cobaltstrike | f66f1a924cd30d9fcbbcfc65736a1a1be2b182b26e63967843532f12cdd1ee30

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
03-01-2025 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

02101550da55057c6b844046bf3c7ea4
SHA1

8d74bff87564dc6130940fd085401195851d2ff8
SHA256

f66f1a924cd30d9fcbbcfc65736a1a1be2b182b26e63967843532f12cdd1ee30
SHA512

7798d17cdfc92fe37dd451c7e2223899c22017e113367a44fb156c328b6fa3619249e71091a994cccc746eb9548c37a1e26b8f640734edf27af761f565f21456
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUF:T+q56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016875-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c80-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-33.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016332-57.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-76.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3a-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-90.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001749c-63.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-50.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/624-0-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-3.dat	xmrig
behavioral1/memory/2608-10-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c66-9.dat	xmrig
behavioral1/files/0x0008000000016875-7.dat	xmrig
behavioral1/memory/2720-20-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/1568-16-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c80-22.dat	xmrig
behavioral1/memory/2520-28-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c88-29.dat	xmrig
behavioral1/files/0x0007000000016cd7-33.dat	xmrig
behavioral1/memory/624-35-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2608-37-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2824-40-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2156-39-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016332-57.dat	xmrig
behavioral1/files/0x000600000001755b-64.dat	xmrig
behavioral1/files/0x0005000000018686-76.dat	xmrig
behavioral1/memory/3000-80-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2748-83-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2796-85-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d3a-84.dat	xmrig
behavioral1/memory/2688-99-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x00050000000187a8-137.dat	xmrig
behavioral1/files/0x0005000000019360-185.dat	xmrig
behavioral1/memory/2688-882-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2472-725-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/624-630-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2796-542-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/624-354-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a6-192.dat	xmrig
behavioral1/files/0x000500000001933f-182.dat	xmrig
behavioral1/files/0x0005000000019284-172.dat	xmrig
behavioral1/files/0x0005000000019297-177.dat	xmrig
behavioral1/files/0x0005000000019278-167.dat	xmrig
behavioral1/files/0x0005000000019269-162.dat	xmrig
behavioral1/files/0x0005000000019250-157.dat	xmrig
behavioral1/files/0x0006000000018c16-147.dat	xmrig
behavioral1/files/0x0005000000019246-152.dat	xmrig
behavioral1/files/0x0006000000018b4e-142.dat	xmrig
behavioral1/files/0x000500000001878e-132.dat	xmrig
behavioral1/files/0x0005000000018744-127.dat	xmrig
behavioral1/files/0x0005000000018704-117.dat	xmrig
behavioral1/files/0x0005000000018739-122.dat	xmrig
behavioral1/files/0x00050000000186f4-112.dat	xmrig
behavioral1/files/0x00050000000186f1-107.dat	xmrig
behavioral1/memory/624-105-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2904-104-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2824-103-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ed-98.dat	xmrig
behavioral1/memory/2156-96-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2472-91-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e7-90.dat	xmrig
behavioral1/memory/624-88-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2520-87-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2720-82-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2096-81-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/624-77-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/624-75-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/1568-74-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2780-68-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x000800000001749c-63.dat	xmrig
behavioral1/files/0x0007000000016cf5-50.dat	xmrig
behavioral1/memory/2904-56-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2608	grRSNPp.exe
1568	LUWYrus.exe
2720	fGMBOHD.exe
2520	hgFAflx.exe
2156	BzhCtNO.exe
2824	WfwJEDe.exe
2904	oBkNCIM.exe
2780	IdxAAes.exe
3000	HFtQCgE.exe
2096	agoAEFK.exe
2748	YsWqZmJ.exe
2796	vfovXWd.exe
2472	bfQuFli.exe
2688	OjhhkkD.exe
3060	WnYVDAp.exe
1372	LmtAyFo.exe
2876	GytMJpS.exe
2948	ghWGNQS.exe
3024	KuMJSwL.exe
552	rOziqVQ.exe
3020	YaPEWhI.exe
1404	nIitEnL.exe
1784	oeGhIyz.exe
2592	ZvoqRVy.exe
2480	zlOUCPc.exe
2104	OKPUFHH.exe
2052	vvisxHJ.exe
2100	pFKUXHi.exe
1668	BFzOMVW.exe
576	zTOyoHr.exe
2200	RsOGcaH.exe
1988	uyQGNKB.exe
1344	xGePzKA.exe
2092	WyzxnUB.exe
1248	dtYHIBC.exe
1680	ZLXgGUv.exe
2008	IyFSDYp.exe
1720	VvlvDIQ.exe
744	dXuffHc.exe
1760	fjZFSoc.exe
864	cCuFPzK.exe
284	wNYRITl.exe
1464	HysMHFQ.exe
2188	cctSGan.exe
2184	ekxrTPL.exe
1976	eXWyiEW.exe
800	ufwyAQZ.exe
2144	ZLTfzmj.exe
868	rWKdwvm.exe
2236	obYVvxO.exe
2352	mqhsKKX.exe
1592	tXkjslL.exe
1596	RNSBQdU.exe
1944	TEACIWC.exe
2308	BBKPRuC.exe
2228	SBSvNSR.exe
2788	JDPkEiT.exe
2900	tEoEeXM.exe
2664	dmsLbVf.exe
2808	zJBquCG.exe
2460	DqaYgey.exe
3012	gwkvyjd.exe
2496	ZcEWvZA.exe
2944	kugRNFF.exe

