cobaltstrike | f8bc7502da7e53b52c1a0c6758869e334c3aafffa258e47d1e321287ce251c58

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8963688feee79e890306151d61f8be38
SHA1

ee88094a5cfb3e2058b8e3f4e45db071dcbad7d9
SHA256

f8bc7502da7e53b52c1a0c6758869e334c3aafffa258e47d1e321287ce251c58
SHA512

08accb3787d1aba04d778d7e6151d9499e918a2390e20069c05f311f6a16d0f883ae412e8e28a63e2cf58d85f5351feaa2d3d30c27caac00a8f05b920a2d23ee
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU/:T+q56utgpPF8u/7/

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x0028000000016fe5-8.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186b7-10.dat	cobalt_reflective_dll
behavioral1/files/0x00150000000170f8-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b50-38.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b59-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-200.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-74.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b64-67.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b54-48.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b28-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1056-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x000b000000012263-3.dat	xmrig
behavioral1/files/0x0028000000016fe5-8.dat	xmrig
behavioral1/files/0x00080000000186b7-10.dat	xmrig
behavioral1/memory/2924-15-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x00150000000170f8-28.dat	xmrig
behavioral1/memory/2876-29-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1056-27-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2100-26-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b50-38.dat	xmrig
behavioral1/files/0x0009000000018b59-58.dat	xmrig
behavioral1/memory/2876-71-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1376-89-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-96.dat	xmrig
behavioral1/memory/1056-101-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000197fd-105.dat	xmrig
behavioral1/files/0x000500000001998d-118.dat	xmrig
behavioral1/files/0x000500000001a309-185.dat	xmrig
behavioral1/files/0x000500000001a3f6-193.dat	xmrig
behavioral1/memory/2592-2239-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2100-2303-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2736-2364-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2796-2413-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2360-2418-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2628-2417-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2876-2397-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2640-2404-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2116-2375-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/1376-2498-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/988-2482-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/1712-2478-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2932-2449-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2924-2277-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/1056-396-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/2360-272-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f8-200.dat	xmrig
behavioral1/files/0x000500000001a3ab-191.dat	xmrig
behavioral1/files/0x000500000001a049-178.dat	xmrig
behavioral1/files/0x000500000001a0b6-183.dat	xmrig
behavioral1/files/0x000500000001a03c-173.dat	xmrig
behavioral1/files/0x0005000000019fdd-168.dat	xmrig
behavioral1/files/0x0005000000019fd4-163.dat	xmrig
behavioral1/files/0x0005000000019e92-159.dat	xmrig
behavioral1/files/0x0005000000019d6d-153.dat	xmrig
behavioral1/files/0x0005000000019d62-148.dat	xmrig
behavioral1/files/0x0005000000019d61-144.dat	xmrig
behavioral1/files/0x0005000000019c3c-138.dat	xmrig
behavioral1/files/0x0005000000019bf9-133.dat	xmrig
behavioral1/files/0x0005000000019bf6-128.dat	xmrig
behavioral1/files/0x0005000000019bf5-123.dat	xmrig
behavioral1/memory/2932-108-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019820-111.dat	xmrig
behavioral1/memory/988-100-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/1712-99-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019761-93.dat	xmrig
behavioral1/memory/1056-90-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/2360-76-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-81.dat	xmrig
behavioral1/files/0x0006000000019489-74.dat	xmrig
behavioral1/memory/2628-70-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2796-62-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2100-60-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b64-67.dat	xmrig
behavioral1/memory/2640-44-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2592	gXtjgUA.exe
2924	hqanrSd.exe
2100	VdcCLXX.exe
2876	hAJcKFg.exe
2736	EQlVRnK.exe
2640	WgvTLYZ.exe
2116	gjeACxa.exe
2796	VyALjsP.exe
2628	xKhhyhD.exe
2360	DllWUSh.exe
1376	UGmlyqC.exe
1712	hvnCbyi.exe
988	sMxOAVF.exe
2932	vpBORmM.exe
1800	yOtTPPX.exe
564	pXndQef.exe
1280	HcSxFNL.exe
1724	mAVfcpI.exe
2436	pjcbvIp.exe
1156	yehpkIX.exe
2608	fgjOXuE.exe
2808	SELwqrR.exe
336	ULgidJI.exe
1980	pWjvRmu.exe
1952	UIKvqkQ.exe
1808	CdILTns.exe
2328	FVbnSDt.exe
2560	xFwvvaA.exe
2096	hRuUhjO.exe
3044	jKatpVF.exe
668	xDbfBkv.exe
2084	xPxdwjY.exe
912	qrDvUEr.exe
1292	hWgNCxp.exe
2104	CTkbWlk.exe
1588	zqDjFkt.exe
2472	RrjGPOC.exe
936	JNgiKvD.exe
1960	VQaGfMm.exe
2604	atdOMUj.exe
1744	hecBGZs.exe
1480	CVbfnwT.exe
1212	ZDmWsMR.exe
888	tTWAlqE.exe
868	XXHtNlK.exe
1040	MkVVgin.exe
3028	ySyQUzx.exe
2196	wZbGwei.exe
1564	UdheURd.exe
2800	rayQiTW.exe
2948	dfSwvZL.exe
2988	XUMKekh.exe
2020	rVVJHLw.exe
1776	oFdbpzx.exe
1932	EFwlyJW.exe
3052	ycxHxMJ.exe
1556	YEejiwo.exe
2400	fFhffGJ.exe
2184	UrcqYGl.exe
2288	FdFCNnf.exe
604	KJpooMc.exe
2348	NLBaCTM.exe
2072	jURNLcK.exe
2292	KOyHywF.exe

