cobaltstrike | e2b70661596782dff69dfb30a71af9f47779234e8c97978576f8db74bc07fe90

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e11e384baf42365d185b457d04c679dc
SHA1

937501c2550d68a8d0cd97a9aca84339f17b3ccd
SHA256

e2b70661596782dff69dfb30a71af9f47779234e8c97978576f8db74bc07fe90
SHA512

9eba6128d42fdffa17fef57e31facece049d4c4c0b26479fa0438c8f5fc80b860779282eae303fb63097508756adb844e88b1faf5d4bf6bf41309a37306a56a8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ce7-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cf1-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d2e-16.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d7f-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d64-44.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d6d-39.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186de-58.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-66.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cac-73.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bcd-98.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903d-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-142.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019030-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d63-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d68-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018761-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001875d-80.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d5c-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2848-0-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-3.dat	xmrig
behavioral1/files/0x0008000000015ce7-11.dat	xmrig
behavioral1/files/0x0008000000015cf1-12.dat	xmrig
behavioral1/files/0x0008000000015d2e-16.dat	xmrig
behavioral1/memory/2260-24-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d7f-50.dat	xmrig
behavioral1/memory/1852-32-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/1648-49-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2136-48-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/1628-45-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d64-44.dat	xmrig
behavioral1/memory/2848-41-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/memory/3052-40-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d6d-39.dat	xmrig
behavioral1/files/0x00050000000186de-58.dat	xmrig
behavioral1/memory/2544-55-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ee-66.dat	xmrig
behavioral1/memory/2580-62-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2660-69-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2848-70-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cac-73.dat	xmrig
behavioral1/memory/2260-75-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018bcd-98.dat	xmrig
behavioral1/files/0x000600000001903d-105.dat	xmrig
behavioral1/files/0x000500000001920f-128.dat	xmrig
behavioral1/memory/2660-1502-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2544-453-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x000500000001932a-190.dat	xmrig
behavioral1/files/0x0005000000019273-189.dat	xmrig
behavioral1/files/0x00050000000193fa-186.dat	xmrig
behavioral1/files/0x00050000000193c9-172.dat	xmrig
behavioral1/files/0x00050000000193a2-158.dat	xmrig
behavioral1/files/0x0005000000019346-149.dat	xmrig
behavioral1/files/0x00050000000193f8-185.dat	xmrig
behavioral1/files/0x0005000000019241-178.dat	xmrig
behavioral1/files/0x00050000000193af-170.dat	xmrig
behavioral1/files/0x0005000000019384-169.dat	xmrig
behavioral1/files/0x000500000001933e-168.dat	xmrig
behavioral1/memory/864-167-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/files/0x00050000000192f0-165.dat	xmrig
behavioral1/files/0x000500000001925c-164.dat	xmrig
behavioral1/files/0x0005000000019234-142.dat	xmrig
behavioral1/files/0x0006000000019030-127.dat	xmrig
behavioral1/memory/2608-117-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018d63-110.dat	xmrig
behavioral1/files/0x0006000000018d68-103.dat	xmrig
behavioral1/files/0x0005000000018761-94.dat	xmrig
behavioral1/files/0x0005000000019228-121.dat	xmrig
behavioral1/files/0x000500000001875d-80.dat	xmrig
behavioral1/memory/2524-78-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1020-27-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d5c-25.dat	xmrig
behavioral1/memory/2848-2328-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2260-4081-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/1020-4083-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/1852-4082-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/1648-4087-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2136-4086-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/1628-4085-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/3052-4084-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2580-4088-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2524-4089-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2544-4090-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2260	NaXykKg.exe
1020	mNXhsWN.exe
1852	tnNchrp.exe
3052	bKXvwkt.exe
1628	oqYAyMb.exe
2136	oinZNWn.exe
1648	egtjOLX.exe
2544	mxUWpfi.exe
2580	DgudBVC.exe
2660	BLUDChh.exe
2524	oVAxjpv.exe
2608	FZjHyUs.exe
864	DgNiNMd.exe
2452	CyIvNSX.exe
2896	aLTqLqQ.exe
2500	UXSAeip.exe
796	TCnecYC.exe
2228	XjNOhBx.exe
1844	hTwTRuS.exe
1244	lbCZhgt.exe
2368	zsImdSV.exe
2232	YIAWtNp.exe
2016	zlfUilw.exe
2004	kjNoSwJ.exe
1216	UePxdar.exe
2744	MiDPTkV.exe
1040	lCAvtFu.exe
768	fckFRVz.exe
1976	MCxpLub.exe
2012	OBvuIEt.exe
1688	WKVbugP.exe
2040	vYEqBQE.exe
2716	BScXtYz.exe
440	bhQSKMz.exe
480	AntPfGq.exe
2204	OvlDXRh.exe
2088	SmOCodO.exe
2084	svXSpdO.exe
1208	kqDnnxv.exe
996	nxhYuKF.exe
3028	sruOJaB.exe
1004	ycaSjeB.exe
1704	lzNxKtK.exe
1212	baGYXaM.exe
1452	gtIalFd.exe
2748	glBebAw.exe
920	pmwDZSq.exe
968	oJjtCjJ.exe
592	KblBtlD.exe
3004	gtjjmue.exe
1792	iGLRBND.exe
1552	lcgImBZ.exe
2960	zqDulbz.exe
3008	WcrUGrS.exe
1672	QFxSyQb.exe
2968	sXPKxJd.exe
1848	iLmEjnv.exe
2984	YndVABG.exe
1904	ebawRAF.exe
896	byPgMPP.exe
1656	HMLtSKW.exe
1804	QoZSxqH.exe
2860	VkRgskA.exe
1524	VrZCNNr.exe

