cobaltstrike | 89bc757e22492781ce733ef5ce47fee8cbbed48dedb8976d5181f8716bb9dc17

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28/02/2025, 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

5208c5048bbe7c5236d918fd3dd215c5
SHA1

6cc0e774b80533356bd5368b3d38ceb70a5c48a7
SHA256

89bc757e22492781ce733ef5ce47fee8cbbed48dedb8976d5181f8716bb9dc17
SHA512

93f52e5ada6c75e575509d7a3d1a3a77fbea75d1c09ad129b409601932325305f7e31026dc6e1d462f972bc475483abaa229c350b159c5953dce9b92142e2395
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUX:T+q56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fe-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca5-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d17-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1f-31.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d27-36.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-47.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-139.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016af7-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-104.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-63.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-43.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3b-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0e-24.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cc9-18.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral1/memory/2524-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fe-3.dat	xmrig
behavioral1/memory/2524-6-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ca5-8.dat	xmrig
behavioral1/files/0x0007000000016d17-28.dat	xmrig
behavioral1/files/0x0007000000016d1f-31.dat	xmrig
behavioral1/files/0x0009000000016d27-36.dat	xmrig
behavioral1/files/0x0005000000019490-47.dat	xmrig
behavioral1/files/0x00050000000194d0-59.dat	xmrig
behavioral1/files/0x0005000000019581-83.dat	xmrig
behavioral1/files/0x00050000000195f9-96.dat	xmrig
behavioral1/memory/2524-127-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2864-2388-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019659-154.dat	xmrig
behavioral1/files/0x0005000000019615-150.dat	xmrig
behavioral1/files/0x0005000000019605-146.dat	xmrig
behavioral1/files/0x0005000000019603-139.dat	xmrig
behavioral1/files/0x0009000000016af7-142.dat	xmrig
behavioral1/files/0x00050000000195ff-128.dat	xmrig
behavioral1/files/0x0005000000019601-134.dat	xmrig
behavioral1/memory/2892-126-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2524-125-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/1920-124-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2240-111-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195fd-104.dat	xmrig
behavioral1/files/0x00050000000195fe-108.dat	xmrig
behavioral1/files/0x00050000000195fb-99.dat	xmrig
behavioral1/files/0x00050000000195f7-91.dat	xmrig
behavioral1/files/0x00050000000195c0-87.dat	xmrig
behavioral1/files/0x000500000001955c-79.dat	xmrig
behavioral1/files/0x0005000000019551-75.dat	xmrig
behavioral1/files/0x00050000000194e6-71.dat	xmrig
behavioral1/files/0x00050000000194e4-68.dat	xmrig
behavioral1/files/0x00050000000194da-63.dat	xmrig
behavioral1/files/0x00050000000194c6-55.dat	xmrig
behavioral1/files/0x000500000001949d-51.dat	xmrig
behavioral1/files/0x0005000000019481-43.dat	xmrig
behavioral1/files/0x0008000000016d3b-39.dat	xmrig
behavioral1/files/0x0007000000016d0e-24.dat	xmrig
behavioral1/files/0x0008000000016cc9-18.dat	xmrig
behavioral1/memory/2192-13-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2936-2395-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2316-2401-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2524-2752-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2404-2947-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2192-3107-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2240-3172-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2864-3176-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/1920-3174-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2316-3653-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2404-3686-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2240-3884-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/1920-3894-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2864-3897-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2472-3896-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2192-3895-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2892-3886-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2936-3885-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2404	uZAOjEo.exe
2192	NznBtLP.exe
2316	KrXnPdc.exe
2472	icyizKf.exe
2240	AObLcxy.exe
1920	fjGcawZ.exe
2892	cfyYusZ.exe
2864	agfkbbl.exe
2936	usfWPov.exe
2900	Askiczk.exe
2984	pWTkYsI.exe
2696	pGxvsOd.exe
2044	dEpvXyZ.exe
2712	UExoHpJ.exe
2672	pUovDNw.exe
2716	VBpccFd.exe
2540	VYMjnNe.exe
2172	ubBDxML.exe
2620	biyLcnU.exe
672	YtZvhPm.exe
1144	fxyRMMm.exe
2492	jRButjv.exe
3028	lmiVzBF.exe
2908	TxuJvVz.exe
2204	xIMbtDA.exe
2372	vfvmlQL.exe
2708	tWuoneh.exe
536	VMvAWSl.exe
1668	ZIFJNRN.exe
2384	OBxuLYZ.exe
980	xlEaQLZ.exe
912	uhBsFpO.exe
1788	TuVgwuC.exe
2008	qvlnEJX.exe
1132	XUwxaQJ.exe
2300	cvtvNcI.exe
1792	YwVTCwi.exe
1328	JHYvIGI.exe
1340	IiDUqZD.exe
1856	SrNYwAR.exe
1680	wHtGXek.exe
1044	QHZDaiY.exe
2304	wpguVAH.exe
1344	TogUwvW.exe
1636	JSykqOE.exe
2228	NtuiQIb.exe
752	zoeydDw.exe
1688	zwQWUHA.exe
1092	xkBjdeO.exe
1976	fiptBJt.exe
1728	tWXDVCM.exe
1036	TkYYApX.exe
2092	WUjnYsv.exe
2624	zXGAgtB.exe
1192	ZLumhcC.exe
1924	LwiOpqJ.exe
1768	lfXpMwO.exe
1916	tojWVFx.exe
2088	MKtuGbq.exe
2560	EZXksrT.exe
2464	lRIPuNW.exe
868	LPyhsxO.exe
2328	iwxkaZu.exe
2444	xFNUKte.exe

