cobaltstrike | 782d50e7ce2874bb94ff47da88c2c8bebb9a0bf5d514ffe9d743cd2a3010ca09

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9031233a30af29227431c520fa0b4a5f
SHA1

a742bcaa96b088901db5d51c46b36b884890a793
SHA256

782d50e7ce2874bb94ff47da88c2c8bebb9a0bf5d514ffe9d743cd2a3010ca09
SHA512

d3cdf867c87c6a5558790b530535149eb1c88baed3e92b3232fad6214eb99050a1bb5b6d0b48e7bc7419ccf365354b1ac9bd678cb9812d9540e33de8b90c6304
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ac1-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c73-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d47-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0d-24.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-128.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-127.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-126.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017488-125.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-109.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-104.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-92.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-84.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c95-83.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-59.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174a6-58.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2644-0-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016ac1-8.dat	xmrig
behavioral1/files/0x0008000000016c73-12.dat	xmrig
behavioral1/files/0x0007000000016d47-39.dat	xmrig
behavioral1/memory/2712-37-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d0d-24.dat	xmrig
behavioral1/memory/2380-19-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2644-18-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019217-119.dat	xmrig
behavioral1/memory/2672-79-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x000500000001929a-151.dat	xmrig
behavioral1/files/0x0005000000019365-162.dat	xmrig
behavioral1/memory/2732-973-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2672-972-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2588-1190-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2712-727-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2644-720-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-154.dat	xmrig
behavioral1/files/0x0005000000019275-145.dat	xmrig
behavioral1/files/0x0005000000019268-138.dat	xmrig
behavioral1/files/0x0005000000019377-165.dat	xmrig
behavioral1/files/0x0005000000019319-157.dat	xmrig
behavioral1/files/0x000500000001926c-143.dat	xmrig
behavioral1/files/0x0005000000018697-128.dat	xmrig
behavioral1/files/0x0015000000018676-127.dat	xmrig
behavioral1/files/0x00060000000174c3-126.dat	xmrig
behavioral1/files/0x0008000000017488-125.dat	xmrig
behavioral1/files/0x0007000000016d36-124.dat	xmrig
behavioral1/files/0x0005000000019240-121.dat	xmrig
behavioral1/memory/2644-112-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f6-109.dat	xmrig
behavioral1/files/0x000600000001904c-104.dat	xmrig
behavioral1/files/0x00060000000190e1-101.dat	xmrig
behavioral1/memory/2796-96-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2732-95-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018f65-92.dat	xmrig
behavioral1/files/0x0006000000018c34-76.dat	xmrig
behavioral1/memory/2724-53-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2704-32-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2812-23-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x0005000000019259-131.dat	xmrig
behavioral1/files/0x00050000000191d2-118.dat	xmrig
behavioral1/memory/2176-108-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2588-100-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2112-87-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c44-86.dat	xmrig
behavioral1/files/0x00050000000187a2-85.dat	xmrig
behavioral1/files/0x0005000000018696-84.dat	xmrig
behavioral1/files/0x0008000000016c95-83.dat	xmrig
behavioral1/files/0x000600000001757f-59.dat	xmrig
behavioral1/files/0x00070000000174a6-58.dat	xmrig
behavioral1/memory/2712-3582-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2812-3581-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2724-3580-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2672-3579-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2176-3578-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2704-3577-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2380-3584-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2112-3583-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2796-3610-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2588-4074-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2732-4075-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2380	FLYYlvn.exe
2812	QQJHknf.exe
2704	FXUOOFk.exe
2712	lClBgLG.exe
2724	kygiofj.exe
2672	DLzCoyk.exe
2112	xaKsdhu.exe
2732	fJUVywV.exe
2796	DQSqLvD.exe
2588	XgvtKuC.exe
2176	oOdDWhg.exe
320	FdgllNI.exe
768	MupzPyb.exe
1496	EwgOjtj.exe
2848	vurmqaa.exe
2568	mxadHWx.exe
3068	scfWZEI.exe
1204	lvzsqVP.exe
2908	tdgwBql.exe
1236	TJOEpGm.exe
2364	IOamfNH.exe
832	edSHDvB.exe
1604	IBROvRp.exe
2276	XPnKHyE.exe
2856	ughVnBX.exe
1600	qYTwDpY.exe
2992	sTQjLkS.exe
2200	tqWUWYU.exe
2288	agkoNoR.exe
352	putmAXI.exe
1796	ykwvjwC.exe
2504	GqwruWl.exe
1156	FJulicM.exe
828	ZlONXEv.exe
2140	nrjLIXu.exe
1748	XESKqDE.exe
3004	dxfAiEw.exe
1684	RlIdEdO.exe
884	TuvERgU.exe
1472	ONbDTln.exe
2220	XMeLXcA.exe
1628	UWxxQUe.exe
1680	zaySjks.exe
2036	GbgSIIV.exe
2284	ZiFGYzD.exe
2932	tzrGRBL.exe
2488	tjaHeoZ.exe
1012	DCDiseG.exe
1736	qKPfvqw.exe
2304	UplZTsn.exe
980	JuUSTlX.exe
2308	OiZwyUX.exe
1868	SBvmiOH.exe
1972	pYaEOkn.exe
1532	uLPvJjL.exe
2804	SMKAQeI.exe
1648	syLIGxD.exe
2424	hCbHmeY.exe
1436	wxYMYOa.exe
2164	ZETqrbF.exe
1512	EdhtpKl.exe
2656	BHcadBU.exe
2772	kRiYsUA.exe
3020	etsDWys.exe