Loads dropped DLL 64 IoCs

pid	Process
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2848-0-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-3.dat	upx
behavioral1/files/0x0008000000015ce7-11.dat	upx
behavioral1/files/0x0008000000015cf1-12.dat	upx
behavioral1/files/0x0008000000015d2e-16.dat	upx
behavioral1/memory/2260-24-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x0009000000015d7f-50.dat	upx
behavioral1/memory/1852-32-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/1648-49-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2136-48-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/1628-45-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0007000000015d64-44.dat	upx
behavioral1/memory/3052-40-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x0007000000015d6d-39.dat	upx
behavioral1/files/0x00050000000186de-58.dat	upx
behavioral1/memory/2544-55-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x00050000000186ee-66.dat	upx
behavioral1/memory/2580-62-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2660-69-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2848-70-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x0008000000015cac-73.dat	upx
behavioral1/memory/2260-75-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x0006000000018bcd-98.dat	upx
behavioral1/files/0x000600000001903d-105.dat	upx
behavioral1/files/0x000500000001920f-128.dat	upx
behavioral1/memory/2660-1502-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2544-453-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x000500000001932a-190.dat	upx
behavioral1/files/0x0005000000019273-189.dat	upx
behavioral1/files/0x00050000000193fa-186.dat	upx
behavioral1/files/0x00050000000193c9-172.dat	upx
behavioral1/files/0x00050000000193a2-158.dat	upx
behavioral1/files/0x0005000000019346-149.dat	upx
behavioral1/files/0x00050000000193f8-185.dat	upx
behavioral1/files/0x0005000000019241-178.dat	upx
behavioral1/files/0x00050000000193af-170.dat	upx
behavioral1/files/0x0005000000019384-169.dat	upx
behavioral1/files/0x000500000001933e-168.dat	upx
behavioral1/memory/864-167-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/files/0x00050000000192f0-165.dat	upx
behavioral1/files/0x000500000001925c-164.dat	upx
behavioral1/files/0x0005000000019234-142.dat	upx
behavioral1/files/0x0006000000019030-127.dat	upx
behavioral1/memory/2608-117-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x0006000000018d63-110.dat	upx
behavioral1/files/0x0006000000018d68-103.dat	upx
behavioral1/files/0x0005000000018761-94.dat	upx
behavioral1/files/0x0005000000019228-121.dat	upx
behavioral1/files/0x000500000001875d-80.dat	upx
behavioral1/memory/2524-78-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1020-27-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x0007000000015d5c-25.dat	upx
behavioral1/memory/2260-4081-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/1020-4083-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/1852-4082-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/1648-4087-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2136-4086-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/1628-4085-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/3052-4084-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2580-4088-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2524-4089-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2544-4090-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/864-4092-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2660-4091-0x000000013FE30000-0x0000000140184000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YNKHWgT.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFLbnFR.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlfUilw.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTKeJoO.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLpklGM.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpLTMvV.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WAPyXJe.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdzzRvV.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJtWGkT.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEBmCLE.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKlAsRJ.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSdNAIj.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lERiAcj.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PPMLMFh.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXAgZDg.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TrFgevc.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGwioff.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFDhKKu.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VrfcZjh.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrNSXKI.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCAnrHj.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVzqRdA.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXKVLpQ.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmQXnAw.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQtFVHy.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsjiVDB.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGbnJGY.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKKWLvp.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXFTaIw.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpOBUdk.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIAWtNp.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPOaDzd.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbzSHqw.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdzLJdQ.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYrWoiR.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSUcexp.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WbdroFA.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYXLSPa.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfkiSgv.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkscJoi.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhrIlgJ.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osIWVSW.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofEVZoI.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldtUpyY.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlqkbRR.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dObWZRg.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVYlnHf.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFnrLtp.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aafPwCY.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRtYFih.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltocrjh.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNVjclF.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebsPgZi.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQLfKyh.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SeqsCiS.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRTcCyX.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDXRlFz.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZXNquD.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUaIOYL.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\brGAnAs.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlrtBjq.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbMPnad.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QaRmcwN.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqDulbz.exe	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2260	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2848 wrote to memory of 2260	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2848 wrote to memory of 2260	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2848 wrote to memory of 1020	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2848 wrote to memory of 1020	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2848 wrote to memory of 1020	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2848 wrote to memory of 1852	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2848 wrote to memory of 1852	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2848 wrote to memory of 1852	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2848 wrote to memory of 1628	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2848 wrote to memory of 1628	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2848 wrote to memory of 1628	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2848 wrote to memory of 3052	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2848 wrote to memory of 3052	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2848 wrote to memory of 3052	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2848 wrote to memory of 1648	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2848 wrote to memory of 1648	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2848 wrote to memory of 1648	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2848 wrote to memory of 2136	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2848 wrote to memory of 2136	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2848 wrote to memory of 2136	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2848 wrote to memory of 2544	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2848 wrote to memory of 2544	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2848 wrote to memory of 2544	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2848 wrote to memory of 2580	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2848 wrote to memory of 2580	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2848 wrote to memory of 2580	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2848 wrote to memory of 2660	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2848 wrote to memory of 2660	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2848 wrote to memory of 2660	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2848 wrote to memory of 2524	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2848 wrote to memory of 2524	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2848 wrote to memory of 2524	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2848 wrote to memory of 2608	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2848 wrote to memory of 2608	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2848 wrote to memory of 2608	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2848 wrote to memory of 864	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2848 wrote to memory of 864	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2848 wrote to memory of 864	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2848 wrote to memory of 2452	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2848 wrote to memory of 2452	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2848 wrote to memory of 2452	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2848 wrote to memory of 2500	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2848 wrote to memory of 2500	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2848 wrote to memory of 2500	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2848 wrote to memory of 2896	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2848 wrote to memory of 2896	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2848 wrote to memory of 2896	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2848 wrote to memory of 1844	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2848 wrote to memory of 1844	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2848 wrote to memory of 1844	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2848 wrote to memory of 796	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2848 wrote to memory of 796	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2848 wrote to memory of 796	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2848 wrote to memory of 1244	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2848 wrote to memory of 1244	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2848 wrote to memory of 1244	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2848 wrote to memory of 2228	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2848 wrote to memory of 2228	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2848 wrote to memory of 2228	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2848 wrote to memory of 2368	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2848 wrote to memory of 2368	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2848 wrote to memory of 2368	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2848 wrote to memory of 1040	2848	2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_e11e384baf42365d185b457d04c679dc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\System\NaXykKg.exe
  C:\Windows\System\NaXykKg.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\mNXhsWN.exe
  C:\Windows\System\mNXhsWN.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\tnNchrp.exe
  C:\Windows\System\tnNchrp.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\oqYAyMb.exe
  C:\Windows\System\oqYAyMb.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\bKXvwkt.exe
  C:\Windows\System\bKXvwkt.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\egtjOLX.exe
  C:\Windows\System\egtjOLX.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\oinZNWn.exe
  C:\Windows\System\oinZNWn.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\mxUWpfi.exe
  C:\Windows\System\mxUWpfi.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\DgudBVC.exe
  C:\Windows\System\DgudBVC.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\BLUDChh.exe
  C:\Windows\System\BLUDChh.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\oVAxjpv.exe
  C:\Windows\System\oVAxjpv.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\FZjHyUs.exe
  C:\Windows\System\FZjHyUs.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\DgNiNMd.exe
  C:\Windows\System\DgNiNMd.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\CyIvNSX.exe
  C:\Windows\System\CyIvNSX.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\UXSAeip.exe
  C:\Windows\System\UXSAeip.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\aLTqLqQ.exe
  C:\Windows\System\aLTqLqQ.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\hTwTRuS.exe
  C:\Windows\System\hTwTRuS.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\TCnecYC.exe
  C:\Windows\System\TCnecYC.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\lbCZhgt.exe
  C:\Windows\System\lbCZhgt.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\XjNOhBx.exe
  C:\Windows\System\XjNOhBx.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\zsImdSV.exe
  C:\Windows\System\zsImdSV.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\lCAvtFu.exe
  C:\Windows\System\lCAvtFu.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\YIAWtNp.exe
  C:\Windows\System\YIAWtNp.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\MCxpLub.exe
  C:\Windows\System\MCxpLub.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\zlfUilw.exe
  C:\Windows\System\zlfUilw.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\OBvuIEt.exe
  C:\Windows\System\OBvuIEt.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\kjNoSwJ.exe
  C:\Windows\System\kjNoSwJ.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\WKVbugP.exe
  C:\Windows\System\WKVbugP.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\UePxdar.exe
  C:\Windows\System\UePxdar.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\vYEqBQE.exe
  C:\Windows\System\vYEqBQE.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\MiDPTkV.exe
  C:\Windows\System\MiDPTkV.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\BScXtYz.exe
  C:\Windows\System\BScXtYz.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\fckFRVz.exe
  C:\Windows\System\fckFRVz.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\AntPfGq.exe
