cobaltstrike | 16fac77ba63cf5b30660268a8d6924ce16a42a2b5071302366091084742d9db6

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b85cd71bea8abc98456d4ec31dafadf6
SHA1

1ac9f16919d6190fe780e3d5ba654a0c318bfcd7
SHA256

16fac77ba63cf5b30660268a8d6924ce16a42a2b5071302366091084742d9db6
SHA512

f4946bec1dcd8f6cf48bbbf127b92436e1cf0dcfc0397253f2b0e9ec5979279be35414863853084d8393ce3db0744a1bbf0c9378905b6cb1dba6d48623d7f6dc
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUX:T+q56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016875-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b47-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-24.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000164b1-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017049-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-91.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-67.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-76.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-41.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-139.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-131.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2064-0-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012280-3.dat	xmrig
behavioral1/memory/2064-6-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016875-11.dat	xmrig
behavioral1/memory/2632-16-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0008000000016b47-9.dat	xmrig
behavioral1/memory/3028-15-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2600-21-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c66-24.dat	xmrig
behavioral1/memory/2064-37-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/652-36-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2884-34-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x00090000000164b1-32.dat	xmrig
behavioral1/memory/2064-38-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2844-52-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/3028-60-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2688-82-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x0007000000017049-78.dat	xmrig
behavioral1/memory/2544-83-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2072-93-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2884-92-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0005000000018686-91.dat	xmrig
behavioral1/memory/2860-90-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-89.dat	xmrig
behavioral1/memory/2064-88-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2600-86-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2844-95-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2988-71-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017497-67.dat	xmrig
behavioral1/memory/2924-61-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x000600000001755b-76.dat	xmrig
behavioral1/memory/2064-96-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2936-57-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf5-49.dat	xmrig
behavioral1/files/0x0007000000016cd7-47.dat	xmrig
behavioral1/memory/2936-97-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c88-41.dat	xmrig
behavioral1/files/0x00050000000186e7-99.dat	xmrig
behavioral1/memory/2988-98-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2064-100-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f1-107.dat	xmrig
behavioral1/files/0x00050000000186f4-111.dat	xmrig
behavioral1/memory/2944-106-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018704-118.dat	xmrig
behavioral1/files/0x0005000000018739-121.dat	xmrig
behavioral1/files/0x0005000000018744-127.dat	xmrig
behavioral1/files/0x0006000000018b4e-139.dat	xmrig
behavioral1/files/0x0006000000018c16-143.dat	xmrig
behavioral1/files/0x0005000000019297-168.dat	xmrig
behavioral1/files/0x000500000001933f-172.dat	xmrig
behavioral1/memory/2072-238-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a6-180.dat	xmrig
behavioral1/files/0x0005000000019360-176.dat	xmrig
behavioral1/files/0x0005000000019284-164.dat	xmrig
behavioral1/files/0x0005000000019278-160.dat	xmrig
behavioral1/memory/2860-157-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019269-155.dat	xmrig
behavioral1/files/0x0005000000019250-151.dat	xmrig
behavioral1/files/0x0005000000019246-147.dat	xmrig
behavioral1/files/0x00050000000187a8-135.dat	xmrig
behavioral1/files/0x000500000001878e-131.dat	xmrig
behavioral1/memory/3028-3069-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2632-3072-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2600-3145-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3028	ZMLYWrW.exe
2632	pexZoNS.exe
2600	NyTgfXB.exe
2884	tdGcUJx.exe
652	idISHeG.exe
2924	FFGgStj.exe
2844	lMlQxxv.exe
2936	zLUQPFy.exe
2988	iXvXihJ.exe
2688	RvWzdRE.exe
2544	esEMbaO.exe
2860	wHCtrht.exe
2072	pmETVaQ.exe
2944	aoBHQug.exe
1220	PpEuAwM.exe
2024	oGhznnd.exe
2148	kFUIPam.exe
1948	IeSnoij.exe
1724	fkSNFuL.exe
1560	VjHFaAh.exe
1452	HJKCFrS.exe
2560	Nxhlzza.exe
2872	LYZHGYP.exe
2272	QlGAGPM.exe
2288	IgPreMe.exe
2636	tQGlAgA.exe
2328	skToGjI.exe
1868	RjgRbpN.exe
1012	nCIsoBG.exe
1280	SyrHWsn.exe
2088	fpPZmEs.exe
2208	alyVzYY.exe
896	SDsZhXm.exe
1364	WiijigO.exe
632	UxqvNrq.exe
1680	ucmyWDg.exe
2296	MFLkSyy.exe
2032	ZfNTneF.exe
2036	FtAbbBm.exe
1288	WMTZuvQ.exe
112	vCZIMKk.exe
1396	WmktsUJ.exe
964	YWVSGol.exe
2464	aNDhbHr.exe
1628	yyWwUJS.exe
2508	GIhwnmk.exe
2488	ASyTbwv.exe
380	UzSXQwv.exe
1924	RTUSEEo.exe
2132	XjTQzNi.exe
2556	XQgrqUF.exe
1112	SRBlLqS.exe
1252	wNeIlit.exe
600	VkhmHXS.exe
1508	XuRCvCh.exe
776	eJoyzBF.exe
320	PjLZlws.exe
2364	uPEJelO.exe
1572	RjvcqwO.exe
2400	tPHlfId.exe
2388	rusyhJz.exe
2360	FlQglmd.exe
1776	wPdgYoo.exe
2780	InkIeMh.exe

Loads dropped DLL 64 IoCs

pid	Process
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-0-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x000c000000012280-3.dat	upx
behavioral1/memory/2064-6-0x0000000002360000-0x00000000026B4000-memory.dmp	upx
behavioral1/files/0x0008000000016875-11.dat	upx
behavioral1/memory/2632-16-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0008000000016b47-9.dat	upx
behavioral1/memory/3028-15-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2600-21-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x0008000000016c66-24.dat	upx
behavioral1/memory/2064-37-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/652-36-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2884-34-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x00090000000164b1-32.dat	upx
behavioral1/memory/2844-52-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/3028-60-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2688-82-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x0007000000017049-78.dat	upx
behavioral1/memory/2544-83-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2072-93-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2884-92-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0005000000018686-91.dat	upx
behavioral1/memory/2860-90-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x000600000001749c-89.dat	upx
behavioral1/memory/2600-86-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2844-95-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2988-71-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x0006000000017497-67.dat	upx
behavioral1/memory/2924-61-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x000600000001755b-76.dat	upx
behavioral1/memory/2936-57-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0007000000016cf5-49.dat	upx
behavioral1/files/0x0007000000016cd7-47.dat	upx
behavioral1/memory/2936-97-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0007000000016c88-41.dat	upx
behavioral1/files/0x00050000000186e7-99.dat	upx
behavioral1/memory/2988-98-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x00050000000186f1-107.dat	upx
behavioral1/files/0x00050000000186f4-111.dat	upx
behavioral1/memory/2944-106-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x0005000000018704-118.dat	upx
behavioral1/files/0x0005000000018739-121.dat	upx
behavioral1/files/0x0005000000018744-127.dat	upx
behavioral1/files/0x0006000000018b4e-139.dat	upx
behavioral1/files/0x0006000000018c16-143.dat	upx
behavioral1/files/0x0005000000019297-168.dat	upx
behavioral1/files/0x000500000001933f-172.dat	upx
behavioral1/memory/2072-238-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x00050000000193a6-180.dat	upx
behavioral1/files/0x0005000000019360-176.dat	upx
behavioral1/files/0x0005000000019284-164.dat	upx
behavioral1/files/0x0005000000019278-160.dat	upx
behavioral1/memory/2860-157-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0005000000019269-155.dat	upx
behavioral1/files/0x0005000000019250-151.dat	upx
behavioral1/files/0x0005000000019246-147.dat	upx
behavioral1/files/0x00050000000187a8-135.dat	upx
behavioral1/files/0x000500000001878e-131.dat	upx
behavioral1/memory/3028-3069-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2632-3072-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2600-3145-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2884-3174-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/652-3183-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2988-3220-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2544-3222-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zwDqNGL.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGAynCK.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJTUeMj.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WmktsUJ.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrGFhSf.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\chcuWxn.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUQgcFC.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwwncNd.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJkrJPg.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thaqgJQ.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpEuAwM.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyeBdWg.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssGXAHR.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFOKMMc.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYEtFVq.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohtxjag.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtRdoop.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trzLcFT.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XroSctL.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwnBGsI.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZiLwiox.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiKbgjT.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFlazGD.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ckKBkrc.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOidOaj.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJjaHvI.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aruFWhu.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oESUQPi.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfBNIMa.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkwrLJz.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENHCqie.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhPLCsg.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgZuTJL.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqvQtri.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RoEXANw.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IFYsgwR.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIIZGQP.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVQnTjm.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTMfRcC.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNeUOrE.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZiViDMW.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuyPVrJ.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICwMwKj.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CydFFLD.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmmLtaZ.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahFHnxE.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJPDcMs.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzdhVEN.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGMdWMT.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djugwVK.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYFKHWT.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\entWjlx.