cobaltstrike | e4abcb27cc7a32a96b23bfbaf9f66edb9875ddac300022f1125b76dc9dfc356d

Analysis

max time kernel
149s
max time network
132s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fe491afb70449653176434cc02f341d5
SHA1

b026aa4d7bf51157fc564df38eea0cb91c9bce77
SHA256

e4abcb27cc7a32a96b23bfbaf9f66edb9875ddac300022f1125b76dc9dfc356d
SHA512

79144d01b7cf3ae3a83217aad5c574d361a5b949e1f9204b3487ca594c3e710399b944b71bf4c4ac882e36fbd409057ac0ff1e94917b713b23af2d494632dcfd
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce9-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-196.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-191.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-74.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001756b-62.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ce0-40.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ace-48.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccc-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd8-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-16.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c23-9.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2064-0-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-3.dat	xmrig
behavioral1/memory/2064-12-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ce9-55.dat	xmrig
behavioral1/files/0x00050000000194a3-65.dat	xmrig
behavioral1/memory/2968-83-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2296-97-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ab-127.dat	xmrig
behavioral1/files/0x00050000000195b1-145.dat	xmrig
behavioral1/files/0x00050000000195bb-163.dat	xmrig
behavioral1/files/0x00050000000195b5-155.dat	xmrig
behavioral1/files/0x00050000000195b7-159.dat	xmrig
behavioral1/memory/2988-168-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2064-342-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-196.dat	xmrig
behavioral1/files/0x00050000000195c5-187.dat	xmrig
behavioral1/files/0x00050000000195c6-191.dat	xmrig
behavioral1/files/0x00050000000195c1-177.dat	xmrig
behavioral1/files/0x00050000000195c3-181.dat	xmrig
behavioral1/files/0x00050000000195bd-171.dat	xmrig
behavioral1/files/0x00050000000195b3-149.dat	xmrig
behavioral1/files/0x00050000000195ad-135.dat	xmrig
behavioral1/files/0x00050000000195a9-125.dat	xmrig
behavioral1/files/0x00050000000195af-139.dat	xmrig
behavioral1/files/0x00050000000195a7-119.dat	xmrig
behavioral1/files/0x000500000001957c-114.dat	xmrig
behavioral1/files/0x0005000000019547-107.dat	xmrig
behavioral1/memory/884-104-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x0005000000019515-100.dat	xmrig
behavioral1/memory/2724-90-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-88.dat	xmrig
behavioral1/memory/2920-86-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x000500000001950f-93.dat	xmrig
behavioral1/memory/2168-67-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2064-66-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2136-81-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2988-77-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2064-59-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2980-58-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x00050000000194eb-74.dat	xmrig
behavioral1/memory/1976-72-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x000800000001756b-62.dat	xmrig
behavioral1/memory/2776-51-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2920-42-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ce0-40.dat	xmrig
behavioral1/files/0x0009000000016ace-48.dat	xmrig
behavioral1/memory/2836-24-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ccc-21.dat	xmrig
behavioral1/memory/2136-35-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1976-32-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd8-29.dat	xmrig
behavioral1/memory/832-28-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1684-20-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cab-16.dat	xmrig
behavioral1/files/0x0009000000016c23-9.dat	xmrig
behavioral1/memory/2168-2075-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2988-2086-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2296-2087-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2920-2158-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2136-2159-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2968-2161-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2980-2160-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/832-2164-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2836-2165-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
832	aOZZwsi.exe
1684	HmfkVqW.exe
2836	PJZZqDG.exe
1976	ynoDSPG.exe
2136	YaluiTx.exe
2920	BKORteM.exe
2776	GLADjUl.exe
2980	shbQBxY.exe
2168	MCyFTky.exe
2988	bLYATXP.exe
2968	PyufhwI.exe
2724	MyewxXt.exe
2296	SdQcQsW.exe
884	HbxDVUI.exe
2892	VvNtiat.exe
1296	TJDcyoL.exe
564	RqgTYyf.exe
1784	RnEbMJS.exe
2640	mlYOqNd.exe
1196	hKBQGmr.exe
1964	MQLVSwg.exe
1148	yZKHYNs.exe
1764	ZtRZtOG.exe
2996	ESEhMmP.exe
3020	mFIhoFH.exe
2284	avaYWDZ.exe
2072	GvzZsgt.exe
1476	GcwYSeQ.exe
772	hogxNrz.exe
2200	anzjIsB.exe
616	WSauSvO.exe
1252	XGEpqEV.exe
1392	yneRbcy.exe
1752	wnkZbph.exe
1004	xUaowgQ.exe
1772	kNkJNTH.exe
580	ErFDGtM.exe
1680	zdOccbJ.exe
1368	IGGOSqo.exe
648	ZOxonhh.exe
1324	AdiKwmV.exe
264	caPNTqC.exe
1248	MDOnWhn.exe
2504	DzjwAWa.exe
1852	yDFRSJm.exe
2456	tprHhAA.exe
2476	oRHkScX.exe
2488	OUuwtjk.exe
2712	iFosnOZ.exe
2584	ZKUmzpk.exe
1540	ihRKUSp.exe
1936	ImBhcpp.exe
2976	FvRDmQq.exe
2056	neeNFwH.exe
2448	gJLXtXK.exe
2768	zYyYiIM.exe
2692	hJwmWxp.exe
2876	rIWZiMB.exe
2708	MFcXJsr.exe
1676	jKKvjGI.exe
2840	kHjTgmn.exe
1008	AZyDTsQ.exe
1780	DaxYwWd.exe
2000	WDTiwfE.exe

