cobaltstrike | 2c4e0f86c74d7e9daefc9baa45b4a757da5ee7e80039697f6209ad37ec763c90

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

edba42fe30bbd0a096341997d84bf5a3
SHA1

0c94e849a381f7137183ce30de248709acc1fcbf
SHA256

2c4e0f86c74d7e9daefc9baa45b4a757da5ee7e80039697f6209ad37ec763c90
SHA512

22792cb3cd1f2fc15cbdf13bb5693afead210ee5424c6e1a0c5321256074090d2d9b00d4f2521e2d255da1ef14d20ce29d3121d35f44957dc72a7ad81180a146
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUN:T+q56utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012270-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174b4-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017570-11.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019261-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-61.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018683-31.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f1-23.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018697-44.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f7-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3068-0-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012270-6.dat	xmrig
behavioral1/memory/1708-8-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x00080000000174b4-12.dat	xmrig
behavioral1/memory/2328-14-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000017570-11.dat	xmrig
behavioral1/memory/1868-22-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2880-48-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019502-154.dat	xmrig
behavioral1/files/0x00050000000193f9-165.dat	xmrig
behavioral1/files/0x0005000000019518-191.dat	xmrig
behavioral1/memory/3068-898-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/576-1180-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2060-1033-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2596-624-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2620-623-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2844-410-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2880-278-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019508-188.dat	xmrig
behavioral1/files/0x000500000001952b-185.dat	xmrig
behavioral1/files/0x00050000000194c3-176.dat	xmrig
behavioral1/files/0x00050000000193d0-162.dat	xmrig
behavioral1/files/0x0005000000019358-151.dat	xmrig
behavioral1/files/0x00050000000192a1-148.dat	xmrig
behavioral1/files/0x00050000000194e1-145.dat	xmrig
behavioral1/files/0x0005000000019426-122.dat	xmrig
behavioral1/files/0x00050000000193dc-121.dat	xmrig
behavioral1/files/0x0005000000019428-119.dat	xmrig
behavioral1/files/0x000500000001939f-97.dat	xmrig
behavioral1/files/0x0005000000019354-86.dat	xmrig
behavioral1/memory/2596-79-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2328-67-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001927a-64.dat	xmrig
behavioral1/files/0x000500000001952e-192.dat	xmrig
behavioral1/files/0x0005000000019520-181.dat	xmrig
behavioral1/files/0x0005000000019510-168.dat	xmrig
behavioral1/files/0x00050000000194d5-139.dat	xmrig
behavioral1/files/0x00050000000194ad-126.dat	xmrig
behavioral1/memory/2712-58-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x0006000000019261-54.dat	xmrig
behavioral1/files/0x00050000000193cc-109.dat	xmrig
behavioral1/memory/576-103-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/3068-96-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/3068-95-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/1296-94-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x000500000001938e-93.dat	xmrig
behavioral1/memory/2060-91-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/3068-74-0x0000000002400000-0x0000000002754000-memory.dmp	xmrig
behavioral1/memory/2620-73-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0005000000019299-72.dat	xmrig
behavioral1/memory/3068-71-0x0000000002400000-0x0000000002754000-memory.dmp	xmrig
behavioral1/files/0x0005000000019274-61.dat	xmrig
behavioral1/memory/2844-50-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/1296-34-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0011000000018683-31.dat	xmrig
behavioral1/memory/3068-46-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x00070000000175f1-23.dat	xmrig
behavioral1/files/0x0008000000018697-44.dat	xmrig
behavioral1/memory/3068-43-0x0000000002400000-0x0000000002754000-memory.dmp	xmrig
behavioral1/memory/3028-41-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/3068-38-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x00070000000175f7-36.dat	xmrig
behavioral1/memory/576-3996-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2596-3995-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1708	IWyoCxe.exe
2328	RmDsane.exe
1868	fYvdApn.exe
1296	TGsWCQs.exe
3028	stneyGf.exe
2880	PqOgNkZ.exe
2844	paTlGQv.exe
2712	bLlvOgw.exe
2620	fFAOHyD.exe
2596	STJZwUx.exe
2060	PSDthry.exe
576	EnKFbjs.exe
1744	pWvHwKW.exe
332	XYEGlae.exe
2800	gsVQufy.exe
2500	cXELbdv.exe
1320	GKNtznv.exe
2764	tNcvjNo.exe
2716	IGZiYPK.exe
2480	PFQJlkm.exe
3000	CPbnfTQ.exe
620	APBXYTq.exe
2788	eJmWtsn.exe
532	ArenRuN.exe
2128	YEBtWxl.exe
2132	evbFmgD.exe
1728	jrBFYKt.exe
1356	kpuUQCB.exe
2960	MUTFjfK.exe
1852	EawuXYG.exe
2052	gPiCDfa.exe
1688	jZnSzIs.exe
2120	XoAOkYO.exe
1772	aEPDuZM.exe
656	eNsCfBw.exe
2184	YUrJJxc.exe
1540	EvVmTnr.exe
2268	DrIiJit.exe
2440	NPTwlcm.exe
2400	CogEWjj.exe
1244	rUFHtQj.exe
1512	uRJcLzj.exe
2216	czCOcwP.exe
2112	CzyQfsl.exe
968	qsYBMFF.exe
1788	ZnAbFpV.exe
296	clzjMzg.exe
2096	vRpjDFK.exe
2532	hnkOqZp.exe
1608	maXkzAK.exe
1604	PMfJzEn.exe
1300	mauNONI.exe
2228	vvMsTNq.exe
2724	dStehxv.exe
284	HsiyELu.exe
1140	DESlOsO.exe
2484	tKPvFAO.exe
400	vXjUxmX.exe
1724	YJKhYkP.exe
2856	APMCVTb.exe
2632	NadlivB.exe
300	lpsuVuz.exe
540	bJjaMXf.exe
1924	QAdxSTR.exe

