cobaltstrike | 2d696dc0943c4a83d741453dba3408eef3f4946fe58b0c696f02fa708c01d52c

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b6d07749dc241a906801626efdec4798
SHA1

248e337c24d806f37b5a319f42e9d47a1bfe7c7c
SHA256

2d696dc0943c4a83d741453dba3408eef3f4946fe58b0c696f02fa708c01d52c
SHA512

5085e8585611e1c57660f3f02091e7a5e7c78ccbd4a7d0ce31c449dcb39f879163588b7dda57248e92d466a433bcab67948fae9b8bdfafa10def5a826261bb90
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUm:T+q56utgpPF8u/7m

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012101-3.dat	cobalt_reflective_dll
behavioral1/files/0x0016000000018657-8.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018662-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001867d-23.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878d-27.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c6-38.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49c-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-132.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017474-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-62.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000191fd-55.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c9-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/2232-0-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0007000000012101-3.dat	xmrig
behavioral1/files/0x0016000000018657-8.dat	xmrig
behavioral1/memory/2232-16-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x000f000000018662-10.dat	xmrig
behavioral1/memory/2652-15-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2092-13-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1472-22-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x000700000001867d-23.dat	xmrig
behavioral1/files/0x000600000001878d-27.dat	xmrig
behavioral1/memory/2716-37-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2788-42-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2224-40-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x00070000000190c6-38.dat	xmrig
behavioral1/memory/2232-47-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x000500000001a067-88.dat	xmrig
behavioral1/files/0x000500000001a42d-112.dat	xmrig
behavioral1/files/0x000500000001a48e-142.dat	xmrig
behavioral1/files/0x000500000001a46a-133.dat	xmrig
behavioral1/files/0x000500000001a4b5-186.dat	xmrig
behavioral1/memory/2700-712-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/1788-962-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2596-837-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4aa-180.dat	xmrig
behavioral1/files/0x000500000001a49a-171.dat	xmrig
behavioral1/files/0x000500000001a48c-169.dat	xmrig
behavioral1/files/0x000500000001a434-167.dat	xmrig
behavioral1/files/0x000500000001a42f-165.dat	xmrig
behavioral1/files/0x000500000001a42b-163.dat	xmrig
behavioral1/files/0x000500000001a301-161.dat	xmrig
behavioral1/files/0x000500000001a07b-159.dat	xmrig
behavioral1/files/0x0005000000019fb9-157.dat	xmrig
behavioral1/files/0x0005000000019db8-155.dat	xmrig
behavioral1/files/0x0005000000019da4-153.dat	xmrig
behavioral1/files/0x000500000001a49c-175.dat	xmrig
behavioral1/files/0x000500000001a431-132.dat	xmrig
behavioral1/memory/2680-103-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2592-79-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0008000000017474-78.dat	xmrig
behavioral1/files/0x000500000001a345-114.dat	xmrig
behavioral1/files/0x000500000001a0a1-113.dat	xmrig
behavioral1/files/0x0005000000019f9f-95.dat	xmrig
behavioral1/memory/1788-84-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d20-63.dat	xmrig
behavioral1/files/0x0005000000019d44-62.dat	xmrig
behavioral1/memory/2596-61-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2092-56-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x00080000000191fd-55.dat	xmrig
behavioral1/memory/2700-51-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x00070000000190c9-46.dat	xmrig
behavioral1/memory/2652-4026-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2092-4027-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1472-4028-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2224-4029-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2716-4030-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2788-4031-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2700-4032-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2596-4033-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2680-4034-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2592-4035-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/1788-4036-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2092	flDWYUu.exe
2652	LwLlCNw.exe
1472	FBFPwLm.exe
2224	oDMxyKk.exe
2716	TNQNdYD.exe
2788	GiDseRw.exe
2700	uGnAxcm.exe
2596	rcesRMt.exe
2680	rUonycl.exe
2592	sqFbqvo.exe
1788	EbZOKSt.exe
2636	JshFlXe.exe
1604	VNJEeSc.exe
2896	AZbvVeC.exe
1736	MQtLdjk.exe
2396	yjJUvOU.exe
2984	rrWFWug.exe
2956	BQCNADI.exe
1964	xQxqeey.exe
2640	NyTrNoF.exe
2288	ApiULUT.exe
1900	PaFbkJA.exe
2668	yEIJTCx.exe
2400	HOgZxLS.exe
2880	PABJsfc.exe
1424	WgxQfCh.exe
2980	QoYRWws.exe
2872	CLPOuBY.exe
1776	uCwczNQ.exe
272	UXEtgAG.exe
828	xcZIQkC.exe
1592	dbCfPce.exe
1984	lzOttfU.exe
1672	BRkbSFP.exe
1692	vuGJnhv.exe
2180	rKcIsGo.exe
2440	xNdXZGM.exe
2240	GSKyvRH.exe
396	aBuidde.exe
1564	QptQGVv.exe
2128	TSVLyDS.exe
3000	fqFtzzM.exe
2136	tvncyXR.exe
1892	hONqnsH.exe
308	UNcftTd.exe
2056	ByotrGY.exe
1468	mprfINx.exe
1708	GqDhGxO.exe
860	VLwchCZ.exe
556	qoKYhqA.exe
2200	pyjSUfq.exe
1588	BQiKxhS.exe
1912	WonMEmD.exe
1584	XqgQcIc.exe
2236	kRpnIgv.exe
2840	durQHbk.exe
1628	GZMQBPz.exe
3044	gROvoXd.exe
2168	dWuTxQR.exe
2920	inXMBPw.exe
2600	yJIiIcB.exe
2952	JkotowS.exe
2848	VjnUFzC.exe
1372	mUJsHce.exe

