe
  C:\Windows\System\OeWsUPZ.exe
  2⤵
  PID:6504
- C:\Windows\System\MaWDZuX.exe
  C:\Windows\System\MaWDZuX.exe
  2⤵
  PID:6524
- C:\Windows\System\NChcslG.exe
  C:\Windows\System\NChcslG.exe
  2⤵
  PID:6544
- C:\Windows\System\WHkHVRu.exe
  C:\Windows\System\WHkHVRu.exe
  2⤵
  PID:6564
- C:\Windows\System\YHxEPmE.exe
  C:\Windows\System\YHxEPmE.exe
  2⤵
  PID:6580
- C:\Windows\System\mGmwnOK.exe
  C:\Windows\System\mGmwnOK.exe
  2⤵
  PID:6604
- C:\Windows\System\SsLSQOC.exe
  C:\Windows\System\SsLSQOC.exe
  2⤵
  PID:6620
- C:\Windows\System\gCcSebl.exe
  C:\Windows\System\gCcSebl.exe
  2⤵
  PID:6640
- C:\Windows\System\lrhJixm.exe
  C:\Windows\System\lrhJixm.exe
  2⤵
  PID:6660
- C:\Windows\System\dswGZmg.exe
  C:\Windows\System\dswGZmg.exe
  2⤵
  PID:6680
- C:\Windows\System\bivYgRj.exe
  C:\Windows\System\bivYgRj.exe
  2⤵
  PID:6704
- C:\Windows\System\ZrezzaG.exe
  C:\Windows\System\ZrezzaG.exe
  2⤵
  PID:6724
- C:\Windows\System\NNbutsP.exe
  C:\Windows\System\NNbutsP.exe
  2⤵
  PID:6744
- C:\Windows\System\aFvAmVY.exe
  C:\Windows\System\aFvAmVY.exe
  2⤵
  PID:6764
- C:\Windows\System\HACCTZt.exe
  C:\Windows\System\HACCTZt.exe
  2⤵
  PID:6784
- C:\Windows\System\fIPOXDd.exe
  C:\Windows\System\fIPOXDd.exe
  2⤵
  PID:6804
- C:\Windows\System\wdJkpfe.exe
  C:\Windows\System\wdJkpfe.exe
  2⤵
  PID:6824
- C:\Windows\System\wfoytcI.exe
  C:\Windows\System\wfoytcI.exe
  2⤵
  PID:6844
- C:\Windows\System\UMxszgO.exe
  C:\Windows\System\UMxszgO.exe
  2⤵
  PID:6864
- C:\Windows\System\neRzSMc.exe
  C:\Windows\System\neRzSMc.exe
  2⤵
  PID:6884
- C:\Windows\System\miezzfc.exe
  C:\Windows\System\miezzfc.exe
  2⤵
  PID:6904
- C:\Windows\System\AEUvrhY.exe
  C:\Windows\System\AEUvrhY.exe
  2⤵
  PID:6924
- C:\Windows\System\AvaaJTX.exe
  C:\Windows\System\AvaaJTX.exe
  2⤵
  PID:6944
- C:\Windows\System\dRKTbYo.exe
  C:\Windows\System\dRKTbYo.exe
  2⤵
  PID:6964
- C:\Windows\System\lZHCdin.exe
  C:\Windows\System\lZHCdin.exe
  2⤵
  PID:6984
- C:\Windows\System\wxSuEXF.exe
  C:\Windows\System\wxSuEXF.exe
  2⤵
  PID:7004
- C:\Windows\System\HbZcOzz.exe
  C:\Windows\System\HbZcOzz.exe
  2⤵
  PID:7024
- C:\Windows\System\WVAVPNw.exe
  C:\Windows\System\WVAVPNw.exe
  2⤵
  PID:7044
- C:\Windows\System\nPIZDEF.exe
  C:\Windows\System\nPIZDEF.exe
  2⤵
  PID:7064
- C:\Windows\System\DpYSeQi.exe
  C:\Windows\System\DpYSeQi.exe
  2⤵
  PID:7084
- C:\Windows\System\ZnXHuiW.exe
  C:\Windows\System\ZnXHuiW.exe
  2⤵
  PID:7104
- C:\Windows\System\ItSJauU.exe
  C:\Windows\System\ItSJauU.exe
  2⤵
  PID:7124
- C:\Windows\System\UlngpZz.exe
  C:\Windows\System\UlngpZz.exe
  2⤵
  PID:7140
- C:\Windows\System\gungOPD.exe
  C:\Windows\System\gungOPD.exe
  2⤵
  PID:7164
- C:\Windows\System\qiuZICq.exe
  C:\Windows\System\qiuZICq.exe
  2⤵
  PID:4276
- C:\Windows\System\WIHWSyJ.exe
  C:\Windows\System\WIHWSyJ.exe
  2⤵
  PID:4316
- C:\Windows\System\qNJsHRd.exe
  C:\Windows\System\qNJsHRd.exe
  2⤵
  PID:4624
- C:\Windows\System\RVzFhtY.exe
  C:\Windows\System\RVzFhtY.exe
  2⤵
  PID:2728
- C:\Windows\System\TEDFvEc.exe
  C:\Windows\System\TEDFvEc.exe
  2⤵
  PID:5256
- C:\Windows\System\BfMxunE.exe
  C:\Windows\System\BfMxunE.exe
  2⤵
  PID:2664
- C:\Windows\System\DqPJgbT.exe
  C:\Windows\System\DqPJgbT.exe
  2⤵
  PID:5520
- C:\Windows\System\oCXQQQj.exe
  C:\Windows\System\oCXQQQj.exe
  2⤵
  PID:5700
- C:\Windows\System\eClyPyq.exe
  C:\Windows\System\eClyPyq.exe
  2⤵
  PID:2860
- C:\Windows\System\wBtleaE.exe
  C:\Windows\System\wBtleaE.exe
  2⤵
  PID:6040
- C:\Windows\System\RVLqOgH.exe
  C:\Windows\System\RVLqOgH.exe
  2⤵
  PID:6156
- C:\Windows\System\SeCXqOS.exe
  C:\Windows\System\SeCXqOS.exe
  2⤵
  PID:6192
- C:\Windows\System\BnSJzBv.exe
  C:\Windows\System\BnSJzBv.exe
  2⤵
  PID:6220
- C:\Windows\System\oCWkEHx.exe
  C:\Windows\System\oCWkEHx.exe
  2⤵
  PID:6280
- C:\Windows\System\AfUIqfr.exe
  C:\Windows\System\AfUIqfr.exe
  2⤵
  PID:6316
- C:\Windows\System\LguubhE.exe
  C:\Windows\System\LguubhE.exe
  2⤵
  PID:6300
- C:\Windows\System\hEDTqGL.exe
  C:\Windows\System\hEDTqGL.exe
  2⤵
  PID:6356
- C:\Windows\System\ipeDYPY.exe
  C:\Windows\System\ipeDYPY.exe
  2⤵
  PID:6396
- C:\Windows\System\HwCIBXK.exe
  C:\Windows\System\HwCIBXK.exe
  2⤵
  PID:6440
- C:\Windows\System\vnFGgFE.exe
  C:\Windows\System\vnFGgFE.exe
  2⤵
  PID:6420
- C:\Windows\System\nRvwUZy.exe
  C:\Windows\System\nRvwUZy.exe
  2⤵
  PID:6452
- C:\Windows\System\oYcOfGl.exe
  C:\Windows\System\oYcOfGl.exe
  2⤵
  PID:1848
- C:\Windows\System\mNyipqK.exe
  C:\Windows\System\mNyipqK.exe
  2⤵
  PID:6556
- C:\Windows\System\rcXaUbp.exe
  C:\Windows\System\rcXaUbp.exe
  2⤵
  PID:6536
- C:\Windows\System\ydMjQrv.exe
  C:\Windows\System\ydMjQrv.exe
  2⤵
  PID:6592
- C:\Windows\System\AfUQyxA.exe
  C:\Windows\System\AfUQyxA.exe
  2⤵
  PID:6632
- C:\Windows\System\EOgLdPn.exe
  C:\Windows\System\EOgLdPn.exe
  2⤵
  PID:6676
- C:\Windows\System\bfXYMkV.exe
  C:\Windows\System\bfXYMkV.exe
  2⤵
  PID:6652
- C:\Windows\System\ItfFAxk.exe
  C:\Windows\System\ItfFAxk.exe
  2⤵
  PID:5920
- C:\Windows\System\BxKbWuG.exe
  C:\Windows\System\BxKbWuG.exe
  2⤵
  PID:6760
- C:\Windows\System\UTMPawe.exe
  C:\Windows\System\UTMPawe.exe
  2⤵
  PID:6756
- C:\Windows\System\ExcJLun.exe
  C:\Windows\System\ExcJLun.exe
  2⤵
  PID:6800
- C:\Windows\System\gGiOHxq.exe
  C:\Windows\System\gGiOHxq.exe
  2⤵
  PID:6836
- C:\Windows\System\JhiJVwI.exe
  C:\Windows\System\JhiJVwI.exe
  2⤵
  PID:6860
- C:\Windows\System\gvdiIua.exe
  C:\Windows\System\gvdiIua.exe
  2⤵
  PID:3000
- C:\Windows\System\orIhTBQ.exe
  C:\Windows\System\orIhTBQ.exe
  2⤵
  PID:6896
- C:\Windows\System\kSSOfbJ.exe
  C:\Windows\System\kSSOfbJ.exe
  2⤵
  PID:6940
- C:\Windows\System\TOSFgVh.exe
  C:\Windows\System\TOSFgVh.exe
  2⤵
  PID:7000
- C:\Windows\System\TKBetVx.exe
  C:\Windows\System\TKBetVx.exe
  2⤵
  PID:7012
- C:\Windows\System\MOWdxXw.exe
  C:\Windows\System\MOWdxXw.exe
  2⤵
  PID:7080
- C:\Windows\System\OzarFPp.exe
  C:\Windows\System\OzarFPp.exe
  2⤵
  PID:7056
- C:\Windows\System\CnLorsP.exe
  C:\Windows\System\CnLorsP.exe
  2⤵
  PID:7120
- C:\Windows\System\TlqPDWo.exe
  C:\Windows\System\TlqPDWo.exe
  2⤵
  PID:7156
- C:\Windows\System\gFQkRct.exe
  C:\Windows\System\gFQkRct.exe
  2⤵
  PID:2944
- C:\Windows\System\mVqHZCh.exe
  C:\Windows\System\mVqHZCh.exe
  2⤵
  PID:3608
- C:\Windows\System\HZwvgsh.exe
  C:\Windows\System\HZwvgsh.exe
  2⤵
  PID:5144
- C:\Windows\System\JceIBnn.exe
  C:\Windows\System\JceIBnn.exe
  2⤵
  PID:5608
- C:\Windows\System\GklAWOn.exe
  C:\Windows\System\GklAWOn.exe
  2⤵
  PID:5548
- C:\Windows\System\pShIVYN.exe
  C:\Windows\System\pShIVYN.exe
  2⤵
  PID:5840
- C:\Windows\System\xZvNqpy.exe
  C:\Windows\System\xZvNqpy.exe
  2⤵
  PID:6084
- C:\Windows\System\pVmtcFb.exe
  C:\Windows\System\pVmtcFb.exe
