cobaltstrike | fa9418852e1cd68e53c3f46606ba606b21f866bf69255f834dbc3827a8dfd81a

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26/01/2025, 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fd1be6cd1fa653989506b99ab5503799
SHA1

f642ad3ed141700b766b96319f318dbc55f85eb3
SHA256

fa9418852e1cd68e53c3f46606ba606b21f866bf69255f834dbc3827a8dfd81a
SHA512

2f95c7e776b0b1fb48aa918887d14efed6ec7c97917a404304e3ae4e66e46aba33b0dbdc7f39bb643eb3c6f713dcf61e9c89e6f5fed310a225acfa74721a350f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUT:T+q56utgpPF8u/7T

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120d6-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018be7-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018d7b-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018fdf-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019203-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019056-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019237-37.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001924f-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019261-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964f-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019645-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a85-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c79-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b18-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b16-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197e4-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019650-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019647-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a8-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019535-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019543-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-121.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001870c-105.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 53 IoCs

miner

resource	yara_rule
behavioral1/memory/3028-0-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x00090000000120d6-3.dat	xmrig
behavioral1/memory/3028-6-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x0008000000018be7-9.dat	xmrig
behavioral1/files/0x0008000000018d7b-11.dat	xmrig
behavioral1/files/0x0007000000018fdf-21.dat	xmrig
behavioral1/files/0x0006000000019203-32.dat	xmrig
behavioral1/files/0x0007000000019056-39.dat	xmrig
behavioral1/files/0x0006000000019237-37.dat	xmrig
behavioral1/memory/2144-31-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/3052-17-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2328-27-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x000800000001924f-52.dat	xmrig
behavioral1/files/0x0007000000019261-56.dat	xmrig
behavioral1/files/0x00050000000194e1-67.dat	xmrig
behavioral1/files/0x000500000001964f-113.dat	xmrig
behavioral1/files/0x0005000000019645-106.dat	xmrig
behavioral1/memory/3028-70-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x00050000000194c3-137.dat	xmrig
behavioral1/files/0x0005000000019a85-168.dat	xmrig
behavioral1/memory/2740-1212-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2144-427-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/3052-334-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/1528-232-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c79-183.dat	xmrig
behavioral1/files/0x0005000000019b18-178.dat	xmrig
behavioral1/files/0x0005000000019b16-173.dat	xmrig
behavioral1/files/0x00050000000197e4-163.dat	xmrig
behavioral1/files/0x0005000000019650-159.dat	xmrig
behavioral1/files/0x0005000000019647-157.dat	xmrig
behavioral1/files/0x00050000000195a8-155.dat	xmrig
behavioral1/files/0x0005000000019535-153.dat	xmrig
behavioral1/files/0x000500000001952b-151.dat	xmrig
behavioral1/files/0x0005000000019518-148.dat	xmrig
behavioral1/files/0x0005000000019508-147.dat	xmrig
behavioral1/files/0x0005000000019543-126.dat	xmrig
behavioral1/files/0x000500000001952e-125.dat	xmrig
behavioral1/files/0x0005000000019520-124.dat	xmrig
behavioral1/files/0x0005000000019510-123.dat	xmrig
behavioral1/files/0x0005000000019502-122.dat	xmrig
behavioral1/files/0x00050000000194d5-121.dat	xmrig
behavioral1/files/0x000800000001870c-105.dat	xmrig
behavioral1/memory/2836-61-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2740-87-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2132-46-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2844-45-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/1528-3839-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/3052-3845-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2328-3848-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2144-3854-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2844-3889-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2132-3902-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2740-4019-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1528	JUUUBQt.exe
3052	ahvxkRL.exe
2328	vkTnbAj.exe
2144	TOkaJsS.exe
2844	lmlAHFm.exe
2132	xupSWTF.exe
2836	CvInEFJ.exe
2740	msIdxWG.exe
2876	PeJPqbe.exe
2716	YwAuqYG.exe
2676	bxhWfOZ.exe
2436	dbTVnbw.exe
476	ykBRIcG.exe
2792	aOSKPof.exe
816	fAdSvOT.exe
2820	xYAgEac.exe
2704	yNHKwhA.exe
2096	YjWbHvf.exe
2608	jGvaMny.exe
1444	lRNDXTV.exe
2272	WDMaImt.exe
1040	qhDOjpz.exe
596	SsIkCJd.exe
1512	ZlasfLs.exe
1508	ZfTuUyd.exe
2080	cpQPQJH.exe
2920	uLWmIct.exe
1560	tTXGPwR.exe
1032	SJBNmFl.exe
2100	avUjPYq.exe
1140	ArVQbdt.exe
2584	aCuelWc.exe
964	CRMiAeb.exe
1744	hYtacHj.exe
2564	fjsvMuH.exe
1756	limvtNH.exe
1520	LQMFkjZ.exe
1356	ABImvPC.exe
2228	IiRJGHa.exe
2288	TNveibf.exe
908	nlqTkcN.exe
280	xTHtfIP.exe
2472	AOcTBKq.exe
3016	rCmsuzr.exe
2292	sXoyZhC.exe
2392	MrvaJqd.exe
2284	hvkmCKF.exe
1820	MUxBTzz.exe
1156	aaecOAr.exe
2240	ENtGdvj.exe
2248	uzjdnNU.exe
288	sXsvONG.exe
1708	LVSqRxV.exe
2416	TdJnLVa.exe
1556	FBUjWnp.exe
1696	WeSTFpa.exe
2528	LbvfhAe.exe
2696	fiFpvlY.exe
2896	ZpsGUwB.exe
2380	jJNxdmi.exe
2152	BjmKGUb.exe
2788	UDOKWKZ.exe
2124	yMjAaZr.exe
2712	DIIRUuy.exe

