cobaltstrike | 4a8b31d11a857eec156a74ef4ff07145a57d304aeca7421c7941c0412578ea15

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/01/2025, 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

25ed751066cf6061d41900b302cfefc3
SHA1

6fdac5361d3adb4f1a602141472586df3a2cbd7b
SHA256

4a8b31d11a857eec156a74ef4ff07145a57d304aeca7421c7941c0412578ea15
SHA512

7ffded9db358e28cca5948967575c6eadcaf7ab20c75002272ccbae668671bbe7e37b7d090dcd2db3438a61e5461c869c807f39e50d1ca39ffa843c532c7fa3b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012268-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001937b-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019397-11.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019423-24.dat	cobalt_reflective_dll
behavioral1/files/0x0027000000019353-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019438-47.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019426-40.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019442-57.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197aa-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2ed-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a481-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a460-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a433-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a429-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a31e-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09a-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a063-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a059-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f5e-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f47-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d7b-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cad-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c76-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c74-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c5b-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019afd-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aff-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a62-79.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001944d-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2676-0-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x000c000000012268-6.dat	xmrig
behavioral1/files/0x000800000001937b-8.dat	xmrig
behavioral1/files/0x0007000000019397-11.dat	xmrig
behavioral1/memory/2932-23-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2804-16-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2936-15-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x0006000000019423-24.dat	xmrig
behavioral1/memory/2676-12-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x0027000000019353-34.dat	xmrig
behavioral1/memory/2548-37-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0006000000019438-47.dat	xmrig
behavioral1/memory/2676-45-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2624-44-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019426-40.dat	xmrig
behavioral1/memory/2832-30-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/828-61-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019442-57.dat	xmrig
behavioral1/files/0x00050000000197aa-68.dat	xmrig
behavioral1/memory/2448-95-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x000500000001a2ed-152.dat	xmrig
behavioral1/memory/2676-294-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2588-1117-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a481-193.dat	xmrig
behavioral1/files/0x000500000001a460-187.dat	xmrig
behavioral1/files/0x000500000001a434-182.dat	xmrig
behavioral1/files/0x000500000001a433-177.dat	xmrig
behavioral1/files/0x000500000001a431-173.dat	xmrig
behavioral1/files/0x000500000001a429-167.dat	xmrig
behavioral1/files/0x000500000001a427-162.dat	xmrig
behavioral1/files/0x000500000001a31e-157.dat	xmrig
behavioral1/files/0x000500000001a09a-147.dat	xmrig
behavioral1/files/0x000500000001a063-142.dat	xmrig
behavioral1/files/0x000500000001a059-137.dat	xmrig
behavioral1/files/0x0005000000019f5e-132.dat	xmrig
behavioral1/files/0x0005000000019f47-127.dat	xmrig
behavioral1/files/0x0005000000019d7b-122.dat	xmrig
behavioral1/files/0x0005000000019cad-117.dat	xmrig
behavioral1/files/0x0005000000019c76-112.dat	xmrig
behavioral1/files/0x0005000000019c74-107.dat	xmrig
behavioral1/memory/2588-101-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c5b-98.dat	xmrig
behavioral1/files/0x0005000000019afd-86.dat	xmrig
behavioral1/files/0x0005000000019aff-92.dat	xmrig
behavioral1/memory/2384-90-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/1052-82-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x0005000000019a62-79.dat	xmrig
behavioral1/memory/2676-77-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2964-76-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2676-70-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2128-69-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x000700000001944d-65.dat	xmrig
behavioral1/memory/2932-63-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2676-62-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2200-53-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2804-3163-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2936-3239-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2932-3274-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2832-3291-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/1052-3386-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2128-3385-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2200-3383-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/828-3419-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2448-3443-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2804	lGQoIZT.exe
2936	wuMZvpq.exe
2932	TRnVAOw.exe
2832	jzplppm.exe
2548	uUoLwvq.exe
2624	MKSgCqp.exe
2200	hjVQdva.exe
828	HnVgECF.exe
2128	okGxtdn.exe
2964	VEevdtn.exe
1052	OmQUpPo.exe
2384	XEEAigo.exe
2448	ACpfEnO.exe
2588	MaSOAQK.exe
804	lrYkBXP.exe
1076	UHyVRtN.exe
2152	UWBakEx.exe
2648	PysuKLw.exe
1628	NpFPWwl.exe
380	XyWbaeH.exe
1856	VCfLxzR.exe
2112	qCGptWO.exe
2356	LeuQpLV.exe
2108	LVLISIl.exe
2984	WErTCya.exe
2008	xaUTIPL.exe
1308	mojsWNw.exe
1300	Nddhpgx.exe
2064	TjcFLXB.exe
940	fDrymnF.exe
752	KaGHumb.exe
1896	LLxeNmr.exe
2256	BjUCfie.exe
1516	MdsmkDv.exe
2520	tzCoPQP.exe
2860	TuvVdNX.exe
1720	KXomBya.exe
552	JdODeki.exe
2312	tFgszJq.exe
2644	OTBpNCV.exe
2180	xkkEuVc.exe
2032	cXVyqTf.exe
1520	WrULvDb.exe
2060	wiSrUMy.exe
564	lDfFViX.exe
2260	YtnJDoT.exe
888	VOLnnCB.exe
608	LrsvvfL.exe
2024	JqKIccF.exe
1880	QgekwOx.exe
1700	emnILgJ.exe
1580	oQVbctL.exe
2672	KGXaEaf.exe
2576	TUigmGN.exe
2720	qfvZaDq.exe
1360	EXihENO.exe
3032	YZmcojL.exe
2532	FhKSzxI.exe
912	EaqCiYM.exe
2228	qtQyMsG.exe
1480	ZRcwgmb.exe
1072	OFSCImY.exe
2020	qwxuYCf.exe
2820	DpoIVRr.exe

