cobaltstrike | 723d3e280cc37900a00d76b6982e07131d2b576dee7dc7666e38953cc565690c

Analysis

max time kernel
103s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

37730265c88cbfb33417f61364457083
SHA1

8f4b35905d1b63547a48016c34f3f07aaac214c1
SHA256

723d3e280cc37900a00d76b6982e07131d2b576dee7dc7666e38953cc565690c
SHA512

679a1a7de2835ea372c1d330971a9ce9e27360aa4ea390e444e4964a878bdcca2ed81d3e394f06306c41b5f4ef16dbb0e6ed8e59cd36aac6e1eeebb9635a60af
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUq:T+q56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000500000001a4c7-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-75.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001958e-70.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194e9-63.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194db-44.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194c4-34.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e3-51.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d2-39.dat	cobalt_reflective_dll
behavioral1/files/0x003000000001939b-27.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001949e-19.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193f7-13.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000120fd-6.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2532-676-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2532-517-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c7-169.dat	xmrig
behavioral1/files/0x000500000001a4c5-166.dat	xmrig
behavioral1/files/0x000500000001a4c3-161.dat	xmrig
behavioral1/files/0x000500000001a4c1-158.dat	xmrig
behavioral1/files/0x000500000001a4bf-153.dat	xmrig
behavioral1/files/0x000500000001a4bd-150.dat	xmrig
behavioral1/files/0x000500000001a4bb-145.dat	xmrig
behavioral1/files/0x000500000001a4b9-142.dat	xmrig
behavioral1/files/0x000500000001a4b7-137.dat	xmrig
behavioral1/files/0x000500000001a4b5-134.dat	xmrig
behavioral1/files/0x000500000001a4b1-126.dat	xmrig
behavioral1/files/0x000500000001a4b3-129.dat	xmrig
behavioral1/files/0x000500000001a4af-121.dat	xmrig
behavioral1/files/0x000500000001a4a9-117.dat	xmrig
behavioral1/files/0x000500000001a49a-113.dat	xmrig
behavioral1/files/0x000500000001a499-110.dat	xmrig
behavioral1/files/0x000500000001a48d-105.dat	xmrig
behavioral1/files/0x000500000001a48b-101.dat	xmrig
behavioral1/memory/2452-96-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46f-95.dat	xmrig
behavioral1/memory/2532-92-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2436-89-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a42d-88.dat	xmrig
behavioral1/memory/2760-85-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2896-82-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a427-81.dat	xmrig
behavioral1/memory/2532-79-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/3068-76-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41e-75.dat	xmrig
behavioral1/memory/2956-73-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2024-71-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x000700000001958e-70.dat	xmrig
behavioral1/memory/2620-65-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2744-64-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x00080000000194e9-63.dat	xmrig
behavioral1/memory/2532-60-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2728-59-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x00060000000194db-44.dat	xmrig
behavioral1/memory/2016-57-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2532-35-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x00070000000194c4-34.dat	xmrig
behavioral1/memory/2760-55-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2188-53-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x00060000000194e3-51.dat	xmrig
behavioral1/memory/2532-50-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2624-43-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2956-42-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x00060000000194d2-39.dat	xmrig
behavioral1/memory/2744-28-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x003000000001939b-27.dat	xmrig
behavioral1/memory/2728-22-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x000600000001949e-19.dat	xmrig
behavioral1/memory/2188-14-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x00070000000193f7-13.dat	xmrig
behavioral1/memory/2336-9-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-6.dat	xmrig
behavioral1/memory/2532-1-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2744-3741-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2624-3742-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2760-3749-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2336-3748-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2728-3751-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2336	JYkcEPH.exe
2188	bZnHmxa.exe
2728	zEmcbgQ.exe
2744	RLEGgOJ.exe
2956	jKxpZZZ.exe
2624	IakfRZy.exe
2760	qikoRyx.exe
2016	fQgZmzx.exe
2620	TLvUipK.exe
2024	vLwftIS.exe
3068	yESYOuj.exe
2896	DVKuTUF.exe
2436	VvgoLvp.exe
2452	nCdnvqa.exe
2516	AxpKNgL.exe
880	zUJNKgd.exe
3044	ZygskyL.exe
1080	wzBRJKM.exe
2296	PaakcpZ.exe
2872	OogbSGr.exe
2912	ZYXuoXN.exe
2936	fZFkFmN.exe
2628	yardabV.exe
2388	ghqWvCv.exe
2028	tHUEzsT.exe
1620	GoIivbu.exe
1208	PhUSHvl.exe
2036	zeyzuwB.exe
2432	zwnUYRY.exe
1512	ZKhiRah.exe
2244	DtpsATo.exe
2164	eSZUzbE.exe
2552	XMheznX.exe
936	dyLPcjJ.exe
1888	OBEcfFI.exe
3036	cdhjySX.exe
680	ktRNrEE.exe
820	nHebYgb.exe
1880	kEOvPSp.exe
2272	JqjWqak.exe
2184	IlnODGx.exe
2284	PzLUJjC.exe
2376	LknuyvD.exe
824	FcJArsm.exe
1108	ScGNlrI.exe
1540	TgnbgYb.exe
1896	KtgQFqs.exe
2032	yIbyrJV.exe
2672	CgPXZCZ.exe
2380	YeMrPcR.exe
1980	YLTXFEA.exe
1596	ZlkjyWc.exe
916	BJuEbNH.exe
628	aMpmCYU.exe
276	RtGucyb.exe
2256	hATaLWJ.exe
576	BGCXePh.exe
2092	AqBOnFg.exe
492	bjrjnrE.exe
1848	pJAmRlk.exe
2400	tFfOquC.exe
1476	KXDFWYm.exe
860	EbCfDgT.exe
3024	lNzyOkc.exe