Loads dropped DLL 64 IoCs

pid	Process
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 53 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x00090000000120d6-3.dat	upx
behavioral1/memory/3028-6-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0008000000018be7-9.dat	upx
behavioral1/files/0x0008000000018d7b-11.dat	upx
behavioral1/files/0x0007000000018fdf-21.dat	upx
behavioral1/files/0x0006000000019203-32.dat	upx
behavioral1/files/0x0007000000019056-39.dat	upx
behavioral1/files/0x0006000000019237-37.dat	upx
behavioral1/memory/2144-31-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/3052-17-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2328-27-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x000800000001924f-52.dat	upx
behavioral1/files/0x0007000000019261-56.dat	upx
behavioral1/files/0x00050000000194e1-67.dat	upx
behavioral1/files/0x000500000001964f-113.dat	upx
behavioral1/files/0x0005000000019645-106.dat	upx
behavioral1/memory/3028-70-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x00050000000194c3-137.dat	upx
behavioral1/files/0x0005000000019a85-168.dat	upx
behavioral1/memory/2740-1212-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2144-427-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/3052-334-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/1528-232-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0005000000019c79-183.dat	upx
behavioral1/files/0x0005000000019b18-178.dat	upx
behavioral1/files/0x0005000000019b16-173.dat	upx
behavioral1/files/0x00050000000197e4-163.dat	upx
behavioral1/files/0x0005000000019650-159.dat	upx
behavioral1/files/0x0005000000019647-157.dat	upx
behavioral1/files/0x00050000000195a8-155.dat	upx
behavioral1/files/0x0005000000019535-153.dat	upx
behavioral1/files/0x000500000001952b-151.dat	upx
behavioral1/files/0x0005000000019518-148.dat	upx
behavioral1/files/0x0005000000019508-147.dat	upx
behavioral1/files/0x0005000000019543-126.dat	upx
behavioral1/files/0x000500000001952e-125.dat	upx
behavioral1/files/0x0005000000019520-124.dat	upx
behavioral1/files/0x0005000000019510-123.dat	upx
behavioral1/files/0x0005000000019502-122.dat	upx
behavioral1/files/0x00050000000194d5-121.dat	upx
behavioral1/files/0x000800000001870c-105.dat	upx
behavioral1/memory/2836-61-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2740-87-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2132-46-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2844-45-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/1528-3839-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/3052-3845-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2328-3848-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2144-3854-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2844-3889-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2132-3902-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2740-4019-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ohjsHgS.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSUzybI.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUZLbIM.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YlAesTT.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhHIohb.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IymiMPG.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLgojlf.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NaokwYm.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlqKBSD.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQMFkjZ.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JoSWzYP.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ytrjwna.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlqjkEM.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lCNLESj.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLoZkTd.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKNzDMv.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXlMvWo.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSDRwBY.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmUutbt.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yDMWjHw.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwsSTqO.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsnAiEY.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsvUvJA.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHofwcc.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVQtvRU.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eSrlAZj.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOUxOgJ.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRTJbgi.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RpjVjFg.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdRzPJP.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ythtyZS.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HORjFNu.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOuRqUq.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdQhmkf.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VECFspy.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjIdJIF.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyJgRRZ.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIIRUuy.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlWvkha.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjmKGUb.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaEbPWD.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhlMmWJ.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovyXGOD.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iNGEhwZ.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\limvtNH.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqBsxir.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEBojny.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lcbaefa.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hltLIUb.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ohcetmb.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XydjUBb.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbUxEDU.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIajWGz.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYaSOlr.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFiDFlN.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mewFVUa.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Acyvdud.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\arynAcd.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CogjAqf.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIgnsjS.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhooKzC.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NExyPqD.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HiGsnHN.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGzjysb.exe	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1528	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 1528	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 1528	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3028 wrote to memory of 3052	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 3052	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 3052	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3028 wrote to memory of 2144	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2144	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2144	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3028 wrote to memory of 2328	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2328	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2328	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3028 wrote to memory of 2132	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2132	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2132	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3028 wrote to memory of 2844	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2844	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2844	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3028 wrote to memory of 2836	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2836	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2836	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3028 wrote to memory of 2876	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2876	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2876	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3028 wrote to memory of 2740	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 2740	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 2740	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3028 wrote to memory of 2716	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 2716	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 2716	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3028 wrote to memory of 2608	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 2608	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 2608	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3028 wrote to memory of 2676	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 2676	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 2676	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3028 wrote to memory of 1444	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 1444	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 1444	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3028 wrote to memory of 2436	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 2436	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 2436	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3028 wrote to memory of 2272	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 2272	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 2272	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3028 wrote to memory of 476	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 476	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 476	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3028 wrote to memory of 1040	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 1040	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 1040	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3028 wrote to memory of 2792	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 2792	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 2792	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3028 wrote to memory of 596	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 596	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 596	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3028 wrote to memory of 816	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3028 wrote to memory of 816	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3028 wrote to memory of 816	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3028 wrote to memory of 1512	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3028 wrote to memory of 1512	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3028 wrote to memory of 1512	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3028 wrote to memory of 2820	3028	2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-26_fd1be6cd1fa653989506b99ab5503799_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\System\JUUUBQt.exe
  C:\Windows\System\JUUUBQt.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\ahvxkRL.exe
  C:\Windows\System\ahvxkRL.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\TOkaJsS.exe
  C:\Windows\System\TOkaJsS.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\vkTnbAj.exe
  C:\Windows\System\vkTnbAj.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\xupSWTF.exe
  C:\Windows\System\xupSWTF.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\lmlAHFm.exe
  C:\Windows\System\lmlAHFm.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\CvInEFJ.exe
  C:\Windows\System\CvInEFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\PeJPqbe.exe
  C:\Windows\System\PeJPqbe.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\msIdxWG.exe
  C:\Windows\System\msIdxWG.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\YwAuqYG.exe
  C:\Windows\System\YwAuqYG.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\jGvaMny.exe
  C:\Windows\System\jGvaMny.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\bxhWfOZ.exe
  C:\Windows\System\bxhWfOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\lRNDXTV.exe
  C:\Windows\System\lRNDXTV.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\dbTVnbw.exe
  C:\Windows\System\dbTVnbw.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\WDMaImt.exe
  C:\Windows\System\WDMaImt.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\ykBRIcG.exe
  C:\Windows\System\ykBRIcG.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\qhDOjpz.exe
  C:\Windows\System\qhDOjpz.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\aOSKPof.exe
  C:\Windows\System\aOSKPof.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\SsIkCJd.exe
  C:\Windows\System\SsIkCJd.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\fAdSvOT.exe
  C:\Windows\System\fAdSvOT.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\ZlasfLs.exe
  C:\Windows\System\ZlasfLs.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\xYAgEac.exe
  C:\Windows\System\xYAgEac.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ZfTuUyd.exe
  C:\Windows\System\ZfTuUyd.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\yNHKwhA.exe
  C:\Windows\System\yNHKwhA.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\cpQPQJH.exe
  C:\Windows\System\cpQPQJH.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\YjWbHvf.exe
  C:\Windows\System\YjWbHvf.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\uLWmIct.exe
  C:\Windows\System\uLWmIct.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\tTXGPwR.exe
  C:\Windows\System\tTXGPwR.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\SJBNmFl.exe
  C:\Windows\System\SJBNmFl.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\avUjPYq.exe
  C:\Windows\System\avUjPYq.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\ArVQbdt.exe
  C:\Windows\System\ArVQbdt.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\aCuelWc.exe
  C:\Windows\System\aCuelWc.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\CRMiAeb.exe
  C:\Windows\System\CRMiAeb.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\hYtacHj.exe
  C:\Windows\System\hYtacHj.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\fjsvMuH.exe
  C:\Windows\System\fjsvMuH.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\limvtNH.exe
  C:\Windows\System\limvtNH.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\LQMFkjZ.exe
  C:\Windows\System\LQMFkjZ.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\ABImvPC.exe
  C:\Windows\System\ABImvPC.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\IiRJGHa.exe
  C:\Windows\System\IiRJGHa.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\TNveibf.exe
  C:\Windows\System\TNveibf.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\nlqTkcN.exe
  C:\Windows\System\nlqTkcN.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\xTHtfIP.exe
  C:\Windows\System\xTHtfIP.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\AOcTBKq.exe
  C:\Windows\System\AOcTBKq.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\rCmsuzr.exe
  C:\Windows\System\rCmsuzr.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\sXoyZhC.exe
  C:\Windows\System\sXoyZhC.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\MrvaJqd.exe
  C:\Windows\System\MrvaJqd.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\hvkmCKF.exe
  C:\Windows\System\hvkmCKF.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\MUxBTzz.exe
