cobaltstrike | 6d17efbda532fe379e2792289e900bac89440857ee7355454df8d0ed3c830815

Analysis

max time kernel
150s
max time network
28s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

aacfd07e3a4e20464557d022775047a6
SHA1

6a21ae97602c0957383181f9165352206390e293
SHA256

6d17efbda532fe379e2792289e900bac89440857ee7355454df8d0ed3c830815
SHA512

7ed62838aec347f35a3ee9bce64c71b10ad3b3f88b44e7be4f98e801fd6d8717943e03f414f9a6ea83b10fcd90e8c550b40d25322372007deb7ffbeb9b79329a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012264-3.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756e-11.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-10.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bb-24.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000016fc9-33.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c3-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b28-56.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b05-52.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b8-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-200.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-95.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b50-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2304-0-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x000c000000012264-3.dat	xmrig
behavioral1/files/0x000900000001756e-11.dat	xmrig
behavioral1/memory/2992-15-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-10.dat	xmrig
behavioral1/memory/2860-14-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2844-22-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x00060000000186bb-24.dat	xmrig
behavioral1/memory/2304-26-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/3032-29-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2860-32-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0014000000016fc9-33.dat	xmrig
behavioral1/files/0x00060000000186c3-37.dat	xmrig
behavioral1/memory/3016-44-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2844-45-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/1184-47-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b28-56.dat	xmrig
behavioral1/memory/2884-53-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2248-60-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b05-52.dat	xmrig
behavioral1/files/0x00070000000193b8-68.dat	xmrig
behavioral1/memory/1032-74-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-84.dat	xmrig
behavioral1/memory/2316-89-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c6-76.dat	xmrig
behavioral1/memory/2304-101-0x00000000024A0000-0x00000000027F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-112.dat	xmrig
behavioral1/files/0x0005000000019761-117.dat	xmrig
behavioral1/files/0x000500000001998d-130.dat	xmrig
behavioral1/memory/1032-143-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf9-148.dat	xmrig
behavioral1/files/0x0005000000019c3c-151.dat	xmrig
behavioral1/files/0x0005000000019e92-174.dat	xmrig
behavioral1/memory/2924-301-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2860-2099-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/3060-1916-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2924-1901-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2688-1892-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2316-1890-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1032-1870-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2696-1855-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2248-1844-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/1184-1834-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2884-1835-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/3016-1818-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/3032-1719-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2844-1555-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2992-1524-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/3060-347-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2304-320-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2316-237-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2688-197-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b6-200.dat	xmrig
behavioral1/files/0x000500000001a049-194.dat	xmrig
behavioral1/files/0x000500000001a03c-189.dat	xmrig
behavioral1/files/0x0005000000019fdd-184.dat	xmrig
behavioral1/files/0x0005000000019fd4-179.dat	xmrig
behavioral1/files/0x0005000000019d6d-169.dat	xmrig
behavioral1/files/0x0005000000019d62-164.dat	xmrig
behavioral1/files/0x0005000000019d61-160.dat	xmrig
behavioral1/files/0x0005000000019bf6-142.dat	xmrig
behavioral1/files/0x0005000000019bf5-138.dat	xmrig
behavioral1/files/0x0005000000019820-127.dat	xmrig
behavioral1/files/0x00050000000197fd-122.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2860	aRNrEuw.exe
2992	xnpoSbg.exe
2844	sxfnoUK.exe
3032	CjZZOfW.exe
3016	fJUJjLK.exe
1184	oMREpnV.exe
2884	GXnJikd.exe
2248	cWvdlyx.exe
2696	EDtpcqP.exe
1032	CeOXsbO.exe
2688	dNplBTl.exe
2316	BFJPGjc.exe
2924	wcLvtVu.exe
3060	KAwbliN.exe
1692	YgNAFZf.exe
1360	ZRmYTVL.exe
2508	uOpdqWH.exe
2664	CxmdGfH.exe
1028	hPYpzyz.exe
1240	xHuGTJR.exe
2208	kZNNYYa.exe
2140	GkRVtqu.exe
2412	HSBbEAh.exe
2076	QUlwqKB.exe
2332	nuvgurF.exe
2288	BSTARaJ.exe
2364	dGdFAHj.exe
2456	TywSlTG.exe
2612	JkxvPoa.exe
600	nvtKnVk.exe
996	CWUrdVf.exe
1428	gtvatcV.exe
1784	UhiYIIN.exe
1548	BLaSFab.exe
1516	tzwTaFF.exe
552	EOWMecr.exe
2800	KkhbXKM.exe
748	YOiVeaq.exe
540	uyhdOIj.exe
1288	JeeRNLj.exe
916	NfQkczs.exe
1936	SucteFq.exe
2388	LSugMOE.exe
1760	UOksomd.exe
2376	INgcEkd.exe
1432	cjtslEb.exe
2524	Oczbzfw.exe
1276	sMaxJVm.exe
2608	FTwtlpp.exe
2660	yfNVbuo.exe
1564	mwAccbh.exe
1672	xUxprEd.exe
2436	TvNCWms.exe
2724	IyFnjnQ.exe
2116	DSjzOvg.exe
2968	gRHuIXK.exe
2184	exQMXxl.exe
2740	EiTWJtz.exe
2748	TrQVxbR.exe
2880	feBpjjK.exe
2560	xsoygDH.exe
872	kgzqaCm.exe
568	cjXCTNK.exe
1748	kuTASDU.exe