Loads dropped DLL 64 IoCs

pid	Process
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a4c7-169.dat	upx
behavioral1/files/0x000500000001a4c5-166.dat	upx
behavioral1/files/0x000500000001a4c3-161.dat	upx
behavioral1/files/0x000500000001a4c1-158.dat	upx
behavioral1/files/0x000500000001a4bf-153.dat	upx
behavioral1/files/0x000500000001a4bd-150.dat	upx
behavioral1/files/0x000500000001a4bb-145.dat	upx
behavioral1/files/0x000500000001a4b9-142.dat	upx
behavioral1/files/0x000500000001a4b7-137.dat	upx
behavioral1/files/0x000500000001a4b5-134.dat	upx
behavioral1/files/0x000500000001a4b1-126.dat	upx
behavioral1/files/0x000500000001a4b3-129.dat	upx
behavioral1/files/0x000500000001a4af-121.dat	upx
behavioral1/files/0x000500000001a4a9-117.dat	upx
behavioral1/files/0x000500000001a49a-113.dat	upx
behavioral1/files/0x000500000001a499-110.dat	upx
behavioral1/files/0x000500000001a48d-105.dat	upx
behavioral1/files/0x000500000001a48b-101.dat	upx
behavioral1/memory/2452-96-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x000500000001a46f-95.dat	upx
behavioral1/memory/2436-89-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x000500000001a42d-88.dat	upx
behavioral1/memory/2760-85-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2896-82-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x000500000001a427-81.dat	upx
behavioral1/memory/3068-76-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x000500000001a41e-75.dat	upx
behavioral1/memory/2956-73-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2024-71-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x000700000001958e-70.dat	upx
behavioral1/memory/2620-65-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2744-64-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x00080000000194e9-63.dat	upx
behavioral1/memory/2728-59-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x00060000000194db-44.dat	upx
behavioral1/memory/2016-57-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2532-35-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x00070000000194c4-34.dat	upx
behavioral1/memory/2760-55-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2188-53-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x00060000000194e3-51.dat	upx
behavioral1/memory/2624-43-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2956-42-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x00060000000194d2-39.dat	upx
behavioral1/memory/2744-28-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x003000000001939b-27.dat	upx
behavioral1/memory/2728-22-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x000600000001949e-19.dat	upx
behavioral1/memory/2188-14-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x00070000000193f7-13.dat	upx
behavioral1/memory/2336-9-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-6.dat	upx
behavioral1/memory/2532-1-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2744-3741-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2624-3742-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2760-3749-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2336-3748-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2728-3751-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/3068-3991-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2024-3992-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2620-3993-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2016-3994-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2436-3995-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2452-3996-0x000000013F140000-0x000000013F494000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vrOKuQs.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsvIVdT.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geLUqkn.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsmUIBR.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcJArsm.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXitslS.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfgrqSH.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhsKHYP.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUBMbJc.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imIMGVY.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRNauom.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fiuDOPc.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNkFntH.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfgHrdV.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyvRsgZ.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mvhqNYR.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwytOLG.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Idvsfou.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILGXyWv.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ainryxe.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avNuQUc.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEOvPSp.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGevSLy.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuLqVtd.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiNzwGg.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJfkuxX.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpYosNJ.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYWpAhP.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcVJhtD.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwQiZnl.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRmwCwR.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HUGARTN.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCtrvOW.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcVdweh.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkjQFiI.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQgZmzx.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBiosCc.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SldKUQj.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOzecDe.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcxpBqp.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PimCzJm.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHINjgU.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yjBnszE.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwaHRZH.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tazhnGu.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AuuMfbN.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IgitFHE.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvGyCsV.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ugUuGPu.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICxTJoB.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWRiouC.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYjngQR.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXDFWYm.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFuZuKL.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cDTVpGU.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSdKCej.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkguhAF.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnhWuqo.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\antHomf.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLEGgOJ.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtvGyfb.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kSBVddJ.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dTEtjiw.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgTrgCS.exe	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2336	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2532 wrote to memory of 2336	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2532 wrote to memory of 2336	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2532 wrote to memory of 2188	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 2188	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 2188	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2532 wrote to memory of 2728	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 2728	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 2728	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2532 wrote to memory of 2744	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 2744	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 2744	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2532 wrote to memory of 2956	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2956	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2956	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2532 wrote to memory of 2624	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2624	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2624	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2532 wrote to memory of 2016	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2016	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2016	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2532 wrote to memory of 2760	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2760	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2760	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2532 wrote to memory of 2620	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2620	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2620	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2532 wrote to memory of 2024	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2024	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 2024	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2532 wrote to memory of 3068	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 3068	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 3068	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2532 wrote to memory of 2896	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2896	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2896	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2532 wrote to memory of 2436	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2436	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2436	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2532 wrote to memory of 2452	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2452	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2452	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2532 wrote to memory of 2516	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 2516	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 2516	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2532 wrote to memory of 880	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 880	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 880	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2532 wrote to memory of 3044	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 3044	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 3044	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2532 wrote to memory of 1080	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 1080	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 1080	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2532 wrote to memory of 2296	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 2296	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 2296	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2532 wrote to memory of 2872	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 2872	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 2872	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2532 wrote to memory of 2912	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 2912	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 2912	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2532 wrote to memory of 2936	2532	2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_37730265c88cbfb33417f61364457083_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\System\JYkcEPH.exe
  C:\Windows\System\JYkcEPH.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\bZnHmxa.exe
  C:\Windows\System\bZnHmxa.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\zEmcbgQ.exe
  C:\Windows\System\zEmcbgQ.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\RLEGgOJ.exe
  C:\Windows\System\RLEGgOJ.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\jKxpZZZ.exe
  C:\Windows\System\jKxpZZZ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\IakfRZy.exe
  C:\Windows\System\IakfRZy.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\fQgZmzx.exe
  C:\Windows\System\fQgZmzx.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\qikoRyx.exe
  C:\Windows\System\qikoRyx.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\TLvUipK.exe
  C:\Windows\System\TLvUipK.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\vLwftIS.exe
  C:\Windows\System\vLwftIS.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\yESYOuj.exe
  C:\Windows\System\yESYOuj.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\DVKuTUF.exe
  C:\Windows\System\DVKuTUF.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\VvgoLvp.exe
  C:\Windows\System\VvgoLvp.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\nCdnvqa.exe
  C:\Windows\System\nCdnvqa.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\AxpKNgL.exe
  C:\Windows\System\AxpKNgL.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\zUJNKgd.exe
  C:\Windows\System\zUJNKgd.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\ZygskyL.exe
  C:\Windows\System\ZygskyL.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\wzBRJKM.exe
  C:\Windows\System\wzBRJKM.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\PaakcpZ.exe
  C:\Windows\System\PaakcpZ.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\OogbSGr.exe
  C:\Windows\System\OogbSGr.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ZYXuoXN.exe
  C:\Windows\System\ZYXuoXN.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\fZFkFmN.exe
  C:\Windows\System\fZFkFmN.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\yardabV.exe
  C:\Windows\System\yardabV.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\ghqWvCv.exe
  C:\Windows\System\ghqWvCv.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\tHUEzsT.exe
  C:\Windows\System\tHUEzsT.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\GoIivbu.exe
  C:\Windows\System\GoIivbu.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\PhUSHvl.exe
  C:\Windows\System\PhUSHvl.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\zeyzuwB.exe
  C:\Windows\System\zeyzuwB.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\zwnUYRY.exe
  C:\Windows\System\zwnUYRY.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\ZKhiRah.exe
  C:\Windows\System\ZKhiRah.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\DtpsATo.exe
  C:\Windows\System\DtpsATo.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\eSZUzbE.exe
  C:\Windows\System\eSZUzbE.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\XMheznX.exe
  C:\Windows\System\XMheznX.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\dyLPcjJ.exe
  C:\Windows\System\dyLPcjJ.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\OBEcfFI.exe
  C:\Windows\System\OBEcfFI.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\cdhjySX.exe
  C:\Windows\System\cdhjySX.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\ktRNrEE.exe
  C:\Windows\System\ktRNrEE.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\nHebYgb.exe
  C:\Windows\System\nHebYgb.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\kEOvPSp.exe
  C:\Windows\System\kEOvPSp.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\JqjWqak.exe
  C:\Windows\System\JqjWqak.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\IlnODGx.exe
  C:\Windows\System\IlnODGx.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\PzLUJjC.exe
