cobaltstrike | 68a4ee1d895c02f535722c095f395e73687488d8274e211fdcf3836ad1727e63

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

85f61cd9e9c7eff337751b80088af31b
SHA1

438a17b9496cd6a5441412c18bde867cfa5b1c06
SHA256

68a4ee1d895c02f535722c095f395e73687488d8274e211fdcf3836ad1727e63
SHA512

bbf86131a1b6a79dd2efa1a959f5962ffaa823f3f7c3e31afce6639af5c6b9c8aa1a46cc4b05490dc9653766cbef0048d3d3e3cfec5dd5103894703b12a1b5ac
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017051-9.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000170b5-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017546-19.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175c6-27.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175cc-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019228-41.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-51.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c66-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cbf-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08a-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41a-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2e7-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a061-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a325-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a04e-143.dat	cobalt_reflective_dll
behavioral1/files/0x002f000000016dc7-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f4e-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f4a-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8b-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c68-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aee-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aec-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aea-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c1-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019589-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-46.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000018654-37.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2096-0-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-6.dat	xmrig
behavioral1/files/0x0008000000017051-9.dat	xmrig
behavioral1/files/0x00070000000170b5-16.dat	xmrig
behavioral1/files/0x0007000000017546-19.dat	xmrig
behavioral1/memory/2800-21-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x00070000000175c6-27.dat	xmrig
behavioral1/files/0x00070000000175cc-31.dat	xmrig
behavioral1/files/0x0006000000019228-41.dat	xmrig
behavioral1/files/0x000500000001953a-51.dat	xmrig
behavioral1/files/0x000500000001961b-66.dat	xmrig
behavioral1/files/0x0005000000019624-77.dat	xmrig
behavioral1/files/0x0005000000019c66-111.dat	xmrig
behavioral1/files/0x0005000000019cbf-122.dat	xmrig
behavioral1/files/0x000500000001a08a-178.dat	xmrig
behavioral1/files/0x000500000001a41b-174.dat	xmrig
behavioral1/memory/2096-1035-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2800-3953-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2624-3956-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2012-3963-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2888-3965-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2304-3966-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2596-3967-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2840-3968-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2060-3969-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2908-3971-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1804-3970-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2648-3959-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2724-3957-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/1776-3955-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2832-3954-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2060-196-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2012-194-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2840-192-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/1776-190-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2304-188-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2648-186-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2596-184-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41a-171.dat	xmrig
behavioral1/memory/2832-166-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a2e7-163.dat	xmrig
behavioral1/memory/2096-159-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a061-156.dat	xmrig
behavioral1/files/0x000500000001a325-167.dat	xmrig
behavioral1/files/0x000500000001a04e-143.dat	xmrig
behavioral1/memory/2096-136-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/memory/1804-155-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2096-154-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x002f000000016dc7-153.dat	xmrig
behavioral1/memory/2888-135-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2624-152-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2908-148-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2724-141-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f4e-139.dat	xmrig
behavioral1/files/0x0005000000019f4a-129.dat	xmrig
behavioral1/files/0x0005000000019d8b-126.dat	xmrig
behavioral1/files/0x0005000000019c68-116.dat	xmrig
behavioral1/files/0x0005000000019c50-106.dat	xmrig
behavioral1/files/0x0005000000019aee-101.dat	xmrig
behavioral1/files/0x0005000000019aec-97.dat	xmrig
behavioral1/files/0x0005000000019aea-91.dat	xmrig
behavioral1/files/0x00050000000197c1-86.dat	xmrig
behavioral1/files/0x0005000000019625-81.dat	xmrig
behavioral1/files/0x000500000001961f-71.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2800	bSwYhxC.exe
2888	sssCjOL.exe
2724	mJEnlJv.exe
2908	OmJbFQo.exe
2624	SUUrbAn.exe
1804	YJwvTTw.exe
2832	YmUfMjd.exe
2596	nYpuClx.exe
2648	bnAHIDf.exe
2304	RdCbvTP.exe
1776	cdpohzV.exe
2840	FLbhpoB.exe
2012	jbMpqWT.exe
2060	pCwYeZM.exe
2080	FbUBkWN.exe
760	aNqEPBb.exe
264	xRpsDjw.exe
2964	daYaPgE.exe
2972	mOJBlQo.exe
2296	nNUsNUy.exe
2828	uhgHZyH.exe
2836	dFMobKp.exe
2488	YqZYNDB.exe
664	cFMHIYC.exe
2848	dMjVyIs.exe
1148	GNspGsW.exe
2152	uXoCwvI.exe
1472	qQOTgDp.exe
2456	aPAvZNC.exe
2124	PLEnpPJ.exe
1396	BqwgpiK.exe
2136	bzIzOWU.exe
2468	nkuxVdH.exe
1808	PZIwzaf.exe
2368	yXjLgxh.exe
1600	DphYIqf.exe
1856	OKKirbh.exe
476	pgdiKlo.exe
2120	fGithrI.exe
2000	MFnEAzk.exe
2520	KLEtDTE.exe
1492	WgdUVKW.exe
348	BVFEjqE.exe
2352	zYiIpbi.exe
1676	WfZXpMy.exe
1636	ZdzwLSt.exe
1740	ybOcBXY.exe
2036	XbVKtpI.exe
3012	JTazAxd.exe
1860	ZLecHSn.exe
2448	umzDxtO.exe
1556	NzqQUfB.exe
1680	fCDfCyh.exe
2756	YtbsOlu.exe
2792	iJdzKjK.exe
2980	wmNfnkZ.exe
2716	CKHFhcL.exe
2816	aMvmUxc.exe
2712	SQOKmVB.exe
2192	VgFlSjX.exe
1836	UlJZeBF.exe
836	MkLudxm.exe
2512	pHKTDNp.exe
580	owfLYup.exe

