cobaltstrike | cf15bf206831c5d4547801241e49cf8fcee5e2e31c4824418001cda78ac63ad0

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

98c771113d3f5d243156b95840e13776
SHA1

a03e0ae4f45986984f4d6a5c81af3092ec532d0b
SHA256

cf15bf206831c5d4547801241e49cf8fcee5e2e31c4824418001cda78ac63ad0
SHA512

e3cd5a57633a9344c4a2979e995a8ade0cab124bf9e4d9d85595d50872be657fe6826d20dd7cd72a18fe257b047cd4302c579639afc74bfbc381eda2cebe5e8e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUd:T+q56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012116-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d06-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0e-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d21-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3a-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d5e-60.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c9d-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-81.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ea-73.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d4a-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d42-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d31-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1628-0-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-3.dat	xmrig
behavioral1/files/0x0008000000016d06-7.dat	xmrig
behavioral1/memory/1652-14-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d0e-9.dat	xmrig
behavioral1/memory/1216-18-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2224-21-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d21-22.dat	xmrig
behavioral1/memory/2728-27-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2744-34-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d3a-37.dat	xmrig
behavioral1/memory/1628-46-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2832-45-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d5e-60.dat	xmrig
behavioral1/memory/2728-63-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c9d-67.dat	xmrig
behavioral1/memory/1924-78-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2832-82-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0005000000018728-95.dat	xmrig
behavioral1/files/0x0006000000019023-123.dat	xmrig
behavioral1/files/0x0005000000019282-148.dat	xmrig
behavioral1/files/0x0005000000019431-176.dat	xmrig
behavioral1/memory/1916-528-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/296-738-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x000500000001944f-184.dat	xmrig
behavioral1/files/0x0005000000019461-189.dat	xmrig
behavioral1/files/0x000500000001941e-170.dat	xmrig
behavioral1/files/0x0005000000019441-183.dat	xmrig
behavioral1/files/0x00050000000193c2-158.dat	xmrig
behavioral1/files/0x0005000000019350-157.dat	xmrig
behavioral1/files/0x0005000000019427-174.dat	xmrig
behavioral1/files/0x000500000001925e-138.dat	xmrig
behavioral1/files/0x0005000000019261-134.dat	xmrig
behavioral1/files/0x00050000000193e1-162.dat	xmrig
behavioral1/files/0x00050000000193b4-152.dat	xmrig
behavioral1/files/0x0005000000019334-141.dat	xmrig
behavioral1/files/0x00050000000187a5-119.dat	xmrig
behavioral1/files/0x0005000000018784-109.dat	xmrig
behavioral1/files/0x000500000001878f-114.dat	xmrig
behavioral1/files/0x000500000001873d-102.dat	xmrig
behavioral1/memory/2952-99-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/296-91-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x00050000000186fd-89.dat	xmrig
behavioral1/memory/1916-84-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ee-81.dat	xmrig
behavioral1/memory/2840-76-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2652-70-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186ea-73.dat	xmrig
behavioral1/memory/1468-62-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2888-56-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2224-54-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d4a-52.dat	xmrig
behavioral1/files/0x0007000000016d42-43.dat	xmrig
behavioral1/memory/2840-39-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d31-31.dat	xmrig
behavioral1/memory/1216-3418-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/1652-3428-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2224-3444-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2744-3460-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2888-3485-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2840-3498-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2832-3503-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/1468-3534-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/1924-3533-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1652	HCVvNom.exe
1216	MyRmddS.exe
2224	SkYhYiG.exe
2728	jtPiulA.exe
2744	jfDojmf.exe
2840	dhLDPjQ.exe
2832	tBaSSpX.exe
2888	SMHYrdl.exe
1468	kYiwxNg.exe
2652	tLYEsTS.exe
1924	uhurSYT.exe
1916	yLtcIhc.exe
296	QxvQseJ.exe
2952	tBRHXds.exe
2876	RYkZyVE.exe
2812	QilFLOc.exe
2980	redIrEr.exe
3012	JCpQTES.exe
2356	MhZWiSB.exe
2028	DOpvlQJ.exe
2976	xTagmSz.exe
1744	LKqSGAI.exe
2020	FpjXDTO.exe
576	DWnZRSV.exe
2108	LNuMBUc.exe
1444	YYMpczX.exe
1016	dWkFUJy.exe
2620	xrDImuw.exe
1124	nvhhIeF.exe
2160	eguYXVr.exe
2068	Pxqzsvi.exe
348	vBmOFgZ.exe
2336	XHBCQuP.exe
1552	eRfpEgX.exe
680	EJaEeqQ.exe
1248	CXsqCBj.exe
1476	HYkuxjq.exe
2604	NVuMWoA.exe
3068	MDjVwZk.exe
908	lfTrhpk.exe
2480	XzbVWyf.exe
2468	MflNLAA.exe
2416	ksSpNRc.exe
2308	gqJmYQt.exe
1448	JuipUUX.exe
1836	lsXxRDZ.exe
2528	lLoQiwG.exe
836	kofNdpL.exe
1688	aFWiafJ.exe
1436	tGGmwhd.exe
1948	vhXVgPz.exe
1804	SoFINxo.exe
1536	zUecNbz.exe
1460	prVMmRX.exe
2780	SDKfOwg.exe
2920	PAzerKD.exe
2680	VPPvzgV.exe
1760	GlFggrf.exe
2992	dtmQzvt.exe
1668	UzyFKSz.exe
2384	IjqygID.exe
1640	EmwNySK.exe
1088	pYcTrAl.exe
2176	gyCZKoC.exe

