cobaltstrike | 32f58d57283a29dcbbf16d0cb0edf357696d42d2f8de648a05469569f7f4891e

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

dffeff98f0b2119d19e5c51603a169d5
SHA1

53dd1804f8002f931b6ae544cf5716b7afb5c134
SHA256

32f58d57283a29dcbbf16d0cb0edf357696d42d2f8de648a05469569f7f4891e
SHA512

fc2ba0770887d4be678d55d7d9b46e4db08393ec61aaa54e95ca3dbc375f507226a0d175f7471ad0e4654b8b96d1abd48e2b365701a461d0c6893d1b4b7f0a70
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUh:T+q56utgpPF8u/7h

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120fb-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce0-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce8-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf0-18.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d04-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5a-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017342-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-56.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016e1d-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 53 IoCs

miner

resource	yara_rule
behavioral1/memory/1972-0-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x00090000000120fb-6.dat	xmrig
behavioral1/files/0x0008000000016ce0-11.dat	xmrig
behavioral1/files/0x0008000000016ce8-12.dat	xmrig
behavioral1/files/0x0007000000016cf0-18.dat	xmrig
behavioral1/files/0x0008000000016d04-26.dat	xmrig
behavioral1/files/0x0007000000016d5a-30.dat	xmrig
behavioral1/files/0x0008000000017342-45.dat	xmrig
behavioral1/files/0x00050000000195c2-50.dat	xmrig
behavioral1/files/0x00050000000195c7-65.dat	xmrig
behavioral1/files/0x00050000000196a0-110.dat	xmrig
behavioral1/files/0x0005000000019c0b-134.dat	xmrig
behavioral1/files/0x0005000000019d5c-151.dat	xmrig
behavioral1/memory/1972-1873-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2444-1872-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2948-1875-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/1972-1878-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2216-1877-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/1972-2037-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/memory/2920-2036-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2784-2082-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2760-2194-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/1972-2425-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2556-1879-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/1972-2773-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f57-160.dat	xmrig
behavioral1/files/0x0005000000019d69-154.dat	xmrig
behavioral1/files/0x0005000000019cd5-140.dat	xmrig
behavioral1/files/0x0005000000019cfc-144.dat	xmrig
behavioral1/files/0x0005000000019bf2-131.dat	xmrig
behavioral1/files/0x0005000000019bec-120.dat	xmrig
behavioral1/files/0x0005000000019bf0-126.dat	xmrig
behavioral1/files/0x0005000000019931-115.dat	xmrig
behavioral1/files/0x0005000000019665-105.dat	xmrig
behavioral1/files/0x0005000000019624-100.dat	xmrig
behavioral1/files/0x00050000000195e0-95.dat	xmrig
behavioral1/files/0x00050000000195d0-90.dat	xmrig
behavioral1/files/0x00050000000195cc-81.dat	xmrig
behavioral1/files/0x00050000000195ce-85.dat	xmrig
behavioral1/files/0x00050000000195ca-75.dat	xmrig
behavioral1/files/0x00050000000195c8-71.dat	xmrig
behavioral1/files/0x00050000000195c6-61.dat	xmrig
behavioral1/files/0x00050000000195c4-56.dat	xmrig
behavioral1/files/0x0007000000016e1d-41.dat	xmrig
behavioral1/files/0x0007000000016d71-36.dat	xmrig
behavioral1/memory/1972-3118-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2216-3464-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2760-3460-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2920-3456-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2784-3478-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2444-3477-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2556-3476-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2948-3475-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2444	WTlwJKD.exe
2072	oQWPIbN.exe
2948	VVmMtJm.exe
2216	yxhaNNK.exe
2556	zADEYUt.exe
2920	zvsqVdH.exe
2784	wKtmhvy.exe
2760	DVLBjYH.exe
1692	mlaDRPC.exe
3044	lZfAoMW.exe
2652	TNpYsLO.exe
2680	BQpuhyx.exe
2636	gcwBWld.exe
2692	mRtuSbw.exe
556	vWIkDkE.exe
1008	BaLWPEN.exe
1588	HtQZNNR.exe
1492	OnCvJDZ.exe
3060	YmfHAgC.exe
1116	WxSKqoJ.exe
1644	hUjfwju.exe
2888	kbZxbXt.exe
2976	ZbZvZAO.exe
1056	tKQKThl.exe
1040	EJCAPdH.exe
2268	xkSWkQQ.exe
2388	GsClboZ.exe
2608	jzCOrqr.exe
1920	hHZDFyo.exe
1284	fAYQPhp.exe
2060	AGLjZFl.exe
2296	DEbOcSD.exe
1984	nmAyDiB.exe
1344	MKASmfz.exe
1868	opigKrD.exe
336	gHwTlMu.exe
2272	mRwJJwD.exe
2604	MNDbODk.exe
1712	UbjZvUV.exe
1752	NPLFngY.exe
1724	ELGmThZ.exe
916	wtKheUN.exe
1800	FvgdUoC.exe
2476	EWbFFPT.exe
1272	OFHejeS.exe
2280	juvjQWn.exe
2184	VNxxiVu.exe
1736	TGixkCC.exe
1824	gjAqIYT.exe
2056	SFIpUQt.exe
2600	QSsXzuv.exe
2344	tXkyMqm.exe
1264	SDNUDRb.exe
2324	aciltLS.exe
1348	zIfCxNQ.exe
1612	PiQzzLw.exe
1604	iBUoGjz.exe
2116	FSRdHsu.exe
2496	KvdkhFl.exe
2840	DDmLPcJ.exe
2824	MPUYLdf.exe
2788	SxDABXf.exe
1392	CQarQhe.exe
1932	BdveMFx.exe