Loads dropped DLL 64 IoCs

pid	Process
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2304-0-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x000c000000012264-3.dat	upx
behavioral1/files/0x000900000001756e-11.dat	upx
behavioral1/memory/2992-15-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0002000000018334-10.dat	upx
behavioral1/memory/2860-14-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2844-22-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x00060000000186bb-24.dat	upx
behavioral1/memory/2304-26-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/3032-29-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2860-32-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0014000000016fc9-33.dat	upx
behavioral1/files/0x00060000000186c3-37.dat	upx
behavioral1/memory/3016-44-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2844-45-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/1184-47-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0008000000018b28-56.dat	upx
behavioral1/memory/2884-53-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2248-60-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x0007000000018b05-52.dat	upx
behavioral1/files/0x00070000000193b8-68.dat	upx
behavioral1/memory/1032-74-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-84.dat	upx
behavioral1/memory/2316-89-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x00050000000195c6-76.dat	upx
behavioral1/files/0x000500000001975a-112.dat	upx
behavioral1/files/0x0005000000019761-117.dat	upx
behavioral1/files/0x000500000001998d-130.dat	upx
behavioral1/memory/1032-143-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0005000000019bf9-148.dat	upx
behavioral1/files/0x0005000000019c3c-151.dat	upx
behavioral1/files/0x0005000000019e92-174.dat	upx
behavioral1/memory/2924-301-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2860-2099-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/3060-1916-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2924-1901-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2688-1892-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2316-1890-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1032-1870-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2696-1855-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2248-1844-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/1184-1834-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2884-1835-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/3016-1818-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/3032-1719-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2844-1555-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2992-1524-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/3060-347-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2316-237-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2688-197-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x000500000001a0b6-200.dat	upx
behavioral1/files/0x000500000001a049-194.dat	upx
behavioral1/files/0x000500000001a03c-189.dat	upx
behavioral1/files/0x0005000000019fdd-184.dat	upx
behavioral1/files/0x0005000000019fd4-179.dat	upx
behavioral1/files/0x0005000000019d6d-169.dat	upx
behavioral1/files/0x0005000000019d62-164.dat	upx
behavioral1/files/0x0005000000019d61-160.dat	upx
behavioral1/files/0x0005000000019bf6-142.dat	upx
behavioral1/files/0x0005000000019bf5-138.dat	upx
behavioral1/files/0x0005000000019820-127.dat	upx
behavioral1/files/0x00050000000197fd-122.dat	upx
behavioral1/memory/3060-106-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2696-105-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IkKKntI.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGNtLUd.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLADwiR.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThSbVNK.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEVeplF.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyFlxqL.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxdsBsJ.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UOksomd.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XUeRYRe.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meqvSIM.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXPwUxw.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adQdPSy.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUyoRUU.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqzJnVx.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsRIALI.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvdtkXh.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLtRCKV.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsalcJT.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAPbePQ.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWrJleE.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBBitig.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JcFfeDr.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOODydw.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbwnMwt.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEIEbOa.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIToXjs.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfDNbHE.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQNPytJ.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xsoygDH.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HlChXOi.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOLnzhI.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsctaZD.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvwEgoi.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LoJlBvy.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjHNJXa.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPvfkSC.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilqJvbC.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTRVjIM.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXTxssD.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjFHUmZ.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evcinDY.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNiQPIZ.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DuBDGDF.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OPhpFac.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cIFmrQA.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpSRafo.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTBaVFr.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSVRLxv.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YERWodM.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhaZmuA.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdDcnea.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcLPJMU.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jsbghjv.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSqLZxJ.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwAYIjy.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBhzihS.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSjelUB.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcRPNsZ.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaYvEjL.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYzKLUA.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PrJvTUZ.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpglKll.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUYqCbm.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUKnuiM.exe	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2860	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2304 wrote to memory of 2860	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2304 wrote to memory of 2860	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2304 wrote to memory of 2992	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2304 wrote to memory of 2992	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2304 wrote to memory of 2992	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2304 wrote to memory of 2844	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2304 wrote to memory of 2844	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2304 wrote to memory of 2844	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2304 wrote to memory of 3032	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2304 wrote to memory of 3032	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2304 wrote to memory of 3032	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2304 wrote to memory of 1184	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2304 wrote to memory of 1184	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2304 wrote to memory of 1184	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2304 wrote to memory of 3016	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2304 wrote to memory of 3016	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2304 wrote to memory of 3016	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2304 wrote to memory of 2884	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2304 wrote to memory of 2884	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2304 wrote to memory of 2884	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2304 wrote to memory of 2248	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2304 wrote to memory of 2248	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2304 wrote to memory of 2248	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2304 wrote to memory of 2696	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2304 wrote to memory of 2696	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2304 wrote to memory of 2696	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2304 wrote to memory of 1032	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2304 wrote to memory of 1032	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2304 wrote to memory of 1032	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2304 wrote to memory of 2688	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2304 wrote to memory of 2688	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2304 wrote to memory of 2688	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2304 wrote to memory of 2316	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2304 wrote to memory of 2316	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2304 wrote to memory of 2316	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2304 wrote to memory of 2924	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2304 wrote to memory of 2924	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2304 wrote to memory of 2924	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2304 wrote to memory of 3060	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2304 wrote to memory of 3060	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2304 wrote to memory of 3060	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2304 wrote to memory of 1692	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2304 wrote to memory of 1692	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2304 wrote to memory of 1692	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2304 wrote to memory of 1360	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2304 wrote to memory of 1360	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2304 wrote to memory of 1360	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2304 wrote to memory of 2508	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2304 wrote to memory of 2508	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2304 wrote to memory of 2508	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2304 wrote to memory of 2664	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2304 wrote to memory of 2664	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2304 wrote to memory of 2664	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2304 wrote to memory of 1028	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2304 wrote to memory of 1028	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2304 wrote to memory of 1028	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2304 wrote to memory of 1240	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2304 wrote to memory of 1240	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2304 wrote to memory of 1240	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2304 wrote to memory of 2208	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2304 wrote to memory of 2208	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2304 wrote to memory of 2208	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2304 wrote to memory of 2140	2304	2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_aacfd07e3a4e20464557d022775047a6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\System\aRNrEuw.exe
  C:\Windows\System\aRNrEuw.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\xnpoSbg.exe
  C:\Windows\System\xnpoSbg.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\sxfnoUK.exe
  C:\Windows\System\sxfnoUK.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\CjZZOfW.exe
  C:\Windows\System\CjZZOfW.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\oMREpnV.exe
  C:\Windows\System\oMREpnV.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\fJUJjLK.exe
  C:\Windows\System\fJUJjLK.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\GXnJikd.exe
  C:\Windows\System\GXnJikd.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\cWvdlyx.exe
  C:\Windows\System\cWvdlyx.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\EDtpcqP.exe
  C:\Windows\System\EDtpcqP.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\CeOXsbO.exe
  C:\Windows\System\CeOXsbO.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\dNplBTl.exe
  C:\Windows\System\dNplBTl.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\BFJPGjc.exe
  C:\Windows\System\BFJPGjc.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\wcLvtVu.exe
  C:\Windows\System\wcLvtVu.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\KAwbliN.exe
  C:\Windows\System\KAwbliN.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\YgNAFZf.exe
  C:\Windows\System\YgNAFZf.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ZRmYTVL.exe
  C:\Windows\System\ZRmYTVL.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\uOpdqWH.exe
  C:\Windows\System\uOpdqWH.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\CxmdGfH.exe
  C:\Windows\System\CxmdGfH.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\hPYpzyz.exe
  C:\Windows\System\hPYpzyz.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\xHuGTJR.exe
  C:\Windows\System\xHuGTJR.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\kZNNYYa.exe
  C:\Windows\System\kZNNYYa.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\GkRVtqu.exe
  C:\Windows\System\GkRVtqu.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\HSBbEAh.exe
  C:\Windows\System\HSBbEAh.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\QUlwqKB.exe
  C:\Windows\System\QUlwqKB.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\nuvgurF.exe
  C:\Windows\System\nuvgurF.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\BSTARaJ.exe
  C:\Windows\System\BSTARaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\dGdFAHj.exe
  C:\Windows\System\dGdFAHj.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\TywSlTG.exe
  C:\Windows\System\TywSlTG.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\JkxvPoa.exe
  C:\Windows\System\JkxvPoa.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\nvtKnVk.exe
  C:\Windows\System\nvtKnVk.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\CWUrdVf.exe
  C:\Windows\System\CWUrdVf.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\gtvatcV.exe
  C:\Windows\System\gtvatcV.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\UhiYIIN.exe
  C:\Windows\System\UhiYIIN.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\BLaSFab.exe