Loads dropped DLL 64 IoCs

pid	Process
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1056-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x000b000000012263-3.dat	upx
behavioral1/files/0x0028000000016fe5-8.dat	upx
behavioral1/files/0x00080000000186b7-10.dat	upx
behavioral1/memory/2924-15-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x00150000000170f8-28.dat	upx
behavioral1/memory/2876-29-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2100-26-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0007000000018b50-38.dat	upx
behavioral1/files/0x0009000000018b59-58.dat	upx
behavioral1/memory/2876-71-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1376-89-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x000500000001975a-96.dat	upx
behavioral1/files/0x00050000000197fd-105.dat	upx
behavioral1/files/0x000500000001998d-118.dat	upx
behavioral1/files/0x000500000001a309-185.dat	upx
behavioral1/files/0x000500000001a3f6-193.dat	upx
behavioral1/memory/2592-2239-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2100-2303-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2736-2364-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2796-2413-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2360-2418-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2628-2417-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2876-2397-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2640-2404-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2116-2375-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/1376-2498-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/988-2482-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/1712-2478-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2932-2449-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2924-2277-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2360-272-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/files/0x000500000001a3f8-200.dat	upx
behavioral1/files/0x000500000001a3ab-191.dat	upx
behavioral1/files/0x000500000001a049-178.dat	upx
behavioral1/files/0x000500000001a0b6-183.dat	upx
behavioral1/files/0x000500000001a03c-173.dat	upx
behavioral1/files/0x0005000000019fdd-168.dat	upx
behavioral1/files/0x0005000000019fd4-163.dat	upx
behavioral1/files/0x0005000000019e92-159.dat	upx
behavioral1/files/0x0005000000019d6d-153.dat	upx
behavioral1/files/0x0005000000019d62-148.dat	upx
behavioral1/files/0x0005000000019d61-144.dat	upx
behavioral1/files/0x0005000000019c3c-138.dat	upx
behavioral1/files/0x0005000000019bf9-133.dat	upx
behavioral1/files/0x0005000000019bf6-128.dat	upx
behavioral1/files/0x0005000000019bf5-123.dat	upx
behavioral1/memory/2932-108-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0005000000019820-111.dat	upx
behavioral1/memory/988-100-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/1712-99-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x0005000000019761-93.dat	upx
behavioral1/memory/2360-76-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/files/0x0005000000019643-81.dat	upx
behavioral1/files/0x0006000000019489-74.dat	upx
behavioral1/memory/2628-70-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2796-62-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2100-60-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0008000000018b64-67.dat	upx
behavioral1/memory/2640-44-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2116-53-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/1056-50-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x0007000000018b54-48.dat	upx
behavioral1/memory/2736-37-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FXziuju.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovkWqAc.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQpwLFO.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yehpkIX.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSyPonc.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCbfHxd.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SxWgjQg.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onLjUCo.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kypsVzk.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXUTjAE.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbkSFjU.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNLBeEF.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWHduQu.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICZKACF.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSRqEUt.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdcCLXX.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsYbZJh.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtoxDSR.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYKHVvK.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sSZeySw.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuOsZQd.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGAkqLo.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKVSceO.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClcmljW.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhyeEnI.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLVqYjU.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCPAThS.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLegOWd.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZeiYFZI.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SORjpfQ.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQbfhMk.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paXjkNT.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERJsElJ.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TrfqHXw.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUKRGTL.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuYGmTs.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRQDGlx.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQZvaEp.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkLKJvj.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmuMEnk.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvrcfcJ.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYzrsUw.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueVxHeU.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvutsRw.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\teISFrU.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkWNgUp.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyKAYBu.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QtKprVt.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCLpwfs.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkQynsD.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgvTLYZ.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LPnYejV.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXSmUkh.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKzpAGK.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCsIFJd.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfsDEtJ.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhOKBWr.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPFEMbu.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQUXkDd.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQlVRnK.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpBORmM.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKatpVF.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeensEk.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xePGlgT.exe	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 2592	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1056 wrote to memory of 2592	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1056 wrote to memory of 2592	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1056 wrote to memory of 2924	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1056 wrote to memory of 2924	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1056 wrote to memory of 2924	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1056 wrote to memory of 2100	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1056 wrote to memory of 2100	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1056 wrote to memory of 2100	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1056 wrote to memory of 2876	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1056 wrote to memory of 2876	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1056 wrote to memory of 2876	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1056 wrote to memory of 2736	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1056 wrote to memory of 2736	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1056 wrote to memory of 2736	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1056 wrote to memory of 2640	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1056 wrote to memory of 2640	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1056 wrote to memory of 2640	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1056 wrote to memory of 2116	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1056 wrote to memory of 2116	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1056 wrote to memory of 2116	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1056 wrote to memory of 2796	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1056 wrote to memory of 2796	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1056 wrote to memory of 2796	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1056 wrote to memory of 2628	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1056 wrote to memory of 2628	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1056 wrote to memory of 2628	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1056 wrote to memory of 2360	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1056 wrote to memory of 2360	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1056 wrote to memory of 2360	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1056 wrote to memory of 1376	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1056 wrote to memory of 1376	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1056 wrote to memory of 1376	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1056 wrote to memory of 988	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1056 wrote to memory of 988	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1056 wrote to memory of 988	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1056 wrote to memory of 1712	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1056 wrote to memory of 1712	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1056 wrote to memory of 1712	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1056 wrote to memory of 2932	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1056 wrote to memory of 2932	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1056 wrote to memory of 2932	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1056 wrote to memory of 1800	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1056 wrote to memory of 1800	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1056 wrote to memory of 1800	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1056 wrote to memory of 564	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1056 wrote to memory of 564	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1056 wrote to memory of 564	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1056 wrote to memory of 1280	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1056 wrote to memory of 1280	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1056 wrote to memory of 1280	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1056 wrote to memory of 1724	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1056 wrote to memory of 1724	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1056 wrote to memory of 1724	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1056 wrote to memory of 2436	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1056 wrote to memory of 2436	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1056 wrote to memory of 2436	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1056 wrote to memory of 1156	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1056 wrote to memory of 1156	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1056 wrote to memory of 1156	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1056 wrote to memory of 2608	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1056 wrote to memory of 2608	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1056 wrote to memory of 2608	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1056 wrote to memory of 2808	1056	2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_8963688feee79e890306151d61f8be38_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Windows\System\gXtjgUA.exe
  C:\Windows\System\gXtjgUA.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\hqanrSd.exe
  C:\Windows\System\hqanrSd.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\VdcCLXX.exe
  C:\Windows\System\VdcCLXX.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\hAJcKFg.exe
  C:\Windows\System\hAJcKFg.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\EQlVRnK.exe
  C:\Windows\System\EQlVRnK.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\WgvTLYZ.exe
  C:\Windows\System\WgvTLYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\gjeACxa.exe
  C:\Windows\System\gjeACxa.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\VyALjsP.exe
  C:\Windows\System\VyALjsP.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\xKhhyhD.exe
  C:\Windows\System\xKhhyhD.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\DllWUSh.exe
  C:\Windows\System\DllWUSh.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\UGmlyqC.exe
  C:\Windows\System\UGmlyqC.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\sMxOAVF.exe
  C:\Windows\System\sMxOAVF.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\hvnCbyi.exe
  C:\Windows\System\hvnCbyi.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\vpBORmM.exe
  C:\Windows\System\vpBORmM.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\yOtTPPX.exe
  C:\Windows\System\yOtTPPX.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\pXndQef.exe
  C:\Windows\System\pXndQef.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\HcSxFNL.exe
  C:\Windows\System\HcSxFNL.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\mAVfcpI.exe
  C:\Windows\System\mAVfcpI.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\pjcbvIp.exe
  C:\Windows\System\pjcbvIp.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\yehpkIX.exe
  C:\Windows\System\yehpkIX.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\fgjOXuE.exe
  C:\Windows\System\fgjOXuE.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\SELwqrR.exe
  C:\Windows\System\SELwqrR.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\ULgidJI.exe
  C:\Windows\System\ULgidJI.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\pWjvRmu.exe
  C:\Windows\System\pWjvRmu.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\UIKvqkQ.exe
  C:\Windows\System\UIKvqkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\CdILTns.exe
  C:\Windows\System\CdILTns.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\FVbnSDt.exe
  C:\Windows\System\FVbnSDt.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\xFwvvaA.exe
  C:\Windows\System\xFwvvaA.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\hRuUhjO.exe
  C:\Windows\System\hRuUhjO.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\xPxdwjY.exe
  C:\Windows\System\xPxdwjY.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\jKatpVF.exe
  C:\Windows\System\jKatpVF.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\qrDvUEr.exe
  C:\Windows\System\qrDvUEr.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\xDbfBkv.exe
  C:\Windows\System\xDbfBkv.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\wZbGwei.exe
