cobaltstrike | 1487bf73745299f23ac3d01289c770149749b88f51f2ae5c46a4b384e8b3d31b

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
03-01-2025 10:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

09fcf195f1f50c44572a1b91169a02f3
SHA1

d06d13f707721edfb7aac93fea9314fe2a86961d
SHA256

1487bf73745299f23ac3d01289c770149749b88f51f2ae5c46a4b384e8b3d31b
SHA512

0fc536ad22670a0257c2e77d5ff2d580bf8fefa9818a7564b8f859356910f9b85f23a7b31811793a2a4093418ac939d73928122e9095f45b0b26571f8c808f9c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUZ:T+q56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fc-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019326-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019394-12.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193a0-23.dat	cobalt_reflective_dll
behavioral1/files/0x0026000000018b89-28.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193b8-35.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019470-46.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c7-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019489-63.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019480-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-90.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/796-0-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fc-6.dat	xmrig
behavioral1/memory/2852-8-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0008000000019326-9.dat	xmrig
behavioral1/memory/2540-14-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/files/0x0007000000019394-12.dat	xmrig
behavioral1/memory/2940-21-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x00060000000193a0-23.dat	xmrig
behavioral1/files/0x0026000000018b89-28.dat	xmrig
behavioral1/files/0x00060000000193b8-35.dat	xmrig
behavioral1/memory/2464-41-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2672-47-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2800-53-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2688-55-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2960-54-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019470-46.dat	xmrig
behavioral1/files/0x00060000000193c7-38.dat	xmrig
behavioral1/files/0x0007000000019489-63.dat	xmrig
behavioral1/memory/2708-61-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019480-60.dat	xmrig
behavioral1/memory/796-57-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2272-68-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a03c-83.dat	xmrig
behavioral1/memory/952-76-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/1432-84-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fdd-75.dat	xmrig
behavioral1/memory/796-73-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2540-72-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/796-81-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2940-80-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/796-64-0x0000000002220000-0x0000000002574000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b6-93.dat	xmrig
behavioral1/memory/1744-97-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2448-91-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x000500000001a309-104.dat	xmrig
behavioral1/files/0x000500000001a404-135.dat	xmrig
behavioral1/memory/2464-1526-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2540-1480-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2672-1546-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2272-1547-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2800-1545-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2688-1544-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2960-1543-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2940-1542-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/1744-399-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/796-347-0x0000000002220000-0x0000000002574000-memory.dmp	xmrig
behavioral1/memory/2448-315-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/1432-272-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/952-225-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46f-187.dat	xmrig
behavioral1/files/0x000500000001a471-191.dat	xmrig
behavioral1/files/0x000500000001a46b-175.dat	xmrig
behavioral1/files/0x000500000001a463-165.dat	xmrig
behavioral1/files/0x000500000001a457-155.dat	xmrig
behavioral1/files/0x000500000001a46d-180.dat	xmrig
behavioral1/files/0x000500000001a469-171.dat	xmrig
behavioral1/memory/2852-1548-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x000500000001a459-160.dat	xmrig
behavioral1/files/0x000500000001a44d-146.dat	xmrig
behavioral1/files/0x000500000001a44f-149.dat	xmrig
behavioral1/files/0x000500000001a438-140.dat	xmrig
behavioral1/memory/2272-132-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a400-129.dat	xmrig
behavioral1/files/0x000500000001a3fd-124.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2852	EvCewIt.exe
2540	PWfyeGU.exe
2940	wNfxqyU.exe
2464	RAoevux.exe
2672	qVUKApx.exe
2960	WMKwgIl.exe
2688	ivBsEfg.exe
2800	zvVDvIv.exe
2708	zlSRUAZ.exe
2272	IuboQZE.exe
952	CZGrgvK.exe
1432	mWWLajQ.exe
2448	rRDColT.exe
1744	MSYlvNS.exe
2612	usBCjLd.exe
1992	SUqJAHR.exe
3032	PMAEirb.exe
2764	IzlmkdU.exe
540	HwJlAJK.exe
3004	TbriZfz.exe
2424	myQbuvs.exe
1204	ZUcyRCr.exe
2084	PGuXrWD.exe
2064	jrgbxTL.exe
2168	PUCzVhW.exe
2840	sCANodw.exe
1872	pSRbYMA.exe
2208	slrohnL.exe
2388	YCFldAT.exe
2412	MOROGJx.exe
2068	fpQSLZE.exe
2164	nuCXYgS.exe
2552	uHMLOfU.exe
928	Tquwdok.exe
2044	THTWwUL.exe
1752	Ajjywpu.exe
968	DEffFow.exe
1020	TIkMSqz.exe
1812	BuygiuZ.exe
2636	bYTyXZg.exe
440	IZbTBxA.exe
1748	bJaNxao.exe
2012	GCINFtO.exe
1064	DNfUWfg.exe
2004	cayQMbV.exe
1564	gIEDXjs.exe
2240	uqiwRWU.exe
1152	sUaaiMQ.exe
2500	ZOvSEhD.exe
996	YadeGmQ.exe
1080	cluBpDR.exe
880	KtErYaV.exe
1692	aScTbjS.exe
1720	XCvRDaA.exe
2408	rhUbEyq.exe
1604	RelhqTl.exe
2936	RimFBaE.exe
2772	elysSlC.exe
2848	BpRYWnd.exe
2720	yTZPLMo.exe
1640	GCROuBd.exe
1048	vtjDrwv.exe
2892	VFPLSXL.exe
2956	xNioYNE.exe