Loads dropped DLL 64 IoCs

pid	Process
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2096-0-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-6.dat	upx
behavioral1/files/0x0008000000017051-9.dat	upx
behavioral1/files/0x00070000000170b5-16.dat	upx
behavioral1/files/0x0007000000017546-19.dat	upx
behavioral1/memory/2800-21-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x00070000000175c6-27.dat	upx
behavioral1/files/0x00070000000175cc-31.dat	upx
behavioral1/files/0x0006000000019228-41.dat	upx
behavioral1/files/0x000500000001953a-51.dat	upx
behavioral1/files/0x000500000001961b-66.dat	upx
behavioral1/files/0x0005000000019624-77.dat	upx
behavioral1/files/0x0005000000019c66-111.dat	upx
behavioral1/files/0x0005000000019cbf-122.dat	upx
behavioral1/files/0x000500000001a08a-178.dat	upx
behavioral1/files/0x000500000001a41b-174.dat	upx
behavioral1/memory/2096-1035-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2800-3953-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2624-3956-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2012-3963-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2888-3965-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2304-3966-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2596-3967-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2840-3968-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2060-3969-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2908-3971-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/1804-3970-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2648-3959-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2724-3957-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/1776-3955-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2832-3954-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2060-196-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2012-194-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2840-192-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/1776-190-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2304-188-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2648-186-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2596-184-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x000500000001a41a-171.dat	upx
behavioral1/memory/2832-166-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x000500000001a2e7-163.dat	upx
behavioral1/files/0x000500000001a061-156.dat	upx
behavioral1/files/0x000500000001a325-167.dat	upx
behavioral1/files/0x000500000001a04e-143.dat	upx
behavioral1/memory/1804-155-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x002f000000016dc7-153.dat	upx
behavioral1/memory/2888-135-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2624-152-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2908-148-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2724-141-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x0005000000019f4e-139.dat	upx
behavioral1/files/0x0005000000019f4a-129.dat	upx
behavioral1/files/0x0005000000019d8b-126.dat	upx
behavioral1/files/0x0005000000019c68-116.dat	upx
behavioral1/files/0x0005000000019c50-106.dat	upx
behavioral1/files/0x0005000000019aee-101.dat	upx
behavioral1/files/0x0005000000019aec-97.dat	upx
behavioral1/files/0x0005000000019aea-91.dat	upx
behavioral1/files/0x00050000000197c1-86.dat	upx
behavioral1/files/0x0005000000019625-81.dat	upx
behavioral1/files/0x000500000001961f-71.dat	upx
behavioral1/files/0x0005000000019589-61.dat	upx
behavioral1/files/0x000500000001957c-56.dat	upx
behavioral1/files/0x0005000000019515-46.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\StEUDQd.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogvomTE.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrZYMUA.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAglTmN.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDpinoi.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPvyXZA.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXDmFyA.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDNyjZg.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ARmpjsC.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkQjlYz.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVYvCoC.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWoZECW.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpaBcet.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxoJesh.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNdbLjQ.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQkhTLL.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxUzxlm.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDvBSPr.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEodcqy.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgmHqsN.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBZsdlq.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQuUNYJ.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGLviAO.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pCwYeZM.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgcPGAs.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNBwlCS.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVbsArH.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJttraA.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApAvrtX.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YpUcrvH.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvMRkkr.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXzUzci.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvVtVYr.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdrJTiq.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhcGXHp.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhJtLEU.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYpuClx.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAOLqIc.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqooLXl.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnmNGEo.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFosffr.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPjIwdW.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQghHlw.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysqAIty.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMbGrvx.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOIqtiW.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlhSXiL.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpvIQea.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emvkKyE.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFNrotJ.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIlwCUf.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xeZbaMI.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GOPlblO.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxbUZno.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhuMXAM.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGNKaFN.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGOTrlX.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQfektc.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADPRnwt.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLecHSn.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKYcUYY.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EraPyaB.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DJhQIlb.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzZwZMn.exe	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2800	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2096 wrote to memory of 2800	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2096 wrote to memory of 2800	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2096 wrote to memory of 2888	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2096 wrote to memory of 2888	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2096 wrote to memory of 2888	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2096 wrote to memory of 2724	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2096 wrote to memory of 2724	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2096 wrote to memory of 2724	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2096 wrote to memory of 2908	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2096 wrote to memory of 2908	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2096 wrote to memory of 2908	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2096 wrote to memory of 2624	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2096 wrote to memory of 2624	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2096 wrote to memory of 2624	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2096 wrote to memory of 1804	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2096 wrote to memory of 1804	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2096 wrote to memory of 1804	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2096 wrote to memory of 2832	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2096 wrote to memory of 2832	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2096 wrote to memory of 2832	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2096 wrote to memory of 2596	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2096 wrote to memory of 2596	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2096 wrote to memory of 2596	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2096 wrote to memory of 2648	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2096 wrote to memory of 2648	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2096 wrote to memory of 2648	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2096 wrote to memory of 2304	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2096 wrote to memory of 2304	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2096 wrote to memory of 2304	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2096 wrote to memory of 1776	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2096 wrote to memory of 1776	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2096 wrote to memory of 1776	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2096 wrote to memory of 2840	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2096 wrote to memory of 2840	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2096 wrote to memory of 2840	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2096 wrote to memory of 2012	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2096 wrote to memory of 2012	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2096 wrote to memory of 2012	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2096 wrote to memory of 2060	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2096 wrote to memory of 2060	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2096 wrote to memory of 2060	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2096 wrote to memory of 2080	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2096 wrote to memory of 2080	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2096 wrote to memory of 2080	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2096 wrote to memory of 760	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2096 wrote to memory of 760	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2096 wrote to memory of 760	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2096 wrote to memory of 264	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2096 wrote to memory of 264	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2096 wrote to memory of 264	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2096 wrote to memory of 2964	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2096 wrote to memory of 2964	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2096 wrote to memory of 2964	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2096 wrote to memory of 2972	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2096 wrote to memory of 2972	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2096 wrote to memory of 2972	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2096 wrote to memory of 2296	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2096 wrote to memory of 2296	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2096 wrote to memory of 2296	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2096 wrote to memory of 2828	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2096 wrote to memory of 2828	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2096 wrote to memory of 2828	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2096 wrote to memory of 2836	2096	2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_85f61cd9e9c7eff337751b80088af31b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\System\bSwYhxC.exe
  C:\Windows\System\bSwYhxC.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\sssCjOL.exe
  C:\Windows\System\sssCjOL.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\mJEnlJv.exe
  C:\Windows\System\mJEnlJv.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\OmJbFQo.exe
  C:\Windows\System\OmJbFQo.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\SUUrbAn.exe
  C:\Windows\System\SUUrbAn.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\YJwvTTw.exe
  C:\Windows\System\YJwvTTw.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\YmUfMjd.exe
  C:\Windows\System\YmUfMjd.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\nYpuClx.exe
  C:\Windows\System\nYpuClx.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\bnAHIDf.exe
  C:\Windows\System\bnAHIDf.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\RdCbvTP.exe
  C:\Windows\System\RdCbvTP.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\cdpohzV.exe
  C:\Windows\System\cdpohzV.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\FLbhpoB.exe
  C:\Windows\System\FLbhpoB.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\jbMpqWT.exe
  C:\Windows\System\jbMpqWT.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\pCwYeZM.exe
  C:\Windows\System\pCwYeZM.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\FbUBkWN.exe
  C:\Windows\System\FbUBkWN.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\aNqEPBb.exe
  C:\Windows\System\aNqEPBb.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\xRpsDjw.exe
  C:\Windows\System\xRpsDjw.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\daYaPgE.exe
  C:\Windows\System\daYaPgE.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\mOJBlQo.exe
  C:\Windows\System\mOJBlQo.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\nNUsNUy.exe
  C:\Windows\System\nNUsNUy.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\uhgHZyH.exe
  C:\Windows\System\uhgHZyH.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\dFMobKp.exe
  C:\Windows\System\dFMobKp.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\YqZYNDB.exe
  C:\Windows\System\YqZYNDB.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\cFMHIYC.exe
  C:\Windows\System\cFMHIYC.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\dMjVyIs.exe
  C:\Windows\System\dMjVyIs.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\GNspGsW.exe
  C:\Windows\System\GNspGsW.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\uXoCwvI.exe
  C:\Windows\System\uXoCwvI.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\bzIzOWU.exe
  C:\Windows\System\bzIzOWU.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\qQOTgDp.exe
  C:\Windows\System\qQOTgDp.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\PZIwzaf.exe
  C:\Windows\System\PZIwzaf.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\aPAvZNC.exe
  C:\Windows\System\aPAvZNC.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\yXjLgxh.exe
  C:\Windows\System\yXjLgxh.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\PLEnpPJ.exe
  C:\Windows\System\PLEnpPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\DphYIqf.exe