  C:\Windows\System\AntPfGq.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\bhQSKMz.exe
  C:\Windows\System\bhQSKMz.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\OvlDXRh.exe
  C:\Windows\System\OvlDXRh.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\SmOCodO.exe
  C:\Windows\System\SmOCodO.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\svXSpdO.exe
  C:\Windows\System\svXSpdO.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\kqDnnxv.exe
  C:\Windows\System\kqDnnxv.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\nxhYuKF.exe
  C:\Windows\System\nxhYuKF.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\sruOJaB.exe
  C:\Windows\System\sruOJaB.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\ycaSjeB.exe
  C:\Windows\System\ycaSjeB.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\lzNxKtK.exe
  C:\Windows\System\lzNxKtK.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\baGYXaM.exe
  C:\Windows\System\baGYXaM.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\gtIalFd.exe
  C:\Windows\System\gtIalFd.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\glBebAw.exe
  C:\Windows\System\glBebAw.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\pmwDZSq.exe
  C:\Windows\System\pmwDZSq.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\oJjtCjJ.exe
  C:\Windows\System\oJjtCjJ.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\KblBtlD.exe
  C:\Windows\System\KblBtlD.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\gtjjmue.exe
  C:\Windows\System\gtjjmue.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\iGLRBND.exe
  C:\Windows\System\iGLRBND.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\lcgImBZ.exe
  C:\Windows\System\lcgImBZ.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\zqDulbz.exe
  C:\Windows\System\zqDulbz.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\WcrUGrS.exe
  C:\Windows\System\WcrUGrS.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\QFxSyQb.exe
  C:\Windows\System\QFxSyQb.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\sXPKxJd.exe
  C:\Windows\System\sXPKxJd.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\iLmEjnv.exe
  C:\Windows\System\iLmEjnv.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\YndVABG.exe
  C:\Windows\System\YndVABG.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\ebawRAF.exe
  C:\Windows\System\ebawRAF.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\byPgMPP.exe
  C:\Windows\System\byPgMPP.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\HMLtSKW.exe
  C:\Windows\System\HMLtSKW.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\QoZSxqH.exe
  C:\Windows\System\QoZSxqH.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\VkRgskA.exe
  C:\Windows\System\VkRgskA.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\VrZCNNr.exe
  C:\Windows\System\VrZCNNr.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\QwvudZj.exe
  C:\Windows\System\QwvudZj.exe
  2⤵
  PID:1528
- C:\Windows\System\HjYJkIf.exe
  C:\Windows\System\HjYJkIf.exe
  2⤵
  PID:2184
- C:\Windows\System\utrREQw.exe
  C:\Windows\System\utrREQw.exe
  2⤵
  PID:1912
- C:\Windows\System\oHMkSFu.exe
  C:\Windows\System\oHMkSFu.exe
  2⤵
  PID:2288
- C:\Windows\System\pUPjboI.exe
  C:\Windows\System\pUPjboI.exe
  2⤵
  PID:1660
- C:\Windows\System\CdGrWBM.exe
  C:\Windows\System\CdGrWBM.exe
  2⤵
  PID:3036
- C:\Windows\System\jXoaiRe.exe
  C:\Windows\System\jXoaiRe.exe
  2⤵
  PID:2644
- C:\Windows\System\MWoTwzV.exe
  C:\Windows\System\MWoTwzV.exe
  2⤵
  PID:2900
- C:\Windows\System\SSUQxrR.exe
  C:\Windows\System\SSUQxrR.exe
  2⤵
  PID:2144
- C:\Windows\System\JsNWFAs.exe
  C:\Windows\System\JsNWFAs.exe
  2⤵
  PID:2892
- C:\Windows\System\jTZPUMq.exe
  C:\Windows\System\jTZPUMq.exe
  2⤵
  PID:2488
- C:\Windows\System\oYKkVZz.exe
  C:\Windows\System\oYKkVZz.exe
  2⤵
  PID:112
- C:\Windows\System\uQPqYtD.exe
  C:\Windows\System\uQPqYtD.exe
  2⤵
  PID:2460
- C:\Windows\System\uSQFLSH.exe
  C:\Windows\System\uSQFLSH.exe
  2⤵
  PID:2556
- C:\Windows\System\lCVzMGa.exe
  C:\Windows\System\lCVzMGa.exe
  2⤵
  PID:1740
- C:\Windows\System\pPktODO.exe
  C:\Windows\System\pPktODO.exe
  2⤵
  PID:2240
- C:\Windows\System\ogmkldW.exe
  C:\Windows\System\ogmkldW.exe
  2⤵
  PID:464
- C:\Windows\System\fQxfxqv.exe
  C:\Windows\System\fQxfxqv.exe
  2⤵
  PID:2032
- C:\Windows\System\uPOaDzd.exe
  C:\Windows\System\uPOaDzd.exe
  2⤵
  PID:2272
- C:\Windows\System\hZGAeMo.exe
  C:\Windows\System\hZGAeMo.exe
  2⤵
  PID:1588
- C:\Windows\System\WwfHjgV.exe
  C:\Windows\System\WwfHjgV.exe
  2⤵
  PID:2180
- C:\Windows\System\FahXMDY.exe
  C:\Windows\System\FahXMDY.exe
  2⤵
  PID:1576
- C:\Windows\System\EldZBhR.exe
  C:\Windows\System\EldZBhR.exe
  2⤵
  PID:2000
- C:\Windows\System\OnFSIru.exe
  C:\Windows\System\OnFSIru.exe
  2⤵
  PID:1472
- C:\Windows\System\fPRgqLN.exe
  C:\Windows\System\fPRgqLN.exe
  2⤵
  PID:2408
- C:\Windows\System\Onabkot.exe
  C:\Windows\System\Onabkot.exe
  2⤵
  PID:1128
- C:\Windows\System\HKQoBIl.exe
  C:\Windows\System\HKQoBIl.exe
  2⤵
  PID:2532
- C:\Windows\System\PtLZNOs.exe
  C:\Windows\System\PtLZNOs.exe
  2⤵
  PID:1288
- C:\Windows\System\SXiHWfd.exe
  C:\Windows\System\SXiHWfd.exe
  2⤵
  PID:1360
- C:\Windows\System\nMjhvdS.exe
  C:\Windows\System\nMjhvdS.exe
  2⤵
  PID:1488
- C:\Windows\System\RIZVgPu.exe
  C:\Windows\System\RIZVgPu.exe
  2⤵
  PID:2056
- C:\Windows\System\GxJFQso.exe
  C:\Windows\System\GxJFQso.exe
  2⤵
  PID:912
- C:\Windows\System\YCvryRa.exe
  C:\Windows\System\YCvryRa.exe
  2⤵
  PID:616
- C:\Windows\System\QSCvoiV.exe
  C:\Windows\System\QSCvoiV.exe
  2⤵
  PID:1184
- C:\Windows\System\igtwuHL.exe
  C:\Windows\System\igtwuHL.exe
  2⤵
  PID:3020
- C:\Windows\System\NkFdrko.exe
  C:\Windows\System\NkFdrko.exe
  2⤵
  PID:1596
- C:\Windows\System\VPDwZJz.exe
  C:\Windows\System\VPDwZJz.exe
  2⤵
  PID:1780
- C:\Windows\System\fgAgNke.exe
  C:\Windows\System\fgAgNke.exe
  2⤵
  PID:1240
- C:\Windows\System\wBmVSwr.exe
  C:\Windows\System\wBmVSwr.exe
  2⤵
  PID:1436
- C:\Windows\System\tgITZgK.exe
  C:\Windows\System\tgITZgK.exe
  2⤵
  PID:1520
- C:\Windows\System\EoVaHvK.exe
  C:\Windows\System\EoVaHvK.exe
  2⤵
  PID:2396
- C:\Windows\System\okxXQpz.exe
  C:\Windows\System\okxXQpz.exe
  2⤵
  PID:2912
- C:\Windows\System\BFkBhFw.exe
  C:\Windows\System\BFkBhFw.exe
  2⤵
  PID:2080
- C:\Windows\System\bPSRoSN.exe
  C:\Windows\System\bPSRoSN.exe
  2⤵
  PID:2444
- C:\Windows\System\vTmWYMI.exe
  C:\Windows\System\vTmWYMI.exe
  2⤵
  PID:2464
- C:\Windows\System\oHyUCLy.exe
  C:\Windows\System\oHyUCLy.exe
  2⤵
  PID:1772
- C:\Windows\System\FeiEPPb.exe
  C:\Windows\System\FeiEPPb.exe
  2⤵
  PID:2448
- C:\Windows\System\FYuWAjr.exe
  C:\Windows\System\FYuWAjr.exe
  2⤵
  PID:2380
- C:\Windows\System\cgaExBP.exe
  C:\Windows\System\cgaExBP.exe
  2⤵
  PID:1044
- C:\Windows\System\DQUUPrF.exe
  C:\Windows\System\DQUUPrF.exe
  2⤵
  PID:1992
- C:\Windows\System\CEQFISM.exe
  C:\Windows\System\CEQFISM.exe
  2⤵
  PID:1256
- C:\Windows\System\aKUlWJc.exe
  C:\Windows\System\aKUlWJc.exe
  2⤵
  PID:1888
- C:\Windows\System\AakIWan.exe
  C:\Windows\System\AakIWan.exe
  2⤵
  PID:2676
- C:\Windows\System\uQSfoHr.exe
  C:\Windows\System\uQSfoHr.exe
  2⤵
  PID:1568
- C:\Windows\System\VowRgzl.exe
  C:\Windows\System\VowRgzl.exe
  2⤵
  PID:1932
- C:\Windows\System\BlzCmTK.exe
  C:\Windows\System\BlzCmTK.exe
  2⤵
  PID:1720
- C:\Windows\System\fjpFFti.exe
  C:\Windows\System\fjpFFti.exe
  2⤵
  PID:3080
- C:\Windows\System\mECAXVJ.exe
  C:\Windows\System\mECAXVJ.exe
  2⤵
  PID:3096
- C:\Windows\System\eNYePsE.exe
  C:\Windows\System\eNYePsE.exe
  2⤵
  PID:3112
- C:\Windows\System\gXGacAS.exe
  C:\Windows\System\gXGacAS.exe
  2⤵
  PID:3128
- C:\Windows\System\UKySHhE.exe
  C:\Windows\System\UKySHhE.exe
  2⤵
  PID:3144
- C:\Windows\System\BSuqRCL.exe
  C:\Windows\System\BSuqRCL.exe
  2⤵
  PID:3160
- C:\Windows\System\xLpyJhp.exe
  C:\Windows\System\xLpyJhp.exe
  2⤵
  PID:3176
- C:\Windows\System\okoLbxL.exe
  C:\Windows\System\okoLbxL.exe
  2⤵
  PID:3192
- C:\Windows\System\EeYkZTO.exe
  C:\Windows\System\EeYkZTO.exe
  2⤵
  PID:3208
- C:\Windows\System\jEIxRPi.exe
  C:\Windows\System\jEIxRPi.exe
  2⤵
  PID:3224
- C:\Windows\System\FeoXANk.exe
  C:\Windows\System\FeoXANk.exe
  2⤵
  PID:3240
- C:\Windows\System\RITuRVK.exe
  C:\Windows\System\RITuRVK.exe
  2⤵
  PID:3256
- C:\Windows\System\aYGgqcQ.exe
  C:\Windows\System\aYGgqcQ.exe
  2⤵
  PID:3272
- C:\Windows\System\rGeRZet.exe
  C:\Windows\System\rGeRZet.exe
  2⤵
  PID:3288
- C:\Windows\System\cZsxuXY.exe
  C:\Windows\System\cZsxuXY.exe
  2⤵
  PID:3304
- C:\Windows\System\KKHqFDP.exe
  C:\Windows\System\KKHqFDP.exe
  2⤵
  PID:3320
- C:\Windows\System\KxNgYbI.exe
  C:\Windows\System\KxNgYbI.exe
  2⤵
  PID:3336
- C:\Windows\System\FAqJkne.exe
  C:\Windows\System\FAqJkne.exe
  2⤵
  PID:3352
- C:\Windows\System\xYeFusc.exe
  C:\Windows\System\xYeFusc.exe
  2⤵
  PID:3368
- C:\Windows\System\JHHRHhy.exe
  C:\Windows\System\JHHRHhy.exe
  2⤵
  PID:3384
- C:\Windows\System\lUpOxes.exe
  C:\Windows\System\lUpOxes.exe
  2⤵
  PID:3400
- C:\Windows\System\ynCoskP.exe
  C:\Windows\System\ynCoskP.exe
  2⤵
  PID:3416
- C:\Windows\System\feSKSNm.exe
  C:\Windows\System\feSKSNm.exe
  2⤵
  PID:3432
- C:\Windows\System\MZpkqEj.exe
  C:\Windows\System\MZpkqEj.exe
  2⤵
  PID:3448
- C:\Windows\System\BBGRYKe.exe
  C:\Windows\System\BBGRYKe.exe
  2⤵
  PID:3464
- C:\Windows\System\mhizUcb.exe
  C:\Windows\System\mhizUcb.exe
  2⤵
  PID:3480
- C:\Windows\System\atHWneD.exe
  C:\Windows\System\atHWneD.exe
  2⤵
  PID:3496
- C:\Windows\System\pIJAKKy.exe
  C:\Windows\System\pIJAKKy.exe
  2⤵
  PID:3512
- C:\Windows\System\ZjHPLHM.exe
  C:\Windows\System\ZjHPLHM.exe
  2⤵
  PID:3528
- C:\Windows\System\XyHRNbJ.exe
  C:\Windows\System\XyHRNbJ.exe
  2⤵
  PID:3544
- C:\Windows\System\aCxFlQC.exe
  C:\Windows\System\aCxFlQC.exe
  2⤵
  PID:3560
- C:\Windows\System\SKpnBjT.exe
  C:\Windows\System\SKpnBjT.exe
  2⤵
  PID:3576
- C:\Windows\System\xdNJxcW.exe
  C:\Windows\System\xdNJxcW.exe
  2⤵
  PID:3592
- C:\Windows\System\CTRsGJO.exe
  C:\Windows\System\CTRsGJO.exe
  2⤵
  PID:3608
- C:\Windows\System\kYAYOVP.exe
  C:\Windows\System\kYAYOVP.exe
  2⤵
  PID:3624
- C:\Windows\System\ltocrjh.exe
  C:\Windows\System\ltocrjh.exe
  2⤵
  PID:3640
- C:\Windows\System\vSpvjQw.exe
  C:\Windows\System\vSpvjQw.exe
  2⤵
  PID:3656
- C:\Windows\System\phlGzYM.exe
  C:\Windows\System\phlGzYM.exe
  2⤵
  PID:3672
- C:\Windows\System\kzMNomA.exe
  C:\Windows\System\kzMNomA.exe
  2⤵
  PID:3688
- C:\Windows\System\mOaMhYo.exe
  C:\Windows\System\mOaMhYo.exe
  2⤵
  PID:3704
- C:\Windows\System\TUEsWoB.exe
  C:\Windows\System\TUEsWoB.exe
  2⤵
  PID:3720
- C:\Windows\System\MZDKBDe.exe
  C:\Windows\System\MZDKBDe.exe
  2⤵
  PID:3736
- C:\Windows\System\pHndjvs.exe
  C:\Windows\System\pHndjvs.exe
  2⤵
  PID:3752
- C:\Windows\System\dObWZRg.exe
  C:\Windows\System\dObWZRg.exe
  2⤵
  PID:3768
- C:\Windows\System\XjYqzlG.exe
  C:\Windows\System\XjYqzlG.exe
  2⤵
  PID:3784
- C:\Windows\System\nSzdHmP.exe
  C:\Windows\System\nSzdHmP.exe
  2⤵
  PID:3804
- C:\Windows\System\NNrUntw.exe
  C:\Windows\System\NNrUntw.exe
  2⤵
  PID:3820
- C:\Windows\System\vNzHSLB.exe
  C:\Windows\System\vNzHSLB.exe
  2⤵
  PID:3836
- C:\Windows\System\QpPPELP.exe
  C:\Windows\System\QpPPELP.exe
  2⤵
  PID:3852
- C:\Windows\System\JDowuJg.exe
  C:\Windows\System\JDowuJg.exe
  2⤵
  PID:3868
- C:\Windows\System\hpEZKlV.exe
  C:\Windows\System\hpEZKlV.exe
  2⤵
  PID:3884
- C:\Windows\System\RRoMzST.exe
  C:\Windows\System\RRoMzST.exe
  2⤵
  PID:3900
- C:\Windows\System\poEKJQJ.exe
  C:\Windows\System\poEKJQJ.exe
  2⤵
  PID:3916
- C:\Windows\System\ZWlxhpN.exe
  C:\Windows\System\ZWlxhpN.exe
  2⤵
  PID:3932
- C:\Windows\System\SyqGsLs.exe
  C:\Windows\System\SyqGsLs.exe
  2⤵
  PID:3948
- C:\Windows\System\FxtiOYz.exe
  C:\Windows\System\FxtiOYz.exe
  2⤵
  PID:3964
- C:\Windows\System\TqxgrUn.exe
  C:\Windows\System\TqxgrUn.exe
  2⤵
  PID:3980
- C:\Windows\System\xyWEGkR.exe
  C:\Windows\System\xyWEGkR.exe
  2⤵
  PID:3996
- C:\Windows\System\KTsJUgn.exe
  C:\Windows\System\KTsJUgn.exe
  2⤵
  PID:4012
- C:\Windows\System\gRqMKoG.exe
  C:\Windows\System\gRqMKoG.exe
  2⤵
  PID:4028
- C:\Windows\System\wEGeRxJ.exe
  C:\Windows\System\wEGeRxJ.exe
  2⤵
  PID:4044
- C:\Windows\System\OlUEWwx.exe
  C:\Windows\System\OlUEWwx.exe
  2⤵
  PID:4060
- C:\Windows\System\fkUmiRH.exe
  C:\Windows\System\fkUmiRH.exe
  2⤵
  PID:4076
- C:\Windows\System\NGbnJGY.exe
  C:\Windows\System\NGbnJGY.exe
  2⤵
  PID:4092
- C:\Windows\System\JNmgaVF.exe
  C:\Windows\System\JNmgaVF.exe
  2⤵
  PID:2980
- C:\Windows\System\CnXvQqS.exe
  C:\Windows\System\CnXvQqS.exe
  2⤵
  PID:2976
- C:\Windows\System\pytQeZV.exe
  C:\Windows\System\pytQeZV.exe
  2⤵
  PID:1432
- C:\Windows\System\bxIePca.exe
  C:\Windows\System\bxIePca.exe
  2⤵
  PID:1924
- C:\Windows\System\FmFbKxh.exe
  C:\Windows\System\FmFbKxh.exe
  2⤵
  PID:2256
- C:\Windows\System\TdMgXUI.exe
  C:\Windows\System\TdMgXUI.exe
  2⤵
  PID:2692
- C:\Windows\System\CCMUIln.exe
  C:\Windows\System\CCMUIln.exe
  2⤵
  PID:808
- C:\Windows\System\hMPXmtB.exe
  C:\Windows\System\hMPXmtB.exe
  2⤵
  PID:2172
- C:\Windows\System\tdkDcMV.exe
  C:\Windows\System\tdkDcMV.exe
  2⤵
  PID:276
- C:\Windows\System\DMdwjac.exe
  C:\Windows\System\DMdwjac.exe
  2⤵
  PID:2724
- C:\Windows\System\ryKgqbf.exe
  C:\Windows\System\ryKgqbf.exe
  2⤵
  PID:772
- C:\Windows\System\kLEJrcK.exe
  C:\Windows\System\kLEJrcK.exe
  2⤵
  PID:652
- C:\Windows\System\KHKQPle.exe
  C:\Windows\System\KHKQPle.exe
  2⤵
  PID:3104
- C:\Windows\System\WYxQLGe.exe
  C:\Windows\System\WYxQLGe.exe
  2⤵
  PID:3136
- C:\Windows\System\RTKeJoO.exe
  C:\Windows\System\RTKeJoO.exe
  2⤵
  PID:3168
- C:\Windows\System\nxuyqoH.exe
  C:\Windows\System\nxuyqoH.exe
  2⤵
  PID:3200
- C:\Windows\System\DMUifiE.exe
  C:\Windows\System\DMUifiE.exe
  2⤵
  PID:3232
- C:\Windows\System\jKXrNPp.exe
  C:\Windows\System\jKXrNPp.exe
  2⤵
  PID:3264
- C:\Windows\System\uEkrxsL.exe
  C:\Windows\System\uEkrxsL.exe
  2⤵
  PID:3296
- C:\Windows\System\LwSBcYq.exe
  C:\Windows\System\LwSBcYq.exe
  2⤵
  PID:3344
- C:\Windows\System\eObeCcW.exe
  C:\Windows\System\eObeCcW.exe
  2⤵
  PID:3360
- C:\Windows\System\jYKVUxb.exe
  C:\Windows\System\jYKVUxb.exe
  2⤵
  PID:3392
- C:\Windows\System\SvpkOin.exe
  C:\Windows\System\SvpkOin.exe
  2⤵
  PID:3440
- C:\Windows\System\NmCyoRO.exe
  C:\Windows\System\NmCyoRO.exe
  2⤵
  PID:3456
- C:\Windows\System\KTkRGOO.exe
  C:\Windows\System\KTkRGOO.exe
  2⤵
  PID:3488
- C:\Windows\System\sowPbgs.exe
  C:\Windows\System\sowPbgs.exe
  2⤵
  PID:3520
- C:\Windows\System\BGwioff.exe
  C:\Windows\System\BGwioff.exe
  2⤵
  PID:3552
- C:\Windows\System\dXzhlCB.exe
  C:\Windows\System\dXzhlCB.exe
  2⤵
  PID:3600
- C:\Windows\System\GRyrwTp.exe
  C:\Windows\System\GRyrwTp.exe
  2⤵
  PID:3616
- C:\Windows\System\yfoBKqD.exe
  C:\Windows\System\yfoBKqD.exe
  2⤵
  PID:3648
- C:\Windows\System\hFKjweO.exe
  C:\Windows\System\hFKjweO.exe
  2⤵
  PID:3680
- C:\Windows\System\alirgJf.exe
  C:\Windows\System\alirgJf.exe
  2⤵
  PID:3712
- C:\Windows\System\zZoFLgP.exe
  C:\Windows\System\zZoFLgP.exe
  2⤵
  PID:3744
- C:\Windows\System\YmckRaX.exe
  C:\Windows\System\YmckRaX.exe
  2⤵
  PID:3776
- C:\Windows\System\FosYUeD.exe
  C:\Windows\System\FosYUeD.exe
  2⤵
  PID:3812
- C:\Windows\System\cpbRfur.exe
  C:\Windows\System\cpbRfur.exe
  2⤵
  PID:3844
- C:\Windows\System\rrkkqym.exe
  C:\Windows\System\rrkkqym.exe
  2⤵
  PID:3876
- C:\Windows\System\gWslPKm.exe
  C:\Windows\System\gWslPKm.exe
  2⤵
  PID:3908
- C:\Windows\System\EzaXDrO.exe
  C:\Windows\System\EzaXDrO.exe
  2⤵
  PID:3940
- C:\Windows\System\iZwqOtF.exe
  C:\Windows\System\iZwqOtF.exe
  2⤵
  PID:3972
- C:\Windows\System\XTGZdSk.exe
  C:\Windows\System\XTGZdSk.exe
  2⤵
  PID:4004
- C:\Windows\System\HhQJokl.exe
  C:\Windows\System\HhQJokl.exe
  2⤵
  PID:4036
- C:\Windows\System\nzpSdLU.exe
  C:\Windows\System\nzpSdLU.exe
  2⤵
  PID:4068
- C:\Windows\System\GxfnPJb.exe
