cobaltstrike | 29e026f012d0946562bd61ab5564be2683ce32dbafe87b1db0226e8a52129646

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/01/2025, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

bbd242e67992648d39ba1756d4f01721
SHA1

079730ea9bb92fecd70c8a0ccabd36b98dfdd527
SHA256

29e026f012d0946562bd61ab5564be2683ce32dbafe87b1db0226e8a52129646
SHA512

87e65b55e0d8a05db171e963602be62a83c7254fefb8e93c1ca1f7f50c141194a2f458d74b52f0c3d4345fa4a3269f6cbb23e1976c2231720d8f8cb4c7dec6d5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUB:T+q56utgpPF8u/7B

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0033000000011c23-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160ae-13.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000160d5-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016311-24.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000165b6-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016652-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016858-44.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016bfc-52.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-104.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-96.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e47-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f6-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f2-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-122.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2380-0-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x0033000000011c23-3.dat	xmrig
behavioral1/memory/2380-6-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x00080000000160ae-13.dat	xmrig
behavioral1/memory/108-12-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/1844-15-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x00080000000160d5-16.dat	xmrig
behavioral1/memory/2888-23-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016311-24.dat	xmrig
behavioral1/files/0x00070000000165b6-28.dat	xmrig
behavioral1/memory/2876-47-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0007000000016652-34.dat	xmrig
behavioral1/files/0x0007000000016858-44.dat	xmrig
behavioral1/memory/2736-51-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x000a000000016bfc-52.dat	xmrig
behavioral1/memory/2016-48-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2380-56-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2852-58-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x00050000000192f0-60.dat	xmrig
behavioral1/memory/2752-70-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x000500000001933e-78.dat	xmrig
behavioral1/memory/2876-107-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/3040-110-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c9-111.dat	xmrig
behavioral1/memory/1268-109-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/3068-108-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193af-105.dat	xmrig
behavioral1/files/0x0005000000019384-104.dat	xmrig
behavioral1/files/0x00050000000193a2-101.dat	xmrig
behavioral1/files/0x0005000000019346-99.dat	xmrig
behavioral1/files/0x000500000001932a-96.dat	xmrig
behavioral1/memory/2380-88-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/1844-84-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/108-62-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2380-74-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2652-71-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0008000000015e47-69.dat	xmrig
behavioral1/memory/2824-43-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019494-135.dat	xmrig
behavioral1/files/0x00050000000194b4-147.dat	xmrig
behavioral1/files/0x00050000000194e2-161.dat	xmrig
behavioral1/files/0x0005000000019515-191.dat	xmrig
behavioral1/memory/2752-268-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2380-868-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2652-388-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0005000000019503-186.dat	xmrig
behavioral1/files/0x0005000000019501-181.dat	xmrig
behavioral1/files/0x00050000000194f6-176.dat	xmrig
behavioral1/files/0x00050000000194f2-171.dat	xmrig
behavioral1/files/0x00050000000194ea-166.dat	xmrig
behavioral1/files/0x00050000000194da-156.dat	xmrig
behavioral1/files/0x00050000000194d4-151.dat	xmrig
behavioral1/memory/2852-138-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a7-141.dat	xmrig
behavioral1/files/0x00050000000193fa-125.dat	xmrig
behavioral1/files/0x0005000000019408-130.dat	xmrig
behavioral1/files/0x00050000000193f8-122.dat	xmrig
behavioral1/memory/108-3995-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/1844-3996-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2888-3997-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2016-3998-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2824-3999-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2876-4000-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2736-4001-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
108	yQeDtmI.exe
1844	JDPeNkQ.exe
2888	iRRtwbl.exe
2016	SAuhILR.exe
2824	gguyTFu.exe
2876	qvKSIZm.exe
2736	ZQTPIvq.exe
2852	SHbVOIL.exe
2752	MHizdqB.exe
2652	gsJUEFa.exe
3068	WbxLJOs.exe
3040	ChXjIVL.exe
1268	margxyN.exe
2020	OtuMrhW.exe
1864	AKlDKeR.exe
1064	ilOmipS.exe
1496	oxOxoVk.exe
444	DhatoIW.exe
1700	LAAdorX.exe
1676	AicFNvD.exe
1956	opUbnkT.exe
2592	dRKSlrg.exe
1900	tsFkvxe.exe
1908	bZBeVNm.exe
2452	KinCvTZ.exe
2992	jJloFPV.exe
1748	tQnQjaK.exe
1296	wUnQXug.exe
272	hNxHiSu.exe
1372	GyMsrMR.exe
1912	ZFAfYZC.exe
1544	xwbwHmY.exe
2580	FposnTb.exe
396	mkcDyyZ.exe
2484	VrVvBpA.exe
1376	wHWqmrf.exe
1284	hdKXEYS.exe
864	haLCajk.exe
1324	iHfCaaR.exe
2004	iGQsndR.exe
2528	omANJgc.exe
2168	ojLtaQo.exe
1652	iiemjlo.exe
2352	dfuQflS.exe
2044	KPrjfNT.exe
572	otusmfc.exe
776	POMETzn.exe
2372	hNGcQAH.exe
2296	UgfzAgd.exe
1648	bymFBJh.exe
1656	uefXjWs.exe
2996	eRlELrh.exe
2100	LxyZwft.exe
1600	SPfyqMB.exe
1712	ZtuthVQ.exe
1488	WSxjGVD.exe
2444	jhLVlAj.exe
2864	AvdMWqP.exe
2764	ryarDNL.exe
2892	AAGcIKZ.exe
2664	USIaVxB.exe
2228	pGhAyKA.exe
2024	IElMJeb.exe
1684	acmZEhe.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2380-0-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x0033000000011c23-3.dat	upx
behavioral1/files/0x00080000000160ae-13.dat	upx
behavioral1/memory/108-12-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/1844-15-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x00080000000160d5-16.dat	upx
behavioral1/memory/2888-23-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x0008000000016311-24.dat	upx
behavioral1/files/0x00070000000165b6-28.dat	upx
behavioral1/memory/2876-47-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0007000000016652-34.dat	upx
behavioral1/files/0x0007000000016858-44.dat	upx
behavioral1/memory/2736-51-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x000a000000016bfc-52.dat	upx
behavioral1/memory/2016-48-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2380-56-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2852-58-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x00050000000192f0-60.dat	upx
behavioral1/memory/2752-70-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x000500000001933e-78.dat	upx
behavioral1/memory/2876-107-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/3040-110-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x00050000000193c9-111.dat	upx
behavioral1/memory/1268-109-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/3068-108-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x00050000000193af-105.dat	upx
behavioral1/files/0x0005000000019384-104.dat	upx
behavioral1/files/0x00050000000193a2-101.dat	upx
behavioral1/files/0x0005000000019346-99.dat	upx
behavioral1/files/0x000500000001932a-96.dat	upx
behavioral1/memory/1844-84-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/108-62-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2652-71-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2380-117-0x0000000002450000-0x00000000027A4000-memory.dmp	upx
behavioral1/files/0x0008000000015e47-69.dat	upx
behavioral1/memory/2824-43-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0005000000019494-135.dat	upx
behavioral1/files/0x00050000000194b4-147.dat	upx
behavioral1/files/0x00050000000194e2-161.dat	upx
behavioral1/files/0x0005000000019515-191.dat	upx
behavioral1/memory/2752-268-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2652-388-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0005000000019503-186.dat	upx
behavioral1/files/0x0005000000019501-181.dat	upx
behavioral1/files/0x00050000000194f6-176.dat	upx
behavioral1/files/0x00050000000194f2-171.dat	upx
behavioral1/files/0x00050000000194ea-166.dat	upx
behavioral1/files/0x00050000000194da-156.dat	upx
behavioral1/files/0x00050000000194d4-151.dat	upx
behavioral1/memory/2852-138-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x00050000000194a7-141.dat	upx
behavioral1/files/0x00050000000193fa-125.dat	upx
behavioral1/files/0x0005000000019408-130.dat	upx
behavioral1/files/0x00050000000193f8-122.dat	upx
behavioral1/memory/108-3995-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/1844-3996-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2888-3997-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2016-3998-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2824-3999-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2876-4000-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2736-4001-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2852-4002-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2652-4003-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2752-4004-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hdKXEYS.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJotfXw.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKbyOcB.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgsyefz.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJNPEgg.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jxxbiwm.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyBoBrX.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edcPLCx.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpwGYGZ.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xqtMNFV.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQjEcDV.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdKDVVD.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VrVvBpA.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uefXjWs.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpDzbXa.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmYkgAD.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skfSbXk.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqgBCzI.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUcFfNP.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYISDIy.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quoQsUw.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZqFEuI.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpkezOy.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSUQnsr.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQcyMxt.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEtSwIS.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GFwCtlH.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URuLVwo.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JkOdEUJ.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeWHxuo.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsMUKFc.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXOzKCG.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SeBKjoD.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGWvErT.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNGEJHL.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qgLUrVN.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZZTkIA.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQYNGhM.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pQEpTKK.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOmfvJk.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AicFNvD.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bzFOSkR.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlFtdbw.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdequxU.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUbmIxD.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JaVnlEp.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDHspSj.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEauOWU.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryarDNL.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBcZvUz.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lRVlILn.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxmHysr.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsKgmEj.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHMkHqg.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQzkowt.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYOvQqw.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGepdPo.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXGhOPD.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvSlaOB.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEEjhaE.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgLAlMg.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTOAEWj.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bABNBPI.