Loads dropped DLL 64 IoCs

pid	Process
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2676-0-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x000c000000012268-6.dat	upx
behavioral1/files/0x000800000001937b-8.dat	upx
behavioral1/files/0x0007000000019397-11.dat	upx
behavioral1/memory/2932-23-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2804-16-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2936-15-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x0006000000019423-24.dat	upx
behavioral1/files/0x0027000000019353-34.dat	upx
behavioral1/memory/2548-37-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0006000000019438-47.dat	upx
behavioral1/memory/2676-45-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2624-44-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0006000000019426-40.dat	upx
behavioral1/memory/2832-30-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/828-61-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x0008000000019442-57.dat	upx
behavioral1/files/0x00050000000197aa-68.dat	upx
behavioral1/memory/2448-95-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x000500000001a2ed-152.dat	upx
behavioral1/memory/2588-1117-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x000500000001a481-193.dat	upx
behavioral1/files/0x000500000001a460-187.dat	upx
behavioral1/files/0x000500000001a434-182.dat	upx
behavioral1/files/0x000500000001a433-177.dat	upx
behavioral1/files/0x000500000001a431-173.dat	upx
behavioral1/files/0x000500000001a429-167.dat	upx
behavioral1/files/0x000500000001a427-162.dat	upx
behavioral1/files/0x000500000001a31e-157.dat	upx
behavioral1/files/0x000500000001a09a-147.dat	upx
behavioral1/files/0x000500000001a063-142.dat	upx
behavioral1/files/0x000500000001a059-137.dat	upx
behavioral1/files/0x0005000000019f5e-132.dat	upx
behavioral1/files/0x0005000000019f47-127.dat	upx
behavioral1/files/0x0005000000019d7b-122.dat	upx
behavioral1/files/0x0005000000019cad-117.dat	upx
behavioral1/files/0x0005000000019c76-112.dat	upx
behavioral1/files/0x0005000000019c74-107.dat	upx
behavioral1/memory/2588-101-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x0005000000019c5b-98.dat	upx
behavioral1/files/0x0005000000019afd-86.dat	upx
behavioral1/files/0x0005000000019aff-92.dat	upx
behavioral1/memory/2384-90-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/1052-82-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x0005000000019a62-79.dat	upx
behavioral1/memory/2964-76-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2128-69-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x000700000001944d-65.dat	upx
behavioral1/memory/2932-63-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2200-53-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2804-3163-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2936-3239-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2932-3274-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2832-3291-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/1052-3386-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2128-3385-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2200-3383-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/828-3419-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2448-3443-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2964-3413-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2588-3427-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2384-3425-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2548-3301-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2624-3300-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JwptKCk.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxxyVSg.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRtjEuR.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPIjfHC.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrntOmk.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSWOveo.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNrdBDW.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJDGjrp.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfxMGeE.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KynJxXp.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOxtqIL.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDguZvs.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLPPbMX.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HlalXaK.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mGNWJdb.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LohHwGt.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwoZHUi.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUUpfmP.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUiXxkw.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvrNZUb.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnpTuqm.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQksKcj.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwrKfoD.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFmKLpQ.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMQyPXX.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDqrZCl.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFEpxTZ.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kfKzxWM.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfWlOVA.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdDpNZq.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiaRgzl.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbMbNcJ.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWWRCIp.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ouAzSEl.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCBOXiu.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZqGheG.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntOxmba.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXqEnXX.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dxTaRsu.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hSlfAqK.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcwXFqu.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jLUrOdO.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHESbKE.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvWmtNX.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHGkhbE.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVLISIl.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuvVdNX.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XCsHemd.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hcpgaGY.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Dozfpgv.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZyTRON.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DVkJceA.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hcFwVjN.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxZcFGV.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZEvwvb.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecbypBb.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNedIEV.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGEVcDS.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSuImNA.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxrUWdc.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXOewaw.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rngDwbQ.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKimYMA.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIBayuf.exe	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2804	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2676 wrote to memory of 2804	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2676 wrote to memory of 2804	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2676 wrote to memory of 2936	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2676 wrote to memory of 2936	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2676 wrote to memory of 2936	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2676 wrote to memory of 2932	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2676 wrote to memory of 2932	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2676 wrote to memory of 2932	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2676 wrote to memory of 2832	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2676 wrote to memory of 2832	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2676 wrote to memory of 2832	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2676 wrote to memory of 2548	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2676 wrote to memory of 2548	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2676 wrote to memory of 2548	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2676 wrote to memory of 2624	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2676 wrote to memory of 2624	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2676 wrote to memory of 2624	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2676 wrote to memory of 2200	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2676 wrote to memory of 2200	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2676 wrote to memory of 2200	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2676 wrote to memory of 828	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2676 wrote to memory of 828	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2676 wrote to memory of 828	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2676 wrote to memory of 2128	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2676 wrote to memory of 2128	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2676 wrote to memory of 2128	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2676 wrote to memory of 2964	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2676 wrote to memory of 2964	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2676 wrote to memory of 2964	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2676 wrote to memory of 1052	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2676 wrote to memory of 1052	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2676 wrote to memory of 1052	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2676 wrote to memory of 2384	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2676 wrote to memory of 2384	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2676 wrote to memory of 2384	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2676 wrote to memory of 2448	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2676 wrote to memory of 2448	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2676 wrote to memory of 2448	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2676 wrote to memory of 2588	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2676 wrote to memory of 2588	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2676 wrote to memory of 2588	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2676 wrote to memory of 804	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2676 wrote to memory of 804	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2676 wrote to memory of 804	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2676 wrote to memory of 1076	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2676 wrote to memory of 1076	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2676 wrote to memory of 1076	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2676 wrote to memory of 2152	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2676 wrote to memory of 2152	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2676 wrote to memory of 2152	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2676 wrote to memory of 2648	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2676 wrote to memory of 2648	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2676 wrote to memory of 2648	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2676 wrote to memory of 1628	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2676 wrote to memory of 1628	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2676 wrote to memory of 1628	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2676 wrote to memory of 380	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2676 wrote to memory of 380	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2676 wrote to memory of 380	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2676 wrote to memory of 1856	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2676 wrote to memory of 1856	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2676 wrote to memory of 1856	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2676 wrote to memory of 2112	2676	2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_25ed751066cf6061d41900b302cfefc3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\System\lGQoIZT.exe
  C:\Windows\System\lGQoIZT.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\wuMZvpq.exe
  C:\Windows\System\wuMZvpq.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\TRnVAOw.exe
  C:\Windows\System\TRnVAOw.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\jzplppm.exe
  C:\Windows\System\jzplppm.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\uUoLwvq.exe
  C:\Windows\System\uUoLwvq.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\MKSgCqp.exe
  C:\Windows\System\MKSgCqp.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\hjVQdva.exe
  C:\Windows\System\hjVQdva.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\HnVgECF.exe
  C:\Windows\System\HnVgECF.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\okGxtdn.exe
  C:\Windows\System\okGxtdn.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\VEevdtn.exe
  C:\Windows\System\VEevdtn.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\OmQUpPo.exe
  C:\Windows\System\OmQUpPo.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\XEEAigo.exe
  C:\Windows\System\XEEAigo.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\ACpfEnO.exe
  C:\Windows\System\ACpfEnO.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\MaSOAQK.exe
  C:\Windows\System\MaSOAQK.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\lrYkBXP.exe
  C:\Windows\System\lrYkBXP.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\UHyVRtN.exe
  C:\Windows\System\UHyVRtN.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\UWBakEx.exe
  C:\Windows\System\UWBakEx.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\PysuKLw.exe
  C:\Windows\System\PysuKLw.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\NpFPWwl.exe
  C:\Windows\System\NpFPWwl.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\XyWbaeH.exe
  C:\Windows\System\XyWbaeH.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\VCfLxzR.exe
  C:\Windows\System\VCfLxzR.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\qCGptWO.exe
  C:\Windows\System\qCGptWO.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\LeuQpLV.exe
  C:\Windows\System\LeuQpLV.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\LVLISIl.exe
  C:\Windows\System\LVLISIl.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\WErTCya.exe
  C:\Windows\System\WErTCya.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\xaUTIPL.exe
  C:\Windows\System\xaUTIPL.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\mojsWNw.exe
  C:\Windows\System\mojsWNw.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\Nddhpgx.exe
  C:\Windows\System\Nddhpgx.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\TjcFLXB.exe
  C:\Windows\System\TjcFLXB.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\fDrymnF.exe
  C:\Windows\System\fDrymnF.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\KaGHumb.exe
  C:\Windows\System\KaGHumb.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\LLxeNmr.exe
  C:\Windows\System\LLxeNmr.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\BjUCfie.exe
  C:\Windows\System\BjUCfie.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\MdsmkDv.exe