Loads dropped DLL 64 IoCs

pid	Process
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2232-0-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0007000000012101-3.dat	upx
behavioral1/files/0x0016000000018657-8.dat	upx
behavioral1/files/0x000f000000018662-10.dat	upx
behavioral1/memory/2652-15-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2092-13-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/1472-22-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x000700000001867d-23.dat	upx
behavioral1/files/0x000600000001878d-27.dat	upx
behavioral1/memory/2716-37-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2788-42-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2224-40-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x00070000000190c6-38.dat	upx
behavioral1/memory/2232-47-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x000500000001a067-88.dat	upx
behavioral1/files/0x000500000001a42d-112.dat	upx
behavioral1/files/0x000500000001a48e-142.dat	upx
behavioral1/files/0x000500000001a46a-133.dat	upx
behavioral1/files/0x000500000001a4b5-186.dat	upx
behavioral1/memory/2700-712-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/1788-962-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2596-837-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x000500000001a4aa-180.dat	upx
behavioral1/files/0x000500000001a49a-171.dat	upx
behavioral1/files/0x000500000001a48c-169.dat	upx
behavioral1/files/0x000500000001a434-167.dat	upx
behavioral1/files/0x000500000001a42f-165.dat	upx
behavioral1/files/0x000500000001a42b-163.dat	upx
behavioral1/files/0x000500000001a301-161.dat	upx
behavioral1/files/0x000500000001a07b-159.dat	upx
behavioral1/files/0x0005000000019fb9-157.dat	upx
behavioral1/files/0x0005000000019db8-155.dat	upx
behavioral1/files/0x0005000000019da4-153.dat	upx
behavioral1/files/0x000500000001a49c-175.dat	upx
behavioral1/files/0x000500000001a431-132.dat	upx
behavioral1/memory/2680-103-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2592-79-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0008000000017474-78.dat	upx
behavioral1/files/0x000500000001a345-114.dat	upx
behavioral1/files/0x000500000001a0a1-113.dat	upx
behavioral1/files/0x0005000000019f9f-95.dat	upx
behavioral1/memory/1788-84-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0005000000019d20-63.dat	upx
behavioral1/files/0x0005000000019d44-62.dat	upx
behavioral1/memory/2596-61-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2092-56-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x00080000000191fd-55.dat	upx
behavioral1/memory/2700-51-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x00070000000190c9-46.dat	upx
behavioral1/memory/2652-4026-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2092-4027-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/1472-4028-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2224-4029-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2716-4030-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2788-4031-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2700-4032-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2596-4033-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2680-4034-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2592-4035-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/1788-4036-0x000000013FE00000-0x0000000140154000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xCUToYg.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPaWgOy.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzErDOO.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksKSSxt.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhIvqbB.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BocGZfB.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPCnlWZ.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgINpzC.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyAyyNb.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjYOSRU.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJUMtfl.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\reHJDjd.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhpWqlL.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzJpLdQ.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfgqifT.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDjQgIG.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nrGrUgr.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWDBzif.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHPbkiv.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NbYVABv.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzkWzmn.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbIiNUA.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koddfsz.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EsnWSDM.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpfyZkV.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhBKauV.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxwaUYl.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIIIQHp.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdDtLaS.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQOqhgA.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUsWEoc.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVhCKPe.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjyRQWJ.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTtwsbn.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYXNNWJ.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVEnOHO.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYmxFZb.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmViZYL.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVSfCNN.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XNVwhxY.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNKUdrG.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\totArNA.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHwsgeP.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dtjihbq.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yumPfGG.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKPveQD.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpzZVen.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHiLWCO.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGjLPhL.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaLnwuI.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrexoaS.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFqIKGP.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVUgCEk.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQbzCaM.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kISqfKS.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQVGgDG.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GaavkgL.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHWoMBu.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYSpijn.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cESSwGf.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGeXeaT.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFVSDiV.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VeARDsv.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXTLiRW.exe	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2092	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2232 wrote to memory of 2092	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2232 wrote to memory of 2092	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2232 wrote to memory of 2652	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2232 wrote to memory of 2652	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2232 wrote to memory of 2652	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2232 wrote to memory of 1472	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2232 wrote to memory of 1472	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2232 wrote to memory of 1472	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2232 wrote to memory of 2224	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2232 wrote to memory of 2224	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2232 wrote to memory of 2224	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2232 wrote to memory of 2716	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2232 wrote to memory of 2716	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2232 wrote to memory of 2716	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2232 wrote to memory of 2788	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2232 wrote to memory of 2788	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2232 wrote to memory of 2788	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2232 wrote to memory of 2700	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2232 wrote to memory of 2700	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2232 wrote to memory of 2700	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2232 wrote to memory of 2596	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2232 wrote to memory of 2596	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2232 wrote to memory of 2596	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2232 wrote to memory of 2592	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2232 wrote to memory of 2592	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2232 wrote to memory of 2592	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2232 wrote to memory of 2680	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2232 wrote to memory of 2680	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2232 wrote to memory of 2680	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2232 wrote to memory of 2640	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2232 wrote to memory of 2640	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2232 wrote to memory of 2640	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2232 wrote to memory of 1788	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2232 wrote to memory of 1788	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2232 wrote to memory of 1788	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2232 wrote to memory of 2288	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2232 wrote to memory of 2288	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2232 wrote to memory of 2288	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2232 wrote to memory of 2636	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2232 wrote to memory of 2636	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2232 wrote to memory of 2636	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2232 wrote to memory of 1900	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2232 wrote to memory of 1900	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2232 wrote to memory of 1900	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2232 wrote to memory of 1604	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2232 wrote to memory of 1604	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2232 wrote to memory of 1604	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2232 wrote to memory of 2668	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2232 wrote to memory of 2668	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2232 wrote to memory of 2668	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2232 wrote to memory of 2896	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2232 wrote to memory of 2896	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2232 wrote to memory of 2896	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2232 wrote to memory of 2400	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2232 wrote to memory of 2400	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2232 wrote to memory of 2400	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2232 wrote to memory of 1736	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2232 wrote to memory of 1736	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2232 wrote to memory of 1736	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2232 wrote to memory of 2880	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2232 wrote to memory of 2880	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2232 wrote to memory of 2880	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2232 wrote to memory of 2396	2232	2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_b6d07749dc241a906801626efdec4798_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\System\flDWYUu.exe
  C:\Windows\System\flDWYUu.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\LwLlCNw.exe
  C:\Windows\System\LwLlCNw.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\FBFPwLm.exe
  C:\Windows\System\FBFPwLm.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\oDMxyKk.exe
  C:\Windows\System\oDMxyKk.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\TNQNdYD.exe
  C:\Windows\System\TNQNdYD.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\GiDseRw.exe
  C:\Windows\System\GiDseRw.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\uGnAxcm.exe
  C:\Windows\System\uGnAxcm.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\rcesRMt.exe
  C:\Windows\System\rcesRMt.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\sqFbqvo.exe
  C:\Windows\System\sqFbqvo.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\rUonycl.exe
  C:\Windows\System\rUonycl.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\NyTrNoF.exe
  C:\Windows\System\NyTrNoF.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\EbZOKSt.exe
  C:\Windows\System\EbZOKSt.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\ApiULUT.exe
  C:\Windows\System\ApiULUT.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\JshFlXe.exe
  C:\Windows\System\JshFlXe.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\PaFbkJA.exe
  C:\Windows\System\PaFbkJA.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\VNJEeSc.exe
  C:\Windows\System\VNJEeSc.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\yEIJTCx.exe
  C:\Windows\System\yEIJTCx.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\AZbvVeC.exe
  C:\Windows\System\AZbvVeC.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\HOgZxLS.exe
  C:\Windows\System\HOgZxLS.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\MQtLdjk.exe
  C:\Windows\System\MQtLdjk.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\PABJsfc.exe
  C:\Windows\System\PABJsfc.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\yjJUvOU.exe
  C:\Windows\System\yjJUvOU.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\WgxQfCh.exe
  C:\Windows\System\WgxQfCh.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\rrWFWug.exe
  C:\Windows\System\rrWFWug.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\QoYRWws.exe
  C:\Windows\System\QoYRWws.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\BQCNADI.exe
  C:\Windows\System\BQCNADI.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\CLPOuBY.exe
  C:\Windows\System\CLPOuBY.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\xQxqeey.exe
  C:\Windows\System\xQxqeey.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\uCwczNQ.exe
  C:\Windows\System\uCwczNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\UXEtgAG.exe
  C:\Windows\System\UXEtgAG.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\xcZIQkC.exe
  C:\Windows\System\xcZIQkC.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\dbCfPce.exe
  C:\Windows\System\dbCfPce.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\lzOttfU.exe
  C:\Windows\System\lzOttfU.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\BRkbSFP.exe
  C:\Windows\System\BRkbSFP.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\vuGJnhv.exe
  C:\Windows\System\vuGJnhv.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\rKcIsGo.exe