  C:\Windows\System\PzLUJjC.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\LknuyvD.exe
  C:\Windows\System\LknuyvD.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\FcJArsm.exe
  C:\Windows\System\FcJArsm.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\ScGNlrI.exe
  C:\Windows\System\ScGNlrI.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\TgnbgYb.exe
  C:\Windows\System\TgnbgYb.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\KtgQFqs.exe
  C:\Windows\System\KtgQFqs.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\yIbyrJV.exe
  C:\Windows\System\yIbyrJV.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\CgPXZCZ.exe
  C:\Windows\System\CgPXZCZ.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\YeMrPcR.exe
  C:\Windows\System\YeMrPcR.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\YLTXFEA.exe
  C:\Windows\System\YLTXFEA.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\ZlkjyWc.exe
  C:\Windows\System\ZlkjyWc.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\BJuEbNH.exe
  C:\Windows\System\BJuEbNH.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\aMpmCYU.exe
  C:\Windows\System\aMpmCYU.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\RtGucyb.exe
  C:\Windows\System\RtGucyb.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\hATaLWJ.exe
  C:\Windows\System\hATaLWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\BGCXePh.exe
  C:\Windows\System\BGCXePh.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\AqBOnFg.exe
  C:\Windows\System\AqBOnFg.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\bjrjnrE.exe
  C:\Windows\System\bjrjnrE.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\pJAmRlk.exe
  C:\Windows\System\pJAmRlk.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\tFfOquC.exe
  C:\Windows\System\tFfOquC.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\KXDFWYm.exe
  C:\Windows\System\KXDFWYm.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\EbCfDgT.exe
  C:\Windows\System\EbCfDgT.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\lNzyOkc.exe
  C:\Windows\System\lNzyOkc.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\tNXgXDs.exe
  C:\Windows\System\tNXgXDs.exe
  2⤵
  PID:3020
- C:\Windows\System\kFtnivh.exe
  C:\Windows\System\kFtnivh.exe
  2⤵
  PID:1584
- C:\Windows\System\UpgpsYe.exe
  C:\Windows\System\UpgpsYe.exe
  2⤵
  PID:1712
- C:\Windows\System\esvZwmz.exe
  C:\Windows\System\esvZwmz.exe
  2⤵
  PID:2680
- C:\Windows\System\gXxRUXr.exe
  C:\Windows\System\gXxRUXr.exe
  2⤵
  PID:2408
- C:\Windows\System\GJhwzWx.exe
  C:\Windows\System\GJhwzWx.exe
  2⤵
  PID:2512
- C:\Windows\System\EENWkEK.exe
  C:\Windows\System\EENWkEK.exe
  2⤵
  PID:2736
- C:\Windows\System\rwJzBKH.exe
  C:\Windows\System\rwJzBKH.exe
  2⤵
  PID:2852
- C:\Windows\System\kRoDojG.exe
  C:\Windows\System\kRoDojG.exe
  2⤵
  PID:2084
- C:\Windows\System\PFZiTlc.exe
  C:\Windows\System\PFZiTlc.exe
  2⤵
  PID:2644
- C:\Windows\System\QeXaVlp.exe
  C:\Windows\System\QeXaVlp.exe
  2⤵
  PID:2752
- C:\Windows\System\yeYrTCT.exe
  C:\Windows\System\yeYrTCT.exe
  2⤵
  PID:2708
- C:\Windows\System\aEOJLGV.exe
  C:\Windows\System\aEOJLGV.exe
  2⤵
  PID:1064
- C:\Windows\System\OlfWznS.exe
  C:\Windows\System\OlfWznS.exe
  2⤵
  PID:1028
- C:\Windows\System\tgStsqg.exe
  C:\Windows\System\tgStsqg.exe
  2⤵
  PID:1112
- C:\Windows\System\mFcjzVd.exe
  C:\Windows\System\mFcjzVd.exe
  2⤵
  PID:744
- C:\Windows\System\RFtecjr.exe
  C:\Windows\System\RFtecjr.exe
  2⤵
  PID:2900
- C:\Windows\System\HPqWsLe.exe
  C:\Windows\System\HPqWsLe.exe
  2⤵
  PID:2928
- C:\Windows\System\cFTgAaA.exe
  C:\Windows\System\cFTgAaA.exe
  2⤵
  PID:3016
- C:\Windows\System\JxjzBoh.exe
  C:\Windows\System\JxjzBoh.exe
  2⤵
  PID:868
- C:\Windows\System\iIAmPPp.exe
  C:\Windows\System\iIAmPPp.exe
  2⤵
  PID:2968
- C:\Windows\System\qqUkUce.exe
  C:\Windows\System\qqUkUce.exe
  2⤵
  PID:2372
- C:\Windows\System\tazhnGu.exe
  C:\Windows\System\tazhnGu.exe
  2⤵
  PID:2392
- C:\Windows\System\GHiSckA.exe
  C:\Windows\System\GHiSckA.exe
  2⤵
  PID:1244
- C:\Windows\System\EYguoom.exe
  C:\Windows\System\EYguoom.exe
  2⤵
  PID:2160
- C:\Windows\System\FvYugAj.exe
  C:\Windows\System\FvYugAj.exe
  2⤵
  PID:2464
- C:\Windows\System\ERQylur.exe
  C:\Windows\System\ERQylur.exe
  2⤵
  PID:280
- C:\Windows\System\UKfIZGG.exe
  C:\Windows\System\UKfIZGG.exe
  2⤵
  PID:976
- C:\Windows\System\WGApODY.exe
  C:\Windows\System\WGApODY.exe
  2⤵
  PID:1616
- C:\Windows\System\BMGAPpM.exe
  C:\Windows\System\BMGAPpM.exe
  2⤵
  PID:1536
- C:\Windows\System\gGQIBxQ.exe
  C:\Windows\System\gGQIBxQ.exe
  2⤵
  PID:1844
- C:\Windows\System\CGtnVFV.exe
  C:\Windows\System\CGtnVFV.exe
  2⤵
  PID:1832
- C:\Windows\System\iTaMeaX.exe
  C:\Windows\System\iTaMeaX.exe
  2⤵
  PID:1768
- C:\Windows\System\LAUnCtI.exe
  C:\Windows\System\LAUnCtI.exe
  2⤵
  PID:772
- C:\Windows\System\nEYNBxy.exe
  C:\Windows\System\nEYNBxy.exe
  2⤵
  PID:1924
- C:\Windows\System\MYugulA.exe
  C:\Windows\System\MYugulA.exe
  2⤵
  PID:2080
- C:\Windows\System\sDObUfI.exe
  C:\Windows\System\sDObUfI.exe
  2⤵
  PID:2204
- C:\Windows\System\xcRLGAk.exe
  C:\Windows\System\xcRLGAk.exe
  2⤵
  PID:1524
- C:\Windows\System\XcjhUtr.exe
  C:\Windows\System\XcjhUtr.exe
  2⤵
  PID:844
- C:\Windows\System\aPPlfSa.exe
  C:\Windows\System\aPPlfSa.exe
  2⤵
  PID:1564
- C:\Windows\System\izfpXtp.exe
  C:\Windows\System\izfpXtp.exe
  2⤵
  PID:2368
- C:\Windows\System\hqgcneF.exe
  C:\Windows\System\hqgcneF.exe
  2⤵
  PID:2696
- C:\Windows\System\kDAiQkL.exe
  C:\Windows\System\kDAiQkL.exe
  2⤵
  PID:2840
- C:\Windows\System\GFrqieY.exe
  C:\Windows\System\GFrqieY.exe
  2⤵
  PID:2832
- C:\Windows\System\rEgJuzN.exe
  C:\Windows\System\rEgJuzN.exe
  2⤵
  PID:1032
- C:\Windows\System\njMrzPw.exe
  C:\Windows\System\njMrzPw.exe
  2⤵
  PID:1340
- C:\Windows\System\FGXtRfA.exe
  C:\Windows\System\FGXtRfA.exe
  2⤵
  PID:3032
- C:\Windows\System\gKvCfwz.exe
  C:\Windows\System\gKvCfwz.exe
  2⤵
  PID:2488
- C:\Windows\System\mZGElGI.exe
  C:\Windows\System\mZGElGI.exe
  2⤵
  PID:2984
- C:\Windows\System\LRjDLVX.exe
  C:\Windows\System\LRjDLVX.exe
  2⤵
  PID:2572
- C:\Windows\System\FhLeCFb.exe
  C:\Windows\System\FhLeCFb.exe
  2⤵
  PID:2232
- C:\Windows\System\IIJRGUp.exe
  C:\Windows\System\IIJRGUp.exe
  2⤵
  PID:1544
- C:\Windows\System\NnJhRzx.exe
  C:\Windows\System\NnJhRzx.exe
  2⤵
  PID:2540
- C:\Windows\System\kbJMFlM.exe
  C:\Windows\System\kbJMFlM.exe
  2⤵
  PID:1804
- C:\Windows\System\ZpFHHTo.exe
  C:\Windows\System\ZpFHHTo.exe
  2⤵
  PID:2004
- C:\Windows\System\PxqCaRZ.exe
  C:\Windows\System\PxqCaRZ.exe
  2⤵
  PID:900
- C:\Windows\System\VPFNxAU.exe
  C:\Windows\System\VPFNxAU.exe
  2⤵
  PID:1656
- C:\Windows\System\JLiUjkP.exe
  C:\Windows\System\JLiUjkP.exe
  2⤵
  PID:2288
- C:\Windows\System\GDMBUUM.exe
  C:\Windows\System\GDMBUUM.exe
  2⤵
  PID:2260
- C:\Windows\System\YdVDWte.exe
  C:\Windows\System\YdVDWte.exe
  2⤵
  PID:2148
- C:\Windows\System\cFzDpIR.exe
  C:\Windows\System\cFzDpIR.exe
  2⤵
  PID:2584
- C:\Windows\System\ctcEDBC.exe
  C:\Windows\System\ctcEDBC.exe
  2⤵
  PID:3080
- C:\Windows\System\keynoFK.exe
  C:\Windows\System\keynoFK.exe
  2⤵
  PID:3096
- C:\Windows\System\jmsivws.exe
  C:\Windows\System\jmsivws.exe
  2⤵
  PID:3112
- C:\Windows\System\fnatGpU.exe
  C:\Windows\System\fnatGpU.exe
  2⤵
  PID:3128
- C:\Windows\System\OnBrphU.exe
  C:\Windows\System\OnBrphU.exe
  2⤵
  PID:3144
- C:\Windows\System\CnaVeYA.exe
  C:\Windows\System\CnaVeYA.exe
  2⤵
  PID:3160
- C:\Windows\System\ilhdZEH.exe
  C:\Windows\System\ilhdZEH.exe
  2⤵
  PID:3176
- C:\Windows\System\GuHARAV.exe
  C:\Windows\System\GuHARAV.exe
  2⤵
  PID:3192
- C:\Windows\System\AwKzuhB.exe
  C:\Windows\System\AwKzuhB.exe
  2⤵
  PID:3208
- C:\Windows\System\UxdJvgZ.exe
  C:\Windows\System\UxdJvgZ.exe
  2⤵
  PID:3224
- C:\Windows\System\YfEpoKt.exe
  C:\Windows\System\YfEpoKt.exe
  2⤵
  PID:3240
- C:\Windows\System\UIYOzMH.exe
  C:\Windows\System\UIYOzMH.exe
  2⤵
  PID:3256
- C:\Windows\System\JEDrIXJ.exe
  C:\Windows\System\JEDrIXJ.exe
  2⤵
  PID:3272
- C:\Windows\System\zSlcfci.exe
  C:\Windows\System\zSlcfci.exe
  2⤵
  PID:3288
- C:\Windows\System\skKmBBC.exe
  C:\Windows\System\skKmBBC.exe
  2⤵
  PID:3304
- C:\Windows\System\MEvxCRC.exe
  C:\Windows\System\MEvxCRC.exe
  2⤵
  PID:3320
- C:\Windows\System\gPgakDb.exe
  C:\Windows\System\gPgakDb.exe
  2⤵
  PID:3336
- C:\Windows\System\svyQIuT.exe
  C:\Windows\System\svyQIuT.exe
  2⤵
  PID:3352
- C:\Windows\System\GoIhKJU.exe
  C:\Windows\System\GoIhKJU.exe
  2⤵
  PID:3368
- C:\Windows\System\kchZsOB.exe
  C:\Windows\System\kchZsOB.exe
  2⤵
  PID:3384
- C:\Windows\System\CRwaYgY.exe
  C:\Windows\System\CRwaYgY.exe
  2⤵
  PID:3400
- C:\Windows\System\JCHrvXz.exe
  C:\Windows\System\JCHrvXz.exe
  2⤵
  PID:3416
- C:\Windows\System\jWFzhRV.exe
  C:\Windows\System\jWFzhRV.exe
  2⤵
  PID:3432
- C:\Windows\System\UCAFJWI.exe
  C:\Windows\System\UCAFJWI.exe
  2⤵
  PID:3448
- C:\Windows\System\wjuUALR.exe
  C:\Windows\System\wjuUALR.exe
  2⤵
  PID:3464
- C:\Windows\System\niCXQEc.exe
  C:\Windows\System\niCXQEc.exe
  2⤵
  PID:3480
- C:\Windows\System\ZbzhYos.exe
  C:\Windows\System\ZbzhYos.exe
  2⤵
  PID:3496
- C:\Windows\System\lGjVJuv.exe
  C:\Windows\System\lGjVJuv.exe
  2⤵
  PID:3512
- C:\Windows\System\IBVRneM.exe
  C:\Windows\System\IBVRneM.exe
  2⤵
  PID:3528
- C:\Windows\System\FmWJNlU.exe
  C:\Windows\System\FmWJNlU.exe
  2⤵
  PID:3544
- C:\Windows\System\gToSQLo.exe
  C:\Windows\System\gToSQLo.exe
  2⤵
  PID:3560
- C:\Windows\System\ceSyfpT.exe
  C:\Windows\System\ceSyfpT.exe
  2⤵
  PID:3576
- C:\Windows\System\AuuMfbN.exe
  C:\Windows\System\AuuMfbN.exe
  2⤵
  PID:3592
- C:\Windows\System\QzmaTJB.exe
  C:\Windows\System\QzmaTJB.exe
  2⤵
  PID:3608
- C:\Windows\System\qNXlFwa.exe
  C:\Windows\System\qNXlFwa.exe
  2⤵
  PID:3628
- C:\Windows\System\gzyYeot.exe
  C:\Windows\System\gzyYeot.exe
  2⤵
  PID:3644
- C:\Windows\System\ZtvGyfb.exe
  C:\Windows\System\ZtvGyfb.exe
  2⤵
  PID:3660
- C:\Windows\System\SCGExxM.exe
  C:\Windows\System\SCGExxM.exe
  2⤵
  PID:3676
- C:\Windows\System\bzOzTGT.exe
  C:\Windows\System\bzOzTGT.exe
  2⤵
  PID:3692
- C:\Windows\System\AzMUpDv.exe
  C:\Windows\System\AzMUpDv.exe
  2⤵
  PID:3708
- C:\Windows\System\iRzEGCE.exe
  C:\Windows\System\iRzEGCE.exe
  2⤵
  PID:3724
- C:\Windows\System\EFgMhqr.exe
  C:\Windows\System\EFgMhqr.exe
  2⤵
  PID:3740
- C:\Windows\System\cVpHXCP.exe
  C:\Windows\System\cVpHXCP.exe
  2⤵
  PID:3756
- C:\Windows\System\SqzKcPf.exe
  C:\Windows\System\SqzKcPf.exe
  2⤵
  PID:3772
- C:\Windows\System\BDzzXWU.exe
  C:\Windows\System\BDzzXWU.exe
  2⤵
  PID:3788
- C:\Windows\System\BUDpppv.exe
  C:\Windows\System\BUDpppv.exe
  2⤵
  PID:3804
- C:\Windows\System\dykmSTg.exe
  C:\Windows\System\dykmSTg.exe
  2⤵
  PID:3820
- C:\Windows\System\hPfovmN.exe
  C:\Windows\System\hPfovmN.exe
  2⤵
  PID:3836
- C:\Windows\System\GOpbfIi.exe
  C:\Windows\System\GOpbfIi.exe
  2⤵
  PID:3852
- C:\Windows\System\QQRXymt.exe
  C:\Windows\System\QQRXymt.exe
  2⤵
  PID:3868
- C:\Windows\System\ymImyuw.exe
  C:\Windows\System\ymImyuw.exe
  2⤵
  PID:3884
- C:\Windows\System\srwOmYs.exe
  C:\Windows\System\srwOmYs.exe
  2⤵
  PID:3900
- C:\Windows\System\qfMLtHE.exe
  C:\Windows\System\qfMLtHE.exe
  2⤵
  PID:3916
- C:\Windows\System\fBdNSKq.exe
  C:\Windows\System\fBdNSKq.exe
  2⤵
  PID:3932
- C:\Windows\System\xfZpGvc.exe
  C:\Windows\System\xfZpGvc.exe
  2⤵
  PID:3948
- C:\Windows\System\tuhKqZb.exe
  C:\Windows\System\tuhKqZb.exe
  2⤵
  PID:3964
- C:\Windows\System\iGevSLy.exe
  C:\Windows\System\iGevSLy.exe
  2⤵
  PID:3980
- C:\Windows\System\ANxeuZj.exe
  C:\Windows\System\ANxeuZj.exe
  2⤵
  PID:3996
- C:\Windows\System\OgqwzoR.exe
  C:\Windows\System\OgqwzoR.exe
  2⤵
  PID:4012
- C:\Windows\System\PgUBQbu.exe
  C:\Windows\System\PgUBQbu.exe
  2⤵
  PID:4028
- C:\Windows\System\CZgVuEu.exe
  C:\Windows\System\CZgVuEu.exe
  2⤵
  PID:4044
- C:\Windows\System\NaDewdX.exe
  C:\Windows\System\NaDewdX.exe
  2⤵
  PID:4060
- C:\Windows\System\xuhGoDd.exe
  C:\Windows\System\xuhGoDd.exe
  2⤵
  PID:4076
- C:\Windows\System\zcZLLXY.exe
  C:\Windows\System\zcZLLXY.exe
  2⤵
  PID:4092
- C:\Windows\System\QTPQNfo.exe
  C:\Windows\System\QTPQNfo.exe
  2⤵
  PID:2656
- C:\Windows\System\XSWHxtq.exe
  C:\Windows\System\XSWHxtq.exe
  2⤵
  PID:1508
- C:\Windows\System\liWWCxu.exe
  C:\Windows\System\liWWCxu.exe
  2⤵
  PID:1776
- C:\Windows\System\woIoWGA.exe
  C:\Windows\System\woIoWGA.exe
  2⤵
  PID:2544
- C:\Windows\System\kHbRHLD.exe
  C:\Windows\System\kHbRHLD.exe
  2⤵
  PID:1268
- C:\Windows\System\RMncYpm.exe
  C:\Windows\System\RMncYpm.exe
  2⤵
  PID:904
- C:\Windows\System\cuzfuQQ.exe
  C:\Windows\System\cuzfuQQ.exe
  2⤵
  PID:1580
- C:\Windows\System\dbmqsye.exe
  C:\Windows\System\dbmqsye.exe
  2⤵
  PID:2712
- C:\Windows\System\kgiqJaD.exe
  C:\Windows\System\kgiqJaD.exe
  2⤵
  PID:3076
- C:\Windows\System\TJGkWCl.exe
  C:\Windows\System\TJGkWCl.exe
  2⤵
  PID:3108
- C:\Windows\System\qBtTluy.exe
  C:\Windows\System\qBtTluy.exe
  2⤵
  PID:3140
- C:\Windows\System\GuIMuaG.exe
  C:\Windows\System\GuIMuaG.exe
  2⤵
  PID:3172
- C:\Windows\System\CyaALsS.exe
  C:\Windows\System\CyaALsS.exe
  2⤵
  PID:3204
- C:\Windows\System\OIZZvng.exe
  C:\Windows\System\OIZZvng.exe
  2⤵
  PID:3236
- C:\Windows\System\lNnqbvK.exe
  C:\Windows\System\lNnqbvK.exe
  2⤵
  PID:3268
- C:\Windows\System\GtQsMpi.exe
  C:\Windows\System\GtQsMpi.exe
  2⤵
  PID:3300
- C:\Windows\System\kCFnOaS.exe
  C:\Windows\System\kCFnOaS.exe
  2⤵
  PID:3360
- C:\Windows\System\ZfeFBYb.exe
  C:\Windows\System\ZfeFBYb.exe
  2⤵
  PID:3408
- C:\Windows\System\zpGHwai.exe
  C:\Windows\System\zpGHwai.exe
  2⤵
  PID:3424
- C:\Windows\System\GAJGhfk.exe
  C:\Windows\System\GAJGhfk.exe
  2⤵
  PID:3472
- C:\Windows\System\tmcyUxJ.exe
  C:\Windows\System\tmcyUxJ.exe
  2⤵
  PID:3488
- C:\Windows\System\jpYosNJ.exe
  C:\Windows\System\jpYosNJ.exe
  2⤵
  PID:3536
- C:\Windows\System\cXHxNLD.exe
  C:\Windows\System\cXHxNLD.exe
  2⤵
  PID:3552
- C:\Windows\System\fnUXhiE.exe
  C:\Windows\System\fnUXhiE.exe
  2⤵
  PID:3584
- C:\Windows\System\BoMiFVt.exe
  C:\Windows\System\BoMiFVt.exe
  2⤵
  PID:3616
- C:\Windows\System\HlJSBTQ.exe
  C:\Windows\System\HlJSBTQ.exe
  2⤵
  PID:3652
- C:\Windows\System\QNWfvLs.exe
  C:\Windows\System\QNWfvLs.exe
  2⤵
  PID:3684
- C:\Windows\System\tTlleex.exe
  C:\Windows\System\tTlleex.exe
  2⤵
  PID:3732
- C:\Windows\System\wYwsxbx.exe
  C:\Windows\System\wYwsxbx.exe
  2⤵
  PID:3748
- C:\Windows\System\OGhoQoh.exe
  C:\Windows\System\OGhoQoh.exe
  2⤵
  PID:3780
- C:\Windows\System\SjQZMLM.exe
  C:\Windows\System\SjQZMLM.exe
  2⤵
  PID:1624
- C:\Windows\System\AITCege.exe
  C:\Windows\System\AITCege.exe
  2⤵
  PID:3832
- C:\Windows\System\OrRYvqf.exe
  C:\Windows\System\OrRYvqf.exe
  2⤵
  PID:3864
- C:\Windows\System\edQBsUA.exe
  C:\Windows\System\edQBsUA.exe
  2⤵
  PID:3880
- C:\Windows\System\vxSyMbr.exe
  C:\Windows\System\vxSyMbr.exe
  2⤵
  PID:3928
- C:\Windows\System\gKeVmTl.exe
  C:\Windows\System\gKeVmTl.exe
  2⤵
  PID:3956
- C:\Windows\System\AsIMlSl.exe
  C:\Windows\System\AsIMlSl.exe
  2⤵
  PID:3992
- C:\Windows\System\hFJnjiC.exe
  C:\Windows\System\hFJnjiC.exe
  2⤵
  PID:4008
- C:\Windows\System\QSGrJFD.exe
  C:\Windows\System\QSGrJFD.exe
  2⤵
  PID:4040
- C:\Windows\System\IhEbUHz.exe
  C:\Windows\System\IhEbUHz.exe
  2⤵
  PID:4072
- C:\Windows\System\iHlaFqE.exe
  C:\Windows\System\iHlaFqE.exe
  2⤵
  PID:2932
- C:\Windows\System\AWcFnNc.exe
  C:\Windows\System\AWcFnNc.exe
  2⤵
  PID:2976
- C:\Windows\System\KCtgNLE.exe
  C:\Windows\System\KCtgNLE.exe
  2⤵
  PID:1456
- C:\Windows\System\yofTmej.exe
  C:\Windows\System\yofTmej.exe
  2⤵
  PID:2412
- C:\Windows\System\ROgadlD.exe
  C:\Windows\System\ROgadlD.exe
  2⤵
  PID:3124
- C:\Windows\System\jLczROW.exe
  C:\Windows\System\jLczROW.exe
  2⤵
  PID:3152