Loads dropped DLL 64 IoCs

pid	Process
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/624-0-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-3.dat	upx
behavioral1/memory/2608-10-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0008000000016c66-9.dat	upx
behavioral1/files/0x0008000000016875-7.dat	upx
behavioral1/memory/2720-20-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/1568-16-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x0007000000016c80-22.dat	upx
behavioral1/memory/2520-28-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0007000000016c88-29.dat	upx
behavioral1/files/0x0007000000016cd7-33.dat	upx
behavioral1/memory/624-35-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2608-37-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2824-40-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2156-39-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x0008000000016332-57.dat	upx
behavioral1/files/0x000600000001755b-64.dat	upx
behavioral1/files/0x0005000000018686-76.dat	upx
behavioral1/memory/3000-80-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2748-83-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2796-85-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x0008000000016d3a-84.dat	upx
behavioral1/memory/2688-99-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x00050000000187a8-137.dat	upx
behavioral1/files/0x0005000000019360-185.dat	upx
behavioral1/memory/2688-882-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2472-725-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2796-542-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/624-354-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x00050000000193a6-192.dat	upx
behavioral1/files/0x000500000001933f-182.dat	upx
behavioral1/files/0x0005000000019284-172.dat	upx
behavioral1/files/0x0005000000019297-177.dat	upx
behavioral1/files/0x0005000000019278-167.dat	upx
behavioral1/files/0x0005000000019269-162.dat	upx
behavioral1/files/0x0005000000019250-157.dat	upx
behavioral1/files/0x0006000000018c16-147.dat	upx
behavioral1/files/0x0005000000019246-152.dat	upx
behavioral1/files/0x0006000000018b4e-142.dat	upx
behavioral1/files/0x000500000001878e-132.dat	upx
behavioral1/files/0x0005000000018744-127.dat	upx
behavioral1/files/0x0005000000018704-117.dat	upx
behavioral1/files/0x0005000000018739-122.dat	upx
behavioral1/files/0x00050000000186f4-112.dat	upx
behavioral1/files/0x00050000000186f1-107.dat	upx
behavioral1/memory/2904-104-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2824-103-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x00050000000186ed-98.dat	upx
behavioral1/memory/2156-96-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2472-91-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x00050000000186e7-90.dat	upx
behavioral1/memory/2520-87-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2720-82-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2096-81-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/1568-74-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2780-68-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x000800000001749c-63.dat	upx
behavioral1/files/0x0007000000016cf5-50.dat	upx
behavioral1/memory/2904-56-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2720-3501-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/1568-3507-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2608-3506-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2520-3505-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2156-3630-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\woQWuhS.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGPwwJs.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NuRcvla.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TaUHJVq.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOBwCVq.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JkTwcAu.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHCqHnE.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYSFQkD.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnJtVis.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekxrTPL.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbYWzEz.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AebRTCQ.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yToJenC.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxwZNcD.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmjUatp.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vlnaqop.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXSdFFM.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWWhmRc.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaTNMRR.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UEYKtYt.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvgcPnY.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqVrPkY.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqZnbTV.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eSTZpFm.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgsWBNb.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlackxK.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mofmVBP.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqOyRRi.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guIuxUW.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpmSfjh.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJStjwK.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgZARmx.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTONrNH.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSPDYSt.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvLYfUb.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuYbSHk.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSEncvg.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHhEjiD.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yyFZsWJ.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvHdpfC.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYVPdrd.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDdNTJF.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQiUHZu.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwbmxsT.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWUlIoe.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXWzYXG.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTdvxRW.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DoKDHJx.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZORWqYF.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYewOWZ.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXertBf.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHxakvr.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoBRvTX.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgPPMSj.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbQnhgT.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBGrlIS.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLbFvPb.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NaKNPOp.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNSBQdU.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIohMhN.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiLusgQ.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYpnBqW.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htToWrk.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNVQhOV.exe	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 2608	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 624 wrote to memory of 2608	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 624 wrote to memory of 2608	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 624 wrote to memory of 1568	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 624 wrote to memory of 1568	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 624 wrote to memory of 1568	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 624 wrote to memory of 2720	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 624 wrote to memory of 2720	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 624 wrote to memory of 2720	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 624 wrote to memory of 2520	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 624 wrote to memory of 2520	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 624 wrote to memory of 2520	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 624 wrote to memory of 2824	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 624 wrote to memory of 2824	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 624 wrote to memory of 2824	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 624 wrote to memory of 2156	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 624 wrote to memory of 2156	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 624 wrote to memory of 2156	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 624 wrote to memory of 2904	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 624 wrote to memory of 2904	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 624 wrote to memory of 2904	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 624 wrote to memory of 2780	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 624 wrote to memory of 2780	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 624 wrote to memory of 2780	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 624 wrote to memory of 2796	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 624 wrote to memory of 2796	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 624 wrote to memory of 2796	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 624 wrote to memory of 3000	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 624 wrote to memory of 3000	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 624 wrote to memory of 3000	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 624 wrote to memory of 2096	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 624 wrote to memory of 2096	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 624 wrote to memory of 2096	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 624 wrote to memory of 2748	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 624 wrote to memory of 2748	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 624 wrote to memory of 2748	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 624 wrote to memory of 2472	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 624 wrote to memory of 2472	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 624 wrote to memory of 2472	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 624 wrote to memory of 2688	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 624 wrote to memory of 2688	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 624 wrote to memory of 2688	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 624 wrote to memory of 3060	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 624 wrote to memory of 3060	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 624 wrote to memory of 3060	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 624 wrote to memory of 1372	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 624 wrote to memory of 1372	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 624 wrote to memory of 1372	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 624 wrote to memory of 2876	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 624 wrote to memory of 2876	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 624 wrote to memory of 2876	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 624 wrote to memory of 2948	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 624 wrote to memory of 2948	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 624 wrote to memory of 2948	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 624 wrote to memory of 3024	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 624 wrote to memory of 3024	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 624 wrote to memory of 3024	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 624 wrote to memory of 552	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 624 wrote to memory of 552	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 624 wrote to memory of 552	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 624 wrote to memory of 3020	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 624 wrote to memory of 3020	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 624 wrote to memory of 3020	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 624 wrote to memory of 1404	624	2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-03_02101550da55057c6b844046bf3c7ea4_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:624
- C:\Windows\System\grRSNPp.exe
  C:\Windows\System\grRSNPp.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\LUWYrus.exe
  C:\Windows\System\LUWYrus.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\fGMBOHD.exe
  C:\Windows\System\fGMBOHD.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\hgFAflx.exe
  C:\Windows\System\hgFAflx.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\WfwJEDe.exe
  C:\Windows\System\WfwJEDe.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\BzhCtNO.exe
  C:\Windows\System\BzhCtNO.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\oBkNCIM.exe
  C:\Windows\System\oBkNCIM.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\IdxAAes.exe
  C:\Windows\System\IdxAAes.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\vfovXWd.exe
  C:\Windows\System\vfovXWd.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\HFtQCgE.exe
  C:\Windows\System\HFtQCgE.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\agoAEFK.exe
  C:\Windows\System\agoAEFK.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\YsWqZmJ.exe
  C:\Windows\System\YsWqZmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\bfQuFli.exe
  C:\Windows\System\bfQuFli.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\OjhhkkD.exe
  C:\Windows\System\OjhhkkD.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\WnYVDAp.exe
  C:\Windows\System\WnYVDAp.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\LmtAyFo.exe
  C:\Windows\System\LmtAyFo.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\GytMJpS.exe
  C:\Windows\System\GytMJpS.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\ghWGNQS.exe
  C:\Windows\System\ghWGNQS.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\KuMJSwL.exe
  C:\Windows\System\KuMJSwL.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\rOziqVQ.exe
  C:\Windows\System\rOziqVQ.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\YaPEWhI.exe
  C:\Windows\System\YaPEWhI.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\nIitEnL.exe
  C:\Windows\System\nIitEnL.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\oeGhIyz.exe
  C:\Windows\System\oeGhIyz.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ZvoqRVy.exe
  C:\Windows\System\ZvoqRVy.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\zlOUCPc.exe
  C:\Windows\System\zlOUCPc.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\OKPUFHH.exe
  C:\Windows\System\OKPUFHH.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\vvisxHJ.exe
  C:\Windows\System\vvisxHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\pFKUXHi.exe
  C:\Windows\System\pFKUXHi.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\BFzOMVW.exe
  C:\Windows\System\BFzOMVW.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\zTOyoHr.exe
  C:\Windows\System\zTOyoHr.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\RsOGcaH.exe
  C:\Windows\System\RsOGcaH.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\uyQGNKB.exe
  C:\Windows\System\uyQGNKB.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\xGePzKA.exe
  C:\Windows\System\xGePzKA.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\WyzxnUB.exe