  C:\Windows\System\wZbGwei.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\hWgNCxp.exe
  C:\Windows\System\hWgNCxp.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\UdheURd.exe
  C:\Windows\System\UdheURd.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\CTkbWlk.exe
  C:\Windows\System\CTkbWlk.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\YEejiwo.exe
  C:\Windows\System\YEejiwo.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\zqDjFkt.exe
  C:\Windows\System\zqDjFkt.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\UrcqYGl.exe
  C:\Windows\System\UrcqYGl.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\RrjGPOC.exe
  C:\Windows\System\RrjGPOC.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\FdFCNnf.exe
  C:\Windows\System\FdFCNnf.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\JNgiKvD.exe
  C:\Windows\System\JNgiKvD.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\NLBaCTM.exe
  C:\Windows\System\NLBaCTM.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\VQaGfMm.exe
  C:\Windows\System\VQaGfMm.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\jURNLcK.exe
  C:\Windows\System\jURNLcK.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\atdOMUj.exe
  C:\Windows\System\atdOMUj.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\KOyHywF.exe
  C:\Windows\System\KOyHywF.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\hecBGZs.exe
  C:\Windows\System\hecBGZs.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\EDOuYjj.exe
  C:\Windows\System\EDOuYjj.exe
  2⤵
  PID:580
- C:\Windows\System\CVbfnwT.exe
  C:\Windows\System\CVbfnwT.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\uRzgfhu.exe
  C:\Windows\System\uRzgfhu.exe
  2⤵
  PID:1008
- C:\Windows\System\ZDmWsMR.exe
  C:\Windows\System\ZDmWsMR.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\JamTUrd.exe
  C:\Windows\System\JamTUrd.exe
  2⤵
  PID:2392
- C:\Windows\System\tTWAlqE.exe
  C:\Windows\System\tTWAlqE.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\gqYDhLv.exe
  C:\Windows\System\gqYDhLv.exe
  2⤵
  PID:2416
- C:\Windows\System\XXHtNlK.exe
  C:\Windows\System\XXHtNlK.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\upUQZmG.exe
  C:\Windows\System\upUQZmG.exe
  2⤵
  PID:1600
- C:\Windows\System\MkVVgin.exe
  C:\Windows\System\MkVVgin.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\iqOPAAv.exe
  C:\Windows\System\iqOPAAv.exe
  2⤵
  PID:2028
- C:\Windows\System\ySyQUzx.exe
  C:\Windows\System\ySyQUzx.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\WuYGmTs.exe
  C:\Windows\System\WuYGmTs.exe
  2⤵
  PID:2828
- C:\Windows\System\rayQiTW.exe
  C:\Windows\System\rayQiTW.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\WomTdqH.exe
  C:\Windows\System\WomTdqH.exe
  2⤵
  PID:648
- C:\Windows\System\dfSwvZL.exe
  C:\Windows\System\dfSwvZL.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\vJTilqV.exe
  C:\Windows\System\vJTilqV.exe
  2⤵
  PID:1696
- C:\Windows\System\XUMKekh.exe
  C:\Windows\System\XUMKekh.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\NxGhydJ.exe
  C:\Windows\System\NxGhydJ.exe
  2⤵
  PID:1728
- C:\Windows\System\rVVJHLw.exe
  C:\Windows\System\rVVJHLw.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\FICIhdT.exe
  C:\Windows\System\FICIhdT.exe
  2⤵
  PID:2000
- C:\Windows\System\oFdbpzx.exe
  C:\Windows\System\oFdbpzx.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\WuZtfvE.exe
  C:\Windows\System\WuZtfvE.exe
  2⤵
  PID:2544
- C:\Windows\System\EFwlyJW.exe
  C:\Windows\System\EFwlyJW.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\mqWZeKj.exe
  C:\Windows\System\mqWZeKj.exe
  2⤵
  PID:1972
- C:\Windows\System\ycxHxMJ.exe
  C:\Windows\System\ycxHxMJ.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\lVdBlJO.exe
  C:\Windows\System\lVdBlJO.exe
  2⤵
  PID:2332
- C:\Windows\System\fFhffGJ.exe
  C:\Windows\System\fFhffGJ.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\bIiCTHB.exe
  C:\Windows\System\bIiCTHB.exe
  2⤵
  PID:2488
- C:\Windows\System\KJpooMc.exe
  C:\Windows\System\KJpooMc.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\UDJbVsq.exe
  C:\Windows\System\UDJbVsq.exe
  2⤵
  PID:2680
- C:\Windows\System\gpVzaET.exe
  C:\Windows\System\gpVzaET.exe
  2⤵
  PID:2612
- C:\Windows\System\eFqxmfX.exe
  C:\Windows\System\eFqxmfX.exe
  2⤵
  PID:2432
- C:\Windows\System\qhmYtUk.exe
  C:\Windows\System\qhmYtUk.exe
  2⤵
  PID:2880
- C:\Windows\System\wGvmlQP.exe
  C:\Windows\System\wGvmlQP.exe
  2⤵
  PID:2172
- C:\Windows\System\IkKhpzB.exe
  C:\Windows\System\IkKhpzB.exe
  2⤵
  PID:2352
- C:\Windows\System\xNkeyRX.exe
  C:\Windows\System\xNkeyRX.exe
  2⤵
  PID:1092
- C:\Windows\System\xrFwHdF.exe
  C:\Windows\System\xrFwHdF.exe
  2⤵
  PID:956
- C:\Windows\System\QyBcBMp.exe
  C:\Windows\System\QyBcBMp.exe
  2⤵
  PID:2068
- C:\Windows\System\kVcGJRM.exe
  C:\Windows\System\kVcGJRM.exe
  2⤵
  PID:1368
- C:\Windows\System\ggahHhh.exe
  C:\Windows\System\ggahHhh.exe
  2⤵
  PID:112
- C:\Windows\System\iVzdSrQ.exe
  C:\Windows\System\iVzdSrQ.exe
  2⤵
  PID:932
- C:\Windows\System\fYyQPPv.exe
  C:\Windows\System\fYyQPPv.exe
  2⤵
  PID:2900
- C:\Windows\System\eZcbyOc.exe
  C:\Windows\System\eZcbyOc.exe
  2⤵
  PID:2192
- C:\Windows\System\hHYPFGa.exe
  C:\Windows\System\hHYPFGa.exe
  2⤵
  PID:1996
- C:\Windows\System\TJDAtQi.exe
  C:\Windows\System\TJDAtQi.exe
  2⤵
  PID:2868
- C:\Windows\System\GoZzZvQ.exe
  C:\Windows\System\GoZzZvQ.exe
  2⤵
  PID:2276
- C:\Windows\System\EytpiTx.exe
  C:\Windows\System\EytpiTx.exe
  2⤵
  PID:2308
- C:\Windows\System\kFTMFbe.exe
  C:\Windows\System\kFTMFbe.exe
  2⤵
  PID:1524
- C:\Windows\System\FyepRrH.exe
  C:\Windows\System\FyepRrH.exe
  2⤵
  PID:2504
- C:\Windows\System\aZkJOWN.exe
  C:\Windows\System\aZkJOWN.exe
  2⤵
  PID:2064
- C:\Windows\System\tqsIChB.exe
  C:\Windows\System\tqsIChB.exe
  2⤵
  PID:1576
- C:\Windows\System\BwPqmFB.exe
  C:\Windows\System\BwPqmFB.exe
  2⤵
  PID:2892
- C:\Windows\System\fumuZZY.exe
  C:\Windows\System\fumuZZY.exe
  2⤵
  PID:3040
- C:\Windows\System\LHQcXfa.exe
  C:\Windows\System\LHQcXfa.exe
  2⤵
  PID:1756
- C:\Windows\System\znTGPMG.exe
  C:\Windows\System\znTGPMG.exe
  2⤵
  PID:384
- C:\Windows\System\FYHuUWi.exe
  C:\Windows\System\FYHuUWi.exe
  2⤵
  PID:1548
- C:\Windows\System\rxYcfFA.exe
  C:\Windows\System\rxYcfFA.exe
  2⤵
  PID:924
- C:\Windows\System\SxNUnJq.exe
  C:\Windows\System\SxNUnJq.exe
  2⤵
  PID:2620
- C:\Windows\System\raninOl.exe
  C:\Windows\System\raninOl.exe
  2⤵
  PID:1452
- C:\Windows\System\roKsZzI.exe
  C:\Windows\System\roKsZzI.exe
  2⤵
  PID:1340
- C:\Windows\System\znnYQqn.exe
  C:\Windows\System\znnYQqn.exe
  2⤵
  PID:1624
- C:\Windows\System\NxVSAen.exe
  C:\Windows\System\NxVSAen.exe
  2⤵
  PID:2364
- C:\Windows\System\wOpVWBf.exe
  C:\Windows\System\wOpVWBf.exe
  2⤵
  PID:2228
- C:\Windows\System\HoLPONr.exe
  C:\Windows\System\HoLPONr.exe
  2⤵
  PID:784
- C:\Windows\System\yfIjxyy.exe
  C:\Windows\System\yfIjxyy.exe
  2⤵
  PID:1604
- C:\Windows\System\WAiTaRx.exe
  C:\Windows\System\WAiTaRx.exe
  2⤵
  PID:2448
- C:\Windows\System\aiuBfgc.exe
  C:\Windows\System\aiuBfgc.exe
  2⤵
  PID:832
- C:\Windows\System\SuFArFf.exe
  C:\Windows\System\SuFArFf.exe
  2⤵
  PID:3084
- C:\Windows\System\FUHSkJu.exe
  C:\Windows\System\FUHSkJu.exe
  2⤵
  PID:3104
- C:\Windows\System\NHtfVtS.exe
  C:\Windows\System\NHtfVtS.exe
  2⤵
  PID:3124
- C:\Windows\System\CltwNkU.exe
  C:\Windows\System\CltwNkU.exe
  2⤵
  PID:3140
- C:\Windows\System\hODfzfK.exe
  C:\Windows\System\hODfzfK.exe
  2⤵
  PID:3160
- C:\Windows\System\izSLmSI.exe
  C:\Windows\System\izSLmSI.exe
  2⤵
  PID:3184
- C:\Windows\System\rDBsdEz.exe
  C:\Windows\System\rDBsdEz.exe
  2⤵
  PID:3200
- C:\Windows\System\uOwaZbL.exe
  C:\Windows\System\uOwaZbL.exe
  2⤵
  PID:3224
- C:\Windows\System\mTgEvEz.exe
  C:\Windows\System\mTgEvEz.exe
  2⤵
  PID:3244
- C:\Windows\System\xJxpxte.exe
  C:\Windows\System\xJxpxte.exe
  2⤵
  PID:3264
- C:\Windows\System\XTZzAhv.exe
  C:\Windows\System\XTZzAhv.exe
  2⤵
  PID:3280
- C:\Windows\System\tpKgrIf.exe
  C:\Windows\System\tpKgrIf.exe
  2⤵
  PID:3304
- C:\Windows\System\qdmHOJJ.exe
  C:\Windows\System\qdmHOJJ.exe
  2⤵
  PID:3320
- C:\Windows\System\dwRAEfj.exe
  C:\Windows\System\dwRAEfj.exe
  2⤵
  PID:3336
- C:\Windows\System\REcSgLN.exe
  C:\Windows\System\REcSgLN.exe
  2⤵
  PID:3356
- C:\Windows\System\wmesgWr.exe
  C:\Windows\System\wmesgWr.exe
  2⤵
  PID:3376
- C:\Windows\System\DrdIgKL.exe
  C:\Windows\System\DrdIgKL.exe
  2⤵
  PID:3392
- C:\Windows\System\HpziNpO.exe
  C:\Windows\System\HpziNpO.exe
  2⤵
  PID:3412
- C:\Windows\System\AyUeJOk.exe
  C:\Windows\System\AyUeJOk.exe
  2⤵
  PID:3428
- C:\Windows\System\eSQFSZG.exe
  C:\Windows\System\eSQFSZG.exe
  2⤵
  PID:3452
- C:\Windows\System\WIBGLQY.exe
  C:\Windows\System\WIBGLQY.exe
  2⤵
  PID:3468
- C:\Windows\System\dyCOXVA.exe
  C:\Windows\System\dyCOXVA.exe
  2⤵
  PID:3492
- C:\Windows\System\CFVvSJJ.exe
  C:\Windows\System\CFVvSJJ.exe
  2⤵
  PID:3508
- C:\Windows\System\jAdmzGn.exe
  C:\Windows\System\jAdmzGn.exe
  2⤵
  PID:3532
- C:\Windows\System\mZzkmJE.exe
  C:\Windows\System\mZzkmJE.exe
  2⤵
  PID:3552
- C:\Windows\System\tDksHaD.exe
  C:\Windows\System\tDksHaD.exe
  2⤵
  PID:3576
- C:\Windows\System\lwWfZWu.exe
  C:\Windows\System\lwWfZWu.exe
  2⤵
  PID:3596
- C:\Windows\System\YcbRFrY.exe
  C:\Windows\System\YcbRFrY.exe
  2⤵
  PID:3620
- C:\Windows\System\TClcoTi.exe
  C:\Windows\System\TClcoTi.exe
  2⤵
  PID:3640
- C:\Windows\System\BAKGKvT.exe
  C:\Windows\System\BAKGKvT.exe
  2⤵
  PID:3664
- C:\Windows\System\ZMNfjsV.exe
  C:\Windows\System\ZMNfjsV.exe
  2⤵
  PID:3684
- C:\Windows\System\KNXMKDG.exe
  C:\Windows\System\KNXMKDG.exe
  2⤵
  PID:3700
- C:\Windows\System\HgVojvI.exe
  C:\Windows\System\HgVojvI.exe
  2⤵
  PID:3724
- C:\Windows\System\FJXGKmv.exe
  C:\Windows\System\FJXGKmv.exe
  2⤵
  PID:3744
- C:\Windows\System\gEUrBIN.exe
  C:\Windows\System\gEUrBIN.exe
  2⤵
  PID:3764
- C:\Windows\System\esHlNPa.exe
  C:\Windows\System\esHlNPa.exe
  2⤵
  PID:3784
- C:\Windows\System\vUnlimj.exe
  C:\Windows\System\vUnlimj.exe
  2⤵
  PID:3800
- C:\Windows\System\IZmwWif.exe
  C:\Windows\System\IZmwWif.exe
  2⤵
  PID:3828
- C:\Windows\System\AWZVAFP.exe
  C:\Windows\System\AWZVAFP.exe
  2⤵
  PID:3860
- C:\Windows\System\tldtPOq.exe
  C:\Windows\System\tldtPOq.exe
  2⤵
  PID:3884
- C:\Windows\System\hdMljyL.exe
  C:\Windows\System\hdMljyL.exe
  2⤵
  PID:3904
- C:\Windows\System\FgcaKLO.exe
  C:\Windows\System\FgcaKLO.exe
  2⤵
  PID:3932
- C:\Windows\System\oNlchVO.exe
  C:\Windows\System\oNlchVO.exe
  2⤵
  PID:3948
- C:\Windows\System\ZsYbZJh.exe
  C:\Windows\System\ZsYbZJh.exe
  2⤵
  PID:3968
- C:\Windows\System\eydcmHW.exe
  C:\Windows\System\eydcmHW.exe
  2⤵
  PID:3988
- C:\Windows\System\mKTuLgN.exe
  C:\Windows\System\mKTuLgN.exe
  2⤵
  PID:4008
- C:\Windows\System\ajUzeIU.exe
  C:\Windows\System\ajUzeIU.exe
  2⤵
  PID:4024
- C:\Windows\System\SFuwlLT.exe
  C:\Windows\System\SFuwlLT.exe
  2⤵
  PID:4044
- C:\Windows\System\cSEMfKQ.exe
  C:\Windows\System\cSEMfKQ.exe
  2⤵
  PID:4060
- C:\Windows\System\aUwNFlS.exe
  C:\Windows\System\aUwNFlS.exe
  2⤵
  PID:4084
- C:\Windows\System\EfWXFXH.exe
  C:\Windows\System\EfWXFXH.exe
  2⤵
  PID:2160
- C:\Windows\System\QKGawSU.exe
  C:\Windows\System\QKGawSU.exe
  2⤵
  PID:1472
- C:\Windows\System\hoLwLHW.exe
  C:\Windows\System\hoLwLHW.exe
  2⤵
  PID:2652
- C:\Windows\System\GGWNqgp.exe
  C:\Windows\System\GGWNqgp.exe
  2⤵
  PID:2372
- C:\Windows\System\KvFZqIa.exe
  C:\Windows\System\KvFZqIa.exe
  2⤵
  PID:3112
- C:\Windows\System\dRiXLSs.exe
  C:\Windows\System\dRiXLSs.exe
  2⤵
  PID:3156
- C:\Windows\System\pSyPonc.exe
  C:\Windows\System\pSyPonc.exe
  2⤵
  PID:3240
- C:\Windows\System\zocPmwI.exe
  C:\Windows\System\zocPmwI.exe
  2⤵
  PID:3316
- C:\Windows\System\WwTaSbY.exe
  C:\Windows\System\WwTaSbY.exe
  2⤵
  PID:2284
- C:\Windows\System\dEZRXhv.exe
  C:\Windows\System\dEZRXhv.exe
  2⤵
  PID:2144
- C:\Windows\System\LKZRkHO.exe
  C:\Windows\System\LKZRkHO.exe
  2⤵
  PID:2256
- C:\Windows\System\LPnYejV.exe
  C:\Windows\System\LPnYejV.exe
  2⤵
  PID:2580
- C:\Windows\System\FFaJeqC.exe
  C:\Windows\System\FFaJeqC.exe
  2⤵
  PID:2036
- C:\Windows\System\ouAmSAT.exe
  C:\Windows\System\ouAmSAT.exe
  2⤵
  PID:1152
- C:\Windows\System\hgsIDQP.exe
  C:\Windows\System\hgsIDQP.exe
  2⤵
  PID:1096
- C:\Windows\System\VzhTDwJ.exe
  C:\Windows\System\VzhTDwJ.exe
  2⤵
  PID:3584
- C:\Windows\System\cNkVoqe.exe
  C:\Windows\System\cNkVoqe.exe
  2⤵
  PID:3628
- C:\Windows\System\sesPNtj.exe
  C:\Windows\System\sesPNtj.exe
  2⤵
  PID:3636
- C:\Windows\System\ZclozPJ.exe
  C:\Windows\System\ZclozPJ.exe
  2⤵
  PID:3216
- C:\Windows\System\ouCPnEJ.exe
  C:\Windows\System\ouCPnEJ.exe
  2⤵
  PID:3288
- C:\Windows\System\UFYBesI.exe
  C:\Windows\System\UFYBesI.exe
  2⤵
  PID:3676
- C:\Windows\System\LGHKdhx.exe
  C:\Windows\System\LGHKdhx.exe
  2⤵
  PID:3328
- C:\Windows\System\xbEWOiZ.exe
  C:\Windows\System\xbEWOiZ.exe
  2⤵
  PID:3400
- C:\Windows\System\RHxZodt.exe
  C:\Windows\System\RHxZodt.exe
  2⤵
  PID:3440
- C:\Windows\System\FqPNRuG.exe
  C:\Windows\System\FqPNRuG.exe
  2⤵
  PID:3792
- C:\Windows\System\sjPIQLy.exe
  C:\Windows\System\sjPIQLy.exe
  2⤵
  PID:3520
- C:\Windows\System\rynWaae.exe
  C:\Windows\System\rynWaae.exe
  2⤵
  PID:3564
- C:\Windows\System\gApsWRe.exe
  C:\Windows\System\gApsWRe.exe
  2⤵
  PID:3660
- C:\Windows\System\LuCGCVj.exe
  C:\Windows\System\LuCGCVj.exe
  2⤵
  PID:3568
- C:\Windows\System\tbZwQMD.exe
  C:\Windows\System\tbZwQMD.exe
  2⤵
  PID:3692
- C:\Windows\System\BUcUwrp.exe
  C:\Windows\System\BUcUwrp.exe
  2⤵
  PID:3840
- C:\Windows\System\uZGAaRd.exe
  C:\Windows\System\uZGAaRd.exe
  2⤵
  PID:3852
- C:\Windows\System\nPyYbud.exe
  C:\Windows\System\nPyYbud.exe
  2⤵
  PID:3940
- C:\Windows\System\CnXJYlN.exe
  C:\Windows\System\CnXJYlN.exe
  2⤵
  PID:3976
- C:\Windows\System\LqOcPMu.exe
  C:\Windows\System\LqOcPMu.exe
  2⤵
  PID:3984
- C:\Windows\System\YJJbUQf.exe
  C:\Windows\System\YJJbUQf.exe
  2⤵
  PID:3928
- C:\Windows\System\BvJwROK.exe
  C:\Windows\System\BvJwROK.exe
  2⤵
  PID:4056
- C:\Windows\System\EPDOqXC.exe
  C:\Windows\System\EPDOqXC.exe
  2⤵
  PID:588
- C:\Windows\System\McgfdTF.exe
  C:\Windows\System\McgfdTF.exe
  2⤵
  PID:4000
- C:\Windows\System\bPPUTYA.exe
  C:\Windows\System\bPPUTYA.exe
  2⤵
  PID:4076
- C:\Windows\System\qWBQAux.exe
  C:\Windows\System\qWBQAux.exe
  2⤵
  PID:3080
- C:\Windows\System\TeensEk.exe
  C:\Windows\System\TeensEk.exe
  2⤵
  PID:1792
- C:\Windows\System\uIvxJRS.exe
  C:\Windows\System\uIvxJRS.exe
  2⤵
  PID:1252
- C:\Windows\System\lzMODpX.exe
  C:\Windows\System\lzMODpX.exe
  2⤵
  PID:3348
- C:\Windows\System\dQKrpiF.exe
  C:\Windows\System\dQKrpiF.exe
  2⤵
  PID:2920
- C:\Windows\System\ljWGSKb.exe
  C:\Windows\System\ljWGSKb.exe
  2⤵
  PID:3060
- C:\Windows\System\MCyWRKf.exe
  C:\Windows\System\MCyWRKf.exe
  2⤵
  PID:1148
- C:\Windows\System\lCJTvTb.exe
  C:\Windows\System\lCJTvTb.exe
  2⤵
  PID:3420
- C:\Windows\System\JuCwbmt.exe
  C:\Windows\System\JuCwbmt.exe
  2⤵
  PID:3424
- C:\Windows\System\witcqCj.exe
  C:\Windows\System\witcqCj.exe
  2⤵
  PID:3588
- C:\Windows\System\PkBXgBl.exe
  C:\Windows\System\PkBXgBl.exe
  2⤵
  PID:3672
- C:\Windows\System\rDOkRkq.exe
  C:\Windows\System\rDOkRkq.exe
  2⤵
  PID:3680
- C:\Windows\System\MWgyLUa.exe
  C:\Windows\System\MWgyLUa.exe
  2⤵
  PID:3176
- C:\Windows\System\QhPUGaU.exe
  C:\Windows\System\QhPUGaU.exe
  2⤵
  PID:3716
- C:\Windows\System\znILmSW.exe
  C:\Windows\System\znILmSW.exe
  2⤵
  PID:3756
- C:\Windows\System\jhagczP.exe
  C:\Windows\System\jhagczP.exe
  2⤵
  PID:3484
- C:\Windows\System\ebXPgOX.exe
  C:\Windows\System\ebXPgOX.exe
  2⤵
  PID:3480
- C:\Windows\System\ylfFEZP.exe
  C:\Windows\System\ylfFEZP.exe
  2⤵
  PID:3656
- C:\Windows\System\FftxSBz.exe
  C:\Windows\System\FftxSBz.exe
  2⤵
  PID:3736
- C:\Windows\System\AiCQEbc.exe
  C:\Windows\System\AiCQEbc.exe
  2⤵
  PID:3900