Loads dropped DLL 64 IoCs

pid	Process
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3068-0-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x000b000000012270-6.dat	upx
behavioral1/memory/1708-8-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x00080000000174b4-12.dat	upx
behavioral1/memory/2328-14-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x0007000000017570-11.dat	upx
behavioral1/memory/1868-22-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2880-48-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0005000000019502-154.dat	upx
behavioral1/files/0x00050000000193f9-165.dat	upx
behavioral1/files/0x0005000000019518-191.dat	upx
behavioral1/memory/576-1180-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2060-1033-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2596-624-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2620-623-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2844-410-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2880-278-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0005000000019508-188.dat	upx
behavioral1/files/0x000500000001952b-185.dat	upx
behavioral1/files/0x00050000000194c3-176.dat	upx
behavioral1/files/0x00050000000193d0-162.dat	upx
behavioral1/files/0x0005000000019358-151.dat	upx
behavioral1/files/0x00050000000192a1-148.dat	upx
behavioral1/files/0x00050000000194e1-145.dat	upx
behavioral1/files/0x0005000000019426-122.dat	upx
behavioral1/files/0x00050000000193dc-121.dat	upx
behavioral1/files/0x0005000000019428-119.dat	upx
behavioral1/files/0x000500000001939f-97.dat	upx
behavioral1/files/0x0005000000019354-86.dat	upx
behavioral1/memory/2596-79-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2328-67-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x000500000001927a-64.dat	upx
behavioral1/files/0x000500000001952e-192.dat	upx
behavioral1/files/0x0005000000019520-181.dat	upx
behavioral1/files/0x0005000000019510-168.dat	upx
behavioral1/files/0x00050000000194d5-139.dat	upx
behavioral1/files/0x00050000000194ad-126.dat	upx
behavioral1/memory/2712-58-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x0006000000019261-54.dat	upx
behavioral1/files/0x00050000000193cc-109.dat	upx
behavioral1/memory/576-103-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/1296-94-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x000500000001938e-93.dat	upx
behavioral1/memory/2060-91-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2620-73-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x0005000000019299-72.dat	upx
behavioral1/files/0x0005000000019274-61.dat	upx
behavioral1/memory/2844-50-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/1296-34-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0011000000018683-31.dat	upx
behavioral1/memory/3068-46-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x00070000000175f1-23.dat	upx
behavioral1/files/0x0008000000018697-44.dat	upx
behavioral1/memory/3028-41-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x00070000000175f7-36.dat	upx
behavioral1/memory/576-3996-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2596-3995-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2328-3994-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2060-3993-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/1296-3992-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2620-3991-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2712-3990-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2844-3989-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/3028-3988-0x000000013F910000-0x000000013FC64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oOXSZCg.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsXhKEF.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfNsgYd.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dapjaSn.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkWLxCB.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfWJceW.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jDUcjdJ.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RiqJksO.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZcqiRN.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxfBcAp.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HeVzITX.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqvIUgs.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLJIJKm.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjDbgKq.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASvdqio.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\brGTkUe.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIhnrtf.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pakudhp.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkPIuAv.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYOSvYb.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrYnUrc.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFmpwPl.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LoJldUn.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkNLDoO.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPTwlcm.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RcIoaZZ.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOhFcWZ.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTaxDoz.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vaikOSG.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBDboZx.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTfZraQ.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YEBtWxl.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGRHGGU.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\boaNRUF.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLzIZCB.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlJIMwX.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBeduGU.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbCFkYw.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUeylaV.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqMYfsq.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThMDpEL.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqOgNkZ.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlHDZws.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQqXOjv.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJxMfzQ.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLDpCJv.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbZeuQo.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGiWRcu.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbysXYJ.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cnduhyr.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynRzEoJ.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\APMCVTb.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZWOfgt.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNspJIR.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwgMPQo.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Aetgpej.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGSyAhh.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKNtznv.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXjUxmX.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HlMoYjW.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwwMqHw.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxvrTUL.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYEGlae.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhqVmKP.exe	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 1708	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 1708	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 1708	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3068 wrote to memory of 2328	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2328	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 2328	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3068 wrote to memory of 1868	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 1868	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 1868	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3068 wrote to memory of 1296	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 1296	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 1296	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3068 wrote to memory of 3028	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 3028	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 3028	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3068 wrote to memory of 2844	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2844	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2844	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3068 wrote to memory of 2880	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2880	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2880	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3068 wrote to memory of 2712	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2712	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2712	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3068 wrote to memory of 2620	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2620	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2620	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3068 wrote to memory of 2764	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2764	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2764	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3068 wrote to memory of 2596	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2596	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2596	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3068 wrote to memory of 2716	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 2716	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 2716	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3068 wrote to memory of 2060	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2060	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2060	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3068 wrote to memory of 2480	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2480	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 2480	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3068 wrote to memory of 576	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 576	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 576	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3068 wrote to memory of 620	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 620	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 620	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3068 wrote to memory of 1744	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 1744	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 1744	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3068 wrote to memory of 2788	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 2788	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 2788	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3068 wrote to memory of 332	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 332	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 332	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3068 wrote to memory of 532	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 532	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 532	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3068 wrote to memory of 2800	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 2800	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 2800	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3068 wrote to memory of 2132	3068	2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_edba42fe30bbd0a096341997d84bf5a3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\System\IWyoCxe.exe
  C:\Windows\System\IWyoCxe.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\RmDsane.exe
  C:\Windows\System\RmDsane.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\fYvdApn.exe
  C:\Windows\System\fYvdApn.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\TGsWCQs.exe
  C:\Windows\System\TGsWCQs.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\stneyGf.exe
  C:\Windows\System\stneyGf.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\paTlGQv.exe
  C:\Windows\System\paTlGQv.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\PqOgNkZ.exe
  C:\Windows\System\PqOgNkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\bLlvOgw.exe
  C:\Windows\System\bLlvOgw.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\fFAOHyD.exe
  C:\Windows\System\fFAOHyD.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\tNcvjNo.exe
  C:\Windows\System\tNcvjNo.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\STJZwUx.exe
  C:\Windows\System\STJZwUx.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\IGZiYPK.exe
  C:\Windows\System\IGZiYPK.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\PSDthry.exe
  C:\Windows\System\PSDthry.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\PFQJlkm.exe
  C:\Windows\System\PFQJlkm.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\EnKFbjs.exe
  C:\Windows\System\EnKFbjs.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\APBXYTq.exe
  C:\Windows\System\APBXYTq.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\pWvHwKW.exe
  C:\Windows\System\pWvHwKW.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\eJmWtsn.exe
  C:\Windows\System\eJmWtsn.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\XYEGlae.exe
  C:\Windows\System\XYEGlae.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\ArenRuN.exe
  C:\Windows\System\ArenRuN.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\gsVQufy.exe
  C:\Windows\System\gsVQufy.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\evbFmgD.exe
  C:\Windows\System\evbFmgD.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\cXELbdv.exe
  C:\Windows\System\cXELbdv.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\jrBFYKt.exe
  C:\Windows\System\jrBFYKt.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\GKNtznv.exe
  C:\Windows\System\GKNtznv.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\MUTFjfK.exe
  C:\Windows\System\MUTFjfK.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\CPbnfTQ.exe
  C:\Windows\System\CPbnfTQ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\EawuXYG.exe
  C:\Windows\System\EawuXYG.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\YEBtWxl.exe
  C:\Windows\System\YEBtWxl.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\gPiCDfa.exe
  C:\Windows\System\gPiCDfa.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\kpuUQCB.exe
  C:\Windows\System\kpuUQCB.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\XoAOkYO.exe
  C:\Windows\System\XoAOkYO.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\jZnSzIs.exe
  C:\Windows\System\jZnSzIs.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\YUrJJxc.exe
  C:\Windows\System\YUrJJxc.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\aEPDuZM.exe
  C:\Windows\System\aEPDuZM.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\EvVmTnr.exe
  C:\Windows\System\EvVmTnr.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\eNsCfBw.exe
  C:\Windows\System\eNsCfBw.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\DrIiJit.exe
  C:\Windows\System\DrIiJit.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\NPTwlcm.exe
  C:\Windows\System\NPTwlcm.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\rUFHtQj.exe
  C:\Windows\System\rUFHtQj.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\CogEWjj.exe
  C:\Windows\System\CogEWjj.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\uRJcLzj.exe
  C:\Windows\System\uRJcLzj.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\czCOcwP.exe