  C:\Windows\System\MUxBTzz.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\aaecOAr.exe
  C:\Windows\System\aaecOAr.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\ENtGdvj.exe
  C:\Windows\System\ENtGdvj.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\uzjdnNU.exe
  C:\Windows\System\uzjdnNU.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\sXsvONG.exe
  C:\Windows\System\sXsvONG.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\LVSqRxV.exe
  C:\Windows\System\LVSqRxV.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\TdJnLVa.exe
  C:\Windows\System\TdJnLVa.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\FBUjWnp.exe
  C:\Windows\System\FBUjWnp.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\WeSTFpa.exe
  C:\Windows\System\WeSTFpa.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\LbvfhAe.exe
  C:\Windows\System\LbvfhAe.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\fiFpvlY.exe
  C:\Windows\System\fiFpvlY.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\ZpsGUwB.exe
  C:\Windows\System\ZpsGUwB.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\jJNxdmi.exe
  C:\Windows\System\jJNxdmi.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\BjmKGUb.exe
  C:\Windows\System\BjmKGUb.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\UDOKWKZ.exe
  C:\Windows\System\UDOKWKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\yMjAaZr.exe
  C:\Windows\System\yMjAaZr.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\DIIRUuy.exe
  C:\Windows\System\DIIRUuy.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\dgntkfZ.exe
  C:\Windows\System\dgntkfZ.exe
  2⤵
  PID:2988
- C:\Windows\System\LJodcRR.exe
  C:\Windows\System\LJodcRR.exe
  2⤵
  PID:2648
- C:\Windows\System\zigPLjz.exe
  C:\Windows\System\zigPLjz.exe
  2⤵
  PID:2628
- C:\Windows\System\RhHIohb.exe
  C:\Windows\System\RhHIohb.exe
  2⤵
  PID:3060
- C:\Windows\System\FjvEAlP.exe
  C:\Windows\System\FjvEAlP.exe
  2⤵
  PID:536
- C:\Windows\System\xPNKHTv.exe
  C:\Windows\System\xPNKHTv.exe
  2⤵
  PID:1244
- C:\Windows\System\eaEbPWD.exe
  C:\Windows\System\eaEbPWD.exe
  2⤵
  PID:2268
- C:\Windows\System\NhXlbXp.exe
  C:\Windows\System\NhXlbXp.exe
  2⤵
  PID:332
- C:\Windows\System\QpTQwlJ.exe
  C:\Windows\System\QpTQwlJ.exe
  2⤵
  PID:2012
- C:\Windows\System\rUoubYN.exe
  C:\Windows\System\rUoubYN.exe
  2⤵
  PID:2924
- C:\Windows\System\IsBgZYp.exe
  C:\Windows\System\IsBgZYp.exe
  2⤵
  PID:2492
- C:\Windows\System\tzcqVlA.exe
  C:\Windows\System\tzcqVlA.exe
  2⤵
  PID:1928
- C:\Windows\System\DXHGWHv.exe
  C:\Windows\System\DXHGWHv.exe
  2⤵
  PID:2356
- C:\Windows\System\dnhxgwD.exe
  C:\Windows\System\dnhxgwD.exe
  2⤵
  PID:1668
- C:\Windows\System\RMIundV.exe
  C:\Windows\System\RMIundV.exe
  2⤵
  PID:2104
- C:\Windows\System\YzTTChN.exe
  C:\Windows\System\YzTTChN.exe
  2⤵
  PID:3008
- C:\Windows\System\CwdpMTK.exe
  C:\Windows\System\CwdpMTK.exe
  2⤵
  PID:1876
- C:\Windows\System\EBgRcrR.exe
  C:\Windows\System\EBgRcrR.exe
  2⤵
  PID:3068
- C:\Windows\System\teUKWNp.exe
  C:\Windows\System\teUKWNp.exe
  2⤵
  PID:1996
- C:\Windows\System\iajbzlT.exe
  C:\Windows\System\iajbzlT.exe
  2⤵
  PID:1992
- C:\Windows\System\KYIIPsB.exe
  C:\Windows\System\KYIIPsB.exe
  2⤵
  PID:2192
- C:\Windows\System\dJLxlon.exe
  C:\Windows\System\dJLxlon.exe
  2⤵
  PID:2316
- C:\Windows\System\gyTqODn.exe
  C:\Windows\System\gyTqODn.exe
  2⤵
  PID:1536
- C:\Windows\System\esDfVFz.exe
  C:\Windows\System\esDfVFz.exe
  2⤵
  PID:2220
- C:\Windows\System\OWLmJkW.exe
  C:\Windows\System\OWLmJkW.exe
  2⤵
  PID:2460
- C:\Windows\System\SbYnksU.exe
  C:\Windows\System\SbYnksU.exe
  2⤵
  PID:1700
- C:\Windows\System\OtYMdZN.exe
  C:\Windows\System\OtYMdZN.exe
  2⤵
  PID:584
- C:\Windows\System\IymiMPG.exe
  C:\Windows\System\IymiMPG.exe
  2⤵
  PID:1068
- C:\Windows\System\dCWrCkv.exe
  C:\Windows\System\dCWrCkv.exe
  2⤵
  PID:2352
- C:\Windows\System\DMqCvOI.exe
  C:\Windows\System\DMqCvOI.exe
  2⤵
  PID:2580
- C:\Windows\System\CHlCxvD.exe
  C:\Windows\System\CHlCxvD.exe
  2⤵
  PID:2372
- C:\Windows\System\VopdqZq.exe
  C:\Windows\System\VopdqZq.exe
  2⤵
  PID:2028
- C:\Windows\System\zhoShmx.exe
  C:\Windows\System\zhoShmx.exe
  2⤵
  PID:2832
- C:\Windows\System\qoPtTtn.exe
  C:\Windows\System\qoPtTtn.exe
  2⤵
  PID:848
- C:\Windows\System\wAuwYSb.exe
  C:\Windows\System\wAuwYSb.exe
  2⤵
  PID:2488
- C:\Windows\System\eeOumTs.exe
  C:\Windows\System\eeOumTs.exe
  2⤵
  PID:1504
- C:\Windows\System\LApNRlv.exe
  C:\Windows\System\LApNRlv.exe
  2⤵
  PID:316
- C:\Windows\System\ACIrMCJ.exe
  C:\Windows\System\ACIrMCJ.exe
  2⤵
  PID:2604
- C:\Windows\System\RaXewqF.exe
  C:\Windows\System\RaXewqF.exe
  2⤵
  PID:580
- C:\Windows\System\mdzABlR.exe
  C:\Windows\System\mdzABlR.exe
  2⤵
  PID:272
- C:\Windows\System\XcPrdGo.exe
  C:\Windows\System\XcPrdGo.exe
  2⤵
  PID:2004
- C:\Windows\System\biCmvAg.exe
  C:\Windows\System\biCmvAg.exe
  2⤵
  PID:1336
- C:\Windows\System\kXaviXF.exe
  C:\Windows\System\kXaviXF.exe
  2⤵
  PID:1732
- C:\Windows\System\zirhUhd.exe
  C:\Windows\System\zirhUhd.exe
  2⤵
  PID:2700
- C:\Windows\System\nqMsjTb.exe
  C:\Windows\System\nqMsjTb.exe
  2⤵
  PID:1532
- C:\Windows\System\SqDKBan.exe
  C:\Windows\System\SqDKBan.exe
  2⤵
  PID:1564
- C:\Windows\System\okNxzlj.exe
  C:\Windows\System\okNxzlj.exe
  2⤵
  PID:2800
- C:\Windows\System\idjspLX.exe
  C:\Windows\System\idjspLX.exe
  2⤵
  PID:1768
- C:\Windows\System\JSUWJev.exe
  C:\Windows\System\JSUWJev.exe
  2⤵
  PID:2184
- C:\Windows\System\fpBzYEg.exe
  C:\Windows\System\fpBzYEg.exe
  2⤵
  PID:2308
- C:\Windows\System\qplaNfm.exe
  C:\Windows\System\qplaNfm.exe
  2⤵
  PID:1240
- C:\Windows\System\DlSvyxj.exe
  C:\Windows\System\DlSvyxj.exe
  2⤵
  PID:2340
- C:\Windows\System\jLQctGC.exe
  C:\Windows\System\jLQctGC.exe
  2⤵
  PID:2864
- C:\Windows\System\CZpCOrb.exe
  C:\Windows\System\CZpCOrb.exe
  2⤵
  PID:2840
- C:\Windows\System\zOSnDCy.exe
  C:\Windows\System\zOSnDCy.exe
  2⤵
  PID:2188
- C:\Windows\System\fFggUjw.exe
  C:\Windows\System\fFggUjw.exe
  2⤵
  PID:1808
- C:\Windows\System\XhMBBCA.exe
  C:\Windows\System\XhMBBCA.exe
  2⤵
  PID:1496
- C:\Windows\System\MaqREZy.exe
  C:\Windows\System\MaqREZy.exe
  2⤵
  PID:1608
- C:\Windows\System\QGBhSSl.exe
  C:\Windows\System\QGBhSSl.exe
  2⤵
  PID:352
- C:\Windows\System\LmXRMwv.exe
  C:\Windows\System\LmXRMwv.exe
  2⤵
  PID:1020
- C:\Windows\System\dpojnBw.exe
  C:\Windows\System\dpojnBw.exe
  2⤵
  PID:1940
- C:\Windows\System\yBXVFjD.exe
  C:\Windows\System\yBXVFjD.exe
  2⤵
  PID:1096
- C:\Windows\System\ZoINEoS.exe
  C:\Windows\System\ZoINEoS.exe
  2⤵
  PID:2016
- C:\Windows\System\toKKJOo.exe
  C:\Windows\System\toKKJOo.exe
  2⤵
  PID:3084
- C:\Windows\System\ykLkXDd.exe
  C:\Windows\System\ykLkXDd.exe
  2⤵
  PID:3104
- C:\Windows\System\CqjHtng.exe
  C:\Windows\System\CqjHtng.exe
  2⤵
  PID:3124
- C:\Windows\System\lIEakhC.exe
  C:\Windows\System\lIEakhC.exe
  2⤵
  PID:3144
- C:\Windows\System\KSESeHf.exe
  C:\Windows\System\KSESeHf.exe
  2⤵
  PID:3164
- C:\Windows\System\QurFtbu.exe
  C:\Windows\System\QurFtbu.exe
  2⤵
  PID:3184
- C:\Windows\System\xYKtNzT.exe
  C:\Windows\System\xYKtNzT.exe
  2⤵
  PID:3204
- C:\Windows\System\OogIRca.exe
  C:\Windows\System\OogIRca.exe
  2⤵
  PID:3224
- C:\Windows\System\xKZeDby.exe
  C:\Windows\System\xKZeDby.exe
  2⤵
  PID:3244
- C:\Windows\System\mJuckOE.exe
  C:\Windows\System\mJuckOE.exe
  2⤵
  PID:3264
- C:\Windows\System\tCOIosm.exe
  C:\Windows\System\tCOIosm.exe
  2⤵
  PID:3284
- C:\Windows\System\MXXaJIo.exe
  C:\Windows\System\MXXaJIo.exe
  2⤵
  PID:3304
- C:\Windows\System\PiQLBSd.exe
  C:\Windows\System\PiQLBSd.exe
  2⤵
  PID:3324
- C:\Windows\System\rHZYqKy.exe
  C:\Windows\System\rHZYqKy.exe
  2⤵
  PID:3344
- C:\Windows\System\GLoZkTd.exe
  C:\Windows\System\GLoZkTd.exe
  2⤵
  PID:3364
- C:\Windows\System\IJivpyX.exe
  C:\Windows\System\IJivpyX.exe
  2⤵
  PID:3384
- C:\Windows\System\lQJYoZV.exe
  C:\Windows\System\lQJYoZV.exe
  2⤵
  PID:3404
- C:\Windows\System\ZvkmEeQ.exe
  C:\Windows\System\ZvkmEeQ.exe
  2⤵
  PID:3424
- C:\Windows\System\khNiFaI.exe
  C:\Windows\System\khNiFaI.exe
  2⤵
  PID:3444
- C:\Windows\System\GRcSBxd.exe
  C:\Windows\System\GRcSBxd.exe
  2⤵
  PID:3464
- C:\Windows\System\ALhtIly.exe
  C:\Windows\System\ALhtIly.exe
  2⤵
  PID:3484
- C:\Windows\System\pVOOEoQ.exe
  C:\Windows\System\pVOOEoQ.exe
  2⤵
  PID:3504
- C:\Windows\System\IkrqhHx.exe
  C:\Windows\System\IkrqhHx.exe
  2⤵
  PID:3524
- C:\Windows\System\EBAOCRc.exe
  C:\Windows\System\EBAOCRc.exe
  2⤵
  PID:3544
- C:\Windows\System\wUaCqYg.exe
  C:\Windows\System\wUaCqYg.exe
  2⤵
  PID:3564
- C:\Windows\System\kaGFQhH.exe
  C:\Windows\System\kaGFQhH.exe
  2⤵
  PID:3584
- C:\Windows\System\ythtyZS.exe
  C:\Windows\System\ythtyZS.exe
  2⤵
  PID:3604
- C:\Windows\System\cdwpHGG.exe
  C:\Windows\System\cdwpHGG.exe
  2⤵
  PID:3624
- C:\Windows\System\GYOyzwq.exe
  C:\Windows\System\GYOyzwq.exe
  2⤵
  PID:3644
- C:\Windows\System\jphHqLj.exe
  C:\Windows\System\jphHqLj.exe
  2⤵
  PID:3664
- C:\Windows\System\PcCBlhp.exe
  C:\Windows\System\PcCBlhp.exe
  2⤵
  PID:3684
- C:\Windows\System\hriFcvD.exe
  C:\Windows\System\hriFcvD.exe
  2⤵
  PID:3704
- C:\Windows\System\hnTEnUN.exe
  C:\Windows\System\hnTEnUN.exe
  2⤵
  PID:3724
- C:\Windows\System\YlAesTT.exe
  C:\Windows\System\YlAesTT.exe
  2⤵
  PID:3744
- C:\Windows\System\OGMmmho.exe
  C:\Windows\System\OGMmmho.exe
  2⤵
  PID:3764
- C:\Windows\System\yyXvnKM.exe
  C:\Windows\System\yyXvnKM.exe
  2⤵
  PID:3784
- C:\Windows\System\gPUmGSh.exe
  C:\Windows\System\gPUmGSh.exe
  2⤵
  PID:3804
- C:\Windows\System\ZFZTzTb.exe
  C:\Windows\System\ZFZTzTb.exe
  2⤵
  PID:3824
- C:\Windows\System\sDiZLqD.exe
  C:\Windows\System\sDiZLqD.exe
  2⤵
  PID:3844
- C:\Windows\System\zfarhjC.exe
  C:\Windows\System\zfarhjC.exe
  2⤵
  PID:3864
- C:\Windows\System\XTewTaE.exe
  C:\Windows\System\XTewTaE.exe
  2⤵
  PID:3884
- C:\Windows\System\HORjFNu.exe
  C:\Windows\System\HORjFNu.exe
  2⤵
  PID:3904
- C:\Windows\System\naoRgbZ.exe
  C:\Windows\System\naoRgbZ.exe
  2⤵
  PID:3924
- C:\Windows\System\HNIdrLu.exe
  C:\Windows\System\HNIdrLu.exe
  2⤵
  PID:3944
- C:\Windows\System\oCyCzpO.exe
  C:\Windows\System\oCyCzpO.exe
  2⤵
  PID:3968
- C:\Windows\System\fSzBNPF.exe
  C:\Windows\System\fSzBNPF.exe
  2⤵
  PID:3988
- C:\Windows\System\ZkhmkcB.exe
  C:\Windows\System\ZkhmkcB.exe
  2⤵
  PID:4008
- C:\Windows\System\kpQoGLH.exe
  C:\Windows\System\kpQoGLH.exe
  2⤵
  PID:4028
- C:\Windows\System\ptUeLzf.exe
  C:\Windows\System\ptUeLzf.exe
  2⤵
  PID:4048
- C:\Windows\System\NJQVdbn.exe
  C:\Windows\System\NJQVdbn.exe
  2⤵
  PID:4068
- C:\Windows\System\cyUjrkh.exe
  C:\Windows\System\cyUjrkh.exe
  2⤵
  PID:4088
- C:\Windows\System\oFSCGZm.exe
  C:\Windows\System\oFSCGZm.exe
  2⤵
  PID:2912
- C:\Windows\System\mqRnxpc.exe
  C:\Windows\System\mqRnxpc.exe
  2⤵
  PID:2568
- C:\Windows\System\xrNkCnV.exe
  C:\Windows\System\xrNkCnV.exe
  2⤵
  PID:1576
- C:\Windows\System\xgNGOzm.exe
  C:\Windows\System\xgNGOzm.exe
  2⤵
  PID:2888
- C:\Windows\System\lStzukn.exe
  C:\Windows\System\lStzukn.exe
  2⤵
  PID:2752
- C:\Windows\System\xCBPSwb.exe
  C:\Windows\System\xCBPSwb.exe
  2⤵
  PID:2668
- C:\Windows\System\LnWFjuB.exe
  C:\Windows\System\LnWFjuB.exe
  2⤵
  PID:2640
- C:\Windows\System\LbLRWqI.exe
  C:\Windows\System\LbLRWqI.exe
  2⤵
  PID:2008
- C:\Windows\System\pdhAsvr.exe
  C:\Windows\System\pdhAsvr.exe
  2⤵
  PID:1596
- C:\Windows\System\smStSIb.exe
  C:\Windows\System\smStSIb.exe
  2⤵
  PID:3092
- C:\Windows\System\LVRuhav.exe
  C:\Windows\System\LVRuhav.exe
  2⤵
  PID:3120
- C:\Windows\System\pPldqVf.exe
  C:\Windows\System\pPldqVf.exe
  2⤵
  PID:3152
- C:\Windows\System\TTWWBls.exe
  C:\Windows\System\TTWWBls.exe
  2⤵
  PID:3176
- C:\Windows\System\NCsuqwI.exe
  C:\Windows\System\NCsuqwI.exe
  2⤵
  PID:3220
- C:\Windows\System\TgwaLRp.exe
  C:\Windows\System\TgwaLRp.exe
  2⤵
  PID:3236
- C:\Windows\System\LJWcCKs.exe
  C:\Windows\System\LJWcCKs.exe
  2⤵
  PID:3300
- C:\Windows\System\knvVaam.exe
  C:\Windows\System\knvVaam.exe
  2⤵
  PID:3332
- C:\Windows\System\AyvkuoB.exe
  C:\Windows\System\AyvkuoB.exe
  2⤵
  PID:3372
- C:\Windows\System\ZyDlHQq.exe
  C:\Windows\System\ZyDlHQq.exe
  2⤵
  PID:3356
- C:\Windows\System\hoEptwL.exe
  C:\Windows\System\hoEptwL.exe
  2⤵
  PID:3396
- C:\Windows\System\uXCqsgH.exe
  C:\Windows\System\uXCqsgH.exe
  2⤵
  PID:3440
- C:\Windows\System\oIpOYqn.exe
  C:\Windows\System\oIpOYqn.exe
  2⤵
  PID:3480
- C:\Windows\System\ohjsHgS.exe
  C:\Windows\System\ohjsHgS.exe
  2⤵
  PID:3532
- C:\Windows\System\EBAdgXc.exe
  C:\Windows\System\EBAdgXc.exe
  2⤵
  PID:3552
- C:\Windows\System\yZAmqoa.exe
  C:\Windows\System\yZAmqoa.exe
  2⤵
  PID:3576
- C:\Windows\System\mYhlYwq.exe
  C:\Windows\System\mYhlYwq.exe
  2⤵
  PID:3596
- C:\Windows\System\QISEaof.exe
  C:\Windows\System\QISEaof.exe
  2⤵
  PID:3640
- C:\Windows\System\mrdVxAm.exe
  C:\Windows\System\mrdVxAm.exe
  2⤵
  PID:3680
- C:\Windows\System\rhdUdoR.exe
  C:\Windows\System\rhdUdoR.exe
  2⤵
  PID:3712
- C:\Windows\System\nCdzGEF.exe
  C:\Windows\System\nCdzGEF.exe
  2⤵
  PID:3752
- C:\Windows\System\pWNnBQt.exe
  C:\Windows\System\pWNnBQt.exe
  2⤵
  PID:3776
- C:\Windows\System\XcCFGUM.exe
  C:\Windows\System\XcCFGUM.exe
  2⤵
  PID:3796
- C:\Windows\System\dtKdVtL.exe
  C:\Windows\System\dtKdVtL.exe
  2⤵
  PID:3836
- C:\Windows\System\PxVwozo.exe
  C:\Windows\System\PxVwozo.exe
  2⤵
  PID:3900
- C:\Windows\System\KAiIgpD.exe
  C:\Windows\System\KAiIgpD.exe
  2⤵
  PID:3920
- C:\Windows\System\nAUMiLP.exe
  C:\Windows\System\nAUMiLP.exe
  2⤵
  PID:3952
- C:\Windows\System\sXGXYCI.exe
  C:\Windows\System\sXGXYCI.exe
  2⤵
  PID:3980
- C:\Windows\System\IChhmot.exe
  C:\Windows\System\IChhmot.exe
  2⤵
  PID:4020
- C:\Windows\System\CCHtOgU.exe
  C:\Windows\System\CCHtOgU.exe
  2⤵
  PID:4064
- C:\Windows\System\zNdhsRh.exe
  C:\Windows\System\zNdhsRh.exe
  2⤵
  PID:2548
- C:\Windows\System\YTYVBPJ.exe
  C:\Windows\System\YTYVBPJ.exe
  2⤵
  PID:2300
- C:\Windows\System\JqYfLDu.exe
  C:\Windows\System\JqYfLDu.exe
  2⤵
  PID:2312
- C:\Windows\System\CyEeOSI.exe
  C:\Windows\System\CyEeOSI.exe
  2⤵
  PID:3040
- C:\Windows\System\QnyVZyd.exe
  C:\Windows\System\QnyVZyd.exe
  2⤵
  PID:2128
- C:\Windows\System\nCQBiBz.exe
  C:\Windows\System\nCQBiBz.exe
  2⤵
  PID:2116
- C:\Windows\System\UnJYEeB.exe
  C:\Windows\System\UnJYEeB.exe
  2⤵
  PID:3112
- C:\Windows\System\pByDCFT.exe
  C:\Windows\System\pByDCFT.exe
  2⤵
  PID:3156
- C:\Windows\System\MiBilir.exe
  C:\Windows\System\MiBilir.exe
  2⤵
  PID:3196
- C:\Windows\System\nOnALZW.exe
  C:\Windows\System\nOnALZW.exe
  2⤵
  PID:3260
- C:\Windows\System\uTXXfrN.exe
  C:\Windows\System\uTXXfrN.exe
  2⤵
  PID:3296
- C:\Windows\System\UlYghMr.exe
  C:\Windows\System\UlYghMr.exe
  2⤵
  PID:3376
- C:\Windows\System\VPwzUVc.exe
  C:\Windows\System\VPwzUVc.exe
  2⤵
  PID:3412
- C:\Windows\System\uTyVHNT.exe
  C:\Windows\System\uTyVHNT.exe
  2⤵
  PID:3512
- C:\Windows\System\LycLeXE.exe
  C:\Windows\System\LycLeXE.exe
  2⤵
  PID:3536
- C:\Windows\System\zbwEPqj.exe
  C:\Windows\System\zbwEPqj.exe
  2⤵
  PID:3612
- C:\Windows\System\yUxENeP.exe
  C:\Windows\System\yUxENeP.exe
  2⤵
  PID:3660
- C:\Windows\System\gNgqYyU.exe
  C:\Windows\System\gNgqYyU.exe
  2⤵
  PID:3772
- C:\Windows\System\geeAISm.exe
  C:\Windows\System\geeAISm.exe
  2⤵
  PID:3736
- C:\Windows\System\igdgHIQ.exe
  C:\Windows\System\igdgHIQ.exe
  2⤵
  PID:3820
- C:\Windows\System\jZgPEMK.exe
  C:\Windows\System\jZgPEMK.exe
  2⤵
  PID:3892
- C:\Windows\System\DZzozOm.exe
  C:\Windows\System\DZzozOm.exe
  2⤵
  PID:3932
- C:\Windows\System\XixqRuI.exe
  C:\Windows\System\XixqRuI.exe
  2⤵
  PID:3956
- C:\Windows\System\xfhwkRx.exe