  C:\Windows\System\BLaSFab.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\tzwTaFF.exe
  C:\Windows\System\tzwTaFF.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\EOWMecr.exe
  C:\Windows\System\EOWMecr.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\KkhbXKM.exe
  C:\Windows\System\KkhbXKM.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\YOiVeaq.exe
  C:\Windows\System\YOiVeaq.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\uyhdOIj.exe
  C:\Windows\System\uyhdOIj.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\JeeRNLj.exe
  C:\Windows\System\JeeRNLj.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\NfQkczs.exe
  C:\Windows\System\NfQkczs.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\SucteFq.exe
  C:\Windows\System\SucteFq.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\LSugMOE.exe
  C:\Windows\System\LSugMOE.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\UOksomd.exe
  C:\Windows\System\UOksomd.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\INgcEkd.exe
  C:\Windows\System\INgcEkd.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\cjtslEb.exe
  C:\Windows\System\cjtslEb.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\Oczbzfw.exe
  C:\Windows\System\Oczbzfw.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\sMaxJVm.exe
  C:\Windows\System\sMaxJVm.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\FTwtlpp.exe
  C:\Windows\System\FTwtlpp.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\yfNVbuo.exe
  C:\Windows\System\yfNVbuo.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\mwAccbh.exe
  C:\Windows\System\mwAccbh.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\xUxprEd.exe
  C:\Windows\System\xUxprEd.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\TvNCWms.exe
  C:\Windows\System\TvNCWms.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\IyFnjnQ.exe
  C:\Windows\System\IyFnjnQ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\DSjzOvg.exe
  C:\Windows\System\DSjzOvg.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\gRHuIXK.exe
  C:\Windows\System\gRHuIXK.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\exQMXxl.exe
  C:\Windows\System\exQMXxl.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\EiTWJtz.exe
  C:\Windows\System\EiTWJtz.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\TrQVxbR.exe
  C:\Windows\System\TrQVxbR.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\feBpjjK.exe
  C:\Windows\System\feBpjjK.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\xsoygDH.exe
  C:\Windows\System\xsoygDH.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\kgzqaCm.exe
  C:\Windows\System\kgzqaCm.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\cjXCTNK.exe
  C:\Windows\System\cjXCTNK.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\kuTASDU.exe
  C:\Windows\System\kuTASDU.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\JvLQIPK.exe
  C:\Windows\System\JvLQIPK.exe
  2⤵
  PID:820
- C:\Windows\System\YYIOIRY.exe
  C:\Windows\System\YYIOIRY.exe
  2⤵
  PID:2320
- C:\Windows\System\lStAxeN.exe
  C:\Windows\System\lStAxeN.exe
  2⤵
  PID:1528
- C:\Windows\System\qoSpqpF.exe
  C:\Windows\System\qoSpqpF.exe
  2⤵
  PID:2224
- C:\Windows\System\fMynxNf.exe
  C:\Windows\System\fMynxNf.exe
  2⤵
  PID:1820
- C:\Windows\System\UJAPJmW.exe
  C:\Windows\System\UJAPJmW.exe
  2⤵
  PID:2356
- C:\Windows\System\hzysplK.exe
  C:\Windows\System\hzysplK.exe
  2⤵
  PID:2328
- C:\Windows\System\rkhZLGl.exe
  C:\Windows\System\rkhZLGl.exe
  2⤵
  PID:316
- C:\Windows\System\eFBOlzn.exe
  C:\Windows\System\eFBOlzn.exe
  2⤵
  PID:1392
- C:\Windows\System\GwLRRHY.exe
  C:\Windows\System\GwLRRHY.exe
  2⤵
  PID:808
- C:\Windows\System\xzXManY.exe
  C:\Windows\System\xzXManY.exe
  2⤵
  PID:1872
- C:\Windows\System\NldnZpG.exe
  C:\Windows\System\NldnZpG.exe
  2⤵
  PID:1480
- C:\Windows\System\MnqfMre.exe
  C:\Windows\System\MnqfMre.exe
  2⤵
  PID:1712
- C:\Windows\System\lTNBeIS.exe
  C:\Windows\System\lTNBeIS.exe
  2⤵
  PID:796
- C:\Windows\System\UZckzQQ.exe
  C:\Windows\System\UZckzQQ.exe
  2⤵
  PID:1364
- C:\Windows\System\ollEcJk.exe
  C:\Windows\System\ollEcJk.exe
  2⤵
  PID:1700
- C:\Windows\System\aRtZGAr.exe
  C:\Windows\System\aRtZGAr.exe
  2⤵
  PID:2444
- C:\Windows\System\HszVJWR.exe
  C:\Windows\System\HszVJWR.exe
  2⤵
  PID:2008
- C:\Windows\System\wMqOjiP.exe
  C:\Windows\System\wMqOjiP.exe
  2⤵
  PID:1384
- C:\Windows\System\buTICfM.exe
  C:\Windows\System\buTICfM.exe
  2⤵
  PID:2020
- C:\Windows\System\CrHFYJF.exe
  C:\Windows\System\CrHFYJF.exe
  2⤵
  PID:2152
- C:\Windows\System\DkrDffd.exe
  C:\Windows\System\DkrDffd.exe
  2⤵
  PID:2652
- C:\Windows\System\fCCCQsB.exe
  C:\Windows\System\fCCCQsB.exe
  2⤵
  PID:2344
- C:\Windows\System\IwlGGPs.exe
  C:\Windows\System\IwlGGPs.exe
  2⤵
  PID:2856
- C:\Windows\System\CdhFBfE.exe
  C:\Windows\System\CdhFBfE.exe
  2⤵
  PID:2984
- C:\Windows\System\LjGlYvG.exe
  C:\Windows\System\LjGlYvG.exe
  2⤵
  PID:3012
- C:\Windows\System\qnajcYW.exe
  C:\Windows\System\qnajcYW.exe
  2⤵
  PID:2484
- C:\Windows\System\wDTbGhP.exe
  C:\Windows\System\wDTbGhP.exe
  2⤵
  PID:2896
- C:\Windows\System\GqCpcLM.exe
  C:\Windows\System\GqCpcLM.exe
  2⤵
  PID:2828
- C:\Windows\System\DCsgnDo.exe
  C:\Windows\System\DCsgnDo.exe
  2⤵
  PID:1616
- C:\Windows\System\mPYjYKy.exe
  C:\Windows\System\mPYjYKy.exe
  2⤵
  PID:3048
- C:\Windows\System\bDcXjUb.exe
  C:\Windows\System\bDcXjUb.exe
  2⤵
  PID:3052
- C:\Windows\System\xodaDal.exe
  C:\Windows\System\xodaDal.exe
  2⤵
  PID:2416
- C:\Windows\System\vxLjrbW.exe
  C:\Windows\System\vxLjrbW.exe
  2⤵
  PID:836
- C:\Windows\System\haIOnTj.exe
  C:\Windows\System\haIOnTj.exe
  2⤵
  PID:468
- C:\Windows\System\WVEiyMQ.exe
  C:\Windows\System\WVEiyMQ.exe
  2⤵
  PID:2200
- C:\Windows\System\yBKexFO.exe
  C:\Windows\System\yBKexFO.exe
  2⤵
  PID:604
- C:\Windows\System\UvXFPjI.exe
  C:\Windows\System\UvXFPjI.exe
  2⤵
  PID:2540
- C:\Windows\System\CFzQiRN.exe
  C:\Windows\System\CFzQiRN.exe
  2⤵
  PID:964
- C:\Windows\System\LSHUrvG.exe
  C:\Windows\System\LSHUrvG.exe
  2⤵
  PID:928
- C:\Windows\System\MQTwaMY.exe
  C:\Windows\System\MQTwaMY.exe
  2⤵
  PID:1968
- C:\Windows\System\UIUbNKh.exe
  C:\Windows\System\UIUbNKh.exe
  2⤵
  PID:1680
- C:\Windows\System\gPbnUGc.exe
  C:\Windows\System\gPbnUGc.exe
  2⤵
  PID:2260
- C:\Windows\System\IazfEIT.exe
  C:\Windows\System\IazfEIT.exe
  2⤵
  PID:2640
- C:\Windows\System\YTkyAhc.exe
  C:\Windows\System\YTkyAhc.exe
  2⤵
  PID:2656
- C:\Windows\System\nRddAzA.exe
  C:\Windows\System\nRddAzA.exe
  2⤵
  PID:2972
- C:\Windows\System\QSLxwgb.exe
  C:\Windows\System\QSLxwgb.exe
  2⤵
  PID:2872
- C:\Windows\System\tVmydyx.exe
  C:\Windows\System\tVmydyx.exe
  2⤵
  PID:2720
- C:\Windows\System\TLlXVmz.exe
  C:\Windows\System\TLlXVmz.exe
  2⤵
  PID:2792
- C:\Windows\System\xwoJKHF.exe
  C:\Windows\System\xwoJKHF.exe
  2⤵
  PID:2396
- C:\Windows\System\pgIPwfM.exe
  C:\Windows\System\pgIPwfM.exe
  2⤵
  PID:632
- C:\Windows\System\xwepCoa.exe
  C:\Windows\System\xwepCoa.exe
  2⤵
  PID:2160
- C:\Windows\System\ORDSMEI.exe
  C:\Windows\System\ORDSMEI.exe
  2⤵
  PID:572
- C:\Windows\System\DrXjtmQ.exe
  C:\Windows\System\DrXjtmQ.exe
  2⤵
  PID:3092
- C:\Windows\System\TRvhzCQ.exe
  C:\Windows\System\TRvhzCQ.exe
  2⤵
  PID:3112
- C:\Windows\System\sYlPYTn.exe
  C:\Windows\System\sYlPYTn.exe
  2⤵
  PID:3132
- C:\Windows\System\xWFVLFr.exe
  C:\Windows\System\xWFVLFr.exe
  2⤵
  PID:3152
- C:\Windows\System\IzWQTYO.exe
  C:\Windows\System\IzWQTYO.exe
  2⤵
  PID:3172
- C:\Windows\System\pMpIDZl.exe
  C:\Windows\System\pMpIDZl.exe
  2⤵
  PID:3192
- C:\Windows\System\AamUZIb.exe
  C:\Windows\System\AamUZIb.exe
  2⤵
  PID:3212
- C:\Windows\System\BoyTZNB.exe
  C:\Windows\System\BoyTZNB.exe
  2⤵
  PID:3232
- C:\Windows\System\JmpjuAe.exe
  C:\Windows\System\JmpjuAe.exe
  2⤵
  PID:3252
- C:\Windows\System\mJkDsgj.exe
  C:\Windows\System\mJkDsgj.exe
  2⤵
  PID:3272
- C:\Windows\System\hAMeKfg.exe
  C:\Windows\System\hAMeKfg.exe
  2⤵
  PID:3296
- C:\Windows\System\BIToXjs.exe
  C:\Windows\System\BIToXjs.exe
  2⤵
  PID:3320
- C:\Windows\System\OEryGFy.exe
  C:\Windows\System\OEryGFy.exe
  2⤵
  PID:3340
- C:\Windows\System\hEQtiTu.exe
  C:\Windows\System\hEQtiTu.exe
  2⤵
  PID:3360
- C:\Windows\System\CIdxOnk.exe
  C:\Windows\System\CIdxOnk.exe
  2⤵
  PID:3380
- C:\Windows\System\otGSNcK.exe
  C:\Windows\System\otGSNcK.exe
  2⤵
  PID:3400
- C:\Windows\System\CkKVlty.exe
  C:\Windows\System\CkKVlty.exe
  2⤵
  PID:3420
- C:\Windows\System\oRbNyxj.exe
  C:\Windows\System\oRbNyxj.exe
  2⤵
  PID:3440
- C:\Windows\System\dLfmqBq.exe
  C:\Windows\System\dLfmqBq.exe
  2⤵
  PID:3460
- C:\Windows\System\ZmzJNkm.exe
  C:\Windows\System\ZmzJNkm.exe
  2⤵
  PID:3480
- C:\Windows\System\OJzjLxg.exe
  C:\Windows\System\OJzjLxg.exe
  2⤵
  PID:3500
- C:\Windows\System\TMcUwRp.exe
  C:\Windows\System\TMcUwRp.exe
  2⤵
  PID:3520
- C:\Windows\System\NoXxCkQ.exe
  C:\Windows\System\NoXxCkQ.exe
  2⤵
  PID:3540
- C:\Windows\System\vHgwEzX.exe
  C:\Windows\System\vHgwEzX.exe
  2⤵
  PID:3560
- C:\Windows\System\dUfNeDX.exe
  C:\Windows\System\dUfNeDX.exe
  2⤵
  PID:3580
- C:\Windows\System\BocTzYN.exe
  C:\Windows\System\BocTzYN.exe
  2⤵
  PID:3600
- C:\Windows\System\bGNuqQX.exe
  C:\Windows\System\bGNuqQX.exe
  2⤵
  PID:3620
- C:\Windows\System\GRDdeSj.exe
  C:\Windows\System\GRDdeSj.exe
  2⤵
  PID:3640
- C:\Windows\System\BHrfhSd.exe
  C:\Windows\System\BHrfhSd.exe
  2⤵
  PID:3664
- C:\Windows\System\XCZcrlQ.exe
  C:\Windows\System\XCZcrlQ.exe
  2⤵
  PID:3684
- C:\Windows\System\dDZyXVr.exe
  C:\Windows\System\dDZyXVr.exe
  2⤵
  PID:3704
- C:\Windows\System\LoUxdYZ.exe
  C:\Windows\System\LoUxdYZ.exe
  2⤵
  PID:3724
- C:\Windows\System\tCChYwr.exe
  C:\Windows\System\tCChYwr.exe
  2⤵
  PID:3748
- C:\Windows\System\sMSRDHF.exe
  C:\Windows\System\sMSRDHF.exe
  2⤵
  PID:3768
- C:\Windows\System\XhaZmuA.exe
  C:\Windows\System\XhaZmuA.exe
  2⤵
  PID:3788
- C:\Windows\System\mCBKzvD.exe
  C:\Windows\System\mCBKzvD.exe
  2⤵
  PID:3808
- C:\Windows\System\EfSfIPd.exe
  C:\Windows\System\EfSfIPd.exe
  2⤵
  PID:3828
- C:\Windows\System\uYKHMLG.exe
  C:\Windows\System\uYKHMLG.exe
  2⤵
  PID:3848
- C:\Windows\System\dWXitSV.exe
  C:\Windows\System\dWXitSV.exe
  2⤵
  PID:3868
- C:\Windows\System\WUyoRUU.exe
  C:\Windows\System\WUyoRUU.exe
  2⤵
  PID:3888
- C:\Windows\System\osptohc.exe
  C:\Windows\System\osptohc.exe
  2⤵
  PID:3908
- C:\Windows\System\OediVIU.exe
  C:\Windows\System\OediVIU.exe
  2⤵
  PID:3928
- C:\Windows\System\JpsWABs.exe
  C:\Windows\System\JpsWABs.exe
  2⤵
  PID:3948
- C:\Windows\System\QquIxod.exe
  C:\Windows\System\QquIxod.exe
  2⤵
  PID:3968
- C:\Windows\System\VxsqaCK.exe
  C:\Windows\System\VxsqaCK.exe
  2⤵
  PID:3988
- C:\Windows\System\cSoWlar.exe
  C:\Windows\System\cSoWlar.exe
  2⤵
  PID:4012
- C:\Windows\System\MSrjZgl.exe
  C:\Windows\System\MSrjZgl.exe
  2⤵
  PID:4032
- C:\Windows\System\BxCSEuK.exe
  C:\Windows\System\BxCSEuK.exe
  2⤵
  PID:4052
- C:\Windows\System\QLFMqIG.exe
  C:\Windows\System\QLFMqIG.exe
  2⤵
  PID:4072
- C:\Windows\System\xKjJJJJ.exe
  C:\Windows\System\xKjJJJJ.exe
  2⤵
  PID:4092
- C:\Windows\System\EXXbfgC.exe
  C:\Windows\System\EXXbfgC.exe
  2⤵
  PID:1272
- C:\Windows\System\njrrwRT.exe
  C:\Windows\System\njrrwRT.exe
  2⤵
  PID:2712
- C:\Windows\System\gpwGFxV.exe
  C:\Windows\System\gpwGFxV.exe
  2⤵
  PID:2324
- C:\Windows\System\UFlMgVq.exe
  C:\Windows\System\UFlMgVq.exe
  2⤵
  PID:936
- C:\Windows\System\hYTRznJ.exe
  C:\Windows\System\hYTRznJ.exe
  2⤵
  PID:3020
- C:\Windows\System\WhNyUNc.exe
  C:\Windows\System\WhNyUNc.exe
  2⤵
  PID:2988
- C:\Windows\System\LNCptOA.exe
  C:\Windows\System\LNCptOA.exe
  2⤵
  PID:2564
- C:\Windows\System\CbAyASR.exe
  C:\Windows\System\CbAyASR.exe
  2⤵
  PID:2944
- C:\Windows\System\lRNopBt.exe
  C:\Windows\System\lRNopBt.exe
  2⤵
  PID:2480
- C:\Windows\System\FsPQMuJ.exe
  C:\Windows\System\FsPQMuJ.exe
  2⤵
  PID:3108
- C:\Windows\System\DpSRafo.exe
  C:\Windows\System\DpSRafo.exe
  2⤵
  PID:3140
- C:\Windows\System\mXIsRRg.exe
  C:\Windows\System\mXIsRRg.exe
  2⤵
  PID:3144
- C:\Windows\System\iHRTXdT.exe
  C:\Windows\System\iHRTXdT.exe
  2⤵
  PID:3184
- C:\Windows\System\pGoLHxZ.exe
  C:\Windows\System\pGoLHxZ.exe
  2⤵
  PID:3228
- C:\Windows\System\DyArZNI.exe
  C:\Windows\System\DyArZNI.exe
  2⤵
  PID:3240
- C:\Windows\System\sXOsIyg.exe
  C:\Windows\System\sXOsIyg.exe
  2⤵
  PID:3264
- C:\Windows\System\NiTJMlW.exe
  C:\Windows\System\NiTJMlW.exe
  2⤵
  PID:3292
- C:\Windows\System\NKAtOpm.exe
  C:\Windows\System\NKAtOpm.exe
  2⤵
  PID:3332
- C:\Windows\System\SgpiFUp.exe
  C:\Windows\System\SgpiFUp.exe
  2⤵
  PID:3396
- C:\Windows\System\zpVIGCB.exe
  C:\Windows\System\zpVIGCB.exe
  2⤵
  PID:3428
- C:\Windows\System\yddbWSs.exe
  C:\Windows\System\yddbWSs.exe
  2⤵
  PID:3432
- C:\Windows\System\sARgHtg.exe
  C:\Windows\System\sARgHtg.exe
  2⤵
  PID:3476
- C:\Windows\System\KPgcheF.exe
  C:\Windows\System\KPgcheF.exe
  2⤵
  PID:3508
- C:\Windows\System\lpbUFUT.exe
  C:\Windows\System\lpbUFUT.exe
  2⤵
  PID:3556
- C:\Windows\System\URYtKyV.exe
  C:\Windows\System\URYtKyV.exe
  2⤵
  PID:3588
- C:\Windows\System\JPRLgLq.exe
  C:\Windows\System\JPRLgLq.exe
  2⤵
  PID:3608
- C:\Windows\System\HWRvZfV.exe
  C:\Windows\System\HWRvZfV.exe
  2⤵
  PID:3632
- C:\Windows\System\LdiQERp.exe
  C:\Windows\System\LdiQERp.exe
  2⤵
  PID:3660
- C:\Windows\System\iaRfraf.exe
  C:\Windows\System\iaRfraf.exe
  2⤵
  PID:3716
- C:\Windows\System\EaCrGeD.exe
  C:\Windows\System\EaCrGeD.exe
  2⤵
  PID:3764
- C:\Windows\System\gJRujEG.exe
  C:\Windows\System\gJRujEG.exe
  2⤵
  PID:3776
- C:\Windows\System\BRyCmGw.exe
  C:\Windows\System\BRyCmGw.exe
  2⤵
  PID:3816
- C:\Windows\System\tFtcVZO.exe
  C:\Windows\System\tFtcVZO.exe
  2⤵
  PID:3840
- C:\Windows\System\VwaAPFt.exe
  C:\Windows\System\VwaAPFt.exe
  2⤵
  PID:3860
- C:\Windows\System\sLTnhRJ.exe
  C:\Windows\System\sLTnhRJ.exe
  2⤵
  PID:3904
- C:\Windows\System\YKxZbNT.exe
  C:\Windows\System\YKxZbNT.exe
  2⤵
  PID:3940
- C:\Windows\System\mhCPTmm.exe
  C:\Windows\System\mhCPTmm.exe
  2⤵
  PID:4008
- C:\Windows\System\AnCZFKb.exe
  C:\Windows\System\AnCZFKb.exe
  2⤵
  PID:4040
- C:\Windows\System\ZnXRNSn.exe
  C:\Windows\System\ZnXRNSn.exe
  2⤵
  PID:2836
- C:\Windows\System\uWKaSjB.exe
  C:\Windows\System\uWKaSjB.exe
  2⤵
  PID:4064
- C:\Windows\System\HbIcEMc.exe
  C:\Windows\System\HbIcEMc.exe
  2⤵
  PID:1620
- C:\Windows\System\STiosha.exe
  C:\Windows\System\STiosha.exe
  2⤵
  PID:1056
- C:\Windows\System\navuBRv.exe
  C:\Windows\System\navuBRv.exe
  2⤵
  PID:2380
- C:\Windows\System\wHunhOA.exe
  C:\Windows\System\wHunhOA.exe
  2⤵
  PID:2956
- C:\Windows\System\sPEOETK.exe
  C:\Windows\System\sPEOETK.exe
  2⤵
  PID:2620
- C:\Windows\System\PqtDGeP.exe
  C:\Windows\System\PqtDGeP.exe
  2⤵
  PID:3100
- C:\Windows\System\jSPVHNE.exe
  C:\Windows\System\jSPVHNE.exe
  2⤵
  PID:3088
- C:\Windows\System\BJrqxTl.exe
  C:\Windows\System\BJrqxTl.exe
  2⤵
  PID:2760
- C:\Windows\System\jNlNqrp.exe
  C:\Windows\System\jNlNqrp.exe
  2⤵
  PID:3244
- C:\Windows\System\fBPJnbx.exe
  C:\Windows\System\fBPJnbx.exe
  2⤵
  PID:3260
- C:\Windows\System\bUtKhwe.exe
  C:\Windows\System\bUtKhwe.exe
  2⤵
  PID:3356
- C:\Windows\System\MoCDNRE.exe
  C:\Windows\System\MoCDNRE.exe
  2⤵
  PID:3372
- C:\Windows\System\rfhljcZ.exe
  C:\Windows\System\rfhljcZ.exe
  2⤵
  PID:3416
- C:\Windows\System\ciSMnny.exe
  C:\Windows\System\ciSMnny.exe
  2⤵
  PID:3496
- C:\Windows\System\ZMbNJPr.exe
  C:\Windows\System\ZMbNJPr.exe
  2⤵
  PID:3568
- C:\Windows\System\frVkUdb.exe
  C:\Windows\System\frVkUdb.exe
  2⤵
  PID:3676
- C:\Windows\System\SywtHdK.exe
  C:\Windows\System\SywtHdK.exe
  2⤵
  PID:3692
- C:\Windows\System\uKNYWnA.exe
  C:\Windows\System\uKNYWnA.exe
  2⤵
  PID:3740
- C:\Windows\System\JsclBUB.exe
  C:\Windows\System\JsclBUB.exe
  2⤵
  PID:3804
- C:\Windows\System\ytQzbQF.exe
  C:\Windows\System\ytQzbQF.exe
  2⤵
  PID:3844