  C:\Windows\System\rKcIsGo.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\xNdXZGM.exe
  C:\Windows\System\xNdXZGM.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\GSKyvRH.exe
  C:\Windows\System\GSKyvRH.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\aBuidde.exe
  C:\Windows\System\aBuidde.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\QptQGVv.exe
  C:\Windows\System\QptQGVv.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\TSVLyDS.exe
  C:\Windows\System\TSVLyDS.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\fqFtzzM.exe
  C:\Windows\System\fqFtzzM.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\tvncyXR.exe
  C:\Windows\System\tvncyXR.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\hONqnsH.exe
  C:\Windows\System\hONqnsH.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\UNcftTd.exe
  C:\Windows\System\UNcftTd.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\ByotrGY.exe
  C:\Windows\System\ByotrGY.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\mprfINx.exe
  C:\Windows\System\mprfINx.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\GqDhGxO.exe
  C:\Windows\System\GqDhGxO.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\VLwchCZ.exe
  C:\Windows\System\VLwchCZ.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\qoKYhqA.exe
  C:\Windows\System\qoKYhqA.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\pyjSUfq.exe
  C:\Windows\System\pyjSUfq.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\BQiKxhS.exe
  C:\Windows\System\BQiKxhS.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\WonMEmD.exe
  C:\Windows\System\WonMEmD.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\XqgQcIc.exe
  C:\Windows\System\XqgQcIc.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\kRpnIgv.exe
  C:\Windows\System\kRpnIgv.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\durQHbk.exe
  C:\Windows\System\durQHbk.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\GZMQBPz.exe
  C:\Windows\System\GZMQBPz.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\gROvoXd.exe
  C:\Windows\System\gROvoXd.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\dWuTxQR.exe
  C:\Windows\System\dWuTxQR.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\inXMBPw.exe
  C:\Windows\System\inXMBPw.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\yJIiIcB.exe
  C:\Windows\System\yJIiIcB.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\JkotowS.exe
  C:\Windows\System\JkotowS.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\VjnUFzC.exe
  C:\Windows\System\VjnUFzC.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\mUJsHce.exe
  C:\Windows\System\mUJsHce.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\yaHnlvb.exe
  C:\Windows\System\yaHnlvb.exe
  2⤵
  PID:1280
- C:\Windows\System\xjmYeDx.exe
  C:\Windows\System\xjmYeDx.exe
  2⤵
  PID:796
- C:\Windows\System\qBLYqtv.exe
  C:\Windows\System\qBLYqtv.exe
  2⤵
  PID:2864
- C:\Windows\System\OKeKoOs.exe
  C:\Windows\System\OKeKoOs.exe
  2⤵
  PID:284
- C:\Windows\System\cCevGwu.exe
  C:\Windows\System\cCevGwu.exe
  2⤵
  PID:1420
- C:\Windows\System\NJuiCXu.exe
  C:\Windows\System\NJuiCXu.exe
  2⤵
  PID:2280
- C:\Windows\System\KAmNOjq.exe
  C:\Windows\System\KAmNOjq.exe
  2⤵
  PID:2460
- C:\Windows\System\SJKcqGu.exe
  C:\Windows\System\SJKcqGu.exe
  2⤵
  PID:1724
- C:\Windows\System\KVZqJdm.exe
  C:\Windows\System\KVZqJdm.exe
  2⤵
  PID:2104
- C:\Windows\System\urHIeUc.exe
  C:\Windows\System\urHIeUc.exe
  2⤵
  PID:1508
- C:\Windows\System\fHBcbWT.exe
  C:\Windows\System\fHBcbWT.exe
  2⤵
  PID:1684
- C:\Windows\System\IFtnVjY.exe
  C:\Windows\System\IFtnVjY.exe
  2⤵
  PID:680
- C:\Windows\System\qCipfzC.exe
  C:\Windows\System\qCipfzC.exe
  2⤵
  PID:1752
- C:\Windows\System\azOvNUX.exe
  C:\Windows\System\azOvNUX.exe
  2⤵
  PID:944
- C:\Windows\System\nHWoMBu.exe
  C:\Windows\System\nHWoMBu.exe
  2⤵
  PID:1328
- C:\Windows\System\qhqONSk.exe
  C:\Windows\System\qhqONSk.exe
  2⤵
  PID:2156
- C:\Windows\System\uvAxzyf.exe
  C:\Windows\System\uvAxzyf.exe
  2⤵
  PID:3068
- C:\Windows\System\NOXZzyX.exe
  C:\Windows\System\NOXZzyX.exe
  2⤵
  PID:564
- C:\Windows\System\BCdkWuo.exe
  C:\Windows\System\BCdkWuo.exe
  2⤵
  PID:568
- C:\Windows\System\VqnRoDn.exe
  C:\Windows\System\VqnRoDn.exe
  2⤵
  PID:972
- C:\Windows\System\HSLaxVD.exe
  C:\Windows\System\HSLaxVD.exe
  2⤵
  PID:1484
- C:\Windows\System\GUjkKqP.exe
  C:\Windows\System\GUjkKqP.exe
  2⤵
  PID:2512
- C:\Windows\System\QsMlMMf.exe
  C:\Windows\System\QsMlMMf.exe
  2⤵
  PID:1580
- C:\Windows\System\xWfAsvc.exe
  C:\Windows\System\xWfAsvc.exe
  2⤵
  PID:2248
- C:\Windows\System\LFQQRiU.exe
  C:\Windows\System\LFQQRiU.exe
  2⤵
  PID:376
- C:\Windows\System\ZezKXvk.exe
  C:\Windows\System\ZezKXvk.exe
  2⤵
  PID:2808
- C:\Windows\System\QrrLanj.exe
  C:\Windows\System\QrrLanj.exe
  2⤵
  PID:2588
- C:\Windows\System\vlJahCk.exe
  C:\Windows\System\vlJahCk.exe
  2⤵
  PID:2740
- C:\Windows\System\XmGVETX.exe
  C:\Windows\System\XmGVETX.exe
  2⤵
  PID:1252
- C:\Windows\System\yhVvFom.exe
  C:\Windows\System\yhVvFom.exe
  2⤵
  PID:1204
- C:\Windows\System\SPMNATe.exe
  C:\Windows\System\SPMNATe.exe
  2⤵
  PID:2096
- C:\Windows\System\JhYirll.exe
  C:\Windows\System\JhYirll.exe
  2⤵
  PID:1244
- C:\Windows\System\QCTWTwG.exe
  C:\Windows\System\QCTWTwG.exe
  2⤵
  PID:2112
- C:\Windows\System\QrLPXDm.exe
  C:\Windows\System\QrLPXDm.exe
  2⤵
  PID:2552
- C:\Windows\System\UkpHmbW.exe
  C:\Windows\System\UkpHmbW.exe
  2⤵
  PID:1364
- C:\Windows\System\ljKVWQA.exe
  C:\Windows\System\ljKVWQA.exe
  2⤵
  PID:648
- C:\Windows\System\NeipWwn.exe
  C:\Windows\System\NeipWwn.exe
  2⤵
  PID:1772
- C:\Windows\System\dqFTLGZ.exe
  C:\Windows\System\dqFTLGZ.exe
  2⤵
  PID:1944
- C:\Windows\System\ISTtMkF.exe
  C:\Windows\System\ISTtMkF.exe
  2⤵
  PID:1528
- C:\Windows\System\TNNoYni.exe
  C:\Windows\System\TNNoYni.exe
  2⤵
  PID:2340
- C:\Windows\System\NZXkfaj.exe
  C:\Windows\System\NZXkfaj.exe
  2⤵
  PID:1976
- C:\Windows\System\ZmXZrJA.exe
  C:\Windows\System\ZmXZrJA.exe
  2⤵
  PID:2060
- C:\Windows\System\lcDcvzr.exe
  C:\Windows\System\lcDcvzr.exe
  2⤵
  PID:2304
- C:\Windows\System\GQTQgSR.exe
  C:\Windows\System\GQTQgSR.exe
  2⤵
  PID:2372
- C:\Windows\System\mBhCiVP.exe
  C:\Windows\System\mBhCiVP.exe
  2⤵
  PID:2576
- C:\Windows\System\ktfVqjk.exe
  C:\Windows\System\ktfVqjk.exe
  2⤵
  PID:2040
- C:\Windows\System\eUkhlYp.exe
  C:\Windows\System\eUkhlYp.exe
  2⤵
  PID:2116
- C:\Windows\System\qzfiheq.exe
  C:\Windows\System\qzfiheq.exe
  2⤵
  PID:1428
- C:\Windows\System\oDIDmVY.exe
  C:\Windows\System\oDIDmVY.exe
  2⤵
  PID:2244
- C:\Windows\System\IHPbkiv.exe
  C:\Windows\System\IHPbkiv.exe
  2⤵
  PID:2916
- C:\Windows\System\EkaiLuf.exe
  C:\Windows\System\EkaiLuf.exe
  2⤵
  PID:2352
- C:\Windows\System\ycdPwMO.exe
  C:\Windows\System\ycdPwMO.exe
  2⤵
  PID:1760
- C:\Windows\System\wDkYxeG.exe
  C:\Windows\System\wDkYxeG.exe
  2⤵
  PID:3092
- C:\Windows\System\jUSYAHY.exe
  C:\Windows\System\jUSYAHY.exe
  2⤵
  PID:3108
- C:\Windows\System\EdLNgzY.exe
  C:\Windows\System\EdLNgzY.exe
  2⤵
  PID:3132
- C:\Windows\System\LYdHnLX.exe
  C:\Windows\System\LYdHnLX.exe
  2⤵
  PID:3148
- C:\Windows\System\yFOpPht.exe
  C:\Windows\System\yFOpPht.exe
  2⤵
  PID:3172
- C:\Windows\System\vbLbDwS.exe
  C:\Windows\System\vbLbDwS.exe
  2⤵
  PID:3188
- C:\Windows\System\SmCztso.exe
  C:\Windows\System\SmCztso.exe
  2⤵
  PID:3208
- C:\Windows\System\xEuqbAh.exe
  C:\Windows\System\xEuqbAh.exe
  2⤵
  PID:3228
- C:\Windows\System\IHfwjRP.exe
  C:\Windows\System\IHfwjRP.exe
  2⤵
  PID:3252
- C:\Windows\System\JFjJzct.exe
  C:\Windows\System\JFjJzct.exe
  2⤵
  PID:3272
- C:\Windows\System\SznwpIP.exe
  C:\Windows\System\SznwpIP.exe
  2⤵
  PID:3292
- C:\Windows\System\oWyzCnJ.exe
  C:\Windows\System\oWyzCnJ.exe
  2⤵
  PID:3312
- C:\Windows\System\gyIfwmm.exe
  C:\Windows\System\gyIfwmm.exe
  2⤵
  PID:3332
- C:\Windows\System\YDaUpob.exe
  C:\Windows\System\YDaUpob.exe
  2⤵
  PID:3352
- C:\Windows\System\cBvzOjU.exe
  C:\Windows\System\cBvzOjU.exe
  2⤵
  PID:3372
- C:\Windows\System\XYoSLPl.exe
  C:\Windows\System\XYoSLPl.exe
  2⤵
  PID:3388
- C:\Windows\System\jrxvhPO.exe
  C:\Windows\System\jrxvhPO.exe
  2⤵
  PID:3412
- C:\Windows\System\QDROXKV.exe
  C:\Windows\System\QDROXKV.exe
  2⤵
  PID:3432
- C:\Windows\System\xUJCgKv.exe
  C:\Windows\System\xUJCgKv.exe
  2⤵
  PID:3452
- C:\Windows\System\SvvxOzO.exe
  C:\Windows\System\SvvxOzO.exe
  2⤵
  PID:3472
- C:\Windows\System\WSgNNQt.exe
  C:\Windows\System\WSgNNQt.exe
  2⤵
  PID:3492
- C:\Windows\System\jiYiWrT.exe
  C:\Windows\System\jiYiWrT.exe
  2⤵
  PID:3512
- C:\Windows\System\CtZCTXJ.exe
  C:\Windows\System\CtZCTXJ.exe
  2⤵
  PID:3532
- C:\Windows\System\rmeuxJS.exe
  C:\Windows\System\rmeuxJS.exe
  2⤵
  PID:3552
- C:\Windows\System\ZsZwyNK.exe
  C:\Windows\System\ZsZwyNK.exe
  2⤵
  PID:3572
- C:\Windows\System\SZDVmtO.exe
  C:\Windows\System\SZDVmtO.exe
  2⤵
  PID:3588
- C:\Windows\System\fXWhenq.exe
  C:\Windows\System\fXWhenq.exe
  2⤵
  PID:3612
- C:\Windows\System\BraRvUg.exe
  C:\Windows\System\BraRvUg.exe
  2⤵
  PID:3632
- C:\Windows\System\JxAJRQc.exe
  C:\Windows\System\JxAJRQc.exe
  2⤵
  PID:3656
- C:\Windows\System\MIRdcKF.exe
  C:\Windows\System\MIRdcKF.exe
  2⤵
  PID:3676
- C:\Windows\System\QeBcaYb.exe
  C:\Windows\System\QeBcaYb.exe
  2⤵
  PID:3696
- C:\Windows\System\lUuqBcU.exe
  C:\Windows\System\lUuqBcU.exe
  2⤵
  PID:3716
- C:\Windows\System\NRHBixN.exe
  C:\Windows\System\NRHBixN.exe
  2⤵
  PID:3736
- C:\Windows\System\WrhcWLg.exe
  C:\Windows\System\WrhcWLg.exe
  2⤵
  PID:3756
- C:\Windows\System\hvIhbrn.exe
  C:\Windows\System\hvIhbrn.exe
  2⤵
  PID:3772
- C:\Windows\System\saCFiSB.exe
  C:\Windows\System\saCFiSB.exe
  2⤵
  PID:3796
- C:\Windows\System\BxsnWom.exe
  C:\Windows\System\BxsnWom.exe
  2⤵
  PID:3816
- C:\Windows\System\yVyxmdx.exe
  C:\Windows\System\yVyxmdx.exe
  2⤵
  PID:3836
- C:\Windows\System\jwauCTu.exe
  C:\Windows\System\jwauCTu.exe
  2⤵
  PID:3856
- C:\Windows\System\sYOuZgU.exe
  C:\Windows\System\sYOuZgU.exe
  2⤵
  PID:3876
- C:\Windows\System\lOmPZzv.exe
  C:\Windows\System\lOmPZzv.exe
  2⤵
  PID:3896
- C:\Windows\System\chCtHML.exe
  C:\Windows\System\chCtHML.exe
  2⤵
  PID:3912
- C:\Windows\System\KAAwVnU.exe
  C:\Windows\System\KAAwVnU.exe
  2⤵
  PID:3936
- C:\Windows\System\eIEEuxE.exe
  C:\Windows\System\eIEEuxE.exe
  2⤵
  PID:3952
- C:\Windows\System\BXTLiRW.exe
  C:\Windows\System\BXTLiRW.exe
  2⤵
  PID:3972
- C:\Windows\System\bxZEEvW.exe
  C:\Windows\System\bxZEEvW.exe
  2⤵
  PID:3996
- C:\Windows\System\bTKCowV.exe
  C:\Windows\System\bTKCowV.exe
  2⤵
  PID:4016
- C:\Windows\System\laMZazn.exe
  C:\Windows\System\laMZazn.exe
  2⤵
  PID:4032
- C:\Windows\System\HIUEVkS.exe
  C:\Windows\System\HIUEVkS.exe
  2⤵
  PID:4056
- C:\Windows\System\jpsIprG.exe
  C:\Windows\System\jpsIprG.exe
  2⤵
  PID:4072
- C:\Windows\System\pWsnNgF.exe
  C:\Windows\System\pWsnNgF.exe
  2⤵
  PID:4092
- C:\Windows\System\UlQemLs.exe
  C:\Windows\System\UlQemLs.exe
  2⤵
  PID:1552
- C:\Windows\System\HhpxqBx.exe
  C:\Windows\System\HhpxqBx.exe
  2⤵
  PID:2544
- C:\Windows\System\wVrfGBX.exe
  C:\Windows\System\wVrfGBX.exe
  2⤵
  PID:864
- C:\Windows\System\XuOODhl.exe
  C:\Windows\System\XuOODhl.exe
  2⤵
  PID:1464
- C:\Windows\System\KAGiLAm.exe
  C:\Windows\System\KAGiLAm.exe
  2⤵
  PID:624
- C:\Windows\System\qZJuzOM.exe
  C:\Windows\System\qZJuzOM.exe
  2⤵
  PID:2684
- C:\Windows\System\VDylGNm.exe
  C:\Windows\System\VDylGNm.exe
  2⤵
  PID:1236
- C:\Windows\System\ptcRvYe.exe
  C:\Windows\System\ptcRvYe.exe
  2⤵
  PID:760
- C:\Windows\System\rtaHvmm.exe
  C:\Windows\System\rtaHvmm.exe
  2⤵
  PID:3080
- C:\Windows\System\fCrHEBW.exe
  C:\Windows\System\fCrHEBW.exe
  2⤵
  PID:1824
- C:\Windows\System\UoCnGxr.exe
  C:\Windows\System\UoCnGxr.exe
  2⤵
  PID:3160
- C:\Windows\System\cjqzNHM.exe
  C:\Windows\System\cjqzNHM.exe
  2⤵
  PID:3204
- C:\Windows\System\xrcoBng.exe
  C:\Windows\System\xrcoBng.exe
  2⤵
  PID:3244
- C:\Windows\System\oyHZdsU.exe
  C:\Windows\System\oyHZdsU.exe
  2⤵
  PID:3240
- C:\Windows\System\iFoHFeK.exe
  C:\Windows\System\iFoHFeK.exe
  2⤵
  PID:3260
- C:\Windows\System\LTIwpeo.exe
  C:\Windows\System\LTIwpeo.exe
  2⤵
  PID:3328
- C:\Windows\System\LKxFTOe.exe
  C:\Windows\System\LKxFTOe.exe
  2⤵
  PID:3360
- C:\Windows\System\StMWuzq.exe
  C:\Windows\System\StMWuzq.exe
  2⤵
  PID:3364
- C:\Windows\System\WyBZgja.exe
  C:\Windows\System\WyBZgja.exe
  2⤵
  PID:3380
- C:\Windows\System\MzTNcpT.exe
  C:\Windows\System\MzTNcpT.exe
  2⤵
  PID:3424
- C:\Windows\System\vfBYiFc.exe
  C:\Windows\System\vfBYiFc.exe
  2⤵
  PID:3484
- C:\Windows\System\qtwLKVc.exe
  C:\Windows\System\qtwLKVc.exe
  2⤵
  PID:3464
- C:\Windows\System\hpapfZl.exe
  C:\Windows\System\hpapfZl.exe
  2⤵
  PID:3560
- C:\Windows\System\yumPfGG.exe
  C:\Windows\System\yumPfGG.exe
  2⤵
  PID:3548
- C:\Windows\System\IBZLZEQ.exe
  C:\Windows\System\IBZLZEQ.exe
  2⤵
  PID:3608
- C:\Windows\System\iQJkryP.exe
  C:\Windows\System\iQJkryP.exe
  2⤵
  PID:3624
- C:\Windows\System\dHVaLTE.exe
  C:\Windows\System\dHVaLTE.exe
  2⤵
  PID:3664
- C:\Windows\System\silPWPN.exe
  C:\Windows\System\silPWPN.exe
  2⤵
  PID:3732
- C:\Windows\System\fkyCnMR.exe
  C:\Windows\System\fkyCnMR.exe
  2⤵
  PID:3728
- C:\Windows\System\zibZQhp.exe
  C:\Windows\System\zibZQhp.exe
  2⤵
  PID:3780
- C:\Windows\System\ijADRFf.exe
  C:\Windows\System\ijADRFf.exe
  2⤵
  PID:3808
- C:\Windows\System\sTIOMDT.exe
  C:\Windows\System\sTIOMDT.exe
  2⤵
  PID:3892
- C:\Windows\System\aeHMlrL.exe
  C:\Windows\System\aeHMlrL.exe
  2⤵
  PID:3828
- C:\Windows\System\xWUYuoT.exe
  C:\Windows\System\xWUYuoT.exe
  2⤵
  PID:3868
- C:\Windows\System\hDfHVFb.exe
  C:\Windows\System\hDfHVFb.exe
  2⤵
  PID:3960
- C:\Windows\System\OnLKXvb.exe
  C:\Windows\System\OnLKXvb.exe
  2⤵
  PID:4008
- C:\Windows\System\FGCGeUV.exe
  C:\Windows\System\FGCGeUV.exe
  2⤵
  PID:3944
- C:\Windows\System\NXltgpW.exe
  C:\Windows\System\NXltgpW.exe
  2⤵
  PID:4052
- C:\Windows\System\xWdfhvo.exe
  C:\Windows\System\xWdfhvo.exe
  2⤵
  PID:4084
- C:\Windows\System\VCrWllE.exe
  C:\Windows\System\VCrWllE.exe
  2⤵
  PID:1488
- C:\Windows\System\BpflJFk.exe
  C:\Windows\System\BpflJFk.exe
  2⤵
  PID:2276
- C:\Windows\System\PZTUYCq.exe
  C:\Windows\System\PZTUYCq.exe
  2⤵
  PID:1968
- C:\Windows\System\gmdavsK.exe
  C:\Windows\System\gmdavsK.exe
  2⤵
  PID:1304
- C:\Windows\System\FjqiSpi.exe
  C:\Windows\System\FjqiSpi.exe
  2⤵
  PID:2468
- C:\Windows\System\gQxuOpz.exe
  C:\Windows\System\gQxuOpz.exe
  2⤵
  PID:3156
- C:\Windows\System\rNVRSZT.exe
  C:\Windows\System\rNVRSZT.exe
  2⤵
  PID:3164
- C:\Windows\System\chnnrUf.exe
  C:\Windows\System\chnnrUf.exe
  2⤵
  PID:2432
- C:\Windows\System\tlPlHeK.exe
  C:\Windows\System\tlPlHeK.exe
  2⤵
  PID:3320
- C:\Windows\System\YbvXQkq.exe
  C:\Windows\System\YbvXQkq.exe
  2⤵
  PID:3236
- C:\Windows\System\GkUxTvm.exe
  C:\Windows\System\GkUxTvm.exe
  2⤵
  PID:3348
- C:\Windows\System\gYIujqV.exe
  C:\Windows\System\gYIujqV.exe
  2⤵
  PID:3324
- C:\Windows\System\ExObIuh.exe
  C:\Windows\System\ExObIuh.exe
  2⤵
  PID:3524
- C:\Windows\System\LDqlmxi.exe
  C:\Windows\System\LDqlmxi.exe
  2⤵
  PID:3540
- C:\Windows\System\sLAUdmn.exe
  C:\Windows\System\sLAUdmn.exe
  2⤵
  PID:3404
- C:\Windows\System\otvOJxD.exe
  C:\Windows\System\otvOJxD.exe
  2⤵
  PID:3672
- C:\Windows\System\pkDgLXE.exe
  C:\Windows\System\pkDgLXE.exe
  2⤵
  PID:3508
- C:\Windows\System\QXijQIz.exe
  C:\Windows\System\QXijQIz.exe
  2⤵
  PID:3604
- C:\Windows\System\mbcriTQ.exe
  C:\Windows\System\mbcriTQ.exe
  2⤵
  PID:3644
- C:\Windows\System\UDZGPNK.exe
  C:\Windows\System\UDZGPNK.exe
  2⤵
  PID:3924
- C:\Windows\System\HCtLhvA.exe
  C:\Windows\System\HCtLhvA.exe
  2⤵
  PID:4012
- C:\Windows\System\dgyoazT.exe
  C:\Windows\System\dgyoazT.exe
  2⤵
  PID:3920
- C:\Windows\System\VflkQTe.exe
  C:\Windows\System\VflkQTe.exe
  2⤵
  PID:4040