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjvcqwO.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TRrvKeZ.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWlskoj.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgXusaO.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QZhvNsU.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ykCUlBt.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZIJvPs.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xseBmWw.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vrVYvtt.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BapZEgi.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dyOqMxI.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\waBYwQw.exe	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2632	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 2632	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 2632	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2064 wrote to memory of 3028	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 3028	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 3028	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2064 wrote to memory of 2600	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2600	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2600	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2064 wrote to memory of 2884	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2884	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 2884	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2064 wrote to memory of 652	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 652	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 652	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2064 wrote to memory of 2924	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2924	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2924	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2064 wrote to memory of 2844	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2844	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2844	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2064 wrote to memory of 2936	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2936	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2936	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2064 wrote to memory of 2544	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2544	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2544	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2064 wrote to memory of 2988	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2988	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2988	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2064 wrote to memory of 2860	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2860	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2860	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2064 wrote to memory of 2688	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2688	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2688	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2064 wrote to memory of 2072	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2072	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2072	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2064 wrote to memory of 2944	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 2944	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 2944	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2064 wrote to memory of 1220	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 1220	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 1220	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2064 wrote to memory of 2024	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 2024	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 2024	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2064 wrote to memory of 2148	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 2148	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 2148	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2064 wrote to memory of 1948	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 1948	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 1948	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2064 wrote to memory of 1724	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 1724	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 1724	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2064 wrote to memory of 1560	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 1560	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 1560	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2064 wrote to memory of 1452	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2064 wrote to memory of 1452	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2064 wrote to memory of 1452	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2064 wrote to memory of 2560	2064	2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_b85cd71bea8abc98456d4ec31dafadf6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\System\pexZoNS.exe
  C:\Windows\System\pexZoNS.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\ZMLYWrW.exe
  C:\Windows\System\ZMLYWrW.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\NyTgfXB.exe
  C:\Windows\System\NyTgfXB.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\tdGcUJx.exe
  C:\Windows\System\tdGcUJx.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\idISHeG.exe
  C:\Windows\System\idISHeG.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\FFGgStj.exe
  C:\Windows\System\FFGgStj.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\lMlQxxv.exe
  C:\Windows\System\lMlQxxv.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\zLUQPFy.exe
  C:\Windows\System\zLUQPFy.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\esEMbaO.exe
  C:\Windows\System\esEMbaO.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\iXvXihJ.exe
  C:\Windows\System\iXvXihJ.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\wHCtrht.exe
  C:\Windows\System\wHCtrht.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\RvWzdRE.exe
  C:\Windows\System\RvWzdRE.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\pmETVaQ.exe
  C:\Windows\System\pmETVaQ.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\aoBHQug.exe
  C:\Windows\System\aoBHQug.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\PpEuAwM.exe
  C:\Windows\System\PpEuAwM.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\oGhznnd.exe
  C:\Windows\System\oGhznnd.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\kFUIPam.exe
  C:\Windows\System\kFUIPam.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\IeSnoij.exe
  C:\Windows\System\IeSnoij.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\fkSNFuL.exe
  C:\Windows\System\fkSNFuL.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\VjHFaAh.exe
  C:\Windows\System\VjHFaAh.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\HJKCFrS.exe
  C:\Windows\System\HJKCFrS.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\Nxhlzza.exe
  C:\Windows\System\Nxhlzza.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\LYZHGYP.exe
  C:\Windows\System\LYZHGYP.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\QlGAGPM.exe
  C:\Windows\System\QlGAGPM.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\IgPreMe.exe
  C:\Windows\System\IgPreMe.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\tQGlAgA.exe
  C:\Windows\System\tQGlAgA.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\skToGjI.exe
  C:\Windows\System\skToGjI.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\RjgRbpN.exe
  C:\Windows\System\RjgRbpN.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\nCIsoBG.exe
  C:\Windows\System\nCIsoBG.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\SyrHWsn.exe
  C:\Windows\System\SyrHWsn.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\fpPZmEs.exe
  C:\Windows\System\fpPZmEs.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\alyVzYY.exe
  C:\Windows\System\alyVzYY.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\SDsZhXm.exe
  C:\Windows\System\SDsZhXm.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\WiijigO.exe
  C:\Windows\System\WiijigO.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\UxqvNrq.exe
  C:\Windows\System\UxqvNrq.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\ucmyWDg.exe
  C:\Windows\System\ucmyWDg.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\MFLkSyy.exe
  C:\Windows\System\MFLkSyy.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\ZfNTneF.exe
  C:\Windows\System\ZfNTneF.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\FtAbbBm.exe
  C:\Windows\System\FtAbbBm.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\WMTZuvQ.exe
  C:\Windows\System\WMTZuvQ.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\vCZIMKk.exe
  C:\Windows\System\vCZIMKk.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\WmktsUJ.exe
  C:\Windows\System\WmktsUJ.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\YWVSGol.exe
  C:\Windows\System\YWVSGol.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\aNDhbHr.exe
  C:\Windows\System\aNDhbHr.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\yyWwUJS.exe
  C:\Windows\System\yyWwUJS.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\GIhwnmk.exe
  C:\Windows\System\GIhwnmk.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\ASyTbwv.exe
  C:\Windows\System\ASyTbwv.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\UzSXQwv.exe
  C:\Windows\System\UzSXQwv.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\RTUSEEo.exe
  C:\Windows\System\RTUSEEo.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\XjTQzNi.exe
  C:\Windows\System\XjTQzNi.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\XQgrqUF.exe
  C:\Windows\System\XQgrqUF.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\SRBlLqS.exe
  C:\Windows\System\SRBlLqS.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\wNeIlit.exe
  C:\Windows\System\wNeIlit.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\VkhmHXS.exe
  C:\Windows\System\VkhmHXS.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\XuRCvCh.exe
  C:\Windows\System\XuRCvCh.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\eJoyzBF.exe
  C:\Windows\System\eJoyzBF.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\PjLZlws.exe
  C:\Windows\System\PjLZlws.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\uPEJelO.exe
  C:\Windows\System\uPEJelO.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\RjvcqwO.exe
  C:\Windows\System\RjvcqwO.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\tPHlfId.exe
  C:\Windows\System\tPHlfId.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\rusyhJz.exe
  C:\Windows\System\rusyhJz.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\FlQglmd.exe
  C:\Windows\System\FlQglmd.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\wPdgYoo.exe
  C:\Windows\System\wPdgYoo.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\InkIeMh.exe
  C:\Windows\System\InkIeMh.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\nUyNalH.exe
  C:\Windows\System\nUyNalH.exe
  2⤵
  PID:2904
- C:\Windows\System\dbufkyZ.exe
  C:\Windows\System\dbufkyZ.exe
  2⤵
  PID:2768
- C:\Windows\System\actKorT.exe
  C:\Windows\System\actKorT.exe
  2⤵
  PID:2960
- C:\Windows\System\TGpofmv.exe
  C:\Windows\System\TGpofmv.exe
  2⤵
  PID:2812
- C:\Windows\System\YTtGVoO.exe
  C:\Windows\System\YTtGVoO.exe
  2⤵
  PID:2340
- C:\Windows\System\Kozyeup.exe
  C:\Windows\System\Kozyeup.exe
  2⤵
  PID:2764
- C:\Windows\System\spoVSFB.exe
  C:\Windows\System\spoVSFB.exe
  2⤵
  PID:2744
- C:\Windows\System\lKSsoSg.exe
  C:\Windows\System\lKSsoSg.exe
  2⤵
  PID:1660
- C:\Windows\System\NktZZnw.exe
  C:\Windows\System\NktZZnw.exe
  2⤵
  PID:2452
- C:\Windows\System\yenMbky.exe
  C:\Windows\System\yenMbky.exe
  2⤵
  PID:2620
- C:\Windows\System\lbZPeBY.exe
  C:\Windows\System\lbZPeBY.exe
  2⤵
  PID:2896
- C:\Windows\System\yhNzTIW.exe
  C:\Windows\System\yhNzTIW.exe
  2⤵
  PID:2732
- C:\Windows\System\OGxtQDM.exe
  C:\Windows\System\OGxtQDM.exe
  2⤵
  PID:2808
- C:\Windows\System\nwMejLe.exe
  C:\Windows\System\nwMejLe.exe
  2⤵
  PID:2320
- C:\Windows\System\oApHKCZ.exe
  C:\Windows\System\oApHKCZ.exe
  2⤵