  C:\Windows\System\GxfnPJb.exe
  2⤵
  PID:2816
- C:\Windows\System\FFaciaM.exe
  C:\Windows\System\FFaciaM.exe
  2⤵
  PID:2120
- C:\Windows\System\EQMbpvw.exe
  C:\Windows\System\EQMbpvw.exe
  2⤵
  PID:1644
- C:\Windows\System\vOChcJc.exe
  C:\Windows\System\vOChcJc.exe
  2⤵
  PID:2664
- C:\Windows\System\fBTSsLh.exe
  C:\Windows\System\fBTSsLh.exe
  2⤵
  PID:1456
- C:\Windows\System\OaPGsVV.exe
  C:\Windows\System\OaPGsVV.exe
  2⤵
  PID:1220
- C:\Windows\System\lRTkZRG.exe
  C:\Windows\System\lRTkZRG.exe
  2⤵
  PID:3076
- C:\Windows\System\XIXAgJj.exe
  C:\Windows\System\XIXAgJj.exe
  2⤵
  PID:3152
- C:\Windows\System\nvlkZUE.exe
  C:\Windows\System\nvlkZUE.exe
  2⤵
  PID:3204
- C:\Windows\System\aPyinAN.exe
  C:\Windows\System\aPyinAN.exe
  2⤵
  PID:3284
- C:\Windows\System\TRuSHpL.exe
  C:\Windows\System\TRuSHpL.exe
  2⤵
  PID:3332
- C:\Windows\System\IHUewmI.exe
  C:\Windows\System\IHUewmI.exe
  2⤵
  PID:3620
- C:\Windows\System\QOEqqOw.exe
  C:\Windows\System\QOEqqOw.exe
  2⤵
  PID:3764
- C:\Windows\System\jkvLZRD.exe
  C:\Windows\System\jkvLZRD.exe
  2⤵
  PID:3748
- C:\Windows\System\DbAwadw.exe
  C:\Windows\System\DbAwadw.exe
  2⤵
  PID:3832
- C:\Windows\System\UONtdik.exe
  C:\Windows\System\UONtdik.exe
  2⤵
  PID:3896
- C:\Windows\System\wRrMlCR.exe
  C:\Windows\System\wRrMlCR.exe
  2⤵
  PID:3944
- C:\Windows\System\btnAQpJ.exe
  C:\Windows\System\btnAQpJ.exe
  2⤵
  PID:4008
- C:\Windows\System\HezSSZH.exe
  C:\Windows\System\HezSSZH.exe
  2⤵
  PID:4056
- C:\Windows\System\uFDhKKu.exe
  C:\Windows\System\uFDhKKu.exe
  2⤵
  PID:1836
- C:\Windows\System\kucHMaM.exe
  C:\Windows\System\kucHMaM.exe
  2⤵
  PID:344
- C:\Windows\System\seyUaIh.exe
  C:\Windows\System\seyUaIh.exe
  2⤵
  PID:1864
- C:\Windows\System\ihwBJUJ.exe
  C:\Windows\System\ihwBJUJ.exe
  2⤵
  PID:3124
- C:\Windows\System\IifFKvo.exe
  C:\Windows\System\IifFKvo.exe
  2⤵
  PID:3364
- C:\Windows\System\ysYUaPV.exe
  C:\Windows\System\ysYUaPV.exe
  2⤵
  PID:1676
- C:\Windows\System\hlpvRFY.exe
  C:\Windows\System\hlpvRFY.exe
  2⤵
  PID:3816
- C:\Windows\System\DJJTRlg.exe
  C:\Windows\System\DJJTRlg.exe
  2⤵
  PID:4040
- C:\Windows\System\gmZRPTR.exe
  C:\Windows\System\gmZRPTR.exe
  2⤵
  PID:3172
- C:\Windows\System\CnLziCG.exe
  C:\Windows\System\CnLziCG.exe
  2⤵
  PID:4324
- C:\Windows\System\rouDTvc.exe
  C:\Windows\System\rouDTvc.exe
  2⤵
  PID:4340
- C:\Windows\System\ZOOeuSR.exe
  C:\Windows\System\ZOOeuSR.exe
  2⤵
  PID:4356
- C:\Windows\System\owYUMqL.exe
  C:\Windows\System\owYUMqL.exe
  2⤵
  PID:4372
- C:\Windows\System\DdLNZZt.exe
  C:\Windows\System\DdLNZZt.exe
  2⤵
  PID:4388
- C:\Windows\System\IJlTpCb.exe
  C:\Windows\System\IJlTpCb.exe
  2⤵
  PID:4404
- C:\Windows\System\uSdNAIj.exe
  C:\Windows\System\uSdNAIj.exe
  2⤵
  PID:4420
- C:\Windows\System\UJyIETF.exe
  C:\Windows\System\UJyIETF.exe
  2⤵
  PID:4436
- C:\Windows\System\zWONlKp.exe
  C:\Windows\System\zWONlKp.exe
  2⤵
  PID:4452
- C:\Windows\System\lERiAcj.exe
  C:\Windows\System\lERiAcj.exe
  2⤵
  PID:4468
- C:\Windows\System\xzAtijr.exe
  C:\Windows\System\xzAtijr.exe
  2⤵
  PID:4484
- C:\Windows\System\uuKkCZZ.exe
  C:\Windows\System\uuKkCZZ.exe
  2⤵
  PID:4500
- C:\Windows\System\KYYKUtt.exe
  C:\Windows\System\KYYKUtt.exe
  2⤵
  PID:4516
- C:\Windows\System\jjydpXa.exe
  C:\Windows\System\jjydpXa.exe
  2⤵
  PID:4532
- C:\Windows\System\mFIscBI.exe
  C:\Windows\System\mFIscBI.exe
  2⤵
  PID:4548
- C:\Windows\System\zgmvmWc.exe
  C:\Windows\System\zgmvmWc.exe
  2⤵
  PID:4564
- C:\Windows\System\GJszKbj.exe
  C:\Windows\System\GJszKbj.exe
  2⤵
  PID:4580
- C:\Windows\System\JOBKbte.exe
  C:\Windows\System\JOBKbte.exe
  2⤵
  PID:4596
- C:\Windows\System\OKazQUI.exe
  C:\Windows\System\OKazQUI.exe
  2⤵
  PID:4612
- C:\Windows\System\fCximPN.exe
  C:\Windows\System\fCximPN.exe
  2⤵
  PID:4628
- C:\Windows\System\jniRQhf.exe
  C:\Windows\System\jniRQhf.exe
  2⤵
  PID:4644
- C:\Windows\System\jlKSuIc.exe
  C:\Windows\System\jlKSuIc.exe
  2⤵
  PID:4660
- C:\Windows\System\ShHieoK.exe
  C:\Windows\System\ShHieoK.exe
  2⤵
  PID:4676
- C:\Windows\System\AkSeriL.exe
  C:\Windows\System\AkSeriL.exe
  2⤵
  PID:4692
- C:\Windows\System\RGOvoTg.exe
  C:\Windows\System\RGOvoTg.exe
  2⤵
  PID:4708
- C:\Windows\System\ONsWxiZ.exe
  C:\Windows\System\ONsWxiZ.exe
  2⤵
  PID:4724
- C:\Windows\System\VrfcZjh.exe
  C:\Windows\System\VrfcZjh.exe
  2⤵
  PID:4740
- C:\Windows\System\tHHHCEx.exe
  C:\Windows\System\tHHHCEx.exe
  2⤵
  PID:4756
- C:\Windows\System\YecIjoo.exe
  C:\Windows\System\YecIjoo.exe
  2⤵
  PID:4772
- C:\Windows\System\GEssKVW.exe
  C:\Windows\System\GEssKVW.exe
  2⤵
  PID:4788
- C:\Windows\System\sQSBOSd.exe
  C:\Windows\System\sQSBOSd.exe
  2⤵
  PID:4804
- C:\Windows\System\cDhqBiD.exe
  C:\Windows\System\cDhqBiD.exe
  2⤵
  PID:4820
- C:\Windows\System\EHhrJaw.exe
  C:\Windows\System\EHhrJaw.exe
  2⤵
  PID:4836
- C:\Windows\System\sbvlvyP.exe
  C:\Windows\System\sbvlvyP.exe
  2⤵
  PID:4852
- C:\Windows\System\xdREwWu.exe
  C:\Windows\System\xdREwWu.exe
  2⤵
  PID:4868
- C:\Windows\System\EDvewEe.exe
  C:\Windows\System\EDvewEe.exe
  2⤵
  PID:4884
- C:\Windows\System\AotHYQz.exe
  C:\Windows\System\AotHYQz.exe
  2⤵
  PID:4900
- C:\Windows\System\ZKAxSwL.exe
  C:\Windows\System\ZKAxSwL.exe
  2⤵
  PID:4916
- C:\Windows\System\Gyjmhbe.exe
  C:\Windows\System\Gyjmhbe.exe
  2⤵
  PID:4932
- C:\Windows\System\GffoUQZ.exe
  C:\Windows\System\GffoUQZ.exe
  2⤵
  PID:4948
- C:\Windows\System\DgKhbnc.exe
  C:\Windows\System\DgKhbnc.exe
  2⤵
  PID:4964
- C:\Windows\System\ZYtOXei.exe
  C:\Windows\System\ZYtOXei.exe
  2⤵
  PID:4980
- C:\Windows\System\AdKQlGD.exe
  C:\Windows\System\AdKQlGD.exe
  2⤵
  PID:4996
- C:\Windows\System\ZurTvSE.exe
  C:\Windows\System\ZurTvSE.exe
  2⤵
  PID:5012
- C:\Windows\System\SOvqvkC.exe
  C:\Windows\System\SOvqvkC.exe
  2⤵
  PID:5028
- C:\Windows\System\yNBFnda.exe
  C:\Windows\System\yNBFnda.exe
  2⤵
  PID:5044
- C:\Windows\System\KxZaTUt.exe
  C:\Windows\System\KxZaTUt.exe
  2⤵
  PID:5060
- C:\Windows\System\rEEMzbl.exe
  C:\Windows\System\rEEMzbl.exe
  2⤵
  PID:5080
- C:\Windows\System\iEUGXNg.exe
  C:\Windows\System\iEUGXNg.exe
  2⤵
  PID:5096
- C:\Windows\System\sTWDSKE.exe
  C:\Windows\System\sTWDSKE.exe
  2⤵
  PID:5112
- C:\Windows\System\kKqUzjp.exe
  C:\Windows\System\kKqUzjp.exe
  2⤵
  PID:3684
- C:\Windows\System\STuwwZn.exe
  C:\Windows\System\STuwwZn.exe
  2⤵
  PID:3268
- C:\Windows\System\gdxaSuQ.exe
  C:\Windows\System\gdxaSuQ.exe
  2⤵
  PID:2160
- C:\Windows\System\FJZNNSL.exe
  C:\Windows\System\FJZNNSL.exe
  2⤵
  PID:3864
- C:\Windows\System\KcJCKoG.exe
  C:\Windows\System\KcJCKoG.exe
  2⤵
  PID:2252
- C:\Windows\System\vWsVmto.exe
  C:\Windows\System\vWsVmto.exe
  2⤵
  PID:2616
- C:\Windows\System\fggjIWT.exe
  C:\Windows\System\fggjIWT.exe
  2⤵
  PID:3396
- C:\Windows\System\UZbGwSc.exe
  C:\Windows\System\UZbGwSc.exe
  2⤵
  PID:4120
- C:\Windows\System\ZWyiwWK.exe
  C:\Windows\System\ZWyiwWK.exe
  2⤵
  PID:4136
- C:\Windows\System\RQxCUVm.exe
  C:\Windows\System\RQxCUVm.exe
  2⤵
  PID:4156
- C:\Windows\System\XfmsLwl.exe
  C:\Windows\System\XfmsLwl.exe
  2⤵
  PID:4168
- C:\Windows\System\AjILhyN.exe
  C:\Windows\System\AjILhyN.exe
  2⤵
  PID:4184
- C:\Windows\System\DhcktBs.exe
  C:\Windows\System\DhcktBs.exe
  2⤵
  PID:4200
- C:\Windows\System\wXPrhAi.exe
  C:\Windows\System\wXPrhAi.exe
  2⤵
  PID:4216
- C:\Windows\System\uJqKrko.exe
  C:\Windows\System\uJqKrko.exe
  2⤵
  PID:4232
- C:\Windows\System\PEGKctv.exe
  C:\Windows\System\PEGKctv.exe
  2⤵
  PID:4248
- C:\Windows\System\PzvZSSb.exe
  C:\Windows\System\PzvZSSb.exe
  2⤵
  PID:4264
- C:\Windows\System\tNWlgpa.exe
  C:\Windows\System\tNWlgpa.exe
  2⤵
  PID:4280
- C:\Windows\System\MhscdBB.exe
  C:\Windows\System\MhscdBB.exe
  2⤵
  PID:4296
- C:\Windows\System\jJhDnAl.exe
  C:\Windows\System\jJhDnAl.exe
  2⤵
  PID:4312
- C:\Windows\System\epvzkws.exe
  C:\Windows\System\epvzkws.exe
  2⤵
  PID:4320
- C:\Windows\System\PxBflNU.exe
  C:\Windows\System\PxBflNU.exe
  2⤵
  PID:4336
- C:\Windows\System\eGJXkJx.exe
  C:\Windows\System\eGJXkJx.exe
  2⤵
  PID:4384
- C:\Windows\System\gUUTVMT.exe
  C:\Windows\System\gUUTVMT.exe
  2⤵
  PID:4416
- C:\Windows\System\lWqLVJX.exe
  C:\Windows\System\lWqLVJX.exe
  2⤵
  PID:4428
- C:\Windows\System\tHMlcad.exe
  C:\Windows\System\tHMlcad.exe
  2⤵
  PID:4480
- C:\Windows\System\KGbdvNt.exe
  C:\Windows\System\KGbdvNt.exe
  2⤵
  PID:4492
- C:\Windows\System\vqAkVCZ.exe
  C:\Windows\System\vqAkVCZ.exe
  2⤵
  PID:4540
- C:\Windows\System\GcdEmHc.exe
  C:\Windows\System\GcdEmHc.exe
  2⤵
  PID:4576
- C:\Windows\System\kNVjclF.exe
  C:\Windows\System\kNVjclF.exe
  2⤵
  PID:4604
- C:\Windows\System\GbFNemS.exe
  C:\Windows\System\GbFNemS.exe
  2⤵
  PID:4640
- C:\Windows\System\RFbdUTj.exe
  C:\Windows\System\RFbdUTj.exe
  2⤵
  PID:4652
- C:\Windows\System\GSAGBgK.exe
  C:\Windows\System\GSAGBgK.exe
  2⤵
  PID:4704
- C:\Windows\System\ZJOxZBu.exe
  C:\Windows\System\ZJOxZBu.exe
  2⤵
  PID:4732
- C:\Windows\System\iYgZlfS.exe
  C:\Windows\System\iYgZlfS.exe
  2⤵
  PID:4748
- C:\Windows\System\bAeFlVN.exe
  C:\Windows\System\bAeFlVN.exe
  2⤵
  PID:4752
- C:\Windows\System\fvDNFlI.exe
  C:\Windows\System\fvDNFlI.exe
  2⤵
  PID:4800
- C:\Windows\System\JnMoskj.exe
  C:\Windows\System\JnMoskj.exe
  2⤵
  PID:4832
- C:\Windows\System\bhPOptw.exe
  C:\Windows\System\bhPOptw.exe
  2⤵
  PID:4864
- C:\Windows\System\LdvpVvi.exe
  C:\Windows\System\LdvpVvi.exe
  2⤵
  PID:4848
- C:\Windows\System\OLXveGh.exe
  C:\Windows\System\OLXveGh.exe
  2⤵
  PID:4912
- C:\Windows\System\oNbyKrC.exe
  C:\Windows\System\oNbyKrC.exe
  2⤵
  PID:4940
- C:\Windows\System\uXPUeAi.exe
  C:\Windows\System\uXPUeAi.exe
  2⤵
  PID:4992
- C:\Windows\System\FTLUzBQ.exe
  C:\Windows\System\FTLUzBQ.exe
  2⤵
  PID:2572
- C:\Windows\System\tnialpf.exe
  C:\Windows\System\tnialpf.exe
  2⤵
  PID:5036
- C:\Windows\System\SEzTzwt.exe
  C:\Windows\System\SEzTzwt.exe
  2⤵
  PID:5088
- C:\Windows\System\aQmMZMG.exe
  C:\Windows\System\aQmMZMG.exe
  2⤵
  PID:1464
- C:\Windows\System\ekDSQSj.exe
  C:\Windows\System\ekDSQSj.exe
  2⤵
  PID:2600
- C:\Windows\System\iPOuhZq.exe
  C:\Windows\System\iPOuhZq.exe
  2⤵
  PID:2192
- C:\Windows\System\cBtbkup.exe
  C:\Windows\System\cBtbkup.exe
  2⤵
  PID:4024
- C:\Windows\System\XkhYsdv.exe
  C:\Windows\System\XkhYsdv.exe
  2⤵
  PID:2956
- C:\Windows\System\xGFaQCR.exe
  C:\Windows\System\xGFaQCR.exe
  2⤵
  PID:1192
- C:\Windows\System\OeRzZpr.exe
  C:\Windows\System\OeRzZpr.exe
  2⤵
  PID:4112
- C:\Windows\System\DszVnhl.exe
  C:\Windows\System\DszVnhl.exe
  2⤵
  PID:4164
- C:\Windows\System\uxeDHka.exe
  C:\Windows\System\uxeDHka.exe
  2⤵
  PID:4176
- C:\Windows\System\YTZBVac.exe
  C:\Windows\System\YTZBVac.exe
  2⤵
  PID:4212
- C:\Windows\System\iHOrekW.exe
  C:\Windows\System\iHOrekW.exe
  2⤵
  PID:4244
- C:\Windows\System\eKTGPMP.exe
  C:\Windows\System\eKTGPMP.exe
  2⤵
  PID:4268
- C:\Windows\System\ziUuQkX.exe
  C:\Windows\System\ziUuQkX.exe
  2⤵
  PID:4308
- C:\Windows\System\NasrfWm.exe
  C:\Windows\System\NasrfWm.exe
  2⤵
  PID:4348
- C:\Windows\System\aeDbraY.exe
  C:\Windows\System\aeDbraY.exe
  2⤵
  PID:4396
- C:\Windows\System\fmGIVDq.exe
  C:\Windows\System\fmGIVDq.exe
  2⤵
  PID:2196
- C:\Windows\System\kyLVFcT.exe
  C:\Windows\System\kyLVFcT.exe
  2⤵
  PID:4496
- C:\Windows\System\mDUoCMM.exe
  C:\Windows\System\mDUoCMM.exe
  2⤵
  PID:4560
- C:\Windows\System\MbQXiaQ.exe
  C:\Windows\System\MbQXiaQ.exe
  2⤵
  PID:4672
- C:\Windows\System\PPMLMFh.exe
  C:\Windows\System\PPMLMFh.exe
  2⤵
  PID:4716
- C:\Windows\System\OeyKrRj.exe
  C:\Windows\System\OeyKrRj.exe
  2⤵
  PID:4720
- C:\Windows\System\PTHquov.exe
  C:\Windows\System\PTHquov.exe
  2⤵
  PID:4768
- C:\Windows\System\lqxkIeU.exe
  C:\Windows\System\lqxkIeU.exe
  2⤵
  PID:4880
- C:\Windows\System\UwLzBLT.exe
  C:\Windows\System\UwLzBLT.exe
  2⤵
  PID:4908
- C:\Windows\System\EtVyyLL.exe
  C:\Windows\System\EtVyyLL.exe
  2⤵
  PID:4960
- C:\Windows\System\pbzSHqw.exe
  C:\Windows\System\pbzSHqw.exe
  2⤵
  PID:5004
- C:\Windows\System\bGvgLgO.exe
  C:\Windows\System\bGvgLgO.exe
  2⤵
  PID:5072
- C:\Windows\System\CZjrukt.exe
  C:\Windows\System\CZjrukt.exe
  2⤵
  PID:5108
- C:\Windows\System\dTWxsgM.exe
  C:\Windows\System\dTWxsgM.exe
  2⤵
  PID:3992
- C:\Windows\System\WvEPbIE.exe
  C:\Windows\System\WvEPbIE.exe
  2⤵
  PID:2364
- C:\Windows\System\dednlTR.exe
  C:\Windows\System\dednlTR.exe
  2⤵
  PID:4160
- C:\Windows\System\gkArGos.exe
  C:\Windows\System\gkArGos.exe
  2⤵
  PID:4192
- C:\Windows\System\CVGpemB.exe
  C:\Windows\System\CVGpemB.exe
  2⤵
  PID:4304
- C:\Windows\System\MRkGdNq.exe
  C:\Windows\System\MRkGdNq.exe
  2⤵
  PID:4412
- C:\Windows\System\nSsDsvH.exe
  C:\Windows\System\nSsDsvH.exe
  2⤵
  PID:4460
- C:\Windows\System\tcEwBBH.exe
  C:\Windows\System\tcEwBBH.exe
  2⤵
  PID:4700
- C:\Windows\System\GhrIlgJ.exe
  C:\Windows\System\GhrIlgJ.exe
  2⤵
  PID:2320
- C:\Windows\System\scllnGW.exe
  C:\Windows\System\scllnGW.exe
  2⤵
  PID:4812
- C:\Windows\System\MNQjYkK.exe
  C:\Windows\System\MNQjYkK.exe
  2⤵
  PID:4956
- C:\Windows\System\sllNmuq.exe
  C:\Windows\System\sllNmuq.exe
  2⤵
  PID:5056
- C:\Windows\System\hddFNMH.exe
  C:\Windows\System\hddFNMH.exe
  2⤵
  PID:3800
- C:\Windows\System\NhpGZzO.exe
  C:\Windows\System\NhpGZzO.exe
  2⤵
  PID:3928
- C:\Windows\System\pgPQJjd.exe
  C:\Windows\System\pgPQJjd.exe
  2⤵
  PID:4132
- C:\Windows\System\zDGyqBb.exe
  C:\Windows\System\zDGyqBb.exe
  2⤵
  PID:2576
- C:\Windows\System\TXRBdIl.exe
  C:\Windows\System\TXRBdIl.exe
  2⤵
  PID:4332
- C:\Windows\System\FQrfdae.exe
  C:\Windows\System\FQrfdae.exe
  2⤵
  PID:4572
- C:\Windows\System\XbbyQwh.exe
  C:\Windows\System\XbbyQwh.exe
  2⤵
  PID:2536
- C:\Windows\System\XQflKOa.exe
  C:\Windows\System\XQflKOa.exe
  2⤵
  PID:4924
- C:\Windows\System\BsDqyeD.exe
  C:\Windows\System\BsDqyeD.exe
  2⤵
  PID:5104
- C:\Windows\System\RVYlnHf.exe
  C:\Windows\System\RVYlnHf.exe
  2⤵
  PID:5132
- C:\Windows\System\hNGlcFi.exe
  C:\Windows\System\hNGlcFi.exe
  2⤵
  PID:5148
- C:\Windows\System\lKzkdXQ.exe
  C:\Windows\System\lKzkdXQ.exe
  2⤵
  PID:5164
- C:\Windows\System\elsANjJ.exe
  C:\Windows\System\elsANjJ.exe
  2⤵
  PID:5180
- C:\Windows\System\OyBERvE.exe
  C:\Windows\System\OyBERvE.exe
  2⤵
  PID:5196
- C:\Windows\System\tayhDIy.exe
  C:\Windows\System\tayhDIy.exe
  2⤵
  PID:5212
- C:\Windows\System\PzgOUho.exe
  C:\Windows\System\PzgOUho.exe
  2⤵
  PID:5228
- C:\Windows\System\coztLVG.exe
  C:\Windows\System\coztLVG.exe
  2⤵
  PID:5244
- C:\Windows\System\JXwJpLQ.exe
  C:\Windows\System\JXwJpLQ.exe
  2⤵
  PID:5260
- C:\Windows\System\FeyPMdk.exe
  C:\Windows\System\FeyPMdk.exe
  2⤵
  PID:5276
- C:\Windows\System\qhnBPWk.exe
  C:\Windows\System\qhnBPWk.exe
  2⤵
  PID:5292
- C:\Windows\System\YFcGcEc.exe
  C:\Windows\System\YFcGcEc.exe
  2⤵
  PID:5308
- C:\Windows\System\mEjYVNl.exe
  C:\Windows\System\mEjYVNl.exe
  2⤵
  PID:5324
- C:\Windows\System\vGoaizu.exe
  C:\Windows\System\vGoaizu.exe
  2⤵
  PID:5340
- C:\Windows\System\ZqrGTVs.exe
  C:\Windows\System\ZqrGTVs.exe
  2⤵
  PID:5356
- C:\Windows\System\GPQFymq.exe
  C:\Windows\System\GPQFymq.exe
  2⤵
  PID:5372
- C:\Windows\System\pBwNsze.exe
  C:\Windows\System\pBwNsze.exe
  2⤵
  PID:5388
- C:\Windows\System\OEPMXEv.exe
  C:\Windows\System\OEPMXEv.exe
  2⤵
  PID:5404
- C:\Windows\System\HWMyuIf.exe
  C:\Windows\System\HWMyuIf.exe
  2⤵
  PID:5420
- C:\Windows\System\vUHnchf.exe
  C:\Windows\System\vUHnchf.exe
  2⤵
  PID:5436
- C:\Windows\System\IEbjSRA.exe
  C:\Windows\System\IEbjSRA.exe
  2⤵
  PID:5452
- C:\Windows\System\aGQKAuM.exe
  C:\Windows\System\aGQKAuM.exe
  2⤵
  PID:5468
- C:\Windows\System\kXsrFRy.exe
  C:\Windows\System\kXsrFRy.exe
  2⤵
  PID:5484
- C:\Windows\System\HhWJdVF.exe
  C:\Windows\System\HhWJdVF.exe
  2⤵
  PID:5500
- C:\Windows\System\ZKzMPkC.exe
  C:\Windows\System\ZKzMPkC.exe
  2⤵
  PID:5516
- C:\Windows\System\DBpahCL.exe
  C:\Windows\System\DBpahCL.exe
  2⤵
  PID:5532
- C:\Windows\System\iRTcljM.exe