- C:\Windows\System\UirYHkp.exe
  C:\Windows\System\UirYHkp.exe
  2⤵
  PID:2616
- C:\Windows\System\pkGKTtU.exe
  C:\Windows\System\pkGKTtU.exe
  2⤵
  PID:1336
- C:\Windows\System\lSQGLSz.exe
  C:\Windows\System\lSQGLSz.exe
  2⤵
  PID:4088
- C:\Windows\System\EFjFBRG.exe
  C:\Windows\System\EFjFBRG.exe
  2⤵
  PID:3140
- C:\Windows\System\UihKdfe.exe
  C:\Windows\System\UihKdfe.exe
  2⤵
  PID:3220
- C:\Windows\System\mQYlHlz.exe
  C:\Windows\System\mQYlHlz.exe
  2⤵
  PID:2844
- C:\Windows\System\uzITans.exe
  C:\Windows\System\uzITans.exe
  2⤵
  PID:3124
- C:\Windows\System\uWSfmJC.exe
  C:\Windows\System\uWSfmJC.exe
  2⤵
  PID:3104
- C:\Windows\System\VbGknIn.exe
  C:\Windows\System\VbGknIn.exe
  2⤵
  PID:3652
- C:\Windows\System\LBNmblB.exe
  C:\Windows\System\LBNmblB.exe
  2⤵
  PID:3448
- C:\Windows\System\SLqvEEm.exe
  C:\Windows\System\SLqvEEm.exe
  2⤵
  PID:3620
- C:\Windows\System\YTHCEta.exe
  C:\Windows\System\YTHCEta.exe
  2⤵
  PID:2912
- C:\Windows\System\wkzNQiL.exe
  C:\Windows\System\wkzNQiL.exe
  2⤵
  PID:3768
- C:\Windows\System\BSZRaHR.exe
  C:\Windows\System\BSZRaHR.exe
  2⤵
  PID:3708
- C:\Windows\System\cMXZTvQ.exe
  C:\Windows\System\cMXZTvQ.exe
  2⤵
  PID:3824
- C:\Windows\System\ReUcAwD.exe
  C:\Windows\System\ReUcAwD.exe
  2⤵
  PID:3804
- C:\Windows\System\QACuvib.exe
  C:\Windows\System\QACuvib.exe
  2⤵
  PID:2704
- C:\Windows\System\VEZWfpJ.exe
  C:\Windows\System\VEZWfpJ.exe
  2⤵
  PID:1652
- C:\Windows\System\IdDIBwB.exe
  C:\Windows\System\IdDIBwB.exe
  2⤵
  PID:2772
- C:\Windows\System\pHiCVuO.exe
  C:\Windows\System\pHiCVuO.exe
  2⤵
  PID:3224
- C:\Windows\System\neGgiSv.exe
  C:\Windows\System\neGgiSv.exe
  2⤵
  PID:3184
- C:\Windows\System\zlXBOSr.exe
  C:\Windows\System\zlXBOSr.exe
  2⤵
  PID:3308
- C:\Windows\System\IgzxdzB.exe
  C:\Windows\System\IgzxdzB.exe
  2⤵
  PID:3468
- C:\Windows\System\agHgLbe.exe
  C:\Windows\System\agHgLbe.exe
  2⤵
  PID:3844
- C:\Windows\System\DMehhCQ.exe
  C:\Windows\System\DMehhCQ.exe
  2⤵
  PID:3712
- C:\Windows\System\NUavRdr.exe
  C:\Windows\System\NUavRdr.exe
  2⤵
  PID:3928
- C:\Windows\System\JlCBbsM.exe
  C:\Windows\System\JlCBbsM.exe
  2⤵
  PID:3016
- C:\Windows\System\iilMMyW.exe
  C:\Windows\System\iilMMyW.exe
  2⤵
  PID:3444
- C:\Windows\System\aIttgBy.exe
  C:\Windows\System\aIttgBy.exe
  2⤵
  PID:3948
- C:\Windows\System\snBhENm.exe
  C:\Windows\System\snBhENm.exe
  2⤵
  PID:3584
- C:\Windows\System\bcgxIWu.exe
  C:\Windows\System\bcgxIWu.exe
  2⤵
  PID:2448
- C:\Windows\System\xVuRaVp.exe
  C:\Windows\System\xVuRaVp.exe
  2⤵
  PID:3488
- C:\Windows\System\PmvjUhD.exe
  C:\Windows\System\PmvjUhD.exe
  2⤵
  PID:3812
- C:\Windows\System\txIeMbd.exe
  C:\Windows\System\txIeMbd.exe
  2⤵
  PID:3564
- C:\Windows\System\pJwsgxI.exe
  C:\Windows\System\pJwsgxI.exe
  2⤵
  PID:4108
- C:\Windows\System\UlNmokO.exe
  C:\Windows\System\UlNmokO.exe
  2⤵
  PID:4128
- C:\Windows\System\DbAAiNW.exe
  C:\Windows\System\DbAAiNW.exe
  2⤵
  PID:4152
- C:\Windows\System\bWjQiNy.exe
  C:\Windows\System\bWjQiNy.exe
  2⤵
  PID:4172
- C:\Windows\System\ysDpgXz.exe
  C:\Windows\System\ysDpgXz.exe
  2⤵
  PID:4192
- C:\Windows\System\iGUIFYB.exe
  C:\Windows\System\iGUIFYB.exe
  2⤵
  PID:4212
- C:\Windows\System\jZasQOz.exe
  C:\Windows\System\jZasQOz.exe
  2⤵
  PID:4232
- C:\Windows\System\PrEaVDN.exe
  C:\Windows\System\PrEaVDN.exe
  2⤵
  PID:4252
- C:\Windows\System\mTLUNBc.exe
  C:\Windows\System\mTLUNBc.exe
  2⤵
  PID:4272
- C:\Windows\System\gkXjoAj.exe
  C:\Windows\System\gkXjoAj.exe
  2⤵
  PID:4292
- C:\Windows\System\YqPhCIQ.exe
  C:\Windows\System\YqPhCIQ.exe
  2⤵
  PID:4308
- C:\Windows\System\yxGVQUV.exe
  C:\Windows\System\yxGVQUV.exe
  2⤵
  PID:4332
- C:\Windows\System\evMTsbk.exe
  C:\Windows\System\evMTsbk.exe
  2⤵
  PID:4348
- C:\Windows\System\uFBjRLq.exe
  C:\Windows\System\uFBjRLq.exe
  2⤵
  PID:4372
- C:\Windows\System\iphmiCZ.exe
  C:\Windows\System\iphmiCZ.exe
  2⤵
  PID:4392
- C:\Windows\System\hdDtLaS.exe
  C:\Windows\System\hdDtLaS.exe
  2⤵
  PID:4412
- C:\Windows\System\xRTnIZr.exe
  C:\Windows\System\xRTnIZr.exe
  2⤵
  PID:4428
- C:\Windows\System\CucztGJ.exe
  C:\Windows\System\CucztGJ.exe
  2⤵
  PID:4448
- C:\Windows\System\rEQIcOG.exe
  C:\Windows\System\rEQIcOG.exe
  2⤵
  PID:4468
- C:\Windows\System\FbpNOoI.exe
  C:\Windows\System\FbpNOoI.exe
  2⤵
  PID:4492
- C:\Windows\System\iTvgIMa.exe
  C:\Windows\System\iTvgIMa.exe
  2⤵
  PID:4512
- C:\Windows\System\ogAVYIv.exe
  C:\Windows\System\ogAVYIv.exe
  2⤵
  PID:4532
- C:\Windows\System\kzBsZrV.exe
  C:\Windows\System\kzBsZrV.exe
  2⤵
  PID:4548
- C:\Windows\System\cHzjmkS.exe
  C:\Windows\System\cHzjmkS.exe
  2⤵
  PID:4576
- C:\Windows\System\zjiEVKW.exe
  C:\Windows\System\zjiEVKW.exe
  2⤵
  PID:4592
- C:\Windows\System\GBtjAmd.exe
  C:\Windows\System\GBtjAmd.exe
  2⤵
  PID:4612
- C:\Windows\System\iHiLWCO.exe
  C:\Windows\System\iHiLWCO.exe
  2⤵
  PID:4636
- C:\Windows\System\gBaGthz.exe
  C:\Windows\System\gBaGthz.exe
  2⤵
  PID:4656
- C:\Windows\System\YAIoEDS.exe
  C:\Windows\System\YAIoEDS.exe
  2⤵
  PID:4672
- C:\Windows\System\lWLbtFq.exe
  C:\Windows\System\lWLbtFq.exe
  2⤵
  PID:4688
- C:\Windows\System\pCSQPmq.exe
  C:\Windows\System\pCSQPmq.exe
  2⤵
  PID:4704
- C:\Windows\System\gNXriCd.exe
  C:\Windows\System\gNXriCd.exe
  2⤵
  PID:4736
- C:\Windows\System\cTHDrYK.exe
  C:\Windows\System\cTHDrYK.exe
  2⤵
  PID:4756
- C:\Windows\System\AvNBKed.exe
  C:\Windows\System\AvNBKed.exe
  2⤵
  PID:4780
- C:\Windows\System\OTNTCRS.exe
  C:\Windows\System\OTNTCRS.exe
  2⤵
  PID:4796
- C:\Windows\System\RTXpZBi.exe
  C:\Windows\System\RTXpZBi.exe
  2⤵
  PID:4812
- C:\Windows\System\JUrUDbJ.exe
  C:\Windows\System\JUrUDbJ.exe
  2⤵
  PID:4828
- C:\Windows\System\MQOqhgA.exe
  C:\Windows\System\MQOqhgA.exe
  2⤵
  PID:4856
- C:\Windows\System\dhJzBnd.exe
  C:\Windows\System\dhJzBnd.exe
  2⤵
  PID:4872
- C:\Windows\System\BESSzCb.exe
  C:\Windows\System\BESSzCb.exe
  2⤵
  PID:4888
- C:\Windows\System\lahAEZH.exe
  C:\Windows\System\lahAEZH.exe
  2⤵
  PID:4904
- C:\Windows\System\ZojQwWn.exe
  C:\Windows\System\ZojQwWn.exe
  2⤵
  PID:4920
- C:\Windows\System\ZWedQKj.exe
  C:\Windows\System\ZWedQKj.exe
  2⤵
  PID:4960
- C:\Windows\System\oappuJC.exe
  C:\Windows\System\oappuJC.exe
  2⤵
  PID:4980
- C:\Windows\System\OYSpijn.exe
  C:\Windows\System\OYSpijn.exe
  2⤵
  PID:4996
- C:\Windows\System\LiotHIV.exe
  C:\Windows\System\LiotHIV.exe
  2⤵
  PID:5020
- C:\Windows\System\uNUNGeZ.exe
  C:\Windows\System\uNUNGeZ.exe
  2⤵
  PID:5060
- C:\Windows\System\ecvgHqN.exe
  C:\Windows\System\ecvgHqN.exe
  2⤵
  PID:5076
- C:\Windows\System\eFHMfYU.exe
  C:\Windows\System\eFHMfYU.exe
  2⤵
  PID:5092
- C:\Windows\System\rEkmayP.exe
  C:\Windows\System\rEkmayP.exe
  2⤵
  PID:5112
- C:\Windows\System\FGJmGbr.exe
  C:\Windows\System\FGJmGbr.exe
  2⤵
  PID:3304
- C:\Windows\System\vXxuDZa.exe
  C:\Windows\System\vXxuDZa.exe
  2⤵
  PID:4068
- C:\Windows\System\BkyWaeE.exe
  C:\Windows\System\BkyWaeE.exe
  2⤵
  PID:2328
- C:\Windows\System\bAUHMIQ.exe
  C:\Windows\System\bAUHMIQ.exe
  2⤵
  PID:2164
- C:\Windows\System\ghtITQV.exe
  C:\Windows\System\ghtITQV.exe
  2⤵
  PID:4124
- C:\Windows\System\TsaxRUy.exe
  C:\Windows\System\TsaxRUy.exe
  2⤵
  PID:4164
- C:\Windows\System\elGsgvj.exe
  C:\Windows\System\elGsgvj.exe
  2⤵
  PID:4208
- C:\Windows\System\mFOTuDY.exe
  C:\Windows\System\mFOTuDY.exe
  2⤵
  PID:4184
- C:\Windows\System\BKUitxM.exe
  C:\Windows\System\BKUitxM.exe
  2⤵
  PID:4260
- C:\Windows\System\ChkJyGb.exe
  C:\Windows\System\ChkJyGb.exe
  2⤵
  PID:4264
- C:\Windows\System\hdOImZG.exe
  C:\Windows\System\hdOImZG.exe
  2⤵
  PID:4328
- C:\Windows\System\nUsWEoc.exe
  C:\Windows\System\nUsWEoc.exe
  2⤵
  PID:4356
- C:\Windows\System\jXXXwRp.exe
  C:\Windows\System\jXXXwRp.exe
  2⤵
  PID:4404
- C:\Windows\System\adrmGld.exe
  C:\Windows\System\adrmGld.exe
  2⤵
  PID:4436
- C:\Windows\System\sZcWpOV.exe
  C:\Windows\System\sZcWpOV.exe
  2⤵
  PID:4384
- C:\Windows\System\qntgXhg.exe
  C:\Windows\System\qntgXhg.exe
  2⤵
  PID:4480
- C:\Windows\System\MNocDTe.exe
  C:\Windows\System\MNocDTe.exe
  2⤵
  PID:4520
- C:\Windows\System\VBawUxM.exe
  C:\Windows\System\VBawUxM.exe
  2⤵
  PID:4464
- C:\Windows\System\OVYUHjj.exe
  C:\Windows\System\OVYUHjj.exe
  2⤵
  PID:4544
- C:\Windows\System\YSZomZh.exe
  C:\Windows\System\YSZomZh.exe
  2⤵
  PID:4584
- C:\Windows\System\MPDttxd.exe
  C:\Windows\System\MPDttxd.exe
  2⤵
  PID:4620
- C:\Windows\System\QjQumfU.exe
  C:\Windows\System\QjQumfU.exe
  2⤵
  PID:2836
- C:\Windows\System\ciFUpMV.exe
  C:\Windows\System\ciFUpMV.exe
  2⤵
  PID:340
- C:\Windows\System\IyfCZAC.exe
  C:\Windows\System\IyfCZAC.exe
  2⤵
  PID:2424
- C:\Windows\System\OFcJdPO.exe
  C:\Windows\System\OFcJdPO.exe
  2⤵
  PID:4712
- C:\Windows\System\ZrcOaSo.exe
  C:\Windows\System\ZrcOaSo.exe
  2⤵
  PID:4732
- C:\Windows\System\DEPDQKg.exe
  C:\Windows\System\DEPDQKg.exe
  2⤵
  PID:4668
- C:\Windows\System\LFPmzPx.exe
  C:\Windows\System\LFPmzPx.exe
  2⤵
  PID:4808
- C:\Windows\System\LoftuZE.exe
  C:\Windows\System\LoftuZE.exe
  2⤵
  PID:2564
- C:\Windows\System\jUGdxTx.exe
  C:\Windows\System\jUGdxTx.exe
  2⤵
  PID:4912
- C:\Windows\System\Mfcsjxk.exe
  C:\Windows\System\Mfcsjxk.exe
  2⤵
  PID:4820
- C:\Windows\System\KqAFhql.exe
  C:\Windows\System\KqAFhql.exe
  2⤵
  PID:4864
- C:\Windows\System\LZCIfUj.exe
  C:\Windows\System\LZCIfUj.exe
  2⤵
  PID:4928
- C:\Windows\System\YyyRykw.exe
  C:\Windows\System\YyyRykw.exe
  2⤵
  PID:4952
- C:\Windows\System\IjcXUvU.exe
  C:\Windows\System\IjcXUvU.exe
  2⤵
  PID:4992
- C:\Windows\System\iirRyIP.exe
  C:\Windows\System\iirRyIP.exe
  2⤵
  PID:5028
- C:\Windows\System\fwuFWWR.exe
  C:\Windows\System\fwuFWWR.exe
  2⤵
  PID:2036
- C:\Windows\System\aBrCWhu.exe
  C:\Windows\System\aBrCWhu.exe
  2⤵
  PID:2940
- C:\Windows\System\zrVuKeq.exe
  C:\Windows\System\zrVuKeq.exe
  2⤵
  PID:5072
- C:\Windows\System\BmGyOer.exe
  C:\Windows\System\BmGyOer.exe
  2⤵
  PID:5084
- C:\Windows\System\qKydYuG.exe
  C:\Windows\System\qKydYuG.exe
  2⤵
  PID:1308
- C:\Windows\System\WCNWsdy.exe
  C:\Windows\System\WCNWsdy.exe
  2⤵
  PID:3180
- C:\Windows\System\yTOObIL.exe
  C:\Windows\System\yTOObIL.exe
  2⤵
  PID:4028
- C:\Windows\System\mucjSdx.exe
  C:\Windows\System\mucjSdx.exe
  2⤵
  PID:4104
- C:\Windows\System\cBtjkVl.exe
  C:\Windows\System\cBtjkVl.exe
  2⤵
  PID:4180
- C:\Windows\System\DdNFrkt.exe
  C:\Windows\System\DdNFrkt.exe
  2⤵
  PID:4220
- C:\Windows\System\MOwOuci.exe
  C:\Windows\System\MOwOuci.exe
  2⤵
  PID:4268
- C:\Windows\System\soPFYLl.exe
  C:\Windows\System\soPFYLl.exe
  2⤵
  PID:4344
- C:\Windows\System\wBAxnwq.exe
  C:\Windows\System\wBAxnwq.exe
  2⤵
  PID:836
- C:\Windows\System\mXMMWzY.exe
  C:\Windows\System\mXMMWzY.exe
  2⤵
  PID:1932
- C:\Windows\System\WRalMHE.exe
  C:\Windows\System\WRalMHE.exe
  2⤵
  PID:4624
- C:\Windows\System\jqsfncW.exe
  C:\Windows\System\jqsfncW.exe
  2⤵
  PID:2696
- C:\Windows\System\cPRuMae.exe
  C:\Windows\System\cPRuMae.exe
  2⤵
  PID:2712
- C:\Windows\System\ppftlnr.exe
  C:\Windows\System\ppftlnr.exe
  2⤵
  PID:4320
- C:\Windows\System\qdejoNP.exe
  C:\Windows\System\qdejoNP.exe
  2⤵
  PID:4648
- C:\Windows\System\NKPveQD.exe
  C:\Windows\System\NKPveQD.exe
  2⤵
  PID:4608
- C:\Windows\System\QcAWAcf.exe
  C:\Windows\System\QcAWAcf.exe
  2⤵
  PID:2792
- C:\Windows\System\LXkDBuo.exe
  C:\Windows\System\LXkDBuo.exe
  2⤵
  PID:4700
- C:\Windows\System\TjpZCcb.exe
  C:\Windows\System\TjpZCcb.exe
  2⤵
  PID:4748
- C:\Windows\System\iDFXcio.exe
  C:\Windows\System\iDFXcio.exe
  2⤵
  PID:4664
- C:\Windows\System\uyDYmTi.exe
  C:\Windows\System\uyDYmTi.exe
  2⤵
  PID:4880
- C:\Windows\System\yuRdLzG.exe
  C:\Windows\System\yuRdLzG.exe
  2⤵
  PID:4972
- C:\Windows\System\xtxecnf.exe
  C:\Windows\System\xtxecnf.exe
  2⤵
  PID:4944
- C:\Windows\System\UrexoaS.exe
  C:\Windows\System\UrexoaS.exe
  2⤵
  PID:4940
- C:\Windows\System\vLSQFiw.exe
  C:\Windows\System\vLSQFiw.exe
  2⤵
  PID:4788
- C:\Windows\System\cOBUXSC.exe
  C:\Windows\System\cOBUXSC.exe
  2⤵
  PID:4988
- C:\Windows\System\YDhfAmy.exe
  C:\Windows\System\YDhfAmy.exe
  2⤵
  PID:5104
- C:\Windows\System\dAkvDzq.exe
  C:\Windows\System\dAkvDzq.exe
  2⤵
  PID:2296
- C:\Windows\System\NRZqPXs.exe
  C:\Windows\System\NRZqPXs.exe
  2⤵
  PID:4200
- C:\Windows\System\wXWMiAn.exe
  C:\Windows\System\wXWMiAn.exe
  2⤵
  PID:4564
- C:\Windows\System\NpPpUBW.exe
  C:\Windows\System\NpPpUBW.exe
  2⤵
  PID:3012
- C:\Windows\System\IkMONFX.exe
  C:\Windows\System\IkMONFX.exe
  2⤵
  PID:4324
- C:\Windows\System\tYJhgBy.exe
  C:\Windows\System\tYJhgBy.exe
  2⤵
  PID:4728
- C:\Windows\System\YAQyzGw.exe
  C:\Windows\System\YAQyzGw.exe
  2⤵
  PID:1108
- C:\Windows\System\HKkXqYo.exe
  C:\Windows\System\HKkXqYo.exe
  2⤵
  PID:4248
- C:\Windows\System\WgANoiM.exe
  C:\Windows\System\WgANoiM.exe
  2⤵
  PID:4852
- C:\Windows\System\eLSCeSJ.exe
  C:\Windows\System\eLSCeSJ.exe
  2⤵
  PID:4900
- C:\Windows\System\iwftRPs.exe
  C:\Windows\System\iwftRPs.exe
  2⤵
  PID:4476
- C:\Windows\System\IpmKelz.exe
  C:\Windows\System\IpmKelz.exe
  2⤵
  PID:4504
- C:\Windows\System\rLdlPHI.exe
  C:\Windows\System\rLdlPHI.exe
  2⤵
  PID:2660
- C:\Windows\System\tPpZbci.exe
  C:\Windows\System\tPpZbci.exe
  2⤵
  PID:3008
- C:\Windows\System\pBCRJZz.exe
  C:\Windows\System\pBCRJZz.exe
  2⤵
  PID:4168
- C:\Windows\System\VIBeHsR.exe
  C:\Windows\System\VIBeHsR.exe
  2⤵
  PID:2744
- C:\Windows\System\MLAtVRO.exe
  C:\Windows\System\MLAtVRO.exe
  2⤵
  PID:2996
- C:\Windows\System\wUpKPlQ.exe
  C:\Windows\System\wUpKPlQ.exe
  2⤵
  PID:4804
- C:\Windows\System\ghNpwXw.exe
  C:\Windows\System\ghNpwXw.exe
  2⤵
  PID:5016
- C:\Windows\System\DyBdsBd.exe
  C:\Windows\System\DyBdsBd.exe
  2⤵
  PID:4764
- C:\Windows\System\QKzQjfr.exe
  C:\Windows\System\QKzQjfr.exe
  2⤵
  PID:5068
- C:\Windows\System\ByuHGRk.exe
  C:\Windows\System\ByuHGRk.exe
  2⤵
  PID:4288
- C:\Windows\System\BisZDSw.exe
  C:\Windows\System\BisZDSw.exe
  2⤵
  PID:1764
- C:\Windows\System\UNPahVt.exe
  C:\Windows\System\UNPahVt.exe
  2⤵
  PID:4896
- C:\Windows\System\hvETQOk.exe
  C:\Windows\System\hvETQOk.exe
  2⤵
  PID:1660
- C:\Windows\System\zGKbice.exe
  C:\Windows\System\zGKbice.exe
  2⤵
  PID:5040
- C:\Windows\System\tuaEUca.exe
  C:\Windows\System\tuaEUca.exe
  2⤵
  PID:2972
- C:\Windows\System\AhIvqbB.exe
  C:\Windows\System\AhIvqbB.exe
  2⤵
  PID:3988
- C:\Windows\System\YodOlrz.exe
  C:\Windows\System\YodOlrz.exe
  2⤵
  PID:4556
- C:\Windows\System\FaCmupk.exe
  C:\Windows\System\FaCmupk.exe
  2⤵
  PID:528
- C:\Windows\System\kVJnWjv.exe
  C:\Windows\System\kVJnWjv.exe
  2⤵
  PID:4388
- C:\Windows\System\lxhNUml.exe
  C:\Windows\System\lxhNUml.exe
  2⤵
  PID:1768
- C:\Windows\System\xJTaLTj.exe
  C:\Windows\System\xJTaLTj.exe
  2⤵
  PID:2732
- C:\Windows\System\NbYVABv.exe
  C:\Windows\System\NbYVABv.exe
  2⤵
  PID:4284
- C:\Windows\System\qpfwUTQ.exe
  C:\Windows\System\qpfwUTQ.exe
  2⤵
  PID:4724
- C:\Windows\System\RQJapEF.exe
  C:\Windows\System\RQJapEF.exe
  2⤵
  PID:2388
- C:\Windows\System\zKXJGag.exe
  C:\Windows\System\zKXJGag.exe
  2⤵
  PID:5140
- C:\Windows\System\SbggRVC.exe
  C:\Windows\System\SbggRVC.exe
  2⤵
  PID:5156
- C:\Windows\System\tvfYLAa.exe
  C:\Windows\System\tvfYLAa.exe
  2⤵
  PID:5176
- C:\Windows\System\IREdzRq.exe
  C:\Windows\System\IREdzRq.exe
  2⤵
  PID:5200
- C:\Windows\System\EXPwKcN.exe
  C:\Windows\System\EXPwKcN.exe
  2⤵
  PID:5224
- C:\Windows\System\bCZHGlm.exe
  C:\Windows\System\bCZHGlm.exe
  2⤵
  PID:5240
- C:\Windows\System\kbXacOi.exe
  C:\Windows\System\kbXacOi.exe
  2⤵
  PID:5260
- C:\Windows\System\ZQbSAyZ.exe
  C:\Windows\System\ZQbSAyZ.exe
  2⤵
  PID:5280
- C:\Windows\System\urigWRA.exe
  C:\Windows\System\urigWRA.exe
  2⤵
  PID:5304
- C:\Windows\System\ALIdibC.exe
  C:\Windows\System\ALIdibC.exe
  2⤵
  PID:5320
- C:\Windows\System\IfQErDL.exe
  C:\Windows\System\IfQErDL.exe
  2⤵
  PID:5340
- C:\Windows\System\bzJtPQV.exe
  C:\Windows\System\bzJtPQV.exe
  2⤵