Loads dropped DLL 64 IoCs

pid	Process
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 48 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1972-0-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x00090000000120fb-6.dat	upx
behavioral1/files/0x0008000000016ce0-11.dat	upx
behavioral1/files/0x0008000000016ce8-12.dat	upx
behavioral1/files/0x0007000000016cf0-18.dat	upx
behavioral1/files/0x0008000000016d04-26.dat	upx
behavioral1/files/0x0007000000016d5a-30.dat	upx
behavioral1/files/0x0008000000017342-45.dat	upx
behavioral1/files/0x00050000000195c2-50.dat	upx
behavioral1/files/0x00050000000195c7-65.dat	upx
behavioral1/files/0x00050000000196a0-110.dat	upx
behavioral1/files/0x0005000000019c0b-134.dat	upx
behavioral1/files/0x0005000000019d5c-151.dat	upx
behavioral1/memory/2444-1872-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2948-1875-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2216-1877-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2920-2036-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2784-2082-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2760-2194-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2556-1879-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/1972-2773-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x0005000000019f57-160.dat	upx
behavioral1/files/0x0005000000019d69-154.dat	upx
behavioral1/files/0x0005000000019cd5-140.dat	upx
behavioral1/files/0x0005000000019cfc-144.dat	upx
behavioral1/files/0x0005000000019bf2-131.dat	upx
behavioral1/files/0x0005000000019bec-120.dat	upx
behavioral1/files/0x0005000000019bf0-126.dat	upx
behavioral1/files/0x0005000000019931-115.dat	upx
behavioral1/files/0x0005000000019665-105.dat	upx
behavioral1/files/0x0005000000019624-100.dat	upx
behavioral1/files/0x00050000000195e0-95.dat	upx
behavioral1/files/0x00050000000195d0-90.dat	upx
behavioral1/files/0x00050000000195cc-81.dat	upx
behavioral1/files/0x00050000000195ce-85.dat	upx
behavioral1/files/0x00050000000195ca-75.dat	upx
behavioral1/files/0x00050000000195c8-71.dat	upx
behavioral1/files/0x00050000000195c6-61.dat	upx
behavioral1/files/0x00050000000195c4-56.dat	upx
behavioral1/files/0x0007000000016e1d-41.dat	upx
behavioral1/files/0x0007000000016d71-36.dat	upx
behavioral1/memory/2216-3464-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2760-3460-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2920-3456-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2784-3478-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2444-3477-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2556-3476-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2948-3475-0x000000013F930000-0x000000013FC84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nPzGUQC.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmhZDSv.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbBXrUE.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybVwIKK.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWZLiDu.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TRhFAvz.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHfUetV.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrBRDxN.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCFQHXo.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWyiTCI.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BaEYrSf.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxBKSvj.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JyNVibB.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXrJBXy.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHALFqh.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXCSwwF.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXsLUqX.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLZoZag.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XMyhrUL.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGaTrjT.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTmVegi.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNmplZH.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVbWSDX.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDmLPcJ.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKnXXjh.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGfzgJI.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Krdztrr.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVmMtJm.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgkOOHn.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOStPzB.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QSbLphZ.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqrjaEm.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ArLZgLX.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLMazrQ.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpRrIhE.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZibjyH.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jycEfAY.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJfQZZa.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsCzlOE.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFFmdbJ.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DecWqsV.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYGRbtA.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrVSaei.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTbmTRH.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyFmNUX.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Nvexmon.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\umHOBSW.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NnOhBAt.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IgcXQhK.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKASmfz.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnNwUhM.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhGVfAQ.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOaVSHq.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEXkXau.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGQRHZc.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRhPOOm.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tiYIDCZ.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjeNiKx.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vCRFeWi.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btsrRlc.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXsjEkT.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBqgRTw.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ceSMeqd.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNwkPfa.exe	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2444	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1972 wrote to memory of 2444	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1972 wrote to memory of 2444	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1972 wrote to memory of 2072	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1972 wrote to memory of 2072	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1972 wrote to memory of 2072	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1972 wrote to memory of 2948	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1972 wrote to memory of 2948	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1972 wrote to memory of 2948	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1972 wrote to memory of 2216	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1972 wrote to memory of 2216	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1972 wrote to memory of 2216	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1972 wrote to memory of 2556	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1972 wrote to memory of 2556	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1972 wrote to memory of 2556	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1972 wrote to memory of 2920	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1972 wrote to memory of 2920	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1972 wrote to memory of 2920	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1972 wrote to memory of 2784	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1972 wrote to memory of 2784	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1972 wrote to memory of 2784	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1972 wrote to memory of 2760	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1972 wrote to memory of 2760	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1972 wrote to memory of 2760	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1972 wrote to memory of 1692	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1972 wrote to memory of 1692	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1972 wrote to memory of 1692	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1972 wrote to memory of 3044	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1972 wrote to memory of 3044	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1972 wrote to memory of 3044	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1972 wrote to memory of 2652	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1972 wrote to memory of 2652	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1972 wrote to memory of 2652	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1972 wrote to memory of 2680	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1972 wrote to memory of 2680	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1972 wrote to memory of 2680	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1972 wrote to memory of 2636	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1972 wrote to memory of 2636	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1972 wrote to memory of 2636	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1972 wrote to memory of 2692	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1972 wrote to memory of 2692	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1972 wrote to memory of 2692	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1972 wrote to memory of 556	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1972 wrote to memory of 556	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1972 wrote to memory of 556	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1972 wrote to memory of 1008	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1972 wrote to memory of 1008	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1972 wrote to memory of 1008	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1972 wrote to memory of 1588	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1972 wrote to memory of 1588	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1972 wrote to memory of 1588	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1972 wrote to memory of 1492	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1972 wrote to memory of 1492	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1972 wrote to memory of 1492	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1972 wrote to memory of 3060	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1972 wrote to memory of 3060	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1972 wrote to memory of 3060	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1972 wrote to memory of 1116	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1972 wrote to memory of 1116	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1972 wrote to memory of 1116	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1972 wrote to memory of 1644	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1972 wrote to memory of 1644	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1972 wrote to memory of 1644	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1972 wrote to memory of 2888	1972	2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_dffeff98f0b2119d19e5c51603a169d5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\System\WTlwJKD.exe
  C:\Windows\System\WTlwJKD.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\oQWPIbN.exe
  C:\Windows\System\oQWPIbN.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\VVmMtJm.exe
  C:\Windows\System\VVmMtJm.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\yxhaNNK.exe
  C:\Windows\System\yxhaNNK.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\zADEYUt.exe
  C:\Windows\System\zADEYUt.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\zvsqVdH.exe
  C:\Windows\System\zvsqVdH.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\wKtmhvy.exe
  C:\Windows\System\wKtmhvy.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\DVLBjYH.exe
  C:\Windows\System\DVLBjYH.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\mlaDRPC.exe
  C:\Windows\System\mlaDRPC.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\lZfAoMW.exe
  C:\Windows\System\lZfAoMW.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\TNpYsLO.exe
  C:\Windows\System\TNpYsLO.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\BQpuhyx.exe
  C:\Windows\System\BQpuhyx.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\gcwBWld.exe
  C:\Windows\System\gcwBWld.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\mRtuSbw.exe
  C:\Windows\System\mRtuSbw.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\vWIkDkE.exe
  C:\Windows\System\vWIkDkE.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\BaLWPEN.exe
  C:\Windows\System\BaLWPEN.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\HtQZNNR.exe
  C:\Windows\System\HtQZNNR.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\OnCvJDZ.exe
  C:\Windows\System\OnCvJDZ.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\YmfHAgC.exe
  C:\Windows\System\YmfHAgC.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\WxSKqoJ.exe
  C:\Windows\System\WxSKqoJ.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\hUjfwju.exe
  C:\Windows\System\hUjfwju.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\kbZxbXt.exe
  C:\Windows\System\kbZxbXt.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\ZbZvZAO.exe
  C:\Windows\System\ZbZvZAO.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\tKQKThl.exe
  C:\Windows\System\tKQKThl.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\EJCAPdH.exe
  C:\Windows\System\EJCAPdH.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\xkSWkQQ.exe
  C:\Windows\System\xkSWkQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\GsClboZ.exe
  C:\Windows\System\GsClboZ.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\jzCOrqr.exe
  C:\Windows\System\jzCOrqr.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\hHZDFyo.exe
  C:\Windows\System\hHZDFyo.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\fAYQPhp.exe
  C:\Windows\System\fAYQPhp.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\AGLjZFl.exe
  C:\Windows\System\AGLjZFl.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\DEbOcSD.exe
  C:\Windows\System\DEbOcSD.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\nmAyDiB.exe
  C:\Windows\System\nmAyDiB.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\MKASmfz.exe
  C:\Windows\System\MKASmfz.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\opigKrD.exe
  C:\Windows\System\opigKrD.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\gHwTlMu.exe
  C:\Windows\System\gHwTlMu.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\mRwJJwD.exe
  C:\Windows\System\mRwJJwD.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\MNDbODk.exe
  C:\Windows\System\MNDbODk.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\UbjZvUV.exe
  C:\Windows\System\UbjZvUV.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\NPLFngY.exe
  C:\Windows\System\NPLFngY.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\ELGmThZ.exe
  C:\Windows\System\ELGmThZ.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\wtKheUN.exe