  C:\Windows\System\MdsmkDv.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\tzCoPQP.exe
  C:\Windows\System\tzCoPQP.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\TuvVdNX.exe
  C:\Windows\System\TuvVdNX.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\KXomBya.exe
  C:\Windows\System\KXomBya.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\JdODeki.exe
  C:\Windows\System\JdODeki.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\tFgszJq.exe
  C:\Windows\System\tFgszJq.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\OTBpNCV.exe
  C:\Windows\System\OTBpNCV.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\xkkEuVc.exe
  C:\Windows\System\xkkEuVc.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\cXVyqTf.exe
  C:\Windows\System\cXVyqTf.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\WrULvDb.exe
  C:\Windows\System\WrULvDb.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\wiSrUMy.exe
  C:\Windows\System\wiSrUMy.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\lDfFViX.exe
  C:\Windows\System\lDfFViX.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\YtnJDoT.exe
  C:\Windows\System\YtnJDoT.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\VOLnnCB.exe
  C:\Windows\System\VOLnnCB.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\LrsvvfL.exe
  C:\Windows\System\LrsvvfL.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\JqKIccF.exe
  C:\Windows\System\JqKIccF.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\QgekwOx.exe
  C:\Windows\System\QgekwOx.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\emnILgJ.exe
  C:\Windows\System\emnILgJ.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\oQVbctL.exe
  C:\Windows\System\oQVbctL.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\KGXaEaf.exe
  C:\Windows\System\KGXaEaf.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\TUigmGN.exe
  C:\Windows\System\TUigmGN.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\qfvZaDq.exe
  C:\Windows\System\qfvZaDq.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\EXihENO.exe
  C:\Windows\System\EXihENO.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\YZmcojL.exe
  C:\Windows\System\YZmcojL.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\FhKSzxI.exe
  C:\Windows\System\FhKSzxI.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\EaqCiYM.exe
  C:\Windows\System\EaqCiYM.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\qtQyMsG.exe
  C:\Windows\System\qtQyMsG.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\ZRcwgmb.exe
  C:\Windows\System\ZRcwgmb.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\OFSCImY.exe
  C:\Windows\System\OFSCImY.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\qwxuYCf.exe
  C:\Windows\System\qwxuYCf.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\DpoIVRr.exe
  C:\Windows\System\DpoIVRr.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\eTZhphp.exe
  C:\Windows\System\eTZhphp.exe
  2⤵
  PID:1904
- C:\Windows\System\MCFHBEu.exe
  C:\Windows\System\MCFHBEu.exe
  2⤵
  PID:620
- C:\Windows\System\TpPicZP.exe
  C:\Windows\System\TpPicZP.exe
  2⤵
  PID:2276
- C:\Windows\System\YaSVTKN.exe
  C:\Windows\System\YaSVTKN.exe
  2⤵
  PID:2380
- C:\Windows\System\iRADYjn.exe
  C:\Windows\System\iRADYjn.exe
  2⤵
  PID:1792
- C:\Windows\System\rngDwbQ.exe
  C:\Windows\System\rngDwbQ.exe
  2⤵
  PID:3000
- C:\Windows\System\Wtnkyuu.exe
  C:\Windows\System\Wtnkyuu.exe
  2⤵
  PID:896
- C:\Windows\System\HmNuUsV.exe
  C:\Windows\System\HmNuUsV.exe
  2⤵
  PID:2124
- C:\Windows\System\qjBgzLc.exe
  C:\Windows\System\qjBgzLc.exe
  2⤵
  PID:2864
- C:\Windows\System\iPfUnOx.exe
  C:\Windows\System\iPfUnOx.exe
  2⤵
  PID:1404
- C:\Windows\System\IxeQDkT.exe
  C:\Windows\System\IxeQDkT.exe
  2⤵
  PID:1704
- C:\Windows\System\ltkCrbY.exe
  C:\Windows\System\ltkCrbY.exe
  2⤵
  PID:1716
- C:\Windows\System\psuFtPN.exe
  C:\Windows\System\psuFtPN.exe
  2⤵
  PID:1980
- C:\Windows\System\CWRmGSf.exe
  C:\Windows\System\CWRmGSf.exe
  2⤵
  PID:2492
- C:\Windows\System\IaNNkDy.exe
  C:\Windows\System\IaNNkDy.exe
  2⤵
  PID:2848
- C:\Windows\System\keiscOL.exe
  C:\Windows\System\keiscOL.exe
  2⤵
  PID:996
- C:\Windows\System\BuxMNCV.exe
  C:\Windows\System\BuxMNCV.exe
  2⤵
  PID:2420
- C:\Windows\System\eAPrnWj.exe
  C:\Windows\System\eAPrnWj.exe
  2⤵
  PID:2404
- C:\Windows\System\qZqGheG.exe
  C:\Windows\System\qZqGheG.exe
  2⤵
  PID:2464
- C:\Windows\System\oeveuXX.exe
  C:\Windows\System\oeveuXX.exe
  2⤵
  PID:1724
- C:\Windows\System\bjFebWo.exe
  C:\Windows\System\bjFebWo.exe
  2⤵
  PID:2652
- C:\Windows\System\RSexrVj.exe
  C:\Windows\System\RSexrVj.exe
  2⤵
  PID:2800
- C:\Windows\System\sombGxe.exe
  C:\Windows\System\sombGxe.exe
  2⤵
  PID:2560
- C:\Windows\System\btyKpaI.exe
  C:\Windows\System\btyKpaI.exe
  2⤵
  PID:2692
- C:\Windows\System\QomJQEc.exe
  C:\Windows\System\QomJQEc.exe
  2⤵
  PID:2960
- C:\Windows\System\KEJWjil.exe
  C:\Windows\System\KEJWjil.exe
  2⤵
  PID:2068
- C:\Windows\System\YugJBLv.exe
  C:\Windows\System\YugJBLv.exe
  2⤵
  PID:1216
- C:\Windows\System\XvhhOOx.exe
  C:\Windows\System\XvhhOOx.exe
  2⤵
  PID:2536
- C:\Windows\System\LizzDTY.exe
  C:\Windows\System\LizzDTY.exe
  2⤵
  PID:320
- C:\Windows\System\yvxVcEn.exe
  C:\Windows\System\yvxVcEn.exe
  2⤵
  PID:2204
- C:\Windows\System\UgyBUHE.exe
  C:\Windows\System\UgyBUHE.exe
  2⤵
  PID:2980
- C:\Windows\System\ZDLxXmI.exe
  C:\Windows\System\ZDLxXmI.exe
  2⤵
  PID:1652
- C:\Windows\System\yQQIigz.exe
  C:\Windows\System\yQQIigz.exe
  2⤵
  PID:872
- C:\Windows\System\VroCYJL.exe
  C:\Windows\System\VroCYJL.exe
  2⤵
  PID:2076
- C:\Windows\System\SVpfJyO.exe
  C:\Windows\System\SVpfJyO.exe
  2⤵
  PID:3092
- C:\Windows\System\ndGGwjh.exe
  C:\Windows\System\ndGGwjh.exe
  2⤵
  PID:3112
- C:\Windows\System\EvaKAmZ.exe
  C:\Windows\System\EvaKAmZ.exe
  2⤵
  PID:3132
- C:\Windows\System\kfKzxWM.exe
  C:\Windows\System\kfKzxWM.exe
  2⤵
  PID:3152
- C:\Windows\System\wyFQOoY.exe
  C:\Windows\System\wyFQOoY.exe
  2⤵
  PID:3172
- C:\Windows\System\LXJtPmq.exe
  C:\Windows\System\LXJtPmq.exe
  2⤵
  PID:3192
- C:\Windows\System\daomPIv.exe
  C:\Windows\System\daomPIv.exe
  2⤵
  PID:3208
- C:\Windows\System\jhjbMVj.exe
  C:\Windows\System\jhjbMVj.exe
  2⤵
  PID:3224
- C:\Windows\System\zWDPRIs.exe
  C:\Windows\System\zWDPRIs.exe
  2⤵
  PID:3248
- C:\Windows\System\cybsvGz.exe
  C:\Windows\System\cybsvGz.exe
  2⤵
  PID:3272
- C:\Windows\System\DezZPYq.exe
  C:\Windows\System\DezZPYq.exe
  2⤵
  PID:3292
- C:\Windows\System\ozVYUmG.exe
  C:\Windows\System\ozVYUmG.exe
  2⤵
  PID:3312
- C:\Windows\System\kGGFGMj.exe
  C:\Windows\System\kGGFGMj.exe
  2⤵
  PID:3332
- C:\Windows\System\NOyWulH.exe
  C:\Windows\System\NOyWulH.exe
  2⤵
  PID:3356
- C:\Windows\System\VWTDqDB.exe
  C:\Windows\System\VWTDqDB.exe
  2⤵
  PID:3376
- C:\Windows\System\gvcXnQs.exe
  C:\Windows\System\gvcXnQs.exe
  2⤵
  PID:3396
- C:\Windows\System\AsLobdK.exe
  C:\Windows\System\AsLobdK.exe
  2⤵
  PID:3416
- C:\Windows\System\RBZXUjq.exe
  C:\Windows\System\RBZXUjq.exe
  2⤵
  PID:3436
- C:\Windows\System\rfWlOVA.exe
  C:\Windows\System\rfWlOVA.exe
  2⤵
  PID:3456
- C:\Windows\System\iFtFICF.exe
  C:\Windows\System\iFtFICF.exe
  2⤵
  PID:3476
- C:\Windows\System\hoIzZJM.exe
  C:\Windows\System\hoIzZJM.exe
  2⤵
  PID:3496
- C:\Windows\System\QxEVZmN.exe
  C:\Windows\System\QxEVZmN.exe
  2⤵
  PID:3516
- C:\Windows\System\EUVhaYq.exe
  C:\Windows\System\EUVhaYq.exe
  2⤵
  PID:3536
- C:\Windows\System\svwUVcg.exe
  C:\Windows\System\svwUVcg.exe
  2⤵
  PID:3556
- C:\Windows\System\NABvhnp.exe
  C:\Windows\System\NABvhnp.exe
  2⤵
  PID:3576
- C:\Windows\System\SJECvdo.exe
  C:\Windows\System\SJECvdo.exe
  2⤵
  PID:3596
- C:\Windows\System\mmiwWdm.exe
  C:\Windows\System\mmiwWdm.exe
  2⤵
  PID:3616
- C:\Windows\System\unQnhba.exe
  C:\Windows\System\unQnhba.exe
  2⤵
  PID:3636
- C:\Windows\System\EnniXNE.exe
  C:\Windows\System\EnniXNE.exe
  2⤵
  PID:3652
- C:\Windows\System\BlbzDSy.exe
  C:\Windows\System\BlbzDSy.exe
  2⤵
  PID:3672
- C:\Windows\System\TgTHEAC.exe
  C:\Windows\System\TgTHEAC.exe
  2⤵
  PID:3692
- C:\Windows\System\BFcgilW.exe
  C:\Windows\System\BFcgilW.exe
  2⤵
  PID:3716
- C:\Windows\System\wlFHcuP.exe
  C:\Windows\System\wlFHcuP.exe
  2⤵
  PID:3736
- C:\Windows\System\AacLLaD.exe
  C:\Windows\System\AacLLaD.exe
  2⤵
  PID:3756
- C:\Windows\System\shPXSfQ.exe
  C:\Windows\System\shPXSfQ.exe
  2⤵
  PID:3776
- C:\Windows\System\ipiTAXN.exe
  C:\Windows\System\ipiTAXN.exe
  2⤵
  PID:3796
- C:\Windows\System\fYRfYNN.exe
  C:\Windows\System\fYRfYNN.exe
  2⤵
  PID:3816
- C:\Windows\System\MoYFGKK.exe
  C:\Windows\System\MoYFGKK.exe
  2⤵
  PID:3836
- C:\Windows\System\rgdlaFl.exe
  C:\Windows\System\rgdlaFl.exe
  2⤵
  PID:3856
- C:\Windows\System\ThuxVgI.exe
  C:\Windows\System\ThuxVgI.exe
  2⤵
  PID:3876
- C:\Windows\System\LzaxlDP.exe
  C:\Windows\System\LzaxlDP.exe
  2⤵
  PID:3896
- C:\Windows\System\PgVuQJr.exe
  C:\Windows\System\PgVuQJr.exe
  2⤵
  PID:3916
- C:\Windows\System\TtuPtQS.exe
  C:\Windows\System\TtuPtQS.exe
  2⤵
  PID:3936
- C:\Windows\System\NHMYBgM.exe
  C:\Windows\System\NHMYBgM.exe
  2⤵
  PID:3956
- C:\Windows\System\HmbAFKv.exe
  C:\Windows\System\HmbAFKv.exe
  2⤵
  PID:3976
- C:\Windows\System\awAEDUi.exe
  C:\Windows\System\awAEDUi.exe
  2⤵
  PID:3996
- C:\Windows\System\dXVQnLM.exe
  C:\Windows\System\dXVQnLM.exe
  2⤵
  PID:4016
- C:\Windows\System\GpxNYXK.exe
  C:\Windows\System\GpxNYXK.exe
  2⤵
  PID:4036
- C:\Windows\System\tBxAeJW.exe
  C:\Windows\System\tBxAeJW.exe
  2⤵
  PID:4056
- C:\Windows\System\JcpjDDB.exe
  C:\Windows\System\JcpjDDB.exe
  2⤵
  PID:4076
- C:\Windows\System\foCJFBr.exe
  C:\Windows\System\foCJFBr.exe
  2⤵
  PID:1348
- C:\Windows\System\WYeLKfr.exe
  C:\Windows\System\WYeLKfr.exe
  2⤵
  PID:2056
- C:\Windows\System\RXDRwug.exe
  C:\Windows\System\RXDRwug.exe
  2⤵
  PID:2484
- C:\Windows\System\AFwEnBs.exe
  C:\Windows\System\AFwEnBs.exe
  2⤵
  PID:984
- C:\Windows\System\VtBUcwg.exe
  C:\Windows\System\VtBUcwg.exe
  2⤵
  PID:1748
- C:\Windows\System\IZAUKFA.exe
  C:\Windows\System\IZAUKFA.exe
  2⤵
  PID:792
- C:\Windows\System\IbcKIzC.exe
  C:\Windows\System\IbcKIzC.exe
  2⤵
  PID:2640
- C:\Windows\System\IqdowDw.exe
  C:\Windows\System\IqdowDw.exe
  2⤵
  PID:1572
- C:\Windows\System\tBVqHcX.exe
  C:\Windows\System\tBVqHcX.exe
  2⤵
  PID:2660
- C:\Windows\System\IcLNMpz.exe
  C:\Windows\System\IcLNMpz.exe
  2⤵
  PID:2368
- C:\Windows\System\yEWaoMk.exe
  C:\Windows\System\yEWaoMk.exe
  2⤵
  PID:2004
- C:\Windows\System\lKfjNgN.exe
  C:\Windows\System\lKfjNgN.exe
  2⤵
  PID:2556
- C:\Windows\System\viQrGdi.exe
  C:\Windows\System\viQrGdi.exe
  2⤵
  PID:2100
- C:\Windows\System\XcOFyQb.exe
  C:\Windows\System\XcOFyQb.exe
  2⤵
  PID:2132
- C:\Windows\System\xnDmfiG.exe
  C:\Windows\System\xnDmfiG.exe
  2⤵
  PID:3100
- C:\Windows\System\WdDpNZq.exe
  C:\Windows\System\WdDpNZq.exe
  2⤵
  PID:3080
- C:\Windows\System\pjaCmDp.exe
  C:\Windows\System\pjaCmDp.exe
  2⤵
  PID:3128
- C:\Windows\System\naboWso.exe
  C:\Windows\System\naboWso.exe
  2⤵
  PID:3168
- C:\Windows\System\qTYaTOU.exe
  C:\Windows\System\qTYaTOU.exe
  2⤵
  PID:3216
- C:\Windows\System\uDblHoH.exe
  C:\Windows\System\uDblHoH.exe
  2⤵
  PID:3260
- C:\Windows\System\MeAmlNB.exe
  C:\Windows\System\MeAmlNB.exe
  2⤵
  PID:3268
- C:\Windows\System\rHAUusE.exe
  C:\Windows\System\rHAUusE.exe
  2⤵
  PID:3308
- C:\Windows\System\BzhwLXK.exe
  C:\Windows\System\BzhwLXK.exe
  2⤵
  PID:3352
- C:\Windows\System\fzcnnQk.exe
  C:\Windows\System\fzcnnQk.exe
  2⤵
  PID:3364
- C:\Windows\System\uZaltfb.exe
  C:\Windows\System\uZaltfb.exe
  2⤵
  PID:3404
- C:\Windows\System\cmNyKnE.exe
  C:\Windows\System\cmNyKnE.exe
  2⤵
  PID:3428
- C:\Windows\System\iPGqDsf.exe
  C:\Windows\System\iPGqDsf.exe
  2⤵
  PID:3472
- C:\Windows\System\qIuedDY.exe
  C:\Windows\System\qIuedDY.exe
  2⤵
  PID:3488
- C:\Windows\System\IAWgBCT.exe
  C:\Windows\System\IAWgBCT.exe
  2⤵
  PID:3548
- C:\Windows\System\NCqTmLo.exe
  C:\Windows\System\NCqTmLo.exe
  2⤵
  PID:3572
- C:\Windows\System\vduVLHr.exe
  C:\Windows\System\vduVLHr.exe
  2⤵
  PID:3604
- C:\Windows\System\NHJaalM.exe
  C:\Windows\System\NHJaalM.exe
  2⤵
  PID:3348
- C:\Windows\System\WvUssWK.exe
  C:\Windows\System\WvUssWK.exe
  2⤵
  PID:3644
- C:\Windows\System\PTDkAWB.exe
  C:\Windows\System\PTDkAWB.exe
  2⤵
  PID:3684
- C:\Windows\System\LJFEDRo.exe
  C:\Windows\System\LJFEDRo.exe
  2⤵
  PID:3744
- C:\Windows\System\aaBqpoy.exe
  C:\Windows\System\aaBqpoy.exe
  2⤵
  PID:3764
- C:\Windows\System\DXQbMoz.exe
  C:\Windows\System\DXQbMoz.exe
  2⤵
  PID:3788
- C:\Windows\System\RDUuAYt.exe
  C:\Windows\System\RDUuAYt.exe
  2⤵
  PID:3812
- C:\Windows\System\zoShYbL.exe
  C:\Windows\System\zoShYbL.exe
  2⤵
  PID:3848
- C:\Windows\System\pHMncKc.exe
  C:\Windows\System\pHMncKc.exe
  2⤵
  PID:3892
- C:\Windows\System\QTAowER.exe
  C:\Windows\System\QTAowER.exe
  2⤵
  PID:3952
- C:\Windows\System\ubynErE.exe
  C:\Windows\System\ubynErE.exe
  2⤵
  PID:3964
- C:\Windows\System\JnNIDAb.exe
  C:\Windows\System\JnNIDAb.exe
  2⤵
  PID:3988
- C:\Windows\System\wTgJdQF.exe
  C:\Windows\System\wTgJdQF.exe
  2⤵
  PID:4032
- C:\Windows\System\UbigFfh.exe
  C:\Windows\System\UbigFfh.exe
  2⤵
  PID:4048
- C:\Windows\System\cIaGWmT.exe
  C:\Windows\System\cIaGWmT.exe
  2⤵
  PID:4088
- C:\Windows\System\XBywIcb.exe
  C:\Windows\System\XBywIcb.exe
  2⤵
  PID:2172
- C:\Windows\System\zXufNVr.exe
  C:\Windows\System\zXufNVr.exe
  2⤵
  PID:1920
- C:\Windows\System\jclXpVK.exe
  C:\Windows\System\jclXpVK.exe
  2⤵
  PID:308
- C:\Windows\System\NhBWWOB.exe
  C:\Windows\System\NhBWWOB.exe
  2⤵
  PID:1816
- C:\Windows\System\LUrkPuv.exe
  C:\Windows\System\LUrkPuv.exe
  2⤵
  PID:2584
- C:\Windows\System\oxyvFas.exe
  C:\Windows\System\oxyvFas.exe
  2⤵
  PID:2136
- C:\Windows\System\kmVkgvI.exe
  C:\Windows\System\kmVkgvI.exe
  2⤵
  PID:2088
- C:\Windows\System\DuwPyUP.exe
  C:\Windows\System\DuwPyUP.exe
  2⤵
  PID:880
- C:\Windows\System\MUUpfmP.exe
  C:\Windows\System\MUUpfmP.exe
  2⤵
  PID:280
- C:\Windows\System\MEXwInp.exe
  C:\Windows\System\MEXwInp.exe
  2⤵
  PID:3160
- C:\Windows\System\sJMmEGO.exe
  C:\Windows\System\sJMmEGO.exe
  2⤵
  PID:3188
- C:\Windows\System\aBwoKlj.exe
  C:\Windows\System\aBwoKlj.exe
  2⤵
  PID:3244
- C:\Windows\System\qDRSXVT.exe
  C:\Windows\System\qDRSXVT.exe
  2⤵
  PID:3340
- C:\Windows\System\ltaUyXZ.exe
  C:\Windows\System\ltaUyXZ.exe
  2⤵
  PID:3372
- C:\Windows\System\QRmKAgy.exe
  C:\Windows\System\QRmKAgy.exe
  2⤵
  PID:3408
- C:\Windows\System\FeCuFBC.exe
  C:\Windows\System\FeCuFBC.exe
  2⤵
  PID:3504
- C:\Windows\System\OkXLomQ.exe
  C:\Windows\System\OkXLomQ.exe
  2⤵
  PID:3544
- C:\Windows\System\pGkTWWa.exe
  C:\Windows\System\pGkTWWa.exe
  2⤵
  PID:3588
- C:\Windows\System\cIhAuqb.exe
  C:\Windows\System\cIhAuqb.exe
  2⤵
  PID:3660
- C:\Windows\System\kLfELYe.exe
  C:\Windows\System\kLfELYe.exe
  2⤵
  PID:3668
- C:\Windows\System\drFIQiq.exe
  C:\Windows\System\drFIQiq.exe
  2⤵
  PID:3748
- C:\Windows\System\nosGGOV.exe
  C:\Windows\System\nosGGOV.exe
  2⤵
  PID:3792
- C:\Windows\System\ZXwKaYn.exe
  C:\Windows\System\ZXwKaYn.exe
  2⤵
  PID:3864
- C:\Windows\System\IVVqkev.exe
  C:\Windows\System\IVVqkev.exe
  2⤵
  PID:3924
- C:\Windows\System\ebyPLoD.exe
  C:\Windows\System\ebyPLoD.exe
  2⤵
  PID:3932
- C:\Windows\System\BDeEcji.exe
  C:\Windows\System\BDeEcji.exe
  2⤵
  PID:3972
- C:\Windows\System\AnaUSmP.exe
  C:\Windows\System\AnaUSmP.exe
  2⤵
  PID:4052
- C:\Windows\System\CbKoxAZ.exe
  C:\Windows\System\CbKoxAZ.exe
  2⤵
  PID:1612
- C:\Windows\System\XxGdRYD.exe
  C:\Windows\System\XxGdRYD.exe
  2⤵
  PID:2700
- C:\Windows\System\LMCKbLK.exe
  C:\Windows\System\LMCKbLK.exe
  2⤵
  PID:4112
- C:\Windows\System\naNhnlV.exe
  C:\Windows\System\naNhnlV.exe
  2⤵
  PID:4132
- C:\Windows\System\boMltQg.exe
  C:\Windows\System\boMltQg.exe
  2⤵
  PID:4152
- C:\Windows\System\cnkhAKn.exe
  C:\Windows\System\cnkhAKn.exe
  2⤵
  PID:4172
- C:\Windows\System\CjTOrWd.exe