  PID:5360
- C:\Windows\System\ftAaQEg.exe
  C:\Windows\System\ftAaQEg.exe
  2⤵
  PID:5376
- C:\Windows\System\ibgAZTE.exe
  C:\Windows\System\ibgAZTE.exe
  2⤵
  PID:5412
- C:\Windows\System\RFAtDFp.exe
  C:\Windows\System\RFAtDFp.exe
  2⤵
  PID:5436
- C:\Windows\System\sJdvWrw.exe
  C:\Windows\System\sJdvWrw.exe
  2⤵
  PID:5452
- C:\Windows\System\EYXNNWJ.exe
  C:\Windows\System\EYXNNWJ.exe
  2⤵
  PID:5472
- C:\Windows\System\razVvyb.exe
  C:\Windows\System\razVvyb.exe
  2⤵
  PID:5488
- C:\Windows\System\TYxvDGl.exe
  C:\Windows\System\TYxvDGl.exe
  2⤵
  PID:5512
- C:\Windows\System\LRkcEeC.exe
  C:\Windows\System\LRkcEeC.exe
  2⤵
  PID:5528
- C:\Windows\System\HJkHxiz.exe
  C:\Windows\System\HJkHxiz.exe
  2⤵
  PID:5544
- C:\Windows\System\ZFBmDok.exe
  C:\Windows\System\ZFBmDok.exe
  2⤵
  PID:5560
- C:\Windows\System\xbnqdQy.exe
  C:\Windows\System\xbnqdQy.exe
  2⤵
  PID:5588
- C:\Windows\System\JKeWssz.exe
  C:\Windows\System\JKeWssz.exe
  2⤵
  PID:5608
- C:\Windows\System\sBRkTnE.exe
  C:\Windows\System\sBRkTnE.exe
  2⤵
  PID:5636
- C:\Windows\System\vJNtDEF.exe
  C:\Windows\System\vJNtDEF.exe
  2⤵
  PID:5660
- C:\Windows\System\reHJDjd.exe
  C:\Windows\System\reHJDjd.exe
  2⤵
  PID:5676
- C:\Windows\System\blQDYWJ.exe
  C:\Windows\System\blQDYWJ.exe
  2⤵
  PID:5704
- C:\Windows\System\YBtdeFc.exe
  C:\Windows\System\YBtdeFc.exe
  2⤵
  PID:5724
- C:\Windows\System\cctxnLK.exe
  C:\Windows\System\cctxnLK.exe
  2⤵
  PID:5740
- C:\Windows\System\JECGUIa.exe
  C:\Windows\System\JECGUIa.exe
  2⤵
  PID:5756
- C:\Windows\System\xbfUjEy.exe
  C:\Windows\System\xbfUjEy.exe
  2⤵
  PID:5776
- C:\Windows\System\eJttxHV.exe
  C:\Windows\System\eJttxHV.exe
  2⤵
  PID:5800
- C:\Windows\System\ifYRbmA.exe
  C:\Windows\System\ifYRbmA.exe
  2⤵
  PID:5820
- C:\Windows\System\wjbBXQG.exe
  C:\Windows\System\wjbBXQG.exe
  2⤵
  PID:5836
- C:\Windows\System\IpGhawU.exe
  C:\Windows\System\IpGhawU.exe
  2⤵
  PID:5852
- C:\Windows\System\vJiNnGk.exe
  C:\Windows\System\vJiNnGk.exe
  2⤵
  PID:5872
- C:\Windows\System\wyhBUoj.exe
  C:\Windows\System\wyhBUoj.exe
  2⤵
  PID:5892
- C:\Windows\System\FZvYxKE.exe
  C:\Windows\System\FZvYxKE.exe
  2⤵
  PID:5912
- C:\Windows\System\OzWrSHk.exe
  C:\Windows\System\OzWrSHk.exe
  2⤵
  PID:5928
- C:\Windows\System\CdeSlRm.exe
  C:\Windows\System\CdeSlRm.exe
  2⤵
  PID:5944
- C:\Windows\System\PhxgTcm.exe
  C:\Windows\System\PhxgTcm.exe
  2⤵
  PID:5960
- C:\Windows\System\tWBgZPV.exe
  C:\Windows\System\tWBgZPV.exe
  2⤵
  PID:5976
- C:\Windows\System\wSOoxBd.exe
  C:\Windows\System\wSOoxBd.exe
  2⤵
  PID:5996
- C:\Windows\System\UQhNIAK.exe
  C:\Windows\System\UQhNIAK.exe
  2⤵
  PID:6020
- C:\Windows\System\MvXueyS.exe
  C:\Windows\System\MvXueyS.exe
  2⤵
  PID:6036
- C:\Windows\System\vHbwzLn.exe
  C:\Windows\System\vHbwzLn.exe
  2⤵
  PID:6076
- C:\Windows\System\szvgWMy.exe
  C:\Windows\System\szvgWMy.exe
  2⤵
  PID:6092
- C:\Windows\System\mUcVGUS.exe
  C:\Windows\System\mUcVGUS.exe
  2⤵
  PID:6108
- C:\Windows\System\hjnXqOT.exe
  C:\Windows\System\hjnXqOT.exe
  2⤵
  PID:6124
- C:\Windows\System\KlWBaJX.exe
  C:\Windows\System\KlWBaJX.exe
  2⤵
  PID:5124
- C:\Windows\System\bnGaTNN.exe
  C:\Windows\System\bnGaTNN.exe
  2⤵
  PID:5164
- C:\Windows\System\whaCUMP.exe
  C:\Windows\System\whaCUMP.exe
  2⤵
  PID:772
- C:\Windows\System\SyQxgMm.exe
  C:\Windows\System\SyQxgMm.exe
  2⤵
  PID:5212
- C:\Windows\System\eqafZqJ.exe
  C:\Windows\System\eqafZqJ.exe
  2⤵
  PID:5152
- C:\Windows\System\sxJkrDP.exe
  C:\Windows\System\sxJkrDP.exe
  2⤵
  PID:5256
- C:\Windows\System\yedDbYc.exe
  C:\Windows\System\yedDbYc.exe
  2⤵
  PID:2676
- C:\Windows\System\rUsxghc.exe
  C:\Windows\System\rUsxghc.exe
  2⤵
  PID:1996
- C:\Windows\System\VtOWBdL.exe
  C:\Windows\System\VtOWBdL.exe
  2⤵
  PID:5332
- C:\Windows\System\huDrqHD.exe
  C:\Windows\System\huDrqHD.exe
  2⤵
  PID:948
- C:\Windows\System\YMOhkYb.exe
  C:\Windows\System\YMOhkYb.exe
  2⤵
  PID:5352
- C:\Windows\System\uFCBUBA.exe
  C:\Windows\System\uFCBUBA.exe
  2⤵
  PID:5400
- C:\Windows\System\aAXGqCh.exe
  C:\Windows\System\aAXGqCh.exe
  2⤵
  PID:5392
- C:\Windows\System\bdIYYlt.exe
  C:\Windows\System\bdIYYlt.exe
  2⤵
  PID:5448
- C:\Windows\System\NFYYqGe.exe
  C:\Windows\System\NFYYqGe.exe
  2⤵
  PID:5468
- C:\Windows\System\bcQZhmq.exe
  C:\Windows\System\bcQZhmq.exe
  2⤵
  PID:5480
- C:\Windows\System\RYXowGF.exe
  C:\Windows\System\RYXowGF.exe
  2⤵
  PID:5520
- C:\Windows\System\MRPToPb.exe
  C:\Windows\System\MRPToPb.exe
  2⤵
  PID:5580
- C:\Windows\System\rEgvhZh.exe
  C:\Windows\System\rEgvhZh.exe
  2⤵
  PID:5596
- C:\Windows\System\JKERhxJ.exe
  C:\Windows\System\JKERhxJ.exe
  2⤵
  PID:5524
- C:\Windows\System\NAJzPlN.exe
  C:\Windows\System\NAJzPlN.exe
  2⤵
  PID:5644
- C:\Windows\System\LggoKUU.exe
  C:\Windows\System\LggoKUU.exe
  2⤵
  PID:5668
- C:\Windows\System\EVEnOHO.exe
  C:\Windows\System\EVEnOHO.exe
  2⤵
  PID:5716
- C:\Windows\System\BebKlku.exe
  C:\Windows\System\BebKlku.exe
  2⤵
  PID:2856
- C:\Windows\System\sEVdLPW.exe
  C:\Windows\System\sEVdLPW.exe
  2⤵
  PID:5736
- C:\Windows\System\rxoxnhc.exe
  C:\Windows\System\rxoxnhc.exe
  2⤵
  PID:2688
- C:\Windows\System\cESSwGf.exe
  C:\Windows\System\cESSwGf.exe
  2⤵
  PID:5768
- C:\Windows\System\zBcSGXN.exe
  C:\Windows\System\zBcSGXN.exe
  2⤵
  PID:5864
- C:\Windows\System\rPVbTUM.exe
  C:\Windows\System\rPVbTUM.exe
  2⤵
  PID:5904
- C:\Windows\System\jGKlnYk.exe
  C:\Windows\System\jGKlnYk.exe
  2⤵
  PID:6004
- C:\Windows\System\WQcCdZh.exe
  C:\Windows\System\WQcCdZh.exe
  2⤵
  PID:6064
- C:\Windows\System\ESFiwpP.exe
  C:\Windows\System\ESFiwpP.exe
  2⤵
  PID:6072
- C:\Windows\System\RuVswIn.exe
  C:\Windows\System\RuVswIn.exe
  2⤵
  PID:6104
- C:\Windows\System\WJQjOsm.exe
  C:\Windows\System\WJQjOsm.exe
  2⤵
  PID:5956
- C:\Windows\System\UfGlZxK.exe
  C:\Windows\System\UfGlZxK.exe
  2⤵
  PID:6032
- C:\Windows\System\IWIzurN.exe
  C:\Windows\System\IWIzurN.exe
  2⤵
  PID:6116
- C:\Windows\System\bWsnges.exe
  C:\Windows\System\bWsnges.exe
  2⤵
  PID:4424
- C:\Windows\System\WohgjUy.exe
  C:\Windows\System\WohgjUy.exe
  2⤵
  PID:2012
- C:\Windows\System\HmzDYxg.exe
  C:\Windows\System\HmzDYxg.exe
  2⤵
  PID:5336
- C:\Windows\System\ZfivRFe.exe
  C:\Windows\System\ZfivRFe.exe
  2⤵
  PID:5312
- C:\Windows\System\uOTPBOR.exe
  C:\Windows\System\uOTPBOR.exe
  2⤵
  PID:5192
- C:\Windows\System\RxUOEGz.exe
  C:\Windows\System\RxUOEGz.exe
  2⤵
  PID:5292
- C:\Windows\System\RrZBIOz.exe
  C:\Windows\System\RrZBIOz.exe
  2⤵
  PID:5372
- C:\Windows\System\DNIiBPJ.exe
  C:\Windows\System\DNIiBPJ.exe
  2⤵
  PID:5428
- C:\Windows\System\QgqEvNE.exe
  C:\Windows\System\QgqEvNE.exe
  2⤵
  PID:5424
- C:\Windows\System\LdIBdbu.exe
  C:\Windows\System\LdIBdbu.exe
  2⤵
  PID:2540
- C:\Windows\System\PROgGyE.exe
  C:\Windows\System\PROgGyE.exe
  2⤵
  PID:5656
- C:\Windows\System\EaNbALL.exe
  C:\Windows\System\EaNbALL.exe
  2⤵
  PID:5784
- C:\Windows\System\lTLxupP.exe
  C:\Windows\System\lTLxupP.exe
  2⤵
  PID:5624
- C:\Windows\System\kSdHAku.exe
  C:\Windows\System\kSdHAku.exe
  2⤵
  PID:5500
- C:\Windows\System\BrGrStw.exe
  C:\Windows\System\BrGrStw.exe
  2⤵
  PID:5796
- C:\Windows\System\eDBEYeY.exe
  C:\Windows\System\eDBEYeY.exe
  2⤵
  PID:1600
- C:\Windows\System\rqnaixK.exe
  C:\Windows\System\rqnaixK.exe
  2⤵
  PID:6012
- C:\Windows\System\QEMKNwm.exe
  C:\Windows\System\QEMKNwm.exe
  2⤵
  PID:5700
- C:\Windows\System\qXCLnsy.exe
  C:\Windows\System\qXCLnsy.exe
  2⤵
  PID:5688
- C:\Windows\System\uNKUdrG.exe
  C:\Windows\System\uNKUdrG.exe
  2⤵
  PID:6100
- C:\Windows\System\XTWoILE.exe
  C:\Windows\System\XTWoILE.exe
  2⤵
  PID:6028
- C:\Windows\System\RzkWzmn.exe
  C:\Windows\System\RzkWzmn.exe
  2⤵
  PID:5920
- C:\Windows\System\KFMyJtW.exe
  C:\Windows\System\KFMyJtW.exe
  2⤵
  PID:6084
- C:\Windows\System\CVhCKPe.exe
  C:\Windows\System\CVhCKPe.exe
  2⤵
  PID:3852
- C:\Windows\System\xCUToYg.exe
  C:\Windows\System\xCUToYg.exe
  2⤵
  PID:5220
- C:\Windows\System\twDJXOn.exe
  C:\Windows\System\twDJXOn.exe
  2⤵
  PID:5328
- C:\Windows\System\UOwrntr.exe
  C:\Windows\System\UOwrntr.exe
  2⤵
  PID:5388
- C:\Windows\System\DUKpelB.exe
  C:\Windows\System\DUKpelB.exe
  2⤵
  PID:5604
- C:\Windows\System\AJyHxLH.exe
  C:\Windows\System\AJyHxLH.exe
  2⤵
  PID:5132
- C:\Windows\System\aFqIKGP.exe
  C:\Windows\System\aFqIKGP.exe
  2⤵
  PID:5652
- C:\Windows\System\gjHTDhK.exe
  C:\Windows\System\gjHTDhK.exe
  2⤵
  PID:5568
- C:\Windows\System\stPubpA.exe
  C:\Windows\System\stPubpA.exe
  2⤵
  PID:5832
- C:\Windows\System\xtSdCVG.exe
  C:\Windows\System\xtSdCVG.exe
  2⤵
  PID:5972
- C:\Windows\System\acJGkro.exe
  C:\Windows\System\acJGkro.exe
  2⤵
  PID:6052
- C:\Windows\System\vmaUOCb.exe
  C:\Windows\System\vmaUOCb.exe
  2⤵
  PID:5988
- C:\Windows\System\TiYaNLa.exe
  C:\Windows\System\TiYaNLa.exe
  2⤵
  PID:5252
- C:\Windows\System\PhFvblf.exe
  C:\Windows\System\PhFvblf.exe
  2⤵
  PID:5236
- C:\Windows\System\ZFUtZYU.exe
  C:\Windows\System\ZFUtZYU.exe
  2⤵
  PID:5208
- C:\Windows\System\dQGtDkY.exe
  C:\Windows\System\dQGtDkY.exe
  2⤵
  PID:5464
- C:\Windows\System\vRIJIdG.exe
  C:\Windows\System\vRIJIdG.exe
  2⤵
  PID:2212
- C:\Windows\System\JxzMmNT.exe
  C:\Windows\System\JxzMmNT.exe
  2⤵
  PID:5788
- C:\Windows\System\PgYnaJR.exe
  C:\Windows\System\PgYnaJR.exe
  2⤵
  PID:5844
- C:\Windows\System\Jemmsjv.exe
  C:\Windows\System\Jemmsjv.exe
  2⤵
  PID:6016
- C:\Windows\System\iCDIcRi.exe
  C:\Windows\System\iCDIcRi.exe
  2⤵
  PID:5900
- C:\Windows\System\XPIZFep.exe
  C:\Windows\System\XPIZFep.exe
  2⤵
  PID:5136
- C:\Windows\System\AohVmCK.exe
  C:\Windows\System\AohVmCK.exe
  2⤵
  PID:5692
- C:\Windows\System\fuAAjNu.exe
  C:\Windows\System\fuAAjNu.exe
  2⤵
  PID:5712
- C:\Windows\System\yJAsxhf.exe
  C:\Windows\System\yJAsxhf.exe
  2⤵
  PID:6060
- C:\Windows\System\MnHDiJT.exe
  C:\Windows\System\MnHDiJT.exe
  2⤵
  PID:5600
- C:\Windows\System\OUDwuwc.exe
  C:\Windows\System\OUDwuwc.exe
  2⤵
  PID:5188
- C:\Windows\System\UWHVIKt.exe
  C:\Windows\System\UWHVIKt.exe
  2⤵
  PID:6140
- C:\Windows\System\TFPCbMa.exe
  C:\Windows\System\TFPCbMa.exe
  2⤵
  PID:540
- C:\Windows\System\EipQuph.exe
  C:\Windows\System\EipQuph.exe
  2⤵
  PID:5056
- C:\Windows\System\WZgEdYK.exe
  C:\Windows\System\WZgEdYK.exe
  2⤵
  PID:976
- C:\Windows\System\eIiYrTR.exe
  C:\Windows\System\eIiYrTR.exe
  2⤵
  PID:1904
- C:\Windows\System\XeUEldI.exe
  C:\Windows\System\XeUEldI.exe
  2⤵
  PID:6156
- C:\Windows\System\JgfOgcj.exe
  C:\Windows\System\JgfOgcj.exe
  2⤵
  PID:6180
- C:\Windows\System\nEqtELB.exe
  C:\Windows\System\nEqtELB.exe
  2⤵
  PID:6200
- C:\Windows\System\grsTOAM.exe
  C:\Windows\System\grsTOAM.exe
  2⤵
  PID:6216
- C:\Windows\System\OKlkWYE.exe
  C:\Windows\System\OKlkWYE.exe
  2⤵
  PID:6244
- C:\Windows\System\scmSlts.exe
  C:\Windows\System\scmSlts.exe
  2⤵
  PID:6264
- C:\Windows\System\UfLaJDl.exe
  C:\Windows\System\UfLaJDl.exe
  2⤵
  PID:6280
- C:\Windows\System\miCokTy.exe
  C:\Windows\System\miCokTy.exe
  2⤵
  PID:6300
- C:\Windows\System\ibShVyY.exe
  C:\Windows\System\ibShVyY.exe
  2⤵
  PID:6316
- C:\Windows\System\RtfHIpc.exe
  C:\Windows\System\RtfHIpc.exe
  2⤵
  PID:6332
- C:\Windows\System\pyuXdTm.exe
  C:\Windows\System\pyuXdTm.exe
  2⤵
  PID:6352
- C:\Windows\System\CRGpRvl.exe
  C:\Windows\System\CRGpRvl.exe
  2⤵
  PID:6368
- C:\Windows\System\vhpWqlL.exe
  C:\Windows\System\vhpWqlL.exe
  2⤵
  PID:6384
- C:\Windows\System\nGpCvTd.exe
  C:\Windows\System\nGpCvTd.exe
  2⤵
  PID:6400
- C:\Windows\System\eLrqpXf.exe
  C:\Windows\System\eLrqpXf.exe
  2⤵
  PID:6420
- C:\Windows\System\WlDapCd.exe
  C:\Windows\System\WlDapCd.exe
  2⤵
  PID:6448
- C:\Windows\System\RNgAoPq.exe
  C:\Windows\System\RNgAoPq.exe
  2⤵
  PID:6484
- C:\Windows\System\DzntLXb.exe
  C:\Windows\System\DzntLXb.exe
  2⤵
  PID:6500
- C:\Windows\System\ZLsHPsa.exe
  C:\Windows\System\ZLsHPsa.exe
  2⤵
  PID:6520
- C:\Windows\System\fbgqEGa.exe
  C:\Windows\System\fbgqEGa.exe
  2⤵
  PID:6536
- C:\Windows\System\Ladfhqt.exe
  C:\Windows\System\Ladfhqt.exe
  2⤵
  PID:6560
- C:\Windows\System\DYyXVhV.exe
  C:\Windows\System\DYyXVhV.exe
  2⤵
  PID:6576
- C:\Windows\System\fLcdPxL.exe
  C:\Windows\System\fLcdPxL.exe
  2⤵
  PID:6592
- C:\Windows\System\TNkLMep.exe
  C:\Windows\System\TNkLMep.exe
  2⤵
  PID:6616
- C:\Windows\System\CzFehdK.exe
  C:\Windows\System\CzFehdK.exe
  2⤵
  PID:6636
- C:\Windows\System\csTQABr.exe
  C:\Windows\System\csTQABr.exe
  2⤵
  PID:6660
- C:\Windows\System\kfpeTrX.exe
  C:\Windows\System\kfpeTrX.exe
  2⤵
  PID:6676
- C:\Windows\System\kmvTbPN.exe
  C:\Windows\System\kmvTbPN.exe
  2⤵
  PID:6692
- C:\Windows\System\vYeWDQG.exe
  C:\Windows\System\vYeWDQG.exe
  2⤵
  PID:6708
- C:\Windows\System\adUmnej.exe
  C:\Windows\System\adUmnej.exe
  2⤵
  PID:6748
- C:\Windows\System\uKpjHtU.exe
  C:\Windows\System\uKpjHtU.exe
  2⤵
  PID:6764
- C:\Windows\System\wABMulr.exe
  C:\Windows\System\wABMulr.exe
  2⤵
  PID:6780
- C:\Windows\System\glfBLFk.exe
  C:\Windows\System\glfBLFk.exe
  2⤵
  PID:6796
- C:\Windows\System\TpdRtqX.exe
  C:\Windows\System\TpdRtqX.exe
  2⤵
  PID:6816
- C:\Windows\System\kWGknXc.exe
  C:\Windows\System\kWGknXc.exe
  2⤵
  PID:6832
- C:\Windows\System\peMMJDz.exe
  C:\Windows\System\peMMJDz.exe
  2⤵
  PID:6856
- C:\Windows\System\xOCMwab.exe
  C:\Windows\System\xOCMwab.exe
  2⤵
  PID:6872
- C:\Windows\System\juQijDb.exe
  C:\Windows\System\juQijDb.exe
  2⤵
  PID:6888
- C:\Windows\System\QENvSru.exe
  C:\Windows\System\QENvSru.exe
  2⤵
  PID:6904
- C:\Windows\System\tridGAZ.exe
  C:\Windows\System\tridGAZ.exe
  2⤵
  PID:6920
- C:\Windows\System\JjyXnaE.exe
  C:\Windows\System\JjyXnaE.exe
  2⤵
  PID:6944
- C:\Windows\System\oSazogl.exe
  C:\Windows\System\oSazogl.exe
  2⤵
  PID:6960
- C:\Windows\System\NVrmEVa.exe
  C:\Windows\System\NVrmEVa.exe
  2⤵
  PID:6976
- C:\Windows\System\ngPkChP.exe
  C:\Windows\System\ngPkChP.exe
  2⤵
  PID:6996
- C:\Windows\System\INSIyLj.exe
  C:\Windows\System\INSIyLj.exe
  2⤵
  PID:7012
- C:\Windows\System\COPxxAn.exe
  C:\Windows\System\COPxxAn.exe
  2⤵
  PID:7040
- C:\Windows\System\LTZultr.exe
  C:\Windows\System\LTZultr.exe
  2⤵
  PID:7068
- C:\Windows\System\vFdrybg.exe
  C:\Windows\System\vFdrybg.exe
  2⤵
  PID:7100
- C:\Windows\System\OcmgNmD.exe
  C:\Windows\System\OcmgNmD.exe
  2⤵
  PID:7120
- C:\Windows\System\olAJrBg.exe
  C:\Windows\System\olAJrBg.exe
  2⤵
  PID:7136
- C:\Windows\System\czrkrMB.exe
  C:\Windows\System\czrkrMB.exe
  2⤵
  PID:7152
- C:\Windows\System\BFjoDBi.exe
  C:\Windows\System\BFjoDBi.exe
  2⤵
  PID:5936
- C:\Windows\System\egzczUP.exe
  C:\Windows\System\egzczUP.exe
  2⤵
  PID:6172
- C:\Windows\System\ZmIshdI.exe
  C:\Windows\System\ZmIshdI.exe
  2⤵
  PID:6152
- C:\Windows\System\aCkSuCg.exe
  C:\Windows\System\aCkSuCg.exe
  2⤵
  PID:5940
- C:\Windows\System\JYVCMou.exe
  C:\Windows\System\JYVCMou.exe
  2⤵
  PID:6228
- C:\Windows\System\yuguvHS.exe
  C:\Windows\System\yuguvHS.exe
  2⤵
  PID:6292
- C:\Windows\System\zhNTXdL.exe
  C:\Windows\System\zhNTXdL.exe
  2⤵
  PID:6340
- C:\Windows\System\GRFBqGI.exe
  C:\Windows\System\GRFBqGI.exe
  2⤵
  PID:6396
- C:\Windows\System\YxOjuia.exe
  C:\Windows\System\YxOjuia.exe
  2⤵
  PID:6432
- C:\Windows\System\iGuegWa.exe
  C:\Windows\System\iGuegWa.exe
  2⤵
  PID:6416
- C:\Windows\System\dEzdIlA.exe
  C:\Windows\System\dEzdIlA.exe
  2⤵
  PID:6528
- C:\Windows\System\tozznGV.exe
  C:\Windows\System\tozznGV.exe
  2⤵
  PID:6508
- C:\Windows\System\xJFHSSc.exe
  C:\Windows\System\xJFHSSc.exe
  2⤵
  PID:6612
- C:\Windows\System\WmMJdjl.exe
  C:\Windows\System\WmMJdjl.exe
  2⤵
  PID:6648
- C:\Windows\System\SgsIWkb.exe
  C:\Windows\System\SgsIWkb.exe
  2⤵
  PID:6464
- C:\Windows\System\wOzyoGy.exe
  C:\Windows\System\wOzyoGy.exe
  2⤵
  PID:6544
- C:\Windows\System\gkhcIgI.exe
  C:\Windows\System\gkhcIgI.exe
  2⤵
  PID:6480
- C:\Windows\System\JSjcutw.exe
  C:\Windows\System\JSjcutw.exe
  2⤵
  PID:6672
- C:\Windows\System\DfFrNNi.exe
  C:\Windows\System\DfFrNNi.exe