Loads dropped DLL 64 IoCs

pid	Process
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/796-0-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x00070000000120fc-6.dat	upx
behavioral1/memory/2852-8-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x0008000000019326-9.dat	upx
behavioral1/memory/2540-14-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/files/0x0007000000019394-12.dat	upx
behavioral1/memory/2940-21-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x00060000000193a0-23.dat	upx
behavioral1/files/0x0026000000018b89-28.dat	upx
behavioral1/files/0x00060000000193b8-35.dat	upx
behavioral1/memory/2464-41-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2672-47-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2800-53-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2688-55-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2960-54-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0006000000019470-46.dat	upx
behavioral1/files/0x00060000000193c7-38.dat	upx
behavioral1/files/0x0007000000019489-63.dat	upx
behavioral1/memory/2708-61-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x0008000000019480-60.dat	upx
behavioral1/memory/796-57-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2272-68-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x000500000001a03c-83.dat	upx
behavioral1/memory/952-76-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/1432-84-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0005000000019fdd-75.dat	upx
behavioral1/memory/2540-72-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2940-80-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x000500000001a0b6-93.dat	upx
behavioral1/memory/1744-97-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2448-91-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x000500000001a309-104.dat	upx
behavioral1/files/0x000500000001a404-135.dat	upx
behavioral1/memory/2464-1526-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2540-1480-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2672-1546-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2272-1547-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2800-1545-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2688-1544-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2960-1543-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2940-1542-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/1744-399-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2448-315-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/1432-272-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/952-225-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x000500000001a46f-187.dat	upx
behavioral1/files/0x000500000001a471-191.dat	upx
behavioral1/files/0x000500000001a46b-175.dat	upx
behavioral1/files/0x000500000001a463-165.dat	upx
behavioral1/files/0x000500000001a457-155.dat	upx
behavioral1/files/0x000500000001a46d-180.dat	upx
behavioral1/files/0x000500000001a469-171.dat	upx
behavioral1/memory/2852-1548-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x000500000001a459-160.dat	upx
behavioral1/files/0x000500000001a44d-146.dat	upx
behavioral1/files/0x000500000001a44f-149.dat	upx
behavioral1/files/0x000500000001a438-140.dat	upx
behavioral1/memory/2272-132-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x000500000001a400-129.dat	upx
behavioral1/files/0x000500000001a3fd-124.dat	upx
behavioral1/files/0x000500000001a3f8-119.dat	upx
behavioral1/files/0x000500000001a3f6-114.dat	upx
behavioral1/files/0x000500000001a3ab-109.dat	upx
behavioral1/memory/2448-1553-0x000000013F710000-0x000000013FA64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZsnPuuT.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrwmAHk.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXaJIDd.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPtnAcf.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGDAsrU.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erVvhaC.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJksvzy.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyFJmJz.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wzZYfxy.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HfEtqMe.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awXdcFA.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAZMcUW.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NfDLIoI.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSGUvZs.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHxdBxs.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqcrqly.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvmggKN.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaFPNSZ.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqFwkzk.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCEKErP.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrwdwGy.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rosWsFQ.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icOQDBg.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPcPUlG.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWWQwEl.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnraZWc.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImBkVbz.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdETITx.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWhduiJ.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWASArf.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDXbjog.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDtnoTk.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xScyErv.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQULtZg.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZNzZtma.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RelhqTl.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWPKMTK.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BPEuIlq.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jdjvdhq.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpBlHoa.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuRzABH.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcBpkJh.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmWBTVm.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKUXJIl.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEOYmzx.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDVweAj.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XCvRDaA.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLwYJCC.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzMeLzB.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKsZWsA.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOROGJx.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JBqDqFL.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cvkciUp.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTryAOD.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUkDWNb.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFhnxsU.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHpYEej.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DopjPKo.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxGyUgy.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnULlFE.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnkdQhz.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLGLCFM.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWFdNvL.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAbBLRs.exe	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 796 wrote to memory of 2852	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 796 wrote to memory of 2852	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 796 wrote to memory of 2852	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 796 wrote to memory of 2540	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 796 wrote to memory of 2540	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 796 wrote to memory of 2540	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 796 wrote to memory of 2940	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 796 wrote to memory of 2940	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 796 wrote to memory of 2940	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 796 wrote to memory of 2464	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 796 wrote to memory of 2464	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 796 wrote to memory of 2464	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 796 wrote to memory of 2672	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 796 wrote to memory of 2672	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 796 wrote to memory of 2672	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 796 wrote to memory of 2960	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 796 wrote to memory of 2960	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 796 wrote to memory of 2960	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 796 wrote to memory of 2688	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 796 wrote to memory of 2688	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 796 wrote to memory of 2688	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 796 wrote to memory of 2800	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 796 wrote to memory of 2800	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 796 wrote to memory of 2800	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 796 wrote to memory of 2708	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 796 wrote to memory of 2708	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 796 wrote to memory of 2708	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 796 wrote to memory of 2272	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 796 wrote to memory of 2272	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 796 wrote to memory of 2272	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 796 wrote to memory of 952	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 796 wrote to memory of 952	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 796 wrote to memory of 952	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 796 wrote to memory of 1432	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 796 wrote to memory of 1432	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 796 wrote to memory of 1432	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 796 wrote to memory of 2448	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 796 wrote to memory of 2448	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 796 wrote to memory of 2448	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 796 wrote to memory of 1744	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 796 wrote to memory of 1744	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 796 wrote to memory of 1744	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 796 wrote to memory of 2612	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 796 wrote to memory of 2612	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 796 wrote to memory of 2612	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 796 wrote to memory of 1992	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 796 wrote to memory of 1992	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 796 wrote to memory of 1992	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 796 wrote to memory of 3032	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 796 wrote to memory of 3032	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 796 wrote to memory of 3032	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 796 wrote to memory of 2764	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 796 wrote to memory of 2764	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 796 wrote to memory of 2764	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 796 wrote to memory of 540	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 796 wrote to memory of 540	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 796 wrote to memory of 540	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 796 wrote to memory of 3004	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 796 wrote to memory of 3004	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 796 wrote to memory of 3004	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 796 wrote to memory of 2424	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 796 wrote to memory of 2424	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 796 wrote to memory of 2424	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 796 wrote to memory of 1204	796	2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_09fcf195f1f50c44572a1b91169a02f3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:796
- C:\Windows\System\EvCewIt.exe
  C:\Windows\System\EvCewIt.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\PWfyeGU.exe
  C:\Windows\System\PWfyeGU.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\wNfxqyU.exe
  C:\Windows\System\wNfxqyU.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\RAoevux.exe
  C:\Windows\System\RAoevux.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\qVUKApx.exe
  C:\Windows\System\qVUKApx.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\WMKwgIl.exe
  C:\Windows\System\WMKwgIl.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\ivBsEfg.exe
  C:\Windows\System\ivBsEfg.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\zvVDvIv.exe
  C:\Windows\System\zvVDvIv.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\zlSRUAZ.exe
  C:\Windows\System\zlSRUAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\IuboQZE.exe
  C:\Windows\System\IuboQZE.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\CZGrgvK.exe
  C:\Windows\System\CZGrgvK.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\mWWLajQ.exe
  C:\Windows\System\mWWLajQ.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\rRDColT.exe
  C:\Windows\System\rRDColT.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\MSYlvNS.exe
  C:\Windows\System\MSYlvNS.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\usBCjLd.exe
  C:\Windows\System\usBCjLd.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\SUqJAHR.exe
  C:\Windows\System\SUqJAHR.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\PMAEirb.exe
  C:\Windows\System\PMAEirb.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\IzlmkdU.exe
  C:\Windows\System\IzlmkdU.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\HwJlAJK.exe
  C:\Windows\System\HwJlAJK.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\TbriZfz.exe
  C:\Windows\System\TbriZfz.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\myQbuvs.exe
  C:\Windows\System\myQbuvs.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\ZUcyRCr.exe
  C:\Windows\System\ZUcyRCr.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\PGuXrWD.exe
  C:\Windows\System\PGuXrWD.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\jrgbxTL.exe
  C:\Windows\System\jrgbxTL.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\PUCzVhW.exe
  C:\Windows\System\PUCzVhW.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\sCANodw.exe
  C:\Windows\System\sCANodw.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\pSRbYMA.exe
  C:\Windows\System\pSRbYMA.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\slrohnL.exe
  C:\Windows\System\slrohnL.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\YCFldAT.exe
  C:\Windows\System\YCFldAT.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\MOROGJx.exe
  C:\Windows\System\MOROGJx.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\fpQSLZE.exe
  C:\Windows\System\fpQSLZE.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\nuCXYgS.exe
  C:\Windows\System\nuCXYgS.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\uHMLOfU.exe