Loads dropped DLL 64 IoCs

pid	Process
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2524-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x00070000000120fe-3.dat	upx
behavioral1/memory/2524-6-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x0008000000016ca5-8.dat	upx
behavioral1/files/0x0007000000016d17-28.dat	upx
behavioral1/files/0x0007000000016d1f-31.dat	upx
behavioral1/files/0x0009000000016d27-36.dat	upx
behavioral1/files/0x0005000000019490-47.dat	upx
behavioral1/files/0x00050000000194d0-59.dat	upx
behavioral1/files/0x0005000000019581-83.dat	upx
behavioral1/files/0x00050000000195f9-96.dat	upx
behavioral1/memory/2864-2388-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0005000000019659-154.dat	upx
behavioral1/files/0x0005000000019615-150.dat	upx
behavioral1/files/0x0005000000019605-146.dat	upx
behavioral1/files/0x0005000000019603-139.dat	upx
behavioral1/files/0x0009000000016af7-142.dat	upx
behavioral1/files/0x00050000000195ff-128.dat	upx
behavioral1/files/0x0005000000019601-134.dat	upx
behavioral1/memory/2892-126-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/1920-124-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2240-111-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x00050000000195fd-104.dat	upx
behavioral1/files/0x00050000000195fe-108.dat	upx
behavioral1/files/0x00050000000195fb-99.dat	upx
behavioral1/files/0x00050000000195f7-91.dat	upx
behavioral1/files/0x00050000000195c0-87.dat	upx
behavioral1/files/0x000500000001955c-79.dat	upx
behavioral1/files/0x0005000000019551-75.dat	upx
behavioral1/files/0x00050000000194e6-71.dat	upx
behavioral1/files/0x00050000000194e4-68.dat	upx
behavioral1/files/0x00050000000194da-63.dat	upx
behavioral1/files/0x00050000000194c6-55.dat	upx
behavioral1/files/0x000500000001949d-51.dat	upx
behavioral1/files/0x0005000000019481-43.dat	upx
behavioral1/files/0x0008000000016d3b-39.dat	upx
behavioral1/files/0x0007000000016d0e-24.dat	upx
behavioral1/files/0x0008000000016cc9-18.dat	upx
behavioral1/memory/2192-13-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2936-2395-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2316-2401-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2524-2752-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2404-2947-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2192-3107-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2240-3172-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2864-3176-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/1920-3174-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2316-3653-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2404-3686-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2240-3884-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1920-3894-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2864-3897-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2472-3896-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2192-3895-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2892-3886-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2936-3885-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rMitnqM.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfEpoDn.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToqCCJq.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mudhHJk.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knnsPSO.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahBfTGc.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\umKQtRG.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvmclBz.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDocLXu.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaQHZMw.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyLqMnZ.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uTyaLFB.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyOfhmY.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFIgCJz.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmsSOwV.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vydcVac.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYjSkbd.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWGnJhR.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SoEZfMm.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acLmrCq.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tSdQdoo.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xokDAPJ.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApNlBOy.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nlKnFOz.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhSfxIa.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMNpfEt.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSufpFl.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzcXkna.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqHjnua.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKurdFc.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmSIdwq.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrlQGVw.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPQjFql.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcXtjdj.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNOtObh.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ElTwYUF.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xhwIhQK.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfeXZNP.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSQYElP.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbzlGQP.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXESHQE.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBKHwBh.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REuAttX.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVYzFJr.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVuIsKS.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cowZYyd.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QptTrwA.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjIoqvy.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emMVjQo.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHzRbgt.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpfZinB.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\biyLcnU.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\usxpHWs.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmRyHbx.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iSJZlWx.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUHAMQL.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIlFKiz.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjRRaEX.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLGkbyC.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuVgwuC.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okToLfB.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOrLbBC.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAWdWYn.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adfIIeZ.exe	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2404	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2524 wrote to memory of 2404	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2524 wrote to memory of 2404	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2524 wrote to memory of 2192	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2524 wrote to memory of 2192	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2524 wrote to memory of 2192	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2524 wrote to memory of 2316	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2524 wrote to memory of 2316	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2524 wrote to memory of 2316	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2524 wrote to memory of 2472	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2524 wrote to memory of 2472	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2524 wrote to memory of 2472	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2524 wrote to memory of 2240	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2524 wrote to memory of 2240	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2524 wrote to memory of 2240	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2524 wrote to memory of 1920	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2524 wrote to memory of 1920	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2524 wrote to memory of 1920	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2524 wrote to memory of 2892	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2524 wrote to memory of 2892	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2524 wrote to memory of 2892	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2524 wrote to memory of 2864	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2524 wrote to memory of 2864	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2524 wrote to memory of 2864	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2524 wrote to memory of 2936	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2524 wrote to memory of 2936	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2524 wrote to memory of 2936	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2524 wrote to memory of 2900	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2524 wrote to memory of 2900	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2524 wrote to memory of 2900	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2524 wrote to memory of 2984	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2524 wrote to memory of 2984	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2524 wrote to memory of 2984	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2524 wrote to memory of 2696	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2524 wrote to memory of 2696	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2524 wrote to memory of 2696	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2524 wrote to memory of 2044	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2524 wrote to memory of 2044	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2524 wrote to memory of 2044	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2524 wrote to memory of 2712	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2524 wrote to memory of 2712	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2524 wrote to memory of 2712	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2524 wrote to memory of 2672	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2524 wrote to memory of 2672	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2524 wrote to memory of 2672	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2524 wrote to memory of 2716	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2524 wrote to memory of 2716	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2524 wrote to memory of 2716	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2524 wrote to memory of 2540	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2524 wrote to memory of 2540	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2524 wrote to memory of 2540	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2524 wrote to memory of 2172	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2524 wrote to memory of 2172	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2524 wrote to memory of 2172	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2524 wrote to memory of 2620	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2524 wrote to memory of 2620	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2524 wrote to memory of 2620	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2524 wrote to memory of 672	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2524 wrote to memory of 672	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2524 wrote to memory of 672	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2524 wrote to memory of 1144	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2524 wrote to memory of 1144	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2524 wrote to memory of 1144	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2524 wrote to memory of 2492	2524	2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-28_5208c5048bbe7c5236d918fd3dd215c5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\System\uZAOjEo.exe
  C:\Windows\System\uZAOjEo.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\NznBtLP.exe
  C:\Windows\System\NznBtLP.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\KrXnPdc.exe
  C:\Windows\System\KrXnPdc.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\icyizKf.exe
  C:\Windows\System\icyizKf.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\AObLcxy.exe
  C:\Windows\System\AObLcxy.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\fjGcawZ.exe
  C:\Windows\System\fjGcawZ.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\cfyYusZ.exe
  C:\Windows\System\cfyYusZ.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\agfkbbl.exe
  C:\Windows\System\agfkbbl.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\usfWPov.exe
  C:\Windows\System\usfWPov.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\Askiczk.exe
  C:\Windows\System\Askiczk.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\pWTkYsI.exe
  C:\Windows\System\pWTkYsI.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\pGxvsOd.exe
  C:\Windows\System\pGxvsOd.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\dEpvXyZ.exe
  C:\Windows\System\dEpvXyZ.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\UExoHpJ.exe
  C:\Windows\System\UExoHpJ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\pUovDNw.exe
  C:\Windows\System\pUovDNw.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\VBpccFd.exe
  C:\Windows\System\VBpccFd.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\VYMjnNe.exe
  C:\Windows\System\VYMjnNe.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ubBDxML.exe
  C:\Windows\System\ubBDxML.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\biyLcnU.exe
  C:\Windows\System\biyLcnU.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\YtZvhPm.exe
  C:\Windows\System\YtZvhPm.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\fxyRMMm.exe
  C:\Windows\System\fxyRMMm.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\jRButjv.exe
  C:\Windows\System\jRButjv.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\lmiVzBF.exe
  C:\Windows\System\lmiVzBF.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\TxuJvVz.exe
  C:\Windows\System\TxuJvVz.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\xIMbtDA.exe
  C:\Windows\System\xIMbtDA.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\tWuoneh.exe
  C:\Windows\System\tWuoneh.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\vfvmlQL.exe
  C:\Windows\System\vfvmlQL.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\VMvAWSl.exe
  C:\Windows\System\VMvAWSl.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\ZIFJNRN.exe
  C:\Windows\System\ZIFJNRN.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\OBxuLYZ.exe
  C:\Windows\System\OBxuLYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\xlEaQLZ.exe
  C:\Windows\System\xlEaQLZ.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\uhBsFpO.exe
  C:\Windows\System\uhBsFpO.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\TuVgwuC.exe
  C:\Windows\System\TuVgwuC.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\qvlnEJX.exe
  C:\Windows\System\qvlnEJX.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\XUwxaQJ.exe
  C:\Windows\System\XUwxaQJ.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\cvtvNcI.exe
  C:\Windows\System\cvtvNcI.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\YwVTCwi.exe
  C:\Windows\System\YwVTCwi.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\JHYvIGI.exe
