cobaltstrike | b81928c6607b7576cff0f8bd421c449cb02a61afe616265943741cf8df16cec4

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/01/2025, 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

70e8158758100c17e501687c7b68ebd1
SHA1

1a98b4dd59595905e3372cb77055fed959adfa7a
SHA256

b81928c6607b7576cff0f8bd421c449cb02a61afe616265943741cf8df16cec4
SHA512

10768cf42cf6c01d63d334490bb63bc015a6c8e325c8fa8965d48e06c79a19dd6501f247a2a65dc432473fdfe634942d1f9ff89e3835fa4459c0108d44398b50
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUH:T+q56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0e-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d18-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d21-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d31-27.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d5e-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3a-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d42-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c9d-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-63.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1968-0-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000016d0e-8.dat	xmrig
behavioral1/files/0x0008000000016d18-15.dat	xmrig
behavioral1/files/0x0008000000016d21-23.dat	xmrig
behavioral1/memory/2052-21-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2312-20-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2520-17-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d31-27.dat	xmrig
behavioral1/memory/2824-42-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d5e-50.dat	xmrig
behavioral1/memory/1968-51-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2900-48-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d3a-41.dat	xmrig
behavioral1/files/0x0007000000016d42-46.dat	xmrig
behavioral1/memory/2188-39-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/3008-38-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2520-58-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/1572-59-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/1968-65-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/1900-66-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c9d-69.dat	xmrig
behavioral1/memory/2684-74-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ea-83.dat	xmrig
behavioral1/memory/1448-87-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0005000000018728-105.dat	xmrig
behavioral1/files/0x0005000000019350-142.dat	xmrig
behavioral1/memory/2664-370-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/1968-369-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/1448-421-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/1128-423-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/1388-425-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/1968-424-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-171.dat	xmrig
behavioral1/files/0x0005000000019431-167.dat	xmrig
behavioral1/files/0x0005000000019427-163.dat	xmrig
behavioral1/files/0x000500000001941e-159.dat	xmrig
behavioral1/files/0x00050000000193e1-156.dat	xmrig
behavioral1/files/0x00050000000193b4-155.dat	xmrig
behavioral1/files/0x0005000000019334-154.dat	xmrig
behavioral1/files/0x0005000000019261-152.dat	xmrig
behavioral1/files/0x0006000000019023-151.dat	xmrig
behavioral1/files/0x000500000001878f-150.dat	xmrig
behavioral1/files/0x00050000000187a5-121.dat	xmrig
behavioral1/files/0x0005000000018784-114.dat	xmrig
behavioral1/files/0x00050000000193c2-147.dat	xmrig
behavioral1/memory/1388-106-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x000500000001873d-102.dat	xmrig
behavioral1/files/0x00050000000186fd-96.dat	xmrig
behavioral1/files/0x0005000000019282-132.dat	xmrig
behavioral1/files/0x000500000001925e-124.dat	xmrig
behavioral1/memory/1968-110-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/1128-93-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ee-90.dat	xmrig
behavioral1/memory/2900-82-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2664-81-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/1968-80-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2824-79-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e4-77.dat	xmrig
behavioral1/memory/3008-71-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x0005000000018683-63.dat	xmrig
behavioral1/memory/2052-2877-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2312-2878-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2520-2879-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2052	CIXSxye.exe
2520	FPTByNY.exe
2312	PgnzdNY.exe
3008	VBQWzhD.exe
2188	BVoNCgI.exe
2824	LtawHip.exe
2900	BGJncFI.exe
1572	cVzaZEq.exe
1900	qtuaRNr.exe
2684	BYdSGMY.exe
2664	WXyqnng.exe
1448	hQqRach.exe
1128	QkWWAyD.exe
1388	SMjPwrJ.exe
2956	tbcCAWQ.exe
2028	YPakrmm.exe
2000	SwFnYLl.exe
2912	xYehpPU.exe
1196	ajgKLZj.exe
1408	PAWAQFA.exe
1668	OrTwYkg.exe
2296	VpxbgoA.exe
2924	JmqkctG.exe
2680	iTQxjfB.exe
3048	OUqtYnQ.exe
1772	JiQkOCz.exe
2500	WyMWghI.exe
556	Bqumbsb.exe
1404	egjifLL.exe
2124	NkBvBAd.exe
3020	cpsKxCH.exe
2024	aNatJeb.exe
2320	aIHOORw.exe
2504	JDavpMP.exe
1104	pKZhFDX.exe
2380	jNgXrjz.exe
1952	NVzDmle.exe
1944	BxKRmRM.exe
948	UTFPsTg.exe
1736	iLMfTgJ.exe
2968	VFzwoew.exe
1468	LcIEuSU.exe
1204	BmdTcGl.exe
1192	evhXZwH.exe
2140	yzzctJt.exe
1008	RdGMjam.exe
1580	FpXdASm.exe
2268	MnYgfWT.exe
656	hNzfBgh.exe
2212	lCgMjSz.exe
2952	swbvBJf.exe
756	gZWYdjl.exe
2076	KQaaGCP.exe
1296	cNHuUHb.exe
2104	sDOdvYu.exe
1256	KKkiRQb.exe
3000	hFDgKKR.exe
2280	UkMshtr.exe
1972	vnRLagU.exe
1528	pkWyaCJ.exe
1416	AzMxnuj.exe
868	SzvZiIp.exe
3044	IQpcEtM.exe
3032	juXisEh.exe