  2⤵
  PID:6272
- C:\Windows\System\InFheIq.exe
  C:\Windows\System\InFheIq.exe
  2⤵
  PID:6260
- C:\Windows\System\IoEGuiV.exe
  C:\Windows\System\IoEGuiV.exe
  2⤵
  PID:6336
- C:\Windows\System\eSehPpM.exe
  C:\Windows\System\eSehPpM.exe
  2⤵
  PID:6472
- C:\Windows\System\MJpIdgS.exe
  C:\Windows\System\MJpIdgS.exe
  2⤵
  PID:6512
- C:\Windows\System\Acyctor.exe
  C:\Windows\System\Acyctor.exe
  2⤵
  PID:6540
- C:\Windows\System\NekuPpO.exe
  C:\Windows\System\NekuPpO.exe
  2⤵
  PID:6628
- C:\Windows\System\GHRwrSW.exe
  C:\Windows\System\GHRwrSW.exe
  2⤵
  PID:6648
- C:\Windows\System\TiWQzje.exe
  C:\Windows\System\TiWQzje.exe
  2⤵
  PID:6496
- C:\Windows\System\zFTOWWm.exe
  C:\Windows\System\zFTOWWm.exe
  2⤵
  PID:6716
- C:\Windows\System\bAbkShL.exe
  C:\Windows\System\bAbkShL.exe
  2⤵
  PID:6780
- C:\Windows\System\uRTeyPx.exe
  C:\Windows\System\uRTeyPx.exe
  2⤵
  PID:6672
- C:\Windows\System\AshZqPC.exe
  C:\Windows\System\AshZqPC.exe
  2⤵
  PID:6700
- C:\Windows\System\OMUvjgU.exe
  C:\Windows\System\OMUvjgU.exe
  2⤵
  PID:6900
- C:\Windows\System\bTjxDTA.exe
  C:\Windows\System\bTjxDTA.exe
  2⤵
  PID:6832
- C:\Windows\System\VpLPTPS.exe
  C:\Windows\System\VpLPTPS.exe
  2⤵
  PID:7072
- C:\Windows\System\umCAxQp.exe
  C:\Windows\System\umCAxQp.exe
  2⤵
  PID:6880
- C:\Windows\System\SPeLVyQ.exe
  C:\Windows\System\SPeLVyQ.exe
  2⤵
  PID:4796
- C:\Windows\System\mqWiIew.exe
  C:\Windows\System\mqWiIew.exe
  2⤵
  PID:4504
- C:\Windows\System\KVuDTuC.exe
  C:\Windows\System\KVuDTuC.exe
  2⤵
  PID:5588
- C:\Windows\System\VcyypbL.exe
  C:\Windows\System\VcyypbL.exe
  2⤵
  PID:2744
- C:\Windows\System\GlHCUDZ.exe
  C:\Windows\System\GlHCUDZ.exe
  2⤵
  PID:7020
- C:\Windows\System\kqLZdck.exe
  C:\Windows\System\kqLZdck.exe
  2⤵
  PID:7148
- C:\Windows\System\LZdQhkC.exe
  C:\Windows\System\LZdQhkC.exe
  2⤵
  PID:2760
- C:\Windows\System\JtpvnKG.exe
  C:\Windows\System\JtpvnKG.exe
  2⤵
  PID:6816
- C:\Windows\System\tReOCRz.exe
  C:\Windows\System\tReOCRz.exe
  2⤵
  PID:6736
- C:\Windows\System\vCIcdpX.exe
  C:\Windows\System\vCIcdpX.exe
  2⤵
  PID:6932
- C:\Windows\System\caxdKAd.exe
  C:\Windows\System\caxdKAd.exe
  2⤵
  PID:5440
- C:\Windows\System\vHyaJGy.exe
  C:\Windows\System\vHyaJGy.exe
  2⤵
  PID:6436
- C:\Windows\System\CSmYyMM.exe
  C:\Windows\System\CSmYyMM.exe
  2⤵
  PID:6148
- C:\Windows\System\MrINHDp.exe
  C:\Windows\System\MrINHDp.exe
  2⤵
  PID:6320
- C:\Windows\System\vqVDUvl.exe
  C:\Windows\System\vqVDUvl.exe
  2⤵
  PID:6360
- C:\Windows\System\NWIhdlX.exe
  C:\Windows\System\NWIhdlX.exe
  2⤵
  PID:2156
- C:\Windows\System\qDoGuiH.exe
  C:\Windows\System\qDoGuiH.exe
  2⤵
  PID:5324
- C:\Windows\System\EjdMbFN.exe
  C:\Windows\System\EjdMbFN.exe
  2⤵
  PID:3004
- C:\Windows\System\LTtWXav.exe
  C:\Windows\System\LTtWXav.exe
  2⤵
  PID:6992
- C:\Windows\System\ZxCneBo.exe
  C:\Windows\System\ZxCneBo.exe
  2⤵
  PID:6980
- C:\Windows\System\umtqxsO.exe
  C:\Windows\System\umtqxsO.exe
  2⤵
  PID:4388
- C:\Windows\System\YvuFGyn.exe
  C:\Windows\System\YvuFGyn.exe
  2⤵
  PID:2640
- C:\Windows\System\SUFHVLX.exe
  C:\Windows\System\SUFHVLX.exe
  2⤵
  PID:5864
- C:\Windows\System\WFCTrHM.exe
  C:\Windows\System\WFCTrHM.exe
  2⤵
  PID:5924
- C:\Windows\System\rjlsRKd.exe
  C:\Windows\System\rjlsRKd.exe
  2⤵
  PID:6376
- C:\Windows\System\ZYAoFQQ.exe
  C:\Windows\System\ZYAoFQQ.exe
  2⤵
  PID:6256
- C:\Windows\System\MwGvUrP.exe
  C:\Windows\System\MwGvUrP.exe
  2⤵
  PID:7160
- C:\Windows\System\fTTBqAP.exe
  C:\Windows\System\fTTBqAP.exe
  2⤵
  PID:6636
- C:\Windows\System\TYZZOJd.exe
  C:\Windows\System\TYZZOJd.exe
  2⤵
  PID:2848
- C:\Windows\System\rNgQARt.exe
  C:\Windows\System\rNgQARt.exe
  2⤵
  PID:7188
- C:\Windows\System\WsjsOIT.exe
  C:\Windows\System\WsjsOIT.exe
  2⤵
  PID:7208
- C:\Windows\System\nrsBuRK.exe
  C:\Windows\System\nrsBuRK.exe
  2⤵
  PID:7228
- C:\Windows\System\fqkYiYZ.exe
  C:\Windows\System\fqkYiYZ.exe
  2⤵
  PID:7248
- C:\Windows\System\lFsnOGx.exe
  C:\Windows\System\lFsnOGx.exe
  2⤵
  PID:7268
- C:\Windows\System\OEJQMnt.exe
  C:\Windows\System\OEJQMnt.exe
  2⤵
  PID:7288
- C:\Windows\System\ZAufnFU.exe
  C:\Windows\System\ZAufnFU.exe
  2⤵
  PID:7308
- C:\Windows\System\WTzypyC.exe
  C:\Windows\System\WTzypyC.exe
  2⤵
  PID:7328
- C:\Windows\System\hDvVwkT.exe
  C:\Windows\System\hDvVwkT.exe
  2⤵
  PID:7344
- C:\Windows\System\yAzzhTJ.exe
  C:\Windows\System\yAzzhTJ.exe
  2⤵
  PID:7368
- C:\Windows\System\ppkwmCE.exe
  C:\Windows\System\ppkwmCE.exe
  2⤵
  PID:7388
- C:\Windows\System\nLnbmzZ.exe
  C:\Windows\System\nLnbmzZ.exe
  2⤵
  PID:7408
- C:\Windows\System\LehwnBQ.exe
  C:\Windows\System\LehwnBQ.exe
  2⤵
  PID:7432
- C:\Windows\System\jhKIDoc.exe
  C:\Windows\System\jhKIDoc.exe
  2⤵
  PID:7452
- C:\Windows\System\SGVYnUI.exe
  C:\Windows\System\SGVYnUI.exe
  2⤵
  PID:7472
- C:\Windows\System\jmBqvvk.exe
  C:\Windows\System\jmBqvvk.exe
  2⤵
  PID:7492
- C:\Windows\System\XOLwBMV.exe
  C:\Windows\System\XOLwBMV.exe
  2⤵
  PID:7508
- C:\Windows\System\pMUECwK.exe
  C:\Windows\System\pMUECwK.exe
  2⤵
  PID:7532
- C:\Windows\System\XtdQhGD.exe
  C:\Windows\System\XtdQhGD.exe
  2⤵
  PID:7548
- C:\Windows\System\xLxzDXf.exe
  C:\Windows\System\xLxzDXf.exe
  2⤵
  PID:7568
- C:\Windows\System\SSBSnbZ.exe
  C:\Windows\System\SSBSnbZ.exe
  2⤵
  PID:7584
- C:\Windows\System\DqkhTfs.exe
  C:\Windows\System\DqkhTfs.exe
  2⤵
  PID:7608
- C:\Windows\System\bDNNwbI.exe
  C:\Windows\System\bDNNwbI.exe
  2⤵
  PID:7632
- C:\Windows\System\bswyWLv.exe
  C:\Windows\System\bswyWLv.exe
  2⤵
  PID:7652
- C:\Windows\System\nEpnGEZ.exe
  C:\Windows\System\nEpnGEZ.exe
  2⤵
  PID:7672
- C:\Windows\System\aEmwBxe.exe
  C:\Windows\System\aEmwBxe.exe
  2⤵
  PID:7692
- C:\Windows\System\GlrExoV.exe
  C:\Windows\System\GlrExoV.exe
  2⤵
  PID:7708
- C:\Windows\System\fUdGVwN.exe
  C:\Windows\System\fUdGVwN.exe
  2⤵
  PID:7728
- C:\Windows\System\OJXmnGC.exe
  C:\Windows\System\OJXmnGC.exe
  2⤵
  PID:7748
- C:\Windows\System\NPqpWJS.exe
  C:\Windows\System\NPqpWJS.exe
  2⤵
  PID:7772
- C:\Windows\System\GBCdZCI.exe
  C:\Windows\System\GBCdZCI.exe
  2⤵
  PID:7788
- C:\Windows\System\iPeTAMy.exe
  C:\Windows\System\iPeTAMy.exe
  2⤵
  PID:7812
- C:\Windows\System\pjfYkJl.exe
  C:\Windows\System\pjfYkJl.exe
  2⤵
  PID:7836
- C:\Windows\System\GePQwHE.exe
  C:\Windows\System\GePQwHE.exe
  2⤵
  PID:7856
- C:\Windows\System\cYXqMZg.exe
  C:\Windows\System\cYXqMZg.exe
  2⤵
  PID:7876
- C:\Windows\System\vbvcLDL.exe
  C:\Windows\System\vbvcLDL.exe
  2⤵
  PID:7896
- C:\Windows\System\cpgrpSl.exe
  C:\Windows\System\cpgrpSl.exe
  2⤵
  PID:7912
- C:\Windows\System\fkmTvCg.exe
  C:\Windows\System\fkmTvCg.exe
  2⤵
  PID:7928
- C:\Windows\System\rpaxrXV.exe
  C:\Windows\System\rpaxrXV.exe
  2⤵
  PID:7952