  C:\Windows\System\JHYvIGI.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\IiDUqZD.exe
  C:\Windows\System\IiDUqZD.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\SrNYwAR.exe
  C:\Windows\System\SrNYwAR.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\wHtGXek.exe
  C:\Windows\System\wHtGXek.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\QHZDaiY.exe
  C:\Windows\System\QHZDaiY.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\wpguVAH.exe
  C:\Windows\System\wpguVAH.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\TogUwvW.exe
  C:\Windows\System\TogUwvW.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\JSykqOE.exe
  C:\Windows\System\JSykqOE.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\NtuiQIb.exe
  C:\Windows\System\NtuiQIb.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\zoeydDw.exe
  C:\Windows\System\zoeydDw.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\zwQWUHA.exe
  C:\Windows\System\zwQWUHA.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\xkBjdeO.exe
  C:\Windows\System\xkBjdeO.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\fiptBJt.exe
  C:\Windows\System\fiptBJt.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\tWXDVCM.exe
  C:\Windows\System\tWXDVCM.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\TkYYApX.exe
  C:\Windows\System\TkYYApX.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\WUjnYsv.exe
  C:\Windows\System\WUjnYsv.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\zXGAgtB.exe
  C:\Windows\System\zXGAgtB.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\ZLumhcC.exe
  C:\Windows\System\ZLumhcC.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\LwiOpqJ.exe
  C:\Windows\System\LwiOpqJ.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\lfXpMwO.exe
  C:\Windows\System\lfXpMwO.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\tojWVFx.exe
  C:\Windows\System\tojWVFx.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\MKtuGbq.exe
  C:\Windows\System\MKtuGbq.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\EZXksrT.exe
  C:\Windows\System\EZXksrT.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\lRIPuNW.exe
  C:\Windows\System\lRIPuNW.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\LPyhsxO.exe
  C:\Windows\System\LPyhsxO.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\iwxkaZu.exe
  C:\Windows\System\iwxkaZu.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\xFNUKte.exe
  C:\Windows\System\xFNUKte.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\cFaUqjF.exe
  C:\Windows\System\cFaUqjF.exe
  2⤵
  PID:2592
- C:\Windows\System\pmEoSfL.exe
  C:\Windows\System\pmEoSfL.exe
  2⤵
  PID:2016
- C:\Windows\System\JDTKNPf.exe
  C:\Windows\System\JDTKNPf.exe
  2⤵
  PID:1736
- C:\Windows\System\mpSDoxT.exe
  C:\Windows\System\mpSDoxT.exe
  2⤵
  PID:2180
- C:\Windows\System\MwJJrik.exe
  C:\Windows\System\MwJJrik.exe
  2⤵
  PID:2992
- C:\Windows\System\pWSUoQQ.exe
  C:\Windows\System\pWSUoQQ.exe
  2⤵
  PID:2232
- C:\Windows\System\OPhdHxW.exe
  C:\Windows\System\OPhdHxW.exe
  2⤵
  PID:2972
- C:\Windows\System\JUmVyXM.exe
  C:\Windows\System\JUmVyXM.exe
  2⤵
  PID:2676
- C:\Windows\System\qHGsyjf.exe
  C:\Windows\System\qHGsyjf.exe
  2⤵
  PID:2828
- C:\Windows\System\fbwrtSi.exe
  C:\Windows\System\fbwrtSi.exe
  2⤵
  PID:1848
- C:\Windows\System\fGOeVDN.exe
  C:\Windows\System\fGOeVDN.exe
  2⤵
  PID:2668
- C:\Windows\System\fslmgfQ.exe
  C:\Windows\System\fslmgfQ.exe
  2⤵
  PID:2720
- C:\Windows\System\rmMkRGg.exe
  C:\Windows\System\rmMkRGg.exe
  2⤵
  PID:1944
- C:\Windows\System\XZIwnjz.exe
  C:\Windows\System\XZIwnjz.exe
  2⤵
  PID:2580
- C:\Windows\System\HNZyqDH.exe
  C:\Windows\System\HNZyqDH.exe
  2⤵
  PID:3064
- C:\Windows\System\ocpQtLg.exe
  C:\Windows\System\ocpQtLg.exe
  2⤵
  PID:2504
- C:\Windows\System\ntHMVNq.exe
  C:\Windows\System\ntHMVNq.exe
  2⤵
  PID:544
- C:\Windows\System\ZHkBbQB.exe
  C:\Windows\System\ZHkBbQB.exe
  2⤵
  PID:1696
- C:\Windows\System\HoXHEoC.exe
  C:\Windows\System\HoXHEoC.exe
  2⤵
  PID:1804
- C:\Windows\System\mgUdSVP.exe
  C:\Windows\System\mgUdSVP.exe
  2⤵
  PID:600
- C:\Windows\System\ALStMpZ.exe
  C:\Windows\System\ALStMpZ.exe
  2⤵
  PID:928
- C:\Windows\System\drhBaYK.exe
  C:\Windows\System\drhBaYK.exe
  2⤵
  PID:468
- C:\Windows\System\MjaSoYK.exe
  C:\Windows\System\MjaSoYK.exe
  2⤵
  PID:1080
- C:\Windows\System\lKnqLCf.exe
  C:\Windows\System\lKnqLCf.exe
  2⤵
  PID:1932
- C:\Windows\System\GwUNvfQ.exe
  C:\Windows\System\GwUNvfQ.exe
  2⤵
  PID:1988
- C:\Windows\System\NlaleXV.exe
  C:\Windows\System\NlaleXV.exe
  2⤵
  PID:1588
- C:\Windows\System\QxudJUm.exe
  C:\Windows\System\QxudJUm.exe
  2⤵
  PID:1712
- C:\Windows\System\TaQHZMw.exe
  C:\Windows\System\TaQHZMw.exe
  2⤵
  PID:976
- C:\Windows\System\FyLqMnZ.exe
  C:\Windows\System\FyLqMnZ.exe
  2⤵
  PID:552
- C:\Windows\System\yiaKOQf.exe
  C:\Windows\System\yiaKOQf.exe
  2⤵
  PID:564
- C:\Windows\System\nqCEWKy.exe
  C:\Windows\System\nqCEWKy.exe
  2⤵
  PID:872
- C:\Windows\System\wESqinK.exe
  C:\Windows\System\wESqinK.exe
  2⤵
  PID:280
- C:\Windows\System\zojSigv.exe
  C:\Windows\System\zojSigv.exe
  2⤵
  PID:2628
- C:\Windows\System\WVuvUNX.exe
  C:\Windows\System\WVuvUNX.exe
  2⤵
  PID:396
- C:\Windows\System\VynxYyV.exe
  C:\Windows\System\VynxYyV.exe
  2⤵
  PID:1748
- C:\Windows\System\nuHJZej.exe
  C:\Windows\System\nuHJZej.exe
  2⤵
  PID:1316
- C:\Windows\System\lbpEXKP.exe
  C:\Windows\System\lbpEXKP.exe
  2⤵
  PID:1684
- C:\Windows\System\BvnEVxv.exe
  C:\Windows\System\BvnEVxv.exe
  2⤵
  PID:304
- C:\Windows\System\Oaqfdrq.exe
  C:\Windows\System\Oaqfdrq.exe
  2⤵
  PID:1580
- C:\Windows\System\MOvnTEF.exe
  C:\Windows\System\MOvnTEF.exe
  2⤵
  PID:2436
- C:\Windows\System\IGEGHNK.exe
  C:\Windows\System\IGEGHNK.exe
  2⤵
  PID:2856
- C:\Windows\System\VrPHFLx.exe
  C:\Windows\System\VrPHFLx.exe
  2⤵
  PID:2792
- C:\Windows\System\rqtQIUm.exe
  C:\Windows\System\rqtQIUm.exe
  2⤵
  PID:2932
- C:\Windows\System\MRgdUAG.exe
  C:\Windows\System\MRgdUAG.exe
  2⤵
  PID:2552
- C:\Windows\System\mmoqxac.exe
  C:\Windows\System\mmoqxac.exe
  2⤵
  PID:2916
- C:\Windows\System\YwKMdHi.exe
  C:\Windows\System\YwKMdHi.exe
  2⤵
  PID:1480
- C:\Windows\System\jfRqrMJ.exe
  C:\Windows\System\jfRqrMJ.exe
  2⤵
  PID:3052
- C:\Windows\System\YMNpfEt.exe
  C:\Windows\System\YMNpfEt.exe
  2⤵
  PID:2764
- C:\Windows\System\tyDgCpx.exe
  C:\Windows\System\tyDgCpx.exe
  2⤵
  PID:2380
- C:\Windows\System\WRYlzWv.exe
  C:\Windows\System\WRYlzWv.exe
  2⤵
  PID:448
- C:\Windows\System\EovciHT.exe
  C:\Windows\System\EovciHT.exe
  2⤵
  PID:2964
- C:\Windows\System\fBtCYCr.exe
  C:\Windows\System\fBtCYCr.exe
  2⤵
  PID:3088
- C:\Windows\System\BycPZmI.exe
  C:\Windows\System\BycPZmI.exe
  2⤵
  PID:3104
- C:\Windows\System\AXWkzoT.exe
  C:\Windows\System\AXWkzoT.exe
  2⤵
  PID:3120
- C:\Windows\System\UYHCbMU.exe
  C:\Windows\System\UYHCbMU.exe
  2⤵
  PID:3136
- C:\Windows\System\QvnsSDm.exe
  C:\Windows\System\QvnsSDm.exe
  2⤵
  PID:3152
- C:\Windows\System\JLryXdg.exe
  C:\Windows\System\JLryXdg.exe
  2⤵
  PID:3168
- C:\Windows\System\hhRKGUV.exe
  C:\Windows\System\hhRKGUV.exe
  2⤵
  PID:3184
- C:\Windows\System\jgJgQec.exe
  C:\Windows\System\jgJgQec.exe
  2⤵
  PID:3200
- C:\Windows\System\ubBKwxX.exe
  C:\Windows\System\ubBKwxX.exe
  2⤵
  PID:3216
- C:\Windows\System\gWadFOb.exe
  C:\Windows\System\gWadFOb.exe
  2⤵
  PID:3232
- C:\Windows\System\HMXQVdp.exe
  C:\Windows\System\HMXQVdp.exe
  2⤵
  PID:3248
- C:\Windows\System\yiNibyD.exe
  C:\Windows\System\yiNibyD.exe
  2⤵
  PID:3264
- C:\Windows\System\TYntNhM.exe
  C:\Windows\System\TYntNhM.exe
  2⤵
  PID:3280
- C:\Windows\System\KiXaEpS.exe
  C:\Windows\System\KiXaEpS.exe
  2⤵
  PID:3296
- C:\Windows\System\QjNFCOo.exe
  C:\Windows\System\QjNFCOo.exe
  2⤵
  PID:3312
- C:\Windows\System\rdKPOoz.exe
  C:\Windows\System\rdKPOoz.exe
  2⤵
  PID:3328
- C:\Windows\System\qGAofHW.exe
  C:\Windows\System\qGAofHW.exe
  2⤵
  PID:3344
- C:\Windows\System\usxpHWs.exe
  C:\Windows\System\usxpHWs.exe
  2⤵
  PID:3360
- C:\Windows\System\EgXhwhX.exe
  C:\Windows\System\EgXhwhX.exe
  2⤵
  PID:3376
- C:\Windows\System\kbGyPMm.exe
  C:\Windows\System\kbGyPMm.exe
  2⤵
  PID:3392
- C:\Windows\System\GmARFaY.exe
  C:\Windows\System\GmARFaY.exe
  2⤵
  PID:3408
- C:\Windows\System\OqmnzwX.exe
  C:\Windows\System\OqmnzwX.exe
  2⤵
  PID:3424
- C:\Windows\System\ZvoWWBl.exe
  C:\Windows\System\ZvoWWBl.exe
  2⤵
  PID:3440
- C:\Windows\System\PtUTjZr.exe
  C:\Windows\System\PtUTjZr.exe
  2⤵
  PID:3456
- C:\Windows\System\cZtCppZ.exe
  C:\Windows\System\cZtCppZ.exe
  2⤵
  PID:3472
- C:\Windows\System\XiSfMSk.exe
  C:\Windows\System\XiSfMSk.exe
  2⤵
  PID:3488
- C:\Windows\System\qEQAhrA.exe
  C:\Windows\System\qEQAhrA.exe
  2⤵
  PID:3504
- C:\Windows\System\tOnmHno.exe
  C:\Windows\System\tOnmHno.exe
  2⤵
  PID:3520
- C:\Windows\System\egnqqmA.exe
  C:\Windows\System\egnqqmA.exe
  2⤵
  PID:3536
- C:\Windows\System\tdztSTF.exe
  C:\Windows\System\tdztSTF.exe
  2⤵
  PID:3552
- C:\Windows\System\OYzFIlj.exe
  C:\Windows\System\OYzFIlj.exe
  2⤵
  PID:3572
- C:\Windows\System\ZsDiFQi.exe
  C:\Windows\System\ZsDiFQi.exe
  2⤵
  PID:1780
- C:\Windows\System\RPDkxdb.exe
  C:\Windows\System\RPDkxdb.exe
  2⤵
  PID:1700
- C:\Windows\System\kWAAHBR.exe
  C:\Windows\System\kWAAHBR.exe
  2⤵
  PID:1980
- C:\Windows\System\kdnykaz.exe
  C:\Windows\System\kdnykaz.exe
  2⤵
  PID:1676
- C:\Windows\System\MEskEEa.exe
  C:\Windows\System\MEskEEa.exe
  2⤵
  PID:1564
- C:\Windows\System\xckyYPB.exe
  C:\Windows\System\xckyYPB.exe
  2⤵
  PID:2244
- C:\Windows\System\DoFgrNI.exe
  C:\Windows\System\DoFgrNI.exe
  2⤵
  PID:2744
- C:\Windows\System\ijlRRon.exe
  C:\Windows\System\ijlRRon.exe
  2⤵
  PID:1296
- C:\Windows\System\gMkLowb.exe
  C:\Windows\System\gMkLowb.exe
  2⤵
  PID:1508
- C:\Windows\System\GcybGHZ.exe
  C:\Windows\System\GcybGHZ.exe
  2⤵
  PID:3080
- C:\Windows\System\HSgVbcr.exe
  C:\Windows\System\HSgVbcr.exe
  2⤵
  PID:3116
- C:\Windows\System\TDLvQVo.exe
  C:\Windows\System\TDLvQVo.exe
  2⤵
  PID:3180
- C:\Windows\System\RSEnlqu.exe
  C:\Windows\System\RSEnlqu.exe
  2⤵
  PID:3128
- C:\Windows\System\znuPnqq.exe
  C:\Windows\System\znuPnqq.exe
  2⤵
  PID:3244
- C:\Windows\System\fmicTNW.exe
  C:\Windows\System\fmicTNW.exe
  2⤵
  PID:3228
- C:\Windows\System\UBRRVgV.exe
  C:\Windows\System\UBRRVgV.exe
  2⤵
  PID:3304
- C:\Windows\System\KnODNXW.exe
  C:\Windows\System\KnODNXW.exe
  2⤵
  PID:3324
- C:\Windows\System\pJPqWvS.exe
  C:\Windows\System\pJPqWvS.exe
  2⤵
  PID:3436
- C:\Windows\System\QAjMJMl.exe
  C:\Windows\System\QAjMJMl.exe
  2⤵
  PID:3496
- C:\Windows\System\afHtEJF.exe
  C:\Windows\System\afHtEJF.exe
  2⤵
  PID:3480
- C:\Windows\System\EijfeHT.exe
  C:\Windows\System\EijfeHT.exe
  2⤵
  PID:3560
- C:\Windows\System\MjIoqvy.exe
  C:\Windows\System\MjIoqvy.exe
  2⤵
  PID:3568
- C:\Windows\System\kNBjlOT.exe
  C:\Windows\System\kNBjlOT.exe
  2⤵
  PID:3596
- C:\Windows\System\YIcKovv.exe
  C:\Windows\System\YIcKovv.exe
  2⤵
  PID:3616
- C:\Windows\System\MNEwcoP.exe
  C:\Windows\System\MNEwcoP.exe
  2⤵
  PID:3636
- C:\Windows\System\qOFXuvm.exe
  C:\Windows\System\qOFXuvm.exe
  2⤵
  PID:3656
- C:\Windows\System\FwmXjap.exe
  C:\Windows\System\FwmXjap.exe
  2⤵
  PID:3676
- C:\Windows\System\UQvXQXl.exe
  C:\Windows\System\UQvXQXl.exe
  2⤵
  PID:3696
- C:\Windows\System\vCmiLLC.exe
  C:\Windows\System\vCmiLLC.exe
  2⤵
  PID:3712
- C:\Windows\System\DRdHOYw.exe
  C:\Windows\System\DRdHOYw.exe
  2⤵
  PID:3736
- C:\Windows\System\CwVOtGY.exe
  C:\Windows\System\CwVOtGY.exe
  2⤵
  PID:3756
- C:\Windows\System\eZPToWt.exe
  C:\Windows\System\eZPToWt.exe
  2⤵
  PID:3776
- C:\Windows\System\FzzQLPP.exe
  C:\Windows\System\FzzQLPP.exe
  2⤵
  PID:3796
- C:\Windows\System\jFXKWJr.exe
  C:\Windows\System\jFXKWJr.exe
  2⤵
  PID:3816
- C:\Windows\System\WqsZOVG.exe
  C:\Windows\System\WqsZOVG.exe
  2⤵
  PID:3836
- C:\Windows\System\IHiEdlk.exe
  C:\Windows\System\IHiEdlk.exe
  2⤵
  PID:3856
- C:\Windows\System\TNJSvFq.exe
  C:\Windows\System\TNJSvFq.exe
  2⤵
  PID:3880
- C:\Windows\System\zVfZevY.exe
  C:\Windows\System\zVfZevY.exe
  2⤵
  PID:3900
- C:\Windows\System\eHdrMXo.exe
  C:\Windows\System\eHdrMXo.exe
  2⤵
  PID:3920
- C:\Windows\System\PLtOPeF.exe
  C:\Windows\System\PLtOPeF.exe
  2⤵
  PID:3940
- C:\Windows\System\XFlxhXP.exe
  C:\Windows\System\XFlxhXP.exe
  2⤵
  PID:3956
- C:\Windows\System\FtDPCKy.exe
  C:\Windows\System\FtDPCKy.exe
  2⤵
  PID:3980
- C:\Windows\System\yQzBUvV.exe
  C:\Windows\System\yQzBUvV.exe
  2⤵
  PID:1048
- C:\Windows\System\okNDoXn.exe
  C:\Windows\System\okNDoXn.exe
  2⤵
  PID:4008
- C:\Windows\System\etymRhm.exe
  C:\Windows\System\etymRhm.exe
  2⤵
  PID:4028
- C:\Windows\System\jtZyUNb.exe
  C:\Windows\System\jtZyUNb.exe
  2⤵
  PID:4048
- C:\Windows\System\QFMdcEN.exe
  C:\Windows\System\QFMdcEN.exe
  2⤵
  PID:4068
- C:\Windows\System\tSEoPhm.exe
  C:\Windows\System\tSEoPhm.exe
  2⤵
  PID:1552
- C:\Windows\System\fUMigNx.exe
  C:\Windows\System\fUMigNx.exe
  2⤵
  PID:696
- C:\Windows\System\fiGPkKs.exe
  C:\Windows\System\fiGPkKs.exe
  2⤵
  PID:1544
- C:\Windows\System\nKdoaet.exe
  C:\Windows\System\nKdoaet.exe
  2⤵
  PID:1276
- C:\Windows\System\mRKfiVN.exe
  C:\Windows\System\mRKfiVN.exe
  2⤵
  PID:2572
- C:\Windows\System\ujLANgp.exe
  C:\Windows\System\ujLANgp.exe
  2⤵
  PID:2412
- C:\Windows\System\OplsRCG.exe
  C:\Windows\System\OplsRCG.exe
  2⤵
  PID:2080
- C:\Windows\System\qITGpal.exe
  C:\Windows\System\qITGpal.exe
  2⤵
  PID:3160
- C:\Windows\System\FRylvLe.exe
  C:\Windows\System\FRylvLe.exe
  2⤵
  PID:3100
- C:\Windows\System\hwtXgfr.exe
  C:\Windows\System\hwtXgfr.exe
  2⤵
  PID:3404
- C:\Windows\System\ChTCwwu.exe
  C:\Windows\System\ChTCwwu.exe
  2⤵
  PID:3336
- C:\Windows\System\obUFCKG.exe
  C:\Windows\System\obUFCKG.exe
  2⤵
  PID:3196
- C:\Windows\System\FMyBpkp.exe
  C:\Windows\System\FMyBpkp.exe
  2⤵
  PID:3452
- C:\Windows\System\fXWuqgo.exe
  C:\Windows\System\fXWuqgo.exe
  2⤵
  PID:3564
- C:\Windows\System\WeJPfgZ.exe
  C:\Windows\System\WeJPfgZ.exe
  2⤵
  PID:3592
- C:\Windows\System\DIhLIeH.exe
  C:\Windows\System\DIhLIeH.exe
  2⤵
  PID:3652
- C:\Windows\System\GLqhKhu.exe
  C:\Windows\System\GLqhKhu.exe
  2⤵
  PID:3664
- C:\Windows\System\NSOneEP.exe
  C:\Windows\System\NSOneEP.exe
  2⤵
  PID:3692
- C:\Windows\System\bdMLGHK.exe
  C:\Windows\System\bdMLGHK.exe
  2⤵
  PID:3732
- C:\Windows\System\uTyaLFB.exe
  C:\Windows\System\uTyaLFB.exe
  2⤵
  PID:3748
- C:\Windows\System\SKurdFc.exe
  C:\Windows\System\SKurdFc.exe
  2⤵
  PID:3804
- C:\Windows\System\fNnSFeB.exe
  C:\Windows\System\fNnSFeB.exe
  2⤵
  PID:3828
- C:\Windows\System\WEMEszs.exe
  C:\Windows\System\WEMEszs.exe
  2⤵
  PID:3868
- C:\Windows\System\cHMLBAy.exe
  C:\Windows\System\cHMLBAy.exe
  2⤵
  PID:3872
- C:\Windows\System\haHYQUm.exe
  C:\Windows\System\haHYQUm.exe
  2⤵
  PID:3912
- C:\Windows\System\RGIjccB.exe
  C:\Windows\System\RGIjccB.exe
  2⤵
  PID:3964
- C:\Windows\System\ktlfgUi.exe
  C:\Windows\System\ktlfgUi.exe
  2⤵
  PID:4000
- C:\Windows\System\IAFDfwm.exe
  C:\Windows\System\IAFDfwm.exe
  2⤵
  PID:4020
- C:\Windows\System\TXOoQTs.exe
  C:\Windows\System\TXOoQTs.exe
  2⤵
  PID:4056
- C:\Windows\System\zrATLUh.exe
  C:\Windows\System\zrATLUh.exe
  2⤵
  PID:4092
- C:\Windows\System\khVOgwQ.exe
  C:\Windows\System\khVOgwQ.exe
  2⤵
  PID:2596
- C:\Windows\System\YcZIiXR.exe
  C:\Windows\System\YcZIiXR.exe
  2⤵
  PID:1628
- C:\Windows\System\EbgmSXj.exe
  C:\Windows\System\EbgmSXj.exe
  2⤵
  PID:3176
- C:\Windows\System\NJYQDsU.exe
  C:\Windows\System\NJYQDsU.exe
  2⤵
  PID:3256
- C:\Windows\System\rzcZuRk.exe
  C:\Windows\System\rzcZuRk.exe
  2⤵
  PID:3240
- C:\Windows\System\uiISKmk.exe
  C:\Windows\System\uiISKmk.exe
  2⤵
  PID:3340
- C:\Windows\System\aOkjlLf.exe
  C:\Windows\System\aOkjlLf.exe
  2⤵
  PID:3388
- C:\Windows\System\LuVzdYs.exe
  C:\Windows\System\LuVzdYs.exe
  2⤵
  PID:3584
- C:\Windows\System\TdhkayI.exe