  C:\Windows\System\DphYIqf.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\BqwgpiK.exe
  C:\Windows\System\BqwgpiK.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\OKKirbh.exe
  C:\Windows\System\OKKirbh.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\nkuxVdH.exe
  C:\Windows\System\nkuxVdH.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\pgdiKlo.exe
  C:\Windows\System\pgdiKlo.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\fGithrI.exe
  C:\Windows\System\fGithrI.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\MFnEAzk.exe
  C:\Windows\System\MFnEAzk.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\KLEtDTE.exe
  C:\Windows\System\KLEtDTE.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\WgdUVKW.exe
  C:\Windows\System\WgdUVKW.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\BVFEjqE.exe
  C:\Windows\System\BVFEjqE.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\zYiIpbi.exe
  C:\Windows\System\zYiIpbi.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\WfZXpMy.exe
  C:\Windows\System\WfZXpMy.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\ZdzwLSt.exe
  C:\Windows\System\ZdzwLSt.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\ybOcBXY.exe
  C:\Windows\System\ybOcBXY.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\XbVKtpI.exe
  C:\Windows\System\XbVKtpI.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\JTazAxd.exe
  C:\Windows\System\JTazAxd.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\ZLecHSn.exe
  C:\Windows\System\ZLecHSn.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\umzDxtO.exe
  C:\Windows\System\umzDxtO.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\NzqQUfB.exe
  C:\Windows\System\NzqQUfB.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\fCDfCyh.exe
  C:\Windows\System\fCDfCyh.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\iJdzKjK.exe
  C:\Windows\System\iJdzKjK.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\YtbsOlu.exe
  C:\Windows\System\YtbsOlu.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\CKHFhcL.exe
  C:\Windows\System\CKHFhcL.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\wmNfnkZ.exe
  C:\Windows\System\wmNfnkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\SQOKmVB.exe
  C:\Windows\System\SQOKmVB.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\aMvmUxc.exe
  C:\Windows\System\aMvmUxc.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\UlJZeBF.exe
  C:\Windows\System\UlJZeBF.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\VgFlSjX.exe
  C:\Windows\System\VgFlSjX.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\owfLYup.exe
  C:\Windows\System\owfLYup.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\MkLudxm.exe
  C:\Windows\System\MkLudxm.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\fjfPlVU.exe
  C:\Windows\System\fjfPlVU.exe
  2⤵
  PID:352
- C:\Windows\System\pHKTDNp.exe
  C:\Windows\System\pHKTDNp.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\bKOjtyC.exe
  C:\Windows\System\bKOjtyC.exe
  2⤵
  PID:2856
- C:\Windows\System\ZeXaIZS.exe
  C:\Windows\System\ZeXaIZS.exe
  2⤵
  PID:2988
- C:\Windows\System\FWROrSN.exe
  C:\Windows\System\FWROrSN.exe
  2⤵
  PID:2212
- C:\Windows\System\gjHvSJA.exe
  C:\Windows\System\gjHvSJA.exe
  2⤵
  PID:2956
- C:\Windows\System\DKKXuab.exe
  C:\Windows\System\DKKXuab.exe
  2⤵
  PID:2436
- C:\Windows\System\MEzPtvT.exe
  C:\Windows\System\MEzPtvT.exe
  2⤵
  PID:780
- C:\Windows\System\gJaNAAU.exe
  C:\Windows\System\gJaNAAU.exe
  2⤵
  PID:2088
- C:\Windows\System\iTqZbhW.exe
  C:\Windows\System\iTqZbhW.exe
  2⤵
  PID:980
- C:\Windows\System\xcwfpHU.exe
  C:\Windows\System\xcwfpHU.exe
  2⤵
  PID:1848
- C:\Windows\System\DtrhwBx.exe
  C:\Windows\System\DtrhwBx.exe
  2⤵
  PID:2116
- C:\Windows\System\uoFyeRq.exe
  C:\Windows\System\uoFyeRq.exe
  2⤵
  PID:2556
- C:\Windows\System\ZcFujTv.exe
  C:\Windows\System\ZcFujTv.exe
  2⤵
  PID:3048
- C:\Windows\System\QdkGCoG.exe
  C:\Windows\System\QdkGCoG.exe
  2⤵
  PID:2284
- C:\Windows\System\JRsPgxJ.exe
  C:\Windows\System\JRsPgxJ.exe
  2⤵
  PID:1952
- C:\Windows\System\OWxLbzg.exe
  C:\Windows\System\OWxLbzg.exe
  2⤵
  PID:2292
- C:\Windows\System\rayIYlk.exe
  C:\Windows\System\rayIYlk.exe
  2⤵
  PID:640
- C:\Windows\System\DZatFeH.exe
  C:\Windows\System\DZatFeH.exe
  2⤵
  PID:1520
- C:\Windows\System\tBKhLQV.exe
  C:\Windows\System\tBKhLQV.exe
  2⤵
  PID:1232
- C:\Windows\System\YfrryRx.exe
  C:\Windows\System\YfrryRx.exe
  2⤵
  PID:2400
- C:\Windows\System\CMzJgLW.exe
  C:\Windows\System\CMzJgLW.exe
  2⤵
  PID:2384
- C:\Windows\System\cuoeBeJ.exe
  C:\Windows\System\cuoeBeJ.exe
  2⤵
  PID:1968
- C:\Windows\System\NZsKZMI.exe
  C:\Windows\System\NZsKZMI.exe
  2⤵
  PID:1012
- C:\Windows\System\MvNEvlr.exe
  C:\Windows\System\MvNEvlr.exe
  2⤵
  PID:888
- C:\Windows\System\FObqsUI.exe
  C:\Windows\System\FObqsUI.exe
  2⤵
  PID:1692
- C:\Windows\System\GLfpZeK.exe
  C:\Windows\System\GLfpZeK.exe
  2⤵
  PID:3024
- C:\Windows\System\ZJPJtII.exe
  C:\Windows\System\ZJPJtII.exe
  2⤵
  PID:1684
- C:\Windows\System\QldaTlr.exe
  C:\Windows\System\QldaTlr.exe
  2⤵
  PID:2672
- C:\Windows\System\WGNKaFN.exe
  C:\Windows\System\WGNKaFN.exe
  2⤵
  PID:2772
- C:\Windows\System\vtCeGoa.exe
  C:\Windows\System\vtCeGoa.exe
  2⤵
  PID:2004
- C:\Windows\System\NeLCDuS.exe
  C:\Windows\System\NeLCDuS.exe
  2⤵
  PID:2976
- C:\Windows\System\PZJvgUw.exe
  C:\Windows\System\PZJvgUw.exe
  2⤵
  PID:2076
- C:\Windows\System\GrpnCAj.exe
  C:\Windows\System\GrpnCAj.exe
  2⤵
  PID:2860
- C:\Windows\System\tHWfRzG.exe
  C:\Windows\System\tHWfRzG.exe
  2⤵
  PID:2880
- C:\Windows\System\TTVNwgl.exe
  C:\Windows\System\TTVNwgl.exe
  2⤵
  PID:2104
- C:\Windows\System\LxQAblZ.exe
  C:\Windows\System\LxQAblZ.exe
  2⤵
  PID:2412
- C:\Windows\System\alaOadu.exe
  C:\Windows\System\alaOadu.exe
  2⤵
  PID:1536
- C:\Windows\System\JDlscAO.exe
  C:\Windows\System\JDlscAO.exe
  2⤵
  PID:1748
- C:\Windows\System\TdFtqRH.exe
  C:\Windows\System\TdFtqRH.exe
  2⤵
  PID:1336
- C:\Windows\System\IyauOLn.exe
  C:\Windows\System\IyauOLn.exe
  2⤵
  PID:600
- C:\Windows\System\iAOLqIc.exe
  C:\Windows\System\iAOLqIc.exe
  2⤵
  PID:1288
- C:\Windows\System\rGgptmI.exe
  C:\Windows\System\rGgptmI.exe
  2⤵
  PID:2916
- C:\Windows\System\tfweAje.exe
  C:\Windows\System\tfweAje.exe
  2⤵
  PID:1632
- C:\Windows\System\mCUcvWE.exe
  C:\Windows\System\mCUcvWE.exe
  2⤵
  PID:3028
- C:\Windows\System\SgGOSfX.exe
  C:\Windows\System\SgGOSfX.exe
  2⤵
  PID:2628
- C:\Windows\System\URmfLUg.exe
  C:\Windows\System\URmfLUg.exe
  2⤵
  PID:2896
- C:\Windows\System\cBlAfGb.exe
  C:\Windows\System\cBlAfGb.exe
  2⤵
  PID:3084
- C:\Windows\System\EbZJmGD.exe
  C:\Windows\System\EbZJmGD.exe
  2⤵
  PID:3100
- C:\Windows\System\FTxZbvY.exe
  C:\Windows\System\FTxZbvY.exe
  2⤵
  PID:3116
- C:\Windows\System\BaHCxNq.exe
  C:\Windows\System\BaHCxNq.exe
  2⤵
  PID:3132
- C:\Windows\System\UnvajWL.exe
  C:\Windows\System\UnvajWL.exe
  2⤵
  PID:3148
- C:\Windows\System\DRDlkpM.exe
  C:\Windows\System\DRDlkpM.exe
  2⤵
  PID:3164
- C:\Windows\System\zPjuznO.exe
  C:\Windows\System\zPjuznO.exe
  2⤵
  PID:3180
- C:\Windows\System\qNLbmwR.exe
  C:\Windows\System\qNLbmwR.exe
  2⤵
  PID:3196
- C:\Windows\System\NiiHHtC.exe
  C:\Windows\System\NiiHHtC.exe
  2⤵
  PID:3212
- C:\Windows\System\AMDBMqR.exe
  C:\Windows\System\AMDBMqR.exe
  2⤵
  PID:3228
- C:\Windows\System\MoWQGjy.exe
  C:\Windows\System\MoWQGjy.exe
  2⤵
  PID:3244
- C:\Windows\System\eACfznY.exe
  C:\Windows\System\eACfznY.exe
  2⤵
  PID:3260
- C:\Windows\System\BcUvjQm.exe
  C:\Windows\System\BcUvjQm.exe
  2⤵
  PID:3276
- C:\Windows\System\EFeBjyM.exe
  C:\Windows\System\EFeBjyM.exe
  2⤵
  PID:3292
- C:\Windows\System\vSabYXD.exe
  C:\Windows\System\vSabYXD.exe
  2⤵
  PID:3308
- C:\Windows\System\EZiFLhR.exe
  C:\Windows\System\EZiFLhR.exe
  2⤵
  PID:3324
- C:\Windows\System\FXXXquq.exe
  C:\Windows\System\FXXXquq.exe
  2⤵
  PID:3340
- C:\Windows\System\YvpMyba.exe
  C:\Windows\System\YvpMyba.exe
  2⤵
  PID:3356
- C:\Windows\System\GipYiaV.exe
  C:\Windows\System\GipYiaV.exe
  2⤵
  PID:3372
- C:\Windows\System\IIOxuFB.exe
  C:\Windows\System\IIOxuFB.exe
  2⤵
  PID:3388
- C:\Windows\System\BvDSbEp.exe
  C:\Windows\System\BvDSbEp.exe
  2⤵
  PID:3404
- C:\Windows\System\kxwatlB.exe
  C:\Windows\System\kxwatlB.exe
  2⤵
  PID:3420
- C:\Windows\System\AnMZVhh.exe
  C:\Windows\System\AnMZVhh.exe
  2⤵
  PID:3436
- C:\Windows\System\ydsifOc.exe
  C:\Windows\System\ydsifOc.exe
  2⤵
  PID:3452
- C:\Windows\System\EQDvIPe.exe
  C:\Windows\System\EQDvIPe.exe
  2⤵
  PID:3468
- C:\Windows\System\XmdSeZm.exe
  C:\Windows\System\XmdSeZm.exe
  2⤵
  PID:3484
- C:\Windows\System\tNXjDzL.exe
  C:\Windows\System\tNXjDzL.exe
  2⤵
  PID:3500
- C:\Windows\System\TYIdKSM.exe
  C:\Windows\System\TYIdKSM.exe
  2⤵
  PID:3524
- C:\Windows\System\UVHPOZV.exe
  C:\Windows\System\UVHPOZV.exe
  2⤵
  PID:3556
- C:\Windows\System\hXDmFyA.exe
  C:\Windows\System\hXDmFyA.exe
  2⤵
  PID:3616
- C:\Windows\System\IxVsQvE.exe
  C:\Windows\System\IxVsQvE.exe
  2⤵
  PID:3644
- C:\Windows\System\jSPxqwO.exe
  C:\Windows\System\jSPxqwO.exe
  2⤵
  PID:3672
- C:\Windows\System\cngAFFv.exe
  C:\Windows\System\cngAFFv.exe
  2⤵
  PID:3700
- C:\Windows\System\LRJjiIF.exe
  C:\Windows\System\LRJjiIF.exe
  2⤵
  PID:3716
- C:\Windows\System\YKLwVbR.exe
  C:\Windows\System\YKLwVbR.exe
  2⤵
  PID:3732
- C:\Windows\System\PFuGnKV.exe
  C:\Windows\System\PFuGnKV.exe
  2⤵
  PID:3748
- C:\Windows\System\CydCQnJ.exe
  C:\Windows\System\CydCQnJ.exe
  2⤵
  PID:3764
- C:\Windows\System\MteaNjT.exe
  C:\Windows\System\MteaNjT.exe
  2⤵
  PID:3780
- C:\Windows\System\jkMJuAN.exe
  C:\Windows\System\jkMJuAN.exe
  2⤵
  PID:3796
- C:\Windows\System\SGUPEHK.exe
  C:\Windows\System\SGUPEHK.exe
  2⤵
  PID:3812
- C:\Windows\System\tfaRyjZ.exe
  C:\Windows\System\tfaRyjZ.exe
  2⤵
  PID:3828
- C:\Windows\System\hBlTdcc.exe
  C:\Windows\System\hBlTdcc.exe
  2⤵
  PID:3844
- C:\Windows\System\BqcurIH.exe
  C:\Windows\System\BqcurIH.exe
  2⤵
  PID:3860
- C:\Windows\System\bxkCgDK.exe
  C:\Windows\System\bxkCgDK.exe
  2⤵
  PID:3876
- C:\Windows\System\JHFbZmE.exe
  C:\Windows\System\JHFbZmE.exe
  2⤵
  PID:3892
- C:\Windows\System\YWOtpBn.exe
  C:\Windows\System\YWOtpBn.exe
  2⤵
  PID:3908
- C:\Windows\System\gZJjsXp.exe
  C:\Windows\System\gZJjsXp.exe
  2⤵
  PID:3924
- C:\Windows\System\TElzFWg.exe
  C:\Windows\System\TElzFWg.exe
  2⤵
  PID:3940
- C:\Windows\System\sERdSyx.exe
  C:\Windows\System\sERdSyx.exe
  2⤵
  PID:3956
- C:\Windows\System\ScJFbFU.exe
  C:\Windows\System\ScJFbFU.exe
  2⤵
  PID:3972
- C:\Windows\System\ZtarcRT.exe
  C:\Windows\System\ZtarcRT.exe
  2⤵
  PID:3988
- C:\Windows\System\NaZwiPh.exe
  C:\Windows\System\NaZwiPh.exe
  2⤵
  PID:4004
- C:\Windows\System\uwttCRg.exe
  C:\Windows\System\uwttCRg.exe
  2⤵
  PID:4020
- C:\Windows\System\rrZYMUA.exe
  C:\Windows\System\rrZYMUA.exe
  2⤵
  PID:4036
- C:\Windows\System\GjZRqgR.exe
  C:\Windows\System\GjZRqgR.exe
  2⤵
  PID:4052
- C:\Windows\System\RKdhnIK.exe
  C:\Windows\System\RKdhnIK.exe
  2⤵
  PID:4068
- C:\Windows\System\aKZglIY.exe
  C:\Windows\System\aKZglIY.exe
  2⤵
  PID:4084
- C:\Windows\System\tAglTmN.exe
  C:\Windows\System\tAglTmN.exe
  2⤵
  PID:2148
- C:\Windows\System\IXzUzci.exe
  C:\Windows\System\IXzUzci.exe
  2⤵
  PID:620
- C:\Windows\System\OgsIDDH.exe
  C:\Windows\System\OgsIDDH.exe
  2⤵
  PID:2864
- C:\Windows\System\nJttraA.exe
  C:\Windows\System\nJttraA.exe
  2⤵
  PID:536
- C:\Windows\System\NrmkXqo.exe
  C:\Windows\System\NrmkXqo.exe
  2⤵
  PID:2536
- C:\Windows\System\IaVkOQc.exe
  C:\Windows\System\IaVkOQc.exe
  2⤵
  PID:3128
- C:\Windows\System\GgaJIql.exe
  C:\Windows\System\GgaJIql.exe
  2⤵
  PID:3160
- C:\Windows\System\cWfHXyk.exe
  C:\Windows\System\cWfHXyk.exe
  2⤵
  PID:2188
- C:\Windows\System\ZYmKSbG.exe
  C:\Windows\System\ZYmKSbG.exe
  2⤵
  PID:3224
- C:\Windows\System\XOUWzWc.exe
  C:\Windows\System\XOUWzWc.exe
  2⤵
  PID:3288
- C:\Windows\System\DCfdLLI.exe
  C:\Windows\System\DCfdLLI.exe
  2⤵
  PID:3348
- C:\Windows\System\LTBhbCj.exe
  C:\Windows\System\LTBhbCj.exe
  2⤵
  PID:3412
- C:\Windows\System\xqtuNzp.exe
  C:\Windows\System\xqtuNzp.exe
  2⤵
  PID:3476
- C:\Windows\System\lVliWvj.exe
  C:\Windows\System\lVliWvj.exe
  2⤵
  PID:3516
- C:\Windows\System\OpJqcIx.exe
  C:\Windows\System\OpJqcIx.exe
  2⤵
  PID:3572
- C:\Windows\System\lRNBxad.exe
  C:\Windows\System\lRNBxad.exe
  2⤵
  PID:3588
- C:\Windows\System\EzKjdjW.exe
  C:\Windows\System\EzKjdjW.exe
  2⤵
  PID:1744
- C:\Windows\System\DhWMlye.exe
  C:\Windows\System\DhWMlye.exe
  2⤵
  PID:1584
- C:\Windows\System\IhFOgDi.exe
  C:\Windows\System\IhFOgDi.exe
  2⤵
  PID:3108
- C:\Windows\System\eknBgOo.exe
  C:\Windows\System\eknBgOo.exe
  2⤵
  PID:3604
- C:\Windows\System\EDHMlka.exe
  C:\Windows\System\EDHMlka.exe
  2⤵
  PID:3176
- C:\Windows\System\rZWrWaz.exe
  C:\Windows\System\rZWrWaz.exe
  2⤵
  PID:3656
- C:\Windows\System\XGJeUyk.exe
  C:\Windows\System\XGJeUyk.exe
  2⤵
  PID:3236
- C:\Windows\System\qcEwQfP.exe
  C:\Windows\System\qcEwQfP.exe
  2⤵
  PID:3300
- C:\Windows\System\PEWWaPj.exe
  C:\Windows\System\PEWWaPj.exe
  2⤵
  PID:3396
- C:\Windows\System\nwUuuwd.exe
  C:\Windows\System\nwUuuwd.exe
  2⤵
  PID:3492
- C:\Windows\System\KsMpOOM.exe
  C:\Windows\System\KsMpOOM.exe
  2⤵
  PID:3532
- C:\Windows\System\bpaBcet.exe
  C:\Windows\System\bpaBcet.exe
  2⤵
  PID:3548
- C:\Windows\System\RSMwwUS.exe
  C:\Windows\System\RSMwwUS.exe
  2⤵
  PID:3628
- C:\Windows\System\dLQxWnC.exe
  C:\Windows\System\dLQxWnC.exe
  2⤵
  PID:3368
- C:\Windows\System\jnKORqf.exe
  C:\Windows\System\jnKORqf.exe
  2⤵
  PID:3712
- C:\Windows\System\evPqXMF.exe
  C:\Windows\System\evPqXMF.exe
  2⤵
  PID:3724
- C:\Windows\System\HsiwWyt.exe
  C:\Windows\System\HsiwWyt.exe
  2⤵
  PID:3808
- C:\Windows\System\zuJwgLW.exe
  C:\Windows\System\zuJwgLW.exe
  2⤵
  PID:3788
- C:\Windows\System\CFCtGvF.exe
  C:\Windows\System\CFCtGvF.exe
  2⤵
  PID:3872
- C:\Windows\System\mdxHvcB.exe
  C:\Windows\System\mdxHvcB.exe
  2⤵
  PID:3936
- C:\Windows\System\kZFeJNZ.exe
  C:\Windows\System\kZFeJNZ.exe
  2⤵
  PID:3856
- C:\Windows\System\YzodMFt.exe
  C:\Windows\System\YzodMFt.exe
  2⤵
  PID:3144
- C:\Windows\System\pCvnwJw.exe
  C:\Windows\System\pCvnwJw.exe
  2⤵
  PID:3336
- C:\Windows\System\KXBdvdf.exe
  C:\Windows\System\KXBdvdf.exe
  2⤵
  PID:3624
- C:\Windows\System\twsJwPv.exe
  C:\Windows\System\twsJwPv.exe
  2⤵
  PID:3776
- C:\Windows\System\otgXYCV.exe
  C:\Windows\System\otgXYCV.exe
  2⤵
  PID:3868
- C:\Windows\System\DJhQIlb.exe
  C:\Windows\System\DJhQIlb.exe
  2⤵
  PID:3904
- C:\Windows\System\AvDAoYJ.exe
  C:\Windows\System\AvDAoYJ.exe
  2⤵
  PID:3580
- C:\Windows\System\XBSRxdj.exe
  C:\Windows\System\XBSRxdj.exe
  2⤵
  PID:3380
- C:\Windows\System\pwviDvQ.exe
  C:\Windows\System\pwviDvQ.exe
  2⤵
  PID:3612
- C:\Windows\System\XJkUAAe.exe
  C:\Windows\System\XJkUAAe.exe
  2⤵
  PID:3272
- C:\Windows\System\okhXBqV.exe
  C:\Windows\System\okhXBqV.exe
  2⤵
  PID:3544
- C:\Windows\System\zNWoqaC.exe
  C:\Windows\System\zNWoqaC.exe
  2⤵
  PID:3756
- C:\Windows\System\TAdmkaz.exe
  C:\Windows\System\TAdmkaz.exe
  2⤵
  PID:4028
- C:\Windows\System\FIkxCjH.exe
  C:\Windows\System\FIkxCjH.exe
  2⤵
  PID:3884
- C:\Windows\System\SCBKsIw.exe
  C:\Windows\System\SCBKsIw.exe
  2⤵
  PID:4092
- C:\Windows\System\ABSAIdq.exe
  C:\Windows\System\ABSAIdq.exe
  2⤵
  PID:2508
- C:\Windows\System\ecASRvp.exe
  C:\Windows\System\ecASRvp.exe
  2⤵
  PID:1956
- C:\Windows\System\NGYEeQH.exe
  C:\Windows\System\NGYEeQH.exe
  2⤵
  PID:3984
- C:\Windows\System\CNUsfkB.exe
  C:\Windows\System\CNUsfkB.exe
  2⤵
  PID:2176
- C:\Windows\System\xfPEVln.exe
  C:\Windows\System\xfPEVln.exe
  2⤵
  PID:2524
- C:\Windows\System\bmLynTV.exe
  C:\Windows\System\bmLynTV.exe
  2⤵
  PID:3316
- C:\Windows\System\xdivieR.exe
  C:\Windows\System\xdivieR.exe
  2⤵
  PID:3564
- C:\Windows\System\KGryHYg.exe
  C:\Windows\System\KGryHYg.exe
  2⤵
  PID:3080
- C:\Windows\System\KsHpacs.exe