  2⤵
  PID:5696
- C:\Windows\System\dsTQKCy.exe
  C:\Windows\System\dsTQKCy.exe
  2⤵
  PID:6656
- C:\Windows\System\ilQtmnF.exe
  C:\Windows\System\ilQtmnF.exe
  2⤵
  PID:6880
- C:\Windows\System\vGxGCdl.exe
  C:\Windows\System\vGxGCdl.exe
  2⤵
  PID:6956
- C:\Windows\System\hZVDVUn.exe
  C:\Windows\System\hZVDVUn.exe
  2⤵
  PID:7028
- C:\Windows\System\wFYTjsW.exe
  C:\Windows\System\wFYTjsW.exe
  2⤵
  PID:6928
- C:\Windows\System\PbZvsip.exe
  C:\Windows\System\PbZvsip.exe
  2⤵
  PID:7024
- C:\Windows\System\aZbjODI.exe
  C:\Windows\System\aZbjODI.exe
  2⤵
  PID:6972
- C:\Windows\System\YENcQjx.exe
  C:\Windows\System\YENcQjx.exe
  2⤵
  PID:6896
- C:\Windows\System\qhntkhp.exe
  C:\Windows\System\qhntkhp.exe
  2⤵
  PID:7076
- C:\Windows\System\NEHtVog.exe
  C:\Windows\System\NEHtVog.exe
  2⤵
  PID:7092
- C:\Windows\System\ablFYpy.exe
  C:\Windows\System\ablFYpy.exe
  2⤵
  PID:6176
- C:\Windows\System\ccfOhxh.exe
  C:\Windows\System\ccfOhxh.exe
  2⤵
  PID:6232
- C:\Windows\System\AyaKXcO.exe
  C:\Windows\System\AyaKXcO.exe
  2⤵
  PID:7064
- C:\Windows\System\aYhbsOy.exe
  C:\Windows\System\aYhbsOy.exe
  2⤵
  PID:5812
- C:\Windows\System\jTGARXE.exe
  C:\Windows\System\jTGARXE.exe
  2⤵
  PID:7148
- C:\Windows\System\CRXHOXP.exe
  C:\Windows\System\CRXHOXP.exe
  2⤵
  PID:6256
- C:\Windows\System\tyeCvHp.exe
  C:\Windows\System\tyeCvHp.exe
  2⤵
  PID:6364
- C:\Windows\System\bzNcsmp.exe
  C:\Windows\System\bzNcsmp.exe
  2⤵
  PID:6392
- C:\Windows\System\qqJwDVT.exe
  C:\Windows\System\qqJwDVT.exe
  2⤵
  PID:6644
- C:\Windows\System\VucmXFq.exe
  C:\Windows\System\VucmXFq.exe
  2⤵
  PID:6728
- C:\Windows\System\NSbosBl.exe
  C:\Windows\System\NSbosBl.exe
  2⤵
  PID:6716
- C:\Windows\System\llQzEDt.exe
  C:\Windows\System\llQzEDt.exe
  2⤵
  PID:6604
- C:\Windows\System\RVIuXIK.exe
  C:\Windows\System\RVIuXIK.exe
  2⤵
  PID:6512
- C:\Windows\System\erBKkEi.exe
  C:\Windows\System\erBKkEi.exe
  2⤵
  PID:6720
- C:\Windows\System\igXoMkq.exe
  C:\Windows\System\igXoMkq.exe
  2⤵
  PID:6772
- C:\Windows\System\UfdEKUD.exe
  C:\Windows\System\UfdEKUD.exe
  2⤵
  PID:6852
- C:\Windows\System\pFlYmTU.exe
  C:\Windows\System\pFlYmTU.exe
  2⤵
  PID:7020
- C:\Windows\System\biHvEhx.exe
  C:\Windows\System\biHvEhx.exe
  2⤵
  PID:6932
- C:\Windows\System\HIKcyvR.exe
  C:\Windows\System\HIKcyvR.exe
  2⤵
  PID:6968
- C:\Windows\System\totArNA.exe
  C:\Windows\System\totArNA.exe
  2⤵
  PID:6148
- C:\Windows\System\BRhseze.exe
  C:\Windows\System\BRhseze.exe
  2⤵
  PID:7128
- C:\Windows\System\srFLdaG.exe
  C:\Windows\System\srFLdaG.exe
  2⤵
  PID:7052
- C:\Windows\System\ZzJpLdQ.exe
  C:\Windows\System\ZzJpLdQ.exe
  2⤵
  PID:6412
- C:\Windows\System\LSfsDdp.exe
  C:\Windows\System\LSfsDdp.exe
  2⤵
  PID:6408
- C:\Windows\System\GXNMBza.exe
  C:\Windows\System\GXNMBza.exe
  2⤵
  PID:6652
- C:\Windows\System\raGVATW.exe
  C:\Windows\System\raGVATW.exe
  2⤵
  PID:6428
- C:\Windows\System\RyLDfpw.exe
  C:\Windows\System\RyLDfpw.exe
  2⤵
  PID:6588
- C:\Windows\System\WFUkfYm.exe
  C:\Windows\System\WFUkfYm.exe
  2⤵
  PID:6628
- C:\Windows\System\eVXQxrM.exe
  C:\Windows\System\eVXQxrM.exe
  2⤵
  PID:6744
- C:\Windows\System\WYmxFZb.exe
  C:\Windows\System\WYmxFZb.exe
  2⤵
  PID:6828
- C:\Windows\System\NETjKbQ.exe
  C:\Windows\System\NETjKbQ.exe
  2⤵
  PID:7160
- C:\Windows\System\aquPfER.exe
  C:\Windows\System\aquPfER.exe
  2⤵
  PID:6276
- C:\Windows\System\JqUfMUN.exe
  C:\Windows\System\JqUfMUN.exe
  2⤵
  PID:6864
- C:\Windows\System\hYQWtiL.exe
  C:\Windows\System\hYQWtiL.exe
  2⤵
  PID:6736
- C:\Windows\System\GGEmPJt.exe
  C:\Windows\System\GGEmPJt.exe
  2⤵
  PID:6844
- C:\Windows\System\koddfsz.exe
  C:\Windows\System\koddfsz.exe
  2⤵
  PID:7112
- C:\Windows\System\jfBaktj.exe
  C:\Windows\System\jfBaktj.exe
  2⤵
  PID:6472
- C:\Windows\System\JRedknk.exe
  C:\Windows\System\JRedknk.exe
  2⤵
  PID:6476
- C:\Windows\System\MqvzuCX.exe
  C:\Windows\System\MqvzuCX.exe
  2⤵
  PID:7084
- C:\Windows\System\rHsvRhG.exe
  C:\Windows\System\rHsvRhG.exe
  2⤵
  PID:7144
- C:\Windows\System\lKszhZw.exe
  C:\Windows\System\lKszhZw.exe
  2⤵
  PID:7048
- C:\Windows\System\hGHyRuN.exe
  C:\Windows\System\hGHyRuN.exe
  2⤵
  PID:6724
- C:\Windows\System\PWUMFgE.exe
  C:\Windows\System\PWUMFgE.exe
  2⤵
  PID:6808
- C:\Windows\System\PjlNZqO.exe
  C:\Windows\System\PjlNZqO.exe
  2⤵
  PID:7008
- C:\Windows\System\uWXJcnj.exe
  C:\Windows\System\uWXJcnj.exe
  2⤵
  PID:6788
- C:\Windows\System\cPrgFgH.exe
  C:\Windows\System\cPrgFgH.exe
  2⤵
  PID:6756
- C:\Windows\System\ClvmGCm.exe
  C:\Windows\System\ClvmGCm.exe
  2⤵
  PID:7188
- C:\Windows\System\NmNobAu.exe
  C:\Windows\System\NmNobAu.exe
  2⤵
  PID:7204
- C:\Windows\System\oxtayOw.exe
  C:\Windows\System\oxtayOw.exe
  2⤵
  PID:7220
- C:\Windows\System\aKmyKYJ.exe
  C:\Windows\System\aKmyKYJ.exe
  2⤵
  PID:7236
- C:\Windows\System\iIndzyn.exe
  C:\Windows\System\iIndzyn.exe
  2⤵
  PID:7264
- C:\Windows\System\nwBkbZn.exe
  C:\Windows\System\nwBkbZn.exe
  2⤵
  PID:7288
- C:\Windows\System\hbfFVEZ.exe
  C:\Windows\System\hbfFVEZ.exe
  2⤵
  PID:7304
- C:\Windows\System\MfPMvrw.exe
  C:\Windows\System\MfPMvrw.exe
  2⤵
  PID:7320
- C:\Windows\System\CMTicWV.exe
  C:\Windows\System\CMTicWV.exe
  2⤵
  PID:7336
- C:\Windows\System\HeAjbeI.exe
  C:\Windows\System\HeAjbeI.exe
  2⤵
  PID:7352
- C:\Windows\System\nPoKoNx.exe
  C:\Windows\System\nPoKoNx.exe
  2⤵
  PID:7372
- C:\Windows\System\tFzOfFP.exe
  C:\Windows\System\tFzOfFP.exe
  2⤵
  PID:7388
- C:\Windows\System\hAuiLgB.exe
  C:\Windows\System\hAuiLgB.exe
  2⤵
  PID:7412
- C:\Windows\System\kogprqf.exe
  C:\Windows\System\kogprqf.exe
  2⤵
  PID:7428
- C:\Windows\System\Txaikkm.exe
  C:\Windows\System\Txaikkm.exe
  2⤵
  PID:7444
- C:\Windows\System\LugXkWZ.exe
  C:\Windows\System\LugXkWZ.exe
  2⤵
  PID:7460
- C:\Windows\System\ldqfcMx.exe
  C:\Windows\System\ldqfcMx.exe
  2⤵
  PID:7476
- C:\Windows\System\gjxFsEP.exe
  C:\Windows\System\gjxFsEP.exe
  2⤵
  PID:7492
- C:\Windows\System\KltiNDM.exe
  C:\Windows\System\KltiNDM.exe
  2⤵
  PID:7508
- C:\Windows\System\VwIfnoF.exe
  C:\Windows\System\VwIfnoF.exe
  2⤵
  PID:7524
- C:\Windows\System\FuyzPXu.exe
  C:\Windows\System\FuyzPXu.exe
  2⤵
  PID:7540
- C:\Windows\System\BQTVMnA.exe
  C:\Windows\System\BQTVMnA.exe
  2⤵
  PID:7560
- C:\Windows\System\IUercMu.exe
  C:\Windows\System\IUercMu.exe
  2⤵
  PID:7576
- C:\Windows\System\ibGUTAp.exe
  C:\Windows\System\ibGUTAp.exe
  2⤵
  PID:7592
- C:\Windows\System\DjprsZu.exe
  C:\Windows\System\DjprsZu.exe
  2⤵
  PID:7680
- C:\Windows\System\EbnrYxa.exe
  C:\Windows\System\EbnrYxa.exe
  2⤵
  PID:7700
- C:\Windows\System\RrxJCte.exe
  C:\Windows\System\RrxJCte.exe
  2⤵
  PID:7716
- C:\Windows\System\YuMXgDL.exe
  C:\Windows\System\YuMXgDL.exe
  2⤵
  PID:7732
- C:\Windows\System\DdokICv.exe
  C:\Windows\System\DdokICv.exe
  2⤵
  PID:7752
- C:\Windows\System\BSlmCkE.exe
  C:\Windows\System\BSlmCkE.exe
  2⤵
  PID:7768
- C:\Windows\System\zysDfqX.exe
  C:\Windows\System\zysDfqX.exe
  2⤵
  PID:7784
- C:\Windows\System\HmEnJlq.exe
  C:\Windows\System\HmEnJlq.exe
  2⤵
  PID:7800
- C:\Windows\System\lJshOrv.exe
  C:\Windows\System\lJshOrv.exe
  2⤵
  PID:7816
- C:\Windows\System\lbKaRlk.exe
  C:\Windows\System\lbKaRlk.exe
  2⤵
  PID:7832
- C:\Windows\System\VKHPVSG.exe
  C:\Windows\System\VKHPVSG.exe
  2⤵
  PID:7856
- C:\Windows\System\rlEBwEQ.exe
  C:\Windows\System\rlEBwEQ.exe
  2⤵
  PID:7880
- C:\Windows\System\AbZFxlG.exe
  C:\Windows\System\AbZFxlG.exe
  2⤵
  PID:7896
- C:\Windows\System\cOWZLUI.exe
  C:\Windows\System\cOWZLUI.exe
  2⤵
  PID:7916
- C:\Windows\System\dNPWryZ.exe
  C:\Windows\System\dNPWryZ.exe
  2⤵
  PID:7932
- C:\Windows\System\plDaZPO.exe
  C:\Windows\System\plDaZPO.exe
  2⤵
  PID:7972
- C:\Windows\System\tkBHtvA.exe
  C:\Windows\System\tkBHtvA.exe
  2⤵
  PID:7992
- C:\Windows\System\qbSFcyM.exe
  C:\Windows\System\qbSFcyM.exe
  2⤵
  PID:8008
- C:\Windows\System\FCgAXWW.exe
  C:\Windows\System\FCgAXWW.exe
  2⤵
  PID:8036
- C:\Windows\System\QpfyZkV.exe
  C:\Windows\System\QpfyZkV.exe
  2⤵
  PID:8052
- C:\Windows\System\nYBepMe.exe
  C:\Windows\System\nYBepMe.exe
  2⤵
  PID:8072
- C:\Windows\System\MhdXlUw.exe
  C:\Windows\System\MhdXlUw.exe
  2⤵
  PID:8092
- C:\Windows\System\tBpWItq.exe
  C:\Windows\System\tBpWItq.exe
  2⤵
  PID:8108
- C:\Windows\System\PCUTodD.exe
  C:\Windows\System\PCUTodD.exe
  2⤵
  PID:8124
- C:\Windows\System\GXdDoSr.exe
  C:\Windows\System\GXdDoSr.exe
  2⤵
  PID:8140
- C:\Windows\System\eMNYIYm.exe
  C:\Windows\System\eMNYIYm.exe
  2⤵
  PID:8156
- C:\Windows\System\SPaWgOy.exe
  C:\Windows\System\SPaWgOy.exe
  2⤵
  PID:8176
- C:\Windows\System\RFBGgjI.exe
  C:\Windows\System\RFBGgjI.exe
  2⤵
  PID:6916
- C:\Windows\System\hSwOylN.exe
  C:\Windows\System\hSwOylN.exe
  2⤵
  PID:7196
- C:\Windows\System\OgrSQnq.exe
  C:\Windows\System\OgrSQnq.exe
  2⤵
  PID:7280
- C:\Windows\System\NPGatYs.exe
  C:\Windows\System\NPGatYs.exe
  2⤵
  PID:7344
- C:\Windows\System\GBubajw.exe
  C:\Windows\System\GBubajw.exe
  2⤵
  PID:7452
- C:\Windows\System\xdaIQOZ.exe
  C:\Windows\System\xdaIQOZ.exe
  2⤵
  PID:7520
- C:\Windows\System\TzKAkdv.exe
  C:\Windows\System\TzKAkdv.exe
  2⤵
  PID:7584
- C:\Windows\System\EUAxxjI.exe
  C:\Windows\System\EUAxxjI.exe
  2⤵
  PID:7248
- C:\Windows\System\WVShAfh.exe
  C:\Windows\System\WVShAfh.exe
  2⤵
  PID:7296
- C:\Windows\System\OQucPbj.exe
  C:\Windows\System\OQucPbj.exe
  2⤵
  PID:7608
- C:\Windows\System\tfgqifT.exe
  C:\Windows\System\tfgqifT.exe
  2⤵
  PID:7180
- C:\Windows\System\YMytfTT.exe
  C:\Windows\System\YMytfTT.exe
  2⤵
  PID:7644
- C:\Windows\System\Qepcpai.exe
  C:\Windows\System\Qepcpai.exe
  2⤵
  PID:7364
- C:\Windows\System\vdrwXti.exe
  C:\Windows\System\vdrwXti.exe
  2⤵
  PID:7648
- C:\Windows\System\vAQXMIF.exe
  C:\Windows\System\vAQXMIF.exe
  2⤵
  PID:7468
- C:\Windows\System\yWVnstC.exe
  C:\Windows\System\yWVnstC.exe
  2⤵
  PID:7656
- C:\Windows\System\tDfvGem.exe
  C:\Windows\System\tDfvGem.exe
  2⤵
  PID:7572
- C:\Windows\System\BEUJZmg.exe
  C:\Windows\System\BEUJZmg.exe
  2⤵
  PID:7176
- C:\Windows\System\eqqprqD.exe
  C:\Windows\System\eqqprqD.exe
  2⤵
  PID:7624
- C:\Windows\System\KdxMXDe.exe
  C:\Windows\System\KdxMXDe.exe
  2⤵
  PID:7808
- C:\Windows\System\GbKkhIC.exe
  C:\Windows\System\GbKkhIC.exe
  2⤵
  PID:7792
- C:\Windows\System\yvrfHju.exe
  C:\Windows\System\yvrfHju.exe
  2⤵
  PID:7708
- C:\Windows\System\hiqvLIc.exe
  C:\Windows\System\hiqvLIc.exe
  2⤵
  PID:7776
- C:\Windows\System\ujvanGO.exe
  C:\Windows\System\ujvanGO.exe
  2⤵
  PID:7852
- C:\Windows\System\UbOluJZ.exe
  C:\Windows\System\UbOluJZ.exe
  2⤵
  PID:7872
- C:\Windows\System\XFVSDiV.exe
  C:\Windows\System\XFVSDiV.exe
  2⤵
  PID:7912
- C:\Windows\System\cLzKAOT.exe
  C:\Windows\System\cLzKAOT.exe
  2⤵
  PID:7956
- C:\Windows\System\MJUHrfz.exe
  C:\Windows\System\MJUHrfz.exe
  2⤵
  PID:7944
- C:\Windows\System\zsRrXrZ.exe
  C:\Windows\System\zsRrXrZ.exe
  2⤵
  PID:8024
- C:\Windows\System\jryuwLT.exe
  C:\Windows\System\jryuwLT.exe
  2⤵
  PID:8164
- C:\Windows\System\BIlbfrd.exe
  C:\Windows\System\BIlbfrd.exe
  2⤵
  PID:8020
- C:\Windows\System\tAJacRw.exe
  C:\Windows\System\tAJacRw.exe
  2⤵
  PID:8100
- C:\Windows\System\NbNzjrP.exe
  C:\Windows\System\NbNzjrP.exe
  2⤵
  PID:7276
- C:\Windows\System\jDomOEi.exe
  C:\Windows\System\jDomOEi.exe
  2⤵
  PID:7384
- C:\Windows\System\ySFeWAM.exe
  C:\Windows\System\ySFeWAM.exe
  2⤵
  PID:7556
- C:\Windows\System\DmfTrDd.exe
  C:\Windows\System\DmfTrDd.exe
  2⤵
  PID:7620
- C:\Windows\System\vpXbuvL.exe
  C:\Windows\System\vpXbuvL.exe
  2⤵
  PID:7516
- C:\Windows\System\jvAzaEQ.exe
  C:\Windows\System\jvAzaEQ.exe
  2⤵
  PID:7532
- C:\Windows\System\HzErDOO.exe
  C:\Windows\System\HzErDOO.exe
  2⤵
  PID:7360
- C:\Windows\System\izJWiSD.exe
  C:\Windows\System\izJWiSD.exe
  2⤵
  PID:7652
- C:\Windows\System\bYAQFMq.exe
  C:\Windows\System\bYAQFMq.exe
  2⤵
  PID:7840
- C:\Windows\System\qujlYpV.exe
  C:\Windows\System\qujlYpV.exe
  2⤵
  PID:7948
- C:\Windows\System\ZiqtBBA.exe
  C:\Windows\System\ZiqtBBA.exe
  2⤵
  PID:8004
- C:\Windows\System\zESyuPb.exe
  C:\Windows\System\zESyuPb.exe
  2⤵
  PID:8048
- C:\Windows\System\hqOGlAt.exe
  C:\Windows\System\hqOGlAt.exe
  2⤵
  PID:7056
- C:\Windows\System\rMKNhMl.exe
  C:\Windows\System\rMKNhMl.exe
  2⤵
  PID:7688
- C:\Windows\System\jHCFDJV.exe
  C:\Windows\System\jHCFDJV.exe
  2⤵
  PID:8148
- C:\Windows\System\wruNWCL.exe
  C:\Windows\System\wruNWCL.exe
  2⤵
  PID:7848
- C:\Windows\System\eIeepLS.exe
  C:\Windows\System\eIeepLS.exe
  2⤵
  PID:8184
- C:\Windows\System\OOFFriL.exe
  C:\Windows\System\OOFFriL.exe
  2⤵
  PID:7924
- C:\Windows\System\meHggUZ.exe
  C:\Windows\System\meHggUZ.exe
  2⤵
  PID:7400
- C:\Windows\System\DBuKHHj.exe
  C:\Windows\System\DBuKHHj.exe
  2⤵
  PID:7968
- C:\Windows\System\wEYyMvH.exe
  C:\Windows\System\wEYyMvH.exe
  2⤵
  PID:8136
- C:\Windows\System\koRYViL.exe
  C:\Windows\System\koRYViL.exe
  2⤵
  PID:7244
- C:\Windows\System\XUHowtg.exe
  C:\Windows\System\XUHowtg.exe
  2⤵
  PID:8068
- C:\Windows\System\MLDUSNs.exe
  C:\Windows\System\MLDUSNs.exe
  2⤵
  PID:8208
- C:\Windows\System\wGjLPhL.exe
  C:\Windows\System\wGjLPhL.exe
  2⤵
  PID:8232
- C:\Windows\System\tyJnOiY.exe
  C:\Windows\System\tyJnOiY.exe
  2⤵
  PID:8248
- C:\Windows\System\yIiOBMj.exe
  C:\Windows\System\yIiOBMj.exe
  2⤵
  PID:8276
- C:\Windows\System\JCGtdlf.exe
  C:\Windows\System\JCGtdlf.exe
  2⤵
  PID:8292
- C:\Windows\System\aVDOPQI.exe
  C:\Windows\System\aVDOPQI.exe
  2⤵
  PID:8312
- C:\Windows\System\KpSnIWA.exe
  C:\Windows\System\KpSnIWA.exe
  2⤵
  PID:8332
- C:\Windows\System\IKzLsOi.exe
  C:\Windows\System\IKzLsOi.exe
  2⤵
  PID:8352
- C:\Windows\System\nuhIdVV.exe
  C:\Windows\System\nuhIdVV.exe
  2⤵
  PID:8376
- C:\Windows\System\JZemQVL.exe
  C:\Windows\System\JZemQVL.exe
  2⤵
  PID:8396
- C:\Windows\System\ZDlcNvh.exe
  C:\Windows\System\ZDlcNvh.exe
  2⤵
  PID:8416
- C:\Windows\System\TUVDuTr.exe
  C:\Windows\System\TUVDuTr.exe
  2⤵
  PID:8448
- C:\Windows\System\YzFTtLt.exe
  C:\Windows\System\YzFTtLt.exe
  2⤵
  PID:8468
- C:\Windows\System\vClmHmE.exe
  C:\Windows\System\vClmHmE.exe
  2⤵
  PID:8496
- C:\Windows\System\xmZUizp.exe
  C:\Windows\System\xmZUizp.exe
  2⤵
  PID:8520
- C:\Windows\System\QnGXnoj.exe
  C:\Windows\System\QnGXnoj.exe
  2⤵
  PID:8540
- C:\Windows\System\JKwquiW.exe
  C:\Windows\System\JKwquiW.exe
  2⤵
  PID:8560
- C:\Windows\System\WHwsgeP.exe
  C:\Windows\System\WHwsgeP.exe
  2⤵
  PID:8576
- C:\Windows\System\OOyfUmE.exe
  C:\Windows\System\OOyfUmE.exe
  2⤵
  PID:8600
- C:\Windows\System\CmTzDxn.exe
  C:\Windows\System\CmTzDxn.exe
  2⤵
  PID:8624
- C:\Windows\System\GKUjydA.exe
  C:\Windows\System\GKUjydA.exe
  2⤵
  PID:8640
- C:\Windows\System\keZKEmq.exe
  C:\Windows\System\keZKEmq.exe
  2⤵
  PID:8660
- C:\Windows\System\KbyyIyk.exe
  C:\Windows\System\KbyyIyk.exe
  2⤵
  PID:8680
- C:\Windows\System\KvVrMkU.exe
  C:\Windows\System\KvVrMkU.exe
  2⤵
  PID:8696
- C:\Windows\System\WRNfHxF.exe
  C:\Windows\System\WRNfHxF.exe
  2⤵
  PID:8716
- C:\Windows\System\MjhQMYY.exe
  C:\Windows\System\MjhQMYY.exe
  2⤵
  PID:8736
- C:\Windows\System\awozOkC.exe
  C:\Windows\System\awozOkC.exe
  2⤵
  PID:8752
- C:\Windows\System\wIjcFsO.exe
  C:\Windows\System\wIjcFsO.exe
  2⤵
  PID:8768
- C:\Windows\System\hAxtdTe.exe
  C:\Windows\System\hAxtdTe.exe
  2⤵
  PID:8792
- C:\Windows\System\ugERevk.exe
  C:\Windows\System\ugERevk.exe
  2⤵
  PID:8812
- C:\Windows\System\wgnRDBC.exe
  C:\Windows\System\wgnRDBC.exe
  2⤵
  PID:8840
- C:\Windows\System\kMiJeAg.exe
  C:\Windows\System\kMiJeAg.exe
  2⤵
  PID:8896
- C:\Windows\System\oKziXXd.exe
  C:\Windows\System\oKziXXd.exe
  2⤵
  PID:8916
- C:\Windows\System\uvAsOCq.exe
  C:\Windows\System\uvAsOCq.exe
  2⤵
  PID:8936
- C:\Windows\System\ppCPOcd.exe
  C:\Windows\System\ppCPOcd.exe
  2⤵
  PID:8952
- C:\Windows\System\PEqHCyW.exe
  C:\Windows\System\PEqHCyW.exe
  2⤵
  PID:8968
- C:\Windows\System\PnopEJB.exe