  C:\Windows\System\TdhkayI.exe
  2⤵
  PID:3632
- C:\Windows\System\QbasdFL.exe
  C:\Windows\System\QbasdFL.exe
  2⤵
  PID:3672
- C:\Windows\System\ZCYnLbe.exe
  C:\Windows\System\ZCYnLbe.exe
  2⤵
  PID:3668
- C:\Windows\System\rmSHnId.exe
  C:\Windows\System\rmSHnId.exe
  2⤵
  PID:3764
- C:\Windows\System\sKwxezA.exe
  C:\Windows\System\sKwxezA.exe
  2⤵
  PID:3844
- C:\Windows\System\mkjyZyn.exe
  C:\Windows\System\mkjyZyn.exe
  2⤵
  PID:3916
- C:\Windows\System\HDhDRdT.exe
  C:\Windows\System\HDhDRdT.exe
  2⤵
  PID:3976
- C:\Windows\System\vEUDtLG.exe
  C:\Windows\System\vEUDtLG.exe
  2⤵
  PID:4004
- C:\Windows\System\osEvlUw.exe
  C:\Windows\System\osEvlUw.exe
  2⤵
  PID:2528
- C:\Windows\System\KiycuMN.exe
  C:\Windows\System\KiycuMN.exe
  2⤵
  PID:2736
- C:\Windows\System\FvIjySF.exe
  C:\Windows\System\FvIjySF.exe
  2⤵
  PID:4116
- C:\Windows\System\VvpPPrB.exe
  C:\Windows\System\VvpPPrB.exe
  2⤵
  PID:4132
- C:\Windows\System\kVmpaVd.exe
  C:\Windows\System\kVmpaVd.exe
  2⤵
  PID:4156
- C:\Windows\System\ssjisqC.exe
  C:\Windows\System\ssjisqC.exe
  2⤵
  PID:4176
- C:\Windows\System\FCvVVDA.exe
  C:\Windows\System\FCvVVDA.exe
  2⤵
  PID:4192
- C:\Windows\System\LhAuKLe.exe
  C:\Windows\System\LhAuKLe.exe
  2⤵
  PID:4216
- C:\Windows\System\wvaFyTj.exe
  C:\Windows\System\wvaFyTj.exe
  2⤵
  PID:4236
- C:\Windows\System\fyMMHTE.exe
  C:\Windows\System\fyMMHTE.exe
  2⤵
  PID:4256
- C:\Windows\System\wDdQUwa.exe
  C:\Windows\System\wDdQUwa.exe
  2⤵
  PID:4272
- C:\Windows\System\arnIzRD.exe
  C:\Windows\System\arnIzRD.exe
  2⤵
  PID:4296
- C:\Windows\System\AOLmGvQ.exe
  C:\Windows\System\AOLmGvQ.exe
  2⤵
  PID:4316
- C:\Windows\System\BhqkDTV.exe
  C:\Windows\System\BhqkDTV.exe
  2⤵
  PID:4336
- C:\Windows\System\sAFGcCR.exe
  C:\Windows\System\sAFGcCR.exe
  2⤵
  PID:4356
- C:\Windows\System\mHAWaWV.exe
  C:\Windows\System\mHAWaWV.exe
  2⤵
  PID:4376
- C:\Windows\System\qzWgfpT.exe
  C:\Windows\System\qzWgfpT.exe
  2⤵
  PID:4392
- C:\Windows\System\mduoqxn.exe
  C:\Windows\System\mduoqxn.exe
  2⤵
  PID:4416
- C:\Windows\System\cviWcgF.exe
  C:\Windows\System\cviWcgF.exe
  2⤵
  PID:4436
- C:\Windows\System\xtKcaGU.exe
  C:\Windows\System\xtKcaGU.exe
  2⤵
  PID:4452
- C:\Windows\System\zyyCCjx.exe
  C:\Windows\System\zyyCCjx.exe
  2⤵
  PID:4472
- C:\Windows\System\NdQuulu.exe
  C:\Windows\System\NdQuulu.exe
  2⤵
  PID:4496
- C:\Windows\System\Zjamaly.exe
  C:\Windows\System\Zjamaly.exe
  2⤵
  PID:4512
- C:\Windows\System\tyOfhmY.exe
  C:\Windows\System\tyOfhmY.exe
  2⤵
  PID:4532
- C:\Windows\System\zyhtARY.exe
  C:\Windows\System\zyhtARY.exe
  2⤵
  PID:4552
- C:\Windows\System\GCSqOxz.exe
  C:\Windows\System\GCSqOxz.exe
  2⤵
  PID:4572
- C:\Windows\System\LskJAVH.exe
  C:\Windows\System\LskJAVH.exe
  2⤵
  PID:4596
- C:\Windows\System\WqFRqgb.exe
  C:\Windows\System\WqFRqgb.exe
  2⤵
  PID:4616
- C:\Windows\System\sFqmZJe.exe
  C:\Windows\System\sFqmZJe.exe
  2⤵
  PID:4636
- C:\Windows\System\UJQuUhB.exe
  C:\Windows\System\UJQuUhB.exe
  2⤵
  PID:4656
- C:\Windows\System\RDgnYHA.exe
  C:\Windows\System\RDgnYHA.exe
  2⤵
  PID:4676
- C:\Windows\System\ZXzLrjI.exe
  C:\Windows\System\ZXzLrjI.exe
  2⤵
  PID:4696
- C:\Windows\System\oiGeguI.exe
  C:\Windows\System\oiGeguI.exe
  2⤵
  PID:4716
- C:\Windows\System\WAfmdPg.exe
  C:\Windows\System\WAfmdPg.exe
  2⤵
  PID:4732
- C:\Windows\System\bAvKMkP.exe
  C:\Windows\System\bAvKMkP.exe
  2⤵
  PID:4756
- C:\Windows\System\oiUzPTd.exe
  C:\Windows\System\oiUzPTd.exe
  2⤵
  PID:4772
- C:\Windows\System\BHWTCaw.exe
  C:\Windows\System\BHWTCaw.exe
  2⤵
  PID:4792
- C:\Windows\System\aGbiKwr.exe
  C:\Windows\System\aGbiKwr.exe
  2⤵
  PID:4816
- C:\Windows\System\hPekAOE.exe
  C:\Windows\System\hPekAOE.exe
  2⤵
  PID:4836
- C:\Windows\System\GZehlBv.exe
  C:\Windows\System\GZehlBv.exe
  2⤵
  PID:4856
- C:\Windows\System\GeWllXD.exe
  C:\Windows\System\GeWllXD.exe
  2⤵
  PID:4876
- C:\Windows\System\haXfipD.exe
  C:\Windows\System\haXfipD.exe
  2⤵
  PID:4896
- C:\Windows\System\TLoGsoa.exe
  C:\Windows\System\TLoGsoa.exe
  2⤵
  PID:4912
- C:\Windows\System\pFkqXfn.exe
  C:\Windows\System\pFkqXfn.exe
  2⤵
  PID:4936
- C:\Windows\System\bWNIVXy.exe
  C:\Windows\System\bWNIVXy.exe
  2⤵
  PID:4956
- C:\Windows\System\KDgTege.exe
  C:\Windows\System\KDgTege.exe
  2⤵
  PID:4976
- C:\Windows\System\HveaZzP.exe
  C:\Windows\System\HveaZzP.exe
  2⤵
  PID:4996
- C:\Windows\System\tScrGDD.exe
  C:\Windows\System\tScrGDD.exe
  2⤵
  PID:5016
- C:\Windows\System\AUYgZdu.exe
  C:\Windows\System\AUYgZdu.exe
  2⤵
  PID:5032
- C:\Windows\System\kJSjTiP.exe
  C:\Windows\System\kJSjTiP.exe
  2⤵
  PID:5056
- C:\Windows\System\emSSvxv.exe
  C:\Windows\System\emSSvxv.exe
  2⤵
  PID:5072
- C:\Windows\System\Shlcpgb.exe
  C:\Windows\System\Shlcpgb.exe
  2⤵
  PID:5092
- C:\Windows\System\GZyoEkd.exe
  C:\Windows\System\GZyoEkd.exe
  2⤵
  PID:5108
- C:\Windows\System\dyFvcss.exe
  C:\Windows\System\dyFvcss.exe
  2⤵
  PID:1256
- C:\Windows\System\TKbyEHI.exe
  C:\Windows\System\TKbyEHI.exe
  2⤵
  PID:1904
- C:\Windows\System\ptkgWPM.exe
  C:\Windows\System\ptkgWPM.exe
  2⤵
  PID:3468
- C:\Windows\System\XVsTZlL.exe
  C:\Windows\System\XVsTZlL.exe
  2⤵
  PID:3580
- C:\Windows\System\UZFCbue.exe
  C:\Windows\System\UZFCbue.exe
  2⤵
  PID:3716
- C:\Windows\System\YKHLOvm.exe
  C:\Windows\System\YKHLOvm.exe
  2⤵
  PID:3752
- C:\Windows\System\xYcRjzU.exe
  C:\Windows\System\xYcRjzU.exe
  2⤵
  PID:3792
- C:\Windows\System\aOnkNZK.exe
  C:\Windows\System\aOnkNZK.exe
  2⤵
  PID:3896
- C:\Windows\System\xOncQti.exe
  C:\Windows\System\xOncQti.exe
  2⤵
  PID:3992
- C:\Windows\System\nGAPYJg.exe
  C:\Windows\System\nGAPYJg.exe
  2⤵
  PID:4104
- C:\Windows\System\gWnAhRB.exe
  C:\Windows\System\gWnAhRB.exe
  2⤵
  PID:4140
- C:\Windows\System\DsOFMUl.exe
  C:\Windows\System\DsOFMUl.exe
  2⤵
  PID:4152
- C:\Windows\System\KDDLScG.exe
  C:\Windows\System\KDDLScG.exe
  2⤵
  PID:4172
- C:\Windows\System\pfNuUhG.exe
  C:\Windows\System\pfNuUhG.exe
  2⤵
  PID:4228
- C:\Windows\System\GZLMZaf.exe
  C:\Windows\System\GZLMZaf.exe
  2⤵
  PID:4244
- C:\Windows\System\gFXOljH.exe
  C:\Windows\System\gFXOljH.exe
  2⤵
  PID:4304
- C:\Windows\System\GXJGSsm.exe
  C:\Windows\System\GXJGSsm.exe
  2⤵
  PID:4324
- C:\Windows\System\WVKfivE.exe
  C:\Windows\System\WVKfivE.exe
  2⤵
  PID:4384
- C:\Windows\System\KBVHPzK.exe
  C:\Windows\System\KBVHPzK.exe
  2⤵
  PID:4364
- C:\Windows\System\HwcPHfg.exe
  C:\Windows\System\HwcPHfg.exe
  2⤵
  PID:4412
- C:\Windows\System\BVYzFJr.exe
  C:\Windows\System\BVYzFJr.exe
  2⤵
  PID:4468
- C:\Windows\System\XhABuWp.exe
  C:\Windows\System\XhABuWp.exe
  2⤵
  PID:4480
- C:\Windows\System\TrgzpqN.exe
  C:\Windows\System\TrgzpqN.exe
  2⤵
  PID:4492
- C:\Windows\System\rbUZkvK.exe
  C:\Windows\System\rbUZkvK.exe
  2⤵
  PID:4588
- C:\Windows\System\HmRyHbx.exe
  C:\Windows\System\HmRyHbx.exe
  2⤵
  PID:4564
- C:\Windows\System\NAxiXzF.exe
  C:\Windows\System\NAxiXzF.exe
  2⤵
  PID:4612
- C:\Windows\System\vpQuFcr.exe
  C:\Windows\System\vpQuFcr.exe
  2⤵
  PID:4664
- C:\Windows\System\SLiGLoJ.exe
  C:\Windows\System\SLiGLoJ.exe
  2⤵
  PID:4684
- C:\Windows\System\pgutybR.exe
  C:\Windows\System\pgutybR.exe
  2⤵
  PID:4708
- C:\Windows\System\BlYLdWd.exe
  C:\Windows\System\BlYLdWd.exe
  2⤵
  PID:4728
- C:\Windows\System\ooGNwGP.exe
  C:\Windows\System\ooGNwGP.exe
  2⤵
  PID:4768
- C:\Windows\System\cOWFgFS.exe
  C:\Windows\System\cOWFgFS.exe
  2⤵
  PID:4808
- C:\Windows\System\meGeaVx.exe
  C:\Windows\System\meGeaVx.exe
  2⤵
  PID:4852
- C:\Windows\System\ETvJwgP.exe
  C:\Windows\System\ETvJwgP.exe
  2⤵
  PID:4884
- C:\Windows\System\PhtDASd.exe
  C:\Windows\System\PhtDASd.exe
  2⤵
  PID:4920
- C:\Windows\System\nRwtwfw.exe
  C:\Windows\System\nRwtwfw.exe
  2⤵
  PID:4952
- C:\Windows\System\XcVedmE.exe
  C:\Windows\System\XcVedmE.exe
  2⤵
  PID:4984
- C:\Windows\System\bxZNCye.exe
  C:\Windows\System\bxZNCye.exe
  2⤵
  PID:5008
- C:\Windows\System\IhIWEVZ.exe
  C:\Windows\System\IhIWEVZ.exe
  2⤵
  PID:5044
- C:\Windows\System\SdiQJMi.exe
  C:\Windows\System\SdiQJMi.exe
  2⤵
  PID:5104
- C:\Windows\System\aNMJDkQ.exe
  C:\Windows\System\aNMJDkQ.exe
  2⤵
  PID:5080
- C:\Windows\System\kVYJMHy.exe
  C:\Windows\System\kVYJMHy.exe
  2⤵
  PID:3164
- C:\Windows\System\fOIVOMe.exe
  C:\Windows\System\fOIVOMe.exe
  2⤵
  PID:3416
- C:\Windows\System\ontkyHf.exe
  C:\Windows\System\ontkyHf.exe
  2⤵
  PID:3708
- C:\Windows\System\UPnFrWM.exe
  C:\Windows\System\UPnFrWM.exe
  2⤵
  PID:3864
- C:\Windows\System\rKHPKAg.exe
  C:\Windows\System\rKHPKAg.exe
  2⤵
  PID:3948
- C:\Windows\System\YDiRseY.exe
  C:\Windows\System\YDiRseY.exe
  2⤵
  PID:4084
- C:\Windows\System\QoBsoGB.exe
  C:\Windows\System\QoBsoGB.exe
  2⤵
  PID:4128
- C:\Windows\System\QSSRKwL.exe
  C:\Windows\System\QSSRKwL.exe
  2⤵
  PID:4188
- C:\Windows\System\wMrntJf.exe
  C:\Windows\System\wMrntJf.exe
  2⤵
  PID:4248
- C:\Windows\System\qpvtniw.exe
  C:\Windows\System\qpvtniw.exe
  2⤵
  PID:4288
- C:\Windows\System\pdcNhqs.exe
  C:\Windows\System\pdcNhqs.exe
  2⤵
  PID:4428
- C:\Windows\System\aNsIxcg.exe
  C:\Windows\System\aNsIxcg.exe
  2⤵
  PID:4408
- C:\Windows\System\zdRirXf.exe
  C:\Windows\System\zdRirXf.exe
  2⤵
  PID:4504
- C:\Windows\System\fZvXzWr.exe
  C:\Windows\System\fZvXzWr.exe
  2⤵
  PID:4580
- C:\Windows\System\aDOdRjx.exe
  C:\Windows\System\aDOdRjx.exe
  2⤵
  PID:4592
- C:\Windows\System\jzqaaQj.exe
  C:\Windows\System\jzqaaQj.exe
  2⤵
  PID:4644
- C:\Windows\System\kTTUJVt.exe
  C:\Windows\System\kTTUJVt.exe
  2⤵
  PID:4740
- C:\Windows\System\LGWAMcJ.exe
  C:\Windows\System\LGWAMcJ.exe
  2⤵
  PID:4780
- C:\Windows\System\psBFfCm.exe
  C:\Windows\System\psBFfCm.exe
  2⤵
  PID:4764
- C:\Windows\System\FmcsGLt.exe
  C:\Windows\System\FmcsGLt.exe
  2⤵
  PID:4868
- C:\Windows\System\mPzkwIc.exe
  C:\Windows\System\mPzkwIc.exe
  2⤵
  PID:4932
- C:\Windows\System\lnpODkw.exe
  C:\Windows\System\lnpODkw.exe
  2⤵
  PID:5012
- C:\Windows\System\xSaMgZB.exe
  C:\Windows\System\xSaMgZB.exe
  2⤵
  PID:5128
- C:\Windows\System\zYovKdp.exe
  C:\Windows\System\zYovKdp.exe
  2⤵
  PID:5148
- C:\Windows\System\ogGxisb.exe
  C:\Windows\System\ogGxisb.exe
  2⤵
  PID:5168
- C:\Windows\System\oENqybz.exe
  C:\Windows\System\oENqybz.exe
  2⤵
  PID:5188
- C:\Windows\System\SbzUtUL.exe
  C:\Windows\System\SbzUtUL.exe
  2⤵
  PID:5208
- C:\Windows\System\dDBxLIA.exe
  C:\Windows\System\dDBxLIA.exe
  2⤵
  PID:5228
- C:\Windows\System\BElqmrT.exe
  C:\Windows\System\BElqmrT.exe
  2⤵
  PID:5248
- C:\Windows\System\IYhtPyA.exe
  C:\Windows\System\IYhtPyA.exe
  2⤵
  PID:5268
- C:\Windows\System\cCIUClC.exe
  C:\Windows\System\cCIUClC.exe
  2⤵
  PID:5288
- C:\Windows\System\uJbReIP.exe
  C:\Windows\System\uJbReIP.exe
  2⤵
  PID:5308
- C:\Windows\System\yccHOOg.exe
  C:\Windows\System\yccHOOg.exe
  2⤵
  PID:5328
- C:\Windows\System\sfvePYr.exe
  C:\Windows\System\sfvePYr.exe
  2⤵
  PID:5348
- C:\Windows\System\EmrzAzL.exe
  C:\Windows\System\EmrzAzL.exe
  2⤵
  PID:5368
- C:\Windows\System\jPljwRi.exe
  C:\Windows\System\jPljwRi.exe
  2⤵
  PID:5388
- C:\Windows\System\AYFUuIR.exe
  C:\Windows\System\AYFUuIR.exe
  2⤵
  PID:5408
- C:\Windows\System\CFIgCJz.exe
  C:\Windows\System\CFIgCJz.exe
  2⤵
  PID:5428
- C:\Windows\System\NsoXaHM.exe
  C:\Windows\System\NsoXaHM.exe
  2⤵
  PID:5448
- C:\Windows\System\FYHwYEs.exe
  C:\Windows\System\FYHwYEs.exe
  2⤵
  PID:5468
- C:\Windows\System\ToqCCJq.exe
  C:\Windows\System\ToqCCJq.exe
  2⤵
  PID:5488
- C:\Windows\System\CJGJiRN.exe
  C:\Windows\System\CJGJiRN.exe
  2⤵
  PID:5508
- C:\Windows\System\gCmEkKx.exe
  C:\Windows\System\gCmEkKx.exe
  2⤵
  PID:5528
- C:\Windows\System\SjViZxB.exe
  C:\Windows\System\SjViZxB.exe
  2⤵
  PID:5548
- C:\Windows\System\bAaMrzA.exe
  C:\Windows\System\bAaMrzA.exe
  2⤵
  PID:5568
- C:\Windows\System\WslErCX.exe
  C:\Windows\System\WslErCX.exe
  2⤵
  PID:5588
- C:\Windows\System\eHuRcYq.exe
  C:\Windows\System\eHuRcYq.exe
  2⤵
  PID:5608
- C:\Windows\System\eanWnLD.exe
  C:\Windows\System\eanWnLD.exe
  2⤵
  PID:5628
- C:\Windows\System\SrPfcWB.exe
  C:\Windows\System\SrPfcWB.exe
  2⤵
  PID:5648
- C:\Windows\System\LisjVoU.exe
  C:\Windows\System\LisjVoU.exe
  2⤵
  PID:5668
- C:\Windows\System\FkluSDL.exe
  C:\Windows\System\FkluSDL.exe
  2⤵
  PID:5692
- C:\Windows\System\jWuhAjW.exe
  C:\Windows\System\jWuhAjW.exe
  2⤵
  PID:5712
- C:\Windows\System\RYZfekD.exe
  C:\Windows\System\RYZfekD.exe
  2⤵
  PID:5732
- C:\Windows\System\rMitnqM.exe
  C:\Windows\System\rMitnqM.exe
  2⤵
  PID:5752
- C:\Windows\System\tlYtLpi.exe
  C:\Windows\System\tlYtLpi.exe
  2⤵
  PID:5772
- C:\Windows\System\IwXVxjB.exe
  C:\Windows\System\IwXVxjB.exe
  2⤵
  PID:5792
- C:\Windows\System\PMEcxMK.exe
  C:\Windows\System\PMEcxMK.exe
  2⤵
  PID:5812
- C:\Windows\System\OgGHkve.exe
  C:\Windows\System\OgGHkve.exe
  2⤵
  PID:5832
- C:\Windows\System\gmKcIqZ.exe
  C:\Windows\System\gmKcIqZ.exe
  2⤵
  PID:5852
- C:\Windows\System\XVtLDRb.exe
  C:\Windows\System\XVtLDRb.exe
  2⤵
  PID:5872
- C:\Windows\System\OTcrnou.exe
  C:\Windows\System\OTcrnou.exe
  2⤵
  PID:5892
- C:\Windows\System\leKxCRv.exe
  C:\Windows\System\leKxCRv.exe
  2⤵
  PID:5912
- C:\Windows\System\kFjSzQk.exe
  C:\Windows\System\kFjSzQk.exe
  2⤵
  PID:5932
- C:\Windows\System\DLrXJXR.exe
  C:\Windows\System\DLrXJXR.exe
  2⤵
  PID:5952
- C:\Windows\System\APpgWdI.exe
  C:\Windows\System\APpgWdI.exe
  2⤵
  PID:5972
- C:\Windows\System\KSLfwyc.exe
  C:\Windows\System\KSLfwyc.exe
  2⤵
  PID:5992
- C:\Windows\System\emMVjQo.exe
  C:\Windows\System\emMVjQo.exe
  2⤵
  PID:6012
- C:\Windows\System\vFQVEGU.exe
  C:\Windows\System\vFQVEGU.exe
  2⤵
  PID:6032
- C:\Windows\System\ZqnuIjX.exe
  C:\Windows\System\ZqnuIjX.exe
  2⤵
  PID:6052
- C:\Windows\System\fRySpBU.exe
  C:\Windows\System\fRySpBU.exe
  2⤵
  PID:6072
- C:\Windows\System\XhdZflG.exe
  C:\Windows\System\XhdZflG.exe
  2⤵
  PID:6092
- C:\Windows\System\MwhXymL.exe
  C:\Windows\System\MwhXymL.exe
  2⤵
  PID:6112
- C:\Windows\System\LxFlciN.exe
  C:\Windows\System\LxFlciN.exe
  2⤵
  PID:6132
- C:\Windows\System\mRCJHNA.exe
  C:\Windows\System\mRCJHNA.exe
  2⤵
  PID:5052
- C:\Windows\System\JuRHGSm.exe
  C:\Windows\System\JuRHGSm.exe
  2⤵
  PID:1660
- C:\Windows\System\MHNttwf.exe
  C:\Windows\System\MHNttwf.exe
  2⤵
  PID:1444
- C:\Windows\System\VVUEamV.exe
  C:\Windows\System\VVUEamV.exe
  2⤵
  PID:3528
- C:\Windows\System\TrNPTMc.exe
  C:\Windows\System\TrNPTMc.exe
  2⤵
  PID:3812
- C:\Windows\System\tXBcmJj.exe
  C:\Windows\System\tXBcmJj.exe
  2⤵
  PID:4060
- C:\Windows\System\heMjRYF.exe
  C:\Windows\System\heMjRYF.exe
  2⤵
  PID:4208
- C:\Windows\System\pmJzTFi.exe
  C:\Windows\System\pmJzTFi.exe
  2⤵
  PID:4292
- C:\Windows\System\idRZczN.exe
  C:\Windows\System\idRZczN.exe
  2⤵
  PID:4368
- C:\Windows\System\VTiIsnX.exe
  C:\Windows\System\VTiIsnX.exe
  2⤵
  PID:4464
- C:\Windows\System\RynFXqV.exe
  C:\Windows\System\RynFXqV.exe
  2⤵
  PID:4624
- C:\Windows\System\tVEABhG.exe
  C:\Windows\System\tVEABhG.exe
  2⤵
  PID:4668
- C:\Windows\System\CmsSOwV.exe
  C:\Windows\System\CmsSOwV.exe
  2⤵
  PID:4712
- C:\Windows\System\DbuEnIo.exe
  C:\Windows\System\DbuEnIo.exe
  2⤵
  PID:4844
- C:\Windows\System\yLDtApc.exe
  C:\Windows\System\yLDtApc.exe
  2⤵
  PID:4908
- C:\Windows\System\xjipFXG.exe
  C:\Windows\System\xjipFXG.exe
  2⤵
  PID:5124
- C:\Windows\System\CSSEjSO.exe
  C:\Windows\System\CSSEjSO.exe
  2⤵
  PID:5156
- C:\Windows\System\vydcVac.exe
  C:\Windows\System\vydcVac.exe
  2⤵
  PID:5184
- C:\Windows\System\tMidpjC.exe
  C:\Windows\System\tMidpjC.exe
  2⤵
  PID:5216
- C:\Windows\System\pLuXBim.exe
  C:\Windows\System\pLuXBim.exe
  2⤵
  PID:5240
- C:\Windows\System\WGNATca.exe
  C:\Windows\System\WGNATca.exe
  2⤵
  PID:5280
- C:\Windows\System\iVhccaK.exe
  C:\Windows\System\iVhccaK.exe
  2⤵
  PID:5324
- C:\Windows\System\dFVUhOs.exe
  C:\Windows\System\dFVUhOs.exe
  2⤵
  PID:5340
- C:\Windows\System\OGqBRdP.exe
  C:\Windows\System\OGqBRdP.exe