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpmhbEY.exe	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 108	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 108	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 108	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2380 wrote to memory of 1844	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 1844	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 1844	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2380 wrote to memory of 2888	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2888	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2888	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2380 wrote to memory of 2016	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2016	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2016	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2380 wrote to memory of 2824	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2824	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2824	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2380 wrote to memory of 2876	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2876	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2876	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2380 wrote to memory of 2736	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2736	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2736	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2380 wrote to memory of 2852	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2852	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2852	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2380 wrote to memory of 2752	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2752	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2752	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2380 wrote to memory of 2652	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2652	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 2652	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2380 wrote to memory of 3068	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 3068	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 3068	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2380 wrote to memory of 2020	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2020	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 2020	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2380 wrote to memory of 3040	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 3040	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 3040	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2380 wrote to memory of 1864	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 1864	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 1864	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2380 wrote to memory of 1268	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 1268	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 1268	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2380 wrote to memory of 1064	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 1064	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 1064	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2380 wrote to memory of 1496	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 1496	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 1496	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2380 wrote to memory of 444	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 444	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 444	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2380 wrote to memory of 1700	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1700	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1700	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2380 wrote to memory of 1676	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1676	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1676	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2380 wrote to memory of 1956	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1956	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 1956	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2380 wrote to memory of 2592	2380	2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_bbd242e67992648d39ba1756d4f01721_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\System\yQeDtmI.exe
  C:\Windows\System\yQeDtmI.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\JDPeNkQ.exe
  C:\Windows\System\JDPeNkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\iRRtwbl.exe
  C:\Windows\System\iRRtwbl.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\SAuhILR.exe
  C:\Windows\System\SAuhILR.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\gguyTFu.exe
  C:\Windows\System\gguyTFu.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\qvKSIZm.exe
  C:\Windows\System\qvKSIZm.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\ZQTPIvq.exe
  C:\Windows\System\ZQTPIvq.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\SHbVOIL.exe
  C:\Windows\System\SHbVOIL.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\MHizdqB.exe
  C:\Windows\System\MHizdqB.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\gsJUEFa.exe
  C:\Windows\System\gsJUEFa.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\WbxLJOs.exe
  C:\Windows\System\WbxLJOs.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\OtuMrhW.exe
  C:\Windows\System\OtuMrhW.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\ChXjIVL.exe
  C:\Windows\System\ChXjIVL.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\AKlDKeR.exe
  C:\Windows\System\AKlDKeR.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\margxyN.exe
  C:\Windows\System\margxyN.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\ilOmipS.exe
  C:\Windows\System\ilOmipS.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\oxOxoVk.exe
  C:\Windows\System\oxOxoVk.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\DhatoIW.exe
  C:\Windows\System\DhatoIW.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\LAAdorX.exe
  C:\Windows\System\LAAdorX.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\AicFNvD.exe
  C:\Windows\System\AicFNvD.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\opUbnkT.exe
  C:\Windows\System\opUbnkT.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\dRKSlrg.exe
  C:\Windows\System\dRKSlrg.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\tsFkvxe.exe
  C:\Windows\System\tsFkvxe.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\bZBeVNm.exe
  C:\Windows\System\bZBeVNm.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\KinCvTZ.exe
  C:\Windows\System\KinCvTZ.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\jJloFPV.exe
  C:\Windows\System\jJloFPV.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\tQnQjaK.exe
  C:\Windows\System\tQnQjaK.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\wUnQXug.exe
  C:\Windows\System\wUnQXug.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\hNxHiSu.exe
  C:\Windows\System\hNxHiSu.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\GyMsrMR.exe
  C:\Windows\System\GyMsrMR.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\ZFAfYZC.exe
  C:\Windows\System\ZFAfYZC.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\xwbwHmY.exe
  C:\Windows\System\xwbwHmY.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\FposnTb.exe
  C:\Windows\System\FposnTb.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\mkcDyyZ.exe
  C:\Windows\System\mkcDyyZ.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\VrVvBpA.exe
  C:\Windows\System\VrVvBpA.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\wHWqmrf.exe
  C:\Windows\System\wHWqmrf.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\hdKXEYS.exe
  C:\Windows\System\hdKXEYS.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\haLCajk.exe
  C:\Windows\System\haLCajk.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\iHfCaaR.exe
  C:\Windows\System\iHfCaaR.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\iGQsndR.exe
  C:\Windows\System\iGQsndR.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\omANJgc.exe
  C:\Windows\System\omANJgc.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\ojLtaQo.exe
  C:\Windows\System\ojLtaQo.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\iiemjlo.exe
  C:\Windows\System\iiemjlo.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\dfuQflS.exe
  C:\Windows\System\dfuQflS.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\KPrjfNT.exe
  C:\Windows\System\KPrjfNT.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\otusmfc.exe
  C:\Windows\System\otusmfc.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\POMETzn.exe
  C:\Windows\System\POMETzn.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\hNGcQAH.exe
  C:\Windows\System\hNGcQAH.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\UgfzAgd.exe
  C:\Windows\System\UgfzAgd.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\bymFBJh.exe
  C:\Windows\System\bymFBJh.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\uefXjWs.exe
  C:\Windows\System\uefXjWs.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\eRlELrh.exe
  C:\Windows\System\eRlELrh.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\LxyZwft.exe
  C:\Windows\System\LxyZwft.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\SPfyqMB.exe
  C:\Windows\System\SPfyqMB.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\ZtuthVQ.exe
  C:\Windows\System\ZtuthVQ.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\WSxjGVD.exe
  C:\Windows\System\WSxjGVD.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\jhLVlAj.exe
  C:\Windows\System\jhLVlAj.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\AvdMWqP.exe
  C:\Windows\System\AvdMWqP.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\ryarDNL.exe
  C:\Windows\System\ryarDNL.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\AAGcIKZ.exe
  C:\Windows\System\AAGcIKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\USIaVxB.exe
  C:\Windows\System\USIaVxB.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\pGhAyKA.exe
  C:\Windows\System\pGhAyKA.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\IElMJeb.exe
  C:\Windows\System\IElMJeb.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\acmZEhe.exe
  C:\Windows\System\acmZEhe.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\YYbrQCE.exe
  C:\Windows\System\YYbrQCE.exe
  2⤵
  PID:2672
- C:\Windows\System\KpMycXT.exe
  C:\Windows\System\KpMycXT.exe
  2⤵
  PID:2800
- C:\Windows\System\PkfTETw.exe
  C:\Windows\System\PkfTETw.exe
  2⤵
  PID:2772
- C:\Windows\System\sQucwJg.exe
  C:\Windows\System\sQucwJg.exe
  2⤵
  PID:2884
- C:\Windows\System\fTLiFla.exe
  C:\Windows\System\fTLiFla.exe
  2⤵
  PID:2180
- C:\Windows\System\pAdrfha.exe
  C:\Windows\System\pAdrfha.exe
  2⤵
  PID:1124
- C:\Windows\System\LoflxSq.exe
  C:\Windows\System\LoflxSq.exe
  2⤵
  PID:1788
- C:\Windows\System\HFGTHnG.exe
  C:\Windows\System\HFGTHnG.exe
  2⤵
  PID:2880
- C:\Windows\System\WxHGkFN.exe
  C:\Windows\System\WxHGkFN.exe
  2⤵
  PID:1292
- C:\Windows\System\LdyQKfk.exe
  C:\Windows\System\LdyQKfk.exe
  2⤵
  PID:2788
- C:\Windows\System\cLPbInB.exe
  C:\Windows\System\cLPbInB.exe
  2⤵
  PID:1616
- C:\Windows\System\ERmIdnw.exe
  C:\Windows\System\ERmIdnw.exe
  2⤵
  PID:836
- C:\Windows\System\JPSAAxZ.exe
  C:\Windows\System\JPSAAxZ.exe
  2⤵
  PID:2708
- C:\Windows\System\ugYcWXQ.exe
  C:\Windows\System\ugYcWXQ.exe
  2⤵
  PID:1724
- C:\Windows\System\KPRdidS.exe
  C:\Windows\System\KPRdidS.exe
  2⤵
  PID:1552
- C:\Windows\System\rpaAsaW.exe
  C:\Windows\System\rpaAsaW.exe
  2⤵
  PID:1088
- C:\Windows\System\QsMUKFc.exe
  C:\Windows\System\QsMUKFc.exe
  2⤵
  PID:2700
- C:\Windows\System\oDjgyfU.exe
  C:\Windows\System\oDjgyfU.exe
  2⤵
  PID:1732
- C:\Windows\System\WtMVNiy.exe
  C:\Windows\System\WtMVNiy.exe
  2⤵
  PID:2912
- C:\Windows\System\WDxWbbg.exe
  C:\Windows\System\WDxWbbg.exe
  2⤵
  PID:2472
- C:\Windows\System\SyEmXHV.exe
  C:\Windows\System\SyEmXHV.exe
  2⤵
  PID:2292
- C:\Windows\System\xZOVYOU.exe
  C:\Windows\System\xZOVYOU.exe
  2⤵
  PID:552
- C:\Windows\System\edjYelD.exe
  C:\Windows\System\edjYelD.exe
  2⤵
  PID:2320
- C:\Windows\System\gGMLwNB.exe
  C:\Windows\System\gGMLwNB.exe
  2⤵
  PID:1804
- C:\Windows\System\HVLRAym.exe
  C:\Windows\System\HVLRAym.exe
  2⤵
  PID:2032
- C:\Windows\System\jPvdrHH.exe
  C:\Windows\System\jPvdrHH.exe
  2⤵
  PID:984
- C:\Windows\System\dhOdSFT.exe
  C:\Windows\System\dhOdSFT.exe
  2⤵
  PID:2448
- C:\Windows\System\JkHzRpj.exe
  C:\Windows\System\JkHzRpj.exe
  2⤵
  PID:2200
- C:\Windows\System\PPsEwtr.exe
  C:\Windows\System\PPsEwtr.exe
  2⤵
  PID:1212
- C:\Windows\System\bMiJcLi.exe
  C:\Windows\System\bMiJcLi.exe
  2⤵
  PID:2368
- C:\Windows\System\nxPbZdE.exe
  C:\Windows\System\nxPbZdE.exe
  2⤵
  PID:1916
- C:\Windows\System\lvewOXa.exe
  C:\Windows\System\lvewOXa.exe
  2⤵
  PID:2928
- C:\Windows\System\MKSQDpV.exe
  C:\Windows\System\MKSQDpV.exe
  2⤵
  PID:2844
- C:\Windows\System\FYHvEUT.exe
  C:\Windows\System\FYHvEUT.exe
  2⤵
  PID:2596
- C:\Windows\System\QUGWNBh.exe
  C:\Windows\System\QUGWNBh.exe
  2⤵
  PID:800
- C:\Windows\System\LwURAOE.exe
  C:\Windows\System\LwURAOE.exe
  2⤵
  PID:1028
- C:\Windows\System\nDHTnhM.exe
  C:\Windows\System\nDHTnhM.exe
  2⤵
  PID:2324
- C:\Windows\System\ZDEVXtH.exe
  C:\Windows\System\ZDEVXtH.exe
  2⤵
  PID:1032
- C:\Windows\System\nfusrBt.exe
  C:\Windows\System\nfusrBt.exe
  2⤵
  PID:1084
- C:\Windows\System\eNxjfWU.exe
  C:\Windows\System\eNxjfWU.exe
  2⤵
  PID:2988
- C:\Windows\System\CfMlcuR.exe
  C:\Windows\System\CfMlcuR.exe
  2⤵
  PID:2464
- C:\Windows\System\bXYHdLX.exe
  C:\Windows\System\bXYHdLX.exe
  2⤵
  PID:2128
- C:\Windows\System\EBtZnfy.exe
  C:\Windows\System\EBtZnfy.exe
  2⤵
  PID:592
- C:\Windows\System\exKEoeh.exe
  C:\Windows\System\exKEoeh.exe
  2⤵
  PID:1984
- C:\Windows\System\njlMCwF.exe
  C:\Windows\System\njlMCwF.exe
  2⤵
  PID:1308
- C:\Windows\System\qiYHqsU.exe
  C:\Windows\System\qiYHqsU.exe
  2⤵
  PID:948
- C:\Windows\System\kUUtedi.exe
  C:\Windows\System\kUUtedi.exe
  2⤵
  PID:2144
- C:\Windows\System\RhOoOxt.exe
  C:\Windows\System\RhOoOxt.exe
  2⤵
  PID:1584
- C:\Windows\System\tMHWMyY.exe
  C:\Windows\System\tMHWMyY.exe
  2⤵
  PID:1580
- C:\Windows\System\aONYffi.exe
  C:\Windows\System\aONYffi.exe
  2⤵
  PID:704
- C:\Windows\System\nhDbLcv.exe
  C:\Windows\System\nhDbLcv.exe
  2⤵
  PID:2088
- C:\Windows\System\kaPTXMV.exe
  C:\Windows\System\kaPTXMV.exe
  2⤵
  PID:1848
- C:\Windows\System\xvCOtLh.exe
  C:\Windows\System\xvCOtLh.exe
  2⤵
  PID:1720
- C:\Windows\System\DXNMjtE.exe
  C:\Windows\System\DXNMjtE.exe
  2⤵
  PID:2492
- C:\Windows\System\EhDfzhe.exe
  C:\Windows\System\EhDfzhe.exe
  2⤵
  PID:1708
- C:\Windows\System\NxGNgzx.exe
  C:\Windows\System\NxGNgzx.exe
  2⤵
  PID:2312
- C:\Windows\System\DLXhKvV.exe
  C:\Windows\System\DLXhKvV.exe
  2⤵
  PID:1820
- C:\Windows\System\otHLFyX.exe
  C:\Windows\System\otHLFyX.exe
  2⤵
  PID:1256
- C:\Windows\System\azOOjpx.exe
  C:\Windows\System\azOOjpx.exe
  2⤵
  PID:1808
- C:\Windows\System\ffJFOou.exe
  C:\Windows\System\ffJFOou.exe
  2⤵
  PID:2916
- C:\Windows\System\QdGvPLa.exe
  C:\Windows\System\QdGvPLa.exe
  2⤵
  PID:2760
- C:\Windows\System\RfqafpF.exe