- C:\Windows\System\PsYnmgt.exe
  C:\Windows\System\PsYnmgt.exe
  2⤵
  PID:3916
- C:\Windows\System\yGiDXJs.exe
  C:\Windows\System\yGiDXJs.exe
  2⤵
  PID:3960
- C:\Windows\System\ARqzcuH.exe
  C:\Windows\System\ARqzcuH.exe
  2⤵
  PID:4004
- C:\Windows\System\eRMFWGS.exe
  C:\Windows\System\eRMFWGS.exe
  2⤵
  PID:4044
- C:\Windows\System\MznMiQs.exe
  C:\Windows\System\MznMiQs.exe
  2⤵
  PID:2528
- C:\Windows\System\ilqJvbC.exe
  C:\Windows\System\ilqJvbC.exe
  2⤵
  PID:1504
- C:\Windows\System\YbouaaL.exe
  C:\Windows\System\YbouaaL.exe
  2⤵
  PID:2756
- C:\Windows\System\GfqCpTJ.exe
  C:\Windows\System\GfqCpTJ.exe
  2⤵
  PID:3104
- C:\Windows\System\ujlPJpf.exe
  C:\Windows\System\ujlPJpf.exe
  2⤵
  PID:1568
- C:\Windows\System\vrFiZCi.exe
  C:\Windows\System\vrFiZCi.exe
  2⤵
  PID:3208
- C:\Windows\System\rMhwFZE.exe
  C:\Windows\System\rMhwFZE.exe
  2⤵
  PID:3392
- C:\Windows\System\exnimjT.exe
  C:\Windows\System\exnimjT.exe
  2⤵
  PID:3492
- C:\Windows\System\bGITlLW.exe
  C:\Windows\System\bGITlLW.exe
  2⤵
  PID:3532
- C:\Windows\System\EnTdVmq.exe
  C:\Windows\System\EnTdVmq.exe
  2⤵
  PID:3732
- C:\Windows\System\MGMfHQp.exe
  C:\Windows\System\MGMfHQp.exe
  2⤵
  PID:3700
- C:\Windows\System\zHEpeZe.exe
  C:\Windows\System\zHEpeZe.exe
  2⤵
  PID:4112
- C:\Windows\System\zXuhnxz.exe
  C:\Windows\System\zXuhnxz.exe
  2⤵
  PID:4132
- C:\Windows\System\ZQxZWvg.exe
  C:\Windows\System\ZQxZWvg.exe
  2⤵
  PID:4152
- C:\Windows\System\Ajhdrcn.exe
  C:\Windows\System\Ajhdrcn.exe
  2⤵
  PID:4172
- C:\Windows\System\WuFBvar.exe
  C:\Windows\System\WuFBvar.exe
  2⤵
  PID:4192
- C:\Windows\System\JdxQJNe.exe
  C:\Windows\System\JdxQJNe.exe
  2⤵
  PID:4212
- C:\Windows\System\qwJgfpc.exe
  C:\Windows\System\qwJgfpc.exe
  2⤵
  PID:4232
- C:\Windows\System\XxYtcLX.exe
  C:\Windows\System\XxYtcLX.exe
  2⤵
  PID:4252
- C:\Windows\System\nahdRZM.exe
  C:\Windows\System\nahdRZM.exe
  2⤵
  PID:4276
- C:\Windows\System\MxlxBfN.exe
  C:\Windows\System\MxlxBfN.exe
  2⤵
  PID:4296
- C:\Windows\System\FYPDJzQ.exe
  C:\Windows\System\FYPDJzQ.exe
  2⤵
  PID:4316
- C:\Windows\System\bqBsvQM.exe
  C:\Windows\System\bqBsvQM.exe
  2⤵
  PID:4336
- C:\Windows\System\pvbYcvT.exe
  C:\Windows\System\pvbYcvT.exe
  2⤵
  PID:4356
- C:\Windows\System\evcinDY.exe
  C:\Windows\System\evcinDY.exe
  2⤵
  PID:4376
- C:\Windows\System\XQFZIQT.exe
  C:\Windows\System\XQFZIQT.exe
  2⤵
  PID:4396
- C:\Windows\System\HjHNJXa.exe
  C:\Windows\System\HjHNJXa.exe
  2⤵
  PID:4416
- C:\Windows\System\gPDwjeC.exe
  C:\Windows\System\gPDwjeC.exe
  2⤵
  PID:4440
- C:\Windows\System\vyXZEcN.exe
  C:\Windows\System\vyXZEcN.exe
  2⤵
  PID:4460
- C:\Windows\System\izGcvqR.exe
  C:\Windows\System\izGcvqR.exe
  2⤵
  PID:4480
- C:\Windows\System\XzuiFMp.exe
  C:\Windows\System\XzuiFMp.exe
  2⤵
  PID:4500
- C:\Windows\System\tjGmNPM.exe
  C:\Windows\System\tjGmNPM.exe
  2⤵
  PID:4520
- C:\Windows\System\skjnmkb.exe
  C:\Windows\System\skjnmkb.exe
  2⤵
  PID:4540
- C:\Windows\System\VZHaQqI.exe
  C:\Windows\System\VZHaQqI.exe
  2⤵
  PID:4560
- C:\Windows\System\EJLAEjU.exe
  C:\Windows\System\EJLAEjU.exe
  2⤵
  PID:4580
- C:\Windows\System\jIeDjzr.exe
  C:\Windows\System\jIeDjzr.exe
  2⤵
  PID:4600
- C:\Windows\System\coPAmhA.exe
  C:\Windows\System\coPAmhA.exe
  2⤵
  PID:4624
- C:\Windows\System\twklSKj.exe
  C:\Windows\System\twklSKj.exe
  2⤵
  PID:4644
- C:\Windows\System\CAEHnyv.exe
  C:\Windows\System\CAEHnyv.exe
  2⤵
  PID:4664
- C:\Windows\System\ntqjwip.exe
  C:\Windows\System\ntqjwip.exe
  2⤵
  PID:4684
- C:\Windows\System\rwSMPOv.exe
  C:\Windows\System\rwSMPOv.exe
  2⤵
  PID:4704
- C:\Windows\System\gonycfd.exe
  C:\Windows\System\gonycfd.exe
  2⤵
  PID:4724
- C:\Windows\System\XVHfute.exe
  C:\Windows\System\XVHfute.exe
  2⤵
  PID:4744
- C:\Windows\System\bRYHmyp.exe
  C:\Windows\System\bRYHmyp.exe
  2⤵
  PID:4764
- C:\Windows\System\HMWVbag.exe
  C:\Windows\System\HMWVbag.exe
  2⤵
  PID:4784
- C:\Windows\System\tcSmLlz.exe
  C:\Windows\System\tcSmLlz.exe
  2⤵
  PID:4804
- C:\Windows\System\KgOldHO.exe
  C:\Windows\System\KgOldHO.exe
  2⤵
  PID:4828
- C:\Windows\System\bstPRmc.exe
  C:\Windows\System\bstPRmc.exe
  2⤵
  PID:4848
- C:\Windows\System\POVngPd.exe
  C:\Windows\System\POVngPd.exe
  2⤵
  PID:4868
- C:\Windows\System\sGKwSfC.exe
  C:\Windows\System\sGKwSfC.exe
  2⤵
  PID:4888
- C:\Windows\System\JBvWOYI.exe
  C:\Windows\System\JBvWOYI.exe
  2⤵
  PID:4908
- C:\Windows\System\mdmJnZz.exe
  C:\Windows\System\mdmJnZz.exe
  2⤵
  PID:4928
- C:\Windows\System\uOgWoVa.exe
  C:\Windows\System\uOgWoVa.exe
  2⤵
  PID:4952
- C:\Windows\System\FtydNwB.exe
  C:\Windows\System\FtydNwB.exe
  2⤵
  PID:4972
- C:\Windows\System\PRndgNK.exe
  C:\Windows\System\PRndgNK.exe
  2⤵
  PID:4992
- C:\Windows\System\NiayvyE.exe
  C:\Windows\System\NiayvyE.exe
  2⤵
  PID:5012
- C:\Windows\System\pcgCSfO.exe
  C:\Windows\System\pcgCSfO.exe
  2⤵
  PID:5032
- C:\Windows\System\SgBURNX.exe
  C:\Windows\System\SgBURNX.exe
  2⤵
  PID:5052
- C:\Windows\System\UzTKZvo.exe
  C:\Windows\System\UzTKZvo.exe
  2⤵
  PID:5072
- C:\Windows\System\OxnCiso.exe
  C:\Windows\System\OxnCiso.exe
  2⤵
  PID:5092
- C:\Windows\System\PxvSRZC.exe
  C:\Windows\System\PxvSRZC.exe
  2⤵
  PID:5112
- C:\Windows\System\SzZlfWb.exe
  C:\Windows\System\SzZlfWb.exe
  2⤵
  PID:3760
- C:\Windows\System\tZUoNXs.exe
  C:\Windows\System\tZUoNXs.exe
  2⤵
  PID:3920
- C:\Windows\System\DSDhOvO.exe
  C:\Windows\System\DSDhOvO.exe
  2⤵
  PID:4020
- C:\Windows\System\qQOtveE.exe
  C:\Windows\System\qQOtveE.exe
  2⤵
  PID:1332
- C:\Windows\System\zoBGOot.exe
  C:\Windows\System\zoBGOot.exe
  2⤵
  PID:328
- C:\Windows\System\Nxzscpv.exe
  C:\Windows\System\Nxzscpv.exe
  2⤵
  PID:2300
- C:\Windows\System\HVGdDid.exe
  C:\Windows\System\HVGdDid.exe
  2⤵
  PID:3148
- C:\Windows\System\kFtrxso.exe
  C:\Windows\System\kFtrxso.exe
  2⤵
  PID:3412
- C:\Windows\System\yVcATeC.exe
  C:\Windows\System\yVcATeC.exe
  2⤵
  PID:3316
- C:\Windows\System\oEhKcUE.exe
  C:\Windows\System\oEhKcUE.exe
  2⤵
  PID:4108
- C:\Windows\System\mqzJnVx.exe
  C:\Windows\System\mqzJnVx.exe
  2⤵
  PID:4140
- C:\Windows\System\ITXzvSZ.exe
  C:\Windows\System\ITXzvSZ.exe
  2⤵
  PID:4180
- C:\Windows\System\spBwZbn.exe
  C:\Windows\System\spBwZbn.exe
  2⤵
  PID:2772
- C:\Windows\System\UYpeYIL.exe
  C:\Windows\System\UYpeYIL.exe
  2⤵
  PID:4220
- C:\Windows\System\uqnQkkq.exe
  C:\Windows\System\uqnQkkq.exe
  2⤵
  PID:4268
- C:\Windows\System\kpsOZVP.exe
  C:\Windows\System\kpsOZVP.exe
  2⤵
  PID:4304
- C:\Windows\System\lyNpiUJ.exe
  C:\Windows\System\lyNpiUJ.exe
  2⤵
  PID:4344
- C:\Windows\System\hiJWBgS.exe
  C:\Windows\System\hiJWBgS.exe
  2⤵
  PID:4348
- C:\Windows\System\gwLNAlm.exe
  C:\Windows\System\gwLNAlm.exe
  2⤵
  PID:4392
- C:\Windows\System\QoWDTgo.exe
  C:\Windows\System\QoWDTgo.exe
  2⤵
  PID:4408
- C:\Windows\System\gkjiLBV.exe
  C:\Windows\System\gkjiLBV.exe
  2⤵
  PID:4448
- C:\Windows\System\KyeerYa.exe
  C:\Windows\System\KyeerYa.exe
  2⤵
  PID:4488
- C:\Windows\System\FTADpdY.exe
  C:\Windows\System\FTADpdY.exe
  2⤵
  PID:4512
- C:\Windows\System\LfcfHtB.exe
  C:\Windows\System\LfcfHtB.exe
  2⤵
  PID:4532
- C:\Windows\System\BUoLwXG.exe
  C:\Windows\System\BUoLwXG.exe
  2⤵
  PID:4588
- C:\Windows\System\BDkrYWf.exe
  C:\Windows\System\BDkrYWf.exe
  2⤵
  PID:4632
- C:\Windows\System\RrBbVbH.exe
  C:\Windows\System\RrBbVbH.exe
  2⤵
  PID:4672
- C:\Windows\System\LVTXVSo.exe
  C:\Windows\System\LVTXVSo.exe
  2⤵
  PID:4676
- C:\Windows\System\srKWjwU.exe
  C:\Windows\System\srKWjwU.exe
  2⤵
  PID:2576
- C:\Windows\System\JMwkNCU.exe
  C:\Windows\System\JMwkNCU.exe
  2⤵
  PID:4732
- C:\Windows\System\QpslmRg.exe
  C:\Windows\System\QpslmRg.exe
  2⤵
  PID:4772
- C:\Windows\System\RELiznT.exe
  C:\Windows\System\RELiznT.exe
  2⤵
  PID:4776
- C:\Windows\System\DcRPNsZ.exe
  C:\Windows\System\DcRPNsZ.exe
  2⤵
  PID:4824
- C:\Windows\System\XUxlBTY.exe
  C:\Windows\System\XUxlBTY.exe
  2⤵
  PID:4880
- C:\Windows\System\jHUlmvM.exe
  C:\Windows\System\jHUlmvM.exe
  2⤵
  PID:4904
- C:\Windows\System\GzkPWJR.exe
  C:\Windows\System\GzkPWJR.exe
  2⤵
  PID:4936
- C:\Windows\System\BnFzEUj.exe
  C:\Windows\System\BnFzEUj.exe
  2⤵
  PID:4980
- C:\Windows\System\LTGWMsk.exe
  C:\Windows\System\LTGWMsk.exe
  2⤵
  PID:4984
- C:\Windows\System\RuyTHPA.exe
  C:\Windows\System\RuyTHPA.exe
  2⤵
  PID:5020
- C:\Windows\System\yNiQPIZ.exe
  C:\Windows\System\yNiQPIZ.exe
  2⤵
  PID:1720
- C:\Windows\System\XUeRYRe.exe
  C:\Windows\System\XUeRYRe.exe
  2⤵
  PID:5088
- C:\Windows\System\jgkdXRT.exe
  C:\Windows\System\jgkdXRT.exe
  2⤵
  PID:5100
- C:\Windows\System\lPbAoyV.exe
  C:\Windows\System\lPbAoyV.exe
  2⤵
  PID:3976
- C:\Windows\System\xBZoPXb.exe
  C:\Windows\System\xBZoPXb.exe
  2⤵
  PID:4028
- C:\Windows\System\enNzIOQ.exe
  C:\Windows\System\enNzIOQ.exe
  2⤵
  PID:2932
- C:\Windows\System\aRzwoAb.exe
  C:\Windows\System\aRzwoAb.exe
  2⤵
  PID:3124
- C:\Windows\System\drxotjn.exe
  C:\Windows\System\drxotjn.exe
  2⤵
  PID:3572
- C:\Windows\System\TLxcAki.exe
  C:\Windows\System\TLxcAki.exe
  2⤵
  PID:4104
- C:\Windows\System\qGeaCbx.exe
  C:\Windows\System\qGeaCbx.exe
  2⤵
  PID:4124
- C:\Windows\System\ONqYegO.exe
  C:\Windows\System\ONqYegO.exe
  2⤵
  PID:4200
- C:\Windows\System\aEGzsKz.exe
  C:\Windows\System\aEGzsKz.exe
  2⤵
  PID:4284
- C:\Windows\System\lfktCgC.exe
  C:\Windows\System\lfktCgC.exe
  2⤵
  PID:2180
- C:\Windows\System\KVnWvvw.exe
  C:\Windows\System\KVnWvvw.exe
  2⤵
  PID:4328
- C:\Windows\System\yKJfAqU.exe
  C:\Windows\System\yKJfAqU.exe
  2⤵
  PID:4468
- C:\Windows\System\JWhAlbs.exe
  C:\Windows\System\JWhAlbs.exe
  2⤵
  PID:4476
- C:\Windows\System\tsZfXzO.exe
  C:\Windows\System\tsZfXzO.exe
  2⤵
  PID:4536
- C:\Windows\System\gvdckLS.exe
  C:\Windows\System\gvdckLS.exe
  2⤵
  PID:1396
- C:\Windows\System\aVJPeXQ.exe
  C:\Windows\System\aVJPeXQ.exe
  2⤵
  PID:4596
- C:\Windows\System\rTpWwwu.exe
  C:\Windows\System\rTpWwwu.exe
  2⤵
  PID:4700
- C:\Windows\System\vyfwinT.exe
  C:\Windows\System\vyfwinT.exe
  2⤵
  PID:4716
- C:\Windows\System\KEfbTgB.exe
  C:\Windows\System\KEfbTgB.exe
  2⤵
  PID:4752
- C:\Windows\System\lOvjisu.exe
  C:\Windows\System\lOvjisu.exe
  2⤵
  PID:4800
- C:\Windows\System\lJaKOxF.exe
  C:\Windows\System\lJaKOxF.exe
  2⤵
  PID:4876
- C:\Windows\System\nMrocpp.exe
  C:\Windows\System\nMrocpp.exe
  2⤵
  PID:4920
- C:\Windows\System\ksoVDFI.exe
  C:\Windows\System\ksoVDFI.exe
  2⤵
  PID:5048
- C:\Windows\System\bfTNAdl.exe
  C:\Windows\System\bfTNAdl.exe
  2⤵
  PID:5028
- C:\Windows\System\BxkPRsK.exe
  C:\Windows\System\BxkPRsK.exe
  2⤵
  PID:3796
- C:\Windows\System\LVJwUSW.exe
  C:\Windows\System\LVJwUSW.exe
  2⤵
  PID:3880
- C:\Windows\System\gmLPDRv.exe
  C:\Windows\System\gmLPDRv.exe
  2⤵
  PID:3304
- C:\Windows\System\yTmqGnw.exe
  C:\Windows\System\yTmqGnw.exe
  2⤵
  PID:3388
- C:\Windows\System\uneNlPI.exe
  C:\Windows\System\uneNlPI.exe
  2⤵
  PID:3756
- C:\Windows\System\edeDoDp.exe
  C:\Windows\System\edeDoDp.exe
  2⤵
  PID:4260
- C:\Windows\System\EAczBwj.exe
  C:\Windows\System\EAczBwj.exe
  2⤵
  PID:3068
- C:\Windows\System\qLvYizU.exe
  C:\Windows\System\qLvYizU.exe
  2⤵
  PID:4308
- C:\Windows\System\OppsHaD.exe
  C:\Windows\System\OppsHaD.exe
  2⤵
  PID:3036
- C:\Windows\System\rsxAhwe.exe
  C:\Windows\System\rsxAhwe.exe
  2⤵
  PID:4436
- C:\Windows\System\MNkLQsL.exe
  C:\Windows\System\MNkLQsL.exe
  2⤵
  PID:4552
- C:\Windows\System\OZrmuqL.exe
  C:\Windows\System\OZrmuqL.exe
  2⤵
  PID:4616
- C:\Windows\System\biWoDIn.exe
  C:\Windows\System\biWoDIn.exe
  2⤵
  PID:2900
- C:\Windows\System\LKkbOun.exe
  C:\Windows\System\LKkbOun.exe
  2⤵
  PID:4240
- C:\Windows\System\zZlGuGb.exe
  C:\Windows\System\zZlGuGb.exe
  2⤵
  PID:4884
- C:\Windows\System\jASXZHt.exe
  C:\Windows\System\jASXZHt.exe
  2⤵
  PID:4860
- C:\Windows\System\LAawQFp.exe
  C:\Windows\System\LAawQFp.exe
  2⤵
  PID:4960
- C:\Windows\System\CvXVNkI.exe
  C:\Windows\System\CvXVNkI.exe
  2⤵
  PID:5008
- C:\Windows\System\eLXjmym.exe
  C:\Windows\System\eLXjmym.exe
  2⤵
  PID:3864
- C:\Windows\System\Njcgkfb.exe
  C:\Windows\System\Njcgkfb.exe
  2⤵
  PID:3512
- C:\Windows\System\uAsmeMK.exe
  C:\Windows\System\uAsmeMK.exe
  2⤵
  PID:4120
- C:\Windows\System\HgrngLt.exe
  C:\Windows\System\HgrngLt.exe
  2⤵
  PID:4292
- C:\Windows\System\gVBwnJK.exe
  C:\Windows\System\gVBwnJK.exe
  2⤵
  PID:5136
- C:\Windows\System\YCRtXUh.exe
  C:\Windows\System\YCRtXUh.exe
  2⤵
  PID:5156
- C:\Windows\System\ReJpmDG.exe
  C:\Windows\System\ReJpmDG.exe
  2⤵
  PID:5176
- C:\Windows\System\yMulPfz.exe
  C:\Windows\System\yMulPfz.exe
  2⤵
  PID:5196
- C:\Windows\System\jkMnEJw.exe
  C:\Windows\System\jkMnEJw.exe
  2⤵
  PID:5216
- C:\Windows\System\tOuYaCI.exe
  C:\Windows\System\tOuYaCI.exe
  2⤵
  PID:5236
- C:\Windows\System\WGlvGOI.exe
  C:\Windows\System\WGlvGOI.exe
  2⤵
  PID:5260
- C:\Windows\System\osQaIBQ.exe
  C:\Windows\System\osQaIBQ.exe
  2⤵
  PID:5280
- C:\Windows\System\LVsHkBf.exe
  C:\Windows\System\LVsHkBf.exe
  2⤵
  PID:5300
- C:\Windows\System\PzyEHHX.exe
  C:\Windows\System\PzyEHHX.exe
  2⤵
  PID:5320
- C:\Windows\System\xtzHSIL.exe
  C:\Windows\System\xtzHSIL.exe
  2⤵
  PID:5340
- C:\Windows\System\qGNsIYh.exe
  C:\Windows\System\qGNsIYh.exe
  2⤵
  PID:5360
- C:\Windows\System\GUBniFJ.exe
  C:\Windows\System\GUBniFJ.exe
  2⤵
  PID:5380
- C:\Windows\System\ZehVEOS.exe
  C:\Windows\System\ZehVEOS.exe
  2⤵
  PID:5400
- C:\Windows\System\ComTzOE.exe
  C:\Windows\System\ComTzOE.exe
  2⤵
  PID:5420
- C:\Windows\System\hciXrzV.exe
  C:\Windows\System\hciXrzV.exe
  2⤵
  PID:5440
- C:\Windows\System\tZDeXee.exe
  C:\Windows\System\tZDeXee.exe
  2⤵
  PID:5460
- C:\Windows\System\pdxWJYm.exe
  C:\Windows\System\pdxWJYm.exe
  2⤵
  PID:5480
- C:\Windows\System\EnqkfuQ.exe
  C:\Windows\System\EnqkfuQ.exe
  2⤵
  PID:5500
- C:\Windows\System\WKnuPtU.exe
  C:\Windows\System\WKnuPtU.exe
  2⤵
  PID:5520
- C:\Windows\System\MzSTKEC.exe
  C:\Windows\System\MzSTKEC.exe
  2⤵
  PID:5540
- C:\Windows\System\DQKymtp.exe
  C:\Windows\System\DQKymtp.exe
  2⤵
  PID:5560
- C:\Windows\System\SBObcyv.exe
  C:\Windows\System\SBObcyv.exe
  2⤵
  PID:5580
- C:\Windows\System\UphGxTj.exe
  C:\Windows\System\UphGxTj.exe
  2⤵
  PID:5600
- C:\Windows\System\ZBGDcDc.exe
  C:\Windows\System\ZBGDcDc.exe
  2⤵
  PID:5620
- C:\Windows\System\GHYeRuD.exe
  C:\Windows\System\GHYeRuD.exe
  2⤵
  PID:5644
- C:\Windows\System\lzXWduV.exe
  C:\Windows\System\lzXWduV.exe
  2⤵
  PID:5664
- C:\Windows\System\iUSpEkg.exe
  C:\Windows\System\iUSpEkg.exe
  2⤵
  PID:5684
- C:\Windows\System\QCSSTAh.exe
  C:\Windows\System\QCSSTAh.exe
  2⤵
  PID:5704
- C:\Windows\System\CcfdWaG.exe
  C:\Windows\System\CcfdWaG.exe
  2⤵
  PID:5724
- C:\Windows\System\YAAPIfC.exe
  C:\Windows\System\YAAPIfC.exe
  2⤵
  PID:5744
- C:\Windows\System\VsrjtJR.exe
  C:\Windows\System\VsrjtJR.exe
  2⤵
  PID:5764
- C:\Windows\System\KWszggZ.exe
  C:\Windows\System\KWszggZ.exe
  2⤵
  PID:5784
- C:\Windows\System\JjIlOCe.exe
  C:\Windows\System\JjIlOCe.exe
  2⤵
  PID:5804
- C:\Windows\System\ujhWfeD.exe
  C:\Windows\System\ujhWfeD.exe
  2⤵
  PID:5824
- C:\Windows\System\LBSPzRy.exe
  C:\Windows\System\LBSPzRy.exe
  2⤵
  PID:5844
- C:\Windows\System\rzWhkLn.exe
  C:\Windows\System\rzWhkLn.exe
  2⤵
  PID:5864
- C:\Windows\System\dqRuPEE.exe
  C:\Windows\System\dqRuPEE.exe
  2⤵
  PID:5884
- C:\Windows\System\StdWSRM.exe
  C:\Windows\System\StdWSRM.exe
  2⤵
  PID:5904
- C:\Windows\System\AWZCtGB.exe
  C:\Windows\System\AWZCtGB.exe
  2⤵
  PID:5924
- C:\Windows\System\ZunxQby.exe
  C:\Windows\System\ZunxQby.exe
  2⤵
  PID:5944
- C:\Windows\System\KjYFWmB.exe
  C:\Windows\System\KjYFWmB.exe
  2⤵
  PID:5964
- C:\Windows\System\HLalyRh.exe
  C:\Windows\System\HLalyRh.exe
  2⤵
  PID:5984
- C:\Windows\System\uGngmwZ.exe
  C:\Windows\System\uGngmwZ.exe
  2⤵
  PID:6004
- C:\Windows\System\ZimqSDh.exe
  C:\Windows\System\ZimqSDh.exe
  2⤵
  PID:6024
- C:\Windows\System\huxuACH.exe
  C:\Windows\System\huxuACH.exe
  2⤵
  PID:6044
- C:\Windows\System\llKWQnA.exe