  C:\Windows\System\uHMLOfU.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\Tquwdok.exe
  C:\Windows\System\Tquwdok.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\THTWwUL.exe
  C:\Windows\System\THTWwUL.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\Ajjywpu.exe
  C:\Windows\System\Ajjywpu.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\DEffFow.exe
  C:\Windows\System\DEffFow.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\TIkMSqz.exe
  C:\Windows\System\TIkMSqz.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\BuygiuZ.exe
  C:\Windows\System\BuygiuZ.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\bYTyXZg.exe
  C:\Windows\System\bYTyXZg.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\IZbTBxA.exe
  C:\Windows\System\IZbTBxA.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\bJaNxao.exe
  C:\Windows\System\bJaNxao.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\DNfUWfg.exe
  C:\Windows\System\DNfUWfg.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\GCINFtO.exe
  C:\Windows\System\GCINFtO.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\cayQMbV.exe
  C:\Windows\System\cayQMbV.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\gIEDXjs.exe
  C:\Windows\System\gIEDXjs.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\uqiwRWU.exe
  C:\Windows\System\uqiwRWU.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\sUaaiMQ.exe
  C:\Windows\System\sUaaiMQ.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\ZOvSEhD.exe
  C:\Windows\System\ZOvSEhD.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\YadeGmQ.exe
  C:\Windows\System\YadeGmQ.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\cluBpDR.exe
  C:\Windows\System\cluBpDR.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\KtErYaV.exe
  C:\Windows\System\KtErYaV.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\rhUbEyq.exe
  C:\Windows\System\rhUbEyq.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\aScTbjS.exe
  C:\Windows\System\aScTbjS.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\RelhqTl.exe
  C:\Windows\System\RelhqTl.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\XCvRDaA.exe
  C:\Windows\System\XCvRDaA.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\RimFBaE.exe
  C:\Windows\System\RimFBaE.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\elysSlC.exe
  C:\Windows\System\elysSlC.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\BpRYWnd.exe
  C:\Windows\System\BpRYWnd.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\yTZPLMo.exe
  C:\Windows\System\yTZPLMo.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\GCROuBd.exe
  C:\Windows\System\GCROuBd.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\vtjDrwv.exe
  C:\Windows\System\vtjDrwv.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\VFPLSXL.exe
  C:\Windows\System\VFPLSXL.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\xNioYNE.exe
  C:\Windows\System\xNioYNE.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\AglZyNB.exe
  C:\Windows\System\AglZyNB.exe
  2⤵
  PID:640
- C:\Windows\System\lxHGuxh.exe
  C:\Windows\System\lxHGuxh.exe
  2⤵
  PID:3024
- C:\Windows\System\cHmgeMN.exe
  C:\Windows\System\cHmgeMN.exe
  2⤵
  PID:2072
- C:\Windows\System\iLmXDTA.exe
  C:\Windows\System\iLmXDTA.exe
  2⤵
  PID:1060
- C:\Windows\System\gIATJNy.exe
  C:\Windows\System\gIATJNy.exe
  2⤵
  PID:760
- C:\Windows\System\RNeeqjv.exe
  C:\Windows\System\RNeeqjv.exe
  2⤵
  PID:1820
- C:\Windows\System\aCBvYer.exe
  C:\Windows\System\aCBvYer.exe
  2⤵
  PID:1372
- C:\Windows\System\CJZceaM.exe
  C:\Windows\System\CJZceaM.exe
  2⤵
  PID:2216
- C:\Windows\System\UHkuJOu.exe
  C:\Windows\System\UHkuJOu.exe
  2⤵
  PID:676
- C:\Windows\System\SPhkwqV.exe
  C:\Windows\System\SPhkwqV.exe
  2⤵
  PID:948
- C:\Windows\System\hSyvEIn.exe
  C:\Windows\System\hSyvEIn.exe
  2⤵
  PID:700
- C:\Windows\System\MFhnxsU.exe
  C:\Windows\System\MFhnxsU.exe
  2⤵
  PID:560
- C:\Windows\System\jWonQAz.exe
  C:\Windows\System\jWonQAz.exe
  2⤵
  PID:280
- C:\Windows\System\kJNfHVt.exe
  C:\Windows\System\kJNfHVt.exe
  2⤵
  PID:1536
- C:\Windows\System\WHpYEej.exe
  C:\Windows\System\WHpYEej.exe
  2⤵
  PID:1724
- C:\Windows\System\mGRyaAE.exe
  C:\Windows\System\mGRyaAE.exe
  2⤵
  PID:864
- C:\Windows\System\fXQtnOb.exe
  C:\Windows\System\fXQtnOb.exe
  2⤵
  PID:2000
- C:\Windows\System\ZWtoyHO.exe
  C:\Windows\System\ZWtoyHO.exe
  2⤵
  PID:2524
- C:\Windows\System\IXscosL.exe
  C:\Windows\System\IXscosL.exe
  2⤵
  PID:1300
- C:\Windows\System\LbXPGpz.exe
  C:\Windows\System\LbXPGpz.exe
  2⤵
  PID:568
- C:\Windows\System\WqHBspy.exe
  C:\Windows\System\WqHBspy.exe
  2⤵
  PID:1096
- C:\Windows\System\FDByOMJ.exe
  C:\Windows\System\FDByOMJ.exe
  2⤵
  PID:2144
- C:\Windows\System\gJQdPqW.exe
  C:\Windows\System\gJQdPqW.exe
  2⤵
  PID:860
- C:\Windows\System\JzwLukt.exe
  C:\Windows\System\JzwLukt.exe
  2⤵
  PID:1584
- C:\Windows\System\yttmSgP.exe
  C:\Windows\System\yttmSgP.exe
  2⤵
  PID:1596
- C:\Windows\System\BwmMTCo.exe
  C:\Windows\System\BwmMTCo.exe
  2⤵
  PID:2476
- C:\Windows\System\YzZmDKU.exe
  C:\Windows\System\YzZmDKU.exe
  2⤵
  PID:2816
- C:\Windows\System\gjozMEv.exe
  C:\Windows\System\gjozMEv.exe
  2⤵
  PID:2692
- C:\Windows\System\IGdNqGO.exe
  C:\Windows\System\IGdNqGO.exe
  2⤵
  PID:1144
- C:\Windows\System\pUoDidk.exe
  C:\Windows\System\pUoDidk.exe
  2⤵
  PID:1236
- C:\Windows\System\DzZavzx.exe
  C:\Windows\System\DzZavzx.exe
  2⤵
  PID:2788
- C:\Windows\System\MKkJLPi.exe
  C:\Windows\System\MKkJLPi.exe
  2⤵
  PID:2812
- C:\Windows\System\NGDAsrU.exe
  C:\Windows\System\NGDAsrU.exe
  2⤵
  PID:2988
- C:\Windows\System\JyDKakS.exe
  C:\Windows\System\JyDKakS.exe
  2⤵
  PID:2980
- C:\Windows\System\TtSvxml.exe
  C:\Windows\System\TtSvxml.exe
  2⤵
  PID:2444
- C:\Windows\System\ERgxkPJ.exe
  C:\Windows\System\ERgxkPJ.exe
  2⤵
  PID:2112
- C:\Windows\System\fZSUxvU.exe
  C:\Windows\System\fZSUxvU.exe
  2⤵
  PID:1288
- C:\Windows\System\lQLEINu.exe
  C:\Windows\System\lQLEINu.exe
  2⤵
  PID:1008
- C:\Windows\System\OWPKMTK.exe
  C:\Windows\System\OWPKMTK.exe
  2⤵
  PID:2968
- C:\Windows\System\KJUlYEC.exe
  C:\Windows\System\KJUlYEC.exe
  2⤵
  PID:1400
- C:\Windows\System\CcOTwOM.exe
  C:\Windows\System\CcOTwOM.exe
  2⤵
  PID:2028
- C:\Windows\System\LhnZEJw.exe
  C:\Windows\System\LhnZEJw.exe
  2⤵
  PID:2316
- C:\Windows\System\wZRNuXR.exe
  C:\Windows\System\wZRNuXR.exe
  2⤵
  PID:916
- C:\Windows\System\NxFcWkQ.exe
  C:\Windows\System\NxFcWkQ.exe
  2⤵
  PID:2556
- C:\Windows\System\VwroFrb.exe
  C:\Windows\System\VwroFrb.exe
  2⤵
  PID:1856
- C:\Windows\System\RzPtWZF.exe
  C:\Windows\System\RzPtWZF.exe
  2⤵
  PID:1508
- C:\Windows\System\FUJLvGr.exe
  C:\Windows\System\FUJLvGr.exe
  2⤵
  PID:2804
- C:\Windows\System\eEszrHO.exe
  C:\Windows\System\eEszrHO.exe
  2⤵
  PID:2124
- C:\Windows\System\UXnIZjT.exe
  C:\Windows\System\UXnIZjT.exe
  2⤵
  PID:3048
- C:\Windows\System\xRFKwlk.exe
  C:\Windows\System\xRFKwlk.exe
  2⤵
  PID:2952
- C:\Windows\System\RYnyWKH.exe
  C:\Windows\System\RYnyWKH.exe
  2⤵
  PID:1732
- C:\Windows\System\JsAipAq.exe
  C:\Windows\System\JsAipAq.exe
  2⤵
  PID:2368
- C:\Windows\System\JbpFhTY.exe
  C:\Windows\System\JbpFhTY.exe
  2⤵
  PID:316
- C:\Windows\System\BYAcsxk.exe
  C:\Windows\System\BYAcsxk.exe
  2⤵
  PID:3084
- C:\Windows\System\YaQKMLz.exe
  C:\Windows\System\YaQKMLz.exe
  2⤵
  PID:3104
- C:\Windows\System\lurqGNb.exe
  C:\Windows\System\lurqGNb.exe
  2⤵
  PID:3124
- C:\Windows\System\ltLAsWY.exe
  C:\Windows\System\ltLAsWY.exe
  2⤵
  PID:3144
- C:\Windows\System\eQffodC.exe
  C:\Windows\System\eQffodC.exe
  2⤵
  PID:3164
- C:\Windows\System\uEobgsR.exe
  C:\Windows\System\uEobgsR.exe
  2⤵
  PID:3184
- C:\Windows\System\XOLxvfe.exe
  C:\Windows\System\XOLxvfe.exe
  2⤵
  PID:3204
- C:\Windows\System\dihEZkZ.exe
  C:\Windows\System\dihEZkZ.exe
  2⤵
  PID:3228
- C:\Windows\System\GzErSbF.exe
  C:\Windows\System\GzErSbF.exe
  2⤵
  PID:3248
- C:\Windows\System\MFHpPRd.exe
  C:\Windows\System\MFHpPRd.exe
  2⤵
  PID:3268
- C:\Windows\System\doCylHP.exe
  C:\Windows\System\doCylHP.exe
  2⤵
  PID:3288
- C:\Windows\System\lSoHIQm.exe
  C:\Windows\System\lSoHIQm.exe
  2⤵
  PID:3308
- C:\Windows\System\HkBbHtY.exe
  C:\Windows\System\HkBbHtY.exe
  2⤵
  PID:3324
- C:\Windows\System\gVZPtyl.exe
  C:\Windows\System\gVZPtyl.exe
  2⤵
  PID:3352
- C:\Windows\System\ZwKHLIN.exe
  C:\Windows\System\ZwKHLIN.exe
  2⤵
  PID:3372
- C:\Windows\System\TeKNsav.exe
  C:\Windows\System\TeKNsav.exe
  2⤵
  PID:3392
- C:\Windows\System\qQhOcFb.exe
  C:\Windows\System\qQhOcFb.exe
  2⤵
  PID:3412
- C:\Windows\System\kfYRExj.exe
  C:\Windows\System\kfYRExj.exe
  2⤵
  PID:3432
- C:\Windows\System\JZyeUWz.exe
  C:\Windows\System\JZyeUWz.exe
  2⤵
  PID:3452
- C:\Windows\System\cTVOuMN.exe
  C:\Windows\System\cTVOuMN.exe
  2⤵
  PID:3472
- C:\Windows\System\zpUhqUR.exe
  C:\Windows\System\zpUhqUR.exe
  2⤵
  PID:3492
- C:\Windows\System\kAiTnjb.exe
  C:\Windows\System\kAiTnjb.exe
  2⤵
  PID:3512
- C:\Windows\System\AOfKgNV.exe
  C:\Windows\System\AOfKgNV.exe
  2⤵
  PID:3532
- C:\Windows\System\wTVFmMv.exe
  C:\Windows\System\wTVFmMv.exe
  2⤵
  PID:3556
- C:\Windows\System\yMlQMZx.exe
  C:\Windows\System\yMlQMZx.exe
  2⤵
  PID:3576
- C:\Windows\System\cvoBVZP.exe
  C:\Windows\System\cvoBVZP.exe
  2⤵
  PID:3596
- C:\Windows\System\NVhjeuG.exe
  C:\Windows\System\NVhjeuG.exe
  2⤵
  PID:3616
- C:\Windows\System\RnkdQhz.exe
  C:\Windows\System\RnkdQhz.exe
  2⤵
  PID:3636
- C:\Windows\System\eQufFHj.exe
  C:\Windows\System\eQufFHj.exe
  2⤵
  PID:3656
- C:\Windows\System\eRNvWQT.exe
  C:\Windows\System\eRNvWQT.exe
  2⤵
  PID:3676
- C:\Windows\System\kInvDDd.exe
  C:\Windows\System\kInvDDd.exe
  2⤵
  PID:3696
- C:\Windows\System\XrzAbVX.exe
  C:\Windows\System\XrzAbVX.exe
  2⤵
  PID:3720
- C:\Windows\System\ywNkjmo.exe
  C:\Windows\System\ywNkjmo.exe
  2⤵
  PID:3740
- C:\Windows\System\odVhPEX.exe
  C:\Windows\System\odVhPEX.exe
  2⤵
  PID:3760
- C:\Windows\System\njIfGgH.exe
  C:\Windows\System\njIfGgH.exe
  2⤵
  PID:3780
- C:\Windows\System\Txghnqy.exe
  C:\Windows\System\Txghnqy.exe
  2⤵
  PID:3800
- C:\Windows\System\btFDEVL.exe
  C:\Windows\System\btFDEVL.exe
  2⤵
  PID:3820
- C:\Windows\System\bQyyUNL.exe
  C:\Windows\System\bQyyUNL.exe
  2⤵
  PID:3840
- C:\Windows\System\GvYUGlp.exe
  C:\Windows\System\GvYUGlp.exe
  2⤵
  PID:3864
- C:\Windows\System\jemFOqj.exe
  C:\Windows\System\jemFOqj.exe
  2⤵
  PID:3884
- C:\Windows\System\NLGLCFM.exe
  C:\Windows\System\NLGLCFM.exe
  2⤵
  PID:3904
- C:\Windows\System\qRxgwhM.exe
  C:\Windows\System\qRxgwhM.exe
  2⤵
  PID:3924
- C:\Windows\System\WjyzXgo.exe
  C:\Windows\System\WjyzXgo.exe
  2⤵
  PID:3944
- C:\Windows\System\ZTdwKPm.exe
  C:\Windows\System\ZTdwKPm.exe
  2⤵
  PID:3964
- C:\Windows\System\XNhlhMD.exe
  C:\Windows\System\XNhlhMD.exe
  2⤵
  PID:3984
- C:\Windows\System\QrrElZj.exe
  C:\Windows\System\QrrElZj.exe
  2⤵
  PID:4004
- C:\Windows\System\yREWMgC.exe
  C:\Windows\System\yREWMgC.exe
  2⤵
  PID:4024
- C:\Windows\System\AlGCTDk.exe
  C:\Windows\System\AlGCTDk.exe
  2⤵
  PID:4044
- C:\Windows\System\hWClfwK.exe
  C:\Windows\System\hWClfwK.exe
  2⤵
  PID:4064
- C:\Windows\System\NXofugY.exe
  C:\Windows\System\NXofugY.exe
  2⤵
  PID:4088
- C:\Windows\System\xedZPNz.exe
  C:\Windows\System\xedZPNz.exe
  2⤵
  PID:2376
- C:\Windows\System\LBVmEdt.exe
  C:\Windows\System\LBVmEdt.exe
  2⤵
  PID:2172
- C:\Windows\System\qkUiaTc.exe
  C:\Windows\System\qkUiaTc.exe
  2⤵
  PID:612
- C:\Windows\System\dwNajYd.exe
  C:\Windows\System\dwNajYd.exe
  2⤵
  PID:2916
- C:\Windows\System\SetrTbU.exe
  C:\Windows\System\SetrTbU.exe
  2⤵
  PID:2092
- C:\Windows\System\BoJosUQ.exe
  C:\Windows\System\BoJosUQ.exe
  2⤵
  PID:2436
- C:\Windows\System\QMNdRvQ.exe
  C:\Windows\System\QMNdRvQ.exe
  2⤵
  PID:2844
- C:\Windows\System\uzMykhv.exe
  C:\Windows\System\uzMykhv.exe
  2⤵
  PID:2196
- C:\Windows\System\gBiVuof.exe
  C:\Windows\System\gBiVuof.exe
  2⤵
  PID:1188
- C:\Windows\System\xOKhnWo.exe
  C:\Windows\System\xOKhnWo.exe
  2⤵
  PID:2344
- C:\Windows\System\CTXXEZe.exe
  C:\Windows\System\CTXXEZe.exe
  2⤵
  PID:3092
- C:\Windows\System\yGQUBrF.exe
  C:\Windows\System\yGQUBrF.exe
  2⤵
  PID:3132
- C:\Windows\System\hUnmSeo.exe
  C:\Windows\System\hUnmSeo.exe
  2⤵
  PID:3136
- C:\Windows\System\EJsFjKp.exe
  C:\Windows\System\EJsFjKp.exe
  2⤵
  PID:3176
- C:\Windows\System\NEjfOHb.exe
  C:\Windows\System\NEjfOHb.exe
  2⤵
  PID:3224
- C:\Windows\System\AiCeFsy.exe
  C:\Windows\System\AiCeFsy.exe
  2⤵
  PID:3244
- C:\Windows\System\XJcFydm.exe
  C:\Windows\System\XJcFydm.exe
  2⤵
  PID:2684
- C:\Windows\System\PRARsqV.exe
  C:\Windows\System\PRARsqV.exe
  2⤵
  PID:3304
- C:\Windows\System\VDtnoTk.exe
  C:\Windows\System\VDtnoTk.exe
  2⤵
  PID:3316
- C:\Windows\System\MDDbJWf.exe
  C:\Windows\System\MDDbJWf.exe
  2⤵
  PID:3360
- C:\Windows\System\dKxiBFy.exe
  C:\Windows\System\dKxiBFy.exe
  2⤵
  PID:3408
- C:\Windows\System\hWquNcI.exe
  C:\Windows\System\hWquNcI.exe
  2⤵
  PID:3448
- C:\Windows\System\uLLuAkD.exe
  C:\Windows\System\uLLuAkD.exe
  2⤵
  PID:2908
- C:\Windows\System\KLHtbrl.exe
  C:\Windows\System\KLHtbrl.exe
  2⤵
  PID:2808
- C:\Windows\System\wuTgIOZ.exe
  C:\Windows\System\wuTgIOZ.exe
  2⤵
  PID:3552
- C:\Windows\System\FxisygQ.exe
  C:\Windows\System\FxisygQ.exe
  2⤵
  PID:3584
- C:\Windows\System\BLrEnXG.exe
  C:\Windows\System\BLrEnXG.exe
  2⤵
  PID:3604
- C:\Windows\System\hGufKrJ.exe
  C:\Windows\System\hGufKrJ.exe
  2⤵
  PID:3628
- C:\Windows\System\OPWVsRC.exe
  C:\Windows\System\OPWVsRC.exe
  2⤵
  PID:3648
- C:\Windows\System\iwAMaBm.exe
  C:\Windows\System\iwAMaBm.exe
  2⤵
  PID:3704
- C:\Windows\System\phHpHIf.exe
  C:\Windows\System\phHpHIf.exe
  2⤵
  PID:3748
- C:\Windows\System\AhiZYwQ.exe
  C:\Windows\System\AhiZYwQ.exe
  2⤵
  PID:3732
- C:\Windows\System\gaRwIca.exe
  C:\Windows\System\gaRwIca.exe
  2⤵
  PID:3792
- C:\Windows\System\eYNEoCw.exe
  C:\Windows\System\eYNEoCw.exe
  2⤵
  PID:3816
- C:\Windows\System\IOEqrgQ.exe
  C:\Windows\System\IOEqrgQ.exe
  2⤵
  PID:3880
- C:\Windows\System\LxUsTfa.exe
  C:\Windows\System\LxUsTfa.exe
  2⤵
  PID:3892
- C:\Windows\System\DopjPKo.exe
  C:\Windows\System\DopjPKo.exe
  2⤵
  PID:3916
- C:\Windows\System\ZMYcvCq.exe
  C:\Windows\System\ZMYcvCq.exe
  2⤵
  PID:3992
- C:\Windows\System\CeRsMsm.exe
  C:\Windows\System\CeRsMsm.exe
  2⤵
  PID:4000
- C:\Windows\System\wmKhiMr.exe
  C:\Windows\System\wmKhiMr.exe
  2⤵
  PID:4036
- C:\Windows\System\xPKFoVL.exe
  C:\Windows\System\xPKFoVL.exe
  2⤵
  PID:4060
- C:\Windows\System\mZiINrI.exe
  C:\Windows\System\mZiINrI.exe
  2⤵
  PID:1492
- C:\Windows\System\DKsSSIk.exe
  C:\Windows\System\DKsSSIk.exe
  2⤵
  PID:2032
- C:\Windows\System\fHELGaO.exe
  C:\Windows\System\fHELGaO.exe
  2⤵
  PID:1468
- C:\Windows\System\gHxdBxs.exe
  C:\Windows\System\gHxdBxs.exe
  2⤵
  PID:1588
- C:\Windows\System\wCQYFKM.exe
  C:\Windows\System\wCQYFKM.exe
  2⤵
  PID:696
- C:\Windows\System\mDXZQXT.exe
  C:\Windows\System\mDXZQXT.exe
  2⤵
  PID:972
- C:\Windows\System\RGFcnbM.exe
  C:\Windows\System\RGFcnbM.exe
  2⤵
  PID:3076
- C:\Windows\System\BCCoTxT.exe
  C:\Windows\System\BCCoTxT.exe
  2⤵
  PID:3120
- C:\Windows\System\miuNBXi.exe
  C:\Windows\System\miuNBXi.exe
  2⤵
  PID:3172
- C:\Windows\System\IqiPXWp.exe
  C:\Windows\System\IqiPXWp.exe
  2⤵
  PID:3220
- C:\Windows\System\zlgXTGp.exe
  C:\Windows\System\zlgXTGp.exe
  2⤵
  PID:3380
- C:\Windows\System\OMzxWRv.exe
  C:\Windows\System\OMzxWRv.exe
  2⤵
  PID:3336
- C:\Windows\System\jSzKjnM.exe
  C:\Windows\System\jSzKjnM.exe
  2⤵
  PID:3428
- C:\Windows\System\WoPRfIB.exe
  C:\Windows\System\WoPRfIB.exe
  2⤵
  PID:3468
- C:\Windows\System\emoKkHM.exe
  C:\Windows\System\emoKkHM.exe
  2⤵
  PID:3464
- C:\Windows\System\wrSudJu.exe
  C:\Windows\System\wrSudJu.exe
  2⤵
  PID:3564
- C:\Windows\System\AdXawOd.exe
  C:\Windows\System\AdXawOd.exe
  2⤵
  PID:3572
- C:\Windows\System\JYsESTn.exe
  C:\Windows\System\JYsESTn.exe
  2⤵
  PID:3716
- C:\Windows\System\kUMDvPH.exe
  C:\Windows\System\kUMDvPH.exe