Loads dropped DLL 64 IoCs

pid	Process
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-0-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x000c000000012262-3.dat	upx
behavioral1/files/0x0008000000016ce9-55.dat	upx
behavioral1/files/0x00050000000194a3-65.dat	upx
behavioral1/memory/2968-83-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2296-97-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x00050000000195ab-127.dat	upx
behavioral1/files/0x00050000000195b1-145.dat	upx
behavioral1/files/0x00050000000195bb-163.dat	upx
behavioral1/files/0x00050000000195b5-155.dat	upx
behavioral1/files/0x00050000000195b7-159.dat	upx
behavioral1/memory/2988-168-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-196.dat	upx
behavioral1/files/0x00050000000195c5-187.dat	upx
behavioral1/files/0x00050000000195c6-191.dat	upx
behavioral1/files/0x00050000000195c1-177.dat	upx
behavioral1/files/0x00050000000195c3-181.dat	upx
behavioral1/files/0x00050000000195bd-171.dat	upx
behavioral1/files/0x00050000000195b3-149.dat	upx
behavioral1/files/0x00050000000195ad-135.dat	upx
behavioral1/files/0x00050000000195a9-125.dat	upx
behavioral1/files/0x00050000000195af-139.dat	upx
behavioral1/files/0x00050000000195a7-119.dat	upx
behavioral1/files/0x000500000001957c-114.dat	upx
behavioral1/files/0x0005000000019547-107.dat	upx
behavioral1/memory/884-104-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x0005000000019515-100.dat	upx
behavioral1/memory/2724-90-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-88.dat	upx
behavioral1/memory/2920-86-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x000500000001950f-93.dat	upx
behavioral1/memory/2168-67-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2136-81-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2988-77-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2064-59-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2980-58-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x00050000000194eb-74.dat	upx
behavioral1/memory/1976-72-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x000800000001756b-62.dat	upx
behavioral1/memory/2776-51-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2920-42-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0009000000016ce0-40.dat	upx
behavioral1/files/0x0009000000016ace-48.dat	upx
behavioral1/memory/2836-24-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0007000000016ccc-21.dat	upx
behavioral1/memory/2136-35-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1976-32-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x0007000000016cd8-29.dat	upx
behavioral1/memory/832-28-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1684-20-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0007000000016cab-16.dat	upx
behavioral1/files/0x0009000000016c23-9.dat	upx
behavioral1/memory/2168-2075-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2988-2086-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2296-2087-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2920-2158-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2136-2159-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2968-2161-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2980-2160-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/832-2164-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2836-2165-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/884-2163-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2724-2162-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/1684-2243-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tBQmquD.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDokPHE.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JritaOb.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXeBGRP.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVpommA.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGSyCYd.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGJYDQk.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pMcdgRE.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjDzczb.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIRqVHc.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKvVzXE.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\biFZKVx.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kImPLfP.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VEwYMWh.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSepbPc.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWuMnWf.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntwZCmy.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adRAyxl.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzSrbsV.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnjRrdF.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjQTQRp.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EAbWnKj.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWxcBMC.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBGuUfj.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lQROJNJ.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChGEanK.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHzpzlH.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnmapZv.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppOXJrr.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxwJXxi.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rpfLQLm.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhXbYuV.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EdlZyLc.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcGIlvO.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgUOUKl.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfwbMdk.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OywWiEO.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiQoCZI.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XsHjcAP.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCQVFIv.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWwXwrs.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FzRnAIA.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNnBIxX.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JmIqkpA.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWGiPgB.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjwNZJA.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmJIksR.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxogJDv.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uEljTQR.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eBucmJZ.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsvXqVg.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KrBkAkU.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwimiUK.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQsuKHD.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDEWYvD.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwDBYaL.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmVoRTy.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHGJbeH.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mPqbfcf.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRkaEPS.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIyRpfv.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dycXLHT.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iliwaBe.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lksmwPq.exe	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 832	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 832	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 832	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 1684	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 1684	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 1684	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 2836	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2836	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2836	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2136	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2136	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2136	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 1976	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 1976	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 1976	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 2920	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2920	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2920	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2776	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2776	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2776	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2980	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2980	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2980	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2168	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2168	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2168	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2968	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2968	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2968	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2988	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2988	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2988	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2724	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2724	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2724	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2296	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2296	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2296	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 884	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 884	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 884	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 2892	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 2892	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 2892	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2064 wrote to memory of 1296	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 1296	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 1296	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 564	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 564	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 564	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 1784	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 1784	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 1784	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 2640	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 2640	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 2640	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 1196	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 1196	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 1196	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 1964	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 1964	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 1964	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 1148	2064	2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_fe491afb70449653176434cc02f341d5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\System\aOZZwsi.exe
  C:\Windows\System\aOZZwsi.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\HmfkVqW.exe
  C:\Windows\System\HmfkVqW.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\PJZZqDG.exe
  C:\Windows\System\PJZZqDG.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\YaluiTx.exe
  C:\Windows\System\YaluiTx.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\ynoDSPG.exe
  C:\Windows\System\ynoDSPG.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\BKORteM.exe
  C:\Windows\System\BKORteM.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\GLADjUl.exe
  C:\Windows\System\GLADjUl.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\shbQBxY.exe
  C:\Windows\System\shbQBxY.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\MCyFTky.exe
  C:\Windows\System\MCyFTky.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\PyufhwI.exe
  C:\Windows\System\PyufhwI.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\bLYATXP.exe
  C:\Windows\System\bLYATXP.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\MyewxXt.exe
  C:\Windows\System\MyewxXt.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\SdQcQsW.exe
  C:\Windows\System\SdQcQsW.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\HbxDVUI.exe
  C:\Windows\System\HbxDVUI.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\VvNtiat.exe
  C:\Windows\System\VvNtiat.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\TJDcyoL.exe
  C:\Windows\System\TJDcyoL.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\RqgTYyf.exe
  C:\Windows\System\RqgTYyf.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\RnEbMJS.exe
  C:\Windows\System\RnEbMJS.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\mlYOqNd.exe
  C:\Windows\System\mlYOqNd.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\hKBQGmr.exe
  C:\Windows\System\hKBQGmr.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\MQLVSwg.exe
  C:\Windows\System\MQLVSwg.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\yZKHYNs.exe
  C:\Windows\System\yZKHYNs.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\ZtRZtOG.exe
  C:\Windows\System\ZtRZtOG.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\ESEhMmP.exe
  C:\Windows\System\ESEhMmP.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\mFIhoFH.exe
  C:\Windows\System\mFIhoFH.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\avaYWDZ.exe
  C:\Windows\System\avaYWDZ.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\GvzZsgt.exe
  C:\Windows\System\GvzZsgt.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\GcwYSeQ.exe
  C:\Windows\System\GcwYSeQ.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\hogxNrz.exe
  C:\Windows\System\hogxNrz.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\anzjIsB.exe
  C:\Windows\System\anzjIsB.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\WSauSvO.exe
  C:\Windows\System\WSauSvO.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\XGEpqEV.exe
  C:\Windows\System\XGEpqEV.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\yneRbcy.exe
  C:\Windows\System\yneRbcy.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\xUaowgQ.exe
  C:\Windows\System\xUaowgQ.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\wnkZbph.exe
  C:\Windows\System\wnkZbph.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\kNkJNTH.exe
  C:\Windows\System\kNkJNTH.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\ErFDGtM.exe
  C:\Windows\System\ErFDGtM.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\zdOccbJ.exe
  C:\Windows\System\zdOccbJ.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\IGGOSqo.exe
  C:\Windows\System\IGGOSqo.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\ZOxonhh.exe
  C:\Windows\System\ZOxonhh.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\AdiKwmV.exe
  C:\Windows\System\AdiKwmV.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\caPNTqC.exe
  C:\Windows\System\caPNTqC.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\MDOnWhn.exe
  C:\Windows\System\MDOnWhn.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\yDFRSJm.exe
  C:\Windows\System\yDFRSJm.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\DzjwAWa.exe
  C:\Windows\System\DzjwAWa.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\oRHkScX.exe
  C:\Windows\System\oRHkScX.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\tprHhAA.exe