- C:\Windows\System\LtoxDSR.exe
  C:\Windows\System\LtoxDSR.exe
  2⤵
  PID:3812
- C:\Windows\System\BNDhKQo.exe
  C:\Windows\System\BNDhKQo.exe
  2⤵
  PID:1680
- C:\Windows\System\jPNVSxy.exe
  C:\Windows\System\jPNVSxy.exe
  2⤵
  PID:3960
- C:\Windows\System\zMnffzS.exe
  C:\Windows\System\zMnffzS.exe
  2⤵
  PID:4016
- C:\Windows\System\hALMGNP.exe
  C:\Windows\System\hALMGNP.exe
  2⤵
  PID:2712
- C:\Windows\System\gUChfNU.exe
  C:\Windows\System\gUChfNU.exe
  2⤵
  PID:2768
- C:\Windows\System\bhJbpPt.exe
  C:\Windows\System\bhJbpPt.exe
  2⤵
  PID:1504
- C:\Windows\System\bYKHVvK.exe
  C:\Windows\System\bYKHVvK.exe
  2⤵
  PID:2444
- C:\Windows\System\SORjpfQ.exe
  C:\Windows\System\SORjpfQ.exe
  2⤵
  PID:4068
- C:\Windows\System\dJLnVhL.exe
  C:\Windows\System\dJLnVhL.exe
  2⤵
  PID:3232
- C:\Windows\System\XXzxZkq.exe
  C:\Windows\System\XXzxZkq.exe
  2⤵
  PID:3448
- C:\Windows\System\HgWZgTY.exe
  C:\Windows\System\HgWZgTY.exe
  2⤵
  PID:3760
- C:\Windows\System\EUjtHmq.exe
  C:\Windows\System\EUjtHmq.exe
  2⤵
  PID:3544
- C:\Windows\System\JtqARta.exe
  C:\Windows\System\JtqARta.exe
  2⤵
  PID:3560
- C:\Windows\System\sgCwwvx.exe
  C:\Windows\System\sgCwwvx.exe
  2⤵
  PID:3876
- C:\Windows\System\lSozpuk.exe
  C:\Windows\System\lSozpuk.exe
  2⤵
  PID:3196
- C:\Windows\System\ndKzELl.exe
  C:\Windows\System\ndKzELl.exe
  2⤵
  PID:3252
- C:\Windows\System\weoIPVe.exe
  C:\Windows\System\weoIPVe.exe
  2⤵
  PID:3408
- C:\Windows\System\wujnHvg.exe
  C:\Windows\System\wujnHvg.exe
  2⤵
  PID:4104
- C:\Windows\System\gqzBEbz.exe
  C:\Windows\System\gqzBEbz.exe
  2⤵
  PID:4124
- C:\Windows\System\gHMQWui.exe
  C:\Windows\System\gHMQWui.exe
  2⤵
  PID:4140
- C:\Windows\System\lxbZHSN.exe
  C:\Windows\System\lxbZHSN.exe
  2⤵
  PID:4164
- C:\Windows\System\ajlXHaB.exe
  C:\Windows\System\ajlXHaB.exe
  2⤵
  PID:4180
- C:\Windows\System\MtLEoJC.exe
  C:\Windows\System\MtLEoJC.exe
  2⤵
  PID:4200
- C:\Windows\System\Uffxxmg.exe
  C:\Windows\System\Uffxxmg.exe
  2⤵
  PID:4228
- C:\Windows\System\IbxgNef.exe
  C:\Windows\System\IbxgNef.exe
  2⤵
  PID:4252
- C:\Windows\System\QRQDGlx.exe
  C:\Windows\System\QRQDGlx.exe
  2⤵
  PID:4272
- C:\Windows\System\cPUJFRR.exe
  C:\Windows\System\cPUJFRR.exe
  2⤵
  PID:4292
- C:\Windows\System\UGOJCOa.exe
  C:\Windows\System\UGOJCOa.exe
  2⤵
  PID:4312
- C:\Windows\System\mPkDyTz.exe
  C:\Windows\System\mPkDyTz.exe
  2⤵
  PID:4332
- C:\Windows\System\MEKaNhO.exe
  C:\Windows\System\MEKaNhO.exe
  2⤵
  PID:4352
- C:\Windows\System\NBqBymI.exe
  C:\Windows\System\NBqBymI.exe
  2⤵
  PID:4368
- C:\Windows\System\FXziuju.exe
  C:\Windows\System\FXziuju.exe
  2⤵
  PID:4392
- C:\Windows\System\sCrWLAe.exe
  C:\Windows\System\sCrWLAe.exe
  2⤵
  PID:4408
- C:\Windows\System\xlnoZuG.exe
  C:\Windows\System\xlnoZuG.exe
  2⤵
  PID:4432
- C:\Windows\System\fmNiEMO.exe
  C:\Windows\System\fmNiEMO.exe
  2⤵
  PID:4448
- C:\Windows\System\nAdPDiC.exe
  C:\Windows\System\nAdPDiC.exe
  2⤵
  PID:4468
- C:\Windows\System\iRrcIea.exe
  C:\Windows\System\iRrcIea.exe
  2⤵
  PID:4488
- C:\Windows\System\ddVwbEM.exe
  C:\Windows\System\ddVwbEM.exe
  2⤵
  PID:4516
- C:\Windows\System\tRGewKu.exe
  C:\Windows\System\tRGewKu.exe
  2⤵
  PID:4540
- C:\Windows\System\kUdptHR.exe
  C:\Windows\System\kUdptHR.exe
  2⤵
  PID:4560
- C:\Windows\System\OvLAAUh.exe
  C:\Windows\System\OvLAAUh.exe
  2⤵
  PID:4576
- C:\Windows\System\tqFJSuQ.exe
  C:\Windows\System\tqFJSuQ.exe
  2⤵
  PID:4600
- C:\Windows\System\IKrswHP.exe
  C:\Windows\System\IKrswHP.exe
  2⤵
  PID:4620
- C:\Windows\System\EQZvaEp.exe
  C:\Windows\System\EQZvaEp.exe
  2⤵
  PID:4640
- C:\Windows\System\tyJMFJx.exe
  C:\Windows\System\tyJMFJx.exe
  2⤵
  PID:4660
- C:\Windows\System\FDWXdLR.exe
  C:\Windows\System\FDWXdLR.exe
  2⤵
  PID:4680
- C:\Windows\System\uTxAGFG.exe
  C:\Windows\System\uTxAGFG.exe
  2⤵
  PID:4696
- C:\Windows\System\hbgrhzz.exe
  C:\Windows\System\hbgrhzz.exe
  2⤵
  PID:4716
- C:\Windows\System\pmHtdPF.exe
  C:\Windows\System\pmHtdPF.exe
  2⤵
  PID:4740
- C:\Windows\System\przXRuY.exe
  C:\Windows\System\przXRuY.exe
  2⤵
  PID:4760
- C:\Windows\System\nOnUsNW.exe
  C:\Windows\System\nOnUsNW.exe
  2⤵
  PID:4780
- C:\Windows\System\cMKmEXd.exe
  C:\Windows\System\cMKmEXd.exe
  2⤵
  PID:4800
- C:\Windows\System\kvQSNFZ.exe
  C:\Windows\System\kvQSNFZ.exe
  2⤵
  PID:4820
- C:\Windows\System\dlSfdTK.exe
  C:\Windows\System\dlSfdTK.exe
  2⤵
  PID:4840
- C:\Windows\System\bhZSnFN.exe
  C:\Windows\System\bhZSnFN.exe
  2⤵
  PID:4860
- C:\Windows\System\MVDaaUz.exe
  C:\Windows\System\MVDaaUz.exe
  2⤵
  PID:4880
- C:\Windows\System\UfssVoO.exe
  C:\Windows\System\UfssVoO.exe
  2⤵
  PID:4896
- C:\Windows\System\VCUQqLD.exe
  C:\Windows\System\VCUQqLD.exe
  2⤵
  PID:4920
- C:\Windows\System\ARzOALv.exe
  C:\Windows\System\ARzOALv.exe
  2⤵
  PID:4940
- C:\Windows\System\CBrTGdJ.exe
  C:\Windows\System\CBrTGdJ.exe
  2⤵
  PID:4960
- C:\Windows\System\ycyiFFr.exe
  C:\Windows\System\ycyiFFr.exe
  2⤵
  PID:4976
- C:\Windows\System\BtvsYSH.exe
  C:\Windows\System\BtvsYSH.exe
  2⤵
  PID:4996
- C:\Windows\System\PEGoQRm.exe
  C:\Windows\System\PEGoQRm.exe
  2⤵
  PID:5016
- C:\Windows\System\KtcbSlM.exe
  C:\Windows\System\KtcbSlM.exe
  2⤵
  PID:5036
- C:\Windows\System\wqeHDsB.exe
  C:\Windows\System\wqeHDsB.exe
  2⤵
  PID:5056
- C:\Windows\System\pSeblTh.exe
  C:\Windows\System\pSeblTh.exe
  2⤵
  PID:5072
- C:\Windows\System\lPCFWdc.exe
  C:\Windows\System\lPCFWdc.exe
  2⤵
  PID:5096
- C:\Windows\System\sSZeySw.exe
  C:\Windows\System\sSZeySw.exe
  2⤵
  PID:2760
- C:\Windows\System\EkqcDQe.exe
  C:\Windows\System\EkqcDQe.exe
  2⤵
  PID:3896
- C:\Windows\System\umhYOyZ.exe
  C:\Windows\System\umhYOyZ.exe
  2⤵
  PID:3820
- C:\Windows\System\UKQyHgn.exe
  C:\Windows\System\UKQyHgn.exe
  2⤵
  PID:2216
- C:\Windows\System\IZhAmms.exe
  C:\Windows\System\IZhAmms.exe
  2⤵
  PID:4040
- C:\Windows\System\hauEnHy.exe
  C:\Windows\System\hauEnHy.exe
  2⤵
  PID:3548
- C:\Windows\System\DehbWdr.exe
  C:\Windows\System\DehbWdr.exe
  2⤵
  PID:3372
- C:\Windows\System\aCTKwGf.exe
  C:\Windows\System\aCTKwGf.exe
  2⤵
  PID:3912
- C:\Windows\System\DldEHwP.exe
  C:\Windows\System\DldEHwP.exe
  2⤵
  PID:1912
- C:\Windows\System\dFrLMui.exe
  C:\Windows\System\dFrLMui.exe
  2⤵
  PID:4132
- C:\Windows\System\aDNyYlp.exe
  C:\Windows\System\aDNyYlp.exe
  2⤵
  PID:3256
- C:\Windows\System\xDfAsXA.exe
  C:\Windows\System\xDfAsXA.exe
  2⤵
  PID:4116
- C:\Windows\System\MYSxKBH.exe
  C:\Windows\System\MYSxKBH.exe
  2⤵
  PID:4216
- C:\Windows\System\oPCwASG.exe
  C:\Windows\System\oPCwASG.exe
  2⤵
  PID:4156
- C:\Windows\System\SujWFbs.exe
  C:\Windows\System\SujWFbs.exe
  2⤵
  PID:4260
- C:\Windows\System\mvQBPoC.exe
  C:\Windows\System\mvQBPoC.exe
  2⤵
  PID:4268
- C:\Windows\System\NubBbRu.exe
  C:\Windows\System\NubBbRu.exe
  2⤵
  PID:2860
- C:\Windows\System\BXizuXA.exe
  C:\Windows\System\BXizuXA.exe
  2⤵
  PID:2944
- C:\Windows\System\seejWvZ.exe
  C:\Windows\System\seejWvZ.exe
  2⤵
  PID:4384
- C:\Windows\System\cFjbTZD.exe
  C:\Windows\System\cFjbTZD.exe
  2⤵
  PID:4324
- C:\Windows\System\gfKRVPC.exe
  C:\Windows\System\gfKRVPC.exe
  2⤵
  PID:4360
- C:\Windows\System\nRQQPNB.exe
  C:\Windows\System\nRQQPNB.exe
  2⤵
  PID:4400
- C:\Windows\System\ZWAQSgn.exe
  C:\Windows\System\ZWAQSgn.exe
  2⤵
  PID:4508
- C:\Windows\System\DmsoPRs.exe
  C:\Windows\System\DmsoPRs.exe
  2⤵
  PID:4484
- C:\Windows\System\UrPKJdN.exe
  C:\Windows\System\UrPKJdN.exe
  2⤵
  PID:4536
- C:\Windows\System\MlNiNbz.exe
  C:\Windows\System\MlNiNbz.exe
  2⤵
  PID:4584
- C:\Windows\System\emzfHUX.exe
  C:\Windows\System\emzfHUX.exe
  2⤵
  PID:4588
- C:\Windows\System\fiyYixm.exe
  C:\Windows\System\fiyYixm.exe
  2⤵
  PID:4608
- C:\Windows\System\KqlBvTo.exe
  C:\Windows\System\KqlBvTo.exe
  2⤵
  PID:4648
- C:\Windows\System\MVjZekF.exe
  C:\Windows\System\MVjZekF.exe
  2⤵
  PID:4652
- C:\Windows\System\ZTvzTJs.exe
  C:\Windows\System\ZTvzTJs.exe
  2⤵
  PID:4752
- C:\Windows\System\wrLUcRV.exe
  C:\Windows\System\wrLUcRV.exe
  2⤵
  PID:4832
- C:\Windows\System\AqqBfYD.exe
  C:\Windows\System\AqqBfYD.exe
  2⤵
  PID:4692
- C:\Windows\System\VrjLMcq.exe
  C:\Windows\System\VrjLMcq.exe
  2⤵
  PID:4872
- C:\Windows\System\AQGKxuG.exe
  C:\Windows\System\AQGKxuG.exe
  2⤵
  PID:4916
- C:\Windows\System\jlpbgml.exe
  C:\Windows\System\jlpbgml.exe
  2⤵
  PID:4816
- C:\Windows\System\WEFObVi.exe
  C:\Windows\System\WEFObVi.exe
  2⤵
  PID:4992
- C:\Windows\System\iQNMVbB.exe
  C:\Windows\System\iQNMVbB.exe
  2⤵
  PID:4888
- C:\Windows\System\FvyDIFS.exe
  C:\Windows\System\FvyDIFS.exe
  2⤵
  PID:4936
- C:\Windows\System\wAnkvDU.exe
  C:\Windows\System\wAnkvDU.exe
  2⤵
  PID:5064
- C:\Windows\System\YDMcAOV.exe
  C:\Windows\System\YDMcAOV.exe
  2⤵
  PID:5116
- C:\Windows\System\aWttiex.exe
  C:\Windows\System\aWttiex.exe
  2⤵
  PID:5044
- C:\Windows\System\yesXUvF.exe
  C:\Windows\System\yesXUvF.exe
  2⤵
  PID:5092
- C:\Windows\System\HMbDgYy.exe
  C:\Windows\System\HMbDgYy.exe
  2⤵
  PID:2320
- C:\Windows\System\XJeqGqE.exe
  C:\Windows\System\XJeqGqE.exe
  2⤵
  PID:2380
- C:\Windows\System\edGeTSa.exe
  C:\Windows\System\edGeTSa.exe
  2⤵
  PID:3312
- C:\Windows\System\IiJQZOL.exe
  C:\Windows\System\IiJQZOL.exe
  2⤵
  PID:3096
- C:\Windows\System\cYgtjgP.exe
  C:\Windows\System\cYgtjgP.exe
  2⤵
  PID:2692
- C:\Windows\System\HvoRhrx.exe
  C:\Windows\System\HvoRhrx.exe
  2⤵
  PID:4208
- C:\Windows\System\QaDnAdS.exe
  C:\Windows\System\QaDnAdS.exe
  2⤵
  PID:3220
- C:\Windows\System\kypsVzk.exe
  C:\Windows\System\kypsVzk.exe
  2⤵
  PID:2864
- C:\Windows\System\EXSmUkh.exe
  C:\Windows\System\EXSmUkh.exe
  2⤵
  PID:4300
- C:\Windows\System\LWHduQu.exe
  C:\Windows\System\LWHduQu.exe
  2⤵
  PID:4348
- C:\Windows\System\qVWmjZQ.exe
  C:\Windows\System\qVWmjZQ.exe
  2⤵
  PID:4280
- C:\Windows\System\mhRMLMe.exe
  C:\Windows\System\mhRMLMe.exe
  2⤵
  PID:4288
- C:\Windows\System\YTRTMIx.exe
  C:\Windows\System\YTRTMIx.exe
  2⤵
  PID:4460
- C:\Windows\System\LMmNXLf.exe
  C:\Windows\System\LMmNXLf.exe
  2⤵
  PID:4428
- C:\Windows\System\MymzzGe.exe
  C:\Windows\System\MymzzGe.exe
  2⤵
  PID:4500
- C:\Windows\System\aXDseOI.exe
  C:\Windows\System\aXDseOI.exe
  2⤵
  PID:4616
- C:\Windows\System\TZJeLyl.exe
  C:\Windows\System\TZJeLyl.exe
  2⤵
  PID:964
- C:\Windows\System\wPgdBkt.exe
  C:\Windows\System\wPgdBkt.exe
  2⤵
  PID:4628
- C:\Windows\System\gziLDPD.exe
  C:\Windows\System\gziLDPD.exe
  2⤵
  PID:4876
- C:\Windows\System\fYAsOnn.exe
  C:\Windows\System\fYAsOnn.exe
  2⤵
  PID:4796
- C:\Windows\System\tpJzSUl.exe
  C:\Windows\System\tpJzSUl.exe
  2⤵
  PID:4948
- C:\Windows\System\vlViSVV.exe
  C:\Windows\System\vlViSVV.exe
  2⤵
  PID:4952
- C:\Windows\System\yjaDDFu.exe
  C:\Windows\System\yjaDDFu.exe
  2⤵
  PID:4812
- C:\Windows\System\ywTOSDB.exe
  C:\Windows\System\ywTOSDB.exe
  2⤵
  PID:5028
- C:\Windows\System\jkNjIAJ.exe
  C:\Windows\System\jkNjIAJ.exe
  2⤵
  PID:5052
- C:\Windows\System\KSSUwPT.exe
  C:\Windows\System\KSSUwPT.exe
  2⤵
  PID:5012
- C:\Windows\System\XXjObvl.exe
  C:\Windows\System\XXjObvl.exe
  2⤵
  PID:3780
- C:\Windows\System\rUyFhux.exe
  C:\Windows\System\rUyFhux.exe
  2⤵
  PID:3368
- C:\Windows\System\gnZwlab.exe
  C:\Windows\System\gnZwlab.exe
  2⤵
  PID:2708
- C:\Windows\System\nqNKtBB.exe
  C:\Windows\System\nqNKtBB.exe
  2⤵
  PID:4148
- C:\Windows\System\IUdqkcZ.exe
  C:\Windows\System\IUdqkcZ.exe
  2⤵
  PID:2556
- C:\Windows\System\JzpBOvR.exe
  C:\Windows\System\JzpBOvR.exe
  2⤵
  PID:4264
- C:\Windows\System\NIZSacv.exe
  C:\Windows\System\NIZSacv.exe
  2⤵
  PID:2960
- C:\Windows\System\oJSmuQi.exe
  C:\Windows\System\oJSmuQi.exe
  2⤵
  PID:4236
- C:\Windows\System\aoSykhl.exe
  C:\Windows\System\aoSykhl.exe
  2⤵
  PID:1924
- C:\Windows\System\rJOFoHO.exe
  C:\Windows\System\rJOFoHO.exe
  2⤵
  PID:4676
- C:\Windows\System\rWjCyZI.exe
  C:\Windows\System\rWjCyZI.exe
  2⤵
  PID:4568
- C:\Windows\System\PVUzHOK.exe
  C:\Windows\System\PVUzHOK.exe
  2⤵
  PID:3024
- C:\Windows\System\ZodwKhy.exe
  C:\Windows\System\ZodwKhy.exe
  2⤵
  PID:4772
- C:\Windows\System\TuCxcvF.exe
  C:\Windows\System\TuCxcvF.exe
  2⤵
  PID:4852
- C:\Windows\System\OCpguAV.exe
  C:\Windows\System\OCpguAV.exe
  2⤵
  PID:4984
- C:\Windows\System\GaxEaCW.exe
  C:\Windows\System\GaxEaCW.exe
  2⤵
  PID:4972
- C:\Windows\System\oDedtbv.exe
  C:\Windows\System\oDedtbv.exe
  2⤵
  PID:5112
- C:\Windows\System\qSlJUcH.exe
  C:\Windows\System\qSlJUcH.exe
  2⤵
  PID:4224
- C:\Windows\System\IvUECax.exe
  C:\Windows\System\IvUECax.exe
  2⤵
  PID:1484
- C:\Windows\System\icLxQKh.exe
  C:\Windows\System\icLxQKh.exe
  2⤵
  PID:3528
- C:\Windows\System\sGnpiQo.exe
  C:\Windows\System\sGnpiQo.exe
  2⤵
  PID:5128
- C:\Windows\System\SQbfhMk.exe
  C:\Windows\System\SQbfhMk.exe
  2⤵
  PID:5152
- C:\Windows\System\JBURRTV.exe
  C:\Windows\System\JBURRTV.exe
  2⤵
  PID:5176
- C:\Windows\System\BkPldCg.exe
  C:\Windows\System\BkPldCg.exe
  2⤵
  PID:5200
- C:\Windows\System\JIEuLFZ.exe
  C:\Windows\System\JIEuLFZ.exe
  2⤵
  PID:5224
- C:\Windows\System\LEKiOEh.exe
  C:\Windows\System\LEKiOEh.exe
  2⤵
  PID:5240
- C:\Windows\System\UKzpAGK.exe
  C:\Windows\System\UKzpAGK.exe
  2⤵
  PID:5264
- C:\Windows\System\mpyrGRs.exe
  C:\Windows\System\mpyrGRs.exe
  2⤵
  PID:5284
- C:\Windows\System\XDPddSz.exe
  C:\Windows\System\XDPddSz.exe
  2⤵
  PID:5300
- C:\Windows\System\pkdJnuY.exe
  C:\Windows\System\pkdJnuY.exe
  2⤵
  PID:5324
- C:\Windows\System\iqntSJF.exe
  C:\Windows\System\iqntSJF.exe
  2⤵
  PID:5344
- C:\Windows\System\PzKrJUK.exe
  C:\Windows\System\PzKrJUK.exe
  2⤵
  PID:5364
- C:\Windows\System\CuxKhdQ.exe
  C:\Windows\System\CuxKhdQ.exe
  2⤵
  PID:5380
- C:\Windows\System\lqcVUtB.exe
  C:\Windows\System\lqcVUtB.exe
  2⤵
  PID:5404
- C:\Windows\System\gUuDiMH.exe
  C:\Windows\System\gUuDiMH.exe
  2⤵
  PID:5420
- C:\Windows\System\ICZKACF.exe
  C:\Windows\System\ICZKACF.exe
  2⤵
  PID:5440
- C:\Windows\System\iXEeVZP.exe
  C:\Windows\System\iXEeVZP.exe
  2⤵
  PID:5464
- C:\Windows\System\UuYxThN.exe
  C:\Windows\System\UuYxThN.exe
  2⤵
  PID:5484
- C:\Windows\System\HZUMuih.exe
  C:\Windows\System\HZUMuih.exe
  2⤵
  PID:5504
- C:\Windows\System\RCEFJBy.exe
  C:\Windows\System\RCEFJBy.exe
  2⤵
  PID:5524
- C:\Windows\System\kcDIxpo.exe
  C:\Windows\System\kcDIxpo.exe
  2⤵
  PID:5540
- C:\Windows\System\TUnxzfY.exe
  C:\Windows\System\TUnxzfY.exe
  2⤵
  PID:5564
- C:\Windows\System\JJvZvfK.exe
  C:\Windows\System\JJvZvfK.exe
  2⤵
  PID:5584
- C:\Windows\System\wbcytGZ.exe
  C:\Windows\System\wbcytGZ.exe
  2⤵
  PID:5604
- C:\Windows\System\PAaZBdt.exe
  C:\Windows\System\PAaZBdt.exe
  2⤵
  PID:5624
- C:\Windows\System\LJWyJee.exe
  C:\Windows\System\LJWyJee.exe
  2⤵
  PID:5648
- C:\Windows\System\XmRIsJs.exe
  C:\Windows\System\XmRIsJs.exe
  2⤵
  PID:5668
- C:\Windows\System\pSepcJr.exe
  C:\Windows\System\pSepcJr.exe
  2⤵
  PID:5688
- C:\Windows\System\lzzeEUS.exe
  C:\Windows\System\lzzeEUS.exe
  2⤵
  PID:5708
- C:\Windows\System\XWBVWaj.exe
  C:\Windows\System\XWBVWaj.exe
  2⤵
  PID:5728
- C:\Windows\System\vkbUyxg.exe
  C:\Windows\System\vkbUyxg.exe
  2⤵
  PID:5748
- C:\Windows\System\VMqtAwt.exe
  C:\Windows\System\VMqtAwt.exe
  2⤵
  PID:5768
- C:\Windows\System\qCxsCPG.exe
  C:\Windows\System\qCxsCPG.exe
  2⤵
  PID:5788
- C:\Windows\System\wmeLjEJ.exe
  C:\Windows\System\wmeLjEJ.exe
  2⤵
  PID:5808
- C:\Windows\System\dQiVSBX.exe
  C:\Windows\System\dQiVSBX.exe
  2⤵
  PID:5832
- C:\Windows\System\CocGVwU.exe
  C:\Windows\System\CocGVwU.exe
  2⤵
  PID:5852
- C:\Windows\System\upVZWPY.exe
  C:\Windows\System\upVZWPY.exe
  2⤵
  PID:5872
- C:\Windows\System\vhSUArm.exe
  C:\Windows\System\vhSUArm.exe
  2⤵
  PID:5888
- C:\Windows\System\kGEEnfj.exe
  C:\Windows\System\kGEEnfj.exe
  2⤵
  PID:5912
- C:\Windows\System\YIkwUbS.exe
  C:\Windows\System\YIkwUbS.exe
  2⤵
  PID:5932
- C:\Windows\System\AYaNVdZ.exe
  C:\Windows\System\AYaNVdZ.exe
  2⤵
  PID:5952
- C:\Windows\System\rmoGxrt.exe
  C:\Windows\System\rmoGxrt.exe
  2⤵
  PID:5972
- C:\Windows\System\iEXWIee.exe