  2⤵
  PID:3688
- C:\Windows\System\qaEyJAM.exe
  C:\Windows\System\qaEyJAM.exe
  2⤵
  PID:3776
- C:\Windows\System\xwIFkJM.exe
  C:\Windows\System\xwIFkJM.exe
  2⤵
  PID:3832
- C:\Windows\System\DRYONaH.exe
  C:\Windows\System\DRYONaH.exe
  2⤵
  PID:3952
- C:\Windows\System\SCbWAwM.exe
  C:\Windows\System\SCbWAwM.exe
  2⤵
  PID:3848
- C:\Windows\System\AmEmsrD.exe
  C:\Windows\System\AmEmsrD.exe
  2⤵
  PID:4032
- C:\Windows\System\NPSELlD.exe
  C:\Windows\System\NPSELlD.exe
  2⤵
  PID:2156
- C:\Windows\System\mTPDNWy.exe
  C:\Windows\System\mTPDNWy.exe
  2⤵
  PID:4016
- C:\Windows\System\GKJXbPY.exe
  C:\Windows\System\GKJXbPY.exe
  2⤵
  PID:2184
- C:\Windows\System\KdLbMJZ.exe
  C:\Windows\System\KdLbMJZ.exe
  2⤵
  PID:2284
- C:\Windows\System\SZkheTo.exe
  C:\Windows\System\SZkheTo.exe
  2⤵
  PID:2784
- C:\Windows\System\JWtIndb.exe
  C:\Windows\System\JWtIndb.exe
  2⤵
  PID:3116
- C:\Windows\System\REOTRHc.exe
  C:\Windows\System\REOTRHc.exe
  2⤵
  PID:3080
- C:\Windows\System\SYeXTao.exe
  C:\Windows\System\SYeXTao.exe
  2⤵
  PID:3348
- C:\Windows\System\EHkVMUC.exe
  C:\Windows\System\EHkVMUC.exe
  2⤵
  PID:3264
- C:\Windows\System\wQVxrjw.exe
  C:\Windows\System\wQVxrjw.exe
  2⤵
  PID:3400
- C:\Windows\System\wsLKueR.exe
  C:\Windows\System\wsLKueR.exe
  2⤵
  PID:3568
- C:\Windows\System\EmhiXkv.exe
  C:\Windows\System\EmhiXkv.exe
  2⤵
  PID:3644
- C:\Windows\System\vDfFwuw.exe
  C:\Windows\System\vDfFwuw.exe
  2⤵
  PID:3768
- C:\Windows\System\MKmJXAw.exe
  C:\Windows\System\MKmJXAw.exe
  2⤵
  PID:3808
- C:\Windows\System\bhkQUcK.exe
  C:\Windows\System\bhkQUcK.exe
  2⤵
  PID:3856
- C:\Windows\System\FUOwhbI.exe
  C:\Windows\System\FUOwhbI.exe
  2⤵
  PID:2292
- C:\Windows\System\gvrtDtE.exe
  C:\Windows\System\gvrtDtE.exe
  2⤵
  PID:1084
- C:\Windows\System\hGkgWqB.exe
  C:\Windows\System\hGkgWqB.exe
  2⤵
  PID:4084
- C:\Windows\System\JKQYvhR.exe
  C:\Windows\System\JKQYvhR.exe
  2⤵
  PID:4112
- C:\Windows\System\XYOhqPE.exe
  C:\Windows\System\XYOhqPE.exe
  2⤵
  PID:4136
- C:\Windows\System\xdNREaq.exe
  C:\Windows\System\xdNREaq.exe
  2⤵
  PID:4156
- C:\Windows\System\JtiUrpL.exe
  C:\Windows\System\JtiUrpL.exe
  2⤵
  PID:4176
- C:\Windows\System\CSVUnYV.exe
  C:\Windows\System\CSVUnYV.exe
  2⤵
  PID:4196
- C:\Windows\System\IMpMCza.exe
  C:\Windows\System\IMpMCza.exe
  2⤵
  PID:4216
- C:\Windows\System\DSbsZfM.exe
  C:\Windows\System\DSbsZfM.exe
  2⤵
  PID:4236
- C:\Windows\System\nWHOVWY.exe
  C:\Windows\System\nWHOVWY.exe
  2⤵
  PID:4256
- C:\Windows\System\JjIYsxL.exe
  C:\Windows\System\JjIYsxL.exe
  2⤵
  PID:4276
- C:\Windows\System\lPRKQJR.exe
  C:\Windows\System\lPRKQJR.exe
  2⤵
  PID:4296
- C:\Windows\System\hGQfFKx.exe
  C:\Windows\System\hGQfFKx.exe
  2⤵
  PID:4316
- C:\Windows\System\urwjpaV.exe
  C:\Windows\System\urwjpaV.exe
  2⤵
  PID:4336
- C:\Windows\System\uUDAcmK.exe
  C:\Windows\System\uUDAcmK.exe
  2⤵
  PID:4356
- C:\Windows\System\PGwfmvs.exe
  C:\Windows\System\PGwfmvs.exe
  2⤵
  PID:4376
- C:\Windows\System\mEkhGjt.exe
  C:\Windows\System\mEkhGjt.exe
  2⤵
  PID:4400
- C:\Windows\System\erVvhaC.exe
  C:\Windows\System\erVvhaC.exe
  2⤵
  PID:4420
- C:\Windows\System\CJHumBR.exe
  C:\Windows\System\CJHumBR.exe
  2⤵
  PID:4440
- C:\Windows\System\HzZHKKj.exe
  C:\Windows\System\HzZHKKj.exe
  2⤵
  PID:4460
- C:\Windows\System\FsPcZaf.exe
  C:\Windows\System\FsPcZaf.exe
  2⤵
  PID:4484
- C:\Windows\System\QtrmJYk.exe
  C:\Windows\System\QtrmJYk.exe
  2⤵
  PID:4504
- C:\Windows\System\LFfjoWl.exe
  C:\Windows\System\LFfjoWl.exe
  2⤵
  PID:4524
- C:\Windows\System\NZNToOT.exe
  C:\Windows\System\NZNToOT.exe
  2⤵
  PID:4544
- C:\Windows\System\EJQRnJb.exe
  C:\Windows\System\EJQRnJb.exe
  2⤵
  PID:4564
- C:\Windows\System\ATTSySn.exe
  C:\Windows\System\ATTSySn.exe
  2⤵
  PID:4584
- C:\Windows\System\dJDchmE.exe
  C:\Windows\System\dJDchmE.exe
  2⤵
  PID:4604
- C:\Windows\System\hUrlSin.exe
  C:\Windows\System\hUrlSin.exe
  2⤵
  PID:4624
- C:\Windows\System\BCqgFpX.exe
  C:\Windows\System\BCqgFpX.exe
  2⤵
  PID:4644
- C:\Windows\System\vMScigw.exe
  C:\Windows\System\vMScigw.exe
  2⤵
  PID:4664
- C:\Windows\System\hNgtrJG.exe
  C:\Windows\System\hNgtrJG.exe
  2⤵
  PID:4688
- C:\Windows\System\XdsBXbX.exe
  C:\Windows\System\XdsBXbX.exe
  2⤵
  PID:4708
- C:\Windows\System\oInBXoP.exe
  C:\Windows\System\oInBXoP.exe
  2⤵
  PID:4728
- C:\Windows\System\yHPAgwq.exe
  C:\Windows\System\yHPAgwq.exe
  2⤵
  PID:4748
- C:\Windows\System\WaDMokG.exe
  C:\Windows\System\WaDMokG.exe
  2⤵
  PID:4768
- C:\Windows\System\gnFHZlj.exe
  C:\Windows\System\gnFHZlj.exe
  2⤵
  PID:4788
- C:\Windows\System\XZGIbOn.exe
  C:\Windows\System\XZGIbOn.exe
  2⤵
  PID:4808
- C:\Windows\System\mKzGIrj.exe
  C:\Windows\System\mKzGIrj.exe
  2⤵
  PID:4828
- C:\Windows\System\VcaOkQc.exe
  C:\Windows\System\VcaOkQc.exe
  2⤵
  PID:4852
- C:\Windows\System\mKmiiNC.exe
  C:\Windows\System\mKmiiNC.exe
  2⤵
  PID:4872
- C:\Windows\System\NpvKvlR.exe
  C:\Windows\System\NpvKvlR.exe
  2⤵
  PID:4892
- C:\Windows\System\bStFpTy.exe
  C:\Windows\System\bStFpTy.exe
  2⤵
  PID:4912
- C:\Windows\System\dUXGHBH.exe
  C:\Windows\System\dUXGHBH.exe
  2⤵
  PID:4932
- C:\Windows\System\cFWsRAz.exe
  C:\Windows\System\cFWsRAz.exe
  2⤵
  PID:4952
- C:\Windows\System\KwCwSYG.exe
  C:\Windows\System\KwCwSYG.exe
  2⤵
  PID:4972
- C:\Windows\System\AuMdYkx.exe
  C:\Windows\System\AuMdYkx.exe
  2⤵
  PID:4996
- C:\Windows\System\ZXasCQZ.exe
  C:\Windows\System\ZXasCQZ.exe
  2⤵
  PID:5016
- C:\Windows\System\HWcIXrz.exe
  C:\Windows\System\HWcIXrz.exe
  2⤵
  PID:5036
- C:\Windows\System\mvfQfMq.exe
  C:\Windows\System\mvfQfMq.exe
  2⤵
  PID:5056
- C:\Windows\System\pmrJHyc.exe
  C:\Windows\System\pmrJHyc.exe
  2⤵
  PID:5076
- C:\Windows\System\YtiplQu.exe
  C:\Windows\System\YtiplQu.exe
  2⤵
  PID:5096
- C:\Windows\System\zmRnhDv.exe
  C:\Windows\System\zmRnhDv.exe
  2⤵
  PID:5116
- C:\Windows\System\PlJLdvg.exe
  C:\Windows\System\PlJLdvg.exe
  2⤵
  PID:3140
- C:\Windows\System\wWFFeGw.exe
  C:\Windows\System\wWFFeGw.exe
  2⤵
  PID:3256
- C:\Windows\System\mWfXbFG.exe
  C:\Windows\System\mWfXbFG.exe
  2⤵
  PID:3260
- C:\Windows\System\scXuyeH.exe
  C:\Windows\System\scXuyeH.exe
  2⤵
  PID:3588
- C:\Windows\System\BeGreqx.exe
  C:\Windows\System\BeGreqx.exe
  2⤵
  PID:3664
- C:\Windows\System\tWVjASB.exe
  C:\Windows\System\tWVjASB.exe
  2⤵
  PID:3872
- C:\Windows\System\VOzhGil.exe
  C:\Windows\System\VOzhGil.exe
  2⤵
  PID:4012
- C:\Windows\System\UhasZRA.exe
  C:\Windows\System\UhasZRA.exe
  2⤵
  PID:1088
- C:\Windows\System\eoMFDUP.exe
  C:\Windows\System\eoMFDUP.exe
  2⤵
  PID:4152
- C:\Windows\System\JRLGZoh.exe
  C:\Windows\System\JRLGZoh.exe
  2⤵
  PID:4148
- C:\Windows\System\oNwMmQb.exe
  C:\Windows\System\oNwMmQb.exe
  2⤵
  PID:4192
- C:\Windows\System\PHBXZKG.exe
  C:\Windows\System\PHBXZKG.exe
  2⤵
  PID:4212
- C:\Windows\System\yiiQLEn.exe
  C:\Windows\System\yiiQLEn.exe
  2⤵
  PID:4244
- C:\Windows\System\slsZivG.exe
  C:\Windows\System\slsZivG.exe
  2⤵
  PID:4268
- C:\Windows\System\igVRPnO.exe
  C:\Windows\System\igVRPnO.exe
  2⤵
  PID:4284
- C:\Windows\System\CwxnbZC.exe
  C:\Windows\System\CwxnbZC.exe
  2⤵
  PID:4128
- C:\Windows\System\QYgVZyX.exe
  C:\Windows\System\QYgVZyX.exe
  2⤵
  PID:4388
- C:\Windows\System\awwEuiM.exe
  C:\Windows\System\awwEuiM.exe
  2⤵
  PID:1196
- C:\Windows\System\QrvBgNW.exe
  C:\Windows\System\QrvBgNW.exe
  2⤵
  PID:4468
- C:\Windows\System\gVIIOpq.exe
  C:\Windows\System\gVIIOpq.exe
  2⤵
  PID:4452
- C:\Windows\System\eZzKrOg.exe
  C:\Windows\System\eZzKrOg.exe
  2⤵
  PID:4496
- C:\Windows\System\msIsWLJ.exe
  C:\Windows\System\msIsWLJ.exe
  2⤵
  PID:4560
- C:\Windows\System\arXJBhA.exe
  C:\Windows\System\arXJBhA.exe
  2⤵
  PID:4536
- C:\Windows\System\qlregVA.exe
  C:\Windows\System\qlregVA.exe
  2⤵
  PID:4600
- C:\Windows\System\QPlSGcv.exe
  C:\Windows\System\QPlSGcv.exe
  2⤵
  PID:4620
- C:\Windows\System\hqdDYbf.exe
  C:\Windows\System\hqdDYbf.exe
  2⤵
  PID:4680
- C:\Windows\System\nygppgx.exe
  C:\Windows\System\nygppgx.exe
  2⤵
  PID:4704
- C:\Windows\System\HlxPbgR.exe
  C:\Windows\System\HlxPbgR.exe
  2⤵
  PID:4756
- C:\Windows\System\zAvBkoP.exe
  C:\Windows\System\zAvBkoP.exe
  2⤵
  PID:4760
- C:\Windows\System\wvIuuqg.exe
  C:\Windows\System\wvIuuqg.exe
  2⤵
  PID:4780
- C:\Windows\System\SpjxTZO.exe
  C:\Windows\System\SpjxTZO.exe
  2⤵
  PID:4840
- C:\Windows\System\WNRqpJw.exe
  C:\Windows\System\WNRqpJw.exe
  2⤵
  PID:4824
- C:\Windows\System\ewEQtzQ.exe
  C:\Windows\System\ewEQtzQ.exe
  2⤵
  PID:4864
- C:\Windows\System\tpxzCSD.exe
  C:\Windows\System\tpxzCSD.exe
  2⤵
  PID:4924
- C:\Windows\System\jfcghwH.exe
  C:\Windows\System\jfcghwH.exe
  2⤵
  PID:4948
- C:\Windows\System\Bywuyta.exe
  C:\Windows\System\Bywuyta.exe
  2⤵
  PID:5008
- C:\Windows\System\ImBkVbz.exe
  C:\Windows\System\ImBkVbz.exe
  2⤵
  PID:5024
- C:\Windows\System\OcXXgTu.exe
  C:\Windows\System\OcXXgTu.exe
  2⤵
  PID:5092
- C:\Windows\System\WiryBXB.exe
  C:\Windows\System\WiryBXB.exe
  2⤵
  PID:5068
- C:\Windows\System\FKPNgjg.exe
  C:\Windows\System\FKPNgjg.exe
  2⤵
  PID:5112
- C:\Windows\System\mZxdbGe.exe
  C:\Windows\System\mZxdbGe.exe
  2⤵
  PID:3196
- C:\Windows\System\nCvCMBi.exe
  C:\Windows\System\nCvCMBi.exe
  2⤵
  PID:3500
- C:\Windows\System\DiCtbGS.exe
  C:\Windows\System\DiCtbGS.exe
  2⤵
  PID:3956
- C:\Windows\System\izQbwAx.exe
  C:\Windows\System\izQbwAx.exe
  2⤵
  PID:4056
- C:\Windows\System\TYHPNpF.exe
  C:\Windows\System\TYHPNpF.exe
  2⤵
  PID:4100
- C:\Windows\System\UnKmLkW.exe
  C:\Windows\System\UnKmLkW.exe
  2⤵
  PID:4132
- C:\Windows\System\yuDxYcP.exe
  C:\Windows\System\yuDxYcP.exe
  2⤵
  PID:4232
- C:\Windows\System\ogXtwYI.exe
  C:\Windows\System\ogXtwYI.exe
  2⤵
  PID:4308
- C:\Windows\System\qcSidrW.exe
  C:\Windows\System\qcSidrW.exe
  2⤵
  PID:4328
- C:\Windows\System\oqDeRSG.exe
  C:\Windows\System\oqDeRSG.exe
  2⤵
  PID:4352
- C:\Windows\System\GAPRJtW.exe
  C:\Windows\System\GAPRJtW.exe
  2⤵
  PID:4392
- C:\Windows\System\kysmZue.exe
  C:\Windows\System\kysmZue.exe
  2⤵
  PID:4456
- C:\Windows\System\YDDRWMC.exe
  C:\Windows\System\YDDRWMC.exe
  2⤵
  PID:4532
- C:\Windows\System\OEqJOtU.exe
  C:\Windows\System\OEqJOtU.exe
  2⤵
  PID:4612
- C:\Windows\System\Kxittui.exe
  C:\Windows\System\Kxittui.exe
  2⤵
  PID:4636
- C:\Windows\System\kKIdKYE.exe
  C:\Windows\System\kKIdKYE.exe
  2⤵
  PID:4652
- C:\Windows\System\zfeQSpP.exe
  C:\Windows\System\zfeQSpP.exe
  2⤵
  PID:4724
- C:\Windows\System\igIielw.exe
  C:\Windows\System\igIielw.exe
  2⤵
  PID:4800
- C:\Windows\System\PVoZAwv.exe
  C:\Windows\System\PVoZAwv.exe
  2⤵
  PID:4920
- C:\Windows\System\eRhysBR.exe
  C:\Windows\System\eRhysBR.exe
  2⤵
  PID:4888
- C:\Windows\System\NQHbHXX.exe
  C:\Windows\System\NQHbHXX.exe
  2⤵
  PID:4908
- C:\Windows\System\tQgAzMN.exe
  C:\Windows\System\tQgAzMN.exe
  2⤵
  PID:5012
- C:\Windows\System\RTJcdzn.exe
  C:\Windows\System\RTJcdzn.exe
  2⤵
  PID:5064
- C:\Windows\System\LYTBXgi.exe
  C:\Windows\System\LYTBXgi.exe
  2⤵
  PID:4984
- C:\Windows\System\IZGdWhy.exe
  C:\Windows\System\IZGdWhy.exe
  2⤵
  PID:5104
- C:\Windows\System\OnYGRuJ.exe
  C:\Windows\System\OnYGRuJ.exe
  2⤵
  PID:3712
- C:\Windows\System\WufxgbJ.exe
  C:\Windows\System\WufxgbJ.exe
  2⤵
  PID:3980
- C:\Windows\System\CHBBvAm.exe
  C:\Windows\System\CHBBvAm.exe
  2⤵
  PID:3060
- C:\Windows\System\dCCgbHN.exe
  C:\Windows\System\dCCgbHN.exe
  2⤵
  PID:4164
- C:\Windows\System\jSuiGkV.exe
  C:\Windows\System\jSuiGkV.exe
  2⤵
  PID:4248
- C:\Windows\System\zDUZnUI.exe
  C:\Windows\System\zDUZnUI.exe
  2⤵
  PID:4324
- C:\Windows\System\nGLwudB.exe
  C:\Windows\System\nGLwudB.exe
  2⤵
  PID:4540
- C:\Windows\System\BVSignS.exe
  C:\Windows\System\BVSignS.exe
  2⤵
  PID:4492
- C:\Windows\System\HKElrNc.exe
  C:\Windows\System\HKElrNc.exe
  2⤵
  PID:4632
- C:\Windows\System\vmIQcAp.exe
  C:\Windows\System\vmIQcAp.exe
  2⤵
  PID:4720
- C:\Windows\System\KSWLMPy.exe
  C:\Windows\System\KSWLMPy.exe
  2⤵
  PID:4804
- C:\Windows\System\XvTSvnQ.exe
  C:\Windows\System\XvTSvnQ.exe
  2⤵
  PID:4744
- C:\Windows\System\UrJTQuu.exe
  C:\Windows\System\UrJTQuu.exe
  2⤵
  PID:4964
- C:\Windows\System\oqcrqly.exe
  C:\Windows\System\oqcrqly.exe
  2⤵
  PID:4928
- C:\Windows\System\fiwsArt.exe
  C:\Windows\System\fiwsArt.exe
  2⤵
  PID:3340
- C:\Windows\System\wbByAfz.exe
  C:\Windows\System\wbByAfz.exe
  2⤵
  PID:3684
- C:\Windows\System\VdAzFXW.exe
  C:\Windows\System\VdAzFXW.exe
  2⤵
  PID:4124
- C:\Windows\System\MqkVEmJ.exe
  C:\Windows\System\MqkVEmJ.exe
  2⤵
  PID:4228
- C:\Windows\System\wzZYfxy.exe
  C:\Windows\System\wzZYfxy.exe
  2⤵
  PID:4288
- C:\Windows\System\IBveiAa.exe
  C:\Windows\System\IBveiAa.exe
  2⤵
  PID:5140
- C:\Windows\System\oybPMNY.exe
  C:\Windows\System\oybPMNY.exe
  2⤵
  PID:5160
- C:\Windows\System\PkvLoep.exe
  C:\Windows\System\PkvLoep.exe
  2⤵
  PID:5180
- C:\Windows\System\FAsclFt.exe
  C:\Windows\System\FAsclFt.exe
  2⤵
  PID:5200
- C:\Windows\System\jgnDWoU.exe
  C:\Windows\System\jgnDWoU.exe
  2⤵
  PID:5220
- C:\Windows\System\OEYafZb.exe
  C:\Windows\System\OEYafZb.exe
  2⤵
  PID:5240
- C:\Windows\System\xxjJdJy.exe
  C:\Windows\System\xxjJdJy.exe
  2⤵
  PID:5260
- C:\Windows\System\ulOnBal.exe
  C:\Windows\System\ulOnBal.exe
  2⤵
  PID:5280
- C:\Windows\System\PbIfawO.exe
  C:\Windows\System\PbIfawO.exe
  2⤵
  PID:5304
- C:\Windows\System\ZDfoBbo.exe
  C:\Windows\System\ZDfoBbo.exe
  2⤵
  PID:5324
- C:\Windows\System\BZYoyKT.exe
  C:\Windows\System\BZYoyKT.exe
  2⤵
  PID:5344
- C:\Windows\System\TkzLRom.exe
  C:\Windows\System\TkzLRom.exe
  2⤵
  PID:5360
- C:\Windows\System\LvmggKN.exe
  C:\Windows\System\LvmggKN.exe
  2⤵
  PID:5384
- C:\Windows\System\bYtafZn.exe
  C:\Windows\System\bYtafZn.exe
  2⤵
  PID:5404
- C:\Windows\System\uGgAzCH.exe
  C:\Windows\System\uGgAzCH.exe
  2⤵
  PID:5428
- C:\Windows\System\xnReeaQ.exe
  C:\Windows\System\xnReeaQ.exe
  2⤵
  PID:5444
- C:\Windows\System\HZlCeEs.exe
  C:\Windows\System\HZlCeEs.exe
  2⤵
  PID:5468
- C:\Windows\System\jdhwglf.exe
  C:\Windows\System\jdhwglf.exe
  2⤵
  PID:5488
- C:\Windows\System\sfxUkpB.exe
  C:\Windows\System\sfxUkpB.exe
  2⤵
  PID:5508
- C:\Windows\System\jePjVzm.exe
  C:\Windows\System\jePjVzm.exe
  2⤵
  PID:5528
- C:\Windows\System\EspWXsP.exe
  C:\Windows\System\EspWXsP.exe
  2⤵
  PID:5548
- C:\Windows\System\lyPuNVN.exe
  C:\Windows\System\lyPuNVN.exe
  2⤵
  PID:5568
- C:\Windows\System\jlrIgYH.exe
  C:\Windows\System\jlrIgYH.exe
  2⤵
  PID:5596
- C:\Windows\System\gmdBAxf.exe
  C:\Windows\System\gmdBAxf.exe
  2⤵
  PID:5616
- C:\Windows\System\NSaUXaA.exe
  C:\Windows\System\NSaUXaA.exe
  2⤵
  PID:5652
- C:\Windows\System\SnCElNB.exe
  C:\Windows\System\SnCElNB.exe
  2⤵
  PID:5672
- C:\Windows\System\ptQUxOm.exe
  C:\Windows\System\ptQUxOm.exe
  2⤵
  PID:5692
- C:\Windows\System\zynNQIy.exe
  C:\Windows\System\zynNQIy.exe
  2⤵
  PID:5712
- C:\Windows\System\GaAFFRw.exe
  C:\Windows\System\GaAFFRw.exe
  2⤵
  PID:5732
- C:\Windows\System\cIhEmIf.exe
  C:\Windows\System\cIhEmIf.exe
  2⤵
  PID:5752
- C:\Windows\System\ZRQOuJO.exe
  C:\Windows\System\ZRQOuJO.exe
  2⤵
  PID:5772
- C:\Windows\System\qMfrypN.exe
  C:\Windows\System\qMfrypN.exe
  2⤵
  PID:5796
- C:\Windows\System\hCyzsys.exe
  C:\Windows\System\hCyzsys.exe
  2⤵
  PID:5816
- C:\Windows\System\RmprWkK.exe
  C:\Windows\System\RmprWkK.exe
  2⤵
  PID:5832
- C:\Windows\System\KsThJwo.exe
  C:\Windows\System\KsThJwo.exe
  2⤵
  PID:5856
- C:\Windows\System\KYotPbN.exe
  C:\Windows\System\KYotPbN.exe
  2⤵
  PID:5876
- C:\Windows\System\MJCFlIY.exe
  C:\Windows\System\MJCFlIY.exe
  2⤵
  PID:5896
- C:\Windows\System\GMvGliE.exe
  C:\Windows\System\GMvGliE.exe
  2⤵
  PID:5916
- C:\Windows\System\OBldPXG.exe
  C:\Windows\System\OBldPXG.exe
  2⤵
  PID:5936
- C:\Windows\System\iQkocsb.exe
  C:\Windows\System\iQkocsb.exe
  2⤵
  PID:5952
- C:\Windows\System\CTWEnZY.exe
  C:\Windows\System\CTWEnZY.exe
  2⤵
  PID:5972
- C:\Windows\System\VBajhsJ.exe
  C:\Windows\System\VBajhsJ.exe
  2⤵
  PID:5996