- C:\Windows\System\fEBqCJB.exe
  C:\Windows\System\fEBqCJB.exe
  2⤵
  PID:3216
- C:\Windows\System\knAHCaJ.exe
  C:\Windows\System\knAHCaJ.exe
  2⤵
  PID:3312
- C:\Windows\System\XZixrYK.exe
  C:\Windows\System\XZixrYK.exe
  2⤵
  PID:3364
- C:\Windows\System\pxCeDjY.exe
  C:\Windows\System\pxCeDjY.exe
  2⤵
  PID:3444
- C:\Windows\System\psrMMVM.exe
  C:\Windows\System\psrMMVM.exe
  2⤵
  PID:3460
- C:\Windows\System\JgetzgD.exe
  C:\Windows\System\JgetzgD.exe
  2⤵
  PID:3524
- C:\Windows\System\aGPChQu.exe
  C:\Windows\System\aGPChQu.exe
  2⤵
  PID:3588
- C:\Windows\System\lPRmUrU.exe
  C:\Windows\System\lPRmUrU.exe
  2⤵
  PID:3656
- C:\Windows\System\tagdStd.exe
  C:\Windows\System\tagdStd.exe
  2⤵
  PID:3720
- C:\Windows\System\mweVlmo.exe
  C:\Windows\System\mweVlmo.exe
  2⤵
  PID:3252
- C:\Windows\System\SRlgXQB.exe
  C:\Windows\System\SRlgXQB.exe
  2⤵
  PID:3800
- C:\Windows\System\akshOOY.exe
  C:\Windows\System\akshOOY.exe
  2⤵
  PID:3924
- C:\Windows\System\tdMGjnN.exe
  C:\Windows\System\tdMGjnN.exe
  2⤵
  PID:3972
- C:\Windows\System\EyfeXAF.exe
  C:\Windows\System\EyfeXAF.exe
  2⤵
  PID:4036
- C:\Windows\System\JeQxrbZ.exe
  C:\Windows\System\JeQxrbZ.exe
  2⤵
  PID:1648
- C:\Windows\System\ZvzueuK.exe
  C:\Windows\System\ZvzueuK.exe
  2⤵
  PID:2364
- C:\Windows\System\xONemTK.exe
  C:\Windows\System\xONemTK.exe
  2⤵
  PID:3088
- C:\Windows\System\LaAaIpP.exe
  C:\Windows\System\LaAaIpP.exe
  2⤵
  PID:2864
- C:\Windows\System\DJbtHoj.exe
  C:\Windows\System\DJbtHoj.exe
  2⤵
  PID:3284
- C:\Windows\System\NBiosCc.exe
  C:\Windows\System\NBiosCc.exe
  2⤵
  PID:3396
- C:\Windows\System\ILDoVSd.exe
  C:\Windows\System\ILDoVSd.exe
  2⤵
  PID:3556
- C:\Windows\System\kyOnPdX.exe
  C:\Windows\System\kyOnPdX.exe
  2⤵
  PID:4112
- C:\Windows\System\XtGbIaB.exe
  C:\Windows\System\XtGbIaB.exe
  2⤵
  PID:4128
- C:\Windows\System\knBmcVH.exe
  C:\Windows\System\knBmcVH.exe
  2⤵
  PID:4144
- C:\Windows\System\MnthMSv.exe
  C:\Windows\System\MnthMSv.exe
  2⤵
  PID:4160
- C:\Windows\System\ciXcLEj.exe
  C:\Windows\System\ciXcLEj.exe
  2⤵
  PID:4176
- C:\Windows\System\nnRyhxz.exe
  C:\Windows\System\nnRyhxz.exe
  2⤵
  PID:4192
- C:\Windows\System\waixOuL.exe
  C:\Windows\System\waixOuL.exe
  2⤵
  PID:4208
- C:\Windows\System\hoPTlvu.exe
  C:\Windows\System\hoPTlvu.exe
  2⤵
  PID:4224
- C:\Windows\System\vsLmODq.exe
  C:\Windows\System\vsLmODq.exe
  2⤵
  PID:4240
- C:\Windows\System\xznclGm.exe
  C:\Windows\System\xznclGm.exe
  2⤵
  PID:4256
- C:\Windows\System\WproymZ.exe
  C:\Windows\System\WproymZ.exe
  2⤵
  PID:4272
- C:\Windows\System\ImELxzx.exe
  C:\Windows\System\ImELxzx.exe
  2⤵
  PID:4288
- C:\Windows\System\ZJUeUtF.exe
  C:\Windows\System\ZJUeUtF.exe
  2⤵
  PID:4304
- C:\Windows\System\DdRmdCr.exe
  C:\Windows\System\DdRmdCr.exe
  2⤵
  PID:4320
- C:\Windows\System\ePyuDIR.exe
  C:\Windows\System\ePyuDIR.exe
  2⤵
  PID:4336
- C:\Windows\System\dYeXBLp.exe
  C:\Windows\System\dYeXBLp.exe
  2⤵
  PID:4352
- C:\Windows\System\GnNfTWd.exe
  C:\Windows\System\GnNfTWd.exe
  2⤵
  PID:4368
- C:\Windows\System\mceUeva.exe
  C:\Windows\System\mceUeva.exe
  2⤵
  PID:4384
- C:\Windows\System\BnGZjWn.exe
  C:\Windows\System\BnGZjWn.exe
  2⤵
  PID:4400
- C:\Windows\System\AYlcWMK.exe
  C:\Windows\System\AYlcWMK.exe
  2⤵
  PID:4416
- C:\Windows\System\umLsIWK.exe
  C:\Windows\System\umLsIWK.exe
  2⤵
  PID:4432
- C:\Windows\System\lKCpuNo.exe
  C:\Windows\System\lKCpuNo.exe
  2⤵
  PID:4448
- C:\Windows\System\ClkKAte.exe
  C:\Windows\System\ClkKAte.exe
  2⤵
  PID:4464
- C:\Windows\System\fZDZYSA.exe
  C:\Windows\System\fZDZYSA.exe
  2⤵
  PID:4480
- C:\Windows\System\LooPsYx.exe
  C:\Windows\System\LooPsYx.exe
  2⤵
  PID:4496
- C:\Windows\System\JmdSZRF.exe
  C:\Windows\System\JmdSZRF.exe
  2⤵
  PID:4512
- C:\Windows\System\NwytOLG.exe
  C:\Windows\System\NwytOLG.exe
  2⤵
  PID:4528
- C:\Windows\System\DsAtlQq.exe
  C:\Windows\System\DsAtlQq.exe
  2⤵
  PID:4544
- C:\Windows\System\osglMOg.exe
  C:\Windows\System\osglMOg.exe
  2⤵
  PID:4564
- C:\Windows\System\DulCzUv.exe
  C:\Windows\System\DulCzUv.exe
  2⤵
  PID:4580
- C:\Windows\System\jzNJXEJ.exe
  C:\Windows\System\jzNJXEJ.exe
  2⤵
  PID:4596
- C:\Windows\System\xgEmRmn.exe
  C:\Windows\System\xgEmRmn.exe
  2⤵
  PID:4612
- C:\Windows\System\vWairVi.exe
  C:\Windows\System\vWairVi.exe
  2⤵
  PID:4628
- C:\Windows\System\DNmCLkn.exe
  C:\Windows\System\DNmCLkn.exe
  2⤵
  PID:4644
- C:\Windows\System\cHehdOn.exe
  C:\Windows\System\cHehdOn.exe
  2⤵
  PID:4660
- C:\Windows\System\slFFjGs.exe
  C:\Windows\System\slFFjGs.exe
  2⤵
  PID:4676
- C:\Windows\System\eJSOFLd.exe
  C:\Windows\System\eJSOFLd.exe
  2⤵
  PID:4692
- C:\Windows\System\EwaRWwD.exe
  C:\Windows\System\EwaRWwD.exe
  2⤵
  PID:4708
- C:\Windows\System\LnXSJiX.exe
  C:\Windows\System\LnXSJiX.exe
  2⤵
  PID:4724
- C:\Windows\System\hNSsaHg.exe
  C:\Windows\System\hNSsaHg.exe
  2⤵
  PID:4740
- C:\Windows\System\geaGIoU.exe
  C:\Windows\System\geaGIoU.exe
  2⤵
  PID:4756
- C:\Windows\System\uvmDHFp.exe
  C:\Windows\System\uvmDHFp.exe
  2⤵
  PID:4772
- C:\Windows\System\dlGIbrd.exe
  C:\Windows\System\dlGIbrd.exe
  2⤵
  PID:4788
- C:\Windows\System\QVyULiE.exe
  C:\Windows\System\QVyULiE.exe
  2⤵
  PID:4804
- C:\Windows\System\nmKdjhI.exe
  C:\Windows\System\nmKdjhI.exe
  2⤵
  PID:4820
- C:\Windows\System\PYucPhj.exe
  C:\Windows\System\PYucPhj.exe
  2⤵
  PID:4836
- C:\Windows\System\oPUWZex.exe
  C:\Windows\System\oPUWZex.exe
  2⤵
  PID:4852
- C:\Windows\System\pBneUVE.exe
  C:\Windows\System\pBneUVE.exe
  2⤵
  PID:4872
- C:\Windows\System\ZyfVFeO.exe
  C:\Windows\System\ZyfVFeO.exe
  2⤵
  PID:4888
- C:\Windows\System\DIgkZmC.exe
  C:\Windows\System\DIgkZmC.exe
  2⤵
  PID:4904
- C:\Windows\System\PszfVRO.exe
  C:\Windows\System\PszfVRO.exe
  2⤵
  PID:4920
- C:\Windows\System\cKYCktH.exe
  C:\Windows\System\cKYCktH.exe
  2⤵
  PID:4936
- C:\Windows\System\noSoEIg.exe
  C:\Windows\System\noSoEIg.exe
  2⤵
  PID:4952
- C:\Windows\System\dtFxAHe.exe
  C:\Windows\System\dtFxAHe.exe
  2⤵
  PID:4968
- C:\Windows\System\akeObAC.exe
  C:\Windows\System\akeObAC.exe
  2⤵
  PID:4984
- C:\Windows\System\RADryHk.exe
  C:\Windows\System\RADryHk.exe
  2⤵
  PID:5000
- C:\Windows\System\QTVgYvm.exe
  C:\Windows\System\QTVgYvm.exe
  2⤵
  PID:5016
- C:\Windows\System\Msldzrf.exe
  C:\Windows\System\Msldzrf.exe
  2⤵
  PID:5032
- C:\Windows\System\ZKItorl.exe
  C:\Windows\System\ZKItorl.exe
  2⤵
  PID:5048
- C:\Windows\System\DzIrdJt.exe
  C:\Windows\System\DzIrdJt.exe
  2⤵
  PID:5064
- C:\Windows\System\DlNxDkR.exe
  C:\Windows\System\DlNxDkR.exe
  2⤵
  PID:5080
- C:\Windows\System\dnaXObU.exe
  C:\Windows\System\dnaXObU.exe
  2⤵
  PID:5096
- C:\Windows\System\pttXvmD.exe
  C:\Windows\System\pttXvmD.exe
  2⤵
  PID:5112
- C:\Windows\System\crBCJvP.exe
  C:\Windows\System\crBCJvP.exe
  2⤵
  PID:3540
- C:\Windows\System\CrTHoVf.exe
  C:\Windows\System\CrTHoVf.exe
  2⤵
  PID:3736
- C:\Windows\System\PlbAiIX.exe
  C:\Windows\System\PlbAiIX.exe
  2⤵
  PID:3896
- C:\Windows\System\EApLmGw.exe
  C:\Windows\System\EApLmGw.exe
  2⤵
  PID:4004
- C:\Windows\System\MFuZuKL.exe
  C:\Windows\System\MFuZuKL.exe
  2⤵
  PID:2292
- C:\Windows\System\DzOQbyc.exe
  C:\Windows\System\DzOQbyc.exe
  2⤵
  PID:3188
- C:\Windows\System\gqFoeXQ.exe
  C:\Windows\System\gqFoeXQ.exe
  2⤵
  PID:2596
- C:\Windows\System\gzVbjdv.exe
  C:\Windows\System\gzVbjdv.exe
  2⤵
  PID:4108
- C:\Windows\System\YCvzHTX.exe
  C:\Windows\System\YCvzHTX.exe
  2⤵
  PID:4156
- C:\Windows\System\uzWBDak.exe
  C:\Windows\System\uzWBDak.exe
  2⤵
  PID:4360
- C:\Windows\System\EJiLSUe.exe
  C:\Windows\System\EJiLSUe.exe
  2⤵
  PID:4688
- C:\Windows\System\HfCPkRd.exe
  C:\Windows\System\HfCPkRd.exe
  2⤵
  PID:4720
- C:\Windows\System\ycItkox.exe
  C:\Windows\System\ycItkox.exe
  2⤵
  PID:4748
- C:\Windows\System\hPlnzoB.exe
  C:\Windows\System\hPlnzoB.exe
  2⤵
  PID:4768
- C:\Windows\System\gkJpggV.exe
  C:\Windows\System\gkJpggV.exe
  2⤵
  PID:4812
- C:\Windows\System\JilBZSd.exe
  C:\Windows\System\JilBZSd.exe
  2⤵
  PID:4844
- C:\Windows\System\zdTORlz.exe
  C:\Windows\System\zdTORlz.exe
  2⤵
  PID:4880
- C:\Windows\System\RLsiqAP.exe
  C:\Windows\System\RLsiqAP.exe
  2⤵
  PID:2592
- C:\Windows\System\btJqCZX.exe
  C:\Windows\System\btJqCZX.exe
  2⤵
  PID:2600
- C:\Windows\System\kGiBekJ.exe
  C:\Windows\System\kGiBekJ.exe
  2⤵
  PID:5012
- C:\Windows\System\emGAHjr.exe
  C:\Windows\System\emGAHjr.exe
  2⤵
  PID:5076
- C:\Windows\System\GeTZViB.exe
  C:\Windows\System\GeTZViB.exe
  2⤵
  PID:3704
- C:\Windows\System\DbnUkWv.exe
  C:\Windows\System\DbnUkWv.exe
  2⤵
  PID:2692
- C:\Windows\System\DtPrnZF.exe
  C:\Windows\System\DtPrnZF.exe
  2⤵
  PID:4896
- C:\Windows\System\YjxFItv.exe
  C:\Windows\System\YjxFItv.exe
  2⤵
  PID:4960
- C:\Windows\System\gimuXpL.exe
  C:\Windows\System\gimuXpL.exe
  2⤵
  PID:5024
- C:\Windows\System\SNneBDh.exe
  C:\Windows\System\SNneBDh.exe
  2⤵
  PID:5088
- C:\Windows\System\XIRCDif.exe
  C:\Windows\System\XIRCDif.exe
  2⤵
  PID:3892
- C:\Windows\System\vInGKja.exe
  C:\Windows\System\vInGKja.exe
  2⤵
  PID:3392
- C:\Windows\System\VbQOhVa.exe
  C:\Windows\System\VbQOhVa.exe
  2⤵
  PID:4124
- C:\Windows\System\KQDtkop.exe
  C:\Windows\System\KQDtkop.exe
  2⤵
  PID:2704
- C:\Windows\System\nwimqTP.exe
  C:\Windows\System\nwimqTP.exe
  2⤵
  PID:2652
- C:\Windows\System\LJCVRqj.exe
  C:\Windows\System\LJCVRqj.exe
  2⤵
  PID:2684
- C:\Windows\System\kSBVddJ.exe
  C:\Windows\System\kSBVddJ.exe
  2⤵
  PID:2308
- C:\Windows\System\PRdiTDx.exe
  C:\Windows\System\PRdiTDx.exe
  2⤵
  PID:2868
- C:\Windows\System\kHBRVjj.exe
  C:\Windows\System\kHBRVjj.exe
  2⤵
  PID:2972
- C:\Windows\System\rJIbNOE.exe
  C:\Windows\System\rJIbNOE.exe
  2⤵
  PID:2676
- C:\Windows\System\IgitFHE.exe
  C:\Windows\System\IgitFHE.exe
  2⤵
  PID:408
- C:\Windows\System\sFUtfNH.exe
  C:\Windows\System\sFUtfNH.exe
  2⤵
  PID:3056
- C:\Windows\System\MADAIuA.exe
  C:\Windows\System\MADAIuA.exe
  2⤵
  PID:2460
- C:\Windows\System\lNAoSXl.exe
  C:\Windows\System\lNAoSXl.exe
  2⤵
  PID:1652
- C:\Windows\System\xlRmzwH.exe
  C:\Windows\System\xlRmzwH.exe
  2⤵
  PID:2940
- C:\Windows\System\Pfpviln.exe
  C:\Windows\System\Pfpviln.exe
  2⤵
  PID:1784
- C:\Windows\System\sYWpAhP.exe
  C:\Windows\System\sYWpAhP.exe
  2⤵
  PID:2420
- C:\Windows\System\XnqCZpd.exe
  C:\Windows\System\XnqCZpd.exe
  2⤵
  PID:2468
- C:\Windows\System\DzeFwxz.exe
  C:\Windows\System\DzeFwxz.exe
  2⤵
  PID:2152
- C:\Windows\System\ivmENky.exe
  C:\Windows\System\ivmENky.exe
  2⤵
  PID:2520
- C:\Windows\System\yppHHrs.exe
  C:\Windows\System\yppHHrs.exe
  2⤵
  PID:1372
- C:\Windows\System\tzOjbIM.exe
  C:\Windows\System\tzOjbIM.exe
  2⤵
  PID:2384
- C:\Windows\System\XUwuAOw.exe
  C:\Windows\System\XUwuAOw.exe
  2⤵
  PID:2052
- C:\Windows\System\MEeRXfD.exe
  C:\Windows\System\MEeRXfD.exe
  2⤵
  PID:1128
- C:\Windows\System\jSNCJns.exe
  C:\Windows\System\jSNCJns.exe
  2⤵
  PID:2724
- C:\Windows\System\VpfhNPj.exe
  C:\Windows\System\VpfhNPj.exe
  2⤵
  PID:4296
- C:\Windows\System\eerGUWx.exe
  C:\Windows\System\eerGUWx.exe
  2⤵
  PID:4248
- C:\Windows\System\qMIjeow.exe
  C:\Windows\System\qMIjeow.exe
  2⤵
  PID:4300
- C:\Windows\System\RYNsgVa.exe
  C:\Windows\System\RYNsgVa.exe
  2⤵
  PID:4328
- C:\Windows\System\uKxrPur.exe
  C:\Windows\System\uKxrPur.exe
  2⤵
  PID:4380
- C:\Windows\System\GVXjdMc.exe
  C:\Windows\System\GVXjdMc.exe
  2⤵
  PID:4408
- C:\Windows\System\nBgfaDt.exe
  C:\Windows\System\nBgfaDt.exe
  2⤵
  PID:4412
- C:\Windows\System\jTIrTAP.exe
  C:\Windows\System\jTIrTAP.exe
  2⤵
  PID:4456
- C:\Windows\System\gkUUNGR.exe
  C:\Windows\System\gkUUNGR.exe
  2⤵
  PID:4488
- C:\Windows\System\oyfGpvD.exe
  C:\Windows\System\oyfGpvD.exe
  2⤵
  PID:4524
- C:\Windows\System\tVFCSIK.exe
  C:\Windows\System\tVFCSIK.exe
  2⤵
  PID:4572
- C:\Windows\System\kBAuuAU.exe
  C:\Windows\System\kBAuuAU.exe
  2⤵
  PID:4604
- C:\Windows\System\xNkGBpt.exe
  C:\Windows\System\xNkGBpt.exe
  2⤵
  PID:4520
- C:\Windows\System\PBoxugV.exe
  C:\Windows\System\PBoxugV.exe
  2⤵
  PID:4640
- C:\Windows\System\MghEcbE.exe
  C:\Windows\System\MghEcbE.exe
  2⤵
  PID:4704
- C:\Windows\System\xfyzYyI.exe
  C:\Windows\System\xfyzYyI.exe
  2⤵
  PID:4716
- C:\Windows\System\WOXCdZV.exe
  C:\Windows\System\WOXCdZV.exe
  2⤵
  PID:4832
- C:\Windows\System\UbigHEw.exe
  C:\Windows\System\UbigHEw.exe
  2⤵
  PID:5008
- C:\Windows\System\cyobXSz.exe
  C:\Windows\System\cyobXSz.exe
  2⤵
  PID:4860
- C:\Windows\System\uoIGRZo.exe
  C:\Windows\System\uoIGRZo.exe
  2⤵
  PID:5044
- C:\Windows\System\AqFOYgi.exe
  C:\Windows\System\AqFOYgi.exe
  2⤵
  PID:3944
- C:\Windows\System\sNxpwDg.exe
  C:\Windows\System\sNxpwDg.exe
  2⤵
  PID:4084
- C:\Windows\System\AdrtxeO.exe
  C:\Windows\System\AdrtxeO.exe
  2⤵
  PID:4104
- C:\Windows\System\wQvxUdV.exe
  C:\Windows\System\wQvxUdV.exe
  2⤵
  PID:3640
- C:\Windows\System\bacgoQm.exe
  C:\Windows\System\bacgoQm.exe
  2⤵
  PID:4868
- C:\Windows\System\xfEnlgI.exe
  C:\Windows\System\xfEnlgI.exe
  2⤵
  PID:2396
- C:\Windows\System\oApOPRh.exe
  C:\Windows\System\oApOPRh.exe
  2⤵
  PID:4560
- C:\Windows\System\uyIxfWq.exe
  C:\Windows\System\uyIxfWq.exe
  2⤵
  PID:3064
- C:\Windows\System\NdOxPaE.exe
  C:\Windows\System\NdOxPaE.exe
  2⤵
  PID:1228
- C:\Windows\System\KbTqJvj.exe
  C:\Windows\System\KbTqJvj.exe
  2⤵
  PID:2264
- C:\Windows\System\scOXqyf.exe
  C:\Windows\System\scOXqyf.exe
  2⤵
  PID:2008
- C:\Windows\System\cwcZjRz.exe
  C:\Windows\System\cwcZjRz.exe
  2⤵
  PID:2988
- C:\Windows\System\WTnluYt.exe
  C:\Windows\System\WTnluYt.exe
  2⤵
  PID:1040
- C:\Windows\System\ThpMpaX.exe
  C:\Windows\System\ThpMpaX.exe
  2⤵
  PID:1504
- C:\Windows\System\DhkVfCd.exe
  C:\Windows\System\DhkVfCd.exe
  2⤵
  PID:1592
- C:\Windows\System\LFxuuiq.exe
  C:\Windows\System\LFxuuiq.exe
  2⤵
  PID:4236
- C:\Windows\System\ZkFVjZC.exe
  C:\Windows\System\ZkFVjZC.exe
  2⤵
  PID:4396
- C:\Windows\System\ULLpqbG.exe
  C:\Windows\System\ULLpqbG.exe
  2⤵
  PID:4444
- C:\Windows\System\orneSFd.exe
  C:\Windows\System\orneSFd.exe
  2⤵
  PID:2860
- C:\Windows\System\TmNSumn.exe
  C:\Windows\System\TmNSumn.exe
  2⤵
  PID:4472
- C:\Windows\System\pROdoNi.exe
  C:\Windows\System\pROdoNi.exe
  2⤵
  PID:4652
- C:\Windows\System\SrhsMgs.exe
  C:\Windows\System\SrhsMgs.exe
  2⤵
  PID:4316
- C:\Windows\System\YyKBSGc.exe
  C:\Windows\System\YyKBSGc.exe
  2⤵
  PID:4668
- C:\Windows\System\daXoOsO.exe
  C:\Windows\System\daXoOsO.exe
  2⤵
  PID:4736
- C:\Windows\System\ecjnEVn.exe
  C:\Windows\System\ecjnEVn.exe
  2⤵
  PID:4944
- C:\Windows\System\dKMafPm.exe
  C:\Windows\System\dKMafPm.exe
  2⤵
  PID:1560
- C:\Windows\System\sOzGGhq.exe
  C:\Windows\System\sOzGGhq.exe
  2⤵
  PID:4996
- C:\Windows\System\ddNtLIU.exe
  C:\Windows\System\ddNtLIU.exe
  2⤵
  PID:4204
- C:\Windows\System\MMvmxjE.exe
  C:\Windows\System\MMvmxjE.exe
  2⤵
  PID:2116
- C:\Windows\System\vgPegHa.exe
  C:\Windows\System\vgPegHa.exe
  2⤵
  PID:2576
- C:\Windows\System\kXAmoPR.exe
  C:\Windows\System\kXAmoPR.exe
  2⤵
  PID:2360
- C:\Windows\System\fJSkQHi.exe
  C:\Windows\System\fJSkQHi.exe
  2⤵
  PID:2228
- C:\Windows\System\BIZusIs.exe
  C:\Windows\System\BIZusIs.exe
  2⤵
  PID:4440
- C:\Windows\System\kknrGmM.exe
  C:\Windows\System\kknrGmM.exe
  2⤵
  PID:4184
- C:\Windows\System\tEfHJpI.exe
  C:\Windows\System\tEfHJpI.exe
  2⤵
  PID:4508
- C:\Windows\System\IOkscyd.exe
  C:\Windows\System\IOkscyd.exe
  2⤵
  PID:4764
- C:\Windows\System\lZSqvKn.exe
  C:\Windows\System\lZSqvKn.exe
  2⤵
  PID:4216
- C:\Windows\System\IGXZDhW.exe
  C:\Windows\System\IGXZDhW.exe
  2⤵
  PID:4980
- C:\Windows\System\XupprKv.exe
  C:\Windows\System\XupprKv.exe
  2⤵
  PID:2072
- C:\Windows\System\HXmiCDA.exe
  C:\Windows\System\HXmiCDA.exe
  2⤵
  PID:4796
- C:\Windows\System\qwVbMzf.exe
  C:\Windows\System\qwVbMzf.exe
  2⤵
  PID:2252
- C:\Windows\System\ohVtDVX.exe