Loads dropped DLL 64 IoCs

pid	Process
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1628-0-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x0007000000012116-3.dat	upx
behavioral1/files/0x0008000000016d06-7.dat	upx
behavioral1/memory/1652-14-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0008000000016d0e-9.dat	upx
behavioral1/memory/1216-18-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2224-21-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0008000000016d21-22.dat	upx
behavioral1/memory/2728-27-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2744-34-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x0007000000016d3a-37.dat	upx
behavioral1/memory/1628-46-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2832-45-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0008000000016d5e-60.dat	upx
behavioral1/memory/2728-63-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x0008000000016c9d-67.dat	upx
behavioral1/memory/1924-78-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2832-82-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0005000000018728-95.dat	upx
behavioral1/files/0x0006000000019023-123.dat	upx
behavioral1/files/0x0005000000019282-148.dat	upx
behavioral1/files/0x0005000000019431-176.dat	upx
behavioral1/memory/1916-528-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/296-738-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000500000001944f-184.dat	upx
behavioral1/files/0x0005000000019461-189.dat	upx
behavioral1/files/0x000500000001941e-170.dat	upx
behavioral1/files/0x0005000000019441-183.dat	upx
behavioral1/files/0x00050000000193c2-158.dat	upx
behavioral1/files/0x0005000000019350-157.dat	upx
behavioral1/files/0x0005000000019427-174.dat	upx
behavioral1/files/0x000500000001925e-138.dat	upx
behavioral1/files/0x0005000000019261-134.dat	upx
behavioral1/files/0x00050000000193e1-162.dat	upx
behavioral1/files/0x00050000000193b4-152.dat	upx
behavioral1/files/0x0005000000019334-141.dat	upx
behavioral1/files/0x00050000000187a5-119.dat	upx
behavioral1/files/0x0005000000018784-109.dat	upx
behavioral1/files/0x000500000001878f-114.dat	upx
behavioral1/files/0x000500000001873d-102.dat	upx
behavioral1/memory/2952-99-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/296-91-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x00050000000186fd-89.dat	upx
behavioral1/memory/1916-84-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x00050000000186ee-81.dat	upx
behavioral1/memory/2840-76-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2652-70-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x00060000000186ea-73.dat	upx
behavioral1/memory/1468-62-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2888-56-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2224-54-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0009000000016d4a-52.dat	upx
behavioral1/files/0x0007000000016d42-43.dat	upx
behavioral1/memory/2840-39-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0007000000016d31-31.dat	upx
behavioral1/memory/1216-3418-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/1652-3428-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2224-3444-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2744-3460-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2888-3485-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2840-3498-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2832-3503-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/1468-3534-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/1924-3533-0x000000013FE30000-0x0000000140184000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rFxLulC.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdEtdoo.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHhDtBq.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISSrZXw.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRSJdPj.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrZYQbU.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfVjeCI.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWhSCpG.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ouYZWaX.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpNRvOI.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFiKMyD.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLbVqQN.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdPvqxq.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\derWPPc.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKubGyM.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkgOdTw.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyJwRLs.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMLkMnS.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhUOSDK.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLxZgmI.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZAQIAHZ.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArYPAGJ.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdUcVUF.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bmQSsEp.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vEWavZX.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FycppRb.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRXikUF.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwGZxRV.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbPFeKp.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWOxldF.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVZMGci.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQxtvGG.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kofNdpL.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\apQwcQm.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PISimzK.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWzzemp.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIFopYH.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLtcIhc.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKOtlCa.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SubItSq.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaxgSvB.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cecTokN.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxMQACp.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpdnBNQ.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdODbko.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkUdRZn.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsNQhTu.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iujTUtG.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xeJjmNl.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilXzaZM.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocNKhDF.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOtrgIF.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHrxSoH.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZsAcmA.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lYHlwgP.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVqbQZE.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvlvrwv.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFKYPPu.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSVWFpH.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FpjXDTO.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MflNLAA.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhNXXsD.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXRDpfe.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgbtHbN.exe	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 1652	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1628 wrote to memory of 1652	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1628 wrote to memory of 1652	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1628 wrote to memory of 1216	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1628 wrote to memory of 1216	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1628 wrote to memory of 1216	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1628 wrote to memory of 2224	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1628 wrote to memory of 2224	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1628 wrote to memory of 2224	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1628 wrote to memory of 2728	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1628 wrote to memory of 2728	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1628 wrote to memory of 2728	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1628 wrote to memory of 2744	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1628 wrote to memory of 2744	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1628 wrote to memory of 2744	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1628 wrote to memory of 2840	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1628 wrote to memory of 2840	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1628 wrote to memory of 2840	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1628 wrote to memory of 2832	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1628 wrote to memory of 2832	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1628 wrote to memory of 2832	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1628 wrote to memory of 2888	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1628 wrote to memory of 2888	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1628 wrote to memory of 2888	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1628 wrote to memory of 1468	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1628 wrote to memory of 1468	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1628 wrote to memory of 1468	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1628 wrote to memory of 2652	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1628 wrote to memory of 2652	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1628 wrote to memory of 2652	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1628 wrote to memory of 1924	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1628 wrote to memory of 1924	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1628 wrote to memory of 1924	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1628 wrote to memory of 1916	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1628 wrote to memory of 1916	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1628 wrote to memory of 1916	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1628 wrote to memory of 296	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1628 wrote to memory of 296	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1628 wrote to memory of 296	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1628 wrote to memory of 2952	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1628 wrote to memory of 2952	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1628 wrote to memory of 2952	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1628 wrote to memory of 2876	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1628 wrote to memory of 2876	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1628 wrote to memory of 2876	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1628 wrote to memory of 2812	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1628 wrote to memory of 2812	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1628 wrote to memory of 2812	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1628 wrote to memory of 2980	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1628 wrote to memory of 2980	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1628 wrote to memory of 2980	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1628 wrote to memory of 3012	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1628 wrote to memory of 3012	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1628 wrote to memory of 3012	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1628 wrote to memory of 2356	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1628 wrote to memory of 2356	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1628 wrote to memory of 2356	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1628 wrote to memory of 2976	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1628 wrote to memory of 2976	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1628 wrote to memory of 2976	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1628 wrote to memory of 2028	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1628 wrote to memory of 2028	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1628 wrote to memory of 2028	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1628 wrote to memory of 2020	1628	2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_98c771113d3f5d243156b95840e13776_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Windows\System\HCVvNom.exe
  C:\Windows\System\HCVvNom.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\MyRmddS.exe
  C:\Windows\System\MyRmddS.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\SkYhYiG.exe
  C:\Windows\System\SkYhYiG.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\jtPiulA.exe
  C:\Windows\System\jtPiulA.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\jfDojmf.exe
  C:\Windows\System\jfDojmf.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\dhLDPjQ.exe
  C:\Windows\System\dhLDPjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\tBaSSpX.exe
  C:\Windows\System\tBaSSpX.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\SMHYrdl.exe
  C:\Windows\System\SMHYrdl.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\kYiwxNg.exe
  C:\Windows\System\kYiwxNg.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\tLYEsTS.exe
  C:\Windows\System\tLYEsTS.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\uhurSYT.exe
  C:\Windows\System\uhurSYT.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\yLtcIhc.exe
  C:\Windows\System\yLtcIhc.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\QxvQseJ.exe
  C:\Windows\System\QxvQseJ.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\tBRHXds.exe
  C:\Windows\System\tBRHXds.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\RYkZyVE.exe
  C:\Windows\System\RYkZyVE.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\QilFLOc.exe
  C:\Windows\System\QilFLOc.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\redIrEr.exe
  C:\Windows\System\redIrEr.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\JCpQTES.exe
  C:\Windows\System\JCpQTES.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\MhZWiSB.exe
  C:\Windows\System\MhZWiSB.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\xTagmSz.exe
  C:\Windows\System\xTagmSz.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\DOpvlQJ.exe
  C:\Windows\System\DOpvlQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\FpjXDTO.exe
  C:\Windows\System\FpjXDTO.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\LKqSGAI.exe
  C:\Windows\System\LKqSGAI.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\LNuMBUc.exe
  C:\Windows\System\LNuMBUc.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\DWnZRSV.exe
  C:\Windows\System\DWnZRSV.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\YYMpczX.exe
  C:\Windows\System\YYMpczX.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\dWkFUJy.exe
  C:\Windows\System\dWkFUJy.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\xrDImuw.exe
  C:\Windows\System\xrDImuw.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\nvhhIeF.exe
  C:\Windows\System\nvhhIeF.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\Pxqzsvi.exe
  C:\Windows\System\Pxqzsvi.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\eguYXVr.exe
  C:\Windows\System\eguYXVr.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\XHBCQuP.exe
  C:\Windows\System\XHBCQuP.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\vBmOFgZ.exe
  C:\Windows\System\vBmOFgZ.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\eRfpEgX.exe