Loads dropped DLL 64 IoCs

pid	Process
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1968-0-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0008000000016d0e-8.dat	upx
behavioral1/files/0x0008000000016d18-15.dat	upx
behavioral1/files/0x0008000000016d21-23.dat	upx
behavioral1/memory/2052-21-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2312-20-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2520-17-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x0007000000016d31-27.dat	upx
behavioral1/memory/2824-42-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0009000000016d5e-50.dat	upx
behavioral1/memory/1968-51-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2900-48-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0007000000016d3a-41.dat	upx
behavioral1/files/0x0007000000016d42-46.dat	upx
behavioral1/memory/2188-39-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/3008-38-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2520-58-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/1572-59-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/1900-66-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0008000000016c9d-69.dat	upx
behavioral1/memory/2684-74-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x00050000000186ea-83.dat	upx
behavioral1/memory/1448-87-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0005000000018728-105.dat	upx
behavioral1/files/0x0005000000019350-142.dat	upx
behavioral1/memory/2664-370-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/1448-421-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/1128-423-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/1388-425-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x0005000000019441-171.dat	upx
behavioral1/files/0x0005000000019431-167.dat	upx
behavioral1/files/0x0005000000019427-163.dat	upx
behavioral1/files/0x000500000001941e-159.dat	upx
behavioral1/files/0x00050000000193e1-156.dat	upx
behavioral1/files/0x00050000000193b4-155.dat	upx
behavioral1/files/0x0005000000019334-154.dat	upx
behavioral1/files/0x0005000000019261-152.dat	upx
behavioral1/files/0x0006000000019023-151.dat	upx
behavioral1/files/0x000500000001878f-150.dat	upx
behavioral1/files/0x00050000000187a5-121.dat	upx
behavioral1/files/0x0005000000018784-114.dat	upx
behavioral1/files/0x00050000000193c2-147.dat	upx
behavioral1/memory/1388-106-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x000500000001873d-102.dat	upx
behavioral1/files/0x00050000000186fd-96.dat	upx
behavioral1/files/0x0005000000019282-132.dat	upx
behavioral1/files/0x000500000001925e-124.dat	upx
behavioral1/memory/1128-93-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x00050000000186ee-90.dat	upx
behavioral1/memory/2900-82-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2664-81-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2824-79-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x00050000000186e4-77.dat	upx
behavioral1/memory/3008-71-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x0005000000018683-63.dat	upx
behavioral1/memory/2052-2877-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2312-2878-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2520-2879-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2188-2892-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/3008-2893-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2900-2894-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/1900-3488-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1572-3489-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\GDaBQPH.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TkqjeFt.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iTQxjfB.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yaSRGfO.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwrGAwQ.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsoyQgq.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrZkAEc.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrInLJz.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTsGJub.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESNErKL.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFJDQNK.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDlnEni.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpxjFCn.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCjweLv.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDHzsVx.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXWjCWi.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCdHLBM.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jgfxkyv.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lujCsnF.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MvvDUYp.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAbXMHw.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcRABqu.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swtDYQi.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYCHKzq.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cprGTQP.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bryfEGH.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isgQcUK.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXyqnng.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnRLagU.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfDRkqd.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZqvuwK.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogSFLwC.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGdaNdo.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQaaGCP.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sDiIWtK.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgVmPxd.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOPTCsC.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzGjXls.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTjTEJs.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjhJyeF.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfqeHaZ.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQqRach.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyewZro.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeMNdSR.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLeXvfl.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmFojPt.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwbDGZc.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qeyhYKM.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBCNaRc.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLlbMhF.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZrUNgf.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Kdqfhcn.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkqtkcI.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsDwyvQ.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjCdrvv.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjUeThM.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZTDwFI.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvIZwWD.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbMbbKR.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBIzByW.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhGsAwo.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbpafIs.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnKLhel.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIMnwKX.exe	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2052	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2052	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2052	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1968 wrote to memory of 2520	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 2520	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 2520	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1968 wrote to memory of 2312	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2312	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2312	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1968 wrote to memory of 2188	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2188	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 2188	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1968 wrote to memory of 3008	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 3008	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 3008	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1968 wrote to memory of 2824	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2824	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2824	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1968 wrote to memory of 2900	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2900	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 2900	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1968 wrote to memory of 1572	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 1572	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 1572	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1968 wrote to memory of 1900	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 1900	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 1900	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1968 wrote to memory of 2684	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2684	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2684	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1968 wrote to memory of 2664	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 2664	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 2664	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1968 wrote to memory of 1448	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 1448	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 1448	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1968 wrote to memory of 1128	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 1128	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 1128	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1968 wrote to memory of 1388	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 1388	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 1388	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1968 wrote to memory of 2956	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 2956	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 2956	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1968 wrote to memory of 1196	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 1196	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 1196	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1968 wrote to memory of 2028	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 2028	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 2028	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1968 wrote to memory of 2924	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 2924	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 2924	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1968 wrote to memory of 2000	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2000	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2000	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1968 wrote to memory of 2680	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 2680	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 2680	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1968 wrote to memory of 2912	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 2912	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 2912	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1968 wrote to memory of 3048	1968	2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_70e8158758100c17e501687c7b68ebd1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\System\CIXSxye.exe
  C:\Windows\System\CIXSxye.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\FPTByNY.exe
  C:\Windows\System\FPTByNY.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\PgnzdNY.exe
  C:\Windows\System\PgnzdNY.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\BVoNCgI.exe
  C:\Windows\System\BVoNCgI.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\VBQWzhD.exe
  C:\Windows\System\VBQWzhD.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\LtawHip.exe
  C:\Windows\System\LtawHip.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\BGJncFI.exe
  C:\Windows\System\BGJncFI.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\cVzaZEq.exe
  C:\Windows\System\cVzaZEq.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\qtuaRNr.exe
  C:\Windows\System\qtuaRNr.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\BYdSGMY.exe
  C:\Windows\System\BYdSGMY.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\WXyqnng.exe
  C:\Windows\System\WXyqnng.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\hQqRach.exe
  C:\Windows\System\hQqRach.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\QkWWAyD.exe
  C:\Windows\System\QkWWAyD.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\SMjPwrJ.exe
  C:\Windows\System\SMjPwrJ.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\tbcCAWQ.exe
  C:\Windows\System\tbcCAWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\ajgKLZj.exe
  C:\Windows\System\ajgKLZj.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\YPakrmm.exe
  C:\Windows\System\YPakrmm.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\JmqkctG.exe
  C:\Windows\System\JmqkctG.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\SwFnYLl.exe
  C:\Windows\System\SwFnYLl.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\iTQxjfB.exe
  C:\Windows\System\iTQxjfB.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\xYehpPU.exe
  C:\Windows\System\xYehpPU.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\OUqtYnQ.exe
  C:\Windows\System\OUqtYnQ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\PAWAQFA.exe
  C:\Windows\System\PAWAQFA.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\JiQkOCz.exe
  C:\Windows\System\JiQkOCz.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\OrTwYkg.exe
  C:\Windows\System\OrTwYkg.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\WyMWghI.exe
  C:\Windows\System\WyMWghI.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\VpxbgoA.exe
  C:\Windows\System\VpxbgoA.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\Bqumbsb.exe
  C:\Windows\System\Bqumbsb.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\egjifLL.exe
  C:\Windows\System\egjifLL.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\NkBvBAd.exe
  C:\Windows\System\NkBvBAd.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\cpsKxCH.exe
  C:\Windows\System\cpsKxCH.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\aNatJeb.exe
  C:\Windows\System\aNatJeb.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\aIHOORw.exe
  C:\Windows\System\aIHOORw.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\JDavpMP.exe
  C:\Windows\System\JDavpMP.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\pKZhFDX.exe
  C:\Windows\System\pKZhFDX.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\jNgXrjz.exe
  C:\Windows\System\jNgXrjz.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\NVzDmle.exe
  C:\Windows\System\NVzDmle.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\BxKRmRM.exe
  C:\Windows\System\BxKRmRM.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\UTFPsTg.exe
  C:\Windows\System\UTFPsTg.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\VFzwoew.exe
  C:\Windows\System\VFzwoew.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\iLMfTgJ.exe
  C:\Windows\System\iLMfTgJ.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\LcIEuSU.exe
  C:\Windows\System\LcIEuSU.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\BmdTcGl.exe