  C:\Windows\System\iEXWIee.exe
  2⤵
  PID:5988
- C:\Windows\System\aKylSwY.exe
  C:\Windows\System\aKylSwY.exe
  2⤵
  PID:6012
- C:\Windows\System\aMPirvZ.exe
  C:\Windows\System\aMPirvZ.exe
  2⤵
  PID:6032
- C:\Windows\System\GpzmtBq.exe
  C:\Windows\System\GpzmtBq.exe
  2⤵
  PID:6052
- C:\Windows\System\RCbgbLh.exe
  C:\Windows\System\RCbgbLh.exe
  2⤵
  PID:6072
- C:\Windows\System\sIHxAIv.exe
  C:\Windows\System\sIHxAIv.exe
  2⤵
  PID:6092
- C:\Windows\System\FhuQBnG.exe
  C:\Windows\System\FhuQBnG.exe
  2⤵
  PID:6108
- C:\Windows\System\GvAxgXd.exe
  C:\Windows\System\GvAxgXd.exe
  2⤵
  PID:6124
- C:\Windows\System\DNEiETj.exe
  C:\Windows\System\DNEiETj.exe
  2⤵
  PID:2788
- C:\Windows\System\nAiXLzY.exe
  C:\Windows\System\nAiXLzY.exe
  2⤵
  PID:3100
- C:\Windows\System\RKVxfKB.exe
  C:\Windows\System\RKVxfKB.exe
  2⤵
  PID:4456
- C:\Windows\System\XiKwgUv.exe
  C:\Windows\System\XiKwgUv.exe
  2⤵
  PID:4768
- C:\Windows\System\bIFqOWs.exe
  C:\Windows\System\bIFqOWs.exe
  2⤵
  PID:4856
- C:\Windows\System\KlbjeuC.exe
  C:\Windows\System\KlbjeuC.exe
  2⤵
  PID:5084
- C:\Windows\System\fPslnQu.exe
  C:\Windows\System\fPslnQu.exe
  2⤵
  PID:2908
- C:\Windows\System\QCsIFJd.exe
  C:\Windows\System\QCsIFJd.exe
  2⤵
  PID:3000
- C:\Windows\System\tcNWUVy.exe
  C:\Windows\System\tcNWUVy.exe
  2⤵
  PID:5136
- C:\Windows\System\bHZTsls.exe
  C:\Windows\System\bHZTsls.exe
  2⤵
  PID:5124
- C:\Windows\System\BSObtwN.exe
  C:\Windows\System\BSObtwN.exe
  2⤵
  PID:264
- C:\Windows\System\tslFXkd.exe
  C:\Windows\System\tslFXkd.exe
  2⤵
  PID:2636
- C:\Windows\System\FwXqaMc.exe
  C:\Windows\System\FwXqaMc.exe
  2⤵
  PID:5212
- C:\Windows\System\oOcaimd.exe
  C:\Windows\System\oOcaimd.exe
  2⤵
  PID:5252
- C:\Windows\System\sacjHGT.exe
  C:\Windows\System\sacjHGT.exe
  2⤵
  PID:5308
- C:\Windows\System\zMYMOIw.exe
  C:\Windows\System\zMYMOIw.exe
  2⤵
  PID:5296
- C:\Windows\System\FXUTjAE.exe
  C:\Windows\System\FXUTjAE.exe
  2⤵
  PID:5360
- C:\Windows\System\IEujQbi.exe
  C:\Windows\System\IEujQbi.exe
  2⤵
  PID:5372
- C:\Windows\System\nMIkEpN.exe
  C:\Windows\System\nMIkEpN.exe
  2⤵
  PID:5416
- C:\Windows\System\dQeQbRD.exe
  C:\Windows\System\dQeQbRD.exe
  2⤵
  PID:5480
- C:\Windows\System\SwOKGMW.exe
  C:\Windows\System\SwOKGMW.exe
  2⤵
  PID:5520
- C:\Windows\System\iUggMUJ.exe
  C:\Windows\System\iUggMUJ.exe
  2⤵
  PID:5516
- C:\Windows\System\paXjkNT.exe
  C:\Windows\System\paXjkNT.exe
  2⤵
  PID:2232
- C:\Windows\System\TBvqotq.exe
  C:\Windows\System\TBvqotq.exe
  2⤵
  PID:5592
- C:\Windows\System\zgrMIvA.exe
  C:\Windows\System\zgrMIvA.exe
  2⤵
  PID:5612
- C:\Windows\System\jcCzoXs.exe
  C:\Windows\System\jcCzoXs.exe
  2⤵
  PID:5676
- C:\Windows\System\jsEVVBr.exe
  C:\Windows\System\jsEVVBr.exe
  2⤵
  PID:5696
- C:\Windows\System\fAxKUFf.exe
  C:\Windows\System\fAxKUFf.exe
  2⤵
  PID:5700
- C:\Windows\System\GfqxnVp.exe
  C:\Windows\System\GfqxnVp.exe
  2⤵
  PID:5736
- C:\Windows\System\aSRqEUt.exe
  C:\Windows\System\aSRqEUt.exe
  2⤵
  PID:5796
- C:\Windows\System\mkLKJvj.exe
  C:\Windows\System\mkLKJvj.exe
  2⤵
  PID:5816
- C:\Windows\System\TqOBMbt.exe
  C:\Windows\System\TqOBMbt.exe
  2⤵
  PID:5848
- C:\Windows\System\bXirfWh.exe
  C:\Windows\System\bXirfWh.exe
  2⤵
  PID:5884
- C:\Windows\System\eBnEkAL.exe
  C:\Windows\System\eBnEkAL.exe
  2⤵
  PID:5968
- C:\Windows\System\IhLgJax.exe
  C:\Windows\System\IhLgJax.exe
  2⤵
  PID:6004
- C:\Windows\System\UdIZlAn.exe
  C:\Windows\System\UdIZlAn.exe
  2⤵
  PID:6080
- C:\Windows\System\lspZwfn.exe
  C:\Windows\System\lspZwfn.exe
  2⤵
  PID:4440
- C:\Windows\System\JgWpDDh.exe
  C:\Windows\System\JgWpDDh.exe
  2⤵
  PID:4556
- C:\Windows\System\JUxWmPG.exe
  C:\Windows\System\JUxWmPG.exe
  2⤵
  PID:5948
- C:\Windows\System\wjZTbcB.exe
  C:\Windows\System\wjZTbcB.exe
  2⤵
  PID:6020
- C:\Windows\System\mWizIek.exe
  C:\Windows\System\mWizIek.exe
  2⤵
  PID:5008
- C:\Windows\System\eJmAPyC.exe
  C:\Windows\System\eJmAPyC.exe
  2⤵
  PID:6100
- C:\Windows\System\IiGgIiF.exe
  C:\Windows\System\IiGgIiF.exe
  2⤵
  PID:6136
- C:\Windows\System\GWhltde.exe
  C:\Windows\System\GWhltde.exe
  2⤵
  PID:3436
- C:\Windows\System\KrRFYzW.exe
  C:\Windows\System\KrRFYzW.exe
  2⤵
  PID:4836
- C:\Windows\System\sEhWDLz.exe
  C:\Windows\System\sEhWDLz.exe
  2⤵
  PID:4192
- C:\Windows\System\ABoMWJZ.exe
  C:\Windows\System\ABoMWJZ.exe
  2⤵
  PID:2984
- C:\Windows\System\TGeKAZu.exe
  C:\Windows\System\TGeKAZu.exe
  2⤵
  PID:5164
- C:\Windows\System\bvKWLHO.exe
  C:\Windows\System\bvKWLHO.exe
  2⤵
  PID:5248
- C:\Windows\System\ikgyHZV.exe
  C:\Windows\System\ikgyHZV.exe
  2⤵
  PID:5208
- C:\Windows\System\xDmYZPm.exe
  C:\Windows\System\xDmYZPm.exe
  2⤵
  PID:5396
- C:\Windows\System\KwzAvrg.exe
  C:\Windows\System\KwzAvrg.exe
  2⤵
  PID:5356
- C:\Windows\System\vBnpZzr.exe
  C:\Windows\System\vBnpZzr.exe
  2⤵
  PID:5496
- C:\Windows\System\mbBfSsA.exe
  C:\Windows\System\mbBfSsA.exe
  2⤵
  PID:5220
- C:\Windows\System\JsOncLd.exe
  C:\Windows\System\JsOncLd.exe
  2⤵
  PID:5556
- C:\Windows\System\RlLMjBV.exe
  C:\Windows\System\RlLMjBV.exe
  2⤵
  PID:5828
- C:\Windows\System\DUAfDXg.exe
  C:\Windows\System\DUAfDXg.exe
  2⤵
  PID:2820
- C:\Windows\System\aYaQCxK.exe
  C:\Windows\System\aYaQCxK.exe
  2⤵
  PID:5632
- C:\Windows\System\Ojcsqgc.exe
  C:\Windows\System\Ojcsqgc.exe
  2⤵
  PID:5764
- C:\Windows\System\AElrmXN.exe
  C:\Windows\System\AElrmXN.exe
  2⤵
  PID:276
- C:\Windows\System\pRRZKkC.exe
  C:\Windows\System\pRRZKkC.exe
  2⤵
  PID:5960
- C:\Windows\System\HOzyJSJ.exe
  C:\Windows\System\HOzyJSJ.exe
  2⤵
  PID:5868
- C:\Windows\System\mcUTYOZ.exe
  C:\Windows\System\mcUTYOZ.exe
  2⤵
  PID:6000
- C:\Windows\System\LAanVBZ.exe
  C:\Windows\System\LAanVBZ.exe
  2⤵
  PID:1788
- C:\Windows\System\iImXoor.exe
  C:\Windows\System\iImXoor.exe
  2⤵
  PID:6068
- C:\Windows\System\drScwLY.exe
  C:\Windows\System\drScwLY.exe
  2⤵
  PID:6064
- C:\Windows\System\dFNeRiZ.exe
  C:\Windows\System\dFNeRiZ.exe
  2⤵
  PID:5144
- C:\Windows\System\emqieyF.exe
  C:\Windows\System\emqieyF.exe
  2⤵
  PID:4632
- C:\Windows\System\aNDSHQS.exe
  C:\Windows\System\aNDSHQS.exe
  2⤵
  PID:5196
- C:\Windows\System\iKpRgMW.exe
  C:\Windows\System\iKpRgMW.exe
  2⤵
  PID:5292
- C:\Windows\System\hQTWGco.exe
  C:\Windows\System\hQTWGco.exe
  2⤵
  PID:5436
- C:\Windows\System\FkQBlrJ.exe
  C:\Windows\System\FkQBlrJ.exe
  2⤵
  PID:6132
- C:\Windows\System\ZuMaFMk.exe
  C:\Windows\System\ZuMaFMk.exe
  2⤵
  PID:5536
- C:\Windows\System\grIKjBQ.exe
  C:\Windows\System\grIKjBQ.exe
  2⤵
  PID:5400
- C:\Windows\System\HJUrtDQ.exe
  C:\Windows\System\HJUrtDQ.exe
  2⤵
  PID:1676
- C:\Windows\System\QtKprVt.exe
  C:\Windows\System\QtKprVt.exe
  2⤵
  PID:5500
- C:\Windows\System\pCERIPx.exe
  C:\Windows\System\pCERIPx.exe
  2⤵
  PID:5640
- C:\Windows\System\YtAMXEF.exe
  C:\Windows\System\YtAMXEF.exe
  2⤵
  PID:6116
- C:\Windows\System\GQOFKQJ.exe
  C:\Windows\System\GQOFKQJ.exe
  2⤵
  PID:5944
- C:\Windows\System\tAsCNul.exe
  C:\Windows\System\tAsCNul.exe
  2⤵
  PID:5860
- C:\Windows\System\aDnXQvP.exe
  C:\Windows\System\aDnXQvP.exe
  2⤵
  PID:5900
- C:\Windows\System\jHMKIAT.exe
  C:\Windows\System\jHMKIAT.exe
  2⤵
  PID:4928
- C:\Windows\System\iNjRsko.exe
  C:\Windows\System\iNjRsko.exe
  2⤵
  PID:1616
- C:\Windows\System\mPCGEqc.exe
  C:\Windows\System\mPCGEqc.exe
  2⤵
  PID:5148
- C:\Windows\System\tApLpmv.exe
  C:\Windows\System\tApLpmv.exe
  2⤵
  PID:4340
- C:\Windows\System\iQTapWq.exe
  C:\Windows\System\iQTapWq.exe
  2⤵
  PID:4420
- C:\Windows\System\xfYNPpQ.exe
  C:\Windows\System\xfYNPpQ.exe
  2⤵
  PID:5432
- C:\Windows\System\dCLpwfs.exe
  C:\Windows\System\dCLpwfs.exe
  2⤵
  PID:1468
- C:\Windows\System\cqAJBzc.exe
  C:\Windows\System\cqAJBzc.exe
  2⤵
  PID:5472
- C:\Windows\System\ibvqNzz.exe
  C:\Windows\System\ibvqNzz.exe
  2⤵
  PID:5800
- C:\Windows\System\OikdzMn.exe
  C:\Windows\System\OikdzMn.exe
  2⤵
  PID:5512
- C:\Windows\System\ZRXWhbz.exe
  C:\Windows\System\ZRXWhbz.exe
  2⤵
  PID:5940
- C:\Windows\System\AQGUQeo.exe
  C:\Windows\System\AQGUQeo.exe
  2⤵
  PID:3092
- C:\Windows\System\BHqQPld.exe
  C:\Windows\System\BHqQPld.exe
  2⤵
  PID:5316
- C:\Windows\System\oPHearV.exe
  C:\Windows\System\oPHearV.exe
  2⤵
  PID:5160
- C:\Windows\System\XDKSZOJ.exe
  C:\Windows\System\XDKSZOJ.exe
  2⤵
  PID:6140
- C:\Windows\System\cCbfHxd.exe
  C:\Windows\System\cCbfHxd.exe
  2⤵
  PID:3036
- C:\Windows\System\ajNOQEG.exe
  C:\Windows\System\ajNOQEG.exe
  2⤵
  PID:6120
- C:\Windows\System\MqEixZv.exe
  C:\Windows\System\MqEixZv.exe
  2⤵
  PID:5352
- C:\Windows\System\RIOdRWs.exe
  C:\Windows\System\RIOdRWs.exe
  2⤵
  PID:2152
- C:\Windows\System\rePcmfi.exe
  C:\Windows\System\rePcmfi.exe
  2⤵
  PID:5724
- C:\Windows\System\kVmihSl.exe
  C:\Windows\System\kVmihSl.exe
  2⤵
  PID:5280
- C:\Windows\System\uzZapYN.exe
  C:\Windows\System\uzZapYN.exe
  2⤵
  PID:4480
- C:\Windows\System\yDOZNxH.exe
  C:\Windows\System\yDOZNxH.exe
  2⤵
  PID:5776
- C:\Windows\System\jXOLqFb.exe
  C:\Windows\System\jXOLqFb.exe
  2⤵
  PID:5840
- C:\Windows\System\KKJuGQP.exe
  C:\Windows\System\KKJuGQP.exe
  2⤵
  PID:1120
- C:\Windows\System\hOorDjn.exe
  C:\Windows\System\hOorDjn.exe
  2⤵
  PID:2272
- C:\Windows\System\sUKMykv.exe
  C:\Windows\System\sUKMykv.exe
  2⤵
  PID:3516
- C:\Windows\System\DNbxkOa.exe
  C:\Windows\System\DNbxkOa.exe
  2⤵
  PID:2784
- C:\Windows\System\Mhmhmdp.exe
  C:\Windows\System\Mhmhmdp.exe
  2⤵
  PID:5984
- C:\Windows\System\wnATPgx.exe
  C:\Windows\System\wnATPgx.exe
  2⤵
  PID:6156
- C:\Windows\System\riVwXYL.exe
  C:\Windows\System\riVwXYL.exe
  2⤵
  PID:6172
- C:\Windows\System\DvTlAgp.exe
  C:\Windows\System\DvTlAgp.exe
  2⤵
  PID:6188
- C:\Windows\System\yWdyCDg.exe
  C:\Windows\System\yWdyCDg.exe
  2⤵
  PID:6216
- C:\Windows\System\ECVdOVI.exe
  C:\Windows\System\ECVdOVI.exe
  2⤵
  PID:6236
- C:\Windows\System\Nulknwo.exe
  C:\Windows\System\Nulknwo.exe
  2⤵
  PID:6256
- C:\Windows\System\EuDRkcq.exe
  C:\Windows\System\EuDRkcq.exe
  2⤵
  PID:6280
- C:\Windows\System\BTEgSTp.exe
  C:\Windows\System\BTEgSTp.exe
  2⤵
  PID:6296
- C:\Windows\System\JPTUxYs.exe
  C:\Windows\System\JPTUxYs.exe
  2⤵
  PID:6316
- C:\Windows\System\QEjgNGi.exe
  C:\Windows\System\QEjgNGi.exe
  2⤵
  PID:6336
- C:\Windows\System\xUPdJjB.exe
  C:\Windows\System\xUPdJjB.exe
  2⤵
  PID:6352
- C:\Windows\System\xNLsrHn.exe
  C:\Windows\System\xNLsrHn.exe
  2⤵
  PID:6368
- C:\Windows\System\HCQEEgw.exe
  C:\Windows\System\HCQEEgw.exe
  2⤵
  PID:6392
- C:\Windows\System\BKvzgTi.exe
  C:\Windows\System\BKvzgTi.exe
  2⤵
  PID:6408
- C:\Windows\System\otPRuuA.exe
  C:\Windows\System\otPRuuA.exe
  2⤵
  PID:6424
- C:\Windows\System\WFBgNKX.exe
  C:\Windows\System\WFBgNKX.exe
  2⤵
  PID:6440
- C:\Windows\System\CjxUjqW.exe
  C:\Windows\System\CjxUjqW.exe
  2⤵
  PID:6472
- C:\Windows\System\ahtHZqB.exe
  C:\Windows\System\ahtHZqB.exe
  2⤵
  PID:6492
- C:\Windows\System\CPCKbsD.exe
  C:\Windows\System\CPCKbsD.exe
  2⤵
  PID:6512
- C:\Windows\System\PUfcbkZ.exe
  C:\Windows\System\PUfcbkZ.exe
  2⤵
  PID:6532
- C:\Windows\System\GUgAOtV.exe
  C:\Windows\System\GUgAOtV.exe
  2⤵
  PID:6552
- C:\Windows\System\EIePkAZ.exe
  C:\Windows\System\EIePkAZ.exe
  2⤵
  PID:6572
- C:\Windows\System\QAdNqXW.exe
  C:\Windows\System\QAdNqXW.exe
  2⤵
  PID:6592
- C:\Windows\System\HfkAGxj.exe
  C:\Windows\System\HfkAGxj.exe
  2⤵
  PID:6608
- C:\Windows\System\pRmCZYp.exe
  C:\Windows\System\pRmCZYp.exe
  2⤵
  PID:6632
- C:\Windows\System\gxbogCO.exe
  C:\Windows\System\gxbogCO.exe
  2⤵
  PID:6656
- C:\Windows\System\bgIXlLO.exe
  C:\Windows\System\bgIXlLO.exe
  2⤵
  PID:6676
- C:\Windows\System\jKIQoZn.exe
  C:\Windows\System\jKIQoZn.exe
  2⤵
  PID:6696
- C:\Windows\System\jFQBgVv.exe
  C:\Windows\System\jFQBgVv.exe
  2⤵
  PID:6712
- C:\Windows\System\StiUtPI.exe
  C:\Windows\System\StiUtPI.exe
  2⤵
  PID:6732
- C:\Windows\System\UwILuKk.exe
  C:\Windows\System\UwILuKk.exe
  2⤵
  PID:6752
- C:\Windows\System\BoqIftt.exe
  C:\Windows\System\BoqIftt.exe
  2⤵
  PID:6788
- C:\Windows\System\EZHviDB.exe
  C:\Windows\System\EZHviDB.exe
  2⤵
  PID:6808
- C:\Windows\System\EcWqwLf.exe
  C:\Windows\System\EcWqwLf.exe
  2⤵
  PID:6828
- C:\Windows\System\MfbscpK.exe
  C:\Windows\System\MfbscpK.exe
  2⤵
  PID:6844
- C:\Windows\System\YpKsVKh.exe
  C:\Windows\System\YpKsVKh.exe
  2⤵
  PID:6860
- C:\Windows\System\jnTfHyY.exe
  C:\Windows\System\jnTfHyY.exe
  2⤵
  PID:6876
- C:\Windows\System\CIqnDDP.exe
  C:\Windows\System\CIqnDDP.exe
  2⤵
  PID:6912
- C:\Windows\System\SborMFL.exe
  C:\Windows\System\SborMFL.exe
  2⤵
  PID:6928
- C:\Windows\System\IhlyNvk.exe
  C:\Windows\System\IhlyNvk.exe
  2⤵
  PID:6948
- C:\Windows\System\ofEOQpQ.exe
  C:\Windows\System\ofEOQpQ.exe
  2⤵
  PID:6964
- C:\Windows\System\poUNrbn.exe
  C:\Windows\System\poUNrbn.exe
  2⤵
  PID:6980
- C:\Windows\System\XVEskKg.exe
  C:\Windows\System\XVEskKg.exe
  2⤵
  PID:7000
- C:\Windows\System\JJkpSjd.exe
  C:\Windows\System\JJkpSjd.exe
  2⤵
  PID:7028
- C:\Windows\System\eBHIpan.exe
  C:\Windows\System\eBHIpan.exe
  2⤵
  PID:7048
- C:\Windows\System\BwgzYtB.exe
  C:\Windows\System\BwgzYtB.exe
  2⤵
  PID:7068
- C:\Windows\System\xIrRjNO.exe
  C:\Windows\System\xIrRjNO.exe
  2⤵
  PID:7084
- C:\Windows\System\VUtLZpt.exe
  C:\Windows\System\VUtLZpt.exe
  2⤵
  PID:7100
- C:\Windows\System\egTRwDl.exe
  C:\Windows\System\egTRwDl.exe
  2⤵
  PID:7124
- C:\Windows\System\ERJsElJ.exe
  C:\Windows\System\ERJsElJ.exe
  2⤵
  PID:7140
- C:\Windows\System\qdCdGjR.exe
  C:\Windows\System\qdCdGjR.exe
  2⤵
  PID:7156
- C:\Windows\System\xjLsqxL.exe
  C:\Windows\System\xjLsqxL.exe
  2⤵
  PID:2132
- C:\Windows\System\avotQXl.exe
  C:\Windows\System\avotQXl.exe
  2⤵
  PID:4240
- C:\Windows\System\pyYJatM.exe
  C:\Windows\System\pyYJatM.exe
  2⤵
  PID:5272
- C:\Windows\System\NbyfpcX.exe
  C:\Windows\System\NbyfpcX.exe
  2⤵
  PID:6212
- C:\Windows\System\YSFYuNe.exe
  C:\Windows\System\YSFYuNe.exe
  2⤵
  PID:6228
- C:\Windows\System\qNMORnS.exe
  C:\Windows\System\qNMORnS.exe
  2⤵
  PID:1644
- C:\Windows\System\JbpUqAt.exe
  C:\Windows\System\JbpUqAt.exe
  2⤵
  PID:6264
- C:\Windows\System\ZcrygWv.exe
  C:\Windows\System\ZcrygWv.exe
  2⤵
  PID:6180
- C:\Windows\System\xKxwfHb.exe
  C:\Windows\System\xKxwfHb.exe
  2⤵
  PID:6380
- C:\Windows\System\fDLruaC.exe
  C:\Windows\System\fDLruaC.exe
  2⤵
  PID:6488
- C:\Windows\System\KtXgMYT.exe
  C:\Windows\System\KtXgMYT.exe
  2⤵
  PID:6456
- C:\Windows\System\YaFFVmp.exe
  C:\Windows\System\YaFFVmp.exe
  2⤵
  PID:6308
- C:\Windows\System\RuRSrNz.exe
  C:\Windows\System\RuRSrNz.exe
  2⤵
  PID:6388
- C:\Windows\System\nDYDifE.exe
  C:\Windows\System\nDYDifE.exe
  2⤵
  PID:6564
- C:\Windows\System\JniLtew.exe
  C:\Windows\System\JniLtew.exe
  2⤵
  PID:6584
- C:\Windows\System\vbuVsvM.exe
  C:\Windows\System\vbuVsvM.exe
  2⤵
  PID:6616
- C:\Windows\System\xHJaWJi.exe
  C:\Windows\System\xHJaWJi.exe
  2⤵
  PID:6508
- C:\Windows\System\dmDoHyK.exe
  C:\Windows\System\dmDoHyK.exe
  2⤵
  PID:6604
- C:\Windows\System\HGbAYKq.exe
  C:\Windows\System\HGbAYKq.exe
  2⤵
  PID:6692
- C:\Windows\System\VLmxddv.exe
  C:\Windows\System\VLmxddv.exe
  2⤵
  PID:6724
- C:\Windows\System\GgFzSJb.exe
  C:\Windows\System\GgFzSJb.exe
  2⤵
  PID:6664
- C:\Windows\System\cYDNuXF.exe
  C:\Windows\System\cYDNuXF.exe
  2⤵
  PID:6816
- C:\Windows\System\dFqYmuu.exe
  C:\Windows\System\dFqYmuu.exe
  2⤵
  PID:6904
- C:\Windows\System\gtIcLtL.exe
  C:\Windows\System\gtIcLtL.exe
  2⤵
  PID:6900
- C:\Windows\System\vwEXOOS.exe
  C:\Windows\System\vwEXOOS.exe
  2⤵
  PID:6944
- C:\Windows\System\GdqVpjP.exe
  C:\Windows\System\GdqVpjP.exe
  2⤵
  PID:6804
- C:\Windows\System\azIILrx.exe
  C:\Windows\System\azIILrx.exe
  2⤵
  PID:6988
- C:\Windows\System\ChJBbNx.exe
  C:\Windows\System\ChJBbNx.exe
  2⤵
  PID:7012
- C:\Windows\System\DNuQxha.exe
  C:\Windows\System\DNuQxha.exe
  2⤵
  PID:7040
- C:\Windows\System\CIrhMuu.exe
  C:\Windows\System\CIrhMuu.exe
  2⤵
  PID:7148
- C:\Windows\System\ajaFVKx.exe
  C:\Windows\System\ajaFVKx.exe