- C:\Windows\System\MxdlwRx.exe
  C:\Windows\System\MxdlwRx.exe
  2⤵
  PID:7976
- C:\Windows\System\UwLnSlW.exe
  C:\Windows\System\UwLnSlW.exe
  2⤵
  PID:7996
- C:\Windows\System\MapTQht.exe
  C:\Windows\System\MapTQht.exe
  2⤵
  PID:8016
- C:\Windows\System\sFzJsnK.exe
  C:\Windows\System\sFzJsnK.exe
  2⤵
  PID:8040
- C:\Windows\System\wKUZZgP.exe
  C:\Windows\System\wKUZZgP.exe
  2⤵
  PID:8060
- C:\Windows\System\kRBATGY.exe
  C:\Windows\System\kRBATGY.exe
  2⤵
  PID:8080
- C:\Windows\System\IxaxDgs.exe
  C:\Windows\System\IxaxDgs.exe
  2⤵
  PID:8100
- C:\Windows\System\mJqMvhE.exe
  C:\Windows\System\mJqMvhE.exe
  2⤵
  PID:8120
- C:\Windows\System\YkaTdmi.exe
  C:\Windows\System\YkaTdmi.exe
  2⤵
  PID:8140
- C:\Windows\System\AAaavxW.exe
  C:\Windows\System\AAaavxW.exe
  2⤵
  PID:8160
- C:\Windows\System\DDFVMBk.exe
  C:\Windows\System\DDFVMBk.exe
  2⤵
  PID:8180
- C:\Windows\System\GgBmvBe.exe
  C:\Windows\System\GgBmvBe.exe
  2⤵
  PID:6960
- C:\Windows\System\BlkgTzu.exe
  C:\Windows\System\BlkgTzu.exe
  2⤵
  PID:6792
- C:\Windows\System\nFaJenO.exe
  C:\Windows\System\nFaJenO.exe
  2⤵
  PID:7112
- C:\Windows\System\OAoImyl.exe
  C:\Windows\System\OAoImyl.exe
  2⤵
  PID:5200
- C:\Windows\System\NClITkt.exe
  C:\Windows\System\NClITkt.exe
  2⤵
  PID:6196
- C:\Windows\System\kLpLHKN.exe
  C:\Windows\System\kLpLHKN.exe
  2⤵
  PID:1192
- C:\Windows\System\KcSRbYy.exe
  C:\Windows\System\KcSRbYy.exe
  2⤵
  PID:636
- C:\Windows\System\WqqAFLI.exe
  C:\Windows\System\WqqAFLI.exe
  2⤵
  PID:1860
- C:\Windows\System\rIrUXiU.exe
  C:\Windows\System\rIrUXiU.exe
  2⤵
  PID:7172
- C:\Windows\System\wdSHCoY.exe
  C:\Windows\System\wdSHCoY.exe
  2⤵
  PID:7200
- C:\Windows\System\QDWJaEl.exe
  C:\Windows\System\QDWJaEl.exe
  2⤵
  PID:7240
- C:\Windows\System\zJrCgBv.exe
  C:\Windows\System\zJrCgBv.exe
  2⤵
  PID:7256
- C:\Windows\System\fNwrctr.exe
  C:\Windows\System\fNwrctr.exe
  2⤵
  PID:7316
- C:\Windows\System\sCmJeRI.exe
  C:\Windows\System\sCmJeRI.exe
  2⤵
  PID:7364
- C:\Windows\System\HmsVBEA.exe
  C:\Windows\System\HmsVBEA.exe
  2⤵
  PID:7404
- C:\Windows\System\rzZIofI.exe
  C:\Windows\System\rzZIofI.exe
  2⤵
  PID:7480
- C:\Windows\System\RPjARRT.exe
  C:\Windows\System\RPjARRT.exe
  2⤵
  PID:7340
- C:\Windows\System\avqfkva.exe
  C:\Windows\System\avqfkva.exe
  2⤵
  PID:7528
- C:\Windows\System\gMyiOHg.exe
  C:\Windows\System\gMyiOHg.exe
  2⤵
  PID:7556
- C:\Windows\System\xkRandx.exe
  C:\Windows\System\xkRandx.exe
  2⤵
  PID:7464
- C:\Windows\System\gUhuvpD.exe
  C:\Windows\System\gUhuvpD.exe
  2⤵
  PID:7600
- C:\Windows\System\TVbbiut.exe
  C:\Windows\System\TVbbiut.exe
  2⤵
  PID:7500
- C:\Windows\System\tcauDat.exe
  C:\Windows\System\tcauDat.exe
  2⤵
  PID:7648
- C:\Windows\System\QgjHvRh.exe
  C:\Windows\System\QgjHvRh.exe
  2⤵
  PID:7680
- C:\Windows\System\JlaCCrI.exe
  C:\Windows\System\JlaCCrI.exe
  2⤵
  PID:7624
- C:\Windows\System\TDkUKmh.exe
  C:\Windows\System\TDkUKmh.exe
  2⤵
  PID:7664
- C:\Windows\System\jLwXZqH.exe
  C:\Windows\System\jLwXZqH.exe
  2⤵
  PID:7764
- C:\Windows\System\TPSYeBk.exe
  C:\Windows\System\TPSYeBk.exe
  2⤵
  PID:7796
- C:\Windows\System\oZJsVQk.exe
  C:\Windows\System\oZJsVQk.exe
  2⤵
  PID:7744
- C:\Windows\System\OENmVVb.exe
  C:\Windows\System\OENmVVb.exe
  2⤵
  PID:7888
- C:\Windows\System\pNyaQfY.exe
  C:\Windows\System\pNyaQfY.exe
  2⤵
  PID:7832
- C:\Windows\System\syFAiqU.exe
  C:\Windows\System\syFAiqU.exe
  2⤵
  PID:4756
- C:\Windows\System\ztEkzVh.exe
  C:\Windows\System\ztEkzVh.exe
  2⤵
  PID:7960
- C:\Windows\System\PGSbIyA.exe
  C:\Windows\System\PGSbIyA.exe
  2⤵
  PID:7940
- C:\Windows\System\LAeABij.exe
  C:\Windows\System\LAeABij.exe
  2⤵
  PID:8012
- C:\Windows\System\dwQtgxP.exe
  C:\Windows\System\dwQtgxP.exe
  2⤵
  PID:8028
- C:\Windows\System\vUfSymd.exe
  C:\Windows\System\vUfSymd.exe
  2⤵
  PID:8068
- C:\Windows\System\oDLqIwY.exe
  C:\Windows\System\oDLqIwY.exe
  2⤵
  PID:8112
- C:\Windows\System\KcczsCA.exe
  C:\Windows\System\KcczsCA.exe
  2⤵
  PID:8148
- C:\Windows\System\UWfxrmk.exe
  C:\Windows\System\UWfxrmk.exe
  2⤵
  PID:944
- C:\Windows\System\kdUqOEh.exe
  C:\Windows\System\kdUqOEh.exe
  2⤵
  PID:6176
- C:\Windows\System\oJEUHWt.exe
  C:\Windows\System\oJEUHWt.exe
  2⤵
  PID:6572
- C:\Windows\System\BuyBNxW.exe
  C:\Windows\System\BuyBNxW.exe
  2⤵
  PID:5480
- C:\Windows\System\pnqTUju.exe
  C:\Windows\System\pnqTUju.exe
  2⤵
  PID:7036
- C:\Windows\System\LLjoPVD.exe
  C:\Windows\System\LLjoPVD.exe
  2⤵
  PID:1932
- C:\Windows\System\BmmwOqS.exe
  C:\Windows\System\BmmwOqS.exe
  2⤵
  PID:7220
- C:\Windows\System\DZLGnTu.exe
  C:\Windows\System\DZLGnTu.exe
  2⤵
  PID:1588
- C:\Windows\System\hLermdY.exe
  C:\Windows\System\hLermdY.exe
  2⤵
  PID:7352
- C:\Windows\System\FGYEvNk.exe
  C:\Windows\System\FGYEvNk.exe
  2⤵
  PID:7380
- C:\Windows\System\MGJUYAy.exe
  C:\Windows\System\MGJUYAy.exe
  2⤵
  PID:7616
- C:\Windows\System\xQSufFF.exe
  C:\Windows\System\xQSufFF.exe
  2⤵
  PID:7668
- C:\Windows\System\pZvvJKp.exe
  C:\Windows\System\pZvvJKp.exe
  2⤵
  PID:7704
- C:\Windows\System\PUUwljA.exe
  C:\Windows\System\PUUwljA.exe
  2⤵
  PID:7628
- C:\Windows\System\skotJdz.exe
  C:\Windows\System\skotJdz.exe
  2⤵
  PID:7848
- C:\Windows\System\sJwkyTU.exe
  C:\Windows\System\sJwkyTU.exe
  2⤵
  PID:7700
- C:\Windows\System\rbxvQsG.exe
  C:\Windows\System\rbxvQsG.exe
  2⤵
  PID:7740
- C:\Windows\System\xlVgemP.exe
  C:\Windows\System\xlVgemP.exe
  2⤵
  PID:7972
- C:\Windows\System\gCnumPb.exe
  C:\Windows\System\gCnumPb.exe
  2⤵
  PID:7904
- C:\Windows\System\zoetSOu.exe
  C:\Windows\System\zoetSOu.exe
  2⤵
  PID:7992
- C:\Windows\System\BWNcXhv.exe
  C:\Windows\System\BWNcXhv.exe
  2⤵
  PID:8048
- C:\Windows\System\OuHAoTC.exe
  C:\Windows\System\OuHAoTC.exe
  2⤵
  PID:8056
- C:\Windows\System\hCaIpBx.exe
  C:\Windows\System\hCaIpBx.exe
  2⤵
  PID:8004
- C:\Windows\System\QASudrn.exe
  C:\Windows\System\QASudrn.exe
  2⤵
  PID:8136
- C:\Windows\System\ZzzYVeJ.exe
  C:\Windows\System\ZzzYVeJ.exe
  2⤵
  PID:6852
- C:\Windows\System\RSRthDH.exe
  C:\Windows\System\RSRthDH.exe
  2⤵
  PID:7204
- C:\Windows\System\lxiOmwB.exe
  C:\Windows\System\lxiOmwB.exe
  2⤵
  PID:7276
- C:\Windows\System\NzHLijV.exe
  C:\Windows\System\NzHLijV.exe
  2⤵
  PID:6520
- C:\Windows\System\GTtxnuu.exe
  C:\Windows\System\GTtxnuu.exe
  2⤵
  PID:7356
- C:\Windows\System\epVwerv.exe
  C:\Windows\System\epVwerv.exe
  2⤵
  PID:1160
- C:\Windows\System\NleyVmB.exe
  C:\Windows\System\NleyVmB.exe
  2⤵
  PID:2328
- C:\Windows\System\drElivc.exe
  C:\Windows\System\drElivc.exe
  2⤵
  PID:1652
- C:\Windows\System\SLiBCGO.exe
  C:\Windows\System\SLiBCGO.exe
  2⤵
  PID:304
- C:\Windows\System\CTfufqZ.exe
  C:\Windows\System\CTfufqZ.exe
  2⤵
  PID:7604
- C:\Windows\System\phnNJSv.exe