  C:\Windows\System\xfhwkRx.exe
  2⤵
  PID:4056
- C:\Windows\System\ABvaiVk.exe
  C:\Windows\System\ABvaiVk.exe
  2⤵
  PID:4084
- C:\Windows\System\NmSgAiO.exe
  C:\Windows\System\NmSgAiO.exe
  2⤵
  PID:2504
- C:\Windows\System\gXVACEc.exe
  C:\Windows\System\gXVACEc.exe
  2⤵
  PID:1064
- C:\Windows\System\hcVWfrh.exe
  C:\Windows\System\hcVWfrh.exe
  2⤵
  PID:3080
- C:\Windows\System\lwXSZUd.exe
  C:\Windows\System\lwXSZUd.exe
  2⤵
  PID:3200
- C:\Windows\System\HmuUIDq.exe
  C:\Windows\System\HmuUIDq.exe
  2⤵
  PID:3240
- C:\Windows\System\WQBEhWH.exe
  C:\Windows\System\WQBEhWH.exe
  2⤵
  PID:3276
- C:\Windows\System\rtSZgHN.exe
  C:\Windows\System\rtSZgHN.exe
  2⤵
  PID:3472
- C:\Windows\System\AlHbAWE.exe
  C:\Windows\System\AlHbAWE.exe
  2⤵
  PID:3580
- C:\Windows\System\xhMkSHu.exe
  C:\Windows\System\xhMkSHu.exe
  2⤵
  PID:4104
- C:\Windows\System\AqWKuWS.exe
  C:\Windows\System\AqWKuWS.exe
  2⤵
  PID:4124
- C:\Windows\System\nrxJrrG.exe
  C:\Windows\System\nrxJrrG.exe
  2⤵
  PID:4144
- C:\Windows\System\gdwBxxP.exe
  C:\Windows\System\gdwBxxP.exe
  2⤵
  PID:4164
- C:\Windows\System\FvBkPzq.exe
  C:\Windows\System\FvBkPzq.exe
  2⤵
  PID:4184
- C:\Windows\System\TmJYDns.exe
  C:\Windows\System\TmJYDns.exe
  2⤵
  PID:4204
- C:\Windows\System\kfvuhkj.exe
  C:\Windows\System\kfvuhkj.exe
  2⤵
  PID:4224
- C:\Windows\System\OhsLncd.exe
  C:\Windows\System\OhsLncd.exe
  2⤵
  PID:4244
- C:\Windows\System\GslifkH.exe
  C:\Windows\System\GslifkH.exe
  2⤵
  PID:4264
- C:\Windows\System\OuibdWT.exe
  C:\Windows\System\OuibdWT.exe
  2⤵
  PID:4284
- C:\Windows\System\csGfNWf.exe
  C:\Windows\System\csGfNWf.exe
  2⤵
  PID:4304
- C:\Windows\System\uhLqvXy.exe
  C:\Windows\System\uhLqvXy.exe
  2⤵
  PID:4324
- C:\Windows\System\esIUWZP.exe
  C:\Windows\System\esIUWZP.exe
  2⤵
  PID:4344
- C:\Windows\System\QgBUtJO.exe
  C:\Windows\System\QgBUtJO.exe
  2⤵
  PID:4364
- C:\Windows\System\expqckv.exe
  C:\Windows\System\expqckv.exe
  2⤵
  PID:4384
- C:\Windows\System\ByIJxKn.exe
  C:\Windows\System\ByIJxKn.exe
  2⤵
  PID:4404
- C:\Windows\System\WDwoPHk.exe
  C:\Windows\System\WDwoPHk.exe
  2⤵
  PID:4424
- C:\Windows\System\AKoXQsq.exe
  C:\Windows\System\AKoXQsq.exe
  2⤵
  PID:4444
- C:\Windows\System\AzNvWfc.exe
  C:\Windows\System\AzNvWfc.exe
  2⤵
  PID:4464
- C:\Windows\System\baKvpbf.exe
  C:\Windows\System\baKvpbf.exe
  2⤵
  PID:4484
- C:\Windows\System\zFRGIAa.exe
  C:\Windows\System\zFRGIAa.exe
  2⤵
  PID:4504
- C:\Windows\System\MmpMksj.exe
  C:\Windows\System\MmpMksj.exe
  2⤵
  PID:4524
- C:\Windows\System\hkSYBKN.exe
  C:\Windows\System\hkSYBKN.exe
  2⤵
  PID:4544
- C:\Windows\System\LYOnrmd.exe
  C:\Windows\System\LYOnrmd.exe
  2⤵
  PID:4564
- C:\Windows\System\HIkLBcf.exe
  C:\Windows\System\HIkLBcf.exe
  2⤵
  PID:4584
- C:\Windows\System\eGmDeeu.exe
  C:\Windows\System\eGmDeeu.exe
  2⤵
  PID:4608
- C:\Windows\System\eUpfZFE.exe
  C:\Windows\System\eUpfZFE.exe
  2⤵
  PID:4628
- C:\Windows\System\PjWHCaL.exe
  C:\Windows\System\PjWHCaL.exe
  2⤵
  PID:4648
- C:\Windows\System\hhFgkjP.exe
  C:\Windows\System\hhFgkjP.exe
  2⤵
  PID:4668
- C:\Windows\System\OFqqrGA.exe
  C:\Windows\System\OFqqrGA.exe
  2⤵
  PID:4688
- C:\Windows\System\RlJlBQf.exe
  C:\Windows\System\RlJlBQf.exe
  2⤵
  PID:4708
- C:\Windows\System\IOtJeVh.exe
  C:\Windows\System\IOtJeVh.exe
  2⤵
  PID:4728
- C:\Windows\System\XWDDbDo.exe
  C:\Windows\System\XWDDbDo.exe
  2⤵
  PID:4748
- C:\Windows\System\zQjUHPY.exe
  C:\Windows\System\zQjUHPY.exe
  2⤵
  PID:4768
- C:\Windows\System\vUBDicy.exe
  C:\Windows\System\vUBDicy.exe
  2⤵
  PID:4788
- C:\Windows\System\MzIZUhQ.exe
  C:\Windows\System\MzIZUhQ.exe
  2⤵
  PID:4808
- C:\Windows\System\ahzZqQZ.exe
  C:\Windows\System\ahzZqQZ.exe
  2⤵
  PID:4828
- C:\Windows\System\FtichJS.exe
  C:\Windows\System\FtichJS.exe
  2⤵
  PID:4848
- C:\Windows\System\ScphJqf.exe
  C:\Windows\System\ScphJqf.exe
  2⤵
  PID:4868
- C:\Windows\System\crQNwWa.exe
  C:\Windows\System\crQNwWa.exe
  2⤵
  PID:4888
- C:\Windows\System\mcXlvdy.exe
  C:\Windows\System\mcXlvdy.exe
  2⤵
  PID:4908
- C:\Windows\System\wPbIPOp.exe
  C:\Windows\System\wPbIPOp.exe
  2⤵
  PID:4928
- C:\Windows\System\udTTjll.exe
  C:\Windows\System\udTTjll.exe
  2⤵
  PID:4948
- C:\Windows\System\NHsWvwc.exe
  C:\Windows\System\NHsWvwc.exe
  2⤵
  PID:4968
- C:\Windows\System\kPwkQmL.exe
  C:\Windows\System\kPwkQmL.exe
  2⤵
  PID:4988
- C:\Windows\System\IbxVxch.exe
  C:\Windows\System\IbxVxch.exe
  2⤵
  PID:5008
- C:\Windows\System\cZEZvhU.exe
  C:\Windows\System\cZEZvhU.exe
  2⤵
  PID:5028
- C:\Windows\System\SUJQqJz.exe
  C:\Windows\System\SUJQqJz.exe
  2⤵
  PID:5048
- C:\Windows\System\HbMyRiS.exe
  C:\Windows\System\HbMyRiS.exe
  2⤵
  PID:5068
- C:\Windows\System\hmrPsoV.exe
  C:\Windows\System\hmrPsoV.exe
  2⤵
  PID:5088
- C:\Windows\System\XgrbpwI.exe
  C:\Windows\System\XgrbpwI.exe
  2⤵
  PID:5108
- C:\Windows\System\mCYIDNK.exe
  C:\Windows\System\mCYIDNK.exe
  2⤵
  PID:3620
- C:\Windows\System\PdwErrZ.exe
  C:\Windows\System\PdwErrZ.exe
  2⤵
  PID:3716
- C:\Windows\System\ixElzBL.exe
  C:\Windows\System\ixElzBL.exe
  2⤵
  PID:3840
- C:\Windows\System\NJIQtMH.exe
  C:\Windows\System\NJIQtMH.exe
  2⤵
  PID:3912
- C:\Windows\System\JqMIpJU.exe
  C:\Windows\System\JqMIpJU.exe
  2⤵
  PID:4024
- C:\Windows\System\XZdVmHA.exe
  C:\Windows\System\XZdVmHA.exe
  2⤵
  PID:4080
- C:\Windows\System\PsaRVcL.exe
  C:\Windows\System\PsaRVcL.exe
  2⤵
  PID:1184
- C:\Windows\System\MIgnsjS.exe
  C:\Windows\System\MIgnsjS.exe
  2⤵
  PID:1672
- C:\Windows\System\syCLyXj.exe
  C:\Windows\System\syCLyXj.exe
  2⤵
  PID:3312
- C:\Windows\System\hmPuvjB.exe
  C:\Windows\System\hmPuvjB.exe
  2⤵
  PID:3460
- C:\Windows\System\qQYMsCF.exe
  C:\Windows\System\qQYMsCF.exe
  2⤵
  PID:4100
- C:\Windows\System\ISqxGmR.exe
  C:\Windows\System\ISqxGmR.exe
  2⤵
  PID:4112
- C:\Windows\System\jJarCtp.exe
  C:\Windows\System\jJarCtp.exe
  2⤵
  PID:4156
- C:\Windows\System\CjPwQTy.exe
  C:\Windows\System\CjPwQTy.exe
  2⤵
  PID:4200
- C:\Windows\System\xpzcoNs.exe
  C:\Windows\System\xpzcoNs.exe
  2⤵
  PID:4232
- C:\Windows\System\KWstdXD.exe
  C:\Windows\System\KWstdXD.exe
  2⤵
  PID:4256
- C:\Windows\System\eyBVWbx.exe
  C:\Windows\System\eyBVWbx.exe
  2⤵
  PID:4296
- C:\Windows\System\sZFvgfG.exe
  C:\Windows\System\sZFvgfG.exe
  2⤵
  PID:4316
- C:\Windows\System\bTuNckW.exe
  C:\Windows\System\bTuNckW.exe
  2⤵
  PID:4356
- C:\Windows\System\pOGyylY.exe
  C:\Windows\System\pOGyylY.exe
  2⤵
  PID:4400
- C:\Windows\System\DLZlJKf.exe
  C:\Windows\System\DLZlJKf.exe
  2⤵
  PID:4432
- C:\Windows\System\myqBZEk.exe
  C:\Windows\System\myqBZEk.exe
  2⤵
  PID:4456
- C:\Windows\System\QanHBFf.exe
  C:\Windows\System\QanHBFf.exe
  2⤵
  PID:4500
- C:\Windows\System\lwIIjyK.exe
  C:\Windows\System\lwIIjyK.exe
  2⤵
  PID:4520
- C:\Windows\System\jwDTUEP.exe
  C:\Windows\System\jwDTUEP.exe
  2⤵
  PID:4580
- C:\Windows\System\DGsnqQO.exe
  C:\Windows\System\DGsnqQO.exe
  2⤵
  PID:4592
- C:\Windows\System\jOUxOgJ.exe
  C:\Windows\System\jOUxOgJ.exe
  2⤵
  PID:4620
- C:\Windows\System\pgzfzqr.exe
  C:\Windows\System\pgzfzqr.exe
  2⤵
  PID:4664
- C:\Windows\System\tdAjeoH.exe
  C:\Windows\System\tdAjeoH.exe
  2⤵
  PID:4680
- C:\Windows\System\IYbxceH.exe
  C:\Windows\System\IYbxceH.exe
  2⤵
  PID:4736
- C:\Windows\System\XHDOPal.exe
  C:\Windows\System\XHDOPal.exe
  2⤵
  PID:4764
- C:\Windows\System\SztUuwT.exe
  C:\Windows\System\SztUuwT.exe
  2⤵
  PID:4796
- C:\Windows\System\oJNArfC.exe
  C:\Windows\System\oJNArfC.exe
  2⤵
  PID:4820
- C:\Windows\System\WBvxgSC.exe
  C:\Windows\System\WBvxgSC.exe
  2⤵
  PID:4840
- C:\Windows\System\uTsFOSS.exe
  C:\Windows\System\uTsFOSS.exe
  2⤵
  PID:4904
- C:\Windows\System\aSpivLA.exe
  C:\Windows\System\aSpivLA.exe
  2⤵
  PID:4916
- C:\Windows\System\ehpkIsM.exe
  C:\Windows\System\ehpkIsM.exe
  2⤵
  PID:4964
- C:\Windows\System\CYlTYHv.exe
  C:\Windows\System\CYlTYHv.exe
  2⤵
  PID:4996
- C:\Windows\System\leUXfHu.exe
  C:\Windows\System\leUXfHu.exe
  2⤵
  PID:5020
- C:\Windows\System\jiESCUV.exe
  C:\Windows\System\jiESCUV.exe
  2⤵
  PID:5064
- C:\Windows\System\KiGSUWr.exe
  C:\Windows\System\KiGSUWr.exe
  2⤵
  PID:5096
- C:\Windows\System\JqNSPrN.exe
  C:\Windows\System\JqNSPrN.exe
  2⤵
  PID:3632
- C:\Windows\System\yuDNcRA.exe
  C:\Windows\System\yuDNcRA.exe
  2⤵
  PID:3852
- C:\Windows\System\XwsSTqO.exe
  C:\Windows\System\XwsSTqO.exe
  2⤵
  PID:3800
- C:\Windows\System\eRLKAge.exe
  C:\Windows\System\eRLKAge.exe
  2⤵
  PID:3936
- C:\Windows\System\PjwYVrd.exe
  C:\Windows\System\PjwYVrd.exe
  2⤵
  PID:840
- C:\Windows\System\aROaMZW.exe
  C:\Windows\System\aROaMZW.exe
  2⤵
  PID:3336
- C:\Windows\System\rMuDSeN.exe
  C:\Windows\System\rMuDSeN.exe
  2⤵
  PID:3516
- C:\Windows\System\FqzmECS.exe
  C:\Windows\System\FqzmECS.exe
  2⤵
  PID:3492
- C:\Windows\System\ooAmTVf.exe
  C:\Windows\System\ooAmTVf.exe
  2⤵
  PID:4160
- C:\Windows\System\xhCWqSw.exe
  C:\Windows\System\xhCWqSw.exe
  2⤵
  PID:4260
- C:\Windows\System\PjJnLjK.exe
  C:\Windows\System\PjJnLjK.exe
  2⤵
  PID:4280
- C:\Windows\System\SaLXwZz.exe
  C:\Windows\System\SaLXwZz.exe
  2⤵
  PID:4360
- C:\Windows\System\zzJzbPe.exe
  C:\Windows\System\zzJzbPe.exe
  2⤵
  PID:4412
- C:\Windows\System\ymAiIrb.exe
  C:\Windows\System\ymAiIrb.exe
  2⤵
  PID:4440
- C:\Windows\System\mMAWZZU.exe
  C:\Windows\System\mMAWZZU.exe
  2⤵
  PID:4540
- C:\Windows\System\ubYpxKA.exe
  C:\Windows\System\ubYpxKA.exe
  2⤵
  PID:4556
- C:\Windows\System\qiWrjwS.exe
  C:\Windows\System\qiWrjwS.exe
  2⤵
  PID:4636
- C:\Windows\System\spixIpH.exe
  C:\Windows\System\spixIpH.exe
  2⤵
  PID:4684
- C:\Windows\System\ESScZpD.exe
  C:\Windows\System\ESScZpD.exe
  2⤵
  PID:4720
- C:\Windows\System\JxtQfrr.exe
  C:\Windows\System\JxtQfrr.exe
  2⤵
  PID:4784
- C:\Windows\System\wOuRqUq.exe
  C:\Windows\System\wOuRqUq.exe
  2⤵
  PID:4856
- C:\Windows\System\qZRGaFE.exe
  C:\Windows\System\qZRGaFE.exe
  2⤵
  PID:4944
- C:\Windows\System\Cpjnzom.exe
  C:\Windows\System\Cpjnzom.exe
  2⤵
  PID:4956
- C:\Windows\System\xLNLQQh.exe
  C:\Windows\System\xLNLQQh.exe
  2⤵
  PID:5016
- C:\Windows\System\aJCpEZK.exe
  C:\Windows\System\aJCpEZK.exe
  2⤵
  PID:5080
- C:\Windows\System\olDrNoG.exe
  C:\Windows\System\olDrNoG.exe
  2⤵
  PID:3692
- C:\Windows\System\OXrgICg.exe
  C:\Windows\System\OXrgICg.exe
  2⤵
  PID:4076
- C:\Windows\System\xVwgcgV.exe
  C:\Windows\System\xVwgcgV.exe
  2⤵
  PID:4044
- C:\Windows\System\wuLUkbf.exe
  C:\Windows\System\wuLUkbf.exe
  2⤵
  PID:1584
- C:\Windows\System\aQFLXSV.exe
  C:\Windows\System\aQFLXSV.exe
  2⤵
  PID:3252
- C:\Windows\System\Acyvdud.exe
  C:\Windows\System\Acyvdud.exe
  2⤵
  PID:4116
- C:\Windows\System\gdawlcN.exe
  C:\Windows\System\gdawlcN.exe
  2⤵
  PID:4236
- C:\Windows\System\khSoQqb.exe
  C:\Windows\System\khSoQqb.exe
  2⤵
  PID:1628
- C:\Windows\System\rCqLPXv.exe
  C:\Windows\System\rCqLPXv.exe
  2⤵
  PID:4376
- C:\Windows\System\QzcPfDb.exe
  C:\Windows\System\QzcPfDb.exe
  2⤵
  PID:4476
- C:\Windows\System\ofoCsYK.exe
  C:\Windows\System\ofoCsYK.exe
  2⤵
  PID:4604
- C:\Windows\System\SDMKarT.exe
  C:\Windows\System\SDMKarT.exe
  2⤵
  PID:4572
- C:\Windows\System\GwBOtxl.exe
  C:\Windows\System\GwBOtxl.exe
  2⤵
  PID:4740
- C:\Windows\System\yfXNwOg.exe
  C:\Windows\System\yfXNwOg.exe
  2⤵
  PID:4864
- C:\Windows\System\pKerVKL.exe
  C:\Windows\System\pKerVKL.exe
  2⤵
  PID:4884
- C:\Windows\System\qsOaXxt.exe
  C:\Windows\System\qsOaXxt.exe
  2⤵
  PID:3732
- C:\Windows\System\mhlMmWJ.exe
  C:\Windows\System\mhlMmWJ.exe
  2⤵
  PID:3700
- C:\Windows\System\HpXaoQl.exe
  C:\Windows\System\HpXaoQl.exe
  2⤵
  PID:556
- C:\Windows\System\CPGKunO.exe
  C:\Windows\System\CPGKunO.exe
  2⤵
  PID:3172
- C:\Windows\System\gCCvDxs.exe
  C:\Windows\System\gCCvDxs.exe
  2⤵
  PID:5136
- C:\Windows\System\ShEXsKP.exe
  C:\Windows\System\ShEXsKP.exe
  2⤵
  PID:5156
- C:\Windows\System\oVVkBDp.exe
  C:\Windows\System\oVVkBDp.exe
  2⤵
  PID:5176
- C:\Windows\System\vEUIyCU.exe
  C:\Windows\System\vEUIyCU.exe
  2⤵
  PID:5196
- C:\Windows\System\LntLAZB.exe
  C:\Windows\System\LntLAZB.exe
  2⤵
  PID:5216
- C:\Windows\System\YpCQbmy.exe
  C:\Windows\System\YpCQbmy.exe
  2⤵
  PID:5236
- C:\Windows\System\DnDWopC.exe
  C:\Windows\System\DnDWopC.exe
  2⤵
  PID:5256
- C:\Windows\System\LVbsPGk.exe
  C:\Windows\System\LVbsPGk.exe
  2⤵
  PID:5276
- C:\Windows\System\YiFNWhM.exe
  C:\Windows\System\YiFNWhM.exe
  2⤵
  PID:5296
- C:\Windows\System\msoysRX.exe
  C:\Windows\System\msoysRX.exe
  2⤵
  PID:5316
- C:\Windows\System\SlLUjOj.exe
  C:\Windows\System\SlLUjOj.exe
  2⤵
  PID:5336
- C:\Windows\System\ZQAnLEJ.exe
  C:\Windows\System\ZQAnLEJ.exe
  2⤵
  PID:5356
- C:\Windows\System\WkJQqJt.exe
  C:\Windows\System\WkJQqJt.exe
  2⤵
  PID:5376
- C:\Windows\System\TOrgAFG.exe
  C:\Windows\System\TOrgAFG.exe
  2⤵
  PID:5396
- C:\Windows\System\mEtNARS.exe
  C:\Windows\System\mEtNARS.exe
  2⤵
  PID:5416
- C:\Windows\System\bcjbxxs.exe
  C:\Windows\System\bcjbxxs.exe
  2⤵
  PID:5436
- C:\Windows\System\IlJGVBY.exe
  C:\Windows\System\IlJGVBY.exe
  2⤵
  PID:5456
- C:\Windows\System\wWrjVSO.exe
  C:\Windows\System\wWrjVSO.exe
  2⤵
  PID:5476
- C:\Windows\System\buOPzUU.exe
  C:\Windows\System\buOPzUU.exe
  2⤵
  PID:5496
- C:\Windows\System\KMeqUPJ.exe
  C:\Windows\System\KMeqUPJ.exe
  2⤵
  PID:5516
- C:\Windows\System\xLSFHMS.exe
  C:\Windows\System\xLSFHMS.exe
  2⤵
  PID:5536
- C:\Windows\System\wxzTJXZ.exe
  C:\Windows\System\wxzTJXZ.exe
  2⤵
  PID:5556
- C:\Windows\System\OrpgOlk.exe
  C:\Windows\System\OrpgOlk.exe
  2⤵
  PID:5576
- C:\Windows\System\umlbqzh.exe
  C:\Windows\System\umlbqzh.exe
  2⤵
  PID:5596
- C:\Windows\System\CaSHgjq.exe
  C:\Windows\System\CaSHgjq.exe
  2⤵
  PID:5616
- C:\Windows\System\NyLdbBv.exe
  C:\Windows\System\NyLdbBv.exe
  2⤵
  PID:5636
- C:\Windows\System\kWiGybh.exe
  C:\Windows\System\kWiGybh.exe
  2⤵
  PID:5660
- C:\Windows\System\qsnAiEY.exe
  C:\Windows\System\qsnAiEY.exe
  2⤵
  PID:5680
- C:\Windows\System\XGyfrfg.exe
  C:\Windows\System\XGyfrfg.exe
  2⤵
  PID:5700
- C:\Windows\System\uDgbPAs.exe
  C:\Windows\System\uDgbPAs.exe
  2⤵
  PID:5720
- C:\Windows\System\kJyCqLg.exe
  C:\Windows\System\kJyCqLg.exe
  2⤵
  PID:5740
- C:\Windows\System\zzBPTEh.exe
  C:\Windows\System\zzBPTEh.exe
  2⤵
  PID:5760
- C:\Windows\System\ewjtLdw.exe
  C:\Windows\System\ewjtLdw.exe
  2⤵
  PID:5780
- C:\Windows\System\UajtYFE.exe
  C:\Windows\System\UajtYFE.exe
  2⤵
  PID:5800
- C:\Windows\System\lcBKXWs.exe
  C:\Windows\System\lcBKXWs.exe
  2⤵
  PID:5820
- C:\Windows\System\ziWJkBG.exe
  C:\Windows\System\ziWJkBG.exe
  2⤵
  PID:5840
- C:\Windows\System\lZKvsLs.exe
  C:\Windows\System\lZKvsLs.exe
  2⤵
  PID:5860
- C:\Windows\System\GtxIDFe.exe
  C:\Windows\System\GtxIDFe.exe
  2⤵
  PID:5880
- C:\Windows\System\VCUWpfS.exe
  C:\Windows\System\VCUWpfS.exe
  2⤵
  PID:5900
- C:\Windows\System\ysvWEVl.exe
  C:\Windows\System\ysvWEVl.exe
  2⤵
  PID:5920
- C:\Windows\System\DHMuXzH.exe
  C:\Windows\System\DHMuXzH.exe
  2⤵
  PID:5940
- C:\Windows\System\DMwSeLt.exe
  C:\Windows\System\DMwSeLt.exe
  2⤵
  PID:5960
- C:\Windows\System\jgzHJXI.exe
  C:\Windows\System\jgzHJXI.exe
  2⤵
  PID:5980
- C:\Windows\System\kTndfoD.exe
  C:\Windows\System\kTndfoD.exe
  2⤵
  PID:6000
- C:\Windows\System\CglLXlb.exe
  C:\Windows\System\CglLXlb.exe
  2⤵
  PID:6020
- C:\Windows\System\UfYLAGj.exe
  C:\Windows\System\UfYLAGj.exe
  2⤵
  PID:6040
- C:\Windows\System\ikPNdVb.exe
  C:\Windows\System\ikPNdVb.exe
  2⤵
  PID:6060
- C:\Windows\System\PQomAfP.exe
  C:\Windows\System\PQomAfP.exe
  2⤵
  PID:6080
- C:\Windows\System\TNNnKcP.exe
  C:\Windows\System\TNNnKcP.exe
  2⤵
  PID:6100
- C:\Windows\System\ZshGOta.exe
  C:\Windows\System\ZshGOta.exe
  2⤵
  PID:6120
- C:\Windows\System\PPXSmtA.exe
