cobaltstrike | 328176d3e1712d1c70519b88209c8ec5fefa36e6fcd167b510d6e812f3605e95

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

27929216ebe9d324d781d146d600ed68
SHA1

361e30307e240c24a89c2ad21fe442af599fcda9
SHA256

328176d3e1712d1c70519b88209c8ec5fefa36e6fcd167b510d6e812f3605e95
SHA512

d8c17dffe5568d1529102b67f0097804a145812e02afa5a6b7573f68020d87a678904296698b8b093c83468b29b447bf826c3c10a1a1238e93a8e2f08e91a4b7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUA:T+q56utgpPF8u/7A

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001933b-10.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001939b-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b3-22.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193f7-40.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193e8-34.dat	cobalt_reflective_dll
behavioral1/files/0x003000000001926b-52.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194cd-72.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-77.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194c4-65.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001949e-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1712-1-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-3.dat	xmrig
behavioral1/memory/1556-8-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x000700000001933b-10.dat	xmrig
behavioral1/memory/2244-14-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x000800000001939b-12.dat	xmrig
behavioral1/memory/3024-20-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x00070000000193b3-22.dat	xmrig
behavioral1/memory/2836-27-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x00060000000193f7-40.dat	xmrig
behavioral1/memory/1712-35-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x00060000000193e8-34.dat	xmrig
behavioral1/memory/1556-44-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2436-43-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x003000000001926b-52.dat	xmrig
behavioral1/memory/3024-57-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2612-58-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2952-51-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x00070000000194cd-72.dat	xmrig
behavioral1/memory/2132-67-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2952-86-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41e-115.dat	xmrig
behavioral1/files/0x000500000001a4b5-176.dat	xmrig
behavioral1/memory/2876-871-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2152-731-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2188-555-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/896-383-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2292-244-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bd-196.dat	xmrig
behavioral1/files/0x000500000001a4bb-190.dat	xmrig
behavioral1/files/0x000500000001a4b7-180.dat	xmrig
behavioral1/files/0x000500000001a4b9-186.dat	xmrig
behavioral1/files/0x000500000001a4b3-170.dat	xmrig
behavioral1/files/0x000500000001a4af-160.dat	xmrig
behavioral1/files/0x000500000001a4b1-166.dat	xmrig
behavioral1/files/0x000500000001a49a-150.dat	xmrig
behavioral1/files/0x000500000001a4a9-155.dat	xmrig
behavioral1/files/0x000500000001a499-146.dat	xmrig
behavioral1/files/0x000500000001a48d-140.dat	xmrig
behavioral1/files/0x000500000001a48b-135.dat	xmrig
behavioral1/files/0x000500000001a46f-130.dat	xmrig
behavioral1/files/0x000500000001a42d-125.dat	xmrig
behavioral1/files/0x000500000001a427-120.dat	xmrig
behavioral1/files/0x000500000001a41d-111.dat	xmrig
behavioral1/memory/2876-105-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2132-104-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41b-103.dat	xmrig
behavioral1/memory/2152-96-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2612-95-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a359-94.dat	xmrig
behavioral1/memory/2188-87-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a307-85.dat	xmrig
behavioral1/memory/896-79-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2436-78-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a09e-77.dat	xmrig
behavioral1/memory/2836-66-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x00080000000194c4-65.dat	xmrig
behavioral1/memory/2932-70-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2244-50-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x000600000001949e-49.dat	xmrig
behavioral1/memory/2932-38-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1556-3521-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2244-3538-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2836-3540-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1556	suknthl.exe
2244	KXyvXli.exe
3024	VkXWXjy.exe
2836	jXOezea.exe
2932	fKSEvHn.exe
2436	WMVavVw.exe
2952	LjuIZjd.exe
2612	vFEJyam.exe
2132	KYiRTaz.exe
2292	AxkqZyN.exe
896	Vhmrinw.exe
2188	oWjQgKO.exe
2152	SqUxCfk.exe
2876	VzqjYHK.exe
2516	vtAxVXJ.exe
1944	QxvipCd.exe
2680	dmEkQnN.exe
2880	VhbcSOk.exe
2852	GsiFnuY.exe
2116	lTvMIJO.exe
544	kmoIrgo.exe
984	FHXGcuC.exe
2520	qwGIHKR.exe
1852	FMhIAhV.exe
3040	RAUQFpJ.exe
2252	tTDRqKK.exe
2456	AFEFHrc.exe
2136	rMpXvNK.exe
2420	svfAFuq.exe
1112	fZwfYBs.exe
1544	yIDjESw.exe
2512	JEkIVJu.exe
768	aVgqUZC.exe
2440	NeWjxpb.exe
2068	HOtqLST.exe
316	euHuFGo.exe
292	IBzHpCv.exe
1552	rMkvaGA.exe
2580	NGdAQqr.exe
1992	MzsgvsN.exe
1860	XjvDiRo.exe
2432	uWdFShF.exe
1692	UwsnEVf.exe
920	xcQwTnE.exe
1948	JtNGzDz.exe
3016	rzWCkPB.exe
2808	fmixFbC.exe
1076	rltFuCk.exe
1472	pbjBtrQ.exe
1584	yreODCs.exe
868	ieLMEjs.exe
2060	JpffwiH.exe
1080	EUMkrbk.exe
1652	pOIqxnI.exe
1192	hJGiehp.exe
2248	QZIUeDb.exe
2812	ifwiVSB.exe
2652	pKvoMQF.exe
3008	tpBgavr.exe
2740	QWdHckq.exe
2668	MVSOWBb.exe
1196	TIdtAcA.exe
2376	JbDeuUn.exe
1628	HLtQnFh.exe

