cobaltstrike | ce8cbd120847392ffaeceeaf28897fc9ba1e9aec21d2174f63e69ce7545a7edb

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1976dbc5c41d6acc915d311135046d45
SHA1

8976cfe36f90f50d71c3187ceeacf46c90df7e20
SHA256

ce8cbd120847392ffaeceeaf28897fc9ba1e9aec21d2174f63e69ce7545a7edb
SHA512

d0247ef89af468373ae400d8f9d43c533e6e81dff28d50529cd7c67dccee07826974ed4f89fe094a6eff5ab4fb4e9952c5d3476eb4b0bc8ce8f623b14ca0c3de
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d18-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d21-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d31-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d42-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4a-40.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cec-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5e-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-67.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d68-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-131.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2528-0-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000016d18-11.dat	xmrig
behavioral1/memory/1576-15-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2380-14-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d21-10.dat	xmrig
behavioral1/memory/2712-23-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d31-27.dat	xmrig
behavioral1/memory/2528-26-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d42-33.dat	xmrig
behavioral1/files/0x0007000000016d4a-40.dat	xmrig
behavioral1/memory/2820-39-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2528-38-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cec-34.dat	xmrig
behavioral1/memory/2712-53-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2920-51-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2252-48-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2380-47-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d5e-54.dat	xmrig
behavioral1/memory/2840-59-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ea-67.dat	xmrig
behavioral1/memory/2616-65-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d68-64.dat	xmrig
behavioral1/memory/2748-61-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ee-77.dat	xmrig
behavioral1/memory/1852-86-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2920-81-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2692-80-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x00050000000186fd-87.dat	xmrig
behavioral1/memory/1124-94-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2840-90-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x0005000000018728-95.dat	xmrig
behavioral1/memory/1412-102-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2528-100-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
behavioral1/memory/2616-97-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x000500000001873d-103.dat	xmrig
behavioral1/memory/2232-107-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0005000000018784-108.dat	xmrig
behavioral1/files/0x000500000001878f-115.dat	xmrig
behavioral1/files/0x00050000000187a5-119.dat	xmrig
behavioral1/files/0x0006000000019023-126.dat	xmrig
behavioral1/files/0x0005000000019261-136.dat	xmrig
behavioral1/files/0x000500000001941e-169.dat	xmrig
behavioral1/files/0x0005000000019461-196.dat	xmrig
behavioral1/memory/1124-679-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x000500000001944f-191.dat	xmrig
behavioral1/files/0x0005000000019431-181.dat	xmrig
behavioral1/files/0x0005000000019441-186.dat	xmrig
behavioral1/files/0x0005000000019427-176.dat	xmrig
behavioral1/files/0x00050000000193e1-165.dat	xmrig
behavioral1/files/0x00050000000193c2-161.dat	xmrig
behavioral1/files/0x00050000000193b4-156.dat	xmrig
behavioral1/files/0x0005000000019350-151.dat	xmrig
behavioral1/files/0x0005000000019282-141.dat	xmrig
behavioral1/files/0x0005000000019334-146.dat	xmrig
behavioral1/files/0x000500000001925e-131.dat	xmrig
behavioral1/memory/2232-1197-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/1576-3553-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2380-3561-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2748-3778-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2252-3783-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2820-3798-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2712-3792-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2920-3803-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2380	lnpSBiH.exe
1576	BThFemC.exe
2712	vdpbncF.exe
2748	YbvIlPD.exe
2820	JGjynJr.exe
2252	CYApQHS.exe
2920	HOjpTwX.exe
2840	wKcrvMz.exe
2616	SQtUScV.exe
2692	UwGZwRr.exe
1852	VdMrLRx.exe
1124	lplDOoE.exe
1412	SjCPhgm.exe
2232	gjqELaD.exe
2004	JGijUat.exe
1708	pxHcPbY.exe
2856	CLVetCS.exe
3056	FmVAONo.exe
1648	HgDPNaM.exe
1704	VdyueNr.exe
1204	nnzaflT.exe
2112	VhJIJtC.exe
2416	elrKRGB.exe
1112	lWAkldk.exe
540	sRuJjsT.exe
2156	yqtVGcs.exe
1424	AANoTnk.exe
3016	XsvVNNH.exe
612	gPyKAIn.exe
1160	bHtoEnR.exe
3012	XdcaqpE.exe
876	BJwSeOl.exe
1320	TOKrYBd.exe
820	xIGRWxt.exe
300	lHioIwQ.exe
1248	JFekwWT.exe
992	nVdFcun.exe
1612	PtCiHeb.exe
868	idlYzfz.exe
952	mbZiPHl.exe
748	HGHdBcm.exe
2076	YNtoBsP.exe
2548	WfJFRRn.exe
2148	poHFfGg.exe
1920	JLPHyyg.exe
2084	oAxOdvr.exe
1592	phHYeoK.exe
2068	GboFhoV.exe
1448	BgMSyDK.exe
1768	MwwKlKs.exe
3008	EBsHGlN.exe
3032	oJNWkju.exe
1528	LKosjSY.exe
1520	XoKXOaN.exe
2804	SIFLXSP.exe
2760	gSStkPq.exe
2236	cJemrel.exe
2824	jaWGWyB.exe
1416	NELQTWR.exe
2768	COtKTOU.exe
2996	VcxsQIf.exe
2784	klkXxEP.exe
2696	wZQWOMe.exe
2868	AffKjCD.exe