  C:\Windows\System\BmdTcGl.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\evhXZwH.exe
  C:\Windows\System\evhXZwH.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\yzzctJt.exe
  C:\Windows\System\yzzctJt.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\RdGMjam.exe
  C:\Windows\System\RdGMjam.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\FpXdASm.exe
  C:\Windows\System\FpXdASm.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\hNzfBgh.exe
  C:\Windows\System\hNzfBgh.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\MnYgfWT.exe
  C:\Windows\System\MnYgfWT.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\lCgMjSz.exe
  C:\Windows\System\lCgMjSz.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\swbvBJf.exe
  C:\Windows\System\swbvBJf.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\gZWYdjl.exe
  C:\Windows\System\gZWYdjl.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\KQaaGCP.exe
  C:\Windows\System\KQaaGCP.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\cNHuUHb.exe
  C:\Windows\System\cNHuUHb.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\sDOdvYu.exe
  C:\Windows\System\sDOdvYu.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\KKkiRQb.exe
  C:\Windows\System\KKkiRQb.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\hFDgKKR.exe
  C:\Windows\System\hFDgKKR.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\UkMshtr.exe
  C:\Windows\System\UkMshtr.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\vnRLagU.exe
  C:\Windows\System\vnRLagU.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\pkWyaCJ.exe
  C:\Windows\System\pkWyaCJ.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\AzMxnuj.exe
  C:\Windows\System\AzMxnuj.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\SzvZiIp.exe
  C:\Windows\System\SzvZiIp.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\IQpcEtM.exe
  C:\Windows\System\IQpcEtM.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\juXisEh.exe
  C:\Windows\System\juXisEh.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\LCUzPdd.exe
  C:\Windows\System\LCUzPdd.exe
  2⤵
  PID:1492
- C:\Windows\System\ToaldOy.exe
  C:\Windows\System\ToaldOy.exe
  2⤵
  PID:1628
- C:\Windows\System\LqDjTly.exe
  C:\Windows\System\LqDjTly.exe
  2⤵
  PID:1012
- C:\Windows\System\gwkSefP.exe
  C:\Windows\System\gwkSefP.exe
  2⤵
  PID:2356
- C:\Windows\System\ROiiZsw.exe
  C:\Windows\System\ROiiZsw.exe
  2⤵
  PID:2852
- C:\Windows\System\bfZiaSE.exe
  C:\Windows\System\bfZiaSE.exe
  2⤵
  PID:2896
- C:\Windows\System\irYTwhz.exe
  C:\Windows\System\irYTwhz.exe
  2⤵
  PID:2864
- C:\Windows\System\hxSSTqR.exe
  C:\Windows\System\hxSSTqR.exe
  2⤵
  PID:1332
- C:\Windows\System\nNGmvmo.exe
  C:\Windows\System\nNGmvmo.exe
  2⤵
  PID:2608
- C:\Windows\System\XWRewJa.exe
  C:\Windows\System\XWRewJa.exe
  2⤵
  PID:2624
- C:\Windows\System\TekiWbf.exe
  C:\Windows\System\TekiWbf.exe
  2⤵
  PID:2656
- C:\Windows\System\tQjkkor.exe
  C:\Windows\System\tQjkkor.exe
  2⤵
  PID:620
- C:\Windows\System\gjNVbYo.exe
  C:\Windows\System\gjNVbYo.exe
  2⤵
  PID:2672
- C:\Windows\System\ZLlbHgJ.exe
  C:\Windows\System\ZLlbHgJ.exe
  2⤵
  PID:1704
- C:\Windows\System\PXUqeJO.exe
  C:\Windows\System\PXUqeJO.exe
  2⤵
  PID:2792
- C:\Windows\System\TaogUUF.exe
  C:\Windows\System\TaogUUF.exe
  2⤵
  PID:2088
- C:\Windows\System\SogoHYm.exe
  C:\Windows\System\SogoHYm.exe
  2⤵
  PID:2368
- C:\Windows\System\JaFUJKf.exe
  C:\Windows\System\JaFUJKf.exe
  2⤵
  PID:1788
- C:\Windows\System\yHUlKOD.exe
  C:\Windows\System\yHUlKOD.exe
  2⤵
  PID:1812
- C:\Windows\System\cQOZPqk.exe
  C:\Windows\System\cQOZPqk.exe
  2⤵
  PID:2352
- C:\Windows\System\OGbkkZr.exe
  C:\Windows\System\OGbkkZr.exe
  2⤵
  PID:1184
- C:\Windows\System\ICeBiGU.exe
  C:\Windows\System\ICeBiGU.exe
  2⤵
  PID:1684
- C:\Windows\System\SpjzvEJ.exe
  C:\Windows\System\SpjzvEJ.exe
  2⤵
  PID:824
- C:\Windows\System\EzUQSuP.exe
  C:\Windows\System\EzUQSuP.exe
  2⤵
  PID:1420
- C:\Windows\System\swtDYQi.exe
  C:\Windows\System\swtDYQi.exe
  2⤵
  PID:1308
- C:\Windows\System\rfifuwV.exe
  C:\Windows\System\rfifuwV.exe
  2⤵
  PID:2596
- C:\Windows\System\sDiIWtK.exe
  C:\Windows\System\sDiIWtK.exe
  2⤵
  PID:2592
- C:\Windows\System\jrLoLDI.exe
  C:\Windows\System\jrLoLDI.exe
  2⤵
  PID:1604
- C:\Windows\System\kSzpbuC.exe
  C:\Windows\System\kSzpbuC.exe
  2⤵
  PID:1928
- C:\Windows\System\KDoaGID.exe
  C:\Windows\System\KDoaGID.exe
  2⤵
  PID:1620
- C:\Windows\System\ElhMtjy.exe
  C:\Windows\System\ElhMtjy.exe
  2⤵
  PID:2348
- C:\Windows\System\YgGGsay.exe
  C:\Windows\System\YgGGsay.exe
  2⤵
  PID:2080
- C:\Windows\System\srIWVnL.exe
  C:\Windows\System\srIWVnL.exe
  2⤵
  PID:2508
- C:\Windows\System\hTxGiAT.exe
  C:\Windows\System\hTxGiAT.exe
  2⤵
  PID:2720
- C:\Windows\System\SLZNdje.exe
  C:\Windows\System\SLZNdje.exe
  2⤵
  PID:600
- C:\Windows\System\SivKhJX.exe
  C:\Windows\System\SivKhJX.exe
  2⤵
  PID:1616
- C:\Windows\System\xajodRS.exe
  C:\Windows\System\xajodRS.exe
  2⤵
  PID:1552
- C:\Windows\System\SMkJLFY.exe
  C:\Windows\System\SMkJLFY.exe
  2⤵
  PID:1644
- C:\Windows\System\AMxfwLN.exe
  C:\Windows\System\AMxfwLN.exe
  2⤵
  PID:2308
- C:\Windows\System\MUyKVIk.exe
  C:\Windows\System\MUyKVIk.exe
  2⤵
  PID:1804
- C:\Windows\System\tOlsQOM.exe
  C:\Windows\System\tOlsQOM.exe
  2⤵
  PID:2736
- C:\Windows\System\NrPtZMO.exe
  C:\Windows\System\NrPtZMO.exe
  2⤵
  PID:2960
- C:\Windows\System\VhjgUzH.exe
  C:\Windows\System\VhjgUzH.exe
  2⤵
  PID:2724
- C:\Windows\System\MzjOqsf.exe
  C:\Windows\System\MzjOqsf.exe
  2⤵
  PID:2184
- C:\Windows\System\QxjaiGg.exe
  C:\Windows\System\QxjaiGg.exe
  2⤵
  PID:2936
- C:\Windows\System\uMUARTZ.exe
  C:\Windows\System\uMUARTZ.exe
  2⤵
  PID:1348
- C:\Windows\System\QDLrzfU.exe
  C:\Windows\System\QDLrzfU.exe
  2⤵
  PID:1568
- C:\Windows\System\GkldXif.exe
  C:\Windows\System\GkldXif.exe
  2⤵
  PID:2176
- C:\Windows\System\PuBShmT.exe
  C:\Windows\System\PuBShmT.exe
  2⤵
  PID:2568
- C:\Windows\System\XsIbGAt.exe
  C:\Windows\System\XsIbGAt.exe
  2⤵
  PID:1172
- C:\Windows\System\iJTVaIZ.exe
  C:\Windows\System\iJTVaIZ.exe
  2⤵
  PID:1460
- C:\Windows\System\TjUeThM.exe
  C:\Windows\System\TjUeThM.exe
  2⤵
  PID:872
- C:\Windows\System\TWanOas.exe
  C:\Windows\System\TWanOas.exe
  2⤵
  PID:3076
- C:\Windows\System\jcCArlw.exe
  C:\Windows\System\jcCArlw.exe
  2⤵
  PID:3092
- C:\Windows\System\KsATCHd.exe
  C:\Windows\System\KsATCHd.exe
  2⤵
  PID:3108
- C:\Windows\System\bCUyYPA.exe
  C:\Windows\System\bCUyYPA.exe
  2⤵
  PID:3124
- C:\Windows\System\fYCHKzq.exe
  C:\Windows\System\fYCHKzq.exe
  2⤵
  PID:3140
- C:\Windows\System\RKIyHWX.exe
  C:\Windows\System\RKIyHWX.exe
  2⤵
  PID:3156
- C:\Windows\System\HRAtRzR.exe
  C:\Windows\System\HRAtRzR.exe
  2⤵
  PID:3172
- C:\Windows\System\SdlQqOo.exe
  C:\Windows\System\SdlQqOo.exe
  2⤵
  PID:3192
- C:\Windows\System\AgkTfoA.exe
  C:\Windows\System\AgkTfoA.exe
  2⤵
  PID:3208
- C:\Windows\System\SinbrAp.exe
  C:\Windows\System\SinbrAp.exe
  2⤵
  PID:3224
- C:\Windows\System\AKhlWFc.exe
  C:\Windows\System\AKhlWFc.exe
  2⤵
  PID:3240
- C:\Windows\System\sekoUqT.exe
  C:\Windows\System\sekoUqT.exe
  2⤵
  PID:3256
- C:\Windows\System\tfDRkqd.exe
  C:\Windows\System\tfDRkqd.exe
  2⤵
  PID:3272
- C:\Windows\System\FmNDwiY.exe
  C:\Windows\System\FmNDwiY.exe
  2⤵
  PID:3292
- C:\Windows\System\uFrGSka.exe
  C:\Windows\System\uFrGSka.exe
  2⤵
  PID:3628
- C:\Windows\System\RfaKaHM.exe
  C:\Windows\System\RfaKaHM.exe
  2⤵
  PID:3692
- C:\Windows\System\gPQAsCU.exe
  C:\Windows\System\gPQAsCU.exe
  2⤵
  PID:3716
- C:\Windows\System\loHEegc.exe
  C:\Windows\System\loHEegc.exe
  2⤵
  PID:3744
- C:\Windows\System\pLhaASq.exe
  C:\Windows\System\pLhaASq.exe
  2⤵
  PID:3792
- C:\Windows\System\uydAeje.exe
  C:\Windows\System\uydAeje.exe
  2⤵
  PID:3808
- C:\Windows\System\pbFDwsx.exe
  C:\Windows\System\pbFDwsx.exe
  2⤵
  PID:3828
- C:\Windows\System\dpRUMhn.exe
  C:\Windows\System\dpRUMhn.exe
  2⤵
  PID:3852
- C:\Windows\System\fJksHGY.exe
  C:\Windows\System\fJksHGY.exe
  2⤵
  PID:3868
- C:\Windows\System\SMRLxFb.exe
  C:\Windows\System\SMRLxFb.exe
  2⤵
  PID:3888
- C:\Windows\System\wgVmPxd.exe
  C:\Windows\System\wgVmPxd.exe
  2⤵
  PID:3908
- C:\Windows\System\hRpPNpx.exe
  C:\Windows\System\hRpPNpx.exe
  2⤵
  PID:3924
- C:\Windows\System\YDHzsVx.exe
  C:\Windows\System\YDHzsVx.exe
  2⤵
  PID:3940
- C:\Windows\System\HNQjfbu.exe
  C:\Windows\System\HNQjfbu.exe
  2⤵
  PID:3964
- C:\Windows\System\KlQXWAT.exe
  C:\Windows\System\KlQXWAT.exe
  2⤵
  PID:3980
- C:\Windows\System\VOyjbjK.exe
  C:\Windows\System\VOyjbjK.exe
  2⤵
  PID:4000
- C:\Windows\System\NeoCGIP.exe
  C:\Windows\System\NeoCGIP.exe
  2⤵
  PID:4024
- C:\Windows\System\konianH.exe
  C:\Windows\System\konianH.exe
  2⤵
  PID:4044
- C:\Windows\System\SZFSprz.exe
  C:\Windows\System\SZFSprz.exe
  2⤵
  PID:4068
- C:\Windows\System\EDYZDyO.exe
  C:\Windows\System\EDYZDyO.exe
  2⤵
  PID:4084
- C:\Windows\System\HnCxeFP.exe
  C:\Windows\System\HnCxeFP.exe
  2⤵
  PID:1612
- C:\Windows\System\XzgPfkW.exe
  C:\Windows\System\XzgPfkW.exe
  2⤵
  PID:564
- C:\Windows\System\lLlbMhF.exe
  C:\Windows\System\lLlbMhF.exe
  2⤵
  PID:3056
- C:\Windows\System\TFBPpil.exe
  C:\Windows\System\TFBPpil.exe
  2⤵
  PID:876
- C:\Windows\System\TqowuyC.exe
  C:\Windows\System\TqowuyC.exe
  2⤵
  PID:2904
- C:\Windows\System\HHUOnrx.exe
  C:\Windows\System\HHUOnrx.exe
  2⤵
  PID:2136
- C:\Windows\System\GRwbGro.exe
  C:\Windows\System\GRwbGro.exe
  2⤵
  PID:580
- C:\Windows\System\ZCVFzlC.exe
  C:\Windows\System\ZCVFzlC.exe
  2⤵
  PID:1472
- C:\Windows\System\plkSEVW.exe
  C:\Windows\System\plkSEVW.exe
  2⤵
  PID:3116
- C:\Windows\System\hpahsYn.exe
  C:\Windows\System\hpahsYn.exe
  2⤵
  PID:2992
- C:\Windows\System\XyHNsLP.exe
  C:\Windows\System\XyHNsLP.exe
  2⤵
  PID:752
- C:\Windows\System\dnxzMgS.exe
  C:\Windows\System\dnxzMgS.exe
  2⤵
  PID:3120
- C:\Windows\System\bdiqHOI.exe
  C:\Windows\System\bdiqHOI.exe
  2⤵
  PID:3180
- C:\Windows\System\byRIPoI.exe
  C:\Windows\System\byRIPoI.exe
  2⤵
  PID:3248
- C:\Windows\System\cUPrZBq.exe
  C:\Windows\System\cUPrZBq.exe
  2⤵
  PID:3104
- C:\Windows\System\xLitopF.exe
  C:\Windows\System\xLitopF.exe
  2⤵
  PID:3168
- C:\Windows\System\hAUaUpf.exe
  C:\Windows\System\hAUaUpf.exe
  2⤵
  PID:3236
- C:\Windows\System\vXqErBz.exe
  C:\Windows\System\vXqErBz.exe
  2⤵
  PID:3288
- C:\Windows\System\GcNAxwX.exe
  C:\Windows\System\GcNAxwX.exe
  2⤵
  PID:3308
- C:\Windows\System\WKxUJuG.exe
  C:\Windows\System\WKxUJuG.exe
  2⤵
  PID:3324
- C:\Windows\System\BiYftkY.exe
  C:\Windows\System\BiYftkY.exe
  2⤵
  PID:3340
- C:\Windows\System\QOToXVB.exe
  C:\Windows\System\QOToXVB.exe
  2⤵
  PID:3356
- C:\Windows\System\lwfNVvi.exe
  C:\Windows\System\lwfNVvi.exe
  2⤵
  PID:3372
- C:\Windows\System\yVxkyqb.exe
  C:\Windows\System\yVxkyqb.exe
  2⤵
  PID:3388
- C:\Windows\System\txtFPqP.exe
  C:\Windows\System\txtFPqP.exe
  2⤵
  PID:3404
- C:\Windows\System\SYvmmCW.exe
  C:\Windows\System\SYvmmCW.exe
  2⤵
  PID:3420
- C:\Windows\System\ThhomkQ.exe
  C:\Windows\System\ThhomkQ.exe
  2⤵
  PID:3436
- C:\Windows\System\FvpUbkR.exe
  C:\Windows\System\FvpUbkR.exe
  2⤵
  PID:3452
- C:\Windows\System\ebLxIST.exe
  C:\Windows\System\ebLxIST.exe
  2⤵
  PID:3468
- C:\Windows\System\oVsVFkw.exe
  C:\Windows\System\oVsVFkw.exe
  2⤵
  PID:3484
- C:\Windows\System\LJGSfRQ.exe
  C:\Windows\System\LJGSfRQ.exe
  2⤵
  PID:3500
- C:\Windows\System\LvMuirq.exe
  C:\Windows\System\LvMuirq.exe
  2⤵
  PID:2428
- C:\Windows\System\eNAqIgp.exe
  C:\Windows\System\eNAqIgp.exe
  2⤵
  PID:2260
- C:\Windows\System\fcRAUkR.exe
  C:\Windows\System\fcRAUkR.exe
  2⤵
  PID:2772
- C:\Windows\System\mjEztEj.exe
  C:\Windows\System\mjEztEj.exe
  2⤵
  PID:3520
- C:\Windows\System\lFNyjRm.exe
  C:\Windows\System\lFNyjRm.exe
  2⤵
  PID:2676
- C:\Windows\System\KtYyaCN.exe
  C:\Windows\System\KtYyaCN.exe
  2⤵
  PID:2116
- C:\Windows\System\BRLSCjv.exe
  C:\Windows\System\BRLSCjv.exe
  2⤵
  PID:980
- C:\Windows\System\HdiYMdT.exe
  C:\Windows\System\HdiYMdT.exe
  2⤵
  PID:308
- C:\Windows\System\YkmiDCe.exe
  C:\Windows\System\YkmiDCe.exe
  2⤵
  PID:1244
- C:\Windows\System\jLoJfeY.exe
  C:\Windows\System\jLoJfeY.exe
  2⤵
  PID:1808
- C:\Windows\System\BLDsleb.exe
  C:\Windows\System\BLDsleb.exe
  2⤵
  PID:3300
- C:\Windows\System\djVbtQd.exe
  C:\Windows\System\djVbtQd.exe
  2⤵
  PID:3516
- C:\Windows\System\mipTqNY.exe
  C:\Windows\System\mipTqNY.exe
  2⤵
  PID:3556
- C:\Windows\System\hBhvuLO.exe
  C:\Windows\System\hBhvuLO.exe
  2⤵
  PID:2876
- C:\Windows\System\vUHfFRB.exe
  C:\Windows\System\vUHfFRB.exe
  2⤵
  PID:2532
- C:\Windows\System\USiBiPX.exe
  C:\Windows\System\USiBiPX.exe
  2⤵
  PID:2484
- C:\Windows\System\lxkWoDh.exe
  C:\Windows\System\lxkWoDh.exe
  2⤵
  PID:2744
- C:\Windows\System\xfyOkIO.exe
  C:\Windows\System\xfyOkIO.exe
  2⤵
  PID:2008
- C:\Windows\System\bndUnEe.exe
  C:\Windows\System\bndUnEe.exe
  2⤵
  PID:3568
- C:\Windows\System\sJeIoDm.exe
  C:\Windows\System\sJeIoDm.exe
  2⤵
  PID:684
- C:\Windows\System\CZrUNgf.exe
  C:\Windows\System\CZrUNgf.exe
  2⤵
  PID:3648
- C:\Windows\System\LWUshAg.exe
  C:\Windows\System\LWUshAg.exe
  2⤵
  PID:3572
- C:\Windows\System\lffelKK.exe
  C:\Windows\System\lffelKK.exe
  2⤵
  PID:3620
- C:\Windows\System\gmlpAML.exe
  C:\Windows\System\gmlpAML.exe
  2⤵
  PID:3656
- C:\Windows\System\zOPTCsC.exe
  C:\Windows\System\zOPTCsC.exe
  2⤵
  PID:2156
- C:\Windows\System\NeATNWA.exe
  C:\Windows\System\NeATNWA.exe
  2⤵
  PID:352
- C:\Windows\System\GBYpUCR.exe
  C:\Windows\System\GBYpUCR.exe
  2⤵
  PID:3676
- C:\Windows\System\nhDXYgI.exe
  C:\Windows\System\nhDXYgI.exe
  2⤵
  PID:3728
- C:\Windows\System\ocrXHHg.exe
  C:\Windows\System\ocrXHHg.exe
  2⤵
  PID:3712
- C:\Windows\System\DPIKrJB.exe
  C:\Windows\System\DPIKrJB.exe
  2⤵
  PID:3740
- C:\Windows\System\ajHjypb.exe
  C:\Windows\System\ajHjypb.exe
  2⤵
  PID:3756
- C:\Windows\System\ackOUsH.exe
  C:\Windows\System\ackOUsH.exe
  2⤵
  PID:3764
- C:\Windows\System\BTJZgbk.exe
  C:\Windows\System\BTJZgbk.exe
  2⤵
  PID:3776
- C:\Windows\System\CjYAZyB.exe
  C:\Windows\System\CjYAZyB.exe
  2⤵
  PID:3804
- C:\Windows\System\FvJkDNY.exe
  C:\Windows\System\FvJkDNY.exe
  2⤵
  PID:2700
- C:\Windows\System\HmUvPEl.exe
  C:\Windows\System\HmUvPEl.exe
  2⤵
  PID:1988
- C:\Windows\System\jJIgKHL.exe
  C:\Windows\System\jJIgKHL.exe
  2⤵
  PID:644
- C:\Windows\System\OySJcyJ.exe
  C:\Windows\System\OySJcyJ.exe
  2⤵
  PID:2020
- C:\Windows\System\MrzcuQL.exe
  C:\Windows\System\MrzcuQL.exe
  2⤵
  PID:3900
- C:\Windows\System\zNWKaEs.exe
  C:\Windows\System\zNWKaEs.exe
  2⤵
  PID:3972
- C:\Windows\System\iIFoPLh.exe
  C:\Windows\System\iIFoPLh.exe
  2⤵
  PID:4020
- C:\Windows\System\NcLdbkT.exe
  C:\Windows\System\NcLdbkT.exe
  2⤵
  PID:4056
- C:\Windows\System\NOfWCWv.exe
  C:\Windows\System\NOfWCWv.exe
  2⤵
  PID:2440
- C:\Windows\System\cHoFvHP.exe
  C:\Windows\System\cHoFvHP.exe
  2⤵
  PID:2072
- C:\Windows\System\AZZGRuz.exe
  C:\Windows\System\AZZGRuz.exe
  2⤵
  PID:1512
- C:\Windows\System\TEkWXkM.exe
  C:\Windows\System\TEkWXkM.exe
  2⤵
  PID:2444
- C:\Windows\System\axVHAUx.exe
  C:\Windows\System\axVHAUx.exe
  2⤵
  PID:3848
- C:\Windows\System\TEshTcY.exe
  C:\Windows\System\TEshTcY.exe
  2⤵
  PID:3916
- C:\Windows\System\SNFxlnO.exe
  C:\Windows\System\SNFxlnO.exe
  2⤵
  PID:3956
- C:\Windows\System\griqLUB.exe
  C:\Windows\System\griqLUB.exe
  2⤵
  PID:3996
- C:\Windows\System\pzGjXls.exe
  C:\Windows\System\pzGjXls.exe
  2⤵
  PID:3060
- C:\Windows\System\EaoJZkn.exe
  C:\Windows\System\EaoJZkn.exe
  2⤵
  PID:2472
- C:\Windows\System\zHJZcTB.exe
  C:\Windows\System\zHJZcTB.exe
  2⤵
  PID:3040
- C:\Windows\System\BvTAknk.exe
  C:\Windows\System\BvTAknk.exe
  2⤵
  PID:2180
- C:\Windows\System\SRqgbEP.exe
  C:\Windows\System\SRqgbEP.exe
  2⤵
  PID:444