  C:\Windows\System\WyzxnUB.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\dtYHIBC.exe
  C:\Windows\System\dtYHIBC.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\ZLXgGUv.exe
  C:\Windows\System\ZLXgGUv.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\IyFSDYp.exe
  C:\Windows\System\IyFSDYp.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\VvlvDIQ.exe
  C:\Windows\System\VvlvDIQ.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\dXuffHc.exe
  C:\Windows\System\dXuffHc.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\fjZFSoc.exe
  C:\Windows\System\fjZFSoc.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\cCuFPzK.exe
  C:\Windows\System\cCuFPzK.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\wNYRITl.exe
  C:\Windows\System\wNYRITl.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\HysMHFQ.exe
  C:\Windows\System\HysMHFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\cctSGan.exe
  C:\Windows\System\cctSGan.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ekxrTPL.exe
  C:\Windows\System\ekxrTPL.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\eXWyiEW.exe
  C:\Windows\System\eXWyiEW.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\ufwyAQZ.exe
  C:\Windows\System\ufwyAQZ.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\ZLTfzmj.exe
  C:\Windows\System\ZLTfzmj.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\rWKdwvm.exe
  C:\Windows\System\rWKdwvm.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\obYVvxO.exe
  C:\Windows\System\obYVvxO.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\mqhsKKX.exe
  C:\Windows\System\mqhsKKX.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\tXkjslL.exe
  C:\Windows\System\tXkjslL.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\RNSBQdU.exe
  C:\Windows\System\RNSBQdU.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\TEACIWC.exe
  C:\Windows\System\TEACIWC.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\BBKPRuC.exe
  C:\Windows\System\BBKPRuC.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\SBSvNSR.exe
  C:\Windows\System\SBSvNSR.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\JDPkEiT.exe
  C:\Windows\System\JDPkEiT.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\tEoEeXM.exe
  C:\Windows\System\tEoEeXM.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\dmsLbVf.exe
  C:\Windows\System\dmsLbVf.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\zJBquCG.exe
  C:\Windows\System\zJBquCG.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\DqaYgey.exe
  C:\Windows\System\DqaYgey.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\gwkvyjd.exe
  C:\Windows\System\gwkvyjd.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\ZcEWvZA.exe
  C:\Windows\System\ZcEWvZA.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\kugRNFF.exe
  C:\Windows\System\kugRNFF.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\FzbIkVa.exe
  C:\Windows\System\FzbIkVa.exe
  2⤵
  PID:2988
- C:\Windows\System\cUztnEK.exe
  C:\Windows\System\cUztnEK.exe
  2⤵
  PID:2488
- C:\Windows\System\bdKMeud.exe
  C:\Windows\System\bdKMeud.exe
  2⤵
  PID:2528
- C:\Windows\System\hVMftHz.exe
  C:\Windows\System\hVMftHz.exe
  2⤵
  PID:2456
- C:\Windows\System\wdUsege.exe
  C:\Windows\System\wdUsege.exe
  2⤵
  PID:2548
- C:\Windows\System\TcDEOLe.exe
  C:\Windows\System\TcDEOLe.exe
  2⤵
  PID:1100
- C:\Windows\System\BuVgPGN.exe
  C:\Windows\System\BuVgPGN.exe
  2⤵
  PID:1852
- C:\Windows\System\FmnhWah.exe
  C:\Windows\System\FmnhWah.exe
  2⤵
  PID:1664
- C:\Windows\System\oArccBc.exe
  C:\Windows\System\oArccBc.exe
  2⤵
  PID:2384
- C:\Windows\System\RCsRkiH.exe
  C:\Windows\System\RCsRkiH.exe
  2⤵
  PID:976
- C:\Windows\System\CXqVqDw.exe
  C:\Windows\System\CXqVqDw.exe
  2⤵
  PID:1688
- C:\Windows\System\ahGgqjw.exe
  C:\Windows\System\ahGgqjw.exe
  2⤵
  PID:1576
- C:\Windows\System\qZCnmEg.exe
  C:\Windows\System\qZCnmEg.exe
  2⤵
  PID:1528
- C:\Windows\System\sJmcBeV.exe
  C:\Windows\System\sJmcBeV.exe
  2⤵
  PID:936
- C:\Windows\System\uQBRvVW.exe
  C:\Windows\System\uQBRvVW.exe
  2⤵
  PID:668
- C:\Windows\System\lxuyJmK.exe
  C:\Windows\System\lxuyJmK.exe
  2⤵
  PID:2196
- C:\Windows\System\GpHMmkH.exe
  C:\Windows\System\GpHMmkH.exe
  2⤵
  PID:2588
- C:\Windows\System\WzboXGV.exe
  C:\Windows\System\WzboXGV.exe
  2⤵
  PID:380
- C:\Windows\System\RwUoAtA.exe
  C:\Windows\System\RwUoAtA.exe
  2⤵
  PID:1496
- C:\Windows\System\hUTNzes.exe
  C:\Windows\System\hUTNzes.exe
  2⤵
  PID:2340
- C:\Windows\System\OledVQY.exe
  C:\Windows\System\OledVQY.exe
  2⤵
  PID:1480
- C:\Windows\System\dzTYxDP.exe
  C:\Windows\System\dzTYxDP.exe
  2⤵
  PID:2288
- C:\Windows\System\HnlanCl.exe
  C:\Windows\System\HnlanCl.exe
  2⤵
  PID:2740
- C:\Windows\System\bSripZQ.exe
  C:\Windows\System\bSripZQ.exe
  2⤵
  PID:2968
- C:\Windows\System\tSNOBIx.exe
  C:\Windows\System\tSNOBIx.exe
  2⤵
  PID:2640
- C:\Windows\System\PZXJdaE.exe
  C:\Windows\System\PZXJdaE.exe
  2⤵
  PID:2676
- C:\Windows\System\gkeqKGU.exe
  C:\Windows\System\gkeqKGU.exe
  2⤵
  PID:2960
- C:\Windows\System\YTTIVza.exe
  C:\Windows\System\YTTIVza.exe
  2⤵
  PID:1848
- C:\Windows\System\iQGKWAw.exe
  C:\Windows\System\iQGKWAw.exe
  2⤵
  PID:308
- C:\Windows\System\vQATrKa.exe
  C:\Windows\System\vQATrKa.exe
  2⤵
  PID:1972
- C:\Windows\System\dfWjtUV.exe
  C:\Windows\System\dfWjtUV.exe
  2⤵
  PID:1124
- C:\Windows\System\MZLClGD.exe
  C:\Windows\System\MZLClGD.exe
  2⤵
  PID:1800
- C:\Windows\System\kdKNCUf.exe
  C:\Windows\System\kdKNCUf.exe
  2⤵
  PID:2612
- C:\Windows\System\PnKgowm.exe
  C:\Windows\System\PnKgowm.exe
  2⤵
  PID:1684
- C:\Windows\System\NZEXIxo.exe
  C:\Windows\System\NZEXIxo.exe
  2⤵
  PID:2420
- C:\Windows\System\AgPPMSj.exe
  C:\Windows\System\AgPPMSj.exe
  2⤵
  PID:1040
- C:\Windows\System\YTdvxRW.exe
  C:\Windows\System\YTdvxRW.exe
  2⤵
  PID:2452
- C:\Windows\System\NgIpIfq.exe
  C:\Windows\System\NgIpIfq.exe
  2⤵
  PID:3088
- C:\Windows\System\nWfIysY.exe
  C:\Windows\System\nWfIysY.exe
  2⤵
  PID:3108
- C:\Windows\System\sQWvxll.exe
  C:\Windows\System\sQWvxll.exe
  2⤵
  PID:3128
- C:\Windows\System\GJEkasi.exe
  C:\Windows\System\GJEkasi.exe
  2⤵
  PID:3148
- C:\Windows\System\occplIm.exe
  C:\Windows\System\occplIm.exe
  2⤵
  PID:3168
- C:\Windows\System\sTLEMyO.exe
  C:\Windows\System\sTLEMyO.exe
  2⤵
  PID:3188
- C:\Windows\System\TrJdpuG.exe
  C:\Windows\System\TrJdpuG.exe
  2⤵
  PID:3208
- C:\Windows\System\aiWVlQY.exe
  C:\Windows\System\aiWVlQY.exe
  2⤵
  PID:3228
- C:\Windows\System\dlWblcY.exe
  C:\Windows\System\dlWblcY.exe
  2⤵
  PID:3248
- C:\Windows\System\UIOysBo.exe
  C:\Windows\System\UIOysBo.exe
  2⤵
  PID:3264
- C:\Windows\System\hgwYtyq.exe
  C:\Windows\System\hgwYtyq.exe
  2⤵
  PID:3288
- C:\Windows\System\LIpppzN.exe
  C:\Windows\System\LIpppzN.exe
  2⤵
  PID:3308
- C:\Windows\System\OtPvBlQ.exe
  C:\Windows\System\OtPvBlQ.exe
  2⤵
  PID:3328
- C:\Windows\System\mloRRYL.exe
  C:\Windows\System\mloRRYL.exe
  2⤵
  PID:3348
- C:\Windows\System\SsymQmW.exe
  C:\Windows\System\SsymQmW.exe
  2⤵
  PID:3368
- C:\Windows\System\JyxFmsV.exe
  C:\Windows\System\JyxFmsV.exe
  2⤵
  PID:3388
- C:\Windows\System\lrvUFOY.exe
  C:\Windows\System\lrvUFOY.exe
  2⤵
  PID:3408
- C:\Windows\System\MADbmxQ.exe
  C:\Windows\System\MADbmxQ.exe
  2⤵
  PID:3428
- C:\Windows\System\ILDklrb.exe
  C:\Windows\System\ILDklrb.exe
  2⤵
  PID:3448
- C:\Windows\System\wGpwJZE.exe
  C:\Windows\System\wGpwJZE.exe
  2⤵
  PID:3468
- C:\Windows\System\DFpVhmG.exe
  C:\Windows\System\DFpVhmG.exe
  2⤵
  PID:3488
- C:\Windows\System\wCAgrbP.exe
  C:\Windows\System\wCAgrbP.exe
  2⤵
  PID:3504
- C:\Windows\System\vLpXKYq.exe
  C:\Windows\System\vLpXKYq.exe
  2⤵
  PID:3528
- C:\Windows\System\HlvNSuw.exe
  C:\Windows\System\HlvNSuw.exe
  2⤵
  PID:3548
- C:\Windows\System\AuuiDBU.exe
  C:\Windows\System\AuuiDBU.exe
  2⤵
  PID:3568
- C:\Windows\System\YfWjLnA.exe
  C:\Windows\System\YfWjLnA.exe
  2⤵
  PID:3588
- C:\Windows\System\TwQloEs.exe
  C:\Windows\System\TwQloEs.exe
  2⤵
  PID:3608
- C:\Windows\System\KavKskb.exe
  C:\Windows\System\KavKskb.exe
  2⤵
  PID:3628
- C:\Windows\System\hOgtxWq.exe
  C:\Windows\System\hOgtxWq.exe
  2⤵
  PID:3652
- C:\Windows\System\PJpUWgP.exe
  C:\Windows\System\PJpUWgP.exe
  2⤵
  PID:3668
- C:\Windows\System\qNlzTJi.exe
  C:\Windows\System\qNlzTJi.exe
  2⤵
  PID:3692
- C:\Windows\System\ehIpWIx.exe
  C:\Windows\System\ehIpWIx.exe
  2⤵
  PID:3712
- C:\Windows\System\zRguaGq.exe
  C:\Windows\System\zRguaGq.exe
  2⤵
  PID:3732
- C:\Windows\System\LLeXHBe.exe
  C:\Windows\System\LLeXHBe.exe
  2⤵
  PID:3752
- C:\Windows\System\VByRGtq.exe
  C:\Windows\System\VByRGtq.exe
  2⤵
  PID:3772
- C:\Windows\System\DAMlEcN.exe
  C:\Windows\System\DAMlEcN.exe
  2⤵
  PID:3792
- C:\Windows\System\vQcBnzt.exe
  C:\Windows\System\vQcBnzt.exe
  2⤵
  PID:3812
- C:\Windows\System\sXZteUT.exe
  C:\Windows\System\sXZteUT.exe
  2⤵
  PID:3832
- C:\Windows\System\GWKOPdO.exe
  C:\Windows\System\GWKOPdO.exe
  2⤵
  PID:3852
- C:\Windows\System\OzWqQCQ.exe
  C:\Windows\System\OzWqQCQ.exe
  2⤵
  PID:3872
- C:\Windows\System\PxqbJsb.exe
  C:\Windows\System\PxqbJsb.exe
  2⤵
  PID:3892
- C:\Windows\System\wQocvWU.exe
  C:\Windows\System\wQocvWU.exe
  2⤵
  PID:3912
- C:\Windows\System\KdHWqSX.exe
  C:\Windows\System\KdHWqSX.exe
  2⤵
  PID:3932
- C:\Windows\System\ZXfjqUU.exe
  C:\Windows\System\ZXfjqUU.exe
  2⤵
  PID:3952
- C:\Windows\System\Pxcnmcu.exe
  C:\Windows\System\Pxcnmcu.exe
  2⤵
  PID:3972
- C:\Windows\System\sYJrhos.exe
  C:\Windows\System\sYJrhos.exe
  2⤵
  PID:3992
- C:\Windows\System\xVCIUst.exe
  C:\Windows\System\xVCIUst.exe
  2⤵
  PID:4016
- C:\Windows\System\kBFxdvL.exe
  C:\Windows\System\kBFxdvL.exe
  2⤵
  PID:4036
- C:\Windows\System\pXEjjff.exe
  C:\Windows\System\pXEjjff.exe
  2⤵
  PID:4056
- C:\Windows\System\DUucBcP.exe
  C:\Windows\System\DUucBcP.exe
  2⤵
  PID:4076
- C:\Windows\System\INCZikN.exe
  C:\Windows\System\INCZikN.exe
  2⤵
  PID:2212
- C:\Windows\System\diPVvVi.exe
  C:\Windows\System\diPVvVi.exe
  2⤵
  PID:1584
- C:\Windows\System\ihURbQg.exe
  C:\Windows\System\ihURbQg.exe
  2⤵
  PID:2040
- C:\Windows\System\JquegQG.exe
  C:\Windows\System\JquegQG.exe
  2⤵
  PID:2928
- C:\Windows\System\pjXoQPy.exe
  C:\Windows\System\pjXoQPy.exe
  2⤵
  PID:2752
- C:\Windows\System\OkSFFOJ.exe
  C:\Windows\System\OkSFFOJ.exe
  2⤵
  PID:2680
- C:\Windows\System\MpxEpbR.exe
  C:\Windows\System\MpxEpbR.exe
  2⤵
  PID:2972
- C:\Windows\System\PqMfWnj.exe
  C:\Windows\System\PqMfWnj.exe
  2⤵
  PID:2728
- C:\Windows\System\VhgdqRg.exe
  C:\Windows\System\VhgdqRg.exe
  2⤵
  PID:1752
- C:\Windows\System\AAMcpon.exe
  C:\Windows\System\AAMcpon.exe
  2⤵
  PID:2984
- C:\Windows\System\XlNhHDy.exe
  C:\Windows\System\XlNhHDy.exe
  2⤵
  PID:1524
- C:\Windows\System\ZlNUeVt.exe
  C:\Windows\System\ZlNUeVt.exe
  2⤵
  PID:892
- C:\Windows\System\ADtfRNA.exe
  C:\Windows\System\ADtfRNA.exe
  2⤵
  PID:3016
- C:\Windows\System\jZNvEYW.exe
  C:\Windows\System\jZNvEYW.exe
  2⤵
  PID:2208
- C:\Windows\System\QfuHMSh.exe
  C:\Windows\System\QfuHMSh.exe
  2⤵
  PID:3120
- C:\Windows\System\qUeecSq.exe
  C:\Windows\System\qUeecSq.exe
  2⤵
  PID:3140
- C:\Windows\System\EHfPeWc.exe
  C:\Windows\System\EHfPeWc.exe
  2⤵
  PID:3204
- C:\Windows\System\NDgDMaD.exe
  C:\Windows\System\NDgDMaD.exe
  2⤵
  PID:3244
- C:\Windows\System\XRgEXtZ.exe
  C:\Windows\System\XRgEXtZ.exe
  2⤵
  PID:2300
- C:\Windows\System\QiKDjjT.exe
  C:\Windows\System\QiKDjjT.exe
  2⤵
  PID:3260
- C:\Windows\System\LiktTTN.exe
  C:\Windows\System\LiktTTN.exe
  2⤵
  PID:3304
- C:\Windows\System\FFAdgrs.exe
  C:\Windows\System\FFAdgrs.exe
  2⤵
  PID:3344
- C:\Windows\System\SPShfRy.exe
  C:\Windows\System\SPShfRy.exe
  2⤵
  PID:3384
- C:\Windows\System\ZDyljTY.exe
  C:\Windows\System\ZDyljTY.exe
  2⤵
  PID:3416
- C:\Windows\System\MnuPVqx.exe
  C:\Windows\System\MnuPVqx.exe
  2⤵
  PID:3476
- C:\Windows\System\gSqMYQh.exe
  C:\Windows\System\gSqMYQh.exe
  2⤵
  PID:3484
- C:\Windows\System\jwCbFQJ.exe
  C:\Windows\System\jwCbFQJ.exe
  2⤵
  PID:3500
- C:\Windows\System\NpXkqZa.exe
  C:\Windows\System\NpXkqZa.exe
  2⤵
  PID:3560
- C:\Windows\System\xleZxIx.exe
  C:\Windows\System\xleZxIx.exe
  2⤵
  PID:3576
- C:\Windows\System\wxlbSKV.exe
  C:\Windows\System\wxlbSKV.exe
  2⤵
  PID:3636
- C:\Windows\System\seFzqLf.exe
  C:\Windows\System\seFzqLf.exe
  2⤵
  PID:3644
- C:\Windows\System\JGAmSpK.exe
  C:\Windows\System\JGAmSpK.exe
  2⤵
  PID:3688
- C:\Windows\System\dAYogUr.exe
  C:\Windows\System\dAYogUr.exe
  2⤵
  PID:3708
- C:\Windows\System\xDLdVxm.exe
  C:\Windows\System\xDLdVxm.exe
  2⤵
  PID:3764
- C:\Windows\System\lQeghvP.exe
  C:\Windows\System\lQeghvP.exe
  2⤵
  PID:3800
- C:\Windows\System\TLoPkYt.exe
  C:\Windows\System\TLoPkYt.exe
  2⤵
  PID:3804
- C:\Windows\System\dyJhaDa.exe
  C:\Windows\System\dyJhaDa.exe
  2⤵
  PID:3848
- C:\Windows\System\XNdJHmU.exe
  C:\Windows\System\XNdJHmU.exe
  2⤵
  PID:3864
- C:\Windows\System\iUGhfFf.exe
  C:\Windows\System\iUGhfFf.exe
  2⤵
  PID:3928
- C:\Windows\System\NaJksjA.exe
  C:\Windows\System\NaJksjA.exe
  2⤵
  PID:3940
- C:\Windows\System\uPpWsXW.exe
  C:\Windows\System\uPpWsXW.exe
  2⤵
  PID:4000
- C:\Windows\System\WsrlqoB.exe
  C:\Windows\System\WsrlqoB.exe
  2⤵
  PID:3988
- C:\Windows\System\xgyvBzy.exe
  C:\Windows\System\xgyvBzy.exe
  2⤵
  PID:3064
- C:\Windows\System\TaUHJVq.exe
  C:\Windows\System\TaUHJVq.exe
  2⤵
  PID:4088
- C:\Windows\System\lkRTENd.exe
  C:\Windows\System\lkRTENd.exe
  2⤵
  PID:1560
- C:\Windows\System\TJgAoHW.exe
  C:\Windows\System\TJgAoHW.exe
  2⤵
  PID:1936
- C:\Windows\System\kILIiqD.exe
  C:\Windows\System\kILIiqD.exe
  2⤵
  PID:2916
- C:\Windows\System\PPhTzSA.exe
  C:\Windows\System\PPhTzSA.exe
  2⤵
  PID:2652
- C:\Windows\System\dINeUPI.exe
  C:\Windows\System\dINeUPI.exe
  2⤵
  PID:1488
- C:\Windows\System\LIohMhN.exe
  C:\Windows\System\LIohMhN.exe
  2⤵
  PID:3056
- C:\Windows\System\JHFSQPR.exe
  C:\Windows\System\JHFSQPR.exe
  2⤵
  PID:2428
- C:\Windows\System\jsVzAca.exe
  C:\Windows\System\jsVzAca.exe
  2⤵
  PID:3100
- C:\Windows\System\feYLbMy.exe
  C:\Windows\System\feYLbMy.exe
  2⤵
  PID:3176
- C:\Windows\System\NrNKgHb.exe
  C:\Windows\System\NrNKgHb.exe
  2⤵
  PID:3156
- C:\Windows\System\pJdHdMB.exe
  C:\Windows\System\pJdHdMB.exe
  2⤵
  PID:3316
- C:\Windows\System\HLZMeVS.exe
  C:\Windows\System\HLZMeVS.exe
  2⤵
  PID:3324
- C:\Windows\System\yWdclWz.exe
  C:\Windows\System\yWdclWz.exe
  2⤵
  PID:3376
- C:\Windows\System\EYafNqC.exe
  C:\Windows\System\EYafNqC.exe
  2⤵
  PID:3356
- C:\Windows\System\NxCFjoy.exe
  C:\Windows\System\NxCFjoy.exe
  2⤵
  PID:3404
- C:\Windows\System\jcOLjXK.exe
  C:\Windows\System\jcOLjXK.exe
  2⤵
  PID:3540
- C:\Windows\System\alDPwia.exe
  C:\Windows\System\alDPwia.exe
  2⤵
  PID:3536
- C:\Windows\System\tqIuQxQ.exe
  C:\Windows\System\tqIuQxQ.exe
  2⤵
  PID:3604
- C:\Windows\System\HJaOToo.exe
  C:\Windows\System\HJaOToo.exe
  2⤵
  PID:3728
- C:\Windows\System\UTVBvuS.exe
  C:\Windows\System\UTVBvuS.exe
  2⤵
  PID:3748
- C:\Windows\System\VSNWaWY.exe
  C:\Windows\System\VSNWaWY.exe
  2⤵
  PID:3744
- C:\Windows\System\jpMQxUY.exe
  C:\Windows\System\jpMQxUY.exe
  2⤵
  PID:3880
- C:\Windows\System\KGWbvJi.exe
  C:\Windows\System\KGWbvJi.exe
  2⤵
  PID:3920
- C:\Windows\System\OVuwcVa.exe
  C:\Windows\System\OVuwcVa.exe
  2⤵
  PID:3944
- C:\Windows\System\EvucWNO.exe
  C:\Windows\System\EvucWNO.exe
  2⤵
  PID:4052
- C:\Windows\System\yhitHTN.exe
  C:\Windows\System\yhitHTN.exe
  2⤵
  PID:4064
- C:\Windows\System\XkMZDFw.exe
  C:\Windows\System\XkMZDFw.exe
  2⤵
  PID:1632
- C:\Windows\System\qLBsqzl.exe
  C:\Windows\System\qLBsqzl.exe
  2⤵
  PID:4084
- C:\Windows\System\lrICWLD.exe
  C:\Windows\System\lrICWLD.exe
  2⤵
  PID:764
- C:\Windows\System\CqEichT.exe
  C:\Windows\System\CqEichT.exe
  2⤵
  PID:832
- C:\Windows\System\roZoTlt.exe
  C:\Windows\System\roZoTlt.exe
  2⤵
  PID:836
- C:\Windows\System\lLboFPk.exe
  C:\Windows\System\lLboFPk.exe
  2⤵
  PID:3280
- C:\Windows\System\tmjUatp.exe