  PID:2336
- C:\Windows\System\bRZwbie.exe
  C:\Windows\System\bRZwbie.exe
  2⤵
  PID:2496
- C:\Windows\System\bjIltbw.exe
  C:\Windows\System\bjIltbw.exe
  2⤵
  PID:2748
- C:\Windows\System\rJHMJCK.exe
  C:\Windows\System\rJHMJCK.exe
  2⤵
  PID:1784
- C:\Windows\System\PBRHOBU.exe
  C:\Windows\System\PBRHOBU.exe
  2⤵
  PID:1792
- C:\Windows\System\aPogane.exe
  C:\Windows\System\aPogane.exe
  2⤵
  PID:2136
- C:\Windows\System\ozYfQhZ.exe
  C:\Windows\System\ozYfQhZ.exe
  2⤵
  PID:2864
- C:\Windows\System\zfBNIMa.exe
  C:\Windows\System\zfBNIMa.exe
  2⤵
  PID:2304
- C:\Windows\System\YrwHwBg.exe
  C:\Windows\System\YrwHwBg.exe
  2⤵
  PID:2832
- C:\Windows\System\mYqmJAC.exe
  C:\Windows\System\mYqmJAC.exe
  2⤵
  PID:2248
- C:\Windows\System\Btkqtae.exe
  C:\Windows\System\Btkqtae.exe
  2⤵
  PID:584
- C:\Windows\System\BapZEgi.exe
  C:\Windows\System\BapZEgi.exe
  2⤵
  PID:448
- C:\Windows\System\xWhFdaZ.exe
  C:\Windows\System\xWhFdaZ.exe
  2⤵
  PID:1808
- C:\Windows\System\hWeXKmq.exe
  C:\Windows\System\hWeXKmq.exe
  2⤵
  PID:1104
- C:\Windows\System\EPjIeDb.exe
  C:\Windows\System\EPjIeDb.exe
  2⤵
  PID:2484
- C:\Windows\System\cfDkqin.exe
  C:\Windows\System\cfDkqin.exe
  2⤵
  PID:1860
- C:\Windows\System\ZIfzYjG.exe
  C:\Windows\System\ZIfzYjG.exe
  2⤵
  PID:1200
- C:\Windows\System\sUDTVvZ.exe
  C:\Windows\System\sUDTVvZ.exe
  2⤵
  PID:1700
- C:\Windows\System\snvlpGd.exe
  C:\Windows\System\snvlpGd.exe
  2⤵
  PID:572
- C:\Windows\System\rMPEvsf.exe
  C:\Windows\System\rMPEvsf.exe
  2⤵
  PID:2948
- C:\Windows\System\TmGrUzD.exe
  C:\Windows\System\TmGrUzD.exe
  2⤵
  PID:1484
- C:\Windows\System\wUyHuLT.exe
  C:\Windows\System\wUyHuLT.exe
  2⤵
  PID:2516
- C:\Windows\System\GtsXANr.exe
  C:\Windows\System\GtsXANr.exe
  2⤵
  PID:2552
- C:\Windows\System\nvDCZeF.exe
  C:\Windows\System\nvDCZeF.exe
  2⤵
  PID:1624
- C:\Windows\System\PsuvTiM.exe
  C:\Windows\System\PsuvTiM.exe
  2⤵
  PID:2612
- C:\Windows\System\CqbSVLV.exe
  C:\Windows\System\CqbSVLV.exe
  2⤵
  PID:2384
- C:\Windows\System\EOVrFkN.exe
  C:\Windows\System\EOVrFkN.exe
  2⤵
  PID:2144
- C:\Windows\System\lTEKFlj.exe
  C:\Windows\System\lTEKFlj.exe
  2⤵
  PID:1732
- C:\Windows\System\swUkyqR.exe
  C:\Windows\System\swUkyqR.exe
  2⤵
  PID:2928
- C:\Windows\System\hDUHcEd.exe
  C:\Windows\System\hDUHcEd.exe
  2⤵
  PID:2968
- C:\Windows\System\wGYDpWO.exe
  C:\Windows\System\wGYDpWO.exe
  2⤵
  PID:2816
- C:\Windows\System\NBbKWAp.exe
  C:\Windows\System\NBbKWAp.exe
  2⤵
  PID:2888
- C:\Windows\System\Wjshvym.exe
  C:\Windows\System\Wjshvym.exe
  2⤵
  PID:2828
- C:\Windows\System\vMqPtuu.exe
  C:\Windows\System\vMqPtuu.exe
  2⤵
  PID:3020
- C:\Windows\System\IblTvMw.exe
  C:\Windows\System\IblTvMw.exe
  2⤵
  PID:2800
- C:\Windows\System\kZXzOts.exe
  C:\Windows\System\kZXzOts.exe
  2⤵
  PID:2920
- C:\Windows\System\fMtjGTM.exe
  C:\Windows\System\fMtjGTM.exe
  2⤵
  PID:1648
- C:\Windows\System\cjfeade.exe
  C:\Windows\System\cjfeade.exe
  2⤵
  PID:2984
- C:\Windows\System\hVEwVmW.exe
  C:\Windows\System\hVEwVmW.exe
  2⤵
  PID:2352
- C:\Windows\System\MYnjRnM.exe
  C:\Windows\System\MYnjRnM.exe
  2⤵
  PID:2720
- C:\Windows\System\SJHNhBe.exe
  C:\Windows\System\SJHNhBe.exe
  2⤵
  PID:2536
- C:\Windows\System\xwuqkXn.exe
  C:\Windows\System\xwuqkXn.exe
  2⤵
  PID:340
- C:\Windows\System\SBznLYp.exe
  C:\Windows\System\SBznLYp.exe
  2⤵
  PID:2836
- C:\Windows\System\OmbZnDN.exe
  C:\Windows\System\OmbZnDN.exe
  2⤵
  PID:1096
- C:\Windows\System\SiFseFs.exe
  C:\Windows\System\SiFseFs.exe
  2⤵
  PID:1600
- C:\Windows\System\bKxSdie.exe
  C:\Windows\System\bKxSdie.exe
  2⤵
  PID:2592
- C:\Windows\System\JOoMZYc.exe
  C:\Windows\System\JOoMZYc.exe
  2⤵
  PID:2704
- C:\Windows\System\LeMQVZW.exe
  C:\Windows\System\LeMQVZW.exe
  2⤵
  PID:1436
- C:\Windows\System\PELzcGx.exe
  C:\Windows\System\PELzcGx.exe
  2⤵
  PID:2900
- C:\Windows\System\BIChJSv.exe
  C:\Windows\System\BIChJSv.exe
  2⤵
  PID:2196
- C:\Windows\System\hhNijzw.exe
  C:\Windows\System\hhNijzw.exe
  2⤵
  PID:1956
- C:\Windows\System\EgeqLet.exe
  C:\Windows\System\EgeqLet.exe
  2⤵
  PID:2728
- C:\Windows\System\jgkhmzX.exe
  C:\Windows\System\jgkhmzX.exe
  2⤵
  PID:2268
- C:\Windows\System\RdOeJld.exe
  C:\Windows\System\RdOeJld.exe
  2⤵
  PID:1048
- C:\Windows\System\WImVsWs.exe
  C:\Windows\System\WImVsWs.exe
  2⤵
  PID:1688
- C:\Windows\System\EyGvexy.exe
  C:\Windows\System\EyGvexy.exe
  2⤵
  PID:1240
- C:\Windows\System\sklEyDf.exe
  C:\Windows\System\sklEyDf.exe
  2⤵
  PID:2956
- C:\Windows\System\DYAvVPg.exe
  C:\Windows\System\DYAvVPg.exe
  2⤵
  PID:2856
- C:\Windows\System\scoDmLd.exe
  C:\Windows\System\scoDmLd.exe
  2⤵
  PID:2392
- C:\Windows\System\MpbNqbI.exe
  C:\Windows\System\MpbNqbI.exe
  2⤵
  PID:2752
- C:\Windows\System\RvIsTqt.exe
  C:\Windows\System\RvIsTqt.exe
  2⤵
  PID:2756
- C:\Windows\System\QzVTEGE.exe
  C:\Windows\System\QzVTEGE.exe
  2⤵
  PID:1164
- C:\Windows\System\KFpKcxf.exe
  C:\Windows\System\KFpKcxf.exe
  2⤵
  PID:1028
- C:\Windows\System\shGnVGb.exe
  C:\Windows\System\shGnVGb.exe
  2⤵
  PID:1068
- C:\Windows\System\yPMdwcS.exe
  C:\Windows\System\yPMdwcS.exe
  2⤵
  PID:1116
- C:\Windows\System\OAuNRKO.exe
  C:\Windows\System\OAuNRKO.exe
  2⤵
  PID:700
- C:\Windows\System\kxzIeaj.exe
  C:\Windows\System\kxzIeaj.exe
  2⤵
  PID:1604
- C:\Windows\System\aLlVqLb.exe
  C:\Windows\System\aLlVqLb.exe
  2⤵
  PID:1764
- C:\Windows\System\FEktIwW.exe
  C:\Windows\System\FEktIwW.exe
  2⤵
  PID:2520
- C:\Windows\System\ArfCOtU.exe
  C:\Windows\System\ArfCOtU.exe
  2⤵
  PID:1752
- C:\Windows\System\BwqjgLf.exe
  C:\Windows\System\BwqjgLf.exe
  2⤵
  PID:1524
- C:\Windows\System\jSYPPIW.exe
  C:\Windows\System\jSYPPIW.exe
  2⤵
  PID:2184
- C:\Windows\System\GvywdNp.exe
  C:\Windows\System\GvywdNp.exe
  2⤵
  PID:1756
- C:\Windows\System\zDGjJur.exe
  C:\Windows\System\zDGjJur.exe
  2⤵
  PID:1072
- C:\Windows\System\GXPnaEj.exe
  C:\Windows\System\GXPnaEj.exe
  2⤵
  PID:3048
- C:\Windows\System\QSFYmBC.exe
  C:\Windows\System\QSFYmBC.exe
  2⤵
  PID:1540
- C:\Windows\System\eDcpRps.exe
  C:\Windows\System\eDcpRps.exe
  2⤵
  PID:1920
- C:\Windows\System\uqLakGj.exe
  C:\Windows\System\uqLakGj.exe
  2⤵
  PID:1512
- C:\Windows\System\TmZfkPi.exe
  C:\Windows\System\TmZfkPi.exe
  2⤵
  PID:496
- C:\Windows\System\EgNXdPI.exe
  C:\Windows\System\EgNXdPI.exe
  2⤵
  PID:3080
- C:\Windows\System\NvlLeBR.exe
  C:\Windows\System\NvlLeBR.exe
  2⤵
  PID:3096
- C:\Windows\System\ZWAMsTc.exe
  C:\Windows\System\ZWAMsTc.exe
  2⤵
  PID:3128
- C:\Windows\System\HzbXUUj.exe
  C:\Windows\System\HzbXUUj.exe
  2⤵
  PID:3148
- C:\Windows\System\XEJZdYX.exe
  C:\Windows\System\XEJZdYX.exe
  2⤵
  PID:3164
- C:\Windows\System\xybrtoG.exe
  C:\Windows\System\xybrtoG.exe
  2⤵
  PID:3180
- C:\Windows\System\HwIaGCb.exe
  C:\Windows\System\HwIaGCb.exe
  2⤵
  PID:3212
- C:\Windows\System\svFfoCL.exe
  C:\Windows\System\svFfoCL.exe
  2⤵
  PID:3244
- C:\Windows\System\OQXrWYl.exe
  C:\Windows\System\OQXrWYl.exe
  2⤵
  PID:3260
- C:\Windows\System\huSQTyi.exe
  C:\Windows\System\huSQTyi.exe
  2⤵
  PID:3276
- C:\Windows\System\YcPvlxB.exe
  C:\Windows\System\YcPvlxB.exe
  2⤵
  PID:3292
- C:\Windows\System\ZrmhCpD.exe
  C:\Windows\System\ZrmhCpD.exe
  2⤵
  PID:3444
- C:\Windows\System\nLMKYKG.exe
  C:\Windows\System\nLMKYKG.exe
  2⤵
  PID:3460
- C:\Windows\System\TMMxHyo.exe
  C:\Windows\System\TMMxHyo.exe
  2⤵
  PID:3476
- C:\Windows\System\KyrbZvn.exe
  C:\Windows\System\KyrbZvn.exe
  2⤵
  PID:3492
- C:\Windows\System\ykrawUj.exe
  C:\Windows\System\ykrawUj.exe
  2⤵
  PID:3508
- C:\Windows\System\VVQRkVL.exe
  C:\Windows\System\VVQRkVL.exe
  2⤵
  PID:3548
- C:\Windows\System\hkcUyPw.exe
  C:\Windows\System\hkcUyPw.exe
  2⤵
  PID:3600
- C:\Windows\System\pMPMEgb.exe
  C:\Windows\System\pMPMEgb.exe
  2⤵
  PID:3640
- C:\Windows\System\xrJzWjJ.exe
  C:\Windows\System\xrJzWjJ.exe
  2⤵
  PID:3724
- C:\Windows\System\QTyFGrA.exe
  C:\Windows\System\QTyFGrA.exe
  2⤵
  PID:3740
- C:\Windows\System\TOeDXTR.exe
  C:\Windows\System\TOeDXTR.exe
  2⤵
  PID:3764
- C:\Windows\System\OBborqG.exe
  C:\Windows\System\OBborqG.exe
  2⤵
  PID:3784
- C:\Windows\System\pruIKWB.exe
  C:\Windows\System\pruIKWB.exe
  2⤵
  PID:3800
- C:\Windows\System\oFGRGHK.exe
  C:\Windows\System\oFGRGHK.exe
  2⤵
  PID:3832
- C:\Windows\System\rhUBhST.exe
  C:\Windows\System\rhUBhST.exe
  2⤵
  PID:3848
- C:\Windows\System\AmMxKyz.exe
  C:\Windows\System\AmMxKyz.exe
  2⤵
  PID:3864
- C:\Windows\System\ajJnsmR.exe
  C:\Windows\System\ajJnsmR.exe
  2⤵
  PID:3884
- C:\Windows\System\UgLYBHW.exe
  C:\Windows\System\UgLYBHW.exe
  2⤵
  PID:3900
- C:\Windows\System\KsEYiKk.exe
  C:\Windows\System\KsEYiKk.exe
  2⤵
  PID:3920
- C:\Windows\System\iCtwbev.exe
  C:\Windows\System\iCtwbev.exe
  2⤵
  PID:3936
- C:\Windows\System\DxBBeLi.exe
  C:\Windows\System\DxBBeLi.exe
  2⤵
  PID:3952
- C:\Windows\System\ZVthvDy.exe
  C:\Windows\System\ZVthvDy.exe
  2⤵
  PID:3976
- C:\Windows\System\fGSDzke.exe
  C:\Windows\System\fGSDzke.exe
  2⤵
  PID:3992
- C:\Windows\System\ufXrIcL.exe
  C:\Windows\System\ufXrIcL.exe
  2⤵
  PID:4008
- C:\Windows\System\OQTxoVQ.exe
  C:\Windows\System\OQTxoVQ.exe
  2⤵
  PID:4024
- C:\Windows\System\VMZMjSM.exe
  C:\Windows\System\VMZMjSM.exe
  2⤵
  PID:4052
- C:\Windows\System\rbjixoE.exe
  C:\Windows\System\rbjixoE.exe
  2⤵
  PID:4072
- C:\Windows\System\FXhCKDn.exe
  C:\Windows\System\FXhCKDn.exe
  2⤵
  PID:1992
- C:\Windows\System\ngoQktE.exe
  C:\Windows\System\ngoQktE.exe
  2⤵
  PID:3116
- C:\Windows\System\wePosns.exe
  C:\Windows\System\wePosns.exe
  2⤵
  PID:3088
- C:\Windows\System\VnhUpwJ.exe
  C:\Windows\System\VnhUpwJ.exe
  2⤵
  PID:3092
- C:\Windows\System\PdKiAxb.exe
  C:\Windows\System\PdKiAxb.exe
  2⤵
  PID:3192
- C:\Windows\System\IpUoipK.exe
  C:\Windows\System\IpUoipK.exe
  2⤵
  PID:3200
- C:\Windows\System\RmsRtSR.exe
  C:\Windows\System\RmsRtSR.exe
  2⤵
  PID:3256
- C:\Windows\System\gEXhkwh.exe
  C:\Windows\System\gEXhkwh.exe
  2⤵
  PID:3232
- C:\Windows\System\ourWoOi.exe
  C:\Windows\System\ourWoOi.exe
  2⤵
  PID:3272
- C:\Windows\System\dSJjZgg.exe
  C:\Windows\System\dSJjZgg.exe
  2⤵
  PID:3312
- C:\Windows\System\rWGtmgx.exe
  C:\Windows\System\rWGtmgx.exe
  2⤵
  PID:3328
- C:\Windows\System\mPRBJHq.exe
  C:\Windows\System\mPRBJHq.exe
  2⤵
  PID:3344
- C:\Windows\System\TVKpcXg.exe
  C:\Windows\System\TVKpcXg.exe
  2⤵
  PID:3368
- C:\Windows\System\tzcwKgW.exe
  C:\Windows\System\tzcwKgW.exe
  2⤵
  PID:3384
- C:\Windows\System\rYjJpQL.exe
  C:\Windows\System\rYjJpQL.exe
  2⤵
  PID:3396
- C:\Windows\System\DCHfsIu.exe
  C:\Windows\System\DCHfsIu.exe
  2⤵
  PID:3472
- C:\Windows\System\DgoshJK.exe
  C:\Windows\System\DgoshJK.exe
  2⤵
  PID:3520
- C:\Windows\System\JrYnBKr.exe
  C:\Windows\System\JrYnBKr.exe
  2⤵
  PID:3536
- C:\Windows\System\kGJylDK.exe
  C:\Windows\System\kGJylDK.exe
  2⤵
  PID:3612
- C:\Windows\System\CbeHRPi.exe
  C:\Windows\System\CbeHRPi.exe
  2⤵
  PID:3632
- C:\Windows\System\rMLwmhO.exe
  C:\Windows\System\rMLwmhO.exe
  2⤵
  PID:3568
- C:\Windows\System\VtFiHob.exe
  C:\Windows\System\VtFiHob.exe
  2⤵
  PID:3596
- C:\Windows\System\iMUPwbo.exe
  C:\Windows\System\iMUPwbo.exe
  2⤵
  PID:3664
- C:\Windows\System\hyeZeNJ.exe
  C:\Windows\System\hyeZeNJ.exe
  2⤵
  PID:3688
- C:\Windows\System\vuWLZUV.exe
  C:\Windows\System\vuWLZUV.exe
  2⤵
  PID:3712
- C:\Windows\System\mofOkKX.exe
  C:\Windows\System\mofOkKX.exe
  2⤵
  PID:3736
- C:\Windows\System\NzqHnHt.exe
  C:\Windows\System\NzqHnHt.exe
  2⤵
  PID:3760
- C:\Windows\System\GTlEyag.exe
  C:\Windows\System\GTlEyag.exe
  2⤵
  PID:3820
- C:\Windows\System\hPOpJIF.exe
  C:\Windows\System\hPOpJIF.exe
  2⤵
  PID:3812
- C:\Windows\System\IkpHqxK.exe
  C:\Windows\System\IkpHqxK.exe
  2⤵
  PID:644
- C:\Windows\System\asvZoAB.exe
  C:\Windows\System\asvZoAB.exe
  2⤵
  PID:3928
- C:\Windows\System\PkwrLJz.exe
  C:\Windows\System\PkwrLJz.exe
  2⤵
  PID:3964
- C:\Windows\System\rhxqFTb.exe
  C:\Windows\System\rhxqFTb.exe
  2⤵
  PID:3876
- C:\Windows\System\AYetYLQ.exe
  C:\Windows\System\AYetYLQ.exe
  2⤵
  PID:4088
- C:\Windows\System\SCKCSOp.exe
  C:\Windows\System\SCKCSOp.exe
  2⤵
  PID:3984
- C:\Windows\System\datAOEo.exe
  C:\Windows\System\datAOEo.exe
  2⤵
  PID:3124
- C:\Windows\System\CrcYinO.exe
  C:\Windows\System\CrcYinO.exe
  2⤵
  PID:3240
- C:\Windows\System\kYGExNo.exe
  C:\Windows\System\kYGExNo.exe
  2⤵
  PID:3352
- C:\Windows\System\IdZyQkY.exe
  C:\Windows\System\IdZyQkY.exe