- C:\Windows\System\DBIzByW.exe
  C:\Windows\System\DBIzByW.exe
  2⤵
  PID:3188
- C:\Windows\System\rqdgItv.exe
  C:\Windows\System\rqdgItv.exe
  2⤵
  PID:3332
- C:\Windows\System\oBOsiVL.exe
  C:\Windows\System\oBOsiVL.exe
  2⤵
  PID:3428
- C:\Windows\System\txmpzyh.exe
  C:\Windows\System\txmpzyh.exe
  2⤵
  PID:3492
- C:\Windows\System\aWHKWPW.exe
  C:\Windows\System\aWHKWPW.exe
  2⤵
  PID:2872
- C:\Windows\System\azyYGkI.exe
  C:\Windows\System\azyYGkI.exe
  2⤵
  PID:3544
- C:\Windows\System\zuQPIWL.exe
  C:\Windows\System\zuQPIWL.exe
  2⤵
  PID:3552
- C:\Windows\System\OCXYSxN.exe
  C:\Windows\System\OCXYSxN.exe
  2⤵
  PID:3380
- C:\Windows\System\rKbXfIf.exe
  C:\Windows\System\rKbXfIf.exe
  2⤵
  PID:3320
- C:\Windows\System\hJsMhvg.exe
  C:\Windows\System\hJsMhvg.exe
  2⤵
  PID:3416
- C:\Windows\System\ExYxDqu.exe
  C:\Windows\System\ExYxDqu.exe
  2⤵
  PID:3480
- C:\Windows\System\YTivzpH.exe
  C:\Windows\System\YTivzpH.exe
  2⤵
  PID:2648
- C:\Windows\System\zFwHRTx.exe
  C:\Windows\System\zFwHRTx.exe
  2⤵
  PID:2564
- C:\Windows\System\JRHxdcb.exe
  C:\Windows\System\JRHxdcb.exe
  2⤵
  PID:1712
- C:\Windows\System\EptFIHH.exe
  C:\Windows\System\EptFIHH.exe
  2⤵
  PID:2880
- C:\Windows\System\xwcwRQY.exe
  C:\Windows\System\xwcwRQY.exe
  2⤵
  PID:2420
- C:\Windows\System\CwsKLNB.exe
  C:\Windows\System\CwsKLNB.exe
  2⤵
  PID:996
- C:\Windows\System\LZjhcBw.exe
  C:\Windows\System\LZjhcBw.exe
  2⤵
  PID:2732
- C:\Windows\System\nUpWccN.exe
  C:\Windows\System\nUpWccN.exe
  2⤵
  PID:2108
- C:\Windows\System\pxSmkmi.exe
  C:\Windows\System\pxSmkmi.exe
  2⤵
  PID:3672
- C:\Windows\System\vqKRBkW.exe
  C:\Windows\System\vqKRBkW.exe
  2⤵
  PID:3600
- C:\Windows\System\bqZFtnb.exe
  C:\Windows\System\bqZFtnb.exe
  2⤵
  PID:3664
- C:\Windows\System\bLzdJgD.exe
  C:\Windows\System\bLzdJgD.exe
  2⤵
  PID:1892
- C:\Windows\System\KBLwEoq.exe
  C:\Windows\System\KBLwEoq.exe
  2⤵
  PID:3724
- C:\Windows\System\buinknQ.exe
  C:\Windows\System\buinknQ.exe
  2⤵
  PID:1792
- C:\Windows\System\HErZnPn.exe
  C:\Windows\System\HErZnPn.exe
  2⤵
  PID:2132
- C:\Windows\System\PNRqvXT.exe
  C:\Windows\System\PNRqvXT.exe
  2⤵
  PID:2372
- C:\Windows\System\LfZvKAt.exe
  C:\Windows\System\LfZvKAt.exe
  2⤵
  PID:4016
- C:\Windows\System\uaiIMDY.exe
  C:\Windows\System\uaiIMDY.exe
  2⤵
  PID:3836
- C:\Windows\System\TzcyQiN.exe
  C:\Windows\System\TzcyQiN.exe
  2⤵
  PID:2436
- C:\Windows\System\TQNPNhn.exe
  C:\Windows\System\TQNPNhn.exe
  2⤵
  PID:2168
- C:\Windows\System\WwrhdRv.exe
  C:\Windows\System\WwrhdRv.exe
  2⤵
  PID:3152
- C:\Windows\System\rZqazgl.exe
  C:\Windows\System\rZqazgl.exe
  2⤵
  PID:4040
- C:\Windows\System\TuEHrMg.exe
  C:\Windows\System\TuEHrMg.exe
  2⤵
  PID:2084
- C:\Windows\System\RJQwOcY.exe
  C:\Windows\System\RJQwOcY.exe
  2⤵
  PID:4076
- C:\Windows\System\yaSRGfO.exe
  C:\Windows\System\yaSRGfO.exe
  2⤵
  PID:3232
- C:\Windows\System\uMFTPSa.exe
  C:\Windows\System\uMFTPSa.exe
  2⤵
  PID:3460
- C:\Windows\System\fysiYKE.exe
  C:\Windows\System\fysiYKE.exe
  2⤵
  PID:3884
- C:\Windows\System\ZFpLtBb.exe
  C:\Windows\System\ZFpLtBb.exe
  2⤵
  PID:3352
- C:\Windows\System\FqVctII.exe
  C:\Windows\System\FqVctII.exe
  2⤵
  PID:2820
- C:\Windows\System\mdwggQJ.exe
  C:\Windows\System\mdwggQJ.exe
  2⤵
  PID:3284
- C:\Windows\System\TDJSUCu.exe
  C:\Windows\System\TDJSUCu.exe
  2⤵
  PID:3540
- C:\Windows\System\PeYDXRs.exe
  C:\Windows\System\PeYDXRs.exe
  2⤵
  PID:2668
- C:\Windows\System\Dgvnods.exe
  C:\Windows\System\Dgvnods.exe
  2⤵
  PID:2536
- C:\Windows\System\aHqDmbV.exe
  C:\Windows\System\aHqDmbV.exe
  2⤵
  PID:3588
- C:\Windows\System\fNwoInQ.exe
  C:\Windows\System\fNwoInQ.exe
  2⤵
  PID:3644
- C:\Windows\System\pbFhXlO.exe
  C:\Windows\System\pbFhXlO.exe
  2⤵
  PID:3780
- C:\Windows\System\vxxqSPa.exe
  C:\Windows\System\vxxqSPa.exe
  2⤵
  PID:484
- C:\Windows\System\onYoHMX.exe
  C:\Windows\System\onYoHMX.exe
  2⤵
  PID:2932
- C:\Windows\System\EpMjQKx.exe
  C:\Windows\System\EpMjQKx.exe
  2⤵
  PID:628
- C:\Windows\System\VOLoOEU.exe
  C:\Windows\System\VOLoOEU.exe
  2⤵
  PID:2892
- C:\Windows\System\RlQZdoZ.exe
  C:\Windows\System\RlQZdoZ.exe
  2⤵
  PID:3732
- C:\Windows\System\fAMhdRV.exe
  C:\Windows\System\fAMhdRV.exe
  2⤵
  PID:3448
- C:\Windows\System\bYGHfEX.exe
  C:\Windows\System\bYGHfEX.exe
  2⤵
  PID:2780
- C:\Windows\System\IQGgQtX.exe
  C:\Windows\System\IQGgQtX.exe
  2⤵
  PID:1832
- C:\Windows\System\PTYyFhb.exe
  C:\Windows\System\PTYyFhb.exe
  2⤵
  PID:3988
- C:\Windows\System\eAKcCmV.exe
  C:\Windows\System\eAKcCmV.exe
  2⤵
  PID:3952
- C:\Windows\System\EGMxRZX.exe
  C:\Windows\System\EGMxRZX.exe
  2⤵
  PID:3136
- C:\Windows\System\ZZeaGXk.exe
  C:\Windows\System\ZZeaGXk.exe
  2⤵
  PID:2916
- C:\Windows\System\nxCAEAQ.exe
  C:\Windows\System\nxCAEAQ.exe
  2⤵
  PID:3936
- C:\Windows\System\QGhSFgT.exe
  C:\Windows\System\QGhSFgT.exe
  2⤵
  PID:3528
- C:\Windows\System\oxpoIja.exe
  C:\Windows\System\oxpoIja.exe
  2⤵
  PID:3880
- C:\Windows\System\ExCbRyC.exe
  C:\Windows\System\ExCbRyC.exe
  2⤵
  PID:2868
- C:\Windows\System\NiTXzHS.exe
  C:\Windows\System\NiTXzHS.exe
  2⤵
  PID:3584
- C:\Windows\System\QvpsDlp.exe
  C:\Windows\System\QvpsDlp.exe
  2⤵
  PID:1232
- C:\Windows\System\BdgAVWL.exe
  C:\Windows\System\BdgAVWL.exe
  2⤵
  PID:2476
- C:\Windows\System\cVJLMKs.exe
  C:\Windows\System\cVJLMKs.exe
  2⤵
  PID:3400
- C:\Windows\System\kPWFStd.exe
  C:\Windows\System\kPWFStd.exe
  2⤵
  PID:1540
- C:\Windows\System\qvskSbk.exe
  C:\Windows\System\qvskSbk.exe
  2⤵
  PID:3064
- C:\Windows\System\HAAemeS.exe
  C:\Windows\System\HAAemeS.exe
  2⤵
  PID:4108
- C:\Windows\System\vfVUGyu.exe
  C:\Windows\System\vfVUGyu.exe
  2⤵
  PID:4124
- C:\Windows\System\KeVTeei.exe
  C:\Windows\System\KeVTeei.exe
  2⤵
  PID:4140
- C:\Windows\System\fzxmsGY.exe
  C:\Windows\System\fzxmsGY.exe
  2⤵
  PID:4156
- C:\Windows\System\cprGTQP.exe
  C:\Windows\System\cprGTQP.exe
  2⤵
  PID:4172
- C:\Windows\System\DTWLglf.exe
  C:\Windows\System\DTWLglf.exe
  2⤵
  PID:4188
- C:\Windows\System\cfgdutV.exe
  C:\Windows\System\cfgdutV.exe
  2⤵
  PID:4204
- C:\Windows\System\RvTzgro.exe
  C:\Windows\System\RvTzgro.exe
  2⤵
  PID:4220
- C:\Windows\System\YKBOIuM.exe
  C:\Windows\System\YKBOIuM.exe
  2⤵
  PID:4236
- C:\Windows\System\HHqKcEP.exe
  C:\Windows\System\HHqKcEP.exe
  2⤵
  PID:4252
- C:\Windows\System\HefqMnt.exe
  C:\Windows\System\HefqMnt.exe
  2⤵
  PID:4268
- C:\Windows\System\JkynDwl.exe
  C:\Windows\System\JkynDwl.exe
  2⤵
  PID:4284
- C:\Windows\System\AmUBrkK.exe
  C:\Windows\System\AmUBrkK.exe
  2⤵
  PID:4300
- C:\Windows\System\AjxOBDv.exe
  C:\Windows\System\AjxOBDv.exe
  2⤵
  PID:4316
- C:\Windows\System\NdGPgQb.exe
  C:\Windows\System\NdGPgQb.exe
  2⤵
  PID:4332
- C:\Windows\System\Kdqfhcn.exe
  C:\Windows\System\Kdqfhcn.exe
  2⤵
  PID:4348
- C:\Windows\System\oYSZaFk.exe
  C:\Windows\System\oYSZaFk.exe
  2⤵
  PID:4364
- C:\Windows\System\VGdaNdo.exe
  C:\Windows\System\VGdaNdo.exe
  2⤵
  PID:4380
- C:\Windows\System\nBxRrDg.exe
  C:\Windows\System\nBxRrDg.exe
  2⤵
  PID:4396
- C:\Windows\System\tyewZro.exe
  C:\Windows\System\tyewZro.exe
  2⤵
  PID:4412
- C:\Windows\System\erQnZsl.exe
  C:\Windows\System\erQnZsl.exe
  2⤵
  PID:4428
- C:\Windows\System\TXqGNwt.exe
  C:\Windows\System\TXqGNwt.exe
  2⤵
  PID:4444
- C:\Windows\System\HnKXqia.exe
  C:\Windows\System\HnKXqia.exe
  2⤵
  PID:4460
- C:\Windows\System\kiBpQsX.exe
  C:\Windows\System\kiBpQsX.exe
  2⤵
  PID:4476
- C:\Windows\System\DxPqJAy.exe
  C:\Windows\System\DxPqJAy.exe
  2⤵
  PID:4492
- C:\Windows\System\qDeLWWc.exe
  C:\Windows\System\qDeLWWc.exe
  2⤵
  PID:4508
- C:\Windows\System\sxeYNew.exe
  C:\Windows\System\sxeYNew.exe
  2⤵
  PID:4524
- C:\Windows\System\eyQNQep.exe
  C:\Windows\System\eyQNQep.exe
  2⤵
  PID:4540
- C:\Windows\System\phMHwtv.exe
  C:\Windows\System\phMHwtv.exe
  2⤵
  PID:4556
- C:\Windows\System\OGXUSzl.exe
  C:\Windows\System\OGXUSzl.exe
  2⤵
  PID:4572
- C:\Windows\System\tJDzhTG.exe
  C:\Windows\System\tJDzhTG.exe
  2⤵
  PID:4588
- C:\Windows\System\PCxvxQd.exe
  C:\Windows\System\PCxvxQd.exe
  2⤵
  PID:4604
- C:\Windows\System\ZOCHfIr.exe
  C:\Windows\System\ZOCHfIr.exe
  2⤵
  PID:4620
- C:\Windows\System\nEXCWpb.exe
  C:\Windows\System\nEXCWpb.exe
  2⤵
  PID:4636
- C:\Windows\System\ZfChXEh.exe
  C:\Windows\System\ZfChXEh.exe
  2⤵
  PID:4652
- C:\Windows\System\qcwxuIy.exe
  C:\Windows\System\qcwxuIy.exe
  2⤵
  PID:4668
- C:\Windows\System\shzmkhZ.exe
  C:\Windows\System\shzmkhZ.exe
  2⤵
  PID:4684
- C:\Windows\System\FwrGAwQ.exe
  C:\Windows\System\FwrGAwQ.exe
  2⤵
  PID:4704
- C:\Windows\System\xHVTjVX.exe
  C:\Windows\System\xHVTjVX.exe
  2⤵
  PID:4720
- C:\Windows\System\gsuPtgu.exe
  C:\Windows\System\gsuPtgu.exe
  2⤵
  PID:4736
- C:\Windows\System\mjJiMHr.exe
  C:\Windows\System\mjJiMHr.exe
  2⤵
  PID:4752
- C:\Windows\System\LBEXkfi.exe
  C:\Windows\System\LBEXkfi.exe
  2⤵
  PID:4768
- C:\Windows\System\YXRcgel.exe
  C:\Windows\System\YXRcgel.exe
  2⤵
  PID:4784
- C:\Windows\System\NJvgqrx.exe
  C:\Windows\System\NJvgqrx.exe
  2⤵
  PID:4800
- C:\Windows\System\QxGKjba.exe
  C:\Windows\System\QxGKjba.exe
  2⤵
  PID:4816
- C:\Windows\System\cHWGMye.exe
  C:\Windows\System\cHWGMye.exe
  2⤵
  PID:4832
- C:\Windows\System\tJarvMG.exe
  C:\Windows\System\tJarvMG.exe
  2⤵
  PID:4848
- C:\Windows\System\PsPunMS.exe
  C:\Windows\System\PsPunMS.exe
  2⤵
  PID:4864
- C:\Windows\System\CsrPKpt.exe
  C:\Windows\System\CsrPKpt.exe
  2⤵
  PID:4880
- C:\Windows\System\HRRMDNB.exe
  C:\Windows\System\HRRMDNB.exe
  2⤵
  PID:4896
- C:\Windows\System\pdhdNzS.exe
  C:\Windows\System\pdhdNzS.exe
  2⤵
  PID:4916
- C:\Windows\System\MJwqPvE.exe
  C:\Windows\System\MJwqPvE.exe
  2⤵
  PID:4936
- C:\Windows\System\sidKxFS.exe
  C:\Windows\System\sidKxFS.exe
  2⤵
  PID:4952
- C:\Windows\System\wCFyxEA.exe
  C:\Windows\System\wCFyxEA.exe
  2⤵
  PID:4968
- C:\Windows\System\pkkMDGD.exe
  C:\Windows\System\pkkMDGD.exe
  2⤵
  PID:4988
- C:\Windows\System\OedHhak.exe
  C:\Windows\System\OedHhak.exe
  2⤵
  PID:5004
- C:\Windows\System\kkaBVqT.exe
  C:\Windows\System\kkaBVqT.exe
  2⤵
  PID:5024
- C:\Windows\System\jtWZzoD.exe
  C:\Windows\System\jtWZzoD.exe
  2⤵
  PID:5040
- C:\Windows\System\CqDenol.exe
  C:\Windows\System\CqDenol.exe
  2⤵
  PID:5056
- C:\Windows\System\wSjybWq.exe
  C:\Windows\System\wSjybWq.exe
  2⤵
  PID:5072
- C:\Windows\System\lQdExnH.exe
  C:\Windows\System\lQdExnH.exe
  2⤵
  PID:5088
- C:\Windows\System\egHFbMx.exe
  C:\Windows\System\egHFbMx.exe
  2⤵
  PID:5104
- C:\Windows\System\zWKEbvR.exe
  C:\Windows\System\zWKEbvR.exe
  2⤵
  PID:3992
- C:\Windows\System\LibWScX.exe
  C:\Windows\System\LibWScX.exe
  2⤵
  PID:4104
- C:\Windows\System\DrvOsUK.exe
  C:\Windows\System\DrvOsUK.exe
  2⤵
  PID:4168
- C:\Windows\System\bYXmtlD.exe
  C:\Windows\System\bYXmtlD.exe
  2⤵
  PID:2928
- C:\Windows\System\vFFiTlv.exe
  C:\Windows\System\vFFiTlv.exe
  2⤵
  PID:4228
- C:\Windows\System\aCQgWjQ.exe
  C:\Windows\System\aCQgWjQ.exe
  2⤵
  PID:4152
- C:\Windows\System\WdBJpSS.exe
  C:\Windows\System\WdBJpSS.exe
  2⤵
  PID:4232
- C:\Windows\System\oBSKaJF.exe
  C:\Windows\System\oBSKaJF.exe
  2⤵
  PID:4292
- C:\Windows\System\PEqFQIt.exe
  C:\Windows\System\PEqFQIt.exe
  2⤵
  PID:4280
- C:\Windows\System\RPoTWID.exe
  C:\Windows\System\RPoTWID.exe
  2⤵
  PID:4312
- C:\Windows\System\EcMFhCa.exe
  C:\Windows\System\EcMFhCa.exe
  2⤵
  PID:4388
- C:\Windows\System\RyghqrX.exe
  C:\Windows\System\RyghqrX.exe
  2⤵
  PID:4452
- C:\Windows\System\SvFtinO.exe
  C:\Windows\System\SvFtinO.exe
  2⤵
  PID:4484
- C:\Windows\System\ghmOhnQ.exe
  C:\Windows\System\ghmOhnQ.exe
  2⤵
  PID:4500
- C:\Windows\System\LmSIHJl.exe
  C:\Windows\System\LmSIHJl.exe
  2⤵
  PID:4436
- C:\Windows\System\gusbFrB.exe
  C:\Windows\System\gusbFrB.exe
  2⤵
  PID:4468
- C:\Windows\System\xtyZOCg.exe
  C:\Windows\System\xtyZOCg.exe
  2⤵
  PID:4564
- C:\Windows\System\zeMNdSR.exe
  C:\Windows\System\zeMNdSR.exe
  2⤵
  PID:4612
- C:\Windows\System\cawgUdM.exe
  C:\Windows\System\cawgUdM.exe
  2⤵
  PID:4676
- C:\Windows\System\TFgtOBT.exe
  C:\Windows\System\TFgtOBT.exe
  2⤵
  PID:4744
- C:\Windows\System\iwuChsv.exe
  C:\Windows\System\iwuChsv.exe
  2⤵
  PID:4628
- C:\Windows\System\PEGPfJz.exe
  C:\Windows\System\PEGPfJz.exe
  2⤵
  PID:4596
- C:\Windows\System\SxdqHPv.exe
  C:\Windows\System\SxdqHPv.exe
  2⤵
  PID:4632
- C:\Windows\System\swuOclH.exe
  C:\Windows\System\swuOclH.exe
  2⤵
  PID:4792
- C:\Windows\System\GsoyQgq.exe
  C:\Windows\System\GsoyQgq.exe
  2⤵
  PID:4844
- C:\Windows\System\dpauTGW.exe
  C:\Windows\System\dpauTGW.exe
  2⤵
  PID:4908
- C:\Windows\System\XYqFrxZ.exe
  C:\Windows\System\XYqFrxZ.exe
  2⤵
  PID:4980
- C:\Windows\System\UPcBJNw.exe
  C:\Windows\System\UPcBJNw.exe
  2⤵
  PID:4824
- C:\Windows\System\olzEEPB.exe
  C:\Windows\System\olzEEPB.exe
  2⤵
  PID:4888
- C:\Windows\System\gXeymDQ.exe
  C:\Windows\System\gXeymDQ.exe
  2⤵
  PID:4964
- C:\Windows\System\wPeApHu.exe
  C:\Windows\System\wPeApHu.exe
  2⤵
  PID:5020
- C:\Windows\System\dmEhisn.exe
  C:\Windows\System\dmEhisn.exe
  2⤵
  PID:5036
- C:\Windows\System\TdKrXXZ.exe
  C:\Windows\System\TdKrXXZ.exe
  2⤵
  PID:5080
- C:\Windows\System\mXXUaUo.exe
  C:\Windows\System\mXXUaUo.exe
  2⤵
  PID:4136
- C:\Windows\System\Qnlustw.exe
  C:\Windows\System\Qnlustw.exe
  2⤵
  PID:4184
- C:\Windows\System\hUtckop.exe
  C:\Windows\System\hUtckop.exe
  2⤵
  PID:4356
- C:\Windows\System\fkhaBRL.exe
  C:\Windows\System\fkhaBRL.exe
  2⤵
  PID:4408
- C:\Windows\System\pTUnxiB.exe
  C:\Windows\System\pTUnxiB.exe
  2⤵
  PID:4308
- C:\Windows\System\azgvYad.exe
  C:\Windows\System\azgvYad.exe
  2⤵
  PID:4644
- C:\Windows\System\caxdBJk.exe
  C:\Windows\System\caxdBJk.exe
  2⤵
  PID:4264
- C:\Windows\System\iqYTHYY.exe
  C:\Windows\System\iqYTHYY.exe
  2⤵
  PID:2540
- C:\Windows\System\XcRHbNs.exe
  C:\Windows\System\XcRHbNs.exe
  2⤵
  PID:4660
- C:\Windows\System\hiWSCdB.exe
  C:\Windows\System\hiWSCdB.exe
  2⤵
  PID:4584
- C:\Windows\System\QlkLCMl.exe
  C:\Windows\System\QlkLCMl.exe
  2⤵
  PID:4716
- C:\Windows\System\mEArLTB.exe
  C:\Windows\System\mEArLTB.exe
  2⤵
  PID:4580
- C:\Windows\System\pBianRq.exe
  C:\Windows\System\pBianRq.exe
  2⤵
  PID:4732
- C:\Windows\System\VEaWTwb.exe
  C:\Windows\System\VEaWTwb.exe
  2⤵
  PID:5012
- C:\Windows\System\AzwhuJV.exe
  C:\Windows\System\AzwhuJV.exe
  2⤵
  PID:4860
- C:\Windows\System\pytyxnh.exe
  C:\Windows\System\pytyxnh.exe
  2⤵
  PID:5096
- C:\Windows\System\BPsCUIN.exe
  C:\Windows\System\BPsCUIN.exe
  2⤵
  PID:4404
- C:\Windows\System\otlErJX.exe
  C:\Windows\System\otlErJX.exe
  2⤵
  PID:4932
- C:\Windows\System\vHkGLdN.exe
  C:\Windows\System\vHkGLdN.exe
  2⤵
  PID:5112
- C:\Windows\System\oFtQtDB.exe
  C:\Windows\System\oFtQtDB.exe
  2⤵
  PID:4520
- C:\Windows\System\GEbSmXS.exe
  C:\Windows\System\GEbSmXS.exe
  2⤵
  PID:4260
- C:\Windows\System\tuozdeV.exe
  C:\Windows\System\tuozdeV.exe
  2⤵
  PID:4100
- C:\Windows\System\YnuGDah.exe
  C:\Windows\System\YnuGDah.exe
  2⤵
  PID:5016
- C:\Windows\System\SkqtkcI.exe
  C:\Windows\System\SkqtkcI.exe
  2⤵
  PID:4664
- C:\Windows\System\xssEIxu.exe
  C:\Windows\System\xssEIxu.exe
  2⤵
  PID:5032
- C:\Windows\System\YYHZocZ.exe
  C:\Windows\System\YYHZocZ.exe
  2⤵
  PID:4536
- C:\Windows\System\uimQjVG.exe
  C:\Windows\System\uimQjVG.exe
  2⤵
  PID:4856
- C:\Windows\System\VmCdayV.exe
  C:\Windows\System\VmCdayV.exe
  2⤵
  PID:5124
- C:\Windows\System\stCCcLG.exe
  C:\Windows\System\stCCcLG.exe
  2⤵
  PID:5140
- C:\Windows\System\fqhtuKJ.exe
  C:\Windows\System\fqhtuKJ.exe
  2⤵
  PID:5156
- C:\Windows\System\WafQgDv.exe
  C:\Windows\System\WafQgDv.exe
  2⤵
  PID:5172
- C:\Windows\System\ZKLpVMv.exe
  C:\Windows\System\ZKLpVMv.exe
  2⤵
  PID:5188
- C:\Windows\System\atFIFnP.exe
  C:\Windows\System\atFIFnP.exe
  2⤵
  PID:5208
