cobaltstrike | 71b35236f1691742d6be746d50e6963a6a6dfb079837f9d804f2c8d58ec3c2b9

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-01-2025 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

615ea63b964fca0757533a51c4404465
SHA1

37c5c4635b9cdef13af7a705646c07297782d9e1
SHA256

71b35236f1691742d6be746d50e6963a6a6dfb079837f9d804f2c8d58ec3c2b9
SHA512

68f4f153db7649ec5a1ae88b9b307f3a958a28857796ddf2c5cc32713ecbc6932a93353cd4a42edf89acd8944f20204d6e8587a11157feb29b96374f2735fad6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUG:T+q56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 36 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000015d59-10.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000120f4-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e48-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec9-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f71-38.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-20.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016241-51.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d63-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d72-86.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175e7-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001868b-145.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018682-142.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747d-121.dat	cobalt_reflective_dll
behavioral1/files/0x001400000001866f-139.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018669-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019227-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878c-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018742-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f8-159.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bf3-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018781-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018731-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f2-156.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017491-126.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001743a-116.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017047-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb4-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de0-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6d-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d69-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4f-66.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-61.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3f-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ff5-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1804-0-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d59-10.dat	xmrig
behavioral1/memory/2120-15-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/1264-14-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f4-6.dat	xmrig
behavioral1/memory/2300-23-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0007000000015e48-27.dat	xmrig
behavioral1/memory/2016-29-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ec9-34.dat	xmrig
behavioral1/memory/1800-37-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f71-38.dat	xmrig
behavioral1/files/0x0008000000015d81-20.dat	xmrig
behavioral1/files/0x0008000000016241-51.dat	xmrig
behavioral1/files/0x0006000000016d63-69.dat	xmrig
behavioral1/files/0x0006000000016d72-86.dat	xmrig
behavioral1/files/0x00060000000175e7-131.dat	xmrig
behavioral1/files/0x000500000001868b-145.dat	xmrig
behavioral1/files/0x0011000000018682-142.dat	xmrig
behavioral1/files/0x000600000001747d-121.dat	xmrig
behavioral1/files/0x001400000001866f-139.dat	xmrig
behavioral1/files/0x0006000000018669-136.dat	xmrig
behavioral1/files/0x0005000000019227-178.dat	xmrig
behavioral1/files/0x000500000001878c-171.dat	xmrig
behavioral1/files/0x0005000000018742-165.dat	xmrig
behavioral1/files/0x00050000000186f8-159.dat	xmrig
behavioral1/memory/2696-219-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1804-199-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/2920-2145-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/1264-4011-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2016-4014-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/1800-4013-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2300-4012-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2120-4010-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2968-4016-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/1676-4022-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2648-4021-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2588-4020-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2920-4023-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/1608-4019-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2632-4018-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2696-4017-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2584-4015-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2016-1078-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/1804-293-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/1676-291-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2648-289-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2588-287-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2632-285-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/1608-283-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2968-281-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2584-151-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2920-150-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018bf3-175.dat	xmrig
behavioral1/files/0x0005000000018781-168.dat	xmrig
behavioral1/files/0x0005000000018731-162.dat	xmrig
behavioral1/files/0x00050000000186f2-156.dat	xmrig
behavioral1/files/0x0006000000017491-126.dat	xmrig
behavioral1/files/0x000600000001743a-116.dat	xmrig
behavioral1/files/0x0006000000017047-111.dat	xmrig
behavioral1/files/0x0006000000016eb4-106.dat	xmrig
behavioral1/files/0x0006000000016dea-101.dat	xmrig
behavioral1/files/0x0006000000016de0-96.dat	xmrig
behavioral1/files/0x0006000000016dd9-91.dat	xmrig
behavioral1/files/0x0006000000016d6d-81.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1264	YEPzcoS.exe
2120	pBGuPQW.exe
2300	OeDYenK.exe
2016	NTieraO.exe
1800	GwwZUAQ.exe
2920	jKHwAje.exe
2584	HsyAgHy.exe
2696	iXevIjW.exe
2968	FLTUvSF.exe
1608	CarJOos.exe
2632	WVwgNuK.exe
2588	iHahaIf.exe
2648	KoSdinJ.exe
1676	qDZibNM.exe
2212	QPjDKhR.exe
1560	tASXWdb.exe
1320	LdpYLyy.exe
2808	SctecQQ.exe
1716	BtEZwmi.exe
1356	vbACjWJ.exe
108	DcLWnEx.exe
992	nntiZSN.exe
1508	ZXFZDMc.exe
952	RzKPzKv.exe
1436	iXkYuxr.exe
2616	BCdxlHL.exe
2948	SqYoafC.exe
2396	JQQYXCm.exe
1076	SLvPNSf.exe
1104	fSepAEa.exe
1300	dtdgUJh.exe
696	swyKKQY.exe
1692	SKuzYFU.exe
2024	NhcHiqc.exe
1372	GmGJyQO.exe
2816	zBeAPPu.exe
264	RePoXuI.exe
1548	fzDrSou.exe
2392	RZvVgdJ.exe
2324	cGnVORB.exe
1488	FklYKWo.exe
1628	KvWkIyH.exe
1588	DbYLbwv.exe
2116	vCOxYkA.exe
2868	WXaOUGv.exe
2896	zRzVlNe.exe
2884	MBRjiLn.exe
3008	CPnWWyF.exe
1952	UttEzqi.exe
588	HgxEqrw.exe
736	zQdhfnJ.exe
1872	DOrkSRo.exe
2404	KwkfxEG.exe
2076	kzSxVqH.exe
828	ZnfHNsu.exe
1440	BISHDNX.exe
1224	clCrdJm.exe
856	YujukOn.exe
1656	wXgegCS.exe
1028	nSnehyV.exe
1416	UqGHWYj.exe
1728	LFvqEtc.exe
2236	MWSNdcy.exe
1888	ColLkOY.exe