- C:\Windows\System\TMBEHTb.exe
  C:\Windows\System\TMBEHTb.exe
  2⤵
  PID:6020
- C:\Windows\System\hMfCUJW.exe
  C:\Windows\System\hMfCUJW.exe
  2⤵
  PID:6040
- C:\Windows\System\dUIQaRo.exe
  C:\Windows\System\dUIQaRo.exe
  2⤵
  PID:6060
- C:\Windows\System\xbrYYew.exe
  C:\Windows\System\xbrYYew.exe
  2⤵
  PID:6080
- C:\Windows\System\HEauWUt.exe
  C:\Windows\System\HEauWUt.exe
  2⤵
  PID:6100
- C:\Windows\System\kqcNPLE.exe
  C:\Windows\System\kqcNPLE.exe
  2⤵
  PID:6120
- C:\Windows\System\ujKgVMO.exe
  C:\Windows\System\ujKgVMO.exe
  2⤵
  PID:6140
- C:\Windows\System\UnAlrmI.exe
  C:\Windows\System\UnAlrmI.exe
  2⤵
  PID:4512
- C:\Windows\System\RkKhbHO.exe
  C:\Windows\System\RkKhbHO.exe
  2⤵
  PID:4676
- C:\Windows\System\wlOcYCQ.exe
  C:\Windows\System\wlOcYCQ.exe
  2⤵
  PID:4836
- C:\Windows\System\RRokHAj.exe
  C:\Windows\System\RRokHAj.exe
  2⤵
  PID:2700
- C:\Windows\System\IJsbABP.exe
  C:\Windows\System\IJsbABP.exe
  2⤵
  PID:4968
- C:\Windows\System\gRbKnng.exe
  C:\Windows\System\gRbKnng.exe
  2⤵
  PID:3364
- C:\Windows\System\wkXIFqd.exe
  C:\Windows\System\wkXIFqd.exe
  2⤵
  PID:820
- C:\Windows\System\RZYGrxe.exe
  C:\Windows\System\RZYGrxe.exe
  2⤵
  PID:1636
- C:\Windows\System\gVEVVmI.exe
  C:\Windows\System\gVEVVmI.exe
  2⤵
  PID:2776
- C:\Windows\System\BQoibip.exe
  C:\Windows\System\BQoibip.exe
  2⤵
  PID:5152
- C:\Windows\System\rFaLKsG.exe
  C:\Windows\System\rFaLKsG.exe
  2⤵
  PID:5212
- C:\Windows\System\xJzfleH.exe
  C:\Windows\System\xJzfleH.exe
  2⤵
  PID:5192
- C:\Windows\System\iYdcYzV.exe
  C:\Windows\System\iYdcYzV.exe
  2⤵
  PID:5300
- C:\Windows\System\mmQDtGJ.exe
  C:\Windows\System\mmQDtGJ.exe
  2⤵
  PID:5276
- C:\Windows\System\BPOxzXM.exe
  C:\Windows\System\BPOxzXM.exe
  2⤵
  PID:4480
- C:\Windows\System\ZbNRxWs.exe
  C:\Windows\System\ZbNRxWs.exe
  2⤵
  PID:5372
- C:\Windows\System\vPuvwZT.exe
  C:\Windows\System\vPuvwZT.exe
  2⤵
  PID:5296
- C:\Windows\System\MbhtKNZ.exe
  C:\Windows\System\MbhtKNZ.exe
  2⤵
  PID:5392
- C:\Windows\System\XBspWcr.exe
  C:\Windows\System\XBspWcr.exe
  2⤵
  PID:5460
- C:\Windows\System\fUuIsBY.exe
  C:\Windows\System\fUuIsBY.exe
  2⤵
  PID:5476
- C:\Windows\System\ODPsWlQ.exe
  C:\Windows\System\ODPsWlQ.exe
  2⤵
  PID:5500
- C:\Windows\System\qdqwVSn.exe
  C:\Windows\System\qdqwVSn.exe
  2⤵
  PID:5544
- C:\Windows\System\JTFIZes.exe
  C:\Windows\System\JTFIZes.exe
  2⤵
  PID:5576
- C:\Windows\System\SThEQlO.exe
  C:\Windows\System\SThEQlO.exe
  2⤵
  PID:5636
- C:\Windows\System\DzYsWVU.exe
  C:\Windows\System\DzYsWVU.exe
  2⤵
  PID:5688
- C:\Windows\System\JBSQjdT.exe
  C:\Windows\System\JBSQjdT.exe
  2⤵
  PID:5700
- C:\Windows\System\icpboTk.exe
  C:\Windows\System\icpboTk.exe
  2⤵
  PID:5740
- C:\Windows\System\oPNFpeE.exe
  C:\Windows\System\oPNFpeE.exe
  2⤵
  PID:5744
- C:\Windows\System\AcxQQnY.exe
  C:\Windows\System\AcxQQnY.exe
  2⤵
  PID:5784
- C:\Windows\System\uCGqRXs.exe
  C:\Windows\System\uCGqRXs.exe
  2⤵
  PID:5828
- C:\Windows\System\KwPuBgV.exe
  C:\Windows\System\KwPuBgV.exe
  2⤵
  PID:5892
- C:\Windows\System\YFYXERm.exe
  C:\Windows\System\YFYXERm.exe
  2⤵
  PID:5932
- C:\Windows\System\VpTSWkM.exe
  C:\Windows\System\VpTSWkM.exe
  2⤵
  PID:5908
- C:\Windows\System\uEfOQOx.exe
  C:\Windows\System\uEfOQOx.exe
  2⤵
  PID:6016
- C:\Windows\System\bXOPfsG.exe
  C:\Windows\System\bXOPfsG.exe
  2⤵
  PID:6008
- C:\Windows\System\lejYdsE.exe
  C:\Windows\System\lejYdsE.exe
  2⤵
  PID:5992
- C:\Windows\System\ZnOyTdu.exe
  C:\Windows\System\ZnOyTdu.exe
  2⤵
  PID:6088
- C:\Windows\System\RhrhcpJ.exe
  C:\Windows\System\RhrhcpJ.exe
  2⤵
  PID:6076
- C:\Windows\System\bPjYGhI.exe
  C:\Windows\System\bPjYGhI.exe
  2⤵
  PID:6132
- C:\Windows\System\cdhINqp.exe
  C:\Windows\System\cdhINqp.exe
  2⤵
  PID:2832
- C:\Windows\System\wvvWgoL.exe
  C:\Windows\System\wvvWgoL.exe
  2⤵
  PID:4992
- C:\Windows\System\hlnPdxZ.exe
  C:\Windows\System\hlnPdxZ.exe
  2⤵
  PID:2884
- C:\Windows\System\bmbnvqt.exe
  C:\Windows\System\bmbnvqt.exe
  2⤵
  PID:2900
- C:\Windows\System\DcGoHBN.exe
  C:\Windows\System\DcGoHBN.exe
  2⤵
  PID:1528
- C:\Windows\System\eTbpDaw.exe
  C:\Windows\System\eTbpDaw.exe
  2⤵
  PID:5148
- C:\Windows\System\qoHGGpu.exe
  C:\Windows\System\qoHGGpu.exe
  2⤵
  PID:5252
- C:\Windows\System\oPbIVGn.exe
  C:\Windows\System\oPbIVGn.exe
  2⤵
  PID:2340
- C:\Windows\System\ArcETIf.exe
  C:\Windows\System\ArcETIf.exe
  2⤵
  PID:5452
- C:\Windows\System\DHNRfpq.exe
  C:\Windows\System\DHNRfpq.exe
  2⤵
  PID:5484
- C:\Windows\System\zodWXsq.exe
  C:\Windows\System\zodWXsq.exe
  2⤵
  PID:5604
- C:\Windows\System\PoAHfGP.exe
  C:\Windows\System\PoAHfGP.exe
  2⤵
  PID:5680
- C:\Windows\System\WcwqOAj.exe
  C:\Windows\System\WcwqOAj.exe
  2⤵
  PID:5724
- C:\Windows\System\dGSdsvK.exe
  C:\Windows\System\dGSdsvK.exe
  2⤵
  PID:5764
- C:\Windows\System\cuRqpmu.exe
  C:\Windows\System\cuRqpmu.exe
  2⤵
  PID:5824
- C:\Windows\System\FTDYRBk.exe
  C:\Windows\System\FTDYRBk.exe
  2⤵
  PID:5924
- C:\Windows\System\WgQQnDv.exe
  C:\Windows\System\WgQQnDv.exe
  2⤵
  PID:5968
- C:\Windows\System\RPtDNeo.exe
  C:\Windows\System\RPtDNeo.exe
  2⤵
  PID:1308
- C:\Windows\System\wKdUrYm.exe
  C:\Windows\System\wKdUrYm.exe
  2⤵
  PID:6056
- C:\Windows\System\VBmxuGw.exe
  C:\Windows\System\VBmxuGw.exe
  2⤵
  PID:6032
- C:\Windows\System\qbkYEaA.exe
  C:\Windows\System\qbkYEaA.exe
  2⤵
  PID:6128
- C:\Windows\System\HTYeXuw.exe
  C:\Windows\System\HTYeXuw.exe
  2⤵
  PID:2860
- C:\Windows\System\zsIlolj.exe
  C:\Windows\System\zsIlolj.exe
  2⤵
  PID:1540
- C:\Windows\System\eUQiYks.exe
  C:\Windows\System\eUQiYks.exe
  2⤵
  PID:4776
- C:\Windows\System\CmdGHRR.exe
  C:\Windows\System\CmdGHRR.exe
  2⤵
  PID:5156
- C:\Windows\System\ezHmmTe.exe
  C:\Windows\System\ezHmmTe.exe
  2⤵
  PID:4580
- C:\Windows\System\fkxmVxn.exe
  C:\Windows\System\fkxmVxn.exe
  2⤵
  PID:5048
- C:\Windows\System\fJURilA.exe
  C:\Windows\System\fJURilA.exe
  2⤵
  PID:5368
- C:\Windows\System\MWASArf.exe
  C:\Windows\System\MWASArf.exe
  2⤵
  PID:5332
- C:\Windows\System\wpjjWsE.exe
  C:\Windows\System\wpjjWsE.exe
  2⤵
  PID:2264
- C:\Windows\System\jWhjJFw.exe
  C:\Windows\System\jWhjJFw.exe
  2⤵
  PID:5584
- C:\Windows\System\rtWOQuA.exe
  C:\Windows\System\rtWOQuA.exe
  2⤵
  PID:5788
- C:\Windows\System\WaUFQnF.exe
  C:\Windows\System\WaUFQnF.exe
  2⤵
  PID:5884
- C:\Windows\System\wyPQDMa.exe
  C:\Windows\System\wyPQDMa.exe
  2⤵
  PID:5980
- C:\Windows\System\HVRRxEb.exe
  C:\Windows\System\HVRRxEb.exe
  2⤵
  PID:6112
- C:\Windows\System\YGIpnAo.exe
  C:\Windows\System\YGIpnAo.exe
  2⤵
  PID:4476
- C:\Windows\System\JnGpADp.exe
  C:\Windows\System\JnGpADp.exe
  2⤵
  PID:5964
- C:\Windows\System\VYYRTrx.exe
  C:\Windows\System\VYYRTrx.exe
  2⤵
  PID:6092
- C:\Windows\System\aQfZuyl.exe
  C:\Windows\System\aQfZuyl.exe
  2⤵
  PID:2440
- C:\Windows\System\ZUNzmeu.exe
  C:\Windows\System\ZUNzmeu.exe
  2⤵
  PID:2136
- C:\Windows\System\zfDnIbc.exe
  C:\Windows\System\zfDnIbc.exe
  2⤵
  PID:2132
- C:\Windows\System\uAiHfTl.exe
  C:\Windows\System\uAiHfTl.exe
  2⤵
  PID:2652
- C:\Windows\System\pfLQxBD.exe
  C:\Windows\System\pfLQxBD.exe
  2⤵
  PID:5804
- C:\Windows\System\nsXFbfK.exe
  C:\Windows\System\nsXFbfK.exe
  2⤵
  PID:5208
- C:\Windows\System\mcbpbMH.exe
  C:\Windows\System\mcbpbMH.exe
  2⤵
  PID:2644
- C:\Windows\System\gLwYJCC.exe
  C:\Windows\System\gLwYJCC.exe
  2⤵
  PID:5948
- C:\Windows\System\BIIJSva.exe
  C:\Windows\System\BIIJSva.exe
  2⤵
  PID:2880
- C:\Windows\System\hutKIQa.exe
  C:\Windows\System\hutKIQa.exe
  2⤵
  PID:6004
- C:\Windows\System\CUQfiIL.exe
  C:\Windows\System\CUQfiIL.exe
  2⤵
  PID:4860
- C:\Windows\System\WuqkRta.exe
  C:\Windows\System\WuqkRta.exe
  2⤵
  PID:2204
- C:\Windows\System\BEeszJu.exe
  C:\Windows\System\BEeszJu.exe
  2⤵
  PID:5228
- C:\Windows\System\XeWuMSY.exe
  C:\Windows\System\XeWuMSY.exe
  2⤵
  PID:1328
- C:\Windows\System\OVdzoQO.exe
  C:\Windows\System\OVdzoQO.exe
  2⤵
  PID:1796
- C:\Windows\System\KFYBBpT.exe
  C:\Windows\System\KFYBBpT.exe
  2⤵
  PID:2572
- C:\Windows\System\tQIPXIK.exe
  C:\Windows\System\tQIPXIK.exe
  2⤵
  PID:5624
- C:\Windows\System\GUdLBHC.exe
  C:\Windows\System\GUdLBHC.exe
  2⤵
  PID:2396
- C:\Windows\System\GbDfOFx.exe
  C:\Windows\System\GbDfOFx.exe
  2⤵
  PID:1988
- C:\Windows\System\TFrcGmM.exe
  C:\Windows\System\TFrcGmM.exe
  2⤵
  PID:5640
- C:\Windows\System\wwHVLMX.exe
  C:\Windows\System\wwHVLMX.exe
  2⤵
  PID:1312
- C:\Windows\System\BOkWZzm.exe
  C:\Windows\System\BOkWZzm.exe
  2⤵
  PID:2400
- C:\Windows\System\aoZvFFY.exe
  C:\Windows\System\aoZvFFY.exe
  2⤵
  PID:3012
- C:\Windows\System\XOFzxor.exe
  C:\Windows\System\XOFzxor.exe
  2⤵
  PID:1644
- C:\Windows\System\KarZBlP.exe
  C:\Windows\System\KarZBlP.exe
  2⤵
  PID:1544
- C:\Windows\System\ZljkWes.exe
  C:\Windows\System\ZljkWes.exe
  2⤵
  PID:5320
- C:\Windows\System\GyqqTJu.exe
  C:\Windows\System\GyqqTJu.exe
  2⤵
  PID:5268
- C:\Windows\System\yGFOKxJ.exe
  C:\Windows\System\yGFOKxJ.exe
  2⤵
  PID:2972
- C:\Windows\System\ZwzynCm.exe
  C:\Windows\System\ZwzynCm.exe
  2⤵
  PID:5436
- C:\Windows\System\ictRrxp.exe
  C:\Windows\System\ictRrxp.exe
  2⤵
  PID:1964
- C:\Windows\System\feuAIWh.exe
  C:\Windows\System\feuAIWh.exe
  2⤵
  PID:6048
- C:\Windows\System\asngckH.exe
  C:\Windows\System\asngckH.exe
  2⤵
  PID:5644
- C:\Windows\System\hVCYfxX.exe
  C:\Windows\System\hVCYfxX.exe
  2⤵
  PID:5412
- C:\Windows\System\PtECmQt.exe
  C:\Windows\System\PtECmQt.exe
  2⤵
  PID:2152
- C:\Windows\System\FtlfClr.exe
  C:\Windows\System\FtlfClr.exe
  2⤵
  PID:2244
- C:\Windows\System\SoKrDUi.exe
  C:\Windows\System\SoKrDUi.exe
  2⤵
  PID:2868
- C:\Windows\System\hTYbLVe.exe
  C:\Windows\System\hTYbLVe.exe
  2⤵
  PID:5416
- C:\Windows\System\eeToctT.exe
  C:\Windows\System\eeToctT.exe
  2⤵
  PID:5520
- C:\Windows\System\fqTElyC.exe
  C:\Windows\System\fqTElyC.exe
  2⤵
  PID:3008
- C:\Windows\System\aSXTHTJ.exe
  C:\Windows\System\aSXTHTJ.exe
  2⤵
  PID:2944
- C:\Windows\System\khpbcYP.exe
  C:\Windows\System\khpbcYP.exe
  2⤵
  PID:2248
- C:\Windows\System\VNEMtow.exe
  C:\Windows\System\VNEMtow.exe
  2⤵
  PID:5168
- C:\Windows\System\PjpLUhP.exe
  C:\Windows\System\PjpLUhP.exe
  2⤵
  PID:5440
- C:\Windows\System\lcZrnlS.exe
  C:\Windows\System\lcZrnlS.exe
  2⤵
  PID:5888
- C:\Windows\System\unfdKch.exe
  C:\Windows\System\unfdKch.exe
  2⤵
  PID:5560
- C:\Windows\System\XchLTDy.exe
  C:\Windows\System\XchLTDy.exe
  2⤵
  PID:1472
- C:\Windows\System\TqlMABg.exe
  C:\Windows\System\TqlMABg.exe
  2⤵
  PID:6152
- C:\Windows\System\iGtebSV.exe
  C:\Windows\System\iGtebSV.exe
  2⤵
  PID:6168
- C:\Windows\System\pJmASuS.exe
  C:\Windows\System\pJmASuS.exe
  2⤵
  PID:6184
- C:\Windows\System\JKubUiJ.exe
  C:\Windows\System\JKubUiJ.exe
  2⤵
  PID:6200
- C:\Windows\System\UzrvVtl.exe
  C:\Windows\System\UzrvVtl.exe
  2⤵
  PID:6216
- C:\Windows\System\ErDKDRc.exe
  C:\Windows\System\ErDKDRc.exe
  2⤵
  PID:6236
- C:\Windows\System\dUBUcbr.exe
  C:\Windows\System\dUBUcbr.exe
  2⤵
  PID:6268
- C:\Windows\System\UjyuwBx.exe
  C:\Windows\System\UjyuwBx.exe
  2⤵
  PID:6284
- C:\Windows\System\EhmSIzn.exe
  C:\Windows\System\EhmSIzn.exe
  2⤵
  PID:6316
- C:\Windows\System\JPdecDi.exe
  C:\Windows\System\JPdecDi.exe
  2⤵
  PID:6336
- C:\Windows\System\dxGyUgy.exe
  C:\Windows\System\dxGyUgy.exe
  2⤵
  PID:6352
- C:\Windows\System\euucxQN.exe
  C:\Windows\System\euucxQN.exe
  2⤵
  PID:6376
- C:\Windows\System\djfKcBl.exe
  C:\Windows\System\djfKcBl.exe
  2⤵
  PID:6396
- C:\Windows\System\sXsEULr.exe
  C:\Windows\System\sXsEULr.exe
  2⤵
  PID:6416
- C:\Windows\System\diDVios.exe
  C:\Windows\System\diDVios.exe
  2⤵
  PID:6436
- C:\Windows\System\wwIiRoK.exe
  C:\Windows\System\wwIiRoK.exe
  2⤵
  PID:6456
- C:\Windows\System\JBqDqFL.exe
  C:\Windows\System\JBqDqFL.exe
  2⤵
  PID:6476
- C:\Windows\System\uFinfiW.exe
  C:\Windows\System\uFinfiW.exe
  2⤵
  PID:6492
- C:\Windows\System\EjtkPSz.exe
  C:\Windows\System\EjtkPSz.exe
  2⤵
  PID:6508
- C:\Windows\System\yjYyOrD.exe
  C:\Windows\System\yjYyOrD.exe
  2⤵
  PID:6528
- C:\Windows\System\vUrgzlN.exe
  C:\Windows\System\vUrgzlN.exe
  2⤵
  PID:6548
- C:\Windows\System\pJYkEbn.exe
  C:\Windows\System\pJYkEbn.exe
  2⤵
  PID:6564
- C:\Windows\System\eurUmoN.exe
  C:\Windows\System\eurUmoN.exe
  2⤵
  PID:6584
- C:\Windows\System\sFGDkhW.exe
  C:\Windows\System\sFGDkhW.exe
  2⤵
  PID:6612
- C:\Windows\System\iYgTtJp.exe
  C:\Windows\System\iYgTtJp.exe
  2⤵
  PID:6628
- C:\Windows\System\bdpvQax.exe
  C:\Windows\System\bdpvQax.exe
  2⤵
  PID:6644
- C:\Windows\System\hQAVTXK.exe
  C:\Windows\System\hQAVTXK.exe
  2⤵
  PID:6664
- C:\Windows\System\dIegxQU.exe
  C:\Windows\System\dIegxQU.exe
  2⤵
  PID:6684
- C:\Windows\System\gHnpIEd.exe
  C:\Windows\System\gHnpIEd.exe
  2⤵
  PID:6704
- C:\Windows\System\EZwNmbw.exe
  C:\Windows\System\EZwNmbw.exe
  2⤵
  PID:6724
- C:\Windows\System\lGWlgQg.exe
  C:\Windows\System\lGWlgQg.exe
  2⤵
  PID:6740
- C:\Windows\System\WquLUIh.exe
  C:\Windows\System\WquLUIh.exe
  2⤵
  PID:6756
- C:\Windows\System\HcDiggw.exe
  C:\Windows\System\HcDiggw.exe
  2⤵
  PID:6772
- C:\Windows\System\XEKQrCe.exe
  C:\Windows\System\XEKQrCe.exe
  2⤵
  PID:6812
- C:\Windows\System\aAFPZcx.exe
  C:\Windows\System\aAFPZcx.exe
  2⤵
  PID:6828
- C:\Windows\System\PcBpkJh.exe
  C:\Windows\System\PcBpkJh.exe
  2⤵
  PID:6856
- C:\Windows\System\XbMJIpR.exe
  C:\Windows\System\XbMJIpR.exe
  2⤵
  PID:6880
- C:\Windows\System\RVcEgEj.exe
  C:\Windows\System\RVcEgEj.exe
  2⤵
  PID:6896
- C:\Windows\System\iwUVsPR.exe
  C:\Windows\System\iwUVsPR.exe
  2⤵
  PID:6916
- C:\Windows\System\tDCIXPn.exe
  C:\Windows\System\tDCIXPn.exe
  2⤵
  PID:6932
- C:\Windows\System\siNmAMf.exe
  C:\Windows\System\siNmAMf.exe
  2⤵
  PID:6956
- C:\Windows\System\MHzckjB.exe
  C:\Windows\System\MHzckjB.exe
  2⤵
  PID:6976
- C:\Windows\System\kOuoWtI.exe
  C:\Windows\System\kOuoWtI.exe
  2⤵
  PID:6992
- C:\Windows\System\UWXxxZH.exe
  C:\Windows\System\UWXxxZH.exe
  2⤵
  PID:7008
- C:\Windows\System\qZTGeZF.exe
  C:\Windows\System\qZTGeZF.exe
  2⤵
  PID:7024
- C:\Windows\System\IVYamfe.exe
  C:\Windows\System\IVYamfe.exe
  2⤵
  PID:7040
- C:\Windows\System\pOzmnhP.exe
  C:\Windows\System\pOzmnhP.exe
  2⤵
  PID:7060
- C:\Windows\System\STPZLTv.exe
  C:\Windows\System\STPZLTv.exe
  2⤵
  PID:7080
- C:\Windows\System\HTCtqdE.exe
  C:\Windows\System\HTCtqdE.exe
  2⤵
  PID:7104
- C:\Windows\System\YPfOaJz.exe
  C:\Windows\System\YPfOaJz.exe
  2⤵
  PID:7120
- C:\Windows\System\TjUJEcm.exe
  C:\Windows\System\TjUJEcm.exe
  2⤵
  PID:7136
- C:\Windows\System\djqhFPF.exe
  C:\Windows\System\djqhFPF.exe
  2⤵
  PID:7152
- C:\Windows\System\BBpVuid.exe
  C:\Windows\System\BBpVuid.exe
  2⤵
  PID:2392
- C:\Windows\System\JIATpwI.exe
  C:\Windows\System\JIATpwI.exe
  2⤵
  PID:2260
- C:\Windows\System\WqkxyYZ.exe
  C:\Windows\System\WqkxyYZ.exe
  2⤵
  PID:6164
- C:\Windows\System\GZFvNfM.exe
  C:\Windows\System\GZFvNfM.exe
  2⤵
  PID:6192
- C:\Windows\System\xHrDeWY.exe
  C:\Windows\System\xHrDeWY.exe
  2⤵
  PID:6256
- C:\Windows\System\kHszKrc.exe
  C:\Windows\System\kHszKrc.exe
  2⤵
  PID:6264
- C:\Windows\System\WmjaDCl.exe
  C:\Windows\System\WmjaDCl.exe
  2⤵
  PID:6304
- C:\Windows\System\tvpsjMb.exe
  C:\Windows\System\tvpsjMb.exe
  2⤵
  PID:6344
- C:\Windows\System\yTedQSA.exe
  C:\Windows\System\yTedQSA.exe
  2⤵
  PID:6368
- C:\Windows\System\NBbsvts.exe
  C:\Windows\System\NBbsvts.exe
  2⤵
  PID:6428
- C:\Windows\System\EXeySNq.exe
  C:\Windows\System\EXeySNq.exe
  2⤵
  PID:6472
- C:\Windows\System\YNGvNOq.exe
  C:\Windows\System\YNGvNOq.exe
  2⤵
  PID:6516
- C:\Windows\System\NwfVelP.exe
  C:\Windows\System\NwfVelP.exe
  2⤵
  PID:6524
- C:\Windows\System\YqEdWhD.exe
  C:\Windows\System\YqEdWhD.exe
  2⤵
  PID:6576
- C:\Windows\System\xviIomN.exe
  C:\Windows\System\xviIomN.exe
  2⤵
  PID:6608
- C:\Windows\System\DswlqSk.exe
  C:\Windows\System\DswlqSk.exe
  2⤵
  PID:6696
- C:\Windows\System\omkKzBd.exe
  C:\Windows\System\omkKzBd.exe
  2⤵
  PID:6764
- C:\Windows\System\KKFsDAE.exe