- C:\Windows\System\nqikARl.exe
  C:\Windows\System\nqikARl.exe
  2⤵
  PID:5456
- C:\Windows\System\ufSDCsn.exe
  C:\Windows\System\ufSDCsn.exe
  2⤵
  PID:5472
- C:\Windows\System\aPcZnFW.exe
  C:\Windows\System\aPcZnFW.exe
  2⤵
  PID:5488
- C:\Windows\System\tenvurT.exe
  C:\Windows\System\tenvurT.exe
  2⤵
  PID:5504
- C:\Windows\System\cURwSRm.exe
  C:\Windows\System\cURwSRm.exe
  2⤵
  PID:5520
- C:\Windows\System\yHlOHrA.exe
  C:\Windows\System\yHlOHrA.exe
  2⤵
  PID:5536
- C:\Windows\System\GOVLHjE.exe
  C:\Windows\System\GOVLHjE.exe
  2⤵
  PID:5552
- C:\Windows\System\vzADYDn.exe
  C:\Windows\System\vzADYDn.exe
  2⤵
  PID:5568
- C:\Windows\System\mfjmwqw.exe
  C:\Windows\System\mfjmwqw.exe
  2⤵
  PID:5584
- C:\Windows\System\qKyGViN.exe
  C:\Windows\System\qKyGViN.exe
  2⤵
  PID:5600
- C:\Windows\System\DklbFkE.exe
  C:\Windows\System\DklbFkE.exe
  2⤵
  PID:5616
- C:\Windows\System\uodfdZS.exe
  C:\Windows\System\uodfdZS.exe
  2⤵
  PID:5632
- C:\Windows\System\nowjmPc.exe
  C:\Windows\System\nowjmPc.exe
  2⤵
  PID:5648
- C:\Windows\System\JfVwMQg.exe
  C:\Windows\System\JfVwMQg.exe
  2⤵
  PID:5664
- C:\Windows\System\dTLmlrP.exe
  C:\Windows\System\dTLmlrP.exe
  2⤵
  PID:5680
- C:\Windows\System\CrZkAEc.exe
  C:\Windows\System\CrZkAEc.exe
  2⤵
  PID:5696
- C:\Windows\System\cGOYQlC.exe
  C:\Windows\System\cGOYQlC.exe
  2⤵
  PID:5712
- C:\Windows\System\oyMyBkM.exe
  C:\Windows\System\oyMyBkM.exe
  2⤵
  PID:5728
- C:\Windows\System\vyRLTef.exe
  C:\Windows\System\vyRLTef.exe
  2⤵
  PID:5744
- C:\Windows\System\xsDwyvQ.exe
  C:\Windows\System\xsDwyvQ.exe
  2⤵
  PID:5760
- C:\Windows\System\ghINkmC.exe
  C:\Windows\System\ghINkmC.exe
  2⤵
  PID:5776
- C:\Windows\System\zjpmKgh.exe
  C:\Windows\System\zjpmKgh.exe
  2⤵
  PID:5792
- C:\Windows\System\VKSCLxg.exe
  C:\Windows\System\VKSCLxg.exe
  2⤵
  PID:5808
- C:\Windows\System\LXWjCWi.exe
  C:\Windows\System\LXWjCWi.exe
  2⤵
  PID:5824
- C:\Windows\System\XJdxDsv.exe
  C:\Windows\System\XJdxDsv.exe
  2⤵
  PID:5840
- C:\Windows\System\vsXeqQX.exe
  C:\Windows\System\vsXeqQX.exe
  2⤵
  PID:5856
- C:\Windows\System\ZZTDwFI.exe
  C:\Windows\System\ZZTDwFI.exe
  2⤵
  PID:5872
- C:\Windows\System\uBtOzXR.exe
  C:\Windows\System\uBtOzXR.exe
  2⤵
  PID:5888
- C:\Windows\System\YpfUVfR.exe
  C:\Windows\System\YpfUVfR.exe
  2⤵
  PID:5904
- C:\Windows\System\ZWYCSxh.exe
  C:\Windows\System\ZWYCSxh.exe
  2⤵
  PID:5920
- C:\Windows\System\aphpGqL.exe
  C:\Windows\System\aphpGqL.exe
  2⤵
  PID:5936
- C:\Windows\System\ikpArFE.exe
  C:\Windows\System\ikpArFE.exe
  2⤵
  PID:5952
- C:\Windows\System\xdlDzyh.exe
  C:\Windows\System\xdlDzyh.exe
  2⤵
  PID:5968
- C:\Windows\System\iBAjzxr.exe
  C:\Windows\System\iBAjzxr.exe
  2⤵
  PID:5984
- C:\Windows\System\TEPvPrW.exe
  C:\Windows\System\TEPvPrW.exe
  2⤵
  PID:6000
- C:\Windows\System\LXyfyEz.exe
  C:\Windows\System\LXyfyEz.exe
  2⤵
  PID:6020
- C:\Windows\System\tTgYzLW.exe
  C:\Windows\System\tTgYzLW.exe
  2⤵
  PID:6036
- C:\Windows\System\dbWYmXN.exe
  C:\Windows\System\dbWYmXN.exe
  2⤵
  PID:6052
- C:\Windows\System\frngJBM.exe
  C:\Windows\System\frngJBM.exe
  2⤵
  PID:6068
- C:\Windows\System\rfyDxEm.exe
  C:\Windows\System\rfyDxEm.exe
  2⤵
  PID:6084
- C:\Windows\System\nNMMFfW.exe
  C:\Windows\System\nNMMFfW.exe
  2⤵
  PID:6100
- C:\Windows\System\OlllmxW.exe
  C:\Windows\System\OlllmxW.exe
  2⤵
  PID:6116
- C:\Windows\System\iYqhEoN.exe
  C:\Windows\System\iYqhEoN.exe
  2⤵
  PID:6132
- C:\Windows\System\pKTSiyZ.exe
  C:\Windows\System\pKTSiyZ.exe
  2⤵
  PID:4700
- C:\Windows\System\YaUZWDE.exe
  C:\Windows\System\YaUZWDE.exe
  2⤵
  PID:5184
- C:\Windows\System\aqxUsAE.exe
  C:\Windows\System\aqxUsAE.exe
  2⤵
  PID:4360
- C:\Windows\System\sQAYyxn.exe
  C:\Windows\System\sQAYyxn.exe
  2⤵
  PID:5164
- C:\Windows\System\MZAGJFQ.exe
  C:\Windows\System\MZAGJFQ.exe
  2⤵
  PID:5200
- C:\Windows\System\KgQkaQH.exe
  C:\Windows\System\KgQkaQH.exe
  2⤵
  PID:5232
- C:\Windows\System\WfISFzw.exe
  C:\Windows\System\WfISFzw.exe
  2⤵
  PID:5244
- C:\Windows\System\qRMjVzh.exe
  C:\Windows\System\qRMjVzh.exe
  2⤵
  PID:5260
- C:\Windows\System\EDrEnqP.exe
  C:\Windows\System\EDrEnqP.exe
  2⤵
  PID:5272
- C:\Windows\System\UErTsEI.exe
  C:\Windows\System\UErTsEI.exe
  2⤵
  PID:5288
- C:\Windows\System\ZmeGAei.exe
  C:\Windows\System\ZmeGAei.exe
  2⤵
  PID:5312
- C:\Windows\System\jIcpCRv.exe
  C:\Windows\System\jIcpCRv.exe
  2⤵
  PID:5320
- C:\Windows\System\uipxzVE.exe
  C:\Windows\System\uipxzVE.exe
  2⤵
  PID:5336
- C:\Windows\System\rNpqZSz.exe
  C:\Windows\System\rNpqZSz.exe
  2⤵
  PID:5356
- C:\Windows\System\sILOYFI.exe
  C:\Windows\System\sILOYFI.exe
  2⤵
  PID:5372
- C:\Windows\System\VxvVpdm.exe
  C:\Windows\System\VxvVpdm.exe
  2⤵
  PID:5404
- C:\Windows\System\IzhFDDt.exe
  C:\Windows\System\IzhFDDt.exe
  2⤵
  PID:5396
- C:\Windows\System\DXrBOiT.exe
  C:\Windows\System\DXrBOiT.exe
  2⤵
  PID:5452
- C:\Windows\System\HDyjebJ.exe
  C:\Windows\System\HDyjebJ.exe
  2⤵
  PID:5468
- C:\Windows\System\QjAJRcQ.exe
  C:\Windows\System\QjAJRcQ.exe
  2⤵
  PID:5548
- C:\Windows\System\bryfEGH.exe
  C:\Windows\System\bryfEGH.exe
  2⤵
  PID:5560
- C:\Windows\System\PfyYxBv.exe
  C:\Windows\System\PfyYxBv.exe
  2⤵
  PID:5576
- C:\Windows\System\lPViIdB.exe
  C:\Windows\System\lPViIdB.exe
  2⤵
  PID:5656
- C:\Windows\System\HNBMShs.exe
  C:\Windows\System\HNBMShs.exe
  2⤵
  PID:5644
- C:\Windows\System\AnitwmM.exe
  C:\Windows\System\AnitwmM.exe
  2⤵
  PID:5672
- C:\Windows\System\FrInLJz.exe
  C:\Windows\System\FrInLJz.exe
  2⤵
  PID:5768
- C:\Windows\System\evrtAFr.exe
  C:\Windows\System\evrtAFr.exe
  2⤵
  PID:5692
- C:\Windows\System\VlpYIYd.exe
  C:\Windows\System\VlpYIYd.exe
  2⤵
  PID:5804
- C:\Windows\System\KtvDSuM.exe
  C:\Windows\System\KtvDSuM.exe
  2⤵
  PID:5868
- C:\Windows\System\ZsbpIac.exe
  C:\Windows\System\ZsbpIac.exe
  2⤵
  PID:5784
- C:\Windows\System\zbJhSgd.exe
  C:\Windows\System\zbJhSgd.exe
  2⤵
  PID:5960
- C:\Windows\System\OjgSCLT.exe
  C:\Windows\System\OjgSCLT.exe
  2⤵
  PID:5884
- C:\Windows\System\cbaOWpm.exe
  C:\Windows\System\cbaOWpm.exe
  2⤵
  PID:5848
- C:\Windows\System\tqofRCA.exe
  C:\Windows\System\tqofRCA.exe
  2⤵
  PID:5948
- C:\Windows\System\rcpBEaI.exe
  C:\Windows\System\rcpBEaI.exe
  2⤵
  PID:6008
- C:\Windows\System\LdFlSTw.exe
  C:\Windows\System\LdFlSTw.exe
  2⤵
  PID:6016
- C:\Windows\System\iaAafEn.exe
  C:\Windows\System\iaAafEn.exe
  2⤵
  PID:6096
- C:\Windows\System\srFvGoL.exe
  C:\Windows\System\srFvGoL.exe
  2⤵
  PID:6048
- C:\Windows\System\NQZdCKE.exe
  C:\Windows\System\NQZdCKE.exe
  2⤵
  PID:6108
- C:\Windows\System\BbXhUFv.exe
  C:\Windows\System\BbXhUFv.exe
  2⤵
  PID:5132
- C:\Windows\System\ncBnPUk.exe
  C:\Windows\System\ncBnPUk.exe
  2⤵
  PID:5228
- C:\Windows\System\kRRDJTC.exe
  C:\Windows\System\kRRDJTC.exe
  2⤵
  PID:5284
- C:\Windows\System\XebabEp.exe
  C:\Windows\System\XebabEp.exe
  2⤵
  PID:5348
- C:\Windows\System\oOxZlJd.exe
  C:\Windows\System\oOxZlJd.exe
  2⤵
  PID:5368
- C:\Windows\System\rhcJxfb.exe
  C:\Windows\System\rhcJxfb.exe
  2⤵
  PID:5240
- C:\Windows\System\avuQVHs.exe
  C:\Windows\System\avuQVHs.exe
  2⤵
  PID:5292
- C:\Windows\System\tPqBAVI.exe
  C:\Windows\System\tPqBAVI.exe
  2⤵
  PID:6012
- C:\Windows\System\sXiPiNr.exe
  C:\Windows\System\sXiPiNr.exe
  2⤵
  PID:5412
- C:\Windows\System\wNhMkTh.exe
  C:\Windows\System\wNhMkTh.exe
  2⤵
  PID:5436
- C:\Windows\System\zpztgbN.exe
  C:\Windows\System\zpztgbN.exe
  2⤵
  PID:5544
- C:\Windows\System\LdHDNIv.exe
  C:\Windows\System\LdHDNIv.exe
  2⤵
  PID:5484
- C:\Windows\System\LftFeLr.exe
  C:\Windows\System\LftFeLr.exe
  2⤵
  PID:5532
- C:\Windows\System\PzdFYPk.exe
  C:\Windows\System\PzdFYPk.exe
  2⤵
  PID:5640
- C:\Windows\System\jMdOHJT.exe
  C:\Windows\System\jMdOHJT.exe
  2⤵
  PID:5800
- C:\Windows\System\rvIZwWD.exe
  C:\Windows\System\rvIZwWD.exe
  2⤵
  PID:5880
- C:\Windows\System\ZCUkITx.exe
  C:\Windows\System\ZCUkITx.exe
  2⤵
  PID:6032
- C:\Windows\System\ilomZMP.exe
  C:\Windows\System\ilomZMP.exe
  2⤵
  PID:5708
- C:\Windows\System\vfqwmmr.exe
  C:\Windows\System\vfqwmmr.exe
  2⤵
  PID:5864
- C:\Windows\System\ojZAbui.exe
  C:\Windows\System\ojZAbui.exe
  2⤵
  PID:5980
- C:\Windows\System\YpTfwan.exe
  C:\Windows\System\YpTfwan.exe
  2⤵
  PID:5152
- C:\Windows\System\lFGrPMB.exe
  C:\Windows\System\lFGrPMB.exe
  2⤵
  PID:5256
- C:\Windows\System\SSyYuzO.exe
  C:\Windows\System\SSyYuzO.exe
  2⤵
  PID:5220
- C:\Windows\System\jfTRwwS.exe
  C:\Windows\System\jfTRwwS.exe
  2⤵
  PID:5380
- C:\Windows\System\zTSoiTK.exe
  C:\Windows\System\zTSoiTK.exe
  2⤵
  PID:5408
- C:\Windows\System\VzTgKuS.exe
  C:\Windows\System\VzTgKuS.exe
  2⤵
  PID:5464
- C:\Windows\System\domVoGH.exe
  C:\Windows\System\domVoGH.exe
  2⤵
  PID:5724
- C:\Windows\System\pNMzlNg.exe
  C:\Windows\System\pNMzlNg.exe
  2⤵
  PID:5836
- C:\Windows\System\XnEsYno.exe
  C:\Windows\System\XnEsYno.exe
  2⤵
  PID:6064
- C:\Windows\System\FWvLSUb.exe
  C:\Windows\System\FWvLSUb.exe
  2⤵
  PID:5592
- C:\Windows\System\TTrGOzh.exe
  C:\Windows\System\TTrGOzh.exe
  2⤵
  PID:5788
- C:\Windows\System\gfpUpBR.exe
  C:\Windows\System\gfpUpBR.exe
  2⤵
  PID:5704
- C:\Windows\System\dDWTkFt.exe
  C:\Windows\System\dDWTkFt.exe
  2⤵
  PID:4976
- C:\Windows\System\pgnoBFa.exe
  C:\Windows\System\pgnoBFa.exe
  2⤵
  PID:5660
- C:\Windows\System\RCbQzTZ.exe
  C:\Windows\System\RCbQzTZ.exe
  2⤵
  PID:5612
- C:\Windows\System\VtlaKOn.exe
  C:\Windows\System\VtlaKOn.exe
  2⤵
  PID:5252
- C:\Windows\System\kXgjaoC.exe
  C:\Windows\System\kXgjaoC.exe
  2⤵
  PID:5992
- C:\Windows\System\lzYyNaL.exe
  C:\Windows\System\lzYyNaL.exe
  2⤵
  PID:5400
- C:\Windows\System\unIubuX.exe
  C:\Windows\System\unIubuX.exe
  2⤵
  PID:5448
- C:\Windows\System\aXQmUBV.exe
  C:\Windows\System\aXQmUBV.exe
  2⤵
  PID:6156
- C:\Windows\System\DLfRTdz.exe
  C:\Windows\System\DLfRTdz.exe
  2⤵
  PID:6172
- C:\Windows\System\cthqrCG.exe
  C:\Windows\System\cthqrCG.exe
  2⤵
  PID:6188
- C:\Windows\System\YDMqBTR.exe
  C:\Windows\System\YDMqBTR.exe
  2⤵
  PID:6204
- C:\Windows\System\FLUeTEA.exe
  C:\Windows\System\FLUeTEA.exe
  2⤵
  PID:6220
- C:\Windows\System\xOqWyzf.exe
  C:\Windows\System\xOqWyzf.exe
  2⤵
  PID:6236
- C:\Windows\System\iUFSnLb.exe
  C:\Windows\System\iUFSnLb.exe
  2⤵
  PID:6252
- C:\Windows\System\aYiSgoX.exe
  C:\Windows\System\aYiSgoX.exe
  2⤵
  PID:6268
- C:\Windows\System\nTVycFe.exe
  C:\Windows\System\nTVycFe.exe
  2⤵
  PID:6284
- C:\Windows\System\ZJBwdzU.exe
  C:\Windows\System\ZJBwdzU.exe
  2⤵
  PID:6300
- C:\Windows\System\GhGsAwo.exe
  C:\Windows\System\GhGsAwo.exe
  2⤵
  PID:6316
- C:\Windows\System\LkGNAHU.exe
  C:\Windows\System\LkGNAHU.exe
  2⤵
  PID:6332
- C:\Windows\System\cCzsUdD.exe
  C:\Windows\System\cCzsUdD.exe
  2⤵
  PID:6348
- C:\Windows\System\zBtaCFp.exe
  C:\Windows\System\zBtaCFp.exe
  2⤵
  PID:6364
- C:\Windows\System\nbMbbKR.exe
  C:\Windows\System\nbMbbKR.exe
  2⤵
  PID:6380
- C:\Windows\System\nNEaxoX.exe
  C:\Windows\System\nNEaxoX.exe
  2⤵
  PID:6396
- C:\Windows\System\QhFyMlh.exe
  C:\Windows\System\QhFyMlh.exe
  2⤵
  PID:6412
- C:\Windows\System\uSVYoCy.exe
  C:\Windows\System\uSVYoCy.exe
  2⤵
  PID:6428
- C:\Windows\System\BPLHZRZ.exe
  C:\Windows\System\BPLHZRZ.exe
  2⤵
  PID:6444
- C:\Windows\System\YLeXvfl.exe
  C:\Windows\System\YLeXvfl.exe
  2⤵
  PID:6460
- C:\Windows\System\nEDKniA.exe
  C:\Windows\System\nEDKniA.exe
  2⤵
  PID:6476
- C:\Windows\System\WxjiBOk.exe
  C:\Windows\System\WxjiBOk.exe
  2⤵
  PID:6492
- C:\Windows\System\ktmxaRH.exe
  C:\Windows\System\ktmxaRH.exe
  2⤵
  PID:6508
- C:\Windows\System\zlZkNCT.exe
  C:\Windows\System\zlZkNCT.exe
  2⤵
  PID:6524
- C:\Windows\System\RjevEzz.exe
  C:\Windows\System\RjevEzz.exe
  2⤵
  PID:6540
- C:\Windows\System\NTsGJub.exe
  C:\Windows\System\NTsGJub.exe
  2⤵
  PID:6556
- C:\Windows\System\oZkUGcP.exe
  C:\Windows\System\oZkUGcP.exe
  2⤵
  PID:6572
- C:\Windows\System\eJVqGMX.exe
  C:\Windows\System\eJVqGMX.exe
  2⤵
  PID:6588
- C:\Windows\System\Rxrjsot.exe
  C:\Windows\System\Rxrjsot.exe
  2⤵
  PID:6604
- C:\Windows\System\mngeLxd.exe
  C:\Windows\System\mngeLxd.exe
  2⤵
  PID:6620
- C:\Windows\System\gBpGHcA.exe
  C:\Windows\System\gBpGHcA.exe
  2⤵
  PID:6636
- C:\Windows\System\NmLVgFD.exe
  C:\Windows\System\NmLVgFD.exe
  2⤵
  PID:6652
- C:\Windows\System\fKiyESA.exe
  C:\Windows\System\fKiyESA.exe
  2⤵
  PID:6668
- C:\Windows\System\hUvDoSu.exe
  C:\Windows\System\hUvDoSu.exe
  2⤵
  PID:6684
- C:\Windows\System\NCdHLBM.exe
  C:\Windows\System\NCdHLBM.exe
  2⤵
  PID:6700
- C:\Windows\System\jJJJYVG.exe
  C:\Windows\System\jJJJYVG.exe
  2⤵
  PID:6716
- C:\Windows\System\uikAcMT.exe
  C:\Windows\System\uikAcMT.exe
  2⤵
  PID:6732
- C:\Windows\System\Zadkcsy.exe
  C:\Windows\System\Zadkcsy.exe
  2⤵
  PID:6748
- C:\Windows\System\DOjlJKB.exe
  C:\Windows\System\DOjlJKB.exe
  2⤵
  PID:6764
- C:\Windows\System\wUGvowN.exe
  C:\Windows\System\wUGvowN.exe
  2⤵
  PID:6780
- C:\Windows\System\broBTix.exe
  C:\Windows\System\broBTix.exe
  2⤵
  PID:6796
- C:\Windows\System\YpvKVTN.exe
  C:\Windows\System\YpvKVTN.exe
  2⤵
  PID:6812
- C:\Windows\System\cTiTNob.exe
  C:\Windows\System\cTiTNob.exe
  2⤵
  PID:6828
- C:\Windows\System\hWzBlew.exe
  C:\Windows\System\hWzBlew.exe
  2⤵
  PID:6844
- C:\Windows\System\NqyjnyQ.exe
  C:\Windows\System\NqyjnyQ.exe
  2⤵
  PID:6860
- C:\Windows\System\MsgpBSU.exe
  C:\Windows\System\MsgpBSU.exe
  2⤵
  PID:6876
- C:\Windows\System\FWdosRo.exe
  C:\Windows\System\FWdosRo.exe
  2⤵
  PID:6892
- C:\Windows\System\TxlCZTY.exe
  C:\Windows\System\TxlCZTY.exe
  2⤵
  PID:6908
- C:\Windows\System\LmFojPt.exe
  C:\Windows\System\LmFojPt.exe
  2⤵
  PID:6924
- C:\Windows\System\Oxxvjzo.exe
  C:\Windows\System\Oxxvjzo.exe
  2⤵
  PID:6940
- C:\Windows\System\ESNErKL.exe
  C:\Windows\System\ESNErKL.exe
  2⤵
  PID:6956
- C:\Windows\System\fwtxSbu.exe
  C:\Windows\System\fwtxSbu.exe
  2⤵
  PID:6972
- C:\Windows\System\yLCGiro.exe
  C:\Windows\System\yLCGiro.exe
  2⤵
  PID:6988
- C:\Windows\System\VbpafIs.exe
  C:\Windows\System\VbpafIs.exe
  2⤵
  PID:7004
- C:\Windows\System\kHMsqjD.exe
  C:\Windows\System\kHMsqjD.exe
  2⤵
  PID:7020
- C:\Windows\System\okTFIYq.exe
  C:\Windows\System\okTFIYq.exe
  2⤵
  PID:7036
- C:\Windows\System\TRixOaq.exe
  C:\Windows\System\TRixOaq.exe
  2⤵
  PID:7052
- C:\Windows\System\ZhGKPUO.exe
  C:\Windows\System\ZhGKPUO.exe
  2⤵
  PID:7068
- C:\Windows\System\mqfTUOk.exe
  C:\Windows\System\mqfTUOk.exe
  2⤵
  PID:7084
- C:\Windows\System\nyTpZLt.exe
  C:\Windows\System\nyTpZLt.exe
  2⤵
  PID:7100
- C:\Windows\System\GmXTbDl.exe
  C:\Windows\System\GmXTbDl.exe
  2⤵
  PID:7116
- C:\Windows\System\UWXfgrv.exe
  C:\Windows\System\UWXfgrv.exe
  2⤵
  PID:7132
- C:\Windows\System\dDzYDVT.exe
  C:\Windows\System\dDzYDVT.exe
  2⤵
  PID:7148
- C:\Windows\System\VnHIreK.exe
  C:\Windows\System\VnHIreK.exe
  2⤵
  PID:7164
- C:\Windows\System\rrHMAro.exe
  C:\Windows\System\rrHMAro.exe
  2⤵
  PID:6164
- C:\Windows\System\TYSINad.exe
  C:\Windows\System\TYSINad.exe
  2⤵
  PID:6228
- C:\Windows\System\jkeUdki.exe
  C:\Windows\System\jkeUdki.exe
  2⤵
  PID:6180
- C:\Windows\System\bTjTEJs.exe
  C:\Windows\System\bTjTEJs.exe
  2⤵
  PID:6184
- C:\Windows\System\OmxykCT.exe
  C:\Windows\System\OmxykCT.exe
  2⤵
  PID:6248
- C:\Windows\System\GlpClyy.exe
  C:\Windows\System\GlpClyy.exe
  2⤵
  PID:6292
- C:\Windows\System\SkbwZEB.exe
  C:\Windows\System\SkbwZEB.exe
  2⤵
  PID:6356
- C:\Windows\System\ZrHmYqu.exe
  C:\Windows\System\ZrHmYqu.exe
  2⤵
  PID:6420
- C:\Windows\System\lNipmZa.exe
  C:\Windows\System\lNipmZa.exe
  2⤵
  PID:6276
- C:\Windows\System\RtoXwWQ.exe
  C:\Windows\System\RtoXwWQ.exe
  2⤵
  PID:6344
- C:\Windows\System\fEXqVdD.exe
  C:\Windows\System\fEXqVdD.exe
  2⤵
  PID:6452
- C:\Windows\System\fIWJcda.exe
  C:\Windows\System\fIWJcda.exe
  2⤵
  PID:6440