  C:\Windows\System\iRTcljM.exe
  2⤵
  PID:5548
- C:\Windows\System\lunfQax.exe
  C:\Windows\System\lunfQax.exe
  2⤵
  PID:5564
- C:\Windows\System\kNeqkho.exe
  C:\Windows\System\kNeqkho.exe
  2⤵
  PID:5580
- C:\Windows\System\rXCyGyX.exe
  C:\Windows\System\rXCyGyX.exe
  2⤵
  PID:5596
- C:\Windows\System\cNrNftP.exe
  C:\Windows\System\cNrNftP.exe
  2⤵
  PID:5612
- C:\Windows\System\kaPjJMf.exe
  C:\Windows\System\kaPjJMf.exe
  2⤵
  PID:5628
- C:\Windows\System\WfcDteE.exe
  C:\Windows\System\WfcDteE.exe
  2⤵
  PID:5644
- C:\Windows\System\vYaNFGB.exe
  C:\Windows\System\vYaNFGB.exe
  2⤵
  PID:5660
- C:\Windows\System\jZdSYhg.exe
  C:\Windows\System\jZdSYhg.exe
  2⤵
  PID:5676
- C:\Windows\System\MsNzTSW.exe
  C:\Windows\System\MsNzTSW.exe
  2⤵
  PID:5692
- C:\Windows\System\vwNfpGN.exe
  C:\Windows\System\vwNfpGN.exe
  2⤵
  PID:5708
- C:\Windows\System\SlDnauO.exe
  C:\Windows\System\SlDnauO.exe
  2⤵
  PID:5724
- C:\Windows\System\vmcWPTW.exe
  C:\Windows\System\vmcWPTW.exe
  2⤵
  PID:5740
- C:\Windows\System\xBuxMFa.exe
  C:\Windows\System\xBuxMFa.exe
  2⤵
  PID:5756
- C:\Windows\System\rzZbMVP.exe
  C:\Windows\System\rzZbMVP.exe
  2⤵
  PID:5772
- C:\Windows\System\QwAlUIz.exe
  C:\Windows\System\QwAlUIz.exe
  2⤵
  PID:5788
- C:\Windows\System\tABDmoj.exe
  C:\Windows\System\tABDmoj.exe
  2⤵
  PID:5804
- C:\Windows\System\gLxbnrQ.exe
  C:\Windows\System\gLxbnrQ.exe
  2⤵
  PID:5820
- C:\Windows\System\vukmmHS.exe
  C:\Windows\System\vukmmHS.exe
  2⤵
  PID:5840
- C:\Windows\System\fzszMEC.exe
  C:\Windows\System\fzszMEC.exe
  2⤵
  PID:5856
- C:\Windows\System\WafxeCj.exe
  C:\Windows\System\WafxeCj.exe
  2⤵
  PID:5872
- C:\Windows\System\wPxMVBU.exe
  C:\Windows\System\wPxMVBU.exe
  2⤵
  PID:5888
- C:\Windows\System\ZHNLlYa.exe
  C:\Windows\System\ZHNLlYa.exe
  2⤵
  PID:5904
- C:\Windows\System\rkiUyNa.exe
  C:\Windows\System\rkiUyNa.exe
  2⤵
  PID:5920
- C:\Windows\System\QGDUjuy.exe
  C:\Windows\System\QGDUjuy.exe
  2⤵
  PID:5936
- C:\Windows\System\gWoNEhx.exe
  C:\Windows\System\gWoNEhx.exe
  2⤵
  PID:5952
- C:\Windows\System\YidUNqN.exe
  C:\Windows\System\YidUNqN.exe
  2⤵
  PID:5968
- C:\Windows\System\PVqJmCP.exe
  C:\Windows\System\PVqJmCP.exe
  2⤵
  PID:5984
- C:\Windows\System\uSUcexp.exe
  C:\Windows\System\uSUcexp.exe
  2⤵
  PID:6000
- C:\Windows\System\SGRnPQv.exe
  C:\Windows\System\SGRnPQv.exe
  2⤵
  PID:6016
- C:\Windows\System\ebsPgZi.exe
  C:\Windows\System\ebsPgZi.exe
  2⤵
  PID:6032
- C:\Windows\System\YhlxmFB.exe
  C:\Windows\System\YhlxmFB.exe
  2⤵
  PID:6048
- C:\Windows\System\FtQWCfL.exe
  C:\Windows\System\FtQWCfL.exe
  2⤵
  PID:6064
- C:\Windows\System\JOhDPtF.exe
  C:\Windows\System\JOhDPtF.exe
  2⤵
  PID:6080
- C:\Windows\System\vlmRTjA.exe
  C:\Windows\System\vlmRTjA.exe
  2⤵
  PID:6096
- C:\Windows\System\ZWYKQQm.exe
  C:\Windows\System\ZWYKQQm.exe
  2⤵
  PID:6112
- C:\Windows\System\DHWJHGD.exe
  C:\Windows\System\DHWJHGD.exe
  2⤵
  PID:6128
- C:\Windows\System\rXgucui.exe
  C:\Windows\System\rXgucui.exe
  2⤵
  PID:4476
- C:\Windows\System\XCrLSRE.exe
  C:\Windows\System\XCrLSRE.exe
  2⤵
  PID:2764
- C:\Windows\System\QLNAonc.exe
  C:\Windows\System\QLNAonc.exe
  2⤵
  PID:5076
- C:\Windows\System\ZapyedJ.exe
  C:\Windows\System\ZapyedJ.exe
  2⤵
  PID:2768
- C:\Windows\System\AjFENWl.exe
  C:\Windows\System\AjFENWl.exe
  2⤵
  PID:5144
- C:\Windows\System\kCKrvZa.exe
  C:\Windows\System\kCKrvZa.exe
  2⤵
  PID:812
- C:\Windows\System\FxorwNt.exe
  C:\Windows\System\FxorwNt.exe
  2⤵
  PID:5192
- C:\Windows\System\rsGvkRN.exe
  C:\Windows\System\rsGvkRN.exe
  2⤵
  PID:5236
- C:\Windows\System\wRcwKJZ.exe
  C:\Windows\System\wRcwKJZ.exe
  2⤵
  PID:5252
- C:\Windows\System\UBjrfti.exe
  C:\Windows\System\UBjrfti.exe
  2⤵
  PID:5300
- C:\Windows\System\oXKVLpQ.exe
  C:\Windows\System\oXKVLpQ.exe
  2⤵
  PID:5576
- C:\Windows\System\TQLfKyh.exe
  C:\Windows\System\TQLfKyh.exe
  2⤵
  PID:5608
- C:\Windows\System\YcQhpeW.exe
  C:\Windows\System\YcQhpeW.exe
  2⤵
  PID:5636
- C:\Windows\System\DlvrYxn.exe
  C:\Windows\System\DlvrYxn.exe
  2⤵
  PID:2888
- C:\Windows\System\OWwHaXF.exe
  C:\Windows\System\OWwHaXF.exe
  2⤵
  PID:5716
- C:\Windows\System\xgdejhK.exe
  C:\Windows\System\xgdejhK.exe
  2⤵
  PID:5732
- C:\Windows\System\GpNaYSk.exe
  C:\Windows\System\GpNaYSk.exe
  2⤵
  PID:5764
- C:\Windows\System\JzrBwMm.exe
  C:\Windows\System\JzrBwMm.exe
  2⤵
  PID:5796
- C:\Windows\System\WHYxOgT.exe
  C:\Windows\System\WHYxOgT.exe
  2⤵
  PID:5848
- C:\Windows\System\ehaeRGA.exe
  C:\Windows\System\ehaeRGA.exe
  2⤵
  PID:5864
- C:\Windows\System\JtjruHr.exe
  C:\Windows\System\JtjruHr.exe
  2⤵
  PID:5868
- C:\Windows\System\dJxjGZS.exe
  C:\Windows\System\dJxjGZS.exe
  2⤵
  PID:5916
- C:\Windows\System\IiWXelC.exe
  C:\Windows\System\IiWXelC.exe
  2⤵
  PID:5932
- C:\Windows\System\aiYjbPr.exe
  C:\Windows\System\aiYjbPr.exe
  2⤵
  PID:5960
- C:\Windows\System\sMajDLa.exe
  C:\Windows\System\sMajDLa.exe
  2⤵
  PID:6012
- C:\Windows\System\gfAGPBX.exe
  C:\Windows\System\gfAGPBX.exe
  2⤵
  PID:6040
- C:\Windows\System\QNlpQtS.exe
  C:\Windows\System\QNlpQtS.exe
  2⤵
  PID:6076
- C:\Windows\System\tCDKzSb.exe
  C:\Windows\System\tCDKzSb.exe
  2⤵
  PID:6136
- C:\Windows\System\wHsSTyP.exe
  C:\Windows\System\wHsSTyP.exe
  2⤵
  PID:5188
- C:\Windows\System\hzdMTcw.exe
  C:\Windows\System\hzdMTcw.exe
  2⤵
  PID:2076
- C:\Windows\System\CVoiZNp.exe
  C:\Windows\System\CVoiZNp.exe
  2⤵
  PID:5364
- C:\Windows\System\rEtHbOV.exe
  C:\Windows\System\rEtHbOV.exe
  2⤵
  PID:5400
- C:\Windows\System\MsfmFwZ.exe
  C:\Windows\System\MsfmFwZ.exe
  2⤵
  PID:5464
- C:\Windows\System\eIOQHGp.exe
  C:\Windows\System\eIOQHGp.exe
  2⤵
  PID:4276
- C:\Windows\System\tLpklGM.exe
  C:\Windows\System\tLpklGM.exe
  2⤵
  PID:1896
- C:\Windows\System\SeqsCiS.exe
  C:\Windows\System\SeqsCiS.exe
  2⤵
  PID:5884
- C:\Windows\System\YiOiCWB.exe
  C:\Windows\System\YiOiCWB.exe
  2⤵
  PID:5836
- C:\Windows\System\fPrrVsu.exe
  C:\Windows\System\fPrrVsu.exe
  2⤵
  PID:5320
- C:\Windows\System\shHIDJF.exe
  C:\Windows\System\shHIDJF.exe
  2⤵
  PID:2700
- C:\Windows\System\HpLTMvV.exe
  C:\Windows\System\HpLTMvV.exe
  2⤵
  PID:5272
- C:\Windows\System\tjbHszX.exe
  C:\Windows\System\tjbHszX.exe
  2⤵
  PID:5720
- C:\Windows\System\LTdpofv.exe
  C:\Windows\System\LTdpofv.exe
  2⤵
  PID:5412
- C:\Windows\System\gMyVekr.exe
  C:\Windows\System\gMyVekr.exe
  2⤵
  PID:5240
- C:\Windows\System\IPTHXAK.exe
  C:\Windows\System\IPTHXAK.exe
  2⤵
  PID:5560
- C:\Windows\System\EMtbmgY.exe
  C:\Windows\System\EMtbmgY.exe
  2⤵
  PID:2492
- C:\Windows\System\LkMhhWx.exe
  C:\Windows\System\LkMhhWx.exe
  2⤵
  PID:1920
- C:\Windows\System\zZNNOoT.exe
  C:\Windows\System\zZNNOoT.exe
  2⤵
  PID:5316
- C:\Windows\System\wgAEBax.exe
  C:\Windows\System\wgAEBax.exe
  2⤵
  PID:5460
- C:\Windows\System\NUJGawt.exe
  C:\Windows\System\NUJGawt.exe
  2⤵
  PID:2480
- C:\Windows\System\opnGQWq.exe
  C:\Windows\System\opnGQWq.exe
  2⤵
  PID:5668
- C:\Windows\System\WtHqyXD.exe
  C:\Windows\System\WtHqyXD.exe
  2⤵
  PID:308
- C:\Windows\System\dXVXmfr.exe
  C:\Windows\System\dXVXmfr.exe
  2⤵
  PID:5896
- C:\Windows\System\NzMNqYW.exe
  C:\Windows\System\NzMNqYW.exe
  2⤵
  PID:5540
- C:\Windows\System\kyxSHCq.exe
  C:\Windows\System\kyxSHCq.exe
  2⤵
  PID:2188
- C:\Windows\System\wmTsYat.exe
  C:\Windows\System\wmTsYat.exe
  2⤵
  PID:1736
- C:\Windows\System\pXAgZDg.exe
  C:\Windows\System\pXAgZDg.exe
  2⤵
  PID:2072
- C:\Windows\System\jyxVqca.exe
  C:\Windows\System\jyxVqca.exe
  2⤵
  PID:5480
- C:\Windows\System\xVahKVS.exe
  C:\Windows\System\xVahKVS.exe
  2⤵
  PID:636
- C:\Windows\System\mUOxswT.exe
  C:\Windows\System\mUOxswT.exe
  2⤵
  PID:1556
- C:\Windows\System\FKKWLvp.exe
  C:\Windows\System\FKKWLvp.exe
  2⤵
  PID:2468
- C:\Windows\System\xFnrLtp.exe
  C:\Windows\System\xFnrLtp.exe
  2⤵
  PID:6008
- C:\Windows\System\IkBPTIl.exe
  C:\Windows\System\IkBPTIl.exe
  2⤵
  PID:6088
- C:\Windows\System\QnHPAma.exe
  C:\Windows\System\QnHPAma.exe
  2⤵
  PID:4208
- C:\Windows\System\EmQXnAw.exe
  C:\Windows\System\EmQXnAw.exe
  2⤵
  PID:6156
- C:\Windows\System\QtOKDCg.exe
  C:\Windows\System\QtOKDCg.exe
  2⤵
  PID:6184
- C:\Windows\System\DXkHEWA.exe
  C:\Windows\System\DXkHEWA.exe
  2⤵
  PID:6208
- C:\Windows\System\GLbiZCs.exe
  C:\Windows\System\GLbiZCs.exe
  2⤵
  PID:6228
- C:\Windows\System\HYqgcNM.exe
  C:\Windows\System\HYqgcNM.exe
  2⤵
  PID:6248
- C:\Windows\System\iWNJkLk.exe
  C:\Windows\System\iWNJkLk.exe
  2⤵
  PID:6268
- C:\Windows\System\NNixJUZ.exe
  C:\Windows\System\NNixJUZ.exe
  2⤵
  PID:6292
- C:\Windows\System\ZBPTxyf.exe
  C:\Windows\System\ZBPTxyf.exe
  2⤵
  PID:6308
- C:\Windows\System\jmOkXMq.exe
  C:\Windows\System\jmOkXMq.exe
  2⤵
  PID:6332
- C:\Windows\System\bsVHqhb.exe
  C:\Windows\System\bsVHqhb.exe
  2⤵
  PID:6348
- C:\Windows\System\wTsqBaA.exe
  C:\Windows\System\wTsqBaA.exe
  2⤵
  PID:6364
- C:\Windows\System\Gvqwwlb.exe
  C:\Windows\System\Gvqwwlb.exe
  2⤵
  PID:6380
- C:\Windows\System\UJgQpnP.exe
  C:\Windows\System\UJgQpnP.exe
  2⤵
  PID:6396
- C:\Windows\System\FTRayWE.exe
  C:\Windows\System\FTRayWE.exe
  2⤵
  PID:6412
- C:\Windows\System\fbfdxrQ.exe
  C:\Windows\System\fbfdxrQ.exe
  2⤵
  PID:6496
- C:\Windows\System\yKnWWaY.exe
  C:\Windows\System\yKnWWaY.exe
  2⤵
  PID:6524
- C:\Windows\System\TrFgevc.exe
  C:\Windows\System\TrFgevc.exe
  2⤵
  PID:6540
- C:\Windows\System\NmDeXhQ.exe
  C:\Windows\System\NmDeXhQ.exe
  2⤵
  PID:6560
- C:\Windows\System\ehRHmSV.exe
  C:\Windows\System\ehRHmSV.exe
  2⤵
  PID:6584
- C:\Windows\System\cNmaetF.exe
  C:\Windows\System\cNmaetF.exe
  2⤵
  PID:6604
- C:\Windows\System\fvsIgKW.exe
  C:\Windows\System\fvsIgKW.exe
  2⤵
  PID:6620
- C:\Windows\System\zfCZzkY.exe
  C:\Windows\System\zfCZzkY.exe
  2⤵
  PID:6640
- C:\Windows\System\WMgvPlq.exe
  C:\Windows\System\WMgvPlq.exe
  2⤵
  PID:6668
- C:\Windows\System\rEOBTHs.exe
  C:\Windows\System\rEOBTHs.exe
  2⤵
  PID:6684
- C:\Windows\System\mVdELUw.exe
  C:\Windows\System\mVdELUw.exe
  2⤵
  PID:6704
- C:\Windows\System\NxGsvGK.exe
  C:\Windows\System\NxGsvGK.exe
  2⤵
  PID:6720
- C:\Windows\System\vPCYzYZ.exe
  C:\Windows\System\vPCYzYZ.exe
  2⤵
  PID:6736
- C:\Windows\System\rflDxsn.exe
  C:\Windows\System\rflDxsn.exe
  2⤵
  PID:6756
- C:\Windows\System\veUwrql.exe
  C:\Windows\System\veUwrql.exe
  2⤵
  PID:6772
- C:\Windows\System\AlzWFJh.exe
  C:\Windows\System\AlzWFJh.exe
  2⤵
  PID:6788
- C:\Windows\System\yzwxbnK.exe
  C:\Windows\System\yzwxbnK.exe
  2⤵
  PID:6804
- C:\Windows\System\eMosGDw.exe
  C:\Windows\System\eMosGDw.exe
  2⤵
  PID:6820
- C:\Windows\System\GwaQTKW.exe
  C:\Windows\System\GwaQTKW.exe
  2⤵
  PID:6836
- C:\Windows\System\PNqIPZS.exe
  C:\Windows\System\PNqIPZS.exe
  2⤵
  PID:6856
- C:\Windows\System\AKCHAke.exe
  C:\Windows\System\AKCHAke.exe
  2⤵
  PID:6872
- C:\Windows\System\qdveDzN.exe
  C:\Windows\System\qdveDzN.exe
  2⤵
  PID:6900
- C:\Windows\System\cewKlAm.exe
  C:\Windows\System\cewKlAm.exe
  2⤵
  PID:6920
- C:\Windows\System\BFFixRJ.exe
  C:\Windows\System\BFFixRJ.exe
  2⤵
  PID:6940
- C:\Windows\System\utxnGQg.exe
  C:\Windows\System\utxnGQg.exe
  2⤵
  PID:6964
- C:\Windows\System\feubzPE.exe
  C:\Windows\System\feubzPE.exe
  2⤵
  PID:6984
- C:\Windows\System\wpcmkYk.exe
  C:\Windows\System\wpcmkYk.exe
  2⤵
  PID:7004
- C:\Windows\System\osIWVSW.exe
  C:\Windows\System\osIWVSW.exe
  2⤵
  PID:7020
- C:\Windows\System\LkTenHz.exe
  C:\Windows\System\LkTenHz.exe
  2⤵
  PID:7040
- C:\Windows\System\ofEVZoI.exe
  C:\Windows\System\ofEVZoI.exe
  2⤵
  PID:7068
- C:\Windows\System\WbdroFA.exe
  C:\Windows\System\WbdroFA.exe
  2⤵
  PID:7088
- C:\Windows\System\pyIVkwk.exe
  C:\Windows\System\pyIVkwk.exe
  2⤵
  PID:7108
- C:\Windows\System\TMkweFr.exe
  C:\Windows\System\TMkweFr.exe
  2⤵
  PID:7132
- C:\Windows\System\UgJdrOw.exe
  C:\Windows\System\UgJdrOw.exe
  2⤵
  PID:7148
- C:\Windows\System\oDscoOL.exe
  C:\Windows\System\oDscoOL.exe
  2⤵
  PID:5572
- C:\Windows\System\aQhMods.exe
  C:\Windows\System\aQhMods.exe
  2⤵
  PID:5352
- C:\Windows\System\orsjaGx.exe
  C:\Windows\System\orsjaGx.exe
  2⤵
  PID:6148
- C:\Windows\System\UspLDWB.exe
  C:\Windows\System\UspLDWB.exe
  2⤵
  PID:6200
- C:\Windows\System\PqMGmUj.exe
  C:\Windows\System\PqMGmUj.exe
  2⤵
  PID:6276
- C:\Windows\System\WxpVDHC.exe
  C:\Windows\System\WxpVDHC.exe
  2⤵
  PID:5880
- C:\Windows\System\yAJEWyt.exe
  C:\Windows\System\yAJEWyt.exe
  2⤵
  PID:6360
- C:\Windows\System\RPGllGG.exe
  C:\Windows\System\RPGllGG.exe
  2⤵
  PID:1544
- C:\Windows\System\tlryPPX.exe
  C:\Windows\System\tlryPPX.exe
  2⤵
  PID:6432
- C:\Windows\System\qwBaWhy.exe
  C:\Windows\System\qwBaWhy.exe
  2⤵
  PID:6440
- C:\Windows\System\RYlhXUW.exe
  C:\Windows\System\RYlhXUW.exe
  2⤵
  PID:6452
- C:\Windows\System\TiANDEv.exe
  C:\Windows\System\TiANDEv.exe
  2⤵
  PID:5980
- C:\Windows\System\RNIxNbm.exe
  C:\Windows\System\RNIxNbm.exe
  2⤵
  PID:6472
- C:\Windows\System\hZXEznB.exe
  C:\Windows\System\hZXEznB.exe
  2⤵
  PID:6476
- C:\Windows\System\BesQzmh.exe
  C:\Windows\System\BesQzmh.exe
  2⤵
  PID:6404
- C:\Windows\System\gksqvzv.exe
  C:\Windows\System\gksqvzv.exe
  2⤵
  PID:2440
- C:\Windows\System\OLACWRC.exe
  C:\Windows\System\OLACWRC.exe
  2⤵
  PID:1564
- C:\Windows\System\AiwuTkv.exe
  C:\Windows\System\AiwuTkv.exe
  2⤵
  PID:2400
- C:\Windows\System\vNDYQSx.exe
  C:\Windows\System\vNDYQSx.exe
  2⤵
  PID:3252
- C:\Windows\System\fyWYLNa.exe
  C:\Windows\System\fyWYLNa.exe
  2⤵
  PID:1980
- C:\Windows\System\pRMeIsc.exe
  C:\Windows\System\pRMeIsc.exe
  2⤵
  PID:6428
- C:\Windows\System\plDodTP.exe
  C:\Windows\System\plDodTP.exe
  2⤵
  PID:5156
- C:\Windows\System\mimCJMD.exe
  C:\Windows\System\mimCJMD.exe
  2⤵
  PID:1604
- C:\Windows\System\POMwIcK.exe
  C:\Windows\System\POMwIcK.exe
  2⤵
  PID:6164
- C:\Windows\System\NwQsoJr.exe
  C:\Windows\System\NwQsoJr.exe
  2⤵
  PID:6176
- C:\Windows\System\uqHRUyT.exe
  C:\Windows\System\uqHRUyT.exe
  2⤵
  PID:6256
- C:\Windows\System\deTAmBW.exe
  C:\Windows\System\deTAmBW.exe
  2⤵
  PID:6512
- C:\Windows\System\vaVOlao.exe
  C:\Windows\System\vaVOlao.exe
  2⤵
  PID:6504
- C:\Windows\System\PxEKdUQ.exe
  C:\Windows\System\PxEKdUQ.exe
  2⤵
  PID:6552
- C:\Windows\System\ODJxNZK.exe
  C:\Windows\System\ODJxNZK.exe
  2⤵
  PID:1260
- C:\Windows\System\aFXEqJS.exe
  C:\Windows\System\aFXEqJS.exe
  2⤵
  PID:6664
- C:\Windows\System\ozLKdbz.exe
  C:\Windows\System\ozLKdbz.exe
  2⤵
  PID:6700
- C:\Windows\System\hqQYInD.exe
  C:\Windows\System\hqQYInD.exe
  2⤵
  PID:6768
- C:\Windows\System\bthRfmS.exe
  C:\Windows\System\bthRfmS.exe
  2⤵
  PID:6864
- C:\Windows\System\NEMPUQB.exe
  C:\Windows\System\NEMPUQB.exe
  2⤵
  PID:6868
- C:\Windows\System\aafPwCY.exe
  C:\Windows\System\aafPwCY.exe
  2⤵
  PID:6956
- C:\Windows\System\kgvTNOi.exe
  C:\Windows\System\kgvTNOi.exe
  2⤵
  PID:6752
- C:\Windows\System\btKJgUM.exe
  C:\Windows\System\btKJgUM.exe
  2⤵
  PID:6852
- C:\Windows\System\nGKLZRt.exe
  C:\Windows\System\nGKLZRt.exe
  2⤵
  PID:7080
- C:\Windows\System\vFcdkfh.exe
  C:\Windows\System\vFcdkfh.exe
  2⤵
  PID:7128
- C:\Windows\System\ftBvLki.exe
  C:\Windows\System\ftBvLki.exe
  2⤵
  PID:7156
- C:\Windows\System\sNCRkRH.exe
  C:\Windows\System\sNCRkRH.exe
  2⤵
  PID:6888
- C:\Windows\System\XcXpOrP.exe
  C:\Windows\System\XcXpOrP.exe
  2⤵
  PID:1108
- C:\Windows\System\acgZvUr.exe
  C:\Windows\System\acgZvUr.exe
  2⤵
  PID:7140
- C:\Windows\System\AdIFHWY.exe
  C:\Windows\System\AdIFHWY.exe
  2⤵
  PID:6848
- C:\Windows\System\ljksqDD.exe
  C:\Windows\System\ljksqDD.exe
  2⤵
  PID:7016
- C:\Windows\System\WKjjHPG.exe
  C:\Windows\System\WKjjHPG.exe
  2⤵
  PID:7096
- C:\Windows\System\SfiEKzf.exe
  C:\Windows\System\SfiEKzf.exe
  2⤵
  PID:5684
- C:\Windows\System\TVBatxj.exe
  C:\Windows\System\TVBatxj.exe
  2⤵
  PID:5432
- C:\Windows\System\xZSRBXs.exe
  C:\Windows\System\xZSRBXs.exe
  2⤵
  PID:6244
- C:\Windows\System\vgUTZRf.exe
  C:\Windows\System\vgUTZRf.exe
  2⤵
  PID:6284
- C:\Windows\System\rVuPOAs.exe
  C:\Windows\System\rVuPOAs.exe