  C:\Windows\System\wtKheUN.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\FvgdUoC.exe
  C:\Windows\System\FvgdUoC.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\EWbFFPT.exe
  C:\Windows\System\EWbFFPT.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\OFHejeS.exe
  C:\Windows\System\OFHejeS.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\juvjQWn.exe
  C:\Windows\System\juvjQWn.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\VNxxiVu.exe
  C:\Windows\System\VNxxiVu.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\TGixkCC.exe
  C:\Windows\System\TGixkCC.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\gjAqIYT.exe
  C:\Windows\System\gjAqIYT.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\SFIpUQt.exe
  C:\Windows\System\SFIpUQt.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\QSsXzuv.exe
  C:\Windows\System\QSsXzuv.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\tXkyMqm.exe
  C:\Windows\System\tXkyMqm.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\SDNUDRb.exe
  C:\Windows\System\SDNUDRb.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\aciltLS.exe
  C:\Windows\System\aciltLS.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\zIfCxNQ.exe
  C:\Windows\System\zIfCxNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\PiQzzLw.exe
  C:\Windows\System\PiQzzLw.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\iBUoGjz.exe
  C:\Windows\System\iBUoGjz.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\FSRdHsu.exe
  C:\Windows\System\FSRdHsu.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\KvdkhFl.exe
  C:\Windows\System\KvdkhFl.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\DDmLPcJ.exe
  C:\Windows\System\DDmLPcJ.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\MPUYLdf.exe
  C:\Windows\System\MPUYLdf.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\SxDABXf.exe
  C:\Windows\System\SxDABXf.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\CQarQhe.exe
  C:\Windows\System\CQarQhe.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\QiUBTiw.exe
  C:\Windows\System\QiUBTiw.exe
  2⤵
  PID:2672
- C:\Windows\System\BdveMFx.exe
  C:\Windows\System\BdveMFx.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\NEXkXau.exe
  C:\Windows\System\NEXkXau.exe
  2⤵
  PID:1864
- C:\Windows\System\FgbsqDq.exe
  C:\Windows\System\FgbsqDq.exe
  2⤵
  PID:1316
- C:\Windows\System\LdzqLWe.exe
  C:\Windows\System\LdzqLWe.exe
  2⤵
  PID:2044
- C:\Windows\System\dbsiXRV.exe
  C:\Windows\System\dbsiXRV.exe
  2⤵
  PID:2728
- C:\Windows\System\yHDimPn.exe
  C:\Windows\System\yHDimPn.exe
  2⤵
  PID:3020
- C:\Windows\System\fXEyhYN.exe
  C:\Windows\System\fXEyhYN.exe
  2⤵
  PID:944
- C:\Windows\System\PMaRrfJ.exe
  C:\Windows\System\PMaRrfJ.exe
  2⤵
  PID:3000
- C:\Windows\System\RGQndpS.exe
  C:\Windows\System\RGQndpS.exe
  2⤵
  PID:2540
- C:\Windows\System\yByvTVr.exe
  C:\Windows\System\yByvTVr.exe
  2⤵
  PID:2724
- C:\Windows\System\Nvexmon.exe
  C:\Windows\System\Nvexmon.exe
  2⤵
  PID:1144
- C:\Windows\System\MjRKVxl.exe
  C:\Windows\System\MjRKVxl.exe
  2⤵
  PID:2492
- C:\Windows\System\SVvoKjs.exe
  C:\Windows\System\SVvoKjs.exe
  2⤵
  PID:272
- C:\Windows\System\RUTuSLo.exe
  C:\Windows\System\RUTuSLo.exe
  2⤵
  PID:1212
- C:\Windows\System\PdlqBOf.exe
  C:\Windows\System\PdlqBOf.exe
  2⤵
  PID:960
- C:\Windows\System\seAuILS.exe
  C:\Windows\System\seAuILS.exe
  2⤵
  PID:1560
- C:\Windows\System\kLUnLDB.exe
  C:\Windows\System\kLUnLDB.exe
  2⤵
  PID:2336
- C:\Windows\System\ynBBjbR.exe
  C:\Windows\System\ynBBjbR.exe
  2⤵
  PID:1656
- C:\Windows\System\dKVmeib.exe
  C:\Windows\System\dKVmeib.exe
  2⤵
  PID:900
- C:\Windows\System\wzgSClt.exe
  C:\Windows\System\wzgSClt.exe
  2⤵
  PID:1652
- C:\Windows\System\VmBiWZr.exe
  C:\Windows\System\VmBiWZr.exe
  2⤵
  PID:2480
- C:\Windows\System\WouJOsT.exe
  C:\Windows\System\WouJOsT.exe
  2⤵
  PID:2532
- C:\Windows\System\jmuHNNg.exe
  C:\Windows\System\jmuHNNg.exe
  2⤵
  PID:2348
- C:\Windows\System\cYKIiBV.exe
  C:\Windows\System\cYKIiBV.exe
  2⤵
  PID:304
- C:\Windows\System\xUycKbu.exe
  C:\Windows\System\xUycKbu.exe
  2⤵
  PID:1512
- C:\Windows\System\qMkEows.exe
  C:\Windows\System\qMkEows.exe
  2⤵
  PID:2564
- C:\Windows\System\cSOFWEa.exe
  C:\Windows\System\cSOFWEa.exe
  2⤵
  PID:2768
- C:\Windows\System\dEwbPhm.exe
  C:\Windows\System\dEwbPhm.exe
  2⤵
  PID:328
- C:\Windows\System\SXfoxme.exe
  C:\Windows\System\SXfoxme.exe
  2⤵
  PID:2932
- C:\Windows\System\FqtRnyt.exe
  C:\Windows\System\FqtRnyt.exe
  2⤵
  PID:2780
- C:\Windows\System\midNdXy.exe
  C:\Windows\System\midNdXy.exe
  2⤵
  PID:2848
- C:\Windows\System\xalbLOu.exe
  C:\Windows\System\xalbLOu.exe
  2⤵
  PID:2656
- C:\Windows\System\kvXobSG.exe
  C:\Windows\System\kvXobSG.exe
  2⤵
  PID:1484
- C:\Windows\System\BnDQCXP.exe
  C:\Windows\System\BnDQCXP.exe
  2⤵
  PID:2860
- C:\Windows\System\VZqMQbm.exe
  C:\Windows\System\VZqMQbm.exe
  2⤵
  PID:2000
- C:\Windows\System\AGfzgJI.exe
  C:\Windows\System\AGfzgJI.exe
  2⤵
  PID:1488
- C:\Windows\System\FWZijJz.exe
  C:\Windows\System\FWZijJz.exe
  2⤵
  PID:2876
- C:\Windows\System\yhALTZu.exe
  C:\Windows\System\yhALTZu.exe
  2⤵
  PID:2132
- C:\Windows\System\fKJHEoZ.exe
  C:\Windows\System\fKJHEoZ.exe
  2⤵
  PID:1856
- C:\Windows\System\dGprgsB.exe
  C:\Windows\System\dGprgsB.exe
  2⤵
  PID:2036
- C:\Windows\System\DCrrVRV.exe
  C:\Windows\System\DCrrVRV.exe
  2⤵
  PID:1780
- C:\Windows\System\XcdTsRk.exe
  C:\Windows\System\XcdTsRk.exe
  2⤵
  PID:2088
- C:\Windows\System\NMVJGIt.exe
  C:\Windows\System\NMVJGIt.exe
  2⤵
  PID:2384
- C:\Windows\System\UbScugL.exe
  C:\Windows\System\UbScugL.exe
  2⤵
  PID:2152
- C:\Windows\System\IfIGQdx.exe
  C:\Windows\System\IfIGQdx.exe
  2⤵
  PID:1992
- C:\Windows\System\egJFyws.exe
  C:\Windows\System\egJFyws.exe
  2⤵
  PID:812
- C:\Windows\System\sMzMgoD.exe
  C:\Windows\System\sMzMgoD.exe
  2⤵
  PID:2144
- C:\Windows\System\pVEFHBF.exe
  C:\Windows\System\pVEFHBF.exe
  2⤵
  PID:2128
- C:\Windows\System\rFhPqWC.exe
  C:\Windows\System\rFhPqWC.exe
  2⤵
  PID:3092
- C:\Windows\System\GVBofKA.exe
  C:\Windows\System\GVBofKA.exe
  2⤵
  PID:3112
- C:\Windows\System\aPdXaJW.exe
  C:\Windows\System\aPdXaJW.exe
  2⤵
  PID:3128
- C:\Windows\System\uVHrHxo.exe
  C:\Windows\System\uVHrHxo.exe
  2⤵
  PID:3152
- C:\Windows\System\bDjKUHF.exe
  C:\Windows\System\bDjKUHF.exe
  2⤵
  PID:3168
- C:\Windows\System\KdZsQxm.exe
  C:\Windows\System\KdZsQxm.exe
  2⤵
  PID:3188
- C:\Windows\System\OEcTnZH.exe
  C:\Windows\System\OEcTnZH.exe
  2⤵
  PID:3220
- C:\Windows\System\eBcqwZk.exe
  C:\Windows\System\eBcqwZk.exe
  2⤵
  PID:3240
- C:\Windows\System\haURLIa.exe
  C:\Windows\System\haURLIa.exe
  2⤵
  PID:3256
- C:\Windows\System\QITyioY.exe
  C:\Windows\System\QITyioY.exe
  2⤵
  PID:3280
- C:\Windows\System\qoZbHEz.exe
  C:\Windows\System\qoZbHEz.exe
  2⤵
  PID:3296
- C:\Windows\System\qtcOlOx.exe
  C:\Windows\System\qtcOlOx.exe
  2⤵
  PID:3320
- C:\Windows\System\BwkysLh.exe
  C:\Windows\System\BwkysLh.exe
  2⤵
  PID:3340
- C:\Windows\System\hJrLOKf.exe
  C:\Windows\System\hJrLOKf.exe
  2⤵
  PID:3360
- C:\Windows\System\IsBRtXG.exe
  C:\Windows\System\IsBRtXG.exe
  2⤵
  PID:3380
- C:\Windows\System\LnfJghk.exe
  C:\Windows\System\LnfJghk.exe
  2⤵
  PID:3400
- C:\Windows\System\xGQRHZc.exe
  C:\Windows\System\xGQRHZc.exe
  2⤵
  PID:3416
- C:\Windows\System\OlATkYm.exe
  C:\Windows\System\OlATkYm.exe
  2⤵
  PID:3436
- C:\Windows\System\Wgytccs.exe
  C:\Windows\System\Wgytccs.exe
  2⤵
  PID:3452
- C:\Windows\System\uPUqFPz.exe
  C:\Windows\System\uPUqFPz.exe
  2⤵
  PID:3480
- C:\Windows\System\PflidJS.exe
  C:\Windows\System\PflidJS.exe
  2⤵
  PID:3504
- C:\Windows\System\wrazWWb.exe
  C:\Windows\System\wrazWWb.exe
  2⤵
  PID:3524
- C:\Windows\System\jnSxQil.exe
  C:\Windows\System\jnSxQil.exe
  2⤵
  PID:3544
- C:\Windows\System\zNzrVlN.exe
  C:\Windows\System\zNzrVlN.exe
  2⤵
  PID:3564
- C:\Windows\System\YPwLQpT.exe
  C:\Windows\System\YPwLQpT.exe
  2⤵
  PID:3584
- C:\Windows\System\DqdIEKD.exe
  C:\Windows\System\DqdIEKD.exe
  2⤵
  PID:3604
- C:\Windows\System\TGAdLzX.exe
  C:\Windows\System\TGAdLzX.exe
  2⤵
  PID:3624
- C:\Windows\System\QSbLphZ.exe
  C:\Windows\System\QSbLphZ.exe
  2⤵
  PID:3644
- C:\Windows\System\cXnZxcb.exe
  C:\Windows\System\cXnZxcb.exe
  2⤵
  PID:3660
- C:\Windows\System\tvAXdtG.exe
  C:\Windows\System\tvAXdtG.exe
  2⤵
  PID:3680
- C:\Windows\System\xMQRLSO.exe
  C:\Windows\System\xMQRLSO.exe
  2⤵
  PID:3700
- C:\Windows\System\kTmVegi.exe
  C:\Windows\System\kTmVegi.exe
  2⤵
  PID:3716
- C:\Windows\System\SZCwNSW.exe
  C:\Windows\System\SZCwNSW.exe
  2⤵
  PID:3732
- C:\Windows\System\Cgwizfr.exe
  C:\Windows\System\Cgwizfr.exe
  2⤵
  PID:3756
- C:\Windows\System\mkfmqLi.exe
  C:\Windows\System\mkfmqLi.exe
  2⤵
  PID:3784
- C:\Windows\System\blNvMwn.exe
  C:\Windows\System\blNvMwn.exe
  2⤵
  PID:3800
- C:\Windows\System\sMsjGKS.exe
  C:\Windows\System\sMsjGKS.exe
  2⤵
  PID:3820
- C:\Windows\System\KJigxCV.exe
  C:\Windows\System\KJigxCV.exe
  2⤵
  PID:3840
- C:\Windows\System\nMzLcEb.exe
  C:\Windows\System\nMzLcEb.exe
  2⤵
  PID:3860
- C:\Windows\System\aYEwshY.exe
  C:\Windows\System\aYEwshY.exe
  2⤵
  PID:3876
- C:\Windows\System\FbBABzK.exe
  C:\Windows\System\FbBABzK.exe
  2⤵
  PID:3892
- C:\Windows\System\TBqgRTw.exe
  C:\Windows\System\TBqgRTw.exe
  2⤵
  PID:3916
- C:\Windows\System\GlTfrei.exe
  C:\Windows\System\GlTfrei.exe
  2⤵
  PID:3940
- C:\Windows\System\BwJLWOR.exe
  C:\Windows\System\BwJLWOR.exe
  2⤵
  PID:3956
- C:\Windows\System\rVUzDCL.exe
  C:\Windows\System\rVUzDCL.exe
  2⤵
  PID:3988
- C:\Windows\System\JyNVibB.exe
  C:\Windows\System\JyNVibB.exe
  2⤵
  PID:4004
- C:\Windows\System\jBKnKqD.exe
  C:\Windows\System\jBKnKqD.exe
  2⤵
  PID:4028
- C:\Windows\System\qKkuDgv.exe
  C:\Windows\System\qKkuDgv.exe
  2⤵
  PID:4048
- C:\Windows\System\DcljRmf.exe
  C:\Windows\System\DcljRmf.exe
  2⤵
  PID:4068
- C:\Windows\System\VlXAjLO.exe
  C:\Windows\System\VlXAjLO.exe
  2⤵
  PID:4088
- C:\Windows\System\YZjHfCQ.exe
  C:\Windows\System\YZjHfCQ.exe
  2⤵
  PID:2676
- C:\Windows\System\SxObhfE.exe
  C:\Windows\System\SxObhfE.exe
  2⤵
  PID:2008
- C:\Windows\System\JNWWwdi.exe
  C:\Windows\System\JNWWwdi.exe
  2⤵
  PID:2928
- C:\Windows\System\qNEMbJx.exe
  C:\Windows\System\qNEMbJx.exe
  2⤵
  PID:2412
- C:\Windows\System\ATqdJZN.exe
  C:\Windows\System\ATqdJZN.exe
  2⤵
  PID:3040
- C:\Windows\System\wPoXfMN.exe
  C:\Windows\System\wPoXfMN.exe
  2⤵
  PID:2488
- C:\Windows\System\kdfRKTm.exe
  C:\Windows\System\kdfRKTm.exe
  2⤵
  PID:1740
- C:\Windows\System\GXwEENk.exe
  C:\Windows\System\GXwEENk.exe
  2⤵
  PID:536
- C:\Windows\System\JBzYdja.exe
  C:\Windows\System\JBzYdja.exe
  2⤵
  PID:1556
- C:\Windows\System\tnnvITb.exe
  C:\Windows\System\tnnvITb.exe
  2⤵
  PID:928
- C:\Windows\System\WeahjEu.exe
  C:\Windows\System\WeahjEu.exe
  2⤵
  PID:2080
- C:\Windows\System\fwRAHUl.exe
  C:\Windows\System\fwRAHUl.exe
  2⤵
  PID:3100
- C:\Windows\System\tCoPmox.exe
  C:\Windows\System\tCoPmox.exe
  2⤵
  PID:3140
- C:\Windows\System\iNWigaW.exe
  C:\Windows\System\iNWigaW.exe
  2⤵
  PID:3160
- C:\Windows\System\FyVJPim.exe
  C:\Windows\System\FyVJPim.exe
  2⤵
  PID:3124
- C:\Windows\System\eOfGrzJ.exe
  C:\Windows\System\eOfGrzJ.exe
  2⤵
  PID:3204
- C:\Windows\System\OxZlaMN.exe
  C:\Windows\System\OxZlaMN.exe
  2⤵
  PID:3232
- C:\Windows\System\EmBoKYU.exe
  C:\Windows\System\EmBoKYU.exe
  2⤵
  PID:3212
- C:\Windows\System\Utquzru.exe
  C:\Windows\System\Utquzru.exe
  2⤵
  PID:3312
- C:\Windows\System\pBOwTcb.exe
  C:\Windows\System\pBOwTcb.exe
  2⤵
  PID:3348
- C:\Windows\System\CkvhgmS.exe
  C:\Windows\System\CkvhgmS.exe
  2⤵
  PID:3336
- C:\Windows\System\oRhPOOm.exe
  C:\Windows\System\oRhPOOm.exe
  2⤵
  PID:3424
- C:\Windows\System\hyyrMOm.exe
  C:\Windows\System\hyyrMOm.exe
  2⤵
  PID:3428
- C:\Windows\System\ToWBirk.exe
  C:\Windows\System\ToWBirk.exe
  2⤵
  PID:3520
- C:\Windows\System\ZpaQWyU.exe
  C:\Windows\System\ZpaQWyU.exe
  2⤵
  PID:3488
- C:\Windows\System\qPAMvpQ.exe
  C:\Windows\System\qPAMvpQ.exe
  2⤵
  PID:3552
- C:\Windows\System\qmoOqbF.exe
  C:\Windows\System\qmoOqbF.exe
  2⤵
  PID:3532
- C:\Windows\System\ZzCRfqn.exe
  C:\Windows\System\ZzCRfqn.exe
  2⤵
  PID:3536
- C:\Windows\System\HDwjBzS.exe
  C:\Windows\System\HDwjBzS.exe
  2⤵
  PID:3672
- C:\Windows\System\uGaTrjT.exe
  C:\Windows\System\uGaTrjT.exe
  2⤵
  PID:3744
- C:\Windows\System\WVTbxuQ.exe
  C:\Windows\System\WVTbxuQ.exe
  2⤵
  PID:3612
- C:\Windows\System\agfgONA.exe
  C:\Windows\System\agfgONA.exe
  2⤵
  PID:3656
- C:\Windows\System\VhFFIxB.exe
  C:\Windows\System\VhFFIxB.exe
  2⤵
  PID:3768
- C:\Windows\System\XZoCzit.exe
  C:\Windows\System\XZoCzit.exe
  2⤵
  PID:3772
- C:\Windows\System\ktbFIoP.exe
  C:\Windows\System\ktbFIoP.exe
  2⤵
  PID:3868
- C:\Windows\System\aCbfymY.exe
  C:\Windows\System\aCbfymY.exe
  2⤵
  PID:3904
- C:\Windows\System\pPeVXhV.exe
  C:\Windows\System\pPeVXhV.exe
  2⤵
  PID:3852
- C:\Windows\System\yKgcNNs.exe
  C:\Windows\System\yKgcNNs.exe
  2⤵
  PID:3848
- C:\Windows\System\qPTXeNE.exe
  C:\Windows\System\qPTXeNE.exe
  2⤵
  PID:3972
- C:\Windows\System\gvhMjSl.exe
  C:\Windows\System\gvhMjSl.exe
  2⤵
  PID:3996
- C:\Windows\System\UmOOdal.exe
  C:\Windows\System\UmOOdal.exe
  2⤵
  PID:4016
- C:\Windows\System\GrswMzu.exe
  C:\Windows\System\GrswMzu.exe
  2⤵
  PID:4064
- C:\Windows\System\CzzdBRI.exe
  C:\Windows\System\CzzdBRI.exe
  2⤵
  PID:2792
- C:\Windows\System\jJAAYPL.exe
  C:\Windows\System\jJAAYPL.exe
  2⤵
  PID:2868
- C:\Windows\System\xZqUQbm.exe
  C:\Windows\System\xZqUQbm.exe
  2⤵
  PID:2952
- C:\Windows\System\PikpdeR.exe
  C:\Windows\System\PikpdeR.exe
  2⤵
  PID:1640
- C:\Windows\System\qpjWOig.exe
  C:\Windows\System\qpjWOig.exe
  2⤵
  PID:2196
- C:\Windows\System\lhhYcyH.exe
  C:\Windows\System\lhhYcyH.exe
  2⤵
  PID:2248
- C:\Windows\System\jOvuDzL.exe
  C:\Windows\System\jOvuDzL.exe
  2⤵
  PID:572
- C:\Windows\System\wVIUPMU.exe
  C:\Windows\System\wVIUPMU.exe
  2⤵
  PID:3148
- C:\Windows\System\rUDuLms.exe
  C:\Windows\System\rUDuLms.exe
  2⤵
  PID:3164
- C:\Windows\System\rwBwMaF.exe
  C:\Windows\System\rwBwMaF.exe
  2⤵
  PID:3080
- C:\Windows\System\gxqCzwD.exe
  C:\Windows\System\gxqCzwD.exe
  2⤵
  PID:3272
- C:\Windows\System\ABfvjAu.exe
  C:\Windows\System\ABfvjAu.exe
  2⤵
  PID:3308
- C:\Windows\System\yMrUsnn.exe
  C:\Windows\System\yMrUsnn.exe
  2⤵
  PID:3356
- C:\Windows\System\TbhaIaZ.exe
  C:\Windows\System\TbhaIaZ.exe
  2⤵
  PID:3476
- C:\Windows\System\bJAvdPk.exe
  C:\Windows\System\bJAvdPk.exe
  2⤵
  PID:3432
- C:\Windows\System\KHREOQO.exe
  C:\Windows\System\KHREOQO.exe
  2⤵
  PID:3448
- C:\Windows\System\gTnQuIz.exe
  C:\Windows\System\gTnQuIz.exe
  2⤵
  PID:3640
- C:\Windows\System\umHOBSW.exe
  C:\Windows\System\umHOBSW.exe
  2⤵
  PID:3572
- C:\Windows\System\VoaxeaC.exe
  C:\Windows\System\VoaxeaC.exe
  2⤵
  PID:3748
- C:\Windows\System\znUvxuf.exe
  C:\Windows\System\znUvxuf.exe
  2⤵
  PID:3776
- C:\Windows\System\TXCSwwF.exe
  C:\Windows\System\TXCSwwF.exe
  2⤵
  PID:3900
- C:\Windows\System\dwfuWNv.exe
  C:\Windows\System\dwfuWNv.exe
  2⤵
  PID:3924
- C:\Windows\System\MbITUkA.exe
  C:\Windows\System\MbITUkA.exe
  2⤵
  PID:3856
- C:\Windows\System\NaXzrGb.exe
  C:\Windows\System\NaXzrGb.exe
  2⤵
  PID:3952
- C:\Windows\System\rBVndkI.exe
  C:\Windows\System\rBVndkI.exe
  2⤵
  PID:4000
- C:\Windows\System\MvWICCN.exe
  C:\Windows\System\MvWICCN.exe
  2⤵
  PID:4084
- C:\Windows\System\CkmHeLG.exe
  C:\Windows\System\CkmHeLG.exe
  2⤵
  PID:4080
- C:\Windows\System\DpjAfiv.exe
  C:\Windows\System\DpjAfiv.exe
  2⤵
  PID:2980
- C:\Windows\System\aGtfOic.exe
  C:\Windows\System\aGtfOic.exe
  2⤵
  PID:1700
- C:\Windows\System\wbpyZkw.exe
  C:\Windows\System\wbpyZkw.exe
  2⤵
  PID:1352
- C:\Windows\System\osyoSBS.exe
  C:\Windows\System\osyoSBS.exe