- C:\Windows\System\PtugQeD.exe
  C:\Windows\System\PtugQeD.exe
  2⤵
  PID:6472
- C:\Windows\System\JPqfSYo.exe
  C:\Windows\System\JPqfSYo.exe
  2⤵
  PID:6564
- C:\Windows\System\isgQcUK.exe
  C:\Windows\System\isgQcUK.exe
  2⤵
  PID:6628
- C:\Windows\System\EwixBVA.exe
  C:\Windows\System\EwixBVA.exe
  2⤵
  PID:6552
- C:\Windows\System\cBNeYaz.exe
  C:\Windows\System\cBNeYaz.exe
  2⤵
  PID:6616
- C:\Windows\System\ckCHdzu.exe
  C:\Windows\System\ckCHdzu.exe
  2⤵
  PID:6676
- C:\Windows\System\itZfFgP.exe
  C:\Windows\System\itZfFgP.exe
  2⤵
  PID:6788
- C:\Windows\System\RbvjZki.exe
  C:\Windows\System\RbvjZki.exe
  2⤵
  PID:6712
- C:\Windows\System\xTowlqg.exe
  C:\Windows\System\xTowlqg.exe
  2⤵
  PID:6760
- C:\Windows\System\MmyxCgX.exe
  C:\Windows\System\MmyxCgX.exe
  2⤵
  PID:6836
- C:\Windows\System\wjuIobI.exe
  C:\Windows\System\wjuIobI.exe
  2⤵
  PID:6872
- C:\Windows\System\ewJfGLG.exe
  C:\Windows\System\ewJfGLG.exe
  2⤵
  PID:6776
- C:\Windows\System\RIzSdQR.exe
  C:\Windows\System\RIzSdQR.exe
  2⤵
  PID:6884
- C:\Windows\System\euvQuvZ.exe
  C:\Windows\System\euvQuvZ.exe
  2⤵
  PID:6900
- C:\Windows\System\ccHYnno.exe
  C:\Windows\System\ccHYnno.exe
  2⤵
  PID:6968
- C:\Windows\System\FHQNKPs.exe
  C:\Windows\System\FHQNKPs.exe
  2⤵
  PID:6948
- C:\Windows\System\dSlrRGp.exe
  C:\Windows\System\dSlrRGp.exe
  2⤵
  PID:6984
- C:\Windows\System\IwJFkXH.exe
  C:\Windows\System\IwJFkXH.exe
  2⤵
  PID:7064
- C:\Windows\System\jJlEtjO.exe
  C:\Windows\System\jJlEtjO.exe
  2⤵
  PID:7044
- C:\Windows\System\bOcopnt.exe
  C:\Windows\System\bOcopnt.exe
  2⤵
  PID:7108
- C:\Windows\System\YnqRFen.exe
  C:\Windows\System\YnqRFen.exe
  2⤵
  PID:5364
- C:\Windows\System\XVbCGrS.exe
  C:\Windows\System\XVbCGrS.exe
  2⤵
  PID:7156
- C:\Windows\System\KwuhInh.exe
  C:\Windows\System\KwuhInh.exe
  2⤵
  PID:4764
- C:\Windows\System\wwOSfrg.exe
  C:\Windows\System\wwOSfrg.exe
  2⤵
  PID:6264
- C:\Windows\System\UDzGegi.exe
  C:\Windows\System\UDzGegi.exe
  2⤵
  PID:6388
- C:\Windows\System\uviAUsn.exe
  C:\Windows\System\uviAUsn.exe
  2⤵
  PID:6340
- C:\Windows\System\MQleNSD.exe
  C:\Windows\System\MQleNSD.exe
  2⤵
  PID:6484
- C:\Windows\System\xKnLnml.exe
  C:\Windows\System\xKnLnml.exe
  2⤵
  PID:6520
- C:\Windows\System\nfRTMpi.exe
  C:\Windows\System\nfRTMpi.exe
  2⤵
  PID:6648
- C:\Windows\System\hGtwmRh.exe
  C:\Windows\System\hGtwmRh.exe
  2⤵
  PID:6584
- C:\Windows\System\RDWmvbc.exe
  C:\Windows\System\RDWmvbc.exe
  2⤵
  PID:6596
- C:\Windows\System\CcODLPT.exe
  C:\Windows\System\CcODLPT.exe
  2⤵
  PID:6756
- C:\Windows\System\HMPXTHf.exe
  C:\Windows\System\HMPXTHf.exe
  2⤵
  PID:6740
- C:\Windows\System\UYpYUSg.exe
  C:\Windows\System\UYpYUSg.exe
  2⤵
  PID:7028
- C:\Windows\System\qLCokbU.exe
  C:\Windows\System\qLCokbU.exe
  2⤵
  PID:6936
- C:\Windows\System\FgtntOM.exe
  C:\Windows\System\FgtntOM.exe
  2⤵
  PID:7012
- C:\Windows\System\TOrksBK.exe
  C:\Windows\System\TOrksBK.exe
  2⤵
  PID:7080
- C:\Windows\System\DiHyYIC.exe
  C:\Windows\System\DiHyYIC.exe
  2⤵
  PID:6260
- C:\Windows\System\HHPDLsJ.exe
  C:\Windows\System\HHPDLsJ.exe
  2⤵
  PID:6200
- C:\Windows\System\LIYcwVZ.exe
  C:\Windows\System\LIYcwVZ.exe
  2⤵
  PID:6328
- C:\Windows\System\FniSyGV.exe
  C:\Windows\System\FniSyGV.exe
  2⤵
  PID:6532
- C:\Windows\System\fJCakwi.exe
  C:\Windows\System\fJCakwi.exe
  2⤵
  PID:6708
- C:\Windows\System\wWYhWIM.exe
  C:\Windows\System\wWYhWIM.exe
  2⤵
  PID:6312
- C:\Windows\System\QhznMBK.exe
  C:\Windows\System\QhznMBK.exe
  2⤵
  PID:6660
- C:\Windows\System\cwMbhpg.exe
  C:\Windows\System\cwMbhpg.exe
  2⤵
  PID:6808
- C:\Windows\System\fuwWqkI.exe
  C:\Windows\System\fuwWqkI.exe
  2⤵
  PID:6152
- C:\Windows\System\ThdzKPU.exe
  C:\Windows\System\ThdzKPU.exe
  2⤵
  PID:7096
- C:\Windows\System\fGBTvIv.exe
  C:\Windows\System\fGBTvIv.exe
  2⤵
  PID:6424
- C:\Windows\System\sXOkMmo.exe
  C:\Windows\System\sXOkMmo.exe
  2⤵
  PID:6468
- C:\Windows\System\XGcNbJy.exe
  C:\Windows\System\XGcNbJy.exe
  2⤵
  PID:6856
- C:\Windows\System\zeAaBUv.exe
  C:\Windows\System\zeAaBUv.exe
  2⤵
  PID:7076
- C:\Windows\System\XrHMNkr.exe
  C:\Windows\System\XrHMNkr.exe
  2⤵
  PID:7180
- C:\Windows\System\YIFwLgu.exe
  C:\Windows\System\YIFwLgu.exe
  2⤵
  PID:7196
- C:\Windows\System\MQHszxb.exe
  C:\Windows\System\MQHszxb.exe
  2⤵
  PID:7212
- C:\Windows\System\JcLdhqp.exe
  C:\Windows\System\JcLdhqp.exe
  2⤵
  PID:7228
- C:\Windows\System\HFycvoE.exe
  C:\Windows\System\HFycvoE.exe
  2⤵
  PID:7244
- C:\Windows\System\UBgpMaU.exe
  C:\Windows\System\UBgpMaU.exe
  2⤵
  PID:7260
- C:\Windows\System\HOwvmQS.exe
  C:\Windows\System\HOwvmQS.exe
  2⤵
  PID:7276
- C:\Windows\System\wgsrDXD.exe
  C:\Windows\System\wgsrDXD.exe
  2⤵
  PID:7292
- C:\Windows\System\fPFRWEL.exe
  C:\Windows\System\fPFRWEL.exe
  2⤵
  PID:7308
- C:\Windows\System\DVPaVUJ.exe
  C:\Windows\System\DVPaVUJ.exe
  2⤵
  PID:7324
- C:\Windows\System\PbZjmnV.exe
  C:\Windows\System\PbZjmnV.exe
  2⤵
  PID:7340
- C:\Windows\System\BsByLuA.exe
  C:\Windows\System\BsByLuA.exe
  2⤵
  PID:7356
- C:\Windows\System\MAVIAZR.exe
  C:\Windows\System\MAVIAZR.exe
  2⤵
  PID:7372
- C:\Windows\System\QyInDHI.exe
  C:\Windows\System\QyInDHI.exe
  2⤵
  PID:7388
- C:\Windows\System\fiANUzl.exe
  C:\Windows\System\fiANUzl.exe
  2⤵
  PID:7404
- C:\Windows\System\KoPkJTh.exe
  C:\Windows\System\KoPkJTh.exe
  2⤵
  PID:7420
- C:\Windows\System\NYUXyus.exe
  C:\Windows\System\NYUXyus.exe
  2⤵
  PID:7436
- C:\Windows\System\kFSzaBr.exe
  C:\Windows\System\kFSzaBr.exe
  2⤵
  PID:7452
- C:\Windows\System\DZtaNgn.exe
  C:\Windows\System\DZtaNgn.exe
  2⤵
  PID:7468
- C:\Windows\System\SIXAPyv.exe
  C:\Windows\System\SIXAPyv.exe
  2⤵
  PID:7484
- C:\Windows\System\EmfWPfY.exe
  C:\Windows\System\EmfWPfY.exe
  2⤵
  PID:7500
- C:\Windows\System\FukRAcO.exe
  C:\Windows\System\FukRAcO.exe
  2⤵
  PID:7516
- C:\Windows\System\uwxisCM.exe
  C:\Windows\System\uwxisCM.exe
  2⤵
  PID:7532
- C:\Windows\System\pkSTaiN.exe
  C:\Windows\System\pkSTaiN.exe
  2⤵
  PID:7548
- C:\Windows\System\IQeksjD.exe
  C:\Windows\System\IQeksjD.exe
  2⤵
  PID:7564
- C:\Windows\System\RJqoubJ.exe
  C:\Windows\System\RJqoubJ.exe
  2⤵
  PID:7580
- C:\Windows\System\JdtluuL.exe
  C:\Windows\System\JdtluuL.exe
  2⤵
  PID:7596
- C:\Windows\System\hHydpRE.exe
  C:\Windows\System\hHydpRE.exe
  2⤵
  PID:7612
- C:\Windows\System\FQCVyDi.exe
  C:\Windows\System\FQCVyDi.exe
  2⤵
  PID:7628
- C:\Windows\System\LSiIyNW.exe
  C:\Windows\System\LSiIyNW.exe
  2⤵
  PID:7644
- C:\Windows\System\SbFuKBk.exe
  C:\Windows\System\SbFuKBk.exe
  2⤵
  PID:7660
- C:\Windows\System\zPzpPLF.exe
  C:\Windows\System\zPzpPLF.exe
  2⤵
  PID:7676
- C:\Windows\System\xrCFTHm.exe
  C:\Windows\System\xrCFTHm.exe
  2⤵
  PID:7692
- C:\Windows\System\hRkSMxI.exe
  C:\Windows\System\hRkSMxI.exe
  2⤵
  PID:7712
- C:\Windows\System\rohOoSz.exe
  C:\Windows\System\rohOoSz.exe
  2⤵
  PID:7728
- C:\Windows\System\CTMBPYZ.exe
  C:\Windows\System\CTMBPYZ.exe
  2⤵
  PID:7744
- C:\Windows\System\rymnVLu.exe
  C:\Windows\System\rymnVLu.exe
  2⤵
  PID:7760
- C:\Windows\System\iTCHNuH.exe
  C:\Windows\System\iTCHNuH.exe
  2⤵
  PID:7776
- C:\Windows\System\PYorevn.exe
  C:\Windows\System\PYorevn.exe
  2⤵
  PID:7792
- C:\Windows\System\SBQvUsN.exe
  C:\Windows\System\SBQvUsN.exe
  2⤵
  PID:7808
- C:\Windows\System\BQBIcnM.exe
  C:\Windows\System\BQBIcnM.exe
  2⤵
  PID:7824
- C:\Windows\System\HZqvuwK.exe
  C:\Windows\System\HZqvuwK.exe
  2⤵
  PID:7840
- C:\Windows\System\XuCJSkb.exe
  C:\Windows\System\XuCJSkb.exe
  2⤵
  PID:7856
- C:\Windows\System\qkZfaFd.exe
  C:\Windows\System\qkZfaFd.exe
  2⤵
  PID:7872
- C:\Windows\System\cZAQxJi.exe
  C:\Windows\System\cZAQxJi.exe
  2⤵
  PID:7888
- C:\Windows\System\LlymOqW.exe
  C:\Windows\System\LlymOqW.exe
  2⤵
  PID:7904
- C:\Windows\System\bZrGVgn.exe
  C:\Windows\System\bZrGVgn.exe
  2⤵
  PID:7920
- C:\Windows\System\piGdZqV.exe
  C:\Windows\System\piGdZqV.exe
  2⤵
  PID:7936
- C:\Windows\System\SARhXgD.exe
  C:\Windows\System\SARhXgD.exe
  2⤵
  PID:7952
- C:\Windows\System\jTvDLye.exe
  C:\Windows\System\jTvDLye.exe
  2⤵
  PID:7968
- C:\Windows\System\pbPBUWt.exe
  C:\Windows\System\pbPBUWt.exe
  2⤵
  PID:7984
- C:\Windows\System\FwRzUaP.exe
  C:\Windows\System\FwRzUaP.exe
  2⤵
  PID:8000
- C:\Windows\System\tPBNqwC.exe
  C:\Windows\System\tPBNqwC.exe
  2⤵
  PID:8016
- C:\Windows\System\xnJxazH.exe
  C:\Windows\System\xnJxazH.exe
  2⤵
  PID:8032
- C:\Windows\System\pHHEbvy.exe
  C:\Windows\System\pHHEbvy.exe
  2⤵
  PID:8048
- C:\Windows\System\qJjWuJO.exe
  C:\Windows\System\qJjWuJO.exe
  2⤵
  PID:8064
- C:\Windows\System\dcRftdA.exe
  C:\Windows\System\dcRftdA.exe
  2⤵
  PID:8080
- C:\Windows\System\mAXQVki.exe
  C:\Windows\System\mAXQVki.exe
  2⤵
  PID:8096
- C:\Windows\System\XiRCMtG.exe
  C:\Windows\System\XiRCMtG.exe
  2⤵
  PID:8112
- C:\Windows\System\vBbOQrD.exe
  C:\Windows\System\vBbOQrD.exe
  2⤵
  PID:8128
- C:\Windows\System\Yhyohnp.exe
  C:\Windows\System\Yhyohnp.exe
  2⤵
  PID:8144
- C:\Windows\System\cLFYUhc.exe
  C:\Windows\System\cLFYUhc.exe
  2⤵
  PID:8160
- C:\Windows\System\TQddcex.exe
  C:\Windows\System\TQddcex.exe
  2⤵
  PID:8176
- C:\Windows\System\uwbDGZc.exe
  C:\Windows\System\uwbDGZc.exe
  2⤵
  PID:7124
- C:\Windows\System\JNvKcGr.exe
  C:\Windows\System\JNvKcGr.exe
  2⤵
  PID:7172
- C:\Windows\System\NatWOBS.exe
  C:\Windows\System\NatWOBS.exe
  2⤵
  PID:7236
- C:\Windows\System\PjzEZMm.exe
  C:\Windows\System\PjzEZMm.exe
  2⤵
  PID:7272
- C:\Windows\System\cOtUaue.exe
  C:\Windows\System\cOtUaue.exe
  2⤵
  PID:7336
- C:\Windows\System\NnelFxh.exe
  C:\Windows\System\NnelFxh.exe
  2⤵
  PID:7188
- C:\Windows\System\TnJYcys.exe
  C:\Windows\System\TnJYcys.exe
  2⤵
  PID:7192
- C:\Windows\System\YMQjAEu.exe
  C:\Windows\System\YMQjAEu.exe
  2⤵
  PID:7320
- C:\Windows\System\naryFLq.exe
  C:\Windows\System\naryFLq.exe
  2⤵
  PID:7396
- C:\Windows\System\iYfxakT.exe
  C:\Windows\System\iYfxakT.exe
  2⤵
  PID:7460
- C:\Windows\System\BpQyqlS.exe
  C:\Windows\System\BpQyqlS.exe
  2⤵
  PID:7412
- C:\Windows\System\uhBTAwu.exe
  C:\Windows\System\uhBTAwu.exe
  2⤵
  PID:7464
- C:\Windows\System\iqLwstP.exe
  C:\Windows\System\iqLwstP.exe
  2⤵
  PID:7528
- C:\Windows\System\jzGbUJE.exe
  C:\Windows\System\jzGbUJE.exe
  2⤵
  PID:7592
- C:\Windows\System\DzsXLWO.exe
  C:\Windows\System\DzsXLWO.exe
  2⤵
  PID:7480
- C:\Windows\System\QBiWXFd.exe
  C:\Windows\System\QBiWXFd.exe
  2⤵
  PID:7544
- C:\Windows\System\MLwplKU.exe
  C:\Windows\System\MLwplKU.exe
  2⤵
  PID:7608
- C:\Windows\System\SJyrIBn.exe
  C:\Windows\System\SJyrIBn.exe
  2⤵
  PID:7656
- C:\Windows\System\sHoXdXW.exe
  C:\Windows\System\sHoXdXW.exe
  2⤵
  PID:7724
- C:\Windows\System\BVWROzQ.exe
  C:\Windows\System\BVWROzQ.exe
  2⤵
  PID:7788
- C:\Windows\System\bfqgLni.exe
  C:\Windows\System\bfqgLni.exe
  2⤵
  PID:7884
- C:\Windows\System\JROXIaj.exe
  C:\Windows\System\JROXIaj.exe
  2⤵
  PID:7848
- C:\Windows\System\ubabmro.exe
  C:\Windows\System\ubabmro.exe
  2⤵
  PID:7976
- C:\Windows\System\EnNBLWk.exe
  C:\Windows\System\EnNBLWk.exe
  2⤵
  PID:8012
- C:\Windows\System\QlnWbWj.exe
  C:\Windows\System\QlnWbWj.exe
  2⤵
  PID:7736
- C:\Windows\System\mxzrsma.exe
  C:\Windows\System\mxzrsma.exe
  2⤵
  PID:7864
- C:\Windows\System\YYQgKin.exe
  C:\Windows\System\YYQgKin.exe
  2⤵
  PID:7928
- C:\Windows\System\iPlzyZR.exe
  C:\Windows\System\iPlzyZR.exe
  2⤵
  PID:7992
- C:\Windows\System\ZkvBATa.exe
  C:\Windows\System\ZkvBATa.exe
  2⤵
  PID:8024
- C:\Windows\System\IZawpkI.exe
  C:\Windows\System\IZawpkI.exe
  2⤵
  PID:8104
- C:\Windows\System\KCStWas.exe
  C:\Windows\System\KCStWas.exe
  2⤵
  PID:8168
- C:\Windows\System\fbzOllk.exe
  C:\Windows\System\fbzOllk.exe
  2⤵
  PID:8060
- C:\Windows\System\OhEjEEc.exe
  C:\Windows\System\OhEjEEc.exe
  2⤵
  PID:8120
- C:\Windows\System\TRVAXux.exe
  C:\Windows\System\TRVAXux.exe
  2⤵
  PID:8092
- C:\Windows\System\JAhlVUs.exe
  C:\Windows\System\JAhlVUs.exe
  2⤵
  PID:6920
- C:\Windows\System\BXXzRCk.exe
  C:\Windows\System\BXXzRCk.exe
  2⤵
  PID:7060
- C:\Windows\System\uvOXPIv.exe
  C:\Windows\System\uvOXPIv.exe
  2⤵
  PID:7432
- C:\Windows\System\YvYQnwY.exe
  C:\Windows\System\YvYQnwY.exe
  2⤵
  PID:7588
- C:\Windows\System\HSTdmOA.exe
  C:\Windows\System\HSTdmOA.exe
  2⤵
  PID:7756
- C:\Windows\System\Dymglim.exe
  C:\Windows\System\Dymglim.exe
  2⤵
  PID:7672
- C:\Windows\System\iBTwUuM.exe
  C:\Windows\System\iBTwUuM.exe
  2⤵
  PID:7804
- C:\Windows\System\NkIoTHN.exe
  C:\Windows\System\NkIoTHN.exe
  2⤵
  PID:7964
- C:\Windows\System\ywNRpxc.exe
  C:\Windows\System\ywNRpxc.exe
  2⤵
  PID:8056
- C:\Windows\System\HpRvugo.exe
  C:\Windows\System\HpRvugo.exe
  2⤵
  PID:7476
- C:\Windows\System\TeeunuU.exe
  C:\Windows\System\TeeunuU.exe
  2⤵
  PID:7368
- C:\Windows\System\EdttClV.exe
  C:\Windows\System\EdttClV.exe
  2⤵
  PID:7524
- C:\Windows\System\YRDOdJK.exe
  C:\Windows\System\YRDOdJK.exe
  2⤵
  PID:8136
- C:\Windows\System\KLSWfFA.exe
  C:\Windows\System\KLSWfFA.exe
  2⤵
  PID:7720
- C:\Windows\System\qVZmJLO.exe
  C:\Windows\System\qVZmJLO.exe
  2⤵
  PID:7800
- C:\Windows\System\miuymtB.exe
  C:\Windows\System\miuymtB.exe
  2⤵
  PID:8140
- C:\Windows\System\HpuIfCM.exe
  C:\Windows\System\HpuIfCM.exe
  2⤵
  PID:8188
- C:\Windows\System\RiGsVuM.exe
  C:\Windows\System\RiGsVuM.exe
  2⤵
  PID:7252
- C:\Windows\System\LOpCuzH.exe
  C:\Windows\System\LOpCuzH.exe
  2⤵
  PID:7540
- C:\Windows\System\QNlFflr.exe
  C:\Windows\System\QNlFflr.exe
  2⤵
  PID:7208
- C:\Windows\System\HCfNekZ.exe
  C:\Windows\System\HCfNekZ.exe
  2⤵
  PID:7944
- C:\Windows\System\eriAQdq.exe
  C:\Windows\System\eriAQdq.exe
  2⤵
  PID:7304
- C:\Windows\System\unwTpYM.exe
  C:\Windows\System\unwTpYM.exe
  2⤵
  PID:8028
- C:\Windows\System\dEWKsTx.exe
  C:\Windows\System\dEWKsTx.exe
  2⤵
  PID:7688
- C:\Windows\System\TZmfbvC.exe
  C:\Windows\System\TZmfbvC.exe
  2⤵
  PID:7316
- C:\Windows\System\pSdqxnF.exe
  C:\Windows\System\pSdqxnF.exe
  2⤵
  PID:7832
- C:\Windows\System\WzFalit.exe
  C:\Windows\System\WzFalit.exe
  2⤵
  PID:7652
- C:\Windows\System\AjFRCyw.exe
  C:\Windows\System\AjFRCyw.exe
  2⤵
  PID:7604
- C:\Windows\System\qeyhYKM.exe
  C:\Windows\System\qeyhYKM.exe
  2⤵
  PID:8076
- C:\Windows\System\KiHoeeC.exe
  C:\Windows\System\KiHoeeC.exe
  2⤵
  PID:8204
- C:\Windows\System\fCtFfit.exe
  C:\Windows\System\fCtFfit.exe
  2⤵
  PID:8220
- C:\Windows\System\TcMmNTJ.exe
  C:\Windows\System\TcMmNTJ.exe
  2⤵
  PID:8236
- C:\Windows\System\RalaolF.exe
  C:\Windows\System\RalaolF.exe
  2⤵
  PID:8252
- C:\Windows\System\DBJhlxa.exe
  C:\Windows\System\DBJhlxa.exe
  2⤵
  PID:8272
- C:\Windows\System\ypDGpOO.exe
  C:\Windows\System\ypDGpOO.exe
  2⤵
  PID:8288
- C:\Windows\System\NrKCHGS.exe
  C:\Windows\System\NrKCHGS.exe
  2⤵
  PID:8304
- C:\Windows\System\lDaEAIe.exe
  C:\Windows\System\lDaEAIe.exe
  2⤵
  PID:8320
- C:\Windows\System\IrVZgAH.exe
  C:\Windows\System\IrVZgAH.exe
  2⤵
  PID:8336
- C:\Windows\System\gUBpyYZ.exe
  C:\Windows\System\gUBpyYZ.exe
  2⤵
  PID:8352
- C:\Windows\System\HmKEXMu.exe
  C:\Windows\System\HmKEXMu.exe
  2⤵
  PID:8368
- C:\Windows\System\uqDzoGF.exe
  C:\Windows\System\uqDzoGF.exe
  2⤵
  PID:8384
- C:\Windows\System\bybvyPQ.exe
  C:\Windows\System\bybvyPQ.exe
  2⤵
  PID:8400
- C:\Windows\System\zESoqQi.exe
  C:\Windows\System\zESoqQi.exe
  2⤵
  PID:8416
- C:\Windows\System\nZemLPY.exe
  C:\Windows\System\nZemLPY.exe
  2⤵
  PID:8432
- C:\Windows\System\jPPntKc.exe
  C:\Windows\System\jPPntKc.exe
  2⤵
  PID:8448
- C:\Windows\System\VeFRgCQ.exe
  C:\Windows\System\VeFRgCQ.exe
  2⤵
  PID:8464
- C:\Windows\System\jZcmJrj.exe
  C:\Windows\System\jZcmJrj.exe
  2⤵
  PID:8480
- C:\Windows\System\rPVkxoY.exe
  C:\Windows\System\rPVkxoY.exe
  2⤵
  PID:8496
- C:\Windows\System\TBCNaRc.exe
  C:\Windows\System\TBCNaRc.exe
  2⤵
  PID:8512