  C:\Windows\System\RfqafpF.exe
  2⤵
  PID:1624
- C:\Windows\System\rJWfknP.exe
  C:\Windows\System\rJWfknP.exe
  2⤵
  PID:896
- C:\Windows\System\mjVcACi.exe
  C:\Windows\System\mjVcACi.exe
  2⤵
  PID:1668
- C:\Windows\System\MSDDeea.exe
  C:\Windows\System\MSDDeea.exe
  2⤵
  PID:1772
- C:\Windows\System\bzFOSkR.exe
  C:\Windows\System\bzFOSkR.exe
  2⤵
  PID:1452
- C:\Windows\System\gfXXTuJ.exe
  C:\Windows\System\gfXXTuJ.exe
  2⤵
  PID:2740
- C:\Windows\System\kdqjQOI.exe
  C:\Windows\System\kdqjQOI.exe
  2⤵
  PID:1792
- C:\Windows\System\WJNoabq.exe
  C:\Windows\System\WJNoabq.exe
  2⤵
  PID:2204
- C:\Windows\System\CBcZvUz.exe
  C:\Windows\System\CBcZvUz.exe
  2⤵
  PID:1328
- C:\Windows\System\baBIPNy.exe
  C:\Windows\System\baBIPNy.exe
  2⤵
  PID:2748
- C:\Windows\System\FmZGKTJ.exe
  C:\Windows\System\FmZGKTJ.exe
  2⤵
  PID:812
- C:\Windows\System\DRInIoG.exe
  C:\Windows\System\DRInIoG.exe
  2⤵
  PID:1868
- C:\Windows\System\yWTdfzt.exe
  C:\Windows\System\yWTdfzt.exe
  2⤵
  PID:920
- C:\Windows\System\iyywGSE.exe
  C:\Windows\System\iyywGSE.exe
  2⤵
  PID:1336
- C:\Windows\System\kSOWyMM.exe
  C:\Windows\System\kSOWyMM.exe
  2⤵
  PID:1252
- C:\Windows\System\kJOneWr.exe
  C:\Windows\System\kJOneWr.exe
  2⤵
  PID:2920
- C:\Windows\System\PvWYyVQ.exe
  C:\Windows\System\PvWYyVQ.exe
  2⤵
  PID:2236
- C:\Windows\System\RBNFjZc.exe
  C:\Windows\System\RBNFjZc.exe
  2⤵
  PID:1856
- C:\Windows\System\AxbvHle.exe
  C:\Windows\System\AxbvHle.exe
  2⤵
  PID:2140
- C:\Windows\System\hJJPAoO.exe
  C:\Windows\System\hJJPAoO.exe
  2⤵
  PID:1688
- C:\Windows\System\lNVIiYB.exe
  C:\Windows\System\lNVIiYB.exe
  2⤵
  PID:588
- C:\Windows\System\pGepdPo.exe
  C:\Windows\System\pGepdPo.exe
  2⤵
  PID:2636
- C:\Windows\System\RygVFmP.exe
  C:\Windows\System\RygVFmP.exe
  2⤵
  PID:1396
- C:\Windows\System\ofRppUj.exe
  C:\Windows\System\ofRppUj.exe
  2⤵
  PID:1000
- C:\Windows\System\QOiOcBK.exe
  C:\Windows\System\QOiOcBK.exe
  2⤵
  PID:2064
- C:\Windows\System\xowUsBN.exe
  C:\Windows\System\xowUsBN.exe
  2⤵
  PID:2644
- C:\Windows\System\GbgdSFu.exe
  C:\Windows\System\GbgdSFu.exe
  2⤵
  PID:3088
- C:\Windows\System\nuCqhGt.exe
  C:\Windows\System\nuCqhGt.exe
  2⤵
  PID:3108
- C:\Windows\System\zheKXMg.exe
  C:\Windows\System\zheKXMg.exe
  2⤵
  PID:3124
- C:\Windows\System\ExHqzxz.exe
  C:\Windows\System\ExHqzxz.exe
  2⤵
  PID:3140
- C:\Windows\System\HNxhrDg.exe
  C:\Windows\System\HNxhrDg.exe
  2⤵
  PID:3160
- C:\Windows\System\XlFtdbw.exe
  C:\Windows\System\XlFtdbw.exe
  2⤵
  PID:3180
- C:\Windows\System\efqsRhT.exe
  C:\Windows\System\efqsRhT.exe
  2⤵
  PID:3196
- C:\Windows\System\nPCZKQa.exe
  C:\Windows\System\nPCZKQa.exe
  2⤵
  PID:3216
- C:\Windows\System\xRXlbNX.exe
  C:\Windows\System\xRXlbNX.exe
  2⤵
  PID:3232
- C:\Windows\System\lAsjDih.exe
  C:\Windows\System\lAsjDih.exe
  2⤵
  PID:3248
- C:\Windows\System\cUDEhrh.exe
  C:\Windows\System\cUDEhrh.exe
  2⤵
  PID:3264
- C:\Windows\System\rhsBvmW.exe
  C:\Windows\System\rhsBvmW.exe
  2⤵
  PID:3280
- C:\Windows\System\NOZDDZv.exe
  C:\Windows\System\NOZDDZv.exe
  2⤵
  PID:3296
- C:\Windows\System\mZxehHF.exe
  C:\Windows\System\mZxehHF.exe
  2⤵
  PID:3328
- C:\Windows\System\YSwLNyf.exe
  C:\Windows\System\YSwLNyf.exe
  2⤵
  PID:3344
- C:\Windows\System\WgEVoDy.exe
  C:\Windows\System\WgEVoDy.exe
  2⤵
  PID:3360
- C:\Windows\System\lEfWlJW.exe
  C:\Windows\System\lEfWlJW.exe
  2⤵
  PID:3380
- C:\Windows\System\uSQIdND.exe
  C:\Windows\System\uSQIdND.exe
  2⤵
  PID:3404
- C:\Windows\System\CIyqPja.exe
  C:\Windows\System\CIyqPja.exe
  2⤵
  PID:3420
- C:\Windows\System\rkdFdLI.exe
  C:\Windows\System\rkdFdLI.exe
  2⤵
  PID:3504
- C:\Windows\System\FBeQSAF.exe
  C:\Windows\System\FBeQSAF.exe
  2⤵
  PID:3524
- C:\Windows\System\wqPLnfG.exe
  C:\Windows\System\wqPLnfG.exe
  2⤵
  PID:3540
- C:\Windows\System\SMGIihR.exe
  C:\Windows\System\SMGIihR.exe
  2⤵
  PID:3560
- C:\Windows\System\MHOspCP.exe
  C:\Windows\System\MHOspCP.exe
  2⤵
  PID:3576
- C:\Windows\System\SAjBzpO.exe
  C:\Windows\System\SAjBzpO.exe
  2⤵
  PID:3604
- C:\Windows\System\guWLRPY.exe
  C:\Windows\System\guWLRPY.exe
  2⤵
  PID:3620
- C:\Windows\System\dOxkabn.exe
  C:\Windows\System\dOxkabn.exe
  2⤵
  PID:3636
- C:\Windows\System\xQnINgA.exe
  C:\Windows\System\xQnINgA.exe
  2⤵
  PID:3652
- C:\Windows\System\peUCkJi.exe
  C:\Windows\System\peUCkJi.exe
  2⤵
  PID:3672
- C:\Windows\System\TAUIohk.exe
  C:\Windows\System\TAUIohk.exe
  2⤵
  PID:3688
- C:\Windows\System\fdrANix.exe
  C:\Windows\System\fdrANix.exe
  2⤵
  PID:3704
- C:\Windows\System\emEUpYo.exe
  C:\Windows\System\emEUpYo.exe
  2⤵
  PID:3720
- C:\Windows\System\JARjZra.exe
  C:\Windows\System\JARjZra.exe
  2⤵
  PID:3736
- C:\Windows\System\eWecfiX.exe
  C:\Windows\System\eWecfiX.exe
  2⤵
  PID:3752
- C:\Windows\System\oKWGKEJ.exe
  C:\Windows\System\oKWGKEJ.exe
  2⤵
  PID:3768
- C:\Windows\System\qOfZJCr.exe
  C:\Windows\System\qOfZJCr.exe
  2⤵
  PID:3788
- C:\Windows\System\xDHspSj.exe
  C:\Windows\System\xDHspSj.exe
  2⤵
  PID:3844
- C:\Windows\System\WldAOEd.exe
  C:\Windows\System\WldAOEd.exe
  2⤵
  PID:3864
- C:\Windows\System\PpmfFWb.exe
  C:\Windows\System\PpmfFWb.exe
  2⤵
  PID:3884
- C:\Windows\System\MUjNrEl.exe
  C:\Windows\System\MUjNrEl.exe
  2⤵
  PID:3904
- C:\Windows\System\eJaLOxI.exe
  C:\Windows\System\eJaLOxI.exe
  2⤵
  PID:3920
- C:\Windows\System\TtFpkmU.exe
  C:\Windows\System\TtFpkmU.exe
  2⤵
  PID:3960
- C:\Windows\System\ZgEIiSe.exe
  C:\Windows\System\ZgEIiSe.exe
  2⤵
  PID:3976
- C:\Windows\System\xhIyMWV.exe
  C:\Windows\System\xhIyMWV.exe
  2⤵
  PID:3992
- C:\Windows\System\OsdIwXy.exe
  C:\Windows\System\OsdIwXy.exe
  2⤵
  PID:4016
- C:\Windows\System\BXMmcut.exe
  C:\Windows\System\BXMmcut.exe
  2⤵
  PID:4032
- C:\Windows\System\WhZjeLS.exe
  C:\Windows\System\WhZjeLS.exe
  2⤵
  PID:4048
- C:\Windows\System\FWKvcXo.exe
  C:\Windows\System\FWKvcXo.exe
  2⤵
  PID:4064
- C:\Windows\System\CvqePxP.exe
  C:\Windows\System\CvqePxP.exe
  2⤵
  PID:4080
- C:\Windows\System\eXHrdqg.exe
  C:\Windows\System\eXHrdqg.exe
  2⤵
  PID:1756
- C:\Windows\System\ReSnywS.exe
  C:\Windows\System\ReSnywS.exe
  2⤵
  PID:2704
- C:\Windows\System\tNeaxTc.exe
  C:\Windows\System\tNeaxTc.exe
  2⤵
  PID:3100
- C:\Windows\System\mVJOUxl.exe
  C:\Windows\System\mVJOUxl.exe
  2⤵
  PID:3172
- C:\Windows\System\zmEeygH.exe
  C:\Windows\System\zmEeygH.exe
  2⤵
  PID:3204
- C:\Windows\System\aAvCGFp.exe
  C:\Windows\System\aAvCGFp.exe
  2⤵
  PID:3356
- C:\Windows\System\yZZTkIA.exe
  C:\Windows\System\yZZTkIA.exe
  2⤵
  PID:3428
- C:\Windows\System\oYdepRk.exe
  C:\Windows\System\oYdepRk.exe
  2⤵
  PID:3452
- C:\Windows\System\twujKoM.exe
  C:\Windows\System\twujKoM.exe
  2⤵
  PID:3476
- C:\Windows\System\frkcxzw.exe
  C:\Windows\System\frkcxzw.exe
  2⤵
  PID:3376
- C:\Windows\System\hvGSWqF.exe
  C:\Windows\System\hvGSWqF.exe
  2⤵
  PID:1876
- C:\Windows\System\bKXHnIK.exe
  C:\Windows\System\bKXHnIK.exe
  2⤵
  PID:3492
- C:\Windows\System\KsjtlXk.exe
  C:\Windows\System\KsjtlXk.exe
  2⤵
  PID:3532
- C:\Windows\System\FdyefAh.exe
  C:\Windows\System\FdyefAh.exe
  2⤵
  PID:1524
- C:\Windows\System\VEFuWYT.exe
  C:\Windows\System\VEFuWYT.exe
  2⤵
  PID:3080
- C:\Windows\System\PIBwKTj.exe
  C:\Windows\System\PIBwKTj.exe
  2⤵
  PID:3148
- C:\Windows\System\IcNiaNE.exe
  C:\Windows\System\IcNiaNE.exe
  2⤵
  PID:3192
- C:\Windows\System\XuFLuSI.exe
  C:\Windows\System\XuFLuSI.exe
  2⤵
  PID:3260
- C:\Windows\System\EwwwtPi.exe
  C:\Windows\System\EwwwtPi.exe
  2⤵
  PID:3548
- C:\Windows\System\QkHBSdm.exe
  C:\Windows\System\QkHBSdm.exe
  2⤵
  PID:1980
- C:\Windows\System\umyXfKf.exe
  C:\Windows\System\umyXfKf.exe
  2⤵
  PID:3584
- C:\Windows\System\MkmSqGK.exe
  C:\Windows\System\MkmSqGK.exe
  2⤵
  PID:3664
- C:\Windows\System\arQWTrO.exe
  C:\Windows\System\arQWTrO.exe
  2⤵
  PID:3732
- C:\Windows\System\InUOWAr.exe
  C:\Windows\System\InUOWAr.exe
  2⤵
  PID:1728
- C:\Windows\System\JsEEUkS.exe
  C:\Windows\System\JsEEUkS.exe
  2⤵
  PID:3716
- C:\Windows\System\wMwtMwC.exe
  C:\Windows\System\wMwtMwC.exe
  2⤵
  PID:3780
- C:\Windows\System\iZranJy.exe
  C:\Windows\System\iZranJy.exe
  2⤵
  PID:3628
- C:\Windows\System\ExNfpPv.exe
  C:\Windows\System\ExNfpPv.exe
  2⤵
  PID:3796
- C:\Windows\System\FrsbkrG.exe
  C:\Windows\System\FrsbkrG.exe
  2⤵
  PID:3824
- C:\Windows\System\EiLoaXE.exe
  C:\Windows\System\EiLoaXE.exe
  2⤵
  PID:3836
- C:\Windows\System\QOtpmdQ.exe
  C:\Windows\System\QOtpmdQ.exe
  2⤵
  PID:3876
- C:\Windows\System\xnSNtqj.exe
  C:\Windows\System\xnSNtqj.exe
  2⤵
  PID:3856
- C:\Windows\System\MnjBRLh.exe
  C:\Windows\System\MnjBRLh.exe
  2⤵
  PID:3988
- C:\Windows\System\NYaWLJA.exe
  C:\Windows\System\NYaWLJA.exe
  2⤵
  PID:4012
- C:\Windows\System\VjSdVQc.exe
  C:\Windows\System\VjSdVQc.exe
  2⤵
  PID:3168
- C:\Windows\System\LnciHsC.exe
  C:\Windows\System\LnciHsC.exe
  2⤵
  PID:4028
- C:\Windows\System\hhzyWhi.exe
  C:\Windows\System\hhzyWhi.exe
  2⤵
  PID:3104
- C:\Windows\System\QHqbjuL.exe
  C:\Windows\System\QHqbjuL.exe
  2⤵
  PID:3308
- C:\Windows\System\eEkisLN.exe
  C:\Windows\System\eEkisLN.exe
  2⤵
  PID:3316
- C:\Windows\System\vXCaauq.exe
  C:\Windows\System\vXCaauq.exe
  2⤵
  PID:3388
- C:\Windows\System\deAbdVx.exe
  C:\Windows\System\deAbdVx.exe
  2⤵
  PID:3460
- C:\Windows\System\plfdzsS.exe
  C:\Windows\System\plfdzsS.exe
  2⤵
  PID:3368
- C:\Windows\System\OaBZmNF.exe
  C:\Windows\System\OaBZmNF.exe
  2⤵
  PID:1636
- C:\Windows\System\QngToJs.exe
  C:\Windows\System\QngToJs.exe
  2⤵
  PID:2872
- C:\Windows\System\doOiVRS.exe
  C:\Windows\System\doOiVRS.exe
  2⤵
  PID:3512
- C:\Windows\System\hNjcGza.exe
  C:\Windows\System\hNjcGza.exe
  2⤵
  PID:3728
- C:\Windows\System\uZzTgfj.exe
  C:\Windows\System\uZzTgfj.exe
  2⤵
  PID:3592
- C:\Windows\System\ZPgyQUi.exe
  C:\Windows\System\ZPgyQUi.exe
  2⤵
  PID:3812
- C:\Windows\System\GrnVYNA.exe
  C:\Windows\System\GrnVYNA.exe
  2⤵
  PID:3892
- C:\Windows\System\QjreKLn.exe
  C:\Windows\System\QjreKLn.exe
  2⤵
  PID:3940
- C:\Windows\System\iONOpkn.exe
  C:\Windows\System\iONOpkn.exe
  2⤵
  PID:3984
- C:\Windows\System\xFEBfYx.exe
  C:\Windows\System\xFEBfYx.exe
  2⤵
  PID:2640
- C:\Windows\System\bPRvEOI.exe
  C:\Windows\System\bPRvEOI.exe
  2⤵
  PID:3568
- C:\Windows\System\cBOemsa.exe
  C:\Windows\System\cBOemsa.exe
  2⤵
  PID:3228
- C:\Windows\System\cQulGhX.exe
  C:\Windows\System\cQulGhX.exe
  2⤵
  PID:3600
- C:\Windows\System\RjAfWKe.exe
  C:\Windows\System\RjAfWKe.exe
  2⤵
  PID:3648
- C:\Windows\System\jinmDNX.exe
  C:\Windows\System\jinmDNX.exe
  2⤵
  PID:3700
- C:\Windows\System\GiEtUFv.exe
  C:\Windows\System\GiEtUFv.exe
  2⤵
  PID:2784
- C:\Windows\System\bMWvDvp.exe
  C:\Windows\System\bMWvDvp.exe
  2⤵
  PID:4004
- C:\Windows\System\ShnIBjc.exe
  C:\Windows\System\ShnIBjc.exe
  2⤵
  PID:4024
- C:\Windows\System\YFAkNHj.exe
  C:\Windows\System\YFAkNHj.exe
  2⤵
  PID:3396
- C:\Windows\System\reOHCeR.exe
  C:\Windows\System\reOHCeR.exe
  2⤵
  PID:2080
- C:\Windows\System\CIzUSpz.exe
  C:\Windows\System\CIzUSpz.exe
  2⤵
  PID:3440
- C:\Windows\System\IUUerIk.exe
  C:\Windows\System\IUUerIk.exe
  2⤵
  PID:2436
- C:\Windows\System\jKWqVnv.exe
  C:\Windows\System\jKWqVnv.exe
  2⤵
  PID:2820
- C:\Windows\System\UWiRvap.exe
  C:\Windows\System\UWiRvap.exe
  2⤵
  PID:1236
- C:\Windows\System\cfrAiRS.exe
  C:\Windows\System\cfrAiRS.exe
  2⤵
  PID:2836
- C:\Windows\System\WCjmtif.exe
  C:\Windows\System\WCjmtif.exe
  2⤵
  PID:3696
- C:\Windows\System\qvGdEVr.exe
  C:\Windows\System\qvGdEVr.exe
  2⤵
  PID:3936
- C:\Windows\System\DWTXPOQ.exe
  C:\Windows\System\DWTXPOQ.exe
  2⤵
  PID:3084
- C:\Windows\System\IHRotuw.exe
  C:\Windows\System\IHRotuw.exe
  2⤵
  PID:3748
- C:\Windows\System\hqoCdvi.exe
  C:\Windows\System\hqoCdvi.exe
  2⤵
  PID:2136
- C:\Windows\System\HwyfVOk.exe
  C:\Windows\System\HwyfVOk.exe
  2⤵
  PID:4044
- C:\Windows\System\MgIVtzI.exe
  C:\Windows\System\MgIVtzI.exe
  2⤵
  PID:3304
- C:\Windows\System\sHWURul.exe
  C:\Windows\System\sHWURul.exe
  2⤵
  PID:880
- C:\Windows\System\rMwjyrT.exe
  C:\Windows\System\rMwjyrT.exe
  2⤵
  PID:3240
- C:\Windows\System\YICybDH.exe
  C:\Windows\System\YICybDH.exe
  2⤵
  PID:3912
- C:\Windows\System\UJotfXw.exe
  C:\Windows\System\UJotfXw.exe
  2⤵
  PID:3292
- C:\Windows\System\IZcrVHf.exe
  C:\Windows\System\IZcrVHf.exe
  2⤵
  PID:2440
- C:\Windows\System\hNTbsPn.exe
  C:\Windows\System\hNTbsPn.exe
  2⤵
  PID:1800
- C:\Windows\System\wbyAcfh.exe
  C:\Windows\System\wbyAcfh.exe
  2⤵
  PID:2340
- C:\Windows\System\zLmSqmX.exe
  C:\Windows\System\zLmSqmX.exe
  2⤵
  PID:3852
- C:\Windows\System\nMznaOo.exe
  C:\Windows\System\nMznaOo.exe
  2⤵
  PID:1132
- C:\Windows\System\npgcRjR.exe
  C:\Windows\System\npgcRjR.exe
  2⤵
  PID:3808
- C:\Windows\System\lKlOcnx.exe
  C:\Windows\System\lKlOcnx.exe
  2⤵
  PID:3352
- C:\Windows\System\DXNDkXV.exe
  C:\Windows\System\DXNDkXV.exe
  2⤵
  PID:1596
- C:\Windows\System\iwRSomv.exe
  C:\Windows\System\iwRSomv.exe
  2⤵
  PID:4076
- C:\Windows\System\olvYTeS.exe
  C:\Windows\System\olvYTeS.exe
  2⤵
  PID:3832
- C:\Windows\System\quoQsUw.exe
  C:\Windows\System\quoQsUw.exe
  2⤵
  PID:2828
- C:\Windows\System\bLfopeB.exe
  C:\Windows\System\bLfopeB.exe
  2⤵
  PID:3932
- C:\Windows\System\yxEmJRx.exe
  C:\Windows\System\yxEmJRx.exe
  2⤵
  PID:4008
- C:\Windows\System\dHViDKQ.exe
  C:\Windows\System\dHViDKQ.exe
  2⤵
  PID:4100
- C:\Windows\System\AAZwqtx.exe
  C:\Windows\System\AAZwqtx.exe
  2⤵
  PID:4116
- C:\Windows\System\PMBXwfa.exe
  C:\Windows\System\PMBXwfa.exe
  2⤵
  PID:4132
- C:\Windows\System\LuVjjHv.exe
  C:\Windows\System\LuVjjHv.exe
  2⤵
  PID:4168
- C:\Windows\System\wtTKUMs.exe
  C:\Windows\System\wtTKUMs.exe
  2⤵
  PID:4192
- C:\Windows\System\UZSdNsZ.exe
  C:\Windows\System\UZSdNsZ.exe
  2⤵
  PID:4216
- C:\Windows\System\EIKTtoN.exe
  C:\Windows\System\EIKTtoN.exe
  2⤵
  PID:4232
- C:\Windows\System\cBndwnw.exe
  C:\Windows\System\cBndwnw.exe
  2⤵
  PID:4248
- C:\Windows\System\eGaqRNx.exe
  C:\Windows\System\eGaqRNx.exe
  2⤵
  PID:4264
- C:\Windows\System\yTMGvou.exe
  C:\Windows\System\yTMGvou.exe
  2⤵
  PID:4280
- C:\Windows\System\ABiyTua.exe
  C:\Windows\System\ABiyTua.exe
  2⤵
  PID:4296
- C:\Windows\System\KnYqAvp.exe
  C:\Windows\System\KnYqAvp.exe
  2⤵
  PID:4312
- C:\Windows\System\cOGNfZd.exe
  C:\Windows\System\cOGNfZd.exe
  2⤵
  PID:4328
- C:\Windows\System\EbemCds.exe
  C:\Windows\System\EbemCds.exe
  2⤵
  PID:4344