  C:\Windows\System\llKWQnA.exe
  2⤵
  PID:6064
- C:\Windows\System\NcRtlae.exe
  C:\Windows\System\NcRtlae.exe
  2⤵
  PID:6084
- C:\Windows\System\VuzTQXC.exe
  C:\Windows\System\VuzTQXC.exe
  2⤵
  PID:6108
- C:\Windows\System\oDfsyzj.exe
  C:\Windows\System\oDfsyzj.exe
  2⤵
  PID:6128
- C:\Windows\System\DiNpJUk.exe
  C:\Windows\System\DiNpJUk.exe
  2⤵
  PID:1704
- C:\Windows\System\tCPSTXB.exe
  C:\Windows\System\tCPSTXB.exe
  2⤵
  PID:4516
- C:\Windows\System\VrFsRYz.exe
  C:\Windows\System\VrFsRYz.exe
  2⤵
  PID:4224
- C:\Windows\System\aTcXYCM.exe
  C:\Windows\System\aTcXYCM.exe
  2⤵
  PID:4620
- C:\Windows\System\HmYFKWq.exe
  C:\Windows\System\HmYFKWq.exe
  2⤵
  PID:3040
- C:\Windows\System\KNpOVjC.exe
  C:\Windows\System\KNpOVjC.exe
  2⤵
  PID:4896
- C:\Windows\System\MDofovb.exe
  C:\Windows\System\MDofovb.exe
  2⤵
  PID:5060
- C:\Windows\System\eIYurbv.exe
  C:\Windows\System\eIYurbv.exe
  2⤵
  PID:1660
- C:\Windows\System\PimvfpH.exe
  C:\Windows\System\PimvfpH.exe
  2⤵
  PID:1588
- C:\Windows\System\qOnTcrK.exe
  C:\Windows\System\qOnTcrK.exe
  2⤵
  PID:4208
- C:\Windows\System\pLQbLiP.exe
  C:\Windows\System\pLQbLiP.exe
  2⤵
  PID:5164
- C:\Windows\System\tAaTMwp.exe
  C:\Windows\System\tAaTMwp.exe
  2⤵
  PID:5192
- C:\Windows\System\yZSvPJF.exe
  C:\Windows\System\yZSvPJF.exe
  2⤵
  PID:5244
- C:\Windows\System\HXtKTNA.exe
  C:\Windows\System\HXtKTNA.exe
  2⤵
  PID:5252
- C:\Windows\System\BdCWDdH.exe
  C:\Windows\System\BdCWDdH.exe
  2⤵
  PID:5296
- C:\Windows\System\EfPbILj.exe
  C:\Windows\System\EfPbILj.exe
  2⤵
  PID:5312
- C:\Windows\System\XaOqcmp.exe
  C:\Windows\System\XaOqcmp.exe
  2⤵
  PID:5348
- C:\Windows\System\fKxBVyj.exe
  C:\Windows\System\fKxBVyj.exe
  2⤵
  PID:5408
- C:\Windows\System\ukVqomg.exe
  C:\Windows\System\ukVqomg.exe
  2⤵
  PID:5428
- C:\Windows\System\lnKlURy.exe
  C:\Windows\System\lnKlURy.exe
  2⤵
  PID:5452
- C:\Windows\System\HQNPytJ.exe
  C:\Windows\System\HQNPytJ.exe
  2⤵
  PID:5496
- C:\Windows\System\bKjFxEu.exe
  C:\Windows\System\bKjFxEu.exe
  2⤵
  PID:5536
- C:\Windows\System\WyycnXC.exe
  C:\Windows\System\WyycnXC.exe
  2⤵
  PID:5556
- C:\Windows\System\wYktNTt.exe
  C:\Windows\System\wYktNTt.exe
  2⤵
  PID:5588
- C:\Windows\System\UmIJsxj.exe
  C:\Windows\System\UmIJsxj.exe
  2⤵
  PID:5612
- C:\Windows\System\JphLKWH.exe
  C:\Windows\System\JphLKWH.exe
  2⤵
  PID:5632
- C:\Windows\System\snvqvbq.exe
  C:\Windows\System\snvqvbq.exe
  2⤵
  PID:5680
- C:\Windows\System\hALlhXC.exe
  C:\Windows\System\hALlhXC.exe
  2⤵
  PID:5740
- C:\Windows\System\iDOxBWk.exe
  C:\Windows\System\iDOxBWk.exe
  2⤵
  PID:5760
- C:\Windows\System\QNUBueO.exe
  C:\Windows\System\QNUBueO.exe
  2⤵
  PID:5812
- C:\Windows\System\BRDoaFk.exe
  C:\Windows\System\BRDoaFk.exe
  2⤵
  PID:5816
- C:\Windows\System\kNHKDQZ.exe
  C:\Windows\System\kNHKDQZ.exe
  2⤵
  PID:5840
- C:\Windows\System\EtifBuv.exe
  C:\Windows\System\EtifBuv.exe
  2⤵
  PID:5900
- C:\Windows\System\VHsFEOs.exe
  C:\Windows\System\VHsFEOs.exe
  2⤵
  PID:5912
- C:\Windows\System\veLrmns.exe
  C:\Windows\System\veLrmns.exe
  2⤵
  PID:5936
- C:\Windows\System\LgwuJwu.exe
  C:\Windows\System\LgwuJwu.exe
  2⤵
  PID:5980
- C:\Windows\System\uLuDPUl.exe
  C:\Windows\System\uLuDPUl.exe
  2⤵
  PID:6016
- C:\Windows\System\tFoHAGA.exe
  C:\Windows\System\tFoHAGA.exe
  2⤵
  PID:6032
- C:\Windows\System\LLZisFo.exe
  C:\Windows\System\LLZisFo.exe
  2⤵
  PID:6080
- C:\Windows\System\fQnnbET.exe
  C:\Windows\System\fQnnbET.exe
  2⤵
  PID:6136
- C:\Windows\System\Jsbghjv.exe
  C:\Windows\System\Jsbghjv.exe
  2⤵
  PID:4492
- C:\Windows\System\SFROQus.exe
  C:\Windows\System\SFROQus.exe
  2⤵
  PID:4548
- C:\Windows\System\jOuGyZZ.exe
  C:\Windows\System\jOuGyZZ.exe
  2⤵
  PID:4712
- C:\Windows\System\IhkNiEx.exe
  C:\Windows\System\IhkNiEx.exe
  2⤵
  PID:4940
- C:\Windows\System\NRuwnhf.exe
  C:\Windows\System\NRuwnhf.exe
  2⤵
  PID:4160
- C:\Windows\System\CBTOxbJ.exe
  C:\Windows\System\CBTOxbJ.exe
  2⤵
  PID:5068
- C:\Windows\System\HYbMYQN.exe
  C:\Windows\System\HYbMYQN.exe
  2⤵
  PID:5132
- C:\Windows\System\BsFytcU.exe
  C:\Windows\System\BsFytcU.exe
  2⤵
  PID:5208
- C:\Windows\System\ugHJhEE.exe
  C:\Windows\System\ugHJhEE.exe
  2⤵
  PID:5228
- C:\Windows\System\CzoHEpX.exe
  C:\Windows\System\CzoHEpX.exe
  2⤵
  PID:5316
- C:\Windows\System\MHMuDat.exe
  C:\Windows\System\MHMuDat.exe
  2⤵
  PID:5352
- C:\Windows\System\oqoCttx.exe
  C:\Windows\System\oqoCttx.exe
  2⤵
  PID:5376
- C:\Windows\System\OVbInYU.exe
  C:\Windows\System\OVbInYU.exe
  2⤵
  PID:5432
- C:\Windows\System\ZppPQXw.exe
  C:\Windows\System\ZppPQXw.exe
  2⤵
  PID:5396
- C:\Windows\System\dLNrCqC.exe
  C:\Windows\System\dLNrCqC.exe
  2⤵
  PID:5616
- C:\Windows\System\tVDcPIx.exe
  C:\Windows\System\tVDcPIx.exe
  2⤵
  PID:5652
- C:\Windows\System\CyOCiWk.exe
  C:\Windows\System\CyOCiWk.exe
  2⤵
  PID:5660
- C:\Windows\System\tXZhYFl.exe
  C:\Windows\System\tXZhYFl.exe
  2⤵
  PID:5752
- C:\Windows\System\zMClBUm.exe
  C:\Windows\System\zMClBUm.exe
  2⤵
  PID:5820
- C:\Windows\System\LsXSIMz.exe
  C:\Windows\System\LsXSIMz.exe
  2⤵
  PID:5860
- C:\Windows\System\dIBIsgZ.exe
  C:\Windows\System\dIBIsgZ.exe
  2⤵
  PID:5876
- C:\Windows\System\JUiTKBG.exe
  C:\Windows\System\JUiTKBG.exe
  2⤵
  PID:5956
- C:\Windows\System\sFNkIxD.exe
  C:\Windows\System\sFNkIxD.exe
  2⤵
  PID:6012
- C:\Windows\System\PyUAwPB.exe
  C:\Windows\System\PyUAwPB.exe
  2⤵
  PID:6052
- C:\Windows\System\dteVGac.exe
  C:\Windows\System\dteVGac.exe
  2⤵
  PID:4384
- C:\Windows\System\OLEeDxV.exe
  C:\Windows\System\OLEeDxV.exe
  2⤵
  PID:4264
- C:\Windows\System\HjgRJdL.exe
  C:\Windows\System\HjgRJdL.exe
  2⤵
  PID:1736
- C:\Windows\System\VkkxXYH.exe
  C:\Windows\System\VkkxXYH.exe
  2⤵
  PID:4840
- C:\Windows\System\iqaPaLP.exe
  C:\Windows\System\iqaPaLP.exe
  2⤵
  PID:2016
- C:\Windows\System\xqUgQcd.exe
  C:\Windows\System\xqUgQcd.exe
  2⤵
  PID:5172
- C:\Windows\System\vhkyhaQ.exe
  C:\Windows\System\vhkyhaQ.exe
  2⤵
  PID:5248
- C:\Windows\System\lxQVMvN.exe
  C:\Windows\System\lxQVMvN.exe
  2⤵
  PID:5368
- C:\Windows\System\XGdJcCx.exe
  C:\Windows\System\XGdJcCx.exe
  2⤵
  PID:5456
- C:\Windows\System\RJfWggR.exe
  C:\Windows\System\RJfWggR.exe
  2⤵
  PID:5512
- C:\Windows\System\oyHfDzn.exe
  C:\Windows\System\oyHfDzn.exe
  2⤵
  PID:5572
- C:\Windows\System\lejvCbd.exe
  C:\Windows\System\lejvCbd.exe
  2⤵
  PID:5712
- C:\Windows\System\cvdMBFq.exe
  C:\Windows\System\cvdMBFq.exe
  2⤵
  PID:2280
- C:\Windows\System\MQwFRDf.exe
  C:\Windows\System\MQwFRDf.exe
  2⤵
  PID:5856
- C:\Windows\System\BSbVsUC.exe
  C:\Windows\System\BSbVsUC.exe
  2⤵
  PID:5916
- C:\Windows\System\QSqLZxJ.exe
  C:\Windows\System\QSqLZxJ.exe
  2⤵
  PID:6056
- C:\Windows\System\hFIeWCY.exe
  C:\Windows\System\hFIeWCY.exe
  2⤵
  PID:4568
- C:\Windows\System\QcDSJnM.exe
  C:\Windows\System\QcDSJnM.exe
  2⤵
  PID:6076
- C:\Windows\System\aJTJeTA.exe
  C:\Windows\System\aJTJeTA.exe
  2⤵
  PID:3576
- C:\Windows\System\PZvgiRl.exe
  C:\Windows\System\PZvgiRl.exe
  2⤵
  PID:5152
- C:\Windows\System\GbdrAWI.exe
  C:\Windows\System\GbdrAWI.exe
  2⤵
  PID:5476
- C:\Windows\System\aGXLjjm.exe
  C:\Windows\System\aGXLjjm.exe
  2⤵
  PID:2464
- C:\Windows\System\LsEevYL.exe
  C:\Windows\System\LsEevYL.exe
  2⤵
  PID:5692
- C:\Windows\System\lwPRtXD.exe
  C:\Windows\System\lwPRtXD.exe
  2⤵
  PID:5696
- C:\Windows\System\TRHtODV.exe
  C:\Windows\System\TRHtODV.exe
  2⤵
  PID:6156
- C:\Windows\System\Gkhmxxj.exe
  C:\Windows\System\Gkhmxxj.exe
  2⤵
  PID:6176
- C:\Windows\System\rAzQTgs.exe
  C:\Windows\System\rAzQTgs.exe
  2⤵
  PID:6196
- C:\Windows\System\YKFiPer.exe
  C:\Windows\System\YKFiPer.exe
  2⤵
  PID:6216
- C:\Windows\System\QttQHxn.exe
  C:\Windows\System\QttQHxn.exe
  2⤵
  PID:6236
- C:\Windows\System\kczHcZm.exe
  C:\Windows\System\kczHcZm.exe
  2⤵
  PID:6256
- C:\Windows\System\XGQsWCn.exe
  C:\Windows\System\XGQsWCn.exe
  2⤵
  PID:6276
- C:\Windows\System\HXjhnnY.exe
  C:\Windows\System\HXjhnnY.exe
  2⤵
  PID:6296
- C:\Windows\System\kpxBdKJ.exe
  C:\Windows\System\kpxBdKJ.exe
  2⤵
  PID:6316
- C:\Windows\System\PFxFqZo.exe
  C:\Windows\System\PFxFqZo.exe
  2⤵
  PID:6336
- C:\Windows\System\TDHVpmR.exe
  C:\Windows\System\TDHVpmR.exe
  2⤵
  PID:6356
- C:\Windows\System\iwrjkGj.exe
  C:\Windows\System\iwrjkGj.exe
  2⤵
  PID:6376
- C:\Windows\System\sVePMEQ.exe
  C:\Windows\System\sVePMEQ.exe
  2⤵
  PID:6396
- C:\Windows\System\HLLXZRZ.exe
  C:\Windows\System\HLLXZRZ.exe
  2⤵
  PID:6416
- C:\Windows\System\QukFExr.exe
  C:\Windows\System\QukFExr.exe
  2⤵
  PID:6436
- C:\Windows\System\hXwsYxj.exe
  C:\Windows\System\hXwsYxj.exe
  2⤵
  PID:6460
- C:\Windows\System\ZjEtIHl.exe
  C:\Windows\System\ZjEtIHl.exe
  2⤵
  PID:6480
- C:\Windows\System\UCOAgee.exe
  C:\Windows\System\UCOAgee.exe
  2⤵
  PID:6500
- C:\Windows\System\DDUdLtS.exe
  C:\Windows\System\DDUdLtS.exe
  2⤵
  PID:6524
- C:\Windows\System\QvFNFsl.exe
  C:\Windows\System\QvFNFsl.exe
  2⤵
  PID:6544
- C:\Windows\System\oydXLVU.exe
  C:\Windows\System\oydXLVU.exe
  2⤵
  PID:6564
- C:\Windows\System\rFRUoxT.exe
  C:\Windows\System\rFRUoxT.exe
  2⤵
  PID:6584
- C:\Windows\System\WTBaVFr.exe
  C:\Windows\System\WTBaVFr.exe
  2⤵
  PID:6604
- C:\Windows\System\FuLSPvy.exe
  C:\Windows\System\FuLSPvy.exe
  2⤵
  PID:6624
- C:\Windows\System\mUKnuiM.exe
  C:\Windows\System\mUKnuiM.exe
  2⤵
  PID:6644
- C:\Windows\System\MKiEhQt.exe
  C:\Windows\System\MKiEhQt.exe
  2⤵
  PID:6664
- C:\Windows\System\uqKCFdr.exe
  C:\Windows\System\uqKCFdr.exe
  2⤵
  PID:6684
- C:\Windows\System\lNOnIdn.exe
  C:\Windows\System\lNOnIdn.exe
  2⤵
  PID:6704
- C:\Windows\System\FtVzIwW.exe
  C:\Windows\System\FtVzIwW.exe
  2⤵
  PID:6724
- C:\Windows\System\zmWaCIW.exe
  C:\Windows\System\zmWaCIW.exe
  2⤵
  PID:6744
- C:\Windows\System\flXmwAk.exe
  C:\Windows\System\flXmwAk.exe
  2⤵
  PID:6764
- C:\Windows\System\gdcuuOZ.exe
  C:\Windows\System\gdcuuOZ.exe
  2⤵
  PID:6784
- C:\Windows\System\OUTSgPX.exe
  C:\Windows\System\OUTSgPX.exe
  2⤵
  PID:6804
- C:\Windows\System\xgXTHrT.exe
  C:\Windows\System\xgXTHrT.exe
  2⤵
  PID:6824
- C:\Windows\System\yEQHKSP.exe
  C:\Windows\System\yEQHKSP.exe
  2⤵
  PID:6844
- C:\Windows\System\PHBEzoe.exe
  C:\Windows\System\PHBEzoe.exe
  2⤵
  PID:6868
- C:\Windows\System\RChUkAd.exe
  C:\Windows\System\RChUkAd.exe
  2⤵
  PID:6888
- C:\Windows\System\iewAscy.exe
  C:\Windows\System\iewAscy.exe
  2⤵
  PID:6908
- C:\Windows\System\SgLusaF.exe
  C:\Windows\System\SgLusaF.exe
  2⤵
  PID:6928
- C:\Windows\System\DHzjqCc.exe
  C:\Windows\System\DHzjqCc.exe
  2⤵
  PID:6948
- C:\Windows\System\IGdxpQZ.exe
  C:\Windows\System\IGdxpQZ.exe
  2⤵
  PID:6968
- C:\Windows\System\Nslquxq.exe
  C:\Windows\System\Nslquxq.exe
  2⤵
  PID:6988
- C:\Windows\System\BlkFnCy.exe
  C:\Windows\System\BlkFnCy.exe
  2⤵
  PID:7008
- C:\Windows\System\XWEUnJb.exe
  C:\Windows\System\XWEUnJb.exe
  2⤵
  PID:7028
- C:\Windows\System\rfETLGF.exe
  C:\Windows\System\rfETLGF.exe
  2⤵
  PID:7048
- C:\Windows\System\pIpaAZg.exe
  C:\Windows\System\pIpaAZg.exe
  2⤵
  PID:7068
- C:\Windows\System\VQKSEDD.exe
  C:\Windows\System\VQKSEDD.exe
  2⤵
  PID:7088
- C:\Windows\System\NpCTIHT.exe
  C:\Windows\System\NpCTIHT.exe
  2⤵
  PID:7108
- C:\Windows\System\osdaROK.exe
  C:\Windows\System\osdaROK.exe
  2⤵
  PID:7128
- C:\Windows\System\OojiELx.exe
  C:\Windows\System\OojiELx.exe
  2⤵
  PID:7148
- C:\Windows\System\UCcWqAz.exe
  C:\Windows\System\UCcWqAz.exe
  2⤵
  PID:5992
- C:\Windows\System\nvwEgoi.exe
  C:\Windows\System\nvwEgoi.exe
  2⤵
  PID:5972
- C:\Windows\System\JEarvOV.exe
  C:\Windows\System\JEarvOV.exe
  2⤵
  PID:1128
- C:\Windows\System\SDQndZi.exe
  C:\Windows\System\SDQndZi.exe
  2⤵
  PID:6124
- C:\Windows\System\MTvqpcH.exe
  C:\Windows\System\MTvqpcH.exe
  2⤵
  PID:5412
- C:\Windows\System\UfIGkMG.exe
  C:\Windows\System\UfIGkMG.exe
  2⤵
  PID:1188
- C:\Windows\System\bhtuOGO.exe
  C:\Windows\System\bhtuOGO.exe
  2⤵
  PID:5732
- C:\Windows\System\fTtDtHL.exe
  C:\Windows\System\fTtDtHL.exe
  2⤵
  PID:6192
- C:\Windows\System\GhmLbgf.exe
  C:\Windows\System\GhmLbgf.exe
  2⤵
  PID:5796
- C:\Windows\System\vbDDhsG.exe
  C:\Windows\System\vbDDhsG.exe
  2⤵
  PID:6244
- C:\Windows\System\UZxxBtZ.exe
  C:\Windows\System\UZxxBtZ.exe
  2⤵
  PID:6292
- C:\Windows\System\rVhwxaX.exe
  C:\Windows\System\rVhwxaX.exe
  2⤵
  PID:6324
- C:\Windows\System\iFONQmV.exe
  C:\Windows\System\iFONQmV.exe
  2⤵
  PID:6348
- C:\Windows\System\PFNNPzk.exe
  C:\Windows\System\PFNNPzk.exe
  2⤵
  PID:6372
- C:\Windows\System\nNrBBYg.exe
  C:\Windows\System\nNrBBYg.exe
  2⤵
  PID:6412
- C:\Windows\System\ibgnYmc.exe
  C:\Windows\System\ibgnYmc.exe
  2⤵
  PID:6452
- C:\Windows\System\GLAGhiJ.exe
  C:\Windows\System\GLAGhiJ.exe
  2⤵
  PID:6492
- C:\Windows\System\uRfRdue.exe
  C:\Windows\System\uRfRdue.exe
  2⤵
  PID:6540
- C:\Windows\System\AMwwZqX.exe
  C:\Windows\System\AMwwZqX.exe
  2⤵
  PID:6572
- C:\Windows\System\RCYbwst.exe
  C:\Windows\System\RCYbwst.exe
  2⤵
  PID:6576
- C:\Windows\System\kroxKFU.exe
  C:\Windows\System\kroxKFU.exe
  2⤵
  PID:6640
- C:\Windows\System\PGVktbG.exe
  C:\Windows\System\PGVktbG.exe
  2⤵
  PID:6672
- C:\Windows\System\lvgOkej.exe
  C:\Windows\System\lvgOkej.exe
  2⤵
  PID:6692
- C:\Windows\System\IGKqsCH.exe
  C:\Windows\System\IGKqsCH.exe
  2⤵
  PID:6732
- C:\Windows\System\ALEbbNq.exe
  C:\Windows\System\ALEbbNq.exe
  2⤵
  PID:6772
- C:\Windows\System\nkcxcxT.exe
  C:\Windows\System\nkcxcxT.exe
  2⤵
  PID:6812
- C:\Windows\System\NbZdlit.exe
  C:\Windows\System\NbZdlit.exe
  2⤵
  PID:6836
- C:\Windows\System\FHtuBQR.exe
  C:\Windows\System\FHtuBQR.exe
  2⤵
  PID:6884
- C:\Windows\System\zcLudLX.exe
  C:\Windows\System\zcLudLX.exe
  2⤵
  PID:6916
- C:\Windows\System\vQTHDQe.exe
  C:\Windows\System\vQTHDQe.exe
  2⤵
  PID:6956
- C:\Windows\System\adPyyvm.exe
  C:\Windows\System\adPyyvm.exe
  2⤵
  PID:6976
- C:\Windows\System\wvoXQsO.exe
  C:\Windows\System\wvoXQsO.exe
  2⤵
  PID:7000
- C:\Windows\System\LDbwrKV.exe
  C:\Windows\System\LDbwrKV.exe
  2⤵
  PID:7040
- C:\Windows\System\AcKPOHo.exe
  C:\Windows\System\AcKPOHo.exe
  2⤵
  PID:7080
- C:\Windows\System\nwemMPQ.exe
  C:\Windows\System\nwemMPQ.exe
  2⤵
  PID:7096
- C:\Windows\System\hbZRmcC.exe
  C:\Windows\System\hbZRmcC.exe
  2⤵
  PID:7156
- C:\Windows\System\QmrFbBq.exe
  C:\Windows\System\QmrFbBq.exe
  2⤵
  PID:5996
- C:\Windows\System\ymfRbWD.exe
  C:\Windows\System\ymfRbWD.exe
  2⤵
  PID:7140
- C:\Windows\System\nifkuoU.exe
  C:\Windows\System\nifkuoU.exe
  2⤵
  PID:4736
- C:\Windows\System\IokrMsF.exe
  C:\Windows\System\IokrMsF.exe
  2⤵
  PID:5256
- C:\Windows\System\dazyRUg.exe
  C:\Windows\System\dazyRUg.exe
  2⤵
  PID:5276
- C:\Windows\System\RZodPLf.exe
  C:\Windows\System\RZodPLf.exe
  2⤵
  PID:6184
- C:\Windows\System\vOqTOqx.exe
  C:\Windows\System\vOqTOqx.exe
  2⤵
  PID:6284
- C:\Windows\System\uWFFrxU.exe
  C:\Windows\System\uWFFrxU.exe
  2⤵
  PID:6288
- C:\Windows\System\ESpGXLn.exe
  C:\Windows\System\ESpGXLn.exe
  2⤵
  PID:6516
- C:\Windows\System\hYGPsIg.exe
  C:\Windows\System\hYGPsIg.exe
  2⤵
  PID:6600
- C:\Windows\System\GEeBlpx.exe
  C:\Windows\System\GEeBlpx.exe
  2⤵
  PID:6676
- C:\Windows\System\hhBKTgj.exe
  C:\Windows\System\hhBKTgj.exe
  2⤵
  PID:6652
- C:\Windows\System\euogZMg.exe
  C:\Windows\System\euogZMg.exe
  2⤵
  PID:6712
- C:\Windows\System\itTPAGJ.exe
  C:\Windows\System\itTPAGJ.exe
  2⤵
  PID:6800
- C:\Windows\System\ztfUdWm.exe
  C:\Windows\System\ztfUdWm.exe
  2⤵
  PID:6876
- C:\Windows\System\nDQkmwt.exe
  C:\Windows\System\nDQkmwt.exe
  2⤵
  PID:6960
- C:\Windows\System\mnBtMkl.exe
  C:\Windows\System\mnBtMkl.exe
  2⤵
  PID:752
- C:\Windows\System\LiwNdye.exe
  C:\Windows\System\LiwNdye.exe
  2⤵
  PID:2256
- C:\Windows\System\PRyEAKl.exe
  C:\Windows\System\PRyEAKl.exe
  2⤵
  PID:7056
- C:\Windows\System\XqdgnHS.exe
  C:\Windows\System\XqdgnHS.exe
  2⤵
  PID:7084
- C:\Windows\System\gNKQpYR.exe
  C:\Windows\System\gNKQpYR.exe
  2⤵
  PID:6104
- C:\Windows\System\wwAYIjy.exe