  2⤵
  PID:3084
- C:\Windows\System\IiAVBvt.exe
  C:\Windows\System\IiAVBvt.exe
  2⤵
  PID:3208
- C:\Windows\System\EeFdcyu.exe
  C:\Windows\System\EeFdcyu.exe
  2⤵
  PID:3248
- C:\Windows\System\KHsbMCY.exe
  C:\Windows\System\KHsbMCY.exe
  2⤵
  PID:3368
- C:\Windows\System\QzDubxz.exe
  C:\Windows\System\QzDubxz.exe
  2⤵
  PID:3408
- C:\Windows\System\rWYiePu.exe
  C:\Windows\System\rWYiePu.exe
  2⤵
  PID:3592
- C:\Windows\System\nqfnJjx.exe
  C:\Windows\System\nqfnJjx.exe
  2⤵
  PID:3688
- C:\Windows\System\lJJpWUR.exe
  C:\Windows\System\lJJpWUR.exe
  2⤵
  PID:3796
- C:\Windows\System\zQDxome.exe
  C:\Windows\System\zQDxome.exe
  2⤵
  PID:3888
- C:\Windows\System\ryaRQos.exe
  C:\Windows\System\ryaRQos.exe
  2⤵
  PID:4040
- C:\Windows\System\JTKQDfd.exe
  C:\Windows\System\JTKQDfd.exe
  2⤵
  PID:4056
- C:\Windows\System\lFWYtgB.exe
  C:\Windows\System\lFWYtgB.exe
  2⤵
  PID:4108
- C:\Windows\System\ELtXxUK.exe
  C:\Windows\System\ELtXxUK.exe
  2⤵
  PID:4128
- C:\Windows\System\WiefSGj.exe
  C:\Windows\System\WiefSGj.exe
  2⤵
  PID:4148
- C:\Windows\System\vpfFUGf.exe
  C:\Windows\System\vpfFUGf.exe
  2⤵
  PID:4168
- C:\Windows\System\xsZWkhX.exe
  C:\Windows\System\xsZWkhX.exe
  2⤵
  PID:4188
- C:\Windows\System\RYofQTj.exe
  C:\Windows\System\RYofQTj.exe
  2⤵
  PID:4208
- C:\Windows\System\BYbbUiB.exe
  C:\Windows\System\BYbbUiB.exe
  2⤵
  PID:4228
- C:\Windows\System\OZBgrHM.exe
  C:\Windows\System\OZBgrHM.exe
  2⤵
  PID:4252
- C:\Windows\System\zIYwUcV.exe
  C:\Windows\System\zIYwUcV.exe
  2⤵
  PID:4272
- C:\Windows\System\ksIttzj.exe
  C:\Windows\System\ksIttzj.exe
  2⤵
  PID:4292
- C:\Windows\System\BpRrIhE.exe
  C:\Windows\System\BpRrIhE.exe
  2⤵
  PID:4312
- C:\Windows\System\tclusEA.exe
  C:\Windows\System\tclusEA.exe
  2⤵
  PID:4332
- C:\Windows\System\GLZoZag.exe
  C:\Windows\System\GLZoZag.exe
  2⤵
  PID:4352
- C:\Windows\System\hzsuiUh.exe
  C:\Windows\System\hzsuiUh.exe
  2⤵
  PID:4372
- C:\Windows\System\leTGgZf.exe
  C:\Windows\System\leTGgZf.exe
  2⤵
  PID:4392
- C:\Windows\System\MzqFEPi.exe
  C:\Windows\System\MzqFEPi.exe
  2⤵
  PID:4412
- C:\Windows\System\HkWwZPK.exe
  C:\Windows\System\HkWwZPK.exe
  2⤵
  PID:4432
- C:\Windows\System\MxRlKKC.exe
  C:\Windows\System\MxRlKKC.exe
  2⤵
  PID:4452
- C:\Windows\System\dhpfapZ.exe
  C:\Windows\System\dhpfapZ.exe
  2⤵
  PID:4472
- C:\Windows\System\hSoDpKa.exe
  C:\Windows\System\hSoDpKa.exe
  2⤵
  PID:4492
- C:\Windows\System\caOuPhO.exe
  C:\Windows\System\caOuPhO.exe
  2⤵
  PID:4512
- C:\Windows\System\hbpGAgz.exe
  C:\Windows\System\hbpGAgz.exe
  2⤵
  PID:4532
- C:\Windows\System\KkbwnFU.exe
  C:\Windows\System\KkbwnFU.exe
  2⤵
  PID:4552
- C:\Windows\System\QvUaGZv.exe
  C:\Windows\System\QvUaGZv.exe
  2⤵
  PID:4572
- C:\Windows\System\TyKdfrS.exe
  C:\Windows\System\TyKdfrS.exe
  2⤵
  PID:4592
- C:\Windows\System\CKOUthP.exe
  C:\Windows\System\CKOUthP.exe
  2⤵
  PID:4612
- C:\Windows\System\NpzwmSm.exe
  C:\Windows\System\NpzwmSm.exe
  2⤵
  PID:4632
- C:\Windows\System\YJGIXcG.exe
  C:\Windows\System\YJGIXcG.exe
  2⤵
  PID:4652
- C:\Windows\System\QEFpwsX.exe
  C:\Windows\System\QEFpwsX.exe
  2⤵
  PID:4672
- C:\Windows\System\jGSziLM.exe
  C:\Windows\System\jGSziLM.exe
  2⤵
  PID:4692
- C:\Windows\System\SNmplZH.exe
  C:\Windows\System\SNmplZH.exe
  2⤵
  PID:4712
- C:\Windows\System\adaHyad.exe
  C:\Windows\System\adaHyad.exe
  2⤵
  PID:4732
- C:\Windows\System\uHqTqiU.exe
  C:\Windows\System\uHqTqiU.exe
  2⤵
  PID:4752
- C:\Windows\System\SVDOCUX.exe
  C:\Windows\System\SVDOCUX.exe
  2⤵
  PID:4772
- C:\Windows\System\uLPjbNK.exe
  C:\Windows\System\uLPjbNK.exe
  2⤵
  PID:4792
- C:\Windows\System\AVXweBA.exe
  C:\Windows\System\AVXweBA.exe
  2⤵
  PID:4812
- C:\Windows\System\LPVSZce.exe
  C:\Windows\System\LPVSZce.exe
  2⤵
  PID:4832
- C:\Windows\System\NnOhBAt.exe
  C:\Windows\System\NnOhBAt.exe
  2⤵
  PID:4852
- C:\Windows\System\BWDRtDG.exe
  C:\Windows\System\BWDRtDG.exe
  2⤵
  PID:4872
- C:\Windows\System\czuLjhJ.exe
  C:\Windows\System\czuLjhJ.exe
  2⤵
  PID:4892
- C:\Windows\System\BJkPseA.exe
  C:\Windows\System\BJkPseA.exe
  2⤵
  PID:4912
- C:\Windows\System\BdMHanx.exe
  C:\Windows\System\BdMHanx.exe
  2⤵
  PID:4932
- C:\Windows\System\cEEqAni.exe
  C:\Windows\System\cEEqAni.exe
  2⤵
  PID:4960
- C:\Windows\System\FFNwZGc.exe
  C:\Windows\System\FFNwZGc.exe
  2⤵
  PID:4980
- C:\Windows\System\VgkmPLD.exe
  C:\Windows\System\VgkmPLD.exe
  2⤵
  PID:5000
- C:\Windows\System\PSKaKBv.exe
  C:\Windows\System\PSKaKBv.exe
  2⤵
  PID:5020
- C:\Windows\System\yTnHUnw.exe
  C:\Windows\System\yTnHUnw.exe
  2⤵
  PID:5040
- C:\Windows\System\anUjheo.exe
  C:\Windows\System\anUjheo.exe
  2⤵
  PID:5060
- C:\Windows\System\jMTdWPh.exe
  C:\Windows\System\jMTdWPh.exe
  2⤵
  PID:5080
- C:\Windows\System\KNIxbiL.exe
  C:\Windows\System\KNIxbiL.exe
  2⤵
  PID:5104
- C:\Windows\System\WdfgBAX.exe
  C:\Windows\System\WdfgBAX.exe
  2⤵
  PID:2228
- C:\Windows\System\ejxxeGK.exe
  C:\Windows\System\ejxxeGK.exe
  2⤵
  PID:1832
- C:\Windows\System\aZpTcDi.exe
  C:\Windows\System\aZpTcDi.exe
  2⤵
  PID:1260
- C:\Windows\System\fzZLYyE.exe
  C:\Windows\System\fzZLYyE.exe
  2⤵
  PID:880
- C:\Windows\System\cwPMKpL.exe
  C:\Windows\System\cwPMKpL.exe
  2⤵
  PID:3352
- C:\Windows\System\tDcMzYd.exe
  C:\Windows\System\tDcMzYd.exe
  2⤵
  PID:3496
- C:\Windows\System\qKOSkUm.exe
  C:\Windows\System\qKOSkUm.exe
  2⤵
  PID:3668
- C:\Windows\System\APoJTcO.exe
  C:\Windows\System\APoJTcO.exe
  2⤵
  PID:3812
- C:\Windows\System\HUDgiCk.exe
  C:\Windows\System\HUDgiCk.exe
  2⤵
  PID:3964
- C:\Windows\System\MdgFRJO.exe
  C:\Windows\System\MdgFRJO.exe
  2⤵
  PID:4124
- C:\Windows\System\HERHGXk.exe
  C:\Windows\System\HERHGXk.exe
  2⤵
  PID:4156
- C:\Windows\System\bshHIfx.exe
  C:\Windows\System\bshHIfx.exe
  2⤵
  PID:4180
- C:\Windows\System\FKCWaCF.exe
  C:\Windows\System\FKCWaCF.exe
  2⤵
  PID:4224
- C:\Windows\System\NWWsRin.exe
  C:\Windows\System\NWWsRin.exe
  2⤵
  PID:4248
- C:\Windows\System\XLdnjxf.exe
  C:\Windows\System\XLdnjxf.exe
  2⤵
  PID:4284
- C:\Windows\System\PJqNNoi.exe
  C:\Windows\System\PJqNNoi.exe
  2⤵
  PID:4328
- C:\Windows\System\MhxUPhy.exe
  C:\Windows\System\MhxUPhy.exe
  2⤵
  PID:4380
- C:\Windows\System\KAifseh.exe
  C:\Windows\System\KAifseh.exe
  2⤵
  PID:4384
- C:\Windows\System\PqtSPCd.exe
  C:\Windows\System\PqtSPCd.exe
  2⤵
  PID:4424
- C:\Windows\System\Xofoyjy.exe
  C:\Windows\System\Xofoyjy.exe
  2⤵
  PID:4448
- C:\Windows\System\EUEmEDK.exe
  C:\Windows\System\EUEmEDK.exe
  2⤵
  PID:4488
- C:\Windows\System\elaMlCR.exe
  C:\Windows\System\elaMlCR.exe
  2⤵
  PID:4540
- C:\Windows\System\vdoTEuD.exe
  C:\Windows\System\vdoTEuD.exe
  2⤵
  PID:4580
- C:\Windows\System\btsrRlc.exe
  C:\Windows\System\btsrRlc.exe
  2⤵
  PID:4600
- C:\Windows\System\nJSpuFU.exe
  C:\Windows\System\nJSpuFU.exe
  2⤵
  PID:4624
- C:\Windows\System\WWWRpzk.exe
  C:\Windows\System\WWWRpzk.exe
  2⤵
  PID:4668
- C:\Windows\System\qURtnpk.exe
  C:\Windows\System\qURtnpk.exe
  2⤵
  PID:4708
- C:\Windows\System\ATJGNHz.exe
  C:\Windows\System\ATJGNHz.exe
  2⤵
  PID:4728
- C:\Windows\System\FmUGlOO.exe
  C:\Windows\System\FmUGlOO.exe
  2⤵
  PID:4768
- C:\Windows\System\EPJcjFv.exe
  C:\Windows\System\EPJcjFv.exe
  2⤵
  PID:4800
- C:\Windows\System\ZhINQaU.exe
  C:\Windows\System\ZhINQaU.exe
  2⤵
  PID:4824
- C:\Windows\System\ZzCRAbk.exe
  C:\Windows\System\ZzCRAbk.exe
  2⤵
  PID:4868
- C:\Windows\System\MBQkxhF.exe
  C:\Windows\System\MBQkxhF.exe
  2⤵
  PID:4900
- C:\Windows\System\qcwDrZd.exe
  C:\Windows\System\qcwDrZd.exe
  2⤵
  PID:4940
- C:\Windows\System\QXTKVvB.exe
  C:\Windows\System\QXTKVvB.exe
  2⤵
  PID:4976
- C:\Windows\System\SpZAttX.exe
  C:\Windows\System\SpZAttX.exe
  2⤵
  PID:5016
- C:\Windows\System\XoFxWRS.exe
  C:\Windows\System\XoFxWRS.exe
  2⤵
  PID:5052
- C:\Windows\System\oFFmdbJ.exe
  C:\Windows\System\oFFmdbJ.exe
  2⤵
  PID:5088
- C:\Windows\System\MDbixEZ.exe
  C:\Windows\System\MDbixEZ.exe
  2⤵
  PID:2424
- C:\Windows\System\taNLNEV.exe
  C:\Windows\System\taNLNEV.exe
  2⤵
  PID:2340
- C:\Windows\System\AOiZRBh.exe
  C:\Windows\System\AOiZRBh.exe
  2⤵
  PID:3176
- C:\Windows\System\vgdSQaZ.exe
  C:\Windows\System\vgdSQaZ.exe
  2⤵
  PID:3500
- C:\Windows\System\ncTEkRV.exe
  C:\Windows\System\ncTEkRV.exe
  2⤵
  PID:3712
- C:\Windows\System\XmbSjhr.exe
  C:\Windows\System\XmbSjhr.exe
  2⤵
  PID:4020
- C:\Windows\System\ncTLPTS.exe
  C:\Windows\System\ncTLPTS.exe
  2⤵
  PID:4160
- C:\Windows\System\gnDaTww.exe
  C:\Windows\System\gnDaTww.exe
  2⤵
  PID:4196
- C:\Windows\System\nhGDUgF.exe
  C:\Windows\System\nhGDUgF.exe
  2⤵
  PID:4260
- C:\Windows\System\XJbnkmY.exe
  C:\Windows\System\XJbnkmY.exe
  2⤵
  PID:4320
- C:\Windows\System\QWDJFSQ.exe
  C:\Windows\System\QWDJFSQ.exe
  2⤵
  PID:4324
- C:\Windows\System\QdGYEYe.exe
  C:\Windows\System\QdGYEYe.exe
  2⤵
  PID:4420
- C:\Windows\System\LTtcDct.exe
  C:\Windows\System\LTtcDct.exe
  2⤵
  PID:4500
- C:\Windows\System\hNNVnHh.exe
  C:\Windows\System\hNNVnHh.exe
  2⤵
  PID:4528
- C:\Windows\System\eLMazrQ.exe
  C:\Windows\System\eLMazrQ.exe
  2⤵
  PID:4564
- C:\Windows\System\wAWsSSm.exe
  C:\Windows\System\wAWsSSm.exe
  2⤵
  PID:4648
- C:\Windows\System\hzHUyHe.exe
  C:\Windows\System\hzHUyHe.exe
  2⤵
  PID:4740
- C:\Windows\System\iegKBxw.exe
  C:\Windows\System\iegKBxw.exe
  2⤵
  PID:4744
- C:\Windows\System\cjQstLH.exe
  C:\Windows\System\cjQstLH.exe
  2⤵
  PID:4828
- C:\Windows\System\dLzjTyP.exe
  C:\Windows\System\dLzjTyP.exe
  2⤵
  PID:4904
- C:\Windows\System\oOahlMu.exe
  C:\Windows\System\oOahlMu.exe
  2⤵
  PID:4920
- C:\Windows\System\mmVTaxV.exe
  C:\Windows\System\mmVTaxV.exe
  2⤵
  PID:5008
- C:\Windows\System\lexzFop.exe
  C:\Windows\System\lexzFop.exe
  2⤵
  PID:5056
- C:\Windows\System\kRvteHj.exe
  C:\Windows\System\kRvteHj.exe
  2⤵
  PID:5112
- C:\Windows\System\wBnGYiR.exe
  C:\Windows\System\wBnGYiR.exe
  2⤵
  PID:2180
- C:\Windows\System\oUoPbOp.exe
  C:\Windows\System\oUoPbOp.exe
  2⤵
  PID:3576
- C:\Windows\System\plzutQf.exe
  C:\Windows\System\plzutQf.exe
  2⤵
  PID:3984
- C:\Windows\System\UepYuTd.exe
  C:\Windows\System\UepYuTd.exe
  2⤵
  PID:4100
- C:\Windows\System\UszORoL.exe
  C:\Windows\System\UszORoL.exe
  2⤵
  PID:5136
- C:\Windows\System\mgVoEra.exe
  C:\Windows\System\mgVoEra.exe
  2⤵
  PID:5156
- C:\Windows\System\WqIPOLt.exe
  C:\Windows\System\WqIPOLt.exe
  2⤵
  PID:5176
- C:\Windows\System\WdspDcv.exe
  C:\Windows\System\WdspDcv.exe
  2⤵
  PID:5196
- C:\Windows\System\gQmdgHm.exe
  C:\Windows\System\gQmdgHm.exe
  2⤵
  PID:5216
- C:\Windows\System\RuVtkjO.exe
  C:\Windows\System\RuVtkjO.exe
  2⤵
  PID:5236
- C:\Windows\System\LXvULVJ.exe
  C:\Windows\System\LXvULVJ.exe
  2⤵
  PID:5256
- C:\Windows\System\aAcvqMb.exe
  C:\Windows\System\aAcvqMb.exe
  2⤵
  PID:5276
- C:\Windows\System\WVIvDaB.exe
  C:\Windows\System\WVIvDaB.exe
  2⤵
  PID:5296
- C:\Windows\System\vBQDGHI.exe
  C:\Windows\System\vBQDGHI.exe
  2⤵
  PID:5316
- C:\Windows\System\IgcXQhK.exe
  C:\Windows\System\IgcXQhK.exe
  2⤵
  PID:5340
- C:\Windows\System\RTGuoso.exe
  C:\Windows\System\RTGuoso.exe
  2⤵
  PID:5360
- C:\Windows\System\WQmXRne.exe
  C:\Windows\System\WQmXRne.exe
  2⤵
  PID:5380
- C:\Windows\System\QeuXpAj.exe
  C:\Windows\System\QeuXpAj.exe
  2⤵
  PID:5400
- C:\Windows\System\xBPbKUs.exe
  C:\Windows\System\xBPbKUs.exe
  2⤵
  PID:5420
- C:\Windows\System\jplmYHj.exe
  C:\Windows\System\jplmYHj.exe
  2⤵
  PID:5440
- C:\Windows\System\wVyDknt.exe
  C:\Windows\System\wVyDknt.exe
  2⤵
  PID:5460
- C:\Windows\System\iyiknWq.exe
  C:\Windows\System\iyiknWq.exe
  2⤵
  PID:5480
- C:\Windows\System\mvsxJWI.exe
  C:\Windows\System\mvsxJWI.exe
  2⤵
  PID:5500
- C:\Windows\System\CLUjMsm.exe
  C:\Windows\System\CLUjMsm.exe
  2⤵
  PID:5520
- C:\Windows\System\AkXrYmB.exe
  C:\Windows\System\AkXrYmB.exe
  2⤵
  PID:5540
- C:\Windows\System\HqquQUi.exe
  C:\Windows\System\HqquQUi.exe
  2⤵
  PID:5560
- C:\Windows\System\lLjSyFD.exe
  C:\Windows\System\lLjSyFD.exe
  2⤵
  PID:5580
- C:\Windows\System\prtMncO.exe
  C:\Windows\System\prtMncO.exe
  2⤵
  PID:5600
- C:\Windows\System\lSNBCAy.exe
  C:\Windows\System\lSNBCAy.exe
  2⤵
  PID:5620
- C:\Windows\System\KzSYShE.exe
  C:\Windows\System\KzSYShE.exe
  2⤵
  PID:5640
- C:\Windows\System\CyIaisC.exe
  C:\Windows\System\CyIaisC.exe
  2⤵
  PID:5660
- C:\Windows\System\YIpNbRX.exe
  C:\Windows\System\YIpNbRX.exe
  2⤵
  PID:5680
- C:\Windows\System\ptBuXJT.exe
  C:\Windows\System\ptBuXJT.exe
  2⤵
  PID:5696
- C:\Windows\System\cwGVuue.exe
  C:\Windows\System\cwGVuue.exe
  2⤵
  PID:5720
- C:\Windows\System\mmGbJrQ.exe
  C:\Windows\System\mmGbJrQ.exe
  2⤵
  PID:5740
- C:\Windows\System\MGLDUpA.exe
  C:\Windows\System\MGLDUpA.exe
  2⤵
  PID:5760
- C:\Windows\System\jgtkccH.exe
  C:\Windows\System\jgtkccH.exe
  2⤵
  PID:5780
- C:\Windows\System\TNVcEBZ.exe
  C:\Windows\System\TNVcEBZ.exe
  2⤵
  PID:5800
- C:\Windows\System\CPGWsqJ.exe
  C:\Windows\System\CPGWsqJ.exe
  2⤵
  PID:5820
- C:\Windows\System\tgAIyxu.exe
  C:\Windows\System\tgAIyxu.exe
  2⤵
  PID:5840
- C:\Windows\System\WyivDGd.exe
  C:\Windows\System\WyivDGd.exe
  2⤵
  PID:5860
- C:\Windows\System\tlTKmIf.exe
  C:\Windows\System\tlTKmIf.exe
  2⤵
  PID:5880
- C:\Windows\System\mQeAVfU.exe
  C:\Windows\System\mQeAVfU.exe
  2⤵
  PID:5896
- C:\Windows\System\QydYoqt.exe
  C:\Windows\System\QydYoqt.exe
  2⤵
  PID:5920
- C:\Windows\System\JRxFHGt.exe
  C:\Windows\System\JRxFHGt.exe
  2⤵
  PID:5940
- C:\Windows\System\PMIfFzI.exe
  C:\Windows\System\PMIfFzI.exe
  2⤵
  PID:5960
- C:\Windows\System\oyDgIPN.exe
  C:\Windows\System\oyDgIPN.exe
  2⤵
  PID:5980
- C:\Windows\System\GCQcdmG.exe
  C:\Windows\System\GCQcdmG.exe
  2⤵
  PID:6000
- C:\Windows\System\hWZLiDu.exe
  C:\Windows\System\hWZLiDu.exe
  2⤵
  PID:6020
- C:\Windows\System\pbejWhR.exe
  C:\Windows\System\pbejWhR.exe
  2⤵
  PID:6040
- C:\Windows\System\dGkCVOW.exe
  C:\Windows\System\dGkCVOW.exe
  2⤵
  PID:6056
- C:\Windows\System\GEjwtoU.exe
  C:\Windows\System\GEjwtoU.exe
  2⤵
  PID:6080
- C:\Windows\System\XMyhrUL.exe
  C:\Windows\System\XMyhrUL.exe
  2⤵
  PID:6096
- C:\Windows\System\RZsQaev.exe
  C:\Windows\System\RZsQaev.exe
  2⤵
  PID:6116
- C:\Windows\System\cwfbZgS.exe
  C:\Windows\System\cwfbZgS.exe
  2⤵
  PID:6140
- C:\Windows\System\ceSMeqd.exe
  C:\Windows\System\ceSMeqd.exe
  2⤵
  PID:4308
- C:\Windows\System\LIJeoFp.exe
  C:\Windows\System\LIJeoFp.exe
  2⤵
  PID:4360
- C:\Windows\System\NdIAoZp.exe
  C:\Windows\System\NdIAoZp.exe
  2⤵
  PID:4504
- C:\Windows\System\kPCvgij.exe
  C:\Windows\System\kPCvgij.exe
  2⤵
  PID:4524
- C:\Windows\System\yYcnELC.exe
  C:\Windows\System\yYcnELC.exe
  2⤵
  PID:4604
- C:\Windows\System\PssFVUD.exe
  C:\Windows\System\PssFVUD.exe
  2⤵
  PID:4724
- C:\Windows\System\dTcOUpV.exe
  C:\Windows\System\dTcOUpV.exe
  2⤵
  PID:4820
- C:\Windows\System\pxGzxDP.exe
  C:\Windows\System\pxGzxDP.exe
  2⤵
  PID:4988
- C:\Windows\System\mQfJRnx.exe
  C:\Windows\System\mQfJRnx.exe
  2⤵
  PID:5028
- C:\Windows\System\rZtXbGS.exe
  C:\Windows\System\rZtXbGS.exe
  2⤵
  PID:3216
- C:\Windows\System\fqcdTbA.exe
  C:\Windows\System\fqcdTbA.exe
  2⤵
  PID:584
- C:\Windows\System\DecWqsV.exe
  C:\Windows\System\DecWqsV.exe
  2⤵
  PID:4140
- C:\Windows\System\PZvWdKh.exe
  C:\Windows\System\PZvWdKh.exe
  2⤵
  PID:5148
- C:\Windows\System\tLJXrBm.exe
  C:\Windows\System\tLJXrBm.exe
  2⤵
  PID:5192
- C:\Windows\System\UytfCOx.exe
  C:\Windows\System\UytfCOx.exe
  2⤵
  PID:5212
- C:\Windows\System\mqonmGg.exe
  C:\Windows\System\mqonmGg.exe
  2⤵
  PID:5252
- C:\Windows\System\yFNcgrn.exe
  C:\Windows\System\yFNcgrn.exe
  2⤵
  PID:5268
- C:\Windows\System\vRZoQgO.exe
  C:\Windows\System\vRZoQgO.exe
  2⤵
  PID:5308
- C:\Windows\System\lhskscv.exe
  C:\Windows\System\lhskscv.exe
  2⤵
  PID:5356
- C:\Windows\System\jnoKbXJ.exe
  C:\Windows\System\jnoKbXJ.exe
  2⤵
  PID:5392