- C:\Windows\System\UEWyfjt.exe
  C:\Windows\System\UEWyfjt.exe
  2⤵
  PID:4360
- C:\Windows\System\DogzEUR.exe
  C:\Windows\System\DogzEUR.exe
  2⤵
  PID:4376
- C:\Windows\System\RSYbttj.exe
  C:\Windows\System\RSYbttj.exe
  2⤵
  PID:4392
- C:\Windows\System\zZqFEuI.exe
  C:\Windows\System\zZqFEuI.exe
  2⤵
  PID:4416
- C:\Windows\System\NWzqAYI.exe
  C:\Windows\System\NWzqAYI.exe
  2⤵
  PID:4452
- C:\Windows\System\wlahKuU.exe
  C:\Windows\System\wlahKuU.exe
  2⤵
  PID:4468
- C:\Windows\System\YRRCVWx.exe
  C:\Windows\System\YRRCVWx.exe
  2⤵
  PID:4484
- C:\Windows\System\Ntckpgt.exe
  C:\Windows\System\Ntckpgt.exe
  2⤵
  PID:4528
- C:\Windows\System\IIovjUI.exe
  C:\Windows\System\IIovjUI.exe
  2⤵
  PID:4548
- C:\Windows\System\NxpSjNT.exe
  C:\Windows\System\NxpSjNT.exe
  2⤵
  PID:4564
- C:\Windows\System\HhpBWtx.exe
  C:\Windows\System\HhpBWtx.exe
  2⤵
  PID:4580
- C:\Windows\System\AKKWbNO.exe
  C:\Windows\System\AKKWbNO.exe
  2⤵
  PID:4604
- C:\Windows\System\OvswvNX.exe
  C:\Windows\System\OvswvNX.exe
  2⤵
  PID:4620
- C:\Windows\System\hWVYpuu.exe
  C:\Windows\System\hWVYpuu.exe
  2⤵
  PID:4636
- C:\Windows\System\ZxfjdEH.exe
  C:\Windows\System\ZxfjdEH.exe
  2⤵
  PID:4652
- C:\Windows\System\yURBRPU.exe
  C:\Windows\System\yURBRPU.exe
  2⤵
  PID:4672
- C:\Windows\System\suloovO.exe
  C:\Windows\System\suloovO.exe
  2⤵
  PID:4692
- C:\Windows\System\MZZIMfA.exe
  C:\Windows\System\MZZIMfA.exe
  2⤵
  PID:4708
- C:\Windows\System\RvcytbX.exe
  C:\Windows\System\RvcytbX.exe
  2⤵
  PID:4724
- C:\Windows\System\TyhwXdk.exe
  C:\Windows\System\TyhwXdk.exe
  2⤵
  PID:4744
- C:\Windows\System\vgltlwu.exe
  C:\Windows\System\vgltlwu.exe
  2⤵
  PID:4764
- C:\Windows\System\oOaHzji.exe
  C:\Windows\System\oOaHzji.exe
  2⤵
  PID:4780
- C:\Windows\System\qgvyQuI.exe
  C:\Windows\System\qgvyQuI.exe
  2⤵
  PID:4796
- C:\Windows\System\qTXvRxI.exe
  C:\Windows\System\qTXvRxI.exe
  2⤵
  PID:4816
- C:\Windows\System\MxzwSzQ.exe
  C:\Windows\System\MxzwSzQ.exe
  2⤵
  PID:4836
- C:\Windows\System\rJaDqMv.exe
  C:\Windows\System\rJaDqMv.exe
  2⤵
  PID:4852
- C:\Windows\System\dsYXzix.exe
  C:\Windows\System\dsYXzix.exe
  2⤵
  PID:4868
- C:\Windows\System\FTpJkWS.exe
  C:\Windows\System\FTpJkWS.exe
  2⤵
  PID:4932
- C:\Windows\System\CyDnLGU.exe
  C:\Windows\System\CyDnLGU.exe
  2⤵
  PID:4948
- C:\Windows\System\mWbIbBe.exe
  C:\Windows\System\mWbIbBe.exe
  2⤵
  PID:4964
- C:\Windows\System\KNwCLzD.exe
  C:\Windows\System\KNwCLzD.exe
  2⤵
  PID:4980
- C:\Windows\System\MWRBYll.exe
  C:\Windows\System\MWRBYll.exe
  2⤵
  PID:4996
- C:\Windows\System\eFVjQdC.exe
  C:\Windows\System\eFVjQdC.exe
  2⤵
  PID:5012
- C:\Windows\System\sOTKTPR.exe
  C:\Windows\System\sOTKTPR.exe
  2⤵
  PID:5032
- C:\Windows\System\tUZCIpp.exe
  C:\Windows\System\tUZCIpp.exe
  2⤵
  PID:5052
- C:\Windows\System\GIHYbJO.exe
  C:\Windows\System\GIHYbJO.exe
  2⤵
  PID:5068
- C:\Windows\System\NbRCrxZ.exe
  C:\Windows\System\NbRCrxZ.exe
  2⤵
  PID:5084
- C:\Windows\System\NByiUJw.exe
  C:\Windows\System\NByiUJw.exe
  2⤵
  PID:5100
- C:\Windows\System\HRafkBF.exe
  C:\Windows\System\HRafkBF.exe
  2⤵
  PID:5116
- C:\Windows\System\BFfpVeH.exe
  C:\Windows\System\BFfpVeH.exe
  2⤵
  PID:1632
- C:\Windows\System\LHRxFAN.exe
  C:\Windows\System\LHRxFAN.exe
  2⤵
  PID:1444
- C:\Windows\System\jKbyOcB.exe
  C:\Windows\System\jKbyOcB.exe
  2⤵
  PID:4152
- C:\Windows\System\gwQucsN.exe
  C:\Windows\System\gwQucsN.exe
  2⤵
  PID:3588
- C:\Windows\System\gqRBPtX.exe
  C:\Windows\System\gqRBPtX.exe
  2⤵
  PID:4056
- C:\Windows\System\xAPOBoq.exe
  C:\Windows\System\xAPOBoq.exe
  2⤵
  PID:4128
- C:\Windows\System\BHxAygV.exe
  C:\Windows\System\BHxAygV.exe
  2⤵
  PID:4336
- C:\Windows\System\IaiLPVp.exe
  C:\Windows\System\IaiLPVp.exe
  2⤵
  PID:4304
- C:\Windows\System\qRevZlL.exe
  C:\Windows\System\qRevZlL.exe
  2⤵
  PID:4372
- C:\Windows\System\rZGCczQ.exe
  C:\Windows\System\rZGCczQ.exe
  2⤵
  PID:4412
- C:\Windows\System\uxmstzo.exe
  C:\Windows\System\uxmstzo.exe
  2⤵
  PID:4436
- C:\Windows\System\hSQwSfi.exe
  C:\Windows\System\hSQwSfi.exe
  2⤵
  PID:4256
- C:\Windows\System\zZDxqAQ.exe
  C:\Windows\System\zZDxqAQ.exe
  2⤵
  PID:544
- C:\Windows\System\vDWduvx.exe
  C:\Windows\System\vDWduvx.exe
  2⤵
  PID:4492
- C:\Windows\System\FUAAxcw.exe
  C:\Windows\System\FUAAxcw.exe
  2⤵
  PID:4516
- C:\Windows\System\cbcXkUz.exe
  C:\Windows\System\cbcXkUz.exe
  2⤵
  PID:4444
- C:\Windows\System\GpvAmZK.exe
  C:\Windows\System\GpvAmZK.exe
  2⤵
  PID:4632
- C:\Windows\System\LXnIFpN.exe
  C:\Windows\System\LXnIFpN.exe
  2⤵
  PID:4704
- C:\Windows\System\TXnjZIH.exe
  C:\Windows\System\TXnjZIH.exe
  2⤵
  PID:4776
- C:\Windows\System\HjbxXlY.exe
  C:\Windows\System\HjbxXlY.exe
  2⤵
  PID:4540
- C:\Windows\System\kdequxU.exe
  C:\Windows\System\kdequxU.exe
  2⤵
  PID:4476
- C:\Windows\System\OMlDwNq.exe
  C:\Windows\System\OMlDwNq.exe
  2⤵
  PID:4884
- C:\Windows\System\kjIprnN.exe
  C:\Windows\System\kjIprnN.exe
  2⤵
  PID:4900
- C:\Windows\System\hQrTmtj.exe
  C:\Windows\System\hQrTmtj.exe
  2⤵
  PID:4912
- C:\Windows\System\ZpynCaT.exe
  C:\Windows\System\ZpynCaT.exe
  2⤵
  PID:4920
- C:\Windows\System\MGycIgb.exe
  C:\Windows\System\MGycIgb.exe
  2⤵
  PID:4828
- C:\Windows\System\hmYyBQU.exe
  C:\Windows\System\hmYyBQU.exe
  2⤵
  PID:4956
- C:\Windows\System\AiKlZNQ.exe
  C:\Windows\System\AiKlZNQ.exe
  2⤵
  PID:5020
- C:\Windows\System\dUHRFsk.exe
  C:\Windows\System\dUHRFsk.exe
  2⤵
  PID:5060
- C:\Windows\System\ENCmqsY.exe
  C:\Windows\System\ENCmqsY.exe
  2⤵
  PID:2148
- C:\Windows\System\cooJtsN.exe
  C:\Windows\System\cooJtsN.exe
  2⤵
  PID:4148
- C:\Windows\System\QbbqELr.exe
  C:\Windows\System\QbbqELr.exe
  2⤵
  PID:5044
- C:\Windows\System\uuobzyv.exe
  C:\Windows\System\uuobzyv.exe
  2⤵
  PID:2684
- C:\Windows\System\UMHcvKE.exe
  C:\Windows\System\UMHcvKE.exe
  2⤵
  PID:4940
- C:\Windows\System\hMVMjLh.exe
  C:\Windows\System\hMVMjLh.exe
  2⤵
  PID:5040
- C:\Windows\System\HOsktKm.exe
  C:\Windows\System\HOsktKm.exe
  2⤵
  PID:4976
- C:\Windows\System\yckxZWM.exe
  C:\Windows\System\yckxZWM.exe
  2⤵
  PID:4208
- C:\Windows\System\rCOZVSQ.exe
  C:\Windows\System\rCOZVSQ.exe
  2⤵
  PID:2468
- C:\Windows\System\BuWeBWL.exe
  C:\Windows\System\BuWeBWL.exe
  2⤵
  PID:4368
- C:\Windows\System\CaHItwH.exe
  C:\Windows\System\CaHItwH.exe
  2⤵
  PID:4500
- C:\Windows\System\nQVrYOe.exe
  C:\Windows\System\nQVrYOe.exe
  2⤵
  PID:4596
- C:\Windows\System\ZzzHCGF.exe
  C:\Windows\System\ZzzHCGF.exe
  2⤵
  PID:4740
- C:\Windows\System\qzhSnwx.exe
  C:\Windows\System\qzhSnwx.exe
  2⤵
  PID:4404
- C:\Windows\System\JfczODE.exe
  C:\Windows\System\JfczODE.exe
  2⤵
  PID:4320
- C:\Windows\System\aLjIAph.exe
  C:\Windows\System\aLjIAph.exe
  2⤵
  PID:4460
- C:\Windows\System\IFQaZWw.exe
  C:\Windows\System\IFQaZWw.exe
  2⤵
  PID:4576
- C:\Windows\System\RPdClgb.exe
  C:\Windows\System\RPdClgb.exe
  2⤵
  PID:4792
- C:\Windows\System\AIbcsEf.exe
  C:\Windows\System\AIbcsEf.exe
  2⤵
  PID:4644
- C:\Windows\System\UqMreiB.exe
  C:\Windows\System\UqMreiB.exe
  2⤵
  PID:4824
- C:\Windows\System\jFlbLNJ.exe
  C:\Windows\System\jFlbLNJ.exe
  2⤵
  PID:4864
- C:\Windows\System\CLRXsKA.exe
  C:\Windows\System\CLRXsKA.exe
  2⤵
  PID:4140
- C:\Windows\System\uPZwpiu.exe
  C:\Windows\System\uPZwpiu.exe
  2⤵
  PID:5076
- C:\Windows\System\hbSGGuE.exe
  C:\Windows\System\hbSGGuE.exe
  2⤵
  PID:4204
- C:\Windows\System\vkJxMRk.exe
  C:\Windows\System\vkJxMRk.exe
  2⤵
  PID:5096
- C:\Windows\System\JsAWcjh.exe
  C:\Windows\System\JsAWcjh.exe
  2⤵
  PID:5108
- C:\Windows\System\IzKMTAO.exe
  C:\Windows\System\IzKMTAO.exe
  2⤵
  PID:4628
- C:\Windows\System\GtOVyLL.exe
  C:\Windows\System\GtOVyLL.exe
  2⤵
  PID:4260
- C:\Windows\System\LZXFVUT.exe
  C:\Windows\System\LZXFVUT.exe
  2⤵
  PID:4428
- C:\Windows\System\XyKFLnH.exe
  C:\Windows\System\XyKFLnH.exe
  2⤵
  PID:4560
- C:\Windows\System\JJRLbGQ.exe
  C:\Windows\System\JJRLbGQ.exe
  2⤵
  PID:4164
- C:\Windows\System\AMMiuYp.exe
  C:\Windows\System\AMMiuYp.exe
  2⤵
  PID:4880
- C:\Windows\System\kXKKGPQ.exe
  C:\Windows\System\kXKKGPQ.exe
  2⤵
  PID:5132
- C:\Windows\System\YikoKTH.exe
  C:\Windows\System\YikoKTH.exe
  2⤵
  PID:5192
- C:\Windows\System\pxmHysr.exe
  C:\Windows\System\pxmHysr.exe
  2⤵
  PID:5208
- C:\Windows\System\dIyFfQi.exe
  C:\Windows\System\dIyFfQi.exe
  2⤵
  PID:5224
- C:\Windows\System\cjUwuLv.exe
  C:\Windows\System\cjUwuLv.exe
  2⤵
  PID:5240
- C:\Windows\System\bZYxLKt.exe
  C:\Windows\System\bZYxLKt.exe
  2⤵
  PID:5256
- C:\Windows\System\zQruGMj.exe
  C:\Windows\System\zQruGMj.exe
  2⤵
  PID:5272
- C:\Windows\System\kCtxPBA.exe
  C:\Windows\System\kCtxPBA.exe
  2⤵
  PID:5296
- C:\Windows\System\FqgMfdQ.exe
  C:\Windows\System\FqgMfdQ.exe
  2⤵
  PID:5312
- C:\Windows\System\trQxzWE.exe
  C:\Windows\System\trQxzWE.exe
  2⤵
  PID:5328
- C:\Windows\System\VPXacVy.exe
  C:\Windows\System\VPXacVy.exe
  2⤵
  PID:5344
- C:\Windows\System\MWwEqpX.exe
  C:\Windows\System\MWwEqpX.exe
  2⤵
  PID:5360
- C:\Windows\System\nXPmJIz.exe
  C:\Windows\System\nXPmJIz.exe
  2⤵
  PID:5380
- C:\Windows\System\RkcGzzJ.exe
  C:\Windows\System\RkcGzzJ.exe
  2⤵
  PID:5404
- C:\Windows\System\yaJkJxZ.exe
  C:\Windows\System\yaJkJxZ.exe
  2⤵
  PID:5420
- C:\Windows\System\fqBrTJe.exe
  C:\Windows\System\fqBrTJe.exe
  2⤵
  PID:5436
- C:\Windows\System\aMHRATq.exe
  C:\Windows\System\aMHRATq.exe
  2⤵
  PID:5452
- C:\Windows\System\kneIPpN.exe
  C:\Windows\System\kneIPpN.exe
  2⤵
  PID:5504
- C:\Windows\System\IFngzii.exe
  C:\Windows\System\IFngzii.exe
  2⤵
  PID:5532
- C:\Windows\System\POLJyqs.exe
  C:\Windows\System\POLJyqs.exe
  2⤵
  PID:5552
- C:\Windows\System\LyyuLsx.exe
  C:\Windows\System\LyyuLsx.exe
  2⤵
  PID:5568
- C:\Windows\System\KUPdXCt.exe
  C:\Windows\System\KUPdXCt.exe
  2⤵
  PID:5588
- C:\Windows\System\nhzrhoh.exe
  C:\Windows\System\nhzrhoh.exe
  2⤵
  PID:5604
- C:\Windows\System\VLtfwbK.exe
  C:\Windows\System\VLtfwbK.exe
  2⤵
  PID:5620
- C:\Windows\System\uMbuYJb.exe
  C:\Windows\System\uMbuYJb.exe
  2⤵
  PID:5640
- C:\Windows\System\QpDzbXa.exe
  C:\Windows\System\QpDzbXa.exe
  2⤵
  PID:5656
- C:\Windows\System\ySxzbTE.exe
  C:\Windows\System\ySxzbTE.exe
  2⤵
  PID:5680
- C:\Windows\System\JeWPbGY.exe
  C:\Windows\System\JeWPbGY.exe
  2⤵
  PID:5696
- C:\Windows\System\ItTDAmv.exe
  C:\Windows\System\ItTDAmv.exe
  2⤵
  PID:5712
- C:\Windows\System\vXNVwyK.exe
  C:\Windows\System\vXNVwyK.exe
  2⤵
  PID:5728
- C:\Windows\System\NYPKqkV.exe
  C:\Windows\System\NYPKqkV.exe
  2⤵
  PID:5744
- C:\Windows\System\nkJtgZM.exe
  C:\Windows\System\nkJtgZM.exe
  2⤵
  PID:5760
- C:\Windows\System\oZYRIDd.exe
  C:\Windows\System\oZYRIDd.exe
  2⤵
  PID:5784
- C:\Windows\System\GPxhsmI.exe
  C:\Windows\System\GPxhsmI.exe
  2⤵
  PID:5804
- C:\Windows\System\stazhxB.exe
  C:\Windows\System\stazhxB.exe
  2⤵
  PID:5836
- C:\Windows\System\MTAEsrO.exe
  C:\Windows\System\MTAEsrO.exe
  2⤵
  PID:5856
- C:\Windows\System\VgHiNif.exe
  C:\Windows\System\VgHiNif.exe
  2⤵
  PID:5872
- C:\Windows\System\ZyWalej.exe
  C:\Windows\System\ZyWalej.exe
  2⤵
  PID:5888
- C:\Windows\System\ZtDSIrE.exe
  C:\Windows\System\ZtDSIrE.exe
  2⤵
  PID:5904
- C:\Windows\System\fqIdBJc.exe
  C:\Windows\System\fqIdBJc.exe
  2⤵
  PID:5920
- C:\Windows\System\SXfsjKH.exe
  C:\Windows\System\SXfsjKH.exe
  2⤵
  PID:5936
- C:\Windows\System\qPvKwBB.exe
  C:\Windows\System\qPvKwBB.exe
  2⤵
  PID:5952
- C:\Windows\System\WmtxYxy.exe
  C:\Windows\System\WmtxYxy.exe
  2⤵
  PID:5968
- C:\Windows\System\imgLPDU.exe
  C:\Windows\System\imgLPDU.exe
  2⤵
  PID:5984
- C:\Windows\System\TXOzKCG.exe
  C:\Windows\System\TXOzKCG.exe
  2⤵
  PID:6008
- C:\Windows\System\McnEpGq.exe
  C:\Windows\System\McnEpGq.exe
  2⤵
  PID:6032
- C:\Windows\System\QgnXSOa.exe
  C:\Windows\System\QgnXSOa.exe
  2⤵
  PID:6048
- C:\Windows\System\RPmkPTw.exe
  C:\Windows\System\RPmkPTw.exe
  2⤵
  PID:6072
- C:\Windows\System\ImqedLX.exe
  C:\Windows\System\ImqedLX.exe
  2⤵
  PID:6104
- C:\Windows\System\oZLWfJN.exe
  C:\Windows\System\oZLWfJN.exe
  2⤵
  PID:6136
- C:\Windows\System\qbgdalR.exe
  C:\Windows\System\qbgdalR.exe
  2⤵
  PID:4812
- C:\Windows\System\jmwWOGU.exe
  C:\Windows\System\jmwWOGU.exe
  2⤵
  PID:4200
- C:\Windows\System\nTQPSUe.exe
  C:\Windows\System\nTQPSUe.exe
  2⤵
  PID:4272
- C:\Windows\System\ZsKPURn.exe
  C:\Windows\System\ZsKPURn.exe
  2⤵
  PID:4664
- C:\Windows\System\AxoDrlH.exe
  C:\Windows\System\AxoDrlH.exe
  2⤵
  PID:5140
- C:\Windows\System\BqAnHTJ.exe
  C:\Windows\System\BqAnHTJ.exe
  2⤵
  PID:4700
- C:\Windows\System\TDWqtku.exe
  C:\Windows\System\TDWqtku.exe
  2⤵
  PID:4592
- C:\Windows\System\CSRXmkF.exe
  C:\Windows\System\CSRXmkF.exe
  2⤵
  PID:5184
- C:\Windows\System\FtIdRPp.exe
  C:\Windows\System\FtIdRPp.exe
  2⤵
  PID:4904
- C:\Windows\System\WyIcBRG.exe
  C:\Windows\System\WyIcBRG.exe
  2⤵
  PID:4684
- C:\Windows\System\NNDAXFQ.exe
  C:\Windows\System\NNDAXFQ.exe
  2⤵
  PID:4228
- C:\Windows\System\jBhFdcN.exe
  C:\Windows\System\jBhFdcN.exe
  2⤵
  PID:2308
- C:\Windows\System\vckcSjg.exe
  C:\Windows\System\vckcSjg.exe
  2⤵
  PID:5288
- C:\Windows\System\TnfkmZW.exe
  C:\Windows\System\TnfkmZW.exe
  2⤵
  PID:5320
- C:\Windows\System\OsKgmEj.exe
  C:\Windows\System\OsKgmEj.exe
  2⤵
  PID:5392
- C:\Windows\System\qMYYpBG.exe
  C:\Windows\System\qMYYpBG.exe
  2⤵
  PID:5472
- C:\Windows\System\vUoAuVo.exe
  C:\Windows\System\vUoAuVo.exe
  2⤵
  PID:5232
- C:\Windows\System\jshfYpq.exe
  C:\Windows\System\jshfYpq.exe
  2⤵
  PID:5308
- C:\Windows\System\YnQtwkE.exe
  C:\Windows\System\YnQtwkE.exe
  2⤵
  PID:5372
- C:\Windows\System\nPyOSnI.exe
  C:\Windows\System\nPyOSnI.exe
  2⤵
  PID:5488
- C:\Windows\System\cWhttNN.exe
  C:\Windows\System\cWhttNN.exe
  2⤵
  PID:5444
- C:\Windows\System\AiLaCyY.exe
  C:\Windows\System\AiLaCyY.exe
  2⤵
  PID:5516
- C:\Windows\System\HKhhNxX.exe
  C:\Windows\System\HKhhNxX.exe
  2⤵
  PID:5524
- C:\Windows\System\oFmZhPc.exe
  C:\Windows\System\oFmZhPc.exe
  2⤵
  PID:5548
- C:\Windows\System\dQhSwcj.exe
  C:\Windows\System\dQhSwcj.exe
  2⤵
  PID:5616
- C:\Windows\System\EBRAzJB.exe
  C:\Windows\System\EBRAzJB.exe
  2⤵
  PID:5636
- C:\Windows\System\ixFqlAg.exe
  C:\Windows\System\ixFqlAg.exe
  2⤵
  PID:5560
- C:\Windows\System\VzQJrMu.exe
  C:\Windows\System\VzQJrMu.exe
  2⤵
  PID:5756
- C:\Windows\System\CwOXrOm.exe
  C:\Windows\System\CwOXrOm.exe
  2⤵
  PID:5944
- C:\Windows\System\SaBavof.exe
  C:\Windows\System\SaBavof.exe
  2⤵