  C:\Windows\System\CjTOrWd.exe
  2⤵
  PID:4192
- C:\Windows\System\rBNWZZt.exe
  C:\Windows\System\rBNWZZt.exe
  2⤵
  PID:4212
- C:\Windows\System\JCkIwlH.exe
  C:\Windows\System\JCkIwlH.exe
  2⤵
  PID:4232
- C:\Windows\System\MSrWpvP.exe
  C:\Windows\System\MSrWpvP.exe
  2⤵
  PID:4252
- C:\Windows\System\GmYCoKR.exe
  C:\Windows\System\GmYCoKR.exe
  2⤵
  PID:4272
- C:\Windows\System\CaBshGh.exe
  C:\Windows\System\CaBshGh.exe
  2⤵
  PID:4292
- C:\Windows\System\yYTdnkZ.exe
  C:\Windows\System\yYTdnkZ.exe
  2⤵
  PID:4312
- C:\Windows\System\hcFwVjN.exe
  C:\Windows\System\hcFwVjN.exe
  2⤵
  PID:4332
- C:\Windows\System\meeMOFH.exe
  C:\Windows\System\meeMOFH.exe
  2⤵
  PID:4352
- C:\Windows\System\bHnKygY.exe
  C:\Windows\System\bHnKygY.exe
  2⤵
  PID:4372
- C:\Windows\System\UnltxQM.exe
  C:\Windows\System\UnltxQM.exe
  2⤵
  PID:4392
- C:\Windows\System\JYPUCAS.exe
  C:\Windows\System\JYPUCAS.exe
  2⤵
  PID:4412
- C:\Windows\System\gdMdvvu.exe
  C:\Windows\System\gdMdvvu.exe
  2⤵
  PID:4432
- C:\Windows\System\MOpzSkw.exe
  C:\Windows\System\MOpzSkw.exe
  2⤵
  PID:4452
- C:\Windows\System\xUiXxkw.exe
  C:\Windows\System\xUiXxkw.exe
  2⤵
  PID:4472
- C:\Windows\System\lCfTeyd.exe
  C:\Windows\System\lCfTeyd.exe
  2⤵
  PID:4492
- C:\Windows\System\xxWXaBI.exe
  C:\Windows\System\xxWXaBI.exe
  2⤵
  PID:4512
- C:\Windows\System\eCcPNzg.exe
  C:\Windows\System\eCcPNzg.exe
  2⤵
  PID:4532
- C:\Windows\System\lSHFGMf.exe
  C:\Windows\System\lSHFGMf.exe
  2⤵
  PID:4552
- C:\Windows\System\VsHqNRb.exe
  C:\Windows\System\VsHqNRb.exe
  2⤵
  PID:4572
- C:\Windows\System\GPlqdfr.exe
  C:\Windows\System\GPlqdfr.exe
  2⤵
  PID:4592
- C:\Windows\System\lIEclAL.exe
  C:\Windows\System\lIEclAL.exe
  2⤵
  PID:4612
- C:\Windows\System\IXPlquz.exe
  C:\Windows\System\IXPlquz.exe
  2⤵
  PID:4632
- C:\Windows\System\koRmCty.exe
  C:\Windows\System\koRmCty.exe
  2⤵
  PID:4652
- C:\Windows\System\AeqTTVa.exe
  C:\Windows\System\AeqTTVa.exe
  2⤵
  PID:4672
- C:\Windows\System\ZiIRdZB.exe
  C:\Windows\System\ZiIRdZB.exe
  2⤵
  PID:4692
- C:\Windows\System\CYaJIqU.exe
  C:\Windows\System\CYaJIqU.exe
  2⤵
  PID:4712
- C:\Windows\System\SYQouFx.exe
  C:\Windows\System\SYQouFx.exe
  2⤵
  PID:4732
- C:\Windows\System\cNUEHjF.exe
  C:\Windows\System\cNUEHjF.exe
  2⤵
  PID:4752
- C:\Windows\System\YjpGnkW.exe
  C:\Windows\System\YjpGnkW.exe
  2⤵
  PID:4772
- C:\Windows\System\ZhHgOZY.exe
  C:\Windows\System\ZhHgOZY.exe
  2⤵
  PID:4792
- C:\Windows\System\sHydfEo.exe
  C:\Windows\System\sHydfEo.exe
  2⤵
  PID:4812
- C:\Windows\System\Sdhhgzm.exe
  C:\Windows\System\Sdhhgzm.exe
  2⤵
  PID:4832
- C:\Windows\System\UudXbDh.exe
  C:\Windows\System\UudXbDh.exe
  2⤵
  PID:4852
- C:\Windows\System\fukXJsw.exe
  C:\Windows\System\fukXJsw.exe
  2⤵
  PID:4872
- C:\Windows\System\LtenRjw.exe
  C:\Windows\System\LtenRjw.exe
  2⤵
  PID:4892
- C:\Windows\System\RVmtbEe.exe
  C:\Windows\System\RVmtbEe.exe
  2⤵
  PID:4912
- C:\Windows\System\slGCqXq.exe
  C:\Windows\System\slGCqXq.exe
  2⤵
  PID:4932
- C:\Windows\System\wDVkjMH.exe
  C:\Windows\System\wDVkjMH.exe
  2⤵
  PID:4952
- C:\Windows\System\vgyZMvs.exe
  C:\Windows\System\vgyZMvs.exe
  2⤵
  PID:4972
- C:\Windows\System\tRuYlbt.exe
  C:\Windows\System\tRuYlbt.exe
  2⤵
  PID:4992
- C:\Windows\System\VxQYrxM.exe
  C:\Windows\System\VxQYrxM.exe
  2⤵
  PID:5012
- C:\Windows\System\EoIrwVg.exe
  C:\Windows\System\EoIrwVg.exe
  2⤵
  PID:5032
- C:\Windows\System\ASQROqJ.exe
  C:\Windows\System\ASQROqJ.exe
  2⤵
  PID:5052
- C:\Windows\System\OKOngAR.exe
  C:\Windows\System\OKOngAR.exe
  2⤵
  PID:5072
- C:\Windows\System\zgHPpTm.exe
  C:\Windows\System\zgHPpTm.exe
  2⤵
  PID:5092
- C:\Windows\System\dNVQpQH.exe
  C:\Windows\System\dNVQpQH.exe
  2⤵
  PID:5112
- C:\Windows\System\wSvXpHm.exe
  C:\Windows\System\wSvXpHm.exe
  2⤵
  PID:3048
- C:\Windows\System\xhrVeQp.exe
  C:\Windows\System\xhrVeQp.exe
  2⤵
  PID:1444
- C:\Windows\System\ILjTnkg.exe
  C:\Windows\System\ILjTnkg.exe
  2⤵
  PID:1536
- C:\Windows\System\RmRKhEr.exe
  C:\Windows\System\RmRKhEr.exe
  2⤵
  PID:3108
- C:\Windows\System\otzmKim.exe
  C:\Windows\System\otzmKim.exe
  2⤵
  PID:3200
- C:\Windows\System\njnRMrW.exe
  C:\Windows\System\njnRMrW.exe
  2⤵
  PID:3300
- C:\Windows\System\uDguZvs.exe
  C:\Windows\System\uDguZvs.exe
  2⤵
  PID:3432
- C:\Windows\System\xYiNiEH.exe
  C:\Windows\System\xYiNiEH.exe
  2⤵
  PID:3532
- C:\Windows\System\FmPRZaQ.exe
  C:\Windows\System\FmPRZaQ.exe
  2⤵
  PID:3632
- C:\Windows\System\WcwXFqu.exe
  C:\Windows\System\WcwXFqu.exe
  2⤵
  PID:3704
- C:\Windows\System\NgFPJRc.exe
  C:\Windows\System\NgFPJRc.exe
  2⤵
  PID:3824
- C:\Windows\System\jqJdUDv.exe
  C:\Windows\System\jqJdUDv.exe
  2⤵
  PID:3844
- C:\Windows\System\kefOUvE.exe
  C:\Windows\System\kefOUvE.exe
  2⤵
  PID:3908
- C:\Windows\System\vZAkAqI.exe
  C:\Windows\System\vZAkAqI.exe
  2⤵
  PID:4068
- C:\Windows\System\HOuJCsN.exe
  C:\Windows\System\HOuJCsN.exe
  2⤵
  PID:1804
- C:\Windows\System\ITHdzVy.exe
  C:\Windows\System\ITHdzVy.exe
  2⤵
  PID:2812
- C:\Windows\System\KnLMNsg.exe
  C:\Windows\System\KnLMNsg.exe
  2⤵
  PID:4148
- C:\Windows\System\NiZRbSQ.exe
  C:\Windows\System\NiZRbSQ.exe
  2⤵
  PID:4164
- C:\Windows\System\WLmaCwm.exe
  C:\Windows\System\WLmaCwm.exe
  2⤵
  PID:4228
- C:\Windows\System\jzWCkVx.exe
  C:\Windows\System\jzWCkVx.exe
  2⤵
  PID:4268
- C:\Windows\System\SZywxbp.exe
  C:\Windows\System\SZywxbp.exe
  2⤵
  PID:4280
- C:\Windows\System\gwoSjWH.exe
  C:\Windows\System\gwoSjWH.exe
  2⤵
  PID:4304
- C:\Windows\System\hgmJTWQ.exe
  C:\Windows\System\hgmJTWQ.exe
  2⤵
  PID:4348
- C:\Windows\System\uDpboJn.exe
  C:\Windows\System\uDpboJn.exe
  2⤵
  PID:4364
- C:\Windows\System\OYHEKBU.exe
  C:\Windows\System\OYHEKBU.exe
  2⤵
  PID:4420
- C:\Windows\System\xVxLlht.exe
  C:\Windows\System\xVxLlht.exe
  2⤵
  PID:4460
- C:\Windows\System\OHDObdS.exe
  C:\Windows\System\OHDObdS.exe
  2⤵
  PID:4500
- C:\Windows\System\XECyHfb.exe
  C:\Windows\System\XECyHfb.exe
  2⤵
  PID:4484
- C:\Windows\System\SkIJLfE.exe
  C:\Windows\System\SkIJLfE.exe
  2⤵
  PID:4544
- C:\Windows\System\EpWhdlY.exe
  C:\Windows\System\EpWhdlY.exe
  2⤵
  PID:4588
- C:\Windows\System\vadpppv.exe
  C:\Windows\System\vadpppv.exe
  2⤵
  PID:4620
- C:\Windows\System\WNkXzZd.exe
  C:\Windows\System\WNkXzZd.exe
  2⤵
  PID:4660
- C:\Windows\System\kZvkRCT.exe
  C:\Windows\System\kZvkRCT.exe
  2⤵
  PID:4680
- C:\Windows\System\BpgVrBC.exe
  C:\Windows\System\BpgVrBC.exe
  2⤵
  PID:4684
- C:\Windows\System\cRLqNZP.exe
  C:\Windows\System\cRLqNZP.exe
  2⤵
  PID:4748
- C:\Windows\System\GbHtRqv.exe
  C:\Windows\System\GbHtRqv.exe
  2⤵
  PID:4764
- C:\Windows\System\DcubmsQ.exe
  C:\Windows\System\DcubmsQ.exe
  2⤵
  PID:4828
- C:\Windows\System\TbnfxDs.exe
  C:\Windows\System\TbnfxDs.exe
  2⤵
  PID:4840
- C:\Windows\System\vypfzLO.exe
  C:\Windows\System\vypfzLO.exe
  2⤵
  PID:4880
- C:\Windows\System\sVljAgV.exe
  C:\Windows\System\sVljAgV.exe
  2⤵
  PID:4904
- C:\Windows\System\BGUcMLZ.exe
  C:\Windows\System\BGUcMLZ.exe
  2⤵
  PID:4948
- C:\Windows\System\bhEhXwo.exe
  C:\Windows\System\bhEhXwo.exe
  2⤵
  PID:4984
- C:\Windows\System\ntOxmba.exe
  C:\Windows\System\ntOxmba.exe
  2⤵
  PID:5028
- C:\Windows\System\JShNBwe.exe
  C:\Windows\System\JShNBwe.exe
  2⤵
  PID:5060
- C:\Windows\System\XXPWyCV.exe
  C:\Windows\System\XXPWyCV.exe
  2⤵
  PID:5100
- C:\Windows\System\iuzjYUl.exe
  C:\Windows\System\iuzjYUl.exe
  2⤵
  PID:5088
- C:\Windows\System\kbNjnBu.exe
  C:\Windows\System\kbNjnBu.exe
  2⤵
  PID:2736
- C:\Windows\System\feKBShu.exe
  C:\Windows\System\feKBShu.exe
  2⤵
  PID:2976
- C:\Windows\System\KwVCuIi.exe
  C:\Windows\System\KwVCuIi.exe
  2⤵
  PID:3180
- C:\Windows\System\tQxhthv.exe
  C:\Windows\System\tQxhthv.exe
  2⤵
  PID:3320
- C:\Windows\System\qXUTQrU.exe
  C:\Windows\System\qXUTQrU.exe
  2⤵
  PID:3448
- C:\Windows\System\NPxaNit.exe
  C:\Windows\System\NPxaNit.exe
  2⤵
  PID:3664
- C:\Windows\System\aXqEnXX.exe
  C:\Windows\System\aXqEnXX.exe
  2⤵
  PID:3724
- C:\Windows\System\AxZcFGV.exe
  C:\Windows\System\AxZcFGV.exe
  2⤵
  PID:4024
- C:\Windows\System\wqsdfGu.exe
  C:\Windows\System\wqsdfGu.exe
  2⤵
  PID:4044
- C:\Windows\System\PaQiAOX.exe
  C:\Windows\System\PaQiAOX.exe
  2⤵
  PID:2756
- C:\Windows\System\rAKiZdd.exe
  C:\Windows\System\rAKiZdd.exe
  2⤵
  PID:4168
- C:\Windows\System\lHVeXjY.exe
  C:\Windows\System\lHVeXjY.exe
  2⤵
  PID:4220
- C:\Windows\System\pTEnWxK.exe
  C:\Windows\System\pTEnWxK.exe
  2⤵
  PID:4248
- C:\Windows\System\hchjkwx.exe
  C:\Windows\System\hchjkwx.exe
  2⤵
  PID:4340
- C:\Windows\System\tukPkuH.exe
  C:\Windows\System\tukPkuH.exe
  2⤵
  PID:4380
- C:\Windows\System\lWUTuFC.exe
  C:\Windows\System\lWUTuFC.exe
  2⤵
  PID:4440
- C:\Windows\System\iMdttSB.exe
  C:\Windows\System\iMdttSB.exe
  2⤵
  PID:4480
- C:\Windows\System\TAXKJIc.exe
  C:\Windows\System\TAXKJIc.exe
  2⤵
  PID:4540
- C:\Windows\System\MDGyRSl.exe
  C:\Windows\System\MDGyRSl.exe
  2⤵
  PID:4624
- C:\Windows\System\lOvsMdf.exe
  C:\Windows\System\lOvsMdf.exe
  2⤵
  PID:4708
- C:\Windows\System\gxHGbjl.exe
  C:\Windows\System\gxHGbjl.exe
  2⤵
  PID:4740
- C:\Windows\System\WkwiVrf.exe
  C:\Windows\System\WkwiVrf.exe
  2⤵
  PID:4724
- C:\Windows\System\gbqyRVh.exe
  C:\Windows\System\gbqyRVh.exe
  2⤵
  PID:4860
- C:\Windows\System\JQlsmFI.exe
  C:\Windows\System\JQlsmFI.exe
  2⤵
  PID:4884
- C:\Windows\System\GLxISRA.exe
  C:\Windows\System\GLxISRA.exe
  2⤵
  PID:4960
- C:\Windows\System\kqVsfPM.exe
  C:\Windows\System\kqVsfPM.exe
  2⤵
  PID:4980
- C:\Windows\System\SwfmbRR.exe
  C:\Windows\System\SwfmbRR.exe
  2⤵
  PID:5000
- C:\Windows\System\WKWwQAQ.exe
  C:\Windows\System\WKWwQAQ.exe
  2⤵
  PID:2740
- C:\Windows\System\UYbRAiV.exe
  C:\Windows\System\UYbRAiV.exe
  2⤵
  PID:3148
- C:\Windows\System\QWmwMtv.exe
  C:\Windows\System\QWmwMtv.exe
  2⤵
  PID:2744
- C:\Windows\System\gBhOFOs.exe
  C:\Windows\System\gBhOFOs.exe
  2⤵
  PID:3492
- C:\Windows\System\cmszZHz.exe
  C:\Windows\System\cmszZHz.exe
  2⤵
  PID:3592
- C:\Windows\System\vXtrbDh.exe
  C:\Windows\System\vXtrbDh.exe
  2⤵
  PID:3828
- C:\Windows\System\TKGZhwI.exe
  C:\Windows\System\TKGZhwI.exe
  2⤵
  PID:2612
- C:\Windows\System\hqgfhvS.exe
  C:\Windows\System\hqgfhvS.exe
  2⤵
  PID:4128
- C:\Windows\System\zFrSskM.exe
  C:\Windows\System\zFrSskM.exe
  2⤵
  PID:4300
- C:\Windows\System\nkaGgof.exe
  C:\Windows\System\nkaGgof.exe
  2⤵
  PID:4224
- C:\Windows\System\pOYuJIm.exe
  C:\Windows\System\pOYuJIm.exe
  2⤵
  PID:5140
- C:\Windows\System\jOegDPV.exe
  C:\Windows\System\jOegDPV.exe
  2⤵
  PID:5160
- C:\Windows\System\ctmDfbm.exe
  C:\Windows\System\ctmDfbm.exe
  2⤵
  PID:5180
- C:\Windows\System\jLUrOdO.exe
  C:\Windows\System\jLUrOdO.exe
  2⤵
  PID:5200
- C:\Windows\System\LOqBYDW.exe
  C:\Windows\System\LOqBYDW.exe
  2⤵
  PID:5220
- C:\Windows\System\uTZJXHz.exe
  C:\Windows\System\uTZJXHz.exe
  2⤵
  PID:5240
- C:\Windows\System\filNLEt.exe
  C:\Windows\System\filNLEt.exe
  2⤵
  PID:5260
- C:\Windows\System\uDOvskk.exe
  C:\Windows\System\uDOvskk.exe
  2⤵
  PID:5280
- C:\Windows\System\KrvymCh.exe
  C:\Windows\System\KrvymCh.exe
  2⤵
  PID:5300
- C:\Windows\System\EciQtZR.exe
  C:\Windows\System\EciQtZR.exe
  2⤵
  PID:5320
- C:\Windows\System\twSlfjr.exe
  C:\Windows\System\twSlfjr.exe
  2⤵
  PID:5340
- C:\Windows\System\JOVcNFm.exe
  C:\Windows\System\JOVcNFm.exe
  2⤵
  PID:5360
- C:\Windows\System\gZNzwMP.exe
  C:\Windows\System\gZNzwMP.exe
  2⤵
  PID:5380
- C:\Windows\System\osZhPfO.exe
  C:\Windows\System\osZhPfO.exe
  2⤵
  PID:5400
- C:\Windows\System\RqeKCvc.exe
  C:\Windows\System\RqeKCvc.exe
  2⤵
  PID:5420
- C:\Windows\System\sOxaGNH.exe
  C:\Windows\System\sOxaGNH.exe
  2⤵
  PID:5440
- C:\Windows\System\eQnmqfW.exe
  C:\Windows\System\eQnmqfW.exe
  2⤵
  PID:5460
- C:\Windows\System\stlCceg.exe
  C:\Windows\System\stlCceg.exe
  2⤵
  PID:5480
- C:\Windows\System\SuIrNEe.exe
  C:\Windows\System\SuIrNEe.exe
  2⤵
  PID:5500
- C:\Windows\System\BticKQT.exe
  C:\Windows\System\BticKQT.exe
  2⤵
  PID:5520
- C:\Windows\System\eDByZww.exe
  C:\Windows\System\eDByZww.exe
  2⤵
  PID:5540
- C:\Windows\System\xclRqfF.exe
  C:\Windows\System\xclRqfF.exe
  2⤵
  PID:5560
- C:\Windows\System\FmWYhOA.exe
  C:\Windows\System\FmWYhOA.exe
  2⤵
  PID:5580
- C:\Windows\System\GHESbKE.exe
  C:\Windows\System\GHESbKE.exe
  2⤵
  PID:5600
- C:\Windows\System\wlODFOg.exe
  C:\Windows\System\wlODFOg.exe
  2⤵
  PID:5620
- C:\Windows\System\jiwejWw.exe
  C:\Windows\System\jiwejWw.exe
  2⤵
  PID:5640
- C:\Windows\System\aOhqcFe.exe
  C:\Windows\System\aOhqcFe.exe
  2⤵
  PID:5660
- C:\Windows\System\ANVKpVZ.exe
  C:\Windows\System\ANVKpVZ.exe
  2⤵
  PID:5680
- C:\Windows\System\XCsHemd.exe
  C:\Windows\System\XCsHemd.exe
  2⤵
  PID:5700
- C:\Windows\System\yRKrEtg.exe
  C:\Windows\System\yRKrEtg.exe
  2⤵
  PID:5720
- C:\Windows\System\vRGkDVz.exe
  C:\Windows\System\vRGkDVz.exe
  2⤵
  PID:5740
- C:\Windows\System\yoVzlkY.exe
  C:\Windows\System\yoVzlkY.exe
  2⤵
  PID:5760
- C:\Windows\System\velPMGt.exe
  C:\Windows\System\velPMGt.exe
  2⤵
  PID:5780
- C:\Windows\System\dGaMcqU.exe
  C:\Windows\System\dGaMcqU.exe
  2⤵
  PID:5800
- C:\Windows\System\QErHipI.exe
  C:\Windows\System\QErHipI.exe
  2⤵
  PID:5820
- C:\Windows\System\ILCvdRd.exe
  C:\Windows\System\ILCvdRd.exe
  2⤵
  PID:5840
- C:\Windows\System\LACMIFc.exe
  C:\Windows\System\LACMIFc.exe
  2⤵
  PID:5860
- C:\Windows\System\tvgCOvf.exe
  C:\Windows\System\tvgCOvf.exe
  2⤵
  PID:5880
- C:\Windows\System\JOsPcBK.exe
  C:\Windows\System\JOsPcBK.exe
  2⤵
  PID:5900
- C:\Windows\System\yJGiFKx.exe
  C:\Windows\System\yJGiFKx.exe
  2⤵
  PID:5920
- C:\Windows\System\qpbyayH.exe
  C:\Windows\System\qpbyayH.exe
  2⤵
  PID:5940
- C:\Windows\System\GOYnnOm.exe
  C:\Windows\System\GOYnnOm.exe
  2⤵
  PID:5960
- C:\Windows\System\BAZLoIr.exe
  C:\Windows\System\BAZLoIr.exe
  2⤵
  PID:5980
- C:\Windows\System\ZpsuhLG.exe
  C:\Windows\System\ZpsuhLG.exe
  2⤵
  PID:6000
- C:\Windows\System\WRTkwZK.exe
  C:\Windows\System\WRTkwZK.exe
  2⤵
  PID:6020
- C:\Windows\System\pQcxSRM.exe
  C:\Windows\System\pQcxSRM.exe
  2⤵
  PID:6044
- C:\Windows\System\krgKoZo.exe
  C:\Windows\System\krgKoZo.exe
  2⤵
  PID:6064
- C:\Windows\System\zyOGkLj.exe
  C:\Windows\System\zyOGkLj.exe
  2⤵
  PID:6084
- C:\Windows\System\LyXpXlR.exe
  C:\Windows\System\LyXpXlR.exe
  2⤵
  PID:6104
- C:\Windows\System\bbGQami.exe
  C:\Windows\System\bbGQami.exe
  2⤵
  PID:6124
- C:\Windows\System\hIhKndz.exe
  C:\Windows\System\hIhKndz.exe
  2⤵
  PID:4408
- C:\Windows\System\xlbAsbO.exe
  C:\Windows\System\xlbAsbO.exe
  2⤵
  PID:4360
- C:\Windows\System\JXOatjl.exe
  C:\Windows\System\JXOatjl.exe
  2⤵
  PID:4548
- C:\Windows\System\MWNsQpT.exe
  C:\Windows\System\MWNsQpT.exe
  2⤵
  PID:3612
- C:\Windows\System\qaxvpZZ.exe
  C:\Windows\System\qaxvpZZ.exe
  2⤵
  PID:4668
- C:\Windows\System\ZwUwavL.exe
  C:\Windows\System\ZwUwavL.exe
  2⤵
  PID:4844
- C:\Windows\System\JQiVLah.exe
  C:\Windows\System\JQiVLah.exe
  2⤵
  PID:4864
- C:\Windows\System\wVPjgLy.exe
  C:\Windows\System\wVPjgLy.exe
  2⤵
  PID:4580
- C:\Windows\System\iRrOBRe.exe
  C:\Windows\System\iRrOBRe.exe
  2⤵
  PID:5044
- C:\Windows\System\OKjvdwT.exe
  C:\Windows\System\OKjvdwT.exe
  2⤵
  PID:296
- C:\Windows\System\MrrZKrT.exe
  C:\Windows\System\MrrZKrT.exe
  2⤵
  PID:3236
- C:\Windows\System\mABPmLU.exe
  C:\Windows\System\mABPmLU.exe
  2⤵
  PID:2284
- C:\Windows\System\BamyQTk.exe
  C:\Windows\System\BamyQTk.exe
  2⤵
  PID:4160
- C:\Windows\System\yUBPpiO.exe
  C:\Windows\System\yUBPpiO.exe
  2⤵
  PID:4244
- C:\Windows\System\CdvUYyx.exe
  C:\Windows\System\CdvUYyx.exe
  2⤵
  PID:4204
- C:\Windows\System\EEHHSxQ.exe
  C:\Windows\System\EEHHSxQ.exe
  2⤵
  PID:5152
- C:\Windows\System\pdDMitK.exe
  C:\Windows\System\pdDMitK.exe
  2⤵
  PID:5216
- C:\Windows\System\kPbEPvq.exe
  C:\Windows\System\kPbEPvq.exe
  2⤵
  PID:5212
- C:\Windows\System\SQFHort.exe
  C:\Windows\System\SQFHort.exe
  2⤵
  PID:5232
- C:\Windows\System\WexOHqQ.exe