  C:\Windows\System\tprHhAA.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\iFosnOZ.exe
  C:\Windows\System\iFosnOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\OUuwtjk.exe
  C:\Windows\System\OUuwtjk.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\ZKUmzpk.exe
  C:\Windows\System\ZKUmzpk.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\ihRKUSp.exe
  C:\Windows\System\ihRKUSp.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\neeNFwH.exe
  C:\Windows\System\neeNFwH.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\ImBhcpp.exe
  C:\Windows\System\ImBhcpp.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\gJLXtXK.exe
  C:\Windows\System\gJLXtXK.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\FvRDmQq.exe
  C:\Windows\System\FvRDmQq.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\zYyYiIM.exe
  C:\Windows\System\zYyYiIM.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\hJwmWxp.exe
  C:\Windows\System\hJwmWxp.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\rIWZiMB.exe
  C:\Windows\System\rIWZiMB.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\MFcXJsr.exe
  C:\Windows\System\MFcXJsr.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\jKKvjGI.exe
  C:\Windows\System\jKKvjGI.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\kHjTgmn.exe
  C:\Windows\System\kHjTgmn.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\AZyDTsQ.exe
  C:\Windows\System\AZyDTsQ.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\DaxYwWd.exe
  C:\Windows\System\DaxYwWd.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\QwlGiVm.exe
  C:\Windows\System\QwlGiVm.exe
  2⤵
  PID:1600
- C:\Windows\System\WDTiwfE.exe
  C:\Windows\System\WDTiwfE.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\JZgfIHe.exe
  C:\Windows\System\JZgfIHe.exe
  2⤵
  PID:1952
- C:\Windows\System\xxlzdUc.exe
  C:\Windows\System\xxlzdUc.exe
  2⤵
  PID:3052
- C:\Windows\System\zTarSzn.exe
  C:\Windows\System\zTarSzn.exe
  2⤵
  PID:2332
- C:\Windows\System\yFbAAKJ.exe
  C:\Windows\System\yFbAAKJ.exe
  2⤵
  PID:3024
- C:\Windows\System\EvRVNGM.exe
  C:\Windows\System\EvRVNGM.exe
  2⤵
  PID:2180
- C:\Windows\System\xjjSeLA.exe
  C:\Windows\System\xjjSeLA.exe
  2⤵
  PID:2088
- C:\Windows\System\dEygnsF.exe
  C:\Windows\System\dEygnsF.exe
  2⤵
  PID:960
- C:\Windows\System\fHGlAsG.exe
  C:\Windows\System\fHGlAsG.exe
  2⤵
  PID:1044
- C:\Windows\System\ebkLCqt.exe
  C:\Windows\System\ebkLCqt.exe
  2⤵
  PID:1556
- C:\Windows\System\NxVLQCG.exe
  C:\Windows\System\NxVLQCG.exe
  2⤵
  PID:2624
- C:\Windows\System\GVpommA.exe
  C:\Windows\System\GVpommA.exe
  2⤵
  PID:1888
- C:\Windows\System\CAParwD.exe
  C:\Windows\System\CAParwD.exe
  2⤵
  PID:1528
- C:\Windows\System\pYlstYU.exe
  C:\Windows\System\pYlstYU.exe
  2⤵
  PID:1144
- C:\Windows\System\mJTRAcj.exe
  C:\Windows\System\mJTRAcj.exe
  2⤵
  PID:1020
- C:\Windows\System\PwchUph.exe
  C:\Windows\System\PwchUph.exe
  2⤵
  PID:2060
- C:\Windows\System\ITRsuKo.exe
  C:\Windows\System\ITRsuKo.exe
  2⤵
  PID:1660
- C:\Windows\System\xPjCcLs.exe
  C:\Windows\System\xPjCcLs.exe
  2⤵
  PID:2380
- C:\Windows\System\NLRmFRT.exe
  C:\Windows\System\NLRmFRT.exe
  2⤵
  PID:2028
- C:\Windows\System\qEJLrJO.exe
  C:\Windows\System\qEJLrJO.exe
  2⤵
  PID:2912
- C:\Windows\System\mNdIAPX.exe
  C:\Windows\System\mNdIAPX.exe
  2⤵
  PID:2688
- C:\Windows\System\QLGLWeL.exe
  C:\Windows\System\QLGLWeL.exe
  2⤵
  PID:2344
- C:\Windows\System\KRtYXCF.exe
  C:\Windows\System\KRtYXCF.exe
  2⤵
  PID:1140
- C:\Windows\System\oOWFnqZ.exe
  C:\Windows\System\oOWFnqZ.exe
  2⤵
  PID:2308
- C:\Windows\System\iHBNQLz.exe
  C:\Windows\System\iHBNQLz.exe
  2⤵
  PID:2808
- C:\Windows\System\sFUkNfU.exe
  C:\Windows\System\sFUkNfU.exe
  2⤵
  PID:1376
- C:\Windows\System\ErYxHxW.exe
  C:\Windows\System\ErYxHxW.exe
  2⤵
  PID:1028
- C:\Windows\System\VLxxLKa.exe
  C:\Windows\System\VLxxLKa.exe
  2⤵
  PID:3016
- C:\Windows\System\LIGWVoe.exe
  C:\Windows\System\LIGWVoe.exe
  2⤵
  PID:1584
- C:\Windows\System\slkAmCc.exe
  C:\Windows\System\slkAmCc.exe
  2⤵
  PID:2872
- C:\Windows\System\cIMpWlT.exe
  C:\Windows\System\cIMpWlT.exe
  2⤵
  PID:1496
- C:\Windows\System\Itrsopz.exe
  C:\Windows\System\Itrsopz.exe
  2⤵
  PID:2288
- C:\Windows\System\UKKWiCs.exe
  C:\Windows\System\UKKWiCs.exe
  2⤵
  PID:1580
- C:\Windows\System\KKnMzBd.exe
  C:\Windows\System\KKnMzBd.exe
  2⤵
  PID:3084
- C:\Windows\System\RqYQHyM.exe
  C:\Windows\System\RqYQHyM.exe
  2⤵
  PID:3100
- C:\Windows\System\VgUOUKl.exe
  C:\Windows\System\VgUOUKl.exe
  2⤵
  PID:3116
- C:\Windows\System\lCWjWKF.exe
  C:\Windows\System\lCWjWKF.exe
  2⤵
  PID:3132
- C:\Windows\System\IwrAyOc.exe
  C:\Windows\System\IwrAyOc.exe
  2⤵
  PID:3148
- C:\Windows\System\spNQead.exe
  C:\Windows\System\spNQead.exe
  2⤵
  PID:3180
- C:\Windows\System\BsjqxFG.exe
  C:\Windows\System\BsjqxFG.exe
  2⤵
  PID:3196
- C:\Windows\System\vWCoWzu.exe
  C:\Windows\System\vWCoWzu.exe
  2⤵
  PID:3212
- C:\Windows\System\konkGOu.exe
  C:\Windows\System\konkGOu.exe
  2⤵
  PID:3228
- C:\Windows\System\XukydSw.exe
  C:\Windows\System\XukydSw.exe
  2⤵
  PID:3248
- C:\Windows\System\YiYhYdK.exe
  C:\Windows\System\YiYhYdK.exe
  2⤵
  PID:3272
- C:\Windows\System\yJpLvfZ.exe
  C:\Windows\System\yJpLvfZ.exe
  2⤵
  PID:3300
- C:\Windows\System\OiQoCZI.exe
  C:\Windows\System\OiQoCZI.exe
  2⤵
  PID:3356
- C:\Windows\System\lBIDuBS.exe
  C:\Windows\System\lBIDuBS.exe
  2⤵
  PID:3376
- C:\Windows\System\yxvUfoy.exe
  C:\Windows\System\yxvUfoy.exe
  2⤵
  PID:3396
- C:\Windows\System\QzKBDaB.exe
  C:\Windows\System\QzKBDaB.exe
  2⤵
  PID:3416
- C:\Windows\System\tRPSHDi.exe
  C:\Windows\System\tRPSHDi.exe
  2⤵
  PID:3436
- C:\Windows\System\MXOOnNv.exe
  C:\Windows\System\MXOOnNv.exe
  2⤵
  PID:3456
- C:\Windows\System\WvYIVmm.exe
  C:\Windows\System\WvYIVmm.exe
  2⤵
  PID:3472
- C:\Windows\System\zcrIFOb.exe
  C:\Windows\System\zcrIFOb.exe
  2⤵
  PID:3492
- C:\Windows\System\VhVHGmU.exe
  C:\Windows\System\VhVHGmU.exe
  2⤵
  PID:3512
- C:\Windows\System\ezNJlBu.exe
  C:\Windows\System\ezNJlBu.exe
  2⤵
  PID:3528
- C:\Windows\System\KmAhVwK.exe
  C:\Windows\System\KmAhVwK.exe
  2⤵
  PID:3544
- C:\Windows\System\ZjZJznm.exe
  C:\Windows\System\ZjZJznm.exe
  2⤵
  PID:3568
- C:\Windows\System\uHeJrOz.exe
  C:\Windows\System\uHeJrOz.exe
  2⤵
  PID:3588
- C:\Windows\System\bZKfCLy.exe
  C:\Windows\System\bZKfCLy.exe
  2⤵
  PID:3604
- C:\Windows\System\jdryRzU.exe
  C:\Windows\System\jdryRzU.exe
  2⤵
  PID:3620
- C:\Windows\System\apYWgEH.exe
  C:\Windows\System\apYWgEH.exe
  2⤵
  PID:3644
- C:\Windows\System\TvAveGF.exe
  C:\Windows\System\TvAveGF.exe
  2⤵
  PID:3660
- C:\Windows\System\zKTYHYa.exe
  C:\Windows\System\zKTYHYa.exe
  2⤵
  PID:3684
- C:\Windows\System\mIKUZjs.exe
  C:\Windows\System\mIKUZjs.exe
  2⤵
  PID:3700
- C:\Windows\System\RUCpakW.exe
  C:\Windows\System\RUCpakW.exe
  2⤵
  PID:3720
- C:\Windows\System\RikQrLY.exe
  C:\Windows\System\RikQrLY.exe
  2⤵
  PID:3740
- C:\Windows\System\ynhnYgo.exe
  C:\Windows\System\ynhnYgo.exe
  2⤵
  PID:3800
- C:\Windows\System\uHZcMVV.exe
  C:\Windows\System\uHZcMVV.exe
  2⤵
  PID:3820
- C:\Windows\System\hNmnrpt.exe
  C:\Windows\System\hNmnrpt.exe
  2⤵
  PID:3836
- C:\Windows\System\PIxauMj.exe
  C:\Windows\System\PIxauMj.exe
  2⤵
  PID:3852
- C:\Windows\System\BmWiXgq.exe
  C:\Windows\System\BmWiXgq.exe
  2⤵
  PID:3876
- C:\Windows\System\MpMXZMe.exe
  C:\Windows\System\MpMXZMe.exe
  2⤵
  PID:3900
- C:\Windows\System\ShWSHul.exe
  C:\Windows\System\ShWSHul.exe
  2⤵
  PID:3916
- C:\Windows\System\UNtxDgw.exe
  C:\Windows\System\UNtxDgw.exe
  2⤵
  PID:3932
- C:\Windows\System\Gdtauhh.exe
  C:\Windows\System\Gdtauhh.exe
  2⤵
  PID:3948
- C:\Windows\System\YYxuxaa.exe
  C:\Windows\System\YYxuxaa.exe
  2⤵
  PID:3964
- C:\Windows\System\ctlbLhz.exe
  C:\Windows\System\ctlbLhz.exe
  2⤵
  PID:3980
- C:\Windows\System\mBzSSuP.exe
  C:\Windows\System\mBzSSuP.exe
  2⤵
  PID:4000
- C:\Windows\System\kyyZbsF.exe
  C:\Windows\System\kyyZbsF.exe
  2⤵
  PID:4016
- C:\Windows\System\AxlgStV.exe
  C:\Windows\System\AxlgStV.exe
  2⤵
  PID:4036
- C:\Windows\System\AjNxLHh.exe
  C:\Windows\System\AjNxLHh.exe
  2⤵
  PID:4052
- C:\Windows\System\EsuPkJH.exe
  C:\Windows\System\EsuPkJH.exe
  2⤵
  PID:4068
- C:\Windows\System\iXGwXAZ.exe
  C:\Windows\System\iXGwXAZ.exe
  2⤵
  PID:2272
- C:\Windows\System\biFZKVx.exe
  C:\Windows\System\biFZKVx.exe
  2⤵
  PID:2464
- C:\Windows\System\KIlePuv.exe
  C:\Windows\System\KIlePuv.exe
  2⤵
  PID:1868
- C:\Windows\System\fcOPBkw.exe
  C:\Windows\System\fcOPBkw.exe
  2⤵
  PID:2664
- C:\Windows\System\bdqQfBz.exe
  C:\Windows\System\bdqQfBz.exe
  2⤵
  PID:1816
- C:\Windows\System\FajsiGI.exe
  C:\Windows\System\FajsiGI.exe
  2⤵
  PID:2880
- C:\Windows\System\CdHqrqu.exe
  C:\Windows\System\CdHqrqu.exe
  2⤵
  PID:3108
- C:\Windows\System\VMJPVzd.exe
  C:\Windows\System\VMJPVzd.exe
  2⤵
  PID:272
- C:\Windows\System\McbUuuY.exe
  C:\Windows\System\McbUuuY.exe
  2⤵
  PID:3192
- C:\Windows\System\wLWiBYg.exe
  C:\Windows\System\wLWiBYg.exe
  2⤵
  PID:3264
- C:\Windows\System\oJCCtiK.exe
  C:\Windows\System\oJCCtiK.exe
  2⤵
  PID:3268
- C:\Windows\System\jPaDLFv.exe
  C:\Windows\System\jPaDLFv.exe
  2⤵
  PID:3068
- C:\Windows\System\tSEAoZL.exe
  C:\Windows\System\tSEAoZL.exe
  2⤵
  PID:2940
- C:\Windows\System\TNWaqJH.exe
  C:\Windows\System\TNWaqJH.exe
  2⤵
  PID:1656
- C:\Windows\System\hccFXZm.exe
  C:\Windows\System\hccFXZm.exe
  2⤵
  PID:1860
- C:\Windows\System\ZWGLqlH.exe
  C:\Windows\System\ZWGLqlH.exe
  2⤵
  PID:3092
- C:\Windows\System\MXDtymQ.exe
  C:\Windows\System\MXDtymQ.exe
  2⤵
  PID:3128
- C:\Windows\System\ySNweXu.exe
  C:\Windows\System\ySNweXu.exe
  2⤵
  PID:3168
- C:\Windows\System\xKihTeE.exe
  C:\Windows\System\xKihTeE.exe
  2⤵
  PID:3208
- C:\Windows\System\ZHGJbeH.exe
  C:\Windows\System\ZHGJbeH.exe
  2⤵
  PID:3340
- C:\Windows\System\kMReEUJ.exe
  C:\Windows\System\kMReEUJ.exe
  2⤵
  PID:3244
- C:\Windows\System\PfdCTst.exe
  C:\Windows\System\PfdCTst.exe
  2⤵
  PID:3384
- C:\Windows\System\WXDrCND.exe
  C:\Windows\System\WXDrCND.exe
  2⤵
  PID:3424
- C:\Windows\System\yXGRxaH.exe
  C:\Windows\System\yXGRxaH.exe
  2⤵
  PID:3368
- C:\Windows\System\RreYdTC.exe
  C:\Windows\System\RreYdTC.exe
  2⤵
  PID:3536
- C:\Windows\System\LYRgIKy.exe
  C:\Windows\System\LYRgIKy.exe
  2⤵
  PID:3404
- C:\Windows\System\LprpSrs.exe
  C:\Windows\System\LprpSrs.exe
  2⤵
  PID:3444
- C:\Windows\System\bHOEEXM.exe
  C:\Windows\System\bHOEEXM.exe
  2⤵
  PID:3480
- C:\Windows\System\AlGkcsb.exe
  C:\Windows\System\AlGkcsb.exe
  2⤵
  PID:2440
- C:\Windows\System\JmCHquM.exe
  C:\Windows\System\JmCHquM.exe
  2⤵
  PID:3524
- C:\Windows\System\hpcauWV.exe
  C:\Windows\System\hpcauWV.exe
  2⤵
  PID:3600
- C:\Windows\System\mRFkfwy.exe
  C:\Windows\System\mRFkfwy.exe
  2⤵
  PID:3640
- C:\Windows\System\UqxiJUu.exe
  C:\Windows\System\UqxiJUu.exe
  2⤵
  PID:3712
- C:\Windows\System\hbwDzVI.exe
  C:\Windows\System\hbwDzVI.exe
  2⤵
  PID:3552
- C:\Windows\System\oIVBGTm.exe
  C:\Windows\System\oIVBGTm.exe
  2⤵
  PID:3816
- C:\Windows\System\KzMDpXZ.exe
  C:\Windows\System\KzMDpXZ.exe
  2⤵
  PID:3892
- C:\Windows\System\DHfLDAm.exe
  C:\Windows\System\DHfLDAm.exe
  2⤵
  PID:3956
- C:\Windows\System\KqgFoIC.exe
  C:\Windows\System\KqgFoIC.exe
  2⤵
  PID:4024
- C:\Windows\System\VFXAzLO.exe
  C:\Windows\System\VFXAzLO.exe
  2⤵
  PID:3784
- C:\Windows\System\wHgDZfW.exe
  C:\Windows\System\wHgDZfW.exe
  2⤵
  PID:2792
- C:\Windows\System\swIVoWr.exe
  C:\Windows\System\swIVoWr.exe
  2⤵
  PID:3832
- C:\Windows\System\uIZWgeT.exe
  C:\Windows\System\uIZWgeT.exe
  2⤵
  PID:3872
- C:\Windows\System\RhlzotU.exe
  C:\Windows\System\RhlzotU.exe
  2⤵
  PID:4080
- C:\Windows\System\VhXbYuV.exe
  C:\Windows\System\VhXbYuV.exe
  2⤵
  PID:2260
- C:\Windows\System\jBpPoGC.exe
  C:\Windows\System\jBpPoGC.exe
  2⤵
  PID:2264
- C:\Windows\System\adWupdK.exe
  C:\Windows\System\adWupdK.exe
  2⤵
  PID:3076
- C:\Windows\System\MMJEGyb.exe
  C:\Windows\System\MMJEGyb.exe
  2⤵
  PID:4008
- C:\Windows\System\XFvxaLv.exe
  C:\Windows\System\XFvxaLv.exe
  2⤵
  PID:3912
- C:\Windows\System\EiPWMkg.exe
  C:\Windows\System\EiPWMkg.exe
  2⤵
  PID:3080
- C:\Windows\System\xHhDthF.exe
  C:\Windows\System\xHhDthF.exe
  2⤵
  PID:3224
- C:\Windows\System\lmDNCXG.exe
  C:\Windows\System\lmDNCXG.exe
  2⤵
  PID:3260
- C:\Windows\System\WVnjxPo.exe
  C:\Windows\System\WVnjxPo.exe
  2⤵
  PID:624
- C:\Windows\System\xEzLJWc.exe
  C:\Windows\System\xEzLJWc.exe
  2⤵
  PID:2348
- C:\Windows\System\hrBpfyR.exe
  C:\Windows\System\hrBpfyR.exe
  2⤵
  PID:3308
- C:\Windows\System\pyEHENs.exe
  C:\Windows\System\pyEHENs.exe
  2⤵
  PID:3156
- C:\Windows\System\jxtZolD.exe
  C:\Windows\System\jxtZolD.exe
  2⤵
  PID:3324
- C:\Windows\System\JfgTvwm.exe
  C:\Windows\System\JfgTvwm.exe
  2⤵
  PID:3284
- C:\Windows\System\nmOgucT.exe
  C:\Windows\System\nmOgucT.exe
  2⤵
  PID:2016
- C:\Windows\System\cEqealj.exe
  C:\Windows\System\cEqealj.exe
  2⤵
  PID:3372
- C:\Windows\System\odNhBBV.exe
  C:\Windows\System\odNhBBV.exe
  2⤵
  PID:2496
- C:\Windows\System\ewfOVpJ.exe
  C:\Windows\System\ewfOVpJ.exe
  2⤵
  PID:3448
- C:\Windows\System\UgtKEoh.exe
  C:\Windows\System\UgtKEoh.exe
  2⤵
  PID:3728
- C:\Windows\System\bANHdOF.exe
  C:\Windows\System\bANHdOF.exe
  2⤵
  PID:3632
- C:\Windows\System\hgIDUmj.exe
  C:\Windows\System\hgIDUmj.exe
  2⤵
  PID:3748
- C:\Windows\System\VdRUqjN.exe
  C:\Windows\System\VdRUqjN.exe
  2⤵
  PID:3848
- C:\Windows\System\AgXhTPK.exe
  C:\Windows\System\AgXhTPK.exe
  2⤵
  PID:3808
- C:\Windows\System\QsUjdkx.exe
  C:\Windows\System\QsUjdkx.exe
  2⤵
  PID:3924
- C:\Windows\System\ekMnrPl.exe
  C:\Windows\System\ekMnrPl.exe
  2⤵
  PID:4032
- C:\Windows\System\URgJFIY.exe
  C:\Windows\System\URgJFIY.exe
  2⤵
  PID:3868
- C:\Windows\System\JRbNWyo.exe
  C:\Windows\System\JRbNWyo.exe
  2⤵
  PID:3828
- C:\Windows\System\XXOjLfU.exe
  C:\Windows\System\XXOjLfU.exe
  2⤵
  PID:2428
- C:\Windows\System\DdlcMuy.exe
  C:\Windows\System\DdlcMuy.exe
  2⤵
  PID:2828
- C:\Windows\System\vbGaufv.exe
  C:\Windows\System\vbGaufv.exe
  2⤵
  PID:3944
- C:\Windows\System\UeshmIN.exe
  C:\Windows\System\UeshmIN.exe
  2⤵
  PID:3144
- C:\Windows\System\igiVGvQ.exe
  C:\Windows\System\igiVGvQ.exe
  2⤵
  PID:1520
- C:\Windows\System\aMCZeRV.exe
  C:\Windows\System\aMCZeRV.exe
  2⤵
  PID:2280
- C:\Windows\System\vPJQxPK.exe
  C:\Windows\System\vPJQxPK.exe
  2⤵
  PID:3320
- C:\Windows\System\dHXjssk.exe
  C:\Windows\System\dHXjssk.exe
  2⤵
  PID:852
- C:\Windows\System\LmGcSPi.exe
  C:\Windows\System\LmGcSPi.exe
  2⤵
  PID:2960
- C:\Windows\System\zQdtlBz.exe
  C:\Windows\System\zQdtlBz.exe
  2⤵
  PID:3288
- C:\Windows\System\KFFCyap.exe
  C:\Windows\System\KFFCyap.exe
  2⤵
  PID:3468
- C:\Windows\System\PDPfKqO.exe
  C:\Windows\System\PDPfKqO.exe
  2⤵
  PID:3576
- C:\Windows\System\aABfErc.exe
  C:\Windows\System\aABfErc.exe
  2⤵
  PID:4104
- C:\Windows\System\mSajBwU.exe
  C:\Windows\System\mSajBwU.exe
  2⤵
  PID:4124
- C:\Windows\System\sbXJLrc.exe
  C:\Windows\System\sbXJLrc.exe
  2⤵
  PID:4144
- C:\Windows\System\zsulxHg.exe
  C:\Windows\System\zsulxHg.exe
  2⤵
  PID:4164
- C:\Windows\System\dwiOMSj.exe
  C:\Windows\System\dwiOMSj.exe
  2⤵
  PID:4184
- C:\Windows\System\WnPdxdE.exe
  C:\Windows\System\WnPdxdE.exe
  2⤵
  PID:4204
- C:\Windows\System\xuvgAcJ.exe
  C:\Windows\System\xuvgAcJ.exe
  2⤵
  PID:4224
- C:\Windows\System\tiqhCJJ.exe
  C:\Windows\System\tiqhCJJ.exe
  2⤵
  PID:4244
- C:\Windows\System\OGnFOvV.exe
  C:\Windows\System\OGnFOvV.exe
  2⤵
  PID:4264
- C:\Windows\System\JvERVrc.exe
  C:\Windows\System\JvERVrc.exe
  2⤵
  PID:4284
- C:\Windows\System\AQlBhQj.exe
  C:\Windows\System\AQlBhQj.exe
  2⤵
  PID:4304
- C:\Windows\System\NmbYfgE.exe
  C:\Windows\System\NmbYfgE.exe