  C:\Windows\System\eRfpEgX.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\EJaEeqQ.exe
  C:\Windows\System\EJaEeqQ.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\CXsqCBj.exe
  C:\Windows\System\CXsqCBj.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\HYkuxjq.exe
  C:\Windows\System\HYkuxjq.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\NVuMWoA.exe
  C:\Windows\System\NVuMWoA.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\MDjVwZk.exe
  C:\Windows\System\MDjVwZk.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\lfTrhpk.exe
  C:\Windows\System\lfTrhpk.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\XzbVWyf.exe
  C:\Windows\System\XzbVWyf.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\MflNLAA.exe
  C:\Windows\System\MflNLAA.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ksSpNRc.exe
  C:\Windows\System\ksSpNRc.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\gqJmYQt.exe
  C:\Windows\System\gqJmYQt.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\JuipUUX.exe
  C:\Windows\System\JuipUUX.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\lsXxRDZ.exe
  C:\Windows\System\lsXxRDZ.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\lLoQiwG.exe
  C:\Windows\System\lLoQiwG.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\kofNdpL.exe
  C:\Windows\System\kofNdpL.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\aFWiafJ.exe
  C:\Windows\System\aFWiafJ.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\SoFINxo.exe
  C:\Windows\System\SoFINxo.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\tGGmwhd.exe
  C:\Windows\System\tGGmwhd.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\EmwNySK.exe
  C:\Windows\System\EmwNySK.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\vhXVgPz.exe
  C:\Windows\System\vhXVgPz.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\bBvPpLU.exe
  C:\Windows\System\bBvPpLU.exe
  2⤵
  PID:2568
- C:\Windows\System\zUecNbz.exe
  C:\Windows\System\zUecNbz.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\NXcbZuM.exe
  C:\Windows\System\NXcbZuM.exe
  2⤵
  PID:1680
- C:\Windows\System\prVMmRX.exe
  C:\Windows\System\prVMmRX.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\jWAUbgv.exe
  C:\Windows\System\jWAUbgv.exe
  2⤵
  PID:2508
- C:\Windows\System\SDKfOwg.exe
  C:\Windows\System\SDKfOwg.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\aFootqk.exe
  C:\Windows\System\aFootqk.exe
  2⤵
  PID:2340
- C:\Windows\System\PAzerKD.exe
  C:\Windows\System\PAzerKD.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\YwLpyEY.exe
  C:\Windows\System\YwLpyEY.exe
  2⤵
  PID:2892
- C:\Windows\System\VPPvzgV.exe
  C:\Windows\System\VPPvzgV.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ocnyPHQ.exe
  C:\Windows\System\ocnyPHQ.exe
  2⤵
  PID:1224
- C:\Windows\System\GlFggrf.exe
  C:\Windows\System\GlFggrf.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\sXGqlRg.exe
  C:\Windows\System\sXGqlRg.exe
  2⤵
  PID:2500
- C:\Windows\System\dtmQzvt.exe
  C:\Windows\System\dtmQzvt.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\gfwHZRt.exe
  C:\Windows\System\gfwHZRt.exe
  2⤵
  PID:2704
- C:\Windows\System\UzyFKSz.exe
  C:\Windows\System\UzyFKSz.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\apQwcQm.exe
  C:\Windows\System\apQwcQm.exe
  2⤵
  PID:3052
- C:\Windows\System\IjqygID.exe
  C:\Windows\System\IjqygID.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\EHmSbxA.exe
  C:\Windows\System\EHmSbxA.exe
  2⤵
  PID:264
- C:\Windows\System\pYcTrAl.exe
  C:\Windows\System\pYcTrAl.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\vAJsCju.exe
  C:\Windows\System\vAJsCju.exe
  2⤵
  PID:884
- C:\Windows\System\gyCZKoC.exe
  C:\Windows\System\gyCZKoC.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\vEWavZX.exe
  C:\Windows\System\vEWavZX.exe
  2⤵
  PID:2616
- C:\Windows\System\cjzjLnL.exe
  C:\Windows\System\cjzjLnL.exe
  2⤵
  PID:1244
- C:\Windows\System\sIDcaZt.exe
  C:\Windows\System\sIDcaZt.exe
  2⤵
  PID:1084
- C:\Windows\System\BBIlsxK.exe
  C:\Windows\System\BBIlsxK.exe
  2⤵
  PID:1584
- C:\Windows\System\tzoHZfa.exe
  C:\Windows\System\tzoHZfa.exe
  2⤵
  PID:1108
- C:\Windows\System\GHrxSoH.exe
  C:\Windows\System\GHrxSoH.exe
  2⤵
  PID:1228
- C:\Windows\System\MgdzQjr.exe
  C:\Windows\System\MgdzQjr.exe
  2⤵
  PID:1588
- C:\Windows\System\gRXikUF.exe
  C:\Windows\System\gRXikUF.exe
  2⤵
  PID:1376
- C:\Windows\System\HsLjbwV.exe
  C:\Windows\System\HsLjbwV.exe
  2⤵
  PID:1596
- C:\Windows\System\vFrKnhr.exe
  C:\Windows\System\vFrKnhr.exe
  2⤵
  PID:280
- C:\Windows\System\WXigQon.exe
  C:\Windows\System\WXigQon.exe
  2⤵
  PID:568
- C:\Windows\System\rHBvBnI.exe
  C:\Windows\System\rHBvBnI.exe
  2⤵
  PID:2284
- C:\Windows\System\qJRAdXb.exe
  C:\Windows\System\qJRAdXb.exe
  2⤵
  PID:1748
- C:\Windows\System\RBZFAuf.exe
  C:\Windows\System\RBZFAuf.exe
  2⤵
  PID:1540
- C:\Windows\System\LWCIkiI.exe
  C:\Windows\System\LWCIkiI.exe
  2⤵
  PID:2820
- C:\Windows\System\sInfVpN.exe
  C:\Windows\System\sInfVpN.exe
  2⤵
  PID:2904
- C:\Windows\System\WgcAJjP.exe
  C:\Windows\System\WgcAJjP.exe
  2⤵
  PID:1932
- C:\Windows\System\wNJKbOr.exe
  C:\Windows\System\wNJKbOr.exe
  2⤵
  PID:3024
- C:\Windows\System\mDYhjgP.exe
  C:\Windows\System\mDYhjgP.exe
  2⤵
  PID:2732
- C:\Windows\System\ODpgyyw.exe
  C:\Windows\System\ODpgyyw.exe
  2⤵
  PID:2056
- C:\Windows\System\LrCitxr.exe
  C:\Windows\System\LrCitxr.exe
  2⤵
  PID:2288
- C:\Windows\System\TyVFWVb.exe
  C:\Windows\System\TyVFWVb.exe
  2⤵
  PID:2428
- C:\Windows\System\wVcRSHy.exe
  C:\Windows\System\wVcRSHy.exe
  2⤵
  PID:2184
- C:\Windows\System\MhcSsbE.exe
  C:\Windows\System\MhcSsbE.exe
  2⤵
  PID:2400
- C:\Windows\System\YjYWusd.exe
  C:\Windows\System\YjYWusd.exe
  2⤵
  PID:1096
- C:\Windows\System\EwGZxRV.exe
  C:\Windows\System\EwGZxRV.exe
  2⤵
  PID:2372
- C:\Windows\System\beXmhwO.exe
  C:\Windows\System\beXmhwO.exe
  2⤵
  PID:2144
- C:\Windows\System\OINdioa.exe
  C:\Windows\System\OINdioa.exe
  2⤵
  PID:2828
- C:\Windows\System\BlSkXpF.exe
  C:\Windows\System\BlSkXpF.exe
  2⤵
  PID:1608
- C:\Windows\System\vbPgTKD.exe
  C:\Windows\System\vbPgTKD.exe
  2⤵
  PID:2912
- C:\Windows\System\WpllSkk.exe
  C:\Windows\System\WpllSkk.exe
  2⤵
  PID:3000
- C:\Windows\System\SaXpaTq.exe
  C:\Windows\System\SaXpaTq.exe
  2⤵
  PID:2448
- C:\Windows\System\UjXQjYb.exe
  C:\Windows\System\UjXQjYb.exe
  2⤵
  PID:300
- C:\Windows\System\nPvXNsy.exe
  C:\Windows\System\nPvXNsy.exe
  2⤵
  PID:1296
- C:\Windows\System\SnSCjwo.exe
  C:\Windows\System\SnSCjwo.exe
  2⤵
  PID:1424
- C:\Windows\System\advGfXN.exe
  C:\Windows\System\advGfXN.exe
  2⤵
  PID:1144
- C:\Windows\System\hqdIgsM.exe
  C:\Windows\System\hqdIgsM.exe
  2⤵
  PID:3044
- C:\Windows\System\BIYNzlu.exe
  C:\Windows\System\BIYNzlu.exe
  2⤵
  PID:2864
- C:\Windows\System\fwqOwAb.exe
  C:\Windows\System\fwqOwAb.exe
  2⤵
  PID:1912
- C:\Windows\System\fFpNRfL.exe
  C:\Windows\System\fFpNRfL.exe
  2⤵
  PID:3080
- C:\Windows\System\fhVGsTJ.exe
  C:\Windows\System\fhVGsTJ.exe
  2⤵
  PID:3096
- C:\Windows\System\XwzdbeY.exe
  C:\Windows\System\XwzdbeY.exe
  2⤵
  PID:3112
- C:\Windows\System\hUiRXLZ.exe
  C:\Windows\System\hUiRXLZ.exe
  2⤵
  PID:3128
- C:\Windows\System\ysPaksp.exe
  C:\Windows\System\ysPaksp.exe
  2⤵
  PID:3144
- C:\Windows\System\eKrrAdx.exe
  C:\Windows\System\eKrrAdx.exe
  2⤵
  PID:3160
- C:\Windows\System\iewMMuH.exe
  C:\Windows\System\iewMMuH.exe
  2⤵
  PID:3176
- C:\Windows\System\FRcgAND.exe
  C:\Windows\System\FRcgAND.exe
  2⤵
  PID:3192
- C:\Windows\System\FycppRb.exe
  C:\Windows\System\FycppRb.exe
  2⤵
  PID:3208
- C:\Windows\System\VRabFAq.exe
  C:\Windows\System\VRabFAq.exe
  2⤵
  PID:3224
- C:\Windows\System\udLmpeb.exe
  C:\Windows\System\udLmpeb.exe
  2⤵
  PID:3240
- C:\Windows\System\BKubGyM.exe
  C:\Windows\System\BKubGyM.exe
  2⤵
  PID:3260
- C:\Windows\System\ZjlJUfm.exe
  C:\Windows\System\ZjlJUfm.exe
  2⤵
  PID:3276
- C:\Windows\System\HQPjiAQ.exe
  C:\Windows\System\HQPjiAQ.exe
  2⤵
  PID:3292
- C:\Windows\System\DIfmjzt.exe
  C:\Windows\System\DIfmjzt.exe
  2⤵
  PID:3308
- C:\Windows\System\TiQVLwg.exe
  C:\Windows\System\TiQVLwg.exe
  2⤵
  PID:3324
- C:\Windows\System\DEAGlAK.exe
  C:\Windows\System\DEAGlAK.exe
  2⤵
  PID:3340
- C:\Windows\System\mbPUryL.exe
  C:\Windows\System\mbPUryL.exe
  2⤵
  PID:3356
- C:\Windows\System\aEPpyxp.exe
  C:\Windows\System\aEPpyxp.exe
  2⤵
  PID:3372
- C:\Windows\System\ZAQIAHZ.exe
  C:\Windows\System\ZAQIAHZ.exe
  2⤵
  PID:3388
- C:\Windows\System\RVwSSjb.exe
  C:\Windows\System\RVwSSjb.exe
  2⤵
  PID:3404
- C:\Windows\System\vcqisZr.exe
  C:\Windows\System\vcqisZr.exe
  2⤵
  PID:3420
- C:\Windows\System\QfwWIIT.exe
  C:\Windows\System\QfwWIIT.exe
  2⤵
  PID:3436
- C:\Windows\System\JLHZXBt.exe
  C:\Windows\System\JLHZXBt.exe
  2⤵
  PID:3452
- C:\Windows\System\WgWZMzM.exe
  C:\Windows\System\WgWZMzM.exe
  2⤵
  PID:3468
- C:\Windows\System\RZNcRNb.exe
  C:\Windows\System\RZNcRNb.exe
  2⤵
  PID:3484
- C:\Windows\System\RmFwLgo.exe
  C:\Windows\System\RmFwLgo.exe
  2⤵
  PID:3500
- C:\Windows\System\UPwlcSX.exe
  C:\Windows\System\UPwlcSX.exe
  2⤵
  PID:3516
- C:\Windows\System\zFjRXqw.exe
  C:\Windows\System\zFjRXqw.exe
  2⤵
  PID:3532
- C:\Windows\System\dBcEULH.exe
  C:\Windows\System\dBcEULH.exe
  2⤵
  PID:3548
- C:\Windows\System\yfsvVsI.exe
  C:\Windows\System\yfsvVsI.exe
  2⤵
  PID:3564
- C:\Windows\System\XPyNdgr.exe
  C:\Windows\System\XPyNdgr.exe
  2⤵
  PID:3580
- C:\Windows\System\oijEYdZ.exe
  C:\Windows\System\oijEYdZ.exe
  2⤵
  PID:3596
- C:\Windows\System\PBDifzN.exe
  C:\Windows\System\PBDifzN.exe
  2⤵
  PID:3612
- C:\Windows\System\PNinvWg.exe
  C:\Windows\System\PNinvWg.exe
  2⤵
  PID:3628
- C:\Windows\System\kghAUnk.exe
  C:\Windows\System\kghAUnk.exe
  2⤵
  PID:3644
- C:\Windows\System\gbMcbAU.exe
  C:\Windows\System\gbMcbAU.exe
  2⤵
  PID:3660
- C:\Windows\System\geUrztq.exe
  C:\Windows\System\geUrztq.exe
  2⤵
  PID:3676
- C:\Windows\System\wrRhKQx.exe
  C:\Windows\System\wrRhKQx.exe
  2⤵
  PID:3692
- C:\Windows\System\SmspaUA.exe
  C:\Windows\System\SmspaUA.exe
  2⤵
  PID:3708
- C:\Windows\System\DQvjBLs.exe
  C:\Windows\System\DQvjBLs.exe
  2⤵
  PID:3724
- C:\Windows\System\lXqnEVH.exe
  C:\Windows\System\lXqnEVH.exe
  2⤵
  PID:3740
- C:\Windows\System\JZFKopo.exe
  C:\Windows\System\JZFKopo.exe
  2⤵
  PID:3756
- C:\Windows\System\CpNvGex.exe
  C:\Windows\System\CpNvGex.exe
  2⤵
  PID:3772
- C:\Windows\System\rMPQoTG.exe
  C:\Windows\System\rMPQoTG.exe
  2⤵
  PID:3788
- C:\Windows\System\OYsEwDv.exe
  C:\Windows\System\OYsEwDv.exe
  2⤵
  PID:3804
- C:\Windows\System\RyDZTAt.exe
  C:\Windows\System\RyDZTAt.exe
  2⤵
  PID:3820
- C:\Windows\System\AWWWbis.exe
  C:\Windows\System\AWWWbis.exe
  2⤵
  PID:3836
- C:\Windows\System\keHDRyf.exe
  C:\Windows\System\keHDRyf.exe
  2⤵
  PID:3852
- C:\Windows\System\rJThGXT.exe
  C:\Windows\System\rJThGXT.exe
  2⤵
  PID:3868
- C:\Windows\System\FGJpixC.exe
  C:\Windows\System\FGJpixC.exe
  2⤵
  PID:3884
- C:\Windows\System\KLaFDNp.exe
  C:\Windows\System\KLaFDNp.exe
  2⤵
  PID:3900
- C:\Windows\System\iBZtEoF.exe
  C:\Windows\System\iBZtEoF.exe
  2⤵
  PID:3916
- C:\Windows\System\NcaLvYJ.exe
  C:\Windows\System\NcaLvYJ.exe
  2⤵
  PID:3932
- C:\Windows\System\NasDRGL.exe
  C:\Windows\System\NasDRGL.exe
  2⤵
  PID:3948
- C:\Windows\System\XIJgcIe.exe
  C:\Windows\System\XIJgcIe.exe
  2⤵
  PID:3964
- C:\Windows\System\YUmClTH.exe
  C:\Windows\System\YUmClTH.exe
  2⤵
  PID:3980
- C:\Windows\System\hHTjVpF.exe
  C:\Windows\System\hHTjVpF.exe
  2⤵
  PID:3996
- C:\Windows\System\lkATsNV.exe
  C:\Windows\System\lkATsNV.exe
  2⤵
  PID:4012
- C:\Windows\System\pRsEhpI.exe
  C:\Windows\System\pRsEhpI.exe
  2⤵
  PID:4032
- C:\Windows\System\EfdlHvD.exe
  C:\Windows\System\EfdlHvD.exe
  2⤵
  PID:4056
- C:\Windows\System\ZQvOtyI.exe
  C:\Windows\System\ZQvOtyI.exe
  2⤵
  PID:4076
- C:\Windows\System\uCARrYr.exe
  C:\Windows\System\uCARrYr.exe
  2⤵
  PID:2352
- C:\Windows\System\oyDrJpc.exe
  C:\Windows\System\oyDrJpc.exe
  2⤵
  PID:1320
- C:\Windows\System\ZAVTgXT.exe
  C:\Windows\System\ZAVTgXT.exe
  2⤵
  PID:2304
- C:\Windows\System\YHdvqVs.exe
  C:\Windows\System\YHdvqVs.exe
  2⤵
  PID:1648
- C:\Windows\System\TNAfcEA.exe
  C:\Windows\System\TNAfcEA.exe
  2⤵
  PID:1212
- C:\Windows\System\snTAxUj.exe
  C:\Windows\System\snTAxUj.exe
  2⤵
  PID:780
- C:\Windows\System\GgvLjJn.exe
  C:\Windows\System\GgvLjJn.exe
  2⤵
  PID:3972
- C:\Windows\System\qFmghjh.exe
  C:\Windows\System\qFmghjh.exe
  2⤵
  PID:4040
- C:\Windows\System\wEKkeos.exe
  C:\Windows\System\wEKkeos.exe
  2⤵
  PID:4088
- C:\Windows\System\gxJHzwe.exe
  C:\Windows\System\gxJHzwe.exe
  2⤵
  PID:2868
- C:\Windows\System\UimaZxs.exe
  C:\Windows\System\UimaZxs.exe
  2⤵
  PID:3880
- C:\Windows\System\LUOzUaI.exe
  C:\Windows\System\LUOzUaI.exe
  2⤵
  PID:3816
- C:\Windows\System\MOzFMUV.exe
  C:\Windows\System\MOzFMUV.exe
  2⤵
  PID:3752
- C:\Windows\System\xvMZIJc.exe
  C:\Windows\System\xvMZIJc.exe
  2⤵
  PID:3684
- C:\Windows\System\DCynUro.exe
  C:\Windows\System\DCynUro.exe
  2⤵
  PID:3152
- C:\Windows\System\nSnWuQT.exe
  C:\Windows\System\nSnWuQT.exe
  2⤵
  PID:1572
- C:\Windows\System\JWArxxk.exe
  C:\Windows\System\JWArxxk.exe
  2⤵
  PID:3168
- C:\Windows\System\xGiqqWj.exe
  C:\Windows\System\xGiqqWj.exe
  2⤵
  PID:3200
- C:\Windows\System\AoTiYjj.exe
  C:\Windows\System\AoTiYjj.exe
  2⤵
  PID:3288
- C:\Windows\System\OXNdkIy.exe
  C:\Windows\System\OXNdkIy.exe
  2⤵
  PID:3204
- C:\Windows\System\mqgakeF.exe
  C:\Windows\System\mqgakeF.exe
  2⤵
  PID:3416
- C:\Windows\System\WLCwsWM.exe
  C:\Windows\System\WLCwsWM.exe
  2⤵
  PID:3480
- C:\Windows\System\YdODbko.exe
  C:\Windows\System\YdODbko.exe
  2⤵
  PID:3544
- C:\Windows\System\xGHEDYQ.exe
  C:\Windows\System\xGHEDYQ.exe
  2⤵
  PID:3672
- C:\Windows\System\NSftxBO.exe
  C:\Windows\System\NSftxBO.exe
  2⤵
  PID:3736
- C:\Windows\System\qKOtlCa.exe
  C:\Windows\System\qKOtlCa.exe
  2⤵
  PID:3464
- C:\Windows\System\ovPLDtE.exe
  C:\Windows\System\ovPLDtE.exe
  2⤵
  PID:3768
- C:\Windows\System\VperjDf.exe
  C:\Windows\System\VperjDf.exe
  2⤵
  PID:3832
- C:\Windows\System\VOuHoLs.exe
  C:\Windows\System\VOuHoLs.exe
  2⤵
  PID:3268
- C:\Windows\System\mlYqOxF.exe
  C:\Windows\System\mlYqOxF.exe
  2⤵
  PID:3336
- C:\Windows\System\qkUdRZn.exe
  C:\Windows\System\qkUdRZn.exe
  2⤵
  PID:3300
- C:\Windows\System\lAQyCDy.exe
  C:\Windows\System\lAQyCDy.exe
  2⤵
  PID:3396
- C:\Windows\System\bDAAHmm.exe
  C:\Windows\System\bDAAHmm.exe
  2⤵
  PID:3460
- C:\Windows\System\mvXIFlS.exe
  C:\Windows\System\mvXIFlS.exe
  2⤵
  PID:3588
- C:\Windows\System\zcfttFm.exe
  C:\Windows\System\zcfttFm.exe
  2⤵
  PID:3960
- C:\Windows\System\oUypOkk.exe
  C:\Windows\System\oUypOkk.exe
  2⤵
  PID:4024
- C:\Windows\System\TmtaJCz.exe
  C:\Windows\System\TmtaJCz.exe
  2⤵
  PID:2968
- C:\Windows\System\ooSBUmz.exe
  C:\Windows\System\ooSBUmz.exe
  2⤵
  PID:3844
- C:\Windows\System\LWBqOOd.exe
  C:\Windows\System\LWBqOOd.exe
  2⤵
  PID:4084
- C:\Windows\System\WgvwKzy.exe
  C:\Windows\System\WgvwKzy.exe
  2⤵
  PID:3720
- C:\Windows\System\ZkHhMig.exe
  C:\Windows\System\ZkHhMig.exe
  2⤵
  PID:1808
- C:\Windows\System\ULSxdZS.exe
  C:\Windows\System\ULSxdZS.exe
  2⤵
  PID:2348
- C:\Windows\System\uQIYOZt.exe
  C:\Windows\System\uQIYOZt.exe
  2⤵
  PID:3348
- C:\Windows\System\tWkzPMk.exe
  C:\Windows\System\tWkzPMk.exe
  2⤵
  PID:1788
- C:\Windows\System\dlabqXb.exe
  C:\Windows\System\dlabqXb.exe
  2⤵
  PID:3252
- C:\Windows\System\tioxhiw.exe
  C:\Windows\System\tioxhiw.exe
  2⤵
  PID:3640
- C:\Windows\System\hxHZieI.exe
  C:\Windows\System\hxHZieI.exe
  2⤵
  PID:3656
- C:\Windows\System\ZvfcBpN.exe
  C:\Windows\System\ZvfcBpN.exe
  2⤵
  PID:3828
- C:\Windows\System\kCPILcI.exe
  C:\Windows\System\kCPILcI.exe
  2⤵
  PID:3368
- C:\Windows\System\RdlWtMA.exe
  C:\Windows\System\RdlWtMA.exe
  2⤵
  PID:3928
- C:\Windows\System\TFSyKpJ.exe
  C:\Windows\System\TFSyKpJ.exe
  2⤵
  PID:2644
- C:\Windows\System\wqhUWUK.exe