  C:\Windows\System\phnNJSv.exe
  2⤵
  PID:7660
- C:\Windows\System\OKbSQqB.exe
  C:\Windows\System\OKbSQqB.exe
  2⤵
  PID:2624
- C:\Windows\System\DxOskbr.exe
  C:\Windows\System\DxOskbr.exe
  2⤵
  PID:7964
- C:\Windows\System\bNjDCSz.exe
  C:\Windows\System\bNjDCSz.exe
  2⤵
  PID:7756
- C:\Windows\System\cdnPisB.exe
  C:\Windows\System\cdnPisB.exe
  2⤵
  PID:8072
- C:\Windows\System\oNBRzsz.exe
  C:\Windows\System\oNBRzsz.exe
  2⤵
  PID:8152
- C:\Windows\System\VmhNakn.exe
  C:\Windows\System\VmhNakn.exe
  2⤵
  PID:1796
- C:\Windows\System\JrOKQce.exe
  C:\Windows\System\JrOKQce.exe
  2⤵
  PID:7872
- C:\Windows\System\ivhRAez.exe
  C:\Windows\System\ivhRAez.exe
  2⤵
  PID:2864
- C:\Windows\System\CnkdCTM.exe
  C:\Windows\System\CnkdCTM.exe
  2⤵
  PID:1548
- C:\Windows\System\OnjItbM.exe
  C:\Windows\System\OnjItbM.exe
  2⤵
  PID:2592
- C:\Windows\System\suKpeZN.exe
  C:\Windows\System\suKpeZN.exe
  2⤵
  PID:6688
- C:\Windows\System\KPYGLNR.exe
  C:\Windows\System\KPYGLNR.exe
  2⤵
  PID:7280
- C:\Windows\System\lvKzAsz.exe
  C:\Windows\System\lvKzAsz.exe
  2⤵
  PID:2068
- C:\Windows\System\tJPsJVD.exe
  C:\Windows\System\tJPsJVD.exe
  2⤵
  PID:992
- C:\Windows\System\wJQVqPr.exe
  C:\Windows\System\wJQVqPr.exe
  2⤵
  PID:1840
- C:\Windows\System\UuGxdVR.exe
  C:\Windows\System\UuGxdVR.exe
  2⤵
  PID:2116
- C:\Windows\System\FcjPURV.exe
  C:\Windows\System\FcjPURV.exe
  2⤵
  PID:7924
- C:\Windows\System\QbXfjGP.exe
  C:\Windows\System\QbXfjGP.exe
  2⤵
  PID:8200
- C:\Windows\System\anHOUJQ.exe
  C:\Windows\System\anHOUJQ.exe
  2⤵
  PID:8216
- C:\Windows\System\kqsPDln.exe
  C:\Windows\System\kqsPDln.exe
  2⤵
  PID:8232
- C:\Windows\System\XNXAdTe.exe
  C:\Windows\System\XNXAdTe.exe
  2⤵
  PID:8248
- C:\Windows\System\RtGNAdn.exe
  C:\Windows\System\RtGNAdn.exe
  2⤵
  PID:8264
- C:\Windows\System\Slaxeeo.exe
  C:\Windows\System\Slaxeeo.exe
  2⤵
  PID:8280
- C:\Windows\System\trBDrNk.exe
  C:\Windows\System\trBDrNk.exe
  2⤵
  PID:8296
- C:\Windows\System\qmzunDP.exe
  C:\Windows\System\qmzunDP.exe
  2⤵
  PID:8312
- C:\Windows\System\jImMxDy.exe
  C:\Windows\System\jImMxDy.exe
  2⤵
  PID:8328
- C:\Windows\System\ISStXBW.exe
  C:\Windows\System\ISStXBW.exe
  2⤵
  PID:8352
- C:\Windows\System\gHRDzQY.exe
  C:\Windows\System\gHRDzQY.exe
  2⤵
  PID:8368
- C:\Windows\System\NuwylVG.exe
  C:\Windows\System\NuwylVG.exe
  2⤵
  PID:8388
- C:\Windows\System\onUgWCH.exe
  C:\Windows\System\onUgWCH.exe
  2⤵
  PID:8408
- C:\Windows\System\QABBVVP.exe
  C:\Windows\System\QABBVVP.exe
  2⤵
  PID:8424
- C:\Windows\System\OEgGUQD.exe
  C:\Windows\System\OEgGUQD.exe
  2⤵
  PID:8440
- C:\Windows\System\KXtxTTY.exe
  C:\Windows\System\KXtxTTY.exe
  2⤵
  PID:8456
- C:\Windows\System\hyUJARy.exe
  C:\Windows\System\hyUJARy.exe
  2⤵
  PID:8472
- C:\Windows\System\egjiwos.exe
  C:\Windows\System\egjiwos.exe
  2⤵
  PID:8488
- C:\Windows\System\HNryJeM.exe
  C:\Windows\System\HNryJeM.exe
  2⤵
  PID:8508
- C:\Windows\System\ypaUVpz.exe
  C:\Windows\System\ypaUVpz.exe
  2⤵
  PID:8524
- C:\Windows\System\fcUCQFC.exe
  C:\Windows\System\fcUCQFC.exe
  2⤵
  PID:8540
- C:\Windows\System\dUcEmeC.exe
  C:\Windows\System\dUcEmeC.exe
  2⤵
  PID:8556
- C:\Windows\System\LOBgHNU.exe
  C:\Windows\System\LOBgHNU.exe
  2⤵
  PID:8572
- C:\Windows\System\ILoiWhZ.exe
  C:\Windows\System\ILoiWhZ.exe
  2⤵
  PID:8588
- C:\Windows\System\oJGyfWS.exe
  C:\Windows\System\oJGyfWS.exe
  2⤵
  PID:8604
- C:\Windows\System\TlXXxzG.exe
  C:\Windows\System\TlXXxzG.exe
  2⤵
  PID:8620
- C:\Windows\System\qsiyvDz.exe
  C:\Windows\System\qsiyvDz.exe
  2⤵
  PID:8636
- C:\Windows\System\QjrYswd.exe
  C:\Windows\System\QjrYswd.exe
  2⤵
  PID:8652
- C:\Windows\System\mrshtJV.exe
  C:\Windows\System\mrshtJV.exe
  2⤵
  PID:8668
- C:\Windows\System\pifghfD.exe
  C:\Windows\System\pifghfD.exe
  2⤵
  PID:8684
- C:\Windows\System\dfEDWfP.exe
  C:\Windows\System\dfEDWfP.exe
  2⤵
  PID:8700
- C:\Windows\System\hAfUpAj.exe
  C:\Windows\System\hAfUpAj.exe
  2⤵
  PID:8716
- C:\Windows\System\mlBLZay.exe
  C:\Windows\System\mlBLZay.exe
  2⤵
  PID:8732
- C:\Windows\System\nwSsnyk.exe
  C:\Windows\System\nwSsnyk.exe
  2⤵
  PID:8748
- C:\Windows\System\EQJdSOC.exe
  C:\Windows\System\EQJdSOC.exe
  2⤵
  PID:8764
- C:\Windows\System\JdkxWBX.exe
  C:\Windows\System\JdkxWBX.exe
  2⤵
  PID:8780
- C:\Windows\System\WEeIXEb.exe
  C:\Windows\System\WEeIXEb.exe
  2⤵
  PID:8796
- C:\Windows\System\cUeRczh.exe
  C:\Windows\System\cUeRczh.exe
  2⤵
  PID:8816
- C:\Windows\System\yXVcgVL.exe
  C:\Windows\System\yXVcgVL.exe
  2⤵
  PID:8836
- C:\Windows\System\CtzWLRt.exe
  C:\Windows\System\CtzWLRt.exe
  2⤵
  PID:8852
- C:\Windows\System\jkXmXWn.exe
  C:\Windows\System\jkXmXWn.exe
  2⤵
  PID:8868
- C:\Windows\System\LrHWgOc.exe
  C:\Windows\System\LrHWgOc.exe
  2⤵
  PID:8884
- C:\Windows\System\wLqBstj.exe
  C:\Windows\System\wLqBstj.exe
  2⤵
  PID:8900
- C:\Windows\System\doDsAeW.exe
  C:\Windows\System\doDsAeW.exe
  2⤵
  PID:8916
- C:\Windows\System\kBfYvKO.exe
  C:\Windows\System\kBfYvKO.exe
  2⤵
  PID:8932
- C:\Windows\System\MTgSjpL.exe
  C:\Windows\System\MTgSjpL.exe
  2⤵
  PID:8948
- C:\Windows\System\LnrrfwZ.exe
  C:\Windows\System\LnrrfwZ.exe
  2⤵
  PID:8964
- C:\Windows\System\qFPZTDJ.exe
  C:\Windows\System\qFPZTDJ.exe
  2⤵
  PID:8980
- C:\Windows\System\IfjORJn.exe
  C:\Windows\System\IfjORJn.exe
  2⤵
  PID:8996
- C:\Windows\System\objXBLj.exe
  C:\Windows\System\objXBLj.exe
  2⤵
  PID:9016
- C:\Windows\System\rVnmntL.exe
  C:\Windows\System\rVnmntL.exe
  2⤵
  PID:9036
- C:\Windows\System\BqUkNkN.exe
  C:\Windows\System\BqUkNkN.exe
  2⤵
  PID:9052
- C:\Windows\System\bVCLpvQ.exe
  C:\Windows\System\bVCLpvQ.exe
  2⤵
  PID:9068
- C:\Windows\System\QfAIMQf.exe
  C:\Windows\System\QfAIMQf.exe
  2⤵
  PID:9084
- C:\Windows\System\zYWanhf.exe
  C:\Windows\System\zYWanhf.exe
  2⤵
  PID:9100
- C:\Windows\System\GiBlPcZ.exe
  C:\Windows\System\GiBlPcZ.exe
  2⤵
  PID:9116
- C:\Windows\System\zbDcCdH.exe
  C:\Windows\System\zbDcCdH.exe
  2⤵
  PID:9136
- C:\Windows\System\seEmDdr.exe
  C:\Windows\System\seEmDdr.exe
  2⤵
  PID:9152
- C:\Windows\System\wZXqJaA.exe
  C:\Windows\System\wZXqJaA.exe
  2⤵
  PID:9168
- C:\Windows\System\uNHDHpg.exe
  C:\Windows\System\uNHDHpg.exe
  2⤵
  PID:9184
- C:\Windows\System\VSOeknG.exe
  C:\Windows\System\VSOeknG.exe
  2⤵
  PID:9200
- C:\Windows\System\NuxCnCf.exe
  C:\Windows\System\NuxCnCf.exe
  2⤵
  PID:7984
- C:\Windows\System\Byqxqko.exe
  C:\Windows\System\Byqxqko.exe
  2⤵
  PID:8176
- C:\Windows\System\CymAcSY.exe
  C:\Windows\System\CymAcSY.exe
  2⤵
  PID:7908
- C:\Windows\System\ahOpiPV.exe
  C:\Windows\System\ahOpiPV.exe
  2⤵
  PID:2596
- C:\Windows\System\FCjDbun.exe
  C:\Windows\System\FCjDbun.exe
  2⤵
  PID:8196
- C:\Windows\System\MQXSOcl.exe