  C:\Windows\System\tmjUatp.exe
  2⤵
  PID:3104
- C:\Windows\System\CQSJwnN.exe
  C:\Windows\System\CQSJwnN.exe
  2⤵
  PID:3444
- C:\Windows\System\wGjVnHM.exe
  C:\Windows\System\wGjVnHM.exe
  2⤵
  PID:3464
- C:\Windows\System\zGtXKZo.exe
  C:\Windows\System\zGtXKZo.exe
  2⤵
  PID:3424
- C:\Windows\System\MHUNwqa.exe
  C:\Windows\System\MHUNwqa.exe
  2⤵
  PID:2864
- C:\Windows\System\SkQFKhw.exe
  C:\Windows\System\SkQFKhw.exe
  2⤵
  PID:3808
- C:\Windows\System\bqZEvpK.exe
  C:\Windows\System\bqZEvpK.exe
  2⤵
  PID:3684
- C:\Windows\System\pdKsLWT.exe
  C:\Windows\System\pdKsLWT.exe
  2⤵
  PID:3868
- C:\Windows\System\tjdVRJp.exe
  C:\Windows\System\tjdVRJp.exe
  2⤵
  PID:4048
- C:\Windows\System\EtKjwKu.exe
  C:\Windows\System\EtKjwKu.exe
  2⤵
  PID:4072
- C:\Windows\System\MZMSZbB.exe
  C:\Windows\System\MZMSZbB.exe
  2⤵
  PID:3980
- C:\Windows\System\bCNtfqZ.exe
  C:\Windows\System\bCNtfqZ.exe
  2⤵
  PID:1736
- C:\Windows\System\anoNudp.exe
  C:\Windows\System\anoNudp.exe
  2⤵
  PID:3216
- C:\Windows\System\KPvkIqx.exe
  C:\Windows\System\KPvkIqx.exe
  2⤵
  PID:2852
- C:\Windows\System\glPuLqo.exe
  C:\Windows\System\glPuLqo.exe
  2⤵
  PID:3220
- C:\Windows\System\zRLSZts.exe
  C:\Windows\System\zRLSZts.exe
  2⤵
  PID:3084
- C:\Windows\System\xsBIVPk.exe
  C:\Windows\System\xsBIVPk.exe
  2⤵
  PID:3580
- C:\Windows\System\rsdcrzH.exe
  C:\Windows\System\rsdcrzH.exe
  2⤵
  PID:3596
- C:\Windows\System\IkRKmRO.exe
  C:\Windows\System\IkRKmRO.exe
  2⤵
  PID:3908
- C:\Windows\System\EPHqSyR.exe
  C:\Windows\System\EPHqSyR.exe
  2⤵
  PID:4124
- C:\Windows\System\VdySczC.exe
  C:\Windows\System\VdySczC.exe
  2⤵
  PID:4144
- C:\Windows\System\nwLKkfI.exe
  C:\Windows\System\nwLKkfI.exe
  2⤵
  PID:4164
- C:\Windows\System\asMhTUL.exe
  C:\Windows\System\asMhTUL.exe
  2⤵
  PID:4184
- C:\Windows\System\pklNKVj.exe
  C:\Windows\System\pklNKVj.exe
  2⤵
  PID:4204
- C:\Windows\System\cnfjqEz.exe
  C:\Windows\System\cnfjqEz.exe
  2⤵
  PID:4224
- C:\Windows\System\fuzaJAL.exe
  C:\Windows\System\fuzaJAL.exe
  2⤵
  PID:4244
- C:\Windows\System\lRJAuVI.exe
  C:\Windows\System\lRJAuVI.exe
  2⤵
  PID:4264
- C:\Windows\System\TDsJELR.exe
  C:\Windows\System\TDsJELR.exe
  2⤵
  PID:4284
- C:\Windows\System\QjuuCxW.exe
  C:\Windows\System\QjuuCxW.exe
  2⤵
  PID:4304
- C:\Windows\System\vqUAlNg.exe
  C:\Windows\System\vqUAlNg.exe
  2⤵
  PID:4324
- C:\Windows\System\lYIDCuc.exe
  C:\Windows\System\lYIDCuc.exe
  2⤵
  PID:4344
- C:\Windows\System\TggMllZ.exe
  C:\Windows\System\TggMllZ.exe
  2⤵
  PID:4364
- C:\Windows\System\VKXwtFV.exe
  C:\Windows\System\VKXwtFV.exe
  2⤵
  PID:4384
- C:\Windows\System\wjVZwhK.exe
  C:\Windows\System\wjVZwhK.exe
  2⤵
  PID:4408
- C:\Windows\System\bLdGJAg.exe
  C:\Windows\System\bLdGJAg.exe
  2⤵
  PID:4428
- C:\Windows\System\RCqqnzm.exe
  C:\Windows\System\RCqqnzm.exe
  2⤵
  PID:4448
- C:\Windows\System\ZkVJHZq.exe
  C:\Windows\System\ZkVJHZq.exe
  2⤵
  PID:4468
- C:\Windows\System\dHjqwWr.exe
  C:\Windows\System\dHjqwWr.exe
  2⤵
  PID:4488
- C:\Windows\System\SXCSDbw.exe
  C:\Windows\System\SXCSDbw.exe
  2⤵
  PID:4508
- C:\Windows\System\pGtaXTn.exe
  C:\Windows\System\pGtaXTn.exe
  2⤵
  PID:4524
- C:\Windows\System\aZElaBq.exe
  C:\Windows\System\aZElaBq.exe
  2⤵
  PID:4544
- C:\Windows\System\PDqWtkt.exe
  C:\Windows\System\PDqWtkt.exe
  2⤵
  PID:4568
- C:\Windows\System\IPPOVsZ.exe
  C:\Windows\System\IPPOVsZ.exe
  2⤵
  PID:4588
- C:\Windows\System\kxeotph.exe
  C:\Windows\System\kxeotph.exe
  2⤵
  PID:4608
- C:\Windows\System\LRzABIN.exe
  C:\Windows\System\LRzABIN.exe
  2⤵
  PID:4632
- C:\Windows\System\yNkDBsJ.exe
  C:\Windows\System\yNkDBsJ.exe
  2⤵
  PID:4652
- C:\Windows\System\ZWJMmoh.exe
  C:\Windows\System\ZWJMmoh.exe
  2⤵
  PID:4672
- C:\Windows\System\ZNUZadc.exe
  C:\Windows\System\ZNUZadc.exe
  2⤵
  PID:4692
- C:\Windows\System\pwjSUac.exe
  C:\Windows\System\pwjSUac.exe
  2⤵
  PID:4712
- C:\Windows\System\WEBhXmT.exe
  C:\Windows\System\WEBhXmT.exe
  2⤵
  PID:4728
- C:\Windows\System\nawFDHC.exe
  C:\Windows\System\nawFDHC.exe
  2⤵
  PID:4748
- C:\Windows\System\becjRmx.exe
  C:\Windows\System\becjRmx.exe
  2⤵
  PID:4768
- C:\Windows\System\esdZGrL.exe
  C:\Windows\System\esdZGrL.exe
  2⤵
  PID:4792
- C:\Windows\System\uEXfnMX.exe
  C:\Windows\System\uEXfnMX.exe
  2⤵
  PID:4812
- C:\Windows\System\pEdEwZy.exe
  C:\Windows\System\pEdEwZy.exe
  2⤵
  PID:4832
- C:\Windows\System\ypwoKkU.exe
  C:\Windows\System\ypwoKkU.exe
  2⤵
  PID:4852
- C:\Windows\System\cefIrkn.exe
  C:\Windows\System\cefIrkn.exe
  2⤵
  PID:4872
- C:\Windows\System\yGWMhbP.exe
  C:\Windows\System\yGWMhbP.exe
  2⤵
  PID:4892
- C:\Windows\System\jPCOBEd.exe
  C:\Windows\System\jPCOBEd.exe
  2⤵
  PID:4912
- C:\Windows\System\gYJJycN.exe
  C:\Windows\System\gYJJycN.exe
  2⤵
  PID:4932
- C:\Windows\System\iaiBCcU.exe
  C:\Windows\System\iaiBCcU.exe
  2⤵
  PID:4952
- C:\Windows\System\SbflOWE.exe
  C:\Windows\System\SbflOWE.exe
  2⤵
  PID:4972
- C:\Windows\System\XkaFNvW.exe
  C:\Windows\System\XkaFNvW.exe
  2⤵
  PID:4992
- C:\Windows\System\QRZiCpi.exe
  C:\Windows\System\QRZiCpi.exe
  2⤵
  PID:5012
- C:\Windows\System\MIqEDOf.exe
  C:\Windows\System\MIqEDOf.exe
  2⤵
  PID:5032
- C:\Windows\System\Nhvdioe.exe
  C:\Windows\System\Nhvdioe.exe
  2⤵
  PID:5056
- C:\Windows\System\uFqXiFH.exe
  C:\Windows\System\uFqXiFH.exe
  2⤵
  PID:5076
- C:\Windows\System\KimpLFS.exe
  C:\Windows\System\KimpLFS.exe
  2⤵
  PID:5096
- C:\Windows\System\EkXyBAX.exe
  C:\Windows\System\EkXyBAX.exe
  2⤵
  PID:5116
- C:\Windows\System\BQiUHZu.exe
  C:\Windows\System\BQiUHZu.exe
  2⤵
  PID:3760
- C:\Windows\System\WJbTMYX.exe
  C:\Windows\System\WJbTMYX.exe
  2⤵
  PID:2224
- C:\Windows\System\xWnOltl.exe
  C:\Windows\System\xWnOltl.exe
  2⤵
  PID:1968
- C:\Windows\System\xAxpTMp.exe
  C:\Windows\System\xAxpTMp.exe
  2⤵
  PID:2576
- C:\Windows\System\GyxrGIj.exe
  C:\Windows\System\GyxrGIj.exe
  2⤵
  PID:3700
- C:\Windows\System\gBpHqbp.exe
  C:\Windows\System\gBpHqbp.exe
  2⤵
  PID:1484
- C:\Windows\System\uDrtpyr.exe
  C:\Windows\System\uDrtpyr.exe
  2⤵
  PID:3556
- C:\Windows\System\sASIZjx.exe
  C:\Windows\System\sASIZjx.exe
  2⤵
  PID:4112
- C:\Windows\System\PeqcjVm.exe
  C:\Windows\System\PeqcjVm.exe
  2⤵
  PID:4152
- C:\Windows\System\xWsXLbK.exe
  C:\Windows\System\xWsXLbK.exe
  2⤵
  PID:4220
- C:\Windows\System\hEXpWlh.exe
  C:\Windows\System\hEXpWlh.exe
  2⤵
  PID:4200
- C:\Windows\System\iHeDFgQ.exe
  C:\Windows\System\iHeDFgQ.exe
  2⤵
  PID:4256
- C:\Windows\System\uJZbREo.exe
  C:\Windows\System\uJZbREo.exe
  2⤵
  PID:4280
- C:\Windows\System\OMYpegO.exe
  C:\Windows\System\OMYpegO.exe
  2⤵
  PID:4340
- C:\Windows\System\QcMxtol.exe
  C:\Windows\System\QcMxtol.exe
  2⤵
  PID:4372
- C:\Windows\System\ibgClOr.exe
  C:\Windows\System\ibgClOr.exe
  2⤵
  PID:4356
- C:\Windows\System\kkpHMhr.exe
  C:\Windows\System\kkpHMhr.exe
  2⤵
  PID:4392
- C:\Windows\System\TkTszQp.exe
  C:\Windows\System\TkTszQp.exe
  2⤵
  PID:4436
- C:\Windows\System\jvLYfUb.exe
  C:\Windows\System\jvLYfUb.exe
  2⤵
  PID:4476
- C:\Windows\System\BfPZlNI.exe
  C:\Windows\System\BfPZlNI.exe
  2⤵
  PID:4540
- C:\Windows\System\eJumkWJ.exe
  C:\Windows\System\eJumkWJ.exe
  2⤵
  PID:4552
- C:\Windows\System\bFaDyvc.exe
  C:\Windows\System\bFaDyvc.exe
  2⤵
  PID:4560
- C:\Windows\System\DfFSrdD.exe
  C:\Windows\System\DfFSrdD.exe
  2⤵
  PID:4628
- C:\Windows\System\aIYYSmt.exe
  C:\Windows\System\aIYYSmt.exe
  2⤵
  PID:268
- C:\Windows\System\dSBWzQT.exe
  C:\Windows\System\dSBWzQT.exe
  2⤵
  PID:4680
- C:\Windows\System\VlblBJI.exe
  C:\Windows\System\VlblBJI.exe
  2⤵
  PID:4736
- C:\Windows\System\OrlCLUm.exe
  C:\Windows\System\OrlCLUm.exe
  2⤵
  PID:4776
- C:\Windows\System\LkoUxbN.exe
  C:\Windows\System\LkoUxbN.exe
  2⤵
  PID:4764
- C:\Windows\System\JabEJyp.exe
  C:\Windows\System\JabEJyp.exe
  2⤵
  PID:4808
- C:\Windows\System\YwxEkOO.exe
  C:\Windows\System\YwxEkOO.exe
  2⤵
  PID:4864
- C:\Windows\System\dAPaiCd.exe
  C:\Windows\System\dAPaiCd.exe
  2⤵
  PID:4880
- C:\Windows\System\MWCLYli.exe
  C:\Windows\System\MWCLYli.exe
  2⤵
  PID:4904
- C:\Windows\System\hYgQvFZ.exe
  C:\Windows\System\hYgQvFZ.exe
  2⤵
  PID:4948
- C:\Windows\System\HMkPPhK.exe
  C:\Windows\System\HMkPPhK.exe
  2⤵
  PID:4960
- C:\Windows\System\vNCsDFe.exe
  C:\Windows\System\vNCsDFe.exe
  2⤵
  PID:2696
- C:\Windows\System\mDrDauH.exe
  C:\Windows\System\mDrDauH.exe
  2⤵
  PID:5008
- C:\Windows\System\lljfgTB.exe
  C:\Windows\System\lljfgTB.exe
  2⤵
  PID:5072
- C:\Windows\System\wVDNoKR.exe
  C:\Windows\System\wVDNoKR.exe
  2⤵
  PID:5084
- C:\Windows\System\CmIcrSp.exe
  C:\Windows\System\CmIcrSp.exe
  2⤵
  PID:2656
- C:\Windows\System\zgqrTmR.exe
  C:\Windows\System\zgqrTmR.exe
  2⤵
  PID:1788
- C:\Windows\System\FQICUQp.exe
  C:\Windows\System\FQICUQp.exe
  2⤵
  PID:3968
- C:\Windows\System\CsgGGTm.exe
  C:\Windows\System\CsgGGTm.exe
  2⤵
  PID:476
- C:\Windows\System\noXpXSP.exe
  C:\Windows\System\noXpXSP.exe
  2⤵
  PID:2848
- C:\Windows\System\hquGfja.exe
  C:\Windows\System\hquGfja.exe
  2⤵
  PID:4108
- C:\Windows\System\OLmXJqW.exe
  C:\Windows\System\OLmXJqW.exe
  2⤵
  PID:4156
- C:\Windows\System\QvYUvbc.exe
  C:\Windows\System\QvYUvbc.exe
  2⤵
  PID:4232
- C:\Windows\System\kktdanN.exe
  C:\Windows\System\kktdanN.exe
  2⤵
  PID:3544
- C:\Windows\System\OPuaBPv.exe
  C:\Windows\System\OPuaBPv.exe
  2⤵
  PID:4296
- C:\Windows\System\vJdSIVO.exe
  C:\Windows\System\vJdSIVO.exe
  2⤵
  PID:2756
- C:\Windows\System\woQWuhS.exe
  C:\Windows\System\woQWuhS.exe
  2⤵
  PID:4400
- C:\Windows\System\ZvOTNUy.exe
  C:\Windows\System\ZvOTNUy.exe
  2⤵
  PID:4532
- C:\Windows\System\GbbMRod.exe
  C:\Windows\System\GbbMRod.exe
  2⤵
  PID:2804
- C:\Windows\System\xOEwWuA.exe
  C:\Windows\System\xOEwWuA.exe
  2⤵
  PID:4580
- C:\Windows\System\NoLgmES.exe
  C:\Windows\System\NoLgmES.exe
  2⤵
  PID:4660
- C:\Windows\System\qwcGBeB.exe
  C:\Windows\System\qwcGBeB.exe
  2⤵
  PID:4648
- C:\Windows\System\ytMmtdh.exe
  C:\Windows\System\ytMmtdh.exe
  2⤵
  PID:4740
- C:\Windows\System\sLpEUZF.exe
  C:\Windows\System\sLpEUZF.exe
  2⤵
  PID:4720
- C:\Windows\System\fZIIZrK.exe
  C:\Windows\System\fZIIZrK.exe
  2⤵
  PID:4860
- C:\Windows\System\fJweEWq.exe
  C:\Windows\System\fJweEWq.exe
  2⤵
  PID:4844
- C:\Windows\System\VJVEkEy.exe
  C:\Windows\System\VJVEkEy.exe
  2⤵
  PID:2660
- C:\Windows\System\XOBwCVq.exe
  C:\Windows\System\XOBwCVq.exe
  2⤵
  PID:4616
- C:\Windows\System\pSEJNAA.exe
  C:\Windows\System\pSEJNAA.exe
  2⤵
  PID:5024
- C:\Windows\System\CeBrIqJ.exe
  C:\Windows\System\CeBrIqJ.exe
  2⤵
  PID:5040
- C:\Windows\System\rimMGqm.exe
  C:\Windows\System\rimMGqm.exe
  2⤵
  PID:5112
- C:\Windows\System\tQSkUqM.exe
  C:\Windows\System\tQSkUqM.exe
  2⤵
  PID:3788
- C:\Windows\System\kVBILqy.exe
  C:\Windows\System\kVBILqy.exe
  2⤵
  PID:2492
- C:\Windows\System\koEHxju.exe
  C:\Windows\System\koEHxju.exe
  2⤵
  PID:3300
- C:\Windows\System\ibnlUYi.exe
  C:\Windows\System\ibnlUYi.exe
  2⤵
  PID:4176
- C:\Windows\System\kwkNGlz.exe
  C:\Windows\System\kwkNGlz.exe
  2⤵
  PID:4216
- C:\Windows\System\RIoRXrB.exe
  C:\Windows\System\RIoRXrB.exe
  2⤵
  PID:4272
- C:\Windows\System\sYfdMEF.exe
  C:\Windows\System\sYfdMEF.exe
  2⤵
  PID:4312
- C:\Windows\System\WKaeOsf.exe
  C:\Windows\System\WKaeOsf.exe
  2⤵
  PID:4496
- C:\Windows\System\oNvvGdk.exe
  C:\Windows\System\oNvvGdk.exe
  2⤵
  PID:4604
- C:\Windows\System\hBdOsHv.exe
  C:\Windows\System\hBdOsHv.exe
  2⤵
  PID:1084
- C:\Windows\System\nfcCsTw.exe
  C:\Windows\System\nfcCsTw.exe
  2⤵
  PID:4700
- C:\Windows\System\ZFaPQNZ.exe
  C:\Windows\System\ZFaPQNZ.exe
  2⤵
  PID:4828
- C:\Windows\System\MeSjKDA.exe
  C:\Windows\System\MeSjKDA.exe
  2⤵
  PID:4820
- C:\Windows\System\yFVZiwP.exe
  C:\Windows\System\yFVZiwP.exe
  2⤵
  PID:4884
- C:\Windows\System\VrINYjh.exe
  C:\Windows\System\VrINYjh.exe
  2⤵
  PID:5000
- C:\Windows\System\CzvEdEH.exe
  C:\Windows\System\CzvEdEH.exe
  2⤵
  PID:1956
- C:\Windows\System\BLOkrBb.exe
  C:\Windows\System\BLOkrBb.exe
  2⤵
  PID:2704
- C:\Windows\System\rzDNpbh.exe
  C:\Windows\System\rzDNpbh.exe
  2⤵
  PID:5092
- C:\Windows\System\pnRVRTV.exe
  C:\Windows\System\pnRVRTV.exe
  2⤵
  PID:3620
- C:\Windows\System\cvinAju.exe
  C:\Windows\System\cvinAju.exe
  2⤵
  PID:4140
- C:\Windows\System\psejmPt.exe
  C:\Windows\System\psejmPt.exe
  2⤵
  PID:964
- C:\Windows\System\BMmDNtm.exe
  C:\Windows\System\BMmDNtm.exe
  2⤵
  PID:4424
- C:\Windows\System\dXdjPYR.exe
  C:\Windows\System\dXdjPYR.exe
  2⤵
  PID:4516
- C:\Windows\System\gOOULWX.exe
  C:\Windows\System\gOOULWX.exe
  2⤵
  PID:4704
- C:\Windows\System\JyolhDr.exe
  C:\Windows\System\JyolhDr.exe
  2⤵
  PID:4868
- C:\Windows\System\wXLOBon.exe
  C:\Windows\System\wXLOBon.exe
  2⤵
  PID:1508
- C:\Windows\System\AsGPeye.exe
  C:\Windows\System\AsGPeye.exe
  2⤵
  PID:4316
- C:\Windows\System\HwQwaGW.exe
  C:\Windows\System\HwQwaGW.exe
  2⤵
  PID:2976
- C:\Windows\System\RiSRnKy.exe
  C:\Windows\System\RiSRnKy.exe
  2⤵
  PID:2056
- C:\Windows\System\CFxKjGJ.exe
  C:\Windows\System\CFxKjGJ.exe
  2⤵
  PID:4136
- C:\Windows\System\OlqaBJU.exe
  C:\Windows\System\OlqaBJU.exe
  2⤵
  PID:4460
- C:\Windows\System\TdjOvNd.exe
  C:\Windows\System\TdjOvNd.exe
  2⤵
  PID:3052
- C:\Windows\System\KVgFKpo.exe
  C:\Windows\System\KVgFKpo.exe
  2⤵
  PID:1840
- C:\Windows\System\nmfPtbm.exe
  C:\Windows\System\nmfPtbm.exe
  2⤵
  PID:5088
- C:\Windows\System\sSMcyKR.exe
  C:\Windows\System\sSMcyKR.exe
  2⤵
  PID:1816
- C:\Windows\System\gcRSVVc.exe
  C:\Windows\System\gcRSVVc.exe
  2⤵
  PID:2684
- C:\Windows\System\rEtmlKU.exe
  C:\Windows\System\rEtmlKU.exe
  2⤵
  PID:4500
- C:\Windows\System\imJhDRF.exe
  C:\Windows\System\imJhDRF.exe
  2⤵
  PID:4964
- C:\Windows\System\CyqceYx.exe
  C:\Windows\System\CyqceYx.exe
  2⤵
  PID:4644
- C:\Windows\System\SpykzSJ.exe
  C:\Windows\System\SpykzSJ.exe
  2⤵
  PID:4888
- C:\Windows\System\xfDCKxd.exe
  C:\Windows\System\xfDCKxd.exe
  2⤵
  PID:5132
- C:\Windows\System\aYoGIFi.exe
  C:\Windows\System\aYoGIFi.exe
  2⤵
  PID:5156
- C:\Windows\System\JgGIeWK.exe
  C:\Windows\System\JgGIeWK.exe
  2⤵
  PID:5176
- C:\Windows\System\zHbNqJZ.exe
  C:\Windows\System\zHbNqJZ.exe
  2⤵
  PID:5196
- C:\Windows\System\qnfbEZS.exe
  C:\Windows\System\qnfbEZS.exe
  2⤵
  PID:5216
- C:\Windows\System\aeLDvUT.exe
  C:\Windows\System\aeLDvUT.exe
  2⤵
  PID:5236
- C:\Windows\System\PBQzvZS.exe
  C:\Windows\System\PBQzvZS.exe
  2⤵
  PID:5256
- C:\Windows\System\uXURZrX.exe
  C:\Windows\System\uXURZrX.exe
  2⤵
  PID:5280
- C:\Windows\System\SytJkfq.exe
  C:\Windows\System\SytJkfq.exe
  2⤵
  PID:5300
- C:\Windows\System\iMjavvD.exe
  C:\Windows\System\iMjavvD.exe
  2⤵
  PID:5320
- C:\Windows\System\ZRFTqqm.exe
  C:\Windows\System\ZRFTqqm.exe
  2⤵
  PID:5340
- C:\Windows\System\yIJstBQ.exe
  C:\Windows\System\yIJstBQ.exe
  2⤵
  PID:5360
- C:\Windows\System\nCdLUUg.exe
  C:\Windows\System\nCdLUUg.exe
  2⤵
  PID:5376
- C:\Windows\System\IRmFGCT.exe
  C:\Windows\System\IRmFGCT.exe
  2⤵
  PID:5396
- C:\Windows\System\fXJDoSF.exe
  C:\Windows\System\fXJDoSF.exe
  2⤵
  PID:5416
- C:\Windows\System\JGfVhks.exe
  C:\Windows\System\JGfVhks.exe
  2⤵
  PID:5436
- C:\Windows\System\jXOLRxA.exe
  C:\Windows\System\jXOLRxA.exe
  2⤵
  PID:5460
- C:\Windows\System\GMeiCXA.exe
  C:\Windows\System\GMeiCXA.exe
  2⤵
  PID:5480
- C:\Windows\System\qSvcdFd.exe
  C:\Windows\System\qSvcdFd.exe
  2⤵
  PID:5500
- C:\Windows\System\gRitoEJ.exe
  C:\Windows\System\gRitoEJ.exe
  2⤵
  PID:5520
- C:\Windows\System\FlkoQpV.exe
  C:\Windows\System\FlkoQpV.exe
  2⤵
  PID:5536
- C:\Windows\System\eCYbAQl.exe
  C:\Windows\System\eCYbAQl.exe
  2⤵
  PID:5556
- C:\Windows\System\glDgBEN.exe
  C:\Windows\System\glDgBEN.exe
  2⤵
  PID:5580
- C:\Windows\System\RqppCEQ.exe
  C:\Windows\System\RqppCEQ.exe
  2⤵
  PID:5600
- C:\Windows\System\HKtThBT.exe
  C:\Windows\System\HKtThBT.exe
  2⤵
  PID:5620
- C:\Windows\System\jNomAQH.exe
  C:\Windows\System\jNomAQH.exe
  2⤵
  PID:5640
- C:\Windows\System\fjyvWUu.exe
  C:\Windows\System\fjyvWUu.exe