  C:\Windows\System\wqhUWUK.exe
  2⤵
  PID:2364
- C:\Windows\System\KUEshJS.exe
  C:\Windows\System\KUEshJS.exe
  2⤵
  PID:2316
- C:\Windows\System\jXsfRTh.exe
  C:\Windows\System\jXsfRTh.exe
  2⤵
  PID:3136
- C:\Windows\System\XJPOxts.exe
  C:\Windows\System\XJPOxts.exe
  2⤵
  PID:3780
- C:\Windows\System\tsnkBDT.exe
  C:\Windows\System\tsnkBDT.exe
  2⤵
  PID:3108
- C:\Windows\System\octeGAM.exe
  C:\Windows\System\octeGAM.exe
  2⤵
  PID:3412
- C:\Windows\System\QYqJvPP.exe
  C:\Windows\System\QYqJvPP.exe
  2⤵
  PID:3496
- C:\Windows\System\Kcttpnj.exe
  C:\Windows\System\Kcttpnj.exe
  2⤵
  PID:4100
- C:\Windows\System\PvCRffj.exe
  C:\Windows\System\PvCRffj.exe
  2⤵
  PID:4116
- C:\Windows\System\rrjNgEK.exe
  C:\Windows\System\rrjNgEK.exe
  2⤵
  PID:4132
- C:\Windows\System\Gvltycp.exe
  C:\Windows\System\Gvltycp.exe
  2⤵
  PID:4148
- C:\Windows\System\IjSvnUz.exe
  C:\Windows\System\IjSvnUz.exe
  2⤵
  PID:4164
- C:\Windows\System\hkVibPT.exe
  C:\Windows\System\hkVibPT.exe
  2⤵
  PID:4180
- C:\Windows\System\xfrQAwJ.exe
  C:\Windows\System\xfrQAwJ.exe
  2⤵
  PID:4196
- C:\Windows\System\MBgBPqE.exe
  C:\Windows\System\MBgBPqE.exe
  2⤵
  PID:4212
- C:\Windows\System\WtdqwzG.exe
  C:\Windows\System\WtdqwzG.exe
  2⤵
  PID:4228
- C:\Windows\System\eArJUgZ.exe
  C:\Windows\System\eArJUgZ.exe
  2⤵
  PID:4244
- C:\Windows\System\vLdryWX.exe
  C:\Windows\System\vLdryWX.exe
  2⤵
  PID:4260
- C:\Windows\System\wpAuTiC.exe
  C:\Windows\System\wpAuTiC.exe
  2⤵
  PID:4276
- C:\Windows\System\YLdVJPf.exe
  C:\Windows\System\YLdVJPf.exe
  2⤵
  PID:4292
- C:\Windows\System\BeGUrtr.exe
  C:\Windows\System\BeGUrtr.exe
  2⤵
  PID:4308
- C:\Windows\System\AIKsgrF.exe
  C:\Windows\System\AIKsgrF.exe
  2⤵
  PID:4324
- C:\Windows\System\WbaLLXr.exe
  C:\Windows\System\WbaLLXr.exe
  2⤵
  PID:4340
- C:\Windows\System\PPlxnsF.exe
  C:\Windows\System\PPlxnsF.exe
  2⤵
  PID:4356
- C:\Windows\System\GuYCHWv.exe
  C:\Windows\System\GuYCHWv.exe
  2⤵
  PID:4372
- C:\Windows\System\WmxRhey.exe
  C:\Windows\System\WmxRhey.exe
  2⤵
  PID:4388
- C:\Windows\System\qwwszxB.exe
  C:\Windows\System\qwwszxB.exe
  2⤵
  PID:4404
- C:\Windows\System\WVdRDcL.exe
  C:\Windows\System\WVdRDcL.exe
  2⤵
  PID:4420
- C:\Windows\System\ZFoXrag.exe
  C:\Windows\System\ZFoXrag.exe
  2⤵
  PID:4436
- C:\Windows\System\hPAkDbz.exe
  C:\Windows\System\hPAkDbz.exe
  2⤵
  PID:4452
- C:\Windows\System\LLhhbnw.exe
  C:\Windows\System\LLhhbnw.exe
  2⤵
  PID:4468
- C:\Windows\System\xZvQkWp.exe
  C:\Windows\System\xZvQkWp.exe
  2⤵
  PID:4484
- C:\Windows\System\cqGCOgR.exe
  C:\Windows\System\cqGCOgR.exe
  2⤵
  PID:4500
- C:\Windows\System\bZxeUAV.exe
  C:\Windows\System\bZxeUAV.exe
  2⤵
  PID:4516
- C:\Windows\System\wUfBsjQ.exe
  C:\Windows\System\wUfBsjQ.exe
  2⤵
  PID:4536
- C:\Windows\System\QBWbcFh.exe
  C:\Windows\System\QBWbcFh.exe
  2⤵
  PID:4552
- C:\Windows\System\iZsAcmA.exe
  C:\Windows\System\iZsAcmA.exe
  2⤵
  PID:4568
- C:\Windows\System\bHBEWfi.exe
  C:\Windows\System\bHBEWfi.exe
  2⤵
  PID:4584
- C:\Windows\System\LHBPhGO.exe
  C:\Windows\System\LHBPhGO.exe
  2⤵
  PID:4600
- C:\Windows\System\CrEMxOX.exe
  C:\Windows\System\CrEMxOX.exe
  2⤵
  PID:4616
- C:\Windows\System\rkPWIGQ.exe
  C:\Windows\System\rkPWIGQ.exe
  2⤵
  PID:4632
- C:\Windows\System\lLhEgyq.exe
  C:\Windows\System\lLhEgyq.exe
  2⤵
  PID:4648
- C:\Windows\System\xmiMbII.exe
  C:\Windows\System\xmiMbII.exe
  2⤵
  PID:4664
- C:\Windows\System\POUBqBv.exe
  C:\Windows\System\POUBqBv.exe
  2⤵
  PID:4680
- C:\Windows\System\hExXppn.exe
  C:\Windows\System\hExXppn.exe
  2⤵
  PID:4696
- C:\Windows\System\jOyBFYY.exe
  C:\Windows\System\jOyBFYY.exe
  2⤵
  PID:4712
- C:\Windows\System\gMVpChj.exe
  C:\Windows\System\gMVpChj.exe
  2⤵
  PID:4728
- C:\Windows\System\SfkvoRL.exe
  C:\Windows\System\SfkvoRL.exe
  2⤵
  PID:4744
- C:\Windows\System\TbPFeKp.exe
  C:\Windows\System\TbPFeKp.exe
  2⤵
  PID:4760
- C:\Windows\System\PIJfQZp.exe
  C:\Windows\System\PIJfQZp.exe
  2⤵
  PID:4776
- C:\Windows\System\RsplDzK.exe
  C:\Windows\System\RsplDzK.exe
  2⤵
  PID:4792
- C:\Windows\System\oNEnHdH.exe
  C:\Windows\System\oNEnHdH.exe
  2⤵
  PID:4808
- C:\Windows\System\zDXGDIi.exe
  C:\Windows\System\zDXGDIi.exe
  2⤵
  PID:4824
- C:\Windows\System\AglKqKU.exe
  C:\Windows\System\AglKqKU.exe
  2⤵
  PID:4840
- C:\Windows\System\iRyGPSf.exe
  C:\Windows\System\iRyGPSf.exe
  2⤵
  PID:4856
- C:\Windows\System\waKwYuE.exe
  C:\Windows\System\waKwYuE.exe
  2⤵
  PID:4876
- C:\Windows\System\TYkiCQR.exe
  C:\Windows\System\TYkiCQR.exe
  2⤵
  PID:4892
- C:\Windows\System\oTkzZpV.exe
  C:\Windows\System\oTkzZpV.exe
  2⤵
  PID:4908
- C:\Windows\System\wGVorHz.exe
  C:\Windows\System\wGVorHz.exe
  2⤵
  PID:4924
- C:\Windows\System\dlKdcGH.exe
  C:\Windows\System\dlKdcGH.exe
  2⤵
  PID:4940
- C:\Windows\System\EuGnQpl.exe
  C:\Windows\System\EuGnQpl.exe
  2⤵
  PID:4956
- C:\Windows\System\YkucTVQ.exe
  C:\Windows\System\YkucTVQ.exe
  2⤵
  PID:4972
- C:\Windows\System\VwkcgBT.exe
  C:\Windows\System\VwkcgBT.exe
  2⤵
  PID:4988
- C:\Windows\System\GYynasN.exe
  C:\Windows\System\GYynasN.exe
  2⤵
  PID:5004
- C:\Windows\System\erxUVaG.exe
  C:\Windows\System\erxUVaG.exe
  2⤵
  PID:5020
- C:\Windows\System\yTggSLp.exe
  C:\Windows\System\yTggSLp.exe
  2⤵
  PID:5036
- C:\Windows\System\GKsOumZ.exe
  C:\Windows\System\GKsOumZ.exe
  2⤵
  PID:5052
- C:\Windows\System\GolKCEg.exe
  C:\Windows\System\GolKCEg.exe
  2⤵
  PID:5068
- C:\Windows\System\gyggcMs.exe
  C:\Windows\System\gyggcMs.exe
  2⤵
  PID:5084
- C:\Windows\System\ZhUOSDK.exe
  C:\Windows\System\ZhUOSDK.exe
  2⤵
  PID:5100
- C:\Windows\System\RCzEjVe.exe
  C:\Windows\System\RCzEjVe.exe
  2⤵
  PID:5116
- C:\Windows\System\zJkDXON.exe
  C:\Windows\System\zJkDXON.exe
  2⤵
  PID:3912
- C:\Windows\System\TRYwIDj.exe
  C:\Windows\System\TRYwIDj.exe
  2⤵
  PID:2560
- C:\Windows\System\ZzRFKCa.exe
  C:\Windows\System\ZzRFKCa.exe
  2⤵
  PID:3104
- C:\Windows\System\UERSHgX.exe
  C:\Windows\System\UERSHgX.exe
  2⤵
  PID:4112
- C:\Windows\System\ODyFXiv.exe
  C:\Windows\System\ODyFXiv.exe
  2⤵
  PID:4176
- C:\Windows\System\xdUDHDA.exe
  C:\Windows\System\xdUDHDA.exe
  2⤵
  PID:4240
- C:\Windows\System\lTdYnSM.exe
  C:\Windows\System\lTdYnSM.exe
  2⤵
  PID:4008
- C:\Windows\System\AwPNrVn.exe
  C:\Windows\System\AwPNrVn.exe
  2⤵
  PID:3216
- C:\Windows\System\zfWciSs.exe
  C:\Windows\System\zfWciSs.exe
  2⤵
  PID:3040
- C:\Windows\System\dlTaJJJ.exe
  C:\Windows\System\dlTaJJJ.exe
  2⤵
  PID:316
- C:\Windows\System\WlHdmWY.exe
  C:\Windows\System\WlHdmWY.exe
  2⤵
  PID:3428
- C:\Windows\System\jSzVZel.exe
  C:\Windows\System\jSzVZel.exe
  2⤵
  PID:4300
- C:\Windows\System\PISimzK.exe
  C:\Windows\System\PISimzK.exe
  2⤵
  PID:2248
- C:\Windows\System\RDveDFf.exe
  C:\Windows\System\RDveDFf.exe
  2⤵
  PID:4320
- C:\Windows\System\hcdBeLf.exe
  C:\Windows\System\hcdBeLf.exe
  2⤵
  PID:4284
- C:\Windows\System\LazSdFL.exe
  C:\Windows\System\LazSdFL.exe
  2⤵
  PID:3284
- C:\Windows\System\ptFOSjb.exe
  C:\Windows\System\ptFOSjb.exe
  2⤵
  PID:4332
- C:\Windows\System\bwRWNGr.exe
  C:\Windows\System\bwRWNGr.exe
  2⤵
  PID:4364
- C:\Windows\System\PiLYnrF.exe
  C:\Windows\System\PiLYnrF.exe
  2⤵
  PID:4380
- C:\Windows\System\ErLGFbL.exe
  C:\Windows\System\ErLGFbL.exe
  2⤵
  PID:2632
- C:\Windows\System\LSjADnO.exe
  C:\Windows\System\LSjADnO.exe
  2⤵
  PID:4460
- C:\Windows\System\AhhHSQw.exe
  C:\Windows\System\AhhHSQw.exe
  2⤵
  PID:4496
- C:\Windows\System\OTmaJXr.exe
  C:\Windows\System\OTmaJXr.exe
  2⤵
  PID:4560
- C:\Windows\System\RVVGpoF.exe
  C:\Windows\System\RVVGpoF.exe
  2⤵
  PID:4624
- C:\Windows\System\aPLQHXb.exe
  C:\Windows\System\aPLQHXb.exe
  2⤵
  PID:4444
- C:\Windows\System\TMRAvsl.exe
  C:\Windows\System\TMRAvsl.exe
  2⤵
  PID:2596
- C:\Windows\System\jtsjawb.exe
  C:\Windows\System\jtsjawb.exe
  2⤵
  PID:4548
- C:\Windows\System\ndiSXoE.exe
  C:\Windows\System\ndiSXoE.exe
  2⤵
  PID:4724
- C:\Windows\System\KvYMVsX.exe
  C:\Windows\System\KvYMVsX.exe
  2⤵
  PID:4580
- C:\Windows\System\rIZzOXa.exe
  C:\Windows\System\rIZzOXa.exe
  2⤵
  PID:4816
- C:\Windows\System\DYdbSDi.exe
  C:\Windows\System\DYdbSDi.exe
  2⤵
  PID:4612
- C:\Windows\System\DRlrCaN.exe
  C:\Windows\System\DRlrCaN.exe
  2⤵
  PID:4740
- C:\Windows\System\jReKPmR.exe
  C:\Windows\System\jReKPmR.exe
  2⤵
  PID:4872
- C:\Windows\System\KOKIGqy.exe
  C:\Windows\System\KOKIGqy.exe
  2⤵
  PID:4224
- C:\Windows\System\gmYbdIz.exe
  C:\Windows\System\gmYbdIz.exe
  2⤵
  PID:4968
- C:\Windows\System\GfmtcBA.exe
  C:\Windows\System\GfmtcBA.exe
  2⤵
  PID:5000
- C:\Windows\System\dHrWMpL.exe
  C:\Windows\System\dHrWMpL.exe
  2⤵
  PID:4160
- C:\Windows\System\kJLOZTc.exe
  C:\Windows\System\kJLOZTc.exe
  2⤵
  PID:3624
- C:\Windows\System\fsnbTIr.exe
  C:\Windows\System\fsnbTIr.exe
  2⤵
  PID:4532
- C:\Windows\System\mmQBJFT.exe
  C:\Windows\System\mmQBJFT.exe
  2⤵
  PID:3956
- C:\Windows\System\tsNQhTu.exe
  C:\Windows\System\tsNQhTu.exe
  2⤵
  PID:3232
- C:\Windows\System\cFnYtZa.exe
  C:\Windows\System\cFnYtZa.exe
  2⤵
  PID:3320
- C:\Windows\System\GDpaNjG.exe
  C:\Windows\System\GDpaNjG.exe
  2⤵
  PID:4172
- C:\Windows\System\wmImbBt.exe
  C:\Windows\System\wmImbBt.exe
  2⤵
  PID:3800
- C:\Windows\System\GyvBZtJ.exe
  C:\Windows\System\GyvBZtJ.exe
  2⤵
  PID:2740
- C:\Windows\System\JfEjWMM.exe
  C:\Windows\System\JfEjWMM.exe
  2⤵
  PID:4412
- C:\Windows\System\AYZyrrg.exe
  C:\Windows\System\AYZyrrg.exe
  2⤵
  PID:4596
- C:\Windows\System\bcCKxty.exe
  C:\Windows\System\bcCKxty.exe
  2⤵
  PID:4720
- C:\Windows\System\CFsjUSi.exe
  C:\Windows\System\CFsjUSi.exe
  2⤵
  PID:2392
- C:\Windows\System\eZSKwxf.exe
  C:\Windows\System\eZSKwxf.exe
  2⤵
  PID:4640
- C:\Windows\System\rWiJjqp.exe
  C:\Windows\System\rWiJjqp.exe
  2⤵
  PID:4920
- C:\Windows\System\mpSWJhf.exe
  C:\Windows\System\mpSWJhf.exe
  2⤵
  PID:4984
- C:\Windows\System\jUTFBzj.exe
  C:\Windows\System\jUTFBzj.exe
  2⤵
  PID:800
- C:\Windows\System\aPJXMJs.exe
  C:\Windows\System\aPJXMJs.exe
  2⤵
  PID:5080
- C:\Windows\System\DiELePs.exe
  C:\Windows\System\DiELePs.exe
  2⤵
  PID:2948
- C:\Windows\System\UpcAxtt.exe
  C:\Windows\System\UpcAxtt.exe
  2⤵
  PID:4208
- C:\Windows\System\ldCqHZr.exe
  C:\Windows\System\ldCqHZr.exe
  2⤵
  PID:3864
- C:\Windows\System\iujTUtG.exe
  C:\Windows\System\iujTUtG.exe
  2⤵
  PID:1556
- C:\Windows\System\KQhrUNe.exe
  C:\Windows\System\KQhrUNe.exe
  2⤵
  PID:4252
- C:\Windows\System\vAbRLmV.exe
  C:\Windows\System\vAbRLmV.exe
  2⤵
  PID:4832
- C:\Windows\System\PGRjirg.exe
  C:\Windows\System\PGRjirg.exe
  2⤵
  PID:4768
- C:\Windows\System\PYSVlFQ.exe
  C:\Windows\System\PYSVlFQ.exe
  2⤵
  PID:4996
- C:\Windows\System\YNiFiDR.exe
  C:\Windows\System\YNiFiDR.exe
  2⤵
  PID:4352
- C:\Windows\System\JMxJtSU.exe
  C:\Windows\System\JMxJtSU.exe
  2⤵
  PID:3124
- C:\Windows\System\ATxqODe.exe
  C:\Windows\System\ATxqODe.exe
  2⤵
  PID:4852
- C:\Windows\System\VjorxPD.exe
  C:\Windows\System\VjorxPD.exe
  2⤵
  PID:5032
- C:\Windows\System\ucJfaLc.exe
  C:\Windows\System\ucJfaLc.exe
  2⤵
  PID:4288
- C:\Windows\System\cMXQgpp.exe
  C:\Windows\System\cMXQgpp.exe
  2⤵
  PID:5096
- C:\Windows\System\hekwqWU.exe
  C:\Windows\System\hekwqWU.exe
  2⤵
  PID:4708
- C:\Windows\System\kGsXkOE.exe
  C:\Windows\System\kGsXkOE.exe
  2⤵
  PID:4756
- C:\Windows\System\yvlvrwv.exe
  C:\Windows\System\yvlvrwv.exe
  2⤵
  PID:4492
- C:\Windows\System\AxykMAg.exe
  C:\Windows\System\AxykMAg.exe
  2⤵
  PID:2928
- C:\Windows\System\gqYfyMx.exe
  C:\Windows\System\gqYfyMx.exe
  2⤵
  PID:4692
- C:\Windows\System\PcPABuP.exe
  C:\Windows\System\PcPABuP.exe
  2⤵
  PID:4980
- C:\Windows\System\FxmVEGs.exe
  C:\Windows\System\FxmVEGs.exe
  2⤵
  PID:4108
- C:\Windows\System\amwwCah.exe
  C:\Windows\System\amwwCah.exe
  2⤵
  PID:2276
- C:\Windows\System\ZROIvwX.exe
  C:\Windows\System\ZROIvwX.exe
  2⤵
  PID:4064
- C:\Windows\System\LaASscH.exe
  C:\Windows\System\LaASscH.exe
  2⤵
  PID:3332
- C:\Windows\System\BLSFTwy.exe
  C:\Windows\System\BLSFTwy.exe
  2⤵
  PID:4316
- C:\Windows\System\pBqeEei.exe
  C:\Windows\System\pBqeEei.exe
  2⤵
  PID:5124
- C:\Windows\System\zYaRLNh.exe
  C:\Windows\System\zYaRLNh.exe
  2⤵
  PID:5140
- C:\Windows\System\tEtmLUr.exe
  C:\Windows\System\tEtmLUr.exe
  2⤵
  PID:5156
- C:\Windows\System\InJtjgH.exe
  C:\Windows\System\InJtjgH.exe
  2⤵
  PID:5172
- C:\Windows\System\FGZNfBd.exe
  C:\Windows\System\FGZNfBd.exe
  2⤵
  PID:5188
- C:\Windows\System\urkKyGS.exe
  C:\Windows\System\urkKyGS.exe
  2⤵
  PID:5204
- C:\Windows\System\iOLcbla.exe
  C:\Windows\System\iOLcbla.exe
  2⤵
  PID:5220
- C:\Windows\System\ROTIqDX.exe
  C:\Windows\System\ROTIqDX.exe
  2⤵
  PID:5236
- C:\Windows\System\vkNhJrr.exe
  C:\Windows\System\vkNhJrr.exe
  2⤵
  PID:5252
- C:\Windows\System\WiMivAD.exe
  C:\Windows\System\WiMivAD.exe
  2⤵
  PID:5268
- C:\Windows\System\ItzZjOx.exe
  C:\Windows\System\ItzZjOx.exe
  2⤵
  PID:5284
- C:\Windows\System\DivjxDj.exe
  C:\Windows\System\DivjxDj.exe
  2⤵
  PID:5300
- C:\Windows\System\UBBXizl.exe
  C:\Windows\System\UBBXizl.exe
  2⤵
  PID:5316
- C:\Windows\System\uJmVRou.exe
  C:\Windows\System\uJmVRou.exe
  2⤵
  PID:5332
- C:\Windows\System\kaAvWHX.exe
  C:\Windows\System\kaAvWHX.exe
  2⤵
  PID:5348
- C:\Windows\System\cIonmDv.exe
  C:\Windows\System\cIonmDv.exe
  2⤵
  PID:5364
- C:\Windows\System\fkhNNhv.exe
  C:\Windows\System\fkhNNhv.exe
  2⤵
  PID:5380
- C:\Windows\System\nsdnwuV.exe
  C:\Windows\System\nsdnwuV.exe
  2⤵
  PID:5396
- C:\Windows\System\ywvruvo.exe
  C:\Windows\System\ywvruvo.exe
  2⤵
  PID:5412
- C:\Windows\System\zFUEfRj.exe
  C:\Windows\System\zFUEfRj.exe
  2⤵
  PID:5428
- C:\Windows\System\JientKh.exe
  C:\Windows\System\JientKh.exe
  2⤵
  PID:5444
- C:\Windows\System\NkgOdTw.exe
  C:\Windows\System\NkgOdTw.exe
  2⤵
  PID:5460
- C:\Windows\System\zQtLIsz.exe
  C:\Windows\System\zQtLIsz.exe
  2⤵
  PID:5476
- C:\Windows\System\aFrVEtD.exe
  C:\Windows\System\aFrVEtD.exe
  2⤵
  PID:5492
- C:\Windows\System\PVDzRbF.exe
  C:\Windows\System\PVDzRbF.exe
  2⤵
  PID:5508
- C:\Windows\System\fZXOPZE.exe
  C:\Windows\System\fZXOPZE.exe
  2⤵
  PID:5524
- C:\Windows\System\aCSgvNH.exe
  C:\Windows\System\aCSgvNH.exe
  2⤵
  PID:5540
- C:\Windows\System\wwaTTYd.exe
  C:\Windows\System\wwaTTYd.exe
  2⤵
  PID:5560
- C:\Windows\System\VIEfRsR.exe
  C:\Windows\System\VIEfRsR.exe
  2⤵
  PID:5576
- C:\Windows\System\WfsPCGA.exe
  C:\Windows\System\WfsPCGA.exe
  2⤵
  PID:5592
- C:\Windows\System\RkqimPw.exe
  C:\Windows\System\RkqimPw.exe
  2⤵
  PID:5608
- C:\Windows\System\OfkPoQd.exe
  C:\Windows\System\OfkPoQd.exe
  2⤵
  PID:5624
- C:\Windows\System\sNyXyjc.exe
  C:\Windows\System\sNyXyjc.exe
  2⤵
  PID:5640
- C:\Windows\System\LATbmiv.exe
  C:\Windows\System\LATbmiv.exe
  2⤵
  PID:5656
- C:\Windows\System\vpbOGrq.exe
  C:\Windows\System\vpbOGrq.exe
  2⤵
  PID:5672
- C:\Windows\System\uqJsaVZ.exe
  C:\Windows\System\uqJsaVZ.exe
  2⤵
  PID:5688
- C:\Windows\System\dPxdGUM.exe
  C:\Windows\System\dPxdGUM.exe
  2⤵
  PID:5704
- C:\Windows\System\bqLimZj.exe
  C:\Windows\System\bqLimZj.exe
  2⤵
  PID:5720
- C:\Windows\System\McGCVPe.exe
  C:\Windows\System\McGCVPe.exe
  2⤵
  PID:5736
- C:\Windows\System\TPMPBnA.exe
  C:\Windows\System\TPMPBnA.exe
  2⤵
  PID:5752
- C:\Windows\System\cecTokN.exe
  C:\Windows\System\cecTokN.exe
  2⤵
  PID:5768
- C:\Windows\System\rXvQGRx.exe
  C:\Windows\System\rXvQGRx.exe
  2⤵
  PID:5784
- C:\Windows\System\EFQfmKD.exe
  C:\Windows\System\EFQfmKD.exe
  2⤵
  PID:5800
- C:\Windows\System\OSyIsKy.exe
  C:\Windows\System\OSyIsKy.exe
  2⤵
  PID:5816
- C:\Windows\System\VGMMIYr.exe
  C:\Windows\System\VGMMIYr.exe
  2⤵
  PID:5832
- C:\Windows\System\GArgWgl.exe
  C:\Windows\System\GArgWgl.exe
  2⤵
  PID:5848
- C:\Windows\System\WctNoRi.exe
  C:\Windows\System\WctNoRi.exe
  2⤵
  PID:5864
- C:\Windows\System\gUatmwA.exe
  C:\Windows\System\gUatmwA.exe
  2⤵
  PID:5880
- C:\Windows\System\JIMolSR.exe
  C:\Windows\System\JIMolSR.exe
  2⤵
  PID:5896
- C:\Windows\System\cyycrUZ.exe