  2⤵
  PID:2964
- C:\Windows\System\abftJuY.exe
  C:\Windows\System\abftJuY.exe
  2⤵
  PID:3872
- C:\Windows\System\MdxYVRF.exe
  C:\Windows\System\MdxYVRF.exe
  2⤵
  PID:3432
- C:\Windows\System\SkdlcDD.exe
  C:\Windows\System\SkdlcDD.exe
  2⤵
  PID:3376
- C:\Windows\System\GDnOwQh.exe
  C:\Windows\System\GDnOwQh.exe
  2⤵
  PID:3196
- C:\Windows\System\JnKUgqP.exe
  C:\Windows\System\JnKUgqP.exe
  2⤵
  PID:3304
- C:\Windows\System\WqvAXLy.exe
  C:\Windows\System\WqvAXLy.exe
  2⤵
  PID:3488
- C:\Windows\System\TsrfPwe.exe
  C:\Windows\System\TsrfPwe.exe
  2⤵
  PID:3412
- C:\Windows\System\zrKLjUz.exe
  C:\Windows\System\zrKLjUz.exe
  2⤵
  PID:3440
- C:\Windows\System\fUjOFnV.exe
  C:\Windows\System\fUjOFnV.exe
  2⤵
  PID:3608
- C:\Windows\System\VUhLIaC.exe
  C:\Windows\System\VUhLIaC.exe
  2⤵
  PID:3624
- C:\Windows\System\woIkLLS.exe
  C:\Windows\System\woIkLLS.exe
  2⤵
  PID:3828
- C:\Windows\System\lncVtYE.exe
  C:\Windows\System\lncVtYE.exe
  2⤵
  PID:3588
- C:\Windows\System\FePyNmU.exe
  C:\Windows\System\FePyNmU.exe
  2⤵
  PID:3700
- C:\Windows\System\xWyfypN.exe
  C:\Windows\System\xWyfypN.exe
  2⤵
  PID:3756
- C:\Windows\System\XyeEMwO.exe
  C:\Windows\System\XyeEMwO.exe
  2⤵
  PID:3808
- C:\Windows\System\GIyHUTx.exe
  C:\Windows\System\GIyHUTx.exe
  2⤵
  PID:3892
- C:\Windows\System\NhCUDAS.exe
  C:\Windows\System\NhCUDAS.exe
  2⤵
  PID:4032
- C:\Windows\System\CyrLoKY.exe
  C:\Windows\System\CyrLoKY.exe
  2⤵
  PID:3916
- C:\Windows\System\bmFelzS.exe
  C:\Windows\System\bmFelzS.exe
  2⤵
  PID:4080
- C:\Windows\System\ZDcxRwD.exe
  C:\Windows\System\ZDcxRwD.exe
  2⤵
  PID:3880
- C:\Windows\System\NEXJNQz.exe
  C:\Windows\System\NEXJNQz.exe
  2⤵
  PID:3252
- C:\Windows\System\adgcdve.exe
  C:\Windows\System\adgcdve.exe
  2⤵
  PID:4020
- C:\Windows\System\rfedLsR.exe
  C:\Windows\System\rfedLsR.exe
  2⤵
  PID:4064
- C:\Windows\System\SXZGtrN.exe
  C:\Windows\System\SXZGtrN.exe
  2⤵
  PID:3112
- C:\Windows\System\axyUdCE.exe
  C:\Windows\System\axyUdCE.exe
  2⤵
  PID:3176
- C:\Windows\System\FXnPujF.exe
  C:\Windows\System\FXnPujF.exe
  2⤵
  PID:3224
- C:\Windows\System\HDpOFgC.exe
  C:\Windows\System\HDpOFgC.exe
  2⤵
  PID:3340
- C:\Windows\System\ICjHWEu.exe
  C:\Windows\System\ICjHWEu.exe
  2⤵
  PID:3420
- C:\Windows\System\sLCewTL.exe
  C:\Windows\System\sLCewTL.exe
  2⤵
  PID:3580
- C:\Windows\System\aMgJvrb.exe
  C:\Windows\System\aMgJvrb.exe
  2⤵
  PID:3708
- C:\Windows\System\GzjtJGM.exe
  C:\Windows\System\GzjtJGM.exe
  2⤵
  PID:3792
- C:\Windows\System\qdARxbg.exe
  C:\Windows\System\qdARxbg.exe
  2⤵
  PID:3544
- C:\Windows\System\yNKWjqe.exe
  C:\Windows\System\yNKWjqe.exe
  2⤵
  PID:3656
- C:\Windows\System\AuUWUBl.exe
  C:\Windows\System\AuUWUBl.exe
  2⤵
  PID:3732
- C:\Windows\System\fGuoInD.exe
  C:\Windows\System\fGuoInD.exe
  2⤵
  PID:4000
- C:\Windows\System\XAwcaZL.exe
  C:\Windows\System\XAwcaZL.exe
  2⤵
  PID:3648
- C:\Windows\System\DXwiFOP.exe
  C:\Windows\System\DXwiFOP.exe
  2⤵
  PID:4040
- C:\Windows\System\EEjNAUg.exe
  C:\Windows\System\EEjNAUg.exe
  2⤵
  PID:3208
- C:\Windows\System\HifClpl.exe
  C:\Windows\System\HifClpl.exe
  2⤵
  PID:3392
- C:\Windows\System\MThVtSM.exe
  C:\Windows\System\MThVtSM.exe
  2⤵
  PID:3144
- C:\Windows\System\jnGcdpx.exe
  C:\Windows\System\jnGcdpx.exe
  2⤵
  PID:3408
- C:\Windows\System\bajtnAk.exe
  C:\Windows\System\bajtnAk.exe
  2⤵
  PID:3456
- C:\Windows\System\PhKCYid.exe
  C:\Windows\System\PhKCYid.exe
  2⤵
  PID:3816
- C:\Windows\System\RmomjIy.exe
  C:\Windows\System\RmomjIy.exe
  2⤵
  PID:3360
- C:\Windows\System\qgELMMH.exe
  C:\Windows\System\qgELMMH.exe
  2⤵
  PID:3320
- C:\Windows\System\OwbIktf.exe
  C:\Windows\System\OwbIktf.exe
  2⤵
  PID:1076
- C:\Windows\System\hcIeLaQ.exe
  C:\Windows\System\hcIeLaQ.exe
  2⤵
  PID:3188
- C:\Windows\System\MlISMqN.exe
  C:\Windows\System\MlISMqN.exe
  2⤵
  PID:3564
- C:\Windows\System\YkslkdM.exe
  C:\Windows\System\YkslkdM.exe
  2⤵
  PID:3380
- C:\Windows\System\yLXpexm.exe
  C:\Windows\System\yLXpexm.exe
  2⤵
  PID:4092
- C:\Windows\System\kJWVtDz.exe
  C:\Windows\System\kJWVtDz.exe
  2⤵
  PID:3660
- C:\Windows\System\saIqgBe.exe
  C:\Windows\System\saIqgBe.exe
  2⤵
  PID:4112
- C:\Windows\System\oowbmND.exe
  C:\Windows\System\oowbmND.exe
  2⤵
  PID:4128
- C:\Windows\System\JqrOydZ.exe
  C:\Windows\System\JqrOydZ.exe
  2⤵
  PID:4212
- C:\Windows\System\GFuUfod.exe
  C:\Windows\System\GFuUfod.exe
  2⤵
  PID:4228
- C:\Windows\System\RqFpMCB.exe
  C:\Windows\System\RqFpMCB.exe
  2⤵
  PID:4248
- C:\Windows\System\DetauDe.exe
  C:\Windows\System\DetauDe.exe
  2⤵
  PID:4264
- C:\Windows\System\gPTwqbP.exe
  C:\Windows\System\gPTwqbP.exe
  2⤵
  PID:4280
- C:\Windows\System\ckcMeFL.exe
  C:\Windows\System\ckcMeFL.exe
  2⤵
  PID:4300
- C:\Windows\System\fwGyRJF.exe
  C:\Windows\System\fwGyRJF.exe
  2⤵
  PID:4316
- C:\Windows\System\eaNJkVC.exe
  C:\Windows\System\eaNJkVC.exe
  2⤵
  PID:4332
- C:\Windows\System\fGwVQti.exe
  C:\Windows\System\fGwVQti.exe
  2⤵
  PID:4348
- C:\Windows\System\kiMMwHu.exe
  C:\Windows\System\kiMMwHu.exe
  2⤵
  PID:4364
- C:\Windows\System\EyeBdWg.exe
  C:\Windows\System\EyeBdWg.exe
  2⤵
  PID:4388
- C:\Windows\System\bxaSdGr.exe
  C:\Windows\System\bxaSdGr.exe
  2⤵
  PID:4404
- C:\Windows\System\oJADEtc.exe
  C:\Windows\System\oJADEtc.exe
  2⤵
  PID:4444
- C:\Windows\System\aIogBbF.exe
  C:\Windows\System\aIogBbF.exe
  2⤵
  PID:4464
- C:\Windows\System\NlQgIKm.exe
  C:\Windows\System\NlQgIKm.exe
  2⤵
  PID:4480
- C:\Windows\System\aRineUq.exe
  C:\Windows\System\aRineUq.exe
  2⤵
  PID:4496
- C:\Windows\System\yDQbYWX.exe
  C:\Windows\System\yDQbYWX.exe
  2⤵
  PID:4512
- C:\Windows\System\iWriYIr.exe
  C:\Windows\System\iWriYIr.exe
  2⤵
  PID:4528
- C:\Windows\System\SNWRKPv.exe
  C:\Windows\System\SNWRKPv.exe
  2⤵
  PID:4548
- C:\Windows\System\RXABgwn.exe
  C:\Windows\System\RXABgwn.exe
  2⤵
  PID:4592
- C:\Windows\System\qUVNLIu.exe
  C:\Windows\System\qUVNLIu.exe
  2⤵
  PID:4608
- C:\Windows\System\izDzCVx.exe
  C:\Windows\System\izDzCVx.exe
  2⤵
  PID:4628
- C:\Windows\System\UqYywhS.exe
  C:\Windows\System\UqYywhS.exe
  2⤵
  PID:4644
- C:\Windows\System\svQevQF.exe
  C:\Windows\System\svQevQF.exe
  2⤵
  PID:4660
- C:\Windows\System\GNdaCNl.exe
  C:\Windows\System\GNdaCNl.exe
  2⤵
  PID:4680
- C:\Windows\System\upUXswe.exe
  C:\Windows\System\upUXswe.exe
  2⤵
  PID:4696
- C:\Windows\System\LuWVgUz.exe
  C:\Windows\System\LuWVgUz.exe
  2⤵
  PID:4728
- C:\Windows\System\fUArmXW.exe
  C:\Windows\System\fUArmXW.exe
  2⤵
  PID:4744
- C:\Windows\System\Ivzwnke.exe
  C:\Windows\System\Ivzwnke.exe
  2⤵
  PID:4768
- C:\Windows\System\uSmOsMJ.exe
  C:\Windows\System\uSmOsMJ.exe
  2⤵
  PID:4788
- C:\Windows\System\CLSKJYc.exe
  C:\Windows\System\CLSKJYc.exe
  2⤵
  PID:4804
- C:\Windows\System\DfrBSuQ.exe
  C:\Windows\System\DfrBSuQ.exe
  2⤵
  PID:4820
- C:\Windows\System\FOaovLG.exe
  C:\Windows\System\FOaovLG.exe
  2⤵
  PID:4840
- C:\Windows\System\FvgTKPW.exe
  C:\Windows\System\FvgTKPW.exe
  2⤵
  PID:4856
- C:\Windows\System\SwNIwUY.exe
  C:\Windows\System\SwNIwUY.exe
  2⤵
  PID:4876
- C:\Windows\System\cmZFHYT.exe
  C:\Windows\System\cmZFHYT.exe
  2⤵
  PID:4892
- C:\Windows\System\rXSRmOz.exe
  C:\Windows\System\rXSRmOz.exe
  2⤵
  PID:4908
- C:\Windows\System\CoGJHor.exe
  C:\Windows\System\CoGJHor.exe
  2⤵
  PID:4924
- C:\Windows\System\muEEXHw.exe
  C:\Windows\System\muEEXHw.exe
  2⤵
  PID:4960
- C:\Windows\System\DvqWNRt.exe
  C:\Windows\System\DvqWNRt.exe
  2⤵
  PID:4980
- C:\Windows\System\lRHbYCK.exe
  C:\Windows\System\lRHbYCK.exe
  2⤵
  PID:5008
- C:\Windows\System\YOEVLmq.exe
  C:\Windows\System\YOEVLmq.exe
  2⤵
  PID:5028
- C:\Windows\System\WkxobfZ.exe
  C:\Windows\System\WkxobfZ.exe
  2⤵
  PID:5052
- C:\Windows\System\zUmyvNC.exe
  C:\Windows\System\zUmyvNC.exe
  2⤵
  PID:5068
- C:\Windows\System\WiyDSbT.exe
  C:\Windows\System\WiyDSbT.exe
  2⤵
  PID:5088
- C:\Windows\System\sNHUnPs.exe
  C:\Windows\System\sNHUnPs.exe
  2⤵
  PID:5108
- C:\Windows\System\ofgOuUU.exe
  C:\Windows\System\ofgOuUU.exe
  2⤵
  PID:1292
- C:\Windows\System\MVVJITk.exe
  C:\Windows\System\MVVJITk.exe
  2⤵
  PID:4104
- C:\Windows\System\EzjEiWa.exe
  C:\Windows\System\EzjEiWa.exe
  2⤵
  PID:4144
- C:\Windows\System\DGkdgUc.exe
  C:\Windows\System\DGkdgUc.exe
  2⤵
  PID:4160
- C:\Windows\System\AxrcCRw.exe
  C:\Windows\System\AxrcCRw.exe
  2⤵
  PID:4180
- C:\Windows\System\XCVVWSC.exe
  C:\Windows\System\XCVVWSC.exe
  2⤵
  PID:4200
- C:\Windows\System\EcAvQiC.exe
  C:\Windows\System\EcAvQiC.exe
  2⤵
  PID:4220
- C:\Windows\System\NyFxfqJ.exe
  C:\Windows\System\NyFxfqJ.exe
  2⤵
  PID:4340
- C:\Windows\System\EzFFLoG.exe
  C:\Windows\System\EzFFLoG.exe
  2⤵
  PID:4376
- C:\Windows\System\MeUpKoc.exe
  C:\Windows\System\MeUpKoc.exe
  2⤵
  PID:4420
- C:\Windows\System\pyDobBC.exe
  C:\Windows\System\pyDobBC.exe
  2⤵
  PID:4424
- C:\Windows\System\egCICol.exe
  C:\Windows\System\egCICol.exe
  2⤵
  PID:4440
- C:\Windows\System\cdkEdVr.exe
  C:\Windows\System\cdkEdVr.exe
  2⤵
  PID:4296
- C:\Windows\System\OhjwXGl.exe
  C:\Windows\System\OhjwXGl.exe
  2⤵
  PID:4360
- C:\Windows\System\mgKtdAD.exe
  C:\Windows\System\mgKtdAD.exe
  2⤵
  PID:4508
- C:\Windows\System\BEZTOIA.exe
  C:\Windows\System\BEZTOIA.exe
  2⤵
  PID:4556
- C:\Windows\System\vpRVkCq.exe
  C:\Windows\System\vpRVkCq.exe
  2⤵
  PID:4568
- C:\Windows\System\DFBXljW.exe
  C:\Windows\System\DFBXljW.exe
  2⤵
  PID:4572
- C:\Windows\System\HMJCxbj.exe
  C:\Windows\System\HMJCxbj.exe
  2⤵
  PID:820
- C:\Windows\System\YDMWjCc.exe
  C:\Windows\System\YDMWjCc.exe
  2⤵
  PID:4668
- C:\Windows\System\DGPkdnP.exe
  C:\Windows\System\DGPkdnP.exe
  2⤵
  PID:4652
- C:\Windows\System\bhupKpr.exe
  C:\Windows\System\bhupKpr.exe
  2⤵
  PID:4616
- C:\Windows\System\bVoTAFr.exe
  C:\Windows\System\bVoTAFr.exe
  2⤵
  PID:4692
- C:\Windows\System\eOlJhTl.exe
  C:\Windows\System\eOlJhTl.exe
  2⤵
  PID:4764
- C:\Windows\System\NvRDfwF.exe
  C:\Windows\System\NvRDfwF.exe
  2⤵
  PID:4800
- C:\Windows\System\cuQXBwA.exe
  C:\Windows\System\cuQXBwA.exe
  2⤵
  PID:4828
- C:\Windows\System\PzApMxX.exe
  C:\Windows\System\PzApMxX.exe
  2⤵
  PID:4872
- C:\Windows\System\KhkXuIM.exe
  C:\Windows\System\KhkXuIM.exe
  2⤵
  PID:4848
- C:\Windows\System\DyWALOW.exe
  C:\Windows\System\DyWALOW.exe
  2⤵
  PID:4884
- C:\Windows\System\cBeqlcT.exe
  C:\Windows\System\cBeqlcT.exe
  2⤵
  PID:4956
- C:\Windows\System\cmOnyku.exe
  C:\Windows\System\cmOnyku.exe
  2⤵
  PID:4976
- C:\Windows\System\BxbOjrh.exe
  C:\Windows\System\BxbOjrh.exe
  2⤵
  PID:5020
- C:\Windows\System\oYztbGA.exe
  C:\Windows\System\oYztbGA.exe
  2⤵
  PID:3032
- C:\Windows\System\FpIDLEJ.exe
  C:\Windows\System\FpIDLEJ.exe
  2⤵
  PID:1308
- C:\Windows\System\ZvZrSmq.exe
  C:\Windows\System\ZvZrSmq.exe
  2⤵
  PID:3684
- C:\Windows\System\KIVKYqA.exe
  C:\Windows\System\KIVKYqA.exe
  2⤵
  PID:4136
- C:\Windows\System\rCqiNSO.exe
  C:\Windows\System\rCqiNSO.exe
  2⤵
  PID:5064
- C:\Windows\System\CGFgEiy.exe
  C:\Windows\System\CGFgEiy.exe
  2⤵
  PID:4156
- C:\Windows\System\QpLsyZm.exe
  C:\Windows\System\QpLsyZm.exe
  2⤵
  PID:4208
- C:\Windows\System\MRxSqcS.exe
  C:\Windows\System\MRxSqcS.exe
  2⤵
  PID:4308
- C:\Windows\System\bNWFnMY.exe
  C:\Windows\System\bNWFnMY.exe
  2⤵
  PID:4292
- C:\Windows\System\xoPPdpi.exe
  C:\Windows\System\xoPPdpi.exe
  2⤵
  PID:4504
- C:\Windows\System\mHjQYhb.exe
  C:\Windows\System\mHjQYhb.exe
  2⤵
  PID:4436
- C:\Windows\System\hVpUriD.exe
  C:\Windows\System\hVpUriD.exe
  2⤵
  PID:4492
- C:\Windows\System\rfKPihO.exe
  C:\Windows\System\rfKPihO.exe
  2⤵
  PID:4328
- C:\Windows\System\VirSWbM.exe
  C:\Windows\System\VirSWbM.exe
  2⤵
  PID:4544
- C:\Windows\System\GhNfSpz.exe
  C:\Windows\System\GhNfSpz.exe
  2⤵
  PID:4720
- C:\Windows\System\NkPqYNF.exe
  C:\Windows\System\NkPqYNF.exe
  2⤵
  PID:4740
- C:\Windows\System\fvtcZyR.exe
  C:\Windows\System\fvtcZyR.exe
  2⤵
  PID:4756
- C:\Windows\System\DTlWbjx.exe
  C:\Windows\System\DTlWbjx.exe
  2⤵
  PID:4796
- C:\Windows\System\HpYguPB.exe
  C:\Windows\System\HpYguPB.exe
  2⤵
  PID:4952
- C:\Windows\System\cLfmAUz.exe
  C:\Windows\System\cLfmAUz.exe
  2⤵
  PID:1480
- C:\Windows\System\qgVVbXJ.exe
  C:\Windows\System\qgVVbXJ.exe
  2⤵
  PID:5044
- C:\Windows\System\VlBtVfr.exe
  C:\Windows\System\VlBtVfr.exe
  2⤵
  PID:5048
- C:\Windows\System\WHIGocJ.exe
  C:\Windows\System\WHIGocJ.exe
  2⤵
  PID:3076
- C:\Windows\System\QzICapK.exe