  C:\Windows\System\czCOcwP.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\qsYBMFF.exe
  C:\Windows\System\qsYBMFF.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\CzyQfsl.exe
  C:\Windows\System\CzyQfsl.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\ZnAbFpV.exe
  C:\Windows\System\ZnAbFpV.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\clzjMzg.exe
  C:\Windows\System\clzjMzg.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\vRpjDFK.exe
  C:\Windows\System\vRpjDFK.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\hnkOqZp.exe
  C:\Windows\System\hnkOqZp.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\maXkzAK.exe
  C:\Windows\System\maXkzAK.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\PMfJzEn.exe
  C:\Windows\System\PMfJzEn.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\vvMsTNq.exe
  C:\Windows\System\vvMsTNq.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\mauNONI.exe
  C:\Windows\System\mauNONI.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\dStehxv.exe
  C:\Windows\System\dStehxv.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\HsiyELu.exe
  C:\Windows\System\HsiyELu.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\DESlOsO.exe
  C:\Windows\System\DESlOsO.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\tKPvFAO.exe
  C:\Windows\System\tKPvFAO.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\APMCVTb.exe
  C:\Windows\System\APMCVTb.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\vXjUxmX.exe
  C:\Windows\System\vXjUxmX.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\NadlivB.exe
  C:\Windows\System\NadlivB.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\YJKhYkP.exe
  C:\Windows\System\YJKhYkP.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\bJjaMXf.exe
  C:\Windows\System\bJjaMXf.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\lpsuVuz.exe
  C:\Windows\System\lpsuVuz.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\eSGsZJN.exe
  C:\Windows\System\eSGsZJN.exe
  2⤵
  PID:2624
- C:\Windows\System\QAdxSTR.exe
  C:\Windows\System\QAdxSTR.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\EZGUcsz.exe
  C:\Windows\System\EZGUcsz.exe
  2⤵
  PID:2876
- C:\Windows\System\ywLtchk.exe
  C:\Windows\System\ywLtchk.exe
  2⤵
  PID:1956
- C:\Windows\System\AxXOldp.exe
  C:\Windows\System\AxXOldp.exe
  2⤵
  PID:292
- C:\Windows\System\opTKzkV.exe
  C:\Windows\System\opTKzkV.exe
  2⤵
  PID:1180
- C:\Windows\System\UsrUlIf.exe
  C:\Windows\System\UsrUlIf.exe
  2⤵
  PID:2580
- C:\Windows\System\IrwZubx.exe
  C:\Windows\System\IrwZubx.exe
  2⤵
  PID:1632
- C:\Windows\System\jvenxiP.exe
  C:\Windows\System\jvenxiP.exe
  2⤵
  PID:344
- C:\Windows\System\MaaHwVi.exe
  C:\Windows\System\MaaHwVi.exe
  2⤵
  PID:1812
- C:\Windows\System\uNPXgWy.exe
  C:\Windows\System\uNPXgWy.exe
  2⤵
  PID:888
- C:\Windows\System\eCSbTpr.exe
  C:\Windows\System\eCSbTpr.exe
  2⤵
  PID:2524
- C:\Windows\System\KpLzAff.exe
  C:\Windows\System\KpLzAff.exe
  2⤵
  PID:1796
- C:\Windows\System\jgJtVxP.exe
  C:\Windows\System\jgJtVxP.exe
  2⤵
  PID:1272
- C:\Windows\System\mlKOcsZ.exe
  C:\Windows\System\mlKOcsZ.exe
  2⤵
  PID:2260
- C:\Windows\System\AZsIMtm.exe
  C:\Windows\System\AZsIMtm.exe
  2⤵
  PID:2248
- C:\Windows\System\ZwPWyIG.exe
  C:\Windows\System\ZwPWyIG.exe
  2⤵
  PID:1576
- C:\Windows\System\pdArvJB.exe
  C:\Windows\System\pdArvJB.exe
  2⤵
  PID:1964
- C:\Windows\System\chioTni.exe
  C:\Windows\System\chioTni.exe
  2⤵
  PID:2472
- C:\Windows\System\TDsTrJY.exe
  C:\Windows\System\TDsTrJY.exe
  2⤵
  PID:2732
- C:\Windows\System\yNVHgew.exe
  C:\Windows\System\yNVHgew.exe
  2⤵
  PID:2420
- C:\Windows\System\OgghHuR.exe
  C:\Windows\System\OgghHuR.exe
  2⤵
  PID:2728
- C:\Windows\System\NBRpvMI.exe
  C:\Windows\System\NBRpvMI.exe
  2⤵
  PID:2272
- C:\Windows\System\exNfcWF.exe
  C:\Windows\System\exNfcWF.exe
  2⤵
  PID:1908
- C:\Windows\System\cEunYyS.exe
  C:\Windows\System\cEunYyS.exe
  2⤵
  PID:2648
- C:\Windows\System\hIdlnNM.exe
  C:\Windows\System\hIdlnNM.exe
  2⤵
  PID:1976
- C:\Windows\System\QiYUqut.exe
  C:\Windows\System\QiYUqut.exe
  2⤵
  PID:2948
- C:\Windows\System\OkEkoym.exe
  C:\Windows\System\OkEkoym.exe
  2⤵
  PID:1620
- C:\Windows\System\jbcOWWA.exe
  C:\Windows\System\jbcOWWA.exe
  2⤵
  PID:2652
- C:\Windows\System\jDUcjdJ.exe
  C:\Windows\System\jDUcjdJ.exe
  2⤵
  PID:2292
- C:\Windows\System\kkPfWdr.exe
  C:\Windows\System\kkPfWdr.exe
  2⤵
  PID:3092
- C:\Windows\System\AQfgGCs.exe
  C:\Windows\System\AQfgGCs.exe
  2⤵
  PID:3108
- C:\Windows\System\CUeylaV.exe
  C:\Windows\System\CUeylaV.exe
  2⤵
  PID:3128
- C:\Windows\System\wnwBqGu.exe
  C:\Windows\System\wnwBqGu.exe
  2⤵
  PID:3148
- C:\Windows\System\WLtbWXB.exe
  C:\Windows\System\WLtbWXB.exe
  2⤵
  PID:3168
- C:\Windows\System\QgHGxeW.exe
  C:\Windows\System\QgHGxeW.exe
  2⤵
  PID:3184
- C:\Windows\System\qhCUoQf.exe
  C:\Windows\System\qhCUoQf.exe
  2⤵
  PID:3204
- C:\Windows\System\fYEXmvr.exe
  C:\Windows\System\fYEXmvr.exe
  2⤵
  PID:3220
- C:\Windows\System\DwebiGd.exe
  C:\Windows\System\DwebiGd.exe
  2⤵
  PID:3236
- C:\Windows\System\JiIBbxz.exe
  C:\Windows\System\JiIBbxz.exe
  2⤵
  PID:3256
- C:\Windows\System\JEZWArK.exe
  C:\Windows\System\JEZWArK.exe
  2⤵
  PID:3280
- C:\Windows\System\jmSNkFD.exe
  C:\Windows\System\jmSNkFD.exe
  2⤵
  PID:3304
- C:\Windows\System\nXOguPT.exe
  C:\Windows\System\nXOguPT.exe
  2⤵
  PID:3328
- C:\Windows\System\JoLdJsv.exe
  C:\Windows\System\JoLdJsv.exe
  2⤵
  PID:3344
- C:\Windows\System\MVpyATT.exe
  C:\Windows\System\MVpyATT.exe
  2⤵
  PID:3368
- C:\Windows\System\JGHPqvK.exe
  C:\Windows\System\JGHPqvK.exe
  2⤵
  PID:3392
- C:\Windows\System\sIlwlYS.exe
  C:\Windows\System\sIlwlYS.exe
  2⤵
  PID:3412
- C:\Windows\System\uKkXPey.exe
  C:\Windows\System\uKkXPey.exe
  2⤵
  PID:3432
- C:\Windows\System\RcIoaZZ.exe
  C:\Windows\System\RcIoaZZ.exe
  2⤵
  PID:3452
- C:\Windows\System\eAQvnsz.exe
  C:\Windows\System\eAQvnsz.exe
  2⤵
  PID:3472
- C:\Windows\System\ayOsVMW.exe
  C:\Windows\System\ayOsVMW.exe
  2⤵
  PID:3492
- C:\Windows\System\WkesZhR.exe
  C:\Windows\System\WkesZhR.exe
  2⤵
  PID:3512
- C:\Windows\System\PcBSJlE.exe
  C:\Windows\System\PcBSJlE.exe
  2⤵
  PID:3532
- C:\Windows\System\hgWHUUx.exe
  C:\Windows\System\hgWHUUx.exe
  2⤵
  PID:3548
- C:\Windows\System\VnogRmr.exe
  C:\Windows\System\VnogRmr.exe
  2⤵
  PID:3564
- C:\Windows\System\wobOmeQ.exe
  C:\Windows\System\wobOmeQ.exe
  2⤵
  PID:3580
- C:\Windows\System\vJiSyNb.exe
  C:\Windows\System\vJiSyNb.exe
  2⤵
  PID:3600
- C:\Windows\System\XpojSMo.exe
  C:\Windows\System\XpojSMo.exe
  2⤵
  PID:3620
- C:\Windows\System\QISOatr.exe
  C:\Windows\System\QISOatr.exe
  2⤵
  PID:3640
- C:\Windows\System\TyWirwH.exe
  C:\Windows\System\TyWirwH.exe
  2⤵
  PID:3664
- C:\Windows\System\UhNJhvk.exe
  C:\Windows\System\UhNJhvk.exe
  2⤵
  PID:3684
- C:\Windows\System\pAbCIhT.exe
  C:\Windows\System\pAbCIhT.exe
  2⤵
  PID:3712
- C:\Windows\System\PDzXfXV.exe
  C:\Windows\System\PDzXfXV.exe
  2⤵
  PID:3732
- C:\Windows\System\irKACdV.exe
  C:\Windows\System\irKACdV.exe
  2⤵
  PID:3752
- C:\Windows\System\exMFkWm.exe
  C:\Windows\System\exMFkWm.exe
  2⤵
  PID:3772
- C:\Windows\System\Apoebpu.exe
  C:\Windows\System\Apoebpu.exe
  2⤵
  PID:3792
- C:\Windows\System\hgUxMjQ.exe
  C:\Windows\System\hgUxMjQ.exe
  2⤵
  PID:3812
- C:\Windows\System\zcuTqLW.exe
  C:\Windows\System\zcuTqLW.exe
  2⤵
  PID:3836
- C:\Windows\System\kSqGdTw.exe
  C:\Windows\System\kSqGdTw.exe
  2⤵
  PID:3856
- C:\Windows\System\GWgvkRm.exe
  C:\Windows\System\GWgvkRm.exe
  2⤵
  PID:3872
- C:\Windows\System\VrCidUS.exe
  C:\Windows\System\VrCidUS.exe
  2⤵
  PID:3892
- C:\Windows\System\IbBeYWP.exe
  C:\Windows\System\IbBeYWP.exe
  2⤵
  PID:3920
- C:\Windows\System\HXVYwOt.exe
  C:\Windows\System\HXVYwOt.exe
  2⤵
  PID:3940
- C:\Windows\System\lmUMupM.exe
  C:\Windows\System\lmUMupM.exe
  2⤵
  PID:3956
- C:\Windows\System\jKdwVdg.exe
  C:\Windows\System\jKdwVdg.exe
  2⤵
  PID:3976
- C:\Windows\System\DZciaUh.exe
  C:\Windows\System\DZciaUh.exe
  2⤵
  PID:3996
- C:\Windows\System\HbAUcnt.exe
  C:\Windows\System\HbAUcnt.exe
  2⤵
  PID:4012
- C:\Windows\System\ErxnMmQ.exe
  C:\Windows\System\ErxnMmQ.exe
  2⤵
  PID:4032
- C:\Windows\System\tLTrwFv.exe
  C:\Windows\System\tLTrwFv.exe
  2⤵
  PID:4048
- C:\Windows\System\YxnCFIy.exe
  C:\Windows\System\YxnCFIy.exe
  2⤵
  PID:4068
- C:\Windows\System\cpTbCET.exe
  C:\Windows\System\cpTbCET.exe
  2⤵
  PID:4088
- C:\Windows\System\ceCGjZH.exe
  C:\Windows\System\ceCGjZH.exe
  2⤵
  PID:2084
- C:\Windows\System\fdUHNky.exe
  C:\Windows\System\fdUHNky.exe
  2⤵
  PID:2144
- C:\Windows\System\IPttlHH.exe
  C:\Windows\System\IPttlHH.exe
  2⤵
  PID:1820
- C:\Windows\System\oNIjYqG.exe
  C:\Windows\System\oNIjYqG.exe
  2⤵
  PID:2544
- C:\Windows\System\ZJxMfzQ.exe
  C:\Windows\System\ZJxMfzQ.exe
  2⤵
  PID:2056
- C:\Windows\System\ierKKSI.exe
  C:\Windows\System\ierKKSI.exe
  2⤵
  PID:1236
- C:\Windows\System\uryXJwB.exe
  C:\Windows\System\uryXJwB.exe
  2⤵
  PID:1716
- C:\Windows\System\viRDIkf.exe
  C:\Windows\System\viRDIkf.exe
  2⤵
  PID:1500
- C:\Windows\System\rxONZvK.exe
  C:\Windows\System\rxONZvK.exe
  2⤵
  PID:2616
- C:\Windows\System\ZRvodwP.exe
  C:\Windows\System\ZRvodwP.exe
  2⤵
  PID:2600
- C:\Windows\System\Kikjcoc.exe
  C:\Windows\System\Kikjcoc.exe
  2⤵
  PID:2340
- C:\Windows\System\BThKClB.exe
  C:\Windows\System\BThKClB.exe
  2⤵
  PID:1928
- C:\Windows\System\arkUfMN.exe
  C:\Windows\System\arkUfMN.exe
  2⤵
  PID:3080
- C:\Windows\System\wELvRsa.exe
  C:\Windows\System\wELvRsa.exe
  2⤵
  PID:3164
- C:\Windows\System\XRThSWd.exe
  C:\Windows\System\XRThSWd.exe
  2⤵
  PID:972
- C:\Windows\System\GmdFeKI.exe
  C:\Windows\System\GmdFeKI.exe
  2⤵
  PID:688
- C:\Windows\System\dmxcWJe.exe
  C:\Windows\System\dmxcWJe.exe
  2⤵
  PID:3228
- C:\Windows\System\BiSHCEi.exe
  C:\Windows\System\BiSHCEi.exe
  2⤵
  PID:3276
- C:\Windows\System\XtROPaT.exe
  C:\Windows\System\XtROPaT.exe
  2⤵
  PID:3136
- C:\Windows\System\AWTBbuN.exe
  C:\Windows\System\AWTBbuN.exe
  2⤵
  PID:3360
- C:\Windows\System\ZTbVMzW.exe
  C:\Windows\System\ZTbVMzW.exe
  2⤵
  PID:3252
- C:\Windows\System\SLMfxXT.exe
  C:\Windows\System\SLMfxXT.exe
  2⤵
  PID:3212
- C:\Windows\System\sXKGiaS.exe
  C:\Windows\System\sXKGiaS.exe
  2⤵
  PID:3388
- C:\Windows\System\IMWSHZw.exe
  C:\Windows\System\IMWSHZw.exe
  2⤵
  PID:3448
- C:\Windows\System\cPsJubh.exe
  C:\Windows\System\cPsJubh.exe
  2⤵
  PID:3484
- C:\Windows\System\SyVOJJA.exe
  C:\Windows\System\SyVOJJA.exe
  2⤵
  PID:3560
- C:\Windows\System\WZfldHU.exe
  C:\Windows\System\WZfldHU.exe
  2⤵
  PID:3672
- C:\Windows\System\wcbvNyi.exe
  C:\Windows\System\wcbvNyi.exe
  2⤵
  PID:3508
- C:\Windows\System\BRfENyo.exe
  C:\Windows\System\BRfENyo.exe
  2⤵
  PID:3460
- C:\Windows\System\OvXFmrV.exe
  C:\Windows\System\OvXFmrV.exe
  2⤵
  PID:3656
- C:\Windows\System\aKFgaNV.exe
  C:\Windows\System\aKFgaNV.exe
  2⤵
  PID:3576
- C:\Windows\System\dbCFkYw.exe
  C:\Windows\System\dbCFkYw.exe
  2⤵
  PID:3800
- C:\Windows\System\rxPbVIc.exe
  C:\Windows\System\rxPbVIc.exe
  2⤵
  PID:3852
- C:\Windows\System\kvzeaGa.exe
  C:\Windows\System\kvzeaGa.exe
  2⤵
  PID:3928
- C:\Windows\System\JkWZWUU.exe
  C:\Windows\System\JkWZWUU.exe
  2⤵
  PID:4004
- C:\Windows\System\yfWjTqV.exe
  C:\Windows\System\yfWjTqV.exe
  2⤵
  PID:3704
- C:\Windows\System\YwYTydr.exe
  C:\Windows\System\YwYTydr.exe
  2⤵
  PID:3788
- C:\Windows\System\sHAWiMJ.exe
  C:\Windows\System\sHAWiMJ.exe
  2⤵
  PID:3824
- C:\Windows\System\AGUeQWN.exe
  C:\Windows\System\AGUeQWN.exe
  2⤵
  PID:3900
- C:\Windows\System\wvYhiUh.exe
  C:\Windows\System\wvYhiUh.exe
  2⤵
  PID:3916
- C:\Windows\System\cElLMwE.exe
  C:\Windows\System\cElLMwE.exe
  2⤵
  PID:4040
- C:\Windows\System\CFOPSur.exe
  C:\Windows\System\CFOPSur.exe
  2⤵
  PID:1720
- C:\Windows\System\oOXSZCg.exe
  C:\Windows\System\oOXSZCg.exe
  2⤵
  PID:1996
- C:\Windows\System\haWphom.exe
  C:\Windows\System\haWphom.exe
  2⤵
  PID:4056
- C:\Windows\System\jsDRItz.exe
  C:\Windows\System\jsDRItz.exe
  2⤵
  PID:4064
- C:\Windows\System\yccagQG.exe
  C:\Windows\System\yccagQG.exe
  2⤵
  PID:1624
- C:\Windows\System\TPdSEWY.exe
  C:\Windows\System\TPdSEWY.exe
  2⤵
  PID:2700
- C:\Windows\System\mZRAWBb.exe
  C:\Windows\System\mZRAWBb.exe
  2⤵
  PID:3120
- C:\Windows\System\iAvHqUq.exe
  C:\Windows\System\iAvHqUq.exe
  2⤵
  PID:1916
- C:\Windows\System\DogbMVN.exe
  C:\Windows\System\DogbMVN.exe
  2⤵
  PID:628
- C:\Windows\System\VdDPkMH.exe
  C:\Windows\System\VdDPkMH.exe
  2⤵
  PID:3268
- C:\Windows\System\rSFiuhi.exe
  C:\Windows\System\rSFiuhi.exe
  2⤵
  PID:3192
- C:\Windows\System\twcCvJM.exe
  C:\Windows\System\twcCvJM.exe
  2⤵
  PID:1984
- C:\Windows\System\CemQfhL.exe
  C:\Windows\System\CemQfhL.exe
  2⤵
  PID:3104
- C:\Windows\System\qNwiYKQ.exe
  C:\Windows\System\qNwiYKQ.exe
  2⤵
  PID:3216
- C:\Windows\System\FIhnrtf.exe
  C:\Windows\System\FIhnrtf.exe
  2⤵
  PID:3376
- C:\Windows\System\FIykhFf.exe
  C:\Windows\System\FIykhFf.exe
  2⤵
  PID:3140
- C:\Windows\System\yntKpDa.exe
  C:\Windows\System\yntKpDa.exe
  2⤵
  PID:3404
- C:\Windows\System\ZdYrXOr.exe
  C:\Windows\System\ZdYrXOr.exe
  2⤵
  PID:3424
- C:\Windows\System\bQqdKAq.exe
  C:\Windows\System\bQqdKAq.exe
  2⤵
  PID:3632
- C:\Windows\System\THMGmKF.exe
  C:\Windows\System\THMGmKF.exe
  2⤵
  PID:3468
- C:\Windows\System\aQFoRGH.exe
  C:\Windows\System\aQFoRGH.exe
  2⤵
  PID:3760
- C:\Windows\System\aNWoboF.exe
  C:\Windows\System\aNWoboF.exe
  2⤵
  PID:3884
- C:\Windows\System\wrZKCqc.exe
  C:\Windows\System\wrZKCqc.exe
  2⤵
  PID:3740
- C:\Windows\System\TlXUPVT.exe
  C:\Windows\System\TlXUPVT.exe
  2⤵
  PID:3844
- C:\Windows\System\buIcZki.exe
  C:\Windows\System\buIcZki.exe
  2⤵
  PID:4080
- C:\Windows\System\inRhBAt.exe
  C:\Windows\System\inRhBAt.exe
  2⤵
  PID:3984
- C:\Windows\System\BEPKiAS.exe
  C:\Windows\System\BEPKiAS.exe
  2⤵
  PID:3008
- C:\Windows\System\CTskWgM.exe
  C:\Windows\System\CTskWgM.exe
  2⤵
  PID:1280
- C:\Windows\System\vddheIZ.exe
  C:\Windows\System\vddheIZ.exe
  2⤵
  PID:3948
- C:\Windows\System\uqryseW.exe
  C:\Windows\System\uqryseW.exe
  2⤵
  PID:4028
- C:\Windows\System\nUjAPJw.exe
  C:\Windows\System\nUjAPJw.exe
  2⤵
  PID:1660
- C:\Windows\System\IRXgjxH.exe
  C:\Windows\System\IRXgjxH.exe
  2⤵
  PID:4100
- C:\Windows\System\fIAuiId.exe
  C:\Windows\System\fIAuiId.exe
  2⤵
  PID:4116
- C:\Windows\System\HEGffRi.exe
  C:\Windows\System\HEGffRi.exe
  2⤵
  PID:4132
- C:\Windows\System\CBBhOgj.exe
  C:\Windows\System\CBBhOgj.exe
  2⤵
  PID:4148
- C:\Windows\System\rorKall.exe
  C:\Windows\System\rorKall.exe
  2⤵
  PID:4164
- C:\Windows\System\WacGiwb.exe
  C:\Windows\System\WacGiwb.exe
  2⤵
  PID:4188
- C:\Windows\System\BtYBHmw.exe
  C:\Windows\System\BtYBHmw.exe
  2⤵
  PID:4204
- C:\Windows\System\fjjBVpj.exe
  C:\Windows\System\fjjBVpj.exe
  2⤵
  PID:4220
- C:\Windows\System\pZWOfgt.exe
  C:\Windows\System\pZWOfgt.exe
  2⤵
  PID:4236
- C:\Windows\System\OLRFiXT.exe
  C:\Windows\System\OLRFiXT.exe
  2⤵
  PID:4264
- C:\Windows\System\YCZdJkF.exe
  C:\Windows\System\YCZdJkF.exe
  2⤵
  PID:4312
- C:\Windows\System\FqsfmMm.exe
  C:\Windows\System\FqsfmMm.exe
  2⤵
  PID:4332
- C:\Windows\System\dXIdBeG.exe
  C:\Windows\System\dXIdBeG.exe
  2⤵
  PID:4360
- C:\Windows\System\RVGbxwS.exe
  C:\Windows\System\RVGbxwS.exe
  2⤵
  PID:4380
- C:\Windows\System\POheylT.exe
  C:\Windows\System\POheylT.exe
  2⤵
  PID:4400
- C:\Windows\System\sKiIYli.exe
  C:\Windows\System\sKiIYli.exe
  2⤵
  PID:4416
- C:\Windows\System\jqSdOZd.exe
  C:\Windows\System\jqSdOZd.exe
  2⤵
  PID:4436
- C:\Windows\System\laBFWiA.exe
  C:\Windows\System\laBFWiA.exe
  2⤵
  PID:4452
- C:\Windows\System\JMErQks.exe
  C:\Windows\System\JMErQks.exe
  2⤵
  PID:4468
- C:\Windows\System\AeZDjJc.exe