  2⤵
  PID:4324
- C:\Windows\System\PTPJgXU.exe
  C:\Windows\System\PTPJgXU.exe
  2⤵
  PID:4344
- C:\Windows\System\uHzpzlH.exe
  C:\Windows\System\uHzpzlH.exe
  2⤵
  PID:4364
- C:\Windows\System\mOgwAXT.exe
  C:\Windows\System\mOgwAXT.exe
  2⤵
  PID:4388
- C:\Windows\System\MCUvjuU.exe
  C:\Windows\System\MCUvjuU.exe
  2⤵
  PID:4408
- C:\Windows\System\ftWxKja.exe
  C:\Windows\System\ftWxKja.exe
  2⤵
  PID:4428
- C:\Windows\System\LmEYGBx.exe
  C:\Windows\System\LmEYGBx.exe
  2⤵
  PID:4448
- C:\Windows\System\gCJSGFJ.exe
  C:\Windows\System\gCJSGFJ.exe
  2⤵
  PID:4468
- C:\Windows\System\BHAkTYe.exe
  C:\Windows\System\BHAkTYe.exe
  2⤵
  PID:4488
- C:\Windows\System\STjTYNG.exe
  C:\Windows\System\STjTYNG.exe
  2⤵
  PID:4508
- C:\Windows\System\wtCHGYC.exe
  C:\Windows\System\wtCHGYC.exe
  2⤵
  PID:4528
- C:\Windows\System\wIwuxAs.exe
  C:\Windows\System\wIwuxAs.exe
  2⤵
  PID:4552
- C:\Windows\System\eDUqWWO.exe
  C:\Windows\System\eDUqWWO.exe
  2⤵
  PID:4572
- C:\Windows\System\brwzduq.exe
  C:\Windows\System\brwzduq.exe
  2⤵
  PID:4588
- C:\Windows\System\MCXlwzV.exe
  C:\Windows\System\MCXlwzV.exe
  2⤵
  PID:4612
- C:\Windows\System\KwIQTPR.exe
  C:\Windows\System\KwIQTPR.exe
  2⤵
  PID:4632
- C:\Windows\System\EANJNCV.exe
  C:\Windows\System\EANJNCV.exe
  2⤵
  PID:4652
- C:\Windows\System\EQKnQyL.exe
  C:\Windows\System\EQKnQyL.exe
  2⤵
  PID:4672
- C:\Windows\System\QNdDJvP.exe
  C:\Windows\System\QNdDJvP.exe
  2⤵
  PID:4688
- C:\Windows\System\lLJgAsy.exe
  C:\Windows\System\lLJgAsy.exe
  2⤵
  PID:4708
- C:\Windows\System\kXqiIKV.exe
  C:\Windows\System\kXqiIKV.exe
  2⤵
  PID:4732
- C:\Windows\System\IEQqARN.exe
  C:\Windows\System\IEQqARN.exe
  2⤵
  PID:4756
- C:\Windows\System\ZxNVHkF.exe
  C:\Windows\System\ZxNVHkF.exe
  2⤵
  PID:4776
- C:\Windows\System\dLJAiKU.exe
  C:\Windows\System\dLJAiKU.exe
  2⤵
  PID:4796
- C:\Windows\System\kLWadRh.exe
  C:\Windows\System\kLWadRh.exe
  2⤵
  PID:4812
- C:\Windows\System\ZOvVXad.exe
  C:\Windows\System\ZOvVXad.exe
  2⤵
  PID:4836
- C:\Windows\System\YGxlyCf.exe
  C:\Windows\System\YGxlyCf.exe
  2⤵
  PID:4856
- C:\Windows\System\ejynsOP.exe
  C:\Windows\System\ejynsOP.exe
  2⤵
  PID:4876
- C:\Windows\System\BkZTGkQ.exe
  C:\Windows\System\BkZTGkQ.exe
  2⤵
  PID:4896
- C:\Windows\System\OsvXqVg.exe
  C:\Windows\System\OsvXqVg.exe
  2⤵
  PID:4912
- C:\Windows\System\KZUAPOm.exe
  C:\Windows\System\KZUAPOm.exe
  2⤵
  PID:4936
- C:\Windows\System\DhcohAR.exe
  C:\Windows\System\DhcohAR.exe
  2⤵
  PID:4956
- C:\Windows\System\uQgGaYf.exe
  C:\Windows\System\uQgGaYf.exe
  2⤵
  PID:4976
- C:\Windows\System\TXeqeOM.exe
  C:\Windows\System\TXeqeOM.exe
  2⤵
  PID:4996
- C:\Windows\System\UAJNIix.exe
  C:\Windows\System\UAJNIix.exe
  2⤵
  PID:5016
- C:\Windows\System\egnsUhm.exe
  C:\Windows\System\egnsUhm.exe
  2⤵
  PID:5032
- C:\Windows\System\maTlPfX.exe
  C:\Windows\System\maTlPfX.exe
  2⤵
  PID:5060
- C:\Windows\System\sqqGEew.exe
  C:\Windows\System\sqqGEew.exe
  2⤵
  PID:5080
- C:\Windows\System\hIqMfhx.exe
  C:\Windows\System\hIqMfhx.exe
  2⤵
  PID:5100
- C:\Windows\System\Fkjixic.exe
  C:\Windows\System\Fkjixic.exe
  2⤵
  PID:3692
- C:\Windows\System\XlOhRel.exe
  C:\Windows\System\XlOhRel.exe
  2⤵
  PID:3584
- C:\Windows\System\fNSFuVt.exe
  C:\Windows\System\fNSFuVt.exe
  2⤵
  PID:3928
- C:\Windows\System\EkkoQNJ.exe
  C:\Windows\System\EkkoQNJ.exe
  2⤵
  PID:4060
- C:\Windows\System\HIEytHL.exe
  C:\Windows\System\HIEytHL.exe
  2⤵
  PID:2220
- C:\Windows\System\UpcXZxV.exe
  C:\Windows\System\UpcXZxV.exe
  2⤵
  PID:3012
- C:\Windows\System\nAxSezu.exe
  C:\Windows\System\nAxSezu.exe
  2⤵
  PID:4048
- C:\Windows\System\htKNTIZ.exe
  C:\Windows\System\htKNTIZ.exe
  2⤵
  PID:1016
- C:\Windows\System\RofVzmN.exe
  C:\Windows\System\RofVzmN.exe
  2⤵
  PID:2516
- C:\Windows\System\YzsqGne.exe
  C:\Windows\System\YzsqGne.exe
  2⤵
  PID:3240
- C:\Windows\System\QgKQPqe.exe
  C:\Windows\System\QgKQPqe.exe
  2⤵
  PID:2508
- C:\Windows\System\ernVpJw.exe
  C:\Windows\System\ernVpJw.exe
  2⤵
  PID:3500
- C:\Windows\System\NIuJZFr.exe
  C:\Windows\System\NIuJZFr.exe
  2⤵
  PID:4132
- C:\Windows\System\UpLeUaB.exe
  C:\Windows\System\UpLeUaB.exe
  2⤵
  PID:4140
- C:\Windows\System\CPkSAOF.exe
  C:\Windows\System\CPkSAOF.exe
  2⤵
  PID:4176
- C:\Windows\System\rsTZWgF.exe
  C:\Windows\System\rsTZWgF.exe
  2⤵
  PID:4212
- C:\Windows\System\AdpspUi.exe
  C:\Windows\System\AdpspUi.exe
  2⤵
  PID:4256
- C:\Windows\System\pauzYRw.exe
  C:\Windows\System\pauzYRw.exe
  2⤵
  PID:4236
- C:\Windows\System\EcVqxjy.exe
  C:\Windows\System\EcVqxjy.exe
  2⤵
  PID:4312
- C:\Windows\System\hVIMIgv.exe
  C:\Windows\System\hVIMIgv.exe
  2⤵
  PID:4352
- C:\Windows\System\vOWLvIF.exe
  C:\Windows\System\vOWLvIF.exe
  2⤵
  PID:4356
- C:\Windows\System\cTlWOmD.exe
  C:\Windows\System\cTlWOmD.exe
  2⤵
  PID:4420
- C:\Windows\System\DRLsWSz.exe
  C:\Windows\System\DRLsWSz.exe
  2⤵
  PID:4496
- C:\Windows\System\DXkzQtS.exe
  C:\Windows\System\DXkzQtS.exe
  2⤵
  PID:4440
- C:\Windows\System\QeVzUOW.exe
  C:\Windows\System\QeVzUOW.exe
  2⤵
  PID:4536
- C:\Windows\System\UvsAnps.exe
  C:\Windows\System\UvsAnps.exe
  2⤵
  PID:4548
- C:\Windows\System\YpDLczP.exe
  C:\Windows\System\YpDLczP.exe
  2⤵
  PID:4564
- C:\Windows\System\cTPRbSF.exe
  C:\Windows\System\cTPRbSF.exe
  2⤵
  PID:4600
- C:\Windows\System\iIekbRQ.exe
  C:\Windows\System\iIekbRQ.exe
  2⤵
  PID:4648
- C:\Windows\System\ASCvqFF.exe
  C:\Windows\System\ASCvqFF.exe
  2⤵
  PID:4696
- C:\Windows\System\kImPLfP.exe
  C:\Windows\System\kImPLfP.exe
  2⤵
  PID:4740
- C:\Windows\System\woGBlxk.exe
  C:\Windows\System\woGBlxk.exe
  2⤵
  PID:4728
- C:\Windows\System\ptRiTfT.exe
  C:\Windows\System\ptRiTfT.exe
  2⤵
  PID:4792
- C:\Windows\System\KyupLno.exe
  C:\Windows\System\KyupLno.exe
  2⤵
  PID:4820
- C:\Windows\System\OQAMIsw.exe
  C:\Windows\System\OQAMIsw.exe
  2⤵
  PID:4808
- C:\Windows\System\KFrXgZv.exe
  C:\Windows\System\KFrXgZv.exe
  2⤵
  PID:4872
- C:\Windows\System\tBQmquD.exe
  C:\Windows\System\tBQmquD.exe
  2⤵
  PID:4884
- C:\Windows\System\dWEsCAc.exe
  C:\Windows\System\dWEsCAc.exe
  2⤵
  PID:4932
- C:\Windows\System\yqnuGvR.exe
  C:\Windows\System\yqnuGvR.exe
  2⤵
  PID:4992
- C:\Windows\System\zbASrGP.exe
  C:\Windows\System\zbASrGP.exe
  2⤵
  PID:4968
- C:\Windows\System\uHFVlxH.exe
  C:\Windows\System\uHFVlxH.exe
  2⤵
  PID:5040
- C:\Windows\System\EwIQCHm.exe
  C:\Windows\System\EwIQCHm.exe
  2⤵
  PID:5076
- C:\Windows\System\LLZrcQj.exe
  C:\Windows\System\LLZrcQj.exe
  2⤵
  PID:5096
- C:\Windows\System\acjZszU.exe
  C:\Windows\System\acjZszU.exe
  2⤵
  PID:3636
- C:\Windows\System\jRygTjV.exe
  C:\Windows\System\jRygTjV.exe
  2⤵
  PID:3796
- C:\Windows\System\oqkNxBc.exe
  C:\Windows\System\oqkNxBc.exe
  2⤵
  PID:4044
- C:\Windows\System\VgkxHvk.exe
  C:\Windows\System\VgkxHvk.exe
  2⤵
  PID:4064
- C:\Windows\System\cpBYKzp.exe
  C:\Windows\System\cpBYKzp.exe
  2⤵
  PID:2128
- C:\Windows\System\NpnilIU.exe
  C:\Windows\System\NpnilIU.exe
  2⤵
  PID:3736
- C:\Windows\System\uwphYHW.exe
  C:\Windows\System\uwphYHW.exe
  2⤵
  PID:3656
- C:\Windows\System\cyfvolp.exe
  C:\Windows\System\cyfvolp.exe
  2⤵
  PID:4156
- C:\Windows\System\cxrzXzN.exe
  C:\Windows\System\cxrzXzN.exe
  2⤵
  PID:4216
- C:\Windows\System\RQYlSUy.exe
  C:\Windows\System\RQYlSUy.exe
  2⤵
  PID:4296
- C:\Windows\System\YloOfhz.exe
  C:\Windows\System\YloOfhz.exe
  2⤵
  PID:4232
- C:\Windows\System\elSXtMK.exe
  C:\Windows\System\elSXtMK.exe
  2⤵
  PID:4376
- C:\Windows\System\cBBcTcu.exe
  C:\Windows\System\cBBcTcu.exe
  2⤵
  PID:4460
- C:\Windows\System\dlPOHVM.exe
  C:\Windows\System\dlPOHVM.exe
  2⤵
  PID:4400
- C:\Windows\System\aKGBkyO.exe
  C:\Windows\System\aKGBkyO.exe
  2⤵
  PID:4480
- C:\Windows\System\vnkJxNi.exe
  C:\Windows\System\vnkJxNi.exe
  2⤵
  PID:4520
- C:\Windows\System\JvJKQTP.exe
  C:\Windows\System\JvJKQTP.exe
  2⤵
  PID:4660
- C:\Windows\System\NZdqnzd.exe
  C:\Windows\System\NZdqnzd.exe
  2⤵
  PID:4596
- C:\Windows\System\fXzGEYu.exe
  C:\Windows\System\fXzGEYu.exe
  2⤵
  PID:4664
- C:\Windows\System\SyMkDQn.exe
  C:\Windows\System\SyMkDQn.exe
  2⤵
  PID:4832
- C:\Windows\System\AcKiqMn.exe
  C:\Windows\System\AcKiqMn.exe
  2⤵
  PID:4788
- C:\Windows\System\aWTAcRk.exe
  C:\Windows\System\aWTAcRk.exe
  2⤵
  PID:4904
- C:\Windows\System\irYIstP.exe
  C:\Windows\System\irYIstP.exe
  2⤵
  PID:4984
- C:\Windows\System\niATHBB.exe
  C:\Windows\System\niATHBB.exe
  2⤵
  PID:5024
- C:\Windows\System\HMWjvoF.exe
  C:\Windows\System\HMWjvoF.exe
  2⤵
  PID:5056
- C:\Windows\System\KnGZNrE.exe
  C:\Windows\System\KnGZNrE.exe
  2⤵
  PID:5112
- C:\Windows\System\ProbCTV.exe
  C:\Windows\System\ProbCTV.exe
  2⤵
  PID:2904
- C:\Windows\System\OmsGnYW.exe
  C:\Windows\System\OmsGnYW.exe
  2⤵
  PID:2916
- C:\Windows\System\MKcBKLV.exe
  C:\Windows\System\MKcBKLV.exe
  2⤵
  PID:2360
- C:\Windows\System\DBGuUfj.exe
  C:\Windows\System\DBGuUfj.exe
  2⤵
  PID:2240
- C:\Windows\System\VEwYMWh.exe
  C:\Windows\System\VEwYMWh.exe
  2⤵
  PID:4160
- C:\Windows\System\GBHcyKN.exe
  C:\Windows\System\GBHcyKN.exe
  2⤵
  PID:3556
- C:\Windows\System\EgcrMgR.exe
  C:\Windows\System\EgcrMgR.exe
  2⤵
  PID:4200
- C:\Windows\System\vaziNQz.exe
  C:\Windows\System\vaziNQz.exe
  2⤵
  PID:4240
- C:\Windows\System\SKrObPg.exe
  C:\Windows\System\SKrObPg.exe
  2⤵
  PID:4416
- C:\Windows\System\QkNRJSj.exe
  C:\Windows\System\QkNRJSj.exe
  2⤵
  PID:4584
- C:\Windows\System\oiNgRxg.exe
  C:\Windows\System\oiNgRxg.exe
  2⤵
  PID:1664
- C:\Windows\System\NOwtNOL.exe
  C:\Windows\System\NOwtNOL.exe
  2⤵
  PID:4772
- C:\Windows\System\OHdjiXW.exe
  C:\Windows\System\OHdjiXW.exe
  2⤵
  PID:4640
- C:\Windows\System\ccOPXHs.exe
  C:\Windows\System\ccOPXHs.exe
  2⤵
  PID:4784
- C:\Windows\System\xhdlYmk.exe
  C:\Windows\System\xhdlYmk.exe
  2⤵
  PID:4748
- C:\Windows\System\nkhpbgz.exe
  C:\Windows\System\nkhpbgz.exe
  2⤵
  PID:3140
- C:\Windows\System\XlJMJcg.exe
  C:\Windows\System\XlJMJcg.exe
  2⤵
  PID:2932
- C:\Windows\System\fZCGlmS.exe
  C:\Windows\System\fZCGlmS.exe
  2⤵
  PID:932
- C:\Windows\System\VmhdQgI.exe
  C:\Windows\System\VmhdQgI.exe
  2⤵
  PID:4964
- C:\Windows\System\YlyNtVd.exe
  C:\Windows\System\YlyNtVd.exe
  2⤵
  PID:4028
- C:\Windows\System\ddTuXtR.exe
  C:\Windows\System\ddTuXtR.exe
  2⤵
  PID:5136
- C:\Windows\System\uigjlgp.exe
  C:\Windows\System\uigjlgp.exe
  2⤵
  PID:5156
- C:\Windows\System\corjQyA.exe
  C:\Windows\System\corjQyA.exe
  2⤵
  PID:5176
- C:\Windows\System\cArPZPz.exe
  C:\Windows\System\cArPZPz.exe
  2⤵
  PID:5196
- C:\Windows\System\PxBYmtU.exe
  C:\Windows\System\PxBYmtU.exe
  2⤵
  PID:5216
- C:\Windows\System\rwtkgql.exe
  C:\Windows\System\rwtkgql.exe
  2⤵
  PID:5236
- C:\Windows\System\BWoTeLG.exe
  C:\Windows\System\BWoTeLG.exe
  2⤵
  PID:5256
- C:\Windows\System\PIpGzDw.exe
  C:\Windows\System\PIpGzDw.exe
  2⤵
  PID:5272
- C:\Windows\System\VTIlemH.exe
  C:\Windows\System\VTIlemH.exe
  2⤵
  PID:5292
- C:\Windows\System\zhyYGlG.exe
  C:\Windows\System\zhyYGlG.exe
  2⤵
  PID:5312
- C:\Windows\System\qaTFOdi.exe
  C:\Windows\System\qaTFOdi.exe
  2⤵
  PID:5328
- C:\Windows\System\RBWIoYG.exe
  C:\Windows\System\RBWIoYG.exe
  2⤵
  PID:5344
- C:\Windows\System\hgxpsHA.exe
  C:\Windows\System\hgxpsHA.exe
  2⤵
  PID:5368
- C:\Windows\System\kjczvXN.exe
  C:\Windows\System\kjczvXN.exe
  2⤵
  PID:5388
- C:\Windows\System\Sznprzt.exe
  C:\Windows\System\Sznprzt.exe
  2⤵
  PID:5408
- C:\Windows\System\WNymwZU.exe
  C:\Windows\System\WNymwZU.exe
  2⤵
  PID:5424
- C:\Windows\System\zOphyYQ.exe
  C:\Windows\System\zOphyYQ.exe
  2⤵
  PID:5448
- C:\Windows\System\nWMgCAd.exe
  C:\Windows\System\nWMgCAd.exe
  2⤵
  PID:5472
- C:\Windows\System\XDHZsKL.exe
  C:\Windows\System\XDHZsKL.exe
  2⤵
  PID:5508
- C:\Windows\System\IeKLPWN.exe
  C:\Windows\System\IeKLPWN.exe
  2⤵
  PID:5532
- C:\Windows\System\DdzpkVm.exe
  C:\Windows\System\DdzpkVm.exe
  2⤵
  PID:5556
- C:\Windows\System\vyjnKoJ.exe
  C:\Windows\System\vyjnKoJ.exe
  2⤵
  PID:5580
- C:\Windows\System\LxBrYDJ.exe
  C:\Windows\System\LxBrYDJ.exe
  2⤵
  PID:5596
- C:\Windows\System\qSLIOjT.exe
  C:\Windows\System\qSLIOjT.exe
  2⤵
  PID:5620
- C:\Windows\System\xXoauNk.exe
  C:\Windows\System\xXoauNk.exe
  2⤵
  PID:5636
- C:\Windows\System\wiAusJh.exe
  C:\Windows\System\wiAusJh.exe
  2⤵
  PID:5660
- C:\Windows\System\hyBbxrg.exe
  C:\Windows\System\hyBbxrg.exe
  2⤵
  PID:5676
- C:\Windows\System\CyQifuO.exe
  C:\Windows\System\CyQifuO.exe
  2⤵
  PID:5700
- C:\Windows\System\PmcSfIy.exe
  C:\Windows\System\PmcSfIy.exe
  2⤵
  PID:5716
- C:\Windows\System\ldImRLe.exe
  C:\Windows\System\ldImRLe.exe
  2⤵
  PID:5740
- C:\Windows\System\mEeFUMZ.exe
  C:\Windows\System\mEeFUMZ.exe
  2⤵
  PID:5760
- C:\Windows\System\kZDRTfu.exe
  C:\Windows\System\kZDRTfu.exe
  2⤵
  PID:5784
- C:\Windows\System\otzfXRe.exe
  C:\Windows\System\otzfXRe.exe
  2⤵
  PID:5800
- C:\Windows\System\eGkFOYH.exe
  C:\Windows\System\eGkFOYH.exe
  2⤵
  PID:5828
- C:\Windows\System\cfgiZHz.exe
  C:\Windows\System\cfgiZHz.exe
  2⤵
  PID:5848
- C:\Windows\System\WMVSudI.exe
  C:\Windows\System\WMVSudI.exe
  2⤵
  PID:5864
- C:\Windows\System\pvgjUfp.exe
  C:\Windows\System\pvgjUfp.exe
  2⤵
  PID:5884
- C:\Windows\System\PLdAeZc.exe
  C:\Windows\System\PLdAeZc.exe
  2⤵
  PID:5904
- C:\Windows\System\YQHYqIp.exe
  C:\Windows\System\YQHYqIp.exe
  2⤵
  PID:5924
- C:\Windows\System\bZkzZli.exe
  C:\Windows\System\bZkzZli.exe
  2⤵
  PID:5944
- C:\Windows\System\IOOBAjf.exe
  C:\Windows\System\IOOBAjf.exe
  2⤵
  PID:5968
- C:\Windows\System\MmyTSfE.exe
  C:\Windows\System\MmyTSfE.exe
  2⤵
  PID:5984
- C:\Windows\System\NiEMbKC.exe
  C:\Windows\System\NiEMbKC.exe
  2⤵
  PID:6004
- C:\Windows\System\nDyXkWm.exe
  C:\Windows\System\nDyXkWm.exe
  2⤵
  PID:6028
- C:\Windows\System\PpCnNED.exe
  C:\Windows\System\PpCnNED.exe
  2⤵
  PID:6044
- C:\Windows\System\fGJYYjz.exe
  C:\Windows\System\fGJYYjz.exe
  2⤵
  PID:6068
- C:\Windows\System\TSvmMVd.exe
  C:\Windows\System\TSvmMVd.exe
  2⤵
  PID:6088
- C:\Windows\System\VhmAqiP.exe
  C:\Windows\System\VhmAqiP.exe
  2⤵
  PID:6108
- C:\Windows\System\tjfsHcS.exe
  C:\Windows\System\tjfsHcS.exe
  2⤵
  PID:6124
- C:\Windows\System\kmQdIQP.exe
  C:\Windows\System\kmQdIQP.exe
  2⤵
  PID:6140
- C:\Windows\System\HakVoHQ.exe
  C:\Windows\System\HakVoHQ.exe
  2⤵
  PID:3312
- C:\Windows\System\HZGuNrI.exe
  C:\Windows\System\HZGuNrI.exe
  2⤵
  PID:236
- C:\Windows\System\cudfavt.exe
  C:\Windows\System\cudfavt.exe
  2⤵
  PID:4952
- C:\Windows\System\YbtGfBe.exe
  C:\Windows\System\YbtGfBe.exe
  2⤵
  PID:3612
- C:\Windows\System\pnpgBEL.exe
  C:\Windows\System\pnpgBEL.exe
  2⤵
  PID:5188
- C:\Windows\System\BIlBICj.exe
  C:\Windows\System\BIlBICj.exe
  2⤵
  PID:5264
- C:\Windows\System\EEzCBZQ.exe
  C:\Windows\System\EEzCBZQ.exe
  2⤵
  PID:4196
- C:\Windows\System\cUjQjYx.exe
  C:\Windows\System\cUjQjYx.exe
  2⤵
  PID:4484
- C:\Windows\System\kjEFAYB.exe
  C:\Windows\System\kjEFAYB.exe
  2⤵
  PID:5380
- C:\Windows\System\SvvpDDR.exe
  C:\Windows\System\SvvpDDR.exe
  2⤵
  PID:4948
- C:\Windows\System\RVKONXE.exe
  C:\Windows\System\RVKONXE.exe
  2⤵
  PID:4716
- C:\Windows\System\QbUKhYC.exe
  C:\Windows\System\QbUKhYC.exe
  2⤵
  PID:5124
- C:\Windows\System\rGoUbJJ.exe
  C:\Windows\System\rGoUbJJ.exe
  2⤵
  PID:5172
- C:\Windows\System\APRgEWe.exe
  C:\Windows\System\APRgEWe.exe
  2⤵
  PID:676
- C:\Windows\System\QKWbDGg.exe
  C:\Windows\System\QKWbDGg.exe
  2⤵
  PID:5288
- C:\Windows\System\ISmDJiN.exe
  C:\Windows\System\ISmDJiN.exe
  2⤵
  PID:2616
- C:\Windows\System\nTmUICk.exe
  C:\Windows\System\nTmUICk.exe
  2⤵
  PID:2492
- C:\Windows\System\MNnBIxX.exe
  C:\Windows\System\MNnBIxX.exe
  2⤵
  PID:5208
- C:\Windows\System\vHZehWO.exe
  C:\Windows\System\vHZehWO.exe
  2⤵