Loads dropped DLL 64 IoCs

pid	Process
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1712-1-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-3.dat	upx
behavioral1/memory/1556-8-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x000700000001933b-10.dat	upx
behavioral1/memory/2244-14-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x000800000001939b-12.dat	upx
behavioral1/memory/3024-20-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x00070000000193b3-22.dat	upx
behavioral1/memory/2836-27-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x00060000000193f7-40.dat	upx
behavioral1/memory/1712-35-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x00060000000193e8-34.dat	upx
behavioral1/memory/1556-44-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2436-43-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x003000000001926b-52.dat	upx
behavioral1/memory/3024-57-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2612-58-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2952-51-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x00070000000194cd-72.dat	upx
behavioral1/memory/2132-67-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2952-86-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x000500000001a41e-115.dat	upx
behavioral1/files/0x000500000001a4b5-176.dat	upx
behavioral1/memory/2876-871-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2152-731-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2188-555-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/896-383-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2292-244-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x000500000001a4bd-196.dat	upx
behavioral1/files/0x000500000001a4bb-190.dat	upx
behavioral1/files/0x000500000001a4b7-180.dat	upx
behavioral1/files/0x000500000001a4b9-186.dat	upx
behavioral1/files/0x000500000001a4b3-170.dat	upx
behavioral1/files/0x000500000001a4af-160.dat	upx
behavioral1/files/0x000500000001a4b1-166.dat	upx
behavioral1/files/0x000500000001a49a-150.dat	upx
behavioral1/files/0x000500000001a4a9-155.dat	upx
behavioral1/files/0x000500000001a499-146.dat	upx
behavioral1/files/0x000500000001a48d-140.dat	upx
behavioral1/files/0x000500000001a48b-135.dat	upx
behavioral1/files/0x000500000001a46f-130.dat	upx
behavioral1/files/0x000500000001a42d-125.dat	upx
behavioral1/files/0x000500000001a427-120.dat	upx
behavioral1/files/0x000500000001a41d-111.dat	upx
behavioral1/memory/2876-105-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2132-104-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x000500000001a41b-103.dat	upx
behavioral1/memory/2152-96-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2612-95-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x000500000001a359-94.dat	upx
behavioral1/memory/2188-87-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x000500000001a307-85.dat	upx
behavioral1/memory/896-79-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2436-78-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x000500000001a09e-77.dat	upx
behavioral1/memory/2836-66-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x00080000000194c4-65.dat	upx
behavioral1/memory/2932-70-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2244-50-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x000600000001949e-49.dat	upx
behavioral1/memory/2932-38-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/1556-3521-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2244-3538-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2836-3540-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RefVFNI.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxkqZyN.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAUQFpJ.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvzwFKw.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkkYVeg.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhRWCKs.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eEezCsd.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLgNyqZ.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybJjlHq.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCmZegu.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOnublI.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DyyuIhS.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hTHdYHS.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMkvKnN.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHFPWBg.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYyHFtz.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtdQEvv.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdvQJJM.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BfvrtQC.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTvSOBG.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyXmkpu.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMHlhMD.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeofawh.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKmLUsP.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqAVVkd.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKrExDg.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gylgObK.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucjrRGD.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFzRHqe.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LELQDwZ.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\febQBqT.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBfAfQF.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPrhclV.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKVxyak.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwPYSnv.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXdRPpS.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBjodpY.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWJpGid.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgxyNXn.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxpPtrt.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvtdXMQ.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSJHdXC.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbeNnrG.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeJORkj.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFULpeG.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYcaUIU.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQjHTeP.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlbIqXy.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFlCmFd.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aefCqMO.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTDIvSb.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TrleBSy.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQNyenp.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjrwCjF.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FOXLKEK.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBNGnJY.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaZSxSi.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HfbgeVh.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVOnvxi.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sQIbRkp.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRcbJKh.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsMkhAA.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGaTGWl.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwLMTyi.exe	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1556	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1712 wrote to memory of 1556	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1712 wrote to memory of 1556	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1712 wrote to memory of 2244	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1712 wrote to memory of 2244	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1712 wrote to memory of 2244	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1712 wrote to memory of 3024	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1712 wrote to memory of 3024	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1712 wrote to memory of 3024	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1712 wrote to memory of 2836	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1712 wrote to memory of 2836	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1712 wrote to memory of 2836	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1712 wrote to memory of 2932	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1712 wrote to memory of 2932	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1712 wrote to memory of 2932	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1712 wrote to memory of 2436	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1712 wrote to memory of 2436	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1712 wrote to memory of 2436	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1712 wrote to memory of 2952	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1712 wrote to memory of 2952	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1712 wrote to memory of 2952	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1712 wrote to memory of 2612	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1712 wrote to memory of 2612	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1712 wrote to memory of 2612	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1712 wrote to memory of 2132	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1712 wrote to memory of 2132	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1712 wrote to memory of 2132	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1712 wrote to memory of 2292	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1712 wrote to memory of 2292	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1712 wrote to memory of 2292	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1712 wrote to memory of 896	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1712 wrote to memory of 896	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1712 wrote to memory of 896	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1712 wrote to memory of 2188	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1712 wrote to memory of 2188	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1712 wrote to memory of 2188	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1712 wrote to memory of 2152	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1712 wrote to memory of 2152	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1712 wrote to memory of 2152	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1712 wrote to memory of 2876	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1712 wrote to memory of 2876	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1712 wrote to memory of 2876	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1712 wrote to memory of 2516	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1712 wrote to memory of 2516	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1712 wrote to memory of 2516	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1712 wrote to memory of 1944	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1712 wrote to memory of 1944	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1712 wrote to memory of 1944	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1712 wrote to memory of 2680	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1712 wrote to memory of 2680	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1712 wrote to memory of 2680	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1712 wrote to memory of 2880	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1712 wrote to memory of 2880	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1712 wrote to memory of 2880	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1712 wrote to memory of 2852	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1712 wrote to memory of 2852	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1712 wrote to memory of 2852	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1712 wrote to memory of 2116	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1712 wrote to memory of 2116	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1712 wrote to memory of 2116	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1712 wrote to memory of 544	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1712 wrote to memory of 544	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1712 wrote to memory of 544	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1712 wrote to memory of 984	1712	2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_27929216ebe9d324d781d146d600ed68_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\System\suknthl.exe
  C:\Windows\System\suknthl.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\KXyvXli.exe
  C:\Windows\System\KXyvXli.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\VkXWXjy.exe
  C:\Windows\System\VkXWXjy.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\jXOezea.exe
  C:\Windows\System\jXOezea.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\fKSEvHn.exe
  C:\Windows\System\fKSEvHn.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\WMVavVw.exe
  C:\Windows\System\WMVavVw.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\LjuIZjd.exe
  C:\Windows\System\LjuIZjd.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\vFEJyam.exe
  C:\Windows\System\vFEJyam.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\KYiRTaz.exe
  C:\Windows\System\KYiRTaz.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\AxkqZyN.exe
  C:\Windows\System\AxkqZyN.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\Vhmrinw.exe
  C:\Windows\System\Vhmrinw.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\oWjQgKO.exe
  C:\Windows\System\oWjQgKO.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\SqUxCfk.exe
  C:\Windows\System\SqUxCfk.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\VzqjYHK.exe
  C:\Windows\System\VzqjYHK.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\vtAxVXJ.exe
  C:\Windows\System\vtAxVXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\QxvipCd.exe
  C:\Windows\System\QxvipCd.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\dmEkQnN.exe
  C:\Windows\System\dmEkQnN.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\VhbcSOk.exe
  C:\Windows\System\VhbcSOk.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\GsiFnuY.exe
  C:\Windows\System\GsiFnuY.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\lTvMIJO.exe
  C:\Windows\System\lTvMIJO.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\kmoIrgo.exe
  C:\Windows\System\kmoIrgo.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\FHXGcuC.exe
  C:\Windows\System\FHXGcuC.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\qwGIHKR.exe
  C:\Windows\System\qwGIHKR.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\FMhIAhV.exe
  C:\Windows\System\FMhIAhV.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\RAUQFpJ.exe
  C:\Windows\System\RAUQFpJ.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\tTDRqKK.exe
  C:\Windows\System\tTDRqKK.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\AFEFHrc.exe
  C:\Windows\System\AFEFHrc.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\rMpXvNK.exe
  C:\Windows\System\rMpXvNK.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\svfAFuq.exe
  C:\Windows\System\svfAFuq.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\fZwfYBs.exe
  C:\Windows\System\fZwfYBs.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\yIDjESw.exe
  C:\Windows\System\yIDjESw.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\JEkIVJu.exe
  C:\Windows\System\JEkIVJu.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\aVgqUZC.exe
  C:\Windows\System\aVgqUZC.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\NeWjxpb.exe