  C:\Windows\System\AeZDjJc.exe
  2⤵
  PID:4492
- C:\Windows\System\qQMirDp.exe
  C:\Windows\System\qQMirDp.exe
  2⤵
  PID:4508
- C:\Windows\System\LFEtQSa.exe
  C:\Windows\System\LFEtQSa.exe
  2⤵
  PID:4528
- C:\Windows\System\eNKHDpm.exe
  C:\Windows\System\eNKHDpm.exe
  2⤵
  PID:4544
- C:\Windows\System\RPZpZlY.exe
  C:\Windows\System\RPZpZlY.exe
  2⤵
  PID:4576
- C:\Windows\System\fAWIdUP.exe
  C:\Windows\System\fAWIdUP.exe
  2⤵
  PID:4596
- C:\Windows\System\qEGmavG.exe
  C:\Windows\System\qEGmavG.exe
  2⤵
  PID:4616
- C:\Windows\System\ucRgiCn.exe
  C:\Windows\System\ucRgiCn.exe
  2⤵
  PID:4632
- C:\Windows\System\RNkQDTc.exe
  C:\Windows\System\RNkQDTc.exe
  2⤵
  PID:4656
- C:\Windows\System\RcJAbgY.exe
  C:\Windows\System\RcJAbgY.exe
  2⤵
  PID:4672
- C:\Windows\System\LxckJuq.exe
  C:\Windows\System\LxckJuq.exe
  2⤵
  PID:4688
- C:\Windows\System\DftBvHw.exe
  C:\Windows\System\DftBvHw.exe
  2⤵
  PID:4708
- C:\Windows\System\bRZJMSC.exe
  C:\Windows\System\bRZJMSC.exe
  2⤵
  PID:4728
- C:\Windows\System\ZNuaDNq.exe
  C:\Windows\System\ZNuaDNq.exe
  2⤵
  PID:4744
- C:\Windows\System\IalCJew.exe
  C:\Windows\System\IalCJew.exe
  2⤵
  PID:4772
- C:\Windows\System\yTWziuw.exe
  C:\Windows\System\yTWziuw.exe
  2⤵
  PID:4788
- C:\Windows\System\idfUWdx.exe
  C:\Windows\System\idfUWdx.exe
  2⤵
  PID:4816
- C:\Windows\System\GhdKCMn.exe
  C:\Windows\System\GhdKCMn.exe
  2⤵
  PID:4840
- C:\Windows\System\sDciZOw.exe
  C:\Windows\System\sDciZOw.exe
  2⤵
  PID:4856
- C:\Windows\System\LLoMHLi.exe
  C:\Windows\System\LLoMHLi.exe
  2⤵
  PID:4876
- C:\Windows\System\ohoFTvk.exe
  C:\Windows\System\ohoFTvk.exe
  2⤵
  PID:4896
- C:\Windows\System\IJjHdgD.exe
  C:\Windows\System\IJjHdgD.exe
  2⤵
  PID:4912
- C:\Windows\System\GFBfbeW.exe
  C:\Windows\System\GFBfbeW.exe
  2⤵
  PID:4932
- C:\Windows\System\cDaApEV.exe
  C:\Windows\System\cDaApEV.exe
  2⤵
  PID:4948
- C:\Windows\System\hFxNsXF.exe
  C:\Windows\System\hFxNsXF.exe
  2⤵
  PID:4968
- C:\Windows\System\xayvWTJ.exe
  C:\Windows\System\xayvWTJ.exe
  2⤵
  PID:4984
- C:\Windows\System\CjGWJvy.exe
  C:\Windows\System\CjGWJvy.exe
  2⤵
  PID:5012
- C:\Windows\System\IuWupLG.exe
  C:\Windows\System\IuWupLG.exe
  2⤵
  PID:5036
- C:\Windows\System\HlMoYjW.exe
  C:\Windows\System\HlMoYjW.exe
  2⤵
  PID:5052
- C:\Windows\System\BZsYyiE.exe
  C:\Windows\System\BZsYyiE.exe
  2⤵
  PID:5072
- C:\Windows\System\aBuuwDF.exe
  C:\Windows\System\aBuuwDF.exe
  2⤵
  PID:5092
- C:\Windows\System\VOXOwbK.exe
  C:\Windows\System\VOXOwbK.exe
  2⤵
  PID:1432
- C:\Windows\System\PLzNctN.exe
  C:\Windows\System\PLzNctN.exe
  2⤵
  PID:3440
- C:\Windows\System\WvcvPIn.exe
  C:\Windows\System\WvcvPIn.exe
  2⤵
  PID:2744
- C:\Windows\System\fPiIQkt.exe
  C:\Windows\System\fPiIQkt.exe
  2⤵
  PID:2840
- C:\Windows\System\cCJSrMN.exe
  C:\Windows\System\cCJSrMN.exe
  2⤵
  PID:3480
- C:\Windows\System\dJmitDS.exe
  C:\Windows\System\dJmitDS.exe
  2⤵
  PID:3652
- C:\Windows\System\UkIyxqp.exe
  C:\Windows\System\UkIyxqp.exe
  2⤵
  PID:3728
- C:\Windows\System\xMqvZeD.exe
  C:\Windows\System\xMqvZeD.exe
  2⤵
  PID:3972
- C:\Windows\System\xEauBvY.exe
  C:\Windows\System\xEauBvY.exe
  2⤵
  PID:3528
- C:\Windows\System\VFrpwFM.exe
  C:\Windows\System\VFrpwFM.exe
  2⤵
  PID:3524
- C:\Windows\System\XNqyVHs.exe
  C:\Windows\System\XNqyVHs.exe
  2⤵
  PID:3932
- C:\Windows\System\rLHdnTQ.exe
  C:\Windows\System\rLHdnTQ.exe
  2⤵
  PID:3804
- C:\Windows\System\EtZlsNK.exe
  C:\Windows\System\EtZlsNK.exe
  2⤵
  PID:3124
- C:\Windows\System\ASqoFMi.exe
  C:\Windows\System\ASqoFMi.exe
  2⤵
  PID:2320
- C:\Windows\System\wkNLDoO.exe
  C:\Windows\System\wkNLDoO.exe
  2⤵
  PID:4180
- C:\Windows\System\CQzGrnD.exe
  C:\Windows\System\CQzGrnD.exe
  2⤵
  PID:4216
- C:\Windows\System\qDnxpYR.exe
  C:\Windows\System\qDnxpYR.exe
  2⤵
  PID:4252
- C:\Windows\System\KGiJAfX.exe
  C:\Windows\System\KGiJAfX.exe
  2⤵
  PID:4320
- C:\Windows\System\JZglgxK.exe
  C:\Windows\System\JZglgxK.exe
  2⤵
  PID:4376
- C:\Windows\System\vrJNcQX.exe
  C:\Windows\System\vrJNcQX.exe
  2⤵
  PID:4228
- C:\Windows\System\LMRMUjh.exe
  C:\Windows\System\LMRMUjh.exe
  2⤵
  PID:3820
- C:\Windows\System\ZWXOQua.exe
  C:\Windows\System\ZWXOQua.exe
  2⤵
  PID:4124
- C:\Windows\System\tmkNlMN.exe
  C:\Windows\System\tmkNlMN.exe
  2⤵
  PID:4288
- C:\Windows\System\TzJcoqs.exe
  C:\Windows\System\TzJcoqs.exe
  2⤵
  PID:4308
- C:\Windows\System\VMbJthb.exe
  C:\Windows\System\VMbJthb.exe
  2⤵
  PID:4444
- C:\Windows\System\EAugnDk.exe
  C:\Windows\System\EAugnDk.exe
  2⤵
  PID:4484
- C:\Windows\System\SAbCmwG.exe
  C:\Windows\System\SAbCmwG.exe
  2⤵
  PID:4392
- C:\Windows\System\jVMKTqk.exe
  C:\Windows\System\jVMKTqk.exe
  2⤵
  PID:4428
- C:\Windows\System\gkzaXcb.exe
  C:\Windows\System\gkzaXcb.exe
  2⤵
  PID:4640
- C:\Windows\System\mHcEBER.exe
  C:\Windows\System\mHcEBER.exe
  2⤵
  PID:4460
- C:\Windows\System\uAYBbVg.exe
  C:\Windows\System\uAYBbVg.exe
  2⤵
  PID:4680
- C:\Windows\System\ZKMmXOI.exe
  C:\Windows\System\ZKMmXOI.exe
  2⤵
  PID:4752
- C:\Windows\System\JnwmCgd.exe
  C:\Windows\System\JnwmCgd.exe
  2⤵
  PID:4768
- C:\Windows\System\TnuTyRs.exe
  C:\Windows\System\TnuTyRs.exe
  2⤵
  PID:4808
- C:\Windows\System\kRkmkTD.exe
  C:\Windows\System\kRkmkTD.exe
  2⤵
  PID:4584
- C:\Windows\System\HlSNfOp.exe
  C:\Windows\System\HlSNfOp.exe
  2⤵
  PID:4780
- C:\Windows\System\mibDxNe.exe
  C:\Windows\System\mibDxNe.exe
  2⤵
  PID:4696
- C:\Windows\System\bgPmmJr.exe
  C:\Windows\System\bgPmmJr.exe
  2⤵
  PID:4956
- C:\Windows\System\iGWAptQ.exe
  C:\Windows\System\iGWAptQ.exe
  2⤵
  PID:5000
- C:\Windows\System\GGcHpLb.exe
  C:\Windows\System\GGcHpLb.exe
  2⤵
  PID:4824
- C:\Windows\System\cClcqrF.exe
  C:\Windows\System\cClcqrF.exe
  2⤵
  PID:5088
- C:\Windows\System\OOhFcWZ.exe
  C:\Windows\System\OOhFcWZ.exe
  2⤵
  PID:3180
- C:\Windows\System\LgHHLTq.exe
  C:\Windows\System\LgHHLTq.exe
  2⤵
  PID:3628
- C:\Windows\System\ceMZQNk.exe
  C:\Windows\System\ceMZQNk.exe
  2⤵
  PID:4976
- C:\Windows\System\hzivYIp.exe
  C:\Windows\System\hzivYIp.exe
  2⤵
  PID:4908
- C:\Windows\System\OULbevo.exe
  C:\Windows\System\OULbevo.exe
  2⤵
  PID:3696
- C:\Windows\System\UdrYXXa.exe
  C:\Windows\System\UdrYXXa.exe
  2⤵
  PID:3768
- C:\Windows\System\QphaoUY.exe
  C:\Windows\System\QphaoUY.exe
  2⤵
  PID:884
- C:\Windows\System\ZEPSikh.exe
  C:\Windows\System\ZEPSikh.exe
  2⤵
  PID:5020
- C:\Windows\System\KzEnpPW.exe
  C:\Windows\System\KzEnpPW.exe
  2⤵
  PID:3200
- C:\Windows\System\WHhgkxQ.exe
  C:\Windows\System\WHhgkxQ.exe
  2⤵
  PID:3264
- C:\Windows\System\xuZpPAB.exe
  C:\Windows\System\xuZpPAB.exe
  2⤵
  PID:3296
- C:\Windows\System\mYvxHYa.exe
  C:\Windows\System\mYvxHYa.exe
  2⤵
  PID:4024
- C:\Windows\System\HCxEAcB.exe
  C:\Windows\System\HCxEAcB.exe
  2⤵
  PID:4476
- C:\Windows\System\oKSjekn.exe
  C:\Windows\System\oKSjekn.exe
  2⤵
  PID:3596
- C:\Windows\System\amBthSP.exe
  C:\Windows\System\amBthSP.exe
  2⤵
  PID:4560
- C:\Windows\System\EqYXVGD.exe
  C:\Windows\System\EqYXVGD.exe
  2⤵
  PID:4396
- C:\Windows\System\LaQbobT.exe
  C:\Windows\System\LaQbobT.exe
  2⤵
  PID:4516
- C:\Windows\System\CxeNgIv.exe
  C:\Windows\System\CxeNgIv.exe
  2⤵
  PID:4344
- C:\Windows\System\CLSfRpf.exe
  C:\Windows\System\CLSfRpf.exe
  2⤵
  PID:4256
- C:\Windows\System\pRwliQz.exe
  C:\Windows\System\pRwliQz.exe
  2⤵
  PID:4424
- C:\Windows\System\rchqIPo.exe
  C:\Windows\System\rchqIPo.exe
  2⤵
  PID:4720
- C:\Windows\System\LcKIrkw.exe
  C:\Windows\System\LcKIrkw.exe
  2⤵
  PID:4740
- C:\Windows\System\PcycCyX.exe
  C:\Windows\System\PcycCyX.exe
  2⤵
  PID:4648
- C:\Windows\System\dXwOrKp.exe
  C:\Windows\System\dXwOrKp.exe
  2⤵
  PID:4612
- C:\Windows\System\RJRNcvi.exe
  C:\Windows\System\RJRNcvi.exe
  2⤵
  PID:5004
- C:\Windows\System\zDvSMVI.exe
  C:\Windows\System\zDvSMVI.exe
  2⤵
  PID:3700
- C:\Windows\System\fBoowiJ.exe
  C:\Windows\System\fBoowiJ.exe
  2⤵
  PID:4756
- C:\Windows\System\MzQfPYo.exe
  C:\Windows\System\MzQfPYo.exe
  2⤵
  PID:4704
- C:\Windows\System\fskQvOn.exe
  C:\Windows\System\fskQvOn.exe
  2⤵
  PID:4836
- C:\Windows\System\gZSkUXB.exe
  C:\Windows\System\gZSkUXB.exe
  2⤵
  PID:2860
- C:\Windows\System\TabDADL.exe
  C:\Windows\System\TabDADL.exe
  2⤵
  PID:5060
- C:\Windows\System\heCKIZr.exe
  C:\Windows\System\heCKIZr.exe
  2⤵
  PID:5132
- C:\Windows\System\UBvowYk.exe
  C:\Windows\System\UBvowYk.exe
  2⤵
  PID:5152
- C:\Windows\System\KgyeTsP.exe
  C:\Windows\System\KgyeTsP.exe
  2⤵
  PID:5172
- C:\Windows\System\WLJIJKm.exe
  C:\Windows\System\WLJIJKm.exe
  2⤵
  PID:5192
- C:\Windows\System\SGGgJsd.exe
  C:\Windows\System\SGGgJsd.exe
  2⤵
  PID:5212
- C:\Windows\System\iSMwuGw.exe
  C:\Windows\System\iSMwuGw.exe
  2⤵
  PID:5232
- C:\Windows\System\HlmGkkY.exe
  C:\Windows\System\HlmGkkY.exe
  2⤵
  PID:5252
- C:\Windows\System\GFpfXtS.exe
  C:\Windows\System\GFpfXtS.exe
  2⤵
  PID:5272
- C:\Windows\System\OCNhnOU.exe
  C:\Windows\System\OCNhnOU.exe
  2⤵
  PID:5292
- C:\Windows\System\xGbbDgm.exe
  C:\Windows\System\xGbbDgm.exe
  2⤵
  PID:5312
- C:\Windows\System\MPXaGYG.exe
  C:\Windows\System\MPXaGYG.exe
  2⤵
  PID:5332
- C:\Windows\System\AbysXYJ.exe
  C:\Windows\System\AbysXYJ.exe
  2⤵
  PID:5352
- C:\Windows\System\DpqfDRE.exe
  C:\Windows\System\DpqfDRE.exe
  2⤵
  PID:5372
- C:\Windows\System\lRFCOiq.exe
  C:\Windows\System\lRFCOiq.exe
  2⤵
  PID:5392
- C:\Windows\System\rlRGkVE.exe
  C:\Windows\System\rlRGkVE.exe
  2⤵
  PID:5412
- C:\Windows\System\qRgUiep.exe
  C:\Windows\System\qRgUiep.exe
  2⤵
  PID:5432
- C:\Windows\System\oLcOVot.exe
  C:\Windows\System\oLcOVot.exe
  2⤵
  PID:5452
- C:\Windows\System\PIYodLZ.exe
  C:\Windows\System\PIYodLZ.exe
  2⤵
  PID:5472
- C:\Windows\System\jNgNxUq.exe
  C:\Windows\System\jNgNxUq.exe
  2⤵
  PID:5492
- C:\Windows\System\boaNRUF.exe
  C:\Windows\System\boaNRUF.exe
  2⤵
  PID:5524
- C:\Windows\System\RBJNWXF.exe
  C:\Windows\System\RBJNWXF.exe
  2⤵
  PID:5540
- C:\Windows\System\kCopByM.exe
  C:\Windows\System\kCopByM.exe
  2⤵
  PID:5564
- C:\Windows\System\YZWJCdh.exe
  C:\Windows\System\YZWJCdh.exe
  2⤵
  PID:5584
- C:\Windows\System\jbVYScB.exe
  C:\Windows\System\jbVYScB.exe
  2⤵
  PID:5604
- C:\Windows\System\KqyTHzd.exe
  C:\Windows\System\KqyTHzd.exe
  2⤵
  PID:5624
- C:\Windows\System\FOgjyhq.exe
  C:\Windows\System\FOgjyhq.exe
  2⤵
  PID:5644
- C:\Windows\System\LqNDYdY.exe
  C:\Windows\System\LqNDYdY.exe
  2⤵
  PID:5664
- C:\Windows\System\PloxLnW.exe
  C:\Windows\System\PloxLnW.exe
  2⤵
  PID:5684
- C:\Windows\System\sScuxqP.exe
  C:\Windows\System\sScuxqP.exe
  2⤵
  PID:5704
- C:\Windows\System\eFSoFYq.exe
  C:\Windows\System\eFSoFYq.exe
  2⤵
  PID:5724
- C:\Windows\System\MalMPbP.exe
  C:\Windows\System\MalMPbP.exe
  2⤵
  PID:5744
- C:\Windows\System\vpjLsir.exe
  C:\Windows\System\vpjLsir.exe
  2⤵
  PID:5764
- C:\Windows\System\SYciIyg.exe
  C:\Windows\System\SYciIyg.exe
  2⤵
  PID:5784
- C:\Windows\System\vdTOXUs.exe
  C:\Windows\System\vdTOXUs.exe
  2⤵
  PID:5804
- C:\Windows\System\CeEXXvc.exe
  C:\Windows\System\CeEXXvc.exe
  2⤵
  PID:5824
- C:\Windows\System\pakudhp.exe
  C:\Windows\System\pakudhp.exe
  2⤵
  PID:5844
- C:\Windows\System\vpQehCA.exe
  C:\Windows\System\vpQehCA.exe
  2⤵
  PID:5864
- C:\Windows\System\PUwTPCF.exe
  C:\Windows\System\PUwTPCF.exe
  2⤵
  PID:5884
- C:\Windows\System\PzJDVVg.exe
  C:\Windows\System\PzJDVVg.exe
  2⤵
  PID:5904
- C:\Windows\System\pAjIxBR.exe
  C:\Windows\System\pAjIxBR.exe
  2⤵
  PID:5924
- C:\Windows\System\NxbyBKd.exe
  C:\Windows\System\NxbyBKd.exe
  2⤵
  PID:5944
- C:\Windows\System\VIxiYim.exe
  C:\Windows\System\VIxiYim.exe
  2⤵
  PID:5964
- C:\Windows\System\ItvMVRp.exe
  C:\Windows\System\ItvMVRp.exe
  2⤵
  PID:5984
- C:\Windows\System\tHmkvfn.exe
  C:\Windows\System\tHmkvfn.exe
  2⤵
  PID:6004
- C:\Windows\System\UFmGBKw.exe
  C:\Windows\System\UFmGBKw.exe
  2⤵
  PID:6024
- C:\Windows\System\nHEwroP.exe
  C:\Windows\System\nHEwroP.exe
  2⤵
  PID:6044
- C:\Windows\System\URCDwts.exe
  C:\Windows\System\URCDwts.exe
  2⤵
  PID:6064
- C:\Windows\System\nsXhKEF.exe
  C:\Windows\System\nsXhKEF.exe
  2⤵
  PID:6084
- C:\Windows\System\NBXjFfd.exe
  C:\Windows\System\NBXjFfd.exe
  2⤵
  PID:6104
- C:\Windows\System\XikSQzW.exe
  C:\Windows\System\XikSQzW.exe
  2⤵
  PID:6124
- C:\Windows\System\pcERFzl.exe
  C:\Windows\System\pcERFzl.exe
  2⤵
  PID:3544
- C:\Windows\System\cJeYusa.exe
  C:\Windows\System\cJeYusa.exe
  2⤵
  PID:4864
- C:\Windows\System\CfCBpmp.exe
  C:\Windows\System\CfCBpmp.exe
  2⤵
  PID:4300
- C:\Windows\System\ouRyYOH.exe
  C:\Windows\System\ouRyYOH.exe
  2⤵
  PID:3248
- C:\Windows\System\JGZfmWW.exe
  C:\Windows\System\JGZfmWW.exe
  2⤵
  PID:3868
- C:\Windows\System\RTUXMQW.exe
  C:\Windows\System\RTUXMQW.exe
  2⤵
  PID:3988
- C:\Windows\System\rpzEqEz.exe
  C:\Windows\System\rpzEqEz.exe
  2⤵
  PID:4368
- C:\Windows\System\fuDFheV.exe
  C:\Windows\System\fuDFheV.exe
  2⤵
  PID:4464
- C:\Windows\System\ZgUqndG.exe
  C:\Windows\System\ZgUqndG.exe
  2⤵
  PID:4172
- C:\Windows\System\uRaUBRT.exe
  C:\Windows\System\uRaUBRT.exe
  2⤵
  PID:4800
- C:\Windows\System\oeLMluk.exe
  C:\Windows\System\oeLMluk.exe
  2⤵
  PID:4388
- C:\Windows\System\ynRzEoJ.exe
  C:\Windows\System\ynRzEoJ.exe
  2⤵
  PID:4764
- C:\Windows\System\wUwqoFz.exe
  C:\Windows\System\wUwqoFz.exe
  2⤵
  PID:4872
- C:\Windows\System\TtVZCrD.exe
  C:\Windows\System\TtVZCrD.exe
  2⤵
  PID:4852
- C:\Windows\System\XkIWWtS.exe
  C:\Windows\System\XkIWWtS.exe
  2⤵
  PID:5080
- C:\Windows\System\rPCONTK.exe
  C:\Windows\System\rPCONTK.exe
  2⤵
  PID:4020
- C:\Windows\System\hYHLDon.exe
  C:\Windows\System\hYHLDon.exe
  2⤵
  PID:5124
- C:\Windows\System\AjDbgKq.exe
  C:\Windows\System\AjDbgKq.exe
  2⤵
  PID:5164
- C:\Windows\System\HqzCvEF.exe
  C:\Windows\System\HqzCvEF.exe
  2⤵
  PID:5220
- C:\Windows\System\RuEXfWd.exe
  C:\Windows\System\RuEXfWd.exe
  2⤵
  PID:5224
- C:\Windows\System\xUvYysf.exe
  C:\Windows\System\xUvYysf.exe
  2⤵
  PID:5248
- C:\Windows\System\IiUVORd.exe
  C:\Windows\System\IiUVORd.exe
  2⤵
  PID:5288
- C:\Windows\System\yyZaoPi.exe
  C:\Windows\System\yyZaoPi.exe
  2⤵
  PID:5340
- C:\Windows\System\YMomktT.exe
  C:\Windows\System\YMomktT.exe
  2⤵
  PID:5368
- C:\Windows\System\odtxmhb.exe
  C:\Windows\System\odtxmhb.exe
  2⤵
  PID:5400
- C:\Windows\System\YNXvXhA.exe
  C:\Windows\System\YNXvXhA.exe
  2⤵
  PID:5424
- C:\Windows\System\jtPOTTt.exe
  C:\Windows\System\jtPOTTt.exe
  2⤵
  PID:5444
- C:\Windows\System\ppCeLhp.exe
  C:\Windows\System\ppCeLhp.exe
  2⤵
  PID:5508
- C:\Windows\System\IkvARSt.exe
  C:\Windows\System\IkvARSt.exe
  2⤵
  PID:5560
- C:\Windows\System\uvainWj.exe
  C:\Windows\System\uvainWj.exe
  2⤵
  PID:5580
- C:\Windows\System\DuiqIOT.exe
  C:\Windows\System\DuiqIOT.exe
  2⤵
  PID:5612
- C:\Windows\System\OPxUQrf.exe
  C:\Windows\System\OPxUQrf.exe
  2⤵
  PID:5636
- C:\Windows\System\yGjWkrW.exe
  C:\Windows\System\yGjWkrW.exe
  2⤵
  PID:5680
- C:\Windows\System\TyUQBPn.exe
  C:\Windows\System\TyUQBPn.exe
  2⤵
  PID:5712
- C:\Windows\System\QQUwxIQ.exe
  C:\Windows\System\QQUwxIQ.exe
  2⤵
  PID:5736
- C:\Windows\System\nJWQAiy.exe
  C:\Windows\System\nJWQAiy.exe
  2⤵
  PID:5780
- C:\Windows\System\BcNMlVD.exe
  C:\Windows\System\BcNMlVD.exe
  2⤵
  PID:5812
- C:\Windows\System\aYMFdBG.exe
  C:\Windows\System\aYMFdBG.exe
  2⤵
  PID:5836
- C:\Windows\System\gCaOsMm.exe
  C:\Windows\System\gCaOsMm.exe
  2⤵
  PID:5880
- C:\Windows\System\qsmiESP.exe
  C:\Windows\System\qsmiESP.exe
  2⤵
  PID:5912
- C:\Windows\System\DflGjmy.exe
  C:\Windows\System\DflGjmy.exe
  2⤵
  PID:5960
- C:\Windows\System\teGpEVJ.exe
  C:\Windows\System\teGpEVJ.exe
  2⤵
  PID:5972
- C:\Windows\System\RQdZxTz.exe
  C:\Windows\System\RQdZxTz.exe
  2⤵
  PID:6040
- C:\Windows\System\lXYhQVu.exe
  C:\Windows\System\lXYhQVu.exe
  2⤵
  PID:6072
- C:\Windows\System\xVtHZWd.exe
  C:\Windows\System\xVtHZWd.exe