Loads dropped DLL 64 IoCs

pid	Process
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2528-0-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0008000000016d18-11.dat	upx
behavioral1/memory/1576-15-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2380-14-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x0008000000016d21-10.dat	upx
behavioral1/memory/2712-23-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x0008000000016d31-27.dat	upx
behavioral1/memory/2528-26-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x0007000000016d42-33.dat	upx
behavioral1/files/0x0007000000016d4a-40.dat	upx
behavioral1/memory/2820-39-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2528-38-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0008000000016cec-34.dat	upx
behavioral1/memory/2712-53-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2920-51-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2252-48-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2380-47-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x0007000000016d5e-54.dat	upx
behavioral1/memory/2840-59-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x00050000000186ea-67.dat	upx
behavioral1/memory/2616-65-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0008000000016d68-64.dat	upx
behavioral1/memory/2748-61-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x00050000000186ee-77.dat	upx
behavioral1/memory/1852-86-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2920-81-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2692-80-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x00050000000186fd-87.dat	upx
behavioral1/memory/1124-94-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2840-90-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x0005000000018728-95.dat	upx
behavioral1/memory/1412-102-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2616-97-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x000500000001873d-103.dat	upx
behavioral1/memory/2232-107-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0005000000018784-108.dat	upx
behavioral1/files/0x000500000001878f-115.dat	upx
behavioral1/files/0x00050000000187a5-119.dat	upx
behavioral1/files/0x0006000000019023-126.dat	upx
behavioral1/files/0x0005000000019261-136.dat	upx
behavioral1/files/0x000500000001941e-169.dat	upx
behavioral1/files/0x0005000000019461-196.dat	upx
behavioral1/memory/1124-679-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x000500000001944f-191.dat	upx
behavioral1/files/0x0005000000019431-181.dat	upx
behavioral1/files/0x0005000000019441-186.dat	upx
behavioral1/files/0x0005000000019427-176.dat	upx
behavioral1/files/0x00050000000193e1-165.dat	upx
behavioral1/files/0x00050000000193c2-161.dat	upx
behavioral1/files/0x00050000000193b4-156.dat	upx
behavioral1/files/0x0005000000019350-151.dat	upx
behavioral1/files/0x0005000000019282-141.dat	upx
behavioral1/files/0x0005000000019334-146.dat	upx
behavioral1/files/0x000500000001925e-131.dat	upx
behavioral1/memory/2232-1197-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/1576-3553-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2380-3561-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2748-3778-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2252-3783-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2820-3798-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2712-3792-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2920-3803-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/1852-4045-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jeYMdZr.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REIgdRV.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OccWonP.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoXnKQQ.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhWsbmF.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXPMsjN.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEqvzEy.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdwAymH.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGLSzNl.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKjfAOG.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPYvCit.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbNEkSB.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVnlLRQ.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmVgiCf.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKfdlXe.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fnWGUkE.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehfRfoj.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SsniIob.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XICalnQ.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heTvAcA.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOaudev.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFNwjUK.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whTbNpu.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxHcPbY.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uEXesDB.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gljlCEY.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWLhKxB.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJHxVor.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdxHIsD.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZLFXlxm.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwGGbHx.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAHjXXu.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLXDvcd.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImeHCnF.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SsohJoG.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bkMvudq.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UclCUFK.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzGyoVj.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fooQfna.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LciJMiN.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQjSCnC.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OHpDJMD.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdHPozD.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjGdrhV.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHzcdNf.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cnPNZoU.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWuNhRG.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGHdBcm.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wRzLykH.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LeQOcpo.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiqwXgX.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsrezCP.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvVIVLJ.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGijUat.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZTHmMw.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcBuEdb.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZQWOMe.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFJpDTM.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pttEYoE.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsGYJSu.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdwllce.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WnCXUHw.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owSLpfw.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOzJoEh.exe	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2380	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2528 wrote to memory of 2380	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2528 wrote to memory of 2380	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2528 wrote to memory of 1576	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 1576	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 1576	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2528 wrote to memory of 2712	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 2712	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 2712	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2528 wrote to memory of 2748	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2748	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2748	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2528 wrote to memory of 2820	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2820	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2820	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2528 wrote to memory of 2252	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2252	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2252	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2528 wrote to memory of 2920	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2920	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2920	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2528 wrote to memory of 2840	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2840	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2840	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2528 wrote to memory of 2616	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2616	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2616	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2528 wrote to memory of 2692	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2692	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 2692	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2528 wrote to memory of 1852	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 1852	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 1852	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2528 wrote to memory of 1124	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 1124	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 1124	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2528 wrote to memory of 1412	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 1412	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 1412	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2528 wrote to memory of 2232	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 2232	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 2232	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2528 wrote to memory of 2004	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 2004	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 2004	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2528 wrote to memory of 1708	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 1708	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 1708	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2528 wrote to memory of 2856	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 2856	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 2856	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2528 wrote to memory of 3056	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 3056	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 3056	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2528 wrote to memory of 1648	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 1648	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 1648	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2528 wrote to memory of 1704	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 1704	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 1704	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2528 wrote to memory of 1204	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 1204	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 1204	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2528 wrote to memory of 2112	2528	2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_1976dbc5c41d6acc915d311135046d45_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\System\lnpSBiH.exe
  C:\Windows\System\lnpSBiH.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\BThFemC.exe
  C:\Windows\System\BThFemC.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\vdpbncF.exe
  C:\Windows\System\vdpbncF.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\YbvIlPD.exe
  C:\Windows\System\YbvIlPD.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\JGjynJr.exe
  C:\Windows\System\JGjynJr.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\CYApQHS.exe
  C:\Windows\System\CYApQHS.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\HOjpTwX.exe
  C:\Windows\System\HOjpTwX.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\wKcrvMz.exe
  C:\Windows\System\wKcrvMz.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\SQtUScV.exe
  C:\Windows\System\SQtUScV.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\UwGZwRr.exe
  C:\Windows\System\UwGZwRr.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\VdMrLRx.exe
  C:\Windows\System\VdMrLRx.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\lplDOoE.exe
  C:\Windows\System\lplDOoE.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\SjCPhgm.exe
  C:\Windows\System\SjCPhgm.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\gjqELaD.exe
  C:\Windows\System\gjqELaD.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\JGijUat.exe
  C:\Windows\System\JGijUat.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\pxHcPbY.exe
  C:\Windows\System\pxHcPbY.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\CLVetCS.exe
  C:\Windows\System\CLVetCS.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\FmVAONo.exe
  C:\Windows\System\FmVAONo.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\HgDPNaM.exe
  C:\Windows\System\HgDPNaM.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\VdyueNr.exe
  C:\Windows\System\VdyueNr.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\nnzaflT.exe
  C:\Windows\System\nnzaflT.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\VhJIJtC.exe
  C:\Windows\System\VhJIJtC.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\elrKRGB.exe
  C:\Windows\System\elrKRGB.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\lWAkldk.exe
  C:\Windows\System\lWAkldk.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\sRuJjsT.exe
  C:\Windows\System\sRuJjsT.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\yqtVGcs.exe
  C:\Windows\System\yqtVGcs.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\AANoTnk.exe
  C:\Windows\System\AANoTnk.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\XsvVNNH.exe
  C:\Windows\System\XsvVNNH.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\gPyKAIn.exe
  C:\Windows\System\gPyKAIn.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\bHtoEnR.exe
  C:\Windows\System\bHtoEnR.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\XdcaqpE.exe
  C:\Windows\System\XdcaqpE.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\BJwSeOl.exe
  C:\Windows\System\BJwSeOl.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\TOKrYBd.exe
  C:\Windows\System\TOKrYBd.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\xIGRWxt.exe
  C:\Windows\System\xIGRWxt.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\lHioIwQ.exe
  C:\Windows\System\lHioIwQ.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\JFekwWT.exe
  C:\Windows\System\JFekwWT.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\nVdFcun.exe
  C:\Windows\System\nVdFcun.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\PtCiHeb.exe
  C:\Windows\System\PtCiHeb.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\idlYzfz.exe
  C:\Windows\System\idlYzfz.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\mbZiPHl.exe
  C:\Windows\System\mbZiPHl.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\HGHdBcm.exe
  C:\Windows\System\HGHdBcm.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\YNtoBsP.exe
  C:\Windows\System\YNtoBsP.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\WfJFRRn.exe