  2⤵
  PID:6324
- C:\Windows\System\CoefZCA.exe
  C:\Windows\System\CoefZCA.exe
  2⤵
  PID:6392
- C:\Windows\System\zcCkGOI.exe
  C:\Windows\System\zcCkGOI.exe
  2⤵
  PID:6468
- C:\Windows\System\EWQiMUR.exe
  C:\Windows\System\EWQiMUR.exe
  2⤵
  PID:6372
- C:\Windows\System\PXSPmLz.exe
  C:\Windows\System\PXSPmLz.exe
  2⤵
  PID:5444
- C:\Windows\System\mpLqrhU.exe
  C:\Windows\System\mpLqrhU.exe
  2⤵
  PID:2784
- C:\Windows\System\KvpwPdL.exe
  C:\Windows\System\KvpwPdL.exe
  2⤵
  PID:2880
- C:\Windows\System\dGzgeOX.exe
  C:\Windows\System\dGzgeOX.exe
  2⤵
  PID:5492
- C:\Windows\System\WxyBlpc.exe
  C:\Windows\System\WxyBlpc.exe
  2⤵
  PID:6388
- C:\Windows\System\XPEuDfg.exe
  C:\Windows\System\XPEuDfg.exe
  2⤵
  PID:2612
- C:\Windows\System\EkEldmd.exe
  C:\Windows\System\EkEldmd.exe
  2⤵
  PID:6304
- C:\Windows\System\ZjYOoZm.exe
  C:\Windows\System\ZjYOoZm.exe
  2⤵
  PID:4588
- C:\Windows\System\irSCTTl.exe
  C:\Windows\System\irSCTTl.exe
  2⤵
  PID:6092
- C:\Windows\System\BXpzdAG.exe
  C:\Windows\System\BXpzdAG.exe
  2⤵
  PID:6216
- C:\Windows\System\uLdyKlt.exe
  C:\Windows\System\uLdyKlt.exe
  2⤵
  PID:6580
- C:\Windows\System\tTCOzdR.exe
  C:\Windows\System\tTCOzdR.exe
  2⤵
  PID:6576
- C:\Windows\System\NaKXlFy.exe
  C:\Windows\System\NaKXlFy.exe
  2⤵
  PID:6596
- C:\Windows\System\PUTYoLU.exe
  C:\Windows\System\PUTYoLU.exe
  2⤵
  PID:6692
- C:\Windows\System\gMlMjwu.exe
  C:\Windows\System\gMlMjwu.exe
  2⤵
  PID:6632
- C:\Windows\System\AampTjm.exe
  C:\Windows\System\AampTjm.exe
  2⤵
  PID:6992
- C:\Windows\System\fOXAJMs.exe
  C:\Windows\System\fOXAJMs.exe
  2⤵
  PID:7036
- C:\Windows\System\fXYOcOb.exe
  C:\Windows\System\fXYOcOb.exe
  2⤵
  PID:7116
- C:\Windows\System\xNBrHbd.exe
  C:\Windows\System\xNBrHbd.exe
  2⤵
  PID:6928
- C:\Windows\System\WAPyXJe.exe
  C:\Windows\System\WAPyXJe.exe
  2⤵
  PID:6844
- C:\Windows\System\AveNosO.exe
  C:\Windows\System\AveNosO.exe
  2⤵
  PID:7064
- C:\Windows\System\gbDYxvw.exe
  C:\Windows\System\gbDYxvw.exe
  2⤵
  PID:6884
- C:\Windows\System\XdlnmEF.exe
  C:\Windows\System\XdlnmEF.exe
  2⤵
  PID:6936
- C:\Windows\System\sivlgwa.exe
  C:\Windows\System\sivlgwa.exe
  2⤵
  PID:5768
- C:\Windows\System\NdzzRvV.exe
  C:\Windows\System\NdzzRvV.exe
  2⤵
  PID:5544
- C:\Windows\System\xjiTstP.exe
  C:\Windows\System\xjiTstP.exe
  2⤵
  PID:6264
- C:\Windows\System\UxCOEqd.exe
  C:\Windows\System\UxCOEqd.exe
  2⤵
  PID:2324
- C:\Windows\System\UTkLkBS.exe
  C:\Windows\System\UTkLkBS.exe
  2⤵
  PID:6548
- C:\Windows\System\bIcxSAP.exe
  C:\Windows\System\bIcxSAP.exe
  2⤵
  PID:6492
- C:\Windows\System\mIxjBxb.exe
  C:\Windows\System\mIxjBxb.exe
  2⤵
  PID:5528
- C:\Windows\System\CMEpuuH.exe
  C:\Windows\System\CMEpuuH.exe
  2⤵
  PID:5512
- C:\Windows\System\pmmTRIK.exe
  C:\Windows\System\pmmTRIK.exe
  2⤵
  PID:6568
- C:\Windows\System\hHUnXiR.exe
  C:\Windows\System\hHUnXiR.exe
  2⤵
  PID:6912
- C:\Windows\System\nqlNRZF.exe
  C:\Windows\System\nqlNRZF.exe
  2⤵
  PID:5476
- C:\Windows\System\jTAyaMm.exe
  C:\Windows\System\jTAyaMm.exe
  2⤵
  PID:6812
- C:\Windows\System\TuYmzrw.exe
  C:\Windows\System\TuYmzrw.exe
  2⤵
  PID:6592
- C:\Windows\System\XHZfMDT.exe
  C:\Windows\System\XHZfMDT.exe
  2⤵
  PID:5208
- C:\Windows\System\SkwzjCX.exe
  C:\Windows\System\SkwzjCX.exe
  2⤵
  PID:6764
- C:\Windows\System\NseFQHU.exe
  C:\Windows\System\NseFQHU.exe
  2⤵
  PID:7060
- C:\Windows\System\sJjClPn.exe
  C:\Windows\System\sJjClPn.exe
  2⤵
  PID:6828
- C:\Windows\System\mBuQSTi.exe
  C:\Windows\System\mBuQSTi.exe
  2⤵
  PID:7056
- C:\Windows\System\AmAhlLN.exe
  C:\Windows\System\AmAhlLN.exe
  2⤵
  PID:2752
- C:\Windows\System\lvHVNju.exe
  C:\Windows\System\lvHVNju.exe
  2⤵
  PID:6320
- C:\Windows\System\BziUhYl.exe
  C:\Windows\System\BziUhYl.exe
  2⤵
  PID:6484
- C:\Windows\System\LJNnSoC.exe
  C:\Windows\System\LJNnSoC.exe
  2⤵
  PID:5948
- C:\Windows\System\MjOdDPp.exe
  C:\Windows\System\MjOdDPp.exe
  2⤵
  PID:2952
- C:\Windows\System\MEFWsmV.exe
  C:\Windows\System\MEFWsmV.exe
  2⤵
  PID:7176
- C:\Windows\System\uXwCwbp.exe
  C:\Windows\System\uXwCwbp.exe
  2⤵
  PID:7196
- C:\Windows\System\gQYafzb.exe
  C:\Windows\System\gQYafzb.exe
  2⤵
  PID:7220
- C:\Windows\System\pqLQJmv.exe
  C:\Windows\System\pqLQJmv.exe
  2⤵
  PID:7244
- C:\Windows\System\eHWuChT.exe
  C:\Windows\System\eHWuChT.exe
  2⤵
  PID:7268
- C:\Windows\System\BuWrUzG.exe
  C:\Windows\System\BuWrUzG.exe
  2⤵
  PID:7292
- C:\Windows\System\MAwyyBU.exe
  C:\Windows\System\MAwyyBU.exe
  2⤵
  PID:7316
- C:\Windows\System\YeUWxni.exe
  C:\Windows\System\YeUWxni.exe
  2⤵
  PID:7336
- C:\Windows\System\zFzsarG.exe
  C:\Windows\System\zFzsarG.exe
  2⤵
  PID:7356
- C:\Windows\System\scqARcs.exe
  C:\Windows\System\scqARcs.exe
  2⤵
  PID:7372
- C:\Windows\System\QPClmyj.exe
  C:\Windows\System\QPClmyj.exe
  2⤵
  PID:7452
- C:\Windows\System\BuelHFF.exe
  C:\Windows\System\BuelHFF.exe
  2⤵
  PID:7468
- C:\Windows\System\SAuzNVB.exe
  C:\Windows\System\SAuzNVB.exe
  2⤵
  PID:7488
- C:\Windows\System\LqYcMJg.exe
  C:\Windows\System\LqYcMJg.exe
  2⤵
  PID:7504
- C:\Windows\System\KUVshie.exe
  C:\Windows\System\KUVshie.exe
  2⤵
  PID:7524
- C:\Windows\System\aBvUKRI.exe
  C:\Windows\System\aBvUKRI.exe
  2⤵
  PID:7548
- C:\Windows\System\yVtkKyM.exe
  C:\Windows\System\yVtkKyM.exe
  2⤵
  PID:7568
- C:\Windows\System\dVydkQA.exe
  C:\Windows\System\dVydkQA.exe
  2⤵
  PID:7584
- C:\Windows\System\xERxMaF.exe
  C:\Windows\System\xERxMaF.exe
  2⤵
  PID:7600
- C:\Windows\System\RChEmon.exe
  C:\Windows\System\RChEmon.exe
  2⤵
  PID:7616
- C:\Windows\System\XZXNquD.exe
  C:\Windows\System\XZXNquD.exe
  2⤵
  PID:7632
- C:\Windows\System\McVLwTc.exe
  C:\Windows\System\McVLwTc.exe
  2⤵
  PID:7652
- C:\Windows\System\cSUYeXi.exe
  C:\Windows\System\cSUYeXi.exe
  2⤵
  PID:7668
- C:\Windows\System\jhKxkdK.exe
  C:\Windows\System\jhKxkdK.exe
  2⤵
  PID:7684
- C:\Windows\System\fXXaFnd.exe
  C:\Windows\System\fXXaFnd.exe
  2⤵
  PID:7700
- C:\Windows\System\XkojMWg.exe
  C:\Windows\System\XkojMWg.exe
  2⤵
  PID:7716
- C:\Windows\System\xTyEiWO.exe
  C:\Windows\System\xTyEiWO.exe
  2⤵
  PID:7732
- C:\Windows\System\LXFTaIw.exe
  C:\Windows\System\LXFTaIw.exe
  2⤵
  PID:7748
- C:\Windows\System\cwhHePI.exe
  C:\Windows\System\cwhHePI.exe
  2⤵
  PID:7764
- C:\Windows\System\fariwCt.exe
  C:\Windows\System\fariwCt.exe
  2⤵
  PID:7780
- C:\Windows\System\iTgHYOV.exe
  C:\Windows\System\iTgHYOV.exe
  2⤵
  PID:7796
- C:\Windows\System\yBpSOyE.exe
  C:\Windows\System\yBpSOyE.exe
  2⤵
  PID:7812
- C:\Windows\System\HDHoSfr.exe
  C:\Windows\System\HDHoSfr.exe
  2⤵
  PID:7828
- C:\Windows\System\Neeugpl.exe
  C:\Windows\System\Neeugpl.exe
  2⤵
  PID:7888
- C:\Windows\System\XsWEAku.exe
  C:\Windows\System\XsWEAku.exe
  2⤵
  PID:7924
- C:\Windows\System\tuLbsoe.exe
  C:\Windows\System\tuLbsoe.exe
  2⤵
  PID:7948
- C:\Windows\System\XlGXGhK.exe
  C:\Windows\System\XlGXGhK.exe
  2⤵
  PID:7964
- C:\Windows\System\MwnVzlW.exe
  C:\Windows\System\MwnVzlW.exe
  2⤵
  PID:7980
- C:\Windows\System\PmwcNVS.exe
  C:\Windows\System\PmwcNVS.exe
  2⤵
  PID:8000
- C:\Windows\System\CoBLFFh.exe
  C:\Windows\System\CoBLFFh.exe
  2⤵
  PID:8020
- C:\Windows\System\ujKcoMd.exe
  C:\Windows\System\ujKcoMd.exe
  2⤵
  PID:8040
- C:\Windows\System\zJKqnrx.exe
  C:\Windows\System\zJKqnrx.exe
  2⤵
  PID:8060
- C:\Windows\System\kHgteVq.exe
  C:\Windows\System\kHgteVq.exe
  2⤵
  PID:8076
- C:\Windows\System\RpGpabV.exe
  C:\Windows\System\RpGpabV.exe
  2⤵
  PID:8092
- C:\Windows\System\ymENnoF.exe
  C:\Windows\System\ymENnoF.exe
  2⤵
  PID:8112
- C:\Windows\System\ziQPIGn.exe
  C:\Windows\System\ziQPIGn.exe
  2⤵
  PID:8128
- C:\Windows\System\moPebJt.exe
  C:\Windows\System\moPebJt.exe
  2⤵
  PID:8144
- C:\Windows\System\anDcOCZ.exe
  C:\Windows\System\anDcOCZ.exe
  2⤵
  PID:8160
- C:\Windows\System\ItWIKrC.exe
  C:\Windows\System\ItWIKrC.exe
  2⤵
  PID:8184
- C:\Windows\System\MhzQTdg.exe
  C:\Windows\System\MhzQTdg.exe
  2⤵
  PID:6780
- C:\Windows\System\ldtUpyY.exe
  C:\Windows\System\ldtUpyY.exe
  2⤵
  PID:2820
- C:\Windows\System\jGXwBbO.exe
  C:\Windows\System\jGXwBbO.exe
  2⤵
  PID:4896
- C:\Windows\System\smVsCSu.exe
  C:\Windows\System\smVsCSu.exe
  2⤵
  PID:7240
- C:\Windows\System\yWfPWgO.exe
  C:\Windows\System\yWfPWgO.exe
  2⤵
  PID:7288
- C:\Windows\System\WuNdINk.exe
  C:\Windows\System\WuNdINk.exe
  2⤵
  PID:7364
- C:\Windows\System\oZxDSQF.exe
  C:\Windows\System\oZxDSQF.exe
  2⤵
  PID:6536
- C:\Windows\System\adqHdrv.exe
  C:\Windows\System\adqHdrv.exe
  2⤵
  PID:6356
- C:\Windows\System\SEbntfu.exe
  C:\Windows\System\SEbntfu.exe
  2⤵
  PID:7344
- C:\Windows\System\OzaXLyd.exe
  C:\Windows\System\OzaXLyd.exe
  2⤵
  PID:6656
- C:\Windows\System\JjzMNRw.exe
  C:\Windows\System\JjzMNRw.exe
  2⤵
  PID:6716
- C:\Windows\System\RDRcnpg.exe
  C:\Windows\System\RDRcnpg.exe
  2⤵
  PID:7208
- C:\Windows\System\pkOnMTl.exe
  C:\Windows\System\pkOnMTl.exe
  2⤵
  PID:7264
- C:\Windows\System\PLbHair.exe
  C:\Windows\System\PLbHair.exe
  2⤵
  PID:7420
- C:\Windows\System\WBZLqIR.exe
  C:\Windows\System\WBZLqIR.exe
  2⤵
  PID:7440
- C:\Windows\System\OgGhPfd.exe
  C:\Windows\System\OgGhPfd.exe
  2⤵
  PID:7464
- C:\Windows\System\UivdoRD.exe
  C:\Windows\System\UivdoRD.exe
  2⤵
  PID:7500
- C:\Windows\System\qziJCcN.exe
  C:\Windows\System\qziJCcN.exe
  2⤵
  PID:7484
- C:\Windows\System\QMvGDzQ.exe
  C:\Windows\System\QMvGDzQ.exe
  2⤵
  PID:7536
- C:\Windows\System\AsfKUCl.exe
  C:\Windows\System\AsfKUCl.exe
  2⤵
  PID:7660
- C:\Windows\System\DRzHxLE.exe
  C:\Windows\System\DRzHxLE.exe
  2⤵
  PID:7612
- C:\Windows\System\pHNjmGg.exe
  C:\Windows\System\pHNjmGg.exe
  2⤵
  PID:7676
- C:\Windows\System\QOVrwlB.exe
  C:\Windows\System\QOVrwlB.exe
  2⤵
  PID:7820
- C:\Windows\System\utEKaac.exe
  C:\Windows\System\utEKaac.exe
  2⤵
  PID:7696
- C:\Windows\System\CJukYVh.exe
  C:\Windows\System\CJukYVh.exe
  2⤵
  PID:7760
- C:\Windows\System\HbQkZXq.exe
  C:\Windows\System\HbQkZXq.exe
  2⤵
  PID:7896
- C:\Windows\System\nUVGclf.exe
  C:\Windows\System\nUVGclf.exe
  2⤵
  PID:7884
- C:\Windows\System\yJbwOUk.exe
  C:\Windows\System\yJbwOUk.exe
  2⤵
  PID:7740
- C:\Windows\System\kKTPPQZ.exe
  C:\Windows\System\kKTPPQZ.exe
  2⤵
  PID:7864
- C:\Windows\System\FxEJOph.exe
  C:\Windows\System\FxEJOph.exe
  2⤵
  PID:7936
- C:\Windows\System\iZxRZMC.exe
  C:\Windows\System\iZxRZMC.exe
  2⤵
  PID:7772
- C:\Windows\System\mxXNyNT.exe
  C:\Windows\System\mxXNyNT.exe
  2⤵
  PID:7836
- C:\Windows\System\RLBMYqR.exe
  C:\Windows\System\RLBMYqR.exe
  2⤵
  PID:7972
- C:\Windows\System\HOiYtPt.exe
  C:\Windows\System\HOiYtPt.exe
  2⤵
  PID:8016
- C:\Windows\System\FQMIIya.exe
  C:\Windows\System\FQMIIya.exe
  2⤵
  PID:8084
- C:\Windows\System\nmYKSWk.exe
  C:\Windows\System\nmYKSWk.exe
  2⤵
  PID:7908
- C:\Windows\System\guWpBfc.exe
  C:\Windows\System\guWpBfc.exe
  2⤵
  PID:8028
- C:\Windows\System\VteEgqr.exe
  C:\Windows\System\VteEgqr.exe
  2⤵
  PID:6748
- C:\Windows\System\bRJfdEa.exe
  C:\Windows\System\bRJfdEa.exe
  2⤵
  PID:5816
- C:\Windows\System\EzUdYXp.exe
  C:\Windows\System\EzUdYXp.exe
  2⤵
  PID:7032
- C:\Windows\System\cEsZIIo.exe
  C:\Windows\System\cEsZIIo.exe
  2⤵
  PID:7256
- C:\Windows\System\tULVxwT.exe
  C:\Windows\System\tULVxwT.exe
  2⤵
  PID:7260
- C:\Windows\System\CUaIOYL.exe
  C:\Windows\System\CUaIOYL.exe
  2⤵
  PID:7912
- C:\Windows\System\WwFwoBG.exe
  C:\Windows\System\WwFwoBG.exe
  2⤵
  PID:888
- C:\Windows\System\LXWrriF.exe
  C:\Windows\System\LXWrriF.exe
  2⤵
  PID:7956
- C:\Windows\System\ByWHcaq.exe
  C:\Windows\System\ByWHcaq.exe
  2⤵
  PID:8108
- C:\Windows\System\EcsciVe.exe
  C:\Windows\System\EcsciVe.exe
  2⤵
  PID:8172
- C:\Windows\System\AHHqxyo.exe
  C:\Windows\System\AHHqxyo.exe
  2⤵
  PID:7000
- C:\Windows\System\xcDDrHz.exe
  C:\Windows\System\xcDDrHz.exe
  2⤵
  PID:7332
- C:\Windows\System\swLCSXg.exe
  C:\Windows\System\swLCSXg.exe
  2⤵
  PID:7144
- C:\Windows\System\FaAejoa.exe
  C:\Windows\System\FaAejoa.exe
  2⤵
  PID:6424
- C:\Windows\System\AzmvJch.exe
  C:\Windows\System\AzmvJch.exe
  2⤵
  PID:7384
- C:\Windows\System\HJtWGkT.exe
  C:\Windows\System\HJtWGkT.exe
  2⤵
  PID:7520
- C:\Windows\System\ifibkTd.exe
  C:\Windows\System\ifibkTd.exe
  2⤵
  PID:7664
- C:\Windows\System\LPkRrTT.exe
  C:\Windows\System\LPkRrTT.exe
  2⤵
  PID:7840
- C:\Windows\System\ykMyxKG.exe
  C:\Windows\System\ykMyxKG.exe
  2⤵
  PID:7444
- C:\Windows\System\QvNyevn.exe
  C:\Windows\System\QvNyevn.exe
  2⤵
  PID:7556
- C:\Windows\System\jWvsOtL.exe
  C:\Windows\System\jWvsOtL.exe
  2⤵
  PID:7284
- C:\Windows\System\rLINqwD.exe
  C:\Windows\System\rLINqwD.exe
  2⤵
  PID:8136
- C:\Windows\System\wPCDibT.exe
  C:\Windows\System\wPCDibT.exe
  2⤵
  PID:7728
- C:\Windows\System\eaJJOaA.exe
  C:\Windows\System\eaJJOaA.exe
  2⤵
  PID:7856
- C:\Windows\System\EvKncKq.exe
  C:\Windows\System\EvKncKq.exe
  2⤵
  PID:7852
- C:\Windows\System\RHFUpMU.exe
  C:\Windows\System\RHFUpMU.exe
  2⤵
  PID:8156
- C:\Windows\System\umrASPi.exe
  C:\Windows\System\umrASPi.exe
  2⤵
  PID:6060
- C:\Windows\System\leYtWKA.exe
  C:\Windows\System\leYtWKA.exe
  2⤵
  PID:8032
- C:\Windows\System\ysdmqND.exe
  C:\Windows\System\ysdmqND.exe
  2⤵
  PID:7348
- C:\Windows\System\AugYwgE.exe
  C:\Windows\System\AugYwgE.exe
  2⤵
  PID:6196
- C:\Windows\System\MATAfJc.exe
  C:\Windows\System\MATAfJc.exe
  2⤵
  PID:7228
- C:\Windows\System\zLBZQUZ.exe
  C:\Windows\System\zLBZQUZ.exe
  2⤵
  PID:7300
- C:\Windows\System\wdGhkkH.exe
  C:\Windows\System\wdGhkkH.exe
  2⤵
  PID:7396
- C:\Windows\System\kNSEBvw.exe
  C:\Windows\System\kNSEBvw.exe
  2⤵
  PID:7408
- C:\Windows\System\vnIriCJ.exe
  C:\Windows\System\vnIriCJ.exe
  2⤵
  PID:7432
- C:\Windows\System\uRTcCyX.exe
  C:\Windows\System\uRTcCyX.exe
  2⤵
  PID:7496
- C:\Windows\System\DKFILYI.exe
  C:\Windows\System\DKFILYI.exe
  2⤵
  PID:7692
- C:\Windows\System\HYjYkFL.exe
  C:\Windows\System\HYjYkFL.exe
  2⤵
  PID:7644
- C:\Windows\System\kyEOzfR.exe
  C:\Windows\System\kyEOzfR.exe
  2⤵
  PID:7596
- C:\Windows\System\HQITHIu.exe
  C:\Windows\System\HQITHIu.exe
  2⤵
  PID:7880
- C:\Windows\System\WvZPvZF.exe
  C:\Windows\System\WvZPvZF.exe
  2⤵
  PID:7028
- C:\Windows\System\oVwEyiI.exe
  C:\Windows\System\oVwEyiI.exe
  2⤵
  PID:2780
- C:\Windows\System\hQtFVHy.exe
  C:\Windows\System\hQtFVHy.exe
  2⤵
  PID:7312
- C:\Windows\System\KYCzVUc.exe
  C:\Windows\System\KYCzVUc.exe
  2⤵
  PID:5588
- C:\Windows\System\prGmrlr.exe
  C:\Windows\System\prGmrlr.exe
  2⤵
  PID:7416
- C:\Windows\System\oeFCYrW.exe
  C:\Windows\System\oeFCYrW.exe
  2⤵
  PID:7916
- C:\Windows\System\UsjiVDB.exe
  C:\Windows\System\UsjiVDB.exe
  2⤵
  PID:7052
- C:\Windows\System\TIChBJG.exe
  C:\Windows\System\TIChBJG.exe
  2⤵
  PID:8204
- C:\Windows\System\tUZMXYF.exe
  C:\Windows\System\tUZMXYF.exe
  2⤵
  PID:8220
- C:\Windows\System\XFGrATD.exe
  C:\Windows\System\XFGrATD.exe
  2⤵
  PID:8236
- C:\Windows\System\nhAkgMv.exe
  C:\Windows\System\nhAkgMv.exe
  2⤵
  PID:8252
- C:\Windows\System\UQlkYDH.exe
  C:\Windows\System\UQlkYDH.exe
  2⤵
  PID:8268
- C:\Windows\System\jwUxTTx.exe
  C:\Windows\System\jwUxTTx.exe
  2⤵
  PID:8284
- C:\Windows\System\rGyJoTJ.exe
  C:\Windows\System\rGyJoTJ.exe
  2⤵
  PID:8308
- C:\Windows\System\pxnocvV.exe
  C:\Windows\System\pxnocvV.exe
  2⤵
  PID:8324
- C:\Windows\System\yCvwJRq.exe
  C:\Windows\System\yCvwJRq.exe
  2⤵
  PID:8356
- C:\Windows\System\XmbywkL.exe
  C:\Windows\System\XmbywkL.exe
  2⤵
  PID:8372
- C:\Windows\System\xjfVgkO.exe
  C:\Windows\System\xjfVgkO.exe
  2⤵
  PID:8388
- C:\Windows\System\obiwBWr.exe
  C:\Windows\System\obiwBWr.exe
  2⤵
  PID:8404
- C:\Windows\System\QEbuaTs.exe
  C:\Windows\System\QEbuaTs.exe
  2⤵
  PID:8420
- C:\Windows\System\bVcJKjA.exe
  C:\Windows\System\bVcJKjA.exe
  2⤵
  PID:8436
- C:\Windows\System\Xyutomm.exe
  C:\Windows\System\Xyutomm.exe
  2⤵
  PID:8452
- C:\Windows\System\XJmPoMw.exe
  C:\Windows\System\XJmPoMw.exe
  2⤵
  PID:8472
- C:\Windows\System\dmcTNqk.exe
  C:\Windows\System\dmcTNqk.exe
  2⤵