  C:\Windows\System\wwAYIjy.exe
  2⤵
  PID:5852
- C:\Windows\System\XvhnUnd.exe
  C:\Windows\System\XvhnUnd.exe
  2⤵
  PID:6148
- C:\Windows\System\qCriUyK.exe
  C:\Windows\System\qCriUyK.exe
  2⤵
  PID:6720
- C:\Windows\System\OjJrbTA.exe
  C:\Windows\System\OjJrbTA.exe
  2⤵
  PID:5776
- C:\Windows\System\ePqsPfk.exe
  C:\Windows\System\ePqsPfk.exe
  2⤵
  PID:6264
- C:\Windows\System\NluZXio.exe
  C:\Windows\System\NluZXio.exe
  2⤵
  PID:6344
- C:\Windows\System\yvywhog.exe
  C:\Windows\System\yvywhog.exe
  2⤵
  PID:6620
- C:\Windows\System\olqLnNn.exe
  C:\Windows\System\olqLnNn.exe
  2⤵
  PID:6752
- C:\Windows\System\ztAeTMK.exe
  C:\Windows\System\ztAeTMK.exe
  2⤵
  PID:6636
- C:\Windows\System\VCEXuRR.exe
  C:\Windows\System\VCEXuRR.exe
  2⤵
  PID:6816
- C:\Windows\System\UgyHEoc.exe
  C:\Windows\System\UgyHEoc.exe
  2⤵
  PID:2272
- C:\Windows\System\ZwyHHrV.exe
  C:\Windows\System\ZwyHHrV.exe
  2⤵
  PID:7036
- C:\Windows\System\aLLRRLj.exe
  C:\Windows\System\aLLRRLj.exe
  2⤵
  PID:2488
- C:\Windows\System\jUnQZLE.exe
  C:\Windows\System\jUnQZLE.exe
  2⤵
  PID:2920
- C:\Windows\System\cBzKhMY.exe
  C:\Windows\System\cBzKhMY.exe
  2⤵
  PID:7136
- C:\Windows\System\rHHsLxC.exe
  C:\Windows\System\rHHsLxC.exe
  2⤵
  PID:7144
- C:\Windows\System\mNKsppp.exe
  C:\Windows\System\mNKsppp.exe
  2⤵
  PID:6224
- C:\Windows\System\ZHQbgXX.exe
  C:\Windows\System\ZHQbgXX.exe
  2⤵
  PID:1248
- C:\Windows\System\kdJtVlv.exe
  C:\Windows\System\kdJtVlv.exe
  2⤵
  PID:1088
- C:\Windows\System\VjLSRXy.exe
  C:\Windows\System\VjLSRXy.exe
  2⤵
  PID:2084
- C:\Windows\System\CtTgEHx.exe
  C:\Windows\System\CtTgEHx.exe
  2⤵
  PID:6736
- C:\Windows\System\zMBIkeG.exe
  C:\Windows\System\zMBIkeG.exe
  2⤵
  PID:6996
- C:\Windows\System\RjIZweK.exe
  C:\Windows\System\RjIZweK.exe
  2⤵
  PID:2232
- C:\Windows\System\qUyuSYx.exe
  C:\Windows\System\qUyuSYx.exe
  2⤵
  PID:7164
- C:\Windows\System\KcgwINn.exe
  C:\Windows\System\KcgwINn.exe
  2⤵
  PID:7124
- C:\Windows\System\XCGZAFp.exe
  C:\Windows\System\XCGZAFp.exe
  2⤵
  PID:2168
- C:\Windows\System\aVDbKwZ.exe
  C:\Windows\System\aVDbKwZ.exe
  2⤵
  PID:6172
- C:\Windows\System\UQvzLGT.exe
  C:\Windows\System\UQvzLGT.exe
  2⤵
  PID:1788
- C:\Windows\System\DBstOHP.exe
  C:\Windows\System\DBstOHP.exe
  2⤵
  PID:6272
- C:\Windows\System\qsOXpSx.exe
  C:\Windows\System\qsOXpSx.exe
  2⤵
  PID:2916
- C:\Windows\System\XYbwHZn.exe
  C:\Windows\System\XYbwHZn.exe
  2⤵
  PID:2472
- C:\Windows\System\tMmTsZr.exe
  C:\Windows\System\tMmTsZr.exe
  2⤵
  PID:900
- C:\Windows\System\PEmXZyk.exe
  C:\Windows\System\PEmXZyk.exe
  2⤵
  PID:7060
- C:\Windows\System\YaMMilE.exe
  C:\Windows\System\YaMMilE.exe
  2⤵
  PID:7004
- C:\Windows\System\cpEAkHR.exe
  C:\Windows\System\cpEAkHR.exe
  2⤵
  PID:6840
- C:\Windows\System\JLxzCLc.exe
  C:\Windows\System\JLxzCLc.exe
  2⤵
  PID:968
- C:\Windows\System\uTHOgqF.exe
  C:\Windows\System\uTHOgqF.exe
  2⤵
  PID:560
- C:\Windows\System\UEfxqcn.exe
  C:\Windows\System\UEfxqcn.exe
  2⤵
  PID:6832
- C:\Windows\System\MBFHxwj.exe
  C:\Windows\System\MBFHxwj.exe
  2⤵
  PID:6212
- C:\Windows\System\sFENNjB.exe
  C:\Windows\System\sFENNjB.exe
  2⤵
  PID:6308
- C:\Windows\System\uuGmfzY.exe
  C:\Windows\System\uuGmfzY.exe
  2⤵
  PID:2672
- C:\Windows\System\MKEytQp.exe
  C:\Windows\System\MKEytQp.exe
  2⤵
  PID:6612
- C:\Windows\System\vTiGqCM.exe
  C:\Windows\System\vTiGqCM.exe
  2⤵
  PID:2668
- C:\Windows\System\EBsxBnH.exe
  C:\Windows\System\EBsxBnH.exe
  2⤵
  PID:6152
- C:\Windows\System\UdJPKxD.exe
  C:\Windows\System\UdJPKxD.exe
  2⤵
  PID:6488
- C:\Windows\System\tqqAQec.exe
  C:\Windows\System\tqqAQec.exe
  2⤵
  PID:5372
- C:\Windows\System\XnliXfH.exe
  C:\Windows\System\XnliXfH.exe
  2⤵
  PID:2440
- C:\Windows\System\IBlwYvQ.exe
  C:\Windows\System\IBlwYvQ.exe
  2⤵
  PID:6796
- C:\Windows\System\HpdAfDh.exe
  C:\Windows\System\HpdAfDh.exe
  2⤵
  PID:6856
- C:\Windows\System\zmHVpjq.exe
  C:\Windows\System\zmHVpjq.exe
  2⤵
  PID:1036
- C:\Windows\System\tvVDnmS.exe
  C:\Windows\System\tvVDnmS.exe
  2⤵
  PID:268
- C:\Windows\System\IkKKntI.exe
  C:\Windows\System\IkKKntI.exe
  2⤵
  PID:5896
- C:\Windows\System\SomcIeL.exe
  C:\Windows\System\SomcIeL.exe
  2⤵
  PID:7176
- C:\Windows\System\jijgRyj.exe
  C:\Windows\System\jijgRyj.exe
  2⤵
  PID:7196
- C:\Windows\System\TfCDrOh.exe
  C:\Windows\System\TfCDrOh.exe
  2⤵
  PID:7220
- C:\Windows\System\OyaAjWs.exe
  C:\Windows\System\OyaAjWs.exe
  2⤵
  PID:7244
- C:\Windows\System\nUoXZSD.exe
  C:\Windows\System\nUoXZSD.exe
  2⤵
  PID:7268
- C:\Windows\System\LcZmruI.exe
  C:\Windows\System\LcZmruI.exe
  2⤵
  PID:7284
- C:\Windows\System\kFpvWXQ.exe
  C:\Windows\System\kFpvWXQ.exe
  2⤵
  PID:7304
- C:\Windows\System\eCOVWYC.exe
  C:\Windows\System\eCOVWYC.exe
  2⤵
  PID:7324
- C:\Windows\System\ITuWQGf.exe
  C:\Windows\System\ITuWQGf.exe
  2⤵
  PID:7344
- C:\Windows\System\uPcycxw.exe
  C:\Windows\System\uPcycxw.exe
  2⤵
  PID:7368
- C:\Windows\System\kcqHIvH.exe
  C:\Windows\System\kcqHIvH.exe
  2⤵
  PID:7392
- C:\Windows\System\nDZrodQ.exe
  C:\Windows\System\nDZrodQ.exe
  2⤵
  PID:7408
- C:\Windows\System\rmTeVzW.exe
  C:\Windows\System\rmTeVzW.exe
  2⤵
  PID:7428
- C:\Windows\System\GMONGCW.exe
  C:\Windows\System\GMONGCW.exe
  2⤵
  PID:7452
- C:\Windows\System\wlXeerj.exe
  C:\Windows\System\wlXeerj.exe
  2⤵
  PID:7468
- C:\Windows\System\ZhfejUv.exe
  C:\Windows\System\ZhfejUv.exe
  2⤵
  PID:7492
- C:\Windows\System\THfAMvd.exe
  C:\Windows\System\THfAMvd.exe
  2⤵
  PID:7508
- C:\Windows\System\rDBdFfg.exe
  C:\Windows\System\rDBdFfg.exe
  2⤵
  PID:7524
- C:\Windows\System\lfpXqPH.exe
  C:\Windows\System\lfpXqPH.exe
  2⤵
  PID:7544
- C:\Windows\System\uGiMCSC.exe
  C:\Windows\System\uGiMCSC.exe
  2⤵
  PID:7564
- C:\Windows\System\mPoKaBy.exe
  C:\Windows\System\mPoKaBy.exe
  2⤵
  PID:7584
- C:\Windows\System\HEtwyDj.exe
  C:\Windows\System\HEtwyDj.exe
  2⤵
  PID:7600
- C:\Windows\System\njqXeeW.exe
  C:\Windows\System\njqXeeW.exe
  2⤵
  PID:7632
- C:\Windows\System\BRGuSAt.exe
  C:\Windows\System\BRGuSAt.exe
  2⤵
  PID:7652
- C:\Windows\System\cFvLVOc.exe
  C:\Windows\System\cFvLVOc.exe
  2⤵
  PID:7668
- C:\Windows\System\SNqGivt.exe
  C:\Windows\System\SNqGivt.exe
  2⤵
  PID:7688
- C:\Windows\System\ZIITDwW.exe
  C:\Windows\System\ZIITDwW.exe
  2⤵
  PID:7708
- C:\Windows\System\cqGQdmI.exe
  C:\Windows\System\cqGQdmI.exe
  2⤵
  PID:7728
- C:\Windows\System\wLVqFkN.exe
  C:\Windows\System\wLVqFkN.exe
  2⤵
  PID:7748
- C:\Windows\System\EmrfHiz.exe
  C:\Windows\System\EmrfHiz.exe
  2⤵
  PID:7768
- C:\Windows\System\xMagUtq.exe
  C:\Windows\System\xMagUtq.exe
  2⤵
  PID:7788
- C:\Windows\System\xBMrXyf.exe
  C:\Windows\System\xBMrXyf.exe
  2⤵
  PID:7812
- C:\Windows\System\FWAyMHa.exe
  C:\Windows\System\FWAyMHa.exe
  2⤵
  PID:7828
- C:\Windows\System\EJZVlHn.exe
  C:\Windows\System\EJZVlHn.exe
  2⤵
  PID:7852
- C:\Windows\System\CiDEBsf.exe
  C:\Windows\System\CiDEBsf.exe
  2⤵
  PID:7868
- C:\Windows\System\uYXadyd.exe
  C:\Windows\System\uYXadyd.exe
  2⤵
  PID:7884
- C:\Windows\System\tXJZzyB.exe
  C:\Windows\System\tXJZzyB.exe
  2⤵
  PID:7900
- C:\Windows\System\JFcTcWc.exe
  C:\Windows\System\JFcTcWc.exe
  2⤵
  PID:7928
- C:\Windows\System\czvmIjT.exe
  C:\Windows\System\czvmIjT.exe
  2⤵
  PID:7944
- C:\Windows\System\jdSZNaD.exe
  C:\Windows\System\jdSZNaD.exe
  2⤵
  PID:7968
- C:\Windows\System\AtNKGLt.exe
  C:\Windows\System\AtNKGLt.exe
  2⤵
  PID:7984
- C:\Windows\System\ouVmlvK.exe
  C:\Windows\System\ouVmlvK.exe
  2⤵
  PID:8012
- C:\Windows\System\VCzLqKR.exe
  C:\Windows\System\VCzLqKR.exe
  2⤵
  PID:8028
- C:\Windows\System\OXKvTYA.exe
  C:\Windows\System\OXKvTYA.exe
  2⤵
  PID:8048
- C:\Windows\System\pIfoqST.exe
  C:\Windows\System\pIfoqST.exe
  2⤵
  PID:8068
- C:\Windows\System\SsbcIkM.exe
  C:\Windows\System\SsbcIkM.exe
  2⤵
  PID:8088
- C:\Windows\System\AtxhVyJ.exe
  C:\Windows\System\AtxhVyJ.exe
  2⤵
  PID:8108
- C:\Windows\System\mOzWgGb.exe
  C:\Windows\System\mOzWgGb.exe
  2⤵
  PID:8124
- C:\Windows\System\FQRHxsr.exe
  C:\Windows\System\FQRHxsr.exe
  2⤵
  PID:8144
- C:\Windows\System\iGJMMMb.exe
  C:\Windows\System\iGJMMMb.exe
  2⤵
  PID:8172
- C:\Windows\System\uumcXmm.exe
  C:\Windows\System\uumcXmm.exe
  2⤵
  PID:264
- C:\Windows\System\phbxGgI.exe
  C:\Windows\System\phbxGgI.exe
  2⤵
  PID:2240
- C:\Windows\System\GoyuUiF.exe
  C:\Windows\System\GoyuUiF.exe
  2⤵
  PID:684
- C:\Windows\System\PcJcjWk.exe
  C:\Windows\System\PcJcjWk.exe
  2⤵
  PID:7236
- C:\Windows\System\GOMdJdO.exe
  C:\Windows\System\GOMdJdO.exe
  2⤵
  PID:7172
- C:\Windows\System\nEiKgjC.exe
  C:\Windows\System\nEiKgjC.exe
  2⤵
  PID:7276
- C:\Windows\System\WKBgHUY.exe
  C:\Windows\System\WKBgHUY.exe
  2⤵
  PID:2188
- C:\Windows\System\vIfPMZj.exe
  C:\Windows\System\vIfPMZj.exe
  2⤵
  PID:7296
- C:\Windows\System\FOuzWMm.exe
  C:\Windows\System\FOuzWMm.exe
  2⤵
  PID:7336
- C:\Windows\System\UuQqiqB.exe
  C:\Windows\System\UuQqiqB.exe
  2⤵
  PID:7400
- C:\Windows\System\xNCcDxw.exe
  C:\Windows\System\xNCcDxw.exe
  2⤵
  PID:7440
- C:\Windows\System\FnkPwJZ.exe
  C:\Windows\System\FnkPwJZ.exe
  2⤵
  PID:7448
- C:\Windows\System\xTcwJME.exe
  C:\Windows\System\xTcwJME.exe
  2⤵
  PID:7464
- C:\Windows\System\SODRLFj.exe
  C:\Windows\System\SODRLFj.exe
  2⤵
  PID:7560
- C:\Windows\System\nPfrPlq.exe
  C:\Windows\System\nPfrPlq.exe
  2⤵
  PID:7596
- C:\Windows\System\EyOFzQc.exe
  C:\Windows\System\EyOFzQc.exe
  2⤵
  PID:7572
- C:\Windows\System\TBiYErM.exe
  C:\Windows\System\TBiYErM.exe
  2⤵
  PID:7612
- C:\Windows\System\ylRrAME.exe
  C:\Windows\System\ylRrAME.exe
  2⤵
  PID:7628
- C:\Windows\System\wnolnsu.exe
  C:\Windows\System\wnolnsu.exe
  2⤵
  PID:7660
- C:\Windows\System\mPnBdUU.exe
  C:\Windows\System\mPnBdUU.exe
  2⤵
  PID:7720
- C:\Windows\System\SaYykrj.exe
  C:\Windows\System\SaYykrj.exe
  2⤵
  PID:7744
- C:\Windows\System\XJDPkHd.exe
  C:\Windows\System\XJDPkHd.exe
  2⤵
  PID:7780
- C:\Windows\System\BGqKtys.exe
  C:\Windows\System\BGqKtys.exe
  2⤵
  PID:7820
- C:\Windows\System\PaYvEjL.exe
  C:\Windows\System\PaYvEjL.exe
  2⤵
  PID:7840
- C:\Windows\System\jeePKat.exe
  C:\Windows\System\jeePKat.exe
  2⤵
  PID:7916
- C:\Windows\System\HASovmW.exe
  C:\Windows\System\HASovmW.exe
  2⤵
  PID:7960
- C:\Windows\System\JAKkyWP.exe
  C:\Windows\System\JAKkyWP.exe
  2⤵
  PID:7936
- C:\Windows\System\HsHTQTW.exe
  C:\Windows\System\HsHTQTW.exe
  2⤵
  PID:7896
- C:\Windows\System\yGNtLUd.exe
  C:\Windows\System\yGNtLUd.exe
  2⤵
  PID:8076
- C:\Windows\System\DcxZDYn.exe
  C:\Windows\System\DcxZDYn.exe
  2⤵
  PID:7976
- C:\Windows\System\lCezEop.exe
  C:\Windows\System\lCezEop.exe
  2⤵
  PID:8064
- C:\Windows\System\KUyLQsR.exe
  C:\Windows\System\KUyLQsR.exe
  2⤵
  PID:8104
- C:\Windows\System\mbwnMwt.exe
  C:\Windows\System\mbwnMwt.exe
  2⤵
  PID:8168
- C:\Windows\System\PBrcxzd.exe
  C:\Windows\System\PBrcxzd.exe
  2⤵
  PID:8184
- C:\Windows\System\cpkSehZ.exe
  C:\Windows\System\cpkSehZ.exe
  2⤵
  PID:7192
- C:\Windows\System\gNWKeyX.exe
  C:\Windows\System\gNWKeyX.exe
  2⤵
  PID:7228
- C:\Windows\System\OIkbqdg.exe
  C:\Windows\System\OIkbqdg.exe
  2⤵
  PID:7208
- C:\Windows\System\XukeNLy.exe
  C:\Windows\System\XukeNLy.exe
  2⤵
  PID:7280
- C:\Windows\System\ScBIIBU.exe
  C:\Windows\System\ScBIIBU.exe
  2⤵
  PID:7352
- C:\Windows\System\zUPjuUa.exe
  C:\Windows\System\zUPjuUa.exe
  2⤵
  PID:7380
- C:\Windows\System\wzEcdmm.exe
  C:\Windows\System\wzEcdmm.exe
  2⤵
  PID:7416
- C:\Windows\System\OgfbrIa.exe
  C:\Windows\System\OgfbrIa.exe
  2⤵
  PID:7552
- C:\Windows\System\RtwQemH.exe
  C:\Windows\System\RtwQemH.exe
  2⤵
  PID:7580
- C:\Windows\System\WFOAqkM.exe
  C:\Windows\System\WFOAqkM.exe
  2⤵
  PID:7616
- C:\Windows\System\EhhbRoK.exe
  C:\Windows\System\EhhbRoK.exe
  2⤵
  PID:7608
- C:\Windows\System\lfZCOPf.exe
  C:\Windows\System\lfZCOPf.exe
  2⤵
  PID:7700
- C:\Windows\System\dmynyvu.exe
  C:\Windows\System\dmynyvu.exe
  2⤵
  PID:7764
- C:\Windows\System\SkiiYRx.exe
  C:\Windows\System\SkiiYRx.exe
  2⤵
  PID:7824
- C:\Windows\System\GWpgqAN.exe
  C:\Windows\System\GWpgqAN.exe
  2⤵
  PID:7880
- C:\Windows\System\TFQRjlN.exe
  C:\Windows\System\TFQRjlN.exe
  2⤵
  PID:2024
- C:\Windows\System\TOujYad.exe
  C:\Windows\System\TOujYad.exe
  2⤵
  PID:7908
- C:\Windows\System\uEKDdhV.exe
  C:\Windows\System\uEKDdhV.exe
  2⤵
  PID:8044
- C:\Windows\System\TXRPkDq.exe
  C:\Windows\System\TXRPkDq.exe
  2⤵
  PID:8020
- C:\Windows\System\EqZGfnt.exe
  C:\Windows\System\EqZGfnt.exe
  2⤵
  PID:8152
- C:\Windows\System\mzAppva.exe
  C:\Windows\System\mzAppva.exe
  2⤵
  PID:8180
- C:\Windows\System\zXltkHj.exe
  C:\Windows\System\zXltkHj.exe
  2⤵
  PID:7256
- C:\Windows\System\eoGwWOQ.exe
  C:\Windows\System\eoGwWOQ.exe
  2⤵
  PID:7360
- C:\Windows\System\NVgCgMY.exe
  C:\Windows\System\NVgCgMY.exe
  2⤵
  PID:7436
- C:\Windows\System\mAgNYkH.exe
  C:\Windows\System\mAgNYkH.exe
  2⤵
  PID:7488
- C:\Windows\System\zPqyrMW.exe
  C:\Windows\System\zPqyrMW.exe
  2⤵
  PID:7696
- C:\Windows\System\QsXCRWM.exe
  C:\Windows\System\QsXCRWM.exe
  2⤵
  PID:7848
- C:\Windows\System\RVsurCU.exe
  C:\Windows\System\RVsurCU.exe
  2⤵
  PID:8008
- C:\Windows\System\lvdYsCi.exe
  C:\Windows\System\lvdYsCi.exe
  2⤵
  PID:7504
- C:\Windows\System\hJJitRk.exe
  C:\Windows\System\hJJitRk.exe
  2⤵
  PID:8096
- C:\Windows\System\KcumVKy.exe
  C:\Windows\System\KcumVKy.exe
  2⤵
  PID:8056
- C:\Windows\System\ELTpaiD.exe
  C:\Windows\System\ELTpaiD.exe
  2⤵
  PID:1044
- C:\Windows\System\NOBDjjp.exe
  C:\Windows\System\NOBDjjp.exe
  2⤵
  PID:2092
- C:\Windows\System\BBFimHQ.exe
  C:\Windows\System\BBFimHQ.exe
  2⤵
  PID:8160
- C:\Windows\System\KyJkfLj.exe
  C:\Windows\System\KyJkfLj.exe
  2⤵
  PID:7376
- C:\Windows\System\lLmhIJS.exe
  C:\Windows\System\lLmhIJS.exe
  2⤵
  PID:7532
- C:\Windows\System\dleBrDI.exe
  C:\Windows\System\dleBrDI.exe
  2⤵
  PID:7808
- C:\Windows\System\akVCMLS.exe
  C:\Windows\System\akVCMLS.exe
  2⤵
  PID:7860
- C:\Windows\System\ZtrxOfj.exe
  C:\Windows\System\ZtrxOfj.exe
  2⤵
  PID:8060
- C:\Windows\System\wdCeLmV.exe
  C:\Windows\System\wdCeLmV.exe
  2⤵
  PID:2636
- C:\Windows\System\gWDSslQ.exe
  C:\Windows\System\gWDSslQ.exe
  2⤵
  PID:7956
- C:\Windows\System\XLADwiR.exe
  C:\Windows\System\XLADwiR.exe
  2⤵
  PID:1744
- C:\Windows\System\VNHxxJt.exe
  C:\Windows\System\VNHxxJt.exe
  2⤵
  PID:7716
- C:\Windows\System\PonUgHr.exe
  C:\Windows\System\PonUgHr.exe
  2⤵
  PID:7784
- C:\Windows\System\CgSmxvE.exe
  C:\Windows\System\CgSmxvE.exe
  2⤵
  PID:7760
- C:\Windows\System\OwyGYSJ.exe
  C:\Windows\System\OwyGYSJ.exe
  2⤵
  PID:7444
- C:\Windows\System\DqTnuGF.exe
  C:\Windows\System\DqTnuGF.exe
  2⤵
  PID:7800
- C:\Windows\System\wFpqzvw.exe
  C:\Windows\System\wFpqzvw.exe
  2⤵
  PID:8100
- C:\Windows\System\WCdzxQm.exe
  C:\Windows\System\WCdzxQm.exe
  2⤵
  PID:7952
- C:\Windows\System\oZZtHsW.exe
  C:\Windows\System\oZZtHsW.exe
  2⤵
  PID:8196
- C:\Windows\System\dFxHqTJ.exe
  C:\Windows\System\dFxHqTJ.exe
  2⤵
  PID:8216
- C:\Windows\System\kkgxKHu.exe
  C:\Windows\System\kkgxKHu.exe
  2⤵
  PID:8236
- C:\Windows\System\njLtBCh.exe
  C:\Windows\System\njLtBCh.exe
  2⤵
  PID:8264
- C:\Windows\System\MUZrqOy.exe
  C:\Windows\System\MUZrqOy.exe
  2⤵
  PID:8284
- C:\Windows\System\topwAGR.exe
  C:\Windows\System\topwAGR.exe
  2⤵
  PID:8300
- C:\Windows\System\cihBwYg.exe
  C:\Windows\System\cihBwYg.exe
  2⤵
  PID:8324
- C:\Windows\System\pLxIQXe.exe
  C:\Windows\System\pLxIQXe.exe
  2⤵
  PID:8340
- C:\Windows\System\zBHLYeG.exe
  C:\Windows\System\zBHLYeG.exe
  2⤵
  PID:8364
- C:\Windows\System\oWErKCq.exe
  C:\Windows\System\oWErKCq.exe
  2⤵
  PID:8380
- C:\Windows\System\DziOQdM.exe
  C:\Windows\System\DziOQdM.exe
  2⤵
  PID:8400
- C:\Windows\System\XWOOOct.exe
  C:\Windows\System\XWOOOct.exe
  2⤵
  PID:8416
- C:\Windows\System\FqcgHdN.exe
  C:\Windows\System\FqcgHdN.exe
  2⤵
  PID:8444
- C:\Windows\System\qSWXvEU.exe
  C:\Windows\System\qSWXvEU.exe
  2⤵
  PID:8460
- C:\Windows\System\meqvSIM.exe
  C:\Windows\System\meqvSIM.exe
  2⤵