  C:\Windows\System\KsHpacs.exe
  2⤵
  PID:3920
- C:\Windows\System\PGWJhyU.exe
  C:\Windows\System\PGWJhyU.exe
  2⤵
  PID:3284
- C:\Windows\System\kfhvPUU.exe
  C:\Windows\System\kfhvPUU.exe
  2⤵
  PID:3968
- C:\Windows\System\oftfpHH.exe
  C:\Windows\System\oftfpHH.exe
  2⤵
  PID:3384
- C:\Windows\System\bXtvfMw.exe
  C:\Windows\System\bXtvfMw.exe
  2⤵
  PID:4212
- C:\Windows\System\lmlRAuK.exe
  C:\Windows\System\lmlRAuK.exe
  2⤵
  PID:4520
- C:\Windows\System\BjrlhAJ.exe
  C:\Windows\System\BjrlhAJ.exe
  2⤵
  PID:4536
- C:\Windows\System\FBwFSoC.exe
  C:\Windows\System\FBwFSoC.exe
  2⤵
  PID:4552
- C:\Windows\System\kaMwXCC.exe
  C:\Windows\System\kaMwXCC.exe
  2⤵
  PID:4568
- C:\Windows\System\OZmXecV.exe
  C:\Windows\System\OZmXecV.exe
  2⤵
  PID:4584
- C:\Windows\System\oFyeGtI.exe
  C:\Windows\System\oFyeGtI.exe
  2⤵
  PID:4600
- C:\Windows\System\MBmtnCj.exe
  C:\Windows\System\MBmtnCj.exe
  2⤵
  PID:4616
- C:\Windows\System\cNSNCtK.exe
  C:\Windows\System\cNSNCtK.exe
  2⤵
  PID:4632
- C:\Windows\System\Vgjgwlv.exe
  C:\Windows\System\Vgjgwlv.exe
  2⤵
  PID:4648
- C:\Windows\System\KbMebTq.exe
  C:\Windows\System\KbMebTq.exe
  2⤵
  PID:4664
- C:\Windows\System\gRePrRr.exe
  C:\Windows\System\gRePrRr.exe
  2⤵
  PID:4680
- C:\Windows\System\KZiKfqc.exe
  C:\Windows\System\KZiKfqc.exe
  2⤵
  PID:4700
- C:\Windows\System\vYCMJtB.exe
  C:\Windows\System\vYCMJtB.exe
  2⤵
  PID:4716
- C:\Windows\System\UejJLiY.exe
  C:\Windows\System\UejJLiY.exe
  2⤵
  PID:4732
- C:\Windows\System\IjkncDd.exe
  C:\Windows\System\IjkncDd.exe
  2⤵
  PID:4748
- C:\Windows\System\UDOfaeo.exe
  C:\Windows\System\UDOfaeo.exe
  2⤵
  PID:4764
- C:\Windows\System\hhjQGpH.exe
  C:\Windows\System\hhjQGpH.exe
  2⤵
  PID:4780
- C:\Windows\System\baJSnWZ.exe
  C:\Windows\System\baJSnWZ.exe
  2⤵
  PID:4796
- C:\Windows\System\wqDJpfj.exe
  C:\Windows\System\wqDJpfj.exe
  2⤵
  PID:4812
- C:\Windows\System\LUICVbi.exe
  C:\Windows\System\LUICVbi.exe
  2⤵
  PID:4828
- C:\Windows\System\olskePv.exe
  C:\Windows\System\olskePv.exe
  2⤵
  PID:4844
- C:\Windows\System\pAYaxOV.exe
  C:\Windows\System\pAYaxOV.exe
  2⤵
  PID:4860
- C:\Windows\System\hEtRfYX.exe
  C:\Windows\System\hEtRfYX.exe
  2⤵
  PID:4876
- C:\Windows\System\rhyLivE.exe
  C:\Windows\System\rhyLivE.exe
  2⤵
  PID:4892
- C:\Windows\System\ucPTwvO.exe
  C:\Windows\System\ucPTwvO.exe
  2⤵
  PID:4908
- C:\Windows\System\CfYuNmE.exe
  C:\Windows\System\CfYuNmE.exe
  2⤵
  PID:4924
- C:\Windows\System\CwXNxWs.exe
  C:\Windows\System\CwXNxWs.exe
  2⤵
  PID:4940
- C:\Windows\System\BCvDxsi.exe
  C:\Windows\System\BCvDxsi.exe
  2⤵
  PID:4956
- C:\Windows\System\GseiGow.exe
  C:\Windows\System\GseiGow.exe
  2⤵
  PID:4972
- C:\Windows\System\fzVUbfw.exe
  C:\Windows\System\fzVUbfw.exe
  2⤵
  PID:4988
- C:\Windows\System\chPUvJp.exe
  C:\Windows\System\chPUvJp.exe
  2⤵
  PID:5004
- C:\Windows\System\jzZwZMn.exe
  C:\Windows\System\jzZwZMn.exe
  2⤵
  PID:5020
- C:\Windows\System\sCjFXGf.exe
  C:\Windows\System\sCjFXGf.exe
  2⤵
  PID:5036
- C:\Windows\System\ymabZOp.exe
  C:\Windows\System\ymabZOp.exe
  2⤵
  PID:5052
- C:\Windows\System\FPCooZh.exe
  C:\Windows\System\FPCooZh.exe
  2⤵
  PID:5068
- C:\Windows\System\BuriyDt.exe
  C:\Windows\System\BuriyDt.exe
  2⤵
  PID:5088
- C:\Windows\System\WywqDuf.exe
  C:\Windows\System\WywqDuf.exe
  2⤵
  PID:5104
- C:\Windows\System\KZncLCA.exe
  C:\Windows\System\KZncLCA.exe
  2⤵
  PID:3744
- C:\Windows\System\nRmdHGF.exe
  C:\Windows\System\nRmdHGF.exe
  2⤵
  PID:924
- C:\Windows\System\NfgcJBE.exe
  C:\Windows\System\NfgcJBE.exe
  2⤵
  PID:3192
- C:\Windows\System\PyhGXKL.exe
  C:\Windows\System\PyhGXKL.exe
  2⤵
  PID:3664
- C:\Windows\System\pehQgDR.exe
  C:\Windows\System\pehQgDR.exe
  2⤵
  PID:3608
- C:\Windows\System\vVKlgcG.exe
  C:\Windows\System\vVKlgcG.exe
  2⤵
  PID:4104
- C:\Windows\System\ZbCXBMW.exe
  C:\Windows\System\ZbCXBMW.exe
  2⤵
  PID:4120
- C:\Windows\System\cxEpQNA.exe
  C:\Windows\System\cxEpQNA.exe
  2⤵
  PID:4136
- C:\Windows\System\fClRBOL.exe
  C:\Windows\System\fClRBOL.exe
  2⤵
  PID:4152
- C:\Windows\System\fDIsdVz.exe
  C:\Windows\System\fDIsdVz.exe
  2⤵
  PID:4168
- C:\Windows\System\GtyrqbM.exe
  C:\Windows\System\GtyrqbM.exe
  2⤵
  PID:4184
- C:\Windows\System\dlGylIC.exe
  C:\Windows\System\dlGylIC.exe
  2⤵
  PID:4200
- C:\Windows\System\BDNyjZg.exe
  C:\Windows\System\BDNyjZg.exe
  2⤵
  PID:3540
- C:\Windows\System\oCTPWIs.exe
  C:\Windows\System\oCTPWIs.exe
  2⤵
  PID:4044
- C:\Windows\System\OojLceC.exe
  C:\Windows\System\OojLceC.exe
  2⤵
  PID:3124
- C:\Windows\System\aIJSpSF.exe
  C:\Windows\System\aIJSpSF.exe
  2⤵
  PID:3824
- C:\Windows\System\bmHxFwd.exe
  C:\Windows\System\bmHxFwd.exe
  2⤵
  PID:4220
- C:\Windows\System\ToKegNk.exe
  C:\Windows\System\ToKegNk.exe
  2⤵
  PID:4236
- C:\Windows\System\KvzRWwr.exe
  C:\Windows\System\KvzRWwr.exe
  2⤵
  PID:4252
- C:\Windows\System\MysdiGy.exe
  C:\Windows\System\MysdiGy.exe
  2⤵
  PID:4268
- C:\Windows\System\XOVXwjY.exe
  C:\Windows\System\XOVXwjY.exe
  2⤵
  PID:4284
- C:\Windows\System\XhPdvVD.exe
  C:\Windows\System\XhPdvVD.exe
  2⤵
  PID:4300
- C:\Windows\System\kvVtVYr.exe
  C:\Windows\System\kvVtVYr.exe
  2⤵
  PID:4316
- C:\Windows\System\KVMsLKE.exe
  C:\Windows\System\KVMsLKE.exe
  2⤵
  PID:4328
- C:\Windows\System\uHdfhBE.exe
  C:\Windows\System\uHdfhBE.exe
  2⤵
  PID:4348
- C:\Windows\System\ORtOWDJ.exe
  C:\Windows\System\ORtOWDJ.exe
  2⤵
  PID:4364
- C:\Windows\System\LmjVCIf.exe
  C:\Windows\System\LmjVCIf.exe
  2⤵
  PID:2324
- C:\Windows\System\mCHeLwJ.exe
  C:\Windows\System\mCHeLwJ.exe
  2⤵
  PID:4388
- C:\Windows\System\iakfGWs.exe
  C:\Windows\System\iakfGWs.exe
  2⤵
  PID:4412
- C:\Windows\System\NwWLoJV.exe
  C:\Windows\System\NwWLoJV.exe
  2⤵
  PID:4428
- C:\Windows\System\lwuLksq.exe
  C:\Windows\System\lwuLksq.exe
  2⤵
  PID:4436
- C:\Windows\System\GEFXJSC.exe
  C:\Windows\System\GEFXJSC.exe
  2⤵
  PID:4452
- C:\Windows\System\QRCgJAB.exe
  C:\Windows\System\QRCgJAB.exe
  2⤵
  PID:4468
- C:\Windows\System\PvcIZrB.exe
  C:\Windows\System\PvcIZrB.exe
  2⤵
  PID:4484
- C:\Windows\System\snHRRLV.exe
  C:\Windows\System\snHRRLV.exe
  2⤵
  PID:4500
- C:\Windows\System\NxWIuBM.exe
  C:\Windows\System\NxWIuBM.exe
  2⤵
  PID:4560
- C:\Windows\System\WgAZDGl.exe
  C:\Windows\System\WgAZDGl.exe
  2⤵
  PID:4624
- C:\Windows\System\ZzwieWo.exe
  C:\Windows\System\ZzwieWo.exe
  2⤵
  PID:4656
- C:\Windows\System\pLMOXJd.exe
  C:\Windows\System\pLMOXJd.exe
  2⤵
  PID:4692
- C:\Windows\System\bccYXiC.exe
  C:\Windows\System\bccYXiC.exe
  2⤵
  PID:4576
- C:\Windows\System\KrJwyIZ.exe
  C:\Windows\System\KrJwyIZ.exe
  2⤵
  PID:4644
- C:\Windows\System\KTLcUFY.exe
  C:\Windows\System\KTLcUFY.exe
  2⤵
  PID:4740
- C:\Windows\System\qHZcqEW.exe
  C:\Windows\System\qHZcqEW.exe
  2⤵
  PID:4756
- C:\Windows\System\DMEjcJH.exe
  C:\Windows\System\DMEjcJH.exe
  2⤵
  PID:4824
- C:\Windows\System\rDMXGMb.exe
  C:\Windows\System\rDMXGMb.exe
  2⤵
  PID:4776
- C:\Windows\System\jXmncmB.exe
  C:\Windows\System\jXmncmB.exe
  2⤵
  PID:4920
- C:\Windows\System\twlZuKr.exe
  C:\Windows\System\twlZuKr.exe
  2⤵
  PID:4984
- C:\Windows\System\OlHvtHE.exe
  C:\Windows\System\OlHvtHE.exe
  2⤵
  PID:5048
- C:\Windows\System\TafnMMk.exe
  C:\Windows\System\TafnMMk.exe
  2⤵
  PID:4804
- C:\Windows\System\MvFdbPB.exe
  C:\Windows\System\MvFdbPB.exe
  2⤵
  PID:4148
- C:\Windows\System\JPjIwdW.exe
  C:\Windows\System\JPjIwdW.exe
  2⤵
  PID:4112
- C:\Windows\System\gQvoemV.exe
  C:\Windows\System\gQvoemV.exe
  2⤵
  PID:4176
- C:\Windows\System\msWdzNL.exe
  C:\Windows\System\msWdzNL.exe
  2⤵
  PID:3188
- C:\Windows\System\RXueFFc.exe
  C:\Windows\System\RXueFFc.exe
  2⤵
  PID:4244
- C:\Windows\System\NkDVGUv.exe
  C:\Windows\System\NkDVGUv.exe
  2⤵
  PID:4280
- C:\Windows\System\ZJaROcR.exe
  C:\Windows\System\ZJaROcR.exe
  2⤵
  PID:4344
- C:\Windows\System\nmzfAgw.exe
  C:\Windows\System\nmzfAgw.exe
  2⤵
  PID:4376
- C:\Windows\System\hZbndLH.exe
  C:\Windows\System\hZbndLH.exe
  2⤵
  PID:3680
- C:\Windows\System\VfOCACq.exe
  C:\Windows\System\VfOCACq.exe
  2⤵
  PID:4160
- C:\Windows\System\IYBBuXu.exe
  C:\Windows\System\IYBBuXu.exe
  2⤵
  PID:4000
- C:\Windows\System\UcginUa.exe
  C:\Windows\System\UcginUa.exe
  2⤵
  PID:4228
- C:\Windows\System\RRMfbJN.exe
  C:\Windows\System\RRMfbJN.exe
  2⤵
  PID:4292
- C:\Windows\System\ippJAvq.exe
  C:\Windows\System\ippJAvq.exe
  2⤵
  PID:4424
- C:\Windows\System\odaimyw.exe
  C:\Windows\System\odaimyw.exe
  2⤵
  PID:4492
- C:\Windows\System\uyXZPQT.exe
  C:\Windows\System\uyXZPQT.exe
  2⤵
  PID:4516
- C:\Windows\System\kzqFznC.exe
  C:\Windows\System\kzqFznC.exe
  2⤵
  PID:4416
- C:\Windows\System\dIbNJCO.exe
  C:\Windows\System\dIbNJCO.exe
  2⤵
  PID:1768
- C:\Windows\System\hVCtgqG.exe
  C:\Windows\System\hVCtgqG.exe
  2⤵
  PID:4728
- C:\Windows\System\LAsuzjU.exe
  C:\Windows\System\LAsuzjU.exe
  2⤵
  PID:4356
- C:\Windows\System\HrkDjby.exe
  C:\Windows\System\HrkDjby.exe
  2⤵
  PID:4064
- C:\Windows\System\HIuVvgu.exe
  C:\Windows\System\HIuVvgu.exe
  2⤵
  PID:5060
- C:\Windows\System\oXYBTdj.exe
  C:\Windows\System\oXYBTdj.exe
  2⤵
  PID:4996
- C:\Windows\System\WRZFLZX.exe
  C:\Windows\System\WRZFLZX.exe
  2⤵
  PID:4932
- C:\Windows\System\EhrmNpK.exe
  C:\Windows\System\EhrmNpK.exe
  2⤵
  PID:4868
- C:\Windows\System\zFAnyuS.exe
  C:\Windows\System\zFAnyuS.exe
  2⤵
  PID:4448
- C:\Windows\System\iBvFUCL.exe
  C:\Windows\System\iBvFUCL.exe
  2⤵
  PID:4532
- C:\Windows\System\FvtRjmU.exe
  C:\Windows\System\FvtRjmU.exe
  2⤵
  PID:4548
- C:\Windows\System\YqnFLLp.exe
  C:\Windows\System\YqnFLLp.exe
  2⤵
  PID:4792
- C:\Windows\System\sgBZeTx.exe
  C:\Windows\System\sgBZeTx.exe
  2⤵
  PID:4916
- C:\Windows\System\OdQkYTq.exe
  C:\Windows\System\OdQkYTq.exe
  2⤵
  PID:5080
- C:\Windows\System\AhqZkgt.exe
  C:\Windows\System\AhqZkgt.exe
  2⤵
  PID:5116
- C:\Windows\System\sqVAXUN.exe
  C:\Windows\System\sqVAXUN.exe
  2⤵
  PID:4180
- C:\Windows\System\vndMaZa.exe
  C:\Windows\System\vndMaZa.exe
  2⤵
  PID:4340
- C:\Windows\System\wtGDPls.exe
  C:\Windows\System\wtGDPls.exe
  2⤵
  PID:4192
- C:\Windows\System\OqKdaPQ.exe
  C:\Windows\System\OqKdaPQ.exe
  2⤵
  PID:5124
- C:\Windows\System\lRddPWP.exe
  C:\Windows\System\lRddPWP.exe
  2⤵
  PID:5140
- C:\Windows\System\FhrttNQ.exe
  C:\Windows\System\FhrttNQ.exe
  2⤵
  PID:5156
- C:\Windows\System\BldrcJj.exe
  C:\Windows\System\BldrcJj.exe
  2⤵
  PID:5172
- C:\Windows\System\PdiIjHK.exe
  C:\Windows\System\PdiIjHK.exe
  2⤵
  PID:5188
- C:\Windows\System\ijZgkXg.exe
  C:\Windows\System\ijZgkXg.exe
  2⤵
  PID:5204
- C:\Windows\System\LmjKcjq.exe
  C:\Windows\System\LmjKcjq.exe
  2⤵
  PID:5220
- C:\Windows\System\uSFaDnJ.exe
  C:\Windows\System\uSFaDnJ.exe
  2⤵
  PID:5236
- C:\Windows\System\Maonucv.exe
  C:\Windows\System\Maonucv.exe
  2⤵
  PID:5252
- C:\Windows\System\OpFDdtb.exe
  C:\Windows\System\OpFDdtb.exe
  2⤵
  PID:5268
- C:\Windows\System\ZcgajtE.exe
  C:\Windows\System\ZcgajtE.exe
  2⤵
  PID:5284
- C:\Windows\System\bPnyurQ.exe
  C:\Windows\System\bPnyurQ.exe
  2⤵
  PID:5300
- C:\Windows\System\YjKRCAV.exe
  C:\Windows\System\YjKRCAV.exe
  2⤵
  PID:5316
- C:\Windows\System\lMntQVA.exe
  C:\Windows\System\lMntQVA.exe
  2⤵
  PID:5340
- C:\Windows\System\xZrLLuJ.exe
  C:\Windows\System\xZrLLuJ.exe
  2⤵
  PID:5992
- C:\Windows\System\lkupVKX.exe
  C:\Windows\System\lkupVKX.exe
  2⤵
  PID:6008
- C:\Windows\System\XCWVBYn.exe
  C:\Windows\System\XCWVBYn.exe
  2⤵
  PID:6024
- C:\Windows\System\IlNDtqd.exe
  C:\Windows\System\IlNDtqd.exe
  2⤵
  PID:6040
- C:\Windows\System\EseePpU.exe
  C:\Windows\System\EseePpU.exe
  2⤵
  PID:6056
- C:\Windows\System\kEYxUZo.exe
  C:\Windows\System\kEYxUZo.exe
  2⤵
  PID:6076
- C:\Windows\System\zCsCbvQ.exe
  C:\Windows\System\zCsCbvQ.exe
  2⤵
  PID:6096
- C:\Windows\System\LDqphDR.exe
  C:\Windows\System\LDqphDR.exe
  2⤵
  PID:6112
- C:\Windows\System\RgePJEg.exe
  C:\Windows\System\RgePJEg.exe
  2⤵
  PID:6128
- C:\Windows\System\TBtvkGF.exe
  C:\Windows\System\TBtvkGF.exe
  2⤵
  PID:4460
- C:\Windows\System\IRpGgUm.exe
  C:\Windows\System\IRpGgUm.exe
  2⤵
  PID:4480
- C:\Windows\System\TWnKbAo.exe
  C:\Windows\System\TWnKbAo.exe
  2⤵
  PID:4980
- C:\Windows\System\OSWDUqb.exe
  C:\Windows\System\OSWDUqb.exe
  2⤵
  PID:5132
- C:\Windows\System\ZOBQkmA.exe
  C:\Windows\System\ZOBQkmA.exe
  2⤵
  PID:5196
- C:\Windows\System\jiaPAqY.exe
  C:\Windows\System\jiaPAqY.exe
  2⤵
  PID:5232
- C:\Windows\System\yoKJUFl.exe
  C:\Windows\System\yoKJUFl.exe
  2⤵
  PID:4276
- C:\Windows\System\neCrGJU.exe
  C:\Windows\System\neCrGJU.exe
  2⤵
  PID:3668
- C:\Windows\System\udSgmdL.exe
  C:\Windows\System\udSgmdL.exe
  2⤵
  PID:3708
- C:\Windows\System\fRCaZGj.exe
  C:\Windows\System\fRCaZGj.exe
  2⤵
  PID:4596
- C:\Windows\System\eLXhYfg.exe
  C:\Windows\System\eLXhYfg.exe
  2⤵
  PID:5064
- C:\Windows\System\cZDmdOD.exe
  C:\Windows\System\cZDmdOD.exe
  2⤵
  PID:4936
- C:\Windows\System\KQkGFmb.exe
  C:\Windows\System\KQkGFmb.exe
  2⤵
  PID:2904
- C:\Windows\System\VodlpCl.exe
  C:\Windows\System\VodlpCl.exe
  2⤵
  PID:4312
- C:\Windows\System\dMbNPSr.exe
  C:\Windows\System\dMbNPSr.exe
  2⤵
  PID:5152
- C:\Windows\System\JDmxeGt.exe
  C:\Windows\System\JDmxeGt.exe
  2⤵
  PID:5216
- C:\Windows\System\XlvRSYU.exe
  C:\Windows\System\XlvRSYU.exe
  2⤵
  PID:5308
- C:\Windows\System\uiwqxdj.exe
  C:\Windows\System\uiwqxdj.exe
  2⤵
  PID:2160
- C:\Windows\System\iHVgmgS.exe
  C:\Windows\System\iHVgmgS.exe
  2⤵
  PID:5364
- C:\Windows\System\OaXEzHZ.exe
  C:\Windows\System\OaXEzHZ.exe
  2⤵
  PID:5380
- C:\Windows\System\EJzrrBl.exe
  C:\Windows\System\EJzrrBl.exe
  2⤵
  PID:5396
- C:\Windows\System\BlPywSb.exe
  C:\Windows\System\BlPywSb.exe
  2⤵
  PID:5412
- C:\Windows\System\TGfphhA.exe
  C:\Windows\System\TGfphhA.exe
  2⤵
  PID:5440
- C:\Windows\System\rUMMZVL.exe
  C:\Windows\System\rUMMZVL.exe
  2⤵
  PID:5456
- C:\Windows\System\ugIjanI.exe
  C:\Windows\System\ugIjanI.exe
  2⤵
  PID:5472
- C:\Windows\System\jyxdZSr.exe
  C:\Windows\System\jyxdZSr.exe
  2⤵
  PID:5484
- C:\Windows\System\oebekgL.exe
  C:\Windows\System\oebekgL.exe
  2⤵
  PID:5504
- C:\Windows\System\XISyycI.exe
  C:\Windows\System\XISyycI.exe
  2⤵
  PID:5528
- C:\Windows\System\iZhzxoP.exe
  C:\Windows\System\iZhzxoP.exe
  2⤵
  PID:5548
- C:\Windows\System\oMxBnsN.exe
  C:\Windows\System\oMxBnsN.exe
  2⤵
  PID:5564
- C:\Windows\System\pdaKjOE.exe
  C:\Windows\System\pdaKjOE.exe
  2⤵
  PID:5584
- C:\Windows\System\MKYcUYY.exe
  C:\Windows\System\MKYcUYY.exe
  2⤵
  PID:5596
- C:\Windows\System\ebAksda.exe
  C:\Windows\System\ebAksda.exe
  2⤵
  PID:5612
- C:\Windows\System\HvHBDKN.exe
  C:\Windows\System\HvHBDKN.exe
  2⤵
  PID:5628
- C:\Windows\System\oDFNYYZ.exe
  C:\Windows\System\oDFNYYZ.exe
  2⤵
  PID:5644
- C:\Windows\System\oouusye.exe
  C:\Windows\System\oouusye.exe
  2⤵
  PID:5660
- C:\Windows\System\oCtPKPW.exe
  C:\Windows\System\oCtPKPW.exe
  2⤵
  PID:5732
- C:\Windows\System\EGpIkcP.exe
  C:\Windows\System\EGpIkcP.exe
  2⤵
  PID:5756
- C:\Windows\System\nmQSLrU.exe
  C:\Windows\System\nmQSLrU.exe
  2⤵
  PID:5772
- C:\Windows\System\uISshRW.exe
  C:\Windows\System\uISshRW.exe
  2⤵
  PID:5788
- C:\Windows\System\HmnhSpF.exe
  C:\Windows\System\HmnhSpF.exe
  2⤵
  PID:5804
- C:\Windows\System\SQGIvyo.exe
  C:\Windows\System\SQGIvyo.exe
  2⤵
  PID:5820
- C:\Windows\System\xJVHVkf.exe
  C:\Windows\System\xJVHVkf.exe
  2⤵
  PID:5836
- C:\Windows\System\ZWVgGqn.exe
  C:\Windows\System\ZWVgGqn.exe
  2⤵
  PID:5852
- C:\Windows\System\yBAxUHb.exe
  C:\Windows\System\yBAxUHb.exe
  2⤵
  PID:5868
- C:\Windows\System\HGOTrlX.exe
  C:\Windows\System\HGOTrlX.exe
  2⤵
  PID:5892
- C:\Windows\System\pDpinoi.exe
  C:\Windows\System\pDpinoi.exe
  2⤵
  PID:5908
- C:\Windows\System\RiCIJYF.exe
  C:\Windows\System\RiCIJYF.exe
  2⤵
  PID:5972
- C:\Windows\System\sQIecuD.exe
  C:\Windows\System\sQIecuD.exe
  2⤵
  PID:1764
- C:\Windows\System\nfhsVEi.exe
  C:\Windows\System\nfhsVEi.exe
  2⤵
  PID:1660
- C:\Windows\System\MNDxJaC.exe
  C:\Windows\System\MNDxJaC.exe