  PID:8488
- C:\Windows\System\tzMeoxp.exe
  C:\Windows\System\tzMeoxp.exe
  2⤵
  PID:8504
- C:\Windows\System\RYMBPbR.exe
  C:\Windows\System\RYMBPbR.exe
  2⤵
  PID:8520
- C:\Windows\System\SbLdXdG.exe
  C:\Windows\System\SbLdXdG.exe
  2⤵
  PID:8536
- C:\Windows\System\AHxWxyq.exe
  C:\Windows\System\AHxWxyq.exe
  2⤵
  PID:8552
- C:\Windows\System\TFLbnFR.exe
  C:\Windows\System\TFLbnFR.exe
  2⤵
  PID:8568
- C:\Windows\System\zyCTcJe.exe
  C:\Windows\System\zyCTcJe.exe
  2⤵
  PID:8584
- C:\Windows\System\bqBgKLp.exe
  C:\Windows\System\bqBgKLp.exe
  2⤵
  PID:8600
- C:\Windows\System\noHbWRK.exe
  C:\Windows\System\noHbWRK.exe
  2⤵
  PID:8616
- C:\Windows\System\gcQuWIa.exe
  C:\Windows\System\gcQuWIa.exe
  2⤵
  PID:8632
- C:\Windows\System\iqPdXJB.exe
  C:\Windows\System\iqPdXJB.exe
  2⤵
  PID:8648
- C:\Windows\System\KPlpird.exe
  C:\Windows\System\KPlpird.exe
  2⤵
  PID:8668
- C:\Windows\System\ciAXjGi.exe
  C:\Windows\System\ciAXjGi.exe
  2⤵
  PID:8684
- C:\Windows\System\VMbFHRr.exe
  C:\Windows\System\VMbFHRr.exe
  2⤵
  PID:8700
- C:\Windows\System\hLDzGTx.exe
  C:\Windows\System\hLDzGTx.exe
  2⤵
  PID:8716
- C:\Windows\System\sYXLSPa.exe
  C:\Windows\System\sYXLSPa.exe
  2⤵
  PID:8732
- C:\Windows\System\ketsXxz.exe
  C:\Windows\System\ketsXxz.exe
  2⤵
  PID:8748
- C:\Windows\System\kcISPVm.exe
  C:\Windows\System\kcISPVm.exe
  2⤵
  PID:8764
- C:\Windows\System\rdzLJdQ.exe
  C:\Windows\System\rdzLJdQ.exe
  2⤵
  PID:8780
- C:\Windows\System\DmhiNPz.exe
  C:\Windows\System\DmhiNPz.exe
  2⤵
  PID:8796
- C:\Windows\System\BzpyzHC.exe
  C:\Windows\System\BzpyzHC.exe
  2⤵
  PID:8816
- C:\Windows\System\ARkeyxN.exe
  C:\Windows\System\ARkeyxN.exe
  2⤵
  PID:8832
- C:\Windows\System\VmErmzd.exe
  C:\Windows\System\VmErmzd.exe
  2⤵
  PID:8848
- C:\Windows\System\ZKVOTvD.exe
  C:\Windows\System\ZKVOTvD.exe
  2⤵
  PID:8864
- C:\Windows\System\ratdzYh.exe
  C:\Windows\System\ratdzYh.exe
  2⤵
  PID:8884
- C:\Windows\System\RxFnznN.exe
  C:\Windows\System\RxFnznN.exe
  2⤵
  PID:8904
- C:\Windows\System\czvlZeB.exe
  C:\Windows\System\czvlZeB.exe
  2⤵
  PID:8920
- C:\Windows\System\WXFmkiS.exe
  C:\Windows\System\WXFmkiS.exe
  2⤵
  PID:8956
- C:\Windows\System\eKsBCUm.exe
  C:\Windows\System\eKsBCUm.exe
  2⤵
  PID:9008
- C:\Windows\System\YLDuGui.exe
  C:\Windows\System\YLDuGui.exe
  2⤵
  PID:9048
- C:\Windows\System\ayzfvbF.exe
  C:\Windows\System\ayzfvbF.exe
  2⤵
  PID:9064
- C:\Windows\System\PBxBtVN.exe
  C:\Windows\System\PBxBtVN.exe
  2⤵
  PID:9096
- C:\Windows\System\lJsIumr.exe
  C:\Windows\System\lJsIumr.exe
  2⤵
  PID:9112
- C:\Windows\System\OmuSqDc.exe
  C:\Windows\System\OmuSqDc.exe
  2⤵
  PID:9128
- C:\Windows\System\IorTmzN.exe
  C:\Windows\System\IorTmzN.exe
  2⤵
  PID:9144
- C:\Windows\System\FmkEmkQ.exe
  C:\Windows\System\FmkEmkQ.exe
  2⤵
  PID:9160
- C:\Windows\System\RBIhIfq.exe
  C:\Windows\System\RBIhIfq.exe
  2⤵
  PID:9180
- C:\Windows\System\dZKjKIY.exe
  C:\Windows\System\dZKjKIY.exe
  2⤵
  PID:9208
- C:\Windows\System\KuiOHQi.exe
  C:\Windows\System\KuiOHQi.exe
  2⤵
  PID:7480
- C:\Windows\System\bYiBIuL.exe
  C:\Windows\System\bYiBIuL.exe
  2⤵
  PID:8276
- C:\Windows\System\yqkRiBy.exe
  C:\Windows\System\yqkRiBy.exe
  2⤵
  PID:8180
- C:\Windows\System\AfnGFVh.exe
  C:\Windows\System\AfnGFVh.exe
  2⤵
  PID:7540
- C:\Windows\System\qgfpcMd.exe
  C:\Windows\System\qgfpcMd.exe
  2⤵
  PID:8012
- C:\Windows\System\RZukyNv.exe
  C:\Windows\System\RZukyNv.exe
  2⤵
  PID:7188
- C:\Windows\System\ypMlkjS.exe
  C:\Windows\System\ypMlkjS.exe
  2⤵
  PID:8196
- C:\Windows\System\JrMAcgy.exe
  C:\Windows\System\JrMAcgy.exe
  2⤵
  PID:8260
- C:\Windows\System\pVKnglg.exe
  C:\Windows\System\pVKnglg.exe
  2⤵
  PID:8300
- C:\Windows\System\QOcdmJz.exe
  C:\Windows\System\QOcdmJz.exe
  2⤵
  PID:8068
- C:\Windows\System\UQnEEBx.exe
  C:\Windows\System\UQnEEBx.exe
  2⤵
  PID:8348
- C:\Windows\System\twRRReh.exe
  C:\Windows\System\twRRReh.exe
  2⤵
  PID:8352
- C:\Windows\System\oKfLiqz.exe
  C:\Windows\System\oKfLiqz.exe
  2⤵
  PID:8484
- C:\Windows\System\RJipeQZ.exe
  C:\Windows\System\RJipeQZ.exe
  2⤵
  PID:7400
- C:\Windows\System\QBdcmCg.exe
  C:\Windows\System\QBdcmCg.exe
  2⤵
  PID:8400
- C:\Windows\System\FWvjomF.exe
  C:\Windows\System\FWvjomF.exe
  2⤵
  PID:8532
- C:\Windows\System\dNWWAYD.exe
  C:\Windows\System\dNWWAYD.exe
  2⤵
  PID:8624
- C:\Windows\System\HnTAvvc.exe
  C:\Windows\System\HnTAvvc.exe
  2⤵
  PID:8656
- C:\Windows\System\haCjNMX.exe
  C:\Windows\System\haCjNMX.exe
  2⤵
  PID:8664
- C:\Windows\System\ssqyYMX.exe
  C:\Windows\System\ssqyYMX.exe
  2⤵
  PID:8724
- C:\Windows\System\jYyVZFp.exe
  C:\Windows\System\jYyVZFp.exe
  2⤵
  PID:8516
- C:\Windows\System\SBENjOX.exe
  C:\Windows\System\SBENjOX.exe
  2⤵
  PID:8824
- C:\Windows\System\bPOgQGx.exe
  C:\Windows\System\bPOgQGx.exe
  2⤵
  PID:8928
- C:\Windows\System\XxpwJSz.exe
  C:\Windows\System\XxpwJSz.exe
  2⤵
  PID:8948
- C:\Windows\System\JtGUQlC.exe
  C:\Windows\System\JtGUQlC.exe
  2⤵
  PID:9040
- C:\Windows\System\dfXvGSJ.exe
  C:\Windows\System\dfXvGSJ.exe
  2⤵
  PID:9152
- C:\Windows\System\HmdIkDt.exe
  C:\Windows\System\HmdIkDt.exe
  2⤵
  PID:9196
- C:\Windows\System\AfjAQoR.exe
  C:\Windows\System\AfjAQoR.exe
  2⤵
  PID:8216
- C:\Windows\System\XqLzPbt.exe
  C:\Windows\System\XqLzPbt.exe
  2⤵
  PID:9088
- C:\Windows\System\pgofQKz.exe
  C:\Windows\System\pgofQKz.exe
  2⤵
  PID:9108
- C:\Windows\System\jkpekBu.exe
  C:\Windows\System\jkpekBu.exe
  2⤵
  PID:8052
- C:\Windows\System\xLFiLMS.exe
  C:\Windows\System\xLFiLMS.exe
  2⤵
  PID:8292
- C:\Windows\System\Qswkaeh.exe
  C:\Windows\System\Qswkaeh.exe
  2⤵
  PID:8332
- C:\Windows\System\fzaQNnz.exe
  C:\Windows\System\fzaQNnz.exe
  2⤵
  PID:8228
- C:\Windows\System\JWuILva.exe
  C:\Windows\System\JWuILva.exe
  2⤵
  PID:7280
- C:\Windows\System\ZgmpEiT.exe
  C:\Windows\System\ZgmpEiT.exe
  2⤵
  PID:7932
- C:\Windows\System\LSbKpun.exe
  C:\Windows\System\LSbKpun.exe
  2⤵
  PID:8340
- C:\Windows\System\cApyLei.exe
  C:\Windows\System\cApyLei.exe
  2⤵
  PID:8448
- C:\Windows\System\qaEbYaY.exe
  C:\Windows\System\qaEbYaY.exe
  2⤵
  PID:8512
- C:\Windows\System\gZMSPpZ.exe
  C:\Windows\System\gZMSPpZ.exe
  2⤵
  PID:8432
- C:\Windows\System\rAVVkFd.exe
  C:\Windows\System\rAVVkFd.exe
  2⤵
  PID:8696
- C:\Windows\System\cwcasjV.exe
  C:\Windows\System\cwcasjV.exe
  2⤵
  PID:8576
- C:\Windows\System\VkDwghU.exe
  C:\Windows\System\VkDwghU.exe
  2⤵
  PID:8900
- C:\Windows\System\ErHEkss.exe
  C:\Windows\System\ErHEkss.exe
  2⤵
  PID:8708
- C:\Windows\System\WtOdtkf.exe
  C:\Windows\System\WtOdtkf.exe
  2⤵
  PID:8644
- C:\Windows\System\thPnMXz.exe
  C:\Windows\System\thPnMXz.exe
  2⤵
  PID:8808
- C:\Windows\System\lyBytoI.exe
  C:\Windows\System\lyBytoI.exe
  2⤵
  PID:8872
- C:\Windows\System\SNEFsze.exe
  C:\Windows\System\SNEFsze.exe
  2⤵
  PID:8916
- C:\Windows\System\xVnepeT.exe
  C:\Windows\System\xVnepeT.exe
  2⤵
  PID:8988
- C:\Windows\System\ZYzkAgN.exe
  C:\Windows\System\ZYzkAgN.exe
  2⤵
  PID:9020
- C:\Windows\System\JraiQpb.exe
  C:\Windows\System\JraiQpb.exe
  2⤵
  PID:9072
- C:\Windows\System\qVYTPlq.exe
  C:\Windows\System\qVYTPlq.exe
  2⤵
  PID:9188
- C:\Windows\System\xlqkbRR.exe
  C:\Windows\System\xlqkbRR.exe
  2⤵
  PID:9076
- C:\Windows\System\TGSVhvO.exe
  C:\Windows\System\TGSVhvO.exe
  2⤵
  PID:8212
- C:\Windows\System\KgRlMTT.exe
  C:\Windows\System\KgRlMTT.exe
  2⤵
  PID:9176
- C:\Windows\System\nLHDNKK.exe
  C:\Windows\System\nLHDNKK.exe
  2⤵
  PID:7708
- C:\Windows\System\VzcmoWr.exe
  C:\Windows\System\VzcmoWr.exe
  2⤵
  PID:7872
- C:\Windows\System\dgylAhc.exe
  C:\Windows\System\dgylAhc.exe
  2⤵
  PID:8396
- C:\Windows\System\nvKGCWu.exe
  C:\Windows\System\nvKGCWu.exe
  2⤵
  PID:8612
- C:\Windows\System\XCCuSbw.exe
  C:\Windows\System\XCCuSbw.exe
  2⤵
  PID:8528
- C:\Windows\System\EpEzATN.exe
  C:\Windows\System\EpEzATN.exe
  2⤵
  PID:8756
- C:\Windows\System\VVefVIX.exe
  C:\Windows\System\VVefVIX.exe
  2⤵
  PID:8912
- C:\Windows\System\AQhGjAv.exe
  C:\Windows\System\AQhGjAv.exe
  2⤵
  PID:9120
- C:\Windows\System\wCtkJCU.exe
  C:\Windows\System\wCtkJCU.exe
  2⤵
  PID:8844
- C:\Windows\System\WYrWoiR.exe
  C:\Windows\System\WYrWoiR.exe
  2⤵
  PID:9056
- C:\Windows\System\hwFuyWM.exe
  C:\Windows\System\hwFuyWM.exe
  2⤵
  PID:8744
- C:\Windows\System\KMaFLrq.exe
  C:\Windows\System\KMaFLrq.exe
  2⤵
  PID:7876
- C:\Windows\System\ZcBhUuc.exe
  C:\Windows\System\ZcBhUuc.exe
  2⤵
  PID:2244
- C:\Windows\System\mGqqeTI.exe
  C:\Windows\System\mGqqeTI.exe
  2⤵
  PID:8896
- C:\Windows\System\LWBXyeQ.exe
  C:\Windows\System\LWBXyeQ.exe
  2⤵
  PID:8464
- C:\Windows\System\KwXPbnT.exe
  C:\Windows\System\KwXPbnT.exe
  2⤵
  PID:9124
- C:\Windows\System\vEZAwSE.exe
  C:\Windows\System\vEZAwSE.exe
  2⤵
  PID:9004
- C:\Windows\System\nAMaUmC.exe
  C:\Windows\System\nAMaUmC.exe
  2⤵
  PID:8680
- C:\Windows\System\nbJMIrz.exe
  C:\Windows\System\nbJMIrz.exe
  2⤵
  PID:8500
- C:\Windows\System\OceAfxI.exe
  C:\Windows\System\OceAfxI.exe
  2⤵
  PID:9136
- C:\Windows\System\TmiVdyf.exe
  C:\Windows\System\TmiVdyf.exe
  2⤵
  PID:9232
- C:\Windows\System\tucKcxh.exe
  C:\Windows\System\tucKcxh.exe
  2⤵
  PID:9248
- C:\Windows\System\vztTTrk.exe
  C:\Windows\System\vztTTrk.exe
  2⤵
  PID:9264
- C:\Windows\System\DSwTkNP.exe
  C:\Windows\System\DSwTkNP.exe
  2⤵
  PID:9280
- C:\Windows\System\zITTUXp.exe
  C:\Windows\System\zITTUXp.exe
  2⤵
  PID:9296
- C:\Windows\System\DVHAqgR.exe
  C:\Windows\System\DVHAqgR.exe
  2⤵
  PID:9312
- C:\Windows\System\lAYAzUZ.exe
  C:\Windows\System\lAYAzUZ.exe
  2⤵
  PID:9328
- C:\Windows\System\CUPnOXd.exe
  C:\Windows\System\CUPnOXd.exe
  2⤵
  PID:9344
- C:\Windows\System\QaRmcwN.exe
  C:\Windows\System\QaRmcwN.exe
  2⤵
  PID:9360
- C:\Windows\System\ULUJzCh.exe
  C:\Windows\System\ULUJzCh.exe
  2⤵
  PID:9376
- C:\Windows\System\ybzjUsz.exe
  C:\Windows\System\ybzjUsz.exe
  2⤵
  PID:9396
- C:\Windows\System\kdBesBA.exe
  C:\Windows\System\kdBesBA.exe
  2⤵
  PID:9412
- C:\Windows\System\JVMkQTK.exe
  C:\Windows\System\JVMkQTK.exe
  2⤵
  PID:9428
- C:\Windows\System\xdcdvGG.exe
  C:\Windows\System\xdcdvGG.exe
  2⤵
  PID:9444
- C:\Windows\System\zIJTGEF.exe
  C:\Windows\System\zIJTGEF.exe
  2⤵
  PID:9460
- C:\Windows\System\uCsqGPG.exe
  C:\Windows\System\uCsqGPG.exe
  2⤵
  PID:9476
- C:\Windows\System\OKtGOdA.exe
  C:\Windows\System\OKtGOdA.exe
  2⤵
  PID:9492
- C:\Windows\System\brGAnAs.exe
  C:\Windows\System\brGAnAs.exe
  2⤵
  PID:9508
- C:\Windows\System\xpbfxCw.exe
  C:\Windows\System\xpbfxCw.exe
  2⤵
  PID:9524
- C:\Windows\System\xkSTwMR.exe
  C:\Windows\System\xkSTwMR.exe
  2⤵
  PID:9540
- C:\Windows\System\RpVLTGk.exe
  C:\Windows\System\RpVLTGk.exe
  2⤵
  PID:9556
- C:\Windows\System\PfwHEpw.exe
  C:\Windows\System\PfwHEpw.exe
  2⤵
  PID:9576
- C:\Windows\System\TjfwOTf.exe
  C:\Windows\System\TjfwOTf.exe
  2⤵
  PID:9592
- C:\Windows\System\bwkKYDL.exe
  C:\Windows\System\bwkKYDL.exe
  2⤵
  PID:9608
- C:\Windows\System\yPIsoYz.exe
  C:\Windows\System\yPIsoYz.exe
  2⤵
  PID:9628
- C:\Windows\System\bdmassk.exe
  C:\Windows\System\bdmassk.exe
  2⤵
  PID:9644
- C:\Windows\System\wKnUbcf.exe
  C:\Windows\System\wKnUbcf.exe
  2⤵
  PID:9660
- C:\Windows\System\DUJKWGM.exe
  C:\Windows\System\DUJKWGM.exe
  2⤵
  PID:9676
- C:\Windows\System\sGkVbUP.exe
  C:\Windows\System\sGkVbUP.exe
  2⤵
  PID:9692
- C:\Windows\System\qhcFMdh.exe
  C:\Windows\System\qhcFMdh.exe
  2⤵
  PID:9708
- C:\Windows\System\qSkdjUy.exe
  C:\Windows\System\qSkdjUy.exe
  2⤵
  PID:9724
- C:\Windows\System\UHspEUt.exe
  C:\Windows\System\UHspEUt.exe
  2⤵
  PID:9740
- C:\Windows\System\UZVuCLO.exe
  C:\Windows\System\UZVuCLO.exe
  2⤵
  PID:9756
- C:\Windows\System\REVWWYI.exe
  C:\Windows\System\REVWWYI.exe
  2⤵
  PID:9772
- C:\Windows\System\gxkandg.exe
  C:\Windows\System\gxkandg.exe
  2⤵
  PID:9788
- C:\Windows\System\MogpMVU.exe
  C:\Windows\System\MogpMVU.exe
  2⤵
  PID:9804
- C:\Windows\System\dyRtyPo.exe
  C:\Windows\System\dyRtyPo.exe
  2⤵
  PID:9820
- C:\Windows\System\SlDzbet.exe
  C:\Windows\System\SlDzbet.exe
  2⤵
  PID:9836
- C:\Windows\System\sQipTlh.exe
  C:\Windows\System\sQipTlh.exe
  2⤵
  PID:9852
- C:\Windows\System\EsaNrVU.exe
  C:\Windows\System\EsaNrVU.exe
  2⤵
  PID:9868
- C:\Windows\System\tDguwwV.exe
  C:\Windows\System\tDguwwV.exe
  2⤵
  PID:9892
- C:\Windows\System\iyUclFq.exe
  C:\Windows\System\iyUclFq.exe
  2⤵
  PID:9908
- C:\Windows\System\uFlKOTy.exe
  C:\Windows\System\uFlKOTy.exe
  2⤵
  PID:9924
- C:\Windows\System\dNOkCTF.exe
  C:\Windows\System\dNOkCTF.exe
  2⤵
  PID:9940
- C:\Windows\System\UnJmXVx.exe
  C:\Windows\System\UnJmXVx.exe
  2⤵
  PID:9956
- C:\Windows\System\NRbYBLR.exe
  C:\Windows\System\NRbYBLR.exe
  2⤵
  PID:9972
- C:\Windows\System\aWMNUKx.exe
  C:\Windows\System\aWMNUKx.exe
  2⤵
  PID:9988
- C:\Windows\System\HGmxudx.exe
  C:\Windows\System\HGmxudx.exe
  2⤵
  PID:10004
- C:\Windows\System\aEvmaoB.exe
  C:\Windows\System\aEvmaoB.exe
  2⤵
  PID:10020
- C:\Windows\System\uodOgoq.exe
  C:\Windows\System\uodOgoq.exe
  2⤵
  PID:10036
- C:\Windows\System\Ncnncza.exe
  C:\Windows\System\Ncnncza.exe
  2⤵
  PID:10052
- C:\Windows\System\WRmiLOP.exe
  C:\Windows\System\WRmiLOP.exe
  2⤵
  PID:10068
- C:\Windows\System\UKWyCHz.exe
  C:\Windows\System\UKWyCHz.exe
  2⤵
  PID:10084
- C:\Windows\System\nzyrhnc.exe
  C:\Windows\System\nzyrhnc.exe
  2⤵
  PID:10100
- C:\Windows\System\WHLcRez.exe
  C:\Windows\System\WHLcRez.exe
  2⤵
  PID:10116
- C:\Windows\System\gPrjHtD.exe
  C:\Windows\System\gPrjHtD.exe
  2⤵
  PID:10132
- C:\Windows\System\BpAXoCY.exe
  C:\Windows\System\BpAXoCY.exe
  2⤵
  PID:10148
- C:\Windows\System\JTSOmTt.exe
  C:\Windows\System\JTSOmTt.exe
  2⤵
  PID:10164
- C:\Windows\System\pMrRlhJ.exe
  C:\Windows\System\pMrRlhJ.exe
  2⤵
  PID:10180
- C:\Windows\System\NCGkgLO.exe
  C:\Windows\System\NCGkgLO.exe
  2⤵
  PID:10220
- C:\Windows\System\RmAVPmT.exe
  C:\Windows\System\RmAVPmT.exe
  2⤵
  PID:9060
- C:\Windows\System\LoVjWus.exe
  C:\Windows\System\LoVjWus.exe
  2⤵
  PID:9092
- C:\Windows\System\xKyXEeO.exe
  C:\Windows\System\xKyXEeO.exe
  2⤵
  PID:9308
- C:\Windows\System\RVTrIGn.exe
  C:\Windows\System\RVTrIGn.exe
  2⤵
  PID:9224
- C:\Windows\System\crOIFhb.exe
  C:\Windows\System\crOIFhb.exe
  2⤵
  PID:9636
- C:\Windows\System\VAZFnFd.exe
  C:\Windows\System\VAZFnFd.exe
  2⤵
  PID:9616
- C:\Windows\System\rMzXTJb.exe
  C:\Windows\System\rMzXTJb.exe
  2⤵
  PID:9668
- C:\Windows\System\qwECQBL.exe
  C:\Windows\System\qwECQBL.exe
  2⤵
  PID:9732
- C:\Windows\System\fLKgTvM.exe
  C:\Windows\System\fLKgTvM.exe
  2⤵
  PID:9796
- C:\Windows\System\GdvPHuz.exe
  C:\Windows\System\GdvPHuz.exe
  2⤵
  PID:9652
- C:\Windows\System\iExHRJh.exe
  C:\Windows\System\iExHRJh.exe
  2⤵
  PID:9720
- C:\Windows\System\XteBFcS.exe
  C:\Windows\System\XteBFcS.exe
  2⤵
  PID:9936
- C:\Windows\System\DqMdhhd.exe
  C:\Windows\System\DqMdhhd.exe
  2⤵
  PID:10156
- C:\Windows\System\kReAVYc.exe
  C:\Windows\System\kReAVYc.exe
  2⤵
  PID:10108
- C:\Windows\System\XWFuQdz.exe
  C:\Windows\System\XWFuQdz.exe
  2⤵
  PID:9848
- C:\Windows\System\VGUnJhV.exe
  C:\Windows\System\VGUnJhV.exe
  2⤵
  PID:9240
- C:\Windows\System\AiWSaHC.exe
  C:\Windows\System\AiWSaHC.exe
  2⤵
  PID:8776
- C:\Windows\System\ClATROK.exe
  C:\Windows\System\ClATROK.exe
  2⤵
  PID:9436
- C:\Windows\System\Xjrzjfz.exe
  C:\Windows\System\Xjrzjfz.exe
  2⤵
  PID:9500
- C:\Windows\System\nPlWnlH.exe
  C:\Windows\System\nPlWnlH.exe
  2⤵
  PID:9488
- C:\Windows\System\bEwYVeY.exe
  C:\Windows\System\bEwYVeY.exe
  2⤵
  PID:9584
- C:\Windows\System\rOddBVM.exe
  C:\Windows\System\rOddBVM.exe
  2⤵
  PID:9828
- C:\Windows\System\mblUhoV.exe
  C:\Windows\System\mblUhoV.exe
  2⤵
  PID:9716
- C:\Windows\System\SXTvpkF.exe
  C:\Windows\System\SXTvpkF.exe
  2⤵
  PID:9900
- C:\Windows\System\aUMOGmi.exe
  C:\Windows\System\aUMOGmi.exe
  2⤵
  PID:9984
- C:\Windows\System\GuKTInM.exe
  C:\Windows\System\GuKTInM.exe
  2⤵
  PID:9916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BLUDChh.exe