  C:\Windows\System\WfJFRRn.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\poHFfGg.exe
  C:\Windows\System\poHFfGg.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\JLPHyyg.exe
  C:\Windows\System\JLPHyyg.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\oAxOdvr.exe
  C:\Windows\System\oAxOdvr.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\phHYeoK.exe
  C:\Windows\System\phHYeoK.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\GboFhoV.exe
  C:\Windows\System\GboFhoV.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\BgMSyDK.exe
  C:\Windows\System\BgMSyDK.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\MwwKlKs.exe
  C:\Windows\System\MwwKlKs.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\EBsHGlN.exe
  C:\Windows\System\EBsHGlN.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\oJNWkju.exe
  C:\Windows\System\oJNWkju.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\LKosjSY.exe
  C:\Windows\System\LKosjSY.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\XoKXOaN.exe
  C:\Windows\System\XoKXOaN.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\SIFLXSP.exe
  C:\Windows\System\SIFLXSP.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\gSStkPq.exe
  C:\Windows\System\gSStkPq.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\cJemrel.exe
  C:\Windows\System\cJemrel.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\jaWGWyB.exe
  C:\Windows\System\jaWGWyB.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\NELQTWR.exe
  C:\Windows\System\NELQTWR.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\COtKTOU.exe
  C:\Windows\System\COtKTOU.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\VcxsQIf.exe
  C:\Windows\System\VcxsQIf.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\klkXxEP.exe
  C:\Windows\System\klkXxEP.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\wZQWOMe.exe
  C:\Windows\System\wZQWOMe.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\AffKjCD.exe
  C:\Windows\System\AffKjCD.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\rXdDUCp.exe
  C:\Windows\System\rXdDUCp.exe
  2⤵
  PID:2624
- C:\Windows\System\SZgRRpa.exe
  C:\Windows\System\SZgRRpa.exe
  2⤵
  PID:2788
- C:\Windows\System\MJFdNdq.exe
  C:\Windows\System\MJFdNdq.exe
  2⤵
  PID:2812
- C:\Windows\System\KjcLopp.exe
  C:\Windows\System\KjcLopp.exe
  2⤵
  PID:1236
- C:\Windows\System\tIUncUa.exe
  C:\Windows\System\tIUncUa.exe
  2⤵
  PID:2620
- C:\Windows\System\TTzVzGh.exe
  C:\Windows\System\TTzVzGh.exe
  2⤵
  PID:1872
- C:\Windows\System\vTJunvf.exe
  C:\Windows\System\vTJunvf.exe
  2⤵
  PID:2024
- C:\Windows\System\jzRHYyf.exe
  C:\Windows\System\jzRHYyf.exe
  2⤵
  PID:832
- C:\Windows\System\oNBiuyV.exe
  C:\Windows\System\oNBiuyV.exe
  2⤵
  PID:1000
- C:\Windows\System\iLrRgal.exe
  C:\Windows\System\iLrRgal.exe
  2⤵
  PID:2512
- C:\Windows\System\GEaySNr.exe
  C:\Windows\System\GEaySNr.exe
  2⤵
  PID:2688
- C:\Windows\System\WHZpoZs.exe
  C:\Windows\System\WHZpoZs.exe
  2⤵
  PID:2876
- C:\Windows\System\VzlEHye.exe
  C:\Windows\System\VzlEHye.exe
  2⤵
  PID:2940
- C:\Windows\System\XuUgaiE.exe
  C:\Windows\System\XuUgaiE.exe
  2⤵
  PID:1784
- C:\Windows\System\iSJubVu.exe
  C:\Windows\System\iSJubVu.exe
  2⤵
  PID:1688
- C:\Windows\System\GbDMPLj.exe
  C:\Windows\System\GbDMPLj.exe
  2⤵
  PID:692
- C:\Windows\System\skNwijy.exe
  C:\Windows\System\skNwijy.exe
  2⤵
  PID:1616
- C:\Windows\System\FpjepSx.exe
  C:\Windows\System\FpjepSx.exe
  2⤵
  PID:2544
- C:\Windows\System\oIopRTs.exe
  C:\Windows\System\oIopRTs.exe
  2⤵
  PID:544
- C:\Windows\System\ggZYcDh.exe
  C:\Windows\System\ggZYcDh.exe
  2⤵
  PID:1088
- C:\Windows\System\wXSvPNC.exe
  C:\Windows\System\wXSvPNC.exe
  2⤵
  PID:1096
- C:\Windows\System\mdwAymH.exe
  C:\Windows\System\mdwAymH.exe
  2⤵
  PID:2680
- C:\Windows\System\SkCgAsM.exe
  C:\Windows\System\SkCgAsM.exe
  2⤵
  PID:908
- C:\Windows\System\pNumeuR.exe
  C:\Windows\System\pNumeuR.exe
  2⤵
  PID:1480
- C:\Windows\System\ehfRfoj.exe
  C:\Windows\System\ehfRfoj.exe
  2⤵
  PID:1748
- C:\Windows\System\rxHToQU.exe
  C:\Windows\System\rxHToQU.exe
  2⤵
  PID:2484
- C:\Windows\System\gGrtzjA.exe
  C:\Windows\System\gGrtzjA.exe
  2⤵
  PID:2360
- C:\Windows\System\cJHUvtO.exe
  C:\Windows\System\cJHUvtO.exe
  2⤵
  PID:688
- C:\Windows\System\RhDUmAg.exe
  C:\Windows\System\RhDUmAg.exe
  2⤵
  PID:2480
- C:\Windows\System\TdwNyph.exe
  C:\Windows\System\TdwNyph.exe
  2⤵
  PID:984
- C:\Windows\System\DGoyCBn.exe
  C:\Windows\System\DGoyCBn.exe
  2⤵
  PID:1436
- C:\Windows\System\nsiiinU.exe
  C:\Windows\System\nsiiinU.exe
  2⤵
  PID:1740
- C:\Windows\System\uvEIRLJ.exe
  C:\Windows\System\uvEIRLJ.exe
  2⤵
  PID:1496
- C:\Windows\System\QLoRHSw.exe
  C:\Windows\System\QLoRHSw.exe
  2⤵
  PID:2264
- C:\Windows\System\ghxLpEN.exe
  C:\Windows\System\ghxLpEN.exe
  2⤵
  PID:1636
- C:\Windows\System\cZoqpGL.exe
  C:\Windows\System\cZoqpGL.exe
  2⤵
  PID:1180
- C:\Windows\System\vvEpiuY.exe
  C:\Windows\System\vvEpiuY.exe
  2⤵
  PID:2396
- C:\Windows\System\hhHxlrQ.exe
  C:\Windows\System\hhHxlrQ.exe
  2⤵
  PID:2764
- C:\Windows\System\ohyCPaT.exe
  C:\Windows\System\ohyCPaT.exe
  2⤵
  PID:2752
- C:\Windows\System\aiMjrho.exe
  C:\Windows\System\aiMjrho.exe
  2⤵
  PID:2676
- C:\Windows\System\wKTVJpO.exe
  C:\Windows\System\wKTVJpO.exe
  2⤵
  PID:2644
- C:\Windows\System\uIAijuD.exe
  C:\Windows\System\uIAijuD.exe
  2⤵
  PID:1904
- C:\Windows\System\TCIPeeH.exe
  C:\Windows\System\TCIPeeH.exe
  2⤵
  PID:1860
- C:\Windows\System\FaqwGHd.exe
  C:\Windows\System\FaqwGHd.exe
  2⤵
  PID:2636
- C:\Windows\System\XFJpDTM.exe
  C:\Windows\System\XFJpDTM.exe
  2⤵
  PID:2316
- C:\Windows\System\eqDzpOE.exe
  C:\Windows\System\eqDzpOE.exe
  2⤵
  PID:2152
- C:\Windows\System\zqASiBp.exe
  C:\Windows\System\zqASiBp.exe
  2⤵
  PID:352
- C:\Windows\System\gJlzeVG.exe
  C:\Windows\System\gJlzeVG.exe
  2⤵
  PID:2012
- C:\Windows\System\DDmEGCk.exe
  C:\Windows\System\DDmEGCk.exe
  2⤵
  PID:1508
- C:\Windows\System\pFMQfFg.exe
  C:\Windows\System\pFMQfFg.exe
  2⤵
  PID:2308
- C:\Windows\System\XDHVRNF.exe
  C:\Windows\System\XDHVRNF.exe
  2⤵
  PID:2244
- C:\Windows\System\xxBjwKX.exe
  C:\Windows\System\xxBjwKX.exe
  2⤵
  PID:2220
- C:\Windows\System\kZLwQzZ.exe
  C:\Windows\System\kZLwQzZ.exe
  2⤵
  PID:1716
- C:\Windows\System\VdqTlBB.exe
  C:\Windows\System\VdqTlBB.exe
  2⤵
  PID:328
- C:\Windows\System\FOnuyEz.exe
  C:\Windows\System\FOnuyEz.exe
  2⤵
  PID:2136
- C:\Windows\System\fyvDgGz.exe
  C:\Windows\System\fyvDgGz.exe
  2⤵
  PID:3064
- C:\Windows\System\yIejqmF.exe
  C:\Windows\System\yIejqmF.exe
  2⤵
  PID:3036
- C:\Windows\System\Mroatai.exe
  C:\Windows\System\Mroatai.exe
  2⤵
  PID:1420
- C:\Windows\System\BWlshLk.exe
  C:\Windows\System\BWlshLk.exe
  2⤵
  PID:2476
- C:\Windows\System\rytahlw.exe
  C:\Windows\System\rytahlw.exe
  2⤵
  PID:1552
- C:\Windows\System\oMVOFDz.exe
  C:\Windows\System\oMVOFDz.exe
  2⤵
  PID:2816
- C:\Windows\System\fZmevmf.exe
  C:\Windows\System\fZmevmf.exe
  2⤵
  PID:1644
- C:\Windows\System\doxiQnw.exe
  C:\Windows\System\doxiQnw.exe
  2⤵
  PID:2908
- C:\Windows\System\qCiMUsE.exe
  C:\Windows\System\qCiMUsE.exe
  2⤵
  PID:2932
- C:\Windows\System\wwJrgRr.exe
  C:\Windows\System\wwJrgRr.exe
  2⤵
  PID:1780
- C:\Windows\System\neVmtVe.exe
  C:\Windows\System\neVmtVe.exe
  2⤵
  PID:1724
- C:\Windows\System\AhSIBor.exe
  C:\Windows\System\AhSIBor.exe
  2⤵
  PID:2000
- C:\Windows\System\igIJfLj.exe
  C:\Windows\System\igIJfLj.exe
  2⤵
  PID:2672
- C:\Windows\System\peXNfZR.exe
  C:\Windows\System\peXNfZR.exe
  2⤵
  PID:2884
- C:\Windows\System\mbJILtA.exe
  C:\Windows\System\mbJILtA.exe
  2⤵
  PID:2968
- C:\Windows\System\cWSkHNY.exe
  C:\Windows\System\cWSkHNY.exe
  2⤵
  PID:708
- C:\Windows\System\NXaRneO.exe
  C:\Windows\System\NXaRneO.exe
  2⤵
  PID:2168
- C:\Windows\System\YEsYaDC.exe
  C:\Windows\System\YEsYaDC.exe
  2⤵
  PID:1092
- C:\Windows\System\ESvtekG.exe
  C:\Windows\System\ESvtekG.exe
  2⤵
  PID:2120
- C:\Windows\System\PfyuQTd.exe
  C:\Windows\System\PfyuQTd.exe
  2⤵
  PID:884
- C:\Windows\System\hHhVHJq.exe
  C:\Windows\System\hHhVHJq.exe
  2⤵
  PID:2516
- C:\Windows\System\tIWOzZV.exe
  C:\Windows\System\tIWOzZV.exe
  2⤵
  PID:1888
- C:\Windows\System\ZLFXlxm.exe
  C:\Windows\System\ZLFXlxm.exe
  2⤵
  PID:3040
- C:\Windows\System\QkQkdrI.exe
  C:\Windows\System\QkQkdrI.exe
  2⤵
  PID:2872
- C:\Windows\System\nlxUiRK.exe
  C:\Windows\System\nlxUiRK.exe
  2⤵
  PID:756
- C:\Windows\System\jbstkha.exe
  C:\Windows\System\jbstkha.exe
  2⤵
  PID:2776
- C:\Windows\System\wgRAeAp.exe
  C:\Windows\System\wgRAeAp.exe
  2⤵
  PID:2228
- C:\Windows\System\pENPrGP.exe
  C:\Windows\System\pENPrGP.exe
  2⤵
  PID:1376
- C:\Windows\System\GgfQPpg.exe
  C:\Windows\System\GgfQPpg.exe
  2⤵
  PID:1056
- C:\Windows\System\FRWlirV.exe
  C:\Windows\System\FRWlirV.exe
  2⤵
  PID:600
- C:\Windows\System\UjOcsfh.exe
  C:\Windows\System\UjOcsfh.exe
  2⤵
  PID:1620
- C:\Windows\System\LhIpnKY.exe
  C:\Windows\System\LhIpnKY.exe
  2⤵
  PID:1532
- C:\Windows\System\KsWEigA.exe
  C:\Windows\System\KsWEigA.exe
  2⤵
  PID:2336
- C:\Windows\System\PGvUmYT.exe
  C:\Windows\System\PGvUmYT.exe
  2⤵
  PID:3068
- C:\Windows\System\ByBxoNP.exe
  C:\Windows\System\ByBxoNP.exe
  2⤵
  PID:2684
- C:\Windows\System\gECbmlA.exe
  C:\Windows\System\gECbmlA.exe
  2⤵
  PID:1944
- C:\Windows\System\kAbORYL.exe
  C:\Windows\System\kAbORYL.exe
  2⤵
  PID:2140
- C:\Windows\System\LDejWVM.exe
  C:\Windows\System\LDejWVM.exe
  2⤵
  PID:2468
- C:\Windows\System\ZYSWpHe.exe
  C:\Windows\System\ZYSWpHe.exe
  2⤵
  PID:3084
- C:\Windows\System\eZGZXJn.exe
  C:\Windows\System\eZGZXJn.exe
  2⤵
  PID:3104
- C:\Windows\System\trBeFOW.exe
  C:\Windows\System\trBeFOW.exe
  2⤵
  PID:3120
- C:\Windows\System\sipLTUy.exe
  C:\Windows\System\sipLTUy.exe
  2⤵
  PID:3140
- C:\Windows\System\kyLTrZP.exe
  C:\Windows\System\kyLTrZP.exe
  2⤵
  PID:3156
- C:\Windows\System\mWQOEhJ.exe
  C:\Windows\System\mWQOEhJ.exe
  2⤵
  PID:3180
- C:\Windows\System\ybaHVZl.exe
  C:\Windows\System\ybaHVZl.exe
  2⤵
  PID:3196
- C:\Windows\System\TYnBLYM.exe
  C:\Windows\System\TYnBLYM.exe
  2⤵
  PID:3216
- C:\Windows\System\OubneLG.exe
  C:\Windows\System\OubneLG.exe
  2⤵
  PID:3236
- C:\Windows\System\JGLSzNl.exe
  C:\Windows\System\JGLSzNl.exe
  2⤵
  PID:3256
- C:\Windows\System\zoEVZwW.exe
  C:\Windows\System\zoEVZwW.exe
  2⤵
  PID:3272
- C:\Windows\System\rklvaes.exe
  C:\Windows\System\rklvaes.exe
  2⤵
  PID:3292
- C:\Windows\System\JqzFiBC.exe
  C:\Windows\System\JqzFiBC.exe
  2⤵
  PID:3312
- C:\Windows\System\cpwBYJq.exe
  C:\Windows\System\cpwBYJq.exe
  2⤵
  PID:3336
- C:\Windows\System\zdBxhov.exe
  C:\Windows\System\zdBxhov.exe
  2⤵
  PID:3356
- C:\Windows\System\AHEvakf.exe
  C:\Windows\System\AHEvakf.exe
  2⤵
  PID:3376
- C:\Windows\System\POPbkFW.exe
  C:\Windows\System\POPbkFW.exe
  2⤵
  PID:3396
- C:\Windows\System\Tktfjdm.exe
  C:\Windows\System\Tktfjdm.exe
  2⤵
  PID:3416
- C:\Windows\System\NHPuOzK.exe
  C:\Windows\System\NHPuOzK.exe
  2⤵
  PID:3436
- C:\Windows\System\YeDYuWE.exe
  C:\Windows\System\YeDYuWE.exe
  2⤵
  PID:3468
- C:\Windows\System\OeNmvbM.exe
  C:\Windows\System\OeNmvbM.exe
  2⤵
  PID:3488
- C:\Windows\System\eUPHjzn.exe
  C:\Windows\System\eUPHjzn.exe
  2⤵
  PID:3508
- C:\Windows\System\sudftOR.exe
  C:\Windows\System\sudftOR.exe
  2⤵
  PID:3528
- C:\Windows\System\RwAYIqp.exe
  C:\Windows\System\RwAYIqp.exe
  2⤵
  PID:3548
- C:\Windows\System\cgWKRbx.exe
  C:\Windows\System\cgWKRbx.exe
  2⤵
  PID:3568
- C:\Windows\System\SdJQhVb.exe
  C:\Windows\System\SdJQhVb.exe
  2⤵
  PID:3588
- C:\Windows\System\efZyfwC.exe
  C:\Windows\System\efZyfwC.exe
  2⤵
  PID:3608
- C:\Windows\System\lkpoOKK.exe
  C:\Windows\System\lkpoOKK.exe
  2⤵
  PID:3628
- C:\Windows\System\tRHPyFn.exe
  C:\Windows\System\tRHPyFn.exe
  2⤵
  PID:3652
- C:\Windows\System\REIgdRV.exe
  C:\Windows\System\REIgdRV.exe
  2⤵
  PID:3672
- C:\Windows\System\FrhOrZd.exe
  C:\Windows\System\FrhOrZd.exe
  2⤵
  PID:3692
- C:\Windows\System\oUypZDn.exe
  C:\Windows\System\oUypZDn.exe
  2⤵
  PID:3712
- C:\Windows\System\JfbgOop.exe
  C:\Windows\System\JfbgOop.exe
  2⤵
  PID:3732
- C:\Windows\System\tQysrVT.exe
  C:\Windows\System\tQysrVT.exe
  2⤵
  PID:3752
- C:\Windows\System\gchPTko.exe
  C:\Windows\System\gchPTko.exe
  2⤵
  PID:3772
- C:\Windows\System\SsniIob.exe
  C:\Windows\System\SsniIob.exe
  2⤵
  PID:3800
- C:\Windows\System\BTCkkDk.exe
  C:\Windows\System\BTCkkDk.exe
  2⤵
  PID:3820
- C:\Windows\System\eswgjYG.exe
  C:\Windows\System\eswgjYG.exe
  2⤵
  PID:3840
- C:\Windows\System\cnPNZoU.exe
  C:\Windows\System\cnPNZoU.exe
  2⤵
  PID:3860
- C:\Windows\System\pHfgtfm.exe
  C:\Windows\System\pHfgtfm.exe
  2⤵
  PID:3880
- C:\Windows\System\PJbNfPR.exe
  C:\Windows\System\PJbNfPR.exe
  2⤵
  PID:3900
- C:\Windows\System\DiiqLgK.exe
  C:\Windows\System\DiiqLgK.exe
  2⤵
  PID:3920
- C:\Windows\System\lUYzFwQ.exe
  C:\Windows\System\lUYzFwQ.exe
  2⤵
  PID:3940
- C:\Windows\System\WNywDPh.exe
  C:\Windows\System\WNywDPh.exe
  2⤵
  PID:3960
- C:\Windows\System\jFTWDUr.exe
  C:\Windows\System\jFTWDUr.exe
  2⤵
  PID:3980
- C:\Windows\System\xynqDTC.exe
  C:\Windows\System\xynqDTC.exe
  2⤵
  PID:4000
- C:\Windows\System\CZbYGys.exe
  C:\Windows\System\CZbYGys.exe
  2⤵
  PID:4020
- C:\Windows\System\ZzvkpCw.exe
  C:\Windows\System\ZzvkpCw.exe
  2⤵
  PID:4040
- C:\Windows\System\tplEdYl.exe
  C:\Windows\System\tplEdYl.exe
  2⤵
  PID:4056
- C:\Windows\System\VfSRIVf.exe
  C:\Windows\System\VfSRIVf.exe
  2⤵
  PID:4080
- C:\Windows\System\AbgFrok.exe
  C:\Windows\System\AbgFrok.exe
  2⤵
  PID:2656
- C:\Windows\System\ZsCNOBQ.exe
  C:\Windows\System\ZsCNOBQ.exe
  2⤵
  PID:3020
- C:\Windows\System\grRGlII.exe
  C:\Windows\System\grRGlII.exe
  2⤵
  PID:3092
- C:\Windows\System\iHAFMHV.exe
  C:\Windows\System\iHAFMHV.exe
  2⤵
  PID:3136
- C:\Windows\System\qPYvCit.exe
  C:\Windows\System\qPYvCit.exe
  2⤵
  PID:3176
- C:\Windows\System\fooQfna.exe
  C:\Windows\System\fooQfna.exe
  2⤵
  PID:3212
- C:\Windows\System\lrTeGTt.exe
  C:\Windows\System\lrTeGTt.exe
  2⤵
  PID:3280
- C:\Windows\System\XvhIWPJ.exe
  C:\Windows\System\XvhIWPJ.exe
  2⤵
  PID:1228
- C:\Windows\System\TeyEwpX.exe
  C:\Windows\System\TeyEwpX.exe
  2⤵
  PID:3372
- C:\Windows\System\ptimKcl.exe
  C:\Windows\System\ptimKcl.exe
  2⤵
  PID:3112
- C:\Windows\System\KwoMeIB.exe
  C:\Windows\System\KwoMeIB.exe
  2⤵
  PID:3152
- C:\Windows\System\dFimAQP.exe
  C:\Windows\System\dFimAQP.exe
  2⤵
  PID:3224
- C:\Windows\System\OwGGbHx.exe
  C:\Windows\System\OwGGbHx.exe
  2⤵
  PID:3452
- C:\Windows\System\YQWGdAT.exe
  C:\Windows\System\YQWGdAT.exe
  2⤵
  PID:3456
- C:\Windows\System\JVnlLRQ.exe
  C:\Windows\System\JVnlLRQ.exe
  2⤵
  PID:3348
- C:\Windows\System\SKkCQto.exe
  C:\Windows\System\SKkCQto.exe
  2⤵
  PID:3428
- C:\Windows\System\HBJvhTM.exe
  C:\Windows\System\HBJvhTM.exe
  2⤵
  PID:3476
- C:\Windows\System\bGFFBxc.exe
  C:\Windows\System\bGFFBxc.exe
  2⤵
  PID:3544
- C:\Windows\System\LciJMiN.exe
  C:\Windows\System\LciJMiN.exe
  2⤵
  PID:3556
- C:\Windows\System\inZehJY.exe
  C:\Windows\System\inZehJY.exe
  2⤵
  PID:3560
- C:\Windows\System\ZPSyeUA.exe
  C:\Windows\System\ZPSyeUA.exe
  2⤵
  PID:3596
- C:\Windows\System\wOkNhXv.exe
  C:\Windows\System\wOkNhXv.exe
  2⤵
  PID:3644
- C:\Windows\System\AxSDsbi.exe
  C:\Windows\System\AxSDsbi.exe
  2⤵
  PID:3700
- C:\Windows\System\nBTJXqv.exe
  C:\Windows\System\nBTJXqv.exe
  2⤵
  PID:3720
- C:\Windows\System\pGhHKcA.exe
  C:\Windows\System\pGhHKcA.exe
  2⤵
  PID:3744
- C:\Windows\System\QkbNCDz.exe
  C:\Windows\System\QkbNCDz.exe
  2⤵
  PID:3792
- C:\Windows\System\rlogYZg.exe
  C:\Windows\System\rlogYZg.exe
  2⤵
  PID:3816
- C:\Windows\System\dnZnlWl.exe
  C:\Windows\System\dnZnlWl.exe
  2⤵
  PID:3848
- C:\Windows\System\fFPBgYi.exe