  2⤵
  PID:5660
- C:\Windows\System\VSEhsZU.exe
  C:\Windows\System\VSEhsZU.exe
  2⤵
  PID:5680
- C:\Windows\System\OgAlkRR.exe
  C:\Windows\System\OgAlkRR.exe
  2⤵
  PID:5696
- C:\Windows\System\wPeGkhd.exe
  C:\Windows\System\wPeGkhd.exe
  2⤵
  PID:5720
- C:\Windows\System\WQOliSP.exe
  C:\Windows\System\WQOliSP.exe
  2⤵
  PID:5736
- C:\Windows\System\kNuRJcD.exe
  C:\Windows\System\kNuRJcD.exe
  2⤵
  PID:5756
- C:\Windows\System\YovDwSG.exe
  C:\Windows\System\YovDwSG.exe
  2⤵
  PID:5776
- C:\Windows\System\NhrCiDi.exe
  C:\Windows\System\NhrCiDi.exe
  2⤵
  PID:5796
- C:\Windows\System\kLmCrtp.exe
  C:\Windows\System\kLmCrtp.exe
  2⤵
  PID:5816
- C:\Windows\System\KetyTcn.exe
  C:\Windows\System\KetyTcn.exe
  2⤵
  PID:5836
- C:\Windows\System\SNwOQqm.exe
  C:\Windows\System\SNwOQqm.exe
  2⤵
  PID:5856
- C:\Windows\System\scNoiCo.exe
  C:\Windows\System\scNoiCo.exe
  2⤵
  PID:5876
- C:\Windows\System\ZibdHQi.exe
  C:\Windows\System\ZibdHQi.exe
  2⤵
  PID:5896
- C:\Windows\System\pvbEttu.exe
  C:\Windows\System\pvbEttu.exe
  2⤵
  PID:5920
- C:\Windows\System\JSWCNyX.exe
  C:\Windows\System\JSWCNyX.exe
  2⤵
  PID:5936
- C:\Windows\System\bqfloFE.exe
  C:\Windows\System\bqfloFE.exe
  2⤵
  PID:5960
- C:\Windows\System\OlARwQn.exe
  C:\Windows\System\OlARwQn.exe
  2⤵
  PID:5980
- C:\Windows\System\ktMeLzt.exe
  C:\Windows\System\ktMeLzt.exe
  2⤵
  PID:6000
- C:\Windows\System\kBKLVOk.exe
  C:\Windows\System\kBKLVOk.exe
  2⤵
  PID:6020
- C:\Windows\System\WulXPBE.exe
  C:\Windows\System\WulXPBE.exe
  2⤵
  PID:6040
- C:\Windows\System\waXItsw.exe
  C:\Windows\System\waXItsw.exe
  2⤵
  PID:6056
- C:\Windows\System\FiifWBn.exe
  C:\Windows\System\FiifWBn.exe
  2⤵
  PID:6080
- C:\Windows\System\fhSpCsc.exe
  C:\Windows\System\fhSpCsc.exe
  2⤵
  PID:6100
- C:\Windows\System\PKLAvNp.exe
  C:\Windows\System\PKLAvNp.exe
  2⤵
  PID:6120
- C:\Windows\System\HtwHjnI.exe
  C:\Windows\System\HtwHjnI.exe
  2⤵
  PID:6140
- C:\Windows\System\MMSBSiD.exe
  C:\Windows\System\MMSBSiD.exe
  2⤵
  PID:4924
- C:\Windows\System\wbxwwCK.exe
  C:\Windows\System\wbxwwCK.exe
  2⤵
  PID:2964
- C:\Windows\System\qFiUVfo.exe
  C:\Windows\System\qFiUVfo.exe
  2⤵
  PID:4760
- C:\Windows\System\VJTOwOU.exe
  C:\Windows\System\VJTOwOU.exe
  2⤵
  PID:5128
- C:\Windows\System\eddQXbu.exe
  C:\Windows\System\eddQXbu.exe
  2⤵
  PID:5192
- C:\Windows\System\lRyyAaH.exe
  C:\Windows\System\lRyyAaH.exe
  2⤵
  PID:5204
- C:\Windows\System\fCOVpMp.exe
  C:\Windows\System\fCOVpMp.exe
  2⤵
  PID:5212
- C:\Windows\System\JXWeWjy.exe
  C:\Windows\System\JXWeWjy.exe
  2⤵
  PID:5268
- C:\Windows\System\slNcDNq.exe
  C:\Windows\System\slNcDNq.exe
  2⤵
  PID:5312
- C:\Windows\System\VAnjXTd.exe
  C:\Windows\System\VAnjXTd.exe
  2⤵
  PID:5356
- C:\Windows\System\CqehtKq.exe
  C:\Windows\System\CqehtKq.exe
  2⤵
  PID:5392
- C:\Windows\System\IqSorbS.exe
  C:\Windows\System\IqSorbS.exe
  2⤵
  PID:5432
- C:\Windows\System\uuWGomC.exe
  C:\Windows\System\uuWGomC.exe
  2⤵
  PID:5468
- C:\Windows\System\IQgnkDx.exe
  C:\Windows\System\IQgnkDx.exe
  2⤵
  PID:5448
- C:\Windows\System\uIIonuE.exe
  C:\Windows\System\uIIonuE.exe
  2⤵
  PID:5512
- C:\Windows\System\utKZnxj.exe
  C:\Windows\System\utKZnxj.exe
  2⤵
  PID:5552
- C:\Windows\System\XMTxhJp.exe
  C:\Windows\System\XMTxhJp.exe
  2⤵
  PID:5532
- C:\Windows\System\uhRxFrG.exe
  C:\Windows\System\uhRxFrG.exe
  2⤵
  PID:5596
- C:\Windows\System\uhIzeKa.exe
  C:\Windows\System\uhIzeKa.exe
  2⤵
  PID:5612
- C:\Windows\System\TJKhQwD.exe
  C:\Windows\System\TJKhQwD.exe
  2⤵
  PID:5704
- C:\Windows\System\hsOivRB.exe
  C:\Windows\System\hsOivRB.exe
  2⤵
  PID:5648
- C:\Windows\System\KGgtBza.exe
  C:\Windows\System\KGgtBza.exe
  2⤵
  PID:5752
- C:\Windows\System\sSwdFRg.exe
  C:\Windows\System\sSwdFRg.exe
  2⤵
  PID:5788
- C:\Windows\System\QVMycvU.exe
  C:\Windows\System\QVMycvU.exe
  2⤵
  PID:5728
- C:\Windows\System\XtuYKHT.exe
  C:\Windows\System\XtuYKHT.exe
  2⤵
  PID:5868
- C:\Windows\System\KvoAEKW.exe
  C:\Windows\System\KvoAEKW.exe
  2⤵
  PID:5804
- C:\Windows\System\GFALPQi.exe
  C:\Windows\System\GFALPQi.exe
  2⤵
  PID:5904
- C:\Windows\System\xCpZLeO.exe
  C:\Windows\System\xCpZLeO.exe
  2⤵
  PID:5852
- C:\Windows\System\kIiqGDZ.exe
  C:\Windows\System\kIiqGDZ.exe
  2⤵
  PID:5952
- C:\Windows\System\jxpiGjD.exe
  C:\Windows\System\jxpiGjD.exe
  2⤵
  PID:5988
- C:\Windows\System\YkoBhuF.exe
  C:\Windows\System\YkoBhuF.exe
  2⤵
  PID:5972
- C:\Windows\System\EcncjYj.exe
  C:\Windows\System\EcncjYj.exe
  2⤵
  PID:6064
- C:\Windows\System\oJFZncl.exe
  C:\Windows\System\oJFZncl.exe
  2⤵
  PID:6012
- C:\Windows\System\HhXiHga.exe
  C:\Windows\System\HhXiHga.exe
  2⤵
  PID:4684
- C:\Windows\System\difCClm.exe
  C:\Windows\System\difCClm.exe
  2⤵
  PID:6048
- C:\Windows\System\MTEDSXu.exe
  C:\Windows\System\MTEDSXu.exe
  2⤵
  PID:6132
- C:\Windows\System\oGOIzUB.exe
  C:\Windows\System\oGOIzUB.exe
  2⤵
  PID:468
- C:\Windows\System\vwbmxsT.exe
  C:\Windows\System\vwbmxsT.exe
  2⤵
  PID:2908
- C:\Windows\System\UbcgLYY.exe
  C:\Windows\System\UbcgLYY.exe
  2⤵
  PID:5152
- C:\Windows\System\OfYEpQA.exe
  C:\Windows\System\OfYEpQA.exe
  2⤵
  PID:5184
- C:\Windows\System\SMoyhwG.exe
  C:\Windows\System\SMoyhwG.exe
  2⤵
  PID:5264
- C:\Windows\System\DFxQbsV.exe
  C:\Windows\System\DFxQbsV.exe
  2⤵
  PID:536
- C:\Windows\System\hUjAEbv.exe
  C:\Windows\System\hUjAEbv.exe
  2⤵
  PID:2248
- C:\Windows\System\fbPyzif.exe
  C:\Windows\System\fbPyzif.exe
  2⤵
  PID:5308
- C:\Windows\System\VBGrlIS.exe
  C:\Windows\System\VBGrlIS.exe
  2⤵
  PID:1792
- C:\Windows\System\RpaQypZ.exe
  C:\Windows\System\RpaQypZ.exe
  2⤵
  PID:5384
- C:\Windows\System\ppuSPVE.exe
  C:\Windows\System\ppuSPVE.exe
  2⤵
  PID:3512
- C:\Windows\System\looMQuS.exe
  C:\Windows\System\looMQuS.exe
  2⤵
  PID:1460
- C:\Windows\System\FqiCRAN.exe
  C:\Windows\System\FqiCRAN.exe
  2⤵
  PID:5496
- C:\Windows\System\PdjvXwH.exe
  C:\Windows\System\PdjvXwH.exe
  2⤵
  PID:5588
- C:\Windows\System\TuoYNkF.exe
  C:\Windows\System\TuoYNkF.exe
  2⤵
  PID:5636
- C:\Windows\System\enlNNRw.exe
  C:\Windows\System\enlNNRw.exe
  2⤵
  PID:5608
- C:\Windows\System\pVkTslf.exe
  C:\Windows\System\pVkTslf.exe
  2⤵
  PID:5688
- C:\Windows\System\ungPzvs.exe
  C:\Windows\System\ungPzvs.exe
  2⤵
  PID:5672
- C:\Windows\System\jSnqVqm.exe
  C:\Windows\System\jSnqVqm.exe
  2⤵
  PID:5832
- C:\Windows\System\eXQHNhL.exe
  C:\Windows\System\eXQHNhL.exe
  2⤵
  PID:5864
- C:\Windows\System\GLIQdYd.exe
  C:\Windows\System\GLIQdYd.exe
  2⤵
  PID:5944
- C:\Windows\System\urzRJeB.exe
  C:\Windows\System\urzRJeB.exe
  2⤵
  PID:5844
- C:\Windows\System\UkCaNGm.exe
  C:\Windows\System\UkCaNGm.exe
  2⤵
  PID:5916
- C:\Windows\System\xzEtwNc.exe
  C:\Windows\System\xzEtwNc.exe
  2⤵
  PID:4564
- C:\Windows\System\maNPurG.exe
  C:\Windows\System\maNPurG.exe
  2⤵
  PID:6108
- C:\Windows\System\LTugrSx.exe
  C:\Windows\System\LTugrSx.exe
  2⤵
  PID:2860
- C:\Windows\System\diUVXRl.exe
  C:\Windows\System\diUVXRl.exe
  2⤵
  PID:2844
- C:\Windows\System\xUGsGER.exe
  C:\Windows\System\xUGsGER.exe
  2⤵
  PID:5140
- C:\Windows\System\zDzatXy.exe
  C:\Windows\System\zDzatXy.exe
  2⤵
  PID:5288
- C:\Windows\System\QxQGaVJ.exe
  C:\Windows\System\QxQGaVJ.exe
  2⤵
  PID:2888
- C:\Windows\System\YYTXLVg.exe
  C:\Windows\System\YYTXLVg.exe
  2⤵
  PID:5328
- C:\Windows\System\Vlnaqop.exe
  C:\Windows\System\Vlnaqop.exe
  2⤵
  PID:5316
- C:\Windows\System\YSzwNhe.exe
  C:\Windows\System\YSzwNhe.exe
  2⤵
  PID:1768
- C:\Windows\System\lBXoHoD.exe
  C:\Windows\System\lBXoHoD.exe
  2⤵
  PID:1996
- C:\Windows\System\XyNROEz.exe
  C:\Windows\System\XyNROEz.exe
  2⤵
  PID:5516
- C:\Windows\System\eOQXLvh.exe
  C:\Windows\System\eOQXLvh.exe
  2⤵
  PID:5568
- C:\Windows\System\hQIWRGg.exe
  C:\Windows\System\hQIWRGg.exe
  2⤵
  PID:5812
- C:\Windows\System\qpGHXEV.exe
  C:\Windows\System\qpGHXEV.exe
  2⤵
  PID:5592
- C:\Windows\System\IxGUznc.exe
  C:\Windows\System\IxGUznc.exe
  2⤵
  PID:1180
- C:\Windows\System\nctJFrA.exe
  C:\Windows\System\nctJFrA.exe
  2⤵
  PID:2444
- C:\Windows\System\ldvTnxT.exe
  C:\Windows\System\ldvTnxT.exe
  2⤵
  PID:2280
- C:\Windows\System\MVgnSOn.exe
  C:\Windows\System\MVgnSOn.exe
  2⤵
  PID:5572
- C:\Windows\System\hFBMwmd.exe
  C:\Windows\System\hFBMwmd.exe
  2⤵
  PID:6036
- C:\Windows\System\PjnkJHO.exe
  C:\Windows\System\PjnkJHO.exe
  2⤵
  PID:5976
- C:\Windows\System\skKtMZd.exe
  C:\Windows\System\skKtMZd.exe
  2⤵
  PID:6076
- C:\Windows\System\hTsZnlc.exe
  C:\Windows\System\hTsZnlc.exe
  2⤵
  PID:5228
- C:\Windows\System\AvMqpJm.exe
  C:\Windows\System\AvMqpJm.exe
  2⤵
  PID:6128
- C:\Windows\System\tMPvQUB.exe
  C:\Windows\System\tMPvQUB.exe
  2⤵
  PID:5148
- C:\Windows\System\ciZBabN.exe
  C:\Windows\System\ciZBabN.exe
  2⤵
  PID:3004
- C:\Windows\System\AJuUxLz.exe
  C:\Windows\System\AJuUxLz.exe
  2⤵
  PID:5408
- C:\Windows\System\VpldcGX.exe
  C:\Windows\System\VpldcGX.exe
  2⤵
  PID:5444
- C:\Windows\System\yScnEjR.exe
  C:\Windows\System\yScnEjR.exe
  2⤵
  PID:5784
- C:\Windows\System\qkiluay.exe
  C:\Windows\System\qkiluay.exe
  2⤵
  PID:5768
- C:\Windows\System\kmvnBeG.exe
  C:\Windows\System\kmvnBeG.exe
  2⤵
  PID:5668
- C:\Windows\System\MkJpjox.exe
  C:\Windows\System\MkJpjox.exe
  2⤵
  PID:2668
- C:\Windows\System\dHzSZQY.exe
  C:\Windows\System\dHzSZQY.exe
  2⤵
  PID:2112
- C:\Windows\System\zsuBuhl.exe
  C:\Windows\System\zsuBuhl.exe
  2⤵
  PID:2820
- C:\Windows\System\qbnNHhO.exe
  C:\Windows\System\qbnNHhO.exe
  2⤵
  PID:5956
- C:\Windows\System\mIYnFbJ.exe
  C:\Windows\System\mIYnFbJ.exe
  2⤵
  PID:5224
- C:\Windows\System\JAwaWuL.exe
  C:\Windows\System\JAwaWuL.exe
  2⤵
  PID:1148
- C:\Windows\System\RDwGLyZ.exe
  C:\Windows\System\RDwGLyZ.exe
  2⤵
  PID:5472
- C:\Windows\System\gRLrMnK.exe
  C:\Windows\System\gRLrMnK.exe
  2⤵
  PID:1048
- C:\Windows\System\RoBMjgB.exe
  C:\Windows\System\RoBMjgB.exe
  2⤵
  PID:2708
- C:\Windows\System\ZAUhiAn.exe
  C:\Windows\System\ZAUhiAn.exe
  2⤵
  PID:2880
- C:\Windows\System\WwWJSPM.exe
  C:\Windows\System\WwWJSPM.exe
  2⤵
  PID:5332
- C:\Windows\System\gkLupxL.exe
  C:\Windows\System\gkLupxL.exe
  2⤵
  PID:5544
- C:\Windows\System\uDYTTky.exe
  C:\Windows\System\uDYTTky.exe
  2⤵
  PID:1904
- C:\Windows\System\NwbvFnx.exe
  C:\Windows\System\NwbvFnx.exe
  2⤵
  PID:5888
- C:\Windows\System\QxSGpTJ.exe
  C:\Windows\System\QxSGpTJ.exe
  2⤵
  PID:6148
- C:\Windows\System\IKygPnd.exe
  C:\Windows\System\IKygPnd.exe
  2⤵
  PID:6164
- C:\Windows\System\rZWWYzt.exe
  C:\Windows\System\rZWWYzt.exe
  2⤵
  PID:6180
- C:\Windows\System\FpvykPr.exe
  C:\Windows\System\FpvykPr.exe
  2⤵
  PID:6196
- C:\Windows\System\ZrjXuGk.exe
  C:\Windows\System\ZrjXuGk.exe
  2⤵
  PID:6228
- C:\Windows\System\gRIEYZt.exe
  C:\Windows\System\gRIEYZt.exe
  2⤵
  PID:6248
- C:\Windows\System\QPOfxTI.exe
  C:\Windows\System\QPOfxTI.exe
  2⤵
  PID:6264
- C:\Windows\System\KLvsDhQ.exe
  C:\Windows\System\KLvsDhQ.exe
  2⤵
  PID:6280
- C:\Windows\System\dJetIxf.exe
  C:\Windows\System\dJetIxf.exe
  2⤵
  PID:6296
- C:\Windows\System\ISWighK.exe
  C:\Windows\System\ISWighK.exe
  2⤵
  PID:6320
- C:\Windows\System\zTJrHIY.exe
  C:\Windows\System\zTJrHIY.exe
  2⤵
  PID:6336
- C:\Windows\System\gURVTAi.exe
  C:\Windows\System\gURVTAi.exe
  2⤵
  PID:6364
- C:\Windows\System\IQlrMEz.exe
  C:\Windows\System\IQlrMEz.exe
  2⤵
  PID:6388
- C:\Windows\System\RkNJByl.exe
  C:\Windows\System\RkNJByl.exe
  2⤵
  PID:6412
- C:\Windows\System\njkSnbX.exe
  C:\Windows\System\njkSnbX.exe
  2⤵
  PID:6428
- C:\Windows\System\nusjcdR.exe
  C:\Windows\System\nusjcdR.exe
  2⤵
  PID:6448
- C:\Windows\System\KkDebCV.exe
  C:\Windows\System\KkDebCV.exe
  2⤵
  PID:6464
- C:\Windows\System\QaAlHUR.exe
  C:\Windows\System\QaAlHUR.exe
  2⤵
  PID:6516
- C:\Windows\System\nEWajMN.exe
  C:\Windows\System\nEWajMN.exe
  2⤵
  PID:6532
- C:\Windows\System\UYkfWTE.exe
  C:\Windows\System\UYkfWTE.exe
  2⤵
  PID:6548
- C:\Windows\System\nYSFQkD.exe
  C:\Windows\System\nYSFQkD.exe
  2⤵
  PID:6576
- C:\Windows\System\gAurHda.exe
  C:\Windows\System\gAurHda.exe
  2⤵
  PID:6592
- C:\Windows\System\PfOEANB.exe
  C:\Windows\System\PfOEANB.exe
  2⤵
  PID:6608
- C:\Windows\System\GEZTOQw.exe
  C:\Windows\System\GEZTOQw.exe
  2⤵
  PID:6624
- C:\Windows\System\LtHacpI.exe
  C:\Windows\System\LtHacpI.exe
  2⤵
  PID:6652
- C:\Windows\System\XdJWhyq.exe
  C:\Windows\System\XdJWhyq.exe
  2⤵
  PID:6672
- C:\Windows\System\DStKoMY.exe
  C:\Windows\System\DStKoMY.exe
  2⤵
  PID:6688
- C:\Windows\System\nbSWIPP.exe
  C:\Windows\System\nbSWIPP.exe
  2⤵
  PID:6708
- C:\Windows\System\aMzONOY.exe
  C:\Windows\System\aMzONOY.exe
  2⤵
  PID:6724
- C:\Windows\System\HbHFsfg.exe
  C:\Windows\System\HbHFsfg.exe
  2⤵
  PID:6740
- C:\Windows\System\qUyEhnD.exe
  C:\Windows\System\qUyEhnD.exe
  2⤵
  PID:6768
- C:\Windows\System\qJodvhL.exe
  C:\Windows\System\qJodvhL.exe
  2⤵
  PID:6784
- C:\Windows\System\YzKlrUj.exe
  C:\Windows\System\YzKlrUj.exe
  2⤵
  PID:6800
- C:\Windows\System\XkyFwEI.exe
  C:\Windows\System\XkyFwEI.exe
  2⤵
  PID:6816
- C:\Windows\System\TYVwRBW.exe
  C:\Windows\System\TYVwRBW.exe
  2⤵
  PID:6856
- C:\Windows\System\AyCRGla.exe
  C:\Windows\System\AyCRGla.exe
  2⤵
  PID:6876
- C:\Windows\System\rVIqDjK.exe
  C:\Windows\System\rVIqDjK.exe
  2⤵
  PID:6900
- C:\Windows\System\VZvPImJ.exe
  C:\Windows\System\VZvPImJ.exe
  2⤵
  PID:6916
- C:\Windows\System\QIniXRJ.exe
  C:\Windows\System\QIniXRJ.exe
  2⤵
  PID:6948
- C:\Windows\System\TCsIMpA.exe
  C:\Windows\System\TCsIMpA.exe
  2⤵
  PID:6964
- C:\Windows\System\XaLsyyO.exe
  C:\Windows\System\XaLsyyO.exe
  2⤵
  PID:6980
- C:\Windows\System\UngvfJB.exe
  C:\Windows\System\UngvfJB.exe
  2⤵
  PID:7000
- C:\Windows\System\EcHKvtn.exe
  C:\Windows\System\EcHKvtn.exe
  2⤵
  PID:7016
- C:\Windows\System\sfWNLxo.exe
  C:\Windows\System\sfWNLxo.exe
  2⤵
  PID:7032
- C:\Windows\System\vVIrzIA.exe
  C:\Windows\System\vVIrzIA.exe
  2⤵
  PID:7052
- C:\Windows\System\jbakRtJ.exe
  C:\Windows\System\jbakRtJ.exe
  2⤵
  PID:7068
- C:\Windows\System\vROUhuV.exe
  C:\Windows\System\vROUhuV.exe
  2⤵
  PID:7084
- C:\Windows\System\kosSqrN.exe
  C:\Windows\System\kosSqrN.exe
  2⤵
  PID:7100
- C:\Windows\System\CCMBWqH.exe
  C:\Windows\System\CCMBWqH.exe
  2⤵
  PID:7116
- C:\Windows\System\aFHMcWG.exe
  C:\Windows\System\aFHMcWG.exe
  2⤵
  PID:7136
- C:\Windows\System\xKAnCUw.exe
  C:\Windows\System\xKAnCUw.exe
  2⤵
  PID:6172
- C:\Windows\System\OcYDnKy.exe
  C:\Windows\System\OcYDnKy.exe
  2⤵
  PID:6212
- C:\Windows\System\BEzrOSY.exe
  C:\Windows\System\BEzrOSY.exe
  2⤵
  PID:6256
- C:\Windows\System\aUrdHlW.exe
  C:\Windows\System\aUrdHlW.exe
  2⤵
  PID:6292
- C:\Windows\System\MmPvkhQ.exe
  C:\Windows\System\MmPvkhQ.exe
  2⤵
  PID:6372
- C:\Windows\System\HIlLvoi.exe
  C:\Windows\System\HIlLvoi.exe
  2⤵
  PID:1288
- C:\Windows\System\dFFTqYn.exe
  C:\Windows\System\dFFTqYn.exe
  2⤵
  PID:6316
- C:\Windows\System\FDAiKcc.exe
  C:\Windows\System\FDAiKcc.exe
  2⤵
  PID:4396
- C:\Windows\System\viJnhHb.exe
  C:\Windows\System\viJnhHb.exe
  2⤵
  PID:6312
- C:\Windows\System\jkuPRtB.exe
  C:\Windows\System\jkuPRtB.exe
  2⤵
  PID:6356
- C:\Windows\System\LusoyOC.exe
  C:\Windows\System\LusoyOC.exe
  2⤵
  PID:6404
- C:\Windows\System\jIaxtDE.exe
  C:\Windows\System\jIaxtDE.exe
  2⤵
  PID:6188
- C:\Windows\System\TvsMMyI.exe
  C:\Windows\System\TvsMMyI.exe
  2⤵
  PID:6504
- C:\Windows\System\rCndjys.exe
  C:\Windows\System\rCndjys.exe
  2⤵
  PID:6500
- C:\Windows\System\cFHDwAo.exe
  C:\Windows\System\cFHDwAo.exe
  2⤵
  PID:6540
- C:\Windows\System\VloHaEv.exe
  C:\Windows\System\VloHaEv.exe
  2⤵
  PID:6604
- C:\Windows\System\XJIYTcg.exe
  C:\Windows\System\XJIYTcg.exe
  2⤵
  PID:6648
- C:\Windows\System\lrmzNlz.exe
  C:\Windows\System\lrmzNlz.exe
  2⤵
  PID:6752
- C:\Windows\System\iZxVCUl.exe
  C:\Windows\System\iZxVCUl.exe
  2⤵
  PID:6620
- C:\Windows\System\MFgkBdZ.exe
  C:\Windows\System\MFgkBdZ.exe
  2⤵
  PID:6696
- C:\Windows\System\qfuOEIT.exe
  C:\Windows\System\qfuOEIT.exe