  PID:5352
- C:\Windows\System\NmbINhh.exe
  C:\Windows\System\NmbINhh.exe
  2⤵
  PID:5248
- C:\Windows\System\vPACpOg.exe
  C:\Windows\System\vPACpOg.exe
  2⤵
  PID:5516
- C:\Windows\System\sebbhIo.exe
  C:\Windows\System\sebbhIo.exe
  2⤵
  PID:5480
- C:\Windows\System\mRVoqxf.exe
  C:\Windows\System\mRVoqxf.exe
  2⤵
  PID:5500
- C:\Windows\System\XxFimff.exe
  C:\Windows\System\XxFimff.exe
  2⤵
  PID:5604
- C:\Windows\System\sNNpjlV.exe
  C:\Windows\System\sNNpjlV.exe
  2⤵
  PID:5540
- C:\Windows\System\npkdqBj.exe
  C:\Windows\System\npkdqBj.exe
  2⤵
  PID:5644
- C:\Windows\System\ZuwIAdk.exe
  C:\Windows\System\ZuwIAdk.exe
  2⤵
  PID:5648
- C:\Windows\System\ASRLvCD.exe
  C:\Windows\System\ASRLvCD.exe
  2⤵
  PID:5724
- C:\Windows\System\NjuMlxF.exe
  C:\Windows\System\NjuMlxF.exe
  2⤵
  PID:5672
- C:\Windows\System\vTpxWmY.exe
  C:\Windows\System\vTpxWmY.exe
  2⤵
  PID:5808
- C:\Windows\System\nOixmMT.exe
  C:\Windows\System\nOixmMT.exe
  2⤵
  PID:5816
- C:\Windows\System\fhsdHdP.exe
  C:\Windows\System\fhsdHdP.exe
  2⤵
  PID:5792
- C:\Windows\System\qMfbDoW.exe
  C:\Windows\System\qMfbDoW.exe
  2⤵
  PID:5840
- C:\Windows\System\fTJMzEK.exe
  C:\Windows\System\fTJMzEK.exe
  2⤵
  PID:5940
- C:\Windows\System\DDLGpvv.exe
  C:\Windows\System\DDLGpvv.exe
  2⤵
  PID:6012
- C:\Windows\System\IChTOJf.exe
  C:\Windows\System\IChTOJf.exe
  2⤵
  PID:6052
- C:\Windows\System\rMnPYYr.exe
  C:\Windows\System\rMnPYYr.exe
  2⤵
  PID:6096
- C:\Windows\System\avhjRAN.exe
  C:\Windows\System\avhjRAN.exe
  2⤵
  PID:5956
- C:\Windows\System\vjmGJGL.exe
  C:\Windows\System\vjmGJGL.exe
  2⤵
  PID:5964
- C:\Windows\System\nqLuBnb.exe
  C:\Windows\System\nqLuBnb.exe
  2⤵
  PID:5992
- C:\Windows\System\BItunrH.exe
  C:\Windows\System\BItunrH.exe
  2⤵
  PID:6040
- C:\Windows\System\ifktBff.exe
  C:\Windows\System\ifktBff.exe
  2⤵
  PID:5228
- C:\Windows\System\SLmjoNX.exe
  C:\Windows\System\SLmjoNX.exe
  2⤵
  PID:4888
- C:\Windows\System\tyWEhaj.exe
  C:\Windows\System\tyWEhaj.exe
  2⤵
  PID:5232
- C:\Windows\System\EnRWEGo.exe
  C:\Windows\System\EnRWEGo.exe
  2⤵
  PID:4504
- C:\Windows\System\GxogJDv.exe
  C:\Windows\System\GxogJDv.exe
  2⤵
  PID:5008
- C:\Windows\System\kyEnJbL.exe
  C:\Windows\System\kyEnJbL.exe
  2⤵
  PID:5404
- C:\Windows\System\SAtuhyH.exe
  C:\Windows\System\SAtuhyH.exe
  2⤵
  PID:5320
- C:\Windows\System\xhLoOKH.exe
  C:\Windows\System\xhLoOKH.exe
  2⤵
  PID:5528
- C:\Windows\System\GMFtVOh.exe
  C:\Windows\System\GMFtVOh.exe
  2⤵
  PID:5304
- C:\Windows\System\CsHNBvv.exe
  C:\Windows\System\CsHNBvv.exe
  2⤵
  PID:5568
- C:\Windows\System\tGAgeam.exe
  C:\Windows\System\tGAgeam.exe
  2⤵
  PID:3996
- C:\Windows\System\bvefkaq.exe
  C:\Windows\System\bvefkaq.exe
  2⤵
  PID:5588
- C:\Windows\System\pHjiDkU.exe
  C:\Windows\System\pHjiDkU.exe
  2⤵
  PID:5252
- C:\Windows\System\dzmlwmf.exe
  C:\Windows\System\dzmlwmf.exe
  2⤵
  PID:5708
- C:\Windows\System\VHeqbqH.exe
  C:\Windows\System\VHeqbqH.exe
  2⤵
  PID:5776
- C:\Windows\System\sWAIvgk.exe
  C:\Windows\System\sWAIvgk.exe
  2⤵
  PID:5796
- C:\Windows\System\qEpDExh.exe
  C:\Windows\System\qEpDExh.exe
  2⤵
  PID:5900
- C:\Windows\System\XeRQuCV.exe
  C:\Windows\System\XeRQuCV.exe
  2⤵
  PID:5628
- C:\Windows\System\qXdGBbJ.exe
  C:\Windows\System\qXdGBbJ.exe
  2⤵
  PID:5488
- C:\Windows\System\qSPXHof.exe
  C:\Windows\System\qSPXHof.exe
  2⤵
  PID:6024
- C:\Windows\System\LUzDjKv.exe
  C:\Windows\System\LUzDjKv.exe
  2⤵
  PID:6104
- C:\Windows\System\rHlXNWT.exe
  C:\Windows\System\rHlXNWT.exe
  2⤵
  PID:5856
- C:\Windows\System\uLrXjUY.exe
  C:\Windows\System\uLrXjUY.exe
  2⤵
  PID:5980
- C:\Windows\System\RGTZTms.exe
  C:\Windows\System\RGTZTms.exe
  2⤵
  PID:6116
- C:\Windows\System\dppFFNp.exe
  C:\Windows\System\dppFFNp.exe
  2⤵
  PID:5960
- C:\Windows\System\tLwUKsy.exe
  C:\Windows\System\tLwUKsy.exe
  2⤵
  PID:6064
- C:\Windows\System\GPtuUou.exe
  C:\Windows\System\GPtuUou.exe
  2⤵
  PID:4436
- C:\Windows\System\jANoYAB.exe
  C:\Windows\System\jANoYAB.exe
  2⤵
  PID:6120
- C:\Windows\System\BpfnMYj.exe
  C:\Windows\System\BpfnMYj.exe
  2⤵
  PID:5148
- C:\Windows\System\JcscPCw.exe
  C:\Windows\System\JcscPCw.exe
  2⤵
  PID:2004
- C:\Windows\System\XvySaPB.exe
  C:\Windows\System\XvySaPB.exe
  2⤵
  PID:4560
- C:\Windows\System\ZWSwvev.exe
  C:\Windows\System\ZWSwvev.exe
  2⤵
  PID:2620
- C:\Windows\System\aghYDOx.exe
  C:\Windows\System\aghYDOx.exe
  2⤵
  PID:5576
- C:\Windows\System\QKEdAFj.exe
  C:\Windows\System\QKEdAFj.exe
  2⤵
  PID:5688
- C:\Windows\System\UHyNpvj.exe
  C:\Windows\System\UHyNpvj.exe
  2⤵
  PID:5696
- C:\Windows\System\RMbjMPZ.exe
  C:\Windows\System\RMbjMPZ.exe
  2⤵
  PID:1572
- C:\Windows\System\UIIQVlD.exe
  C:\Windows\System\UIIQVlD.exe
  2⤵
  PID:5444
- C:\Windows\System\ajojQeA.exe
  C:\Windows\System\ajojQeA.exe
  2⤵
  PID:2528
- C:\Windows\System\OXtIbaN.exe
  C:\Windows\System\OXtIbaN.exe
  2⤵
  PID:6016
- C:\Windows\System\XEkkFVF.exe
  C:\Windows\System\XEkkFVF.exe
  2⤵
  PID:5844
- C:\Windows\System\LljuMac.exe
  C:\Windows\System\LljuMac.exe
  2⤵
  PID:6076
- C:\Windows\System\nNGclWg.exe
  C:\Windows\System\nNGclWg.exe
  2⤵
  PID:6056
- C:\Windows\System\UGhDzEx.exe
  C:\Windows\System\UGhDzEx.exe
  2⤵
  PID:4544
- C:\Windows\System\sUtpHrh.exe
  C:\Windows\System\sUtpHrh.exe
  2⤵
  PID:1032
- C:\Windows\System\isKtoXH.exe
  C:\Windows\System\isKtoXH.exe
  2⤵
  PID:5152
- C:\Windows\System\lBZBerM.exe
  C:\Windows\System\lBZBerM.exe
  2⤵
  PID:5360
- C:\Windows\System\AmxYwAn.exe
  C:\Windows\System\AmxYwAn.exe
  2⤵
  PID:5416
- C:\Windows\System\klsEFtW.exe
  C:\Windows\System\klsEFtW.exe
  2⤵
  PID:2076
- C:\Windows\System\jkJZEqJ.exe
  C:\Windows\System\jkJZEqJ.exe
  2⤵
  PID:5468
- C:\Windows\System\lTDHebP.exe
  C:\Windows\System\lTDHebP.exe
  2⤵
  PID:5812
- C:\Windows\System\KqRZIuV.exe
  C:\Windows\System\KqRZIuV.exe
  2⤵
  PID:5976
- C:\Windows\System\JLbMiVl.exe
  C:\Windows\System\JLbMiVl.exe
  2⤵
  PID:5860
- C:\Windows\System\npVsyFE.exe
  C:\Windows\System\npVsyFE.exe
  2⤵
  PID:1992
- C:\Windows\System\mPqbfcf.exe
  C:\Windows\System\mPqbfcf.exe
  2⤵
  PID:5184
- C:\Windows\System\bXyftvb.exe
  C:\Windows\System\bXyftvb.exe
  2⤵
  PID:6156
- C:\Windows\System\OvBFvTz.exe
  C:\Windows\System\OvBFvTz.exe
  2⤵
  PID:6176
- C:\Windows\System\oHDBHmJ.exe
  C:\Windows\System\oHDBHmJ.exe
  2⤵
  PID:6196
- C:\Windows\System\jNooknH.exe
  C:\Windows\System\jNooknH.exe
  2⤵
  PID:6216
- C:\Windows\System\QDWiNZu.exe
  C:\Windows\System\QDWiNZu.exe
  2⤵
  PID:6232
- C:\Windows\System\mTGjOkA.exe
  C:\Windows\System\mTGjOkA.exe
  2⤵
  PID:6252
- C:\Windows\System\fkrDnui.exe
  C:\Windows\System\fkrDnui.exe
  2⤵
  PID:6272
- C:\Windows\System\TuzdEbc.exe
  C:\Windows\System\TuzdEbc.exe
  2⤵
  PID:6296
- C:\Windows\System\jpueZbF.exe
  C:\Windows\System\jpueZbF.exe
  2⤵
  PID:6320
- C:\Windows\System\TgZAZOc.exe
  C:\Windows\System\TgZAZOc.exe
  2⤵
  PID:6340
- C:\Windows\System\TRWgXsN.exe
  C:\Windows\System\TRWgXsN.exe
  2⤵
  PID:6360
- C:\Windows\System\NbVAEvs.exe
  C:\Windows\System\NbVAEvs.exe
  2⤵
  PID:6384
- C:\Windows\System\AUjEdAY.exe
  C:\Windows\System\AUjEdAY.exe
  2⤵
  PID:6404
- C:\Windows\System\exZESFN.exe
  C:\Windows\System\exZESFN.exe
  2⤵
  PID:6424
- C:\Windows\System\MdWMhEv.exe
  C:\Windows\System\MdWMhEv.exe
  2⤵
  PID:6444
- C:\Windows\System\qdbOklx.exe
  C:\Windows\System\qdbOklx.exe
  2⤵
  PID:6460
- C:\Windows\System\aGyHqhX.exe
  C:\Windows\System\aGyHqhX.exe
  2⤵
  PID:6484
- C:\Windows\System\kIYtSmh.exe
  C:\Windows\System\kIYtSmh.exe
  2⤵
  PID:6504
- C:\Windows\System\vWEXorC.exe
  C:\Windows\System\vWEXorC.exe
  2⤵
  PID:6524
- C:\Windows\System\UIKXRCQ.exe
  C:\Windows\System\UIKXRCQ.exe
  2⤵
  PID:6544
- C:\Windows\System\eiDdhuW.exe
  C:\Windows\System\eiDdhuW.exe
  2⤵
  PID:6564
- C:\Windows\System\natvhKv.exe
  C:\Windows\System\natvhKv.exe
  2⤵
  PID:6584
- C:\Windows\System\GBCSkgl.exe
  C:\Windows\System\GBCSkgl.exe
  2⤵
  PID:6604
- C:\Windows\System\rSucQgV.exe
  C:\Windows\System\rSucQgV.exe
  2⤵
  PID:6624
- C:\Windows\System\yjGjufU.exe
  C:\Windows\System\yjGjufU.exe
  2⤵
  PID:6644
- C:\Windows\System\VbIqPhz.exe
  C:\Windows\System\VbIqPhz.exe
  2⤵
  PID:6664
- C:\Windows\System\joQmAAi.exe
  C:\Windows\System\joQmAAi.exe
  2⤵
  PID:6680
- C:\Windows\System\vDRRJZx.exe
  C:\Windows\System\vDRRJZx.exe
  2⤵
  PID:6704
- C:\Windows\System\HiddGWw.exe
  C:\Windows\System\HiddGWw.exe
  2⤵
  PID:6724
- C:\Windows\System\ttQxltc.exe
  C:\Windows\System\ttQxltc.exe
  2⤵
  PID:6744
- C:\Windows\System\mESGWkW.exe
  C:\Windows\System\mESGWkW.exe
  2⤵
  PID:6764
- C:\Windows\System\eJvFMcu.exe
  C:\Windows\System\eJvFMcu.exe
  2⤵
  PID:6788
- C:\Windows\System\YzPxlmo.exe
  C:\Windows\System\YzPxlmo.exe
  2⤵
  PID:6808
- C:\Windows\System\FsFHbYZ.exe
  C:\Windows\System\FsFHbYZ.exe
  2⤵
  PID:6828
- C:\Windows\System\dMSLlrY.exe
  C:\Windows\System\dMSLlrY.exe
  2⤵
  PID:6848
- C:\Windows\System\fbIpQmm.exe
  C:\Windows\System\fbIpQmm.exe
  2⤵
  PID:6868
- C:\Windows\System\GNwsxCQ.exe
  C:\Windows\System\GNwsxCQ.exe
  2⤵
  PID:6888
- C:\Windows\System\VpvJWnS.exe
  C:\Windows\System\VpvJWnS.exe
  2⤵
  PID:6908
- C:\Windows\System\ipJlyXe.exe
  C:\Windows\System\ipJlyXe.exe
  2⤵
  PID:6924
- C:\Windows\System\EFFAaLZ.exe
  C:\Windows\System\EFFAaLZ.exe
  2⤵
  PID:6948
- C:\Windows\System\fSepbPc.exe
  C:\Windows\System\fSepbPc.exe
  2⤵
  PID:6968
- C:\Windows\System\oOfxQnv.exe
  C:\Windows\System\oOfxQnv.exe
  2⤵
  PID:6988
- C:\Windows\System\BXxxjcG.exe
  C:\Windows\System\BXxxjcG.exe
  2⤵
  PID:7008
- C:\Windows\System\smcchwy.exe
  C:\Windows\System\smcchwy.exe
  2⤵
  PID:7028
- C:\Windows\System\iBuKhpa.exe
  C:\Windows\System\iBuKhpa.exe
  2⤵
  PID:7048
- C:\Windows\System\gzbgHww.exe
  C:\Windows\System\gzbgHww.exe
  2⤵
  PID:7068
- C:\Windows\System\haRFFZz.exe
  C:\Windows\System\haRFFZz.exe
  2⤵
  PID:7088
- C:\Windows\System\pfdhkpk.exe
  C:\Windows\System\pfdhkpk.exe
  2⤵
  PID:7108
- C:\Windows\System\ULhVoEY.exe
  C:\Windows\System\ULhVoEY.exe
  2⤵
  PID:7128
- C:\Windows\System\lehqucj.exe
  C:\Windows\System\lehqucj.exe
  2⤵
  PID:7148
- C:\Windows\System\DRlJbHG.exe
  C:\Windows\System\DRlJbHG.exe
  2⤵
  PID:4280
- C:\Windows\System\PbwHAHU.exe
  C:\Windows\System\PbwHAHU.exe
  2⤵
  PID:5564
- C:\Windows\System\CLBAYKL.exe
  C:\Windows\System\CLBAYKL.exe
  2⤵
  PID:2748
- C:\Windows\System\CImdfCI.exe
  C:\Windows\System\CImdfCI.exe
  2⤵
  PID:5492
- C:\Windows\System\DRKXugu.exe
  C:\Windows\System\DRKXugu.exe
  2⤵
  PID:2704
- C:\Windows\System\WmUVeki.exe
  C:\Windows\System\WmUVeki.exe
  2⤵
  PID:5400
- C:\Windows\System\JJmDEda.exe
  C:\Windows\System\JJmDEda.exe
  2⤵
  PID:2636
- C:\Windows\System\jMRafsQ.exe
  C:\Windows\System\jMRafsQ.exe
  2⤵
  PID:3940
- C:\Windows\System\ZoJrKHs.exe
  C:\Windows\System\ZoJrKHs.exe
  2⤵
  PID:6188
- C:\Windows\System\toIzeka.exe
  C:\Windows\System\toIzeka.exe
  2⤵
  PID:6168
- C:\Windows\System\PwciSdN.exe
  C:\Windows\System\PwciSdN.exe
  2⤵
  PID:6208
- C:\Windows\System\oaYAIfA.exe
  C:\Windows\System\oaYAIfA.exe
  2⤵
  PID:6264
- C:\Windows\System\rOWDsiS.exe
  C:\Windows\System\rOWDsiS.exe
  2⤵
  PID:6244
- C:\Windows\System\valgULE.exe
  C:\Windows\System\valgULE.exe
  2⤵
  PID:6348
- C:\Windows\System\fhoWyLT.exe
  C:\Windows\System\fhoWyLT.exe
  2⤵
  PID:2648
- C:\Windows\System\ZAjBnJs.exe
  C:\Windows\System\ZAjBnJs.exe
  2⤵
  PID:6392
- C:\Windows\System\DIwbgMg.exe
  C:\Windows\System\DIwbgMg.exe
  2⤵
  PID:6412
- C:\Windows\System\vPnKZFC.exe
  C:\Windows\System\vPnKZFC.exe
  2⤵
  PID:6468
- C:\Windows\System\ZuGkouq.exe
  C:\Windows\System\ZuGkouq.exe
  2⤵
  PID:6456
- C:\Windows\System\eJCQKxN.exe
  C:\Windows\System\eJCQKxN.exe
  2⤵
  PID:6312
- C:\Windows\System\HESYeey.exe
  C:\Windows\System\HESYeey.exe
  2⤵
  PID:6540
- C:\Windows\System\IdfffcV.exe
  C:\Windows\System\IdfffcV.exe
  2⤵
  PID:6572
- C:\Windows\System\TbPfPEy.exe
  C:\Windows\System\TbPfPEy.exe
  2⤵
  PID:6576
- C:\Windows\System\rBIxDxu.exe
  C:\Windows\System\rBIxDxu.exe
  2⤵
  PID:6636
- C:\Windows\System\DMoAJAV.exe
  C:\Windows\System\DMoAJAV.exe
  2⤵
  PID:1748
- C:\Windows\System\kDZmKnU.exe
  C:\Windows\System\kDZmKnU.exe
  2⤵
  PID:6676
- C:\Windows\System\RMrnFaf.exe
  C:\Windows\System\RMrnFaf.exe
  2⤵
  PID:6692
- C:\Windows\System\BYCizqy.exe
  C:\Windows\System\BYCizqy.exe
  2⤵
  PID:6752
- C:\Windows\System\jAtBcHW.exe
  C:\Windows\System\jAtBcHW.exe
  2⤵
  PID:6796
- C:\Windows\System\iRCsyGJ.exe
  C:\Windows\System\iRCsyGJ.exe
  2⤵
  PID:6836
- C:\Windows\System\rsJgVNB.exe
  C:\Windows\System\rsJgVNB.exe
  2⤵
  PID:6840
- C:\Windows\System\uVtwPgc.exe
  C:\Windows\System\uVtwPgc.exe
  2⤵
  PID:6860
- C:\Windows\System\XuuzTAl.exe
  C:\Windows\System\XuuzTAl.exe
  2⤵
  PID:6916
- C:\Windows\System\GrrLzZY.exe
  C:\Windows\System\GrrLzZY.exe
  2⤵
  PID:6964
- C:\Windows\System\JJpSkqe.exe
  C:\Windows\System\JJpSkqe.exe
  2⤵
  PID:6940
- C:\Windows\System\eEtzozu.exe
  C:\Windows\System\eEtzozu.exe
  2⤵
  PID:7004
- C:\Windows\System\oefHPtJ.exe
  C:\Windows\System\oefHPtJ.exe
  2⤵
  PID:7056
- C:\Windows\System\zKplsFc.exe
  C:\Windows\System\zKplsFc.exe
  2⤵
  PID:7080
- C:\Windows\System\HmEYzOZ.exe
  C:\Windows\System\HmEYzOZ.exe
  2⤵
  PID:7104
- C:\Windows\System\ZWjDTaL.exe
  C:\Windows\System\ZWjDTaL.exe
  2⤵
  PID:7156
- C:\Windows\System\OhWTUGz.exe
  C:\Windows\System\OhWTUGz.exe
  2⤵
  PID:7140
- C:\Windows\System\YYCHujV.exe
  C:\Windows\System\YYCHujV.exe
  2⤵
  PID:4804
- C:\Windows\System\azggftM.exe
  C:\Windows\System\azggftM.exe
  2⤵
  PID:3056
- C:\Windows\System\hovINfJ.exe
  C:\Windows\System\hovINfJ.exe
  2⤵
  PID:5548
- C:\Windows\System\UjVanXE.exe
  C:\Windows\System\UjVanXE.exe
  2⤵
  PID:5496
- C:\Windows\System\AprtKhV.exe
  C:\Windows\System\AprtKhV.exe
  2⤵
  PID:1716
- C:\Windows\System\GHpwxZs.exe
  C:\Windows\System\GHpwxZs.exe
  2⤵
  PID:2884
- C:\Windows\System\nHHgreP.exe
  C:\Windows\System\nHHgreP.exe
  2⤵
  PID:6184
- C:\Windows\System\TgDHKIM.exe
  C:\Windows\System\TgDHKIM.exe
  2⤵
  PID:6164
- C:\Windows\System\JCRIgul.exe
  C:\Windows\System\JCRIgul.exe
  2⤵
  PID:6280
- C:\Windows\System\gVRpPMf.exe
  C:\Windows\System\gVRpPMf.exe
  2⤵
  PID:2820
- C:\Windows\System\iFpqJqq.exe
  C:\Windows\System\iFpqJqq.exe
  2⤵
  PID:6328
- C:\Windows\System\TRdbLMf.exe
  C:\Windows\System\TRdbLMf.exe
  2⤵
  PID:2992
- C:\Windows\System\lTwjFTr.exe
  C:\Windows\System\lTwjFTr.exe
  2⤵
  PID:6380
- C:\Windows\System\vQjkdBz.exe
  C:\Windows\System\vQjkdBz.exe
  2⤵
  PID:6436
- C:\Windows\System\FVMEUIX.exe
  C:\Windows\System\FVMEUIX.exe
  2⤵
  PID:6520
- C:\Windows\System\anAJLbL.exe
  C:\Windows\System\anAJLbL.exe
  2⤵
  PID:3028
- C:\Windows\System\jacdIhj.exe
  C:\Windows\System\jacdIhj.exe
  2⤵
  PID:6580
- C:\Windows\System\NoViSjp.exe
  C:\Windows\System\NoViSjp.exe
  2⤵
  PID:6640
- C:\Windows\System\GBdEZha.exe
  C:\Windows\System\GBdEZha.exe
  2⤵
  PID:6632
- C:\Windows\System\NPzmyzi.exe
  C:\Windows\System\NPzmyzi.exe
  2⤵
  PID:2540
- C:\Windows\System\OgdqZoe.exe
  C:\Windows\System\OgdqZoe.exe
  2⤵
  PID:6688
- C:\Windows\System\urDLSkq.exe
  C:\Windows\System\urDLSkq.exe
  2⤵
  PID:2340
- C:\Windows\System\aKtrHrH.exe
  C:\Windows\System\aKtrHrH.exe
  2⤵
  PID:6732
- C:\Windows\System\uUPXanq.exe
  C:\Windows\System\uUPXanq.exe
  2⤵
  PID:6740
- C:\Windows\System\XsfGFpI.exe
  C:\Windows\System\XsfGFpI.exe
  2⤵
  PID:2040
- C:\Windows\System\qaRHeEu.exe
  C:\Windows\System\qaRHeEu.exe
  2⤵
  PID:6896
- C:\Windows\System\sRxikOH.exe
  C:\Windows\System\sRxikOH.exe
  2⤵
  PID:800
- C:\Windows\System\JGHySeH.exe
  C:\Windows\System\JGHySeH.exe
  2⤵
  PID:3236
- C:\Windows\System\Gljwqqx.exe
  C:\Windows\System\Gljwqqx.exe
  2⤵
  PID:6936