  C:\Windows\System\QzICapK.exe
  2⤵
  PID:5024
- C:\Windows\System\dYIrLVn.exe
  C:\Windows\System\dYIrLVn.exe
  2⤵
  PID:5080
- C:\Windows\System\IYwzaCL.exe
  C:\Windows\System\IYwzaCL.exe
  2⤵
  PID:4372
- C:\Windows\System\bmxNumW.exe
  C:\Windows\System\bmxNumW.exe
  2⤵
  PID:4192
- C:\Windows\System\chMGVQc.exe
  C:\Windows\System\chMGVQc.exe
  2⤵
  PID:4276
- C:\Windows\System\JpCjeFc.exe
  C:\Windows\System\JpCjeFc.exe
  2⤵
  PID:4472
- C:\Windows\System\rRpeEdo.exe
  C:\Windows\System\rRpeEdo.exe
  2⤵
  PID:4580
- C:\Windows\System\NLzfYvm.exe
  C:\Windows\System\NLzfYvm.exe
  2⤵
  PID:4704
- C:\Windows\System\cukEsjn.exe
  C:\Windows\System\cukEsjn.exe
  2⤵
  PID:4836
- C:\Windows\System\uCipIyq.exe
  C:\Windows\System\uCipIyq.exe
  2⤵
  PID:4944
- C:\Windows\System\DqcOGrB.exe
  C:\Windows\System\DqcOGrB.exe
  2⤵
  PID:5000
- C:\Windows\System\aTITAQy.exe
  C:\Windows\System\aTITAQy.exe
  2⤵
  PID:4996
- C:\Windows\System\szPOByX.exe
  C:\Windows\System\szPOByX.exe
  2⤵
  PID:4812
- C:\Windows\System\PphPsot.exe
  C:\Windows\System\PphPsot.exe
  2⤵
  PID:4176
- C:\Windows\System\iXoGJYw.exe
  C:\Windows\System\iXoGJYw.exe
  2⤵
  PID:4152
- C:\Windows\System\eTjbBTR.exe
  C:\Windows\System\eTjbBTR.exe
  2⤵
  PID:4240
- C:\Windows\System\aJoQwbD.exe
  C:\Windows\System\aJoQwbD.exe
  2⤵
  PID:2276
- C:\Windows\System\UMcsDqm.exe
  C:\Windows\System\UMcsDqm.exe
  2⤵
  PID:4432
- C:\Windows\System\bsGtIzW.exe
  C:\Windows\System\bsGtIzW.exe
  2⤵
  PID:4676
- C:\Windows\System\KncUvaj.exe
  C:\Windows\System\KncUvaj.exe
  2⤵
  PID:4524
- C:\Windows\System\ccZLxDW.exe
  C:\Windows\System\ccZLxDW.exe
  2⤵
  PID:4904
- C:\Windows\System\sIEuvkU.exe
  C:\Windows\System\sIEuvkU.exe
  2⤵
  PID:1684
- C:\Windows\System\HItSHoA.exe
  C:\Windows\System\HItSHoA.exe
  2⤵
  PID:5040
- C:\Windows\System\POfPzml.exe
  C:\Windows\System\POfPzml.exe
  2⤵
  PID:1040
- C:\Windows\System\GCARFJI.exe
  C:\Windows\System\GCARFJI.exe
  2⤵
  PID:4272
- C:\Windows\System\rWbPQtE.exe
  C:\Windows\System\rWbPQtE.exe
  2⤵
  PID:4716
- C:\Windows\System\PXLavXd.exe
  C:\Windows\System\PXLavXd.exe
  2⤵
  PID:4948
- C:\Windows\System\VRPyUyi.exe
  C:\Windows\System\VRPyUyi.exe
  2⤵
  PID:4624
- C:\Windows\System\AedbXaH.exe
  C:\Windows\System\AedbXaH.exe
  2⤵
  PID:4776
- C:\Windows\System\nNtXLeP.exe
  C:\Windows\System\nNtXLeP.exe
  2⤵
  PID:4172
- C:\Windows\System\FMQnjwO.exe
  C:\Windows\System\FMQnjwO.exe
  2⤵
  PID:4452
- C:\Windows\System\yULwISE.exe
  C:\Windows\System\yULwISE.exe
  2⤵
  PID:5116
- C:\Windows\System\MfnvoOl.exe
  C:\Windows\System\MfnvoOl.exe
  2⤵
  PID:2992
- C:\Windows\System\czeDBNZ.exe
  C:\Windows\System\czeDBNZ.exe
  2⤵
  PID:4712
- C:\Windows\System\nvZfFuv.exe
  C:\Windows\System\nvZfFuv.exe
  2⤵
  PID:912
- C:\Windows\System\bmJgYxj.exe
  C:\Windows\System\bmJgYxj.exe
  2⤵
  PID:4288
- C:\Windows\System\MxmaPAq.exe
  C:\Windows\System\MxmaPAq.exe
  2⤵
  PID:5136
- C:\Windows\System\mMvfGVu.exe
  C:\Windows\System\mMvfGVu.exe
  2⤵
  PID:5152
- C:\Windows\System\YodyLCq.exe
  C:\Windows\System\YodyLCq.exe
  2⤵
  PID:5180
- C:\Windows\System\dneVkGh.exe
  C:\Windows\System\dneVkGh.exe
  2⤵
  PID:5204
- C:\Windows\System\rOWMKAM.exe
  C:\Windows\System\rOWMKAM.exe
  2⤵
  PID:5224
- C:\Windows\System\RnsWpxP.exe
  C:\Windows\System\RnsWpxP.exe
  2⤵
  PID:5240
- C:\Windows\System\kRsEjXJ.exe
  C:\Windows\System\kRsEjXJ.exe
  2⤵
  PID:5264
- C:\Windows\System\IBWVNLX.exe
  C:\Windows\System\IBWVNLX.exe
  2⤵
  PID:5288
- C:\Windows\System\DbNUDbR.exe
  C:\Windows\System\DbNUDbR.exe
  2⤵
  PID:5304
- C:\Windows\System\AyyDKdq.exe
  C:\Windows\System\AyyDKdq.exe
  2⤵
  PID:5320
- C:\Windows\System\XzXOiQI.exe
  C:\Windows\System\XzXOiQI.exe
  2⤵
  PID:5340
- C:\Windows\System\Oqbwshq.exe
  C:\Windows\System\Oqbwshq.exe
  2⤵
  PID:5360
- C:\Windows\System\hassXbZ.exe
  C:\Windows\System\hassXbZ.exe
  2⤵
  PID:5380
- C:\Windows\System\oJLKwir.exe
  C:\Windows\System\oJLKwir.exe
  2⤵
  PID:5404
- C:\Windows\System\yPZNWJg.exe
  C:\Windows\System\yPZNWJg.exe
  2⤵
  PID:5424
- C:\Windows\System\hnSpHCr.exe
  C:\Windows\System\hnSpHCr.exe
  2⤵
  PID:5452
- C:\Windows\System\yZzKYrU.exe
  C:\Windows\System\yZzKYrU.exe
  2⤵
  PID:5468
- C:\Windows\System\yTKNAXo.exe
  C:\Windows\System\yTKNAXo.exe
  2⤵
  PID:5484
- C:\Windows\System\JbptqzB.exe
  C:\Windows\System\JbptqzB.exe
  2⤵
  PID:5500
- C:\Windows\System\OjJccYV.exe
  C:\Windows\System\OjJccYV.exe
  2⤵
  PID:5520
- C:\Windows\System\XqsaGXs.exe
  C:\Windows\System\XqsaGXs.exe
  2⤵
  PID:5544
- C:\Windows\System\qrPsMzu.exe
  C:\Windows\System\qrPsMzu.exe
  2⤵
  PID:5560
- C:\Windows\System\AbBxaXS.exe
  C:\Windows\System\AbBxaXS.exe
  2⤵
  PID:5576
- C:\Windows\System\sfWsXkO.exe
  C:\Windows\System\sfWsXkO.exe
  2⤵
  PID:5608
- C:\Windows\System\xkZYgsg.exe
  C:\Windows\System\xkZYgsg.exe
  2⤵
  PID:5628
- C:\Windows\System\omeWQBk.exe
  C:\Windows\System\omeWQBk.exe
  2⤵
  PID:5652
- C:\Windows\System\VWwWVyZ.exe
  C:\Windows\System\VWwWVyZ.exe
  2⤵
  PID:5668
- C:\Windows\System\mMYLaog.exe
  C:\Windows\System\mMYLaog.exe
  2⤵
  PID:5684
- C:\Windows\System\GaeszSm.exe
  C:\Windows\System\GaeszSm.exe
  2⤵
  PID:5704
- C:\Windows\System\YqSXyFp.exe
  C:\Windows\System\YqSXyFp.exe
  2⤵
  PID:5720
- C:\Windows\System\RlYuKFS.exe
  C:\Windows\System\RlYuKFS.exe
  2⤵
  PID:5736
- C:\Windows\System\wJYSReR.exe
  C:\Windows\System\wJYSReR.exe
  2⤵
  PID:5752
- C:\Windows\System\pBFYZle.exe
  C:\Windows\System\pBFYZle.exe
  2⤵
  PID:5772
- C:\Windows\System\nUzpJPJ.exe
  C:\Windows\System\nUzpJPJ.exe
  2⤵
  PID:5812
- C:\Windows\System\DaRBeBk.exe
  C:\Windows\System\DaRBeBk.exe
  2⤵
  PID:5828
- C:\Windows\System\lJCXJyw.exe
  C:\Windows\System\lJCXJyw.exe
  2⤵
  PID:5848
- C:\Windows\System\wqRkSoM.exe
  C:\Windows\System\wqRkSoM.exe
  2⤵
  PID:5868
- C:\Windows\System\xpKVWWR.exe
  C:\Windows\System\xpKVWWR.exe
  2⤵
  PID:5892
- C:\Windows\System\fhhYchr.exe
  C:\Windows\System\fhhYchr.exe
  2⤵
  PID:5908
- C:\Windows\System\MzRuAbV.exe
  C:\Windows\System\MzRuAbV.exe
  2⤵
  PID:5924
- C:\Windows\System\NAoAyaO.exe
  C:\Windows\System\NAoAyaO.exe
  2⤵
  PID:5940
- C:\Windows\System\RgDyvcR.exe
  C:\Windows\System\RgDyvcR.exe
  2⤵
  PID:5964
- C:\Windows\System\scwStTB.exe
  C:\Windows\System\scwStTB.exe
  2⤵
  PID:5984
- C:\Windows\System\VqUYcSj.exe
  C:\Windows\System\VqUYcSj.exe
  2⤵
  PID:6000
- C:\Windows\System\DjyOxYf.exe
  C:\Windows\System\DjyOxYf.exe
  2⤵
  PID:6016
- C:\Windows\System\xGlKKPr.exe
  C:\Windows\System\xGlKKPr.exe
  2⤵
  PID:6036
- C:\Windows\System\DGHCgEH.exe
  C:\Windows\System\DGHCgEH.exe
  2⤵
  PID:6056
- C:\Windows\System\jDFHAjX.exe
  C:\Windows\System\jDFHAjX.exe
  2⤵
  PID:6092
- C:\Windows\System\HFTACGz.exe
  C:\Windows\System\HFTACGz.exe
  2⤵
  PID:6108
- C:\Windows\System\PFcfyoC.exe
  C:\Windows\System\PFcfyoC.exe
  2⤵
  PID:6124
- C:\Windows\System\TSMBQOe.exe
  C:\Windows\System\TSMBQOe.exe
  2⤵
  PID:4260
- C:\Windows\System\uxHmJOv.exe
  C:\Windows\System\uxHmJOv.exe
  2⤵
  PID:5196
- C:\Windows\System\NzTeVTC.exe
  C:\Windows\System\NzTeVTC.exe
  2⤵
  PID:3592
- C:\Windows\System\pzkyuHh.exe
  C:\Windows\System\pzkyuHh.exe
  2⤵
  PID:1036
- C:\Windows\System\UasFgaA.exe
  C:\Windows\System\UasFgaA.exe
  2⤵
  PID:5168
- C:\Windows\System\WEBKllI.exe
  C:\Windows\System\WEBKllI.exe
  2⤵
  PID:5212
- C:\Windows\System\KFoxhNG.exe
  C:\Windows\System\KFoxhNG.exe
  2⤵
  PID:5272
- C:\Windows\System\TvrCfdR.exe
  C:\Windows\System\TvrCfdR.exe
  2⤵
  PID:5284
- C:\Windows\System\jxtBFIo.exe
  C:\Windows\System\jxtBFIo.exe
  2⤵
  PID:5348
- C:\Windows\System\bUkfHik.exe
  C:\Windows\System\bUkfHik.exe
  2⤵
  PID:5392
- C:\Windows\System\JrNUNxz.exe
  C:\Windows\System\JrNUNxz.exe
  2⤵
  PID:5432
- C:\Windows\System\RnAMeta.exe
  C:\Windows\System\RnAMeta.exe
  2⤵
  PID:5372
- C:\Windows\System\jlgdojB.exe
  C:\Windows\System\jlgdojB.exe
  2⤵
  PID:5476
- C:\Windows\System\VFiwOFJ.exe
  C:\Windows\System\VFiwOFJ.exe
  2⤵
  PID:5492
- C:\Windows\System\kVzcDyI.exe
  C:\Windows\System\kVzcDyI.exe
  2⤵
  PID:5584
- C:\Windows\System\bJkxvyQ.exe
  C:\Windows\System\bJkxvyQ.exe
  2⤵
  PID:2236
- C:\Windows\System\PelxhQX.exe
  C:\Windows\System\PelxhQX.exe
  2⤵
  PID:5536
- C:\Windows\System\ApANcKI.exe
  C:\Windows\System\ApANcKI.exe
  2⤵
  PID:5588
- C:\Windows\System\MFNhXdU.exe
  C:\Windows\System\MFNhXdU.exe
  2⤵
  PID:5624
- C:\Windows\System\HjUqDXN.exe
  C:\Windows\System\HjUqDXN.exe
  2⤵
  PID:5744
- C:\Windows\System\tqvPdNw.exe
  C:\Windows\System\tqvPdNw.exe
  2⤵
  PID:5728
- C:\Windows\System\lyzwNMn.exe
  C:\Windows\System\lyzwNMn.exe
  2⤵
  PID:5768
- C:\Windows\System\KmIvaje.exe
  C:\Windows\System\KmIvaje.exe
  2⤵
  PID:5700
- C:\Windows\System\vUrgMCF.exe
  C:\Windows\System\vUrgMCF.exe
  2⤵
  PID:5796
- C:\Windows\System\magsAbs.exe
  C:\Windows\System\magsAbs.exe
  2⤵
  PID:5836
- C:\Windows\System\WPOGZMn.exe
  C:\Windows\System\WPOGZMn.exe
  2⤵
  PID:5876
- C:\Windows\System\ENHCqie.exe
  C:\Windows\System\ENHCqie.exe
  2⤵
  PID:5888
- C:\Windows\System\xdVAsKR.exe
  C:\Windows\System\xdVAsKR.exe
  2⤵
  PID:5904
- C:\Windows\System\MyYhKbd.exe
  C:\Windows\System\MyYhKbd.exe
  2⤵
  PID:5960
- C:\Windows\System\nqNWnMi.exe
  C:\Windows\System\nqNWnMi.exe
  2⤵
  PID:5936
- C:\Windows\System\DDIChzl.exe
  C:\Windows\System\DDIChzl.exe
  2⤵
  PID:5980
- C:\Windows\System\dyOqMxI.exe
  C:\Windows\System\dyOqMxI.exe
  2⤵
  PID:5976
- C:\Windows\System\BCAnQrj.exe
  C:\Windows\System\BCAnQrj.exe
  2⤵
  PID:5972
- C:\Windows\System\fmkKSSn.exe
  C:\Windows\System\fmkKSSn.exe
  2⤵
  PID:6100
- C:\Windows\System\MZxpEeh.exe
  C:\Windows\System\MZxpEeh.exe
  2⤵
  PID:2308
- C:\Windows\System\eMryaKv.exe
  C:\Windows\System\eMryaKv.exe
  2⤵
  PID:4752
- C:\Windows\System\iYvyJFr.exe
  C:\Windows\System\iYvyJFr.exe
  2⤵
  PID:1824
- C:\Windows\System\NUIzUBV.exe
  C:\Windows\System\NUIzUBV.exe
  2⤵
  PID:5128
- C:\Windows\System\nVVKwGG.exe
  C:\Windows\System\nVVKwGG.exe
  2⤵
  PID:5280
- C:\Windows\System\eLGjuNx.exe
  C:\Windows\System\eLGjuNx.exe
  2⤵
  PID:5300
- C:\Windows\System\wzoxyyC.exe
  C:\Windows\System\wzoxyyC.exe
  2⤵
  PID:5328
- C:\Windows\System\wuyTLfm.exe
  C:\Windows\System\wuyTLfm.exe
  2⤵
  PID:1516
- C:\Windows\System\ieDFMUV.exe
  C:\Windows\System\ieDFMUV.exe
  2⤵
  PID:5600
- C:\Windows\System\RUStoEw.exe
  C:\Windows\System\RUStoEw.exe
  2⤵
  PID:5636
- C:\Windows\System\gHmnonN.exe
  C:\Windows\System\gHmnonN.exe
  2⤵
  PID:5464
- C:\Windows\System\UqvQtri.exe
  C:\Windows\System\UqvQtri.exe
  2⤵
  PID:5648
- C:\Windows\System\rZYhFkc.exe
  C:\Windows\System\rZYhFkc.exe
  2⤵
  PID:5760
- C:\Windows\System\wewAGSo.exe
  C:\Windows\System\wewAGSo.exe
  2⤵
  PID:5844
- C:\Windows\System\NdlQByS.exe
  C:\Windows\System\NdlQByS.exe
  2⤵
  PID:5996
- C:\Windows\System\uXjahgv.exe
  C:\Windows\System\uXjahgv.exe
  2⤵
  PID:6080
- C:\Windows\System\fgqDpin.exe
  C:\Windows\System\fgqDpin.exe
  2⤵
  PID:5188
- C:\Windows\System\yeBYnVj.exe
  C:\Windows\System\yeBYnVj.exe
  2⤵
  PID:5856
- C:\Windows\System\cwxYwuQ.exe
  C:\Windows\System\cwxYwuQ.exe
  2⤵
  PID:2788
- C:\Windows\System\eliIsXt.exe
  C:\Windows\System\eliIsXt.exe
  2⤵
  PID:5956
- C:\Windows\System\UVQZOJx.exe
  C:\Windows\System\UVQZOJx.exe
  2⤵
  PID:6120
- C:\Windows\System\uWNxbJj.exe
  C:\Windows\System\uWNxbJj.exe
  2⤵
  PID:5388
- C:\Windows\System\hrbeiqt.exe
  C:\Windows\System\hrbeiqt.exe
  2⤵
  PID:1336
- C:\Windows\System\yWwDHPm.exe
  C:\Windows\System\yWwDHPm.exe
  2⤵
  PID:5512
- C:\Windows\System\SwBQIue.exe
  C:\Windows\System\SwBQIue.exe
  2⤵
  PID:1168
- C:\Windows\System\sthxMzL.exe
  C:\Windows\System\sthxMzL.exe
  2⤵
  PID:5552
- C:\Windows\System\sOxBYzJ.exe
  C:\Windows\System\sOxBYzJ.exe
  2⤵
  PID:5676
- C:\Windows\System\XtGOLlM.exe
  C:\Windows\System\XtGOLlM.exe
  2⤵
  PID:5716
- C:\Windows\System\bajXKno.exe
  C:\Windows\System\bajXKno.exe
  2⤵
  PID:6072
- C:\Windows\System\lZoZqBn.exe
  C:\Windows\System\lZoZqBn.exe
  2⤵
  PID:5400
- C:\Windows\System\bHrHvJl.exe
  C:\Windows\System\bHrHvJl.exe
  2⤵
  PID:6048
- C:\Windows\System\NMkbqOw.exe
  C:\Windows\System\NMkbqOw.exe
  2⤵
  PID:5692
- C:\Windows\System\rKanvSy.exe
  C:\Windows\System\rKanvSy.exe
  2⤵
  PID:6088
- C:\Windows\System\fUjGEUe.exe
  C:\Windows\System\fUjGEUe.exe
  2⤵
  PID:5412
- C:\Windows\System\PJvnYkc.exe
  C:\Windows\System\PJvnYkc.exe
  2⤵
  PID:5420
- C:\Windows\System\luDRDZA.exe