  2⤵
  PID:1572
- C:\Windows\System\lzGVHwx.exe
  C:\Windows\System\lzGVHwx.exe
  2⤵
  PID:1340
- C:\Windows\System\toSFLrt.exe
  C:\Windows\System\toSFLrt.exe
  2⤵
  PID:6036
- C:\Windows\System\zEPJsBO.exe
  C:\Windows\System\zEPJsBO.exe
  2⤵
  PID:6104
- C:\Windows\System\qDWbUnx.exe
  C:\Windows\System\qDWbUnx.exe
  2⤵
  PID:4464
- C:\Windows\System\HFNrotJ.exe
  C:\Windows\System\HFNrotJ.exe
  2⤵
  PID:5988
- C:\Windows\System\gJpFmLw.exe
  C:\Windows\System\gJpFmLw.exe
  2⤵
  PID:6092
- C:\Windows\System\uAtXTwK.exe
  C:\Windows\System\uAtXTwK.exe
  2⤵
  PID:4404
- C:\Windows\System\IxbdWhu.exe
  C:\Windows\System\IxbdWhu.exe
  2⤵
  PID:4808
- C:\Windows\System\froRlKq.exe
  C:\Windows\System\froRlKq.exe
  2⤵
  PID:2256
- C:\Windows\System\uYvwUAS.exe
  C:\Windows\System\uYvwUAS.exe
  2⤵
  PID:2796
- C:\Windows\System\vbmslvt.exe
  C:\Windows\System\vbmslvt.exe
  2⤵
  PID:1760
- C:\Windows\System\nMROUuY.exe
  C:\Windows\System\nMROUuY.exe
  2⤵
  PID:5292
- C:\Windows\System\JFlnDEG.exe
  C:\Windows\System\JFlnDEG.exe
  2⤵
  PID:1620
- C:\Windows\System\bdjtQUR.exe
  C:\Windows\System\bdjtQUR.exe
  2⤵
  PID:4372
- C:\Windows\System\GYjPkrh.exe
  C:\Windows\System\GYjPkrh.exe
  2⤵
  PID:5184
- C:\Windows\System\MZPvVlG.exe
  C:\Windows\System\MZPvVlG.exe
  2⤵
  PID:5276
- C:\Windows\System\qOwcnmV.exe
  C:\Windows\System\qOwcnmV.exe
  2⤵
  PID:4504
- C:\Windows\System\GkmeSjx.exe
  C:\Windows\System\GkmeSjx.exe
  2⤵
  PID:5372
- C:\Windows\System\vJRiZhY.exe
  C:\Windows\System\vJRiZhY.exe
  2⤵
  PID:5448
- C:\Windows\System\vcDEjVD.exe
  C:\Windows\System\vcDEjVD.exe
  2⤵
  PID:5468
- C:\Windows\System\apEgHoZ.exe
  C:\Windows\System\apEgHoZ.exe
  2⤵
  PID:5432
- C:\Windows\System\PumkLKK.exe
  C:\Windows\System\PumkLKK.exe
  2⤵
  PID:5540
- C:\Windows\System\SHdspOu.exe
  C:\Windows\System\SHdspOu.exe
  2⤵
  PID:5576
- C:\Windows\System\AnuiuLY.exe
  C:\Windows\System\AnuiuLY.exe
  2⤵
  PID:5608
- C:\Windows\System\Ctbrtjp.exe
  C:\Windows\System\Ctbrtjp.exe
  2⤵
  PID:5492
- C:\Windows\System\rqooLXl.exe
  C:\Windows\System\rqooLXl.exe
  2⤵
  PID:5524
- C:\Windows\System\LMYzXlJ.exe
  C:\Windows\System\LMYzXlJ.exe
  2⤵
  PID:5652
- C:\Windows\System\IdLivhG.exe
  C:\Windows\System\IdLivhG.exe
  2⤵
  PID:5708
- C:\Windows\System\pPvyXZA.exe
  C:\Windows\System\pPvyXZA.exe
  2⤵
  PID:5800
- C:\Windows\System\xoiZopU.exe
  C:\Windows\System\xoiZopU.exe
  2⤵
  PID:5676
- C:\Windows\System\RNXRyNM.exe
  C:\Windows\System\RNXRyNM.exe
  2⤵
  PID:5776
- C:\Windows\System\VjAKHJi.exe
  C:\Windows\System\VjAKHJi.exe
  2⤵
  PID:5840
- C:\Windows\System\dPBaPPf.exe
  C:\Windows\System\dPBaPPf.exe
  2⤵
  PID:5900
- C:\Windows\System\oOhFHar.exe
  C:\Windows\System\oOhFHar.exe
  2⤵
  PID:5980
- C:\Windows\System\MEkjKpO.exe
  C:\Windows\System\MEkjKpO.exe
  2⤵
  PID:5816
- C:\Windows\System\StEUDQd.exe
  C:\Windows\System\StEUDQd.exe
  2⤵
  PID:5916
- C:\Windows\System\hCXcjnV.exe
  C:\Windows\System\hCXcjnV.exe
  2⤵
  PID:5924
- C:\Windows\System\rVNVRQV.exe
  C:\Windows\System\rVNVRQV.exe
  2⤵
  PID:5940
- C:\Windows\System\clgFecV.exe
  C:\Windows\System\clgFecV.exe
  2⤵
  PID:5920
- C:\Windows\System\GmJoJog.exe
  C:\Windows\System\GmJoJog.exe
  2⤵
  PID:6000
- C:\Windows\System\TLifntN.exe
  C:\Windows\System\TLifntN.exe
  2⤵
  PID:6136
- C:\Windows\System\cUlvbRD.exe
  C:\Windows\System\cUlvbRD.exe
  2⤵
  PID:296
- C:\Windows\System\CJqxXgV.exe
  C:\Windows\System\CJqxXgV.exe
  2⤵
  PID:6068
- C:\Windows\System\NgmHqsN.exe
  C:\Windows\System\NgmHqsN.exe
  2⤵
  PID:6120
- C:\Windows\System\TIusuAS.exe
  C:\Windows\System\TIusuAS.exe
  2⤵
  PID:4144
- C:\Windows\System\VxVTNdT.exe
  C:\Windows\System\VxVTNdT.exe
  2⤵
  PID:4132
- C:\Windows\System\VBzydwC.exe
  C:\Windows\System\VBzydwC.exe
  2⤵
  PID:2804
- C:\Windows\System\iQxvfUa.exe
  C:\Windows\System\iQxvfUa.exe
  2⤵
  PID:5352
- C:\Windows\System\YSvokMF.exe
  C:\Windows\System\YSvokMF.exe
  2⤵
  PID:4608
- C:\Windows\System\fwIEnqD.exe
  C:\Windows\System\fwIEnqD.exe
  2⤵
  PID:5572
- C:\Windows\System\LuxgGpX.exe
  C:\Windows\System\LuxgGpX.exe
  2⤵
  PID:5488
- C:\Windows\System\dlfbAPB.exe
  C:\Windows\System\dlfbAPB.exe
  2⤵
  PID:2784
- C:\Windows\System\aaQBXAu.exe
  C:\Windows\System\aaQBXAu.exe
  2⤵
  PID:5684
- C:\Windows\System\lRRrZyL.exe
  C:\Windows\System\lRRrZyL.exe
  2⤵
  PID:5904
- C:\Windows\System\HSjpDLj.exe
  C:\Windows\System\HSjpDLj.exe
  2⤵
  PID:5764
- C:\Windows\System\FmnvraD.exe
  C:\Windows\System\FmnvraD.exe
  2⤵
  PID:1272
- C:\Windows\System\hxDDhtU.exe
  C:\Windows\System\hxDDhtU.exe
  2⤵
  PID:5748
- C:\Windows\System\oXBggzf.exe
  C:\Windows\System\oXBggzf.exe
  2⤵
  PID:6032
- C:\Windows\System\WOLToci.exe
  C:\Windows\System\WOLToci.exe
  2⤵
  PID:5812
- C:\Windows\System\sWmTfmd.exe
  C:\Windows\System\sWmTfmd.exe
  2⤵
  PID:5228
- C:\Windows\System\MzCkSQk.exe
  C:\Windows\System\MzCkSQk.exe
  2⤵
  PID:5872
- C:\Windows\System\eFyxyCA.exe
  C:\Windows\System\eFyxyCA.exe
  2⤵
  PID:5948
- C:\Windows\System\LBdjTLZ.exe
  C:\Windows\System\LBdjTLZ.exe
  2⤵
  PID:5000
- C:\Windows\System\Gnzkkrs.exe
  C:\Windows\System\Gnzkkrs.exe
  2⤵
  PID:5936
- C:\Windows\System\vZZfUXv.exe
  C:\Windows\System\vZZfUXv.exe
  2⤵
  PID:5428
- C:\Windows\System\ApAvrtX.exe
  C:\Windows\System\ApAvrtX.exe
  2⤵
  PID:4128
- C:\Windows\System\QMbyuyK.exe
  C:\Windows\System\QMbyuyK.exe
  2⤵
  PID:5044
- C:\Windows\System\SFJsBqN.exe
  C:\Windows\System\SFJsBqN.exe
  2⤵
  PID:2252
- C:\Windows\System\ykxUIGp.exe
  C:\Windows\System\ykxUIGp.exe
  2⤵
  PID:5360
- C:\Windows\System\qaFcvkH.exe
  C:\Windows\System\qaFcvkH.exe
  2⤵
  PID:5744
- C:\Windows\System\JEbXMnt.exe
  C:\Windows\System\JEbXMnt.exe
  2⤵
  PID:5856
- C:\Windows\System\UdkBOmX.exe
  C:\Windows\System\UdkBOmX.exe
  2⤵
  PID:5700
- C:\Windows\System\IEKgorB.exe
  C:\Windows\System\IEKgorB.exe
  2⤵
  PID:5728
- C:\Windows\System\xygYPJn.exe
  C:\Windows\System\xygYPJn.exe
  2⤵
  PID:4628
- C:\Windows\System\aEhBkTU.exe
  C:\Windows\System\aEhBkTU.exe
  2⤵
  PID:5244
- C:\Windows\System\aFcCzCd.exe
  C:\Windows\System\aFcCzCd.exe
  2⤵
  PID:852
- C:\Windows\System\KPChsds.exe
  C:\Windows\System\KPChsds.exe
  2⤵
  PID:1908
- C:\Windows\System\NDUwZuD.exe
  C:\Windows\System\NDUwZuD.exe
  2⤵
  PID:5880
- C:\Windows\System\tYECEIY.exe
  C:\Windows\System\tYECEIY.exe
  2⤵
  PID:5500
- C:\Windows\System\mxoJesh.exe
  C:\Windows\System\mxoJesh.exe
  2⤵
  PID:2616
- C:\Windows\System\eKRNDHx.exe
  C:\Windows\System\eKRNDHx.exe
  2⤵
  PID:4400
- C:\Windows\System\raYCDfp.exe
  C:\Windows\System\raYCDfp.exe
  2⤵
  PID:2968
- C:\Windows\System\aORNvMB.exe
  C:\Windows\System\aORNvMB.exe
  2⤵
  PID:5620
- C:\Windows\System\DiQbWFz.exe
  C:\Windows\System\DiQbWFz.exe
  2⤵
  PID:6020
- C:\Windows\System\nNnTOuH.exe
  C:\Windows\System\nNnTOuH.exe
  2⤵
  PID:5724
- C:\Windows\System\nVJzliI.exe
  C:\Windows\System\nVJzliI.exe
  2⤵
  PID:4964
- C:\Windows\System\uBZsdlq.exe
  C:\Windows\System\uBZsdlq.exe
  2⤵
  PID:5768
- C:\Windows\System\jwopvyE.exe
  C:\Windows\System\jwopvyE.exe
  2⤵
  PID:4248
- C:\Windows\System\PoAEGiK.exe
  C:\Windows\System\PoAEGiK.exe
  2⤵
  PID:5592
- C:\Windows\System\heCwczr.exe
  C:\Windows\System\heCwczr.exe
  2⤵
  PID:5964
- C:\Windows\System\MnLwyYa.exe
  C:\Windows\System\MnLwyYa.exe
  2⤵
  PID:5984
- C:\Windows\System\KFEwwpf.exe
  C:\Windows\System\KFEwwpf.exe
  2⤵
  PID:6148
- C:\Windows\System\yhDkfyo.exe
  C:\Windows\System\yhDkfyo.exe
  2⤵
  PID:6168
- C:\Windows\System\LiwITcZ.exe
  C:\Windows\System\LiwITcZ.exe
  2⤵
  PID:6200
- C:\Windows\System\GRPMdfV.exe
  C:\Windows\System\GRPMdfV.exe
  2⤵
  PID:6216
- C:\Windows\System\cLQCwtf.exe
  C:\Windows\System\cLQCwtf.exe
  2⤵
  PID:6236
- C:\Windows\System\TCkIQNz.exe
  C:\Windows\System\TCkIQNz.exe
  2⤵
  PID:6256
- C:\Windows\System\OrqKrth.exe
  C:\Windows\System\OrqKrth.exe
  2⤵
  PID:6276
- C:\Windows\System\VxUzxlm.exe
  C:\Windows\System\VxUzxlm.exe
  2⤵
  PID:6292
- C:\Windows\System\QiSLnLn.exe
  C:\Windows\System\QiSLnLn.exe
  2⤵
  PID:6312
- C:\Windows\System\BskeBfP.exe
  C:\Windows\System\BskeBfP.exe
  2⤵
  PID:6328
- C:\Windows\System\uwbjBHr.exe
  C:\Windows\System\uwbjBHr.exe
  2⤵
  PID:6344
- C:\Windows\System\ugBgzcw.exe
  C:\Windows\System\ugBgzcw.exe
  2⤵
  PID:6396
- C:\Windows\System\eSlGZDV.exe
  C:\Windows\System\eSlGZDV.exe
  2⤵
  PID:6412
- C:\Windows\System\SAGcQvE.exe
  C:\Windows\System\SAGcQvE.exe
  2⤵
  PID:6428
- C:\Windows\System\QsfQgiv.exe
  C:\Windows\System\QsfQgiv.exe
  2⤵
  PID:6448
- C:\Windows\System\jkfkpcc.exe
  C:\Windows\System\jkfkpcc.exe
  2⤵
  PID:6464
- C:\Windows\System\gqFbWyP.exe
  C:\Windows\System\gqFbWyP.exe
  2⤵
  PID:6480
- C:\Windows\System\ujSEXzo.exe
  C:\Windows\System\ujSEXzo.exe
  2⤵
  PID:6496
- C:\Windows\System\nwXFPCi.exe
  C:\Windows\System\nwXFPCi.exe
  2⤵
  PID:6512
- C:\Windows\System\pGxSjdY.exe
  C:\Windows\System\pGxSjdY.exe
  2⤵
  PID:6532
- C:\Windows\System\FqHSiij.exe
  C:\Windows\System\FqHSiij.exe
  2⤵
  PID:6560
- C:\Windows\System\reRNcsO.exe
  C:\Windows\System\reRNcsO.exe
  2⤵
  PID:6576
- C:\Windows\System\XGRXAro.exe
  C:\Windows\System\XGRXAro.exe
  2⤵
  PID:6592
- C:\Windows\System\CxYXsbR.exe
  C:\Windows\System\CxYXsbR.exe
  2⤵
  PID:6608
- C:\Windows\System\TbTguTg.exe
  C:\Windows\System\TbTguTg.exe
  2⤵
  PID:6628
- C:\Windows\System\LcZpZlS.exe
  C:\Windows\System\LcZpZlS.exe
  2⤵
  PID:6644
- C:\Windows\System\TDHUVvU.exe
  C:\Windows\System\TDHUVvU.exe
  2⤵
  PID:6672
- C:\Windows\System\SAnMGPD.exe
  C:\Windows\System\SAnMGPD.exe
  2⤵
  PID:6688
- C:\Windows\System\vbIcwWv.exe
  C:\Windows\System\vbIcwWv.exe
  2⤵
  PID:6704
- C:\Windows\System\HKhqQbT.exe
  C:\Windows\System\HKhqQbT.exe
  2⤵
  PID:6720
- C:\Windows\System\XkxwyWn.exe
  C:\Windows\System\XkxwyWn.exe
  2⤵
  PID:6740
- C:\Windows\System\QUoqqQW.exe
  C:\Windows\System\QUoqqQW.exe
  2⤵
  PID:6760
- C:\Windows\System\mnOotIH.exe
  C:\Windows\System\mnOotIH.exe
  2⤵
  PID:6776
- C:\Windows\System\sAlpxTz.exe
  C:\Windows\System\sAlpxTz.exe
  2⤵
  PID:6792
- C:\Windows\System\fAYsKSb.exe
  C:\Windows\System\fAYsKSb.exe
  2⤵
  PID:6808
- C:\Windows\System\UTuwREg.exe
  C:\Windows\System\UTuwREg.exe
  2⤵
  PID:6828
- C:\Windows\System\bhVgLSb.exe
  C:\Windows\System\bhVgLSb.exe
  2⤵
  PID:6852
- C:\Windows\System\hNDZmio.exe
  C:\Windows\System\hNDZmio.exe
  2⤵
  PID:6868
- C:\Windows\System\luEqDek.exe
  C:\Windows\System\luEqDek.exe
  2⤵
  PID:6884
- C:\Windows\System\CeEiyME.exe
  C:\Windows\System\CeEiyME.exe
  2⤵
  PID:6900
- C:\Windows\System\OFtBAGT.exe
  C:\Windows\System\OFtBAGT.exe
  2⤵
  PID:6948
- C:\Windows\System\XBInzSd.exe
  C:\Windows\System\XBInzSd.exe
  2⤵
  PID:6992
- C:\Windows\System\rtwkKfg.exe
  C:\Windows\System\rtwkKfg.exe
  2⤵
  PID:7008
- C:\Windows\System\mXjQQQw.exe
  C:\Windows\System\mXjQQQw.exe
  2⤵
  PID:7028
- C:\Windows\System\KZbjqGs.exe
  C:\Windows\System\KZbjqGs.exe
  2⤵
  PID:7048
- C:\Windows\System\Ydhnrtj.exe
  C:\Windows\System\Ydhnrtj.exe
  2⤵
  PID:7072
- C:\Windows\System\ZzaWtMt.exe
  C:\Windows\System\ZzaWtMt.exe
  2⤵
  PID:7088
- C:\Windows\System\czkeVQt.exe
  C:\Windows\System\czkeVQt.exe
  2⤵
  PID:7104
- C:\Windows\System\psMmAPl.exe
  C:\Windows\System\psMmAPl.exe
  2⤵
  PID:7120
- C:\Windows\System\gedhJqW.exe
  C:\Windows\System\gedhJqW.exe
  2⤵
  PID:7136
- C:\Windows\System\bsSuQlQ.exe
  C:\Windows\System\bsSuQlQ.exe
  2⤵
  PID:7156
- C:\Windows\System\qIgqsRc.exe
  C:\Windows\System\qIgqsRc.exe
  2⤵
  PID:4332
- C:\Windows\System\CNPGjeQ.exe
  C:\Windows\System\CNPGjeQ.exe
  2⤵
  PID:2644
- C:\Windows\System\gQfektc.exe
  C:\Windows\System\gQfektc.exe
  2⤵
  PID:2700
- C:\Windows\System\CYYPzCi.exe
  C:\Windows\System\CYYPzCi.exe
  2⤵
  PID:6196
- C:\Windows\System\vakYWxw.exe
  C:\Windows\System\vakYWxw.exe
  2⤵
  PID:6232
- C:\Windows\System\ebSODKJ.exe
  C:\Windows\System\ebSODKJ.exe
  2⤵
  PID:6300
- C:\Windows\System\ECFjZfl.exe
  C:\Windows\System\ECFjZfl.exe
  2⤵
  PID:6212
- C:\Windows\System\eWRCfco.exe
  C:\Windows\System\eWRCfco.exe
  2⤵
  PID:6436
- C:\Windows\System\rgsSgCa.exe
  C:\Windows\System\rgsSgCa.exe
  2⤵
  PID:2640
- C:\Windows\System\gqXNQbE.exe
  C:\Windows\System\gqXNQbE.exe
  2⤵
  PID:6540
- C:\Windows\System\rVgBoJQ.exe
  C:\Windows\System\rVgBoJQ.exe
  2⤵
  PID:6556
- C:\Windows\System\xqiNUBh.exe
  C:\Windows\System\xqiNUBh.exe
  2⤵
  PID:6620
- C:\Windows\System\ARmpjsC.exe
  C:\Windows\System\ARmpjsC.exe
  2⤵
  PID:6660
- C:\Windows\System\XMwwCmy.exe
  C:\Windows\System\XMwwCmy.exe
  2⤵
  PID:6696
- C:\Windows\System\lnxNGaD.exe
  C:\Windows\System\lnxNGaD.exe
  2⤵
  PID:6736
- C:\Windows\System\AzvPvCl.exe
  C:\Windows\System\AzvPvCl.exe
  2⤵
  PID:6836
- C:\Windows\System\IVWmgwm.exe
  C:\Windows\System\IVWmgwm.exe
  2⤵
  PID:6880
- C:\Windows\System\RDnvgnk.exe
  C:\Windows\System\RDnvgnk.exe
  2⤵
  PID:6924
- C:\Windows\System\onTiPXs.exe
  C:\Windows\System\onTiPXs.exe
  2⤵
  PID:6372
- C:\Windows\System\lFhYibi.exe
  C:\Windows\System\lFhYibi.exe
  2⤵
  PID:6388
- C:\Windows\System\GQteuVh.exe
  C:\Windows\System\GQteuVh.exe
  2⤵
  PID:6944
- C:\Windows\System\lezmwfM.exe
  C:\Windows\System\lezmwfM.exe
  2⤵
  PID:6460
- C:\Windows\System\ezEayaB.exe
  C:\Windows\System\ezEayaB.exe
  2⤵
  PID:6528
- C:\Windows\System\tTNMidD.exe
  C:\Windows\System\tTNMidD.exe
  2⤵
  PID:6636
- C:\Windows\System\tpwUCjn.exe
  C:\Windows\System\tpwUCjn.exe
  2⤵
  PID:6712
- C:\Windows\System\STLHAUq.exe
  C:\Windows\System\STLHAUq.exe
  2⤵
  PID:6784
- C:\Windows\System\zQitmdY.exe
  C:\Windows\System\zQitmdY.exe
  2⤵
  PID:6824
- C:\Windows\System\AwvDcEX.exe
  C:\Windows\System\AwvDcEX.exe
  2⤵
  PID:6860
- C:\Windows\System\GWEzstY.exe
  C:\Windows\System\GWEzstY.exe
  2⤵
  PID:7084
- C:\Windows\System\SWhDIBv.exe
  C:\Windows\System\SWhDIBv.exe
  2⤵
  PID:1976
- C:\Windows\System\PqoTrNb.exe
  C:\Windows\System\PqoTrNb.exe
  2⤵
  PID:6984
- C:\Windows\System\NrgOGXs.exe
  C:\Windows\System\NrgOGXs.exe
  2⤵
  PID:7060
- C:\Windows\System\KBVfTkh.exe
  C:\Windows\System\KBVfTkh.exe
  2⤵
  PID:7132
- C:\Windows\System\xFkXIgI.exe
  C:\Windows\System\xFkXIgI.exe
  2⤵
  PID:5624
- C:\Windows\System\peWdegy.exe
  C:\Windows\System\peWdegy.exe
  2⤵
  PID:5740
- C:\Windows\System\gNdbLjQ.exe
  C:\Windows\System\gNdbLjQ.exe
  2⤵
  PID:7144
- C:\Windows\System\PaspsRS.exe
  C:\Windows\System\PaspsRS.exe
  2⤵
  PID:668
- C:\Windows\System\cQuUNYJ.exe
  C:\Windows\System\cQuUNYJ.exe
  2⤵
  PID:5884
- C:\Windows\System\WHkuJFG.exe
  C:\Windows\System\WHkuJFG.exe
  2⤵
  PID:6508
- C:\Windows\System\XQURbBL.exe
  C:\Windows\System\XQURbBL.exe
  2⤵
  PID:6272
- C:\Windows\System\JYQtpeT.exe
  C:\Windows\System\JYQtpeT.exe
  2⤵
  PID:6548
- C:\Windows\System\GpWbjVb.exe
  C:\Windows\System\GpWbjVb.exe
  2⤵
  PID:6320
- C:\Windows\System\hjwcprg.exe
  C:\Windows\System\hjwcprg.exe
  2⤵
  PID:6668
- C:\Windows\System\fbefsHj.exe
  C:\Windows\System\fbefsHj.exe
  2⤵
  PID:6664
- C:\Windows\System\eZYhFwx.exe
  C:\Windows\System\eZYhFwx.exe
  2⤵
  PID:6912
- C:\Windows\System\TrrNffP.exe
  C:\Windows\System\TrrNffP.exe
  2⤵
  PID:6732
- C:\Windows\System\djCYMYv.exe
  C:\Windows\System\djCYMYv.exe
  2⤵
  PID:6384
- C:\Windows\System\AqbLuow.exe
  C:\Windows\System\AqbLuow.exe
  2⤵
  PID:6456
- C:\Windows\System\uNiClsE.exe
  C:\Windows\System\uNiClsE.exe
  2⤵
  PID:6752
- C:\Windows\System\YIxrsQm.exe
  C:\Windows\System\YIxrsQm.exe
  2⤵
  PID:6356
- C:\Windows\System\WYKaRGv.exe
  C:\Windows\System\WYKaRGv.exe
  2⤵
  PID:6492
- C:\Windows\System\aIKvFde.exe
  C:\Windows\System\aIKvFde.exe
  2⤵
  PID:6756
- C:\Windows\System\KTMBHnv.exe
  C:\Windows\System\KTMBHnv.exe
  2⤵
  PID:6964
- C:\Windows\System\EochLen.exe
  C:\Windows\System\EochLen.exe
  2⤵
  PID:7056
- C:\Windows\System\YqUDxQd.exe
  C:\Windows\System\YqUDxQd.exe
  2⤵
  PID:872
- C:\Windows\System\EycmKGU.exe
  C:\Windows\System\EycmKGU.exe
  2⤵
  PID:6972
- C:\Windows\System\nwGfTkj.exe
  C:\Windows\System\nwGfTkj.exe