  C:\Windows\System\fFPBgYi.exe
  2⤵
  PID:3908
- C:\Windows\System\iYQtzEU.exe
  C:\Windows\System\iYQtzEU.exe
  2⤵
  PID:3928
- C:\Windows\System\qrXqsMa.exe
  C:\Windows\System\qrXqsMa.exe
  2⤵
  PID:3952
- C:\Windows\System\tlwLAkn.exe
  C:\Windows\System\tlwLAkn.exe
  2⤵
  PID:3976
- C:\Windows\System\ygrFkXO.exe
  C:\Windows\System\ygrFkXO.exe
  2⤵
  PID:4036
- C:\Windows\System\XoXnKQQ.exe
  C:\Windows\System\XoXnKQQ.exe
  2⤵
  PID:4072
- C:\Windows\System\oebJduu.exe
  C:\Windows\System\oebJduu.exe
  2⤵
  PID:1884
- C:\Windows\System\JpwaXjF.exe
  C:\Windows\System\JpwaXjF.exe
  2⤵
  PID:2288
- C:\Windows\System\gljlCEY.exe
  C:\Windows\System\gljlCEY.exe
  2⤵
  PID:3128
- C:\Windows\System\LmGhWPk.exe
  C:\Windows\System\LmGhWPk.exe
  2⤵
  PID:3164
- C:\Windows\System\CAxLBNb.exe
  C:\Windows\System\CAxLBNb.exe
  2⤵
  PID:2312
- C:\Windows\System\pGyYByF.exe
  C:\Windows\System\pGyYByF.exe
  2⤵
  PID:2260
- C:\Windows\System\antGULA.exe
  C:\Windows\System\antGULA.exe
  2⤵
  PID:3076
- C:\Windows\System\riEjaOI.exe
  C:\Windows\System\riEjaOI.exe
  2⤵
  PID:3412
- C:\Windows\System\zSfhNVT.exe
  C:\Windows\System\zSfhNVT.exe
  2⤵
  PID:3268
- C:\Windows\System\CRBBHVV.exe
  C:\Windows\System\CRBBHVV.exe
  2⤵
  PID:3424
- C:\Windows\System\eyDrhIT.exe
  C:\Windows\System\eyDrhIT.exe
  2⤵
  PID:3496
- C:\Windows\System\ggoZiVW.exe
  C:\Windows\System\ggoZiVW.exe
  2⤵
  PID:3580
- C:\Windows\System\wncsdyk.exe
  C:\Windows\System\wncsdyk.exe
  2⤵
  PID:3668
- C:\Windows\System\ClpAKym.exe
  C:\Windows\System\ClpAKym.exe
  2⤵
  PID:3636
- C:\Windows\System\XOaudev.exe
  C:\Windows\System\XOaudev.exe
  2⤵
  PID:3740
- C:\Windows\System\yRRkUjf.exe
  C:\Windows\System\yRRkUjf.exe
  2⤵
  PID:3648
- C:\Windows\System\LPcGlyl.exe
  C:\Windows\System\LPcGlyl.exe
  2⤵
  PID:3828
- C:\Windows\System\jjQUHOp.exe
  C:\Windows\System\jjQUHOp.exe
  2⤵
  PID:3896
- C:\Windows\System\IzhAchZ.exe
  C:\Windows\System\IzhAchZ.exe
  2⤵
  PID:3892
- C:\Windows\System\OccWonP.exe
  C:\Windows\System\OccWonP.exe
  2⤵
  PID:3932
- C:\Windows\System\vNTtHBg.exe
  C:\Windows\System\vNTtHBg.exe
  2⤵
  PID:4008
- C:\Windows\System\RDaiDth.exe
  C:\Windows\System\RDaiDth.exe
  2⤵
  PID:4048
- C:\Windows\System\gIwyIYK.exe
  C:\Windows\System\gIwyIYK.exe
  2⤵
  PID:2984
- C:\Windows\System\OXAiIkg.exe
  C:\Windows\System\OXAiIkg.exe
  2⤵
  PID:3204
- C:\Windows\System\VHAIOFa.exe
  C:\Windows\System\VHAIOFa.exe
  2⤵
  PID:3320
- C:\Windows\System\aEczxBr.exe
  C:\Windows\System\aEczxBr.exe
  2⤵
  PID:3328
- C:\Windows\System\qxkNByM.exe
  C:\Windows\System\qxkNByM.exe
  2⤵
  PID:3304
- C:\Windows\System\sbuntcx.exe
  C:\Windows\System\sbuntcx.exe
  2⤵
  PID:3384
- C:\Windows\System\iGgAFqV.exe
  C:\Windows\System\iGgAFqV.exe
  2⤵
  PID:3480
- C:\Windows\System\VkvgPGf.exe
  C:\Windows\System\VkvgPGf.exe
  2⤵
  PID:3620
- C:\Windows\System\OUUqxxs.exe
  C:\Windows\System\OUUqxxs.exe
  2⤵
  PID:3704
- C:\Windows\System\dusbIyr.exe
  C:\Windows\System\dusbIyr.exe
  2⤵
  PID:3836
- C:\Windows\System\IphSnKG.exe
  C:\Windows\System\IphSnKG.exe
  2⤵
  PID:3876
- C:\Windows\System\PuEprlm.exe
  C:\Windows\System\PuEprlm.exe
  2⤵
  PID:3968
- C:\Windows\System\wiksZiO.exe
  C:\Windows\System\wiksZiO.exe
  2⤵
  PID:4052
- C:\Windows\System\ICinawv.exe
  C:\Windows\System\ICinawv.exe
  2⤵
  PID:1732
- C:\Windows\System\Isbmgel.exe
  C:\Windows\System\Isbmgel.exe
  2⤵
  PID:3364
- C:\Windows\System\KXWVlbE.exe
  C:\Windows\System\KXWVlbE.exe
  2⤵
  PID:3232
- C:\Windows\System\NYswLqV.exe
  C:\Windows\System\NYswLqV.exe
  2⤵
  PID:3504
- C:\Windows\System\eiAapHw.exe
  C:\Windows\System\eiAapHw.exe
  2⤵
  PID:3540
- C:\Windows\System\ftpYahH.exe
  C:\Windows\System\ftpYahH.exe
  2⤵
  PID:3684
- C:\Windows\System\NKTpHtd.exe
  C:\Windows\System\NKTpHtd.exe
  2⤵
  PID:4112
- C:\Windows\System\Oashlio.exe
  C:\Windows\System\Oashlio.exe
  2⤵
  PID:4132
- C:\Windows\System\CmWSdFu.exe
  C:\Windows\System\CmWSdFu.exe
  2⤵
  PID:4152
- C:\Windows\System\oUDyySD.exe
  C:\Windows\System\oUDyySD.exe
  2⤵
  PID:4172
- C:\Windows\System\JpRGZkq.exe
  C:\Windows\System\JpRGZkq.exe
  2⤵
  PID:4192
- C:\Windows\System\iXTVLlE.exe
  C:\Windows\System\iXTVLlE.exe
  2⤵
  PID:4212
- C:\Windows\System\ZkwKPNA.exe
  C:\Windows\System\ZkwKPNA.exe
  2⤵
  PID:4232
- C:\Windows\System\LDbHYYJ.exe
  C:\Windows\System\LDbHYYJ.exe
  2⤵
  PID:4252
- C:\Windows\System\RErGlFm.exe
  C:\Windows\System\RErGlFm.exe
  2⤵
  PID:4272
- C:\Windows\System\GUiNrCz.exe
  C:\Windows\System\GUiNrCz.exe
  2⤵
  PID:4292
- C:\Windows\System\AvBTWHe.exe
  C:\Windows\System\AvBTWHe.exe
  2⤵
  PID:4312
- C:\Windows\System\URUDyTi.exe
  C:\Windows\System\URUDyTi.exe
  2⤵
  PID:4332
- C:\Windows\System\UdiSgYT.exe
  C:\Windows\System\UdiSgYT.exe
  2⤵
  PID:4352
- C:\Windows\System\uEXesDB.exe
  C:\Windows\System\uEXesDB.exe
  2⤵
  PID:4372
- C:\Windows\System\PhcJPnf.exe
  C:\Windows\System\PhcJPnf.exe
  2⤵
  PID:4392
- C:\Windows\System\aDysArx.exe
  C:\Windows\System\aDysArx.exe
  2⤵
  PID:4412
- C:\Windows\System\fdwakcX.exe
  C:\Windows\System\fdwakcX.exe
  2⤵
  PID:4428
- C:\Windows\System\ejrQPMG.exe
  C:\Windows\System\ejrQPMG.exe
  2⤵
  PID:4452
- C:\Windows\System\kOxgmZN.exe
  C:\Windows\System\kOxgmZN.exe
  2⤵
  PID:4472
- C:\Windows\System\riBTzKS.exe
  C:\Windows\System\riBTzKS.exe
  2⤵
  PID:4492
- C:\Windows\System\xLTSVom.exe
  C:\Windows\System\xLTSVom.exe
  2⤵
  PID:4512
- C:\Windows\System\kRvlQZs.exe
  C:\Windows\System\kRvlQZs.exe
  2⤵
  PID:4532
- C:\Windows\System\MjSQyvu.exe
  C:\Windows\System\MjSQyvu.exe
  2⤵
  PID:4552
- C:\Windows\System\qijteGk.exe
  C:\Windows\System\qijteGk.exe
  2⤵
  PID:4572
- C:\Windows\System\MWSSUAu.exe
  C:\Windows\System\MWSSUAu.exe
  2⤵
  PID:4592
- C:\Windows\System\bKZunDo.exe
  C:\Windows\System\bKZunDo.exe
  2⤵
  PID:4612
- C:\Windows\System\IgRGuhW.exe
  C:\Windows\System\IgRGuhW.exe
  2⤵
  PID:4632
- C:\Windows\System\mSDjNPi.exe
  C:\Windows\System\mSDjNPi.exe
  2⤵
  PID:4652
- C:\Windows\System\aBtHgDI.exe
  C:\Windows\System\aBtHgDI.exe
  2⤵
  PID:4672
- C:\Windows\System\pftevby.exe
  C:\Windows\System\pftevby.exe
  2⤵
  PID:4692
- C:\Windows\System\KeNkBpY.exe
  C:\Windows\System\KeNkBpY.exe
  2⤵
  PID:4712
- C:\Windows\System\kTojWmh.exe
  C:\Windows\System\kTojWmh.exe
  2⤵
  PID:4732
- C:\Windows\System\OmrGXfZ.exe
  C:\Windows\System\OmrGXfZ.exe
  2⤵
  PID:4752
- C:\Windows\System\BjpEbLX.exe
  C:\Windows\System\BjpEbLX.exe
  2⤵
  PID:4772
- C:\Windows\System\cbUZSVX.exe
  C:\Windows\System\cbUZSVX.exe
  2⤵
  PID:4792
- C:\Windows\System\ZozLHnP.exe
  C:\Windows\System\ZozLHnP.exe
  2⤵
  PID:4812
- C:\Windows\System\WRbrlLL.exe
  C:\Windows\System\WRbrlLL.exe
  2⤵
  PID:4832
- C:\Windows\System\FQoOUZZ.exe
  C:\Windows\System\FQoOUZZ.exe
  2⤵
  PID:4852
- C:\Windows\System\tnWcIlt.exe
  C:\Windows\System\tnWcIlt.exe
  2⤵
  PID:4872
- C:\Windows\System\tvExHne.exe
  C:\Windows\System\tvExHne.exe
  2⤵
  PID:4892
- C:\Windows\System\MuYhxSy.exe
  C:\Windows\System\MuYhxSy.exe
  2⤵
  PID:4916
- C:\Windows\System\fZOVvxz.exe
  C:\Windows\System\fZOVvxz.exe
  2⤵
  PID:4936
- C:\Windows\System\nRviykP.exe
  C:\Windows\System\nRviykP.exe
  2⤵
  PID:4956
- C:\Windows\System\YKXwfaX.exe
  C:\Windows\System\YKXwfaX.exe
  2⤵
  PID:4976
- C:\Windows\System\pDcBYLN.exe
  C:\Windows\System\pDcBYLN.exe
  2⤵
  PID:4996
- C:\Windows\System\jfpxpxC.exe
  C:\Windows\System\jfpxpxC.exe
  2⤵
  PID:5016
- C:\Windows\System\kvMQZQt.exe
  C:\Windows\System\kvMQZQt.exe
  2⤵
  PID:5036
- C:\Windows\System\ociKSAV.exe
  C:\Windows\System\ociKSAV.exe
  2⤵
  PID:5052
- C:\Windows\System\oaHhlsG.exe
  C:\Windows\System\oaHhlsG.exe
  2⤵
  PID:5076
- C:\Windows\System\HiNFRlt.exe
  C:\Windows\System\HiNFRlt.exe
  2⤵
  PID:5092
- C:\Windows\System\YRperou.exe
  C:\Windows\System\YRperou.exe
  2⤵
  PID:3912
- C:\Windows\System\aPKHggW.exe
  C:\Windows\System\aPKHggW.exe
  2⤵
  PID:3872
- C:\Windows\System\yPwhCIs.exe
  C:\Windows\System\yPwhCIs.exe
  2⤵
  PID:1560
- C:\Windows\System\bMZlSUE.exe
  C:\Windows\System\bMZlSUE.exe
  2⤵
  PID:3332
- C:\Windows\System\AewQKuT.exe
  C:\Windows\System\AewQKuT.exe
  2⤵
  PID:3536
- C:\Windows\System\XTrCamX.exe
  C:\Windows\System\XTrCamX.exe
  2⤵
  PID:3584
- C:\Windows\System\gZVJrpD.exe
  C:\Windows\System\gZVJrpD.exe
  2⤵
  PID:4108
- C:\Windows\System\MkfFcrp.exe
  C:\Windows\System\MkfFcrp.exe
  2⤵
  PID:4128
- C:\Windows\System\yTSTHXK.exe
  C:\Windows\System\yTSTHXK.exe
  2⤵
  PID:4180
- C:\Windows\System\pebtOuH.exe
  C:\Windows\System\pebtOuH.exe
  2⤵
  PID:4200
- C:\Windows\System\GBluVYT.exe
  C:\Windows\System\GBluVYT.exe
  2⤵
  PID:4240
- C:\Windows\System\WqHUOaO.exe
  C:\Windows\System\WqHUOaO.exe
  2⤵
  PID:4244
- C:\Windows\System\khxJZOE.exe
  C:\Windows\System\khxJZOE.exe
  2⤵
  PID:4304
- C:\Windows\System\lhDcxIr.exe
  C:\Windows\System\lhDcxIr.exe
  2⤵
  PID:4328
- C:\Windows\System\SPlkAju.exe
  C:\Windows\System\SPlkAju.exe
  2⤵
  PID:4388
- C:\Windows\System\gxCrDBc.exe
  C:\Windows\System\gxCrDBc.exe
  2⤵
  PID:4408
- C:\Windows\System\IiMLwEr.exe
  C:\Windows\System\IiMLwEr.exe
  2⤵
  PID:2100
- C:\Windows\System\owSLpfw.exe
  C:\Windows\System\owSLpfw.exe
  2⤵
  PID:3516
- C:\Windows\System\aRRcCfu.exe
  C:\Windows\System\aRRcCfu.exe
  2⤵
  PID:4488
- C:\Windows\System\shlfQxM.exe
  C:\Windows\System\shlfQxM.exe
  2⤵
  PID:4528
- C:\Windows\System\InKahhw.exe
  C:\Windows\System\InKahhw.exe
  2⤵
  PID:4584
- C:\Windows\System\PIGvugB.exe
  C:\Windows\System\PIGvugB.exe
  2⤵
  PID:4564
- C:\Windows\System\wRzLykH.exe
  C:\Windows\System\wRzLykH.exe
  2⤵
  PID:4624
- C:\Windows\System\SblJoxk.exe
  C:\Windows\System\SblJoxk.exe
  2⤵
  PID:4640
- C:\Windows\System\xXkVJav.exe
  C:\Windows\System\xXkVJav.exe
  2⤵
  PID:4688
- C:\Windows\System\DvNMoKY.exe
  C:\Windows\System\DvNMoKY.exe
  2⤵
  PID:4724
- C:\Windows\System\vPESotw.exe
  C:\Windows\System\vPESotw.exe
  2⤵
  PID:4780
- C:\Windows\System\PpiywGh.exe
  C:\Windows\System\PpiywGh.exe
  2⤵
  PID:4860
- C:\Windows\System\wcofAmp.exe
  C:\Windows\System\wcofAmp.exe
  2⤵
  PID:4844
- C:\Windows\System\YAxJCrR.exe
  C:\Windows\System\YAxJCrR.exe
  2⤵
  PID:4904
- C:\Windows\System\AzzOdcs.exe
  C:\Windows\System\AzzOdcs.exe
  2⤵
  PID:4948
- C:\Windows\System\mTwdqfz.exe
  C:\Windows\System\mTwdqfz.exe
  2⤵
  PID:5024
- C:\Windows\System\mGrQzEu.exe
  C:\Windows\System\mGrQzEu.exe
  2⤵
  PID:4968
- C:\Windows\System\mmvrPkM.exe
  C:\Windows\System\mmvrPkM.exe
  2⤵
  PID:5060
- C:\Windows\System\reRbffa.exe
  C:\Windows\System\reRbffa.exe
  2⤵
  PID:5064
- C:\Windows\System\lWVZGoO.exe
  C:\Windows\System\lWVZGoO.exe
  2⤵
  PID:5112
- C:\Windows\System\gocIidE.exe
  C:\Windows\System\gocIidE.exe
  2⤵
  PID:4016
- C:\Windows\System\MOzJoEh.exe
  C:\Windows\System\MOzJoEh.exe
  2⤵
  PID:1640
- C:\Windows\System\DKyuwfu.exe
  C:\Windows\System\DKyuwfu.exe
  2⤵
  PID:3444
- C:\Windows\System\VgJVEZB.exe
  C:\Windows\System\VgJVEZB.exe
  2⤵
  PID:2952
- C:\Windows\System\OlJIhwr.exe
  C:\Windows\System\OlJIhwr.exe
  2⤵
  PID:4144
- C:\Windows\System\sdwllce.exe
  C:\Windows\System\sdwllce.exe
  2⤵
  PID:4164
- C:\Windows\System\pCgZnPY.exe
  C:\Windows\System\pCgZnPY.exe
  2⤵
  PID:4204
- C:\Windows\System\EujrguD.exe
  C:\Windows\System\EujrguD.exe
  2⤵
  PID:4264
- C:\Windows\System\UDSYBXw.exe
  C:\Windows\System\UDSYBXw.exe
  2⤵
  PID:4348
- C:\Windows\System\unqNypX.exe
  C:\Windows\System\unqNypX.exe
  2⤵
  PID:4364
- C:\Windows\System\jmikWiz.exe
  C:\Windows\System\jmikWiz.exe
  2⤵
  PID:2936
- C:\Windows\System\ahWHCZb.exe
  C:\Windows\System\ahWHCZb.exe
  2⤵
  PID:4460
- C:\Windows\System\HhgSgCw.exe
  C:\Windows\System\HhgSgCw.exe
  2⤵
  PID:4444
- C:\Windows\System\JvGdSwE.exe
  C:\Windows\System\JvGdSwE.exe
  2⤵
  PID:4560
- C:\Windows\System\IWVtMYx.exe
  C:\Windows\System\IWVtMYx.exe
  2⤵
  PID:4668
- C:\Windows\System\smDvitG.exe
  C:\Windows\System\smDvitG.exe
  2⤵
  PID:4720
- C:\Windows\System\WnCXUHw.exe
  C:\Windows\System\WnCXUHw.exe
  2⤵
  PID:2180
- C:\Windows\System\rbNEkSB.exe
  C:\Windows\System\rbNEkSB.exe
  2⤵
  PID:4784
- C:\Windows\System\xAiaqHr.exe
  C:\Windows\System\xAiaqHr.exe
  2⤵
  PID:3788
- C:\Windows\System\PxfpSxb.exe
  C:\Windows\System\PxfpSxb.exe
  2⤵
  PID:2412
- C:\Windows\System\PFmGmEy.exe
  C:\Windows\System\PFmGmEy.exe
  2⤵
  PID:1956
- C:\Windows\System\gxeFnvv.exe
  C:\Windows\System\gxeFnvv.exe
  2⤵
  PID:4864
- C:\Windows\System\nkiKwMH.exe
  C:\Windows\System\nkiKwMH.exe
  2⤵
  PID:4932
- C:\Windows\System\CmvddXR.exe
  C:\Windows\System\CmvddXR.exe
  2⤵
  PID:5028
- C:\Windows\System\INsDSDj.exe
  C:\Windows\System\INsDSDj.exe
  2⤵
  PID:4064
- C:\Windows\System\TWuNhRG.exe
  C:\Windows\System\TWuNhRG.exe
  2⤵
  PID:5104
- C:\Windows\System\pszTnYs.exe
  C:\Windows\System\pszTnYs.exe
  2⤵
  PID:3956
- C:\Windows\System\bgMokYi.exe
  C:\Windows\System\bgMokYi.exe
  2⤵
  PID:4160
- C:\Windows\System\oUCSjFV.exe
  C:\Windows\System\oUCSjFV.exe
  2⤵
  PID:4268
- C:\Windows\System\UDggQSE.exe
  C:\Windows\System\UDggQSE.exe
  2⤵
  PID:4480
- C:\Windows\System\pUDGSgS.exe
  C:\Windows\System\pUDGSgS.exe
  2⤵
  PID:4748
- C:\Windows\System\ZZTHmMw.exe
  C:\Windows\System\ZZTHmMw.exe
  2⤵
  PID:5012
- C:\Windows\System\wosjIqw.exe
  C:\Windows\System\wosjIqw.exe
  2⤵
  PID:2860
- C:\Windows\System\HoyfAHk.exe
  C:\Windows\System\HoyfAHk.exe
  2⤵
  PID:4548
- C:\Windows\System\aXzhSba.exe
  C:\Windows\System\aXzhSba.exe
  2⤵
  PID:4184
- C:\Windows\System\yvRPfKI.exe
  C:\Windows\System\yvRPfKI.exe
  2⤵
  PID:4628
- C:\Windows\System\YtqzXsh.exe
  C:\Windows\System\YtqzXsh.exe
  2⤵
  PID:4760
- C:\Windows\System\cfVPURh.exe
  C:\Windows\System\cfVPURh.exe
  2⤵
  PID:1624
- C:\Windows\System\YsDpoQM.exe
  C:\Windows\System\YsDpoQM.exe
  2⤵
  PID:4912
- C:\Windows\System\LLrpmLb.exe
  C:\Windows\System\LLrpmLb.exe
  2⤵
  PID:4868
- C:\Windows\System\ZttbpkF.exe
  C:\Windows\System\ZttbpkF.exe
  2⤵
  PID:4908
- C:\Windows\System\bBWNxAX.exe
  C:\Windows\System\bBWNxAX.exe
  2⤵
  PID:3284
- C:\Windows\System\eMQZEsm.exe
  C:\Windows\System\eMQZEsm.exe
  2⤵
  PID:4140
- C:\Windows\System\ImeHCnF.exe
  C:\Windows\System\ImeHCnF.exe
  2⤵
  PID:4320
- C:\Windows\System\OjbwhQn.exe
  C:\Windows\System\OjbwhQn.exe
  2⤵
  PID:2956
- C:\Windows\System\reAxkYl.exe
  C:\Windows\System\reAxkYl.exe
  2⤵
  PID:4840
- C:\Windows\System\lDspgeu.exe
  C:\Windows\System\lDspgeu.exe
  2⤵
  PID:4544
- C:\Windows\System\bKtmSSz.exe
  C:\Windows\System\bKtmSSz.exe
  2⤵
  PID:4700
- C:\Windows\System\igEAQxx.exe
  C:\Windows\System\igEAQxx.exe
  2⤵
  PID:564
- C:\Windows\System\jixKKtp.exe
  C:\Windows\System\jixKKtp.exe
  2⤵
  PID:280
- C:\Windows\System\UhnBFwT.exe
  C:\Windows\System\UhnBFwT.exe
  2⤵
  PID:4744
- C:\Windows\System\rLrJaKO.exe
  C:\Windows\System\rLrJaKO.exe
  2⤵
  PID:4280
- C:\Windows\System\mHcHJek.exe
  C:\Windows\System\mHcHJek.exe
  2⤵
  PID:1492
- C:\Windows\System\PLJxaJX.exe
  C:\Windows\System\PLJxaJX.exe
  2⤵
  PID:4884
- C:\Windows\System\EfqlRWO.exe
  C:\Windows\System\EfqlRWO.exe
  2⤵
  PID:5072
- C:\Windows\System\tGaeTEo.exe
  C:\Windows\System\tGaeTEo.exe
  2⤵
  PID:4928
- C:\Windows\System\QgjwBaf.exe
  C:\Windows\System\QgjwBaf.exe
  2⤵
  PID:4644
- C:\Windows\System\rRpKOBk.exe
  C:\Windows\System\rRpKOBk.exe
  2⤵
  PID:4400
- C:\Windows\System\mQsDYRY.exe
  C:\Windows\System\mQsDYRY.exe
  2⤵
  PID:2032
- C:\Windows\System\lZXdWKG.exe
  C:\Windows\System\lZXdWKG.exe
  2⤵
  PID:1632
- C:\Windows\System\EPfoHYV.exe
  C:\Windows\System\EPfoHYV.exe
  2⤵
  PID:4988
- C:\Windows\System\HEEmPyH.exe
  C:\Windows\System\HEEmPyH.exe
  2⤵
  PID:5144
- C:\Windows\System\onOnERC.exe
  C:\Windows\System\onOnERC.exe
  2⤵
  PID:5164
- C:\Windows\System\zSMXyZC.exe
  C:\Windows\System\zSMXyZC.exe
  2⤵
  PID:5180
- C:\Windows\System\xmpnSeo.exe
  C:\Windows\System\xmpnSeo.exe