  C:\Windows\System\KKFsDAE.exe
  2⤵
  PID:6784
- C:\Windows\System\AsfuDwy.exe
  C:\Windows\System\AsfuDwy.exe
  2⤵
  PID:6796
- C:\Windows\System\snTROcH.exe
  C:\Windows\System\snTROcH.exe
  2⤵
  PID:6848
- C:\Windows\System\XxEVxpy.exe
  C:\Windows\System\XxEVxpy.exe
  2⤵
  PID:6868
- C:\Windows\System\MeOMDyx.exe
  C:\Windows\System\MeOMDyx.exe
  2⤵
  PID:6904
- C:\Windows\System\oxSsPiF.exe
  C:\Windows\System\oxSsPiF.exe
  2⤵
  PID:6944
- C:\Windows\System\JbHnFIy.exe
  C:\Windows\System\JbHnFIy.exe
  2⤵
  PID:6892
- C:\Windows\System\anVqkWq.exe
  C:\Windows\System\anVqkWq.exe
  2⤵
  PID:6968
- C:\Windows\System\tLGEXII.exe
  C:\Windows\System\tLGEXII.exe
  2⤵
  PID:7016
- C:\Windows\System\nurqxVI.exe
  C:\Windows\System\nurqxVI.exe
  2⤵
  PID:7032
- C:\Windows\System\qIjRXcy.exe
  C:\Windows\System\qIjRXcy.exe
  2⤵
  PID:7076
- C:\Windows\System\iSbaJpA.exe
  C:\Windows\System\iSbaJpA.exe
  2⤵
  PID:7132
- C:\Windows\System\BxrFWtV.exe
  C:\Windows\System\BxrFWtV.exe
  2⤵
  PID:7144
- C:\Windows\System\FcengZm.exe
  C:\Windows\System\FcengZm.exe
  2⤵
  PID:6180
- C:\Windows\System\ujxZMVj.exe
  C:\Windows\System\ujxZMVj.exe
  2⤵
  PID:1876
- C:\Windows\System\OPPHmBT.exe
  C:\Windows\System\OPPHmBT.exe
  2⤵
  PID:6208
- C:\Windows\System\kpGCSEn.exe
  C:\Windows\System\kpGCSEn.exe
  2⤵
  PID:6276
- C:\Windows\System\bIkECjq.exe
  C:\Windows\System\bIkECjq.exe
  2⤵
  PID:6312
- C:\Windows\System\kfzoNHA.exe
  C:\Windows\System\kfzoNHA.exe
  2⤵
  PID:6404
- C:\Windows\System\ljXqdLz.exe
  C:\Windows\System\ljXqdLz.exe
  2⤵
  PID:6388
- C:\Windows\System\hVlwLuW.exe
  C:\Windows\System\hVlwLuW.exe
  2⤵
  PID:6408
- C:\Windows\System\YZYXkHf.exe
  C:\Windows\System\YZYXkHf.exe
  2⤵
  PID:6676
- C:\Windows\System\VOkDEFg.exe
  C:\Windows\System\VOkDEFg.exe
  2⤵
  PID:6716
- C:\Windows\System\lMxWDzp.exe
  C:\Windows\System\lMxWDzp.exe
  2⤵
  PID:6780
- C:\Windows\System\mjtqpfh.exe
  C:\Windows\System\mjtqpfh.exe
  2⤵
  PID:6844
- C:\Windows\System\NdETITx.exe
  C:\Windows\System\NdETITx.exe
  2⤵
  PID:6984
- C:\Windows\System\YndPAas.exe
  C:\Windows\System\YndPAas.exe
  2⤵
  PID:6928
- C:\Windows\System\MaRFAlQ.exe
  C:\Windows\System\MaRFAlQ.exe
  2⤵
  PID:6988
- C:\Windows\System\WdbiQzL.exe
  C:\Windows\System\WdbiQzL.exe
  2⤵
  PID:7100
- C:\Windows\System\BeZljYS.exe
  C:\Windows\System\BeZljYS.exe
  2⤵
  PID:7072
- C:\Windows\System\LLzDpMQ.exe
  C:\Windows\System\LLzDpMQ.exe
  2⤵
  PID:6224
- C:\Windows\System\qYZqzBS.exe
  C:\Windows\System\qYZqzBS.exe
  2⤵
  PID:6536
- C:\Windows\System\rMWPolh.exe
  C:\Windows\System\rMWPolh.exe
  2⤵
  PID:6392
- C:\Windows\System\NYmWHdC.exe
  C:\Windows\System\NYmWHdC.exe
  2⤵
  PID:6500
- C:\Windows\System\IuWdhOm.exe
  C:\Windows\System\IuWdhOm.exe
  2⤵
  PID:6620
- C:\Windows\System\ODmyYZe.exe
  C:\Windows\System\ODmyYZe.exe
  2⤵
  PID:6660
- C:\Windows\System\qBEDmel.exe
  C:\Windows\System\qBEDmel.exe
  2⤵
  PID:6700
- C:\Windows\System\hqTJDdZ.exe
  C:\Windows\System\hqTJDdZ.exe
  2⤵
  PID:6752
- C:\Windows\System\nDsyZxy.exe
  C:\Windows\System\nDsyZxy.exe
  2⤵
  PID:6808
- C:\Windows\System\ABWaUwd.exe
  C:\Windows\System\ABWaUwd.exe
  2⤵
  PID:6952
- C:\Windows\System\GzMeLzB.exe
  C:\Windows\System\GzMeLzB.exe
  2⤵
  PID:7088
- C:\Windows\System\RQtvhlz.exe
  C:\Windows\System\RQtvhlz.exe
  2⤵
  PID:7116
- C:\Windows\System\lQwnzRp.exe
  C:\Windows\System\lQwnzRp.exe
  2⤵
  PID:6324
- C:\Windows\System\cQYGPuK.exe
  C:\Windows\System\cQYGPuK.exe
  2⤵
  PID:6424
- C:\Windows\System\Jvujvmw.exe
  C:\Windows\System\Jvujvmw.exe
  2⤵
  PID:6572
- C:\Windows\System\GrBtCzh.exe
  C:\Windows\System\GrBtCzh.exe
  2⤵
  PID:6412
- C:\Windows\System\QkmsrBo.exe
  C:\Windows\System\QkmsrBo.exe
  2⤵
  PID:6504
- C:\Windows\System\GLdxhbs.exe
  C:\Windows\System\GLdxhbs.exe
  2⤵
  PID:6864
- C:\Windows\System\QEPCxqq.exe
  C:\Windows\System\QEPCxqq.exe
  2⤵
  PID:6260
- C:\Windows\System\TodMyBA.exe
  C:\Windows\System\TodMyBA.exe
  2⤵
  PID:4208
- C:\Windows\System\NmWBTVm.exe
  C:\Windows\System\NmWBTVm.exe
  2⤵
  PID:6672
- C:\Windows\System\vgkOdnB.exe
  C:\Windows\System\vgkOdnB.exe
  2⤵
  PID:6736
- C:\Windows\System\xdXSiKB.exe
  C:\Windows\System\xdXSiKB.exe
  2⤵
  PID:6592
- C:\Windows\System\yQxQGsJ.exe
  C:\Windows\System\yQxQGsJ.exe
  2⤵
  PID:6248
- C:\Windows\System\plURDuF.exe
  C:\Windows\System\plURDuF.exe
  2⤵
  PID:6488
- C:\Windows\System\EcJVhDW.exe
  C:\Windows\System\EcJVhDW.exe
  2⤵
  PID:6720
- C:\Windows\System\qBRaNEQ.exe
  C:\Windows\System\qBRaNEQ.exe
  2⤵
  PID:6360
- C:\Windows\System\yTDAhLH.exe
  C:\Windows\System\yTDAhLH.exe
  2⤵
  PID:7036
- C:\Windows\System\CPfGTSz.exe
  C:\Windows\System\CPfGTSz.exe
  2⤵
  PID:2728
- C:\Windows\System\WCKqSEa.exe
  C:\Windows\System\WCKqSEa.exe
  2⤵
  PID:6804
- C:\Windows\System\kbbSiAe.exe
  C:\Windows\System\kbbSiAe.exe
  2⤵
  PID:7184
- C:\Windows\System\LnuYSii.exe
  C:\Windows\System\LnuYSii.exe
  2⤵
  PID:7208
- C:\Windows\System\eVsIaou.exe
  C:\Windows\System\eVsIaou.exe
  2⤵
  PID:7224
- C:\Windows\System\GKcUWBn.exe
  C:\Windows\System\GKcUWBn.exe
  2⤵
  PID:7240
- C:\Windows\System\UVfukSs.exe
  C:\Windows\System\UVfukSs.exe
  2⤵
  PID:7260
- C:\Windows\System\OvxljuI.exe
  C:\Windows\System\OvxljuI.exe
  2⤵
  PID:7284
- C:\Windows\System\NYjzIXG.exe
  C:\Windows\System\NYjzIXG.exe
  2⤵
  PID:7300
- C:\Windows\System\zwPJJpb.exe
  C:\Windows\System\zwPJJpb.exe
  2⤵
  PID:7320
- C:\Windows\System\qvvUZtZ.exe
  C:\Windows\System\qvvUZtZ.exe
  2⤵
  PID:7340
- C:\Windows\System\eLlMCvg.exe
  C:\Windows\System\eLlMCvg.exe
  2⤵
  PID:7368
- C:\Windows\System\IkdSSFq.exe
  C:\Windows\System\IkdSSFq.exe
  2⤵
  PID:7384
- C:\Windows\System\hEiZBmg.exe
  C:\Windows\System\hEiZBmg.exe
  2⤵
  PID:7408
- C:\Windows\System\FoIBYfz.exe
  C:\Windows\System\FoIBYfz.exe
  2⤵
  PID:7424
- C:\Windows\System\pKTDPQU.exe
  C:\Windows\System\pKTDPQU.exe
  2⤵
  PID:7448
- C:\Windows\System\aqubdEP.exe
  C:\Windows\System\aqubdEP.exe
  2⤵
  PID:7468
- C:\Windows\System\yPZWvjU.exe
  C:\Windows\System\yPZWvjU.exe
  2⤵
  PID:7488
- C:\Windows\System\HKsZWsA.exe
  C:\Windows\System\HKsZWsA.exe
  2⤵
  PID:7508
- C:\Windows\System\rfrAFAK.exe
  C:\Windows\System\rfrAFAK.exe
  2⤵
  PID:7524
- C:\Windows\System\XuHUgVe.exe
  C:\Windows\System\XuHUgVe.exe
  2⤵
  PID:7544
- C:\Windows\System\WMqAqSe.exe
  C:\Windows\System\WMqAqSe.exe
  2⤵
  PID:7560
- C:\Windows\System\PxScvam.exe
  C:\Windows\System\PxScvam.exe
  2⤵
  PID:7580
- C:\Windows\System\JWeNohC.exe
  C:\Windows\System\JWeNohC.exe
  2⤵
  PID:7600
- C:\Windows\System\amMvepu.exe
  C:\Windows\System\amMvepu.exe
  2⤵
  PID:7620
- C:\Windows\System\ZSqOsDn.exe
  C:\Windows\System\ZSqOsDn.exe
  2⤵
  PID:7644
- C:\Windows\System\FXlUOxn.exe
  C:\Windows\System\FXlUOxn.exe
  2⤵
  PID:7672
- C:\Windows\System\KAPZxex.exe
  C:\Windows\System\KAPZxex.exe
  2⤵
  PID:7696
- C:\Windows\System\JngLRDo.exe
  C:\Windows\System\JngLRDo.exe
  2⤵
  PID:7712
- C:\Windows\System\crOlpVB.exe
  C:\Windows\System\crOlpVB.exe
  2⤵
  PID:7732
- C:\Windows\System\dBiIHMB.exe
  C:\Windows\System\dBiIHMB.exe
  2⤵
  PID:7752
- C:\Windows\System\NbnhqZR.exe
  C:\Windows\System\NbnhqZR.exe
  2⤵
  PID:7776
- C:\Windows\System\nLAyonD.exe
  C:\Windows\System\nLAyonD.exe
  2⤵
  PID:7792
- C:\Windows\System\efFJxAU.exe
  C:\Windows\System\efFJxAU.exe
  2⤵
  PID:7816
- C:\Windows\System\TYjXSnJ.exe
  C:\Windows\System\TYjXSnJ.exe
  2⤵
  PID:7832
- C:\Windows\System\mphNFIb.exe
  C:\Windows\System\mphNFIb.exe
  2⤵
  PID:7856
- C:\Windows\System\ImpeEgS.exe
  C:\Windows\System\ImpeEgS.exe
  2⤵
  PID:7872
- C:\Windows\System\kvMplod.exe
  C:\Windows\System\kvMplod.exe
  2⤵
  PID:7892
- C:\Windows\System\tLhgffO.exe
  C:\Windows\System\tLhgffO.exe
  2⤵
  PID:7916
- C:\Windows\System\XPZnRHq.exe
  C:\Windows\System\XPZnRHq.exe
  2⤵
  PID:7932
- C:\Windows\System\kiJYIka.exe
  C:\Windows\System\kiJYIka.exe
  2⤵
  PID:7952
- C:\Windows\System\AIYTXob.exe
  C:\Windows\System\AIYTXob.exe
  2⤵
  PID:7972
- C:\Windows\System\XNTFMQG.exe
  C:\Windows\System\XNTFMQG.exe
  2⤵
  PID:7992
- C:\Windows\System\jFAREMb.exe
  C:\Windows\System\jFAREMb.exe
  2⤵
  PID:8012
- C:\Windows\System\WjbvEXX.exe
  C:\Windows\System\WjbvEXX.exe
  2⤵
  PID:8032
- C:\Windows\System\kfJEXGl.exe
  C:\Windows\System\kfJEXGl.exe
  2⤵
  PID:8052
- C:\Windows\System\ZVmrfpk.exe
  C:\Windows\System\ZVmrfpk.exe
  2⤵
  PID:8068
- C:\Windows\System\RqUgVDS.exe
  C:\Windows\System\RqUgVDS.exe
  2⤵
  PID:8092
- C:\Windows\System\GOYQzWp.exe
  C:\Windows\System\GOYQzWp.exe
  2⤵
  PID:8108
- C:\Windows\System\AVfwGIA.exe
  C:\Windows\System\AVfwGIA.exe
  2⤵
  PID:8132
- C:\Windows\System\TNoKBKa.exe
  C:\Windows\System\TNoKBKa.exe
  2⤵
  PID:8148
- C:\Windows\System\oAFozuW.exe
  C:\Windows\System\oAFozuW.exe
  2⤵
  PID:8168
- C:\Windows\System\fFSYCIP.exe
  C:\Windows\System\fFSYCIP.exe
  2⤵
  PID:8188
- C:\Windows\System\CKXsILb.exe
  C:\Windows\System\CKXsILb.exe
  2⤵
  PID:7176
- C:\Windows\System\UYDPPBH.exe
  C:\Windows\System\UYDPPBH.exe
  2⤵
  PID:7236
- C:\Windows\System\xGQTJnG.exe
  C:\Windows\System\xGQTJnG.exe
  2⤵
  PID:7248
- C:\Windows\System\mcWesLR.exe
  C:\Windows\System\mcWesLR.exe
  2⤵
  PID:7220
- C:\Windows\System\pReamFJ.exe
  C:\Windows\System\pReamFJ.exe
  2⤵
  PID:7360
- C:\Windows\System\ZdinJqn.exe
  C:\Windows\System\ZdinJqn.exe
  2⤵
  PID:7328
- C:\Windows\System\wsFZBFG.exe
  C:\Windows\System\wsFZBFG.exe
  2⤵
  PID:7404
- C:\Windows\System\JKYDVRi.exe
  C:\Windows\System\JKYDVRi.exe
  2⤵
  PID:7440
- C:\Windows\System\QsYPtbx.exe
  C:\Windows\System\QsYPtbx.exe
  2⤵
  PID:7460
- C:\Windows\System\qZBQawg.exe
  C:\Windows\System\qZBQawg.exe
  2⤵
  PID:7516
- C:\Windows\System\JvoWGIr.exe
  C:\Windows\System\JvoWGIr.exe
  2⤵
  PID:7592
- C:\Windows\System\nTnkFJd.exe
  C:\Windows\System\nTnkFJd.exe
  2⤵
  PID:7636
- C:\Windows\System\oXOIIPf.exe
  C:\Windows\System\oXOIIPf.exe
  2⤵
  PID:7652
- C:\Windows\System\autudif.exe
  C:\Windows\System\autudif.exe
  2⤵
  PID:7612
- C:\Windows\System\fNpKYJk.exe
  C:\Windows\System\fNpKYJk.exe
  2⤵
  PID:7680
- C:\Windows\System\tOJPMwX.exe
  C:\Windows\System\tOJPMwX.exe
  2⤵
  PID:7664
- C:\Windows\System\rYvZAgO.exe
  C:\Windows\System\rYvZAgO.exe
  2⤵
  PID:7688
- C:\Windows\System\uUbdIVb.exe
  C:\Windows\System\uUbdIVb.exe
  2⤵
  PID:7728
- C:\Windows\System\FqBsFpi.exe
  C:\Windows\System\FqBsFpi.exe
  2⤵
  PID:7748
- C:\Windows\System\lzGnXFe.exe
  C:\Windows\System\lzGnXFe.exe
  2⤵
  PID:7772
- C:\Windows\System\bycKfSI.exe
  C:\Windows\System\bycKfSI.exe
  2⤵
  PID:7808
- C:\Windows\System\xCivInr.exe
  C:\Windows\System\xCivInr.exe
  2⤵
  PID:7844
- C:\Windows\System\NKUXJIl.exe
  C:\Windows\System\NKUXJIl.exe
  2⤵
  PID:7880
- C:\Windows\System\LgIKikF.exe
  C:\Windows\System\LgIKikF.exe
  2⤵
  PID:7908
- C:\Windows\System\mPbKSXU.exe
  C:\Windows\System\mPbKSXU.exe
  2⤵
  PID:7960
- C:\Windows\System\yHsGfAV.exe
  C:\Windows\System\yHsGfAV.exe
  2⤵
  PID:7964
- C:\Windows\System\wmBEetb.exe
  C:\Windows\System\wmBEetb.exe
  2⤵
  PID:8008
- C:\Windows\System\QVgjnre.exe
  C:\Windows\System\QVgjnre.exe
  2⤵
  PID:8048
- C:\Windows\System\brdifub.exe
  C:\Windows\System\brdifub.exe
  2⤵
  PID:8028
- C:\Windows\System\mEPzail.exe
  C:\Windows\System\mEPzail.exe
  2⤵
  PID:8100
- C:\Windows\System\cTGALGE.exe
  C:\Windows\System\cTGALGE.exe
  2⤵
  PID:8128
- C:\Windows\System\wVmFXzc.exe
  C:\Windows\System\wVmFXzc.exe
  2⤵
  PID:7204
- C:\Windows\System\FSoFJaH.exe
  C:\Windows\System\FSoFJaH.exe
  2⤵
  PID:7196
- C:\Windows\System\CJfTSjp.exe
  C:\Windows\System\CJfTSjp.exe
  2⤵
  PID:7272
- C:\Windows\System\SAgXbca.exe
  C:\Windows\System\SAgXbca.exe
  2⤵
  PID:7352
- C:\Windows\System\CzAZIOW.exe
  C:\Windows\System\CzAZIOW.exe
  2⤵
  PID:7380
- C:\Windows\System\tpjOEBj.exe
  C:\Windows\System\tpjOEBj.exe
  2⤵
  PID:7292
- C:\Windows\System\zqTnyIq.exe
  C:\Windows\System\zqTnyIq.exe
  2⤵
  PID:7556
- C:\Windows\System\RlSIqpo.exe
  C:\Windows\System\RlSIqpo.exe
  2⤵
  PID:7312
- C:\Windows\System\BggzIvz.exe
  C:\Windows\System\BggzIvz.exe
  2⤵
  PID:7576
- C:\Windows\System\EXWLQkn.exe
  C:\Windows\System\EXWLQkn.exe
  2⤵
  PID:7416
- C:\Windows\System\zzwXijs.exe
  C:\Windows\System\zzwXijs.exe
  2⤵
  PID:7500
- C:\Windows\System\pMCstgh.exe
  C:\Windows\System\pMCstgh.exe
  2⤵
  PID:7708
- C:\Windows\System\JPtnAcf.exe
  C:\Windows\System\JPtnAcf.exe
  2⤵
  PID:7768
- C:\Windows\System\IRRFoxH.exe
  C:\Windows\System\IRRFoxH.exe
  2⤵
  PID:7800
- C:\Windows\System\WMrqIrA.exe
  C:\Windows\System\WMrqIrA.exe
  2⤵
  PID:2568
- C:\Windows\System\hFzdvrS.exe
  C:\Windows\System\hFzdvrS.exe
  2⤵
  PID:2416
- C:\Windows\System\BVwetST.exe
  C:\Windows\System\BVwetST.exe
  2⤵
  PID:7864
- C:\Windows\System\rQrbPXw.exe
  C:\Windows\System\rQrbPXw.exe
  2⤵
  PID:7464
- C:\Windows\System\QBlVbjG.exe
  C:\Windows\System\QBlVbjG.exe
  2⤵
  PID:7944
- C:\Windows\System\maxUEIB.exe
  C:\Windows\System\maxUEIB.exe
  2⤵
  PID:8000
- C:\Windows\System\zLIlqmX.exe
  C:\Windows\System\zLIlqmX.exe
  2⤵
  PID:8020
- C:\Windows\System\OUDcUMD.exe
  C:\Windows\System\OUDcUMD.exe
  2⤵
  PID:8088
- C:\Windows\System\tKbhfCc.exe
  C:\Windows\System\tKbhfCc.exe
  2⤵
  PID:7668
- C:\Windows\System\oVwDVnj.exe
  C:\Windows\System\oVwDVnj.exe
  2⤵
  PID:2532
- C:\Windows\System\xzrCEDk.exe
  C:\Windows\System\xzrCEDk.exe
  2⤵
  PID:7828
- C:\Windows\System\bPXAqwf.exe
  C:\Windows\System\bPXAqwf.exe
  2⤵
  PID:7928
- C:\Windows\System\HfEtqMe.exe
  C:\Windows\System\HfEtqMe.exe
  2⤵
  PID:8044
- C:\Windows\System\RkcvwSR.exe
  C:\Windows\System\RkcvwSR.exe
  2⤵
  PID:8116
- C:\Windows\System\ZOwYjTm.exe
  C:\Windows\System\ZOwYjTm.exe
  2⤵
  PID:2252
- C:\Windows\System\ppHjGYF.exe
  C:\Windows\System\ppHjGYF.exe
  2⤵
  PID:7392
- C:\Windows\System\UUdQPvN.exe
  C:\Windows\System\UUdQPvN.exe
  2⤵
  PID:7532
- C:\Windows\System\czMRIAw.exe
  C:\Windows\System\czMRIAw.exe
  2⤵
  PID:7456
- C:\Windows\System\aaMZokp.exe
  C:\Windows\System\aaMZokp.exe
  2⤵
  PID:7628
- C:\Windows\System\AjhSwnc.exe
  C:\Windows\System\AjhSwnc.exe
  2⤵
  PID:7232
- C:\Windows\System\vnBEfrv.exe
  C:\Windows\System\vnBEfrv.exe
  2⤵
  PID:1648
- C:\Windows\System\SErnqrL.exe
  C:\Windows\System\SErnqrL.exe
  2⤵
  PID:7900
- C:\Windows\System\lECpRst.exe
  C:\Windows\System\lECpRst.exe
  2⤵
  PID:7984
- C:\Windows\System\vxeKhak.exe
  C:\Windows\System\vxeKhak.exe
  2⤵
  PID:7216
- C:\Windows\System\inIzBUK.exe
  C:\Windows\System\inIzBUK.exe
  2⤵
  PID:7572
- C:\Windows\System\YStoYCr.exe
  C:\Windows\System\YStoYCr.exe
  2⤵
  PID:7504
- C:\Windows\System\Jjtqdii.exe
  C:\Windows\System\Jjtqdii.exe
  2⤵
  PID:2312
- C:\Windows\System\WVawavh.exe
  C:\Windows\System\WVawavh.exe
  2⤵
  PID:7608
- C:\Windows\System\nUeTxhP.exe
  C:\Windows\System\nUeTxhP.exe
  2⤵
  PID:7804
- C:\Windows\System\DySalRa.exe
  C:\Windows\System\DySalRa.exe
  2⤵
  PID:7316
- C:\Windows\System\BMihzEo.exe
  C:\Windows\System\BMihzEo.exe
  2⤵
  PID:7496
- C:\Windows\System\yEjDkJL.exe
  C:\Windows\System\yEjDkJL.exe
  2⤵
  PID:2336
- C:\Windows\System\jbGkFkc.exe
  C:\Windows\System\jbGkFkc.exe
  2⤵
  PID:8160
- C:\Windows\System\xxDHLNb.exe
  C:\Windows\System\xxDHLNb.exe
  2⤵
  PID:7568
- C:\Windows\System\wzjHINs.exe
  C:\Windows\System\wzjHINs.exe
  2⤵
  PID:8212
- C:\Windows\System\xjBYPzj.exe
  C:\Windows\System\xjBYPzj.exe
  2⤵
  PID:8232
- C:\Windows\System\pOHMtRZ.exe
  C:\Windows\System\pOHMtRZ.exe
  2⤵
  PID:8248
- C:\Windows\System\fNmYJzT.exe
  C:\Windows\System\fNmYJzT.exe
  2⤵
  PID:8264
- C:\Windows\System\iHQuFfD.exe
  C:\Windows\System\iHQuFfD.exe
  2⤵
  PID:8284
- C:\Windows\System\TplcHRs.exe
  C:\Windows\System\TplcHRs.exe
  2⤵
  PID:8300
- C:\Windows\System\zeddahN.exe
  C:\Windows\System\zeddahN.exe
  2⤵
  PID:8324
- C:\Windows\System\jjZVopP.exe
  C:\Windows\System\jjZVopP.exe
  2⤵
  PID:8344
- C:\Windows\System\mAkLfMT.exe
  C:\Windows\System\mAkLfMT.exe
  2⤵
  PID:8360
- C:\Windows\System\mbyePvI.exe
  C:\Windows\System\mbyePvI.exe