  C:\Windows\System\ohVtDVX.exe
  2⤵
  PID:3040
- C:\Windows\System\yuaeHpz.exe
  C:\Windows\System\yuaeHpz.exe
  2⤵
  PID:4424
- C:\Windows\System\rrKFnQx.exe
  C:\Windows\System\rrKFnQx.exe
  2⤵
  PID:5060
- C:\Windows\System\thZNkfM.exe
  C:\Windows\System\thZNkfM.exe
  2⤵
  PID:2916
- C:\Windows\System\BiNfopU.exe
  C:\Windows\System\BiNfopU.exe
  2⤵
  PID:4948
- C:\Windows\System\eguDhHo.exe
  C:\Windows\System\eguDhHo.exe
  2⤵
  PID:4608
- C:\Windows\System\KRfuiUY.exe
  C:\Windows\System\KRfuiUY.exe
  2⤵
  PID:988
- C:\Windows\System\rtfKHeC.exe
  C:\Windows\System\rtfKHeC.exe
  2⤵
  PID:4280
- C:\Windows\System\HiIsfQI.exe
  C:\Windows\System\HiIsfQI.exe
  2⤵
  PID:5136
- C:\Windows\System\rEBsjvS.exe
  C:\Windows\System\rEBsjvS.exe
  2⤵
  PID:5152
- C:\Windows\System\cGpRaat.exe
  C:\Windows\System\cGpRaat.exe
  2⤵
  PID:5168
- C:\Windows\System\zZeUxMH.exe
  C:\Windows\System\zZeUxMH.exe
  2⤵
  PID:5184
- C:\Windows\System\aCTnVux.exe
  C:\Windows\System\aCTnVux.exe
  2⤵
  PID:5200
- C:\Windows\System\QDPrWXm.exe
  C:\Windows\System\QDPrWXm.exe
  2⤵
  PID:5216
- C:\Windows\System\RRrjysu.exe
  C:\Windows\System\RRrjysu.exe
  2⤵
  PID:5232
- C:\Windows\System\qdCSfWK.exe
  C:\Windows\System\qdCSfWK.exe
  2⤵
  PID:5248
- C:\Windows\System\ifhIIhM.exe
  C:\Windows\System\ifhIIhM.exe
  2⤵
  PID:5264
- C:\Windows\System\dElrgix.exe
  C:\Windows\System\dElrgix.exe
  2⤵
  PID:5280
- C:\Windows\System\mstvQbd.exe
  C:\Windows\System\mstvQbd.exe
  2⤵
  PID:5300
- C:\Windows\System\CYEgdlV.exe
  C:\Windows\System\CYEgdlV.exe
  2⤵
  PID:5320
- C:\Windows\System\dEcHpew.exe
  C:\Windows\System\dEcHpew.exe
  2⤵
  PID:5340
- C:\Windows\System\jdCrxww.exe
  C:\Windows\System\jdCrxww.exe
  2⤵
  PID:5364
- C:\Windows\System\XurWrcX.exe
  C:\Windows\System\XurWrcX.exe
  2⤵
  PID:5400
- C:\Windows\System\kMsUcwO.exe
  C:\Windows\System\kMsUcwO.exe
  2⤵
  PID:5420
- C:\Windows\System\sYXfuKh.exe
  C:\Windows\System\sYXfuKh.exe
  2⤵
  PID:5436
- C:\Windows\System\EQpKTgl.exe
  C:\Windows\System\EQpKTgl.exe
  2⤵
  PID:5452
- C:\Windows\System\CmNSzRJ.exe
  C:\Windows\System\CmNSzRJ.exe
  2⤵
  PID:5472
- C:\Windows\System\asQUhjV.exe
  C:\Windows\System\asQUhjV.exe
  2⤵
  PID:5488
- C:\Windows\System\CpsvZQm.exe
  C:\Windows\System\CpsvZQm.exe
  2⤵
  PID:5504
- C:\Windows\System\HvAfvAj.exe
  C:\Windows\System\HvAfvAj.exe
  2⤵
  PID:5552
- C:\Windows\System\iqmerlB.exe
  C:\Windows\System\iqmerlB.exe
  2⤵
  PID:5676
- C:\Windows\System\ZnDibjN.exe
  C:\Windows\System\ZnDibjN.exe
  2⤵
  PID:5696
- C:\Windows\System\jnCXINt.exe
  C:\Windows\System\jnCXINt.exe
  2⤵
  PID:5720
- C:\Windows\System\SldKUQj.exe
  C:\Windows\System\SldKUQj.exe
  2⤵
  PID:5748
- C:\Windows\System\kPzbqjw.exe
  C:\Windows\System\kPzbqjw.exe
  2⤵
  PID:5776
- C:\Windows\System\mZzXUPO.exe
  C:\Windows\System\mZzXUPO.exe
  2⤵
  PID:5804
- C:\Windows\System\MCszoWV.exe
  C:\Windows\System\MCszoWV.exe
  2⤵
  PID:5832
- C:\Windows\System\imIMGVY.exe
  C:\Windows\System\imIMGVY.exe
  2⤵
  PID:5856
- C:\Windows\System\yGSFiyg.exe
  C:\Windows\System\yGSFiyg.exe
  2⤵
  PID:5888
- C:\Windows\System\qjbEYBg.exe
  C:\Windows\System\qjbEYBg.exe
  2⤵
  PID:5912
- C:\Windows\System\GRNauom.exe
  C:\Windows\System\GRNauom.exe
  2⤵
  PID:5940
- C:\Windows\System\erAVzzg.exe
  C:\Windows\System\erAVzzg.exe
  2⤵
  PID:5964
- C:\Windows\System\HCLFrZu.exe
  C:\Windows\System\HCLFrZu.exe
  2⤵
  PID:5996
- C:\Windows\System\GSpIzcx.exe
  C:\Windows\System\GSpIzcx.exe
  2⤵
  PID:6064
- C:\Windows\System\ESsUuLO.exe
  C:\Windows\System\ESsUuLO.exe
  2⤵
  PID:6080
- C:\Windows\System\cxACJWZ.exe
  C:\Windows\System\cxACJWZ.exe
  2⤵
  PID:6096
- C:\Windows\System\OAbsTDg.exe
  C:\Windows\System\OAbsTDg.exe
  2⤵
  PID:6112
- C:\Windows\System\FhZQdYG.exe
  C:\Windows\System\FhZQdYG.exe
  2⤵
  PID:6128
- C:\Windows\System\fiuDOPc.exe
  C:\Windows\System\fiuDOPc.exe
  2⤵
  PID:2700
- C:\Windows\System\limQLYj.exe
  C:\Windows\System\limQLYj.exe
  2⤵
  PID:5132
- C:\Windows\System\nKrosJz.exe
  C:\Windows\System\nKrosJz.exe
  2⤵
  PID:5196
- C:\Windows\System\cABbJfH.exe
  C:\Windows\System\cABbJfH.exe
  2⤵
  PID:5228
- C:\Windows\System\CnRSufj.exe
  C:\Windows\System\CnRSufj.exe
  2⤵
  PID:5212
- C:\Windows\System\KpNkLcg.exe
  C:\Windows\System\KpNkLcg.exe
  2⤵
  PID:5244
- C:\Windows\System\WiARULm.exe
  C:\Windows\System\WiARULm.exe
  2⤵
  PID:5292
- C:\Windows\System\KuzTpVg.exe
  C:\Windows\System\KuzTpVg.exe
  2⤵
  PID:5276
- C:\Windows\System\yaKlaOi.exe
  C:\Windows\System\yaKlaOi.exe
  2⤵
  PID:5348
- C:\Windows\System\owVeulB.exe
  C:\Windows\System\owVeulB.exe
  2⤵
  PID:5316
- C:\Windows\System\oRDPOgu.exe
  C:\Windows\System\oRDPOgu.exe
  2⤵
  PID:5380
- C:\Windows\System\pLaHCND.exe
  C:\Windows\System\pLaHCND.exe
  2⤵
  PID:5396
- C:\Windows\System\RfGYohI.exe
  C:\Windows\System\RfGYohI.exe
  2⤵
  PID:5416
- C:\Windows\System\reIcNeZ.exe
  C:\Windows\System\reIcNeZ.exe
  2⤵
  PID:5460
- C:\Windows\System\rJaJScG.exe
  C:\Windows\System\rJaJScG.exe
  2⤵
  PID:5480
- C:\Windows\System\YOzecDe.exe
  C:\Windows\System\YOzecDe.exe
  2⤵
  PID:5520
- C:\Windows\System\XAlUHub.exe
  C:\Windows\System\XAlUHub.exe
  2⤵
  PID:5536
- C:\Windows\System\tmXBKzr.exe
  C:\Windows\System\tmXBKzr.exe
  2⤵
  PID:5560
- C:\Windows\System\fecnwui.exe
  C:\Windows\System\fecnwui.exe
  2⤵
  PID:5576
- C:\Windows\System\QNkFntH.exe
  C:\Windows\System\QNkFntH.exe
  2⤵
  PID:5592
- C:\Windows\System\gAJXKXY.exe
  C:\Windows\System\gAJXKXY.exe
  2⤵
  PID:5604
- C:\Windows\System\NQpglEO.exe
  C:\Windows\System\NQpglEO.exe
  2⤵
  PID:5624
- C:\Windows\System\yxMWYdr.exe
  C:\Windows\System\yxMWYdr.exe
  2⤵
  PID:5640
- C:\Windows\System\lPgNuuU.exe
  C:\Windows\System\lPgNuuU.exe
  2⤵
  PID:5656
- C:\Windows\System\HcxpBqp.exe
  C:\Windows\System\HcxpBqp.exe
  2⤵
  PID:5668
- C:\Windows\System\sZbRTDj.exe
  C:\Windows\System\sZbRTDj.exe
  2⤵
  PID:5716
- C:\Windows\System\LvQdDUP.exe
  C:\Windows\System\LvQdDUP.exe
  2⤵
  PID:5760
- C:\Windows\System\dutIOJG.exe
  C:\Windows\System\dutIOJG.exe
  2⤵
  PID:5816
- C:\Windows\System\MLIHdpC.exe
  C:\Windows\System\MLIHdpC.exe
  2⤵
  PID:5864
- C:\Windows\System\qypsaQA.exe
  C:\Windows\System\qypsaQA.exe
  2⤵
  PID:5884
- C:\Windows\System\BlVRviX.exe
  C:\Windows\System\BlVRviX.exe
  2⤵
  PID:5924
- C:\Windows\System\kbkZPAr.exe
  C:\Windows\System\kbkZPAr.exe
  2⤵
  PID:5972
- C:\Windows\System\wBRnTwZ.exe
  C:\Windows\System\wBRnTwZ.exe
  2⤵
  PID:5728
- C:\Windows\System\OHTRXRy.exe
  C:\Windows\System\OHTRXRy.exe
  2⤵
  PID:5896
- C:\Windows\System\vrOKuQs.exe
  C:\Windows\System\vrOKuQs.exe
  2⤵
  PID:5684
- C:\Windows\System\iuwrRUO.exe
  C:\Windows\System\iuwrRUO.exe
  2⤵
  PID:5744
- C:\Windows\System\WMrYWpv.exe
  C:\Windows\System\WMrYWpv.exe
  2⤵
  PID:5796
- C:\Windows\System\MdoEsQC.exe
  C:\Windows\System\MdoEsQC.exe
  2⤵
  PID:5852
- C:\Windows\System\PLlYtEw.exe
  C:\Windows\System\PLlYtEw.exe
  2⤵
  PID:5960
- C:\Windows\System\dJZFuRx.exe
  C:\Windows\System\dJZFuRx.exe
  2⤵
  PID:6060
- C:\Windows\System\QXdSwzU.exe
  C:\Windows\System\QXdSwzU.exe
  2⤵
  PID:6092
- C:\Windows\System\FAtzjSI.exe
  C:\Windows\System\FAtzjSI.exe
  2⤵
  PID:6140
- C:\Windows\System\tbCTRUF.exe
  C:\Windows\System\tbCTRUF.exe
  2⤵
  PID:6088
- C:\Windows\System\EWfWujq.exe
  C:\Windows\System\EWfWujq.exe
  2⤵
  PID:5208
- C:\Windows\System\TNWdgYI.exe
  C:\Windows\System\TNWdgYI.exe
  2⤵
  PID:5144
- C:\Windows\System\onbWQAC.exe
  C:\Windows\System\onbWQAC.exe
  2⤵
  PID:5328
- C:\Windows\System\ZCoQHCa.exe
  C:\Windows\System\ZCoQHCa.exe
  2⤵
  PID:5392
- C:\Windows\System\cexnPhO.exe
  C:\Windows\System\cexnPhO.exe
  2⤵
  PID:5516
- C:\Windows\System\NncFhYV.exe
  C:\Windows\System\NncFhYV.exe
  2⤵
  PID:5180
- C:\Windows\System\hkhFYmr.exe
  C:\Windows\System\hkhFYmr.exe
  2⤵
  PID:5500
- C:\Windows\System\tBIkUhM.exe
  C:\Windows\System\tBIkUhM.exe
  2⤵
  PID:5568
- C:\Windows\System\DvjXgwr.exe
  C:\Windows\System\DvjXgwr.exe
  2⤵
  PID:5620
- C:\Windows\System\tqNQRXW.exe
  C:\Windows\System\tqNQRXW.exe
  2⤵
  PID:5584
- C:\Windows\System\kgQbRJc.exe
  C:\Windows\System\kgQbRJc.exe
  2⤵
  PID:5632
- C:\Windows\System\zuEuTps.exe
  C:\Windows\System\zuEuTps.exe
  2⤵
  PID:5820
- C:\Windows\System\tXitslS.exe
  C:\Windows\System\tXitslS.exe
  2⤵
  PID:5828
- C:\Windows\System\nDtITSd.exe
  C:\Windows\System\nDtITSd.exe
  2⤵
  PID:5920
- C:\Windows\System\NhXretj.exe
  C:\Windows\System\NhXretj.exe
  2⤵
  PID:5936
- C:\Windows\System\MJnHbpW.exe
  C:\Windows\System\MJnHbpW.exe
  2⤵
  PID:6004
- C:\Windows\System\dXvNSSZ.exe
  C:\Windows\System\dXvNSSZ.exe
  2⤵
  PID:5788
- C:\Windows\System\zfgrqSH.exe
  C:\Windows\System\zfgrqSH.exe
  2⤵
  PID:6076
- C:\Windows\System\vTOwgFw.exe
  C:\Windows\System\vTOwgFw.exe
  2⤵
  PID:5740
- C:\Windows\System\ZObwUUv.exe
  C:\Windows\System\ZObwUUv.exe
  2⤵
  PID:5124
- C:\Windows\System\xMBNdMV.exe
  C:\Windows\System\xMBNdMV.exe
  2⤵
  PID:6136
- C:\Windows\System\ZKAxltk.exe
  C:\Windows\System\ZKAxltk.exe
  2⤵
  PID:5544
- C:\Windows\System\vfqmAzn.exe
  C:\Windows\System\vfqmAzn.exe
  2⤵
  PID:5428
- C:\Windows\System\NMCrAyX.exe
  C:\Windows\System\NMCrAyX.exe
  2⤵
  PID:5336
- C:\Windows\System\jsvIVdT.exe
  C:\Windows\System\jsvIVdT.exe
  2⤵
  PID:5240
- C:\Windows\System\irKCKXd.exe
  C:\Windows\System\irKCKXd.exe
  2⤵
  PID:5772
- C:\Windows\System\uzZQePd.exe
  C:\Windows\System\uzZQePd.exe
  2⤵
  PID:5956
- C:\Windows\System\bMeXdov.exe
  C:\Windows\System\bMeXdov.exe
  2⤵
  PID:5648
- C:\Windows\System\vRuEtKH.exe
  C:\Windows\System\vRuEtKH.exe
  2⤵
  PID:6160
- C:\Windows\System\mVDUjoR.exe
  C:\Windows\System\mVDUjoR.exe
  2⤵
  PID:6176
- C:\Windows\System\HpuwauW.exe
  C:\Windows\System\HpuwauW.exe
  2⤵
  PID:6192
- C:\Windows\System\dTEtjiw.exe
  C:\Windows\System\dTEtjiw.exe
  2⤵
  PID:6208
- C:\Windows\System\sJNttXV.exe
  C:\Windows\System\sJNttXV.exe
  2⤵
  PID:6224
- C:\Windows\System\WmbuIde.exe
  C:\Windows\System\WmbuIde.exe
  2⤵
  PID:6240
- C:\Windows\System\OGXHVPN.exe
  C:\Windows\System\OGXHVPN.exe
  2⤵
  PID:6256
- C:\Windows\System\ZvGyCsV.exe
  C:\Windows\System\ZvGyCsV.exe
  2⤵
  PID:6272
- C:\Windows\System\CLaVbiB.exe
  C:\Windows\System\CLaVbiB.exe
  2⤵
  PID:6288
- C:\Windows\System\NCpBUMe.exe
  C:\Windows\System\NCpBUMe.exe
  2⤵
  PID:6304
- C:\Windows\System\EUmkUhi.exe
  C:\Windows\System\EUmkUhi.exe
  2⤵
  PID:6320
- C:\Windows\System\kbkEHYq.exe
  C:\Windows\System\kbkEHYq.exe
  2⤵
  PID:6336
- C:\Windows\System\loNHrVD.exe
  C:\Windows\System\loNHrVD.exe
  2⤵
  PID:6352
- C:\Windows\System\swXqThn.exe
  C:\Windows\System\swXqThn.exe
  2⤵
  PID:6368
- C:\Windows\System\ybqJpHy.exe
  C:\Windows\System\ybqJpHy.exe
  2⤵
  PID:6384
- C:\Windows\System\tdhErpE.exe
  C:\Windows\System\tdhErpE.exe
  2⤵
  PID:6400
- C:\Windows\System\oDKmHKW.exe
  C:\Windows\System\oDKmHKW.exe
  2⤵
  PID:6416
- C:\Windows\System\JimXABt.exe
  C:\Windows\System\JimXABt.exe
  2⤵
  PID:6432
- C:\Windows\System\mIjFlIv.exe
  C:\Windows\System\mIjFlIv.exe
  2⤵
  PID:6452
- C:\Windows\System\mTMtqhQ.exe
  C:\Windows\System\mTMtqhQ.exe
  2⤵
  PID:6468
- C:\Windows\System\uTTRIcn.exe
  C:\Windows\System\uTTRIcn.exe
  2⤵
  PID:6484
- C:\Windows\System\LrgyCEf.exe
  C:\Windows\System\LrgyCEf.exe
  2⤵
  PID:6500
- C:\Windows\System\iwHDwgH.exe
  C:\Windows\System\iwHDwgH.exe
  2⤵
  PID:6516
- C:\Windows\System\ApLAVSM.exe
  C:\Windows\System\ApLAVSM.exe
  2⤵
  PID:6532
- C:\Windows\System\ygJLvZn.exe
  C:\Windows\System\ygJLvZn.exe
  2⤵
  PID:6548
- C:\Windows\System\NThYrqo.exe
  C:\Windows\System\NThYrqo.exe
  2⤵
  PID:6564
- C:\Windows\System\NvrXlwS.exe
  C:\Windows\System\NvrXlwS.exe
  2⤵
  PID:6580
- C:\Windows\System\awQHHhQ.exe
  C:\Windows\System\awQHHhQ.exe
  2⤵
  PID:6596
- C:\Windows\System\LbzHill.exe
  C:\Windows\System\LbzHill.exe
  2⤵
  PID:6612
- C:\Windows\System\dSVmtrm.exe
  C:\Windows\System\dSVmtrm.exe
  2⤵
  PID:6628
- C:\Windows\System\EpKiTRy.exe
  C:\Windows\System\EpKiTRy.exe
  2⤵
  PID:6644
- C:\Windows\System\pVXyonS.exe
  C:\Windows\System\pVXyonS.exe
  2⤵
  PID:6660
- C:\Windows\System\HXDNzqI.exe
  C:\Windows\System\HXDNzqI.exe
  2⤵
  PID:6676
- C:\Windows\System\CivOred.exe
  C:\Windows\System\CivOred.exe
  2⤵
  PID:6692
- C:\Windows\System\fPOSeQC.exe
  C:\Windows\System\fPOSeQC.exe
  2⤵
  PID:6708
- C:\Windows\System\IeXSBIs.exe
  C:\Windows\System\IeXSBIs.exe
  2⤵
  PID:6724
- C:\Windows\System\UAOhgVw.exe
  C:\Windows\System\UAOhgVw.exe
  2⤵
  PID:6740
- C:\Windows\System\SbyfFIe.exe
  C:\Windows\System\SbyfFIe.exe
  2⤵
  PID:6756
- C:\Windows\System\AutGiXH.exe
  C:\Windows\System\AutGiXH.exe
  2⤵
  PID:6772
- C:\Windows\System\WDOrXgk.exe
  C:\Windows\System\WDOrXgk.exe
  2⤵
  PID:6788
- C:\Windows\System\JwpzxHv.exe
  C:\Windows\System\JwpzxHv.exe
  2⤵
  PID:6804
- C:\Windows\System\TXusBSS.exe
  C:\Windows\System\TXusBSS.exe
  2⤵
  PID:6820
- C:\Windows\System\Idvsfou.exe
  C:\Windows\System\Idvsfou.exe
  2⤵
  PID:6836
- C:\Windows\System\elXxNfw.exe
  C:\Windows\System\elXxNfw.exe
  2⤵
  PID:6852
- C:\Windows\System\kNzPMoz.exe
  C:\Windows\System\kNzPMoz.exe
  2⤵
  PID:6868
- C:\Windows\System\UvPplrT.exe
  C:\Windows\System\UvPplrT.exe
  2⤵
  PID:6884
- C:\Windows\System\hGsfiXe.exe
  C:\Windows\System\hGsfiXe.exe
  2⤵
  PID:6900
- C:\Windows\System\XvZoUVO.exe
  C:\Windows\System\XvZoUVO.exe
  2⤵
  PID:6916
- C:\Windows\System\LePCbEo.exe
  C:\Windows\System\LePCbEo.exe
  2⤵
  PID:6932
- C:\Windows\System\qFmngDN.exe
  C:\Windows\System\qFmngDN.exe
  2⤵
  PID:6948
- C:\Windows\System\ReEtITJ.exe
  C:\Windows\System\ReEtITJ.exe
  2⤵
  PID:6968
- C:\Windows\System\RVIUmRh.exe
  C:\Windows\System\RVIUmRh.exe
  2⤵
  PID:6984
- C:\Windows\System\sgxrSKb.exe
  C:\Windows\System\sgxrSKb.exe
  2⤵
  PID:7000
- C:\Windows\System\yhyCZSj.exe
  C:\Windows\System\yhyCZSj.exe
  2⤵
  PID:7016
- C:\Windows\System\xWXzndk.exe
  C:\Windows\System\xWXzndk.exe
  2⤵
  PID:7032
- C:\Windows\System\vVvKOQP.exe
  C:\Windows\System\vVvKOQP.exe
  2⤵
  PID:7048
- C:\Windows\System\OiCpUoj.exe
  C:\Windows\System\OiCpUoj.exe
  2⤵
  PID:7064
- C:\Windows\System\xaGlRGR.exe
  C:\Windows\System\xaGlRGR.exe
  2⤵
  PID:7080
- C:\Windows\System\WfsTKiD.exe
  C:\Windows\System\WfsTKiD.exe
  2⤵
  PID:7096
- C:\Windows\System\LMHsLnm.exe
  C:\Windows\System\LMHsLnm.exe
  2⤵
  PID:7112
- C:\Windows\System\kUtzuhh.exe
  C:\Windows\System\kUtzuhh.exe
  2⤵
  PID:7128
- C:\Windows\System\uGccwwB.exe
  C:\Windows\System\uGccwwB.exe
  2⤵
  PID:7144
- C:\Windows\System\NhMFxwA.exe
  C:\Windows\System\NhMFxwA.exe
  2⤵
  PID:7160
- C:\Windows\System\LRYWnMa.exe
  C:\Windows\System\LRYWnMa.exe
  2⤵
  PID:5708
- C:\Windows\System\NyUkvSt.exe
  C:\Windows\System\NyUkvSt.exe
  2⤵
  PID:5736
- C:\Windows\System\lcVJhtD.exe
  C:\Windows\System\lcVJhtD.exe
  2⤵
  PID:6124
- C:\Windows\System\zlcxEWu.exe
  C:\Windows\System\zlcxEWu.exe
  2⤵
  PID:5512
- C:\Windows\System\qLXevnB.exe
  C:\Windows\System\qLXevnB.exe
  2⤵
  PID:5148
- C:\Windows\System\qbksdqE.exe
  C:\Windows\System\qbksdqE.exe
  2⤵
  PID:6204
- C:\Windows\System\lAeEjKI.exe
  C:\Windows\System\lAeEjKI.exe
  2⤵
  PID:5848
- C:\Windows\System\XVxEIff.exe
  C:\Windows\System\XVxEIff.exe
  2⤵
  PID:5272
- C:\Windows\System\SZlsHeO.exe
  C:\Windows\System\SZlsHeO.exe
  2⤵
  PID:6184
- C:\Windows\System\RmzmEav.exe
  C:\Windows\System\RmzmEav.exe
  2⤵
  PID:6236
- C:\Windows\System\GAxzNpB.exe
  C:\Windows\System\GAxzNpB.exe
  2⤵
  PID:6300
- C:\Windows\System\DozRBbB.exe
  C:\Windows\System\DozRBbB.exe
  2⤵
  PID:6364
- C:\Windows\System\qmecKau.exe
  C:\Windows\System\qmecKau.exe
  2⤵
  PID:6284
- C:\Windows\System\NojqfAy.exe
  C:\Windows\System\NojqfAy.exe
  2⤵
  PID:6348
- C:\Windows\System\lGapSIK.exe
  C:\Windows\System\lGapSIK.exe
  2⤵
  PID:6380
- C:\Windows\System\qvkEpFj.exe