Filesize
6.0MB

MD5
1c21575d7f7ab19f2ed569b9b6354031

SHA1
af3827436fd8628dbf5362870ff29de5ec69ea2c

SHA256
051624fa211a2482282130759f02761750e2929af3a112bdaf61c4c2eec0c742

SHA512
a919eb28a7cefccb8c3a68b6d4dc9d99679f82b6e5ad4b3e50439cd8c375144f44b70e503a50e3952d92e602720fdfe9165a489a7b9450753ac94d9f117a6710

Download Submit
C:\Windows\system\CyIvNSX.exe

Filesize
6.0MB

MD5
a204ebae6b12e9efefffc07d25e292e6

SHA1
6d4daaa98b7f091015d17d0c762eb4d0c98e740d

SHA256
0867fab19875cd8a3e6b30d7934839c14f87d37b035a486c319b6b7493bb0cc2

SHA512
993cb98dbc4460bc1325f0eed926ea93ee171a266b5a86f3fd3b221221ac1bb1e4da3ea3b51e2065fbff89019e78c68cd4e94b14f2a2c6e2bff37b11757212eb

Download Submit
C:\Windows\system\DgNiNMd.exe

Filesize
6.0MB

MD5
e4c6e181be82a12a14bff42db0adf0cc

SHA1
57d58f3b0ed242f0af06c8260e2df81f9925b918

SHA256
8563e98c261c21142ed5536b5fdf72abe1346d94f91aeb704280ba96982e5314

SHA512
489e1b10d95fdc4ac13403b0c521ef502f8e35e14d35d16d59c540699974246f0e36b62f279ec4de4d3c46aa2ff6c7897ca557bc1af4435a2ae98adf4ccfa292

Download Submit
C:\Windows\system\DgudBVC.exe

Filesize
6.0MB

MD5
a972226194841da7938dfe7cb28b228c

SHA1
7d06152f6587fbd2a97db4b50be133c13882b713

SHA256
0d8d2aad44b7a63428a680f70897317cd3e69d852dc38233c90c4d5ed41c6018

SHA512
befad6baaf5e7db059e3c24319f5014d162d034e4bbb1090c063cd8f0c3cf3e018bcac8066d4236188d57286c809169778a015a16735584dc4778b3df2c80428

Download Submit
C:\Windows\system\MCxpLub.exe

Filesize
6.0MB

MD5
98df198440321967e40a7a1dd9ea7894

SHA1
ab231e82cfe91a72d9b97c5c25b03d112145a5dd

SHA256
f20a2c1cb46e9df011de249ba99781aeadb87c77cff4b2198ea67980ce70d80e

SHA512
99a031d936ebd0d3f7bef2973375dc3d05b7b133e8159e7e1ddf475c317f94fb3c4e967af9dddd4fdce87a550abe8cf8ff93deba6b6395b8931bc8d5741ba111

Download Submit
C:\Windows\system\MiDPTkV.exe

Filesize
6.0MB

MD5
d8c6164353c34cab9b47d1aab2cc7c1a

SHA1
b1ab896266ffa3c57d3f110c80a14b6aac9f9106

SHA256
96a97967f60218553af46e16254dd00081caf5b52de1fa2571119de098472405

SHA512
09bb3a527e0538c8d7932ab126cc37815a7169e92f5abd1e72ca65cd99add8ff2614b9b0f3c4238c18839d35708830e6b07198dd403ba8deb718224b0b5d8f3c

Download Submit
C:\Windows\system\OBvuIEt.exe

Filesize
6.0MB

MD5
f171a94d804e88debfa45ce488f0fa64

SHA1
d50d8020cddf1320a840cbfc87bc9961d25ac899

SHA256
9073eac9999f3a5d52867c39e6a007f4912ca8210362ec51275af0369ead99d2

SHA512
1b334c5ee746388e3f368d8762ca6ded10fb06638411a276b35c58168de2da2f1e17e08b981874a78a8ded0f39c8a28d440e9fca702741723b9d400bc9d6f45a

Download Submit
C:\Windows\system\UXSAeip.exe

Filesize
6.0MB

MD5
cd57a255d6dbdaa22d6314c276229eaf

SHA1
b2543a27c24bd92f53cb43fde53c79bc9debe90b

SHA256
f0f816b3bf48e1855726d064f561380dcb7db1ee80d3299976bc2df3e8a05f42

SHA512
a4036e451f77de2b8f90ba765e65507ac06b2cdb14233a92adebc56bd824c8214720b7b7e0fb4a4a4d52b3beb4794e3662c8e320a0152a667a8842788a38cfeb

Download Submit
C:\Windows\system\UePxdar.exe

Filesize
6.0MB

MD5
cc4ef819d16c9aba6d50fbf6a71821e7

SHA1
0a489c07b16391e7928b464b3e16284805782f5b

SHA256
b600d91b01282b13404c7253c9e0c91b22d8f68f9c1d4ce00f939d0e34618217

SHA512
cc12eb578ca43995f7d50cf1f8cf616ca6b35f1f25dc2b170686547d82801efe575194cb8b6ae7831dc5aa74624ef05243a3c8b79ddaa97d699c946883061ff5

Download Submit
C:\Windows\system\XjNOhBx.exe

Filesize
6.0MB

MD5
06b507950b44fab29b571cb1852dd1bf

SHA1
6704fb6279fc38c2645813d2be33439c587274bc

SHA256
df24342cdb4cd1a8dd14d408d270d09da7c5b4961b15a3f74aaef1fdc22fae6c

SHA512
dd67b6077c5cc220ad5686636d7a4632890ef9236a746d28e06ae8a1700c6dc1c11048c50cd76c2592e25c688411ba0f0fa690599e1ddc83f7b08afdf1e82d69

Download Submit
C:\Windows\system\YIAWtNp.exe

Filesize
6.0MB

MD5
54787bf4c50647a3c35340811a209771

SHA1
9fad32c4cd3123a30c6768dca948c5b8038acdee

SHA256
da51cc09babe938a9c5c237567a6603e1cacb5874a8e2269c83cf601cc418563

SHA512
a1b607ee0a7c4f1d7c04db73e0026342defd005886a9caa40fce3d36a3aab57c9b9ac45fde0206d60661c29f0c36ed5642896dc444334f65feb5bd64186590fb

Download Submit
C:\Windows\system\aLTqLqQ.exe

Filesize
6.0MB

MD5
f3667becf1cf59f96d9294ad9d7eb4cd

SHA1
a6a1c854e359df823734bc733291c00702b4f52f

SHA256
f120a2bedd9dbb3ba36ec70d70a7d97c6b6b6590a37070275a6448a33e71b8b0

SHA512
67ba81c771d4a071b0b9cb28b7b9b2b607b984732d1ed18eec3c6646d1514a873b51f2fc3d29c9b176beec2c9bb20051e27b425e5c099b7af9c27b60a88ed54a

Download Submit
C:\Windows\system\bKXvwkt.exe

Filesize
6.0MB

MD5
c52235408a4273c0861f5c6261aeb371

SHA1
233de83d56b8ad6e5663f86ad8da53999cddd393

SHA256
eeb5c09a668e832198c0786d14616022f724840e3287937b654d999c33e5a40e

SHA512
ffc9222113e07a1a6ead731bb0a30cdc2f3b32868584044560a32ccf47c934643b89248afc4f7dca06a0a09e8bf9cf8df137459fe21868fffbe99111df5fdbc5

Download Submit
C:\Windows\system\egtjOLX.exe

Filesize
6.0MB

MD5
e9b334d46e1fdace0f0408a288500746

SHA1
d4baf98e235c21fb67f45a9f8517d004ff6d029f

SHA256
6a14a93da74dcb15eb82fa943890df7f573b2ada986a650b921bd69a9f36691f

SHA512
1b9a8ca09d1066e67d18cb28fa9c2bedd7a9833c9a2f6ebe06abb3c67b9d9afcd74b3fea10b4ac2d8b7b7cc26d6ac77f20d868033aae2c3ef5c2379c8f50a77c

Download Submit
C:\Windows\system\fckFRVz.exe

Filesize
6.0MB

MD5
7ee965d917e79bfcdfa58fbd4b7c4467

SHA1
17b77eb4311d7bff4bdcbb9b6c6c4bb2ded5b2a9

SHA256
07ed52e500033739f7eb6ff5aeec9aadb815492c1b6fbc7cf6d2be66071b920e

SHA512
93983f1dc0cc32222d111f3d8a07846ea0b68e66db51ba199928786a34059564bd3242df1b52f9da7585f61d038a2f60232fec3e154631d207704d2ef590347d

Download Submit
C:\Windows\system\hTwTRuS.exe

Filesize
6.0MB

MD5
38fc31b14ca352a11835f0ca13b5d870

SHA1
a7358bf27f37979bf95d159b5eb9878435973a66

SHA256
841e0e41e8a7f0dc5fc1695ddb8603f648b08027ba73a660281b764e422c2fc4

SHA512
af2730fe6891894c6025b07b0353dd5fc12a7e3c9a2af4bb92fa73b3b22d4396fe72f09f92be702d5e033599849a540396098b5bc503792d3cf82096b5754229

Download Submit
C:\Windows\system\kjNoSwJ.exe

Filesize
6.0MB

MD5
44d5aef384dfa10f170838ff84bde7a1

SHA1
ba304718cb5b2c92b74992e5dae9bbbadd9fe266

SHA256
adcafbd2d9c70b7565adaa1a15efd9b8f45d993cbe2af243b986847757c6b328

SHA512
c63842ea637736a1e76b33f8956583859be3a19bd910e890e60f75618befa4c6c2d3d2d3f3846301807c166d00c3472bbc593460467f2fcd6051be4b54268747

Download Submit
C:\Windows\system\lCAvtFu.exe

Filesize
6.0MB

MD5
a0db7d67fa62ecb7201e115e9fe9e053

SHA1
fdd6e4ed160a78faf08bd4362ac47f0a5b952c20

SHA256
725019fc1cf47a5abc08f1a855db4055eba5c7b3c28250f8d180501bf0b32cb7

SHA512
fbfdb036abaf3b4a67605c1f15b1694d6622478c419b3100f749b7f92ef059bfd475c5da07d571fd2f7abe6a51f7d1f5b1344789ed838d5e8d27297f3a1c7945

Download Submit
C:\Windows\system\lbCZhgt.exe

Filesize
6.0MB

MD5
75eb8eec6569e4c48adfd6d82446236d

SHA1
4afc010bfe059be4f87065b2759af5fbc816eb7c

SHA256
3ba3c6133900c3da30cebfac65148d58e838aca60a0f7dd13b9c3dac1a557d1d

SHA512
6c1dd0bbf287e6c494578f5ef1a6b9df2f0f894eb117cdb1af4720f83767556041df9fc7a7530dcfa2d1fa64a815cef9d7ec3e2d8673657c71dcc38ba5d938c5

Download Submit
C:\Windows\system\mNXhsWN.exe

Filesize
6.0MB

MD5
17a8f6bb1f5d2cc3618666052a45b493

SHA1
e2490b981ee78bd39ceb4a8b8d5cd6ab20ec2c5a

SHA256
5abf5a901ecda603135473849eabc4657338aa33eaffec01ef01ffbefe2a90f5

SHA512
da40037ddb9c3e111bd003fc4d4d772b28ba23c0ff63d31b352078ceb0b1b72305f7f3d26ea2b7fc1c9d4c64cea85ae1b9ea5924782a2e9e07bf99fd498385c4

Download Submit
C:\Windows\system\oVAxjpv.exe

Filesize
6.0MB

MD5
8ada50650baaead9b741e57f2b37be00

SHA1
f8cb1c4a16eb46dd594836a5fe36d1301744ddc4

SHA256
cca7980f5d0c3da5c431e8cef9065aa5599d52980c96bd6c1316aba04b517e58

SHA512
ec3a6ec359661159a77440f20872f648db90cd01b5f1a2eb9a7f7282b09a55ec0fdd35783413656f0feb6b16c7f822623df561b98d6fc0a6da817c76cdbb55dc

Download Submit
C:\Windows\system\oinZNWn.exe

Filesize
6.0MB

MD5
29c20a120ae027ce54d09397bfb0ab93

SHA1
4bb19f432c9fadb7b953ee51face84e9637aaf49

SHA256
3ea200f517c5be7a535a29e5d49ba2dce6fbc585f0f8e3e5986d3cdafe71b244

SHA512
b8b0f469acd180f2d957f548cc0fe929c8ead34d8c55dd8fd1d0533d2fd923008211a2a4d29831e0600559551c5c4741ff3722561efcfca9f8e8d16897d28e9a

Download Submit
C:\Windows\system\zlfUilw.exe

Filesize
6.0MB

MD5
ccd4f0b5f07e9628dbe265ca1f01ae7a

SHA1
a3de96c995fa52dabafa19968cdfdaec042ac691

SHA256
1658f2505db227462cc3704ae7c40e344363fce55b3ee963e7b4df22d8a2c5fc

SHA512
caeadf0603c307c7c1e73ed29df0af126b994936bfc4b0481d54789c7f2cf7e2fff215fc2aec3e155008fc173d214d48c509385991a84ab36c681aa4cfca1f04

Download Submit
C:\Windows\system\zsImdSV.exe

Filesize
6.0MB

MD5
a8f8f33c5e2d784683887fd2c04174ef

SHA1
aa7813e6fe6a19a3bc7e121896f5114b17ea5caa

SHA256
fd729a65765dfe9f2db4917fed699e95a7c05d990897c08693eb478f2f99d335

SHA512
446b2cb052ed282eab6abc098653e044fc733238ee95a6d45fd2177fd1264a34e49ec870c77d7102e46e7f9f07173ca89565f6cbd033bbd75cbe0014b4e668e5

Download Submit
\Windows\system\AntPfGq.exe

Filesize
6.0MB

MD5
e031c7e5d537332de58c2f27dcbc9d9b

SHA1
bb734ec7628d21cd13a6331bcaed444e16e75c39

SHA256
73ecd85a6631e0af0bcfabab09d6f7775e800b62b5fdff0564486f204c76cb9c

SHA512
c93d732947af93d08946d717412427837a8fb512678563a93ae4b02140c30d9532c846c5fcf49b78eaedc18dd045e4c491ac093e25959e5f13d49fb1f1af4b56

Download Submit
\Windows\system\BScXtYz.exe

Filesize
6.0MB

MD5
654dfc39accea614814e47a07cbdb68b

SHA1
ce4712e0149f6e4c787b4db101de3c0c0e09f606

SHA256
f56275e396b27dc542130b84b758da1c1a60cf914055e392ae74392c1e5dc4f2

SHA512
f04aebeb1ddf0d7c2b3b1133f1770a8b75abf5fb974fe9a5572106f9a1b8f957f7e2fa2e0b2cb37bbd06a46da9f8ef2d7f88632222476fd8c5bc7bd67fe2c14d

Download Submit
\Windows\system\FZjHyUs.exe

Filesize
6.0MB

MD5
c4e1d98f45a317e81dde2b849583856f

SHA1
b865d3ba0e830fc8cee3a1c8c9c578705834751b

SHA256
40537d9b1b023a3512433084f13a5377a95aa61af7694f9f6d4e7baaafa76f0c

SHA512
e2a6be941514efe33cc17e2562e9b7a5bfc15ea32feccea040d2945a862eb67c8472d612d34945576275f79685b4ad8f0859b66f9578d35c413a4e24607682df

Download Submit
\Windows\system\NaXykKg.exe

Filesize
6.0MB

MD5
a34e8b509371e6eb1ffa6fffa2737db5

SHA1
ce5c01e324c264518848ba90ec719498f3b06958

SHA256
9423527fbc3c47f0b249d94687ac73c59f8ee2429c4cb02acce68d98eb268e26

SHA512
bdb77bd8884f1d2c352b225ec878990d8cfbed60b0a309b7fb4cfc4ce8ee5a95321d31359bc955efed41770a1742e89245ea451e2e5757b3447043c6287bb888

Download Submit
\Windows\system\TCnecYC.exe

Filesize
6.0MB

MD5
cf6b74036466bd12b6b526c970e51577

SHA1
29f7fa940d8f020408f8e031bb3906e46f545c77

SHA256
e84a45c516009c0355f2bbca79ef243bc33b2f3cedd83a10b5d33b18acb0bde9

SHA512
b45736e789dfe27cb7f0ba7c8996df452ae8a7629ab272fe9f0d24ed84799db371c05b500dcacb7c2a415b38343d2a2483e308e10ef1dc86b0f8f44e80471764

Download Submit
\Windows\system\WKVbugP.exe

Filesize
6.0MB

MD5
06479cda39b3f6c06fdaa27c5f8ff420

SHA1
524eff68ffb5e9000419ec84215d1af4a72c6311

SHA256
3342b7a37f3c8ab51dec44eb02c84be6a2449d4c2893ae1e7bd14d2c3bef47a9

SHA512
5db0b26c84a15dd92ea3885dc5324afc6b94fe8cc40753cd19930ed267bab556a0e64e21018aff8fe4e999acde8e27de3049b56eee7187587724fab8023e99fa

Download Submit
\Windows\system\mxUWpfi.exe

Filesize
6.0MB

MD5
7973251e29c4d35ef051bbcc69412214

SHA1
3b6c028a72e6fee265b0f4d940b8e208b66c081e

SHA256
160bb95e743aee59003397d4a9bd6fdc67c03953b0f9c45b9fb55023fd3a69a4

SHA512
e845495ac81e32512f4921c36264bbe2c655b5a5a319c8be3d52d4d114dec3293c5be32278f55cec4218015a8fae0f61dc36d9f7433cdb6c7f2c3b32e40f41f4

Download Submit
\Windows\system\oqYAyMb.exe

Filesize
6.0MB

MD5
018682f9439a4d3f82fdab33c31b1a3f

SHA1
2a8a56e5e276644d5e74b2a80bf85a69b808b7aa

SHA256
08693b8f3993f67fa08c15833612e1e25a739837fa3cf82ff73d2870cda96abe

SHA512
c2cfefa0b11fce63132ef960395b051dfcd23a1fc5627fd3e423a80243357c4962514ed8fe76641a9e5fc25ed3b7655daf914521d065fe628bdb7a424cb00d2d

Download Submit
\Windows\system\tnNchrp.exe

Filesize
6.0MB

MD5
1b54b97d54ef6e3076045c9e511d58b0

SHA1
8d2256e3b6570d6efb5f4c69d998ee6c8308c388

SHA256
f1d1c89fcbaf544d28c0d573e5f343124bb05846d67b6e66bcd3949a0cd5c22c

SHA512
0c678c8f2188091bce23a700530ca3b59f7ac7a822b9c3cd3f88f41a252d0ec5853dcd4fa299e976023b8ddcb74c17146affc4a6efb2d2ad7d80232d5c08672e

Download Submit
\Windows\system\vYEqBQE.exe

Filesize
6.0MB

MD5
efa92df521f2ac3f7fd94f017b43b018

SHA1
87dae0541eb111fb1ca55443983df30746a4d6c4

SHA256
c114beb4b1bc31076cbc485a1d179e6e0aab01819cc12cbc09996285171fdbcd

SHA512
aafe9634206f38e2e545f946ccaa1835738b118933071d4739feaaac2ab46faf7725f5f80023ae06b4399f2726337af67e434397e7f5b4935221ae9980770354

Download Submit
memory/864-4092-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/864-167-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1020-4083-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1020-27-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1628-45-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1628-4085-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1648-4087-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-49-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-32-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1852-4082-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2136-4086-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2136-48-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2260-24-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-75-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-4081-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-4089-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-78-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-4090-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2544-453-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2544-55-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2580-4088-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-62-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-117-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-4093-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-1502-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2660-69-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4091-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2848-35-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2848-43-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-0-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2848-46-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2848-77-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-28-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2848-51-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2848-2033-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2328-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2446-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2447-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-166-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-115-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-129-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2848-130-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-138-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2848-41-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2848-67-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2848-79-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1177-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2848-596-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2848-70-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/3052-40-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/3052-4084-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download