- C:\Windows\System\etCVWMB.exe
  C:\Windows\System\etCVWMB.exe
  2⤵
  PID:5416
- C:\Windows\System\AKFBnMF.exe
  C:\Windows\System\AKFBnMF.exe
  2⤵
  PID:5468
- C:\Windows\System\mbHKBCM.exe
  C:\Windows\System\mbHKBCM.exe
  2⤵
  PID:5472
- C:\Windows\System\sCEtRxA.exe
  C:\Windows\System\sCEtRxA.exe
  2⤵
  PID:5496
- C:\Windows\System\ttcbmxz.exe
  C:\Windows\System\ttcbmxz.exe
  2⤵
  PID:5532
- C:\Windows\System\jpGnKnB.exe
  C:\Windows\System\jpGnKnB.exe
  2⤵
  PID:5588
- C:\Windows\System\nmAFRmN.exe
  C:\Windows\System\nmAFRmN.exe
  2⤵
  PID:5628
- C:\Windows\System\upqVHqN.exe
  C:\Windows\System\upqVHqN.exe
  2⤵
  PID:5632
- C:\Windows\System\CeVoXeB.exe
  C:\Windows\System\CeVoXeB.exe
  2⤵
  PID:5676
- C:\Windows\System\ihvLXSo.exe
  C:\Windows\System\ihvLXSo.exe
  2⤵
  PID:5688
- C:\Windows\System\ooNhtgm.exe
  C:\Windows\System\ooNhtgm.exe
  2⤵
  PID:5736
- C:\Windows\System\VJfQZZa.exe
  C:\Windows\System\VJfQZZa.exe
  2⤵
  PID:5768
- C:\Windows\System\labbBGo.exe
  C:\Windows\System\labbBGo.exe
  2⤵
  PID:5792
- C:\Windows\System\vnAOQSN.exe
  C:\Windows\System\vnAOQSN.exe
  2⤵
  PID:5868
- C:\Windows\System\wRqsXQB.exe
  C:\Windows\System\wRqsXQB.exe
  2⤵
  PID:5852
- C:\Windows\System\bFIVQEM.exe
  C:\Windows\System\bFIVQEM.exe
  2⤵
  PID:5888
- C:\Windows\System\BkvTAZM.exe
  C:\Windows\System\BkvTAZM.exe
  2⤵
  PID:5956
- C:\Windows\System\ElNSWtK.exe
  C:\Windows\System\ElNSWtK.exe
  2⤵
  PID:5968
- C:\Windows\System\dJHslKo.exe
  C:\Windows\System\dJHslKo.exe
  2⤵
  PID:6032
- C:\Windows\System\lwqTSDC.exe
  C:\Windows\System\lwqTSDC.exe
  2⤵
  PID:6076
- C:\Windows\System\YmuocFS.exe
  C:\Windows\System\YmuocFS.exe
  2⤵
  PID:6108
- C:\Windows\System\OchDtij.exe
  C:\Windows\System\OchDtij.exe
  2⤵
  PID:4268
- C:\Windows\System\UfluIGh.exe
  C:\Windows\System\UfluIGh.exe
  2⤵
  PID:6124
- C:\Windows\System\Ygyonkh.exe
  C:\Windows\System\Ygyonkh.exe
  2⤵
  PID:4368
- C:\Windows\System\MasYRaE.exe
  C:\Windows\System\MasYRaE.exe
  2⤵
  PID:4804
- C:\Windows\System\aibwRAo.exe
  C:\Windows\System\aibwRAo.exe
  2⤵
  PID:4480
- C:\Windows\System\CxaWhku.exe
  C:\Windows\System\CxaWhku.exe
  2⤵
  PID:3464
- C:\Windows\System\aRCgCks.exe
  C:\Windows\System\aRCgCks.exe
  2⤵
  PID:5124
- C:\Windows\System\pszsFyC.exe
  C:\Windows\System\pszsFyC.exe
  2⤵
  PID:5168
- C:\Windows\System\zcUhgRd.exe
  C:\Windows\System\zcUhgRd.exe
  2⤵
  PID:5272
- C:\Windows\System\TvPmZRi.exe
  C:\Windows\System\TvPmZRi.exe
  2⤵
  PID:5332
- C:\Windows\System\nLftrlR.exe
  C:\Windows\System\nLftrlR.exe
  2⤵
  PID:4176
- C:\Windows\System\CvxmAjt.exe
  C:\Windows\System\CvxmAjt.exe
  2⤵
  PID:5476
- C:\Windows\System\SsUUbll.exe
  C:\Windows\System\SsUUbll.exe
  2⤵
  PID:5228
- C:\Windows\System\Wnhrtow.exe
  C:\Windows\System\Wnhrtow.exe
  2⤵
  PID:5592
- C:\Windows\System\Ajdxtfe.exe
  C:\Windows\System\Ajdxtfe.exe
  2⤵
  PID:5352
- C:\Windows\System\LWuPJuD.exe
  C:\Windows\System\LWuPJuD.exe
  2⤵
  PID:5432
- C:\Windows\System\pGajrbU.exe
  C:\Windows\System\pGajrbU.exe
  2⤵
  PID:5712
- C:\Windows\System\cxzzvxT.exe
  C:\Windows\System\cxzzvxT.exe
  2⤵
  PID:5508
- C:\Windows\System\mzmlniK.exe
  C:\Windows\System\mzmlniK.exe
  2⤵
  PID:5872
- C:\Windows\System\WSzBuJP.exe
  C:\Windows\System\WSzBuJP.exe
  2⤵
  PID:5752
- C:\Windows\System\JfQYUfr.exe
  C:\Windows\System\JfQYUfr.exe
  2⤵
  PID:5928
- C:\Windows\System\NKAsHUs.exe
  C:\Windows\System\NKAsHUs.exe
  2⤵
  PID:5812
- C:\Windows\System\gkhofeM.exe
  C:\Windows\System\gkhofeM.exe
  2⤵
  PID:6036
- C:\Windows\System\PhDhUkb.exe
  C:\Windows\System\PhDhUkb.exe
  2⤵
  PID:5908
- C:\Windows\System\LIuLptQ.exe
  C:\Windows\System\LIuLptQ.exe
  2⤵
  PID:6104
- C:\Windows\System\pQuDbpK.exe
  C:\Windows\System\pQuDbpK.exe
  2⤵
  PID:4520
- C:\Windows\System\HpbpRxG.exe
  C:\Windows\System\HpbpRxG.exe
  2⤵
  PID:3304
- C:\Windows\System\xjzCBhH.exe
  C:\Windows\System\xjzCBhH.exe
  2⤵
  PID:5092
- C:\Windows\System\anvsinH.exe
  C:\Windows\System\anvsinH.exe
  2⤵
  PID:6052
- C:\Windows\System\rRorzbc.exe
  C:\Windows\System\rRorzbc.exe
  2⤵
  PID:3724
- C:\Windows\System\nTisBed.exe
  C:\Windows\System\nTisBed.exe
  2⤵
  PID:5572
- C:\Windows\System\vZgHpvJ.exe
  C:\Windows\System\vZgHpvJ.exe
  2⤵
  PID:4704
- C:\Windows\System\rIFUFIQ.exe
  C:\Windows\System\rIFUFIQ.exe
  2⤵
  PID:5656
- C:\Windows\System\kcGrOiv.exe
  C:\Windows\System\kcGrOiv.exe
  2⤵
  PID:5232
- C:\Windows\System\oJashbK.exe
  C:\Windows\System\oJashbK.exe
  2⤵
  PID:4120
- C:\Windows\System\cPsgIBB.exe
  C:\Windows\System\cPsgIBB.exe
  2⤵
  PID:5288
- C:\Windows\System\awEqzBE.exe
  C:\Windows\System\awEqzBE.exe
  2⤵
  PID:5552
- C:\Windows\System\KpeQZVc.exe
  C:\Windows\System\KpeQZVc.exe
  2⤵
  PID:5808
- C:\Windows\System\nKXCWfU.exe
  C:\Windows\System\nKXCWfU.exe
  2⤵
  PID:5576
- C:\Windows\System\SBaJkSm.exe
  C:\Windows\System\SBaJkSm.exe
  2⤵
  PID:1600
- C:\Windows\System\cpikLFL.exe
  C:\Windows\System\cpikLFL.exe
  2⤵
  PID:5836
- C:\Windows\System\qjpAnuA.exe
  C:\Windows\System\qjpAnuA.exe
  2⤵
  PID:6028
- C:\Windows\System\eppmrov.exe
  C:\Windows\System\eppmrov.exe
  2⤵
  PID:5536
- C:\Windows\System\TqXryNc.exe
  C:\Windows\System\TqXryNc.exe
  2⤵
  PID:5292
- C:\Windows\System\xRqCHlU.exe
  C:\Windows\System\xRqCHlU.exe
  2⤵
  PID:4628
- C:\Windows\System\BPDCRMA.exe
  C:\Windows\System\BPDCRMA.exe
  2⤵
  PID:6064
- C:\Windows\System\HLMmKaT.exe
  C:\Windows\System\HLMmKaT.exe
  2⤵
  PID:5132
- C:\Windows\System\AMmpwhZ.exe
  C:\Windows\System\AMmpwhZ.exe
  2⤵
  PID:6152
- C:\Windows\System\iJwgjDF.exe
  C:\Windows\System\iJwgjDF.exe
  2⤵
  PID:6172
- C:\Windows\System\wVIkMQj.exe
  C:\Windows\System\wVIkMQj.exe
  2⤵
  PID:6188
- C:\Windows\System\PvulpGo.exe
  C:\Windows\System\PvulpGo.exe
  2⤵
  PID:6212
- C:\Windows\System\CdNrOSZ.exe
  C:\Windows\System\CdNrOSZ.exe
  2⤵
  PID:6228
- C:\Windows\System\yCNAHJq.exe
  C:\Windows\System\yCNAHJq.exe
  2⤵
  PID:6248
- C:\Windows\System\OLyNRWI.exe
  C:\Windows\System\OLyNRWI.exe
  2⤵
  PID:6268
- C:\Windows\System\OXNwwip.exe
  C:\Windows\System\OXNwwip.exe
  2⤵
  PID:6288
- C:\Windows\System\kdiCQGy.exe
  C:\Windows\System\kdiCQGy.exe
  2⤵
  PID:6304
- C:\Windows\System\DhYpnUk.exe
  C:\Windows\System\DhYpnUk.exe
  2⤵
  PID:6328
- C:\Windows\System\IXerJZs.exe
  C:\Windows\System\IXerJZs.exe
  2⤵
  PID:6344
- C:\Windows\System\cJflXlg.exe
  C:\Windows\System\cJflXlg.exe
  2⤵
  PID:6364
- C:\Windows\System\nPzGUQC.exe
  C:\Windows\System\nPzGUQC.exe
  2⤵
  PID:6388
- C:\Windows\System\mhbWhCt.exe
  C:\Windows\System\mhbWhCt.exe
  2⤵
  PID:6404
- C:\Windows\System\nwlmBuC.exe
  C:\Windows\System\nwlmBuC.exe
  2⤵
  PID:6436
- C:\Windows\System\iqrjaEm.exe
  C:\Windows\System\iqrjaEm.exe
  2⤵
  PID:6464
- C:\Windows\System\vFTxHMg.exe
  C:\Windows\System\vFTxHMg.exe
  2⤵
  PID:6484
- C:\Windows\System\BnrUPcf.exe
  C:\Windows\System\BnrUPcf.exe
  2⤵
  PID:6504
- C:\Windows\System\CTCqhbx.exe
  C:\Windows\System\CTCqhbx.exe
  2⤵
  PID:6520
- C:\Windows\System\xDWjTJJ.exe
  C:\Windows\System\xDWjTJJ.exe
  2⤵
  PID:6548
- C:\Windows\System\iZscWIg.exe
  C:\Windows\System\iZscWIg.exe
  2⤵
  PID:6568
- C:\Windows\System\dGiaAXf.exe
  C:\Windows\System\dGiaAXf.exe
  2⤵
  PID:6588
- C:\Windows\System\GTbSHWm.exe
  C:\Windows\System\GTbSHWm.exe
  2⤵
  PID:6608
- C:\Windows\System\pOYpbrU.exe
  C:\Windows\System\pOYpbrU.exe
  2⤵
  PID:6628
- C:\Windows\System\VVKmJng.exe
  C:\Windows\System\VVKmJng.exe
  2⤵
  PID:6644
- C:\Windows\System\tyxSBVO.exe
  C:\Windows\System\tyxSBVO.exe
  2⤵
  PID:6668
- C:\Windows\System\rACuhTp.exe
  C:\Windows\System\rACuhTp.exe
  2⤵
  PID:6688
- C:\Windows\System\MvZQnCU.exe
  C:\Windows\System\MvZQnCU.exe
  2⤵
  PID:6704
- C:\Windows\System\vrLIrtW.exe
  C:\Windows\System\vrLIrtW.exe
  2⤵
  PID:6724
- C:\Windows\System\ArLZgLX.exe
  C:\Windows\System\ArLZgLX.exe
  2⤵
  PID:6744
- C:\Windows\System\BHgVioH.exe
  C:\Windows\System\BHgVioH.exe
  2⤵
  PID:6760
- C:\Windows\System\JUJnSsn.exe
  C:\Windows\System\JUJnSsn.exe
  2⤵
  PID:6784
- C:\Windows\System\wkQlHaa.exe
  C:\Windows\System\wkQlHaa.exe
  2⤵
  PID:6804
- C:\Windows\System\OZmIQQy.exe
  C:\Windows\System\OZmIQQy.exe
  2⤵
  PID:6824
- C:\Windows\System\RSrUYza.exe
  C:\Windows\System\RSrUYza.exe
  2⤵
  PID:6844
- C:\Windows\System\uBchuYc.exe
  C:\Windows\System\uBchuYc.exe
  2⤵
  PID:6864
- C:\Windows\System\vQqZPci.exe
  C:\Windows\System\vQqZPci.exe
  2⤵
  PID:6884
- C:\Windows\System\UbiQUGO.exe
  C:\Windows\System\UbiQUGO.exe
  2⤵
  PID:6904
- C:\Windows\System\doZfxRL.exe
  C:\Windows\System\doZfxRL.exe
  2⤵
  PID:6924
- C:\Windows\System\enuuEmP.exe
  C:\Windows\System\enuuEmP.exe
  2⤵
  PID:6944
- C:\Windows\System\luBpMGQ.exe
  C:\Windows\System\luBpMGQ.exe
  2⤵
  PID:6960
- C:\Windows\System\MoqVeVR.exe
  C:\Windows\System\MoqVeVR.exe
  2⤵
  PID:6984
- C:\Windows\System\oCyRlTn.exe
  C:\Windows\System\oCyRlTn.exe
  2⤵
  PID:7008
- C:\Windows\System\SDqdryr.exe
  C:\Windows\System\SDqdryr.exe
  2⤵
  PID:7024
- C:\Windows\System\yOkdhkk.exe
  C:\Windows\System\yOkdhkk.exe
  2⤵
  PID:7044
- C:\Windows\System\AobJlaq.exe
  C:\Windows\System\AobJlaq.exe
  2⤵
  PID:7064
- C:\Windows\System\EVkGMxt.exe
  C:\Windows\System\EVkGMxt.exe
  2⤵
  PID:7084
- C:\Windows\System\ygUtUDd.exe
  C:\Windows\System\ygUtUDd.exe
  2⤵
  PID:7104
- C:\Windows\System\ILSXjxM.exe
  C:\Windows\System\ILSXjxM.exe
  2⤵
  PID:7124
- C:\Windows\System\pmhZDSv.exe
  C:\Windows\System\pmhZDSv.exe
  2⤵
  PID:7144
- C:\Windows\System\DIzWBtD.exe
  C:\Windows\System\DIzWBtD.exe
  2⤵
  PID:7164
- C:\Windows\System\yhRZFVx.exe
  C:\Windows\System\yhRZFVx.exe
  2⤵
  PID:4784
- C:\Windows\System\egnvzKi.exe
  C:\Windows\System\egnvzKi.exe
  2⤵
  PID:6184
- C:\Windows\System\OKDwYUN.exe
  C:\Windows\System\OKDwYUN.exe
  2⤵
  PID:6224
- C:\Windows\System\TOMjiTl.exe
  C:\Windows\System\TOMjiTl.exe
  2⤵
  PID:5648
- C:\Windows\System\KkEBFdc.exe
  C:\Windows\System\KkEBFdc.exe
  2⤵
  PID:5728
- C:\Windows\System\eDfsBUH.exe
  C:\Windows\System\eDfsBUH.exe
  2⤵
  PID:5912
- C:\Windows\System\bYCbyAE.exe
  C:\Windows\System\bYCbyAE.exe
  2⤵
  PID:5708
- C:\Windows\System\UHSYixZ.exe
  C:\Windows\System\UHSYixZ.exe
  2⤵
  PID:6384
- C:\Windows\System\ZwjwKII.exe
  C:\Windows\System\ZwjwKII.exe
  2⤵
  PID:6088
- C:\Windows\System\ieKxtMH.exe
  C:\Windows\System\ieKxtMH.exe
  2⤵
  PID:6412
- C:\Windows\System\mZcoWlZ.exe
  C:\Windows\System\mZcoWlZ.exe
  2⤵
  PID:6284
- C:\Windows\System\woAJASK.exe
  C:\Windows\System\woAJASK.exe
  2⤵
  PID:6360
- C:\Windows\System\PCGUGUm.exe
  C:\Windows\System\PCGUGUm.exe
  2⤵
  PID:6356
- C:\Windows\System\zcQqhdd.exe
  C:\Windows\System\zcQqhdd.exe
  2⤵
  PID:6276
- C:\Windows\System\KXtQIlW.exe
  C:\Windows\System\KXtQIlW.exe
  2⤵
  PID:6428
- C:\Windows\System\ObImzIq.exe
  C:\Windows\System\ObImzIq.exe
  2⤵
  PID:2440
- C:\Windows\System\bCnjBKi.exe
  C:\Windows\System\bCnjBKi.exe
  2⤵
  PID:6556
- C:\Windows\System\AIrJpfp.exe
  C:\Windows\System\AIrJpfp.exe
  2⤵
  PID:6456
- C:\Windows\System\DdUARmK.exe
  C:\Windows\System\DdUARmK.exe
  2⤵
  PID:6600
- C:\Windows\System\zAfmCCd.exe
  C:\Windows\System\zAfmCCd.exe
  2⤵
  PID:6676
- C:\Windows\System\sbBXrUE.exe
  C:\Windows\System\sbBXrUE.exe
  2⤵
  PID:6712
- C:\Windows\System\jqOygVe.exe
  C:\Windows\System\jqOygVe.exe
  2⤵
  PID:6532
- C:\Windows\System\qyLBWDZ.exe
  C:\Windows\System\qyLBWDZ.exe
  2⤵
  PID:6576
- C:\Windows\System\BhcWHjI.exe
  C:\Windows\System\BhcWHjI.exe
  2⤵
  PID:6796
- C:\Windows\System\RqmMcCH.exe
  C:\Windows\System\RqmMcCH.exe
  2⤵
  PID:6840
- C:\Windows\System\idOiJXS.exe
  C:\Windows\System\idOiJXS.exe
  2⤵
  PID:6664
- C:\Windows\System\YKsAMSX.exe
  C:\Windows\System\YKsAMSX.exe
  2⤵
  PID:6700
- C:\Windows\System\oYkSepP.exe
  C:\Windows\System\oYkSepP.exe
  2⤵
  PID:6912
- C:\Windows\System\YqeEpNE.exe
  C:\Windows\System\YqeEpNE.exe
  2⤵
  PID:6768
- C:\Windows\System\aFdsAaM.exe
  C:\Windows\System\aFdsAaM.exe
  2⤵
  PID:6780
- C:\Windows\System\yVMJUnw.exe
  C:\Windows\System\yVMJUnw.exe
  2⤵
  PID:6812
- C:\Windows\System\JpyDKlp.exe
  C:\Windows\System\JpyDKlp.exe
  2⤵
  PID:6852
- C:\Windows\System\anrhswk.exe
  C:\Windows\System\anrhswk.exe
  2⤵
  PID:6936
- C:\Windows\System\dATtjHp.exe
  C:\Windows\System\dATtjHp.exe
  2⤵
  PID:6976
- C:\Windows\System\bKCvsGp.exe
  C:\Windows\System\bKCvsGp.exe
  2⤵
  PID:6180
- C:\Windows\System\JCFQHXo.exe
  C:\Windows\System\JCFQHXo.exe
  2⤵
  PID:7056
- C:\Windows\System\ICQDowd.exe
  C:\Windows\System\ICQDowd.exe
  2⤵
  PID:7092
- C:\Windows\System\BrimDKM.exe
  C:\Windows\System\BrimDKM.exe
  2⤵
  PID:5068
- C:\Windows\System\EjwsSaw.exe
  C:\Windows\System\EjwsSaw.exe
  2⤵
  PID:7132
- C:\Windows\System\NssOwrR.exe
  C:\Windows\System\NssOwrR.exe
  2⤵
  PID:5816
- C:\Windows\System\xUTmgRC.exe
  C:\Windows\System\xUTmgRC.exe
  2⤵
  PID:4680
- C:\Windows\System\IWwzDgn.exe
  C:\Windows\System\IWwzDgn.exe
  2⤵
  PID:6300
- C:\Windows\System\lfrNgZP.exe
  C:\Windows\System\lfrNgZP.exe
  2⤵
  PID:6320
- C:\Windows\System\rYjIGHJ.exe
  C:\Windows\System\rYjIGHJ.exe
  2⤵
  PID:6280
- C:\Windows\System\QfZhmrE.exe
  C:\Windows\System\QfZhmrE.exe
  2⤵
  PID:5636
- C:\Windows\System\NSblqlY.exe
  C:\Windows\System\NSblqlY.exe
  2⤵
  PID:4560
- C:\Windows\System\tgYkAux.exe
  C:\Windows\System\tgYkAux.exe
  2⤵
  PID:6792
- C:\Windows\System\YyecZJt.exe
  C:\Windows\System\YyecZJt.exe
  2⤵
  PID:6660
- C:\Windows\System\mZnIKBq.exe
  C:\Windows\System\mZnIKBq.exe
  2⤵
  PID:6736
- C:\Windows\System\hQfeXnz.exe
  C:\Windows\System\hQfeXnz.exe
  2⤵
  PID:6820
- C:\Windows\System\egJHELv.exe
  C:\Windows\System\egJHELv.exe
  2⤵
  PID:6196
- C:\Windows\System\QXmISFt.exe
  C:\Windows\System\QXmISFt.exe
  2⤵
  PID:6444
- C:\Windows\System\VpdvFeP.exe
  C:\Windows\System\VpdvFeP.exe
  2⤵
  PID:6716
- C:\Windows\System\cvbTlfb.exe
  C:\Windows\System\cvbTlfb.exe
  2⤵
  PID:7036
- C:\Windows\System\fujWLnR.exe
  C:\Windows\System\fujWLnR.exe
  2⤵
  PID:2064
- C:\Windows\System\HnSwrqB.exe
  C:\Windows\System\HnSwrqB.exe
  2⤵
  PID:6260
- C:\Windows\System\xixjGnX.exe
  C:\Windows\System\xixjGnX.exe
  2⤵
  PID:2156
- C:\Windows\System\Uolhilp.exe
  C:\Windows\System\Uolhilp.exe
  2⤵
  PID:2644
- C:\Windows\System\umbsmzP.exe
  C:\Windows\System\umbsmzP.exe
  2⤵
  PID:6220
- C:\Windows\System\ONRTHau.exe
  C:\Windows\System\ONRTHau.exe
  2⤵
  PID:6316
- C:\Windows\System\fQhVEJY.exe
  C:\Windows\System\fQhVEJY.exe
  2⤵
  PID:6800
- C:\Windows\System\kFAJrDh.exe
  C:\Windows\System\kFAJrDh.exe
  2⤵
  PID:2912
- C:\Windows\System\kzjbExu.exe
  C:\Windows\System\kzjbExu.exe
  2⤵
  PID:6528
- C:\Windows\System\TYaQUuL.exe
  C:\Windows\System\TYaQUuL.exe
  2⤵
  PID:6236
- C:\Windows\System\eiAXfqv.exe
  C:\Windows\System\eiAXfqv.exe
  2⤵
  PID:6168
- C:\Windows\System\XxxCBrn.exe
  C:\Windows\System\XxxCBrn.exe
  2⤵
  PID:6480
- C:\Windows\System\PFbXEWw.exe
  C:\Windows\System\PFbXEWw.exe
  2⤵
  PID:6680
- C:\Windows\System\MnbFkAU.exe
  C:\Windows\System\MnbFkAU.exe
  2⤵
  PID:6832
- C:\Windows\System\regRMoN.exe
  C:\Windows\System\regRMoN.exe
  2⤵
  PID:6580
- C:\Windows\System\xFyFLhj.exe
  C:\Windows\System\xFyFLhj.exe
  2⤵
  PID:2804
- C:\Windows\System\UqZDdMe.exe
  C:\Windows\System\UqZDdMe.exe
  2⤵
  PID:2416
- C:\Windows\System\szBIBpE.exe
  C:\Windows\System\szBIBpE.exe
  2⤵
  PID:1848
- C:\Windows\System\UfRBSwv.exe
  C:\Windows\System\UfRBSwv.exe
  2⤵
  PID:4348
- C:\Windows\System\GIEIsES.exe
  C:\Windows\System\GIEIsES.exe
  2⤵
  PID:4968
- C:\Windows\System\Heacywl.exe
  C:\Windows\System\Heacywl.exe
  2⤵
  PID:2660
- C:\Windows\System\ypVWYCX.exe
  C:\Windows\System\ypVWYCX.exe
  2⤵
  PID:7136
- C:\Windows\System\YlmmKjm.exe
  C:\Windows\System\YlmmKjm.exe
  2⤵
  PID:4928
- C:\Windows\System\txbJbDE.exe
  C:\Windows\System\txbJbDE.exe
  2⤵
  PID:2908
- C:\Windows\System\ANtUUoH.exe