  C:\Windows\System\luDRDZA.exe
  2⤵
  PID:5252
- C:\Windows\System\YlxMLzC.exe
  C:\Windows\System\YlxMLzC.exe
  2⤵
  PID:5236
- C:\Windows\System\eLakDhp.exe
  C:\Windows\System\eLakDhp.exe
  2⤵
  PID:5864
- C:\Windows\System\QEDrgUX.exe
  C:\Windows\System\QEDrgUX.exe
  2⤵
  PID:5824
- C:\Windows\System\ZkzLBcR.exe
  C:\Windows\System\ZkzLBcR.exe
  2⤵
  PID:6164
- C:\Windows\System\JxqVMVr.exe
  C:\Windows\System\JxqVMVr.exe
  2⤵
  PID:6180
- C:\Windows\System\mYlOtLW.exe
  C:\Windows\System\mYlOtLW.exe
  2⤵
  PID:6196
- C:\Windows\System\cEpgiaM.exe
  C:\Windows\System\cEpgiaM.exe
  2⤵
  PID:6216
- C:\Windows\System\vpjOEap.exe
  C:\Windows\System\vpjOEap.exe
  2⤵
  PID:6236
- C:\Windows\System\YZJHSjO.exe
  C:\Windows\System\YZJHSjO.exe
  2⤵
  PID:6252
- C:\Windows\System\ssGXAHR.exe
  C:\Windows\System\ssGXAHR.exe
  2⤵
  PID:6288
- C:\Windows\System\lGdQhHu.exe
  C:\Windows\System\lGdQhHu.exe
  2⤵
  PID:6304
- C:\Windows\System\rrUmABC.exe
  C:\Windows\System\rrUmABC.exe
  2⤵
  PID:6320
- C:\Windows\System\AjgaYPi.exe
  C:\Windows\System\AjgaYPi.exe
  2⤵
  PID:6360
- C:\Windows\System\GMdHbob.exe
  C:\Windows\System\GMdHbob.exe
  2⤵
  PID:6376
- C:\Windows\System\OXLAjtH.exe
  C:\Windows\System\OXLAjtH.exe
  2⤵
  PID:6392
- C:\Windows\System\CZIqKig.exe
  C:\Windows\System\CZIqKig.exe
  2⤵
  PID:6408
- C:\Windows\System\RCosThA.exe
  C:\Windows\System\RCosThA.exe
  2⤵
  PID:6424
- C:\Windows\System\mxLsfmq.exe
  C:\Windows\System\mxLsfmq.exe
  2⤵
  PID:6448
- C:\Windows\System\dBemcve.exe
  C:\Windows\System\dBemcve.exe
  2⤵
  PID:6480
- C:\Windows\System\zyeOJsn.exe
  C:\Windows\System\zyeOJsn.exe
  2⤵
  PID:6520
- C:\Windows\System\fnKYpbu.exe
  C:\Windows\System\fnKYpbu.exe
  2⤵
  PID:6540
- C:\Windows\System\YClQMFg.exe
  C:\Windows\System\YClQMFg.exe
  2⤵
  PID:6556
- C:\Windows\System\QeWXtAj.exe
  C:\Windows\System\QeWXtAj.exe
  2⤵
  PID:6572
- C:\Windows\System\pDMXEKS.exe
  C:\Windows\System\pDMXEKS.exe
  2⤵
  PID:6592
- C:\Windows\System\aUvHZWe.exe
  C:\Windows\System\aUvHZWe.exe
  2⤵
  PID:6612
- C:\Windows\System\uPynxJG.exe
  C:\Windows\System\uPynxJG.exe
  2⤵
  PID:6628
- C:\Windows\System\MAbhTFU.exe
  C:\Windows\System\MAbhTFU.exe
  2⤵
  PID:6644
- C:\Windows\System\NyQiWCc.exe
  C:\Windows\System\NyQiWCc.exe
  2⤵
  PID:6660
- C:\Windows\System\QcSYwxI.exe
  C:\Windows\System\QcSYwxI.exe
  2⤵
  PID:6676
- C:\Windows\System\YidevsZ.exe
  C:\Windows\System\YidevsZ.exe
  2⤵
  PID:6692
- C:\Windows\System\VZnAbOh.exe
  C:\Windows\System\VZnAbOh.exe
  2⤵
  PID:6740
- C:\Windows\System\cDWuKfy.exe
  C:\Windows\System\cDWuKfy.exe
  2⤵
  PID:6764
- C:\Windows\System\NzHjojv.exe
  C:\Windows\System\NzHjojv.exe
  2⤵
  PID:6780
- C:\Windows\System\urOryJR.exe
  C:\Windows\System\urOryJR.exe
  2⤵
  PID:6796
- C:\Windows\System\DCztsiF.exe
  C:\Windows\System\DCztsiF.exe
  2⤵
  PID:6812
- C:\Windows\System\qtqobFZ.exe
  C:\Windows\System\qtqobFZ.exe
  2⤵
  PID:6828
- C:\Windows\System\WqtZvqS.exe
  C:\Windows\System\WqtZvqS.exe
  2⤵
  PID:6848
- C:\Windows\System\grUkZVS.exe
  C:\Windows\System\grUkZVS.exe
  2⤵
  PID:6864
- C:\Windows\System\AymBmQX.exe
  C:\Windows\System\AymBmQX.exe
  2⤵
  PID:6880
- C:\Windows\System\HSakLYJ.exe
  C:\Windows\System\HSakLYJ.exe
  2⤵
  PID:6900
- C:\Windows\System\aWCTUmy.exe
  C:\Windows\System\aWCTUmy.exe
  2⤵
  PID:6924
- C:\Windows\System\AnJtEFK.exe
  C:\Windows\System\AnJtEFK.exe
  2⤵
  PID:6956
- C:\Windows\System\vChvNTe.exe
  C:\Windows\System\vChvNTe.exe
  2⤵
  PID:6980
- C:\Windows\System\kOmGIMK.exe
  C:\Windows\System\kOmGIMK.exe
  2⤵
  PID:7008
- C:\Windows\System\FBPypwp.exe
  C:\Windows\System\FBPypwp.exe
  2⤵
  PID:7024
- C:\Windows\System\LzJorrh.exe
  C:\Windows\System\LzJorrh.exe
  2⤵
  PID:7040
- C:\Windows\System\fXjKQeS.exe
  C:\Windows\System\fXjKQeS.exe
  2⤵
  PID:7056
- C:\Windows\System\WKDSuHg.exe
  C:\Windows\System\WKDSuHg.exe
  2⤵
  PID:7080
- C:\Windows\System\AwFzhDZ.exe
  C:\Windows\System\AwFzhDZ.exe
  2⤵
  PID:7100
- C:\Windows\System\rCsLNun.exe
  C:\Windows\System\rCsLNun.exe
  2⤵
  PID:7120
- C:\Windows\System\iUvJdNW.exe
  C:\Windows\System\iUvJdNW.exe
  2⤵
  PID:7140
- C:\Windows\System\fbhsJLY.exe
  C:\Windows\System\fbhsJLY.exe
  2⤵
  PID:6104
- C:\Windows\System\YnMagpD.exe
  C:\Windows\System\YnMagpD.exe
  2⤵
  PID:6032
- C:\Windows\System\TgqihdA.exe
  C:\Windows\System\TgqihdA.exe
  2⤵
  PID:6152
- C:\Windows\System\KaCqrpD.exe
  C:\Windows\System\KaCqrpD.exe
  2⤵
  PID:6224
- C:\Windows\System\ymXtKQs.exe
  C:\Windows\System\ymXtKQs.exe
  2⤵
  PID:6264
- C:\Windows\System\BRFTWfB.exe
  C:\Windows\System\BRFTWfB.exe
  2⤵
  PID:6204
- C:\Windows\System\KfgZYLO.exe
  C:\Windows\System\KfgZYLO.exe
  2⤵
  PID:5124
- C:\Windows\System\pWuUKNb.exe
  C:\Windows\System\pWuUKNb.exe
  2⤵
  PID:6044
- C:\Windows\System\isYNWom.exe
  C:\Windows\System\isYNWom.exe
  2⤵
  PID:6208
- C:\Windows\System\tchMJqU.exe
  C:\Windows\System\tchMJqU.exe
  2⤵
  PID:5148
- C:\Windows\System\LGIpMvz.exe
  C:\Windows\System\LGIpMvz.exe
  2⤵
  PID:5316
- C:\Windows\System\TthmsgP.exe
  C:\Windows\System\TthmsgP.exe
  2⤵
  PID:6368
- C:\Windows\System\wSVgitm.exe
  C:\Windows\System\wSVgitm.exe
  2⤵
  PID:6432
- C:\Windows\System\rZUivDh.exe
  C:\Windows\System\rZUivDh.exe
  2⤵
  PID:6384
- C:\Windows\System\FmgGhlE.exe
  C:\Windows\System\FmgGhlE.exe
  2⤵
  PID:6300
- C:\Windows\System\gzdQFBp.exe
  C:\Windows\System\gzdQFBp.exe
  2⤵
  PID:6472
- C:\Windows\System\TNoVTZS.exe
  C:\Windows\System\TNoVTZS.exe
  2⤵
  PID:6344
- C:\Windows\System\xKYBful.exe
  C:\Windows\System\xKYBful.exe
  2⤵
  PID:6416
- C:\Windows\System\NuovkkH.exe
  C:\Windows\System\NuovkkH.exe
  2⤵
  PID:6496
- C:\Windows\System\fHgNUgn.exe
  C:\Windows\System\fHgNUgn.exe
  2⤵
  PID:6584
- C:\Windows\System\zJQhYsT.exe
  C:\Windows\System\zJQhYsT.exe
  2⤵
  PID:6624
- C:\Windows\System\qjqAZCM.exe
  C:\Windows\System\qjqAZCM.exe
  2⤵
  PID:6536
- C:\Windows\System\wafFHsz.exe
  C:\Windows\System\wafFHsz.exe
  2⤵
  PID:6720
- C:\Windows\System\aZFmmnE.exe
  C:\Windows\System\aZFmmnE.exe
  2⤵
  PID:6636
- C:\Windows\System\ESSBuGN.exe
  C:\Windows\System\ESSBuGN.exe
  2⤵
  PID:6732
- C:\Windows\System\APrnXaP.exe
  C:\Windows\System\APrnXaP.exe
  2⤵
  PID:6788
- C:\Windows\System\OZpWSDW.exe
  C:\Windows\System\OZpWSDW.exe
  2⤵
  PID:6892
- C:\Windows\System\ppWbNYv.exe
  C:\Windows\System\ppWbNYv.exe
  2⤵
  PID:6944
- C:\Windows\System\mnJYARI.exe
  C:\Windows\System\mnJYARI.exe
  2⤵
  PID:1052
- C:\Windows\System\OXnrQOt.exe
  C:\Windows\System\OXnrQOt.exe
  2⤵
  PID:6916
- C:\Windows\System\gVcUHgh.exe
  C:\Windows\System\gVcUHgh.exe
  2⤵
  PID:6876
- C:\Windows\System\nijXVTj.exe
  C:\Windows\System\nijXVTj.exe
  2⤵
  PID:6968
- C:\Windows\System\KNdfFEI.exe
  C:\Windows\System\KNdfFEI.exe
  2⤵
  PID:7000
- C:\Windows\System\pTVVxQI.exe
  C:\Windows\System\pTVVxQI.exe
  2⤵
  PID:7036
- C:\Windows\System\gQMmubD.exe
  C:\Windows\System\gQMmubD.exe
  2⤵
  PID:7116
- C:\Windows\System\VidawDZ.exe
  C:\Windows\System\VidawDZ.exe
  2⤵
  PID:7152
- C:\Windows\System\RcTUaZF.exe
  C:\Windows\System\RcTUaZF.exe
  2⤵
  PID:7096
- C:\Windows\System\CXMWsvQ.exe
  C:\Windows\System\CXMWsvQ.exe
  2⤵
  PID:7156
- C:\Windows\System\rreHzMq.exe
  C:\Windows\System\rreHzMq.exe
  2⤵
  PID:5220
- C:\Windows\System\aYuuIDz.exe
  C:\Windows\System\aYuuIDz.exe
  2⤵
  PID:6160
- C:\Windows\System\oGLzJpG.exe
  C:\Windows\System\oGLzJpG.exe
  2⤵
  PID:5696
- C:\Windows\System\PdzDZNR.exe
  C:\Windows\System\PdzDZNR.exe
  2⤵
  PID:408
- C:\Windows\System\OtRLrZC.exe
  C:\Windows\System\OtRLrZC.exe
  2⤵
  PID:6068
- C:\Windows\System\pThIceq.exe
  C:\Windows\System\pThIceq.exe
  2⤵
  PID:6312
- C:\Windows\System\HMsdeip.exe
  C:\Windows\System\HMsdeip.exe
  2⤵
  PID:6500
- C:\Windows\System\ZybZinp.exe
  C:\Windows\System\ZybZinp.exe
  2⤵
  PID:6508
- C:\Windows\System\yZLDWVK.exe
  C:\Windows\System\yZLDWVK.exe
  2⤵
  PID:6340
- C:\Windows\System\xjvwLIV.exe
  C:\Windows\System\xjvwLIV.exe
  2⤵
  PID:6620
- C:\Windows\System\pwwDWRk.exe
  C:\Windows\System\pwwDWRk.exe
  2⤵
  PID:6668
- C:\Windows\System\BwURLJK.exe
  C:\Windows\System\BwURLJK.exe
  2⤵
  PID:6420
- C:\Windows\System\vPglGyd.exe
  C:\Windows\System\vPglGyd.exe
  2⤵
  PID:6684
- C:\Windows\System\VaktPbm.exe
  C:\Windows\System\VaktPbm.exe
  2⤵
  PID:6748
- C:\Windows\System\xBBZNij.exe
  C:\Windows\System\xBBZNij.exe
  2⤵
  PID:6736
- C:\Windows\System\zsxWqLI.exe
  C:\Windows\System\zsxWqLI.exe
  2⤵
  PID:6776
- C:\Windows\System\bqjHolt.exe
  C:\Windows\System\bqjHolt.exe
  2⤵
  PID:6808
- C:\Windows\System\MCdRjFc.exe
  C:\Windows\System\MCdRjFc.exe
  2⤵
  PID:6840
- C:\Windows\System\oJnwujl.exe
  C:\Windows\System\oJnwujl.exe
  2⤵
  PID:6872
- C:\Windows\System\ddcIefZ.exe
  C:\Windows\System\ddcIefZ.exe
  2⤵
  PID:7112
- C:\Windows\System\yEUhirE.exe
  C:\Windows\System\yEUhirE.exe
  2⤵
  PID:7016
- C:\Windows\System\CIqRyQv.exe
  C:\Windows\System\CIqRyQv.exe
  2⤵
  PID:796
- C:\Windows\System\xNBXZoc.exe
  C:\Windows\System\xNBXZoc.exe
  2⤵
  PID:6260
- C:\Windows\System\mbtynDR.exe
  C:\Windows\System\mbtynDR.exe
  2⤵
  PID:7136
- C:\Windows\System\yJuArwl.exe
  C:\Windows\System\yJuArwl.exe
  2⤵
  PID:6404
- C:\Windows\System\NZjQgat.exe
  C:\Windows\System\NZjQgat.exe
  2⤵
  PID:5460
- C:\Windows\System\Wctemmb.exe
  C:\Windows\System\Wctemmb.exe
  2⤵
  PID:6296
- C:\Windows\System\CVDvZIx.exe
  C:\Windows\System\CVDvZIx.exe
  2⤵
  PID:6600
- C:\Windows\System\cguIpSR.exe
  C:\Windows\System\cguIpSR.exe
  2⤵
  PID:6652
- C:\Windows\System\lqdMRqR.exe
  C:\Windows\System\lqdMRqR.exe
  2⤵
  PID:6712
- C:\Windows\System\IVQnTjm.exe
  C:\Windows\System\IVQnTjm.exe
  2⤵
  PID:6640
- C:\Windows\System\PThJVNO.exe
  C:\Windows\System\PThJVNO.exe
  2⤵
  PID:6948
- C:\Windows\System\SMsGuNz.exe
  C:\Windows\System\SMsGuNz.exe
  2⤵
  PID:6804
- C:\Windows\System\bANmDdL.exe
  C:\Windows\System\bANmDdL.exe
  2⤵
  PID:7020
- C:\Windows\System\jZKClAJ.exe
  C:\Windows\System\jZKClAJ.exe
  2⤵
  PID:6280
- C:\Windows\System\OwNEwGY.exe
  C:\Windows\System\OwNEwGY.exe
  2⤵
  PID:7160
- C:\Windows\System\UNwAwNJ.exe
  C:\Windows\System\UNwAwNJ.exe
  2⤵
  PID:5200
- C:\Windows\System\nJgKyrj.exe
  C:\Windows\System\nJgKyrj.exe
  2⤵
  PID:6456
- C:\Windows\System\HxQGKCn.exe
  C:\Windows\System\HxQGKCn.exe
  2⤵
  PID:6580
- C:\Windows\System\oGZhTGB.exe
  C:\Windows\System\oGZhTGB.exe
  2⤵
  PID:7132
- C:\Windows\System\iIHEQWt.exe
  C:\Windows\System\iIHEQWt.exe
  2⤵
  PID:6172
- C:\Windows\System\gnmVPzt.exe
  C:\Windows\System\gnmVPzt.exe
  2⤵
  PID:7176
- C:\Windows\System\oyjhExK.exe
  C:\Windows\System\oyjhExK.exe
  2⤵
  PID:7192
- C:\Windows\System\vBrhDsF.exe
  C:\Windows\System\vBrhDsF.exe
  2⤵
  PID:7208
- C:\Windows\System\xMCoWfA.exe
  C:\Windows\System\xMCoWfA.exe
  2⤵
  PID:7252
- C:\Windows\System\qTFoRhC.exe
  C:\Windows\System\qTFoRhC.exe
  2⤵
  PID:7268
- C:\Windows\System\XLRLNrH.exe
  C:\Windows\System\XLRLNrH.exe
  2⤵
  PID:7288
- C:\Windows\System\hBRiugu.exe
  C:\Windows\System\hBRiugu.exe
  2⤵
  PID:7308
- C:\Windows\System\nDUqTvA.exe
  C:\Windows\System\nDUqTvA.exe
  2⤵
  PID:7328
- C:\Windows\System\zChgADb.exe
  C:\Windows\System\zChgADb.exe
  2⤵
  PID:7356
- C:\Windows\System\GOWKUiF.exe
  C:\Windows\System\GOWKUiF.exe
  2⤵
  PID:7380
- C:\Windows\System\yqTXrlS.exe
  C:\Windows\System\yqTXrlS.exe
  2⤵
  PID:7396
- C:\Windows\System\XzjiVIQ.exe
  C:\Windows\System\XzjiVIQ.exe
  2⤵
  PID:7412
- C:\Windows\System\BfjzpWT.exe
  C:\Windows\System\BfjzpWT.exe
  2⤵
  PID:7432
- C:\Windows\System\JAuxMQW.exe
  C:\Windows\System\JAuxMQW.exe
  2⤵
  PID:7452
- C:\Windows\System\gMYTLKP.exe
  C:\Windows\System\gMYTLKP.exe
  2⤵
  PID:7472
- C:\Windows\System\RLMfcuK.exe
  C:\Windows\System\RLMfcuK.exe
  2⤵
  PID:7492
- C:\Windows\System\klxoXTl.exe
  C:\Windows\System\klxoXTl.exe
  2⤵
  PID:7524
- C:\Windows\System\NwmmbOB.exe
  C:\Windows\System\NwmmbOB.exe
  2⤵
  PID:7540
- C:\Windows\System\aSAKDJH.exe
  C:\Windows\System\aSAKDJH.exe
  2⤵
  PID:7564
- C:\Windows\System\BqNBIbu.exe
  C:\Windows\System\BqNBIbu.exe
  2⤵
  PID:7580
- C:\Windows\System\bjjjxeD.exe
  C:\Windows\System\bjjjxeD.exe
  2⤵
  PID:7600
- C:\Windows\System\puaEZty.exe
  C:\Windows\System\puaEZty.exe
  2⤵
  PID:7620
- C:\Windows\System\wGgvPSp.exe
  C:\Windows\System\wGgvPSp.exe
  2⤵
  PID:7644
- C:\Windows\System\nBnQuls.exe
  C:\Windows\System\nBnQuls.exe
  2⤵
  PID:7668