  2⤵
  PID:6056
- C:\Windows\System\JUBDJrb.exe
  C:\Windows\System\JUBDJrb.exe
  2⤵
  PID:6120
- C:\Windows\System\yGBGWsn.exe
  C:\Windows\System\yGBGWsn.exe
  2⤵
  PID:6136
- C:\Windows\System\HjlGKwZ.exe
  C:\Windows\System\HjlGKwZ.exe
  2⤵
  PID:4304
- C:\Windows\System\bsXpRze.exe
  C:\Windows\System\bsXpRze.exe
  2⤵
  PID:4552
- C:\Windows\System\gFdHqFc.exe
  C:\Windows\System\gFdHqFc.exe
  2⤵
  PID:2296
- C:\Windows\System\XaNsYoi.exe
  C:\Windows\System\XaNsYoi.exe
  2⤵
  PID:4572
- C:\Windows\System\lkPIuAv.exe
  C:\Windows\System\lkPIuAv.exe
  2⤵
  PID:4892
- C:\Windows\System\BkGxTjc.exe
  C:\Windows\System\BkGxTjc.exe
  2⤵
  PID:4804
- C:\Windows\System\HLYcGhq.exe
  C:\Windows\System\HLYcGhq.exe
  2⤵
  PID:3908
- C:\Windows\System\ysgIbWC.exe
  C:\Windows\System\ysgIbWC.exe
  2⤵
  PID:3504
- C:\Windows\System\fASopdQ.exe
  C:\Windows\System\fASopdQ.exe
  2⤵
  PID:5140
- C:\Windows\System\OMcydkZ.exe
  C:\Windows\System\OMcydkZ.exe
  2⤵
  PID:5160
- C:\Windows\System\seryPXU.exe
  C:\Windows\System\seryPXU.exe
  2⤵
  PID:5184
- C:\Windows\System\JkOffxd.exe
  C:\Windows\System\JkOffxd.exe
  2⤵
  PID:5264
- C:\Windows\System\EZddCZo.exe
  C:\Windows\System\EZddCZo.exe
  2⤵
  PID:5328
- C:\Windows\System\jCuyDrI.exe
  C:\Windows\System\jCuyDrI.exe
  2⤵
  PID:2752
- C:\Windows\System\aOfObYS.exe
  C:\Windows\System\aOfObYS.exe
  2⤵
  PID:5388
- C:\Windows\System\TARZnmT.exe
  C:\Windows\System\TARZnmT.exe
  2⤵
  PID:5460
- C:\Windows\System\XwwMqHw.exe
  C:\Windows\System\XwwMqHw.exe
  2⤵
  PID:5548
- C:\Windows\System\sctjFmf.exe
  C:\Windows\System\sctjFmf.exe
  2⤵
  PID:5596
- C:\Windows\System\OifgYTX.exe
  C:\Windows\System\OifgYTX.exe
  2⤵
  PID:5632
- C:\Windows\System\VApwJZe.exe
  C:\Windows\System\VApwJZe.exe
  2⤵
  PID:5660
- C:\Windows\System\KyOQasG.exe
  C:\Windows\System\KyOQasG.exe
  2⤵
  PID:5740
- C:\Windows\System\JrTSqVS.exe
  C:\Windows\System\JrTSqVS.exe
  2⤵
  PID:5792
- C:\Windows\System\UfNsgYd.exe
  C:\Windows\System\UfNsgYd.exe
  2⤵
  PID:5832
- C:\Windows\System\BzksMoi.exe
  C:\Windows\System\BzksMoi.exe
  2⤵
  PID:5896
- C:\Windows\System\kJhAPKy.exe
  C:\Windows\System\kJhAPKy.exe
  2⤵
  PID:5936
- C:\Windows\System\nGSYCPU.exe
  C:\Windows\System\nGSYCPU.exe
  2⤵
  PID:6032
- C:\Windows\System\AoQXuVg.exe
  C:\Windows\System\AoQXuVg.exe
  2⤵
  PID:6060
- C:\Windows\System\vQawYvz.exe
  C:\Windows\System\vQawYvz.exe
  2⤵
  PID:6080
- C:\Windows\System\rcEcpxO.exe
  C:\Windows\System\rcEcpxO.exe
  2⤵
  PID:6140
- C:\Windows\System\HLlDeQs.exe
  C:\Windows\System\HLlDeQs.exe
  2⤵
  PID:6152
- C:\Windows\System\DxelPVY.exe
  C:\Windows\System\DxelPVY.exe
  2⤵
  PID:6172
- C:\Windows\System\tXMBDMl.exe
  C:\Windows\System\tXMBDMl.exe
  2⤵
  PID:6192
- C:\Windows\System\UVeMvLi.exe
  C:\Windows\System\UVeMvLi.exe
  2⤵
  PID:6220
- C:\Windows\System\GAjKDXL.exe
  C:\Windows\System\GAjKDXL.exe
  2⤵
  PID:6240
- C:\Windows\System\ZEBdQyc.exe
  C:\Windows\System\ZEBdQyc.exe
  2⤵
  PID:6260
- C:\Windows\System\vgVvztj.exe
  C:\Windows\System\vgVvztj.exe
  2⤵
  PID:6280
- C:\Windows\System\dapjaSn.exe
  C:\Windows\System\dapjaSn.exe
  2⤵
  PID:6300
- C:\Windows\System\CDVyxBc.exe
  C:\Windows\System\CDVyxBc.exe
  2⤵
  PID:6320
- C:\Windows\System\CASmQIQ.exe
  C:\Windows\System\CASmQIQ.exe
  2⤵
  PID:6340
- C:\Windows\System\gXwZbmh.exe
  C:\Windows\System\gXwZbmh.exe
  2⤵
  PID:6360
- C:\Windows\System\tAVQdKm.exe
  C:\Windows\System\tAVQdKm.exe
  2⤵
  PID:6380
- C:\Windows\System\hMERKFs.exe
  C:\Windows\System\hMERKFs.exe
  2⤵
  PID:6400
- C:\Windows\System\bKUpoji.exe
  C:\Windows\System\bKUpoji.exe
  2⤵
  PID:6420
- C:\Windows\System\lTNNQXI.exe
  C:\Windows\System\lTNNQXI.exe
  2⤵
  PID:6440
- C:\Windows\System\ThAtjmB.exe
  C:\Windows\System\ThAtjmB.exe
  2⤵
  PID:6464
- C:\Windows\System\xpBZCEn.exe
  C:\Windows\System\xpBZCEn.exe
  2⤵
  PID:6484
- C:\Windows\System\jmVquow.exe
  C:\Windows\System\jmVquow.exe
  2⤵
  PID:6504
- C:\Windows\System\cmfOezt.exe
  C:\Windows\System\cmfOezt.exe
  2⤵
  PID:6524
- C:\Windows\System\zZLwcUU.exe
  C:\Windows\System\zZLwcUU.exe
  2⤵
  PID:6544
- C:\Windows\System\upNEtEu.exe
  C:\Windows\System\upNEtEu.exe
  2⤵
  PID:6564
- C:\Windows\System\GSCqJbH.exe
  C:\Windows\System\GSCqJbH.exe
  2⤵
  PID:6584
- C:\Windows\System\zCePyxO.exe
  C:\Windows\System\zCePyxO.exe
  2⤵
  PID:6604
- C:\Windows\System\cNvMmJB.exe
  C:\Windows\System\cNvMmJB.exe
  2⤵
  PID:6624
- C:\Windows\System\BWAWhmQ.exe
  C:\Windows\System\BWAWhmQ.exe
  2⤵
  PID:6644
- C:\Windows\System\dulHHwn.exe
  C:\Windows\System\dulHHwn.exe
  2⤵
  PID:6664
- C:\Windows\System\zDkunYn.exe
  C:\Windows\System\zDkunYn.exe
  2⤵
  PID:6684
- C:\Windows\System\HogFqYB.exe
  C:\Windows\System\HogFqYB.exe
  2⤵
  PID:6704
- C:\Windows\System\ZxDHxZs.exe
  C:\Windows\System\ZxDHxZs.exe
  2⤵
  PID:6724
- C:\Windows\System\vPcIvTr.exe
  C:\Windows\System\vPcIvTr.exe
  2⤵
  PID:6744
- C:\Windows\System\uRGLayF.exe
  C:\Windows\System\uRGLayF.exe
  2⤵
  PID:6764
- C:\Windows\System\WmwuWxi.exe
  C:\Windows\System\WmwuWxi.exe
  2⤵
  PID:6784
- C:\Windows\System\lGtqdFw.exe
  C:\Windows\System\lGtqdFw.exe
  2⤵
  PID:6804
- C:\Windows\System\IMghSKE.exe
  C:\Windows\System\IMghSKE.exe
  2⤵
  PID:6824
- C:\Windows\System\EtAjSMn.exe
  C:\Windows\System\EtAjSMn.exe
  2⤵
  PID:6844
- C:\Windows\System\mQXhPUd.exe
  C:\Windows\System\mQXhPUd.exe
  2⤵
  PID:6864
- C:\Windows\System\UeoZqZk.exe
  C:\Windows\System\UeoZqZk.exe
  2⤵
  PID:6884
- C:\Windows\System\DKZzRyp.exe
  C:\Windows\System\DKZzRyp.exe
  2⤵
  PID:6904
- C:\Windows\System\LSjdwfR.exe
  C:\Windows\System\LSjdwfR.exe
  2⤵
  PID:6924
- C:\Windows\System\fVEDtcB.exe
  C:\Windows\System\fVEDtcB.exe
  2⤵
  PID:6944
- C:\Windows\System\mQAaLXP.exe
  C:\Windows\System\mQAaLXP.exe
  2⤵
  PID:6964
- C:\Windows\System\eULFCvi.exe
  C:\Windows\System\eULFCvi.exe
  2⤵
  PID:6984
- C:\Windows\System\hzsAYYj.exe
  C:\Windows\System\hzsAYYj.exe
  2⤵
  PID:7004
- C:\Windows\System\oSTaLZA.exe
  C:\Windows\System\oSTaLZA.exe
  2⤵
  PID:7024
- C:\Windows\System\KjytYFe.exe
  C:\Windows\System\KjytYFe.exe
  2⤵
  PID:7044
- C:\Windows\System\PMwEFXD.exe
  C:\Windows\System\PMwEFXD.exe
  2⤵
  PID:7064
- C:\Windows\System\JidTncn.exe
  C:\Windows\System\JidTncn.exe
  2⤵
  PID:7084
- C:\Windows\System\CIJpray.exe
  C:\Windows\System\CIJpray.exe
  2⤵
  PID:7104
- C:\Windows\System\RexgvlS.exe
  C:\Windows\System\RexgvlS.exe
  2⤵
  PID:7124
- C:\Windows\System\tlGoygo.exe
  C:\Windows\System\tlGoygo.exe
  2⤵
  PID:7144
- C:\Windows\System\PdMpsRd.exe
  C:\Windows\System\PdMpsRd.exe
  2⤵
  PID:7164
- C:\Windows\System\aSIxYgs.exe
  C:\Windows\System\aSIxYgs.exe
  2⤵
  PID:4276
- C:\Windows\System\NBPOECd.exe
  C:\Windows\System\NBPOECd.exe
  2⤵
  PID:3196
- C:\Windows\System\CSHUHnX.exe
  C:\Windows\System\CSHUHnX.exe
  2⤵
  PID:4828
- C:\Windows\System\HTUOGYB.exe
  C:\Windows\System\HTUOGYB.exe
  2⤵
  PID:4960
- C:\Windows\System\dyhbkoB.exe
  C:\Windows\System\dyhbkoB.exe
  2⤵
  PID:5208
- C:\Windows\System\luKsnhs.exe
  C:\Windows\System\luKsnhs.exe
  2⤵
  PID:5300
- C:\Windows\System\pznvnjQ.exe
  C:\Windows\System\pznvnjQ.exe
  2⤵
  PID:5360
- C:\Windows\System\pGvRhMF.exe
  C:\Windows\System\pGvRhMF.exe
  2⤵
  PID:5384
- C:\Windows\System\EbAnGyW.exe
  C:\Windows\System\EbAnGyW.exe
  2⤵
  PID:5556
- C:\Windows\System\rhTnAkW.exe
  C:\Windows\System\rhTnAkW.exe
  2⤵
  PID:5592
- C:\Windows\System\xKCmJlq.exe
  C:\Windows\System\xKCmJlq.exe
  2⤵
  PID:5716
- C:\Windows\System\NUiFwqg.exe
  C:\Windows\System\NUiFwqg.exe
  2⤵
  PID:5696
- C:\Windows\System\YldvYkY.exe
  C:\Windows\System\YldvYkY.exe
  2⤵
  PID:5796
- C:\Windows\System\hATHgfS.exe
  C:\Windows\System\hATHgfS.exe
  2⤵
  PID:5952
- C:\Windows\System\ZtNKbCw.exe
  C:\Windows\System\ZtNKbCw.exe
  2⤵
  PID:5976
- C:\Windows\System\VGOVrOM.exe
  C:\Windows\System\VGOVrOM.exe
  2⤵
  PID:6100
- C:\Windows\System\pUWWSDF.exe
  C:\Windows\System\pUWWSDF.exe
  2⤵
  PID:6148
- C:\Windows\System\cJFiqRk.exe
  C:\Windows\System\cJFiqRk.exe
  2⤵
  PID:6180
- C:\Windows\System\qxMLaLI.exe
  C:\Windows\System\qxMLaLI.exe
  2⤵
  PID:2100
- C:\Windows\System\CRDtveA.exe
  C:\Windows\System\CRDtveA.exe
  2⤵
  PID:6256
- C:\Windows\System\rjNQFTt.exe
  C:\Windows\System\rjNQFTt.exe
  2⤵
  PID:6272
- C:\Windows\System\PgDbVXo.exe
  C:\Windows\System\PgDbVXo.exe
  2⤵
  PID:6316
- C:\Windows\System\uzWIyCS.exe
  C:\Windows\System\uzWIyCS.exe
  2⤵
  PID:6348
- C:\Windows\System\XgQGycU.exe
  C:\Windows\System\XgQGycU.exe
  2⤵
  PID:6372
- C:\Windows\System\aYOSvYb.exe
  C:\Windows\System\aYOSvYb.exe
  2⤵
  PID:6416
- C:\Windows\System\PoSHUrx.exe
  C:\Windows\System\PoSHUrx.exe
  2⤵
  PID:6432
- C:\Windows\System\ttxvyyu.exe
  C:\Windows\System\ttxvyyu.exe
  2⤵
  PID:6500
- C:\Windows\System\LgqjDKS.exe
  C:\Windows\System\LgqjDKS.exe
  2⤵
  PID:6532
- C:\Windows\System\qmMheqJ.exe
  C:\Windows\System\qmMheqJ.exe
  2⤵
  PID:6552
- C:\Windows\System\gsDNpCB.exe
  C:\Windows\System\gsDNpCB.exe
  2⤵
  PID:6556
- C:\Windows\System\FhykREi.exe
  C:\Windows\System\FhykREi.exe
  2⤵
  PID:6620
- C:\Windows\System\qLxhzvr.exe
  C:\Windows\System\qLxhzvr.exe
  2⤵
  PID:6636
- C:\Windows\System\zaJfyFn.exe
  C:\Windows\System\zaJfyFn.exe
  2⤵
  PID:6680
- C:\Windows\System\UwkkCMG.exe
  C:\Windows\System\UwkkCMG.exe
  2⤵
  PID:6712
- C:\Windows\System\tNNEnry.exe
  C:\Windows\System\tNNEnry.exe
  2⤵
  PID:6752
- C:\Windows\System\tzlNPCG.exe
  C:\Windows\System\tzlNPCG.exe
  2⤵
  PID:6776
- C:\Windows\System\mBFCwmU.exe
  C:\Windows\System\mBFCwmU.exe
  2⤵
  PID:6796
- C:\Windows\System\YTaxDoz.exe
  C:\Windows\System\YTaxDoz.exe
  2⤵
  PID:6836
- C:\Windows\System\CpRSUjE.exe
  C:\Windows\System\CpRSUjE.exe
  2⤵
  PID:6880
- C:\Windows\System\fJYgWrU.exe
  C:\Windows\System\fJYgWrU.exe
  2⤵
  PID:6920
- C:\Windows\System\iLLIWqV.exe
  C:\Windows\System\iLLIWqV.exe
  2⤵
  PID:6952
- C:\Windows\System\zYfpjbu.exe
  C:\Windows\System\zYfpjbu.exe
  2⤵
  PID:6976
- C:\Windows\System\UCfeKNC.exe
  C:\Windows\System\UCfeKNC.exe
  2⤵
  PID:7020
- C:\Windows\System\hNspJIR.exe
  C:\Windows\System\hNspJIR.exe
  2⤵
  PID:7036
- C:\Windows\System\pVKKPkV.exe
  C:\Windows\System\pVKKPkV.exe
  2⤵
  PID:7080
- C:\Windows\System\tipsaUW.exe
  C:\Windows\System\tipsaUW.exe
  2⤵
  PID:7120
- C:\Windows\System\RguhiFt.exe
  C:\Windows\System\RguhiFt.exe
  2⤵
  PID:7152
- C:\Windows\System\SBZamLi.exe
  C:\Windows\System\SBZamLi.exe
  2⤵
  PID:2768
- C:\Windows\System\IfxFURe.exe
  C:\Windows\System\IfxFURe.exe
  2⤵
  PID:4348
- C:\Windows\System\CJvWnuG.exe
  C:\Windows\System\CJvWnuG.exe
  2⤵
  PID:4736
- C:\Windows\System\dtOLxzg.exe
  C:\Windows\System\dtOLxzg.exe
  2⤵
  PID:2660
- C:\Windows\System\Ogwmxbb.exe
  C:\Windows\System\Ogwmxbb.exe
  2⤵
  PID:5268
- C:\Windows\System\zqbHYrz.exe
  C:\Windows\System\zqbHYrz.exe
  2⤵
  PID:2828
- C:\Windows\System\immUwjL.exe
  C:\Windows\System\immUwjL.exe
  2⤵
  PID:1828
- C:\Windows\System\eVYMsUr.exe
  C:\Windows\System\eVYMsUr.exe
  2⤵
  PID:5840
- C:\Windows\System\kCaxlVU.exe
  C:\Windows\System\kCaxlVU.exe
  2⤵
  PID:5900
- C:\Windows\System\wTcHCxq.exe
  C:\Windows\System\wTcHCxq.exe
  2⤵
  PID:2792
- C:\Windows\System\vLDpCJv.exe
  C:\Windows\System\vLDpCJv.exe
  2⤵
  PID:3880
- C:\Windows\System\llKRMkY.exe
  C:\Windows\System\llKRMkY.exe
  2⤵
  PID:6164
- C:\Windows\System\gWVXoMo.exe
  C:\Windows\System\gWVXoMo.exe
  2⤵
  PID:6228
- C:\Windows\System\aPyyEZQ.exe
  C:\Windows\System\aPyyEZQ.exe
  2⤵
  PID:6236
- C:\Windows\System\uJybwIu.exe
  C:\Windows\System\uJybwIu.exe
  2⤵
  PID:6332
- C:\Windows\System\GBCNgKa.exe
  C:\Windows\System\GBCNgKa.exe
  2⤵
  PID:6352
- C:\Windows\System\DyymxNc.exe
  C:\Windows\System\DyymxNc.exe
  2⤵
  PID:6492
- C:\Windows\System\bBwbQqa.exe
  C:\Windows\System\bBwbQqa.exe
  2⤵
  PID:6512
- C:\Windows\System\bGoGzWY.exe
  C:\Windows\System\bGoGzWY.exe
  2⤵
  PID:6540
- C:\Windows\System\aAEwIQI.exe
  C:\Windows\System\aAEwIQI.exe
  2⤵
  PID:6656
- C:\Windows\System\FBmocEu.exe
  C:\Windows\System\FBmocEu.exe
  2⤵
  PID:6652
- C:\Windows\System\iSfglvk.exe
  C:\Windows\System\iSfglvk.exe
  2⤵
  PID:6736
- C:\Windows\System\wsZHldk.exe
  C:\Windows\System\wsZHldk.exe
  2⤵
  PID:2548
- C:\Windows\System\aYfrmIH.exe
  C:\Windows\System\aYfrmIH.exe
  2⤵
  PID:6832
- C:\Windows\System\WuYkKVo.exe
  C:\Windows\System\WuYkKVo.exe
  2⤵
  PID:6852
- C:\Windows\System\bLOBGyn.exe
  C:\Windows\System\bLOBGyn.exe
  2⤵
  PID:6896
- C:\Windows\System\NYLBRcs.exe
  C:\Windows\System\NYLBRcs.exe
  2⤵
  PID:6980
- C:\Windows\System\SixMqqf.exe
  C:\Windows\System\SixMqqf.exe
  2⤵
  PID:1616
- C:\Windows\System\SztwFtz.exe
  C:\Windows\System\SztwFtz.exe
  2⤵
  PID:7040
- C:\Windows\System\nqErTSy.exe
  C:\Windows\System\nqErTSy.exe
  2⤵
  PID:7076
- C:\Windows\System\OPdYEHb.exe
  C:\Windows\System\OPdYEHb.exe
  2⤵
  PID:4196
- C:\Windows\System\IyqIKyF.exe
  C:\Windows\System\IyqIKyF.exe
  2⤵
  PID:4520
- C:\Windows\System\KWWzvHU.exe
  C:\Windows\System\KWWzvHU.exe
  2⤵
  PID:5128
- C:\Windows\System\cTujmgF.exe
  C:\Windows\System\cTujmgF.exe
  2⤵
  PID:2656
- C:\Windows\System\vjNscVs.exe
  C:\Windows\System\vjNscVs.exe
  2⤵
  PID:2336
- C:\Windows\System\hgixQNu.exe
  C:\Windows\System\hgixQNu.exe
  2⤵
  PID:5572
- C:\Windows\System\xosqcka.exe
  C:\Windows\System\xosqcka.exe
  2⤵
  PID:5756
- C:\Windows\System\hdXUaAn.exe
  C:\Windows\System\hdXUaAn.exe
  2⤵
  PID:6000
- C:\Windows\System\THQgXhx.exe
  C:\Windows\System\THQgXhx.exe
  2⤵
  PID:6268
- C:\Windows\System\bWUkyap.exe
  C:\Windows\System\bWUkyap.exe
  2⤵
  PID:6376
- C:\Windows\System\MqvIUgs.exe
  C:\Windows\System\MqvIUgs.exe
  2⤵
  PID:1268
- C:\Windows\System\CWErrHS.exe
  C:\Windows\System\CWErrHS.exe
  2⤵
  PID:6456
- C:\Windows\System\OclzmFq.exe
  C:\Windows\System\OclzmFq.exe
  2⤵
  PID:6516
- C:\Windows\System\KPqoSBY.exe
  C:\Windows\System\KPqoSBY.exe
  2⤵
  PID:6800
- C:\Windows\System\gMUECyR.exe
  C:\Windows\System\gMUECyR.exe
  2⤵
  PID:6792
- C:\Windows\System\eQTnAsI.exe
  C:\Windows\System\eQTnAsI.exe
  2⤵
  PID:6856
- C:\Windows\System\riZVtlY.exe
  C:\Windows\System\riZVtlY.exe
  2⤵
  PID:7188
- C:\Windows\System\IBefjTU.exe
  C:\Windows\System\IBefjTU.exe
  2⤵
  PID:7208
- C:\Windows\System\dEaNXtm.exe
  C:\Windows\System\dEaNXtm.exe
  2⤵
  PID:7228
- C:\Windows\System\rlUKUvA.exe
  C:\Windows\System\rlUKUvA.exe
  2⤵
  PID:7244
- C:\Windows\System\OPGdqnm.exe
  C:\Windows\System\OPGdqnm.exe
  2⤵
  PID:7268
- C:\Windows\System\evwNewe.exe
  C:\Windows\System\evwNewe.exe
  2⤵
  PID:7288
- C:\Windows\System\OqEfqoc.exe
  C:\Windows\System\OqEfqoc.exe
  2⤵
  PID:7308
- C:\Windows\System\FyGOsyT.exe
  C:\Windows\System\FyGOsyT.exe
  2⤵
  PID:7328
- C:\Windows\System\bClfWDJ.exe
  C:\Windows\System\bClfWDJ.exe
  2⤵
  PID:7348
- C:\Windows\System\QkGHtzB.exe
  C:\Windows\System\QkGHtzB.exe
  2⤵
  PID:7368
- C:\Windows\System\RbSwMwN.exe
  C:\Windows\System\RbSwMwN.exe
  2⤵
  PID:7388
- C:\Windows\System\lNtizJM.exe
  C:\Windows\System\lNtizJM.exe
  2⤵
  PID:7408
- C:\Windows\System\TIJxzMU.exe
  C:\Windows\System\TIJxzMU.exe
  2⤵
  PID:7428
- C:\Windows\System\oQJIHgE.exe
  C:\Windows\System\oQJIHgE.exe
  2⤵
  PID:7448
- C:\Windows\System\EbKPFcv.exe
  C:\Windows\System\EbKPFcv.exe
  2⤵
  PID:7468
- C:\Windows\System\wgmnTpJ.exe
  C:\Windows\System\wgmnTpJ.exe
  2⤵
  PID:7488
- C:\Windows\System\zppeIZV.exe
  C:\Windows\System\zppeIZV.exe
  2⤵
  PID:7508
- C:\Windows\System\ieajFhO.exe
  C:\Windows\System\ieajFhO.exe
  2⤵
  PID:7528
- C:\Windows\System\NNhLxdR.exe
  C:\Windows\System\NNhLxdR.exe
  2⤵
  PID:7548
- C:\Windows\System\BBrUzeu.exe
  C:\Windows\System\BBrUzeu.exe
  2⤵
  PID:7568
- C:\Windows\System\GdkdDBR.exe
  C:\Windows\System\GdkdDBR.exe
  2⤵
  PID:7588
- C:\Windows\System\eAiWitZ.exe
  C:\Windows\System\eAiWitZ.exe