  C:\Windows\System\ANtUUoH.exe
  2⤵
  PID:6472
- C:\Windows\System\ppSRaxy.exe
  C:\Windows\System\ppSRaxy.exe
  2⤵
  PID:6636
- C:\Windows\System\PiUbONX.exe
  C:\Windows\System\PiUbONX.exe
  2⤵
  PID:6400
- C:\Windows\System\fyLYLpR.exe
  C:\Windows\System\fyLYLpR.exe
  2⤵
  PID:5892
- C:\Windows\System\XIjCRzZ.exe
  C:\Windows\System\XIjCRzZ.exe
  2⤵
  PID:2904
- C:\Windows\System\wdUKtGw.exe
  C:\Windows\System\wdUKtGw.exe
  2⤵
  PID:7152
- C:\Windows\System\EjvrCXk.exe
  C:\Windows\System\EjvrCXk.exe
  2⤵
  PID:7176
- C:\Windows\System\ZULpyAI.exe
  C:\Windows\System\ZULpyAI.exe
  2⤵
  PID:7192
- C:\Windows\System\NGMpIny.exe
  C:\Windows\System\NGMpIny.exe
  2⤵
  PID:7212
- C:\Windows\System\fxwZhqA.exe
  C:\Windows\System\fxwZhqA.exe
  2⤵
  PID:7232
- C:\Windows\System\mkFVeXE.exe
  C:\Windows\System\mkFVeXE.exe
  2⤵
  PID:7256
- C:\Windows\System\zTABEMS.exe
  C:\Windows\System\zTABEMS.exe
  2⤵
  PID:7272
- C:\Windows\System\OYrkOBU.exe
  C:\Windows\System\OYrkOBU.exe
  2⤵
  PID:7288
- C:\Windows\System\lVvViwS.exe
  C:\Windows\System\lVvViwS.exe
  2⤵
  PID:7312
- C:\Windows\System\QqZdAQe.exe
  C:\Windows\System\QqZdAQe.exe
  2⤵
  PID:7328
- C:\Windows\System\ArruPgz.exe
  C:\Windows\System\ArruPgz.exe
  2⤵
  PID:7344
- C:\Windows\System\stTrubp.exe
  C:\Windows\System\stTrubp.exe
  2⤵
  PID:7364
- C:\Windows\System\iydzSYe.exe
  C:\Windows\System\iydzSYe.exe
  2⤵
  PID:7380
- C:\Windows\System\Hossrft.exe
  C:\Windows\System\Hossrft.exe
  2⤵
  PID:7408
- C:\Windows\System\eCIWDbD.exe
  C:\Windows\System\eCIWDbD.exe
  2⤵
  PID:7424
- C:\Windows\System\lkyBqwm.exe
  C:\Windows\System\lkyBqwm.exe
  2⤵
  PID:7448
- C:\Windows\System\ESkwcwp.exe
  C:\Windows\System\ESkwcwp.exe
  2⤵
  PID:7464
- C:\Windows\System\adsMFxW.exe
  C:\Windows\System\adsMFxW.exe
  2⤵
  PID:7480
- C:\Windows\System\EWPRmYM.exe
  C:\Windows\System\EWPRmYM.exe
  2⤵
  PID:7496
- C:\Windows\System\BnOVyFO.exe
  C:\Windows\System\BnOVyFO.exe
  2⤵
  PID:7516
- C:\Windows\System\gQIOWDS.exe
  C:\Windows\System\gQIOWDS.exe
  2⤵
  PID:7532
- C:\Windows\System\qOxJLAr.exe
  C:\Windows\System\qOxJLAr.exe
  2⤵
  PID:7548
- C:\Windows\System\MxDBNcV.exe
  C:\Windows\System\MxDBNcV.exe
  2⤵
  PID:7564
- C:\Windows\System\BlQONKi.exe
  C:\Windows\System\BlQONKi.exe
  2⤵
  PID:7672
- C:\Windows\System\BLmOmNt.exe
  C:\Windows\System\BLmOmNt.exe
  2⤵
  PID:7688
- C:\Windows\System\wuiHuvq.exe
  C:\Windows\System\wuiHuvq.exe
  2⤵
  PID:7704
- C:\Windows\System\hCyDvXI.exe
  C:\Windows\System\hCyDvXI.exe
  2⤵
  PID:7720
- C:\Windows\System\iRxYIRd.exe
  C:\Windows\System\iRxYIRd.exe
  2⤵
  PID:7736
- C:\Windows\System\pZzFpxV.exe
  C:\Windows\System\pZzFpxV.exe
  2⤵
  PID:7756
- C:\Windows\System\WaCVxui.exe
  C:\Windows\System\WaCVxui.exe
  2⤵
  PID:7772
- C:\Windows\System\qzvnfDc.exe
  C:\Windows\System\qzvnfDc.exe
  2⤵
  PID:7788
- C:\Windows\System\suRkzPk.exe
  C:\Windows\System\suRkzPk.exe
  2⤵
  PID:7816
- C:\Windows\System\LrUrfxO.exe
  C:\Windows\System\LrUrfxO.exe
  2⤵
  PID:7856
- C:\Windows\System\qKrJCsQ.exe
  C:\Windows\System\qKrJCsQ.exe
  2⤵
  PID:7872
- C:\Windows\System\mVyCMwR.exe
  C:\Windows\System\mVyCMwR.exe
  2⤵
  PID:7888
- C:\Windows\System\IUokDpb.exe
  C:\Windows\System\IUokDpb.exe
  2⤵
  PID:7908
- C:\Windows\System\xPjXtSA.exe
  C:\Windows\System\xPjXtSA.exe
  2⤵
  PID:7936
- C:\Windows\System\PDNnkex.exe
  C:\Windows\System\PDNnkex.exe
  2⤵
  PID:7956
- C:\Windows\System\zVsMVGj.exe
  C:\Windows\System\zVsMVGj.exe
  2⤵
  PID:7972
- C:\Windows\System\YBohwQq.exe
  C:\Windows\System\YBohwQq.exe
  2⤵
  PID:7988
- C:\Windows\System\vXzXPSA.exe
  C:\Windows\System\vXzXPSA.exe
  2⤵
  PID:8016
- C:\Windows\System\qoJieIl.exe
  C:\Windows\System\qoJieIl.exe
  2⤵
  PID:8032
- C:\Windows\System\xNWmkYJ.exe
  C:\Windows\System\xNWmkYJ.exe
  2⤵
  PID:8060
- C:\Windows\System\NLwgdiS.exe
  C:\Windows\System\NLwgdiS.exe
  2⤵
  PID:8076
- C:\Windows\System\BrAXyAE.exe
  C:\Windows\System\BrAXyAE.exe
  2⤵
  PID:8092
- C:\Windows\System\PMnwbHb.exe
  C:\Windows\System\PMnwbHb.exe
  2⤵
  PID:8112
- C:\Windows\System\skJVbOt.exe
  C:\Windows\System\skJVbOt.exe
  2⤵
  PID:8128
- C:\Windows\System\SyAlITq.exe
  C:\Windows\System\SyAlITq.exe
  2⤵
  PID:8144
- C:\Windows\System\dRqMVcT.exe
  C:\Windows\System\dRqMVcT.exe
  2⤵
  PID:8160
- C:\Windows\System\VfnArcT.exe
  C:\Windows\System\VfnArcT.exe
  2⤵
  PID:8176
- C:\Windows\System\EBRZbFW.exe
  C:\Windows\System\EBRZbFW.exe
  2⤵
  PID:6160
- C:\Windows\System\GEmzPpp.exe
  C:\Windows\System\GEmzPpp.exe
  2⤵
  PID:2936
- C:\Windows\System\yWOcweL.exe
  C:\Windows\System\yWOcweL.exe
  2⤵
  PID:2320
- C:\Windows\System\WwEwUqV.exe
  C:\Windows\System\WwEwUqV.exe
  2⤵
  PID:7208
- C:\Windows\System\ACRnzUn.exe
  C:\Windows\System\ACRnzUn.exe
  2⤵
  PID:5756
- C:\Windows\System\IoxjMnL.exe
  C:\Windows\System\IoxjMnL.exe
  2⤵
  PID:1716
- C:\Windows\System\YYvNJeC.exe
  C:\Windows\System\YYvNJeC.exe
  2⤵
  PID:6776
- C:\Windows\System\fIJouXW.exe
  C:\Windows\System\fIJouXW.exe
  2⤵
  PID:316
- C:\Windows\System\jbvqGhi.exe
  C:\Windows\System\jbvqGhi.exe
  2⤵
  PID:7184
- C:\Windows\System\DCfFYPV.exe
  C:\Windows\System\DCfFYPV.exe
  2⤵
  PID:7228
- C:\Windows\System\jmiEUHS.exe
  C:\Windows\System\jmiEUHS.exe
  2⤵
  PID:7304
- C:\Windows\System\CPaZSHG.exe
  C:\Windows\System\CPaZSHG.exe
  2⤵
  PID:7376
- C:\Windows\System\xDibRwG.exe
  C:\Windows\System\xDibRwG.exe
  2⤵
  PID:7204
- C:\Windows\System\GVbWSDX.exe
  C:\Windows\System\GVbWSDX.exe
  2⤵
  PID:7352
- C:\Windows\System\gUCgVRW.exe
  C:\Windows\System\gUCgVRW.exe
  2⤵
  PID:7392
- C:\Windows\System\GOxWhYh.exe
  C:\Windows\System\GOxWhYh.exe
  2⤵
  PID:7440
- C:\Windows\System\fDcWiGa.exe
  C:\Windows\System\fDcWiGa.exe
  2⤵
  PID:7556
- C:\Windows\System\nxQgXBE.exe
  C:\Windows\System\nxQgXBE.exe
  2⤵
  PID:7600
- C:\Windows\System\sZDMqXx.exe
  C:\Windows\System\sZDMqXx.exe
  2⤵
  PID:7584
- C:\Windows\System\aLxkKCH.exe
  C:\Windows\System\aLxkKCH.exe
  2⤵
  PID:684
- C:\Windows\System\RQUdkyO.exe
  C:\Windows\System\RQUdkyO.exe
  2⤵
  PID:2972
- C:\Windows\System\ngGmlrr.exe
  C:\Windows\System\ngGmlrr.exe
  2⤵
  PID:7616
- C:\Windows\System\ufbtbpY.exe
  C:\Windows\System\ufbtbpY.exe
  2⤵
  PID:7636
- C:\Windows\System\tJCePXo.exe
  C:\Windows\System\tJCePXo.exe
  2⤵
  PID:908
- C:\Windows\System\uhGVfAQ.exe
  C:\Windows\System\uhGVfAQ.exe
  2⤵
  PID:7716
- C:\Windows\System\gRlEGkH.exe
  C:\Windows\System\gRlEGkH.exe
  2⤵
  PID:7660
- C:\Windows\System\leKkiRz.exe
  C:\Windows\System\leKkiRz.exe
  2⤵
  PID:7700
- C:\Windows\System\vbWWEBF.exe
  C:\Windows\System\vbWWEBF.exe
  2⤵
  PID:7780
- C:\Windows\System\dLAHLNJ.exe
  C:\Windows\System\dLAHLNJ.exe
  2⤵
  PID:7784
- C:\Windows\System\jXXOuAF.exe
  C:\Windows\System\jXXOuAF.exe
  2⤵
  PID:7832
- C:\Windows\System\HnfzXsx.exe
  C:\Windows\System\HnfzXsx.exe
  2⤵
  PID:7844
- C:\Windows\System\tguWBzM.exe
  C:\Windows\System\tguWBzM.exe
  2⤵
  PID:7800
- C:\Windows\System\SGsFTud.exe
  C:\Windows\System\SGsFTud.exe
  2⤵
  PID:2120
- C:\Windows\System\UOXvyMd.exe
  C:\Windows\System\UOXvyMd.exe
  2⤵
  PID:7828
- C:\Windows\System\wifGhFj.exe
  C:\Windows\System\wifGhFj.exe
  2⤵
  PID:7884
- C:\Windows\System\SNZPoKz.exe
  C:\Windows\System\SNZPoKz.exe
  2⤵
  PID:2428
- C:\Windows\System\RWFoINc.exe
  C:\Windows\System\RWFoINc.exe
  2⤵
  PID:7964
- C:\Windows\System\OMtKLOo.exe
  C:\Windows\System\OMtKLOo.exe
  2⤵
  PID:7996
- C:\Windows\System\DKGSBKP.exe
  C:\Windows\System\DKGSBKP.exe
  2⤵
  PID:8004
- C:\Windows\System\yXndmst.exe
  C:\Windows\System\yXndmst.exe
  2⤵
  PID:8048
- C:\Windows\System\tHaTVMj.exe
  C:\Windows\System\tHaTVMj.exe
  2⤵
  PID:7984
- C:\Windows\System\MaRRkup.exe
  C:\Windows\System\MaRRkup.exe
  2⤵
  PID:8156
- C:\Windows\System\XnDKxZi.exe
  C:\Windows\System\XnDKxZi.exe
  2⤵
  PID:8104
- C:\Windows\System\FjzdFJQ.exe
  C:\Windows\System\FjzdFJQ.exe
  2⤵
  PID:8140
- C:\Windows\System\MWNMvdd.exe
  C:\Windows\System\MWNMvdd.exe
  2⤵
  PID:6372
- C:\Windows\System\WVNkvfy.exe
  C:\Windows\System\WVNkvfy.exe
  2⤵
  PID:2732
- C:\Windows\System\BofkjnF.exe
  C:\Windows\System\BofkjnF.exe
  2⤵
  PID:7248
- C:\Windows\System\cCAfqDl.exe
  C:\Windows\System\cCAfqDl.exe
  2⤵
  PID:7120
- C:\Windows\System\DdNUAPW.exe
  C:\Windows\System\DdNUAPW.exe
  2⤵
  PID:7140
- C:\Windows\System\SxbOvRp.exe
  C:\Windows\System\SxbOvRp.exe
  2⤵
  PID:7200
- C:\Windows\System\AzomOjT.exe
  C:\Windows\System\AzomOjT.exe
  2⤵
  PID:7284
- C:\Windows\System\hhdFXRm.exe
  C:\Windows\System\hhdFXRm.exe
  2⤵
  PID:7296
- C:\Windows\System\VWlcdpu.exe
  C:\Windows\System\VWlcdpu.exe
  2⤵
  PID:7488
- C:\Windows\System\ptZEAnp.exe
  C:\Windows\System\ptZEAnp.exe
  2⤵
  PID:7400
- C:\Windows\System\XdRYNNm.exe
  C:\Windows\System\XdRYNNm.exe
  2⤵
  PID:2996
- C:\Windows\System\iWfjlkF.exe
  C:\Windows\System\iWfjlkF.exe
  2⤵
  PID:7524
- C:\Windows\System\AiaIvAk.exe
  C:\Windows\System\AiaIvAk.exe
  2⤵
  PID:7512
- C:\Windows\System\AbPauIm.exe
  C:\Windows\System\AbPauIm.exe
  2⤵
  PID:7572
- C:\Windows\System\dhkWMjG.exe
  C:\Windows\System\dhkWMjG.exe
  2⤵
  PID:2704
- C:\Windows\System\HXUCACi.exe
  C:\Windows\System\HXUCACi.exe
  2⤵
  PID:7560
- C:\Windows\System\oCtoNaQ.exe
  C:\Windows\System\oCtoNaQ.exe
  2⤵
  PID:7696
- C:\Windows\System\WzVILHW.exe
  C:\Windows\System\WzVILHW.exe
  2⤵
  PID:7612
- C:\Windows\System\RtROmXo.exe
  C:\Windows\System\RtROmXo.exe
  2⤵
  PID:2892
- C:\Windows\System\RbYkxhh.exe
  C:\Windows\System\RbYkxhh.exe
  2⤵
  PID:7812
- C:\Windows\System\TWAahQr.exe
  C:\Windows\System\TWAahQr.exe
  2⤵
  PID:7924
- C:\Windows\System\poSrtbc.exe
  C:\Windows\System\poSrtbc.exe
  2⤵
  PID:8028
- C:\Windows\System\isaQiRO.exe
  C:\Windows\System\isaQiRO.exe
  2⤵
  PID:8056
- C:\Windows\System\MCfkjcW.exe
  C:\Windows\System\MCfkjcW.exe
  2⤵
  PID:8068
- C:\Windows\System\wLYxlyo.exe
  C:\Windows\System\wLYxlyo.exe
  2⤵
  PID:7268
- C:\Windows\System\coxcPgQ.exe
  C:\Windows\System\coxcPgQ.exe
  2⤵
  PID:6956
- C:\Windows\System\hMxWZVY.exe
  C:\Windows\System\hMxWZVY.exe
  2⤵
  PID:7360
- C:\Windows\System\YJTytRb.exe
  C:\Windows\System\YJTytRb.exe
  2⤵
  PID:1148
- C:\Windows\System\FyoRwJK.exe
  C:\Windows\System\FyoRwJK.exe
  2⤵
  PID:7172
- C:\Windows\System\wLcdIcM.exe
  C:\Windows\System\wLcdIcM.exe
  2⤵
  PID:7948
- C:\Windows\System\upKrxTP.exe
  C:\Windows\System\upKrxTP.exe
  2⤵
  PID:8124
- C:\Windows\System\FOIRGgc.exe
  C:\Windows\System\FOIRGgc.exe
  2⤵
  PID:320
- C:\Windows\System\XMAGGss.exe
  C:\Windows\System\XMAGGss.exe
  2⤵
  PID:7592
- C:\Windows\System\CarhdqP.exe
  C:\Windows\System\CarhdqP.exe
  2⤵
  PID:7668
- C:\Windows\System\NApALTD.exe
  C:\Windows\System\NApALTD.exe
  2⤵
  PID:2812
- C:\Windows\System\ZTcCLBr.exe
  C:\Windows\System\ZTcCLBr.exe
  2⤵
  PID:8012
- C:\Windows\System\oruBPPm.exe
  C:\Windows\System\oruBPPm.exe
  2⤵
  PID:7980
- C:\Windows\System\GXWsoPS.exe
  C:\Windows\System\GXWsoPS.exe
  2⤵
  PID:7768
- C:\Windows\System\ZEJPjVn.exe
  C:\Windows\System\ZEJPjVn.exe
  2⤵
  PID:7900
- C:\Windows\System\xnCOYoe.exe
  C:\Windows\System\xnCOYoe.exe
  2⤵
  PID:7764
- C:\Windows\System\mMPtbZz.exe
  C:\Windows\System\mMPtbZz.exe
  2⤵
  PID:5992
- C:\Windows\System\IsWiOYh.exe
  C:\Windows\System\IsWiOYh.exe
  2⤵
  PID:2628
- C:\Windows\System\umUwxSB.exe
  C:\Windows\System\umUwxSB.exe
  2⤵
  PID:7840
- C:\Windows\System\pzdjJUs.exe
  C:\Windows\System\pzdjJUs.exe
  2⤵
  PID:8108
- C:\Windows\System\cJCLkLE.exe
  C:\Windows\System\cJCLkLE.exe
  2⤵
  PID:1792
- C:\Windows\System\loRWLWi.exe
  C:\Windows\System\loRWLWi.exe
  2⤵
  PID:7880
- C:\Windows\System\tCiBqqF.exe
  C:\Windows\System\tCiBqqF.exe
  2⤵
  PID:7528
- C:\Windows\System\vfsOiiA.exe
  C:\Windows\System\vfsOiiA.exe
  2⤵
  PID:6880
- C:\Windows\System\ljfAmTM.exe
  C:\Windows\System\ljfAmTM.exe
  2⤵
  PID:7436
- C:\Windows\System\cbpRroW.exe
  C:\Windows\System\cbpRroW.exe
  2⤵
  PID:1988
- C:\Windows\System\tNPkzWz.exe
  C:\Windows\System\tNPkzWz.exe
  2⤵
  PID:4204
- C:\Windows\System\diWIJvr.exe
  C:\Windows\System\diWIJvr.exe
  2⤵
  PID:2264
- C:\Windows\System\dMucKeK.exe
  C:\Windows\System\dMucKeK.exe
  2⤵
  PID:8136
- C:\Windows\System\lMSFyBF.exe
  C:\Windows\System\lMSFyBF.exe
  2⤵
  PID:7732
- C:\Windows\System\vsAWyUd.exe
  C:\Windows\System\vsAWyUd.exe
  2⤵
  PID:2828
- C:\Windows\System\VGEzqPp.exe
  C:\Windows\System\VGEzqPp.exe
  2⤵
  PID:6876
- C:\Windows\System\XHpLqTX.exe
  C:\Windows\System\XHpLqTX.exe
  2⤵
  PID:7224
- C:\Windows\System\aYPMzJc.exe
  C:\Windows\System\aYPMzJc.exe
  2⤵
  PID:6916
- C:\Windows\System\YbPIJrB.exe
  C:\Windows\System\YbPIJrB.exe
  2⤵
  PID:7280
- C:\Windows\System\lsCzlOE.exe
  C:\Windows\System\lsCzlOE.exe
  2⤵
  PID:2352
- C:\Windows\System\YxLNxst.exe
  C:\Windows\System\YxLNxst.exe
  2⤵
  PID:7608
- C:\Windows\System\wNbSLTm.exe
  C:\Windows\System\wNbSLTm.exe
  2⤵
  PID:8024
- C:\Windows\System\XUmbRjL.exe
  C:\Windows\System\XUmbRjL.exe
  2⤵
  PID:2852
- C:\Windows\System\cCHOyQN.exe
  C:\Windows\System\cCHOyQN.exe
  2⤵
  PID:1208
- C:\Windows\System\zEbJKIH.exe
  C:\Windows\System\zEbJKIH.exe
  2⤵
  PID:8188
- C:\Windows\System\DxFpYWM.exe
  C:\Windows\System\DxFpYWM.exe
  2⤵
  PID:7808
- C:\Windows\System\PbqHkVb.exe
  C:\Windows\System\PbqHkVb.exe
  2⤵
  PID:8204
- C:\Windows\System\EdjRWfb.exe
  C:\Windows\System\EdjRWfb.exe
  2⤵
  PID:8224
- C:\Windows\System\ZuWhKRd.exe
  C:\Windows\System\ZuWhKRd.exe
  2⤵
  PID:8244
- C:\Windows\System\mlJgimI.exe
  C:\Windows\System\mlJgimI.exe
  2⤵
  PID:8268
- C:\Windows\System\ABHSvxr.exe
  C:\Windows\System\ABHSvxr.exe
  2⤵
  PID:8284
- C:\Windows\System\HjXuXPe.exe
  C:\Windows\System\HjXuXPe.exe
  2⤵
  PID:8300
- C:\Windows\System\AdFEDsW.exe
  C:\Windows\System\AdFEDsW.exe
  2⤵
  PID:8316
- C:\Windows\System\myLtmmy.exe
  C:\Windows\System\myLtmmy.exe
  2⤵
  PID:8356
- C:\Windows\System\IZUEYHK.exe
  C:\Windows\System\IZUEYHK.exe
  2⤵
  PID:8372
- C:\Windows\System\gYoQvuH.exe
  C:\Windows\System\gYoQvuH.exe
  2⤵
  PID:8396
- C:\Windows\System\MdOVTfl.exe
  C:\Windows\System\MdOVTfl.exe
  2⤵
  PID:8420
- C:\Windows\System\odZwWvH.exe
  C:\Windows\System\odZwWvH.exe
  2⤵
  PID:8436
- C:\Windows\System\aKgxhrU.exe
  C:\Windows\System\aKgxhrU.exe
  2⤵
  PID:8464
- C:\Windows\System\bfsbThs.exe
  C:\Windows\System\bfsbThs.exe
  2⤵
  PID:8480
- C:\Windows\System\BQSDKLT.exe
  C:\Windows\System\BQSDKLT.exe
  2⤵
  PID:8496
- C:\Windows\System\JerePvt.exe
  C:\Windows\System\JerePvt.exe
  2⤵
  PID:8516
- C:\Windows\System\hSSZSdL.exe
  C:\Windows\System\hSSZSdL.exe
  2⤵
  PID:8532
- C:\Windows\System\yjwQCLs.exe
  C:\Windows\System\yjwQCLs.exe
  2⤵
  PID:8548
- C:\Windows\System\BkdedOX.exe
  C:\Windows\System\BkdedOX.exe
  2⤵
  PID:8564
- C:\Windows\System\HggLOCQ.exe
  C:\Windows\System\HggLOCQ.exe
  2⤵
  PID:8580
- C:\Windows\System\bGJkzgu.exe
  C:\Windows\System\bGJkzgu.exe
  2⤵
  PID:8600
- C:\Windows\System\tBArElO.exe
  C:\Windows\System\tBArElO.exe
  2⤵
  PID:8620
- C:\Windows\System\usqovNB.exe
  C:\Windows\System\usqovNB.exe
  2⤵
  PID:8636
- C:\Windows\System\roNDAds.exe
  C:\Windows\System\roNDAds.exe
  2⤵
  PID:8652
- C:\Windows\System\TFsBhjt.exe
  C:\Windows\System\TFsBhjt.exe
  2⤵
  PID:8668
- C:\Windows\System\mNkQELl.exe
  C:\Windows\System\mNkQELl.exe
  2⤵
  PID:8684
- C:\Windows\System\nDpuatN.exe
  C:\Windows\System\nDpuatN.exe
  2⤵
  PID:8700
- C:\Windows\System\zOMqTjf.exe
  C:\Windows\System\zOMqTjf.exe
  2⤵
  PID:8772
- C:\Windows\System\GYLijTl.exe
  C:\Windows\System\GYLijTl.exe
  2⤵
  PID:8788
- C:\Windows\System\UxbzBFE.exe
  C:\Windows\System\UxbzBFE.exe
  2⤵
  PID:8804
- C:\Windows\System\svdprVW.exe
  C:\Windows\System\svdprVW.exe
  2⤵
  PID:8820
- C:\Windows\System\RhstBRi.exe
  C:\Windows\System\RhstBRi.exe
  2⤵
  PID:8836
- C:\Windows\System\kJkHvsa.exe
  C:\Windows\System\kJkHvsa.exe