  C:\Windows\System\NeWjxpb.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\HOtqLST.exe
  C:\Windows\System\HOtqLST.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\euHuFGo.exe
  C:\Windows\System\euHuFGo.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\IBzHpCv.exe
  C:\Windows\System\IBzHpCv.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\rMkvaGA.exe
  C:\Windows\System\rMkvaGA.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\NGdAQqr.exe
  C:\Windows\System\NGdAQqr.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\MzsgvsN.exe
  C:\Windows\System\MzsgvsN.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\XjvDiRo.exe
  C:\Windows\System\XjvDiRo.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\uWdFShF.exe
  C:\Windows\System\uWdFShF.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\UwsnEVf.exe
  C:\Windows\System\UwsnEVf.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\xcQwTnE.exe
  C:\Windows\System\xcQwTnE.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\JtNGzDz.exe
  C:\Windows\System\JtNGzDz.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\rzWCkPB.exe
  C:\Windows\System\rzWCkPB.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\fmixFbC.exe
  C:\Windows\System\fmixFbC.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\rltFuCk.exe
  C:\Windows\System\rltFuCk.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\pbjBtrQ.exe
  C:\Windows\System\pbjBtrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\yreODCs.exe
  C:\Windows\System\yreODCs.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\ieLMEjs.exe
  C:\Windows\System\ieLMEjs.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\JpffwiH.exe
  C:\Windows\System\JpffwiH.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\EUMkrbk.exe
  C:\Windows\System\EUMkrbk.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\pOIqxnI.exe
  C:\Windows\System\pOIqxnI.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\hJGiehp.exe
  C:\Windows\System\hJGiehp.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\QZIUeDb.exe
  C:\Windows\System\QZIUeDb.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\ifwiVSB.exe
  C:\Windows\System\ifwiVSB.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\pKvoMQF.exe
  C:\Windows\System\pKvoMQF.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\tpBgavr.exe
  C:\Windows\System\tpBgavr.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\QWdHckq.exe
  C:\Windows\System\QWdHckq.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\MVSOWBb.exe
  C:\Windows\System\MVSOWBb.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\TIdtAcA.exe
  C:\Windows\System\TIdtAcA.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\JbDeuUn.exe
  C:\Windows\System\JbDeuUn.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\HLtQnFh.exe
  C:\Windows\System\HLtQnFh.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\SpeGYxc.exe
  C:\Windows\System\SpeGYxc.exe
  2⤵
  PID:1408
- C:\Windows\System\oQUMPPP.exe
  C:\Windows\System\oQUMPPP.exe
  2⤵
  PID:2872
- C:\Windows\System\VPtqcLS.exe
  C:\Windows\System\VPtqcLS.exe
  2⤵
  PID:332
- C:\Windows\System\eGpzHeP.exe
  C:\Windows\System\eGpzHeP.exe
  2⤵
  PID:996
- C:\Windows\System\VqEBPec.exe
  C:\Windows\System\VqEBPec.exe
  2⤵
  PID:448
- C:\Windows\System\ceQBKzq.exe
  C:\Windows\System\ceQBKzq.exe
  2⤵
  PID:1876
- C:\Windows\System\qYpDmTq.exe
  C:\Windows\System\qYpDmTq.exe
  2⤵
  PID:2040
- C:\Windows\System\XbQInVx.exe
  C:\Windows\System\XbQInVx.exe
  2⤵
  PID:2296
- C:\Windows\System\pQOGqEk.exe
  C:\Windows\System\pQOGqEk.exe
  2⤵
  PID:632
- C:\Windows\System\NEsFirM.exe
  C:\Windows\System\NEsFirM.exe
  2⤵
  PID:2572
- C:\Windows\System\WZnBiLQ.exe
  C:\Windows\System\WZnBiLQ.exe
  2⤵
  PID:1804
- C:\Windows\System\xqODUIq.exe
  C:\Windows\System\xqODUIq.exe
  2⤵
  PID:1908
- C:\Windows\System\PTcWcIQ.exe
  C:\Windows\System\PTcWcIQ.exe
  2⤵
  PID:1048
- C:\Windows\System\axBUdHm.exe
  C:\Windows\System\axBUdHm.exe
  2⤵
  PID:1796
- C:\Windows\System\NlfxoUn.exe
  C:\Windows\System\NlfxoUn.exe
  2⤵
  PID:1968
- C:\Windows\System\zCFxUpV.exe
  C:\Windows\System\zCFxUpV.exe
  2⤵
  PID:2576
- C:\Windows\System\zrIxkAC.exe
  C:\Windows\System\zrIxkAC.exe
  2⤵
  PID:1616
- C:\Windows\System\AHsNzTA.exe
  C:\Windows\System\AHsNzTA.exe
  2⤵
  PID:2260
- C:\Windows\System\ZlYsozR.exe
  C:\Windows\System\ZlYsozR.exe
  2⤵
  PID:1752
- C:\Windows\System\WjGBXEc.exe
  C:\Windows\System\WjGBXEc.exe
  2⤵
  PID:1888
- C:\Windows\System\mintkhL.exe
  C:\Windows\System\mintkhL.exe
  2⤵
  PID:1884
- C:\Windows\System\TEgMMVn.exe
  C:\Windows\System\TEgMMVn.exe
  2⤵
  PID:3056
- C:\Windows\System\CYIeeAq.exe
  C:\Windows\System\CYIeeAq.exe
  2⤵
  PID:2700
- C:\Windows\System\jqAEITf.exe
  C:\Windows\System\jqAEITf.exe
  2⤵
  PID:1572
- C:\Windows\System\OqDkJxV.exe
  C:\Windows\System\OqDkJxV.exe
  2⤵
  PID:1644
- C:\Windows\System\RobeWGd.exe
  C:\Windows\System\RobeWGd.exe
  2⤵
  PID:2752
- C:\Windows\System\MjIkuLQ.exe
  C:\Windows\System\MjIkuLQ.exe
  2⤵
  PID:2660
- C:\Windows\System\uHvlesJ.exe
  C:\Windows\System\uHvlesJ.exe
  2⤵
  PID:2648
- C:\Windows\System\iFlCmFd.exe
  C:\Windows\System\iFlCmFd.exe
  2⤵
  PID:2156
- C:\Windows\System\GKqbXlk.exe
  C:\Windows\System\GKqbXlk.exe
  2⤵
  PID:2992
- C:\Windows\System\MycNIXQ.exe
  C:\Windows\System\MycNIXQ.exe
  2⤵
  PID:1160
- C:\Windows\System\AAXyByg.exe
  C:\Windows\System\AAXyByg.exe
  2⤵
  PID:2508
- C:\Windows\System\jmQfYcg.exe
  C:\Windows\System\jmQfYcg.exe
  2⤵
  PID:908
- C:\Windows\System\IGzsVek.exe
  C:\Windows\System\IGzsVek.exe
  2⤵
  PID:2264
- C:\Windows\System\kUGaqbD.exe
  C:\Windows\System\kUGaqbD.exe
  2⤵
  PID:2444
- C:\Windows\System\UjQddmH.exe
  C:\Windows\System\UjQddmH.exe
  2⤵
  PID:2108
- C:\Windows\System\cuZuFfK.exe
  C:\Windows\System\cuZuFfK.exe
  2⤵
  PID:1468
- C:\Windows\System\wdplhDG.exe
  C:\Windows\System\wdplhDG.exe
  2⤵
  PID:3052
- C:\Windows\System\lPkDzfd.exe
  C:\Windows\System\lPkDzfd.exe
  2⤵
  PID:1488
- C:\Windows\System\BgruuCE.exe
  C:\Windows\System\BgruuCE.exe
  2⤵
  PID:2000
- C:\Windows\System\cjWReQi.exe
  C:\Windows\System\cjWReQi.exe
  2⤵
  PID:2128
- C:\Windows\System\WymGTzy.exe
  C:\Windows\System\WymGTzy.exe
  2⤵
  PID:3028
- C:\Windows\System\PdCeoqF.exe
  C:\Windows\System\PdCeoqF.exe
  2⤵
  PID:2356
- C:\Windows\System\wAzvZyB.exe
  C:\Windows\System\wAzvZyB.exe
  2⤵
  PID:588
- C:\Windows\System\CZETfcb.exe
  C:\Windows\System\CZETfcb.exe
  2⤵
  PID:2448
- C:\Windows\System\CWyoUPF.exe
  C:\Windows\System\CWyoUPF.exe
  2⤵
  PID:1996
- C:\Windows\System\IQHMsyq.exe
  C:\Windows\System\IQHMsyq.exe
  2⤵
  PID:924
- C:\Windows\System\hTHdYHS.exe
  C:\Windows\System\hTHdYHS.exe
  2⤵
  PID:1896
- C:\Windows\System\XGhEZyg.exe
  C:\Windows\System\XGhEZyg.exe
  2⤵
  PID:3092
- C:\Windows\System\loZXVbT.exe
  C:\Windows\System\loZXVbT.exe
  2⤵
  PID:3112
- C:\Windows\System\CnUrjoq.exe
  C:\Windows\System\CnUrjoq.exe
  2⤵
  PID:3132
- C:\Windows\System\aXZzAjv.exe
  C:\Windows\System\aXZzAjv.exe
  2⤵
  PID:3148
- C:\Windows\System\oxbSTCB.exe
  C:\Windows\System\oxbSTCB.exe
  2⤵
  PID:3172
- C:\Windows\System\fAOSmBU.exe
  C:\Windows\System\fAOSmBU.exe
  2⤵
  PID:3192
- C:\Windows\System\zKYUIAi.exe
  C:\Windows\System\zKYUIAi.exe
  2⤵
  PID:3212
- C:\Windows\System\SjenuoA.exe
  C:\Windows\System\SjenuoA.exe
  2⤵
  PID:3232
- C:\Windows\System\ASqXIqG.exe
  C:\Windows\System\ASqXIqG.exe
  2⤵
  PID:3252
- C:\Windows\System\XYLSnuq.exe
  C:\Windows\System\XYLSnuq.exe
  2⤵
  PID:3272
- C:\Windows\System\bkuCshN.exe
  C:\Windows\System\bkuCshN.exe
  2⤵
  PID:3296
- C:\Windows\System\cdjhVpP.exe
  C:\Windows\System\cdjhVpP.exe
  2⤵
  PID:3316
- C:\Windows\System\nGXYstO.exe
  C:\Windows\System\nGXYstO.exe
  2⤵
  PID:3336
- C:\Windows\System\cRXaieo.exe
  C:\Windows\System\cRXaieo.exe
  2⤵
  PID:3356
- C:\Windows\System\XzhiGoC.exe
  C:\Windows\System\XzhiGoC.exe
  2⤵
  PID:3376
- C:\Windows\System\ZZdHWUl.exe
  C:\Windows\System\ZZdHWUl.exe
  2⤵
  PID:3396
- C:\Windows\System\vswlrLB.exe
  C:\Windows\System\vswlrLB.exe
  2⤵
  PID:3416
- C:\Windows\System\PIwbRoc.exe
  C:\Windows\System\PIwbRoc.exe
  2⤵
  PID:3432
- C:\Windows\System\WIIuQIq.exe
  C:\Windows\System\WIIuQIq.exe
  2⤵
  PID:3452
- C:\Windows\System\LlgNDVJ.exe
  C:\Windows\System\LlgNDVJ.exe
  2⤵
  PID:3476
- C:\Windows\System\LxPZWFl.exe
  C:\Windows\System\LxPZWFl.exe
  2⤵
  PID:3496
- C:\Windows\System\IZuCFbf.exe
  C:\Windows\System\IZuCFbf.exe
  2⤵
  PID:3516
- C:\Windows\System\zaDrcGN.exe
  C:\Windows\System\zaDrcGN.exe
  2⤵
  PID:3536
- C:\Windows\System\InqKYbP.exe
  C:\Windows\System\InqKYbP.exe
  2⤵
  PID:3556
- C:\Windows\System\PMNJkYi.exe
  C:\Windows\System\PMNJkYi.exe
  2⤵
  PID:3576
- C:\Windows\System\TZuLtjr.exe
  C:\Windows\System\TZuLtjr.exe
  2⤵
  PID:3596
- C:\Windows\System\UUxedWY.exe
  C:\Windows\System\UUxedWY.exe
  2⤵
  PID:3616
- C:\Windows\System\lGkbWLg.exe
  C:\Windows\System\lGkbWLg.exe
  2⤵
  PID:3636
- C:\Windows\System\lulfBhT.exe
  C:\Windows\System\lulfBhT.exe
  2⤵
  PID:3656
- C:\Windows\System\bwYPLAH.exe
  C:\Windows\System\bwYPLAH.exe
  2⤵
  PID:3676
- C:\Windows\System\pRCmzCG.exe
  C:\Windows\System\pRCmzCG.exe
  2⤵
  PID:3700
- C:\Windows\System\jBMKCIF.exe
  C:\Windows\System\jBMKCIF.exe
  2⤵
  PID:3720
- C:\Windows\System\dMgfFiN.exe
  C:\Windows\System\dMgfFiN.exe
  2⤵
  PID:3740
- C:\Windows\System\EiyqaLj.exe
  C:\Windows\System\EiyqaLj.exe
  2⤵
  PID:3760
- C:\Windows\System\pdzvcdu.exe
  C:\Windows\System\pdzvcdu.exe
  2⤵
  PID:3780
- C:\Windows\System\mOGDOdr.exe
  C:\Windows\System\mOGDOdr.exe
  2⤵
  PID:3796
- C:\Windows\System\wIjQESK.exe
  C:\Windows\System\wIjQESK.exe
  2⤵
  PID:3820
- C:\Windows\System\QoQjxWB.exe
  C:\Windows\System\QoQjxWB.exe
  2⤵
  PID:3840
- C:\Windows\System\phSJXoR.exe
  C:\Windows\System\phSJXoR.exe
  2⤵
  PID:3864
- C:\Windows\System\NrMSCEA.exe
  C:\Windows\System\NrMSCEA.exe
  2⤵
  PID:3884
- C:\Windows\System\tZtuymT.exe
  C:\Windows\System\tZtuymT.exe
  2⤵
  PID:3904
- C:\Windows\System\xXkNwfg.exe
  C:\Windows\System\xXkNwfg.exe
  2⤵
  PID:3924
- C:\Windows\System\QzavYew.exe
  C:\Windows\System\QzavYew.exe
  2⤵
  PID:3944
- C:\Windows\System\bFYkFSz.exe
  C:\Windows\System\bFYkFSz.exe
  2⤵
  PID:3964
- C:\Windows\System\VkJLcVz.exe
  C:\Windows\System\VkJLcVz.exe
  2⤵
  PID:3984
- C:\Windows\System\MQcREEw.exe
  C:\Windows\System\MQcREEw.exe
  2⤵
  PID:4004
- C:\Windows\System\VEAJEGp.exe
  C:\Windows\System\VEAJEGp.exe
  2⤵
  PID:4024
- C:\Windows\System\wzsrLre.exe
  C:\Windows\System\wzsrLre.exe
  2⤵
  PID:4040
- C:\Windows\System\HngpTtH.exe
  C:\Windows\System\HngpTtH.exe
  2⤵
  PID:4060
- C:\Windows\System\DRaLJch.exe
  C:\Windows\System\DRaLJch.exe
  2⤵
  PID:4084
- C:\Windows\System\xgvtXYf.exe
  C:\Windows\System\xgvtXYf.exe
  2⤵
  PID:2596
- C:\Windows\System\lBBBejV.exe
  C:\Windows\System\lBBBejV.exe
  2⤵
  PID:2268
- C:\Windows\System\QqFfjEV.exe
  C:\Windows\System\QqFfjEV.exe
  2⤵
  PID:264
- C:\Windows\System\YVhQVLF.exe
  C:\Windows\System\YVhQVLF.exe
  2⤵
  PID:1560
- C:\Windows\System\nkXcknh.exe
  C:\Windows\System\nkXcknh.exe
  2⤵
  PID:1108
- C:\Windows\System\WvoTIku.exe
  C:\Windows\System\WvoTIku.exe
  2⤵
  PID:1976
- C:\Windows\System\DaeoQdJ.exe
  C:\Windows\System\DaeoQdJ.exe
  2⤵
  PID:1392
- C:\Windows\System\CdcBOuv.exe
  C:\Windows\System\CdcBOuv.exe
  2⤵
  PID:2768
- C:\Windows\System\kBRVWUX.exe
  C:\Windows\System\kBRVWUX.exe
  2⤵
  PID:3036
- C:\Windows\System\FIdodDk.exe
  C:\Windows\System\FIdodDk.exe
  2⤵
  PID:2844
- C:\Windows\System\AXUXFlu.exe
  C:\Windows\System\AXUXFlu.exe
  2⤵
  PID:3084
- C:\Windows\System\wIUrslz.exe
  C:\Windows\System\wIUrslz.exe
  2⤵
  PID:3108
- C:\Windows\System\XObrMws.exe
  C:\Windows\System\XObrMws.exe
  2⤵
  PID:3160
- C:\Windows\System\ngUUZEo.exe
  C:\Windows\System\ngUUZEo.exe
  2⤵
  PID:3180
- C:\Windows\System\AxetOkZ.exe
  C:\Windows\System\AxetOkZ.exe
  2⤵
  PID:3188
- C:\Windows\System\ZPirOsz.exe
  C:\Windows\System\ZPirOsz.exe
  2⤵
  PID:3248
- C:\Windows\System\XlKIvuu.exe
  C:\Windows\System\XlKIvuu.exe
  2⤵
  PID:3288
- C:\Windows\System\NolTrTN.exe
  C:\Windows\System\NolTrTN.exe
  2⤵
  PID:3312
- C:\Windows\System\dQRDate.exe
  C:\Windows\System\dQRDate.exe
  2⤵
  PID:3364
- C:\Windows\System\HrpTHtG.exe
  C:\Windows\System\HrpTHtG.exe
  2⤵
  PID:3408
- C:\Windows\System\PSyoKBN.exe
  C:\Windows\System\PSyoKBN.exe
  2⤵
  PID:3440
- C:\Windows\System\MWJpGid.exe
  C:\Windows\System\MWJpGid.exe
  2⤵
  PID:3464
- C:\Windows\System\xsguzRk.exe
  C:\Windows\System\xsguzRk.exe
  2⤵
  PID:3472
- C:\Windows\System\ukZbBJT.exe
  C:\Windows\System\ukZbBJT.exe
  2⤵
  PID:3504
- C:\Windows\System\ZKACFLO.exe
  C:\Windows\System\ZKACFLO.exe
  2⤵
  PID:3568
- C:\Windows\System\bcsxXnF.exe
  C:\Windows\System\bcsxXnF.exe
  2⤵
  PID:3608
- C:\Windows\System\CMyMIiM.exe
  C:\Windows\System\CMyMIiM.exe
  2⤵
  PID:3644
- C:\Windows\System\TCxEout.exe
  C:\Windows\System\TCxEout.exe
  2⤵
  PID:3628
- C:\Windows\System\HjMQniO.exe
  C:\Windows\System\HjMQniO.exe
  2⤵
  PID:3728
- C:\Windows\System\vZjGrYV.exe
  C:\Windows\System\vZjGrYV.exe
  2⤵
  PID:3736
- C:\Windows\System\WXtmHfr.exe
  C:\Windows\System\WXtmHfr.exe
  2⤵
  PID:3772
- C:\Windows\System\vRFCNiM.exe
  C:\Windows\System\vRFCNiM.exe
  2⤵
  PID:3808
- C:\Windows\System\AAMUfhG.exe
  C:\Windows\System\AAMUfhG.exe
  2⤵
  PID:3848
- C:\Windows\System\vZvEIpp.exe
  C:\Windows\System\vZvEIpp.exe
  2⤵
  PID:3852
- C:\Windows\System\xdXscQa.exe
  C:\Windows\System\xdXscQa.exe
  2⤵
  PID:3880
- C:\Windows\System\fHAHKOJ.exe
  C:\Windows\System\fHAHKOJ.exe
  2⤵
  PID:3916
- C:\Windows\System\vbeNnrG.exe
  C:\Windows\System\vbeNnrG.exe
  2⤵
  PID:3960
- C:\Windows\System\mlaarGV.exe
  C:\Windows\System\mlaarGV.exe
  2⤵
  PID:4000
- C:\Windows\System\vPIBEyy.exe
  C:\Windows\System\vPIBEyy.exe
  2⤵
  PID:4048
- C:\Windows\System\WIhkToS.exe
  C:\Windows\System\WIhkToS.exe
  2⤵
  PID:4092
- C:\Windows\System\eFVunyX.exe
  C:\Windows\System\eFVunyX.exe
  2⤵
  PID:4080
- C:\Windows\System\chORLFs.exe
  C:\Windows\System\chORLFs.exe
  2⤵
  PID:1740
- C:\Windows\System\cvQCdWz.exe
  C:\Windows\System\cvQCdWz.exe
  2⤵
  PID:1960
- C:\Windows\System\eSrGuvG.exe
  C:\Windows\System\eSrGuvG.exe
  2⤵
  PID:1892
- C:\Windows\System\sVcILji.exe
  C:\Windows\System\sVcILji.exe
  2⤵
  PID:2280
- C:\Windows\System\MPRmGPt.exe
  C:\Windows\System\MPRmGPt.exe
  2⤵
  PID:324
- C:\Windows\System\QBjCCzB.exe
  C:\Windows\System\QBjCCzB.exe
  2⤵
  PID:2776
- C:\Windows\System\NUuyZwf.exe
  C:\Windows\System\NUuyZwf.exe
  2⤵
  PID:3124
- C:\Windows\System\OXkAiPL.exe
  C:\Windows\System\OXkAiPL.exe
  2⤵
  PID:3128
- C:\Windows\System\lKcSTUb.exe
  C:\Windows\System\lKcSTUb.exe
  2⤵
  PID:3184
- C:\Windows\System\DcFbmDh.exe
  C:\Windows\System\DcFbmDh.exe
  2⤵
  PID:2552
- C:\Windows\System\sZszbFi.exe
  C:\Windows\System\sZszbFi.exe
  2⤵
  PID:3324
- C:\Windows\System\eRfaPGN.exe
  C:\Windows\System\eRfaPGN.exe
  2⤵
  PID:3384
- C:\Windows\System\EJegaGZ.exe
  C:\Windows\System\EJegaGZ.exe
  2⤵
  PID:3444
- C:\Windows\System\vYbJcyi.exe
  C:\Windows\System\vYbJcyi.exe
  2⤵
  PID:3524
- C:\Windows\System\CfnYRAf.exe
  C:\Windows\System\CfnYRAf.exe
  2⤵
  PID:3528
- C:\Windows\System\gJFpAqD.exe
  C:\Windows\System\gJFpAqD.exe
  2⤵
  PID:3592
- C:\Windows\System\EkRxphO.exe
  C:\Windows\System\EkRxphO.exe
  2⤵
  PID:3696
- C:\Windows\System\NGaTGWl.exe
  C:\Windows\System\NGaTGWl.exe
  2⤵
  PID:3768
- C:\Windows\System\pJmkcpD.exe
  C:\Windows\System\pJmkcpD.exe
  2⤵
  PID:3668
- C:\Windows\System\cuYthHo.exe
  C:\Windows\System\cuYthHo.exe
  2⤵
  PID:3804
- C:\Windows\System\NAaTPxs.exe
  C:\Windows\System\NAaTPxs.exe
  2⤵
  PID:3832
- C:\Windows\System\lIfMQsY.exe
  C:\Windows\System\lIfMQsY.exe
  2⤵
  PID:3912
- C:\Windows\System\HlKurqx.exe
  C:\Windows\System\HlKurqx.exe
  2⤵
  PID:4016
- C:\Windows\System\XrnTXdT.exe
  C:\Windows\System\XrnTXdT.exe
  2⤵
  PID:4032
- C:\Windows\System\EeSrbyk.exe
  C:\Windows\System\EeSrbyk.exe