- C:\Windows\System\vExbBNw.exe
  C:\Windows\System\vExbBNw.exe
  2⤵
  PID:7688
- C:\Windows\System\AroKYHl.exe
  C:\Windows\System\AroKYHl.exe
  2⤵
  PID:7708
- C:\Windows\System\VFhFrFc.exe
  C:\Windows\System\VFhFrFc.exe
  2⤵
  PID:7724
- C:\Windows\System\CEjOXIg.exe
  C:\Windows\System\CEjOXIg.exe
  2⤵
  PID:7740
- C:\Windows\System\qGthIQc.exe
  C:\Windows\System\qGthIQc.exe
  2⤵
  PID:7760
- C:\Windows\System\MpvfrOP.exe
  C:\Windows\System\MpvfrOP.exe
  2⤵
  PID:7776
- C:\Windows\System\mSBpXdm.exe
  C:\Windows\System\mSBpXdm.exe
  2⤵
  PID:7792
- C:\Windows\System\NSEenfe.exe
  C:\Windows\System\NSEenfe.exe
  2⤵
  PID:7808
- C:\Windows\System\NrPTDaw.exe
  C:\Windows\System\NrPTDaw.exe
  2⤵
  PID:7832
- C:\Windows\System\mXhTwQG.exe
  C:\Windows\System\mXhTwQG.exe
  2⤵
  PID:7868
- C:\Windows\System\nViNQtv.exe
  C:\Windows\System\nViNQtv.exe
  2⤵
  PID:7884
- C:\Windows\System\XLKcxRc.exe
  C:\Windows\System\XLKcxRc.exe
  2⤵
  PID:7904
- C:\Windows\System\fyEmcVV.exe
  C:\Windows\System\fyEmcVV.exe
  2⤵
  PID:7920
- C:\Windows\System\erUZVZe.exe
  C:\Windows\System\erUZVZe.exe
  2⤵
  PID:7940
- C:\Windows\System\Euvzbab.exe
  C:\Windows\System\Euvzbab.exe
  2⤵
  PID:7960
- C:\Windows\System\usYEouP.exe
  C:\Windows\System\usYEouP.exe
  2⤵
  PID:7976
- C:\Windows\System\YhhLCIl.exe
  C:\Windows\System\YhhLCIl.exe
  2⤵
  PID:7992
- C:\Windows\System\AJPDcMs.exe
  C:\Windows\System\AJPDcMs.exe
  2⤵
  PID:8012
- C:\Windows\System\NTeuQvz.exe
  C:\Windows\System\NTeuQvz.exe
  2⤵
  PID:8036
- C:\Windows\System\GTRwUKv.exe
  C:\Windows\System\GTRwUKv.exe
  2⤵
  PID:8052
- C:\Windows\System\bQMaApx.exe
  C:\Windows\System\bQMaApx.exe
  2⤵
  PID:8072
- C:\Windows\System\MrGFhSf.exe
  C:\Windows\System\MrGFhSf.exe
  2⤵
  PID:8104
- C:\Windows\System\IijjIeA.exe
  C:\Windows\System\IijjIeA.exe
  2⤵
  PID:8124
- C:\Windows\System\hTZKniR.exe
  C:\Windows\System\hTZKniR.exe
  2⤵
  PID:8140
- C:\Windows\System\UHfbQzO.exe
  C:\Windows\System\UHfbQzO.exe
  2⤵
  PID:8160
- C:\Windows\System\SWzmKgW.exe
  C:\Windows\System\SWzmKgW.exe
  2⤵
  PID:8176
- C:\Windows\System\rZTbjwu.exe
  C:\Windows\System\rZTbjwu.exe
  2⤵
  PID:6912
- C:\Windows\System\NlQBEJC.exe
  C:\Windows\System\NlQBEJC.exe
  2⤵
  PID:6996
- C:\Windows\System\aHCIuOX.exe
  C:\Windows\System\aHCIuOX.exe
  2⤵
  PID:6444
- C:\Windows\System\BTFxVXR.exe
  C:\Windows\System\BTFxVXR.exe
  2⤵
  PID:6332
- C:\Windows\System\bPcpqqs.exe
  C:\Windows\System\bPcpqqs.exe
  2⤵
  PID:7232
- C:\Windows\System\tsxKKwn.exe
  C:\Windows\System\tsxKKwn.exe
  2⤵
  PID:7204
- C:\Windows\System\bQwjVuZ.exe
  C:\Windows\System\bQwjVuZ.exe
  2⤵
  PID:7240
- C:\Windows\System\qyWnvjr.exe
  C:\Windows\System\qyWnvjr.exe
  2⤵
  PID:5556
- C:\Windows\System\JjUYpDK.exe
  C:\Windows\System\JjUYpDK.exe
  2⤵
  PID:7280
- C:\Windows\System\iYFKHWT.exe
  C:\Windows\System\iYFKHWT.exe
  2⤵
  PID:7320
- C:\Windows\System\ZalJAZn.exe
  C:\Windows\System\ZalJAZn.exe
  2⤵
  PID:7296
- C:\Windows\System\gvWkfkV.exe
  C:\Windows\System\gvWkfkV.exe
  2⤵
  PID:7348
- C:\Windows\System\FYMBuYp.exe
  C:\Windows\System\FYMBuYp.exe
  2⤵
  PID:7260
- C:\Windows\System\OAmVIbX.exe
  C:\Windows\System\OAmVIbX.exe
  2⤵
  PID:7368
- C:\Windows\System\qPwyhJD.exe
  C:\Windows\System\qPwyhJD.exe
  2⤵
  PID:7444
- C:\Windows\System\RcFWTjz.exe
  C:\Windows\System\RcFWTjz.exe
  2⤵
  PID:7424
- C:\Windows\System\QfdxdGH.exe
  C:\Windows\System\QfdxdGH.exe
  2⤵
  PID:7532
- C:\Windows\System\uaJIfCh.exe
  C:\Windows\System\uaJIfCh.exe
  2⤵
  PID:7552
- C:\Windows\System\DPRQkEN.exe
  C:\Windows\System\DPRQkEN.exe
  2⤵
  PID:7608
- C:\Windows\System\qcadkSy.exe
  C:\Windows\System\qcadkSy.exe
  2⤵
  PID:7596
- C:\Windows\System\tvtefFt.exe
  C:\Windows\System\tvtefFt.exe
  2⤵
  PID:7616
- C:\Windows\System\JWufzKD.exe
  C:\Windows\System\JWufzKD.exe
  2⤵
  PID:7664
- C:\Windows\System\iupincx.exe
  C:\Windows\System\iupincx.exe
  2⤵
  PID:7704
- C:\Windows\System\prNAZxY.exe
  C:\Windows\System\prNAZxY.exe
  2⤵
  PID:7800
- C:\Windows\System\YoKzYBD.exe
  C:\Windows\System\YoKzYBD.exe
  2⤵
  PID:7804
- C:\Windows\System\WaScPMH.exe
  C:\Windows\System\WaScPMH.exe
  2⤵
  PID:7844
- C:\Windows\System\mfKUQuS.exe
  C:\Windows\System\mfKUQuS.exe
  2⤵
  PID:7816
- C:\Windows\System\zPkWQoK.exe
  C:\Windows\System\zPkWQoK.exe
  2⤵
  PID:7852
- C:\Windows\System\zmCtOkN.exe
  C:\Windows\System\zmCtOkN.exe
  2⤵
  PID:7936
- C:\Windows\System\ZIhzCxF.exe
  C:\Windows\System\ZIhzCxF.exe
  2⤵
  PID:8044
- C:\Windows\System\AvLVKxa.exe
  C:\Windows\System\AvLVKxa.exe
  2⤵
  PID:8028
- C:\Windows\System\pEtjRnK.exe
  C:\Windows\System\pEtjRnK.exe
  2⤵
  PID:8088
- C:\Windows\System\TAvnKHR.exe
  C:\Windows\System\TAvnKHR.exe
  2⤵
  PID:7948
- C:\Windows\System\HpwShqd.exe
  C:\Windows\System\HpwShqd.exe
  2⤵
  PID:8100
- C:\Windows\System\isvSKOV.exe
  C:\Windows\System\isvSKOV.exe
  2⤵
  PID:8120
- C:\Windows\System\owdjOhp.exe
  C:\Windows\System\owdjOhp.exe
  2⤵
  PID:6272
- C:\Windows\System\mydyItL.exe
  C:\Windows\System\mydyItL.exe
  2⤵
  PID:6820
- C:\Windows\System\xKTHOeI.exe
  C:\Windows\System\xKTHOeI.exe
  2⤵
  PID:8184
- C:\Windows\System\vNRgfcz.exe
  C:\Windows\System\vNRgfcz.exe
  2⤵
  PID:7188
- C:\Windows\System\hZHySEn.exe
  C:\Windows\System\hZHySEn.exe
  2⤵
  PID:7224
- C:\Windows\System\PTunyGm.exe
  C:\Windows\System\PTunyGm.exe
  2⤵
  PID:7316
- C:\Windows\System\avsqVOW.exe
  C:\Windows\System\avsqVOW.exe
  2⤵
  PID:6532
- C:\Windows\System\EhAUPFK.exe
  C:\Windows\System\EhAUPFK.exe
  2⤵
  PID:6932
- C:\Windows\System\FoBxAeS.exe
  C:\Windows\System\FoBxAeS.exe
  2⤵
  PID:6192
- C:\Windows\System\sGSOMyM.exe
  C:\Windows\System\sGSOMyM.exe
  2⤵
  PID:7392
- C:\Windows\System\XSgVyQE.exe
  C:\Windows\System\XSgVyQE.exe
  2⤵
  PID:7484
- C:\Windows\System\xeTZRYR.exe
  C:\Windows\System\xeTZRYR.exe
  2⤵
  PID:7500
- C:\Windows\System\AQbqRKh.exe
  C:\Windows\System\AQbqRKh.exe
  2⤵
  PID:7828
- C:\Windows\System\MogJeaq.exe
  C:\Windows\System\MogJeaq.exe
  2⤵
  PID:7612
- C:\Windows\System\ZQCQECb.exe
  C:\Windows\System\ZQCQECb.exe
  2⤵
  PID:7656
- C:\Windows\System\qSDhXtA.exe
  C:\Windows\System\qSDhXtA.exe
  2⤵
  PID:7732
- C:\Windows\System\bnTEWUL.exe
  C:\Windows\System\bnTEWUL.exe
  2⤵
  PID:7720
- C:\Windows\System\rBvyboZ.exe
  C:\Windows\System\rBvyboZ.exe
  2⤵
  PID:7576
- C:\Windows\System\EZGFNHr.exe
  C:\Windows\System\EZGFNHr.exe
  2⤵
  PID:7900
- C:\Windows\System\nKFpZDz.exe
  C:\Windows\System\nKFpZDz.exe
  2⤵
  PID:7932
- C:\Windows\System\mmkgEED.exe
  C:\Windows\System\mmkgEED.exe
  2⤵
  PID:8060
- C:\Windows\System\BojsMfO.exe
  C:\Windows\System\BojsMfO.exe
  2⤵
  PID:7988
- C:\Windows\System\blQRxwB.exe
  C:\Windows\System\blQRxwB.exe
  2⤵
  PID:8112
- C:\Windows\System\EukxZhv.exe
  C:\Windows\System\EukxZhv.exe
  2⤵
  PID:6552
- C:\Windows\System\xkcZWoc.exe
  C:\Windows\System\xkcZWoc.exe
  2⤵
  PID:7172
- C:\Windows\System\nyDSNoI.exe
  C:\Windows\System\nyDSNoI.exe
  2⤵
  PID:7148
- C:\Windows\System\XroSctL.exe
  C:\Windows\System\XroSctL.exe
  2⤵
  PID:7068
- C:\Windows\System\ZJLZqle.exe
  C:\Windows\System\ZJLZqle.exe
  2⤵
  PID:7376
- C:\Windows\System\fUrzJEZ.exe
  C:\Windows\System\fUrzJEZ.exe
  2⤵
  PID:7488
- C:\Windows\System\GIOEDkR.exe
  C:\Windows\System\GIOEDkR.exe
  2⤵
  PID:7516
- C:\Windows\System\giQObwT.exe
  C:\Windows\System\giQObwT.exe
  2⤵
  PID:7388
- C:\Windows\System\DBFxuIV.exe
  C:\Windows\System\DBFxuIV.exe
  2⤵
  PID:7840
- C:\Windows\System\JAuvoPH.exe
  C:\Windows\System\JAuvoPH.exe
  2⤵
  PID:8004
- C:\Windows\System\UTYSDGW.exe
  C:\Windows\System\UTYSDGW.exe
  2⤵
  PID:8064
- C:\Windows\System\AWOJirk.exe
  C:\Windows\System\AWOJirk.exe
  2⤵
  PID:7340
- C:\Windows\System\vHbrkkJ.exe
  C:\Windows\System\vHbrkkJ.exe
  2⤵
  PID:7428
- C:\Windows\System\qwwncNd.exe
  C:\Windows\System\qwwncNd.exe
  2⤵
  PID:7824
- C:\Windows\System\wpUcjQn.exe
  C:\Windows\System\wpUcjQn.exe
  2⤵
  PID:7508
- C:\Windows\System\lsMtBRh.exe
  C:\Windows\System\lsMtBRh.exe
  2⤵
  PID:8212
- C:\Windows\System\IkZhFxi.exe
  C:\Windows\System\IkZhFxi.exe
  2⤵
  PID:8236
- C:\Windows\System\QPtSemG.exe
  C:\Windows\System\QPtSemG.exe
  2⤵
  PID:8256
- C:\Windows\System\kqWDEAt.exe
  C:\Windows\System\kqWDEAt.exe
  2⤵
  PID:8272
- C:\Windows\System\irEOhaI.exe
  C:\Windows\System\irEOhaI.exe
  2⤵
  PID:8300
- C:\Windows\System\bdPuBMv.exe
  C:\Windows\System\bdPuBMv.exe
  2⤵
  PID:8316
- C:\Windows\System\PrQBCMB.exe
  C:\Windows\System\PrQBCMB.exe
  2⤵
  PID:8336
- C:\Windows\System\ZQrwPMk.exe
  C:\Windows\System\ZQrwPMk.exe
  2⤵
  PID:8412
- C:\Windows\System\oqGdLGu.exe
  C:\Windows\System\oqGdLGu.exe
  2⤵
  PID:8428
- C:\Windows\System\xcCujqY.exe
  C:\Windows\System\xcCujqY.exe
  2⤵
  PID:8448
- C:\Windows\System\cDfynVm.exe
  C:\Windows\System\cDfynVm.exe
  2⤵
  PID:8464
- C:\Windows\System\GSogfgI.exe
  C:\Windows\System\GSogfgI.exe
  2⤵
  PID:8480
- C:\Windows\System\OMfEtJY.exe
  C:\Windows\System\OMfEtJY.exe
  2⤵
  PID:8496
- C:\Windows\System\pFyYAyQ.exe
  C:\Windows\System\pFyYAyQ.exe
  2⤵
  PID:8520
- C:\Windows\System\ZUloteD.exe
  C:\Windows\System\ZUloteD.exe
  2⤵
  PID:8536
- C:\Windows\System\wgiKylC.exe
  C:\Windows\System\wgiKylC.exe
  2⤵
  PID:8556
- C:\Windows\System\hVMDEbK.exe
  C:\Windows\System\hVMDEbK.exe
  2⤵
  PID:8572
- C:\Windows\System\JCfoHhy.exe
  C:\Windows\System\JCfoHhy.exe
  2⤵
  PID:8588
- C:\Windows\System\ExivqtM.exe
  C:\Windows\System\ExivqtM.exe
  2⤵
  PID:8604
- C:\Windows\System\bAfpwJb.exe
  C:\Windows\System\bAfpwJb.exe
  2⤵
  PID:8652
- C:\Windows\System\xcylhUn.exe
  C:\Windows\System\xcylhUn.exe
  2⤵
  PID:8668
- C:\Windows\System\jMFhyjM.exe
  C:\Windows\System\jMFhyjM.exe
  2⤵
  PID:8692
- C:\Windows\System\vNapRrf.exe
  C:\Windows\System\vNapRrf.exe
  2⤵
  PID:8708
- C:\Windows\System\WsDPiWZ.exe
  C:\Windows\System\WsDPiWZ.exe
  2⤵
  PID:8724
- C:\Windows\System\jsRJlHw.exe
  C:\Windows\System\jsRJlHw.exe
  2⤵
  PID:8744
- C:\Windows\System\mahKBWT.exe
  C:\Windows\System\mahKBWT.exe
  2⤵
  PID:8776
- C:\Windows\System\REorHSa.exe
  C:\Windows\System\REorHSa.exe
  2⤵
  PID:8792
- C:\Windows\System\NqdaRWQ.exe
  C:\Windows\System\NqdaRWQ.exe
  2⤵
  PID:8808
- C:\Windows\System\XhsrfEz.exe
  C:\Windows\System\XhsrfEz.exe
  2⤵
  PID:8828
- C:\Windows\System\baQYLYk.exe
  C:\Windows\System\baQYLYk.exe
  2⤵
  PID:8852
- C:\Windows\System\wvUxKDB.exe
  C:\Windows\System\wvUxKDB.exe
  2⤵
  PID:8872
- C:\Windows\System\rscIjsh.exe
  C:\Windows\System\rscIjsh.exe
  2⤵
  PID:8892
- C:\Windows\System\QYiUjPE.exe
  C:\Windows\System\QYiUjPE.exe
  2⤵
  PID:8908
- C:\Windows\System\MRMRhhA.exe
  C:\Windows\System\MRMRhhA.exe
  2⤵
  PID:8928
- C:\Windows\System\RpUrfGU.exe
  C:\Windows\System\RpUrfGU.exe
  2⤵
  PID:8952
- C:\Windows\System\kmolcyy.exe
  C:\Windows\System\kmolcyy.exe
  2⤵
  PID:8968
- C:\Windows\System\wYhXxLI.exe
  C:\Windows\System\wYhXxLI.exe
  2⤵
  PID:8988
- C:\Windows\System\gczjPjR.exe
  C:\Windows\System\gczjPjR.exe
  2⤵
  PID:9008
- C:\Windows\System\rRgFKGl.exe
  C:\Windows\System\rRgFKGl.exe
  2⤵
  PID:9024
- C:\Windows\System\AGTQlDw.exe
  C:\Windows\System\AGTQlDw.exe
  2⤵
  PID:9040
- C:\Windows\System\zCpSemG.exe
  C:\Windows\System\zCpSemG.exe
  2⤵
  PID:9060
- C:\Windows\System\vgreBgo.exe
  C:\Windows\System\vgreBgo.exe
  2⤵
  PID:9084
- C:\Windows\System\StfvTUv.exe
  C:\Windows\System\StfvTUv.exe
  2⤵
  PID:9120
- C:\Windows\System\mQBOaRk.exe
  C:\Windows\System\mQBOaRk.exe
  2⤵
  PID:9136
- C:\Windows\System\wgnRoJV.exe
  C:\Windows\System\wgnRoJV.exe
  2⤵
  PID:9160
- C:\Windows\System\xSuCWbo.exe
  C:\Windows\System\xSuCWbo.exe
  2⤵
  PID:9176
- C:\Windows\System\cfUbMXX.exe
  C:\Windows\System\cfUbMXX.exe
  2⤵
  PID:9192
- C:\Windows\System\nsdBQcw.exe
  C:\Windows\System\nsdBQcw.exe
  2⤵
  PID:9208
- C:\Windows\System\RJpTWoI.exe
  C:\Windows\System\RJpTWoI.exe
  2⤵
  PID:8208
- C:\Windows\System\zsqNhDh.exe
  C:\Windows\System\zsqNhDh.exe
  2⤵
  PID:8244
- C:\Windows\System\mjlucTr.exe
  C:\Windows\System\mjlucTr.exe
  2⤵
  PID:8252
- C:\Windows\System\krpqMYs.exe
  C:\Windows\System\krpqMYs.exe
  2⤵
  PID:7896
- C:\Windows\System\oOfTOZE.exe
  C:\Windows\System\oOfTOZE.exe
  2⤵
  PID:7952
- C:\Windows\System\WRvPBHI.exe
  C:\Windows\System\WRvPBHI.exe
  2⤵
  PID:7480
- C:\Windows\System\ZXhWXbo.exe
  C:\Windows\System\ZXhWXbo.exe
  2⤵
  PID:7548
- C:\Windows\System\dihQTJC.exe
  C:\Windows\System\dihQTJC.exe