  2⤵
  PID:8852
- C:\Windows\System\WMrugHB.exe
  C:\Windows\System\WMrugHB.exe
  2⤵
  PID:8872
- C:\Windows\System\xRECGnk.exe
  C:\Windows\System\xRECGnk.exe
  2⤵
  PID:8892
- C:\Windows\System\TFwwSDp.exe
  C:\Windows\System\TFwwSDp.exe
  2⤵
  PID:8908
- C:\Windows\System\JWOqMjx.exe
  C:\Windows\System\JWOqMjx.exe
  2⤵
  PID:8924
- C:\Windows\System\RVDlvSj.exe
  C:\Windows\System\RVDlvSj.exe
  2⤵
  PID:8944
- C:\Windows\System\bPdpSqp.exe
  C:\Windows\System\bPdpSqp.exe
  2⤵
  PID:8964
- C:\Windows\System\FGqZwRF.exe
  C:\Windows\System\FGqZwRF.exe
  2⤵
  PID:8984
- C:\Windows\System\ePRYGtE.exe
  C:\Windows\System\ePRYGtE.exe
  2⤵
  PID:9004
- C:\Windows\System\hYjQfuM.exe
  C:\Windows\System\hYjQfuM.exe
  2⤵
  PID:9024
- C:\Windows\System\JGyTsWb.exe
  C:\Windows\System\JGyTsWb.exe
  2⤵
  PID:9044
- C:\Windows\System\hGdMbtp.exe
  C:\Windows\System\hGdMbtp.exe
  2⤵
  PID:9060
- C:\Windows\System\bpZqtNY.exe
  C:\Windows\System\bpZqtNY.exe
  2⤵
  PID:9076
- C:\Windows\System\jbsIOeV.exe
  C:\Windows\System\jbsIOeV.exe
  2⤵
  PID:9092
- C:\Windows\System\jWQhJrE.exe
  C:\Windows\System\jWQhJrE.exe
  2⤵
  PID:9108
- C:\Windows\System\VsrRaPr.exe
  C:\Windows\System\VsrRaPr.exe
  2⤵
  PID:9124
- C:\Windows\System\OEgmmIE.exe
  C:\Windows\System\OEgmmIE.exe
  2⤵
  PID:9148
- C:\Windows\System\gOFCBgS.exe
  C:\Windows\System\gOFCBgS.exe
  2⤵
  PID:9164
- C:\Windows\System\LbppymV.exe
  C:\Windows\System\LbppymV.exe
  2⤵
  PID:9184
- C:\Windows\System\LRkXBHp.exe
  C:\Windows\System\LRkXBHp.exe
  2⤵
  PID:8252
- C:\Windows\System\CpQuEkT.exe
  C:\Windows\System\CpQuEkT.exe
  2⤵
  PID:8312
- C:\Windows\System\RwhBhQF.exe
  C:\Windows\System\RwhBhQF.exe
  2⤵
  PID:8260
- C:\Windows\System\YyNazTv.exe
  C:\Windows\System\YyNazTv.exe
  2⤵
  PID:8296
- C:\Windows\System\BFaEFXv.exe
  C:\Windows\System\BFaEFXv.exe
  2⤵
  PID:8392
- C:\Windows\System\BwNFCGx.exe
  C:\Windows\System\BwNFCGx.exe
  2⤵
  PID:8348
- C:\Windows\System\nAAdkFY.exe
  C:\Windows\System\nAAdkFY.exe
  2⤵
  PID:8408
- C:\Windows\System\kctBHsV.exe
  C:\Windows\System\kctBHsV.exe
  2⤵
  PID:8444
- C:\Windows\System\akUraaL.exe
  C:\Windows\System\akUraaL.exe
  2⤵
  PID:8472
- C:\Windows\System\QJjsQqh.exe
  C:\Windows\System\QJjsQqh.exe
  2⤵
  PID:8576
- C:\Windows\System\qCdVSGJ.exe
  C:\Windows\System\qCdVSGJ.exe
  2⤵
  PID:8556
- C:\Windows\System\clGSVYG.exe
  C:\Windows\System\clGSVYG.exe
  2⤵
  PID:8544
- C:\Windows\System\rSfIvXc.exe
  C:\Windows\System\rSfIvXc.exe
  2⤵
  PID:8660
- C:\Windows\System\ZjtsWVL.exe
  C:\Windows\System\ZjtsWVL.exe
  2⤵
  PID:8644
- C:\Windows\System\GkxHlkt.exe
  C:\Windows\System\GkxHlkt.exe
  2⤵
  PID:8696
- C:\Windows\System\KMGHqPL.exe
  C:\Windows\System\KMGHqPL.exe
  2⤵
  PID:8736
- C:\Windows\System\QYuWGkT.exe
  C:\Windows\System\QYuWGkT.exe
  2⤵
  PID:8760
- C:\Windows\System\jLNtnIY.exe
  C:\Windows\System\jLNtnIY.exe
  2⤵
  PID:8732
- C:\Windows\System\EXIUVko.exe
  C:\Windows\System\EXIUVko.exe
  2⤵
  PID:8812
- C:\Windows\System\sEcsSRm.exe
  C:\Windows\System\sEcsSRm.exe
  2⤵
  PID:8860
- C:\Windows\System\KQKBpYO.exe
  C:\Windows\System\KQKBpYO.exe
  2⤵
  PID:8904
- C:\Windows\System\HukuZAU.exe
  C:\Windows\System\HukuZAU.exe
  2⤵
  PID:8940
- C:\Windows\System\AsvSdwN.exe
  C:\Windows\System\AsvSdwN.exe
  2⤵
  PID:8976
- C:\Windows\System\ToCUhxR.exe
  C:\Windows\System\ToCUhxR.exe
  2⤵
  PID:9088
- C:\Windows\System\iDFCGTl.exe
  C:\Windows\System\iDFCGTl.exe
  2⤵
  PID:9160
- C:\Windows\System\xapUakT.exe
  C:\Windows\System\xapUakT.exe
  2⤵
  PID:8848
- C:\Windows\System\qIeKcml.exe
  C:\Windows\System\qIeKcml.exe
  2⤵
  PID:9204
- C:\Windows\System\zZrmnNr.exe
  C:\Windows\System\zZrmnNr.exe
  2⤵
  PID:9032
- C:\Windows\System\vBKasRr.exe
  C:\Windows\System\vBKasRr.exe
  2⤵
  PID:9072
- C:\Windows\System\tUujnHl.exe
  C:\Windows\System\tUujnHl.exe
  2⤵
  PID:9176
- C:\Windows\System\xpmAImU.exe
  C:\Windows\System\xpmAImU.exe
  2⤵
  PID:8232
- C:\Windows\System\KPmoWnh.exe
  C:\Windows\System\KPmoWnh.exe
  2⤵
  PID:8240
- C:\Windows\System\RvxPTGg.exe
  C:\Windows\System\RvxPTGg.exe
  2⤵
  PID:8216
- C:\Windows\System\KiKQFVr.exe
  C:\Windows\System\KiKQFVr.exe
  2⤵
  PID:8220
- C:\Windows\System\ndsMesI.exe
  C:\Windows\System\ndsMesI.exe
  2⤵
  PID:8292
- C:\Windows\System\VnSHoVQ.exe
  C:\Windows\System\VnSHoVQ.exe
  2⤵
  PID:8428
- C:\Windows\System\rFqEXEi.exe
  C:\Windows\System\rFqEXEi.exe
  2⤵
  PID:8412
- C:\Windows\System\jQoXUYU.exe
  C:\Windows\System\jQoXUYU.exe
  2⤵
  PID:8632
- C:\Windows\System\qVzGHnP.exe
  C:\Windows\System\qVzGHnP.exe
  2⤵
  PID:8612
- C:\Windows\System\bQbFzoL.exe
  C:\Windows\System\bQbFzoL.exe
  2⤵
  PID:8748
- C:\Windows\System\nwineyv.exe
  C:\Windows\System\nwineyv.exe
  2⤵
  PID:8492
- C:\Windows\System\MqARkkX.exe
  C:\Windows\System\MqARkkX.exe
  2⤵
  PID:8868
- C:\Windows\System\WCnMJQD.exe
  C:\Windows\System\WCnMJQD.exe
  2⤵
  PID:8708
- C:\Windows\System\SlosUYa.exe
  C:\Windows\System\SlosUYa.exe
  2⤵
  PID:8800
- C:\Windows\System\fhKTPuP.exe
  C:\Windows\System\fhKTPuP.exe
  2⤵
  PID:9052
- C:\Windows\System\sblfdoY.exe
  C:\Windows\System\sblfdoY.exe
  2⤵
  PID:8972
- C:\Windows\System\EgkOOHn.exe
  C:\Windows\System\EgkOOHn.exe
  2⤵
  PID:9156
- C:\Windows\System\qDbiSuJ.exe
  C:\Windows\System\qDbiSuJ.exe
  2⤵
  PID:9196
- C:\Windows\System\tZfFjLx.exe
  C:\Windows\System\tZfFjLx.exe
  2⤵
  PID:9100
- C:\Windows\System\SHxCQvs.exe
  C:\Windows\System\SHxCQvs.exe
  2⤵
  PID:8960
- C:\Windows\System\ITVnEqW.exe
  C:\Windows\System\ITVnEqW.exe
  2⤵
  PID:9172
- C:\Windows\System\TRhFAvz.exe
  C:\Windows\System\TRhFAvz.exe
  2⤵
  PID:8456
- C:\Windows\System\ptbZwQo.exe
  C:\Windows\System\ptbZwQo.exe
  2⤵
  PID:8340
- C:\Windows\System\WUvPowu.exe
  C:\Windows\System\WUvPowu.exe
  2⤵
  PID:8432
- C:\Windows\System\AkQVARc.exe
  C:\Windows\System\AkQVARc.exe
  2⤵
  PID:8608
- C:\Windows\System\GXHgdkw.exe
  C:\Windows\System\GXHgdkw.exe
  2⤵
  PID:8764
- C:\Windows\System\hzHeGON.exe
  C:\Windows\System\hzHeGON.exe
  2⤵
  PID:8724
- C:\Windows\System\nOyzEpz.exe
  C:\Windows\System\nOyzEpz.exe
  2⤵
  PID:8992
- C:\Windows\System\ChfsvFs.exe
  C:\Windows\System\ChfsvFs.exe
  2⤵
  PID:8816
- C:\Windows\System\WgfuvDc.exe
  C:\Windows\System\WgfuvDc.exe
  2⤵
  PID:8784
- C:\Windows\System\NWWoali.exe
  C:\Windows\System\NWWoali.exe
  2⤵
  PID:8364
- C:\Windows\System\gttHRBU.exe
  C:\Windows\System\gttHRBU.exe
  2⤵
  PID:9068
- C:\Windows\System\DyjYwaO.exe
  C:\Windows\System\DyjYwaO.exe
  2⤵
  PID:9144
- C:\Windows\System\IqIzUlL.exe
  C:\Windows\System\IqIzUlL.exe
  2⤵
  PID:8344
- C:\Windows\System\zJMxglh.exe
  C:\Windows\System\zJMxglh.exe
  2⤵
  PID:8476
- C:\Windows\System\EtvnFFu.exe
  C:\Windows\System\EtvnFFu.exe
  2⤵
  PID:9012
- C:\Windows\System\TOStPzB.exe
  C:\Windows\System\TOStPzB.exe
  2⤵
  PID:9228
- C:\Windows\System\NlOJdcz.exe
  C:\Windows\System\NlOJdcz.exe
  2⤵
  PID:9248
- C:\Windows\System\gLFOsIx.exe
  C:\Windows\System\gLFOsIx.exe
  2⤵
  PID:9272
- C:\Windows\System\xPXrCtH.exe
  C:\Windows\System\xPXrCtH.exe
  2⤵
  PID:9288
- C:\Windows\System\xrALehh.exe
  C:\Windows\System\xrALehh.exe
  2⤵
  PID:9304
- C:\Windows\System\qEzzSSE.exe
  C:\Windows\System\qEzzSSE.exe
  2⤵
  PID:9324
- C:\Windows\System\xebgBCl.exe
  C:\Windows\System\xebgBCl.exe
  2⤵
  PID:9344
- C:\Windows\System\fAaZjKL.exe
  C:\Windows\System\fAaZjKL.exe
  2⤵
  PID:9364
- C:\Windows\System\gUvbyjX.exe
  C:\Windows\System\gUvbyjX.exe
  2⤵
  PID:9388
- C:\Windows\System\nZtoANZ.exe
  C:\Windows\System\nZtoANZ.exe
  2⤵
  PID:9404
- C:\Windows\System\ERtecob.exe
  C:\Windows\System\ERtecob.exe
  2⤵
  PID:9424
- C:\Windows\System\GLyjnVn.exe
  C:\Windows\System\GLyjnVn.exe
  2⤵
  PID:9460
- C:\Windows\System\dKJdZWM.exe
  C:\Windows\System\dKJdZWM.exe
  2⤵
  PID:9492
- C:\Windows\System\mrYzXHv.exe
  C:\Windows\System\mrYzXHv.exe
  2⤵
  PID:9512
- C:\Windows\System\fOVoAcH.exe
  C:\Windows\System\fOVoAcH.exe
  2⤵
  PID:9528
- C:\Windows\System\bURRTMN.exe
  C:\Windows\System\bURRTMN.exe
  2⤵
  PID:9544
- C:\Windows\System\FgDhJkd.exe
  C:\Windows\System\FgDhJkd.exe
  2⤵
  PID:9560
- C:\Windows\System\XleMAnO.exe
  C:\Windows\System\XleMAnO.exe
  2⤵
  PID:9592
- C:\Windows\System\ucpGyVg.exe
  C:\Windows\System\ucpGyVg.exe
  2⤵
  PID:9608
- C:\Windows\System\jUEWQxZ.exe
  C:\Windows\System\jUEWQxZ.exe
  2⤵
  PID:9628
- C:\Windows\System\lwZXugc.exe
  C:\Windows\System\lwZXugc.exe
  2⤵
  PID:9648
- C:\Windows\System\KwTtdab.exe
  C:\Windows\System\KwTtdab.exe
  2⤵
  PID:9672
- C:\Windows\System\CAcsBgL.exe
  C:\Windows\System\CAcsBgL.exe
  2⤵
  PID:9688
- C:\Windows\System\pZibjyH.exe
  C:\Windows\System\pZibjyH.exe
  2⤵
  PID:9712
- C:\Windows\System\ZHQnOrM.exe
  C:\Windows\System\ZHQnOrM.exe
  2⤵
  PID:9744
- C:\Windows\System\PUOtrJf.exe
  C:\Windows\System\PUOtrJf.exe
  2⤵
  PID:9760
- C:\Windows\System\SuNQsTD.exe
  C:\Windows\System\SuNQsTD.exe
  2⤵
  PID:9776
- C:\Windows\System\YfwDdvW.exe
  C:\Windows\System\YfwDdvW.exe
  2⤵
  PID:9796
- C:\Windows\System\quAkZDE.exe
  C:\Windows\System\quAkZDE.exe
  2⤵
  PID:9816
- C:\Windows\System\EQzQIom.exe
  C:\Windows\System\EQzQIom.exe
  2⤵
  PID:9832
- C:\Windows\System\SNZfcsx.exe
  C:\Windows\System\SNZfcsx.exe
  2⤵
  PID:9848
- C:\Windows\System\GNmBOCc.exe
  C:\Windows\System\GNmBOCc.exe
  2⤵
  PID:9864
- C:\Windows\System\bfuDrXA.exe
  C:\Windows\System\bfuDrXA.exe
  2⤵
  PID:9900
- C:\Windows\System\Fptuxmy.exe
  C:\Windows\System\Fptuxmy.exe
  2⤵
  PID:9916
- C:\Windows\System\uYDnHzf.exe
  C:\Windows\System\uYDnHzf.exe
  2⤵
  PID:9936
- C:\Windows\System\YXsiQku.exe
  C:\Windows\System\YXsiQku.exe
  2⤵
  PID:9952
- C:\Windows\System\gfcptMm.exe
  C:\Windows\System\gfcptMm.exe
  2⤵
  PID:9980
- C:\Windows\System\MbVzdeb.exe
  C:\Windows\System\MbVzdeb.exe
  2⤵
  PID:10004
- C:\Windows\System\RqTAMmP.exe
  C:\Windows\System\RqTAMmP.exe
  2⤵
  PID:10020
- C:\Windows\System\gvTkADV.exe
  C:\Windows\System\gvTkADV.exe
  2⤵
  PID:10036
- C:\Windows\System\owfieTh.exe
  C:\Windows\System\owfieTh.exe
  2⤵
  PID:10052
- C:\Windows\System\dzVkoTV.exe
  C:\Windows\System\dzVkoTV.exe
  2⤵
  PID:10076
- C:\Windows\System\VWoAXSz.exe
  C:\Windows\System\VWoAXSz.exe
  2⤵
  PID:10092
- C:\Windows\System\XXBpYkg.exe
  C:\Windows\System\XXBpYkg.exe
  2⤵
  PID:10108
- C:\Windows\System\IQAGeIv.exe
  C:\Windows\System\IQAGeIv.exe
  2⤵
  PID:10128
- C:\Windows\System\ujbrAQh.exe
  C:\Windows\System\ujbrAQh.exe
  2⤵
  PID:10148
- C:\Windows\System\hJiFXBx.exe
  C:\Windows\System\hJiFXBx.exe
  2⤵
  PID:10164
- C:\Windows\System\hsKlgss.exe
  C:\Windows\System\hsKlgss.exe
  2⤵
  PID:10208
- C:\Windows\System\OXkSPWp.exe
  C:\Windows\System\OXkSPWp.exe
  2⤵
  PID:10224
- C:\Windows\System\UufJCSa.exe
  C:\Windows\System\UufJCSa.exe
  2⤵
  PID:9040
- C:\Windows\System\NZxQGXh.exe
  C:\Windows\System\NZxQGXh.exe
  2⤵
  PID:9200
- C:\Windows\System\NniEXmD.exe
  C:\Windows\System\NniEXmD.exe
  2⤵
  PID:8508
- C:\Windows\System\ogjXxZR.exe
  C:\Windows\System\ogjXxZR.exe
  2⤵
  PID:9280
- C:\Windows\System\KesozRY.exe
  C:\Windows\System\KesozRY.exe
  2⤵
  PID:8884
- C:\Windows\System\wELoykK.exe
  C:\Windows\System\wELoykK.exe
  2⤵
  PID:9220
- C:\Windows\System\YPRljRD.exe
  C:\Windows\System\YPRljRD.exe
  2⤵
  PID:9264
- C:\Windows\System\RsgqeQz.exe
  C:\Windows\System\RsgqeQz.exe
  2⤵
  PID:9084
- C:\Windows\System\bxqEGtx.exe
  C:\Windows\System\bxqEGtx.exe
  2⤵
  PID:9300
- C:\Windows\System\BhVWEfs.exe
  C:\Windows\System\BhVWEfs.exe
  2⤵
  PID:9412
- C:\Windows\System\tenKvVu.exe
  C:\Windows\System\tenKvVu.exe
  2⤵
  PID:9384
- C:\Windows\System\dBMuHhS.exe
  C:\Windows\System\dBMuHhS.exe
  2⤵
  PID:9420
- C:\Windows\System\JvARPHz.exe
  C:\Windows\System\JvARPHz.exe
  2⤵
  PID:9356
- C:\Windows\System\UdrUbyf.exe
  C:\Windows\System\UdrUbyf.exe
  2⤵
  PID:9436
- C:\Windows\System\LMUnKHa.exe
  C:\Windows\System\LMUnKHa.exe
  2⤵
  PID:9456
- C:\Windows\System\iykHiaO.exe
  C:\Windows\System\iykHiaO.exe
  2⤵
  PID:9480
- C:\Windows\System\ZHfUetV.exe
  C:\Windows\System\ZHfUetV.exe
  2⤵
  PID:9504
- C:\Windows\System\HOtOZxx.exe
  C:\Windows\System\HOtOZxx.exe
  2⤵
  PID:9644
- C:\Windows\System\OzdMric.exe
  C:\Windows\System\OzdMric.exe
  2⤵
  PID:9720
- C:\Windows\System\qVHqITC.exe
  C:\Windows\System\qVHqITC.exe
  2⤵
  PID:9732
- C:\Windows\System\BRFIHwJ.exe
  C:\Windows\System\BRFIHwJ.exe
  2⤵
  PID:9580
- C:\Windows\System\mfpFDfw.exe
  C:\Windows\System\mfpFDfw.exe
  2⤵
  PID:9664
- C:\Windows\System\IfZGpnS.exe
  C:\Windows\System\IfZGpnS.exe
  2⤵
  PID:9708
- C:\Windows\System\iShXVjs.exe
  C:\Windows\System\iShXVjs.exe
  2⤵
  PID:9768
- C:\Windows\System\AAiJqHd.exe
  C:\Windows\System\AAiJqHd.exe
  2⤵
  PID:9840
- C:\Windows\System\sRPinso.exe
  C:\Windows\System\sRPinso.exe
  2⤵
  PID:9884
- C:\Windows\System\DdvdMsg.exe
  C:\Windows\System\DdvdMsg.exe
  2⤵
  PID:9912
- C:\Windows\System\uzMLHBs.exe
  C:\Windows\System\uzMLHBs.exe
  2⤵
  PID:9932
- C:\Windows\System\OTeOSru.exe
  C:\Windows\System\OTeOSru.exe
  2⤵
  PID:9988
- C:\Windows\System\PbeHjcL.exe
  C:\Windows\System\PbeHjcL.exe
  2⤵
  PID:10016
- C:\Windows\System\gLkEXOr.exe
  C:\Windows\System\gLkEXOr.exe
  2⤵
  PID:10084
- C:\Windows\System\FXJfCUB.exe
  C:\Windows\System\FXJfCUB.exe
  2⤵
  PID:10124
- C:\Windows\System\XyCwSqY.exe
  C:\Windows\System\XyCwSqY.exe
  2⤵
  PID:9992
- C:\Windows\System\OMxGQVZ.exe
  C:\Windows\System\OMxGQVZ.exe
  2⤵
  PID:10140
- C:\Windows\System\WYpEQkR.exe
  C:\Windows\System\WYpEQkR.exe
  2⤵
  PID:10064
- C:\Windows\System\sDqNDIT.exe
  C:\Windows\System\sDqNDIT.exe
  2⤵
  PID:10188
- C:\Windows\System\cmpQOzt.exe
  C:\Windows\System\cmpQOzt.exe
  2⤵
  PID:8524
- C:\Windows\System\HQGOEKi.exe
  C:\Windows\System\HQGOEKi.exe
  2⤵
  PID:8324
- C:\Windows\System\PUNDXiT.exe
  C:\Windows\System\PUNDXiT.exe
  2⤵
  PID:8512
- C:\Windows\System\sGLfWfx.exe
  C:\Windows\System\sGLfWfx.exe
  2⤵
  PID:9400
- C:\Windows\System\xnfJXZd.exe
  C:\Windows\System\xnfJXZd.exe
  2⤵
  PID:9540
- C:\Windows\System\fUoQxQi.exe
  C:\Windows\System\fUoQxQi.exe
  2⤵
  PID:9616
- C:\Windows\System\PjKRCva.exe
  C:\Windows\System\PjKRCva.exe
  2⤵
  PID:9636
- C:\Windows\System\EXLFqQp.exe
  C:\Windows\System\EXLFqQp.exe
  2⤵
  PID:7952
- C:\Windows\System\FtBOlvm.exe
  C:\Windows\System\FtBOlvm.exe
  2⤵
  PID:9212
- C:\Windows\System\UePoQCj.exe
  C:\Windows\System\UePoQCj.exe
  2⤵
  PID:9352
- C:\Windows\System\gclKiFi.exe
  C:\Windows\System\gclKiFi.exe
  2⤵
  PID:9508
- C:\Windows\System\cZQokdP.exe
  C:\Windows\System\cZQokdP.exe
  2⤵
  PID:9700
- C:\Windows\System\ATnqOVm.exe
  C:\Windows\System\ATnqOVm.exe
  2⤵
  PID:9740
- C:\Windows\System\AwZctND.exe
  C:\Windows\System\AwZctND.exe
  2⤵
  PID:9824
- C:\Windows\System\IkpkaDL.exe
  C:\Windows\System\IkpkaDL.exe
  2⤵
  PID:9812
- C:\Windows\System\rVtnbGO.exe
  C:\Windows\System\rVtnbGO.exe
  2⤵
  PID:9972
- C:\Windows\System\sfQqNEC.exe
  C:\Windows\System\sfQqNEC.exe
  2⤵
  PID:10116
- C:\Windows\System\xLCdiMk.exe
  C:\Windows\System\xLCdiMk.exe
  2⤵
  PID:10048
- C:\Windows\System\hgVAxfR.exe
  C:\Windows\System\hgVAxfR.exe
  2⤵
  PID:10196
- C:\Windows\System\Wzkfmlt.exe
  C:\Windows\System\Wzkfmlt.exe
  2⤵
  PID:9928
- C:\Windows\System\LsuPksm.exe
  C:\Windows\System\LsuPksm.exe
  2⤵
  PID:9536
- C:\Windows\System\TYLnsyC.exe
  C:\Windows\System\TYLnsyC.exe
  2⤵
  PID:9320
- C:\Windows\System\KPOecaT.exe
  C:\Windows\System\KPOecaT.exe
  2⤵
  PID:9656
- C:\Windows\System\uumnfKX.exe
  C:\Windows\System\uumnfKX.exe
  2⤵
  PID:9808
- C:\Windows\System\iMTfMdn.exe
  C:\Windows\System\iMTfMdn.exe
  2⤵
  PID:9964
- C:\Windows\System\ukXFvIe.exe
  C:\Windows\System\ukXFvIe.exe
  2⤵
  PID:10060
- C:\Windows\System\RviJrCE.exe
  C:\Windows\System\RviJrCE.exe
  2⤵
  PID:10232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AGLjZFl.exe