  C:\Windows\System\qvkEpFj.exe
  2⤵
  PID:6448
- C:\Windows\System\miOeHGa.exe
  C:\Windows\System\miOeHGa.exe
  2⤵
  PID:6464
- C:\Windows\System\PppzTuX.exe
  C:\Windows\System\PppzTuX.exe
  2⤵
  PID:6528
- C:\Windows\System\yEGvnvi.exe
  C:\Windows\System\yEGvnvi.exe
  2⤵
  PID:6376
- C:\Windows\System\cKxDOgw.exe
  C:\Windows\System\cKxDOgw.exe
  2⤵
  PID:6544
- C:\Windows\System\JciEUXh.exe
  C:\Windows\System\JciEUXh.exe
  2⤵
  PID:6608
- C:\Windows\System\egpPyhK.exe
  C:\Windows\System\egpPyhK.exe
  2⤵
  PID:6540
- C:\Windows\System\DZEEPfQ.exe
  C:\Windows\System\DZEEPfQ.exe
  2⤵
  PID:6620
- C:\Windows\System\RbAralQ.exe
  C:\Windows\System\RbAralQ.exe
  2⤵
  PID:6684
- C:\Windows\System\GVkQLFc.exe
  C:\Windows\System\GVkQLFc.exe
  2⤵
  PID:6752
- C:\Windows\System\pWXZNvI.exe
  C:\Windows\System\pWXZNvI.exe
  2⤵
  PID:6704
- C:\Windows\System\RacywVE.exe
  C:\Windows\System\RacywVE.exe
  2⤵
  PID:6768
- C:\Windows\System\XCMzhfC.exe
  C:\Windows\System\XCMzhfC.exe
  2⤵
  PID:6832
- C:\Windows\System\pIYgTyb.exe
  C:\Windows\System\pIYgTyb.exe
  2⤵
  PID:6896
- C:\Windows\System\MabkDIO.exe
  C:\Windows\System\MabkDIO.exe
  2⤵
  PID:6848
- C:\Windows\System\rqvKbeV.exe
  C:\Windows\System\rqvKbeV.exe
  2⤵
  PID:6912
- C:\Windows\System\yFrVjVX.exe
  C:\Windows\System\yFrVjVX.exe
  2⤵
  PID:6980
- C:\Windows\System\yOZmwkW.exe
  C:\Windows\System\yOZmwkW.exe
  2⤵
  PID:7040
- C:\Windows\System\BXTYGva.exe
  C:\Windows\System\BXTYGva.exe
  2⤵
  PID:7108
- C:\Windows\System\SZAWrob.exe
  C:\Windows\System\SZAWrob.exe
  2⤵
  PID:6928
- C:\Windows\System\BsRBIzg.exe
  C:\Windows\System\BsRBIzg.exe
  2⤵
  PID:5652
- C:\Windows\System\srPpEQi.exe
  C:\Windows\System\srPpEQi.exe
  2⤵
  PID:6960
- C:\Windows\System\LOFoKON.exe
  C:\Windows\System\LOFoKON.exe
  2⤵
  PID:7088
- C:\Windows\System\skfEBdH.exe
  C:\Windows\System\skfEBdH.exe
  2⤵
  PID:7024
- C:\Windows\System\vGfLYIp.exe
  C:\Windows\System\vGfLYIp.exe
  2⤵
  PID:7120
- C:\Windows\System\KPTQYxo.exe
  C:\Windows\System\KPTQYxo.exe
  2⤵
  PID:6200
- C:\Windows\System\ewfKhET.exe
  C:\Windows\System\ewfKhET.exe
  2⤵
  PID:6220
- C:\Windows\System\XUzorms.exe
  C:\Windows\System\XUzorms.exe
  2⤵
  PID:5712
- C:\Windows\System\FNyJBGl.exe
  C:\Windows\System\FNyJBGl.exe
  2⤵
  PID:6268
- C:\Windows\System\cDTVpGU.exe
  C:\Windows\System\cDTVpGU.exe
  2⤵
  PID:6392
- C:\Windows\System\HTixxVg.exe
  C:\Windows\System\HTixxVg.exe
  2⤵
  PID:6476
- C:\Windows\System\rSQtkIc.exe
  C:\Windows\System\rSQtkIc.exe
  2⤵
  PID:6716
- C:\Windows\System\Qgnxrku.exe
  C:\Windows\System\Qgnxrku.exe
  2⤵
  PID:6656
- C:\Windows\System\uXFuejJ.exe
  C:\Windows\System\uXFuejJ.exe
  2⤵
  PID:6524
- C:\Windows\System\LvhLEdJ.exe
  C:\Windows\System\LvhLEdJ.exe
  2⤵
  PID:6668
- C:\Windows\System\ILGXyWv.exe
  C:\Windows\System\ILGXyWv.exe
  2⤵
  PID:6764
- C:\Windows\System\FwyJUOj.exe
  C:\Windows\System\FwyJUOj.exe
  2⤵
  PID:6844
- C:\Windows\System\foiYwdX.exe
  C:\Windows\System\foiYwdX.exe
  2⤵
  PID:6908
- C:\Windows\System\ciyWPcz.exe
  C:\Windows\System\ciyWPcz.exe
  2⤵
  PID:7072
- C:\Windows\System\KuSfLRw.exe
  C:\Windows\System\KuSfLRw.exe
  2⤵
  PID:5664
- C:\Windows\System\xBAjYIq.exe
  C:\Windows\System\xBAjYIq.exe
  2⤵
  PID:5588
- C:\Windows\System\srOcYhG.exe
  C:\Windows\System\srOcYhG.exe
  2⤵
  PID:7028
- C:\Windows\System\zhlLtrR.exe
  C:\Windows\System\zhlLtrR.exe
  2⤵
  PID:5880
- C:\Windows\System\wmrBCYQ.exe
  C:\Windows\System\wmrBCYQ.exe
  2⤵
  PID:6280
- C:\Windows\System\xNcPAeb.exe
  C:\Windows\System\xNcPAeb.exe
  2⤵
  PID:6956
- C:\Windows\System\rLWssMp.exe
  C:\Windows\System\rLWssMp.exe
  2⤵
  PID:6496
- C:\Windows\System\IsuHITA.exe
  C:\Windows\System\IsuHITA.exe
  2⤵
  PID:6588
- C:\Windows\System\IzbeRhS.exe
  C:\Windows\System\IzbeRhS.exe
  2⤵
  PID:6700
- C:\Windows\System\TDoKBDQ.exe
  C:\Windows\System\TDoKBDQ.exe
  2⤵
  PID:5952
- C:\Windows\System\JDCWpaL.exe
  C:\Windows\System\JDCWpaL.exe
  2⤵
  PID:7092
- C:\Windows\System\kWnfMgf.exe
  C:\Windows\System\kWnfMgf.exe
  2⤵
  PID:5840
- C:\Windows\System\bbmmLvq.exe
  C:\Windows\System\bbmmLvq.exe
  2⤵
  PID:6440
- C:\Windows\System\IPQFJGS.exe
  C:\Windows\System\IPQFJGS.exe
  2⤵
  PID:6156
- C:\Windows\System\MZLixpZ.exe
  C:\Windows\System\MZLixpZ.exe
  2⤵
  PID:6316
- C:\Windows\System\PauNmkh.exe
  C:\Windows\System\PauNmkh.exe
  2⤵
  PID:6880
- C:\Windows\System\obqcQqR.exe
  C:\Windows\System\obqcQqR.exe
  2⤵
  PID:6944
- C:\Windows\System\rxXFFeC.exe
  C:\Windows\System\rxXFFeC.exe
  2⤵
  PID:5464
- C:\Windows\System\lQRXASx.exe
  C:\Windows\System\lQRXASx.exe
  2⤵
  PID:6428
- C:\Windows\System\ArVaEet.exe
  C:\Windows\System\ArVaEet.exe
  2⤵
  PID:7172
- C:\Windows\System\NukBbEL.exe
  C:\Windows\System\NukBbEL.exe
  2⤵
  PID:7188
- C:\Windows\System\IXRCUus.exe
  C:\Windows\System\IXRCUus.exe
  2⤵
  PID:7204
- C:\Windows\System\RvFzSpW.exe
  C:\Windows\System\RvFzSpW.exe
  2⤵
  PID:7220
- C:\Windows\System\jxgLEgV.exe
  C:\Windows\System\jxgLEgV.exe
  2⤵
  PID:7240
- C:\Windows\System\mXzCYDY.exe
  C:\Windows\System\mXzCYDY.exe
  2⤵
  PID:7256
- C:\Windows\System\wgNEDxh.exe
  C:\Windows\System\wgNEDxh.exe
  2⤵
  PID:7272
- C:\Windows\System\uTWBHBe.exe
  C:\Windows\System\uTWBHBe.exe
  2⤵
  PID:7288
- C:\Windows\System\PNfeNux.exe
  C:\Windows\System\PNfeNux.exe
  2⤵
  PID:7304
- C:\Windows\System\ZyawjnA.exe
  C:\Windows\System\ZyawjnA.exe
  2⤵
  PID:7320
- C:\Windows\System\uNcVmVf.exe
  C:\Windows\System\uNcVmVf.exe
  2⤵
  PID:7336
- C:\Windows\System\SAxOFFl.exe
  C:\Windows\System\SAxOFFl.exe
  2⤵
  PID:7352
- C:\Windows\System\whSTVMy.exe
  C:\Windows\System\whSTVMy.exe
  2⤵
  PID:7368
- C:\Windows\System\ftXtCjY.exe
  C:\Windows\System\ftXtCjY.exe
  2⤵
  PID:7384
- C:\Windows\System\jahIUND.exe
  C:\Windows\System\jahIUND.exe
  2⤵
  PID:7400
- C:\Windows\System\eaRCdll.exe
  C:\Windows\System\eaRCdll.exe
  2⤵
  PID:7416
- C:\Windows\System\RPnZlFX.exe
  C:\Windows\System\RPnZlFX.exe
  2⤵
  PID:7432
- C:\Windows\System\fIfhJni.exe
  C:\Windows\System\fIfhJni.exe
  2⤵
  PID:7448
- C:\Windows\System\XXinXSG.exe
  C:\Windows\System\XXinXSG.exe
  2⤵
  PID:7464
- C:\Windows\System\YSVABMd.exe
  C:\Windows\System\YSVABMd.exe
  2⤵
  PID:7480
- C:\Windows\System\PQOrpZk.exe
  C:\Windows\System\PQOrpZk.exe
  2⤵
  PID:7496
- C:\Windows\System\fAsxItT.exe
  C:\Windows\System\fAsxItT.exe
  2⤵
  PID:7512
- C:\Windows\System\fNpxPkq.exe
  C:\Windows\System\fNpxPkq.exe
  2⤵
  PID:7528
- C:\Windows\System\eEGyhzA.exe
  C:\Windows\System\eEGyhzA.exe
  2⤵
  PID:7544
- C:\Windows\System\cuFXkYw.exe
  C:\Windows\System\cuFXkYw.exe
  2⤵
  PID:7560
- C:\Windows\System\VUxpHTv.exe
  C:\Windows\System\VUxpHTv.exe
  2⤵
  PID:7576
- C:\Windows\System\YvpuYpu.exe
  C:\Windows\System\YvpuYpu.exe
  2⤵
  PID:7592
- C:\Windows\System\IyfqKAx.exe
  C:\Windows\System\IyfqKAx.exe
  2⤵
  PID:7608
- C:\Windows\System\xtrpZIa.exe
  C:\Windows\System\xtrpZIa.exe
  2⤵
  PID:7624
- C:\Windows\System\UqWssNo.exe
  C:\Windows\System\UqWssNo.exe
  2⤵
  PID:7640
- C:\Windows\System\YmxmfzF.exe
  C:\Windows\System\YmxmfzF.exe
  2⤵
  PID:7656
- C:\Windows\System\VDgtyIB.exe
  C:\Windows\System\VDgtyIB.exe
  2⤵
  PID:7672
- C:\Windows\System\sOqYEWj.exe
  C:\Windows\System\sOqYEWj.exe
  2⤵
  PID:7688
- C:\Windows\System\qQsGNch.exe
  C:\Windows\System\qQsGNch.exe
  2⤵
  PID:7704
- C:\Windows\System\dWvNFVT.exe
  C:\Windows\System\dWvNFVT.exe
  2⤵
  PID:7720
- C:\Windows\System\HotXTQY.exe
  C:\Windows\System\HotXTQY.exe
  2⤵
  PID:7736
- C:\Windows\System\FlZsCxe.exe
  C:\Windows\System\FlZsCxe.exe
  2⤵
  PID:7752
- C:\Windows\System\vkZwNdc.exe
  C:\Windows\System\vkZwNdc.exe
  2⤵
  PID:7768
- C:\Windows\System\uCmHEvE.exe
  C:\Windows\System\uCmHEvE.exe
  2⤵
  PID:7784
- C:\Windows\System\HEJOtAm.exe
  C:\Windows\System\HEJOtAm.exe
  2⤵
  PID:7800
- C:\Windows\System\LiNWAta.exe
  C:\Windows\System\LiNWAta.exe
  2⤵
  PID:7816
- C:\Windows\System\ppGxsLq.exe
  C:\Windows\System\ppGxsLq.exe
  2⤵
  PID:7832
- C:\Windows\System\GRaNrpR.exe
  C:\Windows\System\GRaNrpR.exe
  2⤵
  PID:7848
- C:\Windows\System\eIHEkFu.exe
  C:\Windows\System\eIHEkFu.exe
  2⤵
  PID:7864
- C:\Windows\System\YTvuEYA.exe
  C:\Windows\System\YTvuEYA.exe
  2⤵
  PID:7880
- C:\Windows\System\aNjMLAQ.exe
  C:\Windows\System\aNjMLAQ.exe
  2⤵
  PID:7896
- C:\Windows\System\IoVVpwx.exe
  C:\Windows\System\IoVVpwx.exe
  2⤵
  PID:7912
- C:\Windows\System\reFgXpi.exe
  C:\Windows\System\reFgXpi.exe
  2⤵
  PID:7928
- C:\Windows\System\tTVRxDT.exe
  C:\Windows\System\tTVRxDT.exe
  2⤵
  PID:7944
- C:\Windows\System\VfgHrdV.exe
  C:\Windows\System\VfgHrdV.exe
  2⤵
  PID:7960
- C:\Windows\System\txSGcFy.exe
  C:\Windows\System\txSGcFy.exe
  2⤵
  PID:7976
- C:\Windows\System\uYyQIVP.exe
  C:\Windows\System\uYyQIVP.exe
  2⤵
  PID:7992
- C:\Windows\System\ucbovLx.exe
  C:\Windows\System\ucbovLx.exe
  2⤵
  PID:8008
- C:\Windows\System\hShXthK.exe
  C:\Windows\System\hShXthK.exe
  2⤵
  PID:8024
- C:\Windows\System\cpGNWIC.exe
  C:\Windows\System\cpGNWIC.exe
  2⤵
  PID:8040
- C:\Windows\System\mpTDIWt.exe
  C:\Windows\System\mpTDIWt.exe
  2⤵
  PID:8060
- C:\Windows\System\DYXpPZl.exe
  C:\Windows\System\DYXpPZl.exe
  2⤵
  PID:8076
- C:\Windows\System\gTiFREj.exe
  C:\Windows\System\gTiFREj.exe
  2⤵
  PID:8092
- C:\Windows\System\JPVwdPJ.exe
  C:\Windows\System\JPVwdPJ.exe
  2⤵
  PID:8108
- C:\Windows\System\bqxliwd.exe
  C:\Windows\System\bqxliwd.exe
  2⤵
  PID:8124
- C:\Windows\System\qEkOXzI.exe
  C:\Windows\System\qEkOXzI.exe
  2⤵
  PID:8140
- C:\Windows\System\nRTYAvu.exe
  C:\Windows\System\nRTYAvu.exe
  2⤵
  PID:8156
- C:\Windows\System\qtxQySj.exe
  C:\Windows\System\qtxQySj.exe
  2⤵
  PID:8172
- C:\Windows\System\ryfDicZ.exe
  C:\Windows\System\ryfDicZ.exe
  2⤵
  PID:8188
- C:\Windows\System\xSdKCej.exe
  C:\Windows\System\xSdKCej.exe
  2⤵
  PID:6512
- C:\Windows\System\TpHVlFK.exe
  C:\Windows\System\TpHVlFK.exe
  2⤵
  PID:6816
- C:\Windows\System\JvNShwS.exe
  C:\Windows\System\JvNShwS.exe
  2⤵
  PID:7212
- C:\Windows\System\gutiqbB.exe
  C:\Windows\System\gutiqbB.exe
  2⤵
  PID:7228
- C:\Windows\System\wZRgmvH.exe
  C:\Windows\System\wZRgmvH.exe
  2⤵
  PID:7296
- C:\Windows\System\kVObcGG.exe
  C:\Windows\System\kVObcGG.exe
  2⤵
  PID:7360
- C:\Windows\System\FISOIaO.exe
  C:\Windows\System\FISOIaO.exe
  2⤵
  PID:7424
- C:\Windows\System\RgOyEjY.exe
  C:\Windows\System\RgOyEjY.exe
  2⤵
  PID:7248
- C:\Windows\System\jfaNXeZ.exe
  C:\Windows\System\jfaNXeZ.exe
  2⤵
  PID:7312
- C:\Windows\System\DFFWIZs.exe
  C:\Windows\System\DFFWIZs.exe
  2⤵
  PID:7316
- C:\Windows\System\mDhaoJr.exe
  C:\Windows\System\mDhaoJr.exe
  2⤵
  PID:7380
- C:\Windows\System\zemvlcx.exe
  C:\Windows\System\zemvlcx.exe
  2⤵
  PID:7492
- C:\Windows\System\srTYgBA.exe
  C:\Windows\System\srTYgBA.exe
  2⤵
  PID:7508
- C:\Windows\System\EPTJHiT.exe
  C:\Windows\System\EPTJHiT.exe
  2⤵
  PID:7540
- C:\Windows\System\XRVKIaT.exe
  C:\Windows\System\XRVKIaT.exe
  2⤵
  PID:7556
- C:\Windows\System\EzWMxAk.exe
  C:\Windows\System\EzWMxAk.exe
  2⤵
  PID:7632
- C:\Windows\System\hissMfn.exe
  C:\Windows\System\hissMfn.exe
  2⤵
  PID:7732
- C:\Windows\System\rTeCGyO.exe
  C:\Windows\System\rTeCGyO.exe
  2⤵
  PID:7712
- C:\Windows\System\faqBdqt.exe
  C:\Windows\System\faqBdqt.exe
  2⤵
  PID:7616
- C:\Windows\System\dFggGxn.exe
  C:\Windows\System\dFggGxn.exe
  2⤵
  PID:7684
- C:\Windows\System\huFKQsQ.exe
  C:\Windows\System\huFKQsQ.exe
  2⤵
  PID:7796
- C:\Windows\System\bsqznTt.exe
  C:\Windows\System\bsqznTt.exe
  2⤵
  PID:7808
- C:\Windows\System\nmNXxIT.exe
  C:\Windows\System\nmNXxIT.exe
  2⤵
  PID:7872
- C:\Windows\System\geLUqkn.exe
  C:\Windows\System\geLUqkn.exe
  2⤵
  PID:7856
- C:\Windows\System\UHwIRtq.exe
  C:\Windows\System\UHwIRtq.exe
  2⤵
  PID:7908
- C:\Windows\System\fXBoYJt.exe
  C:\Windows\System\fXBoYJt.exe
  2⤵
  PID:7924
- C:\Windows\System\TosHnAE.exe
  C:\Windows\System\TosHnAE.exe
  2⤵
  PID:7972
- C:\Windows\System\Nsmjicf.exe
  C:\Windows\System\Nsmjicf.exe
  2⤵
  PID:7984
- C:\Windows\System\xrBHoBO.exe
  C:\Windows\System\xrBHoBO.exe
  2⤵
  PID:8048
- C:\Windows\System\PzCbVeN.exe
  C:\Windows\System\PzCbVeN.exe
  2⤵
  PID:8068
- C:\Windows\System\QWPpWtH.exe
  C:\Windows\System\QWPpWtH.exe
  2⤵
  PID:8088
- C:\Windows\System\egBgZZY.exe
  C:\Windows\System\egBgZZY.exe
  2⤵
  PID:8168
- C:\Windows\System\qzCJaoi.exe
  C:\Windows\System\qzCJaoi.exe
  2⤵
  PID:7184
- C:\Windows\System\LRhYkYn.exe
  C:\Windows\System\LRhYkYn.exe
  2⤵
  PID:8116
- C:\Windows\System\eyuxoDB.exe
  C:\Windows\System\eyuxoDB.exe
  2⤵
  PID:8184
- C:\Windows\System\fqxRDSD.exe
  C:\Windows\System\fqxRDSD.exe
  2⤵
  PID:7056
- C:\Windows\System\ljzXIif.exe
  C:\Windows\System\ljzXIif.exe
  2⤵
  PID:7456
- C:\Windows\System\XYpzxWQ.exe
  C:\Windows\System\XYpzxWQ.exe
  2⤵
  PID:7444
- C:\Windows\System\ecRnfHX.exe
  C:\Windows\System\ecRnfHX.exe
  2⤵
  PID:7588
- C:\Windows\System\XBhzMHF.exe
  C:\Windows\System\XBhzMHF.exe
  2⤵
  PID:7396
- C:\Windows\System\IUPsyNT.exe
  C:\Windows\System\IUPsyNT.exe
  2⤵
  PID:7284
- C:\Windows\System\QQZvLaH.exe
  C:\Windows\System\QQZvLaH.exe
  2⤵
  PID:7668
- C:\Windows\System\EzgTBXa.exe
  C:\Windows\System\EzgTBXa.exe
  2⤵
  PID:7792
- C:\Windows\System\FThmLBr.exe
  C:\Windows\System\FThmLBr.exe
  2⤵
  PID:7892
- C:\Windows\System\iNovyWG.exe
  C:\Windows\System\iNovyWG.exe
  2⤵
  PID:8100
- C:\Windows\System\rrCMGMP.exe
  C:\Windows\System\rrCMGMP.exe
  2⤵
  PID:7776
- C:\Windows\System\VrhMWzy.exe
  C:\Windows\System\VrhMWzy.exe
  2⤵
  PID:7744
- C:\Windows\System\JsMFKaX.exe
  C:\Windows\System\JsMFKaX.exe
  2⤵
  PID:7936
- C:\Windows\System\gHTyLUg.exe
  C:\Windows\System\gHTyLUg.exe
  2⤵
  PID:8036
- C:\Windows\System\FwtmdbM.exe
  C:\Windows\System\FwtmdbM.exe
  2⤵
  PID:7268
- C:\Windows\System\BLZsyxJ.exe
  C:\Windows\System\BLZsyxJ.exe
  2⤵
  PID:7472
- C:\Windows\System\PnYraDl.exe
  C:\Windows\System\PnYraDl.exe
  2⤵
  PID:6412
- C:\Windows\System\TlLmOdI.exe
  C:\Windows\System\TlLmOdI.exe
  2⤵
  PID:7604
- C:\Windows\System\UgvjMWm.exe
  C:\Windows\System\UgvjMWm.exe
  2⤵
  PID:7620
- C:\Windows\System\jvlBTnO.exe
  C:\Windows\System\jvlBTnO.exe
  2⤵
  PID:7376
- C:\Windows\System\FjcFTkB.exe
  C:\Windows\System\FjcFTkB.exe
  2⤵
  PID:6964
- C:\Windows\System\fvtuZin.exe
  C:\Windows\System\fvtuZin.exe
  2⤵
  PID:7828
- C:\Windows\System\TaLpoWd.exe
  C:\Windows\System\TaLpoWd.exe
  2⤵
  PID:8004
- C:\Windows\System\vxQbHYl.exe
  C:\Windows\System\vxQbHYl.exe
  2⤵
  PID:7200
- C:\Windows\System\bMcwluV.exe
  C:\Windows\System\bMcwluV.exe
  2⤵
  PID:7664
- C:\Windows\System\DDqoFdE.exe
  C:\Windows\System\DDqoFdE.exe
  2⤵
  PID:7700
- C:\Windows\System\wNXCbnC.exe
  C:\Windows\System\wNXCbnC.exe
  2⤵
  PID:8016
- C:\Windows\System\jNmUQYl.exe
  C:\Windows\System\jNmUQYl.exe
  2⤵
  PID:7196
- C:\Windows\System\cpOwRUr.exe
  C:\Windows\System\cpOwRUr.exe
  2⤵
  PID:8196
- C:\Windows\System\dsalwCk.exe
  C:\Windows\System\dsalwCk.exe
  2⤵
  PID:8212
- C:\Windows\System\QcdfNNv.exe
  C:\Windows\System\QcdfNNv.exe
  2⤵
  PID:8228
- C:\Windows\System\WaOpyrI.exe
  C:\Windows\System\WaOpyrI.exe
  2⤵
  PID:8244
- C:\Windows\System\wrsPsWg.exe
  C:\Windows\System\wrsPsWg.exe
  2⤵
  PID:8260
- C:\Windows\System\UFNSQca.exe
  C:\Windows\System\UFNSQca.exe
  2⤵
  PID:8276
- C:\Windows\System\neWvkhg.exe
  C:\Windows\System\neWvkhg.exe
  2⤵
  PID:8292
- C:\Windows\System\tIKAjWw.exe
  C:\Windows\System\tIKAjWw.exe
  2⤵
  PID:8308
- C:\Windows\System\SQqTGPA.exe
  C:\Windows\System\SQqTGPA.exe
  2⤵
  PID:8324
- C:\Windows\System\UIWXamS.exe
  C:\Windows\System\UIWXamS.exe
  2⤵
  PID:8340
- C:\Windows\System\YfNJSqG.exe
  C:\Windows\System\YfNJSqG.exe
  2⤵
  PID:8356
- C:\Windows\System\SKPPhiK.exe
  C:\Windows\System\SKPPhiK.exe
  2⤵
  PID:8372
- C:\Windows\System\kdNPDGp.exe
  C:\Windows\System\kdNPDGp.exe