  2⤵
  PID:7100
- C:\Windows\System\OykChgd.exe
  C:\Windows\System\OykChgd.exe
  2⤵
  PID:4640
- C:\Windows\System\woXVkjr.exe
  C:\Windows\System\woXVkjr.exe
  2⤵
  PID:6176
- C:\Windows\System\mGLiHOc.exe
  C:\Windows\System\mGLiHOc.exe
  2⤵
  PID:6180
- C:\Windows\System\JsXnuZs.exe
  C:\Windows\System\JsXnuZs.exe
  2⤵
  PID:6284
- C:\Windows\System\ThwFWYS.exe
  C:\Windows\System\ThwFWYS.exe
  2⤵
  PID:6728
- C:\Windows\System\slPSoNZ.exe
  C:\Windows\System\slPSoNZ.exe
  2⤵
  PID:6524
- C:\Windows\System\gEPjUsy.exe
  C:\Windows\System\gEPjUsy.exe
  2⤵
  PID:7020
- C:\Windows\System\bFBkWnP.exe
  C:\Windows\System\bFBkWnP.exe
  2⤵
  PID:7080
- C:\Windows\System\ueNbqnf.exe
  C:\Windows\System\ueNbqnf.exe
  2⤵
  PID:1668
- C:\Windows\System\esEeukQ.exe
  C:\Windows\System\esEeukQ.exe
  2⤵
  PID:7016
- C:\Windows\System\WMbPKDP.exe
  C:\Windows\System\WMbPKDP.exe
  2⤵
  PID:6164
- C:\Windows\System\cRYiuNK.exe
  C:\Windows\System\cRYiuNK.exe
  2⤵
  PID:7184
- C:\Windows\System\EXbEEXR.exe
  C:\Windows\System\EXbEEXR.exe
  2⤵
  PID:7268
- C:\Windows\System\TDpBoCY.exe
  C:\Windows\System\TDpBoCY.exe
  2⤵
  PID:7300
- C:\Windows\System\UmBhYiS.exe
  C:\Windows\System\UmBhYiS.exe
  2⤵
  PID:7320
- C:\Windows\System\tTwVSGi.exe
  C:\Windows\System\tTwVSGi.exe
  2⤵
  PID:7336
- C:\Windows\System\REFCvvE.exe
  C:\Windows\System\REFCvvE.exe
  2⤵
  PID:7352
- C:\Windows\System\SQghHlw.exe
  C:\Windows\System\SQghHlw.exe
  2⤵
  PID:7368
- C:\Windows\System\xHpIjqv.exe
  C:\Windows\System\xHpIjqv.exe
  2⤵
  PID:7384
- C:\Windows\System\LFIiJco.exe
  C:\Windows\System\LFIiJco.exe
  2⤵
  PID:7412
- C:\Windows\System\IFlJVre.exe
  C:\Windows\System\IFlJVre.exe
  2⤵
  PID:7436
- C:\Windows\System\olpyANG.exe
  C:\Windows\System\olpyANG.exe
  2⤵
  PID:7460
- C:\Windows\System\jixZACj.exe
  C:\Windows\System\jixZACj.exe
  2⤵
  PID:7480
- C:\Windows\System\PKWVavU.exe
  C:\Windows\System\PKWVavU.exe
  2⤵
  PID:7496
- C:\Windows\System\LUlqrdp.exe
  C:\Windows\System\LUlqrdp.exe
  2⤵
  PID:7512
- C:\Windows\System\ZIJfPZE.exe
  C:\Windows\System\ZIJfPZE.exe
  2⤵
  PID:7528
- C:\Windows\System\RkqLQUI.exe
  C:\Windows\System\RkqLQUI.exe
  2⤵
  PID:7544
- C:\Windows\System\mzSWPqm.exe
  C:\Windows\System\mzSWPqm.exe
  2⤵
  PID:7560
- C:\Windows\System\RokEaHj.exe
  C:\Windows\System\RokEaHj.exe
  2⤵
  PID:7580
- C:\Windows\System\cGFfWEg.exe
  C:\Windows\System\cGFfWEg.exe
  2⤵
  PID:7596
- C:\Windows\System\vvrYJty.exe
  C:\Windows\System\vvrYJty.exe
  2⤵
  PID:7616
- C:\Windows\System\BNxhdwe.exe
  C:\Windows\System\BNxhdwe.exe
  2⤵
  PID:7632
- C:\Windows\System\wcLlDLr.exe
  C:\Windows\System\wcLlDLr.exe
  2⤵
  PID:7648
- C:\Windows\System\xWzJywL.exe
  C:\Windows\System\xWzJywL.exe
  2⤵
  PID:7668
- C:\Windows\System\aNNXTqf.exe
  C:\Windows\System\aNNXTqf.exe
  2⤵
  PID:7684
- C:\Windows\System\JPVSkDW.exe
  C:\Windows\System\JPVSkDW.exe
  2⤵
  PID:7700
- C:\Windows\System\LRAOSYK.exe
  C:\Windows\System\LRAOSYK.exe
  2⤵
  PID:7716
- C:\Windows\System\ZlxLeBt.exe
  C:\Windows\System\ZlxLeBt.exe
  2⤵
  PID:7736
- C:\Windows\System\JnmkWsH.exe
  C:\Windows\System\JnmkWsH.exe
  2⤵
  PID:7752
- C:\Windows\System\FIzVnqK.exe
  C:\Windows\System\FIzVnqK.exe
  2⤵
  PID:7768
- C:\Windows\System\GMLSdnd.exe
  C:\Windows\System\GMLSdnd.exe
  2⤵
  PID:7824
- C:\Windows\System\GAQJxFn.exe
  C:\Windows\System\GAQJxFn.exe
  2⤵
  PID:7840
- C:\Windows\System\ahqJyKh.exe
  C:\Windows\System\ahqJyKh.exe
  2⤵
  PID:7856
- C:\Windows\System\UmMzZMc.exe
  C:\Windows\System\UmMzZMc.exe
  2⤵
  PID:7872
- C:\Windows\System\njtgNmh.exe
  C:\Windows\System\njtgNmh.exe
  2⤵
  PID:7888
- C:\Windows\System\NihEFHK.exe
  C:\Windows\System\NihEFHK.exe
  2⤵
  PID:7908
- C:\Windows\System\LEOaCYA.exe
  C:\Windows\System\LEOaCYA.exe
  2⤵
  PID:7928
- C:\Windows\System\GgAzqrM.exe
  C:\Windows\System\GgAzqrM.exe
  2⤵
  PID:7944
- C:\Windows\System\uDnbGCD.exe
  C:\Windows\System\uDnbGCD.exe
  2⤵
  PID:7964
- C:\Windows\System\OGWaLbI.exe
  C:\Windows\System\OGWaLbI.exe
  2⤵
  PID:7980
- C:\Windows\System\gOWXlnD.exe
  C:\Windows\System\gOWXlnD.exe
  2⤵
  PID:8028
- C:\Windows\System\HoWDdZu.exe
  C:\Windows\System\HoWDdZu.exe
  2⤵
  PID:8048
- C:\Windows\System\PaPZDmB.exe
  C:\Windows\System\PaPZDmB.exe
  2⤵
  PID:8064
- C:\Windows\System\rClIica.exe
  C:\Windows\System\rClIica.exe
  2⤵
  PID:8084
- C:\Windows\System\TXmtotH.exe
  C:\Windows\System\TXmtotH.exe
  2⤵
  PID:8104
- C:\Windows\System\WgsGdbr.exe
  C:\Windows\System\WgsGdbr.exe
  2⤵
  PID:8120
- C:\Windows\System\GbvnJNh.exe
  C:\Windows\System\GbvnJNh.exe
  2⤵
  PID:8136
- C:\Windows\System\aGdzRjo.exe
  C:\Windows\System\aGdzRjo.exe
  2⤵
  PID:8156
- C:\Windows\System\JnmNGEo.exe
  C:\Windows\System\JnmNGEo.exe
  2⤵
  PID:8176
- C:\Windows\System\FDFoxmd.exe
  C:\Windows\System\FDFoxmd.exe
  2⤵
  PID:6192
- C:\Windows\System\qWAdcXp.exe
  C:\Windows\System\qWAdcXp.exe
  2⤵
  PID:7212
- C:\Windows\System\DLmpbil.exe
  C:\Windows\System\DLmpbil.exe
  2⤵
  PID:7004
- C:\Windows\System\nqYtzpZ.exe
  C:\Windows\System\nqYtzpZ.exe
  2⤵
  PID:6920
- C:\Windows\System\WlCDtHK.exe
  C:\Windows\System\WlCDtHK.exe
  2⤵
  PID:6380
- C:\Windows\System\qQvnCpi.exe
  C:\Windows\System\qQvnCpi.exe
  2⤵
  PID:6616
- C:\Windows\System\CuyTWLh.exe
  C:\Windows\System\CuyTWLh.exe
  2⤵
  PID:6476
- C:\Windows\System\tdCDUHG.exe
  C:\Windows\System\tdCDUHG.exe
  2⤵
  PID:5332
- C:\Windows\System\WkaTUXW.exe
  C:\Windows\System\WkaTUXW.exe
  2⤵
  PID:6424
- C:\Windows\System\HWrptZK.exe
  C:\Windows\System\HWrptZK.exe
  2⤵
  PID:5640
- C:\Windows\System\otmNzmX.exe
  C:\Windows\System\otmNzmX.exe
  2⤵
  PID:6228
- C:\Windows\System\AaVwRAD.exe
  C:\Windows\System\AaVwRAD.exe
  2⤵
  PID:6368
- C:\Windows\System\aqsrrpT.exe
  C:\Windows\System\aqsrrpT.exe
  2⤵
  PID:6160
- C:\Windows\System\UEJjMKG.exe
  C:\Windows\System\UEJjMKG.exe
  2⤵
  PID:5416
- C:\Windows\System\LseeejT.exe
  C:\Windows\System\LseeejT.exe
  2⤵
  PID:7308
- C:\Windows\System\eQrbUzg.exe
  C:\Windows\System\eQrbUzg.exe
  2⤵
  PID:7344
- C:\Windows\System\wOQETLR.exe
  C:\Windows\System\wOQETLR.exe
  2⤵
  PID:2820
- C:\Windows\System\SqBerlc.exe
  C:\Windows\System\SqBerlc.exe
  2⤵
  PID:7428
- C:\Windows\System\TRbgBoO.exe
  C:\Windows\System\TRbgBoO.exe
  2⤵
  PID:7404
- C:\Windows\System\JVlMRRG.exe
  C:\Windows\System\JVlMRRG.exe
  2⤵
  PID:7364
- C:\Windows\System\MEjmLEP.exe
  C:\Windows\System\MEjmLEP.exe
  2⤵
  PID:7468
- C:\Windows\System\orAqOSQ.exe
  C:\Windows\System\orAqOSQ.exe
  2⤵
  PID:7536
- C:\Windows\System\FbJMAJP.exe
  C:\Windows\System\FbJMAJP.exe
  2⤵
  PID:7492
- C:\Windows\System\bkdhNhx.exe
  C:\Windows\System\bkdhNhx.exe
  2⤵
  PID:7592
- C:\Windows\System\JwUeTpw.exe
  C:\Windows\System\JwUeTpw.exe
  2⤵
  PID:7656
- C:\Windows\System\rFCxZdO.exe
  C:\Windows\System\rFCxZdO.exe
  2⤵
  PID:7748
- C:\Windows\System\RkDWuum.exe
  C:\Windows\System\RkDWuum.exe
  2⤵
  PID:7780
- C:\Windows\System\CwwPOyn.exe
  C:\Windows\System\CwwPOyn.exe
  2⤵
  PID:7760
- C:\Windows\System\TUJOIlh.exe
  C:\Windows\System\TUJOIlh.exe
  2⤵
  PID:7804
- C:\Windows\System\KKkLKIK.exe
  C:\Windows\System\KKkLKIK.exe
  2⤵
  PID:7868
- C:\Windows\System\UzoUTQe.exe
  C:\Windows\System\UzoUTQe.exe
  2⤵
  PID:7880
- C:\Windows\System\GnRwNga.exe
  C:\Windows\System\GnRwNga.exe
  2⤵
  PID:7936
- C:\Windows\System\kgCdOnZ.exe
  C:\Windows\System\kgCdOnZ.exe
  2⤵
  PID:7952
- C:\Windows\System\wtCVhNQ.exe
  C:\Windows\System\wtCVhNQ.exe
  2⤵
  PID:7796
- C:\Windows\System\TKtSVJS.exe
  C:\Windows\System\TKtSVJS.exe
  2⤵
  PID:8016
- C:\Windows\System\QbdpIli.exe
  C:\Windows\System\QbdpIli.exe
  2⤵
  PID:8056
- C:\Windows\System\nrxVTYO.exe
  C:\Windows\System\nrxVTYO.exe
  2⤵
  PID:8024
- C:\Windows\System\ratJQSp.exe
  C:\Windows\System\ratJQSp.exe
  2⤵
  PID:5968
- C:\Windows\System\JfIsCTk.exe
  C:\Windows\System\JfIsCTk.exe
  2⤵
  PID:8100
- C:\Windows\System\dSFxVyr.exe
  C:\Windows\System\dSFxVyr.exe
  2⤵
  PID:8072
- C:\Windows\System\LnyQBtL.exe
  C:\Windows\System\LnyQBtL.exe
  2⤵
  PID:8112
- C:\Windows\System\XjsdeEm.exe
  C:\Windows\System\XjsdeEm.exe
  2⤵
  PID:8184
- C:\Windows\System\oefhQwQ.exe
  C:\Windows\System\oefhQwQ.exe
  2⤵
  PID:7228
- C:\Windows\System\RHsRfTJ.exe
  C:\Windows\System\RHsRfTJ.exe
  2⤵
  PID:7220
- C:\Windows\System\YIsNODM.exe
  C:\Windows\System\YIsNODM.exe
  2⤵
  PID:6684
- C:\Windows\System\gQXeByq.exe
  C:\Windows\System\gQXeByq.exe
  2⤵
  PID:6360
- C:\Windows\System\nsyNZeL.exe
  C:\Windows\System\nsyNZeL.exe
  2⤵
  PID:7068
- C:\Windows\System\WZiJcPK.exe
  C:\Windows\System\WZiJcPK.exe
  2⤵
  PID:7280
- C:\Windows\System\HUktfsh.exe
  C:\Windows\System\HUktfsh.exe
  2⤵
  PID:7380
- C:\Windows\System\SIlwCUf.exe
  C:\Windows\System\SIlwCUf.exe
  2⤵
  PID:7332
- C:\Windows\System\pLshMEn.exe
  C:\Windows\System\pLshMEn.exe
  2⤵
  PID:7152
- C:\Windows\System\CqsiRjL.exe
  C:\Windows\System\CqsiRjL.exe
  2⤵
  PID:6188
- C:\Windows\System\zYuyrOs.exe
  C:\Windows\System\zYuyrOs.exe
  2⤵
  PID:6420
- C:\Windows\System\vPmVZGj.exe
  C:\Windows\System\vPmVZGj.exe
  2⤵
  PID:6624
- C:\Windows\System\ivpICzl.exe
  C:\Windows\System\ivpICzl.exe
  2⤵
  PID:7552
- C:\Windows\System\OdPgxWQ.exe
  C:\Windows\System\OdPgxWQ.exe
  2⤵
  PID:7448
- C:\Windows\System\KqvlfWJ.exe
  C:\Windows\System\KqvlfWJ.exe
  2⤵
  PID:7612
- C:\Windows\System\CbstwiV.exe
  C:\Windows\System\CbstwiV.exe
  2⤵
  PID:7524
- C:\Windows\System\DFeGHvm.exe
  C:\Windows\System\DFeGHvm.exe
  2⤵
  PID:7588
- C:\Windows\System\xeZbaMI.exe
  C:\Windows\System\xeZbaMI.exe
  2⤵
  PID:7728
- C:\Windows\System\SgMgbob.exe
  C:\Windows\System\SgMgbob.exe
  2⤵
  PID:7916
- C:\Windows\System\KcTIFMk.exe
  C:\Windows\System\KcTIFMk.exe
  2⤵
  PID:7692
- C:\Windows\System\pyAsWZX.exe
  C:\Windows\System\pyAsWZX.exe
  2⤵
  PID:7832
- C:\Windows\System\wrAdLIK.exe
  C:\Windows\System\wrAdLIK.exe
  2⤵
  PID:2604
- C:\Windows\System\DdWTViy.exe
  C:\Windows\System\DdWTViy.exe
  2⤵
  PID:7920
- C:\Windows\System\XWDxhQV.exe
  C:\Windows\System\XWDxhQV.exe
  2⤵
  PID:7988
- C:\Windows\System\GOPlblO.exe
  C:\Windows\System\GOPlblO.exe
  2⤵
  PID:7904
- C:\Windows\System\OtovJqF.exe
  C:\Windows\System\OtovJqF.exe
  2⤵
  PID:8152
- C:\Windows\System\WfBxbUd.exe
  C:\Windows\System\WfBxbUd.exe
  2⤵
  PID:6340
- C:\Windows\System\PWRSPJs.exe
  C:\Windows\System\PWRSPJs.exe
  2⤵
  PID:8092
- C:\Windows\System\wmMMqOJ.exe
  C:\Windows\System\wmMMqOJ.exe
  2⤵
  PID:7556
- C:\Windows\System\UFgyXSI.exe
  C:\Windows\System\UFgyXSI.exe
  2⤵
  PID:7960
- C:\Windows\System\drJroxe.exe
  C:\Windows\System\drJroxe.exe
  2⤵
  PID:7676
- C:\Windows\System\bsXvFof.exe
  C:\Windows\System\bsXvFof.exe
  2⤵
  PID:7784
- C:\Windows\System\qOwOlbi.exe
  C:\Windows\System\qOwOlbi.exe
  2⤵
  PID:8148
- C:\Windows\System\ADPRnwt.exe
  C:\Windows\System\ADPRnwt.exe
  2⤵
  PID:6896
- C:\Windows\System\ysqAIty.exe
  C:\Windows\System\ysqAIty.exe
  2⤵
  PID:7216
- C:\Windows\System\SeTwCQF.exe
  C:\Windows\System\SeTwCQF.exe
  2⤵
  PID:7316
- C:\Windows\System\XVYOjub.exe
  C:\Windows\System\XVYOjub.exe
  2⤵
  PID:7096
- C:\Windows\System\coCmRpx.exe
  C:\Windows\System\coCmRpx.exe
  2⤵
  PID:7452
- C:\Windows\System\oqQSasH.exe
  C:\Windows\System\oqQSasH.exe
  2⤵
  PID:7248
- C:\Windows\System\uOyTfYh.exe
  C:\Windows\System\uOyTfYh.exe
  2⤵
  PID:6960
- C:\Windows\System\QTjlhAE.exe
  C:\Windows\System\QTjlhAE.exe
  2⤵
  PID:8080
- C:\Windows\System\VzxKXAU.exe
  C:\Windows\System\VzxKXAU.exe
  2⤵
  PID:1552
- C:\Windows\System\klIETxb.exe
  C:\Windows\System\klIETxb.exe
  2⤵
  PID:7820
- C:\Windows\System\THqbPjZ.exe
  C:\Windows\System\THqbPjZ.exe
  2⤵
  PID:6404
- C:\Windows\System\OQCwJGj.exe
  C:\Windows\System\OQCwJGj.exe
  2⤵
  PID:7472
- C:\Windows\System\mmcXnTj.exe
  C:\Windows\System\mmcXnTj.exe
  2⤵
  PID:7644
- C:\Windows\System\TpXKjHO.exe
  C:\Windows\System\TpXKjHO.exe
  2⤵
  PID:2092
- C:\Windows\System\aDvBSPr.exe
  C:\Windows\System\aDvBSPr.exe
  2⤵
  PID:2460
- C:\Windows\System\zsbvWiq.exe
  C:\Windows\System\zsbvWiq.exe
  2⤵
  PID:7940
- C:\Windows\System\sgvFZzm.exe
  C:\Windows\System\sgvFZzm.exe
  2⤵
  PID:7800
- C:\Windows\System\sKKoMCP.exe
  C:\Windows\System\sKKoMCP.exe
  2⤵
  PID:7476
- C:\Windows\System\qgRaDzz.exe
  C:\Windows\System\qgRaDzz.exe
  2⤵
  PID:7288
- C:\Windows\System\fkjURgu.exe
  C:\Windows\System\fkjURgu.exe
  2⤵
  PID:6980
- C:\Windows\System\kjCTJCZ.exe
  C:\Windows\System\kjCTJCZ.exe
  2⤵
  PID:7852
- C:\Windows\System\SjHLWJX.exe
  C:\Windows\System\SjHLWJX.exe
  2⤵
  PID:7608
- C:\Windows\System\CBgfBOn.exe
  C:\Windows\System\CBgfBOn.exe
  2⤵
  PID:7224
- C:\Windows\System\QjGyzQF.exe
  C:\Windows\System\QjGyzQF.exe
  2⤵
  PID:8172
- C:\Windows\System\UBrRNdB.exe
  C:\Windows\System\UBrRNdB.exe
  2⤵
  PID:8204
- C:\Windows\System\JVGVszd.exe
  C:\Windows\System\JVGVszd.exe
  2⤵
  PID:8220
- C:\Windows\System\XBaOIDO.exe
  C:\Windows\System\XBaOIDO.exe
  2⤵
  PID:8236
- C:\Windows\System\IKcHgoM.exe
  C:\Windows\System\IKcHgoM.exe
  2⤵
  PID:8252
- C:\Windows\System\lonxOZY.exe
  C:\Windows\System\lonxOZY.exe
  2⤵
  PID:8268
- C:\Windows\System\wlrOrga.exe
  C:\Windows\System\wlrOrga.exe
  2⤵
  PID:8284
- C:\Windows\System\njYYqQN.exe
  C:\Windows\System\njYYqQN.exe
  2⤵
  PID:8300
- C:\Windows\System\wHUgNay.exe
  C:\Windows\System\wHUgNay.exe
  2⤵
  PID:8316
- C:\Windows\System\clyuKhl.exe
  C:\Windows\System\clyuKhl.exe
  2⤵
  PID:8332
- C:\Windows\System\cQubwCy.exe
  C:\Windows\System\cQubwCy.exe
  2⤵
  PID:8348
- C:\Windows\System\XFqQMfH.exe
  C:\Windows\System\XFqQMfH.exe
  2⤵
  PID:8364
- C:\Windows\System\qfQJCUo.exe
  C:\Windows\System\qfQJCUo.exe
  2⤵
  PID:8380
- C:\Windows\System\OevWBmg.exe
  C:\Windows\System\OevWBmg.exe
  2⤵
  PID:8396
- C:\Windows\System\WSAnSUf.exe
  C:\Windows\System\WSAnSUf.exe
  2⤵
  PID:8412
- C:\Windows\System\YMlXNXC.exe
  C:\Windows\System\YMlXNXC.exe
  2⤵
  PID:8428
- C:\Windows\System\DvlCisP.exe
  C:\Windows\System\DvlCisP.exe
  2⤵
  PID:8444
- C:\Windows\System\szHGSOc.exe
  C:\Windows\System\szHGSOc.exe
  2⤵
  PID:8460
- C:\Windows\System\ChCkTdg.exe
  C:\Windows\System\ChCkTdg.exe
  2⤵
  PID:8476
- C:\Windows\System\FjGlCpQ.exe
  C:\Windows\System\FjGlCpQ.exe
  2⤵
  PID:8492
- C:\Windows\System\hQMheRt.exe
  C:\Windows\System\hQMheRt.exe
  2⤵
  PID:8516
- C:\Windows\System\ilnvUrE.exe
  C:\Windows\System\ilnvUrE.exe
  2⤵
  PID:8532
- C:\Windows\System\pjgrdIP.exe
  C:\Windows\System\pjgrdIP.exe
  2⤵
  PID:8552
- C:\Windows\System\EztoSDL.exe
  C:\Windows\System\EztoSDL.exe
  2⤵
  PID:8576
- C:\Windows\System\LVBeHUK.exe
  C:\Windows\System\LVBeHUK.exe
  2⤵
  PID:8596
- C:\Windows\System\TEUpSbv.exe
  C:\Windows\System\TEUpSbv.exe
  2⤵
  PID:8704
- C:\Windows\System\AteXFQK.exe
  C:\Windows\System\AteXFQK.exe
  2⤵
  PID:8724
- C:\Windows\System\eUuDERs.exe
  C:\Windows\System\eUuDERs.exe
  2⤵
  PID:8784
- C:\Windows\System\TpvAhXM.exe
  C:\Windows\System\TpvAhXM.exe
  2⤵
  PID:8820
- C:\Windows\System\NHEHLQp.exe
  C:\Windows\System\NHEHLQp.exe
  2⤵
  PID:8840
- C:\Windows\System\VuLZZmc.exe
  C:\Windows\System\VuLZZmc.exe
  2⤵
  PID:8856
- C:\Windows\System\mxPokGv.exe
  C:\Windows\System\mxPokGv.exe
  2⤵
  PID:8876
- C:\Windows\System\LdqCrgq.exe
  C:\Windows\System\LdqCrgq.exe
  2⤵
  PID:8900
- C:\Windows\System\cDlNEXr.exe
  C:\Windows\System\cDlNEXr.exe
  2⤵
  PID:8924
- C:\Windows\System\zJllTUZ.exe
  C:\Windows\System\zJllTUZ.exe
  2⤵
  PID:8940
- C:\Windows\System\WhcGXHp.exe
  C:\Windows\System\WhcGXHp.exe
  2⤵
  PID:8960
- C:\Windows\System\hVftOvz.exe
  C:\Windows\System\hVftOvz.exe
  2⤵
  PID:8980
- C:\Windows\System\BVLvaAL.exe
  C:\Windows\System\BVLvaAL.exe
  2⤵
  PID:9004
- C:\Windows\System\coATRVI.exe
  C:\Windows\System\coATRVI.exe
  2⤵
  PID:9024
- C:\Windows\System\SmnyKmv.exe
  C:\Windows\System\SmnyKmv.exe
  2⤵
  PID:9040
- C:\Windows\System\UzMEhKN.exe
  C:\Windows\System\UzMEhKN.exe
  2⤵
  PID:9064
- C:\Windows\System\ueRyGWW.exe
  C:\Windows\System\ueRyGWW.exe
  2⤵
  PID:9080