Filesize
6.0MB

MD5
af6bdc10e753954570df5ec9ebf63811

SHA1
173332d29be4c940aea291de0491d1f2559cfd45

SHA256
39ea5019cc0a9afa2fcbeae9f856ad02aa28f7217bd7b3a94955d43300db32ff

SHA512
6ef2f34b4b2bd7bae8b419ecdda10e7c72178eb2231fa235f05c0b96ce61a284a9752ff11051db1781d4e69844d149811883805a07765db132de95d1cff244ca

Download Submit
C:\Windows\system\BQpuhyx.exe

Filesize
6.0MB

MD5
7aa38722ab79371c2fcf7e3002903591

SHA1
80321f939211786619d56240d5b239d880f9d27f

SHA256
7077e54409197f405990866bf59c79e787c27dd40c3ec9b4ecdd27af5cbf7123

SHA512
4d796332a758a4b236384eec557bc4795f242fdf7a16125c9f986d4b231a4f1b38263f76c0d48b5c349c14ff1651e14854a3a4852a892b27a3d1e53ffe524eed

Download Submit
C:\Windows\system\BaLWPEN.exe

Filesize
6.0MB

MD5
79d72ac0d61e229d20cb6eff69eb9b05

SHA1
d52d8d0d7c0658650c118529c3a33a74d74752ae

SHA256
dca4328091d6a45c6cc41922e469ad0bb8a22b9dd6988739d5305a2a96679643

SHA512
18d861cb49590343ce353dc7c9efa432709fd6100161d41e7a95f7fe7e362c91a106dcee38f22121175cc57c0ce39f9b02f68c240ffe94dd44e64173c11bd037

Download Submit
C:\Windows\system\DEbOcSD.exe

Filesize
6.0MB

MD5
f511151267a9393da1aca5e68b32ff0a

SHA1
f1a82f7f6ffaf0a7f62393e3888792f594c03c1d

SHA256
4d5530cfbc4b54893e75ac33e7cd10a03c852cb0bdab0deddb9dc065b060ad54

SHA512
05f49b0840d2d070b0b9219f8bd773e268df8fe357cc97a27ad6395fc1bdc193d99f4eacdc163ee5afb6649bb710369258df7194a718ec060272cd2a04251dbf

Download Submit
C:\Windows\system\DVLBjYH.exe

Filesize
6.0MB

MD5
d436af30139d8539cb8c3c03e7eeb55e

SHA1
acd7018d56cdd970fd135eca316d2920034513c8

SHA256
97aa53b4e2e5cdca9a86d265ef02173d11a33e38d04ad0ae1a87dcb97f2d3568

SHA512
66e7ac379604d5199815680b62b8108cdab0cdd9cded2f3613726221635028f16c812953d3b455747bacee15ed2b90c61661952605bf7757d333476b8ff39b2a

Download Submit
C:\Windows\system\EJCAPdH.exe

Filesize
6.0MB

MD5
c8c5d6baec361d63f16646f5d2ac4a83

SHA1
c1ea2b46bb7d9dbf3a1cf2464bec518b5be186de

SHA256
6931c4aaa46657c26851f5b4f2b2890d5b733d2e7fbebaa9e1a43328468681b8

SHA512
39d5d99328caec21d87e5894248a98cb5fa633727e91eb7015665e716be5f20c73ab0ed4492735545b37d7c08095554c4d6164482085bcb9ac01fe0ed56034ce

Download Submit
C:\Windows\system\GsClboZ.exe

Filesize
6.0MB

MD5
11e118d12fbc1f98ede7790af8f14160

SHA1
ae489327259bedfb1ef7a1d9f14a5054b1ba38b8

SHA256
f7a4e0d19550ddbcb55a4ea41b7f0ce886a3440eb46d209ea6e661f638847a8f

SHA512
833bf30cfc72b173daaf24731e0f5b2250e7b16fc569b42c3ae6886fafff078d4c0b05bc13f93c507f474bdc123d2c8560a813e73a8239cdac96543f96f23c2a

Download Submit
C:\Windows\system\HtQZNNR.exe

Filesize
6.0MB

MD5
6c6f50553dfe6aa3ed2686da514da358

SHA1
da7b1a7cd7bfb08e95d847dbee63bfc06f8283ed

SHA256
337c5847fea344960caf604da4a8d5242507baacf7ed5883c8d9798a7ea574d3

SHA512
0f5e4fbf4d803616f725af958abf9f198d50bfc1ff424b49fc8f8bc24d0556ed94083ded7f0133595fcb4d40570f7060f7590763673ba5bf0c3cb5bca8eff4fb

Download Submit
C:\Windows\system\OnCvJDZ.exe

Filesize
6.0MB

MD5
7799f1714b65565aad5f8fe957f664a6

SHA1
06e4bc5caa393e4bf8670e8616c419a5d4c52885

SHA256
fac4fc57bdb60be767393de555a5e1b2ca4c6fef3ecd98f1c6708574538e558a

SHA512
b96dac8a06f450e2a06d485717cd3df3ac9797a5ffeab22b8a0f2a6a1f14dbb343c3da9296363911c3eec072b618b7dcd192dd8793776ba40541bad3d254c2c7

Download Submit
C:\Windows\system\TNpYsLO.exe

Filesize
6.0MB

MD5
902f0f31e8ba5d340927f2ce251e6c97

SHA1
b1c0fbc02fd890e2669b964d50589bc17a9bb39d

SHA256
c9ae6c182c9a1a12ff02661d2b797edf349bc1526246a770f6624f35093acb1a

SHA512
b0c541bf2993c51ad0056ad8e326aafd54890afa09016572180724ee2757e65c220e1d2f0456cf156652e966d55a6e48e2646ab8955191f53276e89ddbc184ab

Download Submit
C:\Windows\system\WTlwJKD.exe

Filesize
6.0MB

MD5
e25ca3d59f4104e4838aa00426e5d75a

SHA1
4f0929a2fac534fd60fcc7db175935b2c93cdd5d

SHA256
224f7048b8fe06ee9068d62f5b163dd5caff166ce78549e1c0f352cf60dcf465

SHA512
188d772ec70fb6518fa2bb50e87edaeaf499efeb45a97b8d45c48d7653d87c425e39430bfe7e3d449d15d5214ed67d05d0a49c8a664d8608a66954143a242d5b

Download Submit
C:\Windows\system\WxSKqoJ.exe

Filesize
6.0MB

MD5
711b0017e4160971cc85df23936977b0

SHA1
09f857b358ba959060cf12123290bf5281410a14

SHA256
5df5d92a7c5c7c061b4868392c9d634a40708133ac01976c3b5f577ace194285

SHA512
38ffeaa005391ba3fb1b3e95715350547f372fdd9a4e5ea1f0105577bac2d9c0777e108d469a3b3860ff9e65abfc71bbcad1124ae439d5761ac5d93a0bc58a9f

Download Submit
C:\Windows\system\YmfHAgC.exe

Filesize
6.0MB

MD5
fc6502a2e5ea84c4b284d3daf08cd528

SHA1
e077f4a9fff850c7b3709abea963a6c670d87f48

SHA256
36119bfe0a2ca2533b23b78da449d6a52b27650167b922a1cbcee7d2ef737c4d

SHA512
5e4fb344e078a30b318f01d59201e9a1ee9c75cab7dbd3bf7db0951fa0e6c386492eb58e08015079362e53df45f9e0d6138a22de91b12c0ed54f15ea6ff59a45

Download Submit
C:\Windows\system\ZbZvZAO.exe

Filesize
6.0MB

MD5
10f0d83692f5015130b2d434687100c5

SHA1
33a26516156e049afbaaebdd326a4b5d843dd93f

SHA256
45cdb9f56b9d20fd3703941ba6557c2d57fb6ab8429a08d675a9520296e15634

SHA512
3f06c59fab569f5ab77fe11c21b733dbf79dc06fc7c2c890a3dee118efaa9f6ec0d59974397dd9184a83e43aba5c609af512654f93b7bc8843e469611ee20236

Download Submit
C:\Windows\system\fAYQPhp.exe

Filesize
6.0MB

MD5
6e32a76c3f4ec81cd4fa72c7d59bf8ad

SHA1
6adc5dcb85b63f45921951ff8ea8a3d3a50aec1a

SHA256
affbf761c4974261aca86a1794648ce68d1e5280c21b1c1ee7850ff3c30c8750

SHA512
531662cca36224319cafe9cfd24a14c1171fdb4434378e08b3f60135ef2f469bf348ecf4c503c04bd3c0f848e7c798f38687b8e90f1eeca650035c2edcb17795

Download Submit
C:\Windows\system\gcwBWld.exe

Filesize
6.0MB

MD5
5b45a99726eeeff57a034a8600703617

SHA1
d20f7f5a747d3732b5520c63d116168040ae0e0f

SHA256
89665115957bf20034bc7f2c872e5ff96661f0e410086936359e2df04c49df36

SHA512
088b9ec06028b321b9fe02b5839c3e8d8c13a63467fbb0168df2a42ace59aa87d40368e7aedb54630934916a5d854ad895776b8fdf9c51fd5884021dcba0fa76

Download Submit
C:\Windows\system\hHZDFyo.exe

Filesize
6.0MB

MD5
3ec99d3e651fa6902334d2e39fd4810b

SHA1
2f58af1dabc5b8c7460ab245127d04da1ffee2ed

SHA256
0016d34e80a586a3a716a8e006dbca92a416fda1b1973ebc7c5ed1fb228a7e0c

SHA512
f598cc9d322c4216f69e266aa070c91282430f2b11d541f8f864845992542948a4c08f29cfb2879882d3916060a13a7baa4dbdc3ace37afd4d5054d99c168782

Download Submit
C:\Windows\system\hUjfwju.exe

Filesize
6.0MB

MD5
e796a30d92a429b2c2092b9312549424

SHA1
08ef0451461fb9e42ea1427afa767ee4b44b9c16

SHA256
89c654ed1f27025950d3fbd7cfec035f2cb175a9b3c030b25767e872d30cc2cb

SHA512
8c600cccd137997430f633d3a1654c609c6c277781c0b32503a21b3b5a8c6595f8d39db8f6ebd400956622de5aea235c0f4d5c058e7f33ea69f44791c6b948a7

Download Submit
C:\Windows\system\jzCOrqr.exe

Filesize
6.0MB

MD5
ddc26466bc259b67f064142fdac9cfe9

SHA1
d56c3a43a0e49e78740344e2ab52e30bef8df2c2

SHA256
eede61cd50fd53a195698643f11dfea060e2cd0bdce1670e5aba6e0f725867d5

SHA512
fb93ec746a3dd658bbf5384db137f4fe1bd6b2434a061558b928ef9cb562e14fbfab9b37665f2afbbd509036d93b74851b5b64f382c864e303f33e032c7fddf5

Download Submit
C:\Windows\system\kbZxbXt.exe

Filesize
6.0MB

MD5
3ff9e7b6f083866591a1e7b4b621eeff

SHA1
f63639174b95ecba46f4b891a0c1206b5f0f229e

SHA256
dfc1eb84c08e98e201f8a37d81255e5d8e3b0cb9ea812aa1988fd8cba9f286da

SHA512
25e7c1b3c75dd5eefa009d9eaa03b2b03dc8b6474bed29827bb1f42617bd64ff59c04c897edd9623db42fb54b8c42970c1fd6c431ce40226f53307328acc0aed

Download Submit
C:\Windows\system\lZfAoMW.exe

Filesize
6.0MB

MD5
b9aec7b4522ca88f3d1816bba401e3de

SHA1
966ea1b2f0fe0a2a9937171826a028fc2a373a4d

SHA256
c55a3c180f5b6c61d196c085d1d19f89fada89af12a42bf4272548ef4673435e

SHA512
526a6d46c43cb3fb25997ef7375f3a30ea30bd1137460ac2a755f6e9941084f32524c4e8a873e96a625e5931971bafd660e75ea5f52c0d22e1646a36c61cf7bb

Download Submit
C:\Windows\system\mRtuSbw.exe

Filesize
6.0MB

MD5
50da52da3227303220a170efff3fe83f

SHA1
39101ccaf28e9086cd88ccf34525dd92a15d4e10

SHA256
3366edaaac275ed8caf02c983e9e0b68429b7fbb2e7ee9ebdcdd3326f5bc472a

SHA512
3dd4235f8765cfcf5d0c791bbafa50506ffaa36b481bf016e024b23481c77ca1334ddcfa1bace845ee113b55e1ffde5a377ffd70a3662e8b9a940f6d04ff37f0

Download Submit
C:\Windows\system\mlaDRPC.exe

Filesize
6.0MB

MD5
fc7a711f45a9ed513791c7266a6a6fa1

SHA1
c2f5f1afae00e929d440069b85de88d5d9020476

SHA256
251b3316209be4cf579d86d4518a7cbb92fed23f771c9768406f78804388d64e

SHA512
b83f74616693ec2b89725acddcac96d1fc449c16dc0cdf9f7bc952fc278c59cc3e0b211dacc07050bbf23b9505979dc06ed40b17f5aa6c8cd9268e719331c8df

Download Submit
C:\Windows\system\oQWPIbN.exe

Filesize
6.0MB

MD5
b3f136cc6c59d70d18c4af07543bb738

SHA1
eab67ecfa5214841585ac63f1d416262772514eb

SHA256
6dc9f17e2d10dd503eb934428560dce0ebf848ef66c85b4a0851fff455956760

SHA512
e7cae40a6c5fa876cd8805fd2a8e18f1c0fbea1debca206ab7f5beeb5e78cc287e2c387dba53550afdcbb5589de4eda22ee9c16d36e26c41ce23a4efa562e626

Download Submit
C:\Windows\system\tKQKThl.exe

Filesize
6.0MB

MD5
12a8824226a2cb22ec6041d6d268b29d

SHA1
7e4cfc41322a485541ed41cde8070bc5ae3117f7

SHA256
c4e2ce7304d8b8f3f0047a3fb7b3edf71dd4a327904d4a4a8e17aec520d11899

SHA512
3317183d185d33e41688465ba7f83fa06a82a59ab6600a34d42c535d51fb20c4104592dee042504db5fcd8458c8819e9c8f7fa46e47de3ed99d971873f1d8e1e

Download Submit
C:\Windows\system\vWIkDkE.exe

Filesize
6.0MB

MD5
1a75d3b56aa0a1a3013348fa5c51986e

SHA1
58c15474f553789224becb246e9b16b8a96c8072

SHA256
6e493756dbc0e54f67a80da178c22a9c58752fed4be679f878a066432bbffd12

SHA512
b2bad3a951a52c4b4f1f9b85ffc6acaab8a18487f2180177f603004fe79053cc1f32071a5cbe538f28a63634f72e65e702faa36966305d642653c56c2c5d0dc5

Download Submit
C:\Windows\system\wKtmhvy.exe

Filesize
6.0MB

MD5
a8d8ff73287db32373673c25195dba0c

SHA1
2c4d65a5e5f85569a54a917f0efb734f5ac3ef86

SHA256
ade37d4ad7225257fb4fa52249b01a3abbc0e2f72ffb5a9602e3fb1c06c02d7a

SHA512
1c9b3b47475363f9e2bf555367dc92ac36f9e47b814e8fb621f809d24bfd22130e2db4d7e128bb9faed6a83990719842227fc1979264e91c5bdb433d900f3f3a

Download Submit
C:\Windows\system\xkSWkQQ.exe

Filesize
6.0MB

MD5
eb97e54f94dcf101f691341fd557cf01

SHA1
8aa23e3d21fe85f5d6be92453e22af112d766b04

SHA256
f1e5631dea6c8e4e10518dcd45d6ca5892a61e039bdbddf35760e3a7469b1e46

SHA512
54299b77cefa9e18432b633784df29fa5f6d987d4e3a2873a8143147822a128b930caf31cbb3063ff5610a025c13f294185f01469c5e09367de851ad12972587

Download Submit
C:\Windows\system\zADEYUt.exe

Filesize
6.0MB

MD5
a2cfa924b25a48a1f07104e29ad21323

SHA1
bc731e9176882528e069571e98e430f6ae280a87

SHA256
a5c4cf5dd58df38a85650f9a103d9b2fc80bf3a93d2ab6c6f458183eb60e1e7b

SHA512
760398c78b4e1c0d7041629adb77e98335251a2ac2d439548ce74f40ab206f2d5f5de107b91a3ce16593deb9871ba4ff6c13df3af7adc915368852adb8618436

Download Submit
C:\Windows\system\zvsqVdH.exe

Filesize
6.0MB

MD5
d315f664e04de6762fcf3013d4e8783e

SHA1
4fe66e708538fbbcc8239ddf22a74b9ba712503a

SHA256
863301870da53b0b2b63ece077c7e271bf819959af53b9e2bbf4ae0c37a6a1d9

SHA512
2a1c0b1a4dae995bf8ef52ea8e2e0ac7759402f64405644c760d58467fab67773d678bbdc05f58ad9dc8842ac8422ef96ac34a28c807431c9885b8a9ed83a6e4

Download Submit
\Windows\system\VVmMtJm.exe

Filesize
6.0MB

MD5
b63b48106085f5085be15bfd96f620d7

SHA1
0b64bb12fc94ccf47fdee11630ffd7670b4dd62c

SHA256
554c0926428ddc4c77bfd6ec2a80bd94a6d25be669ca85d7466aa8cf29dbd05a

SHA512
7be4fc237ecd1a88ac2b0cd4838f3dd74e474d2aec613bff93f7329f520399f5a2c194e380de23984479ef5766d35c45eb662eee9a08e538c82c0698792d5f36

Download Submit
\Windows\system\yxhaNNK.exe

Filesize
6.0MB

MD5
ed7c96139b06476fda189209cc4acb63

SHA1
5ef8923305e80c0d1879f24c3de53d02525760a2

SHA256
81d10989a88b16a667c5f0d903dc13ab724463d35efdf758acf1009cda9b19a3

SHA512
85016e75c116c0a52e527cba0eef18c2e09768e705dd3f2e5f973a99d9af245cef867840891a9c5bf58263810d3eae88f92eb98daddb7091af9d38e9a76bf2be

Download Submit
memory/1972-2773-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-3081-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1972-1873-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1972-3075-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1972-1874-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1972-0-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-3127-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-2425-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-3118-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-3063-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1972-2083-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-3041-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1972-2037-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1972-1880-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1972-3043-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1972-1878-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1972-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1972-1876-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1972-2869-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1972-3026-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1877-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3464-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1872-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3477-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3476-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2556-1879-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2194-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3460-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3478-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2784-2082-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3456-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-2036-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-1875-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2948-3475-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download