  C:\Windows\System\cyycrUZ.exe
  2⤵
  PID:5912
- C:\Windows\System\hInCaJH.exe
  C:\Windows\System\hInCaJH.exe
  2⤵
  PID:5928
- C:\Windows\System\TilzLIx.exe
  C:\Windows\System\TilzLIx.exe
  2⤵
  PID:5944
- C:\Windows\System\ZvPWlIP.exe
  C:\Windows\System\ZvPWlIP.exe
  2⤵
  PID:5960
- C:\Windows\System\qkEKUid.exe
  C:\Windows\System\qkEKUid.exe
  2⤵
  PID:5976
- C:\Windows\System\TCBybBi.exe
  C:\Windows\System\TCBybBi.exe
  2⤵
  PID:5992
- C:\Windows\System\utAnGQf.exe
  C:\Windows\System\utAnGQf.exe
  2⤵
  PID:6008
- C:\Windows\System\DLxZgmI.exe
  C:\Windows\System\DLxZgmI.exe
  2⤵
  PID:6024
- C:\Windows\System\ciitndA.exe
  C:\Windows\System\ciitndA.exe
  2⤵
  PID:6040
- C:\Windows\System\yqxFaYM.exe
  C:\Windows\System\yqxFaYM.exe
  2⤵
  PID:6056
- C:\Windows\System\LimMTsC.exe
  C:\Windows\System\LimMTsC.exe
  2⤵
  PID:6072
- C:\Windows\System\wtAnyoq.exe
  C:\Windows\System\wtAnyoq.exe
  2⤵
  PID:6088
- C:\Windows\System\HRMOEpw.exe
  C:\Windows\System\HRMOEpw.exe
  2⤵
  PID:6104
- C:\Windows\System\CCGIXDN.exe
  C:\Windows\System\CCGIXDN.exe
  2⤵
  PID:6120
- C:\Windows\System\ZWqOzjp.exe
  C:\Windows\System\ZWqOzjp.exe
  2⤵
  PID:6136
- C:\Windows\System\aCMhRiU.exe
  C:\Windows\System\aCMhRiU.exe
  2⤵
  PID:4800
- C:\Windows\System\klTvFxN.exe
  C:\Windows\System\klTvFxN.exe
  2⤵
  PID:4936
- C:\Windows\System\dIESkHP.exe
  C:\Windows\System\dIESkHP.exe
  2⤵
  PID:5748
- C:\Windows\System\ZBoExXX.exe
  C:\Windows\System\ZBoExXX.exe
  2⤵
  PID:5808
- C:\Windows\System\XAZLAZQ.exe
  C:\Windows\System\XAZLAZQ.exe
  2⤵
  PID:5860
- C:\Windows\System\eKPpUXC.exe
  C:\Windows\System\eKPpUXC.exe
  2⤵
  PID:5952
- C:\Windows\System\QpOoqGj.exe
  C:\Windows\System\QpOoqGj.exe
  2⤵
  PID:5936
- C:\Windows\System\GYyCnpA.exe
  C:\Windows\System\GYyCnpA.exe
  2⤵
  PID:6004
- C:\Windows\System\QYJKHuJ.exe
  C:\Windows\System\QYJKHuJ.exe
  2⤵
  PID:5872
- C:\Windows\System\DXViMMi.exe
  C:\Windows\System\DXViMMi.exe
  2⤵
  PID:3608
- C:\Windows\System\SKYToxS.exe
  C:\Windows\System\SKYToxS.exe
  2⤵
  PID:3704
- C:\Windows\System\OgOFpmS.exe
  C:\Windows\System\OgOFpmS.exe
  2⤵
  PID:4048
- C:\Windows\System\PjJshHH.exe
  C:\Windows\System\PjJshHH.exe
  2⤵
  PID:2924
- C:\Windows\System\TWOxldF.exe
  C:\Windows\System\TWOxldF.exe
  2⤵
  PID:5016
- C:\Windows\System\pkbSfiu.exe
  C:\Windows\System\pkbSfiu.exe
  2⤵
  PID:5152
- C:\Windows\System\cTanGZs.exe
  C:\Windows\System\cTanGZs.exe
  2⤵
  PID:5132
- C:\Windows\System\bsyehLj.exe
  C:\Windows\System\bsyehLj.exe
  2⤵
  PID:5196
- C:\Windows\System\XLISqAM.exe
  C:\Windows\System\XLISqAM.exe
  2⤵
  PID:5296
- C:\Windows\System\tcDyvRP.exe
  C:\Windows\System\tcDyvRP.exe
  2⤵
  PID:5244
- C:\Windows\System\qSgEbhN.exe
  C:\Windows\System\qSgEbhN.exe
  2⤵
  PID:5312
- C:\Windows\System\thnlVBO.exe
  C:\Windows\System\thnlVBO.exe
  2⤵
  PID:5328
- C:\Windows\System\THYDpue.exe
  C:\Windows\System\THYDpue.exe
  2⤵
  PID:5388
- C:\Windows\System\aDombAl.exe
  C:\Windows\System\aDombAl.exe
  2⤵
  PID:5484
- C:\Windows\System\ihNnMbT.exe
  C:\Windows\System\ihNnMbT.exe
  2⤵
  PID:5436
- C:\Windows\System\oKrzzVv.exe
  C:\Windows\System\oKrzzVv.exe
  2⤵
  PID:5500
- C:\Windows\System\FIVzDVg.exe
  C:\Windows\System\FIVzDVg.exe
  2⤵
  PID:5516
- C:\Windows\System\SubItSq.exe
  C:\Windows\System\SubItSq.exe
  2⤵
  PID:5632
- C:\Windows\System\XNATjYz.exe
  C:\Windows\System\XNATjYz.exe
  2⤵
  PID:5728
- C:\Windows\System\jwgUAZy.exe
  C:\Windows\System\jwgUAZy.exe
  2⤵
  PID:2196
- C:\Windows\System\UuTxzxj.exe
  C:\Windows\System\UuTxzxj.exe
  2⤵
  PID:5892
- C:\Windows\System\yDYQYRE.exe
  C:\Windows\System\yDYQYRE.exe
  2⤵
  PID:5988
- C:\Windows\System\yctjIXL.exe
  C:\Windows\System\yctjIXL.exe
  2⤵
  PID:6080
- C:\Windows\System\takbQBV.exe
  C:\Windows\System\takbQBV.exe
  2⤵
  PID:2960
- C:\Windows\System\seOtVgj.exe
  C:\Windows\System\seOtVgj.exe
  2⤵
  PID:2584
- C:\Windows\System\qQjGrzd.exe
  C:\Windows\System\qQjGrzd.exe
  2⤵
  PID:4656
- C:\Windows\System\tLISuwv.exe
  C:\Windows\System\tLISuwv.exe
  2⤵
  PID:5228
- C:\Windows\System\eQCIbYt.exe
  C:\Windows\System\eQCIbYt.exe
  2⤵
  PID:5292
- C:\Windows\System\InSTGEQ.exe
  C:\Windows\System\InSTGEQ.exe
  2⤵
  PID:4676
- C:\Windows\System\tDnXEFK.exe
  C:\Windows\System\tDnXEFK.exe
  2⤵
  PID:5168
- C:\Windows\System\kHjvUzO.exe
  C:\Windows\System\kHjvUzO.exe
  2⤵
  PID:2408
- C:\Windows\System\jhdnwOA.exe
  C:\Windows\System\jhdnwOA.exe
  2⤵
  PID:5360
- C:\Windows\System\xeJjmNl.exe
  C:\Windows\System\xeJjmNl.exe
  2⤵
  PID:5404
- C:\Windows\System\rjQbcTU.exe
  C:\Windows\System\rjQbcTU.exe
  2⤵
  PID:5668
- C:\Windows\System\llEHpCw.exe
  C:\Windows\System\llEHpCw.exe
  2⤵
  PID:5076
- C:\Windows\System\AqsHsCJ.exe
  C:\Windows\System\AqsHsCJ.exe
  2⤵
  PID:5456
- C:\Windows\System\Kochihi.exe
  C:\Windows\System\Kochihi.exe
  2⤵
  PID:5472
- C:\Windows\System\shkHcUv.exe
  C:\Windows\System\shkHcUv.exe
  2⤵
  PID:5212
- C:\Windows\System\ivxEiGT.exe
  C:\Windows\System\ivxEiGT.exe
  2⤵
  PID:2792
- C:\Windows\System\VxXqmmc.exe
  C:\Windows\System\VxXqmmc.exe
  2⤵
  PID:5584
- C:\Windows\System\IrHEeRT.exe
  C:\Windows\System\IrHEeRT.exe
  2⤵
  PID:2964
- C:\Windows\System\KcIhOcN.exe
  C:\Windows\System\KcIhOcN.exe
  2⤵
  PID:2264
- C:\Windows\System\DNtyuoA.exe
  C:\Windows\System\DNtyuoA.exe
  2⤵
  PID:1952
- C:\Windows\System\lpKEdTj.exe
  C:\Windows\System\lpKEdTj.exe
  2⤵
  PID:5744
- C:\Windows\System\klXRbLj.exe
  C:\Windows\System\klXRbLj.exe
  2⤵
  PID:5824
- C:\Windows\System\tKCKUyT.exe
  C:\Windows\System\tKCKUyT.exe
  2⤵
  PID:5856
- C:\Windows\System\HTGbEUr.exe
  C:\Windows\System\HTGbEUr.exe
  2⤵
  PID:6036
- C:\Windows\System\yutMwnG.exe
  C:\Windows\System\yutMwnG.exe
  2⤵
  PID:6096
- C:\Windows\System\LTBRBhN.exe
  C:\Windows\System\LTBRBhN.exe
  2⤵
  PID:6052
- C:\Windows\System\SklnagH.exe
  C:\Windows\System\SklnagH.exe
  2⤵
  PID:3184
- C:\Windows\System\eteAoyf.exe
  C:\Windows\System\eteAoyf.exe
  2⤵
  PID:2984
- C:\Windows\System\LjjeWjb.exe
  C:\Windows\System\LjjeWjb.exe
  2⤵
  PID:2692
- C:\Windows\System\kphMZoC.exe
  C:\Windows\System\kphMZoC.exe
  2⤵
  PID:2192
- C:\Windows\System\wfolAgJ.exe
  C:\Windows\System\wfolAgJ.exe
  2⤵
  PID:6016
- C:\Windows\System\ArYPAGJ.exe
  C:\Windows\System\ArYPAGJ.exe
  2⤵
  PID:1100
- C:\Windows\System\yYQKoxQ.exe
  C:\Windows\System\yYQKoxQ.exe
  2⤵
  PID:2624
- C:\Windows\System\lGAuiVU.exe
  C:\Windows\System\lGAuiVU.exe
  2⤵
  PID:5148
- C:\Windows\System\PXlWhPp.exe
  C:\Windows\System\PXlWhPp.exe
  2⤵
  PID:6020
- C:\Windows\System\JJIhdpG.exe
  C:\Windows\System\JJIhdpG.exe
  2⤵
  PID:5520
- C:\Windows\System\GJouNZf.exe
  C:\Windows\System\GJouNZf.exe
  2⤵
  PID:5604
- C:\Windows\System\QJlzbZD.exe
  C:\Windows\System\QJlzbZD.exe
  2⤵
  PID:1928
- C:\Windows\System\hINmuRf.exe
  C:\Windows\System\hINmuRf.exe
  2⤵
  PID:5652
- C:\Windows\System\wyRwQAi.exe
  C:\Windows\System\wyRwQAi.exe
  2⤵
  PID:2936
- C:\Windows\System\AJDpuEJ.exe
  C:\Windows\System\AJDpuEJ.exe
  2⤵
  PID:5780
- C:\Windows\System\GkLxPHn.exe
  C:\Windows\System\GkLxPHn.exe
  2⤵
  PID:4836
- C:\Windows\System\yBfdsFk.exe
  C:\Windows\System\yBfdsFk.exe
  2⤵
  PID:2456
- C:\Windows\System\NAaRgPs.exe
  C:\Windows\System\NAaRgPs.exe
  2⤵
  PID:6116
- C:\Windows\System\ohpRTwZ.exe
  C:\Windows\System\ohpRTwZ.exe
  2⤵
  PID:772
- C:\Windows\System\OSwLwbR.exe
  C:\Windows\System\OSwLwbR.exe
  2⤵
  PID:2268
- C:\Windows\System\NvuvmNF.exe
  C:\Windows\System\NvuvmNF.exe
  2⤵
  PID:4964
- C:\Windows\System\YFKexAu.exe
  C:\Windows\System\YFKexAu.exe
  2⤵
  PID:5552
- C:\Windows\System\fxsQkoB.exe
  C:\Windows\System\fxsQkoB.exe
  2⤵
  PID:2672
- C:\Windows\System\bsALtSR.exe
  C:\Windows\System\bsALtSR.exe
  2⤵
  PID:5280
- C:\Windows\System\pMuRPkL.exe
  C:\Windows\System\pMuRPkL.exe
  2⤵
  PID:5164
- C:\Windows\System\kgZFFIS.exe
  C:\Windows\System\kgZFFIS.exe
  2⤵
  PID:5468
- C:\Windows\System\jaQblNf.exe
  C:\Windows\System\jaQblNf.exe
  2⤵
  PID:2552
- C:\Windows\System\CSHEpiE.exe
  C:\Windows\System\CSHEpiE.exe
  2⤵
  PID:2768
- C:\Windows\System\MArIVvB.exe
  C:\Windows\System\MArIVvB.exe
  2⤵
  PID:5536
- C:\Windows\System\AoGBhfw.exe
  C:\Windows\System\AoGBhfw.exe
  2⤵
  PID:5452
- C:\Windows\System\NsMxzxq.exe
  C:\Windows\System\NsMxzxq.exe
  2⤵
  PID:6000
- C:\Windows\System\PstWJJT.exe
  C:\Windows\System\PstWJJT.exe
  2⤵
  PID:2168
- C:\Windows\System\TdLgzQl.exe
  C:\Windows\System\TdLgzQl.exe
  2⤵
  PID:5616
- C:\Windows\System\IMyQJTv.exe
  C:\Windows\System\IMyQJTv.exe
  2⤵
  PID:6160
- C:\Windows\System\PUGtOio.exe
  C:\Windows\System\PUGtOio.exe
  2⤵
  PID:6180
- C:\Windows\System\jhNXXsD.exe
  C:\Windows\System\jhNXXsD.exe
  2⤵
  PID:6196
- C:\Windows\System\aqybzyh.exe
  C:\Windows\System\aqybzyh.exe
  2⤵
  PID:6212
- C:\Windows\System\ftBYVst.exe
  C:\Windows\System\ftBYVst.exe
  2⤵
  PID:6264
- C:\Windows\System\VpNRvOI.exe
  C:\Windows\System\VpNRvOI.exe
  2⤵
  PID:6280
- C:\Windows\System\FIyKqqF.exe
  C:\Windows\System\FIyKqqF.exe
  2⤵
  PID:6296
- C:\Windows\System\yLeGADo.exe
  C:\Windows\System\yLeGADo.exe
  2⤵
  PID:6312
- C:\Windows\System\rdQzwif.exe
  C:\Windows\System\rdQzwif.exe
  2⤵
  PID:6328
- C:\Windows\System\EVfXkBz.exe
  C:\Windows\System\EVfXkBz.exe
  2⤵
  PID:6344
- C:\Windows\System\qArTaBZ.exe
  C:\Windows\System\qArTaBZ.exe
  2⤵
  PID:6360
- C:\Windows\System\rPsWhqx.exe
  C:\Windows\System\rPsWhqx.exe
  2⤵
  PID:6376
- C:\Windows\System\XOUHWMo.exe
  C:\Windows\System\XOUHWMo.exe
  2⤵
  PID:6392
- C:\Windows\System\lBfhKHV.exe
  C:\Windows\System\lBfhKHV.exe
  2⤵
  PID:6428
- C:\Windows\System\OyPskvj.exe
  C:\Windows\System\OyPskvj.exe
  2⤵
  PID:6444
- C:\Windows\System\ocnbOZC.exe
  C:\Windows\System\ocnbOZC.exe
  2⤵
  PID:6460
- C:\Windows\System\cFOQMdR.exe
  C:\Windows\System\cFOQMdR.exe
  2⤵
  PID:6500
- C:\Windows\System\yWPOYij.exe
  C:\Windows\System\yWPOYij.exe
  2⤵
  PID:6516
- C:\Windows\System\bsAmZQB.exe
  C:\Windows\System\bsAmZQB.exe
  2⤵
  PID:6532
- C:\Windows\System\eXcDSiv.exe
  C:\Windows\System\eXcDSiv.exe
  2⤵
  PID:6548
- C:\Windows\System\OxmUtWo.exe
  C:\Windows\System\OxmUtWo.exe
  2⤵
  PID:6568
- C:\Windows\System\QOzJlgS.exe
  C:\Windows\System\QOzJlgS.exe
  2⤵
  PID:6584
- C:\Windows\System\Yclmnsg.exe
  C:\Windows\System\Yclmnsg.exe
  2⤵
  PID:6604
- C:\Windows\System\pvVoWvm.exe
  C:\Windows\System\pvVoWvm.exe
  2⤵
  PID:6624
- C:\Windows\System\fSjnjWy.exe
  C:\Windows\System\fSjnjWy.exe
  2⤵
  PID:6640
- C:\Windows\System\xaMtAQD.exe
  C:\Windows\System\xaMtAQD.exe
  2⤵
  PID:6656
- C:\Windows\System\UtdMlKB.exe
  C:\Windows\System\UtdMlKB.exe
  2⤵
  PID:6680
- C:\Windows\System\nnDYSDC.exe
  C:\Windows\System\nnDYSDC.exe
  2⤵
  PID:6720
- C:\Windows\System\ZoqPWyo.exe
  C:\Windows\System\ZoqPWyo.exe
  2⤵
  PID:6740
- C:\Windows\System\MCCBHzj.exe
  C:\Windows\System\MCCBHzj.exe
  2⤵
  PID:6756
- C:\Windows\System\fmUPWZK.exe
  C:\Windows\System\fmUPWZK.exe
  2⤵
  PID:6772
- C:\Windows\System\JBoxtti.exe
  C:\Windows\System\JBoxtti.exe
  2⤵
  PID:6792
- C:\Windows\System\LAeneDP.exe
  C:\Windows\System\LAeneDP.exe
  2⤵
  PID:6812
- C:\Windows\System\ckppCGp.exe
  C:\Windows\System\ckppCGp.exe
  2⤵
  PID:6828
- C:\Windows\System\qvUCRQE.exe
  C:\Windows\System\qvUCRQE.exe
  2⤵
  PID:6848
- C:\Windows\System\ilXzaZM.exe
  C:\Windows\System\ilXzaZM.exe
  2⤵
  PID:6868
- C:\Windows\System\kbqrAjR.exe
  C:\Windows\System\kbqrAjR.exe
  2⤵
  PID:6892
- C:\Windows\System\eHANxzu.exe
  C:\Windows\System\eHANxzu.exe
  2⤵
  PID:6908
- C:\Windows\System\VVnkHgJ.exe
  C:\Windows\System\VVnkHgJ.exe
  2⤵
  PID:6928
- C:\Windows\System\KNdSiQf.exe
  C:\Windows\System\KNdSiQf.exe
  2⤵
  PID:6944
- C:\Windows\System\huBgZvQ.exe
  C:\Windows\System\huBgZvQ.exe
  2⤵
  PID:6960
- C:\Windows\System\zRSJdPj.exe
  C:\Windows\System\zRSJdPj.exe
  2⤵
  PID:6980
- C:\Windows\System\DnqOwYV.exe
  C:\Windows\System\DnqOwYV.exe
  2⤵
  PID:7000
- C:\Windows\System\OJtKHXZ.exe
  C:\Windows\System\OJtKHXZ.exe
  2⤵
  PID:7040
- C:\Windows\System\kKNKIgA.exe
  C:\Windows\System\kKNKIgA.exe
  2⤵
  PID:7056
- C:\Windows\System\dIlTnxc.exe
  C:\Windows\System\dIlTnxc.exe
  2⤵
  PID:7072
- C:\Windows\System\pDyWAZX.exe
  C:\Windows\System\pDyWAZX.exe
  2⤵
  PID:7092
- C:\Windows\System\UcNfjiu.exe
  C:\Windows\System\UcNfjiu.exe
  2⤵
  PID:7116
- C:\Windows\System\wUTvUwM.exe
  C:\Windows\System\wUTvUwM.exe
  2⤵
  PID:7132
- C:\Windows\System\qnvetGM.exe
  C:\Windows\System\qnvetGM.exe
  2⤵
  PID:7152
- C:\Windows\System\ORRsDPm.exe
  C:\Windows\System\ORRsDPm.exe
  2⤵
  PID:5264
- C:\Windows\System\MDCqbma.exe
  C:\Windows\System\MDCqbma.exe
  2⤵
  PID:2512
- C:\Windows\System\bCZOksd.exe
  C:\Windows\System\bCZOksd.exe
  2⤵
  PID:6176
- C:\Windows\System\KMyxXYP.exe
  C:\Windows\System\KMyxXYP.exe
  2⤵
  PID:4704
- C:\Windows\System\rKwmqHx.exe
  C:\Windows\System\rKwmqHx.exe
  2⤵
  PID:6276
- C:\Windows\System\CeoRDpr.exe
  C:\Windows\System\CeoRDpr.exe
  2⤵
  PID:6372
- C:\Windows\System\efHBAmF.exe
  C:\Windows\System\efHBAmF.exe
  2⤵
  PID:5620
- C:\Windows\System\LvbhUGd.exe
  C:\Windows\System\LvbhUGd.exe
  2⤵
  PID:6152
- C:\Windows\System\HYAdVfr.exe
  C:\Windows\System\HYAdVfr.exe
  2⤵
  PID:6224
- C:\Windows\System\ierfIdg.exe
  C:\Windows\System\ierfIdg.exe
  2⤵
  PID:6244
- C:\Windows\System\PSFXBzd.exe
  C:\Windows\System\PSFXBzd.exe
  2⤵
  PID:6468
- C:\Windows\System\lCVFQNV.exe
  C:\Windows\System\lCVFQNV.exe
  2⤵
  PID:6292
- C:\Windows\System\cxobEAJ.exe
  C:\Windows\System\cxobEAJ.exe
  2⤵
  PID:6388
- C:\Windows\System\OrZYQbU.exe
  C:\Windows\System\OrZYQbU.exe
  2⤵
  PID:6484
- C:\Windows\System\uoBEQiy.exe
  C:\Windows\System\uoBEQiy.exe
  2⤵
  PID:6452
- C:\Windows\System\JHnmIQi.exe
  C:\Windows\System\JHnmIQi.exe
  2⤵
  PID:6420
- C:\Windows\System\ALqpnlw.exe
  C:\Windows\System\ALqpnlw.exe
  2⤵
  PID:6580
- C:\Windows\System\tTiNcuW.exe
  C:\Windows\System\tTiNcuW.exe
  2⤵
  PID:6612
- C:\Windows\System\GZXlwpz.exe
  C:\Windows\System\GZXlwpz.exe
  2⤵
  PID:6632
- C:\Windows\System\NYoNwmm.exe
  C:\Windows\System\NYoNwmm.exe
  2⤵
  PID:6592
- C:\Windows\System\KrbgVqt.exe
  C:\Windows\System\KrbgVqt.exe
  2⤵
  PID:6652
- C:\Windows\System\wwXDgZd.exe
  C:\Windows\System\wwXDgZd.exe
  2⤵
  PID:6696
- C:\Windows\System\RUlBsna.exe
  C:\Windows\System\RUlBsna.exe
  2⤵
  PID:6716
- C:\Windows\System\ocNKhDF.exe
  C:\Windows\System\ocNKhDF.exe
  2⤵
  PID:6736
- C:\Windows\System\HnPoCin.exe
  C:\Windows\System\HnPoCin.exe
  2⤵
  PID:6788
- C:\Windows\System\nQCfECL.exe
  C:\Windows\System\nQCfECL.exe
  2⤵
  PID:6856
- C:\Windows\System\kwIzYXO.exe
  C:\Windows\System\kwIzYXO.exe
  2⤵
  PID:2668
- C:\Windows\System\TiJqGsF.exe
  C:\Windows\System\TiJqGsF.exe
  2⤵
  PID:6764
- C:\Windows\System\YjeoYpt.exe
  C:\Windows\System\YjeoYpt.exe
  2⤵
  PID:6876
- C:\Windows\System\yocXPhV.exe
  C:\Windows\System\yocXPhV.exe
  2⤵
  PID:6804
- C:\Windows\System\SWNnJXF.exe
  C:\Windows\System\SWNnJXF.exe
  2⤵
  PID:6844
- C:\Windows\System\RcVVcmz.exe
  C:\Windows\System\RcVVcmz.exe
  2⤵
  PID:6924
- C:\Windows\System\HKLPwgU.exe
  C:\Windows\System\HKLPwgU.exe
  2⤵
  PID:7012
- C:\Windows\System\MOBlZfl.exe
  C:\Windows\System\MOBlZfl.exe
  2⤵
  PID:7024
- C:\Windows\System\DtbALGp.exe
  C:\Windows\System\DtbALGp.exe
  2⤵
  PID:536
- C:\Windows\System\bVgXSGL.exe
  C:\Windows\System\bVgXSGL.exe
  2⤵
  PID:1452
- C:\Windows\System\LnwGZan.exe
  C:\Windows\System\LnwGZan.exe
  2⤵
  PID:7084
- C:\Windows\System\ZtPLhAl.exe
  C:\Windows\System\ZtPLhAl.exe
  2⤵
  PID:7100
- C:\Windows\System\LrFVRYv.exe
  C:\Windows\System\LrFVRYv.exe
  2⤵
  PID:1852
- C:\Windows\System\kaVAUFr.exe
  C:\Windows\System\kaVAUFr.exe
  2⤵
  PID:4660
- C:\Windows\System\iNWnqSV.exe
  C:\Windows\System\iNWnqSV.exe
  2⤵
  PID:6208
- C:\Windows\System\VhaxyaF.exe
  C:\Windows\System\VhaxyaF.exe
  2⤵
  PID:7160
- C:\Windows\System\VAtgUZm.exe
  C:\Windows\System\VAtgUZm.exe
  2⤵
  PID:6172
- C:\Windows\System\SYgELCX.exe
  C:\Windows\System\SYgELCX.exe