  C:\Windows\System\PPXSmtA.exe
  2⤵
  PID:6140
- C:\Windows\System\gzHbenl.exe
  C:\Windows\System\gzHbenl.exe
  2⤵
  PID:4176
- C:\Windows\System\OYubERE.exe
  C:\Windows\System\OYubERE.exe
  2⤵
  PID:4216
- C:\Windows\System\OpQBOrn.exe
  C:\Windows\System\OpQBOrn.exe
  2⤵
  PID:4312
- C:\Windows\System\lwLtRpJ.exe
  C:\Windows\System\lwLtRpJ.exe
  2⤵
  PID:4552
- C:\Windows\System\rupoOvK.exe
  C:\Windows\System\rupoOvK.exe
  2⤵
  PID:4800
- C:\Windows\System\vwJDhjy.exe
  C:\Windows\System\vwJDhjy.exe
  2⤵
  PID:5056
- C:\Windows\System\XztGfsy.exe
  C:\Windows\System\XztGfsy.exe
  2⤵
  PID:4984
- C:\Windows\System\FJYXqtP.exe
  C:\Windows\System\FJYXqtP.exe
  2⤵
  PID:3876
- C:\Windows\System\QbANfDA.exe
  C:\Windows\System\QbANfDA.exe
  2⤵
  PID:2784
- C:\Windows\System\FqYWEcg.exe
  C:\Windows\System\FqYWEcg.exe
  2⤵
  PID:5148
- C:\Windows\System\GecavrR.exe
  C:\Windows\System\GecavrR.exe
  2⤵
  PID:5212
- C:\Windows\System\UbcQJgY.exe
  C:\Windows\System\UbcQJgY.exe
  2⤵
  PID:5232
- C:\Windows\System\rcVJjYn.exe
  C:\Windows\System\rcVJjYn.exe
  2⤵
  PID:5264
- C:\Windows\System\JgJEmdw.exe
  C:\Windows\System\JgJEmdw.exe
  2⤵
  PID:5288
- C:\Windows\System\cQfchpq.exe
  C:\Windows\System\cQfchpq.exe
  2⤵
  PID:5308
- C:\Windows\System\BgtSPnC.exe
  C:\Windows\System\BgtSPnC.exe
  2⤵
  PID:5372
- C:\Windows\System\ojPTfes.exe
  C:\Windows\System\ojPTfes.exe
  2⤵
  PID:5412
- C:\Windows\System\McrXUjn.exe
  C:\Windows\System\McrXUjn.exe
  2⤵
  PID:5432
- C:\Windows\System\HiLOQIQ.exe
  C:\Windows\System\HiLOQIQ.exe
  2⤵
  PID:5492
- C:\Windows\System\mpRdjdQ.exe
  C:\Windows\System\mpRdjdQ.exe
  2⤵
  PID:5488
- C:\Windows\System\rDVDlgq.exe
  C:\Windows\System\rDVDlgq.exe
  2⤵
  PID:5508
- C:\Windows\System\aWnrXXJ.exe
  C:\Windows\System\aWnrXXJ.exe
  2⤵
  PID:5552
- C:\Windows\System\JNxGTSs.exe
  C:\Windows\System\JNxGTSs.exe
  2⤵
  PID:5608
- C:\Windows\System\JtwHvTc.exe
  C:\Windows\System\JtwHvTc.exe
  2⤵
  PID:5644
- C:\Windows\System\mipuZUS.exe
  C:\Windows\System\mipuZUS.exe
  2⤵
  PID:5688
- C:\Windows\System\WPlEXJI.exe
  C:\Windows\System\WPlEXJI.exe
  2⤵
  PID:5708
- C:\Windows\System\yDMWjHw.exe
  C:\Windows\System\yDMWjHw.exe
  2⤵
  PID:5732
- C:\Windows\System\iNWEqVb.exe
  C:\Windows\System\iNWEqVb.exe
  2⤵
  PID:5752
- C:\Windows\System\JVMJLuM.exe
  C:\Windows\System\JVMJLuM.exe
  2⤵
  PID:5796
- C:\Windows\System\QoUTRvP.exe
  C:\Windows\System\QoUTRvP.exe
  2⤵
  PID:5836
- C:\Windows\System\vGbMlOh.exe
  C:\Windows\System\vGbMlOh.exe
  2⤵
  PID:5876
- C:\Windows\System\VfPXMSE.exe
  C:\Windows\System\VfPXMSE.exe
  2⤵
  PID:5908
- C:\Windows\System\quwmeyH.exe
  C:\Windows\System\quwmeyH.exe
  2⤵
  PID:5932
- C:\Windows\System\aoBEmPT.exe
  C:\Windows\System\aoBEmPT.exe
  2⤵
  PID:5952
- C:\Windows\System\dJtomtP.exe
  C:\Windows\System\dJtomtP.exe
  2⤵
  PID:5992
- C:\Windows\System\lVmyUCR.exe
  C:\Windows\System\lVmyUCR.exe
  2⤵
  PID:6036
- C:\Windows\System\AcqWgGg.exe
  C:\Windows\System\AcqWgGg.exe
  2⤵
  PID:2944
- C:\Windows\System\Pqypyqp.exe
  C:\Windows\System\Pqypyqp.exe
  2⤵
  PID:1948
- C:\Windows\System\AilYUqf.exe
  C:\Windows\System\AilYUqf.exe
  2⤵
  PID:6108
- C:\Windows\System\gdVPXoi.exe
  C:\Windows\System\gdVPXoi.exe
  2⤵
  PID:6132
- C:\Windows\System\zmwmHrc.exe
  C:\Windows\System\zmwmHrc.exe
  2⤵
  PID:3432
- C:\Windows\System\SMwmukY.exe
  C:\Windows\System\SMwmukY.exe
  2⤵
  PID:4716
- C:\Windows\System\peTmBNg.exe
  C:\Windows\System\peTmBNg.exe
  2⤵
  PID:4676
- C:\Windows\System\mDtuoUl.exe
  C:\Windows\System\mDtuoUl.exe
  2⤵
  PID:5040
- C:\Windows\System\ZFmFHfE.exe
  C:\Windows\System\ZFmFHfE.exe
  2⤵
  PID:1724
- C:\Windows\System\MPcRPHb.exe
  C:\Windows\System\MPcRPHb.exe
  2⤵
  PID:5144
- C:\Windows\System\qAWQeAx.exe
  C:\Windows\System\qAWQeAx.exe
  2⤵
  PID:5224
- C:\Windows\System\VZwOxFu.exe
  C:\Windows\System\VZwOxFu.exe
  2⤵
  PID:5284
- C:\Windows\System\XRVOidw.exe
  C:\Windows\System\XRVOidw.exe
  2⤵
  PID:5332
- C:\Windows\System\boSnzYx.exe
  C:\Windows\System\boSnzYx.exe
  2⤵
  PID:5404
- C:\Windows\System\KXkNSUn.exe
  C:\Windows\System\KXkNSUn.exe
  2⤵
  PID:5428
- C:\Windows\System\inomDnA.exe
  C:\Windows\System\inomDnA.exe
  2⤵
  PID:5472
- C:\Windows\System\tFhPRHU.exe
  C:\Windows\System\tFhPRHU.exe
  2⤵
  PID:5572
- C:\Windows\System\wadhlNF.exe
  C:\Windows\System\wadhlNF.exe
  2⤵
  PID:5588
- C:\Windows\System\EOYyUuO.exe
  C:\Windows\System\EOYyUuO.exe
  2⤵
  PID:5612
- C:\Windows\System\PYaJcCE.exe
  C:\Windows\System\PYaJcCE.exe
  2⤵
  PID:5648
- C:\Windows\System\nEyhoaA.exe
  C:\Windows\System\nEyhoaA.exe
  2⤵
  PID:5788
- C:\Windows\System\yDZxRyT.exe
  C:\Windows\System\yDZxRyT.exe
  2⤵
  PID:5828
- C:\Windows\System\iadmOEN.exe
  C:\Windows\System\iadmOEN.exe
  2⤵
  PID:5956
- C:\Windows\System\DNNvJlm.exe
  C:\Windows\System\DNNvJlm.exe
  2⤵
  PID:5928
- C:\Windows\System\jKvELOL.exe
  C:\Windows\System\jKvELOL.exe
  2⤵
  PID:5996
- C:\Windows\System\DxZPsXs.exe
  C:\Windows\System\DxZPsXs.exe
  2⤵
  PID:6088
- C:\Windows\System\VcdFrKm.exe
  C:\Windows\System\VcdFrKm.exe
  2⤵
  PID:2440
- C:\Windows\System\wvUDbAo.exe
  C:\Windows\System\wvUDbAo.exe
  2⤵
  PID:6136
- C:\Windows\System\klRJZPs.exe
  C:\Windows\System\klRJZPs.exe
  2⤵
  PID:4292
- C:\Windows\System\pLvzGTo.exe
  C:\Windows\System\pLvzGTo.exe
  2⤵
  PID:4844
- C:\Windows\System\YuUlyuz.exe
  C:\Windows\System\YuUlyuz.exe
  2⤵
  PID:5124
- C:\Windows\System\hkDDWNd.exe
  C:\Windows\System\hkDDWNd.exe
  2⤵
  PID:5252
- C:\Windows\System\JgqQwKG.exe
  C:\Windows\System\JgqQwKG.exe
  2⤵
  PID:5268
- C:\Windows\System\fTQuvix.exe
  C:\Windows\System\fTQuvix.exe
  2⤵
  PID:5352
- C:\Windows\System\EpRRjIF.exe
  C:\Windows\System\EpRRjIF.exe
  2⤵
  PID:5468
- C:\Windows\System\OJJXBgz.exe
  C:\Windows\System\OJJXBgz.exe
  2⤵
  PID:5632
- C:\Windows\System\YnAvLBc.exe
  C:\Windows\System\YnAvLBc.exe
  2⤵
  PID:5756
- C:\Windows\System\UgvODxa.exe
  C:\Windows\System\UgvODxa.exe
  2⤵
  PID:5808
- C:\Windows\System\MwZjVIK.exe
  C:\Windows\System\MwZjVIK.exe
  2⤵
  PID:5892
- C:\Windows\System\uVreQSj.exe
  C:\Windows\System\uVreQSj.exe
  2⤵
  PID:5868
- C:\Windows\System\bDTTxZU.exe
  C:\Windows\System\bDTTxZU.exe
  2⤵
  PID:5972
- C:\Windows\System\LgrQkJF.exe
  C:\Windows\System\LgrQkJF.exe
  2⤵
  PID:2108
- C:\Windows\System\qWDNQuU.exe
  C:\Windows\System\qWDNQuU.exe
  2⤵
  PID:6152
- C:\Windows\System\UsQKpms.exe
  C:\Windows\System\UsQKpms.exe
  2⤵
  PID:6172
- C:\Windows\System\FpWKlXg.exe
  C:\Windows\System\FpWKlXg.exe
  2⤵
  PID:6192
- C:\Windows\System\wczwCXI.exe
  C:\Windows\System\wczwCXI.exe
  2⤵
  PID:6212
- C:\Windows\System\QYnzKOb.exe
  C:\Windows\System\QYnzKOb.exe
  2⤵
  PID:6232
- C:\Windows\System\ZnTplgN.exe
  C:\Windows\System\ZnTplgN.exe
  2⤵
  PID:6252
- C:\Windows\System\pqmNudG.exe
  C:\Windows\System\pqmNudG.exe
  2⤵
  PID:6272
- C:\Windows\System\ufLcFVg.exe
  C:\Windows\System\ufLcFVg.exe
  2⤵
  PID:6292
- C:\Windows\System\sxUzIYU.exe
  C:\Windows\System\sxUzIYU.exe
  2⤵
  PID:6312
- C:\Windows\System\ZuwMEgW.exe
  C:\Windows\System\ZuwMEgW.exe
  2⤵
  PID:6332
- C:\Windows\System\rULGVsn.exe
  C:\Windows\System\rULGVsn.exe
  2⤵
  PID:6352
- C:\Windows\System\mqZNOYd.exe
  C:\Windows\System\mqZNOYd.exe
  2⤵
  PID:6372
- C:\Windows\System\zFIaGtu.exe
  C:\Windows\System\zFIaGtu.exe
  2⤵
  PID:6392
- C:\Windows\System\TZgkqaQ.exe
  C:\Windows\System\TZgkqaQ.exe
  2⤵
  PID:6412
- C:\Windows\System\SDYqFvi.exe
  C:\Windows\System\SDYqFvi.exe
  2⤵
  PID:6432
- C:\Windows\System\ydKnxte.exe
  C:\Windows\System\ydKnxte.exe
  2⤵
  PID:6452
- C:\Windows\System\WpYiskH.exe
  C:\Windows\System\WpYiskH.exe
  2⤵
  PID:6472
- C:\Windows\System\JyPpCNh.exe
  C:\Windows\System\JyPpCNh.exe
  2⤵
  PID:6492
- C:\Windows\System\SoTnWfc.exe
  C:\Windows\System\SoTnWfc.exe
  2⤵
  PID:6512
- C:\Windows\System\vUoQfvi.exe
  C:\Windows\System\vUoQfvi.exe
  2⤵
  PID:6532
- C:\Windows\System\bfDXkOD.exe
  C:\Windows\System\bfDXkOD.exe
  2⤵
  PID:6552
- C:\Windows\System\HvtRMtJ.exe
  C:\Windows\System\HvtRMtJ.exe
  2⤵
  PID:6572
- C:\Windows\System\RwaUTsh.exe
  C:\Windows\System\RwaUTsh.exe
  2⤵
  PID:6592
- C:\Windows\System\ZAhaJtd.exe
  C:\Windows\System\ZAhaJtd.exe
  2⤵
  PID:6612
- C:\Windows\System\zrVgklC.exe
  C:\Windows\System\zrVgklC.exe
  2⤵
  PID:6632
- C:\Windows\System\aRrDkRp.exe
  C:\Windows\System\aRrDkRp.exe
  2⤵
  PID:6652
- C:\Windows\System\ZoWZaFI.exe
  C:\Windows\System\ZoWZaFI.exe
  2⤵
  PID:6672
- C:\Windows\System\xhYgmpE.exe
  C:\Windows\System\xhYgmpE.exe
  2⤵
  PID:6692
- C:\Windows\System\bjEcaVu.exe
  C:\Windows\System\bjEcaVu.exe
  2⤵
  PID:6712
- C:\Windows\System\rBUSgni.exe
  C:\Windows\System\rBUSgni.exe
  2⤵
  PID:6732
- C:\Windows\System\ylOjyGg.exe
  C:\Windows\System\ylOjyGg.exe
  2⤵
  PID:6752
- C:\Windows\System\DLgojlf.exe
  C:\Windows\System\DLgojlf.exe
  2⤵
  PID:6772
- C:\Windows\System\pHLUmWV.exe
  C:\Windows\System\pHLUmWV.exe
  2⤵
  PID:6792
- C:\Windows\System\PsvUvJA.exe
  C:\Windows\System\PsvUvJA.exe
  2⤵
  PID:6812
- C:\Windows\System\oQFjyzM.exe
  C:\Windows\System\oQFjyzM.exe
  2⤵
  PID:6832
- C:\Windows\System\aSMQxvi.exe
  C:\Windows\System\aSMQxvi.exe
  2⤵
  PID:6852
- C:\Windows\System\gKCJewg.exe
  C:\Windows\System\gKCJewg.exe
  2⤵
  PID:6872
- C:\Windows\System\eztWgYh.exe
  C:\Windows\System\eztWgYh.exe
  2⤵
  PID:6892
- C:\Windows\System\CPtyncg.exe
  C:\Windows\System\CPtyncg.exe
  2⤵
  PID:6916
- C:\Windows\System\caxYmjB.exe
  C:\Windows\System\caxYmjB.exe
  2⤵
  PID:6936
- C:\Windows\System\hEOXMIW.exe
  C:\Windows\System\hEOXMIW.exe
  2⤵
  PID:6956
- C:\Windows\System\gfodLFA.exe
  C:\Windows\System\gfodLFA.exe
  2⤵
  PID:6976
- C:\Windows\System\OrfdrWY.exe
  C:\Windows\System\OrfdrWY.exe
  2⤵
  PID:6996
- C:\Windows\System\KRSIBVi.exe
  C:\Windows\System\KRSIBVi.exe
  2⤵
  PID:7016
- C:\Windows\System\KkJUJNA.exe
  C:\Windows\System\KkJUJNA.exe
  2⤵
  PID:7036
- C:\Windows\System\HCAVafc.exe
  C:\Windows\System\HCAVafc.exe
  2⤵
  PID:7056
- C:\Windows\System\BllInIf.exe
  C:\Windows\System\BllInIf.exe
  2⤵
  PID:7076
- C:\Windows\System\iORfPjy.exe
  C:\Windows\System\iORfPjy.exe
  2⤵
  PID:7096
- C:\Windows\System\gHDVPZi.exe
  C:\Windows\System\gHDVPZi.exe
  2⤵
  PID:7116
- C:\Windows\System\DkYWNGq.exe
  C:\Windows\System\DkYWNGq.exe
  2⤵
  PID:7136
- C:\Windows\System\wmBheov.exe
  C:\Windows\System\wmBheov.exe
  2⤵
  PID:7156
- C:\Windows\System\AltXtqj.exe
  C:\Windows\System\AltXtqj.exe
  2⤵
  PID:4480
- C:\Windows\System\jVsLJhR.exe
  C:\Windows\System\jVsLJhR.exe
  2⤵
  PID:4976
- C:\Windows\System\CMoCtXl.exe
  C:\Windows\System\CMoCtXl.exe
  2⤵
  PID:5248
- C:\Windows\System\FKNzDMv.exe
  C:\Windows\System\FKNzDMv.exe
  2⤵
  PID:5368
- C:\Windows\System\FMbMigi.exe
  C:\Windows\System\FMbMigi.exe
  2⤵
  PID:5544
- C:\Windows\System\pDXNexA.exe
  C:\Windows\System\pDXNexA.exe
  2⤵
  PID:5672
- C:\Windows\System\hKsDHjc.exe
  C:\Windows\System\hKsDHjc.exe
  2⤵
  PID:5856
- C:\Windows\System\XydjUBb.exe
  C:\Windows\System\XydjUBb.exe
  2⤵
  PID:6016
- C:\Windows\System\jFYjREa.exe
  C:\Windows\System\jFYjREa.exe
  2⤵
  PID:6160
- C:\Windows\System\FXymKMU.exe
  C:\Windows\System\FXymKMU.exe
  2⤵
  PID:6180
- C:\Windows\System\rXzINeV.exe
  C:\Windows\System\rXzINeV.exe
  2⤵
  PID:6204
- C:\Windows\System\ZUZALtP.exe
  C:\Windows\System\ZUZALtP.exe
  2⤵
  PID:6224
- C:\Windows\System\DxdSOwT.exe
  C:\Windows\System\DxdSOwT.exe
  2⤵
  PID:6288
- C:\Windows\System\JZVQRAW.exe
  C:\Windows\System\JZVQRAW.exe
  2⤵
  PID:6328
- C:\Windows\System\KuuCcBi.exe
  C:\Windows\System\KuuCcBi.exe
  2⤵
  PID:2196
- C:\Windows\System\Gwzpuuu.exe
  C:\Windows\System\Gwzpuuu.exe
  2⤵
  PID:6344
- C:\Windows\System\NUrtGAD.exe
  C:\Windows\System\NUrtGAD.exe
  2⤵
  PID:6384
- C:\Windows\System\HYfqjfr.exe
  C:\Windows\System\HYfqjfr.exe
  2⤵
  PID:6420
- C:\Windows\System\PlSBQwS.exe
  C:\Windows\System\PlSBQwS.exe
  2⤵
  PID:6480
- C:\Windows\System\pnqCkau.exe
  C:\Windows\System\pnqCkau.exe
  2⤵
  PID:6500
- C:\Windows\System\BybEyTE.exe
  C:\Windows\System\BybEyTE.exe
  2⤵
  PID:6524
- C:\Windows\System\vRAUHoL.exe
  C:\Windows\System\vRAUHoL.exe
  2⤵
  PID:6548
- C:\Windows\System\HVUkQcW.exe
  C:\Windows\System\HVUkQcW.exe
  2⤵
  PID:6588
- C:\Windows\System\FFSCXvL.exe
  C:\Windows\System\FFSCXvL.exe
  2⤵
  PID:6620
- C:\Windows\System\WMbSnUW.exe
  C:\Windows\System\WMbSnUW.exe
  2⤵
  PID:6680
- C:\Windows\System\ehsFYGa.exe
  C:\Windows\System\ehsFYGa.exe
  2⤵
  PID:6720
- C:\Windows\System\kqgdFho.exe
  C:\Windows\System\kqgdFho.exe
  2⤵
  PID:6704
- C:\Windows\System\qnYJSbt.exe
  C:\Windows\System\qnYJSbt.exe
  2⤵
  PID:6744
- C:\Windows\System\CYjCVmH.exe
  C:\Windows\System\CYjCVmH.exe
  2⤵
  PID:6784
- C:\Windows\System\CcGIZXw.exe
  C:\Windows\System\CcGIZXw.exe
  2⤵
  PID:6848
- C:\Windows\System\rGaGXrb.exe
  C:\Windows\System\rGaGXrb.exe
  2⤵
  PID:6880
- C:\Windows\System\qJPFNCA.exe
  C:\Windows\System\qJPFNCA.exe
  2⤵
  PID:6900
- C:\Windows\System\gsJtqlh.exe
  C:\Windows\System\gsJtqlh.exe
  2⤵
  PID:6928
- C:\Windows\System\oSFhdHH.exe
  C:\Windows\System\oSFhdHH.exe
  2⤵
  PID:6948
- C:\Windows\System\KhYwOGM.exe
  C:\Windows\System\KhYwOGM.exe
  2⤵
  PID:2616
- C:\Windows\System\cqBsxir.exe
  C:\Windows\System\cqBsxir.exe
  2⤵
  PID:7044
- C:\Windows\System\KbPxTvy.exe
  C:\Windows\System\KbPxTvy.exe
  2⤵
  PID:7152
- C:\Windows\System\aqRtKVw.exe
  C:\Windows\System\aqRtKVw.exe
  2⤵
  PID:5084
- C:\Windows\System\yQsGARM.exe
  C:\Windows\System\yQsGARM.exe
  2⤵
  PID:5384
- C:\Windows\System\aNZcrfH.exe
  C:\Windows\System\aNZcrfH.exe
  2⤵
  PID:5408
- C:\Windows\System\kndoQxG.exe
  C:\Windows\System\kndoQxG.exe
  2⤵
  PID:5736
- C:\Windows\System\fdkZcdB.exe
  C:\Windows\System\fdkZcdB.exe
  2⤵
  PID:6028
- C:\Windows\System\BqpnqnF.exe
  C:\Windows\System\BqpnqnF.exe
  2⤵
  PID:6184
- C:\Windows\System\ECNGakZ.exe
  C:\Windows\System\ECNGakZ.exe
  2⤵
  PID:6280
- C:\Windows\System\NZnJQmY.exe
  C:\Windows\System\NZnJQmY.exe
  2⤵
  PID:6304
- C:\Windows\System\XwQkBcf.exe
  C:\Windows\System\XwQkBcf.exe
  2⤵
  PID:6340
- C:\Windows\System\kVRIGsz.exe
  C:\Windows\System\kVRIGsz.exe
  2⤵
  PID:6368
- C:\Windows\System\iCrxHrs.exe
  C:\Windows\System\iCrxHrs.exe
  2⤵
  PID:6404
- C:\Windows\System\dEXWIfF.exe
  C:\Windows\System\dEXWIfF.exe
  2⤵
  PID:6484
- C:\Windows\System\gPTEFjj.exe
  C:\Windows\System\gPTEFjj.exe
  2⤵
  PID:6600
- C:\Windows\System\vinaiLl.exe
  C:\Windows\System\vinaiLl.exe
  2⤵
  PID:6580
- C:\Windows\System\lPdUIlx.exe
  C:\Windows\System\lPdUIlx.exe
  2⤵
  PID:6660
- C:\Windows\System\RMYJgoN.exe
  C:\Windows\System\RMYJgoN.exe
  2⤵
  PID:6684
- C:\Windows\System\OucdiKB.exe
  C:\Windows\System\OucdiKB.exe
  2⤵
  PID:6768
- C:\Windows\System\YyNgZPm.exe
  C:\Windows\System\YyNgZPm.exe
  2⤵
  PID:6824
- C:\Windows\System\GfEOdvw.exe
  C:\Windows\System\GfEOdvw.exe
  2⤵
  PID:6868
- C:\Windows\System\WXEQrSM.exe
  C:\Windows\System\WXEQrSM.exe
  2⤵
  PID:6912
- C:\Windows\System\kqkwoeI.exe
  C:\Windows\System\kqkwoeI.exe
  2⤵
  PID:6964
- C:\Windows\System\UGUUaLa.exe
  C:\Windows\System\UGUUaLa.exe
  2⤵
  PID:7144
- C:\Windows\System\VKGCXOU.exe
  C:\Windows\System\VKGCXOU.exe
  2⤵
  PID:320
- C:\Windows\System\MJsJtaJ.exe
  C:\Windows\System\MJsJtaJ.exe
  2⤵
  PID:5568
- C:\Windows\System\AaOuNNQ.exe
  C:\Windows\System\AaOuNNQ.exe
  2⤵
  PID:5712
- C:\Windows\System\cIOxmUB.exe
  C:\Windows\System\cIOxmUB.exe
  2⤵
  PID:5948
- C:\Windows\System\MTRhtYd.exe
  C:\Windows\System\MTRhtYd.exe
  2⤵
  PID:6240
- C:\Windows\System\nbsgDXx.exe
  C:\Windows\System\nbsgDXx.exe
  2⤵
  PID:6300
- C:\Windows\System\FlydxUA.exe
  C:\Windows\System\FlydxUA.exe
  2⤵
  PID:6468
- C:\Windows\System\vbOOmuY.exe