  C:\Windows\System\WexOHqQ.exe
  2⤵
  PID:5272
- C:\Windows\System\hcpgaGY.exe
  C:\Windows\System\hcpgaGY.exe
  2⤵
  PID:5312
- C:\Windows\System\wKHrYgH.exe
  C:\Windows\System\wKHrYgH.exe
  2⤵
  PID:5376
- C:\Windows\System\hjVTCQJ.exe
  C:\Windows\System\hjVTCQJ.exe
  2⤵
  PID:5388
- C:\Windows\System\BZRAtao.exe
  C:\Windows\System\BZRAtao.exe
  2⤵
  PID:5412
- C:\Windows\System\saYdMqr.exe
  C:\Windows\System\saYdMqr.exe
  2⤵
  PID:5456
- C:\Windows\System\scCuLcS.exe
  C:\Windows\System\scCuLcS.exe
  2⤵
  PID:5476
- C:\Windows\System\IgZfxgJ.exe
  C:\Windows\System\IgZfxgJ.exe
  2⤵
  PID:5528
- C:\Windows\System\yOmntVG.exe
  C:\Windows\System\yOmntVG.exe
  2⤵
  PID:5556
- C:\Windows\System\UtRZvZc.exe
  C:\Windows\System\UtRZvZc.exe
  2⤵
  PID:5588
- C:\Windows\System\RLxFhan.exe
  C:\Windows\System\RLxFhan.exe
  2⤵
  PID:5612
- C:\Windows\System\DHpmobE.exe
  C:\Windows\System\DHpmobE.exe
  2⤵
  PID:5656
- C:\Windows\System\ZEFXAcP.exe
  C:\Windows\System\ZEFXAcP.exe
  2⤵
  PID:5672
- C:\Windows\System\CgYcMaR.exe
  C:\Windows\System\CgYcMaR.exe
  2⤵
  PID:5716
- C:\Windows\System\bBcPTxL.exe
  C:\Windows\System\bBcPTxL.exe
  2⤵
  PID:5756
- C:\Windows\System\tkIhGMj.exe
  C:\Windows\System\tkIhGMj.exe
  2⤵
  PID:5788
- C:\Windows\System\GpEvXDF.exe
  C:\Windows\System\GpEvXDF.exe
  2⤵
  PID:5812
- C:\Windows\System\vlhKoju.exe
  C:\Windows\System\vlhKoju.exe
  2⤵
  PID:5852
- C:\Windows\System\vjIDvyK.exe
  C:\Windows\System\vjIDvyK.exe
  2⤵
  PID:5896
- C:\Windows\System\GVjXCSX.exe
  C:\Windows\System\GVjXCSX.exe
  2⤵
  PID:5912
- C:\Windows\System\zfwxiZO.exe
  C:\Windows\System\zfwxiZO.exe
  2⤵
  PID:5948
- C:\Windows\System\oZNhtgM.exe
  C:\Windows\System\oZNhtgM.exe
  2⤵
  PID:5976
- C:\Windows\System\vRTTgcP.exe
  C:\Windows\System\vRTTgcP.exe
  2⤵
  PID:6008
- C:\Windows\System\YhcipEQ.exe
  C:\Windows\System\YhcipEQ.exe
  2⤵
  PID:6028
- C:\Windows\System\UEZdusH.exe
  C:\Windows\System\UEZdusH.exe
  2⤵
  PID:6032
- C:\Windows\System\BuvYbNa.exe
  C:\Windows\System\BuvYbNa.exe
  2⤵
  PID:6132
- C:\Windows\System\QfxMGeE.exe
  C:\Windows\System\QfxMGeE.exe
  2⤵
  PID:6116
- C:\Windows\System\wGrawaj.exe
  C:\Windows\System\wGrawaj.exe
  2⤵
  PID:4464
- C:\Windows\System\QLDFKEh.exe
  C:\Windows\System\QLDFKEh.exe
  2⤵
  PID:4568
- C:\Windows\System\ydTCjKo.exe
  C:\Windows\System\ydTCjKo.exe
  2⤵
  PID:2708
- C:\Windows\System\nuZeEWq.exe
  C:\Windows\System\nuZeEWq.exe
  2⤵
  PID:4928
- C:\Windows\System\deWaIVC.exe
  C:\Windows\System\deWaIVC.exe
  2⤵
  PID:5040
- C:\Windows\System\BwiTefW.exe
  C:\Windows\System\BwiTefW.exe
  2⤵
  PID:1192
- C:\Windows\System\lLlRSXS.exe
  C:\Windows\System\lLlRSXS.exe
  2⤵
  PID:2600
- C:\Windows\System\MNqoLNw.exe
  C:\Windows\System\MNqoLNw.exe
  2⤵
  PID:4008
- C:\Windows\System\GgRiSTF.exe
  C:\Windows\System\GgRiSTF.exe
  2⤵
  PID:5148
- C:\Windows\System\PglhTRh.exe
  C:\Windows\System\PglhTRh.exe
  2⤵
  PID:5256
- C:\Windows\System\LKtHtoR.exe
  C:\Windows\System\LKtHtoR.exe
  2⤵
  PID:5192
- C:\Windows\System\XDHIQce.exe
  C:\Windows\System\XDHIQce.exe
  2⤵
  PID:5336
- C:\Windows\System\XSXGjgs.exe
  C:\Windows\System\XSXGjgs.exe
  2⤵
  PID:5368
- C:\Windows\System\IvoRKSI.exe
  C:\Windows\System\IvoRKSI.exe
  2⤵
  PID:5428
- C:\Windows\System\DaNKyoP.exe
  C:\Windows\System\DaNKyoP.exe
  2⤵
  PID:5488
- C:\Windows\System\DOsRHRm.exe
  C:\Windows\System\DOsRHRm.exe
  2⤵
  PID:5468
- C:\Windows\System\XxKOKXm.exe
  C:\Windows\System\XxKOKXm.exe
  2⤵
  PID:5532
- C:\Windows\System\VgygJHm.exe
  C:\Windows\System\VgygJHm.exe
  2⤵
  PID:5632
- C:\Windows\System\mQkNcOK.exe
  C:\Windows\System\mQkNcOK.exe
  2⤵
  PID:5688
- C:\Windows\System\toVigLs.exe
  C:\Windows\System\toVigLs.exe
  2⤵
  PID:5712
- C:\Windows\System\DIqlpkH.exe
  C:\Windows\System\DIqlpkH.exe
  2⤵
  PID:5808
- C:\Windows\System\wuCuxqi.exe
  C:\Windows\System\wuCuxqi.exe
  2⤵
  PID:5836
- C:\Windows\System\GCMQzyd.exe
  C:\Windows\System\GCMQzyd.exe
  2⤵
  PID:5916
- C:\Windows\System\vSDHcOp.exe
  C:\Windows\System\vSDHcOp.exe
  2⤵
  PID:5932
- C:\Windows\System\RDMYiii.exe
  C:\Windows\System\RDMYiii.exe
  2⤵
  PID:5996
- C:\Windows\System\cTunoLr.exe
  C:\Windows\System\cTunoLr.exe
  2⤵
  PID:6092
- C:\Windows\System\OEMKaZO.exe
  C:\Windows\System\OEMKaZO.exe
  2⤵
  PID:6076
- C:\Windows\System\tqfZRxo.exe
  C:\Windows\System\tqfZRxo.exe
  2⤵
  PID:4368
- C:\Windows\System\mgDZzUD.exe
  C:\Windows\System\mgDZzUD.exe
  2⤵
  PID:4468
- C:\Windows\System\EZEGhIv.exe
  C:\Windows\System\EZEGhIv.exe
  2⤵
  PID:4988
- C:\Windows\System\DINTAQi.exe
  C:\Windows\System\DINTAQi.exe
  2⤵
  PID:3884
- C:\Windows\System\zXebRgs.exe
  C:\Windows\System\zXebRgs.exe
  2⤵
  PID:4140
- C:\Windows\System\rmTolzj.exe
  C:\Windows\System\rmTolzj.exe
  2⤵
  PID:5128
- C:\Windows\System\pPIjfHC.exe
  C:\Windows\System\pPIjfHC.exe
  2⤵
  PID:5208
- C:\Windows\System\zUbVZwO.exe
  C:\Windows\System\zUbVZwO.exe
  2⤵
  PID:5328
- C:\Windows\System\JAOelkN.exe
  C:\Windows\System\JAOelkN.exe
  2⤵
  PID:5396
- C:\Windows\System\nOLVwrh.exe
  C:\Windows\System\nOLVwrh.exe
  2⤵
  PID:5508
- C:\Windows\System\tXvDrLl.exe
  C:\Windows\System\tXvDrLl.exe
  2⤵
  PID:6152
- C:\Windows\System\KnBefgd.exe
  C:\Windows\System\KnBefgd.exe
  2⤵
  PID:6172
- C:\Windows\System\fpPIoVz.exe
  C:\Windows\System\fpPIoVz.exe
  2⤵
  PID:6192
- C:\Windows\System\fwUjolc.exe
  C:\Windows\System\fwUjolc.exe
  2⤵
  PID:6212
- C:\Windows\System\mEYDCyp.exe
  C:\Windows\System\mEYDCyp.exe
  2⤵
  PID:6232
- C:\Windows\System\hghNKvr.exe
  C:\Windows\System\hghNKvr.exe
  2⤵
  PID:6252
- C:\Windows\System\hvgJSfG.exe
  C:\Windows\System\hvgJSfG.exe
  2⤵
  PID:6272
- C:\Windows\System\Gzkzydr.exe
  C:\Windows\System\Gzkzydr.exe
  2⤵
  PID:6292
- C:\Windows\System\KPCAvhm.exe
  C:\Windows\System\KPCAvhm.exe
  2⤵
  PID:6312
- C:\Windows\System\jwQmJqe.exe
  C:\Windows\System\jwQmJqe.exe
  2⤵
  PID:6332
- C:\Windows\System\YTcVdEI.exe
  C:\Windows\System\YTcVdEI.exe
  2⤵
  PID:6352
- C:\Windows\System\WLXUFGA.exe
  C:\Windows\System\WLXUFGA.exe
  2⤵
  PID:6372
- C:\Windows\System\JrxKlQg.exe
  C:\Windows\System\JrxKlQg.exe
  2⤵
  PID:6392
- C:\Windows\System\RFOFrpV.exe
  C:\Windows\System\RFOFrpV.exe
  2⤵
  PID:6412
- C:\Windows\System\cPeUWBh.exe
  C:\Windows\System\cPeUWBh.exe
  2⤵
  PID:6432
- C:\Windows\System\fkSgjeH.exe
  C:\Windows\System\fkSgjeH.exe
  2⤵
  PID:6452
- C:\Windows\System\BZnZQda.exe
  C:\Windows\System\BZnZQda.exe
  2⤵
  PID:6468
- C:\Windows\System\Qglnibv.exe
  C:\Windows\System\Qglnibv.exe
  2⤵
  PID:6492
- C:\Windows\System\uTqIuTF.exe
  C:\Windows\System\uTqIuTF.exe
  2⤵
  PID:6508
- C:\Windows\System\gWlFMue.exe
  C:\Windows\System\gWlFMue.exe
  2⤵
  PID:6536
- C:\Windows\System\nBCNzPO.exe
  C:\Windows\System\nBCNzPO.exe
  2⤵
  PID:6556
- C:\Windows\System\PrkkIou.exe
  C:\Windows\System\PrkkIou.exe
  2⤵
  PID:6572
- C:\Windows\System\ylErNyj.exe
  C:\Windows\System\ylErNyj.exe
  2⤵
  PID:6592
- C:\Windows\System\Lbzwojg.exe
  C:\Windows\System\Lbzwojg.exe
  2⤵
  PID:6616
- C:\Windows\System\PDgWELC.exe
  C:\Windows\System\PDgWELC.exe
  2⤵
  PID:6636
- C:\Windows\System\jZEvwvb.exe
  C:\Windows\System\jZEvwvb.exe
  2⤵
  PID:6656
- C:\Windows\System\nKklrBJ.exe
  C:\Windows\System\nKklrBJ.exe
  2⤵
  PID:6672
- C:\Windows\System\lLFvtBI.exe
  C:\Windows\System\lLFvtBI.exe
  2⤵
  PID:6696
- C:\Windows\System\mRBBSpg.exe
  C:\Windows\System\mRBBSpg.exe
  2⤵
  PID:6716
- C:\Windows\System\FiaRgzl.exe
  C:\Windows\System\FiaRgzl.exe
  2⤵
  PID:6736
- C:\Windows\System\CtVwFbP.exe
  C:\Windows\System\CtVwFbP.exe
  2⤵
  PID:6756
- C:\Windows\System\EDuYoeE.exe
  C:\Windows\System\EDuYoeE.exe
  2⤵
  PID:6776
- C:\Windows\System\qdxQugl.exe
  C:\Windows\System\qdxQugl.exe
  2⤵
  PID:6796
- C:\Windows\System\sMuehgt.exe
  C:\Windows\System\sMuehgt.exe
  2⤵
  PID:6816
- C:\Windows\System\kJVLYII.exe
  C:\Windows\System\kJVLYII.exe
  2⤵
  PID:6832
- C:\Windows\System\KLURLgt.exe
  C:\Windows\System\KLURLgt.exe
  2⤵
  PID:6856
- C:\Windows\System\MzWdaPS.exe
  C:\Windows\System\MzWdaPS.exe
  2⤵
  PID:6876
- C:\Windows\System\DPoryBT.exe
  C:\Windows\System\DPoryBT.exe
  2⤵
  PID:6896
- C:\Windows\System\gjXxUIp.exe
  C:\Windows\System\gjXxUIp.exe
  2⤵
  PID:6916
- C:\Windows\System\BSccqjz.exe
  C:\Windows\System\BSccqjz.exe
  2⤵
  PID:6936
- C:\Windows\System\RNjRRYB.exe
  C:\Windows\System\RNjRRYB.exe
  2⤵
  PID:6956
- C:\Windows\System\KynJxXp.exe
  C:\Windows\System\KynJxXp.exe
  2⤵
  PID:6976
- C:\Windows\System\RaIBzzZ.exe
  C:\Windows\System\RaIBzzZ.exe
  2⤵
  PID:6996
- C:\Windows\System\uBGZPDy.exe
  C:\Windows\System\uBGZPDy.exe
  2⤵
  PID:7016
- C:\Windows\System\QVnGpTt.exe
  C:\Windows\System\QVnGpTt.exe
  2⤵
  PID:7036
- C:\Windows\System\BKOUIUS.exe
  C:\Windows\System\BKOUIUS.exe
  2⤵
  PID:7056
- C:\Windows\System\jHAWSvc.exe
  C:\Windows\System\jHAWSvc.exe
  2⤵
  PID:7076
- C:\Windows\System\jLhAend.exe
  C:\Windows\System\jLhAend.exe
  2⤵
  PID:7096
- C:\Windows\System\iOCMOsG.exe
  C:\Windows\System\iOCMOsG.exe
  2⤵
  PID:7116
- C:\Windows\System\dIwbXKA.exe
  C:\Windows\System\dIwbXKA.exe
  2⤵
  PID:7136
- C:\Windows\System\iEZieaE.exe
  C:\Windows\System\iEZieaE.exe
  2⤵
  PID:7156
- C:\Windows\System\lKWmARG.exe
  C:\Windows\System\lKWmARG.exe
  2⤵
  PID:5592
- C:\Windows\System\UpaMNnH.exe
  C:\Windows\System\UpaMNnH.exe
  2⤵
  PID:5732
- C:\Windows\System\MSwZltL.exe
  C:\Windows\System\MSwZltL.exe
  2⤵
  PID:5772
- C:\Windows\System\kGntzsP.exe
  C:\Windows\System\kGntzsP.exe
  2⤵
  PID:5876
- C:\Windows\System\abBFEJL.exe
  C:\Windows\System\abBFEJL.exe
  2⤵
  PID:5952
- C:\Windows\System\FqtehSL.exe
  C:\Windows\System\FqtehSL.exe
  2⤵
  PID:6060
- C:\Windows\System\ZUZvTMC.exe
  C:\Windows\System\ZUZvTMC.exe
  2⤵
  PID:6096
- C:\Windows\System\dReciIo.exe
  C:\Windows\System\dReciIo.exe
  2⤵
  PID:4688
- C:\Windows\System\cDobrsL.exe
  C:\Windows\System\cDobrsL.exe
  2⤵
  PID:4808
- C:\Windows\System\RnyiKTe.exe
  C:\Windows\System\RnyiKTe.exe
  2⤵
  PID:5172
- C:\Windows\System\svVSrwH.exe
  C:\Windows\System\svVSrwH.exe
  2⤵
  PID:5236
- C:\Windows\System\WCGPNAT.exe
  C:\Windows\System\WCGPNAT.exe
  2⤵
  PID:5392
- C:\Windows\System\pGTjLBq.exe
  C:\Windows\System\pGTjLBq.exe
  2⤵
  PID:6160
- C:\Windows\System\lvgUTQq.exe
  C:\Windows\System\lvgUTQq.exe
  2⤵
  PID:5516
- C:\Windows\System\rbyVJEF.exe
  C:\Windows\System\rbyVJEF.exe
  2⤵
  PID:6184
- C:\Windows\System\MqNZnTX.exe
  C:\Windows\System\MqNZnTX.exe
  2⤵
  PID:6288
- C:\Windows\System\NuXBolR.exe
  C:\Windows\System\NuXBolR.exe
  2⤵
  PID:6260
- C:\Windows\System\mjYZVqy.exe
  C:\Windows\System\mjYZVqy.exe
  2⤵
  PID:6300
- C:\Windows\System\zhxGeoX.exe
  C:\Windows\System\zhxGeoX.exe
  2⤵
  PID:6340
- C:\Windows\System\Hjmvvko.exe
  C:\Windows\System\Hjmvvko.exe
  2⤵
  PID:6344
- C:\Windows\System\RklzzbD.exe
  C:\Windows\System\RklzzbD.exe
  2⤵
  PID:6388
- C:\Windows\System\srYuIpj.exe
  C:\Windows\System\srYuIpj.exe
  2⤵
  PID:6448
- C:\Windows\System\ZdgRVaM.exe
  C:\Windows\System\ZdgRVaM.exe
  2⤵
  PID:6480
- C:\Windows\System\demtYDW.exe
  C:\Windows\System\demtYDW.exe
  2⤵
  PID:6520
- C:\Windows\System\SkJgGEr.exe
  C:\Windows\System\SkJgGEr.exe
  2⤵
  PID:6544
- C:\Windows\System\hPePAss.exe
  C:\Windows\System\hPePAss.exe
  2⤵
  PID:6568
- C:\Windows\System\gNvClqR.exe
  C:\Windows\System\gNvClqR.exe
  2⤵
  PID:6580
- C:\Windows\System\YpNPzAG.exe
  C:\Windows\System\YpNPzAG.exe
  2⤵
  PID:6628
- C:\Windows\System\pXSXbJg.exe
  C:\Windows\System\pXSXbJg.exe
  2⤵
  PID:6684
- C:\Windows\System\BIXfwwQ.exe
  C:\Windows\System\BIXfwwQ.exe
  2⤵
  PID:6664
- C:\Windows\System\NIiNcmr.exe
  C:\Windows\System\NIiNcmr.exe
  2⤵
  PID:6712
- C:\Windows\System\rrntOmk.exe
  C:\Windows\System\rrntOmk.exe
  2⤵
  PID:6772
- C:\Windows\System\ecbypBb.exe
  C:\Windows\System\ecbypBb.exe
  2⤵
  PID:6804
- C:\Windows\System\mzrIWAF.exe
  C:\Windows\System\mzrIWAF.exe
  2⤵
  PID:6808
- C:\Windows\System\rphbcAB.exe
  C:\Windows\System\rphbcAB.exe
  2⤵
  PID:6848
- C:\Windows\System\oOfELDS.exe
  C:\Windows\System\oOfELDS.exe
  2⤵
  PID:6892
- C:\Windows\System\koRWmvZ.exe
  C:\Windows\System\koRWmvZ.exe
  2⤵
  PID:6912
- C:\Windows\System\gRBsJwq.exe
  C:\Windows\System\gRBsJwq.exe
  2⤵
  PID:6944
- C:\Windows\System\kNaUcRD.exe
  C:\Windows\System\kNaUcRD.exe
  2⤵
  PID:6968
- C:\Windows\System\cstuPxn.exe
  C:\Windows\System\cstuPxn.exe
  2⤵
  PID:6988
- C:\Windows\System\JKAjQro.exe
  C:\Windows\System\JKAjQro.exe
  2⤵
  PID:7032
- C:\Windows\System\YbPqvJB.exe
  C:\Windows\System\YbPqvJB.exe
  2⤵
  PID:7084
- C:\Windows\System\TyPwsyq.exe
  C:\Windows\System\TyPwsyq.exe
  2⤵
  PID:7104
- C:\Windows\System\lqZIEbt.exe
  C:\Windows\System\lqZIEbt.exe
  2⤵
  PID:7144
- C:\Windows\System\qDfyzMr.exe
  C:\Windows\System\qDfyzMr.exe
  2⤵
  PID:5552
- C:\Windows\System\FRoBtLh.exe
  C:\Windows\System\FRoBtLh.exe
  2⤵
  PID:5708
- C:\Windows\System\PrHhWEG.exe
  C:\Windows\System\PrHhWEG.exe
  2⤵
  PID:5956
- C:\Windows\System\OUTOKRc.exe
  C:\Windows\System\OUTOKRc.exe
  2⤵
  PID:6100
- C:\Windows\System\yIYWpPQ.exe
  C:\Windows\System\yIYWpPQ.exe
  2⤵
  PID:4800
- C:\Windows\System\AbEDlQt.exe
  C:\Windows\System\AbEDlQt.exe
  2⤵
  PID:3368
- C:\Windows\System\QLNsWTL.exe
  C:\Windows\System\QLNsWTL.exe
  2⤵
  PID:3328
- C:\Windows\System\iEsYqHX.exe
  C:\Windows\System\iEsYqHX.exe
  2⤵
  PID:5308
- C:\Windows\System\VtpDYgT.exe
  C:\Windows\System\VtpDYgT.exe
  2⤵
  PID:6200
- C:\Windows\System\bzlgAba.exe
  C:\Windows\System\bzlgAba.exe
  2⤵
  PID:6220
- C:\Windows\System\svttxBa.exe
  C:\Windows\System\svttxBa.exe
  2⤵
  PID:6248
- C:\Windows\System\sAfBuvx.exe
  C:\Windows\System\sAfBuvx.exe
  2⤵
  PID:6320
- C:\Windows\System\KjvtuDk.exe
  C:\Windows\System\KjvtuDk.exe
  2⤵
  PID:6364
- C:\Windows\System\hIEOjKa.exe
  C:\Windows\System\hIEOjKa.exe
  2⤵
  PID:6420
- C:\Windows\System\ugGPYzq.exe
  C:\Windows\System\ugGPYzq.exe
  2⤵
  PID:6464
- C:\Windows\System\SojMNRG.exe
  C:\Windows\System\SojMNRG.exe
  2⤵
  PID:6600
- C:\Windows\System\lSbvGCM.exe
  C:\Windows\System\lSbvGCM.exe
  2⤵
  PID:6548
- C:\Windows\System\xJsWDga.exe
  C:\Windows\System\xJsWDga.exe
  2⤵
  PID:6680
- C:\Windows\System\wHNkFUt.exe
  C:\Windows\System\wHNkFUt.exe
  2⤵
  PID:628
- C:\Windows\System\EYxFLfk.exe
  C:\Windows\System\EYxFLfk.exe
  2⤵
  PID:6724
- C:\Windows\System\ofBdfko.exe
  C:\Windows\System\ofBdfko.exe
  2⤵
  PID:6784
- C:\Windows\System\bEyQwuN.exe
  C:\Windows\System\bEyQwuN.exe
  2⤵
  PID:6828
- C:\Windows\System\YPzoBWQ.exe
  C:\Windows\System\YPzoBWQ.exe
  2⤵
  PID:6788
- C:\Windows\System\GIgsWjB.exe
  C:\Windows\System\GIgsWjB.exe
  2⤵
  PID:6952
- C:\Windows\System\EKimYMA.exe
  C:\Windows\System\EKimYMA.exe
  2⤵
  PID:6528
- C:\Windows\System\CBZGkiI.exe
  C:\Windows\System\CBZGkiI.exe
  2⤵
  PID:6992
- C:\Windows\System\mYFZzrh.exe
  C:\Windows\System\mYFZzrh.exe
  2⤵
  PID:7124
- C:\Windows\System\NKwlOBo.exe
  C:\Windows\System\NKwlOBo.exe
  2⤵
  PID:7164
- C:\Windows\System\wKNXrfS.exe
  C:\Windows\System\wKNXrfS.exe
  2⤵
  PID:5872
- C:\Windows\System\wxpTWLl.exe
  C:\Windows\System\wxpTWLl.exe
  2⤵
  PID:5856
- C:\Windows\System\CAVzyJZ.exe
  C:\Windows\System\CAVzyJZ.exe
  2⤵
  PID:4504
- C:\Windows\System\aVimrwD.exe
  C:\Windows\System\aVimrwD.exe
  2⤵
  PID:4640
- C:\Windows\System\ZdGFKsX.exe
  C:\Windows\System\ZdGFKsX.exe
  2⤵
  PID:5496
- C:\Windows\System\ePYlyvl.exe
  C:\Windows\System\ePYlyvl.exe
  2⤵
  PID:6188
- C:\Windows\System\QMULBEg.exe
  C:\Windows\System\QMULBEg.exe
  2⤵
  PID:6304
- C:\Windows\System\rSWOveo.exe
  C:\Windows\System\rSWOveo.exe
  2⤵
  PID:6324
- C:\Windows\System\yZzpuUh.exe
  C:\Windows\System\yZzpuUh.exe
  2⤵
  PID:6404
- C:\Windows\System\eIYoSoB.exe
  C:\Windows\System\eIYoSoB.exe
  2⤵
  PID:6564
- C:\Windows\System\zQjumDl.exe
  C:\Windows\System\zQjumDl.exe
  2⤵
  PID:6608
- C:\Windows\System\kIRraJN.exe
  C:\Windows\System\kIRraJN.exe
  2⤵
  PID:6704
- C:\Windows\System\mBcMXiz.exe
  C:\Windows\System\mBcMXiz.exe