  PID:5976
- C:\Windows\System\HXGhOPD.exe
  C:\Windows\System\HXGhOPD.exe
  2⤵
  PID:6056
- C:\Windows\System\mgMmZik.exe
  C:\Windows\System\mgMmZik.exe
  2⤵
  PID:5708
- C:\Windows\System\QOXnMBY.exe
  C:\Windows\System\QOXnMBY.exe
  2⤵
  PID:6084
- C:\Windows\System\ZFXFLuE.exe
  C:\Windows\System\ZFXFLuE.exe
  2⤵
  PID:5820
- C:\Windows\System\qhGoQxD.exe
  C:\Windows\System\qhGoQxD.exe
  2⤵
  PID:5932
- C:\Windows\System\xdwPkmu.exe
  C:\Windows\System\xdwPkmu.exe
  2⤵
  PID:6080
- C:\Windows\System\lKiUzMX.exe
  C:\Windows\System\lKiUzMX.exe
  2⤵
  PID:6044
- C:\Windows\System\nZKVLTm.exe
  C:\Windows\System\nZKVLTm.exe
  2⤵
  PID:5864
- C:\Windows\System\ZyEoNoJ.exe
  C:\Windows\System\ZyEoNoJ.exe
  2⤵
  PID:4352
- C:\Windows\System\OgpjGyB.exe
  C:\Windows\System\OgpjGyB.exe
  2⤵
  PID:4808
- C:\Windows\System\wPUTeXZ.exe
  C:\Windows\System\wPUTeXZ.exe
  2⤵
  PID:4732
- C:\Windows\System\WMIhItl.exe
  C:\Windows\System\WMIhItl.exe
  2⤵
  PID:6096
- C:\Windows\System\omhquCg.exe
  C:\Windows\System\omhquCg.exe
  2⤵
  PID:4340
- C:\Windows\System\NLbZxSM.exe
  C:\Windows\System\NLbZxSM.exe
  2⤵
  PID:4972
- C:\Windows\System\gkgZnzk.exe
  C:\Windows\System\gkgZnzk.exe
  2⤵
  PID:5168
- C:\Windows\System\CHYCiCf.exe
  C:\Windows\System\CHYCiCf.exe
  2⤵
  PID:5180
- C:\Windows\System\mXSLuOu.exe
  C:\Windows\System\mXSLuOu.exe
  2⤵
  PID:4688
- C:\Windows\System\XBFrDoM.exe
  C:\Windows\System\XBFrDoM.exe
  2⤵
  PID:4788
- C:\Windows\System\Equwwwi.exe
  C:\Windows\System\Equwwwi.exe
  2⤵
  PID:5432
- C:\Windows\System\pzeLKNL.exe
  C:\Windows\System\pzeLKNL.exe
  2⤵
  PID:5484
- C:\Windows\System\KncMdwB.exe
  C:\Windows\System\KncMdwB.exe
  2⤵
  PID:5648
- C:\Windows\System\WwBZmXU.exe
  C:\Windows\System\WwBZmXU.exe
  2⤵
  PID:5252
- C:\Windows\System\JStWnHf.exe
  C:\Windows\System\JStWnHf.exe
  2⤵
  PID:5500
- C:\Windows\System\BngOrRb.exe
  C:\Windows\System\BngOrRb.exe
  2⤵
  PID:5248
- C:\Windows\System\DWbeFCi.exe
  C:\Windows\System\DWbeFCi.exe
  2⤵
  PID:5388
- C:\Windows\System\OSrFYAD.exe
  C:\Windows\System\OSrFYAD.exe
  2⤵
  PID:6016
- C:\Windows\System\SrXkFUZ.exe
  C:\Windows\System\SrXkFUZ.exe
  2⤵
  PID:5668
- C:\Windows\System\nqyzOBM.exe
  C:\Windows\System\nqyzOBM.exe
  2⤵
  PID:5792
- C:\Windows\System\hnLzcxb.exe
  C:\Windows\System\hnLzcxb.exe
  2⤵
  PID:768
- C:\Windows\System\qMtjESe.exe
  C:\Windows\System\qMtjESe.exe
  2⤵
  PID:6040
- C:\Windows\System\djatnBx.exe
  C:\Windows\System\djatnBx.exe
  2⤵
  PID:6020
- C:\Windows\System\Jzbpsiz.exe
  C:\Windows\System\Jzbpsiz.exe
  2⤵
  PID:6004
- C:\Windows\System\SWfdtRH.exe
  C:\Windows\System\SWfdtRH.exe
  2⤵
  PID:1872
- C:\Windows\System\dJcupdJ.exe
  C:\Windows\System\dJcupdJ.exe
  2⤵
  PID:5964
- C:\Windows\System\geKoZbX.exe
  C:\Windows\System\geKoZbX.exe
  2⤵
  PID:6092
- C:\Windows\System\ZELzbOo.exe
  C:\Windows\System\ZELzbOo.exe
  2⤵
  PID:6116
- C:\Windows\System\CugcQte.exe
  C:\Windows\System\CugcQte.exe
  2⤵
  PID:2984
- C:\Windows\System\ctQMaNm.exe
  C:\Windows\System\ctQMaNm.exe
  2⤵
  PID:4288
- C:\Windows\System\dAXFlQZ.exe
  C:\Windows\System\dAXFlQZ.exe
  2⤵
  PID:5188
- C:\Windows\System\keTVBqt.exe
  C:\Windows\System\keTVBqt.exe
  2⤵
  PID:5268
- C:\Windows\System\YAzuCnd.exe
  C:\Windows\System\YAzuCnd.exe
  2⤵
  PID:5292
- C:\Windows\System\xOAjMxW.exe
  C:\Windows\System\xOAjMxW.exe
  2⤵
  PID:5576
- C:\Windows\System\euUsmvz.exe
  C:\Windows\System\euUsmvz.exe
  2⤵
  PID:5544
- C:\Windows\System\tFUqMWK.exe
  C:\Windows\System\tFUqMWK.exe
  2⤵
  PID:1840
- C:\Windows\System\jZAsUET.exe
  C:\Windows\System\jZAsUET.exe
  2⤵
  PID:5520
- C:\Windows\System\jDmtdCS.exe
  C:\Windows\System\jDmtdCS.exe
  2⤵
  PID:5204
- C:\Windows\System\YorDJAV.exe
  C:\Windows\System\YorDJAV.exe
  2⤵
  PID:5796
- C:\Windows\System\tmqAxUe.exe
  C:\Windows\System\tmqAxUe.exe
  2⤵
  PID:5848
- C:\Windows\System\BXgmzpv.exe
  C:\Windows\System\BXgmzpv.exe
  2⤵
  PID:6132
- C:\Windows\System\pRwjEOH.exe
  C:\Windows\System\pRwjEOH.exe
  2⤵
  PID:1380
- C:\Windows\System\BPnGUvd.exe
  C:\Windows\System\BPnGUvd.exe
  2⤵
  PID:5868
- C:\Windows\System\rnrAaqD.exe
  C:\Windows\System\rnrAaqD.exe
  2⤵
  PID:5200
- C:\Windows\System\RayZJDr.exe
  C:\Windows\System\RayZJDr.exe
  2⤵
  PID:5664
- C:\Windows\System\AhlHctX.exe
  C:\Windows\System\AhlHctX.exe
  2⤵
  PID:5884
- C:\Windows\System\ENKupht.exe
  C:\Windows\System\ENKupht.exe
  2⤵
  PID:5128
- C:\Windows\System\ftrbApn.exe
  C:\Windows\System\ftrbApn.exe
  2⤵
  PID:4508
- C:\Windows\System\vzAkLFw.exe
  C:\Windows\System\vzAkLFw.exe
  2⤵
  PID:5612
- C:\Windows\System\htYPfcm.exe
  C:\Windows\System\htYPfcm.exe
  2⤵
  PID:5356
- C:\Windows\System\dYcbSQz.exe
  C:\Windows\System\dYcbSQz.exe
  2⤵
  PID:708
- C:\Windows\System\yxlrwoH.exe
  C:\Windows\System\yxlrwoH.exe
  2⤵
  PID:5996
- C:\Windows\System\OnwGmxw.exe
  C:\Windows\System\OnwGmxw.exe
  2⤵
  PID:5156
- C:\Windows\System\pJlQSrd.exe
  C:\Windows\System\pJlQSrd.exe
  2⤵
  PID:5768
- C:\Windows\System\UQSEenX.exe
  C:\Windows\System\UQSEenX.exe
  2⤵
  PID:5468
- C:\Windows\System\imSGGYz.exe
  C:\Windows\System\imSGGYz.exe
  2⤵
  PID:5812
- C:\Windows\System\yflSwRu.exe
  C:\Windows\System\yflSwRu.exe
  2⤵
  PID:5596
- C:\Windows\System\mzYHTyE.exe
  C:\Windows\System\mzYHTyE.exe
  2⤵
  PID:5896
- C:\Windows\System\FTPCXax.exe
  C:\Windows\System\FTPCXax.exe
  2⤵
  PID:5512
- C:\Windows\System\WiFMMSQ.exe
  C:\Windows\System\WiFMMSQ.exe
  2⤵
  PID:6064
- C:\Windows\System\KvvfyrQ.exe
  C:\Windows\System\KvvfyrQ.exe
  2⤵
  PID:5852
- C:\Windows\System\lGneTnS.exe
  C:\Windows\System\lGneTnS.exe
  2⤵
  PID:2428
- C:\Windows\System\dzgrRCO.exe
  C:\Windows\System\dzgrRCO.exe
  2⤵
  PID:5676
- C:\Windows\System\RGjLRgm.exe
  C:\Windows\System\RGjLRgm.exe
  2⤵
  PID:4524
- C:\Windows\System\tCcxuLR.exe
  C:\Windows\System\tCcxuLR.exe
  2⤵
  PID:5480
- C:\Windows\System\npOqmJM.exe
  C:\Windows\System\npOqmJM.exe
  2⤵
  PID:4616
- C:\Windows\System\NUIkEgh.exe
  C:\Windows\System\NUIkEgh.exe
  2⤵
  PID:5960
- C:\Windows\System\CreHBgw.exe
  C:\Windows\System\CreHBgw.exe
  2⤵
  PID:5160
- C:\Windows\System\kgsyefz.exe
  C:\Windows\System\kgsyefz.exe
  2⤵
  PID:6156
- C:\Windows\System\LIvtcLA.exe
  C:\Windows\System\LIvtcLA.exe
  2⤵
  PID:6184
- C:\Windows\System\CRQfYWb.exe
  C:\Windows\System\CRQfYWb.exe
  2⤵
  PID:6204
- C:\Windows\System\kypIumB.exe
  C:\Windows\System\kypIumB.exe
  2⤵
  PID:6220
- C:\Windows\System\XHSEENN.exe
  C:\Windows\System\XHSEENN.exe
  2⤵
  PID:6236
- C:\Windows\System\ZoBbGZF.exe
  C:\Windows\System\ZoBbGZF.exe
  2⤵
  PID:6260
- C:\Windows\System\kHbWyKx.exe
  C:\Windows\System\kHbWyKx.exe
  2⤵
  PID:6280
- C:\Windows\System\xInxkaV.exe
  C:\Windows\System\xInxkaV.exe
  2⤵
  PID:6296
- C:\Windows\System\uvSQrkC.exe
  C:\Windows\System\uvSQrkC.exe
  2⤵
  PID:6312
- C:\Windows\System\KiVQoyg.exe
  C:\Windows\System\KiVQoyg.exe
  2⤵
  PID:6328
- C:\Windows\System\gYetmPL.exe
  C:\Windows\System\gYetmPL.exe
  2⤵
  PID:6348
- C:\Windows\System\HEeozLe.exe
  C:\Windows\System\HEeozLe.exe
  2⤵
  PID:6392
- C:\Windows\System\WyeiDhr.exe
  C:\Windows\System\WyeiDhr.exe
  2⤵
  PID:6408
- C:\Windows\System\ASKHUbf.exe
  C:\Windows\System\ASKHUbf.exe
  2⤵
  PID:6424
- C:\Windows\System\zLbvkpe.exe
  C:\Windows\System\zLbvkpe.exe
  2⤵
  PID:6448
- C:\Windows\System\ifwwpiB.exe
  C:\Windows\System\ifwwpiB.exe
  2⤵
  PID:6464
- C:\Windows\System\TOoQlMr.exe
  C:\Windows\System\TOoQlMr.exe
  2⤵
  PID:6484
- C:\Windows\System\IhhnWUK.exe
  C:\Windows\System\IhhnWUK.exe
  2⤵
  PID:6512
- C:\Windows\System\sQfmIDZ.exe
  C:\Windows\System\sQfmIDZ.exe
  2⤵
  PID:6528
- C:\Windows\System\YbQbLbw.exe
  C:\Windows\System\YbQbLbw.exe
  2⤵
  PID:6544
- C:\Windows\System\efDqOdo.exe
  C:\Windows\System\efDqOdo.exe
  2⤵
  PID:6560
- C:\Windows\System\AbUYHlt.exe
  C:\Windows\System\AbUYHlt.exe
  2⤵
  PID:6576
- C:\Windows\System\yhSLfuf.exe
  C:\Windows\System\yhSLfuf.exe
  2⤵
  PID:6596
- C:\Windows\System\EjFPQOl.exe
  C:\Windows\System\EjFPQOl.exe
  2⤵
  PID:6616
- C:\Windows\System\KsRxboh.exe
  C:\Windows\System\KsRxboh.exe
  2⤵
  PID:6632
- C:\Windows\System\PFHOmrs.exe
  C:\Windows\System\PFHOmrs.exe
  2⤵
  PID:6656
- C:\Windows\System\cgENjHc.exe
  C:\Windows\System\cgENjHc.exe
  2⤵
  PID:6676
- C:\Windows\System\IkrEqmB.exe
  C:\Windows\System\IkrEqmB.exe
  2⤵
  PID:6704
- C:\Windows\System\krPwLOh.exe
  C:\Windows\System\krPwLOh.exe
  2⤵
  PID:6720
- C:\Windows\System\nQTxeOU.exe
  C:\Windows\System\nQTxeOU.exe
  2⤵
  PID:6740
- C:\Windows\System\gjRHcGt.exe
  C:\Windows\System\gjRHcGt.exe
  2⤵
  PID:6756
- C:\Windows\System\uCznrrw.exe
  C:\Windows\System\uCznrrw.exe
  2⤵
  PID:6788
- C:\Windows\System\RQFoXoS.exe
  C:\Windows\System\RQFoXoS.exe
  2⤵
  PID:6804
- C:\Windows\System\jpkezOy.exe
  C:\Windows\System\jpkezOy.exe
  2⤵
  PID:6820
- C:\Windows\System\qmYkgAD.exe
  C:\Windows\System\qmYkgAD.exe
  2⤵
  PID:6836
- C:\Windows\System\YZbzZgu.exe
  C:\Windows\System\YZbzZgu.exe
  2⤵
  PID:6864
- C:\Windows\System\zAORzeV.exe
  C:\Windows\System\zAORzeV.exe
  2⤵
  PID:6884
- C:\Windows\System\LfXdwPI.exe
  C:\Windows\System\LfXdwPI.exe
  2⤵
  PID:6912
- C:\Windows\System\rduoFnA.exe
  C:\Windows\System\rduoFnA.exe
  2⤵
  PID:6928
- C:\Windows\System\JmgogPJ.exe
  C:\Windows\System\JmgogPJ.exe
  2⤵
  PID:6944
- C:\Windows\System\OVRfAXi.exe
  C:\Windows\System\OVRfAXi.exe
  2⤵
  PID:6968
- C:\Windows\System\AeZojsQ.exe
  C:\Windows\System\AeZojsQ.exe
  2⤵
  PID:6984
- C:\Windows\System\FuzmIct.exe
  C:\Windows\System\FuzmIct.exe
  2⤵
  PID:7008
- C:\Windows\System\HobczmV.exe
  C:\Windows\System\HobczmV.exe
  2⤵
  PID:7024
- C:\Windows\System\pavGNst.exe
  C:\Windows\System\pavGNst.exe
  2⤵
  PID:7040
- C:\Windows\System\wKUcNhI.exe
  C:\Windows\System\wKUcNhI.exe
  2⤵
  PID:7060
- C:\Windows\System\SYMgWla.exe
  C:\Windows\System\SYMgWla.exe
  2⤵
  PID:7084
- C:\Windows\System\mzQYZDn.exe
  C:\Windows\System\mzQYZDn.exe
  2⤵
  PID:7100
- C:\Windows\System\nkUcuAQ.exe
  C:\Windows\System\nkUcuAQ.exe
  2⤵
  PID:7116
- C:\Windows\System\ZXIAncA.exe
  C:\Windows\System\ZXIAncA.exe
  2⤵
  PID:7132
- C:\Windows\System\YehslLe.exe
  C:\Windows\System\YehslLe.exe
  2⤵
  PID:7156
- C:\Windows\System\dpgSKNf.exe
  C:\Windows\System\dpgSKNf.exe
  2⤵
  PID:5460
- C:\Windows\System\jxqTmUm.exe
  C:\Windows\System\jxqTmUm.exe
  2⤵
  PID:6172
- C:\Windows\System\IrIaZCo.exe
  C:\Windows\System\IrIaZCo.exe
  2⤵
  PID:6100
- C:\Windows\System\tAxNQkV.exe
  C:\Windows\System\tAxNQkV.exe
  2⤵
  PID:6216
- C:\Windows\System\NcLhNCC.exe
  C:\Windows\System\NcLhNCC.exe
  2⤵
  PID:6252
- C:\Windows\System\edcPLCx.exe
  C:\Windows\System\edcPLCx.exe
  2⤵
  PID:6196
- C:\Windows\System\QWuCMqq.exe
  C:\Windows\System\QWuCMqq.exe
  2⤵
  PID:6320
- C:\Windows\System\nHhBopq.exe
  C:\Windows\System\nHhBopq.exe
  2⤵
  PID:6340
- C:\Windows\System\HSxuJwR.exe
  C:\Windows\System\HSxuJwR.exe
  2⤵
  PID:6304
- C:\Windows\System\QfbVTRe.exe
  C:\Windows\System\QfbVTRe.exe
  2⤵
  PID:6364
- C:\Windows\System\dUDTCoF.exe
  C:\Windows\System\dUDTCoF.exe
  2⤵
  PID:6380
- C:\Windows\System\nZSBHzD.exe
  C:\Windows\System\nZSBHzD.exe
  2⤵
  PID:6436
- C:\Windows\System\skfSbXk.exe
  C:\Windows\System\skfSbXk.exe
  2⤵
  PID:6460
- C:\Windows\System\QpwGYGZ.exe
  C:\Windows\System\QpwGYGZ.exe
  2⤵
  PID:6504
- C:\Windows\System\pUbXRyw.exe
  C:\Windows\System\pUbXRyw.exe
  2⤵
  PID:6540
- C:\Windows\System\tgLAlMg.exe
  C:\Windows\System\tgLAlMg.exe
  2⤵
  PID:6608
- C:\Windows\System\nkqeXPK.exe
  C:\Windows\System\nkqeXPK.exe
  2⤵
  PID:6640
- C:\Windows\System\CcBTLAt.exe
  C:\Windows\System\CcBTLAt.exe
  2⤵
  PID:6684
- C:\Windows\System\GpbqNab.exe
  C:\Windows\System\GpbqNab.exe
  2⤵
  PID:6592
- C:\Windows\System\VvBRVRo.exe
  C:\Windows\System\VvBRVRo.exe
  2⤵
  PID:6728
- C:\Windows\System\qOweOKL.exe
  C:\Windows\System\qOweOKL.exe
  2⤵
  PID:6624
- C:\Windows\System\HRpjrNn.exe
  C:\Windows\System\HRpjrNn.exe
  2⤵
  PID:6552
- C:\Windows\System\CfuItDv.exe
  C:\Windows\System\CfuItDv.exe
  2⤵
  PID:6784
- C:\Windows\System\gEauOWU.exe
  C:\Windows\System\gEauOWU.exe
  2⤵
  PID:6712
- C:\Windows\System\dAxymXk.exe
  C:\Windows\System\dAxymXk.exe
  2⤵
  PID:6852
- C:\Windows\System\nEUqdNJ.exe
  C:\Windows\System\nEUqdNJ.exe
  2⤵
  PID:6872
- C:\Windows\System\AtYvcuI.exe
  C:\Windows\System\AtYvcuI.exe
  2⤵
  PID:6908
- C:\Windows\System\jqDilXG.exe
  C:\Windows\System\jqDilXG.exe
  2⤵
  PID:6980
- C:\Windows\System\PlRpQDI.exe
  C:\Windows\System\PlRpQDI.exe
  2⤵
  PID:7052
- C:\Windows\System\xRjSYmy.exe
  C:\Windows\System\xRjSYmy.exe
  2⤵
  PID:6996
- C:\Windows\System\ipCXRLM.exe
  C:\Windows\System\ipCXRLM.exe
  2⤵
  PID:6960
- C:\Windows\System\JGwJRtu.exe
  C:\Windows\System\JGwJRtu.exe
  2⤵
  PID:7036
- C:\Windows\System\EWLJZWB.exe
  C:\Windows\System\EWLJZWB.exe
  2⤵
  PID:7092
- C:\Windows\System\NOKROqy.exe
  C:\Windows\System\NOKROqy.exe
  2⤵
  PID:7076
- C:\Windows\System\JKvlNle.exe
  C:\Windows\System\JKvlNle.exe
  2⤵
  PID:7108
- C:\Windows\System\hfmLfsn.exe
  C:\Windows\System\hfmLfsn.exe
  2⤵
  PID:5164
- C:\Windows\System\OMHOViX.exe
  C:\Windows\System\OMHOViX.exe
  2⤵
  PID:6200
- C:\Windows\System\WtEThFw.exe
  C:\Windows\System\WtEThFw.exe
  2⤵
  PID:7152
- C:\Windows\System\vJjUojN.exe
  C:\Windows\System\vJjUojN.exe
  2⤵
  PID:6288
- C:\Windows\System\lrhkKVh.exe
  C:\Windows\System\lrhkKVh.exe
  2⤵
  PID:6232
- C:\Windows\System\kXcPpsT.exe
  C:\Windows\System\kXcPpsT.exe
  2⤵
  PID:6344
- C:\Windows\System\uHGJEIq.exe
  C:\Windows\System\uHGJEIq.exe
  2⤵
  PID:6376
- C:\Windows\System\zYBOMKT.exe
  C:\Windows\System\zYBOMKT.exe
  2⤵
  PID:6420
- C:\Windows\System\tHLGFVR.exe
  C:\Windows\System\tHLGFVR.exe
  2⤵
  PID:1004
- C:\Windows\System\kYGabcu.exe
  C:\Windows\System\kYGabcu.exe
  2⤵
  PID:6432
- C:\Windows\System\TbgNJWk.exe
  C:\Windows\System\TbgNJWk.exe
  2⤵
  PID:6584
- C:\Windows\System\obffvYB.exe
  C:\Windows\System\obffvYB.exe
  2⤵
  PID:6772
- C:\Windows\System\DSUQnsr.exe
  C:\Windows\System\DSUQnsr.exe
  2⤵
  PID:6668
- C:\Windows\System\TnBIEOc.exe
  C:\Windows\System\TnBIEOc.exe
  2⤵
  PID:6780
- C:\Windows\System\HevUjCL.exe
  C:\Windows\System\HevUjCL.exe
  2⤵
  PID:6748
- C:\Windows\System\SeBKjoD.exe
  C:\Windows\System\SeBKjoD.exe
  2⤵
  PID:6900
- C:\Windows\System\CYTjDxO.exe
  C:\Windows\System\CYTjDxO.exe
  2⤵
  PID:7048
- C:\Windows\System\uIcaynQ.exe
  C:\Windows\System\uIcaynQ.exe