Loads dropped DLL 64 IoCs

pid	Process
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2644-0-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016ac1-8.dat	upx
behavioral1/files/0x0008000000016c73-12.dat	upx
behavioral1/files/0x0007000000016d47-39.dat	upx
behavioral1/memory/2712-37-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0007000000016d0d-24.dat	upx
behavioral1/memory/2380-19-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x0005000000019217-119.dat	upx
behavioral1/memory/2672-79-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x000500000001929a-151.dat	upx
behavioral1/files/0x0005000000019365-162.dat	upx
behavioral1/memory/2732-973-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2672-972-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2588-1190-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2712-727-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2644-720-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0005000000019278-154.dat	upx
behavioral1/files/0x0005000000019275-145.dat	upx
behavioral1/files/0x0005000000019268-138.dat	upx
behavioral1/files/0x0005000000019377-165.dat	upx
behavioral1/files/0x0005000000019319-157.dat	upx
behavioral1/files/0x000500000001926c-143.dat	upx
behavioral1/files/0x0005000000018697-128.dat	upx
behavioral1/files/0x0015000000018676-127.dat	upx
behavioral1/files/0x00060000000174c3-126.dat	upx
behavioral1/files/0x0008000000017488-125.dat	upx
behavioral1/files/0x0007000000016d36-124.dat	upx
behavioral1/files/0x0005000000019240-121.dat	upx
behavioral1/files/0x00050000000191f6-109.dat	upx
behavioral1/files/0x000600000001904c-104.dat	upx
behavioral1/files/0x00060000000190e1-101.dat	upx
behavioral1/memory/2796-96-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2732-95-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0006000000018f65-92.dat	upx
behavioral1/files/0x0006000000018c34-76.dat	upx
behavioral1/memory/2724-53-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2704-32-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2812-23-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x0005000000019259-131.dat	upx
behavioral1/files/0x00050000000191d2-118.dat	upx
behavioral1/memory/2176-108-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2588-100-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2112-87-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x0006000000018c44-86.dat	upx
behavioral1/files/0x00050000000187a2-85.dat	upx
behavioral1/files/0x0005000000018696-84.dat	upx
behavioral1/files/0x0008000000016c95-83.dat	upx
behavioral1/files/0x000600000001757f-59.dat	upx
behavioral1/files/0x00070000000174a6-58.dat	upx
behavioral1/memory/2712-3582-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2812-3581-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2724-3580-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2672-3579-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2176-3578-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2704-3577-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2380-3584-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2112-3583-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2796-3610-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2588-4074-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2732-4075-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kygiofj.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVfFGxf.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvojhRR.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNXnxEU.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDwPjeJ.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsmePYo.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXUsodT.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrvTRgc.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQAtehV.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdCeKDc.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRiQOlx.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBCCZAc.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdnrRzX.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OInsKnw.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdntTIi.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYioErm.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWftNRY.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DCcHFii.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlONXEv.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESeWOLQ.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpOcjjQ.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imsFXII.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmcALCJ.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ayeqHMX.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBNROnV.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaLhyxY.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZkkEaRx.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLNOahg.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVoplsQ.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGfAYJf.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEOdHmg.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOOdiFu.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfAHGVy.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZERiwtt.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzlIMpt.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVoLQMT.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzfqWNx.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcsUiAN.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCXpJcm.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MefWSEB.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjZLWHI.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyXQrhH.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdgwBql.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQkzkRr.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJoNmha.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYmVmHx.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQSyrZT.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQNMKTc.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxyBIax.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMrKADn.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJXZrtk.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nByInSS.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUHwaZR.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGbEzSS.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbJdLIv.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQNTfXM.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtGYWaA.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HONbkaz.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTjCpWo.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPxLJhc.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeeDQnq.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlCuUnD.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rczWLjT.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bMXSrbL.exe	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2380	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2644 wrote to memory of 2380	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2644 wrote to memory of 2380	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2644 wrote to memory of 2812	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2644 wrote to memory of 2812	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2644 wrote to memory of 2812	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2644 wrote to memory of 2704	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2644 wrote to memory of 2704	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2644 wrote to memory of 2704	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2644 wrote to memory of 2732	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2644 wrote to memory of 2732	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2644 wrote to memory of 2732	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2644 wrote to memory of 2712	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2644 wrote to memory of 2712	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2644 wrote to memory of 2712	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2644 wrote to memory of 2848	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2644 wrote to memory of 2848	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2644 wrote to memory of 2848	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2644 wrote to memory of 2724	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2644 wrote to memory of 2724	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2644 wrote to memory of 2724	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2644 wrote to memory of 2568	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2644 wrote to memory of 2568	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2644 wrote to memory of 2568	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2644 wrote to memory of 2672	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2644 wrote to memory of 2672	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2644 wrote to memory of 2672	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2644 wrote to memory of 3068	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2644 wrote to memory of 3068	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2644 wrote to memory of 3068	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2644 wrote to memory of 2112	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2644 wrote to memory of 2112	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2644 wrote to memory of 2112	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2644 wrote to memory of 1204	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2644 wrote to memory of 1204	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2644 wrote to memory of 1204	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2644 wrote to memory of 2796	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2644 wrote to memory of 2796	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2644 wrote to memory of 2796	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2644 wrote to memory of 2908	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2644 wrote to memory of 2908	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2644 wrote to memory of 2908	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2644 wrote to memory of 2588	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2644 wrote to memory of 2588	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2644 wrote to memory of 2588	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2644 wrote to memory of 2364	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2644 wrote to memory of 2364	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2644 wrote to memory of 2364	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2644 wrote to memory of 2176	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2644 wrote to memory of 2176	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2644 wrote to memory of 2176	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2644 wrote to memory of 832	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2644 wrote to memory of 832	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2644 wrote to memory of 832	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2644 wrote to memory of 320	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2644 wrote to memory of 320	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2644 wrote to memory of 320	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2644 wrote to memory of 1604	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2644 wrote to memory of 1604	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2644 wrote to memory of 1604	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2644 wrote to memory of 768	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2644 wrote to memory of 768	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2644 wrote to memory of 768	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2644 wrote to memory of 2276	2644	2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_9031233a30af29227431c520fa0b4a5f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\System\FLYYlvn.exe
  C:\Windows\System\FLYYlvn.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\QQJHknf.exe
  C:\Windows\System\QQJHknf.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\FXUOOFk.exe
  C:\Windows\System\FXUOOFk.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\fJUVywV.exe
  C:\Windows\System\fJUVywV.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\lClBgLG.exe
  C:\Windows\System\lClBgLG.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\vurmqaa.exe
  C:\Windows\System\vurmqaa.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\kygiofj.exe
  C:\Windows\System\kygiofj.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\mxadHWx.exe
  C:\Windows\System\mxadHWx.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\DLzCoyk.exe
  C:\Windows\System\DLzCoyk.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\scfWZEI.exe
  C:\Windows\System\scfWZEI.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\xaKsdhu.exe
  C:\Windows\System\xaKsdhu.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\lvzsqVP.exe
  C:\Windows\System\lvzsqVP.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\DQSqLvD.exe
  C:\Windows\System\DQSqLvD.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\tdgwBql.exe
  C:\Windows\System\tdgwBql.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\XgvtKuC.exe
  C:\Windows\System\XgvtKuC.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\IOamfNH.exe
  C:\Windows\System\IOamfNH.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\oOdDWhg.exe
  C:\Windows\System\oOdDWhg.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\edSHDvB.exe
  C:\Windows\System\edSHDvB.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\FdgllNI.exe
  C:\Windows\System\FdgllNI.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\IBROvRp.exe
  C:\Windows\System\IBROvRp.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\MupzPyb.exe
  C:\Windows\System\MupzPyb.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\XPnKHyE.exe
  C:\Windows\System\XPnKHyE.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\EwgOjtj.exe
  C:\Windows\System\EwgOjtj.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\ughVnBX.exe
  C:\Windows\System\ughVnBX.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\TJOEpGm.exe
  C:\Windows\System\TJOEpGm.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\agkoNoR.exe
  C:\Windows\System\agkoNoR.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\qYTwDpY.exe
  C:\Windows\System\qYTwDpY.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\putmAXI.exe
  C:\Windows\System\putmAXI.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\sTQjLkS.exe
  C:\Windows\System\sTQjLkS.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\ykwvjwC.exe
  C:\Windows\System\ykwvjwC.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\tqWUWYU.exe
  C:\Windows\System\tqWUWYU.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\FJulicM.exe
  C:\Windows\System\FJulicM.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\GqwruWl.exe
  C:\Windows\System\GqwruWl.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\TuvERgU.exe
  C:\Windows\System\TuvERgU.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\ZlONXEv.exe
  C:\Windows\System\ZlONXEv.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\ONbDTln.exe