  2⤵
  PID:5196
- C:\Windows\System\CNJSZkN.exe
  C:\Windows\System\CNJSZkN.exe
  2⤵
  PID:5216
- C:\Windows\System\fiSzOjx.exe
  C:\Windows\System\fiSzOjx.exe
  2⤵
  PID:5232
- C:\Windows\System\skJDRDz.exe
  C:\Windows\System\skJDRDz.exe
  2⤵
  PID:5248
- C:\Windows\System\oiOvVCs.exe
  C:\Windows\System\oiOvVCs.exe
  2⤵
  PID:5280
- C:\Windows\System\kykOJgz.exe
  C:\Windows\System\kykOJgz.exe
  2⤵
  PID:5312
- C:\Windows\System\TwuxXrO.exe
  C:\Windows\System\TwuxXrO.exe
  2⤵
  PID:5332
- C:\Windows\System\kFxsPeu.exe
  C:\Windows\System\kFxsPeu.exe
  2⤵
  PID:5356
- C:\Windows\System\QGundee.exe
  C:\Windows\System\QGundee.exe
  2⤵
  PID:5372
- C:\Windows\System\QrFNPms.exe
  C:\Windows\System\QrFNPms.exe
  2⤵
  PID:5392
- C:\Windows\System\IXqjWzR.exe
  C:\Windows\System\IXqjWzR.exe
  2⤵
  PID:5412
- C:\Windows\System\ZNegYvd.exe
  C:\Windows\System\ZNegYvd.exe
  2⤵
  PID:5432
- C:\Windows\System\UcuAbxA.exe
  C:\Windows\System\UcuAbxA.exe
  2⤵
  PID:5448
- C:\Windows\System\SsohJoG.exe
  C:\Windows\System\SsohJoG.exe
  2⤵
  PID:5468
- C:\Windows\System\YsORAJI.exe
  C:\Windows\System\YsORAJI.exe
  2⤵
  PID:5484
- C:\Windows\System\bvfYSUL.exe
  C:\Windows\System\bvfYSUL.exe
  2⤵
  PID:5508
- C:\Windows\System\VhVgMUM.exe
  C:\Windows\System\VhVgMUM.exe
  2⤵
  PID:5528
- C:\Windows\System\dKqBLuw.exe
  C:\Windows\System\dKqBLuw.exe
  2⤵
  PID:5544
- C:\Windows\System\bShkkaX.exe
  C:\Windows\System\bShkkaX.exe
  2⤵
  PID:5560
- C:\Windows\System\CWiEmFD.exe
  C:\Windows\System\CWiEmFD.exe
  2⤵
  PID:5576
- C:\Windows\System\QJTnEUQ.exe
  C:\Windows\System\QJTnEUQ.exe
  2⤵
  PID:5612
- C:\Windows\System\BxcRfkF.exe
  C:\Windows\System\BxcRfkF.exe
  2⤵
  PID:5632
- C:\Windows\System\vaPGBEh.exe
  C:\Windows\System\vaPGBEh.exe
  2⤵
  PID:5648
- C:\Windows\System\etuGrUg.exe
  C:\Windows\System\etuGrUg.exe
  2⤵
  PID:5676
- C:\Windows\System\DYOaHqe.exe
  C:\Windows\System\DYOaHqe.exe
  2⤵
  PID:5692
- C:\Windows\System\lbPInvb.exe
  C:\Windows\System\lbPInvb.exe
  2⤵
  PID:5708
- C:\Windows\System\HZxOfzu.exe
  C:\Windows\System\HZxOfzu.exe
  2⤵
  PID:5724
- C:\Windows\System\dgfRojN.exe
  C:\Windows\System\dgfRojN.exe
  2⤵
  PID:5744
- C:\Windows\System\wmoXWVg.exe
  C:\Windows\System\wmoXWVg.exe
  2⤵
  PID:5760
- C:\Windows\System\lkAUEQX.exe
  C:\Windows\System\lkAUEQX.exe
  2⤵
  PID:5796
- C:\Windows\System\DOBpBFW.exe
  C:\Windows\System\DOBpBFW.exe
  2⤵
  PID:5812
- C:\Windows\System\LZHfDxW.exe
  C:\Windows\System\LZHfDxW.exe
  2⤵
  PID:5828
- C:\Windows\System\yHPRXNb.exe
  C:\Windows\System\yHPRXNb.exe
  2⤵
  PID:5844
- C:\Windows\System\wuKwzdL.exe
  C:\Windows\System\wuKwzdL.exe
  2⤵
  PID:5876
- C:\Windows\System\npimUSh.exe
  C:\Windows\System\npimUSh.exe
  2⤵
  PID:5892
- C:\Windows\System\WkuJWGB.exe
  C:\Windows\System\WkuJWGB.exe
  2⤵
  PID:5908
- C:\Windows\System\aKIkAyr.exe
  C:\Windows\System\aKIkAyr.exe
  2⤵
  PID:5928
- C:\Windows\System\lVvjqbN.exe
  C:\Windows\System\lVvjqbN.exe
  2⤵
  PID:5944
- C:\Windows\System\dNZWMXy.exe
  C:\Windows\System\dNZWMXy.exe
  2⤵
  PID:5964
- C:\Windows\System\xwdTsaK.exe
  C:\Windows\System\xwdTsaK.exe
  2⤵
  PID:5980
- C:\Windows\System\AehfRvv.exe
  C:\Windows\System\AehfRvv.exe
  2⤵
  PID:6000
- C:\Windows\System\FlyjUhh.exe
  C:\Windows\System\FlyjUhh.exe
  2⤵
  PID:6028
- C:\Windows\System\nYRqphx.exe
  C:\Windows\System\nYRqphx.exe
  2⤵
  PID:6044
- C:\Windows\System\idiKoRH.exe
  C:\Windows\System\idiKoRH.exe
  2⤵
  PID:6060
- C:\Windows\System\YPoWsZH.exe
  C:\Windows\System\YPoWsZH.exe
  2⤵
  PID:6076
- C:\Windows\System\MVRTbYY.exe
  C:\Windows\System\MVRTbYY.exe
  2⤵
  PID:6116
- C:\Windows\System\uCyNtUo.exe
  C:\Windows\System\uCyNtUo.exe
  2⤵
  PID:6132
- C:\Windows\System\qvxWjKx.exe
  C:\Windows\System\qvxWjKx.exe
  2⤵
  PID:5132
- C:\Windows\System\yHYQeUU.exe
  C:\Windows\System\yHYQeUU.exe
  2⤵
  PID:3024
- C:\Windows\System\fTVjkgP.exe
  C:\Windows\System\fTVjkgP.exe
  2⤵
  PID:5088
- C:\Windows\System\XokDnKL.exe
  C:\Windows\System\XokDnKL.exe
  2⤵
  PID:4436
- C:\Windows\System\DGkLXEt.exe
  C:\Windows\System\DGkLXEt.exe
  2⤵
  PID:5224
- C:\Windows\System\rzJOYnH.exe
  C:\Windows\System\rzJOYnH.exe
  2⤵
  PID:5192
- C:\Windows\System\agBMxfz.exe
  C:\Windows\System\agBMxfz.exe
  2⤵
  PID:4984
- C:\Windows\System\LVOuRvR.exe
  C:\Windows\System\LVOuRvR.exe
  2⤵
  PID:5304
- C:\Windows\System\eHIXQre.exe
  C:\Windows\System\eHIXQre.exe
  2⤵
  PID:5320
- C:\Windows\System\xaNsWdq.exe
  C:\Windows\System\xaNsWdq.exe
  2⤵
  PID:5344
- C:\Windows\System\GKykkAr.exe
  C:\Windows\System\GKykkAr.exe
  2⤵
  PID:5384
- C:\Windows\System\wJuURgv.exe
  C:\Windows\System\wJuURgv.exe
  2⤵
  PID:5456
- C:\Windows\System\ekJsGJJ.exe
  C:\Windows\System\ekJsGJJ.exe
  2⤵
  PID:5440
- C:\Windows\System\uzLpEOT.exe
  C:\Windows\System\uzLpEOT.exe
  2⤵
  PID:5444
- C:\Windows\System\KcQbnTC.exe
  C:\Windows\System\KcQbnTC.exe
  2⤵
  PID:5584
- C:\Windows\System\uyWVhbQ.exe
  C:\Windows\System\uyWVhbQ.exe
  2⤵
  PID:5596
- C:\Windows\System\ZugoccS.exe
  C:\Windows\System\ZugoccS.exe
  2⤵
  PID:5620
- C:\Windows\System\UyVdCPx.exe
  C:\Windows\System\UyVdCPx.exe
  2⤵
  PID:5640
- C:\Windows\System\AgzYnig.exe
  C:\Windows\System\AgzYnig.exe
  2⤵
  PID:5664
- C:\Windows\System\veAkmdP.exe
  C:\Windows\System\veAkmdP.exe
  2⤵
  PID:5704
- C:\Windows\System\lSMgPAz.exe
  C:\Windows\System\lSMgPAz.exe
  2⤵
  PID:5756
- C:\Windows\System\eLBSjFH.exe
  C:\Windows\System\eLBSjFH.exe
  2⤵
  PID:5772
- C:\Windows\System\OJzSWJC.exe
  C:\Windows\System\OJzSWJC.exe
  2⤵
  PID:5788
- C:\Windows\System\eQkEnyw.exe
  C:\Windows\System\eQkEnyw.exe
  2⤵
  PID:5860
- C:\Windows\System\vnBWEbJ.exe
  C:\Windows\System\vnBWEbJ.exe
  2⤵
  PID:5840
- C:\Windows\System\KedNiXw.exe
  C:\Windows\System\KedNiXw.exe
  2⤵
  PID:5904
- C:\Windows\System\CbOJLpZ.exe
  C:\Windows\System\CbOJLpZ.exe
  2⤵
  PID:5976
- C:\Windows\System\xyHyRCy.exe
  C:\Windows\System\xyHyRCy.exe
  2⤵
  PID:5884
- C:\Windows\System\DGVZvEI.exe
  C:\Windows\System\DGVZvEI.exe
  2⤵
  PID:6096
- C:\Windows\System\sJluJJn.exe
  C:\Windows\System\sJluJJn.exe
  2⤵
  PID:5952
- C:\Windows\System\GqFssYS.exe
  C:\Windows\System\GqFssYS.exe
  2⤵
  PID:5988
- C:\Windows\System\yxqEXhx.exe
  C:\Windows\System\yxqEXhx.exe
  2⤵
  PID:6072
- C:\Windows\System\ZAkaDcS.exe
  C:\Windows\System\ZAkaDcS.exe
  2⤵
  PID:6140
- C:\Windows\System\axDoJRN.exe
  C:\Windows\System\axDoJRN.exe
  2⤵
  PID:5140
- C:\Windows\System\bFZRJIa.exe
  C:\Windows\System\bFZRJIa.exe
  2⤵
  PID:5212
- C:\Windows\System\NYdSVnO.exe
  C:\Windows\System\NYdSVnO.exe
  2⤵
  PID:5160
- C:\Windows\System\jxNJpch.exe
  C:\Windows\System\jxNJpch.exe
  2⤵
  PID:5260
- C:\Windows\System\dhIZYLV.exe
  C:\Windows\System\dhIZYLV.exe
  2⤵
  PID:5272
- C:\Windows\System\xcxzMAj.exe
  C:\Windows\System\xcxzMAj.exe
  2⤵
  PID:5492
- C:\Windows\System\JWLhKxB.exe
  C:\Windows\System\JWLhKxB.exe
  2⤵
  PID:5348
- C:\Windows\System\yEGrPuS.exe
  C:\Windows\System\yEGrPuS.exe
  2⤵
  PID:5536
- C:\Windows\System\bpMnAFW.exe
  C:\Windows\System\bpMnAFW.exe
  2⤵
  PID:5588
- C:\Windows\System\EvAgerH.exe
  C:\Windows\System\EvAgerH.exe
  2⤵
  PID:5604
- C:\Windows\System\hlvpxre.exe
  C:\Windows\System\hlvpxre.exe
  2⤵
  PID:5656
- C:\Windows\System\MyNZvCW.exe
  C:\Windows\System\MyNZvCW.exe
  2⤵
  PID:5752
- C:\Windows\System\EEDQSaC.exe
  C:\Windows\System\EEDQSaC.exe
  2⤵
  PID:5852
- C:\Windows\System\LeQOcpo.exe
  C:\Windows\System\LeQOcpo.exe
  2⤵
  PID:5820
- C:\Windows\System\KprDhdG.exe
  C:\Windows\System\KprDhdG.exe
  2⤵
  PID:5972
- C:\Windows\System\VdfTKJz.exe
  C:\Windows\System\VdfTKJz.exe
  2⤵
  PID:5720
- C:\Windows\System\zgRqZsy.exe
  C:\Windows\System\zgRqZsy.exe
  2⤵
  PID:6024
- C:\Windows\System\YeLOVWq.exe
  C:\Windows\System\YeLOVWq.exe
  2⤵
  PID:6092
- C:\Windows\System\lmusvPb.exe
  C:\Windows\System\lmusvPb.exe
  2⤵
  PID:6088
- C:\Windows\System\dyXBOVb.exe
  C:\Windows\System\dyXBOVb.exe
  2⤵
  PID:5204
- C:\Windows\System\EaDqYGk.exe
  C:\Windows\System\EaDqYGk.exe
  2⤵
  PID:5380
- C:\Windows\System\kMsDhxG.exe
  C:\Windows\System\kMsDhxG.exe
  2⤵
  PID:5352
- C:\Windows\System\DsOfAqR.exe
  C:\Windows\System\DsOfAqR.exe
  2⤵
  PID:5460
- C:\Windows\System\nIHBISY.exe
  C:\Windows\System\nIHBISY.exe
  2⤵
  PID:5264
- C:\Windows\System\FifxakG.exe
  C:\Windows\System\FifxakG.exe
  2⤵
  PID:5408
- C:\Windows\System\bJHxVor.exe
  C:\Windows\System\bJHxVor.exe
  2⤵
  PID:5568
- C:\Windows\System\kjzLVtw.exe
  C:\Windows\System\kjzLVtw.exe
  2⤵
  PID:5684
- C:\Windows\System\jxcUnKK.exe
  C:\Windows\System\jxcUnKK.exe
  2⤵
  PID:6084
- C:\Windows\System\KzRUVwa.exe
  C:\Windows\System\KzRUVwa.exe
  2⤵
  PID:5804
- C:\Windows\System\ayaTukY.exe
  C:\Windows\System\ayaTukY.exe
  2⤵
  PID:5872
- C:\Windows\System\ZLwDTuv.exe
  C:\Windows\System\ZLwDTuv.exe
  2⤵
  PID:6036
- C:\Windows\System\RkfieiO.exe
  C:\Windows\System\RkfieiO.exe
  2⤵
  PID:2284
- C:\Windows\System\AbcklXk.exe
  C:\Windows\System\AbcklXk.exe
  2⤵
  PID:5400
- C:\Windows\System\DgroBJQ.exe
  C:\Windows\System\DgroBJQ.exe
  2⤵
  PID:5700
- C:\Windows\System\rgfSbBx.exe
  C:\Windows\System\rgfSbBx.exe
  2⤵
  PID:5496
- C:\Windows\System\NJhgkJa.exe
  C:\Windows\System\NJhgkJa.exe
  2⤵
  PID:5628
- C:\Windows\System\oHQSCDC.exe
  C:\Windows\System\oHQSCDC.exe
  2⤵
  PID:5556
- C:\Windows\System\fjXynaw.exe
  C:\Windows\System\fjXynaw.exe
  2⤵
  PID:5940
- C:\Windows\System\soeyyjd.exe
  C:\Windows\System\soeyyjd.exe
  2⤵
  PID:5920
- C:\Windows\System\sfTpLQj.exe
  C:\Windows\System\sfTpLQj.exe
  2⤵
  PID:4424
- C:\Windows\System\pKTbYzD.exe
  C:\Windows\System\pKTbYzD.exe
  2⤵
  PID:5608
- C:\Windows\System\tCROIAk.exe
  C:\Windows\System\tCROIAk.exe
  2⤵
  PID:6068
- C:\Windows\System\OWlGEBR.exe
  C:\Windows\System\OWlGEBR.exe
  2⤵
  PID:5128
- C:\Windows\System\FECxZvm.exe
  C:\Windows\System\FECxZvm.exe
  2⤵
  PID:6156
- C:\Windows\System\ISJrgKh.exe
  C:\Windows\System\ISJrgKh.exe
  2⤵
  PID:6176
- C:\Windows\System\XiMWIIY.exe
  C:\Windows\System\XiMWIIY.exe
  2⤵
  PID:6192
- C:\Windows\System\vHlKPtE.exe
  C:\Windows\System\vHlKPtE.exe
  2⤵
  PID:6220
- C:\Windows\System\jFBXlcF.exe
  C:\Windows\System\jFBXlcF.exe
  2⤵
  PID:6236
- C:\Windows\System\SwlhjwX.exe
  C:\Windows\System\SwlhjwX.exe
  2⤵
  PID:6256
- C:\Windows\System\mfDeUVC.exe
  C:\Windows\System\mfDeUVC.exe
  2⤵
  PID:6272
- C:\Windows\System\SJXWJRV.exe
  C:\Windows\System\SJXWJRV.exe
  2⤵
  PID:6288
- C:\Windows\System\YBOfoxX.exe
  C:\Windows\System\YBOfoxX.exe
  2⤵
  PID:6304
- C:\Windows\System\ofkWMNS.exe
  C:\Windows\System\ofkWMNS.exe
  2⤵
  PID:6320
- C:\Windows\System\jZKVOpB.exe
  C:\Windows\System\jZKVOpB.exe
  2⤵
  PID:6336
- C:\Windows\System\ohgaedf.exe
  C:\Windows\System\ohgaedf.exe
  2⤵
  PID:6356
- C:\Windows\System\nWihYyT.exe
  C:\Windows\System\nWihYyT.exe
  2⤵
  PID:6372
- C:\Windows\System\iwfRKZs.exe
  C:\Windows\System\iwfRKZs.exe
  2⤵
  PID:6392
- C:\Windows\System\YygtNxI.exe
  C:\Windows\System\YygtNxI.exe
  2⤵
  PID:6412
- C:\Windows\System\mGdueau.exe
  C:\Windows\System\mGdueau.exe
  2⤵
  PID:6432
- C:\Windows\System\SpTwamo.exe
  C:\Windows\System\SpTwamo.exe
  2⤵
  PID:6448
- C:\Windows\System\ILBdSHC.exe
  C:\Windows\System\ILBdSHC.exe
  2⤵
  PID:6508
- C:\Windows\System\gudpsIe.exe
  C:\Windows\System\gudpsIe.exe
  2⤵
  PID:6524
- C:\Windows\System\qSpefBi.exe
  C:\Windows\System\qSpefBi.exe
  2⤵
  PID:6540
- C:\Windows\System\kIWZrdp.exe
  C:\Windows\System\kIWZrdp.exe
  2⤵
  PID:6556
- C:\Windows\System\tWMDlKI.exe
  C:\Windows\System\tWMDlKI.exe
  2⤵
  PID:6572
- C:\Windows\System\pPZjIIT.exe
  C:\Windows\System\pPZjIIT.exe
  2⤵
  PID:6588
- C:\Windows\System\mRiCkNg.exe
  C:\Windows\System\mRiCkNg.exe
  2⤵
  PID:6608
- C:\Windows\System\GaXpxbw.exe
  C:\Windows\System\GaXpxbw.exe
  2⤵
  PID:6628
- C:\Windows\System\GkzPmjy.exe
  C:\Windows\System\GkzPmjy.exe
  2⤵
  PID:6644
- C:\Windows\System\zzBUUkj.exe
  C:\Windows\System\zzBUUkj.exe
  2⤵
  PID:6672
- C:\Windows\System\tUSCWpm.exe
  C:\Windows\System\tUSCWpm.exe
  2⤵
  PID:6688
- C:\Windows\System\tevFtxf.exe
  C:\Windows\System\tevFtxf.exe
  2⤵
  PID:6728
- C:\Windows\System\iAtrBkv.exe
  C:\Windows\System\iAtrBkv.exe
  2⤵
  PID:6744
- C:\Windows\System\gvfJjoW.exe
  C:\Windows\System\gvfJjoW.exe
  2⤵
  PID:6760
- C:\Windows\System\nqTlVwe.exe
  C:\Windows\System\nqTlVwe.exe
  2⤵
  PID:6780
- C:\Windows\System\SiqwXgX.exe
  C:\Windows\System\SiqwXgX.exe
  2⤵
  PID:6808
- C:\Windows\System\VdDGBIH.exe
  C:\Windows\System\VdDGBIH.exe
  2⤵
  PID:6824
- C:\Windows\System\Defvtpt.exe
  C:\Windows\System\Defvtpt.exe
  2⤵
  PID:6840
- C:\Windows\System\QqETwcc.exe
  C:\Windows\System\QqETwcc.exe
  2⤵
  PID:6860
- C:\Windows\System\zkdkkGM.exe
  C:\Windows\System\zkdkkGM.exe
  2⤵
  PID:6876
- C:\Windows\System\WLidkfz.exe
  C:\Windows\System\WLidkfz.exe
  2⤵
  PID:6892
- C:\Windows\System\oPyUZUQ.exe
  C:\Windows\System\oPyUZUQ.exe
  2⤵
  PID:6912
- C:\Windows\System\zzPuUiQ.exe
  C:\Windows\System\zzPuUiQ.exe
  2⤵
  PID:6936
- C:\Windows\System\heaXNYW.exe
  C:\Windows\System\heaXNYW.exe
  2⤵
  PID:6952
- C:\Windows\System\KGXQVvV.exe
  C:\Windows\System\KGXQVvV.exe
  2⤵
  PID:6968
- C:\Windows\System\ehcwPLs.exe
  C:\Windows\System\ehcwPLs.exe
  2⤵
  PID:6984
- C:\Windows\System\cMuNLZV.exe
  C:\Windows\System\cMuNLZV.exe
  2⤵
  PID:7004
- C:\Windows\System\xwLMvwO.exe
  C:\Windows\System\xwLMvwO.exe
  2⤵
  PID:7024
- C:\Windows\System\snRfeCT.exe
  C:\Windows\System\snRfeCT.exe
  2⤵
  PID:7040
- C:\Windows\System\RwpAgBY.exe
  C:\Windows\System\RwpAgBY.exe
  2⤵
  PID:7056
- C:\Windows\System\FCJdzKx.exe
  C:\Windows\System\FCJdzKx.exe
  2⤵
  PID:7076
- C:\Windows\System\hLeoafj.exe
  C:\Windows\System\hLeoafj.exe
  2⤵
  PID:7104
- C:\Windows\System\xSLLIFA.exe
  C:\Windows\System\xSLLIFA.exe
  2⤵
  PID:7124
- C:\Windows\System\vJNqVEh.exe
  C:\Windows\System\vJNqVEh.exe
  2⤵
  PID:7140
- C:\Windows\System\KaUYUUH.exe
  C:\Windows\System\KaUYUUH.exe
  2⤵
  PID:7156
- C:\Windows\System\wMSjvhW.exe
  C:\Windows\System\wMSjvhW.exe
  2⤵
  PID:5592
- C:\Windows\System\gdXCjyB.exe
  C:\Windows\System\gdXCjyB.exe
  2⤵
  PID:6200
- C:\Windows\System\MoRyvnZ.exe
  C:\Windows\System\MoRyvnZ.exe
  2⤵
  PID:6296
- C:\Windows\System\DfOeRaP.exe
  C:\Windows\System\DfOeRaP.exe
  2⤵
  PID:6404
- C:\Windows\System\lrAzOir.exe
  C:\Windows\System\lrAzOir.exe
  2⤵
  PID:6172
- C:\Windows\System\luLrBXY.exe
  C:\Windows\System\luLrBXY.exe
  2⤵
  PID:4088
- C:\Windows\System\mYNSijX.exe
  C:\Windows\System\mYNSijX.exe
  2⤵
  PID:6244
- C:\Windows\System\LooEviS.exe
  C:\Windows\System\LooEviS.exe
  2⤵
  PID:6316
- C:\Windows\System\SDyLECE.exe
  C:\Windows\System\SDyLECE.exe
  2⤵
  PID:6420
- C:\Windows\System\CLHclWx.exe
  C:\Windows\System\CLHclWx.exe
  2⤵
  PID:6440
- C:\Windows\System\UeEVXSl.exe
  C:\Windows\System\UeEVXSl.exe
  2⤵
  PID:6468
- C:\Windows\System\UihgVEy.exe
  C:\Windows\System\UihgVEy.exe
  2⤵
  PID:6456
- C:\Windows\System\CHbJdRI.exe
  C:\Windows\System\CHbJdRI.exe
  2⤵
  PID:6496
- C:\Windows\System\DOjdifN.exe
  C:\Windows\System\DOjdifN.exe
  2⤵
  PID:6616
- C:\Windows\System\bNaZsMW.exe
  C:\Windows\System\bNaZsMW.exe
  2⤵
  PID:6484
- C:\Windows\System\ClPCdCk.exe
  C:\Windows\System\ClPCdCk.exe
  2⤵
  PID:6536
- C:\Windows\System\lsrezCP.exe
  C:\Windows\System\lsrezCP.exe
  2⤵
  PID:6564
- C:\Windows\System\aXAboVq.exe
  C:\Windows\System\aXAboVq.exe
  2⤵
  PID:6680
- C:\Windows\System\xZwJLaL.exe
  C:\Windows\System\xZwJLaL.exe
  2⤵
  PID:6704
- C:\Windows\System\yEXVZGd.exe
  C:\Windows\System\yEXVZGd.exe
  2⤵
  PID:6736
- C:\Windows\System\iODleet.exe
  C:\Windows\System\iODleet.exe
  2⤵
  PID:6800
- C:\Windows\System\ybdvLoA.exe
  C:\Windows\System\ybdvLoA.exe
  2⤵
  PID:6772
- C:\Windows\System\hvjFjxC.exe
  C:\Windows\System\hvjFjxC.exe