- C:\Windows\System\zgCgBjq.exe
  C:\Windows\System\zgCgBjq.exe
  2⤵
  PID:8528
- C:\Windows\System\rsShhsT.exe
  C:\Windows\System\rsShhsT.exe
  2⤵
  PID:8544
- C:\Windows\System\DCvfRnm.exe
  C:\Windows\System\DCvfRnm.exe
  2⤵
  PID:8560
- C:\Windows\System\QUbUnHS.exe
  C:\Windows\System\QUbUnHS.exe
  2⤵
  PID:8576
- C:\Windows\System\hvaatyj.exe
  C:\Windows\System\hvaatyj.exe
  2⤵
  PID:8592
- C:\Windows\System\UIwNcvx.exe
  C:\Windows\System\UIwNcvx.exe
  2⤵
  PID:8608
- C:\Windows\System\sIZsyUx.exe
  C:\Windows\System\sIZsyUx.exe
  2⤵
  PID:8624
- C:\Windows\System\rTARmjd.exe
  C:\Windows\System\rTARmjd.exe
  2⤵
  PID:8640
- C:\Windows\System\wjhJyeF.exe
  C:\Windows\System\wjhJyeF.exe
  2⤵
  PID:8656
- C:\Windows\System\caXyqHn.exe
  C:\Windows\System\caXyqHn.exe
  2⤵
  PID:8672
- C:\Windows\System\wIMnwKX.exe
  C:\Windows\System\wIMnwKX.exe
  2⤵
  PID:8688
- C:\Windows\System\GUNueff.exe
  C:\Windows\System\GUNueff.exe
  2⤵
  PID:8704
- C:\Windows\System\QIVLrtG.exe
  C:\Windows\System\QIVLrtG.exe
  2⤵
  PID:8720
- C:\Windows\System\WeIBQLz.exe
  C:\Windows\System\WeIBQLz.exe
  2⤵
  PID:8736
- C:\Windows\System\oAopJtj.exe
  C:\Windows\System\oAopJtj.exe
  2⤵
  PID:8752
- C:\Windows\System\xoEeXhO.exe
  C:\Windows\System\xoEeXhO.exe
  2⤵
  PID:8768
- C:\Windows\System\gdaHibm.exe
  C:\Windows\System\gdaHibm.exe
  2⤵
  PID:8784
- C:\Windows\System\ycdvlnY.exe
  C:\Windows\System\ycdvlnY.exe
  2⤵
  PID:8800
- C:\Windows\System\efZStGU.exe
  C:\Windows\System\efZStGU.exe
  2⤵
  PID:8816
- C:\Windows\System\pVyeoum.exe
  C:\Windows\System\pVyeoum.exe
  2⤵
  PID:8832
- C:\Windows\System\bqpjVrz.exe
  C:\Windows\System\bqpjVrz.exe
  2⤵
  PID:8852
- C:\Windows\System\oooVbOE.exe
  C:\Windows\System\oooVbOE.exe
  2⤵
  PID:8868
- C:\Windows\System\RQDqbqx.exe
  C:\Windows\System\RQDqbqx.exe
  2⤵
  PID:8884
- C:\Windows\System\VUnOTlV.exe
  C:\Windows\System\VUnOTlV.exe
  2⤵
  PID:8900
- C:\Windows\System\ZUzFJFf.exe
  C:\Windows\System\ZUzFJFf.exe
  2⤵
  PID:8916
- C:\Windows\System\sZvLSKx.exe
  C:\Windows\System\sZvLSKx.exe
  2⤵
  PID:8932
- C:\Windows\System\FNQjvhB.exe
  C:\Windows\System\FNQjvhB.exe
  2⤵
  PID:8948
- C:\Windows\System\LZzGkOb.exe
  C:\Windows\System\LZzGkOb.exe
  2⤵
  PID:8964
- C:\Windows\System\hvhkOaQ.exe
  C:\Windows\System\hvhkOaQ.exe
  2⤵
  PID:8980
- C:\Windows\System\MvezRcQ.exe
  C:\Windows\System\MvezRcQ.exe
  2⤵
  PID:8996
- C:\Windows\System\zgYVbCW.exe
  C:\Windows\System\zgYVbCW.exe
  2⤵
  PID:9012
- C:\Windows\System\GYzTRVp.exe
  C:\Windows\System\GYzTRVp.exe
  2⤵
  PID:9028
- C:\Windows\System\LFLbgCZ.exe
  C:\Windows\System\LFLbgCZ.exe
  2⤵
  PID:9044
- C:\Windows\System\RqNCenK.exe
  C:\Windows\System\RqNCenK.exe
  2⤵
  PID:9060
- C:\Windows\System\lifdgyQ.exe
  C:\Windows\System\lifdgyQ.exe
  2⤵
  PID:9076
- C:\Windows\System\GErZlXE.exe
  C:\Windows\System\GErZlXE.exe
  2⤵
  PID:9092
- C:\Windows\System\bspLWWA.exe
  C:\Windows\System\bspLWWA.exe
  2⤵
  PID:9108
- C:\Windows\System\vsgkQcz.exe
  C:\Windows\System\vsgkQcz.exe
  2⤵
  PID:9124
- C:\Windows\System\AhhydBx.exe
  C:\Windows\System\AhhydBx.exe
  2⤵
  PID:9140
- C:\Windows\System\ADOQTEQ.exe
  C:\Windows\System\ADOQTEQ.exe
  2⤵
  PID:9156
- C:\Windows\System\ggkeDmQ.exe
  C:\Windows\System\ggkeDmQ.exe
  2⤵
  PID:9172
- C:\Windows\System\yFRBDYR.exe
  C:\Windows\System\yFRBDYR.exe
  2⤵
  PID:9188
- C:\Windows\System\YsnfLfL.exe
  C:\Windows\System\YsnfLfL.exe
  2⤵
  PID:9208
- C:\Windows\System\OkuiTUB.exe
  C:\Windows\System\OkuiTUB.exe
  2⤵
  PID:7772
- C:\Windows\System\kiBgmiJ.exe
  C:\Windows\System\kiBgmiJ.exe
  2⤵
  PID:7268
- C:\Windows\System\iOqPUZD.exe
  C:\Windows\System\iOqPUZD.exe
  2⤵
  PID:7220
- C:\Windows\System\IjCdrvv.exe
  C:\Windows\System\IjCdrvv.exe
  2⤵
  PID:8216
- C:\Windows\System\NGydroH.exe
  C:\Windows\System\NGydroH.exe
  2⤵
  PID:8248
- C:\Windows\System\Fbideqy.exe
  C:\Windows\System\Fbideqy.exe
  2⤵
  PID:8316
- C:\Windows\System\rhupGIs.exe
  C:\Windows\System\rhupGIs.exe
  2⤵
  PID:8264
- C:\Windows\System\efArJdr.exe
  C:\Windows\System\efArJdr.exe
  2⤵
  PID:8332
- C:\Windows\System\AXBgzLE.exe
  C:\Windows\System\AXBgzLE.exe
  2⤵
  PID:8396
- C:\Windows\System\QDKhhzI.exe
  C:\Windows\System\QDKhhzI.exe
  2⤵
  PID:8456
- C:\Windows\System\jZxNnHB.exe
  C:\Windows\System\jZxNnHB.exe
  2⤵
  PID:8492
- C:\Windows\System\NCiZyez.exe
  C:\Windows\System\NCiZyez.exe
  2⤵
  PID:8444
- C:\Windows\System\mFCCNyw.exe
  C:\Windows\System\mFCCNyw.exe
  2⤵
  PID:8524
- C:\Windows\System\hqYvLqb.exe
  C:\Windows\System\hqYvLqb.exe
  2⤵
  PID:8588
- C:\Windows\System\nUFzVCb.exe
  C:\Windows\System\nUFzVCb.exe
  2⤵
  PID:8540
- C:\Windows\System\eSdCSKd.exe
  C:\Windows\System\eSdCSKd.exe
  2⤵
  PID:8568
- C:\Windows\System\ZecvYUv.exe
  C:\Windows\System\ZecvYUv.exe
  2⤵
  PID:8648
- C:\Windows\System\CwtmGOR.exe
  C:\Windows\System\CwtmGOR.exe
  2⤵
  PID:8684
- C:\Windows\System\IiPfQCU.exe
  C:\Windows\System\IiPfQCU.exe
  2⤵
  PID:8716
- C:\Windows\System\PeVAbmg.exe
  C:\Windows\System\PeVAbmg.exe
  2⤵
  PID:8780
- C:\Windows\System\CFNdluM.exe
  C:\Windows\System\CFNdluM.exe
  2⤵
  PID:8844
- C:\Windows\System\sqtsdko.exe
  C:\Windows\System\sqtsdko.exe
  2⤵
  PID:8912
- C:\Windows\System\GDaBQPH.exe
  C:\Windows\System\GDaBQPH.exe
  2⤵
  PID:8976
- C:\Windows\System\KrznCBC.exe
  C:\Windows\System\KrznCBC.exe
  2⤵
  PID:8940
- C:\Windows\System\ZrHyowu.exe
  C:\Windows\System\ZrHyowu.exe
  2⤵
  PID:8696
- C:\Windows\System\RJTSQdc.exe
  C:\Windows\System\RJTSQdc.exe
  2⤵
  PID:8760
- C:\Windows\System\iaHcJyo.exe
  C:\Windows\System\iaHcJyo.exe
  2⤵
  PID:8928
- C:\Windows\System\RnUDFCK.exe
  C:\Windows\System\RnUDFCK.exe
  2⤵
  PID:9020
- C:\Windows\System\yMYBJUZ.exe
  C:\Windows\System\yMYBJUZ.exe
  2⤵
  PID:8796
- C:\Windows\System\cDSXlcI.exe
  C:\Windows\System\cDSXlcI.exe
  2⤵
  PID:8824
- C:\Windows\System\vZxetfL.exe
  C:\Windows\System\vZxetfL.exe
  2⤵
  PID:9104
- C:\Windows\System\hLuDPRj.exe
  C:\Windows\System\hLuDPRj.exe
  2⤵
  PID:9168
- C:\Windows\System\geWLFiW.exe
  C:\Windows\System\geWLFiW.exe
  2⤵
  PID:7996
- C:\Windows\System\UPTfNEL.exe
  C:\Windows\System\UPTfNEL.exe
  2⤵
  PID:8312
- C:\Windows\System\vCeDZCI.exe
  C:\Windows\System\vCeDZCI.exe
  2⤵
  PID:8428
- C:\Windows\System\mdUsIfo.exe
  C:\Windows\System\mdUsIfo.exe
  2⤵
  PID:8584
- C:\Windows\System\lRTOHen.exe
  C:\Windows\System\lRTOHen.exe
  2⤵
  PID:7560
- C:\Windows\System\ZmFryap.exe
  C:\Windows\System\ZmFryap.exe
  2⤵
  PID:8364
- C:\Windows\System\xakmcpE.exe
  C:\Windows\System\xakmcpE.exe
  2⤵
  PID:9084
- C:\Windows\System\zPcLjxc.exe
  C:\Windows\System\zPcLjxc.exe
  2⤵
  PID:9148
- C:\Windows\System\lCFQNDE.exe
  C:\Windows\System\lCFQNDE.exe
  2⤵
  PID:7700
- C:\Windows\System\PnUYEEL.exe
  C:\Windows\System\PnUYEEL.exe
  2⤵
  PID:8392
- C:\Windows\System\TmAvpDI.exe
  C:\Windows\System\TmAvpDI.exe
  2⤵
  PID:8536
- C:\Windows\System\IKzKNkP.exe
  C:\Windows\System\IKzKNkP.exe
  2⤵
  PID:8776
- C:\Windows\System\PpDAmpp.exe
  C:\Windows\System\PpDAmpp.exe
  2⤵
  PID:9008
- C:\Windows\System\wCjroPi.exe
  C:\Windows\System\wCjroPi.exe
  2⤵
  PID:8972
- C:\Windows\System\EVhKnOC.exe
  C:\Windows\System\EVhKnOC.exe
  2⤵
  PID:8860
- C:\Windows\System\wfesUTq.exe
  C:\Windows\System\wfesUTq.exe
  2⤵
  PID:8232
- C:\Windows\System\oHSeOUY.exe
  C:\Windows\System\oHSeOUY.exe
  2⤵
  PID:8244
- C:\Windows\System\zzxgvWi.exe
  C:\Windows\System\zzxgvWi.exe
  2⤵
  PID:8664
- C:\Windows\System\YoegUbW.exe
  C:\Windows\System\YoegUbW.exe
  2⤵
  PID:8728
- C:\Windows\System\jUSOSJB.exe
  C:\Windows\System\jUSOSJB.exe
  2⤵
  PID:9220
- C:\Windows\System\gNQMEDZ.exe
  C:\Windows\System\gNQMEDZ.exe
  2⤵
  PID:9236
- C:\Windows\System\KbvCwkR.exe
  C:\Windows\System\KbvCwkR.exe
  2⤵
  PID:9252
- C:\Windows\System\mftJYKP.exe
  C:\Windows\System\mftJYKP.exe
  2⤵
  PID:9268
- C:\Windows\System\LKspAwa.exe
  C:\Windows\System\LKspAwa.exe
  2⤵
  PID:9284
- C:\Windows\System\bZWUoWr.exe
  C:\Windows\System\bZWUoWr.exe
  2⤵
  PID:9300
- C:\Windows\System\sGtXuyQ.exe
  C:\Windows\System\sGtXuyQ.exe
  2⤵
  PID:9316
- C:\Windows\System\CkClHhS.exe
  C:\Windows\System\CkClHhS.exe
  2⤵
  PID:9332
- C:\Windows\System\DTcMPeL.exe
  C:\Windows\System\DTcMPeL.exe
  2⤵
  PID:9348
- C:\Windows\System\gyijUsS.exe
  C:\Windows\System\gyijUsS.exe
  2⤵
  PID:9364
- C:\Windows\System\YBtyULg.exe
  C:\Windows\System\YBtyULg.exe
  2⤵
  PID:9380
- C:\Windows\System\hxVaLNw.exe
  C:\Windows\System\hxVaLNw.exe
  2⤵
  PID:9396
- C:\Windows\System\bFAoUVv.exe
  C:\Windows\System\bFAoUVv.exe
  2⤵
  PID:9412
- C:\Windows\System\jCRTebq.exe
  C:\Windows\System\jCRTebq.exe
  2⤵
  PID:9428
- C:\Windows\System\fzoLkIL.exe
  C:\Windows\System\fzoLkIL.exe
  2⤵
  PID:9448
- C:\Windows\System\yWeVgxS.exe
  C:\Windows\System\yWeVgxS.exe
  2⤵
  PID:9464
- C:\Windows\System\Jlopbny.exe
  C:\Windows\System\Jlopbny.exe
  2⤵
  PID:9480
- C:\Windows\System\Jgfxkyv.exe
  C:\Windows\System\Jgfxkyv.exe
  2⤵
  PID:9496
- C:\Windows\System\tfqZyNT.exe
  C:\Windows\System\tfqZyNT.exe
  2⤵
  PID:9512
- C:\Windows\System\AdiSsut.exe
  C:\Windows\System\AdiSsut.exe
  2⤵
  PID:9528
- C:\Windows\System\BCRBaoh.exe
  C:\Windows\System\BCRBaoh.exe
  2⤵
  PID:9544
- C:\Windows\System\kiOweXz.exe
  C:\Windows\System\kiOweXz.exe
  2⤵
  PID:9560
- C:\Windows\System\vkwfRNH.exe
  C:\Windows\System\vkwfRNH.exe
  2⤵
  PID:9576
- C:\Windows\System\XAgAvyV.exe
  C:\Windows\System\XAgAvyV.exe
  2⤵
  PID:9592
- C:\Windows\System\SquUjMf.exe
  C:\Windows\System\SquUjMf.exe
  2⤵
  PID:9608
- C:\Windows\System\XoFwWit.exe
  C:\Windows\System\XoFwWit.exe
  2⤵
  PID:9624
- C:\Windows\System\xqofETy.exe
  C:\Windows\System\xqofETy.exe
  2⤵
  PID:9640
- C:\Windows\System\TBdHybK.exe
  C:\Windows\System\TBdHybK.exe
  2⤵
  PID:9656
- C:\Windows\System\ZeuKQyC.exe
  C:\Windows\System\ZeuKQyC.exe
  2⤵
  PID:9672
- C:\Windows\System\Qshfain.exe
  C:\Windows\System\Qshfain.exe
  2⤵
  PID:9688
- C:\Windows\System\ufBViVl.exe
  C:\Windows\System\ufBViVl.exe
  2⤵
  PID:9704
- C:\Windows\System\bnEEndQ.exe
  C:\Windows\System\bnEEndQ.exe
  2⤵
  PID:9720
- C:\Windows\System\LCSOmvS.exe
  C:\Windows\System\LCSOmvS.exe
  2⤵
  PID:9736
- C:\Windows\System\NCYPtdH.exe
  C:\Windows\System\NCYPtdH.exe
  2⤵
  PID:9752
- C:\Windows\System\OzyrECM.exe
  C:\Windows\System\OzyrECM.exe
  2⤵
  PID:9768
- C:\Windows\System\ByHboGG.exe
  C:\Windows\System\ByHboGG.exe
  2⤵
  PID:9784
- C:\Windows\System\gatwSUe.exe
  C:\Windows\System\gatwSUe.exe
  2⤵
  PID:9800
- C:\Windows\System\mKRgZep.exe
  C:\Windows\System\mKRgZep.exe
  2⤵
  PID:9816
- C:\Windows\System\iTxscuo.exe
  C:\Windows\System\iTxscuo.exe
  2⤵
  PID:9832
- C:\Windows\System\ywxnBig.exe
  C:\Windows\System\ywxnBig.exe
  2⤵
  PID:9848
- C:\Windows\System\GAIdGHV.exe
  C:\Windows\System\GAIdGHV.exe
  2⤵
  PID:9864
- C:\Windows\System\oCdEhcH.exe
  C:\Windows\System\oCdEhcH.exe
  2⤵
  PID:9880
- C:\Windows\System\lujCsnF.exe
  C:\Windows\System\lujCsnF.exe
  2⤵
  PID:9896
- C:\Windows\System\qxbkRWB.exe
  C:\Windows\System\qxbkRWB.exe
  2⤵
  PID:9912
- C:\Windows\System\lpxjFCn.exe
  C:\Windows\System\lpxjFCn.exe
  2⤵
  PID:9928
- C:\Windows\System\IbKMURV.exe
  C:\Windows\System\IbKMURV.exe
  2⤵
  PID:9944
- C:\Windows\System\sqPEaKe.exe
  C:\Windows\System\sqPEaKe.exe
  2⤵
  PID:9960
- C:\Windows\System\GyPpNiJ.exe
  C:\Windows\System\GyPpNiJ.exe
  2⤵
  PID:9976
- C:\Windows\System\SiFONjD.exe
  C:\Windows\System\SiFONjD.exe
  2⤵
  PID:9992
- C:\Windows\System\RfOsBNf.exe
  C:\Windows\System\RfOsBNf.exe
  2⤵
  PID:10008
- C:\Windows\System\ryWgKFA.exe
  C:\Windows\System\ryWgKFA.exe
  2⤵
  PID:10024
- C:\Windows\System\cqsWdDC.exe
  C:\Windows\System\cqsWdDC.exe
  2⤵
  PID:10040
- C:\Windows\System\UVKIkKE.exe
  C:\Windows\System\UVKIkKE.exe
  2⤵
  PID:10056
- C:\Windows\System\OXVCeWL.exe
  C:\Windows\System\OXVCeWL.exe
  2⤵
  PID:10072
- C:\Windows\System\yAcrczR.exe
  C:\Windows\System\yAcrczR.exe
  2⤵
  PID:10088
- C:\Windows\System\tvWUIAZ.exe
  C:\Windows\System\tvWUIAZ.exe
  2⤵
  PID:10104
- C:\Windows\System\PFjQcqZ.exe
  C:\Windows\System\PFjQcqZ.exe
  2⤵
  PID:10120
- C:\Windows\System\xLjZqwD.exe
  C:\Windows\System\xLjZqwD.exe
  2⤵
  PID:10136
- C:\Windows\System\lzfqPut.exe
  C:\Windows\System\lzfqPut.exe
  2⤵
  PID:10152
- C:\Windows\System\jHvQcEB.exe
  C:\Windows\System\jHvQcEB.exe
  2⤵
  PID:10168
- C:\Windows\System\ddrysVk.exe
  C:\Windows\System\ddrysVk.exe
  2⤵
  PID:10184
- C:\Windows\System\iRcqwyK.exe
  C:\Windows\System\iRcqwyK.exe
  2⤵
  PID:10200
- C:\Windows\System\VVtCGMn.exe
  C:\Windows\System\VVtCGMn.exe
  2⤵
  PID:10216
- C:\Windows\System\xYctrrm.exe
  C:\Windows\System\xYctrrm.exe
  2⤵
  PID:10232
- C:\Windows\System\CxZByor.exe
  C:\Windows\System\CxZByor.exe
  2⤵
  PID:9120
- C:\Windows\System\XaufBxf.exe
  C:\Windows\System\XaufBxf.exe
  2⤵
  PID:9248
- C:\Windows\System\XYOaCuL.exe
  C:\Windows\System\XYOaCuL.exe
  2⤵
  PID:9052
- C:\Windows\System\DEuGQgb.exe
  C:\Windows\System\DEuGQgb.exe
  2⤵
  PID:8812
- C:\Windows\System\HNUuwYt.exe
  C:\Windows\System\HNUuwYt.exe
  2⤵
  PID:7448
- C:\Windows\System\aaPQPvE.exe
  C:\Windows\System\aaPQPvE.exe
  2⤵
  PID:8896
- C:\Windows\System\kxlKjGL.exe
  C:\Windows\System\kxlKjGL.exe
  2⤵
  PID:9200
- C:\Windows\System\ybTTBry.exe
  C:\Windows\System\ybTTBry.exe
  2⤵
  PID:9180
- C:\Windows\System\OWXNXLk.exe
  C:\Windows\System\OWXNXLk.exe
  2⤵
  PID:8508
- C:\Windows\System\gzoEjUi.exe
  C:\Windows\System\gzoEjUi.exe
  2⤵
  PID:8556
- C:\Windows\System\XaFaokJ.exe
  C:\Windows\System\XaFaokJ.exe
  2⤵
  PID:9232
- C:\Windows\System\vpFNIdG.exe
  C:\Windows\System\vpFNIdG.exe
  2⤵
  PID:9296
- C:\Windows\System\zojuQQX.exe
  C:\Windows\System\zojuQQX.exe
  2⤵
  PID:9344
- C:\Windows\System\JSyBdTg.exe
  C:\Windows\System\JSyBdTg.exe
  2⤵
  PID:9408
- C:\Windows\System\sZYzPOU.exe
  C:\Windows\System\sZYzPOU.exe
  2⤵
  PID:9356
- C:\Windows\System\IVcrcWF.exe
  C:\Windows\System\IVcrcWF.exe
  2⤵
  PID:9424
- C:\Windows\System\xrvMZNN.exe
  C:\Windows\System\xrvMZNN.exe
  2⤵
  PID:9504
- C:\Windows\System\QfpsSHe.exe
  C:\Windows\System\QfpsSHe.exe
  2⤵
  PID:9568
- C:\Windows\System\KPAiSth.exe
  C:\Windows\System\KPAiSth.exe
  2⤵
  PID:9632
- C:\Windows\System\ZkCWsLV.exe
  C:\Windows\System\ZkCWsLV.exe
  2⤵
  PID:9204
- C:\Windows\System\JgMSHho.exe
  C:\Windows\System\JgMSHho.exe
  2⤵
  PID:9732
- C:\Windows\System\qEeoswi.exe
  C:\Windows\System\qEeoswi.exe
  2⤵
  PID:9792
- C:\Windows\System\qnKLhel.exe
  C:\Windows\System\qnKLhel.exe
  2⤵
  PID:9856
- C:\Windows\System\tLazHmS.exe
  C:\Windows\System\tLazHmS.exe
  2⤵
  PID:9892
- C:\Windows\System\WwzJxtZ.exe
  C:\Windows\System\WwzJxtZ.exe
  2⤵
  PID:9956
- C:\Windows\System\DNysOgM.exe
  C:\Windows\System\DNysOgM.exe
  2⤵
  PID:9984
- C:\Windows\System\jwrHhhO.exe
  C:\Windows\System\jwrHhhO.exe
  2⤵
  PID:9552
- C:\Windows\System\KvieVfN.exe
  C:\Windows\System\KvieVfN.exe
  2⤵
  PID:9712
- C:\Windows\System\nhChSYL.exe
  C:\Windows\System\nhChSYL.exe
  2⤵
  PID:9492
- C:\Windows\System\BVPsclz.exe
  C:\Windows\System\BVPsclz.exe
  2⤵
  PID:9584
- C:\Windows\System\lUCGMnX.exe
  C:\Windows\System\lUCGMnX.exe
  2⤵
  PID:9684
- C:\Windows\System\rKsySlO.exe
  C:\Windows\System\rKsySlO.exe
  2⤵
  PID:9812
- C:\Windows\System\CcnCjLH.exe
  C:\Windows\System\CcnCjLH.exe
  2⤵
  PID:9904
- C:\Windows\System\XxpLfEt.exe
  C:\Windows\System\XxpLfEt.exe
  2⤵
  PID:9972
- C:\Windows\System\lcOnTdX.exe
  C:\Windows\System\lcOnTdX.exe
  2⤵
  PID:10052
- C:\Windows\System\QGALvwP.exe
  C:\Windows\System\QGALvwP.exe
  2⤵
  PID:10064
- C:\Windows\System\OxCAagX.exe
  C:\Windows\System\OxCAagX.exe
  2⤵
  PID:10128
- C:\Windows\System\igaOVZy.exe
  C:\Windows\System\igaOVZy.exe
  2⤵
  PID:10148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BGJncFI.exe