  C:\Windows\System\ONbDTln.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\nrjLIXu.exe
  C:\Windows\System\nrjLIXu.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\XMeLXcA.exe
  C:\Windows\System\XMeLXcA.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\XESKqDE.exe
  C:\Windows\System\XESKqDE.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\UWxxQUe.exe
  C:\Windows\System\UWxxQUe.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\dxfAiEw.exe
  C:\Windows\System\dxfAiEw.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\zaySjks.exe
  C:\Windows\System\zaySjks.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\RlIdEdO.exe
  C:\Windows\System\RlIdEdO.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\GbgSIIV.exe
  C:\Windows\System\GbgSIIV.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ZiFGYzD.exe
  C:\Windows\System\ZiFGYzD.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\tzrGRBL.exe
  C:\Windows\System\tzrGRBL.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\tjaHeoZ.exe
  C:\Windows\System\tjaHeoZ.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\UplZTsn.exe
  C:\Windows\System\UplZTsn.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\DCDiseG.exe
  C:\Windows\System\DCDiseG.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\JuUSTlX.exe
  C:\Windows\System\JuUSTlX.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\qKPfvqw.exe
  C:\Windows\System\qKPfvqw.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\hCbHmeY.exe
  C:\Windows\System\hCbHmeY.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\OiZwyUX.exe
  C:\Windows\System\OiZwyUX.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\wxYMYOa.exe
  C:\Windows\System\wxYMYOa.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\SBvmiOH.exe
  C:\Windows\System\SBvmiOH.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\ZETqrbF.exe
  C:\Windows\System\ZETqrbF.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\pYaEOkn.exe
  C:\Windows\System\pYaEOkn.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\EdhtpKl.exe
  C:\Windows\System\EdhtpKl.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\uLPvJjL.exe
  C:\Windows\System\uLPvJjL.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\BHcadBU.exe
  C:\Windows\System\BHcadBU.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\SMKAQeI.exe
  C:\Windows\System\SMKAQeI.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\kRiYsUA.exe
  C:\Windows\System\kRiYsUA.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\syLIGxD.exe
  C:\Windows\System\syLIGxD.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\etsDWys.exe
  C:\Windows\System\etsDWys.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\fQNMKTc.exe
  C:\Windows\System\fQNMKTc.exe
  2⤵
  PID:1596
- C:\Windows\System\AHyqiwI.exe
  C:\Windows\System\AHyqiwI.exe
  2⤵
  PID:1664
- C:\Windows\System\SyhoIPv.exe
  C:\Windows\System\SyhoIPv.exe
  2⤵
  PID:1172
- C:\Windows\System\knPhaNu.exe
  C:\Windows\System\knPhaNu.exe
  2⤵
  PID:2756
- C:\Windows\System\CRjPfcw.exe
  C:\Windows\System\CRjPfcw.exe
  2⤵
  PID:2968
- C:\Windows\System\TYSPxpP.exe
  C:\Windows\System\TYSPxpP.exe
  2⤵
  PID:2352
- C:\Windows\System\xAPpIdb.exe
  C:\Windows\System\xAPpIdb.exe
  2⤵
  PID:556
- C:\Windows\System\jUhufLs.exe
  C:\Windows\System\jUhufLs.exe
  2⤵
  PID:3064
- C:\Windows\System\nvpzGKs.exe
  C:\Windows\System\nvpzGKs.exe
  2⤵
  PID:2156
- C:\Windows\System\lPqvfYo.exe
  C:\Windows\System\lPqvfYo.exe
  2⤵
  PID:3012
- C:\Windows\System\LyVNusA.exe
  C:\Windows\System\LyVNusA.exe
  2⤵
  PID:2372
- C:\Windows\System\opWujIe.exe
  C:\Windows\System\opWujIe.exe
  2⤵
  PID:800
- C:\Windows\System\wbtdJXW.exe
  C:\Windows\System\wbtdJXW.exe
  2⤵
  PID:1800
- C:\Windows\System\iIvFMTP.exe
  C:\Windows\System\iIvFMTP.exe
  2⤵
  PID:2408
- C:\Windows\System\oyQOFOu.exe
  C:\Windows\System\oyQOFOu.exe
  2⤵
  PID:2392
- C:\Windows\System\TpdQpov.exe
  C:\Windows\System\TpdQpov.exe
  2⤵
  PID:2988
- C:\Windows\System\yKxfxwe.exe
  C:\Windows\System\yKxfxwe.exe
  2⤵
  PID:1660
- C:\Windows\System\lbwbWYy.exe
  C:\Windows\System\lbwbWYy.exe
  2⤵
  PID:1016
- C:\Windows\System\jRUSSVN.exe
  C:\Windows\System\jRUSSVN.exe
  2⤵
  PID:1928
- C:\Windows\System\noFQAAh.exe
  C:\Windows\System\noFQAAh.exe
  2⤵
  PID:1652
- C:\Windows\System\zrvZLKj.exe
  C:\Windows\System\zrvZLKj.exe
  2⤵
  PID:2980
- C:\Windows\System\LQkrMjm.exe
  C:\Windows\System\LQkrMjm.exe
  2⤵
  PID:900
- C:\Windows\System\veOOXLB.exe
  C:\Windows\System\veOOXLB.exe
  2⤵
  PID:1432
- C:\Windows\System\KadfcRR.exe
  C:\Windows\System\KadfcRR.exe
  2⤵
  PID:1528
- C:\Windows\System\MsLrXrP.exe
  C:\Windows\System\MsLrXrP.exe
  2⤵
  PID:1612
- C:\Windows\System\bPFmldq.exe
  C:\Windows\System\bPFmldq.exe
  2⤵
  PID:1408
- C:\Windows\System\opQvXtL.exe
  C:\Windows\System\opQvXtL.exe
  2⤵
  PID:2560
- C:\Windows\System\VvYehyd.exe
  C:\Windows\System\VvYehyd.exe
  2⤵
  PID:1816
- C:\Windows\System\fSrTvlF.exe
  C:\Windows\System\fSrTvlF.exe
  2⤵
  PID:892
- C:\Windows\System\JrLAeWa.exe
  C:\Windows\System\JrLAeWa.exe
  2⤵
  PID:2016
- C:\Windows\System\iESGsol.exe
  C:\Windows\System\iESGsol.exe
  2⤵
  PID:2808
- C:\Windows\System\rDdPpSJ.exe
  C:\Windows\System\rDdPpSJ.exe
  2⤵
  PID:1732
- C:\Windows\System\ikYZPnH.exe
  C:\Windows\System\ikYZPnH.exe
  2⤵
  PID:1688
- C:\Windows\System\LOErHTe.exe
  C:\Windows\System\LOErHTe.exe
  2⤵
  PID:2432
- C:\Windows\System\iRkXlFn.exe
  C:\Windows\System\iRkXlFn.exe
  2⤵
  PID:3088
- C:\Windows\System\CnBSXHp.exe
  C:\Windows\System\CnBSXHp.exe
  2⤵
  PID:3104
- C:\Windows\System\uQeWZsL.exe
  C:\Windows\System\uQeWZsL.exe
  2⤵
  PID:3120
- C:\Windows\System\SKwKBMx.exe
  C:\Windows\System\SKwKBMx.exe
  2⤵
  PID:3136
- C:\Windows\System\dwpiswK.exe
  C:\Windows\System\dwpiswK.exe
  2⤵
  PID:3152
- C:\Windows\System\lGMGhHO.exe
  C:\Windows\System\lGMGhHO.exe
  2⤵
  PID:3168
- C:\Windows\System\pLGaJox.exe
  C:\Windows\System\pLGaJox.exe
  2⤵
  PID:3184
- C:\Windows\System\WsTlMwo.exe
  C:\Windows\System\WsTlMwo.exe
  2⤵
  PID:3200
- C:\Windows\System\FJJYssL.exe
  C:\Windows\System\FJJYssL.exe
  2⤵
  PID:3216
- C:\Windows\System\xDxFfym.exe
  C:\Windows\System\xDxFfym.exe
  2⤵
  PID:3232
- C:\Windows\System\VjsRjSg.exe
  C:\Windows\System\VjsRjSg.exe
  2⤵
  PID:3248
- C:\Windows\System\HcrTpqU.exe
  C:\Windows\System\HcrTpqU.exe
  2⤵
  PID:3264
- C:\Windows\System\xafXxlh.exe
  C:\Windows\System\xafXxlh.exe
  2⤵
  PID:3280
- C:\Windows\System\xIqosjN.exe
  C:\Windows\System\xIqosjN.exe
  2⤵
  PID:3296
- C:\Windows\System\fLONbrZ.exe
  C:\Windows\System\fLONbrZ.exe
  2⤵
  PID:3312
- C:\Windows\System\LZiKewB.exe
  C:\Windows\System\LZiKewB.exe
  2⤵
  PID:3328
- C:\Windows\System\UwQosEm.exe
  C:\Windows\System\UwQosEm.exe
  2⤵
  PID:3344
- C:\Windows\System\LtGYWaA.exe
  C:\Windows\System\LtGYWaA.exe
  2⤵
  PID:3360
- C:\Windows\System\vPZXcoy.exe
  C:\Windows\System\vPZXcoy.exe
  2⤵
  PID:3376
- C:\Windows\System\LGsAsJU.exe
  C:\Windows\System\LGsAsJU.exe
  2⤵
  PID:3392
- C:\Windows\System\FGDbvQs.exe
  C:\Windows\System\FGDbvQs.exe
  2⤵
  PID:3408
- C:\Windows\System\kfrcqSX.exe
  C:\Windows\System\kfrcqSX.exe
  2⤵
  PID:3424
- C:\Windows\System\iutThYS.exe
  C:\Windows\System\iutThYS.exe
  2⤵
  PID:3440
- C:\Windows\System\TbUOgjB.exe
  C:\Windows\System\TbUOgjB.exe
  2⤵
  PID:3456
- C:\Windows\System\VHzjvjB.exe
  C:\Windows\System\VHzjvjB.exe
  2⤵
  PID:3472
- C:\Windows\System\uiwajUj.exe
  C:\Windows\System\uiwajUj.exe
  2⤵
  PID:3488
- C:\Windows\System\tYqoIhI.exe
  C:\Windows\System\tYqoIhI.exe
  2⤵
  PID:3504
- C:\Windows\System\HONbkaz.exe
  C:\Windows\System\HONbkaz.exe
  2⤵
  PID:3520
- C:\Windows\System\koLpEuQ.exe
  C:\Windows\System\koLpEuQ.exe
  2⤵
  PID:3536
- C:\Windows\System\lOZSvko.exe
  C:\Windows\System\lOZSvko.exe
  2⤵
  PID:3552
- C:\Windows\System\KiMuSGd.exe
  C:\Windows\System\KiMuSGd.exe
  2⤵
  PID:3568
- C:\Windows\System\fUehkRH.exe
  C:\Windows\System\fUehkRH.exe
  2⤵
  PID:3584
- C:\Windows\System\DzfqWNx.exe
  C:\Windows\System\DzfqWNx.exe
  2⤵
  PID:3600
- C:\Windows\System\aZEGmsP.exe
  C:\Windows\System\aZEGmsP.exe
  2⤵
  PID:3616
- C:\Windows\System\bStUjmT.exe
  C:\Windows\System\bStUjmT.exe
  2⤵
  PID:3632
- C:\Windows\System\gCrpKBg.exe
  C:\Windows\System\gCrpKBg.exe
  2⤵
  PID:3648
- C:\Windows\System\oGIdwlj.exe
  C:\Windows\System\oGIdwlj.exe
  2⤵
  PID:3664
- C:\Windows\System\Hpofpks.exe
  C:\Windows\System\Hpofpks.exe
  2⤵
  PID:3680
- C:\Windows\System\sDJJLen.exe
  C:\Windows\System\sDJJLen.exe
  2⤵
  PID:3696
- C:\Windows\System\lgBDeMz.exe
  C:\Windows\System\lgBDeMz.exe
  2⤵
  PID:3712
- C:\Windows\System\cNYGlKk.exe
  C:\Windows\System\cNYGlKk.exe
  2⤵
  PID:3728
- C:\Windows\System\wzUCntd.exe
  C:\Windows\System\wzUCntd.exe
  2⤵
  PID:3744
- C:\Windows\System\MhPdUQE.exe
  C:\Windows\System\MhPdUQE.exe
  2⤵
  PID:3760
- C:\Windows\System\cPlLxwF.exe
  C:\Windows\System\cPlLxwF.exe
  2⤵
  PID:3776
- C:\Windows\System\XZImEhT.exe
  C:\Windows\System\XZImEhT.exe
  2⤵
  PID:3792
- C:\Windows\System\WWEZUrc.exe
  C:\Windows\System\WWEZUrc.exe
  2⤵
  PID:3808
- C:\Windows\System\mXyBsyV.exe
  C:\Windows\System\mXyBsyV.exe
  2⤵
  PID:3824
- C:\Windows\System\SwGjKFI.exe
  C:\Windows\System\SwGjKFI.exe
  2⤵
  PID:3840
- C:\Windows\System\JrFvQJD.exe
  C:\Windows\System\JrFvQJD.exe
  2⤵
  PID:3856
- C:\Windows\System\ovLgUtl.exe
  C:\Windows\System\ovLgUtl.exe
  2⤵
  PID:3872
- C:\Windows\System\lGEqrXd.exe
  C:\Windows\System\lGEqrXd.exe
  2⤵
  PID:3888
- C:\Windows\System\oVMZsgE.exe
  C:\Windows\System\oVMZsgE.exe
  2⤵
  PID:3904
- C:\Windows\System\vhOQWkT.exe
  C:\Windows\System\vhOQWkT.exe
  2⤵
  PID:3920
- C:\Windows\System\dnNAzex.exe
  C:\Windows\System\dnNAzex.exe
  2⤵
  PID:3936
- C:\Windows\System\eVPTQrc.exe
  C:\Windows\System\eVPTQrc.exe
  2⤵
  PID:3952
- C:\Windows\System\vNikiOh.exe
  C:\Windows\System\vNikiOh.exe
  2⤵
  PID:3968
- C:\Windows\System\JdCdEdL.exe
  C:\Windows\System\JdCdEdL.exe
  2⤵
  PID:3984
- C:\Windows\System\rhCfJlW.exe
  C:\Windows\System\rhCfJlW.exe
  2⤵
  PID:4000
- C:\Windows\System\SPSLrWC.exe
  C:\Windows\System\SPSLrWC.exe
  2⤵
  PID:4016
- C:\Windows\System\gDIkrbu.exe
  C:\Windows\System\gDIkrbu.exe
  2⤵
  PID:4032
- C:\Windows\System\xuNeCGf.exe
  C:\Windows\System\xuNeCGf.exe
  2⤵
  PID:4048
- C:\Windows\System\TrsEFkp.exe
  C:\Windows\System\TrsEFkp.exe
  2⤵
  PID:4064
- C:\Windows\System\ESeWOLQ.exe
  C:\Windows\System\ESeWOLQ.exe
  2⤵
  PID:4080
- C:\Windows\System\tcZCyfW.exe
  C:\Windows\System\tcZCyfW.exe
  2⤵
  PID:2996
- C:\Windows\System\mPRNcZR.exe
  C:\Windows\System\mPRNcZR.exe
  2⤵
  PID:2872
- C:\Windows\System\rllCWUO.exe
  C:\Windows\System\rllCWUO.exe
  2⤵
  PID:2020
- C:\Windows\System\MxyBIax.exe
  C:\Windows\System\MxyBIax.exe
  2⤵
  PID:1120
- C:\Windows\System\OsczOSW.exe
  C:\Windows\System\OsczOSW.exe
  2⤵
  PID:748
- C:\Windows\System\RFbThUc.exe
  C:\Windows\System\RFbThUc.exe
  2⤵
  PID:2296
- C:\Windows\System\MNbqPqr.exe
  C:\Windows\System\MNbqPqr.exe
  2⤵
  PID:2316
- C:\Windows\System\fuLtUDe.exe
  C:\Windows\System\fuLtUDe.exe
  2⤵
  PID:2108
- C:\Windows\System\EJgTVIl.exe
  C:\Windows\System\EJgTVIl.exe
  2⤵
  PID:2172
- C:\Windows\System\YLfbBrT.exe
  C:\Windows\System\YLfbBrT.exe
  2⤵
  PID:600
- C:\Windows\System\lfwyYzj.exe
  C:\Windows\System\lfwyYzj.exe
  2⤵
  PID:2596
- C:\Windows\System\JSywuxe.exe
  C:\Windows\System\JSywuxe.exe
  2⤵
  PID:572
- C:\Windows\System\lmVGUxs.exe
  C:\Windows\System\lmVGUxs.exe
  2⤵
  PID:3128
- C:\Windows\System\CpdJbRW.exe
  C:\Windows\System\CpdJbRW.exe
  2⤵
  PID:3192
- C:\Windows\System\BNOjWni.exe
  C:\Windows\System\BNOjWni.exe
  2⤵
  PID:2324
- C:\Windows\System\VUOuZiv.exe
  C:\Windows\System\VUOuZiv.exe
  2⤵
  PID:3080
- C:\Windows\System\hfsNXsN.exe
  C:\Windows\System\hfsNXsN.exe
  2⤵
  PID:3224
- C:\Windows\System\BIslaPW.exe
  C:\Windows\System\BIslaPW.exe
  2⤵
  PID:3256
- C:\Windows\System\ONPCCcU.exe
  C:\Windows\System\ONPCCcU.exe
  2⤵
  PID:3320
- C:\Windows\System\KpRWYVz.exe
  C:\Windows\System\KpRWYVz.exe
  2⤵
  PID:3384
- C:\Windows\System\HgTFonu.exe
  C:\Windows\System\HgTFonu.exe
  2⤵
  PID:3176
- C:\Windows\System\WLclYYo.exe
  C:\Windows\System\WLclYYo.exe
  2⤵
  PID:3480
- C:\Windows\System\LijBtaU.exe
  C:\Windows\System\LijBtaU.exe
  2⤵
  PID:3544
- C:\Windows\System\lwtkojG.exe
  C:\Windows\System\lwtkojG.exe
  2⤵
  PID:3240
- C:\Windows\System\cFPBscr.exe
  C:\Windows\System\cFPBscr.exe
  2⤵
  PID:3400
- C:\Windows\System\MeqgODN.exe
  C:\Windows\System\MeqgODN.exe
  2⤵
  PID:3336
- C:\Windows\System\UfWAdJq.exe
  C:\Windows\System\UfWAdJq.exe
  2⤵
  PID:3272
- C:\Windows\System\HHtMtAO.exe
  C:\Windows\System\HHtMtAO.exe
  2⤵
  PID:3576
- C:\Windows\System\nkLPDKF.exe
  C:\Windows\System\nkLPDKF.exe
  2⤵
  PID:3500
- C:\Windows\System\SOszdmt.exe
  C:\Windows\System\SOszdmt.exe
  2⤵
  PID:3612
- C:\Windows\System\rCuVxbr.exe
  C:\Windows\System\rCuVxbr.exe
  2⤵
  PID:3672
- C:\Windows\System\WsVNdbO.exe
  C:\Windows\System\WsVNdbO.exe
  2⤵
  PID:3736
- C:\Windows\System\lDjPkbo.exe
  C:\Windows\System\lDjPkbo.exe
  2⤵
  PID:3628
- C:\Windows\System\CmsYmQA.exe
  C:\Windows\System\CmsYmQA.exe
  2⤵
  PID:3688
- C:\Windows\System\arwpQKo.exe
  C:\Windows\System\arwpQKo.exe
  2⤵
  PID:3752
- C:\Windows\System\SlLlQot.exe
  C:\Windows\System\SlLlQot.exe
  2⤵
  PID:3804
- C:\Windows\System\yUrILFF.exe
  C:\Windows\System\yUrILFF.exe
  2⤵
  PID:3864
- C:\Windows\System\ItPzmQI.exe
  C:\Windows\System\ItPzmQI.exe
  2⤵
  PID:3928
- C:\Windows\System\eFHvThH.exe
  C:\Windows\System\eFHvThH.exe
  2⤵
  PID:3960
- C:\Windows\System\KMrKADn.exe
  C:\Windows\System\KMrKADn.exe
  2⤵
  PID:3852
- C:\Windows\System\UpMHeZb.exe
  C:\Windows\System\UpMHeZb.exe
  2⤵
  PID:3948
- C:\Windows\System\QbkuAOi.exe
  C:\Windows\System\QbkuAOi.exe
  2⤵
  PID:3992
- C:\Windows\System\RBokKSw.exe
  C:\Windows\System\RBokKSw.exe
  2⤵
  PID:4028
- C:\Windows\System\wmWDxGT.exe
  C:\Windows\System\wmWDxGT.exe
  2⤵
  PID:4092
- C:\Windows\System\ffcCevw.exe
  C:\Windows\System\ffcCevw.exe
  2⤵
  PID:4040
- C:\Windows\System\eNCfSKj.exe
  C:\Windows\System\eNCfSKj.exe
  2⤵
  PID:4076
- C:\Windows\System\MDeiJPz.exe
  C:\Windows\System\MDeiJPz.exe
  2⤵
  PID:2024
- C:\Windows\System\aRKQeDP.exe
  C:\Windows\System\aRKQeDP.exe
  2⤵
  PID:2256
- C:\Windows\System\TLAyLgd.exe
  C:\Windows\System\TLAyLgd.exe
  2⤵
  PID:824
- C:\Windows\System\dNOwvKo.exe
  C:\Windows\System\dNOwvKo.exe
  2⤵
  PID:3100
- C:\Windows\System\ObfSoEC.exe
  C:\Windows\System\ObfSoEC.exe
  2⤵
  PID:2576
- C:\Windows\System\jYOvRoh.exe
  C:\Windows\System\jYOvRoh.exe
  2⤵
  PID:2620
- C:\Windows\System\TbOdwHa.exe
  C:\Windows\System\TbOdwHa.exe
  2⤵
  PID:2572
- C:\Windows\System\QEszxrx.exe
  C:\Windows\System\QEszxrx.exe
  2⤵
  PID:3292
- C:\Windows\System\XvhVHsL.exe
  C:\Windows\System\XvhVHsL.exe
  2⤵
  PID:3516
- C:\Windows\System\WVQMolG.exe
  C:\Windows\System\WVQMolG.exe
  2⤵
  PID:3276
- C:\Windows\System\KCPChte.exe
  C:\Windows\System\KCPChte.exe
  2⤵
  PID:3644
- C:\Windows\System\NLnbKNC.exe
  C:\Windows\System\NLnbKNC.exe
  2⤵
  PID:4112
- C:\Windows\System\FsVmUJP.exe
  C:\Windows\System\FsVmUJP.exe
  2⤵
  PID:4128
- C:\Windows\System\koebJDa.exe
  C:\Windows\System\koebJDa.exe
  2⤵
  PID:4144
- C:\Windows\System\QLXJIzT.exe
  C:\Windows\System\QLXJIzT.exe
  2⤵
  PID:4160
- C:\Windows\System\hpNzSvA.exe
  C:\Windows\System\hpNzSvA.exe
  2⤵
  PID:4176
- C:\Windows\System\juyZJDT.exe
  C:\Windows\System\juyZJDT.exe
  2⤵
  PID:4192
- C:\Windows\System\XUarZNJ.exe
  C:\Windows\System\XUarZNJ.exe
  2⤵
  PID:4208
- C:\Windows\System\jpOcjjQ.exe
  C:\Windows\System\jpOcjjQ.exe
  2⤵
  PID:4224
- C:\Windows\System\xwfKJPi.exe
  C:\Windows\System\xwfKJPi.exe
  2⤵
  PID:4240
- C:\Windows\System\xgQQETr.exe
  C:\Windows\System\xgQQETr.exe
  2⤵
  PID:4256
- C:\Windows\System\tbiQMRK.exe
  C:\Windows\System\tbiQMRK.exe
  2⤵
  PID:4272
- C:\Windows\System\jTjdCuH.exe