  2⤵
  PID:6816
- C:\Windows\System\oUnWygQ.exe
  C:\Windows\System\oUnWygQ.exe
  2⤵
  PID:6900
- C:\Windows\System\TvQAdHJ.exe
  C:\Windows\System\TvQAdHJ.exe
  2⤵
  PID:6948
- C:\Windows\System\ogUPmet.exe
  C:\Windows\System\ogUPmet.exe
  2⤵
  PID:7016
- C:\Windows\System\yhiexGy.exe
  C:\Windows\System\yhiexGy.exe
  2⤵
  PID:7084
- C:\Windows\System\btACYMR.exe
  C:\Windows\System\btACYMR.exe
  2⤵
  PID:7092
- C:\Windows\System\IyQhACt.exe
  C:\Windows\System\IyQhACt.exe
  2⤵
  PID:6148
- C:\Windows\System\hMaMwjX.exe
  C:\Windows\System\hMaMwjX.exe
  2⤵
  PID:7068
- C:\Windows\System\cHElXrj.exe
  C:\Windows\System\cHElXrj.exe
  2⤵
  PID:7120
- C:\Windows\System\VizazQh.exe
  C:\Windows\System\VizazQh.exe
  2⤵
  PID:5268
- C:\Windows\System\cIqUhhb.exe
  C:\Windows\System\cIqUhhb.exe
  2⤵
  PID:6208
- C:\Windows\System\mUJMieL.exe
  C:\Windows\System\mUJMieL.exe
  2⤵
  PID:5420
- C:\Windows\System\oROBVJj.exe
  C:\Windows\System\oROBVJj.exe
  2⤵
  PID:5340
- C:\Windows\System\EJkOpIW.exe
  C:\Windows\System\EJkOpIW.exe
  2⤵
  PID:6380
- C:\Windows\System\DIsYoxw.exe
  C:\Windows\System\DIsYoxw.exe
  2⤵
  PID:6464
- C:\Windows\System\fDfWeEB.exe
  C:\Windows\System\fDfWeEB.exe
  2⤵
  PID:6504
- C:\Windows\System\zhQLNoc.exe
  C:\Windows\System\zhQLNoc.exe
  2⤵
  PID:6640
- C:\Windows\System\jQUSPQn.exe
  C:\Windows\System\jQUSPQn.exe
  2⤵
  PID:6756
- C:\Windows\System\lohnxSq.exe
  C:\Windows\System\lohnxSq.exe
  2⤵
  PID:6832
- C:\Windows\System\XElhLmd.exe
  C:\Windows\System\XElhLmd.exe
  2⤵
  PID:7052
- C:\Windows\System\XfrKnLl.exe
  C:\Windows\System\XfrKnLl.exe
  2⤵
  PID:6768
- C:\Windows\System\xuXSYXR.exe
  C:\Windows\System\xuXSYXR.exe
  2⤵
  PID:6656
- C:\Windows\System\fnmFPKp.exe
  C:\Windows\System\fnmFPKp.exe
  2⤵
  PID:6636
- C:\Windows\System\VbVVOAf.exe
  C:\Windows\System\VbVVOAf.exe
  2⤵
  PID:6724
- C:\Windows\System\iEVrNRg.exe
  C:\Windows\System\iEVrNRg.exe
  2⤵
  PID:6872
- C:\Windows\System\QtcyEfL.exe
  C:\Windows\System\QtcyEfL.exe
  2⤵
  PID:6888
- C:\Windows\System\JHzpvQT.exe
  C:\Windows\System\JHzpvQT.exe
  2⤵
  PID:5784
- C:\Windows\System\ivCLLBM.exe
  C:\Windows\System\ivCLLBM.exe
  2⤵
  PID:6856
- C:\Windows\System\RnBMLTE.exe
  C:\Windows\System\RnBMLTE.exe
  2⤵
  PID:6932
- C:\Windows\System\pYeFfGk.exe
  C:\Windows\System\pYeFfGk.exe
  2⤵
  PID:7116
- C:\Windows\System\IExNpuf.exe
  C:\Windows\System\IExNpuf.exe
  2⤵
  PID:7152
- C:\Windows\System\cysXtWA.exe
  C:\Windows\System\cysXtWA.exe
  2⤵
  PID:6016
- C:\Windows\System\RUXAyhT.exe
  C:\Windows\System\RUXAyhT.exe
  2⤵
  PID:5864
- C:\Windows\System\PmtLnMu.exe
  C:\Windows\System\PmtLnMu.exe
  2⤵
  PID:6428
- C:\Windows\System\LMPUHAf.exe
  C:\Windows\System\LMPUHAf.exe
  2⤵
  PID:6868
- C:\Windows\System\ihujjbE.exe
  C:\Windows\System\ihujjbE.exe
  2⤵
  PID:6992
- C:\Windows\System\bzIAhYU.exe
  C:\Windows\System\bzIAhYU.exe
  2⤵
  PID:7064
- C:\Windows\System\OFNwjUK.exe
  C:\Windows\System\OFNwjUK.exe
  2⤵
  PID:6480
- C:\Windows\System\qbnjJgF.exe
  C:\Windows\System\qbnjJgF.exe
  2⤵
  PID:6212
- C:\Windows\System\rJbzxEt.exe
  C:\Windows\System\rJbzxEt.exe
  2⤵
  PID:7180
- C:\Windows\System\WxcfZrD.exe
  C:\Windows\System\WxcfZrD.exe
  2⤵
  PID:7200
- C:\Windows\System\yKUQOdg.exe
  C:\Windows\System\yKUQOdg.exe
  2⤵
  PID:7220
- C:\Windows\System\vEaEyFO.exe
  C:\Windows\System\vEaEyFO.exe
  2⤵
  PID:7236
- C:\Windows\System\fwZSWYb.exe
  C:\Windows\System\fwZSWYb.exe
  2⤵
  PID:7252
- C:\Windows\System\kItUfbJ.exe
  C:\Windows\System\kItUfbJ.exe
  2⤵
  PID:7268
- C:\Windows\System\PVfytAI.exe
  C:\Windows\System\PVfytAI.exe
  2⤵
  PID:7308
- C:\Windows\System\TqrVoue.exe
  C:\Windows\System\TqrVoue.exe
  2⤵
  PID:7336
- C:\Windows\System\KIHAGud.exe
  C:\Windows\System\KIHAGud.exe
  2⤵
  PID:7352
- C:\Windows\System\nCmpxJG.exe
  C:\Windows\System\nCmpxJG.exe
  2⤵
  PID:7368
- C:\Windows\System\hCmKciN.exe
  C:\Windows\System\hCmKciN.exe
  2⤵
  PID:7388
- C:\Windows\System\gTnWLeD.exe
  C:\Windows\System\gTnWLeD.exe
  2⤵
  PID:7420
- C:\Windows\System\SCrjmsw.exe
  C:\Windows\System\SCrjmsw.exe
  2⤵
  PID:7436
- C:\Windows\System\HWlVfqp.exe
  C:\Windows\System\HWlVfqp.exe
  2⤵
  PID:7460
- C:\Windows\System\KVKPJMn.exe
  C:\Windows\System\KVKPJMn.exe
  2⤵
  PID:7476
- C:\Windows\System\lbTshmr.exe
  C:\Windows\System\lbTshmr.exe
  2⤵
  PID:7492
- C:\Windows\System\FgDMpaV.exe
  C:\Windows\System\FgDMpaV.exe
  2⤵
  PID:7508
- C:\Windows\System\cVUmMcB.exe
  C:\Windows\System\cVUmMcB.exe
  2⤵
  PID:7540
- C:\Windows\System\nYBgKXJ.exe
  C:\Windows\System\nYBgKXJ.exe
  2⤵
  PID:7556
- C:\Windows\System\frKlols.exe
  C:\Windows\System\frKlols.exe
  2⤵
  PID:7572
- C:\Windows\System\wEFoNte.exe
  C:\Windows\System\wEFoNte.exe
  2⤵
  PID:7592
- C:\Windows\System\zDqQwME.exe
  C:\Windows\System\zDqQwME.exe
  2⤵
  PID:7612
- C:\Windows\System\CLgUodt.exe
  C:\Windows\System\CLgUodt.exe
  2⤵
  PID:7632
- C:\Windows\System\WYMOEWE.exe
  C:\Windows\System\WYMOEWE.exe
  2⤵
  PID:7648
- C:\Windows\System\ErPgETd.exe
  C:\Windows\System\ErPgETd.exe
  2⤵
  PID:7664
- C:\Windows\System\CfIxcwr.exe
  C:\Windows\System\CfIxcwr.exe
  2⤵
  PID:7684
- C:\Windows\System\qlCBHyG.exe
  C:\Windows\System\qlCBHyG.exe
  2⤵
  PID:7704
- C:\Windows\System\XtXENJd.exe
  C:\Windows\System\XtXENJd.exe
  2⤵
  PID:7720
- C:\Windows\System\lJRZDnU.exe
  C:\Windows\System\lJRZDnU.exe
  2⤵
  PID:7760
- C:\Windows\System\AkKkXKk.exe
  C:\Windows\System\AkKkXKk.exe
  2⤵
  PID:7780
- C:\Windows\System\wAtnFfD.exe
  C:\Windows\System\wAtnFfD.exe
  2⤵
  PID:7800
- C:\Windows\System\PFVpXbf.exe
  C:\Windows\System\PFVpXbf.exe
  2⤵
  PID:7820
- C:\Windows\System\VhgMcok.exe
  C:\Windows\System\VhgMcok.exe
  2⤵
  PID:7840
- C:\Windows\System\yiuEnaG.exe
  C:\Windows\System\yiuEnaG.exe
  2⤵
  PID:7856
- C:\Windows\System\RrYJCLA.exe
  C:\Windows\System\RrYJCLA.exe
  2⤵
  PID:7872
- C:\Windows\System\nwuoaCo.exe
  C:\Windows\System\nwuoaCo.exe
  2⤵
  PID:7888
- C:\Windows\System\OlwwvaI.exe
  C:\Windows\System\OlwwvaI.exe
  2⤵
  PID:7908
- C:\Windows\System\OzBjRDy.exe
  C:\Windows\System\OzBjRDy.exe
  2⤵
  PID:7932
- C:\Windows\System\SuzeMmm.exe
  C:\Windows\System\SuzeMmm.exe
  2⤵
  PID:7952
- C:\Windows\System\qMEpUsJ.exe
  C:\Windows\System\qMEpUsJ.exe
  2⤵
  PID:7976
- C:\Windows\System\hCkpBUk.exe
  C:\Windows\System\hCkpBUk.exe
  2⤵
  PID:7992
- C:\Windows\System\ZQjSCnC.exe
  C:\Windows\System\ZQjSCnC.exe
  2⤵
  PID:8008
- C:\Windows\System\sxCkVbK.exe
  C:\Windows\System\sxCkVbK.exe
  2⤵
  PID:8036
- C:\Windows\System\thZqPBq.exe
  C:\Windows\System\thZqPBq.exe
  2⤵
  PID:8060
- C:\Windows\System\pegGQvh.exe
  C:\Windows\System\pegGQvh.exe
  2⤵
  PID:8076
- C:\Windows\System\ajBwwAS.exe
  C:\Windows\System\ajBwwAS.exe
  2⤵
  PID:8092
- C:\Windows\System\XdxHIsD.exe
  C:\Windows\System\XdxHIsD.exe
  2⤵
  PID:8108
- C:\Windows\System\Nmhhnfp.exe
  C:\Windows\System\Nmhhnfp.exe
  2⤵
  PID:8136
- C:\Windows\System\ObDopWn.exe
  C:\Windows\System\ObDopWn.exe
  2⤵
  PID:8152
- C:\Windows\System\vgWhSVo.exe
  C:\Windows\System\vgWhSVo.exe
  2⤵
  PID:8168
- C:\Windows\System\SqvzgyH.exe
  C:\Windows\System\SqvzgyH.exe
  2⤵
  PID:8188
- C:\Windows\System\whTbNpu.exe
  C:\Windows\System\whTbNpu.exe
  2⤵
  PID:7260
- C:\Windows\System\RQlbFDH.exe
  C:\Windows\System\RQlbFDH.exe
  2⤵
  PID:6492
- C:\Windows\System\JSGDPMw.exe
  C:\Windows\System\JSGDPMw.exe
  2⤵
  PID:7012
- C:\Windows\System\bkRNxsn.exe
  C:\Windows\System\bkRNxsn.exe
  2⤵
  PID:7036
- C:\Windows\System\ELHptcQ.exe
  C:\Windows\System\ELHptcQ.exe
  2⤵
  PID:7208
- C:\Windows\System\qNfqPDC.exe
  C:\Windows\System\qNfqPDC.exe
  2⤵
  PID:6216
- C:\Windows\System\ztpTdSL.exe
  C:\Windows\System\ztpTdSL.exe
  2⤵
  PID:6352
- C:\Windows\System\IJPHciQ.exe
  C:\Windows\System\IJPHciQ.exe
  2⤵
  PID:6716
- C:\Windows\System\VjVkipL.exe
  C:\Windows\System\VjVkipL.exe
  2⤵
  PID:7176
- C:\Windows\System\VpaxnHn.exe
  C:\Windows\System\VpaxnHn.exe
  2⤵
  PID:7284
- C:\Windows\System\NdlUAUH.exe
  C:\Windows\System\NdlUAUH.exe
  2⤵
  PID:7300
- C:\Windows\System\ssmsRIC.exe
  C:\Windows\System\ssmsRIC.exe
  2⤵
  PID:7320
- C:\Windows\System\pMvEQcT.exe
  C:\Windows\System\pMvEQcT.exe
  2⤵
  PID:7360
- C:\Windows\System\aAUbBMN.exe
  C:\Windows\System\aAUbBMN.exe
  2⤵
  PID:7348
- C:\Windows\System\ETCXYeW.exe
  C:\Windows\System\ETCXYeW.exe
  2⤵
  PID:7404
- C:\Windows\System\bMDaUeq.exe
  C:\Windows\System\bMDaUeq.exe
  2⤵
  PID:7448
- C:\Windows\System\zrfCQrE.exe
  C:\Windows\System\zrfCQrE.exe
  2⤵
  PID:7520
- C:\Windows\System\PCSZheu.exe
  C:\Windows\System\PCSZheu.exe
  2⤵
  PID:7564
- C:\Windows\System\VjKDGVn.exe
  C:\Windows\System\VjKDGVn.exe
  2⤵
  PID:7644
- C:\Windows\System\PLJLjRI.exe
  C:\Windows\System\PLJLjRI.exe
  2⤵
  PID:7712
- C:\Windows\System\MOQVKiV.exe
  C:\Windows\System\MOQVKiV.exe
  2⤵
  PID:7628
- C:\Windows\System\vbdNCGW.exe
  C:\Windows\System\vbdNCGW.exe
  2⤵
  PID:7580
- C:\Windows\System\eaWKLav.exe
  C:\Windows\System\eaWKLav.exe
  2⤵
  PID:7692
- C:\Windows\System\wSXNtNE.exe
  C:\Windows\System\wSXNtNE.exe
  2⤵
  PID:7740
- C:\Windows\System\mSFNYUK.exe
  C:\Windows\System\mSFNYUK.exe
  2⤵
  PID:7768
- C:\Windows\System\wHWBkJI.exe
  C:\Windows\System\wHWBkJI.exe
  2⤵
  PID:7796
- C:\Windows\System\vpDVukw.exe
  C:\Windows\System\vpDVukw.exe
  2⤵
  PID:7920
- C:\Windows\System\xtITaly.exe
  C:\Windows\System\xtITaly.exe
  2⤵
  PID:7832
- C:\Windows\System\CgllVjr.exe
  C:\Windows\System\CgllVjr.exe
  2⤵
  PID:7940
- C:\Windows\System\IDkQbbc.exe
  C:\Windows\System\IDkQbbc.exe
  2⤵
  PID:7968
- C:\Windows\System\UkQBZAF.exe
  C:\Windows\System\UkQBZAF.exe
  2⤵
  PID:8004
- C:\Windows\System\mCZlkQU.exe
  C:\Windows\System\mCZlkQU.exe
  2⤵
  PID:8016
- C:\Windows\System\KaDhXmQ.exe
  C:\Windows\System\KaDhXmQ.exe
  2⤵
  PID:7988
- C:\Windows\System\QPKsRkI.exe
  C:\Windows\System\QPKsRkI.exe
  2⤵
  PID:8084
- C:\Windows\System\CRJYrkL.exe
  C:\Windows\System\CRJYrkL.exe
  2⤵
  PID:8128
- C:\Windows\System\KBiQUaD.exe
  C:\Windows\System\KBiQUaD.exe
  2⤵
  PID:8144
- C:\Windows\System\AwLlBqU.exe
  C:\Windows\System\AwLlBqU.exe
  2⤵
  PID:7192
- C:\Windows\System\fGNqrFN.exe
  C:\Windows\System\fGNqrFN.exe
  2⤵
  PID:7048
- C:\Windows\System\NcvXVnW.exe
  C:\Windows\System\NcvXVnW.exe
  2⤵
  PID:8184
- C:\Windows\System\qnQazAh.exe
  C:\Windows\System\qnQazAh.exe
  2⤵
  PID:5552
- C:\Windows\System\zuMYjNw.exe
  C:\Windows\System\zuMYjNw.exe
  2⤵
  PID:6700
- C:\Windows\System\jkIpcrX.exe
  C:\Windows\System\jkIpcrX.exe
  2⤵
  PID:6348
- C:\Windows\System\nObXLnR.exe
  C:\Windows\System\nObXLnR.exe
  2⤵
  PID:7328
- C:\Windows\System\muqRlYx.exe
  C:\Windows\System\muqRlYx.exe
  2⤵
  PID:7412
- C:\Windows\System\NQQsfPG.exe
  C:\Windows\System\NQQsfPG.exe
  2⤵
  PID:6944
- C:\Windows\System\yhndTvD.exe
  C:\Windows\System\yhndTvD.exe
  2⤵
  PID:7276
- C:\Windows\System\Lvbhila.exe
  C:\Windows\System\Lvbhila.exe
  2⤵
  PID:7400
- C:\Windows\System\EGwHyld.exe
  C:\Windows\System\EGwHyld.exe
  2⤵
  PID:7500
- C:\Windows\System\WrMEwUU.exe
  C:\Windows\System\WrMEwUU.exe
  2⤵
  PID:7444
- C:\Windows\System\THPawaF.exe
  C:\Windows\System\THPawaF.exe
  2⤵
  PID:7640
- C:\Windows\System\RoorDIk.exe
  C:\Windows\System\RoorDIk.exe
  2⤵
  PID:7624
- C:\Windows\System\cCMTRxV.exe
  C:\Windows\System\cCMTRxV.exe
  2⤵
  PID:7752
- C:\Windows\System\olfFwtD.exe
  C:\Windows\System\olfFwtD.exe
  2⤵
  PID:7852
- C:\Windows\System\yoKVdhu.exe
  C:\Windows\System\yoKVdhu.exe
  2⤵
  PID:7772
- C:\Windows\System\FscHiZN.exe
  C:\Windows\System\FscHiZN.exe
  2⤵
  PID:7904
- C:\Windows\System\qfmRmqz.exe
  C:\Windows\System\qfmRmqz.exe
  2⤵
  PID:7984
- C:\Windows\System\WiRKzSU.exe
  C:\Windows\System\WiRKzSU.exe
  2⤵
  PID:8132
- C:\Windows\System\WVziCtR.exe
  C:\Windows\System\WVziCtR.exe
  2⤵
  PID:8068
- C:\Windows\System\eKjfAOG.exe
  C:\Windows\System\eKjfAOG.exe
  2⤵
  PID:7216
- C:\Windows\System\asoNDHs.exe
  C:\Windows\System\asoNDHs.exe
  2⤵
  PID:8028
- C:\Windows\System\tWrffMN.exe
  C:\Windows\System\tWrffMN.exe
  2⤵
  PID:7296
- C:\Windows\System\LAbcqxh.exe
  C:\Windows\System\LAbcqxh.exe
  2⤵
  PID:7516
- C:\Windows\System\FVyWWlx.exe
  C:\Windows\System\FVyWWlx.exe
  2⤵
  PID:7680
- C:\Windows\System\qsVbgtg.exe
  C:\Windows\System\qsVbgtg.exe
  2⤵
  PID:7228
- C:\Windows\System\GoEdFjs.exe
  C:\Windows\System\GoEdFjs.exe
  2⤵
  PID:7468
- C:\Windows\System\aEQLMlL.exe
  C:\Windows\System\aEQLMlL.exe
  2⤵
  PID:6596
- C:\Windows\System\OGQsZfA.exe
  C:\Windows\System\OGQsZfA.exe
  2⤵
  PID:7000
- C:\Windows\System\tQSVxDF.exe
  C:\Windows\System\tQSVxDF.exe
  2⤵
  PID:7884
- C:\Windows\System\DQovNiX.exe
  C:\Windows\System\DQovNiX.exe
  2⤵
  PID:7736
- C:\Windows\System\NMKPbhY.exe
  C:\Windows\System\NMKPbhY.exe
  2⤵
  PID:7948
- C:\Windows\System\PbzlASF.exe
  C:\Windows\System\PbzlASF.exe
  2⤵
  PID:8160
- C:\Windows\System\jCIaIbI.exe
  C:\Windows\System\jCIaIbI.exe
  2⤵
  PID:7316
- C:\Windows\System\LSEZjki.exe
  C:\Windows\System\LSEZjki.exe
  2⤵
  PID:7676
- C:\Windows\System\LvFTwzT.exe
  C:\Windows\System\LvFTwzT.exe
  2⤵
  PID:7280
- C:\Windows\System\IreAFKJ.exe
  C:\Windows\System\IreAFKJ.exe
  2⤵
  PID:7532
- C:\Windows\System\tSUMliF.exe
  C:\Windows\System\tSUMliF.exe
  2⤵
  PID:7700
- C:\Windows\System\Kzugnov.exe
  C:\Windows\System\Kzugnov.exe
  2⤵
  PID:7344
- C:\Windows\System\hSecKyE.exe
  C:\Windows\System\hSecKyE.exe
  2⤵
  PID:8104
- C:\Windows\System\fuPacEW.exe
  C:\Windows\System\fuPacEW.exe
  2⤵
  PID:7660
- C:\Windows\System\foYvKqp.exe
  C:\Windows\System\foYvKqp.exe
  2⤵
  PID:7864
- C:\Windows\System\GrhxfWW.exe
  C:\Windows\System\GrhxfWW.exe
  2⤵
  PID:7656
- C:\Windows\System\KgKDEPG.exe
  C:\Windows\System\KgKDEPG.exe
  2⤵
  PID:7600
- C:\Windows\System\miQOHMd.exe
  C:\Windows\System\miQOHMd.exe
  2⤵
  PID:7484
- C:\Windows\System\rdQcLqr.exe
  C:\Windows\System\rdQcLqr.exe
  2⤵
  PID:7756
- C:\Windows\System\KpBcIGe.exe
  C:\Windows\System\KpBcIGe.exe
  2⤵
  PID:7552
- C:\Windows\System\FRMUPkt.exe
  C:\Windows\System\FRMUPkt.exe
  2⤵
  PID:7196
- C:\Windows\System\jXdzeKI.exe
  C:\Windows\System\jXdzeKI.exe
  2⤵
  PID:7900
- C:\Windows\System\KATwCvZ.exe
  C:\Windows\System\KATwCvZ.exe
  2⤵
  PID:7536
- C:\Windows\System\opZBcvo.exe
  C:\Windows\System\opZBcvo.exe
  2⤵
  PID:7868
- C:\Windows\System\EtPeiKp.exe
  C:\Windows\System\EtPeiKp.exe
  2⤵
  PID:7792
- C:\Windows\System\CAamHXi.exe
  C:\Windows\System\CAamHXi.exe
  2⤵
  PID:8176
- C:\Windows\System\zUIDKkB.exe
  C:\Windows\System\zUIDKkB.exe
  2⤵
  PID:7828
- C:\Windows\System\mDDRCME.exe
  C:\Windows\System\mDDRCME.exe
  2⤵
  PID:8208
- C:\Windows\System\nxeYXNS.exe
  C:\Windows\System\nxeYXNS.exe
  2⤵
  PID:8228
- C:\Windows\System\iQYIeLT.exe
  C:\Windows\System\iQYIeLT.exe
  2⤵
  PID:8248
- C:\Windows\System\LlZcWkv.exe
  C:\Windows\System\LlZcWkv.exe
  2⤵
  PID:8264
- C:\Windows\System\QYcqwVY.exe
  C:\Windows\System\QYcqwVY.exe
  2⤵
  PID:8288
- C:\Windows\System\WLyLbsC.exe
  C:\Windows\System\WLyLbsC.exe
  2⤵
  PID:8304
- C:\Windows\System\VulFkCa.exe
  C:\Windows\System\VulFkCa.exe
  2⤵
  PID:8320
- C:\Windows\System\LGZxDkZ.exe
  C:\Windows\System\LGZxDkZ.exe
  2⤵
  PID:8336
- C:\Windows\System\UaajbJh.exe
  C:\Windows\System\UaajbJh.exe
  2⤵
  PID:8356
- C:\Windows\System\pttEYoE.exe
  C:\Windows\System\pttEYoE.exe
  2⤵
  PID:8372
- C:\Windows\System\KXegyVS.exe
  C:\Windows\System\KXegyVS.exe
  2⤵
  PID:8388
- C:\Windows\System\Qbcmjdd.exe
  C:\Windows\System\Qbcmjdd.exe
  2⤵
  PID:8404
- C:\Windows\System\TLFSbHP.exe
  C:\Windows\System\TLFSbHP.exe
  2⤵
  PID:8420
- C:\Windows\System\MRrXgXX.exe
  C:\Windows\System\MRrXgXX.exe
  2⤵
  PID:8444
- C:\Windows\System\VEZmBRF.exe
  C:\Windows\System\VEZmBRF.exe
  2⤵
  PID:8464
- C:\Windows\System\rIJoOnZ.exe
  C:\Windows\System\rIJoOnZ.exe
  2⤵
  PID:8480