  C:\Windows\System\MQXSOcl.exe
  2⤵
  PID:8260
- C:\Windows\System\TUlheDZ.exe
  C:\Windows\System\TUlheDZ.exe
  2⤵
  PID:8324
- C:\Windows\System\CAzIqHA.exe
  C:\Windows\System\CAzIqHA.exe
  2⤵
  PID:8272
- C:\Windows\System\jRkwhBh.exe
  C:\Windows\System\jRkwhBh.exe
  2⤵
  PID:8212
- C:\Windows\System\kiJBsop.exe
  C:\Windows\System\kiJBsop.exe
  2⤵
  PID:7892
- C:\Windows\System\VYDiiWE.exe
  C:\Windows\System\VYDiiWE.exe
  2⤵
  PID:2144
- C:\Windows\System\qSNigyF.exe
  C:\Windows\System\qSNigyF.exe
  2⤵
  PID:6820
- C:\Windows\System\dPWQitr.exe
  C:\Windows\System\dPWQitr.exe
  2⤵
  PID:8208
- C:\Windows\System\HjHJmRo.exe
  C:\Windows\System\HjHJmRo.exe
  2⤵
  PID:8396
- C:\Windows\System\FSqNcok.exe
  C:\Windows\System\FSqNcok.exe
  2⤵
  PID:8436
- C:\Windows\System\EBgvZXE.exe
  C:\Windows\System\EBgvZXE.exe
  2⤵
  PID:8468
- C:\Windows\System\TLNpbNO.exe
  C:\Windows\System\TLNpbNO.exe
  2⤵
  PID:8516
- C:\Windows\System\kpDrTuO.exe
  C:\Windows\System\kpDrTuO.exe
  2⤵
  PID:8448
- C:\Windows\System\qILyKvY.exe
  C:\Windows\System\qILyKvY.exe
  2⤵
  PID:8380
- C:\Windows\System\mrUqTnV.exe
  C:\Windows\System\mrUqTnV.exe
  2⤵
  PID:8520
- C:\Windows\System\VAYLbDO.exe
  C:\Windows\System\VAYLbDO.exe
  2⤵
  PID:8552
- C:\Windows\System\PknygoD.exe
  C:\Windows\System\PknygoD.exe
  2⤵
  PID:8596
- C:\Windows\System\lTqkyvP.exe
  C:\Windows\System\lTqkyvP.exe
  2⤵
  PID:8612
- C:\Windows\System\YtqDwPl.exe
  C:\Windows\System\YtqDwPl.exe
  2⤵
  PID:8676
- C:\Windows\System\fewxCil.exe
  C:\Windows\System\fewxCil.exe
  2⤵
  PID:8696
- C:\Windows\System\atfaOaC.exe
  C:\Windows\System\atfaOaC.exe
  2⤵
  PID:8756
- C:\Windows\System\GSBDxss.exe
  C:\Windows\System\GSBDxss.exe
  2⤵
  PID:8712
- C:\Windows\System\faKHabP.exe
  C:\Windows\System\faKHabP.exe
  2⤵
  PID:8772
- C:\Windows\System\HcBQYLQ.exe
  C:\Windows\System\HcBQYLQ.exe
  2⤵
  PID:8908
- C:\Windows\System\jEkVqjg.exe
  C:\Windows\System\jEkVqjg.exe
  2⤵
  PID:8956
- C:\Windows\System\iwvjhyq.exe
  C:\Windows\System\iwvjhyq.exe
  2⤵
  PID:8912
- C:\Windows\System\nkvYTop.exe
  C:\Windows\System\nkvYTop.exe
  2⤵
  PID:8864
- C:\Windows\System\sqIxkOL.exe
  C:\Windows\System\sqIxkOL.exe
  2⤵
  PID:8944
- C:\Windows\System\WvHiNaW.exe
  C:\Windows\System\WvHiNaW.exe
  2⤵
  PID:9004
- C:\Windows\System\tHgbVVZ.exe
  C:\Windows\System\tHgbVVZ.exe
  2⤵
  PID:9076
- C:\Windows\System\cqzcynU.exe
  C:\Windows\System\cqzcynU.exe
  2⤵
  PID:9008
- C:\Windows\System\gNiTJlu.exe
  C:\Windows\System\gNiTJlu.exe
  2⤵
  PID:9092
- C:\Windows\System\uuIQniR.exe
  C:\Windows\System\uuIQniR.exe
  2⤵
  PID:9144
- C:\Windows\System\nFLflXv.exe
  C:\Windows\System\nFLflXv.exe
  2⤵
  PID:9176
- C:\Windows\System\hOMhtVC.exe
  C:\Windows\System\hOMhtVC.exe
  2⤵
  PID:8088
- C:\Windows\System\sSFGDFJ.exe
  C:\Windows\System\sSFGDFJ.exe
  2⤵
  PID:9108
- C:\Windows\System\bzrshOF.exe
  C:\Windows\System\bzrshOF.exe
  2⤵
  PID:7504
- C:\Windows\System\aHDzhhz.exe
  C:\Windows\System\aHDzhhz.exe
  2⤵
  PID:2852
- C:\Windows\System\pXjCFuI.exe
  C:\Windows\System\pXjCFuI.exe
  2⤵
  PID:7336
- C:\Windows\System\EHDsMhs.exe
  C:\Windows\System\EHDsMhs.exe
  2⤵
  PID:1604
- C:\Windows\System\aNVqcVP.exe
  C:\Windows\System\aNVqcVP.exe
  2⤵
  PID:8364
- C:\Windows\System\iIMKgVM.exe
  C:\Windows\System\iIMKgVM.exe
  2⤵
  PID:8532
- C:\Windows\System\MjGMkNA.exe
  C:\Windows\System\MjGMkNA.exe
  2⤵
  PID:8760
- C:\Windows\System\siAWxuY.exe
  C:\Windows\System\siAWxuY.exe
  2⤵
  PID:8880
- C:\Windows\System\FzgPvzE.exe
  C:\Windows\System\FzgPvzE.exe
  2⤵
  PID:8860
- C:\Windows\System\ZAEBauL.exe
  C:\Windows\System\ZAEBauL.exe
  2⤵
  PID:9080
- C:\Windows\System\lGiqOjK.exe
  C:\Windows\System\lGiqOjK.exe
  2⤵
  PID:9128
- C:\Windows\System\JvVxcES.exe
  C:\Windows\System\JvVxcES.exe
  2⤵
  PID:8416
- C:\Windows\System\pUzKotX.exe
  C:\Windows\System\pUzKotX.exe
  2⤵
  PID:2568
- C:\Windows\System\vpVyNxD.exe
  C:\Windows\System\vpVyNxD.exe
  2⤵
  PID:7620
- C:\Windows\System\vQGiMIC.exe
  C:\Windows\System\vQGiMIC.exe
  2⤵
  PID:8320
- C:\Windows\System\lDhLpnp.exe
  C:\Windows\System\lDhLpnp.exe
  2⤵
  PID:8584
- C:\Windows\System\kopGEAP.exe
  C:\Windows\System\kopGEAP.exe
  2⤵
  PID:8824
- C:\Windows\System\FpmfFYV.exe
  C:\Windows\System\FpmfFYV.exe
  2⤵
  PID:8276
- C:\Windows\System\YGAgRrt.exe
  C:\Windows\System\YGAgRrt.exe
  2⤵
  PID:8360
- C:\Windows\System\wgErPhY.exe
  C:\Windows\System\wgErPhY.exe
  2⤵
  PID:8776
- C:\Windows\System\ZvjXkas.exe
  C:\Windows\System\ZvjXkas.exe
  2⤵
  PID:9112
- C:\Windows\System\cBuJhLE.exe
  C:\Windows\System\cBuJhLE.exe
  2⤵
  PID:8708
- C:\Windows\System\TXAlcbn.exe
  C:\Windows\System\TXAlcbn.exe
  2⤵
  PID:8568
- C:\Windows\System\dmKQcOE.exe
  C:\Windows\System\dmKQcOE.exe
  2⤵
  PID:2508
- C:\Windows\System\ylTlmow.exe
  C:\Windows\System\ylTlmow.exe
  2⤵
  PID:8308
- C:\Windows\System\WbkaVpl.exe
  C:\Windows\System\WbkaVpl.exe
  2⤵
  PID:8404
- C:\Windows\System\VRveocP.exe
  C:\Windows\System\VRveocP.exe
  2⤵
  PID:8804
- C:\Windows\System\owssUrj.exe
  C:\Windows\System\owssUrj.exe
  2⤵
  PID:8500
- C:\Windows\System\fSyFOpA.exe
  C:\Windows\System\fSyFOpA.exe
  2⤵
  PID:8832
- C:\Windows\System\vhOBksu.exe
  C:\Windows\System\vhOBksu.exe
  2⤵
  PID:1736
- C:\Windows\System\QIezMOC.exe
  C:\Windows\System\QIezMOC.exe
  2⤵
  PID:9180
- C:\Windows\System\PaeXAPw.exe
  C:\Windows\System\PaeXAPw.exe
  2⤵
  PID:9212
- C:\Windows\System\nkPfsPk.exe
  C:\Windows\System\nkPfsPk.exe
  2⤵
  PID:8648
- C:\Windows\System\pmzzOXG.exe
  C:\Windows\System\pmzzOXG.exe
  2⤵
  PID:9064
- C:\Windows\System\GCukKYo.exe
  C:\Windows\System\GCukKYo.exe
  2⤵
  PID:9232
- C:\Windows\System\XmpBEgP.exe
  C:\Windows\System\XmpBEgP.exe
  2⤵
  PID:9248
- C:\Windows\System\gPgkydz.exe
  C:\Windows\System\gPgkydz.exe
  2⤵
  PID:9264
- C:\Windows\System\SUqCirG.exe
  C:\Windows\System\SUqCirG.exe
  2⤵
  PID:9280
- C:\Windows\System\FXHUdvW.exe
  C:\Windows\System\FXHUdvW.exe
  2⤵
  PID:9296
- C:\Windows\System\FblWfTH.exe
  C:\Windows\System\FblWfTH.exe
  2⤵
  PID:9312
- C:\Windows\System\PoyvwNn.exe
  C:\Windows\System\PoyvwNn.exe
  2⤵
  PID:9328
- C:\Windows\System\wStYmhV.exe
  C:\Windows\System\wStYmhV.exe
  2⤵
  PID:9344
- C:\Windows\System\UBpmZNZ.exe
  C:\Windows\System\UBpmZNZ.exe
  2⤵
  PID:9360
- C:\Windows\System\RxzfpOr.exe
  C:\Windows\System\RxzfpOr.exe
  2⤵
  PID:9376
- C:\Windows\System\lHaqoYQ.exe
  C:\Windows\System\lHaqoYQ.exe
  2⤵
  PID:9396
- C:\Windows\System\dgjcadn.exe
  C:\Windows\System\dgjcadn.exe
  2⤵
  PID:9412
- C:\Windows\System\cqcJvnm.exe
  C:\Windows\System\cqcJvnm.exe
  2⤵
  PID:9436
- C:\Windows\System\TZYrXUm.exe
  C:\Windows\System\TZYrXUm.exe
  2⤵
  PID:9452
- C:\Windows\System\lxGgOLk.exe
  C:\Windows\System\lxGgOLk.exe