  2⤵
  PID:7068
- C:\Windows\System\TQYNGhM.exe
  C:\Windows\System\TQYNGhM.exe
  2⤵
  PID:7032
- C:\Windows\System\RHeHVGx.exe
  C:\Windows\System\RHeHVGx.exe
  2⤵
  PID:6796
- C:\Windows\System\FxrNjUr.exe
  C:\Windows\System\FxrNjUr.exe
  2⤵
  PID:6940
- C:\Windows\System\TagvYhC.exe
  C:\Windows\System\TagvYhC.exe
  2⤵
  PID:6992
- C:\Windows\System\VXgaTDE.exe
  C:\Windows\System\VXgaTDE.exe
  2⤵
  PID:6212
- C:\Windows\System\RlMHDVk.exe
  C:\Windows\System\RlMHDVk.exe
  2⤵
  PID:6416
- C:\Windows\System\TXtaowY.exe
  C:\Windows\System\TXtaowY.exe
  2⤵
  PID:6372
- C:\Windows\System\tmKzWWE.exe
  C:\Windows\System\tmKzWWE.exe
  2⤵
  PID:6508
- C:\Windows\System\bdpWbIC.exe
  C:\Windows\System\bdpWbIC.exe
  2⤵
  PID:6764
- C:\Windows\System\atDNVWK.exe
  C:\Windows\System\atDNVWK.exe
  2⤵
  PID:6476
- C:\Windows\System\KJnXBfC.exe
  C:\Windows\System\KJnXBfC.exe
  2⤵
  PID:6828
- C:\Windows\System\RQcyMxt.exe
  C:\Windows\System\RQcyMxt.exe
  2⤵
  PID:7128
- C:\Windows\System\LVTGtOq.exe
  C:\Windows\System\LVTGtOq.exe
  2⤵
  PID:6904
- C:\Windows\System\BBnwHeW.exe
  C:\Windows\System\BBnwHeW.exe
  2⤵
  PID:6152
- C:\Windows\System\doRljcw.exe
  C:\Windows\System\doRljcw.exe
  2⤵
  PID:6388
- C:\Windows\System\REQVeBc.exe
  C:\Windows\System\REQVeBc.exe
  2⤵
  PID:6956
- C:\Windows\System\SeMfWvl.exe
  C:\Windows\System\SeMfWvl.exe
  2⤵
  PID:6652
- C:\Windows\System\faDKUPQ.exe
  C:\Windows\System\faDKUPQ.exe
  2⤵
  PID:6752
- C:\Windows\System\DMJxybX.exe
  C:\Windows\System\DMJxybX.exe
  2⤵
  PID:6360
- C:\Windows\System\ZXlSyAD.exe
  C:\Windows\System\ZXlSyAD.exe
  2⤵
  PID:6848
- C:\Windows\System\FGWvErT.exe
  C:\Windows\System\FGWvErT.exe
  2⤵
  PID:6812
- C:\Windows\System\iQaQuGP.exe
  C:\Windows\System\iQaQuGP.exe
  2⤵
  PID:7180
- C:\Windows\System\AVYHxcN.exe
  C:\Windows\System\AVYHxcN.exe
  2⤵
  PID:7196
- C:\Windows\System\wTXlEyR.exe
  C:\Windows\System\wTXlEyR.exe
  2⤵
  PID:7212
- C:\Windows\System\sqezkLG.exe
  C:\Windows\System\sqezkLG.exe
  2⤵
  PID:7228
- C:\Windows\System\PjxkkTW.exe
  C:\Windows\System\PjxkkTW.exe
  2⤵
  PID:7244
- C:\Windows\System\nQJYCiu.exe
  C:\Windows\System\nQJYCiu.exe
  2⤵
  PID:7264
- C:\Windows\System\aulxfiC.exe
  C:\Windows\System\aulxfiC.exe
  2⤵
  PID:7280
- C:\Windows\System\nrsYdiG.exe
  C:\Windows\System\nrsYdiG.exe
  2⤵
  PID:7296
- C:\Windows\System\pfRItuv.exe
  C:\Windows\System\pfRItuv.exe
  2⤵
  PID:7312
- C:\Windows\System\djwYzdK.exe
  C:\Windows\System\djwYzdK.exe
  2⤵
  PID:7328
- C:\Windows\System\JfASAmv.exe
  C:\Windows\System\JfASAmv.exe
  2⤵
  PID:7344
- C:\Windows\System\sAqwZbm.exe
  C:\Windows\System\sAqwZbm.exe
  2⤵
  PID:7360
- C:\Windows\System\bIwAsNu.exe
  C:\Windows\System\bIwAsNu.exe
  2⤵
  PID:7376
- C:\Windows\System\PVhSFhP.exe
  C:\Windows\System\PVhSFhP.exe
  2⤵
  PID:7392
- C:\Windows\System\LtVQGEw.exe
  C:\Windows\System\LtVQGEw.exe
  2⤵
  PID:7408
- C:\Windows\System\PXdjXPE.exe
  C:\Windows\System\PXdjXPE.exe
  2⤵
  PID:7424
- C:\Windows\System\rsNOQov.exe
  C:\Windows\System\rsNOQov.exe
  2⤵
  PID:7440
- C:\Windows\System\QWVewbm.exe
  C:\Windows\System\QWVewbm.exe
  2⤵
  PID:7456
- C:\Windows\System\bZBswbD.exe
  C:\Windows\System\bZBswbD.exe
  2⤵
  PID:7472
- C:\Windows\System\vcToZVM.exe
  C:\Windows\System\vcToZVM.exe
  2⤵
  PID:7488
- C:\Windows\System\kwIgjYN.exe
  C:\Windows\System\kwIgjYN.exe
  2⤵
  PID:7504
- C:\Windows\System\kGIPTPw.exe
  C:\Windows\System\kGIPTPw.exe
  2⤵
  PID:7520
- C:\Windows\System\QlbIkqx.exe
  C:\Windows\System\QlbIkqx.exe
  2⤵
  PID:7536
- C:\Windows\System\FGJcjWq.exe
  C:\Windows\System\FGJcjWq.exe
  2⤵
  PID:7552
- C:\Windows\System\sKeEwgd.exe
  C:\Windows\System\sKeEwgd.exe
  2⤵
  PID:7568
- C:\Windows\System\rVYfyLe.exe
  C:\Windows\System\rVYfyLe.exe
  2⤵
  PID:7584
- C:\Windows\System\mTjXaJS.exe
  C:\Windows\System\mTjXaJS.exe
  2⤵
  PID:7600
- C:\Windows\System\OLAatnZ.exe
  C:\Windows\System\OLAatnZ.exe
  2⤵
  PID:7616
- C:\Windows\System\KpZmwBZ.exe
  C:\Windows\System\KpZmwBZ.exe
  2⤵
  PID:7632
- C:\Windows\System\gSleQfT.exe
  C:\Windows\System\gSleQfT.exe
  2⤵
  PID:7648
- C:\Windows\System\QhmTqIh.exe
  C:\Windows\System\QhmTqIh.exe
  2⤵
  PID:7664
- C:\Windows\System\epsElCp.exe
  C:\Windows\System\epsElCp.exe
  2⤵
  PID:7684
- C:\Windows\System\MVuRiOo.exe
  C:\Windows\System\MVuRiOo.exe
  2⤵
  PID:7700
- C:\Windows\System\vbiLTHU.exe
  C:\Windows\System\vbiLTHU.exe
  2⤵
  PID:7716
- C:\Windows\System\ZDXDiYW.exe
  C:\Windows\System\ZDXDiYW.exe
  2⤵
  PID:7732
- C:\Windows\System\uxYyUJp.exe
  C:\Windows\System\uxYyUJp.exe
  2⤵
  PID:7748
- C:\Windows\System\QZPpNfb.exe
  C:\Windows\System\QZPpNfb.exe
  2⤵
  PID:7764
- C:\Windows\System\BDUfuED.exe
  C:\Windows\System\BDUfuED.exe
  2⤵
  PID:7780
- C:\Windows\System\aZElFem.exe
  C:\Windows\System\aZElFem.exe
  2⤵
  PID:7796
- C:\Windows\System\NOLlAuL.exe
  C:\Windows\System\NOLlAuL.exe
  2⤵
  PID:7812
- C:\Windows\System\gTaxyAf.exe
  C:\Windows\System\gTaxyAf.exe
  2⤵
  PID:7828
- C:\Windows\System\siNLgYE.exe
  C:\Windows\System\siNLgYE.exe
  2⤵
  PID:7844
- C:\Windows\System\gjLGYnp.exe
  C:\Windows\System\gjLGYnp.exe
  2⤵
  PID:7860
- C:\Windows\System\UilopAp.exe
  C:\Windows\System\UilopAp.exe
  2⤵
  PID:7876
- C:\Windows\System\hwBGFgl.exe
  C:\Windows\System\hwBGFgl.exe
  2⤵
  PID:7892
- C:\Windows\System\XdByrKG.exe
  C:\Windows\System\XdByrKG.exe
  2⤵
  PID:7908
- C:\Windows\System\EUbmIxD.exe
  C:\Windows\System\EUbmIxD.exe
  2⤵
  PID:7924
- C:\Windows\System\MRxVFeH.exe
  C:\Windows\System\MRxVFeH.exe
  2⤵
  PID:7940
- C:\Windows\System\FSHVRtR.exe
  C:\Windows\System\FSHVRtR.exe
  2⤵
  PID:7956
- C:\Windows\System\LeTMAdt.exe
  C:\Windows\System\LeTMAdt.exe
  2⤵
  PID:7972
- C:\Windows\System\tfAaYEe.exe
  C:\Windows\System\tfAaYEe.exe
  2⤵
  PID:7988
- C:\Windows\System\TljYvGY.exe
  C:\Windows\System\TljYvGY.exe
  2⤵
  PID:8004
- C:\Windows\System\eefKaqr.exe
  C:\Windows\System\eefKaqr.exe
  2⤵
  PID:8020
- C:\Windows\System\uyRBQae.exe
  C:\Windows\System\uyRBQae.exe
  2⤵
  PID:8036
- C:\Windows\System\ljkYJOC.exe
  C:\Windows\System\ljkYJOC.exe
  2⤵
  PID:8052
- C:\Windows\System\IuvPjUM.exe
  C:\Windows\System\IuvPjUM.exe
  2⤵
  PID:8068
- C:\Windows\System\rdBVqdS.exe
  C:\Windows\System\rdBVqdS.exe
  2⤵
  PID:8084
- C:\Windows\System\yEtiEOj.exe
  C:\Windows\System\yEtiEOj.exe
  2⤵
  PID:8100
- C:\Windows\System\shgLPEA.exe
  C:\Windows\System\shgLPEA.exe
  2⤵
  PID:8116
- C:\Windows\System\KXoACqo.exe
  C:\Windows\System\KXoACqo.exe
  2⤵
  PID:8136
- C:\Windows\System\nWRbtBC.exe
  C:\Windows\System\nWRbtBC.exe
  2⤵
  PID:8152
- C:\Windows\System\xqtMNFV.exe
  C:\Windows\System\xqtMNFV.exe
  2⤵
  PID:8168
- C:\Windows\System\bKeCaXw.exe
  C:\Windows\System\bKeCaXw.exe
  2⤵
  PID:8184
- C:\Windows\System\MvQIyci.exe
  C:\Windows\System\MvQIyci.exe
  2⤵
  PID:7192
- C:\Windows\System\huFGDoK.exe
  C:\Windows\System\huFGDoK.exe
  2⤵
  PID:7260
- C:\Windows\System\apYCRee.exe
  C:\Windows\System\apYCRee.exe
  2⤵
  PID:7352
- C:\Windows\System\iEeeNAz.exe
  C:\Windows\System\iEeeNAz.exe
  2⤵
  PID:7252
- C:\Windows\System\giIlzdH.exe
  C:\Windows\System\giIlzdH.exe
  2⤵
  PID:6276
- C:\Windows\System\ifnLChE.exe
  C:\Windows\System\ifnLChE.exe
  2⤵
  PID:7272
- C:\Windows\System\nmeKTrd.exe
  C:\Windows\System\nmeKTrd.exe
  2⤵
  PID:7340
- C:\Windows\System\hIAlBSN.exe
  C:\Windows\System\hIAlBSN.exe
  2⤵
  PID:7176
- C:\Windows\System\JkOdEUJ.exe
  C:\Windows\System\JkOdEUJ.exe
  2⤵
  PID:7400
- C:\Windows\System\FXmoMOv.exe
  C:\Windows\System\FXmoMOv.exe
  2⤵
  PID:7356
- C:\Windows\System\mHlQTPD.exe
  C:\Windows\System\mHlQTPD.exe
  2⤵
  PID:7464
- C:\Windows\System\DNuISCk.exe
  C:\Windows\System\DNuISCk.exe
  2⤵
  PID:7452
- C:\Windows\System\WCbdBst.exe
  C:\Windows\System\WCbdBst.exe
  2⤵
  PID:7500
- C:\Windows\System\gYfeRIz.exe
  C:\Windows\System\gYfeRIz.exe
  2⤵
  PID:7564
- C:\Windows\System\IMHNVUS.exe
  C:\Windows\System\IMHNVUS.exe
  2⤵
  PID:7624
- C:\Windows\System\VwuMpTI.exe
  C:\Windows\System\VwuMpTI.exe
  2⤵
  PID:7576
- C:\Windows\System\ogtUpmA.exe
  C:\Windows\System\ogtUpmA.exe
  2⤵
  PID:7660
- C:\Windows\System\TuxTYaq.exe
  C:\Windows\System\TuxTYaq.exe
  2⤵
  PID:7676
- C:\Windows\System\NAwbZNx.exe
  C:\Windows\System\NAwbZNx.exe
  2⤵
  PID:7712
- C:\Windows\System\cHzlvnj.exe
  C:\Windows\System\cHzlvnj.exe
  2⤵
  PID:7760
- C:\Windows\System\OSPHHCS.exe
  C:\Windows\System\OSPHHCS.exe
  2⤵
  PID:7824
- C:\Windows\System\zjDWPzq.exe
  C:\Windows\System\zjDWPzq.exe
  2⤵
  PID:7888
- C:\Windows\System\VzzIsME.exe
  C:\Windows\System\VzzIsME.exe
  2⤵
  PID:7840
- C:\Windows\System\srIkGwo.exe
  C:\Windows\System\srIkGwo.exe
  2⤵
  PID:7904
- C:\Windows\System\AACFfFy.exe
  C:\Windows\System\AACFfFy.exe
  2⤵
  PID:7772
- C:\Windows\System\RNHGavZ.exe
  C:\Windows\System\RNHGavZ.exe
  2⤵
  PID:7936
- C:\Windows\System\KXnZWfU.exe
  C:\Windows\System\KXnZWfU.exe
  2⤵
  PID:7984
- C:\Windows\System\wTXjLYi.exe
  C:\Windows\System\wTXjLYi.exe
  2⤵
  PID:8076
- C:\Windows\System\uAYlPWN.exe
  C:\Windows\System\uAYlPWN.exe
  2⤵
  PID:7968
- C:\Windows\System\qMHCbYo.exe
  C:\Windows\System\qMHCbYo.exe
  2⤵
  PID:8000
- C:\Windows\System\CIYaDtm.exe
  C:\Windows\System\CIYaDtm.exe
  2⤵
  PID:8132
- C:\Windows\System\tzVflFV.exe
  C:\Windows\System\tzVflFV.exe
  2⤵
  PID:8096
- C:\Windows\System\wUJmejk.exe
  C:\Windows\System\wUJmejk.exe
  2⤵
  PID:8164
- C:\Windows\System\AcCzMmm.exe
  C:\Windows\System\AcCzMmm.exe
  2⤵
  PID:7224
- C:\Windows\System\VTOAEWj.exe
  C:\Windows\System\VTOAEWj.exe
  2⤵
  PID:6876
- C:\Windows\System\ZQscici.exe
  C:\Windows\System\ZQscici.exe
  2⤵
  PID:7336
- C:\Windows\System\gLRwlGl.exe
  C:\Windows\System\gLRwlGl.exe
  2⤵
  PID:5448
- C:\Windows\System\YqZMKRJ.exe
  C:\Windows\System\YqZMKRJ.exe
  2⤵
  PID:7308
- C:\Windows\System\SmvIqnt.exe
  C:\Windows\System\SmvIqnt.exe
  2⤵
  PID:7372
- C:\Windows\System\pCNfEDj.exe
  C:\Windows\System\pCNfEDj.exe
  2⤵
  PID:7436
- C:\Windows\System\xbvwwGc.exe
  C:\Windows\System\xbvwwGc.exe
  2⤵
  PID:7560
- C:\Windows\System\wKTmyMU.exe
  C:\Windows\System\wKTmyMU.exe
  2⤵
  PID:7644
- C:\Windows\System\rPEjTxd.exe
  C:\Windows\System\rPEjTxd.exe
  2⤵
  PID:7592
- C:\Windows\System\lMlKznW.exe
  C:\Windows\System\lMlKznW.exe
  2⤵
  PID:7692
- C:\Windows\System\JkvnSJx.exe
  C:\Windows\System\JkvnSJx.exe
  2⤵
  PID:7708
- C:\Windows\System\GgdhPhc.exe
  C:\Windows\System\GgdhPhc.exe
  2⤵
  PID:7872
- C:\Windows\System\XrPSbJq.exe
  C:\Windows\System\XrPSbJq.exe
  2⤵
  PID:7744
- C:\Windows\System\kmSWlym.exe
  C:\Windows\System\kmSWlym.exe
  2⤵
  PID:7996
- C:\Windows\System\QJNPEgg.exe
  C:\Windows\System\QJNPEgg.exe
  2⤵
  PID:8176
- C:\Windows\System\aUNyHla.exe
  C:\Windows\System\aUNyHla.exe
  2⤵
  PID:7292
- C:\Windows\System\UhnXPjq.exe
  C:\Windows\System\UhnXPjq.exe
  2⤵
  PID:7808
- C:\Windows\System\EyoPJaR.exe
  C:\Windows\System\EyoPJaR.exe
  2⤵
  PID:7836
- C:\Windows\System\cZrDRBp.exe
  C:\Windows\System\cZrDRBp.exe
  2⤵
  PID:8060
- C:\Windows\System\qTBcRfj.exe
  C:\Windows\System\qTBcRfj.exe
  2⤵
  PID:7240
- C:\Windows\System\RsxBThc.exe
  C:\Windows\System\RsxBThc.exe
  2⤵
  PID:8144
- C:\Windows\System\ZViSLQn.exe
  C:\Windows\System\ZViSLQn.exe
  2⤵
  PID:7112
- C:\Windows\System\wBOEOOk.exe
  C:\Windows\System\wBOEOOk.exe
  2⤵
  PID:7416
- C:\Windows\System\Tqmsdbe.exe
  C:\Windows\System\Tqmsdbe.exe
  2⤵
  PID:7468
- C:\Windows\System\Hnaznlk.exe
  C:\Windows\System\Hnaznlk.exe
  2⤵
  PID:7820
- C:\Windows\System\CQjEcDV.exe
  C:\Windows\System\CQjEcDV.exe
  2⤵
  PID:7920
- C:\Windows\System\PAdNdLK.exe
  C:\Windows\System\PAdNdLK.exe
  2⤵
  PID:7932
- C:\Windows\System\rBAplhj.exe
  C:\Windows\System\rBAplhj.exe
  2⤵
  PID:7804
- C:\Windows\System\KXHZXSw.exe
  C:\Windows\System\KXHZXSw.exe
  2⤵
  PID:7420
- C:\Windows\System\FywTdXt.exe
  C:\Windows\System\FywTdXt.exe
  2⤵
  PID:7884
- C:\Windows\System\NxAvztG.exe
  C:\Windows\System\NxAvztG.exe
  2⤵
  PID:8112
- C:\Windows\System\KmHgbFO.exe
  C:\Windows\System\KmHgbFO.exe
  2⤵
  PID:8204
- C:\Windows\System\sVkNymK.exe
  C:\Windows\System\sVkNymK.exe
  2⤵
  PID:8220
- C:\Windows\System\iOoFDiH.exe
  C:\Windows\System\iOoFDiH.exe
  2⤵
  PID:8240
- C:\Windows\System\hWYHDhP.exe
  C:\Windows\System\hWYHDhP.exe
  2⤵
  PID:8256
- C:\Windows\System\wuPSRFd.exe
  C:\Windows\System\wuPSRFd.exe
  2⤵
  PID:8272
- C:\Windows\System\IOGWpQu.exe
  C:\Windows\System\IOGWpQu.exe
  2⤵
  PID:8288
- C:\Windows\System\AplFOUz.exe
  C:\Windows\System\AplFOUz.exe
  2⤵
  PID:8304
- C:\Windows\System\rqTcqBQ.exe
  C:\Windows\System\rqTcqBQ.exe
  2⤵
  PID:8320
- C:\Windows\System\YUZrEed.exe
  C:\Windows\System\YUZrEed.exe
  2⤵
  PID:8336
- C:\Windows\System\HmfIpDA.exe
  C:\Windows\System\HmfIpDA.exe
  2⤵
  PID:8352
- C:\Windows\System\LMUdlWj.exe
  C:\Windows\System\LMUdlWj.exe
  2⤵
  PID:8368
- C:\Windows\System\jDaOIxT.exe
  C:\Windows\System\jDaOIxT.exe
  2⤵
  PID:8384
- C:\Windows\System\QYrrEaY.exe
  C:\Windows\System\QYrrEaY.exe
  2⤵
  PID:8400
- C:\Windows\System\HddCZin.exe
  C:\Windows\System\HddCZin.exe
  2⤵
  PID:8416
- C:\Windows\System\gAEEhHz.exe
  C:\Windows\System\gAEEhHz.exe
  2⤵
  PID:8432
- C:\Windows\System\UXtnUkG.exe
  C:\Windows\System\UXtnUkG.exe
  2⤵
  PID:8448
- C:\Windows\System\aZFfBXy.exe
  C:\Windows\System\aZFfBXy.exe
  2⤵
  PID:8464
- C:\Windows\System\CHoklUL.exe
  C:\Windows\System\CHoklUL.exe
  2⤵
  PID:8480
- C:\Windows\System\oXqaDzp.exe
  C:\Windows\System\oXqaDzp.exe
  2⤵
  PID:8496
- C:\Windows\System\QEtSwIS.exe
  C:\Windows\System\QEtSwIS.exe
  2⤵
  PID:8512
- C:\Windows\System\xGXcFvS.exe
  C:\Windows\System\xGXcFvS.exe
  2⤵
  PID:8528
- C:\Windows\System\RbpfmZE.exe
  C:\Windows\System\RbpfmZE.exe
  2⤵
  PID:8544
- C:\Windows\System\cNGEJHL.exe
  C:\Windows\System\cNGEJHL.exe
  2⤵
  PID:8560
- C:\Windows\System\ogXoYFQ.exe
  C:\Windows\System\ogXoYFQ.exe
  2⤵
  PID:8576
- C:\Windows\System\ttAPdSZ.exe
  C:\Windows\System\ttAPdSZ.exe
  2⤵
  PID:8592
- C:\Windows\System\YkTeIxl.exe
  C:\Windows\System\YkTeIxl.exe
  2⤵
  PID:8608
- C:\Windows\System\cpZFxuI.exe
  C:\Windows\System\cpZFxuI.exe
  2⤵
  PID:8624
- C:\Windows\System\XQWdDoV.exe
  C:\Windows\System\XQWdDoV.exe
  2⤵
  PID:8640
- C:\Windows\System\iviynxW.exe
  C:\Windows\System\iviynxW.exe
  2⤵
  PID:8656
- C:\Windows\System\tvSlaOB.exe
  C:\Windows\System\tvSlaOB.exe
  2⤵
  PID:8672
- C:\Windows\System\hwKMSgN.exe