Loads dropped DLL 64 IoCs

pid	Process
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1804-0-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x0008000000015d59-10.dat	upx
behavioral1/memory/2120-15-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/1264-14-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x00080000000120f4-6.dat	upx
behavioral1/memory/2300-23-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0007000000015e48-27.dat	upx
behavioral1/memory/2016-29-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0007000000015ec9-34.dat	upx
behavioral1/memory/1800-37-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0007000000015f71-38.dat	upx
behavioral1/files/0x0008000000015d81-20.dat	upx
behavioral1/files/0x0008000000016241-51.dat	upx
behavioral1/files/0x0006000000016d63-69.dat	upx
behavioral1/files/0x0006000000016d72-86.dat	upx
behavioral1/files/0x00060000000175e7-131.dat	upx
behavioral1/files/0x000500000001868b-145.dat	upx
behavioral1/files/0x0011000000018682-142.dat	upx
behavioral1/files/0x000600000001747d-121.dat	upx
behavioral1/files/0x001400000001866f-139.dat	upx
behavioral1/files/0x0006000000018669-136.dat	upx
behavioral1/files/0x0005000000019227-178.dat	upx
behavioral1/files/0x000500000001878c-171.dat	upx
behavioral1/files/0x0005000000018742-165.dat	upx
behavioral1/files/0x00050000000186f8-159.dat	upx
behavioral1/memory/2696-219-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2920-2145-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/1264-4011-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2016-4014-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/1800-4013-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2300-4012-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2120-4010-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2968-4016-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/1676-4022-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2648-4021-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2588-4020-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2920-4023-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/1608-4019-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2632-4018-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2696-4017-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2584-4015-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2016-1078-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/1676-291-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2648-289-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2588-287-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2632-285-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/1608-283-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2968-281-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2584-151-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2920-150-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x0006000000018bf3-175.dat	upx
behavioral1/files/0x0005000000018781-168.dat	upx
behavioral1/files/0x0005000000018731-162.dat	upx
behavioral1/files/0x00050000000186f2-156.dat	upx
behavioral1/files/0x0006000000017491-126.dat	upx
behavioral1/files/0x000600000001743a-116.dat	upx
behavioral1/files/0x0006000000017047-111.dat	upx
behavioral1/files/0x0006000000016eb4-106.dat	upx
behavioral1/files/0x0006000000016dea-101.dat	upx
behavioral1/files/0x0006000000016de0-96.dat	upx
behavioral1/files/0x0006000000016dd9-91.dat	upx
behavioral1/files/0x0006000000016d6d-81.dat	upx
behavioral1/files/0x0006000000016d69-76.dat	upx
behavioral1/files/0x0006000000016d4f-66.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\qsyJmVH.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAJIFWU.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZxzFEHI.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozkOdTD.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOCSmJq.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTiZrJL.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mlbuvsq.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcMauAl.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDPYMtQ.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKbElYC.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrggusZ.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltgXeix.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRYtNts.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgmBClg.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWvKAou.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgRqwbP.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\niAGLfe.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TsYQjTc.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJDOyKT.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhdTJHS.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqEFQen.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\czFtCyC.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBqoaKb.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KqvkjuB.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtWwuIT.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMIVNGe.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zpmzwAr.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnppkSr.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZlwkgx.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDPQemi.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTlDPxg.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHqnwKe.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQBxGdh.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRNCHep.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdWZNHa.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnNprom.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BtEZwmi.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBRjiLn.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\anzammE.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXaOUGv.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFOrzxF.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ognzIlM.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gImSfXE.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUffZGW.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKgUHZd.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqRUpDY.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xacsYoC.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmWxAsd.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIdkDIC.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpbqILo.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvgsDBG.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXLvASE.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBmQBpK.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dviYqZy.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtmJPON.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsyIbrC.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwffpPs.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OexxODx.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mrVuiSR.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfRzPej.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUIJgov.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adtMFVT.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMnysRQ.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhSRqPO.exe	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 1264	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1804 wrote to memory of 1264	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1804 wrote to memory of 1264	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1804 wrote to memory of 2120	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1804 wrote to memory of 2120	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1804 wrote to memory of 2120	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1804 wrote to memory of 2300	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1804 wrote to memory of 2300	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1804 wrote to memory of 2300	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1804 wrote to memory of 2016	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1804 wrote to memory of 2016	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1804 wrote to memory of 2016	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1804 wrote to memory of 1800	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1804 wrote to memory of 1800	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1804 wrote to memory of 1800	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1804 wrote to memory of 2920	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1804 wrote to memory of 2920	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1804 wrote to memory of 2920	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1804 wrote to memory of 2584	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1804 wrote to memory of 2584	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1804 wrote to memory of 2584	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1804 wrote to memory of 2696	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1804 wrote to memory of 2696	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1804 wrote to memory of 2696	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1804 wrote to memory of 2968	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1804 wrote to memory of 2968	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1804 wrote to memory of 2968	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1804 wrote to memory of 1608	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1804 wrote to memory of 1608	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1804 wrote to memory of 1608	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1804 wrote to memory of 2632	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1804 wrote to memory of 2632	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1804 wrote to memory of 2632	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1804 wrote to memory of 2588	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1804 wrote to memory of 2588	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1804 wrote to memory of 2588	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1804 wrote to memory of 2648	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1804 wrote to memory of 2648	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1804 wrote to memory of 2648	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1804 wrote to memory of 1676	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1804 wrote to memory of 1676	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1804 wrote to memory of 1676	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1804 wrote to memory of 2212	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1804 wrote to memory of 2212	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1804 wrote to memory of 2212	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1804 wrote to memory of 1560	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1804 wrote to memory of 1560	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1804 wrote to memory of 1560	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1804 wrote to memory of 1320	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1804 wrote to memory of 1320	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1804 wrote to memory of 1320	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1804 wrote to memory of 2808	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1804 wrote to memory of 2808	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1804 wrote to memory of 2808	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1804 wrote to memory of 1716	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1804 wrote to memory of 1716	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1804 wrote to memory of 1716	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1804 wrote to memory of 1356	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1804 wrote to memory of 1356	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1804 wrote to memory of 1356	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1804 wrote to memory of 108	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1804 wrote to memory of 108	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1804 wrote to memory of 108	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1804 wrote to memory of 992	1804	2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_615ea63b964fca0757533a51c4404465_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Windows\System\YEPzcoS.exe
  C:\Windows\System\YEPzcoS.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\pBGuPQW.exe
  C:\Windows\System\pBGuPQW.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\OeDYenK.exe
  C:\Windows\System\OeDYenK.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\NTieraO.exe
  C:\Windows\System\NTieraO.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\GwwZUAQ.exe
  C:\Windows\System\GwwZUAQ.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\jKHwAje.exe
  C:\Windows\System\jKHwAje.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\HsyAgHy.exe
  C:\Windows\System\HsyAgHy.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\iXevIjW.exe
  C:\Windows\System\iXevIjW.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\FLTUvSF.exe
  C:\Windows\System\FLTUvSF.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\CarJOos.exe
  C:\Windows\System\CarJOos.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\WVwgNuK.exe
  C:\Windows\System\WVwgNuK.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\iHahaIf.exe
  C:\Windows\System\iHahaIf.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\KoSdinJ.exe
  C:\Windows\System\KoSdinJ.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\qDZibNM.exe
  C:\Windows\System\qDZibNM.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\QPjDKhR.exe
  C:\Windows\System\QPjDKhR.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\tASXWdb.exe
  C:\Windows\System\tASXWdb.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\LdpYLyy.exe
  C:\Windows\System\LdpYLyy.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\SctecQQ.exe
  C:\Windows\System\SctecQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\BtEZwmi.exe
  C:\Windows\System\BtEZwmi.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\vbACjWJ.exe
  C:\Windows\System\vbACjWJ.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\DcLWnEx.exe
  C:\Windows\System\DcLWnEx.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\nntiZSN.exe
  C:\Windows\System\nntiZSN.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\ZXFZDMc.exe
  C:\Windows\System\ZXFZDMc.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\RzKPzKv.exe
  C:\Windows\System\RzKPzKv.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\iXkYuxr.exe
  C:\Windows\System\iXkYuxr.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\SqYoafC.exe
  C:\Windows\System\SqYoafC.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\BCdxlHL.exe
  C:\Windows\System\BCdxlHL.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\JQQYXCm.exe
  C:\Windows\System\JQQYXCm.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\SLvPNSf.exe
  C:\Windows\System\SLvPNSf.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\CPnWWyF.exe
  C:\Windows\System\CPnWWyF.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\fSepAEa.exe
  C:\Windows\System\fSepAEa.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\UttEzqi.exe
  C:\Windows\System\UttEzqi.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\dtdgUJh.exe
  C:\Windows\System\dtdgUJh.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\HgxEqrw.exe