  2⤵
  PID:5384
- C:\Windows\System\YhEhQdN.exe
  C:\Windows\System\YhEhQdN.exe
  2⤵
  PID:5424
- C:\Windows\System\riUPjay.exe
  C:\Windows\System\riUPjay.exe
  2⤵
  PID:5456
- C:\Windows\System\AwAnTYt.exe
  C:\Windows\System\AwAnTYt.exe
  2⤵
  PID:5480
- C:\Windows\System\hDoVFTk.exe
  C:\Windows\System\hDoVFTk.exe
  2⤵
  PID:5520
- C:\Windows\System\TTcKPPz.exe
  C:\Windows\System\TTcKPPz.exe
  2⤵
  PID:5556
- C:\Windows\System\OfzYMYE.exe
  C:\Windows\System\OfzYMYE.exe
  2⤵
  PID:5584
- C:\Windows\System\OvLJuBv.exe
  C:\Windows\System\OvLJuBv.exe
  2⤵
  PID:5624
- C:\Windows\System\IuCtogo.exe
  C:\Windows\System\IuCtogo.exe
  2⤵
  PID:5656
- C:\Windows\System\iIdYzRz.exe
  C:\Windows\System\iIdYzRz.exe
  2⤵
  PID:5680
- C:\Windows\System\nRPUpdg.exe
  C:\Windows\System\nRPUpdg.exe
  2⤵
  PID:5728
- C:\Windows\System\MdcZuei.exe
  C:\Windows\System\MdcZuei.exe
  2⤵
  PID:5748
- C:\Windows\System\KhXapYF.exe
  C:\Windows\System\KhXapYF.exe
  2⤵
  PID:5788
- C:\Windows\System\zfgPBTr.exe
  C:\Windows\System\zfgPBTr.exe
  2⤵
  PID:5840
- C:\Windows\System\JjBlCOO.exe
  C:\Windows\System\JjBlCOO.exe
  2⤵
  PID:5868
- C:\Windows\System\EXxNWCJ.exe
  C:\Windows\System\EXxNWCJ.exe
  2⤵
  PID:5900
- C:\Windows\System\uKdpnaY.exe
  C:\Windows\System\uKdpnaY.exe
  2⤵
  PID:5904
- C:\Windows\System\vDShQBY.exe
  C:\Windows\System\vDShQBY.exe
  2⤵
  PID:5960
- C:\Windows\System\avcUmqL.exe
  C:\Windows\System\avcUmqL.exe
  2⤵
  PID:6000
- C:\Windows\System\mVEfswa.exe
  C:\Windows\System\mVEfswa.exe
  2⤵
  PID:6020
- C:\Windows\System\mVElIie.exe
  C:\Windows\System\mVElIie.exe
  2⤵
  PID:6060
- C:\Windows\System\feZbliG.exe
  C:\Windows\System\feZbliG.exe
  2⤵
  PID:6084
- C:\Windows\System\ZIrKYes.exe
  C:\Windows\System\ZIrKYes.exe
  2⤵
  PID:6104
- C:\Windows\System\JAEvBuy.exe
  C:\Windows\System\JAEvBuy.exe
  2⤵
  PID:5088
- C:\Windows\System\qkMNvNg.exe
  C:\Windows\System\qkMNvNg.exe
  2⤵
  PID:5116
- C:\Windows\System\NiUrLuW.exe
  C:\Windows\System\NiUrLuW.exe
  2⤵
  PID:3852
- C:\Windows\System\wIIpYvT.exe
  C:\Windows\System\wIIpYvT.exe
  2⤵
  PID:4124
- C:\Windows\System\vKvFuGm.exe
  C:\Windows\System\vKvFuGm.exe
  2⤵
  PID:4348
- C:\Windows\System\eIvrxAj.exe
  C:\Windows\System\eIvrxAj.exe
  2⤵
  PID:4520
- C:\Windows\System\TQozQGz.exe
  C:\Windows\System\TQozQGz.exe
  2⤵
  PID:4560
- C:\Windows\System\yYKYPmR.exe
  C:\Windows\System\yYKYPmR.exe
  2⤵
  PID:4812
- C:\Windows\System\FHtcUhT.exe
  C:\Windows\System\FHtcUhT.exe
  2⤵
  PID:4944
- C:\Windows\System\cNjwHxQ.exe
  C:\Windows\System\cNjwHxQ.exe
  2⤵
  PID:5140
- C:\Windows\System\EIjKvep.exe
  C:\Windows\System\EIjKvep.exe
  2⤵
  PID:5244
- C:\Windows\System\LmSIdwq.exe
  C:\Windows\System\LmSIdwq.exe
  2⤵
  PID:5304
- C:\Windows\System\yXqynoO.exe
  C:\Windows\System\yXqynoO.exe
  2⤵
  PID:5336
- C:\Windows\System\lMJQHZj.exe
  C:\Windows\System\lMJQHZj.exe
  2⤵
  PID:5436
- C:\Windows\System\ciSWbox.exe
  C:\Windows\System\ciSWbox.exe
  2⤵
  PID:5464
- C:\Windows\System\eWGnJhR.exe
  C:\Windows\System\eWGnJhR.exe
  2⤵
  PID:5516
- C:\Windows\System\ezYfOFs.exe
  C:\Windows\System\ezYfOFs.exe
  2⤵
  PID:5604
- C:\Windows\System\ChtZhki.exe
  C:\Windows\System\ChtZhki.exe
  2⤵
  PID:5620
- C:\Windows\System\xoVmJtk.exe
  C:\Windows\System\xoVmJtk.exe
  2⤵
  PID:5704
- C:\Windows\System\nkKMPwu.exe
  C:\Windows\System\nkKMPwu.exe
  2⤵
  PID:5800
- C:\Windows\System\pZYTUaK.exe
  C:\Windows\System\pZYTUaK.exe
  2⤵
  PID:5824
- C:\Windows\System\dTPiWlw.exe
  C:\Windows\System\dTPiWlw.exe
  2⤵
  PID:5884
- C:\Windows\System\izqujSf.exe
  C:\Windows\System\izqujSf.exe
  2⤵
  PID:5920
- C:\Windows\System\UTBCRMM.exe
  C:\Windows\System\UTBCRMM.exe
  2⤵
  PID:5988
- C:\Windows\System\CCJkhjA.exe
  C:\Windows\System\CCJkhjA.exe
  2⤵
  PID:6004
- C:\Windows\System\CYkfQCS.exe
  C:\Windows\System\CYkfQCS.exe
  2⤵
  PID:6088
- C:\Windows\System\AENrWDN.exe
  C:\Windows\System\AENrWDN.exe
  2⤵
  PID:5064
- C:\Windows\System\PSSaKwt.exe
  C:\Windows\System\PSSaKwt.exe
  2⤵
  PID:3648
- C:\Windows\System\SuAfjCQ.exe
  C:\Windows\System\SuAfjCQ.exe
  2⤵
  PID:4148
- C:\Windows\System\VlbEqHV.exe
  C:\Windows\System\VlbEqHV.exe
  2⤵
  PID:4508
- C:\Windows\System\BuXCULs.exe
  C:\Windows\System\BuXCULs.exe
  2⤵
  PID:4828
- C:\Windows\System\SoEZfMm.exe
  C:\Windows\System\SoEZfMm.exe
  2⤵
  PID:4988
- C:\Windows\System\sUNWSis.exe
  C:\Windows\System\sUNWSis.exe
  2⤵
  PID:5204
- C:\Windows\System\SpQOjjY.exe
  C:\Windows\System\SpQOjjY.exe
  2⤵
  PID:5344
- C:\Windows\System\pMRfzJX.exe
  C:\Windows\System\pMRfzJX.exe
  2⤵
  PID:6156
- C:\Windows\System\ZzOTtnj.exe
  C:\Windows\System\ZzOTtnj.exe
  2⤵
  PID:6176
- C:\Windows\System\atURVhK.exe
  C:\Windows\System\atURVhK.exe
  2⤵
  PID:6196
- C:\Windows\System\GEnDlsd.exe
  C:\Windows\System\GEnDlsd.exe
  2⤵
  PID:6216
- C:\Windows\System\OpsZjqc.exe
  C:\Windows\System\OpsZjqc.exe
  2⤵
  PID:6236
- C:\Windows\System\YUQZRpN.exe
  C:\Windows\System\YUQZRpN.exe
  2⤵
  PID:6256
- C:\Windows\System\qkLKgoj.exe
  C:\Windows\System\qkLKgoj.exe
  2⤵
  PID:6276
- C:\Windows\System\aQofrtl.exe
  C:\Windows\System\aQofrtl.exe
  2⤵
  PID:6296
- C:\Windows\System\xVHoSEN.exe
  C:\Windows\System\xVHoSEN.exe
  2⤵
  PID:6316
- C:\Windows\System\RXAJPMP.exe
  C:\Windows\System\RXAJPMP.exe
  2⤵
  PID:6336
- C:\Windows\System\gkJgNRT.exe
  C:\Windows\System\gkJgNRT.exe
  2⤵
  PID:6356
- C:\Windows\System\wzWAvpM.exe
  C:\Windows\System\wzWAvpM.exe
  2⤵
  PID:6376
- C:\Windows\System\rinPImB.exe
  C:\Windows\System\rinPImB.exe
  2⤵
  PID:6396
- C:\Windows\System\HaXqVXv.exe
  C:\Windows\System\HaXqVXv.exe
  2⤵
  PID:6420
- C:\Windows\System\NDLsQJb.exe
  C:\Windows\System\NDLsQJb.exe
  2⤵
  PID:6440
- C:\Windows\System\pQARJRh.exe
  C:\Windows\System\pQARJRh.exe
  2⤵
  PID:6460
- C:\Windows\System\ZfNfKeE.exe
  C:\Windows\System\ZfNfKeE.exe
  2⤵
  PID:6480
- C:\Windows\System\NLeymoY.exe
  C:\Windows\System\NLeymoY.exe
  2⤵
  PID:6500
- C:\Windows\System\tnzBeFn.exe
  C:\Windows\System\tnzBeFn.exe
  2⤵
  PID:6520
- C:\Windows\System\nXoDWRv.exe
  C:\Windows\System\nXoDWRv.exe
  2⤵
  PID:6540
- C:\Windows\System\jrrtDfo.exe
  C:\Windows\System\jrrtDfo.exe
  2⤵
  PID:6560
- C:\Windows\System\QXNKjHh.exe
  C:\Windows\System\QXNKjHh.exe
  2⤵
  PID:6580
- C:\Windows\System\gSprCxl.exe
  C:\Windows\System\gSprCxl.exe
  2⤵
  PID:6600
- C:\Windows\System\DZRjwkG.exe
  C:\Windows\System\DZRjwkG.exe
  2⤵
  PID:6620
- C:\Windows\System\okEkmwT.exe
  C:\Windows\System\okEkmwT.exe
  2⤵
  PID:6640
- C:\Windows\System\toheSgH.exe
  C:\Windows\System\toheSgH.exe
  2⤵
  PID:6660
- C:\Windows\System\JHzRbgt.exe
  C:\Windows\System\JHzRbgt.exe
  2⤵
  PID:6680
- C:\Windows\System\CEnVNHx.exe
  C:\Windows\System\CEnVNHx.exe
  2⤵
  PID:6700
- C:\Windows\System\NqrjflF.exe
  C:\Windows\System\NqrjflF.exe
  2⤵
  PID:6720
- C:\Windows\System\eizDLCO.exe
  C:\Windows\System\eizDLCO.exe
  2⤵
  PID:6740
- C:\Windows\System\QGrDSAI.exe
  C:\Windows\System\QGrDSAI.exe
  2⤵
  PID:6760
- C:\Windows\System\lkomgVC.exe
  C:\Windows\System\lkomgVC.exe
  2⤵
  PID:6780
- C:\Windows\System\okToLfB.exe
  C:\Windows\System\okToLfB.exe
  2⤵
  PID:6800
- C:\Windows\System\WTEFQpW.exe
  C:\Windows\System\WTEFQpW.exe
  2⤵
  PID:6820
- C:\Windows\System\MXinHsM.exe
  C:\Windows\System\MXinHsM.exe
  2⤵
  PID:6840
- C:\Windows\System\FtdbGVt.exe
  C:\Windows\System\FtdbGVt.exe
  2⤵
  PID:6860
- C:\Windows\System\YIEgqRs.exe
  C:\Windows\System\YIEgqRs.exe
  2⤵
  PID:6880
- C:\Windows\System\YSJbxaK.exe
  C:\Windows\System\YSJbxaK.exe
  2⤵
  PID:6900
- C:\Windows\System\VkurjrW.exe
  C:\Windows\System\VkurjrW.exe
  2⤵
  PID:6920
- C:\Windows\System\UHKUeGA.exe
  C:\Windows\System\UHKUeGA.exe
  2⤵
  PID:6940
- C:\Windows\System\HzkapvN.exe
  C:\Windows\System\HzkapvN.exe
  2⤵
  PID:6960
- C:\Windows\System\Rwsijdh.exe
  C:\Windows\System\Rwsijdh.exe
  2⤵
  PID:6980
- C:\Windows\System\IBZDogI.exe
  C:\Windows\System\IBZDogI.exe
  2⤵
  PID:7000
- C:\Windows\System\fXnUxfE.exe
  C:\Windows\System\fXnUxfE.exe
  2⤵
  PID:7020
- C:\Windows\System\iogwAiY.exe
  C:\Windows\System\iogwAiY.exe
  2⤵
  PID:7040
- C:\Windows\System\pLoWZas.exe
  C:\Windows\System\pLoWZas.exe
  2⤵
  PID:7060
- C:\Windows\System\zQFaefD.exe
  C:\Windows\System\zQFaefD.exe
  2⤵
  PID:7080
- C:\Windows\System\pUhhQrv.exe
  C:\Windows\System\pUhhQrv.exe
  2⤵
  PID:7100
- C:\Windows\System\RipLtHb.exe
  C:\Windows\System\RipLtHb.exe
  2⤵
  PID:7120
- C:\Windows\System\IoFDIXi.exe
  C:\Windows\System\IoFDIXi.exe
  2⤵
  PID:7140
- C:\Windows\System\rHkNJBw.exe
  C:\Windows\System\rHkNJBw.exe
  2⤵
  PID:7160
- C:\Windows\System\PiVmebJ.exe
  C:\Windows\System\PiVmebJ.exe
  2⤵
  PID:5400
- C:\Windows\System\yQjggUK.exe
  C:\Windows\System\yQjggUK.exe
  2⤵
  PID:5524
- C:\Windows\System\sPRevVs.exe
  C:\Windows\System\sPRevVs.exe
  2⤵
  PID:5600
- C:\Windows\System\ZnBjNtI.exe
  C:\Windows\System\ZnBjNtI.exe
  2⤵
  PID:5780
- C:\Windows\System\PbcAmci.exe
  C:\Windows\System\PbcAmci.exe
  2⤵
  PID:5880
- C:\Windows\System\zyraqJM.exe
  C:\Windows\System\zyraqJM.exe
  2⤵
  PID:5968
- C:\Windows\System\DEBLMUh.exe
  C:\Windows\System\DEBLMUh.exe
  2⤵
  PID:6044
- C:\Windows\System\TCpdAMj.exe
  C:\Windows\System\TCpdAMj.exe
  2⤵
  PID:6080
- C:\Windows\System\YPpGcMu.exe
  C:\Windows\System\YPpGcMu.exe
  2⤵
  PID:4112
- C:\Windows\System\PtYcXOz.exe
  C:\Windows\System\PtYcXOz.exe
  2⤵
  PID:2164
- C:\Windows\System\mgKnxqQ.exe
  C:\Windows\System\mgKnxqQ.exe
  2⤵
  PID:4904
- C:\Windows\System\YGmBwZU.exe
  C:\Windows\System\YGmBwZU.exe
  2⤵
  PID:5136
- C:\Windows\System\kOrLbBC.exe
  C:\Windows\System\kOrLbBC.exe
  2⤵
  PID:5300
- C:\Windows\System\MmcfYTn.exe
  C:\Windows\System\MmcfYTn.exe
  2⤵
  PID:6192
- C:\Windows\System\qNKElZz.exe
  C:\Windows\System\qNKElZz.exe
  2⤵
  PID:6224
- C:\Windows\System\alzJwce.exe
  C:\Windows\System\alzJwce.exe
  2⤵
  PID:6264
- C:\Windows\System\effeJqC.exe
  C:\Windows\System\effeJqC.exe
  2⤵
  PID:6292
- C:\Windows\System\MmGdgEA.exe
  C:\Windows\System\MmGdgEA.exe
  2⤵
  PID:6308
- C:\Windows\System\ajUbAab.exe
  C:\Windows\System\ajUbAab.exe
  2⤵
  PID:3016
- C:\Windows\System\acLmrCq.exe
  C:\Windows\System\acLmrCq.exe
  2⤵
  PID:6344
- C:\Windows\System\etwxPXW.exe
  C:\Windows\System\etwxPXW.exe
  2⤵
  PID:6384
- C:\Windows\System\maKkrgt.exe
  C:\Windows\System\maKkrgt.exe
  2⤵
  PID:6404
- C:\Windows\System\UCyvbWk.exe
  C:\Windows\System\UCyvbWk.exe
  2⤵
  PID:6436
- C:\Windows\System\hDnmBUJ.exe
  C:\Windows\System\hDnmBUJ.exe
  2⤵
  PID:6476
- C:\Windows\System\NpvpdXK.exe
  C:\Windows\System\NpvpdXK.exe
  2⤵
  PID:6516
- C:\Windows\System\FHRLugs.exe
  C:\Windows\System\FHRLugs.exe
  2⤵
  PID:6532
- C:\Windows\System\UUwlUbp.exe
  C:\Windows\System\UUwlUbp.exe
  2⤵
  PID:6588
- C:\Windows\System\TBabOxE.exe
  C:\Windows\System\TBabOxE.exe
  2⤵
  PID:6608
- C:\Windows\System\OaDdvfl.exe
  C:\Windows\System\OaDdvfl.exe
  2⤵
  PID:6632
- C:\Windows\System\dWSfntU.exe
  C:\Windows\System\dWSfntU.exe
  2⤵
  PID:6676
- C:\Windows\System\YRljbix.exe
  C:\Windows\System\YRljbix.exe
  2⤵
  PID:6708
- C:\Windows\System\fogOktq.exe
  C:\Windows\System\fogOktq.exe
  2⤵
  PID:6748
- C:\Windows\System\qPnGwNG.exe
  C:\Windows\System\qPnGwNG.exe
  2⤵
  PID:6776
- C:\Windows\System\wGdapmC.exe
  C:\Windows\System\wGdapmC.exe
  2⤵
  PID:6808
- C:\Windows\System\vfmIZgr.exe
  C:\Windows\System\vfmIZgr.exe
  2⤵
  PID:6832
- C:\Windows\System\CqAnGIG.exe
  C:\Windows\System\CqAnGIG.exe
  2⤵
  PID:6876
- C:\Windows\System\MTiyYbz.exe
  C:\Windows\System\MTiyYbz.exe
  2⤵
  PID:6916
- C:\Windows\System\hcArVFO.exe
  C:\Windows\System\hcArVFO.exe
  2⤵
  PID:6932
- C:\Windows\System\iSJZlWx.exe
  C:\Windows\System\iSJZlWx.exe
  2⤵
  PID:6988
- C:\Windows\System\soXvXkT.exe
  C:\Windows\System\soXvXkT.exe
  2⤵
  PID:7008
- C:\Windows\System\PVpdTcO.exe
  C:\Windows\System\PVpdTcO.exe
  2⤵
  PID:7012
- C:\Windows\System\WDQbyHm.exe
  C:\Windows\System\WDQbyHm.exe
  2⤵
  PID:7072
- C:\Windows\System\MscFhWv.exe
  C:\Windows\System\MscFhWv.exe
  2⤵
  PID:7116
- C:\Windows\System\dViCSqo.exe
  C:\Windows\System\dViCSqo.exe
  2⤵
  PID:7148
- C:\Windows\System\hDpLTSr.exe
  C:\Windows\System\hDpLTSr.exe
  2⤵
  PID:5540
- C:\Windows\System\DRLaWBL.exe
  C:\Windows\System\DRLaWBL.exe
  2⤵
  PID:5768
- C:\Windows\System\WJsXYmW.exe
  C:\Windows\System\WJsXYmW.exe
  2⤵
  PID:5848
- C:\Windows\System\BvOSjAG.exe
  C:\Windows\System\BvOSjAG.exe
  2⤵
  PID:5804
- C:\Windows\System\VVPRAls.exe
  C:\Windows\System\VVPRAls.exe
  2⤵
  PID:6120
- C:\Windows\System\DSQYElP.exe
  C:\Windows\System\DSQYElP.exe
  2⤵
  PID:4400
- C:\Windows\System\qJynJbW.exe
  C:\Windows\System\qJynJbW.exe
  2⤵
  PID:4584
- C:\Windows\System\onSpCAq.exe
  C:\Windows\System\onSpCAq.exe
  2⤵
  PID:6168
- C:\Windows\System\oQuNfRn.exe
  C:\Windows\System\oQuNfRn.exe
  2⤵
  PID:5396
- C:\Windows\System\yROeJTY.exe
  C:\Windows\System\yROeJTY.exe
  2⤵
  PID:6244
- C:\Windows\System\yUMzQIx.exe
  C:\Windows\System\yUMzQIx.exe
  2⤵
  PID:1900
- C:\Windows\System\bmNJrpF.exe
  C:\Windows\System\bmNJrpF.exe
  2⤵
  PID:1616
- C:\Windows\System\zMczEZS.exe
  C:\Windows\System\zMczEZS.exe
  2⤵
  PID:6364
- C:\Windows\System\PTWxufz.exe
  C:\Windows\System\PTWxufz.exe
  2⤵
  PID:6448
- C:\Windows\System\EHgdHSa.exe
  C:\Windows\System\EHgdHSa.exe
  2⤵
  PID:6456
- C:\Windows\System\lrRTTsa.exe
  C:\Windows\System\lrRTTsa.exe
  2⤵
  PID:6508
- C:\Windows\System\ZAbeFpC.exe
  C:\Windows\System\ZAbeFpC.exe
  2⤵
  PID:6592
- C:\Windows\System\VBfhHro.exe
  C:\Windows\System\VBfhHro.exe
  2⤵
  PID:6612
- C:\Windows\System\iuXxBlv.exe
  C:\Windows\System\iuXxBlv.exe
  2⤵
  PID:6712
- C:\Windows\System\JsBgsbh.exe
  C:\Windows\System\JsBgsbh.exe
  2⤵
  PID:6736
- C:\Windows\System\HDqcNNS.exe
  C:\Windows\System\HDqcNNS.exe
  2⤵
  PID:6752
- C:\Windows\System\RjqAYRy.exe
  C:\Windows\System\RjqAYRy.exe
  2⤵
  PID:6828
- C:\Windows\System\jeDuGoA.exe
  C:\Windows\System\jeDuGoA.exe
  2⤵
  PID:6896
- C:\Windows\System\uuwAdgO.exe
  C:\Windows\System\uuwAdgO.exe
  2⤵
  PID:6952
- C:\Windows\System\YBKZiIB.exe
  C:\Windows\System\YBKZiIB.exe
  2⤵
  PID:7028
- C:\Windows\System\KoFelIC.exe
  C:\Windows\System\KoFelIC.exe
  2⤵
  PID:7096
- C:\Windows\System\dnbmmQV.exe
  C:\Windows\System\dnbmmQV.exe
  2⤵
  PID:7092
- C:\Windows\System\ARsEgMc.exe
  C:\Windows\System\ARsEgMc.exe
  2⤵
  PID:5404
- C:\Windows\System\EOXmlZL.exe
  C:\Windows\System\EOXmlZL.exe
  2⤵
  PID:5644
- C:\Windows\System\OxNEldQ.exe
  C:\Windows\System\OxNEldQ.exe
  2⤵
  PID:6140
- C:\Windows\System\dYuZGCN.exe
  C:\Windows\System\dYuZGCN.exe
  2⤵
  PID:2248
- C:\Windows\System\iCSvHJa.exe
  C:\Windows\System\iCSvHJa.exe
  2⤵
  PID:6204
- C:\Windows\System\RXXlhFq.exe
  C:\Windows\System\RXXlhFq.exe
  2⤵
  PID:6208
- C:\Windows\System\PLFDIuv.exe
  C:\Windows\System\PLFDIuv.exe
  2⤵
  PID:6268
- C:\Windows\System\qxRAVFv.exe
  C:\Windows\System\qxRAVFv.exe
  2⤵
  PID:6332
- C:\Windows\System\fNcTZgU.exe
  C:\Windows\System\fNcTZgU.exe
  2⤵
  PID:6408
- C:\Windows\System\PDFXNkk.exe
  C:\Windows\System\PDFXNkk.exe
  2⤵
  PID:6556
- C:\Windows\System\YQHkcdZ.exe
  C:\Windows\System\YQHkcdZ.exe
  2⤵
  PID:6692
- C:\Windows\System\xZFlpAh.exe
  C:\Windows\System\xZFlpAh.exe
  2⤵
  PID:6836
- C:\Windows\System\YVLeGLH.exe
  C:\Windows\System\YVLeGLH.exe
  2⤵
  PID:6888
- C:\Windows\System\WGAghrz.exe
  C:\Windows\System\WGAghrz.exe
  2⤵
  PID:6956
- C:\Windows\System\bxnBCyA.exe
  C:\Windows\System\bxnBCyA.exe
  2⤵
  PID:7188
- C:\Windows\System\eTUKDAT.exe
  C:\Windows\System\eTUKDAT.exe
  2⤵
  PID:7208
- C:\Windows\System\bfRAwoN.exe
  C:\Windows\System\bfRAwoN.exe
  2⤵
  PID:7228
- C:\Windows\System\YhIuglt.exe
  C:\Windows\System\YhIuglt.exe
  2⤵
  PID:7248
- C:\Windows\System\ZJvxsRg.exe
  C:\Windows\System\ZJvxsRg.exe
  2⤵
  PID:7268
- C:\Windows\System\ZCaFtNb.exe
  C:\Windows\System\ZCaFtNb.exe