  2⤵
  PID:6272
- C:\Windows\System\adYjgzk.exe
  C:\Windows\System\adYjgzk.exe
  2⤵
  PID:5488
- C:\Windows\System\EpWXRnK.exe
  C:\Windows\System\EpWXRnK.exe
  2⤵
  PID:2956
- C:\Windows\System\lgrQfPt.exe
  C:\Windows\System\lgrQfPt.exe
  2⤵
  PID:2404
- C:\Windows\System\CphtyLn.exe
  C:\Windows\System\CphtyLn.exe
  2⤵
  PID:6288
- C:\Windows\System\SNmclhX.exe
  C:\Windows\System\SNmclhX.exe
  2⤵
  PID:3036
- C:\Windows\System\PQXAupO.exe
  C:\Windows\System\PQXAupO.exe
  2⤵
  PID:6528
- C:\Windows\System\NvGcHtP.exe
  C:\Windows\System\NvGcHtP.exe
  2⤵
  PID:2344
- C:\Windows\System\SYBmHBL.exe
  C:\Windows\System\SYBmHBL.exe
  2⤵
  PID:2708
- C:\Windows\System\OtezTHR.exe
  C:\Windows\System\OtezTHR.exe
  2⤵
  PID:6940
- C:\Windows\System\PCzHfqC.exe
  C:\Windows\System\PCzHfqC.exe
  2⤵
  PID:6916
- C:\Windows\System\NcONkot.exe
  C:\Windows\System\NcONkot.exe
  2⤵
  PID:408
- C:\Windows\System\KwecmyU.exe
  C:\Windows\System\KwecmyU.exe
  2⤵
  PID:7128
- C:\Windows\System\sMBpawf.exe
  C:\Windows\System\sMBpawf.exe
  2⤵
  PID:7148
- C:\Windows\System\HaRgvJq.exe
  C:\Windows\System\HaRgvJq.exe
  2⤵
  PID:6260
- C:\Windows\System\KKZQMtz.exe
  C:\Windows\System\KKZQMtz.exe
  2⤵
  PID:6524
- C:\Windows\System\xorjZNR.exe
  C:\Windows\System\xorjZNR.exe
  2⤵
  PID:6752
- C:\Windows\System\UaxgSvB.exe
  C:\Windows\System\UaxgSvB.exe
  2⤵
  PID:6560
- C:\Windows\System\LVBFukR.exe
  C:\Windows\System\LVBFukR.exe
  2⤵
  PID:6412
- C:\Windows\System\GuQwVsP.exe
  C:\Windows\System\GuQwVsP.exe
  2⤵
  PID:5344
- C:\Windows\System\ebsPqST.exe
  C:\Windows\System\ebsPqST.exe
  2⤵
  PID:6408
- C:\Windows\System\cjZpKnD.exe
  C:\Windows\System\cjZpKnD.exe
  2⤵
  PID:6192
- C:\Windows\System\cBXbJnR.exe
  C:\Windows\System\cBXbJnR.exe
  2⤵
  PID:6416
- C:\Windows\System\LmPemlc.exe
  C:\Windows\System\LmPemlc.exe
  2⤵
  PID:7184
- C:\Windows\System\gXRDpfe.exe
  C:\Windows\System\gXRDpfe.exe
  2⤵
  PID:7204
- C:\Windows\System\GNVfNTY.exe
  C:\Windows\System\GNVfNTY.exe
  2⤵
  PID:7220
- C:\Windows\System\ikswGug.exe
  C:\Windows\System\ikswGug.exe
  2⤵
  PID:7236
- C:\Windows\System\bHpPpQL.exe
  C:\Windows\System\bHpPpQL.exe
  2⤵
  PID:7252
- C:\Windows\System\wXxnbks.exe
  C:\Windows\System\wXxnbks.exe
  2⤵
  PID:7268
- C:\Windows\System\hwcOIyO.exe
  C:\Windows\System\hwcOIyO.exe
  2⤵
  PID:7284
- C:\Windows\System\sJwVZKd.exe
  C:\Windows\System\sJwVZKd.exe
  2⤵
  PID:7304
- C:\Windows\System\UkDtFsD.exe
  C:\Windows\System\UkDtFsD.exe
  2⤵
  PID:7324
- C:\Windows\System\FKjzTYC.exe
  C:\Windows\System\FKjzTYC.exe
  2⤵
  PID:7344
- C:\Windows\System\RTtvdGN.exe
  C:\Windows\System\RTtvdGN.exe
  2⤵
  PID:7364
- C:\Windows\System\zpDoBcs.exe
  C:\Windows\System\zpDoBcs.exe
  2⤵
  PID:7384
- C:\Windows\System\vtBaBTI.exe
  C:\Windows\System\vtBaBTI.exe
  2⤵
  PID:7404
- C:\Windows\System\UNyUxso.exe
  C:\Windows\System\UNyUxso.exe
  2⤵
  PID:7420
- C:\Windows\System\eYpTnax.exe
  C:\Windows\System\eYpTnax.exe
  2⤵
  PID:7440
- C:\Windows\System\YdaEHeR.exe
  C:\Windows\System\YdaEHeR.exe
  2⤵
  PID:7456
- C:\Windows\System\qwYegnj.exe
  C:\Windows\System\qwYegnj.exe
  2⤵
  PID:7476
- C:\Windows\System\FxjHjFe.exe
  C:\Windows\System\FxjHjFe.exe
  2⤵
  PID:7492
- C:\Windows\System\inAdVit.exe
  C:\Windows\System\inAdVit.exe
  2⤵
  PID:7512
- C:\Windows\System\AZifNoe.exe
  C:\Windows\System\AZifNoe.exe
  2⤵
  PID:7600
- C:\Windows\System\uIXRiUE.exe
  C:\Windows\System\uIXRiUE.exe
  2⤵
  PID:7620
- C:\Windows\System\iLzNtDk.exe
  C:\Windows\System\iLzNtDk.exe
  2⤵
  PID:7656
- C:\Windows\System\BeZRtlC.exe
  C:\Windows\System\BeZRtlC.exe
  2⤵
  PID:7672
- C:\Windows\System\cPBmclz.exe
  C:\Windows\System\cPBmclz.exe
  2⤵
  PID:7720
- C:\Windows\System\etDESjJ.exe
  C:\Windows\System\etDESjJ.exe
  2⤵
  PID:7736
- C:\Windows\System\VcAZHjM.exe
  C:\Windows\System\VcAZHjM.exe
  2⤵
  PID:7752
- C:\Windows\System\MRCONSZ.exe
  C:\Windows\System\MRCONSZ.exe
  2⤵
  PID:7772
- C:\Windows\System\mzkbsWk.exe
  C:\Windows\System\mzkbsWk.exe
  2⤵
  PID:7788
- C:\Windows\System\gUptDJr.exe
  C:\Windows\System\gUptDJr.exe
  2⤵
  PID:7808
- C:\Windows\System\JWhlvUq.exe
  C:\Windows\System\JWhlvUq.exe
  2⤵
  PID:7824
- C:\Windows\System\rAcxydz.exe
  C:\Windows\System\rAcxydz.exe
  2⤵
  PID:7840
- C:\Windows\System\lSGxKXS.exe
  C:\Windows\System\lSGxKXS.exe
  2⤵
  PID:7860
- C:\Windows\System\CVZMGci.exe
  C:\Windows\System\CVZMGci.exe
  2⤵
  PID:7908
- C:\Windows\System\BZxXEzy.exe
  C:\Windows\System\BZxXEzy.exe
  2⤵
  PID:7924
- C:\Windows\System\CqjRkUd.exe
  C:\Windows\System\CqjRkUd.exe
  2⤵
  PID:7952
- C:\Windows\System\nLtrkLI.exe
  C:\Windows\System\nLtrkLI.exe
  2⤵
  PID:7968
- C:\Windows\System\GGvuZNi.exe
  C:\Windows\System\GGvuZNi.exe
  2⤵
  PID:7988
- C:\Windows\System\EuYiLUs.exe
  C:\Windows\System\EuYiLUs.exe
  2⤵
  PID:8004
- C:\Windows\System\VjFeTDw.exe
  C:\Windows\System\VjFeTDw.exe
  2⤵
  PID:8020
- C:\Windows\System\yVhnExG.exe
  C:\Windows\System\yVhnExG.exe
  2⤵
  PID:8040
- C:\Windows\System\fzKoeNQ.exe
  C:\Windows\System\fzKoeNQ.exe
  2⤵
  PID:8056
- C:\Windows\System\sqmVhxN.exe
  C:\Windows\System\sqmVhxN.exe
  2⤵
  PID:8072
- C:\Windows\System\ImxeDpO.exe
  C:\Windows\System\ImxeDpO.exe
  2⤵
  PID:8092
- C:\Windows\System\msfxvST.exe
  C:\Windows\System\msfxvST.exe
  2⤵
  PID:8108
- C:\Windows\System\uSVLkWm.exe
  C:\Windows\System\uSVLkWm.exe
  2⤵
  PID:8128
- C:\Windows\System\eEnwZaq.exe
  C:\Windows\System\eEnwZaq.exe
  2⤵
  PID:8144
- C:\Windows\System\LhzqckH.exe
  C:\Windows\System\LhzqckH.exe
  2⤵
  PID:8160
- C:\Windows\System\UpzGDQb.exe
  C:\Windows\System\UpzGDQb.exe
  2⤵
  PID:7228
- C:\Windows\System\hmIyWwQ.exe
  C:\Windows\System\hmIyWwQ.exe
  2⤵
  PID:7264
- C:\Windows\System\hRKVORf.exe
  C:\Windows\System\hRKVORf.exe
  2⤵
  PID:7332
- C:\Windows\System\qiZxAcM.exe
  C:\Windows\System\qiZxAcM.exe
  2⤵
  PID:7380
- C:\Windows\System\FqcbbGB.exe
  C:\Windows\System\FqcbbGB.exe
  2⤵
  PID:2972
- C:\Windows\System\IyDZoPc.exe
  C:\Windows\System\IyDZoPc.exe
  2⤵
  PID:7488
- C:\Windows\System\XWocZSR.exe
  C:\Windows\System\XWocZSR.exe
  2⤵
  PID:7536
- C:\Windows\System\LlDgLti.exe
  C:\Windows\System\LlDgLti.exe
  2⤵
  PID:6492
- C:\Windows\System\HZyogOl.exe
  C:\Windows\System\HZyogOl.exe
  2⤵
  PID:7560
- C:\Windows\System\VhXarcy.exe
  C:\Windows\System\VhXarcy.exe
  2⤵
  PID:7576
- C:\Windows\System\MozMNYp.exe
  C:\Windows\System\MozMNYp.exe
  2⤵
  PID:7580
- C:\Windows\System\fPJFyDO.exe
  C:\Windows\System\fPJFyDO.exe
  2⤵
  PID:6228
- C:\Windows\System\gSkPJjl.exe
  C:\Windows\System\gSkPJjl.exe
  2⤵
  PID:6636
- C:\Windows\System\kpueIDJ.exe
  C:\Windows\System\kpueIDJ.exe
  2⤵
  PID:6708
- C:\Windows\System\vWbNfiE.exe
  C:\Windows\System\vWbNfiE.exe
  2⤵
  PID:6900
- C:\Windows\System\EBjSwhY.exe
  C:\Windows\System\EBjSwhY.exe
  2⤵
  PID:1412
- C:\Windows\System\LkxqRHH.exe
  C:\Windows\System\LkxqRHH.exe
  2⤵
  PID:7628
- C:\Windows\System\RmPSJbQ.exe
  C:\Windows\System\RmPSJbQ.exe
  2⤵
  PID:7644
- C:\Windows\System\foZgoVh.exe
  C:\Windows\System\foZgoVh.exe
  2⤵
  PID:6688
- C:\Windows\System\pWzzemp.exe
  C:\Windows\System\pWzzemp.exe
  2⤵
  PID:7032
- C:\Windows\System\alOkNZR.exe
  C:\Windows\System\alOkNZR.exe
  2⤵
  PID:7144
- C:\Windows\System\Mgwngdg.exe
  C:\Windows\System\Mgwngdg.exe
  2⤵
  PID:6336
- C:\Windows\System\zqtxeQo.exe
  C:\Windows\System\zqtxeQo.exe
  2⤵
  PID:6480
- C:\Windows\System\GkyjfNi.exe
  C:\Windows\System\GkyjfNi.exe
  2⤵
  PID:6544
- C:\Windows\System\tFBVLbB.exe
  C:\Windows\System\tFBVLbB.exe
  2⤵
  PID:7700
- C:\Windows\System\zYgcEra.exe
  C:\Windows\System\zYgcEra.exe
  2⤵
  PID:7744
- C:\Windows\System\MvtXQOZ.exe
  C:\Windows\System\MvtXQOZ.exe
  2⤵
  PID:7172
- C:\Windows\System\tyaEfMY.exe
  C:\Windows\System\tyaEfMY.exe
  2⤵
  PID:7216
- C:\Windows\System\NCmsiNd.exe
  C:\Windows\System\NCmsiNd.exe
  2⤵
  PID:7280
- C:\Windows\System\Yfpykss.exe
  C:\Windows\System\Yfpykss.exe
  2⤵
  PID:7320
- C:\Windows\System\tGEVqxo.exe
  C:\Windows\System\tGEVqxo.exe
  2⤵
  PID:7396
- C:\Windows\System\rMvyGdn.exe
  C:\Windows\System\rMvyGdn.exe
  2⤵
  PID:7464
- C:\Windows\System\rgOqvMD.exe
  C:\Windows\System\rgOqvMD.exe
  2⤵
  PID:7508
- C:\Windows\System\MrgrrvH.exe
  C:\Windows\System\MrgrrvH.exe
  2⤵
  PID:7852
- C:\Windows\System\UbfAInS.exe
  C:\Windows\System\UbfAInS.exe
  2⤵
  PID:7616
- C:\Windows\System\VxKoHBW.exe
  C:\Windows\System\VxKoHBW.exe
  2⤵
  PID:7868
- C:\Windows\System\RIFopYH.exe
  C:\Windows\System\RIFopYH.exe
  2⤵
  PID:7796
- C:\Windows\System\HyJwRLs.exe
  C:\Windows\System\HyJwRLs.exe
  2⤵
  PID:7880
- C:\Windows\System\dZzIUEs.exe
  C:\Windows\System\dZzIUEs.exe
  2⤵
  PID:7900
- C:\Windows\System\EoeDsRl.exe
  C:\Windows\System\EoeDsRl.exe
  2⤵
  PID:7932
- C:\Windows\System\YyAPqHO.exe
  C:\Windows\System\YyAPqHO.exe
  2⤵
  PID:7960
- C:\Windows\System\OJowzkt.exe
  C:\Windows\System\OJowzkt.exe
  2⤵
  PID:8036
- C:\Windows\System\KUXKaqh.exe
  C:\Windows\System\KUXKaqh.exe
  2⤵
  PID:8104
- C:\Windows\System\pFiKMyD.exe
  C:\Windows\System\pFiKMyD.exe
  2⤵
  PID:7976
- C:\Windows\System\wyKXNgE.exe
  C:\Windows\System\wyKXNgE.exe
  2⤵
  PID:8048
- C:\Windows\System\ugRkrNE.exe
  C:\Windows\System\ugRkrNE.exe
  2⤵
  PID:8088
- C:\Windows\System\HXjcyzL.exe
  C:\Windows\System\HXjcyzL.exe
  2⤵
  PID:8156
- C:\Windows\System\iJrqYvP.exe
  C:\Windows\System\iJrqYvP.exe
  2⤵
  PID:8188
- C:\Windows\System\OHcPdSx.exe
  C:\Windows\System\OHcPdSx.exe
  2⤵
  PID:7200
- C:\Windows\System\DEbQrzo.exe
  C:\Windows\System\DEbQrzo.exe
  2⤵
  PID:7416
- C:\Windows\System\YjXQAKo.exe
  C:\Windows\System\YjXQAKo.exe
  2⤵
  PID:7532
- C:\Windows\System\dzwdWoW.exe
  C:\Windows\System\dzwdWoW.exe
  2⤵
  PID:6356
- C:\Windows\System\fTdmneE.exe
  C:\Windows\System\fTdmneE.exe
  2⤵
  PID:6496
- C:\Windows\System\RGWVipM.exe
  C:\Windows\System\RGWVipM.exe
  2⤵
  PID:6576
- C:\Windows\System\dAOgBMK.exe
  C:\Windows\System\dAOgBMK.exe
  2⤵
  PID:7684
- C:\Windows\System\ORHZgBN.exe
  C:\Windows\System\ORHZgBN.exe
  2⤵
  PID:6436
- C:\Windows\System\DxogzfN.exe
  C:\Windows\System\DxogzfN.exe
  2⤵
  PID:7568
- C:\Windows\System\rhiQrmv.exe
  C:\Windows\System\rhiQrmv.exe
  2⤵
  PID:6992
- C:\Windows\System\diMJECW.exe
  C:\Windows\System\diMJECW.exe
  2⤵
  PID:7484
- C:\Windows\System\zjTiReC.exe
  C:\Windows\System\zjTiReC.exe
  2⤵
  PID:7588
- C:\Windows\System\NeSEiuY.exe
  C:\Windows\System\NeSEiuY.exe
  2⤵
  PID:6668
- C:\Windows\System\CFIsYtO.exe
  C:\Windows\System\CFIsYtO.exe
  2⤵
  PID:6976
- C:\Windows\System\sLJEYpO.exe
  C:\Windows\System\sLJEYpO.exe
  2⤵
  PID:6168
- C:\Windows\System\qNaBPXL.exe
  C:\Windows\System\qNaBPXL.exe
  2⤵
  PID:7080
- C:\Windows\System\pWADOCm.exe
  C:\Windows\System\pWADOCm.exe
  2⤵
  PID:1968
- C:\Windows\System\OLJTREn.exe
  C:\Windows\System\OLJTREn.exe
  2⤵
  PID:2884
- C:\Windows\System\AvwbsFa.exe
  C:\Windows\System\AvwbsFa.exe
  2⤵
  PID:7780
- C:\Windows\System\BAZtrId.exe
  C:\Windows\System\BAZtrId.exe
  2⤵
  PID:7356
- C:\Windows\System\FVccCap.exe
  C:\Windows\System\FVccCap.exe
  2⤵
  PID:7504
- C:\Windows\System\ziWSeaF.exe
  C:\Windows\System\ziWSeaF.exe
  2⤵
  PID:7764
- C:\Windows\System\dneTRfb.exe
  C:\Windows\System\dneTRfb.exe
  2⤵
  PID:7948
- C:\Windows\System\sMLkMnS.exe
  C:\Windows\System\sMLkMnS.exe
  2⤵
  PID:8100
- C:\Windows\System\zpoquxn.exe
  C:\Windows\System\zpoquxn.exe
  2⤵
  PID:7832
- C:\Windows\System\ujYhqTi.exe
  C:\Windows\System\ujYhqTi.exe
  2⤵
  PID:7316
- C:\Windows\System\XSaorGz.exe
  C:\Windows\System\XSaorGz.exe
  2⤵
  PID:7436
- C:\Windows\System\tBhIMTS.exe
  C:\Windows\System\tBhIMTS.exe
  2⤵
  PID:7804
- C:\Windows\System\GKiqfcR.exe
  C:\Windows\System\GKiqfcR.exe
  2⤵
  PID:7916
- C:\Windows\System\ytBrBJV.exe
  C:\Windows\System\ytBrBJV.exe
  2⤵
  PID:8032
- C:\Windows\System\aVNeEgI.exe
  C:\Windows\System\aVNeEgI.exe
  2⤵
  PID:8080
- C:\Windows\System\NxYUKXP.exe
  C:\Windows\System\NxYUKXP.exe
  2⤵
  PID:8152
- C:\Windows\System\pYnPGSE.exe
  C:\Windows\System\pYnPGSE.exe
  2⤵
  PID:7524
- C:\Windows\System\IcCvOiY.exe
  C:\Windows\System\IcCvOiY.exe
  2⤵
  PID:7680
- C:\Windows\System\wexPFbe.exe
  C:\Windows\System\wexPFbe.exe
  2⤵
  PID:468
- C:\Windows\System\XXhgEQB.exe
  C:\Windows\System\XXhgEQB.exe
  2⤵
  PID:5844
- C:\Windows\System\NVsHXtj.exe
  C:\Windows\System\NVsHXtj.exe
  2⤵
  PID:2100
- C:\Windows\System\lDzFoEP.exe
  C:\Windows\System\lDzFoEP.exe
  2⤵
  PID:1848
- C:\Windows\System\TEcjYgk.exe
  C:\Windows\System\TEcjYgk.exe
  2⤵
  PID:7472
- C:\Windows\System\LAfAqSP.exe
  C:\Windows\System\LAfAqSP.exe
  2⤵
  PID:7892
- C:\Windows\System\WWLWzXs.exe
  C:\Windows\System\WWLWzXs.exe
  2⤵
  PID:7896
- C:\Windows\System\TUDqfDp.exe
  C:\Windows\System\TUDqfDp.exe
  2⤵
  PID:7016
- C:\Windows\System\nKsGCfz.exe
  C:\Windows\System\nKsGCfz.exe
  2⤵
  PID:7732
- C:\Windows\System\ZmDnPQt.exe
  C:\Windows\System\ZmDnPQt.exe
  2⤵
  PID:7944
- C:\Windows\System\htBhOEy.exe
  C:\Windows\System\htBhOEy.exe
  2⤵
  PID:7180
- C:\Windows\System\ESyAkQz.exe
  C:\Windows\System\ESyAkQz.exe
  2⤵
  PID:8168
- C:\Windows\System\TfVjeCI.exe
  C:\Windows\System\TfVjeCI.exe
  2⤵
  PID:7192
- C:\Windows\System\wPwctFm.exe
  C:\Windows\System\wPwctFm.exe
  2⤵
  PID:7528
- C:\Windows\System\GEweRSz.exe
  C:\Windows\System\GEweRSz.exe
  2⤵
  PID:7556
- C:\Windows\System\oMrQBTT.exe
  C:\Windows\System\oMrQBTT.exe
  2⤵
  PID:7392
- C:\Windows\System\bCPWiIH.exe
  C:\Windows\System\bCPWiIH.exe
  2⤵
  PID:6956
- C:\Windows\System\JIAVbbH.exe
  C:\Windows\System\JIAVbbH.exe
  2⤵
  PID:6556
- C:\Windows\System\IbuEkRN.exe
  C:\Windows\System\IbuEkRN.exe
  2⤵
  PID:7640
- C:\Windows\System\UUXohWL.exe
  C:\Windows\System\UUXohWL.exe
  2⤵
  PID:8028
- C:\Windows\System\mOmsgRs.exe
  C:\Windows\System\mOmsgRs.exe
  2⤵
  PID:3032
- C:\Windows\System\xRaQyNN.exe
  C:\Windows\System\xRaQyNN.exe
  2⤵
  PID:6664
- C:\Windows\System\QSpOpEr.exe
  C:\Windows\System\QSpOpEr.exe
  2⤵
  PID:7140
- C:\Windows\System\URsZsOS.exe
  C:\Windows\System\URsZsOS.exe
  2⤵
  PID:7612
- C:\Windows\System\LwEhjgZ.exe
  C:\Windows\System\LwEhjgZ.exe
  2⤵
  PID:7872
- C:\Windows\System\BJfsQVA.exe
  C:\Windows\System\BJfsQVA.exe
  2⤵
  PID:7692
- C:\Windows\System\fHTAhrl.exe
  C:\Windows\System\fHTAhrl.exe
  2⤵
  PID:7820
- C:\Windows\System\LYWullE.exe
  C:\Windows\System\LYWullE.exe
  2⤵
  PID:7212
- C:\Windows\System\zfssMME.exe
  C:\Windows\System\zfssMME.exe
  2⤵
  PID:7572
- C:\Windows\System\yZuIyWU.exe
  C:\Windows\System\yZuIyWU.exe
  2⤵
  PID:7432
- C:\Windows\System\WNuHNxf.exe
  C:\Windows\System\WNuHNxf.exe
  2⤵
  PID:8212
- C:\Windows\System\lGXFlPr.exe
  C:\Windows\System\lGXFlPr.exe
  2⤵
  PID:8228
- C:\Windows\System\hluseBI.exe
  C:\Windows\System\hluseBI.exe
  2⤵
  PID:8248
- C:\Windows\System\vdUcVUF.exe
  C:\Windows\System\vdUcVUF.exe
  2⤵
  PID:8264
- C:\Windows\System\wrPyaaw.exe
  C:\Windows\System\wrPyaaw.exe
  2⤵
  PID:8280
- C:\Windows\System\AvaWWRN.exe
  C:\Windows\System\AvaWWRN.exe
  2⤵
  PID:8300
- C:\Windows\System\tuWTjJl.exe
  C:\Windows\System\tuWTjJl.exe
  2⤵
  PID:8316
- C:\Windows\System\lhPoFcm.exe
  C:\Windows\System\lhPoFcm.exe
  2⤵
  PID:8332
- C:\Windows\System\YjJbAov.exe
  C:\Windows\System\YjJbAov.exe
  2⤵
  PID:8360
- C:\Windows\System\smxdMxv.exe
  C:\Windows\System\smxdMxv.exe
  2⤵
  PID:8380
- C:\Windows\System\ufAitzi.exe
  C:\Windows\System\ufAitzi.exe
  2⤵
  PID:8396
- C:\Windows\System\luxoUmh.exe
  C:\Windows\System\luxoUmh.exe
  2⤵
  PID:8412
- C:\Windows\System\KbDKUPV.exe
  C:\Windows\System\KbDKUPV.exe
  2⤵
  PID:8428
- C:\Windows\System\iQvnlSw.exe
  C:\Windows\System\iQvnlSw.exe
  2⤵
  PID:8444
- C:\Windows\System\rFxLulC.exe
  C:\Windows\System\rFxLulC.exe
  2⤵
  PID:8460
- C:\Windows\System\SAIACoU.exe
  C:\Windows\System\SAIACoU.exe
  2⤵
  PID:8480
- C:\Windows\System\phpKbXn.exe
  C:\Windows\System\phpKbXn.exe
  2⤵
  PID:8496
- C:\Windows\System\sAtAYFZ.exe
  C:\Windows\System\sAtAYFZ.exe
  2⤵