  C:\Windows\System\HgxEqrw.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\swyKKQY.exe
  C:\Windows\System\swyKKQY.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\zQdhfnJ.exe
  C:\Windows\System\zQdhfnJ.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\SKuzYFU.exe
  C:\Windows\System\SKuzYFU.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\clCrdJm.exe
  C:\Windows\System\clCrdJm.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\NhcHiqc.exe
  C:\Windows\System\NhcHiqc.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\YujukOn.exe
  C:\Windows\System\YujukOn.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\GmGJyQO.exe
  C:\Windows\System\GmGJyQO.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\wXgegCS.exe
  C:\Windows\System\wXgegCS.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\zBeAPPu.exe
  C:\Windows\System\zBeAPPu.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\nSnehyV.exe
  C:\Windows\System\nSnehyV.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\RePoXuI.exe
  C:\Windows\System\RePoXuI.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\UqGHWYj.exe
  C:\Windows\System\UqGHWYj.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\fzDrSou.exe
  C:\Windows\System\fzDrSou.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\LFvqEtc.exe
  C:\Windows\System\LFvqEtc.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\RZvVgdJ.exe
  C:\Windows\System\RZvVgdJ.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\MWSNdcy.exe
  C:\Windows\System\MWSNdcy.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\cGnVORB.exe
  C:\Windows\System\cGnVORB.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\ColLkOY.exe
  C:\Windows\System\ColLkOY.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\FklYKWo.exe
  C:\Windows\System\FklYKWo.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\AAdtnKc.exe
  C:\Windows\System\AAdtnKc.exe
  2⤵
  PID:2540
- C:\Windows\System\KvWkIyH.exe
  C:\Windows\System\KvWkIyH.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\HktbQXB.exe
  C:\Windows\System\HktbQXB.exe
  2⤵
  PID:1584
- C:\Windows\System\DbYLbwv.exe
  C:\Windows\System\DbYLbwv.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\RjYQtIJ.exe
  C:\Windows\System\RjYQtIJ.exe
  2⤵
  PID:3048
- C:\Windows\System\vCOxYkA.exe
  C:\Windows\System\vCOxYkA.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\LFGgLxP.exe
  C:\Windows\System\LFGgLxP.exe
  2⤵
  PID:2176
- C:\Windows\System\WXaOUGv.exe
  C:\Windows\System\WXaOUGv.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\bmGnvzW.exe
  C:\Windows\System\bmGnvzW.exe
  2⤵
  PID:2728
- C:\Windows\System\zRzVlNe.exe
  C:\Windows\System\zRzVlNe.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\xEibkbl.exe
  C:\Windows\System\xEibkbl.exe
  2⤵
  PID:2612
- C:\Windows\System\MBRjiLn.exe
  C:\Windows\System\MBRjiLn.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\bpuhFaQ.exe
  C:\Windows\System\bpuhFaQ.exe
  2⤵
  PID:2580
- C:\Windows\System\DOrkSRo.exe
  C:\Windows\System\DOrkSRo.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\TJaFNUC.exe
  C:\Windows\System\TJaFNUC.exe
  2⤵
  PID:2216
- C:\Windows\System\KwkfxEG.exe
  C:\Windows\System\KwkfxEG.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\zWqiFcE.exe
  C:\Windows\System\zWqiFcE.exe
  2⤵
  PID:2800
- C:\Windows\System\kzSxVqH.exe
  C:\Windows\System\kzSxVqH.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\WrLXNrF.exe
  C:\Windows\System\WrLXNrF.exe
  2⤵
  PID:2644
- C:\Windows\System\ZnfHNsu.exe
  C:\Windows\System\ZnfHNsu.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\hdkLVgv.exe
  C:\Windows\System\hdkLVgv.exe
  2⤵
  PID:2768
- C:\Windows\System\BISHDNX.exe
  C:\Windows\System\BISHDNX.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\xslbyME.exe
  C:\Windows\System\xslbyME.exe
  2⤵
  PID:2840
- C:\Windows\System\nhOpwgy.exe
  C:\Windows\System\nhOpwgy.exe
  2⤵
  PID:2848
- C:\Windows\System\lolVPsR.exe
  C:\Windows\System\lolVPsR.exe
  2⤵
  PID:2264
- C:\Windows\System\mgmBClg.exe
  C:\Windows\System\mgmBClg.exe
  2⤵
  PID:3016
- C:\Windows\System\poztTRE.exe
  C:\Windows\System\poztTRE.exe
  2⤵
  PID:560
- C:\Windows\System\ehyCYzW.exe
  C:\Windows\System\ehyCYzW.exe
  2⤵
  PID:2740
- C:\Windows\System\jWoVOSU.exe
  C:\Windows\System\jWoVOSU.exe
  2⤵
  PID:2792
- C:\Windows\System\LVhKmKF.exe
  C:\Windows\System\LVhKmKF.exe
  2⤵
  PID:2416
- C:\Windows\System\ZeMaeYK.exe
  C:\Windows\System\ZeMaeYK.exe
  2⤵
  PID:1148
- C:\Windows\System\ipByczm.exe
  C:\Windows\System\ipByczm.exe
  2⤵
  PID:2348
- C:\Windows\System\eNXZxBy.exe
  C:\Windows\System\eNXZxBy.exe
  2⤵
  PID:2468
- C:\Windows\System\GTIdheY.exe
  C:\Windows\System\GTIdheY.exe
  2⤵
  PID:1492
- C:\Windows\System\cNhnYLl.exe
  C:\Windows\System\cNhnYLl.exe
  2⤵
  PID:2064
- C:\Windows\System\KcIeRug.exe
  C:\Windows\System\KcIeRug.exe
  2⤵
  PID:1892
- C:\Windows\System\NgUvawG.exe
  C:\Windows\System\NgUvawG.exe
  2⤵
  PID:1900
- C:\Windows\System\VcCRwQl.exe
  C:\Windows\System\VcCRwQl.exe
  2⤵
  PID:1172
- C:\Windows\System\EpKMfRT.exe
  C:\Windows\System\EpKMfRT.exe
  2⤵
  PID:1792
- C:\Windows\System\XBiPEDH.exe
  C:\Windows\System\XBiPEDH.exe
  2⤵
  PID:1732
- C:\Windows\System\BFyMyMC.exe
  C:\Windows\System\BFyMyMC.exe
  2⤵
  PID:2680
- C:\Windows\System\wqEFQen.exe
  C:\Windows\System\wqEFQen.exe
  2⤵
  PID:2448
- C:\Windows\System\GOMoTep.exe
  C:\Windows\System\GOMoTep.exe
  2⤵
  PID:2480
- C:\Windows\System\BPmqCpq.exe
  C:\Windows\System\BPmqCpq.exe
  2⤵
  PID:2548
- C:\Windows\System\OexxODx.exe
  C:\Windows\System\OexxODx.exe
  2⤵
  PID:2924
- C:\Windows\System\eGWAUZW.exe
  C:\Windows\System\eGWAUZW.exe
  2⤵
  PID:960
- C:\Windows\System\cHXqmqU.exe
  C:\Windows\System\cHXqmqU.exe
  2⤵
  PID:1592
- C:\Windows\System\ltLtpSI.exe
  C:\Windows\System\ltLtpSI.exe
  2⤵
  PID:3004
- C:\Windows\System\Mxjaros.exe
  C:\Windows\System\Mxjaros.exe
  2⤵
  PID:3084
- C:\Windows\System\LngHONe.exe
  C:\Windows\System\LngHONe.exe
  2⤵
  PID:3100
- C:\Windows\System\QojdiGG.exe
  C:\Windows\System\QojdiGG.exe
  2⤵
  PID:3120
- C:\Windows\System\wFPHzpF.exe
  C:\Windows\System\wFPHzpF.exe
  2⤵
  PID:3136
- C:\Windows\System\lRWASWw.exe
  C:\Windows\System\lRWASWw.exe
  2⤵
  PID:3152
- C:\Windows\System\xHqnwKe.exe
  C:\Windows\System\xHqnwKe.exe
  2⤵
  PID:3168
- C:\Windows\System\VqDDMqc.exe
  C:\Windows\System\VqDDMqc.exe
  2⤵
  PID:3188
- C:\Windows\System\TRWSURe.exe
  C:\Windows\System\TRWSURe.exe
  2⤵
  PID:3208
- C:\Windows\System\Vyeltyi.exe
  C:\Windows\System\Vyeltyi.exe
  2⤵
  PID:3224
- C:\Windows\System\VxoOfFZ.exe
  C:\Windows\System\VxoOfFZ.exe
  2⤵
  PID:3248
- C:\Windows\System\WhNzNSn.exe
  C:\Windows\System\WhNzNSn.exe
  2⤵
  PID:3264
- C:\Windows\System\LKbgqrk.exe
  C:\Windows\System\LKbgqrk.exe
  2⤵
  PID:3280
- C:\Windows\System\Lahpssm.exe
  C:\Windows\System\Lahpssm.exe
  2⤵
  PID:3300
- C:\Windows\System\vcfVuwQ.exe
  C:\Windows\System\vcfVuwQ.exe
  2⤵
  PID:3316
- C:\Windows\System\JYvjsJf.exe
  C:\Windows\System\JYvjsJf.exe
  2⤵
  PID:3348
- C:\Windows\System\TrnlaFa.exe
  C:\Windows\System\TrnlaFa.exe
  2⤵
  PID:3364
- C:\Windows\System\nrARAaQ.exe
  C:\Windows\System\nrARAaQ.exe
  2⤵
  PID:3384
- C:\Windows\System\IWxfNEV.exe
  C:\Windows\System\IWxfNEV.exe
  2⤵
  PID:3444
- C:\Windows\System\nbQuzWQ.exe
  C:\Windows\System\nbQuzWQ.exe
  2⤵
  PID:3464
- C:\Windows\System\xacsYoC.exe
  C:\Windows\System\xacsYoC.exe
  2⤵
  PID:3484
- C:\Windows\System\vhJAFSD.exe
  C:\Windows\System\vhJAFSD.exe
  2⤵
  PID:3508
- C:\Windows\System\eHxtzIU.exe
  C:\Windows\System\eHxtzIU.exe
  2⤵
  PID:3524
- C:\Windows\System\kxALiXV.exe
  C:\Windows\System\kxALiXV.exe
  2⤵
  PID:3544
- C:\Windows\System\AbJIxxP.exe
  C:\Windows\System\AbJIxxP.exe
  2⤵
  PID:3564
- C:\Windows\System\UOKQbYk.exe
  C:\Windows\System\UOKQbYk.exe
  2⤵
  PID:3588
- C:\Windows\System\UeHWdgr.exe
  C:\Windows\System\UeHWdgr.exe
  2⤵
  PID:3608
- C:\Windows\System\CEGUUbO.exe
  C:\Windows\System\CEGUUbO.exe
  2⤵
  PID:3632
- C:\Windows\System\jbRZxty.exe
  C:\Windows\System\jbRZxty.exe
  2⤵
  PID:3652
- C:\Windows\System\TkZHrsN.exe
  C:\Windows\System\TkZHrsN.exe
  2⤵
  PID:3672
- C:\Windows\System\iOCztQK.exe
  C:\Windows\System\iOCztQK.exe
  2⤵
  PID:3692
- C:\Windows\System\EwOzNVI.exe
  C:\Windows\System\EwOzNVI.exe
  2⤵
  PID:3712
- C:\Windows\System\YGeRiBo.exe
  C:\Windows\System\YGeRiBo.exe
  2⤵
  PID:3732
- C:\Windows\System\PuqinsZ.exe
  C:\Windows\System\PuqinsZ.exe
  2⤵
  PID:3752
- C:\Windows\System\ssKtxUa.exe
  C:\Windows\System\ssKtxUa.exe
  2⤵
  PID:3772
- C:\Windows\System\zXLrlRQ.exe
  C:\Windows\System\zXLrlRQ.exe
  2⤵
  PID:3792
- C:\Windows\System\tddIVNi.exe
  C:\Windows\System\tddIVNi.exe
  2⤵
  PID:3812
- C:\Windows\System\xnfSUMv.exe
  C:\Windows\System\xnfSUMv.exe
  2⤵
  PID:3832
- C:\Windows\System\eeaWsWd.exe
  C:\Windows\System\eeaWsWd.exe
  2⤵
  PID:3848
- C:\Windows\System\phVbboI.exe
  C:\Windows\System\phVbboI.exe
  2⤵
  PID:3868
- C:\Windows\System\CZxZmao.exe
  C:\Windows\System\CZxZmao.exe
  2⤵
  PID:3892
- C:\Windows\System\gLGOtyt.exe
  C:\Windows\System\gLGOtyt.exe
  2⤵
  PID:3912
- C:\Windows\System\YmWxAsd.exe
  C:\Windows\System\YmWxAsd.exe
  2⤵
  PID:3928
- C:\Windows\System\GPyaTHN.exe
  C:\Windows\System\GPyaTHN.exe
  2⤵
  PID:3948
- C:\Windows\System\UbfJrTx.exe
  C:\Windows\System\UbfJrTx.exe
  2⤵
  PID:3968
- C:\Windows\System\TIJbIIN.exe
  C:\Windows\System\TIJbIIN.exe
  2⤵
  PID:3992
- C:\Windows\System\kZFoHLY.exe
  C:\Windows\System\kZFoHLY.exe
  2⤵
  PID:4012
- C:\Windows\System\MOJHzlc.exe
  C:\Windows\System\MOJHzlc.exe
  2⤵
  PID:4032
- C:\Windows\System\aYIDQEa.exe
  C:\Windows\System\aYIDQEa.exe
  2⤵
  PID:4052
- C:\Windows\System\QFFjfXm.exe
  C:\Windows\System\QFFjfXm.exe
  2⤵
  PID:4072
- C:\Windows\System\hccvRHz.exe
  C:\Windows\System\hccvRHz.exe
  2⤵
  PID:4088
- C:\Windows\System\pewjlZY.exe
  C:\Windows\System\pewjlZY.exe
  2⤵
  PID:1924
- C:\Windows\System\ROcFhJc.exe
  C:\Windows\System\ROcFhJc.exe
  2⤵
  PID:1932
- C:\Windows\System\yRfOlWS.exe
  C:\Windows\System\yRfOlWS.exe
  2⤵
  PID:2000
- C:\Windows\System\qsyJmVH.exe
  C:\Windows\System\qsyJmVH.exe
  2⤵
  PID:3112
- C:\Windows\System\TndXRvO.exe
  C:\Windows\System\TndXRvO.exe
  2⤵
  PID:3216
- C:\Windows\System\dbHfmVb.exe
  C:\Windows\System\dbHfmVb.exe
  2⤵
  PID:3288
- C:\Windows\System\XQiDdtm.exe
  C:\Windows\System\XQiDdtm.exe
  2⤵
  PID:3324
- C:\Windows\System\ZDaDpjA.exe
  C:\Windows\System\ZDaDpjA.exe
  2⤵
  PID:408
- C:\Windows\System\SSdhvWs.exe
  C:\Windows\System\SSdhvWs.exe
  2⤵
  PID:3340
- C:\Windows\System\YWQBXlZ.exe
  C:\Windows\System\YWQBXlZ.exe
  2⤵
  PID:1844
- C:\Windows\System\rTzZyZk.exe
  C:\Windows\System\rTzZyZk.exe
  2⤵
  PID:612
- C:\Windows\System\dvIiBWc.exe
  C:\Windows\System\dvIiBWc.exe
  2⤵
  PID:3244
- C:\Windows\System\CeGBuJW.exe
  C:\Windows\System\CeGBuJW.exe
  2⤵
  PID:3360
- C:\Windows\System\FfuXynx.exe
  C:\Windows\System\FfuXynx.exe
  2⤵
  PID:3236
- C:\Windows\System\cSOiCZk.exe
  C:\Windows\System\cSOiCZk.exe
  2⤵
  PID:3160
- C:\Windows\System\pihyJvj.exe
  C:\Windows\System\pihyJvj.exe
  2⤵
  PID:3092
- C:\Windows\System\DwOjFyC.exe
  C:\Windows\System\DwOjFyC.exe
  2⤵
  PID:3392
- C:\Windows\System\lZofaaS.exe
  C:\Windows\System\lZofaaS.exe
  2⤵
  PID:3408
- C:\Windows\System\QjyTFLy.exe
  C:\Windows\System\QjyTFLy.exe
  2⤵
  PID:3500
- C:\Windows\System\ohfyejO.exe
  C:\Windows\System\ohfyejO.exe
  2⤵
  PID:3424
- C:\Windows\System\SqDecZt.exe
  C:\Windows\System\SqDecZt.exe
  2⤵
  PID:3440
- C:\Windows\System\POdwQBs.exe
  C:\Windows\System\POdwQBs.exe
  2⤵
  PID:3536
- C:\Windows\System\iovtxvL.exe
  C:\Windows\System\iovtxvL.exe
  2⤵
  PID:3580
- C:\Windows\System\TDvnpKG.exe
  C:\Windows\System\TDvnpKG.exe
  2⤵
  PID:3596
- C:\Windows\System\WUOtWkL.exe
  C:\Windows\System\WUOtWkL.exe
  2⤵
  PID:3600
- C:\Windows\System\NcHRJtd.exe
  C:\Windows\System\NcHRJtd.exe
  2⤵
  PID:3708
- C:\Windows\System\rwCiMKw.exe
  C:\Windows\System\rwCiMKw.exe
  2⤵
  PID:3688
- C:\Windows\System\IFuAZgs.exe
  C:\Windows\System\IFuAZgs.exe
  2⤵
  PID:3744
- C:\Windows\System\jBGGeol.exe
  C:\Windows\System\jBGGeol.exe
  2⤵
  PID:3728
- C:\Windows\System\ebQuSPm.exe
  C:\Windows\System\ebQuSPm.exe
  2⤵
  PID:3784
- C:\Windows\System\RAZLeiv.exe
  C:\Windows\System\RAZLeiv.exe
  2⤵
  PID:3800
- C:\Windows\System\idtkUtR.exe
  C:\Windows\System\idtkUtR.exe
  2⤵
  PID:3900
- C:\Windows\System\BadEJHr.exe
  C:\Windows\System\BadEJHr.exe
  2⤵
  PID:3840
- C:\Windows\System\iTgWfTK.exe
  C:\Windows\System\iTgWfTK.exe
  2⤵
  PID:3936
- C:\Windows\System\blNngoi.exe
  C:\Windows\System\blNngoi.exe
  2⤵
  PID:3980
- C:\Windows\System\qzzVJWk.exe
  C:\Windows\System\qzzVJWk.exe
  2⤵
  PID:3960
- C:\Windows\System\VRURnBu.exe
  C:\Windows\System\VRURnBu.exe
  2⤵
  PID:4008
- C:\Windows\System\XSNahOc.exe
  C:\Windows\System\XSNahOc.exe
  2⤵
  PID:4064
- C:\Windows\System\cwuHUdF.exe
  C:\Windows\System\cwuHUdF.exe
  2⤵
  PID:636
- C:\Windows\System\JTzITaq.exe
  C:\Windows\System\JTzITaq.exe
  2⤵
  PID:1540
- C:\Windows\System\gAIQPwk.exe
  C:\Windows\System\gAIQPwk.exe
  2⤵
  PID:3184
- C:\Windows\System\mrVuiSR.exe
  C:\Windows\System\mrVuiSR.exe
  2⤵
  PID:3116
- C:\Windows\System\dzrucoU.exe
  C:\Windows\System\dzrucoU.exe
  2⤵
  PID:3332
- C:\Windows\System\PJsrssh.exe
  C:\Windows\System\PJsrssh.exe
  2⤵
  PID:2364
- C:\Windows\System\hEnEGJt.exe
  C:\Windows\System\hEnEGJt.exe
  2⤵
  PID:2572
- C:\Windows\System\gEHLXsY.exe
  C:\Windows\System\gEHLXsY.exe
  2⤵
  PID:3312
- C:\Windows\System\CkzbDfY.exe
  C:\Windows\System\CkzbDfY.exe
  2⤵
  PID:3164
- C:\Windows\System\LmfrOiZ.exe
  C:\Windows\System\LmfrOiZ.exe
  2⤵
  PID:3460
- C:\Windows\System\atVQBVs.exe
  C:\Windows\System\atVQBVs.exe
  2⤵
  PID:3436
- C:\Windows\System\Mgunytg.exe
  C:\Windows\System\Mgunytg.exe
  2⤵
  PID:3520
- C:\Windows\System\LAJIFWU.exe
  C:\Windows\System\LAJIFWU.exe
  2⤵
  PID:3648
- C:\Windows\System\MPxdRjU.exe
  C:\Windows\System\MPxdRjU.exe
  2⤵
  PID:3404
- C:\Windows\System\gABluWO.exe
  C:\Windows\System\gABluWO.exe
  2⤵
  PID:3824
- C:\Windows\System\usGZMQy.exe
  C:\Windows\System\usGZMQy.exe
  2⤵
  PID:3908
- C:\Windows\System\LLPaBrw.exe
  C:\Windows\System\LLPaBrw.exe
  2⤵
  PID:3476
- C:\Windows\System\SdrwzWa.exe
  C:\Windows\System\SdrwzWa.exe
  2⤵
  PID:3560
- C:\Windows\System\tGYEwFb.exe
  C:\Windows\System\tGYEwFb.exe
  2⤵
  PID:4048
- C:\Windows\System\OChHMmq.exe
  C:\Windows\System\OChHMmq.exe
  2⤵
  PID:3660
- C:\Windows\System\kUWadAn.exe
  C:\Windows\System\kUWadAn.exe
  2⤵
  PID:3740
- C:\Windows\System\qMnysRQ.exe
  C:\Windows\System\qMnysRQ.exe
  2⤵
  PID:2124
- C:\Windows\System\GfWDqZu.exe
  C:\Windows\System\GfWDqZu.exe
  2⤵
  PID:3768
- C:\Windows\System\UbjwnOg.exe
  C:\Windows\System\UbjwnOg.exe
  2⤵
  PID:3880
- C:\Windows\System\zeEyyIA.exe
  C:\Windows\System\zeEyyIA.exe
  2⤵
  PID:3240
- C:\Windows\System\lOYbeEJ.exe
  C:\Windows\System\lOYbeEJ.exe
  2⤵
  PID:3884
- C:\Windows\System\rbBgZUX.exe
  C:\Windows\System\rbBgZUX.exe
  2⤵
  PID:3984
- C:\Windows\System\YpVDDkS.exe
  C:\Windows\System\YpVDDkS.exe
  2⤵
  PID:3976
- C:\Windows\System\FpMuQQT.exe
  C:\Windows\System\FpMuQQT.exe
  2⤵
  PID:4100
- C:\Windows\System\lsFlMkV.exe
  C:\Windows\System\lsFlMkV.exe
  2⤵
  PID:4120
- C:\Windows\System\erBcYgo.exe
  C:\Windows\System\erBcYgo.exe
  2⤵
  PID:4136
- C:\Windows\System\BQrLAYV.exe
  C:\Windows\System\BQrLAYV.exe
  2⤵
  PID:4160
- C:\Windows\System\SxHphQY.exe
  C:\Windows\System\SxHphQY.exe
  2⤵
  PID:4176
- C:\Windows\System\SutTYLn.exe
  C:\Windows\System\SutTYLn.exe
  2⤵
  PID:4196
- C:\Windows\System\wWIeGoA.exe
  C:\Windows\System\wWIeGoA.exe
  2⤵
  PID:4212
- C:\Windows\System\XSuPMgK.exe
  C:\Windows\System\XSuPMgK.exe
  2⤵
  PID:4232
- C:\Windows\System\eMMWNbK.exe
  C:\Windows\System\eMMWNbK.exe
  2⤵
  PID:4248
- C:\Windows\System\HgdQOUr.exe
  C:\Windows\System\HgdQOUr.exe
  2⤵
  PID:4272