  2⤵
  PID:6828
- C:\Windows\System\urmmAYa.exe
  C:\Windows\System\urmmAYa.exe
  2⤵
  PID:6840
- C:\Windows\System\jnVdpnf.exe
  C:\Windows\System\jnVdpnf.exe
  2⤵
  PID:6776
- C:\Windows\System\htyQTdk.exe
  C:\Windows\System\htyQTdk.exe
  2⤵
  PID:6896
- C:\Windows\System\CwZHlFD.exe
  C:\Windows\System\CwZHlFD.exe
  2⤵
  PID:6812
- C:\Windows\System\UEYKtYt.exe
  C:\Windows\System\UEYKtYt.exe
  2⤵
  PID:6928
- C:\Windows\System\uMmaqKR.exe
  C:\Windows\System\uMmaqKR.exe
  2⤵
  PID:7012
- C:\Windows\System\JjJqHXT.exe
  C:\Windows\System\JjJqHXT.exe
  2⤵
  PID:6960
- C:\Windows\System\hOukHei.exe
  C:\Windows\System\hOukHei.exe
  2⤵
  PID:7144
- C:\Windows\System\vjVxhwS.exe
  C:\Windows\System\vjVxhwS.exe
  2⤵
  PID:7160
- C:\Windows\System\rkthxcZ.exe
  C:\Windows\System\rkthxcZ.exe
  2⤵
  PID:5892
- C:\Windows\System\RCGoblQ.exe
  C:\Windows\System\RCGoblQ.exe
  2⤵
  PID:6988
- C:\Windows\System\xoAaFQZ.exe
  C:\Windows\System\xoAaFQZ.exe
  2⤵
  PID:6328
- C:\Windows\System\AMyQMSw.exe
  C:\Windows\System\AMyQMSw.exe
  2⤵
  PID:6304
- C:\Windows\System\rfDqkhj.exe
  C:\Windows\System\rfDqkhj.exe
  2⤵
  PID:7092
- C:\Windows\System\HNLiLBB.exe
  C:\Windows\System\HNLiLBB.exe
  2⤵
  PID:6204
- C:\Windows\System\FCkMLfi.exe
  C:\Windows\System\FCkMLfi.exe
  2⤵
  PID:2784
- C:\Windows\System\jZJxoCj.exe
  C:\Windows\System\jZJxoCj.exe
  2⤵
  PID:6440
- C:\Windows\System\aiZnLsE.exe
  C:\Windows\System\aiZnLsE.exe
  2⤵
  PID:5652
- C:\Windows\System\eBNniDW.exe
  C:\Windows\System\eBNniDW.exe
  2⤵
  PID:6348
- C:\Windows\System\zwPIVUe.exe
  C:\Windows\System\zwPIVUe.exe
  2⤵
  PID:6240
- C:\Windows\System\eNvjFvp.exe
  C:\Windows\System\eNvjFvp.exe
  2⤵
  PID:6492
- C:\Windows\System\fHmqSaO.exe
  C:\Windows\System\fHmqSaO.exe
  2⤵
  PID:6572
- C:\Windows\System\XwdbWUJ.exe
  C:\Windows\System\XwdbWUJ.exe
  2⤵
  PID:6584
- C:\Windows\System\tLXohhh.exe
  C:\Windows\System\tLXohhh.exe
  2⤵
  PID:6764
- C:\Windows\System\COgabnc.exe
  C:\Windows\System\COgabnc.exe
  2⤵
  PID:6660
- C:\Windows\System\tRqIAPr.exe
  C:\Windows\System\tRqIAPr.exe
  2⤵
  PID:6836
- C:\Windows\System\PzyoIDl.exe
  C:\Windows\System\PzyoIDl.exe
  2⤵
  PID:6736
- C:\Windows\System\fxOIKBF.exe
  C:\Windows\System\fxOIKBF.exe
  2⤵
  PID:6976
- C:\Windows\System\XHqGCnt.exe
  C:\Windows\System\XHqGCnt.exe
  2⤵
  PID:7108
- C:\Windows\System\JWSrBNk.exe
  C:\Windows\System\JWSrBNk.exe
  2⤵
  PID:6940
- C:\Windows\System\sgJkJnn.exe
  C:\Windows\System\sgJkJnn.exe
  2⤵
  PID:5424
- C:\Windows\System\DwVHIfP.exe
  C:\Windows\System\DwVHIfP.exe
  2⤵
  PID:6908
- C:\Windows\System\DmygmtV.exe
  C:\Windows\System\DmygmtV.exe
  2⤵
  PID:6384
- C:\Windows\System\rsPIfRY.exe
  C:\Windows\System\rsPIfRY.exe
  2⤵
  PID:6912
- C:\Windows\System\DIYrhpY.exe
  C:\Windows\System\DIYrhpY.exe
  2⤵
  PID:6272
- C:\Windows\System\JkYWZrI.exe
  C:\Windows\System\JkYWZrI.exe
  2⤵
  PID:6436
- C:\Windows\System\xwUjTkD.exe
  C:\Windows\System\xwUjTkD.exe
  2⤵
  PID:2912
- C:\Windows\System\RGsPpoi.exe
  C:\Windows\System\RGsPpoi.exe
  2⤵
  PID:6644
- C:\Windows\System\VkZggYg.exe
  C:\Windows\System\VkZggYg.exe
  2⤵
  PID:6568
- C:\Windows\System\DOlZYZx.exe
  C:\Windows\System\DOlZYZx.exe
  2⤵
  PID:6824
- C:\Windows\System\aHdHRGw.exe
  C:\Windows\System\aHdHRGw.exe
  2⤵
  PID:7080
- C:\Windows\System\AclmBAs.exe
  C:\Windows\System\AclmBAs.exe
  2⤵
  PID:6220
- C:\Windows\System\PGPwwJs.exe
  C:\Windows\System\PGPwwJs.exe
  2⤵
  PID:384
- C:\Windows\System\vzatCqE.exe
  C:\Windows\System\vzatCqE.exe
  2⤵
  PID:6956
- C:\Windows\System\pXkVtmd.exe
  C:\Windows\System\pXkVtmd.exe
  2⤵
  PID:6396
- C:\Windows\System\oVIrhCh.exe
  C:\Windows\System\oVIrhCh.exe
  2⤵
  PID:7132
- C:\Windows\System\XruEXVv.exe
  C:\Windows\System\XruEXVv.exe
  2⤵
  PID:6472
- C:\Windows\System\KZAlLJt.exe
  C:\Windows\System\KZAlLJt.exe
  2⤵
  PID:6488
- C:\Windows\System\cCXJyMn.exe
  C:\Windows\System\cCXJyMn.exe
  2⤵
  PID:6792
- C:\Windows\System\iRkMsUI.exe
  C:\Windows\System\iRkMsUI.exe
  2⤵
  PID:6732
- C:\Windows\System\dypKSkV.exe
  C:\Windows\System\dypKSkV.exe
  2⤵
  PID:6884
- C:\Windows\System\nrYeCov.exe
  C:\Windows\System\nrYeCov.exe
  2⤵
  PID:6848
- C:\Windows\System\ArfRYUn.exe
  C:\Windows\System\ArfRYUn.exe
  2⤵
  PID:7156
- C:\Windows\System\VKWZAUX.exe
  C:\Windows\System\VKWZAUX.exe
  2⤵
  PID:6424
- C:\Windows\System\YLwBUaW.exe
  C:\Windows\System\YLwBUaW.exe
  2⤵
  PID:7164
- C:\Windows\System\MsCnDgg.exe
  C:\Windows\System\MsCnDgg.exe
  2⤵
  PID:6244
- C:\Windows\System\wVfInbO.exe
  C:\Windows\System\wVfInbO.exe
  2⤵
  PID:6636
- C:\Windows\System\RBDwEGI.exe
  C:\Windows\System\RBDwEGI.exe
  2⤵
  PID:6588
- C:\Windows\System\FJnYWJs.exe
  C:\Windows\System\FJnYWJs.exe
  2⤵
  PID:7076
- C:\Windows\System\kcgSamT.exe
  C:\Windows\System\kcgSamT.exe
  2⤵
  PID:6704
- C:\Windows\System\uDjXGsQ.exe
  C:\Windows\System\uDjXGsQ.exe
  2⤵
  PID:7184
- C:\Windows\System\mBAxmxU.exe
  C:\Windows\System\mBAxmxU.exe
  2⤵
  PID:7208
- C:\Windows\System\SvGZaLK.exe
  C:\Windows\System\SvGZaLK.exe
  2⤵
  PID:7228
- C:\Windows\System\FTyXhMt.exe
  C:\Windows\System\FTyXhMt.exe
  2⤵
  PID:7244
- C:\Windows\System\uXCmOLS.exe
  C:\Windows\System\uXCmOLS.exe
  2⤵
  PID:7268
- C:\Windows\System\mhuZjGP.exe
  C:\Windows\System\mhuZjGP.exe
  2⤵
  PID:7292
- C:\Windows\System\BoCHIYN.exe
  C:\Windows\System\BoCHIYN.exe
  2⤵
  PID:7308
- C:\Windows\System\SUvPLbu.exe
  C:\Windows\System\SUvPLbu.exe
  2⤵
  PID:7324
- C:\Windows\System\irVGqBh.exe
  C:\Windows\System\irVGqBh.exe
  2⤵
  PID:7340
- C:\Windows\System\Mlkixor.exe
  C:\Windows\System\Mlkixor.exe
  2⤵
  PID:7356
- C:\Windows\System\DqjQwwW.exe
  C:\Windows\System\DqjQwwW.exe
  2⤵
  PID:7372
- C:\Windows\System\kORcxZE.exe
  C:\Windows\System\kORcxZE.exe
  2⤵
  PID:7388
- C:\Windows\System\eheVXXa.exe
  C:\Windows\System\eheVXXa.exe
  2⤵
  PID:7412
- C:\Windows\System\irpoSZa.exe
  C:\Windows\System\irpoSZa.exe
  2⤵
  PID:7452
- C:\Windows\System\aEJAAZZ.exe
  C:\Windows\System\aEJAAZZ.exe
  2⤵
  PID:7468
- C:\Windows\System\grJauQi.exe
  C:\Windows\System\grJauQi.exe
  2⤵
  PID:7488
- C:\Windows\System\WYHOJqe.exe
  C:\Windows\System\WYHOJqe.exe
  2⤵
  PID:7504
- C:\Windows\System\rDUtBsG.exe
  C:\Windows\System\rDUtBsG.exe
  2⤵
  PID:7528
- C:\Windows\System\HoAuHWA.exe
  C:\Windows\System\HoAuHWA.exe
  2⤵
  PID:7548
- C:\Windows\System\iRDXYdr.exe
  C:\Windows\System\iRDXYdr.exe
  2⤵
  PID:7568
- C:\Windows\System\svRwsYD.exe
  C:\Windows\System\svRwsYD.exe
  2⤵
  PID:7588
- C:\Windows\System\NWuMVpk.exe
  C:\Windows\System\NWuMVpk.exe
  2⤵
  PID:7612
- C:\Windows\System\YPDTZTA.exe
  C:\Windows\System\YPDTZTA.exe
  2⤵
  PID:7628
- C:\Windows\System\SEHziRD.exe
  C:\Windows\System\SEHziRD.exe
  2⤵
  PID:7644
- C:\Windows\System\MujLyIr.exe
  C:\Windows\System\MujLyIr.exe
  2⤵
  PID:7660
- C:\Windows\System\Qfvswut.exe
  C:\Windows\System\Qfvswut.exe
  2⤵
  PID:7680
- C:\Windows\System\YleRnRP.exe
  C:\Windows\System\YleRnRP.exe
  2⤵
  PID:7696
- C:\Windows\System\zXxSHDL.exe
  C:\Windows\System\zXxSHDL.exe
  2⤵
  PID:7720
- C:\Windows\System\WcwQKoP.exe
  C:\Windows\System\WcwQKoP.exe
  2⤵
  PID:7740
- C:\Windows\System\LixyGEA.exe
  C:\Windows\System\LixyGEA.exe
  2⤵
  PID:7764
- C:\Windows\System\bgnewpx.exe
  C:\Windows\System\bgnewpx.exe
  2⤵
  PID:7780
- C:\Windows\System\qqKtDxV.exe
  C:\Windows\System\qqKtDxV.exe
  2⤵
  PID:7812
- C:\Windows\System\XXlfbLd.exe
  C:\Windows\System\XXlfbLd.exe
  2⤵
  PID:7828
- C:\Windows\System\rdZLdJc.exe
  C:\Windows\System\rdZLdJc.exe
  2⤵
  PID:7844
- C:\Windows\System\dGtAJSK.exe
  C:\Windows\System\dGtAJSK.exe
  2⤵
  PID:7860
- C:\Windows\System\VAodSts.exe
  C:\Windows\System\VAodSts.exe
  2⤵
  PID:7876
- C:\Windows\System\TTkZRNB.exe
  C:\Windows\System\TTkZRNB.exe
  2⤵
  PID:7904
- C:\Windows\System\KtNwIpC.exe
  C:\Windows\System\KtNwIpC.exe
  2⤵
  PID:7920
- C:\Windows\System\BeYCYYu.exe
  C:\Windows\System\BeYCYYu.exe
  2⤵
  PID:7948
- C:\Windows\System\cfgCfRS.exe
  C:\Windows\System\cfgCfRS.exe
  2⤵
  PID:7964
- C:\Windows\System\gVdGmzr.exe
  C:\Windows\System\gVdGmzr.exe
  2⤵
  PID:7980
- C:\Windows\System\fsoYFjH.exe
  C:\Windows\System\fsoYFjH.exe
  2⤵
  PID:7996
- C:\Windows\System\rgXgPbH.exe
  C:\Windows\System\rgXgPbH.exe
  2⤵
  PID:8032
- C:\Windows\System\QYToVXY.exe
  C:\Windows\System\QYToVXY.exe
  2⤵
  PID:8048
- C:\Windows\System\AjTaesB.exe
  C:\Windows\System\AjTaesB.exe
  2⤵
  PID:8068
- C:\Windows\System\oUhroXB.exe
  C:\Windows\System\oUhroXB.exe
  2⤵
  PID:8084
- C:\Windows\System\wUwNPLI.exe
  C:\Windows\System\wUwNPLI.exe
  2⤵
  PID:8100
- C:\Windows\System\TnOrwhp.exe
  C:\Windows\System\TnOrwhp.exe
  2⤵
  PID:8116
- C:\Windows\System\aOuLSbF.exe
  C:\Windows\System\aOuLSbF.exe
  2⤵
  PID:8132
- C:\Windows\System\VQmYVRO.exe
  C:\Windows\System\VQmYVRO.exe
  2⤵
  PID:8152
- C:\Windows\System\uaUoHHw.exe
  C:\Windows\System\uaUoHHw.exe
  2⤵
  PID:8168
- C:\Windows\System\PdhJZAY.exe
  C:\Windows\System\PdhJZAY.exe
  2⤵
  PID:6808
- C:\Windows\System\oAOGKPz.exe
  C:\Windows\System\oAOGKPz.exe
  2⤵
  PID:7192
- C:\Windows\System\otqZSdf.exe
  C:\Windows\System\otqZSdf.exe
  2⤵
  PID:7240
- C:\Windows\System\ZzLVwYJ.exe
  C:\Windows\System\ZzLVwYJ.exe
  2⤵
  PID:7264
- C:\Windows\System\cXBFWGz.exe
  C:\Windows\System\cXBFWGz.exe
  2⤵
  PID:7316
- C:\Windows\System\eFGYPAO.exe
  C:\Windows\System\eFGYPAO.exe
  2⤵
  PID:7384
- C:\Windows\System\RTRcTwy.exe
  C:\Windows\System\RTRcTwy.exe
  2⤵
  PID:7336
- C:\Windows\System\OZYpymA.exe
  C:\Windows\System\OZYpymA.exe
  2⤵
  PID:7304
- C:\Windows\System\UnsxIdb.exe
  C:\Windows\System\UnsxIdb.exe
  2⤵
  PID:7408
- C:\Windows\System\mmcaAwv.exe
  C:\Windows\System\mmcaAwv.exe
  2⤵
  PID:7440
- C:\Windows\System\kztYOtt.exe
  C:\Windows\System\kztYOtt.exe
  2⤵
  PID:7480
- C:\Windows\System\dCSDPEH.exe
  C:\Windows\System\dCSDPEH.exe
  2⤵
  PID:7464
- C:\Windows\System\TGrExOf.exe
  C:\Windows\System\TGrExOf.exe
  2⤵
  PID:7516
- C:\Windows\System\NGncWMG.exe
  C:\Windows\System\NGncWMG.exe
  2⤵
  PID:7656
- C:\Windows\System\BqzkFlx.exe
  C:\Windows\System\BqzkFlx.exe
  2⤵
  PID:7668
- C:\Windows\System\SBvGPWs.exe
  C:\Windows\System\SBvGPWs.exe
  2⤵
  PID:7712
- C:\Windows\System\bUILonZ.exe
  C:\Windows\System\bUILonZ.exe
  2⤵
  PID:7756
- C:\Windows\System\qRPQqwR.exe
  C:\Windows\System\qRPQqwR.exe
  2⤵
  PID:7692
- C:\Windows\System\XtGqkWb.exe
  C:\Windows\System\XtGqkWb.exe
  2⤵
  PID:7796
- C:\Windows\System\htToWrk.exe
  C:\Windows\System\htToWrk.exe
  2⤵
  PID:7840
- C:\Windows\System\DmRnBen.exe
  C:\Windows\System\DmRnBen.exe
  2⤵
  PID:7824
- C:\Windows\System\uFxPfPZ.exe
  C:\Windows\System\uFxPfPZ.exe
  2⤵
  PID:7776
- C:\Windows\System\OTjhaky.exe
  C:\Windows\System\OTjhaky.exe
  2⤵
  PID:7916
- C:\Windows\System\WYcqdep.exe
  C:\Windows\System\WYcqdep.exe
  2⤵
  PID:7940
- C:\Windows\System\aCsmsSc.exe
  C:\Windows\System\aCsmsSc.exe
  2⤵
  PID:8020
- C:\Windows\System\OjcbaIs.exe
  C:\Windows\System\OjcbaIs.exe
  2⤵
  PID:8024
- C:\Windows\System\CJMLDys.exe
  C:\Windows\System\CJMLDys.exe
  2⤵
  PID:8016
- C:\Windows\System\PWprndJ.exe
  C:\Windows\System\PWprndJ.exe
  2⤵
  PID:8060
- C:\Windows\System\IdNDeFX.exe
  C:\Windows\System\IdNDeFX.exe
  2⤵
  PID:8096
- C:\Windows\System\xmncykE.exe
  C:\Windows\System\xmncykE.exe
  2⤵
  PID:8184
- C:\Windows\System\SgeCEjU.exe
  C:\Windows\System\SgeCEjU.exe
  2⤵
  PID:7236
- C:\Windows\System\VzeWvIs.exe
  C:\Windows\System\VzeWvIs.exe
  2⤵
  PID:8164
- C:\Windows\System\PmmluSZ.exe
  C:\Windows\System\PmmluSZ.exe
  2⤵
  PID:7252
- C:\Windows\System\hiyiZNb.exe
  C:\Windows\System\hiyiZNb.exe
  2⤵
  PID:7256
- C:\Windows\System\bKhKfWB.exe
  C:\Windows\System\bKhKfWB.exe
  2⤵
  PID:7280
- C:\Windows\System\qOFJaDh.exe
  C:\Windows\System\qOFJaDh.exe
  2⤵
  PID:7396
- C:\Windows\System\uwSiSHC.exe
  C:\Windows\System\uwSiSHC.exe
  2⤵
  PID:7404
- C:\Windows\System\bGqQvnv.exe
  C:\Windows\System\bGqQvnv.exe
  2⤵
  PID:7584
- C:\Windows\System\ZdQNtIY.exe
  C:\Windows\System\ZdQNtIY.exe
  2⤵
  PID:7600
- C:\Windows\System\HQhvHIF.exe
  C:\Windows\System\HQhvHIF.exe
  2⤵
  PID:7748
- C:\Windows\System\RETvvrv.exe
  C:\Windows\System\RETvvrv.exe
  2⤵
  PID:7792
- C:\Windows\System\pbWJaZt.exe
  C:\Windows\System\pbWJaZt.exe
  2⤵
  PID:7732
- C:\Windows\System\POjZahp.exe
  C:\Windows\System\POjZahp.exe
  2⤵
  PID:7888
- C:\Windows\System\LdoCPic.exe
  C:\Windows\System\LdoCPic.exe
  2⤵
  PID:7928
- C:\Windows\System\udUtEfp.exe
  C:\Windows\System\udUtEfp.exe
  2⤵
  PID:7708
- C:\Windows\System\VmCcbYN.exe
  C:\Windows\System\VmCcbYN.exe
  2⤵
  PID:7652
- C:\Windows\System\IQQAuxz.exe
  C:\Windows\System\IQQAuxz.exe
  2⤵
  PID:8112
- C:\Windows\System\ngfNKJy.exe
  C:\Windows\System\ngfNKJy.exe
  2⤵
  PID:8180
- C:\Windows\System\Dyoalqw.exe
  C:\Windows\System\Dyoalqw.exe
  2⤵
  PID:8148
- C:\Windows\System\mqrEBUL.exe
  C:\Windows\System\mqrEBUL.exe
  2⤵
  PID:7288
- C:\Windows\System\lNWhZCJ.exe
  C:\Windows\System\lNWhZCJ.exe
  2⤵
  PID:7496
- C:\Windows\System\jVOatWr.exe
  C:\Windows\System\jVOatWr.exe
  2⤵
  PID:7332
- C:\Windows\System\wRKyYBp.exe
  C:\Windows\System\wRKyYBp.exe
  2⤵
  PID:7260
- C:\Windows\System\ggkhgAr.exe
  C:\Windows\System\ggkhgAr.exe
  2⤵
  PID:7512
- C:\Windows\System\VWyozVW.exe
  C:\Windows\System\VWyozVW.exe
  2⤵
  PID:7580
- C:\Windows\System\wUHEtQu.exe
  C:\Windows\System\wUHEtQu.exe
  2⤵
  PID:7884
- C:\Windows\System\wknRncG.exe
  C:\Windows\System\wknRncG.exe
  2⤵
  PID:8012
- C:\Windows\System\JRZgssA.exe
  C:\Windows\System\JRZgssA.exe
  2⤵
  PID:7544
- C:\Windows\System\ZEboGCY.exe
  C:\Windows\System\ZEboGCY.exe
  2⤵
  PID:7992
- C:\Windows\System\crSdqkY.exe
  C:\Windows\System\crSdqkY.exe
  2⤵
  PID:8140
- C:\Windows\System\sjtBDNi.exe
  C:\Windows\System\sjtBDNi.exe
  2⤵
  PID:7436
- C:\Windows\System\gQLBLpZ.exe
  C:\Windows\System\gQLBLpZ.exe
  2⤵
  PID:7216
- C:\Windows\System\aHlMTnc.exe
  C:\Windows\System\aHlMTnc.exe
  2⤵
  PID:7944
- C:\Windows\System\PsEgWWa.exe
  C:\Windows\System\PsEgWWa.exe
  2⤵
  PID:7912
- C:\Windows\System\YbvHACS.exe
  C:\Windows\System\YbvHACS.exe
  2⤵
  PID:8004
- C:\Windows\System\ZcBJYKq.exe
  C:\Windows\System\ZcBJYKq.exe
  2⤵
  PID:6352
- C:\Windows\System\pYjSAsi.exe
  C:\Windows\System\pYjSAsi.exe
  2⤵
  PID:7204
- C:\Windows\System\ZwBKXDD.exe
  C:\Windows\System\ZwBKXDD.exe
  2⤵
  PID:7276
- C:\Windows\System\XipMadM.exe
  C:\Windows\System\XipMadM.exe
  2⤵
  PID:8076
- C:\Windows\System\WjQXuxa.exe
  C:\Windows\System\WjQXuxa.exe
  2⤵
  PID:8092
- C:\Windows\System\SNUetss.exe
  C:\Windows\System\SNUetss.exe
  2⤵
  PID:7520
- C:\Windows\System\qfntRDT.exe
  C:\Windows\System\qfntRDT.exe
  2⤵
  PID:7540
- C:\Windows\System\UyOxnVQ.exe
  C:\Windows\System\UyOxnVQ.exe
  2⤵
  PID:8196
- C:\Windows\System\PUJibTG.exe
  C:\Windows\System\PUJibTG.exe
  2⤵
  PID:8212
- C:\Windows\System\BRGlZNK.exe
  C:\Windows\System\BRGlZNK.exe
  2⤵
  PID:8228
- C:\Windows\System\ssWoLrF.exe
  C:\Windows\System\ssWoLrF.exe
  2⤵
  PID:8244
- C:\Windows\System\UPtTEmv.exe
  C:\Windows\System\UPtTEmv.exe
  2⤵
  PID:8260
- C:\Windows\System\GFBJJOB.exe
  C:\Windows\System\GFBJJOB.exe
  2⤵
  PID:8276
- C:\Windows\System\IsushUa.exe
  C:\Windows\System\IsushUa.exe
  2⤵
  PID:8296
- C:\Windows\System\zyzuHuC.exe
  C:\Windows\System\zyzuHuC.exe
  2⤵
  PID:8316
- C:\Windows\System\BXSdFFM.exe
  C:\Windows\System\BXSdFFM.exe
  2⤵
  PID:8332
- C:\Windows\System\dwxwXUm.exe
  C:\Windows\System\dwxwXUm.exe
  2⤵
  PID:8352
- C:\Windows\System\tNwCJMI.exe
  C:\Windows\System\tNwCJMI.exe
  2⤵
  PID:8368
- C:\Windows\System\NiRcVUG.exe
  C:\Windows\System\NiRcVUG.exe
  2⤵
  PID:8384
- C:\Windows\System\KQQDKSg.exe
  C:\Windows\System\KQQDKSg.exe
  2⤵
  PID:8400
- C:\Windows\System\bTErriS.exe
  C:\Windows\System\bTErriS.exe
  2⤵
  PID:8416
- C:\Windows\System\TWLGRAd.exe
  C:\Windows\System\TWLGRAd.exe
  2⤵
  PID:8432
- C:\Windows\System\HVjMxut.exe
  C:\Windows\System\HVjMxut.exe
  2⤵