- C:\Windows\System\OdcKSNg.exe
  C:\Windows\System\OdcKSNg.exe
  2⤵
  PID:2936
- C:\Windows\System\njxeSHT.exe
  C:\Windows\System\njxeSHT.exe
  2⤵
  PID:7116
- C:\Windows\System\RSVkMDo.exe
  C:\Windows\System\RSVkMDo.exe
  2⤵
  PID:7064
- C:\Windows\System\yQNTxyr.exe
  C:\Windows\System\yQNTxyr.exe
  2⤵
  PID:7144
- C:\Windows\System\pzvOXrh.exe
  C:\Windows\System\pzvOXrh.exe
  2⤵
  PID:5768
- C:\Windows\System\IJnxZeu.exe
  C:\Windows\System\IJnxZeu.exe
  2⤵
  PID:5364
- C:\Windows\System\MHgrwgw.exe
  C:\Windows\System\MHgrwgw.exe
  2⤵
  PID:1932
- C:\Windows\System\OCyXIWS.exe
  C:\Windows\System\OCyXIWS.exe
  2⤵
  PID:1704
- C:\Windows\System\knwVZBS.exe
  C:\Windows\System\knwVZBS.exe
  2⤵
  PID:6304
- C:\Windows\System\KaQffSv.exe
  C:\Windows\System\KaQffSv.exe
  2⤵
  PID:6308
- C:\Windows\System\ILsZIZF.exe
  C:\Windows\System\ILsZIZF.exe
  2⤵
  PID:6432
- C:\Windows\System\bsSARwN.exe
  C:\Windows\System\bsSARwN.exe
  2⤵
  PID:2312
- C:\Windows\System\kKWEYZP.exe
  C:\Windows\System\kKWEYZP.exe
  2⤵
  PID:6776
- C:\Windows\System\ivEmNjd.exe
  C:\Windows\System\ivEmNjd.exe
  2⤵
  PID:7024
- C:\Windows\System\QYrFIkt.exe
  C:\Windows\System\QYrFIkt.exe
  2⤵
  PID:6960
- C:\Windows\System\YvmvCsM.exe
  C:\Windows\System\YvmvCsM.exe
  2⤵
  PID:2376
- C:\Windows\System\XaQNnHO.exe
  C:\Windows\System\XaQNnHO.exe
  2⤵
  PID:7044
- C:\Windows\System\lYfYBka.exe
  C:\Windows\System\lYfYBka.exe
  2⤵
  PID:2248
- C:\Windows\System\dJJsbUN.exe
  C:\Windows\System\dJJsbUN.exe
  2⤵
  PID:2324
- C:\Windows\System\QyeAmEr.exe
  C:\Windows\System\QyeAmEr.exe
  2⤵
  PID:6240
- C:\Windows\System\gmWQejD.exe
  C:\Windows\System\gmWQejD.exe
  2⤵
  PID:6420
- C:\Windows\System\rlIdZlC.exe
  C:\Windows\System\rlIdZlC.exe
  2⤵
  PID:1700
- C:\Windows\System\lOmWkMt.exe
  C:\Windows\System\lOmWkMt.exe
  2⤵
  PID:3048
- C:\Windows\System\hPokprZ.exe
  C:\Windows\System\hPokprZ.exe
  2⤵
  PID:6532
- C:\Windows\System\zihnvsL.exe
  C:\Windows\System\zihnvsL.exe
  2⤵
  PID:6712
- C:\Windows\System\tMdHEnI.exe
  C:\Windows\System\tMdHEnI.exe
  2⤵
  PID:6784
- C:\Windows\System\FDfWfAt.exe
  C:\Windows\System\FDfWfAt.exe
  2⤵
  PID:2560
- C:\Windows\System\wfdmzTX.exe
  C:\Windows\System\wfdmzTX.exe
  2⤵
  PID:7160
- C:\Windows\System\qMLpMWH.exe
  C:\Windows\System\qMLpMWH.exe
  2⤵
  PID:6944
- C:\Windows\System\Cifksag.exe
  C:\Windows\System\Cifksag.exe
  2⤵
  PID:6536
- C:\Windows\System\KrBkAkU.exe
  C:\Windows\System\KrBkAkU.exe
  2⤵
  PID:6396
- C:\Windows\System\SUrJUOo.exe
  C:\Windows\System\SUrJUOo.exe
  2⤵
  PID:6856
- C:\Windows\System\YpHmuih.exe
  C:\Windows\System\YpHmuih.exe
  2⤵
  PID:2856
- C:\Windows\System\GjFzzDV.exe
  C:\Windows\System\GjFzzDV.exe
  2⤵
  PID:6556
- C:\Windows\System\bPewIwW.exe
  C:\Windows\System\bPewIwW.exe
  2⤵
  PID:7040
- C:\Windows\System\otRqGWQ.exe
  C:\Windows\System\otRqGWQ.exe
  2⤵
  PID:6652
- C:\Windows\System\bppVJvJ.exe
  C:\Windows\System\bppVJvJ.exe
  2⤵
  PID:6288
- C:\Windows\System\AfWLWLM.exe
  C:\Windows\System\AfWLWLM.exe
  2⤵
  PID:1940
- C:\Windows\System\DxOqSQe.exe
  C:\Windows\System\DxOqSQe.exe
  2⤵
  PID:2676
- C:\Windows\System\wmrUpOq.exe
  C:\Windows\System\wmrUpOq.exe
  2⤵
  PID:7192
- C:\Windows\System\QOvMTtq.exe
  C:\Windows\System\QOvMTtq.exe
  2⤵
  PID:7208
- C:\Windows\System\TEfsbHX.exe
  C:\Windows\System\TEfsbHX.exe
  2⤵
  PID:7224
- C:\Windows\System\zVTxKSd.exe
  C:\Windows\System\zVTxKSd.exe
  2⤵
  PID:7240
- C:\Windows\System\rprTbUf.exe
  C:\Windows\System\rprTbUf.exe
  2⤵
  PID:7256
- C:\Windows\System\hCiJgeW.exe
  C:\Windows\System\hCiJgeW.exe
  2⤵
  PID:7272
- C:\Windows\System\EBpQyEZ.exe
  C:\Windows\System\EBpQyEZ.exe
  2⤵
  PID:7288
- C:\Windows\System\IdWDlGo.exe
  C:\Windows\System\IdWDlGo.exe
  2⤵
  PID:7320
- C:\Windows\System\sgHIMDm.exe
  C:\Windows\System\sgHIMDm.exe
  2⤵
  PID:7336
- C:\Windows\System\brNMyhY.exe
  C:\Windows\System\brNMyhY.exe
  2⤵
  PID:7352
- C:\Windows\System\AJUXcJt.exe
  C:\Windows\System\AJUXcJt.exe
  2⤵
  PID:7376
- C:\Windows\System\YlvYfsa.exe
  C:\Windows\System\YlvYfsa.exe
  2⤵
  PID:7392
- C:\Windows\System\Gpihpzw.exe
  C:\Windows\System\Gpihpzw.exe
  2⤵
  PID:7412
- C:\Windows\System\DkUhuwq.exe
  C:\Windows\System\DkUhuwq.exe
  2⤵
  PID:7428
- C:\Windows\System\JmIqkpA.exe
  C:\Windows\System\JmIqkpA.exe
  2⤵
  PID:7444
- C:\Windows\System\mTujCOI.exe
  C:\Windows\System\mTujCOI.exe
  2⤵
  PID:7460
- C:\Windows\System\anRWuHV.exe
  C:\Windows\System\anRWuHV.exe
  2⤵
  PID:7476
- C:\Windows\System\NKdyjlk.exe
  C:\Windows\System\NKdyjlk.exe
  2⤵
  PID:7492
- C:\Windows\System\ZfwbMdk.exe
  C:\Windows\System\ZfwbMdk.exe
  2⤵
  PID:7508
- C:\Windows\System\DTIribC.exe
  C:\Windows\System\DTIribC.exe
  2⤵
  PID:7524
- C:\Windows\System\TNULASX.exe
  C:\Windows\System\TNULASX.exe
  2⤵
  PID:7552
- C:\Windows\System\snvSTNK.exe
  C:\Windows\System\snvSTNK.exe
  2⤵
  PID:7568
- C:\Windows\System\mAaPEUp.exe
  C:\Windows\System\mAaPEUp.exe
  2⤵
  PID:7584
- C:\Windows\System\PfKdFuE.exe
  C:\Windows\System\PfKdFuE.exe
  2⤵
  PID:7600
- C:\Windows\System\TCYFqDO.exe
  C:\Windows\System\TCYFqDO.exe
  2⤵
  PID:7620
- C:\Windows\System\rIQazSu.exe
  C:\Windows\System\rIQazSu.exe
  2⤵
  PID:7636
- C:\Windows\System\uFlWIVr.exe
  C:\Windows\System\uFlWIVr.exe
  2⤵
  PID:7652
- C:\Windows\System\URnrWOV.exe
  C:\Windows\System\URnrWOV.exe
  2⤵
  PID:7668
- C:\Windows\System\SZkQKms.exe
  C:\Windows\System\SZkQKms.exe
  2⤵
  PID:7684
- C:\Windows\System\uoEMkpL.exe
  C:\Windows\System\uoEMkpL.exe
  2⤵
  PID:7712
- C:\Windows\System\vjzqgPH.exe
  C:\Windows\System\vjzqgPH.exe
  2⤵
  PID:7728
- C:\Windows\System\lbLwqMd.exe
  C:\Windows\System\lbLwqMd.exe
  2⤵
  PID:7788
- C:\Windows\System\TswCJhB.exe
  C:\Windows\System\TswCJhB.exe
  2⤵
  PID:7804
- C:\Windows\System\IABlyVU.exe
  C:\Windows\System\IABlyVU.exe
  2⤵
  PID:7820
- C:\Windows\System\Smocnjv.exe
  C:\Windows\System\Smocnjv.exe
  2⤵
  PID:7840
- C:\Windows\System\wfctVuy.exe
  C:\Windows\System\wfctVuy.exe
  2⤵
  PID:7856
- C:\Windows\System\DBjQHQS.exe
  C:\Windows\System\DBjQHQS.exe
  2⤵
  PID:7872
- C:\Windows\System\ioMToxZ.exe
  C:\Windows\System\ioMToxZ.exe
  2⤵
  PID:7924
- C:\Windows\System\SFSFRcn.exe
  C:\Windows\System\SFSFRcn.exe
  2⤵
  PID:7940
- C:\Windows\System\hokyPrc.exe
  C:\Windows\System\hokyPrc.exe
  2⤵
  PID:7956
- C:\Windows\System\HKIuVIH.exe
  C:\Windows\System\HKIuVIH.exe
  2⤵
  PID:7972
- C:\Windows\System\gDDvhLR.exe
  C:\Windows\System\gDDvhLR.exe
  2⤵
  PID:7988
- C:\Windows\System\pRkaEPS.exe
  C:\Windows\System\pRkaEPS.exe
  2⤵
  PID:8004
- C:\Windows\System\ZgSWmEX.exe
  C:\Windows\System\ZgSWmEX.exe
  2⤵
  PID:8020
- C:\Windows\System\XNQjEwO.exe
  C:\Windows\System\XNQjEwO.exe
  2⤵
  PID:8036
- C:\Windows\System\RmocyUJ.exe
  C:\Windows\System\RmocyUJ.exe
  2⤵
  PID:8052
- C:\Windows\System\KLXxFVN.exe
  C:\Windows\System\KLXxFVN.exe
  2⤵
  PID:8068
- C:\Windows\System\YFfQbSS.exe
  C:\Windows\System\YFfQbSS.exe
  2⤵
  PID:8084
- C:\Windows\System\qXhfsMH.exe
  C:\Windows\System\qXhfsMH.exe
  2⤵
  PID:8104
- C:\Windows\System\vbjSuYI.exe
  C:\Windows\System\vbjSuYI.exe
  2⤵
  PID:8120
- C:\Windows\System\TcoPBlh.exe
  C:\Windows\System\TcoPBlh.exe
  2⤵
  PID:8136
- C:\Windows\System\VCkMOQm.exe
  C:\Windows\System\VCkMOQm.exe
  2⤵
  PID:8156
- C:\Windows\System\PtgflOO.exe
  C:\Windows\System\PtgflOO.exe
  2⤵
  PID:8176
- C:\Windows\System\FqTycZy.exe
  C:\Windows\System\FqTycZy.exe
  2⤵
  PID:2132
- C:\Windows\System\iEZSTTO.exe
  C:\Windows\System\iEZSTTO.exe
  2⤵
  PID:2984
- C:\Windows\System\cvrxkRq.exe
  C:\Windows\System\cvrxkRq.exe
  2⤵
  PID:7200
- C:\Windows\System\XTwvQTZ.exe
  C:\Windows\System\XTwvQTZ.exe
  2⤵
  PID:7232
- C:\Windows\System\lsfoAsI.exe
  C:\Windows\System\lsfoAsI.exe
  2⤵
  PID:7308
- C:\Windows\System\idSyYTg.exe
  C:\Windows\System\idSyYTg.exe
  2⤵
  PID:7484
- C:\Windows\System\PPSGBaq.exe
  C:\Windows\System\PPSGBaq.exe
  2⤵
  PID:7516
- C:\Windows\System\YNUVsOu.exe
  C:\Windows\System\YNUVsOu.exe
  2⤵
  PID:7520
- C:\Windows\System\HNmRSFQ.exe
  C:\Windows\System\HNmRSFQ.exe
  2⤵
  PID:7596
- C:\Windows\System\QlXTSZz.exe
  C:\Windows\System\QlXTSZz.exe
  2⤵
  PID:7664
- C:\Windows\System\ywIwbXu.exe
  C:\Windows\System\ywIwbXu.exe
  2⤵
  PID:7708
- C:\Windows\System\DpdpkrI.exe
  C:\Windows\System\DpdpkrI.exe
  2⤵
  PID:7328
- C:\Windows\System\fxOILcc.exe
  C:\Windows\System\fxOILcc.exe
  2⤵
  PID:7368
- C:\Windows\System\CrLfHEv.exe
  C:\Windows\System\CrLfHEv.exe
  2⤵
  PID:7436
- C:\Windows\System\WsqznSQ.exe
  C:\Windows\System\WsqznSQ.exe
  2⤵
  PID:7532
- C:\Windows\System\mgWqYYo.exe
  C:\Windows\System\mgWqYYo.exe
  2⤵
  PID:7904
- C:\Windows\System\rZnLaDX.exe
  C:\Windows\System\rZnLaDX.exe
  2⤵
  PID:7948
- C:\Windows\System\GwCjmDo.exe
  C:\Windows\System\GwCjmDo.exe
  2⤵
  PID:7800
- C:\Windows\System\NZRvWvM.exe
  C:\Windows\System\NZRvWvM.exe
  2⤵
  PID:7768
- C:\Windows\System\dSxggXL.exe
  C:\Windows\System\dSxggXL.exe
  2⤵
  PID:8076
- C:\Windows\System\MEJcFWR.exe
  C:\Windows\System\MEJcFWR.exe
  2⤵
  PID:8096
- C:\Windows\System\ReDYgFc.exe
  C:\Windows\System\ReDYgFc.exe
  2⤵
  PID:7936
- C:\Windows\System\RVFGnKP.exe
  C:\Windows\System\RVFGnKP.exe
  2⤵
  PID:8116
- C:\Windows\System\qAUTMfY.exe
  C:\Windows\System\qAUTMfY.exe
  2⤵
  PID:8132
- C:\Windows\System\PLuiXlM.exe
  C:\Windows\System\PLuiXlM.exe
  2⤵
  PID:1788
- C:\Windows\System\PrIchyA.exe
  C:\Windows\System\PrIchyA.exe
  2⤵
  PID:7280
- C:\Windows\System\LHytEXN.exe
  C:\Windows\System\LHytEXN.exe
  2⤵
  PID:7564
- C:\Windows\System\kXnQzaC.exe
  C:\Windows\System\kXnQzaC.exe
  2⤵
  PID:7660
- C:\Windows\System\TFtZBUs.exe
  C:\Windows\System\TFtZBUs.exe
  2⤵
  PID:7364
- C:\Windows\System\RGLplzx.exe
  C:\Windows\System\RGLplzx.exe
  2⤵
  PID:7880
- C:\Windows\System\OpPeJvU.exe
  C:\Windows\System\OpPeJvU.exe
  2⤵
  PID:6192
- C:\Windows\System\jWpDSvp.exe
  C:\Windows\System\jWpDSvp.exe
  2⤵
  PID:7812
- C:\Windows\System\gRNCdmX.exe
  C:\Windows\System\gRNCdmX.exe
  2⤵
  PID:8048
- C:\Windows\System\AoPJCvb.exe
  C:\Windows\System\AoPJCvb.exe
  2⤵
  PID:7984
- C:\Windows\System\xjdhdQw.exe
  C:\Windows\System\xjdhdQw.exe
  2⤵
  PID:8092
- C:\Windows\System\zMtkqYT.exe
  C:\Windows\System\zMtkqYT.exe
  2⤵
  PID:7864
- C:\Windows\System\dSFbysC.exe
  C:\Windows\System\dSFbysC.exe
  2⤵
  PID:8032
- C:\Windows\System\zEHTqAY.exe
  C:\Windows\System\zEHTqAY.exe
  2⤵
  PID:8148
- C:\Windows\System\UecJheQ.exe
  C:\Windows\System\UecJheQ.exe
  2⤵
  PID:8172
- C:\Windows\System\DpEWErf.exe
  C:\Windows\System\DpEWErf.exe
  2⤵
  PID:7424
- C:\Windows\System\obldqPC.exe
  C:\Windows\System\obldqPC.exe
  2⤵
  PID:7316
- C:\Windows\System\vREsdhX.exe
  C:\Windows\System\vREsdhX.exe
  2⤵
  PID:6376
- C:\Windows\System\xfoFGGh.exe
  C:\Windows\System\xfoFGGh.exe
  2⤵
  PID:7388
- C:\Windows\System\CkIKSXa.exe
  C:\Windows\System\CkIKSXa.exe
  2⤵
  PID:7268
- C:\Windows\System\VtbxBad.exe
  C:\Windows\System\VtbxBad.exe
  2⤵
  PID:7592
- C:\Windows\System\XbgczIg.exe
  C:\Windows\System\XbgczIg.exe
  2⤵
  PID:7188
- C:\Windows\System\xFqDVvd.exe
  C:\Windows\System\xFqDVvd.exe
  2⤵
  PID:7472
- C:\Windows\System\HGRPmnr.exe
  C:\Windows\System\HGRPmnr.exe
  2⤵
  PID:7920
- C:\Windows\System\JMGFsII.exe
  C:\Windows\System\JMGFsII.exe
  2⤵
  PID:7612
- C:\Windows\System\mquoEFp.exe
  C:\Windows\System\mquoEFp.exe
  2⤵
  PID:7616
- C:\Windows\System\SLvIFgN.exe
  C:\Windows\System\SLvIFgN.exe
  2⤵
  PID:7888
- C:\Windows\System\rDdXcwU.exe
  C:\Windows\System\rDdXcwU.exe
  2⤵
  PID:7184
- C:\Windows\System\kZXhphI.exe
  C:\Windows\System\kZXhphI.exe
  2⤵
  PID:7816
- C:\Windows\System\QUMaSdT.exe
  C:\Windows\System\QUMaSdT.exe
  2⤵
  PID:7892
- C:\Windows\System\fUpnADq.exe
  C:\Windows\System\fUpnADq.exe
  2⤵
  PID:7952
- C:\Windows\System\XsHjcAP.exe
  C:\Windows\System\XsHjcAP.exe
  2⤵
  PID:8028
- C:\Windows\System\UjVHPZX.exe
  C:\Windows\System\UjVHPZX.exe
  2⤵
  PID:8188
- C:\Windows\System\BUsJYLb.exe
  C:\Windows\System\BUsJYLb.exe
  2⤵
  PID:8152
- C:\Windows\System\rHCzgSv.exe
  C:\Windows\System\rHCzgSv.exe
  2⤵
  PID:5872
- C:\Windows\System\MkxUXYG.exe
  C:\Windows\System\MkxUXYG.exe
  2⤵
  PID:7744
- C:\Windows\System\AsNNUBk.exe
  C:\Windows\System\AsNNUBk.exe
  2⤵
  PID:7360
- C:\Windows\System\TKOHLLw.exe
  C:\Windows\System\TKOHLLw.exe
  2⤵
  PID:1820
- C:\Windows\System\TGHImHY.exe
  C:\Windows\System\TGHImHY.exe
  2⤵
  PID:7752
- C:\Windows\System\NQcgBKj.exe
  C:\Windows\System\NQcgBKj.exe
  2⤵
  PID:7608
- C:\Windows\System\KVGaEMi.exe
  C:\Windows\System\KVGaEMi.exe
  2⤵
  PID:7848
- C:\Windows\System\KBZgZBv.exe
  C:\Windows\System\KBZgZBv.exe
  2⤵
  PID:7204
- C:\Windows\System\CrLgFbU.exe
  C:\Windows\System\CrLgFbU.exe
  2⤵
  PID:7776
- C:\Windows\System\NNQgskP.exe
  C:\Windows\System\NNQgskP.exe
  2⤵
  PID:8016
- C:\Windows\System\WXIDEPq.exe
  C:\Windows\System\WXIDEPq.exe
  2⤵
  PID:7852
- C:\Windows\System\wZmvkPP.exe
  C:\Windows\System\wZmvkPP.exe
  2⤵
  PID:7504
- C:\Windows\System\MhFwpPj.exe
  C:\Windows\System\MhFwpPj.exe
  2⤵
  PID:7264
- C:\Windows\System\FIxxXQb.exe
  C:\Windows\System\FIxxXQb.exe
  2⤵
  PID:8184
- C:\Windows\System\paCHcHb.exe
  C:\Windows\System\paCHcHb.exe
  2⤵
  PID:7740
- C:\Windows\System\wTwHQQF.exe
  C:\Windows\System\wTwHQQF.exe
  2⤵
  PID:8200
- C:\Windows\System\sdDdfkh.exe
  C:\Windows\System\sdDdfkh.exe
  2⤵
  PID:8216
- C:\Windows\System\vKvJLff.exe
  C:\Windows\System\vKvJLff.exe
  2⤵
  PID:8232
- C:\Windows\System\ycTJZYA.exe
  C:\Windows\System\ycTJZYA.exe
  2⤵
  PID:8248
- C:\Windows\System\uXCgbBZ.exe
  C:\Windows\System\uXCgbBZ.exe
  2⤵
  PID:8264
- C:\Windows\System\OVozAHb.exe
  C:\Windows\System\OVozAHb.exe
  2⤵
  PID:8280
- C:\Windows\System\genniNg.exe
  C:\Windows\System\genniNg.exe
  2⤵
  PID:8296
- C:\Windows\System\wxisQsl.exe
  C:\Windows\System\wxisQsl.exe
  2⤵
  PID:8312
- C:\Windows\System\QDsSfzZ.exe
  C:\Windows\System\QDsSfzZ.exe
  2⤵
  PID:8332
- C:\Windows\System\WMUHtsf.exe
  C:\Windows\System\WMUHtsf.exe
  2⤵
  PID:8348
- C:\Windows\System\YdaXLzk.exe
  C:\Windows\System\YdaXLzk.exe
  2⤵
  PID:8364
- C:\Windows\System\ACVGHZV.exe
  C:\Windows\System\ACVGHZV.exe
  2⤵
  PID:8380
- C:\Windows\System\dlJoNtU.exe
  C:\Windows\System\dlJoNtU.exe
  2⤵
  PID:8396
- C:\Windows\System\EGeGMvM.exe
  C:\Windows\System\EGeGMvM.exe
  2⤵
  PID:8412
- C:\Windows\System\dCQVFIv.exe
  C:\Windows\System\dCQVFIv.exe
  2⤵
  PID:8428
- C:\Windows\System\ySfCjRG.exe
  C:\Windows\System\ySfCjRG.exe
  2⤵
  PID:8444
- C:\Windows\System\OUcydIo.exe
  C:\Windows\System\OUcydIo.exe
  2⤵
  PID:8460
- C:\Windows\System\UXfIcGp.exe
  C:\Windows\System\UXfIcGp.exe
  2⤵
  PID:8476
- C:\Windows\System\ghxhkwD.exe
  C:\Windows\System\ghxhkwD.exe
  2⤵
  PID:8492
- C:\Windows\System\WjOFqAT.exe
  C:\Windows\System\WjOFqAT.exe
  2⤵
  PID:8508
- C:\Windows\System\UjsNeEo.exe
  C:\Windows\System\UjsNeEo.exe
  2⤵
  PID:8524
- C:\Windows\System\rYObZum.exe
  C:\Windows\System\rYObZum.exe
  2⤵
  PID:8540
- C:\Windows\System\EOMtRLW.exe
  C:\Windows\System\EOMtRLW.exe
  2⤵
  PID:8556
- C:\Windows\System\GhemLrl.exe
  C:\Windows\System\GhemLrl.exe
  2⤵
  PID:8572
- C:\Windows\System\CXFTGFX.exe
  C:\Windows\System\CXFTGFX.exe
  2⤵
  PID:8588
- C:\Windows\System\DHSKPve.exe
  C:\Windows\System\DHSKPve.exe
  2⤵
  PID:8604
- C:\Windows\System\tgkvKsO.exe
  C:\Windows\System\tgkvKsO.exe
  2⤵
  PID:8620
- C:\Windows\System\iliwaBe.exe
  C:\Windows\System\iliwaBe.exe
  2⤵
  PID:8636
- C:\Windows\System\WYZUFNm.exe
  C:\Windows\System\WYZUFNm.exe
  2⤵
  PID:8652
- C:\Windows\System\XlxKzpb.exe
  C:\Windows\System\XlxKzpb.exe
  2⤵
  PID:8672
- C:\Windows\System\zotYBOa.exe
  C:\Windows\System\zotYBOa.exe
  2⤵
  PID:8692