- C:\Windows\System\XHZawbW.exe
  C:\Windows\System\XHZawbW.exe
  2⤵
  PID:4292
- C:\Windows\System\MZJZqqb.exe
  C:\Windows\System\MZJZqqb.exe
  2⤵
  PID:4312
- C:\Windows\System\vsBpnuP.exe
  C:\Windows\System\vsBpnuP.exe
  2⤵
  PID:4336
- C:\Windows\System\ifGXUkD.exe
  C:\Windows\System\ifGXUkD.exe
  2⤵
  PID:4352
- C:\Windows\System\OgUifQP.exe
  C:\Windows\System\OgUifQP.exe
  2⤵
  PID:4372
- C:\Windows\System\KrbJudl.exe
  C:\Windows\System\KrbJudl.exe
  2⤵
  PID:4392
- C:\Windows\System\xQBxGdh.exe
  C:\Windows\System\xQBxGdh.exe
  2⤵
  PID:4416
- C:\Windows\System\WCUuXBD.exe
  C:\Windows\System\WCUuXBD.exe
  2⤵
  PID:4432
- C:\Windows\System\uwgcmrQ.exe
  C:\Windows\System\uwgcmrQ.exe
  2⤵
  PID:4448
- C:\Windows\System\kfBCsHC.exe
  C:\Windows\System\kfBCsHC.exe
  2⤵
  PID:4468
- C:\Windows\System\CetYocr.exe
  C:\Windows\System\CetYocr.exe
  2⤵
  PID:4484
- C:\Windows\System\JneDahB.exe
  C:\Windows\System\JneDahB.exe
  2⤵
  PID:4508
- C:\Windows\System\kyZLWzH.exe
  C:\Windows\System\kyZLWzH.exe
  2⤵
  PID:4524
- C:\Windows\System\rMrkbKC.exe
  C:\Windows\System\rMrkbKC.exe
  2⤵
  PID:4548
- C:\Windows\System\NOZXzAC.exe
  C:\Windows\System\NOZXzAC.exe
  2⤵
  PID:4568
- C:\Windows\System\TZjwnkQ.exe
  C:\Windows\System\TZjwnkQ.exe
  2⤵
  PID:4588
- C:\Windows\System\ZyqqJxC.exe
  C:\Windows\System\ZyqqJxC.exe
  2⤵
  PID:4604
- C:\Windows\System\GtwbhBR.exe
  C:\Windows\System\GtwbhBR.exe
  2⤵
  PID:4628
- C:\Windows\System\fFOrzxF.exe
  C:\Windows\System\fFOrzxF.exe
  2⤵
  PID:4644
- C:\Windows\System\DuNgAwU.exe
  C:\Windows\System\DuNgAwU.exe
  2⤵
  PID:4668
- C:\Windows\System\wgWTzJe.exe
  C:\Windows\System\wgWTzJe.exe
  2⤵
  PID:4684
- C:\Windows\System\PJqXUdS.exe
  C:\Windows\System\PJqXUdS.exe
  2⤵
  PID:4708
- C:\Windows\System\UlcvOTJ.exe
  C:\Windows\System\UlcvOTJ.exe
  2⤵
  PID:4732
- C:\Windows\System\LfPajyV.exe
  C:\Windows\System\LfPajyV.exe
  2⤵
  PID:4752
- C:\Windows\System\mrwIdJJ.exe
  C:\Windows\System\mrwIdJJ.exe
  2⤵
  PID:4772
- C:\Windows\System\QABRcTy.exe
  C:\Windows\System\QABRcTy.exe
  2⤵
  PID:4788
- C:\Windows\System\wnTkrsI.exe
  C:\Windows\System\wnTkrsI.exe
  2⤵
  PID:4808
- C:\Windows\System\NbwVvsF.exe
  C:\Windows\System\NbwVvsF.exe
  2⤵
  PID:4828
- C:\Windows\System\czFtCyC.exe
  C:\Windows\System\czFtCyC.exe
  2⤵
  PID:4844
- C:\Windows\System\drhcRHq.exe
  C:\Windows\System\drhcRHq.exe
  2⤵
  PID:4864
- C:\Windows\System\clHphRn.exe
  C:\Windows\System\clHphRn.exe
  2⤵
  PID:4888
- C:\Windows\System\prkfCFc.exe
  C:\Windows\System\prkfCFc.exe
  2⤵
  PID:4904
- C:\Windows\System\ahJGsxc.exe
  C:\Windows\System\ahJGsxc.exe
  2⤵
  PID:4928
- C:\Windows\System\ZxzFEHI.exe
  C:\Windows\System\ZxzFEHI.exe
  2⤵
  PID:4948
- C:\Windows\System\VXMzJei.exe
  C:\Windows\System\VXMzJei.exe
  2⤵
  PID:4968
- C:\Windows\System\GdVPZax.exe
  C:\Windows\System\GdVPZax.exe
  2⤵
  PID:4988
- C:\Windows\System\HaqEplR.exe
  C:\Windows\System\HaqEplR.exe
  2⤵
  PID:5004
- C:\Windows\System\zoFYqIZ.exe
  C:\Windows\System\zoFYqIZ.exe
  2⤵
  PID:5028
- C:\Windows\System\HxBzfYN.exe
  C:\Windows\System\HxBzfYN.exe
  2⤵
  PID:5044
- C:\Windows\System\cgLcOJL.exe
  C:\Windows\System\cgLcOJL.exe
  2⤵
  PID:5064
- C:\Windows\System\WdKijvT.exe
  C:\Windows\System\WdKijvT.exe
  2⤵
  PID:5080
- C:\Windows\System\AiqaKoY.exe
  C:\Windows\System\AiqaKoY.exe
  2⤵
  PID:5100
- C:\Windows\System\pxJLqbR.exe
  C:\Windows\System\pxJLqbR.exe
  2⤵
  PID:4000
- C:\Windows\System\nigUojE.exe
  C:\Windows\System\nigUojE.exe
  2⤵
  PID:4068
- C:\Windows\System\iLBOwpC.exe
  C:\Windows\System\iLBOwpC.exe
  2⤵
  PID:792
- C:\Windows\System\UeggOUJ.exe
  C:\Windows\System\UeggOUJ.exe
  2⤵
  PID:3604
- C:\Windows\System\isYJqhd.exe
  C:\Windows\System\isYJqhd.exe
  2⤵
  PID:4128
- C:\Windows\System\lmoAIRY.exe
  C:\Windows\System\lmoAIRY.exe
  2⤵
  PID:3176
- C:\Windows\System\cWYNuYa.exe
  C:\Windows\System\cWYNuYa.exe
  2⤵
  PID:4204
- C:\Windows\System\sRotDoe.exe
  C:\Windows\System\sRotDoe.exe
  2⤵
  PID:4244
- C:\Windows\System\EQTbfUR.exe
  C:\Windows\System\EQTbfUR.exe
  2⤵
  PID:4284
- C:\Windows\System\gZIiJPu.exe
  C:\Windows\System\gZIiJPu.exe
  2⤵
  PID:3308
- C:\Windows\System\vCgFAFj.exe
  C:\Windows\System\vCgFAFj.exe
  2⤵
  PID:4400
- C:\Windows\System\bxbqqGX.exe
  C:\Windows\System\bxbqqGX.exe
  2⤵
  PID:4440
- C:\Windows\System\JUAuTwA.exe
  C:\Windows\System\JUAuTwA.exe
  2⤵
  PID:2712
- C:\Windows\System\tXbKVQh.exe
  C:\Windows\System\tXbKVQh.exe
  2⤵
  PID:4560
- C:\Windows\System\EPZDlMJ.exe
  C:\Windows\System\EPZDlMJ.exe
  2⤵
  PID:4596
- C:\Windows\System\ngufNUD.exe
  C:\Windows\System\ngufNUD.exe
  2⤵
  PID:4640
- C:\Windows\System\cOAZSbR.exe
  C:\Windows\System\cOAZSbR.exe
  2⤵
  PID:2916
- C:\Windows\System\eCVhtOA.exe
  C:\Windows\System\eCVhtOA.exe
  2⤵
  PID:4720
- C:\Windows\System\HAvTBfV.exe
  C:\Windows\System\HAvTBfV.exe
  2⤵
  PID:3552
- C:\Windows\System\tHlqEmL.exe
  C:\Windows\System\tHlqEmL.exe
  2⤵
  PID:4804
- C:\Windows\System\ankfIee.exe
  C:\Windows\System\ankfIee.exe
  2⤵
  PID:4872
- C:\Windows\System\qokOaAf.exe
  C:\Windows\System\qokOaAf.exe
  2⤵
  PID:4920
- C:\Windows\System\zhxeLsA.exe
  C:\Windows\System\zhxeLsA.exe
  2⤵
  PID:4964
- C:\Windows\System\EJRXbfR.exe
  C:\Windows\System\EJRXbfR.exe
  2⤵
  PID:3148
- C:\Windows\System\pkMGSSs.exe
  C:\Windows\System\pkMGSSs.exe
  2⤵
  PID:2376
- C:\Windows\System\LcMauAl.exe
  C:\Windows\System\LcMauAl.exe
  2⤵
  PID:5112
- C:\Windows\System\cjYMEbk.exe
  C:\Windows\System\cjYMEbk.exe
  2⤵
  PID:3944
- C:\Windows\System\fJtlgIo.exe
  C:\Windows\System\fJtlgIo.exe
  2⤵
  PID:4108
- C:\Windows\System\EQnksoV.exe
  C:\Windows\System\EQnksoV.exe
  2⤵
  PID:932
- C:\Windows\System\cFjhboA.exe
  C:\Windows\System\cFjhboA.exe
  2⤵
  PID:4280
- C:\Windows\System\XjVDRMj.exe
  C:\Windows\System\XjVDRMj.exe
  2⤵
  PID:4148
- C:\Windows\System\jTpcvth.exe
  C:\Windows\System\jTpcvth.exe
  2⤵
  PID:4476
- C:\Windows\System\SqzMwcC.exe
  C:\Windows\System\SqzMwcC.exe
  2⤵
  PID:4224
- C:\Windows\System\SUaYrwD.exe
  C:\Windows\System\SUaYrwD.exe
  2⤵
  PID:4300
- C:\Windows\System\zLPpynI.exe
  C:\Windows\System\zLPpynI.exe
  2⤵
  PID:3420
- C:\Windows\System\sgIFFap.exe
  C:\Windows\System\sgIFFap.exe
  2⤵
  PID:4348
- C:\Windows\System\cfvUdUg.exe
  C:\Windows\System\cfvUdUg.exe
  2⤵
  PID:4424
- C:\Windows\System\EZTghWN.exe
  C:\Windows\System\EZTghWN.exe
  2⤵
  PID:5076
- C:\Windows\System\WKmZaSd.exe
  C:\Windows\System\WKmZaSd.exe
  2⤵
  PID:4460
- C:\Windows\System\lGLYwAq.exe
  C:\Windows\System\lGLYwAq.exe
  2⤵
  PID:3956
- C:\Windows\System\NEvCYyt.exe
  C:\Windows\System\NEvCYyt.exe
  2⤵
  PID:4364
- C:\Windows\System\wcGtOLG.exe
  C:\Windows\System\wcGtOLG.exe
  2⤵
  PID:4504
- C:\Windows\System\xJtdwEG.exe
  C:\Windows\System\xJtdwEG.exe
  2⤵
  PID:4536
- C:\Windows\System\IsgdKns.exe
  C:\Windows\System\IsgdKns.exe
  2⤵
  PID:4380
- C:\Windows\System\LQBfdYt.exe
  C:\Windows\System\LQBfdYt.exe
  2⤵
  PID:4620
- C:\Windows\System\TxpykmL.exe
  C:\Windows\System\TxpykmL.exe
  2⤵
  PID:4492
- C:\Windows\System\uioOVtv.exe
  C:\Windows\System\uioOVtv.exe
  2⤵
  PID:4664
- C:\Windows\System\uSnvTqU.exe
  C:\Windows\System\uSnvTqU.exe
  2⤵
  PID:5132
- C:\Windows\System\IfRzPej.exe
  C:\Windows\System\IfRzPej.exe
  2⤵
  PID:5148
- C:\Windows\System\dTuwwoN.exe
  C:\Windows\System\dTuwwoN.exe
  2⤵
  PID:5168
- C:\Windows\System\GhRetex.exe
  C:\Windows\System\GhRetex.exe
  2⤵
  PID:5184
- C:\Windows\System\HhzFVjZ.exe
  C:\Windows\System\HhzFVjZ.exe
  2⤵
  PID:5204
- C:\Windows\System\lSKoBzf.exe
  C:\Windows\System\lSKoBzf.exe
  2⤵
  PID:5220
- C:\Windows\System\VhnbIHw.exe
  C:\Windows\System\VhnbIHw.exe
  2⤵
  PID:5244
- C:\Windows\System\avnyNHC.exe
  C:\Windows\System\avnyNHC.exe
  2⤵
  PID:5264
- C:\Windows\System\MNVbLgw.exe
  C:\Windows\System\MNVbLgw.exe
  2⤵
  PID:5284
- C:\Windows\System\AzyFkTv.exe
  C:\Windows\System\AzyFkTv.exe
  2⤵
  PID:5312
- C:\Windows\System\BFTpRiR.exe
  C:\Windows\System\BFTpRiR.exe
  2⤵
  PID:5328
- C:\Windows\System\RrKxECX.exe
  C:\Windows\System\RrKxECX.exe
  2⤵
  PID:5348
- C:\Windows\System\ltgXeix.exe
  C:\Windows\System\ltgXeix.exe
  2⤵
  PID:5368
- C:\Windows\System\YUIJgov.exe
  C:\Windows\System\YUIJgov.exe
  2⤵
  PID:5388
- C:\Windows\System\SLbcKJn.exe
  C:\Windows\System\SLbcKJn.exe
  2⤵
  PID:5404
- C:\Windows\System\QWIEtwr.exe
  C:\Windows\System\QWIEtwr.exe
  2⤵
  PID:5420
- C:\Windows\System\UIlCzhQ.exe
  C:\Windows\System\UIlCzhQ.exe
  2⤵
  PID:5444
- C:\Windows\System\uHEXtut.exe
  C:\Windows\System\uHEXtut.exe
  2⤵
  PID:5460
- C:\Windows\System\MbeDPgS.exe
  C:\Windows\System\MbeDPgS.exe
  2⤵
  PID:5480
- C:\Windows\System\UsUofJB.exe
  C:\Windows\System\UsUofJB.exe
  2⤵
  PID:5504
- C:\Windows\System\dbDKyyI.exe
  C:\Windows\System\dbDKyyI.exe
  2⤵
  PID:5520
- C:\Windows\System\XqasWUE.exe
  C:\Windows\System\XqasWUE.exe
  2⤵
  PID:5536
- C:\Windows\System\infWYRa.exe
  C:\Windows\System\infWYRa.exe
  2⤵
  PID:5552
- C:\Windows\System\NGbYvLZ.exe
  C:\Windows\System\NGbYvLZ.exe
  2⤵
  PID:5572
- C:\Windows\System\lioTpwh.exe
  C:\Windows\System\lioTpwh.exe
  2⤵
  PID:5588
- C:\Windows\System\aTfDmHs.exe
  C:\Windows\System\aTfDmHs.exe
  2⤵
  PID:5608
- C:\Windows\System\rWOuGlt.exe
  C:\Windows\System\rWOuGlt.exe
  2⤵
  PID:5624
- C:\Windows\System\lUbhAbE.exe
  C:\Windows\System\lUbhAbE.exe
  2⤵
  PID:5640
- C:\Windows\System\JXJEfzC.exe
  C:\Windows\System\JXJEfzC.exe
  2⤵
  PID:5656
- C:\Windows\System\qvmtBen.exe
  C:\Windows\System\qvmtBen.exe
  2⤵
  PID:5672
- C:\Windows\System\QFrWnwl.exe
  C:\Windows\System\QFrWnwl.exe
  2⤵
  PID:5688
- C:\Windows\System\aZCXQAc.exe
  C:\Windows\System\aZCXQAc.exe
  2⤵
  PID:5704
- C:\Windows\System\ynToKht.exe
  C:\Windows\System\ynToKht.exe
  2⤵
  PID:5720
- C:\Windows\System\tFGvJtZ.exe
  C:\Windows\System\tFGvJtZ.exe
  2⤵
  PID:5736
- C:\Windows\System\yCFtjYk.exe
  C:\Windows\System\yCFtjYk.exe
  2⤵
  PID:5752
- C:\Windows\System\PWzQvrH.exe
  C:\Windows\System\PWzQvrH.exe
  2⤵
  PID:5768
- C:\Windows\System\TdtYdga.exe
  C:\Windows\System\TdtYdga.exe
  2⤵
  PID:5784
- C:\Windows\System\vFCYunm.exe
  C:\Windows\System\vFCYunm.exe
  2⤵
  PID:5800
- C:\Windows\System\ueyAmFj.exe
  C:\Windows\System\ueyAmFj.exe
  2⤵
  PID:5816
- C:\Windows\System\HcuzksO.exe
  C:\Windows\System\HcuzksO.exe
  2⤵
  PID:5832
- C:\Windows\System\FZdpiMM.exe
  C:\Windows\System\FZdpiMM.exe
  2⤵
  PID:5848
- C:\Windows\System\EcsdKtc.exe
  C:\Windows\System\EcsdKtc.exe
  2⤵
  PID:5864
- C:\Windows\System\UrKXVLm.exe
  C:\Windows\System\UrKXVLm.exe
  2⤵
  PID:5880
- C:\Windows\System\buvTpnx.exe
  C:\Windows\System\buvTpnx.exe
  2⤵
  PID:5896
- C:\Windows\System\DttzkGh.exe
  C:\Windows\System\DttzkGh.exe
  2⤵
  PID:5912
- C:\Windows\System\gPfrlxF.exe
  C:\Windows\System\gPfrlxF.exe
  2⤵
  PID:5928
- C:\Windows\System\hIdkDIC.exe
  C:\Windows\System\hIdkDIC.exe
  2⤵
  PID:5944
- C:\Windows\System\CyDEzUg.exe
  C:\Windows\System\CyDEzUg.exe
  2⤵
  PID:5960
- C:\Windows\System\YVjzuVR.exe
  C:\Windows\System\YVjzuVR.exe
  2⤵
  PID:5976
- C:\Windows\System\SzCrRej.exe
  C:\Windows\System\SzCrRej.exe
  2⤵
  PID:5992
- C:\Windows\System\HySELOk.exe
  C:\Windows\System\HySELOk.exe
  2⤵
  PID:6008
- C:\Windows\System\cXzLxwV.exe
  C:\Windows\System\cXzLxwV.exe
  2⤵
  PID:6024
- C:\Windows\System\ROylSBy.exe
  C:\Windows\System\ROylSBy.exe
  2⤵
  PID:6040
- C:\Windows\System\VMUlsVL.exe
  C:\Windows\System\VMUlsVL.exe
  2⤵
  PID:6056
- C:\Windows\System\tbutzlS.exe
  C:\Windows\System\tbutzlS.exe
  2⤵
  PID:6072
- C:\Windows\System\LCXGheH.exe
  C:\Windows\System\LCXGheH.exe
  2⤵
  PID:6088
- C:\Windows\System\JzgFfRj.exe
  C:\Windows\System\JzgFfRj.exe
  2⤵
  PID:6104
- C:\Windows\System\yrWLUrr.exe
  C:\Windows\System\yrWLUrr.exe
  2⤵
  PID:6120
- C:\Windows\System\QrcBhxi.exe
  C:\Windows\System\QrcBhxi.exe
  2⤵
  PID:6136
- C:\Windows\System\rtWwuIT.exe
  C:\Windows\System\rtWwuIT.exe
  2⤵
  PID:4696
- C:\Windows\System\MsmyyfV.exe
  C:\Windows\System\MsmyyfV.exe
  2⤵
  PID:4740
- C:\Windows\System\vRNCHep.exe
  C:\Windows\System\vRNCHep.exe
  2⤵
  PID:5140
- C:\Windows\System\UHzadPx.exe
  C:\Windows\System\UHzadPx.exe
  2⤵
  PID:5180
- C:\Windows\System\mCNmyIA.exe
  C:\Windows\System\mCNmyIA.exe
  2⤵
  PID:4824
- C:\Windows\System\aqnWqmD.exe
  C:\Windows\System\aqnWqmD.exe
  2⤵
  PID:5252
- C:\Windows\System\IAnMhQz.exe
  C:\Windows\System\IAnMhQz.exe
  2⤵
  PID:4260
- C:\Windows\System\JQpGvYl.exe
  C:\Windows\System\JQpGvYl.exe
  2⤵
  PID:4856
- C:\Windows\System\WqfHPrN.exe
  C:\Windows\System\WqfHPrN.exe
  2⤵
  PID:4900
- C:\Windows\System\NIFonNQ.exe
  C:\Windows\System\NIFonNQ.exe
  2⤵
  PID:5308
- C:\Windows\System\oeLTpOj.exe
  C:\Windows\System\oeLTpOj.exe
  2⤵
  PID:5344
- C:\Windows\System\iBIgSuh.exe
  C:\Windows\System\iBIgSuh.exe
  2⤵
  PID:4600
- C:\Windows\System\CLSxvVj.exe
  C:\Windows\System\CLSxvVj.exe
  2⤵
  PID:4636
- C:\Windows\System\gJxlfuF.exe
  C:\Windows\System\gJxlfuF.exe
  2⤵
  PID:4116
- C:\Windows\System\SAgixEb.exe
  C:\Windows\System\SAgixEb.exe
  2⤵
  PID:5412
- C:\Windows\System\MCKdXxD.exe
  C:\Windows\System\MCKdXxD.exe
  2⤵
  PID:4976
- C:\Windows\System\BDsqXFV.exe
  C:\Windows\System\BDsqXFV.exe
  2⤵
  PID:5016
- C:\Windows\System\noUphkf.exe
  C:\Windows\System\noUphkf.exe
  2⤵
  PID:5500
- C:\Windows\System\fntIldW.exe
  C:\Windows\System\fntIldW.exe
  2⤵
  PID:5052
- C:\Windows\System\tCGrWez.exe
  C:\Windows\System\tCGrWez.exe
  2⤵
  PID:5096
- C:\Windows\System\CoOcJsB.exe
  C:\Windows\System\CoOcJsB.exe
  2⤵
  PID:1484
- C:\Windows\System\hoWzsHI.exe
  C:\Windows\System\hoWzsHI.exe
  2⤵
  PID:5600
- C:\Windows\System\MmvExwT.exe
  C:\Windows\System\MmvExwT.exe
  2⤵
  PID:4084
- C:\Windows\System\BidIrba.exe
  C:\Windows\System\BidIrba.exe
  2⤵
  PID:5664
- C:\Windows\System\gAdqijF.exe
  C:\Windows\System\gAdqijF.exe
  2⤵
  PID:4328
- C:\Windows\System\OVHmTWo.exe
  C:\Windows\System\OVHmTWo.exe
  2⤵
  PID:5696
- C:\Windows\System\VouzWfj.exe
  C:\Windows\System\VouzWfj.exe
  2⤵
  PID:5760
- C:\Windows\System\hzxEovn.exe
  C:\Windows\System\hzxEovn.exe
  2⤵
  PID:4556
- C:\Windows\System\WaymbUK.exe
  C:\Windows\System\WaymbUK.exe
  2⤵
  PID:4728
- C:\Windows\System\ImiswFo.exe
  C:\Windows\System\ImiswFo.exe
  2⤵
  PID:4884
- C:\Windows\System\fIYRumy.exe
  C:\Windows\System\fIYRumy.exe
  2⤵
  PID:4996
- C:\Windows\System\RXIxkvr.exe
  C:\Windows\System\RXIxkvr.exe
  2⤵
  PID:3804
- C:\Windows\System\MOASmRN.exe
  C:\Windows\System\MOASmRN.exe
  2⤵
  PID:3888
- C:\Windows\System\HpggWTQ.exe
  C:\Windows\System\HpggWTQ.exe
  2⤵
  PID:3760
- C:\Windows\System\yQAFLQN.exe
  C:\Windows\System\yQAFLQN.exe
  2⤵
  PID:2876
- C:\Windows\System\fbpPDiV.exe
  C:\Windows\System\fbpPDiV.exe
  2⤵
  PID:2960
- C:\Windows\System\kbTjUiG.exe
  C:\Windows\System\kbTjUiG.exe
  2⤵
  PID:5828
- C:\Windows\System\TpvdHEp.exe
  C:\Windows\System\TpvdHEp.exe
  2⤵
  PID:4496
- C:\Windows\System\vgUwyKj.exe
  C:\Windows\System\vgUwyKj.exe
  2⤵
  PID:4580
- C:\Windows\System\WgmnmRr.exe
  C:\Windows\System\WgmnmRr.exe
  2⤵
  PID:3780
- C:\Windows\System\iunBdQg.exe
  C:\Windows\System\iunBdQg.exe
  2⤵
  PID:5128
- C:\Windows\System\ZVJAoQb.exe
  C:\Windows\System\ZVJAoQb.exe
  2⤵
  PID:5196
- C:\Windows\System\jjPhIgm.exe
  C:\Windows\System\jjPhIgm.exe
  2⤵
  PID:5236
- C:\Windows\System\gEzmdLM.exe
  C:\Windows\System\gEzmdLM.exe
  2⤵
  PID:5280
- C:\Windows\System\DkfvTnm.exe
  C:\Windows\System\DkfvTnm.exe
  2⤵
  PID:5360
- C:\Windows\System\NwnziaY.exe
  C:\Windows\System\NwnziaY.exe
  2⤵
  PID:5428
- C:\Windows\System\uetXTEH.exe
  C:\Windows\System\uetXTEH.exe
  2⤵
  PID:5468
- C:\Windows\System\kDRPeqp.exe
  C:\Windows\System\kDRPeqp.exe
  2⤵
  PID:5544
- C:\Windows\System\UnNyWwA.exe
  C:\Windows\System\UnNyWwA.exe
  2⤵
  PID:5584
- C:\Windows\System\fyZcZPo.exe
  C:\Windows\System\fyZcZPo.exe
  2⤵
  PID:5652
- C:\Windows\System\mVeKhim.exe
  C:\Windows\System\mVeKhim.exe
  2⤵
  PID:5716
- C:\Windows\System\LuFcnRp.exe