  2⤵
  PID:7284
- C:\Windows\System\DtUvIQe.exe
  C:\Windows\System\DtUvIQe.exe
  2⤵
  PID:7308
- C:\Windows\System\cTniLEQ.exe
  C:\Windows\System\cTniLEQ.exe
  2⤵
  PID:7328
- C:\Windows\System\hoQDahU.exe
  C:\Windows\System\hoQDahU.exe
  2⤵
  PID:7348
- C:\Windows\System\iCvKAkX.exe
  C:\Windows\System\iCvKAkX.exe
  2⤵
  PID:7368
- C:\Windows\System\ZFVUZjl.exe
  C:\Windows\System\ZFVUZjl.exe
  2⤵
  PID:7388
- C:\Windows\System\YFqMuVa.exe
  C:\Windows\System\YFqMuVa.exe
  2⤵
  PID:7408
- C:\Windows\System\IVCFURx.exe
  C:\Windows\System\IVCFURx.exe
  2⤵
  PID:7428
- C:\Windows\System\bKQmiIg.exe
  C:\Windows\System\bKQmiIg.exe
  2⤵
  PID:7444
- C:\Windows\System\mwLaSCY.exe
  C:\Windows\System\mwLaSCY.exe
  2⤵
  PID:7464
- C:\Windows\System\aVcFpQb.exe
  C:\Windows\System\aVcFpQb.exe
  2⤵
  PID:7488
- C:\Windows\System\SsBrurD.exe
  C:\Windows\System\SsBrurD.exe
  2⤵
  PID:7508
- C:\Windows\System\tSdQdoo.exe
  C:\Windows\System\tSdQdoo.exe
  2⤵
  PID:7528
- C:\Windows\System\btkDKfA.exe
  C:\Windows\System\btkDKfA.exe
  2⤵
  PID:7548
- C:\Windows\System\DfOPwVc.exe
  C:\Windows\System\DfOPwVc.exe
  2⤵
  PID:7564
- C:\Windows\System\suwRJCL.exe
  C:\Windows\System\suwRJCL.exe
  2⤵
  PID:7588
- C:\Windows\System\lerENFg.exe
  C:\Windows\System\lerENFg.exe
  2⤵
  PID:7608
- C:\Windows\System\gynvKLk.exe
  C:\Windows\System\gynvKLk.exe
  2⤵
  PID:7628
- C:\Windows\System\UWcBUYj.exe
  C:\Windows\System\UWcBUYj.exe
  2⤵
  PID:7648
- C:\Windows\System\mudhHJk.exe
  C:\Windows\System\mudhHJk.exe
  2⤵
  PID:7668
- C:\Windows\System\EfPxMjD.exe
  C:\Windows\System\EfPxMjD.exe
  2⤵
  PID:7688
- C:\Windows\System\aPPSNFW.exe
  C:\Windows\System\aPPSNFW.exe
  2⤵
  PID:7708
- C:\Windows\System\gKrtmhB.exe
  C:\Windows\System\gKrtmhB.exe
  2⤵
  PID:7724
- C:\Windows\System\clXWHkC.exe
  C:\Windows\System\clXWHkC.exe
  2⤵
  PID:7748
- C:\Windows\System\BbTQbmg.exe
  C:\Windows\System\BbTQbmg.exe
  2⤵
  PID:7768
- C:\Windows\System\hPalZJM.exe
  C:\Windows\System\hPalZJM.exe
  2⤵
  PID:7792
- C:\Windows\System\dBfjuxl.exe
  C:\Windows\System\dBfjuxl.exe
  2⤵
  PID:7812
- C:\Windows\System\BHJHTHX.exe
  C:\Windows\System\BHJHTHX.exe
  2⤵
  PID:7832
- C:\Windows\System\YCPmHMa.exe
  C:\Windows\System\YCPmHMa.exe
  2⤵
  PID:7852
- C:\Windows\System\TELjAsB.exe
  C:\Windows\System\TELjAsB.exe
  2⤵
  PID:7872
- C:\Windows\System\tPgxOzm.exe
  C:\Windows\System\tPgxOzm.exe
  2⤵
  PID:7892
- C:\Windows\System\CwTlgZo.exe
  C:\Windows\System\CwTlgZo.exe
  2⤵
  PID:7912
- C:\Windows\System\DuVdjiP.exe
  C:\Windows\System\DuVdjiP.exe
  2⤵
  PID:7932
- C:\Windows\System\yDBjnGz.exe
  C:\Windows\System\yDBjnGz.exe
  2⤵
  PID:7952
- C:\Windows\System\EDpnxgF.exe
  C:\Windows\System\EDpnxgF.exe
  2⤵
  PID:7972
- C:\Windows\System\yvJUYMx.exe
  C:\Windows\System\yvJUYMx.exe
  2⤵
  PID:7992
- C:\Windows\System\fVxSXKe.exe
  C:\Windows\System\fVxSXKe.exe
  2⤵
  PID:8012
- C:\Windows\System\PNEAqRl.exe
  C:\Windows\System\PNEAqRl.exe
  2⤵
  PID:8032
- C:\Windows\System\lRiJVfh.exe
  C:\Windows\System\lRiJVfh.exe
  2⤵
  PID:8052
- C:\Windows\System\JkNGNqo.exe
  C:\Windows\System\JkNGNqo.exe
  2⤵
  PID:8072
- C:\Windows\System\jZOCggm.exe
  C:\Windows\System\jZOCggm.exe
  2⤵
  PID:8092
- C:\Windows\System\mnygFeN.exe
  C:\Windows\System\mnygFeN.exe
  2⤵
  PID:8112
- C:\Windows\System\RWlqRCm.exe
  C:\Windows\System\RWlqRCm.exe
  2⤵
  PID:8132
- C:\Windows\System\huIapyT.exe
  C:\Windows\System\huIapyT.exe
  2⤵
  PID:8152
- C:\Windows\System\FMgoAPK.exe
  C:\Windows\System\FMgoAPK.exe
  2⤵
  PID:8172
- C:\Windows\System\RobAWxt.exe
  C:\Windows\System\RobAWxt.exe
  2⤵
  PID:7076
- C:\Windows\System\HfkuLBS.exe
  C:\Windows\System\HfkuLBS.exe
  2⤵
  PID:7052
- C:\Windows\System\MuRoInS.exe
  C:\Windows\System\MuRoInS.exe
  2⤵
  PID:5720
- C:\Windows\System\YffwVnQ.exe
  C:\Windows\System\YffwVnQ.exe
  2⤵
  PID:4036
- C:\Windows\System\zMSIBAl.exe
  C:\Windows\System\zMSIBAl.exe
  2⤵
  PID:4804
- C:\Windows\System\ugUAFTt.exe
  C:\Windows\System\ugUAFTt.exe
  2⤵
  PID:1152
- C:\Windows\System\GMjoOeK.exe
  C:\Windows\System\GMjoOeK.exe
  2⤵
  PID:6372
- C:\Windows\System\zTQWdmN.exe
  C:\Windows\System\zTQWdmN.exe
  2⤵
  PID:6368
- C:\Windows\System\kRpVPmm.exe
  C:\Windows\System\kRpVPmm.exe
  2⤵
  PID:6536
- C:\Windows\System\PNjfVWP.exe
  C:\Windows\System\PNjfVWP.exe
  2⤵
  PID:6768
- C:\Windows\System\mIUppqO.exe
  C:\Windows\System\mIUppqO.exe
  2⤵
  PID:6892
- C:\Windows\System\HqEQJzd.exe
  C:\Windows\System\HqEQJzd.exe
  2⤵
  PID:7224
- C:\Windows\System\vACHZot.exe
  C:\Windows\System\vACHZot.exe
  2⤵
  PID:7236
- C:\Windows\System\fTyMBMy.exe
  C:\Windows\System\fTyMBMy.exe
  2⤵
  PID:7244
- C:\Windows\System\EtlqzyV.exe
  C:\Windows\System\EtlqzyV.exe
  2⤵
  PID:7336
- C:\Windows\System\dhFdHhT.exe
  C:\Windows\System\dhFdHhT.exe
  2⤵
  PID:7340
- C:\Windows\System\sJJjUlh.exe
  C:\Windows\System\sJJjUlh.exe
  2⤵
  PID:7364
- C:\Windows\System\uufsDeV.exe
  C:\Windows\System\uufsDeV.exe
  2⤵
  PID:7420
- C:\Windows\System\vZPiBKC.exe
  C:\Windows\System\vZPiBKC.exe
  2⤵
  PID:7460
- C:\Windows\System\aDxxNtH.exe
  C:\Windows\System\aDxxNtH.exe
  2⤵
  PID:7496
- C:\Windows\System\IGNbDYF.exe
  C:\Windows\System\IGNbDYF.exe
  2⤵
  PID:7516
- C:\Windows\System\CbFAeBa.exe
  C:\Windows\System\CbFAeBa.exe
  2⤵
  PID:7520
- C:\Windows\System\aNvskbq.exe
  C:\Windows\System\aNvskbq.exe
  2⤵
  PID:7580
- C:\Windows\System\ugosJJW.exe
  C:\Windows\System\ugosJJW.exe
  2⤵
  PID:7596
- C:\Windows\System\TCMOnii.exe
  C:\Windows\System\TCMOnii.exe
  2⤵
  PID:7640
- C:\Windows\System\DUHAMQL.exe
  C:\Windows\System\DUHAMQL.exe
  2⤵
  PID:7676
- C:\Windows\System\BPODecB.exe
  C:\Windows\System\BPODecB.exe
  2⤵
  PID:7680
- C:\Windows\System\OQsNxNg.exe
  C:\Windows\System\OQsNxNg.exe
  2⤵
  PID:7740
- C:\Windows\System\VUpPrwv.exe
  C:\Windows\System\VUpPrwv.exe
  2⤵
  PID:7788
- C:\Windows\System\raPJVXj.exe
  C:\Windows\System\raPJVXj.exe
  2⤵
  PID:2168
- C:\Windows\System\TXrDePs.exe
  C:\Windows\System\TXrDePs.exe
  2⤵
  PID:7804
- C:\Windows\System\agwVNRU.exe
  C:\Windows\System\agwVNRU.exe
  2⤵
  PID:7844
- C:\Windows\System\uKWXLvo.exe
  C:\Windows\System\uKWXLvo.exe
  2⤵
  PID:7884
- C:\Windows\System\JHHrChv.exe
  C:\Windows\System\JHHrChv.exe
  2⤵
  PID:7928
- C:\Windows\System\xWvxbMu.exe
  C:\Windows\System\xWvxbMu.exe
  2⤵
  PID:7964
- C:\Windows\System\qEGTDVD.exe
  C:\Windows\System\qEGTDVD.exe
  2⤵
  PID:8024
- C:\Windows\System\KlwXTga.exe
  C:\Windows\System\KlwXTga.exe
  2⤵
  PID:8040
- C:\Windows\System\chbMnIW.exe
  C:\Windows\System\chbMnIW.exe
  2⤵
  PID:8064
- C:\Windows\System\RrHMaKw.exe
  C:\Windows\System\RrHMaKw.exe
  2⤵
  PID:8084
- C:\Windows\System\lUpIwjx.exe
  C:\Windows\System\lUpIwjx.exe
  2⤵
  PID:8128
- C:\Windows\System\zWlKdMG.exe
  C:\Windows\System\zWlKdMG.exe
  2⤵
  PID:8184
- C:\Windows\System\VhuooYy.exe
  C:\Windows\System\VhuooYy.exe
  2⤵
  PID:6972
- C:\Windows\System\YaVyxrG.exe
  C:\Windows\System\YaVyxrG.exe
  2⤵
  PID:5844
- C:\Windows\System\ccWpvzi.exe
  C:\Windows\System\ccWpvzi.exe
  2⤵
  PID:5068
- C:\Windows\System\oxostyq.exe
  C:\Windows\System\oxostyq.exe
  2⤵
  PID:6212
- C:\Windows\System\lZylbLK.exe
  C:\Windows\System\lZylbLK.exe
  2⤵
  PID:6492
- C:\Windows\System\AIhFDqI.exe
  C:\Windows\System\AIhFDqI.exe
  2⤵
  PID:6856
- C:\Windows\System\VcGgdrk.exe
  C:\Windows\System\VcGgdrk.exe
  2⤵
  PID:7256
- C:\Windows\System\CcNijIs.exe
  C:\Windows\System\CcNijIs.exe
  2⤵
  PID:7180
- C:\Windows\System\mLrppMq.exe
  C:\Windows\System\mLrppMq.exe
  2⤵
  PID:7356
- C:\Windows\System\czzzddq.exe
  C:\Windows\System\czzzddq.exe
  2⤵
  PID:7452
- C:\Windows\System\PluNexD.exe
  C:\Windows\System\PluNexD.exe
  2⤵
  PID:7484
- C:\Windows\System\tlveEmB.exe
  C:\Windows\System\tlveEmB.exe
  2⤵
  PID:7556
- C:\Windows\System\kRRVrAv.exe
  C:\Windows\System\kRRVrAv.exe
  2⤵
  PID:7436
- C:\Windows\System\Wslfyzx.exe
  C:\Windows\System\Wslfyzx.exe
  2⤵
  PID:7644
- C:\Windows\System\yKiJckS.exe
  C:\Windows\System\yKiJckS.exe
  2⤵
  PID:7700
- C:\Windows\System\dtnMpek.exe
  C:\Windows\System\dtnMpek.exe
  2⤵
  PID:7828
- C:\Windows\System\SxhlyQR.exe
  C:\Windows\System\SxhlyQR.exe
  2⤵
  PID:7808
- C:\Windows\System\QKfwJbj.exe
  C:\Windows\System\QKfwJbj.exe
  2⤵
  PID:7880
- C:\Windows\System\yXWngGc.exe
  C:\Windows\System\yXWngGc.exe
  2⤵
  PID:7760
- C:\Windows\System\PyHrGvI.exe
  C:\Windows\System\PyHrGvI.exe
  2⤵
  PID:7848
- C:\Windows\System\vwYlpeL.exe
  C:\Windows\System\vwYlpeL.exe
  2⤵
  PID:8060
- C:\Windows\System\AzluAEb.exe
  C:\Windows\System\AzluAEb.exe
  2⤵
  PID:7920
- C:\Windows\System\katsaGd.exe
  C:\Windows\System\katsaGd.exe
  2⤵
  PID:8044
- C:\Windows\System\jvMIWsN.exe
  C:\Windows\System\jvMIWsN.exe
  2⤵
  PID:8104
- C:\Windows\System\gyAARFt.exe
  C:\Windows\System\gyAARFt.exe
  2⤵
  PID:7108
- C:\Windows\System\bFoZztJ.exe
  C:\Windows\System\bFoZztJ.exe
  2⤵
  PID:3932
- C:\Windows\System\rLRQqCX.exe
  C:\Windows\System\rLRQqCX.exe
  2⤵
  PID:8164
- C:\Windows\System\xokDAPJ.exe
  C:\Windows\System\xokDAPJ.exe
  2⤵
  PID:6652
- C:\Windows\System\UpijjGQ.exe
  C:\Windows\System\UpijjGQ.exe
  2⤵
  PID:7276
- C:\Windows\System\OAWdWYn.exe
  C:\Windows\System\OAWdWYn.exe
  2⤵
  PID:7204
- C:\Windows\System\OWZHKmQ.exe
  C:\Windows\System\OWZHKmQ.exe
  2⤵
  PID:7196
- C:\Windows\System\ZscPcCT.exe
  C:\Windows\System\ZscPcCT.exe
  2⤵
  PID:7576
- C:\Windows\System\hAoJVHH.exe
  C:\Windows\System\hAoJVHH.exe
  2⤵
  PID:7320
- C:\Windows\System\aibJhuF.exe
  C:\Windows\System\aibJhuF.exe
  2⤵
  PID:7524
- C:\Windows\System\GkTjCxY.exe
  C:\Windows\System\GkTjCxY.exe
  2⤵
  PID:7616
- C:\Windows\System\NBIggQM.exe
  C:\Windows\System\NBIggQM.exe
  2⤵
  PID:7660
- C:\Windows\System\XnZRznt.exe
  C:\Windows\System\XnZRznt.exe
  2⤵
  PID:7860
- C:\Windows\System\tQQjuLq.exe
  C:\Windows\System\tQQjuLq.exe
  2⤵
  PID:7868
- C:\Windows\System\ndtKPaj.exe
  C:\Windows\System\ndtKPaj.exe
  2⤵
  PID:7908
- C:\Windows\System\pguOSJr.exe
  C:\Windows\System\pguOSJr.exe
  2⤵
  PID:8108
- C:\Windows\System\FVGSSzu.exe
  C:\Windows\System\FVGSSzu.exe
  2⤵
  PID:8028
- C:\Windows\System\AHDJvzs.exe
  C:\Windows\System\AHDJvzs.exe
  2⤵
  PID:6328
- C:\Windows\System\YIlFKiz.exe
  C:\Windows\System\YIlFKiz.exe
  2⤵
  PID:5444
- C:\Windows\System\ApNlBOy.exe
  C:\Windows\System\ApNlBOy.exe
  2⤵
  PID:7296
- C:\Windows\System\XgriHxT.exe
  C:\Windows\System\XgriHxT.exe
  2⤵
  PID:8204
- C:\Windows\System\GTLOvrY.exe
  C:\Windows\System\GTLOvrY.exe
  2⤵
  PID:8220
- C:\Windows\System\UQdxfCy.exe
  C:\Windows\System\UQdxfCy.exe
  2⤵
  PID:8240
- C:\Windows\System\RqokPUL.exe
  C:\Windows\System\RqokPUL.exe
  2⤵
  PID:8256
- C:\Windows\System\ppwbCzp.exe
  C:\Windows\System\ppwbCzp.exe
  2⤵
  PID:8288
- C:\Windows\System\duGQJHK.exe
  C:\Windows\System\duGQJHK.exe
  2⤵
  PID:8304
- C:\Windows\System\mjRRaEX.exe
  C:\Windows\System\mjRRaEX.exe
  2⤵
  PID:8324
- C:\Windows\System\VtRTvpc.exe
  C:\Windows\System\VtRTvpc.exe
  2⤵
  PID:8340
- C:\Windows\System\FDUpbfZ.exe
  C:\Windows\System\FDUpbfZ.exe
  2⤵
  PID:8428
- C:\Windows\System\ImGADxA.exe
  C:\Windows\System\ImGADxA.exe
  2⤵
  PID:8444
- C:\Windows\System\ePalCGR.exe
  C:\Windows\System\ePalCGR.exe
  2⤵
  PID:8460
- C:\Windows\System\eKlTCxU.exe
  C:\Windows\System\eKlTCxU.exe
  2⤵
  PID:8476
- C:\Windows\System\xUinUxP.exe
  C:\Windows\System\xUinUxP.exe
  2⤵
  PID:8492
- C:\Windows\System\EoCMKRN.exe
  C:\Windows\System\EoCMKRN.exe
  2⤵
  PID:8552
- C:\Windows\System\MxfjOzF.exe
  C:\Windows\System\MxfjOzF.exe
  2⤵
  PID:8576
- C:\Windows\System\pRUSjBE.exe
  C:\Windows\System\pRUSjBE.exe
  2⤵
  PID:8604
- C:\Windows\System\Uzwboik.exe
  C:\Windows\System\Uzwboik.exe
  2⤵
  PID:8620
- C:\Windows\System\cXTgvhU.exe
  C:\Windows\System\cXTgvhU.exe
  2⤵
  PID:8648
- C:\Windows\System\HiKzlPZ.exe
  C:\Windows\System\HiKzlPZ.exe
  2⤵
  PID:8668
- C:\Windows\System\UpwXLlE.exe
  C:\Windows\System\UpwXLlE.exe
  2⤵
  PID:8692
- C:\Windows\System\gtdSKnV.exe
  C:\Windows\System\gtdSKnV.exe
  2⤵
  PID:8744
- C:\Windows\System\pcqlIFg.exe
  C:\Windows\System\pcqlIFg.exe
  2⤵
  PID:8760
- C:\Windows\System\ChqyeRj.exe
  C:\Windows\System\ChqyeRj.exe
  2⤵
  PID:8784
- C:\Windows\System\JxGysOi.exe
  C:\Windows\System\JxGysOi.exe
  2⤵
  PID:8800
- C:\Windows\System\tFdEaDy.exe
  C:\Windows\System\tFdEaDy.exe
  2⤵
  PID:8828
- C:\Windows\System\rhvPBWN.exe
  C:\Windows\System\rhvPBWN.exe
  2⤵
  PID:8844
- C:\Windows\System\QpIIvuA.exe
  C:\Windows\System\QpIIvuA.exe
  2⤵
  PID:8860
- C:\Windows\System\BUBOhCK.exe
  C:\Windows\System\BUBOhCK.exe
  2⤵
  PID:8876
- C:\Windows\System\YllEQwn.exe
  C:\Windows\System\YllEQwn.exe
  2⤵
  PID:8892
- C:\Windows\System\zsLsPmg.exe
  C:\Windows\System\zsLsPmg.exe
  2⤵
  PID:8912
- C:\Windows\System\aEdGCRK.exe
  C:\Windows\System\aEdGCRK.exe
  2⤵
  PID:8932
- C:\Windows\System\OpVHQfE.exe
  C:\Windows\System\OpVHQfE.exe
  2⤵
  PID:8948
- C:\Windows\System\ozujeCM.exe
  C:\Windows\System\ozujeCM.exe
  2⤵
  PID:8964
- C:\Windows\System\KFavfDB.exe
  C:\Windows\System\KFavfDB.exe
  2⤵
  PID:8980
- C:\Windows\System\fFOjdFz.exe
  C:\Windows\System\fFOjdFz.exe
  2⤵
  PID:9000
- C:\Windows\System\PpkheUz.exe
  C:\Windows\System\PpkheUz.exe
  2⤵
  PID:9016
- C:\Windows\System\ErAoOpa.exe
  C:\Windows\System\ErAoOpa.exe
  2⤵
  PID:9032
- C:\Windows\System\piQYKvW.exe
  C:\Windows\System\piQYKvW.exe
  2⤵
  PID:9052
- C:\Windows\System\CCnleKt.exe
  C:\Windows\System\CCnleKt.exe
  2⤵
  PID:9072
- C:\Windows\System\LeEAqMp.exe
  C:\Windows\System\LeEAqMp.exe
  2⤵
  PID:9092
- C:\Windows\System\UZRnwXj.exe
  C:\Windows\System\UZRnwXj.exe
  2⤵
  PID:9116
- C:\Windows\System\LQvEgZO.exe
  C:\Windows\System\LQvEgZO.exe
  2⤵
  PID:9132
- C:\Windows\System\sKsPcRh.exe
  C:\Windows\System\sKsPcRh.exe
  2⤵
  PID:9152
- C:\Windows\System\wpKJMgg.exe
  C:\Windows\System\wpKJMgg.exe
  2⤵
  PID:9168
- C:\Windows\System\zWTcjsa.exe
  C:\Windows\System\zWTcjsa.exe
  2⤵
  PID:9184
- C:\Windows\System\tSuKCON.exe
  C:\Windows\System\tSuKCON.exe
  2⤵
  PID:9212
- C:\Windows\System\rZMghLF.exe
  C:\Windows\System\rZMghLF.exe
  2⤵
  PID:7540
- C:\Windows\System\GpBJyVz.exe
  C:\Windows\System\GpBJyVz.exe
  2⤵
  PID:7280
- C:\Windows\System\CxVyLKi.exe
  C:\Windows\System\CxVyLKi.exe
  2⤵
  PID:7696
- C:\Windows\System\hoiDFMk.exe
  C:\Windows\System\hoiDFMk.exe
  2⤵
  PID:8100
- C:\Windows\System\gLiLOqk.exe
  C:\Windows\System\gLiLOqk.exe
  2⤵
  PID:7776
- C:\Windows\System\WXESHQE.exe
  C:\Windows\System\WXESHQE.exe
  2⤵
  PID:8188
- C:\Windows\System\FOEaJQo.exe
  C:\Windows\System\FOEaJQo.exe
  2⤵
  PID:6812
- C:\Windows\System\QxyYubl.exe
  C:\Windows\System\QxyYubl.exe
  2⤵
  PID:8216
- C:\Windows\System\xBYHesT.exe
  C:\Windows\System\xBYHesT.exe
  2⤵
  PID:8180
- C:\Windows\System\BYNjMwQ.exe
  C:\Windows\System\BYNjMwQ.exe
  2⤵
  PID:8248
- C:\Windows\System\oPeCnYn.exe
  C:\Windows\System\oPeCnYn.exe
  2⤵
  PID:8264
- C:\Windows\System\mnEeTem.exe
  C:\Windows\System\mnEeTem.exe
  2⤵
  PID:8284
- C:\Windows\System\LWdSguF.exe
  C:\Windows\System\LWdSguF.exe
  2⤵
  PID:8320
- C:\Windows\System\zOFGrFl.exe
  C:\Windows\System\zOFGrFl.exe
  2⤵
  PID:8348
- C:\Windows\System\TGwiNfE.exe
  C:\Windows\System\TGwiNfE.exe
  2⤵
  PID:8364
- C:\Windows\System\eqqLxjT.exe
  C:\Windows\System\eqqLxjT.exe
  2⤵
  PID:2140
- C:\Windows\System\WVevSZx.exe
  C:\Windows\System\WVevSZx.exe
  2⤵
  PID:8376
- C:\Windows\System\ORQdQdf.exe
  C:\Windows\System\ORQdQdf.exe
  2⤵
  PID:2452
- C:\Windows\System\RoXJFao.exe
  C:\Windows\System\RoXJFao.exe
  2⤵
  PID:8408
- C:\Windows\System\foxkBcA.exe
  C:\Windows\System\foxkBcA.exe
  2⤵
  PID:2884
- C:\Windows\System\EBUAwrL.exe
  C:\Windows\System\EBUAwrL.exe
  2⤵
  PID:8436
- C:\Windows\System\vaNUqvn.exe
  C:\Windows\System\vaNUqvn.exe
  2⤵
  PID:8452
- C:\Windows\System\QjIdISR.exe
  C:\Windows\System\QjIdISR.exe
  2⤵