  C:\Windows\System\PnopEJB.exe
  2⤵
  PID:8984
- C:\Windows\System\sgINpzC.exe
  C:\Windows\System\sgINpzC.exe
  2⤵
  PID:9000
- C:\Windows\System\FRmnivz.exe
  C:\Windows\System\FRmnivz.exe
  2⤵
  PID:9016
- C:\Windows\System\HkjLYdY.exe
  C:\Windows\System\HkjLYdY.exe
  2⤵
  PID:9032
- C:\Windows\System\ELmuLwu.exe
  C:\Windows\System\ELmuLwu.exe
  2⤵
  PID:9052
- C:\Windows\System\gYNDorz.exe
  C:\Windows\System\gYNDorz.exe
  2⤵
  PID:9068
- C:\Windows\System\lYRPQLW.exe
  C:\Windows\System\lYRPQLW.exe
  2⤵
  PID:9084
- C:\Windows\System\Djjepym.exe
  C:\Windows\System\Djjepym.exe
  2⤵
  PID:9100
- C:\Windows\System\HdfNUUU.exe
  C:\Windows\System\HdfNUUU.exe
  2⤵
  PID:9116
- C:\Windows\System\WUTYRRZ.exe
  C:\Windows\System\WUTYRRZ.exe
  2⤵
  PID:9132
- C:\Windows\System\HKbbFoB.exe
  C:\Windows\System\HKbbFoB.exe
  2⤵
  PID:9148
- C:\Windows\System\yDnZuqT.exe
  C:\Windows\System\yDnZuqT.exe
  2⤵
  PID:9164
- C:\Windows\System\MFZfAIu.exe
  C:\Windows\System\MFZfAIu.exe
  2⤵
  PID:9180
- C:\Windows\System\wiZtYjf.exe
  C:\Windows\System\wiZtYjf.exe
  2⤵
  PID:9200
- C:\Windows\System\GOTsuXP.exe
  C:\Windows\System\GOTsuXP.exe
  2⤵
  PID:7536
- C:\Windows\System\EMLAxjn.exe
  C:\Windows\System\EMLAxjn.exe
  2⤵
  PID:7424
- C:\Windows\System\YaLnwuI.exe
  C:\Windows\System\YaLnwuI.exe
  2⤵
  PID:7928
- C:\Windows\System\hfVfEZM.exe
  C:\Windows\System\hfVfEZM.exe
  2⤵
  PID:8000
- C:\Windows\System\waEAJNO.exe
  C:\Windows\System\waEAJNO.exe
  2⤵
  PID:8228
- C:\Windows\System\qUAjREe.exe
  C:\Windows\System\qUAjREe.exe
  2⤵
  PID:8256
- C:\Windows\System\OisjvCB.exe
  C:\Windows\System\OisjvCB.exe
  2⤵
  PID:8308
- C:\Windows\System\oAUvjLB.exe
  C:\Windows\System\oAUvjLB.exe
  2⤵
  PID:7780
- C:\Windows\System\dXwqztJ.exe
  C:\Windows\System\dXwqztJ.exe
  2⤵
  PID:8432
- C:\Windows\System\DkQkKEF.exe
  C:\Windows\System\DkQkKEF.exe
  2⤵
  PID:8480
- C:\Windows\System\mlrQeTW.exe
  C:\Windows\System\mlrQeTW.exe
  2⤵
  PID:8328
- C:\Windows\System\IXbIbqf.exe
  C:\Windows\System\IXbIbqf.exe
  2⤵
  PID:7824
- C:\Windows\System\jKVtlKv.exe
  C:\Windows\System\jKVtlKv.exe
  2⤵
  PID:8528
- C:\Windows\System\MOLJTio.exe
  C:\Windows\System\MOLJTio.exe
  2⤵
  PID:8320
- C:\Windows\System\KTacbBJ.exe
  C:\Windows\System\KTacbBJ.exe
  2⤵
  PID:8608
- C:\Windows\System\kScbief.exe
  C:\Windows\System\kScbief.exe
  2⤵
  PID:8616
- C:\Windows\System\MpfKGvO.exe
  C:\Windows\System\MpfKGvO.exe
  2⤵
  PID:8676
- C:\Windows\System\eVXJFhY.exe
  C:\Windows\System\eVXJFhY.exe
  2⤵
  PID:7964
- C:\Windows\System\avFqeNt.exe
  C:\Windows\System\avFqeNt.exe
  2⤵
  PID:7260
- C:\Windows\System\iphzRpk.exe
  C:\Windows\System\iphzRpk.exe
  2⤵
  PID:8244
- C:\Windows\System\lGcTcyc.exe
  C:\Windows\System\lGcTcyc.exe
  2⤵
  PID:8596
- C:\Windows\System\yFCTjsH.exe
  C:\Windows\System\yFCTjsH.exe
  2⤵
  PID:8636
- C:\Windows\System\vfvGjwm.exe
  C:\Windows\System\vfvGjwm.exe
  2⤵
  PID:8668
- C:\Windows\System\PEHOaDk.exe
  C:\Windows\System\PEHOaDk.exe
  2⤵
  PID:8412
- C:\Windows\System\HQAbmEO.exe
  C:\Windows\System\HQAbmEO.exe
  2⤵
  PID:8672
- C:\Windows\System\fKHrCny.exe
  C:\Windows\System\fKHrCny.exe
  2⤵
  PID:8780
- C:\Windows\System\UkaGYXi.exe
  C:\Windows\System\UkaGYXi.exe
  2⤵
  PID:8776
- C:\Windows\System\HHNUgXR.exe
  C:\Windows\System\HHNUgXR.exe
  2⤵
  PID:8832
- C:\Windows\System\sXMoSRG.exe
  C:\Windows\System\sXMoSRG.exe
  2⤵
  PID:8872
- C:\Windows\System\eoQAwJg.exe
  C:\Windows\System\eoQAwJg.exe
  2⤵
  PID:8904
- C:\Windows\System\alUikOK.exe
  C:\Windows\System\alUikOK.exe
  2⤵
  PID:8944
- C:\Windows\System\JMjLZwH.exe
  C:\Windows\System\JMjLZwH.exe
  2⤵
  PID:9024
- C:\Windows\System\OKUeQzg.exe
  C:\Windows\System\OKUeQzg.exe
  2⤵
  PID:9064
- C:\Windows\System\iAiEOjZ.exe
  C:\Windows\System\iAiEOjZ.exe
  2⤵
  PID:9012
- C:\Windows\System\utfarSs.exe
  C:\Windows\System\utfarSs.exe
  2⤵
  PID:9128
- C:\Windows\System\yfAZjBN.exe
  C:\Windows\System\yfAZjBN.exe
  2⤵
  PID:9076
- C:\Windows\System\txqUvnI.exe
  C:\Windows\System\txqUvnI.exe
  2⤵
  PID:9140
- C:\Windows\System\JaUNbRP.exe
  C:\Windows\System\JaUNbRP.exe
  2⤵
  PID:9192
- C:\Windows\System\GwSWrmH.exe
  C:\Windows\System\GwSWrmH.exe
  2⤵
  PID:9212
- C:\Windows\System\NdjFSyF.exe
  C:\Windows\System\NdjFSyF.exe
  2⤵
  PID:7764
- C:\Windows\System\IomHGlL.exe
  C:\Windows\System\IomHGlL.exe
  2⤵
  PID:8188
- C:\Windows\System\hHkroHH.exe
  C:\Windows\System\hHkroHH.exe
  2⤵
  PID:7632
- C:\Windows\System\ETAbybz.exe
  C:\Windows\System\ETAbybz.exe
  2⤵
  PID:8220
- C:\Windows\System\CWooOJe.exe
  C:\Windows\System\CWooOJe.exe
  2⤵
  PID:8268
- C:\Windows\System\OYvpEzb.exe
  C:\Windows\System\OYvpEzb.exe
  2⤵
  PID:8388
- C:\Windows\System\oipMJLQ.exe
  C:\Windows\System\oipMJLQ.exe
  2⤵
  PID:8428
- C:\Windows\System\tHqqMJX.exe
  C:\Windows\System\tHqqMJX.exe
  2⤵
  PID:8044
- C:\Windows\System\jznGUkh.exe
  C:\Windows\System\jznGUkh.exe
  2⤵
  PID:8368
- C:\Windows\System\OXxaMzm.exe
  C:\Windows\System\OXxaMzm.exe
  2⤵
  PID:7216
- C:\Windows\System\FRNYJwq.exe
  C:\Windows\System\FRNYJwq.exe
  2⤵
  PID:8360
- C:\Windows\System\DQuVwxT.exe
  C:\Windows\System\DQuVwxT.exe
  2⤵
  PID:8692
- C:\Windows\System\eQQJuqK.exe
  C:\Windows\System\eQQJuqK.exe
  2⤵
  PID:8516
- C:\Windows\System\twetBnG.exe
  C:\Windows\System\twetBnG.exe
  2⤵
  PID:8512
- C:\Windows\System\GmXEpCc.exe
  C:\Windows\System\GmXEpCc.exe
  2⤵
  PID:8588
- C:\Windows\System\JMaaAgu.exe
  C:\Windows\System\JMaaAgu.exe
  2⤵
  PID:8820
- C:\Windows\System\CAabmcJ.exe
  C:\Windows\System\CAabmcJ.exe
  2⤵
  PID:8568
- C:\Windows\System\BpzZVen.exe
  C:\Windows\System\BpzZVen.exe
  2⤵
  PID:6380
- C:\Windows\System\yKNKttb.exe
  C:\Windows\System\yKNKttb.exe
  2⤵
  PID:8464
- C:\Windows\System\DklhksL.exe
  C:\Windows\System\DklhksL.exe
  2⤵
  PID:8760
- C:\Windows\System\pMEijuT.exe
  C:\Windows\System\pMEijuT.exe
  2⤵
  PID:8964
- C:\Windows\System\ZsDHScs.exe
  C:\Windows\System\ZsDHScs.exe
  2⤵
  PID:8908
- C:\Windows\System\qMYJnBA.exe
  C:\Windows\System\qMYJnBA.exe
  2⤵
  PID:9048
- C:\Windows\System\sGeXeaT.exe
  C:\Windows\System\sGeXeaT.exe
  2⤵
  PID:9124
- C:\Windows\System\lCGRcGi.exe
  C:\Windows\System\lCGRcGi.exe
  2⤵
  PID:7488
- C:\Windows\System\rIeNIjx.exe
  C:\Windows\System\rIeNIjx.exe
  2⤵
  PID:8132
- C:\Windows\System\atRjqFA.exe
  C:\Windows\System\atRjqFA.exe
  2⤵
  PID:6196
- C:\Windows\System\edlpdRZ.exe
  C:\Windows\System\edlpdRZ.exe
  2⤵
  PID:8260
- C:\Windows\System\tIqVWew.exe
  C:\Windows\System\tIqVWew.exe
  2⤵
  PID:8300
- C:\Windows\System\ZHSsGuJ.exe
  C:\Windows\System\ZHSsGuJ.exe
  2⤵
  PID:8484
- C:\Windows\System\ntIlNFP.exe
  C:\Windows\System\ntIlNFP.exe
  2⤵
  PID:8204
- C:\Windows\System\bHjBqTa.exe
  C:\Windows\System\bHjBqTa.exe
  2⤵
  PID:8620
- C:\Windows\System\RIGnCsf.exe
  C:\Windows\System\RIGnCsf.exe
  2⤵
  PID:8548
- C:\Windows\System\VEpAnnq.exe
  C:\Windows\System\VEpAnnq.exe
  2⤵
  PID:8712
- C:\Windows\System\IhBXxBX.exe
  C:\Windows\System\IhBXxBX.exe
  2⤵
  PID:8592
- C:\Windows\System\aLjrMKy.exe
  C:\Windows\System\aLjrMKy.exe
  2⤵
  PID:8948
- C:\Windows\System\ZLcElAv.exe
  C:\Windows\System\ZLcElAv.exe
  2⤵
  PID:7312
- C:\Windows\System\kISqfKS.exe
  C:\Windows\System\kISqfKS.exe
  2⤵
  PID:8892
- C:\Windows\System\rsQTxzz.exe
  C:\Windows\System\rsQTxzz.exe
  2⤵
  PID:9196
- C:\Windows\System\bOmvJRA.exe
  C:\Windows\System\bOmvJRA.exe
  2⤵
  PID:9160
- C:\Windows\System\uVtYeZk.exe
  C:\Windows\System\uVtYeZk.exe
  2⤵
  PID:8508
- C:\Windows\System\phceqic.exe
  C:\Windows\System\phceqic.exe
  2⤵
  PID:7484
- C:\Windows\System\WwhLXTI.exe
  C:\Windows\System\WwhLXTI.exe
  2⤵
  PID:7396
- C:\Windows\System\xOSRObf.exe
  C:\Windows\System\xOSRObf.exe
  2⤵
  PID:8288
- C:\Windows\System\KddWqpF.exe
  C:\Windows\System\KddWqpF.exe
  2⤵
  PID:7672
- C:\Windows\System\vJOKiGl.exe
  C:\Windows\System\vJOKiGl.exe
  2⤵
  PID:8584
- C:\Windows\System\CdHNWbl.exe
  C:\Windows\System\CdHNWbl.exe
  2⤵
  PID:7232
- C:\Windows\System\SwSfmUx.exe
  C:\Windows\System\SwSfmUx.exe
  2⤵
  PID:8992
- C:\Windows\System\hlEtIyf.exe
  C:\Windows\System\hlEtIyf.exe
  2⤵
  PID:8404
- C:\Windows\System\xGCMrEe.exe
  C:\Windows\System\xGCMrEe.exe
  2⤵
  PID:8976
- C:\Windows\System\mLFvWYg.exe
  C:\Windows\System\mLFvWYg.exe
  2⤵
  PID:8552
- C:\Windows\System\xNhWiDf.exe
  C:\Windows\System\xNhWiDf.exe
  2⤵
  PID:9176
- C:\Windows\System\rdvPfDp.exe
  C:\Windows\System\rdvPfDp.exe
  2⤵
  PID:9208
- C:\Windows\System\aBXffYO.exe
  C:\Windows\System\aBXffYO.exe
  2⤵
  PID:7604
- C:\Windows\System\dVITpRt.exe
  C:\Windows\System\dVITpRt.exe
  2⤵
  PID:9092
- C:\Windows\System\xMBGLPg.exe
  C:\Windows\System\xMBGLPg.exe
  2⤵
  PID:9112
- C:\Windows\System\krOBsEB.exe
  C:\Windows\System\krOBsEB.exe
  2⤵
  PID:7908
- C:\Windows\System\MxMgLnM.exe
  C:\Windows\System\MxMgLnM.exe
  2⤵
  PID:8728
- C:\Windows\System\WYOgSSJ.exe
  C:\Windows\System\WYOgSSJ.exe
  2⤵
  PID:8504
- C:\Windows\System\OoBDAWF.exe
  C:\Windows\System\OoBDAWF.exe
  2⤵
  PID:8652
- C:\Windows\System\BocGZfB.exe
  C:\Windows\System\BocGZfB.exe
  2⤵
  PID:9240
- C:\Windows\System\LoPhHRO.exe
  C:\Windows\System\LoPhHRO.exe
  2⤵
  PID:9256
- C:\Windows\System\maFIVOu.exe
  C:\Windows\System\maFIVOu.exe
  2⤵
  PID:9272
- C:\Windows\System\dtjihbq.exe
  C:\Windows\System\dtjihbq.exe
  2⤵
  PID:9288
- C:\Windows\System\qmxVWyk.exe
  C:\Windows\System\qmxVWyk.exe
  2⤵
  PID:9304
- C:\Windows\System\yRGtmsZ.exe
  C:\Windows\System\yRGtmsZ.exe
  2⤵
  PID:9332
- C:\Windows\System\xCyKbGa.exe
  C:\Windows\System\xCyKbGa.exe
  2⤵
  PID:9348
- C:\Windows\System\FCwjFVN.exe
  C:\Windows\System\FCwjFVN.exe
  2⤵
  PID:9372
- C:\Windows\System\jIOkiSZ.exe
  C:\Windows\System\jIOkiSZ.exe
  2⤵
  PID:9388
- C:\Windows\System\HyAyyNb.exe
  C:\Windows\System\HyAyyNb.exe
  2⤵
  PID:9408
- C:\Windows\System\pwFRfxr.exe
  C:\Windows\System\pwFRfxr.exe
  2⤵
  PID:9428
- C:\Windows\System\OHpFCIb.exe
  C:\Windows\System\OHpFCIb.exe
  2⤵
  PID:9464
- C:\Windows\System\TsusXTm.exe
  C:\Windows\System\TsusXTm.exe
  2⤵
  PID:9480
- C:\Windows\System\jNjXtCm.exe
  C:\Windows\System\jNjXtCm.exe
  2⤵
  PID:9504
- C:\Windows\System\Gwdopyd.exe
  C:\Windows\System\Gwdopyd.exe
  2⤵
  PID:9520
- C:\Windows\System\IPGanZB.exe
  C:\Windows\System\IPGanZB.exe
  2⤵
  PID:9536
- C:\Windows\System\CELGfDb.exe
  C:\Windows\System\CELGfDb.exe
  2⤵
  PID:9552
- C:\Windows\System\NHCCSsS.exe
  C:\Windows\System\NHCCSsS.exe
  2⤵
  PID:9568
- C:\Windows\System\KUyzhNn.exe
  C:\Windows\System\KUyzhNn.exe
  2⤵
  PID:9592
- C:\Windows\System\SbLlJVk.exe
  C:\Windows\System\SbLlJVk.exe
  2⤵
  PID:9612
- C:\Windows\System\cGPSBaO.exe
  C:\Windows\System\cGPSBaO.exe
  2⤵
  PID:9636
- C:\Windows\System\WsshRzY.exe
  C:\Windows\System\WsshRzY.exe
  2⤵
  PID:9652
- C:\Windows\System\FgLWScp.exe
  C:\Windows\System\FgLWScp.exe
  2⤵
  PID:9684
- C:\Windows\System\VQVGgDG.exe
  C:\Windows\System\VQVGgDG.exe
  2⤵
  PID:9704
- C:\Windows\System\ewYesem.exe
  C:\Windows\System\ewYesem.exe
  2⤵
  PID:9724
- C:\Windows\System\PYuePBN.exe
  C:\Windows\System\PYuePBN.exe
  2⤵
  PID:9740
- C:\Windows\System\MqfeXOF.exe
  C:\Windows\System\MqfeXOF.exe
  2⤵
  PID:9756
- C:\Windows\System\bWSnWdK.exe
  C:\Windows\System\bWSnWdK.exe
  2⤵
  PID:9784
- C:\Windows\System\BsHNJWE.exe
  C:\Windows\System\BsHNJWE.exe
  2⤵
  PID:9800
- C:\Windows\System\yGQTVWA.exe
  C:\Windows\System\yGQTVWA.exe
  2⤵
  PID:9828
- C:\Windows\System\OhGVNdb.exe
  C:\Windows\System\OhGVNdb.exe
  2⤵
  PID:9848
- C:\Windows\System\OBiURmy.exe
  C:\Windows\System\OBiURmy.exe
  2⤵
  PID:9864
- C:\Windows\System\jdysPZE.exe
  C:\Windows\System\jdysPZE.exe
  2⤵
  PID:9880
- C:\Windows\System\EeYDtsG.exe
  C:\Windows\System\EeYDtsG.exe
  2⤵
  PID:9896
- C:\Windows\System\AHGqFBg.exe
  C:\Windows\System\AHGqFBg.exe
  2⤵
  PID:9920
- C:\Windows\System\McSeKZx.exe
  C:\Windows\System\McSeKZx.exe
  2⤵
  PID:9940
- C:\Windows\System\RKofiqz.exe
  C:\Windows\System\RKofiqz.exe
  2⤵
  PID:9956
- C:\Windows\System\HVUgCEk.exe
  C:\Windows\System\HVUgCEk.exe
  2⤵
  PID:9972
- C:\Windows\System\PJWmuin.exe
  C:\Windows\System\PJWmuin.exe
  2⤵
  PID:9992
- C:\Windows\System\jlcnNsx.exe
  C:\Windows\System\jlcnNsx.exe
  2⤵
  PID:10008
- C:\Windows\System\fobxOEo.exe
  C:\Windows\System\fobxOEo.exe
  2⤵
  PID:10028
- C:\Windows\System\BLWGajC.exe
  C:\Windows\System\BLWGajC.exe
  2⤵
  PID:10044
- C:\Windows\System\DDknqpY.exe
  C:\Windows\System\DDknqpY.exe
  2⤵
  PID:10060
- C:\Windows\System\jHliAWY.exe
  C:\Windows\System\jHliAWY.exe
  2⤵
  PID:10076
- C:\Windows\System\YyWTLjE.exe
  C:\Windows\System\YyWTLjE.exe
  2⤵
  PID:10104
- C:\Windows\System\LlXHEjj.exe
  C:\Windows\System\LlXHEjj.exe
  2⤵
  PID:10120
- C:\Windows\System\YnaBJhB.exe
  C:\Windows\System\YnaBJhB.exe
  2⤵
  PID:10168
- C:\Windows\System\EcZFpDh.exe
  C:\Windows\System\EcZFpDh.exe
  2⤵
  PID:10184
- C:\Windows\System\chPWKMC.exe
  C:\Windows\System\chPWKMC.exe
  2⤵
  PID:10200
- C:\Windows\System\UDJpdwp.exe
  C:\Windows\System\UDJpdwp.exe
  2⤵
  PID:10216
- C:\Windows\System\zlHhvyC.exe
  C:\Windows\System\zlHhvyC.exe
  2⤵
  PID:10236
- C:\Windows\System\MiJwqNq.exe
  C:\Windows\System\MiJwqNq.exe
  2⤵
  PID:9220
- C:\Windows\System\ektMgmt.exe
  C:\Windows\System\ektMgmt.exe
  2⤵
  PID:9224
- C:\Windows\System\pRtXzqL.exe
  C:\Windows\System\pRtXzqL.exe
  2⤵
  PID:9300
- C:\Windows\System\ESrTISM.exe
  C:\Windows\System\ESrTISM.exe
  2⤵
  PID:9248
- C:\Windows\System\ITOJPNs.exe
  C:\Windows\System\ITOJPNs.exe
  2⤵
  PID:9360
- C:\Windows\System\QgkfKiG.exe
  C:\Windows\System\QgkfKiG.exe
  2⤵
  PID:9400
- C:\Windows\System\MLvHhHd.exe
  C:\Windows\System\MLvHhHd.exe
  2⤵
  PID:9436
- C:\Windows\System\dnCjZnO.exe
  C:\Windows\System\dnCjZnO.exe
  2⤵
  PID:9452
- C:\Windows\System\EtRinww.exe
  C:\Windows\System\EtRinww.exe
  2⤵
  PID:9476
- C:\Windows\System\VtxWfQa.exe
  C:\Windows\System\VtxWfQa.exe
  2⤵
  PID:9548
- C:\Windows\System\PuGjdVt.exe
  C:\Windows\System\PuGjdVt.exe
  2⤵
  PID:9588
- C:\Windows\System\sbBUrdn.exe
  C:\Windows\System\sbBUrdn.exe
  2⤵
  PID:9628
- C:\Windows\System\MgQFYYa.exe
  C:\Windows\System\MgQFYYa.exe
  2⤵
  PID:9604
- C:\Windows\System\WGPkZbM.exe
  C:\Windows\System\WGPkZbM.exe
  2⤵
  PID:9560
- C:\Windows\System\sjjesou.exe
  C:\Windows\System\sjjesou.exe
  2⤵
  PID:9668
- C:\Windows\System\weUJOJG.exe
  C:\Windows\System\weUJOJG.exe
  2⤵
  PID:9456
- C:\Windows\System\PELZrxE.exe
  C:\Windows\System\PELZrxE.exe
  2⤵
  PID:9720
- C:\Windows\System\RdvBDpl.exe
  C:\Windows\System\RdvBDpl.exe
  2⤵
  PID:9748
- C:\Windows\System\mXgwUeX.exe
  C:\Windows\System\mXgwUeX.exe
  2⤵
  PID:9776
- C:\Windows\System\MzLFMyH.exe
  C:\Windows\System\MzLFMyH.exe
  2⤵
  PID:9808
- C:\Windows\System\eOvkAuW.exe
  C:\Windows\System\eOvkAuW.exe
  2⤵
  PID:9836
- C:\Windows\System\qLKuIRz.exe
  C:\Windows\System\qLKuIRz.exe
  2⤵
  PID:9876
- C:\Windows\System\cjYOSRU.exe
  C:\Windows\System\cjYOSRU.exe
  2⤵
  PID:9908
- C:\Windows\System\wwUkTtI.exe
  C:\Windows\System\wwUkTtI.exe
  2⤵
  PID:9984
- C:\Windows\System\aCNsBHZ.exe
  C:\Windows\System\aCNsBHZ.exe
  2⤵
  PID:9928
- C:\Windows\System\uhBKauV.exe
  C:\Windows\System\uhBKauV.exe
  2⤵
  PID:10056
- C:\Windows\System\VrLCdTj.exe
  C:\Windows\System\VrLCdTj.exe
  2⤵
  PID:10100
- C:\Windows\System\SlMTPcl.exe
  C:\Windows\System\SlMTPcl.exe
  2⤵
  PID:10068
- C:\Windows\System\uKgFiiX.exe
  C:\Windows\System\uKgFiiX.exe
  2⤵
  PID:10132
- C:\Windows\System\exBdybs.exe
  C:\Windows\System\exBdybs.exe
  2⤵
  PID:10000
- C:\Windows\System\AQOjvml.exe
  C:\Windows\System\AQOjvml.exe
  2⤵
  PID:10160
- C:\Windows\System\baHfYmS.exe
  C:\Windows\System\baHfYmS.exe
  2⤵
  PID:10232
- C:\Windows\System\eBggwuk.exe
  C:\Windows\System\eBggwuk.exe
  2⤵
  PID:9236
- C:\Windows\System\UfBdpAA.exe
  C:\Windows\System\UfBdpAA.exe
  2⤵
  PID:10208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AZbvVeC.exe