  2⤵
  PID:6732
- C:\Windows\System\rKVIZbR.exe
  C:\Windows\System\rKVIZbR.exe
  2⤵
  PID:2264
- C:\Windows\System\TORnqCn.exe
  C:\Windows\System\TORnqCn.exe
  2⤵
  PID:6932
- C:\Windows\System\rEWpzHY.exe
  C:\Windows\System\rEWpzHY.exe
  2⤵
  PID:7068
- C:\Windows\System\VmUWGNV.exe
  C:\Windows\System\VmUWGNV.exe
  2⤵
  PID:7024
- C:\Windows\System\pZgyRSO.exe
  C:\Windows\System\pZgyRSO.exe
  2⤵
  PID:7128
- C:\Windows\System\uYuvfbl.exe
  C:\Windows\System\uYuvfbl.exe
  2⤵
  PID:5692
- C:\Windows\System\FxRdlKG.exe
  C:\Windows\System\FxRdlKG.exe
  2⤵
  PID:3568
- C:\Windows\System\SNgqPZF.exe
  C:\Windows\System\SNgqPZF.exe
  2⤵
  PID:6244
- C:\Windows\System\fvrNZUb.exe
  C:\Windows\System\fvrNZUb.exe
  2⤵
  PID:7180
- C:\Windows\System\CWnRRVe.exe
  C:\Windows\System\CWnRRVe.exe
  2⤵
  PID:7200
- C:\Windows\System\dtDOpVI.exe
  C:\Windows\System\dtDOpVI.exe
  2⤵
  PID:7220
- C:\Windows\System\TUaIKDD.exe
  C:\Windows\System\TUaIKDD.exe
  2⤵
  PID:7240
- C:\Windows\System\tLeZWgf.exe
  C:\Windows\System\tLeZWgf.exe
  2⤵
  PID:7260
- C:\Windows\System\mJlrreY.exe
  C:\Windows\System\mJlrreY.exe
  2⤵
  PID:7280
- C:\Windows\System\SliYfEX.exe
  C:\Windows\System\SliYfEX.exe
  2⤵
  PID:7300
- C:\Windows\System\yRdZYVm.exe
  C:\Windows\System\yRdZYVm.exe
  2⤵
  PID:7320
- C:\Windows\System\LqUqiuH.exe
  C:\Windows\System\LqUqiuH.exe
  2⤵
  PID:7344
- C:\Windows\System\ZJtigqV.exe
  C:\Windows\System\ZJtigqV.exe
  2⤵
  PID:7364
- C:\Windows\System\ThFCOfa.exe
  C:\Windows\System\ThFCOfa.exe
  2⤵
  PID:7380
- C:\Windows\System\lFDQpou.exe
  C:\Windows\System\lFDQpou.exe
  2⤵
  PID:7396
- C:\Windows\System\aTWeqNJ.exe
  C:\Windows\System\aTWeqNJ.exe
  2⤵
  PID:7420
- C:\Windows\System\ZdLfoyI.exe
  C:\Windows\System\ZdLfoyI.exe
  2⤵
  PID:7436
- C:\Windows\System\rYeOdaz.exe
  C:\Windows\System\rYeOdaz.exe
  2⤵
  PID:7460
- C:\Windows\System\AusYNLW.exe
  C:\Windows\System\AusYNLW.exe
  2⤵
  PID:7476
- C:\Windows\System\NABqsOt.exe
  C:\Windows\System\NABqsOt.exe
  2⤵
  PID:7504
- C:\Windows\System\SHRtVTb.exe
  C:\Windows\System\SHRtVTb.exe
  2⤵
  PID:7524
- C:\Windows\System\aOcmaTt.exe
  C:\Windows\System\aOcmaTt.exe
  2⤵
  PID:7544
- C:\Windows\System\tWsVZql.exe
  C:\Windows\System\tWsVZql.exe
  2⤵
  PID:7564
- C:\Windows\System\IFTbbcg.exe
  C:\Windows\System\IFTbbcg.exe
  2⤵
  PID:7580
- C:\Windows\System\izIkqvu.exe
  C:\Windows\System\izIkqvu.exe
  2⤵
  PID:7596
- C:\Windows\System\KNVhulr.exe
  C:\Windows\System\KNVhulr.exe
  2⤵
  PID:7620
- C:\Windows\System\DHoRutH.exe
  C:\Windows\System\DHoRutH.exe
  2⤵
  PID:7636
- C:\Windows\System\nwtwTMA.exe
  C:\Windows\System\nwtwTMA.exe
  2⤵
  PID:7660
- C:\Windows\System\KlIrDJR.exe
  C:\Windows\System\KlIrDJR.exe
  2⤵
  PID:7680
- C:\Windows\System\dGEVcDS.exe
  C:\Windows\System\dGEVcDS.exe
  2⤵
  PID:7704
- C:\Windows\System\pCRZOyh.exe
  C:\Windows\System\pCRZOyh.exe
  2⤵
  PID:7724
- C:\Windows\System\fVKMGYi.exe
  C:\Windows\System\fVKMGYi.exe
  2⤵
  PID:7740
- C:\Windows\System\glkLYfv.exe
  C:\Windows\System\glkLYfv.exe
  2⤵
  PID:7764
- C:\Windows\System\IHnhyrT.exe
  C:\Windows\System\IHnhyrT.exe
  2⤵
  PID:7780
- C:\Windows\System\QwLfNnE.exe
  C:\Windows\System\QwLfNnE.exe
  2⤵
  PID:7808
- C:\Windows\System\uPFgrsC.exe
  C:\Windows\System\uPFgrsC.exe
  2⤵
  PID:7828
- C:\Windows\System\uHuMMSF.exe
  C:\Windows\System\uHuMMSF.exe
  2⤵
  PID:7844
- C:\Windows\System\mcIscRg.exe
  C:\Windows\System\mcIscRg.exe
  2⤵
  PID:7868
- C:\Windows\System\XNcvLZh.exe
  C:\Windows\System\XNcvLZh.exe
  2⤵
  PID:7888
- C:\Windows\System\dxTaRsu.exe
  C:\Windows\System\dxTaRsu.exe
  2⤵
  PID:7908
- C:\Windows\System\tHsMQtK.exe
  C:\Windows\System\tHsMQtK.exe
  2⤵
  PID:7928
- C:\Windows\System\EXpEPBC.exe
  C:\Windows\System\EXpEPBC.exe
  2⤵
  PID:7948
- C:\Windows\System\TUeKEwy.exe
  C:\Windows\System\TUeKEwy.exe
  2⤵
  PID:7964
- C:\Windows\System\KYsGeel.exe
  C:\Windows\System\KYsGeel.exe
  2⤵
  PID:7984
- C:\Windows\System\yFOFIqH.exe
  C:\Windows\System\yFOFIqH.exe
  2⤵
  PID:8004
- C:\Windows\System\uTiOJTA.exe
  C:\Windows\System\uTiOJTA.exe
  2⤵
  PID:8024
- C:\Windows\System\UKmqJiL.exe
  C:\Windows\System\UKmqJiL.exe
  2⤵
  PID:8044
- C:\Windows\System\sPoaEif.exe
  C:\Windows\System\sPoaEif.exe
  2⤵
  PID:8064
- C:\Windows\System\dNpEjgn.exe
  C:\Windows\System\dNpEjgn.exe
  2⤵
  PID:8084
- C:\Windows\System\aaHbmCC.exe
  C:\Windows\System\aaHbmCC.exe
  2⤵
  PID:8100
- C:\Windows\System\ncUfljh.exe
  C:\Windows\System\ncUfljh.exe
  2⤵
  PID:8116
- C:\Windows\System\KGTiZfH.exe
  C:\Windows\System\KGTiZfH.exe
  2⤵
  PID:8140
- C:\Windows\System\NrfzHGy.exe
  C:\Windows\System\NrfzHGy.exe
  2⤵
  PID:8164
- C:\Windows\System\XGGIhup.exe
  C:\Windows\System\XGGIhup.exe
  2⤵
  PID:8180
- C:\Windows\System\fqXvhig.exe
  C:\Windows\System\fqXvhig.exe
  2⤵
  PID:1532
- C:\Windows\System\JGdlcmi.exe
  C:\Windows\System\JGdlcmi.exe
  2⤵
  PID:6408
- C:\Windows\System\RnsveXz.exe
  C:\Windows\System\RnsveXz.exe
  2⤵
  PID:6604
- C:\Windows\System\FzwVGAw.exe
  C:\Windows\System\FzwVGAw.exe
  2⤵
  PID:6688
- C:\Windows\System\JAnQDuE.exe
  C:\Windows\System\JAnQDuE.exe
  2⤵
  PID:6744
- C:\Windows\System\MMYuaGL.exe
  C:\Windows\System\MMYuaGL.exe
  2⤵
  PID:7108
- C:\Windows\System\opyulQi.exe
  C:\Windows\System\opyulQi.exe
  2⤵
  PID:2164
- C:\Windows\System\idVhJwP.exe
  C:\Windows\System\idVhJwP.exe
  2⤵
  PID:6428
- C:\Windows\System\ExEqXWZ.exe
  C:\Windows\System\ExEqXWZ.exe
  2⤵
  PID:5136
- C:\Windows\System\kYCkbUA.exe
  C:\Windows\System\kYCkbUA.exe
  2⤵
  PID:7176
- C:\Windows\System\ZvIpEan.exe
  C:\Windows\System\ZvIpEan.exe
  2⤵
  PID:7208
- C:\Windows\System\ceJJAEJ.exe
  C:\Windows\System\ceJJAEJ.exe
  2⤵
  PID:7276
- C:\Windows\System\IzGBSiP.exe
  C:\Windows\System\IzGBSiP.exe
  2⤵
  PID:7288
- C:\Windows\System\zQZfABi.exe
  C:\Windows\System\zQZfABi.exe
  2⤵
  PID:7352
- C:\Windows\System\aYocnWj.exe
  C:\Windows\System\aYocnWj.exe
  2⤵
  PID:7392
- C:\Windows\System\hGlHbeJ.exe
  C:\Windows\System\hGlHbeJ.exe
  2⤵
  PID:7336
- C:\Windows\System\kgidOMN.exe
  C:\Windows\System\kgidOMN.exe
  2⤵
  PID:7408
- C:\Windows\System\nVlQfon.exe
  C:\Windows\System\nVlQfon.exe
  2⤵
  PID:7444
- C:\Windows\System\apMyeih.exe
  C:\Windows\System\apMyeih.exe
  2⤵
  PID:7516
- C:\Windows\System\MABJVLn.exe
  C:\Windows\System\MABJVLn.exe
  2⤵
  PID:7452
- C:\Windows\System\KIEHKHM.exe
  C:\Windows\System\KIEHKHM.exe
  2⤵
  PID:7532
- C:\Windows\System\rSuImNA.exe
  C:\Windows\System\rSuImNA.exe
  2⤵
  PID:7628
- C:\Windows\System\iPJHLGL.exe
  C:\Windows\System\iPJHLGL.exe
  2⤵
  PID:7604
- C:\Windows\System\DlDkCdA.exe
  C:\Windows\System\DlDkCdA.exe
  2⤵
  PID:7672
- C:\Windows\System\xufwDgr.exe
  C:\Windows\System\xufwDgr.exe
  2⤵
  PID:7716
- C:\Windows\System\zkCoTHg.exe
  C:\Windows\System\zkCoTHg.exe
  2⤵
  PID:7752
- C:\Windows\System\KYyGDHK.exe
  C:\Windows\System\KYyGDHK.exe
  2⤵
  PID:7700
- C:\Windows\System\tXHSnMH.exe
  C:\Windows\System\tXHSnMH.exe
  2⤵
  PID:7804
- C:\Windows\System\NMjuYwe.exe
  C:\Windows\System\NMjuYwe.exe
  2⤵
  PID:7824
- C:\Windows\System\zDxvDiP.exe
  C:\Windows\System\zDxvDiP.exe
  2⤵
  PID:7956
- C:\Windows\System\IAIwSlZ.exe
  C:\Windows\System\IAIwSlZ.exe
  2⤵
  PID:7860
- C:\Windows\System\TPHljar.exe
  C:\Windows\System\TPHljar.exe
  2⤵
  PID:7904
- C:\Windows\System\kZJbHMF.exe
  C:\Windows\System\kZJbHMF.exe
  2⤵
  PID:8040
- C:\Windows\System\nHCOinc.exe
  C:\Windows\System\nHCOinc.exe
  2⤵
  PID:8080
- C:\Windows\System\jZLhGXH.exe
  C:\Windows\System\jZLhGXH.exe
  2⤵
  PID:7972
- C:\Windows\System\rkbszOd.exe
  C:\Windows\System\rkbszOd.exe
  2⤵
  PID:8148
- C:\Windows\System\DgNcMYo.exe
  C:\Windows\System\DgNcMYo.exe
  2⤵
  PID:8060
- C:\Windows\System\pYAkZRm.exe
  C:\Windows\System\pYAkZRm.exe
  2⤵
  PID:6484
- C:\Windows\System\nxYAHJP.exe
  C:\Windows\System\nxYAHJP.exe
  2⤵
  PID:6440
- C:\Windows\System\HToVXlX.exe
  C:\Windows\System\HToVXlX.exe
  2⤵
  PID:8136
- C:\Windows\System\PBvaoQJ.exe
  C:\Windows\System\PBvaoQJ.exe
  2⤵
  PID:8172
- C:\Windows\System\IGVFzmo.exe
  C:\Windows\System\IGVFzmo.exe
  2⤵
  PID:6840
- C:\Windows\System\cNWKYIh.exe
  C:\Windows\System\cNWKYIh.exe
  2⤵
  PID:6948
- C:\Windows\System\OyccIUb.exe
  C:\Windows\System\OyccIUb.exe
  2⤵
  PID:7044
- C:\Windows\System\lNSaxkA.exe
  C:\Windows\System\lNSaxkA.exe
  2⤵
  PID:4604
- C:\Windows\System\ksUeKaw.exe
  C:\Windows\System\ksUeKaw.exe
  2⤵
  PID:7232
- C:\Windows\System\IIsFlHj.exe
  C:\Windows\System\IIsFlHj.exe
  2⤵
  PID:7256
- C:\Windows\System\XTKTEwF.exe
  C:\Windows\System\XTKTEwF.exe
  2⤵
  PID:7064
- C:\Windows\System\ChoLGyZ.exe
  C:\Windows\System\ChoLGyZ.exe
  2⤵
  PID:7212
- C:\Windows\System\QSNWchq.exe
  C:\Windows\System\QSNWchq.exe
  2⤵
  PID:7312
- C:\Windows\System\cukXaos.exe
  C:\Windows\System\cukXaos.exe
  2⤵
  PID:7484
- C:\Windows\System\VsTbteR.exe
  C:\Windows\System\VsTbteR.exe
  2⤵
  PID:7520
- C:\Windows\System\YhUjnBE.exe
  C:\Windows\System\YhUjnBE.exe
  2⤵
  PID:7668
- C:\Windows\System\qpCaJoW.exe
  C:\Windows\System\qpCaJoW.exe
  2⤵
  PID:2036
- C:\Windows\System\fQQbYMM.exe
  C:\Windows\System\fQQbYMM.exe
  2⤵
  PID:7720
- C:\Windows\System\hSlfAqK.exe
  C:\Windows\System\hSlfAqK.exe
  2⤵
  PID:7756
- C:\Windows\System\bXwakrY.exe
  C:\Windows\System\bXwakrY.exe
  2⤵
  PID:7792
- C:\Windows\System\jvkPvQj.exe
  C:\Windows\System\jvkPvQj.exe
  2⤵
  PID:1088
- C:\Windows\System\vNrdBDW.exe
  C:\Windows\System\vNrdBDW.exe
  2⤵
  PID:748
- C:\Windows\System\ejNCzIz.exe
  C:\Windows\System\ejNCzIz.exe
  2⤵
  PID:2392
- C:\Windows\System\mSMyjpz.exe
  C:\Windows\System\mSMyjpz.exe
  2⤵
  PID:2972
- C:\Windows\System\bfUPTEf.exe
  C:\Windows\System\bfUPTEf.exe
  2⤵
  PID:2304
- C:\Windows\System\BSqJKYO.exe
  C:\Windows\System\BSqJKYO.exe
  2⤵
  PID:2084
- C:\Windows\System\BtZFEMT.exe
  C:\Windows\System\BtZFEMT.exe
  2⤵
  PID:1676
- C:\Windows\System\UbMbNcJ.exe
  C:\Windows\System\UbMbNcJ.exe
  2⤵
  PID:1592
- C:\Windows\System\pBnZULK.exe
  C:\Windows\System\pBnZULK.exe
  2⤵
  PID:7776
- C:\Windows\System\kVsPSMB.exe
  C:\Windows\System\kVsPSMB.exe
  2⤵
  PID:2364
- C:\Windows\System\tqwGsjq.exe
  C:\Windows\System\tqwGsjq.exe
  2⤵
  PID:1892
- C:\Windows\System\NbAhWAZ.exe
  C:\Windows\System\NbAhWAZ.exe
  2⤵
  PID:1596
- C:\Windows\System\imegeFW.exe
  C:\Windows\System\imegeFW.exe
  2⤵
  PID:7880
- C:\Windows\System\SJkEORr.exe
  C:\Windows\System\SJkEORr.exe
  2⤵
  PID:8000
- C:\Windows\System\oqidfGG.exe
  C:\Windows\System\oqidfGG.exe
  2⤵
  PID:8032
- C:\Windows\System\iORUlJQ.exe
  C:\Windows\System\iORUlJQ.exe
  2⤵
  PID:2668
- C:\Windows\System\fHZfnNr.exe
  C:\Windows\System\fHZfnNr.exe
  2⤵
  PID:8132
- C:\Windows\System\hEtuSuN.exe
  C:\Windows\System\hEtuSuN.exe
  2⤵
  PID:6588
- C:\Windows\System\UwSSSoK.exe
  C:\Windows\System\UwSSSoK.exe
  2⤵
  PID:7388
- C:\Windows\System\XjyttNS.exe
  C:\Windows\System\XjyttNS.exe
  2⤵
  PID:7940
- C:\Windows\System\sNmVUjN.exe
  C:\Windows\System\sNmVUjN.exe
  2⤵
  PID:8112
- C:\Windows\System\OEzYOPq.exe
  C:\Windows\System\OEzYOPq.exe
  2⤵
  PID:7340
- C:\Windows\System\KrmViIa.exe
  C:\Windows\System\KrmViIa.exe
  2⤵
  PID:6228
- C:\Windows\System\xauEvgW.exe
  C:\Windows\System\xauEvgW.exe
  2⤵
  PID:8096
- C:\Windows\System\KHJNPay.exe
  C:\Windows\System\KHJNPay.exe
  2⤵
  PID:5988
- C:\Windows\System\LrtuMmp.exe
  C:\Windows\System\LrtuMmp.exe
  2⤵
  PID:2072
- C:\Windows\System\JdyVYmm.exe
  C:\Windows\System\JdyVYmm.exe
  2⤵
  PID:7500
- C:\Windows\System\AreiDra.exe
  C:\Windows\System\AreiDra.exe
  2⤵
  PID:2544
- C:\Windows\System\lRLyeFy.exe
  C:\Windows\System\lRLyeFy.exe
  2⤵
  PID:7612
- C:\Windows\System\aPRrLWS.exe
  C:\Windows\System\aPRrLWS.exe
  2⤵
  PID:1472
- C:\Windows\System\NAYhNpo.exe
  C:\Windows\System\NAYhNpo.exe
  2⤵
  PID:1500
- C:\Windows\System\wLrqcIy.exe
  C:\Windows\System\wLrqcIy.exe
  2⤵
  PID:1936
- C:\Windows\System\wiaEJZK.exe
  C:\Windows\System\wiaEJZK.exe
  2⤵
  PID:7876
- C:\Windows\System\slfODtF.exe
  C:\Windows\System\slfODtF.exe
  2⤵
  PID:1528
- C:\Windows\System\yLpMzKS.exe
  C:\Windows\System\yLpMzKS.exe
  2⤵
  PID:7732
- C:\Windows\System\rJBRmNP.exe
  C:\Windows\System\rJBRmNP.exe
  2⤵
  PID:7688
- C:\Windows\System\DIXVxMU.exe
  C:\Windows\System\DIXVxMU.exe
  2⤵
  PID:1372
- C:\Windows\System\qewmcTD.exe
  C:\Windows\System\qewmcTD.exe
  2⤵
  PID:2236
- C:\Windows\System\KTgcfCG.exe
  C:\Windows\System\KTgcfCG.exe
  2⤵
  PID:1104
- C:\Windows\System\mxGiHtg.exe
  C:\Windows\System\mxGiHtg.exe
  2⤵
  PID:8072
- C:\Windows\System\uuKOPtY.exe
  C:\Windows\System\uuKOPtY.exe
  2⤵
  PID:8128
- C:\Windows\System\RXYuxwg.exe
  C:\Windows\System\RXYuxwg.exe
  2⤵
  PID:7236
- C:\Windows\System\HMJVRfe.exe
  C:\Windows\System\HMJVRfe.exe
  2⤵
  PID:7252
- C:\Windows\System\kttjNgW.exe
  C:\Windows\System\kttjNgW.exe
  2⤵
  PID:7692
- C:\Windows\System\gTpcTPx.exe
  C:\Windows\System\gTpcTPx.exe
  2⤵
  PID:1252
- C:\Windows\System\QpwfBcL.exe
  C:\Windows\System\QpwfBcL.exe
  2⤵
  PID:7048
- C:\Windows\System\gfbVIkU.exe
  C:\Windows\System\gfbVIkU.exe
  2⤵
  PID:7896
- C:\Windows\System\tuxVLFH.exe
  C:\Windows\System\tuxVLFH.exe
  2⤵
  PID:2016
- C:\Windows\System\JYofOOF.exe
  C:\Windows\System\JYofOOF.exe
  2⤵
  PID:1468
- C:\Windows\System\VoSRbLL.exe
  C:\Windows\System\VoSRbLL.exe
  2⤵
  PID:8020
- C:\Windows\System\fWpYVQN.exe
  C:\Windows\System\fWpYVQN.exe
  2⤵
  PID:8208
- C:\Windows\System\vJDGjrp.exe
  C:\Windows\System\vJDGjrp.exe
  2⤵
  PID:8228
- C:\Windows\System\IQCxlxC.exe
  C:\Windows\System\IQCxlxC.exe
  2⤵
  PID:8244
- C:\Windows\System\CDXNnMQ.exe
  C:\Windows\System\CDXNnMQ.exe
  2⤵
  PID:8260
- C:\Windows\System\tpSnkIn.exe
  C:\Windows\System\tpSnkIn.exe
  2⤵
  PID:8280
- C:\Windows\System\BZwICSz.exe
  C:\Windows\System\BZwICSz.exe
  2⤵
  PID:8296
- C:\Windows\System\BFLcMNc.exe
  C:\Windows\System\BFLcMNc.exe
  2⤵
  PID:8316
- C:\Windows\System\IgfPABT.exe
  C:\Windows\System\IgfPABT.exe
  2⤵
  PID:8356
- C:\Windows\System\ilBkFin.exe
  C:\Windows\System\ilBkFin.exe
  2⤵
  PID:8376
- C:\Windows\System\qJlQqkm.exe
  C:\Windows\System\qJlQqkm.exe
  2⤵
  PID:8396
- C:\Windows\System\dyqWDaQ.exe
  C:\Windows\System\dyqWDaQ.exe
  2⤵
  PID:8412
- C:\Windows\System\Dozfpgv.exe
  C:\Windows\System\Dozfpgv.exe
  2⤵
  PID:8428
- C:\Windows\System\yZogLKM.exe
  C:\Windows\System\yZogLKM.exe
  2⤵
  PID:8444
- C:\Windows\System\HifNVAn.exe
  C:\Windows\System\HifNVAn.exe
  2⤵
  PID:8460
- C:\Windows\System\hHUSEqp.exe
  C:\Windows\System\hHUSEqp.exe
  2⤵
  PID:8484
- C:\Windows\System\xcUfFgJ.exe
  C:\Windows\System\xcUfFgJ.exe
  2⤵
  PID:8504
- C:\Windows\System\Ficoatb.exe
  C:\Windows\System\Ficoatb.exe
  2⤵
  PID:8584
- C:\Windows\System\DjXkNfe.exe
  C:\Windows\System\DjXkNfe.exe
  2⤵
  PID:8600
- C:\Windows\System\xoPRhWr.exe
  C:\Windows\System\xoPRhWr.exe
  2⤵
  PID:8644
- C:\Windows\System\kfeyHBI.exe
  C:\Windows\System\kfeyHBI.exe
  2⤵
  PID:8668
- C:\Windows\System\xzWfuHW.exe
  C:\Windows\System\xzWfuHW.exe
  2⤵
  PID:8684
- C:\Windows\System\AaaKYAR.exe
  C:\Windows\System\AaaKYAR.exe
  2⤵
  PID:8700
- C:\Windows\System\PxhnyaJ.exe
  C:\Windows\System\PxhnyaJ.exe
  2⤵
  PID:8728
- C:\Windows\System\dSGUdit.exe
  C:\Windows\System\dSGUdit.exe
  2⤵
  PID:8748
- C:\Windows\System\ljZwflv.exe
  C:\Windows\System\ljZwflv.exe
  2⤵
  PID:8764
- C:\Windows\System\LNrmpqT.exe
  C:\Windows\System\LNrmpqT.exe
  2⤵
  PID:8780
- C:\Windows\System\KWjKCeJ.exe
  C:\Windows\System\KWjKCeJ.exe
  2⤵
  PID:8796
- C:\Windows\System\XyrwUWb.exe
  C:\Windows\System\XyrwUWb.exe
  2⤵
  PID:8812
- C:\Windows\System\XBPVFCm.exe
  C:\Windows\System\XBPVFCm.exe
  2⤵
  PID:8828
- C:\Windows\System\YLyhSwS.exe
  C:\Windows\System\YLyhSwS.exe
  2⤵
  PID:8844
- C:\Windows\System\FEZFsxu.exe
  C:\Windows\System\FEZFsxu.exe
  2⤵
  PID:8888
- C:\Windows\System\cBsQfXz.exe
  C:\Windows\System\cBsQfXz.exe
  2⤵
  PID:8904
- C:\Windows\System\LTsOlQZ.exe
  C:\Windows\System\LTsOlQZ.exe
  2⤵