  C:\Windows\System\jTjdCuH.exe
  2⤵
  PID:4288
- C:\Windows\System\NXzJlCy.exe
  C:\Windows\System\NXzJlCy.exe
  2⤵
  PID:4304
- C:\Windows\System\fLiWKCb.exe
  C:\Windows\System\fLiWKCb.exe
  2⤵
  PID:4320
- C:\Windows\System\VdCeKDc.exe
  C:\Windows\System\VdCeKDc.exe
  2⤵
  PID:4340
- C:\Windows\System\MAJEEmt.exe
  C:\Windows\System\MAJEEmt.exe
  2⤵
  PID:4356
- C:\Windows\System\mUIBXzY.exe
  C:\Windows\System\mUIBXzY.exe
  2⤵
  PID:4372
- C:\Windows\System\ToNwxeQ.exe
  C:\Windows\System\ToNwxeQ.exe
  2⤵
  PID:4388
- C:\Windows\System\AkxLfNz.exe
  C:\Windows\System\AkxLfNz.exe
  2⤵
  PID:4404
- C:\Windows\System\xoBHbQh.exe
  C:\Windows\System\xoBHbQh.exe
  2⤵
  PID:4420
- C:\Windows\System\QlmxMYi.exe
  C:\Windows\System\QlmxMYi.exe
  2⤵
  PID:4436
- C:\Windows\System\hgvKZTs.exe
  C:\Windows\System\hgvKZTs.exe
  2⤵
  PID:4452
- C:\Windows\System\EmRoPYF.exe
  C:\Windows\System\EmRoPYF.exe
  2⤵
  PID:4468
- C:\Windows\System\FPyNBFS.exe
  C:\Windows\System\FPyNBFS.exe
  2⤵
  PID:4484
- C:\Windows\System\NyVNODI.exe
  C:\Windows\System\NyVNODI.exe
  2⤵
  PID:4500
- C:\Windows\System\fNCuZpN.exe
  C:\Windows\System\fNCuZpN.exe
  2⤵
  PID:4516
- C:\Windows\System\FftZIPH.exe
  C:\Windows\System\FftZIPH.exe
  2⤵
  PID:4532
- C:\Windows\System\MeosTIQ.exe
  C:\Windows\System\MeosTIQ.exe
  2⤵
  PID:4548
- C:\Windows\System\nVDpgas.exe
  C:\Windows\System\nVDpgas.exe
  2⤵
  PID:4564
- C:\Windows\System\YTjCpWo.exe
  C:\Windows\System\YTjCpWo.exe
  2⤵
  PID:4580
- C:\Windows\System\RoYSCFJ.exe
  C:\Windows\System\RoYSCFJ.exe
  2⤵
  PID:4596
- C:\Windows\System\opOpljz.exe
  C:\Windows\System\opOpljz.exe
  2⤵
  PID:4612
- C:\Windows\System\ZASsLYT.exe
  C:\Windows\System\ZASsLYT.exe
  2⤵
  PID:4628
- C:\Windows\System\SgLsFFt.exe
  C:\Windows\System\SgLsFFt.exe
  2⤵
  PID:4644
- C:\Windows\System\NJFjXou.exe
  C:\Windows\System\NJFjXou.exe
  2⤵
  PID:4660
- C:\Windows\System\MPjJxhw.exe
  C:\Windows\System\MPjJxhw.exe
  2⤵
  PID:4676
- C:\Windows\System\IxrThgr.exe
  C:\Windows\System\IxrThgr.exe
  2⤵
  PID:4692
- C:\Windows\System\EkyMJaB.exe
  C:\Windows\System\EkyMJaB.exe
  2⤵
  PID:4708
- C:\Windows\System\DHIqbGE.exe
  C:\Windows\System\DHIqbGE.exe
  2⤵
  PID:4724
- C:\Windows\System\KxhGVeT.exe
  C:\Windows\System\KxhGVeT.exe
  2⤵
  PID:4740
- C:\Windows\System\FZCtDIO.exe
  C:\Windows\System\FZCtDIO.exe
  2⤵
  PID:4756
- C:\Windows\System\HvJSeHW.exe
  C:\Windows\System\HvJSeHW.exe
  2⤵
  PID:4772
- C:\Windows\System\lzYqTrJ.exe
  C:\Windows\System\lzYqTrJ.exe
  2⤵
  PID:4788
- C:\Windows\System\ScMRDfm.exe
  C:\Windows\System\ScMRDfm.exe
  2⤵
  PID:4804
- C:\Windows\System\ktYuYpA.exe
  C:\Windows\System\ktYuYpA.exe
  2⤵
  PID:4820
- C:\Windows\System\MgWjzor.exe
  C:\Windows\System\MgWjzor.exe
  2⤵
  PID:4836
- C:\Windows\System\tFnLDrK.exe
  C:\Windows\System\tFnLDrK.exe
  2⤵
  PID:4852
- C:\Windows\System\rjDGXHi.exe
  C:\Windows\System\rjDGXHi.exe
  2⤵
  PID:4868
- C:\Windows\System\YPHyROn.exe
  C:\Windows\System\YPHyROn.exe
  2⤵
  PID:4884
- C:\Windows\System\rUOXYwz.exe
  C:\Windows\System\rUOXYwz.exe
  2⤵
  PID:4900
- C:\Windows\System\qVcuiQl.exe
  C:\Windows\System\qVcuiQl.exe
  2⤵
  PID:4916
- C:\Windows\System\bwZbakW.exe
  C:\Windows\System\bwZbakW.exe
  2⤵
  PID:4932
- C:\Windows\System\zFOdCmQ.exe
  C:\Windows\System\zFOdCmQ.exe
  2⤵
  PID:4948
- C:\Windows\System\BJhDqvR.exe
  C:\Windows\System\BJhDqvR.exe
  2⤵
  PID:4964
- C:\Windows\System\vPgWfyy.exe
  C:\Windows\System\vPgWfyy.exe
  2⤵
  PID:4980
- C:\Windows\System\rdqFhLk.exe
  C:\Windows\System\rdqFhLk.exe
  2⤵
  PID:4996
- C:\Windows\System\NdeIHwz.exe
  C:\Windows\System\NdeIHwz.exe
  2⤵
  PID:5012
- C:\Windows\System\BHhlGzC.exe
  C:\Windows\System\BHhlGzC.exe
  2⤵
  PID:5028
- C:\Windows\System\HFUooqb.exe
  C:\Windows\System\HFUooqb.exe
  2⤵
  PID:5044
- C:\Windows\System\DZOjalM.exe
  C:\Windows\System\DZOjalM.exe
  2⤵
  PID:5060
- C:\Windows\System\yIZoOFU.exe
  C:\Windows\System\yIZoOFU.exe
  2⤵
  PID:5076
- C:\Windows\System\oChSsfb.exe
  C:\Windows\System\oChSsfb.exe
  2⤵
  PID:5092
- C:\Windows\System\arcjvGU.exe
  C:\Windows\System\arcjvGU.exe
  2⤵
  PID:5108
- C:\Windows\System\IRNDsbC.exe
  C:\Windows\System\IRNDsbC.exe
  2⤵
  PID:3596
- C:\Windows\System\oolZlCj.exe
  C:\Windows\System\oolZlCj.exe
  2⤵
  PID:3836
- C:\Windows\System\IfneCNw.exe
  C:\Windows\System\IfneCNw.exe
  2⤵
  PID:3912
- C:\Windows\System\SXiWPWv.exe
  C:\Windows\System\SXiWPWv.exe
  2⤵
  PID:4012
- C:\Windows\System\mQkzkRr.exe
  C:\Windows\System\mQkzkRr.exe
  2⤵
  PID:2192
- C:\Windows\System\ywvCyHa.exe
  C:\Windows\System\ywvCyHa.exe
  2⤵
  PID:3160
- C:\Windows\System\VApuXPj.exe
  C:\Windows\System\VApuXPj.exe
  2⤵
  PID:532
- C:\Windows\System\qwITLiX.exe
  C:\Windows\System\qwITLiX.exe
  2⤵
  PID:3340
- C:\Windows\System\zMvGwAl.exe
  C:\Windows\System\zMvGwAl.exe
  2⤵
  PID:3244
- C:\Windows\System\DEhXSZk.exe
  C:\Windows\System\DEhXSZk.exe
  2⤵
  PID:3464
- C:\Windows\System\kkdrRpt.exe
  C:\Windows\System\kkdrRpt.exe
  2⤵
  PID:4156
- C:\Windows\System\CxavVwd.exe
  C:\Windows\System\CxavVwd.exe
  2⤵
  PID:3468
- C:\Windows\System\YrLZpyd.exe
  C:\Windows\System\YrLZpyd.exe
  2⤵
  PID:3660
- C:\Windows\System\uBNGMmV.exe
  C:\Windows\System\uBNGMmV.exe
  2⤵
  PID:3608
- C:\Windows\System\hndGiTU.exe
  C:\Windows\System\hndGiTU.exe
  2⤵
  PID:4252
- C:\Windows\System\VgLRvzm.exe
  C:\Windows\System\VgLRvzm.exe
  2⤵
  PID:4316
- C:\Windows\System\gGrVgYb.exe
  C:\Windows\System\gGrVgYb.exe
  2⤵
  PID:4296
- C:\Windows\System\GUyejfQ.exe
  C:\Windows\System\GUyejfQ.exe
  2⤵
  PID:4104
- C:\Windows\System\yxEERsJ.exe
  C:\Windows\System\yxEERsJ.exe
  2⤵
  PID:3116
- C:\Windows\System\SpEVtWG.exe
  C:\Windows\System\SpEVtWG.exe
  2⤵
  PID:2800
- C:\Windows\System\eHUJspd.exe
  C:\Windows\System\eHUJspd.exe
  2⤵
  PID:4008
- C:\Windows\System\rpNLABf.exe
  C:\Windows\System\rpNLABf.exe
  2⤵
  PID:3944
- C:\Windows\System\baINtUp.exe
  C:\Windows\System\baINtUp.exe
  2⤵
  PID:4232
- C:\Windows\System\wQqAPNk.exe
  C:\Windows\System\wQqAPNk.exe
  2⤵
  PID:4168
- C:\Windows\System\cygonmS.exe
  C:\Windows\System\cygonmS.exe
  2⤵
  PID:4352
- C:\Windows\System\IYmxnbk.exe
  C:\Windows\System\IYmxnbk.exe
  2⤵
  PID:4384
- C:\Windows\System\MeXobph.exe
  C:\Windows\System\MeXobph.exe
  2⤵
  PID:4448
- C:\Windows\System\QPxLJhc.exe
  C:\Windows\System\QPxLJhc.exe
  2⤵
  PID:4508
- C:\Windows\System\CdDwxzS.exe
  C:\Windows\System\CdDwxzS.exe
  2⤵
  PID:4512
- C:\Windows\System\uLtDHgU.exe
  C:\Windows\System\uLtDHgU.exe
  2⤵
  PID:4492
- C:\Windows\System\tnfXjHl.exe
  C:\Windows\System\tnfXjHl.exe
  2⤵
  PID:4604
- C:\Windows\System\tcBuSpJ.exe
  C:\Windows\System\tcBuSpJ.exe
  2⤵
  PID:4668
- C:\Windows\System\gQukzmG.exe
  C:\Windows\System\gQukzmG.exe
  2⤵
  PID:4588
- C:\Windows\System\OcFfRtn.exe
  C:\Windows\System\OcFfRtn.exe
  2⤵
  PID:4700
- C:\Windows\System\yJSxpII.exe
  C:\Windows\System\yJSxpII.exe
  2⤵
  PID:4688
- C:\Windows\System\KVhWSNM.exe
  C:\Windows\System\KVhWSNM.exe
  2⤵
  PID:4736
- C:\Windows\System\OyJUrnK.exe
  C:\Windows\System\OyJUrnK.exe
  2⤵
  PID:4748
- C:\Windows\System\MZlxElt.exe
  C:\Windows\System\MZlxElt.exe
  2⤵
  PID:4752
- C:\Windows\System\kdDulWE.exe
  C:\Windows\System\kdDulWE.exe
  2⤵
  PID:4828
- C:\Windows\System\tfCsZxp.exe
  C:\Windows\System\tfCsZxp.exe
  2⤵
  PID:4848
- C:\Windows\System\WmqPzBx.exe
  C:\Windows\System\WmqPzBx.exe
  2⤵
  PID:4876
- C:\Windows\System\byMipot.exe
  C:\Windows\System\byMipot.exe
  2⤵
  PID:4908
- C:\Windows\System\dnJYueT.exe
  C:\Windows\System\dnJYueT.exe
  2⤵
  PID:4944
- C:\Windows\System\bMXSrbL.exe
  C:\Windows\System\bMXSrbL.exe
  2⤵
  PID:4976
- C:\Windows\System\igcUWEL.exe
  C:\Windows\System\igcUWEL.exe
  2⤵
  PID:5004
- C:\Windows\System\KSjgNxI.exe
  C:\Windows\System\KSjgNxI.exe
  2⤵
  PID:5040
- C:\Windows\System\FeeDQnq.exe
  C:\Windows\System\FeeDQnq.exe
  2⤵
  PID:5088
- C:\Windows\System\FPSvmSO.exe
  C:\Windows\System\FPSvmSO.exe
  2⤵
  PID:3592
- C:\Windows\System\IVfFGxf.exe
  C:\Windows\System\IVfFGxf.exe
  2⤵
  PID:3884
- C:\Windows\System\yOnqneG.exe
  C:\Windows\System\yOnqneG.exe
  2⤵
  PID:608
- C:\Windows\System\OErHmKq.exe
  C:\Windows\System\OErHmKq.exe
  2⤵
  PID:3532
- C:\Windows\System\kTHwZXJ.exe
  C:\Windows\System\kTHwZXJ.exe
  2⤵
  PID:3368
- C:\Windows\System\tdJedhJ.exe
  C:\Windows\System\tdJedhJ.exe
  2⤵
  PID:3448
- C:\Windows\System\lqclCZc.exe
  C:\Windows\System\lqclCZc.exe
  2⤵
  PID:4216
- C:\Windows\System\VvojhRR.exe
  C:\Windows\System\VvojhRR.exe
  2⤵
  PID:4248
- C:\Windows\System\OOgELYQ.exe
  C:\Windows\System\OOgELYQ.exe
  2⤵
  PID:3704
- C:\Windows\System\axMYMKl.exe
  C:\Windows\System\axMYMKl.exe
  2⤵
  PID:4328
- C:\Windows\System\jnLQNbZ.exe
  C:\Windows\System\jnLQNbZ.exe
  2⤵
  PID:4044
- C:\Windows\System\pYxZPYn.exe
  C:\Windows\System\pYxZPYn.exe
  2⤵
  PID:4136
- C:\Windows\System\TJuEYVU.exe
  C:\Windows\System\TJuEYVU.exe
  2⤵
  PID:3916
- C:\Windows\System\zMwuIVP.exe
  C:\Windows\System\zMwuIVP.exe
  2⤵
  PID:4364
- C:\Windows\System\mtsHTuq.exe
  C:\Windows\System\mtsHTuq.exe
  2⤵
  PID:4524
- C:\Windows\System\MXBbuSR.exe
  C:\Windows\System\MXBbuSR.exe
  2⤵
  PID:4556
- C:\Windows\System\jBqsaey.exe
  C:\Windows\System\jBqsaey.exe
  2⤵
  PID:4768
- C:\Windows\System\pjCIZvL.exe
  C:\Windows\System\pjCIZvL.exe
  2⤵
  PID:4892
- C:\Windows\System\WUvLFYP.exe
  C:\Windows\System\WUvLFYP.exe
  2⤵
  PID:5020
- C:\Windows\System\pfvsnDm.exe
  C:\Windows\System\pfvsnDm.exe
  2⤵
  PID:3720
- C:\Windows\System\WwOdDBG.exe
  C:\Windows\System\WwOdDBG.exe
  2⤵
  PID:5124
- C:\Windows\System\xlbLmCM.exe
  C:\Windows\System\xlbLmCM.exe
  2⤵
  PID:5140
- C:\Windows\System\oMQjIts.exe
  C:\Windows\System\oMQjIts.exe
  2⤵
  PID:5156
- C:\Windows\System\LYVOCfe.exe
  C:\Windows\System\LYVOCfe.exe
  2⤵
  PID:5172
- C:\Windows\System\rgZkwis.exe
  C:\Windows\System\rgZkwis.exe
  2⤵
  PID:5188
- C:\Windows\System\vGAYriD.exe
  C:\Windows\System\vGAYriD.exe
  2⤵
  PID:5204
- C:\Windows\System\xuXcFnx.exe
  C:\Windows\System\xuXcFnx.exe
  2⤵
  PID:5220
- C:\Windows\System\VYPBxSG.exe
  C:\Windows\System\VYPBxSG.exe
  2⤵
  PID:5236
- C:\Windows\System\JhCtfsy.exe
  C:\Windows\System\JhCtfsy.exe
  2⤵
  PID:5252
- C:\Windows\System\wLKvAcy.exe
  C:\Windows\System\wLKvAcy.exe
  2⤵
  PID:5268
- C:\Windows\System\VkFAqqH.exe
  C:\Windows\System\VkFAqqH.exe
  2⤵
  PID:5284
- C:\Windows\System\yRgKgsM.exe
  C:\Windows\System\yRgKgsM.exe
  2⤵
  PID:5300
- C:\Windows\System\tJXZrtk.exe
  C:\Windows\System\tJXZrtk.exe
  2⤵
  PID:5316
- C:\Windows\System\PXwipuH.exe
  C:\Windows\System\PXwipuH.exe
  2⤵
  PID:5332
- C:\Windows\System\XuDMzkd.exe
  C:\Windows\System\XuDMzkd.exe
  2⤵
  PID:5348
- C:\Windows\System\FkaRgpK.exe
  C:\Windows\System\FkaRgpK.exe
  2⤵
  PID:5364
- C:\Windows\System\PMjfQbP.exe
  C:\Windows\System\PMjfQbP.exe
  2⤵
  PID:5380
- C:\Windows\System\cPdslEO.exe
  C:\Windows\System\cPdslEO.exe
  2⤵
  PID:5396
- C:\Windows\System\kTCqUlA.exe
  C:\Windows\System\kTCqUlA.exe
  2⤵
  PID:5412
- C:\Windows\System\tjJfyuM.exe
  C:\Windows\System\tjJfyuM.exe
  2⤵
  PID:5428
- C:\Windows\System\VvZmvQm.exe
  C:\Windows\System\VvZmvQm.exe
  2⤵
  PID:5444
- C:\Windows\System\HcfKLME.exe
  C:\Windows\System\HcfKLME.exe
  2⤵
  PID:5460
- C:\Windows\System\KjbYZIO.exe
  C:\Windows\System\KjbYZIO.exe
  2⤵
  PID:5476
- C:\Windows\System\bTLQoju.exe
  C:\Windows\System\bTLQoju.exe
  2⤵
  PID:5492
- C:\Windows\System\VCxtQEb.exe
  C:\Windows\System\VCxtQEb.exe
  2⤵
  PID:5508
- C:\Windows\System\OcgKXoN.exe
  C:\Windows\System\OcgKXoN.exe
  2⤵
  PID:5524
- C:\Windows\System\CydHxUN.exe
  C:\Windows\System\CydHxUN.exe
  2⤵
  PID:5540
- C:\Windows\System\tdMLyAE.exe
  C:\Windows\System\tdMLyAE.exe
  2⤵
  PID:5556
- C:\Windows\System\XcsUiAN.exe
  C:\Windows\System\XcsUiAN.exe
  2⤵
  PID:5572
- C:\Windows\System\rBpDitq.exe
  C:\Windows\System\rBpDitq.exe
  2⤵
  PID:5588
- C:\Windows\System\aDxvfnp.exe
  C:\Windows\System\aDxvfnp.exe
  2⤵
  PID:5604
- C:\Windows\System\oEjwUZI.exe
  C:\Windows\System\oEjwUZI.exe
  2⤵
  PID:5620
- C:\Windows\System\ectVyqN.exe
  C:\Windows\System\ectVyqN.exe
  2⤵
  PID:5636
- C:\Windows\System\lWxBPbV.exe
  C:\Windows\System\lWxBPbV.exe
  2⤵
  PID:5652
- C:\Windows\System\sRpInsr.exe
  C:\Windows\System\sRpInsr.exe
  2⤵
  PID:5668
- C:\Windows\System\joRQDHt.exe
  C:\Windows\System\joRQDHt.exe
  2⤵
  PID:5684
- C:\Windows\System\wLFEhOr.exe
  C:\Windows\System\wLFEhOr.exe
  2⤵
  PID:5700
- C:\Windows\System\udLtyxU.exe
  C:\Windows\System\udLtyxU.exe
  2⤵
  PID:5716
- C:\Windows\System\ANiqlBn.exe
  C:\Windows\System\ANiqlBn.exe
  2⤵
  PID:5732
- C:\Windows\System\wDroOYN.exe
  C:\Windows\System\wDroOYN.exe
  2⤵
  PID:5748
- C:\Windows\System\gEdqnfX.exe
  C:\Windows\System\gEdqnfX.exe
  2⤵
  PID:5764
- C:\Windows\System\gIdxArR.exe
  C:\Windows\System\gIdxArR.exe
  2⤵
  PID:5780
- C:\Windows\System\CXYbtEh.exe
  C:\Windows\System\CXYbtEh.exe
  2⤵
  PID:5796
- C:\Windows\System\WSFiaCv.exe
  C:\Windows\System\WSFiaCv.exe
  2⤵
  PID:5812
- C:\Windows\System\GGWvXAu.exe
  C:\Windows\System\GGWvXAu.exe
  2⤵
  PID:5828
- C:\Windows\System\NBSwJrS.exe
  C:\Windows\System\NBSwJrS.exe
  2⤵
  PID:5844
- C:\Windows\System\UsLhOPb.exe
  C:\Windows\System\UsLhOPb.exe
  2⤵
  PID:5860
- C:\Windows\System\bIpKqGe.exe
  C:\Windows\System\bIpKqGe.exe
  2⤵
  PID:5876
- C:\Windows\System\wAClEWj.exe
  C:\Windows\System\wAClEWj.exe
  2⤵
  PID:5892
- C:\Windows\System\vDPTToY.exe
  C:\Windows\System\vDPTToY.exe
  2⤵
  PID:5908
- C:\Windows\System\ILYPNeZ.exe
  C:\Windows\System\ILYPNeZ.exe
  2⤵
  PID:5924
- C:\Windows\System\YLEbRDf.exe
  C:\Windows\System\YLEbRDf.exe
  2⤵
  PID:5940
- C:\Windows\System\epCJnNT.exe
  C:\Windows\System\epCJnNT.exe
  2⤵
  PID:5956
- C:\Windows\System\McPmhag.exe
  C:\Windows\System\McPmhag.exe
  2⤵
  PID:5972
- C:\Windows\System\Rsgrreg.exe
  C:\Windows\System\Rsgrreg.exe
  2⤵
  PID:5988
- C:\Windows\System\CyoAkXX.exe
  C:\Windows\System\CyoAkXX.exe
  2⤵
  PID:6004
- C:\Windows\System\ajcQtoK.exe
  C:\Windows\System\ajcQtoK.exe
  2⤵
  PID:6020
- C:\Windows\System\tIQjBcZ.exe
  C:\Windows\System\tIQjBcZ.exe
  2⤵
  PID:6036
- C:\Windows\System\CGgLfRZ.exe
  C:\Windows\System\CGgLfRZ.exe
  2⤵
  PID:6052
- C:\Windows\System\nGWDpJu.exe
  C:\Windows\System\nGWDpJu.exe
  2⤵
  PID:6068
- C:\Windows\System\GsmePYo.exe
  C:\Windows\System\GsmePYo.exe
  2⤵
  PID:6084
- C:\Windows\System\pQsATnP.exe
  C:\Windows\System\pQsATnP.exe
  2⤵
  PID:6100
- C:\Windows\System\oCQEvew.exe
  C:\Windows\System\oCQEvew.exe
  2⤵
  PID:6116
- C:\Windows\System\uTloHDr.exe
  C:\Windows\System\uTloHDr.exe
  2⤵
  PID:6132
- C:\Windows\System\ZUyHUcQ.exe
  C:\Windows\System\ZUyHUcQ.exe
  2⤵
  PID:4124
- C:\Windows\System\IfYpcSV.exe
  C:\Windows\System\IfYpcSV.exe
  2⤵
  PID:3288
- C:\Windows\System\wdXFeGS.exe
  C:\Windows\System\wdXFeGS.exe
  2⤵
  PID:3900
- C:\Windows\System\YrIqLgi.exe
  C:\Windows\System\YrIqLgi.exe
  2⤵
  PID:4368
- C:\Windows\System\NRvLggi.exe
  C:\Windows\System\NRvLggi.exe
  2⤵
  PID:5068
- C:\Windows\System\uTiRikI.exe
  C:\Windows\System\uTiRikI.exe
  2⤵
  PID:5164
- C:\Windows\System\NDpgxGQ.exe
  C:\Windows\System\NDpgxGQ.exe
  2⤵
  PID:2664
- C:\Windows\System\KhsrdJc.exe
  C:\Windows\System\KhsrdJc.exe
  2⤵
  PID:5260
- C:\Windows\System\coqnTIB.exe
  C:\Windows\System\coqnTIB.exe
  2⤵
  PID:5324
- C:\Windows\System\AQqSlVw.exe
  C:\Windows\System\AQqSlVw.exe
  2⤵
  PID:5388
- C:\Windows\System\NnbkEou.exe
  C:\Windows\System\NnbkEou.exe
  2⤵
  PID:2552
- C:\Windows\System\qbEVmqq.exe
  C:\Windows\System\qbEVmqq.exe
  2⤵
  PID:5456
- C:\Windows\System\zSAbWie.exe
  C:\Windows\System\zSAbWie.exe
  2⤵
  PID:5520
- C:\Windows\System\VCuTnBp.exe
  C:\Windows\System\VCuTnBp.exe
  2⤵
  PID:5900
- C:\Windows\System\yPhdldx.exe
  C:\Windows\System\yPhdldx.exe
  2⤵
  PID:5936
- C:\Windows\System\eGRdqUo.exe
  C:\Windows\System\eGRdqUo.exe
  2⤵
  PID:6000
- C:\Windows\System\rCuQsRS.exe