  2⤵
  PID:8388
- C:\Windows\System\SjKoAWf.exe
  C:\Windows\System\SjKoAWf.exe
  2⤵
  PID:8408
- C:\Windows\System\GpnjDDw.exe
  C:\Windows\System\GpnjDDw.exe
  2⤵
  PID:8432
- C:\Windows\System\AWcOJSl.exe
  C:\Windows\System\AWcOJSl.exe
  2⤵
  PID:8448
- C:\Windows\System\kPxXtfZ.exe
  C:\Windows\System\kPxXtfZ.exe
  2⤵
  PID:8464
- C:\Windows\System\otiYxcP.exe
  C:\Windows\System\otiYxcP.exe
  2⤵
  PID:8484
- C:\Windows\System\HVBiYQC.exe
  C:\Windows\System\HVBiYQC.exe
  2⤵
  PID:8516
- C:\Windows\System\RTCCszF.exe
  C:\Windows\System\RTCCszF.exe
  2⤵
  PID:8532
- C:\Windows\System\KKdkxOE.exe
  C:\Windows\System\KKdkxOE.exe
  2⤵
  PID:8552
- C:\Windows\System\yEBuMlb.exe
  C:\Windows\System\yEBuMlb.exe
  2⤵
  PID:8572
- C:\Windows\System\EeVJJpc.exe
  C:\Windows\System\EeVJJpc.exe
  2⤵
  PID:8588
- C:\Windows\System\UizilDG.exe
  C:\Windows\System\UizilDG.exe
  2⤵
  PID:8616
- C:\Windows\System\NvdmacK.exe
  C:\Windows\System\NvdmacK.exe
  2⤵
  PID:8632
- C:\Windows\System\MuQMyzp.exe
  C:\Windows\System\MuQMyzp.exe
  2⤵
  PID:8652
- C:\Windows\System\KDXbjog.exe
  C:\Windows\System\KDXbjog.exe
  2⤵
  PID:8668
- C:\Windows\System\pBqAJVZ.exe
  C:\Windows\System\pBqAJVZ.exe
  2⤵
  PID:8688
- C:\Windows\System\nJaLvyq.exe
  C:\Windows\System\nJaLvyq.exe
  2⤵
  PID:8716
- C:\Windows\System\ypbqwnP.exe
  C:\Windows\System\ypbqwnP.exe
  2⤵
  PID:8732
- C:\Windows\System\GdzjjcT.exe
  C:\Windows\System\GdzjjcT.exe
  2⤵
  PID:8756
- C:\Windows\System\gmyGMlR.exe
  C:\Windows\System\gmyGMlR.exe
  2⤵
  PID:8772
- C:\Windows\System\SmPKVbJ.exe
  C:\Windows\System\SmPKVbJ.exe
  2⤵
  PID:8796
- C:\Windows\System\XZNASvk.exe
  C:\Windows\System\XZNASvk.exe
  2⤵
  PID:8816
- C:\Windows\System\rIQzquN.exe
  C:\Windows\System\rIQzquN.exe
  2⤵
  PID:8832
- C:\Windows\System\CfhiwST.exe
  C:\Windows\System\CfhiwST.exe
  2⤵
  PID:8852
- C:\Windows\System\kaVMWqJ.exe
  C:\Windows\System\kaVMWqJ.exe
  2⤵
  PID:8868
- C:\Windows\System\ureOKQG.exe
  C:\Windows\System\ureOKQG.exe
  2⤵
  PID:8884
- C:\Windows\System\hUDjdWr.exe
  C:\Windows\System\hUDjdWr.exe
  2⤵
  PID:8912
- C:\Windows\System\rrKqdwx.exe
  C:\Windows\System\rrKqdwx.exe
  2⤵
  PID:8932
- C:\Windows\System\AcDCTdL.exe
  C:\Windows\System\AcDCTdL.exe
  2⤵
  PID:8948
- C:\Windows\System\OlVwVnP.exe
  C:\Windows\System\OlVwVnP.exe
  2⤵
  PID:8972
- C:\Windows\System\jTncGWD.exe
  C:\Windows\System\jTncGWD.exe
  2⤵
  PID:8988
- C:\Windows\System\dqUVDAU.exe
  C:\Windows\System\dqUVDAU.exe
  2⤵
  PID:9008
- C:\Windows\System\fIEnwma.exe
  C:\Windows\System\fIEnwma.exe
  2⤵
  PID:9032
- C:\Windows\System\ywMcSdP.exe
  C:\Windows\System\ywMcSdP.exe
  2⤵
  PID:9048
- C:\Windows\System\SNmVgTm.exe
  C:\Windows\System\SNmVgTm.exe
  2⤵
  PID:9064
- C:\Windows\System\TkGyvrv.exe
  C:\Windows\System\TkGyvrv.exe
  2⤵
  PID:9088
- C:\Windows\System\GpcOdak.exe
  C:\Windows\System\GpcOdak.exe
  2⤵
  PID:9112
- C:\Windows\System\vNacBiK.exe
  C:\Windows\System\vNacBiK.exe
  2⤵
  PID:9128
- C:\Windows\System\uwKoCyH.exe
  C:\Windows\System\uwKoCyH.exe
  2⤵
  PID:9160
- C:\Windows\System\FGeOzyK.exe
  C:\Windows\System\FGeOzyK.exe
  2⤵
  PID:9176
- C:\Windows\System\QCWGYGy.exe
  C:\Windows\System\QCWGYGy.exe
  2⤵
  PID:9196
- C:\Windows\System\WCoyVtX.exe
  C:\Windows\System\WCoyVtX.exe
  2⤵
  PID:8164
- C:\Windows\System\sZQwdRn.exe
  C:\Windows\System\sZQwdRn.exe
  2⤵
  PID:7840
- C:\Windows\System\rSILTcK.exe
  C:\Windows\System\rSILTcK.exe
  2⤵
  PID:8228
- C:\Windows\System\xRqnLsn.exe
  C:\Windows\System\xRqnLsn.exe
  2⤵
  PID:8292
- C:\Windows\System\pDxCoPX.exe
  C:\Windows\System\pDxCoPX.exe
  2⤵
  PID:8332
- C:\Windows\System\jhMJTXe.exe
  C:\Windows\System\jhMJTXe.exe
  2⤵
  PID:8372
- C:\Windows\System\RXLtDVi.exe
  C:\Windows\System\RXLtDVi.exe
  2⤵
  PID:8312
- C:\Windows\System\ivjYLDO.exe
  C:\Windows\System\ivjYLDO.exe
  2⤵
  PID:8280
- C:\Windows\System\sckvBAF.exe
  C:\Windows\System\sckvBAF.exe
  2⤵
  PID:8396
- C:\Windows\System\uhSpyRI.exe
  C:\Windows\System\uhSpyRI.exe
  2⤵
  PID:8424
- C:\Windows\System\qLkMGnc.exe
  C:\Windows\System\qLkMGnc.exe
  2⤵
  PID:8440
- C:\Windows\System\slCiLcP.exe
  C:\Windows\System\slCiLcP.exe
  2⤵
  PID:8480
- C:\Windows\System\puCWtKj.exe
  C:\Windows\System\puCWtKj.exe
  2⤵
  PID:8512
- C:\Windows\System\uucWlLE.exe
  C:\Windows\System\uucWlLE.exe
  2⤵
  PID:8580
- C:\Windows\System\nzCfuzA.exe
  C:\Windows\System\nzCfuzA.exe
  2⤵
  PID:8584
- C:\Windows\System\dUzyFRo.exe
  C:\Windows\System\dUzyFRo.exe
  2⤵
  PID:8596
- C:\Windows\System\DcJkFbK.exe
  C:\Windows\System\DcJkFbK.exe
  2⤵
  PID:8664
- C:\Windows\System\GrwdwGy.exe
  C:\Windows\System\GrwdwGy.exe
  2⤵
  PID:8724
- C:\Windows\System\mlRwcxq.exe
  C:\Windows\System\mlRwcxq.exe
  2⤵
  PID:8752
- C:\Windows\System\TTkqNBH.exe
  C:\Windows\System\TTkqNBH.exe
  2⤵
  PID:8784
- C:\Windows\System\vQmlZSx.exe
  C:\Windows\System\vQmlZSx.exe
  2⤵
  PID:8808
- C:\Windows\System\LFyFHmG.exe
  C:\Windows\System\LFyFHmG.exe
  2⤵
  PID:8896
- C:\Windows\System\xzJIbSp.exe
  C:\Windows\System\xzJIbSp.exe
  2⤵
  PID:8880
- C:\Windows\System\DBVMbSK.exe
  C:\Windows\System\DBVMbSK.exe
  2⤵
  PID:8920
- C:\Windows\System\zOovPBL.exe
  C:\Windows\System\zOovPBL.exe
  2⤵
  PID:8956
- C:\Windows\System\NcLmXzd.exe
  C:\Windows\System\NcLmXzd.exe
  2⤵
  PID:9028
- C:\Windows\System\mBcUwch.exe
  C:\Windows\System\mBcUwch.exe
  2⤵
  PID:9056
- C:\Windows\System\NWLEBVG.exe
  C:\Windows\System\NWLEBVG.exe
  2⤵
  PID:9104
- C:\Windows\System\kPIkZNq.exe
  C:\Windows\System\kPIkZNq.exe
  2⤵
  PID:9040
- C:\Windows\System\wpjbyCW.exe
  C:\Windows\System\wpjbyCW.exe
  2⤵
  PID:9072
- C:\Windows\System\ipYbbAm.exe
  C:\Windows\System\ipYbbAm.exe
  2⤵
  PID:9124
- C:\Windows\System\VzydwFr.exe
  C:\Windows\System\VzydwFr.exe
  2⤵
  PID:9188
- C:\Windows\System\FLQanQE.exe
  C:\Windows\System\FLQanQE.exe
  2⤵
  PID:9212
- C:\Windows\System\GXisVPK.exe
  C:\Windows\System\GXisVPK.exe
  2⤵
  PID:8256
- C:\Windows\System\trJJXQI.exe
  C:\Windows\System\trJJXQI.exe
  2⤵
  PID:8368
- C:\Windows\System\OZEALNs.exe
  C:\Windows\System\OZEALNs.exe
  2⤵
  PID:8420
- C:\Windows\System\ydNQhla.exe
  C:\Windows\System\ydNQhla.exe
  2⤵
  PID:8548
- C:\Windows\System\GnwoYip.exe
  C:\Windows\System\GnwoYip.exe
  2⤵
  PID:8696
- C:\Windows\System\KlRFAty.exe
  C:\Windows\System\KlRFAty.exe
  2⤵
  PID:8712
- C:\Windows\System\EAsnCfK.exe
  C:\Windows\System\EAsnCfK.exe
  2⤵
  PID:8224
- C:\Windows\System\tuseQVs.exe
  C:\Windows\System\tuseQVs.exe
  2⤵
  PID:8496
- C:\Windows\System\ueGsrPJ.exe
  C:\Windows\System\ueGsrPJ.exe
  2⤵
  PID:8660
- C:\Windows\System\iVqdRpc.exe
  C:\Windows\System\iVqdRpc.exe
  2⤵
  PID:8400
- C:\Windows\System\suGYBrK.exe
  C:\Windows\System\suGYBrK.exe
  2⤵
  PID:8780
- C:\Windows\System\rsXBMHN.exe
  C:\Windows\System\rsXBMHN.exe
  2⤵
  PID:8860
- C:\Windows\System\uotzlNS.exe
  C:\Windows\System\uotzlNS.exe
  2⤵
  PID:8840
- C:\Windows\System\HNeiOkG.exe
  C:\Windows\System\HNeiOkG.exe
  2⤵
  PID:9016
- C:\Windows\System\wuGflIj.exe
  C:\Windows\System\wuGflIj.exe
  2⤵
  PID:9096
- C:\Windows\System\dtlgzPc.exe
  C:\Windows\System\dtlgzPc.exe
  2⤵
  PID:8924
- C:\Windows\System\jKtGFew.exe
  C:\Windows\System\jKtGFew.exe
  2⤵
  PID:9144
- C:\Windows\System\ebHhDCU.exe
  C:\Windows\System\ebHhDCU.exe
  2⤵
  PID:9168
- C:\Windows\System\GAZMcUW.exe
  C:\Windows\System\GAZMcUW.exe
  2⤵
  PID:8204
- C:\Windows\System\JaepkQj.exe
  C:\Windows\System\JaepkQj.exe
  2⤵
  PID:8208
- C:\Windows\System\EWWQwEl.exe
  C:\Windows\System\EWWQwEl.exe
  2⤵
  PID:8568
- C:\Windows\System\YJOAkPG.exe
  C:\Windows\System\YJOAkPG.exe
  2⤵
  PID:8544
- C:\Windows\System\ODpNwIz.exe
  C:\Windows\System\ODpNwIz.exe
  2⤵
  PID:8528
- C:\Windows\System\RBNHETY.exe
  C:\Windows\System\RBNHETY.exe
  2⤵
  PID:8700
- C:\Windows\System\imcsXiW.exe
  C:\Windows\System\imcsXiW.exe
  2⤵
  PID:8380
- C:\Windows\System\CHXLsPK.exe
  C:\Windows\System\CHXLsPK.exe
  2⤵
  PID:8864
- C:\Windows\System\DYmuqpX.exe
  C:\Windows\System\DYmuqpX.exe
  2⤵
  PID:8984
- C:\Windows\System\sohEPiX.exe
  C:\Windows\System\sohEPiX.exe
  2⤵
  PID:9136
- C:\Windows\System\qPczQbj.exe
  C:\Windows\System\qPczQbj.exe
  2⤵
  PID:9100
- C:\Windows\System\ISygVmi.exe
  C:\Windows\System\ISygVmi.exe
  2⤵
  PID:7308
- C:\Windows\System\KuhlvxJ.exe
  C:\Windows\System\KuhlvxJ.exe
  2⤵
  PID:8196
- C:\Windows\System\qBfIdGV.exe
  C:\Windows\System\qBfIdGV.exe
  2⤵
  PID:9152
- C:\Windows\System\OWGNWMK.exe
  C:\Windows\System\OWGNWMK.exe
  2⤵
  PID:8892
- C:\Windows\System\mFesNVA.exe
  C:\Windows\System\mFesNVA.exe
  2⤵
  PID:8900
- C:\Windows\System\DxMVaMM.exe
  C:\Windows\System\DxMVaMM.exe
  2⤵
  PID:8628
- C:\Windows\System\ugRbQhk.exe
  C:\Windows\System\ugRbQhk.exe
  2⤵
  PID:8608
- C:\Windows\System\PmiCLTm.exe
  C:\Windows\System\PmiCLTm.exe
  2⤵
  PID:8444
- C:\Windows\System\iXugAdM.exe
  C:\Windows\System\iXugAdM.exe
  2⤵
  PID:8460
- C:\Windows\System\gPLbICF.exe
  C:\Windows\System\gPLbICF.exe
  2⤵
  PID:8336
- C:\Windows\System\ZefHkxa.exe
  C:\Windows\System\ZefHkxa.exe
  2⤵
  PID:8768
- C:\Windows\System\wUHGBOJ.exe
  C:\Windows\System\wUHGBOJ.exe
  2⤵
  PID:9076
- C:\Windows\System\dAyVAFh.exe
  C:\Windows\System\dAyVAFh.exe
  2⤵
  PID:8492
- C:\Windows\System\iBliMMF.exe
  C:\Windows\System\iBliMMF.exe
  2⤵
  PID:9084
- C:\Windows\System\lWFdNvL.exe
  C:\Windows\System\lWFdNvL.exe
  2⤵
  PID:9024
- C:\Windows\System\shkksuN.exe
  C:\Windows\System\shkksuN.exe
  2⤵
  PID:8644
- C:\Windows\System\SfmgfDS.exe
  C:\Windows\System\SfmgfDS.exe
  2⤵
  PID:8272
- C:\Windows\System\ArsCsnq.exe
  C:\Windows\System\ArsCsnq.exe
  2⤵
  PID:9240
- C:\Windows\System\eJksvzy.exe
  C:\Windows\System\eJksvzy.exe
  2⤵
  PID:9256
- C:\Windows\System\VxHiNKJ.exe
  C:\Windows\System\VxHiNKJ.exe
  2⤵
  PID:9280
- C:\Windows\System\EhqsDiu.exe
  C:\Windows\System\EhqsDiu.exe
  2⤵
  PID:9300
- C:\Windows\System\kQEtVDu.exe
  C:\Windows\System\kQEtVDu.exe
  2⤵
  PID:9320
- C:\Windows\System\pjbsInN.exe
  C:\Windows\System\pjbsInN.exe
  2⤵
  PID:9340
- C:\Windows\System\BimIHmD.exe
  C:\Windows\System\BimIHmD.exe
  2⤵
  PID:9360
- C:\Windows\System\FuMetGd.exe
  C:\Windows\System\FuMetGd.exe
  2⤵
  PID:9380
- C:\Windows\System\rtrOtGx.exe
  C:\Windows\System\rtrOtGx.exe
  2⤵
  PID:9400
- C:\Windows\System\IxLedub.exe
  C:\Windows\System\IxLedub.exe
  2⤵
  PID:9420
- C:\Windows\System\vGItsol.exe
  C:\Windows\System\vGItsol.exe
  2⤵
  PID:9448
- C:\Windows\System\XtzUqCP.exe
  C:\Windows\System\XtzUqCP.exe
  2⤵
  PID:9464
- C:\Windows\System\WSOejdT.exe
  C:\Windows\System\WSOejdT.exe
  2⤵
  PID:9484
- C:\Windows\System\KWBTBfq.exe
  C:\Windows\System\KWBTBfq.exe
  2⤵
  PID:9504
- C:\Windows\System\fmkLfDq.exe
  C:\Windows\System\fmkLfDq.exe
  2⤵
  PID:9524
- C:\Windows\System\XXGxIqp.exe
  C:\Windows\System\XXGxIqp.exe
  2⤵
  PID:9548
- C:\Windows\System\KmRqEcq.exe
  C:\Windows\System\KmRqEcq.exe
  2⤵
  PID:9568
- C:\Windows\System\lBMnwRc.exe
  C:\Windows\System\lBMnwRc.exe
  2⤵
  PID:9584
- C:\Windows\System\ErkrMzW.exe
  C:\Windows\System\ErkrMzW.exe
  2⤵
  PID:9608
- C:\Windows\System\bdGzNcD.exe
  C:\Windows\System\bdGzNcD.exe
  2⤵
  PID:9628
- C:\Windows\System\Gaouxkp.exe
  C:\Windows\System\Gaouxkp.exe
  2⤵
  PID:9648
- C:\Windows\System\nBUuhTY.exe
  C:\Windows\System\nBUuhTY.exe
  2⤵
  PID:9664
- C:\Windows\System\XZTvCIE.exe
  C:\Windows\System\XZTvCIE.exe
  2⤵
  PID:9688
- C:\Windows\System\CZMbqaS.exe
  C:\Windows\System\CZMbqaS.exe
  2⤵
  PID:9704
- C:\Windows\System\IheklEn.exe
  C:\Windows\System\IheklEn.exe
  2⤵
  PID:9724
- C:\Windows\System\EKafOJZ.exe
  C:\Windows\System\EKafOJZ.exe
  2⤵
  PID:9744
- C:\Windows\System\PiJIWXu.exe
  C:\Windows\System\PiJIWXu.exe
  2⤵
  PID:9768
- C:\Windows\System\CjQypNg.exe
  C:\Windows\System\CjQypNg.exe
  2⤵
  PID:9784
- C:\Windows\System\KieGvwi.exe
  C:\Windows\System\KieGvwi.exe
  2⤵
  PID:9804
- C:\Windows\System\AZgguKg.exe
  C:\Windows\System\AZgguKg.exe
  2⤵
  PID:9824
- C:\Windows\System\kdJjvrk.exe
  C:\Windows\System\kdJjvrk.exe
  2⤵
  PID:9848
- C:\Windows\System\pLBsBvA.exe
  C:\Windows\System\pLBsBvA.exe
  2⤵
  PID:9864
- C:\Windows\System\aDzFcuy.exe
  C:\Windows\System\aDzFcuy.exe
  2⤵
  PID:9892
- C:\Windows\System\bOwLGAG.exe
  C:\Windows\System\bOwLGAG.exe
  2⤵
  PID:9908
- C:\Windows\System\uoVdfXl.exe
  C:\Windows\System\uoVdfXl.exe
  2⤵
  PID:9932
- C:\Windows\System\XKbyybs.exe
  C:\Windows\System\XKbyybs.exe
  2⤵
  PID:9948
- C:\Windows\System\dPjfThM.exe
  C:\Windows\System\dPjfThM.exe
  2⤵
  PID:9964
- C:\Windows\System\SwWKzFM.exe
  C:\Windows\System\SwWKzFM.exe
  2⤵
  PID:9988
- C:\Windows\System\LnraZWc.exe
  C:\Windows\System\LnraZWc.exe
  2⤵
  PID:10008
- C:\Windows\System\wApcDEY.exe
  C:\Windows\System\wApcDEY.exe
  2⤵
  PID:10028
- C:\Windows\System\KbwCfRs.exe
  C:\Windows\System\KbwCfRs.exe
  2⤵
  PID:10052
- C:\Windows\System\ANraBTn.exe
  C:\Windows\System\ANraBTn.exe
  2⤵
  PID:10068
- C:\Windows\System\nGQwgSK.exe
  C:\Windows\System\nGQwgSK.exe
  2⤵
  PID:10088
- C:\Windows\System\oEgnAvH.exe
  C:\Windows\System\oEgnAvH.exe
  2⤵
  PID:10108
- C:\Windows\System\ULRCWqV.exe
  C:\Windows\System\ULRCWqV.exe
  2⤵
  PID:10124
- C:\Windows\System\jscpBdy.exe
  C:\Windows\System\jscpBdy.exe
  2⤵
  PID:10144
- C:\Windows\System\cDozJtI.exe
  C:\Windows\System\cDozJtI.exe
  2⤵
  PID:10172
- C:\Windows\System\gtzbdwh.exe
  C:\Windows\System\gtzbdwh.exe
  2⤵
  PID:10192
- C:\Windows\System\aUYfrAq.exe
  C:\Windows\System\aUYfrAq.exe
  2⤵
  PID:10208
- C:\Windows\System\ifwDoEv.exe
  C:\Windows\System\ifwDoEv.exe
  2⤵
  PID:10228
- C:\Windows\System\YPZqtQo.exe
  C:\Windows\System\YPZqtQo.exe
  2⤵
  PID:9224
- C:\Windows\System\oymbbNA.exe
  C:\Windows\System\oymbbNA.exe
  2⤵
  PID:9232
- C:\Windows\System\qUqXIll.exe
  C:\Windows\System\qUqXIll.exe
  2⤵
  PID:9288
- C:\Windows\System\uLUzAej.exe
  C:\Windows\System\uLUzAej.exe
  2⤵
  PID:9296
- C:\Windows\System\iQLliXz.exe
  C:\Windows\System\iQLliXz.exe
  2⤵
  PID:9328
- C:\Windows\System\jvbBCPS.exe
  C:\Windows\System\jvbBCPS.exe
  2⤵
  PID:9388
- C:\Windows\System\clCAdBc.exe
  C:\Windows\System\clCAdBc.exe
  2⤵
  PID:9416
- C:\Windows\System\iBPkJwm.exe
  C:\Windows\System\iBPkJwm.exe
  2⤵
  PID:9412
- C:\Windows\System\LWkDCFa.exe
  C:\Windows\System\LWkDCFa.exe
  2⤵
  PID:9476
- C:\Windows\System\CaCOHmz.exe
  C:\Windows\System\CaCOHmz.exe
  2⤵
  PID:9492
- C:\Windows\System\wBKzqmX.exe
  C:\Windows\System\wBKzqmX.exe
  2⤵
  PID:9532
- C:\Windows\System\sXrQiYQ.exe
  C:\Windows\System\sXrQiYQ.exe
  2⤵
  PID:9592
- C:\Windows\System\NFPgTQg.exe
  C:\Windows\System\NFPgTQg.exe
  2⤵
  PID:9616
- C:\Windows\System\OmzCVRk.exe
  C:\Windows\System\OmzCVRk.exe
  2⤵
  PID:9644
- C:\Windows\System\pHTOLNS.exe
  C:\Windows\System\pHTOLNS.exe
  2⤵
  PID:9676
- C:\Windows\System\FTAZHQt.exe
  C:\Windows\System\FTAZHQt.exe
  2⤵
  PID:9716
- C:\Windows\System\ASzgnIn.exe
  C:\Windows\System\ASzgnIn.exe
  2⤵
  PID:9756
- C:\Windows\System\QOJzVzi.exe
  C:\Windows\System\QOJzVzi.exe
  2⤵
  PID:9776
- C:\Windows\System\kNlovbH.exe
  C:\Windows\System\kNlovbH.exe
  2⤵
  PID:9832
- C:\Windows\System\FJzSjDz.exe
  C:\Windows\System\FJzSjDz.exe
  2⤵
  PID:9836
- C:\Windows\System\VgJObdo.exe
  C:\Windows\System\VgJObdo.exe
  2⤵
  PID:9888
- C:\Windows\System\UZcIpnd.exe
  C:\Windows\System\UZcIpnd.exe
  2⤵
  PID:9920
- C:\Windows\System\lCYRasJ.exe
  C:\Windows\System\lCYRasJ.exe
  2⤵
  PID:9972
- C:\Windows\System\BPEuIlq.exe
  C:\Windows\System\BPEuIlq.exe
  2⤵
  PID:9996
- C:\Windows\System\CwWeYvw.exe
  C:\Windows\System\CwWeYvw.exe
  2⤵
  PID:10040
- C:\Windows\System\heWHZcN.exe
  C:\Windows\System\heWHZcN.exe
  2⤵
  PID:10024
- C:\Windows\System\zViRjXu.exe
  C:\Windows\System\zViRjXu.exe
  2⤵
  PID:10152
- C:\Windows\System\KvVwKXP.exe
  C:\Windows\System\KvVwKXP.exe
  2⤵
  PID:10156
- C:\Windows\System\wRsppcY.exe
  C:\Windows\System\wRsppcY.exe
  2⤵
  PID:10132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CZGrgvK.exe