  C:\Windows\System\vbOOmuY.exe
  2⤵
  PID:6560
- C:\Windows\System\iuANlJd.exe
  C:\Windows\System\iuANlJd.exe
  2⤵
  PID:6624
- C:\Windows\System\BOhBRav.exe
  C:\Windows\System\BOhBRav.exe
  2⤵
  PID:6708
- C:\Windows\System\OFeybFC.exe
  C:\Windows\System\OFeybFC.exe
  2⤵
  PID:6904
- C:\Windows\System\eanJiZu.exe
  C:\Windows\System\eanJiZu.exe
  2⤵
  PID:6988
- C:\Windows\System\SVHyIbq.exe
  C:\Windows\System\SVHyIbq.exe
  2⤵
  PID:2812
- C:\Windows\System\eappIIe.exe
  C:\Windows\System\eappIIe.exe
  2⤵
  PID:7008
- C:\Windows\System\EVOEYwM.exe
  C:\Windows\System\EVOEYwM.exe
  2⤵
  PID:6200
- C:\Windows\System\dQMvknW.exe
  C:\Windows\System\dQMvknW.exe
  2⤵
  PID:2724
- C:\Windows\System\cGCfhhP.exe
  C:\Windows\System\cGCfhhP.exe
  2⤵
  PID:764
- C:\Windows\System\KLtipnr.exe
  C:\Windows\System\KLtipnr.exe
  2⤵
  PID:1280
- C:\Windows\System\DOvGYUy.exe
  C:\Windows\System\DOvGYUy.exe
  2⤵
  PID:1188
- C:\Windows\System\liwsagW.exe
  C:\Windows\System\liwsagW.exe
  2⤵
  PID:6424
- C:\Windows\System\HiFFJbj.exe
  C:\Windows\System\HiFFJbj.exe
  2⤵
  PID:6504
- C:\Windows\System\qIdPBfz.exe
  C:\Windows\System\qIdPBfz.exe
  2⤵
  PID:6664
- C:\Windows\System\wmNsRIU.exe
  C:\Windows\System\wmNsRIU.exe
  2⤵
  PID:6864
- C:\Windows\System\XWnyaVK.exe
  C:\Windows\System\XWnyaVK.exe
  2⤵
  PID:5776
- C:\Windows\System\rCaJpXU.exe
  C:\Windows\System\rCaJpXU.exe
  2⤵
  PID:6056
- C:\Windows\System\WnSWIcF.exe
  C:\Windows\System\WnSWIcF.exe
  2⤵
  PID:1816
- C:\Windows\System\OwOSgyC.exe
  C:\Windows\System\OwOSgyC.exe
  2⤵
  PID:2936
- C:\Windows\System\ASCfRQa.exe
  C:\Windows\System\ASCfRQa.exe
  2⤵
  PID:7176
- C:\Windows\System\WjCTIXi.exe
  C:\Windows\System\WjCTIXi.exe
  2⤵
  PID:7196
- C:\Windows\System\WGmMWtx.exe
  C:\Windows\System\WGmMWtx.exe
  2⤵
  PID:7216
- C:\Windows\System\vjmqvnW.exe
  C:\Windows\System\vjmqvnW.exe
  2⤵
  PID:7236
- C:\Windows\System\kmwOppa.exe
  C:\Windows\System\kmwOppa.exe
  2⤵
  PID:7256
- C:\Windows\System\LBiXUTt.exe
  C:\Windows\System\LBiXUTt.exe
  2⤵
  PID:7276
- C:\Windows\System\gEPjuHp.exe
  C:\Windows\System\gEPjuHp.exe
  2⤵
  PID:7296
- C:\Windows\System\KzanXoQ.exe
  C:\Windows\System\KzanXoQ.exe
  2⤵
  PID:7316
- C:\Windows\System\LsYmFpv.exe
  C:\Windows\System\LsYmFpv.exe
  2⤵
  PID:7336
- C:\Windows\System\eGkEFGI.exe
  C:\Windows\System\eGkEFGI.exe
  2⤵
  PID:7356
- C:\Windows\System\JoSWzYP.exe
  C:\Windows\System\JoSWzYP.exe
  2⤵
  PID:7376
- C:\Windows\System\rvdGTot.exe
  C:\Windows\System\rvdGTot.exe
  2⤵
  PID:7396
- C:\Windows\System\FutIugT.exe
  C:\Windows\System\FutIugT.exe
  2⤵
  PID:7416
- C:\Windows\System\Ytrjwna.exe
  C:\Windows\System\Ytrjwna.exe
  2⤵
  PID:7436
- C:\Windows\System\yQxnSFs.exe
  C:\Windows\System\yQxnSFs.exe
  2⤵
  PID:7456
- C:\Windows\System\yyyCljp.exe
  C:\Windows\System\yyyCljp.exe
  2⤵
  PID:7476
- C:\Windows\System\goBjJNR.exe
  C:\Windows\System\goBjJNR.exe
  2⤵
  PID:7496
- C:\Windows\System\kKiBWsp.exe
  C:\Windows\System\kKiBWsp.exe
  2⤵
  PID:7516
- C:\Windows\System\znMcJWP.exe
  C:\Windows\System\znMcJWP.exe
  2⤵
  PID:7536
- C:\Windows\System\dhngKhR.exe
  C:\Windows\System\dhngKhR.exe
  2⤵
  PID:7556
- C:\Windows\System\nnWwedw.exe
  C:\Windows\System\nnWwedw.exe
  2⤵
  PID:7616
- C:\Windows\System\tNjxGxw.exe
  C:\Windows\System\tNjxGxw.exe
  2⤵
  PID:7640
- C:\Windows\System\koVpAXO.exe
  C:\Windows\System\koVpAXO.exe
  2⤵
  PID:7656
- C:\Windows\System\umbdJBd.exe
  C:\Windows\System\umbdJBd.exe
  2⤵
  PID:7672
- C:\Windows\System\CcKIpaE.exe
  C:\Windows\System\CcKIpaE.exe
  2⤵
  PID:7688
- C:\Windows\System\XHlbbFT.exe
  C:\Windows\System\XHlbbFT.exe
  2⤵
  PID:7732
- C:\Windows\System\kZTUVFw.exe
  C:\Windows\System\kZTUVFw.exe
  2⤵
  PID:7756
- C:\Windows\System\WhrZJpf.exe
  C:\Windows\System\WhrZJpf.exe
  2⤵
  PID:7772
- C:\Windows\System\FFiwLzc.exe
  C:\Windows\System\FFiwLzc.exe
  2⤵
  PID:7788
- C:\Windows\System\jVQlWBf.exe
  C:\Windows\System\jVQlWBf.exe
  2⤵
  PID:7808
- C:\Windows\System\pjzIOtm.exe
  C:\Windows\System\pjzIOtm.exe
  2⤵
  PID:7828
- C:\Windows\System\QXIbWjL.exe
  C:\Windows\System\QXIbWjL.exe
  2⤵
  PID:7844
- C:\Windows\System\NoRaEpZ.exe
  C:\Windows\System\NoRaEpZ.exe
  2⤵
  PID:7860
- C:\Windows\System\tlDnMCH.exe
  C:\Windows\System\tlDnMCH.exe
  2⤵
  PID:7880
- C:\Windows\System\SFIErZF.exe
  C:\Windows\System\SFIErZF.exe
  2⤵
  PID:7904
- C:\Windows\System\YvqjHXl.exe
  C:\Windows\System\YvqjHXl.exe
  2⤵
  PID:7932
- C:\Windows\System\tSpoTEW.exe
  C:\Windows\System\tSpoTEW.exe
  2⤵
  PID:7956
- C:\Windows\System\blePnIj.exe
  C:\Windows\System\blePnIj.exe
  2⤵
  PID:7972
- C:\Windows\System\riudQBG.exe
  C:\Windows\System\riudQBG.exe
  2⤵
  PID:7988
- C:\Windows\System\XAubVfa.exe
  C:\Windows\System\XAubVfa.exe
  2⤵
  PID:8004
- C:\Windows\System\vJwucel.exe
  C:\Windows\System\vJwucel.exe
  2⤵
  PID:8024
- C:\Windows\System\YQPBXYh.exe
  C:\Windows\System\YQPBXYh.exe
  2⤵
  PID:8048
- C:\Windows\System\uYEintf.exe
  C:\Windows\System\uYEintf.exe
  2⤵
  PID:8064
- C:\Windows\System\BbUxEDU.exe
  C:\Windows\System\BbUxEDU.exe
  2⤵
  PID:8080
- C:\Windows\System\leqTVLi.exe
  C:\Windows\System\leqTVLi.exe
  2⤵
  PID:8096
- C:\Windows\System\yIeFozh.exe
  C:\Windows\System\yIeFozh.exe
  2⤵
  PID:8112
- C:\Windows\System\QRmYjkO.exe
  C:\Windows\System\QRmYjkO.exe
  2⤵
  PID:8132
- C:\Windows\System\QaecaOe.exe
  C:\Windows\System\QaecaOe.exe
  2⤵
  PID:8152
- C:\Windows\System\xyBJJjV.exe
  C:\Windows\System\xyBJJjV.exe
  2⤵
  PID:8168
- C:\Windows\System\iIajWGz.exe
  C:\Windows\System\iIajWGz.exe
  2⤵
  PID:6820
- C:\Windows\System\OncLOGp.exe
  C:\Windows\System\OncLOGp.exe
  2⤵
  PID:4900
- C:\Windows\System\lPZQukI.exe
  C:\Windows\System\lPZQukI.exe
  2⤵
  PID:6116
- C:\Windows\System\zorXdWS.exe
  C:\Windows\System\zorXdWS.exe
  2⤵
  PID:7172
- C:\Windows\System\mquVbVM.exe
  C:\Windows\System\mquVbVM.exe
  2⤵
  PID:1664
- C:\Windows\System\bTxmrSw.exe
  C:\Windows\System\bTxmrSw.exe
  2⤵
  PID:7212
- C:\Windows\System\SECSeJx.exe
  C:\Windows\System\SECSeJx.exe
  2⤵
  PID:7244
- C:\Windows\System\zrwAFfs.exe
  C:\Windows\System\zrwAFfs.exe
  2⤵
  PID:7264
- C:\Windows\System\BfTGKxk.exe
  C:\Windows\System\BfTGKxk.exe
  2⤵
  PID:7288
- C:\Windows\System\HzHWyYZ.exe
  C:\Windows\System\HzHWyYZ.exe
  2⤵
  PID:7332
- C:\Windows\System\jVbNCEH.exe
  C:\Windows\System\jVbNCEH.exe
  2⤵
  PID:7364
- C:\Windows\System\unUQWBo.exe
  C:\Windows\System\unUQWBo.exe
  2⤵
  PID:7368
- C:\Windows\System\UnAPrfb.exe
  C:\Windows\System\UnAPrfb.exe
  2⤵
  PID:7412
- C:\Windows\System\glHjCRz.exe
  C:\Windows\System\glHjCRz.exe
  2⤵
  PID:7464
- C:\Windows\System\ynwBElr.exe
  C:\Windows\System\ynwBElr.exe
  2⤵
  PID:2940
- C:\Windows\System\XUgAOEY.exe
  C:\Windows\System\XUgAOEY.exe
  2⤵
  PID:7488
- C:\Windows\System\gLsxWdt.exe
  C:\Windows\System\gLsxWdt.exe
  2⤵
  PID:1848
- C:\Windows\System\nYuHLIw.exe
  C:\Windows\System\nYuHLIw.exe
  2⤵
  PID:2532
- C:\Windows\System\rSUzybI.exe
  C:\Windows\System\rSUzybI.exe
  2⤵
  PID:7532
- C:\Windows\System\xCNokMQ.exe
  C:\Windows\System\xCNokMQ.exe
  2⤵
  PID:2672
- C:\Windows\System\OgMoOGC.exe
  C:\Windows\System\OgMoOGC.exe
  2⤵
  PID:2396
- C:\Windows\System\MxDzXXM.exe
  C:\Windows\System\MxDzXXM.exe
  2⤵
  PID:1924
- C:\Windows\System\FVPnIXz.exe
  C:\Windows\System\FVPnIXz.exe
  2⤵
  PID:2644
- C:\Windows\System\lMGgviv.exe
  C:\Windows\System\lMGgviv.exe
  2⤵
  PID:7548
- C:\Windows\System\OeueEMC.exe
  C:\Windows\System\OeueEMC.exe
  2⤵
  PID:7600
- C:\Windows\System\GvZwqpE.exe
  C:\Windows\System\GvZwqpE.exe
  2⤵
  PID:7624
- C:\Windows\System\YKktpMX.exe
  C:\Windows\System\YKktpMX.exe
  2⤵
  PID:7708
- C:\Windows\System\JfvBUDU.exe
  C:\Windows\System\JfvBUDU.exe
  2⤵
  PID:7800
- C:\Windows\System\vtwIXgW.exe
  C:\Windows\System\vtwIXgW.exe
  2⤵
  PID:7868
- C:\Windows\System\frePBbA.exe
  C:\Windows\System\frePBbA.exe
  2⤵
  PID:7924
- C:\Windows\System\RFpwnrd.exe
  C:\Windows\System\RFpwnrd.exe
  2⤵
  PID:7996
- C:\Windows\System\FKoTKRP.exe
  C:\Windows\System\FKoTKRP.exe
  2⤵
  PID:7852
- C:\Windows\System\JnntPeW.exe
  C:\Windows\System\JnntPeW.exe
  2⤵
  PID:7888
- C:\Windows\System\uwDUzww.exe
  C:\Windows\System\uwDUzww.exe
  2⤵
  PID:7748
- C:\Windows\System\wvuOMhC.exe
  C:\Windows\System\wvuOMhC.exe
  2⤵
  PID:7816
- C:\Windows\System\dUNjNlp.exe
  C:\Windows\System\dUNjNlp.exe
  2⤵
  PID:8180
- C:\Windows\System\gOpGKHv.exe
  C:\Windows\System\gOpGKHv.exe
  2⤵
  PID:6380
- C:\Windows\System\adCIZPF.exe
  C:\Windows\System\adCIZPF.exe
  2⤵
  PID:7900
- C:\Windows\System\VjHnPry.exe
  C:\Windows\System\VjHnPry.exe
  2⤵
  PID:7980
- C:\Windows\System\LwWWLRm.exe
  C:\Windows\System\LwWWLRm.exe
  2⤵
  PID:8124
- C:\Windows\System\gFAqmIJ.exe
  C:\Windows\System\gFAqmIJ.exe
  2⤵
  PID:6528
- C:\Windows\System\fGMnxJu.exe
  C:\Windows\System\fGMnxJu.exe
  2⤵
  PID:6972
- C:\Windows\System\rBaZBfk.exe
  C:\Windows\System\rBaZBfk.exe
  2⤵
  PID:6320
- C:\Windows\System\qsieKtO.exe
  C:\Windows\System\qsieKtO.exe
  2⤵
  PID:7188
- C:\Windows\System\eQqsYFL.exe
  C:\Windows\System\eQqsYFL.exe
  2⤵
  PID:7268
- C:\Windows\System\HgAyUSx.exe
  C:\Windows\System\HgAyUSx.exe
  2⤵
  PID:7228
- C:\Windows\System\xwhvZts.exe
  C:\Windows\System\xwhvZts.exe
  2⤵
  PID:7324
- C:\Windows\System\pfAXrSl.exe
  C:\Windows\System\pfAXrSl.exe
  2⤵
  PID:2664
- C:\Windows\System\JAfpWnY.exe
  C:\Windows\System\JAfpWnY.exe
  2⤵
  PID:7424
- C:\Windows\System\fqEppFW.exe
  C:\Windows\System\fqEppFW.exe
  2⤵
  PID:7428
- C:\Windows\System\LdQhmkf.exe
  C:\Windows\System\LdQhmkf.exe
  2⤵
  PID:2796
- C:\Windows\System\uVLgnru.exe
  C:\Windows\System\uVLgnru.exe
  2⤵
  PID:2296
- C:\Windows\System\MdRzPJP.exe
  C:\Windows\System\MdRzPJP.exe
  2⤵
  PID:2280
- C:\Windows\System\ghPJeLn.exe
  C:\Windows\System\ghPJeLn.exe
  2⤵
  PID:2952
- C:\Windows\System\jODxLrP.exe
  C:\Windows\System\jODxLrP.exe
  2⤵
  PID:6032
- C:\Windows\System\szthhfy.exe
  C:\Windows\System\szthhfy.exe
  2⤵
  PID:2964
- C:\Windows\System\BkJHfvh.exe
  C:\Windows\System\BkJHfvh.exe
  2⤵
  PID:7680
- C:\Windows\System\txqgdVv.exe
  C:\Windows\System\txqgdVv.exe
  2⤵
  PID:7696
- C:\Windows\System\XzxPAVV.exe
  C:\Windows\System\XzxPAVV.exe
  2⤵
  PID:7836
- C:\Windows\System\eJGUzdz.exe
  C:\Windows\System\eJGUzdz.exe
  2⤵
  PID:7968
- C:\Windows\System\sEXcTAC.exe
  C:\Windows\System\sEXcTAC.exe
  2⤵
  PID:7780
- C:\Windows\System\knriqiK.exe
  C:\Windows\System\knriqiK.exe
  2⤵
  PID:8188
- C:\Windows\System\Vbjyfcu.exe
  C:\Windows\System\Vbjyfcu.exe
  2⤵
  PID:7796
- C:\Windows\System\zhOokYm.exe
  C:\Windows\System\zhOokYm.exe
  2⤵
  PID:6800
- C:\Windows\System\tHuUrHk.exe
  C:\Windows\System\tHuUrHk.exe
  2⤵
  PID:7940
- C:\Windows\System\lLYiltT.exe
  C:\Windows\System\lLYiltT.exe
  2⤵
  PID:8012
- C:\Windows\System\MYfXYXC.exe
  C:\Windows\System\MYfXYXC.exe
  2⤵
  PID:7612
- C:\Windows\System\xZibVyh.exe
  C:\Windows\System\xZibVyh.exe
  2⤵
  PID:8088
- C:\Windows\System\yohRhIC.exe
  C:\Windows\System\yohRhIC.exe
  2⤵
  PID:7224
- C:\Windows\System\WdoraYp.exe
  C:\Windows\System\WdoraYp.exe
  2⤵
  PID:7492
- C:\Windows\System\ZRPKlMQ.exe
  C:\Windows\System\ZRPKlMQ.exe
  2⤵
  PID:7652
- C:\Windows\System\POcQYBq.exe
  C:\Windows\System\POcQYBq.exe
  2⤵
  PID:7604
- C:\Windows\System\GoLYhpc.exe
  C:\Windows\System\GoLYhpc.exe
  2⤵
  PID:7768
- C:\Windows\System\oajxMTq.exe
  C:\Windows\System\oajxMTq.exe
  2⤵
  PID:7328
- C:\Windows\System\NaokwYm.exe
  C:\Windows\System\NaokwYm.exe
  2⤵
  PID:8036
- C:\Windows\System\dEHSgNe.exe
  C:\Windows\System\dEHSgNe.exe
  2⤵
  PID:2336
- C:\Windows\System\CUqsNjn.exe
  C:\Windows\System\CUqsNjn.exe
  2⤵
  PID:8044
- C:\Windows\System\FpcjQpC.exe
  C:\Windows\System\FpcjQpC.exe
  2⤵
  PID:7664
- C:\Windows\System\dGPQhaI.exe
  C:\Windows\System\dGPQhaI.exe
  2⤵
  PID:7648
- C:\Windows\System\sEBojny.exe
  C:\Windows\System\sEBojny.exe
  2⤵
  PID:2656
- C:\Windows\System\hgKXfIK.exe
  C:\Windows\System\hgKXfIK.exe
  2⤵
  PID:8060
- C:\Windows\System\vpbmmlu.exe
  C:\Windows\System\vpbmmlu.exe
  2⤵
  PID:7896
- C:\Windows\System\IPphZMv.exe
  C:\Windows\System\IPphZMv.exe
  2⤵
  PID:1276
- C:\Windows\System\KlIfxLZ.exe
  C:\Windows\System\KlIfxLZ.exe
  2⤵
  PID:7952
- C:\Windows\System\ANVHQNR.exe
  C:\Windows\System\ANVHQNR.exe
  2⤵
  PID:7984
- C:\Windows\System\nFCWPQw.exe
  C:\Windows\System\nFCWPQw.exe
  2⤵
  PID:7432
- C:\Windows\System\FvYDPfh.exe
  C:\Windows\System\FvYDPfh.exe
  2⤵
  PID:7484
- C:\Windows\System\JhGlQnV.exe
  C:\Windows\System\JhGlQnV.exe
  2⤵
  PID:8020
- C:\Windows\System\LyhqILT.exe
  C:\Windows\System\LyhqILT.exe
  2⤵
  PID:7468
- C:\Windows\System\fOpmTIg.exe
  C:\Windows\System\fOpmTIg.exe
  2⤵
  PID:7348
- C:\Windows\System\fernToD.exe
  C:\Windows\System\fernToD.exe
  2⤵
  PID:8176
- C:\Windows\System\Ysmydxl.exe
  C:\Windows\System\Ysmydxl.exe
  2⤵
  PID:7452
- C:\Windows\System\YMtJaRb.exe
  C:\Windows\System\YMtJaRb.exe
  2⤵
  PID:7404
- C:\Windows\System\WzFToJs.exe
  C:\Windows\System\WzFToJs.exe
  2⤵
  PID:7920
- C:\Windows\System\VXNGjcp.exe
  C:\Windows\System\VXNGjcp.exe
  2⤵
  PID:7208
- C:\Windows\System\jRTJbgi.exe
  C:\Windows\System\jRTJbgi.exe
  2⤵
  PID:7668
- C:\Windows\System\DnWLiyG.exe
  C:\Windows\System\DnWLiyG.exe
  2⤵
  PID:2960
- C:\Windows\System\mIHyUZo.exe
  C:\Windows\System\mIHyUZo.exe
  2⤵
  PID:7312
- C:\Windows\System\rKYOOEQ.exe
  C:\Windows\System\rKYOOEQ.exe
  2⤵
  PID:7876
- C:\Windows\System\noZBdGy.exe
  C:\Windows\System\noZBdGy.exe
  2⤵
  PID:8200
- C:\Windows\System\xoJiuMI.exe
  C:\Windows\System\xoJiuMI.exe
  2⤵
  PID:8228
- C:\Windows\System\KkLRCLd.exe
  C:\Windows\System\KkLRCLd.exe
  2⤵
  PID:8260
- C:\Windows\System\fAIhsbz.exe
  C:\Windows\System\fAIhsbz.exe
  2⤵
  PID:8280
- C:\Windows\System\KmumSPI.exe
  C:\Windows\System\KmumSPI.exe
  2⤵
  PID:8296
- C:\Windows\System\Cuxqydz.exe
  C:\Windows\System\Cuxqydz.exe
  2⤵
  PID:8312
- C:\Windows\System\uTLrzuK.exe
  C:\Windows\System\uTLrzuK.exe
  2⤵
  PID:8328
- C:\Windows\System\urELlRa.exe
  C:\Windows\System\urELlRa.exe
  2⤵
  PID:8344
- C:\Windows\System\DOcsXpM.exe
  C:\Windows\System\DOcsXpM.exe
  2⤵
  PID:8360
- C:\Windows\System\QtXGmJf.exe
  C:\Windows\System\QtXGmJf.exe
  2⤵
  PID:8396
- C:\Windows\System\nnhzGSV.exe
  C:\Windows\System\nnhzGSV.exe
  2⤵
  PID:8464
- C:\Windows\System\bALiNJI.exe
  C:\Windows\System\bALiNJI.exe
  2⤵
  PID:8480
- C:\Windows\System\Lcbaefa.exe
  C:\Windows\System\Lcbaefa.exe
  2⤵
  PID:8496
- C:\Windows\System\lSMwSpJ.exe
  C:\Windows\System\lSMwSpJ.exe
  2⤵
  PID:8512
- C:\Windows\System\fHGqtex.exe
  C:\Windows\System\fHGqtex.exe
  2⤵
  PID:8532
- C:\Windows\System\oNklRAj.exe
  C:\Windows\System\oNklRAj.exe
  2⤵
  PID:8556
- C:\Windows\System\bwmhtoU.exe
  C:\Windows\System\bwmhtoU.exe
  2⤵
  PID:8572
- C:\Windows\System\yinuzmo.exe
  C:\Windows\System\yinuzmo.exe
  2⤵
  PID:8588
- C:\Windows\System\QZrKBtq.exe
  C:\Windows\System\QZrKBtq.exe
  2⤵
  PID:8608
- C:\Windows\System\PgSvTwP.exe
  C:\Windows\System\PgSvTwP.exe
  2⤵
  PID:8628
- C:\Windows\System\oPtzXjY.exe
  C:\Windows\System\oPtzXjY.exe
  2⤵
  PID:8648
- C:\Windows\System\hEFRQnI.exe
  C:\Windows\System\hEFRQnI.exe
  2⤵
  PID:8668
- C:\Windows\System\IKYqSjH.exe
  C:\Windows\System\IKYqSjH.exe
  2⤵
  PID:8684
- C:\Windows\System\vUVxUPg.exe
  C:\Windows\System\vUVxUPg.exe
  2⤵
  PID:8704
- C:\Windows\System\jnQBaRz.exe
  C:\Windows\System\jnQBaRz.exe
  2⤵
  PID:8720
- C:\Windows\System\IZvOyAv.exe
  C:\Windows\System\IZvOyAv.exe
  2⤵
  PID:8748
- C:\Windows\System\CKCCOnj.exe
  C:\Windows\System\CKCCOnj.exe
  2⤵
  PID:8772
- C:\Windows\System\nDNFqwt.exe
  C:\Windows\System\nDNFqwt.exe
  2⤵
  PID:8788