  PID:8484
- C:\Windows\System\VHPYSzV.exe
  C:\Windows\System\VHPYSzV.exe
  2⤵
  PID:8500
- C:\Windows\System\gcKRfgU.exe
  C:\Windows\System\gcKRfgU.exe
  2⤵
  PID:8516
- C:\Windows\System\GYPtVUR.exe
  C:\Windows\System\GYPtVUR.exe
  2⤵
  PID:8544
- C:\Windows\System\wXfTwMh.exe
  C:\Windows\System\wXfTwMh.exe
  2⤵
  PID:8564
- C:\Windows\System\tWRQVZD.exe
  C:\Windows\System\tWRQVZD.exe
  2⤵
  PID:8584
- C:\Windows\System\kSePhIT.exe
  C:\Windows\System\kSePhIT.exe
  2⤵
  PID:8604
- C:\Windows\System\NGhKXaQ.exe
  C:\Windows\System\NGhKXaQ.exe
  2⤵
  PID:8620
- C:\Windows\System\BlBFiNk.exe
  C:\Windows\System\BlBFiNk.exe
  2⤵
  PID:8640
- C:\Windows\System\obLATlT.exe
  C:\Windows\System\obLATlT.exe
  2⤵
  PID:8660
- C:\Windows\System\DTISKAz.exe
  C:\Windows\System\DTISKAz.exe
  2⤵
  PID:8684
- C:\Windows\System\SMiBhrZ.exe
  C:\Windows\System\SMiBhrZ.exe
  2⤵
  PID:8704
- C:\Windows\System\zBBitig.exe
  C:\Windows\System\zBBitig.exe
  2⤵
  PID:8724
- C:\Windows\System\VwGnHgi.exe
  C:\Windows\System\VwGnHgi.exe
  2⤵
  PID:8744
- C:\Windows\System\RhJrybK.exe
  C:\Windows\System\RhJrybK.exe
  2⤵
  PID:8768
- C:\Windows\System\FSzpoyA.exe
  C:\Windows\System\FSzpoyA.exe
  2⤵
  PID:8784
- C:\Windows\System\lxgvcXB.exe
  C:\Windows\System\lxgvcXB.exe
  2⤵
  PID:8800
- C:\Windows\System\jNeeYfm.exe
  C:\Windows\System\jNeeYfm.exe
  2⤵
  PID:8828
- C:\Windows\System\xbTjCOz.exe
  C:\Windows\System\xbTjCOz.exe
  2⤵
  PID:8848
- C:\Windows\System\ShMkSnc.exe
  C:\Windows\System\ShMkSnc.exe
  2⤵
  PID:8864
- C:\Windows\System\LncbiPo.exe
  C:\Windows\System\LncbiPo.exe
  2⤵
  PID:8884
- C:\Windows\System\ovIIWgu.exe
  C:\Windows\System\ovIIWgu.exe
  2⤵
  PID:8908
- C:\Windows\System\uWIqdcg.exe
  C:\Windows\System\uWIqdcg.exe
  2⤵
  PID:8928
- C:\Windows\System\FGqaDvJ.exe
  C:\Windows\System\FGqaDvJ.exe
  2⤵
  PID:8944
- C:\Windows\System\UwAUJbL.exe
  C:\Windows\System\UwAUJbL.exe
  2⤵
  PID:8968
- C:\Windows\System\SQsLfYd.exe
  C:\Windows\System\SQsLfYd.exe
  2⤵
  PID:8984
- C:\Windows\System\mGgIWCq.exe
  C:\Windows\System\mGgIWCq.exe
  2⤵
  PID:9008
- C:\Windows\System\hUPVQRX.exe
  C:\Windows\System\hUPVQRX.exe
  2⤵
  PID:9024
- C:\Windows\System\usebKBz.exe
  C:\Windows\System\usebKBz.exe
  2⤵
  PID:9048
- C:\Windows\System\OxuoqVc.exe
  C:\Windows\System\OxuoqVc.exe
  2⤵
  PID:9064
- C:\Windows\System\NfOaNyb.exe
  C:\Windows\System\NfOaNyb.exe
  2⤵
  PID:9084
- C:\Windows\System\eKamcxM.exe
  C:\Windows\System\eKamcxM.exe
  2⤵
  PID:9104
- C:\Windows\System\OHlshfZ.exe
  C:\Windows\System\OHlshfZ.exe
  2⤵
  PID:9128
- C:\Windows\System\HIwRVJS.exe
  C:\Windows\System\HIwRVJS.exe
  2⤵
  PID:9144
- C:\Windows\System\SwWSFam.exe
  C:\Windows\System\SwWSFam.exe
  2⤵
  PID:9164
- C:\Windows\System\ihPBzyc.exe
  C:\Windows\System\ihPBzyc.exe
  2⤵
  PID:9188
- C:\Windows\System\lXPwUxw.exe
  C:\Windows\System\lXPwUxw.exe
  2⤵
  PID:9212
- C:\Windows\System\AdgoiGX.exe
  C:\Windows\System\AdgoiGX.exe
  2⤵
  PID:7736
- C:\Windows\System\JaUfCyF.exe
  C:\Windows\System\JaUfCyF.exe
  2⤵
  PID:7460
- C:\Windows\System\cUfgLER.exe
  C:\Windows\System\cUfgLER.exe
  2⤵
  PID:8212
- C:\Windows\System\FOcqBSI.exe
  C:\Windows\System\FOcqBSI.exe
  2⤵
  PID:8280
- C:\Windows\System\ziTgqAX.exe
  C:\Windows\System\ziTgqAX.exe
  2⤵
  PID:8312
- C:\Windows\System\OcwTBdj.exe
  C:\Windows\System\OcwTBdj.exe
  2⤵
  PID:8336
- C:\Windows\System\DdBQFzF.exe
  C:\Windows\System\DdBQFzF.exe
  2⤵
  PID:8376
- C:\Windows\System\eOfUVUR.exe
  C:\Windows\System\eOfUVUR.exe
  2⤵
  PID:8428
- C:\Windows\System\AXmvNGW.exe
  C:\Windows\System\AXmvNGW.exe
  2⤵
  PID:8440
- C:\Windows\System\FQDNfgu.exe
  C:\Windows\System\FQDNfgu.exe
  2⤵
  PID:8472
- C:\Windows\System\UMLPErP.exe
  C:\Windows\System\UMLPErP.exe
  2⤵
  PID:8512
- C:\Windows\System\yUAzyNT.exe
  C:\Windows\System\yUAzyNT.exe
  2⤵
  PID:8556
- C:\Windows\System\YFJKonJ.exe
  C:\Windows\System\YFJKonJ.exe
  2⤵
  PID:8576
- C:\Windows\System\tZyqTDJ.exe
  C:\Windows\System\tZyqTDJ.exe
  2⤵
  PID:8632
- C:\Windows\System\xaLYNGz.exe
  C:\Windows\System\xaLYNGz.exe
  2⤵
  PID:8668
- C:\Windows\System\rIYtCqM.exe
  C:\Windows\System\rIYtCqM.exe
  2⤵
  PID:8680
- C:\Windows\System\abCbPne.exe
  C:\Windows\System\abCbPne.exe
  2⤵
  PID:8720
- C:\Windows\System\lUoGKhF.exe
  C:\Windows\System\lUoGKhF.exe
  2⤵
  PID:8752
- C:\Windows\System\ViMyHtP.exe
  C:\Windows\System\ViMyHtP.exe
  2⤵
  PID:8760
- C:\Windows\System\lfBEXpJ.exe
  C:\Windows\System\lfBEXpJ.exe
  2⤵
  PID:8824
- C:\Windows\System\cxPBvGT.exe
  C:\Windows\System\cxPBvGT.exe
  2⤵
  PID:8844
- C:\Windows\System\qyHMPAF.exe
  C:\Windows\System\qyHMPAF.exe
  2⤵
  PID:8876
- C:\Windows\System\sbRogoG.exe
  C:\Windows\System\sbRogoG.exe
  2⤵
  PID:8904
- C:\Windows\System\WGzjWVr.exe
  C:\Windows\System\WGzjWVr.exe
  2⤵
  PID:8920
- C:\Windows\System\ugUvvBR.exe
  C:\Windows\System\ugUvvBR.exe
  2⤵
  PID:8956
- C:\Windows\System\FnwNIWE.exe
  C:\Windows\System\FnwNIWE.exe
  2⤵
  PID:9000
- C:\Windows\System\VasOSlp.exe
  C:\Windows\System\VasOSlp.exe
  2⤵
  PID:9044
- C:\Windows\System\lVXWyWa.exe
  C:\Windows\System\lVXWyWa.exe
  2⤵
  PID:9076
- C:\Windows\System\cdunozL.exe
  C:\Windows\System\cdunozL.exe
  2⤵
  PID:9100
- C:\Windows\System\KemBIIT.exe
  C:\Windows\System\KemBIIT.exe
  2⤵
  PID:9136
- C:\Windows\System\ntESeTS.exe
  C:\Windows\System\ntESeTS.exe
  2⤵
  PID:9204
- C:\Windows\System\cBFZBEG.exe
  C:\Windows\System\cBFZBEG.exe
  2⤵
  PID:8232
- C:\Windows\System\ZyXzFYH.exe
  C:\Windows\System\ZyXzFYH.exe
  2⤵
  PID:8540
- C:\Windows\System\WtvyiBH.exe
  C:\Windows\System\WtvyiBH.exe
  2⤵
  PID:8248
- C:\Windows\System\pJhCGor.exe
  C:\Windows\System\pJhCGor.exe
  2⤵
  PID:8348
- C:\Windows\System\FbMiwDt.exe
  C:\Windows\System\FbMiwDt.exe
  2⤵
  PID:8332
- C:\Windows\System\xOpuBeU.exe
  C:\Windows\System\xOpuBeU.exe
  2⤵
  PID:8396
- C:\Windows\System\uuOGDCw.exe
  C:\Windows\System\uuOGDCw.exe
  2⤵
  PID:8524
- C:\Windows\System\uFIWMnP.exe
  C:\Windows\System\uFIWMnP.exe
  2⤵
  PID:8432
- C:\Windows\System\oPxzIXS.exe
  C:\Windows\System\oPxzIXS.exe
  2⤵
  PID:8572
- C:\Windows\System\XErujpK.exe
  C:\Windows\System\XErujpK.exe
  2⤵
  PID:8652
- C:\Windows\System\ANRiXhC.exe
  C:\Windows\System\ANRiXhC.exe
  2⤵
  PID:8716
- C:\Windows\System\CKlUeal.exe
  C:\Windows\System\CKlUeal.exe
  2⤵
  PID:8808
- C:\Windows\System\jTBQQVk.exe
  C:\Windows\System\jTBQQVk.exe
  2⤵
  PID:8856
- C:\Windows\System\Gcuayjt.exe
  C:\Windows\System\Gcuayjt.exe
  2⤵
  PID:8860
- C:\Windows\System\fewRzas.exe
  C:\Windows\System\fewRzas.exe
  2⤵
  PID:8976
- C:\Windows\System\CFdorae.exe
  C:\Windows\System\CFdorae.exe
  2⤵
  PID:8896
- C:\Windows\System\epatiRN.exe
  C:\Windows\System\epatiRN.exe
  2⤵
  PID:9032
- C:\Windows\System\XmiaNEX.exe
  C:\Windows\System\XmiaNEX.exe
  2⤵
  PID:9060
- C:\Windows\System\mHTvNgw.exe
  C:\Windows\System\mHTvNgw.exe
  2⤵
  PID:9160
- C:\Windows\System\rsRIALI.exe
  C:\Windows\System\rsRIALI.exe
  2⤵
  PID:9176
- C:\Windows\System\vyVlYvm.exe
  C:\Windows\System\vyVlYvm.exe
  2⤵
  PID:8040
- C:\Windows\System\wxQiSKo.exe
  C:\Windows\System\wxQiSKo.exe
  2⤵
  PID:8412
- C:\Windows\System\sxNLWnH.exe
  C:\Windows\System\sxNLWnH.exe
  2⤵
  PID:8532
- C:\Windows\System\XjNIpZp.exe
  C:\Windows\System\XjNIpZp.exe
  2⤵
  PID:8164
- C:\Windows\System\XrONaev.exe
  C:\Windows\System\XrONaev.exe
  2⤵
  PID:8436
- C:\Windows\System\XwhTiQR.exe
  C:\Windows\System\XwhTiQR.exe
  2⤵
  PID:8836
- C:\Windows\System\hrZOMvj.exe
  C:\Windows\System\hrZOMvj.exe
  2⤵
  PID:8736
- C:\Windows\System\ncWfwdj.exe
  C:\Windows\System\ncWfwdj.exe
  2⤵
  PID:8872
- C:\Windows\System\ShBeZUH.exe
  C:\Windows\System\ShBeZUH.exe
  2⤵
  PID:8992
- C:\Windows\System\PyjYZas.exe
  C:\Windows\System\PyjYZas.exe
  2⤵
  PID:9092
- C:\Windows\System\CuRflne.exe
  C:\Windows\System\CuRflne.exe
  2⤵
  PID:9124
- C:\Windows\System\DtOGmpR.exe
  C:\Windows\System\DtOGmpR.exe
  2⤵
  PID:8208
- C:\Windows\System\genlgob.exe
  C:\Windows\System\genlgob.exe
  2⤵
  PID:8612
- C:\Windows\System\ohZbvaG.exe
  C:\Windows\System\ohZbvaG.exe
  2⤵
  PID:8480
- C:\Windows\System\lKmUCNf.exe
  C:\Windows\System\lKmUCNf.exe
  2⤵
  PID:8560
- C:\Windows\System\NLXsNLx.exe
  C:\Windows\System\NLXsNLx.exe
  2⤵
  PID:8924
- C:\Windows\System\bSVRLxv.exe
  C:\Windows\System\bSVRLxv.exe
  2⤵
  PID:9020
- C:\Windows\System\oPrIYUr.exe
  C:\Windows\System\oPrIYUr.exe
  2⤵
  PID:9040
- C:\Windows\System\pNkROyf.exe
  C:\Windows\System\pNkROyf.exe
  2⤵
  PID:8392
- C:\Windows\System\EfYXTxu.exe
  C:\Windows\System\EfYXTxu.exe
  2⤵
  PID:8616
- C:\Windows\System\gInGrSQ.exe
  C:\Windows\System\gInGrSQ.exe
  2⤵
  PID:8656
- C:\Windows\System\cAdkYhD.exe
  C:\Windows\System\cAdkYhD.exe
  2⤵
  PID:9112
- C:\Windows\System\QzCoeWy.exe
  C:\Windows\System\QzCoeWy.exe
  2⤵
  PID:8296
- C:\Windows\System\FCGMbaD.exe
  C:\Windows\System\FCGMbaD.exe
  2⤵
  PID:9016
- C:\Windows\System\wNEguMq.exe
  C:\Windows\System\wNEguMq.exe
  2⤵
  PID:8980
- C:\Windows\System\AphbUfx.exe
  C:\Windows\System\AphbUfx.exe
  2⤵
  PID:9196
- C:\Windows\System\MMzoHTq.exe
  C:\Windows\System\MMzoHTq.exe
  2⤵
  PID:9232
- C:\Windows\System\NdjDEWo.exe
  C:\Windows\System\NdjDEWo.exe
  2⤵
  PID:9248
- C:\Windows\System\YvoKqPQ.exe
  C:\Windows\System\YvoKqPQ.exe
  2⤵
  PID:9272
- C:\Windows\System\lJTFIbO.exe
  C:\Windows\System\lJTFIbO.exe
  2⤵
  PID:9288
- C:\Windows\System\LaJJhDb.exe
  C:\Windows\System\LaJJhDb.exe
  2⤵
  PID:9312
- C:\Windows\System\sEfxrhr.exe
  C:\Windows\System\sEfxrhr.exe
  2⤵
  PID:9328
- C:\Windows\System\nGHbJLi.exe
  C:\Windows\System\nGHbJLi.exe
  2⤵
  PID:9352
- C:\Windows\System\yYtnnzJ.exe
  C:\Windows\System\yYtnnzJ.exe
  2⤵
  PID:9368
- C:\Windows\System\nbvOQvh.exe
  C:\Windows\System\nbvOQvh.exe
  2⤵
  PID:9392
- C:\Windows\System\wHPtJxH.exe
  C:\Windows\System\wHPtJxH.exe
  2⤵
  PID:9408
- C:\Windows\System\kGgGgzI.exe
  C:\Windows\System\kGgGgzI.exe
  2⤵
  PID:9424
- C:\Windows\System\tBoQqSI.exe
  C:\Windows\System\tBoQqSI.exe
  2⤵
  PID:9444
- C:\Windows\System\hqikMLn.exe
  C:\Windows\System\hqikMLn.exe
  2⤵
  PID:9472
- C:\Windows\System\eaBZaNP.exe
  C:\Windows\System\eaBZaNP.exe
  2⤵
  PID:9488
- C:\Windows\System\dDhbofw.exe
  C:\Windows\System\dDhbofw.exe
  2⤵
  PID:9504
- C:\Windows\System\qvcalRG.exe
  C:\Windows\System\qvcalRG.exe
  2⤵
  PID:9528
- C:\Windows\System\qUCrHKr.exe
  C:\Windows\System\qUCrHKr.exe
  2⤵
  PID:9544
- C:\Windows\System\MpaKDua.exe
  C:\Windows\System\MpaKDua.exe
  2⤵
  PID:9572
- C:\Windows\System\KWzwaBE.exe
  C:\Windows\System\KWzwaBE.exe
  2⤵
  PID:9592
- C:\Windows\System\ygaFwfi.exe
  C:\Windows\System\ygaFwfi.exe
  2⤵
  PID:9608
- C:\Windows\System\IeZYGGL.exe
  C:\Windows\System\IeZYGGL.exe
  2⤵
  PID:9632
- C:\Windows\System\UZtSawI.exe
  C:\Windows\System\UZtSawI.exe
  2⤵
  PID:9648
- C:\Windows\System\NnSHNZe.exe
  C:\Windows\System\NnSHNZe.exe
  2⤵
  PID:9672
- C:\Windows\System\eIjYUGH.exe
  C:\Windows\System\eIjYUGH.exe
  2⤵
  PID:9688
- C:\Windows\System\IlrGZSi.exe
  C:\Windows\System\IlrGZSi.exe
  2⤵
  PID:9708
- C:\Windows\System\CEImFPt.exe
  C:\Windows\System\CEImFPt.exe
  2⤵
  PID:9724
- C:\Windows\System\PmxNpvP.exe
  C:\Windows\System\PmxNpvP.exe
  2⤵
  PID:9748
- C:\Windows\System\gOqtFRd.exe
  C:\Windows\System\gOqtFRd.exe
  2⤵
  PID:9768
- C:\Windows\System\fyPcfre.exe
  C:\Windows\System\fyPcfre.exe
  2⤵
  PID:9788
- C:\Windows\System\GuiLZwA.exe
  C:\Windows\System\GuiLZwA.exe
  2⤵
  PID:9808
- C:\Windows\System\ajQoVwK.exe
  C:\Windows\System\ajQoVwK.exe
  2⤵
  PID:9832
- C:\Windows\System\TzBHkUm.exe
  C:\Windows\System\TzBHkUm.exe
  2⤵
  PID:9852
- C:\Windows\System\DuBDGDF.exe
  C:\Windows\System\DuBDGDF.exe
  2⤵
  PID:9872
- C:\Windows\System\WTIkXnP.exe
  C:\Windows\System\WTIkXnP.exe
  2⤵
  PID:9892
- C:\Windows\System\bOjUWxw.exe
  C:\Windows\System\bOjUWxw.exe
  2⤵
  PID:9912
- C:\Windows\System\znVDApT.exe
  C:\Windows\System\znVDApT.exe
  2⤵
  PID:9932
- C:\Windows\System\iOBLIZU.exe
  C:\Windows\System\iOBLIZU.exe
  2⤵
  PID:9956
- C:\Windows\System\HWPwqpg.exe
  C:\Windows\System\HWPwqpg.exe
  2⤵
  PID:9972
- C:\Windows\System\DaIihHp.exe
  C:\Windows\System\DaIihHp.exe
  2⤵
  PID:9988
- C:\Windows\System\NhwzKOJ.exe
  C:\Windows\System\NhwzKOJ.exe
  2⤵
  PID:10008
- C:\Windows\System\MkroPxe.exe
  C:\Windows\System\MkroPxe.exe
  2⤵
  PID:10036
- C:\Windows\System\hLgKlVj.exe
  C:\Windows\System\hLgKlVj.exe
  2⤵
  PID:10056
- C:\Windows\System\yevNnlE.exe
  C:\Windows\System\yevNnlE.exe
  2⤵
  PID:10076
- C:\Windows\System\ZOdldjm.exe
  C:\Windows\System\ZOdldjm.exe
  2⤵
  PID:10092
- C:\Windows\System\WxZuRMG.exe
  C:\Windows\System\WxZuRMG.exe
  2⤵
  PID:10108
- C:\Windows\System\MipIAcx.exe
  C:\Windows\System\MipIAcx.exe
  2⤵
  PID:10132
- C:\Windows\System\ieGuFGl.exe
  C:\Windows\System\ieGuFGl.exe
  2⤵
  PID:10156
- C:\Windows\System\GVlZlOs.exe
  C:\Windows\System\GVlZlOs.exe
  2⤵
  PID:10172
- C:\Windows\System\cEFZJWX.exe
  C:\Windows\System\cEFZJWX.exe
  2⤵
  PID:10188
- C:\Windows\System\dknScQd.exe
  C:\Windows\System\dknScQd.exe
  2⤵
  PID:10204
- C:\Windows\System\qSCKWsg.exe
  C:\Windows\System\qSCKWsg.exe
  2⤵
  PID:10220
- C:\Windows\System\pGeBjpJ.exe
  C:\Windows\System\pGeBjpJ.exe
  2⤵
  PID:8580
- C:\Windows\System\KxdLlsw.exe
  C:\Windows\System\KxdLlsw.exe
  2⤵
  PID:9244
- C:\Windows\System\RuCdvMz.exe
  C:\Windows\System\RuCdvMz.exe
  2⤵
  PID:9268
- C:\Windows\System\FjbTPpy.exe
  C:\Windows\System\FjbTPpy.exe
  2⤵
  PID:9280
- C:\Windows\System\PfDNbHE.exe
  C:\Windows\System\PfDNbHE.exe
  2⤵
  PID:9324
- C:\Windows\System\qazMQFM.exe
  C:\Windows\System\qazMQFM.exe
  2⤵
  PID:9384
- C:\Windows\System\DEIEbOa.exe
  C:\Windows\System\DEIEbOa.exe
  2⤵
  PID:9400
- C:\Windows\System\JTOMGyG.exe
  C:\Windows\System\JTOMGyG.exe
  2⤵
  PID:9436
- C:\Windows\System\AnwkCzM.exe
  C:\Windows\System\AnwkCzM.exe
  2⤵
  PID:9460
- C:\Windows\System\QznSuwe.exe
  C:\Windows\System\QznSuwe.exe
  2⤵
  PID:9520
- C:\Windows\System\UAFiqbx.exe
  C:\Windows\System\UAFiqbx.exe
  2⤵
  PID:9568
- C:\Windows\System\Xodwtat.exe
  C:\Windows\System\Xodwtat.exe
  2⤵
  PID:9580
- C:\Windows\System\nckJQyG.exe
  C:\Windows\System\nckJQyG.exe
  2⤵
  PID:9616
- C:\Windows\System\pbTbTip.exe
  C:\Windows\System\pbTbTip.exe
  2⤵
  PID:9628
- C:\Windows\System\ePxqdDq.exe
  C:\Windows\System\ePxqdDq.exe
  2⤵
  PID:9696
- C:\Windows\System\NvIUaei.exe
  C:\Windows\System\NvIUaei.exe
  2⤵
  PID:9716
- C:\Windows\System\NkhNIMl.exe
  C:\Windows\System\NkhNIMl.exe
  2⤵
  PID:9744
- C:\Windows\System\OGHyzOA.exe
  C:\Windows\System\OGHyzOA.exe
  2⤵
  PID:9784
- C:\Windows\System\GGdibEo.exe
  C:\Windows\System\GGdibEo.exe
  2⤵
  PID:9800
- C:\Windows\System\JfPBSRP.exe
  C:\Windows\System\JfPBSRP.exe
  2⤵
  PID:9844
- C:\Windows\System\eWmaHeF.exe
  C:\Windows\System\eWmaHeF.exe
  2⤵
  PID:9880
- C:\Windows\System\jsydxVG.exe
  C:\Windows\System\jsydxVG.exe
  2⤵
  PID:9908
- C:\Windows\System\wJXwsPq.exe
  C:\Windows\System\wJXwsPq.exe
  2⤵
  PID:9944
- C:\Windows\System\MxECzzP.exe
  C:\Windows\System\MxECzzP.exe
  2⤵
  PID:9980
- C:\Windows\System\eUZAxuv.exe
  C:\Windows\System\eUZAxuv.exe
  2⤵
  PID:10020
- C:\Windows\System\zHdDyMi.exe
  C:\Windows\System\zHdDyMi.exe
  2⤵
  PID:10044
- C:\Windows\System\mWORSLv.exe
  C:\Windows\System\mWORSLv.exe
  2⤵
  PID:10072
- C:\Windows\System\dOtsFxd.exe
  C:\Windows\System\dOtsFxd.exe
  2⤵
  PID:10116
- C:\Windows\System\OmXfABH.exe
  C:\Windows\System\OmXfABH.exe
  2⤵
  PID:10128
- C:\Windows\System\GGJZJSZ.exe
  C:\Windows\System\GGJZJSZ.exe
  2⤵
  PID:10168
- C:\Windows\System\aTGyZxa.exe
  C:\Windows\System\aTGyZxa.exe
  2⤵
  PID:10212
- C:\Windows\System\DMQYooc.exe
  C:\Windows\System\DMQYooc.exe
  2⤵
  PID:8916
- C:\Windows\System\TNynRLI.exe
  C:\Windows\System\TNynRLI.exe
  2⤵
  PID:9240
- C:\Windows\System\juNuhHr.exe
  C:\Windows\System\juNuhHr.exe
  2⤵
  PID:9264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BSTARaJ.exe