  2⤵
  PID:9468
- C:\Windows\System\idCxxNU.exe
  C:\Windows\System\idCxxNU.exe
  2⤵
  PID:9484
- C:\Windows\System\XasktHf.exe
  C:\Windows\System\XasktHf.exe
  2⤵
  PID:9500
- C:\Windows\System\Qdvkhvd.exe
  C:\Windows\System\Qdvkhvd.exe
  2⤵
  PID:9524
- C:\Windows\System\TENYVlv.exe
  C:\Windows\System\TENYVlv.exe
  2⤵
  PID:9636
- C:\Windows\System\sXNhkoT.exe
  C:\Windows\System\sXNhkoT.exe
  2⤵
  PID:9652
- C:\Windows\System\ORqblNv.exe
  C:\Windows\System\ORqblNv.exe
  2⤵
  PID:9672
- C:\Windows\System\xDBnPIy.exe
  C:\Windows\System\xDBnPIy.exe
  2⤵
  PID:9688
- C:\Windows\System\EMDFmyZ.exe
  C:\Windows\System\EMDFmyZ.exe
  2⤵
  PID:9708
- C:\Windows\System\YLIMWvA.exe
  C:\Windows\System\YLIMWvA.exe
  2⤵
  PID:9856
- C:\Windows\System\nGjJVQi.exe
  C:\Windows\System\nGjJVQi.exe
  2⤵
  PID:9872
- C:\Windows\System\OrJZlAz.exe
  C:\Windows\System\OrJZlAz.exe
  2⤵
  PID:9900
- C:\Windows\System\SVqshQZ.exe
  C:\Windows\System\SVqshQZ.exe
  2⤵
  PID:10004
- C:\Windows\System\ZvQZrhn.exe
  C:\Windows\System\ZvQZrhn.exe
  2⤵
  PID:10040
- C:\Windows\System\LfqfgzQ.exe
  C:\Windows\System\LfqfgzQ.exe
  2⤵
  PID:10056
- C:\Windows\System\ooNIjKO.exe
  C:\Windows\System\ooNIjKO.exe
  2⤵
  PID:10072
- C:\Windows\System\EFFbBzz.exe
  C:\Windows\System\EFFbBzz.exe
  2⤵
  PID:10092
- C:\Windows\System\kBroXEu.exe
  C:\Windows\System\kBroXEu.exe
  2⤵
  PID:10108
- C:\Windows\System\vodMaTc.exe
  C:\Windows\System\vodMaTc.exe
  2⤵
  PID:10124
- C:\Windows\System\qEsSTNM.exe
  C:\Windows\System\qEsSTNM.exe
  2⤵
  PID:10140
- C:\Windows\System\GThsYgk.exe
  C:\Windows\System\GThsYgk.exe
  2⤵
  PID:10156
- C:\Windows\System\fxKvwcF.exe
  C:\Windows\System\fxKvwcF.exe
  2⤵
  PID:10172
- C:\Windows\System\PZKRqin.exe
  C:\Windows\System\PZKRqin.exe
  2⤵
  PID:10188
- C:\Windows\System\nikoHYu.exe
  C:\Windows\System\nikoHYu.exe
  2⤵
  PID:10204
- C:\Windows\System\ABfGuRt.exe
  C:\Windows\System\ABfGuRt.exe
  2⤵
  PID:10224
- C:\Windows\System\LAgyijf.exe
  C:\Windows\System\LAgyijf.exe
  2⤵
  PID:9132
- C:\Windows\System\PkGZZpl.exe
  C:\Windows\System\PkGZZpl.exe
  2⤵
  PID:8480
- C:\Windows\System\jhRDJpx.exe
  C:\Windows\System\jhRDJpx.exe
  2⤵
  PID:9288
- C:\Windows\System\VfOXOaN.exe
  C:\Windows\System\VfOXOaN.exe
  2⤵
  PID:9272
- C:\Windows\System\BKwPEZh.exe
  C:\Windows\System\BKwPEZh.exe
  2⤵
  PID:9060
- C:\Windows\System\mbGXtsq.exe
  C:\Windows\System\mbGXtsq.exe
  2⤵
  PID:9372
- C:\Windows\System\xHnvSIh.exe
  C:\Windows\System\xHnvSIh.exe
  2⤵
  PID:9460
- C:\Windows\System\KKtBobi.exe
  C:\Windows\System\KKtBobi.exe
  2⤵
  PID:9476
- C:\Windows\System\nkfOvee.exe
  C:\Windows\System\nkfOvee.exe
  2⤵
  PID:9496
- C:\Windows\System\DfTmuCM.exe
  C:\Windows\System\DfTmuCM.exe
  2⤵
  PID:9564
- C:\Windows\System\qsGPOCB.exe
  C:\Windows\System\qsGPOCB.exe
  2⤵
  PID:8848
- C:\Windows\System\YBOZMLt.exe
  C:\Windows\System\YBOZMLt.exe
  2⤵
  PID:9592
- C:\Windows\System\irLvytV.exe
  C:\Windows\System\irLvytV.exe
  2⤵
  PID:9608
- C:\Windows\System\cwrSFpq.exe
  C:\Windows\System\cwrSFpq.exe
  2⤵
  PID:9632
- C:\Windows\System\oDDPecc.exe
  C:\Windows\System\oDDPecc.exe
  2⤵
  PID:9700
- C:\Windows\System\wyqrFPW.exe
  C:\Windows\System\wyqrFPW.exe
  2⤵
  PID:9736
- C:\Windows\System\sRStaGX.exe
  C:\Windows\System\sRStaGX.exe
  2⤵
  PID:9728
- C:\Windows\System\srqGBtl.exe
  C:\Windows\System\srqGBtl.exe
  2⤵
  PID:9756
- C:\Windows\System\FgfbYNi.exe
  C:\Windows\System\FgfbYNi.exe
  2⤵
  PID:9584
- C:\Windows\System\ltpVKjN.exe
  C:\Windows\System\ltpVKjN.exe
  2⤵
  PID:9800
- C:\Windows\System\vfgUawY.exe
  C:\Windows\System\vfgUawY.exe
  2⤵
  PID:9840
- C:\Windows\System\izScYkW.exe
  C:\Windows\System\izScYkW.exe
  2⤵
  PID:9948
- C:\Windows\System\imjApKQ.exe
  C:\Windows\System\imjApKQ.exe
  2⤵
  PID:9968
- C:\Windows\System\zvaMbOY.exe
  C:\Windows\System\zvaMbOY.exe
  2⤵
  PID:9992
- C:\Windows\System\toSBijH.exe
  C:\Windows\System\toSBijH.exe
  2⤵
  PID:10032
- C:\Windows\System\rdwQyTC.exe
  C:\Windows\System\rdwQyTC.exe
  2⤵
  PID:10052
- C:\Windows\System\qfQGkUf.exe
  C:\Windows\System\qfQGkUf.exe
  2⤵
  PID:10132
- C:\Windows\System\EXVxnDn.exe
  C:\Windows\System\EXVxnDn.exe
  2⤵
  PID:10168
- C:\Windows\System\vNLXSCz.exe
  C:\Windows\System\vNLXSCz.exe
  2⤵
  PID:10236
- C:\Windows\System\GdLpRpC.exe
  C:\Windows\System\GdLpRpC.exe
  2⤵
  PID:9260
- C:\Windows\System\dywgrra.exe
  C:\Windows\System\dywgrra.exe
  2⤵
  PID:9244
- C:\Windows\System\eysmpcd.exe
  C:\Windows\System\eysmpcd.exe
  2⤵
  PID:9368
- C:\Windows\System\ZrbQioL.exe
  C:\Windows\System\ZrbQioL.exe
  2⤵
  PID:9352
- C:\Windows\System\KOAtFTj.exe
  C:\Windows\System\KOAtFTj.exe
  2⤵
  PID:9444
- C:\Windows\System\lYLOVxE.exe
  C:\Windows\System\lYLOVxE.exe
  2⤵
  PID:9492
- C:\Windows\System\jPqAYuu.exe
  C:\Windows\System\jPqAYuu.exe
  2⤵
  PID:9552
- C:\Windows\System\iGeLoEO.exe
  C:\Windows\System\iGeLoEO.exe
  2⤵
  PID:9532
- C:\Windows\System\WnagcZk.exe
  C:\Windows\System\WnagcZk.exe
  2⤵
  PID:9600
- C:\Windows\System\XrTqNkB.exe
  C:\Windows\System\XrTqNkB.exe
  2⤵
  PID:9612
- C:\Windows\System\aEbpGYZ.exe
  C:\Windows\System\aEbpGYZ.exe
  2⤵
  PID:9668
- C:\Windows\System\RVupeUi.exe
  C:\Windows\System\RVupeUi.exe
  2⤵
  PID:9724
- C:\Windows\System\DkYBCsf.exe
  C:\Windows\System\DkYBCsf.exe
  2⤵
  PID:9764
- C:\Windows\System\GRAExAW.exe
  C:\Windows\System\GRAExAW.exe
  2⤵
  PID:9788
- C:\Windows\System\uMCFRuH.exe
  C:\Windows\System\uMCFRuH.exe
  2⤵
  PID:9824
- C:\Windows\System\asZLmWb.exe
  C:\Windows\System\asZLmWb.exe
  2⤵
  PID:9908
- C:\Windows\System\sWQkPci.exe
  C:\Windows\System\sWQkPci.exe
  2⤵
  PID:9980
- C:\Windows\System\VDhWsLu.exe
  C:\Windows\System\VDhWsLu.exe
  2⤵
  PID:9928
- C:\Windows\System\bQdnChD.exe
  C:\Windows\System\bQdnChD.exe
  2⤵
  PID:10016
- C:\Windows\System\OSDZPHt.exe
  C:\Windows\System\OSDZPHt.exe
  2⤵
  PID:9988
- C:\Windows\System\ObgZfqI.exe
  C:\Windows\System\ObgZfqI.exe
  2⤵
  PID:10028
- C:\Windows\System\dsgykgb.exe
  C:\Windows\System\dsgykgb.exe
  2⤵
  PID:10152
- C:\Windows\System\JvdNsMb.exe
  C:\Windows\System\JvdNsMb.exe
  2⤵
  PID:2008
- C:\Windows\System\YLzZYUG.exe
  C:\Windows\System\YLzZYUG.exe
  2⤵
  PID:9340
- C:\Windows\System\wEjyDYy.exe
  C:\Windows\System\wEjyDYy.exe
  2⤵
  PID:9572
- C:\Windows\System\OLMLkQV.exe
  C:\Windows\System\OLMLkQV.exe
  2⤵
  PID:9716
- C:\Windows\System\bVmmHFE.exe
  C:\Windows\System\bVmmHFE.exe
  2⤵
  PID:10080
- C:\Windows\System\oYmjFwL.exe
  C:\Windows\System\oYmjFwL.exe
  2⤵
  PID:9832
- C:\Windows\System\loMaSfg.exe
  C:\Windows\System\loMaSfg.exe
  2⤵
  PID:9392
- C:\Windows\System\RYbSJoo.exe
  C:\Windows\System\RYbSJoo.exe
  2⤵
  PID:10104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AeLEmbg.exe