  2⤵
  PID:7612
- C:\Windows\System\XVqnXXO.exe
  C:\Windows\System\XVqnXXO.exe
  2⤵
  PID:7632
- C:\Windows\System\RgUixNZ.exe
  C:\Windows\System\RgUixNZ.exe
  2⤵
  PID:7652
- C:\Windows\System\pTXsKPC.exe
  C:\Windows\System\pTXsKPC.exe
  2⤵
  PID:7668
- C:\Windows\System\cuTwGnt.exe
  C:\Windows\System\cuTwGnt.exe
  2⤵
  PID:7688
- C:\Windows\System\prlgAJm.exe
  C:\Windows\System\prlgAJm.exe
  2⤵
  PID:7712
- C:\Windows\System\vaikOSG.exe
  C:\Windows\System\vaikOSG.exe
  2⤵
  PID:7732
- C:\Windows\System\JLNgYDY.exe
  C:\Windows\System\JLNgYDY.exe
  2⤵
  PID:7752
- C:\Windows\System\VcjSoZr.exe
  C:\Windows\System\VcjSoZr.exe
  2⤵
  PID:7772
- C:\Windows\System\ndEjedK.exe
  C:\Windows\System\ndEjedK.exe
  2⤵
  PID:7796
- C:\Windows\System\CvWoAzy.exe
  C:\Windows\System\CvWoAzy.exe
  2⤵
  PID:7816
- C:\Windows\System\vjaRXnR.exe
  C:\Windows\System\vjaRXnR.exe
  2⤵
  PID:7836
- C:\Windows\System\PdZrqyQ.exe
  C:\Windows\System\PdZrqyQ.exe
  2⤵
  PID:7856
- C:\Windows\System\RrWVNRO.exe
  C:\Windows\System\RrWVNRO.exe
  2⤵
  PID:7872
- C:\Windows\System\sgEXlNe.exe
  C:\Windows\System\sgEXlNe.exe
  2⤵
  PID:7896
- C:\Windows\System\hcDRgIq.exe
  C:\Windows\System\hcDRgIq.exe
  2⤵
  PID:7916
- C:\Windows\System\dRpcthU.exe
  C:\Windows\System\dRpcthU.exe
  2⤵
  PID:7936
- C:\Windows\System\lJtGcMh.exe
  C:\Windows\System\lJtGcMh.exe
  2⤵
  PID:7956
- C:\Windows\System\nYGDhYf.exe
  C:\Windows\System\nYGDhYf.exe
  2⤵
  PID:7976
- C:\Windows\System\idEkUye.exe
  C:\Windows\System\idEkUye.exe
  2⤵
  PID:7996
- C:\Windows\System\RiqJksO.exe
  C:\Windows\System\RiqJksO.exe
  2⤵
  PID:8012
- C:\Windows\System\gTHUBGo.exe
  C:\Windows\System\gTHUBGo.exe
  2⤵
  PID:8032
- C:\Windows\System\BaUDYwD.exe
  C:\Windows\System\BaUDYwD.exe
  2⤵
  PID:8056
- C:\Windows\System\rIwnpSi.exe
  C:\Windows\System\rIwnpSi.exe
  2⤵
  PID:8076
- C:\Windows\System\ZtfWHUp.exe
  C:\Windows\System\ZtfWHUp.exe
  2⤵
  PID:8096
- C:\Windows\System\fJVAPJB.exe
  C:\Windows\System\fJVAPJB.exe
  2⤵
  PID:8116
- C:\Windows\System\HIpdgWA.exe
  C:\Windows\System\HIpdgWA.exe
  2⤵
  PID:8136
- C:\Windows\System\OpYwoUi.exe
  C:\Windows\System\OpYwoUi.exe
  2⤵
  PID:8156
- C:\Windows\System\UDVhdUW.exe
  C:\Windows\System\UDVhdUW.exe
  2⤵
  PID:8176
- C:\Windows\System\gLRuRKv.exe
  C:\Windows\System\gLRuRKv.exe
  2⤵
  PID:6900
- C:\Windows\System\TInbnSc.exe
  C:\Windows\System\TInbnSc.exe
  2⤵
  PID:6996
- C:\Windows\System\HRkAWbc.exe
  C:\Windows\System\HRkAWbc.exe
  2⤵
  PID:7052
- C:\Windows\System\AdNioIm.exe
  C:\Windows\System\AdNioIm.exe
  2⤵
  PID:1764
- C:\Windows\System\OGWKDXb.exe
  C:\Windows\System\OGWKDXb.exe
  2⤵
  PID:4608
- C:\Windows\System\tUcZDjy.exe
  C:\Windows\System\tUcZDjy.exe
  2⤵
  PID:4540
- C:\Windows\System\ZJexZQV.exe
  C:\Windows\System\ZJexZQV.exe
  2⤵
  PID:5468
- C:\Windows\System\ZuApqxZ.exe
  C:\Windows\System\ZuApqxZ.exe
  2⤵
  PID:4412
- C:\Windows\System\hQEshvb.exe
  C:\Windows\System\hQEshvb.exe
  2⤵
  PID:6248
- C:\Windows\System\RzpgkzL.exe
  C:\Windows\System\RzpgkzL.exe
  2⤵
  PID:6448
- C:\Windows\System\DpHMroH.exe
  C:\Windows\System\DpHMroH.exe
  2⤵
  PID:6368
- C:\Windows\System\ycoZKpF.exe
  C:\Windows\System\ycoZKpF.exe
  2⤵
  PID:6576
- C:\Windows\System\cCmaDzz.exe
  C:\Windows\System\cCmaDzz.exe
  2⤵
  PID:6932
- C:\Windows\System\naQueaE.exe
  C:\Windows\System\naQueaE.exe
  2⤵
  PID:7180
- C:\Windows\System\dHDdeRJ.exe
  C:\Windows\System\dHDdeRJ.exe
  2⤵
  PID:7240
- C:\Windows\System\cWnEphq.exe
  C:\Windows\System\cWnEphq.exe
  2⤵
  PID:7284
- C:\Windows\System\CKZfudg.exe
  C:\Windows\System\CKZfudg.exe
  2⤵
  PID:7264
- C:\Windows\System\BHetwyf.exe
  C:\Windows\System\BHetwyf.exe
  2⤵
  PID:7320
- C:\Windows\System\lMWYdIj.exe
  C:\Windows\System\lMWYdIj.exe
  2⤵
  PID:7340
- C:\Windows\System\yHCTKyR.exe
  C:\Windows\System\yHCTKyR.exe
  2⤵
  PID:7380
- C:\Windows\System\SgjhqvR.exe
  C:\Windows\System\SgjhqvR.exe
  2⤵
  PID:7440
- C:\Windows\System\tolPEtr.exe
  C:\Windows\System\tolPEtr.exe
  2⤵
  PID:7416
- C:\Windows\System\AoAgZes.exe
  C:\Windows\System\AoAgZes.exe
  2⤵
  PID:2704
- C:\Windows\System\QYKiYzq.exe
  C:\Windows\System\QYKiYzq.exe
  2⤵
  PID:7504
- C:\Windows\System\kVnlhvX.exe
  C:\Windows\System\kVnlhvX.exe
  2⤵
  PID:7544
- C:\Windows\System\XxoUtJl.exe
  C:\Windows\System\XxoUtJl.exe
  2⤵
  PID:7596
- C:\Windows\System\IcyvPwa.exe
  C:\Windows\System\IcyvPwa.exe
  2⤵
  PID:7620
- C:\Windows\System\PQgOREk.exe
  C:\Windows\System\PQgOREk.exe
  2⤵
  PID:7648
- C:\Windows\System\GkjwBsH.exe
  C:\Windows\System\GkjwBsH.exe
  2⤵
  PID:7664
- C:\Windows\System\gZcqiRN.exe
  C:\Windows\System\gZcqiRN.exe
  2⤵
  PID:2172
- C:\Windows\System\VfpwTNv.exe
  C:\Windows\System\VfpwTNv.exe
  2⤵
  PID:7748
- C:\Windows\System\lDoeDtH.exe
  C:\Windows\System\lDoeDtH.exe
  2⤵
  PID:7780
- C:\Windows\System\yOaRLlp.exe
  C:\Windows\System\yOaRLlp.exe
  2⤵
  PID:7808
- C:\Windows\System\iRRKnQU.exe
  C:\Windows\System\iRRKnQU.exe
  2⤵
  PID:7852
- C:\Windows\System\jdUOFrD.exe
  C:\Windows\System\jdUOFrD.exe
  2⤵
  PID:7888
- C:\Windows\System\aITNxkU.exe
  C:\Windows\System\aITNxkU.exe
  2⤵
  PID:7932
- C:\Windows\System\olYYyoc.exe
  C:\Windows\System\olYYyoc.exe
  2⤵
  PID:7952
- C:\Windows\System\fvfNNmw.exe
  C:\Windows\System\fvfNNmw.exe
  2⤵
  PID:7984
- C:\Windows\System\LCFJdMb.exe
  C:\Windows\System\LCFJdMb.exe
  2⤵
  PID:8040
- C:\Windows\System\yYEWYWW.exe
  C:\Windows\System\yYEWYWW.exe
  2⤵
  PID:8024
- C:\Windows\System\PrHJHbD.exe
  C:\Windows\System\PrHJHbD.exe
  2⤵
  PID:8068
- C:\Windows\System\eULlLko.exe
  C:\Windows\System\eULlLko.exe
  2⤵
  PID:8128
- C:\Windows\System\kZywgQq.exe
  C:\Windows\System\kZywgQq.exe
  2⤵
  PID:8172
- C:\Windows\System\lSBrNTZ.exe
  C:\Windows\System\lSBrNTZ.exe
  2⤵
  PID:8184
- C:\Windows\System\tusWFev.exe
  C:\Windows\System\tusWFev.exe
  2⤵
  PID:6960
- C:\Windows\System\cwgMPQo.exe
  C:\Windows\System\cwgMPQo.exe
  2⤵
  PID:6940
- C:\Windows\System\WDWfmvp.exe
  C:\Windows\System\WDWfmvp.exe
  2⤵
  PID:7112
- C:\Windows\System\WuVqDJG.exe
  C:\Windows\System\WuVqDJG.exe
  2⤵
  PID:5800
- C:\Windows\System\wJIaLPp.exe
  C:\Windows\System\wJIaLPp.exe
  2⤵
  PID:6208
- C:\Windows\System\xJBcEgM.exe
  C:\Windows\System\xJBcEgM.exe
  2⤵
  PID:6672
- C:\Windows\System\lSbhFYY.exe
  C:\Windows\System\lSbhFYY.exe
  2⤵
  PID:6720
- C:\Windows\System\HZtvgDe.exe
  C:\Windows\System\HZtvgDe.exe
  2⤵
  PID:6756
- C:\Windows\System\RJYrYBr.exe
  C:\Windows\System\RJYrYBr.exe
  2⤵
  PID:7236
- C:\Windows\System\hagXQUO.exe
  C:\Windows\System\hagXQUO.exe
  2⤵
  PID:7296
- C:\Windows\System\ngbSZDq.exe
  C:\Windows\System\ngbSZDq.exe
  2⤵
  PID:7316
- C:\Windows\System\BAiBRjx.exe
  C:\Windows\System\BAiBRjx.exe
  2⤵
  PID:7356
- C:\Windows\System\HYdyMRX.exe
  C:\Windows\System\HYdyMRX.exe
  2⤵
  PID:7444
- C:\Windows\System\CwLpGFB.exe
  C:\Windows\System\CwLpGFB.exe
  2⤵
  PID:7456
- C:\Windows\System\iwPMFiQ.exe
  C:\Windows\System\iwPMFiQ.exe
  2⤵
  PID:7564
- C:\Windows\System\oXuYdiy.exe
  C:\Windows\System\oXuYdiy.exe
  2⤵
  PID:7560
- C:\Windows\System\OhVLPds.exe
  C:\Windows\System\OhVLPds.exe
  2⤵
  PID:2664
- C:\Windows\System\sDApBtS.exe
  C:\Windows\System\sDApBtS.exe
  2⤵
  PID:7680
- C:\Windows\System\tyeTOFe.exe
  C:\Windows\System\tyeTOFe.exe
  2⤵
  PID:7708
- C:\Windows\System\ZKSjyFH.exe
  C:\Windows\System\ZKSjyFH.exe
  2⤵
  PID:7704
- C:\Windows\System\PIlLTPD.exe
  C:\Windows\System\PIlLTPD.exe
  2⤵
  PID:7844
- C:\Windows\System\JojgWUt.exe
  C:\Windows\System\JojgWUt.exe
  2⤵
  PID:7828
- C:\Windows\System\wvoiiBJ.exe
  C:\Windows\System\wvoiiBJ.exe
  2⤵
  PID:7944
- C:\Windows\System\ClgbpLU.exe
  C:\Windows\System\ClgbpLU.exe
  2⤵
  PID:8020
- C:\Windows\System\LDobLyW.exe
  C:\Windows\System\LDobLyW.exe
  2⤵
  PID:7988
- C:\Windows\System\uDuTPps.exe
  C:\Windows\System\uDuTPps.exe
  2⤵
  PID:8124
- C:\Windows\System\LeIlRoL.exe
  C:\Windows\System\LeIlRoL.exe
  2⤵
  PID:8164
- C:\Windows\System\kuGAcmM.exe
  C:\Windows\System\kuGAcmM.exe
  2⤵
  PID:4564
- C:\Windows\System\LIzZiJW.exe
  C:\Windows\System\LIzZiJW.exe
  2⤵
  PID:2816
- C:\Windows\System\DuLoNLW.exe
  C:\Windows\System\DuLoNLW.exe
  2⤵
  PID:5480
- C:\Windows\System\djbPfvg.exe
  C:\Windows\System\djbPfvg.exe
  2⤵
  PID:5932
- C:\Windows\System\yXOFIpj.exe
  C:\Windows\System\yXOFIpj.exe
  2⤵
  PID:6700
- C:\Windows\System\EjrPgVH.exe
  C:\Windows\System\EjrPgVH.exe
  2⤵
  PID:7220
- C:\Windows\System\RJbbTRJ.exe
  C:\Windows\System\RJbbTRJ.exe
  2⤵
  PID:3316
- C:\Windows\System\WaGtMGk.exe
  C:\Windows\System\WaGtMGk.exe
  2⤵
  PID:7420
- C:\Windows\System\CLTGBKE.exe
  C:\Windows\System\CLTGBKE.exe
  2⤵
  PID:7556
- C:\Windows\System\zBWuZUf.exe
  C:\Windows\System\zBWuZUf.exe
  2⤵
  PID:7536
- C:\Windows\System\jvQXFyl.exe
  C:\Windows\System\jvQXFyl.exe
  2⤵
  PID:7644
- C:\Windows\System\ecspXsD.exe
  C:\Windows\System\ecspXsD.exe
  2⤵
  PID:7696
- C:\Windows\System\SutTvga.exe
  C:\Windows\System\SutTvga.exe
  2⤵
  PID:7924
- C:\Windows\System\KoeyDWv.exe
  C:\Windows\System\KoeyDWv.exe
  2⤵
  PID:7948
- C:\Windows\System\aaZyXqe.exe
  C:\Windows\System\aaZyXqe.exe
  2⤵
  PID:8084
- C:\Windows\System\FszJupN.exe
  C:\Windows\System\FszJupN.exe
  2⤵
  PID:8132
- C:\Windows\System\AREWrVz.exe
  C:\Windows\System\AREWrVz.exe
  2⤵
  PID:8208
- C:\Windows\System\PthAhGg.exe
  C:\Windows\System\PthAhGg.exe
  2⤵
  PID:8228
- C:\Windows\System\PAGicRA.exe
  C:\Windows\System\PAGicRA.exe
  2⤵
  PID:8244
- C:\Windows\System\qFgGWmd.exe
  C:\Windows\System\qFgGWmd.exe
  2⤵
  PID:8268
- C:\Windows\System\BLWkcll.exe
  C:\Windows\System\BLWkcll.exe
  2⤵
  PID:8288
- C:\Windows\System\jLVpfRK.exe
  C:\Windows\System\jLVpfRK.exe
  2⤵
  PID:8308
- C:\Windows\System\mmxaJDa.exe
  C:\Windows\System\mmxaJDa.exe
  2⤵
  PID:8328
- C:\Windows\System\GXSGAbz.exe
  C:\Windows\System\GXSGAbz.exe
  2⤵
  PID:8348
- C:\Windows\System\EyJbIno.exe
  C:\Windows\System\EyJbIno.exe
  2⤵
  PID:8368
- C:\Windows\System\zoSZIQZ.exe
  C:\Windows\System\zoSZIQZ.exe
  2⤵
  PID:8388
- C:\Windows\System\RMgEceM.exe
  C:\Windows\System\RMgEceM.exe
  2⤵
  PID:8408
- C:\Windows\System\AuZcjEi.exe
  C:\Windows\System\AuZcjEi.exe
  2⤵
  PID:8428
- C:\Windows\System\eMoIcjm.exe
  C:\Windows\System\eMoIcjm.exe
  2⤵
  PID:8448
- C:\Windows\System\dHXwSdg.exe
  C:\Windows\System\dHXwSdg.exe
  2⤵
  PID:8468
- C:\Windows\System\yGozNVi.exe
  C:\Windows\System\yGozNVi.exe
  2⤵
  PID:8488
- C:\Windows\System\RhMVlKi.exe
  C:\Windows\System\RhMVlKi.exe
  2⤵
  PID:8508
- C:\Windows\System\KXLeQej.exe
  C:\Windows\System\KXLeQej.exe
  2⤵
  PID:8524
- C:\Windows\System\OlHDZws.exe
  C:\Windows\System\OlHDZws.exe
  2⤵
  PID:8540
- C:\Windows\System\XUlqWOJ.exe
  C:\Windows\System\XUlqWOJ.exe
  2⤵
  PID:8556
- C:\Windows\System\UrJKEUf.exe
  C:\Windows\System\UrJKEUf.exe
  2⤵
  PID:8572
- C:\Windows\System\sTKErCc.exe
  C:\Windows\System\sTKErCc.exe
  2⤵
  PID:8588
- C:\Windows\System\FrYVtcy.exe
  C:\Windows\System\FrYVtcy.exe
  2⤵
  PID:8604
- C:\Windows\System\PxkqVnu.exe
  C:\Windows\System\PxkqVnu.exe
  2⤵
  PID:8624
- C:\Windows\System\lFCorIj.exe
  C:\Windows\System\lFCorIj.exe
  2⤵
  PID:8640
- C:\Windows\System\KUATPfI.exe
  C:\Windows\System\KUATPfI.exe
  2⤵
  PID:8656
- C:\Windows\System\TAkodXj.exe
  C:\Windows\System\TAkodXj.exe
  2⤵
  PID:8672
- C:\Windows\System\oxVUfMl.exe
  C:\Windows\System\oxVUfMl.exe
  2⤵
  PID:8692
- C:\Windows\System\fmqmFYj.exe
  C:\Windows\System\fmqmFYj.exe
  2⤵
  PID:8708
- C:\Windows\System\wzSJjJG.exe
  C:\Windows\System\wzSJjJG.exe
  2⤵
  PID:8724
- C:\Windows\System\IuQIaDa.exe
  C:\Windows\System\IuQIaDa.exe
  2⤵
  PID:8744
- C:\Windows\System\tUwtLTm.exe
  C:\Windows\System\tUwtLTm.exe
  2⤵
  PID:8760
- C:\Windows\System\LSSTKVx.exe
  C:\Windows\System\LSSTKVx.exe
  2⤵
  PID:8776
- C:\Windows\System\NHNutMs.exe
  C:\Windows\System\NHNutMs.exe
  2⤵
  PID:8792
- C:\Windows\System\YFpCdSK.exe
  C:\Windows\System\YFpCdSK.exe
  2⤵
  PID:8824
- C:\Windows\System\XAKCykN.exe
  C:\Windows\System\XAKCykN.exe
  2⤵
  PID:8852
- C:\Windows\System\fFNWbGr.exe
  C:\Windows\System\fFNWbGr.exe
  2⤵
  PID:8880
- C:\Windows\System\eLJBdJd.exe
  C:\Windows\System\eLJBdJd.exe
  2⤵
  PID:8896
- C:\Windows\System\kYdizyJ.exe
  C:\Windows\System\kYdizyJ.exe
  2⤵
  PID:8912
- C:\Windows\System\SWealPM.exe
  C:\Windows\System\SWealPM.exe
  2⤵
  PID:8928
- C:\Windows\System\IFEbVbZ.exe
  C:\Windows\System\IFEbVbZ.exe
  2⤵
  PID:8944
- C:\Windows\System\rANGfIg.exe
  C:\Windows\System\rANGfIg.exe
  2⤵
  PID:8960
- C:\Windows\System\bqQysrj.exe
  C:\Windows\System\bqQysrj.exe
  2⤵
  PID:9032
- C:\Windows\System\aqYwVjg.exe
  C:\Windows\System\aqYwVjg.exe
  2⤵
  PID:9048
- C:\Windows\System\nfupGZO.exe
  C:\Windows\System\nfupGZO.exe
  2⤵
  PID:9064
- C:\Windows\System\TUnIzax.exe
  C:\Windows\System\TUnIzax.exe
  2⤵
  PID:9080
- C:\Windows\System\inrTwaP.exe
  C:\Windows\System\inrTwaP.exe
  2⤵
  PID:9096
- C:\Windows\System\UWKHiNa.exe
  C:\Windows\System\UWKHiNa.exe
  2⤵
  PID:9112
- C:\Windows\System\oiHdWgr.exe
  C:\Windows\System\oiHdWgr.exe
  2⤵
  PID:9128
- C:\Windows\System\QjWYeOT.exe
  C:\Windows\System\QjWYeOT.exe
  2⤵
  PID:9144
- C:\Windows\System\fHgQBlu.exe
  C:\Windows\System\fHgQBlu.exe
  2⤵
  PID:9160
- C:\Windows\System\gcZZYLc.exe
  C:\Windows\System\gcZZYLc.exe
  2⤵
  PID:9176
- C:\Windows\System\vJRPaAq.exe
  C:\Windows\System\vJRPaAq.exe
  2⤵
  PID:9192
- C:\Windows\System\MpreniA.exe
  C:\Windows\System\MpreniA.exe
  2⤵
  PID:7480
- C:\Windows\System\uaVzPPd.exe
  C:\Windows\System\uaVzPPd.exe
  2⤵
  PID:7624
- C:\Windows\System\VlQGawB.exe
  C:\Windows\System\VlQGawB.exe
  2⤵
  PID:7516
- C:\Windows\System\OgUMjDi.exe
  C:\Windows\System\OgUMjDi.exe
  2⤵
  PID:7768
- C:\Windows\System\wplqIdi.exe
  C:\Windows\System\wplqIdi.exe
  2⤵
  PID:7812
- C:\Windows\System\NMRXmCq.exe
  C:\Windows\System\NMRXmCq.exe
  2⤵
  PID:7928
- C:\Windows\System\ASvdqio.exe
  C:\Windows\System\ASvdqio.exe
  2⤵
  PID:8088
- C:\Windows\System\sSAMlXk.exe
  C:\Windows\System\sSAMlXk.exe
  2⤵
  PID:8216
- C:\Windows\System\psIIRDB.exe
  C:\Windows\System\psIIRDB.exe
  2⤵
  PID:8220
- C:\Windows\System\cnduhyr.exe
  C:\Windows\System\cnduhyr.exe
  2⤵
  PID:8264
- C:\Windows\System\wpwuYmS.exe
  C:\Windows\System\wpwuYmS.exe
  2⤵
  PID:8296
- C:\Windows\System\JTKWESF.exe
  C:\Windows\System\JTKWESF.exe
  2⤵
  PID:8320
- C:\Windows\System\xqnIYCd.exe
  C:\Windows\System\xqnIYCd.exe
  2⤵
  PID:8360
- C:\Windows\System\AVasYba.exe
  C:\Windows\System\AVasYba.exe
  2⤵
  PID:8404
- C:\Windows\System\zWNXEuZ.exe
  C:\Windows\System\zWNXEuZ.exe
  2⤵
  PID:8436
- C:\Windows\System\dylzQCL.exe
  C:\Windows\System\dylzQCL.exe
  2⤵
  PID:8480
- C:\Windows\System\iwlhIyd.exe
  C:\Windows\System\iwlhIyd.exe
  2⤵
  PID:8520
- C:\Windows\System\nCbhCOG.exe
  C:\Windows\System\nCbhCOG.exe
  2⤵
  PID:8536
- C:\Windows\System\sUXsWIu.exe
  C:\Windows\System\sUXsWIu.exe
  2⤵
  PID:8584
- C:\Windows\System\eBKHNpZ.exe
  C:\Windows\System\eBKHNpZ.exe
  2⤵
  PID:8600
- C:\Windows\System\pxfBcAp.exe
  C:\Windows\System\pxfBcAp.exe
  2⤵
  PID:8684
- C:\Windows\System\GGTKZiR.exe
  C:\Windows\System\GGTKZiR.exe
  2⤵
  PID:8808
- C:\Windows\System\MyuyuBC.exe
  C:\Windows\System\MyuyuBC.exe
  2⤵
  PID:8860
- C:\Windows\System\DgVcsPl.exe
  C:\Windows\System\DgVcsPl.exe
  2⤵
  PID:8904
- C:\Windows\System\gaBOdPF.exe
  C:\Windows\System\gaBOdPF.exe
  2⤵
  PID:8940
- C:\Windows\System\UbhjYwu.exe
  C:\Windows\System\UbhjYwu.exe
  2⤵
  PID:8972
- C:\Windows\System\HGUGzyx.exe
  C:\Windows\System\HGUGzyx.exe
  2⤵
  PID:8984
- C:\Windows\System\SlWVDdn.exe
  C:\Windows\System\SlWVDdn.exe
  2⤵
  PID:9000
- C:\Windows\System\KGAHLaN.exe
  C:\Windows\System\KGAHLaN.exe
  2⤵
  PID:9016
- C:\Windows\System\KbqHeAe.exe
  C:\Windows\System\KbqHeAe.exe
  2⤵