Filesize
6.0MB

MD5
eff48dfeaae5ab564000bb9457ea69ad

SHA1
bb6ed6e1592722e464e3c7a03b170b2180cc2687

SHA256
c6411071821903cde6ef2e0716cbee1210cb83963bdcb6edccf264809740e651

SHA512
34ae8990f1e7d2d3d0df4d3832144088ca848ba616e79284e8f20be463a145b4cdb32e38f31c05cf539046587637de758c6bf9b2a3561ad70dfb469c9fe20e2d

Download Submit
C:\Windows\system\BYdSGMY.exe

Filesize
6.0MB

MD5
9f919d4e645bd73ebeb3890f5c23a492

SHA1
1c04dc745a6858080fb72c89b016146ba76238aa

SHA256
187b9329c85fc2eab860cd5f7da36ee07596d278468abf61b6d86813e78f93ee

SHA512
22a10d4db05f2784b179e5acb22a1c061fdc86492cdf0a20a3fb3fe486ee590e6944ed9e0aa270cd7d58d846993fa3f3d577ef8c1814e77fef35af5ce6d93cb3

Download Submit
C:\Windows\system\Bqumbsb.exe

Filesize
6.0MB

MD5
eee554d07bbfd8d4a9371181de6b2c9f

SHA1
8913e30dae1b8aecf66675afdc4ed6920d33400d

SHA256
8e901790a50ac3479d02722badcde0b79ebb2af8a3a797b9fc5c61ffe1acb103

SHA512
56f3ddaa34d17b77d0599010cab0040e2c1810abc987f90d26c2d8c8090562f56d9becd84abeaab0db68930f2ebadaa8af581bc212404c467556b0559d693625

Download Submit
C:\Windows\system\JiQkOCz.exe

Filesize
6.0MB

MD5
3a42498ebb1105666d9118284e78b13c

SHA1
6a8dbff63d8bc8c938a0dfa38a6bd0208be496ec

SHA256
a16b2874d4ad82b8c7d7fec93ecadf15085586e3247284743013dd21fdd217f4

SHA512
4292a2ba78ecd51516742f3e15f080dc2a6fd028293849b5be7a9d4f7c27e7ab789ff71fed190fdaefee01c6c76e806fae68b0ddbdc24aea49f670dd39424865

Download Submit
C:\Windows\system\JmqkctG.exe

Filesize
6.0MB

MD5
86be7c5a9d9690c29b2fa1eae0323411

SHA1
b09bfc9658fdfa55e17944fde4eb95b892971a61

SHA256
233694deb530ea8e2ec9912bc780de26ca53ccb7b88910433671855af1bf744e

SHA512
258399d63166da415fa78ddec3548e480fcb80ba16b0e444a999cd46e2e317044abab7266b003d2803a05926c2498717dc01b98e3ed0bca4d876a8852f42e714

Download Submit
C:\Windows\system\LtawHip.exe

Filesize
6.0MB

MD5
bd902c64c5edc599ac16e8f4e5250712

SHA1
a6cfe508a15be0ff821be5d9651c0ab2a04df7d5

SHA256
dbdc1d7701697db46d79ddbacc00897a137eb70f093959508ae3912ca38c1773

SHA512
474f2ca33b707940c4f4ce2f1b01b5c9a9afa86a29b0246588c573e3b24e94d567c52767952394cedd0b4f590da8b76c1770a9aac8e44179b8b6978ee09922b5

Download Submit
C:\Windows\system\NkBvBAd.exe

Filesize
6.0MB

MD5
27b6558f35775efeb72b9b442630b6ff

SHA1
5d0022d220e810ffebabdb4d43271767e5acfb01

SHA256
679a5f32cc0fb88666ffde3817632ab41be09a8f3c842e95a14258692ae67dbc

SHA512
d3e6fa64d42a540c49a37485b8212749e4660895cae35d16d5ef8cdbf7d9988cf60ea4dffd9dd30c79e525a8be6cbdaf34f814fb3b662b5358a29010ce17e075

Download Submit
C:\Windows\system\OUqtYnQ.exe

Filesize
6.0MB

MD5
97dd726664a8ee705a762efec9858eb1

SHA1
a834e7fb297e0438bb421d4918efa86c75a29fd4

SHA256
1631824417b6560ef5734ac5816e085e5a8b35ff74f11f81dfb750b7d79a4752

SHA512
7f652d01a9e080be5677bb349c3403e18192ae9e2a94b8887f3043472eade593d2111e523d7598294137bf2d4f4ddd9be7733d35e0da8becd0b4cb0298dd11aa

Download Submit
C:\Windows\system\OrTwYkg.exe

Filesize
6.0MB

MD5
cd62c5aa9ce2bc3f5571fee2617f9f1d

SHA1
6b0f9a3f88f78b5f7475306f1fb7dc2f474f4185

SHA256
e2aad39e50b27099a5986c4c5f48fb5877adf7fdd26c36fab3ea5f848a11c37f

SHA512
54e477f221afd3a05009acaf6d20e791044cf08924206fab935e2777480cc3e61c96192096de7f05e6e24acda1678a754af7c583dff7a90e6748957da5b7ccc9

Download Submit
C:\Windows\system\PAWAQFA.exe

Filesize
6.0MB

MD5
9ba0d7384cde7abd67a83887d0d91d19

SHA1
15275b09997197571b9ebf37c21caccbcf025a1f

SHA256
432b9653acb37abf0269113ef1682b6692e41b2e5527e561628d301016304307

SHA512
5982aa98ee91dbd44e806729a3fad236815192d5c1676e48e2d9134a3171ca7c4f13198283c58507cb0250ada9e35dab3b74fff8fe70abba07b21bb77c2fb224

Download Submit
C:\Windows\system\PgnzdNY.exe

Filesize
6.0MB

MD5
93f8bbabd1f337d07ce5bd8c9900b186

SHA1
1d1719ee391f1369952c3282630b5af1b25dea52

SHA256
9d5397c990a9430503c6dbb681446c8a2a0804d2ca053b1cbeda8112086fc812

SHA512
e6383ee7d1a6b1564801ec89260250204b98072cb7f95a6afd6f3538438620400ddfaee65001241b1ea0f574060849227b73adb3607fefa5eac2c75e6fe61d15

Download Submit
C:\Windows\system\QkWWAyD.exe

Filesize
6.0MB

MD5
a524f1b2480254a82e12e12431f27562

SHA1
b961365b55d8126c389d13fc3aae2b708bba4d2d

SHA256
eee74b224ce8efdcdeb3c0c5093347fa8fca9974e1dc8cecffda65199e4b3d70

SHA512
1ecdef6486d808f45d571519b9a2eaa7da2260e7b22c3e424af3e9ab935ed55375d88c87e91187632afa326baa47a5489f314af3151cf468f4bd6dc4c2dc9b15

Download Submit
C:\Windows\system\SMjPwrJ.exe

Filesize
6.0MB

MD5
df006e6dfbda5bacb04a4a94769f8378

SHA1
c7c5cc53c7908e2df7019881dd048e5a3cb827a6

SHA256
56a2b37d8b05619c2516b190e46bd31407f8ccc130a4ff249acb02da0d4dafe8

SHA512
99983029a5ab2d0592b631a95b8943fd7dce981d079e01970148c3818050a22d0daf6cdcbfd4f39f62648d181a277673dd4e3cecc3c7bb8099ca6eece9f5d023

Download Submit
C:\Windows\system\SwFnYLl.exe

Filesize
6.0MB

MD5
3efd7536cfbdf1dfcbfab8f5f8ab5d03

SHA1
d5b22f7be2185329f99f88cbd57db5afeda9d126

SHA256
f3955cb89c8177bdad5d570d314d66d8d16b23e4c17b06f6df764dc54200f199

SHA512
22b7acd897d0d36a836a9ae974c952e8c610c51d0da35127167625884e5e84d104412eef955f0d153467153ff51e7f49ccf3bc4424bce8cbe07dfb440c9b4571

Download Submit
C:\Windows\system\VpxbgoA.exe

Filesize
6.0MB

MD5
d8310adae7262d61117e7cb16a33167d

SHA1
44a08e5c91b55505cee6b47860b96aabc95fafd4

SHA256
57d213d6f8b2680be131b94a2302c73d9b856b9db7f71824f4282743bcb499ca

SHA512
f02d8aea61d10f6428f30162628925c29f1452fc06989b04ae80a7eb701bf3b77f8c6adf9ddd127b017e798ca21dbe204441f58d7a80d8e670bc159c74cc6e5d

Download Submit
C:\Windows\system\WXyqnng.exe

Filesize
6.0MB

MD5
f7f1062c1f49b86402870934b6805182

SHA1
5b31f0c71ff2056fcedc378d3dc282bf1a20d3c9

SHA256
3e1c2e15d96fd68a33a1fb42372b9244026a43ff1bd3bed3f79f9c01f43cc6fb

SHA512
d323525c872d4139b3bb83a6f930115507801ba0a1f3e911003ad51673a36b1a91a86c81810f155d8ce7273afc12f899c26a5abc149962d0c8712d3c67dbdfcc

Download Submit
C:\Windows\system\WyMWghI.exe

Filesize
6.0MB

MD5
6981beac0b61b71854dae8140ca59f9d

SHA1
3da1a0748a08d6ed98028fc846a416ea6be62336

SHA256
1a2ba0f808bd94f3bba4bcae0c4e5d4c6680990a30e4b258381c8a03ca788fa3

SHA512
3324cc6b7abad4782d18e79c6206fdcfbcf88888dbd0a9fb15a2b22ce0d965575e3261aea90a7b74aa0971d86e3228a2ebe3b87c7d9ed2092b968d84e0a327de

Download Submit
C:\Windows\system\YPakrmm.exe

Filesize
6.0MB

MD5
85c5cac86447ceba439615e1831a786f

SHA1
f3cb2a4e28ee4bcdd58f75fb292ae3f4a301561f

SHA256
b620d0c8e353f9e4968a24b320ca3d12c1c96bd34db139f98e561f25933337fb

SHA512
f87c11e7dd62f9cdb684af3c60fd8561ad222ee9627fb738ab14a5ef7d032ebdc09fb2504f5c696922b1d01e962531e6766397ee9fbf2f21fde1008a8903b901

Download Submit
C:\Windows\system\aNatJeb.exe

Filesize
6.0MB

MD5
f4058e8000a165673ab3a5cbe597ea4d

SHA1
4db82e16acf79293fd8010ee4fd7872aadad1d9d

SHA256
5a35c6d28652d2b6aa99f5c8d90656105fa674a5d084dbb128734d68e5970ec0

SHA512
540c05893865d75c490be2cbc61630fee8c362da3eb3b6610db019ec402826f8528539e721230a6480fcf9ad77492571b13bd8f2025da7ec7194c59b91e60663

Download Submit
C:\Windows\system\cpsKxCH.exe

Filesize
6.0MB

MD5
8690a51ab1badf5bfaedbbb7e21e1723

SHA1
542749bcfb2bb0d6e37190add1bd2d79e671dc5f

SHA256
6209720d85c96e562f79c2a08150a3cf818cffb5e16d83cbe66a4eb43f450145

SHA512
3188168483cba6ffce6e364e132ff7f3db8d7a2b955e5722a326599aa8e18b6e9eef2ea5890e3bb4b7281d742fb6cab0a11eda35c243090bdbb10da91e50bcf2

Download Submit
C:\Windows\system\egjifLL.exe

Filesize
6.0MB

MD5
3896ce985e5ca9375b8d13eb53eadc5d

SHA1
3f012e900d9a4d95e437ec3949eba8c347fb76a5

SHA256
6469d975e394823125f3810da9c5443cfc7d7dc07dc9ab12b29f669fc73b45cb

SHA512
8fe6a0ba0962fd4dd395100a74783bff8a8dd357710baa66a26a7e85ce7d319088d2d92b5c5018b40c585d3988d5cf2b36ea048f46845d2cbcebf666c3a0c6c8

Download Submit
C:\Windows\system\iTQxjfB.exe

Filesize
6.0MB

MD5
819a7be1b705715f3ef388b7a3619b8b

SHA1
0cb244a847f4e6db6dc5b4414ec1fc15c6749921

SHA256
eff4fc5400cea59b0ee7ea0b59f000b61866b7fb13c2186a79f05548b4678160

SHA512
3137d1fd676e709d786f05142322e7ed1d0faa80e97f55f8417c58816c9a3c98aa5ab09424d8788ffdfb353ca7e93cff533f33fea292fd7195d3953b6a01b0e8

Download Submit
C:\Windows\system\qtuaRNr.exe

Filesize
6.0MB

MD5
fda6b4ca25decd965610b3426ae2a1b9

SHA1
1ad972ea6909bab1352beca1968490fb8fbf59ad

SHA256
daaa2c46acf88afa50be50f23cd8b2e3970ec6e67965124546c8806b5f027e10

SHA512
e8dedad104182e22b05ffcc1d0e07937a3ab3537794f48fa2d4d2cbfeac4b25c5942981317c594360feaea19b28897f9684b99f76e8adc0e557311d0ebb06842

Download Submit
C:\Windows\system\tbcCAWQ.exe

Filesize
6.0MB

MD5
c8d555b99758b133fa12cba835666441

SHA1
bad384680e8973f93125f6fed53d748bb97de69f

SHA256
f66d8e312a6e0480fe2dd6bb2d14904a728ebd18b2366243d6ee981a8feb6556

SHA512
165648ba267fe8ae8515d00236fdd0cb9402d025e1097a2d07e9d70a4fdbd38810a16bb0812d00125a94d684ed8676b13e9d72eee699ae8debe872c0e242df52

Download Submit
C:\Windows\system\xYehpPU.exe

Filesize
6.0MB

MD5
115622e556ed2e34ba93708288489e96

SHA1
5c5bf66e6d69167ffacbeb80f12ca8a8e0aa5daf

SHA256
033c3c23ebfc8876faad537df9ea3f2209cdd1f928b71f42375997ad22c335fc

SHA512
d697892ab0dcb0f83d6d30f70a8cfb048e9c18b88ddb1f48874e78fd5294179c07a5c06789b3a4e459151b6d94db06b9d8c74db47851023f8d37334d1c6ae716

Download Submit
\Windows\system\BVoNCgI.exe

Filesize
6.0MB

MD5
59aa31c5b8bcbd93eeb7d221de73639f

SHA1
c7113100bd937803f3b79f808066a7a35bf9f1f2

SHA256
4044551b3ac1a04473fc84014ef4f885bd2dd8f67dd675d788c60142543d0dec

SHA512
fcdd81a8b2059a29de2cc1b18fa2941f3a7a18c30ad477323116d415f6642e819c558ef623040ff36cc36682b1ef75f319626b25b7eef5d78ae099e1cc1634d6

Download Submit
\Windows\system\CIXSxye.exe

Filesize
6.0MB

MD5
880858b051497e2c222a08b405d44f60

SHA1
07f534f70485f407fd9b38ea63e30fc3a3976521

SHA256
7fd4d749ceabc195522698292d6b1159554363496550ee922fe7cd7a5f64778e

SHA512
0d75b6d8211679e5d55151774e4e116f861ff07505f372c4996f82a60168d78a17243ea26fd39d93534206b5bd71e7c2e592a6f9856712491acfc35ec1ac36ea

Download Submit
\Windows\system\FPTByNY.exe

Filesize
6.0MB

MD5
53a71290961285aeba09af6c639b7cfd

SHA1
3d572497b93a0c5301d672074071d4fd0d4ba44a

SHA256
f5c5ed15488fe69664cae0f6d5e6ec8c60192856eb0b67d86e0041484834cf79

SHA512
0ac6a02ae6c1846dd0a0109c73d3ee7b36f682c2c20265765dd0644d699ca99e92f3716da55c38b60294c0dd6490256bc0d223b0554dca106aeffda01241a3c7

Download Submit
\Windows\system\VBQWzhD.exe

Filesize
6.0MB

MD5
deecdb7ee5a78cd6e2f775b582a7e978

SHA1
0e4bcef36ebf2d2f3eeb363ae6ccb686a36a62b2

SHA256
109ac04cf27af3404909090581aee4b07a08d80bfbfc519fed4d99063d7e2d62

SHA512
c978c91d3b711db716dd91273021308e0f33a5d0b12f661484bb620dee8ccf6adb672ebd6baa11b8ba57ea61d076ea6f71274025f6576bf9a731bba3d210f291

Download Submit
\Windows\system\ajgKLZj.exe

Filesize
6.0MB

MD5
4b500af4e482b7155e597d95b9069061

SHA1
8b793df3a0bbed46685bdcdc7f9e36c134d29f20

SHA256
19a5cf1cc98ce4edd4f569bb0103760f874759c1d88ccb9817bf1b53283a99bf

SHA512
1af7ba3c45889f017a2194dc09c98ff830ec1fddd13b948a764c02a5a55a7cb21f0f03ed68bb0b36ce8634eb7ad4f38a7891bd258b7e3464db5582307a459d25

Download Submit
\Windows\system\cVzaZEq.exe

Filesize
6.0MB

MD5
abc45d209556c04ee3dd85694580c955

SHA1
07c67e48918e406a69ca1ac685e80973c9e33ead

SHA256
65113b9838840cc55a1de635435fb6e3228f1280bb42b4db754c6cdba1b50399

SHA512
7f46af1d52df588942ae43295fcfc8f5d6b4fe9a89cce482a5d2bad5ed0ad1a9e9c3d1508118eedb8389684a7f3082d711d6a58d9daadf0295aef80f231feaca

Download Submit
\Windows\system\hQqRach.exe

Filesize
6.0MB

MD5
103ed1ba2151f9394b160e5d8047cef2

SHA1
4cc46dcdaf82fafaf30f4a47cfecc4395f34c0f2

SHA256
40e2e316e345fed5976dec37b1711e3797f87b76d2bfe59575ad60b67b3d9094

SHA512
14fed2723516cd3e5edfad6b2fb3fdda479db603412045217257c277fa89b4c265f48fdc547636a344c49c8a34cdc1d48d7a63de5d3a092b0025d936abe787af

Download Submit
memory/1128-3500-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1128-93-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1128-423-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1388-106-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1388-425-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1388-4103-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1448-87-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1448-421-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1448-4102-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1572-3489-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1572-59-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1900-3488-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1900-66-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1968-101-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1968-0-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1968-424-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1968-422-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-369-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1968-19-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1968-24-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-65-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1968-80-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1968-52-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1968-36-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1968-73-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-47-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-22-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-51-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1968-110-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-242-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-37-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1968-92-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-2877-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2052-21-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2188-39-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-2892-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-20-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2878-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2520-58-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-17-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2879-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-370-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3502-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2664-81-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2684-74-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3493-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2824-79-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2824-42-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2900-82-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-2894-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-48-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-2893-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/3008-71-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/3008-38-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download