- C:\Windows\System\uZjObdT.exe
  C:\Windows\System\uZjObdT.exe
  2⤵
  PID:8804
- C:\Windows\System\xNjKRCH.exe
  C:\Windows\System\xNjKRCH.exe
  2⤵
  PID:8824
- C:\Windows\System\ljpmzKR.exe
  C:\Windows\System\ljpmzKR.exe
  2⤵
  PID:8868
- C:\Windows\System\BCUReGA.exe
  C:\Windows\System\BCUReGA.exe
  2⤵
  PID:8884
- C:\Windows\System\TpjEisw.exe
  C:\Windows\System\TpjEisw.exe
  2⤵
  PID:8908
- C:\Windows\System\kLvQLLt.exe
  C:\Windows\System\kLvQLLt.exe
  2⤵
  PID:8924
- C:\Windows\System\ftmIZik.exe
  C:\Windows\System\ftmIZik.exe
  2⤵
  PID:8948
- C:\Windows\System\kBguHga.exe
  C:\Windows\System\kBguHga.exe
  2⤵
  PID:8964
- C:\Windows\System\ZzzBjyt.exe
  C:\Windows\System\ZzzBjyt.exe
  2⤵
  PID:8980
- C:\Windows\System\EZtinTz.exe
  C:\Windows\System\EZtinTz.exe
  2⤵
  PID:9000
- C:\Windows\System\CBEhVDa.exe
  C:\Windows\System\CBEhVDa.exe
  2⤵
  PID:9016
- C:\Windows\System\hoIGKwP.exe
  C:\Windows\System\hoIGKwP.exe
  2⤵
  PID:9032
- C:\Windows\System\IIzlMsP.exe
  C:\Windows\System\IIzlMsP.exe
  2⤵
  PID:9052
- C:\Windows\System\nwfzHWY.exe
  C:\Windows\System\nwfzHWY.exe
  2⤵
  PID:9076
- C:\Windows\System\YOpROJS.exe
  C:\Windows\System\YOpROJS.exe
  2⤵
  PID:9092
- C:\Windows\System\hwkQhhs.exe
  C:\Windows\System\hwkQhhs.exe
  2⤵
  PID:9112
- C:\Windows\System\XmZOMWq.exe
  C:\Windows\System\XmZOMWq.exe
  2⤵
  PID:9132
- C:\Windows\System\DslmiBa.exe
  C:\Windows\System\DslmiBa.exe
  2⤵
  PID:9148
- C:\Windows\System\kKRxTYz.exe
  C:\Windows\System\kKRxTYz.exe
  2⤵
  PID:9176
- C:\Windows\System\YWJvILH.exe
  C:\Windows\System\YWJvILH.exe
  2⤵
  PID:9196
- C:\Windows\System\AYIWIhi.exe
  C:\Windows\System\AYIWIhi.exe
  2⤵
  PID:9212
- C:\Windows\System\HEpcbkk.exe
  C:\Windows\System\HEpcbkk.exe
  2⤵
  PID:7308
- C:\Windows\System\XlrzsvJ.exe
  C:\Windows\System\XlrzsvJ.exe
  2⤵
  PID:8276
- C:\Windows\System\FdXPEZP.exe
  C:\Windows\System\FdXPEZP.exe
  2⤵
  PID:8240
- C:\Windows\System\kEqhykb.exe
  C:\Windows\System\kEqhykb.exe
  2⤵
  PID:8320
- C:\Windows\System\XWmSDAI.exe
  C:\Windows\System\XWmSDAI.exe
  2⤵
  PID:8376
- C:\Windows\System\oYDhOlz.exe
  C:\Windows\System\oYDhOlz.exe
  2⤵
  PID:8408
- C:\Windows\System\IglMhMg.exe
  C:\Windows\System\IglMhMg.exe
  2⤵
  PID:8416
- C:\Windows\System\zYmYTbB.exe
  C:\Windows\System\zYmYTbB.exe
  2⤵
  PID:8436
- C:\Windows\System\UcMLtti.exe
  C:\Windows\System\UcMLtti.exe
  2⤵
  PID:8460
- C:\Windows\System\UZskPhy.exe
  C:\Windows\System\UZskPhy.exe
  2⤵
  PID:8552
- C:\Windows\System\BhhuGXM.exe
  C:\Windows\System\BhhuGXM.exe
  2⤵
  PID:8528
- C:\Windows\System\keNKQHi.exe
  C:\Windows\System\keNKQHi.exe
  2⤵
  PID:8604
- C:\Windows\System\VnOlrPV.exe
  C:\Windows\System\VnOlrPV.exe
  2⤵
  PID:8660
- C:\Windows\System\KTlbbef.exe
  C:\Windows\System\KTlbbef.exe
  2⤵
  PID:8728
- C:\Windows\System\XXolEnv.exe
  C:\Windows\System\XXolEnv.exe
  2⤵
  PID:8780
- C:\Windows\System\VECFspy.exe
  C:\Windows\System\VECFspy.exe
  2⤵
  PID:8816
- C:\Windows\System\MctkbQm.exe
  C:\Windows\System\MctkbQm.exe
  2⤵
  PID:8832
- C:\Windows\System\gIydXbr.exe
  C:\Windows\System\gIydXbr.exe
  2⤵
  PID:8712
- C:\Windows\System\aICwnsy.exe
  C:\Windows\System\aICwnsy.exe
  2⤵
  PID:8636
- C:\Windows\System\HFYZRIM.exe
  C:\Windows\System\HFYZRIM.exe
  2⤵
  PID:8852
- C:\Windows\System\DqDnQjf.exe
  C:\Windows\System\DqDnQjf.exe
  2⤵
  PID:8876
- C:\Windows\System\uYerrtm.exe
  C:\Windows\System\uYerrtm.exe
  2⤵
  PID:8920
- C:\Windows\System\SmalBvt.exe
  C:\Windows\System\SmalBvt.exe
  2⤵
  PID:8992
- C:\Windows\System\VUufWWE.exe
  C:\Windows\System\VUufWWE.exe
  2⤵
  PID:9028
- C:\Windows\System\PXkaoUJ.exe
  C:\Windows\System\PXkaoUJ.exe
  2⤵
  PID:9072
- C:\Windows\System\RjAXgiK.exe
  C:\Windows\System\RjAXgiK.exe
  2⤵
  PID:9108
- C:\Windows\System\xhOykKI.exe
  C:\Windows\System\xhOykKI.exe
  2⤵
  PID:9188
- C:\Windows\System\jqskuMB.exe
  C:\Windows\System\jqskuMB.exe
  2⤵
  PID:7292
- C:\Windows\System\VUinYpN.exe
  C:\Windows\System\VUinYpN.exe
  2⤵
  PID:8236
- C:\Windows\System\gQVQYyo.exe
  C:\Windows\System\gQVQYyo.exe
  2⤵
  PID:9208
- C:\Windows\System\iagUcPT.exe
  C:\Windows\System\iagUcPT.exe
  2⤵
  PID:8244
- C:\Windows\System\gLCalOC.exe
  C:\Windows\System\gLCalOC.exe
  2⤵
  PID:9156
- C:\Windows\System\TCBDTKC.exe
  C:\Windows\System\TCBDTKC.exe
  2⤵
  PID:8372
- C:\Windows\System\ZGqnUjt.exe
  C:\Windows\System\ZGqnUjt.exe
  2⤵
  PID:8420
- C:\Windows\System\zNNjtjG.exe
  C:\Windows\System\zNNjtjG.exe
  2⤵
  PID:8520
- C:\Windows\System\BFwMRsH.exe
  C:\Windows\System\BFwMRsH.exe
  2⤵
  PID:8432
- C:\Windows\System\azOvshO.exe
  C:\Windows\System\azOvshO.exe
  2⤵
  PID:8600
- C:\Windows\System\QeEuQqK.exe
  C:\Windows\System\QeEuQqK.exe
  2⤵
  PID:8564
- C:\Windows\System\VjBEYUH.exe
  C:\Windows\System\VjBEYUH.exe
  2⤵
  PID:8736
- C:\Windows\System\dBysgXC.exe
  C:\Windows\System\dBysgXC.exe
  2⤵
  PID:8664
- C:\Windows\System\SQCyRcG.exe
  C:\Windows\System\SQCyRcG.exe
  2⤵
  PID:8680
- C:\Windows\System\LjIdJIF.exe
  C:\Windows\System\LjIdJIF.exe
  2⤵
  PID:8936
- C:\Windows\System\lXlMvWo.exe
  C:\Windows\System\lXlMvWo.exe
  2⤵
  PID:8796
- C:\Windows\System\MriqriS.exe
  C:\Windows\System\MriqriS.exe
  2⤵
  PID:9064
- C:\Windows\System\hGBUJym.exe
  C:\Windows\System\hGBUJym.exe
  2⤵
  PID:8916
- C:\Windows\System\cCniflp.exe
  C:\Windows\System\cCniflp.exe
  2⤵
  PID:9100
- C:\Windows\System\AqlOhVw.exe
  C:\Windows\System\AqlOhVw.exe
  2⤵
  PID:9044
- C:\Windows\System\pEwyuEJ.exe
  C:\Windows\System\pEwyuEJ.exe
  2⤵
  PID:9088
- C:\Windows\System\hQMOhFV.exe
  C:\Windows\System\hQMOhFV.exe
  2⤵
  PID:9124
- C:\Windows\System\CiXjQTM.exe
  C:\Windows\System\CiXjQTM.exe
  2⤵
  PID:8336
- C:\Windows\System\PWLgnjP.exe
  C:\Windows\System\PWLgnjP.exe
  2⤵
  PID:9164
- C:\Windows\System\FtNmOoa.exe
  C:\Windows\System\FtNmOoa.exe
  2⤵
  PID:8288
- C:\Windows\System\ltHQGyE.exe
  C:\Windows\System\ltHQGyE.exe
  2⤵
  PID:8584
- C:\Windows\System\DbmRkgO.exe
  C:\Windows\System\DbmRkgO.exe
  2⤵
  PID:8740
- C:\Windows\System\atLzgPI.exe
  C:\Windows\System\atLzgPI.exe
  2⤵
  PID:8760
- C:\Windows\System\QIYISMD.exe
  C:\Windows\System\QIYISMD.exe
  2⤵
  PID:8864
- C:\Windows\System\RtvAttu.exe
  C:\Windows\System\RtvAttu.exe
  2⤵
  PID:8640
- C:\Windows\System\hNoBMFs.exe
  C:\Windows\System\hNoBMFs.exe
  2⤵
  PID:8940
- C:\Windows\System\hyNdnZz.exe
  C:\Windows\System\hyNdnZz.exe
  2⤵
  PID:8904
- C:\Windows\System\gpgfihT.exe
  C:\Windows\System\gpgfihT.exe
  2⤵
  PID:9024
- C:\Windows\System\ZPamboq.exe
  C:\Windows\System\ZPamboq.exe
  2⤵
  PID:8340
- C:\Windows\System\UKRKjsU.exe
  C:\Windows\System\UKRKjsU.exe
  2⤵
  PID:8960
- C:\Windows\System\eGMvMDo.exe
  C:\Windows\System\eGMvMDo.exe
  2⤵
  PID:8944
- C:\Windows\System\ZCROlsx.exe
  C:\Windows\System\ZCROlsx.exe
  2⤵
  PID:8696
- C:\Windows\System\RoctZCl.exe
  C:\Windows\System\RoctZCl.exe
  2⤵
  PID:8196
- C:\Windows\System\GsgrFXb.exe
  C:\Windows\System\GsgrFXb.exe
  2⤵
  PID:8616
- C:\Windows\System\NSDRwBY.exe
  C:\Windows\System\NSDRwBY.exe
  2⤵
  PID:8252
- C:\Windows\System\hltLIUb.exe
  C:\Windows\System\hltLIUb.exe
  2⤵
  PID:8508
- C:\Windows\System\EBzDcGU.exe
  C:\Windows\System\EBzDcGU.exe
  2⤵
  PID:8656
- C:\Windows\System\uaFlkfe.exe
  C:\Windows\System\uaFlkfe.exe
  2⤵
  PID:8972
- C:\Windows\System\nQRfjPq.exe
  C:\Windows\System\nQRfjPq.exe
  2⤵
  PID:8644
- C:\Windows\System\bHofwcc.exe
  C:\Windows\System\bHofwcc.exe
  2⤵
  PID:8224
- C:\Windows\System\JJLRoBB.exe
  C:\Windows\System\JJLRoBB.exe
  2⤵
  PID:8836
- C:\Windows\System\cEipual.exe
  C:\Windows\System\cEipual.exe
  2⤵
  PID:9232
- C:\Windows\System\EbHtyQx.exe
  C:\Windows\System\EbHtyQx.exe
  2⤵
  PID:9272
- C:\Windows\System\OYaSOlr.exe
  C:\Windows\System\OYaSOlr.exe
  2⤵
  PID:9288
- C:\Windows\System\DnbQHej.exe
  C:\Windows\System\DnbQHej.exe
  2⤵
  PID:9312
- C:\Windows\System\RTXuwqx.exe
  C:\Windows\System\RTXuwqx.exe
  2⤵
  PID:9328
- C:\Windows\System\lOwLjxk.exe
  C:\Windows\System\lOwLjxk.exe
  2⤵
  PID:9344
- C:\Windows\System\sXUskVt.exe
  C:\Windows\System\sXUskVt.exe
  2⤵
  PID:9360
- C:\Windows\System\CqUhbMx.exe
  C:\Windows\System\CqUhbMx.exe
  2⤵
  PID:9388
- C:\Windows\System\ESRngqx.exe
  C:\Windows\System\ESRngqx.exe
  2⤵
  PID:9404
- C:\Windows\System\mQigzrY.exe
  C:\Windows\System\mQigzrY.exe
  2⤵
  PID:9420
- C:\Windows\System\WyeTgBJ.exe
  C:\Windows\System\WyeTgBJ.exe
  2⤵
  PID:9440
- C:\Windows\System\ZvZIxfb.exe
  C:\Windows\System\ZvZIxfb.exe
  2⤵
  PID:9456
- C:\Windows\System\NXrwZla.exe
  C:\Windows\System\NXrwZla.exe
  2⤵
  PID:9484
- C:\Windows\System\dDOctQJ.exe
  C:\Windows\System\dDOctQJ.exe
  2⤵
  PID:9500
- C:\Windows\System\iKizrRs.exe
  C:\Windows\System\iKizrRs.exe
  2⤵
  PID:9536
- C:\Windows\System\BDbRGHc.exe
  C:\Windows\System\BDbRGHc.exe
  2⤵
  PID:9556
- C:\Windows\System\RpjVjFg.exe
  C:\Windows\System\RpjVjFg.exe
  2⤵
  PID:9572
- C:\Windows\System\LwmnpVm.exe
  C:\Windows\System\LwmnpVm.exe
  2⤵
  PID:9588
- C:\Windows\System\RGpcxoA.exe
  C:\Windows\System\RGpcxoA.exe
  2⤵
  PID:9608
- C:\Windows\System\tBJjYaI.exe
  C:\Windows\System\tBJjYaI.exe
  2⤵
  PID:9628
- C:\Windows\System\lkFLQPe.exe
  C:\Windows\System\lkFLQPe.exe
  2⤵
  PID:9652
- C:\Windows\System\XdXpbvd.exe
  C:\Windows\System\XdXpbvd.exe
  2⤵
  PID:9668
- C:\Windows\System\GxMsceD.exe
  C:\Windows\System\GxMsceD.exe
  2⤵
  PID:9684
- C:\Windows\System\aPpGQLV.exe
  C:\Windows\System\aPpGQLV.exe
  2⤵
  PID:9700
- C:\Windows\System\FixevMW.exe
  C:\Windows\System\FixevMW.exe
  2⤵
  PID:9724
- C:\Windows\System\DOauFrU.exe
  C:\Windows\System\DOauFrU.exe
  2⤵
  PID:9740
- C:\Windows\System\lszokEr.exe
  C:\Windows\System\lszokEr.exe
  2⤵
  PID:9764
- C:\Windows\System\PzMGicc.exe
  C:\Windows\System\PzMGicc.exe
  2⤵
  PID:9784
- C:\Windows\System\TCdqFzD.exe
  C:\Windows\System\TCdqFzD.exe
  2⤵
  PID:9800
- C:\Windows\System\aDLzgBU.exe
  C:\Windows\System\aDLzgBU.exe
  2⤵
  PID:9824
- C:\Windows\System\aTeXkKd.exe
  C:\Windows\System\aTeXkKd.exe
  2⤵
  PID:9840
- C:\Windows\System\DMwZkgm.exe
  C:\Windows\System\DMwZkgm.exe
  2⤵
  PID:9856
- C:\Windows\System\SlqjkEM.exe
  C:\Windows\System\SlqjkEM.exe
  2⤵
  PID:9884
- C:\Windows\System\PTpQWpR.exe
  C:\Windows\System\PTpQWpR.exe
  2⤵
  PID:9908
- C:\Windows\System\neohOKB.exe
  C:\Windows\System\neohOKB.exe
  2⤵
  PID:9924
- C:\Windows\System\ZMFLAwY.exe
  C:\Windows\System\ZMFLAwY.exe
  2⤵
  PID:9952
- C:\Windows\System\MFiDFlN.exe
  C:\Windows\System\MFiDFlN.exe
  2⤵
  PID:9976
- C:\Windows\System\OrABPPh.exe
  C:\Windows\System\OrABPPh.exe
  2⤵
  PID:9992
- C:\Windows\System\kUDADlm.exe
  C:\Windows\System\kUDADlm.exe
  2⤵
  PID:10012
- C:\Windows\System\Pqtywzv.exe
  C:\Windows\System\Pqtywzv.exe
  2⤵
  PID:10028
- C:\Windows\System\TBndXse.exe
  C:\Windows\System\TBndXse.exe
  2⤵
  PID:10044
- C:\Windows\System\SNDJZSP.exe
  C:\Windows\System\SNDJZSP.exe
  2⤵
  PID:10064
- C:\Windows\System\HteJhNL.exe
  C:\Windows\System\HteJhNL.exe
  2⤵
  PID:10084
- C:\Windows\System\Pqakgnm.exe
  C:\Windows\System\Pqakgnm.exe
  2⤵
  PID:10104
- C:\Windows\System\xZZSdTV.exe
  C:\Windows\System\xZZSdTV.exe
  2⤵
  PID:10124
- C:\Windows\System\OOhyqOz.exe
  C:\Windows\System\OOhyqOz.exe
  2⤵
  PID:10140
- C:\Windows\System\cXGMyeX.exe
  C:\Windows\System\cXGMyeX.exe
  2⤵
  PID:10156
- C:\Windows\System\SkSxfIC.exe
  C:\Windows\System\SkSxfIC.exe
  2⤵
  PID:10180
- C:\Windows\System\JWGlPga.exe
  C:\Windows\System\JWGlPga.exe
  2⤵
  PID:10196
- C:\Windows\System\xMAmOHN.exe
  C:\Windows\System\xMAmOHN.exe
  2⤵
  PID:10212
- C:\Windows\System\HJbvHLF.exe
  C:\Windows\System\HJbvHLF.exe
  2⤵
  PID:10232
- C:\Windows\System\LqoWqsl.exe
  C:\Windows\System\LqoWqsl.exe
  2⤵
  PID:8492
- C:\Windows\System\lCNLESj.exe
  C:\Windows\System\lCNLESj.exe
  2⤵
  PID:9240
- C:\Windows\System\eLDKDmi.exe
  C:\Windows\System\eLDKDmi.exe
  2⤵
  PID:9256
- C:\Windows\System\CwDuUZT.exe
  C:\Windows\System\CwDuUZT.exe
  2⤵
  PID:9284
- C:\Windows\System\FKKgIwP.exe
  C:\Windows\System\FKKgIwP.exe
  2⤵
  PID:9304
- C:\Windows\System\iMohaqn.exe
  C:\Windows\System\iMohaqn.exe
  2⤵
  PID:9380
- C:\Windows\System\KrdjlaL.exe
  C:\Windows\System\KrdjlaL.exe
  2⤵
  PID:9416
- C:\Windows\System\LzHjLEc.exe
  C:\Windows\System\LzHjLEc.exe
  2⤵
  PID:9492
- C:\Windows\System\NYyVvjr.exe
  C:\Windows\System\NYyVvjr.exe
  2⤵
  PID:9428
- C:\Windows\System\bUgNjGT.exe
  C:\Windows\System\bUgNjGT.exe
  2⤵
  PID:9520
- C:\Windows\System\txhkBmd.exe
  C:\Windows\System\txhkBmd.exe
  2⤵
  PID:9552
- C:\Windows\System\vTaufei.exe
  C:\Windows\System\vTaufei.exe
  2⤵
  PID:9596
- C:\Windows\System\sBJtPpW.exe
  C:\Windows\System\sBJtPpW.exe
  2⤵
  PID:9660
- C:\Windows\System\FhnUmaF.exe
  C:\Windows\System\FhnUmaF.exe
  2⤵
  PID:9648
- C:\Windows\System\sRWGcim.exe
  C:\Windows\System\sRWGcim.exe
  2⤵
  PID:9780
- C:\Windows\System\PAyYTzh.exe
  C:\Windows\System\PAyYTzh.exe
  2⤵
  PID:9712
- C:\Windows\System\lGVLorF.exe
  C:\Windows\System\lGVLorF.exe
  2⤵
  PID:9852
- C:\Windows\System\hmjdLba.exe
  C:\Windows\System\hmjdLba.exe
  2⤵
  PID:9716
- C:\Windows\System\mSvfpLV.exe
  C:\Windows\System\mSvfpLV.exe
  2⤵
  PID:9676
- C:\Windows\System\yiYZrvv.exe
  C:\Windows\System\yiYZrvv.exe
  2⤵
  PID:9752
- C:\Windows\System\tRaRQwZ.exe
  C:\Windows\System\tRaRQwZ.exe
  2⤵
  PID:9868
- C:\Windows\System\DWPkFxt.exe
  C:\Windows\System\DWPkFxt.exe
  2⤵
  PID:9932
- C:\Windows\System\pkqISQC.exe
  C:\Windows\System\pkqISQC.exe
  2⤵
  PID:9960
- C:\Windows\System\odikcGc.exe
  C:\Windows\System\odikcGc.exe
  2⤵
  PID:10020
- C:\Windows\System\zqVNTVZ.exe
  C:\Windows\System\zqVNTVZ.exe
  2⤵
  PID:10060
- C:\Windows\System\FPsBtLw.exe
  C:\Windows\System\FPsBtLw.exe
  2⤵
  PID:10136
- C:\Windows\System\WGCjlMz.exe
  C:\Windows\System\WGCjlMz.exe
  2⤵
  PID:10172
- C:\Windows\System\ovyXGOD.exe
  C:\Windows\System\ovyXGOD.exe
  2⤵
  PID:8404
- C:\Windows\System\lhKfoNs.exe
  C:\Windows\System\lhKfoNs.exe
  2⤵
  PID:9252
- C:\Windows\System\wclpRhb.exe
  C:\Windows\System\wclpRhb.exe
  2⤵
  PID:10000
- C:\Windows\System\xgbxQSg.exe
  C:\Windows\System\xgbxQSg.exe
  2⤵
  PID:10040
- C:\Windows\System\KfBrJMR.exe
  C:\Windows\System\KfBrJMR.exe
  2⤵
  PID:10148
- C:\Windows\System\xWWzmVT.exe
  C:\Windows\System\xWWzmVT.exe
  2⤵
  PID:9184
- C:\Windows\System\KUGinND.exe
  C:\Windows\System\KUGinND.exe
  2⤵
  PID:9376
- C:\Windows\System\SVQtvRU.exe
  C:\Windows\System\SVQtvRU.exe
  2⤵
  PID:9544
- C:\Windows\System\jDaPAkr.exe
  C:\Windows\System\jDaPAkr.exe
  2⤵
  PID:8568
- C:\Windows\System\vxhtwOF.exe
  C:\Windows\System\vxhtwOF.exe
  2⤵
  PID:9336
- C:\Windows\System\TjWgHNs.exe
  C:\Windows\System\TjWgHNs.exe
  2⤵
  PID:9432
- C:\Windows\System\ojQfwNV.exe
  C:\Windows\System\ojQfwNV.exe
  2⤵
  PID:9568
- C:\Windows\System\DRkiesl.exe
  C:\Windows\System\DRkiesl.exe
  2⤵
  PID:9640
- C:\Windows\System\gVAivho.exe
  C:\Windows\System\gVAivho.exe
  2⤵
  PID:9696
- C:\Windows\System\bhHCjBg.exe
  C:\Windows\System\bhHCjBg.exe
  2⤵
  PID:9644
- C:\Windows\System\UFMgxhi.exe
  C:\Windows\System\UFMgxhi.exe
  2⤵
  PID:9900
- C:\Windows\System\gEnOdzn.exe
  C:\Windows\System\gEnOdzn.exe
  2⤵
  PID:9760
- C:\Windows\System\ZCdCoow.exe
  C:\Windows\System\ZCdCoow.exe
  2⤵
  PID:9872
- C:\Windows\System\DBrzYMN.exe
  C:\Windows\System\DBrzYMN.exe
  2⤵
  PID:9944
- C:\Windows\System\dmnVAiK.exe
  C:\Windows\System\dmnVAiK.exe
  2⤵
  PID:10052
- C:\Windows\System\VrajmqG.exe
  C:\Windows\System\VrajmqG.exe
  2⤵
  PID:9988
- C:\Windows\System\lJibxoh.exe
  C:\Windows\System\lJibxoh.exe
  2⤵
  PID:8308
- C:\Windows\System\sIbkhrn.exe
  C:\Windows\System\sIbkhrn.exe
  2⤵
  PID:10204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ArVQbdt.exe