  PID:3608
- C:\Windows\System\EwbqtBr.exe
  C:\Windows\System\EwbqtBr.exe
  2⤵
  PID:9044
- C:\Windows\System\axehWuV.exe
  C:\Windows\System\axehWuV.exe
  2⤵
  PID:9076
- C:\Windows\System\mmoorVq.exe
  C:\Windows\System\mmoorVq.exe
  2⤵
  PID:9120
- C:\Windows\System\NJUrmCH.exe
  C:\Windows\System\NJUrmCH.exe
  2⤵
  PID:9188
- C:\Windows\System\rrONCcJ.exe
  C:\Windows\System\rrONCcJ.exe
  2⤵
  PID:2740
- C:\Windows\System\zffBsZA.exe
  C:\Windows\System\zffBsZA.exe
  2⤵
  PID:7364
- C:\Windows\System\TydiOHO.exe
  C:\Windows\System\TydiOHO.exe
  2⤵
  PID:7204
- C:\Windows\System\IXSwjGm.exe
  C:\Windows\System\IXSwjGm.exe
  2⤵
  PID:7256
- C:\Windows\System\ifCMLsz.exe
  C:\Windows\System\ifCMLsz.exe
  2⤵
  PID:7496
- C:\Windows\System\thjJDGq.exe
  C:\Windows\System\thjJDGq.exe
  2⤵
  PID:7764
- C:\Windows\System\wAnvAtE.exe
  C:\Windows\System\wAnvAtE.exe
  2⤵
  PID:7972
- C:\Windows\System\WLbZhdA.exe
  C:\Windows\System\WLbZhdA.exe
  2⤵
  PID:8240
- C:\Windows\System\SPessMZ.exe
  C:\Windows\System\SPessMZ.exe
  2⤵
  PID:5104
- C:\Windows\System\nGZzFkN.exe
  C:\Windows\System\nGZzFkN.exe
  2⤵
  PID:8300
- C:\Windows\System\XuiNoQQ.exe
  C:\Windows\System\XuiNoQQ.exe
  2⤵
  PID:5108
- C:\Windows\System\NTazCva.exe
  C:\Windows\System\NTazCva.exe
  2⤵
  PID:8376
- C:\Windows\System\KvtTjnf.exe
  C:\Windows\System\KvtTjnf.exe
  2⤵
  PID:8424
- C:\Windows\System\UTEZYkJ.exe
  C:\Windows\System\UTEZYkJ.exe
  2⤵
  PID:8440
- C:\Windows\System\vKUOWcm.exe
  C:\Windows\System\vKUOWcm.exe
  2⤵
  PID:8484
- C:\Windows\System\aJpExwp.exe
  C:\Windows\System\aJpExwp.exe
  2⤵
  PID:8552
- C:\Windows\System\VSZRYDH.exe
  C:\Windows\System\VSZRYDH.exe
  2⤵
  PID:8620
- C:\Windows\System\RfvxdRn.exe
  C:\Windows\System\RfvxdRn.exe
  2⤵
  PID:8680
- C:\Windows\System\DMLoPKe.exe
  C:\Windows\System\DMLoPKe.exe
  2⤵
  PID:8636
- C:\Windows\System\sdhmfCf.exe
  C:\Windows\System\sdhmfCf.exe
  2⤵
  PID:8716
- C:\Windows\System\GDYzOWp.exe
  C:\Windows\System\GDYzOWp.exe
  2⤵
  PID:5512
- C:\Windows\System\ODXBUPv.exe
  C:\Windows\System\ODXBUPv.exe
  2⤵
  PID:6212
- C:\Windows\System\DSmcCnb.exe
  C:\Windows\System\DSmcCnb.exe
  2⤵
  PID:1092
- C:\Windows\System\NNZeemG.exe
  C:\Windows\System\NNZeemG.exe
  2⤵
  PID:8756
- C:\Windows\System\XTBhUUR.exe
  C:\Windows\System\XTBhUUR.exe
  2⤵
  PID:1792
- C:\Windows\System\MIpAExB.exe
  C:\Windows\System\MIpAExB.exe
  2⤵
  PID:1864
- C:\Windows\System\lhVnvZj.exe
  C:\Windows\System\lhVnvZj.exe
  2⤵
  PID:1488
- C:\Windows\System\oIoZgIh.exe
  C:\Windows\System\oIoZgIh.exe
  2⤵
  PID:832
- C:\Windows\System\kgDcoJj.exe
  C:\Windows\System\kgDcoJj.exe
  2⤵
  PID:580
- C:\Windows\System\DTRVgrM.exe
  C:\Windows\System\DTRVgrM.exe
  2⤵
  PID:8736
- C:\Windows\System\KOlqDgu.exe
  C:\Windows\System\KOlqDgu.exe
  2⤵
  PID:1156
- C:\Windows\System\jILsLal.exe
  C:\Windows\System\jILsLal.exe
  2⤵
  PID:2432
- C:\Windows\System\pVPmxZd.exe
  C:\Windows\System\pVPmxZd.exe
  2⤵
  PID:1684
- C:\Windows\System\OZfnvQe.exe
  C:\Windows\System\OZfnvQe.exe
  2⤵
  PID:8876
- C:\Windows\System\wEVQbfQ.exe
  C:\Windows\System\wEVQbfQ.exe
  2⤵
  PID:7464
- C:\Windows\System\VzaCfnx.exe
  C:\Windows\System\VzaCfnx.exe
  2⤵
  PID:2088
- C:\Windows\System\EkVjZia.exe
  C:\Windows\System\EkVjZia.exe
  2⤵
  PID:8456
- C:\Windows\System\uwaYZYd.exe
  C:\Windows\System\uwaYZYd.exe
  2⤵
  PID:8280
- C:\Windows\System\KoEEUKq.exe
  C:\Windows\System\KoEEUKq.exe
  2⤵
  PID:8416
- C:\Windows\System\WxRfwTa.exe
  C:\Windows\System\WxRfwTa.exe
  2⤵
  PID:2224
- C:\Windows\System\XQqVlZp.exe
  C:\Windows\System\XQqVlZp.exe
  2⤵
  PID:2036
- C:\Windows\System\EVifMPz.exe
  C:\Windows\System\EVifMPz.exe
  2⤵
  PID:8652
- C:\Windows\System\MslMpZq.exe
  C:\Windows\System\MslMpZq.exe
  2⤵
  PID:8700
- C:\Windows\System\SJxyCyb.exe
  C:\Windows\System\SJxyCyb.exe
  2⤵
  PID:2984
- C:\Windows\System\bawrGPs.exe
  C:\Windows\System\bawrGPs.exe
  2⤵
  PID:2760
- C:\Windows\System\dkndhSq.exe
  C:\Windows\System\dkndhSq.exe
  2⤵
  PID:2820
- C:\Windows\System\TZwmloI.exe
  C:\Windows\System\TZwmloI.exe
  2⤵
  PID:2708
- C:\Windows\System\CWlVKgl.exe
  C:\Windows\System\CWlVKgl.exe
  2⤵
  PID:8872
- C:\Windows\System\cqMYfsq.exe
  C:\Windows\System\cqMYfsq.exe
  2⤵
  PID:3048
- C:\Windows\System\Rjnbkgt.exe
  C:\Windows\System\Rjnbkgt.exe
  2⤵
  PID:2332
- C:\Windows\System\TVQFfPy.exe
  C:\Windows\System\TVQFfPy.exe
  2⤵
  PID:9060
- C:\Windows\System\itnRUKN.exe
  C:\Windows\System\itnRUKN.exe
  2⤵
  PID:8992
- C:\Windows\System\KitrZRi.exe
  C:\Windows\System\KitrZRi.exe
  2⤵
  PID:8980
- C:\Windows\System\rmulFJL.exe
  C:\Windows\System\rmulFJL.exe
  2⤵
  PID:9104
- C:\Windows\System\yTeoqEj.exe
  C:\Windows\System\yTeoqEj.exe
  2⤵
  PID:7484
- C:\Windows\System\qbLjKWW.exe
  C:\Windows\System\qbLjKWW.exe
  2⤵
  PID:8224
- C:\Windows\System\MzueBSj.exe
  C:\Windows\System\MzueBSj.exe
  2⤵
  PID:8752
- C:\Windows\System\RFMAhwS.exe
  C:\Windows\System\RFMAhwS.exe
  2⤵
  PID:1304
- C:\Windows\System\MqsqGEu.exe
  C:\Windows\System\MqsqGEu.exe
  2⤵
  PID:8256
- C:\Windows\System\nuWleCs.exe
  C:\Windows\System\nuWleCs.exe
  2⤵
  PID:1672
- C:\Windows\System\cypdytU.exe
  C:\Windows\System\cypdytU.exe
  2⤵
  PID:2888
- C:\Windows\System\ggVqUDO.exe
  C:\Windows\System\ggVqUDO.exe
  2⤵
  PID:1532
- C:\Windows\System\TkSnzhJ.exe
  C:\Windows\System\TkSnzhJ.exe
  2⤵
  PID:3648
- C:\Windows\System\MfANtSO.exe
  C:\Windows\System\MfANtSO.exe
  2⤵
  PID:6596
- C:\Windows\System\Ypazjhz.exe
  C:\Windows\System\Ypazjhz.exe
  2⤵
  PID:9028
- C:\Windows\System\rncVbTb.exe
  C:\Windows\System\rncVbTb.exe
  2⤵
  PID:7576
- C:\Windows\System\VtALUOQ.exe
  C:\Windows\System\VtALUOQ.exe
  2⤵
  PID:8008
- C:\Windows\System\XMWVzgZ.exe
  C:\Windows\System\XMWVzgZ.exe
  2⤵
  PID:8324
- C:\Windows\System\YYmPRNI.exe
  C:\Windows\System\YYmPRNI.exe
  2⤵
  PID:8396
- C:\Windows\System\UKnGVOF.exe
  C:\Windows\System\UKnGVOF.exe
  2⤵
  PID:2556
- C:\Windows\System\PXlxaMw.exe
  C:\Windows\System\PXlxaMw.exe
  2⤵
  PID:2360
- C:\Windows\System\rKqtoUH.exe
  C:\Windows\System\rKqtoUH.exe
  2⤵
  PID:2968
- C:\Windows\System\QfqVlgN.exe
  C:\Windows\System\QfqVlgN.exe
  2⤵
  PID:856
- C:\Windows\System\dJpQVTA.exe
  C:\Windows\System\dJpQVTA.exe
  2⤵
  PID:2796
- C:\Windows\System\LvFZuTo.exe
  C:\Windows\System\LvFZuTo.exe
  2⤵
  PID:9228
- C:\Windows\System\fumquqi.exe
  C:\Windows\System\fumquqi.exe
  2⤵
  PID:9244
- C:\Windows\System\JUscxLL.exe
  C:\Windows\System\JUscxLL.exe
  2⤵
  PID:9260
- C:\Windows\System\nFevNgw.exe
  C:\Windows\System\nFevNgw.exe
  2⤵
  PID:9276
- C:\Windows\System\mESfvYC.exe
  C:\Windows\System\mESfvYC.exe
  2⤵
  PID:9292
- C:\Windows\System\DNlGACz.exe
  C:\Windows\System\DNlGACz.exe
  2⤵
  PID:9308
- C:\Windows\System\BjPtiex.exe
  C:\Windows\System\BjPtiex.exe
  2⤵
  PID:9324
- C:\Windows\System\CUCIyNa.exe
  C:\Windows\System\CUCIyNa.exe
  2⤵
  PID:9344
- C:\Windows\System\XMmOOzP.exe
  C:\Windows\System\XMmOOzP.exe
  2⤵
  PID:9364
- C:\Windows\System\DorUOIP.exe
  C:\Windows\System\DorUOIP.exe
  2⤵
  PID:9448
- C:\Windows\System\GfBncao.exe
  C:\Windows\System\GfBncao.exe
  2⤵
  PID:9468
- C:\Windows\System\jLKraUX.exe
  C:\Windows\System\jLKraUX.exe
  2⤵
  PID:9488
- C:\Windows\System\aWJsaks.exe
  C:\Windows\System\aWJsaks.exe
  2⤵
  PID:9504
- C:\Windows\System\TlPRtXf.exe
  C:\Windows\System\TlPRtXf.exe
  2⤵
  PID:9528
- C:\Windows\System\fgekaCw.exe
  C:\Windows\System\fgekaCw.exe
  2⤵
  PID:9548
- C:\Windows\System\kAfoXGp.exe
  C:\Windows\System\kAfoXGp.exe
  2⤵
  PID:9564
- C:\Windows\System\HrRiTWT.exe
  C:\Windows\System\HrRiTWT.exe
  2⤵
  PID:9588
- C:\Windows\System\OtRnZqh.exe
  C:\Windows\System\OtRnZqh.exe
  2⤵
  PID:9604
- C:\Windows\System\UfxMyDF.exe
  C:\Windows\System\UfxMyDF.exe
  2⤵
  PID:9620
- C:\Windows\System\AvjViup.exe
  C:\Windows\System\AvjViup.exe
  2⤵
  PID:9636
- C:\Windows\System\bRLNUqX.exe
  C:\Windows\System\bRLNUqX.exe
  2⤵
  PID:9652
- C:\Windows\System\wdmLcpz.exe
  C:\Windows\System\wdmLcpz.exe
  2⤵
  PID:9668
- C:\Windows\System\zVggjQW.exe
  C:\Windows\System\zVggjQW.exe
  2⤵
  PID:9688
- C:\Windows\System\EchNxKv.exe
  C:\Windows\System\EchNxKv.exe
  2⤵
  PID:9704
- C:\Windows\System\ozbLJjf.exe
  C:\Windows\System\ozbLJjf.exe
  2⤵
  PID:9720
- C:\Windows\System\CImqLWo.exe
  C:\Windows\System\CImqLWo.exe
  2⤵
  PID:9736
- C:\Windows\System\rAAYtMu.exe
  C:\Windows\System\rAAYtMu.exe
  2⤵
  PID:9752
- C:\Windows\System\mHyNdgq.exe
  C:\Windows\System\mHyNdgq.exe
  2⤵
  PID:9768
- C:\Windows\System\zLzIZCB.exe
  C:\Windows\System\zLzIZCB.exe
  2⤵
  PID:9784
- C:\Windows\System\ThMDpEL.exe
  C:\Windows\System\ThMDpEL.exe
  2⤵
  PID:9800
- C:\Windows\System\sYFkNmR.exe
  C:\Windows\System\sYFkNmR.exe
  2⤵
  PID:9816
- C:\Windows\System\ChdHoIm.exe
  C:\Windows\System\ChdHoIm.exe
  2⤵
  PID:9832
- C:\Windows\System\zylBFvU.exe
  C:\Windows\System\zylBFvU.exe
  2⤵
  PID:9848
- C:\Windows\System\NmKGMRJ.exe
  C:\Windows\System\NmKGMRJ.exe
  2⤵
  PID:9864
- C:\Windows\System\ltHIMeJ.exe
  C:\Windows\System\ltHIMeJ.exe
  2⤵
  PID:9880
- C:\Windows\System\CSQtJwc.exe
  C:\Windows\System\CSQtJwc.exe
  2⤵
  PID:9896
- C:\Windows\System\OXvmMGY.exe
  C:\Windows\System\OXvmMGY.exe
  2⤵
  PID:9912
- C:\Windows\System\tSctoby.exe
  C:\Windows\System\tSctoby.exe
  2⤵
  PID:9928
- C:\Windows\System\VhqVmKP.exe
  C:\Windows\System\VhqVmKP.exe
  2⤵
  PID:9944
- C:\Windows\System\TzXDkXA.exe
  C:\Windows\System\TzXDkXA.exe
  2⤵
  PID:9960
- C:\Windows\System\eJqrGJA.exe
  C:\Windows\System\eJqrGJA.exe
  2⤵
  PID:9980
- C:\Windows\System\zFhWjFF.exe
  C:\Windows\System\zFhWjFF.exe
  2⤵
  PID:9996
- C:\Windows\System\CpgFdKs.exe
  C:\Windows\System\CpgFdKs.exe
  2⤵
  PID:10012
- C:\Windows\System\FFSIYtS.exe
  C:\Windows\System\FFSIYtS.exe
  2⤵
  PID:10032
- C:\Windows\System\KyUitBb.exe
  C:\Windows\System\KyUitBb.exe
  2⤵
  PID:10048
- C:\Windows\System\ERCGSKc.exe
  C:\Windows\System\ERCGSKc.exe
  2⤵
  PID:10064
- C:\Windows\System\TQlYqBq.exe
  C:\Windows\System\TQlYqBq.exe
  2⤵
  PID:10080
- C:\Windows\System\MzzHBYf.exe
  C:\Windows\System\MzzHBYf.exe
  2⤵
  PID:10100
- C:\Windows\System\vbeLfMA.exe
  C:\Windows\System\vbeLfMA.exe
  2⤵
  PID:10116
- C:\Windows\System\KVsQpbK.exe
  C:\Windows\System\KVsQpbK.exe
  2⤵
  PID:10132
- C:\Windows\System\byXccRj.exe
  C:\Windows\System\byXccRj.exe
  2⤵
  PID:10148
- C:\Windows\System\sILkxzo.exe
  C:\Windows\System\sILkxzo.exe
  2⤵
  PID:10164
- C:\Windows\System\YEwnNCj.exe
  C:\Windows\System\YEwnNCj.exe
  2⤵
  PID:10180
- C:\Windows\System\evUXstw.exe
  C:\Windows\System\evUXstw.exe
  2⤵
  PID:10196
- C:\Windows\System\GRcZSAC.exe
  C:\Windows\System\GRcZSAC.exe
  2⤵
  PID:10212
- C:\Windows\System\LNoCrOE.exe
  C:\Windows\System\LNoCrOE.exe
  2⤵
  PID:10232
- C:\Windows\System\BAdRJgv.exe
  C:\Windows\System\BAdRJgv.exe
  2⤵
  PID:5516
- C:\Windows\System\mIBYiFQ.exe
  C:\Windows\System\mIBYiFQ.exe
  2⤵
  PID:2804
- C:\Windows\System\AzrubGD.exe
  C:\Windows\System\AzrubGD.exe
  2⤵
  PID:9268
- C:\Windows\System\hjYZnlg.exe
  C:\Windows\System\hjYZnlg.exe
  2⤵
  PID:8504
- C:\Windows\System\qZablJa.exe
  C:\Windows\System\qZablJa.exe
  2⤵
  PID:9072
- C:\Windows\System\kLOFlgJ.exe
  C:\Windows\System\kLOFlgJ.exe
  2⤵
  PID:9220
- C:\Windows\System\TUBjIrN.exe
  C:\Windows\System\TUBjIrN.exe
  2⤵
  PID:9284
- C:\Windows\System\LLcnKDJ.exe
  C:\Windows\System\LLcnKDJ.exe
  2⤵
  PID:9332
- C:\Windows\System\TzuvQkz.exe
  C:\Windows\System\TzuvQkz.exe
  2⤵
  PID:9352
- C:\Windows\System\HygeBDe.exe
  C:\Windows\System\HygeBDe.exe
  2⤵
  PID:9388
- C:\Windows\System\LMLkInZ.exe
  C:\Windows\System\LMLkInZ.exe
  2⤵
  PID:9384
- C:\Windows\System\zouuhsD.exe
  C:\Windows\System\zouuhsD.exe
  2⤵
  PID:9408
- C:\Windows\System\usizOND.exe
  C:\Windows\System\usizOND.exe
  2⤵
  PID:9340
- C:\Windows\System\nMBjHlm.exe
  C:\Windows\System\nMBjHlm.exe
  2⤵
  PID:768
- C:\Windows\System\XwjLvQA.exe
  C:\Windows\System\XwjLvQA.exe
  2⤵
  PID:2824
- C:\Windows\System\BfUaAkr.exe
  C:\Windows\System\BfUaAkr.exe
  2⤵
  PID:9496
- C:\Windows\System\dccHsiN.exe
  C:\Windows\System\dccHsiN.exe
  2⤵
  PID:9516
- C:\Windows\System\ecUbRMb.exe
  C:\Windows\System\ecUbRMb.exe
  2⤵
  PID:9540
- C:\Windows\System\MNiJffl.exe
  C:\Windows\System\MNiJffl.exe
  2⤵
  PID:9572
- C:\Windows\System\RULfvEB.exe
  C:\Windows\System\RULfvEB.exe
  2⤵
  PID:9600
- C:\Windows\System\UMNDjJP.exe
  C:\Windows\System\UMNDjJP.exe
  2⤵
  PID:9700
- C:\Windows\System\sxGopZq.exe
  C:\Windows\System\sxGopZq.exe
  2⤵
  PID:9760
- C:\Windows\System\gRMiCyb.exe
  C:\Windows\System\gRMiCyb.exe
  2⤵
  PID:9684
- C:\Windows\System\uouGbkw.exe
  C:\Windows\System\uouGbkw.exe
  2⤵
  PID:9936
- C:\Windows\System\vSYYumi.exe
  C:\Windows\System\vSYYumi.exe
  2⤵
  PID:10008
- C:\Windows\System\saAzWiV.exe
  C:\Windows\System\saAzWiV.exe
  2⤵
  PID:10088
- C:\Windows\System\uZPzYhh.exe
  C:\Windows\System\uZPzYhh.exe
  2⤵
  PID:10192
- C:\Windows\System\SXATaaD.exe
  C:\Windows\System\SXATaaD.exe
  2⤵
  PID:1644
- C:\Windows\System\jbJkuhm.exe
  C:\Windows\System\jbJkuhm.exe
  2⤵
  PID:10204
- C:\Windows\System\EIQvKBo.exe
  C:\Windows\System\EIQvKBo.exe
  2⤵
  PID:8340
- C:\Windows\System\pzHnIXu.exe
  C:\Windows\System\pzHnIXu.exe
  2⤵
  PID:9372
- C:\Windows\System\emoHHpn.exe
  C:\Windows\System\emoHHpn.exe
  2⤵
  PID:9476
- C:\Windows\System\GencKaJ.exe
  C:\Windows\System\GencKaJ.exe
  2⤵
  PID:9536
- C:\Windows\System\HxvcVYD.exe
  C:\Windows\System\HxvcVYD.exe
  2⤵
  PID:9512
- C:\Windows\System\tHvBnBf.exe
  C:\Windows\System\tHvBnBf.exe
  2⤵
  PID:9420
- C:\Windows\System\PKlxfKf.exe
  C:\Windows\System\PKlxfKf.exe
  2⤵
  PID:9556
- C:\Windows\System\PQqXOjv.exe
  C:\Windows\System\PQqXOjv.exe
  2⤵
  PID:9660
- C:\Windows\System\ywwPSay.exe
  C:\Windows\System\ywwPSay.exe
  2⤵
  PID:9680
- C:\Windows\System\xlOSpWR.exe
  C:\Windows\System\xlOSpWR.exe
  2⤵
  PID:9716
- C:\Windows\System\XExCVqk.exe
  C:\Windows\System\XExCVqk.exe
  2⤵
  PID:9780
- C:\Windows\System\EhcYUvS.exe
  C:\Windows\System\EhcYUvS.exe
  2⤵
  PID:9840
- C:\Windows\System\lYhbcFr.exe
  C:\Windows\System\lYhbcFr.exe
  2⤵
  PID:9920
- C:\Windows\System\GmaMggI.exe
  C:\Windows\System\GmaMggI.exe
  2⤵
  PID:9892
- C:\Windows\System\lqfDQIX.exe
  C:\Windows\System\lqfDQIX.exe
  2⤵
  PID:10020
- C:\Windows\System\ZVeyHxC.exe
  C:\Windows\System\ZVeyHxC.exe
  2⤵
  PID:10004
- C:\Windows\System\OYyQauF.exe
  C:\Windows\System\OYyQauF.exe
  2⤵
  PID:10160
- C:\Windows\System\TQfEtDT.exe
  C:\Windows\System\TQfEtDT.exe
  2⤵
  PID:10172
- C:\Windows\System\UlcLQfI.exe
  C:\Windows\System\UlcLQfI.exe
  2⤵
  PID:9240
- C:\Windows\System\uKXKbKV.exe
  C:\Windows\System\uKXKbKV.exe
  2⤵
  PID:3016
- C:\Windows\System\JBpIQCl.exe
  C:\Windows\System\JBpIQCl.exe
  2⤵
  PID:1732
- C:\Windows\System\qyrFbvs.exe
  C:\Windows\System\qyrFbvs.exe
  2⤵
  PID:2408
- C:\Windows\System\TpcNqlG.exe
  C:\Windows\System\TpcNqlG.exe
  2⤵
  PID:9404
- C:\Windows\System\OcRnZLt.exe
  C:\Windows\System\OcRnZLt.exe
  2⤵
  PID:9456
- C:\Windows\System\AdAoHSp.exe
  C:\Windows\System\AdAoHSp.exe
  2⤵
  PID:9924
- C:\Windows\System\jGnYmjN.exe
  C:\Windows\System\jGnYmjN.exe
  2⤵
  PID:9792
- C:\Windows\System\iDtypcD.exe
  C:\Windows\System\iDtypcD.exe
  2⤵
  PID:9628
- C:\Windows\System\LMRdEnO.exe
  C:\Windows\System\LMRdEnO.exe
  2⤵
  PID:5520
- C:\Windows\System\pdlEPPI.exe
  C:\Windows\System\pdlEPPI.exe
  2⤵
  PID:9988
- C:\Windows\System\hVhLjGH.exe
  C:\Windows\System\hVhLjGH.exe
  2⤵
  PID:10188
- C:\Windows\System\QoSQppi.exe
  C:\Windows\System\QoSQppi.exe
  2⤵
  PID:9272
- C:\Windows\System\XrSFQXT.exe
  C:\Windows\System\XrSFQXT.exe
  2⤵
  PID:10228
- C:\Windows\System\Aetgpej.exe
  C:\Windows\System\Aetgpej.exe
  2⤵
  PID:8476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ArenRuN.exe