- C:\Windows\System\RnIpIJH.exe
  C:\Windows\System\RnIpIJH.exe
  2⤵
  PID:8708
- C:\Windows\System\LfzTMNj.exe
  C:\Windows\System\LfzTMNj.exe
  2⤵
  PID:8724
- C:\Windows\System\ibNjdRc.exe
  C:\Windows\System\ibNjdRc.exe
  2⤵
  PID:8740
- C:\Windows\System\kOLCodD.exe
  C:\Windows\System\kOLCodD.exe
  2⤵
  PID:8756
- C:\Windows\System\ZBuCuJh.exe
  C:\Windows\System\ZBuCuJh.exe
  2⤵
  PID:8772
- C:\Windows\System\bCWWUlW.exe
  C:\Windows\System\bCWWUlW.exe
  2⤵
  PID:8788
- C:\Windows\System\lVQhuLl.exe
  C:\Windows\System\lVQhuLl.exe
  2⤵
  PID:8804
- C:\Windows\System\QyUAoSj.exe
  C:\Windows\System\QyUAoSj.exe
  2⤵
  PID:8820
- C:\Windows\System\zxblHjZ.exe
  C:\Windows\System\zxblHjZ.exe
  2⤵
  PID:8836
- C:\Windows\System\GPWfIdm.exe
  C:\Windows\System\GPWfIdm.exe
  2⤵
  PID:8852
- C:\Windows\System\oWzTJTy.exe
  C:\Windows\System\oWzTJTy.exe
  2⤵
  PID:8868
- C:\Windows\System\NtmPQnG.exe
  C:\Windows\System\NtmPQnG.exe
  2⤵
  PID:8884
- C:\Windows\System\UCMZrlt.exe
  C:\Windows\System\UCMZrlt.exe
  2⤵
  PID:8900
- C:\Windows\System\gkwxJiS.exe
  C:\Windows\System\gkwxJiS.exe
  2⤵
  PID:8916
- C:\Windows\System\zyrGDOJ.exe
  C:\Windows\System\zyrGDOJ.exe
  2⤵
  PID:8932
- C:\Windows\System\KbbYLzj.exe
  C:\Windows\System\KbbYLzj.exe
  2⤵
  PID:9180
- C:\Windows\System\FtaoUBK.exe
  C:\Windows\System\FtaoUBK.exe
  2⤵
  PID:8240
- C:\Windows\System\EVlOdWc.exe
  C:\Windows\System\EVlOdWc.exe
  2⤵
  PID:8272
- C:\Windows\System\GgGiPLf.exe
  C:\Windows\System\GgGiPLf.exe
  2⤵
  PID:8304
- C:\Windows\System\JzYZOki.exe
  C:\Windows\System\JzYZOki.exe
  2⤵
  PID:8372
- C:\Windows\System\tUwGrUb.exe
  C:\Windows\System\tUwGrUb.exe
  2⤵
  PID:8404
- C:\Windows\System\ZhTJksn.exe
  C:\Windows\System\ZhTJksn.exe
  2⤵
  PID:8436
- C:\Windows\System\PMmjeaD.exe
  C:\Windows\System\PMmjeaD.exe
  2⤵
  PID:8468
- C:\Windows\System\HOVeAFk.exe
  C:\Windows\System\HOVeAFk.exe
  2⤵
  PID:8520
- C:\Windows\System\FdxdADm.exe
  C:\Windows\System\FdxdADm.exe
  2⤵
  PID:8504
- C:\Windows\System\jCqTEpP.exe
  C:\Windows\System\jCqTEpP.exe
  2⤵
  PID:8532
- C:\Windows\System\QXhHsTo.exe
  C:\Windows\System\QXhHsTo.exe
  2⤵
  PID:8600
- C:\Windows\System\CvfMdMO.exe
  C:\Windows\System\CvfMdMO.exe
  2⤵
  PID:8660
- C:\Windows\System\ERbSJBv.exe
  C:\Windows\System\ERbSJBv.exe
  2⤵
  PID:8664
- C:\Windows\System\sOpmhXQ.exe
  C:\Windows\System\sOpmhXQ.exe
  2⤵
  PID:8720
- C:\Windows\System\ctAgyMp.exe
  C:\Windows\System\ctAgyMp.exe
  2⤵
  PID:8752
- C:\Windows\System\GcSGZsH.exe
  C:\Windows\System\GcSGZsH.exe
  2⤵
  PID:8784
- C:\Windows\System\pJuQyIE.exe
  C:\Windows\System\pJuQyIE.exe
  2⤵
  PID:8844
- C:\Windows\System\ExbgJRe.exe
  C:\Windows\System\ExbgJRe.exe
  2⤵
  PID:8864
- C:\Windows\System\nvHIolg.exe
  C:\Windows\System\nvHIolg.exe
  2⤵
  PID:8928
- C:\Windows\System\BgMgDDX.exe
  C:\Windows\System\BgMgDDX.exe
  2⤵
  PID:8944
- C:\Windows\System\wiZiFBw.exe
  C:\Windows\System\wiZiFBw.exe
  2⤵
  PID:8880
- C:\Windows\System\ZhkbAJg.exe
  C:\Windows\System\ZhkbAJg.exe
  2⤵
  PID:8952
- C:\Windows\System\hPeNsjs.exe
  C:\Windows\System\hPeNsjs.exe
  2⤵
  PID:8972
- C:\Windows\System\iIkPHHc.exe
  C:\Windows\System\iIkPHHc.exe
  2⤵
  PID:8984
- C:\Windows\System\XrcbqUk.exe
  C:\Windows\System\XrcbqUk.exe
  2⤵
  PID:9000
- C:\Windows\System\eaHmHOy.exe
  C:\Windows\System\eaHmHOy.exe
  2⤵
  PID:9016
- C:\Windows\System\jacEOgy.exe
  C:\Windows\System\jacEOgy.exe
  2⤵
  PID:9032
- C:\Windows\System\KWuMnWf.exe
  C:\Windows\System\KWuMnWf.exe
  2⤵
  PID:9048
- C:\Windows\System\JbbzOes.exe
  C:\Windows\System\JbbzOes.exe
  2⤵
  PID:9064
- C:\Windows\System\WGSyCYd.exe
  C:\Windows\System\WGSyCYd.exe
  2⤵
  PID:9080
- C:\Windows\System\KZmgIIO.exe
  C:\Windows\System\KZmgIIO.exe
  2⤵
  PID:9108
- C:\Windows\System\tFZoVvB.exe
  C:\Windows\System\tFZoVvB.exe
  2⤵
  PID:9116
- C:\Windows\System\GIzNgdK.exe
  C:\Windows\System\GIzNgdK.exe
  2⤵
  PID:9132
- C:\Windows\System\dhzeLtz.exe
  C:\Windows\System\dhzeLtz.exe
  2⤵
  PID:9140
- C:\Windows\System\tSiIOKh.exe
  C:\Windows\System\tSiIOKh.exe
  2⤵
  PID:9160
- C:\Windows\System\adRAyxl.exe
  C:\Windows\System\adRAyxl.exe
  2⤵
  PID:9176
- C:\Windows\System\BSIeJOu.exe
  C:\Windows\System\BSIeJOu.exe
  2⤵
  PID:9204
- C:\Windows\System\VltdQiU.exe
  C:\Windows\System\VltdQiU.exe
  2⤵
  PID:7912
- C:\Windows\System\KdAwVpu.exe
  C:\Windows\System\KdAwVpu.exe
  2⤵
  PID:8228
- C:\Windows\System\QyoDWse.exe
  C:\Windows\System\QyoDWse.exe
  2⤵
  PID:8288
- C:\Windows\System\jiCwVPB.exe
  C:\Windows\System\jiCwVPB.exe
  2⤵
  PID:8356
- C:\Windows\System\gehWNHe.exe
  C:\Windows\System\gehWNHe.exe
  2⤵
  PID:7580
- C:\Windows\System\WvUPcQh.exe
  C:\Windows\System\WvUPcQh.exe
  2⤵
  PID:8408
- C:\Windows\System\ZavkLsm.exe
  C:\Windows\System\ZavkLsm.exe
  2⤵
  PID:8616
- C:\Windows\System\rSZmJHh.exe
  C:\Windows\System\rSZmJHh.exe
  2⤵
  PID:8392
- C:\Windows\System\LuuKUDJ.exe
  C:\Windows\System\LuuKUDJ.exe
  2⤵
  PID:8704
- C:\Windows\System\EdlZyLc.exe
  C:\Windows\System\EdlZyLc.exe
  2⤵
  PID:8552
- C:\Windows\System\InTjQaY.exe
  C:\Windows\System\InTjQaY.exe
  2⤵
  PID:8732
- C:\Windows\System\oJnzpmc.exe
  C:\Windows\System\oJnzpmc.exe
  2⤵
  PID:8628
- C:\Windows\System\nZinGvp.exe
  C:\Windows\System\nZinGvp.exe
  2⤵
  PID:8736
- C:\Windows\System\PGAeBae.exe
  C:\Windows\System\PGAeBae.exe
  2⤵
  PID:8948
- C:\Windows\System\rVukJDy.exe
  C:\Windows\System\rVukJDy.exe
  2⤵
  PID:8768
- C:\Windows\System\yBWwKhV.exe
  C:\Windows\System\yBWwKhV.exe
  2⤵
  PID:8964
- C:\Windows\System\cjjfQll.exe
  C:\Windows\System\cjjfQll.exe
  2⤵
  PID:8992
- C:\Windows\System\fyJwjrq.exe
  C:\Windows\System\fyJwjrq.exe
  2⤵
  PID:9024
- C:\Windows\System\kaINwMa.exe
  C:\Windows\System\kaINwMa.exe
  2⤵
  PID:9104
- C:\Windows\System\XIqEcRn.exe
  C:\Windows\System\XIqEcRn.exe
  2⤵
  PID:9144
- C:\Windows\System\KgEbHKj.exe
  C:\Windows\System\KgEbHKj.exe
  2⤵
  PID:9172
- C:\Windows\System\dZgLTTe.exe
  C:\Windows\System\dZgLTTe.exe
  2⤵
  PID:9124
- C:\Windows\System\ytJOTeF.exe
  C:\Windows\System\ytJOTeF.exe
  2⤵
  PID:9196
- C:\Windows\System\VnudPiC.exe
  C:\Windows\System\VnudPiC.exe
  2⤵
  PID:8260
- C:\Windows\System\vlqWoAy.exe
  C:\Windows\System\vlqWoAy.exe
  2⤵
  PID:7544
- C:\Windows\System\JWxcBMC.exe
  C:\Windows\System\JWxcBMC.exe
  2⤵
  PID:8328
- C:\Windows\System\CFhlLjv.exe
  C:\Windows\System\CFhlLjv.exe
  2⤵
  PID:8456
- C:\Windows\System\wexEoZT.exe
  C:\Windows\System\wexEoZT.exe
  2⤵
  PID:8668
- C:\Windows\System\LNgsXns.exe
  C:\Windows\System\LNgsXns.exe
  2⤵
  PID:8860
- C:\Windows\System\lNHqgTS.exe
  C:\Windows\System\lNHqgTS.exe
  2⤵
  PID:8548
- C:\Windows\System\UrunSrf.exe
  C:\Windows\System\UrunSrf.exe
  2⤵
  PID:8956
- C:\Windows\System\eIlipFh.exe
  C:\Windows\System\eIlipFh.exe
  2⤵
  PID:9012
- C:\Windows\System\RWPxClI.exe
  C:\Windows\System\RWPxClI.exe
  2⤵
  PID:9112
- C:\Windows\System\xvTFuZP.exe
  C:\Windows\System\xvTFuZP.exe
  2⤵
  PID:9092
- C:\Windows\System\usYoQtY.exe
  C:\Windows\System\usYoQtY.exe
  2⤵
  PID:9168
- C:\Windows\System\jobDIxk.exe
  C:\Windows\System\jobDIxk.exe
  2⤵
  PID:8244
- C:\Windows\System\fiQGxjy.exe
  C:\Windows\System\fiQGxjy.exe
  2⤵
  PID:8324
- C:\Windows\System\jPzCaZU.exe
  C:\Windows\System\jPzCaZU.exe
  2⤵
  PID:8700
- C:\Windows\System\hMluZXe.exe
  C:\Windows\System\hMluZXe.exe
  2⤵
  PID:9072
- C:\Windows\System\taSDpvn.exe
  C:\Windows\System\taSDpvn.exe
  2⤵
  PID:9096
- C:\Windows\System\SJncyaC.exe
  C:\Windows\System\SJncyaC.exe
  2⤵
  PID:7540
- C:\Windows\System\GiJqHQI.exe
  C:\Windows\System\GiJqHQI.exe
  2⤵
  PID:7452
- C:\Windows\System\nbdjBdr.exe
  C:\Windows\System\nbdjBdr.exe
  2⤵
  PID:8440
- C:\Windows\System\eiATrhe.exe
  C:\Windows\System\eiATrhe.exe
  2⤵
  PID:8564
- C:\Windows\System\gSrCrzm.exe
  C:\Windows\System\gSrCrzm.exe
  2⤵
  PID:9228
- C:\Windows\System\vwkHANu.exe
  C:\Windows\System\vwkHANu.exe
  2⤵
  PID:9244
- C:\Windows\System\iEMpuic.exe
  C:\Windows\System\iEMpuic.exe
  2⤵
  PID:9260
- C:\Windows\System\DAfsgAP.exe
  C:\Windows\System\DAfsgAP.exe
  2⤵
  PID:9280
- C:\Windows\System\dABiIVQ.exe
  C:\Windows\System\dABiIVQ.exe
  2⤵
  PID:9300
- C:\Windows\System\mUKGVWF.exe
  C:\Windows\System\mUKGVWF.exe
  2⤵
  PID:9316
- C:\Windows\System\ZCnhOMO.exe
  C:\Windows\System\ZCnhOMO.exe
  2⤵
  PID:9332
- C:\Windows\System\wruqUog.exe
  C:\Windows\System\wruqUog.exe
  2⤵
  PID:9348
- C:\Windows\System\NBIXVGh.exe
  C:\Windows\System\NBIXVGh.exe
  2⤵
  PID:9364
- C:\Windows\System\VBeGNJj.exe
  C:\Windows\System\VBeGNJj.exe
  2⤵
  PID:9380
- C:\Windows\System\BlFIuIS.exe
  C:\Windows\System\BlFIuIS.exe
  2⤵
  PID:9396
- C:\Windows\System\dTKWTsK.exe
  C:\Windows\System\dTKWTsK.exe
  2⤵
  PID:9412
- C:\Windows\System\ulWDvcv.exe
  C:\Windows\System\ulWDvcv.exe
  2⤵
  PID:9428
- C:\Windows\System\VSJZlQK.exe
  C:\Windows\System\VSJZlQK.exe
  2⤵
  PID:9444
- C:\Windows\System\NiPDOIG.exe
  C:\Windows\System\NiPDOIG.exe
  2⤵
  PID:9460
- C:\Windows\System\QnmapZv.exe
  C:\Windows\System\QnmapZv.exe
  2⤵
  PID:9476
- C:\Windows\System\lZKdXmh.exe
  C:\Windows\System\lZKdXmh.exe
  2⤵
  PID:9492
- C:\Windows\System\GdxkSAv.exe
  C:\Windows\System\GdxkSAv.exe
  2⤵
  PID:9512
- C:\Windows\System\yuJSTfp.exe
  C:\Windows\System\yuJSTfp.exe
  2⤵
  PID:9528
- C:\Windows\System\IrbrmVI.exe
  C:\Windows\System\IrbrmVI.exe
  2⤵
  PID:9548
- C:\Windows\System\RtRzZad.exe
  C:\Windows\System\RtRzZad.exe
  2⤵
  PID:9564
- C:\Windows\System\QPqHNzL.exe
  C:\Windows\System\QPqHNzL.exe
  2⤵
  PID:9584
- C:\Windows\System\hCRtuXR.exe
  C:\Windows\System\hCRtuXR.exe
  2⤵
  PID:9600
- C:\Windows\System\hlmlTvF.exe
  C:\Windows\System\hlmlTvF.exe
  2⤵
  PID:9616
- C:\Windows\System\vUlylQl.exe
  C:\Windows\System\vUlylQl.exe
  2⤵
  PID:9632
- C:\Windows\System\UeapneK.exe
  C:\Windows\System\UeapneK.exe
  2⤵
  PID:9648
- C:\Windows\System\zZtbwDH.exe
  C:\Windows\System\zZtbwDH.exe
  2⤵
  PID:9664
- C:\Windows\System\tIRUmKj.exe
  C:\Windows\System\tIRUmKj.exe
  2⤵
  PID:9688
- C:\Windows\System\aWKoTge.exe
  C:\Windows\System\aWKoTge.exe
  2⤵
  PID:9704
- C:\Windows\System\GXoTQOS.exe
  C:\Windows\System\GXoTQOS.exe
  2⤵
  PID:9720
- C:\Windows\System\BuXmJZV.exe
  C:\Windows\System\BuXmJZV.exe
  2⤵
  PID:9748
- C:\Windows\System\RFBQrmG.exe
  C:\Windows\System\RFBQrmG.exe
  2⤵
  PID:9764
- C:\Windows\System\LGrrJCX.exe
  C:\Windows\System\LGrrJCX.exe
  2⤵
  PID:9780
- C:\Windows\System\BFwhQwn.exe
  C:\Windows\System\BFwhQwn.exe
  2⤵
  PID:9796
- C:\Windows\System\lxTBKUK.exe
  C:\Windows\System\lxTBKUK.exe
  2⤵
  PID:9812
- C:\Windows\System\zZIerLP.exe
  C:\Windows\System\zZIerLP.exe
  2⤵
  PID:9828
- C:\Windows\System\Ylgfpoq.exe
  C:\Windows\System\Ylgfpoq.exe
  2⤵
  PID:9844
- C:\Windows\System\yZNLEyY.exe
  C:\Windows\System\yZNLEyY.exe
  2⤵
  PID:9860
- C:\Windows\System\VRVrazs.exe
  C:\Windows\System\VRVrazs.exe
  2⤵
  PID:9876
- C:\Windows\System\xABlAHp.exe
  C:\Windows\System\xABlAHp.exe
  2⤵
  PID:9892
- C:\Windows\System\nUDUgJe.exe
  C:\Windows\System\nUDUgJe.exe
  2⤵
  PID:9908
- C:\Windows\System\qbybwpp.exe
  C:\Windows\System\qbybwpp.exe
  2⤵
  PID:9924
- C:\Windows\System\QDMrPoK.exe
  C:\Windows\System\QDMrPoK.exe
  2⤵
  PID:9940
- C:\Windows\System\qbBKiVh.exe
  C:\Windows\System\qbBKiVh.exe
  2⤵
  PID:9956
- C:\Windows\System\QckHKAu.exe
  C:\Windows\System\QckHKAu.exe
  2⤵
  PID:9976
- C:\Windows\System\RDBlUmk.exe
  C:\Windows\System\RDBlUmk.exe
  2⤵
  PID:9992
- C:\Windows\System\uygGiQO.exe
  C:\Windows\System\uygGiQO.exe
  2⤵
  PID:10008
- C:\Windows\System\uAwKJdU.exe
  C:\Windows\System\uAwKJdU.exe
  2⤵
  PID:10024
- C:\Windows\System\qNsCEag.exe
  C:\Windows\System\qNsCEag.exe
  2⤵
  PID:10044
- C:\Windows\System\kyVCrPk.exe
  C:\Windows\System\kyVCrPk.exe
  2⤵
  PID:10064
- C:\Windows\System\hprFBrl.exe
  C:\Windows\System\hprFBrl.exe
  2⤵
  PID:10080
- C:\Windows\System\XcGIlvO.exe
  C:\Windows\System\XcGIlvO.exe
  2⤵
  PID:10096
- C:\Windows\System\YJHtDGR.exe
  C:\Windows\System\YJHtDGR.exe
  2⤵
  PID:10112
- C:\Windows\System\eFwdCwx.exe
  C:\Windows\System\eFwdCwx.exe
  2⤵
  PID:10128
- C:\Windows\System\JJffnaG.exe
  C:\Windows\System\JJffnaG.exe
  2⤵
  PID:10144
- C:\Windows\System\uQPvkvf.exe
  C:\Windows\System\uQPvkvf.exe
  2⤵
  PID:10160
- C:\Windows\System\vOjexyw.exe
  C:\Windows\System\vOjexyw.exe
  2⤵
  PID:10176
- C:\Windows\System\ZKSbOgi.exe
  C:\Windows\System\ZKSbOgi.exe
  2⤵
  PID:10192
- C:\Windows\System\HCHXenY.exe
  C:\Windows\System\HCHXenY.exe
  2⤵
  PID:10208
- C:\Windows\System\zcDjHoj.exe
  C:\Windows\System\zcDjHoj.exe
  2⤵
  PID:10224
- C:\Windows\System\ruxxLoF.exe
  C:\Windows\System\ruxxLoF.exe
  2⤵
  PID:6500
- C:\Windows\System\uEljTQR.exe
  C:\Windows\System\uEljTQR.exe
  2⤵
  PID:9220
- C:\Windows\System\sxxFYMZ.exe
  C:\Windows\System\sxxFYMZ.exe
  2⤵
  PID:9044
- C:\Windows\System\aJFNFix.exe
  C:\Windows\System\aJFNFix.exe
  2⤵
  PID:9236
- C:\Windows\System\kjMILvZ.exe
  C:\Windows\System\kjMILvZ.exe
  2⤵
  PID:9268
- C:\Windows\System\KBqmeiH.exe
  C:\Windows\System\KBqmeiH.exe
  2⤵
  PID:9356
- C:\Windows\System\JtHNdpb.exe
  C:\Windows\System\JtHNdpb.exe
  2⤵
  PID:9328
- C:\Windows\System\mxDXglJ.exe
  C:\Windows\System\mxDXglJ.exe
  2⤵
  PID:9376
- C:\Windows\System\oWNXFoh.exe
  C:\Windows\System\oWNXFoh.exe
  2⤵
  PID:9408
- C:\Windows\System\FdCuCGk.exe
  C:\Windows\System\FdCuCGk.exe
  2⤵
  PID:9452
- C:\Windows\System\YfbrYyE.exe
  C:\Windows\System\YfbrYyE.exe
  2⤵
  PID:9488
- C:\Windows\System\fwimiUK.exe
  C:\Windows\System\fwimiUK.exe
  2⤵
  PID:9520
- C:\Windows\System\HbVclPY.exe
  C:\Windows\System\HbVclPY.exe
  2⤵
  PID:9504
- C:\Windows\System\iPlFrjQ.exe
  C:\Windows\System\iPlFrjQ.exe
  2⤵
  PID:9544
- C:\Windows\System\PhDnCmL.exe
  C:\Windows\System\PhDnCmL.exe
  2⤵
  PID:9628
- C:\Windows\System\KDhNTjH.exe
  C:\Windows\System\KDhNTjH.exe
  2⤵
  PID:9580
- C:\Windows\System\gJpSbuL.exe
  C:\Windows\System\gJpSbuL.exe
  2⤵
  PID:9696
- C:\Windows\System\qQDlSMq.exe
  C:\Windows\System\qQDlSMq.exe
  2⤵
  PID:9644
- C:\Windows\System\BIaLGvi.exe
  C:\Windows\System\BIaLGvi.exe
  2⤵
  PID:9712
- C:\Windows\System\ZgQmehy.exe
  C:\Windows\System\ZgQmehy.exe
  2⤵
  PID:2388
- C:\Windows\System\oJeGpyC.exe
  C:\Windows\System\oJeGpyC.exe
  2⤵
  PID:316
- C:\Windows\System\bsWFUIV.exe
  C:\Windows\System\bsWFUIV.exe
  2⤵
  PID:944
- C:\Windows\System\oZYDdAC.exe
  C:\Windows\System\oZYDdAC.exe
  2⤵
  PID:2592
- C:\Windows\System\PJfNZnZ.exe
  C:\Windows\System\PJfNZnZ.exe
  2⤵
  PID:9788
- C:\Windows\System\aysrLXQ.exe
  C:\Windows\System\aysrLXQ.exe
  2⤵
  PID:9804
- C:\Windows\System\TzCMRyF.exe
  C:\Windows\System\TzCMRyF.exe
  2⤵
  PID:9840
- C:\Windows\System\itzVAbg.exe
  C:\Windows\System\itzVAbg.exe
  2⤵
  PID:9884
- C:\Windows\System\SeQcmLj.exe
  C:\Windows\System\SeQcmLj.exe
  2⤵
  PID:9948
- C:\Windows\System\dOLSEam.exe
  C:\Windows\System\dOLSEam.exe
  2⤵
  PID:10016
- C:\Windows\System\TpSQXue.exe
  C:\Windows\System\TpSQXue.exe
  2⤵
  PID:9900
- C:\Windows\System\zyaKMux.exe
  C:\Windows\System\zyaKMux.exe
  2⤵
  PID:10000
- C:\Windows\System\XZSktnk.exe
  C:\Windows\System\XZSktnk.exe
  2⤵
  PID:9936
- C:\Windows\System\wkhsuoc.exe
  C:\Windows\System\wkhsuoc.exe
  2⤵
  PID:10052
- C:\Windows\System\nmiIPbt.exe
  C:\Windows\System\nmiIPbt.exe
  2⤵
  PID:10092
- C:\Windows\System\GUTaocF.exe
  C:\Windows\System\GUTaocF.exe
  2⤵
  PID:10108
- C:\Windows\System\MOigRXS.exe
  C:\Windows\System\MOigRXS.exe
  2⤵
  PID:9964
- C:\Windows\System\HCwjazk.exe
  C:\Windows\System\HCwjazk.exe
  2⤵
  PID:10200
- C:\Windows\System\KIwhFMI.exe
  C:\Windows\System\KIwhFMI.exe
  2⤵
  PID:10184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BKORteM.exe