- C:\Windows\System\rflLHra.exe
  C:\Windows\System\rflLHra.exe
  2⤵
  PID:9096
- C:\Windows\System\KFHuDow.exe
  C:\Windows\System\KFHuDow.exe
  2⤵
  PID:9116
- C:\Windows\System\OKCtoSu.exe
  C:\Windows\System\OKCtoSu.exe
  2⤵
  PID:9132
- C:\Windows\System\fOfCmeu.exe
  C:\Windows\System\fOfCmeu.exe
  2⤵
  PID:9152
- C:\Windows\System\aAojqLD.exe
  C:\Windows\System\aAojqLD.exe
  2⤵
  PID:9176
- C:\Windows\System\OOQoILX.exe
  C:\Windows\System\OOQoILX.exe
  2⤵
  PID:9200
- C:\Windows\System\iGqQNDj.exe
  C:\Windows\System\iGqQNDj.exe
  2⤵
  PID:8200
- C:\Windows\System\FXJnvgE.exe
  C:\Windows\System\FXJnvgE.exe
  2⤵
  PID:8232
- C:\Windows\System\xWokSNQ.exe
  C:\Windows\System\xWokSNQ.exe
  2⤵
  PID:8264
- C:\Windows\System\kvChIHN.exe
  C:\Windows\System\kvChIHN.exe
  2⤵
  PID:8360
- C:\Windows\System\zXvPIoC.exe
  C:\Windows\System\zXvPIoC.exe
  2⤵
  PID:8456
- C:\Windows\System\GIlDsMy.exe
  C:\Windows\System\GIlDsMy.exe
  2⤵
  PID:8560
- C:\Windows\System\jFaVEaj.exe
  C:\Windows\System\jFaVEaj.exe
  2⤵
  PID:8604
- C:\Windows\System\owMUNKq.exe
  C:\Windows\System\owMUNKq.exe
  2⤵
  PID:8500
- C:\Windows\System\OMhtOty.exe
  C:\Windows\System\OMhtOty.exe
  2⤵
  PID:8212
- C:\Windows\System\domThQa.exe
  C:\Windows\System\domThQa.exe
  2⤵
  PID:7836
- C:\Windows\System\SBigXVd.exe
  C:\Windows\System\SBigXVd.exe
  2⤵
  PID:8372
- C:\Windows\System\bLpybgp.exe
  C:\Windows\System\bLpybgp.exe
  2⤵
  PID:8508
- C:\Windows\System\Jkigwwh.exe
  C:\Windows\System\Jkigwwh.exe
  2⤵
  PID:8216
- C:\Windows\System\ELSoMXH.exe
  C:\Windows\System\ELSoMXH.exe
  2⤵
  PID:8592
- C:\Windows\System\flYtWgi.exe
  C:\Windows\System\flYtWgi.exe
  2⤵
  PID:8344
- C:\Windows\System\UjVoPJt.exe
  C:\Windows\System\UjVoPJt.exe
  2⤵
  PID:8472
- C:\Windows\System\Rwyssxb.exe
  C:\Windows\System\Rwyssxb.exe
  2⤵
  PID:8584
- C:\Windows\System\sOZEvCC.exe
  C:\Windows\System\sOZEvCC.exe
  2⤵
  PID:976
- C:\Windows\System\JXqUoQx.exe
  C:\Windows\System\JXqUoQx.exe
  2⤵
  PID:8680
- C:\Windows\System\EUktwqU.exe
  C:\Windows\System\EUktwqU.exe
  2⤵
  PID:8696
- C:\Windows\System\uNpazUZ.exe
  C:\Windows\System\uNpazUZ.exe
  2⤵
  PID:8736
- C:\Windows\System\XHTazyp.exe
  C:\Windows\System\XHTazyp.exe
  2⤵
  PID:8764
- C:\Windows\System\RCIPeEz.exe
  C:\Windows\System\RCIPeEz.exe
  2⤵
  PID:8776
- C:\Windows\System\xiUCUqG.exe
  C:\Windows\System\xiUCUqG.exe
  2⤵
  PID:8792
- C:\Windows\System\yInheWJ.exe
  C:\Windows\System\yInheWJ.exe
  2⤵
  PID:8808
- C:\Windows\System\OiQOWlv.exe
  C:\Windows\System\OiQOWlv.exe
  2⤵
  PID:2844
- C:\Windows\System\iFbbxYL.exe
  C:\Windows\System\iFbbxYL.exe
  2⤵
  PID:2340
- C:\Windows\System\kSzXqTN.exe
  C:\Windows\System\kSzXqTN.exe
  2⤵
  PID:1812
- C:\Windows\System\xlKcRek.exe
  C:\Windows\System\xlKcRek.exe
  2⤵
  PID:8832
- C:\Windows\System\EDHBlNZ.exe
  C:\Windows\System\EDHBlNZ.exe
  2⤵
  PID:8868
- C:\Windows\System\ABIAKZw.exe
  C:\Windows\System\ABIAKZw.exe
  2⤵
  PID:8912
- C:\Windows\System\SftyxrM.exe
  C:\Windows\System\SftyxrM.exe
  2⤵
  PID:8936
- C:\Windows\System\qJhijWA.exe
  C:\Windows\System\qJhijWA.exe
  2⤵
  PID:8968
- C:\Windows\System\tyleAjY.exe
  C:\Windows\System\tyleAjY.exe
  2⤵
  PID:8976
- C:\Windows\System\CrIShel.exe
  C:\Windows\System\CrIShel.exe
  2⤵
  PID:9020
- C:\Windows\System\EraPyaB.exe
  C:\Windows\System\EraPyaB.exe
  2⤵
  PID:9032
- C:\Windows\System\TODJjbL.exe
  C:\Windows\System\TODJjbL.exe
  2⤵
  PID:9072
- C:\Windows\System\uGhEWnR.exe
  C:\Windows\System\uGhEWnR.exe
  2⤵
  PID:9108
- C:\Windows\System\vnpkhje.exe
  C:\Windows\System\vnpkhje.exe
  2⤵
  PID:9164
- C:\Windows\System\lZeXhcn.exe
  C:\Windows\System\lZeXhcn.exe
  2⤵
  PID:9144
- C:\Windows\System\denEWMS.exe
  C:\Windows\System\denEWMS.exe
  2⤵
  PID:9208
- C:\Windows\System\EMbGrvx.exe
  C:\Windows\System\EMbGrvx.exe
  2⤵
  PID:7816
- C:\Windows\System\TSWgWjy.exe
  C:\Windows\System\TSWgWjy.exe
  2⤵
  PID:8296
- C:\Windows\System\weyMaKf.exe
  C:\Windows\System\weyMaKf.exe
  2⤵
  PID:8452
- C:\Windows\System\QyyoYJE.exe
  C:\Windows\System\QyyoYJE.exe
  2⤵
  PID:8524
- C:\Windows\System\LPPGtCf.exe
  C:\Windows\System\LPPGtCf.exe
  2⤵
  PID:6748
- C:\Windows\System\axkrGrs.exe
  C:\Windows\System\axkrGrs.exe
  2⤵
  PID:8568
- C:\Windows\System\hLPvYJs.exe
  C:\Windows\System\hLPvYJs.exe
  2⤵
  PID:8312
- C:\Windows\System\psLZyxH.exe
  C:\Windows\System\psLZyxH.exe
  2⤵
  PID:8512
- C:\Windows\System\gPBKQYj.exe
  C:\Windows\System\gPBKQYj.exe
  2⤵
  PID:8248
- C:\Windows\System\VMoWnnx.exe
  C:\Windows\System\VMoWnnx.exe
  2⤵
  PID:8644
- C:\Windows\System\VVSgjEj.exe
  C:\Windows\System\VVSgjEj.exe
  2⤵
  PID:8652
- C:\Windows\System\VaySgcI.exe
  C:\Windows\System\VaySgcI.exe
  2⤵
  PID:8608
- C:\Windows\System\zmkVoFR.exe
  C:\Windows\System\zmkVoFR.exe
  2⤵
  PID:8620
- C:\Windows\System\eAEubFL.exe
  C:\Windows\System\eAEubFL.exe
  2⤵
  PID:3008
- C:\Windows\System\gmrEsyN.exe
  C:\Windows\System\gmrEsyN.exe
  2⤵
  PID:8748
- C:\Windows\System\oBCEdnM.exe
  C:\Windows\System\oBCEdnM.exe
  2⤵
  PID:8716
- C:\Windows\System\bYPmeTt.exe
  C:\Windows\System\bYPmeTt.exe
  2⤵
  PID:7240
- C:\Windows\System\VGLviAO.exe
  C:\Windows\System\VGLviAO.exe
  2⤵
  PID:1732
- C:\Windows\System\bIVOyrY.exe
  C:\Windows\System\bIVOyrY.exe
  2⤵
  PID:1432
- C:\Windows\System\YpUcrvH.exe
  C:\Windows\System\YpUcrvH.exe
  2⤵
  PID:8864
- C:\Windows\System\IXGvtyo.exe
  C:\Windows\System\IXGvtyo.exe
  2⤵
  PID:5392
- C:\Windows\System\gBUsqCR.exe
  C:\Windows\System\gBUsqCR.exe
  2⤵
  PID:8896
- C:\Windows\System\gIixCXw.exe
  C:\Windows\System\gIixCXw.exe
  2⤵
  PID:9056
- C:\Windows\System\pmOkTpy.exe
  C:\Windows\System\pmOkTpy.exe
  2⤵
  PID:1504
- C:\Windows\System\vxSNPtT.exe
  C:\Windows\System\vxSNPtT.exe
  2⤵
  PID:9172
- C:\Windows\System\MURSojc.exe
  C:\Windows\System\MURSojc.exe
  2⤵
  PID:9196
- C:\Windows\System\qEodcqy.exe
  C:\Windows\System\qEodcqy.exe
  2⤵
  PID:8392
- C:\Windows\System\zJcRgOT.exe
  C:\Windows\System\zJcRgOT.exe
  2⤵
  PID:7576
- C:\Windows\System\PsglzzN.exe
  C:\Windows\System\PsglzzN.exe
  2⤵
  PID:8544
- C:\Windows\System\TseAeFZ.exe
  C:\Windows\System\TseAeFZ.exe
  2⤵
  PID:8676
- C:\Windows\System\xcFLdSz.exe
  C:\Windows\System\xcFLdSz.exe
  2⤵
  PID:5752
- C:\Windows\System\iJuGhai.exe
  C:\Windows\System\iJuGhai.exe
  2⤵
  PID:8800
- C:\Windows\System\GpBwLuU.exe
  C:\Windows\System\GpBwLuU.exe
  2⤵
  PID:1248
- C:\Windows\System\NwHGmTr.exe
  C:\Windows\System\NwHGmTr.exe
  2⤵
  PID:1440
- C:\Windows\System\pzOzDPO.exe
  C:\Windows\System\pzOzDPO.exe
  2⤵
  PID:8996
- C:\Windows\System\uTxMpmR.exe
  C:\Windows\System\uTxMpmR.exe
  2⤵
  PID:8740
- C:\Windows\System\sknibWV.exe
  C:\Windows\System\sknibWV.exe
  2⤵
  PID:8932
- C:\Windows\System\cCGnJbn.exe
  C:\Windows\System\cCGnJbn.exe
  2⤵
  PID:8260
- C:\Windows\System\UMrRBYA.exe
  C:\Windows\System\UMrRBYA.exe
  2⤵
  PID:7992
- C:\Windows\System\cSAcZdK.exe
  C:\Windows\System\cSAcZdK.exe
  2⤵
  PID:5280
- C:\Windows\System\qdgXdop.exe
  C:\Windows\System\qdgXdop.exe
  2⤵
  PID:8440
- C:\Windows\System\xeYEPAo.exe
  C:\Windows\System\xeYEPAo.exe
  2⤵
  PID:6140
- C:\Windows\System\uwdmnpS.exe
  C:\Windows\System\uwdmnpS.exe
  2⤵
  PID:8744
- C:\Windows\System\ElOxDCI.exe
  C:\Windows\System\ElOxDCI.exe
  2⤵
  PID:9092
- C:\Windows\System\xHGhOWN.exe
  C:\Windows\System\xHGhOWN.exe
  2⤵
  PID:9112
- C:\Windows\System\khiYnEy.exe
  C:\Windows\System\khiYnEy.exe
  2⤵
  PID:8168
- C:\Windows\System\TbtUDcF.exe
  C:\Windows\System\TbtUDcF.exe
  2⤵
  PID:8952
- C:\Windows\System\YSAEhJo.exe
  C:\Windows\System\YSAEhJo.exe
  2⤵
  PID:8664
- C:\Windows\System\Lhuaqtj.exe
  C:\Windows\System\Lhuaqtj.exe
  2⤵
  PID:7604
- C:\Windows\System\wSWIGYJ.exe
  C:\Windows\System\wSWIGYJ.exe
  2⤵
  PID:8280
- C:\Windows\System\hArsLZO.exe
  C:\Windows\System\hArsLZO.exe
  2⤵
  PID:9128
- C:\Windows\System\OexqsWy.exe
  C:\Windows\System\OexqsWy.exe
  2⤵
  PID:8668
- C:\Windows\System\natFEKq.exe
  C:\Windows\System\natFEKq.exe
  2⤵
  PID:6308
- C:\Windows\System\RQkhTLL.exe
  C:\Windows\System\RQkhTLL.exe
  2⤵
  PID:9224
- C:\Windows\System\CFNJhLw.exe
  C:\Windows\System\CFNJhLw.exe
  2⤵
  PID:9240
- C:\Windows\System\dvyfnLF.exe
  C:\Windows\System\dvyfnLF.exe
  2⤵
  PID:9256
- C:\Windows\System\tAPFMMR.exe
  C:\Windows\System\tAPFMMR.exe
  2⤵
  PID:9272
- C:\Windows\System\rRdbzpO.exe
  C:\Windows\System\rRdbzpO.exe
  2⤵
  PID:9288
- C:\Windows\System\NsbCKOS.exe
  C:\Windows\System\NsbCKOS.exe
  2⤵
  PID:9308
- C:\Windows\System\tQSOStz.exe
  C:\Windows\System\tQSOStz.exe
  2⤵
  PID:9324
- C:\Windows\System\MUZanaW.exe
  C:\Windows\System\MUZanaW.exe
  2⤵
  PID:9340
- C:\Windows\System\JhnFxuY.exe
  C:\Windows\System\JhnFxuY.exe
  2⤵
  PID:9356
- C:\Windows\System\KOIqtiW.exe
  C:\Windows\System\KOIqtiW.exe
  2⤵
  PID:9376
- C:\Windows\System\nDqntfy.exe
  C:\Windows\System\nDqntfy.exe
  2⤵
  PID:9396
- C:\Windows\System\bbCDtbI.exe
  C:\Windows\System\bbCDtbI.exe
  2⤵
  PID:9416
- C:\Windows\System\iTguKMq.exe
  C:\Windows\System\iTguKMq.exe
  2⤵
  PID:9436
- C:\Windows\System\DrpTnBL.exe
  C:\Windows\System\DrpTnBL.exe
  2⤵
  PID:9456
- C:\Windows\System\NSNUhNp.exe
  C:\Windows\System\NSNUhNp.exe
  2⤵
  PID:9476
- C:\Windows\System\qJDPvXO.exe
  C:\Windows\System\qJDPvXO.exe
  2⤵
  PID:9492
- C:\Windows\System\efpVNJP.exe
  C:\Windows\System\efpVNJP.exe
  2⤵
  PID:9548
- C:\Windows\System\UDLltcO.exe
  C:\Windows\System\UDLltcO.exe
  2⤵
  PID:9564
- C:\Windows\System\UkOBoUA.exe
  C:\Windows\System\UkOBoUA.exe
  2⤵
  PID:9580
- C:\Windows\System\IFGfKGx.exe
  C:\Windows\System\IFGfKGx.exe
  2⤵
  PID:9596
- C:\Windows\System\lvZNZwU.exe
  C:\Windows\System\lvZNZwU.exe
  2⤵
  PID:9632
- C:\Windows\System\CBxbhwx.exe
  C:\Windows\System\CBxbhwx.exe
  2⤵
  PID:9648
- C:\Windows\System\AmtGGqK.exe
  C:\Windows\System\AmtGGqK.exe
  2⤵
  PID:9664
- C:\Windows\System\iAUQdYg.exe
  C:\Windows\System\iAUQdYg.exe
  2⤵
  PID:9680
- C:\Windows\System\LfbpWNF.exe
  C:\Windows\System\LfbpWNF.exe
  2⤵
  PID:9696
- C:\Windows\System\GJoGoet.exe
  C:\Windows\System\GJoGoet.exe
  2⤵
  PID:9724
- C:\Windows\System\FEmltfn.exe
  C:\Windows\System\FEmltfn.exe
  2⤵
  PID:9744
- C:\Windows\System\wRNSPie.exe
  C:\Windows\System\wRNSPie.exe
  2⤵
  PID:9760
- C:\Windows\System\caDpMMG.exe
  C:\Windows\System\caDpMMG.exe
  2⤵
  PID:9780
- C:\Windows\System\pYNUttH.exe
  C:\Windows\System\pYNUttH.exe
  2⤵
  PID:9800
- C:\Windows\System\BvrXzJe.exe
  C:\Windows\System\BvrXzJe.exe
  2⤵
  PID:9820
- C:\Windows\System\ZeDHQot.exe
  C:\Windows\System\ZeDHQot.exe
  2⤵
  PID:9836
- C:\Windows\System\IpUJsCJ.exe
  C:\Windows\System\IpUJsCJ.exe
  2⤵
  PID:9856
- C:\Windows\System\WtIJiDb.exe
  C:\Windows\System\WtIJiDb.exe
  2⤵
  PID:9884
- C:\Windows\System\uCtKRFF.exe
  C:\Windows\System\uCtKRFF.exe
  2⤵
  PID:9900
- C:\Windows\System\tHeKlGr.exe
  C:\Windows\System\tHeKlGr.exe
  2⤵
  PID:9916
- C:\Windows\System\ffIFqwp.exe
  C:\Windows\System\ffIFqwp.exe
  2⤵
  PID:9932
- C:\Windows\System\JNJvLDT.exe
  C:\Windows\System\JNJvLDT.exe
  2⤵
  PID:9952
- C:\Windows\System\ZuhXlNW.exe
  C:\Windows\System\ZuhXlNW.exe
  2⤵
  PID:9996
- C:\Windows\System\xfhMeZj.exe
  C:\Windows\System\xfhMeZj.exe
  2⤵
  PID:10016
- C:\Windows\System\VxlHici.exe
  C:\Windows\System\VxlHici.exe
  2⤵
  PID:10032
- C:\Windows\System\djCadmb.exe
  C:\Windows\System\djCadmb.exe
  2⤵
  PID:10048
- C:\Windows\System\krUzyia.exe
  C:\Windows\System\krUzyia.exe
  2⤵
  PID:10064
- C:\Windows\System\ZaRQRlR.exe
  C:\Windows\System\ZaRQRlR.exe
  2⤵
  PID:10080
- C:\Windows\System\aIeZEPx.exe
  C:\Windows\System\aIeZEPx.exe
  2⤵
  PID:10100
- C:\Windows\System\lHCWaaY.exe
  C:\Windows\System\lHCWaaY.exe
  2⤵
  PID:10124
- C:\Windows\System\aktQKXI.exe
  C:\Windows\System\aktQKXI.exe
  2⤵
  PID:10140
- C:\Windows\System\WajJYkw.exe
  C:\Windows\System\WajJYkw.exe
  2⤵
  PID:10156
- C:\Windows\System\ztbBoXX.exe
  C:\Windows\System\ztbBoXX.exe
  2⤵
  PID:10172
- C:\Windows\System\MPpFpfG.exe
  C:\Windows\System\MPpFpfG.exe
  2⤵
  PID:10188
- C:\Windows\System\vMsZUcx.exe
  C:\Windows\System\vMsZUcx.exe
  2⤵
  PID:10204
- C:\Windows\System\zrueVPe.exe
  C:\Windows\System\zrueVPe.exe
  2⤵
  PID:10220
- C:\Windows\System\rOrCpfg.exe
  C:\Windows\System\rOrCpfg.exe
  2⤵
  PID:10236
- C:\Windows\System\xhoUtGI.exe
  C:\Windows\System\xhoUtGI.exe
  2⤵
  PID:9352
- C:\Windows\System\tVPTsQi.exe
  C:\Windows\System\tVPTsQi.exe
  2⤵
  PID:9284
- C:\Windows\System\lOqSVMW.exe
  C:\Windows\System\lOqSVMW.exe
  2⤵
  PID:9348
- C:\Windows\System\zLLBsFD.exe
  C:\Windows\System\zLLBsFD.exe
  2⤵
  PID:9332
- C:\Windows\System\gPtVDGu.exe
  C:\Windows\System\gPtVDGu.exe
  2⤵
  PID:9336
- C:\Windows\System\INfsIun.exe
  C:\Windows\System\INfsIun.exe
  2⤵
  PID:9412
- C:\Windows\System\TIQdIut.exe
  C:\Windows\System\TIQdIut.exe
  2⤵
  PID:9296
- C:\Windows\System\oNPeVwH.exe
  C:\Windows\System\oNPeVwH.exe
  2⤵
  PID:9452
- C:\Windows\System\IKwfsCU.exe
  C:\Windows\System\IKwfsCU.exe
  2⤵
  PID:9516
- C:\Windows\System\PdTNJlq.exe
  C:\Windows\System\PdTNJlq.exe
  2⤵
  PID:9524
- C:\Windows\System\rgJLWCw.exe
  C:\Windows\System\rgJLWCw.exe
  2⤵
  PID:9560
- C:\Windows\System\pJUJqlA.exe
  C:\Windows\System\pJUJqlA.exe
  2⤵
  PID:9608
- C:\Windows\System\NFpbvUy.exe
  C:\Windows\System\NFpbvUy.exe
  2⤵
  PID:9688
- C:\Windows\System\GdaauGO.exe
  C:\Windows\System\GdaauGO.exe
  2⤵
  PID:9712
- C:\Windows\System\QxSHgFZ.exe
  C:\Windows\System\QxSHgFZ.exe
  2⤵
  PID:9752
- C:\Windows\System\psTFMcu.exe
  C:\Windows\System\psTFMcu.exe
  2⤵
  PID:9852
- C:\Windows\System\yCCqhVy.exe
  C:\Windows\System\yCCqhVy.exe
  2⤵
  PID:9868
- C:\Windows\System\hAFSNsh.exe
  C:\Windows\System\hAFSNsh.exe
  2⤵
  PID:9924
- C:\Windows\System\TyrCQnW.exe
  C:\Windows\System\TyrCQnW.exe
  2⤵
  PID:9944
- C:\Windows\System\JlhSXiL.exe
  C:\Windows\System\JlhSXiL.exe
  2⤵
  PID:9912
- C:\Windows\System\VSNpylr.exe
  C:\Windows\System\VSNpylr.exe
  2⤵
  PID:9972
- C:\Windows\System\vVYvCoC.exe
  C:\Windows\System\vVYvCoC.exe
  2⤵
  PID:10076
- C:\Windows\System\KBBjkgq.exe
  C:\Windows\System\KBBjkgq.exe
  2⤵
  PID:10056
- C:\Windows\System\sitGSce.exe
  C:\Windows\System\sitGSce.exe
  2⤵
  PID:10072
- C:\Windows\System\vqynHGy.exe
  C:\Windows\System\vqynHGy.exe
  2⤵
  PID:10028
- C:\Windows\System\pFZnTZR.exe
  C:\Windows\System\pFZnTZR.exe
  2⤵
  PID:10164
- C:\Windows\System\yzmBgGU.exe
  C:\Windows\System\yzmBgGU.exe
  2⤵
  PID:10132
- C:\Windows\System\gQjONfQ.exe
  C:\Windows\System\gQjONfQ.exe
  2⤵
  PID:10152
- C:\Windows\System\pWfDXEb.exe
  C:\Windows\System\pWfDXEb.exe
  2⤵
  PID:9248
- C:\Windows\System\RRXrRKd.exe
  C:\Windows\System\RRXrRKd.exe
  2⤵
  PID:9392
- C:\Windows\System\vryskpB.exe
  C:\Windows\System\vryskpB.exe
  2⤵
  PID:9404
- C:\Windows\System\FrEGrcQ.exe
  C:\Windows\System\FrEGrcQ.exe
  2⤵
  PID:9448
- C:\Windows\System\ASTMWmr.exe
  C:\Windows\System\ASTMWmr.exe
  2⤵
  PID:9504
- C:\Windows\System\CpUKyMX.exe
  C:\Windows\System\CpUKyMX.exe
  2⤵
  PID:9264
- C:\Windows\System\yCyGhCH.exe
  C:\Windows\System\yCyGhCH.exe
  2⤵
  PID:9500
- C:\Windows\System\fsDrGuq.exe
  C:\Windows\System\fsDrGuq.exe
  2⤵
  PID:9588
- C:\Windows\System\WeMLUjb.exe
  C:\Windows\System\WeMLUjb.exe
  2⤵
  PID:9540
- C:\Windows\System\XvMYHKS.exe
  C:\Windows\System\XvMYHKS.exe
  2⤵
  PID:9644
- C:\Windows\System\EZkJOxu.exe
  C:\Windows\System\EZkJOxu.exe
  2⤵
  PID:9656
- C:\Windows\System\siZQZLy.exe
  C:\Windows\System\siZQZLy.exe
  2⤵
  PID:9740
- C:\Windows\System\NdbQnxX.exe
  C:\Windows\System\NdbQnxX.exe
  2⤵
  PID:9776
- C:\Windows\System\FLxZADD.exe
  C:\Windows\System\FLxZADD.exe
  2⤵
  PID:9732
- C:\Windows\System\kFWLSNL.exe
  C:\Windows\System\kFWLSNL.exe
  2⤵
  PID:9788
- C:\Windows\System\kzFVTiv.exe
  C:\Windows\System\kzFVTiv.exe
  2⤵
  PID:9848
- C:\Windows\System\PwCSyUp.exe
  C:\Windows\System\PwCSyUp.exe
  2⤵
  PID:9960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FLbhpoB.exe