Filesize
6.0MB

MD5
38652acda5214a97846d262873c434cd

SHA1
4a2d7c19eb6d3fcbc0f06137609aa1d84669f6bc

SHA256
9eaadb1fa7ece19a0a62ada1b5bd142f1376366c5b40dcc92348a7bfa1984991

SHA512
15af94807d8125af5fdd180864480185e439c8462849d39d2cdac6c6eb9c1a9861f715e1aa96ed6df77a92daf8b999b98ac81ba7ca9a0d0bf8e884d95ae6817d

Download Submit
C:\Windows\system\EvCewIt.exe

Filesize
6.0MB

MD5
634bce6619a32549f51a57c09cdc6882

SHA1
274ad3712399f5dd7b12f07d6f5c7665dfa15a83

SHA256
43220ca4dbc95e7259db121b425056b1ca2ce4b43fe6432806b3fbc051f7f252

SHA512
399c70c59c19d828b5ecc107625c5b397e7d587ca5a3448b2a7b2035094e9a442758c031f97c5c79d39ff2d331ac5a03476b643035eaa74ed1bf5b5932163393

Download Submit
C:\Windows\system\HwJlAJK.exe

Filesize
6.0MB

MD5
bd9fe5901c8eec856043d665dce919ef

SHA1
7ac44263d7e54933cfcb9665828e2aff6d011073

SHA256
eda9c33a23a0c6097f6953354f5363bdc16be50b06eade2bf55149cf5981d501

SHA512
da7f6a2b46cec1f115018e3a2469f3d7490f89ab8a2dfb71c0ffaa0f9d12678344483d0171ecdc9e3e0b82567f930210c69c1d82e09fb47cc408e1a764b92103

Download Submit
C:\Windows\system\IzlmkdU.exe

Filesize
6.0MB

MD5
c6310557f8769353a22e3a6ee98baa87

SHA1
4a8def5148f178f66a9cccfe39aadeb1a963ae3b

SHA256
27343f007b6396faf9d50bb905a1e55511bdff6df3bc243c3f93f031a3c2276c

SHA512
e7c8a1bb5de4c99f98c072c0a736fcd2260864fa196011b5f09f86877d4b488475c656e5f9b4ee3ec9e818249bb94891d20ca9797fdb7a23dcab39e1b2f43e4f

Download Submit
C:\Windows\system\MOROGJx.exe

Filesize
6.0MB

MD5
9a5f660bdd4908638956d6d81c8d3998

SHA1
20467448a59841e72f6fbf53da7ef90705f99f0c

SHA256
6c7487505deb77acc48d848523b93f1512283c53c7c833e74f84adcdc4cd5571

SHA512
7f33d03ca8bd302edc540a31f0c285fa9f42a75d5475f71ecd14d3bd017d8b697ee55ec13a6b606cd7027f88ac5c27298b63e153d45ba152baad910c727a8a6e

Download Submit
C:\Windows\system\PGuXrWD.exe

Filesize
6.0MB

MD5
5694f1fb2a84cfeb4851edb4bf22eb68

SHA1
43d176ab46e687a86146dfd757608b053985f1b0

SHA256
c7b6710419269dfbf53fdc4e5ffabbc0123d6d97f1a2ba1ac7a33ce0d5fca8ba

SHA512
4be132427c1ede0ed866ed9e65a20469944a9953df596d79bec0cdf0205aec56dd74f95663fce9a27b3364d517496e6c167b8a840fadc563b423da7af1cce2f9

Download Submit
C:\Windows\system\PMAEirb.exe

Filesize
6.0MB

MD5
b5b42915f882affc2bd1fa48e21359e8

SHA1
ae0d1085c7d916f0c2ee8ccc647d7441538b852b

SHA256
c252244fff5f545727cf7ef764d281a8a245fa2d648f747bd788c35b2e285075

SHA512
e8aa5106f293dabfad728c1080c117a20069bd6ccca079760e7455dcc4edd204c6abaeaa2da6752e25bb18604675ea36bf46902d951a9a364a2b6827923df74b

Download Submit
C:\Windows\system\PUCzVhW.exe

Filesize
6.0MB

MD5
503a67c4f6344caf569079eccd2c132f

SHA1
92da5571811611308bc569523d3c426763922b0b

SHA256
f24e8feae185ef502033a0fab9b834623f23813e4ac75005cc1680176f694f4c

SHA512
bdab03a18646b47132baca38abd70196d492814f02b0fee96a4bd53ae3aed27c690802aa2c470a45496fd3e1efaa6a89dcdbc190279490a803101c089e23d628

Download Submit
C:\Windows\system\SUqJAHR.exe

Filesize
6.0MB

MD5
31f7aa04adda6304385130a6ee45d502

SHA1
0fa3f00e71e3f0f5fcc90c1f81c4568e0112cb46

SHA256
b9bda77e1e87ce95587c3020e3c6b94758c3417fc069d4da959ea29a52737082

SHA512
6a80bea2444079aab9504780d3ce694e4aab7cfcfbc49d0aefa58022f8eccda0b36270f8f0a2bb608586817c4840ca6ed65bd481ed1f41fc0fc979e645483205

Download Submit
C:\Windows\system\TbriZfz.exe

Filesize
6.0MB

MD5
e8ce2f04dcb170041d750e4c8cbdd467

SHA1
65b0a91e0534163dfeb1599a35e6dc021f4b783e

SHA256
910bd9ee8140a434dde7d6bfde40fddf6fd54b89c93397085570af755cdbd69e

SHA512
74cf8f71bf66cc3ddcb715303a104e975d401ccd35f7f16a4ad2e01901e46a18e213ceffc40c693ea15312c82937ee6edb611fe25c1098632406ed24be3c4fd2

Download Submit
C:\Windows\system\WMKwgIl.exe

Filesize
6.0MB

MD5
d3a9610b2e09ecbf3adfce8508a8cd03

SHA1
c036511529dbe304a39aaf8a2fa949bdb58fdb70

SHA256
ff45e79f8faa8b85cd8eb9dbd15005e06d9038385559a89cb673cdd73afb8e99

SHA512
697906820f609801bfd33f20f396320940f4586835f954be28f047672e35a961fe379b42109a0d686c73f4c28421a7c00b87acfc0a10cc2ce0fbb76ded0c7a01

Download Submit
C:\Windows\system\YCFldAT.exe

Filesize
6.0MB

MD5
a9efb5e41b00188664a21bb5769486de

SHA1
c8a4e7534a975488c4b58edbb35de143aef94795

SHA256
a120a578eacb2f0b967c9eaf19897c6edf37bf10ba0db701b7a6dc6a6cb08655

SHA512
494ef92aeec258de29dc807c62fce9c93e2dfcd730dee49506d222fdae8ee9eba5244b7e7f267adf60ddf926087b6b8738e322dceeed4dae0ff2867ca18f8c41

Download Submit
C:\Windows\system\ZUcyRCr.exe

Filesize
6.0MB

MD5
53a87ae84026e671b36bc47e8c030b1e

SHA1
dbff7539cecee59aae5ee7ddf0eb27942e7e0e3c

SHA256
755ebeffad858441910cd828b5024a97cc0132252ba12d13022f1d2ae476ebb2

SHA512
38591606b2b4627b8dda158d11f317b33768cfd90318cfdbb29fe4a8f9eb9ce78b84150536c6a69ea29cec3eab9b380197b8a38d56702ee4723d953cd82ec29e

Download Submit
C:\Windows\system\fpQSLZE.exe

Filesize
6.0MB

MD5
06e56a88d1d9574b532198429cdc3290

SHA1
53931d3c0dc721d7448827772d99d02c309c6948

SHA256
9abaa958606ca28790226dc33a8b0d96390b09b5f6161b90c9fa8556046de3a3

SHA512
f3104ba3e6aa4f3b550765da038b12fa82f1bc193378ca5f04a1fb395bce630fa852213f29641b7dbad593e46d665da17b866bf1339327db352621c7b9fbd9e4

Download Submit
C:\Windows\system\jrgbxTL.exe

Filesize
6.0MB

MD5
310233ff6b0a8e672dfda9fe4a6fc062

SHA1
6df141bbd673a0a6e36bc54b0b6b014073f2d4ae

SHA256
fbde5790984f6fd9d1df9ece8e391fbf60d105abf076cda435f0ca0a84644791

SHA512
cf0be00d9a8298c13f6ae2cea136f96dda8a902484b869b558b27f9c2f8a70db08604d3461fd2efa0af0feb3cf35181d6480f547cd46d6d6d90213ec2199c4bd

Download Submit
C:\Windows\system\mWWLajQ.exe

Filesize
6.0MB

MD5
24841761228492758a708f451a7d3f98

SHA1
992f9fbb7f49dc68e29a2f30af36febf051db11f

SHA256
167d19004d52fd5330507b7ab5d28c15c9beab8ae132f9b11c7ad1d8b60183bc

SHA512
1373a9069ba545e66db0928c7b938f4ef98fdc1f7bda5267a05ef3d014fc10eb3b7f4d16ba19db1c501ed57f5c0b00cee555fe9f228a9711893db95ed04f4f28

Download Submit
C:\Windows\system\myQbuvs.exe

Filesize
6.0MB

MD5
6ea461811d7af6c3551d8c72025895e0

SHA1
d80f9b90feb2c2ebdfd0c519418614c49cd03ec5

SHA256
4c04ff3fee36e085d00ba7d3e286d03585d31c91654f7c26afd5321163116723

SHA512
ea0b7529200ade3b585b3a509fa7d3f00b126cc523fb28780d3128f80d7cae9da7871c6ac4eee4efa6d00dabc198f1fabecf6dc4b4dac82105f6bdbb7a12a83d

Download Submit
C:\Windows\system\nuCXYgS.exe

Filesize
6.0MB

MD5
d8c28e222ca6d35db00c99f4508b618c

SHA1
e2f0f29179f04876fa001332d300cc90b46793ea

SHA256
1f6fe6025e019a06104cb2dd842f5c4ff279a81b93a45dbc3930a35fd59bb65c

SHA512
3de56791e6159578522e81c2e3c05886e005a19eac05a74cc9a1044ba9f0abbcbbf6edef6f98999c0b149691e031451f725d3b5ecc33c4152e7394bc114778d5

Download Submit
C:\Windows\system\pSRbYMA.exe

Filesize
6.0MB

MD5
73a01ee6b6e440958923844f9aea5bcb

SHA1
706403eaafe604c2fde32923c25aa7f18a901db9

SHA256
2d3c8fad42b826cd1cbac55e6dfa2bdafd952c4dc82f4a2335c0d12004662cd2

SHA512
d2cdb348e2344ac9b2b2d94b8b6e20152d89b0aab79fef25ad53524dcda8e73fbd98de4cb1f4ff9b779db2dbe8d74ef69d3a05da8d2bfc777125588ab91956af

Download Submit
C:\Windows\system\rRDColT.exe

Filesize
6.0MB

MD5
c3e193bcaf5756265ab729883ad26fa4

SHA1
1a622f2fbfd853cd998557effb7a22215304bcf4

SHA256
da726207a00c233ed47a543fb8a4086095d4c016f2d59e71151ed0b545bbe004

SHA512
06811fb8385e23c2dd1437abcf39f79a6deaf75aaeabf9bd4141f2e973831704989da4cc975a5363a7913687f6cdf35575e1abf133846eccdea95ccee38a9b33

Download Submit
C:\Windows\system\sCANodw.exe

Filesize
6.0MB

MD5
cf62c0270cc8e91d914f22b28aadb1e1

SHA1
28dbc3b0e6145535ef0dfaa6bdc44647d2f71406

SHA256
5e0c2fa15672c6729e23b5763b1fcc764a2d79838b5b82326abf67caed0d8658

SHA512
ffa5312cf6a3ad65f8181cd4ae776d73fe099be866e0a581bb123560df4c4d1b6c5a42f67e5cb2d1d389451ae53cbf406b0eee01951ffa6a49ae851a76566d2b

Download Submit
C:\Windows\system\slrohnL.exe

Filesize
6.0MB

MD5
78fec6428dc95386270ce53ac9efb7dd

SHA1
dd60ab300e76d033fb8c9872d5f8f9a6bcf56bc6

SHA256
b506b4b16482153dff76d71ed8beaf2dec80b201bb494190c24da63cc5b8f176

SHA512
42894295387e6165e00b4d1e6ee85f0430c6c19c94f290bf8a1085f3970f53d137c18b0fba93d66965f218ebf7763a1dba7a56a0406ea1c54b44405d6ffd71b4

Download Submit
C:\Windows\system\usBCjLd.exe

Filesize
6.0MB

MD5
fe0cb59a174b7c8e6552203c90ef3745

SHA1
c9f20da4c0ac16cd3e49eac4590d8ce6fb663ffd

SHA256
8bb1e30a7c77b0d4f63e82c8bd30f1bc601462725420165093439065a1feafb2

SHA512
cc133b36e6ec5ed7e6a17d9ee4594477acaaecb9b6dde78eff4332612bcbba619c1bee0c0d4458d49d590b0a41d2d11e2f9185ba7064cb4147b48b6efbcbe344

Download Submit
C:\Windows\system\wNfxqyU.exe

Filesize
6.0MB

MD5
9adc1a5f9d8493b8d9247f7894930c8f

SHA1
41c8f8f7fce8c5f2286b24993714a49c5e394c56

SHA256
73b7ace21d3f2cf73f7b127efdbf72e0c7317db86b975f4e32d98f2404be2f0f

SHA512
885474065db3273a6abe2dc644b68b5525547ec12e575e45cc75f8608c814ccd7d35fe5c352d4771922013789478fa812975068436559cb59bc9c52e2fce603f

Download Submit
C:\Windows\system\zlSRUAZ.exe

Filesize
6.0MB

MD5
0c80491e7436d3911cc6ab552694ace8

SHA1
ef42ba60545d1b9d4ede357f11b00ed76eb1be0b

SHA256
8fbad43f762bd237f19a94438ed87145721ad7e43c7dd617c5ea2ee455119c21

SHA512
136b5e8d877fe9a346dd0a631a5ce27b111b44167603fe2bcf459914261ba826b72ca35da7c1a67abcf103f2e5a8ead663ec0f83723e2076214b97ddff758903

Download Submit
C:\Windows\system\zvVDvIv.exe

Filesize
6.0MB

MD5
05b38dfac0c7a291bd070381bfcb3e1e

SHA1
9dd0569f9b51ddb243214195ff37005061eab3ed

SHA256
b7b3d19d163690f245b838495c0522d1b112ba772116b5638a2e98c55a1e97d1

SHA512
88ae4c00b5479e2dde28931d7df3e53fda864adbf0c497351e5df3951c0e9236b9099b1e103bb88cd521b7ed8683147b159610c93270ece6a62a803dd94071ca

Download Submit
\Windows\system\IuboQZE.exe

Filesize
6.0MB

MD5
fd1ba2a42642a8fba9b4873953cdc5fd

SHA1
6a92f3c9caba909b323342b473c3d4abe34a4183

SHA256
3384a3f34c8a100644a059451dfb630ce767adfe5356dc226182dbb09d4c3989

SHA512
ef0319771ce0164152d31fa3736c0e142414be0dd3d71c5c560c33a87ffac75157844e95517a339625a6a9038328f2c71da5a5589002f2ae5748bbc2e05ca56a

Download Submit
\Windows\system\MSYlvNS.exe

Filesize
6.0MB

MD5
b8716f9eb06e8fe852705e96d1c3bc94

SHA1
0544010129c1153181c3d5d92128b6273aff39d4

SHA256
f402cf0307e66af70b76ee4d6f1b34840f48a3f8ab04e92cfb1bd47f83883bc9

SHA512
ecae5758fc19fe40a6b9a4478ca07cb215fb9a267d91fa1cf5aafe3dfa559cb88dba7ed58c582980f6249fd02e7fd7d70d76339e654fd94b26a24e44c95d5e83

Download Submit
\Windows\system\PWfyeGU.exe

Filesize
6.0MB

MD5
b625a5d2c4f93f5a5fe6dfd33f9a54d9

SHA1
6171e7528c65739523acfba66bc39e16924e7ab2

SHA256
840c1aeb631939f15b9e43781aeb2b53c5c987d16fd1d403521a0715ba119358

SHA512
491f8accc4545cb6655284d7e7bc9a603808c5700ba477e1b7bdba264ceee5e2954b01a0f9ffec89016fc00c47cb6849325d80346f235c5a12e8b95efd3af280

Download Submit
\Windows\system\RAoevux.exe

Filesize
6.0MB

MD5
374738e95120ae87ec8b21bbc7bac156

SHA1
0878f209aabe7afc947d439bf88360d5b065d048

SHA256
bdd4a3073a3a4b8b598f269a0ab3e26cf9fbe4689eaf177b8b7d12290aa40eef

SHA512
4693b7f6176e9af44dc70ed256273af044f56f527c53117bfc8ed50c96f31fdbd213b17c97a7241b1f68a19ddc2bf5fc213da5922995603e9b1dc2260d48cc63

Download Submit
\Windows\system\ivBsEfg.exe

Filesize
6.0MB

MD5
e29304c1b16d9b068b3e455620e2ff36

SHA1
904365f0cdaeaa162c885fac77213b365987e431

SHA256
bdfc80f733ac30b188c914dd86c9c36adbaa982ceaab183c7e407537345e831d

SHA512
c7a35a63d1c122cf1b2740e97202c37d0709892dac890b7107ca39e8d82b079a85deb010071097c85af41c9c5a8290c1812b049a6871fd1db37d1dd09400f585

Download Submit
\Windows\system\qVUKApx.exe

Filesize
6.0MB

MD5
ed0ca4bf7b5bd3b476585a4bed9e35bc

SHA1
ae6c2515ea9cc6f90e30e3652845017723103a9b

SHA256
72c3caceb98f1059b4dda5994479d4d425702916ebc5faece333f59b32db5a61

SHA512
cde023567d48e5eb8f3fed4e8cdcc50fbb498924a04e656fdfbe1c25fd3fbc6be4090841cffb3e8dc6940cb8ef6d41ea8ad2d5036e4cdd04e9bad69a3b4c398e

Download Submit
memory/796-64-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/796-0-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/796-88-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/796-81-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/796-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/796-19-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/796-50-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/796-51-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/796-52-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/796-102-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/796-184-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/796-262-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/796-57-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/796-73-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/796-67-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/796-290-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/796-347-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/796-11-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/952-225-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/952-1552-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/952-76-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/1432-272-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1432-84-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1432-1550-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1744-1549-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-97-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-399-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-1547-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2272-132-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2272-68-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1553-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2448-91-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2448-315-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2464-1526-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2464-41-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2540-1480-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2540-72-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2540-14-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2672-47-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1546-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1544-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-55-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1551-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-61-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-96-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1545-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-53-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-8-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1548-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1542-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2940-80-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2940-21-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1543-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-54-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download