  PID:1652
- C:\Windows\System\nzYfkNo.exe
  C:\Windows\System\nzYfkNo.exe
  2⤵
  PID:3048
- C:\Windows\System\KwGBpod.exe
  C:\Windows\System\KwGBpod.exe
  2⤵
  PID:1300
- C:\Windows\System\AkxCjet.exe
  C:\Windows\System\AkxCjet.exe
  2⤵
  PID:2852
- C:\Windows\System\CstfuJj.exe
  C:\Windows\System\CstfuJj.exe
  2⤵
  PID:1540
- C:\Windows\System\FhDJToT.exe
  C:\Windows\System\FhDJToT.exe
  2⤵
  PID:2396
- C:\Windows\System\nYzbymU.exe
  C:\Windows\System\nYzbymU.exe
  2⤵
  PID:8528
- C:\Windows\System\NOiYbEa.exe
  C:\Windows\System\NOiYbEa.exe
  2⤵
  PID:8588
- C:\Windows\System\rbNkqgR.exe
  C:\Windows\System\rbNkqgR.exe
  2⤵
  PID:8628
- C:\Windows\System\dwXCGLe.exe
  C:\Windows\System\dwXCGLe.exe
  2⤵
  PID:8676
- C:\Windows\System\lJEzxGP.exe
  C:\Windows\System\lJEzxGP.exe
  2⤵
  PID:8704
- C:\Windows\System\jrPHQVA.exe
  C:\Windows\System\jrPHQVA.exe
  2⤵
  PID:8548
- C:\Windows\System\LBCsAux.exe
  C:\Windows\System\LBCsAux.exe
  2⤵
  PID:8640
- C:\Windows\System\knnsPSO.exe
  C:\Windows\System\knnsPSO.exe
  2⤵
  PID:8776
- C:\Windows\System\UeeodTG.exe
  C:\Windows\System\UeeodTG.exe
  2⤵
  PID:8816
- C:\Windows\System\lkoRXLG.exe
  C:\Windows\System\lkoRXLG.exe
  2⤵
  PID:8812
- C:\Windows\System\lHfuxil.exe
  C:\Windows\System\lHfuxil.exe
  2⤵
  PID:8884
- C:\Windows\System\IQarznO.exe
  C:\Windows\System\IQarznO.exe
  2⤵
  PID:8920
- C:\Windows\System\lmDxOtU.exe
  C:\Windows\System\lmDxOtU.exe
  2⤵
  PID:8960
- C:\Windows\System\QaSKASv.exe
  C:\Windows\System\QaSKASv.exe
  2⤵
  PID:9024
- C:\Windows\System\aYKrjcO.exe
  C:\Windows\System\aYKrjcO.exe
  2⤵
  PID:9100
- C:\Windows\System\GKyBlnw.exe
  C:\Windows\System\GKyBlnw.exe
  2⤵
  PID:9112
- C:\Windows\System\FDQjJwo.exe
  C:\Windows\System\FDQjJwo.exe
  2⤵
  PID:9140
- C:\Windows\System\VEOiEKk.exe
  C:\Windows\System\VEOiEKk.exe
  2⤵
  PID:2752
- C:\Windows\System\RESJbxi.exe
  C:\Windows\System\RESJbxi.exe
  2⤵
  PID:2264
- C:\Windows\System\NmhwSyR.exe
  C:\Windows\System\NmhwSyR.exe
  2⤵
  PID:8120
- C:\Windows\System\qrBgFbN.exe
  C:\Windows\System\qrBgFbN.exe
  2⤵
  PID:8300
- C:\Windows\System\JCGPZzM.exe
  C:\Windows\System\JCGPZzM.exe
  2⤵
  PID:2804
- C:\Windows\System\QhcjAic.exe
  C:\Windows\System\QhcjAic.exe
  2⤵
  PID:8940
- C:\Windows\System\LmQIGhj.exe
  C:\Windows\System\LmQIGhj.exe
  2⤵
  PID:8392
- C:\Windows\System\alVkLNB.exe
  C:\Windows\System\alVkLNB.exe
  2⤵
  PID:1468
- C:\Windows\System\lxBjiQY.exe
  C:\Windows\System\lxBjiQY.exe
  2⤵
  PID:8976
- C:\Windows\System\ZiBNSqo.exe
  C:\Windows\System\ZiBNSqo.exe
  2⤵
  PID:9196
- C:\Windows\System\QgMarLD.exe
  C:\Windows\System\QgMarLD.exe
  2⤵
  PID:9008
- C:\Windows\System\ePWUePB.exe
  C:\Windows\System\ePWUePB.exe
  2⤵
  PID:9084
- C:\Windows\System\YzXcHZT.exe
  C:\Windows\System\YzXcHZT.exe
  2⤵
  PID:9160
- C:\Windows\System\OFfjdCr.exe
  C:\Windows\System\OFfjdCr.exe
  2⤵
  PID:9204
- C:\Windows\System\WFChLLl.exe
  C:\Windows\System\WFChLLl.exe
  2⤵
  PID:7704
- C:\Windows\System\fMjFHHK.exe
  C:\Windows\System\fMjFHHK.exe
  2⤵
  PID:7824
- C:\Windows\System\GfJqUbW.exe
  C:\Windows\System\GfJqUbW.exe
  2⤵
  PID:8280
- C:\Windows\System\BMlrRMg.exe
  C:\Windows\System\BMlrRMg.exe
  2⤵
  PID:2980
- C:\Windows\System\ltjJtzP.exe
  C:\Windows\System\ltjJtzP.exe
  2⤵
  PID:1772
- C:\Windows\System\bMAJOVm.exe
  C:\Windows\System\bMAJOVm.exe
  2⤵
  PID:8484
- C:\Windows\System\kzCmtPN.exe
  C:\Windows\System\kzCmtPN.exe
  2⤵
  PID:2692
- C:\Windows\System\goVTGEu.exe
  C:\Windows\System\goVTGEu.exe
  2⤵
  PID:784
- C:\Windows\System\tYXqRWM.exe
  C:\Windows\System\tYXqRWM.exe
  2⤵
  PID:3068
- C:\Windows\System\nOuRHxN.exe
  C:\Windows\System\nOuRHxN.exe
  2⤵
  PID:588
- C:\Windows\System\oxBSwPf.exe
  C:\Windows\System\oxBSwPf.exe
  2⤵
  PID:8736
- C:\Windows\System\cUICNoO.exe
  C:\Windows\System\cUICNoO.exe
  2⤵
  PID:1844
- C:\Windows\System\lOAxfyf.exe
  C:\Windows\System\lOAxfyf.exe
  2⤵
  PID:8716
- C:\Windows\System\QVxsbMp.exe
  C:\Windows\System\QVxsbMp.exe
  2⤵
  PID:8768
- C:\Windows\System\PMiobQR.exe
  C:\Windows\System\PMiobQR.exe
  2⤵
  PID:8992
- C:\Windows\System\UyLnaOk.exe
  C:\Windows\System\UyLnaOk.exe
  2⤵
  PID:7416
- C:\Windows\System\fGBRXCi.exe
  C:\Windows\System\fGBRXCi.exe
  2⤵
  PID:2836
- C:\Windows\System\adfIIeZ.exe
  C:\Windows\System\adfIIeZ.exe
  2⤵
  PID:8424
- C:\Windows\System\wcUTdwi.exe
  C:\Windows\System\wcUTdwi.exe
  2⤵
  PID:9044
- C:\Windows\System\vAhxkEH.exe
  C:\Windows\System\vAhxkEH.exe
  2⤵
  PID:8396
- C:\Windows\System\LHkgcDI.exe
  C:\Windows\System\LHkgcDI.exe
  2⤵
  PID:8400
- C:\Windows\System\DdtdTeT.exe
  C:\Windows\System\DdtdTeT.exe
  2⤵
  PID:9128
- C:\Windows\System\qLGkbyC.exe
  C:\Windows\System\qLGkbyC.exe
  2⤵
  PID:7736
- C:\Windows\System\HfPsyAj.exe
  C:\Windows\System\HfPsyAj.exe
  2⤵
  PID:2700
- C:\Windows\System\jxvPNrQ.exe
  C:\Windows\System\jxvPNrQ.exe
  2⤵
  PID:3060
- C:\Windows\System\eYTqevO.exe
  C:\Windows\System\eYTqevO.exe
  2⤵
  PID:2280
- C:\Windows\System\lFTADTC.exe
  C:\Windows\System\lFTADTC.exe
  2⤵
  PID:296
- C:\Windows\System\ecfmfUG.exe
  C:\Windows\System\ecfmfUG.exe
  2⤵
  PID:2036
- C:\Windows\System\jVqtrig.exe
  C:\Windows\System\jVqtrig.exe
  2⤵
  PID:8524
- C:\Windows\System\OuxuiOH.exe
  C:\Windows\System\OuxuiOH.exe
  2⤵
  PID:8724
- C:\Windows\System\EYgjETk.exe
  C:\Windows\System\EYgjETk.exe
  2⤵
  PID:2516
- C:\Windows\System\QEIkAlL.exe
  C:\Windows\System\QEIkAlL.exe
  2⤵
  PID:8956
- C:\Windows\System\OjMolZV.exe
  C:\Windows\System\OjMolZV.exe
  2⤵
  PID:7260
- C:\Windows\System\nCHUPqn.exe
  C:\Windows\System\nCHUPqn.exe
  2⤵
  PID:8296
- C:\Windows\System\xaPauFU.exe
  C:\Windows\System\xaPauFU.exe
  2⤵
  PID:8752
- C:\Windows\System\wYqpILr.exe
  C:\Windows\System\wYqpILr.exe
  2⤵
  PID:9200
- C:\Windows\System\kpkvRQY.exe
  C:\Windows\System\kpkvRQY.exe
  2⤵
  PID:8888
- C:\Windows\System\rBfYZTr.exe
  C:\Windows\System\rBfYZTr.exe
  2⤵
  PID:9080
- C:\Windows\System\CSufpFl.exe
  C:\Windows\System\CSufpFl.exe
  2⤵
  PID:8440
- C:\Windows\System\PnpsRDd.exe
  C:\Windows\System\PnpsRDd.exe
  2⤵
  PID:8508
- C:\Windows\System\ovZxYkA.exe
  C:\Windows\System\ovZxYkA.exe
  2⤵
  PID:8688
- C:\Windows\System\zDhPaSg.exe
  C:\Windows\System\zDhPaSg.exe
  2⤵
  PID:8852
- C:\Windows\System\urKrlHj.exe
  C:\Windows\System\urKrlHj.exe
  2⤵
  PID:8544
- C:\Windows\System\BWzdrMp.exe
  C:\Windows\System\BWzdrMp.exe
  2⤵
  PID:8656
- C:\Windows\System\KaugSpG.exe
  C:\Windows\System\KaugSpG.exe
  2⤵
  PID:2308
- C:\Windows\System\MjdUNWn.exe
  C:\Windows\System\MjdUNWn.exe
  2⤵
  PID:8944
- C:\Windows\System\JJWxrKY.exe
  C:\Windows\System\JJWxrKY.exe
  2⤵
  PID:2160
- C:\Windows\System\PckTPXo.exe
  C:\Windows\System\PckTPXo.exe
  2⤵
  PID:988
- C:\Windows\System\VOxBsCP.exe
  C:\Windows\System\VOxBsCP.exe
  2⤵
  PID:7900
- C:\Windows\System\IzwRcOC.exe
  C:\Windows\System\IzwRcOC.exe
  2⤵
  PID:1996
- C:\Windows\System\QQHHSrg.exe
  C:\Windows\System\QQHHSrg.exe
  2⤵
  PID:1032
- C:\Windows\System\kVnJngO.exe
  C:\Windows\System\kVnJngO.exe
  2⤵
  PID:8840
- C:\Windows\System\ApGiQiS.exe
  C:\Windows\System\ApGiQiS.exe
  2⤵
  PID:8272
- C:\Windows\System\qJWiFWm.exe
  C:\Windows\System\qJWiFWm.exe
  2⤵
  PID:9192
- C:\Windows\System\yNOtObh.exe
  C:\Windows\System\yNOtObh.exe
  2⤵
  PID:2488
- C:\Windows\System\UXkKkoT.exe
  C:\Windows\System\UXkKkoT.exe
  2⤵
  PID:9236
- C:\Windows\System\EbLFblM.exe
  C:\Windows\System\EbLFblM.exe
  2⤵
  PID:9252
- C:\Windows\System\bzXDtlg.exe
  C:\Windows\System\bzXDtlg.exe
  2⤵
  PID:9268
- C:\Windows\System\ksUdEVd.exe
  C:\Windows\System\ksUdEVd.exe
  2⤵
  PID:9284
- C:\Windows\System\MTWgbWH.exe
  C:\Windows\System\MTWgbWH.exe
  2⤵
  PID:9300
- C:\Windows\System\dLPrMnp.exe
  C:\Windows\System\dLPrMnp.exe
  2⤵
  PID:9316
- C:\Windows\System\KJtLYeY.exe
  C:\Windows\System\KJtLYeY.exe
  2⤵
  PID:9332
- C:\Windows\System\EKCXzum.exe
  C:\Windows\System\EKCXzum.exe
  2⤵
  PID:9348
- C:\Windows\System\AheXQex.exe
  C:\Windows\System\AheXQex.exe
  2⤵
  PID:9364
- C:\Windows\System\aVuIsKS.exe
  C:\Windows\System\aVuIsKS.exe
  2⤵
  PID:9388
- C:\Windows\System\YrwhNBU.exe
  C:\Windows\System\YrwhNBU.exe
  2⤵
  PID:9404
- C:\Windows\System\zIVAiyz.exe
  C:\Windows\System\zIVAiyz.exe
  2⤵
  PID:9420
- C:\Windows\System\oHqJbub.exe
  C:\Windows\System\oHqJbub.exe
  2⤵
  PID:9436
- C:\Windows\System\cFDTMEh.exe
  C:\Windows\System\cFDTMEh.exe
  2⤵
  PID:9468
- C:\Windows\System\vWpOJlq.exe
  C:\Windows\System\vWpOJlq.exe
  2⤵
  PID:9488
- C:\Windows\System\xHStQxx.exe
  C:\Windows\System\xHStQxx.exe
  2⤵
  PID:9508
- C:\Windows\System\OsXwqQS.exe
  C:\Windows\System\OsXwqQS.exe
  2⤵
  PID:9536
- C:\Windows\System\IIuGTVw.exe
  C:\Windows\System\IIuGTVw.exe
  2⤵
  PID:9556
- C:\Windows\System\hmguQgg.exe
  C:\Windows\System\hmguQgg.exe
  2⤵
  PID:9572
- C:\Windows\System\pYjSkbd.exe
  C:\Windows\System\pYjSkbd.exe
  2⤵
  PID:9588
- C:\Windows\System\YtWYSIy.exe
  C:\Windows\System\YtWYSIy.exe
  2⤵
  PID:9608
- C:\Windows\System\cowZYyd.exe
  C:\Windows\System\cowZYyd.exe
  2⤵
  PID:9624
- C:\Windows\System\zmIdfem.exe
  C:\Windows\System\zmIdfem.exe
  2⤵
  PID:9640
- C:\Windows\System\AplVLHg.exe
  C:\Windows\System\AplVLHg.exe
  2⤵
  PID:9660
- C:\Windows\System\thJiCqk.exe
  C:\Windows\System\thJiCqk.exe
  2⤵
  PID:9676
- C:\Windows\System\FsnJYYk.exe
  C:\Windows\System\FsnJYYk.exe
  2⤵
  PID:9696
- C:\Windows\System\SucJtiN.exe
  C:\Windows\System\SucJtiN.exe
  2⤵
  PID:9712
- C:\Windows\System\GtUoOsu.exe
  C:\Windows\System\GtUoOsu.exe
  2⤵
  PID:9728
- C:\Windows\System\VkFiLDH.exe
  C:\Windows\System\VkFiLDH.exe
  2⤵
  PID:9748
- C:\Windows\System\BhFgurW.exe
  C:\Windows\System\BhFgurW.exe
  2⤵
  PID:9764
- C:\Windows\System\RRtrvUU.exe
  C:\Windows\System\RRtrvUU.exe
  2⤵
  PID:9784
- C:\Windows\System\JroaeEm.exe
  C:\Windows\System\JroaeEm.exe
  2⤵
  PID:9804
- C:\Windows\System\dHpFCRe.exe
  C:\Windows\System\dHpFCRe.exe
  2⤵
  PID:9820
- C:\Windows\System\MVPObbT.exe
  C:\Windows\System\MVPObbT.exe
  2⤵
  PID:9840
- C:\Windows\System\axQjoXi.exe
  C:\Windows\System\axQjoXi.exe
  2⤵
  PID:9856
- C:\Windows\System\YQLkFZI.exe
  C:\Windows\System\YQLkFZI.exe
  2⤵
  PID:9880
- C:\Windows\System\aNJphur.exe
  C:\Windows\System\aNJphur.exe
  2⤵
  PID:9900
- C:\Windows\System\FNGdmoY.exe
  C:\Windows\System\FNGdmoY.exe
  2⤵
  PID:9916
- C:\Windows\System\WjBvNSY.exe
  C:\Windows\System\WjBvNSY.exe
  2⤵
  PID:9944
- C:\Windows\System\DOXbtbj.exe
  C:\Windows\System\DOXbtbj.exe
  2⤵
  PID:9964
- C:\Windows\System\WEvvUWP.exe
  C:\Windows\System\WEvvUWP.exe
  2⤵
  PID:9984
- C:\Windows\System\AhniBDm.exe
  C:\Windows\System\AhniBDm.exe
  2⤵
  PID:10004
- C:\Windows\System\xOqcvmv.exe
  C:\Windows\System\xOqcvmv.exe
  2⤵
  PID:10020
- C:\Windows\System\BReIzHV.exe
  C:\Windows\System\BReIzHV.exe
  2⤵
  PID:10036
- C:\Windows\System\eSjEbuD.exe
  C:\Windows\System\eSjEbuD.exe
  2⤵
  PID:10052
- C:\Windows\System\FwMKcsn.exe
  C:\Windows\System\FwMKcsn.exe
  2⤵
  PID:10076
- C:\Windows\System\tdrKDZH.exe
  C:\Windows\System\tdrKDZH.exe
  2⤵
  PID:10092
- C:\Windows\System\AbzlGQP.exe
  C:\Windows\System\AbzlGQP.exe
  2⤵
  PID:10108
- C:\Windows\System\kcFuVhp.exe
  C:\Windows\System\kcFuVhp.exe
  2⤵
  PID:10124
- C:\Windows\System\XmkjXEU.exe
  C:\Windows\System\XmkjXEU.exe
  2⤵
  PID:10140
- C:\Windows\System\nKsdLlW.exe
  C:\Windows\System\nKsdLlW.exe
  2⤵
  PID:10156
- C:\Windows\System\YpsVNoL.exe
  C:\Windows\System\YpsVNoL.exe
  2⤵
  PID:10172
- C:\Windows\System\uczLCaT.exe
  C:\Windows\System\uczLCaT.exe
  2⤵
  PID:10224
- C:\Windows\System\OdUTNyj.exe
  C:\Windows\System\OdUTNyj.exe
  2⤵
  PID:9480
- C:\Windows\System\PPtHadR.exe
  C:\Windows\System\PPtHadR.exe
  2⤵
  PID:9524
- C:\Windows\System\gNBXXZD.exe
  C:\Windows\System\gNBXXZD.exe
  2⤵
  PID:9604
- C:\Windows\System\YLnQZcK.exe
  C:\Windows\System\YLnQZcK.exe
  2⤵
  PID:9736
- C:\Windows\System\NSKNYnB.exe
  C:\Windows\System\NSKNYnB.exe
  2⤵
  PID:9848
- C:\Windows\System\WpfZinB.exe
  C:\Windows\System\WpfZinB.exe
  2⤵
  PID:9924
- C:\Windows\System\kXOFaeY.exe
  C:\Windows\System\kXOFaeY.exe
  2⤵
  PID:2848
- C:\Windows\System\lAmQmkn.exe
  C:\Windows\System\lAmQmkn.exe
  2⤵
  PID:9972
- C:\Windows\System\ujfiqxE.exe
  C:\Windows\System\ujfiqxE.exe
  2⤵
  PID:10012
- C:\Windows\System\WfEpoDn.exe
  C:\Windows\System\WfEpoDn.exe
  2⤵
  PID:10084
- C:\Windows\System\ahBfTGc.exe
  C:\Windows\System\ahBfTGc.exe
  2⤵
  PID:10152
- C:\Windows\System\wUAvKXF.exe
  C:\Windows\System\wUAvKXF.exe
  2⤵
  PID:10200
- C:\Windows\System\IbnXSWt.exe
  C:\Windows\System\IbnXSWt.exe
  2⤵
  PID:9552
- C:\Windows\System\DysVnpQ.exe
  C:\Windows\System\DysVnpQ.exe
  2⤵
  PID:9308
- C:\Windows\System\OnwcUIt.exe
  C:\Windows\System\OnwcUIt.exe
  2⤵
  PID:9344
- C:\Windows\System\RadTDxH.exe
  C:\Windows\System\RadTDxH.exe
  2⤵
  PID:9648
- C:\Windows\System\AjNvdWl.exe
  C:\Windows\System\AjNvdWl.exe
  2⤵
  PID:8596
- C:\Windows\System\GKmWYOC.exe
  C:\Windows\System\GKmWYOC.exe
  2⤵
  PID:9248
- C:\Windows\System\CLvkIOP.exe
  C:\Windows\System\CLvkIOP.exe
  2⤵
  PID:9312
- C:\Windows\System\ipSghQa.exe
  C:\Windows\System\ipSghQa.exe
  2⤵
  PID:9384
- C:\Windows\System\JJjLHEn.exe
  C:\Windows\System\JJjLHEn.exe
  2⤵
  PID:9456
- C:\Windows\System\qcVkoOj.exe
  C:\Windows\System\qcVkoOj.exe
  2⤵
  PID:9500
- C:\Windows\System\FVinOso.exe
  C:\Windows\System\FVinOso.exe
  2⤵
  PID:9616
- C:\Windows\System\FMadOZT.exe
  C:\Windows\System\FMadOZT.exe
  2⤵
  PID:9684
- C:\Windows\System\EGiDgEp.exe
  C:\Windows\System\EGiDgEp.exe
  2⤵
  PID:9744
- C:\Windows\System\mYIAOeS.exe
  C:\Windows\System\mYIAOeS.exe
  2⤵
  PID:9800
- C:\Windows\System\oJRfDSd.exe
  C:\Windows\System\oJRfDSd.exe
  2⤵
  PID:9864
- C:\Windows\System\UzmRpup.exe
  C:\Windows\System\UzmRpup.exe
  2⤵
  PID:9908
- C:\Windows\System\wfZSEmm.exe
  C:\Windows\System\wfZSEmm.exe
  2⤵
  PID:9996
- C:\Windows\System\dgixhnP.exe
  C:\Windows\System\dgixhnP.exe
  2⤵
  PID:10060
- C:\Windows\System\nlKnFOz.exe
  C:\Windows\System\nlKnFOz.exe
  2⤵
  PID:10168
- C:\Windows\System\LvEFmsi.exe
  C:\Windows\System\LvEFmsi.exe
  2⤵
  PID:5908
- C:\Windows\System\UFsTJhc.exe
  C:\Windows\System\UFsTJhc.exe
  2⤵
  PID:9232
- C:\Windows\System\iKcjdSe.exe
  C:\Windows\System\iKcjdSe.exe
  2⤵
  PID:9328
- C:\Windows\System\ClPwTub.exe
  C:\Windows\System\ClPwTub.exe
  2⤵
  PID:9672
- C:\Windows\System\ykdZhrv.exe
  C:\Windows\System\ykdZhrv.exe
  2⤵
  PID:9532
- C:\Windows\System\uNmZUcF.exe
  C:\Windows\System\uNmZUcF.exe
  2⤵
  PID:8792
- C:\Windows\System\sglphhy.exe
  C:\Windows\System\sglphhy.exe
  2⤵
  PID:9668
- C:\Windows\System\MOyelmF.exe
  C:\Windows\System\MOyelmF.exe
  2⤵
  PID:9816
- C:\Windows\System\JlkqjvR.exe
  C:\Windows\System\JlkqjvR.exe
  2⤵
  PID:8900
- C:\Windows\System\qpFuseR.exe
  C:\Windows\System\qpFuseR.exe
  2⤵
  PID:9940
- C:\Windows\System\XNdWJEZ.exe
  C:\Windows\System\XNdWJEZ.exe
  2⤵
  PID:10148
- C:\Windows\System\tUpTxRD.exe
  C:\Windows\System\tUpTxRD.exe
  2⤵
  PID:10208
- C:\Windows\System\PSEBbGw.exe
  C:\Windows\System\PSEBbGw.exe
  2⤵
  PID:9544
- C:\Windows\System\xRIijhx.exe
  C:\Windows\System\xRIijhx.exe
  2⤵
  PID:9464
- C:\Windows\System\gfJyuDW.exe
  C:\Windows\System\gfJyuDW.exe
  2⤵
  PID:9796
- C:\Windows\System\GDHFeJK.exe
  C:\Windows\System\GDHFeJK.exe
  2⤵
  PID:10032
- C:\Windows\System\IBOmUcW.exe
  C:\Windows\System\IBOmUcW.exe
  2⤵
  PID:9264
- C:\Windows\System\umKQtRG.exe
  C:\Windows\System\umKQtRG.exe
  2⤵
  PID:10248
- C:\Windows\System\yAuFGzb.exe
  C:\Windows\System\yAuFGzb.exe
  2⤵
  PID:10264
- C:\Windows\System\UaUCqDQ.exe
  C:\Windows\System\UaUCqDQ.exe
  2⤵
  PID:10280
- C:\Windows\System\gwQurNi.exe
  C:\Windows\System\gwQurNi.exe
  2⤵
  PID:10296
- C:\Windows\System\yfyCXDG.exe
  C:\Windows\System\yfyCXDG.exe
  2⤵
  PID:10312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AObLcxy.exe