  C:\Windows\System\LuFcnRp.exe
  2⤵
  PID:5776
- C:\Windows\System\CDCoxjz.exe
  C:\Windows\System\CDCoxjz.exe
  2⤵
  PID:2984
- C:\Windows\System\mjbmRZh.exe
  C:\Windows\System\mjbmRZh.exe
  2⤵
  PID:5892
- C:\Windows\System\hlOwQAP.exe
  C:\Windows\System\hlOwQAP.exe
  2⤵
  PID:5904
- C:\Windows\System\vpbqILo.exe
  C:\Windows\System\vpbqILo.exe
  2⤵
  PID:684
- C:\Windows\System\nLWZsvH.exe
  C:\Windows\System\nLWZsvH.exe
  2⤵
  PID:5984
- C:\Windows\System\GMkWIzm.exe
  C:\Windows\System\GMkWIzm.exe
  2⤵
  PID:6020
- C:\Windows\System\ozkOdTD.exe
  C:\Windows\System\ozkOdTD.exe
  2⤵
  PID:6080
- C:\Windows\System\RRYtNts.exe
  C:\Windows\System\RRYtNts.exe
  2⤵
  PID:6032
- C:\Windows\System\YTQFJNc.exe
  C:\Windows\System\YTQFJNc.exe
  2⤵
  PID:4612
- C:\Windows\System\GabbFat.exe
  C:\Windows\System\GabbFat.exe
  2⤵
  PID:4692
- C:\Windows\System\HUJxJDl.exe
  C:\Windows\System\HUJxJDl.exe
  2⤵
  PID:6128
- C:\Windows\System\QTKjPrx.exe
  C:\Windows\System\QTKjPrx.exe
  2⤵
  PID:2148
- C:\Windows\System\rsKrGiJ.exe
  C:\Windows\System\rsKrGiJ.exe
  2⤵
  PID:4784
- C:\Windows\System\gphtkLI.exe
  C:\Windows\System\gphtkLI.exe
  2⤵
  PID:4748
- C:\Windows\System\aWvKAou.exe
  C:\Windows\System\aWvKAou.exe
  2⤵
  PID:5212
- C:\Windows\System\agXfKGg.exe
  C:\Windows\System\agXfKGg.exe
  2⤵
  PID:4896
- C:\Windows\System\NEHMSqH.exe
  C:\Windows\System\NEHMSqH.exe
  2⤵
  PID:5300
- C:\Windows\System\wGPUZLe.exe
  C:\Windows\System\wGPUZLe.exe
  2⤵
  PID:3788
- C:\Windows\System\TetDJtX.exe
  C:\Windows\System\TetDJtX.exe
  2⤵
  PID:3720
- C:\Windows\System\UTMZYTn.exe
  C:\Windows\System\UTMZYTn.exe
  2⤵
  PID:5456
- C:\Windows\System\TGEoJsB.exe
  C:\Windows\System\TGEoJsB.exe
  2⤵
  PID:5488
- C:\Windows\System\TszlfDw.exe
  C:\Windows\System\TszlfDw.exe
  2⤵
  PID:5532
- C:\Windows\System\EZTeVGw.exe
  C:\Windows\System\EZTeVGw.exe
  2⤵
  PID:1572
- C:\Windows\System\RQYIzSi.exe
  C:\Windows\System\RQYIzSi.exe
  2⤵
  PID:3080
- C:\Windows\System\uDWNqKC.exe
  C:\Windows\System\uDWNqKC.exe
  2⤵
  PID:5632
- C:\Windows\System\WfVEaBj.exe
  C:\Windows\System\WfVEaBj.exe
  2⤵
  PID:3380
- C:\Windows\System\oqnYoUl.exe
  C:\Windows\System\oqnYoUl.exe
  2⤵
  PID:5728
- C:\Windows\System\exRvWjc.exe
  C:\Windows\System\exRvWjc.exe
  2⤵
  PID:5036
- C:\Windows\System\XCxXeQj.exe
  C:\Windows\System\XCxXeQj.exe
  2⤵
  PID:3860
- C:\Windows\System\ZroYFww.exe
  C:\Windows\System\ZroYFww.exe
  2⤵
  PID:4188
- C:\Windows\System\IhRfiPd.exe
  C:\Windows\System\IhRfiPd.exe
  2⤵
  PID:4344
- C:\Windows\System\yLojaLg.exe
  C:\Windows\System\yLojaLg.exe
  2⤵
  PID:3532
- C:\Windows\System\PgdTbvO.exe
  C:\Windows\System\PgdTbvO.exe
  2⤵
  PID:4576
- C:\Windows\System\soOLgvp.exe
  C:\Windows\System\soOLgvp.exe
  2⤵
  PID:4532
- C:\Windows\System\RPToTOQ.exe
  C:\Windows\System\RPToTOQ.exe
  2⤵
  PID:4268
- C:\Windows\System\RJkGtKl.exe
  C:\Windows\System\RJkGtKl.exe
  2⤵
  PID:5396
- C:\Windows\System\BHWoFyV.exe
  C:\Windows\System\BHWoFyV.exe
  2⤵
  PID:5512
- C:\Windows\System\GAYdGGo.exe
  C:\Windows\System\GAYdGGo.exe
  2⤵
  PID:5620
- C:\Windows\System\kphquLv.exe
  C:\Windows\System\kphquLv.exe
  2⤵
  PID:5680
- C:\Windows\System\WGyXHpa.exe
  C:\Windows\System\WGyXHpa.exe
  2⤵
  PID:5748
- C:\Windows\System\ekaTIUK.exe
  C:\Windows\System\ekaTIUK.exe
  2⤵
  PID:5924
- C:\Windows\System\olbhiIs.exe
  C:\Windows\System\olbhiIs.exe
  2⤵
  PID:4256
- C:\Windows\System\whlhsob.exe
  C:\Windows\System\whlhsob.exe
  2⤵
  PID:1956
- C:\Windows\System\PeyKEkL.exe
  C:\Windows\System\PeyKEkL.exe
  2⤵
  PID:2088
- C:\Windows\System\xeXnVRD.exe
  C:\Windows\System\xeXnVRD.exe
  2⤵
  PID:5024
- C:\Windows\System\JtTOnrU.exe
  C:\Windows\System\JtTOnrU.exe
  2⤵
  PID:5596
- C:\Windows\System\DRfpYvt.exe
  C:\Windows\System\DRfpYvt.exe
  2⤵
  PID:968
- C:\Windows\System\RDvbsyS.exe
  C:\Windows\System\RDvbsyS.exe
  2⤵
  PID:4724
- C:\Windows\System\BXRAqQO.exe
  C:\Windows\System\BXRAqQO.exe
  2⤵
  PID:4912
- C:\Windows\System\xmqFLXE.exe
  C:\Windows\System\xmqFLXE.exe
  2⤵
  PID:4172
- C:\Windows\System\IFLusTw.exe
  C:\Windows\System\IFLusTw.exe
  2⤵
  PID:4544
- C:\Windows\System\dnzvIlB.exe
  C:\Windows\System\dnzvIlB.exe
  2⤵
  PID:5580
- C:\Windows\System\NORiDrn.exe
  C:\Windows\System\NORiDrn.exe
  2⤵
  PID:5356
- C:\Windows\System\WNqyEDv.exe
  C:\Windows\System\WNqyEDv.exe
  2⤵
  PID:5324
- C:\Windows\System\EMyTlfM.exe
  C:\Windows\System\EMyTlfM.exe
  2⤵
  PID:5872
- C:\Windows\System\QFytsGq.exe
  C:\Windows\System\QFytsGq.exe
  2⤵
  PID:5940
- C:\Windows\System\HFNNoNE.exe
  C:\Windows\System\HFNNoNE.exe
  2⤵
  PID:6084
- C:\Windows\System\VGrCVVY.exe
  C:\Windows\System\VGrCVVY.exe
  2⤵
  PID:6068
- C:\Windows\System\DwuOHVQ.exe
  C:\Windows\System\DwuOHVQ.exe
  2⤵
  PID:4616
- C:\Windows\System\oQNEAvr.exe
  C:\Windows\System\oQNEAvr.exe
  2⤵
  PID:2708
- C:\Windows\System\mDZhHKr.exe
  C:\Windows\System\mDZhHKr.exe
  2⤵
  PID:3256
- C:\Windows\System\WgRqwbP.exe
  C:\Windows\System\WgRqwbP.exe
  2⤵
  PID:5796
- C:\Windows\System\JmkhiNQ.exe
  C:\Windows\System\JmkhiNQ.exe
  2⤵
  PID:5232
- C:\Windows\System\nUcMSIs.exe
  C:\Windows\System\nUcMSIs.exe
  2⤵
  PID:3060
- C:\Windows\System\xBVmqKx.exe
  C:\Windows\System\xBVmqKx.exe
  2⤵
  PID:2316
- C:\Windows\System\qsyIbrC.exe
  C:\Windows\System\qsyIbrC.exe
  2⤵
  PID:4800
- C:\Windows\System\sIyvhll.exe
  C:\Windows\System\sIyvhll.exe
  2⤵
  PID:6236
- C:\Windows\System\niAGLfe.exe
  C:\Windows\System\niAGLfe.exe
  2⤵
  PID:6296
- C:\Windows\System\XhATDyG.exe
  C:\Windows\System\XhATDyG.exe
  2⤵
  PID:6316
- C:\Windows\System\GoHOIQJ.exe
  C:\Windows\System\GoHOIQJ.exe
  2⤵
  PID:6332
- C:\Windows\System\IqGMziT.exe
  C:\Windows\System\IqGMziT.exe
  2⤵
  PID:6348
- C:\Windows\System\eicCGPz.exe
  C:\Windows\System\eicCGPz.exe
  2⤵
  PID:6364
- C:\Windows\System\gOSfrjb.exe
  C:\Windows\System\gOSfrjb.exe
  2⤵
  PID:6380
- C:\Windows\System\CFuwvJz.exe
  C:\Windows\System\CFuwvJz.exe
  2⤵
  PID:6396
- C:\Windows\System\AWAGcbx.exe
  C:\Windows\System\AWAGcbx.exe
  2⤵
  PID:6412
- C:\Windows\System\sUljBrH.exe
  C:\Windows\System\sUljBrH.exe
  2⤵
  PID:6428
- C:\Windows\System\hiRKHsb.exe
  C:\Windows\System\hiRKHsb.exe
  2⤵
  PID:6444
- C:\Windows\System\fPpmDyW.exe
  C:\Windows\System\fPpmDyW.exe
  2⤵
  PID:6460
- C:\Windows\System\NnUmdcw.exe
  C:\Windows\System\NnUmdcw.exe
  2⤵
  PID:6476
- C:\Windows\System\uEpAmiY.exe
  C:\Windows\System\uEpAmiY.exe
  2⤵
  PID:6492
- C:\Windows\System\MiZxqgt.exe
  C:\Windows\System\MiZxqgt.exe
  2⤵
  PID:6508
- C:\Windows\System\bdNzjdq.exe
  C:\Windows\System\bdNzjdq.exe
  2⤵
  PID:6524
- C:\Windows\System\NilgmcF.exe
  C:\Windows\System\NilgmcF.exe
  2⤵
  PID:6540
- C:\Windows\System\HaPaudg.exe
  C:\Windows\System\HaPaudg.exe
  2⤵
  PID:6556
- C:\Windows\System\aGfmrLK.exe
  C:\Windows\System\aGfmrLK.exe
  2⤵
  PID:6572
- C:\Windows\System\YRqQcMM.exe
  C:\Windows\System\YRqQcMM.exe
  2⤵
  PID:6588
- C:\Windows\System\KbmmFPx.exe
  C:\Windows\System\KbmmFPx.exe
  2⤵
  PID:6604
- C:\Windows\System\qnrhUwc.exe
  C:\Windows\System\qnrhUwc.exe
  2⤵
  PID:6620
- C:\Windows\System\JZOcvxM.exe
  C:\Windows\System\JZOcvxM.exe
  2⤵
  PID:6636
- C:\Windows\System\CdDidZu.exe
  C:\Windows\System\CdDidZu.exe
  2⤵
  PID:6652
- C:\Windows\System\ptbEYPp.exe
  C:\Windows\System\ptbEYPp.exe
  2⤵
  PID:6668
- C:\Windows\System\vUJsvIn.exe
  C:\Windows\System\vUJsvIn.exe
  2⤵
  PID:6684
- C:\Windows\System\WAMYwxO.exe
  C:\Windows\System\WAMYwxO.exe
  2⤵
  PID:6700
- C:\Windows\System\ifROioA.exe
  C:\Windows\System\ifROioA.exe
  2⤵
  PID:6716
- C:\Windows\System\SuUqiSN.exe
  C:\Windows\System\SuUqiSN.exe
  2⤵
  PID:6732
- C:\Windows\System\NgkHNyC.exe
  C:\Windows\System\NgkHNyC.exe
  2⤵
  PID:6748
- C:\Windows\System\owJgCZt.exe
  C:\Windows\System\owJgCZt.exe
  2⤵
  PID:6764
- C:\Windows\System\FWpQwzi.exe
  C:\Windows\System\FWpQwzi.exe
  2⤵
  PID:6788
- C:\Windows\System\lYLSniE.exe
  C:\Windows\System\lYLSniE.exe
  2⤵
  PID:6804
- C:\Windows\System\FKkrtTm.exe
  C:\Windows\System\FKkrtTm.exe
  2⤵
  PID:6824
- C:\Windows\System\gVlCMHa.exe
  C:\Windows\System\gVlCMHa.exe
  2⤵
  PID:6840
- C:\Windows\System\alxtKBG.exe
  C:\Windows\System\alxtKBG.exe
  2⤵
  PID:6856
- C:\Windows\System\dxOWhlc.exe
  C:\Windows\System\dxOWhlc.exe
  2⤵
  PID:6876
- C:\Windows\System\koJNeRx.exe
  C:\Windows\System\koJNeRx.exe
  2⤵
  PID:6892
- C:\Windows\System\qLWtCYg.exe
  C:\Windows\System\qLWtCYg.exe
  2⤵
  PID:6912
- C:\Windows\System\irPnsPF.exe
  C:\Windows\System\irPnsPF.exe
  2⤵
  PID:6928
- C:\Windows\System\ckfrsYe.exe
  C:\Windows\System\ckfrsYe.exe
  2⤵
  PID:6944
- C:\Windows\System\cGxdyMe.exe
  C:\Windows\System\cGxdyMe.exe
  2⤵
  PID:6964
- C:\Windows\System\gCxonKl.exe
  C:\Windows\System\gCxonKl.exe
  2⤵
  PID:6980
- C:\Windows\System\WmziRNw.exe
  C:\Windows\System\WmziRNw.exe
  2⤵
  PID:7044
- C:\Windows\System\Jkiydcp.exe
  C:\Windows\System\Jkiydcp.exe
  2⤵
  PID:7060
- C:\Windows\System\MLOwYiQ.exe
  C:\Windows\System\MLOwYiQ.exe
  2⤵
  PID:7076
- C:\Windows\System\GEUTaNR.exe
  C:\Windows\System\GEUTaNR.exe
  2⤵
  PID:7092
- C:\Windows\System\BTXqjAZ.exe
  C:\Windows\System\BTXqjAZ.exe
  2⤵
  PID:7108
- C:\Windows\System\AbDelqb.exe
  C:\Windows\System\AbDelqb.exe
  2⤵
  PID:7128
- C:\Windows\System\sDhqXhp.exe
  C:\Windows\System\sDhqXhp.exe
  2⤵
  PID:7144
- C:\Windows\System\zZiTpmC.exe
  C:\Windows\System\zZiTpmC.exe
  2⤵
  PID:7160
- C:\Windows\System\jvLOiqm.exe
  C:\Windows\System\jvLOiqm.exe
  2⤵
  PID:6112
- C:\Windows\System\SvosPDh.exe
  C:\Windows\System\SvosPDh.exe
  2⤵
  PID:6052
- C:\Windows\System\etUDTqM.exe
  C:\Windows\System\etUDTqM.exe
  2⤵
  PID:896
- C:\Windows\System\yPocyfa.exe
  C:\Windows\System\yPocyfa.exe
  2⤵
  PID:2996
- C:\Windows\System\QHTNveV.exe
  C:\Windows\System\QHTNveV.exe
  2⤵
  PID:1884
- C:\Windows\System\RcoPcFk.exe
  C:\Windows\System\RcoPcFk.exe
  2⤵
  PID:2856
- C:\Windows\System\jqpHsQU.exe
  C:\Windows\System\jqpHsQU.exe
  2⤵
  PID:776
- C:\Windows\System\KvgsDBG.exe
  C:\Windows\System\KvgsDBG.exe
  2⤵
  PID:3432
- C:\Windows\System\tXLvASE.exe
  C:\Windows\System\tXLvASE.exe
  2⤵
  PID:4716
- C:\Windows\System\yLwYiwa.exe
  C:\Windows\System\yLwYiwa.exe
  2⤵
  PID:5160
- C:\Windows\System\IoRgdzs.exe
  C:\Windows\System\IoRgdzs.exe
  2⤵
  PID:6152
- C:\Windows\System\sZligPO.exe
  C:\Windows\System\sZligPO.exe
  2⤵
  PID:6168
- C:\Windows\System\rdYThSc.exe
  C:\Windows\System\rdYThSc.exe
  2⤵
  PID:6180
- C:\Windows\System\ykTMYZm.exe
  C:\Windows\System\ykTMYZm.exe
  2⤵
  PID:6200
- C:\Windows\System\XXOUXWa.exe
  C:\Windows\System\XXOUXWa.exe
  2⤵
  PID:6220
- C:\Windows\System\NzQeFjq.exe
  C:\Windows\System\NzQeFjq.exe
  2⤵
  PID:6244
- C:\Windows\System\ihLAlwT.exe
  C:\Windows\System\ihLAlwT.exe
  2⤵
  PID:6260
- C:\Windows\System\CXORcSU.exe
  C:\Windows\System\CXORcSU.exe
  2⤵
  PID:6280
- C:\Windows\System\BOCSmJq.exe
  C:\Windows\System\BOCSmJq.exe
  2⤵
  PID:6288
- C:\Windows\System\ExBKyIR.exe
  C:\Windows\System\ExBKyIR.exe
  2⤵
  PID:6304
- C:\Windows\System\PjHWgde.exe
  C:\Windows\System\PjHWgde.exe
  2⤵
  PID:6328
- C:\Windows\System\wdsFgRv.exe
  C:\Windows\System\wdsFgRv.exe
  2⤵
  PID:6344
- C:\Windows\System\sWoVmOr.exe
  C:\Windows\System\sWoVmOr.exe
  2⤵
  PID:6392
- C:\Windows\System\FHbNzsC.exe
  C:\Windows\System\FHbNzsC.exe
  2⤵
  PID:6408
- C:\Windows\System\SiOJQgG.exe
  C:\Windows\System\SiOJQgG.exe
  2⤵
  PID:6440
- C:\Windows\System\nyMbqlj.exe
  C:\Windows\System\nyMbqlj.exe
  2⤵
  PID:6484
- C:\Windows\System\QvSZqGI.exe
  C:\Windows\System\QvSZqGI.exe
  2⤵
  PID:6516
- C:\Windows\System\PdJjFIZ.exe
  C:\Windows\System\PdJjFIZ.exe
  2⤵
  PID:6548
- C:\Windows\System\cbZmhMP.exe
  C:\Windows\System\cbZmhMP.exe
  2⤵
  PID:6564
- C:\Windows\System\IeJIBrW.exe
  C:\Windows\System\IeJIBrW.exe
  2⤵
  PID:6584
- C:\Windows\System\mrACaGX.exe
  C:\Windows\System\mrACaGX.exe
  2⤵
  PID:6600
- C:\Windows\System\awxLAfg.exe
  C:\Windows\System\awxLAfg.exe
  2⤵
  PID:6724
- C:\Windows\System\hLSNvYS.exe
  C:\Windows\System\hLSNvYS.exe
  2⤵
  PID:6760
- C:\Windows\System\tdYNASU.exe
  C:\Windows\System\tdYNASU.exe
  2⤵
  PID:6744
- C:\Windows\System\kFwxhby.exe
  C:\Windows\System\kFwxhby.exe
  2⤵
  PID:6776
- C:\Windows\System\AIzlysR.exe
  C:\Windows\System\AIzlysR.exe
  2⤵
  PID:6816
- C:\Windows\System\XhndcaZ.exe
  C:\Windows\System\XhndcaZ.exe
  2⤵
  PID:6884
- C:\Windows\System\OGrruxl.exe
  C:\Windows\System\OGrruxl.exe
  2⤵
  PID:6868
- C:\Windows\System\NlCXCgx.exe
  C:\Windows\System\NlCXCgx.exe
  2⤵
  PID:6960
- C:\Windows\System\zhSRqPO.exe
  C:\Windows\System\zhSRqPO.exe
  2⤵
  PID:6972
- C:\Windows\System\fRbuyDS.exe
  C:\Windows\System\fRbuyDS.exe
  2⤵
  PID:6992
- C:\Windows\System\aKuOJHy.exe
  C:\Windows\System\aKuOJHy.exe
  2⤵
  PID:7016
- C:\Windows\System\dQTvEOw.exe
  C:\Windows\System\dQTvEOw.exe
  2⤵
  PID:7028
- C:\Windows\System\FetnXan.exe
  C:\Windows\System\FetnXan.exe
  2⤵
  PID:7040
- C:\Windows\System\DkuJwVQ.exe
  C:\Windows\System\DkuJwVQ.exe
  2⤵
  PID:7072
- C:\Windows\System\aPJCMSy.exe
  C:\Windows\System\aPJCMSy.exe
  2⤵
  PID:7140
- C:\Windows\System\NwkayoW.exe
  C:\Windows\System\NwkayoW.exe
  2⤵
  PID:7124
- C:\Windows\System\ByndykI.exe
  C:\Windows\System\ByndykI.exe
  2⤵
  PID:6116
- C:\Windows\System\iWrAJzH.exe
  C:\Windows\System\iWrAJzH.exe
  2⤵
  PID:6096
- C:\Windows\System\kMCpYYp.exe
  C:\Windows\System\kMCpYYp.exe
  2⤵
  PID:5384
- C:\Windows\System\TGXQsKQ.exe
  C:\Windows\System\TGXQsKQ.exe
  2⤵
  PID:4764
- C:\Windows\System\GHLlPzG.exe
  C:\Windows\System\GHLlPzG.exe
  2⤵
  PID:5228
- C:\Windows\System\CMhJRLq.exe
  C:\Windows\System\CMhJRLq.exe
  2⤵
  PID:6208
- C:\Windows\System\kLljpwk.exe
  C:\Windows\System\kLljpwk.exe
  2⤵
  PID:6228
- C:\Windows\System\qrxuRHn.exe
  C:\Windows\System\qrxuRHn.exe
  2⤵
  PID:6252
- C:\Windows\System\QFqJRVA.exe
  C:\Windows\System\QFqJRVA.exe
  2⤵
  PID:6276
- C:\Windows\System\fowAUnx.exe
  C:\Windows\System\fowAUnx.exe
  2⤵
  PID:6360
- C:\Windows\System\CfjWCdB.exe
  C:\Windows\System\CfjWCdB.exe
  2⤵
  PID:304
- C:\Windows\System\UpddMzX.exe
  C:\Windows\System\UpddMzX.exe
  2⤵
  PID:6420
- C:\Windows\System\HOHgDNf.exe
  C:\Windows\System\HOHgDNf.exe
  2⤵
  PID:6452
- C:\Windows\System\TaXbXKu.exe
  C:\Windows\System\TaXbXKu.exe
  2⤵
  PID:6520
- C:\Windows\System\kCHBKgR.exe
  C:\Windows\System\kCHBKgR.exe
  2⤵
  PID:6596
- C:\Windows\System\eRwzbjv.exe
  C:\Windows\System\eRwzbjv.exe
  2⤵
  PID:2668
- C:\Windows\System\qbpZubG.exe
  C:\Windows\System\qbpZubG.exe
  2⤵
  PID:6676
- C:\Windows\System\ESSBKQc.exe
  C:\Windows\System\ESSBKQc.exe
  2⤵
  PID:6728
- C:\Windows\System\qOpyPQo.exe
  C:\Windows\System\qOpyPQo.exe
  2⤵
  PID:6848
- C:\Windows\System\ddBiarm.exe
  C:\Windows\System\ddBiarm.exe
  2⤵
  PID:6832
- C:\Windows\System\sHLOFrd.exe
  C:\Windows\System\sHLOFrd.exe
  2⤵
  PID:6872
- C:\Windows\System\oXBPacS.exe
  C:\Windows\System\oXBPacS.exe
  2⤵
  PID:7000
- C:\Windows\System\JhzrCdz.exe
  C:\Windows\System\JhzrCdz.exe
  2⤵
  PID:6708
- C:\Windows\System\LVupeUv.exe
  C:\Windows\System\LVupeUv.exe
  2⤵
  PID:6920
- C:\Windows\System\IeBvyWy.exe
  C:\Windows\System\IeBvyWy.exe
  2⤵
  PID:7104
- C:\Windows\System\wfZGOJH.exe
  C:\Windows\System\wfZGOJH.exe
  2⤵
  PID:7136
- C:\Windows\System\dqqXJhl.exe
  C:\Windows\System\dqqXJhl.exe
  2⤵
  PID:2080
- C:\Windows\System\nvWEkIF.exe
  C:\Windows\System\nvWEkIF.exe
  2⤵
  PID:7068
- C:\Windows\System\SRhQjoe.exe
  C:\Windows\System\SRhQjoe.exe
  2⤵
  PID:7116
- C:\Windows\System\CAlemWa.exe
  C:\Windows\System\CAlemWa.exe
  2⤵
  PID:5492
- C:\Windows\System\YWQnotC.exe
  C:\Windows\System\YWQnotC.exe
  2⤵
  PID:6184
- C:\Windows\System\CmRcFZm.exe
  C:\Windows\System\CmRcFZm.exe
  2⤵
  PID:6224
- C:\Windows\System\hELUzBO.exe
  C:\Windows\System\hELUzBO.exe
  2⤵
  PID:6312
- C:\Windows\System\NvXHwwr.exe
  C:\Windows\System\NvXHwwr.exe
  2⤵
  PID:6376
- C:\Windows\System\ygiLRnm.exe
  C:\Windows\System\ygiLRnm.exe