  C:\Windows\System\rCuQsRS.exe
  2⤵
  PID:6064
- C:\Windows\System\LbzpVqb.exe
  C:\Windows\System\LbzpVqb.exe
  2⤵
  PID:6124
- C:\Windows\System\lYCKvQt.exe
  C:\Windows\System\lYCKvQt.exe
  2⤵
  PID:3404
- C:\Windows\System\yqPwJAp.exe
  C:\Windows\System\yqPwJAp.exe
  2⤵
  PID:2888
- C:\Windows\System\bLmpCGd.exe
  C:\Windows\System\bLmpCGd.exe
  2⤵
  PID:5228
- C:\Windows\System\lpxkoCJ.exe
  C:\Windows\System\lpxkoCJ.exe
  2⤵
  PID:5424
- C:\Windows\System\wOIDANG.exe
  C:\Windows\System\wOIDANG.exe
  2⤵
  PID:4544
- C:\Windows\System\LFMRAgv.exe
  C:\Windows\System\LFMRAgv.exe
  2⤵
  PID:1364
- C:\Windows\System\FbdHXYF.exe
  C:\Windows\System\FbdHXYF.exe
  2⤵
  PID:4620
- C:\Windows\System\SoTCvZz.exe
  C:\Windows\System\SoTCvZz.exe
  2⤵
  PID:4812
- C:\Windows\System\nByInSS.exe
  C:\Windows\System\nByInSS.exe
  2⤵
  PID:4928
- C:\Windows\System\beITdiW.exe
  C:\Windows\System\beITdiW.exe
  2⤵
  PID:5952
- C:\Windows\System\HtBPdll.exe
  C:\Windows\System\HtBPdll.exe
  2⤵
  PID:6016
- C:\Windows\System\lBJdPSJ.exe
  C:\Windows\System\lBJdPSJ.exe
  2⤵
  PID:6080
- C:\Windows\System\tdRZXyS.exe
  C:\Windows\System\tdRZXyS.exe
  2⤵
  PID:3452
- C:\Windows\System\WSqhJJz.exe
  C:\Windows\System\WSqhJJz.exe
  2⤵
  PID:2912
- C:\Windows\System\dBhAgkr.exe
  C:\Windows\System\dBhAgkr.exe
  2⤵
  PID:5296
- C:\Windows\System\SOzIXmE.exe
  C:\Windows\System\SOzIXmE.exe
  2⤵
  PID:5516
- C:\Windows\System\umDtQKZ.exe
  C:\Windows\System\umDtQKZ.exe
  2⤵
  PID:5888
- C:\Windows\System\yOCCmsl.exe
  C:\Windows\System\yOCCmsl.exe
  2⤵
  PID:6196
- C:\Windows\System\lsDVFll.exe
  C:\Windows\System\lsDVFll.exe
  2⤵
  PID:6332
- C:\Windows\System\sXRunGi.exe
  C:\Windows\System\sXRunGi.exe
  2⤵
  PID:6728
- C:\Windows\System\ozQyxfr.exe
  C:\Windows\System\ozQyxfr.exe
  2⤵
  PID:6756
- C:\Windows\System\EsPexRD.exe
  C:\Windows\System\EsPexRD.exe
  2⤵
  PID:6772
- C:\Windows\System\oKXqhoZ.exe
  C:\Windows\System\oKXqhoZ.exe
  2⤵
  PID:6788
- C:\Windows\System\DiVXFFL.exe
  C:\Windows\System\DiVXFFL.exe
  2⤵
  PID:6804
- C:\Windows\System\uNPXcpq.exe
  C:\Windows\System\uNPXcpq.exe
  2⤵
  PID:6820
- C:\Windows\System\twxVFyy.exe
  C:\Windows\System\twxVFyy.exe
  2⤵
  PID:6836
- C:\Windows\System\tpFiMsu.exe
  C:\Windows\System\tpFiMsu.exe
  2⤵
  PID:6856
- C:\Windows\System\IzuSKHE.exe
  C:\Windows\System\IzuSKHE.exe
  2⤵
  PID:6880
- C:\Windows\System\hcbXuZl.exe
  C:\Windows\System\hcbXuZl.exe
  2⤵
  PID:6912
- C:\Windows\System\EliKmsJ.exe
  C:\Windows\System\EliKmsJ.exe
  2⤵
  PID:6940
- C:\Windows\System\IDlHpnX.exe
  C:\Windows\System\IDlHpnX.exe
  2⤵
  PID:6988
- C:\Windows\System\XmuhVxf.exe
  C:\Windows\System\XmuhVxf.exe
  2⤵
  PID:7008
- C:\Windows\System\AhjDYOu.exe
  C:\Windows\System\AhjDYOu.exe
  2⤵
  PID:7024
- C:\Windows\System\aqvSKZn.exe
  C:\Windows\System\aqvSKZn.exe
  2⤵
  PID:7040
- C:\Windows\System\ONyvBAW.exe
  C:\Windows\System\ONyvBAW.exe
  2⤵
  PID:7056
- C:\Windows\System\dKNcqPR.exe
  C:\Windows\System\dKNcqPR.exe
  2⤵
  PID:7072
- C:\Windows\System\OMtGnpF.exe
  C:\Windows\System\OMtGnpF.exe
  2⤵
  PID:7088
- C:\Windows\System\VMEXAhA.exe
  C:\Windows\System\VMEXAhA.exe
  2⤵
  PID:7104
- C:\Windows\System\YrjLPkP.exe
  C:\Windows\System\YrjLPkP.exe
  2⤵
  PID:7120
- C:\Windows\System\gACqNuE.exe
  C:\Windows\System\gACqNuE.exe
  2⤵
  PID:7136
- C:\Windows\System\cwzJZbQ.exe
  C:\Windows\System\cwzJZbQ.exe
  2⤵
  PID:7156
- C:\Windows\System\tJOPSmY.exe
  C:\Windows\System\tJOPSmY.exe
  2⤵
  PID:2852
- C:\Windows\System\yYAqMpG.exe
  C:\Windows\System\yYAqMpG.exe
  2⤵
  PID:5580
- C:\Windows\System\NXqBmjd.exe
  C:\Windows\System\NXqBmjd.exe
  2⤵
  PID:5648
- C:\Windows\System\UXmUBJT.exe
  C:\Windows\System\UXmUBJT.exe
  2⤵
  PID:4816
- C:\Windows\System\pdlqKTh.exe
  C:\Windows\System\pdlqKTh.exe
  2⤵
  PID:5488
- C:\Windows\System\cTWOyhY.exe
  C:\Windows\System\cTWOyhY.exe
  2⤵
  PID:5792
- C:\Windows\System\xCXpJcm.exe
  C:\Windows\System\xCXpJcm.exe
  2⤵
  PID:5664
- C:\Windows\System\sqIVHiU.exe
  C:\Windows\System\sqIVHiU.exe
  2⤵
  PID:5600
- C:\Windows\System\YAHVoah.exe
  C:\Windows\System\YAHVoah.exe
  2⤵
  PID:5536
- C:\Windows\System\cScjPVI.exe
  C:\Windows\System\cScjPVI.exe
  2⤵
  PID:5472
- C:\Windows\System\QebyzDL.exe
  C:\Windows\System\QebyzDL.exe
  2⤵
  PID:5340
- C:\Windows\System\ZOXoZyJ.exe
  C:\Windows\System\ZOXoZyJ.exe
  2⤵
  PID:3512
- C:\Windows\System\hSfgXLe.exe
  C:\Windows\System\hSfgXLe.exe
  2⤵
  PID:4416
- C:\Windows\System\VBDMHhK.exe
  C:\Windows\System\VBDMHhK.exe
  2⤵
  PID:3896
- C:\Windows\System\lFJTaUa.exe
  C:\Windows\System\lFJTaUa.exe
  2⤵
  PID:5712
- C:\Windows\System\JDMddEB.exe
  C:\Windows\System\JDMddEB.exe
  2⤵
  PID:5840
- C:\Windows\System\pLjbyMu.exe
  C:\Windows\System\pLjbyMu.exe
  2⤵
  PID:5872
- C:\Windows\System\WHQetKE.exe
  C:\Windows\System\WHQetKE.exe
  2⤵
  PID:6360
- C:\Windows\System\yUsjuFB.exe
  C:\Windows\System\yUsjuFB.exe
  2⤵
  PID:6696
- C:\Windows\System\MjbFnDf.exe
  C:\Windows\System\MjbFnDf.exe
  2⤵
  PID:6716
- C:\Windows\System\sejFnWR.exe
  C:\Windows\System\sejFnWR.exe
  2⤵
  PID:6768
- C:\Windows\System\vedlarH.exe
  C:\Windows\System\vedlarH.exe
  2⤵
  PID:7036
- C:\Windows\System\PIsIkLk.exe
  C:\Windows\System\PIsIkLk.exe
  2⤵
  PID:7100
- C:\Windows\System\wzLEsRm.exe
  C:\Windows\System\wzLEsRm.exe
  2⤵
  PID:2348
- C:\Windows\System\pZgicDo.exe
  C:\Windows\System\pZgicDo.exe
  2⤵
  PID:6496
- C:\Windows\System\XMtqwfE.exe
  C:\Windows\System\XMtqwfE.exe
  2⤵
  PID:5756
- C:\Windows\System\SokaChT.exe
  C:\Windows\System\SokaChT.exe
  2⤵
  PID:6212
- C:\Windows\System\cjxOwbV.exe
  C:\Windows\System\cjxOwbV.exe
  2⤵
  PID:6228
- C:\Windows\System\gUwwTMk.exe
  C:\Windows\System\gUwwTMk.exe
  2⤵
  PID:6248
- C:\Windows\System\VTCkMIN.exe
  C:\Windows\System\VTCkMIN.exe
  2⤵
  PID:6324
- C:\Windows\System\ENJHvHe.exe
  C:\Windows\System\ENJHvHe.exe
  2⤵
  PID:6744
- C:\Windows\System\BmiyLQP.exe
  C:\Windows\System\BmiyLQP.exe
  2⤵
  PID:5376
- C:\Windows\System\BatqSdd.exe
  C:\Windows\System\BatqSdd.exe
  2⤵
  PID:6784
- C:\Windows\System\rvkQjxV.exe
  C:\Windows\System\rvkQjxV.exe
  2⤵
  PID:4684
- C:\Windows\System\qrZbgrm.exe
  C:\Windows\System\qrZbgrm.exe
  2⤵
  PID:4060
- C:\Windows\System\DdJUQZs.exe
  C:\Windows\System\DdJUQZs.exe
  2⤵
  PID:6852
- C:\Windows\System\ZWPHaQz.exe
  C:\Windows\System\ZWPHaQz.exe
  2⤵
  PID:6900
- C:\Windows\System\PRRdjTE.exe
  C:\Windows\System\PRRdjTE.exe
  2⤵
  PID:5036
- C:\Windows\System\nvQchwX.exe
  C:\Windows\System\nvQchwX.exe
  2⤵
  PID:5708
- C:\Windows\System\FAKENHH.exe
  C:\Windows\System\FAKENHH.exe
  2⤵
  PID:6976
- C:\Windows\System\TzLnJSW.exe
  C:\Windows\System\TzLnJSW.exe
  2⤵
  PID:5308
- C:\Windows\System\jGLJwTb.exe
  C:\Windows\System\jGLJwTb.exe
  2⤵
  PID:5212
- C:\Windows\System\eEmTQfG.exe
  C:\Windows\System\eEmTQfG.exe
  2⤵
  PID:5148
- C:\Windows\System\PoKSuth.exe
  C:\Windows\System\PoKSuth.exe
  2⤵
  PID:6032
- C:\Windows\System\JWJNXsN.exe
  C:\Windows\System\JWJNXsN.exe
  2⤵
  PID:5772
- C:\Windows\System\UyWVENx.exe
  C:\Windows\System\UyWVENx.exe
  2⤵
  PID:7020
- C:\Windows\System\PzbTRBc.exe
  C:\Windows\System\PzbTRBc.exe
  2⤵
  PID:6156
- C:\Windows\System\fnhpaxf.exe
  C:\Windows\System\fnhpaxf.exe
  2⤵
  PID:4844
- C:\Windows\System\UKsTFvT.exe
  C:\Windows\System\UKsTFvT.exe
  2⤵
  PID:5632
- C:\Windows\System\MlCuUnD.exe
  C:\Windows\System\MlCuUnD.exe
  2⤵
  PID:6076
- C:\Windows\System\TESwUfT.exe
  C:\Windows\System\TESwUfT.exe
  2⤵
  PID:7144
- C:\Windows\System\APzacwO.exe
  C:\Windows\System\APzacwO.exe
  2⤵
  PID:7080
- C:\Windows\System\bXgPJSh.exe
  C:\Windows\System\bXgPJSh.exe
  2⤵
  PID:6340
- C:\Windows\System\nVsXPDx.exe
  C:\Windows\System\nVsXPDx.exe
  2⤵
  PID:6368
- C:\Windows\System\EhoclNy.exe
  C:\Windows\System\EhoclNy.exe
  2⤵
  PID:6384
- C:\Windows\System\lorMBUv.exe
  C:\Windows\System\lorMBUv.exe
  2⤵
  PID:6400
- C:\Windows\System\PnCyIEN.exe
  C:\Windows\System\PnCyIEN.exe
  2⤵
  PID:6356
- C:\Windows\System\EyEKLuJ.exe
  C:\Windows\System\EyEKLuJ.exe
  2⤵
  PID:6444
- C:\Windows\System\OWMelAh.exe
  C:\Windows\System\OWMelAh.exe
  2⤵
  PID:6464
- C:\Windows\System\OmvQUax.exe
  C:\Windows\System\OmvQUax.exe
  2⤵
  PID:6480
- C:\Windows\System\IDHxXuN.exe
  C:\Windows\System\IDHxXuN.exe
  2⤵
  PID:5920
- C:\Windows\System\pPduuRK.exe
  C:\Windows\System\pPduuRK.exe
  2⤵
  PID:6504
- C:\Windows\System\ktrWgOL.exe
  C:\Windows\System\ktrWgOL.exe
  2⤵
  PID:6528
- C:\Windows\System\OeEALQX.exe
  C:\Windows\System\OeEALQX.exe
  2⤵
  PID:6564
- C:\Windows\System\DKvWfbl.exe
  C:\Windows\System\DKvWfbl.exe
  2⤵
  PID:6584
- C:\Windows\System\uIFQgsw.exe
  C:\Windows\System\uIFQgsw.exe
  2⤵
  PID:6600
- C:\Windows\System\HJbcusp.exe
  C:\Windows\System\HJbcusp.exe
  2⤵
  PID:6616
- C:\Windows\System\gWwNFRR.exe
  C:\Windows\System\gWwNFRR.exe
  2⤵
  PID:6632
- C:\Windows\System\FmfxdRy.exe
  C:\Windows\System\FmfxdRy.exe
  2⤵
  PID:6648
- C:\Windows\System\qguDlWF.exe
  C:\Windows\System\qguDlWF.exe
  2⤵
  PID:6660
- C:\Windows\System\flxyKlz.exe
  C:\Windows\System\flxyKlz.exe
  2⤵
  PID:6680
- C:\Windows\System\SkTLbIK.exe
  C:\Windows\System\SkTLbIK.exe
  2⤵
  PID:6724
- C:\Windows\System\nQPsqQR.exe
  C:\Windows\System\nQPsqQR.exe
  2⤵
  PID:7068
- C:\Windows\System\YQTxGgm.exe
  C:\Windows\System\YQTxGgm.exe
  2⤵
  PID:6708
- C:\Windows\System\lkZjBbo.exe
  C:\Windows\System\lkZjBbo.exe
  2⤵
  PID:6800
- C:\Windows\System\wEyALrE.exe
  C:\Windows\System\wEyALrE.exe
  2⤵
  PID:6924
- C:\Windows\System\tUtNFMA.exe
  C:\Windows\System\tUtNFMA.exe
  2⤵
  PID:7004
- C:\Windows\System\uJPpZHi.exe
  C:\Windows\System\uJPpZHi.exe
  2⤵
  PID:4624
- C:\Windows\System\TwOKKyj.exe
  C:\Windows\System\TwOKKyj.exe
  2⤵
  PID:6236
- C:\Windows\System\XoqIgbk.exe
  C:\Windows\System\XoqIgbk.exe
  2⤵
  PID:7164
- C:\Windows\System\zBTVzDo.exe
  C:\Windows\System\zBTVzDo.exe
  2⤵
  PID:5568
- C:\Windows\System\CSinyQC.exe
  C:\Windows\System\CSinyQC.exe
  2⤵
  PID:6276
- C:\Windows\System\vEqSHhc.exe
  C:\Windows\System\vEqSHhc.exe
  2⤵
  PID:6296
- C:\Windows\System\KVZJLuH.exe
  C:\Windows\System\KVZJLuH.exe
  2⤵
  PID:6308
- C:\Windows\System\UhKwzbz.exe
  C:\Windows\System\UhKwzbz.exe
  2⤵
  PID:6896
- C:\Windows\System\JRsGAeK.exe
  C:\Windows\System\JRsGAeK.exe
  2⤵
  PID:6748
- C:\Windows\System\FBvVyfB.exe
  C:\Windows\System\FBvVyfB.exe
  2⤵
  PID:6812
- C:\Windows\System\YyzQlFL.exe
  C:\Windows\System\YyzQlFL.exe
  2⤵
  PID:5680
- C:\Windows\System\UxKLRyp.exe
  C:\Windows\System\UxKLRyp.exe
  2⤵
  PID:7152
- C:\Windows\System\rxPcJOP.exe
  C:\Windows\System\rxPcJOP.exe
  2⤵
  PID:2748
- C:\Windows\System\SFagmJv.exe
  C:\Windows\System\SFagmJv.exe
  2⤵
  PID:4988
- C:\Windows\System\UrKtNOF.exe
  C:\Windows\System\UrKtNOF.exe
  2⤵
  PID:2844
- C:\Windows\System\uPCkaul.exe
  C:\Windows\System\uPCkaul.exe
  2⤵
  PID:6192
- C:\Windows\System\rueBeFj.exe
  C:\Windows\System\rueBeFj.exe
  2⤵
  PID:6172
- C:\Windows\System\KesmNNF.exe
  C:\Windows\System\KesmNNF.exe
  2⤵
  PID:6460
- C:\Windows\System\AGwfbYn.exe
  C:\Windows\System\AGwfbYn.exe
  2⤵
  PID:6392
- C:\Windows\System\ykaZVEv.exe
  C:\Windows\System\ykaZVEv.exe
  2⤵
  PID:6140
- C:\Windows\System\IRxqhYi.exe
  C:\Windows\System\IRxqhYi.exe
  2⤵
  PID:5292
- C:\Windows\System\KFxRHkZ.exe
  C:\Windows\System\KFxRHkZ.exe
  2⤵
  PID:6516
- C:\Windows\System\sENKbBp.exe
  C:\Windows\System\sENKbBp.exe
  2⤵
  PID:6440
- C:\Windows\System\SGmTaFj.exe
  C:\Windows\System\SGmTaFj.exe
  2⤵
  PID:6484
- C:\Windows\System\gsRHGKP.exe
  C:\Windows\System\gsRHGKP.exe
  2⤵
  PID:1484
- C:\Windows\System\aZqqnky.exe
  C:\Windows\System\aZqqnky.exe
  2⤵
  PID:6544
- C:\Windows\System\dKdgsjR.exe
  C:\Windows\System\dKdgsjR.exe
  2⤵
  PID:6556
- C:\Windows\System\cmtwyhC.exe
  C:\Windows\System\cmtwyhC.exe
  2⤵
  PID:2720
- C:\Windows\System\FwECtoh.exe
  C:\Windows\System\FwECtoh.exe
  2⤵
  PID:4572
- C:\Windows\System\rHkvbto.exe
  C:\Windows\System\rHkvbto.exe
  2⤵
  PID:6832
- C:\Windows\System\WLxlZMt.exe
  C:\Windows\System\WLxlZMt.exe
  2⤵
  PID:6736
- C:\Windows\System\ntRmBST.exe
  C:\Windows\System\ntRmBST.exe
  2⤵
  PID:6692
- C:\Windows\System\KCgsEjA.exe
  C:\Windows\System\KCgsEjA.exe
  2⤵
  PID:2628
- C:\Windows\System\wSvIptO.exe
  C:\Windows\System\wSvIptO.exe
  2⤵
  PID:1040
- C:\Windows\System\imsFXII.exe
  C:\Windows\System\imsFXII.exe
  2⤵
  PID:2864
- C:\Windows\System\aJoNmha.exe
  C:\Windows\System\aJoNmha.exe
  2⤵
  PID:7032
- C:\Windows\System\tdsYvsv.exe
  C:\Windows\System\tdsYvsv.exe
  2⤵
  PID:5644
- C:\Windows\System\doSGbUQ.exe
  C:\Windows\System\doSGbUQ.exe
  2⤵
  PID:6264
- C:\Windows\System\DYTYabu.exe
  C:\Windows\System\DYTYabu.exe
  2⤵
  PID:2860
- C:\Windows\System\DBJDyhd.exe
  C:\Windows\System\DBJDyhd.exe
  2⤵
  PID:1196
- C:\Windows\System\ldQAehq.exe
  C:\Windows\System\ldQAehq.exe
  2⤵
  PID:5152
- C:\Windows\System\SppWlUJ.exe
  C:\Windows\System\SppWlUJ.exe
  2⤵
  PID:5408
- C:\Windows\System\gnCOiuF.exe
  C:\Windows\System\gnCOiuF.exe
  2⤵
  PID:6816
- C:\Windows\System\sTWsTcF.exe
  C:\Windows\System\sTWsTcF.exe
  2⤵
  PID:5116
- C:\Windows\System\zMtwHao.exe
  C:\Windows\System\zMtwHao.exe
  2⤵
  PID:6964
- C:\Windows\System\RFPPNqu.exe
  C:\Windows\System\RFPPNqu.exe
  2⤵
  PID:1908
- C:\Windows\System\pnkbZbX.exe
  C:\Windows\System\pnkbZbX.exe
  2⤵
  PID:5216
- C:\Windows\System\ZzooVau.exe
  C:\Windows\System\ZzooVau.exe
  2⤵
  PID:5504
- C:\Windows\System\dlUtbuv.exe
  C:\Windows\System\dlUtbuv.exe
  2⤵
  PID:7148
- C:\Windows\System\iTtISZu.exe
  C:\Windows\System\iTtISZu.exe
  2⤵
  PID:3352
- C:\Windows\System\qyXeEfW.exe
  C:\Windows\System\qyXeEfW.exe
  2⤵
  PID:2264
- C:\Windows\System\ktoVCEM.exe
  C:\Windows\System\ktoVCEM.exe
  2⤵
  PID:2524
- C:\Windows\System\gsbfueC.exe
  C:\Windows\System\gsbfueC.exe
  2⤵
  PID:5996
- C:\Windows\System\RWdkHun.exe
  C:\Windows\System\RWdkHun.exe
  2⤵
  PID:6184
- C:\Windows\System\jUHwaZR.exe
  C:\Windows\System\jUHwaZR.exe
  2⤵
  PID:6188
- C:\Windows\System\yBfVDRw.exe
  C:\Windows\System\yBfVDRw.exe
  2⤵
  PID:6424
- C:\Windows\System\GYmVmHx.exe
  C:\Windows\System\GYmVmHx.exe
  2⤵
  PID:6524
- C:\Windows\System\WVoplsQ.exe
  C:\Windows\System\WVoplsQ.exe
  2⤵
  PID:6380
- C:\Windows\System\gasWXMw.exe
  C:\Windows\System\gasWXMw.exe
  2⤵
  PID:7112
- C:\Windows\System\CfajCHo.exe
  C:\Windows\System\CfajCHo.exe
  2⤵
  PID:6396
- C:\Windows\System\CWQdfXU.exe
  C:\Windows\System\CWQdfXU.exe
  2⤵
  PID:6624
- C:\Windows\System\ORrjEjH.exe
  C:\Windows\System\ORrjEjH.exe
  2⤵
  PID:6676
- C:\Windows\System\GBAvbwB.exe
  C:\Windows\System\GBAvbwB.exe
  2⤵
  PID:3040
- C:\Windows\System\ejkVify.exe
  C:\Windows\System\ejkVify.exe
  2⤵
  PID:6552
- C:\Windows\System\ikgtbdr.exe
  C:\Windows\System\ikgtbdr.exe
  2⤵
  PID:6204
- C:\Windows\System\DOxKxiR.exe
  C:\Windows\System\DOxKxiR.exe
  2⤵
  PID:6096
- C:\Windows\System\mFnsXdL.exe
  C:\Windows\System\mFnsXdL.exe
  2⤵
  PID:6876
- C:\Windows\System\davnxDx.exe
  C:\Windows\System\davnxDx.exe
  2⤵
  PID:6868
- C:\Windows\System\jkGivIt.exe
  C:\Windows\System\jkGivIt.exe
  2⤵
  PID:6780
- C:\Windows\System\yokeoCY.exe
  C:\Windows\System\yokeoCY.exe
  2⤵
  PID:6260
- C:\Windows\System\OVPRwCi.exe
  C:\Windows\System\OVPRwCi.exe
  2⤵
  PID:2944
- C:\Windows\System\YmcALCJ.exe
  C:\Windows\System\YmcALCJ.exe
  2⤵
  PID:2512
- C:\Windows\System\XnIOMKU.exe
  C:\Windows\System\XnIOMKU.exe
  2⤵
  PID:5552
- C:\Windows\System\DXMbvRy.exe
  C:\Windows\System\DXMbvRy.exe
  2⤵
  PID:6300
- C:\Windows\System\NFweVrY.exe
  C:\Windows\System\NFweVrY.exe
  2⤵
  PID:4220
- C:\Windows\System\OkbDXKB.exe
  C:\Windows\System\OkbDXKB.exe
  2⤵
  PID:7084
- C:\Windows\System\tGqUlky.exe
  C:\Windows\System\tGqUlky.exe
  2⤵
  PID:2824
- C:\Windows\System\lNtxCFS.exe
  C:\Windows\System\lNtxCFS.exe
  2⤵
  PID:6452
- C:\Windows\System\elkTUJs.exe
  C:\Windows\System\elkTUJs.exe