Filesize
6.0MB

MD5
1cf555fd6fde3724c4eb46afdb31b526

SHA1
c15ee5ae3ca413117054cf9cc9417bfa22cb6c18

SHA256
5c3d81a7630078f54326edebd090e62787d6a47a227131e584f01ebd4b7496df

SHA512
99fc12c5a17ae304eb654d71f828cd2cdd9d7cdebb7284ac4abbd0f88edbdce7cb2be875df23d40c6bf4ab34164bfddb2d6894e392e41c16348d0640daa803de

Download Submit
C:\Windows\system\ESEhMmP.exe

Filesize
6.0MB

MD5
4c55e859a6dc55618b8621c8e2af9d4f

SHA1
2bce1cd771d8884f390cd010fb3845c430968895

SHA256
971dd7c11b8f907fd8c2602c88ad9c3d5b617b041e87ceda2dd397ad19bf9136

SHA512
6ebd062ed330c6e34da16a6459e49a6e77d4e5f7f73b93da57f2b520a70979361d4002b3cc163b9d6b65f80092417813cdd3677d08b0f7ac03ffe14267d6d123

Download Submit
C:\Windows\system\GLADjUl.exe

Filesize
6.0MB

MD5
48ddd19256b8b81203164598e17be19f

SHA1
4fe80d250b20573bf6eb5137d6654808414b0c84

SHA256
98248253362edada15205388cf6ab02d5692f3bca5240c29a776b1e4d9fc3c52

SHA512
f13ff44e0a8f7d251ff2d982e4c70aed0cd011d58a1d493edc477c96635c081dd27cad68b118d871903bec6927b90d9d0afba1cc590465e2429d0676b7e92d82

Download Submit
C:\Windows\system\GcwYSeQ.exe

Filesize
6.0MB

MD5
2e3d72c5f8820f212cda98a817fd232b

SHA1
2110bd6aef67c7a26a8f38a120effb6e9b72d147

SHA256
7e30bc47f0bb6c1b88e8ba4d77d36394d8645182446a6a58e0672b6acad03a6a

SHA512
0262f61d9be33eea864014b59c5d64aac3f07e4df2e98988bb4dbabf7b9f705948de7ecd8362a98309ecd7344410b810009e648228bbc9edb650ae8c67831390

Download Submit
C:\Windows\system\GvzZsgt.exe

Filesize
6.0MB

MD5
d26b6bd784a91fbb178130990c8bef19

SHA1
7dbe345bcf00b722a6f397f0e7a868c6afdf1afa

SHA256
9ca0b5bdff7aa22c74d80ab98d987e58bba913d3d9bc3ce3bb252eab7ab7e792

SHA512
92108a1c1c163bfb2cbb49b2241eac005e8ee312665e6de0906957da2208e022ee9fa6f93b213d5d23950e80bb1cc15df583591bee47ff153496616207f9a80d

Download Submit
C:\Windows\system\HbxDVUI.exe

Filesize
6.0MB

MD5
4375f295baf32a74b94f5d815cd31e63

SHA1
f37eb3f9673cc59abfa7585d5ad308f1d4a085ef

SHA256
e642d95d46dfba7fd392e0c70d17d144d8f695d0874154c07817f22cfa4c0ef9

SHA512
28d5f270f50991d98bb4a9d620cad8588e0374ae2b8a03dcab85bdeb14293335256ccdcdb6d935db91bcd7a063e298d73b5ade7d51709ad92f45e80f8fbb1d8e

Download Submit
C:\Windows\system\HmfkVqW.exe

Filesize
6.0MB

MD5
2b4d8859c93a999abd7955a5b1ee6a9a

SHA1
d62673d75a8ba13a51853d3f80fe130eb7984df9

SHA256
b89c32aafd0d76735ec79b1f1faa96736c95f15de5689ebb2cad136280dfe57b

SHA512
e85972e83a604dadef2d47ec3191dd0972289b176bb4c5b932b0134dee3a11c6fe1d85560140d36062e228ef599a4624d4c724991672a143fafcc7ec672fcc10

Download Submit
C:\Windows\system\MCyFTky.exe

Filesize
6.0MB

MD5
85290ae6afb6e4605313da91196b9459

SHA1
875cf1e1d10908b54211fd15f1096f8ab946e458

SHA256
c2fe59c1c798c82fcf486fd7cf0817e4cc4a3526725dd767aecd1f41f3be6a08

SHA512
c079e7c310ed3cebfbcf493ecb8bcd55caffbd9755cf68e5e52644231c11e042bb48572143fc10b04927e10517d23553900ec9b75a0f976a3ea1ef21405e9fc7

Download Submit
C:\Windows\system\MQLVSwg.exe

Filesize
6.0MB

MD5
de06299b1d68dd3224ac213b38888245

SHA1
ee2bd26dc4b4b1c51bd917abce1774440758a3ea

SHA256
06bc39b04cc1b233e4dc85f78ffafd52810cd1e1c1e768bb12bb075508c9f958

SHA512
ae4745840389808af481d46e61fc26a99bd4a0cd15b967750910c048ffe6746820f2be4869cdc9198c8a91523819e70a804ce246c33fd7171af42e9884e21099

Download Submit
C:\Windows\system\MyewxXt.exe

Filesize
6.0MB

MD5
b00a2abddee3ae76b379178637e78918

SHA1
8e9010c729e2f1c37e7178fc560d4e24b6b48a31

SHA256
d64ac88aadf4fd9ed53e0960fa4351c24b17b04726383695aa55e298d8df2807

SHA512
431fa1338310f903a09b0bde197266b84a52c34e95f5f7b8faa22785ac88738c4785d977f716439fbac42a459c0323dbcbb26b917a61790f38f331aa6ddd7b27

Download Submit
C:\Windows\system\PJZZqDG.exe

Filesize
6.0MB

MD5
530a653e2ca86229b8e34aae5be9f0a9

SHA1
c699b9f1cd23919f2383a1e7a5a03cd15ca7a6af

SHA256
08e2d9626116780527bcf3050a0c29a213bc1379638c640a67dd73d9e7c4799f

SHA512
1469dc328ddf21eee2ba51e2d60b057d327fb5ee26f288fb01930e99300e28e84b99ed384e320083455bcacb3e963a398b534d09a2036dacd5bae4189e2aa078

Download Submit
C:\Windows\system\RnEbMJS.exe

Filesize
6.0MB

MD5
a115a95802f213d9b3613d044d58a78b

SHA1
86358d2109efd52e8f133ddcc0939d561215f176

SHA256
29a16c46e6a97688a5645b5786763e08f56475ba8a941fe17202e983343cdcd6

SHA512
32f8ba649822b9685548086360cbca042413392edd3e4e29b7df9a5d05f54f33954e52a0f00599ad11ace16456ed6f6af40636089a99bc821c7acf75604d1738

Download Submit
C:\Windows\system\RqgTYyf.exe

Filesize
6.0MB

MD5
75762612f6c59fb878570edfc154b95b

SHA1
8d3d86621b6330c7d14cc48e99da205428b1cc53

SHA256
122f999c8484e159e34adfcba226d88d941e22f3e4fbf1aa3aff40e001346a6b

SHA512
37a016a019cfdab959403bab1fc5a1bdebc2e21032b57a6fcf77385b0004c81726a6e94ddba48f32512ab37812896903a3a2792c0baaf8fe32a61824151805d2

Download Submit
C:\Windows\system\SdQcQsW.exe

Filesize
6.0MB

MD5
f7b56123db388ee92d2647b45a17d583

SHA1
a5e4ad7f61f4d9cd7d5e41b0ebc352a28cdda364

SHA256
1b76e549f6a8b757e9b87e1474c45b5e128083667ed999e2807911ca3903bf09

SHA512
91b851cff0229c52bea937d0dec7ac08bfd84024f45ac7fb30eee6c4085675cf046b0cf7f018813b9c77015fc2f2e435d16b65e02af12d3b25ad77f942ed2380

Download Submit
C:\Windows\system\TJDcyoL.exe

Filesize
6.0MB

MD5
6f08a7dbb865f278bd0e5789b7103822

SHA1
80b91385dbbacd2d0d3b0d6eb70d1c1a291a9724

SHA256
124f6a87506e0f8a518a9309257d8ae54cc219db174d46aaf798df1504cf749d

SHA512
e07913a322d88d25d020a52f4f7988bb21ca14f9e67f1aa687edb0b29eb50ba9a4f1736c253e0821daa9dcec7234715f45143c1e44eca57b4bd374b048fb6749

Download Submit
C:\Windows\system\VvNtiat.exe

Filesize
6.0MB

MD5
40dcc446b435a572273a2c94f447c94f

SHA1
573af0777f7fd74a86b947679c7c8427e817f098

SHA256
d362768903535173d0d85855ce3f642c11a8899d9fc1be19d9b965664101f9b9

SHA512
5dd1fc4207105b4ecca1ec01ac06ac165e882c385e5d0605560656f49f5cf1133292f9e5432b6413c1c6312bcc55e4aeb67807cbd2a6aa5b4cce98fd20ea80e2

Download Submit
C:\Windows\system\WSauSvO.exe

Filesize
6.0MB

MD5
bcde917df00331435401cbd8b8d117af

SHA1
d38639a9b5cce385ed032bf8212b268663246639

SHA256
200ef9a61ee987e4ad716b015c5689e708a7ac9f1e455b02c27cb39b1d840371

SHA512
f2bca4a133ffca7f14dc776254dd8b94b5b7ef5abbb05da41e7e4788609a870ee7eed55045656ee8ca25849ec420b630a5f011acf44256d3569514306127a5fc

Download Submit
C:\Windows\system\XGEpqEV.exe

Filesize
6.0MB

MD5
d381a6d9a39b8f708bbb507a029d465c

SHA1
db1eab075cf0330cbe6a6ea473113c27222fa902

SHA256
1e052fae0d70a4526b491d1da0182676b655c9c6c9663cd073d879d9b3757436

SHA512
cadc195655afb01133ab9b75cf4a6aa142ca2024b8e9aed5db02d2c30ef25277330c53a591dfbe20114c5d51bef43fa69b235e58cc220457f10ae3145b41e1c8

Download Submit
C:\Windows\system\ZtRZtOG.exe

Filesize
6.0MB

MD5
0a2002a33b96ca6e992ffa9ae60f20e1

SHA1
e92f3bcc9ac00c056f3c31b7d76d1b8a9d6528cf

SHA256
fe2e3528ec1d02425cabe87b46eb5d50f92653d272f90853c87748a6f233cd76

SHA512
2982842c9bd14057e10dc036b16892829e84b74005078361e6ada7f76d5e050e12bb3c8a7487b72f570dbd0fb6a7a797550bcec2b2c241d2f876d80d7cac1972

Download Submit
C:\Windows\system\anzjIsB.exe

Filesize
6.0MB

MD5
42f5458938904f8be28258dba6a3d88b

SHA1
e228595ab88b491cceec46a88726dbf678de0df1

SHA256
8b06bebad11c953c6c5d14aeb41b35338042bad155c8b8200016d46a88112abb

SHA512
2c45f81c1849dd1bca95d8d3c6c8bc302b286fbd22612d21f384f5aba4fbf0e667856e53d78ae4fd27757c5ae63cc957cc4802f99f68a74cb2cb42d5069e4ede

Download Submit
C:\Windows\system\avaYWDZ.exe

Filesize
6.0MB

MD5
67390be8cc503e0a54a1cc00dd7e127c

SHA1
1074aa4a97f0ab196a194f68e8ebb594bd89216d

SHA256
0b3dc1915453376ebe41b842eabea79156c7b043487fc463425d810075bee02f

SHA512
2dbf0befa379dbb0693506ddb5d57e79abcd9c329636d114897d6de69d3dd2dc1af12bf8d990bc979613a5683f80eae3d98f5ca693f1a6c2e61a9ae3c63743eb

Download Submit
C:\Windows\system\bLYATXP.exe

Filesize
6.0MB

MD5
ba113280cbcf57cfd5abf7b3456ec522

SHA1
5761fc44e3ca13b30aad80c6dd52cc8e134c5622

SHA256
2bed6b68c82d83e9c8e16811463aff0804de29456fe7b3dcf38b45ca447ff2d0

SHA512
ad89128ddbb6b77b7bfdfa8757871a91f12ea550d6023139ff5f87defb476bc1e2c461e0498731eea5e46b3a3da5de0d58a65012aa49816dd207df11ed4254fc

Download Submit
C:\Windows\system\hKBQGmr.exe

Filesize
6.0MB

MD5
56bcc9199f3d8663635bcf07764aec34

SHA1
563285970600023b73103ea31115f9746b9238fc

SHA256
3a1440b0743bb36365427239bb468fe05bfb5561431ae804500c29f24a3dcfbf

SHA512
1b20106af76b2a1c75c1de735db3d2855d85923a7e9d111735d510f27338774d1d13380ba9b13d48e9b65fb4fe5bf5ec0329b6c21bc2f60fd4a81590327036bb

Download Submit
C:\Windows\system\hogxNrz.exe

Filesize
6.0MB

MD5
e158a811fa7831346559b7dc6bf6bd28

SHA1
ca08ff4213cb2ea893dd46180a6d43e927470d5c

SHA256
49df597c4cf4095e065edee69d7dde97493e5eb475846e00e9ddd50764c1783d

SHA512
00ffd8abd07d2bc2b8ec61f3c15f69451421a6f97b264090c90f34f5dc20abe6b0e671aa7f9958fcf2c85508b54c45f8f349bda6cbab00ddc2ec76d9938a966e

Download Submit
C:\Windows\system\mFIhoFH.exe

Filesize
6.0MB

MD5
c55c08242528b83e3edfe8e8fc9f4688

SHA1
7f9dcd5317fd0225a31bda2f51a143c532ed4fd1

SHA256
4aef37a0772e1397865b98edb66e4dc7e08abb5a27f2ab7d6c7cccbc50c730e0

SHA512
f415c62091807f7e233c6cefe998070537d3d0712fa40d78099bdea4e3f45d5aef3cc7a0bae3294d6d82f13f8499e0220e6551ab12eca3265fd81b0a43788f49

Download Submit
C:\Windows\system\shbQBxY.exe

Filesize
6.0MB

MD5
6a9e30d5dc5c2c715d70a7878b0509ba

SHA1
0724af191c25e7b0f54efc4d77d22499becf5a40

SHA256
edf513c354c76182563b0f3d8c7b73c60c53e2697fc8e502c667cf95c2e3df7f

SHA512
2e7f056c46c28cbce4ecbd05d9248ba98e48f2a242732567a4a9a960017e107516fa256bd405723653b20be060d3cfdfbf5cea77d42d36340ee2e31d02f0c523

Download Submit
C:\Windows\system\yZKHYNs.exe

Filesize
6.0MB

MD5
499e31e576dd56cb1e0ef9574df66ca7

SHA1
a24abfccb9d6109fc1c5ed2d1530eed6871c2080

SHA256
387d6fabe4bde7318eaa4b2410197721c0eff8625eaeb2ed2f68bc54075fa3a6

SHA512
5a8ef8ccf6c3cb0591ee406bbfc1ec8b4c546dd24b0ff0cd1b954280820254879d8c3c125764f6a3205d8cd6666e5dee5896fa66c42d2f468ccbc8b122613889

Download Submit
C:\Windows\system\ynoDSPG.exe

Filesize
6.0MB

MD5
6a28288506407dd79ae19fc2ff8bad5a

SHA1
b58afee1767dfd49569808627659bf615b9eb90a

SHA256
96008ce7006474f27d90486a1d5f49b02f4c8c3ec6e8407cf5a06e093e30dac7

SHA512
21dba57e9b1367440429059b590aeee5ba1614c8af5572fff03bbf114622652b521bdde006a97fd2abd1255dbdba213b626037f8dfee06c538e00329c531a6db

Download Submit
\Windows\system\PyufhwI.exe

Filesize
6.0MB

MD5
b124312d8a032366d4fed48c398cb51c

SHA1
b7d608f20806f40e1ba846686566e4ab3df052e3

SHA256
5e9dbb87d05d5ff5c762eca636e2601bd29eb792a65de91380a335d98d0b191d

SHA512
7a9f10ca3402d5490016936bbd0aaf47d5cc264dc2103a836186853347d4618ca3b5bf669b6597484c55cc4e38960cb0054b25132551314ff5713c933f69c8a3

Download Submit
\Windows\system\YaluiTx.exe

Filesize
6.0MB

MD5
813225100f8597dad04fffffd54ce94f

SHA1
492c00e1a7e9d8d801cacff33c8f00da152f2b64

SHA256
5a0e83ccdcafe966f078a2c0cd5d829d3a342c74380d5c81726948da8c3a7c3b

SHA512
4fdc4699b89d8bb7e7e751b05aa8f1844d2cfe9d629f6643b0d39cef3b2833f834037c3b5f0e49135bfb6131d7044936faf95439ac473173da7e9c1861579ad6

Download Submit
\Windows\system\aOZZwsi.exe

Filesize
6.0MB

MD5
bfb2dc83f5a7b099230e3e8e8429567c

SHA1
c3a94374e88bb3fafd6d9861994f421a48d25dbb

SHA256
a34068cd150bf07cc331e4a9817bbf7d4bddf08583a38cd2856ebad58532ad0e

SHA512
ea804a47b62dc61095968582743e1852d3d2dde3f173b533d870a1611d7daa40083ae967a3a5c101dea76172e7f6dd56ddd688383e0a902040f0fb1168b6360d

Download Submit
\Windows\system\mlYOqNd.exe

Filesize
6.0MB

MD5
099d01db40b1eb102bf7dc09fab1e22f

SHA1
4e1521ef8398d382ecce4a9de7f14379dc47331f

SHA256
7fe261ff52497a2c813d0208d46d04526171beec67620527c27391a7baf93109

SHA512
6934444284f950baeb749a4ff100cdb468d9d0b532a29500057c03d7c2f4364ead1db1b8823868c677d5a5671ada918cc58edb2eed79c8f019107f37acd4dd67

Download Submit
memory/832-2164-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/832-28-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/884-2163-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/884-104-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1684-20-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-2243-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-32-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1976-72-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1976-2172-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2064-87-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2064-96-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2064-0-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2064-17-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-66-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-432-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2064-59-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2064-31-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-57-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2064-76-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2064-75-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2064-12-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2064-103-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2064-109-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-41-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2064-30-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2064-110-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2064-50-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2064-167-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2064-342-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2064-240-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2064-33-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2136-35-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-2159-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-81-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-2075-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-67-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-2087-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2296-97-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2724-2162-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2724-90-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2776-51-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2186-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2836-24-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2165-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2920-86-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2158-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2920-42-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2161-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2968-83-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2980-2160-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2980-58-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2988-168-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2086-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2988-77-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download