  2⤵
  PID:1496
- C:\Windows\System\atfzLlW.exe
  C:\Windows\System\atfzLlW.exe
  2⤵
  PID:6568
- C:\Windows\System\wawnLki.exe
  C:\Windows\System\wawnLki.exe
  2⤵
  PID:6632
- C:\Windows\System\VQywiyJ.exe
  C:\Windows\System\VQywiyJ.exe
  2⤵
  PID:1936
- C:\Windows\System\AWdrGGp.exe
  C:\Windows\System\AWdrGGp.exe
  2⤵
  PID:6864
- C:\Windows\System\DKkpUFm.exe
  C:\Windows\System\DKkpUFm.exe
  2⤵
  PID:5060
- C:\Windows\System\iUzhKJJ.exe
  C:\Windows\System\iUzhKJJ.exe
  2⤵
  PID:6148
- C:\Windows\System\xDXTWVh.exe
  C:\Windows\System\xDXTWVh.exe
  2⤵
  PID:1620
- C:\Windows\System\WsSHrMd.exe
  C:\Windows\System\WsSHrMd.exe
  2⤵
  PID:1916
- C:\Windows\System\gtGeNgF.exe
  C:\Windows\System\gtGeNgF.exe
  2⤵
  PID:6900
- C:\Windows\System\xekPlvg.exe
  C:\Windows\System\xekPlvg.exe
  2⤵
  PID:2704
- C:\Windows\System\OIcBmVZ.exe
  C:\Windows\System\OIcBmVZ.exe
  2⤵
  PID:6952
- C:\Windows\System\KopetxB.exe
  C:\Windows\System\KopetxB.exe
  2⤵
  PID:6644
- C:\Windows\System\YxNQPut.exe
  C:\Windows\System\YxNQPut.exe
  2⤵
  PID:7024
- C:\Windows\System\AyeBpwa.exe
  C:\Windows\System\AyeBpwa.exe
  2⤵
  PID:2600
- C:\Windows\System\RjSpnov.exe
  C:\Windows\System\RjSpnov.exe
  2⤵
  PID:2812
- C:\Windows\System\qhrVmha.exe
  C:\Windows\System\qhrVmha.exe
  2⤵
  PID:2452
- C:\Windows\System\EaAidzR.exe
  C:\Windows\System\EaAidzR.exe
  2⤵
  PID:1928
- C:\Windows\System\fgowrvQ.exe
  C:\Windows\System\fgowrvQ.exe
  2⤵
  PID:6552
- C:\Windows\System\alPkqoQ.exe
  C:\Windows\System\alPkqoQ.exe
  2⤵
  PID:1704
- C:\Windows\System\nDAIlGe.exe
  C:\Windows\System\nDAIlGe.exe
  2⤵
  PID:7088
- C:\Windows\System\NzzXOPp.exe
  C:\Windows\System\NzzXOPp.exe
  2⤵
  PID:6812
- C:\Windows\System\ddHLYef.exe
  C:\Windows\System\ddHLYef.exe
  2⤵
  PID:5876
- C:\Windows\System\AEZEOAj.exe
  C:\Windows\System\AEZEOAj.exe
  2⤵
  PID:7052
- C:\Windows\System\jJatRwP.exe
  C:\Windows\System\jJatRwP.exe
  2⤵
  PID:1776
- C:\Windows\System\TftzqgT.exe
  C:\Windows\System\TftzqgT.exe
  2⤵
  PID:2852
- C:\Windows\System\VFWUhCk.exe
  C:\Windows\System\VFWUhCk.exe
  2⤵
  PID:1480
- C:\Windows\System\nVCCzby.exe
  C:\Windows\System\nVCCzby.exe
  2⤵
  PID:2244
- C:\Windows\System\CTiZrJL.exe
  C:\Windows\System\CTiZrJL.exe
  2⤵
  PID:7008
- C:\Windows\System\kvhwJEV.exe
  C:\Windows\System\kvhwJEV.exe
  2⤵
  PID:6272
- C:\Windows\System\rbDUMOi.exe
  C:\Windows\System\rbDUMOi.exe
  2⤵
  PID:1644
- C:\Windows\System\BhiJgsm.exe
  C:\Windows\System\BhiJgsm.exe
  2⤵
  PID:6388
- C:\Windows\System\ISJxCkX.exe
  C:\Windows\System\ISJxCkX.exe
  2⤵
  PID:7172
- C:\Windows\System\kbIXiYM.exe
  C:\Windows\System\kbIXiYM.exe
  2⤵
  PID:7188
- C:\Windows\System\SVpIJtF.exe
  C:\Windows\System\SVpIJtF.exe
  2⤵
  PID:7204
- C:\Windows\System\gdOuelA.exe
  C:\Windows\System\gdOuelA.exe
  2⤵
  PID:7220
- C:\Windows\System\fAspIzp.exe
  C:\Windows\System\fAspIzp.exe
  2⤵
  PID:7236
- C:\Windows\System\mZldmRQ.exe
  C:\Windows\System\mZldmRQ.exe
  2⤵
  PID:7252
- C:\Windows\System\ePBDSAo.exe
  C:\Windows\System\ePBDSAo.exe
  2⤵
  PID:7268
- C:\Windows\System\gLZxSDu.exe
  C:\Windows\System\gLZxSDu.exe
  2⤵
  PID:7284
- C:\Windows\System\blnGSwH.exe
  C:\Windows\System\blnGSwH.exe
  2⤵
  PID:7300
- C:\Windows\System\ODeWTWC.exe
  C:\Windows\System\ODeWTWC.exe
  2⤵
  PID:7316
- C:\Windows\System\fdrUagk.exe
  C:\Windows\System\fdrUagk.exe
  2⤵
  PID:7336
- C:\Windows\System\KhFgCFo.exe
  C:\Windows\System\KhFgCFo.exe
  2⤵
  PID:7352
- C:\Windows\System\QWomBma.exe
  C:\Windows\System\QWomBma.exe
  2⤵
  PID:7368
- C:\Windows\System\EfPZqhh.exe
  C:\Windows\System\EfPZqhh.exe
  2⤵
  PID:7384
- C:\Windows\System\TkXiScz.exe
  C:\Windows\System\TkXiScz.exe
  2⤵
  PID:7400
- C:\Windows\System\ACEpvQA.exe
  C:\Windows\System\ACEpvQA.exe
  2⤵
  PID:7416
- C:\Windows\System\MMUHISn.exe
  C:\Windows\System\MMUHISn.exe
  2⤵
  PID:7432
- C:\Windows\System\lPQFkFC.exe
  C:\Windows\System\lPQFkFC.exe
  2⤵
  PID:7448
- C:\Windows\System\TrHOvvM.exe
  C:\Windows\System\TrHOvvM.exe
  2⤵
  PID:7464
- C:\Windows\System\OGdKQfM.exe
  C:\Windows\System\OGdKQfM.exe
  2⤵
  PID:7480
- C:\Windows\System\SnuVnwQ.exe
  C:\Windows\System\SnuVnwQ.exe
  2⤵
  PID:7496
- C:\Windows\System\pNExRbp.exe
  C:\Windows\System\pNExRbp.exe
  2⤵
  PID:7512
- C:\Windows\System\HXtXOrb.exe
  C:\Windows\System\HXtXOrb.exe
  2⤵
  PID:7528
- C:\Windows\System\zEjTiSJ.exe
  C:\Windows\System\zEjTiSJ.exe
  2⤵
  PID:7544
- C:\Windows\System\ZxMzITg.exe
  C:\Windows\System\ZxMzITg.exe
  2⤵
  PID:7560
- C:\Windows\System\YKUEOqu.exe
  C:\Windows\System\YKUEOqu.exe
  2⤵
  PID:7576
- C:\Windows\System\AKawckU.exe
  C:\Windows\System\AKawckU.exe
  2⤵
  PID:7592
- C:\Windows\System\LqYdncl.exe
  C:\Windows\System\LqYdncl.exe
  2⤵
  PID:7608
- C:\Windows\System\aAmsBbc.exe
  C:\Windows\System\aAmsBbc.exe
  2⤵
  PID:7624
- C:\Windows\System\JJhuNiY.exe
  C:\Windows\System\JJhuNiY.exe
  2⤵
  PID:7640
- C:\Windows\System\isNbsMm.exe
  C:\Windows\System\isNbsMm.exe
  2⤵
  PID:7656
- C:\Windows\System\QDkZVmV.exe
  C:\Windows\System\QDkZVmV.exe
  2⤵
  PID:7672
- C:\Windows\System\DkUUhlg.exe
  C:\Windows\System\DkUUhlg.exe
  2⤵
  PID:7688
- C:\Windows\System\Ejjkzdn.exe
  C:\Windows\System\Ejjkzdn.exe
  2⤵
  PID:7704
- C:\Windows\System\XAILWQh.exe
  C:\Windows\System\XAILWQh.exe
  2⤵
  PID:7720
- C:\Windows\System\FYQRigy.exe
  C:\Windows\System\FYQRigy.exe
  2⤵
  PID:7736
- C:\Windows\System\zLeGmrg.exe
  C:\Windows\System\zLeGmrg.exe
  2⤵
  PID:7752
- C:\Windows\System\xylrLSg.exe
  C:\Windows\System\xylrLSg.exe
  2⤵
  PID:7768
- C:\Windows\System\wTlMRup.exe
  C:\Windows\System\wTlMRup.exe
  2⤵
  PID:7784
- C:\Windows\System\HYAuWxT.exe
  C:\Windows\System\HYAuWxT.exe
  2⤵
  PID:7800
- C:\Windows\System\amHMXjF.exe
  C:\Windows\System\amHMXjF.exe
  2⤵
  PID:7816
- C:\Windows\System\dbNPlPS.exe
  C:\Windows\System\dbNPlPS.exe
  2⤵
  PID:7832
- C:\Windows\System\fQcSySK.exe
  C:\Windows\System\fQcSySK.exe
  2⤵
  PID:7848
- C:\Windows\System\ucSUrSj.exe
  C:\Windows\System\ucSUrSj.exe
  2⤵
  PID:7864
- C:\Windows\System\buTBjPv.exe
  C:\Windows\System\buTBjPv.exe
  2⤵
  PID:7880
- C:\Windows\System\akuDOBC.exe
  C:\Windows\System\akuDOBC.exe
  2⤵
  PID:7896
- C:\Windows\System\XDBKVCp.exe
  C:\Windows\System\XDBKVCp.exe
  2⤵
  PID:7912
- C:\Windows\System\lzjGJiG.exe
  C:\Windows\System\lzjGJiG.exe
  2⤵
  PID:7928
- C:\Windows\System\ZlSVRii.exe
  C:\Windows\System\ZlSVRii.exe
  2⤵
  PID:7964
- C:\Windows\System\VamPxPB.exe
  C:\Windows\System\VamPxPB.exe
  2⤵
  PID:8004
- C:\Windows\System\pVbpBEK.exe
  C:\Windows\System\pVbpBEK.exe
  2⤵
  PID:8024
- C:\Windows\System\jEUjLTx.exe
  C:\Windows\System\jEUjLTx.exe
  2⤵
  PID:8040
- C:\Windows\System\fWiOiuD.exe
  C:\Windows\System\fWiOiuD.exe
  2⤵
  PID:8060
- C:\Windows\System\aVJmRKV.exe
  C:\Windows\System\aVJmRKV.exe
  2⤵
  PID:8080
- C:\Windows\System\pYycxiM.exe
  C:\Windows\System\pYycxiM.exe
  2⤵
  PID:8096
- C:\Windows\System\gEQMBtO.exe
  C:\Windows\System\gEQMBtO.exe
  2⤵
  PID:8116
- C:\Windows\System\mzoJMns.exe
  C:\Windows\System\mzoJMns.exe
  2⤵
  PID:8132
- C:\Windows\System\CZRrESn.exe
  C:\Windows\System\CZRrESn.exe
  2⤵
  PID:8156
- C:\Windows\System\FJbjNuk.exe
  C:\Windows\System\FJbjNuk.exe
  2⤵
  PID:8176
- C:\Windows\System\pRojSnx.exe
  C:\Windows\System\pRojSnx.exe
  2⤵
  PID:6436
- C:\Windows\System\Noxhrjz.exe
  C:\Windows\System\Noxhrjz.exe
  2⤵
  PID:7228
- C:\Windows\System\CQjDaPK.exe
  C:\Windows\System\CQjDaPK.exe
  2⤵
  PID:7216
- C:\Windows\System\fKCGleV.exe
  C:\Windows\System\fKCGleV.exe
  2⤵
  PID:7264
- C:\Windows\System\INdEmIk.exe
  C:\Windows\System\INdEmIk.exe
  2⤵
  PID:7212
- C:\Windows\System\SMKRBtO.exe
  C:\Windows\System\SMKRBtO.exe
  2⤵
  PID:7276
- C:\Windows\System\HujKQYh.exe
  C:\Windows\System\HujKQYh.exe
  2⤵
  PID:7332
- C:\Windows\System\VDbJUCQ.exe
  C:\Windows\System\VDbJUCQ.exe
  2⤵
  PID:7344
- C:\Windows\System\ShqQbXm.exe
  C:\Windows\System\ShqQbXm.exe
  2⤵
  PID:7392
- C:\Windows\System\nOYtkxM.exe
  C:\Windows\System\nOYtkxM.exe
  2⤵
  PID:2312
- C:\Windows\System\voPjkKK.exe
  C:\Windows\System\voPjkKK.exe
  2⤵
  PID:7460
- C:\Windows\System\NoTsrYU.exe
  C:\Windows\System\NoTsrYU.exe
  2⤵
  PID:7524
- C:\Windows\System\oznTQHd.exe
  C:\Windows\System\oznTQHd.exe
  2⤵
  PID:7504
- C:\Windows\System\TGhjeoB.exe
  C:\Windows\System\TGhjeoB.exe
  2⤵
  PID:7536
- C:\Windows\System\qwaLmFV.exe
  C:\Windows\System\qwaLmFV.exe
  2⤵
  PID:7444
- C:\Windows\System\GasSmqr.exe
  C:\Windows\System\GasSmqr.exe
  2⤵
  PID:7620
- C:\Windows\System\DXyRptq.exe
  C:\Windows\System\DXyRptq.exe
  2⤵
  PID:7604
- C:\Windows\System\DYtZWrV.exe
  C:\Windows\System\DYtZWrV.exe
  2⤵
  PID:7652
- C:\Windows\System\anzammE.exe
  C:\Windows\System\anzammE.exe
  2⤵
  PID:7664
- C:\Windows\System\NtQoqHA.exe
  C:\Windows\System\NtQoqHA.exe
  2⤵
  PID:7700
- C:\Windows\System\wHYUOgW.exe
  C:\Windows\System\wHYUOgW.exe
  2⤵
  PID:7748
- C:\Windows\System\fGylAdv.exe
  C:\Windows\System\fGylAdv.exe
  2⤵
  PID:7764
- C:\Windows\System\wBmQBpK.exe
  C:\Windows\System\wBmQBpK.exe
  2⤵
  PID:7792
- C:\Windows\System\FFbVVul.exe
  C:\Windows\System\FFbVVul.exe
  2⤵
  PID:7872
- C:\Windows\System\VBkhdXv.exe
  C:\Windows\System\VBkhdXv.exe
  2⤵
  PID:7824
- C:\Windows\System\ueqdFSM.exe
  C:\Windows\System\ueqdFSM.exe
  2⤵
  PID:7892
- C:\Windows\System\EziTGlJ.exe
  C:\Windows\System\EziTGlJ.exe
  2⤵
  PID:7924
- C:\Windows\System\QUYWRip.exe
  C:\Windows\System\QUYWRip.exe
  2⤵
  PID:7940
- C:\Windows\System\hDyqPzi.exe
  C:\Windows\System\hDyqPzi.exe
  2⤵
  PID:7440
- C:\Windows\System\DTcGrrY.exe
  C:\Windows\System\DTcGrrY.exe
  2⤵
  PID:7996
- C:\Windows\System\yomMYtM.exe
  C:\Windows\System\yomMYtM.exe
  2⤵
  PID:8000
- C:\Windows\System\KdwqXrc.exe
  C:\Windows\System\KdwqXrc.exe
  2⤵
  PID:8068
- C:\Windows\System\REKFcCI.exe
  C:\Windows\System\REKFcCI.exe
  2⤵
  PID:7696
- C:\Windows\System\vYhHpxR.exe
  C:\Windows\System\vYhHpxR.exe
  2⤵
  PID:7744
- C:\Windows\System\gOdOaTk.exe
  C:\Windows\System\gOdOaTk.exe
  2⤵
  PID:8108
- C:\Windows\System\lzByhsU.exe
  C:\Windows\System\lzByhsU.exe
  2⤵
  PID:8144
- C:\Windows\System\HzFFjAX.exe
  C:\Windows\System\HzFFjAX.exe
  2⤵
  PID:7972
- C:\Windows\System\WHgWNJb.exe
  C:\Windows\System\WHgWNJb.exe
  2⤵
  PID:7828
- C:\Windows\System\fIWNqzM.exe
  C:\Windows\System\fIWNqzM.exe
  2⤵
  PID:7860
- C:\Windows\System\aLVpOzW.exe
  C:\Windows\System\aLVpOzW.exe
  2⤵
  PID:8184
- C:\Windows\System\zThHbjC.exe
  C:\Windows\System\zThHbjC.exe
  2⤵
  PID:7296
- C:\Windows\System\yJhbHyX.exe
  C:\Windows\System\yJhbHyX.exe
  2⤵
  PID:8172
- C:\Windows\System\AUGMEXs.exe
  C:\Windows\System\AUGMEXs.exe
  2⤵
  PID:1960
- C:\Windows\System\AeDkclh.exe
  C:\Windows\System\AeDkclh.exe
  2⤵
  PID:7520
- C:\Windows\System\pDPYMtQ.exe
  C:\Windows\System\pDPYMtQ.exe
  2⤵
  PID:7568
- C:\Windows\System\tOTsHvl.exe
  C:\Windows\System\tOTsHvl.exe
  2⤵
  PID:7808
- C:\Windows\System\bjegbrA.exe
  C:\Windows\System\bjegbrA.exe
  2⤵
  PID:2620
- C:\Windows\System\dDZjmYe.exe
  C:\Windows\System\dDZjmYe.exe
  2⤵
  PID:8164
- C:\Windows\System\AkKEEpN.exe
  C:\Windows\System\AkKEEpN.exe
  2⤵
  PID:8104
- C:\Windows\System\ByMvrTj.exe
  C:\Windows\System\ByMvrTj.exe
  2⤵
  PID:6488
- C:\Windows\System\zYUZPsV.exe
  C:\Windows\System\zYUZPsV.exe
  2⤵
  PID:2828
- C:\Windows\System\pebUlWg.exe
  C:\Windows\System\pebUlWg.exe
  2⤵
  PID:8168
- C:\Windows\System\tJtSBjE.exe
  C:\Windows\System\tJtSBjE.exe
  2⤵
  PID:7716
- C:\Windows\System\FXrFaUy.exe
  C:\Windows\System\FXrFaUy.exe
  2⤵
  PID:7280
- C:\Windows\System\QtUAhGN.exe
  C:\Windows\System\QtUAhGN.exe
  2⤵
  PID:7380
- C:\Windows\System\WfJQIMe.exe
  C:\Windows\System\WfJQIMe.exe
  2⤵
  PID:6712
- C:\Windows\System\JWZGpAy.exe
  C:\Windows\System\JWZGpAy.exe
  2⤵
  PID:7412
- C:\Windows\System\LJYHFqy.exe
  C:\Windows\System\LJYHFqy.exe
  2⤵
  PID:7988
- C:\Windows\System\KlLjgzG.exe
  C:\Windows\System\KlLjgzG.exe
  2⤵
  PID:8016
- C:\Windows\System\LzYSNXe.exe
  C:\Windows\System\LzYSNXe.exe
  2⤵
  PID:7908
- C:\Windows\System\EFDqNCg.exe
  C:\Windows\System\EFDqNCg.exe
  2⤵
  PID:7904
- C:\Windows\System\XBGkarj.exe
  C:\Windows\System\XBGkarj.exe
  2⤵
  PID:2748
- C:\Windows\System\vCLDmlz.exe
  C:\Windows\System\vCLDmlz.exe
  2⤵
  PID:7760
- C:\Windows\System\ECdUrgO.exe
  C:\Windows\System\ECdUrgO.exe
  2⤵
  PID:7952
- C:\Windows\System\oIRllIF.exe
  C:\Windows\System\oIRllIF.exe
  2⤵
  PID:7636
- C:\Windows\System\EWIvqgt.exe
  C:\Windows\System\EWIvqgt.exe
  2⤵
  PID:7476
- C:\Windows\System\pVlQoJG.exe
  C:\Windows\System\pVlQoJG.exe
  2⤵
  PID:8124
- C:\Windows\System\lNzlGeh.exe
  C:\Windows\System\lNzlGeh.exe
  2⤵
  PID:7200
- C:\Windows\System\OlthBPl.exe
  C:\Windows\System\OlthBPl.exe
  2⤵
  PID:8088
- C:\Windows\System\CIulmbB.exe
  C:\Windows\System\CIulmbB.exe
  2⤵
  PID:8208
- C:\Windows\System\ElVlZIP.exe
  C:\Windows\System\ElVlZIP.exe
  2⤵
  PID:8232
- C:\Windows\System\nnyrJWp.exe
  C:\Windows\System\nnyrJWp.exe
  2⤵
  PID:8248
- C:\Windows\System\vDMWLfp.exe
  C:\Windows\System\vDMWLfp.exe
  2⤵
  PID:8264
- C:\Windows\System\RtIQvOa.exe
  C:\Windows\System\RtIQvOa.exe
  2⤵
  PID:8280
- C:\Windows\System\rUECwWE.exe
  C:\Windows\System\rUECwWE.exe
  2⤵
  PID:8296
- C:\Windows\System\qxYSEup.exe
  C:\Windows\System\qxYSEup.exe
  2⤵
  PID:8312
- C:\Windows\System\fAGYRWH.exe
  C:\Windows\System\fAGYRWH.exe
  2⤵
  PID:8328
- C:\Windows\System\AymPthT.exe
  C:\Windows\System\AymPthT.exe
  2⤵
  PID:8344
- C:\Windows\System\IMIVNGe.exe
  C:\Windows\System\IMIVNGe.exe
  2⤵
  PID:8360
- C:\Windows\System\KXJykjc.exe
  C:\Windows\System\KXJykjc.exe
  2⤵
  PID:8384
- C:\Windows\System\ZEyDrWN.exe
  C:\Windows\System\ZEyDrWN.exe
  2⤵
  PID:8400
- C:\Windows\System\eiYexnT.exe
  C:\Windows\System\eiYexnT.exe
  2⤵
  PID:8420
- C:\Windows\System\rfztbib.exe
  C:\Windows\System\rfztbib.exe
  2⤵
  PID:8436
- C:\Windows\System\lQraKDG.exe
  C:\Windows\System\lQraKDG.exe
  2⤵
  PID:8452
- C:\Windows\System\rhPMqbY.exe
  C:\Windows\System\rhPMqbY.exe
  2⤵
  PID:8468
- C:\Windows\System\tWGvEWL.exe
  C:\Windows\System\tWGvEWL.exe
  2⤵
  PID:8484
- C:\Windows\System\YZPbrdW.exe
  C:\Windows\System\YZPbrdW.exe
  2⤵
  PID:8500
- C:\Windows\System\asUJyct.exe
  C:\Windows\System\asUJyct.exe
  2⤵
  PID:8516
- C:\Windows\System\GCWISou.exe
  C:\Windows\System\GCWISou.exe
  2⤵
  PID:8540
- C:\Windows\System\SXzXUPe.exe
  C:\Windows\System\SXzXUPe.exe
  2⤵
  PID:8556
- C:\Windows\System\SJtLwOI.exe
  C:\Windows\System\SJtLwOI.exe
  2⤵
  PID:8572
- C:\Windows\System\yQBmzCb.exe
  C:\Windows\System\yQBmzCb.exe
  2⤵
  PID:8588
- C:\Windows\System\CKqvCWR.exe
  C:\Windows\System\CKqvCWR.exe
  2⤵
  PID:8604
- C:\Windows\System\qcyKiDZ.exe
  C:\Windows\System\qcyKiDZ.exe
  2⤵
  PID:8620
- C:\Windows\System\CgmQRVP.exe
  C:\Windows\System\CgmQRVP.exe
  2⤵
  PID:8636
- C:\Windows\System\LdiKshE.exe
  C:\Windows\System\LdiKshE.exe
  2⤵
  PID:8652
- C:\Windows\System\NxuEwxc.exe
  C:\Windows\System\NxuEwxc.exe
  2⤵
  PID:8668
- C:\Windows\System\kcQpKNI.exe
  C:\Windows\System\kcQpKNI.exe
  2⤵
  PID:8684
- C:\Windows\System\iIVpxPD.exe
  C:\Windows\System\iIVpxPD.exe
  2⤵
  PID:8700
- C:\Windows\System\hNkFGxt.exe
  C:\Windows\System\hNkFGxt.exe
  2⤵
  PID:8724
- C:\Windows\System\esPQPJj.exe
  C:\Windows\System\esPQPJj.exe
  2⤵
  PID:8740
- C:\Windows\System\DNLYJmD.exe
  C:\Windows\System\DNLYJmD.exe
  2⤵
  PID:8764
- C:\Windows\System\dJHSeOq.exe
  C:\Windows\System\dJHSeOq.exe
  2⤵
  PID:8780
- C:\Windows\System\AnSFMUH.exe
  C:\Windows\System\AnSFMUH.exe
  2⤵
  PID:8796
- C:\Windows\System\KBpyjok.exe
  C:\Windows\System\KBpyjok.exe
  2⤵
  PID:8812
- C:\Windows\System\VhrHeFI.exe
  C:\Windows\System\VhrHeFI.exe
  2⤵
  PID:8828
- C:\Windows\System\hbsWLbf.exe
  C:\Windows\System\hbsWLbf.exe
  2⤵
  PID:8844
- C:\Windows\System\WsnfXpT.exe
  C:\Windows\System\WsnfXpT.exe
  2⤵
  PID:8860
- C:\Windows\System\XbWcXvn.exe
  C:\Windows\System\XbWcXvn.exe
  2⤵