  2⤵
  PID:2388
- C:\Windows\System\RrhaLry.exe
  C:\Windows\System\RrhaLry.exe
  2⤵
  PID:6408
- C:\Windows\System\VvXuRHT.exe
  C:\Windows\System\VvXuRHT.exe
  2⤵
  PID:4576
- C:\Windows\System\egSLXtA.exe
  C:\Windows\System\egSLXtA.exe
  2⤵
  PID:6580
- C:\Windows\System\YMNlNGJ.exe
  C:\Windows\System\YMNlNGJ.exe
  2⤵
  PID:5696
- C:\Windows\System\bhTwUAr.exe
  C:\Windows\System\bhTwUAr.exe
  2⤵
  PID:2740
- C:\Windows\System\vAROlla.exe
  C:\Windows\System\vAROlla.exe
  2⤵
  PID:6520
- C:\Windows\System\RsZyDKe.exe
  C:\Windows\System\RsZyDKe.exe
  2⤵
  PID:2876
- C:\Windows\System\NJVQOOU.exe
  C:\Windows\System\NJVQOOU.exe
  2⤵
  PID:5404
- C:\Windows\System\LvTISlb.exe
  C:\Windows\System\LvTISlb.exe
  2⤵
  PID:6928
- C:\Windows\System\tZmInmU.exe
  C:\Windows\System\tZmInmU.exe
  2⤵
  PID:5200
- C:\Windows\System\yTzdEeJ.exe
  C:\Windows\System\yTzdEeJ.exe
  2⤵
  PID:6292
- C:\Windows\System\TJdCLlH.exe
  C:\Windows\System\TJdCLlH.exe
  2⤵
  PID:6272
- C:\Windows\System\IEjJwEE.exe
  C:\Windows\System\IEjJwEE.exe
  2⤵
  PID:6972
- C:\Windows\System\hTIMmgr.exe
  C:\Windows\System\hTIMmgr.exe
  2⤵
  PID:6180
- C:\Windows\System\vBOLesY.exe
  C:\Windows\System\vBOLesY.exe
  2⤵
  PID:944
- C:\Windows\System\DZXAtDr.exe
  C:\Windows\System\DZXAtDr.exe
  2⤵
  PID:452
- C:\Windows\System\bEMYlOd.exe
  C:\Windows\System\bEMYlOd.exe
  2⤵
  PID:2668
- C:\Windows\System\PMvyGug.exe
  C:\Windows\System\PMvyGug.exe
  2⤵
  PID:5180
- C:\Windows\System\ChpzjGs.exe
  C:\Windows\System\ChpzjGs.exe
  2⤵
  PID:7176
- C:\Windows\System\ptCmsxB.exe
  C:\Windows\System\ptCmsxB.exe
  2⤵
  PID:7192
- C:\Windows\System\rUILtXv.exe
  C:\Windows\System\rUILtXv.exe
  2⤵
  PID:7208
- C:\Windows\System\ajFoRYL.exe
  C:\Windows\System\ajFoRYL.exe
  2⤵
  PID:7224
- C:\Windows\System\GbiPPpI.exe
  C:\Windows\System\GbiPPpI.exe
  2⤵
  PID:7240
- C:\Windows\System\msnGqnb.exe
  C:\Windows\System\msnGqnb.exe
  2⤵
  PID:7256
- C:\Windows\System\DEEDTQZ.exe
  C:\Windows\System\DEEDTQZ.exe
  2⤵
  PID:7272
- C:\Windows\System\OInsKnw.exe
  C:\Windows\System\OInsKnw.exe
  2⤵
  PID:7292
- C:\Windows\System\pFHFDxc.exe
  C:\Windows\System\pFHFDxc.exe
  2⤵
  PID:7308
- C:\Windows\System\vrfHhVS.exe
  C:\Windows\System\vrfHhVS.exe
  2⤵
  PID:7328
- C:\Windows\System\wSyXocw.exe
  C:\Windows\System\wSyXocw.exe
  2⤵
  PID:7348
- C:\Windows\System\byHfTpn.exe
  C:\Windows\System\byHfTpn.exe
  2⤵
  PID:7364
- C:\Windows\System\YeyEGtG.exe
  C:\Windows\System\YeyEGtG.exe
  2⤵
  PID:7380
- C:\Windows\System\TbGlEUa.exe
  C:\Windows\System\TbGlEUa.exe
  2⤵
  PID:7396
- C:\Windows\System\TjnRqwf.exe
  C:\Windows\System\TjnRqwf.exe
  2⤵
  PID:7412
- C:\Windows\System\AhHrYIG.exe
  C:\Windows\System\AhHrYIG.exe
  2⤵
  PID:7428
- C:\Windows\System\AVyrsKR.exe
  C:\Windows\System\AVyrsKR.exe
  2⤵
  PID:7444
- C:\Windows\System\HRlklFJ.exe
  C:\Windows\System\HRlklFJ.exe
  2⤵
  PID:7460
- C:\Windows\System\DnBvmnA.exe
  C:\Windows\System\DnBvmnA.exe
  2⤵
  PID:7476
- C:\Windows\System\jyQMcnN.exe
  C:\Windows\System\jyQMcnN.exe
  2⤵
  PID:7496
- C:\Windows\System\uNAzNxP.exe
  C:\Windows\System\uNAzNxP.exe
  2⤵
  PID:7512
- C:\Windows\System\htJMoWq.exe
  C:\Windows\System\htJMoWq.exe
  2⤵
  PID:7556
- C:\Windows\System\sYOzjsK.exe
  C:\Windows\System\sYOzjsK.exe
  2⤵
  PID:7572
- C:\Windows\System\GXLCntT.exe
  C:\Windows\System\GXLCntT.exe
  2⤵
  PID:7596
- C:\Windows\System\LiKBEmO.exe
  C:\Windows\System\LiKBEmO.exe
  2⤵
  PID:7612
- C:\Windows\System\MpziBQO.exe
  C:\Windows\System\MpziBQO.exe
  2⤵
  PID:7632
- C:\Windows\System\bwedurZ.exe
  C:\Windows\System\bwedurZ.exe
  2⤵
  PID:7648
- C:\Windows\System\cxDOgLK.exe
  C:\Windows\System\cxDOgLK.exe
  2⤵
  PID:7664
- C:\Windows\System\xgJHBQQ.exe
  C:\Windows\System\xgJHBQQ.exe
  2⤵
  PID:7692
- C:\Windows\System\rIfRPaQ.exe
  C:\Windows\System\rIfRPaQ.exe
  2⤵
  PID:7716
- C:\Windows\System\AONKOBM.exe
  C:\Windows\System\AONKOBM.exe
  2⤵
  PID:7776
- C:\Windows\System\ZFxWLAv.exe
  C:\Windows\System\ZFxWLAv.exe
  2⤵
  PID:7812
- C:\Windows\System\kazfTZb.exe
  C:\Windows\System\kazfTZb.exe
  2⤵
  PID:7832
- C:\Windows\System\vbWmRqS.exe
  C:\Windows\System\vbWmRqS.exe
  2⤵
  PID:7860
- C:\Windows\System\Nunlkvb.exe
  C:\Windows\System\Nunlkvb.exe
  2⤵
  PID:7896
- C:\Windows\System\mokmLkT.exe
  C:\Windows\System\mokmLkT.exe
  2⤵
  PID:7912
- C:\Windows\System\BVeFLMX.exe
  C:\Windows\System\BVeFLMX.exe
  2⤵
  PID:7928
- C:\Windows\System\uhKlfmC.exe
  C:\Windows\System\uhKlfmC.exe
  2⤵
  PID:7948
- C:\Windows\System\VDMtxsj.exe
  C:\Windows\System\VDMtxsj.exe
  2⤵
  PID:7964
- C:\Windows\System\DvPWpGD.exe
  C:\Windows\System\DvPWpGD.exe
  2⤵
  PID:7980
- C:\Windows\System\zykjTOU.exe
  C:\Windows\System\zykjTOU.exe
  2⤵
  PID:8012
- C:\Windows\System\btMlZsS.exe
  C:\Windows\System\btMlZsS.exe
  2⤵
  PID:8028
- C:\Windows\System\gyhrqDe.exe
  C:\Windows\System\gyhrqDe.exe
  2⤵
  PID:8044
- C:\Windows\System\vBcmRIy.exe
  C:\Windows\System\vBcmRIy.exe
  2⤵
  PID:8064
- C:\Windows\System\TccREyb.exe
  C:\Windows\System\TccREyb.exe
  2⤵
  PID:8084
- C:\Windows\System\UqiMDhl.exe
  C:\Windows\System\UqiMDhl.exe
  2⤵
  PID:8104
- C:\Windows\System\FbDtAuf.exe
  C:\Windows\System\FbDtAuf.exe
  2⤵
  PID:8124
- C:\Windows\System\KLUCdxd.exe
  C:\Windows\System\KLUCdxd.exe
  2⤵
  PID:8180
- C:\Windows\System\nrqhwAP.exe
  C:\Windows\System\nrqhwAP.exe
  2⤵
  PID:6316
- C:\Windows\System\SyrQbTG.exe
  C:\Windows\System\SyrQbTG.exe
  2⤵
  PID:1508
- C:\Windows\System\GQYrogV.exe
  C:\Windows\System\GQYrogV.exe
  2⤵
  PID:1416
- C:\Windows\System\acnUMVX.exe
  C:\Windows\System\acnUMVX.exe
  2⤵
  PID:7236
- C:\Windows\System\fDxbYVh.exe
  C:\Windows\System\fDxbYVh.exe
  2⤵
  PID:7304
- C:\Windows\System\wdKBivt.exe
  C:\Windows\System\wdKBivt.exe
  2⤵
  PID:7376
- C:\Windows\System\KwTnkQn.exe
  C:\Windows\System\KwTnkQn.exe
  2⤵
  PID:7468
- C:\Windows\System\wlmVdWb.exe
  C:\Windows\System\wlmVdWb.exe
  2⤵
  PID:7564
- C:\Windows\System\yeqfEgh.exe
  C:\Windows\System\yeqfEgh.exe
  2⤵
  PID:7672
- C:\Windows\System\RAfuBVC.exe
  C:\Windows\System\RAfuBVC.exe
  2⤵
  PID:1824
- C:\Windows\System\LhQNYoE.exe
  C:\Windows\System\LhQNYoE.exe
  2⤵
  PID:2244
- C:\Windows\System\yGbEzSS.exe
  C:\Windows\System\yGbEzSS.exe
  2⤵
  PID:2212
- C:\Windows\System\SOomzrG.exe
  C:\Windows\System\SOomzrG.exe
  2⤵
  PID:6844
- C:\Windows\System\ICyTlXA.exe
  C:\Windows\System\ICyTlXA.exe
  2⤵
  PID:3772
- C:\Windows\System\zXUsodT.exe
  C:\Windows\System\zXUsodT.exe
  2⤵
  PID:7220
- C:\Windows\System\IwmwsFH.exe
  C:\Windows\System\IwmwsFH.exe
  2⤵
  PID:7284
- C:\Windows\System\Bdiztnz.exe
  C:\Windows\System\Bdiztnz.exe
  2⤵
  PID:7356
- C:\Windows\System\GqKZzYG.exe
  C:\Windows\System\GqKZzYG.exe
  2⤵
  PID:7424
- C:\Windows\System\nRocVBj.exe
  C:\Windows\System\nRocVBj.exe
  2⤵
  PID:7492
- C:\Windows\System\hQVdjrM.exe
  C:\Windows\System\hQVdjrM.exe
  2⤵
  PID:7532
- C:\Windows\System\iYioErm.exe
  C:\Windows\System\iYioErm.exe
  2⤵
  PID:7548
- C:\Windows\System\XTczTDy.exe
  C:\Windows\System\XTczTDy.exe
  2⤵
  PID:7588
- C:\Windows\System\ZERiwtt.exe
  C:\Windows\System\ZERiwtt.exe
  2⤵
  PID:7628
- C:\Windows\System\PSnMrVR.exe
  C:\Windows\System\PSnMrVR.exe
  2⤵
  PID:6956
- C:\Windows\System\lWftNRY.exe
  C:\Windows\System\lWftNRY.exe
  2⤵
  PID:5692
- C:\Windows\System\cAZxIYk.exe
  C:\Windows\System\cAZxIYk.exe
  2⤵
  PID:7132
- C:\Windows\System\CvOBBVU.exe
  C:\Windows\System\CvOBBVU.exe
  2⤵
  PID:1844
- C:\Windows\System\dMEzWry.exe
  C:\Windows\System\dMEzWry.exe
  2⤵
  PID:7680
- C:\Windows\System\OHFEkAQ.exe
  C:\Windows\System\OHFEkAQ.exe
  2⤵
  PID:1984
- C:\Windows\System\hNXilqM.exe
  C:\Windows\System\hNXilqM.exe
  2⤵
  PID:7756
- C:\Windows\System\xIoruVR.exe
  C:\Windows\System\xIoruVR.exe
  2⤵
  PID:7772
- C:\Windows\System\ulxVHOD.exe
  C:\Windows\System\ulxVHOD.exe
  2⤵
  PID:7868
- C:\Windows\System\oAxowuA.exe
  C:\Windows\System\oAxowuA.exe
  2⤵
  PID:7884
- C:\Windows\System\NyAxgVA.exe
  C:\Windows\System\NyAxgVA.exe
  2⤵
  PID:7924
- C:\Windows\System\GQSyrZT.exe
  C:\Windows\System\GQSyrZT.exe
  2⤵
  PID:7996
- C:\Windows\System\gAqidCw.exe
  C:\Windows\System\gAqidCw.exe
  2⤵
  PID:8040
- C:\Windows\System\GGieRsx.exe
  C:\Windows\System\GGieRsx.exe
  2⤵
  PID:8112
- C:\Windows\System\aMLHDgW.exe
  C:\Windows\System\aMLHDgW.exe
  2⤵
  PID:1920
- C:\Windows\System\gLKjXuk.exe
  C:\Windows\System\gLKjXuk.exe
  2⤵
  PID:7784
- C:\Windows\System\hYUmugE.exe
  C:\Windows\System\hYUmugE.exe
  2⤵
  PID:7808
- C:\Windows\System\ILSzJDX.exe
  C:\Windows\System\ILSzJDX.exe
  2⤵
  PID:7852
- C:\Windows\System\tlJNDaR.exe
  C:\Windows\System\tlJNDaR.exe
  2⤵
  PID:7940
- C:\Windows\System\vgyrEDA.exe
  C:\Windows\System\vgyrEDA.exe
  2⤵
  PID:8020
- C:\Windows\System\AlMFbLl.exe
  C:\Windows\System\AlMFbLl.exe
  2⤵
  PID:8060
- C:\Windows\System\AKXqKdL.exe
  C:\Windows\System\AKXqKdL.exe
  2⤵
  PID:752
- C:\Windows\System\bmRosgu.exe
  C:\Windows\System\bmRosgu.exe
  2⤵
  PID:8120
- C:\Windows\System\zSJtphL.exe
  C:\Windows\System\zSJtphL.exe
  2⤵
  PID:8140
- C:\Windows\System\MZKhsIk.exe
  C:\Windows\System\MZKhsIk.exe
  2⤵
  PID:8164
- C:\Windows\System\GyiTEHe.exe
  C:\Windows\System\GyiTEHe.exe
  2⤵
  PID:8176
- C:\Windows\System\MhnCuNJ.exe
  C:\Windows\System\MhnCuNJ.exe
  2⤵
  PID:7204
- C:\Windows\System\FpbuwIs.exe
  C:\Windows\System\FpbuwIs.exe
  2⤵
  PID:7372
- C:\Windows\System\lEIMdqK.exe
  C:\Windows\System\lEIMdqK.exe
  2⤵
  PID:8188
- C:\Windows\System\GSsXrOM.exe
  C:\Windows\System\GSsXrOM.exe
  2⤵
  PID:2396
- C:\Windows\System\dzAEyaQ.exe
  C:\Windows\System\dzAEyaQ.exe
  2⤵
  PID:7440
- C:\Windows\System\wpeZPgZ.exe
  C:\Windows\System\wpeZPgZ.exe
  2⤵
  PID:1632
- C:\Windows\System\burxLfh.exe
  C:\Windows\System\burxLfh.exe
  2⤵
  PID:1912
- C:\Windows\System\LdZkiZZ.exe
  C:\Windows\System\LdZkiZZ.exe
  2⤵
  PID:5244
- C:\Windows\System\ayeqHMX.exe
  C:\Windows\System\ayeqHMX.exe
  2⤵
  PID:7540
- C:\Windows\System\YjDDCoS.exe
  C:\Windows\System\YjDDCoS.exe
  2⤵
  PID:7488
- C:\Windows\System\bcPBHHd.exe
  C:\Windows\System\bcPBHHd.exe
  2⤵
  PID:4284
- C:\Windows\System\MefWSEB.exe
  C:\Windows\System\MefWSEB.exe
  2⤵
  PID:7732
- C:\Windows\System\FOneYhE.exe
  C:\Windows\System\FOneYhE.exe
  2⤵
  PID:7748
- C:\Windows\System\nkbPUUQ.exe
  C:\Windows\System\nkbPUUQ.exe
  2⤵
  PID:7544
- C:\Windows\System\COYKqQx.exe
  C:\Windows\System\COYKqQx.exe
  2⤵
  PID:7960
- C:\Windows\System\tmvpolL.exe
  C:\Windows\System\tmvpolL.exe
  2⤵
  PID:8036
- C:\Windows\System\ItXpULP.exe
  C:\Windows\System\ItXpULP.exe
  2⤵
  PID:2600
- C:\Windows\System\YGxZyht.exe
  C:\Windows\System\YGxZyht.exe
  2⤵
  PID:7804
- C:\Windows\System\XserLET.exe
  C:\Windows\System\XserLET.exe
  2⤵
  PID:8052
- C:\Windows\System\dISrqUf.exe
  C:\Windows\System\dISrqUf.exe
  2⤵
  PID:8156
- C:\Windows\System\rYCukBw.exe
  C:\Windows\System\rYCukBw.exe
  2⤵
  PID:7608
- C:\Windows\System\aewEVZb.exe
  C:\Windows\System\aewEVZb.exe
  2⤵
  PID:2608
- C:\Windows\System\PEPiQzI.exe
  C:\Windows\System\PEPiQzI.exe
  2⤵
  PID:7316
- C:\Windows\System\QCTtjIg.exe
  C:\Windows\System\QCTtjIg.exe
  2⤵
  PID:7320
- C:\Windows\System\gMQjiVk.exe
  C:\Windows\System\gMQjiVk.exe
  2⤵
  PID:7188
- C:\Windows\System\VkacMce.exe
  C:\Windows\System\VkacMce.exe
  2⤵
  PID:7764
- C:\Windows\System\UKHeKOY.exe
  C:\Windows\System\UKHeKOY.exe
  2⤵
  PID:7876
- C:\Windows\System\wxCmlOT.exe
  C:\Windows\System\wxCmlOT.exe
  2⤵
  PID:7856
- C:\Windows\System\clRBHYW.exe
  C:\Windows\System\clRBHYW.exe
  2⤵
  PID:7976
- C:\Windows\System\VIzGHXi.exe
  C:\Windows\System\VIzGHXi.exe
  2⤵
  PID:8136
- C:\Windows\System\knZKwNT.exe
  C:\Windows\System\knZKwNT.exe
  2⤵
  PID:936
- C:\Windows\System\dtoCaWl.exe
  C:\Windows\System\dtoCaWl.exe
  2⤵
  PID:6960
- C:\Windows\System\QCQmyHn.exe
  C:\Windows\System\QCQmyHn.exe
  2⤵
  PID:7920
- C:\Windows\System\WlEJlJt.exe
  C:\Windows\System\WlEJlJt.exe
  2⤵
  PID:8056
- C:\Windows\System\dfqzPsN.exe
  C:\Windows\System\dfqzPsN.exe
  2⤵
  PID:1988
- C:\Windows\System\BnvYiZu.exe
  C:\Windows\System\BnvYiZu.exe
  2⤵
  PID:7420
- C:\Windows\System\LockowA.exe
  C:\Windows\System\LockowA.exe
  2⤵
  PID:7824
- C:\Windows\System\VMkarxF.exe
  C:\Windows\System\VMkarxF.exe
  2⤵
  PID:7972
- C:\Windows\System\iqrzekY.exe
  C:\Windows\System\iqrzekY.exe
  2⤵
  PID:4024
- C:\Windows\System\WUJHmAz.exe
  C:\Windows\System\WUJHmAz.exe
  2⤵
  PID:1076
- C:\Windows\System\aRiQOlx.exe
  C:\Windows\System\aRiQOlx.exe
  2⤵
  PID:5744
- C:\Windows\System\sTpCwPj.exe
  C:\Windows\System\sTpCwPj.exe
  2⤵
  PID:7828
- C:\Windows\System\XvDNAXi.exe
  C:\Windows\System\XvDNAXi.exe
  2⤵
  PID:764
- C:\Windows\System\LNINvMw.exe
  C:\Windows\System\LNINvMw.exe
  2⤵
  PID:7728
- C:\Windows\System\JKhLGRQ.exe
  C:\Windows\System\JKhLGRQ.exe
  2⤵
  PID:7184
- C:\Windows\System\xBPXNIK.exe
  C:\Windows\System\xBPXNIK.exe
  2⤵
  PID:7280
- C:\Windows\System\IuMnbxW.exe
  C:\Windows\System\IuMnbxW.exe
  2⤵
  PID:8144
- C:\Windows\System\UEKzgpv.exe
  C:\Windows\System\UEKzgpv.exe
  2⤵
  PID:7744
- C:\Windows\System\wHtjvoP.exe
  C:\Windows\System\wHtjvoP.exe
  2⤵
  PID:6012
- C:\Windows\System\AkvHFlZ.exe
  C:\Windows\System\AkvHFlZ.exe
  2⤵
  PID:7484
- C:\Windows\System\pyDuGIq.exe
  C:\Windows\System\pyDuGIq.exe
  2⤵
  PID:8208
- C:\Windows\System\trAIBnC.exe
  C:\Windows\System\trAIBnC.exe
  2⤵
  PID:8224
- C:\Windows\System\GeWObSE.exe
  C:\Windows\System\GeWObSE.exe
  2⤵
  PID:8240
- C:\Windows\System\UQFtujj.exe
  C:\Windows\System\UQFtujj.exe
  2⤵
  PID:8256
- C:\Windows\System\QIsnNLy.exe
  C:\Windows\System\QIsnNLy.exe
  2⤵
  PID:8272
- C:\Windows\System\jJkyGWR.exe
  C:\Windows\System\jJkyGWR.exe
  2⤵
  PID:8288
- C:\Windows\System\HhspHSk.exe
  C:\Windows\System\HhspHSk.exe
  2⤵
  PID:8304
- C:\Windows\System\HiWFDgl.exe
  C:\Windows\System\HiWFDgl.exe
  2⤵
  PID:8400
- C:\Windows\System\cuLmuFz.exe
  C:\Windows\System\cuLmuFz.exe
  2⤵
  PID:8416
- C:\Windows\System\tKJdxvx.exe
  C:\Windows\System\tKJdxvx.exe
  2⤵
  PID:8432
- C:\Windows\System\erAuvTh.exe
  C:\Windows\System\erAuvTh.exe
  2⤵
  PID:8448
- C:\Windows\System\XffCLwp.exe
  C:\Windows\System\XffCLwp.exe
  2⤵
  PID:8464
- C:\Windows\System\RPHdKcE.exe
  C:\Windows\System\RPHdKcE.exe
  2⤵
  PID:8480
- C:\Windows\System\JrjUpHQ.exe
  C:\Windows\System\JrjUpHQ.exe
  2⤵
  PID:8496
- C:\Windows\System\ahSkTSV.exe
  C:\Windows\System\ahSkTSV.exe
  2⤵
  PID:8512
- C:\Windows\System\kuTTJOu.exe
  C:\Windows\System\kuTTJOu.exe
  2⤵
  PID:8528
- C:\Windows\System\uxKvbuR.exe
  C:\Windows\System\uxKvbuR.exe
  2⤵
  PID:8544
- C:\Windows\System\LlLWfNL.exe
  C:\Windows\System\LlLWfNL.exe
  2⤵
  PID:8560
- C:\Windows\System\PvfeSoZ.exe
  C:\Windows\System\PvfeSoZ.exe
  2⤵
  PID:8576
- C:\Windows\System\IvqyoHb.exe
  C:\Windows\System\IvqyoHb.exe
  2⤵
  PID:8592
- C:\Windows\System\usylhlJ.exe
  C:\Windows\System\usylhlJ.exe
  2⤵
  PID:8608
- C:\Windows\System\RRcHdjn.exe
  C:\Windows\System\RRcHdjn.exe
  2⤵
  PID:8624
- C:\Windows\System\KkmMkaN.exe
  C:\Windows\System\KkmMkaN.exe
  2⤵
  PID:8640
- C:\Windows\System\rqBPnyP.exe
  C:\Windows\System\rqBPnyP.exe
  2⤵
  PID:8656
- C:\Windows\System\MrtypNR.exe
  C:\Windows\System\MrtypNR.exe
  2⤵
  PID:8672
- C:\Windows\System\BKWleyS.exe
  C:\Windows\System\BKWleyS.exe
  2⤵
  PID:8688
- C:\Windows\System\BEBqGOh.exe
  C:\Windows\System\BEBqGOh.exe
  2⤵
  PID:8704
- C:\Windows\System\NOuuThO.exe
  C:\Windows\System\NOuuThO.exe
  2⤵
  PID:8720
- C:\Windows\System\lnRBlLn.exe
  C:\Windows\System\lnRBlLn.exe
  2⤵
  PID:8736
- C:\Windows\System\ligublK.exe
  C:\Windows\System\ligublK.exe
  2⤵
  PID:8752
- C:\Windows\System\gkWcslV.exe
  C:\Windows\System\gkWcslV.exe
  2⤵
  PID:8768
- C:\Windows\System\ujKSUzH.exe
  C:\Windows\System\ujKSUzH.exe
  2⤵
  PID:8784
- C:\Windows\System\BtYwhdQ.exe
  C:\Windows\System\BtYwhdQ.exe
  2⤵
  PID:8800
- C:\Windows\System\RoGrhwG.exe