  2⤵
  PID:3672
- C:\Windows\System\tQuDYBT.exe
  C:\Windows\System\tQuDYBT.exe
  2⤵
  PID:1924
- C:\Windows\System\SyggmIa.exe
  C:\Windows\System\SyggmIa.exe
  2⤵
  PID:3060
- C:\Windows\System\cqNOVpW.exe
  C:\Windows\System\cqNOVpW.exe
  2⤵
  PID:1732
- C:\Windows\System\kcqHwnY.exe
  C:\Windows\System\kcqHwnY.exe
  2⤵
  PID:3100
- C:\Windows\System\UScslsK.exe
  C:\Windows\System\UScslsK.exe
  2⤵
  PID:3284
- C:\Windows\System\DVAAPlw.exe
  C:\Windows\System\DVAAPlw.exe
  2⤵
  PID:3304
- C:\Windows\System\oPGTnic.exe
  C:\Windows\System\oPGTnic.exe
  2⤵
  PID:3388
- C:\Windows\System\dbvelSc.exe
  C:\Windows\System\dbvelSc.exe
  2⤵
  PID:3372
- C:\Windows\System\bjSWuSp.exe
  C:\Windows\System\bjSWuSp.exe
  2⤵
  PID:3604
- C:\Windows\System\QiLoBKT.exe
  C:\Windows\System\QiLoBKT.exe
  2⤵
  PID:3240
- C:\Windows\System\FELgoQo.exe
  C:\Windows\System\FELgoQo.exe
  2⤵
  PID:3664
- C:\Windows\System\GyVOcNx.exe
  C:\Windows\System\GyVOcNx.exe
  2⤵
  PID:3900
- C:\Windows\System\Xcvmwop.exe
  C:\Windows\System\Xcvmwop.exe
  2⤵
  PID:3920
- C:\Windows\System\KkhuOQq.exe
  C:\Windows\System\KkhuOQq.exe
  2⤵
  PID:3980
- C:\Windows\System\oKSBzwz.exe
  C:\Windows\System\oKSBzwz.exe
  2⤵
  PID:1124
- C:\Windows\System\vOGZYtk.exe
  C:\Windows\System\vOGZYtk.exe
  2⤵
  PID:992
- C:\Windows\System\SRXocxa.exe
  C:\Windows\System\SRXocxa.exe
  2⤵
  PID:864
- C:\Windows\System\adieNXZ.exe
  C:\Windows\System\adieNXZ.exe
  2⤵
  PID:3280
- C:\Windows\System\aefCqMO.exe
  C:\Windows\System\aefCqMO.exe
  2⤵
  PID:3308
- C:\Windows\System\QoNekXa.exe
  C:\Windows\System\QoNekXa.exe
  2⤵
  PID:4100
- C:\Windows\System\MbSRvGQ.exe
  C:\Windows\System\MbSRvGQ.exe
  2⤵
  PID:4120
- C:\Windows\System\JSpglIL.exe
  C:\Windows\System\JSpglIL.exe
  2⤵
  PID:4140
- C:\Windows\System\EZNSNEH.exe
  C:\Windows\System\EZNSNEH.exe
  2⤵
  PID:4160
- C:\Windows\System\dPhCJcB.exe
  C:\Windows\System\dPhCJcB.exe
  2⤵
  PID:4180
- C:\Windows\System\iFSwrii.exe
  C:\Windows\System\iFSwrii.exe
  2⤵
  PID:4200
- C:\Windows\System\pMWMMMI.exe
  C:\Windows\System\pMWMMMI.exe
  2⤵
  PID:4220
- C:\Windows\System\avpzgrE.exe
  C:\Windows\System\avpzgrE.exe
  2⤵
  PID:4244
- C:\Windows\System\KnqwXjA.exe
  C:\Windows\System\KnqwXjA.exe
  2⤵
  PID:4264
- C:\Windows\System\ImascBa.exe
  C:\Windows\System\ImascBa.exe
  2⤵
  PID:4284
- C:\Windows\System\nsMkhAA.exe
  C:\Windows\System\nsMkhAA.exe
  2⤵
  PID:4304
- C:\Windows\System\axPSEex.exe
  C:\Windows\System\axPSEex.exe
  2⤵
  PID:4324
- C:\Windows\System\GlCzyAT.exe
  C:\Windows\System\GlCzyAT.exe
  2⤵
  PID:4344
- C:\Windows\System\hMxeEEG.exe
  C:\Windows\System\hMxeEEG.exe
  2⤵
  PID:4364
- C:\Windows\System\xaKevLg.exe
  C:\Windows\System\xaKevLg.exe
  2⤵
  PID:4384
- C:\Windows\System\xtkLyho.exe
  C:\Windows\System\xtkLyho.exe
  2⤵
  PID:4404
- C:\Windows\System\FRfqAUS.exe
  C:\Windows\System\FRfqAUS.exe
  2⤵
  PID:4424
- C:\Windows\System\CvvlEjM.exe
  C:\Windows\System\CvvlEjM.exe
  2⤵
  PID:4444
- C:\Windows\System\puOQIZg.exe
  C:\Windows\System\puOQIZg.exe
  2⤵
  PID:4464
- C:\Windows\System\SYrCfqm.exe
  C:\Windows\System\SYrCfqm.exe
  2⤵
  PID:4484
- C:\Windows\System\ZJwHStl.exe
  C:\Windows\System\ZJwHStl.exe
  2⤵
  PID:4504
- C:\Windows\System\DzlBYAh.exe
  C:\Windows\System\DzlBYAh.exe
  2⤵
  PID:4528
- C:\Windows\System\EchbVNj.exe
  C:\Windows\System\EchbVNj.exe
  2⤵
  PID:4548
- C:\Windows\System\JCascSE.exe
  C:\Windows\System\JCascSE.exe
  2⤵
  PID:4568
- C:\Windows\System\hCUyEbM.exe
  C:\Windows\System\hCUyEbM.exe
  2⤵
  PID:4588
- C:\Windows\System\bKKqUGv.exe
  C:\Windows\System\bKKqUGv.exe
  2⤵
  PID:4608
- C:\Windows\System\qwDltdu.exe
  C:\Windows\System\qwDltdu.exe
  2⤵
  PID:4628
- C:\Windows\System\cDrpDBv.exe
  C:\Windows\System\cDrpDBv.exe
  2⤵
  PID:4648
- C:\Windows\System\SRHDrFl.exe
  C:\Windows\System\SRHDrFl.exe
  2⤵
  PID:4668
- C:\Windows\System\GjcFjxC.exe
  C:\Windows\System\GjcFjxC.exe
  2⤵
  PID:4688
- C:\Windows\System\yhLklGU.exe
  C:\Windows\System\yhLklGU.exe
  2⤵
  PID:4708
- C:\Windows\System\CSEANaO.exe
  C:\Windows\System\CSEANaO.exe
  2⤵
  PID:4728
- C:\Windows\System\XiOdaTp.exe
  C:\Windows\System\XiOdaTp.exe
  2⤵
  PID:4748
- C:\Windows\System\gTdlOgv.exe
  C:\Windows\System\gTdlOgv.exe
  2⤵
  PID:4768
- C:\Windows\System\vqnywpt.exe
  C:\Windows\System\vqnywpt.exe
  2⤵
  PID:4788
- C:\Windows\System\GmyPTqu.exe
  C:\Windows\System\GmyPTqu.exe
  2⤵
  PID:4808
- C:\Windows\System\GnSSePO.exe
  C:\Windows\System\GnSSePO.exe
  2⤵
  PID:4828
- C:\Windows\System\luVfGWr.exe
  C:\Windows\System\luVfGWr.exe
  2⤵
  PID:4848
- C:\Windows\System\EGPIuVC.exe
  C:\Windows\System\EGPIuVC.exe
  2⤵
  PID:4868
- C:\Windows\System\TJoHnyp.exe
  C:\Windows\System\TJoHnyp.exe
  2⤵
  PID:4888
- C:\Windows\System\LnSzXON.exe
  C:\Windows\System\LnSzXON.exe
  2⤵
  PID:4904
- C:\Windows\System\KtFplGS.exe
  C:\Windows\System\KtFplGS.exe
  2⤵
  PID:4928
- C:\Windows\System\TfYHzUd.exe
  C:\Windows\System\TfYHzUd.exe
  2⤵
  PID:4948
- C:\Windows\System\WPAdtqK.exe
  C:\Windows\System\WPAdtqK.exe
  2⤵
  PID:4968
- C:\Windows\System\SsOZpcM.exe
  C:\Windows\System\SsOZpcM.exe
  2⤵
  PID:4988
- C:\Windows\System\zDNPEjt.exe
  C:\Windows\System\zDNPEjt.exe
  2⤵
  PID:5008
- C:\Windows\System\zXounEI.exe
  C:\Windows\System\zXounEI.exe
  2⤵
  PID:5024
- C:\Windows\System\kXDdCgu.exe
  C:\Windows\System\kXDdCgu.exe
  2⤵
  PID:5044
- C:\Windows\System\fbOrXel.exe
  C:\Windows\System\fbOrXel.exe
  2⤵
  PID:5064
- C:\Windows\System\wGPlUuw.exe
  C:\Windows\System\wGPlUuw.exe
  2⤵
  PID:5084
- C:\Windows\System\hTmWHBg.exe
  C:\Windows\System\hTmWHBg.exe
  2⤵
  PID:5104
- C:\Windows\System\aPUAqvx.exe
  C:\Windows\System\aPUAqvx.exe
  2⤵
  PID:3532
- C:\Windows\System\LXxVuTe.exe
  C:\Windows\System\LXxVuTe.exe
  2⤵
  PID:3752
- C:\Windows\System\WJBcaTo.exe
  C:\Windows\System\WJBcaTo.exe
  2⤵
  PID:3932
- C:\Windows\System\jpRlutE.exe
  C:\Windows\System\jpRlutE.exe
  2⤵
  PID:3828
- C:\Windows\System\iGPSFtt.exe
  C:\Windows\System\iGPSFtt.exe
  2⤵
  PID:3976
- C:\Windows\System\uLBrGfy.exe
  C:\Windows\System\uLBrGfy.exe
  2⤵
  PID:2644
- C:\Windows\System\cDbxmtt.exe
  C:\Windows\System\cDbxmtt.exe
  2⤵
  PID:1288
- C:\Windows\System\AnNRANp.exe
  C:\Windows\System\AnNRANp.exe
  2⤵
  PID:4108
- C:\Windows\System\qlfeFqr.exe
  C:\Windows\System\qlfeFqr.exe
  2⤵
  PID:4128
- C:\Windows\System\LQiQJOB.exe
  C:\Windows\System\LQiQJOB.exe
  2⤵
  PID:4152
- C:\Windows\System\ERgvAYm.exe
  C:\Windows\System\ERgvAYm.exe
  2⤵
  PID:4196
- C:\Windows\System\IwvqbzK.exe
  C:\Windows\System\IwvqbzK.exe
  2⤵
  PID:4228
- C:\Windows\System\nvXMZNF.exe
  C:\Windows\System\nvXMZNF.exe
  2⤵
  PID:4260
- C:\Windows\System\ATYHYZe.exe
  C:\Windows\System\ATYHYZe.exe
  2⤵
  PID:4312
- C:\Windows\System\OyXmkpu.exe
  C:\Windows\System\OyXmkpu.exe
  2⤵
  PID:4332
- C:\Windows\System\NKarrzP.exe
  C:\Windows\System\NKarrzP.exe
  2⤵
  PID:4336
- C:\Windows\System\IPaorKc.exe
  C:\Windows\System\IPaorKc.exe
  2⤵
  PID:4380
- C:\Windows\System\dKtNwWO.exe
  C:\Windows\System\dKtNwWO.exe
  2⤵
  PID:4436
- C:\Windows\System\zIcnsSo.exe
  C:\Windows\System\zIcnsSo.exe
  2⤵
  PID:4480
- C:\Windows\System\GBfAfQF.exe
  C:\Windows\System\GBfAfQF.exe
  2⤵
  PID:4512
- C:\Windows\System\bDvDSxv.exe
  C:\Windows\System\bDvDSxv.exe
  2⤵
  PID:4536
- C:\Windows\System\SzTZiyX.exe
  C:\Windows\System\SzTZiyX.exe
  2⤵
  PID:4564
- C:\Windows\System\gxuvyaU.exe
  C:\Windows\System\gxuvyaU.exe
  2⤵
  PID:4600
- C:\Windows\System\bClSySs.exe
  C:\Windows\System\bClSySs.exe
  2⤵
  PID:4636
- C:\Windows\System\BJCPQDo.exe
  C:\Windows\System\BJCPQDo.exe
  2⤵
  PID:4660
- C:\Windows\System\DQwNIYO.exe
  C:\Windows\System\DQwNIYO.exe
  2⤵
  PID:4704
- C:\Windows\System\wJRLLrd.exe
  C:\Windows\System\wJRLLrd.exe
  2⤵
  PID:2636
- C:\Windows\System\JkHuwZV.exe
  C:\Windows\System\JkHuwZV.exe
  2⤵
  PID:4760
- C:\Windows\System\OuOXWOA.exe
  C:\Windows\System\OuOXWOA.exe
  2⤵
  PID:4796
- C:\Windows\System\sLyBBzE.exe
  C:\Windows\System\sLyBBzE.exe
  2⤵
  PID:4784
- C:\Windows\System\TkpTZtP.exe
  C:\Windows\System\TkpTZtP.exe
  2⤵
  PID:4824
- C:\Windows\System\NWBEQri.exe
  C:\Windows\System\NWBEQri.exe
  2⤵
  PID:4884
- C:\Windows\System\ptaISON.exe
  C:\Windows\System\ptaISON.exe
  2⤵
  PID:4912
- C:\Windows\System\FddOpUk.exe
  C:\Windows\System\FddOpUk.exe
  2⤵
  PID:4900
- C:\Windows\System\aYDTVFc.exe
  C:\Windows\System\aYDTVFc.exe
  2⤵
  PID:4944
- C:\Windows\System\IDnlppJ.exe
  C:\Windows\System\IDnlppJ.exe
  2⤵
  PID:5004
- C:\Windows\System\FKrExDg.exe
  C:\Windows\System\FKrExDg.exe
  2⤵
  PID:5036
- C:\Windows\System\bUQdyiD.exe
  C:\Windows\System\bUQdyiD.exe
  2⤵
  PID:5076
- C:\Windows\System\sUIHezz.exe
  C:\Windows\System\sUIHezz.exe
  2⤵
  PID:5116
- C:\Windows\System\MCDfpiE.exe
  C:\Windows\System\MCDfpiE.exe
  2⤵
  PID:5100
- C:\Windows\System\KVLEKEL.exe
  C:\Windows\System\KVLEKEL.exe
  2⤵
  PID:3632
- C:\Windows\System\adRsRQl.exe
  C:\Windows\System\adRsRQl.exe
  2⤵
  PID:3952
- C:\Windows\System\SjRmHHY.exe
  C:\Windows\System\SjRmHHY.exe
  2⤵
  PID:2980
- C:\Windows\System\zWWODdH.exe
  C:\Windows\System\zWWODdH.exe
  2⤵
  PID:3404
- C:\Windows\System\dKdOnBG.exe
  C:\Windows\System\dKdOnBG.exe
  2⤵
  PID:4132
- C:\Windows\System\EAXpoBl.exe
  C:\Windows\System\EAXpoBl.exe
  2⤵
  PID:4172
- C:\Windows\System\DCWjBgq.exe
  C:\Windows\System\DCWjBgq.exe
  2⤵
  PID:4252
- C:\Windows\System\NEtvWHD.exe
  C:\Windows\System\NEtvWHD.exe
  2⤵
  PID:4292
- C:\Windows\System\IkhTESh.exe
  C:\Windows\System\IkhTESh.exe
  2⤵
  PID:4340
- C:\Windows\System\gSWtbvB.exe
  C:\Windows\System\gSWtbvB.exe
  2⤵
  PID:4440
- C:\Windows\System\mECdleI.exe
  C:\Windows\System\mECdleI.exe
  2⤵
  PID:4456
- C:\Windows\System\ikcRYSw.exe
  C:\Windows\System\ikcRYSw.exe
  2⤵
  PID:4500
- C:\Windows\System\PDHZlrT.exe
  C:\Windows\System\PDHZlrT.exe
  2⤵
  PID:4604
- C:\Windows\System\thYhtAq.exe
  C:\Windows\System\thYhtAq.exe
  2⤵
  PID:4624
- C:\Windows\System\COcHbdy.exe
  C:\Windows\System\COcHbdy.exe
  2⤵
  PID:2788
- C:\Windows\System\YQUAOKo.exe
  C:\Windows\System\YQUAOKo.exe
  2⤵
  PID:4724
- C:\Windows\System\FayhCjI.exe
  C:\Windows\System\FayhCjI.exe
  2⤵
  PID:4756
- C:\Windows\System\baaFcEq.exe
  C:\Windows\System\baaFcEq.exe
  2⤵
  PID:4836
- C:\Windows\System\pZuKmhz.exe
  C:\Windows\System\pZuKmhz.exe
  2⤵
  PID:4864
- C:\Windows\System\jvzwFKw.exe
  C:\Windows\System\jvzwFKw.exe
  2⤵
  PID:2616
- C:\Windows\System\mlsRoeC.exe
  C:\Windows\System\mlsRoeC.exe
  2⤵
  PID:4964
- C:\Windows\System\PVUiBhK.exe
  C:\Windows\System\PVUiBhK.exe
  2⤵
  PID:4980
- C:\Windows\System\rHZUHxs.exe
  C:\Windows\System\rHZUHxs.exe
  2⤵
  PID:5056
- C:\Windows\System\XgmTCEH.exe
  C:\Windows\System\XgmTCEH.exe
  2⤵
  PID:3564
- C:\Windows\System\EhMMlhG.exe
  C:\Windows\System\EhMMlhG.exe
  2⤵
  PID:2300
- C:\Windows\System\wIGBfPC.exe
  C:\Windows\System\wIGBfPC.exe
  2⤵
  PID:876
- C:\Windows\System\GeSeEFy.exe
  C:\Windows\System\GeSeEFy.exe
  2⤵
  PID:2892
- C:\Windows\System\BfLrdGT.exe
  C:\Windows\System\BfLrdGT.exe
  2⤵
  PID:5132
- C:\Windows\System\NhypXRX.exe
  C:\Windows\System\NhypXRX.exe
  2⤵
  PID:5152
- C:\Windows\System\mmqfvRv.exe
  C:\Windows\System\mmqfvRv.exe
  2⤵
  PID:5172
- C:\Windows\System\FDotJJE.exe
  C:\Windows\System\FDotJJE.exe
  2⤵
  PID:5192
- C:\Windows\System\SUXapOf.exe
  C:\Windows\System\SUXapOf.exe
  2⤵
  PID:5212
- C:\Windows\System\IeKJypP.exe
  C:\Windows\System\IeKJypP.exe
  2⤵
  PID:5232
- C:\Windows\System\fuujncE.exe
  C:\Windows\System\fuujncE.exe
  2⤵
  PID:5252
- C:\Windows\System\myWOrUB.exe
  C:\Windows\System\myWOrUB.exe
  2⤵
  PID:5272
- C:\Windows\System\sLUauVo.exe
  C:\Windows\System\sLUauVo.exe
  2⤵
  PID:5292
- C:\Windows\System\rsUTCVV.exe
  C:\Windows\System\rsUTCVV.exe
  2⤵
  PID:5312
- C:\Windows\System\cpkSrDm.exe
  C:\Windows\System\cpkSrDm.exe
  2⤵
  PID:5332
- C:\Windows\System\WykYFOC.exe
  C:\Windows\System\WykYFOC.exe
  2⤵
  PID:5352
- C:\Windows\System\JgxyNXn.exe
  C:\Windows\System\JgxyNXn.exe
  2⤵
  PID:5372
- C:\Windows\System\AuSqsQF.exe
  C:\Windows\System\AuSqsQF.exe
  2⤵
  PID:5392
- C:\Windows\System\ottEjLV.exe
  C:\Windows\System\ottEjLV.exe
  2⤵
  PID:5412
- C:\Windows\System\YtvJYfV.exe
  C:\Windows\System\YtvJYfV.exe
  2⤵
  PID:5432
- C:\Windows\System\pjQGgqT.exe
  C:\Windows\System\pjQGgqT.exe
  2⤵
  PID:5452
- C:\Windows\System\XowphFM.exe
  C:\Windows\System\XowphFM.exe
  2⤵
  PID:5472
- C:\Windows\System\DlVRrOx.exe
  C:\Windows\System\DlVRrOx.exe
  2⤵
  PID:5492
- C:\Windows\System\zxufQYe.exe
  C:\Windows\System\zxufQYe.exe
  2⤵
  PID:5512
- C:\Windows\System\FKkyrcv.exe
  C:\Windows\System\FKkyrcv.exe
  2⤵
  PID:5532
- C:\Windows\System\pmUzqpH.exe
  C:\Windows\System\pmUzqpH.exe
  2⤵
  PID:5552
- C:\Windows\System\zIuTDXj.exe
  C:\Windows\System\zIuTDXj.exe
  2⤵
  PID:5572
- C:\Windows\System\ZEWvJHt.exe
  C:\Windows\System\ZEWvJHt.exe
  2⤵
  PID:5592
- C:\Windows\System\EHwDWCI.exe
  C:\Windows\System\EHwDWCI.exe
  2⤵
  PID:5612
- C:\Windows\System\xUTnept.exe
  C:\Windows\System\xUTnept.exe
  2⤵
  PID:5632
- C:\Windows\System\cQucvyc.exe
  C:\Windows\System\cQucvyc.exe
  2⤵
  PID:5652
- C:\Windows\System\LQTKSCU.exe
  C:\Windows\System\LQTKSCU.exe
  2⤵
  PID:5672
- C:\Windows\System\mHJyCoA.exe
  C:\Windows\System\mHJyCoA.exe
  2⤵
  PID:5692
- C:\Windows\System\awPyLGb.exe
  C:\Windows\System\awPyLGb.exe
  2⤵
  PID:5712
- C:\Windows\System\vWKXJUg.exe
  C:\Windows\System\vWKXJUg.exe
  2⤵
  PID:5732
- C:\Windows\System\HYjQoSy.exe
  C:\Windows\System\HYjQoSy.exe
  2⤵
  PID:5752
- C:\Windows\System\vacMerA.exe
  C:\Windows\System\vacMerA.exe
  2⤵
  PID:5772
- C:\Windows\System\EuoODSi.exe
  C:\Windows\System\EuoODSi.exe
  2⤵
  PID:5792
- C:\Windows\System\ScCfGmh.exe
  C:\Windows\System\ScCfGmh.exe
  2⤵
  PID:5812
- C:\Windows\System\fVKyNWM.exe
  C:\Windows\System\fVKyNWM.exe
  2⤵
  PID:5832
- C:\Windows\System\irPUvLa.exe
  C:\Windows\System\irPUvLa.exe
  2⤵
  PID:5852
- C:\Windows\System\BhxzcuG.exe
  C:\Windows\System\BhxzcuG.exe
  2⤵
  PID:5872
- C:\Windows\System\xJWWXda.exe
  C:\Windows\System\xJWWXda.exe
  2⤵
  PID:5892
- C:\Windows\System\bOEmlYt.exe
  C:\Windows\System\bOEmlYt.exe
  2⤵
  PID:5912
- C:\Windows\System\nDZCDLN.exe
  C:\Windows\System\nDZCDLN.exe
  2⤵
  PID:5932
- C:\Windows\System\WHRGVtz.exe
  C:\Windows\System\WHRGVtz.exe
  2⤵
  PID:5952
- C:\Windows\System\BlyUITR.exe
  C:\Windows\System\BlyUITR.exe
  2⤵
  PID:5972
- C:\Windows\System\VVGBoSW.exe
  C:\Windows\System\VVGBoSW.exe
  2⤵
  PID:5992
- C:\Windows\System\MjtcTEk.exe
  C:\Windows\System\MjtcTEk.exe
  2⤵
  PID:6012
- C:\Windows\System\SJNmtiX.exe
  C:\Windows\System\SJNmtiX.exe
  2⤵
  PID:6032
- C:\Windows\System\EZKNBko.exe
  C:\Windows\System\EZKNBko.exe
  2⤵
  PID:6052
- C:\Windows\System\YMkvKnN.exe
  C:\Windows\System\YMkvKnN.exe
  2⤵
  PID:6072
- C:\Windows\System\jewrPhr.exe
  C:\Windows\System\jewrPhr.exe
  2⤵
  PID:6092
- C:\Windows\System\vyWZYrf.exe
  C:\Windows\System\vyWZYrf.exe
  2⤵
  PID:6112
- C:\Windows\System\LQjfZpq.exe
  C:\Windows\System\LQjfZpq.exe
  2⤵
  PID:6132
- C:\Windows\System\osqpFjI.exe
  C:\Windows\System\osqpFjI.exe
  2⤵
  PID:4148
- C:\Windows\System\NnRkkIU.exe
  C:\Windows\System\NnRkkIU.exe
  2⤵
  PID:4300
- C:\Windows\System\VSnNewH.exe
  C:\Windows\System\VSnNewH.exe
  2⤵
  PID:4400
- C:\Windows\System\SsqCbKW.exe
  C:\Windows\System\SsqCbKW.exe
  2⤵
  PID:4496
- C:\Windows\System\spwIrGw.exe
  C:\Windows\System\spwIrGw.exe
  2⤵
  PID:4640
- C:\Windows\System\pUxwgWK.exe
  C:\Windows\System\pUxwgWK.exe
  2⤵
  PID:4720
- C:\Windows\System\PTNiDal.exe
  C:\Windows\System\PTNiDal.exe
  2⤵
  PID:4740
- C:\Windows\System\zALXRsv.exe
  C:\Windows\System\zALXRsv.exe
  2⤵
  PID:4800
- C:\Windows\System\UHijGfG.exe
  C:\Windows\System\UHijGfG.exe
  2⤵
  PID:4856
- C:\Windows\System\iXXzLDz.exe
  C:\Windows\System\iXXzLDz.exe
  2⤵
  PID:4960
- C:\Windows\System\XBibpoO.exe
  C:\Windows\System\XBibpoO.exe