  C:\Windows\System\hwKMSgN.exe
  2⤵
  PID:8688
- C:\Windows\System\UZpPcUR.exe
  C:\Windows\System\UZpPcUR.exe
  2⤵
  PID:8704
- C:\Windows\System\acKYvpM.exe
  C:\Windows\System\acKYvpM.exe
  2⤵
  PID:8720
- C:\Windows\System\PqTpDKB.exe
  C:\Windows\System\PqTpDKB.exe
  2⤵
  PID:8736
- C:\Windows\System\ibsrVYw.exe
  C:\Windows\System\ibsrVYw.exe
  2⤵
  PID:8752
- C:\Windows\System\Xtorhpo.exe
  C:\Windows\System\Xtorhpo.exe
  2⤵
  PID:8768
- C:\Windows\System\deDXkXt.exe
  C:\Windows\System\deDXkXt.exe
  2⤵
  PID:8784
- C:\Windows\System\tXdYZCI.exe
  C:\Windows\System\tXdYZCI.exe
  2⤵
  PID:8800
- C:\Windows\System\AXWxVuD.exe
  C:\Windows\System\AXWxVuD.exe
  2⤵
  PID:8820
- C:\Windows\System\DGxfltq.exe
  C:\Windows\System\DGxfltq.exe
  2⤵
  PID:8836
- C:\Windows\System\mOSzKXq.exe
  C:\Windows\System\mOSzKXq.exe
  2⤵
  PID:8852
- C:\Windows\System\CkgEYQh.exe
  C:\Windows\System\CkgEYQh.exe
  2⤵
  PID:8868
- C:\Windows\System\EWjUxud.exe
  C:\Windows\System\EWjUxud.exe
  2⤵
  PID:8884
- C:\Windows\System\fBXjuUd.exe
  C:\Windows\System\fBXjuUd.exe
  2⤵
  PID:8900
- C:\Windows\System\LshJPzm.exe
  C:\Windows\System\LshJPzm.exe
  2⤵
  PID:8916
- C:\Windows\System\BqgBCzI.exe
  C:\Windows\System\BqgBCzI.exe
  2⤵
  PID:8932
- C:\Windows\System\UfLmJqR.exe
  C:\Windows\System\UfLmJqR.exe
  2⤵
  PID:8948
- C:\Windows\System\fCELmCC.exe
  C:\Windows\System\fCELmCC.exe
  2⤵
  PID:8964
- C:\Windows\System\WYiiWwZ.exe
  C:\Windows\System\WYiiWwZ.exe
  2⤵
  PID:8980
- C:\Windows\System\KjQHnjx.exe
  C:\Windows\System\KjQHnjx.exe
  2⤵
  PID:8996
- C:\Windows\System\UykKzbh.exe
  C:\Windows\System\UykKzbh.exe
  2⤵
  PID:9012
- C:\Windows\System\cFbHpyh.exe
  C:\Windows\System\cFbHpyh.exe
  2⤵
  PID:9028
- C:\Windows\System\nEEOSrC.exe
  C:\Windows\System\nEEOSrC.exe
  2⤵
  PID:9044
- C:\Windows\System\RoxDnEU.exe
  C:\Windows\System\RoxDnEU.exe
  2⤵
  PID:9060
- C:\Windows\System\lLUsAxn.exe
  C:\Windows\System\lLUsAxn.exe
  2⤵
  PID:9076
- C:\Windows\System\tNwzhzg.exe
  C:\Windows\System\tNwzhzg.exe
  2⤵
  PID:9092
- C:\Windows\System\qZWGfKb.exe
  C:\Windows\System\qZWGfKb.exe
  2⤵
  PID:9108
- C:\Windows\System\baFBVul.exe
  C:\Windows\System\baFBVul.exe
  2⤵
  PID:9124
- C:\Windows\System\dFlQGZv.exe
  C:\Windows\System\dFlQGZv.exe
  2⤵
  PID:9140
- C:\Windows\System\DkETLlv.exe
  C:\Windows\System\DkETLlv.exe
  2⤵
  PID:9156
- C:\Windows\System\fEEvmrX.exe
  C:\Windows\System\fEEvmrX.exe
  2⤵
  PID:9172
- C:\Windows\System\gVJGeLN.exe
  C:\Windows\System\gVJGeLN.exe
  2⤵
  PID:9188
- C:\Windows\System\wJvstZs.exe
  C:\Windows\System\wJvstZs.exe
  2⤵
  PID:9204
- C:\Windows\System\gFsltSP.exe
  C:\Windows\System\gFsltSP.exe
  2⤵
  PID:7964
- C:\Windows\System\dXLIPKk.exe
  C:\Windows\System\dXLIPKk.exe
  2⤵
  PID:7516
- C:\Windows\System\CYiNvnC.exe
  C:\Windows\System\CYiNvnC.exe
  2⤵
  PID:8216
- C:\Windows\System\QhqQtzf.exe
  C:\Windows\System\QhqQtzf.exe
  2⤵
  PID:8212
- C:\Windows\System\qNhqujd.exe
  C:\Windows\System\qNhqujd.exe
  2⤵
  PID:8200
- C:\Windows\System\jEEJnrJ.exe
  C:\Windows\System\jEEJnrJ.exe
  2⤵
  PID:8284
- C:\Windows\System\wkCSmRf.exe
  C:\Windows\System\wkCSmRf.exe
  2⤵
  PID:8332
- C:\Windows\System\PCnJUox.exe
  C:\Windows\System\PCnJUox.exe
  2⤵
  PID:8396
- C:\Windows\System\mmTlhWB.exe
  C:\Windows\System\mmTlhWB.exe
  2⤵
  PID:8428
- C:\Windows\System\yUcFfNP.exe
  C:\Windows\System\yUcFfNP.exe
  2⤵
  PID:8376
- C:\Windows\System\kxlmhQj.exe
  C:\Windows\System\kxlmhQj.exe
  2⤵
  PID:8344
- C:\Windows\System\QRFsDle.exe
  C:\Windows\System\QRFsDle.exe
  2⤵
  PID:8492
- C:\Windows\System\YxaJBlk.exe
  C:\Windows\System\YxaJBlk.exe
  2⤵
  PID:8552
- C:\Windows\System\lQgKZVT.exe
  C:\Windows\System\lQgKZVT.exe
  2⤵
  PID:8616
- C:\Windows\System\gvtaAAZ.exe
  C:\Windows\System\gvtaAAZ.exe
  2⤵
  PID:8504
- C:\Windows\System\GPXQQVG.exe
  C:\Windows\System\GPXQQVG.exe
  2⤵
  PID:8600
- C:\Windows\System\iHLcmyg.exe
  C:\Windows\System\iHLcmyg.exe
  2⤵
  PID:8540
- C:\Windows\System\ulkGZYQ.exe
  C:\Windows\System\ulkGZYQ.exe
  2⤵
  PID:8636
- C:\Windows\System\fNJumxg.exe
  C:\Windows\System\fNJumxg.exe
  2⤵
  PID:8716
- C:\Windows\System\yczdLqk.exe
  C:\Windows\System\yczdLqk.exe
  2⤵
  PID:8780
- C:\Windows\System\ztJyAcW.exe
  C:\Windows\System\ztJyAcW.exe
  2⤵
  PID:8700
- C:\Windows\System\wtAqdpl.exe
  C:\Windows\System\wtAqdpl.exe
  2⤵
  PID:8732
- C:\Windows\System\yzqRHmO.exe
  C:\Windows\System\yzqRHmO.exe
  2⤵
  PID:8876
- C:\Windows\System\wLBBzQs.exe
  C:\Windows\System\wLBBzQs.exe
  2⤵
  PID:8912
- C:\Windows\System\vZDXZoz.exe
  C:\Windows\System\vZDXZoz.exe
  2⤵
  PID:8828
- C:\Windows\System\KmsSMMT.exe
  C:\Windows\System\KmsSMMT.exe
  2⤵
  PID:8976
- C:\Windows\System\XRchZRt.exe
  C:\Windows\System\XRchZRt.exe
  2⤵
  PID:9008
- C:\Windows\System\vlvKGcm.exe
  C:\Windows\System\vlvKGcm.exe
  2⤵
  PID:8924
- C:\Windows\System\bABNBPI.exe
  C:\Windows\System\bABNBPI.exe
  2⤵
  PID:9068
- C:\Windows\System\yyfCmnQ.exe
  C:\Windows\System\yyfCmnQ.exe
  2⤵
  PID:9104
- C:\Windows\System\nAkfBXH.exe
  C:\Windows\System\nAkfBXH.exe
  2⤵
  PID:9164
- C:\Windows\System\uVDSFxQ.exe
  C:\Windows\System\uVDSFxQ.exe
  2⤵
  PID:9196
- C:\Windows\System\CUJaqhO.exe
  C:\Windows\System\CUJaqhO.exe
  2⤵
  PID:9088
- C:\Windows\System\iiYXFkM.exe
  C:\Windows\System\iiYXFkM.exe
  2⤵
  PID:9184
- C:\Windows\System\FCmrskl.exe
  C:\Windows\System\FCmrskl.exe
  2⤵
  PID:8196
- C:\Windows\System\hEHYZnv.exe
  C:\Windows\System\hEHYZnv.exe
  2⤵
  PID:8268
- C:\Windows\System\tSjaTWy.exe
  C:\Windows\System\tSjaTWy.exe
  2⤵
  PID:8328
- C:\Windows\System\KrLbFYp.exe
  C:\Windows\System\KrLbFYp.exe
  2⤵
  PID:8460
- C:\Windows\System\mxRntxk.exe
  C:\Windows\System\mxRntxk.exe
  2⤵
  PID:7980
- C:\Windows\System\fckYRSq.exe
  C:\Windows\System\fckYRSq.exe
  2⤵
  PID:8444
- C:\Windows\System\bbHHGch.exe
  C:\Windows\System\bbHHGch.exe
  2⤵
  PID:8632
- C:\Windows\System\mMtxVmV.exe
  C:\Windows\System\mMtxVmV.exe
  2⤵
  PID:8728
- C:\Windows\System\lpmhbEY.exe
  C:\Windows\System\lpmhbEY.exe
  2⤵
  PID:8472
- C:\Windows\System\IqkBEVl.exe
  C:\Windows\System\IqkBEVl.exe
  2⤵
  PID:8760
- C:\Windows\System\oWnkYEz.exe
  C:\Windows\System\oWnkYEz.exe
  2⤵
  PID:8816
- C:\Windows\System\ksPSFfr.exe
  C:\Windows\System\ksPSFfr.exe
  2⤵
  PID:8476
- C:\Windows\System\JUcuadu.exe
  C:\Windows\System\JUcuadu.exe
  2⤵
  PID:8684
- C:\Windows\System\ZUFrvjq.exe
  C:\Windows\System\ZUFrvjq.exe
  2⤵
  PID:9040
- C:\Windows\System\UZWSZnd.exe
  C:\Windows\System\UZWSZnd.exe
  2⤵
  PID:9168
- C:\Windows\System\TdGEYvS.exe
  C:\Windows\System\TdGEYvS.exe
  2⤵
  PID:9056
- C:\Windows\System\nVtTeNE.exe
  C:\Windows\System\nVtTeNE.exe
  2⤵
  PID:7320
- C:\Windows\System\HojBBEy.exe
  C:\Windows\System\HojBBEy.exe
  2⤵
  PID:8300
- C:\Windows\System\dkREEpQ.exe
  C:\Windows\System\dkREEpQ.exe
  2⤵
  PID:8572
- C:\Windows\System\wIvpyDZ.exe
  C:\Windows\System\wIvpyDZ.exe
  2⤵
  PID:8896
- C:\Windows\System\sNgVDnc.exe
  C:\Windows\System\sNgVDnc.exe
  2⤵
  PID:9120
- C:\Windows\System\eVYPHyS.exe
  C:\Windows\System\eVYPHyS.exe
  2⤵
  PID:7672
- C:\Windows\System\hTSsYvB.exe
  C:\Windows\System\hTSsYvB.exe
  2⤵
  PID:8536
- C:\Windows\System\jxxbiwm.exe
  C:\Windows\System\jxxbiwm.exe
  2⤵
  PID:9020
- C:\Windows\System\oxkQpNZ.exe
  C:\Windows\System\oxkQpNZ.exe
  2⤵
  PID:8236
- C:\Windows\System\KkjqrzC.exe
  C:\Windows\System\KkjqrzC.exe
  2⤵
  PID:9052
- C:\Windows\System\fwziChD.exe
  C:\Windows\System\fwziChD.exe
  2⤵
  PID:8680
- C:\Windows\System\fGZKmKq.exe
  C:\Windows\System\fGZKmKq.exe
  2⤵
  PID:8648
- C:\Windows\System\tsypBIq.exe
  C:\Windows\System\tsypBIq.exe
  2⤵
  PID:9152
- C:\Windows\System\yovqnki.exe
  C:\Windows\System\yovqnki.exe
  2⤵
  PID:8928
- C:\Windows\System\ZLXmKDS.exe
  C:\Windows\System\ZLXmKDS.exe
  2⤵
  PID:9004
- C:\Windows\System\SCDKIzi.exe
  C:\Windows\System\SCDKIzi.exe
  2⤵
  PID:9180
- C:\Windows\System\VbdRRKM.exe
  C:\Windows\System\VbdRRKM.exe
  2⤵
  PID:8792
- C:\Windows\System\xXqEbkN.exe
  C:\Windows\System\xXqEbkN.exe
  2⤵
  PID:9392
- C:\Windows\System\CxDWjqj.exe
  C:\Windows\System\CxDWjqj.exe
  2⤵
  PID:9432
- C:\Windows\System\mSKFLqM.exe
  C:\Windows\System\mSKFLqM.exe
  2⤵
  PID:9536
- C:\Windows\System\DPkEYJa.exe
  C:\Windows\System\DPkEYJa.exe
  2⤵
  PID:9896
- C:\Windows\System\LOOHYNO.exe
  C:\Windows\System\LOOHYNO.exe
  2⤵
  PID:9916
- C:\Windows\System\HsytEza.exe
  C:\Windows\System\HsytEza.exe
  2⤵
  PID:9944
- C:\Windows\System\tYHdPYv.exe
  C:\Windows\System\tYHdPYv.exe
  2⤵
  PID:9960
- C:\Windows\System\hsBnzLO.exe
  C:\Windows\System\hsBnzLO.exe
  2⤵
  PID:9976
- C:\Windows\System\kIqCazC.exe
  C:\Windows\System\kIqCazC.exe
  2⤵
  PID:10000
- C:\Windows\System\eNqgvmA.exe
  C:\Windows\System\eNqgvmA.exe
  2⤵
  PID:10016
- C:\Windows\System\evjBwNC.exe
  C:\Windows\System\evjBwNC.exe
  2⤵
  PID:10032
- C:\Windows\System\vvhsYlM.exe
  C:\Windows\System\vvhsYlM.exe
  2⤵
  PID:10048
- C:\Windows\System\FSMZNxz.exe
  C:\Windows\System\FSMZNxz.exe
  2⤵
  PID:10064
- C:\Windows\System\hxNRVTY.exe
  C:\Windows\System\hxNRVTY.exe
  2⤵
  PID:10080
- C:\Windows\System\ZItzawL.exe
  C:\Windows\System\ZItzawL.exe
  2⤵
  PID:10096
- C:\Windows\System\YHQpeXg.exe
  C:\Windows\System\YHQpeXg.exe
  2⤵
  PID:10112
- C:\Windows\System\hHveGps.exe
  C:\Windows\System\hHveGps.exe
  2⤵
  PID:10128
- C:\Windows\System\aCZndWc.exe
  C:\Windows\System\aCZndWc.exe
  2⤵
  PID:10144
- C:\Windows\System\HjSqMhO.exe
  C:\Windows\System\HjSqMhO.exe
  2⤵
  PID:10160
- C:\Windows\System\SqWyBSp.exe
  C:\Windows\System\SqWyBSp.exe
  2⤵
  PID:9428
- C:\Windows\System\lFVnzfw.exe
  C:\Windows\System\lFVnzfw.exe
  2⤵
  PID:9492
- C:\Windows\System\sAljiCn.exe
  C:\Windows\System\sAljiCn.exe
  2⤵
  PID:9644
- C:\Windows\System\qxSgbKm.exe
  C:\Windows\System\qxSgbKm.exe
  2⤵
  PID:9680
- C:\Windows\System\OxeHcWo.exe
  C:\Windows\System\OxeHcWo.exe
  2⤵
  PID:9228
- C:\Windows\System\DGwukCK.exe
  C:\Windows\System\DGwukCK.exe
  2⤵
  PID:9708
- C:\Windows\System\UsFCxfV.exe
  C:\Windows\System\UsFCxfV.exe
  2⤵
  PID:9736
- C:\Windows\System\WQtrPrQ.exe
  C:\Windows\System\WQtrPrQ.exe
  2⤵
  PID:9764
- C:\Windows\System\euYjkjt.exe
  C:\Windows\System\euYjkjt.exe
  2⤵
  PID:9772
- C:\Windows\System\eSawjfy.exe
  C:\Windows\System\eSawjfy.exe
  2⤵
  PID:9804
- C:\Windows\System\qgLUrVN.exe
  C:\Windows\System\qgLUrVN.exe
  2⤵
  PID:9796
- C:\Windows\System\pyRBUTh.exe
  C:\Windows\System\pyRBUTh.exe
  2⤵
  PID:9860
- C:\Windows\System\oEBKAQR.exe
  C:\Windows\System\oEBKAQR.exe
  2⤵
  PID:9856
- C:\Windows\System\XuxQJCf.exe
  C:\Windows\System\XuxQJCf.exe
  2⤵
  PID:9888
- C:\Windows\System\UvEKOMM.exe
  C:\Windows\System\UvEKOMM.exe
  2⤵
  PID:9908
- C:\Windows\System\XPfkYtn.exe
  C:\Windows\System\XPfkYtn.exe
  2⤵
  PID:9936
- C:\Windows\System\axmUJbN.exe
  C:\Windows\System\axmUJbN.exe
  2⤵
  PID:9956
- C:\Windows\System\KMkMmMg.exe
  C:\Windows\System\KMkMmMg.exe
  2⤵
  PID:9968
- C:\Windows\System\yBDrXqV.exe
  C:\Windows\System\yBDrXqV.exe
  2⤵
  PID:10092
- C:\Windows\System\tIWLxpB.exe
  C:\Windows\System\tIWLxpB.exe
  2⤵
  PID:10072
- C:\Windows\System\YhcAMqy.exe
  C:\Windows\System\YhcAMqy.exe
  2⤵
  PID:10108
- C:\Windows\System\nvTUqEe.exe
  C:\Windows\System\nvTUqEe.exe
  2⤵
  PID:10172
- C:\Windows\System\aDsxoKt.exe
  C:\Windows\System\aDsxoKt.exe
  2⤵
  PID:10196
- C:\Windows\System\FvefqAo.exe
  C:\Windows\System\FvefqAo.exe
  2⤵
  PID:10208
- C:\Windows\System\jCfSeax.exe
  C:\Windows\System\jCfSeax.exe
  2⤵
  PID:10224
- C:\Windows\System\FwoUXNH.exe
  C:\Windows\System\FwoUXNH.exe
  2⤵
  PID:8972
- C:\Windows\System\LuYEUQR.exe
  C:\Windows\System\LuYEUQR.exe
  2⤵
  PID:9244
- C:\Windows\System\jIRobJf.exe
  C:\Windows\System\jIRobJf.exe
  2⤵
  PID:9260
- C:\Windows\System\EToEnkt.exe
  C:\Windows\System\EToEnkt.exe
  2⤵
  PID:9276
- C:\Windows\System\EXkhbFg.exe
  C:\Windows\System\EXkhbFg.exe
  2⤵
  PID:9284
- C:\Windows\System\eTQpMeC.exe
  C:\Windows\System\eTQpMeC.exe
  2⤵
  PID:9332
- C:\Windows\System\pQEpTKK.exe
  C:\Windows\System\pQEpTKK.exe
  2⤵
  PID:9348
- C:\Windows\System\FtOkiJJ.exe
  C:\Windows\System\FtOkiJJ.exe
  2⤵
  PID:9368
- C:\Windows\System\qmljMmY.exe
  C:\Windows\System\qmljMmY.exe
  2⤵
  PID:9384
- C:\Windows\System\nTWwrII.exe
  C:\Windows\System\nTWwrII.exe
  2⤵
  PID:9388
- C:\Windows\System\lXYelxR.exe
  C:\Windows\System\lXYelxR.exe
  2⤵
  PID:9448
- C:\Windows\System\RjlnOVb.exe
  C:\Windows\System\RjlnOVb.exe
  2⤵
  PID:9552
- C:\Windows\System\qQfbJci.exe
  C:\Windows\System\qQfbJci.exe
  2⤵
  PID:9504
- C:\Windows\System\skAOvmT.exe
  C:\Windows\System\skAOvmT.exe
  2⤵
  PID:9532
- C:\Windows\System\rgzGgzY.exe
  C:\Windows\System\rgzGgzY.exe
  2⤵
  PID:9512
- C:\Windows\System\gBqKwst.exe
  C:\Windows\System\gBqKwst.exe
  2⤵
  PID:9476
- C:\Windows\System\ZOwFsBs.exe
  C:\Windows\System\ZOwFsBs.exe
  2⤵
  PID:9620
- C:\Windows\System\VGVJgTt.exe
  C:\Windows\System\VGVJgTt.exe
  2⤵
  PID:9632
- C:\Windows\System\eiusVbN.exe
  C:\Windows\System\eiusVbN.exe
  2⤵
  PID:9664
- C:\Windows\System\ndeKpnd.exe
  C:\Windows\System\ndeKpnd.exe
  2⤵
  PID:9684
- C:\Windows\System\fGWUoRD.exe
  C:\Windows\System\fGWUoRD.exe
  2⤵
  PID:9720
- C:\Windows\System\nHaayHE.exe
  C:\Windows\System\nHaayHE.exe
  2⤵
  PID:9724
- C:\Windows\System\NwxuZzi.exe
  C:\Windows\System\NwxuZzi.exe
  2⤵
  PID:9756
- C:\Windows\System\PvKUydJ.exe
  C:\Windows\System\PvKUydJ.exe
  2⤵
  PID:9836
- C:\Windows\System\yuupngC.exe
  C:\Windows\System\yuupngC.exe
  2⤵
  PID:9844
- C:\Windows\System\DbYcvbJ.exe
  C:\Windows\System\DbYcvbJ.exe
  2⤵
  PID:9884
- C:\Windows\System\CHMkHqg.exe
  C:\Windows\System\CHMkHqg.exe
  2⤵
  PID:9924
- C:\Windows\System\mqaevAH.exe
  C:\Windows\System\mqaevAH.exe
  2⤵
  PID:9996
- C:\Windows\System\CkxCdeI.exe
  C:\Windows\System\CkxCdeI.exe
  2⤵
  PID:10088
- C:\Windows\System\XWITwlj.exe
  C:\Windows\System\XWITwlj.exe
  2⤵
  PID:10104
- C:\Windows\System\XieBWDI.exe
  C:\Windows\System\XieBWDI.exe
  2⤵
  PID:10200
- C:\Windows\System\UlMiMPA.exe
  C:\Windows\System\UlMiMPA.exe
  2⤵
  PID:10184
- C:\Windows\System\bABHoaz.exe
  C:\Windows\System\bABHoaz.exe
  2⤵
  PID:9292
- C:\Windows\System\TMOUkUQ.exe
  C:\Windows\System\TMOUkUQ.exe
  2⤵
  PID:8584
- C:\Windows\System\mkWLbVi.exe
  C:\Windows\System\mkWLbVi.exe
  2⤵
  PID:9272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AKlDKeR.exe