- C:\Windows\System\tuDdinX.exe
  C:\Windows\System\tuDdinX.exe
  2⤵
  PID:8508
- C:\Windows\System\HNDOHIO.exe
  C:\Windows\System\HNDOHIO.exe
  2⤵
  PID:8528
- C:\Windows\System\FhQVKPD.exe
  C:\Windows\System\FhQVKPD.exe
  2⤵
  PID:8556
- C:\Windows\System\ImMTHUT.exe
  C:\Windows\System\ImMTHUT.exe
  2⤵
  PID:8576
- C:\Windows\System\SufZwwz.exe
  C:\Windows\System\SufZwwz.exe
  2⤵
  PID:8620
- C:\Windows\System\LOJcpBw.exe
  C:\Windows\System\LOJcpBw.exe
  2⤵
  PID:8640
- C:\Windows\System\kRZGXiS.exe
  C:\Windows\System\kRZGXiS.exe
  2⤵
  PID:8656
- C:\Windows\System\bhClEVI.exe
  C:\Windows\System\bhClEVI.exe
  2⤵
  PID:8672
- C:\Windows\System\TsmggjG.exe
  C:\Windows\System\TsmggjG.exe
  2⤵
  PID:8700
- C:\Windows\System\oRaqgbj.exe
  C:\Windows\System\oRaqgbj.exe
  2⤵
  PID:8716
- C:\Windows\System\sHdOPMt.exe
  C:\Windows\System\sHdOPMt.exe
  2⤵
  PID:8732
- C:\Windows\System\PMqdHso.exe
  C:\Windows\System\PMqdHso.exe
  2⤵
  PID:8748
- C:\Windows\System\efvKqAh.exe
  C:\Windows\System\efvKqAh.exe
  2⤵
  PID:8772
- C:\Windows\System\yWQMIKn.exe
  C:\Windows\System\yWQMIKn.exe
  2⤵
  PID:8788
- C:\Windows\System\ZcuGeWS.exe
  C:\Windows\System\ZcuGeWS.exe
  2⤵
  PID:8812
- C:\Windows\System\obwcsvl.exe
  C:\Windows\System\obwcsvl.exe
  2⤵
  PID:8828
- C:\Windows\System\YMZNkdb.exe
  C:\Windows\System\YMZNkdb.exe
  2⤵
  PID:8852
- C:\Windows\System\vHHMleP.exe
  C:\Windows\System\vHHMleP.exe
  2⤵
  PID:8876
- C:\Windows\System\qUhSvgT.exe
  C:\Windows\System\qUhSvgT.exe
  2⤵
  PID:8892
- C:\Windows\System\gcSWETO.exe
  C:\Windows\System\gcSWETO.exe
  2⤵
  PID:8920
- C:\Windows\System\VhWsbmF.exe
  C:\Windows\System\VhWsbmF.exe
  2⤵
  PID:8936
- C:\Windows\System\KltocqU.exe
  C:\Windows\System\KltocqU.exe
  2⤵
  PID:8952
- C:\Windows\System\XcKdVzq.exe
  C:\Windows\System\XcKdVzq.exe
  2⤵
  PID:8972
- C:\Windows\System\PsQufoP.exe
  C:\Windows\System\PsQufoP.exe
  2⤵
  PID:8992
- C:\Windows\System\QmwghHq.exe
  C:\Windows\System\QmwghHq.exe
  2⤵
  PID:9008
- C:\Windows\System\bLrLlBh.exe
  C:\Windows\System\bLrLlBh.exe
  2⤵
  PID:9024
- C:\Windows\System\tOjhHrH.exe
  C:\Windows\System\tOjhHrH.exe
  2⤵
  PID:9048
- C:\Windows\System\YBgbYRs.exe
  C:\Windows\System\YBgbYRs.exe
  2⤵
  PID:9068
- C:\Windows\System\RQQfaUU.exe
  C:\Windows\System\RQQfaUU.exe
  2⤵
  PID:9084
- C:\Windows\System\avXXBrM.exe
  C:\Windows\System\avXXBrM.exe
  2⤵
  PID:9108
- C:\Windows\System\XcBuEdb.exe
  C:\Windows\System\XcBuEdb.exe
  2⤵
  PID:9136
- C:\Windows\System\fYsRfWb.exe
  C:\Windows\System\fYsRfWb.exe
  2⤵
  PID:9156
- C:\Windows\System\JDUTnjQ.exe
  C:\Windows\System\JDUTnjQ.exe
  2⤵
  PID:9176
- C:\Windows\System\cchyWdu.exe
  C:\Windows\System\cchyWdu.exe
  2⤵
  PID:9196
- C:\Windows\System\oPffkqb.exe
  C:\Windows\System\oPffkqb.exe
  2⤵
  PID:7812
- C:\Windows\System\cNWGQyi.exe
  C:\Windows\System\cNWGQyi.exe
  2⤵
  PID:8240
- C:\Windows\System\CFlkkPH.exe
  C:\Windows\System\CFlkkPH.exe
  2⤵
  PID:8256
- C:\Windows\System\iBesHAv.exe
  C:\Windows\System\iBesHAv.exe
  2⤵
  PID:8280
- C:\Windows\System\btnXOpe.exe
  C:\Windows\System\btnXOpe.exe
  2⤵
  PID:8300
- C:\Windows\System\PXkCpiV.exe
  C:\Windows\System\PXkCpiV.exe
  2⤵
  PID:8328
- C:\Windows\System\zMROuFY.exe
  C:\Windows\System\zMROuFY.exe
  2⤵
  PID:8460
- C:\Windows\System\PmQbHHs.exe
  C:\Windows\System\PmQbHHs.exe
  2⤵
  PID:8496
- C:\Windows\System\nqzVxin.exe
  C:\Windows\System\nqzVxin.exe
  2⤵
  PID:8440
- C:\Windows\System\CfOtAWv.exe
  C:\Windows\System\CfOtAWv.exe
  2⤵
  PID:8432
- C:\Windows\System\zXNuNwA.exe
  C:\Windows\System\zXNuNwA.exe
  2⤵
  PID:8548
- C:\Windows\System\eBkConH.exe
  C:\Windows\System\eBkConH.exe
  2⤵
  PID:8572
- C:\Windows\System\OHpDJMD.exe
  C:\Windows\System\OHpDJMD.exe
  2⤵
  PID:8596
- C:\Windows\System\aHUQANz.exe
  C:\Windows\System\aHUQANz.exe
  2⤵
  PID:8636
- C:\Windows\System\bkMvudq.exe
  C:\Windows\System\bkMvudq.exe
  2⤵
  PID:8680
- C:\Windows\System\NHaEexX.exe
  C:\Windows\System\NHaEexX.exe
  2⤵
  PID:8684
- C:\Windows\System\qRnhXae.exe
  C:\Windows\System\qRnhXae.exe
  2⤵
  PID:8764
- C:\Windows\System\qpEWRsk.exe
  C:\Windows\System\qpEWRsk.exe
  2⤵
  PID:8804
- C:\Windows\System\bpHofpa.exe
  C:\Windows\System\bpHofpa.exe
  2⤵
  PID:8820
- C:\Windows\System\iNFoAnK.exe
  C:\Windows\System\iNFoAnK.exe
  2⤵
  PID:8860
- C:\Windows\System\IOrTQJs.exe
  C:\Windows\System\IOrTQJs.exe
  2⤵
  PID:8872
- C:\Windows\System\nkeuwka.exe
  C:\Windows\System\nkeuwka.exe
  2⤵
  PID:8916
- C:\Windows\System\alLrmgb.exe
  C:\Windows\System\alLrmgb.exe
  2⤵
  PID:8964
- C:\Windows\System\APvgzdy.exe
  C:\Windows\System\APvgzdy.exe
  2⤵
  PID:9032
- C:\Windows\System\lAMkrvL.exe
  C:\Windows\System\lAMkrvL.exe
  2⤵
  PID:9080
- C:\Windows\System\ItMZgue.exe
  C:\Windows\System\ItMZgue.exe
  2⤵
  PID:9128
- C:\Windows\System\QLgDZmV.exe
  C:\Windows\System\QLgDZmV.exe
  2⤵
  PID:8980
- C:\Windows\System\OvVIVLJ.exe
  C:\Windows\System\OvVIVLJ.exe
  2⤵
  PID:9092
- C:\Windows\System\wVlhyVn.exe
  C:\Windows\System\wVlhyVn.exe
  2⤵
  PID:9144
- C:\Windows\System\NBFDZPZ.exe
  C:\Windows\System\NBFDZPZ.exe
  2⤵
  PID:9208
- C:\Windows\System\PttCNSc.exe
  C:\Windows\System\PttCNSc.exe
  2⤵
  PID:9188
- C:\Windows\System\oppICeQ.exe
  C:\Windows\System\oppICeQ.exe
  2⤵
  PID:8236
- C:\Windows\System\lhMXuhJ.exe
  C:\Windows\System\lhMXuhJ.exe
  2⤵
  PID:8276
- C:\Windows\System\LMiFXtq.exe
  C:\Windows\System\LMiFXtq.exe
  2⤵
  PID:8384
- C:\Windows\System\qETjnud.exe
  C:\Windows\System\qETjnud.exe
  2⤵
  PID:8452
- C:\Windows\System\NrJHSUs.exe
  C:\Windows\System\NrJHSUs.exe
  2⤵
  PID:8536
- C:\Windows\System\zuyXUlO.exe
  C:\Windows\System\zuyXUlO.exe
  2⤵
  PID:8544
- C:\Windows\System\BJsjeAe.exe
  C:\Windows\System\BJsjeAe.exe
  2⤵
  PID:8476
- C:\Windows\System\lFfVQcX.exe
  C:\Windows\System\lFfVQcX.exe
  2⤵
  PID:8604
- C:\Windows\System\RruvdvT.exe
  C:\Windows\System\RruvdvT.exe
  2⤵
  PID:8428
- C:\Windows\System\EzxcRie.exe
  C:\Windows\System\EzxcRie.exe
  2⤵
  PID:8728
- C:\Windows\System\aiYXNCW.exe
  C:\Windows\System\aiYXNCW.exe
  2⤵
  PID:8712
- C:\Windows\System\OLGjKHq.exe
  C:\Windows\System\OLGjKHq.exe
  2⤵
  PID:8800
- C:\Windows\System\nhlBmOG.exe
  C:\Windows\System\nhlBmOG.exe
  2⤵
  PID:8844
- C:\Windows\System\hbHeKgd.exe
  C:\Windows\System\hbHeKgd.exe
  2⤵
  PID:8960
- C:\Windows\System\nqhHrUg.exe
  C:\Windows\System\nqhHrUg.exe
  2⤵
  PID:9116
- C:\Windows\System\coecYdG.exe
  C:\Windows\System\coecYdG.exe
  2⤵
  PID:9016
- C:\Windows\System\oHdpuhv.exe
  C:\Windows\System\oHdpuhv.exe
  2⤵
  PID:8744
- C:\Windows\System\Focgcje.exe
  C:\Windows\System\Focgcje.exe
  2⤵
  PID:9184
- C:\Windows\System\NpugAdJ.exe
  C:\Windows\System\NpugAdJ.exe
  2⤵
  PID:8296
- C:\Windows\System\LPqsPDl.exe
  C:\Windows\System\LPqsPDl.exe
  2⤵
  PID:8492
- C:\Windows\System\XfuNbHv.exe
  C:\Windows\System\XfuNbHv.exe
  2⤵
  PID:8668
- C:\Windows\System\kTqiYdP.exe
  C:\Windows\System\kTqiYdP.exe
  2⤵
  PID:8740
- C:\Windows\System\OPXgLLb.exe
  C:\Windows\System\OPXgLLb.exe
  2⤵
  PID:8884
- C:\Windows\System\XWzMpIP.exe
  C:\Windows\System\XWzMpIP.exe
  2⤵
  PID:8840
- C:\Windows\System\eJdVmHI.exe
  C:\Windows\System\eJdVmHI.exe
  2⤵
  PID:8200
- C:\Windows\System\VoDASfr.exe
  C:\Windows\System\VoDASfr.exe
  2⤵
  PID:8564
- C:\Windows\System\kpQjlKa.exe
  C:\Windows\System\kpQjlKa.exe
  2⤵
  PID:9076
- C:\Windows\System\IWBxDSh.exe
  C:\Windows\System\IWBxDSh.exe
  2⤵
  PID:9044
- C:\Windows\System\cMYtSjC.exe
  C:\Windows\System\cMYtSjC.exe
  2⤵
  PID:9020
- C:\Windows\System\RehIOWr.exe
  C:\Windows\System\RehIOWr.exe
  2⤵
  PID:9164
- C:\Windows\System\lxYCMXs.exe
  C:\Windows\System\lxYCMXs.exe
  2⤵
  PID:9168
- C:\Windows\System\ilylGOi.exe
  C:\Windows\System\ilylGOi.exe
  2⤵
  PID:8344
- C:\Windows\System\nBRwEag.exe
  C:\Windows\System\nBRwEag.exe
  2⤵
  PID:8396
- C:\Windows\System\QKmnAUS.exe
  C:\Windows\System\QKmnAUS.exe
  2⤵
  PID:8796
- C:\Windows\System\ksmUqeD.exe
  C:\Windows\System\ksmUqeD.exe
  2⤵
  PID:8612
- C:\Windows\System\FwxQsFn.exe
  C:\Windows\System\FwxQsFn.exe
  2⤵
  PID:8472
- C:\Windows\System\tPADGhq.exe
  C:\Windows\System\tPADGhq.exe
  2⤵
  PID:9064
- C:\Windows\System\YAHjXXu.exe
  C:\Windows\System\YAHjXXu.exe
  2⤵
  PID:8216
- C:\Windows\System\MoOhivS.exe
  C:\Windows\System\MoOhivS.exe
  2⤵
  PID:8988
- C:\Windows\System\BGIDsMP.exe
  C:\Windows\System\BGIDsMP.exe
  2⤵
  PID:9212
- C:\Windows\System\cDdSFgt.exe
  C:\Windows\System\cDdSFgt.exe
  2⤵
  PID:9100
- C:\Windows\System\sDJvpWj.exe
  C:\Windows\System\sDJvpWj.exe
  2⤵
  PID:9004
- C:\Windows\System\IYUUZne.exe
  C:\Windows\System\IYUUZne.exe
  2⤵
  PID:8348
- C:\Windows\System\NtebJGE.exe
  C:\Windows\System\NtebJGE.exe
  2⤵
  PID:9124
- C:\Windows\System\XClsibu.exe
  C:\Windows\System\XClsibu.exe
  2⤵
  PID:8904
- C:\Windows\System\WBzWrKz.exe
  C:\Windows\System\WBzWrKz.exe
  2⤵
  PID:1004
- C:\Windows\System\hBWBYEI.exe
  C:\Windows\System\hBWBYEI.exe
  2⤵
  PID:9220
- C:\Windows\System\rndgyha.exe
  C:\Windows\System\rndgyha.exe
  2⤵
  PID:9236
- C:\Windows\System\EgWqSOL.exe
  C:\Windows\System\EgWqSOL.exe
  2⤵
  PID:9260
- C:\Windows\System\ccNwkZJ.exe
  C:\Windows\System\ccNwkZJ.exe
  2⤵
  PID:9284
- C:\Windows\System\cPGvHky.exe
  C:\Windows\System\cPGvHky.exe
  2⤵
  PID:9304
- C:\Windows\System\aKbeEHo.exe
  C:\Windows\System\aKbeEHo.exe
  2⤵
  PID:9324
- C:\Windows\System\YQQgxxb.exe
  C:\Windows\System\YQQgxxb.exe
  2⤵
  PID:9348
- C:\Windows\System\LHxlRyB.exe
  C:\Windows\System\LHxlRyB.exe
  2⤵
  PID:9368
- C:\Windows\System\bJvgfZC.exe
  C:\Windows\System\bJvgfZC.exe
  2⤵
  PID:9388
- C:\Windows\System\KCUesLe.exe
  C:\Windows\System\KCUesLe.exe
  2⤵
  PID:9408
- C:\Windows\System\TpBnFLE.exe
  C:\Windows\System\TpBnFLE.exe
  2⤵
  PID:9428
- C:\Windows\System\SuyaAxh.exe
  C:\Windows\System\SuyaAxh.exe
  2⤵
  PID:9452
- C:\Windows\System\rYzeALA.exe
  C:\Windows\System\rYzeALA.exe
  2⤵
  PID:9468
- C:\Windows\System\AnDWxXN.exe
  C:\Windows\System\AnDWxXN.exe
  2⤵
  PID:9488
- C:\Windows\System\bjSgKqr.exe
  C:\Windows\System\bjSgKqr.exe
  2⤵
  PID:9508
- C:\Windows\System\zaxqsLa.exe
  C:\Windows\System\zaxqsLa.exe
  2⤵
  PID:9532
- C:\Windows\System\arGCHVE.exe
  C:\Windows\System\arGCHVE.exe
  2⤵
  PID:9548
- C:\Windows\System\wOewhNz.exe
  C:\Windows\System\wOewhNz.exe
  2⤵
  PID:9564
- C:\Windows\System\tAEvDmV.exe
  C:\Windows\System\tAEvDmV.exe
  2⤵
  PID:9584
- C:\Windows\System\kDSRiPs.exe
  C:\Windows\System\kDSRiPs.exe
  2⤵
  PID:9608
- C:\Windows\System\scsDLHC.exe
  C:\Windows\System\scsDLHC.exe
  2⤵
  PID:9632
- C:\Windows\System\dvsVoNP.exe
  C:\Windows\System\dvsVoNP.exe
  2⤵
  PID:9656
- C:\Windows\System\AupabGl.exe
  C:\Windows\System\AupabGl.exe
  2⤵
  PID:9672
- C:\Windows\System\eWxglXO.exe
  C:\Windows\System\eWxglXO.exe
  2⤵
  PID:9688
- C:\Windows\System\kIcStXr.exe
  C:\Windows\System\kIcStXr.exe
  2⤵
  PID:9716
- C:\Windows\System\gXUYpQM.exe
  C:\Windows\System\gXUYpQM.exe
  2⤵
  PID:9732
- C:\Windows\System\rwgtfFC.exe
  C:\Windows\System\rwgtfFC.exe
  2⤵
  PID:9756
- C:\Windows\System\vYoxykt.exe
  C:\Windows\System\vYoxykt.exe
  2⤵
  PID:9772
- C:\Windows\System\LZGsSYG.exe
  C:\Windows\System\LZGsSYG.exe
  2⤵
  PID:9792
- C:\Windows\System\fTatpNp.exe
  C:\Windows\System\fTatpNp.exe
  2⤵
  PID:9808
- C:\Windows\System\OhcQMSC.exe
  C:\Windows\System\OhcQMSC.exe
  2⤵
  PID:9832
- C:\Windows\System\ZZpeMfj.exe
  C:\Windows\System\ZZpeMfj.exe
  2⤵
  PID:9848
- C:\Windows\System\mYbvYET.exe
  C:\Windows\System\mYbvYET.exe
  2⤵
  PID:9868
- C:\Windows\System\jtNbpFu.exe
  C:\Windows\System\jtNbpFu.exe
  2⤵
  PID:9884
- C:\Windows\System\CysTWlD.exe
  C:\Windows\System\CysTWlD.exe
  2⤵
  PID:9904
- C:\Windows\System\OSlNhVf.exe
  C:\Windows\System\OSlNhVf.exe
  2⤵
  PID:9936
- C:\Windows\System\DsGYJSu.exe
  C:\Windows\System\DsGYJSu.exe
  2⤵
  PID:9952
- C:\Windows\System\KQSNZuU.exe
  C:\Windows\System\KQSNZuU.exe
  2⤵
  PID:9968
- C:\Windows\System\yMqMyHq.exe
  C:\Windows\System\yMqMyHq.exe
  2⤵
  PID:9988
- C:\Windows\System\RpTRBtg.exe
  C:\Windows\System\RpTRBtg.exe
  2⤵
  PID:10004
- C:\Windows\System\cCDmVnX.exe
  C:\Windows\System\cCDmVnX.exe
  2⤵
  PID:10024
- C:\Windows\System\dAmqFxN.exe
  C:\Windows\System\dAmqFxN.exe
  2⤵
  PID:10044
- C:\Windows\System\hDTzEeP.exe
  C:\Windows\System\hDTzEeP.exe
  2⤵
  PID:10064
- C:\Windows\System\HXlxdKw.exe
  C:\Windows\System\HXlxdKw.exe
  2⤵
  PID:10088
- C:\Windows\System\dbHCReZ.exe
  C:\Windows\System\dbHCReZ.exe
  2⤵
  PID:10104
- C:\Windows\System\ukvHjCt.exe
  C:\Windows\System\ukvHjCt.exe
  2⤵
  PID:10120
- C:\Windows\System\Qepqnup.exe
  C:\Windows\System\Qepqnup.exe
  2⤵
  PID:10144
- C:\Windows\System\sbeSdZn.exe
  C:\Windows\System\sbeSdZn.exe
  2⤵
  PID:10160
- C:\Windows\System\aaZAOyA.exe
  C:\Windows\System\aaZAOyA.exe
  2⤵
  PID:10176
- C:\Windows\System\JBqYale.exe
  C:\Windows\System\JBqYale.exe
  2⤵
  PID:10192
- C:\Windows\System\OeCHMVo.exe
  C:\Windows\System\OeCHMVo.exe
  2⤵
  PID:10220
- C:\Windows\System\WfYBEFy.exe
  C:\Windows\System\WfYBEFy.exe
  2⤵
  PID:9204
- C:\Windows\System\SUFZptK.exe
  C:\Windows\System\SUFZptK.exe
  2⤵
  PID:9256
- C:\Windows\System\lOzZWty.exe
  C:\Windows\System\lOzZWty.exe
  2⤵
  PID:9292
- C:\Windows\System\maKMeRJ.exe
  C:\Windows\System\maKMeRJ.exe
  2⤵
  PID:9320
- C:\Windows\System\RiYVerG.exe
  C:\Windows\System\RiYVerG.exe
  2⤵
  PID:9356
- C:\Windows\System\hcYUsuj.exe
  C:\Windows\System\hcYUsuj.exe
  2⤵
  PID:9376
- C:\Windows\System\upmiWyH.exe
  C:\Windows\System\upmiWyH.exe
  2⤵
  PID:9400
- C:\Windows\System\yEbiVvW.exe
  C:\Windows\System\yEbiVvW.exe
  2⤵
  PID:9440
- C:\Windows\System\YidXYWM.exe
  C:\Windows\System\YidXYWM.exe
  2⤵
  PID:9464
- C:\Windows\System\EWGDTNm.exe
  C:\Windows\System\EWGDTNm.exe
  2⤵
  PID:9496
- C:\Windows\System\UPVlrmw.exe
  C:\Windows\System\UPVlrmw.exe
  2⤵
  PID:9528
- C:\Windows\System\dZkpYrD.exe
  C:\Windows\System\dZkpYrD.exe
  2⤵
  PID:9576
- C:\Windows\System\qmVgiCf.exe
  C:\Windows\System\qmVgiCf.exe
  2⤵
  PID:9600
- C:\Windows\System\PvNzOEM.exe
  C:\Windows\System\PvNzOEM.exe
  2⤵
  PID:9640
- C:\Windows\System\VHkoLUC.exe
  C:\Windows\System\VHkoLUC.exe
  2⤵
  PID:9680
- C:\Windows\System\QlsYZxr.exe
  C:\Windows\System\QlsYZxr.exe
  2⤵
  PID:9668
- C:\Windows\System\wtaeJXW.exe
  C:\Windows\System\wtaeJXW.exe
  2⤵
  PID:9724
- C:\Windows\System\fTXiNrN.exe
  C:\Windows\System\fTXiNrN.exe
  2⤵
  PID:9752
- C:\Windows\System\YDYdXrh.exe
  C:\Windows\System\YDYdXrh.exe
  2⤵
  PID:9804
- C:\Windows\System\NdpmOTM.exe
  C:\Windows\System\NdpmOTM.exe
  2⤵
  PID:9844
- C:\Windows\System\OrNzRAB.exe
  C:\Windows\System\OrNzRAB.exe
  2⤵
  PID:9880
- C:\Windows\System\cNWWAoO.exe
  C:\Windows\System\cNWWAoO.exe
  2⤵
  PID:9920
- C:\Windows\System\EQQwupj.exe
  C:\Windows\System\EQQwupj.exe
  2⤵
  PID:9916
- C:\Windows\System\JbUQQzA.exe
  C:\Windows\System\JbUQQzA.exe
  2⤵
  PID:9976
- C:\Windows\System\BSeytLd.exe
  C:\Windows\System\BSeytLd.exe
  2⤵
  PID:10032
- C:\Windows\System\XICalnQ.exe
  C:\Windows\System\XICalnQ.exe
  2⤵
  PID:10076
- C:\Windows\System\tyslXGZ.exe
  C:\Windows\System\tyslXGZ.exe
  2⤵
  PID:10100
- C:\Windows\System\WxGPgBD.exe
  C:\Windows\System\WxGPgBD.exe
  2⤵
  PID:10152
- C:\Windows\System\eTvHdDz.exe
  C:\Windows\System\eTvHdDz.exe
  2⤵
  PID:10156
- C:\Windows\System\EXkXzxy.exe
  C:\Windows\System\EXkXzxy.exe
  2⤵
  PID:10204
- C:\Windows\System\uhWNEzf.exe
  C:\Windows\System\uhWNEzf.exe
  2⤵
  PID:10228
- C:\Windows\System\qzbCSvV.exe
  C:\Windows\System\qzbCSvV.exe
  2⤵
  PID:9232
- C:\Windows\System\tSoYqQE.exe
  C:\Windows\System\tSoYqQE.exe
  2⤵
  PID:9344
- C:\Windows\System\flJHsAv.exe
  C:\Windows\System\flJHsAv.exe
  2⤵
  PID:9404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BJwSeOl.exe