Filesize
6.0MB

MD5
49bfb502be884b0160b851e9b4658eeb

SHA1
157e4a9a48dabe6d36bee958b23e47be76a2a730

SHA256
68cb9f7c9dedc51bfbfbcf58f353544c57bacafc905e148df38535a414a4ab94

SHA512
f5ae21593ac344226992c388245d8120eaf9a9ef7022be3802344504ae4c33f9992c807ddc691928a26232bcdf07844b055805edd9d03ec02b1313d86c7a075b

Download Submit
C:\Windows\system\CPbnfTQ.exe

Filesize
6.0MB

MD5
f41bb7e0a1f76daae4705d2bb94df428

SHA1
ea37230b1d9a127d74f8bbb4d3153c4d28dce29f

SHA256
5d8aac3a3dfcd1280432a01433f8a04b4f2eb3d51f8190b66f668b0e8cec24d0

SHA512
a24d3c8f9efcf82b31805b60c991401ec776dbe8509777333a80c5a2865f100b5226c24006e89eb2793b79cb6d5b791114d5d705463eee7145678bf8758ce455

Download Submit
C:\Windows\system\EawuXYG.exe

Filesize
6.0MB

MD5
2583dec83e7d1075506dd65a70a19eab

SHA1
87b1bab13fe109b94d2e1ccb5ae32524c59aac22

SHA256
f1ed6c51558d28af0e09de6f836b2ba088402f7177bdf9605770d30163531c55

SHA512
0c14cc78056967c0739ce12bc2e8c67ac7578135fb4af1ea185e4a1e4e88d335a068f9ed2eedf74bd38d9dfe3cfb81b49780a57c8c2ee5fabf95bfb24be5649a

Download Submit
C:\Windows\system\EnKFbjs.exe

Filesize
6.0MB

MD5
ef45917e8d0f965594e664332eb6a215

SHA1
613b1e3e493f4697991418a59d32bb9424d1cbcd

SHA256
4b9cad33d6151cbb40a6433546ee8767a01007f2d0dcf6e19deac86d3f0ee608

SHA512
089ce2659d2a4a75828f9f81c40d8dd197e72be9ceb4af01b06db6954c6961f065efeb7cfcb3b5f0122faa5522664a66a28ef178f996bc959592315c301ad6ad

Download Submit
C:\Windows\system\GKNtznv.exe

Filesize
6.0MB

MD5
7b6635f326bb1ce2e6af1bda82647225

SHA1
e539809b53a7bf5c416d623a2f8fd902704d787b

SHA256
711d5c6f454032aa2d84ace1d09105164d2ba4d0c943eef5b2cfe5b87542bcb9

SHA512
a8a2fc8ffa547d08ccf4d9da077b673b4460e982d4be91c2b1cc5f5b2754c1d6ae2cd8c67c266cc7f3bdd0cbbd749482488f85dc754a62cf6e024ca589efba94

Download Submit
C:\Windows\system\IGZiYPK.exe

Filesize
6.0MB

MD5
c335fe71dff4384c96463abac665a1a4

SHA1
ad764a8e07509f87d1e69c14697fa6dd9082552d

SHA256
4a0ede73d4ee1a4b5cbe78ea2ca7d0543f47905df5a7d260cc077e6140502244

SHA512
ea6f42ebafd5074c48707651fb0cf09861f80d4dba4aa11516767ee14c534558913b369e98450badf4e26ffb30f8d9655c044fc9c0d4cc3988c60759ad452421

Download Submit
C:\Windows\system\IWyoCxe.exe

Filesize
6.0MB

MD5
463e2cdc8f2582cf14735b1aa660bfcd

SHA1
dea26fb0ea21012746f61e29fda271b10eed4333

SHA256
4e01bcbb2b09c9afb7811cfc6a3465582cedd7b1f511464dda666d1dbfad200d

SHA512
97891479247d747cebca27da14256928ec27770d2bc39dfdf351dcedfee7eda09b904c372c15378980805218d2452a813306ff94142f7c81422be398bebf20a3

Download Submit
C:\Windows\system\PFQJlkm.exe

Filesize
6.0MB

MD5
3cab148daee3198f2bfffa16ff461ee0

SHA1
2cdbe86cc9517289a73f695ed6f822f54158d061

SHA256
62d0bee6eca222296b983580ad00ca3f5f80faf57bb9c32c02346cfb8acd37be

SHA512
90cbe9033904d7c798c50a0a7fcf7ba807fb30200abc5ba72e835d51898873f073fd79ee9c68ea84af027450a9bcef46577cd05ff8b10dc31317eda4955777a7

Download Submit
C:\Windows\system\PSDthry.exe

Filesize
6.0MB

MD5
1ba1cabb744029383496331dd9d3ad8c

SHA1
d1e4ce8218f47e6993d26a3e6b8c529e0ca859de

SHA256
c185ca4e6fd17feb8fa7c60f56f1fb5a998f02161ef538d68f7ea6341d36d383

SHA512
77266106d3223926cece1e777b7bdaacf4b9a5f89dc1fc9374cd397f9ab2a713f007b106f3a9c903fb3f3e5b03afac207deb1122bc40b6f3fd5d030086c0f702

Download Submit
C:\Windows\system\PqOgNkZ.exe

Filesize
6.0MB

MD5
33e13bc1c2a75677983299dbfdb25b50

SHA1
d2782dbee05a648274e20173d9c1ae267b5845f6

SHA256
eb51d88ed062553be4f77313cb2b15d90a3b6c4e3357578d3b89ccef3feaf441

SHA512
0392b9657fc4387e440d40a40c480e1d4681e50494be1bd4fea6536492c933ea4e8d451f7dc539fc0a5713cec47d4b694538ff27b733b9d6ab4a9f7e58385f03

Download Submit
C:\Windows\system\RmDsane.exe

Filesize
6.0MB

MD5
f16e1312664f1c6a4d6fbac5fdd9a897

SHA1
b68fe664a663123ed7d6969c0a271c7f339f2338

SHA256
8589506556f364577597e4f199ae3aa43851fe486e8a71d388f1cb86bac3fdfa

SHA512
53c9020cc1f9b167cefe5630d73b9a302800e8ae8d7a9d081f2405f8cb549af59401b831c9a2622b2f165e3c9f9910a86b510c9966ddf2fef389a09e8e210b77

Download Submit
C:\Windows\system\STJZwUx.exe

Filesize
6.0MB

MD5
873931ead75a9a06ecc9d761358273bd

SHA1
b447b90cdba28a87fd74834e3c670d1cf3d16335

SHA256
dccb0d7558d8343f18f595d85a85b5b51b0e07b95aee94788d045df957b40f84

SHA512
360b7ee4346c9a946cc36a080711180dd06bb095ba8363166eb88b06ef904c3a13b793fdbb0d6b01279dcc55133cad22a814f5d0774bd8e0a3438370db72f040

Download Submit
C:\Windows\system\XYEGlae.exe

Filesize
6.0MB

MD5
c5bac268f7c5f2060c4228b6dec4ec0f

SHA1
234265da467a656cf4361c6a4806fbfba1bff4c5

SHA256
187fd46599a05cbda3c242f5c19b9f25a02c5ebc57acd23a3520eed4f9040914

SHA512
5e75c354de09480387ce1adb1df2e10eb35c7080bf43ab9d7f7d94fce5c1cb94a4594b8eadb9a2b2689522fe4c26f9cd1f63209e95290deb67da466bef5337d2

Download Submit
C:\Windows\system\YEBtWxl.exe

Filesize
6.0MB

MD5
035ad8fb4729f589435bfe145cd7ebf8

SHA1
3cd3a2588205d592abf90665c08fc7ef07002c98

SHA256
834b7a11b61e808eb09732aa9f008ad25d449341b66c6fb623b19a8ccb004a11

SHA512
ad02773538934d1d91c1574edc78442efcdd93fc9f45dfc7303760b225a66027052bd1398daf19069a1c52dfba69c7b0045d602da1825f134f8574e20955be03

Download Submit
C:\Windows\system\bLlvOgw.exe

Filesize
6.0MB

MD5
b747323476d3f14ac27a9b55495eb853

SHA1
c7a8117bb65908e6ae91ee9c129bb1db78e139b0

SHA256
e893d575abd16ed43fdfb74676a37d28030e1abe603ea90eb4d4a64aae9109fc

SHA512
638ab0126bb2749a41d1c04478aa9a272ccbd4a92673f93b5bec5b968a7522aa632babfa974fc841cb57b5bb4774927f6a0aaf40efdab72acab4742180725b6f

Download Submit
C:\Windows\system\cXELbdv.exe

Filesize
6.0MB

MD5
0629ce6be14ae4dae35892a930e9efbe

SHA1
69e88197d088ce9f9a2fc6124d60bc9a705e8f3c

SHA256
39f138a2afdfe143c30109632b925d6377373670f7f77672560c1343f2569f76

SHA512
ec6b4d8e3dc91fc1f089317c5738c3b6a2626a0f5a6673a8b1f9f3d975af7459386826f845fa003e49ce1287c84a2d5103aabbfee8de3b87b50547abe8bc431b

Download Submit
C:\Windows\system\eJmWtsn.exe

Filesize
6.0MB

MD5
6fd14da857fd5d9936ec9b786c039052

SHA1
5836dfb82015f12e290991b0381e607286dd9e8a

SHA256
986a13eac39a12dbcd5bfaff836975f936874ae8e31e90c7a1109a85921b45ba

SHA512
885e8a645c9e1f5a8751a9a21a3f58e087149a24e74bcadbdcc0512e288a5a6155e507d8306a4687d6cd913df9cce8567fef08a5cd042dc315d71c3a596fa97a

Download Submit
C:\Windows\system\fFAOHyD.exe

Filesize
6.0MB

MD5
cf46ff5b840a3d1d18202a04b8fb3646

SHA1
b0ca436afd79a89ab1a0a6eaa500572f1fd8d250

SHA256
b0454cf43b11ea07fd7f3b978ce9ddf465333910473b04150b967c36de038689

SHA512
5307574e6cd0b8701c0665cf41727022c4a529976e209c26dd25a2970df4e81510ee02e65fe5548e4f95db6f8f3b42459508985a29ef1dc50718ac1e77db66fd

Download Submit
C:\Windows\system\fYvdApn.exe

Filesize
6.0MB

MD5
eb2bc3e15879965b8cbf566143a12bae

SHA1
896fe356dcefc29e6b41b65d69ed19e9981b2287

SHA256
c80ab2270fb9d6aa947c60d9b8aaf8ce84108ca1683803a5aba7febe6d7ba943

SHA512
85b9903f7140ffffa5f6fa3554c546f232ad70f93ef9e476d75bb93c0025567f2e76a7f64a15569ded740dfcb1d984e9af5abd70c3220ff85e65996f6326e6d0

Download Submit
C:\Windows\system\gPiCDfa.exe

Filesize
6.0MB

MD5
f5d4119c42def20002a1331b0d23306e

SHA1
eb5c325aa12696b2c9f80de0ffa923d0f1d8ec3d

SHA256
caf776d624fe9c685a417bbdaa5f77ef766486e883a67a8f33c5ab435e2c8222

SHA512
aa5582527de26ec5c0400fd228542b82b08acf4f41509308f4ed81df81041599c6c6e1208c47ca13647b0ff8c1326b41d13767087d6bb2b698f4e6a630db86b5

Download Submit
C:\Windows\system\gsVQufy.exe

Filesize
6.0MB

MD5
25e888aac32ec06434cc849dec4b382c

SHA1
04d5ddea3684540b30f2dc9e2716f0232d516443

SHA256
6edb6bfb7a4bd2410d6551c904abcc98d14bab3cd1ceff5a68fad1d0c70427c1

SHA512
6ba0281ec20a4ad3d39a28ee46893660b921afe732362ef6dc8a41ff58a4fded05f03a6ae6e50173a17cfc38da66d7e9b593ccabddb4b862cba171cee535d507

Download Submit
C:\Windows\system\jrBFYKt.exe

Filesize
6.0MB

MD5
84a0548971a030f3be754120798da5f4

SHA1
43af6b1f34e317549fbb9dc455cd3c3a4055e919

SHA256
77855aa333124d75efcba300c8c29311184e3ba17000fa27bb3dafc0ee980423

SHA512
08a367317adb7672b6b8c694b5c9ce25cad080de12edf30054471877edc9bc685d9916975e54cce60c105bae077da762393aa16b2fc8fe646cbf177b1abac3e9

Download Submit
C:\Windows\system\kpuUQCB.exe

Filesize
6.0MB

MD5
102d69c2b0db5254831b07f401fb0570

SHA1
83fabc7f08f93c32eed0a67ff1a10771525216e8

SHA256
91e80e26f50b279544c53d94a7d18613cb031f4c7429013c15df8d64f01dfc1f

SHA512
900612e434144840a04d35f3ade9726a1e60b5df433b688221725f8f7eb1f64bebee38530ccd579b01eceea530cab07e5c63eb17f9cd7dd18657bbea95e0bd76

Download Submit
C:\Windows\system\pWvHwKW.exe

Filesize
6.0MB

MD5
b50679bc407ef9e05203ea5fb3ea0865

SHA1
6478674b129b3daf80676da3f9698b238850a1e2

SHA256
06dc231e3506cc7debcf2e3d6b5abfe08d020b137554fd56600a64112a8917a4

SHA512
c98d509dc6647e9974dc46f95c20a18203a3c0b986be91454e98fb6b77300ebffd8408cca880e08f2174cac226be0ef90892883c64631c6a5da39142fe39db6d

Download Submit
C:\Windows\system\stneyGf.exe

Filesize
6.0MB

MD5
af30e93fd28bb317999048a4591e9729

SHA1
2b5d858bdbec2e724996dd18d5a9a4131774ef0a

SHA256
4785baf3983631cfed618a433721a77fb9de8be1149e9cd78b31088e160470e3

SHA512
bd9520c806ed6fd041b68052227b9ce897c5e404aa7b527e951c1b717a6c28e666020154a1dcddc1eb3db795063138b9b03fe3aa74a350b3eb79ad49b0d723fe

Download Submit
\Windows\system\APBXYTq.exe

Filesize
6.0MB

MD5
c83ca66842d7dc95e8f230173ee29401

SHA1
fe55d61abc4c7bd5d76cc13bb0cd6757ab5204d7

SHA256
e79169ef62c073e8907634399390e9ce0deabd981b7023a585d2aa149df24281

SHA512
966e4e02f5b8a54e434124fdc8d29a3cf1bf8a99c0b0c89927e43431b18f1b55aca75bd78d389f1e5fc8d60c7247d8075a63a74b8f7ca5ef8ac516c1c48306c2

Download Submit
\Windows\system\MUTFjfK.exe

Filesize
6.0MB

MD5
fff2040a5d4c26e1588189b24283ce64

SHA1
a118080dbb7edde2e3d1cb78dccec02394a5611a

SHA256
2a1c07c679e9004774823683283d94f3e4aea19ed4221f75722f8449a249cf1d

SHA512
050856074d158849a3dc86b995cf54eaf1233375ec4577feea95f2bc06ca9dd60456630351ab7e8241947f7d3d5b3590b29053919ca1aa01bf899b06d8acf5d0

Download Submit
\Windows\system\TGsWCQs.exe

Filesize
6.0MB

MD5
ea41e86c05e65be6d552a21a20b6efd1

SHA1
bd5bfc7f5c8a7db1a842d947e47afcfadd094d00

SHA256
e70248b1955b75ee10ed92214db043cbbd2922c5e46dc5cc90498e9f04dafce5

SHA512
e293a43feae45aaacf689b90a05e96ab43133d526d4b6b5bd49e4b793999929458093ac2d7126363643bb349fd1dfdb375baed61ec4791ea3f2df4c96416f918

Download Submit
\Windows\system\XoAOkYO.exe

Filesize
6.0MB

MD5
39db1e2e0cc5cb3f58792f5a0b541973

SHA1
d2cec54f8939312d7a85dd95ace1ac3d5f718129

SHA256
96924ab83f83b3169d5d9a7bec2f86da68087b26cfa8dcbaf9b8953209236640

SHA512
7e973c6d326ffb8338b32261c4e88866cb2e67058c19fed21d2045857a49a3ef8efe64406c3b4b8faab865b6c70db2d05708bf49524d2e2cf1ff330bb724b97e

Download Submit
\Windows\system\evbFmgD.exe

Filesize
6.0MB

MD5
8aa1f0c14bac1fe4ec8eba01ab0fb93c

SHA1
b9a0179f50b1728badee139447cc92781f57325c

SHA256
5cf4c3db2f9d4114f782a10a860ab5852510c5ae9bfed47bdd7e7d5007d34892

SHA512
aedf08ce5ca42266ea2f57d9890f1e3f41a7d745ae4537f52bfe573dabd7a3998e6b8da7afab4d2c8f51e830a3490d5c8f7b32d1a6aada260f204b5571487b94

Download Submit
\Windows\system\jZnSzIs.exe

Filesize
6.0MB

MD5
40f395bc5360f1ca24fe1c3f26ad3dcc

SHA1
024448363466eb361b0f6595bae2239e3ca1e905

SHA256
69e77cac9f466418defde4cd52a6b25ff349cd96f25aae9ad59dbd04977517e4

SHA512
b1dbb5009b3518105bf1bcca958f289a0db94d6d8966692b8bd8f225e96c2bdd3c925bdf893ba6b51b34aba95182da5afddce10afa301da5d3efc25b666b678f

Download Submit
\Windows\system\paTlGQv.exe

Filesize
6.0MB

MD5
ef1bf3fa84f5b87337f593d14e730246

SHA1
5ba0f6a35ee6fcefdc7b3557556c1a5c5ff8e878

SHA256
9e1d974b79e572824082e88532a6ef5bf8b40ebdb3dff6928b1e95211c302a26

SHA512
36cce2243452436b2e5a10087c87e7c467f001037332ee9d22b4b17dca8d40a59365ad2ef38b025c775de318a6c3627c220402417c5935cc1705c338f925e6f3

Download Submit
\Windows\system\tNcvjNo.exe

Filesize
6.0MB

MD5
8cb47b684848c6b9c02cca1c97baeba0

SHA1
fdebbcf11b7d947a2ba866722a5569009ef99bc8

SHA256
e8743a93b8f3ee987b199281cefd69274259c907c627dcb3a60efdb43bab7f17

SHA512
daa0b7c84c99b362ffd2253f0928b973eac42b0b39222be32383964d674a3257441210112865a591fb4cb47d1b363d275e6c31cf73e21eef942cd68752a8d61e

Download Submit
memory/576-3996-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/576-1180-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/576-103-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1296-3992-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1296-94-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1296-34-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1708-8-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1868-22-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1868-3986-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2060-1033-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3993-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2060-91-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2328-14-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-67-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-3994-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-79-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3995-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2596-624-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3991-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2620-73-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2620-623-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3990-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2712-58-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2844-50-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3989-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2844-410-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2880-278-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3987-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-48-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3988-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/3028-41-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/3068-27-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/3068-43-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3068-75-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/3068-71-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3068-63-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-622-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3068-0-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-897-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1034-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3068-96-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/3068-46-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1178-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1179-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/3068-74-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3068-114-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3068-38-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1511-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1512-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-898-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/3068-118-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-92-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3068-45-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3068-21-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/3068-13-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-87-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/3068-57-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/3068-95-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download