  2⤵
  PID:5032
- C:\Windows\System\UgraFQj.exe
  C:\Windows\System\UgraFQj.exe
  2⤵
  PID:3692
- C:\Windows\System\vlBCZOs.exe
  C:\Windows\System\vlBCZOs.exe
  2⤵
  PID:4072
- C:\Windows\System\ZeIDUBw.exe
  C:\Windows\System\ZeIDUBw.exe
  2⤵
  PID:4156
- C:\Windows\System\PvJRFDs.exe
  C:\Windows\System\PvJRFDs.exe
  2⤵
  PID:5144
- C:\Windows\System\nPBfqCP.exe
  C:\Windows\System\nPBfqCP.exe
  2⤵
  PID:5164
- C:\Windows\System\YaHOIUk.exe
  C:\Windows\System\YaHOIUk.exe
  2⤵
  PID:5220
- C:\Windows\System\VzLDEfB.exe
  C:\Windows\System\VzLDEfB.exe
  2⤵
  PID:5248
- C:\Windows\System\POnnFHi.exe
  C:\Windows\System\POnnFHi.exe
  2⤵
  PID:5288
- C:\Windows\System\kUWJFgU.exe
  C:\Windows\System\kUWJFgU.exe
  2⤵
  PID:5320
- C:\Windows\System\lGZzYoE.exe
  C:\Windows\System\lGZzYoE.exe
  2⤵
  PID:5344
- C:\Windows\System\vmxISuw.exe
  C:\Windows\System\vmxISuw.exe
  2⤵
  PID:5364
- C:\Windows\System\VRQgrKX.exe
  C:\Windows\System\VRQgrKX.exe
  2⤵
  PID:5420
- C:\Windows\System\ttaFVRZ.exe
  C:\Windows\System\ttaFVRZ.exe
  2⤵
  PID:5448
- C:\Windows\System\txZyblX.exe
  C:\Windows\System\txZyblX.exe
  2⤵
  PID:5488
- C:\Windows\System\mAaIZea.exe
  C:\Windows\System\mAaIZea.exe
  2⤵
  PID:5520
- C:\Windows\System\JYjnTzJ.exe
  C:\Windows\System\JYjnTzJ.exe
  2⤵
  PID:5092
- C:\Windows\System\dUpcUue.exe
  C:\Windows\System\dUpcUue.exe
  2⤵
  PID:5560
- C:\Windows\System\OwkPXbd.exe
  C:\Windows\System\OwkPXbd.exe
  2⤵
  PID:5584
- C:\Windows\System\rVYFlLz.exe
  C:\Windows\System\rVYFlLz.exe
  2⤵
  PID:5628
- C:\Windows\System\OZNHoMv.exe
  C:\Windows\System\OZNHoMv.exe
  2⤵
  PID:5668
- C:\Windows\System\MaxMzSE.exe
  C:\Windows\System\MaxMzSE.exe
  2⤵
  PID:5708
- C:\Windows\System\dYKRGhL.exe
  C:\Windows\System\dYKRGhL.exe
  2⤵
  PID:5740
- C:\Windows\System\OkEKOum.exe
  C:\Windows\System\OkEKOum.exe
  2⤵
  PID:5724
- C:\Windows\System\lefezeB.exe
  C:\Windows\System\lefezeB.exe
  2⤵
  PID:5788
- C:\Windows\System\dQXGPwe.exe
  C:\Windows\System\dQXGPwe.exe
  2⤵
  PID:2720
- C:\Windows\System\mBlnlHY.exe
  C:\Windows\System\mBlnlHY.exe
  2⤵
  PID:5824
- C:\Windows\System\JuEOZRR.exe
  C:\Windows\System\JuEOZRR.exe
  2⤵
  PID:5868
- C:\Windows\System\sqMZjiI.exe
  C:\Windows\System\sqMZjiI.exe
  2⤵
  PID:5908
- C:\Windows\System\UucNtph.exe
  C:\Windows\System\UucNtph.exe
  2⤵
  PID:5940
- C:\Windows\System\CoArEYP.exe
  C:\Windows\System\CoArEYP.exe
  2⤵
  PID:5960
- C:\Windows\System\HfbgeVh.exe
  C:\Windows\System\HfbgeVh.exe
  2⤵
  PID:5984
- C:\Windows\System\npKTreh.exe
  C:\Windows\System\npKTreh.exe
  2⤵
  PID:6028
- C:\Windows\System\UGLZFHC.exe
  C:\Windows\System\UGLZFHC.exe
  2⤵
  PID:6044
- C:\Windows\System\wJIUvMT.exe
  C:\Windows\System\wJIUvMT.exe
  2⤵
  PID:6108
- C:\Windows\System\IQdMvve.exe
  C:\Windows\System\IQdMvve.exe
  2⤵
  PID:6128
- C:\Windows\System\pvxglXN.exe
  C:\Windows\System\pvxglXN.exe
  2⤵
  PID:4212
- C:\Windows\System\pyxgQew.exe
  C:\Windows\System\pyxgQew.exe
  2⤵
  PID:4396
- C:\Windows\System\OvwZZbr.exe
  C:\Windows\System\OvwZZbr.exe
  2⤵
  PID:4616
- C:\Windows\System\dxCcIUw.exe
  C:\Windows\System\dxCcIUw.exe
  2⤵
  PID:4764
- C:\Windows\System\QssFVkd.exe
  C:\Windows\System\QssFVkd.exe
  2⤵
  PID:4524
- C:\Windows\System\GBkSdJt.exe
  C:\Windows\System\GBkSdJt.exe
  2⤵
  PID:4976
- C:\Windows\System\gGVRmiK.exe
  C:\Windows\System\gGVRmiK.exe
  2⤵
  PID:5072
- C:\Windows\System\VgnmLeP.exe
  C:\Windows\System\VgnmLeP.exe
  2⤵
  PID:3144
- C:\Windows\System\eEdDdMN.exe
  C:\Windows\System\eEdDdMN.exe
  2⤵
  PID:5148
- C:\Windows\System\ucmivVY.exe
  C:\Windows\System\ucmivVY.exe
  2⤵
  PID:5200
- C:\Windows\System\RdDQAWM.exe
  C:\Windows\System\RdDQAWM.exe
  2⤵
  PID:5260
- C:\Windows\System\UcXnetF.exe
  C:\Windows\System\UcXnetF.exe
  2⤵
  PID:5324
- C:\Windows\System\hAnBveN.exe
  C:\Windows\System\hAnBveN.exe
  2⤵
  PID:5380
- C:\Windows\System\DpCWTIS.exe
  C:\Windows\System\DpCWTIS.exe
  2⤵
  PID:5408
- C:\Windows\System\mOIQyvm.exe
  C:\Windows\System\mOIQyvm.exe
  2⤵
  PID:5480
- C:\Windows\System\awwnGzQ.exe
  C:\Windows\System\awwnGzQ.exe
  2⤵
  PID:2200
- C:\Windows\System\pEcGINc.exe
  C:\Windows\System\pEcGINc.exe
  2⤵
  PID:2716
- C:\Windows\System\rKAABbS.exe
  C:\Windows\System\rKAABbS.exe
  2⤵
  PID:5604
- C:\Windows\System\hiDRIKr.exe
  C:\Windows\System\hiDRIKr.exe
  2⤵
  PID:5664
- C:\Windows\System\QswjkiK.exe
  C:\Windows\System\QswjkiK.exe
  2⤵
  PID:5704
- C:\Windows\System\ONZDgad.exe
  C:\Windows\System\ONZDgad.exe
  2⤵
  PID:5764
- C:\Windows\System\gyhMLef.exe
  C:\Windows\System\gyhMLef.exe
  2⤵
  PID:5804
- C:\Windows\System\TMsxjoM.exe
  C:\Windows\System\TMsxjoM.exe
  2⤵
  PID:2728
- C:\Windows\System\aloJDER.exe
  C:\Windows\System\aloJDER.exe
  2⤵
  PID:5928
- C:\Windows\System\XNOofZY.exe
  C:\Windows\System\XNOofZY.exe
  2⤵
  PID:5964
- C:\Windows\System\vWoYgjj.exe
  C:\Windows\System\vWoYgjj.exe
  2⤵
  PID:6004
- C:\Windows\System\cjYgHyp.exe
  C:\Windows\System\cjYgHyp.exe
  2⤵
  PID:6048
- C:\Windows\System\qoWynDq.exe
  C:\Windows\System\qoWynDq.exe
  2⤵
  PID:6140
- C:\Windows\System\CAGVdaV.exe
  C:\Windows\System\CAGVdaV.exe
  2⤵
  PID:4316
- C:\Windows\System\LEfIcQS.exe
  C:\Windows\System\LEfIcQS.exe
  2⤵
  PID:4680
- C:\Windows\System\EttqFER.exe
  C:\Windows\System\EttqFER.exe
  2⤵
  PID:2724
- C:\Windows\System\glZgHmi.exe
  C:\Windows\System\glZgHmi.exe
  2⤵
  PID:4876
- C:\Windows\System\gaTSQkB.exe
  C:\Windows\System\gaTSQkB.exe
  2⤵
  PID:5128
- C:\Windows\System\MqZJgcz.exe
  C:\Windows\System\MqZJgcz.exe
  2⤵
  PID:5208
- C:\Windows\System\JanMoYG.exe
  C:\Windows\System\JanMoYG.exe
  2⤵
  PID:5300
- C:\Windows\System\QUIjuhX.exe
  C:\Windows\System\QUIjuhX.exe
  2⤵
  PID:5368
- C:\Windows\System\brZhfeR.exe
  C:\Windows\System\brZhfeR.exe
  2⤵
  PID:5440
- C:\Windows\System\dSVPgDm.exe
  C:\Windows\System\dSVPgDm.exe
  2⤵
  PID:5568
- C:\Windows\System\oYncpEf.exe
  C:\Windows\System\oYncpEf.exe
  2⤵
  PID:5620
- C:\Windows\System\wBNzaom.exe
  C:\Windows\System\wBNzaom.exe
  2⤵
  PID:348
- C:\Windows\System\HpfdImO.exe
  C:\Windows\System\HpfdImO.exe
  2⤵
  PID:5828
- C:\Windows\System\zjlGuXk.exe
  C:\Windows\System\zjlGuXk.exe
  2⤵
  PID:5900
- C:\Windows\System\vsJThCR.exe
  C:\Windows\System\vsJThCR.exe
  2⤵
  PID:5884
- C:\Windows\System\cbYhMiF.exe
  C:\Windows\System\cbYhMiF.exe
  2⤵
  PID:6020
- C:\Windows\System\bMmIFRM.exe
  C:\Windows\System\bMmIFRM.exe
  2⤵
  PID:4412
- C:\Windows\System\FDIKwLw.exe
  C:\Windows\System\FDIKwLw.exe
  2⤵
  PID:6160
- C:\Windows\System\YpTvose.exe
  C:\Windows\System\YpTvose.exe
  2⤵
  PID:6180
- C:\Windows\System\cLgNyqZ.exe
  C:\Windows\System\cLgNyqZ.exe
  2⤵
  PID:6200
- C:\Windows\System\flNXQJD.exe
  C:\Windows\System\flNXQJD.exe
  2⤵
  PID:6224
- C:\Windows\System\tUPWGyp.exe
  C:\Windows\System\tUPWGyp.exe
  2⤵
  PID:6244
- C:\Windows\System\FcdfVQR.exe
  C:\Windows\System\FcdfVQR.exe
  2⤵
  PID:6264
- C:\Windows\System\ZgtQckY.exe
  C:\Windows\System\ZgtQckY.exe
  2⤵
  PID:6284
- C:\Windows\System\WMUwDgj.exe
  C:\Windows\System\WMUwDgj.exe
  2⤵
  PID:6304
- C:\Windows\System\GQcnDrC.exe
  C:\Windows\System\GQcnDrC.exe
  2⤵
  PID:6324
- C:\Windows\System\MxqdsTW.exe
  C:\Windows\System\MxqdsTW.exe
  2⤵
  PID:6344
- C:\Windows\System\WWcFNab.exe
  C:\Windows\System\WWcFNab.exe
  2⤵
  PID:6364
- C:\Windows\System\lkMMldZ.exe
  C:\Windows\System\lkMMldZ.exe
  2⤵
  PID:6384
- C:\Windows\System\JPAFtwh.exe
  C:\Windows\System\JPAFtwh.exe
  2⤵
  PID:6404
- C:\Windows\System\nZtISRj.exe
  C:\Windows\System\nZtISRj.exe
  2⤵
  PID:6424
- C:\Windows\System\FxLZuLR.exe
  C:\Windows\System\FxLZuLR.exe
  2⤵
  PID:6444
- C:\Windows\System\plerOnH.exe
  C:\Windows\System\plerOnH.exe
  2⤵
  PID:6464
- C:\Windows\System\AOboyTW.exe
  C:\Windows\System\AOboyTW.exe
  2⤵
  PID:6484
- C:\Windows\System\tVfbwCB.exe
  C:\Windows\System\tVfbwCB.exe
  2⤵
  PID:6504
- C:\Windows\System\BvetkpF.exe
  C:\Windows\System\BvetkpF.exe
  2⤵
  PID:6524
- C:\Windows\System\tkNAcSZ.exe
  C:\Windows\System\tkNAcSZ.exe
  2⤵
  PID:6544
- C:\Windows\System\xmDclep.exe
  C:\Windows\System\xmDclep.exe
  2⤵
  PID:6564
- C:\Windows\System\XwlSiiU.exe
  C:\Windows\System\XwlSiiU.exe
  2⤵
  PID:6584
- C:\Windows\System\pVOnvxi.exe
  C:\Windows\System\pVOnvxi.exe
  2⤵
  PID:6604
- C:\Windows\System\MoeWwvc.exe
  C:\Windows\System\MoeWwvc.exe
  2⤵
  PID:6624
- C:\Windows\System\WVJPNCe.exe
  C:\Windows\System\WVJPNCe.exe
  2⤵
  PID:6644
- C:\Windows\System\SxrANcL.exe
  C:\Windows\System\SxrANcL.exe
  2⤵
  PID:6664
- C:\Windows\System\axForEg.exe
  C:\Windows\System\axForEg.exe
  2⤵
  PID:6684
- C:\Windows\System\QlUyphl.exe
  C:\Windows\System\QlUyphl.exe
  2⤵
  PID:6708
- C:\Windows\System\chdrpPz.exe
  C:\Windows\System\chdrpPz.exe
  2⤵
  PID:6732
- C:\Windows\System\oMHlhMD.exe
  C:\Windows\System\oMHlhMD.exe
  2⤵
  PID:6752
- C:\Windows\System\UoJmYDa.exe
  C:\Windows\System\UoJmYDa.exe
  2⤵
  PID:6772
- C:\Windows\System\hBHbpGm.exe
  C:\Windows\System\hBHbpGm.exe
  2⤵
  PID:6792
- C:\Windows\System\swZkXTZ.exe
  C:\Windows\System\swZkXTZ.exe
  2⤵
  PID:6812
- C:\Windows\System\YGiMgEC.exe
  C:\Windows\System\YGiMgEC.exe
  2⤵
  PID:6832
- C:\Windows\System\slkPirC.exe
  C:\Windows\System\slkPirC.exe
  2⤵
  PID:6860
- C:\Windows\System\tPusMoQ.exe
  C:\Windows\System\tPusMoQ.exe
  2⤵
  PID:6880
- C:\Windows\System\fJnPOtK.exe
  C:\Windows\System\fJnPOtK.exe
  2⤵
  PID:6900
- C:\Windows\System\xHsqbAg.exe
  C:\Windows\System\xHsqbAg.exe
  2⤵
  PID:6920
- C:\Windows\System\OPUFQVt.exe
  C:\Windows\System\OPUFQVt.exe
  2⤵
  PID:6940
- C:\Windows\System\XmEpRDH.exe
  C:\Windows\System\XmEpRDH.exe
  2⤵
  PID:6960
- C:\Windows\System\cIcnzUG.exe
  C:\Windows\System\cIcnzUG.exe
  2⤵
  PID:6976
- C:\Windows\System\TsVpxKN.exe
  C:\Windows\System\TsVpxKN.exe
  2⤵
  PID:7000
- C:\Windows\System\lrRfbke.exe
  C:\Windows\System\lrRfbke.exe
  2⤵
  PID:7020
- C:\Windows\System\pfKcHpG.exe
  C:\Windows\System\pfKcHpG.exe
  2⤵
  PID:7044
- C:\Windows\System\FJnMZeX.exe
  C:\Windows\System\FJnMZeX.exe
  2⤵
  PID:7064
- C:\Windows\System\DkAmvIi.exe
  C:\Windows\System\DkAmvIi.exe
  2⤵
  PID:7084
- C:\Windows\System\WzqUWGw.exe
  C:\Windows\System\WzqUWGw.exe
  2⤵
  PID:7104
- C:\Windows\System\qsfHDcx.exe
  C:\Windows\System\qsfHDcx.exe
  2⤵
  PID:7124
- C:\Windows\System\sFfnTJW.exe
  C:\Windows\System\sFfnTJW.exe
  2⤵
  PID:7140
- C:\Windows\System\mwLMTyi.exe
  C:\Windows\System\mwLMTyi.exe
  2⤵
  PID:7164
- C:\Windows\System\mMRtDpy.exe
  C:\Windows\System\mMRtDpy.exe
  2⤵
  PID:4452
- C:\Windows\System\XphBnKJ.exe
  C:\Windows\System\XphBnKJ.exe
  2⤵
  PID:5112
- C:\Windows\System\CnvTkOG.exe
  C:\Windows\System\CnvTkOG.exe
  2⤵
  PID:5168
- C:\Windows\System\WmuTtap.exe
  C:\Windows\System\WmuTtap.exe
  2⤵
  PID:5224
- C:\Windows\System\wojmbSQ.exe
  C:\Windows\System\wojmbSQ.exe
  2⤵
  PID:5388
- C:\Windows\System\HSNRcAv.exe
  C:\Windows\System\HSNRcAv.exe
  2⤵
  PID:5588
- C:\Windows\System\YAceIgV.exe
  C:\Windows\System\YAceIgV.exe
  2⤵
  PID:5660
- C:\Windows\System\FTtgrEl.exe
  C:\Windows\System\FTtgrEl.exe
  2⤵
  PID:5820
- C:\Windows\System\octcTRd.exe
  C:\Windows\System\octcTRd.exe
  2⤵
  PID:5880
- C:\Windows\System\KjLAWAH.exe
  C:\Windows\System\KjLAWAH.exe
  2⤵
  PID:6084
- C:\Windows\System\mnSjxNb.exe
  C:\Windows\System\mnSjxNb.exe
  2⤵
  PID:6168
- C:\Windows\System\PUxMQFK.exe
  C:\Windows\System\PUxMQFK.exe
  2⤵
  PID:6296
- C:\Windows\System\SHghlZX.exe
  C:\Windows\System\SHghlZX.exe
  2⤵
  PID:6340
- C:\Windows\System\dyyvOTj.exe
  C:\Windows\System\dyyvOTj.exe
  2⤵
  PID:6380
- C:\Windows\System\czvVCec.exe
  C:\Windows\System\czvVCec.exe
  2⤵
  PID:6400
- C:\Windows\System\zBvzANi.exe
  C:\Windows\System\zBvzANi.exe
  2⤵
  PID:6432
- C:\Windows\System\fhrSlqk.exe
  C:\Windows\System\fhrSlqk.exe
  2⤵
  PID:6492
- C:\Windows\System\POBHMIl.exe
  C:\Windows\System\POBHMIl.exe
  2⤵
  PID:6496
- C:\Windows\System\jZvEXef.exe
  C:\Windows\System\jZvEXef.exe
  2⤵
  PID:6516
- C:\Windows\System\sQIbRkp.exe
  C:\Windows\System\sQIbRkp.exe
  2⤵
  PID:6556
- C:\Windows\System\EqsCkLT.exe
  C:\Windows\System\EqsCkLT.exe
  2⤵
  PID:6592
- C:\Windows\System\AcuiNpE.exe
  C:\Windows\System\AcuiNpE.exe
  2⤵
  PID:6660
- C:\Windows\System\qhpAYIc.exe
  C:\Windows\System\qhpAYIc.exe
  2⤵
  PID:6672
- C:\Windows\System\CKgPNTs.exe
  C:\Windows\System\CKgPNTs.exe
  2⤵
  PID:6740
- C:\Windows\System\sxMhZaW.exe
  C:\Windows\System\sxMhZaW.exe
  2⤵
  PID:6724
- C:\Windows\System\UyIwfnP.exe
  C:\Windows\System\UyIwfnP.exe
  2⤵
  PID:6768
- C:\Windows\System\WxRlIIg.exe
  C:\Windows\System\WxRlIIg.exe
  2⤵
  PID:6828
- C:\Windows\System\nVqqSgU.exe
  C:\Windows\System\nVqqSgU.exe
  2⤵
  PID:6840
- C:\Windows\System\MZsNABO.exe
  C:\Windows\System\MZsNABO.exe
  2⤵
  PID:6856
- C:\Windows\System\fmYCPnY.exe
  C:\Windows\System\fmYCPnY.exe
  2⤵
  PID:6912
- C:\Windows\System\aHHAQKL.exe
  C:\Windows\System\aHHAQKL.exe
  2⤵
  PID:6932
- C:\Windows\System\vLkFnoO.exe
  C:\Windows\System\vLkFnoO.exe
  2⤵
  PID:6968
- C:\Windows\System\rSHwrxi.exe
  C:\Windows\System\rSHwrxi.exe
  2⤵
  PID:7008
- C:\Windows\System\jNJlwvA.exe
  C:\Windows\System\jNJlwvA.exe
  2⤵
  PID:7060
- C:\Windows\System\VQJflej.exe
  C:\Windows\System\VQJflej.exe
  2⤵
  PID:7112
- C:\Windows\System\iGGQnQa.exe
  C:\Windows\System\iGGQnQa.exe
  2⤵
  PID:7116
- C:\Windows\System\BcDqxzX.exe
  C:\Windows\System\BcDqxzX.exe
  2⤵
  PID:7160
- C:\Windows\System\NHgCWCb.exe
  C:\Windows\System\NHgCWCb.exe
  2⤵
  PID:4860
- C:\Windows\System\UWBZZSQ.exe
  C:\Windows\System\UWBZZSQ.exe
  2⤵
  PID:2780
- C:\Windows\System\QGmZbaX.exe
  C:\Windows\System\QGmZbaX.exe
  2⤵
  PID:2084
- C:\Windows\System\BfvrtQC.exe
  C:\Windows\System\BfvrtQC.exe
  2⤵
  PID:5468
- C:\Windows\System\NOjhhIn.exe
  C:\Windows\System\NOjhhIn.exe
  2⤵
  PID:2908
- C:\Windows\System\TJwvpuR.exe
  C:\Windows\System\TJwvpuR.exe
  2⤵
  PID:5848
- C:\Windows\System\akSXuFJ.exe
  C:\Windows\System\akSXuFJ.exe
  2⤵
  PID:4188
- C:\Windows\System\otazNZu.exe
  C:\Windows\System\otazNZu.exe
  2⤵
  PID:6188
- C:\Windows\System\ykQodfz.exe
  C:\Windows\System\ykQodfz.exe
  2⤵
  PID:6372
- C:\Windows\System\wMkjGXu.exe
  C:\Windows\System\wMkjGXu.exe
  2⤵
  PID:6416
- C:\Windows\System\AVtnKZW.exe
  C:\Windows\System\AVtnKZW.exe
  2⤵
  PID:6480
- C:\Windows\System\oUTRiYm.exe
  C:\Windows\System\oUTRiYm.exe
  2⤵
  PID:6460
- C:\Windows\System\YekXdSg.exe
  C:\Windows\System\YekXdSg.exe
  2⤵
  PID:6552
- C:\Windows\System\zbbaDLR.exe
  C:\Windows\System\zbbaDLR.exe
  2⤵
  PID:6576
- C:\Windows\System\jxForAv.exe
  C:\Windows\System\jxForAv.exe
  2⤵
  PID:6692
- C:\Windows\System\OwCKRjD.exe
  C:\Windows\System\OwCKRjD.exe
  2⤵
  PID:6780
- C:\Windows\System\dFNetRY.exe
  C:\Windows\System\dFNetRY.exe
  2⤵
  PID:6784
- C:\Windows\System\zKmLUsP.exe
  C:\Windows\System\zKmLUsP.exe
  2⤵
  PID:6804
- C:\Windows\System\keIAmBV.exe
  C:\Windows\System\keIAmBV.exe
  2⤵
  PID:6892
- C:\Windows\System\HInenLI.exe
  C:\Windows\System\HInenLI.exe
  2⤵
  PID:6992
- C:\Windows\System\GBmUnfx.exe
  C:\Windows\System\GBmUnfx.exe
  2⤵
  PID:6988
- C:\Windows\System\KbnjhJG.exe
  C:\Windows\System\KbnjhJG.exe
  2⤵
  PID:7092
- C:\Windows\System\oltlBIB.exe
  C:\Windows\System\oltlBIB.exe
  2⤵
  PID:2928
- C:\Windows\System\LQseHqe.exe
  C:\Windows\System\LQseHqe.exe
  2⤵
  PID:5648
- C:\Windows\System\DvVADnc.exe
  C:\Windows\System\DvVADnc.exe
  2⤵
  PID:5980
- C:\Windows\System\jVzgTpl.exe
  C:\Windows\System\jVzgTpl.exe
  2⤵
  PID:3268
- C:\Windows\System\pViaQwj.exe
  C:\Windows\System\pViaQwj.exe
  2⤵
  PID:6396
- C:\Windows\System\mvCkwGo.exe
  C:\Windows\System\mvCkwGo.exe
  2⤵
  PID:6452
- C:\Windows\System\hEHgjyq.exe
  C:\Windows\System\hEHgjyq.exe
  2⤵
  PID:6456
- C:\Windows\System\NmmMgAa.exe
  C:\Windows\System\NmmMgAa.exe
  2⤵
  PID:6612
- C:\Windows\System\gylgObK.exe
  C:\Windows\System\gylgObK.exe
  2⤵
  PID:6540
- C:\Windows\System\FWTAawB.exe
  C:\Windows\System\FWTAawB.exe
  2⤵