  2⤵
  PID:8388
- C:\Windows\System\oRruEYP.exe
  C:\Windows\System\oRruEYP.exe
  2⤵
  PID:8404
- C:\Windows\System\dXRwQmH.exe
  C:\Windows\System\dXRwQmH.exe
  2⤵
  PID:8420
- C:\Windows\System\mcVdweh.exe
  C:\Windows\System\mcVdweh.exe
  2⤵
  PID:8436
- C:\Windows\System\FbygVMM.exe
  C:\Windows\System\FbygVMM.exe
  2⤵
  PID:8452
- C:\Windows\System\ainryxe.exe
  C:\Windows\System\ainryxe.exe
  2⤵
  PID:8468
- C:\Windows\System\OWELUYD.exe
  C:\Windows\System\OWELUYD.exe
  2⤵
  PID:8484
- C:\Windows\System\gDgTltc.exe
  C:\Windows\System\gDgTltc.exe
  2⤵
  PID:8500
- C:\Windows\System\uLRWyTt.exe
  C:\Windows\System\uLRWyTt.exe
  2⤵
  PID:8516
- C:\Windows\System\hgTrgCS.exe
  C:\Windows\System\hgTrgCS.exe
  2⤵
  PID:8532
- C:\Windows\System\UOlNtqr.exe
  C:\Windows\System\UOlNtqr.exe
  2⤵
  PID:8548
- C:\Windows\System\iuJVqSV.exe
  C:\Windows\System\iuJVqSV.exe
  2⤵
  PID:8564
- C:\Windows\System\dYwHYzM.exe
  C:\Windows\System\dYwHYzM.exe
  2⤵
  PID:8580
- C:\Windows\System\IORRYjz.exe
  C:\Windows\System\IORRYjz.exe
  2⤵
  PID:8596
- C:\Windows\System\zrNQGdY.exe
  C:\Windows\System\zrNQGdY.exe
  2⤵
  PID:8612
- C:\Windows\System\bvEnprt.exe
  C:\Windows\System\bvEnprt.exe
  2⤵
  PID:8628
- C:\Windows\System\LvmPsBs.exe
  C:\Windows\System\LvmPsBs.exe
  2⤵
  PID:8648
- C:\Windows\System\MquWVgW.exe
  C:\Windows\System\MquWVgW.exe
  2⤵
  PID:8664
- C:\Windows\System\AyQhFrN.exe
  C:\Windows\System\AyQhFrN.exe
  2⤵
  PID:8680
- C:\Windows\System\GykRawO.exe
  C:\Windows\System\GykRawO.exe
  2⤵
  PID:8696
- C:\Windows\System\ClFgYlp.exe
  C:\Windows\System\ClFgYlp.exe
  2⤵
  PID:8712
- C:\Windows\System\tVdpbXp.exe
  C:\Windows\System\tVdpbXp.exe
  2⤵
  PID:8728
- C:\Windows\System\LCNYzrq.exe
  C:\Windows\System\LCNYzrq.exe
  2⤵
  PID:8744
- C:\Windows\System\AYyzOSf.exe
  C:\Windows\System\AYyzOSf.exe
  2⤵
  PID:8760
- C:\Windows\System\PimCzJm.exe
  C:\Windows\System\PimCzJm.exe
  2⤵
  PID:8776
- C:\Windows\System\gWeMKad.exe
  C:\Windows\System\gWeMKad.exe
  2⤵
  PID:8792
- C:\Windows\System\EJCMUXL.exe
  C:\Windows\System\EJCMUXL.exe
  2⤵
  PID:8808
- C:\Windows\System\tTDQmKA.exe
  C:\Windows\System\tTDQmKA.exe
  2⤵
  PID:8824
- C:\Windows\System\iOVyInN.exe
  C:\Windows\System\iOVyInN.exe
  2⤵
  PID:8840
- C:\Windows\System\JPueviP.exe
  C:\Windows\System\JPueviP.exe
  2⤵
  PID:8856
- C:\Windows\System\aykDPox.exe
  C:\Windows\System\aykDPox.exe
  2⤵
  PID:8872
- C:\Windows\System\SYbFJWL.exe
  C:\Windows\System\SYbFJWL.exe
  2⤵
  PID:8888
- C:\Windows\System\loAoouB.exe
  C:\Windows\System\loAoouB.exe
  2⤵
  PID:8904
- C:\Windows\System\azMmwDX.exe
  C:\Windows\System\azMmwDX.exe
  2⤵
  PID:8920
- C:\Windows\System\hSzzMkG.exe
  C:\Windows\System\hSzzMkG.exe
  2⤵
  PID:8936
- C:\Windows\System\pOlHsQN.exe
  C:\Windows\System\pOlHsQN.exe
  2⤵
  PID:8952
- C:\Windows\System\qPqjTiq.exe
  C:\Windows\System\qPqjTiq.exe
  2⤵
  PID:8968
- C:\Windows\System\fxPCUEB.exe
  C:\Windows\System\fxPCUEB.exe
  2⤵
  PID:8984
- C:\Windows\System\QoZecsg.exe
  C:\Windows\System\QoZecsg.exe
  2⤵
  PID:9000
- C:\Windows\System\avNuQUc.exe
  C:\Windows\System\avNuQUc.exe
  2⤵
  PID:9016
- C:\Windows\System\cAspjoX.exe
  C:\Windows\System\cAspjoX.exe
  2⤵
  PID:9032
- C:\Windows\System\DBzlCmI.exe
  C:\Windows\System\DBzlCmI.exe
  2⤵
  PID:9048
- C:\Windows\System\LbQeZfV.exe
  C:\Windows\System\LbQeZfV.exe
  2⤵
  PID:9064
- C:\Windows\System\omHfZpT.exe
  C:\Windows\System\omHfZpT.exe
  2⤵
  PID:9080
- C:\Windows\System\PVghvFv.exe
  C:\Windows\System\PVghvFv.exe
  2⤵
  PID:9096
- C:\Windows\System\vNFmeMc.exe
  C:\Windows\System\vNFmeMc.exe
  2⤵
  PID:9112
- C:\Windows\System\IiuSwzZ.exe
  C:\Windows\System\IiuSwzZ.exe
  2⤵
  PID:9128
- C:\Windows\System\lxFIsJf.exe
  C:\Windows\System\lxFIsJf.exe
  2⤵
  PID:9144
- C:\Windows\System\fQVpHog.exe
  C:\Windows\System\fQVpHog.exe
  2⤵
  PID:9160
- C:\Windows\System\LFzILBy.exe
  C:\Windows\System\LFzILBy.exe
  2⤵
  PID:9176
- C:\Windows\System\tGoQsca.exe
  C:\Windows\System\tGoQsca.exe
  2⤵
  PID:9192
- C:\Windows\System\TtrtGBN.exe
  C:\Windows\System\TtrtGBN.exe
  2⤵
  PID:9208
- C:\Windows\System\fIkHlLn.exe
  C:\Windows\System\fIkHlLn.exe
  2⤵
  PID:7888
- C:\Windows\System\LrSDjaZ.exe
  C:\Windows\System\LrSDjaZ.exe
  2⤵
  PID:8204
- C:\Windows\System\rnzZEKR.exe
  C:\Windows\System\rnzZEKR.exe
  2⤵
  PID:8224
- C:\Windows\System\RrBrBdZ.exe
  C:\Windows\System\RrBrBdZ.exe
  2⤵
  PID:8272
- C:\Windows\System\QbIoQIr.exe
  C:\Windows\System\QbIoQIr.exe
  2⤵
  PID:8288
- C:\Windows\System\ueVuDzr.exe
  C:\Windows\System\ueVuDzr.exe
  2⤵
  PID:8380
- C:\Windows\System\WZYSZUN.exe
  C:\Windows\System\WZYSZUN.exe
  2⤵
  PID:8416
- C:\Windows\System\HxSHaIj.exe
  C:\Windows\System\HxSHaIj.exe
  2⤵
  PID:8396
- C:\Windows\System\CateYYZ.exe
  C:\Windows\System\CateYYZ.exe
  2⤵
  PID:8444
- C:\Windows\System\GKMkRPC.exe
  C:\Windows\System\GKMkRPC.exe
  2⤵
  PID:7232
- C:\Windows\System\nyvRsgZ.exe
  C:\Windows\System\nyvRsgZ.exe
  2⤵
  PID:8480
- C:\Windows\System\SITCkrN.exe
  C:\Windows\System\SITCkrN.exe
  2⤵
  PID:8512
- C:\Windows\System\qPiSXMI.exe
  C:\Windows\System\qPiSXMI.exe
  2⤵
  PID:8576
- C:\Windows\System\RmsMdOk.exe
  C:\Windows\System\RmsMdOk.exe
  2⤵
  PID:8528
- C:\Windows\System\nKEryOi.exe
  C:\Windows\System\nKEryOi.exe
  2⤵
  PID:8624
- C:\Windows\System\HDdSgkd.exe
  C:\Windows\System\HDdSgkd.exe
  2⤵
  PID:8656
- C:\Windows\System\ZcyQNXW.exe
  C:\Windows\System\ZcyQNXW.exe
  2⤵
  PID:8676
- C:\Windows\System\nBAdOjR.exe
  C:\Windows\System\nBAdOjR.exe
  2⤵
  PID:8688
- C:\Windows\System\QkSWPcO.exe
  C:\Windows\System\QkSWPcO.exe
  2⤵
  PID:8720
- C:\Windows\System\lHoArFG.exe
  C:\Windows\System\lHoArFG.exe
  2⤵
  PID:8772
- C:\Windows\System\jLAzcwD.exe
  C:\Windows\System\jLAzcwD.exe
  2⤵
  PID:8820
- C:\Windows\System\QztdolB.exe
  C:\Windows\System\QztdolB.exe
  2⤵
  PID:8804
- C:\Windows\System\paPONdE.exe
  C:\Windows\System\paPONdE.exe
  2⤵
  PID:8832
- C:\Windows\System\nGhpRXx.exe
  C:\Windows\System\nGhpRXx.exe
  2⤵
  PID:8900
- C:\Windows\System\EWMLSNq.exe
  C:\Windows\System\EWMLSNq.exe
  2⤵
  PID:8964
- C:\Windows\System\JbopaEo.exe
  C:\Windows\System\JbopaEo.exe
  2⤵
  PID:8880
- C:\Windows\System\WXdlczo.exe
  C:\Windows\System\WXdlczo.exe
  2⤵
  PID:9008
- C:\Windows\System\EwJiJGt.exe
  C:\Windows\System\EwJiJGt.exe
  2⤵
  PID:9040
- C:\Windows\System\BpoqaRJ.exe
  C:\Windows\System\BpoqaRJ.exe
  2⤵
  PID:9060
- C:\Windows\System\ytDqVth.exe
  C:\Windows\System\ytDqVth.exe
  2⤵
  PID:9124
- C:\Windows\System\hTEqcsZ.exe
  C:\Windows\System\hTEqcsZ.exe
  2⤵
  PID:9188
- C:\Windows\System\krMPnuH.exe
  C:\Windows\System\krMPnuH.exe
  2⤵
  PID:9076
- C:\Windows\System\RqNVIir.exe
  C:\Windows\System\RqNVIir.exe
  2⤵
  PID:9200
- C:\Windows\System\FFtliBz.exe
  C:\Windows\System\FFtliBz.exe
  2⤵
  PID:9168
- C:\Windows\System\JaBBXPT.exe
  C:\Windows\System\JaBBXPT.exe
  2⤵
  PID:8268
- C:\Windows\System\jbsBKZY.exe
  C:\Windows\System\jbsBKZY.exe
  2⤵
  PID:8368
- C:\Windows\System\HNpPRkM.exe
  C:\Windows\System\HNpPRkM.exe
  2⤵
  PID:8508
- C:\Windows\System\uIrSlYg.exe
  C:\Windows\System\uIrSlYg.exe
  2⤵
  PID:7476
- C:\Windows\System\FNFkBIy.exe
  C:\Windows\System\FNFkBIy.exe
  2⤵
  PID:8412
- C:\Windows\System\jlRqJvu.exe
  C:\Windows\System\jlRqJvu.exe
  2⤵
  PID:8464
- C:\Windows\System\TrUlJOL.exe
  C:\Windows\System\TrUlJOL.exe
  2⤵
  PID:8640
- C:\Windows\System\HJzOPiy.exe
  C:\Windows\System\HJzOPiy.exe
  2⤵
  PID:8692
- C:\Windows\System\vNznfDt.exe
  C:\Windows\System\vNznfDt.exe
  2⤵
  PID:8816
- C:\Windows\System\RfsSklb.exe
  C:\Windows\System\RfsSklb.exe
  2⤵
  PID:9024
- C:\Windows\System\pTmJUKu.exe
  C:\Windows\System\pTmJUKu.exe
  2⤵
  PID:8784
- C:\Windows\System\BsEtbhx.exe
  C:\Windows\System\BsEtbhx.exe
  2⤵
  PID:8932
- C:\Windows\System\fXhZwoB.exe
  C:\Windows\System\fXhZwoB.exe
  2⤵
  PID:8944
- C:\Windows\System\slxQffR.exe
  C:\Windows\System\slxQffR.exe
  2⤵
  PID:9156
- C:\Windows\System\tCAiYwP.exe
  C:\Windows\System\tCAiYwP.exe
  2⤵
  PID:8164
- C:\Windows\System\npRykYB.exe
  C:\Windows\System\npRykYB.exe
  2⤵
  PID:9120
- C:\Windows\System\pBxDrbZ.exe
  C:\Windows\System\pBxDrbZ.exe
  2⤵
  PID:8220
- C:\Windows\System\kKgyMwi.exe
  C:\Windows\System\kKgyMwi.exe
  2⤵
  PID:8284
- C:\Windows\System\KnhWuqo.exe
  C:\Windows\System\KnhWuqo.exe
  2⤵
  PID:8544
- C:\Windows\System\RWbmGoO.exe
  C:\Windows\System\RWbmGoO.exe
  2⤵
  PID:8756
- C:\Windows\System\TsaMVRA.exe
  C:\Windows\System\TsaMVRA.exe
  2⤵
  PID:8976
- C:\Windows\System\RERhAUF.exe
  C:\Windows\System\RERhAUF.exe
  2⤵
  PID:9072
- C:\Windows\System\UDMRAnK.exe
  C:\Windows\System\UDMRAnK.exe
  2⤵
  PID:9224
- C:\Windows\System\BZGqBVc.exe
  C:\Windows\System\BZGqBVc.exe
  2⤵
  PID:9240
- C:\Windows\System\txqYhqy.exe
  C:\Windows\System\txqYhqy.exe
  2⤵
  PID:9256
- C:\Windows\System\sAvdXOe.exe
  C:\Windows\System\sAvdXOe.exe
  2⤵
  PID:9272
- C:\Windows\System\HvsyIrL.exe
  C:\Windows\System\HvsyIrL.exe
  2⤵
  PID:9288
- C:\Windows\System\esUZPTJ.exe
  C:\Windows\System\esUZPTJ.exe
  2⤵
  PID:9304
- C:\Windows\System\uaGBMFO.exe
  C:\Windows\System\uaGBMFO.exe
  2⤵
  PID:9320
- C:\Windows\System\JeDTxXL.exe
  C:\Windows\System\JeDTxXL.exe
  2⤵
  PID:9336
- C:\Windows\System\lzdqdjI.exe
  C:\Windows\System\lzdqdjI.exe
  2⤵
  PID:9352
- C:\Windows\System\NsuIuDJ.exe
  C:\Windows\System\NsuIuDJ.exe
  2⤵
  PID:9368
- C:\Windows\System\VNZctmJ.exe
  C:\Windows\System\VNZctmJ.exe
  2⤵
  PID:9384
- C:\Windows\System\zaexqwT.exe
  C:\Windows\System\zaexqwT.exe
  2⤵
  PID:9400
- C:\Windows\System\BAdfMLV.exe
  C:\Windows\System\BAdfMLV.exe
  2⤵
  PID:9416
- C:\Windows\System\XWBSSYF.exe
  C:\Windows\System\XWBSSYF.exe
  2⤵
  PID:9432
- C:\Windows\System\aKbkiby.exe
  C:\Windows\System\aKbkiby.exe
  2⤵
  PID:9448
- C:\Windows\System\IBCsmcg.exe
  C:\Windows\System\IBCsmcg.exe
  2⤵
  PID:9464
- C:\Windows\System\AbQCzcX.exe
  C:\Windows\System\AbQCzcX.exe
  2⤵
  PID:9480
- C:\Windows\System\MnYQijd.exe
  C:\Windows\System\MnYQijd.exe
  2⤵
  PID:9496
- C:\Windows\System\RsKaOJK.exe
  C:\Windows\System\RsKaOJK.exe
  2⤵
  PID:9512
- C:\Windows\System\DIpIDQP.exe
  C:\Windows\System\DIpIDQP.exe
  2⤵
  PID:9528
- C:\Windows\System\pAYlDDD.exe
  C:\Windows\System\pAYlDDD.exe
  2⤵
  PID:9544
- C:\Windows\System\eEzdOdz.exe
  C:\Windows\System\eEzdOdz.exe
  2⤵
  PID:9560
- C:\Windows\System\SCtZgig.exe
  C:\Windows\System\SCtZgig.exe
  2⤵
  PID:9576
- C:\Windows\System\vbwnVAS.exe
  C:\Windows\System\vbwnVAS.exe
  2⤵
  PID:9592
- C:\Windows\System\kxeSWcl.exe
  C:\Windows\System\kxeSWcl.exe
  2⤵
  PID:9608
- C:\Windows\System\quKFGCP.exe
  C:\Windows\System\quKFGCP.exe
  2⤵
  PID:9624
- C:\Windows\System\prYdvyG.exe
  C:\Windows\System\prYdvyG.exe
  2⤵
  PID:9640
- C:\Windows\System\zQtMttM.exe
  C:\Windows\System\zQtMttM.exe
  2⤵
  PID:9656
- C:\Windows\System\hScElqw.exe
  C:\Windows\System\hScElqw.exe
  2⤵
  PID:9672
- C:\Windows\System\iSuwkTR.exe
  C:\Windows\System\iSuwkTR.exe
  2⤵
  PID:9688
- C:\Windows\System\PtCpMtZ.exe
  C:\Windows\System\PtCpMtZ.exe
  2⤵
  PID:9704
- C:\Windows\System\GfFmUtH.exe
  C:\Windows\System\GfFmUtH.exe
  2⤵
  PID:9720
- C:\Windows\System\bEksRcm.exe
  C:\Windows\System\bEksRcm.exe
  2⤵
  PID:9736
- C:\Windows\System\WyIgbSZ.exe
  C:\Windows\System\WyIgbSZ.exe
  2⤵
  PID:9752
- C:\Windows\System\oGkQjjr.exe
  C:\Windows\System\oGkQjjr.exe
  2⤵
  PID:9768
- C:\Windows\System\REgRstx.exe
  C:\Windows\System\REgRstx.exe
  2⤵
  PID:9784
- C:\Windows\System\QUPgySy.exe
  C:\Windows\System\QUPgySy.exe
  2⤵
  PID:9800
- C:\Windows\System\usUoLwl.exe
  C:\Windows\System\usUoLwl.exe
  2⤵
  PID:9816
- C:\Windows\System\LyRPlhF.exe
  C:\Windows\System\LyRPlhF.exe
  2⤵
  PID:9832
- C:\Windows\System\DjUKspq.exe
  C:\Windows\System\DjUKspq.exe
  2⤵
  PID:9848
- C:\Windows\System\WHtzsKP.exe
  C:\Windows\System\WHtzsKP.exe
  2⤵
  PID:9872
- C:\Windows\System\ZYzUXra.exe
  C:\Windows\System\ZYzUXra.exe
  2⤵
  PID:9896
- C:\Windows\System\GvwXcuq.exe
  C:\Windows\System\GvwXcuq.exe
  2⤵
  PID:9912
- C:\Windows\System\OFXeZXV.exe
  C:\Windows\System\OFXeZXV.exe
  2⤵
  PID:9932
- C:\Windows\System\wqdWdnG.exe
  C:\Windows\System\wqdWdnG.exe
  2⤵
  PID:9948
- C:\Windows\System\mvhqNYR.exe
  C:\Windows\System\mvhqNYR.exe
  2⤵
  PID:9964
- C:\Windows\System\LfdANht.exe
  C:\Windows\System\LfdANht.exe
  2⤵
  PID:9984
- C:\Windows\System\rgCdJjG.exe
  C:\Windows\System\rgCdJjG.exe
  2⤵
  PID:10008
- C:\Windows\System\WoSNmna.exe
  C:\Windows\System\WoSNmna.exe
  2⤵
  PID:10024
- C:\Windows\System\yUSmxDm.exe
  C:\Windows\System\yUSmxDm.exe
  2⤵
  PID:10040
- C:\Windows\System\uoNVIVD.exe
  C:\Windows\System\uoNVIVD.exe
  2⤵
  PID:10056
- C:\Windows\System\VcbeZUA.exe
  C:\Windows\System\VcbeZUA.exe
  2⤵
  PID:10072
- C:\Windows\System\eIgZvPr.exe
  C:\Windows\System\eIgZvPr.exe
  2⤵
  PID:10088
- C:\Windows\System\bGoOjqY.exe
  C:\Windows\System\bGoOjqY.exe
  2⤵
  PID:10104
- C:\Windows\System\qnIqHIs.exe
  C:\Windows\System\qnIqHIs.exe
  2⤵
  PID:10120
- C:\Windows\System\ZhsKHYP.exe
  C:\Windows\System\ZhsKHYP.exe
  2⤵
  PID:10136
- C:\Windows\System\HRZTpoV.exe
  C:\Windows\System\HRZTpoV.exe
  2⤵
  PID:10152
- C:\Windows\System\nbEQvlR.exe
  C:\Windows\System\nbEQvlR.exe
  2⤵
  PID:10172
- C:\Windows\System\peoFbkY.exe
  C:\Windows\System\peoFbkY.exe
  2⤵
  PID:10188
- C:\Windows\System\bGsGeQg.exe
  C:\Windows\System\bGsGeQg.exe
  2⤵
  PID:10204
- C:\Windows\System\gkguhAF.exe
  C:\Windows\System\gkguhAF.exe
  2⤵
  PID:10220
- C:\Windows\System\OuWzfla.exe
  C:\Windows\System\OuWzfla.exe
  2⤵
  PID:10236
- C:\Windows\System\zMiqjKn.exe
  C:\Windows\System\zMiqjKn.exe
  2⤵
  PID:9028
- C:\Windows\System\QvCIvem.exe
  C:\Windows\System\QvCIvem.exe
  2⤵
  PID:9108
- C:\Windows\System\MxHLhUr.exe
  C:\Windows\System\MxHLhUr.exe
  2⤵
  PID:9264
- C:\Windows\System\OgFgbfV.exe
  C:\Windows\System\OgFgbfV.exe
  2⤵
  PID:9296
- C:\Windows\System\npxDmPi.exe
  C:\Windows\System\npxDmPi.exe
  2⤵
  PID:9220
- C:\Windows\System\csbFWLI.exe
  C:\Windows\System\csbFWLI.exe
  2⤵
  PID:8384
- C:\Windows\System\UQMuPtq.exe
  C:\Windows\System\UQMuPtq.exe
  2⤵
  PID:9252
- C:\Windows\System\EjkHWnK.exe
  C:\Windows\System\EjkHWnK.exe
  2⤵
  PID:9316
- C:\Windows\System\cFKBOOh.exe
  C:\Windows\System\cFKBOOh.exe
  2⤵
  PID:9380
- C:\Windows\System\mCPThQC.exe
  C:\Windows\System\mCPThQC.exe
  2⤵
  PID:9364
- C:\Windows\System\hWHjduS.exe
  C:\Windows\System\hWHjduS.exe
  2⤵
  PID:9328
- C:\Windows\System\nIRUfLx.exe
  C:\Windows\System\nIRUfLx.exe
  2⤵
  PID:9456
- C:\Windows\System\eUaFSrD.exe
  C:\Windows\System\eUaFSrD.exe
  2⤵
  PID:9520
- C:\Windows\System\jDUJvjz.exe
  C:\Windows\System\jDUJvjz.exe
  2⤵
  PID:9584
- C:\Windows\System\akoONSL.exe
  C:\Windows\System\akoONSL.exe
  2⤵
  PID:9600
- C:\Windows\System\jzkgSXt.exe
  C:\Windows\System\jzkgSXt.exe
  2⤵
  PID:9536
- C:\Windows\System\WxNpVSH.exe
  C:\Windows\System\WxNpVSH.exe
  2⤵
  PID:9472
- C:\Windows\System\USZeyKT.exe
  C:\Windows\System\USZeyKT.exe
  2⤵
  PID:9620
- C:\Windows\System\BArHmfn.exe
  C:\Windows\System\BArHmfn.exe
  2⤵
  PID:9664
- C:\Windows\System\bZlUFsM.exe
  C:\Windows\System\bZlUFsM.exe
  2⤵
  PID:9728
- C:\Windows\System\CvsJuLJ.exe
  C:\Windows\System\CvsJuLJ.exe
  2⤵
  PID:9792
- C:\Windows\System\ZeEunJl.exe
  C:\Windows\System\ZeEunJl.exe
  2⤵
  PID:9680
- C:\Windows\System\xuLqVtd.exe
  C:\Windows\System\xuLqVtd.exe
  2⤵
  PID:9744
- C:\Windows\System\FyHOEfo.exe
  C:\Windows\System\FyHOEfo.exe
  2⤵
  PID:9424
- C:\Windows\System\NdDVgWD.exe
  C:\Windows\System\NdDVgWD.exe
  2⤵
  PID:9892
- C:\Windows\System\COzinvF.exe
  C:\Windows\System\COzinvF.exe
  2⤵
  PID:9488
- C:\Windows\System\peJpgzv.exe
  C:\Windows\System\peJpgzv.exe
  2⤵
  PID:9540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AxpKNgL.exe