Filesize
6.0MB

MD5
015c83a1e6b615bce547a3aa456c361d

SHA1
f48fe04c09e1eb513967cc15256d46fd7640dc9c

SHA256
96ae104de13ac952ee7acfe23ed421994b0350ba08df551b33d74c65b835635d

SHA512
3a1f75feebb0a5b10cb69e0707aeb27eb6dbbacad6f3e03328dc642cbb6de38a91f53b42cbfc626f33d1df7bf38efec8d2ec28619e261dd11c5803e126cbf94e

Download Submit
C:\Windows\system\FbUBkWN.exe

Filesize
6.0MB

MD5
8311b36ce2b2fbd3f29b2842630bb2db

SHA1
ebf54d86b5a5cfa71bff63d0498897fd556d0d3d

SHA256
aaf1fe2c4de5fd776b9329ea0001d1db0da769241011d610be457876eec277b4

SHA512
2899130014127c695da98105c7b35940d45fa1a89cfabfe92e18c21757a1de86c1a4865f280ad353ca21b9ba9724692f8949ca3e453a6463f9043b504139a558

Download Submit
C:\Windows\system\RdCbvTP.exe

Filesize
6.0MB

MD5
5bbbb668d9b5a21354bb053827862617

SHA1
e556d062d6cdb9d90ee63070a795e09e90d76471

SHA256
1f1757123cfec5bb4629809d4da5dc7c643c4620fd4a8906380d62ae2752ed7f

SHA512
6958502acf6b494a5baad7afb632f912ad0cff3a046139837f6c5b8a446ea0b25028f6f84310915bbf46ed3dfae06421f4896d482ed040d30857a5399bc64bf9

Download Submit
C:\Windows\system\SUUrbAn.exe

Filesize
6.0MB

MD5
e29330a634a7419e8950414949a1711b

SHA1
e7bb4067125b622377f7ebcbb5e9d266c3a8a646

SHA256
40060d28aa3ee92a698157c42f3874de521f00db45f91594df01d158eec1f28a

SHA512
8a92243d9467034d1d6355668896a22b64c4e4fd21e5e57dd14a66ce061f3af22ce059ae97348db0cb91c578315a51b83f420a65f32c958b6fca471d98c54551

Download Submit
C:\Windows\system\YJwvTTw.exe

Filesize
6.0MB

MD5
03fcd9dd53abcfd340fd91f2809404b9

SHA1
e653b8ca6adc8018718a5b60bd0de8c4b2fccc4c

SHA256
b1fa5d47bd65fbce2d89c6d35091f670f237236c3760acdd48caa91f78ca4300

SHA512
b9d8c2bd7c106be272ca3425af2994ea0af9f77b7e887ba5ebc4785ee93598019b3e6779c473b3473fa2c5cb3c1b5dfb66ff3b5437997be06a091b9f8d426384

Download Submit
C:\Windows\system\YmUfMjd.exe

Filesize
6.0MB

MD5
36e4078d4af342f16a38b9a62a4e126d

SHA1
59743e226e7330d5386e0998aadeb8e384dda49b

SHA256
0c2cc43b0d3af7c1dd46e717e670b7078d3ed32ebfff52a25dc6ad6288d6c798

SHA512
e1bc5b7a3a4ae018613009bb11a11ea99b9d5f51d92fa56489bb7af565886f7f99635f01fab94c3092f06a027f7129892bb9bd30aafb92e9c2ae6df004ba8ee8

Download Submit
C:\Windows\system\YqZYNDB.exe

Filesize
6.0MB

MD5
568c7cb0075a3e830cda5c072b09155d

SHA1
3b1da8c9d8130116e57853b8edd654d737841132

SHA256
4715c835fa8e101a3d64afeba9c14b0f4816c4cbe4bef1b8e756b8b6c62a68d0

SHA512
797ce2e65818a4de7b2fef3ae59bff4a557cb77729735befefb1531b04f54a22054579758256b73029959c204eadbc9fc676b6fa280b621805bd0ff9edf7d959

Download Submit
C:\Windows\system\aNqEPBb.exe

Filesize
6.0MB

MD5
f60b34d67b1504c412381e230f895640

SHA1
53b4cec533dba48e2f78ab27edaab7211318efa3

SHA256
8265de27376beced034eddb9884ae23880d9b746ef00c9675309d35a9a8230b7

SHA512
a8f7c8adc9b5fa26f3f20e0cc8fa502f7218df4abe2ffa2cb402cbb687615bd703529ddf67e30b77d8911a890a277db5e85ea075a8cbe6e99adc89ae86eeb7ad

Download Submit
C:\Windows\system\aPAvZNC.exe

Filesize
6.0MB

MD5
7cd69109cc88eceadf4d276517d7d110

SHA1
f69c8bac46a1ae1a0a570fff87261f521cd961a5

SHA256
43683860fb3634e20f274556995f6916cc515ea8a6b7e04e6fd08cb6f3cceae6

SHA512
991ce00400f83ee063fb4b5dcaf6c68f81c864b0fd252a4d23c2a6e39a1f1d3b1ecf91442c87e1861978b1eeebf9fa5c1552dd1efe10e1d2d5c7085e17c2b430

Download Submit
C:\Windows\system\bSwYhxC.exe

Filesize
6.0MB

MD5
339ca9fca9b6af071ea400b9f480e17b

SHA1
85d8ed97717edb238d63a4ab12d1cb55b4349800

SHA256
42c89809fab4038b70f1ea315915ee54917c6f5f539761003e88c8f73ae5783b

SHA512
d774f9b9acac92d706992f53ae068c9cf4ff50b174d7170b23cfeb28b85be30cfec7c4fead55907b413b075fd1074800d6217428a12268fd4ab16e11646c97d0

Download Submit
C:\Windows\system\bnAHIDf.exe

Filesize
6.0MB

MD5
596a540b97cb36afe4fd30a7a1e81a72

SHA1
cc83ed6c1c51802be20b8364d351723d586fa470

SHA256
32821a9ea88fd9c357d4f05c4714e220e076d991271b08a6fbe06d2cce9b9d15

SHA512
c8d8eabd86cc5cbbf16ae54936879d8a76f32ee9b5759605b972454d159814e4ce82729ecb4dcd4406a66d56a7c86fc0e7a53cc5e4c555e2325edbffe392fef1

Download Submit
C:\Windows\system\cFMHIYC.exe

Filesize
6.0MB

MD5
ce39bc754fecb0c7496f167ec0e21d1e

SHA1
06a826172926ecd3b40fb4350aa37fbeba4c701e

SHA256
5496452ce82a0504c9cd6c3409d3d4f41eaa5c559e44832ae7a23f26f45c7598

SHA512
2d934e706ee6d6325abab32a6311a5db706208502c4aac4fa7f1bb79aa28d41370925a7bb58e9ade2d4a4d816323b47bac2edaf3d46eed06f8f3c4742bfc681b

Download Submit
C:\Windows\system\cdpohzV.exe

Filesize
6.0MB

MD5
06bcb37b88d3781545eebdcd5493a57a

SHA1
bf12824f6ed716af3f3a2125e0b1158ac3fb4388

SHA256
7c8650ab111289b4ef10f52efe92ed73c0a478307e773720a890bbb910599dd5

SHA512
a7316f4f02a5ae79a2ad597426844fc02455f7e6bc81207c571fa4e834b652f7204c929b0457bb39fde790188e0eba5a404d90f435a3356ee4765160e93301d8

Download Submit
C:\Windows\system\dFMobKp.exe

Filesize
6.0MB

MD5
da02c1ac733561266c13412aef1b1d49

SHA1
55ae6b6e4fe39957dd23d282847a057264edb7cb

SHA256
0f052a657d860efd854f00f8fec439956905397d2ce3e30ceb9de8c8d66ca7a6

SHA512
90758e163265c28a7b6a1f7fe39ad199f2486c97bbc8b5fdccc2c65f25c13c254741f7f8b7f7beefc1f0e31970e4fd57fae96affb964c56fe3428736bd99ec1e

Download Submit
C:\Windows\system\dMjVyIs.exe

Filesize
6.0MB

MD5
34a9a3a5af6a7de812fb752ae716ebbd

SHA1
5c8dfbb9151417cc71f47cfb830cfa1eed68558c

SHA256
c08c5b7908d8aa2b31f9387377595e2f52c8c8ab19f459bc03ea5269f84a4532

SHA512
c9121d312baacd41cf8090825bb34f9ed21930619e30eb523f6bdf2203dcf93718212d7e2ad588e82540621ffcd9470ab32f6d7b8c44940c2403c7ca429d2d0f

Download Submit
C:\Windows\system\daYaPgE.exe

Filesize
6.0MB

MD5
1a8a884bbecdd16733e229007672b4fe

SHA1
c94b8e691a3e39eec2458910164f96d01cbe42f9

SHA256
00eda51c6239c607988e4608dbb515d1a2d7bd418bb72eed0287e3ff07a332cb

SHA512
10d5fa878e34e4b00c22161f3d1b3ee9b67e5c3b403fdb779e92d1dbb6d46974bad5cc081c3deaf4468548118128e635671f1dcfd169672b81adc8ccd7bb844d

Download Submit
C:\Windows\system\jbMpqWT.exe

Filesize
6.0MB

MD5
8c3107a1de8c6791e94a27243c2296bb

SHA1
6de1c62718760e46cc6b0bdbc7b5657bc4c4eb1b

SHA256
2fdb899236012c01ec26eae3a892f0b0f592ba4576e9e27ecedc4e0ff3eccef8

SHA512
27fad3678d228e29392ffb472a46a6871a531c65aa76d1742e7af4859eab4809fe5c1d1122672a32ec3bda3688969fef58ad1ee0664e699ae3dfbfbed47da72e

Download Submit
C:\Windows\system\mJEnlJv.exe

Filesize
6.0MB

MD5
b63505d9cf3909c2bd4d352386b1f327

SHA1
d11851c5dcc00a81217efe463527307f993d42ea

SHA256
030225bc805b658edbd848b651b997a5d9abbf1c2aa8a802781c813460c7b81f

SHA512
cab97daf406e8755621ad67ef850bb30f1e207a02344841c219923e44fe377bf95ac189b049849b158a0bdf7cae3364de713e6f6d85596387b7e36d405f34569

Download Submit
C:\Windows\system\mOJBlQo.exe

Filesize
6.0MB

MD5
dd784d1a1c48307a925421cd2963355a

SHA1
1ece562bb010f91db7961c6db3380804050bbf37

SHA256
50eeb0c46305ddf7ab95f619f6f561a0bda86c1cc3d31569c981995396c4dd0d

SHA512
a24d3d8c45f5e278ee96affdf12d9ad2afc7f9f05d0aa1c20f1ba0d19f1ccc0813a053907cb45255bb6e866b7f30412f3520c1ab4d5df43101ba4d2244f37d69

Download Submit
C:\Windows\system\nNUsNUy.exe

Filesize
6.0MB

MD5
ed33e29e6a7a8d9ae1046a3511cee051

SHA1
45a49d1a7be6216495b63d6907354024ecabcd8e

SHA256
b08a8d9077f52c4f12c5f78619750ca797980657cee67f3e3e096e53628b12a4

SHA512
1b4773b5c6cd28611397f6e0a5656a9fddc789ec421fc20f32cb26dda4e1b8218859c4518f97b6b77e5cca6db1630dbb078faeeeea188a9d7cb54f5a03717cc6

Download Submit
C:\Windows\system\nYpuClx.exe

Filesize
6.0MB

MD5
9ff57f4f9698978764c36d2af5ca34df

SHA1
76451b4d0c986343aa5c8e0ffc4d30629d737ca6

SHA256
d938087563b0eb3633d855c08982b3caf683bb1c882bef50a677ba347115772c

SHA512
5bf2217d32e54cae8508c8d9cb4d2242d8781f34944951bd670694472bf383233a7b58fa35859420529650cbf6ad00549b4e9d168cbe88a4b7121aae99201e99

Download Submit
C:\Windows\system\pCwYeZM.exe

Filesize
6.0MB

MD5
5cf5e49a077cd54e97f12e0662008ba5

SHA1
358d654b3d198cf7aed544a907d291e8b2c2a869

SHA256
045400a51008c2eca0326fbd9c5e37eab6a9a2117b2e3813ae9ec85f15008f9c

SHA512
296d6a0d7811d73e610dd9d222aec2c72428f70537e3920641bf3ca3d603d530b1112b7d8df98f1f077d015b7f5c5b1fa89ceb782d7df07e105a402617101561

Download Submit
C:\Windows\system\qQOTgDp.exe

Filesize
6.0MB

MD5
55a7cb415d2916142c6239921716cb7e

SHA1
ec4a54a37289bd8c2b0d67f8f53cabea258a1499

SHA256
24823e5fd2d6c1af2f7f8652f8923e3cc39f52a14146e1549c0b45ab6168116d

SHA512
5b956320f124a4f6dd7234f7c349c4ccb56323fed0a5d12a7d84a2885f0c15ba90e41c4f4e7233ae8dcf344daabef92173b69d2fcb465fb84cd7008aebfb655a

Download Submit
C:\Windows\system\uXoCwvI.exe

Filesize
6.0MB

MD5
88c603e67a9f75527da43682c663921e

SHA1
8197b3633fd442e4454ba816c00441d7a04479a0

SHA256
523a65196feccdc59ab5303985076f12dfb594dc0b089703881f9634887ed29d

SHA512
76fe9237c0bf03deb232baf28a244ab17cc50a0b3e1d47a32399830536b0f4d1bda2b50fc977d8492dad9fe9a15d3bd2b69a514859f1898ab35aa05aca008867

Download Submit
C:\Windows\system\uhgHZyH.exe

Filesize
6.0MB

MD5
12878d82db1b6cd4d01bafd2c1e0f246

SHA1
91ade120afb387ef63117fb35957bc7f9313a126

SHA256
f3d2662f255f301b7c72ab068ffbb2f416657f8cec821e4a55d4776db8d8dbb8

SHA512
f906f3488edb8fa34c23794c9768895c96ab6b6a0811eac649457eb25b7fc4bc19e5b45fa08a131df06796d2497cfff91bf767aab30c27cebba6c231cec89866

Download Submit
C:\Windows\system\xRpsDjw.exe

Filesize
6.0MB

MD5
2d524053a33a4bca5f836e5e41b9cc6f

SHA1
2717a4b276d55f6c415e2af0cacbab17351ba54c

SHA256
fc2a191c353860ad6b3e86397022ba0cb9c82fa23733bf6c4145ce039f8c3af6

SHA512
7867e0d89c1067c430970f19691622650701395fa07676801cabf4c2f26ab8bc14d61fc91b2abe8b103748638bfe7cb11c241d5b3afb566c403f9dd83ef3e38f

Download Submit
\Windows\system\BqwgpiK.exe

Filesize
6.0MB

MD5
628e4dcaa303cdc3029db72aa2a939b3

SHA1
77239d1c151b23738f9fb6bae3e9dd614490d8fb

SHA256
524a1e8d06acaccfe15c324f1741c5d3f05edfdfbb5392ef4119ba201be8348f

SHA512
cc553b928728024b639b3742f6c87746f72075813322ef766abced56dd1dc394420f48a86bc56b8fcb15b11cea0c912ff942fded827f9c3827fe0a827b528c05

Download Submit
\Windows\system\DphYIqf.exe

Filesize
6.0MB

MD5
62c6786aa14762441e6105c52b0d055f

SHA1
dc0d9ecb39f30777897571b86ffcc64adda2a327

SHA256
b5e48db7f76bf62aeb037c017856f1675ddb243142fa9b9511d82ac843c02e2a

SHA512
19b15355b7ccd29b1e982eb816a246efc777101ebb8fdcebadf454ea92d34c4eb4f8f56d79090087669bc25a84bc7cab53bbd6ad4b79de0dc430d9adbf37a422

Download Submit
\Windows\system\GNspGsW.exe

Filesize
6.0MB

MD5
449fb8c1514a59efc4d93e0b75c0f6bb

SHA1
73d7d727cf2980ee8c658db6f8e1482d01ca0d08

SHA256
27cedfaf0c511ebbc67edbec30b7693de6bb2100d71b58ee56a765f4483b9498

SHA512
6dbf95a36d343ce7307bf9cba9441ac266001a6f88002d662ca9ec63de7a4085075fdf58c9e01a3ccbb18037ecf2833ff116f9852631689419f915148c275d62

Download Submit
\Windows\system\OmJbFQo.exe

Filesize
6.0MB

MD5
71ea5f93bb1a1060670fa4fc4bdaeb1a

SHA1
f16751757abd9050d4b0bca6c25ea151fff2b715

SHA256
5cb08bb0f8a59db7998a979600f25ea7095ca4db1df81b834e4654faab383952

SHA512
f0020419b8be344948d12a1a4b89058ac918e3da8573fe93191049fd3ba0d68285325a2c903c3dac4777074fe79f04110ffa166ad23718baa7e4ec94246d4a6e

Download Submit
\Windows\system\PLEnpPJ.exe

Filesize
6.0MB

MD5
6fe845492c2859d1738f7a54ba3a9031

SHA1
04c4d94cd0dbb1a361571eb82532fab8a86cc6ed

SHA256
0da7ff1d008ef06604d1a35256bc1845865117b6db3016fc62bbf0aa76f7210b

SHA512
7229a2d746baaf0a6aa36c66f0e343446958c6b06364e5626989ca49500ac657117bad14c50d5c5b977baba49794797aa3b04775fb57ec0b2143852d79eb440e

Download Submit
\Windows\system\PZIwzaf.exe

Filesize
6.0MB

MD5
7d6996a5fd44bb5754b40654cafffebf

SHA1
629ef7ff120563d96daf20baa168bbcbc3ada4e4

SHA256
be28e6710767ec9114ad5592338b074fd7df1107f506d81f4cb9d9309f369ac9

SHA512
3ae226ed0f5c63e41125db3aead54387d97859434b7df92429454cfbaa1fb0dff61e98fc6f4f7b7c361387916082e33bb084441d1e23ca2b14833a0cfed6523e

Download Submit
\Windows\system\bzIzOWU.exe

Filesize
6.0MB

MD5
f4046ec4f552a95ede020fbc540c1dce

SHA1
2de8d0573fce94b1dd2edc60151a9eda557db259

SHA256
2f2e9cd26b0973998be27d2ed2832ea6ead29ca30700688c7d33d8114ea3e1af

SHA512
5644af6f23340ca91d1ce7734ac664a0cbcd6ac894acba97d1776d1883d4004767c41c573dd944b7582eb1eedaa76075912731997e69a4791bae12f57e5dd996

Download Submit
\Windows\system\sssCjOL.exe

Filesize
6.0MB

MD5
9d84ccf873493d3181e12d357bff046c

SHA1
dbe6bad1843e91bfead0b719617aad8c14ee0c0f

SHA256
e7e005623eba656007ccfd538c55f52538974f79c3bdf1ae851be6569ea7be18

SHA512
ead70686f1f6bb1489d897143ede0aef51b61bfc669d843ed560ea7793d8d8689b02f1e183699d559bf162558c1765e80fd5d5978936ca11d9be397d32a69ff1

Download Submit
\Windows\system\yXjLgxh.exe

Filesize
6.0MB

MD5
5de190033e0ca010acad8e67020028cc

SHA1
3f584dadb0ed9d36c1e98347f89e528056ec7326

SHA256
70a2f5c1ae3ef09aef1f43c53f97ef1738de8958b82b43452ce5b2ed43c90d44

SHA512
99a2a1210c818f4125d558f62c60aa492c72ad3221ec266dffe7958e6a1b550783bcab008a50af71cfeca85460a613c40aa0126e40e7bede47d75dbf0988152a

Download Submit
memory/1776-3955-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1776-190-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1804-3970-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1804-155-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2012-3963-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-194-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3969-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2060-196-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2096-197-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-154-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2096-195-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2096-198-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-193-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-8-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2096-191-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1334-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-189-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2096-187-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2096-176-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2096-185-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1035-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1367-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1515-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1430-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-159-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1476-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1517-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1530-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2096-136-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1531-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-0-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1677-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2096-142-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2096-151-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2304-188-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2304-3966-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3967-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2596-184-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3956-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-152-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-186-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3959-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-141-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3957-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3953-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2800-21-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3954-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2832-166-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3968-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2840-192-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3965-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2888-135-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3971-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2908-148-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download