  PID:6748
- C:\Windows\System\IkXxPLK.exe
  C:\Windows\System\IkXxPLK.exe
  2⤵
  PID:6800
- C:\Windows\System\KmmOAqy.exe
  C:\Windows\System\KmmOAqy.exe
  2⤵
  PID:2676
- C:\Windows\System\JVerFED.exe
  C:\Windows\System\JVerFED.exe
  2⤵
  PID:6956
- C:\Windows\System\vwsRVca.exe
  C:\Windows\System\vwsRVca.exe
  2⤵
  PID:7040
- C:\Windows\System\NIuQZAq.exe
  C:\Windows\System\NIuQZAq.exe
  2⤵
  PID:2956
- C:\Windows\System\BKsjDoW.exe
  C:\Windows\System\BKsjDoW.exe
  2⤵
  PID:2212
- C:\Windows\System\yYoCQjA.exe
  C:\Windows\System\yYoCQjA.exe
  2⤵
  PID:2460
- C:\Windows\System\ZqFIZVx.exe
  C:\Windows\System\ZqFIZVx.exe
  2⤵
  PID:2400
- C:\Windows\System\saYRpmi.exe
  C:\Windows\System\saYRpmi.exe
  2⤵
  PID:592
- C:\Windows\System\hzCsMgC.exe
  C:\Windows\System\hzCsMgC.exe
  2⤵
  PID:3048
- C:\Windows\System\reVJmel.exe
  C:\Windows\System\reVJmel.exe
  2⤵
  PID:2604
- C:\Windows\System\JDDQzJB.exe
  C:\Windows\System\JDDQzJB.exe
  2⤵
  PID:1384
- C:\Windows\System\pngJqNl.exe
  C:\Windows\System\pngJqNl.exe
  2⤵
  PID:2304
- C:\Windows\System\mAckPiE.exe
  C:\Windows\System\mAckPiE.exe
  2⤵
  PID:408
- C:\Windows\System\JgrPaPG.exe
  C:\Windows\System\JgrPaPG.exe
  2⤵
  PID:2480
- C:\Windows\System\YWlXbZM.exe
  C:\Windows\System\YWlXbZM.exe
  2⤵
  PID:1568
- C:\Windows\System\mqiSSDJ.exe
  C:\Windows\System\mqiSSDJ.exe
  2⤵
  PID:2328
- C:\Windows\System\khtjZUE.exe
  C:\Windows\System\khtjZUE.exe
  2⤵
  PID:5460
- C:\Windows\System\ROkgere.exe
  C:\Windows\System\ROkgere.exe
  2⤵
  PID:6352
- C:\Windows\System\yALXKLk.exe
  C:\Windows\System\yALXKLk.exe
  2⤵
  PID:6532
- C:\Windows\System\KEwNSaL.exe
  C:\Windows\System\KEwNSaL.exe
  2⤵
  PID:6412
- C:\Windows\System\tuUIRPc.exe
  C:\Windows\System\tuUIRPc.exe
  2⤵
  PID:6744
- C:\Windows\System\uauGZRw.exe
  C:\Windows\System\uauGZRw.exe
  2⤵
  PID:2360
- C:\Windows\System\jzHzUTK.exe
  C:\Windows\System\jzHzUTK.exe
  2⤵
  PID:6760
- C:\Windows\System\OmvMTot.exe
  C:\Windows\System\OmvMTot.exe
  2⤵
  PID:2272
- C:\Windows\System\HsmVqDa.exe
  C:\Windows\System\HsmVqDa.exe
  2⤵
  PID:1260
- C:\Windows\System\SLGnRmG.exe
  C:\Windows\System\SLGnRmG.exe
  2⤵
  PID:2748
- C:\Windows\System\NxzPKEI.exe
  C:\Windows\System\NxzPKEI.exe
  2⤵
  PID:6936
- C:\Windows\System\diQTALs.exe
  C:\Windows\System\diQTALs.exe
  2⤵
  PID:6520
- C:\Windows\System\uRONUic.exe
  C:\Windows\System\uRONUic.exe
  2⤵
  PID:772
- C:\Windows\System\QkOHwHK.exe
  C:\Windows\System\QkOHwHK.exe
  2⤵
  PID:2216
- C:\Windows\System\OxPHKAr.exe
  C:\Windows\System\OxPHKAr.exe
  2⤵
  PID:2220
- C:\Windows\System\KnhunUR.exe
  C:\Windows\System\KnhunUR.exe
  2⤵
  PID:2584
- C:\Windows\System\tShIlAY.exe
  C:\Windows\System\tShIlAY.exe
  2⤵
  PID:6316
- C:\Windows\System\ABYycFW.exe
  C:\Windows\System\ABYycFW.exe
  2⤵
  PID:6984
- C:\Windows\System\DgUmPOC.exe
  C:\Windows\System\DgUmPOC.exe
  2⤵
  PID:1096
- C:\Windows\System\NrWlCFG.exe
  C:\Windows\System\NrWlCFG.exe
  2⤵
  PID:2796
- C:\Windows\System\qWOjYsQ.exe
  C:\Windows\System\qWOjYsQ.exe
  2⤵
  PID:6888
- C:\Windows\System\uwOKYDH.exe
  C:\Windows\System\uwOKYDH.exe
  2⤵
  PID:2848
- C:\Windows\System\plAYQfS.exe
  C:\Windows\System\plAYQfS.exe
  2⤵
  PID:2560
- C:\Windows\System\vxjAXwE.exe
  C:\Windows\System\vxjAXwE.exe
  2⤵
  PID:6560
- C:\Windows\System\DUycTBM.exe
  C:\Windows\System\DUycTBM.exe
  2⤵
  PID:7184
- C:\Windows\System\IJiBRGx.exe
  C:\Windows\System\IJiBRGx.exe
  2⤵
  PID:7204
- C:\Windows\System\HiiIUYo.exe
  C:\Windows\System\HiiIUYo.exe
  2⤵
  PID:7224
- C:\Windows\System\ateAeeH.exe
  C:\Windows\System\ateAeeH.exe
  2⤵
  PID:7240
- C:\Windows\System\dPlFSqQ.exe
  C:\Windows\System\dPlFSqQ.exe
  2⤵
  PID:7272
- C:\Windows\System\oTGzkeL.exe
  C:\Windows\System\oTGzkeL.exe
  2⤵
  PID:7292
- C:\Windows\System\iTynxqM.exe
  C:\Windows\System\iTynxqM.exe
  2⤵
  PID:7324
- C:\Windows\System\LromDfh.exe
  C:\Windows\System\LromDfh.exe
  2⤵
  PID:7352
- C:\Windows\System\FFdUWXp.exe
  C:\Windows\System\FFdUWXp.exe
  2⤵
  PID:7368
- C:\Windows\System\VDRyxbY.exe
  C:\Windows\System\VDRyxbY.exe
  2⤵
  PID:7388
- C:\Windows\System\AFoSsvB.exe
  C:\Windows\System\AFoSsvB.exe
  2⤵
  PID:7412
- C:\Windows\System\dzmipse.exe
  C:\Windows\System\dzmipse.exe
  2⤵
  PID:7428
- C:\Windows\System\JLdKQRp.exe
  C:\Windows\System\JLdKQRp.exe
  2⤵
  PID:7448
- C:\Windows\System\Ulppzux.exe
  C:\Windows\System\Ulppzux.exe
  2⤵
  PID:7464
- C:\Windows\System\MDkSjGE.exe
  C:\Windows\System\MDkSjGE.exe
  2⤵
  PID:7480
- C:\Windows\System\UDFrntG.exe
  C:\Windows\System\UDFrntG.exe
  2⤵
  PID:7496
- C:\Windows\System\GmiKYnY.exe
  C:\Windows\System\GmiKYnY.exe
  2⤵
  PID:7516
- C:\Windows\System\UQQLHGD.exe
  C:\Windows\System\UQQLHGD.exe
  2⤵
  PID:7536
- C:\Windows\System\pmFUZar.exe
  C:\Windows\System\pmFUZar.exe
  2⤵
  PID:7552
- C:\Windows\System\iTgxgph.exe
  C:\Windows\System\iTgxgph.exe
  2⤵
  PID:7600
- C:\Windows\System\ZUoQhmI.exe
  C:\Windows\System\ZUoQhmI.exe
  2⤵
  PID:7616
- C:\Windows\System\euzNgVd.exe
  C:\Windows\System\euzNgVd.exe
  2⤵
  PID:7636
- C:\Windows\System\idZhAxe.exe
  C:\Windows\System\idZhAxe.exe
  2⤵
  PID:7652
- C:\Windows\System\msmoRmX.exe
  C:\Windows\System\msmoRmX.exe
  2⤵
  PID:7668
- C:\Windows\System\yRAQhjJ.exe
  C:\Windows\System\yRAQhjJ.exe
  2⤵
  PID:7684
- C:\Windows\System\zqAVVkd.exe
  C:\Windows\System\zqAVVkd.exe
  2⤵
  PID:7700
- C:\Windows\System\BTvjrNh.exe
  C:\Windows\System\BTvjrNh.exe
  2⤵
  PID:7716
- C:\Windows\System\KdkJdiC.exe
  C:\Windows\System\KdkJdiC.exe
  2⤵
  PID:7732
- C:\Windows\System\suYubSY.exe
  C:\Windows\System\suYubSY.exe
  2⤵
  PID:7748
- C:\Windows\System\YYnNMHz.exe
  C:\Windows\System\YYnNMHz.exe
  2⤵
  PID:7764
- C:\Windows\System\FfkDPtv.exe
  C:\Windows\System\FfkDPtv.exe
  2⤵
  PID:7804
- C:\Windows\System\ntkzngF.exe
  C:\Windows\System\ntkzngF.exe
  2⤵
  PID:7840
- C:\Windows\System\ZqMhHbV.exe
  C:\Windows\System\ZqMhHbV.exe
  2⤵
  PID:7856
- C:\Windows\System\TupPHvh.exe
  C:\Windows\System\TupPHvh.exe
  2⤵
  PID:7872
- C:\Windows\System\hZJTjKk.exe
  C:\Windows\System\hZJTjKk.exe
  2⤵
  PID:7892
- C:\Windows\System\bcAwrIW.exe
  C:\Windows\System\bcAwrIW.exe
  2⤵
  PID:7912
- C:\Windows\System\StuApaZ.exe
  C:\Windows\System\StuApaZ.exe
  2⤵
  PID:7928
- C:\Windows\System\GYZBrtF.exe
  C:\Windows\System\GYZBrtF.exe
  2⤵
  PID:7944
- C:\Windows\System\swwrpcK.exe
  C:\Windows\System\swwrpcK.exe
  2⤵
  PID:7960
- C:\Windows\System\EjcmNhq.exe
  C:\Windows\System\EjcmNhq.exe
  2⤵
  PID:7996
- C:\Windows\System\JqlTPJt.exe
  C:\Windows\System\JqlTPJt.exe
  2⤵
  PID:8012
- C:\Windows\System\NLmQEsY.exe
  C:\Windows\System\NLmQEsY.exe
  2⤵
  PID:8032
- C:\Windows\System\ygGCrjr.exe
  C:\Windows\System\ygGCrjr.exe
  2⤵
  PID:8048
- C:\Windows\System\rmQfWAF.exe
  C:\Windows\System\rmQfWAF.exe
  2⤵
  PID:8068
- C:\Windows\System\oFBOFqm.exe
  C:\Windows\System\oFBOFqm.exe
  2⤵
  PID:8084
- C:\Windows\System\rnujCAV.exe
  C:\Windows\System\rnujCAV.exe
  2⤵
  PID:8104
- C:\Windows\System\usbKrVR.exe
  C:\Windows\System\usbKrVR.exe
  2⤵
  PID:8120
- C:\Windows\System\RkYtGMp.exe
  C:\Windows\System\RkYtGMp.exe
  2⤵
  PID:8136
- C:\Windows\System\nQGTNeL.exe
  C:\Windows\System\nQGTNeL.exe
  2⤵
  PID:8160
- C:\Windows\System\CBKraoW.exe
  C:\Windows\System\CBKraoW.exe
  2⤵
  PID:8180
- C:\Windows\System\pVCkSEM.exe
  C:\Windows\System\pVCkSEM.exe
  2⤵
  PID:2708
- C:\Windows\System\cLreBth.exe
  C:\Windows\System\cLreBth.exe
  2⤵
  PID:7236
- C:\Windows\System\YvovlSc.exe
  C:\Windows\System\YvovlSc.exe
  2⤵
  PID:1624
- C:\Windows\System\dSDHjJL.exe
  C:\Windows\System\dSDHjJL.exe
  2⤵
  PID:748
- C:\Windows\System\EkkYVeg.exe
  C:\Windows\System\EkkYVeg.exe
  2⤵
  PID:7216
- C:\Windows\System\EijwefW.exe
  C:\Windows\System\EijwefW.exe
  2⤵
  PID:2148
- C:\Windows\System\ZHNMmsi.exe
  C:\Windows\System\ZHNMmsi.exe
  2⤵
  PID:7288
- C:\Windows\System\vmHBjbS.exe
  C:\Windows\System\vmHBjbS.exe
  2⤵
  PID:6872
- C:\Windows\System\YKxrJKP.exe
  C:\Windows\System\YKxrJKP.exe
  2⤵
  PID:2140
- C:\Windows\System\DNIHEQP.exe
  C:\Windows\System\DNIHEQP.exe
  2⤵
  PID:7376
- C:\Windows\System\uGtpOvx.exe
  C:\Windows\System\uGtpOvx.exe
  2⤵
  PID:7420
- C:\Windows\System\RIoBTAI.exe
  C:\Windows\System\RIoBTAI.exe
  2⤵
  PID:7316
- C:\Windows\System\rXoYeRd.exe
  C:\Windows\System\rXoYeRd.exe
  2⤵
  PID:7400
- C:\Windows\System\pkzLFQw.exe
  C:\Windows\System\pkzLFQw.exe
  2⤵
  PID:7528
- C:\Windows\System\gTElkGs.exe
  C:\Windows\System\gTElkGs.exe
  2⤵
  PID:7568
- C:\Windows\System\IoQXsvo.exe
  C:\Windows\System\IoQXsvo.exe
  2⤵
  PID:7472
- C:\Windows\System\VckMdeL.exe
  C:\Windows\System\VckMdeL.exe
  2⤵
  PID:7512
- C:\Windows\System\rQfJlBn.exe
  C:\Windows\System\rQfJlBn.exe
  2⤵
  PID:7444
- C:\Windows\System\SxsesIe.exe
  C:\Windows\System\SxsesIe.exe
  2⤵
  PID:7676
- C:\Windows\System\Puecabl.exe
  C:\Windows\System\Puecabl.exe
  2⤵
  PID:7740
- C:\Windows\System\bxzmUsh.exe
  C:\Windows\System\bxzmUsh.exe
  2⤵
  PID:7780
- C:\Windows\System\maBqgRp.exe
  C:\Windows\System\maBqgRp.exe
  2⤵
  PID:7796
- C:\Windows\System\tXyuMvV.exe
  C:\Windows\System\tXyuMvV.exe
  2⤵
  PID:7592
- C:\Windows\System\rKDUHBc.exe
  C:\Windows\System\rKDUHBc.exe
  2⤵
  PID:7632
- C:\Windows\System\TDBDiaK.exe
  C:\Windows\System\TDBDiaK.exe
  2⤵
  PID:7696
- C:\Windows\System\DWtdXHt.exe
  C:\Windows\System\DWtdXHt.exe
  2⤵
  PID:7760
- C:\Windows\System\YhUTVQY.exe
  C:\Windows\System\YhUTVQY.exe
  2⤵
  PID:7828
- C:\Windows\System\LWFSyvb.exe
  C:\Windows\System\LWFSyvb.exe
  2⤵
  PID:7868
- C:\Windows\System\CdNiZKa.exe
  C:\Windows\System\CdNiZKa.exe
  2⤵
  PID:7940
- C:\Windows\System\qerulUV.exe
  C:\Windows\System\qerulUV.exe
  2⤵
  PID:8056
- C:\Windows\System\qbdYRPG.exe
  C:\Windows\System\qbdYRPG.exe
  2⤵
  PID:7880
- C:\Windows\System\wuiLpMP.exe
  C:\Windows\System\wuiLpMP.exe
  2⤵
  PID:7924
- C:\Windows\System\axddDPD.exe
  C:\Windows\System\axddDPD.exe
  2⤵
  PID:8008
- C:\Windows\System\RmFTJqZ.exe
  C:\Windows\System\RmFTJqZ.exe
  2⤵
  PID:8100
- C:\Windows\System\drCjypT.exe
  C:\Windows\System\drCjypT.exe
  2⤵
  PID:8168
- C:\Windows\System\SyRwTmp.exe
  C:\Windows\System\SyRwTmp.exe
  2⤵
  PID:2864
- C:\Windows\System\APRtVTC.exe
  C:\Windows\System\APRtVTC.exe
  2⤵
  PID:2504
- C:\Windows\System\kGvadxR.exe
  C:\Windows\System\kGvadxR.exe
  2⤵
  PID:5864
- C:\Windows\System\RIJDquZ.exe
  C:\Windows\System\RIJDquZ.exe
  2⤵
  PID:7248
- C:\Windows\System\pYwiAFW.exe
  C:\Windows\System\pYwiAFW.exe
  2⤵
  PID:7336
- C:\Windows\System\MzyDVUt.exe
  C:\Windows\System\MzyDVUt.exe
  2⤵
  PID:7176
- C:\Windows\System\SfGfReo.exe
  C:\Windows\System\SfGfReo.exe
  2⤵
  PID:7456
- C:\Windows\System\Npywmtl.exe
  C:\Windows\System\Npywmtl.exe
  2⤵
  PID:7548
- C:\Windows\System\oHaCREw.exe
  C:\Windows\System\oHaCREw.exe
  2⤵
  PID:7212
- C:\Windows\System\hmxwchs.exe
  C:\Windows\System\hmxwchs.exe
  2⤵
  PID:7384
- C:\Windows\System\TRVDMHj.exe
  C:\Windows\System\TRVDMHj.exe
  2⤵
  PID:7396
- C:\Windows\System\QSerChK.exe
  C:\Windows\System\QSerChK.exe
  2⤵
  PID:7508
- C:\Windows\System\cYmcDwE.exe
  C:\Windows\System\cYmcDwE.exe
  2⤵
  PID:7792
- C:\Windows\System\AnAUjVE.exe
  C:\Windows\System\AnAUjVE.exe
  2⤵
  PID:7976
- C:\Windows\System\uteEWll.exe
  C:\Windows\System\uteEWll.exe
  2⤵
  PID:7772
- C:\Windows\System\ScSvuPB.exe
  C:\Windows\System\ScSvuPB.exe
  2⤵
  PID:7980
- C:\Windows\System\oUXYlcC.exe
  C:\Windows\System\oUXYlcC.exe
  2⤵
  PID:7852
- C:\Windows\System\JFsCNLn.exe
  C:\Windows\System\JFsCNLn.exe
  2⤵
  PID:7920
- C:\Windows\System\cJflvjO.exe
  C:\Windows\System\cJflvjO.exe
  2⤵
  PID:7904
- C:\Windows\System\ZCEcStb.exe
  C:\Windows\System\ZCEcStb.exe
  2⤵
  PID:7956
- C:\Windows\System\dTJfagF.exe
  C:\Windows\System\dTJfagF.exe
  2⤵
  PID:7584
- C:\Windows\System\snluxwr.exe
  C:\Windows\System\snluxwr.exe
  2⤵
  PID:2336
- C:\Windows\System\OJvXagc.exe
  C:\Windows\System\OJvXagc.exe
  2⤵
  PID:8076
- C:\Windows\System\XWjHAed.exe
  C:\Windows\System\XWjHAed.exe
  2⤵
  PID:8152
- C:\Windows\System\TgaYvqT.exe
  C:\Windows\System\TgaYvqT.exe
  2⤵
  PID:7256
- C:\Windows\System\DOVjpnh.exe
  C:\Windows\System\DOVjpnh.exe
  2⤵
  PID:7708
- C:\Windows\System\uELqrVJ.exe
  C:\Windows\System\uELqrVJ.exe
  2⤵
  PID:7180
- C:\Windows\System\ZVcqwDp.exe
  C:\Windows\System\ZVcqwDp.exe
  2⤵
  PID:7864
- C:\Windows\System\SFULpeG.exe
  C:\Windows\System\SFULpeG.exe
  2⤵
  PID:8020
- C:\Windows\System\owFpufx.exe
  C:\Windows\System\owFpufx.exe
  2⤵
  PID:7692
- C:\Windows\System\jMKCHUl.exe
  C:\Windows\System\jMKCHUl.exe
  2⤵
  PID:8148
- C:\Windows\System\CUTbUfI.exe
  C:\Windows\System\CUTbUfI.exe
  2⤵
  PID:7628
- C:\Windows\System\dZigBha.exe
  C:\Windows\System\dZigBha.exe
  2⤵
  PID:7304
- C:\Windows\System\GZqILAA.exe
  C:\Windows\System\GZqILAA.exe
  2⤵
  PID:2860
- C:\Windows\System\fnCeoPD.exe
  C:\Windows\System\fnCeoPD.exe
  2⤵
  PID:7992
- C:\Windows\System\rnJxQat.exe
  C:\Windows\System\rnJxQat.exe
  2⤵
  PID:7824
- C:\Windows\System\sajcRCp.exe
  C:\Windows\System\sajcRCp.exe
  2⤵
  PID:8176
- C:\Windows\System\HrhKMAq.exe
  C:\Windows\System\HrhKMAq.exe
  2⤵
  PID:8144
- C:\Windows\System\EKeyDBS.exe
  C:\Windows\System\EKeyDBS.exe
  2⤵
  PID:7364
- C:\Windows\System\HTJDiVj.exe
  C:\Windows\System\HTJDiVj.exe
  2⤵
  PID:7900
- C:\Windows\System\yMDbuzO.exe
  C:\Windows\System\yMDbuzO.exe
  2⤵
  PID:3000
- C:\Windows\System\GryjGXI.exe
  C:\Windows\System\GryjGXI.exe
  2⤵
  PID:7988
- C:\Windows\System\niqVcJY.exe
  C:\Windows\System\niqVcJY.exe
  2⤵
  PID:7588
- C:\Windows\System\IPGEhQu.exe
  C:\Windows\System\IPGEhQu.exe
  2⤵
  PID:8064
- C:\Windows\System\ShYbBdn.exe
  C:\Windows\System\ShYbBdn.exe
  2⤵
  PID:8112
- C:\Windows\System\NPvZAPY.exe
  C:\Windows\System\NPvZAPY.exe
  2⤵
  PID:7232
- C:\Windows\System\KwTsLBo.exe
  C:\Windows\System\KwTsLBo.exe
  2⤵
  PID:7524
- C:\Windows\System\BlZOgKo.exe
  C:\Windows\System\BlZOgKo.exe
  2⤵
  PID:7172
- C:\Windows\System\hQlJgtk.exe
  C:\Windows\System\hQlJgtk.exe
  2⤵
  PID:8208
- C:\Windows\System\okKtiDO.exe
  C:\Windows\System\okKtiDO.exe
  2⤵
  PID:8236
- C:\Windows\System\WTfEbnR.exe
  C:\Windows\System\WTfEbnR.exe
  2⤵
  PID:8252
- C:\Windows\System\cywKnGX.exe
  C:\Windows\System\cywKnGX.exe
  2⤵
  PID:8280
- C:\Windows\System\yXrRkkX.exe
  C:\Windows\System\yXrRkkX.exe
  2⤵
  PID:8296
- C:\Windows\System\JZFJcCS.exe
  C:\Windows\System\JZFJcCS.exe
  2⤵
  PID:8316
- C:\Windows\System\IckJtfF.exe
  C:\Windows\System\IckJtfF.exe
  2⤵
  PID:8332
- C:\Windows\System\gNpghIG.exe
  C:\Windows\System\gNpghIG.exe
  2⤵
  PID:8364
- C:\Windows\System\kjIhVxC.exe
  C:\Windows\System\kjIhVxC.exe
  2⤵
  PID:8384
- C:\Windows\System\VMUVDGj.exe
  C:\Windows\System\VMUVDGj.exe
  2⤵
  PID:8408
- C:\Windows\System\YPjoNbi.exe
  C:\Windows\System\YPjoNbi.exe
  2⤵
  PID:8424
- C:\Windows\System\GIbgrJd.exe
  C:\Windows\System\GIbgrJd.exe
  2⤵
  PID:8444
- C:\Windows\System\QhPPGyP.exe
  C:\Windows\System\QhPPGyP.exe
  2⤵
  PID:8472
- C:\Windows\System\CZwQefy.exe
  C:\Windows\System\CZwQefy.exe
  2⤵
  PID:8492
- C:\Windows\System\ypCynUn.exe
  C:\Windows\System\ypCynUn.exe
  2⤵
  PID:8512
- C:\Windows\System\lNHdhPp.exe
  C:\Windows\System\lNHdhPp.exe
  2⤵
  PID:8532
- C:\Windows\System\henguFT.exe
  C:\Windows\System\henguFT.exe
  2⤵
  PID:8548
- C:\Windows\System\aPrhclV.exe
  C:\Windows\System\aPrhclV.exe
  2⤵
  PID:8564
- C:\Windows\System\fWhTpAy.exe
  C:\Windows\System\fWhTpAy.exe
  2⤵
  PID:8584
- C:\Windows\System\HaTGEIf.exe
  C:\Windows\System\HaTGEIf.exe
  2⤵
  PID:8604
- C:\Windows\System\QgFjpNT.exe
  C:\Windows\System\QgFjpNT.exe
  2⤵
  PID:8628
- C:\Windows\System\zLEkxVj.exe
  C:\Windows\System\zLEkxVj.exe
  2⤵
  PID:8644
- C:\Windows\System\gggCmQP.exe
  C:\Windows\System\gggCmQP.exe
  2⤵
  PID:8668
- C:\Windows\System\NxaeXkK.exe
  C:\Windows\System\NxaeXkK.exe
  2⤵
  PID:8684
- C:\Windows\System\ngAcHoj.exe
  C:\Windows\System\ngAcHoj.exe
  2⤵
  PID:8700