  PID:8492
- C:\Windows\System\wEoupnD.exe
  C:\Windows\System\wEoupnD.exe
  2⤵
  PID:8508
- C:\Windows\System\knnsYVJ.exe
  C:\Windows\System\knnsYVJ.exe
  2⤵
  PID:8548
- C:\Windows\System\cKZqLkr.exe
  C:\Windows\System\cKZqLkr.exe
  2⤵
  PID:8564
- C:\Windows\System\rlMPEbc.exe
  C:\Windows\System\rlMPEbc.exe
  2⤵
  PID:8584
- C:\Windows\System\aOrDPQg.exe
  C:\Windows\System\aOrDPQg.exe
  2⤵
  PID:8604
- C:\Windows\System\ufVGPDm.exe
  C:\Windows\System\ufVGPDm.exe
  2⤵
  PID:8620
- C:\Windows\System\lGxRpBM.exe
  C:\Windows\System\lGxRpBM.exe
  2⤵
  PID:8636
- C:\Windows\System\FMQmCgs.exe
  C:\Windows\System\FMQmCgs.exe
  2⤵
  PID:8652
- C:\Windows\System\EMzQWeT.exe
  C:\Windows\System\EMzQWeT.exe
  2⤵
  PID:8672
- C:\Windows\System\xyvywJV.exe
  C:\Windows\System\xyvywJV.exe
  2⤵
  PID:8692
- C:\Windows\System\qgbfxhq.exe
  C:\Windows\System\qgbfxhq.exe
  2⤵
  PID:8708
- C:\Windows\System\XmgpMJx.exe
  C:\Windows\System\XmgpMJx.exe
  2⤵
  PID:8728
- C:\Windows\System\jqICuLh.exe
  C:\Windows\System\jqICuLh.exe
  2⤵
  PID:8748
- C:\Windows\System\XVTcfyT.exe
  C:\Windows\System\XVTcfyT.exe
  2⤵
  PID:8768
- C:\Windows\System\FbZzXdl.exe
  C:\Windows\System\FbZzXdl.exe
  2⤵
  PID:8784
- C:\Windows\System\MbDNHoE.exe
  C:\Windows\System\MbDNHoE.exe
  2⤵
  PID:8800
- C:\Windows\System\rCaiYbC.exe
  C:\Windows\System\rCaiYbC.exe
  2⤵
  PID:8820
- C:\Windows\System\PHPMsQq.exe
  C:\Windows\System\PHPMsQq.exe
  2⤵
  PID:8836
- C:\Windows\System\hJjNLEW.exe
  C:\Windows\System\hJjNLEW.exe
  2⤵
  PID:8856
- C:\Windows\System\GYWEHHN.exe
  C:\Windows\System\GYWEHHN.exe
  2⤵
  PID:8872
- C:\Windows\System\fEJNkiy.exe
  C:\Windows\System\fEJNkiy.exe
  2⤵
  PID:8888
- C:\Windows\System\kQSwCaG.exe
  C:\Windows\System\kQSwCaG.exe
  2⤵
  PID:8904
- C:\Windows\System\BJQAdfJ.exe
  C:\Windows\System\BJQAdfJ.exe
  2⤵
  PID:8924
- C:\Windows\System\vEQSmWb.exe
  C:\Windows\System\vEQSmWb.exe
  2⤵
  PID:8992
- C:\Windows\System\UBIoWZy.exe
  C:\Windows\System\UBIoWZy.exe
  2⤵
  PID:9008
- C:\Windows\System\JNTRTlU.exe
  C:\Windows\System\JNTRTlU.exe
  2⤵
  PID:9032
- C:\Windows\System\LtuFKQl.exe
  C:\Windows\System\LtuFKQl.exe
  2⤵
  PID:9048
- C:\Windows\System\IZklDHC.exe
  C:\Windows\System\IZklDHC.exe
  2⤵
  PID:9064
- C:\Windows\System\OXziRqU.exe
  C:\Windows\System\OXziRqU.exe
  2⤵
  PID:9080
- C:\Windows\System\ObuDnuk.exe
  C:\Windows\System\ObuDnuk.exe
  2⤵
  PID:9100
- C:\Windows\System\GiDijyw.exe
  C:\Windows\System\GiDijyw.exe
  2⤵
  PID:9116
- C:\Windows\System\GCqgHub.exe
  C:\Windows\System\GCqgHub.exe
  2⤵
  PID:9132
- C:\Windows\System\zUDsDge.exe
  C:\Windows\System\zUDsDge.exe
  2⤵
  PID:9148
- C:\Windows\System\RTJnFFH.exe
  C:\Windows\System\RTJnFFH.exe
  2⤵
  PID:9164
- C:\Windows\System\QLsFpfa.exe
  C:\Windows\System\QLsFpfa.exe
  2⤵
  PID:9184
- C:\Windows\System\wXciwkZ.exe
  C:\Windows\System\wXciwkZ.exe
  2⤵
  PID:8236
- C:\Windows\System\PRvwNSY.exe
  C:\Windows\System\PRvwNSY.exe
  2⤵
  PID:8256
- C:\Windows\System\cVuvjEG.exe
  C:\Windows\System\cVuvjEG.exe
  2⤵
  PID:8284
- C:\Windows\System\DMQWegV.exe
  C:\Windows\System\DMQWegV.exe
  2⤵
  PID:8360
- C:\Windows\System\iCLwZah.exe
  C:\Windows\System\iCLwZah.exe
  2⤵
  PID:8344
- C:\Windows\System\MNlLcoz.exe
  C:\Windows\System\MNlLcoz.exe
  2⤵
  PID:8408
- C:\Windows\System\BxVywcU.exe
  C:\Windows\System\BxVywcU.exe
  2⤵
  PID:8440
- C:\Windows\System\mmWgNDF.exe
  C:\Windows\System\mmWgNDF.exe
  2⤵
  PID:8460
- C:\Windows\System\gmpKgdw.exe
  C:\Windows\System\gmpKgdw.exe
  2⤵
  PID:7128
- C:\Windows\System\zEEHiRB.exe
  C:\Windows\System\zEEHiRB.exe
  2⤵
  PID:8516
- C:\Windows\System\LAolsPG.exe
  C:\Windows\System\LAolsPG.exe
  2⤵
  PID:8536
- C:\Windows\System\ewcprHE.exe
  C:\Windows\System\ewcprHE.exe
  2⤵
  PID:8592
- C:\Windows\System\frUxziC.exe
  C:\Windows\System\frUxziC.exe
  2⤵
  PID:8660
- C:\Windows\System\bXCSbIA.exe
  C:\Windows\System\bXCSbIA.exe
  2⤵
  PID:8704
- C:\Windows\System\PqMAsyQ.exe
  C:\Windows\System\PqMAsyQ.exe
  2⤵
  PID:8808
- C:\Windows\System\nBhHjGY.exe
  C:\Windows\System\nBhHjGY.exe
  2⤵
  PID:8580
- C:\Windows\System\DoKDHJx.exe
  C:\Windows\System\DoKDHJx.exe
  2⤵
  PID:8648
- C:\Windows\System\DUxxyfh.exe
  C:\Windows\System\DUxxyfh.exe
  2⤵
  PID:8720
- C:\Windows\System\YLCWlEA.exe
  C:\Windows\System\YLCWlEA.exe
  2⤵
  PID:8764
- C:\Windows\System\vTjDvmt.exe
  C:\Windows\System\vTjDvmt.exe
  2⤵
  PID:8644
- C:\Windows\System\myiTKYd.exe
  C:\Windows\System\myiTKYd.exe
  2⤵
  PID:8936
- C:\Windows\System\iCIZnui.exe
  C:\Windows\System\iCIZnui.exe
  2⤵
  PID:8864
- C:\Windows\System\QFPzqQC.exe
  C:\Windows\System\QFPzqQC.exe
  2⤵
  PID:8948
- C:\Windows\System\SMtKhWi.exe
  C:\Windows\System\SMtKhWi.exe
  2⤵
  PID:8980
- C:\Windows\System\whTebtz.exe
  C:\Windows\System\whTebtz.exe
  2⤵
  PID:9000
- C:\Windows\System\HJnPafx.exe
  C:\Windows\System\HJnPafx.exe
  2⤵
  PID:9040
- C:\Windows\System\trlgXbf.exe
  C:\Windows\System\trlgXbf.exe
  2⤵
  PID:9072
- C:\Windows\System\kDzxJze.exe
  C:\Windows\System\kDzxJze.exe
  2⤵
  PID:9108
- C:\Windows\System\qlZOBqS.exe
  C:\Windows\System\qlZOBqS.exe
  2⤵
  PID:9156
- C:\Windows\System\ebQYfPs.exe
  C:\Windows\System\ebQYfPs.exe
  2⤵
  PID:9160
- C:\Windows\System\TcamrAd.exe
  C:\Windows\System\TcamrAd.exe
  2⤵
  PID:9212
- C:\Windows\System\ITuZLkC.exe
  C:\Windows\System\ITuZLkC.exe
  2⤵
  PID:8220
- C:\Windows\System\DKNauxx.exe
  C:\Windows\System\DKNauxx.exe
  2⤵
  PID:8324
- C:\Windows\System\CWMICUv.exe
  C:\Windows\System\CWMICUv.exe
  2⤵
  PID:8468
- C:\Windows\System\VIiUbmh.exe
  C:\Windows\System\VIiUbmh.exe
  2⤵
  PID:8428
- C:\Windows\System\YShCjmO.exe
  C:\Windows\System\YShCjmO.exe
  2⤵
  PID:8412
- C:\Windows\System\CpQegsJ.exe
  C:\Windows\System\CpQegsJ.exe
  2⤵
  PID:8500
- C:\Windows\System\YbrtTVP.exe
  C:\Windows\System\YbrtTVP.exe
  2⤵
  PID:8484
- C:\Windows\System\YYCwIdq.exe
  C:\Windows\System\YYCwIdq.exe
  2⤵
  PID:8528
- C:\Windows\System\mOYEyFs.exe
  C:\Windows\System\mOYEyFs.exe
  2⤵
  PID:8628
- C:\Windows\System\kfDIbun.exe
  C:\Windows\System\kfDIbun.exe
  2⤵
  PID:8796
- C:\Windows\System\ToAdyDY.exe
  C:\Windows\System\ToAdyDY.exe
  2⤵
  PID:8832
- C:\Windows\System\tLbFvPb.exe
  C:\Windows\System\tLbFvPb.exe
  2⤵
  PID:8900
- C:\Windows\System\pjwwzel.exe
  C:\Windows\System\pjwwzel.exe
  2⤵
  PID:8952
- C:\Windows\System\ehwPjVI.exe
  C:\Windows\System\ehwPjVI.exe
  2⤵
  PID:8968
- C:\Windows\System\RpFvHef.exe
  C:\Windows\System\RpFvHef.exe
  2⤵
  PID:8984
- C:\Windows\System\KlaxDaR.exe
  C:\Windows\System\KlaxDaR.exe
  2⤵
  PID:9044
- C:\Windows\System\wTyESzh.exe
  C:\Windows\System\wTyESzh.exe
  2⤵
  PID:9176
- C:\Windows\System\pQxpweN.exe
  C:\Windows\System\pQxpweN.exe
  2⤵
  PID:8208
- C:\Windows\System\Oihyoyv.exe
  C:\Windows\System\Oihyoyv.exe
  2⤵
  PID:8308
- C:\Windows\System\dpoKFhb.exe
  C:\Windows\System\dpoKFhb.exe
  2⤵
  PID:8240
- C:\Windows\System\eqJpmJN.exe
  C:\Windows\System\eqJpmJN.exe
  2⤵
  PID:8688
- C:\Windows\System\tAkzVYw.exe
  C:\Windows\System\tAkzVYw.exe
  2⤵
  PID:8480
- C:\Windows\System\pqVBlMv.exe
  C:\Windows\System\pqVBlMv.exe
  2⤵
  PID:8556
- C:\Windows\System\kKnhbzX.exe
  C:\Windows\System\kKnhbzX.exe
  2⤵
  PID:8812
- C:\Windows\System\yLVxujd.exe
  C:\Windows\System\yLVxujd.exe
  2⤵
  PID:8744
- C:\Windows\System\pCGyfrA.exe
  C:\Windows\System\pCGyfrA.exe
  2⤵
  PID:8760
- C:\Windows\System\KvXiqvY.exe
  C:\Windows\System\KvXiqvY.exe
  2⤵
  PID:8956
- C:\Windows\System\lJXioNe.exe
  C:\Windows\System\lJXioNe.exe
  2⤵
  PID:9056
- C:\Windows\System\LLSLAec.exe
  C:\Windows\System\LLSLAec.exe
  2⤵
  PID:9128
- C:\Windows\System\xMHQdSn.exe
  C:\Windows\System\xMHQdSn.exe
  2⤵
  PID:7988
- C:\Windows\System\rOoCQUF.exe
  C:\Windows\System\rOoCQUF.exe
  2⤵
  PID:8392
- C:\Windows\System\KTYdOsA.exe
  C:\Windows\System\KTYdOsA.exe
  2⤵
  PID:8540
- C:\Windows\System\QVDqiJm.exe
  C:\Windows\System\QVDqiJm.exe
  2⤵
  PID:8524
- C:\Windows\System\IIDuvTO.exe
  C:\Windows\System\IIDuvTO.exe
  2⤵
  PID:8544
- C:\Windows\System\wjfizob.exe
  C:\Windows\System\wjfizob.exe
  2⤵
  PID:8960
- C:\Windows\System\ZhglHFY.exe
  C:\Windows\System\ZhglHFY.exe
  2⤵
  PID:8988
- C:\Windows\System\EiIDnZB.exe
  C:\Windows\System\EiIDnZB.exe
  2⤵
  PID:9204
- C:\Windows\System\CaAErXM.exe
  C:\Windows\System\CaAErXM.exe
  2⤵
  PID:8340
- C:\Windows\System\UEISTtX.exe
  C:\Windows\System\UEISTtX.exe
  2⤵
  PID:8776
- C:\Windows\System\cXVFFJk.exe
  C:\Windows\System\cXVFFJk.exe
  2⤵
  PID:8884
- C:\Windows\System\GfMJOvu.exe
  C:\Windows\System\GfMJOvu.exe
  2⤵
  PID:9208
- C:\Windows\System\XyczeCg.exe
  C:\Windows\System\XyczeCg.exe
  2⤵
  PID:8880
- C:\Windows\System\BqKLWWj.exe
  C:\Windows\System\BqKLWWj.exe
  2⤵
  PID:9220
- C:\Windows\System\qzgIOKv.exe
  C:\Windows\System\qzgIOKv.exe
  2⤵
  PID:9240
- C:\Windows\System\iUNrAdb.exe
  C:\Windows\System\iUNrAdb.exe
  2⤵
  PID:9272
- C:\Windows\System\ySgaVJC.exe
  C:\Windows\System\ySgaVJC.exe
  2⤵
  PID:9288
- C:\Windows\System\LJxWlLe.exe
  C:\Windows\System\LJxWlLe.exe
  2⤵
  PID:9304
- C:\Windows\System\bKGUesl.exe
  C:\Windows\System\bKGUesl.exe
  2⤵
  PID:9324
- C:\Windows\System\vNYMFIX.exe
  C:\Windows\System\vNYMFIX.exe
  2⤵
  PID:9348
- C:\Windows\System\usnpGqg.exe
  C:\Windows\System\usnpGqg.exe
  2⤵
  PID:9368
- C:\Windows\System\HrAYbOK.exe
  C:\Windows\System\HrAYbOK.exe
  2⤵
  PID:9396
- C:\Windows\System\YYmzcQb.exe
  C:\Windows\System\YYmzcQb.exe
  2⤵
  PID:9412
- C:\Windows\System\GvovKze.exe
  C:\Windows\System\GvovKze.exe
  2⤵
  PID:9428
- C:\Windows\System\GFTcuaY.exe
  C:\Windows\System\GFTcuaY.exe
  2⤵
  PID:9444
- C:\Windows\System\DXLPuXe.exe
  C:\Windows\System\DXLPuXe.exe
  2⤵
  PID:9460
- C:\Windows\System\yCZsfKF.exe
  C:\Windows\System\yCZsfKF.exe
  2⤵
  PID:9480
- C:\Windows\System\kelTBWp.exe
  C:\Windows\System\kelTBWp.exe
  2⤵
  PID:9508
- C:\Windows\System\TRaCNBe.exe
  C:\Windows\System\TRaCNBe.exe
  2⤵
  PID:9524
- C:\Windows\System\uFMgvKP.exe
  C:\Windows\System\uFMgvKP.exe
  2⤵
  PID:9548
- C:\Windows\System\GuNlLcl.exe
  C:\Windows\System\GuNlLcl.exe
  2⤵
  PID:9568
- C:\Windows\System\VQoGbJe.exe
  C:\Windows\System\VQoGbJe.exe
  2⤵
  PID:9584
- C:\Windows\System\TsqlgMb.exe
  C:\Windows\System\TsqlgMb.exe
  2⤵
  PID:9600
- C:\Windows\System\zDZloOh.exe
  C:\Windows\System\zDZloOh.exe
  2⤵
  PID:9616
- C:\Windows\System\lXavfnX.exe
  C:\Windows\System\lXavfnX.exe
  2⤵
  PID:9636
- C:\Windows\System\JWAwrYO.exe
  C:\Windows\System\JWAwrYO.exe
  2⤵
  PID:9656
- C:\Windows\System\TYuTWGB.exe
  C:\Windows\System\TYuTWGB.exe
  2⤵
  PID:9676
- C:\Windows\System\kNEcqtm.exe
  C:\Windows\System\kNEcqtm.exe
  2⤵
  PID:9700
- C:\Windows\System\hcpWvvh.exe
  C:\Windows\System\hcpWvvh.exe
  2⤵
  PID:9724
- C:\Windows\System\ritRXWb.exe
  C:\Windows\System\ritRXWb.exe
  2⤵
  PID:9740
- C:\Windows\System\BlTGryu.exe
  C:\Windows\System\BlTGryu.exe
  2⤵
  PID:9772
- C:\Windows\System\EbVZTTy.exe
  C:\Windows\System\EbVZTTy.exe
  2⤵
  PID:9788
- C:\Windows\System\sWAYiDx.exe
  C:\Windows\System\sWAYiDx.exe
  2⤵
  PID:9804
- C:\Windows\System\pyziPKb.exe
  C:\Windows\System\pyziPKb.exe
  2⤵
  PID:9820
- C:\Windows\System\JBHcBHI.exe
  C:\Windows\System\JBHcBHI.exe
  2⤵
  PID:9856
- C:\Windows\System\TFOkhtV.exe
  C:\Windows\System\TFOkhtV.exe
  2⤵
  PID:9872
- C:\Windows\System\RoKSjpg.exe
  C:\Windows\System\RoKSjpg.exe
  2⤵
  PID:9888
- C:\Windows\System\QkDvkWf.exe
  C:\Windows\System\QkDvkWf.exe
  2⤵
  PID:9912
- C:\Windows\System\OioJTrV.exe
  C:\Windows\System\OioJTrV.exe
  2⤵
  PID:9928
- C:\Windows\System\WCqSYzf.exe
  C:\Windows\System\WCqSYzf.exe
  2⤵
  PID:9956
- C:\Windows\System\gvNkUQj.exe
  C:\Windows\System\gvNkUQj.exe
  2⤵
  PID:9972
- C:\Windows\System\oAjvmIc.exe
  C:\Windows\System\oAjvmIc.exe
  2⤵
  PID:9988
- C:\Windows\System\vNhDMtL.exe
  C:\Windows\System\vNhDMtL.exe
  2⤵
  PID:10004
- C:\Windows\System\bvvzPrK.exe
  C:\Windows\System\bvvzPrK.exe
  2⤵
  PID:10040
- C:\Windows\System\gyNvURh.exe
  C:\Windows\System\gyNvURh.exe
  2⤵
  PID:10056
- C:\Windows\System\ONGBcmI.exe
  C:\Windows\System\ONGBcmI.exe
  2⤵
  PID:10076
- C:\Windows\System\IaPoUrl.exe
  C:\Windows\System\IaPoUrl.exe
  2⤵
  PID:10096
- C:\Windows\System\arzUeCS.exe
  C:\Windows\System\arzUeCS.exe
  2⤵
  PID:10120
- C:\Windows\System\GoIjNvh.exe
  C:\Windows\System\GoIjNvh.exe
  2⤵
  PID:10136
- C:\Windows\System\LAqeqLR.exe
  C:\Windows\System\LAqeqLR.exe
  2⤵
  PID:10152
- C:\Windows\System\SZCxZqN.exe
  C:\Windows\System\SZCxZqN.exe
  2⤵
  PID:10176
- C:\Windows\System\PDZDiCw.exe
  C:\Windows\System\PDZDiCw.exe
  2⤵
  PID:10196
- C:\Windows\System\HWWhmRc.exe
  C:\Windows\System\HWWhmRc.exe
  2⤵
  PID:10212
- C:\Windows\System\zlNBiyf.exe
  C:\Windows\System\zlNBiyf.exe
  2⤵
  PID:10232
- C:\Windows\System\ilrIrWJ.exe
  C:\Windows\System\ilrIrWJ.exe
  2⤵
  PID:9248
- C:\Windows\System\KkZZfnL.exe
  C:\Windows\System\KkZZfnL.exe
  2⤵
  PID:988
- C:\Windows\System\tcYEuGT.exe
  C:\Windows\System\tcYEuGT.exe
  2⤵
  PID:9232
- C:\Windows\System\qyNXUEe.exe
  C:\Windows\System\qyNXUEe.exe
  2⤵
  PID:9256
- C:\Windows\System\gqLwDSB.exe
  C:\Windows\System\gqLwDSB.exe
  2⤵
  PID:9300
- C:\Windows\System\aoGRosm.exe
  C:\Windows\System\aoGRosm.exe
  2⤵
  PID:9332
- C:\Windows\System\EwRPHyu.exe
  C:\Windows\System\EwRPHyu.exe
  2⤵
  PID:9376
- C:\Windows\System\YdMNmJo.exe
  C:\Windows\System\YdMNmJo.exe
  2⤵
  PID:9420
- C:\Windows\System\TxgkmRE.exe
  C:\Windows\System\TxgkmRE.exe
  2⤵
  PID:9488
- C:\Windows\System\QlIenkl.exe
  C:\Windows\System\QlIenkl.exe
  2⤵
  PID:9532
- C:\Windows\System\ryWGIYu.exe
  C:\Windows\System\ryWGIYu.exe
  2⤵
  PID:9540
- C:\Windows\System\nLdbnhj.exe
  C:\Windows\System\nLdbnhj.exe
  2⤵
  PID:9440
- C:\Windows\System\iDxSrGu.exe
  C:\Windows\System\iDxSrGu.exe
  2⤵
  PID:9608
- C:\Windows\System\xaOaBQO.exe
  C:\Windows\System\xaOaBQO.exe
  2⤵
  PID:9596
- C:\Windows\System\mmVrfac.exe
  C:\Windows\System\mmVrfac.exe
  2⤵
  PID:9628
- C:\Windows\System\pGKPibN.exe
  C:\Windows\System\pGKPibN.exe
  2⤵
  PID:9736
- C:\Windows\System\vhHemqr.exe
  C:\Windows\System\vhHemqr.exe
  2⤵
  PID:9712
- C:\Windows\System\ecWUAIE.exe
  C:\Windows\System\ecWUAIE.exe
  2⤵
  PID:9752
- C:\Windows\System\LfmqOlU.exe
  C:\Windows\System\LfmqOlU.exe
  2⤵
  PID:9768
- C:\Windows\System\IcIhqwS.exe
  C:\Windows\System\IcIhqwS.exe
  2⤵
  PID:9816
- C:\Windows\System\QyhgeTm.exe
  C:\Windows\System\QyhgeTm.exe
  2⤵
  PID:9864
- C:\Windows\System\weWWdqR.exe
  C:\Windows\System\weWWdqR.exe
  2⤵
  PID:9852
- C:\Windows\System\NsZdacY.exe
  C:\Windows\System\NsZdacY.exe
  2⤵
  PID:9904
- C:\Windows\System\IMBuzwX.exe
  C:\Windows\System\IMBuzwX.exe
  2⤵
  PID:9924
- C:\Windows\System\MXDhxtg.exe
  C:\Windows\System\MXDhxtg.exe
  2⤵
  PID:9948
- C:\Windows\System\zFjvUGM.exe
  C:\Windows\System\zFjvUGM.exe
  2⤵
  PID:10016
- C:\Windows\System\MkkSFcm.exe
  C:\Windows\System\MkkSFcm.exe
  2⤵
  PID:9968
- C:\Windows\System\PnvLgzY.exe
  C:\Windows\System\PnvLgzY.exe
  2⤵
  PID:10036
- C:\Windows\System\eeFoGcs.exe
  C:\Windows\System\eeFoGcs.exe
  2⤵
  PID:10068
- C:\Windows\System\ixAAPpy.exe
  C:\Windows\System\ixAAPpy.exe
  2⤵
  PID:10092
- C:\Windows\System\UVPemLw.exe
  C:\Windows\System\UVPemLw.exe
  2⤵
  PID:10132
- C:\Windows\System\FTduuCg.exe
  C:\Windows\System\FTduuCg.exe
  2⤵
  PID:10164
- C:\Windows\System\JfqDIzt.exe
  C:\Windows\System\JfqDIzt.exe
  2⤵
  PID:10204
- C:\Windows\System\gRjHpNo.exe
  C:\Windows\System\gRjHpNo.exe
  2⤵
  PID:9316
- C:\Windows\System\nKnxKdY.exe
  C:\Windows\System\nKnxKdY.exe
  2⤵
  PID:9228
- C:\Windows\System\cNywKmu.exe
  C:\Windows\System\cNywKmu.exe
  2⤵
  PID:9360
- C:\Windows\System\GXgiDmD.exe
  C:\Windows\System\GXgiDmD.exe
  2⤵
  PID:9356
- C:\Windows\System\LIuhRHZ.exe
  C:\Windows\System\LIuhRHZ.exe
  2⤵
  PID:9580
- C:\Windows\System\PmLUqda.exe
  C:\Windows\System\PmLUqda.exe
  2⤵
  PID:9456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BFzOMVW.exe