  PID:8516
- C:\Windows\System\jXvmWUD.exe
  C:\Windows\System\jXvmWUD.exe
  2⤵
  PID:8532
- C:\Windows\System\IzGjDcd.exe
  C:\Windows\System\IzGjDcd.exe
  2⤵
  PID:8548
- C:\Windows\System\PrOxKIB.exe
  C:\Windows\System\PrOxKIB.exe
  2⤵
  PID:8564
- C:\Windows\System\RgFSaIG.exe
  C:\Windows\System\RgFSaIG.exe
  2⤵
  PID:8584
- C:\Windows\System\ogyiACO.exe
  C:\Windows\System\ogyiACO.exe
  2⤵
  PID:8600
- C:\Windows\System\WbCzEDi.exe
  C:\Windows\System\WbCzEDi.exe
  2⤵
  PID:8620
- C:\Windows\System\aOyLGAU.exe
  C:\Windows\System\aOyLGAU.exe
  2⤵
  PID:8636
- C:\Windows\System\NcnwNIL.exe
  C:\Windows\System\NcnwNIL.exe
  2⤵
  PID:8652
- C:\Windows\System\SJrOeQl.exe
  C:\Windows\System\SJrOeQl.exe
  2⤵
  PID:8672
- C:\Windows\System\fsCVvVd.exe
  C:\Windows\System\fsCVvVd.exe
  2⤵
  PID:8688
- C:\Windows\System\TBechdi.exe
  C:\Windows\System\TBechdi.exe
  2⤵
  PID:8704
- C:\Windows\System\rOIdMKg.exe
  C:\Windows\System\rOIdMKg.exe
  2⤵
  PID:8720
- C:\Windows\System\DKakYKi.exe
  C:\Windows\System\DKakYKi.exe
  2⤵
  PID:8736
- C:\Windows\System\wtAxgLS.exe
  C:\Windows\System\wtAxgLS.exe
  2⤵
  PID:8752
- C:\Windows\System\zwJHioH.exe
  C:\Windows\System\zwJHioH.exe
  2⤵
  PID:8772
- C:\Windows\System\xWzvYvx.exe
  C:\Windows\System\xWzvYvx.exe
  2⤵
  PID:8788
- C:\Windows\System\mxGgTDG.exe
  C:\Windows\System\mxGgTDG.exe
  2⤵
  PID:8804
- C:\Windows\System\JSMQIVD.exe
  C:\Windows\System\JSMQIVD.exe
  2⤵
  PID:8820
- C:\Windows\System\loPjqCK.exe
  C:\Windows\System\loPjqCK.exe
  2⤵
  PID:8836
- C:\Windows\System\VCLJKHx.exe
  C:\Windows\System\VCLJKHx.exe
  2⤵
  PID:8852
- C:\Windows\System\VlqqSeN.exe
  C:\Windows\System\VlqqSeN.exe
  2⤵
  PID:8868
- C:\Windows\System\TiLSQbN.exe
  C:\Windows\System\TiLSQbN.exe
  2⤵
  PID:8884
- C:\Windows\System\aBRSVZO.exe
  C:\Windows\System\aBRSVZO.exe
  2⤵
  PID:8900
- C:\Windows\System\JPxpZcF.exe
  C:\Windows\System\JPxpZcF.exe
  2⤵
  PID:8916
- C:\Windows\System\KdgWdnI.exe
  C:\Windows\System\KdgWdnI.exe
  2⤵
  PID:8932
- C:\Windows\System\xIGxtzt.exe
  C:\Windows\System\xIGxtzt.exe
  2⤵
  PID:8948
- C:\Windows\System\bEixCoY.exe
  C:\Windows\System\bEixCoY.exe
  2⤵
  PID:8964
- C:\Windows\System\QDjsSXt.exe
  C:\Windows\System\QDjsSXt.exe
  2⤵
  PID:8980
- C:\Windows\System\LiYlOJc.exe
  C:\Windows\System\LiYlOJc.exe
  2⤵
  PID:9000
- C:\Windows\System\AGTjTCB.exe
  C:\Windows\System\AGTjTCB.exe
  2⤵
  PID:9016
- C:\Windows\System\otxAgrm.exe
  C:\Windows\System\otxAgrm.exe
  2⤵
  PID:9036
- C:\Windows\System\VwMqMJV.exe
  C:\Windows\System\VwMqMJV.exe
  2⤵
  PID:9052
- C:\Windows\System\puwTeIQ.exe
  C:\Windows\System\puwTeIQ.exe
  2⤵
  PID:9068
- C:\Windows\System\TzDAcgK.exe
  C:\Windows\System\TzDAcgK.exe
  2⤵
  PID:9084
- C:\Windows\System\VlxdLvI.exe
  C:\Windows\System\VlxdLvI.exe
  2⤵
  PID:9100
- C:\Windows\System\kMCPbDZ.exe
  C:\Windows\System\kMCPbDZ.exe
  2⤵
  PID:9116
- C:\Windows\System\IOfXCcZ.exe
  C:\Windows\System\IOfXCcZ.exe
  2⤵
  PID:9136
- C:\Windows\System\ERwlpHt.exe
  C:\Windows\System\ERwlpHt.exe
  2⤵
  PID:9152
- C:\Windows\System\PEtQulX.exe
  C:\Windows\System\PEtQulX.exe
  2⤵
  PID:9168
- C:\Windows\System\jMfhotv.exe
  C:\Windows\System\jMfhotv.exe
  2⤵
  PID:9184
- C:\Windows\System\kaEWddf.exe
  C:\Windows\System\kaEWddf.exe
  2⤵
  PID:9200
- C:\Windows\System\YTUAiHU.exe
  C:\Windows\System\YTUAiHU.exe
  2⤵
  PID:8200
- C:\Windows\System\UszkpTa.exe
  C:\Windows\System\UszkpTa.exe
  2⤵
  PID:8240
- C:\Windows\System\oOQaUEW.exe
  C:\Windows\System\oOQaUEW.exe
  2⤵
  PID:8308
- C:\Windows\System\ZCUoGFG.exe
  C:\Windows\System\ZCUoGFG.exe
  2⤵
  PID:8124
- C:\Windows\System\YgbtHbN.exe
  C:\Windows\System\YgbtHbN.exe
  2⤵
  PID:8012
- C:\Windows\System\aBhmfSg.exe
  C:\Windows\System\aBhmfSg.exe
  2⤵
  PID:8260
- C:\Windows\System\QwmhyYW.exe
  C:\Windows\System\QwmhyYW.exe
  2⤵
  PID:8328
- C:\Windows\System\vcVzlUz.exe
  C:\Windows\System\vcVzlUz.exe
  2⤵
  PID:8352
- C:\Windows\System\dUdcJPT.exe
  C:\Windows\System\dUdcJPT.exe
  2⤵
  PID:8404
- C:\Windows\System\bmQSsEp.exe
  C:\Windows\System\bmQSsEp.exe
  2⤵
  PID:8408
- C:\Windows\System\mpLmmbI.exe
  C:\Windows\System\mpLmmbI.exe
  2⤵
  PID:8436
- C:\Windows\System\ObRFNnI.exe
  C:\Windows\System\ObRFNnI.exe
  2⤵
  PID:8492
- C:\Windows\System\BVqAlEP.exe
  C:\Windows\System\BVqAlEP.exe
  2⤵
  PID:8504
- C:\Windows\System\MKlISds.exe
  C:\Windows\System\MKlISds.exe
  2⤵
  PID:8528
- C:\Windows\System\TeSWkAP.exe
  C:\Windows\System\TeSWkAP.exe
  2⤵
  PID:8560
- C:\Windows\System\rosqbnw.exe
  C:\Windows\System\rosqbnw.exe
  2⤵
  PID:8576
- C:\Windows\System\euDFgtu.exe
  C:\Windows\System\euDFgtu.exe
  2⤵
  PID:8612
- C:\Windows\System\QMwpCiY.exe
  C:\Windows\System\QMwpCiY.exe
  2⤵
  PID:8660
- C:\Windows\System\qxXIfHd.exe
  C:\Windows\System\qxXIfHd.exe
  2⤵
  PID:8700
- C:\Windows\System\oOLLYnH.exe
  C:\Windows\System\oOLLYnH.exe
  2⤵
  PID:8732
- C:\Windows\System\oiBGEFV.exe
  C:\Windows\System\oiBGEFV.exe
  2⤵
  PID:8796
- C:\Windows\System\BdonpMA.exe
  C:\Windows\System\BdonpMA.exe
  2⤵
  PID:8832
- C:\Windows\System\QsLCaLF.exe
  C:\Windows\System\QsLCaLF.exe
  2⤵
  PID:8784
- C:\Windows\System\BICUvqf.exe
  C:\Windows\System\BICUvqf.exe
  2⤵
  PID:8844
- C:\Windows\System\DYwfJXn.exe
  C:\Windows\System\DYwfJXn.exe
  2⤵
  PID:8912
- C:\Windows\System\KpjFJvW.exe
  C:\Windows\System\KpjFJvW.exe
  2⤵
  PID:8928
- C:\Windows\System\PGsErqp.exe
  C:\Windows\System\PGsErqp.exe
  2⤵
  PID:8944
- C:\Windows\System\ibcOrlx.exe
  C:\Windows\System\ibcOrlx.exe
  2⤵
  PID:9008
- C:\Windows\System\tMcDYzT.exe
  C:\Windows\System\tMcDYzT.exe
  2⤵
  PID:9024
- C:\Windows\System\BQJFsaE.exe
  C:\Windows\System\BQJFsaE.exe
  2⤵
  PID:9080
- C:\Windows\System\hEtCnBF.exe
  C:\Windows\System\hEtCnBF.exe
  2⤵
  PID:9060
- C:\Windows\System\ZJALPYk.exe
  C:\Windows\System\ZJALPYk.exe
  2⤵
  PID:9124
- C:\Windows\System\wRMYUDK.exe
  C:\Windows\System\wRMYUDK.exe
  2⤵
  PID:9132
- C:\Windows\System\wbJbXEY.exe
  C:\Windows\System\wbJbXEY.exe
  2⤵
  PID:9180
- C:\Windows\System\DYAWYWO.exe
  C:\Windows\System\DYAWYWO.exe
  2⤵
  PID:6340
- C:\Windows\System\FTFismg.exe
  C:\Windows\System\FTFismg.exe
  2⤵
  PID:8296
- C:\Windows\System\RQijhsy.exe
  C:\Windows\System\RQijhsy.exe
  2⤵
  PID:8424
- C:\Windows\System\FTNgydV.exe
  C:\Windows\System\FTNgydV.exe
  2⤵
  PID:8236
- C:\Windows\System\DXXbFRP.exe
  C:\Windows\System\DXXbFRP.exe
  2⤵
  PID:8348
- C:\Windows\System\HtTvHfo.exe
  C:\Windows\System\HtTvHfo.exe
  2⤵
  PID:8456
- C:\Windows\System\XhAVhuU.exe
  C:\Windows\System\XhAVhuU.exe
  2⤵
  PID:8512
- C:\Windows\System\HXSrvsl.exe
  C:\Windows\System\HXSrvsl.exe
  2⤵
  PID:8648
- C:\Windows\System\FfMkORy.exe
  C:\Windows\System\FfMkORy.exe
  2⤵
  PID:8628
- C:\Windows\System\pmmcsEK.exe
  C:\Windows\System\pmmcsEK.exe
  2⤵
  PID:8684
- C:\Windows\System\ojxrKmT.exe
  C:\Windows\System\ojxrKmT.exe
  2⤵
  PID:8768
- C:\Windows\System\ewElsHe.exe
  C:\Windows\System\ewElsHe.exe
  2⤵
  PID:8340
- C:\Windows\System\YdasQWO.exe
  C:\Windows\System\YdasQWO.exe
  2⤵
  PID:8976
- C:\Windows\System\ApkhbmE.exe
  C:\Windows\System\ApkhbmE.exe
  2⤵
  PID:8748
- C:\Windows\System\MilVUmM.exe
  C:\Windows\System\MilVUmM.exe
  2⤵
  PID:8960
- C:\Windows\System\KqVmqNX.exe
  C:\Windows\System\KqVmqNX.exe
  2⤵
  PID:9092
- C:\Windows\System\YwpuxBt.exe
  C:\Windows\System\YwpuxBt.exe
  2⤵
  PID:9160
- C:\Windows\System\RxuPeeR.exe
  C:\Windows\System\RxuPeeR.exe
  2⤵
  PID:8272
- C:\Windows\System\pLVGJNB.exe
  C:\Windows\System\pLVGJNB.exe
  2⤵
  PID:9192
- C:\Windows\System\WUoMujQ.exe
  C:\Windows\System\WUoMujQ.exe
  2⤵
  PID:8488
- C:\Windows\System\IUjrxAj.exe
  C:\Windows\System\IUjrxAj.exe
  2⤵
  PID:8644
- C:\Windows\System\HUqCDQz.exe
  C:\Windows\System\HUqCDQz.exe
  2⤵
  PID:8696
- C:\Windows\System\WQzRzks.exe
  C:\Windows\System\WQzRzks.exe
  2⤵
  PID:8608
- C:\Windows\System\DGLOmrg.exe
  C:\Windows\System\DGLOmrg.exe
  2⤵
  PID:8292
- C:\Windows\System\gZGQLYh.exe
  C:\Windows\System\gZGQLYh.exe
  2⤵
  PID:8816
- C:\Windows\System\gZnbFkn.exe
  C:\Windows\System\gZnbFkn.exe
  2⤵
  PID:8924
- C:\Windows\System\hcZfqTm.exe
  C:\Windows\System\hcZfqTm.exe
  2⤵
  PID:9148
- C:\Windows\System\qjqLpYq.exe
  C:\Windows\System\qjqLpYq.exe
  2⤵
  PID:8276
- C:\Windows\System\ABYCAxJ.exe
  C:\Windows\System\ABYCAxJ.exe
  2⤵
  PID:8256
- C:\Windows\System\ggWJRFc.exe
  C:\Windows\System\ggWJRFc.exe
  2⤵
  PID:9164
- C:\Windows\System\DqmeulO.exe
  C:\Windows\System\DqmeulO.exe
  2⤵
  PID:9228
- C:\Windows\System\PcVBYkc.exe
  C:\Windows\System\PcVBYkc.exe
  2⤵
  PID:9252
- C:\Windows\System\tEOHlCz.exe
  C:\Windows\System\tEOHlCz.exe
  2⤵
  PID:9268
- C:\Windows\System\odXIkLE.exe
  C:\Windows\System\odXIkLE.exe
  2⤵
  PID:9284
- C:\Windows\System\bHKHUAj.exe
  C:\Windows\System\bHKHUAj.exe
  2⤵
  PID:9300
- C:\Windows\System\iJJXnLz.exe
  C:\Windows\System\iJJXnLz.exe
  2⤵
  PID:9320
- C:\Windows\System\mMzaLam.exe
  C:\Windows\System\mMzaLam.exe
  2⤵
  PID:9336
- C:\Windows\System\otRvVVh.exe
  C:\Windows\System\otRvVVh.exe
  2⤵
  PID:9352
- C:\Windows\System\KcLvTpr.exe
  C:\Windows\System\KcLvTpr.exe
  2⤵
  PID:9368
- C:\Windows\System\UMAeFCf.exe
  C:\Windows\System\UMAeFCf.exe
  2⤵
  PID:9384
- C:\Windows\System\QIAvFJq.exe
  C:\Windows\System\QIAvFJq.exe
  2⤵
  PID:9400
- C:\Windows\System\QTWoWGD.exe
  C:\Windows\System\QTWoWGD.exe
  2⤵
  PID:9416
- C:\Windows\System\jAIDcWC.exe
  C:\Windows\System\jAIDcWC.exe
  2⤵
  PID:9432
- C:\Windows\System\EeXnWoT.exe
  C:\Windows\System\EeXnWoT.exe
  2⤵
  PID:9448
- C:\Windows\System\XqivMpE.exe
  C:\Windows\System\XqivMpE.exe
  2⤵
  PID:9464
- C:\Windows\System\zvIIEup.exe
  C:\Windows\System\zvIIEup.exe
  2⤵
  PID:9480
- C:\Windows\System\TnicmzG.exe
  C:\Windows\System\TnicmzG.exe
  2⤵
  PID:9500
- C:\Windows\System\onvwDlX.exe
  C:\Windows\System\onvwDlX.exe
  2⤵
  PID:9520
- C:\Windows\System\uzLPoSU.exe
  C:\Windows\System\uzLPoSU.exe
  2⤵
  PID:9560
- C:\Windows\System\KGwfuyQ.exe
  C:\Windows\System\KGwfuyQ.exe
  2⤵
  PID:9580
- C:\Windows\System\AfwlmMA.exe
  C:\Windows\System\AfwlmMA.exe
  2⤵
  PID:9596
- C:\Windows\System\VGyyljK.exe
  C:\Windows\System\VGyyljK.exe
  2⤵
  PID:9616
- C:\Windows\System\WMULbvF.exe
  C:\Windows\System\WMULbvF.exe
  2⤵
  PID:9632
- C:\Windows\System\rKugtbF.exe
  C:\Windows\System\rKugtbF.exe
  2⤵
  PID:9648
- C:\Windows\System\hxeKdQw.exe
  C:\Windows\System\hxeKdQw.exe
  2⤵
  PID:9668
- C:\Windows\System\fyqSvvg.exe
  C:\Windows\System\fyqSvvg.exe
  2⤵
  PID:9688
- C:\Windows\System\ddMQBuu.exe
  C:\Windows\System\ddMQBuu.exe
  2⤵
  PID:9704
- C:\Windows\System\dqCOxmJ.exe
  C:\Windows\System\dqCOxmJ.exe
  2⤵
  PID:9720
- C:\Windows\System\mloawFs.exe
  C:\Windows\System\mloawFs.exe
  2⤵
  PID:9736
- C:\Windows\System\IwVSwfK.exe
  C:\Windows\System\IwVSwfK.exe
  2⤵
  PID:9752
- C:\Windows\System\mjJpBoL.exe
  C:\Windows\System\mjJpBoL.exe
  2⤵
  PID:9772
- C:\Windows\System\nbGhSQn.exe
  C:\Windows\System\nbGhSQn.exe
  2⤵
  PID:9796
- C:\Windows\System\xuvmbkp.exe
  C:\Windows\System\xuvmbkp.exe
  2⤵
  PID:9816
- C:\Windows\System\EpDywUO.exe
  C:\Windows\System\EpDywUO.exe
  2⤵
  PID:9832
- C:\Windows\System\MPpJJeu.exe
  C:\Windows\System\MPpJJeu.exe
  2⤵
  PID:9848
- C:\Windows\System\JfboXrT.exe
  C:\Windows\System\JfboXrT.exe
  2⤵
  PID:9864
- C:\Windows\System\zNHVmqa.exe
  C:\Windows\System\zNHVmqa.exe
  2⤵
  PID:9880
- C:\Windows\System\nKRwxxa.exe
  C:\Windows\System\nKRwxxa.exe
  2⤵
  PID:9896
- C:\Windows\System\kjZIRbJ.exe
  C:\Windows\System\kjZIRbJ.exe
  2⤵
  PID:9912
- C:\Windows\System\gKhhkuN.exe
  C:\Windows\System\gKhhkuN.exe
  2⤵
  PID:9932
- C:\Windows\System\AGohgpo.exe
  C:\Windows\System\AGohgpo.exe
  2⤵
  PID:9948
- C:\Windows\System\OEjLNXB.exe
  C:\Windows\System\OEjLNXB.exe
  2⤵
  PID:9964
- C:\Windows\System\tAZsbmJ.exe
  C:\Windows\System\tAZsbmJ.exe
  2⤵
  PID:9984
- C:\Windows\System\KtJbxUs.exe
  C:\Windows\System\KtJbxUs.exe
  2⤵
  PID:10000
- C:\Windows\System\rUWRMmd.exe
  C:\Windows\System\rUWRMmd.exe
  2⤵
  PID:10016
- C:\Windows\System\WdEtdoo.exe
  C:\Windows\System\WdEtdoo.exe
  2⤵
  PID:10032
- C:\Windows\System\SmlWZVn.exe
  C:\Windows\System\SmlWZVn.exe
  2⤵
  PID:10048
- C:\Windows\System\ODZGeZC.exe
  C:\Windows\System\ODZGeZC.exe
  2⤵
  PID:10064
- C:\Windows\System\PywfpMR.exe
  C:\Windows\System\PywfpMR.exe
  2⤵
  PID:10080
- C:\Windows\System\rLzbpHm.exe
  C:\Windows\System\rLzbpHm.exe
  2⤵
  PID:10096
- C:\Windows\System\HPMDOCw.exe
  C:\Windows\System\HPMDOCw.exe
  2⤵
  PID:10112
- C:\Windows\System\kSuduPj.exe
  C:\Windows\System\kSuduPj.exe
  2⤵
  PID:10128
- C:\Windows\System\LseJjcd.exe
  C:\Windows\System\LseJjcd.exe
  2⤵
  PID:10144
- C:\Windows\System\fLHWwqM.exe
  C:\Windows\System\fLHWwqM.exe
  2⤵
  PID:10160
- C:\Windows\System\NDydzcN.exe
  C:\Windows\System\NDydzcN.exe
  2⤵
  PID:10176
- C:\Windows\System\taEyKCB.exe
  C:\Windows\System\taEyKCB.exe
  2⤵
  PID:10192
- C:\Windows\System\gKwBbzI.exe
  C:\Windows\System\gKwBbzI.exe
  2⤵
  PID:10208
- C:\Windows\System\bfwvUzQ.exe
  C:\Windows\System\bfwvUzQ.exe
  2⤵
  PID:10224
- C:\Windows\System\bvDDVMo.exe
  C:\Windows\System\bvDDVMo.exe
  2⤵
  PID:8828
- C:\Windows\System\qDxrjNV.exe
  C:\Windows\System\qDxrjNV.exe
  2⤵
  PID:7940
- C:\Windows\System\nqdZgfo.exe
  C:\Windows\System\nqdZgfo.exe
  2⤵
  PID:8596
- C:\Windows\System\knUBpDz.exe
  C:\Windows\System\knUBpDz.exe
  2⤵
  PID:9220
- C:\Windows\System\XSknAzL.exe
  C:\Windows\System\XSknAzL.exe
  2⤵
  PID:9412
- C:\Windows\System\EUQqWQA.exe
  C:\Windows\System\EUQqWQA.exe
  2⤵
  PID:9492
- C:\Windows\System\KCBHjRf.exe
  C:\Windows\System\KCBHjRf.exe
  2⤵
  PID:9528
- C:\Windows\System\TSCajqK.exe
  C:\Windows\System\TSCajqK.exe
  2⤵
  PID:9544
- C:\Windows\System\FMJHIbG.exe
  C:\Windows\System\FMJHIbG.exe
  2⤵
  PID:9572
- C:\Windows\System\YCwoBLD.exe
  C:\Windows\System\YCwoBLD.exe
  2⤵
  PID:9612
- C:\Windows\System\UYghxni.exe
  C:\Windows\System\UYghxni.exe
  2⤵
  PID:9784
- C:\Windows\System\pHdJgDF.exe
  C:\Windows\System\pHdJgDF.exe
  2⤵
  PID:9808
- C:\Windows\System\lQXWnpz.exe
  C:\Windows\System\lQXWnpz.exe
  2⤵
  PID:9844
- C:\Windows\System\MDhRYhp.exe
  C:\Windows\System\MDhRYhp.exe
  2⤵
  PID:9892
- C:\Windows\System\XiakTCG.exe
  C:\Windows\System\XiakTCG.exe
  2⤵
  PID:9904
- C:\Windows\System\eRjSOSJ.exe
  C:\Windows\System\eRjSOSJ.exe
  2⤵
  PID:9944
- C:\Windows\System\NAtHUFH.exe
  C:\Windows\System\NAtHUFH.exe
  2⤵
  PID:9960
- C:\Windows\System\saHjzvo.exe
  C:\Windows\System\saHjzvo.exe
  2⤵
  PID:10012
- C:\Windows\System\iiUXsoN.exe
  C:\Windows\System\iiUXsoN.exe
  2⤵
  PID:10008
- C:\Windows\System\rzBJoLt.exe
  C:\Windows\System\rzBJoLt.exe
  2⤵
  PID:10024
- C:\Windows\System\tlwDEGK.exe
  C:\Windows\System\tlwDEGK.exe
  2⤵
  PID:10088
- C:\Windows\System\LXZDdIo.exe
  C:\Windows\System\LXZDdIo.exe
  2⤵
  PID:10152
- C:\Windows\System\sZqtyQB.exe
  C:\Windows\System\sZqtyQB.exe
  2⤵
  PID:10136
- C:\Windows\System\eKomIyS.exe
  C:\Windows\System\eKomIyS.exe
  2⤵
  PID:10216
- C:\Windows\System\dCgFOVC.exe
  C:\Windows\System\dCgFOVC.exe
  2⤵
  PID:10172
- C:\Windows\System\SFYPrtW.exe
  C:\Windows\System\SFYPrtW.exe
  2⤵
  PID:9332
- C:\Windows\System\iraoYcW.exe
  C:\Windows\System\iraoYcW.exe
  2⤵
  PID:9280
- C:\Windows\System\QQenLKU.exe
  C:\Windows\System\QQenLKU.exe
  2⤵
  PID:9444
- C:\Windows\System\tmIltDi.exe
  C:\Windows\System\tmIltDi.exe
  2⤵
  PID:9608
- C:\Windows\System\ZNTaBfW.exe
  C:\Windows\System\ZNTaBfW.exe
  2⤵
  PID:9656
- C:\Windows\System\fcQeKlY.exe
  C:\Windows\System\fcQeKlY.exe
  2⤵
  PID:9748
- C:\Windows\System\qlMMNkL.exe
  C:\Windows\System\qlMMNkL.exe
  2⤵
  PID:9764
- C:\Windows\System\yWhSCpG.exe
  C:\Windows\System\yWhSCpG.exe
  2⤵
  PID:9792
- C:\Windows\System\VouOjnu.exe
  C:\Windows\System\VouOjnu.exe
  2⤵
  PID:9888
- C:\Windows\System\FtfijMu.exe
  C:\Windows\System\FtfijMu.exe
  2⤵
  PID:9908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DOpvlQJ.exe