  C:\Windows\System\RoGrhwG.exe
  2⤵
  PID:8816
- C:\Windows\System\EpfvDHB.exe
  C:\Windows\System\EpfvDHB.exe
  2⤵
  PID:8836
- C:\Windows\System\nFEGSQf.exe
  C:\Windows\System\nFEGSQf.exe
  2⤵
  PID:8852
- C:\Windows\System\spQmVxY.exe
  C:\Windows\System\spQmVxY.exe
  2⤵
  PID:8868
- C:\Windows\System\XWOuVuI.exe
  C:\Windows\System\XWOuVuI.exe
  2⤵
  PID:8884
- C:\Windows\System\dZOaWLT.exe
  C:\Windows\System\dZOaWLT.exe
  2⤵
  PID:8900
- C:\Windows\System\mqYEJFy.exe
  C:\Windows\System\mqYEJFy.exe
  2⤵
  PID:8916
- C:\Windows\System\gvxpkaX.exe
  C:\Windows\System\gvxpkaX.exe
  2⤵
  PID:8932
- C:\Windows\System\xWsgkTl.exe
  C:\Windows\System\xWsgkTl.exe
  2⤵
  PID:8952
- C:\Windows\System\erUjWtT.exe
  C:\Windows\System\erUjWtT.exe
  2⤵
  PID:8968
- C:\Windows\System\AQUdNnY.exe
  C:\Windows\System\AQUdNnY.exe
  2⤵
  PID:8984
- C:\Windows\System\vBArMKK.exe
  C:\Windows\System\vBArMKK.exe
  2⤵
  PID:9000
- C:\Windows\System\zyUyuYb.exe
  C:\Windows\System\zyUyuYb.exe
  2⤵
  PID:9020
- C:\Windows\System\LoIMIwh.exe
  C:\Windows\System\LoIMIwh.exe
  2⤵
  PID:9036
- C:\Windows\System\FjFCXYM.exe
  C:\Windows\System\FjFCXYM.exe
  2⤵
  PID:9052
- C:\Windows\System\fmZomMS.exe
  C:\Windows\System\fmZomMS.exe
  2⤵
  PID:9068
- C:\Windows\System\YWTcupU.exe
  C:\Windows\System\YWTcupU.exe
  2⤵
  PID:9084
- C:\Windows\System\rkxYDik.exe
  C:\Windows\System\rkxYDik.exe
  2⤵
  PID:9104
- C:\Windows\System\loBcJrR.exe
  C:\Windows\System\loBcJrR.exe
  2⤵
  PID:9120
- C:\Windows\System\ERKGNcZ.exe
  C:\Windows\System\ERKGNcZ.exe
  2⤵
  PID:9136
- C:\Windows\System\sSWDGJP.exe
  C:\Windows\System\sSWDGJP.exe
  2⤵
  PID:9152
- C:\Windows\System\pbJdLIv.exe
  C:\Windows\System\pbJdLIv.exe
  2⤵
  PID:9168
- C:\Windows\System\ltuQAVX.exe
  C:\Windows\System\ltuQAVX.exe
  2⤵
  PID:9184
- C:\Windows\System\fjMFJqR.exe
  C:\Windows\System\fjMFJqR.exe
  2⤵
  PID:9200
- C:\Windows\System\znfsnxC.exe
  C:\Windows\System\znfsnxC.exe
  2⤵
  PID:7800
- C:\Windows\System\dGfAYJf.exe
  C:\Windows\System\dGfAYJf.exe
  2⤵
  PID:6432
- C:\Windows\System\LLsBAKk.exe
  C:\Windows\System\LLsBAKk.exe
  2⤵
  PID:7768
- C:\Windows\System\NnIMcxQ.exe
  C:\Windows\System\NnIMcxQ.exe
  2⤵
  PID:8248
- C:\Windows\System\SQRrqKX.exe
  C:\Windows\System\SQRrqKX.exe
  2⤵
  PID:8332
- C:\Windows\System\EoFWkqX.exe
  C:\Windows\System\EoFWkqX.exe
  2⤵
  PID:8352
- C:\Windows\System\ZWNpMJs.exe
  C:\Windows\System\ZWNpMJs.exe
  2⤵
  PID:8372
- C:\Windows\System\XJqIJUB.exe
  C:\Windows\System\XJqIJUB.exe
  2⤵
  PID:8488
- C:\Windows\System\bijeDUA.exe
  C:\Windows\System\bijeDUA.exe
  2⤵
  PID:8444
- C:\Windows\System\NzlIMpt.exe
  C:\Windows\System\NzlIMpt.exe
  2⤵
  PID:8508
- C:\Windows\System\mROQsGl.exe
  C:\Windows\System\mROQsGl.exe
  2⤵
  PID:8572
- C:\Windows\System\RDdDyQO.exe
  C:\Windows\System\RDdDyQO.exe
  2⤵
  PID:8620
- C:\Windows\System\uAAIOMe.exe
  C:\Windows\System\uAAIOMe.exe
  2⤵
  PID:8652
- C:\Windows\System\SWKGreC.exe
  C:\Windows\System\SWKGreC.exe
  2⤵
  PID:8636
- C:\Windows\System\ePGynht.exe
  C:\Windows\System\ePGynht.exe
  2⤵
  PID:8664
- C:\Windows\System\mDZwwJW.exe
  C:\Windows\System\mDZwwJW.exe
  2⤵
  PID:8696
- C:\Windows\System\mhDIMSA.exe
  C:\Windows\System\mhDIMSA.exe
  2⤵
  PID:8744
- C:\Windows\System\VarjaSX.exe
  C:\Windows\System\VarjaSX.exe
  2⤵
  PID:8780
- C:\Windows\System\oYqAEyM.exe
  C:\Windows\System\oYqAEyM.exe
  2⤵
  PID:8760
- C:\Windows\System\BFUAGpm.exe
  C:\Windows\System\BFUAGpm.exe
  2⤵
  PID:8824
- C:\Windows\System\RkPXAuz.exe
  C:\Windows\System\RkPXAuz.exe
  2⤵
  PID:8848
- C:\Windows\System\iEnXGrU.exe
  C:\Windows\System\iEnXGrU.exe
  2⤵
  PID:8992
- C:\Windows\System\mVoLQMT.exe
  C:\Windows\System\mVoLQMT.exe
  2⤵
  PID:8912
- C:\Windows\System\YifwgxD.exe
  C:\Windows\System\YifwgxD.exe
  2⤵
  PID:9008
- C:\Windows\System\HSFLdwE.exe
  C:\Windows\System\HSFLdwE.exe
  2⤵
  PID:9064
- C:\Windows\System\MvWBImA.exe
  C:\Windows\System\MvWBImA.exe
  2⤵
  PID:9128
- C:\Windows\System\wLFIzBK.exe
  C:\Windows\System\wLFIzBK.exe
  2⤵
  PID:8216
- C:\Windows\System\gIGzSnn.exe
  C:\Windows\System\gIGzSnn.exe
  2⤵
  PID:8264
- C:\Windows\System\YOusGXQ.exe
  C:\Windows\System\YOusGXQ.exe
  2⤵
  PID:6688
- C:\Windows\System\oGAUZvP.exe
  C:\Windows\System\oGAUZvP.exe
  2⤵
  PID:7388
- C:\Windows\System\aEDaVhH.exe
  C:\Windows\System\aEDaVhH.exe
  2⤵
  PID:7200
- C:\Windows\System\OvhFeBc.exe
  C:\Windows\System\OvhFeBc.exe
  2⤵
  PID:8328
- C:\Windows\System\EdCdbZl.exe
  C:\Windows\System\EdCdbZl.exe
  2⤵
  PID:7584
- C:\Windows\System\VNXnxEU.exe
  C:\Windows\System\VNXnxEU.exe
  2⤵
  PID:8220
- C:\Windows\System\RBCCZAc.exe
  C:\Windows\System\RBCCZAc.exe
  2⤵
  PID:8360
- C:\Windows\System\nvfcojM.exe
  C:\Windows\System\nvfcojM.exe
  2⤵
  PID:8428
- C:\Windows\System\BqiVlgd.exe
  C:\Windows\System\BqiVlgd.exe
  2⤵
  PID:8460
- C:\Windows\System\BsPpnOu.exe
  C:\Windows\System\BsPpnOu.exe
  2⤵
  PID:8668
- C:\Windows\System\nPTbQGz.exe
  C:\Windows\System\nPTbQGz.exe
  2⤵
  PID:8600
- C:\Windows\System\MHgrSZt.exe
  C:\Windows\System\MHgrSZt.exe
  2⤵
  PID:8728
- C:\Windows\System\FKvvBpg.exe
  C:\Windows\System\FKvvBpg.exe
  2⤵
  PID:8876
- C:\Windows\System\VhnHiSY.exe
  C:\Windows\System\VhnHiSY.exe
  2⤵
  PID:8892
- C:\Windows\System\tAWWuDI.exe
  C:\Windows\System\tAWWuDI.exe
  2⤵
  PID:8860
- C:\Windows\System\RBNROnV.exe
  C:\Windows\System\RBNROnV.exe
  2⤵
  PID:9016
- C:\Windows\System\YabYrEY.exe
  C:\Windows\System\YabYrEY.exe
  2⤵
  PID:8976
- C:\Windows\System\LOvmiXa.exe
  C:\Windows\System\LOvmiXa.exe
  2⤵
  PID:9160
- C:\Windows\System\HmfbATZ.exe
  C:\Windows\System\HmfbATZ.exe
  2⤵
  PID:9076
- C:\Windows\System\YAqSqUF.exe
  C:\Windows\System\YAqSqUF.exe
  2⤵
  PID:9176
- C:\Windows\System\FbGjAEm.exe
  C:\Windows\System\FbGjAEm.exe
  2⤵
  PID:9196
- C:\Windows\System\wvfMPfa.exe
  C:\Windows\System\wvfMPfa.exe
  2⤵
  PID:7796
- C:\Windows\System\IefCCSr.exe
  C:\Windows\System\IefCCSr.exe
  2⤵
  PID:8232
- C:\Windows\System\lGrwOfz.exe
  C:\Windows\System\lGrwOfz.exe
  2⤵
  PID:8236
- C:\Windows\System\mYPXFcW.exe
  C:\Windows\System\mYPXFcW.exe
  2⤵
  PID:8300
- C:\Windows\System\zKKoxvq.exe
  C:\Windows\System\zKKoxvq.exe
  2⤵
  PID:7724
- C:\Windows\System\mMFiOZu.exe
  C:\Windows\System\mMFiOZu.exe
  2⤵
  PID:8008
- C:\Windows\System\lVjaVGa.exe
  C:\Windows\System\lVjaVGa.exe
  2⤵
  PID:7660
- C:\Windows\System\tPUwWEA.exe
  C:\Windows\System\tPUwWEA.exe
  2⤵
  PID:8368
- C:\Windows\System\tXiofMl.exe
  C:\Windows\System\tXiofMl.exe
  2⤵
  PID:8384
- C:\Windows\System\CmpvDgq.exe
  C:\Windows\System\CmpvDgq.exe
  2⤵
  PID:8316
- C:\Windows\System\CKyFahM.exe
  C:\Windows\System\CKyFahM.exe
  2⤵
  PID:7324
- C:\Windows\System\wpFtFtL.exe
  C:\Windows\System\wpFtFtL.exe
  2⤵
  PID:8732
- C:\Windows\System\tJXkTaJ.exe
  C:\Windows\System\tJXkTaJ.exe
  2⤵
  PID:8808
- C:\Windows\System\pSyscsW.exe
  C:\Windows\System\pSyscsW.exe
  2⤵
  PID:8960
- C:\Windows\System\DsbOKEF.exe
  C:\Windows\System\DsbOKEF.exe
  2⤵
  PID:9028
- C:\Windows\System\SrqkhGu.exe
  C:\Windows\System\SrqkhGu.exe
  2⤵
  PID:8980
- C:\Windows\System\swBUglT.exe
  C:\Windows\System\swBUglT.exe
  2⤵
  PID:9044
- C:\Windows\System\NqooWTZ.exe
  C:\Windows\System\NqooWTZ.exe
  2⤵
  PID:8456
- C:\Windows\System\NKnxalv.exe
  C:\Windows\System\NKnxalv.exe
  2⤵
  PID:8296
- C:\Windows\System\BZqZYKS.exe
  C:\Windows\System\BZqZYKS.exe
  2⤵
  PID:9220
- C:\Windows\System\GnzYJee.exe
  C:\Windows\System\GnzYJee.exe
  2⤵
  PID:9236
- C:\Windows\System\WyKOAmh.exe
  C:\Windows\System\WyKOAmh.exe
  2⤵
  PID:9252
- C:\Windows\System\bVnUXUA.exe
  C:\Windows\System\bVnUXUA.exe
  2⤵
  PID:9268
- C:\Windows\System\UDVLuVx.exe
  C:\Windows\System\UDVLuVx.exe
  2⤵
  PID:9284
- C:\Windows\System\USPOyMv.exe
  C:\Windows\System\USPOyMv.exe
  2⤵
  PID:9300
- C:\Windows\System\YCFZevL.exe
  C:\Windows\System\YCFZevL.exe
  2⤵
  PID:9316
- C:\Windows\System\JUOKkYF.exe
  C:\Windows\System\JUOKkYF.exe
  2⤵
  PID:9332
- C:\Windows\System\rfKahxI.exe
  C:\Windows\System\rfKahxI.exe
  2⤵
  PID:9348
- C:\Windows\System\vAFlqMh.exe
  C:\Windows\System\vAFlqMh.exe
  2⤵
  PID:9392
- C:\Windows\System\kzKzYza.exe
  C:\Windows\System\kzKzYza.exe
  2⤵
  PID:9412
- C:\Windows\System\VIUAlxR.exe
  C:\Windows\System\VIUAlxR.exe
  2⤵
  PID:9432
- C:\Windows\System\qTOGZJO.exe
  C:\Windows\System\qTOGZJO.exe
  2⤵
  PID:9448
- C:\Windows\System\GUSVHbr.exe
  C:\Windows\System\GUSVHbr.exe
  2⤵
  PID:9464
- C:\Windows\System\DCcHFii.exe
  C:\Windows\System\DCcHFii.exe
  2⤵
  PID:9488
- C:\Windows\System\xUdXuLa.exe
  C:\Windows\System\xUdXuLa.exe
  2⤵
  PID:9504
- C:\Windows\System\KmpHvwB.exe
  C:\Windows\System\KmpHvwB.exe
  2⤵
  PID:9548
- C:\Windows\System\TtKLJyM.exe
  C:\Windows\System\TtKLJyM.exe
  2⤵
  PID:9648
- C:\Windows\System\bQkXDnG.exe
  C:\Windows\System\bQkXDnG.exe
  2⤵
  PID:9684
- C:\Windows\System\aAlHxzz.exe
  C:\Windows\System\aAlHxzz.exe
  2⤵
  PID:9700
- C:\Windows\System\OHsJZpr.exe
  C:\Windows\System\OHsJZpr.exe
  2⤵
  PID:9716
- C:\Windows\System\QlMDeQZ.exe
  C:\Windows\System\QlMDeQZ.exe
  2⤵
  PID:9732
- C:\Windows\System\qeRATRE.exe
  C:\Windows\System\qeRATRE.exe
  2⤵
  PID:9748
- C:\Windows\System\aLSenef.exe
  C:\Windows\System\aLSenef.exe
  2⤵
  PID:9764
- C:\Windows\System\oPKSDjO.exe
  C:\Windows\System\oPKSDjO.exe
  2⤵
  PID:9780
- C:\Windows\System\HlFSMqp.exe
  C:\Windows\System\HlFSMqp.exe
  2⤵
  PID:9796
- C:\Windows\System\AUNIZYV.exe
  C:\Windows\System\AUNIZYV.exe
  2⤵
  PID:9824
- C:\Windows\System\mULlRsY.exe
  C:\Windows\System\mULlRsY.exe
  2⤵
  PID:9844
- C:\Windows\System\DqlQRsb.exe
  C:\Windows\System\DqlQRsb.exe
  2⤵
  PID:9860
- C:\Windows\System\HIFTNyy.exe
  C:\Windows\System\HIFTNyy.exe
  2⤵
  PID:9880
- C:\Windows\System\aglkeeF.exe
  C:\Windows\System\aglkeeF.exe
  2⤵
  PID:9900
- C:\Windows\System\pRsjRQW.exe
  C:\Windows\System\pRsjRQW.exe
  2⤵
  PID:9916
- C:\Windows\System\KDeGjxd.exe
  C:\Windows\System\KDeGjxd.exe
  2⤵
  PID:9936
- C:\Windows\System\zopDlqw.exe
  C:\Windows\System\zopDlqw.exe
  2⤵
  PID:9960
- C:\Windows\System\LRlEdtS.exe
  C:\Windows\System\LRlEdtS.exe
  2⤵
  PID:9984
- C:\Windows\System\ExSLKgm.exe
  C:\Windows\System\ExSLKgm.exe
  2⤵
  PID:10000
- C:\Windows\System\ovDimeb.exe
  C:\Windows\System\ovDimeb.exe
  2⤵
  PID:10020
- C:\Windows\System\BDwPjeJ.exe
  C:\Windows\System\BDwPjeJ.exe
  2⤵
  PID:10040
- C:\Windows\System\YgqwVko.exe
  C:\Windows\System\YgqwVko.exe
  2⤵
  PID:10056
- C:\Windows\System\ZoChZWB.exe
  C:\Windows\System\ZoChZWB.exe
  2⤵
  PID:10116
- C:\Windows\System\tsSvvUY.exe
  C:\Windows\System\tsSvvUY.exe
  2⤵
  PID:10132
- C:\Windows\System\iwGYcSx.exe
  C:\Windows\System\iwGYcSx.exe
  2⤵
  PID:10148
- C:\Windows\System\mpxpQht.exe
  C:\Windows\System\mpxpQht.exe
  2⤵
  PID:10164
- C:\Windows\System\heQVSYc.exe
  C:\Windows\System\heQVSYc.exe
  2⤵
  PID:10180
- C:\Windows\System\ZONVKdU.exe
  C:\Windows\System\ZONVKdU.exe
  2⤵
  PID:10196
- C:\Windows\System\mzuFoGz.exe
  C:\Windows\System\mzuFoGz.exe
  2⤵
  PID:10212
- C:\Windows\System\ZAkoysK.exe
  C:\Windows\System\ZAkoysK.exe
  2⤵
  PID:10228
- C:\Windows\System\ixaQFFe.exe
  C:\Windows\System\ixaQFFe.exe
  2⤵
  PID:8712
- C:\Windows\System\legKTjQ.exe
  C:\Windows\System\legKTjQ.exe
  2⤵
  PID:9116
- C:\Windows\System\UZHFZqo.exe
  C:\Windows\System\UZHFZqo.exe
  2⤵
  PID:8880
- C:\Windows\System\PwGKKOW.exe
  C:\Windows\System\PwGKKOW.exe
  2⤵
  PID:9112
- C:\Windows\System\wiCZTkc.exe
  C:\Windows\System\wiCZTkc.exe
  2⤵
  PID:9356
- C:\Windows\System\OCtHwNq.exe
  C:\Windows\System\OCtHwNq.exe
  2⤵
  PID:7700
- C:\Windows\System\bQOUlrN.exe
  C:\Windows\System\bQOUlrN.exe
  2⤵
  PID:8268
- C:\Windows\System\BMSYLcS.exe
  C:\Windows\System\BMSYLcS.exe
  2⤵
  PID:8864
- C:\Windows\System\DGajsSB.exe
  C:\Windows\System\DGajsSB.exe
  2⤵
  PID:7712
- C:\Windows\System\hFSEEQT.exe
  C:\Windows\System\hFSEEQT.exe
  2⤵
  PID:9212
- C:\Windows\System\SAOsuPP.exe
  C:\Windows\System\SAOsuPP.exe
  2⤵
  PID:8340
- C:\Windows\System\JmCVzgH.exe
  C:\Windows\System\JmCVzgH.exe
  2⤵
  PID:9276
- C:\Windows\System\FRwFFQZ.exe
  C:\Windows\System\FRwFFQZ.exe
  2⤵
  PID:9444
- C:\Windows\System\oGuHXrs.exe
  C:\Windows\System\oGuHXrs.exe
  2⤵
  PID:9420
- C:\Windows\System\iVnkQBF.exe
  C:\Windows\System\iVnkQBF.exe
  2⤵
  PID:9512
- C:\Windows\System\YZFJGWv.exe
  C:\Windows\System\YZFJGWv.exe
  2⤵
  PID:9536
- C:\Windows\System\rMmtlqJ.exe
  C:\Windows\System\rMmtlqJ.exe
  2⤵
  PID:9560
- C:\Windows\System\pytIhpa.exe
  C:\Windows\System\pytIhpa.exe
  2⤵
  PID:9564
- C:\Windows\System\sFLqFFm.exe
  C:\Windows\System\sFLqFFm.exe
  2⤵
  PID:9608
- C:\Windows\System\VqIHxDV.exe
  C:\Windows\System\VqIHxDV.exe
  2⤵
  PID:9600
- C:\Windows\System\EualZJj.exe
  C:\Windows\System\EualZJj.exe
  2⤵
  PID:9620
- C:\Windows\System\RMgpySD.exe
  C:\Windows\System\RMgpySD.exe
  2⤵
  PID:9628
- C:\Windows\System\JgmAecv.exe
  C:\Windows\System\JgmAecv.exe
  2⤵
  PID:9668
- C:\Windows\System\QseXewK.exe
  C:\Windows\System\QseXewK.exe
  2⤵
  PID:9680
- C:\Windows\System\xgXFbVK.exe
  C:\Windows\System\xgXFbVK.exe
  2⤵
  PID:9744
- C:\Windows\System\dyPDTgK.exe
  C:\Windows\System\dyPDTgK.exe
  2⤵
  PID:9840
- C:\Windows\System\sKbWEIw.exe
  C:\Windows\System\sKbWEIw.exe
  2⤵
  PID:9908
- C:\Windows\System\BlzrPWu.exe
  C:\Windows\System\BlzrPWu.exe
  2⤵
  PID:9952
- C:\Windows\System\NOqpZGU.exe
  C:\Windows\System\NOqpZGU.exe
  2⤵
  PID:10028
- C:\Windows\System\tTUoXFu.exe
  C:\Windows\System\tTUoXFu.exe
  2⤵
  PID:10072
- C:\Windows\System\fMlSZQN.exe
  C:\Windows\System\fMlSZQN.exe
  2⤵
  PID:10092
- C:\Windows\System\LUENgtZ.exe
  C:\Windows\System\LUENgtZ.exe
  2⤵
  PID:10048
- C:\Windows\System\AbqpLBg.exe
  C:\Windows\System\AbqpLBg.exe
  2⤵
  PID:9924
- C:\Windows\System\skBFpIQ.exe
  C:\Windows\System\skBFpIQ.exe
  2⤵
  PID:9804
- C:\Windows\System\ZGzSiPg.exe
  C:\Windows\System\ZGzSiPg.exe
  2⤵
  PID:9852
- C:\Windows\System\XNJCQWj.exe
  C:\Windows\System\XNJCQWj.exe
  2⤵
  PID:9928
- C:\Windows\System\qTuQkga.exe
  C:\Windows\System\qTuQkga.exe
  2⤵
  PID:10052
- C:\Windows\System\UmbaNVw.exe
  C:\Windows\System\UmbaNVw.exe
  2⤵
  PID:10108
- C:\Windows\System\PRPIqfQ.exe
  C:\Windows\System\PRPIqfQ.exe
  2⤵
  PID:10176
- C:\Windows\System\RecqZgn.exe
  C:\Windows\System\RecqZgn.exe
  2⤵
  PID:10236
- C:\Windows\System\aAfMZpR.exe
  C:\Windows\System\aAfMZpR.exe
  2⤵
  PID:9228
- C:\Windows\System\RFEuDZk.exe
  C:\Windows\System\RFEuDZk.exe
  2⤵
  PID:10156
- C:\Windows\System\CMvtTlD.exe
  C:\Windows\System\CMvtTlD.exe
  2⤵
  PID:10224
- C:\Windows\System\EDsvxMh.exe
  C:\Windows\System\EDsvxMh.exe
  2⤵
  PID:9324
- C:\Windows\System\qusHUtE.exe
  C:\Windows\System\qusHUtE.exe
  2⤵
  PID:8796
- C:\Windows\System\NSxHcgm.exe
  C:\Windows\System\NSxHcgm.exe
  2⤵
  PID:9192
- C:\Windows\System\wyoXeJF.exe
  C:\Windows\System\wyoXeJF.exe
  2⤵
  PID:9244
- C:\Windows\System\AfZAuCD.exe
  C:\Windows\System\AfZAuCD.exe
  2⤵
  PID:9364
- C:\Windows\System\BeNJflP.exe
  C:\Windows\System\BeNJflP.exe
  2⤵
  PID:9400
- C:\Windows\System\phgYrJx.exe
  C:\Windows\System\phgYrJx.exe
  2⤵
  PID:9456
- C:\Windows\System\GeeybsK.exe
  C:\Windows\System\GeeybsK.exe
  2⤵
  PID:9516
- C:\Windows\System\KdntTIi.exe
  C:\Windows\System\KdntTIi.exe
  2⤵
  PID:9528
- C:\Windows\System\lPfVltb.exe
  C:\Windows\System\lPfVltb.exe
  2⤵
  PID:8684
- C:\Windows\System\OuAhJwJ.exe
  C:\Windows\System\OuAhJwJ.exe
  2⤵
  PID:9632
- C:\Windows\System\EdpWFCV.exe
  C:\Windows\System\EdpWFCV.exe
  2⤵
  PID:9612
- C:\Windows\System\IUsfXDJ.exe
  C:\Windows\System\IUsfXDJ.exe
  2⤵
  PID:9640
- C:\Windows\System\IFrUIaz.exe
  C:\Windows\System\IFrUIaz.exe
  2⤵
  PID:9712
- C:\Windows\System\kukpPWA.exe
  C:\Windows\System\kukpPWA.exe
  2⤵
  PID:9696
- C:\Windows\System\WabQCMw.exe
  C:\Windows\System\WabQCMw.exe
  2⤵
  PID:9836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DLzCoyk.exe