Filesize
6.0MB

MD5
abfefa52c1051bd6023271a556454a1c

SHA1
bcc6a676408e5bc3eef928c9a3ad2007078e6b0a

SHA256
cb30cafbfb2d1b363fee50f34468e978b3a1782d1f6b45c1eefc6c63e43e8873

SHA512
c28e1519fe72c21c76a7f5a0b715c8fd3a72652cbee30d3295b9b6397164963232e62c5b5fd89c21be272fbd5615475d10fb9abdec12c73f116786804b9a32f1

Download Submit
C:\Windows\system\HqWifqr.exe

Filesize
6.0MB

MD5
46342e79c445c954dd419b9b161b1432

SHA1
b12c182716f2b7059e10d4738683f9eff99451ee

SHA256
a26593e5b3f21323fa5f7d5f62f974bea9cb92e850edeaaf717817b19f47bdf2

SHA512
12614726d5901d2f46a9d2fb434397b35d36aaa46671e2da9b170c21d7dac3a66f7034bf95b20e3ccf6ea8199a246b5009762e7662937aa62f7bf7e32bd32c3f

Download Submit
C:\Windows\system\IXYGZUP.exe

Filesize
6.0MB

MD5
8356374a474a8652ea8f6f75d58f0fd1

SHA1
9993c592716654f41e7dc616e56f4fe58c613e47

SHA256
bdc12027fc88dcefe3c3ec96be50764118a4d3a80bcb1a692d7c1a5ec0b2a303

SHA512
a2023c4241b5b14bb72702b5db023323f84bf7562c87f2480051f6fffae71ab97c98bf433ff65ecc84340fe861318b5e151594ca9ed2b6109f543533b6efb862

Download Submit
C:\Windows\system\LtYWEiJ.exe

Filesize
6.0MB

MD5
8fe3bff6f8019417cfb207f5373a601f

SHA1
ce4c59c409b1f37c8fe72b111cc4bf0336e86f5c

SHA256
5303707f3c6f73165b1a317672f2f1b94e3047433b90df66d2bdfc154d788ec7

SHA512
86d22189467712cd38069659a5924c2fb2e780f31bd692f033b949dfcfb41c5b12f098e3e45baa2debd92305cf2d9227c8cc1d4273f636bb8c4499743b3a91c4

Download Submit
C:\Windows\system\MWPCRzx.exe

Filesize
6.0MB

MD5
fd1662724926f649ef1ef94e1137a2ba

SHA1
6386f8ebef5f4deccb98553012f921e6fb56fa4a

SHA256
38155cd6f236da787f3830f7805f74f05e24e805000cedc88565a15eda3acf7c

SHA512
c715c259318db6716ca16fb81ba46caf44e8cf1d1d07cb71f60d118a78595804846c15d70359e45e0435e44dad936372a4b17685dbe654693bd5b6f7ded13908

Download Submit
C:\Windows\system\NuYkQxT.exe

Filesize
6.0MB

MD5
7e74f4fbcc087c305bb76ca3502d9fe3

SHA1
fb493430eca87a99302e662027c3b035d30ef006

SHA256
d03d96cca4d2613b0e60874b3fa9cbc9f69c598a51c8fdc7ed1ca5a1bd02d518

SHA512
fbcafdfb58714ef360bf180fa2b9789849fa95d5f98d6a1033ec13f2b18ed51689a126538eb3ea7045fd8266e29d3a29d71f9d011ce5dd987625a1f1e1d17bc6

Download Submit
C:\Windows\system\OVxvMRI.exe

Filesize
6.0MB

MD5
cd2040967e816d83dde33125f8eb715e

SHA1
03e3b3b41d4d026bbf705a9a54768ede137e6bf8

SHA256
2e74cc9bc562a41c8edd89f9b6b0a12d47a55ee6423d4122f15f973d289dd5be

SHA512
311e4d82ecb32c1fb8a5204ec220e4391b50f6877d6b6a7dd749b2fad73269fca385e02231387a68b0544f5749e9e874aad6340b6e34f031690116480f1f8f2a

Download Submit
C:\Windows\system\PyuRIgs.exe

Filesize
6.0MB

MD5
63e2c582a258dbe102f9af86b119d489

SHA1
0297b3da65d4140edda94744d8d7131274ed8004

SHA256
c756f7649a02394a8d2f1fb9f05e5883161209107637df8fad0610f23c1cccbc

SHA512
9278a31af6bb3bfad5befb03641aa8be08cca27a07c7d437f51142e2e6e7b92c267da48ab7ad534476c4dffe9afbbfcef149cd4c7a4c622e6bf663e75605c765

Download Submit
C:\Windows\system\XSuusfN.exe

Filesize
6.0MB

MD5
9029b0eb3dd205a6da066cc646272ceb

SHA1
4b5db1334e4f0b90eda33e5299bb45d52ab9b96d

SHA256
29c0e8919500523aacea0de0f908f48af31a03859496bc2f67a162b2097d8c0a

SHA512
db73e42635717222a108fda1208c6b990aafff20d3e35df452cf10f438af03edef60c68fc5fb3d8c3d9d4273a29b3470260d7551fc6025b6621c81705f69ff12

Download Submit
C:\Windows\system\YvbStOJ.exe

Filesize
6.0MB

MD5
d0a4b557c486bb84aff8a3ee00b9fa3a

SHA1
d87d7ba2ff35399af5f2be3473b88844624f4b42

SHA256
bd3590dcc200d7a90f95eef01c6fe937aefa44222b2146d6869af0399bb510fc

SHA512
c056177e591b83c6dbf186cf4f90755f5fc6fbfd78c3b084e22b1419d5dcf522c86e8f3fad62adb29daaefbf5de3f3a81aac2acc14f5f3b095dc82a488a8a46f

Download Submit
C:\Windows\system\ZwnubVP.exe

Filesize
6.0MB

MD5
4873b5fa385d040eb1f5b6f1e7e596b9

SHA1
32f3930d5dd8c5a2798ce688fb1a4c9f37a9d6b6

SHA256
1eb98384c5e6fb670208f4fe40299a697662d15503b627aa333aa69a83fdbea7

SHA512
1847371f7dc7d88e6b43ada9c60fb0f61d4e79e202237a396707a84e797022aaf6044dbc132389284e30066f3ec87a94e4d568323be1ae1c5d6c2d6e382feb7a

Download Submit
C:\Windows\system\aaKQUIe.exe

Filesize
6.0MB

MD5
eab6c3818d25a36ee196e83272b0ba02

SHA1
d18a322065faf1f0a7a53cc76812e41b25f12efd

SHA256
545c253eb69809edb3d552f7ccc78227c0e67d77b114febcfd1d9aa0b2108cbd

SHA512
af6353717c94334ebaf7c9e8ec60c34f7ba7cb4f49d205f9a34f2999a0ee7bcae98666da6535424cd007f815d5408cb24023c2841b7a6690fd4a112568945117

Download Submit
C:\Windows\system\bOCURsh.exe

Filesize
6.0MB

MD5
0923d479801091e671c7d13178745b10

SHA1
2fd23d2913df466c8a783e229fab6d81c90b35ae

SHA256
5de98a83ffd3a4690aa5cc125e371424b1ce35b89007a604d77acefad5042da0

SHA512
0684b3ad7394a91391db914d972fc9fcc7729e91604464a19460974cbcb753d670bcf542e6c7e7becb7a6ace3c05c560254a2b18ffc515b2bdde727daeee8fb1

Download Submit
C:\Windows\system\gAAyonN.exe

Filesize
6.0MB

MD5
cc27d933532945a613fcb09c9bd4a521

SHA1
988e805b92072dcba39a5746775dcddb519c143a

SHA256
bb6771088a7050237ae50d3b906e1102ba2ec73672e5f195b8dc3cecbb192cfe

SHA512
cbe8d7d9194607113c3401675ab0e4a5abd3581092d7f142f7309ffc7e80090d9f713ac9871e16555b24e7dd6f94a1744fec24089fcccde13c12d45630fa14ef