Filesize
6.0MB

MD5
902bca9eabe3d649efa19a178b55e177

SHA1
9efa352b53707d056659364f84bb73c4a8a70e83

SHA256
5f8e7aecfde57b75a6fbe80d74871b7d1d7678a6f51621dd98ea450e21304344

SHA512
04874250cfd18ca54ed55b0a099d67ff363694ab96dd95e8c3dc3aa4357536305c6243f738e5741324efd6cd67ef37e12efd13d232c254818aa959d912519aa3

Download Submit
C:\Windows\system\ApiULUT.exe

Filesize
6.0MB

MD5
271250c7813efafa76e8d7e01e3cecdf

SHA1
7a795e5392e50626e62a7518a4d4e0b16f5a22d6

SHA256
71a8c26d52a3049d59a54aefed500916d5b215600e374244ec505f6d6e83e840

SHA512
90a8c3c431237bb4a1bcd5c6bea2b7dc764131ecd1cd010d56360d087fd31096d71848d1d372617a4d9a0577f5514f76daab1fc017e8b2f628719e96c8306e58

Download Submit
C:\Windows\system\CLPOuBY.exe

Filesize
6.0MB

MD5
4779dc80b0fbb34790a1bf22f5102c23

SHA1
25777d9a3f673e1eb98c3b71ff512e73d251cfe4

SHA256
0cce0f428274afc4a80b177b1c1819a138b5ca4d2670ee484b57459e157c102d

SHA512
f9b68366529df19dca962373fbca12196477ad463f5e65d24952c4447c0b490779ba63dfdc821532e045f48369bc72f1e2cb660aa343b3acc2d946efec6b5ba0

Download Submit
C:\Windows\system\EbZOKSt.exe

Filesize
6.0MB

MD5
1f3e41071aaa65e130088425698a8d41

SHA1
13afbc7546464e01b1b81955d09d5ad8f38ec179

SHA256
1ad67e6c4a19f3ed49443783663e3d68c84a53e2151da3bc50a3fed69bc323d2

SHA512
f2ee0dea805817fbfac04688a7c538081eb1a80cd04229376276e53f01d6a784350e47a30ff214d6d9aefb8900e93996a6ed219621de0df4c0906cba438cb940

Download Submit
C:\Windows\system\FBFPwLm.exe

Filesize
6.0MB

MD5
f5b0e69c005e1b158f354cd2df778ca0

SHA1
f686640a266beea4bd011066b86f0ff82ba5c297

SHA256
bebd1cfdd228d28931d785393cf4e31003f5d2af54e22e63f175f692e895bba6

SHA512
c5353af7ea7d4c2445655f5527029e0a5d87dbb5444a230fa06d7c39260eb9631b52a6128f4f297d3646108254a6f966ed5e063dd2570dadec558fc69d349afa

Download Submit
C:\Windows\system\GiDseRw.exe

Filesize
6.0MB

MD5
fd2ba62ed1cbde96df4ef6b87fb90650

SHA1
0293ff1a11ef68bd676630cb47c37fa81f59b9d0

SHA256
c557f99955118ba31da152e5467484b216434598209d1f9eca22074a6020838f

SHA512
99eb8652603f2f3bbd8c9a47f9f96ba2abe7a2276b0b3fe8735342b793a11647d266b1040aaead6e3ac707dbfbd3e7f7c605f9f5d7732601aead7e28300fc3a7

Download Submit
C:\Windows\system\HOgZxLS.exe

Filesize
6.0MB

MD5
a67d8e0915799217991c6d7be5b2e064

SHA1
7fcdad6256d01538e4641183cbd48774b74589f9

SHA256
cb978d66ebe7a74a2a9ce55d43c3d52c473ef3b39bbd3411f7736158a3f1bc4b

SHA512
6f5c2dd88f137867cece5c5e7a43b4f2dbbc895e5d5d4c55cd6bb7f33dc58d377023691cd2f0e7d271115cfcfbcc97db5d472c64035bac96c080641ec8df2ddb

Download Submit
C:\Windows\system\JshFlXe.exe

Filesize
6.0MB

MD5
6e6b4390419ac0e10e270761cfe57c43

SHA1
4ff7a7570897e689c753256d27f47429ef2cce19

SHA256
da436b730a29aa50602a9216cfc17d6fee0bcde7b303ba27085de714fa4d873e

SHA512
61113280ed2b1ba1b74223e36ec557174e2e4d95783a5d67680371e0d1609bba035e3dd3a55d799fad5b5c8131b786301cd7ea18edea599cb9b959ccae810436

Download Submit
C:\Windows\system\MQtLdjk.exe

Filesize
6.0MB

MD5
c1f0f1633ed05761a8791c7795778c6c

SHA1
f18783435bdbc37d7f5c9da0d2c479b98cf87f06

SHA256
39552e8ac6d710229a8a3ef1520f1559d8d96d9e2cab014fc0e4194fa4ca3f73

SHA512
8205a2c487fed5c445ca8f90c59bf23c0444015767e98fd2effe46cc938e372020d85e0e6d455f0ac8b2c49909ddc172077eac6e0805100a5be4f42bb9f719e4

Download Submit
C:\Windows\system\NyTrNoF.exe

Filesize
6.0MB

MD5
244f29f5f5bb53f304c2b2938dcad69e

SHA1
f64606eada0f8d582c14dba12d61b5a6248aaabc

SHA256
2bff9be78e2a9193637e82eb6a7edacae3d36bc17b1d90f3a00cb0b96c1cbfdd

SHA512
28f29df679e2220c6490fb0c6ce58c499943fd36068b1281936a330835c44e962bb561a32857e6f641e0b5bc98b546ea81763faa63614ab0e784c38b6a463f91

Download Submit
C:\Windows\system\PABJsfc.exe

Filesize
6.0MB

MD5
791e44e24cc1fe9d38aa3e23405b7bc3

SHA1
773747510ccb71e0e639a5bd59d449bceec7d46c

SHA256
cbba4b493df0a4149e4ea72e4b4563c6ff0ddb964b62e16960031b29d79c8cef

SHA512
1a1d2167670394c75fb479a8992b90c175172722dd82c59492523696a0522f539e3aef392fd9eb8260eab2f2adfa72d013d9660475f6b843d994ee66227ad444

Download Submit
C:\Windows\system\PaFbkJA.exe

Filesize
6.0MB

MD5
1fd8f2b484e7aae8057837e902ad3a15

SHA1
ec452fb5c0255918425fe7555dd40a12af923218

SHA256
f43d5962d357f730619267ea49f060851d74566a50678988f61df5f8bcdad9ac

SHA512
0e08306ec7133915288610781deac8c3f5a485950419926b4f044e3f2d5f940ba2e7c74106ff61d0fed72be3cf252d7fd32ae7afb913f79172399aa7bb0d1357

Download Submit
C:\Windows\system\QoYRWws.exe

Filesize
6.0MB

MD5
1b73a72394153549aa06e74904bb12ab

SHA1
5c3b931a381adab91e4b046f9bd04869c9d002db

SHA256
08752462e466b6b66602287a14c76381abac4de9105e22cdb9e80ac5f4c0129b

SHA512
38e4c8027ff22f90f75a59289e405e4fc09a034be1e8598719b36e8b9d1b2540562cb3618adb9d7297251ed907983d66828ce4c6559174e4e998ac12a76eadb5

Download Submit
C:\Windows\system\UXEtgAG.exe

Filesize
6.0MB

MD5
28de58c62fac1ef074b93e0fe038ed22

SHA1
7abe00e75a11bf682c26181b9c95f9899135d55a

SHA256
34c839dd862b9fa2e97a80c97d13031383cfdd69050947ebd33a8651d3863790

SHA512
6c4b4befdaaf7b79ee6da5239576d5a358808948cae50a71be37834cea4410a61c47f3a9daa84b0b0dc94ca35ee89b48cb907c5a843ec74298ce8ad55d037548

Download Submit
C:\Windows\system\WgxQfCh.exe

Filesize
6.0MB

MD5
4c66c6d7d76196eb5e05c3ad6680c0a1

SHA1
d185af9ef883096b93819e50333848466ee79c86

SHA256
d10b1996b6eba379f14a4efed19c07ad1bb89e7af800784e387b5cf05db1c07e

SHA512
2d0a9b955842b36f2178992348c05f1364b7e76309071fb170a405f586b93889ae247e3529080d66ad9381bdf0e2e3e35f400ecef91323e1e829a88aa64eacb2

Download Submit
C:\Windows\system\dbCfPce.exe

Filesize
6.0MB

MD5
60a2d8d0281993783c8b19179b69bddc

SHA1
20870c5ef4f6a652a9697657b6ef9c7c8788449a

SHA256
c03ab9572389d71f8a39747385e2315f41075e94d51dfecce48826c000e9bd54

SHA512
0a0eb2d1517576dc8444906493f78c4e3fca36c865432424762b4822d5b4d30d401dbe0f8d8b9ae7687b0ed4fbba0959c02621739ee3fdcb325c68c920fdee35

Download Submit
C:\Windows\system\rUonycl.exe

Filesize
6.0MB

MD5
4aa29c1c7bb5ca8a80c75ef797c3b80c

SHA1
0cd04a7ee3017011559e99c868ac63912f64af20

SHA256
26a09db8a742575dffe9199c98d4fa9c0fdbb6c197b66993315d0e62a3849a63

SHA512
7c0709c8ee08bc2b4055298ce8b4a21d7a1d5b1b5a6e06f601437bab31092bbf36627809dba89e4cbc56d877dd763140da5e113b70c9122def876e39f6781793

Download Submit
C:\Windows\system\rcesRMt.exe

Filesize
6.0MB

MD5
4d4656c7a72facfb9003bd6c13b34d4f

SHA1
1a15a6f7a5d882a0d4aa1fda18ad0c341072a152

SHA256
8bc23e51e71bc617fd4ffa7ac44c1464f26f13bfd9c1bf32eaee7b80d1ec8663

SHA512
6e8aa031eaf69fd458f1bb3b4c6cb6719876504258ffcaf0deea5c111a3fa156f49522623bcec7bca7be318a241d4c7c6ba2a4cdf0e4e100c844a6d47b4f3678

Download Submit
C:\Windows\system\rrWFWug.exe

Filesize
6.0MB

MD5
7ce14e113d11edc72e8036154f566abf

SHA1
4f45eb29515ab3d968811952c79b0094ba2f6493

SHA256
2ca8874e74440565683c0a65f44a652f90276b8ef820ddd98665f659ee307840

SHA512
0883aa8a81172267d38bca96ba41b5b44aa01ea83d61042d1b1b474ef364edc8e1b821f198b82938ebe23eada9e92dd4923e8b232a905d13ea76cd7eaf7c1442

Download Submit
C:\Windows\system\sqFbqvo.exe

Filesize
6.0MB

MD5
bf439ce1cbc9e91dc0b6ff09c57343eb

SHA1
acd18967c75dc2a4b55afe81ec25e8211eb766ea

SHA256
572491e992eaf7014edc8ca780188493daa053e3cd00db959f42c982be9012cf

SHA512
3a5c1e42b91efc87d8d43576a6c1d7fe1a07ad9d20d2d191c470cb42908be26f8f1976b85065a43d58ab367a88141e80652656afe4ba949da986fafe73b34cdb

Download Submit
C:\Windows\system\uCwczNQ.exe

Filesize
6.0MB

MD5
0c15bcfba71d6577034fb3203c7d686d

SHA1
b4001f1e828bedf04b07ec34e3bb05bc7c1350bb

SHA256
aa31eb2de5ce0a352e74b9bccf6a97402b77e7951d980096c37745312075e020

SHA512
c71b51e8cf741d7be86bf0cac690bde8837cabdfb43f13306263e1cff415d41b4381917b0bfba115e77a5a5e2773d8efd8bc138f6d741e3f8df6b0ec51600a62

Download Submit
C:\Windows\system\uGnAxcm.exe

Filesize
6.0MB

MD5
7503420bdbb8a3dc47e3772201fa294f

SHA1
0acd076c574c06f7d7c6d8065523558566b02498

SHA256
fbaaff9a519e955d373871bc6509a49e9c76e1a236395d9b1eb26563acf93c63

SHA512
18d010fb7d642bc259037b95138e8819265966b415c89bc1009916217c8b3c33ac088342a07726675d7df35b36ab20a3ef98e55c6c7f5c162895567a4491acc3

Download Submit
C:\Windows\system\xcZIQkC.exe

Filesize
6.0MB

MD5
749b921016225703db00c9afc45088d7

SHA1
60ea04a653704a7eb5792d8d0650d3c9de68b365

SHA256
05828384f604fbd718b71f39fa62d12210ff755f4d2d1167287e4ca34176c09e

SHA512
6f06d587385ddace85a588fc8e70c2fc6f9db76ddd3cab6c7dfc429f2955d39459aa2d93fa6f84d663eb183c1ee2421420398a518fc6c926e7ca83f8d8731cef

Download Submit
C:\Windows\system\yEIJTCx.exe

Filesize
6.0MB

MD5
aa0587ac758761becb1fd92ee034b270

SHA1
00f0f92d4e4ffa2a719701b8985f0bfb0a2a3e45

SHA256
f2a15fb5115cb491f3f26c7f220a864e4512063adeb1595d2c1dee61ffc8f1de

SHA512
f71d309172e34cf20602d75b745dd55ce524e9db8d8ea671593d756f13b4519d31440b78e3c414f849b2db957d093dc0268d77bd4ef28b771671267a95d38824

Download Submit
\Windows\system\BQCNADI.exe

Filesize
6.0MB

MD5
fda93957d972f3e4e40ab6575875e436

SHA1
39578f9257dbefaf7acd90f7abd8d08fb0c9f10d

SHA256
bc05b33997308c5bc46fa926f4f3017ff7ea7a547ea2d975f6ee78e173ab49ed

SHA512
cd737ef980a929e28e62beb67c4cda6ee12d6fbb8e1c8817a4360609d3a3eaf9d98ee4a9c992eb67f236adcf5cc6b19b6ca47fab0c97f79de09b848e28e93366

Download Submit
\Windows\system\LwLlCNw.exe

Filesize
6.0MB

MD5
ca08b9cbd15a6baed20c96a07591c845

SHA1
042b2b9e9b9ee53cc7e2b6f36d603bc21fef0fd9

SHA256
8d388deaa2084d7817d7563fbbe5e8e225d2e6b0dd5f31249e0458ae7a6f014d

SHA512
1e82e0d1007bbccfa7e0c02b1a924881ffac7bdf4d41f40c7191dc7d261e9e0ae4b3c54eb61a8909755adf69d5658158d8fcd1eaa7aca7808d7fc215cf7aef4b

Download Submit
\Windows\system\TNQNdYD.exe

Filesize
6.0MB

MD5
a24d2f29125f5d5b563161795c26929a

SHA1
76f6397c4b56e93a78f5e760a2e21cc8f8bd7e34

SHA256
09d26aa2f523643138758d92c8ec4d9b698ec448a88893806fa524c95ebb30c5

SHA512
924f51b9bbcbc41877b824ae522a1026717f65595886f6d05a4e2de4932a3cb76f2891e0f99ebf86710da3c05b483b6bfe72cd0cd8dd30513bae8f8273f62438

Download Submit
\Windows\system\VNJEeSc.exe

Filesize
6.0MB

MD5
b00e393a3e7fcc7389190d48db80ffb7

SHA1
b5207136ba75ab3e5184a24a2685837751109bdf

SHA256
140713dade13d47697694da18392e33c553ad226b7b2d17ad34d06b7d97d749e

SHA512
56f71ab91dcf450afeb1a89f05f7e37a46f43f3f4ea2d824711f094f34cc36e78eb235a9dbb6ee52ed6ea05c17eeab1e6460345c193577c9b91753d644cc5999

Download Submit
\Windows\system\flDWYUu.exe

Filesize
6.0MB

MD5
e9752673027c3dee5389ff2de38d9865

SHA1
a50fd95594507a1855982cfce6f41fe6dd6dd6e4

SHA256
c49a2612768389551bd947b10e05116df68163a894bc5475f6a24da3ec5b19ec

SHA512
8f4fc036e52fbe539197b0053df18ebd366159cffae7286d4733b153ef588513239e249f720b891aa11f05e7b74144604f51502aee9baa91375de14ea2df2821

Download Submit
\Windows\system\oDMxyKk.exe

Filesize
6.0MB

MD5
645d7cc16c8ab41dcdd8463ee4e56250

SHA1
f99958404817a2c1e987832703ae693a7accbcfa

SHA256
660ddf5d7e8469c492aa5acea98686aa4a5f77f44d4f4393ec5ee6b911956303

SHA512
e9ca59936dd8e4be90e7c026adea34e0e69d7e31bb51f6bd4b0f1cc5c35ddf51d9817af6cd626da1eea4c65dd88af5b641c52536dbdf7903db8c53a0acc9952a

Download Submit
\Windows\system\xQxqeey.exe

Filesize
6.0MB

MD5
e8b5d99ea96f9d00857d725b3c3d29ad

SHA1
679dd507fc8d2920bb92d19c3ca200d664218820

SHA256
f684e049c94a873ddbba13bdd932768759d67da04994998a1dc2426ecdc29edf

SHA512
cb61f63e6a435d6bee937469d70916ffb366adf6b204ea66b49b07ecef9f260f8c747a77eca121c4c171a8478f0bf945d43a4a2481d37b8630803375da7a7537

Download Submit
\Windows\system\yjJUvOU.exe

Filesize
6.0MB

MD5
b6658fe7ca29fae7c77f8a1d85f106b2

SHA1
796ff6a877fd051f465e01ddc70ea1d5135ee85d

SHA256
0c1f2a193d06ae7aae5ccc163172b297a64711fd34356dcbe240884cd42b612d

SHA512
c0f0980d76cd95c831680e5f3ddb49ed4aa6762193a44d8c8f9a84d2bb85f7195d537590676947674a98c409aacfe7973c9a0f40e2a28c2bb1cb722431f7bb73

Download Submit
memory/1472-4028-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-22-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-4036-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1788-962-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1788-84-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2092-4027-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2092-56-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2092-13-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2224-40-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-4029-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-0-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2232-70-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2232-47-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2232-35-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-146-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2232-141-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-126-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2232-41-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1025-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2232-952-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1229-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2232-16-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2232-118-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-115-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2232-297-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-523-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2232-107-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2232-6-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1026-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2232-74-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2232-953-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2592-4035-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2592-79-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2596-837-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2596-4033-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2596-61-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2652-15-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4026-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2680-4034-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2680-103-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2700-51-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2700-712-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2700-4032-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2716-37-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4030-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-4031-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2788-42-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download