- C:\Windows\System\yLXdAFZ.exe
  C:\Windows\System\yLXdAFZ.exe
  2⤵
  PID:8716
- C:\Windows\System\wTQvjGh.exe
  C:\Windows\System\wTQvjGh.exe
  2⤵
  PID:8740
- C:\Windows\System\NCDbCBk.exe
  C:\Windows\System\NCDbCBk.exe
  2⤵
  PID:8764
- C:\Windows\System\hspcGli.exe
  C:\Windows\System\hspcGli.exe
  2⤵
  PID:8780
- C:\Windows\System\KGOacnN.exe
  C:\Windows\System\KGOacnN.exe
  2⤵
  PID:8804
- C:\Windows\System\BTRxxcp.exe
  C:\Windows\System\BTRxxcp.exe
  2⤵
  PID:8824
- C:\Windows\System\jxEdazt.exe
  C:\Windows\System\jxEdazt.exe
  2⤵
  PID:8864
- C:\Windows\System\qEUUrxY.exe
  C:\Windows\System\qEUUrxY.exe
  2⤵
  PID:8880
- C:\Windows\System\bPqQMGk.exe
  C:\Windows\System\bPqQMGk.exe
  2⤵
  PID:8900
- C:\Windows\System\MecngBW.exe
  C:\Windows\System\MecngBW.exe
  2⤵
  PID:8924
- C:\Windows\System\vjkiVzM.exe
  C:\Windows\System\vjkiVzM.exe
  2⤵
  PID:8940
- C:\Windows\System\uZSxmNx.exe
  C:\Windows\System\uZSxmNx.exe
  2⤵
  PID:8956
- C:\Windows\System\ebHHHEd.exe
  C:\Windows\System\ebHHHEd.exe
  2⤵
  PID:8980
- C:\Windows\System\okRDviV.exe
  C:\Windows\System\okRDviV.exe
  2⤵
  PID:9004
- C:\Windows\System\HmzXpez.exe
  C:\Windows\System\HmzXpez.exe
  2⤵
  PID:9020
- C:\Windows\System\xpNjxhn.exe
  C:\Windows\System\xpNjxhn.exe
  2⤵
  PID:9036
- C:\Windows\System\IXFjmJH.exe
  C:\Windows\System\IXFjmJH.exe
  2⤵
  PID:9052
- C:\Windows\System\yibNbKB.exe
  C:\Windows\System\yibNbKB.exe
  2⤵
  PID:9068
- C:\Windows\System\SCvrwOZ.exe
  C:\Windows\System\SCvrwOZ.exe
  2⤵
  PID:9104
- C:\Windows\System\eonWsAx.exe
  C:\Windows\System\eonWsAx.exe
  2⤵
  PID:9120
- C:\Windows\System\FkgoDYg.exe
  C:\Windows\System\FkgoDYg.exe
  2⤵
  PID:9148
- C:\Windows\System\spUINKZ.exe
  C:\Windows\System\spUINKZ.exe
  2⤵
  PID:9164
- C:\Windows\System\RvhDbfQ.exe
  C:\Windows\System\RvhDbfQ.exe
  2⤵
  PID:9184
- C:\Windows\System\LXuvVjv.exe
  C:\Windows\System\LXuvVjv.exe
  2⤵
  PID:9200
- C:\Windows\System\ZAWTMun.exe
  C:\Windows\System\ZAWTMun.exe
  2⤵
  PID:8244
- C:\Windows\System\eqsesic.exe
  C:\Windows\System\eqsesic.exe
  2⤵
  PID:7436
- C:\Windows\System\sAwvPaR.exe
  C:\Windows\System\sAwvPaR.exe
  2⤵
  PID:7280
- C:\Windows\System\NLJyScb.exe
  C:\Windows\System\NLJyScb.exe
  2⤵
  PID:8292
- C:\Windows\System\hhOdEcz.exe
  C:\Windows\System\hhOdEcz.exe
  2⤵
  PID:8224
- C:\Windows\System\gQEBSUW.exe
  C:\Windows\System\gQEBSUW.exe
  2⤵
  PID:8304
- C:\Windows\System\IfHsJwg.exe
  C:\Windows\System\IfHsJwg.exe
  2⤵
  PID:8340
- C:\Windows\System\WwxVikV.exe
  C:\Windows\System\WwxVikV.exe
  2⤵
  PID:8360
- C:\Windows\System\VpZJuZz.exe
  C:\Windows\System\VpZJuZz.exe
  2⤵
  PID:8392
- C:\Windows\System\qaFaXiQ.exe
  C:\Windows\System\qaFaXiQ.exe
  2⤵
  PID:8400
- C:\Windows\System\iPvgjBt.exe
  C:\Windows\System\iPvgjBt.exe
  2⤵
  PID:8468
- C:\Windows\System\rESTVyh.exe
  C:\Windows\System\rESTVyh.exe
  2⤵
  PID:8500
- C:\Windows\System\AxwPHFf.exe
  C:\Windows\System\AxwPHFf.exe
  2⤵
  PID:8544
- C:\Windows\System\PvbITDb.exe
  C:\Windows\System\PvbITDb.exe
  2⤵
  PID:8612
- C:\Windows\System\EnMertq.exe
  C:\Windows\System\EnMertq.exe
  2⤵
  PID:8660
- C:\Windows\System\aGlkCFO.exe
  C:\Windows\System\aGlkCFO.exe
  2⤵
  PID:8528
- C:\Windows\System\SSznqGb.exe
  C:\Windows\System\SSznqGb.exe
  2⤵
  PID:8732
- C:\Windows\System\OHWJKxp.exe
  C:\Windows\System\OHWJKxp.exe
  2⤵
  PID:8636
- C:\Windows\System\CFJXDru.exe
  C:\Windows\System\CFJXDru.exe
  2⤵
  PID:8680
- C:\Windows\System\tGVgTSt.exe
  C:\Windows\System\tGVgTSt.exe
  2⤵
  PID:8748
- C:\Windows\System\iLRRDJL.exe
  C:\Windows\System\iLRRDJL.exe
  2⤵
  PID:8712
- C:\Windows\System\XTuKcaG.exe
  C:\Windows\System\XTuKcaG.exe
  2⤵
  PID:8836
- C:\Windows\System\srgvckE.exe
  C:\Windows\System\srgvckE.exe
  2⤵
  PID:8848
- C:\Windows\System\EcTkNOn.exe
  C:\Windows\System\EcTkNOn.exe
  2⤵
  PID:8908
- C:\Windows\System\UilHabL.exe
  C:\Windows\System\UilHabL.exe
  2⤵
  PID:8932
- C:\Windows\System\cuoRcqg.exe
  C:\Windows\System\cuoRcqg.exe
  2⤵
  PID:8988
- C:\Windows\System\ghqZNRF.exe
  C:\Windows\System\ghqZNRF.exe
  2⤵
  PID:9000
- C:\Windows\System\lyZhqJy.exe
  C:\Windows\System\lyZhqJy.exe
  2⤵
  PID:9016
- C:\Windows\System\lRvztRG.exe
  C:\Windows\System\lRvztRG.exe
  2⤵
  PID:9084
- C:\Windows\System\zlGuFpb.exe
  C:\Windows\System\zlGuFpb.exe
  2⤵
  PID:9044
- C:\Windows\System\mhteeGm.exe
  C:\Windows\System\mhteeGm.exe
  2⤵
  PID:2368
- C:\Windows\System\OvYpeCa.exe
  C:\Windows\System\OvYpeCa.exe
  2⤵
  PID:9196
- C:\Windows\System\teyLabZ.exe
  C:\Windows\System\teyLabZ.exe
  2⤵
  PID:9180
- C:\Windows\System\GsVrWbr.exe
  C:\Windows\System\GsVrWbr.exe
  2⤵
  PID:7788
- C:\Windows\System\bhsPzrf.exe
  C:\Windows\System\bhsPzrf.exe
  2⤵
  PID:792
- C:\Windows\System\XLEeZKb.exe
  C:\Windows\System\XLEeZKb.exe
  2⤵
  PID:8220
- C:\Windows\System\MeKhdJy.exe
  C:\Windows\System\MeKhdJy.exe
  2⤵
  PID:8260
- C:\Windows\System\dGpPHFM.exe
  C:\Windows\System\dGpPHFM.exe
  2⤵
  PID:8312
- C:\Windows\System\LknqADn.exe
  C:\Windows\System\LknqADn.exe
  2⤵
  PID:8420
- C:\Windows\System\YIiuhaw.exe
  C:\Windows\System\YIiuhaw.exe
  2⤵
  PID:8484
- C:\Windows\System\LSnQPGK.exe
  C:\Windows\System\LSnQPGK.exe
  2⤵
  PID:8576
- C:\Windows\System\RcZKtlK.exe
  C:\Windows\System\RcZKtlK.exe
  2⤵
  PID:8596
- C:\Windows\System\QWkfSaU.exe
  C:\Windows\System\QWkfSaU.exe
  2⤵
  PID:8524
- C:\Windows\System\EGdTvLs.exe
  C:\Windows\System\EGdTvLs.exe
  2⤵
  PID:8696
- C:\Windows\System\CsPAtaB.exe
  C:\Windows\System\CsPAtaB.exe
  2⤵
  PID:8708
- C:\Windows\System\ucjrRGD.exe
  C:\Windows\System\ucjrRGD.exe
  2⤵
  PID:8872
- C:\Windows\System\wckGggA.exe
  C:\Windows\System\wckGggA.exe
  2⤵
  PID:8976
- C:\Windows\System\WxmVSxY.exe
  C:\Windows\System\WxmVSxY.exe
  2⤵
  PID:9080
- C:\Windows\System\ZwtNRBU.exe
  C:\Windows\System\ZwtNRBU.exe
  2⤵
  PID:8792
- C:\Windows\System\IsOAIPW.exe
  C:\Windows\System\IsOAIPW.exe
  2⤵
  PID:8996
- C:\Windows\System\oYuttiS.exe
  C:\Windows\System\oYuttiS.exe
  2⤵
  PID:9048
- C:\Windows\System\LdIWEpW.exe
  C:\Windows\System\LdIWEpW.exe
  2⤵
  PID:8852
- C:\Windows\System\FjJBbOV.exe
  C:\Windows\System\FjJBbOV.exe
  2⤵
  PID:9156
- C:\Windows\System\hWgVJOU.exe
  C:\Windows\System\hWgVJOU.exe
  2⤵
  PID:9208
- C:\Windows\System\obIqRih.exe
  C:\Windows\System\obIqRih.exe
  2⤵
  PID:6716
- C:\Windows\System\HegXzbt.exe
  C:\Windows\System\HegXzbt.exe
  2⤵
  PID:8440
- C:\Windows\System\BarrpnC.exe
  C:\Windows\System\BarrpnC.exe
  2⤵
  PID:8624
- C:\Windows\System\kitAZnU.exe
  C:\Windows\System\kitAZnU.exe
  2⤵
  PID:8464
- C:\Windows\System\VwNIxna.exe
  C:\Windows\System\VwNIxna.exe
  2⤵
  PID:8560
- C:\Windows\System\oIkAwXI.exe
  C:\Windows\System\oIkAwXI.exe
  2⤵
  PID:8776
- C:\Windows\System\FzDMQfl.exe
  C:\Windows\System\FzDMQfl.exe
  2⤵
  PID:8728
- C:\Windows\System\vjOCMuQ.exe
  C:\Windows\System\vjOCMuQ.exe
  2⤵
  PID:8952
- C:\Windows\System\tYcaUIU.exe
  C:\Windows\System\tYcaUIU.exe
  2⤵
  PID:8840
- C:\Windows\System\XJdGJvh.exe
  C:\Windows\System\XJdGJvh.exe
  2⤵
  PID:9112
- C:\Windows\System\kNgNXAi.exe
  C:\Windows\System\kNgNXAi.exe
  2⤵
  PID:7816
- C:\Windows\System\dLDGTlp.exe
  C:\Windows\System\dLDGTlp.exe
  2⤵
  PID:9064
- C:\Windows\System\DNmvaRA.exe
  C:\Windows\System\DNmvaRA.exe
  2⤵
  PID:8196
- C:\Windows\System\ybJjlHq.exe
  C:\Windows\System\ybJjlHq.exe
  2⤵
  PID:8264
- C:\Windows\System\dLlhMbZ.exe
  C:\Windows\System\dLlhMbZ.exe
  2⤵
  PID:8652
- C:\Windows\System\CmJCpeA.exe
  C:\Windows\System\CmJCpeA.exe
  2⤵
  PID:8948
- C:\Windows\System\OhjYfjh.exe
  C:\Windows\System\OhjYfjh.exe
  2⤵
  PID:9060
- C:\Windows\System\JoLoCvf.exe
  C:\Windows\System\JoLoCvf.exe
  2⤵
  PID:8772
- C:\Windows\System\hlKWPXS.exe
  C:\Windows\System\hlKWPXS.exe
  2⤵
  PID:7504
- C:\Windows\System\xrHHUnL.exe
  C:\Windows\System\xrHHUnL.exe
  2⤵
  PID:8972
- C:\Windows\System\fIsJGsW.exe
  C:\Windows\System\fIsJGsW.exe
  2⤵
  PID:8452
- C:\Windows\System\mNZaDUT.exe
  C:\Windows\System\mNZaDUT.exe
  2⤵
  PID:8324
- C:\Windows\System\ukKKvFL.exe
  C:\Windows\System\ukKKvFL.exe
  2⤵
  PID:8328
- C:\Windows\System\gfTszIQ.exe
  C:\Windows\System\gfTszIQ.exe
  2⤵
  PID:9220
- C:\Windows\System\occIZEU.exe
  C:\Windows\System\occIZEU.exe
  2⤵
  PID:9236
- C:\Windows\System\RlckGIs.exe
  C:\Windows\System\RlckGIs.exe
  2⤵
  PID:9252
- C:\Windows\System\BeNkdtL.exe
  C:\Windows\System\BeNkdtL.exe
  2⤵
  PID:9268
- C:\Windows\System\fhISqwV.exe
  C:\Windows\System\fhISqwV.exe
  2⤵
  PID:9284
- C:\Windows\System\CMlobub.exe
  C:\Windows\System\CMlobub.exe
  2⤵
  PID:9300
- C:\Windows\System\BbknJJX.exe
  C:\Windows\System\BbknJJX.exe
  2⤵
  PID:9316
- C:\Windows\System\FRJWGWF.exe
  C:\Windows\System\FRJWGWF.exe
  2⤵
  PID:9336
- C:\Windows\System\heVwgfy.exe
  C:\Windows\System\heVwgfy.exe
  2⤵
  PID:9360
- C:\Windows\System\ZAIatYW.exe
  C:\Windows\System\ZAIatYW.exe
  2⤵
  PID:9388
- C:\Windows\System\mCmZegu.exe
  C:\Windows\System\mCmZegu.exe
  2⤵
  PID:9408
- C:\Windows\System\ouvMRLI.exe
  C:\Windows\System\ouvMRLI.exe
  2⤵
  PID:9432
- C:\Windows\System\jsvxeNV.exe
  C:\Windows\System\jsvxeNV.exe
  2⤵
  PID:9448
- C:\Windows\System\NKPnwwQ.exe
  C:\Windows\System\NKPnwwQ.exe
  2⤵
  PID:9476
- C:\Windows\System\rqsDYDB.exe
  C:\Windows\System\rqsDYDB.exe
  2⤵
  PID:9492
- C:\Windows\System\CQtQdtz.exe
  C:\Windows\System\CQtQdtz.exe
  2⤵
  PID:9508
- C:\Windows\System\asiHAAI.exe
  C:\Windows\System\asiHAAI.exe
  2⤵
  PID:9524
- C:\Windows\System\gzNzbNs.exe
  C:\Windows\System\gzNzbNs.exe
  2⤵
  PID:9552
- C:\Windows\System\WHFPWBg.exe
  C:\Windows\System\WHFPWBg.exe
  2⤵
  PID:9576
- C:\Windows\System\BWiBqFg.exe
  C:\Windows\System\BWiBqFg.exe
  2⤵
  PID:9600
- C:\Windows\System\zwXnrPP.exe
  C:\Windows\System\zwXnrPP.exe
  2⤵
  PID:9644
- C:\Windows\System\OcYZiQo.exe
  C:\Windows\System\OcYZiQo.exe
  2⤵
  PID:9664
- C:\Windows\System\jrVJXvL.exe
  C:\Windows\System\jrVJXvL.exe
  2⤵
  PID:9684
- C:\Windows\System\wSvgSuv.exe
  C:\Windows\System\wSvgSuv.exe
  2⤵
  PID:9700
- C:\Windows\System\MwqcJkn.exe
  C:\Windows\System\MwqcJkn.exe
  2⤵
  PID:9716
- C:\Windows\System\xhRWCKs.exe
  C:\Windows\System\xhRWCKs.exe
  2⤵
  PID:9740
- C:\Windows\System\UsDqHKG.exe
  C:\Windows\System\UsDqHKG.exe
  2⤵
  PID:9756
- C:\Windows\System\xXtfQaq.exe
  C:\Windows\System\xXtfQaq.exe
  2⤵
  PID:9772
- C:\Windows\System\TvPQNcH.exe
  C:\Windows\System\TvPQNcH.exe
  2⤵
  PID:9796
- C:\Windows\System\HbVssKq.exe
  C:\Windows\System\HbVssKq.exe
  2⤵
  PID:9832
- C:\Windows\System\uacCqou.exe
  C:\Windows\System\uacCqou.exe
  2⤵
  PID:9848
- C:\Windows\System\JHUALbe.exe
  C:\Windows\System\JHUALbe.exe
  2⤵
  PID:9872
- C:\Windows\System\lyxbppf.exe
  C:\Windows\System\lyxbppf.exe
  2⤵
  PID:9892
- C:\Windows\System\yipWhBE.exe
  C:\Windows\System\yipWhBE.exe
  2⤵
  PID:9908
- C:\Windows\System\saezuzK.exe
  C:\Windows\System\saezuzK.exe
  2⤵
  PID:9924
- C:\Windows\System\kPSWlIQ.exe
  C:\Windows\System\kPSWlIQ.exe
  2⤵
  PID:9944
- C:\Windows\System\SBKMieZ.exe
  C:\Windows\System\SBKMieZ.exe
  2⤵
  PID:9960
- C:\Windows\System\cNJRVAh.exe
  C:\Windows\System\cNJRVAh.exe
  2⤵
  PID:9980
- C:\Windows\System\hLATVCu.exe
  C:\Windows\System\hLATVCu.exe
  2⤵
  PID:9996
- C:\Windows\System\wvigSmv.exe
  C:\Windows\System\wvigSmv.exe
  2⤵
  PID:10016
- C:\Windows\System\YZRkXIg.exe
  C:\Windows\System\YZRkXIg.exe
  2⤵
  PID:10040
- C:\Windows\System\RSnwHSe.exe
  C:\Windows\System\RSnwHSe.exe
  2⤵
  PID:10056
- C:\Windows\System\WbeZiKN.exe
  C:\Windows\System\WbeZiKN.exe
  2⤵
  PID:10084
- C:\Windows\System\cKVxyak.exe
  C:\Windows\System\cKVxyak.exe
  2⤵
  PID:10112
- C:\Windows\System\iYhCnwj.exe
  C:\Windows\System\iYhCnwj.exe
  2⤵
  PID:10128
- C:\Windows\System\nZmfaHt.exe
  C:\Windows\System\nZmfaHt.exe
  2⤵
  PID:10148
- C:\Windows\System\OfuJXdn.exe
  C:\Windows\System\OfuJXdn.exe
  2⤵
  PID:10164
- C:\Windows\System\jfBNmgc.exe
  C:\Windows\System\jfBNmgc.exe
  2⤵
  PID:10180
- C:\Windows\System\alsSbQQ.exe
  C:\Windows\System\alsSbQQ.exe
  2⤵
  PID:10204
- C:\Windows\System\FvcgjtL.exe
  C:\Windows\System\FvcgjtL.exe
  2⤵
  PID:10220
- C:\Windows\System\zMvPqZR.exe
  C:\Windows\System\zMvPqZR.exe
  2⤵
  PID:8992
- C:\Windows\System\sIkCQuB.exe
  C:\Windows\System\sIkCQuB.exe
  2⤵
  PID:8580
- C:\Windows\System\qrXtVJx.exe
  C:\Windows\System\qrXtVJx.exe
  2⤵
  PID:8380
- C:\Windows\System\RONbxJA.exe
  C:\Windows\System\RONbxJA.exe
  2⤵
  PID:9276
- C:\Windows\System\FQjHTeP.exe
  C:\Windows\System\FQjHTeP.exe
  2⤵
  PID:9348
- C:\Windows\System\RxpPtrt.exe
  C:\Windows\System\RxpPtrt.exe
  2⤵
  PID:9400
- C:\Windows\System\bQqgSiM.exe
  C:\Windows\System\bQqgSiM.exe
  2⤵
  PID:9484
- C:\Windows\System\lBhPLmh.exe
  C:\Windows\System\lBhPLmh.exe
  2⤵
  PID:9560
- C:\Windows\System\ecYdYsR.exe
  C:\Windows\System\ecYdYsR.exe
  2⤵
  PID:9464
- C:\Windows\System\lYAHQag.exe
  C:\Windows\System\lYAHQag.exe
  2⤵
  PID:9536
- C:\Windows\System\uzCGkcK.exe
  C:\Windows\System\uzCGkcK.exe
  2⤵
  PID:9376
- C:\Windows\System\nkkXuts.exe
  C:\Windows\System\nkkXuts.exe
  2⤵
  PID:9428
- C:\Windows\System\pQWTQVB.exe
  C:\Windows\System\pQWTQVB.exe
  2⤵
  PID:9500
- C:\Windows\System\KvDKzoV.exe
  C:\Windows\System\KvDKzoV.exe
  2⤵
  PID:9548
- C:\Windows\System\TqTCHbH.exe
  C:\Windows\System\TqTCHbH.exe
  2⤵
  PID:9612
- C:\Windows\System\kiSWRmJ.exe
  C:\Windows\System\kiSWRmJ.exe
  2⤵
  PID:9632
- C:\Windows\System\XLORWJx.exe
  C:\Windows\System\XLORWJx.exe
  2⤵
  PID:9652
- C:\Windows\System\UTNUqxz.exe
  C:\Windows\System\UTNUqxz.exe
  2⤵
  PID:9676
- C:\Windows\System\xJTiyaU.exe
  C:\Windows\System\xJTiyaU.exe
  2⤵
  PID:9780
- C:\Windows\System\VbhbsfF.exe
  C:\Windows\System\VbhbsfF.exe
  2⤵
  PID:9804
- C:\Windows\System\lyNVRsh.exe
  C:\Windows\System\lyNVRsh.exe
  2⤵
  PID:9728
- C:\Windows\System\ffoPPJi.exe
  C:\Windows\System\ffoPPJi.exe
  2⤵
  PID:9856
- C:\Windows\System\txekdDH.exe
  C:\Windows\System\txekdDH.exe
  2⤵
  PID:9884
- C:\Windows\System\jCSUhIT.exe
  C:\Windows\System\jCSUhIT.exe
  2⤵
  PID:9952
- C:\Windows\System\LfEfDpe.exe
  C:\Windows\System\LfEfDpe.exe
  2⤵
  PID:10012
- C:\Windows\System\YwPYSnv.exe
  C:\Windows\System\YwPYSnv.exe
  2⤵
  PID:9932
- C:\Windows\System\ovDVLAW.exe
  C:\Windows\System\ovDVLAW.exe
  2⤵
  PID:10064
- C:\Windows\System\UkBPMIL.exe
  C:\Windows\System\UkBPMIL.exe
  2⤵
  PID:9940
- C:\Windows\System\dUKXUSP.exe
  C:\Windows\System\dUKXUSP.exe
  2⤵
  PID:10076
- C:\Windows\System\aEvdRnm.exe
  C:\Windows\System\aEvdRnm.exe
  2⤵
  PID:10104
- C:\Windows\System\fkBpwmn.exe
  C:\Windows\System\fkBpwmn.exe
  2⤵
  PID:10188
- C:\Windows\System\fHKuNMd.exe
  C:\Windows\System\fHKuNMd.exe
  2⤵
  PID:10228
- C:\Windows\System\BQpGfyy.exe
  C:\Windows\System\BQpGfyy.exe
  2⤵
  PID:10172
- C:\Windows\System\BoQylwm.exe
  C:\Windows\System\BoQylwm.exe
  2⤵
  PID:8832
- C:\Windows\System\LjKROSH.exe
  C:\Windows\System\LjKROSH.exe
  2⤵
  PID:10212
- C:\Windows\System\PPYBWsz.exe
  C:\Windows\System\PPYBWsz.exe
  2⤵
  PID:9352
- C:\Windows\System\sOLHhwL.exe
  C:\Windows\System\sOLHhwL.exe
  2⤵
  PID:9312
- C:\Windows\System\DrJgHuO.exe
  C:\Windows\System\DrJgHuO.exe
  2⤵
  PID:9416
- C:\Windows\System\COjTDoH.exe
  C:\Windows\System\COjTDoH.exe
  2⤵
  PID:9328
- C:\Windows\System\sMtEUJM.exe
  C:\Windows\System\sMtEUJM.exe
  2⤵
  PID:9372
- C:\Windows\System\LlNPPtt.exe
  C:\Windows\System\LlNPPtt.exe
  2⤵
  PID:9420
- C:\Windows\System\IfQlbfy.exe
  C:\Windows\System\IfQlbfy.exe
  2⤵
  PID:9596
- C:\Windows\System\yQTlQMk.exe
  C:\Windows\System\yQTlQMk.exe
  2⤵
  PID:9712
- C:\Windows\System\YrhnhYd.exe
  C:\Windows\System\YrhnhYd.exe
  2⤵
  PID:9732
- C:\Windows\System\OEnvEuP.exe
  C:\Windows\System\OEnvEuP.exe
  2⤵
  PID:9532
- C:\Windows\System\WuJdevM.exe
  C:\Windows\System\WuJdevM.exe
  2⤵
  PID:9628
- C:\Windows\System\woWLijY.exe
  C:\Windows\System\woWLijY.exe
  2⤵
  PID:9844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFEFHrc.exe