Filesize
6.0MB

MD5
02ab908cbee864a984ecbf08de83bf98

SHA1
6b9c452f9793c6f7a9419c925d8ed77cbb6b73f1

SHA256
c2c7a7ca4ce6c718e5607661f242032ed2a024448cd6ba7197510ce0d237869b

SHA512
0c80d0ad757ec9e89e07e631262f98f63e9ff6b6d1059e921f42cef43c2518db58cd70f1a02eeaa8fae64563103ea8b7695505cd4b3f3da74c6f6f3c7bd70d6c

Download Submit
C:\Windows\system\BThFemC.exe

Filesize
6.0MB

MD5
448cc2c9730a44d83a8aefe5f48d5c36

SHA1
ed916c452f1bdf7eba91916b5e1202d5a20e767b

SHA256
fbbb779b23c36a297dd4eb23908893d353644522769042ec22fa4ef147b31d4c

SHA512
40a5e8f298b052a9a06ca9d9322eb4215bc6ec71d355172806dc089bab53bdcfc9f9b7365b7e967fca9372a7bfe471f83e337ba8666b1da03e5947d9b986e313

Download Submit
C:\Windows\system\FmVAONo.exe

Filesize
6.0MB

MD5
0a8ec8e9e55bc669e04a5a6cc7e91e27

SHA1
83ff39a01e2fdd7bf379da56735c5b57424ca752

SHA256
03ddde77ae1eb06513a12ad21898faf194e1aae62f0be3a1e20546dc79597fdf

SHA512
92eec84429c43235184762acc029277586d51441406a5926963e5d2cd55b8694c3817eda083b60725037b2e0e38546c9b362554d4e9f1b27a3c00c5d45ee2ee4

Download Submit
C:\Windows\system\HgDPNaM.exe

Filesize
6.0MB

MD5
664956e11f306e6c0ad4c4ae4e97b8ab

SHA1
598b3abaa74ae99b36abc63ab68cad5df1fb52a7

SHA256
f552426d5746382b20f6190aaf37457960d3deb737b626e5de87f21f3eff3c99

SHA512
88f1963b68d0332e2effbf0c9cecdb5f2ba0175b3a5de668b9853d3973a67ff8f47bc4f045a86b61efe9193475f69f38605b151fe5ce216079ff3bd163a5aec7

Download Submit
C:\Windows\system\JGjynJr.exe

Filesize
6.0MB

MD5
15e8afeacda7c904d1eccd405269bab4

SHA1
a0a9aa23a92876f24db2fcbabe32d1fd3f6ff3aa

SHA256
88b147cf10c7903b729fa03e96028479167531927d0f2835856a2553bf85e45d

SHA512
b2b7ef21ab4af3bccacb6934bb8165a2a8fe4580b05825ac1667bc8b5a050118511155107b1f38cbe8bf713b41c6ef461488e98eaddaea4849c3cca02ee756e2

Download Submit
C:\Windows\system\SQtUScV.exe

Filesize
6.0MB

MD5
ccaf458d6e0c0117814ba1a256fb322d

SHA1
1798062d08f179d5524c8ece2b27cc91e38c6256

SHA256
6a881f7bf44ac22e881feed00d2d4589c209321a1061518e06f53db40161943a

SHA512
ad67738461deb69bad1028a6a8119e6b34df494bcfc727873dad8ebd5ecf25673debf64d1771bb8422d77eb1cca8753944aeb0596e9dfd14ecf15be7f950fc84

Download Submit
C:\Windows\system\VdyueNr.exe

Filesize
6.0MB

MD5
b683e9ca8f43345bd23f130ff1bb3495

SHA1
001d46c1e1b6a19ad2febfcca02613fc9c6cd151

SHA256
b7ea552fb85003b5bdfc23accdf72d3b4cda185125198f10f463d1376936bb91

SHA512
66773152ab9c1c66bc24ce0e746eb64064299d31283586a17ca9b034f842b9e7f453f7d36fa20578ded09cf82e606ec442ebf0654d5e03380b5bcde79a087d04

Download Submit
C:\Windows\system\VhJIJtC.exe

Filesize
6.0MB

MD5
af44424e2566735be67c3baa7b9aea2d

SHA1
2bf6331eb43badde5fdfb7afa9de8042f372aee9

SHA256
3c28893c47a6d039cb83085b74cd01f4d6add4f7d898883cff76ddebaab9bd7c

SHA512
6d7f2e1867f638e96ebb39e22381df1752cc8e51def37cd53725a64cbc722d2a27631557ad0233846870ca0809d1bcda372b92e2de1c1a5c53cd7693b5a7f49f

Download Submit
C:\Windows\system\XdcaqpE.exe

Filesize
6.0MB

MD5
72286b0f7b409bd6ef0e50d005784949

SHA1
c5518f422530f8d864a1f5c65810b1eb9b6d6ad1

SHA256
38b2a2d8a872967730092e2c5761edb6de0eafe8ef18d6db6235164ba87eb22e

SHA512
5d20179088228ff6e00001ef64e7bfb91245348579ee3f1b45a3c78b2debcfbfa700f229752ffa8801af95b7ff5dcdd20bf0fceb865bed6fcd99051f6821f9e1

Download Submit
C:\Windows\system\XsvVNNH.exe

Filesize
6.0MB

MD5
0a81b6b27d5496aa6010d3428f544864

SHA1
e804b0aad5349aec3b19ed28da515cff20d8ac3b

SHA256
0a3ce18aaad8e03330050d241a4e4a364e7fe63ba81e7a835e6b3987c5029bd8

SHA512
8a98520bff0245c5a0c7f833e9ccb3e3821fec416d930a7a38ac53a59df88a1897b22014ce7a52bf24fa7b434d595a012606a73b0bf1bebe3820e3644540882a

Download Submit
C:\Windows\system\YbvIlPD.exe

Filesize
6.0MB

MD5
9e1982b8502b4452b669bb10eb936264

SHA1
2f6ea5d672f5b9c553b0eeede818ed8359f469f9

SHA256
f218d88547372c116beecf5a2b652cf2f9073fcf2f9e44c9f6d0d010c6905bff

SHA512
17e38805707edca9461f3d6d58c6721c2458112ecf333f59571c880068c11a683239a19026f798c60ac7fab067d65d15aa8115d9605c628fcf59fa5a785bc755

Download Submit
C:\Windows\system\bHtoEnR.exe

Filesize
6.0MB

MD5
a7f1895c043e15b5842009be2014831c

SHA1
9de2060cbb42bd28fe2cf62b873d37eb3b074f7b

SHA256
ed4155ee6d234b8aa853885ba82b2ebabff7e7752bff283f08194aaa72346e06

SHA512
7cb81e646370da8c26874a0e4385e0f98f0ea09871744302148b81a6b303dbd165317e7496468d826d1b8dcc04835981778ca81ee42f7de2db7d232067455225

Download Submit
C:\Windows\system\elrKRGB.exe

Filesize
6.0MB

MD5
31c89581444b1f2e6bc6283d1fc8ee08

SHA1
d5151a91cee176651a3e35186fc0b57757a24197

SHA256
98bf1becf2a5e96be76d3ba9637fa6b42221e8f24b1f92d1d1a2338b744c50fe

SHA512
fd289d142cba0f8fa4000e1adde3b9556dfd2c81d15fd0c68c09fd3c0d39f2aacc2aa283a089f96c2e9b1112b278eb783a9e4dca198b351c816c5e5f159b1787

Download Submit
C:\Windows\system\gPyKAIn.exe

Filesize
6.0MB

MD5
ce3bf09e38e2ac46f257ede4e7a5810a

SHA1
587288923faa06b002bca36684a7573d4f849d9f

SHA256
b642f1e0b606fd33c95ea1fc5c6762eabe0d96db57c8fefdc8b50628420b2244

SHA512
739af041b90a120cc1f90403f8a5f5cd38a74ce94252573ffdde8c662022404a33dbaa0d2669b8ac1acd960ca6ae7df31003575572a6326d7376801c3d4405f5

Download Submit
C:\Windows\system\lWAkldk.exe

Filesize
6.0MB

MD5
91cbb9e6b1463197990b074a070e71ed

SHA1
39e3f0330b211875b25ca04e0ad00e002e7dacbb

SHA256
2b5c80923ff260c006dd6b2601b5ed245e38656d7c125f3f966cc8081d3f0fa9

SHA512
406ca78a54ae9aa3b18ed3f9dcc3b71bc18a950ccde3e56143093c1cb9584ce4b39b70c9e63e7ae5506e3c8e0d111f54ea10b35f5265c3a087fa9fa8cae91c37

Download Submit
C:\Windows\system\nnzaflT.exe

Filesize
6.0MB

MD5
1b12e88d3b06451efe39975ec775f04d

SHA1
a2ef18cc17a8b570a49c61c912fde830be1fc098

SHA256
fe700d885b6f8f2d38618210a48071c897044592d7c7f5dae1079c61582a8076

SHA512
c046a3b2160de9044135f848c327b4ac6d6962768a08ad980ac77eba42c25bbb9c5609cfea6c4eb310ee694c3fc31c08e8a3c425b7e22617114f146633b9772c

Download Submit
C:\Windows\system\pxHcPbY.exe

Filesize
6.0MB

MD5
0542f911fb1097f9059a3786c78c29d9

SHA1
bee71c631ccefd680f0576283881fa1716599e19

SHA256
b8e6d3f7a05ac0d95531cd0b691ae3d8a5e6889d83ebdb20580940b0a087d6c6

SHA512
53df71c0256c38e0d24808bd48f6bac153213bd518c9e1fd870d2f9a12b24854ba3dd5a3e02c863fe640025ffc7d1b136b793d7977eb122fe6136a83a50d48e6

Download Submit
C:\Windows\system\sRuJjsT.exe

Filesize
6.0MB

MD5
26ca4b22da48c94c0f2f123e41066324

SHA1
140f8694b5da7e05faaa8bb47fd99d8a00e63ac9

SHA256
fec92250f0e000f94282118407640ba250c98af2b275e02608dadaa31ec844b7

SHA512
384808a05474edde9da70dcfc0ce9f5902649fec177eb5f377b51f856ff2d1d247e2a445281e8f50665b95099358e8f048e46b68ae849e018f516c045d67e32d

Download Submit
C:\Windows\system\vdpbncF.exe

Filesize
6.0MB

MD5
2641e37534188fe43e890ec302a7086a

SHA1
b5a967c4e394fa359fb99b763138174d0d02ab17

SHA256
755fd8769b1464bdaed8739c476b812b8d1879caa2b94568bc6e0e491b30e4d6

SHA512
327294ca7088a8a11969029068afb5fd5f7b8b2b733b050e4d22cd7dba280000dd6ebed560095ada3e53307d4bbb6eda916751415a2841a200e4bdcc91f4fa69

Download Submit
C:\Windows\system\yqtVGcs.exe

Filesize
6.0MB

MD5
65ff5018362c1ae339015b6db4ba1144

SHA1
9a80292377def19836ca2aa993810e3a84ad9ca9

SHA256
ceb41fa5ad9de17b5c1394c33d2b6e86111f828e6ea8f97b999a39650c536116

SHA512
0d0e9eb4dc32b39ce40b1fd5add69525b5ab98bb08ea887baf76dd8b58e5cd4d11afa1c0ce00004c2f05219c277c580e478dc6495f5a1061cb96e276a3505170

Download Submit
\Windows\system\AANoTnk.exe

Filesize
6.0MB

MD5
c118b4f1bd4f41edc90d66f96707267f

SHA1
dc402f11ed170f708739eee634fc8eee0342224a

SHA256
940960e84b0f26c2f752ab55c5cebbd8c90fac8177028f0bb3440472ee70f834

SHA512
11953ed50c9b8250d4b4f8581b7e8005187305c9dd5d57d7d5218beb227a65dcce2401acb872f7461e1a23c4242265f0c183f30751f3837eca1a143fc1206265

Download Submit
\Windows\system\CLVetCS.exe

Filesize
6.0MB

MD5
07063bdc6a5d1257a4cea2138650af66

SHA1
9e265a27459753ea3c539b577c0884c491d85e30

SHA256
32ee44a2592e2a072a566cd7895c7a7aabb37a781093f894b9dc1b1e72d4106f

SHA512
555aadb7b37bb6f99a62f94af721555f01032ca3efe282dce173f07b53a05924f481dd551f79c64ed5cfe0cc261ffdc21c8b4c0b4db74f1e8eff74bae40023da

Download Submit
\Windows\system\CYApQHS.exe

Filesize
6.0MB

MD5
577e6f612c110e5d763d89915ecad163

SHA1
e23577f11b9cc34642078450ad80228371f5f862

SHA256
09ed12968991103b646390dd94aa90420f7a0710612d2c2c823e59cb0854f80f

SHA512
24c2ceb65e4124b94aa1c831bb6fdad2d02ced942eb954cf64d1536e11910b667aee7edb9c9272862f5cb3230fd39c006a9641bf12561f2bb4b50295fcd3da4b

Download Submit
\Windows\system\HOjpTwX.exe

Filesize
6.0MB

MD5
431560d9d9d1ed586326a5f385ee2871

SHA1
1ecedb4311a468f2a324f76d61be70c416a6c183

SHA256
0280d8506ea413b0e54026b59f9576bb00646d076fd1bd0877e849c56fce03d1

SHA512
174c7238876de1aaa62f2ff5fd4175c87cac45af11783d4c6a7067772524cf5a98a2866b778f699260a9015626b918a04c4cd63ad2679770365a4ff047f83cc4

Download Submit
\Windows\system\JGijUat.exe

Filesize
6.0MB

MD5
09d352ebfb5b6b78cec6b64aaf5f3e6f

SHA1
130696d2b16bb49b1bfae2b9b5524f228b7b332a

SHA256
6c4467dc01cb0b787f4fd07fe6ccaa82fffcabc0229b3438d45592d509bf16e5

SHA512
e8608c4106c521a153f35f19a9bbe307b844bdfd7ecedc1fa47d61192d75f3a8d700b8c2b682efd676311bfd119ab97c625b0993f8aa68dea082c89e2cfb0236

Download Submit
\Windows\system\SjCPhgm.exe

Filesize
6.0MB

MD5
b17995952dd3542fe5d40a722edf3a4b

SHA1
f6f128f3560ea3f22a62abdef0fcb646ef2f1e59

SHA256
f0e889d51c050e3a1ee36923444c4e2331722815600a15e492698f6779564149

SHA512
8785a1cf387e571c4300065344ac1bced0a7ee5a57a90381ee6f35fcf0d601542d303e96f5ef6e2180af6e2cad00fc1c57ec1ab178ef68146eaf656301ba2cfe

Download Submit
\Windows\system\UwGZwRr.exe

Filesize
6.0MB

MD5
cb3f022d8cfa9d214431542f8e39f8d4

SHA1
ba0e68ecd633c9ac41e6c1fb5886452512f3cb18

SHA256
0d51d5300a76177e6781e8cd3bfe00c563b1d4dcee95f1a174929ff8fa854b31

SHA512
b9736494015809b745f330984c603e9ff877fe3678d3fc9300c69e916189f86b2c60c976e5efe1275433721219589d16a69ec19a72847e3d5f3374c4b1a8894c

Download Submit
\Windows\system\VdMrLRx.exe

Filesize
6.0MB

MD5
d2c157b35bccef8b0be42e9731ca4cda

SHA1
6761bf84e63788ef408a878a91baa643a3d57d25

SHA256
a8beb5e2ffb7effa884e693df5832cf3947e2df44510ec463169a83580047185

SHA512
55d32fbfdc25a3e6ac4ffae773a3381a4bedd8fc29bad05807b635cdb2cf66da9368bfc14c8aef49069649180a387814bad55cfa9ad9405b2a63505869b7d72b

Download Submit
\Windows\system\gjqELaD.exe

Filesize
6.0MB

MD5
357c72f63708f3ac68e2e720e26d2607

SHA1
37cf83020c7e84fb33a10fba8c38d3b53e6395a2

SHA256
a09c318ddbe7bfc2f5b3123fe31c0cee95920550e2c069e5a615413fccf1d8fb

SHA512
cb676011ea105150b5f15cd0d79170c0e1ec28eb3b197aa77d01a2b345344919d8ab53e46eb831b3f1310f6d7655941f816d32cd16c27d0e2ff7f2d3173e2f95

Download Submit
\Windows\system\lnpSBiH.exe

Filesize
6.0MB

MD5
d64d6bc4a1a9e0f68327af286d2f3cea

SHA1
1073764091ad676d704ec881751033b40fc174b4

SHA256
1ade32fe633aa79475b765b4bc431c0377a16381854251992a1a1cce509846fc

SHA512
dfb2ed1ed2dc89054c1c77eed398796b44a6f46886269947ead35f5f4fb0c1a557456af155314fbcb8e1d4b4be5c89de29ea7ff3b599b46831381605816e719d

Download Submit
\Windows\system\lplDOoE.exe

Filesize
6.0MB

MD5
1d42610c0e9834f9e139a5a82fc29a2e

SHA1
6597c73ddc76d2dfb22df3cb4aa8a98c8f7204a3

SHA256
2eaaaad7f8e7a425c0ae8853b82c61b7c759977796cccd4ad15a4f13f0ac558f

SHA512
0ff8381aa89d8311e3263768e4a2a9ac4c203fb60deba872b33261e79a62bafd3d88eb18426a2b37a42c1c583cbd131d9bc7ba421f371c59a7d6c2318c34816a

Download Submit
\Windows\system\wKcrvMz.exe

Filesize
6.0MB

MD5
60afff752e4b1a19cc4d7aaa05e21f9d

SHA1
3453f59cf442e16ceef1b2f66ff637cb9aafa3c3

SHA256
a3b30e74d8e5634dd198d9325670ccebd003215d23af184de0f75c8f2606c4d4

SHA512
33de9f75c335d6ca6f6fe6f8616c3ce435a0944846e3995d9915246b1754d6a5275611879dafc30abc315314ec181e2f3e9e952475c53e22f7b2e180c4cbec47

Download Submit
memory/1124-94-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1124-679-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1124-4047-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1412-102-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1412-4048-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1576-3553-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1576-15-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1852-86-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/1852-4045-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2232-4049-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2232-107-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1197-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2252-48-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2252-3783-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2380-47-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3561-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-14-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-45-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2528-680-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2528-6-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2528-83-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2528-85-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2528-70-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2528-69-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2528-100-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2528-62-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1184-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2528-38-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2528-46-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2528-0-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2528-229-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2528-68-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2528-55-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2528-92-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2528-16-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2528-18-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2528-562-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2528-49-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-26-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2616-97-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2616-65-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2616-4046-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2692-80-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2712-23-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2712-53-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3792-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3778-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2748-61-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3798-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-39-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-59-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2840-90-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3803-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-51-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-81-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download