Filesize
6.0MB

MD5
1379a6aeceaf268bdd943b34dd666954

SHA1
f460d1e376f7d99114d686a21f2dcbef5e073810

SHA256
dcb06bd598a17e6eec9875f7f79a127e522c78687984b367cad3ee5e33b2af03

SHA512
37e611370edda1ae8a180c3880c77025f1a42e8fa8d76c960a1919cce88c15f4ecf18894cbcbbeba0f1766e8b284224fbd58ade9c410d54d95c7f1b4631c52bf

Download Submit
C:\Windows\system\AicFNvD.exe

Filesize
6.0MB

MD5
3cd46e96b9b8a53cf655e23c227a8420

SHA1
d8b24a603989edb85929435a520e3d5fe7ebc1fa

SHA256
b8f42bc9d76aaad0cbc1ac6367732598f4f5550a6ec0294179ba991956733feb

SHA512
203ef485a27aa307c59798ddf67cd19bc7012996a9bbb68f44309dc384fb7c052f6faa28da964fabdc5c2b08f23717cbb000a599a348ee679342bf090c793005

Download Submit
C:\Windows\system\ChXjIVL.exe

Filesize
6.0MB

MD5
30acfde79d9ffaf80ec98cce49f220bd

SHA1
0c11b4db1a9503787ba99db91bf9d20c5f8a865f

SHA256
8c74681aec02dc4d1c22f2e7a9cf881d5264d1133187e0196769564b9ad6dfcd

SHA512
2ff0179a09a0436d881989fd5a76e628af1f30d31be17842eceb59f9e65ff9933161b4ea7b8c6db4a6b3fbaf660c258ce282d97a4d241769d88e18eafb3e0177

Download Submit
C:\Windows\system\DhatoIW.exe

Filesize
6.0MB

MD5
48136d19899003fba6621b09450c79a2

SHA1
86553380ea6ff8bb3a3ff6a415efed2cd627aa2f

SHA256
22db2419eba4db0e407d59a7660900040ff6e55bef06d9757f1a7205d746341a

SHA512
28e5052d12c758aa6e8134b9b228be5c08b55685e907e0e6188249154f51599b78490f1335a190eb38ba0c9d0f40968762a290361a7286cf275a0402a2784508

Download Submit
C:\Windows\system\GyMsrMR.exe

Filesize
6.0MB

MD5
1257b56984565643f362d625611f1c23

SHA1
3d3345cb59eefb6deee92c7289d0b2c5837ac65b

SHA256
bb901857f13bef6d38e918bef24b3a154059c1bcc7a516ba4cddc77d8d3ba113

SHA512
88b72dd01974c964b3bf5b305161ebb587fd0ad5ce03cd354a0d6b812661dbaaa2380facc4101f3ffdd8bc1a48d17403fd23853f8befd497cb37cdc0aa5cdf55

Download Submit
C:\Windows\system\JDPeNkQ.exe

Filesize
6.0MB

MD5
71a58db610e2f1d3963f61a5e51a7ce5

SHA1
9dc4098ad1a0952fb5850b7cdd7c23f16f06f9b0

SHA256
c14894101acdbe77d25612ac59ff292940535e1a9d4be591ef0b18fb9e4b8fad

SHA512
8526d9cf6406e231aac111a002d1f60a3291e126e7a15308b66249b4dd08e4993f30411cd36cea74e6bdf29c578047cd0269826a71837e5545ac3c5023027742

Download Submit
C:\Windows\system\KinCvTZ.exe

Filesize
6.0MB

MD5
893eca29120dd4d437994b69a67cf171

SHA1
3fc55f2715c37289929ac63eb5c929b52c3ad6b5

SHA256
19f3914ee92b6af453f91b9737900d4d8db2085076f9f7269e2bb473de0dfd1e

SHA512
15109807697ef9e400d3c01b63e86e482c8c4c21fdc2de92b4deb562dedaff914bd7e413939c4d71f25972aa207f8d590684d9305740ce5bd5105b51beebd791

Download Submit
C:\Windows\system\LAAdorX.exe

Filesize
6.0MB

MD5
e37d501cea0367674def870203fe5429

SHA1
d6c570b510cef81cf7ddc556f76846472f6a3d95

SHA256
f4bd10169c9226608c6f0bc3d5282205987e296459a2acf855e0d76a12e20847

SHA512
2c12be3c74d00161c8e116dd65f72457b49623ea35f633f19ba91e281fe9d4f43045af1452f3fb85bea2ebc666a7642d18c867943649743af533f01c26ff96b9

Download Submit
C:\Windows\system\WbxLJOs.exe

Filesize
6.0MB

MD5
acae5cc33fda54599f1b51bde0e1c379

SHA1
21a72b1d201cde9b34b3395edbe00c1eaa18ea29

SHA256
2524d57d9ce6f8988ebe473df4d10b9a45f9cb6182ff8839016793dbe68e7ed8

SHA512
0ae2321cef61254544987290c7a381f66666209ee445f1d1b51c3d009935b4b3da71d2a572f632ac02ce88311601b5abeeb51f9cabb784a42cf111a490b49acc

Download Submit
C:\Windows\system\ZFAfYZC.exe

Filesize
6.0MB

MD5
b6fcc7c1a715c9d5369ab7fd318027a1

SHA1
91ddc1d403218144ddfa3571b5de29484f607030

SHA256
37887a564046c468c5009bc393ee0854c68d2318bd78f1f83472e7fd9db390c9

SHA512
270ca6f6e688426930e615b43cbd3549b718fd789408170a20b880b7536e1f70af33e94b044309d6c93c0ecf5fe11448a62df7f518cefdfba653e566141ef81b

Download Submit
C:\Windows\system\ZQTPIvq.exe

Filesize
6.0MB

MD5
3025fdbd4d6e15eea629631adee48e71

SHA1
0a99bd0bd591aa7a8b602eec9c2f2c470d0e3cf0

SHA256
49b46d345b89f5ba7e194290ec9dd7d334173640a188777d989bba64970b5170

SHA512
7c866986fd1aff829e69578c9349569be0ec507fc1528b61260c4ad42d293ffaa1e83bb6aac9426c58b195682e9cbef8653d9afb228a09795afe1ce6b983612d

Download Submit
C:\Windows\system\bZBeVNm.exe

Filesize
6.0MB

MD5
f5a26644a1d4d309b2b3e4ebafe0f859

SHA1
7cd6d2ecae506be4450047e1dafa5f507d7a7b5d

SHA256
80866b145be252ca580695d863f69514f9b6981c9708406f499acec32e411513

SHA512
2af1247788f0c9ee3f553c9fab6b776a58d5a4502c23e11adcd867781d734f85bc6a11ed02a5c3f7db6de8da795018991250869c94c601db4e64706b0a635e5a

Download Submit
C:\Windows\system\dRKSlrg.exe

Filesize
6.0MB

MD5
feecacfb4e13d114166330b8b4a15bb1

SHA1
6143179b0165d953dc17148f9445dc0030c2d9a5

SHA256
7c51493eebf46455977b33bd54edcd1201d9821fb9644172c1595d81522f371c

SHA512
897dc5744ecb2eaa8c20a39d5d9f5c4a0d49e40a56128c1f1d872b31453ae26ab292acd796f15a93759f0c017375b389d39f6d86c8a05c2139ab520c49b2f024

Download Submit
C:\Windows\system\gsJUEFa.exe

Filesize
6.0MB

MD5
d31a1427773e5fe919493bf0999efb85

SHA1
23f13952f51666f274956f25ad619012169f9d88

SHA256
84739a5ccc9e259ffd8e5da4f85a62823666543d1b5f730fee7ee48c81c83fc3

SHA512
65495765f45686e025f9b7b010d1a8b5061b83892619816157aeb8a8b3b1cc81aceedf51c46d0dff4b08dba3753fb7dd85d406fe2862dbc4e1c020ff726a5e3d

Download Submit
C:\Windows\system\hNxHiSu.exe

Filesize
6.0MB

MD5
894adafeb7ccf7f83b9caa0920e23033

SHA1
50ee2f844a9332d13d66001bfa15d98a322d66ef

SHA256
c89713bbe06dcfc5faa8e7797dad43029dfb68379adc0695b70d246d25f35113

SHA512
fa6811811790d8ab04cb11458d1142eb92376dd03a6bc3add60c2b5652630af89528cdd727a965d833089c4fc2a8da9a3d6494f7640fb28aa852bcdd3e7406cc

Download Submit
C:\Windows\system\ilOmipS.exe

Filesize
6.0MB

MD5
a187c17373604d69b434cb88dfa90dad

SHA1
eb0c281a1642264abb92f4af3bf0d7124df1f4cf

SHA256
48f7382eb6b625ef805480176ea060fb95468bae4bc6986d905db06838e2ae5d

SHA512
d094173cf88413e4dd1514c9d74ef4825786e5c83fbc9e837e93f74d672703062eb80298d1be8df2dd6097e787d0db583714a02b57a1f18f8008dc057456328c

Download Submit
C:\Windows\system\jJloFPV.exe

Filesize
6.0MB

MD5
dbc5149556a359d6145a390394f2aab8

SHA1
bb84721b3ae8e86fba2ea4bfca2b896d03d4a2c2

SHA256
bf2e879faaecd975c0f0417a8647aecfbdfa0c33b5a41a5a338b03aed8a121dd

SHA512
5cc82be9b76acdf9ae6724e9399b4ed60d853ec359e87ad49e36bf6fee9f0007d50e501d4773f624ea8dd8806bd9a4aa23f9713334b5a37c44083b91b8242bd3

Download Submit
C:\Windows\system\margxyN.exe

Filesize
6.0MB

MD5
96932d1599e7311bf1fc1a237e0776f3

SHA1
8d3c24fd65ac83b9c93b7802dd4126aea2a3c3dd

SHA256
2358c3c867fb9e4c91b5990ab941024ef4a1ee65aa3e8c41053814c854af8c32

SHA512
c954c95428fe41e2ea187f3b385e6343d8a42c5d2bc13a0b54c153606c5ed1f0dd7b75ee0b8ec12022c1bc747f9b1f049c037aee8e97a83bc90fa56d857c7620

Download Submit
C:\Windows\system\opUbnkT.exe

Filesize
6.0MB

MD5
b77f46b351f908435a22f28f8da51ef6

SHA1
4a8d026d61decca6c7cb5284ad987a4155e500f6

SHA256
e747de7991365db630f3f8640bda600a1fed039a1e6a1a58f448b52b7c9ac3c9

SHA512
eab1a76b7513e20980db353d4b1f34581574d26886f677552df23bd4d51425b90cbeba8ef9b31b5f2ffa3e63503c365b097d121e7036f56ea70bb52f41746e47

Download Submit
C:\Windows\system\tQnQjaK.exe

Filesize
6.0MB

MD5
feb06e642929a04d746d3cd1d0d1a76a

SHA1
b7ec0020c8a3b54bd3458f5163f5e56fd387966b

SHA256
5ab53db5d9235a7bcde2bcab27bed4502520f197f741a32a6fdb3e8fadfa13a1

SHA512
56bf1134ec5d7a89666c3db6600738101a539af6047c1e85ddf705a81036694c1134e92d924001e2152563772e57d32d635cf57ef490450e0396d6e6192d7f36

Download Submit
C:\Windows\system\tsFkvxe.exe

Filesize
6.0MB

MD5
e4fcf008f9844465f88f090599b5be67

SHA1
6d572be4e8f9d4d32ad498fc07a0249d145dbf6b

SHA256
e6a4479dbd0a9e4f3fb9f0fce14f019063c494b4685d60eb0fa98ac9939ad945

SHA512
e2f1b60b068465aa0c588ed050de612e182b9f336d51ac65686bf1ecded0e544ed0e1d79d67dc79f32807027fcd7aa3575e79a5b6c421b945fb5e34fa3ea1efa

Download Submit
C:\Windows\system\wUnQXug.exe

Filesize
6.0MB

MD5
54a575e2b524a6aeb5c3bbcfdfc26d76

SHA1
7ab61a0c5c4e8932773ba7c1f19d6df91899f134

SHA256
ac05e37fbba1fcaef7639e6389bfa323c127e5d1ea3710b09c7fa2c6e8163aa4

SHA512
2c4938cdfd71d7cfb86619e11d8027e392ca92c663a1a35f0aceba9bbe1c8b09c25d512310ef7afee449ae383e8d2c79c659b1cde3e2c89f6f06c1dd91d0fb7f

Download Submit
C:\Windows\system\xwbwHmY.exe

Filesize
6.0MB

MD5
2fd6f2c72de2b34faaf88881695d0461

SHA1
4724ba22fb6c96b121eb11df6a39c2702266e1d1

SHA256
51a66bacf61676a560e99d6283a04aad6779f1f296354b94947ad1b75b595e92

SHA512
9d9cf2cd1ef7ab6a284aeecbb8281803a16b74e962f730ba5818c7412412fc85f6f1a3d14dd2f4d4994ff1115827abd73f3edeeb2c2b1cbc64b88d535eb44363

Download Submit
\Windows\system\MHizdqB.exe

Filesize
6.0MB

MD5
9bf35de412b87caf58e4ff2cb92e2c4e

SHA1
a1b0b62924bd8d0d7e7e47d80b5d5151be85ad5f

SHA256
ab591566a60558635f1838c6c5726fb498ce9273f4ca1b084bb30b22aaa391b3

SHA512
6ad9cfb4bcd05679a8aca6abad6d807e9ecb780dfac7ebbcfbeaf69435ae4b7c2f924556a8c2d2d9c645a4ef542ddd83644da46c539bcaf9e06a37bfb8a2b159

Download Submit
\Windows\system\OtuMrhW.exe

Filesize
6.0MB

MD5
041a405c98b30626dc3dd4b97b272faa

SHA1
73ddc6557390f70d30591eef3d6fcccb37b43e05

SHA256
6f9c6277d833a9713361574838b6fd72f6cd49f58ab230452ac88d2bf7616607

SHA512
82ffa73a1d90150725200b8c0defe996fe35c5e5c396178f55651126a8e24d4b478f77a61bb045ae62512b8f363fbd23f97aa5116bc75d769d2eb8ea51cb0ea5

Download Submit
\Windows\system\SAuhILR.exe

Filesize
6.0MB

MD5
fc040945cc9f38ade2c3a26c4a0e4042

SHA1
01443aeadd1a64b14fcaadb634d17e93a9a2cdec

SHA256
e2314c39d2ac1659fb1958596e53e28b963f327d41cc1f5af37c5ebfa75658b7

SHA512
dcd4522a0846b8787ce9c9639488b140bc556e1a3eea14754089fe10252e7022880e8cd6978aab95fe3959875d7ec4c57cffd2fc782921d9452d54281210c141

Download Submit
\Windows\system\SHbVOIL.exe

Filesize
6.0MB

MD5
46f222b84104ac62055b69ef74d8bb7b

SHA1
553139a48c692345950a25cb7c124c5366bb7a94

SHA256
b4c86ce72de4299f95cb6cfb8e327c7d04948351be95f2cb8cdd3326f1fb4a6b

SHA512
34e99d9c52ed915f4ccd60d2354cb67a5a14d400aba1b62ed27f0d52b00a468ca45ff52e57713fc99df8ec4576f7011f1d7d19c3fa0e38edad3886765b7eec9e

Download Submit
\Windows\system\gguyTFu.exe

Filesize
6.0MB

MD5
db4618fda66e1ad67cf40787c5d01086

SHA1
04d71015b5a90dfd9df9d8d077865a08d1cbc7c2

SHA256
4a36238c8626d11c999346f513b66687abdbbc73fab0ae3c95638d63d4414c0b

SHA512
e5cc3d92131d7678d79b019069ebbd79ab12321b57b0f925f8e94ae45e42fd4ef469424d5022bcf13824ea29f5645376db24a9ab01e2a06cd4a9779662557abe

Download Submit
\Windows\system\iRRtwbl.exe

Filesize
6.0MB

MD5
4b9c7603d018be57d0f7ecca15aa1d6d

SHA1
f40ac44ef567e90ee5bee05f83c682b7c52d6832

SHA256
4b6421d5af8db47b8a74caeff35b4e136a0ffbb30f958288a6ca6b906c462718

SHA512
f00a660d58043138115639f27bcdf0dbf6df1f029232c031c3d97fe017eb190670b7e41e56709997803450ae1409c7a1e03a539263f57e074a0451b7723c7a9c

Download Submit
\Windows\system\oxOxoVk.exe

Filesize
6.0MB

MD5
79fcd0858b605d94dba9fb4cacc8174c

SHA1
5d1a40a9196f685166bb45bb2d4e829bdea8a5e3

SHA256
57717caebb6f493cd7ee82b23b901a37218b58291051fe599d6dd26d809d834c

SHA512
69eb7fd10e6428d21e3ef6934f7f086962e43ae9f2f930f00aced1020c6d1731accb5c3c3e2d3826ad425309eaee06709b99310680e68e68abfc954bdc69f860

Download Submit
\Windows\system\qvKSIZm.exe

Filesize
6.0MB

MD5
df072050c382d180d7bad991577ba97b

SHA1
109212b980713c2a990e455c3f9644e62fcadb50

SHA256
178ec9d230d16155c189591f2e3329a0bae150efdd4df6f81f4036ebc685617b

SHA512
5894d27d020ee5ad857f0513db5faf85f0bfde63760d0458985fb0754fe594aa47c39af6546e75f57a471b9a5ac57584223bc57b71092f6e54d0b5791fe619f1

Download Submit
\Windows\system\yQeDtmI.exe

Filesize
6.0MB

MD5
4fdefd1294f6193568b9625bd148415b

SHA1
444935a8321a5b998678d6513d84df3ea0a67bc8

SHA256
bde90e1f8833bb3b2c4ad275740e7fddbf953ec15092d55eabc308d9da89a0a8

SHA512
2ea4fa79716a0e91f00483f98650badd8e97af0488102393e7f9ba9edf31f89ec9464b3ac6626b975ef02b898654d434f0794a10f75be36050cbfbb776889133

Download Submit
memory/108-62-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/108-12-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/108-3995-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/1268-109-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1268-4006-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1844-84-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1844-15-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1844-3996-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-3998-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2016-48-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2380-61-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2380-669-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-74-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2380-14-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-0-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2380-117-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-106-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2380-21-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-33-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2380-91-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-6-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2380-49-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-53-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2380-98-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-673-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-38-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2380-868-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2380-50-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-56-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2380-88-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-388-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4003-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2652-71-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4001-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-51-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4004-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2752-268-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2752-70-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2824-43-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3999-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2852-138-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4002-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2852-58-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2876-47-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4000-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2876-107-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2888-23-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3997-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-110-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-4007-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-108-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-4005-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download