Filesize
6.0MB

MD5
b72226df7daaad3c70e9e436eb36ba73

SHA1
4ae4784db24c513724e2852734be3a783c0b0d93

SHA256
cf36131966af6590d76817a05aea3edba951914a8ec3ff798f1593ba76b500b7

SHA512
f8211eae267de76e4ed3fc5272f9326e39b3872b98f452635617567521343366e87868ae46bbc6aff584d359b0b1d55c174ed3c1389fa838e7cb866efffb57e4

Download Submit
C:\Windows\system\DQSqLvD.exe

Filesize
6.0MB

MD5
e6ab4c65d11f2deae60c8ce7a716f333

SHA1
4d4dc9b6b82db9c33b9c7aa8151f73917b4a8b4e

SHA256
5e729821e1edf5ceb8a69bce73eebf3604e7072fcbd6cab9b22b1a37631ae8b2

SHA512
ae2ac46f6ba4c4433d340c4f7f58a79405431fabdedd82569993a609ba303c33ffa076da8f82a6812d66945ad7cbe575600dfcd6eda617c73a49da393e861c6b

Download Submit
C:\Windows\system\EwgOjtj.exe

Filesize
6.0MB

MD5
8c2bb276e9b1f7fbb0fb1f7d6231f27b

SHA1
5899ab25ced2499524f065eadf961b9b9efc3315

SHA256
b33bea6f6131938352d1cf6fdb83bfc19a48f7096d313dccd26955b1d0d0ca5c

SHA512
5934a21956f9d116d2b34a217fac7d743e818e971fbd328e354261cc753b52c8e71ed4f63c1a90e04ba715cc694764142017691fe9020e59a57cc5f4dd23254f

Download Submit
C:\Windows\system\FLYYlvn.exe

Filesize
6.0MB

MD5
ff0e81889cb60af17b376ba7b5d2f80d

SHA1
3d41d4537330353fc90812332eba3aae12be1a43

SHA256
3a1ed154123f2319a704563f3cac3dc00e7e7da27acfaa85592821c05b30648b

SHA512
3a3b28c8460c0247999a31856707f3c785cfa3f1647d168268cfb509601c07680d018af2bb15dcf7041ac4ec5e0bfc94593f5a31198f45c44b27fd0121d7c6f0

Download Submit
C:\Windows\system\FdgllNI.exe

Filesize
6.0MB

MD5
9952582d502665cf4d148df347ec5827

SHA1
c65b2526060fdd1ef874e097b7ddd65f6744c8c6

SHA256
7bd0700a71910d78fe9c805e37b84b8a5c7c14bcd130eb20bd1cf0ca0074a73f

SHA512
e6da97d63c42818cf177f9726aea787e5afeeda9e08f1893071af07d4b4a54a5446392a024640ac73592c600fea0dd7a155980af4d24fccabdc528e5d753d943

Download Submit
C:\Windows\system\MupzPyb.exe

Filesize
6.0MB

MD5
a64627ed429d5a71dae8f495be983621

SHA1
5394615fa2d56e5c47f679ddfe2b544d425f0e66

SHA256
d91169ad6f9bebc3fd3764b42905d07bb739c7f0cf487326b1793313c37ca488

SHA512
9b334adf65783dde4588f9dacca9bed648ec37937a0846710def64cc74d5dea662518081e55d844be6bd5591216ddfe0e3e90f8f2a7e6ddcef0216497b8394d2

Download Submit
C:\Windows\system\TJOEpGm.exe

Filesize
6.0MB

MD5
fef5e62a69f2164bc72947cda48e0c3d

SHA1
0ebb794f3563213e577e6cbc16d518fe3a5ffd96

SHA256
9d93188242e20483b37a364f6721f788014101c965f97265b08fade35385af0c

SHA512
57a6f11cfdccf860c497832d6169345b728ce939b03f7079fbdbc20dba94ba83199efa599ec0e849904afd2fd1f554a937bbb9edfbc27ba40d6841ddeb6ec55c

Download Submit
C:\Windows\system\XgvtKuC.exe

Filesize
6.0MB

MD5
c4bf1accde61080a2d922d9867052885

SHA1
21a04841500154ada0ebe48b327f41de6319293d

SHA256
65f070c79bb1fb316b72051f0e9ca22c11d123280e1068445a00d16a1b6161d5

SHA512
83e6c70950a5e9d33431591c19bb19c07690358bea00bfdf2e4150f23cc8cbc17dcf95ce449d509f1c5b57aa6845a7a23ae34a963bafb0b3727edaa3c4a5c596

Download Submit
C:\Windows\system\fJUVywV.exe

Filesize
6.0MB

MD5
c3db5ffb66394aaff8ed4df4223d5cc4

SHA1
77009eecc9200ba590c3e379d467834e86414088

SHA256
936d2139563393f27634cf073e8f36be7e7606ba915067beb899d09d82eac4f9

SHA512
51e140be57129d4bf44c3c4da41afb3ef499832d12536201ca8657f4d971083da3faa8ebb658d8f07a63b6632bb4b3c9a46e200341a9630f8627435fb2eda16e

Download Submit
C:\Windows\system\kygiofj.exe

Filesize
6.0MB

MD5
6a7a666db9ac71677b9bade345c778ed

SHA1
7a80d4efe4a2d58668ab28b74ff2b43599d3c74e

SHA256
5155588356fa6fc88b1aed8ebe97e5e35a59242d27381b1724b31f2d21cd7b7c

SHA512
32119272740f4242e7998ffa6e058b5b2b8458942ea0658ff3eb07ae5b771bbfe9bcb41d5c9bb182e447cc7870dd76a5c1242505fd488470537fa2dd97bbe671

Download Submit
C:\Windows\system\lvzsqVP.exe

Filesize
6.0MB

MD5
cb8b1a22be16855651d0d0c3c134e99d

SHA1
473685a2d9c3fb52734470d015f812ad9e75d136

SHA256
39855e88316aef8857a4a37dfb294b9fafa9404066cfd063e47a655f2c693ec0

SHA512
9b3c2663979f831985cf3b300cce3e5a7a62a195b33cbbb03395c5b73ee8eb36aae9bab12c084eb331c45eedfdfa6d7d051609889d412fe169f4c330d2db397b

Download Submit
C:\Windows\system\mxadHWx.exe

Filesize
6.0MB

MD5
5949858f6ba65f8a126bcc3ca09c344f

SHA1
010d495d2f8473a0d59321fc6af8de8f66bdfd9f

SHA256
4974d3d5147e17d0987886c1694190d95cd40e5beb931b7f8694ca70ef44fcd0

SHA512
c22fdc152c03923c35d477dc4f4900c6d8a4d60b030788c1e5aa790ff4a9cb7eb530df50e5727e479ddff8a5d1251edd0fc6364ee331079ec1c98dfdec16dab3

Download Submit
C:\Windows\system\oOdDWhg.exe

Filesize
6.0MB

MD5
bea869f827f9963cfee3bd7d5061cc2c

SHA1
f32504e716bda833b9bf6f48db20ddbde3a72866

SHA256
2762bf8e5da7ad1b955c582c17863868033ae4f868895d1ffe95f6e74c4edf7f

SHA512
ea93dc175a39bf0662034c1524d5b891039879d4c87b9637efdfdc0a13eee7a91aa9c274019cb8ca5251d8086ad4d3c843daedff7198fead371522043134eb42

Download Submit
C:\Windows\system\qYTwDpY.exe

Filesize
6.0MB

MD5
3c11ac98e6309b90251fdca78ec6a2ee

SHA1
3f37182152104446234775157cc2a029dd83e9ad

SHA256
cafeacdc1e94d7a679812865ebec5f455fece2a1bd8ce7f4e171db6c4c61868f

SHA512
d6d353c3f040c19b80ce3271696f87507d10820b63205c85eb0a9670608f495389f419ac35c8076b5a7a8584681dce1615139d60ebc5e7071ca275a4de44d666

Download Submit
C:\Windows\system\sTQjLkS.exe

Filesize
6.0MB

MD5
ac36cdfdb0a6da7d864a163e7e726fca

SHA1
3f118fe01bfa13c62a6875503c6db5fcbf4e1eff

SHA256
7149016d52d2de736006224250553de2b05be8d3b3137f6377321491af8c886c

SHA512
d5203d1d9ff18e2a81102b7ab0858cd27ba13e97e9c527f913b7bc25fcfd8337e192088994e0729413dc0afd7ef0106570cfa92000cad87d918981b9665474be

Download Submit
C:\Windows\system\scfWZEI.exe

Filesize
6.0MB

MD5
cfe66396b1620104ad3b3da51511c15b

SHA1
04005dea71c6b3860a769108efe08f7535f60bf1

SHA256
477741d9c64a1eb5cc59d8cb163997cb45adf254c23c56ca26ce15f60bf5bb8a

SHA512
131a6aa113482c76df6caee1173bb7be55a1fd92054c51163a8f81f6c7c1bdad3da0b16c217c951f92a2e32feb17189a0847a5f76569aead1fd62c88ef0b2c2e

Download Submit
C:\Windows\system\tdgwBql.exe

Filesize
6.0MB

MD5
b00453d6bb5f06d7bfb198fc5bf1440c

SHA1
34d65643a8afaeb30bc11cc89158af08ce85ee54

SHA256
3c1852ae7de17d0df1f52b7d6d636c596fb12ac3b996983e25ebd8c2f6e1a57e

SHA512
bad6e3b4eaed86b8c6a6f9b6a18ecf6af8ab72b34ce77ef3b34e334e14c82fa5858c8b5da55f1475282fc6e448224a7a41c14e82e71599296a067b5a689361cf

Download Submit
C:\Windows\system\tqWUWYU.exe

Filesize
6.0MB

MD5
7832a4e65b7ae3360f62491bf366b858

SHA1
de744049d7cd0244f0d686eb9b66dc066c0b6a6b

SHA256
8a63191c7a347c404737d02afc4c255332cdaf1cca81f868090c599d044494b6

SHA512
13decf15c617717f2adaf20a47c6468c191e64604b9327796b849e7da8c9221fa9b7809ce33107c6e3138b090f1370910f0914927cbc6ff5e3d8872ab07c1a1d

Download Submit
C:\Windows\system\vurmqaa.exe

Filesize
6.0MB

MD5
08cbd2e6b807a32438bad61216d2cd87

SHA1
e4ae539a79ce22bf1e3796f44bc948f0a4a82b90

SHA256
05c768305d685a903bc818ed3684a258e02003cdeacba72dc6c9d30de44b490f

SHA512
8d397913fcf27dfc5e946769775ca82a081ef4f3dcea66422279d7e7b88ed01f89dedc0c084eaa50c16f44f0850233c48549024fe0e703c60241c79fd2458c48

Download Submit
C:\Windows\system\xaKsdhu.exe

Filesize
6.0MB

MD5
856cdabb646885d32a7d7533c7c59207

SHA1
0cdbb249824281ede4b753021978236434243571

SHA256
8636f8cff97a4981472c4ecb3128d4a0c28f62b09b7991c798b00a03090b4b75

SHA512
a6a5b6ef745082fd1e1a8356f7e020a0c2911489d29f7ec84b46ac790fd075be4ed52cc7d5f3e7a52d3f8ac6b48ae27e57974dfd04c19f53d68855a7118cdeb0

Download Submit
\Windows\system\FJulicM.exe

Filesize
6.0MB

MD5
08c78ce6b86b49b25ab4525c2ba6cbf0

SHA1
9cf4b726e395ae5d37463cc3f5445471827e6aab

SHA256
ba5a5099a2b85dc036f030b73b9c5327974cb171ebc3da1495836c874306fb57

SHA512
ebea916542f1223998b1c702d1970ac1b9ad4a5a38893a6c94c7023bc373fb71f9bfecfd100455883043192dfd799da0dc1d719a68df5f6289ec390d63d0b069

Download Submit
\Windows\system\FXUOOFk.exe

Filesize
6.0MB

MD5
d84d15b967ce471a0c8cf60063fbf8c1

SHA1
801f9a87b28b46432d879b11f3bf1cab896278e4

SHA256
db34ec739a029568a69648a599aeddf79d47cf2426749b3dcd1513f3595c222d

SHA512
0b07aac0c8c985e7c0eea7667370a98ad6a0137ac05a5a0d14327f075bd28ae81bbd7c1fc4bb150441f259f982a02e030cde34be238abccd1299e22c78c78f4b

Download Submit
\Windows\system\GqwruWl.exe

Filesize
6.0MB

MD5
81689f2c2ebd68a35d989893acce1ae8

SHA1
dfea8356a42c1c8afe1cca53cf83949bce365191

SHA256
a32c766a3fd564687b82ad3273c57e3cad040062b7811dbcc68579b93182d24b

SHA512
259aeb6c9b0e2a61c3558db508ecedcbb1dcb6e4e6c69a0ddf897c9c8f95e574d0395f808211cddea0ed96c50c1d5e246e9d33350ef4cc00edaf0a9e3dae85cd

Download Submit
\Windows\system\IBROvRp.exe

Filesize
6.0MB

MD5
41679591e432d68ec88b43ece1bbdff1

SHA1
3e65f323cbde6c0a314721edb83eda14cc7adcd5

SHA256
25a619824d92147262fbf42d621c720ade8d2d39fe2dabe79eba3fddb1d3c08a

SHA512
df142af7f3d521b9375707197c332e7abae01aa3a287945650664081766f06653bb07c9e65d872a319a617c7cec349ff9b6c23e125aeb2cb4533c709ed192463

Download Submit
\Windows\system\IOamfNH.exe

Filesize
6.0MB

MD5
6be09d8335ecf7bf996587036404c33b

SHA1
a21ab43a8729201c20b39f102297e4a709a3cc50

SHA256
829916799022d8d8f839ec457e61712e1a1b3f6e1dfcc0fa0c9fe9def42e6fb1

SHA512
d63c1a33c7e5c94c0012d152ee6c64a6602a562e81387a25279b27921884790d5cacb12fb4db8402ea2c516fdd01ed361821c5d6b48668d16054f8dca3cd0f65

Download Submit
\Windows\system\QQJHknf.exe

Filesize
6.0MB

MD5
fd8abb417742848e02b250f8e837bd69

SHA1
09cd8a3682820e1791d16041b3d05f04e25dbf14

SHA256
92bffcba23e0c7b709f69056da0e81336d127dfe7830d2420b4b29dc4d8ee446

SHA512
fe69f702d4c30e03cccd679b7624328fb7826738530395976bb46760371d6752d590b40fd665a848a8fde2a7208e22bf2e29fe5b7df967b427fbc016c6f91a26

Download Submit
\Windows\system\XPnKHyE.exe

Filesize
6.0MB

MD5
aeee48e1c740f47a8b609c3a80ee361b

SHA1
b1499425c22cdfca44ceede188cad33a94885f4e

SHA256
1a236ae5524225c7cb4cba91888db12c95c11f35a5e68fc7108f57778c89a5ce

SHA512
896c22f6128991ed900c92634e6159e17a391d40710eddcb5b504553653c41f36868622c7a774b859a0c6fd8802239d98ec58682e6f634f879bd12b7571f9d7c

Download Submit
\Windows\system\agkoNoR.exe

Filesize
6.0MB

MD5
39442d951222793e3ca50dfdd736aa27

SHA1
1d26680737e823a2f34eb86c928bb23a2eca6289

SHA256
8d8cc685d3b49c710fff45959463cd8cc7637a40dd147524d320928668ed063b

SHA512
8461dd3ed0ff95afc0f6e5affba9765312119cc3783081c39b4092633439944a99a1bb2fd8bcd3a24c5e0ba05526f90b488dd7c434a483a73a9611cec2813e1d

Download Submit
\Windows\system\edSHDvB.exe

Filesize
6.0MB

MD5
456c0b81965cc4a0d452b67b9b5ca0ab

SHA1
fe7f423223f3dabe8d46ae2f4830cc5a2c0c980d

SHA256
31211f9b667e52c50a136c67727f6235c8b39cace1104813440fd6d5cfd8a83b

SHA512
1715aa036180313886f7bf2d5b87486f43dc8a748830266b65254e2359e2ff0a34a616b1dd1d731f263795417c44d05ab258e01598cf6c4386acca045f85620f

Download Submit
\Windows\system\lClBgLG.exe

Filesize
6.0MB

MD5
ff0c5600a4fc467faff8a0db0700ecf1

SHA1
f08383450e8130cb05e41dbd4e75754d120cce9f

SHA256
0c7404a07484025d48682c384fc49aab3f5157bfbd101a1152ca4f986032f164

SHA512
7f6f323d69260e0ad3f6801c91890c382f8d87945709428ff32830a6051ff575ff87b1c7333ddc39dd7f18cd4c871bca93f994c6b7c258d4b186cd9c912a6909

Download Submit
\Windows\system\putmAXI.exe

Filesize
6.0MB

MD5
c4d7facb8f55976b9367db6e345bf019

SHA1
3b8754d76073e03f234c21e5f0093cd46d006cea

SHA256
0a991c74783a31051c5f25ee3375313bb3d10678b04138537d585e0059556ada

SHA512
310f7b4e439259fb401c1710592b4fdd92f077503806cb7e95bfd830ec307eb0b59c9e9ed6746e5ddf308e13544c7ac316e44b4e8e5cdfe50939e8e074cd0791

Download Submit
\Windows\system\ughVnBX.exe

Filesize
6.0MB

MD5
a0594c7f2348b1b9cd3127788bf22e2d

SHA1
011e1f0c243c1ced62e94947e22c27c240db976f

SHA256
6d2ecdada5bf3427e66ae38a482f7630557fcef8c0a36cc0afe53f0ab8ebb222

SHA512
b784b000f366ca9551abe35731b117ccf9d2801ba327d2e1b676d3ef8ef6aa35cb34fd4e7f080daf0e8eac4ff5f78fc82f182670c2f731987f8b9f251e98a2c8

Download Submit
\Windows\system\ykwvjwC.exe

Filesize
6.0MB

MD5
53039f8452b7026ad15a336104a95570

SHA1
0dbe7a885983ede543612ad7f067cbf48495123e

SHA256
ff408a6bf9a7ec7650e982d3385e29d620062b56b431485e381abe2d6a9c03f0

SHA512
2117fca6dd4a96e0ab65cec4d6d2fa1a0e1393d0f52fe457d47758be80b5e9902325a74ca96153bddcc5f8fd890d1de891c10aea0ac92c90ff54bf77aebd75c0

Download Submit
memory/2112-87-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-3583-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-3578-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2176-108-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2380-19-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3584-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-1190-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2588-4074-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2588-100-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2644-117-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-91-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2644-720-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2644-726-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2644-43-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2644-41-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2644-723-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-65-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2644-63-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2644-40-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2644-47-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-38-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2644-27-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2644-971-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2644-120-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1188-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2644-0-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2644-116-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1401-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2644-18-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-112-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2644-88-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-958-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2672-79-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2672-972-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3579-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2704-32-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3577-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2712-727-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3582-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2712-37-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3580-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-53-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-973-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-95-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-4075-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3610-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-96-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3581-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2812-23-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download