  2⤵
  PID:7096
- C:\Windows\System\PygriHb.exe
  C:\Windows\System\PygriHb.exe
  2⤵
  PID:6244
- C:\Windows\System\roPAgJR.exe
  C:\Windows\System\roPAgJR.exe
  2⤵
  PID:2804
- C:\Windows\System\AUNAeDF.exe
  C:\Windows\System\AUNAeDF.exe
  2⤵
  PID:7116
- C:\Windows\System\OBSJbLM.exe
  C:\Windows\System\OBSJbLM.exe
  2⤵
  PID:6360
- C:\Windows\System\OGAkqLo.exe
  C:\Windows\System\OGAkqLo.exe
  2⤵
  PID:6452
- C:\Windows\System\mVZtjBv.exe
  C:\Windows\System\mVZtjBv.exe
  2⤵
  PID:6464
- C:\Windows\System\BEKGWxf.exe
  C:\Windows\System\BEKGWxf.exe
  2⤵
  PID:6324
- C:\Windows\System\LIHgupC.exe
  C:\Windows\System\LIHgupC.exe
  2⤵
  PID:6208
- C:\Windows\System\dYqiETT.exe
  C:\Windows\System\dYqiETT.exe
  2⤵
  PID:6784
- C:\Windows\System\KrAaVGj.exe
  C:\Windows\System\KrAaVGj.exe
  2⤵
  PID:6468
- C:\Windows\System\vunJaSF.exe
  C:\Windows\System\vunJaSF.exe
  2⤵
  PID:6384
- C:\Windows\System\znffHJQ.exe
  C:\Windows\System\znffHJQ.exe
  2⤵
  PID:6780
- C:\Windows\System\ekggiOl.exe
  C:\Windows\System\ekggiOl.exe
  2⤵
  PID:6416
- C:\Windows\System\jgKFShi.exe
  C:\Windows\System\jgKFShi.exe
  2⤵
  PID:6840
- C:\Windows\System\RVZgTrr.exe
  C:\Windows\System\RVZgTrr.exe
  2⤵
  PID:6888
- C:\Windows\System\wFygyuc.exe
  C:\Windows\System\wFygyuc.exe
  2⤵
  PID:6892
- C:\Windows\System\MIVPDlp.exe
  C:\Windows\System\MIVPDlp.exe
  2⤵
  PID:6972
- C:\Windows\System\oFdaDES.exe
  C:\Windows\System\oFdaDES.exe
  2⤵
  PID:6940
- C:\Windows\System\YFtiZOc.exe
  C:\Windows\System\YFtiZOc.exe
  2⤵
  PID:6996
- C:\Windows\System\iIqxbtY.exe
  C:\Windows\System\iIqxbtY.exe
  2⤵
  PID:6924
- C:\Windows\System\WJAbBEF.exe
  C:\Windows\System\WJAbBEF.exe
  2⤵
  PID:7132
- C:\Windows\System\nGFvBqx.exe
  C:\Windows\System\nGFvBqx.exe
  2⤵
  PID:6332
- C:\Windows\System\jukbWeW.exe
  C:\Windows\System\jukbWeW.exe
  2⤵
  PID:2744
- C:\Windows\System\SjIvJWp.exe
  C:\Windows\System\SjIvJWp.exe
  2⤵
  PID:6204
- C:\Windows\System\iNqhbXg.exe
  C:\Windows\System\iNqhbXg.exe
  2⤵
  PID:6568
- C:\Windows\System\yCYodkp.exe
  C:\Windows\System\yCYodkp.exe
  2⤵
  PID:6484
- C:\Windows\System\HJAgGCq.exe
  C:\Windows\System\HJAgGCq.exe
  2⤵
  PID:308
- C:\Windows\System\lSybgjV.exe
  C:\Windows\System\lSybgjV.exe
  2⤵
  PID:1016
- C:\Windows\System\NjHbvLS.exe
  C:\Windows\System\NjHbvLS.exe
  2⤵
  PID:1940
- C:\Windows\System\CCzEOfZ.exe
  C:\Windows\System\CCzEOfZ.exe
  2⤵
  PID:6344
- C:\Windows\System\SxWgjQg.exe
  C:\Windows\System\SxWgjQg.exe
  2⤵
  PID:6776
- C:\Windows\System\nQdMrOJ.exe
  C:\Windows\System\nQdMrOJ.exe
  2⤵
  PID:6744
- C:\Windows\System\uJzQEvR.exe
  C:\Windows\System\uJzQEvR.exe
  2⤵
  PID:2588
- C:\Windows\System\DauyRjS.exe
  C:\Windows\System\DauyRjS.exe
  2⤵
  PID:6920
- C:\Windows\System\UtSCqQf.exe
  C:\Windows\System\UtSCqQf.exe
  2⤵
  PID:6668
- C:\Windows\System\YqKYwwl.exe
  C:\Windows\System\YqKYwwl.exe
  2⤵
  PID:6956
- C:\Windows\System\eusutGe.exe
  C:\Windows\System\eusutGe.exe
  2⤵
  PID:7136
- C:\Windows\System\NZyAviT.exe
  C:\Windows\System\NZyAviT.exe
  2⤵
  PID:1964
- C:\Windows\System\uVAGjyO.exe
  C:\Windows\System\uVAGjyO.exe
  2⤵
  PID:2516
- C:\Windows\System\KQjNuZI.exe
  C:\Windows\System\KQjNuZI.exe
  2⤵
  PID:6504
- C:\Windows\System\gRaJBqH.exe
  C:\Windows\System\gRaJBqH.exe
  2⤵
  PID:1632
- C:\Windows\System\XMZOViI.exe
  C:\Windows\System\XMZOViI.exe
  2⤵
  PID:6824
- C:\Windows\System\KQMGPIR.exe
  C:\Windows\System\KQMGPIR.exe
  2⤵
  PID:2476
- C:\Windows\System\qYsebBR.exe
  C:\Windows\System\qYsebBR.exe
  2⤵
  PID:7056
- C:\Windows\System\XdAsAuR.exe
  C:\Windows\System\XdAsAuR.exe
  2⤵
  PID:6252
- C:\Windows\System\IYaIYsN.exe
  C:\Windows\System\IYaIYsN.exe
  2⤵
  PID:6400
- C:\Windows\System\CWfGBvZ.exe
  C:\Windows\System\CWfGBvZ.exe
  2⤵
  PID:6304
- C:\Windows\System\QIVzHjF.exe
  C:\Windows\System\QIVzHjF.exe
  2⤵
  PID:6684
- C:\Windows\System\ZUQXzBz.exe
  C:\Windows\System\ZUQXzBz.exe
  2⤵
  PID:2324
- C:\Windows\System\fruCyHd.exe
  C:\Windows\System\fruCyHd.exe
  2⤵
  PID:6600
- C:\Windows\System\bWOciCs.exe
  C:\Windows\System\bWOciCs.exe
  2⤵
  PID:6772
- C:\Windows\System\TZFXOpu.exe
  C:\Windows\System\TZFXOpu.exe
  2⤵
  PID:7092
- C:\Windows\System\pCOlGvS.exe
  C:\Windows\System\pCOlGvS.exe
  2⤵
  PID:2240
- C:\Windows\System\PegjJmY.exe
  C:\Windows\System\PegjJmY.exe
  2⤵
  PID:6624
- C:\Windows\System\igQGkqs.exe
  C:\Windows\System\igQGkqs.exe
  2⤵
  PID:7184
- C:\Windows\System\SqDTdgv.exe
  C:\Windows\System\SqDTdgv.exe
  2⤵
  PID:7212
- C:\Windows\System\xXXyLGt.exe
  C:\Windows\System\xXXyLGt.exe
  2⤵
  PID:7228
- C:\Windows\System\IDlilmb.exe
  C:\Windows\System\IDlilmb.exe
  2⤵
  PID:7248
- C:\Windows\System\NJmAOpj.exe
  C:\Windows\System\NJmAOpj.exe
  2⤵
  PID:7268
- C:\Windows\System\dSCnbsO.exe
  C:\Windows\System\dSCnbsO.exe
  2⤵
  PID:7312
- C:\Windows\System\AnIMmcE.exe
  C:\Windows\System\AnIMmcE.exe
  2⤵
  PID:7328
- C:\Windows\System\kNRSvDw.exe
  C:\Windows\System\kNRSvDw.exe
  2⤵
  PID:7348
- C:\Windows\System\UnhKKjD.exe
  C:\Windows\System\UnhKKjD.exe
  2⤵
  PID:7364
- C:\Windows\System\zaGkDsh.exe
  C:\Windows\System\zaGkDsh.exe
  2⤵
  PID:7384
- C:\Windows\System\BaIpsdr.exe
  C:\Windows\System\BaIpsdr.exe
  2⤵
  PID:7400
- C:\Windows\System\HSIDZzc.exe
  C:\Windows\System\HSIDZzc.exe
  2⤵
  PID:7424
- C:\Windows\System\zgUSizl.exe
  C:\Windows\System\zgUSizl.exe
  2⤵
  PID:7444
- C:\Windows\System\epqGMXd.exe
  C:\Windows\System\epqGMXd.exe
  2⤵
  PID:7468
- C:\Windows\System\rLrSrDp.exe
  C:\Windows\System\rLrSrDp.exe
  2⤵
  PID:7488
- C:\Windows\System\esdoyrI.exe
  C:\Windows\System\esdoyrI.exe
  2⤵
  PID:7512
- C:\Windows\System\MpZeAub.exe
  C:\Windows\System\MpZeAub.exe
  2⤵
  PID:7528
- C:\Windows\System\cPtaIGf.exe
  C:\Windows\System\cPtaIGf.exe
  2⤵
  PID:7552
- C:\Windows\System\pMXvGXR.exe
  C:\Windows\System\pMXvGXR.exe
  2⤵
  PID:7572
- C:\Windows\System\IPUYUcu.exe
  C:\Windows\System\IPUYUcu.exe
  2⤵
  PID:7588
- C:\Windows\System\NzDWzpI.exe
  C:\Windows\System\NzDWzpI.exe
  2⤵
  PID:7612
- C:\Windows\System\vkQynsD.exe
  C:\Windows\System\vkQynsD.exe
  2⤵
  PID:7632
- C:\Windows\System\zjAePeR.exe
  C:\Windows\System\zjAePeR.exe
  2⤵
  PID:7648
- C:\Windows\System\eoUAtnC.exe
  C:\Windows\System\eoUAtnC.exe
  2⤵
  PID:7668
- C:\Windows\System\pXTlJDn.exe
  C:\Windows\System\pXTlJDn.exe
  2⤵
  PID:7692
- C:\Windows\System\FXcEgUJ.exe
  C:\Windows\System\FXcEgUJ.exe
  2⤵
  PID:7712
- C:\Windows\System\wJGEios.exe
  C:\Windows\System\wJGEios.exe
  2⤵
  PID:7728
- C:\Windows\System\UgsrrzU.exe
  C:\Windows\System\UgsrrzU.exe
  2⤵
  PID:7752
- C:\Windows\System\bfiHCVE.exe
  C:\Windows\System\bfiHCVE.exe
  2⤵
  PID:7768
- C:\Windows\System\IGKuAQv.exe
  C:\Windows\System\IGKuAQv.exe
  2⤵
  PID:7788
- C:\Windows\System\RdQqPtl.exe
  C:\Windows\System\RdQqPtl.exe
  2⤵
  PID:7812
- C:\Windows\System\qgreLET.exe
  C:\Windows\System\qgreLET.exe
  2⤵
  PID:7832
- C:\Windows\System\JPNHdoi.exe
  C:\Windows\System\JPNHdoi.exe
  2⤵
  PID:7852
- C:\Windows\System\cWSCSYM.exe
  C:\Windows\System\cWSCSYM.exe
  2⤵
  PID:7880
- C:\Windows\System\fdmbacc.exe
  C:\Windows\System\fdmbacc.exe
  2⤵
  PID:7896
- C:\Windows\System\rqljhqs.exe
  C:\Windows\System\rqljhqs.exe
  2⤵
  PID:7916
- C:\Windows\System\leXBtpa.exe
  C:\Windows\System\leXBtpa.exe
  2⤵
  PID:7932
- C:\Windows\System\sfkmQOf.exe
  C:\Windows\System\sfkmQOf.exe
  2⤵
  PID:7948
- C:\Windows\System\MQPYwjw.exe
  C:\Windows\System\MQPYwjw.exe
  2⤵
  PID:7964
- C:\Windows\System\RdvSukG.exe
  C:\Windows\System\RdvSukG.exe
  2⤵
  PID:7992
- C:\Windows\System\enOPAJY.exe
  C:\Windows\System\enOPAJY.exe
  2⤵
  PID:8008
- C:\Windows\System\qDcqZmS.exe
  C:\Windows\System\qDcqZmS.exe
  2⤵
  PID:8028
- C:\Windows\System\XSCVlhV.exe
  C:\Windows\System\XSCVlhV.exe
  2⤵
  PID:8048
- C:\Windows\System\cfVbYBv.exe
  C:\Windows\System\cfVbYBv.exe
  2⤵
  PID:8068
- C:\Windows\System\IAuMDch.exe
  C:\Windows\System\IAuMDch.exe
  2⤵
  PID:8092
- C:\Windows\System\CagXXYV.exe
  C:\Windows\System\CagXXYV.exe
  2⤵
  PID:8108
- C:\Windows\System\XMPRuEw.exe
  C:\Windows\System\XMPRuEw.exe
  2⤵
  PID:8132
- C:\Windows\System\PAQpiVD.exe
  C:\Windows\System\PAQpiVD.exe
  2⤵
  PID:8152
- C:\Windows\System\ssfhpZf.exe
  C:\Windows\System\ssfhpZf.exe
  2⤵
  PID:8176
- C:\Windows\System\XBGAVaj.exe
  C:\Windows\System\XBGAVaj.exe
  2⤵
  PID:7008
- C:\Windows\System\ggojVRT.exe
  C:\Windows\System\ggojVRT.exe
  2⤵
  PID:6672
- C:\Windows\System\VmRgxWA.exe
  C:\Windows\System\VmRgxWA.exe
  2⤵
  PID:6328
- C:\Windows\System\LJseMJU.exe
  C:\Windows\System\LJseMJU.exe
  2⤵
  PID:7256
- C:\Windows\System\ueVxHeU.exe
  C:\Windows\System\ueVxHeU.exe
  2⤵
  PID:7284
- C:\Windows\System\mjGUXis.exe
  C:\Windows\System\mjGUXis.exe
  2⤵
  PID:7236
- C:\Windows\System\zjhkIqA.exe
  C:\Windows\System\zjhkIqA.exe
  2⤵
  PID:7304
- C:\Windows\System\gvPMOHE.exe
  C:\Windows\System\gvPMOHE.exe
  2⤵
  PID:7308
- C:\Windows\System\bqCGkyf.exe
  C:\Windows\System\bqCGkyf.exe
  2⤵
  PID:7432
- C:\Windows\System\AGgatFD.exe
  C:\Windows\System\AGgatFD.exe
  2⤵
  PID:7484
- C:\Windows\System\YNbtlfz.exe
  C:\Windows\System\YNbtlfz.exe
  2⤵
  PID:7340
- C:\Windows\System\vDcatMG.exe
  C:\Windows\System\vDcatMG.exe
  2⤵
  PID:7408
- C:\Windows\System\jzEdCYU.exe
  C:\Windows\System\jzEdCYU.exe
  2⤵
  PID:7456
- C:\Windows\System\ojCcZdL.exe
  C:\Windows\System\ojCcZdL.exe
  2⤵
  PID:7540
- C:\Windows\System\BgltXty.exe
  C:\Windows\System\BgltXty.exe
  2⤵
  PID:1988
- C:\Windows\System\vvFqMWd.exe
  C:\Windows\System\vvFqMWd.exe
  2⤵
  PID:7608
- C:\Windows\System\dPaDwpg.exe
  C:\Windows\System\dPaDwpg.exe
  2⤵
  PID:6936
- C:\Windows\System\ymwNjBz.exe
  C:\Windows\System\ymwNjBz.exe
  2⤵
  PID:7656
- C:\Windows\System\AwGUCSK.exe
  C:\Windows\System\AwGUCSK.exe
  2⤵
  PID:7684
- C:\Windows\System\eKIkBRX.exe
  C:\Windows\System\eKIkBRX.exe
  2⤵
  PID:7708
- C:\Windows\System\QcwfsBt.exe
  C:\Windows\System\QcwfsBt.exe
  2⤵
  PID:7736
- C:\Windows\System\YrebJot.exe
  C:\Windows\System\YrebJot.exe
  2⤵
  PID:7764
- C:\Windows\System\TShlNrL.exe
  C:\Windows\System\TShlNrL.exe
  2⤵
  PID:7776
- C:\Windows\System\xNPTxxf.exe
  C:\Windows\System\xNPTxxf.exe
  2⤵
  PID:7828
- C:\Windows\System\FRjwRRq.exe
  C:\Windows\System\FRjwRRq.exe
  2⤵
  PID:7860
- C:\Windows\System\EvutsRw.exe
  C:\Windows\System\EvutsRw.exe
  2⤵
  PID:7892
- C:\Windows\System\yrFufpc.exe
  C:\Windows\System\yrFufpc.exe
  2⤵
  PID:7988
- C:\Windows\System\oRpVIiF.exe
  C:\Windows\System\oRpVIiF.exe
  2⤵
  PID:7956
- C:\Windows\System\GUOOqDL.exe
  C:\Windows\System\GUOOqDL.exe
  2⤵
  PID:7960
- C:\Windows\System\uaJVZnL.exe
  C:\Windows\System\uaJVZnL.exe
  2⤵
  PID:8040
- C:\Windows\System\uHHYJIx.exe
  C:\Windows\System\uHHYJIx.exe
  2⤵
  PID:8124
- C:\Windows\System\aCdBGwi.exe
  C:\Windows\System\aCdBGwi.exe
  2⤵
  PID:8160
- C:\Windows\System\eKuappf.exe
  C:\Windows\System\eKuappf.exe
  2⤵
  PID:8020
- C:\Windows\System\tQmxsBo.exe
  C:\Windows\System\tQmxsBo.exe
  2⤵
  PID:8184
- C:\Windows\System\BNcNAin.exe
  C:\Windows\System\BNcNAin.exe
  2⤵
  PID:8140
- C:\Windows\System\shSxHDP.exe
  C:\Windows\System\shSxHDP.exe
  2⤵
  PID:6644
- C:\Windows\System\nPRATso.exe
  C:\Windows\System\nPRATso.exe
  2⤵
  PID:7044
- C:\Windows\System\UkBKoPS.exe
  C:\Windows\System\UkBKoPS.exe
  2⤵
  PID:7180
- C:\Windows\System\aJRpacT.exe
  C:\Windows\System\aJRpacT.exe
  2⤵
  PID:7204
- C:\Windows\System\NophgAx.exe
  C:\Windows\System\NophgAx.exe
  2⤵
  PID:7436
- C:\Windows\System\jasFYJP.exe
  C:\Windows\System\jasFYJP.exe
  2⤵
  PID:7440
- C:\Windows\System\KXxOnCf.exe
  C:\Windows\System\KXxOnCf.exe
  2⤵
  PID:7392
- C:\Windows\System\uKTQcyZ.exe
  C:\Windows\System\uKTQcyZ.exe
  2⤵
  PID:7416
- C:\Windows\System\LHIqDyt.exe
  C:\Windows\System\LHIqDyt.exe
  2⤵
  PID:2460
- C:\Windows\System\pjiGSrt.exe
  C:\Windows\System\pjiGSrt.exe
  2⤵
  PID:7568
- C:\Windows\System\gULCTJf.exe
  C:\Windows\System\gULCTJf.exe
  2⤵
  PID:7536
- C:\Windows\System\cSobNhx.exe
  C:\Windows\System\cSobNhx.exe
  2⤵
  PID:7700
- C:\Windows\System\azyzhew.exe
  C:\Windows\System\azyzhew.exe
  2⤵
  PID:8088
- C:\Windows\System\gBXfrwy.exe
  C:\Windows\System\gBXfrwy.exe
  2⤵
  PID:8076
- C:\Windows\System\JuMXjKc.exe
  C:\Windows\System\JuMXjKc.exe
  2⤵
  PID:8100
- C:\Windows\System\TwbVexM.exe
  C:\Windows\System\TwbVexM.exe
  2⤵
  PID:6480
- C:\Windows\System\MTogEmi.exe
  C:\Windows\System\MTogEmi.exe
  2⤵
  PID:7176
- C:\Windows\System\aueBGCE.exe
  C:\Windows\System\aueBGCE.exe
  2⤵
  PID:1804
- C:\Windows\System\qIAlWzA.exe
  C:\Windows\System\qIAlWzA.exe
  2⤵
  PID:7280
- C:\Windows\System\YgMaFAy.exe
  C:\Windows\System\YgMaFAy.exe
  2⤵
  PID:7520
- C:\Windows\System\BVexxHz.exe
  C:\Windows\System\BVexxHz.exe
  2⤵
  PID:7380
- C:\Windows\System\LyEGmEu.exe
  C:\Windows\System\LyEGmEu.exe
  2⤵
  PID:7208
- C:\Windows\System\onvQhve.exe
  C:\Windows\System\onvQhve.exe
  2⤵
  PID:7644
- C:\Windows\System\xoQIVMW.exe
  C:\Windows\System\xoQIVMW.exe
  2⤵
  PID:8036
- C:\Windows\System\hIIAXig.exe
  C:\Windows\System\hIIAXig.exe
  2⤵
  PID:7912
- C:\Windows\System\bLHpApf.exe
  C:\Windows\System\bLHpApf.exe
  2⤵
  PID:7720
- C:\Windows\System\mhGjVzH.exe
  C:\Windows\System\mhGjVzH.exe
  2⤵
  PID:7844
- C:\Windows\System\TTZUEvU.exe
  C:\Windows\System\TTZUEvU.exe
  2⤵
  PID:7984
- C:\Windows\System\iOrAsiL.exe
  C:\Windows\System\iOrAsiL.exe
  2⤵
  PID:7544
- C:\Windows\System\qvMhrgx.exe
  C:\Windows\System\qvMhrgx.exe
  2⤵
  PID:7820
- C:\Windows\System\BaMGsLb.exe
  C:\Windows\System\BaMGsLb.exe
  2⤵
  PID:8164
- C:\Windows\System\NpptVnK.exe
  C:\Windows\System\NpptVnK.exe
  2⤵
  PID:7800
- C:\Windows\System\soRDcwf.exe
  C:\Windows\System\soRDcwf.exe
  2⤵
  PID:6404
- C:\Windows\System\JbKrAAm.exe
  C:\Windows\System\JbKrAAm.exe
  2⤵
  PID:7680
- C:\Windows\System\IsRSnYA.exe
  C:\Windows\System\IsRSnYA.exe
  2⤵
  PID:7980
- C:\Windows\System\cLaKTmn.exe
  C:\Windows\System\cLaKTmn.exe
  2⤵
  PID:7904
- C:\Windows\System\IfsDEtJ.exe
  C:\Windows\System\IfsDEtJ.exe
  2⤵
  PID:7944
- C:\Windows\System\khVtAsV.exe
  C:\Windows\System\khVtAsV.exe
  2⤵
  PID:7744
- C:\Windows\System\wQVUqAW.exe
  C:\Windows\System\wQVUqAW.exe
  2⤵
  PID:7676
- C:\Windows\System\UasUIWj.exe
  C:\Windows\System\UasUIWj.exe
  2⤵
  PID:7220
- C:\Windows\System\TFzCLkA.exe
  C:\Windows\System\TFzCLkA.exe
  2⤵
  PID:7928
- C:\Windows\System\izmgmvF.exe
  C:\Windows\System\izmgmvF.exe
  2⤵
  PID:7476
- C:\Windows\System\uwVLJNi.exe
  C:\Windows\System\uwVLJNi.exe
  2⤵
  PID:7780
- C:\Windows\System\JyYosrY.exe
  C:\Windows\System\JyYosrY.exe
  2⤵
  PID:8196
- C:\Windows\System\koZmROg.exe
  C:\Windows\System\koZmROg.exe
  2⤵
  PID:8212
- C:\Windows\System\xRrNmVk.exe
  C:\Windows\System\xRrNmVk.exe
  2⤵
  PID:8228
- C:\Windows\System\YtTxODl.exe
  C:\Windows\System\YtTxODl.exe
  2⤵
  PID:8244
- C:\Windows\System\TrfqHXw.exe
  C:\Windows\System\TrfqHXw.exe
  2⤵
  PID:8260
- C:\Windows\System\rIQOkUP.exe
  C:\Windows\System\rIQOkUP.exe
  2⤵
  PID:8276
- C:\Windows\System\hYOGzTj.exe
  C:\Windows\System\hYOGzTj.exe
  2⤵
  PID:8292
- C:\Windows\System\YnVOecs.exe
  C:\Windows\System\YnVOecs.exe
  2⤵
  PID:8308
- C:\Windows\System\PIgSieh.exe
  C:\Windows\System\PIgSieh.exe
  2⤵
  PID:8324
- C:\Windows\System\OCNbNHs.exe
  C:\Windows\System\OCNbNHs.exe
  2⤵
  PID:8340
- C:\Windows\System\kVbXJdm.exe
  C:\Windows\System\kVbXJdm.exe
  2⤵
  PID:8360
- C:\Windows\System\AIOKQLI.exe
  C:\Windows\System\AIOKQLI.exe
  2⤵
  PID:8376
- C:\Windows\System\oaatHsm.exe
  C:\Windows\System\oaatHsm.exe
  2⤵
  PID:8392
- C:\Windows\System\hjMCKHF.exe
  C:\Windows\System\hjMCKHF.exe
  2⤵
  PID:8408
- C:\Windows\System\FpDLBok.exe
  C:\Windows\System\FpDLBok.exe
  2⤵
  PID:8424
- C:\Windows\System\lIQaMhE.exe
  C:\Windows\System\lIQaMhE.exe
  2⤵
  PID:8440
- C:\Windows\System\MfHerAO.exe
  C:\Windows\System\MfHerAO.exe
  2⤵
  PID:8456
- C:\Windows\System\HpdsefH.exe
  C:\Windows\System\HpdsefH.exe