  PID:8920
- C:\Windows\System\BroFosh.exe
  C:\Windows\System\BroFosh.exe
  2⤵
  PID:8936
- C:\Windows\System\XxJojDB.exe
  C:\Windows\System\XxJojDB.exe
  2⤵
  PID:8952
- C:\Windows\System\FRtjEuR.exe
  C:\Windows\System\FRtjEuR.exe
  2⤵
  PID:8980
- C:\Windows\System\JOSikGg.exe
  C:\Windows\System\JOSikGg.exe
  2⤵
  PID:9000
- C:\Windows\System\ZZLBCnp.exe
  C:\Windows\System\ZZLBCnp.exe
  2⤵
  PID:9016
- C:\Windows\System\PmNIgwL.exe
  C:\Windows\System\PmNIgwL.exe
  2⤵
  PID:9032
- C:\Windows\System\LpVGWTP.exe
  C:\Windows\System\LpVGWTP.exe
  2⤵
  PID:9052
- C:\Windows\System\SvODtEv.exe
  C:\Windows\System\SvODtEv.exe
  2⤵
  PID:9072
- C:\Windows\System\TNedIEV.exe
  C:\Windows\System\TNedIEV.exe
  2⤵
  PID:9088
- C:\Windows\System\gkKtWjl.exe
  C:\Windows\System\gkKtWjl.exe
  2⤵
  PID:9104
- C:\Windows\System\FzyEdsF.exe
  C:\Windows\System\FzyEdsF.exe
  2⤵
  PID:9124
- C:\Windows\System\UKgSfmQ.exe
  C:\Windows\System\UKgSfmQ.exe
  2⤵
  PID:9148
- C:\Windows\System\HGFaxuI.exe
  C:\Windows\System\HGFaxuI.exe
  2⤵
  PID:9168
- C:\Windows\System\AtzvVKG.exe
  C:\Windows\System\AtzvVKG.exe
  2⤵
  PID:9192
- C:\Windows\System\XKfJRoF.exe
  C:\Windows\System\XKfJRoF.exe
  2⤵
  PID:9212
- C:\Windows\System\vwodEyT.exe
  C:\Windows\System\vwodEyT.exe
  2⤵
  PID:8204
- C:\Windows\System\zKhXXMw.exe
  C:\Windows\System\zKhXXMw.exe
  2⤵
  PID:8272
- C:\Windows\System\JMQyPXX.exe
  C:\Windows\System\JMQyPXX.exe
  2⤵
  PID:8308
- C:\Windows\System\TdUdjTP.exe
  C:\Windows\System\TdUdjTP.exe
  2⤵
  PID:7748
- C:\Windows\System\ejJUPDt.exe
  C:\Windows\System\ejJUPDt.exe
  2⤵
  PID:8324
- C:\Windows\System\QKYPUdp.exe
  C:\Windows\System\QKYPUdp.exe
  2⤵
  PID:7656
- C:\Windows\System\ZPHpVPK.exe
  C:\Windows\System\ZPHpVPK.exe
  2⤵
  PID:668
- C:\Windows\System\MHvioLN.exe
  C:\Windows\System\MHvioLN.exe
  2⤵
  PID:7228
- C:\Windows\System\zmkdOmW.exe
  C:\Windows\System\zmkdOmW.exe
  2⤵
  PID:7980
- C:\Windows\System\eUwqiNo.exe
  C:\Windows\System\eUwqiNo.exe
  2⤵
  PID:8224
- C:\Windows\System\lpxlhjl.exe
  C:\Windows\System\lpxlhjl.exe
  2⤵
  PID:8328
- C:\Windows\System\ZTBDYSu.exe
  C:\Windows\System\ZTBDYSu.exe
  2⤵
  PID:7432
- C:\Windows\System\NuFBqEn.exe
  C:\Windows\System\NuFBqEn.exe
  2⤵
  PID:8404
- C:\Windows\System\jAJjQpQ.exe
  C:\Windows\System\jAJjQpQ.exe
  2⤵
  PID:8440
- C:\Windows\System\hEIwqmp.exe
  C:\Windows\System\hEIwqmp.exe
  2⤵
  PID:8352
- C:\Windows\System\IDollKW.exe
  C:\Windows\System\IDollKW.exe
  2⤵
  PID:8332
- C:\Windows\System\wAvnGnm.exe
  C:\Windows\System\wAvnGnm.exe
  2⤵
  PID:8472
- C:\Windows\System\sEjxyfu.exe
  C:\Windows\System\sEjxyfu.exe
  2⤵
  PID:8496
- C:\Windows\System\ibTvUdc.exe
  C:\Windows\System\ibTvUdc.exe
  2⤵
  PID:8520
- C:\Windows\System\saWjjLY.exe
  C:\Windows\System\saWjjLY.exe
  2⤵
  PID:8540
- C:\Windows\System\lWZOkOd.exe
  C:\Windows\System\lWZOkOd.exe
  2⤵
  PID:8592
- C:\Windows\System\jKSsngo.exe
  C:\Windows\System\jKSsngo.exe
  2⤵
  PID:8596
- C:\Windows\System\ThhMaIl.exe
  C:\Windows\System\ThhMaIl.exe
  2⤵
  PID:8616
- C:\Windows\System\KuIDynr.exe
  C:\Windows\System\KuIDynr.exe
  2⤵
  PID:8632
- C:\Windows\System\vXRmvyw.exe
  C:\Windows\System\vXRmvyw.exe
  2⤵
  PID:8660
- C:\Windows\System\SZBRFPi.exe
  C:\Windows\System\SZBRFPi.exe
  2⤵
  PID:8712
- C:\Windows\System\dmZCgCf.exe
  C:\Windows\System\dmZCgCf.exe
  2⤵
  PID:8724
- C:\Windows\System\yISpXww.exe
  C:\Windows\System\yISpXww.exe
  2⤵
  PID:8792
- C:\Windows\System\wHNWJHO.exe
  C:\Windows\System\wHNWJHO.exe
  2⤵
  PID:8740
- C:\Windows\System\pNPWQoU.exe
  C:\Windows\System\pNPWQoU.exe
  2⤵
  PID:8808
- C:\Windows\System\clhbvaP.exe
  C:\Windows\System\clhbvaP.exe
  2⤵
  PID:8856
- C:\Windows\System\GyjpCip.exe
  C:\Windows\System\GyjpCip.exe
  2⤵
  PID:8876
- C:\Windows\System\AafXmhq.exe
  C:\Windows\System\AafXmhq.exe
  2⤵
  PID:8900
- C:\Windows\System\WnpTuqm.exe
  C:\Windows\System\WnpTuqm.exe
  2⤵
  PID:8960
- C:\Windows\System\ZouOXVA.exe
  C:\Windows\System\ZouOXVA.exe
  2⤵
  PID:8972
- C:\Windows\System\vYeYVBe.exe
  C:\Windows\System\vYeYVBe.exe
  2⤵
  PID:8992
- C:\Windows\System\KMBgfCV.exe
  C:\Windows\System\KMBgfCV.exe
  2⤵
  PID:9060
- C:\Windows\System\UBAiAUk.exe
  C:\Windows\System\UBAiAUk.exe
  2⤵
  PID:9040
- C:\Windows\System\qWEWhVf.exe
  C:\Windows\System\qWEWhVf.exe
  2⤵
  PID:9176
- C:\Windows\System\bejJEBR.exe
  C:\Windows\System\bejJEBR.exe
  2⤵
  PID:7588
- C:\Windows\System\NlKgMOi.exe
  C:\Windows\System\NlKgMOi.exe
  2⤵
  PID:7376
- C:\Windows\System\qqZPQmd.exe
  C:\Windows\System\qqZPQmd.exe
  2⤵
  PID:7884
- C:\Windows\System\AuDwNtV.exe
  C:\Windows\System\AuDwNtV.exe
  2⤵
  PID:6852
- C:\Windows\System\HwyVAuV.exe
  C:\Windows\System\HwyVAuV.exe
  2⤵
  PID:9120
- C:\Windows\System\zIBayuf.exe
  C:\Windows\System\zIBayuf.exe
  2⤵
  PID:9164
- C:\Windows\System\SSnLwKi.exe
  C:\Windows\System\SSnLwKi.exe
  2⤵
  PID:8268
- C:\Windows\System\zHZpbcb.exe
  C:\Windows\System\zHZpbcb.exe
  2⤵
  PID:2232
- C:\Windows\System\fZChLRP.exe
  C:\Windows\System\fZChLRP.exe
  2⤵
  PID:2168
- C:\Windows\System\iHGkhbE.exe
  C:\Windows\System\iHGkhbE.exe
  2⤵
  PID:5668
- C:\Windows\System\ElmECZB.exe
  C:\Windows\System\ElmECZB.exe
  2⤵
  PID:1304
- C:\Windows\System\YzjDVvK.exe
  C:\Windows\System\YzjDVvK.exe
  2⤵
  PID:7428
- C:\Windows\System\drRIudq.exe
  C:\Windows\System\drRIudq.exe
  2⤵
  PID:8252
- C:\Windows\System\BtkUVGK.exe
  C:\Windows\System\BtkUVGK.exe
  2⤵
  PID:8344
- C:\Windows\System\dlUMOqE.exe
  C:\Windows\System\dlUMOqE.exe
  2⤵
  PID:8480
- C:\Windows\System\dXfNmlY.exe
  C:\Windows\System\dXfNmlY.exe
  2⤵
  PID:8548
- C:\Windows\System\XuQOUqR.exe
  C:\Windows\System\XuQOUqR.exe
  2⤵
  PID:8456
- C:\Windows\System\OOAHwZz.exe
  C:\Windows\System\OOAHwZz.exe
  2⤵
  PID:8656
- C:\Windows\System\gWZAZKB.exe
  C:\Windows\System\gWZAZKB.exe
  2⤵
  PID:8736
- C:\Windows\System\hVFTFpo.exe
  C:\Windows\System\hVFTFpo.exe
  2⤵
  PID:8220
- C:\Windows\System\lonvEeW.exe
  C:\Windows\System\lonvEeW.exe
  2⤵
  PID:8556
- C:\Windows\System\dvaLlHl.exe
  C:\Windows\System\dvaLlHl.exe
  2⤵
  PID:8776
- C:\Windows\System\JCyUxUZ.exe
  C:\Windows\System\JCyUxUZ.exe
  2⤵
  PID:8664
- C:\Windows\System\oOkrbqM.exe
  C:\Windows\System\oOkrbqM.exe
  2⤵
  PID:8696
- C:\Windows\System\hRGZsZh.exe
  C:\Windows\System\hRGZsZh.exe
  2⤵
  PID:8868
- C:\Windows\System\ovPHPBj.exe
  C:\Windows\System\ovPHPBj.exe
  2⤵
  PID:8884
- C:\Windows\System\spIypMS.exe
  C:\Windows\System\spIypMS.exe
  2⤵
  PID:8964
- C:\Windows\System\nEIoFmG.exe
  C:\Windows\System\nEIoFmG.exe
  2⤵
  PID:9024
- C:\Windows\System\shJatrF.exe
  C:\Windows\System\shJatrF.exe
  2⤵
  PID:9012
- C:\Windows\System\gxrUWdc.exe
  C:\Windows\System\gxrUWdc.exe
  2⤵
  PID:9132
- C:\Windows\System\egXjPEZ.exe
  C:\Windows\System\egXjPEZ.exe
  2⤵
  PID:7576
- C:\Windows\System\HBwWRzT.exe
  C:\Windows\System\HBwWRzT.exe
  2⤵
  PID:1972
- C:\Windows\System\SPdfrfD.exe
  C:\Windows\System\SPdfrfD.exe
  2⤵
  PID:9160
- C:\Windows\System\mQcOYRp.exe
  C:\Windows\System\mQcOYRp.exe
  2⤵
  PID:8240
- C:\Windows\System\nbutSDH.exe
  C:\Windows\System\nbutSDH.exe
  2⤵
  PID:7920
- C:\Windows\System\fOsVyUx.exe
  C:\Windows\System\fOsVyUx.exe
  2⤵
  PID:8424
- C:\Windows\System\Zlqixco.exe
  C:\Windows\System\Zlqixco.exe
  2⤵
  PID:8292
- C:\Windows\System\tExanNG.exe
  C:\Windows\System\tExanNG.exe
  2⤵
  PID:8852
- C:\Windows\System\dcVSDRL.exe
  C:\Windows\System\dcVSDRL.exe
  2⤵
  PID:8676
- C:\Windows\System\xRhXQIT.exe
  C:\Windows\System\xRhXQIT.exe
  2⤵
  PID:9064
- C:\Windows\System\pQeFYTx.exe
  C:\Windows\System\pQeFYTx.exe
  2⤵
  PID:9084
- C:\Windows\System\FjNwiOO.exe
  C:\Windows\System\FjNwiOO.exe
  2⤵
  PID:8560
- C:\Windows\System\RWhVQsF.exe
  C:\Windows\System\RWhVQsF.exe
  2⤵
  PID:8572
- C:\Windows\System\JCSKfGw.exe
  C:\Windows\System\JCSKfGw.exe
  2⤵
  PID:8804
- C:\Windows\System\xTmzRVC.exe
  C:\Windows\System\xTmzRVC.exe
  2⤵
  PID:9140
- C:\Windows\System\yHzebUw.exe
  C:\Windows\System\yHzebUw.exe
  2⤵
  PID:9116
- C:\Windows\System\IRTnmqE.exe
  C:\Windows\System\IRTnmqE.exe
  2⤵
  PID:8388
- C:\Windows\System\YaJvNOk.exe
  C:\Windows\System\YaJvNOk.exe
  2⤵
  PID:8744
- C:\Windows\System\iWcfUaw.exe
  C:\Windows\System\iWcfUaw.exe
  2⤵
  PID:8612
- C:\Windows\System\HXkMXQf.exe
  C:\Windows\System\HXkMXQf.exe
  2⤵
  PID:8896
- C:\Windows\System\UjPanwK.exe
  C:\Windows\System\UjPanwK.exe
  2⤵
  PID:7856
- C:\Windows\System\PhqjRXr.exe
  C:\Windows\System\PhqjRXr.exe
  2⤵
  PID:8528
- C:\Windows\System\VCFizTN.exe
  C:\Windows\System\VCFizTN.exe
  2⤵
  PID:8536
- C:\Windows\System\gItvPuJ.exe
  C:\Windows\System\gItvPuJ.exe
  2⤵
  PID:9204
- C:\Windows\System\IVPFwLE.exe
  C:\Windows\System\IVPFwLE.exe
  2⤵
  PID:7404
- C:\Windows\System\hwzubib.exe
  C:\Windows\System\hwzubib.exe
  2⤵
  PID:8624
- C:\Windows\System\wDRWmxe.exe
  C:\Windows\System\wDRWmxe.exe
  2⤵
  PID:7816
- C:\Windows\System\nPCdsoL.exe
  C:\Windows\System\nPCdsoL.exe
  2⤵
  PID:9112
- C:\Windows\System\GCBOXiu.exe
  C:\Windows\System\GCBOXiu.exe
  2⤵
  PID:8880
- C:\Windows\System\LcngQmV.exe
  C:\Windows\System\LcngQmV.exe
  2⤵
  PID:8340
- C:\Windows\System\KPzUlMB.exe
  C:\Windows\System\KPzUlMB.exe
  2⤵
  PID:8872
- C:\Windows\System\FsrKcjB.exe
  C:\Windows\System\FsrKcjB.exe
  2⤵
  PID:9240
- C:\Windows\System\nCndNfp.exe
  C:\Windows\System\nCndNfp.exe
  2⤵
  PID:9264
- C:\Windows\System\oQksKcj.exe
  C:\Windows\System\oQksKcj.exe
  2⤵
  PID:9284
- C:\Windows\System\jCuaSNJ.exe
  C:\Windows\System\jCuaSNJ.exe
  2⤵
  PID:9300
- C:\Windows\System\YXsXXvI.exe
  C:\Windows\System\YXsXXvI.exe
  2⤵
  PID:9316
- C:\Windows\System\zrSwKaE.exe
  C:\Windows\System\zrSwKaE.exe
  2⤵
  PID:9336
- C:\Windows\System\rRRXEgu.exe
  C:\Windows\System\rRRXEgu.exe
  2⤵
  PID:9352
- C:\Windows\System\nHSRyca.exe
  C:\Windows\System\nHSRyca.exe
  2⤵
  PID:9376
- C:\Windows\System\aGLKrsw.exe
  C:\Windows\System\aGLKrsw.exe
  2⤵
  PID:9400
- C:\Windows\System\fyVcDrc.exe
  C:\Windows\System\fyVcDrc.exe
  2⤵
  PID:9424
- C:\Windows\System\tWmzYHa.exe
  C:\Windows\System\tWmzYHa.exe
  2⤵
  PID:9464
- C:\Windows\System\RovrvIq.exe
  C:\Windows\System\RovrvIq.exe
  2⤵
  PID:9496
- C:\Windows\System\EYpQodc.exe
  C:\Windows\System\EYpQodc.exe
  2⤵
  PID:9520
- C:\Windows\System\wPqkgyl.exe
  C:\Windows\System\wPqkgyl.exe
  2⤵
  PID:9592
- C:\Windows\System\iNUFMdA.exe
  C:\Windows\System\iNUFMdA.exe
  2⤵
  PID:9648
- C:\Windows\System\jKhXTfB.exe
  C:\Windows\System\jKhXTfB.exe
  2⤵
  PID:9668
- C:\Windows\System\gPxCWAZ.exe
  C:\Windows\System\gPxCWAZ.exe
  2⤵
  PID:9684
- C:\Windows\System\EGyxELI.exe
  C:\Windows\System\EGyxELI.exe
  2⤵
  PID:9700
- C:\Windows\System\OYIZaJa.exe
  C:\Windows\System\OYIZaJa.exe
  2⤵
  PID:9716
- C:\Windows\System\mGNWJdb.exe
  C:\Windows\System\mGNWJdb.exe
  2⤵
  PID:9736
- C:\Windows\System\CuWVYNp.exe
  C:\Windows\System\CuWVYNp.exe
  2⤵
  PID:9756
- C:\Windows\System\PCKPhdl.exe
  C:\Windows\System\PCKPhdl.exe
  2⤵
  PID:9772
- C:\Windows\System\wKdJUJU.exe
  C:\Windows\System\wKdJUJU.exe
  2⤵
  PID:9796
- C:\Windows\System\ILFFJmR.exe
  C:\Windows\System\ILFFJmR.exe
  2⤵
  PID:9820
- C:\Windows\System\gsrVDLP.exe
  C:\Windows\System\gsrVDLP.exe
  2⤵
  PID:9836
- C:\Windows\System\cfhgNgp.exe
  C:\Windows\System\cfhgNgp.exe
  2⤵
  PID:9888
- C:\Windows\System\ELatatS.exe
  C:\Windows\System\ELatatS.exe
  2⤵
  PID:9908
- C:\Windows\System\IIDJyOC.exe
  C:\Windows\System\IIDJyOC.exe
  2⤵
  PID:9924
- C:\Windows\System\EGTIUkh.exe
  C:\Windows\System\EGTIUkh.exe
  2⤵
  PID:9948
- C:\Windows\System\LMRhpRp.exe
  C:\Windows\System\LMRhpRp.exe
  2⤵
  PID:9964
- C:\Windows\System\MLWyOjJ.exe
  C:\Windows\System\MLWyOjJ.exe
  2⤵
  PID:9984
- C:\Windows\System\hKGOMKK.exe
  C:\Windows\System\hKGOMKK.exe
  2⤵
  PID:10004
- C:\Windows\System\cDdDhYd.exe
  C:\Windows\System\cDdDhYd.exe
  2⤵
  PID:10028
- C:\Windows\System\kEiJvTD.exe
  C:\Windows\System\kEiJvTD.exe
  2⤵
  PID:10048
- C:\Windows\System\pEmRDza.exe
  C:\Windows\System\pEmRDza.exe
  2⤵
  PID:10064
- C:\Windows\System\dKSxhom.exe
  C:\Windows\System\dKSxhom.exe
  2⤵
  PID:10084
- C:\Windows\System\ZTwazza.exe
  C:\Windows\System\ZTwazza.exe
  2⤵
  PID:10100
- C:\Windows\System\oVeUefu.exe
  C:\Windows\System\oVeUefu.exe
  2⤵
  PID:10128
- C:\Windows\System\fnJqzBO.exe
  C:\Windows\System\fnJqzBO.exe
  2⤵
  PID:10148
- C:\Windows\System\lpVTzQU.exe
  C:\Windows\System\lpVTzQU.exe
  2⤵
  PID:10176
- C:\Windows\System\SFvOAzx.exe
  C:\Windows\System\SFvOAzx.exe
  2⤵
  PID:10192
- C:\Windows\System\iglUzXZ.exe
  C:\Windows\System\iglUzXZ.exe
  2⤵
  PID:10208
- C:\Windows\System\gOuwQaU.exe
  C:\Windows\System\gOuwQaU.exe
  2⤵
  PID:10224
- C:\Windows\System\jtqNuJa.exe
  C:\Windows\System\jtqNuJa.exe
  2⤵
  PID:9228
- C:\Windows\System\ZWsADjo.exe
  C:\Windows\System\ZWsADjo.exe
  2⤵
  PID:9256
- C:\Windows\System\BMjRuzb.exe
  C:\Windows\System\BMjRuzb.exe
  2⤵
  PID:9276
- C:\Windows\System\yHIpJIH.exe
  C:\Windows\System\yHIpJIH.exe
  2⤵
  PID:9308
- C:\Windows\System\NAvlwHz.exe
  C:\Windows\System\NAvlwHz.exe
  2⤵
  PID:9360
- C:\Windows\System\NCHyOon.exe
  C:\Windows\System\NCHyOon.exe
  2⤵
  PID:9384
- C:\Windows\System\RBujnkC.exe
  C:\Windows\System\RBujnkC.exe
  2⤵
  PID:9420
- C:\Windows\System\RMlTWAi.exe
  C:\Windows\System\RMlTWAi.exe
  2⤵
  PID:9440
- C:\Windows\System\fyyntOR.exe
  C:\Windows\System\fyyntOR.exe
  2⤵
  PID:9460
- C:\Windows\System\LohHwGt.exe
  C:\Windows\System\LohHwGt.exe
  2⤵
  PID:9492
- C:\Windows\System\jtArBdW.exe
  C:\Windows\System\jtArBdW.exe
  2⤵
  PID:9532
- C:\Windows\System\fLyTWtT.exe
  C:\Windows\System\fLyTWtT.exe
  2⤵
  PID:9548
- C:\Windows\System\YhyQZmE.exe
  C:\Windows\System\YhyQZmE.exe
  2⤵
  PID:9508
- C:\Windows\System\BorVdtJ.exe
  C:\Windows\System\BorVdtJ.exe
  2⤵
  PID:9568
- C:\Windows\System\SLsHyOr.exe
  C:\Windows\System\SLsHyOr.exe
  2⤵
  PID:9584
- C:\Windows\System\fMBUxch.exe
  C:\Windows\System\fMBUxch.exe
  2⤵
  PID:9616
- C:\Windows\System\MjJcutb.exe
  C:\Windows\System\MjJcutb.exe
  2⤵
  PID:9632
- C:\Windows\System\tFikDez.exe
  C:\Windows\System\tFikDez.exe
  2⤵
  PID:9680
- C:\Windows\System\sEYtMoj.exe
  C:\Windows\System\sEYtMoj.exe
  2⤵
  PID:9748
- C:\Windows\System\qiSqVnT.exe
  C:\Windows\System\qiSqVnT.exe
  2⤵
  PID:9792
- C:\Windows\System\xrVvzPE.exe
  C:\Windows\System\xrVvzPE.exe
  2⤵
  PID:9692
- C:\Windows\System\xrksRJK.exe
  C:\Windows\System\xrksRJK.exe
  2⤵
  PID:9764
- C:\Windows\System\LQrWIkU.exe
  C:\Windows\System\LQrWIkU.exe
  2⤵
  PID:9724
- C:\Windows\System\ygkkcdN.exe
  C:\Windows\System\ygkkcdN.exe
  2⤵
  PID:9856
- C:\Windows\System\VMdDALm.exe
  C:\Windows\System\VMdDALm.exe
  2⤵
  PID:9916
- C:\Windows\System\vPbAsGg.exe
  C:\Windows\System\vPbAsGg.exe
  2⤵
  PID:9936
- C:\Windows\System\CiSFQQY.exe
  C:\Windows\System\CiSFQQY.exe
  2⤵
  PID:9992
- C:\Windows\System\cTppnob.exe
  C:\Windows\System\cTppnob.exe
  2⤵
  PID:10020
- C:\Windows\System\rbawpOO.exe
  C:\Windows\System\rbawpOO.exe
  2⤵
  PID:10060
- C:\Windows\System\KKvTgzq.exe
  C:\Windows\System\KKvTgzq.exe
  2⤵
  PID:10072
- C:\Windows\System\oaUnUPy.exe
  C:\Windows\System\oaUnUPy.exe
  2⤵
  PID:10116
- C:\Windows\System\LmUDDMN.exe
  C:\Windows\System\LmUDDMN.exe
  2⤵
  PID:10160
- C:\Windows\System\wKOhrpj.exe
  C:\Windows\System\wKOhrpj.exe
  2⤵
  PID:10184
- C:\Windows\System\mGMuDis.exe
  C:\Windows\System\mGMuDis.exe
  2⤵
  PID:10200
- C:\Windows\System\iYAoKFH.exe
  C:\Windows\System\iYAoKFH.exe
  2⤵
  PID:10220
- C:\Windows\System\WHXEaki.exe
  C:\Windows\System\WHXEaki.exe
  2⤵
  PID:9224
- C:\Windows\System\OeWEhQL.exe
  C:\Windows\System\OeWEhQL.exe
  2⤵
  PID:9272
- C:\Windows\System\HoRvrCh.exe
  C:\Windows\System\HoRvrCh.exe
  2⤵
  PID:9324
- C:\Windows\System\PgVgogo.exe
  C:\Windows\System\PgVgogo.exe
  2⤵
  PID:9368
- C:\Windows\System\OzXiEgA.exe
  C:\Windows\System\OzXiEgA.exe
  2⤵
  PID:9432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACpfEnO.exe