Filesize
6.0MB

MD5
5bc1dd146deb0a92494c6533abe75530

SHA1
c40d4d9f611c20784fe2ee2a2f25dfcc59df90c7

SHA256
f13a9daa01882026633621616d83bf5c0551041c5141beef915f3b753d96da09

SHA512
1344c1ac3411d496bb3ad5f79e145d873dbed1ae5089a0692a955771c971c9b76634af3caa2b2163916a26776ce048bdab0848bad59f270a875c5575f926be2a

Download Submit
C:\Windows\system\FJuUQNo.exe

Filesize
8B

MD5
4369f1b453fdb5ec0b79b8896b91f82f

SHA1
76042ec1d5bb93b4d718ee6259154bdb3c03ba02

SHA256
ac4d7888b94a8b98cd003e196568dcba2133626a8ca7edc0bc96c0116bba8176

SHA512
ace500ad1548ffb720817d7f056beb125964b81b61aa76be3d352856142c919956b61b5ffe8f02d2768921a8c6f3522a88085bc68cb16b0b47e538ca6d4991dc

Download Submit
C:\Windows\system\GytMJpS.exe

Filesize
6.0MB

MD5
cb3ad80362007bffc462eb8bad2236e9

SHA1
ddf69590f8cc5322acdb0ae217a50260e66a7413

SHA256
3e70bc480e3ad7a62d343e7777ed4f59db3d5fdb8264166ff392c00aecceb988

SHA512
73b62dbeec38eac4dc32cd9092b3642a503287bcb2132366463873daeb20663b418b126512eb33ee26c5ec15135d8b2d7a93838964df5582ecb82f0d595d4db7

Download Submit
C:\Windows\system\HFtQCgE.exe

Filesize
6.0MB

MD5
44f25171e1cd5c3f3da0d518b9f281b5

SHA1
9b6a395070aae6ea12a22246822fe524248a1dc6

SHA256
4d1caa5ca8a129b76f96dc4fdcd51995096db2dfe8c08763e274cb892f3afede

SHA512
573799d500da70ec09c9a70436f7fd859efe343408a12e6926f218eaf751045d9ac510fdfed88a4a93f260e3bd1f4e3f95d7fe8edb30bcc82eee398fcc82b0bd

Download Submit
C:\Windows\system\IdxAAes.exe

Filesize
6.0MB

MD5
6dd4091baac91646576cb763587d6cf1

SHA1
9180106f08ebe153f4f6450d39bc0f88323a8041

SHA256
37efd0026edcb5f47976ec495ffbba67cf094c2565a3ee498dc6179f9c55ee5e

SHA512
17d7f272de735465c9c5f6c9665354d3f4aeaa29413fd099a71d05c80c92cbec7613d212e2dc28169756aaf334970374aa3623e7357a203f4428c9c2e9ecbeec

Download Submit
C:\Windows\system\KuMJSwL.exe

Filesize
6.0MB

MD5
c392bbfec95980a5bbbb5faf609bf751

SHA1
c2be6d066a0227456cd951a6299e91a44ec3f50b

SHA256
0e6b89434d7b67c9073725d5794002c7b6a972d36e152d4a0efe8dc9a108ffc9

SHA512
54bb6279a5707ef89e3f2cc8df9ec7f0d27f22f4fbf098ce2843bdca9e23779565f3063f4e0de5ec1a7b9bbc2e61d97fc6b0a025057f5502fe4137dcef916d98

Download Submit
C:\Windows\system\LmtAyFo.exe

Filesize
6.0MB

MD5
d8a0177ae588e7046d6ef7c6e2c9e92d

SHA1
112a96108788b47dd98827328348994b927040ff

SHA256
b3eac56908390517a486365c92d13c32c75f8b632dcdb658bbe3051abc9f6f51

SHA512
6b3c668cb6d577153303df41bc869de0abe3478baf176a359653240abb52c6d58e90e00db7911ead5c305d63743ff63bda06e883814e4943ae3785e1b7c58d22

Download Submit
C:\Windows\system\OKPUFHH.exe

Filesize
6.0MB

MD5
3c5a0b85c97009605f043553a8b3b089

SHA1
035ed39c180484c027b825468792e9dec0d7ac4c

SHA256
5efd1c01ef19274b24558f032b7db4f9faa6b71e16813744cb784d3d3247aadd

SHA512
4c20e21f0381b46cc311ec60c7b80ceb19be65ed8f1f3fba1e7e90df16d52557bf53c2df99711f4c93f182fbd2683c074aeb7836af6dc5c1ef67641fedd88b59

Download Submit
C:\Windows\system\OjhhkkD.exe

Filesize
6.0MB

MD5
9a7ea181f722d3ce43510ec818e0f675

SHA1
54190380ab32498281274c0bf7d25ee0c407e50c

SHA256
a0ce45bbe3bbc642b3711d6df9244032a1402f1147afff55fb11589aa87129e3

SHA512
4fe67e0eb17a74f991325d87b107a4bc54c44d2dbd0d05bcd85da1da2329b427bf6b79740a5200ee69d1c9428fd38012b9c803cd28c73fb9f752c37276973151

Download Submit
C:\Windows\system\WnYVDAp.exe

Filesize
6.0MB

MD5
4505629870340d06fefeb905321cc6b3

SHA1
827f7da73fabc91dcf5cb65368209c545ff8df42

SHA256
3b2a15a4e8fe72e8df0bd2c1de945342b25ee61ecf20ed63644e1c63650979b5

SHA512
f3853741b6a9a3ab222a930e7cd8b3f26d777566da4a064eed4d29a1f5940f8522d624497db60f4f54f6e0a5e28fff76867aa0d27d95c6ca0b3fcf3303645e5d

Download Submit
C:\Windows\system\YaPEWhI.exe

Filesize
6.0MB

MD5
071fe23766549b3e5bc991c16bbd8f1e

SHA1
d5bf6b4a6cd8920b45dfa61e3c5420ea586cad41

SHA256
e10f92fbc8199d6c82c861b25698d181c6d65859535a6e6ed660d5eb59fe6048

SHA512
1c61c2216346cb4a502da02cdf39a95e5c782b6691193091ce6f96cfdf6daed3ed6d40a7041d537a9e6978c27b3fb38849a2e51d4c6790c8f3fa8bea872fb88f

Download Submit
C:\Windows\system\YsWqZmJ.exe

Filesize
6.0MB

MD5
2eb1ede18b833227346df07c01b44bb2

SHA1
24dc94dce6ef89c9bc293db63213d990e5af0af0

SHA256
c89f67f88329bb5de148daaf272390384339f6e7b5271596183a1f466cce5068

SHA512
d17189a086cf895732198fe7a0a061769fa044da46411ec251b5e7398fa7573078ad73de6d75cfa9402d2724b5e13074d22e1f1742d034026f6955da5c67e093

Download Submit
C:\Windows\system\ZvoqRVy.exe

Filesize
6.0MB

MD5
acc8d29feb9549b3505963e5b263cad6

SHA1
ae91079e9456eb7469f5f0f80de93a30150484dd

SHA256
69278c1a486891b314925034496feccb89cc74f910bc67f3be5e5952b2102e9d

SHA512
e74e32bb3a2e2492ca3884db1664e51a66b2081d178743ea600ec7ff21cf9ecbb544733fac18465bb3dfcad9ff181568b3780c7f1c0fd353efa8d2bb3fa3db17

Download Submit
C:\Windows\system\bfQuFli.exe

Filesize
6.0MB

MD5
738f84ae12520b2f5bc6b892c27c5ee8

SHA1
34930dd6f70d4edfc513cf7614277514669adb12

SHA256
35edc9ea07f3d440da4098c0efd46ccdbc63f74a01f5e3ab208a701924c1ffe4

SHA512
3d8d1ceb84c9e5fa8fa310a1beacf6d72df7724e3d066a7e5c242161cafb90d34ac5052c034958c6cd8a88883b46d0560ccf940d9ddbd7668813737cbdd50428

Download Submit
C:\Windows\system\fGMBOHD.exe

Filesize
6.0MB

MD5
cc387c360d22c1272db134879cc4ced9

SHA1
94798a0e347525c8f5ec72af5f476e0a1d9d05c5

SHA256
b270ad4385ea3692bf6067f9ab652010035d669140664656f2154965466592f4

SHA512
dcc0cf187c45ecdf5c125f68aa8f5d41a081c5b0cd9884c84c391abb4778fca2c1cb79179711ecf04a1ef8121f2d291cf6c16b22a4a46f96df6609ebed5e0e9b

Download Submit
C:\Windows\system\ghWGNQS.exe

Filesize
6.0MB

MD5
84561c2e7eb521a8c64b5145c566d53c

SHA1
1307b3a028e8099dd75867ae2b502343843dc59b

SHA256
f46007748fe2c6bfbd2c22fe7c0d27bb19ab43e60692b6ef006f27cdb18395ea

SHA512
e6de0a359b0219932ab0cbff20a5d2ed07b2aae1fcc1cdc97f90e4a29c57052e97e6a305699c20fa8ae35fcafd2bff8ec3fb99dfa817e4b4821f42d12f81e3d4

Download Submit
C:\Windows\system\nIitEnL.exe

Filesize
6.0MB

MD5
9b7f8b6f2169389384c524b47eb3616e

SHA1
29507362d6e909d8b4e782fac3e876f8aead7994

SHA256
ded483e879145baa773f84b69512a9d22d77166ecbc4026699fb8489e6596ce2

SHA512
0edeb691df649c5494a36dfe0fe9d47d2cbe978850508fe9160de0a9593c0724b91e3948b795d2af6a03cb41cf0db8616b7a59293f0ddc89449e3ba191a94a5f

Download Submit
C:\Windows\system\oBkNCIM.exe

Filesize
6.0MB

MD5
333d9f8317868ea4da68551c10afb2dc

SHA1
b7e93b8dbc5f614b53f64ba0bf22b78882fbd5c0

SHA256
c47b20a180d31f963d349b57a35ce07a43f9fa4fdef5f77ed3e8bedc2480b2bb

SHA512
9fc0068d73af3dd21d437aad06cbb141df7e84311dc4410be6cf74bbf225c766ff8278e34803cf23c311ff7331f49c07b53c71c99a8718e42ae64fa5ea09f37f

Download Submit
C:\Windows\system\oeGhIyz.exe

Filesize
6.0MB

MD5
f46eb8bb54fd5b38c4818f9e3e20ce81

SHA1
0a347838511d9585b72e079e012b444e3d4491db

SHA256
bd278bb17098f7f7aeb3df424299e7770b78993e7f24f9830c6a440e299922db

SHA512
4f966799f5b39a316dfb24e97b732a861e5dae7c1f67cf6e54cb10849223e95e3dc06c489cf2d0e17d7022941fc7de6e3ada922533964308466a89e120979fcf

Download Submit
C:\Windows\system\pFKUXHi.exe

Filesize
6.0MB

MD5
90d4f5ae01f12eada61aa3b4ea819bdb

SHA1
5f08fe5a8446428cfccc843a85c7f5af7d00be90

SHA256
26988390be1fdb532a24c10d325f14bce21c097cc256df8a1811b16cf498e089

SHA512
df2fefae482ac6084f693efd2e032356b0f9d0c50961f31eccff88cff1dd4ac76b5b7970f05e3a85d4ba0459c00ecaafdd09d3958a1cf93f534a819672f2978d

Download Submit
C:\Windows\system\rOziqVQ.exe

Filesize
6.0MB

MD5
3890dff95587009d37f340f75d398ec7

SHA1
bae49bfbc5223f269a639bbdb8f07bffcd59feba

SHA256
6343582fc229a53e893c2489cf4fecbbb19e1acb9288668718c309c77bd01e3c

SHA512
a20322addee22ecb21ca557a9b119db72604559a54fc1971fe617b05e8107730302f7bb1332826e013769bf0ad3350d39973c87cd0567b7e204c7a189a9e0b58

Download Submit
C:\Windows\system\uyQGNKB.exe

Filesize
6.0MB

MD5
6bdceb6264a6964443bcdb94660cf153

SHA1
ea99fab67dfafd1ab480b08d38f532383020a86f

SHA256
94672f2f6b7d44d1e0a1f64a29811ea5696fddab99442b68f623092bc9feac44

SHA512
a40dae6132f8071e271fc65432ca151cd618630445fe7d8fa67748b7d21f33c8fb7937cc240b46216b4d71379bd868a6c395f368672e275a7c70e99bab7e7913

Download Submit
C:\Windows\system\vfovXWd.exe

Filesize
6.0MB

MD5
59702779bac17f1f6b2953c213add521

SHA1
aa51cf9762d4283bba7952fb4a97ce4b33b8a291

SHA256
a553207cb0fa7a581f7d1862565ea060359ccabd7da5add5bc78b9376d354b41

SHA512
8cef4da9ce00b745c905215d782ab56c207c8f4d2713fee765fd875f084ea44783668e035d54d772b2d2295ea6038233f51c36c8183206a7a1dcca54ce7d9c88

Download Submit
C:\Windows\system\vvisxHJ.exe

Filesize
6.0MB

MD5
5d1fe4d0da3c7f16a77ea640dc1c0176

SHA1
d22a19c26f087722953fdbb5de51daaef2d3c2bd

SHA256
f6507f2a7f72da9e38ba5f72c9d14c4cf87409db687ad6ef5f87f9b93bbbfcd1

SHA512
c22f2047432c1b009880eca82f2fafcf703fa591aaf46752a286c6ffbdaed6854f4d2dc5922a9b5902442be183575f07f99c03c7fa7ac82b5993ae96fc629293

Download Submit
C:\Windows\system\zTOyoHr.exe

Filesize
6.0MB

MD5
d97bfc3da3fe86294c070b01161659c2

SHA1
1c4c6ebeb77991792c8de07121719fe3d5ff4127

SHA256
4bfcc37c8ec873ee7f9d0e7e3f613f9c3e08c94f579951b77b3909c87907c4b0

SHA512
a4b30e7954de74922c94d6754aa3ad94384cd899585d1a143c2c89132befa27199962ff954615e9f0fe550488d9015d7224c932a32b34829dc59b2cfd7802af9

Download Submit
C:\Windows\system\zlOUCPc.exe

Filesize
6.0MB

MD5
fcb1bf80dadf3f3ce11fbafdf857a331

SHA1
4682b5ab109c33ec6624af387204fb51f9f086bc

SHA256
36c1f0437345d8ab4f6866ffb6d1469a9d99527d081f3d715de66632a658c416

SHA512
a92594cdcdad0a762696fe83992703c4665ec64a6373d0369a6dbb8e2b83c98e7663011fd78ecab276ce402652c17bd7dae1e4ffe94d98bef9d3d731cdae5743

Download Submit
\Windows\system\BzhCtNO.exe

Filesize
6.0MB

MD5
f96d5f911700b91daf64fc2b673bc679

SHA1
57124f2376e974b45cfd95258229d49495eec263

SHA256
a9326de7d8a112b4af0136cd7027be26f6456c83636652b16d2ce172187ff1ea

SHA512
cdf5f8e5a3fb5c671b13b44f79f0037e5baf30596dd41af709120d237221d0d6b552fb22a3f3b1c9b90d366e67cf6429c4940de4cfc5afa73a3e19cc4fa637b9

Download Submit
\Windows\system\LUWYrus.exe

Filesize
6.0MB

MD5
5a52c06529d09f3ec9f6889cbc1371c5

SHA1
8a8c238c418290df6465abec44da06c20a195ec0

SHA256
cd71e89c88d50a75a4e2635ac85d0d5c158d027805c91dd9e237163c50f3bc63

SHA512
af938c8bf45ba644175bedcfdf68be31554c99b3a5b36268af17de755568151a602c7aed02c5b89f02b909de3b949c8c38fb19ea9dbdc89a63447bf41f9aaca7

Download Submit
\Windows\system\RsOGcaH.exe

Filesize
6.0MB

MD5
373b57d9ae17eda7ab7f33359a1e8063

SHA1
1edcf328b8dbc5feb9bd3ac49d9e05f41c3fdd58

SHA256
6baa81323db2cc1ec35afb28e69949b6750ba4c3bfe1cee813481a40c7c1e2a5

SHA512
57d4e76e982bbd44b43e2d0ac68dcf57d1d5c0aff912cac98bc06fdef8b2a56f81c08c88e7b0029d4cef2dd75354cfb24ce2a7e5ccc342700531b638a4c08542

Download Submit
\Windows\system\WfwJEDe.exe

Filesize
6.0MB

MD5
fbef2f9b4a93e7ee98823f5fbd2cba72

SHA1
c7759b97e774816e91f68936b9b2070825729944

SHA256
4c7ad7d4528580c7b0cb39051f189274d27a8448c45cc54d3c9ac366257754aa

SHA512
45571900d3dec8cc686af01c0a89da0eeb121d2f835b7b42e677bdfe2e499bf70ed8faf82c6c245d432764e53225d9b502cb5c65f218a2bc953321f1b3f37311

Download Submit
\Windows\system\agoAEFK.exe

Filesize
6.0MB

MD5
55b8757d68211fb7981c007c4e3c5ddc

SHA1
55af32fbc03f4ee90da76cebaf44eecb0af420ea

SHA256
73eb788c73a5e830e87a6708a0dba57c2c5b9ddc5774f1d37b4ec9650ddf391a

SHA512
2bfd4771be0c8a11be01ded486ed86607f25d186438865be709a123180f0dacef8c09f98e465e217fc1d3948bfd6b40eab3e9168b24373ef008b6e2ac786e4cf

Download Submit
\Windows\system\grRSNPp.exe

Filesize
6.0MB

MD5
7043f12cd310829c11f6f177d1a7064c

SHA1
b72b8871913be6414c7315bf08e90b9fd6242536

SHA256
0430bb46ca70699ffc5e2377b53b0e323a58e5a4a9baf9e45788ca120a41fa4a

SHA512
780a6ea337efcd62c18912fb324b7501a02dde3582d961982f4a2a0731974c310800ff0d74a42282c5b1dc2329ddccdd77a155e31163fdfccfc1301bdc191dd3

Download Submit
\Windows\system\hgFAflx.exe

Filesize
6.0MB

MD5
b6b6eff33d8387941ffe2dd7db25b7cc

SHA1
0641aa8f952e879aba67a0e59d40bc38150aef60

SHA256
05910616b2e8dc6bf7d7d22e8c19394fd0a4fc6d600c436153f6f4c08f11b24f

SHA512
a44467bae7dedfa918bcd2829519f75f9f3ed0e4cb2c6c4d47f6294282f239ab10c3f779fb5463e86139624cb059548e806b3bdcb2300c8230f6d09a88913475

Download Submit
memory/624-25-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/624-630-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/624-354-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/624-105-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/624-980-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/624-290-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/624-88-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/624-78-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/624-77-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/624-75-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/624-0-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/624-35-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/624-30-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/624-58-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/624-14-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/624-51-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/624-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1568-74-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1568-3507-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1568-16-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2096-81-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2096-3655-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2156-3630-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-96-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-39-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-725-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2472-3702-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2472-91-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2520-28-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3505-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2520-87-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2608-37-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2608-10-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3506-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2688-99-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2688-882-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3661-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2720-20-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3501-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2720-82-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2748-83-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3651-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-68-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3652-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3706-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2796-85-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2796-542-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2824-40-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3642-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2824-103-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3650-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-104-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-56-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3646-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/3000-80-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download