Filesize
6.0MB

MD5
60008270e47d29b0152b75c412955950

SHA1
d5bcae7d4f9b8059d8d402cdfc4ff28223f98c6d

SHA256
6532ce39d21d28ea7bbbf6d8fff727d86a5c6b3e7385e35043496745b0407366

SHA512
4eb1344b4ff8bc54c63fa2a359887208765823774bd1ed87a71b68ac042e2edc4f603ca42114b1f32447354251682ccd80029d5769560dc807573305ea54e14e

Download Submit
C:\Windows\system\DVKuTUF.exe

Filesize
6.0MB

MD5
1641ac7b7e87df7ac95d7c25b6397595

SHA1
f47880b1ac9f22a0c8a13f02a80268894d6e3fd3

SHA256
b95c99c2c1cfecbd05cf227044f2719f685af13c8cba738f50e45c1da15b063f

SHA512
d4103c20e61ebf914cfe38b7c6d83b2f3f523df248407f4b483f2fb3363dc190a50e08375643e32286b00e8211fc5a0b29f6e78e1261c3390a81526c6fe8f27c

Download Submit
C:\Windows\system\DtpsATo.exe

Filesize
6.0MB

MD5
accf5a2f68402188c34710d93fc65657

SHA1
3217a8d67e969dbeb6e4e006c0323afececbe1de

SHA256
ef18f041dde0bcf465d86152ad6bc52361eb84e1d5ee38cd0bdfc6a44df5aec9

SHA512
12603d9142edd728b91d65ea3b06240929e4cd40b5763d04f550adae500c91d3153776df1ba46f971108d33857fa968e8632ab66f0f8f84d500b9be0cb81cf84

Download Submit
C:\Windows\system\GoIivbu.exe

Filesize
6.0MB

MD5
a72ee2f6b593f884101c71f43271e98f

SHA1
955965b46e73dc26cbc8c5ce086c973845164789

SHA256
c7ac1b2b465d301e8ad8aac4cd02789bbab3be97ee76667bf9a5d78eb8bfb4ef

SHA512
844a4f1a4e0c827fc3244459c5701d0551eb9f739348dfaeb97ddd826f8d59466c7a3290c5bf64161195d0266698474ec7e441b15f0c0ce60f1c6b2fc3c689d2

Download Submit
C:\Windows\system\IakfRZy.exe

Filesize
6.0MB

MD5
330cff28abfd626b02e11f007e64eeb4

SHA1
6993ae11b715916aaea9f4ccf6f928c311997fad

SHA256
fd305888c8472b2613f0399a2d25b8efbc43287d9470624a6424a1f27ef59912

SHA512
e6f500a1d1c2fa733ceb52700899d4e0bef29e4509ba5879829a374751578713f6e8b3b6c848ba362f24df5812969a3d57a2f59ff86b50fd233ac6011349ac90

Download Submit
C:\Windows\system\JYkcEPH.exe

Filesize
6.0MB

MD5
7511112be283e029022c3b975e25f253

SHA1
6a5faea958f2fd5dd227e5cb7f43fcaed2890351

SHA256
f33c71a8d3af17cd08b01ff61752b6d7bf569ae6a0b2b45d2577d6fc7530bd5a

SHA512
09eafd29aea1ad2b96af19343ceb9732ca17245a3b393f1d4638b9f2a0667b9e83f64d884eb02ef01c8b4f4ae641967835fc28142f07549dfa3864d8d80d805f

Download Submit
C:\Windows\system\OogbSGr.exe

Filesize
6.0MB

MD5
b305f3a618148b40901215869ec8dbaa

SHA1
d1fc0fa93c342c95423a1cbf1146ebf957185f0e

SHA256
d0a110c75196c0f0e9e5bdb9a54524e80b915d33bf6f1370856272dbfbb0d73c

SHA512
91dd15128ec1f43dd860ced104671a1964d309a65a006f68c3920fd93dcdfc2f38496b2e1e2e295e48ffa41e4d16531ece1028bdec94af8d88cf6586614c8073

Download Submit
C:\Windows\system\PaakcpZ.exe

Filesize
6.0MB

MD5
bb95f488f906a56bbb0fff3d88fc2393

SHA1
77dde020ce97780ad6d0d4a31e2c631e5abe3ad7

SHA256
4c500e2c99088404ae268081fd98f5f266e0372d44342ad0737e72afc010c6de

SHA512
bbe1659c34bd9b978a00e0ab7afa2a6d2a3cd770bcf8ba4c63d0c89bce048c9bda1eccc3b98ee99afa2f3d93859d87651873d309ad6735cfd1e1895595df8718

Download Submit
C:\Windows\system\PhUSHvl.exe

Filesize
6.0MB

MD5
00d732372689be9cdd8d0c01faa23040

SHA1
8bceab3116f105dbcdff366688a3d4e172d170c2

SHA256
c63199afbd0ddd6498745d4ae6f3bd3583e410298b47a00290aeddda489abb05

SHA512
5991f7974468976f6db180723b4c4608c67d9d7bfcf0d6013808a1f38d76be36669c720a5f74d15d5b12ef0f4ebd6888d7f7a419314258d0bae1c3c8b7630403

Download Submit
C:\Windows\system\RLEGgOJ.exe

Filesize
6.0MB

MD5
e082b14206201ad5f75df60a0b16fe78

SHA1
09243fde01ce79033059cb9e9c555ab85992dcac

SHA256
8e3f6600d9aaa5415dc4b0da4fdb9dfb00f37746ce0a5102395d97a14e08783b

SHA512
304ba366a135b03fff30c04a1ec45c6e5b035e4ed727c83e7337a7f90047dfc889e09a01e1631515c3c790b3fe8291bc3b945ff691170ed734ba56a318fdcfb1

Download Submit
C:\Windows\system\TLvUipK.exe

Filesize
6.0MB

MD5
980139234f64925dc84a7eb22faefcdf

SHA1
3732276ae73534bbcc800d1d200ae4b789b49854

SHA256
1af8cf07cdec2a7e0575c72476236db2561b783209aa8e0a3e9fc679460b4686

SHA512
c5607d09a87986c7ac10d8b4e3c40c07531e5da2db08e4673647ff2d3afe77337b7cee9f51814eb32957cc471fd51a2af012f2b6f77b5fbec1806b3d0c436630

Download Submit
C:\Windows\system\VvgoLvp.exe

Filesize
6.0MB

MD5
731347b70834dae44677c741a9334ad1

SHA1
ca1a37b2794f004b946932d1005fd399fdc779f0

SHA256
7498129ec37a2c2459a47bca66e3deb5dca206737b59540c9a57a396ee730f36

SHA512
b5e73f2bfe3fb880748474568ea1842023162599448a1fa6636ecd22bead06f964cf60b45f45d414000e9ee1aff6b870526190d50193970f9fbb307d4cca462a

Download Submit
C:\Windows\system\ZKhiRah.exe

Filesize
6.0MB

MD5
44a5cbb952a94a56b0b218b2d3cd5e7d

SHA1
cad8b24a9f84b61fa7aab84f1cfc7ee4e24e15c7

SHA256
6c0a63b226955ef269dc92bf6cf4241d5ae5f01c90420630b13705184e0283da

SHA512
ba044f870e180283c0d4009b418f4d68835600a0620ef87b6809b4e5a1b3b9e4703429b20bd51f38e98510cb8c92805f81194c77d3cdf9f5e0c45cb8ad34c7be

Download Submit
C:\Windows\system\ZYXuoXN.exe

Filesize
6.0MB

MD5
7c47c6443a9957644535aa5b376dd275

SHA1
b4761f4636d2f5b8980c6e09f40a43d42cca5448

SHA256
26cb52c80059127b2e98ac8933353e189c4258a3cb9c278a321ba3f636214e56

SHA512
481d7805ef6a73829e07291ed2f2912af0aa503c75062970805deb630ca116e6a9bac3bb25804f2555cd7ee995f5ef2677048b9a512adb7ba06daf9608f14034

Download Submit
C:\Windows\system\ZygskyL.exe

Filesize
6.0MB

MD5
1c2f0b432c8e45856f54d54db403cf9a

SHA1
0c417f50245fce09e5591059fe855e6a1080c55a

SHA256
e752fd0662465705e0516902e0069c7657e9fb7bcf042c7bf61710211862e2bb

SHA512
0e8bff40cfcae8b727366bc2425c489900ef943dda7f476f92fcfcdb1608dea1c2c2e6b23db4411955d341326ddd7a5d09878e8e4facc066728dccb52e736c4f

Download Submit
C:\Windows\system\bZnHmxa.exe

Filesize
6.0MB

MD5
d9d8e7da91d0a4ed744a48b724f2f0d8

SHA1
5c76ce3f5387fd21a4d4470445df3fcf518109e6

SHA256
8c866fd6c5c57b5f6667b85196a335d1ce9f6186b45f652414ed478ffe443b37

SHA512
7cfd6215dca81fddcbedec72e832b070e964019c39db3932b433aa181179f71be4107fd9ae25013ee8f487c651cbe88e8c535a671554e3b6fed52a57ff663b6f

Download Submit
C:\Windows\system\eSZUzbE.exe

Filesize
6.0MB

MD5
6c40680901b38e77b4d8c08b32aad244

SHA1
f73eb3ae923485c4bd7919bc61964b766b419da3

SHA256
f3c54c6e1a6c77ee82573c3bd46ba55626423f82554e75ac4e32a7cac4c266ce

SHA512
1c2d606eeecb28d6419d1d7d6dcfaed86c9553ef600995def41b93a95882c1b5f77462c29e5d207b4ae8a3e714487eaa84f02274bd926f104a954ad25b358795

Download Submit
C:\Windows\system\fZFkFmN.exe

Filesize
6.0MB

MD5
40727fdbf69335f9a99e6a2a34bd13ea

SHA1
452eb261b79f7d463effb5cd7aa674147bf8278c

SHA256
ff7339f9529c7eedaa172499c8a80908f6dc20326c99b56c8adf9857e6e98502

SHA512
2c8c8b37e3e06f5f4806651b09a0ea0bcc05aa90a32dbffdb03220b9fb8fd47c0a89c8b8dc004a7cba7e90ebd530b6a46373728f3772774e76bcf100785dbe7d

Download Submit
C:\Windows\system\ghqWvCv.exe

Filesize
6.0MB

MD5
9a20b45c275d03fa0424854a6b42f34e

SHA1
c8ddda0543b11e0f2c4a3c2aad728edb37f339e4

SHA256
d969a984b71e278ea563824ecfd8018c187d9ef3da50a82b931c6b8ee989d5d7

SHA512
3aa384947d0c40feea12ef93003466a395493b26d912b45a1b978ea47eeb0e150a7e455714fd4ea2c07be607429f5c52efec59b9918fd999d90022af42666ac4

Download Submit
C:\Windows\system\jKxpZZZ.exe

Filesize
6.0MB

MD5
351535bddb2504c1c095fca5bee8cd43

SHA1
48aca6550601ca221abaf282fc6a82408a2ded16

SHA256
36880e583af6ba58e2d50cb19115f40a1a6d729732f30537f6833c410c4a580c

SHA512
f4e50f119473a9dd54fc2b782bb1fba77a5387cb2ad414aa477c5d1c5604277e7c692d749d85355823af8190329487c3c9f7dac9dfa484673609db491cbea47b

Download Submit
C:\Windows\system\nCdnvqa.exe

Filesize
6.0MB

MD5
8cc48c62c2309b17e7b2ae4ee25b54a3

SHA1
04b9e3bfee4a5bbfe3081127c24424428bf49dad

SHA256
b49302e27fe5f96697909ff767aac958a62d425029b769c64d7a9685abc5726f

SHA512
1ebd29de06404196ea46252395a9b719f52523faf1289727e2d89e7bb670ff00a6c8e6af46fbae1f3b8052994d96205d9d3abdbb9967f156c7429e9a5f6e208c

Download Submit
C:\Windows\system\qikoRyx.exe

Filesize
6.0MB

MD5
3ded8486dafd6559ce0906811bcdf620

SHA1
3ef4a71e8ef84958943c0d80db04ef7bfb427b25

SHA256
d4d4bce36576e0339aad5eb240bb0e195ba34c2f7f3b5a36481861838092b12f

SHA512
34ed634318f607d2469a7bafb351b61eea267e65a84f902813fa616162b4452a59214a5950f53ebd49f589cc67aa77fe3137604eb3a439a67bf11364cc8bf79d

Download Submit
C:\Windows\system\tHUEzsT.exe

Filesize
6.0MB

MD5
7f8e9abf39e7d57aac91fc811ce9dafd

SHA1
ebaf9886269968f3362c11b4fe3b966be26d7c25

SHA256
c5195a83574d89d00501408ba8ffda4eb58c3dd9397ea2b97208916c3960d587

SHA512
591601f0f581ac55ca78104c8c55d1dc8f6f65a3353d2936bda33d6ff39803369ada4c8325e09eca020e889086bf3d2b239246913d3d3f920c645ffe6f69c67b

Download Submit
C:\Windows\system\vLwftIS.exe

Filesize
6.0MB

MD5
4799694eddbf163f8c407b1d95b6e58d

SHA1
25c1e3266d79d2c5ec959c9c72dd3a3df53706c5

SHA256
474d7be5d92569c64af7b8bb93bf1eeaed8c4f4d796be999203402d7182456b8

SHA512
a7c0e6f643eba53f0111b18903e3f9026117abe0d83b271bab883946183894300dba37d0b6e2da3e4f29623d53bf2e85c0599e6fca270a21cb4a977aaeb3b2f7

Download Submit
C:\Windows\system\wzBRJKM.exe

Filesize
6.0MB

MD5
6229979482fbe09d182c4562deea3cd7

SHA1
aebe7213621f5d4cb6d74e5e7a21b7ab6a043498

SHA256
50b35fb61a0c69b08c0be4f6c87d5d7c10c4b6556c94aeebd607079a6cfd8c1a

SHA512
76083514382182920268c8b932f1d621f105034c60e118fc3ced7a81a56e1766fed01482892dd15f27eb0efe5598be1dd9f342499c1dc231dd17fa9d038cc37a

Download Submit
C:\Windows\system\yESYOuj.exe

Filesize
6.0MB

MD5
8c6e70a091c5d573df88be8e73a59737

SHA1
3bf2390944331227b7ece36c45a57f5a67ca713a

SHA256
8404dd91e028462bc58b2d0da520d48a6009a89a690d4efbca52b4925b1e78e7

SHA512
678f78eb7558a856eb33fa556d762015199cf73730fe562743b5923b36435cc917488556912d3aa1ea7caa26dd124a55e0eeda5b47daaca08566e19cc7d9f766

Download Submit
C:\Windows\system\yardabV.exe

Filesize
6.0MB

MD5
f8725ac172be2bf165f8218c9c7fec63

SHA1
f0f81749b2e26848a994bd6b9e6b1aa0ae9fe38e

SHA256
c2c26addc5b8595b52dc7323ab21ff6f72a4c8af4c9417cd0b05228fb4bcea4a

SHA512
8eadc8136f68c74e8bfad7f50d0cfa38fd47c9b107e5f97cedfc9abc61f7176f186fc1ef4d523baaeb216087b7c189518e2b7d00670a9a1600f6e9a0854087fc

Download Submit
C:\Windows\system\zEmcbgQ.exe

Filesize
6.0MB

MD5
4f3789a5c25ead5b5fca410229c55757

SHA1
ff12a56edfec5ee0b6ad52c4b43ee4e0aa3a44bc

SHA256
f646f19ce73791ffca11d5ed13756b959520592bb891b1f911603ddd2259d0e0

SHA512
79cfb39109ba0f6d8784cdd5146ec880be8d7280e75d5ec915f04703a824bb46a79f044d1f32ea53ad0cc3ca9a925eb6111a3dc5cd501e2bbf04b6c268953c06

Download Submit
C:\Windows\system\zUJNKgd.exe

Filesize
6.0MB

MD5
57f94c5723c48cf8c61dc8393e5c714f

SHA1
f46f518feb767b54e70fa8c55c1b25fef61da2fb

SHA256
8fbd87b603d44662a08bdc36b4fe1f9a6846c94a8f77a9c6958559267c366332

SHA512
d2f1ecccfe0130df4919672ef9701f58c5316ec150cbb8634a4dc01eafce5fef9c83b5a327f51efc1e07a43dc2e30fbbe9db3e8425d0226d9748d980941d270d

Download Submit
C:\Windows\system\zeyzuwB.exe

Filesize
6.0MB

MD5
820cb1f99c9c2625683abe895f7915f3

SHA1
9edf06ff0f5d4d1b68998c69d591260eb4417d48

SHA256
84528834032e519f21481e9858e04b8b385c78237917b56dbe69b2a4c7833870

SHA512
72a12bae6b0bf9712017ebea4b7944d2facdda8c9e145d0ef7107fc87ffa2e0d26e0b32b3cdc4859428971b293ba43d6eb44a94ba36a654a9e8b1efa4e6bc198

Download Submit
C:\Windows\system\zwnUYRY.exe

Filesize
6.0MB

MD5
a62a2090cd5c497405c46412553eea34

SHA1
4a7cdf14761ab42bfea1a6e487103317b65c1bd0

SHA256
3ea575a5fbaa9a2ebcec7187676bed0a8302d41cba7384c7af2bae6639610673

SHA512
1858b9a6133f1de307616502fcc3dc8945ad319db8aa9234cf36f10ad22d26d49a62addedbc8e46463846e77ffe52d80d7f58361d17514c39639421fcf752451

Download Submit
\Windows\system\fQgZmzx.exe

Filesize
6.0MB

MD5
03ddb7f7df51075ca45c495c78bae083

SHA1
1ea9a2135b222fbef8230683ce4113039924f59e

SHA256
803df638cd37bae2f66c162c2585838035e4a1b64f2ac470227252912364d24f

SHA512
e6ec8ae594d1b39e86d903e8b59c0391ba76b0a8ceb0232b3b3aedd602c2398aad3514f76f5f4ce89d3ac10b2b523baaf0f9dd2fc183043da65193ac40daf903

Download Submit
memory/2016-3994-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2016-57-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2024-71-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2024-3992-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2188-14-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-53-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-3748-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-9-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-89-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-3995-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-96-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2452-3996-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2532-60-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2532-20-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2532-35-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-30-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-517-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-676-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2532-52-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-0-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2532-50-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2532-8-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-99-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2532-92-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1583-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2532-67-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-26-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-86-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-93-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2532-79-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3993-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2620-65-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2624-43-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3742-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2728-22-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3751-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2728-59-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2744-28-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3741-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2744-64-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3749-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2760-85-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2760-55-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2896-82-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3997-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-73-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-42-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3991-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-76-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download