  PID:8876
- C:\Windows\System\tmxVeRW.exe
  C:\Windows\System\tmxVeRW.exe
  2⤵
  PID:8896
- C:\Windows\System\AjGBCRH.exe
  C:\Windows\System\AjGBCRH.exe
  2⤵
  PID:8960
- C:\Windows\System\qPPKbdR.exe
  C:\Windows\System\qPPKbdR.exe
  2⤵
  PID:8984
- C:\Windows\System\rCpPoJA.exe
  C:\Windows\System\rCpPoJA.exe
  2⤵
  PID:9012
- C:\Windows\System\hvvPkiD.exe
  C:\Windows\System\hvvPkiD.exe
  2⤵
  PID:9028
- C:\Windows\System\xdPpJFj.exe
  C:\Windows\System\xdPpJFj.exe
  2⤵
  PID:9044
- C:\Windows\System\bFTStmU.exe
  C:\Windows\System\bFTStmU.exe
  2⤵
  PID:9060
- C:\Windows\System\kEDryMx.exe
  C:\Windows\System\kEDryMx.exe
  2⤵
  PID:9080
- C:\Windows\System\HVPhkDe.exe
  C:\Windows\System\HVPhkDe.exe
  2⤵
  PID:9096
- C:\Windows\System\FLHVEty.exe
  C:\Windows\System\FLHVEty.exe
  2⤵
  PID:9112
- C:\Windows\System\IXNGWEF.exe
  C:\Windows\System\IXNGWEF.exe
  2⤵
  PID:9128
- C:\Windows\System\pnwpyOb.exe
  C:\Windows\System\pnwpyOb.exe
  2⤵
  PID:9148
- C:\Windows\System\aiDulUo.exe
  C:\Windows\System\aiDulUo.exe
  2⤵
  PID:9168
- C:\Windows\System\uDGCdgn.exe
  C:\Windows\System\uDGCdgn.exe
  2⤵
  PID:9184
- C:\Windows\System\CJZfOiU.exe
  C:\Windows\System\CJZfOiU.exe
  2⤵
  PID:9200
- C:\Windows\System\vDPmXNh.exe
  C:\Windows\System\vDPmXNh.exe
  2⤵
  PID:8200
- C:\Windows\System\pZuYRnu.exe
  C:\Windows\System\pZuYRnu.exe
  2⤵
  PID:2596
- C:\Windows\System\CvBDLCH.exe
  C:\Windows\System\CvBDLCH.exe
  2⤵
  PID:8152
- C:\Windows\System\bEAweuu.exe
  C:\Windows\System\bEAweuu.exe
  2⤵
  PID:8128
- C:\Windows\System\xaJCTGa.exe
  C:\Windows\System\xaJCTGa.exe
  2⤵
  PID:8244
- C:\Windows\System\PKbElYC.exe
  C:\Windows\System\PKbElYC.exe
  2⤵
  PID:8224
- C:\Windows\System\TsYQjTc.exe
  C:\Windows\System\TsYQjTc.exe
  2⤵
  PID:8320
- C:\Windows\System\IrggusZ.exe
  C:\Windows\System\IrggusZ.exe
  2⤵
  PID:8340
- C:\Windows\System\JURkOpg.exe
  C:\Windows\System\JURkOpg.exe
  2⤵
  PID:8408
- C:\Windows\System\fsIhMCJ.exe
  C:\Windows\System\fsIhMCJ.exe
  2⤵
  PID:8660
- C:\Windows\System\SLVwLRZ.exe
  C:\Windows\System\SLVwLRZ.exe
  2⤵
  PID:8884
- C:\Windows\System\OLOskZs.exe
  C:\Windows\System\OLOskZs.exe
  2⤵
  PID:8920
- C:\Windows\System\BVMRTst.exe
  C:\Windows\System\BVMRTst.exe
  2⤵
  PID:8936
- C:\Windows\System\kpFMKvq.exe
  C:\Windows\System\kpFMKvq.exe
  2⤵
  PID:8952
- C:\Windows\System\fZbcaCo.exe
  C:\Windows\System\fZbcaCo.exe
  2⤵
  PID:9072
- C:\Windows\System\tgHsswG.exe
  C:\Windows\System\tgHsswG.exe
  2⤵
  PID:8356
- C:\Windows\System\TDFHXcD.exe
  C:\Windows\System\TDFHXcD.exe
  2⤵
  PID:8584
- C:\Windows\System\zORAQXO.exe
  C:\Windows\System\zORAQXO.exe
  2⤵
  PID:8508
- C:\Windows\System\vTNmnML.exe
  C:\Windows\System\vTNmnML.exe
  2⤵
  PID:8428
- C:\Windows\System\JijfEkc.exe
  C:\Windows\System\JijfEkc.exe
  2⤵
  PID:8644
- C:\Windows\System\NwUkpgk.exe
  C:\Windows\System\NwUkpgk.exe
  2⤵
  PID:8432
- C:\Windows\System\pmOVhGz.exe
  C:\Windows\System\pmOVhGz.exe
  2⤵
  PID:8528
- C:\Windows\System\wZMiiVw.exe
  C:\Windows\System\wZMiiVw.exe
  2⤵
  PID:8716
- C:\Windows\System\XPRUCYY.exe
  C:\Windows\System\XPRUCYY.exe
  2⤵
  PID:8564
- C:\Windows\System\GMwHMSr.exe
  C:\Windows\System\GMwHMSr.exe
  2⤵
  PID:8760
- C:\Windows\System\bVypTvs.exe
  C:\Windows\System\bVypTvs.exe
  2⤵
  PID:8692
- C:\Windows\System\llGeAbs.exe
  C:\Windows\System\llGeAbs.exe
  2⤵
  PID:8868
- C:\Windows\System\HYafURT.exe
  C:\Windows\System\HYafURT.exe
  2⤵
  PID:8980
- C:\Windows\System\xnDITGG.exe
  C:\Windows\System\xnDITGG.exe
  2⤵
  PID:9000
- C:\Windows\System\pMULNrX.exe
  C:\Windows\System\pMULNrX.exe
  2⤵
  PID:9024
- C:\Windows\System\vVQtQqu.exe
  C:\Windows\System\vVQtQqu.exe
  2⤵
  PID:9092
- C:\Windows\System\mEJalbZ.exe
  C:\Windows\System\mEJalbZ.exe
  2⤵
  PID:8976
- C:\Windows\System\XTiarRP.exe
  C:\Windows\System\XTiarRP.exe
  2⤵
  PID:9108
- C:\Windows\System\gAEKswm.exe
  C:\Windows\System\gAEKswm.exe
  2⤵
  PID:9144
- C:\Windows\System\UIdlDGC.exe
  C:\Windows\System\UIdlDGC.exe
  2⤵
  PID:9196
- C:\Windows\System\MiGNWmN.exe
  C:\Windows\System\MiGNWmN.exe
  2⤵
  PID:8444
- C:\Windows\System\PJZAESZ.exe
  C:\Windows\System\PJZAESZ.exe
  2⤵
  PID:8240
- C:\Windows\System\NmgJolz.exe
  C:\Windows\System\NmgJolz.exe
  2⤵
  PID:1020
- C:\Windows\System\gLPmCeN.exe
  C:\Windows\System\gLPmCeN.exe
  2⤵
  PID:8260
- C:\Windows\System\fKqgzDQ.exe
  C:\Windows\System\fKqgzDQ.exe
  2⤵
  PID:8204
- C:\Windows\System\zPCYdlB.exe
  C:\Windows\System\zPCYdlB.exe
  2⤵
  PID:8292
- C:\Windows\System\tyJqIDj.exe
  C:\Windows\System\tyJqIDj.exe
  2⤵
  PID:8480
- C:\Windows\System\oMrbAWo.exe
  C:\Windows\System\oMrbAWo.exe
  2⤵
  PID:8720
- C:\Windows\System\XUQTYFa.exe
  C:\Windows\System\XUQTYFa.exe
  2⤵
  PID:8288
- C:\Windows\System\PTHMvla.exe
  C:\Windows\System\PTHMvla.exe
  2⤵
  PID:8600
- C:\Windows\System\DWmoXLY.exe
  C:\Windows\System\DWmoXLY.exe
  2⤵
  PID:8916
- C:\Windows\System\DfvDseM.exe
  C:\Windows\System\DfvDseM.exe
  2⤵
  PID:9056
- C:\Windows\System\uZVzhro.exe
  C:\Windows\System\uZVzhro.exe
  2⤵
  PID:9136
- C:\Windows\System\skZhoVg.exe
  C:\Windows\System\skZhoVg.exe
  2⤵
  PID:9192
- C:\Windows\System\CNiuVbM.exe
  C:\Windows\System\CNiuVbM.exe
  2⤵
  PID:9176
- C:\Windows\System\SpcnYvi.exe
  C:\Windows\System\SpcnYvi.exe
  2⤵
  PID:8632
- C:\Windows\System\XIhfpZX.exe
  C:\Windows\System\XIhfpZX.exe
  2⤵
  PID:8712
- C:\Windows\System\ognzIlM.exe
  C:\Windows\System\ognzIlM.exe
  2⤵
  PID:8580
- C:\Windows\System\qSmSTRQ.exe
  C:\Windows\System\qSmSTRQ.exe
  2⤵
  PID:8612
- C:\Windows\System\BgLwRKH.exe
  C:\Windows\System\BgLwRKH.exe
  2⤵
  PID:2112
- C:\Windows\System\UUeMYIt.exe
  C:\Windows\System\UUeMYIt.exe
  2⤵
  PID:8792
- C:\Windows\System\DkunFkc.exe
  C:\Windows\System\DkunFkc.exe
  2⤵
  PID:8892
- C:\Windows\System\SKehZXU.exe
  C:\Windows\System\SKehZXU.exe
  2⤵
  PID:8840
- C:\Windows\System\MwyOiFU.exe
  C:\Windows\System\MwyOiFU.exe
  2⤵
  PID:8808
- C:\Windows\System\dHhdBOH.exe
  C:\Windows\System\dHhdBOH.exe
  2⤵
  PID:9036
- C:\Windows\System\aXSsikC.exe
  C:\Windows\System\aXSsikC.exe
  2⤵
  PID:8396
- C:\Windows\System\uEGEfyA.exe
  C:\Windows\System\uEGEfyA.exe
  2⤵
  PID:8304
- C:\Windows\System\htSrAca.exe
  C:\Windows\System\htSrAca.exe
  2⤵
  PID:8496
- C:\Windows\System\PJcBWBj.exe
  C:\Windows\System\PJcBWBj.exe
  2⤵
  PID:8772
- C:\Windows\System\SmAYGXk.exe
  C:\Windows\System\SmAYGXk.exe
  2⤵
  PID:9140
- C:\Windows\System\FNQEGdh.exe
  C:\Windows\System\FNQEGdh.exe
  2⤵
  PID:8676
- C:\Windows\System\OClMwAt.exe
  C:\Windows\System\OClMwAt.exe
  2⤵
  PID:1552
- C:\Windows\System\GcHlHGR.exe
  C:\Windows\System\GcHlHGR.exe
  2⤵
  PID:8272
- C:\Windows\System\jYzshNv.exe
  C:\Windows\System\jYzshNv.exe
  2⤵
  PID:8228
- C:\Windows\System\hCEHzYy.exe
  C:\Windows\System\hCEHzYy.exe
  2⤵
  PID:884
- C:\Windows\System\MrcSxbi.exe
  C:\Windows\System\MrcSxbi.exe
  2⤵
  PID:9008
- C:\Windows\System\VsGXjTi.exe
  C:\Windows\System\VsGXjTi.exe
  2⤵
  PID:9208
- C:\Windows\System\SjCmgDm.exe
  C:\Windows\System\SjCmgDm.exe
  2⤵
  PID:9212
- C:\Windows\System\SLxZBCJ.exe
  C:\Windows\System\SLxZBCJ.exe
  2⤵
  PID:8680
- C:\Windows\System\KgoXroA.exe
  C:\Windows\System\KgoXroA.exe
  2⤵
  PID:8996
- C:\Windows\System\zpmzwAr.exe
  C:\Windows\System\zpmzwAr.exe
  2⤵
  PID:7492
- C:\Windows\System\xygjiKi.exe
  C:\Windows\System\xygjiKi.exe
  2⤵
  PID:8972
- C:\Windows\System\ebfzoCZ.exe
  C:\Windows\System\ebfzoCZ.exe
  2⤵
  PID:8776
- C:\Windows\System\WsBEhYD.exe
  C:\Windows\System\WsBEhYD.exe
  2⤵
  PID:7984
- C:\Windows\System\JvhiMsh.exe
  C:\Windows\System\JvhiMsh.exe
  2⤵
  PID:8524
- C:\Windows\System\iutUPhO.exe
  C:\Windows\System\iutUPhO.exe
  2⤵
  PID:9228
- C:\Windows\System\XwUhvqa.exe
  C:\Windows\System\XwUhvqa.exe
  2⤵
  PID:9252
- C:\Windows\System\EGZQtfQ.exe
  C:\Windows\System\EGZQtfQ.exe
  2⤵
  PID:9268
- C:\Windows\System\HRVQdTP.exe
  C:\Windows\System\HRVQdTP.exe
  2⤵
  PID:9288
- C:\Windows\System\bHxavEt.exe
  C:\Windows\System\bHxavEt.exe
  2⤵
  PID:9312
- C:\Windows\System\PiKKvUW.exe
  C:\Windows\System\PiKKvUW.exe
  2⤵
  PID:9328
- C:\Windows\System\gImSfXE.exe
  C:\Windows\System\gImSfXE.exe
  2⤵
  PID:9352
- C:\Windows\System\OERqtGf.exe
  C:\Windows\System\OERqtGf.exe
  2⤵
  PID:9368
- C:\Windows\System\lxxokby.exe
  C:\Windows\System\lxxokby.exe
  2⤵
  PID:9392
- C:\Windows\System\EUTDiWa.exe
  C:\Windows\System\EUTDiWa.exe
  2⤵
  PID:9412
- C:\Windows\System\AwTRcqC.exe
  C:\Windows\System\AwTRcqC.exe
  2⤵
  PID:9432
- C:\Windows\System\wlEYwBI.exe
  C:\Windows\System\wlEYwBI.exe
  2⤵
  PID:9452
- C:\Windows\System\lDSHfBm.exe
  C:\Windows\System\lDSHfBm.exe
  2⤵
  PID:9476
- C:\Windows\System\AnppkSr.exe
  C:\Windows\System\AnppkSr.exe
  2⤵
  PID:9492
- C:\Windows\System\wSgxGNG.exe
  C:\Windows\System\wSgxGNG.exe
  2⤵
  PID:9516
- C:\Windows\System\sGDWzpd.exe
  C:\Windows\System\sGDWzpd.exe
  2⤵
  PID:9532
- C:\Windows\System\oNDMxnM.exe
  C:\Windows\System\oNDMxnM.exe
  2⤵
  PID:9548
- C:\Windows\System\abnmVfQ.exe
  C:\Windows\System\abnmVfQ.exe
  2⤵
  PID:9568
- C:\Windows\System\PrSNLkt.exe
  C:\Windows\System\PrSNLkt.exe
  2⤵
  PID:9592
- C:\Windows\System\ZzxleeK.exe
  C:\Windows\System\ZzxleeK.exe
  2⤵
  PID:9616
- C:\Windows\System\KofHwMW.exe
  C:\Windows\System\KofHwMW.exe
  2⤵
  PID:9636
- C:\Windows\System\ddlKEUD.exe
  C:\Windows\System\ddlKEUD.exe
  2⤵
  PID:9656
- C:\Windows\System\xcZEUkK.exe
  C:\Windows\System\xcZEUkK.exe
  2⤵
  PID:9672
- C:\Windows\System\DzGvDrr.exe
  C:\Windows\System\DzGvDrr.exe
  2⤵
  PID:9696
- C:\Windows\System\lPtWYgC.exe
  C:\Windows\System\lPtWYgC.exe
  2⤵
  PID:9712
- C:\Windows\System\caKUXek.exe
  C:\Windows\System\caKUXek.exe
  2⤵
  PID:9728
- C:\Windows\System\czhwjbX.exe
  C:\Windows\System\czhwjbX.exe
  2⤵
  PID:9744
- C:\Windows\System\oWunhhL.exe
  C:\Windows\System\oWunhhL.exe
  2⤵
  PID:9764
- C:\Windows\System\SMAOOYY.exe
  C:\Windows\System\SMAOOYY.exe
  2⤵
  PID:9784
- C:\Windows\System\VQKYxEq.exe
  C:\Windows\System\VQKYxEq.exe
  2⤵
  PID:9800
- C:\Windows\System\UYCiCUo.exe
  C:\Windows\System\UYCiCUo.exe
  2⤵
  PID:9816
- C:\Windows\System\rBDfiFz.exe
  C:\Windows\System\rBDfiFz.exe
  2⤵
  PID:9832
- C:\Windows\System\Bytpfil.exe
  C:\Windows\System\Bytpfil.exe
  2⤵
  PID:9852
- C:\Windows\System\RryfjbO.exe
  C:\Windows\System\RryfjbO.exe
  2⤵
  PID:9876
- C:\Windows\System\lfNspfC.exe
  C:\Windows\System\lfNspfC.exe
  2⤵
  PID:9896
- C:\Windows\System\biEilMb.exe
  C:\Windows\System\biEilMb.exe
  2⤵
  PID:9920
- C:\Windows\System\btrCPXR.exe
  C:\Windows\System\btrCPXR.exe
  2⤵
  PID:9936
- C:\Windows\System\ShWmEfB.exe
  C:\Windows\System\ShWmEfB.exe
  2⤵
  PID:9960
- C:\Windows\System\GbLAXaK.exe
  C:\Windows\System\GbLAXaK.exe
  2⤵
  PID:9976
- C:\Windows\System\axUqXLa.exe
  C:\Windows\System\axUqXLa.exe
  2⤵
  PID:9992
- C:\Windows\System\ZdWZNHa.exe
  C:\Windows\System\ZdWZNHa.exe
  2⤵
  PID:10012
- C:\Windows\System\vyTlGkK.exe
  C:\Windows\System\vyTlGkK.exe
  2⤵
  PID:10028
- C:\Windows\System\cFvstCG.exe
  C:\Windows\System\cFvstCG.exe
  2⤵
  PID:10048
- C:\Windows\System\RZVHJMT.exe
  C:\Windows\System\RZVHJMT.exe
  2⤵
  PID:10064
- C:\Windows\System\JTWgqgk.exe
  C:\Windows\System\JTWgqgk.exe
  2⤵
  PID:10084
- C:\Windows\System\EUqnrHz.exe
  C:\Windows\System\EUqnrHz.exe
  2⤵
  PID:10108
- C:\Windows\System\cwffpPs.exe
  C:\Windows\System\cwffpPs.exe
  2⤵
  PID:10132
- C:\Windows\System\VVWfpqP.exe
  C:\Windows\System\VVWfpqP.exe
  2⤵
  PID:10156
- C:\Windows\System\lXhpTVa.exe
  C:\Windows\System\lXhpTVa.exe
  2⤵
  PID:10176
- C:\Windows\System\vQRQggy.exe
  C:\Windows\System\vQRQggy.exe
  2⤵
  PID:10192
- C:\Windows\System\sdXdRjD.exe
  C:\Windows\System\sdXdRjD.exe
  2⤵
  PID:10224
- C:\Windows\System\oQvZSqT.exe
  C:\Windows\System\oQvZSqT.exe
  2⤵
  PID:9224
- C:\Windows\System\HYImeqA.exe
  C:\Windows\System\HYImeqA.exe
  2⤵
  PID:9236
- C:\Windows\System\XQVnWGI.exe
  C:\Windows\System\XQVnWGI.exe
  2⤵
  PID:9284
- C:\Windows\System\OEQygvR.exe
  C:\Windows\System\OEQygvR.exe
  2⤵
  PID:9308
- C:\Windows\System\EIIKKvT.exe
  C:\Windows\System\EIIKKvT.exe
  2⤵
  PID:9364
- C:\Windows\System\UnkNEsT.exe
  C:\Windows\System\UnkNEsT.exe
  2⤵
  PID:8748
- C:\Windows\System\bBlNyEC.exe
  C:\Windows\System\bBlNyEC.exe
  2⤵
  PID:8392
- C:\Windows\System\XVGjTYr.exe
  C:\Windows\System\XVGjTYr.exe
  2⤵
  PID:9448
- C:\Windows\System\dMOEyNI.exe
  C:\Windows\System\dMOEyNI.exe
  2⤵
  PID:9460
- C:\Windows\System\SHimdlf.exe
  C:\Windows\System\SHimdlf.exe
  2⤵
  PID:9500
- C:\Windows\System\IhhgfVP.exe
  C:\Windows\System\IhhgfVP.exe
  2⤵
  PID:9544
- C:\Windows\System\NwtpWiQ.exe
  C:\Windows\System\NwtpWiQ.exe
  2⤵
  PID:9560
- C:\Windows\System\XYeEYtb.exe
  C:\Windows\System\XYeEYtb.exe
  2⤵
  PID:7980
- C:\Windows\System\ArubcKA.exe
  C:\Windows\System\ArubcKA.exe
  2⤵
  PID:9604
- C:\Windows\System\hWRaNHy.exe
  C:\Windows\System\hWRaNHy.exe
  2⤵
  PID:9652
- C:\Windows\System\GnLhyfW.exe
  C:\Windows\System\GnLhyfW.exe
  2⤵
  PID:9684
- C:\Windows\System\WWBOgmN.exe
  C:\Windows\System\WWBOgmN.exe
  2⤵
  PID:9752
- C:\Windows\System\bZlwkgx.exe
  C:\Windows\System\bZlwkgx.exe
  2⤵
  PID:9860
- C:\Windows\System\dESNSZg.exe
  C:\Windows\System\dESNSZg.exe
  2⤵
  PID:9904
- C:\Windows\System\hkEvpNq.exe
  C:\Windows\System\hkEvpNq.exe
  2⤵
  PID:9956
- C:\Windows\System\bZoIAlO.exe
  C:\Windows\System\bZoIAlO.exe
  2⤵
  PID:10024
- C:\Windows\System\XOnvZvj.exe
  C:\Windows\System\XOnvZvj.exe
  2⤵
  PID:9888
- C:\Windows\System\BCkKpuA.exe
  C:\Windows\System\BCkKpuA.exe
  2⤵
  PID:9736
- C:\Windows\System\NuoNwOE.exe
  C:\Windows\System\NuoNwOE.exe
  2⤵
  PID:9972
- C:\Windows\System\ZjLntwb.exe
  C:\Windows\System\ZjLntwb.exe
  2⤵
  PID:10076
- C:\Windows\System\fKTCbeI.exe
  C:\Windows\System\fKTCbeI.exe
  2⤵
  PID:9928
- C:\Windows\System\DTMNsdR.exe
  C:\Windows\System\DTMNsdR.exe
  2⤵
  PID:10188
- C:\Windows\System\NkxolQd.exe
  C:\Windows\System\NkxolQd.exe
  2⤵
  PID:10000
- C:\Windows\System\rHMKtwp.exe
  C:\Windows\System\rHMKtwp.exe
  2⤵
  PID:7348
- C:\Windows\System\BMVPFQj.exe
  C:\Windows\System\BMVPFQj.exe
  2⤵
  PID:10044
- C:\Windows\System\beGCfqz.exe
  C:\Windows\System\beGCfqz.exe
  2⤵
  PID:10128
- C:\Windows\System\IqOGsni.exe
  C:\Windows\System\IqOGsni.exe
  2⤵
  PID:10208
- C:\Windows\System\dPJYnKF.exe
  C:\Windows\System\dPJYnKF.exe
  2⤵
  PID:10164
- C:\Windows\System\DSLzbTo.exe
  C:\Windows\System\DSLzbTo.exe
  2⤵
  PID:10220
- C:\Windows\System\tNyuiGT.exe
  C:\Windows\System\tNyuiGT.exe
  2⤵
  PID:9304
- C:\Windows\System\ahvxINF.exe
  C:\Windows\System\ahvxINF.exe
  2⤵
  PID:9540
- C:\Windows\System\wGxKSfX.exe
  C:\Windows\System\wGxKSfX.exe
  2⤵
  PID:9628
- C:\Windows\System\uAZPMue.exe
  C:\Windows\System\uAZPMue.exe
  2⤵
  PID:9488
- C:\Windows\System\umpPxuN.exe
  C:\Windows\System\umpPxuN.exe
  2⤵
  PID:9724
- C:\Windows\System\HNOKBJP.exe
  C:\Windows\System\HNOKBJP.exe
  2⤵
  PID:9440
- C:\Windows\System\OSCJccQ.exe
  C:\Windows\System\OSCJccQ.exe
  2⤵
  PID:9612
- C:\Windows\System\KLTFJLI.exe
  C:\Windows\System\KLTFJLI.exe
  2⤵
  PID:9556
- C:\Windows\System\mTXyBIv.exe
  C:\Windows\System\mTXyBIv.exe
  2⤵
  PID:9760
- C:\Windows\System\RGqPuCH.exe
  C:\Windows\System\RGqPuCH.exe
  2⤵
  PID:9908
- C:\Windows\System\egCHwce.exe
  C:\Windows\System\egCHwce.exe
  2⤵
  PID:9948
- C:\Windows\System\htqUjpr.exe
  C:\Windows\System\htqUjpr.exe
  2⤵
  PID:10152
- C:\Windows\System\OkYsmkM.exe
  C:\Windows\System\OkYsmkM.exe
  2⤵
  PID:9740
- C:\Windows\System\KsoCHXC.exe
  C:\Windows\System\KsoCHXC.exe
  2⤵
  PID:10092
- C:\Windows\System\fpvvjSa.exe
  C:\Windows\System\fpvvjSa.exe
  2⤵
  PID:10236
- C:\Windows\System\TAeWuXa.exe
  C:\Windows\System\TAeWuXa.exe
  2⤵
  PID:10116
- C:\Windows\System\ihScWbI.exe
  C:\Windows\System\ihScWbI.exe
  2⤵
  PID:10200
- C:\Windows\System\eUfemBA.exe
  C:\Windows\System\eUfemBA.exe
  2⤵
  PID:9244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BtEZwmi.exe