  2⤵
  PID:8472
- C:\Windows\System\lvxLIPM.exe
  C:\Windows\System\lvxLIPM.exe
  2⤵
  PID:8488
- C:\Windows\System\XybFMim.exe
  C:\Windows\System\XybFMim.exe
  2⤵
  PID:8504
- C:\Windows\System\ZmAicde.exe
  C:\Windows\System\ZmAicde.exe
  2⤵
  PID:8520
- C:\Windows\System\gwqROzW.exe
  C:\Windows\System\gwqROzW.exe
  2⤵
  PID:8536
- C:\Windows\System\xePGlgT.exe
  C:\Windows\System\xePGlgT.exe
  2⤵
  PID:8552
- C:\Windows\System\rEGTPZC.exe
  C:\Windows\System\rEGTPZC.exe
  2⤵
  PID:8568
- C:\Windows\System\nXDbHIE.exe
  C:\Windows\System\nXDbHIE.exe
  2⤵
  PID:8584
- C:\Windows\System\zrThVJV.exe
  C:\Windows\System\zrThVJV.exe
  2⤵
  PID:8600
- C:\Windows\System\HluATME.exe
  C:\Windows\System\HluATME.exe
  2⤵
  PID:8616
- C:\Windows\System\EVaKEOP.exe
  C:\Windows\System\EVaKEOP.exe
  2⤵
  PID:8632
- C:\Windows\System\wqSNBrM.exe
  C:\Windows\System\wqSNBrM.exe
  2⤵
  PID:8648
- C:\Windows\System\rDVCqax.exe
  C:\Windows\System\rDVCqax.exe
  2⤵
  PID:8668
- C:\Windows\System\qzrutjo.exe
  C:\Windows\System\qzrutjo.exe
  2⤵
  PID:8684
- C:\Windows\System\yqTczvj.exe
  C:\Windows\System\yqTczvj.exe
  2⤵
  PID:8700
- C:\Windows\System\yxKlyIH.exe
  C:\Windows\System\yxKlyIH.exe
  2⤵
  PID:8716
- C:\Windows\System\mWPzmEE.exe
  C:\Windows\System\mWPzmEE.exe
  2⤵
  PID:8732
- C:\Windows\System\QSlmWzt.exe
  C:\Windows\System\QSlmWzt.exe
  2⤵
  PID:8752
- C:\Windows\System\knZMTgM.exe
  C:\Windows\System\knZMTgM.exe
  2⤵
  PID:8776
- C:\Windows\System\uJsjsIi.exe
  C:\Windows\System\uJsjsIi.exe
  2⤵
  PID:8792
- C:\Windows\System\QhPFbWT.exe
  C:\Windows\System\QhPFbWT.exe
  2⤵
  PID:8824
- C:\Windows\System\MwxwJyK.exe
  C:\Windows\System\MwxwJyK.exe
  2⤵
  PID:8844
- C:\Windows\System\TbNZNYy.exe
  C:\Windows\System\TbNZNYy.exe
  2⤵
  PID:8860
- C:\Windows\System\doIQrqP.exe
  C:\Windows\System\doIQrqP.exe
  2⤵
  PID:8884
- C:\Windows\System\PZzLoOn.exe
  C:\Windows\System\PZzLoOn.exe
  2⤵
  PID:8908
- C:\Windows\System\VOrPypD.exe
  C:\Windows\System\VOrPypD.exe
  2⤵
  PID:8924
- C:\Windows\System\LkvUtTe.exe
  C:\Windows\System\LkvUtTe.exe
  2⤵
  PID:8940
- C:\Windows\System\EiHBHPA.exe
  C:\Windows\System\EiHBHPA.exe
  2⤵
  PID:8956
- C:\Windows\System\EEoSOmW.exe
  C:\Windows\System\EEoSOmW.exe
  2⤵
  PID:9000
- C:\Windows\System\koRbJOP.exe
  C:\Windows\System\koRbJOP.exe
  2⤵
  PID:9020
- C:\Windows\System\IgNsVHl.exe
  C:\Windows\System\IgNsVHl.exe
  2⤵
  PID:9040
- C:\Windows\System\rvQpmEt.exe
  C:\Windows\System\rvQpmEt.exe
  2⤵
  PID:9060
- C:\Windows\System\fqDXVvd.exe
  C:\Windows\System\fqDXVvd.exe
  2⤵
  PID:9076
- C:\Windows\System\RdsvsSg.exe
  C:\Windows\System\RdsvsSg.exe
  2⤵
  PID:9096
- C:\Windows\System\PaGHiTr.exe
  C:\Windows\System\PaGHiTr.exe
  2⤵
  PID:9112
- C:\Windows\System\lgNJKoS.exe
  C:\Windows\System\lgNJKoS.exe
  2⤵
  PID:9128
- C:\Windows\System\vityTVe.exe
  C:\Windows\System\vityTVe.exe
  2⤵
  PID:9144
- C:\Windows\System\fTjlmLm.exe
  C:\Windows\System\fTjlmLm.exe
  2⤵
  PID:9160
- C:\Windows\System\RzHpdmX.exe
  C:\Windows\System\RzHpdmX.exe
  2⤵
  PID:9176
- C:\Windows\System\qPCtxBd.exe
  C:\Windows\System\qPCtxBd.exe
  2⤵
  PID:9192
- C:\Windows\System\EuQsrms.exe
  C:\Windows\System\EuQsrms.exe
  2⤵
  PID:9208
- C:\Windows\System\CxbHfdy.exe
  C:\Windows\System\CxbHfdy.exe
  2⤵
  PID:7888
- C:\Windows\System\NPRWCeC.exe
  C:\Windows\System\NPRWCeC.exe
  2⤵
  PID:7924
- C:\Windows\System\vFtSADx.exe
  C:\Windows\System\vFtSADx.exe
  2⤵
  PID:8236
- C:\Windows\System\krxLMsL.exe
  C:\Windows\System\krxLMsL.exe
  2⤵
  PID:8268
- C:\Windows\System\gipiAwP.exe
  C:\Windows\System\gipiAwP.exe
  2⤵
  PID:8272
- C:\Windows\System\PmlRSoL.exe
  C:\Windows\System\PmlRSoL.exe
  2⤵
  PID:8336
- C:\Windows\System\KiiRlUq.exe
  C:\Windows\System\KiiRlUq.exe
  2⤵
  PID:8372
- C:\Windows\System\vsKiGIR.exe
  C:\Windows\System\vsKiGIR.exe
  2⤵
  PID:8404
- C:\Windows\System\GknNvfl.exe
  C:\Windows\System\GknNvfl.exe
  2⤵
  PID:8480
- C:\Windows\System\IQtTUsI.exe
  C:\Windows\System\IQtTUsI.exe
  2⤵
  PID:8516
- C:\Windows\System\WlsYOIH.exe
  C:\Windows\System\WlsYOIH.exe
  2⤵
  PID:8560
- C:\Windows\System\mGGaRpY.exe
  C:\Windows\System\mGGaRpY.exe
  2⤵
  PID:8592
- C:\Windows\System\OLpQyaG.exe
  C:\Windows\System\OLpQyaG.exe
  2⤵
  PID:8644
- C:\Windows\System\XFokolW.exe
  C:\Windows\System\XFokolW.exe
  2⤵
  PID:8500
- C:\Windows\System\gaNRCAU.exe
  C:\Windows\System\gaNRCAU.exe
  2⤵
  PID:8680
- C:\Windows\System\mhHDSyA.exe
  C:\Windows\System\mhHDSyA.exe
  2⤵
  PID:8744
- C:\Windows\System\cydKNDv.exe
  C:\Windows\System\cydKNDv.exe
  2⤵
  PID:7464
- C:\Windows\System\eOROnBN.exe
  C:\Windows\System\eOROnBN.exe
  2⤵
  PID:8760
- C:\Windows\System\RkzPvIP.exe
  C:\Windows\System\RkzPvIP.exe
  2⤵
  PID:8724
- C:\Windows\System\IiZNXbe.exe
  C:\Windows\System\IiZNXbe.exe
  2⤵
  PID:8804
- C:\Windows\System\TwbeFaL.exe
  C:\Windows\System\TwbeFaL.exe
  2⤵
  PID:8892
- C:\Windows\System\zMPcQOn.exe
  C:\Windows\System\zMPcQOn.exe
  2⤵
  PID:8904
- C:\Windows\System\roZpEub.exe
  C:\Windows\System\roZpEub.exe
  2⤵
  PID:8968
- C:\Windows\System\waVOXWl.exe
  C:\Windows\System\waVOXWl.exe
  2⤵
  PID:8952
- C:\Windows\System\tviefMh.exe
  C:\Windows\System\tviefMh.exe
  2⤵
  PID:8988
- C:\Windows\System\ybGXMpY.exe
  C:\Windows\System\ybGXMpY.exe
  2⤵
  PID:9028
- C:\Windows\System\cKlbCon.exe
  C:\Windows\System\cKlbCon.exe
  2⤵
  PID:9048
- C:\Windows\System\dPdjJSS.exe
  C:\Windows\System\dPdjJSS.exe
  2⤵
  PID:9072
- C:\Windows\System\DqgbEVc.exe
  C:\Windows\System\DqgbEVc.exe
  2⤵
  PID:9124
- C:\Windows\System\KCennrk.exe
  C:\Windows\System\KCennrk.exe
  2⤵
  PID:9088
- C:\Windows\System\hNLDriI.exe
  C:\Windows\System\hNLDriI.exe
  2⤵
  PID:9188
- C:\Windows\System\gNxpePX.exe
  C:\Windows\System\gNxpePX.exe
  2⤵
  PID:9200
- C:\Windows\System\HsHMmCG.exe
  C:\Windows\System\HsHMmCG.exe
  2⤵
  PID:7372
- C:\Windows\System\UMtokVe.exe
  C:\Windows\System\UMtokVe.exe
  2⤵
  PID:7548
- C:\Windows\System\xVNBULB.exe
  C:\Windows\System\xVNBULB.exe
  2⤵
  PID:6448
- C:\Windows\System\ZzkcFNy.exe
  C:\Windows\System\ZzkcFNy.exe
  2⤵
  PID:8320
- C:\Windows\System\KJHOJka.exe
  C:\Windows\System\KJHOJka.exe
  2⤵
  PID:8368
- C:\Windows\System\aavTVRN.exe
  C:\Windows\System\aavTVRN.exe
  2⤵
  PID:8432
- C:\Windows\System\NdrhGCh.exe
  C:\Windows\System\NdrhGCh.exe
  2⤵
  PID:8004
- C:\Windows\System\pjQfRIm.exe
  C:\Windows\System\pjQfRIm.exe
  2⤵
  PID:8452
- C:\Windows\System\hDdKtgo.exe
  C:\Windows\System\hDdKtgo.exe
  2⤵
  PID:8528
- C:\Windows\System\kFDjnMU.exe
  C:\Windows\System\kFDjnMU.exe
  2⤵
  PID:8532
- C:\Windows\System\sQpsYPT.exe
  C:\Windows\System\sQpsYPT.exe
  2⤵
  PID:8660
- C:\Windows\System\tHlfIxz.exe
  C:\Windows\System\tHlfIxz.exe
  2⤵
  PID:8832
- C:\Windows\System\coPTaHD.exe
  C:\Windows\System\coPTaHD.exe
  2⤵
  PID:8764
- C:\Windows\System\gYhJtBu.exe
  C:\Windows\System\gYhJtBu.exe
  2⤵
  PID:8768
- C:\Windows\System\aZyzVbQ.exe
  C:\Windows\System\aZyzVbQ.exe
  2⤵
  PID:8880
- C:\Windows\System\dYrpwNq.exe
  C:\Windows\System\dYrpwNq.exe
  2⤵
  PID:8692
- C:\Windows\System\ovkWqAc.exe
  C:\Windows\System\ovkWqAc.exe
  2⤵
  PID:8964
- C:\Windows\System\zngiotD.exe
  C:\Windows\System\zngiotD.exe
  2⤵
  PID:8976
- C:\Windows\System\TkGRiLP.exe
  C:\Windows\System\TkGRiLP.exe
  2⤵
  PID:9108
- C:\Windows\System\HlbOxGl.exe
  C:\Windows\System\HlbOxGl.exe
  2⤵
  PID:9104
- C:\Windows\System\XLctMUl.exe
  C:\Windows\System\XLctMUl.exe
  2⤵
  PID:9156
- C:\Windows\System\WiQJJvF.exe
  C:\Windows\System\WiQJJvF.exe
  2⤵
  PID:9120
- C:\Windows\System\dkhfSEu.exe
  C:\Windows\System\dkhfSEu.exe
  2⤵
  PID:9204
- C:\Windows\System\XxvlWIt.exe
  C:\Windows\System\XxvlWIt.exe
  2⤵
  PID:8204
- C:\Windows\System\KhOKBWr.exe
  C:\Windows\System\KhOKBWr.exe
  2⤵
  PID:8384
- C:\Windows\System\PmyxbVk.exe
  C:\Windows\System\PmyxbVk.exe
  2⤵
  PID:8580
- C:\Windows\System\gpmGNeA.exe
  C:\Windows\System\gpmGNeA.exe
  2⤵
  PID:8788
- C:\Windows\System\eCHvdiN.exe
  C:\Windows\System\eCHvdiN.exe
  2⤵
  PID:8808
- C:\Windows\System\UFBmCuA.exe
  C:\Windows\System\UFBmCuA.exe
  2⤵
  PID:8576
- C:\Windows\System\CpSbfcY.exe
  C:\Windows\System\CpSbfcY.exe
  2⤵
  PID:8640
- C:\Windows\System\JTsBDfk.exe
  C:\Windows\System\JTsBDfk.exe
  2⤵
  PID:9032
- C:\Windows\System\nEACfhi.exe
  C:\Windows\System\nEACfhi.exe
  2⤵
  PID:9036
- C:\Windows\System\uJOuVAo.exe
  C:\Windows\System\uJOuVAo.exe
  2⤵
  PID:9012
- C:\Windows\System\MSnHSaZ.exe
  C:\Windows\System\MSnHSaZ.exe
  2⤵
  PID:8836
- C:\Windows\System\WoCwiIl.exe
  C:\Windows\System\WoCwiIl.exe
  2⤵
  PID:8300
- C:\Windows\System\PKVSceO.exe
  C:\Windows\System\PKVSceO.exe
  2⤵
  PID:8856
- C:\Windows\System\iEHvXdk.exe
  C:\Windows\System\iEHvXdk.exe
  2⤵
  PID:7600
- C:\Windows\System\PoqkINq.exe
  C:\Windows\System\PoqkINq.exe
  2⤵
  PID:8748
- C:\Windows\System\giZEcbI.exe
  C:\Windows\System\giZEcbI.exe
  2⤵
  PID:8316
- C:\Windows\System\aSrlBxg.exe
  C:\Windows\System\aSrlBxg.exe
  2⤵
  PID:8084
- C:\Windows\System\orcePUy.exe
  C:\Windows\System\orcePUy.exe
  2⤵
  PID:8996
- C:\Windows\System\VFMXhLS.exe
  C:\Windows\System\VFMXhLS.exe
  2⤵
  PID:9056
- C:\Windows\System\XiCVieV.exe
  C:\Windows\System\XiCVieV.exe
  2⤵
  PID:8356
- C:\Windows\System\mcrfGdQ.exe
  C:\Windows\System\mcrfGdQ.exe
  2⤵
  PID:9232
- C:\Windows\System\CFzbjZo.exe
  C:\Windows\System\CFzbjZo.exe
  2⤵
  PID:9248
- C:\Windows\System\JVaCjXt.exe
  C:\Windows\System\JVaCjXt.exe
  2⤵
  PID:9264
- C:\Windows\System\HhAJpgf.exe
  C:\Windows\System\HhAJpgf.exe
  2⤵
  PID:9280
- C:\Windows\System\lMGGkiO.exe
  C:\Windows\System\lMGGkiO.exe
  2⤵
  PID:9296
- C:\Windows\System\yntcAgw.exe
  C:\Windows\System\yntcAgw.exe
  2⤵
  PID:9312
- C:\Windows\System\YpNuWRJ.exe
  C:\Windows\System\YpNuWRJ.exe
  2⤵
  PID:9328
- C:\Windows\System\pZgRxAV.exe
  C:\Windows\System\pZgRxAV.exe
  2⤵
  PID:9344
- C:\Windows\System\oZtZbyL.exe
  C:\Windows\System\oZtZbyL.exe
  2⤵
  PID:9360
- C:\Windows\System\wbgGOoA.exe
  C:\Windows\System\wbgGOoA.exe
  2⤵
  PID:9376
- C:\Windows\System\coGlxVQ.exe
  C:\Windows\System\coGlxVQ.exe
  2⤵
  PID:9392
- C:\Windows\System\vlxSseM.exe
  C:\Windows\System\vlxSseM.exe
  2⤵
  PID:9408
- C:\Windows\System\HqFoSWe.exe
  C:\Windows\System\HqFoSWe.exe
  2⤵
  PID:9428
- C:\Windows\System\vxdnFEu.exe
  C:\Windows\System\vxdnFEu.exe
  2⤵
  PID:9444
- C:\Windows\System\GyPiHTr.exe
  C:\Windows\System\GyPiHTr.exe
  2⤵
  PID:9460
- C:\Windows\System\vcBDiRy.exe
  C:\Windows\System\vcBDiRy.exe
  2⤵
  PID:9476
- C:\Windows\System\HXSTqop.exe
  C:\Windows\System\HXSTqop.exe
  2⤵
  PID:9492
- C:\Windows\System\IetZEaH.exe
  C:\Windows\System\IetZEaH.exe
  2⤵
  PID:9508
- C:\Windows\System\IwjLNOH.exe
  C:\Windows\System\IwjLNOH.exe
  2⤵
  PID:9524
- C:\Windows\System\JcecNjh.exe
  C:\Windows\System\JcecNjh.exe
  2⤵
  PID:9540
- C:\Windows\System\ROIMlqI.exe
  C:\Windows\System\ROIMlqI.exe
  2⤵
  PID:9556
- C:\Windows\System\xNRyzPc.exe
  C:\Windows\System\xNRyzPc.exe
  2⤵
  PID:9572
- C:\Windows\System\pMWrDvy.exe
  C:\Windows\System\pMWrDvy.exe
  2⤵
  PID:9588
- C:\Windows\System\VukdQJI.exe
  C:\Windows\System\VukdQJI.exe
  2⤵
  PID:9604
- C:\Windows\System\IwBYviS.exe
  C:\Windows\System\IwBYviS.exe
  2⤵
  PID:9620
- C:\Windows\System\xyQRSxV.exe
  C:\Windows\System\xyQRSxV.exe
  2⤵
  PID:9636
- C:\Windows\System\KJcdHAu.exe
  C:\Windows\System\KJcdHAu.exe
  2⤵
  PID:9652
- C:\Windows\System\JdZCluX.exe
  C:\Windows\System\JdZCluX.exe
  2⤵
  PID:9668
- C:\Windows\System\vzJiQEX.exe
  C:\Windows\System\vzJiQEX.exe
  2⤵
  PID:9684
- C:\Windows\System\QdEAXlI.exe
  C:\Windows\System\QdEAXlI.exe
  2⤵
  PID:9700
- C:\Windows\System\GIYQtTl.exe
  C:\Windows\System\GIYQtTl.exe
  2⤵
  PID:9716
- C:\Windows\System\NuvVccC.exe
  C:\Windows\System\NuvVccC.exe
  2⤵
  PID:9736
- C:\Windows\System\wCsgIOv.exe
  C:\Windows\System\wCsgIOv.exe
  2⤵
  PID:9752
- C:\Windows\System\grllzVp.exe
  C:\Windows\System\grllzVp.exe
  2⤵
  PID:9768
- C:\Windows\System\bsalvjh.exe
  C:\Windows\System\bsalvjh.exe
  2⤵
  PID:9784
- C:\Windows\System\Vejcubx.exe
  C:\Windows\System\Vejcubx.exe
  2⤵
  PID:9800
- C:\Windows\System\NtXeZhP.exe
  C:\Windows\System\NtXeZhP.exe
  2⤵
  PID:9816
- C:\Windows\System\cpDaEfQ.exe
  C:\Windows\System\cpDaEfQ.exe
  2⤵
  PID:9832
- C:\Windows\System\teISFrU.exe
  C:\Windows\System\teISFrU.exe
  2⤵
  PID:9848
- C:\Windows\System\tIxszYh.exe
  C:\Windows\System\tIxszYh.exe
  2⤵
  PID:9864
- C:\Windows\System\febjGwD.exe
  C:\Windows\System\febjGwD.exe
  2⤵
  PID:9880
- C:\Windows\System\usHarCZ.exe
  C:\Windows\System\usHarCZ.exe
  2⤵
  PID:9896
- C:\Windows\System\jyzWDYT.exe
  C:\Windows\System\jyzWDYT.exe
  2⤵
  PID:9912
- C:\Windows\System\viInaWI.exe
  C:\Windows\System\viInaWI.exe
  2⤵
  PID:9928
- C:\Windows\System\auXzRaf.exe
  C:\Windows\System\auXzRaf.exe
  2⤵
  PID:9944
- C:\Windows\System\ccqIYtz.exe
  C:\Windows\System\ccqIYtz.exe
  2⤵
  PID:9960
- C:\Windows\System\bDgBjPM.exe
  C:\Windows\System\bDgBjPM.exe
  2⤵
  PID:9976
- C:\Windows\System\aMOuhww.exe
  C:\Windows\System\aMOuhww.exe
  2⤵
  PID:9992
- C:\Windows\System\DOPCGdV.exe
  C:\Windows\System\DOPCGdV.exe
  2⤵
  PID:10008
- C:\Windows\System\NpODeil.exe
  C:\Windows\System\NpODeil.exe
  2⤵
  PID:10024
- C:\Windows\System\JmxoPTf.exe
  C:\Windows\System\JmxoPTf.exe
  2⤵
  PID:10040
- C:\Windows\System\hsbknvD.exe
  C:\Windows\System\hsbknvD.exe
  2⤵
  PID:10056
- C:\Windows\System\VItrwAh.exe
  C:\Windows\System\VItrwAh.exe
  2⤵
  PID:10072
- C:\Windows\System\CFQTuWS.exe
  C:\Windows\System\CFQTuWS.exe
  2⤵
  PID:10088
- C:\Windows\System\PiLtARZ.exe
  C:\Windows\System\PiLtARZ.exe
  2⤵
  PID:10104
- C:\Windows\System\HgnqQeT.exe
  C:\Windows\System\HgnqQeT.exe
  2⤵
  PID:10120
- C:\Windows\System\uGLOEms.exe
  C:\Windows\System\uGLOEms.exe
  2⤵
  PID:10136
- C:\Windows\System\GEGIXev.exe
  C:\Windows\System\GEGIXev.exe
  2⤵
  PID:10152
- C:\Windows\System\jsmdTaw.exe
  C:\Windows\System\jsmdTaw.exe
  2⤵
  PID:10168
- C:\Windows\System\mCPAThS.exe
  C:\Windows\System\mCPAThS.exe
  2⤵
  PID:10184
- C:\Windows\System\UrxQlwi.exe
  C:\Windows\System\UrxQlwi.exe
  2⤵
  PID:10204
- C:\Windows\System\PLkEXfw.exe
  C:\Windows\System\PLkEXfw.exe
  2⤵
  PID:10220
- C:\Windows\System\zSaZlpt.exe
  C:\Windows\System\zSaZlpt.exe
  2⤵
  PID:10236
- C:\Windows\System\gZbGDot.exe
  C:\Windows\System\gZbGDot.exe
  2⤵
  PID:9140
- C:\Windows\System\LAleyQx.exe
  C:\Windows\System\LAleyQx.exe
  2⤵
  PID:9228
- C:\Windows\System\NRashxb.exe
  C:\Windows\System\NRashxb.exe
  2⤵
  PID:9288
- C:\Windows\System\CsNTvVC.exe
  C:\Windows\System\CsNTvVC.exe
  2⤵
  PID:9324
- C:\Windows\System\qQmebDO.exe
  C:\Windows\System\qQmebDO.exe
  2⤵
  PID:9308
- C:\Windows\System\OEwdMiS.exe
  C:\Windows\System\OEwdMiS.exe
  2⤵
  PID:9388
- C:\Windows\System\odzzGYR.exe
  C:\Windows\System\odzzGYR.exe
  2⤵
  PID:9404
- C:\Windows\System\kcsVvnW.exe
  C:\Windows\System\kcsVvnW.exe
  2⤵
  PID:9488
- C:\Windows\System\RxtbwBG.exe
  C:\Windows\System\RxtbwBG.exe
  2⤵
  PID:9520
- C:\Windows\System\NYybyjL.exe
  C:\Windows\System\NYybyjL.exe
  2⤵
  PID:8676
- C:\Windows\System\UHRBcaE.exe
  C:\Windows\System\UHRBcaE.exe
  2⤵
  PID:9584
- C:\Windows\System\BZKeIof.exe
  C:\Windows\System\BZKeIof.exe
  2⤵
  PID:9676
- C:\Windows\System\NvPVIWZ.exe
  C:\Windows\System\NvPVIWZ.exe
  2⤵
  PID:9680
- C:\Windows\System\OpOCdSJ.exe
  C:\Windows\System\OpOCdSJ.exe
  2⤵
  PID:9632
- C:\Windows\System\ZLKhuyw.exe
  C:\Windows\System\ZLKhuyw.exe
  2⤵
  PID:9696
- C:\Windows\System\jRGjxsx.exe
  C:\Windows\System\jRGjxsx.exe
  2⤵
  PID:9780
- C:\Windows\System\ElWTKpf.exe
  C:\Windows\System\ElWTKpf.exe
  2⤵
  PID:9728
- C:\Windows\System\SPpEzEV.exe
  C:\Windows\System\SPpEzEV.exe
  2⤵
  PID:9792
- C:\Windows\System\bIHlhkp.exe
  C:\Windows\System\bIHlhkp.exe
  2⤵
  PID:9856
- C:\Windows\System\BnYyzBp.exe
  C:\Windows\System\BnYyzBp.exe
  2⤵
  PID:9844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CdILTns.exe