Filesize
6.0MB

MD5
2ae10c15d647824ea87050c7da47f881

SHA1
4febd514e019b885afb84a333d29e33543ba352d

SHA256
19c41e1b2be74e87fcd100a38cbdf75ab94d4c94885bf4cfbf16c6147e8b4333

SHA512
4b195c41a1e5dc438731402226eb518f1f351772e7dca6956cae2c77fd5ac98deb9e98fa8b627caad6ba73421422f69999b159afc2ae32cf5c3073206b50dd42

Download Submit
C:\Windows\system\DWnZRSV.exe

Filesize
6.0MB

MD5
4b1a179e9f0b3e73287a71fcee2ce221

SHA1
10c67dd15b28b0a1b2ff1ed4aeef476ec2f29b7f

SHA256
09da99b96e462861b30ed80835cae0347c80aa91149d96ea23197eeeb7a4add4

SHA512
d76c311f6818f9c815f5b963f1caba89fa9ccb90687fd743694e429a0690cbd14f3a3150c0ab91793141b7675994b60b839a8e9f0eba48d699270c125560fb08

Download Submit
C:\Windows\system\FpjXDTO.exe

Filesize
6.0MB

MD5
ef74682afa9cea31206da9d14211bcbd

SHA1
ed1df9e27e694902f8a976d161bf9b5dd216a555

SHA256
e6b8650aaa1984de6fe49a4ad31d2df0d560a38611f7989063d54a76a33aac99

SHA512
25360fc5eb1fc796169efbd07c70c1e65740a53f454e0e46d5d23566f8d5c94ca0ed5f59790a284022558e1d9948565b1f886bde2613fb87c40822bedf469343

Download Submit
C:\Windows\system\JCpQTES.exe

Filesize
6.0MB

MD5
aedf0a948ef681c20512573130fd4e96

SHA1
dd150f4e419ce1547dd5616101d53e3bd523bb85

SHA256
d2b7848748fa22d2a1770b20da096d8a83bc39b54c694f28653d920c13cadf08

SHA512
315ef39eeba7cf8f13ed9324313fee3f0e4573cec903fc8d9240148a93f9dee559525a1bb626aa02a18726b13bd6a2372e270f53c90161c0ae6a5619de7e65ce

Download Submit
C:\Windows\system\LKqSGAI.exe

Filesize
6.0MB

MD5
bf9348bfb7e81c72fd362828854f9cb8

SHA1
5839180876a0fa6cdca9e6bd89bba20708a1ee2e

SHA256
0d0f259bb148033a12dc05fe738a9bb2e67420eea80676755853dacff97a53b4

SHA512
094fc9bd8be93400c4537e394e79a60d38512395debb74c02e1ab86559b5c7634506cc629a30077979bb1794246d2c817f9132f620b839df959b5bc8e710f56b

Download Submit
C:\Windows\system\LNuMBUc.exe

Filesize
6.0MB

MD5
eb70e22c11823232edf861d64e7ae3a2

SHA1
bbd1758f8410c04d35e534fc36c3218204dd6e1d

SHA256
f18b9e77cd6e61c443c7718779b94a484afaf8eed0e8ad1d5d76568776a45ef6

SHA512
05da142912750e61d7a60097a48c251be10a07aa0ba56528e4b2c275b7b195fe2726b1cea19dbbe40f9b2ded03ff1778a04ab1835273a33dda3f20cfb2555c99

Download Submit
C:\Windows\system\MhZWiSB.exe

Filesize
6.0MB

MD5
04e23bf2c29f26ce777b28cea481959a

SHA1
1151015aef1fa60e390a611deba443c4c1dd8594

SHA256
270032ae49e1c6777a574891c5bb0875d2b9607ef7ba8689959d6e195ae67942

SHA512
7e3b83d2299c8d7be73b5260d10f5abd4a3cc7eaffb6368fb1337a05f03c0ea86aafff7cc8d1f207fbde818d1c6db654c29cf3cf7d5de547256cf81331830f03

Download Submit
C:\Windows\system\QilFLOc.exe

Filesize
6.0MB

MD5
03310f72da8f268734b772c03da667b4

SHA1
906be211d11f70dc348ba9ebf101c4173f1254fb

SHA256
b7968ba24420ad20c2e0c6851c8e11f3e486ea7142463f8e57b99be8a5814020

SHA512
025aa5fe0466d1aa761ccb0a000ab902ecd910a817f4623b3c4c1cd907319fc128f0b0fc8745bcc6d7a9638da9c11561b309c9ab6193fa62bcc1da064b01bfb9

Download Submit
C:\Windows\system\QxvQseJ.exe

Filesize
6.0MB

MD5
c27316f633cadaa4084b246178502d12

SHA1
f98775f41fa37f823f71fe715437dd59f28ff068

SHA256
6f0622e5413a04c51dd3f7915ed9a78ddea5f7661cb94f1cccc9941bb184723f

SHA512
84cd1afea6cfb09c22aa7d32239a2394e055945f5ae37f18353a3b6a0d913fefb372cceb05944e3aa460af02979c859ff9694ce850625c34457faef0b13b7691

Download Submit
C:\Windows\system\RYkZyVE.exe

Filesize
6.0MB

MD5
483c1f33d0e9ab56d5f4991ff91c87df

SHA1
d18e4ed1ea6f3e5a73cfb41369dcd111ae2e2373

SHA256
56bf476ef773d1ee7060c974c7fdb66faf22b53572a7d95dfc3b7482dd0d6b84

SHA512
ed12d6f4c59f96fdf6fea7451eb1f43f0bc9c3231d9265b2face0e5821ff49a27333e635b54546f257de588ccbb15b2ac5040211940af1c7ec333ada4cc0fa76

Download Submit
C:\Windows\system\SMHYrdl.exe

Filesize
6.0MB

MD5
064cf92496464889a40ae0f2ae477134

SHA1
53105982ca07f4bd12a3f7ea05cd234f8677b633

SHA256
31582562348742a423b9a7298ca919693de231fcd164e3d1cde38de106ab9c60

SHA512
e713b78a3d0e364b6b7ede84fc1e2232fbacc8a5b9f66d2a17f218f018bfc5edeecb2190f4fc854332143b670abb9c29076cb0d313f997c3133f585a0ebea5c1

Download Submit
C:\Windows\system\SkYhYiG.exe

Filesize
6.0MB

MD5
880637b16337ee8e497976c809dd8113

SHA1
a6d1ec69a10d22f24cb52d11da12adcb5ce78427

SHA256
cbd93573e4675747491fe81ff72b2fd2ee1362b104c83040679dd36473b80923

SHA512
b60ef2d8f01c1d90ac2177876b5f91d998bb8758531eabfd417b104ffb48bda187026a88779783f6b49bfdb7fc849ddb14416356df414c3eac67cd0bac504066

Download Submit
C:\Windows\system\YYMpczX.exe

Filesize
6.0MB

MD5
c248421d3703071a42c9ebc488275010

SHA1
ba0eec955f258ad51e0307cf3a199a840aa784bb

SHA256
138ce1fe5e96b2477baace4c63789ae5d70c2ceaca3a28a92eb45c592c6a1cd1

SHA512
a4372eeaab8002d0205403fb632ff3575ba47d154f2ed77c2751b6ff346d4d11a331fd0ede06a96f08f7f4c7022b7f5f7a22c02a8c116a8039944569dcf129c4

Download Submit
C:\Windows\system\dWkFUJy.exe

Filesize
6.0MB

MD5
0444f1f6f77ed2d9f24a9267c4e67934

SHA1
c5680b17d7614c6c2cff495867688c1ed6c0e3d8

SHA256
a7ed6ff639ca896c0eb07637cfd80bead02a0462912f6a77bd90790e31d2211c

SHA512
80d6196fbc0f4fe6d175fca3d9179b5c134dc11bf567334e8c4dc1a79b91b847ec7bd7cd9c8ca847aa7144c776b12e432bfe1e27043ff55c69d83981cad8b04c

Download Submit
C:\Windows\system\dhLDPjQ.exe

Filesize
6.0MB

MD5
1cbe5514e5753774788ff891fe8ec878

SHA1
c324ec24221f3edf0d640ca8eb1887210fcb255e

SHA256
ccf109ec6202842cc5b88256b4dabf40105b4b5d8de2a9d7b1a716cd941525ba

SHA512
6b81384b1e94487778040718279c2b2f53f080e82e1ae01dfd07b79f62646885b9972426effdd62099445293e0bccd72cd414e8f0e1460d05342ca1b3d9417ea

Download Submit
C:\Windows\system\eguYXVr.exe

Filesize
6.0MB

MD5
4227c40e9dcf7770a4ecdd42addcb477

SHA1
6f63de9beb7b61c734549fb25b1064b0cb3182ae

SHA256
4579a1b7cd8619cc8386cc0010fb4a346b7b191dc5d4be2e25a87e2f08084085

SHA512
9ec75e4f5d07dadd63e65d7f9dfc6855a9e00cb7f243f149ddb1a64608b63f02dc111329954cc84ce98a19f46f46e002c1434359b397ce70c7aa6433ad4efbbe

Download Submit
C:\Windows\system\jfDojmf.exe

Filesize
6.0MB

MD5
af480e9eb1511eb2e2310234c0dbec16

SHA1
3ac7c5877c819bd5c4a612680242831a4aaa3e70

SHA256
f7139b5b8f2a4683cf4c239dd3ead36717bf7632f0e4907b1b0c1d7caa3a54f3

SHA512
e3b0cc29ed72e8bd40b8d0b9f662d3fbcfd5b75ae3290aef94824ec19605b1520962b30d3ff5ca3d89cdb6e3dbc4fa7025c010e351ca152a1beafbf3a9d51bf9

Download Submit
C:\Windows\system\kYiwxNg.exe

Filesize
6.0MB

MD5
62b798b8d8cd7d3b8b2a3daea47c8e88

SHA1
70103d14ccd8ad21c44b2e6d45b5f483486aea22

SHA256
0c6c2b568f11d62504513bfe7f18f13dbda10e664283c985c75c94a6725c2707

SHA512
ccfb7691ae3030641bf39bcb9d8e736fef7fcb2716b958e2440b03b6572516bf9d7ffb95eae1c8babdf6e80ecac5725db7a5f9ea067abb77de13a4f7ed19f16a

Download Submit
C:\Windows\system\nvhhIeF.exe

Filesize
6.0MB

MD5
75aab17ca39b01163272bb3f4e46b98c

SHA1
b9423fc3929af12ddc5ae1180bbcb9aaa5c6c6ca

SHA256
597607cfcd088876174c770f5e9ce57d38fe72ea2eef3cf9c072c649b933a331

SHA512
ac9284637a84bd205eee517401e63fda49a2fe614ccae6a46668a8a32f3be08b842a5dc5abdb74d5cb4b1ceeadf899d205f0992e7d24d4ed0943537913d5c1cc

Download Submit
C:\Windows\system\redIrEr.exe

Filesize
6.0MB

MD5
59e507b2be7f5d25c8159f24a35d8744

SHA1
fad1bda0797001f6b5e7ff509d115fd6cc284146

SHA256
5f33b52a4770d9f58575e8da9731bba02066116fb29a152a8262bb241e518bf4

SHA512
861e712c33bb3096f29562edc5f2ee091cab885e874457c9b12d903ef919065cf54843360f1aebe974e529ffe7ac74ea0a673f3c823f298b157da4415cd0d658

Download Submit
C:\Windows\system\tBRHXds.exe

Filesize
6.0MB

MD5
dd3f441bd8e738341df1960e18c36540

SHA1
e8494b623c4e2caa70e94089e7e3d636b1fbf85c

SHA256
6597e78727dec8305adf098b7ed36a6f57f23d90d3584133cc833b20b993b580

SHA512
6b891b918da7b4dd8298b91908979e6b141c523cc3e1590560341efd52e315c8bb894aa83d06efc133cd400332e32123410c87d44aa458f26390d9297dd74fdd

Download Submit
C:\Windows\system\tBaSSpX.exe

Filesize
6.0MB

MD5
0f6912bd2fdb64b821b55ac02f815456

SHA1
debcadd27b4e99990a8e4b654ea1a9b1a9b067a8

SHA256
883010a091d2fd7dfcc52e2148353a6ffda95ca832709d0770820ee18c1d9660

SHA512
4e15e0cf14c2f3481697247514e8ba0d02fde158c5804b85536504c9ee1a40d94157125bf00d7c913fa08378f95cffec222d1de151ef402100409277cc7337c6

Download Submit
C:\Windows\system\tLYEsTS.exe

Filesize
6.0MB

MD5
e0187e7cc778dba1b8216578d0baa208

SHA1
c25f899e43a9faa24722f1e1572b764ae3d9552e

SHA256
c47a60ad3efa823790c8524287bedc4ceb54be6ce0f061ff32d6152a32e083dc

SHA512
2da4127eb9b420790b3b3578685090b076013795dfbe64ac9047b6a5353615c76be24e08987b9e0c9456b6397592f3dd92825991d6a324ebd46a52f9176e37bd

Download Submit
C:\Windows\system\uhurSYT.exe

Filesize
6.0MB

MD5
9e2f2e49de8b03a89110a5fcb65abe39

SHA1
17e5b34c67d795b50e374227b96b881921063409

SHA256
4d2ed3d2ec016144e03015ac7588427b2fe12fa38e486355bf6d8da1e0cdfa29

SHA512
d1febc3d53a344b4e6ec38dab2cc8de30fe4a59b06bd9c60307163da84a2573a5c21bd05bf66f1499d93e3c48836b8a94a3c0d919c0c0f10b8b16dd1b7c9ea62

Download Submit
C:\Windows\system\xTagmSz.exe

Filesize
6.0MB

MD5
e5bb0e04ea42683f1a1ea95e1cbf2741

SHA1
ee11c4ef14b460cef1315ab7b6e0cce62d098d17

SHA256
926100955ea862c20b2522f34715a2a7fae38ee1d041374f9e03a0c94be7ec31

SHA512
1aa45ed52104e7e65f06e345b45272c4d4266504ec939bb392954ccf174e67b28c6b28c4dcc3072828d9f8b2c8fd94cecf4a5cd1aea88c7800ddb4d2a8e43530

Download Submit
C:\Windows\system\xrDImuw.exe

Filesize
6.0MB

MD5
e6ed46073f0aa7a22e1f2968e161252c

SHA1
0d3d625eeaaaee4b4bb61376f0b0dbf042fe2474

SHA256
be9255efce9c6bb4ba66ee9be65329a4d1120b5469ba48f9fc5dacc2d1886a08

SHA512
4f3afa6c2f5330cb10eb587e0f9657377d8f5726e152379056b0a7dfcc8862ee9c882998e6ff2cac67d35c7627783e279a12182c49c4b03adbc1b5cba04985d8

Download Submit
C:\Windows\system\yLtcIhc.exe

Filesize
6.0MB

MD5
d7d4557e998ea0b0eb5c7a894a22b22f

SHA1
4316268addb3c3a6ad4fba2858ee18da22f7c2af

SHA256
7a4f600cbfe9b03b779f3f07a6e4819daaad9039a14b2684d8c7875e2c445e08

SHA512
9745553c90fbe547ccf1f5a2be3c135bfd1806e7e3eedb44715827cce5ba0ede8402e52cebff66024b19256f672cf247ebb2932f036bf0dded4ed7e6427adb1e

Download Submit
\Windows\system\HCVvNom.exe

Filesize
6.0MB

MD5
12accad9658c940665cc05680f1333af

SHA1
5faeab6445b21c9b6785b830d4d94a5b182077c4

SHA256
c12a2c110166d9c6bcab472b1a82920e09cfc0d868b2ade364047e8f5c04ff13

SHA512
0f1ed2a2d4672652ebab86be42b9bdb730bb1cf57c1ac1af7a4392c127dd89f21cf4939be04de8c3ea66e3e2227d8f19e7ecf816ba14671abb2c7fb5903429b4

Download Submit
\Windows\system\MyRmddS.exe

Filesize
6.0MB

MD5
396a284b7b3ba10f147237baf1aab62c

SHA1
6e6e0891c536eea54d217f6eac5254d9d48dc485

SHA256
f6a4b92474a0449aec2da8347b69e66ff6c42e900734317604d5dd353d0676b9

SHA512
2a63d8bd6d833a7143b4ab45076aea0fef08ab58d8766c3b8e33dac4115c573d6960df03fd074f5dafb2adea7ae497cfcc3bc825f5150982cb6d0b893baaa1be

Download Submit
\Windows\system\Pxqzsvi.exe

Filesize
6.0MB

MD5
31c70c71748f12740ee234ff7ec9cda5

SHA1
9f64e03069ab1006ea9223259082e5f4f73a7591

SHA256
c796e7dbd1bb1c382824fe25483975036ce51cb574bbd7f9a14528ff2c0d8ff4

SHA512
0d79333cfbfee9872e29e9272e5759f447fde506ebdf291a51aaa271ada968e869074922382966dea44f60c04264c6f5bb9a4f1cc71a5c33fe97785b00227810

Download Submit
\Windows\system\XHBCQuP.exe

Filesize
6.0MB

MD5
d89d6c928bac96b3b054a9386adda2f7

SHA1
9f9168ac94febea44aca93fb9fe0c0678c3292eb

SHA256
24f9bc872e868b7d8c6d325afee0a24e5d09b62de8835d73a922d45a653b5785

SHA512
28819ddcb6221707d91cab2f81f0993540ea9536806b691b03d845c5ae3714a941aec560b33ffcbf2be16172d4cb385d962ef930f11268e7e7d62734a5cc5da5

Download Submit
\Windows\system\jtPiulA.exe

Filesize
6.0MB

MD5
1e97d74f99649bc329dff4f555fc644f

SHA1
4cbb1c8e801386d07ca3ce3d50c0b1a0636fdd90

SHA256
dfa192db9c2e38ce6548079f5088f9773389b472ce754b67424a5dd4c73216c9

SHA512
e824f3bacb525419425b7c87832bc87b46a05289a82a13f6e21e2d448a26afeb979a3fe18d3fd312c77d858cad3a59102a5787ebfa47ef599df0c2a9ae4c4372

Download Submit
\Windows\system\vBmOFgZ.exe

Filesize
6.0MB

MD5
0e1cbe9ca41838de3cb47398c01b47c4

SHA1
5488c7e46ac15dafab7fb51c434bf7415c855fee

SHA256
2d434e70de1665cb550389acc96e39b61d368c4c1dd52e74dcdb21c3a3ecddd8

SHA512
893a547e73879401bb8e6d69125a0fa41b3a6043a27e8cf6e739e89dc449f724ac9ae8d47eca5ca6368654945ceb6f69b0d41bc04473c78fd199834e8500c5a7

Download Submit
memory/296-738-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/296-91-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/296-3532-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1216-3418-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1216-18-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1468-3534-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1468-62-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1628-55-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-98-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-862-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-527-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-0-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1628-310-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1628-106-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1628-33-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-105-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-12-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-69-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-25-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-1369-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1628-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1628-44-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-83-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-46-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1628-77-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1652-14-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1652-3428-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1916-84-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-3530-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-528-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-78-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1924-3533-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2224-54-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2224-21-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3444-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2652-70-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3537-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-27-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-63-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3665-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3460-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2744-34-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3503-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2832-45-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2832-82-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2840-39-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3498-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-76-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3485-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-56-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-99-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3573-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download