Filesize
6.0MB

MD5
95f46019b36f2195eeaea4a566742d35

SHA1
7b280bd6c2f3b259b116d84ed46425f5ed41ae95

SHA256
cffb1584e4641c66be3a5b86015b85ee49df3e658e7fd303d1f4d9d920cea809

SHA512
6e82f3c6eda39b8f7c88581b981daaf1c5bfe60ec79ef600e440aee26e23e91f14e20bc189bf1a32d7963ee10e1eaf240886aec62a435b6e039f7403ca10f1a2

Download Submit
C:\Windows\system\CWUrdVf.exe

Filesize
6.0MB

MD5
c2b14486c4501aa290992f177ebbc1b5

SHA1
6fdb3c7962da95bde8468a5a91730055448fad57

SHA256
6d5efe22029ea84c123730286a0e3832dc9ea4f4cd61118258b8a68077959d9d

SHA512
bc6f7c2fa67c188fabd569030fef214cde8f8dc219c94d490d38de08ee6d5e14f164a816ecc83ee8560a80677eb11aad6673ae638deb573a0fd11b25f662dabb

Download Submit
C:\Windows\system\CxmdGfH.exe

Filesize
6.0MB

MD5
1a0ec937839eebd9db7e9ce7933239d9

SHA1
bd07a75f42bab1d2cc3d40b8d637b1f7e199a5e7

SHA256
bd069d9bd3d9e9232cc6eb619464bd0d6216d17409244559e0ca40bfeabe241b

SHA512
5b813943b2bd30fe4e4d6430bc9febf9f7c1fda1ad9824268f9b5daf04e9f5175098db4987c2357e9fdafae7110f792f339a87eea350cd0aff1884573cbbfce8

Download Submit
C:\Windows\system\EDtpcqP.exe

Filesize
6.0MB

MD5
317f3f8cb43c6062dde5ced91d87d702

SHA1
27156fb1940f767a45e4d68f63e25bc39860f346

SHA256
0e000fbb5da8093c67e3af3c9298d789244a6836a50ca6445bf406aaa393ad40

SHA512
76a11ecb98168d68ca134d5f1c1263b25084d84aeec00a5f770cfd9ed9f59e4c7f21e10b0a2d61fdca6eaf95237ef112ba20543dd7b2d7611031a01b6ba81e8e

Download Submit
C:\Windows\system\GXnJikd.exe

Filesize
6.0MB

MD5
2e0b510cdae2d6fedfeff3aa3c431a4e

SHA1
1341cf12917bdd59f3972b76788ea06b2ef985b0

SHA256
85e8f68f1cdcfb4c9ae8981f545c0c347bead4dbb4f941f262701d023c457ef3

SHA512
9e53095864c4e8c12c152a37f15ecb1da869d2d8729ef502be9fca5b5a8af891ac8a7c78bfce49c30cfcec786805f611a73c9d0db7720483fb8390b16fea2f02

Download Submit
C:\Windows\system\GkRVtqu.exe

Filesize
6.0MB

MD5
47c520be385f2fdeb401c3e341d581b4

SHA1
ed6be5282370bfad6c7b409ac82d2ec7c2f6ca55

SHA256
c5268c84bb5c8a1789e7972306c2411fe0fbde6703939cefab1d53e9253e8b39

SHA512
c911017de2102e98ec484f3b3b91118110df05d985487accc89acc62eead6fecf0840d30c15688e8eafeae19e76b4a333c5f97e0f91d6d6973f6a93c9b44564c

Download Submit
C:\Windows\system\JkxvPoa.exe

Filesize
6.0MB

MD5
32058c943188c88ad03ea6d34b3bce4c

SHA1
c79e4bde0cebcc60d746f6840b921acaa69b65c8

SHA256
49f725789023d94a0e244361431c4b7f223582a6649ad8382180e5a7242af8da

SHA512
fb4b78f0c6163a5ac29fb4866d0ff1a9f9fd983c2e98b285b6c5e047748676843849d19e49666b7e3255abb80fa1e4a392dc9d77ae4ac8d5b03249b6a99ce731

Download Submit
C:\Windows\system\KAwbliN.exe

Filesize
6.0MB

MD5
f80902ba29d53b81772924256256332d

SHA1
650d5ca4bb4b8f1018716b98c0449d5fa53285b6

SHA256
6167b78d5942508a6bed5a36e9afb3eb1eab8fa9034e3d66d0b73b170ed4555e

SHA512
785ad3448b907fe1cf9cd2913d872b05736e21ad671817bac34a33d765547496bd1d20131dd0733e1ec7b253ae3ef1e0f8e1d515eaafb596aee2c2defb2c339e

Download Submit
C:\Windows\system\QUlwqKB.exe

Filesize
6.0MB

MD5
b767b7569d17b50bd4366da859936131

SHA1
a998668d70e9768eb36741295447ac449e9e9334

SHA256
8aaacedc807af1a788fe2d02a94e4cec77d2e9b17c2cb866a0273457b129aa84

SHA512
2786b98d7abbf50b0503387dfb6f6d7a4e64092d48649f29627e9134b80eccea3409b44ae503c91448ea135c9f35d205352e2b0a43ff3aedc60f2d3c51624236

Download Submit
C:\Windows\system\TywSlTG.exe

Filesize
6.0MB

MD5
101dc7b24e1604740d7a02a45ecc47ac

SHA1
0adbf8f70c86f1a77c642ad02667a3f20b2155ad

SHA256
05574040b8416c44869664de12a43cef1c040d969a8577a7f837c88259aaa528

SHA512
5516fee722f9ff36511e054a3c98b6df1c5355d48946e9bb8b54b3fbb007f571c1a6789c96b5d30a40850cbcb7acca538135114e1a143ca1f47ed434842a4c8e

Download Submit
C:\Windows\system\YgNAFZf.exe

Filesize
6.0MB

MD5
326b9cda760fd1f23afa0697f9aa32dc

SHA1
e99f35c0dee300d5dec077da452d9dc650f67c05

SHA256
f51cf5903dc2c66df5e573e41cfcf1fd5f352850b60433e9fdfabc4f05118829

SHA512
c0351816e07185d7a4076d34333b7b4e9164717dcde7d0f92924a8f510307c6d97a7faa052076cc98546b73f151eae9acc00f03f20990b13d22d1d9513d8a919

Download Submit
C:\Windows\system\ZRmYTVL.exe

Filesize
6.0MB

MD5
55a3ea1ba66821800fc6cc7432f3ba9b

SHA1
28ed37aa5312fc8dee59e3b6a687e3ab86354768

SHA256
4ab281bb5b275e13d985d411c8ffebffbf736ba83a490f1ee7b3c30a0bfc8cef

SHA512
8927999971ba194ca2fbf7dab97cd9456410b45ff91149e938b6855bf18c60ee9e5b2da499f4766b42ef334e3bf9cff82687d28470c9bfff0403191b7fc6844f

Download Submit
C:\Windows\system\dGdFAHj.exe

Filesize
6.0MB

MD5
dc908c849c9ca77660ddb646154ce4b2

SHA1
0cff35cad2e4ecccd0c6d7c8df0bf6549b3f470f

SHA256
77d64c714dbb63c033b8bea6a65aefc423fa0530b0d9ba08f4d17a5ea6be5ada

SHA512
4dd622fe748f8e31e288395a61b73f500cd92c3a2bd39d3e21c36296f0fd500cf458f88b877b9c55498d0c388ec415c668f30e2e0c563a5716051cd0920d3908

Download Submit
C:\Windows\system\gtvatcV.exe

Filesize
6.0MB

MD5
b26c1340b583e8cbcae41faf42fb7186

SHA1
0379af8b1c59624c5dbdcb0cb0f26c0ee653ccec

SHA256
36f44cf3f63bee3da082c39071a0792eb20f98a401f4c20197437f7cb3ddf292

SHA512
a590e91bc4555d8682d706f0094c29b45335e84b984fd2b5657a03aa241d5b510d748ced0c6f6264d697c1faf4ac46e48b2da78f313ccbe6c6319e06d8f97968

Download Submit
C:\Windows\system\kZNNYYa.exe

Filesize
6.0MB

MD5
888d747b62c4175fc01d9ab7fdc9b6c4

SHA1
d010d428d9a05bd4e4bca370c0cf951c2a46bda3

SHA256
249abd5d4539a8ac6870f5c85d9ab4ecfe56b13a51b0e636fe35ea25cef38faf

SHA512
d2a038b756c75338061885bfa0d0cf1aa0fc3edb2c5e21099d023436a10dd33b053bbc0912eabfed4403ae4c68718d3c10c8de3be3ac5a22349dceef317a0101

Download Submit
C:\Windows\system\nuvgurF.exe

Filesize
6.0MB

MD5
1321f3ae815612da80848aeef5e8ea5e

SHA1
946afe3d65615295ab06dc8f60b35d2fafd646da

SHA256
131ecb0c78ba04af5d988fe4ef5371066087feb53dfcd2a7ca7c018adbca5b59

SHA512
347733b7823a22c2ac2e5122bdab00bcb1b1c8155e7c658aa418d2f5c0865f7838d112fe56541299c95b0f54093a52f9981c7459d842d690d50b04750091d7a8

Download Submit
C:\Windows\system\nvtKnVk.exe

Filesize
6.0MB

MD5
6737f465ad6345fbc456c64ca520c3fe

SHA1
ef132e1b0f46b25424e91bb09c3896c845711297

SHA256
0569c203764679ae0cce9f9910f71a13d9d51ebe51bc85a27349a9c6035b05af

SHA512
938498ada36403a2cbabacbccef04a44defc0a76d580fdacf8dbb075f4406540735750455e88905d4b1f5e150de1ae2bd9ba1395069ae8fedca301976dec44aa

Download Submit
C:\Windows\system\sxfnoUK.exe

Filesize
6.0MB

MD5
d7d52d9eb780249c27a1f83cf99b0d5e

SHA1
17c5a6ea2e70289ef188787b01f01806112343df

SHA256
6dca3b8c3a72e623c70d0ecc4e5619d6b50eba1652528a7ff32b597dfb619a96

SHA512
672336713d6c06f34aeee5468b78f273863fd924dca58c454ef82f414bcb2447595eb532a3040d64ac46f7cfbb212f603257820e0dd7910b2031a8ba473aefc0

Download Submit
C:\Windows\system\uOpdqWH.exe

Filesize
6.0MB

MD5
89b4b523bd0238b973d66fb5cb227da5

SHA1
36cd84d7f760dfff0bf7f436d0c59a432eb0a575

SHA256
2298cbfcc334b62baf2bfa3efd4a359e3e26732caabf1af76e6e373290747d0a

SHA512
df9953d320deb2260fa7c044c7f364e98ee660ad8a0c237739e0e3566b9788f64b6ab173c19acb0b8044ecb99c071708ad48b7f61e6b3250cf9d215f1884a6ff

Download Submit
C:\Windows\system\wcLvtVu.exe

Filesize
6.0MB

MD5
b6d19eaf50064d46411c8cdacf71c062

SHA1
9bf9948336f4faa66df52185f49f5e736ef10881

SHA256
ccbd470d20beef774f0fba445de88e390e070bbd59852f61536f6d6d7da3d00e

SHA512
f32ecfb55ea86e35c3309d467bc3b3b36eeb624de7145f5423248784fbc30019465a5c309393b23fd771c3562e179036656045b0e2ee7e00de74a4d557893a8f

Download Submit
C:\Windows\system\xHuGTJR.exe

Filesize
6.0MB

MD5
f4d7540ed8185e259059271f45c89b09

SHA1
6d3f8d83073f515b86ff2eb8ab76d6eb3c5490bb

SHA256
7ba7356f6f1b52a4a68310587d4c753e2252572496c97813835816ef2177ea6f

SHA512
dc498a7d3c673b64174fab21a7d701974dd3c3ccf33ce0e9b077e9ec2f4a33b09550b08a8909f2caf7f73de9132447bbbbae1862c557b15ffa67a24b6dc25b57

Download Submit
C:\Windows\system\xnpoSbg.exe

Filesize
6.0MB

MD5
68ab04386d3bfc39324ba4cd5c8e51c9

SHA1
ba9de013153f8d096865f352934797f0eb7d895c

SHA256
13a9def29b9110966bd00e0172b55cedce74d3e93d9a2e1e40c1bfe37de03f95

SHA512
e973a1b1ede8f29093160e6fd7644303f6ffc44527bb7596283240c75df9b3aead1f61c902c7cc80aabedb0e60f91ca3b5b65b229e7558140bce54b21ec3f8c5

Download Submit
\Windows\system\BFJPGjc.exe

Filesize
6.0MB

MD5
d9f5413522e2795fe39a24053eb09d2f

SHA1
4fa64ed21bb51d6f2b3341cc0a6100ccbf2854bd

SHA256
18e7f045d75456c7302f227f8570e236685d3e34cd410b4b95b6f71f3819adbf

SHA512
c3d54fc71f99aeb58c30b94c97a6788dfa27bb0409ed974b19dc24524ae8285aebf586a87664985158c66f355a4e755aac589ea0c4c0c0347a2483400102d3de

Download Submit
\Windows\system\CeOXsbO.exe

Filesize
6.0MB

MD5
ae7b552083a96ffe10d7b95460201a41

SHA1
068891fcd2d3582f9505312c583024ef46355658

SHA256
e009e5669c10976f06322a67fd0b45cd12ad9d4c3a0bf6e5245fb608121ce3a5

SHA512
d9ae2419e1ae4a41803535d4a7db2d2318c87b2d056e0671b958b9a29dd5dcddd1181f4cc26a2ffc380f68f6992d794e0b235369ee5207e75d26e336db84a9b5

Download Submit
\Windows\system\CjZZOfW.exe

Filesize
6.0MB

MD5
f27cd8580afbb49b08e1fc2d732df693

SHA1
2261e91980bf2e37e3fb17e4d81fc75dc8bf87e2

SHA256
77b2b5c601e5dca0bf14422e8bcccb5c2b72d85e5468c5f665df0a04c5e9d29b

SHA512
32a42fcda89d92b60109127b84e0e2c8d2b4b25fe5bef8880304a8e510b5d7b7b181cce4ea2530adadd3b633308184639965a6eacb971c6370308da897257d1c

Download Submit
\Windows\system\HSBbEAh.exe

Filesize
6.0MB

MD5
750a63176f988a46d534da6a40bfff4e

SHA1
61062f52a7ee351ac9aee9f7f5e6dc98491f9089

SHA256
2ed219f64c309bf0f0247ff59f362f387fb1b10910f5a0a929b4ae4ae119e708

SHA512
7481b0a8fedde706ee41a7c00eb466322427afa06968705dd8adcb12cd23b921558ea18b4a19ff7b9127f336de56504ea125416162aacd032c18fedb13a06480

Download Submit
\Windows\system\aRNrEuw.exe

Filesize
6.0MB

MD5
7904bde67af1a177513085caaa7cb109

SHA1
82c8184e428f461bd3440ee6569f34e9a61b3ea1

SHA256
b78bed9a4462f5854f70061e2ec8618834601d69c85f7e04b7ba3e1fd035da20

SHA512
2c6c6dceb046a62de68bc544158f3d0a5bda42f3308a14ffa0ca904ab60aed337dc9652a07be8a4a8cbf87b0b486a61ef486d7ba20715566dfb14a066fcc835d

Download Submit
\Windows\system\cWvdlyx.exe

Filesize
6.0MB

MD5
05d5fb980da2b1f2f7896b07c3c8bcfa

SHA1
826a197ff336b482c796c818b8f6f2a5a10958bd

SHA256
ffd36894c2cd8faca3cee2908decee59424764f16334d422802d0fc3699a2d49

SHA512
3f2f189e3d39318ba7f4a043ac25ed0c41c1cc10b82de7afdc8731b9be03e1442cd97099920e583bc105c0b95b3394b9e52b45df43cdf7833fc077ad09b80b84

Download Submit
\Windows\system\dNplBTl.exe

Filesize
6.0MB

MD5
2968e428a12e95df8dd56e6d1ffd79a0

SHA1
06295e70d22ffa3f0d99e7801217f560ffbe76b1

SHA256
0c431e6bd0f3bb849164cd4709ab320ed02fa1c7ab054b5622690d2faccb240a

SHA512
21ccf1cbae898971a90cd5cc7b6e75c485a95f8a36a053896bc61d8edb3d2bbbc820db119807ddafda8fb390f16f0dcf6279fc79a25a0cacbbf5cfa802c08131

Download Submit
\Windows\system\fJUJjLK.exe

Filesize
6.0MB

MD5
35c3d850927cbe464ca7fd3065abf448

SHA1
7a780e8626974333e85648260e61ebcff09f82e7

SHA256
dec25949db2dae6c74665b0574049b023919cb6726e68f4a51695a761af6faa3

SHA512
3890c632e894d7e6765f52f8f058c7dbccd3b86904b9f35c3941c8b6d216c3aaaa07f62b2761950f329c3b0b7c8506006a835049535bd476332be52ee86767ff

Download Submit
\Windows\system\hPYpzyz.exe

Filesize
6.0MB

MD5
80801529369e8836acde8c1d60398aa2

SHA1
0c1129a7016da02d091ea7e39ff8f12f82509e84

SHA256
a3ffbe1e5c31e47363f146bb6a9d52c3d9d29ab029162d1cbe3a23da876805c3

SHA512
bfe0ee2cded446cb1b0d063f3082ae2e78517c47f18bebe7a7f141cdbc9211366e816038b60eb18f293b1c76cdef7dff337a5efff6c092bc77a1919b057a2405

Download Submit
\Windows\system\oMREpnV.exe

Filesize
6.0MB

MD5
cb6c2a54521cc8214f48b36d49185a01

SHA1
b73067f0a6f06276d0e578092e5cfb7ff0fe57f3

SHA256
4a045facf4a71039875fed76ac32071713c5e78f43712d16ae9bca2f8d600d86

SHA512
59886ad38579a9bd813e2e1f4ba21f3c3aafa9b01f01862a01f1e156e1d9e1893b7118130493c666ffc089e053cb3d9dfb7f5e70e9d0ead257dfb21d6ba8f83b

Download Submit
memory/1032-1870-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1032-74-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1032-143-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1184-1834-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1184-82-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1184-47-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1844-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-96-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-60-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-36-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2304-110-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-39-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2304-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2304-156-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2304-69-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-19-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2304-31-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-101-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-41-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2304-20-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2304-73-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2304-85-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-78-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2304-6-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-221-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-102-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2304-0-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2304-320-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2304-26-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2304-49-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2316-237-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-89-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1890-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-197-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2688-83-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1892-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2696-105-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1855-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-66-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-45-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1555-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2844-22-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2860-32-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2099-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2860-14-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2884-53-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2884-1835-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2884-88-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2924-301-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1901-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-97-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-15-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2992-1524-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/3016-1818-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3016-77-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3016-44-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3032-1719-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/3032-29-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/3060-347-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/3060-1916-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/3060-106-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download