Filesize
6.0MB

MD5
ca4f4b38ae805e6e00edc96982bb923b

SHA1
1af64d5ef1f7aa611faeb7ae8d85e4801e5cde8d

SHA256
673b15651b2f69f26ed569602ee8b2d4b06f9c029fdd757ef79fb7a599c70e1e

SHA512
3fc43da42806cf7444a378290a8a222c4244b2157b717020067f8969a133ce1bd55efa26e3b689abadf1ae01ab74b818100a5027d213caf7c6751e6831f877bd

Download Submit
C:\Windows\system\HnVgECF.exe

Filesize
6.0MB

MD5
ee1918db611dee68f32a3a0ad713bb01

SHA1
2a51a76dfa0347b9de27a7f9c57aec0509a8ac2b

SHA256
811498721089d253ab9da807e54490d0f2f59f3e4c7a9f16d32e2977f5baf7f4

SHA512
1e04c5aea5606e2302f300b8c1cce8fe64f136817e4af656b56018112db8befa7af0ff7e349dc9694188c9061e5baa0c3b4f3b87c646c4e108ee85f732c701ed

Download Submit
C:\Windows\system\KaGHumb.exe

Filesize
6.0MB

MD5
fccaca720ad03a49d458ffc325e60f85

SHA1
0917e5a12e6bcf883e11db5587d53c60169ad246

SHA256
902643323998033947165abd88234b738f5b4522d43650fc0a246d9953a63533

SHA512
101b029ec19b9cfc56b0b7a217e950696b624e1f3a27b86bdd8b95844d6b68d546f7936aa8db21ad614c873e8fb4b4e49919bf4a086bff74502c506b0314dda6

Download Submit
C:\Windows\system\LLxeNmr.exe

Filesize
6.0MB

MD5
31d170134844f75b1b1777cb36021089

SHA1
cd2d3001c5a661da78cbf575c507ddd82fbd2478

SHA256
e591f939a69ef14722a454625a699cfbbba6bcaeff79641aada44e07bbaa30af

SHA512
1b15708cfbd71342254c2aa183594e879d6d38396b90975b81a4392d80b2bfa86753ad5f5b3ef49a453240927bdc8ce535ab45e8436fa785a313a2589d4329d0

Download Submit
C:\Windows\system\LVLISIl.exe

Filesize
6.0MB

MD5
060942859ab3089e3eea0bf65f90ece7

SHA1
0f4cd2ab09d4a68246a89eb9f1cc221d43c2611d

SHA256
1d2a45d6bf6df8611b19f05c7149bf7778d3dc83a5e525f61a2843574530743b

SHA512
a43ccf0647f53a541f6f127e6ae602bf01d035db9adbb90899fdd994ab76cc26962314209b06731b394bfe3c19601cceac60acfb0385fb25774a0a6a65daa3ca

Download Submit
C:\Windows\system\LeuQpLV.exe

Filesize
6.0MB

MD5
f4cb5994af8481e3f846460f192ba9ad

SHA1
77f3598bdd1ff426ec4be5646b2cd3bdc3ab9832

SHA256
446ca31429b19fd0820bd92260a756f1c28fa37c932ee655d992c3039cdb60a4

SHA512
49a54340c6a2f28f7f2ffbdf53b8b8bebdbb7e660d08c69e70a2adcfd902eddc1c6d4fb67912aba5246b5cfb727f0e7d5401e288ed4d8f9b9ebaeebbabf16e8e

Download Submit
C:\Windows\system\MKSgCqp.exe

Filesize
6.0MB

MD5
2bcae4e44c9d56304c3ae2715859e8af

SHA1
ebca5d9fc9e3ffd4b0c281055d18d5331e47b85a

SHA256
416be21ba594565c5bdce74704acf7ebcdd26456d5985b9a3826fa55784a44df

SHA512
7676ca707931ec95189b91a392d4c3f507cd290d7c59aa3ffc1ef803eb6142345be15df7e0334c8e41e60811d27157037ad53f27478494f2bbbd2da4e7fa580c

Download Submit
C:\Windows\system\MaSOAQK.exe

Filesize
6.0MB

MD5
e6c3ad8940ae37fad84b5a17f8598e57

SHA1
c045c26e802512f3e69897a333e44f417cbf8305

SHA256
b0d2b096f4f60828a07537dcd9895d4b11dbba7325bd43150582f327d21a2c1f

SHA512
8ae2c1ecce417d4e466b24ef389ade4f765de2cd7f5f228c655ae42ac3d35fc90e790d2680c730051280ead5849efad884c7fc9596b00eaca9c2cf524191c75f

Download Submit
C:\Windows\system\Nddhpgx.exe

Filesize
6.0MB

MD5
d75adb1f35d472fc73942f9ae84e676c

SHA1
4b690b1f3eeb4b9a072587228412db420bcf3337

SHA256
45fee7d83459183c464f6a53a73daf46b655021d65b35275da53fdc56444a15d

SHA512
80a7eba79aefb6c95c67b5cec34eb9fe1f3c8033dce2807c6dd4ed70356e8ccb40707f002263fec813df507edcbcc2f931958fa190ea95bc4d174841d13d2b86

Download Submit
C:\Windows\system\NpFPWwl.exe

Filesize
6.0MB

MD5
7f63e9618a3b706439901fc632407277

SHA1
22977ccee1ee68817b0d318f1d6083c9d7b9e949

SHA256
b97db9c723a1a430f66815a7cb3600bec8db6589dab8e205d01165f6382efa4e

SHA512
4d23e22f4d97a65b9454c991375d33e51f05634fed2e1e1e8cd0e8af26425d34b2dc012e614baa4d2da6eb48ec58265f66ee419c47031c19a4283a7fd8964525

Download Submit
C:\Windows\system\OmQUpPo.exe

Filesize
6.0MB

MD5
63806c56f8ca14e22d7bab8e52fb77ee

SHA1
00932ef58e37999618a9d103fa10e27789fa3fc4

SHA256
b6d5d2a4237efc8fb7d3b0aae55923cde096d377f276cb04c27bc59675535f79

SHA512
100b36d88adcbc0d765d0170d72046a392a655bbe16983281d617098813ff0b787809a50aead6fa0d6ced8ab6beca5e06962dc44c88f52a94f4ef364fe268660

Download Submit
C:\Windows\system\PysuKLw.exe

Filesize
6.0MB

MD5
178c0238f81402ef747c9ec3897d67c3

SHA1
6a42aee7d7ee9ccc8a803381f357baa5dc0b4403

SHA256
f20bda7014eb7cc7c35903a6904a65f8bbdb3327d8059d54d9f8b3092950fdde

SHA512
27af9b08407ea8a08fbf569571331439000140e19064cacb17d08eab45220c9c791f1fd3f3e9d9ac10399de8897bb376ee33cce838181ea6ae32c438d23bd39d

Download Submit
C:\Windows\system\TRnVAOw.exe

Filesize
6.0MB

MD5
99521e26d52cc0481675c486d069c958

SHA1
889fc553100ceaacdf9320dc4b9eb3ff3d318527

SHA256
c60f5a2f53303733b08adad87875645d12a82695211a9816507ffc284cf8b3f6

SHA512
ef8ef542dfca23a78b801722f077caef0331fba631da669c9921e481f0d28dea8ae06d208c75fcc344e4d2cfb7125e33d57833f5de7bd1530e9b24384ff7ca47

Download Submit
C:\Windows\system\TjcFLXB.exe

Filesize
6.0MB

MD5
ff7ba2b91f21c2d6d353b8b2eab869a8

SHA1
1aa3d9e4b0f0a560b40acc72c3706eff0bea063f

SHA256
92671f96e66edb0aafb1a40e8f0cd151f6dd21c5c45772b8aefb26224c12e5ef

SHA512
3a3ef61cd5546b157445e5c1f341eefbc91d825d6f832ffc19df271da7a1733bf3b8ee2e11b0d3b7de11a18f0ab0caa75ed4731915d9b7f766dce84a64bee48b

Download Submit
C:\Windows\system\UHyVRtN.exe

Filesize
6.0MB

MD5
12b82b7fd0a0f7758522eef2dedfb0c9

SHA1
73b866827494318d6ae02ab86c419b22ede85e52

SHA256
7cf10b3567514f39deb5395b751641c19a523b6fa0578b8e79716ebdb0d76e8c

SHA512
3bd403c866dfe6c745698597b74778ce6f4ea67c37ea36be15af6d49d1e02093a3af92f3cc515851b68b11ffac03d2c2fc80e93742f4c6d1e5aec4fb1689fd1c

Download Submit
C:\Windows\system\UWBakEx.exe

Filesize
6.0MB

MD5
de4d54feb52a0bcbe9d9ef3cb7a63049

SHA1
e08643d35f45e8a46688827e5cbcbf521ac1a6d2

SHA256
4dd2c41510c13349b9636ec2568d02dcbfd86cc2f67a9acc147981a7e6230f15

SHA512
c9c4b06dbd72c4d3a8c1c014d66b50165f7d5d0d2567590818aff4a1a54b734fcc7221d54f7e070c1fee9d1034a61e68a11e9078fc33aac3e1a875a5418754d1

Download Submit
C:\Windows\system\VCfLxzR.exe

Filesize
6.0MB

MD5
e188ca9226fbf140ab23598ecd3d2fa8

SHA1
6e22608df56662246163f529da17f305c826fc40

SHA256
2f84c738cf0024f1a0094253c48da1c2bc9676cf64940657849968a5ef261a7a

SHA512
797ef0e1f1c99ca317346b8595a9986ef3cc12835f33c2921dc601a9682f9da34cd57caa2f727775494467963cd0568f0fd9c88a9d5a354d6fa8a5862aef9969

Download Submit
C:\Windows\system\WErTCya.exe

Filesize
6.0MB

MD5
ff9c535fc508135eacc26aa98504b69d

SHA1
68f613ea53f24189a59852711ef0a51f0ad47e48

SHA256
c6ab37f772b08d416c6010859e36cd5166209529d429137ec839d6dbf73f9b76

SHA512
dada7f3950c8b89e334bd55196b846fc9b2abca735dd505abf72c99aea7fc8bed4299d324a9ce5a6c1707eb3bf12f3ac807f522b9a0f55835e3538078046e019

Download Submit
C:\Windows\system\XEEAigo.exe

Filesize
6.0MB

MD5
9e4cf30c52a65201042a7b689ded4c6c

SHA1
1d0263232abc024e48c1f406d26149b181939cc1

SHA256
e66e8a607acb089aab584d8e4eee224314b329aca4566cccdaa43185eb552490

SHA512
e711e53f0d60e74c5b3209197ff13749ec54aaf43f1afd07644ab881e2a430c5da09bb220fb1594f784a65eab84d856e9ad667c041f0327bb8574302ac97b997

Download Submit
C:\Windows\system\XyWbaeH.exe

Filesize
6.0MB

MD5
cbb92d7d07b905c7ce730bd08c79ea0e

SHA1
2de2d28e378dd5ed02f71dfb767707f6a73f370e

SHA256
cff16c49d5fdc96e113db94f5ed8c4f7d1c2a7c749d8121b02a831254a294948

SHA512
f38f6624c0a3bd4fb1bf085e521eeb1d7fe9245dcb830bc38dda8a76b6f7e2d1e87efccf2e9b718548e95d2a520c556f556a4b0d3bec1c633821ddc6b188f3e4

Download Submit
C:\Windows\system\fDrymnF.exe

Filesize
6.0MB

MD5
9affcd89a41878b97354e66d4bcd9812

SHA1
0b372ed81cef115187fc0f5a270b1c6721a6577c

SHA256
832bddede531045c581972c1035671d5055cecf087f834e3521225398424b752

SHA512
e89c9abd3028bee649ddf05d3d3ef6f7d1afd47c0f90c526501046737dc17072974e0b65e5f57e5fa930252f6b38563112a47ef5396379d0c95c4e8949665c24

Download Submit
C:\Windows\system\lGQoIZT.exe

Filesize
6.0MB

MD5
afedd3e17cc92e28a3a7bcbb3d4ea61b

SHA1
6057738dc2b62e68f737b2db615bbf5223bd739c

SHA256
730eefa831a8d36a32dab153bc27a26eed779213990df589c1f6a34906555d20

SHA512
dd03de9bd6e89772bb69e287dc3b71314ce8232aa26ba4c4ff5c1e5f874750734ac5ef8f210bf3b5cf7f28978b61b0ceef502f8ac832c64f12443252cf400fdf

Download Submit
C:\Windows\system\lrYkBXP.exe

Filesize
6.0MB

MD5
55e438d041f65cf9f1f123b68ac858f8

SHA1
83be54028b1d828ebaeb568328433934c506bb90

SHA256
1ebe757f2ede045c703cec114cc9a34eb13e188f3b0c2d5244ac4ea4314d6012

SHA512
479eab3613c902799b80e1954d72683005531a03f95a0b17506ae499ecdb8f90d36f1bace4dc853f2c9c9bb26bd7e2cac6bedd01db09b399e8ca4e7a87ac4700

Download Submit
C:\Windows\system\mojsWNw.exe

Filesize
6.0MB

MD5
87bce539b365c9ead6220a815131f20e

SHA1
2f4676a348a9c381563458658217a827c8f73191

SHA256
da3d30e89481f02df503dfea3192ab8141287d9c8ca905e594a45695bb396fb3

SHA512
5c484e9fb44c53c668d5538737cae7061d0cb8babf944a9807d0f939415884835e0cee30c18c4b8108f202b8aac45e668510556d128a1d87812ed14e4c2e2bd7

Download Submit
C:\Windows\system\okGxtdn.exe

Filesize
6.0MB

MD5
30e521d5af64fec05fe3e57a3b003538

SHA1
4614023e881879df18d760f82d9501e0fe881748

SHA256
17324f0b1447480512ff210f3d2948d624ef372aee18be86de69152f4a42557e

SHA512
2f23e121bc33b1719e2ddd71e918280dc5b4bf6ac16da0002acf8a49d20fb2ec452803252044f4e02906599e3554a14d2317a0f5f6bc3b05681541d51810aeca

Download Submit
C:\Windows\system\qCGptWO.exe

Filesize
6.0MB

MD5
5e1cbd2ab4f89af10e9a20592d1c2848

SHA1
e7d515dffe7f28496847f9e423fb86c4cf888a15

SHA256
71ccc304847d96702babf8cfa3aa3495dfa4103eef28d45901ce3fafb858d44d

SHA512
2f38add34d0c7eb8a1988e70d02cb25e84e1f5b723f0ff744485bef1f72a97939346b85c10e9c9d17692cb32b4121b48408e94e054614e80fd37e5ca44d70380

Download Submit
C:\Windows\system\uUoLwvq.exe

Filesize
6.0MB

MD5
9dc0cf7101c65b82fc02da5802acdb8c

SHA1
6cbc382583a1a0513f4eb3e8b9261ca3f00cf63d

SHA256
5b86a6d4d2c797bb472feed7a0f2625ec74e4b271114dcaa80682f25aae81f11

SHA512
5a4c72a85e5a96ef06d92e6499d47af6cab928e428df8ca10a0e1bbcb0c3d147471c0b8ac7c1eca7ce5c5af00b956cdeeb3f5ef31273320409173f532b4be4d6

Download Submit
C:\Windows\system\xaUTIPL.exe

Filesize
6.0MB

MD5
dde68486bd005f5b1d3986475b08c889

SHA1
fae75b922585af5d96925148f767340c35cd1e2c

SHA256
94722388cfc2a46761047d3710fbede00dfb6cc44ed186804652044071189d4c

SHA512
323d6060dc44d74f8c74cad154d7294cd1ada184d1b7140a5e25f1655e931262a691f4479aa22b23cc0f13a5855a2c86c082be7dd6a79973b4b96e90f0b90c32

Download Submit
\Windows\system\VEevdtn.exe

Filesize
6.0MB

MD5
d7a1f512f986ddd8315e3df35a35f24f

SHA1
2588b63329062b852cb48a24c094dfa9e48c188b

SHA256
0b91ffcb80b2ceeffa97cc5666b4ec9848657da0e1f261e8d23ac4473765864c

SHA512
428b7385a46199decdb70f733ece6867aa2cddf796cf8dfd94e232d89071fbb2d60a55d31f45cf8e4a3090403159ab25ff5a563a3fc6e0fc410574b4387d068b

Download Submit
\Windows\system\hjVQdva.exe

Filesize
6.0MB

MD5
78a64ccaf36439c6b678d885b6051843

SHA1
aed5ab05a088cd61c9a42a73b13c7ca84544537d

SHA256
769661198a77ee776a18d12902cb3a06b5e28a04d178f65140cb66ac5c07d2d7

SHA512
fe2852e466d97eef396e1fc14334eeeb082b54c36dc8304b1ef75392c25f54f2849108c8e5983e5c500500438e0253f54ab38a755502f30ea9a955eb5f7d9b02

Download Submit
\Windows\system\jzplppm.exe

Filesize
6.0MB

MD5
2d58ee8f83fade26425010ef974858c5

SHA1
573d2ee4096392585785816916769b74c73f27bd

SHA256
56b9263208f888dc7c0a9c052ef585c1f2c1d90adb99419ed1d73d154e49471c

SHA512
dbd5d5d6552a45b1b58686288dc1cf479e8e7c557bbbdfbe39198f8f13f617e7e505305694ae546b0bef34c57b788b9954c97d657e58cff42e13d9f1b0c1aeca

Download Submit
\Windows\system\wuMZvpq.exe

Filesize
6.0MB

MD5
4e04b6681322b11ac194f42ca95357b2

SHA1
22f573942d53fd000379d1425dbc366d8e2c20f2

SHA256
9dc8fb32012920db2f23f40a3c3c31ee5fdaa9f5d80209ee55366e4c31e032f4

SHA512
37fcd37e8e06fe46492598d5dbf9fd7f970d37dfb2ce6b3b9664a956526c6f6b2328ffb343e1cee405680683801516ff70ac807946d0299c967be326523dea80

Download Submit
memory/828-61-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/828-3419-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1052-82-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1052-3386-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2128-69-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2128-3385-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2200-53-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3383-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-90-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-3425-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-3443-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2448-95-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3301-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2548-37-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3427-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-101-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-1117-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-44-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3300-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-43-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-60-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1116-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-99-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1379-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-294-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2676-100-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-89-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2676-36-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2676-77-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-14-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2676-70-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2676-0-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2676-45-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2676-25-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-62-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2676-109-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-46-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-20-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2676-12-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-48-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3163-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-16-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3291-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-30-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3274-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2932-63-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2932-23-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3239-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2936-15-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2964-76-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2964-3413-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download