Filesize
6.0MB

MD5
bc15d92a2b6e50b047c458895aba4588

SHA1
cc688494c533454809709964e6410194d59a9f74

SHA256
92d4d6d7f4b0838562e96fbf42bf2caf7167922a80aa8a434c88122f23d7a6d2

SHA512
031310bde9e9e029bd8a39c5423c7ec5ddac03fc48f8b48898f20a3d4100fb7a7cb30f674b55aae6f565bf3a7a552e943fbd8cea56e08dc3de5618128eceaef5

Download Submit
C:\Windows\system\CarJOos.exe

Filesize
6.0MB

MD5
dd0964127bde572ade1c635621cb9f28

SHA1
ff358290fb235a54c45044ddcc1c73e8396bee84

SHA256
2a7daaa192173b09bf46dc393b0a8ec8651a53a1170b79ebaf54730f31c9c940

SHA512
4bf14aa11108e1626b1afbed323ed7319a7127f16f4e90ee488d7461ef7b3b73b4f1de6afa9ff1ac88d5f7063e866896b699f696d012179afc20987e0a1ed91f

Download Submit
C:\Windows\system\DcLWnEx.exe

Filesize
6.0MB

MD5
c95e830bd680369e6f6044863c2cb20d

SHA1
b5566d76f65c1ce334f689271d0e273a140333c4

SHA256
5848499caa44678b5bd983bd54f573e361b7f2a1032d9de85f2f660e9e68001b

SHA512
2256442992cb65e2838bc34772b21c1840a131c06c6b53ec0df491a5bd64938dfd87e343aa3405d425e65e910b1e0150b46008acdf3bd222482450690e0d81e4

Download Submit
C:\Windows\system\FLTUvSF.exe

Filesize
6.0MB

MD5
98e37b2219f9a706a03bc3805806b08e

SHA1
59323c1b951daf77a3969b3115f9758d3f1bcd38

SHA256
d3f81fd2f396c412982d85ece16f044ba8bc64b49aac2416b59349fcd847f5dd

SHA512
14d62a9333231150bd5ded507813f16dac6905db2733269106299e8b7a2415b1d45123584098b2f95dad7d9782d7eecb96fb2ff428fe3aeea25a96fe6bbaf5b7

Download Submit
C:\Windows\system\GwwZUAQ.exe

Filesize
6.0MB

MD5
c5ae50b94bb8cfe9342ce67f1628febc

SHA1
912a9031e37e5d5725d34ec3c66fcf75957e0cb5

SHA256
55381360fe12fc4053968dc6799e0e4814eac21e6a8cd6e995846c4cbedb3a1b

SHA512
249ad5b4c015e70d63c88e97f69b8823613f6624d4cddbe5a3bf2b8ce2250acef0382cc16f44c57a5175e41ff14c04fb84bbde731ceb4b581ef3ab756a221ee7

Download Submit
C:\Windows\system\HsyAgHy.exe

Filesize
6.0MB

MD5
87bbf8e1c12a4ac61118f8b9d1f0fadd

SHA1
cd74d318e8d0c278e2794693c05654bf48a275a6

SHA256
36980f0241633e6ce25c3525cac40bc9ed1b57c31009940a04e8bc51847a63fc

SHA512
34a50801d1bf02605cf92f16d93c27a8cc21d1ae50d205dfef13c672026176ab0cd80d494002c4c85d092c0a40db1a468a9a8eda26f9d0e34102f494f9a383d5

Download Submit
C:\Windows\system\KoSdinJ.exe

Filesize
6.0MB

MD5
8eca2acab00872e056d938dbc621dd9b

SHA1
7886a29bdbe1dd2d1c6cfe1d40c58153bf25cae5

SHA256
b52ea2ca7a4bd6ca746c5f18dcc88410cb8ac5c8b40cb5518444e7fa5dcc9fb9

SHA512
b123aa4cac96947c0582501af010b8b9e24126344c996b14fd5ef2b0b9853e663e90cfd407438fe6974699aad3ce93affa6e7358f114ef5a4fa23285869b6302

Download Submit
C:\Windows\system\LdpYLyy.exe

Filesize
6.0MB

MD5
3cb9fb69d95afc586ee614fb351ccb3e

SHA1
9b9a5fa17ac9459bc717eb25816249ed8f5a8a23

SHA256
e468adb24a1082b2587420880d27ff1550e9e1ef70c4cb9a9ab968273cff0dea

SHA512
1c729e5e66ef85656e7677cc0e34475db4f370df9678afea99d7fd21558db1810a71ae51e0d465f9adda77c1fbbf056dafbce7f58f1f88deec5bb2f41583b8d8

Download Submit
C:\Windows\system\NTieraO.exe

Filesize
6.0MB

MD5
78936cf19ab2be9f939748893c7a2f65

SHA1
9b750318d491f90268701a8d0ef0b21540eb3cad

SHA256
f3656b91b3b7f0523969e03334857b3280cb46e360502041bd2ba21ee4c00627

SHA512
d8c1c10917f5b869b08a94b404e6a2009ae1fc0aa3d81f51bfa2f849e7f19438029f159169a4aec7e4307403386c03436288a3beb61458a04978677dfbc53b12

Download Submit
C:\Windows\system\OeDYenK.exe

Filesize
6.0MB

MD5
909ec53f3ceaeb9a34bb378900814316

SHA1
77c02139fa8815dbe46276439dac731213c82e62

SHA256
bfc56742e296df8c4026be404bffca2e37025a9bc2255b041e9e2882eb862698

SHA512
62fad54c9cf794546de1c3cf02c6fb71c41ca321c8e1ab5e11f80df6db24d10d0de962fed015171ac350bce3132adbf5abb69e148ef33620a2005441c53cb69a

Download Submit
C:\Windows\system\QPjDKhR.exe

Filesize
6.0MB

MD5
9e033ad4c0811513e272fc4699a2a13b

SHA1
1eea18b524be0473b68f81d2d3975af107a14902

SHA256
a8aad89a701f7277c5671fd5b6c2485c149b7b0bb08ffb8c447f24b2e5e82546

SHA512
a916219912262c4d2f699cb4b538e225a2060e5b610fb8a3ff9620fd41204e097362f28765e4fc5e6607561e3aefcad584feba5e4525339c70f023e98997fa7b

Download Submit
C:\Windows\system\RzKPzKv.exe

Filesize
6.0MB

MD5
c2440dc418254cb45d3b3e87db9d0e1d

SHA1
e990384c6efc989940534a93620611cfa5a0cb6c

SHA256
ffe854049b909f74921abaec2933cbf2ff64593ffa6ffd0ac5ec4c07e202e091

SHA512
2249878015be782548e6d70f1bc2f09381cf1b071b8868c183808164d736c84899198fdf96422c9130b731e9d0f2dd7081f484b393dbd82d050db0c1a7911f4e

Download Submit
C:\Windows\system\SctecQQ.exe

Filesize
6.0MB

MD5
50a35bbea49435be7d909b55585ab51e

SHA1
6ce34328808440749f33cbc9902c7171ec05b0e7

SHA256
08fa07365d76f5730066df0c5d8364690cd0790542829fe64632f7f667623257

SHA512
cfacd2a7496ec3b8a8d52dd0d594c5ef0d20d58ab394f012a3ec862b02c19096bf14f6866ca0e83df3161798a41c0a850a912b19423a6046c86b9edf9e07ebdb

Download Submit
C:\Windows\system\WVwgNuK.exe

Filesize
6.0MB

MD5
d15e7401c2fdd32db408b29edf02d9ee

SHA1
db37129abfc70400456ba900033498d9ea193ee5

SHA256
d97ef705a1e51b2191d7b4863a25e932a03f2fc42934566d26e240390adbbfed

SHA512
ca0dd0189bc62f6e7f30dd6c7b1cc906b8c82a543860184d0d976277f769cad83180aa152656379aae0793592689aaa2d615ca0513ae141e1f026468b09363df

Download Submit
C:\Windows\system\YEPzcoS.exe

Filesize
6.0MB

MD5
8b7963e76a48087532e9841f7abd3f3b

SHA1
bc80b2e8517ac72d82069a93a10f1be25018c635

SHA256
d64a9c44ce50ecde8a3bbdccaf1e21efa1afad1f77e5e2a4456e242b5236f997

SHA512
efbe4df229d3cd8f2f49ccd08520ce29bdaf320260ec0d44a6c8057707895b30149ac0acb5cfb41d648aea9a10f6ab8cc4b9229dffd3f5a36f687694c98a8f39

Download Submit
C:\Windows\system\ZXFZDMc.exe

Filesize
6.0MB

MD5
1b9f7df4cf2e57db836abe77eed96aca

SHA1
05d1b87cd8bc3284ffa956c1fed4e3fabce863d1

SHA256
05dcb697b5439a14d48817908d230a40e1d3e04b05a9acf32e4253adb2f769e8

SHA512
eda00adebf491bad794872749c38a03f5c6a41b43ae493fe9ff16071227af3a9c2db69ce849d2f52778be86a7b8227f7ec28890b7c0f37af00aa5e5a5106086e

Download Submit
C:\Windows\system\iXevIjW.exe

Filesize
6.0MB

MD5
5b812da4252c0edc3f7b5d075edc5d84

SHA1
17f1ff6ef0cd08d677ee8f284e42dffe89cc57e6

SHA256
9bdcae8643751c55943f7d08415c8c31762e135a9f89c7e4e7c388f5db54d204

SHA512
7a4d9235cb50bb243087d6c5a7d5e69425250e7f7b3b94492b27bc1b7309bc443f0f06b1549fa11672293993372ce643539772d6786759bd72c3058cc5f80764

Download Submit
C:\Windows\system\iXkYuxr.exe

Filesize
6.0MB

MD5
7f9e274f935f91b97549b84695ece12b

SHA1
e82f846c65570a523eaf51f82b56cd78ea44ad8b

SHA256
8889b616c2b4becedc70a8029536c30d66183a0afb87991fdfc1ca8208aaadb1

SHA512
750143089d2c5f15e0260189ef7e38027ce57234dd3dd43d4bffb987bb39e6ca749e4c4de05de7c94f029ad9471719794e78dadd7b3c385a3f292d1fcefe5c4b

Download Submit
C:\Windows\system\nntiZSN.exe

Filesize
6.0MB

MD5
a504b6065278bd4641ba08f88b0c3756

SHA1
9e460d781458b9768c5e8edfaa4b59000014b3d6

SHA256
4e8e6450bb34720d8c941544e5e222524e246f91587ddebda02a3c57720c694f

SHA512
d1906125cbd4de22cce05a236081ec3606ea345c6b5c5c0673be86ae27753467457438bfbde0d04dc04c85915e0748e415a89dd48c406eab757f9a1f8a24dd0b

Download Submit
C:\Windows\system\pBGuPQW.exe

Filesize
6.0MB

MD5
6d9471a28fa50f0a0b6262a5c5831dbf

SHA1
d28af9fe28783bd1675511541418bf83d2aafa79

SHA256
e8d78f5409c6459da340cba186c7247cf99c1a9cf2da6ef4f7a4095539d73e1d

SHA512
5303513c42885decc5beeadf950089c1e928593dd5203e35199a8ee9fadf4b2365b57020365634fadbf43440b26e697ed2c21d180e3f3e9f2054c354295c76a0

Download Submit
C:\Windows\system\qDZibNM.exe

Filesize
6.0MB

MD5
5c206ea400b325842264b2965169bec9

SHA1
93387cde48d4238a66720b9be9d7310111e24bac

SHA256
7f7e2c8979dbc95d5ba511f77815ae1854f6b2301c70ae20b717b83eee15b72c

SHA512
67bbfaf77691f37132dc4adcd3144b89cc2fc24b31532c47005f617e4fe0750d3a799b9655753ebe4fbb18e40a927b39e3027f313315f0f43404d6bbe808c911

Download Submit
C:\Windows\system\tASXWdb.exe

Filesize
6.0MB

MD5
095dbdb0f6fccb162ec74c393626d1e6

SHA1
e9b8f6dfcd0648e960dc42225f42803fe81887b0

SHA256
0f521bd4a9c96aef419606d90214324e0a68f22b4a3c1d8d2d8713165a376808

SHA512
9d2c2f07289ac8c7dfd58e24f1dadb81caed6b883c63611ead08a19738a0306814e26ba869993c94e6fd8b9fc3d6ae3adc6029b94d610b87fa28e31d97dcdfbd

Download Submit
C:\Windows\system\vbACjWJ.exe

Filesize
6.0MB

MD5
d162722211d7be73c512f28ebcb192d0

SHA1
dbb593fc889fa4bcbb9198cabf7e276705fb1137

SHA256
a256aa3aa4c87c77331b9aab8b4121193663b95cdd48e2226c2ba5eef3d46fa5

SHA512
b0a60aa8b9afe40c9346a80fd55360ff3098136f3b7ec85a2a5d19e0854aa694c70ccb83b7c420f26b479ffa2257dec78b4e8a56bbf7acd31f36562b0c473e6e

Download Submit
\Windows\system\BCdxlHL.exe

Filesize
6.0MB

MD5
516b40348ebd696a905395c2042217d9

SHA1
fae763baac12f273f0729ce58b6a1d87ddd0ab4f

SHA256
ac87c69999c6988c72eaaa49e0ba63712ba657d25b3f5d64223a96133849dcd1

SHA512
a605f0881339df160ed424f2131634b9b8e924dc760a77a3b802a2e68afdc291fa8b5f808ae8cc62bb7e0236fb230f55b86b722c18420296ade89400fa7cd76f

Download Submit
\Windows\system\CPnWWyF.exe

Filesize
6.0MB

MD5
1c57653f84ca30b7847b1da12468d023

SHA1
4a899173d4f502e1aa34cab5c9519601edd0477a

SHA256
818dd7b16a58cfbe4b5d97ca3947ba2975367ad0c90b569d889554966737819c

SHA512
66162ffc5bbbdd9c64a104d721d2f3293870be4887b4d5bbab7c031276b1f7621f9c889ecb433d68563c0d9f091ccf9697b57b497add7f8648a9f97b7aa8ba22

Download Submit
\Windows\system\HgxEqrw.exe

Filesize
6.0MB

MD5
3c20fe2dd497f8bf5af2422d09e5f860

SHA1
5298936f330d05873a680408cb8d064c808d79b4

SHA256
1074d0ead3873795f1e7b3fe09c0fb79dfa30f91747e12b080f1779ba5307501

SHA512
fde044fa8a9c38ca88df20dbe1e1f4301913120a8957f596a3700f3035bb27a957f4be270703beeb75792e29748da2cb334e0549db75a27da5c47747d631cb03

Download Submit
\Windows\system\JQQYXCm.exe

Filesize
6.0MB

MD5
aab2f54c09c08f322c9bf3860ef00ec0

SHA1
3337da2724bf16ab4b9d889a8eb1cff8bef7677e

SHA256
4c8c816d62a157d16dcba9adfc8d3737e293eca566420ea87198a904d53ee6c3

SHA512
4bc2bebffabb7882717a5d29cc30b5ae36ac9c9742bbcca39fa5a15b644e0fc6349146c4ef2bca7832e94221a3673b6da2013b0428a4f49fcc84feba5b8f8552

Download Submit
\Windows\system\SLvPNSf.exe

Filesize
6.0MB

MD5
1c09c9c5f167c5067f1f076d91a95d8b

SHA1
7c758b80a9c0fb2f3295ce53cc1e43ddff17a11c

SHA256
4971053ada61250b54b2b551a2baecb114360cd67cd56bd0ae2152c972106ac1

SHA512
deb8df1fa4caa72cadf642ca29a65fa52263583ba46b2edeb7bb398702a16416642ea66f82631ca766fa96ec2e86413241e19d32b04d06aa531a994d61f61bb0

Download Submit
\Windows\system\SqYoafC.exe

Filesize
6.0MB

MD5
fa5c702e5f0df3844c3773f7563f4849

SHA1
7dbb54de42e4c4c8c8baae0982c48dfbf828f128

SHA256
ac20af570afe06c80c94136c0a8169ca2ad88aa0e3f111fb5a6c2660c8b97a45

SHA512
f3a5ac9d0f73f029572fc8b7e2e9375aa77bc7de06ba3dd77af7c05c1bceebe9218a38799467d91a79497af1cdd24de6a9aaf7dc8c01ca6e8f3e45573504b314

Download Submit
\Windows\system\UttEzqi.exe

Filesize
6.0MB

MD5
d51267a727bb5682ab7742fa53ba19ce

SHA1
739e299de834671394a45a91af400b26f773a022

SHA256
fd154af176ce97244e872f695646912b1ace3ab2434476a032ccf5f4fbad3b87

SHA512
120c983897a829e9296cf96250478bf50d4424c7c8656f314f6244f03ee240dc4a174a7ac7561dd5740deb00e8bd7685946f6f69c63a138e319f258070763b73

Download Submit
\Windows\system\dtdgUJh.exe

Filesize
6.0MB

MD5
aac4866d22e51e503a7dbe0a4fff49dd

SHA1
add2db79ef30418a03646905514fe0d969d4a75c

SHA256
beff98d684aa76140fbd1472b9c3b894cf963c77fef98cb37b88bc070cd9e39e

SHA512
a7a934f9297318b2faf8f7659741d0ab8785acf45ce284b93537797532ff310c27a0a43da03289ea946e9db1311e3f6e8d4cd80f4e9919c1a46d75048f60e8f3

Download Submit
\Windows\system\fSepAEa.exe

Filesize
6.0MB

MD5
922022b54d742f822fe3f1ae158a717b

SHA1
c7a71ac9ac2a38b3ec3383ed597be26ad411f755

SHA256
f30a9974e6e90ba96178d6bc120d6116dab94de7919dba91316788a4c6b32d1c

SHA512
1c75b886f273b3c82e58885541a4e5eca2ebfe6e95718b0a6ac25252c0fdc10d61598cf8db1b9799a283e2487837335cd9f40018c88f7bb28377748b3817db37

Download Submit
\Windows\system\iHahaIf.exe

Filesize
6.0MB

MD5
cb8cac567b655e7f2a7521df4405ea5a

SHA1
00c1f774c55edbe32d42f6c2f954f42427fd47b2

SHA256
df380505044c9ccd87efe101394ecf6efcb7882429d40a335081e99e1eded947

SHA512
6b02f9c27e7aa3b44b16da85be551a14536906c46521e7ce78454501e6c1d7aeaf96dccc5664916189304d134c81e70eb807d3f22f4d7e90f0df578a2e0d0171

Download Submit
\Windows\system\jKHwAje.exe

Filesize
6.0MB

MD5
15f59031b26fc318db8806aafae4bffb

SHA1
206afb39d3155c46ec0fbd3387c8079f2f353157

SHA256
c05f68c66ac575f8725a7e7024178b6e9c772294647fd246e0d41da7a73d0cd9

SHA512
c12a4df94b1896da7af8440a9aad1bf8d1b98a6478c1070b7c607520aa2f346ff515cb20446d8f6bac2253d9d7a35baa3aed07086f6c8ec21d8ebbbbc86759bf

Download Submit
\Windows\system\swyKKQY.exe

Filesize
6.0MB

MD5
f6617244a3a2cfb196c87f911407ce0e

SHA1
b7531224d17953974236fbf4bd4ae21dca0a6061

SHA256
49840b4afa4bd7926dd95a928b386854a4a217492f1f27a8b2639e3fd4376290

SHA512
c0efbc28529ccd1096affc072715462bc88f72d7f50f871d28638b2fc7caf2fda9565917cf4a14af07127cd498e7f122d7e0fb1915c8645822699b124854373c

Download Submit
\Windows\system\zQdhfnJ.exe

Filesize
6.0MB

MD5
2ce48821dfe5725bcf5c930886cbeca9

SHA1
d7db4df8412b8beb5d815de07969c899738aa542

SHA256
5b9a177e3ba26843ce29236b82a7f88bc2f42d4f14b48d0d02b893e75a63e573

SHA512
3a7c428f506f277bab9271eec658a6b86d1f7c0d9b6007aef6c5f84f8b61ed7f003e093a58e4b8f9931bc1fdc8262fb25ba6b194b899a4ee5902d6519dd4692b

Download Submit
memory/1264-14-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1264-4011-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1608-283-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1608-4019-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-291-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1676-4022-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/1800-4013-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1800-37-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1804-284-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-578-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/1804-42-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-12-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1804-16-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-28-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-39-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2429-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-36-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1804-22-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-292-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2272-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2271-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2253-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2265-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2239-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-199-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-1069-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-293-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2270-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-290-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2144-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-288-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2246-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1804-286-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-225-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1804-0-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-2261-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-282-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-4014-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2016-29-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2016-1078-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2120-4010-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2120-15-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2300-4012-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2300-23-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2584-4015-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-151-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-4020-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2588-287-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2632-285-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4018-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4021-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-289-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-4017-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2696-219-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2920-4023-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2145-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-150-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-281-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2968-4016-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download