Filesize
6.0MB

MD5
1799de705de7d21e03b93dd3e1ab00b8

SHA1
d7e70d2057b0e41ed16a7673175b93b5f22b6f43

SHA256
f2594edc4458f0e99592433828cf4c8ab353edc50cbc6dcfc810b67b3bd24a27

SHA512
81ee67e75f2fdd5133880ca4db5631336b732d63e31ac418c823c31c00b295068158eb927a5d882e7bfbce8bc0c84512f06f56bd3d6e30faf5c70ca48ae5634c

Download Submit
C:\Windows\system\PeJPqbe.exe

Filesize
6.0MB

MD5
6efc354972c6bf825e8b1c7bbdcc6a88

SHA1
697ccc4ed980febb896bdb4ca86ae9fc9a3d105f

SHA256
e5188d5c30ebc04aa3063e24e351ac53fedf73fc8281957eaeb3c2fcdaf9b039

SHA512
5a5e7f7931142e4cd59311eedb5101dab06fac79252bc4e2d721270bf99462098f0adaa7c840ba189698f5a0b154326b8342094b2900c8dfde2d1642d8b82c3c

Download Submit
C:\Windows\system\SJBNmFl.exe

Filesize
6.0MB

MD5
854202d3c430b71bcbd4ca0374e9cbf6

SHA1
ef8c99bf48b99a6c30fa95d961f8476bee6b77fa

SHA256
deba333720a7fdba332e0125fc24c305b610f5a964e6a4ddd9e059e077fe6146

SHA512
bed7a91e5b6e841c766a08bd8e0cfa6c43691ae3eb81f47186643b6aeeb80cd1c0fbaed1814c7b1c940f42dec7e6d89057b237fd140d44edf8df346fb12cacd9

Download Submit
C:\Windows\system\SsIkCJd.exe

Filesize
6.0MB

MD5
ec580c7470937360e8e3a2ec21acdfb3

SHA1
b151751865d15496cdfde993c08542554c6d1f1b

SHA256
a8565f255d0283cd13f8ad143e73502ce34dd9a5dd72932342a2db163f6c9c91

SHA512
d6f9d82713b56b7ed3030f1db0c7b20fa60b5c8f3ab3a4013ce774027d38af8306da9b73f6392518f3945b099aff2cc0879455a2dad7644e1ab201e34c6967be

Download Submit
C:\Windows\system\TOkaJsS.exe

Filesize
6.0MB

MD5
747b828125f692c272a5b55df5b0c0b5

SHA1
b992e0bce38c9a87155228e87c63a349d2517db0

SHA256
fdc899104ed529965a79e38daaa9cfd651c9b7ec7b0ac8d0b70b4d63cd6b11a2

SHA512
8f86aaefabc3a1e6b31a5e66e4d6379532c72f946d63c4346a6375914d9858ff8b87bd516275e973fac9dc54c2791ed2c85917a2bcfb88549ac84528c7d7e693

Download Submit
C:\Windows\system\WDMaImt.exe

Filesize
6.0MB

MD5
655ff0932ba1a124e2ab9b3f65177d9b

SHA1
52f7677d7b382768e4cccf3e7e0abc9bcfdba215

SHA256
8a8afaf31cca35fa493acdaf5e47ab31f21f889c1019ae137fbaf426ddeff9ba

SHA512
36ae824c3058b96aa5aedb54b85e3c55a5fcea869b8348427ea9787f348015b42e6769bb3651b5f9b8a26a0cc5da16b21eea4fb08901950f778f645e442c60af

Download Submit
C:\Windows\system\ZfTuUyd.exe

Filesize
6.0MB

MD5
756026e3f0dcf6325bc90b26c9dfcd2f

SHA1
b3804503da089ca33a3b45964ef397521d642898

SHA256
4bbf8373bb1384845364dee84ca22ac65325bad4ab21fefc925e43f403446fa4

SHA512
4206ab62e470dfafbfcce49d8e5eff010fe0629517157c5b92f65ca9fec086f88447eca9a0b8dec8613191916eddeb06cb08f82e98f7f73c7e6369144c29b2ed

Download Submit
C:\Windows\system\ZlasfLs.exe

Filesize
6.0MB

MD5
54807d01217a346459baa227a95b36eb

SHA1
2acd7dcebb6e183bdda456e6dca564c2fa11a1f3

SHA256
e358dc68e62a0a1e2ffce7ae5fbdf4619d444ece9829b8a1655a3165fce57e0e

SHA512
2edd21f15925369e588a92f3413f8bc6733ca02f07ad9ffa1ac899cec7bf8f712a175ee200bbaf25fc41ebca5671e289459a0224f8e344e55b80f1af4ffce8d7

Download Submit
C:\Windows\system\aCuelWc.exe

Filesize
6.0MB

MD5
af10e20fd9cdafeab59ddee4048e5d26

SHA1
c1f08236bd5c03b32161bc8b498ecf21e32aecf0

SHA256
7a83d9c9038ef79a9f0d420ef260b8162b6693e83fbcddf0e80701b0c99eb764

SHA512
93bb75a6924cba8d455015f80b09e2a35c368445e1b041ff8113387c54e2ab3b8ab3584cd9a3b9409f7bf9e3433eca2a467b6fffcbdf8b4af237ef71c0dc71d7

Download Submit
C:\Windows\system\aOSKPof.exe

Filesize
6.0MB

MD5
80f266d8a0adb418fd3f74c6d4a013b2

SHA1
3300fe77a7e88862c85f043b477e1da5cd30b8aa

SHA256
58859cc58ba3b6cdd2f4d2a60177cc41166c8fd1c4fdfce8e923a57b6cf0b054

SHA512
b3ec651cb6e7ae2d2bb02de1628f29057a1cd9dbf6c31703a30b8fc86057e6f162948a97bd65f3daebe17728b48c18827bc556d5b7ad3cc8d641e0c830dcb99a

Download Submit
C:\Windows\system\avUjPYq.exe

Filesize
6.0MB

MD5
8ccabbce9803f5f92c353c21a1749fab

SHA1
87a7f7f6a3a4c3275211ceeeff5f2851d536dac2

SHA256
7d8ee9aba9b67ad7db47ea9ea9e2e55e32d47c2a97bf78597ded54ebe99d359b

SHA512
63b0ec0237ae17a3836f16f4751e6401a580fc1e51af20ef276f312c360fed489ea6554e8f802979d499a79d9faaee37c4ba47507ad234ad29996892c80f8c54

Download Submit
C:\Windows\system\bxhWfOZ.exe

Filesize
6.0MB

MD5
390f2b794046c4968e110990ec040c50

SHA1
f68dc8e337856fac9cde5ab7743e6bce96e57589

SHA256
81cce921685a5aa4cd7a57a428d72660063e985deeb1085012dc22852fa53736

SHA512
a18562bef4a5e84e21930cc27afa826fd398fd15a21d18ce1a67d4a6a5b40820d5c334fd0c86d79bdb24011e4a940ccad9b05f271e6c8292bb3ec28aa4fa5256

Download Submit
C:\Windows\system\cpQPQJH.exe

Filesize
6.0MB

MD5
0dedeeefcd19b18d907084200bfd5797

SHA1
698413df0aee76be8638c43a36490cb0dcc0d64d

SHA256
3eef9d6e6999ddc7b9629d058732a5bb7dfb1d0e103ca2b9afd4ab6ade992ae3

SHA512
05d46ba65dc428a6d2040707ea763e566ba78e8ef3933b523da762eda7a6f4c6b9c2016da852dadceeefdcf9dc58d5dd6e7caeee14c6029d04cd51f5b849cd58

Download Submit
C:\Windows\system\dbTVnbw.exe

Filesize
6.0MB

MD5
46d11d86ce3788fe87a55c0f2b14218f

SHA1
404b33031a0c5511cbd18e6321b724907da25f04

SHA256
48a48b19bd3db67e9a694baa68cf33349ba69100b4eb3385bed24676fd113189

SHA512
81d4c5aaa97152df3863a13570d3c64c0f21a1a42ed75b961a4d4d12592c5e709c16a29c698cd25f7371321dfb2c2d9b9bc1934fbeab5b5fab90b7ca41e3a59e

Download Submit
C:\Windows\system\fAdSvOT.exe

Filesize
6.0MB

MD5
993674df7f60443edbb7f4c8bfecf396

SHA1
86d065a2f54df6025e6108cd22731b056eb4e5a2

SHA256
14f67950af186b35da47a114a0418c62e3f63873742d108974bd6ff1990f7d31

SHA512
66324e003f613c9c2393b757b384569a70e68d8fd1a8fd61444e7a92799e1f407229b4e5fc3ee3762ae367a619a72947abdb8bb48b7e28f77c7cd4d580b2f1b2

Download Submit
C:\Windows\system\jGvaMny.exe

Filesize
6.0MB

MD5
17a17d6ac3a64af62a3d1bd2f1f89875

SHA1
650fba6944f5d558983d9928fc36676256b5c0c0

SHA256
a514f6c87ac7bc15db598f6e5221c45663d784e3d722dfd080a746e7325f2c0f

SHA512
79db3774f176732a6a9a4104763a22a31ee2094a32158a27cd96a7f538b731f3b435b3dcff95f2f3f07fe8240f6dfd92e6446c87dbf1308fe24ab7845ff00b8a

Download Submit
C:\Windows\system\qhDOjpz.exe

Filesize
6.0MB

MD5
415a322f5d15b050e7598fac1c4bf401

SHA1
727c5704f967f39d3d986c2b2debdc917de11b0a

SHA256
0df5b1c16fc5dd38f5ff69c9cf652b2a21770ac5306f0ce49defbfe4b19be891

SHA512
da715225bd83aaa922b159e31b576ed5c88986a84fd80671f5448336bfe7ab7a5a2209766c915f38f1d61d55c8e538c0aba8078aacf1440b49a95a83ccd078d8

Download Submit
C:\Windows\system\tTXGPwR.exe

Filesize
6.0MB

MD5
879fa03ea15acb4785f9e8696ec900a4

SHA1
5dd491e6017f03bdf8fd6b58e3baf334031b06d4

SHA256
8c0bafbc4d0af0c466621a5667e97860c4471416fafb7cc434cd03a730aea557

SHA512
6f0e36a6e4b78da9b1fb593d7d746d59a10b69be691b523c06015976db11cced608a0732ae4c3d37204db92618006a33278b401e8d0653b16067c508e2f62622

Download Submit
C:\Windows\system\uLWmIct.exe

Filesize
6.0MB

MD5
be28994c059e3c951646bd3f4cb9b599

SHA1
43d544d4b14bf51c8a43a63763b845a10c43e96d

SHA256
2edd04b9c6610e760a1bad4c6e4c75f48908c2af3b66e0ea1f5b39a561fa7ecf

SHA512
f5c02a9caa52dbe05843f6cf5ed470c8b6118d24444a91b82d1f254600c9a03de1855457d791847c9e0f0a62b39b13aa7680dd089149f39003189c4e94801a7a

Download Submit
C:\Windows\system\vkTnbAj.exe

Filesize
6.0MB

MD5
bb379381cf160146f946997030029b96

SHA1
cdd193ca546d75c650123ded0570e762836bdae9

SHA256
5495a845c05f79915c834e810dd62abb3e3b9387f2364b69e51745629896a1fc

SHA512
7be722de86ff9ac0dd900f4644e534b0150a26652cd9075eff2c4751b8574e3039354b1abdcd004b6a2c1d5e476f8c4d4769454666a72b6ee8f852eb7f1c5178

Download Submit
C:\Windows\system\xYAgEac.exe

Filesize
6.0MB

MD5
00a07b68c0527c53956dcb5ec464f6c5

SHA1
466ae09e956ae834ca5931e6e4344ecefb8bc0e6

SHA256
1e4cef26134f1eb3fa977cdf993db9184cd76b34ec76ac72a31d13f8254d83f2

SHA512
334bedea02d6a7f86d8accb07e8ad59816113bd3431b4ff14a6e3efaf7f68abd5c1c0aca3c5b0c545849288f0e794f2e70bfa4780a56a45645092cd1ecd5c701

Download Submit
C:\Windows\system\xupSWTF.exe

Filesize
6.0MB

MD5
bd619a0ab97f597ceb09865077038435

SHA1
2bbf05ac62b5e78992faa1ed44ca7a130a8afda5

SHA256
69bff05b07b64077745852d84c7ddec5e0e83a08b6f21d715b506de58346b7ef

SHA512
123dfeb4c87675024bc907f8ae040fe9f5e844a3d6ebcf343064e4d998852b05063947ab39b16eb00cbdb0d0ebe17aa1ca69ceb0e3f42c815f072614ebce1ce4

Download Submit
C:\Windows\system\ykBRIcG.exe

Filesize
6.0MB

MD5
ae3667f503f56a43676d3dddc0306432

SHA1
6ae5e82cf79ea359979f593a37f2070d3ac06eff

SHA256
2491f90bf13cfc58999932ab50fd02771efee44de1e543be2a31e0f09ef9a549

SHA512
5762fc0561a02cc8205bf5338fd65340d12ecb59348581fe9dc9ce26811aab5ff96166f7bc96308fae6fcadc4e10ee44346d8655124e386f3463e208ec3077a8

Download Submit
\Windows\system\CvInEFJ.exe

Filesize
6.0MB

MD5
415ed1d3ceaf8f2be7befa6fb6d00833

SHA1
c3d52415f4a09c36a44e91161db8348602e92330

SHA256
ca7177e49dc295d877ef7cfc2bf1feda1b9b66b543ecadde7f79a77a60c6dad3

SHA512
f4e37002dcf8c81788333ba928ca5b2bcfd1b1e66722a592cb26e586eac476e5b7a5e2a429e1158aab0a67dd0d8acb3fbd906e2274bb1c669c55f27606406f09

Download Submit
\Windows\system\JUUUBQt.exe

Filesize
6.0MB

MD5
ef674e975605b523fe32667b201d909c

SHA1
f91745113dda85748084686da54587a0fe91209d

SHA256
35ec7662d7754873d2e373046f02b336ac7ba277fb5f32b38ba7f08b2d3a66af

SHA512
155560fd3b783adf23c9708a907444c3177438bc508a2080bb14de82a9e7c36e1d53a01c4e2b181329c392edb586d701b023df93ddb5c732fb2d873ca5c7226d

Download Submit
\Windows\system\YjWbHvf.exe

Filesize
6.0MB

MD5
2d8d8440baf3f69da520d35f9bf0b105

SHA1
e543101bcfa1ff012b972033d3ae1c3c8115aad5

SHA256
9b71bd1a43d03370f0b56c7ff1ffde7ede7df5a088564aaff23059997cd91f8c

SHA512
90883ff1c1fe084d09effb3df34ab9215820059ab992c523da8415e6aa3fa641f39bdcd4c40795dbb535cf8356e7d6fdd61796fcef1814ad190e51625b878510

Download Submit
\Windows\system\YwAuqYG.exe

Filesize
6.0MB

MD5
054e09008fa27adf924baed0e9742b2c

SHA1
efcfc1dc919e581301c4edfff011a8082c137c7b

SHA256
8d104330fa7e0c4e25c78b0bec325d2c45b250ffbac4c9008e31f8668a446b2f

SHA512
06684bec59964aa5609cc439e1afdcce3076e45842501b1885e5f380be907840b55362096a054f721eb92a899bc3fbaa77f6eeb298364121f16f08a5ce6ed08d

Download Submit
\Windows\system\ahvxkRL.exe

Filesize
6.0MB

MD5
08fdd8000c3b550f60717ed151291d4f

SHA1
6442c068d02595c2d3228bad95b6b8331a97a684

SHA256
eb8aedc23caa6bfb9ad1281d939f959258285d923d5966c6b011e1cf5a152892

SHA512
da62f3773cde893e761af34af2da02b5fc88507659450e1b3ec8da16ead4d48586c7fb8334796b14df9382edfbce57bff32dbde45e4cdba74f106faec890f083

Download Submit
\Windows\system\lRNDXTV.exe

Filesize
6.0MB

MD5
75bf1d2b9634e1342431b1e6a61df486

SHA1
160e83a27a4d17400b4c7bb8d1a3df02af8d785b

SHA256
6e90050256af34de4181ddbdac05df5a4160697920596b3c4247618035a6e4c0

SHA512
7dbd73a64f50fd4104c54a8be80fa5a52c2d27e029c90880374a095cdc9934078c4571aa03d90333baf56ac1862259ac0e98b750e24fb6ae1dec1cf6d806802f

Download Submit
\Windows\system\lmlAHFm.exe

Filesize
6.0MB

MD5
32e622e0ada097f9fc771bfed0a7f18b

SHA1
02860b5bbbae8386ae819646655d41c8830ba8b3

SHA256
ad05e0edecc24bafdabbbd7fa5156f91487ff08d27bed6fb84879c33e1aea9fe

SHA512
5823867921766e09193eba9298a68d8802425b63010202d1617a815861d02fc09a49ae148fe9f2e93eec4a237ea236727d131a96cf9061065ef4adf15096b1e2

Download Submit
\Windows\system\msIdxWG.exe

Filesize
6.0MB

MD5
baec474a98a9941026a8a0c9595bee6c

SHA1
c7d6d967d03dbe44187f4e32c16a183dd2ac6ecc

SHA256
ad24586a82ffb89cdb59ee89fbfe4725a425a032ffb13bc0878ee86bb6c94dd7

SHA512
d8fb62847ef5c9a15b9347438acf025ac5e7b13ae8ebf9c49e277078ff49bb864c9908ee3109a50eb3ea7574174af79ddc0980639bdb1d6a7651c8023328bda6

Download Submit
\Windows\system\yNHKwhA.exe

Filesize
6.0MB

MD5
608ddfec5c139e403d275e8a770930c0

SHA1
faa1be351a115a9683085aab671b601ea5bc33c3

SHA256
81588651adf2ae4ff5909cf8b2570fbd30684da4e8a2c8cae54a21d4924722c9

SHA512
a575039b929274dc9fb8f428947e91b426eeb44eb65a292f6540d21b5360863c11e5732dbbd11630ef86d6cac579413e1cec27187036ef1f81d3bcd7edc72825

Download Submit
memory/1528-232-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1528-3839-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2132-3902-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2132-46-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2144-3854-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2144-31-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2144-427-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2328-27-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-3848-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-87-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4019-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-1212-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-61-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3889-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2844-45-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/3028-738-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/3028-12-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/3028-128-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/3028-6-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/3028-142-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/3028-0-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3028-144-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3028-145-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/3028-98-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-94-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/3028-127-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/3028-80-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/3028-51-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/3028-36-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/3028-333-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/3028-55-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-25-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-22-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1513-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/3028-70-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3052-17-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/3052-3845-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/3052-334-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download