Filesize
6.0MB

MD5
f1d69f92032eb47a9e3f7593ae1af7c1

SHA1
d08fc7e55988497059d6b53ab75c295d978e74ff

SHA256
acae9257f78ccc9a0585cbbfb6ff97e36c13c2585d2cb3ed99eef4c0eade5c61

SHA512
2bae32bd8f31d659106f863c3813ea7a778dd1a3ab67325f709dab4f516fbfc53ae16c8aca24f314878a6ac2d6a57fd04b379d5642a60576d8004166afde9790

Download Submit
C:\Windows\system\AxkqZyN.exe

Filesize
6.0MB

MD5
22d2c4274b6d3e58a13026a6ade572bd

SHA1
15419ea5bffd76699f5fa209a70edc659dc4204f

SHA256
50c2d10c97ae9068f521ee5702da664cfc32280fda2794986d4c191b2298a9b7

SHA512
332308fe023541ca773f1cf2e6549afd4f28cae9350d294e04ca82213d96316c005dc9e008ee56f4af4524aa091ee00b778878f2074abf1aeb6915be6fb81670

Download Submit
C:\Windows\system\FHXGcuC.exe

Filesize
6.0MB

MD5
1a622fa770699f843fb5ca91673443d2

SHA1
dca67f4c437e6e473b262e2e6cbc8a23be983366

SHA256
7f0f7ae6a577f902498363d2d13eab69c01da06fb1cfccca5905c6a92cc59cfc

SHA512
572174f1baac8eb5432544a6b9990527ff2bd77d6ec2ad7399f0acdbbe403103d2450cadc5251df393db223e90f996e80028384e91597664e7bc116d1b1e64d3

Download Submit
C:\Windows\system\FMhIAhV.exe

Filesize
6.0MB

MD5
dd067da9f3c67dfc42c7653a77f0fbd8

SHA1
3fbbee5c845d783c484e7ea2266f67f6926c0a12

SHA256
57423397b4aff55aeadd7ce433782b967595689e2d97296d01da04e99954f90d

SHA512
ef3b73a1b4c7332fa97a0d51b43ad15343f2586b6c37b4400319264fe6aed56571ac4cb682123d94cc36955a659601a05708a6af2912c39168666f513a42881d

Download Submit
C:\Windows\system\GsiFnuY.exe

Filesize
6.0MB

MD5
8398217ee156db8694503db828605583

SHA1
0823b02b53efac0cadfa555097bb4448083be08a

SHA256
a0d3bc636c6ea9a96ac3b3b443072cf8df870eaa648c2d15a8e0771dbe85278b

SHA512
6665b426ad5d03fcae42197412a879eeb2852902e118a5c630f460ce611e813b89025a93d18c0068ae55c7b701cef8008cd54e9fadd94f1e8e5eb569b97562c4

Download Submit
C:\Windows\system\JEkIVJu.exe

Filesize
6.0MB

MD5
30634e6729712e0cdd3abbe3d2fc5c2b

SHA1
c7a6f05061f926acbfb7d1784188ef0778a63f12

SHA256
c524174888bfc0b36c1139cdfc0ea922e2096a9bac8526395c69fee6476b619e

SHA512
d8cba6d4909bb315187b582177796963d40d48b9665967a1b6180f46bc54aadb40637233b3b0c67b32c903ae4e74d459d4b52dd9c02ad966c479b4f7d01bdf68

Download Submit
C:\Windows\system\KYiRTaz.exe

Filesize
6.0MB

MD5
a38313c4891eed94a2bcf3ddee3f967b

SHA1
2640dd2d6934d47e4c48d67389ad21c6224e44d1

SHA256
b6b644a8f77ab1c58d593041362f0dc1b0161d43725ff44c5e84e5bcd7b076e7

SHA512
798acaddea4e57849582e6b71863d6091e3a5692bdfb4bf609e2c4501a3cdc70b1b8ffa11a05f8648f05d294bfe653d1d8b6ae221ab7c98a0742d6c7a8f0bee5

Download Submit
C:\Windows\system\LjuIZjd.exe

Filesize
6.0MB

MD5
ecc5ffacafea73cb057da1dfc10747bd

SHA1
92df37a42e7eca76641872d60aba1795a0b8109a

SHA256
525f363a283dd67e519ab924535831f2a86ec7ffba1f32c029d171a3ef58716e

SHA512
7a94e3387eb38a4eb70344f6d51a9ad6fa2e34b363ba9f9b777d823d46bd075205956fdad0b6df9952813043e07a3c8e8f52a9a719b0320597a2f8753fbe4f71

Download Submit
C:\Windows\system\QxvipCd.exe

Filesize
6.0MB

MD5
3545fb8a8a09d5cd5de84f0ee67fbdd3

SHA1
a35274f1914cb7f2d0518c59584bedd562dafbad

SHA256
57ee7c624acb47acd0663154b68aa5f2afbbd314bd4508fd0d52335653bd0de0

SHA512
a10f2c589eb6606f725ef56a1f4ff07da17d2e6d6aa450083503db7d18172347cb6d1ad11a15d3ee5a87978a24b3de1a91bd39cc20937520e697172e08b1fec5

Download Submit
C:\Windows\system\RAUQFpJ.exe

Filesize
6.0MB

MD5
7e92c02e765362228dedcf1321c3fa36

SHA1
69c72efd1fcc1c78274a17ebd4fdc176760b5703

SHA256
1e27221a3e855b4da504ddaf00e04d0f63c474a09c5968735b742d1beda0f129

SHA512
b0953045c8f54daef69abac1b7224bb25b21540f6755ef4ed5208174ab74bbc7f4af5ad2e548f977eb5d3b67dbce5b2a0ca4a8c01e357842736b59d03060cfed

Download Submit
C:\Windows\system\SqUxCfk.exe

Filesize
6.0MB

MD5
4ef20632341ed10cf1ef7ec10562a31d

SHA1
3a679d0fb02fbb33192ee004cfcba1a040c66995

SHA256
15f48731cb01e1de188ca72aec4dca51edb3ec7cf0150583f3b5ae459e83cdc6

SHA512
21e8344c130f6ed74322223d75f94e4f3fac51da3f1534210b021dfbcd0cbb98c74f881b98cd79e55ae1d790983be7e47819399528f310bbe5d79a28ab938e4a

Download Submit
C:\Windows\system\VhbcSOk.exe

Filesize
6.0MB

MD5
045cecca0c66ca0eafab4a5f66a62969

SHA1
e24817d1e2ba1405324d829532595b17b83f3a43

SHA256
30d8890feebb3b1dda047c2d7fb151a4298911fb298ef4d1498e03be88c785f2

SHA512
01b20eb51af35ac00bca6e2d657d9bc40dded7e83eb6c18b7208fafc53134fcc2279ad6fa4b802159d071f0df5a80b50c20f8bac76ed7c29a4d214fb26e3eba5

Download Submit
C:\Windows\system\Vhmrinw.exe

Filesize
6.0MB

MD5
7cf80c3a685ffb20f4330c4c49f19f52

SHA1
5bcf036951ddb3bd80f5cdbd606c1394d93e2725

SHA256
e588766255bc90de551e0de10dd36c01e8e04ab0ed78e2fa17bd892f115d4060

SHA512
5a1b5d54173dc3e40ce4361a92092ece6e90b4df666993bca8e37fb8e909a9d08f06125ccebc33f87f8d9346ae86d505e6319e2a55e5f6c229f32682f44ddece

Download Submit
C:\Windows\system\VkXWXjy.exe

Filesize
6.0MB

MD5
62e46336f357770f2bd460439bec745b

SHA1
c57d158d3b930884440f9d9c75637e8887bd8d96

SHA256
10046efaabf6ed16b5ae84272a860fd9bc70e4860a159cf622803145c138edb2

SHA512
063dd68a2e70da44ecdda9ce41f16328f39783215834b6417f1b9c3bbed66713a55c03e33c50a6d9035bc3950455b2fae9d3eee29ff8a8af41cb10ef903ce8bb

Download Submit
C:\Windows\system\VzqjYHK.exe

Filesize
6.0MB

MD5
c5b54b0423b5fa7bc3a073823bedcbf7

SHA1
d18e96c432d0034de705ff6e278fb16d0ca49d5f

SHA256
e7331d432237020cf451eb06486c0154188f4cfa1b7fe2867715692250355485

SHA512
08e0e768b19ae457e9727ac77480f61fb835c6c3ad552fc62f9ad6ee338802bbd243c0b1a3359dc7bec26673ed335c27c2f72e60c88f9f6477358c4620aa62cb

Download Submit
C:\Windows\system\WMVavVw.exe

Filesize
6.0MB

MD5
bb738d35811023f7fddc5d27caa99423

SHA1
c7861b99aecaf09044eb8593759e4e079ab65609

SHA256
5aedc34b2d93b185bdcb101a07bd39915fd7c9fc25b7d73ce3cce55c62c4254c

SHA512
85e6027c9a841ddf98be1c84f39357fc2fe724d82fb2a3dc6d8ca08777302806b57d3b349fa996a3cee1ef5175b7c8c10dac072b97b7f5b32db1b2aafb4ecba4

Download Submit
C:\Windows\system\dmEkQnN.exe

Filesize
6.0MB

MD5
25367f60fc2a62532033f5e680dc93b7

SHA1
d6840095628aeed47586d6efc75752b2f5b6de4b

SHA256
9b778ecb7eb1017aa884fddad03a573f79e074a27d6501e3de3c09fef5972b04

SHA512
b1e4c41d274c39efe9b98921c57a1ae7749b7e15504cdbea945d8f308877146206c285b1adeecd1f27d51c9c76d0f99ea17b019cabe874411d9b0cdf6c4469c0

Download Submit
C:\Windows\system\fKSEvHn.exe

Filesize
6.0MB

MD5
0856cab678a3b5ee8caf0da40809defe

SHA1
52afd2a5ddaf39e417f9f444c4af6acd3b5f00df

SHA256
e85d839a82e81bbb8654163f28039dd871dea8af2e96819860a7050eff3d3599

SHA512
9e2b5d4d117a0e0f634742cc1900288ba534c825d3e91e6b95f8a7f04904ada95a424927403aa8f95f9c5cf29abec8d6effa632c35c0048914805992fdf5eff2

Download Submit
C:\Windows\system\fZwfYBs.exe

Filesize
6.0MB

MD5
c4533d3e60189007bc2e4a34daf13f9c

SHA1
d3df2603f86f8e46892409e42c45ed59348bf79a

SHA256
e7b1c91795559d54d1ded5afb3356e6c3a598e34458910449d39c8f818f9aa01

SHA512
1aaeba09fc5ff6d06fcd90105fdbd5f46a70c186e98b247fbc8a6b0f5ce83eee8f1fae91f26fba04cb247cac120abf002463e59b2ccee51c3ced67639b93a4ae

Download Submit
C:\Windows\system\kmoIrgo.exe

Filesize
6.0MB

MD5
afff1dc7e2277c002de61066801d480f

SHA1
805c67e04c9d6b971cee5a64e5453ecb329c2d01

SHA256
2550fe7763bac36e5679f07ebaa45537f7b83cb3cb02a7d3f921e35b6a910be6

SHA512
fec72c75be90cbdf28771af5d5502869154b6e29b885c73b54a5d19ffff461469f294da8a888464ef50d92e13fb4eb3e25e99704ee407134091d1dc620965f37

Download Submit
C:\Windows\system\lTvMIJO.exe

Filesize
6.0MB

MD5
a723cad4d26637b93da32240877b324a

SHA1
5796eaed0d8c724f5300a20c79c9c8a81ecb67e1

SHA256
fc241d0a475b508632cef155dd94381929549bb2213a30ff4a742e017e9190db

SHA512
b0d13938ac084b99926a7e848f3bc88d2a257e20331aabd348c473ce1e1e2f7ad20be4b764587b74859171d9315d8dc8f253e4668b1a438de86f8e34316d1bdc

Download Submit
C:\Windows\system\oWjQgKO.exe

Filesize
6.0MB

MD5
8e322bd8a751fca7bb0960ed715e3f8e

SHA1
023a10dc23fcaa5b0d6e1d85782012c5a39d6a35

SHA256
77ca5b6d2986abf139fcc72829e5bcd0db9bf65eb089d712ee7841e24c8991f5

SHA512
2f73ff99da9f0b438e41cb3a84e52d6503788805da44607aeac937cfd29b49e99969eaa8bea8fadcf8d2daade7960d948657e6436d9ebe21c06000e490768ee8

Download Submit
C:\Windows\system\qwGIHKR.exe

Filesize
6.0MB

MD5
a8e35ef1a52f4ac5ebedc11f2171f1ce

SHA1
8f92a28e184a64ef8276cff04434bd51bc716839

SHA256
8663c97da932e7bd09cf1a2b1f339303e1cbf91a76af88721d70b2a182147982

SHA512
f4fb319565a98b699ac01564a45c40dbf05d121d1b8ffdffe281f6c718715eb87f003c663a988911dd0f3655ed4a6a1325e9724cd4fca841a912baeb184356e9

Download Submit
C:\Windows\system\rMpXvNK.exe

Filesize
6.0MB

MD5
323417ea5a8a86a35b52c72a1add92f4

SHA1
c06e27365d1f6cbd9c412426d9d68ef686e4707b

SHA256
b146a40452393a62115fbc9eed602c0c19fcb1ca8f147a4ca97189b6daabd790

SHA512
7c5299360b652da3655387305554937b9524e03f93c2bac6c28e0b9c022b79fdcb809bee31f5f7025d7742fcde9b3662e6ca8e00e718438d3e3d65f918dc8cb1

Download Submit
C:\Windows\system\svfAFuq.exe

Filesize
6.0MB

MD5
55a312002ecb7694a5b1cbc5889e2993

SHA1
20e365c912e7ad7687850a68ed843b152d4e2b06

SHA256
82741a35bfef6bfa8c2b15f6e76ac177a915ad4f36e0f31b04c5623df9ebee86

SHA512
b9f8d69dfa134ea761b0bd74187c2597b52fae2246470f246155d4120080c6f625d4cd0387c03dfbbf3f15ff9c4a3287870fdbcd34fcad6ec249f9fb85cebb09

Download Submit
C:\Windows\system\tTDRqKK.exe

Filesize
6.0MB

MD5
d064946867e1bf2674d5002baedf6109

SHA1
89218080d3869e781041ce86366d302f089dd9ad

SHA256
abcceb9f1f4d7242848e3ea7b0b6e58a0ea3e97d20bbb9f2a2c89fa9631aa56d

SHA512
9b48ed50400d93e6e2e2c394e1530e231af9de633a081428b8c3c4bacc0422849d3d840d8b78bc5c4c6d7644f6d36497188406d4a764487d148983aeed05c270

Download Submit
C:\Windows\system\vtAxVXJ.exe

Filesize
6.0MB

MD5
c92c07325e0cd1086bf1d71969b926e0

SHA1
9b0647513e9b84f1bdade5c6091dbeb6fd18e97d

SHA256
0809e8aa283a1164783d8f14c40069b7f053f2aa165357486362c737b92e31fa

SHA512
a000b4fe70ae21c141ca219a1567c4dc573ab7428eae015ed7e906f3f6e0c6772b2838f9984baa9c30d3fdc703fca92247578b56ab119d443132741bee8b0a39

Download Submit
C:\Windows\system\yIDjESw.exe

Filesize
6.0MB

MD5
465e2693aef08c2b004c93cf2c931746

SHA1
0c2cfad99ed96d6a25fc5ebd309600e68c571139

SHA256
ddc61e20a39e187bf285edc9b8d195e851e5240251607d358222a89e4e5a9085

SHA512
b006116734d74271784fc68399e453b60fe6e96c6d285c8c81c32b43cd741bacd68ab54265eb2f2e4e53c544d5d2db7a0fa4d7424e197844dc7d99e8ad1445f1

Download Submit
\Windows\system\KXyvXli.exe

Filesize
6.0MB

MD5
e2ec749ae37fadc0212ba6006aa6df95

SHA1
72ddda11540767589c3b17e78aa8a1e803306d0f

SHA256
1498aa6d125c40ef29efb0504bce6a6827712e20d7098233777ad36d1c84ec15

SHA512
f99cb533ad9440cb485f48c2631198cae1720352aa2b62347164058badf49c184f9fbe7304f5c6b65a685623621dce9e964c6004c1e2189805f701dfb03663fd

Download Submit
\Windows\system\jXOezea.exe

Filesize
6.0MB

MD5
5d78e4953fa3c0f069041ee1505dd86b

SHA1
cebfc1447768e4073435ff6c2e96ddc5a1441bbb

SHA256
1dd2e8a7f5a7b2452c43fe940a8bdee2d263d41f10ab3b87c8c2f6acc72b2c59

SHA512
4e704337bc6a8938dff37b121253b7fce91b3ad68ed540f6f7899f7cce76f99d4fd23ccd1309b6f8bbef7d610ffae9949964182c4f119fe69deff3fddb585698

Download Submit
\Windows\system\suknthl.exe

Filesize
6.0MB

MD5
3416ffa2b1664fc550f20a3adc997fa0

SHA1
95ef1225a602f23de47b5899999aa65815a5df4f

SHA256
8492aba6b6c01f07b066de01de5a78f666cec0a75799ee20d42229e32bee8129

SHA512
97d3a2ab73da3aa0f5ead27edd9913cdc3fd06616b45d7af60060c62c445019a32a1617cd233b3698d8c208664cdc8b20edf9e4b69adfd4ed906ad99b76dcaa9

Download Submit
\Windows\system\vFEJyam.exe

Filesize
6.0MB

MD5
fed06e0bc16f63560372dfa5edc1dd98

SHA1
695c801f01cbdf4cee83cdfd3276f9e24bedf6c5

SHA256
057deabcbefc88d5da99a9aa281ddb7d3b4c1a194c171719fab85a45f23273f8

SHA512
c6aeb21cb77463d5312f262ee78c600ae38336da800e3260e6f9a279cf12e5593eae6e45cd2117aa32c38cc799784122164878dd4b06c76fad4dce007d4a8014

Download Submit
memory/896-79-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/896-383-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/896-3630-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1556-44-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1556-8-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1556-3521-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1712-83-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1712-46-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1712-466-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-18-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-646-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-91-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-792-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-0-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1712-23-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-35-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-1-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-100-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-92-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-6-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-53-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-62-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-101-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-29-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-104-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-67-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-3626-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-3633-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-96-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-731-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-3629-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-87-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-555-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3538-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2244-50-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2244-14-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2292-3592-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2292-244-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-78-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-3554-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-43-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-58-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3577-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-95-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3540-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2836-66-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2836-27-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2876-105-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3641-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-871-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-70-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2932-38-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3632-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3628-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2952-51-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2952-86-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/3024-3550-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/3024-20-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/3024-57-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download