Download Submit
C:\Windows\system\lNVspSf.exe

Filesize
6.0MB

MD5
1d336a03fd2504cff1905903b7acc4c7

SHA1
c099d1259a8b109bd5c3e7ee4b40a0d3dc9757ea

SHA256
9aea1218938c8d51f31998c24fd5edd13da5f0cd4140eaa71b0438f75f793f42

SHA512
18ae1372faae5b12a28a787eee1f0a8280e94e17d1923078b6fc417e9cc0d0f18bde9a692d3d40a742a475d7879ee532008b31e1b4c529ecb998a1784b0e1b26

Download Submit
C:\Windows\system\mCtTWjB.exe

Filesize
6.0MB

MD5
a054b2197256d845497aa60f3275ae86

SHA1
9db9736ccd7b74855deca2117fdc011cb6a23460

SHA256
5283f8820ea9b2fe9d4d9d00fa1983f403994dd50f8f8458aaa7332fe4708d5c

SHA512
11dc01e7130f1c3bc41da79913d50a5b28a1a7cf48f279abf1147e05af5bfb58b6eb0587862935775eed04c6acf49f18d482269856691dcdfc86a4d760bd01ca

Download Submit
C:\Windows\system\ndhKDDw.exe

Filesize
6.0MB

MD5
45c721aed1d1d4355407b68f444bff80

SHA1
d3b8a6ba83f4b4cd85aa56b956c8c16647bade71

SHA256
a1626c282e9c20e38b3338aa8d88d3b21a450ba16fa85338b4b63fd38917293e

SHA512
c2a35dcf41b4d241611995763efb08be0b514798cdc763a61146f84e09ad200320c657d0b8160ed2399a6df3a40be8652a2539836e37c84a1b39ab85dc42f571

Download Submit
C:\Windows\system\oEEKaRa.exe

Filesize
6.0MB

MD5
f6b5b10b93ac366f10eb1e3dd066403e

SHA1
5f4383e127863c550961ae78db0b987ae7dd1227

SHA256
57d22cf8b8d601d2134e445a71a3b3ebd6db7a3b09460bb60a0dbe5a3275ecc0

SHA512
f27f39c050e9b32a5bd787e11b43b66489fb1a2c3f4d84c04551211b65c637969896dbdf8f316e610e986468998d607ab1a466d62496426b6c6e382c604d8eb2

Download Submit
C:\Windows\system\omtTFYD.exe

Filesize
6.0MB

MD5
a3a707f41355cf4c9ef0c5f838914897

SHA1
fd2fc1671e4b0ec73d88d7883af45ac3bf0ea194

SHA256
981f6fe8cee91feff1f423326bdda741ba29530742164e9f8714d155323a1640

SHA512
dd01303fe7d81955d62b62b1d274039d342803dc52388647ded86d9730eb7769f19d50cfab76c2d99cafa1b5b09d42e799979d74c3815d3b643b731c5d1e5a3c

Download Submit
C:\Windows\system\ozzfqiG.exe

Filesize
6.0MB

MD5
6dd3507bdb18b6f93a065054dc3d78d3

SHA1
bcbb9eb24ea93cfb2fd39ae28440b69fee3e135f

SHA256
54e92d2ea974726899600c749347f391c36e980bdc0cf0ab0055b9566d61658d

SHA512
90e8b6b5e79a0b46fca046f2c1e6db2a681905ac805939cd1d4df8e24831f8097b44585e19b8f9e401c3fe26734cdfbc8a7df1ff8b1f82ee197c7be1e54b16b3

Download Submit
C:\Windows\system\pHjiRIS.exe

Filesize
6.0MB

MD5
48ad0f9722d0b95195963606d4032620

SHA1
2bcc130f4ece649128c66078508639996fcc1627

SHA256
746dd6123575f522c6bf728af356970ea3901523b3c9aca99463cfa7eb3bd7f0

SHA512
ee70709449dfc1cf24aff62d04adfee73a03f1ed118f290490e8641b214a628393f08711d7679855c421c71bbfb37975a4d21ba8e9ba35202643160475b2e06e

Download Submit
C:\Windows\system\tVEDaYs.exe

Filesize
6.0MB

MD5
9bd76ed752e39271298c77af411fd845

SHA1
7c03917b022330466eea2b39229865dbca7fe768

SHA256
8595f4c2163f0c76ca61fa8836813f4c98988cfb3bb8b48651a1302abbc89e1c

SHA512
cb083a433560c046477ca82b026f956315c48ed4c9758fafe442ed929d1e226f7569e8eef0f1b4f8a0bd84d5003a006c9401c8e11a6e65140aadb7c296172308

Download Submit
C:\Windows\system\vdFHhmE.exe

Filesize
6.0MB

MD5
9647666440cef17eb23751141c63de4d

SHA1
7d7b20656e9d4bc64b5aa42e884e6dfa8e24eb22

SHA256
6652cbe301c5ea732b6669d625ff157dd4e4387c34ef2eb15305c03916db1091

SHA512
5b01e503f753a46f9ce1108167e77905eed9bc0ca578028f1735225df09d95267f857ebb0e35e5f08f3a3ca214ecd02b1edf7d0d2766ecbec79837315b8effbb

Download Submit
C:\Windows\system\werApKu.exe

Filesize
6.0MB

MD5
4367876e409ffed917ce69516e9d06c6

SHA1
bffe3d7be32c45fb2e8836c6dd8bf163977b892d

SHA256
5c19204246d318fa8a2d94c1d33678e2b700be2a5d7436316c3706c4cd9ee9e1

SHA512
2c2385486fceb6637c51f5dac889a14970e6f528d1c2188db62eed229a9ae359dad4351423046b118c90e0f1bc429e26929f296266695e537849220bed17af5b

Download Submit
C:\Windows\system\xVXNxSL.exe

Filesize
6.0MB

MD5
942e46bc20f21dc10f48c3d25914aaef

SHA1
497323c273464cc70bd8cb04eb8dad61bbe847bd

SHA256
222023e9d498a2e6b52eb8f617415e25e5b4e3fd9ac64189677ccdeb412ea09d

SHA512
a80955fa4f8193493f0415febab861a379c59f2b1e11239f84796f2776873642315879a20340cc782ada8a8f647aa89e052d3fcb57324d7f69a366bf67c6e695

Download Submit
C:\Windows\system\yezRqnF.exe

Filesize
6.0MB

MD5
6bc97975fbb4abb89515f13e2231ea61

SHA1
ec86c6c113a52999a0b127cd2db2609322ca9ac5

SHA256
874b06d166ba878165c6a73f3fed556d7cea9146117eeb0059a768a3ccda21c6

SHA512
e460bc3c2340094ab5375ba00acdc5caa051922007c79fe107b1b46da643ba2552fc555ef4bbad7ed68bf240d295aa28eec8dabff5df4b053e814c781e39c061

Download Submit
\Windows\system\TAbehuA.exe

Filesize
6.0MB

MD5
e2464751b65f408eaf001c05864fce6c

SHA1
c519f9b830ba30261b315c4b1e9ce95ad59bfee6

SHA256
9f495ac83ec1f459c56d002e4eb056b3cc1dbe117e45bb2719ae6a29dcfce1d8

SHA512
54624a6ecdc06dc1d0512e37bc5c41e827233113e6dbf585c8e84462c0dd425a0a628ceff1ca6e2b6489c7ba0cbd35d936bca46679c061cf257490d4fd2b2a17

Download Submit
\Windows\system\cOxeZYc.exe

Filesize
6.0MB

MD5
a9d3d4e2e3dc7d0f3168520334dc5f02

SHA1
c248b3e93e156b5b285928ee95d92f9554f5647b

SHA256
27d9365c97266f79eab20520746eb56a68860fda99b90e7b06ad7ebbe96d067b

SHA512
32084e00e87a7fc0b228421390ac21e4c4887c09637160d2234bbca6755c1c810c08e1a3dc3344f9001876465f4f2bc688663c1a87bcf9923825ccd09162945b

Download Submit
\Windows\system\hgurllf.exe

Filesize
6.0MB

MD5
3e471645d3213dcea7392df731ee0e2f

SHA1
b9511abe15baf3ed606d6bbab5d10ab6a7379668

SHA256
8f2572e6d67de195186e6072da4f06a4f092fbfa109ff7f73e7bb3a6c67ed9f3

SHA512
08cad0d8e6020ec2962be10351061ddb4ae7c4fc3ecac6802324428e54d19cd6c3af6ff115c5ffea250d408244baa4842fa12c804b7802f33414913f6267a09f

Download Submit
\Windows\system\kILHKtl.exe

Filesize
6.0MB

MD5
b0e656bfb3f4ce2afa21e4a8d220fd8b

SHA1
11ca42bf812c88fa4ce7d0ce5750be655665917d

SHA256
4a3c97c0717dd28e7553cb1b1c7ef13aa204e63eb15ef9ae9f66e9420f9045cd

SHA512
3b0e0f4911e78d0804956b4fd7cddcc9143a6fbf62b3a32787487ff0a76126d3e2f3a3fc73800118cefe5e44ad27c05d441a6d21b3fdf9d11a892e1ec7ae38fd

Download Submit
\Windows\system\kYoKWVq.exe

Filesize
6.0MB

MD5
14d82709ce787ab85fee26370f3f67f3

SHA1
f60319c49d0b6d0f64a3ba990939f73b33d7d501

SHA256
99ffe538864f903afafe8ab80b5e90db984c00b7b566328473fa8d43fad97e98

SHA512
d3b9402a94ef01b753a6b407e18390112992288e71568b516a7f6320ef727f2c6a77fadf9173c09ac6824137063eca79bdb9f03d1b8cfbf1742c26dd3120a5ca

Download Submit
\Windows\system\rVeoutG.exe

Filesize
6.0MB

MD5
0bd8c87f265ede2afda2896a8f099479

SHA1
e91146dbc49c83de8258a7fe3741fd33ceead7ca

SHA256
0c362ccd787af6e212a608a8b1e7461d0ce81aa0eb2bde0ac40d0eaa59e0dd41

SHA512
4b7cbdfcb3d20339a38b1eb1dd27adc5f1dea257e955fae0fd58051c3361e0e1c339f8d0bf3e9f345539e86aa77e1232f57802dbe7fbaae55d35e8f6d2617dcb

Download Submit
memory/768-1394-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/768-62-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/768-1100-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/768-0-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/768-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/768-102-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/768-33-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/768-99-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/768-574-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/768-100-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/768-45-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/768-69-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/768-56-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/768-107-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/768-59-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/768-60-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/768-84-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/768-864-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/768-63-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/768-91-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/768-58-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/768-77-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/836-3756-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/836-92-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1296-3685-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1296-41-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-85-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1928-3702-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-3610-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-28-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-21-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2396-93-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3712-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2616-111-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3688-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2616-70-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2684-78-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3744-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2704-48-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3618-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2736-61-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3714-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3631-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-54-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-64-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3730-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3609-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2912-55-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2940-57-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3625-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-101-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3847-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download