Filesize
6.0MB

MD5
167de1709d632e77e59544969983626f

SHA1
e14d6cd7f8baf554608a9939c9847433692e6c97

SHA256
7a0f732121affef3a025567f0f59058704ba134ae77cc61ae0f51ea2c04427be

SHA512
8abc5ec8ccf724c0d20113e1d7a6efa95cdd1c71feaa5bd6f2fa7b9b4241be1d140ef6a5f372b8b58934aa81c223c65e17b83e135caf355e96999b266d98cd37

Download Submit
C:\Windows\system\DllWUSh.exe

Filesize
6.0MB

MD5
e71205a626b9fead24830cd8b35d66ef

SHA1
5620b18c783f516b10d6d4430f787f6040e38894

SHA256
62e3ddd4e953966cb98e3629dbd8f63354e2eea34ec7b1edc1b99fdeb4b05850

SHA512
338921714e904a7c7e8fcd6f088f6fa0d1557489f919682411d9aded578ca89a0aa91d35ac62e14a423ab9ff8c6335e2634ce9d939524336f11a28123c4c241e

Download Submit
C:\Windows\system\EQlVRnK.exe

Filesize
6.0MB

MD5
a95d77e2c8022f865132ee4e1cd9c66f

SHA1
01e81f95a7c0f5f2eb459b9751672ca8524bb3d9

SHA256
63c426967ce03b361bf665e2cd4079d552d4ccf520194c7da7ae3233497ce494

SHA512
94094d51dd660fd795ef943b7bd81d7e1df90753932bc77a5538e245bfce8dda7751f4f5bd2267214f127225ff3d7477634ada854faf79b25dc9c65cf267aa25

Download Submit
C:\Windows\system\FVbnSDt.exe

Filesize
6.0MB

MD5
3cad132eb6ce75c553d4e33c1ca76085

SHA1
13deb5cd756f0656e17ad2e82e829a0608d91f13

SHA256
f31c797e2cc2a2f7c8f77f696f7696541266f9c8ee2d93b212ba3407b681f3a3

SHA512
fe639c98180eef14b04c8d6b4976a1a9538e5078f38c74971b166d07230acca7d90281f977c92bcd9e9054280289409d45ba8c1622c2c4d2f525b4e6fb708e78

Download Submit
C:\Windows\system\HcSxFNL.exe

Filesize
6.0MB

MD5
f7e08dbcc3787c498c7ce9939e1fd963

SHA1
1b39c620a2bffaed7fbd5aea40c83ab85eb9097b

SHA256
fbaa10e555aecda4c8b52e98b66c0a3935b6d45fc2e2398bcf00a89289b605a0

SHA512
26ca3f53b7e12a097ccd6e66e1758ed3bf2cc489d5a64ccaa52dfb2e55a2fe10317cb09e2914886eade75b219580a8439843b309da11ca9c1184e50e249c12fd

Download Submit
C:\Windows\system\SELwqrR.exe

Filesize
6.0MB

MD5
3feb645f4f4aef59b2b7ec5cdce918a0

SHA1
e0595f9c5b71e4d450134102ace47c3271b2ec9f

SHA256
d904cb41240ccdd21fea018c996a32ab20d593c2e7c0b66a2afc0a55291b0c10

SHA512
47bdb4791a2171099776eb052884606ae7718700f5001a1c31f4fd7a40126f374973232fcde47abb59f7533de0fe184ae033dfc29deff05f0169bf1bd35856d9

Download Submit
C:\Windows\system\UGmlyqC.exe

Filesize
6.0MB

MD5
7f205463766d5a5b2778a39a7f9ba532

SHA1
3f0b7bbdcaaa3db62609ce4cfced44be95b213e6

SHA256
af01e849f67622d8399cda77234172e58ec69cc7f29f7274425a5f9b0ad120ec

SHA512
f10ac9a3558f3cca9b4f131dfe5b4fba7f818116f2999a19d39f6660f86bb6e9a3c1c93b6a51ea5bf0068263a79f7106859f6f16a83b0a73afb50cecefe628c7

Download Submit
C:\Windows\system\UIKvqkQ.exe

Filesize
6.0MB

MD5
8331fb637003568196026ade643a64f9

SHA1
53977397b4cf2f6e217909f15f26f1825520b6ea

SHA256
d0b6af5bd6d78da69dc440d0927f8f5517e0d4ed58838bc7fb75983461444a6d

SHA512
ad97a529758358aa58fba37e8004246c99dd3706c769e87d0c81ca9f0cccf70281f5d3c8b4fa58314c2cc8bc38afa2397b07a695f1c8c9742e9f10b384b575a1

Download Submit
C:\Windows\system\ULgidJI.exe

Filesize
6.0MB

MD5
0085c9b73a96ce04b5dc5321890b6f98

SHA1
11c6214d467688a4cf644578fa5e28e95d37dfec

SHA256
dbf3cec2fc78dbf7ff7c3172a3b9b0df69949565cdaff6627b75d5442db42303

SHA512
907bb700d2107802852d53786d5f50779aba1c67e5ac47d0a94fb9f7c96df352c63d9a36b28b518764f44559b9f07b0b964fe23e4c57b3ec70a626b21cee62f2

Download Submit
C:\Windows\system\VdcCLXX.exe

Filesize
6.0MB

MD5
50c44877fef37205c7f71e1e006914b0

SHA1
8d82f15ad3fb873568f7ebdc132154ffdcac1c4b

SHA256
5147494f94da1397a7d0ce8cebbe8a1c891c1847f3ff9ec117f338e11bb36f7a

SHA512
46c74328d11b7f60d33885707e2f260f02d8765d1a4c65662f4f9a9651a77f4c0462febb20cffe23a03d4631849caabd7ef86102cc23e692a4e1b7d4cc4ecc56

Download Submit
C:\Windows\system\VyALjsP.exe

Filesize
6.0MB

MD5
0b9fff4a1a3b971e03fbfc5711452d42

SHA1
1a190a658dd7e47d37a944c0fe3c2d99d7606c61

SHA256
5e25f16d0264665049c4fc5f08b92950b42ae67634643fad727125884e961dcb

SHA512
455e50c3fa48fbb062caa2f0171f020ee66cd74f04ef861b90d7bf0805f441356c6ff72939f03b1a9f2b81df96f2c52cabd58f67f95bab5854fcd5a536539fad

Download Submit
C:\Windows\system\fgjOXuE.exe

Filesize
6.0MB

MD5
c910d81ed2480342d8f6af97cdf55ca4

SHA1
327f3534d2a0a228d03b8e56be914fa57dc9e8d9

SHA256
fc3c1201eaef9c5c2d45ec1f862cfcdb14a8971294a762f19f1e4c46b616f605

SHA512
67531f1de4787f93b5add6f252289342c0017a118bbc9cee4513f74a47bd381cd89e9e1d07d9ac6d78b541b3bb5f08fbe75b8b4f619f074401b3f55fbe54965b

Download Submit
C:\Windows\system\gjeACxa.exe

Filesize
6.0MB

MD5
136602a6a51835f1e2f8e22301bef666

SHA1
5bb3aa451e5305f67653067aa8794babf0bee6f6

SHA256
6270a5e3b32d8c36fe3010936e18677a92db982ca799a09c379e93f4fb812662

SHA512
3f809969622ab200ef032b76c26cb8c39a59b06668aea54b1d939b89b48345b25d9a954a09c2858621e7559502b767d5ad117b8101eb291708a0caae724c0d76

Download Submit
C:\Windows\system\hAJcKFg.exe

Filesize
6.0MB

MD5
06bcc4c94cf4d18e2b22abde534f8280

SHA1
7a617ab63710183b4efce5510d7dd3b1932187bd

SHA256
9ea883dc8db191cb300b4956e8ef93ca338ab3c75fdec62fc466beee73b0c310

SHA512
e014a590db0677cb27653c38085d87dee83884fc85280812ded771af05866400a99a543648c3566b475acdf5ac2a4fb51bacb9048ce7ab03d1de29f8a1326112

Download Submit
C:\Windows\system\hRuUhjO.exe

Filesize
6.0MB

MD5
7104a6c6af2108ee1a6d6d1edd34a03a

SHA1
3e94f6535b794ed498e4554e940d208a8fc05892

SHA256
92a71c906b9eeaa34471360bcc913bc9ecc0335fd16b8d01e8defeb88cbab61b

SHA512
3622aa3d41cf47ef01fab9b8b7272210a2c21379f502c614a8ac0f4b080c5101e25fda0326831771f41bdf7cda98acd7bc9af040fcd76a0a0422ded784f8abbd

Download Submit
C:\Windows\system\hvnCbyi.exe

Filesize
6.0MB

MD5
ba7b2af79dc7641d267693ac6492d94d

SHA1
6aeaa12243396ad5614179f9e3202bd7b75fd176

SHA256
d870521e763d88bc16097f8e2457755642fdec7ff6d712652fc63ea03869b365

SHA512
2a3a06be8bb97f9410122fed22d7748b6ff24cb9803db21f125ed3469910dbb65fe5219f1269b6e7eedc92ce833279fc3160cb910942fe54cf73b7faf7731296

Download Submit
C:\Windows\system\jKatpVF.exe

Filesize
6.0MB

MD5
5e390db1dd35360aeee8b336f33b4c5e

SHA1
87a5301a6996e6769757f91cd2db5ed74170ef9b

SHA256
76b2dbf210665bbf516266a2ce2c51f4709e4fd6d85f39e7de03b15510b0572a

SHA512
6ec3c253fee3950855dc54f23d31a9749e1bb251a0cddcdafb39c5ad6ee384450d0fb0afadce6555b54db8056d9f49b929431508a463de074ddd039177bf5fe9

Download Submit
C:\Windows\system\mAVfcpI.exe

Filesize
6.0MB

MD5
484d3ec832d7733f96fa4e42a2332fb0

SHA1
0778b0d268ae6930c89598234d06622bf41fd480

SHA256
0abda862d49d43232874837336200da7e7b5f9c136d6058e2036328c4df41260

SHA512
e1ea8bfda0dead056a4194a93498790b953289ca44b6e6c2dcbd2b9fd99129540d382ff8ac6fe3235ae41ca0cffe8c5a356e86d08f17d991b70dfb21bd344a5e

Download Submit
C:\Windows\system\pWjvRmu.exe

Filesize
6.0MB

MD5
46df943d5d8224f68a5155576046d044

SHA1
3e58af6fc0b0e1188fc56b390ddf843a01ba9dee

SHA256
c2401eaaa98bfee7306e3ede17222704b07bffdbbb6a231e4737f21e6b023e99

SHA512
ef6f8161a586f91eede2596095d067c1b33d5ef3fa89305d18f9b283a332b7e65f98726df7c00f7f0c1643349b62645484a1c91573c6e734f4112d3c3b8903ad

Download Submit
C:\Windows\system\pXndQef.exe

Filesize
6.0MB

MD5
321cbc6c3a688e8c30bab420e1c59384

SHA1
993efe5c878582628698dfdae9cec6e5d8252232

SHA256
98bd83ac8f039d258b80b564780dc7b38c7ece459a8ccd8548ed683af04ad3b6

SHA512
255071cbb8c10aa6dd2a3010181f1daff69840674a8dad23f84bd00b9da0b2529452aa640ba9ff5c078d5a01fa760f3ef646b31185178f826f9a42eebad2232a

Download Submit
C:\Windows\system\pjcbvIp.exe

Filesize
6.0MB

MD5
a4cfe3da8051f61e512095f78bb340e3

SHA1
3b80b2171ace6caecdacf77203d1fd349eae3157

SHA256
3cbc3c10dd4ef19a7a805552a479c76ff4a5e5116588dce024cea17c2d703ad7

SHA512
712e78cda318aeb86ce32a171240f68083b304bc1662d77e9f0434e5f68876cb2733bf6e3a03a9f8489c3fe8b5fc8224ae6d1d6140b9a841d22812b39a6fe850

Download Submit
C:\Windows\system\sMxOAVF.exe

Filesize
6.0MB

MD5
999dd154697d8ce505cdc8f0e9877ecb

SHA1
a5011fd4f2963788e808ee90427102cc8fd6f27b

SHA256
3770d077845b6cba87fdb48247639179f343c90884a6ec2daf81f586737e0cd4

SHA512
5197bd293c656c4b7beb14fb92947885679a69c581677a323c0e732caab32bbc136484e2860de8df1bc7bf363e65e9f4ee66c5d9debef4a3919ea085da3a0812

Download Submit
C:\Windows\system\vpBORmM.exe

Filesize
6.0MB

MD5
db1f246d9c38348697a68f1e439d70eb

SHA1
bd19f7bfa319da734d401ad26306ac75252737e8

SHA256
02ec3257a4497287903786c6a61b415f6d9d09e67c59c5ef127246d194a83b2c

SHA512
42a16ca43499e4d08025f3a9a1999c0000d049947361a47d6f9448bb2b15bc72395b7ca0c6b9eba2e47afed3472102caaeac8196ebe377a7613d556cf3394245

Download Submit
C:\Windows\system\xDbfBkv.exe

Filesize
6.0MB

MD5
3f301dc162eaf02f5d117cf576a4caa2

SHA1
fce265369824f490f97b7e70dd32ee43d60cbff7

SHA256
57bb82f70b0f7d2b45fff5eaabe8b5516ef94f044c15b6c2a3434badc5d4b83f

SHA512
ccce39ded556fcf37ac4490750861e2bcfbee1c881e4081d729c7cb7678bfc0405b08bd3fdfb1293398391e5593cd0e306bdeb68a851e33f0023f2faefb06328

Download Submit
C:\Windows\system\xFwvvaA.exe

Filesize
6.0MB

MD5
aacd5c38c0024b8ac62f53506f447178

SHA1
69489aa1b28bd62ac92903c23a16b87e568d7a7e

SHA256
95ca326c315db623bd10c42a484258724cc5862dd0d038d255a94d8ac70518fd

SHA512
08df6e06f95c6e895baffffa49fea0de352f7497bb48572a3955e64abb699b067f84a8bd832795970419e25e48b5aad47a0870912a6f02980d7be6839f4d82fe

Download Submit
C:\Windows\system\xKhhyhD.exe

Filesize
6.0MB

MD5
b3c89fa1c9bff38e80e8900e0974d418

SHA1
dc8b3448c9a59bdb260dee2da9c73b4134d56fdf

SHA256
760c9ca60a9f7be0111873b2c2be13ca4740c3c9aa8503695f7ebe53b919eaa1

SHA512
c74f29d35bfe62ebef221b376d6a51bbc1a1fc247306a215a02ccc1d3804c5bef9274a6e263e8e3e03528c9f0a1e004a7288f1ba303a974d7a4d5676ae0091c5

Download Submit
C:\Windows\system\yOtTPPX.exe

Filesize
6.0MB

MD5
d530d3ea3ba46e76a696f116bd984547

SHA1
3f4ab4db9afd35c7c16a31bc7c9e762084f32cf1

SHA256
65991f39c71cbf7fd8255f64fcb689f8edec8550313d9d3a5ed82991bc3a82d7

SHA512
38020783a0ce3648a2dafeeba57cc3d9aa5dd995cb136718932dbcf7d8eedf627c9247af0afafddb5f683f25995c6cc55b9b2b3c1e8d4d3f60341ea966e82136

Download Submit
C:\Windows\system\yehpkIX.exe

Filesize
6.0MB

MD5
634e0a45578c9ebc2b1f870b1772237a

SHA1
ea2f1db6c0b735389cc4b025c4a3a4f557f0dee8

SHA256
6af7dd97691f8b5d9786973622eb42a2460b40b1aecd1c68c12b828db10d7f8d

SHA512
3582cd83e31b17eeb26fcd28970bb5ad82f27f8362077199492d6235cbff7859c82ea39a0530bcf372f7d1c854e5724b42dc115c55bd6175ff7458e51424c0c1

Download Submit
\Windows\system\WgvTLYZ.exe

Filesize
6.0MB

MD5
05a707ed64b05cf6008bd871d6062190

SHA1
3da58a59d25d7bbc566dd38516ac1499b31a9593

SHA256
7fbdb06affe8eef3e68257c7f14fe8cf0760957818c90d6a023774913f5811d6

SHA512
55a12bdd21929f0d39d4f8b4ae4673944d6294141383d3f15a300985ec0e88bb1dee53c8e45b744dc2c2759ea26c505f80c98e63bc006eb723639c9addfb6815

Download Submit
\Windows\system\gXtjgUA.exe

Filesize
6.0MB

MD5
8bebeedf97972cd13a16f547e9ee30b3

SHA1
daec87d66105782616f41dc625e7b43e0c1e4d26

SHA256
1fa66aa44faeb9af80a980578f4a5a2c9bd9e5e92b85febe337ade49afe48660

SHA512
34f4ded7b637d087d78837c2b060ca5585e676d7ba1592cb5646927a1f4b92f68a5cbf0f75a249d9f80a353aa9517e3b718a64f2d45ee9c29386ef2e871fccb1

Download Submit
\Windows\system\hqanrSd.exe

Filesize
6.0MB

MD5
ebf6724c67478c4d97a3bbf1945278e1

SHA1
babcac1c12f6a356650d808e28371d58550ea5a2

SHA256
7d27d4dc4d9f72fb7f0b5a6d39fb3554a3656e84c2db9db9706da654394d829c

SHA512
f8659ec2667899761be6b3d248c2b64e3b83600c8ff2d9eb391a9d02a36babdba337166639cecd45d26e6df4c942e7e4340283a606213cb38382cd6aea5e3060

Download Submit
\Windows\system\qrDvUEr.exe

Filesize
6.0MB

MD5
1fedcb65f0b441d0db60d5820c48ba34

SHA1
1bbd5714c29fa557fd7097610fad9a9d7d3380d1

SHA256
406d4fe984068c0341ef41f803c841e1ace6504a2f9d906c8983ed40a82f747c

SHA512
bb0a32b944c18c485a5fd0bc455e4fa58b3b2dca725de11684cd10f027c2e63eff3d5047bdcb2105a439eac5fd83e5c3dcc60fead3a51d9cc7531955f37a6ab9

Download Submit
\Windows\system\xPxdwjY.exe

Filesize
6.0MB

MD5
dca15b1a56c951feaa3456a01fa1e1dd

SHA1
1fe4f2324fea17931f415e2af6702780a74d4a8d

SHA256
2158275d818d325a30af52cba2b8767d8f700a6ca19429ef455449ffd0413312

SHA512
98e60877dbeb0bc68eb83c838d07020e2b97af9158874317fb8dc3d720d17cf707df345b5e5fd9001117ee6a80ecbc60d182706765df2526c65253248a204142

Download Submit
memory/988-2482-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/988-100-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-69-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1056-323-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-91-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1056-13-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1056-21-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1056-685-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-396-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1056-271-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-39-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1056-50-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1056-51-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1056-52-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-54-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-114-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1056-61-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-63-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1056-90-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1056-115-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-101-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-864-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-27-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1056-36-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-98-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-88-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-107-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-14-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-75-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-89-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-2498-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-2478-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1712-99-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2100-60-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2100-2303-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2100-26-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2116-53-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2375-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-272-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2360-76-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2360-2418-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2239-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2592-16-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2628-70-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2628-2417-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2640-2404-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2640-44-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2364-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-37-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-2413-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-62-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-29-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2876-2397-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2876-71-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2924-15-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2924-2277-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2932-108-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2449-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download