Filesize
6.1MB

MD5
ea3651d412fbe472fd0563b19979bbb3

SHA1
ecb9b60c2df817a30fc4f07293663f4b09cb1d6e

SHA256
d8199b703d8f3d9cae4482923d15b2a6a34545cead943a3b556126cf7e91f796

SHA512
73e27ed36729289f67af0ebd6fa3f04e8fe340eb0ba6932f8266d955d9c571f928a6d91fb36c6662ce100ffb8403813622604798d174573bd1bc6ef5670bd454

Download Submit
C:\Windows\system\Askiczk.exe

Filesize
6.1MB

MD5
f988d260b10967ed0bc936887471a58c

SHA1
b9a93e7733f5bc262a65c64328058125ebda6f35

SHA256
2cf7b720a0297f7cf84fdc162ef9f6a679a73c43ea5c631f92beecf685c28545

SHA512
acdc6e1b619dd5ad1034e2227b60813a53ef76c433f2bf624dde50a024e03cf1b4e938a52b49c87c8731245cbdbbdc0cfc512ef3e495ba23b6251aa683fe4589

Download Submit
C:\Windows\system\KrXnPdc.exe

Filesize
6.1MB

MD5
edf8314d796cbb59cc511a6a9e123d31

SHA1
8c93fa00aed6cab66a3f727d414af0151af60b7d

SHA256
9792274cef070768a70a384f07feb7571ea103d3c062e02365785b207736c2dd

SHA512
445ea2eefd0f50144f4faa79441a762b87dfa32c161c173764edaeb697c38ecd0d5ffe75271bf4377d48006a3e3b59a0adeb05374cbb0b681c97e96e5401a30c

Download Submit
C:\Windows\system\OBxuLYZ.exe

Filesize
6.1MB

MD5
5712fd80666eec62c4d729e78f9731d1

SHA1
0ec4df0d5bef75c009a2f5408c8569519ab6d4aa

SHA256
b8e6a921dcf2c7cc53dc867c40acad0ea77d372e9f36e8b77ca75be238a016c1

SHA512
df08e169f4a22c8d7199727dc97e39c3061fce9dfc86b2384da34b5f80a629ee1c273f0183ae8135b91f7af9e198b912fa0229753fedb9a2df9336d6e07ff2d5

Download Submit
C:\Windows\system\TxuJvVz.exe

Filesize
6.1MB

MD5
a452de8241fcb3175833576c286b76a9

SHA1
e9a5866d4671588c702072a5f2d2a50d04da7320

SHA256
8800158b25cd3dd77e502934b379618ba697ac8dd9feb49b1b29ef1547900d07

SHA512
53ebe85389a58aa3098e0e53018bc784471140e2974f65506d6583de8304f3653ca6f37edce76d75f7bb3c73185e52cdf3050db9cc187cb2bbcf69d6cfc49a71

Download Submit
C:\Windows\system\UExoHpJ.exe

Filesize
6.1MB

MD5
c6cfcc6f3c31d82133c6233abb6c9ec4

SHA1
b588de383095c0b52332936a9d0f53b993fdffa7

SHA256
394f9258f707976cd3c28c776084da3c9e98e53367b85f1e63862bd077f0a4fe

SHA512
92af39c932546479bf32ea6bdd0c8e34cc4739a2139990aa3fde49e58653d25f5045cb3f48ca2dd640529f3d504a981ae62dfdd576d8b01e398eda85f9cb9e6a

Download Submit
C:\Windows\system\VBpccFd.exe

Filesize
6.1MB

MD5
8be14e585abc88309ead36819b04b4fd

SHA1
4fd752970569b04c75fc3ca4710dc29a0889a0f4

SHA256
6dfc883a3776be5104a12220d2c324476c882a9b380fbb8c55f46888c6f8d260

SHA512
2af17ce8d2e042eb8e625ee35d537f2552bb434d3731ec54625f1034e869989d8c2818b17af2c00b92854b181ccb2e55359272d90caf7ae7eecd859d91d863a8

Download Submit
C:\Windows\system\VMvAWSl.exe

Filesize
6.1MB

MD5
de2ef6294f9898eeaa81663ce6f1a8db

SHA1
5504a316dc514239e73f14db6d2f391d6be58211

SHA256
fa02d9016371fc32ea92346e156c9bd1d32fbce65a845b11ce30904a38b24a2c

SHA512
a2ba73ddb214f39b729f78d4d40bcecaab48d0462b98e4227772b5a4a24d325c659d6c24591674ac8c2ac7142b73e9b24c4413764132fd2bb669dab28449d020

Download Submit
C:\Windows\system\VYMjnNe.exe

Filesize
6.1MB

MD5
b97d3fd9e2f33ab08c8f9cbc5bd968ee

SHA1
26da3e2a322e06892aa2bcd4d1b4928d4911c79c

SHA256
57c67aebb5e660f09e31a0018f69220b221e6ffea32868242ebd3ebd8546b87a

SHA512
110638443fb7930abe455a17997929d9eb5fa2ed62bc731f78780281230a26a97ccf0371380ccb1531e1bccb6610203e630c35da083dd36711be1c771156c1ac

Download Submit
C:\Windows\system\YtZvhPm.exe

Filesize
6.1MB

MD5
5b9b0c40ef12d7e58bce16abe2729825

SHA1
b2241a994382c35ffba5f4c6c1f3f874b167c68c

SHA256
9e1eed3bcc25c323d530574a8f7ef6ec562849107405c67d0604327c765a9d39

SHA512
c6e49299d0d0deb5e44b5d800b0aa30f0e4728739baef7b7c080a8212bca7f62707bbcd54cca7ab8356cf5732f4acaa8ecc809959be50aae37a79dba7e7eaa7c

Download Submit
C:\Windows\system\ZIFJNRN.exe

Filesize
6.1MB

MD5
6cc400030ab942f8894c97238d489881

SHA1
f4b6005e899af5efafc54745a1c557277e605c4c

SHA256
737154ffac18786da26e7aeed8445406ac9ef061dff44187bf2ef0021fc16fe4

SHA512
ed5a55a798b3ce9fe57771b43107b6610ded8fba4008d0a0e3bda3cf974dde0ca66e775b941838820bc8d495f892114ba8f6c9af41ba161a400c9063a4a5c121

Download Submit
C:\Windows\system\agfkbbl.exe

Filesize
6.1MB

MD5
526095e2a2d1bb1aba0acf6e7ad26527

SHA1
fb1063b81d2cfbdb2007485419c8c586fd164fa1

SHA256
5dee0db9523b08575a36b54a1bd66b50127ef46896380f9628e012cab92953fd

SHA512
79cc80276d51761e4d54195ed5abc1fce53cb69c5c0b825fcbc5a33efdae69a687f3a98db29880bce519ac0f8881ee45af51f89af4c7ce92e5542d71237a0078

Download Submit
C:\Windows\system\biyLcnU.exe

Filesize
6.1MB

MD5
eb88ac39a0934534ef3d098d5650e315

SHA1
5d9879e61be6f21ba9f277c68ce8b151a4f6958f

SHA256
982b514101bf8b3997f75458d3e69f0ecbfa3e7b0062c53abb83ed7b640969c7

SHA512
dca01ffa4f54d0fba3fa0f8c941f64105308409d8422cf531cd0bec06662e87f9fdeba246008ce9295191e1cbdee6a215e12b2fe05fec9f19c793968c3e5bfb9

Download Submit
C:\Windows\system\cfyYusZ.exe

Filesize
6.1MB

MD5
00b1b50bd7ee5b17068eeef8e5093400

SHA1
3f91c20d62da304c17ff1ac0dc3c5dd45be2727f

SHA256
972cde1f838807bd15a875e11da7f2bc51f2d7dfdde0257a9924ef42e9229778

SHA512
0372b671edbbc7fffe3f5d356c17323c3d8c353af06a0b967108b7327e6afa35085cca075a7a49ce5df1cd1371ead8a856f4074c171e52d36ff40a16da80895f

Download Submit
C:\Windows\system\dEpvXyZ.exe

Filesize
6.1MB

MD5
9c6435256b18e5b72ea5c63f7d71e902

SHA1
671920a0f6e6e5a75b15851cdeedd1f46d0e3b5a

SHA256
3b0443ae68b15df408100f881d4c2314f8926e8428a5d2160406e561bc4315b0

SHA512
bc16191c24205f0317a3d3419de667c2b32f9bc5b221d7e9a45b0e7121ff9ba1c75a927c1b0923524fcf174d812709bb72051c9652824fb1a5833c88000d6c0f

Download Submit
C:\Windows\system\fjGcawZ.exe

Filesize
6.1MB

MD5
60f3baa1a5a6c318be76a8d5b606fdf5

SHA1
0e51d728d9a11690ce14fb9e5ca2eb880ce290b0

SHA256
37fe832473781200bd9d4814bbb3f80e5302e95adca7668f33e42319645e64ff

SHA512
1221c71a73a15edc7dc8fb9a2c43293f98fba32916908c70d352eade9dd67abc0fd3105cc5a4b4e3ffc1d8164ff8d2bf0ff780219d30f8b1a5d4421172fcb9cc

Download Submit
C:\Windows\system\fxyRMMm.exe

Filesize
6.1MB

MD5
915e7e9cd346a077271c8a5973b299d5

SHA1
da1f7031e4bfc37063b4aa49ff5b73ee3623d235

SHA256
070748fecf23e297b3ebd468b298b290655354e22e9e65487a2718e2ce4abced

SHA512
b7cc24969ecc60a0febc6373b8f14e5b11553ffc661b192ddac5d34b409eb17c34fd3bbb79cf2f86146852e213d672f906233af54c4d4e209d7ffbd8560ab9da

Download Submit
C:\Windows\system\icyizKf.exe

Filesize
6.1MB

MD5
c1844d921885a8058a2f7a9e4df6fcf4

SHA1
c023c00e84a995154e4ce002e3b79eeb0e5f85fb

SHA256
d7088b19cbc4f4c7b182cff10285133eb7030eef723a6ff55dc0d82ef3c96eab

SHA512
90279a9b4839d6309d08781fdf5567887b366594feedb5ac539b925331247761abc764ed755d5efb468297d731c606037c6acadc5397bd5a0afe9098163f29cd

Download Submit
C:\Windows\system\jRButjv.exe

Filesize
6.1MB

MD5
382e74f4ef4608957c4d950a134d3051

SHA1
71378e522a377e664b23bd17c517af9d176b712f

SHA256
328bb3828542ba39ba319bb497f5cc74756f4afbee099c5112df683afd6d5266

SHA512
6d1b1e21eeeab590dba3a470f83560643399f6f31311f39039ef29555e67eaee2711254464d1f977082f413da4cc5fafe7ac1eee3f677f76b57bf179e86c4173

Download Submit
C:\Windows\system\lmiVzBF.exe

Filesize
6.1MB

MD5
81e5ddcf9d0630b7362ee09f517ddead

SHA1
5bbe2e9d10237e5527439e181ae078792e22fa8d

SHA256
c9bc6f4695930005d33946f9197b30877611a39996433c319b031e628dce9c6d

SHA512
0bb9b554f25282263f035506e1053195d5fa510bf1d56ea7d837f396285680bc2b901477b71a0351af18687c385b929ae5328f8d583c51aff0809d5cd2f5170e

Download Submit
C:\Windows\system\pGxvsOd.exe

Filesize
6.1MB

MD5
92be5acd4366edadca11eb0c610d4c8d

SHA1
90ae207061c0f217a2d9a197c31805886e2bb724

SHA256
f2b8af809c80514ec0a11c1b8807352d81f7d374de8f559d835e6660aa7338a8

SHA512
d94e68087fcf833242ad2559f974eba2d86226eb51e19011d8e549eab8b2dd486f938113e9142f5224301b3d0f7584fac4f45f27a34d84d8dc8c98e5cd95adf7

Download Submit
C:\Windows\system\pUovDNw.exe

Filesize
6.1MB

MD5
e87bfa36af1c9747462c3485e1fdecf4

SHA1
728244455ce4bcbf1d641670eab52172fb508dc0

SHA256
8e916620ade76a7d19b936b350b60bb12e8c5be0e60db5d644d58200c0e7213e

SHA512
afffe04ec959a26632f3887bba4494864d7970427638a8d30bf823637e730e1c9dbd16087dff5419c2b10f005bb68fbbc9c3244d48db4df9578b7de95f803271

Download Submit
C:\Windows\system\pWTkYsI.exe

Filesize
6.1MB

MD5
e4bbf610035fcaaa41305e35059b95c7

SHA1
89ae45a589ee29fd03dd0c748cd48fe377cfc8c7

SHA256
fcac01c700245f560bdef95883bf53dab00605a962ecb3cc6b27703d1c72bd1d

SHA512
5c4d2684bf4288f1df2a5e984acf9316220fffad60cdf69326cfed6b248ef67dce69ee6205b793270633a13efdade8d921d91d9e67f2ad05f70c4b13c6550089

Download Submit
C:\Windows\system\ubBDxML.exe

Filesize
6.1MB

MD5
feb635f234a48e4f5e1f5b9c2c63bc93

SHA1
b5c5357e98bac5d6bc706a4c33e485ff9e6bf10e

SHA256
4fcffe04ff19cbac0848b9325c96cbf064b11517c3c250fa233b6feba8ab28e7

SHA512
92c646761caedab77dd1838202bdad0a8f81e4ac3d24006c60fba260950a5f1c3fb4cbb367959eb41fd4525552ebf9f657d9f564072a8fb6853f31f455325afe

Download Submit
C:\Windows\system\uhBsFpO.exe

Filesize
6.1MB

MD5
b9bafc9d7874b2cf3c7534c290435ffa

SHA1
4c39fed72644e967147fdd82ff47ee59acb926f0

SHA256
13414fc0435be9f8b477849dcc123b8d4241498bd61f86fdc9f9187b02461d79

SHA512
fa06d13e56bb631b26c9aa8a5c26499927496cdd6fd79781e4ed97a0da18c0e32992f517895293c90c0279d9fbbb4e520d7df9b171e7edd00bb4acf5ec26fd46

Download Submit
C:\Windows\system\usfWPov.exe

Filesize
6.1MB

MD5
0fed2f99c2c4ba6e0540679a4a66820c

SHA1
3dea9c49d3278df8322da52b85828d83bea765a0

SHA256
a1732d52da8b17618e756313d6a35baa47f196733b8525d38856f2724795d783

SHA512
81f61932dbf7f339f8c7184a4821b5b273edd0946d897332a6e3e6fa40fefc8890df98a614366de579f04271ac68ab2e1908b5b3024b34cd53d460d5a6af5c99

Download Submit
C:\Windows\system\vfvmlQL.exe

Filesize
6.1MB

MD5
d2b2c6882312d69458ab9f09cd4560cc

SHA1
0c04b4649c3c30290477345fd484b69fb105e692

SHA256
1e43132190a5367a020534464cb285dd447f27915e37e5e22151f9445d0eab1c

SHA512
f7c00bcaa11e126a4074882064777cdc16ea44f36a225a464404b81555395d7bacc208faf2b38f6a942b0e9393256d345125e56c862e7c0b2a211e5a74979061

Download Submit
C:\Windows\system\xIMbtDA.exe

Filesize
6.1MB

MD5
371c5c91009803f5de98fa4db29ffec3

SHA1
22ed4472a3c9928ba2a41cc4d96292404b752867

SHA256
267aadbebeea34407b128f7f7a4d3ce02abe2eccc4ef17a6bc25ed24332a77b4

SHA512
96b61293aa42d276a1041a60af6b245e24fd56fdf7975fe795ee6017a6b66017722a7f537a3e4bf08f02c6964979ab51d7f6be2cf1939391516e36454c5f169e

Download Submit
C:\Windows\system\xlEaQLZ.exe

Filesize
6.1MB

MD5
afdfd03e8622f9c5a210897e4c77acdc

SHA1
a355cc1c57fe6000e6c2b4a6d620f25d0d9d28f1

SHA256
d8e7e3700be0781b1510a893f8f51dc85850b55c7e7c354a2fbf8739a6751d2d

SHA512
f9d655bf9d89a11fa32ce491b7efdd3cbf3ba4d7ef0cb9c246d290b8ee94228b895d919ce5e835a0312e86121b4408a9135faa19922b5cc9757c61d05d84f920

Download Submit
\Windows\system\NznBtLP.exe

Filesize
6.1MB

MD5
635cde0ab32075a2505166247b9dfc33

SHA1
1c7e7188afc330c441f4c544f344d65410812b03

SHA256
84e41538ccb7fd218cb7f5ef00953c58941b8fc35cd4c4dc3619c944f31c5ee6

SHA512
a008c3fc67e307817c0306ee04f1d79caae798b0035bd9e98b3d785095adec76498b7e2257f517a63e8166b164498b0d6df533a747b9986bd0a8bbb042d7d2f0

Download Submit
\Windows\system\tWuoneh.exe

Filesize
6.1MB

MD5
bb7c6157da10219f25b924e6cb075400

SHA1
1bb77c6d1f74fe6b35be2c4530e2b080f4e0227d

SHA256
c3c489106c6b25178627859eb2a1d9ca9037fb8e8dfe1fec0a5681a8b747bdf9

SHA512
8ac378de4a1e73265f96f65fa7fe4bd6a7ceb1e452689f79877856e2b1dc6dd532c2a379789551bac93d3ce27615fdf58f094229e797d617b0d662c683505599

Download Submit
\Windows\system\uZAOjEo.exe

Filesize
6.1MB

MD5
7f76aea62ca30c6b13e6c86929778856

SHA1
b0a9e816569614990d0d201ecba96fc868c027cb

SHA256
8c57077357102be9c081f40aaa032c1e5cecc56ea0a133d2d69538c0e0f573c2

SHA512
dafc755ee94a55009c2b8f0fa04be8870495b4d086b9f3d7cb6bef04477b1815ceee66f51f0274873e24e60382bfd4f916691d06e14ff4083472d3f0b1f7df0a

Download Submit
memory/1920-3174-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-3894-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-124-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-13-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3107-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3895-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2240-3884-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-3172-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-111-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-2401-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2316-3653-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2404-3686-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2947-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2472-3896-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2524-110-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3177-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-127-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2396-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-9-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2752-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2524-3019-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3108-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2524-22-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3112-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3171-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-6-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2524-2392-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3178-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-0-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3175-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-109-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3173-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-112-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-125-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3176-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3897-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2864-2388-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2892-126-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3886-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2936-2395-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3885-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download