  2⤵
  PID:8288
- C:\Windows\System\sQyaMwg.exe
  C:\Windows\System\sQyaMwg.exe
  2⤵
  PID:6860
- C:\Windows\System\GMCBBVX.exe
  C:\Windows\System\GMCBBVX.exe
  2⤵
  PID:8264
- C:\Windows\System\QLEUYgQ.exe
  C:\Windows\System\QLEUYgQ.exe
  2⤵
  PID:8324
- C:\Windows\System\WrbNckH.exe
  C:\Windows\System\WrbNckH.exe
  2⤵
  PID:8352
- C:\Windows\System\ZXKYQfQ.exe
  C:\Windows\System\ZXKYQfQ.exe
  2⤵
  PID:8420
- C:\Windows\System\Opzfoun.exe
  C:\Windows\System\Opzfoun.exe
  2⤵
  PID:8488
- C:\Windows\System\zOMklts.exe
  C:\Windows\System\zOMklts.exe
  2⤵
  PID:8564
- C:\Windows\System\TRrvKeZ.exe
  C:\Windows\System\TRrvKeZ.exe
  2⤵
  PID:8544
- C:\Windows\System\exeqTrP.exe
  C:\Windows\System\exeqTrP.exe
  2⤵
  PID:8504
- C:\Windows\System\kOiOlUy.exe
  C:\Windows\System\kOiOlUy.exe
  2⤵
  PID:8584
- C:\Windows\System\EOzjdZg.exe
  C:\Windows\System\EOzjdZg.exe
  2⤵
  PID:8620
- C:\Windows\System\UNBLyPN.exe
  C:\Windows\System\UNBLyPN.exe
  2⤵
  PID:8636
- C:\Windows\System\dcTKfZL.exe
  C:\Windows\System\dcTKfZL.exe
  2⤵
  PID:8700
- C:\Windows\System\MOlmSDd.exe
  C:\Windows\System\MOlmSDd.exe
  2⤵
  PID:8740
- C:\Windows\System\uGeekPK.exe
  C:\Windows\System\uGeekPK.exe
  2⤵
  PID:8684
- C:\Windows\System\RfSbvsu.exe
  C:\Windows\System\RfSbvsu.exe
  2⤵
  PID:8768
- C:\Windows\System\fGCMfaH.exe
  C:\Windows\System\fGCMfaH.exe
  2⤵
  PID:8800
- C:\Windows\System\cSORdKX.exe
  C:\Windows\System\cSORdKX.exe
  2⤵
  PID:8840
- C:\Windows\System\JJNfDtB.exe
  C:\Windows\System\JJNfDtB.exe
  2⤵
  PID:8804
- C:\Windows\System\QKBfdau.exe
  C:\Windows\System\QKBfdau.exe
  2⤵
  PID:8844
- C:\Windows\System\iVBwNRj.exe
  C:\Windows\System\iVBwNRj.exe
  2⤵
  PID:8848
- C:\Windows\System\aOSthwO.exe
  C:\Windows\System\aOSthwO.exe
  2⤵
  PID:8960
- C:\Windows\System\fxYlwir.exe
  C:\Windows\System\fxYlwir.exe
  2⤵
  PID:9092
- C:\Windows\System\oTWFdiL.exe
  C:\Windows\System\oTWFdiL.exe
  2⤵
  PID:9032
- C:\Windows\System\aRxYsRB.exe
  C:\Windows\System\aRxYsRB.exe
  2⤵
  PID:9072
- C:\Windows\System\sTChBjq.exe
  C:\Windows\System\sTChBjq.exe
  2⤵
  PID:9104
- C:\Windows\System\oaHzBas.exe
  C:\Windows\System\oaHzBas.exe
  2⤵
  PID:9128
- C:\Windows\System\cXXGJkF.exe
  C:\Windows\System\cXXGJkF.exe
  2⤵
  PID:9148
- C:\Windows\System\DSHsSIa.exe
  C:\Windows\System\DSHsSIa.exe
  2⤵
  PID:7892
- C:\Windows\System\OMcIfdx.exe
  C:\Windows\System\OMcIfdx.exe
  2⤵
  PID:9204
- C:\Windows\System\KHFtVFo.exe
  C:\Windows\System\KHFtVFo.exe
  2⤵
  PID:9112
- C:\Windows\System\YzSbzSv.exe
  C:\Windows\System\YzSbzSv.exe
  2⤵
  PID:7928
- C:\Windows\System\rwEpoDD.exe
  C:\Windows\System\rwEpoDD.exe
  2⤵
  PID:7572
- C:\Windows\System\jVyggQB.exe
  C:\Windows\System\jVyggQB.exe
  2⤵
  PID:7772
- C:\Windows\System\iuMmunR.exe
  C:\Windows\System\iuMmunR.exe
  2⤵
  PID:7200
- C:\Windows\System\GHirkBi.exe
  C:\Windows\System\GHirkBi.exe
  2⤵
  PID:8232
- C:\Windows\System\hUBGFmP.exe
  C:\Windows\System\hUBGFmP.exe
  2⤵
  PID:8356
- C:\Windows\System\xNHcUcP.exe
  C:\Windows\System\xNHcUcP.exe
  2⤵
  PID:8456
- C:\Windows\System\LqbtGUk.exe
  C:\Windows\System\LqbtGUk.exe
  2⤵
  PID:8600
- C:\Windows\System\DTmVYaD.exe
  C:\Windows\System\DTmVYaD.exe
  2⤵
  PID:8512
- C:\Windows\System\ztHnkWe.exe
  C:\Windows\System\ztHnkWe.exe
  2⤵
  PID:8616
- C:\Windows\System\RqDwnby.exe
  C:\Windows\System\RqDwnby.exe
  2⤵
  PID:8640
- C:\Windows\System\QCHETzX.exe
  C:\Windows\System\QCHETzX.exe
  2⤵
  PID:8772
- C:\Windows\System\oQVWOIc.exe
  C:\Windows\System\oQVWOIc.exe
  2⤵
  PID:8756
- C:\Windows\System\IBjeaOK.exe
  C:\Windows\System\IBjeaOK.exe
  2⤵
  PID:8824
- C:\Windows\System\qYrxzna.exe
  C:\Windows\System\qYrxzna.exe
  2⤵
  PID:8904
- C:\Windows\System\OGbeRQk.exe
  C:\Windows\System\OGbeRQk.exe
  2⤵
  PID:8964
- C:\Windows\System\rnZjxwn.exe
  C:\Windows\System\rnZjxwn.exe
  2⤵
  PID:8916
- C:\Windows\System\PweyzhZ.exe
  C:\Windows\System\PweyzhZ.exe
  2⤵
  PID:8996
- C:\Windows\System\AOCMfyz.exe
  C:\Windows\System\AOCMfyz.exe
  2⤵
  PID:8688
- C:\Windows\System\FjSWmlh.exe
  C:\Windows\System\FjSWmlh.exe
  2⤵
  PID:9156
- C:\Windows\System\TIVEZoX.exe
  C:\Windows\System\TIVEZoX.exe
  2⤵
  PID:7864
- C:\Windows\System\sedlwLR.exe
  C:\Windows\System\sedlwLR.exe
  2⤵
  PID:7956
- C:\Windows\System\yByToon.exe
  C:\Windows\System\yByToon.exe
  2⤵
  PID:7248
- C:\Windows\System\gtyvicW.exe
  C:\Windows\System\gtyvicW.exe
  2⤵
  PID:7464
- C:\Windows\System\YaTmaVF.exe
  C:\Windows\System\YaTmaVF.exe
  2⤵
  PID:8344
- C:\Windows\System\cZQnJzr.exe
  C:\Windows\System\cZQnJzr.exe
  2⤵
  PID:1016
- C:\Windows\System\DjPTpcL.exe
  C:\Windows\System\DjPTpcL.exe
  2⤵
  PID:8580
- C:\Windows\System\WJTGnON.exe
  C:\Windows\System\WJTGnON.exe
  2⤵
  PID:8716
- C:\Windows\System\GZFwLfc.exe
  C:\Windows\System\GZFwLfc.exe
  2⤵
  PID:8820
- C:\Windows\System\kXWjNVX.exe
  C:\Windows\System\kXWjNVX.exe
  2⤵
  PID:8676
- C:\Windows\System\OUzhtOA.exe
  C:\Windows\System\OUzhtOA.exe
  2⤵
  PID:8736
- C:\Windows\System\EPGbwMo.exe
  C:\Windows\System\EPGbwMo.exe
  2⤵
  PID:9020
- C:\Windows\System\HuRsJnB.exe
  C:\Windows\System\HuRsJnB.exe
  2⤵
  PID:8880
- C:\Windows\System\pyWeJMx.exe
  C:\Windows\System\pyWeJMx.exe
  2⤵
  PID:8204
- C:\Windows\System\yHdlPca.exe
  C:\Windows\System\yHdlPca.exe
  2⤵
  PID:7304
- C:\Windows\System\LhNZhCy.exe
  C:\Windows\System\LhNZhCy.exe
  2⤵
  PID:6476
- C:\Windows\System\ZNDlXJN.exe
  C:\Windows\System\ZNDlXJN.exe
  2⤵
  PID:8348
- C:\Windows\System\KnnTLUR.exe
  C:\Windows\System\KnnTLUR.exe
  2⤵
  PID:8612
- C:\Windows\System\gVSHmYI.exe
  C:\Windows\System\gVSHmYI.exe
  2⤵
  PID:8788
- C:\Windows\System\ZNabQgm.exe
  C:\Windows\System\ZNabQgm.exe
  2⤵
  PID:8532
- C:\Windows\System\EwDaGYe.exe
  C:\Windows\System\EwDaGYe.exe
  2⤵
  PID:8980
- C:\Windows\System\jSOELzJ.exe
  C:\Windows\System\jSOELzJ.exe
  2⤵
  PID:8000
- C:\Windows\System\hxGpEtv.exe
  C:\Windows\System\hxGpEtv.exe
  2⤵
  PID:8196
- C:\Windows\System\ykeYOZB.exe
  C:\Windows\System\ykeYOZB.exe
  2⤵
  PID:8472
- C:\Windows\System\ldjgiAt.exe
  C:\Windows\System\ldjgiAt.exe
  2⤵
  PID:8548
- C:\Windows\System\OlTaXwk.exe
  C:\Windows\System\OlTaXwk.exe
  2⤵
  PID:8884
- C:\Windows\System\IxPpUza.exe
  C:\Windows\System\IxPpUza.exe
  2⤵
  PID:8156
- C:\Windows\System\TuCwVlT.exe
  C:\Windows\System\TuCwVlT.exe
  2⤵
  PID:8292
- C:\Windows\System\ApwKoEP.exe
  C:\Windows\System\ApwKoEP.exe
  2⤵
  PID:8460
- C:\Windows\System\zKoEhIR.exe
  C:\Windows\System\zKoEhIR.exe
  2⤵
  PID:9144
- C:\Windows\System\wAUTzFT.exe
  C:\Windows\System\wAUTzFT.exe
  2⤵
  PID:9200
- C:\Windows\System\CWeURae.exe
  C:\Windows\System\CWeURae.exe
  2⤵
  PID:9188
- C:\Windows\System\fLhsLrZ.exe
  C:\Windows\System\fLhsLrZ.exe
  2⤵
  PID:8836
- C:\Windows\System\uMPgdyo.exe
  C:\Windows\System\uMPgdyo.exe
  2⤵
  PID:9236
- C:\Windows\System\jKrJPne.exe
  C:\Windows\System\jKrJPne.exe
  2⤵
  PID:9276
- C:\Windows\System\RzNobty.exe
  C:\Windows\System\RzNobty.exe
  2⤵
  PID:9292
- C:\Windows\System\HdRYloS.exe
  C:\Windows\System\HdRYloS.exe
  2⤵
  PID:9312
- C:\Windows\System\jRvPXVs.exe
  C:\Windows\System\jRvPXVs.exe
  2⤵
  PID:9332
- C:\Windows\System\gcDjJff.exe
  C:\Windows\System\gcDjJff.exe
  2⤵
  PID:9352
- C:\Windows\System\ItxfBHi.exe
  C:\Windows\System\ItxfBHi.exe
  2⤵
  PID:9372
- C:\Windows\System\KfQNRPP.exe
  C:\Windows\System\KfQNRPP.exe
  2⤵
  PID:9392
- C:\Windows\System\ZvIWvBM.exe
  C:\Windows\System\ZvIWvBM.exe
  2⤵
  PID:9408
- C:\Windows\System\jemspgQ.exe
  C:\Windows\System\jemspgQ.exe
  2⤵
  PID:9428
- C:\Windows\System\VRuDMpa.exe
  C:\Windows\System\VRuDMpa.exe
  2⤵
  PID:9448
- C:\Windows\System\WtOOluw.exe
  C:\Windows\System\WtOOluw.exe
  2⤵
  PID:9476
- C:\Windows\System\xBBvaKe.exe
  C:\Windows\System\xBBvaKe.exe
  2⤵
  PID:9492
- C:\Windows\System\dkAkGJk.exe
  C:\Windows\System\dkAkGJk.exe
  2⤵
  PID:9516
- C:\Windows\System\iYkYaRa.exe
  C:\Windows\System\iYkYaRa.exe
  2⤵
  PID:9532
- C:\Windows\System\nNSijHI.exe
  C:\Windows\System\nNSijHI.exe
  2⤵
  PID:9556
- C:\Windows\System\FVudlFq.exe
  C:\Windows\System\FVudlFq.exe
  2⤵
  PID:9572
- C:\Windows\System\jaLcmBx.exe
  C:\Windows\System\jaLcmBx.exe
  2⤵
  PID:9592
- C:\Windows\System\opBythS.exe
  C:\Windows\System\opBythS.exe
  2⤵
  PID:9620
- C:\Windows\System\CKwWzdn.exe
  C:\Windows\System\CKwWzdn.exe
  2⤵
  PID:9636
- C:\Windows\System\LKKBAII.exe
  C:\Windows\System\LKKBAII.exe
  2⤵
  PID:9656
- C:\Windows\System\KfAEvHE.exe
  C:\Windows\System\KfAEvHE.exe
  2⤵
  PID:9676
- C:\Windows\System\CdGdJhJ.exe
  C:\Windows\System\CdGdJhJ.exe
  2⤵
  PID:9696
- C:\Windows\System\yucEkYD.exe
  C:\Windows\System\yucEkYD.exe
  2⤵
  PID:9716
- C:\Windows\System\HIccYqW.exe
  C:\Windows\System\HIccYqW.exe
  2⤵
  PID:9744
- C:\Windows\System\wyUKPPJ.exe
  C:\Windows\System\wyUKPPJ.exe
  2⤵
  PID:9760
- C:\Windows\System\oZXZQmv.exe
  C:\Windows\System\oZXZQmv.exe
  2⤵
  PID:9784
- C:\Windows\System\qagxjuZ.exe
  C:\Windows\System\qagxjuZ.exe
  2⤵
  PID:9800
- C:\Windows\System\kzYHHuB.exe
  C:\Windows\System\kzYHHuB.exe
  2⤵
  PID:9824
- C:\Windows\System\XEzYMWK.exe
  C:\Windows\System\XEzYMWK.exe
  2⤵
  PID:9840
- C:\Windows\System\bHOVWyl.exe
  C:\Windows\System\bHOVWyl.exe
  2⤵
  PID:9860
- C:\Windows\System\NNsoGCa.exe
  C:\Windows\System\NNsoGCa.exe
  2⤵
  PID:9880
- C:\Windows\System\HzPMIiP.exe
  C:\Windows\System\HzPMIiP.exe
  2⤵
  PID:9896
- C:\Windows\System\OqLPjRD.exe
  C:\Windows\System\OqLPjRD.exe
  2⤵
  PID:9916
- C:\Windows\System\FwFRYwy.exe
  C:\Windows\System\FwFRYwy.exe
  2⤵
  PID:9936
- C:\Windows\System\ZfpvJjz.exe
  C:\Windows\System\ZfpvJjz.exe
  2⤵
  PID:9956
- C:\Windows\System\MaZlUIi.exe
  C:\Windows\System\MaZlUIi.exe
  2⤵
  PID:9972
- C:\Windows\System\YKJevHN.exe
  C:\Windows\System\YKJevHN.exe
  2⤵
  PID:9992
- C:\Windows\System\JqpSgeo.exe
  C:\Windows\System\JqpSgeo.exe
  2⤵
  PID:10016
- C:\Windows\System\ADXoMEA.exe
  C:\Windows\System\ADXoMEA.exe
  2⤵
  PID:10044
- C:\Windows\System\TgRjZGX.exe
  C:\Windows\System\TgRjZGX.exe
  2⤵
  PID:10064
- C:\Windows\System\RpwGSpO.exe
  C:\Windows\System\RpwGSpO.exe
  2⤵
  PID:10080
- C:\Windows\System\lTAxFMT.exe
  C:\Windows\System\lTAxFMT.exe
  2⤵
  PID:10108
- C:\Windows\System\Jldnvuf.exe
  C:\Windows\System\Jldnvuf.exe
  2⤵
  PID:10124
- C:\Windows\System\vRchFmW.exe
  C:\Windows\System\vRchFmW.exe
  2⤵
  PID:10140
- C:\Windows\System\uKOQRaU.exe
  C:\Windows\System\uKOQRaU.exe
  2⤵
  PID:10160
- C:\Windows\System\FqTBkcG.exe
  C:\Windows\System\FqTBkcG.exe
  2⤵
  PID:10176
- C:\Windows\System\hPCnBsn.exe
  C:\Windows\System\hPCnBsn.exe
  2⤵
  PID:10192
- C:\Windows\System\aJMyzhR.exe
  C:\Windows\System\aJMyzhR.exe
  2⤵
  PID:10216
- C:\Windows\System\BISiYwW.exe
  C:\Windows\System\BISiYwW.exe
  2⤵
  PID:10232
- C:\Windows\System\gNzjPmt.exe
  C:\Windows\System\gNzjPmt.exe
  2⤵
  PID:9232
- C:\Windows\System\IVTcfQN.exe
  C:\Windows\System\IVTcfQN.exe
  2⤵
  PID:8920
- C:\Windows\System\GQzgGLD.exe
  C:\Windows\System\GQzgGLD.exe
  2⤵
  PID:9272
- C:\Windows\System\chcuWxn.exe
  C:\Windows\System\chcuWxn.exe
  2⤵
  PID:9300
- C:\Windows\System\MQlxsxM.exe
  C:\Windows\System\MQlxsxM.exe
  2⤵
  PID:9368
- C:\Windows\System\LNnbJAd.exe
  C:\Windows\System\LNnbJAd.exe
  2⤵
  PID:9400
- C:\Windows\System\jDqOfsY.exe
  C:\Windows\System\jDqOfsY.exe
  2⤵
  PID:9416
- C:\Windows\System\KHmokYY.exe
  C:\Windows\System\KHmokYY.exe
  2⤵
  PID:9460
- C:\Windows\System\hSgPSyJ.exe
  C:\Windows\System\hSgPSyJ.exe
  2⤵
  PID:9504
- C:\Windows\System\WWHguIm.exe
  C:\Windows\System\WWHguIm.exe
  2⤵
  PID:9540
- C:\Windows\System\dnwCPcO.exe
  C:\Windows\System\dnwCPcO.exe
  2⤵
  PID:9584
- C:\Windows\System\pPIxzfe.exe
  C:\Windows\System\pPIxzfe.exe
  2⤵
  PID:9628
- C:\Windows\System\JNEMPoh.exe
  C:\Windows\System\JNEMPoh.exe
  2⤵
  PID:9652
- C:\Windows\System\gIyqNqU.exe
  C:\Windows\System\gIyqNqU.exe
  2⤵
  PID:9724
- C:\Windows\System\YCZTqTH.exe
  C:\Windows\System\YCZTqTH.exe
  2⤵
  PID:9712
- C:\Windows\System\Thbqzng.exe
  C:\Windows\System\Thbqzng.exe
  2⤵
  PID:9740
- C:\Windows\System\xyEFsmW.exe
  C:\Windows\System\xyEFsmW.exe
  2⤵
  PID:9780
- C:\Windows\System\xxOTijn.exe
  C:\Windows\System\xxOTijn.exe
  2⤵
  PID:9796
- C:\Windows\System\umjwtoz.exe
  C:\Windows\System\umjwtoz.exe
  2⤵
  PID:9832
- C:\Windows\System\yqPftFb.exe
  C:\Windows\System\yqPftFb.exe
  2⤵
  PID:9888
- C:\Windows\System\CTHGqqr.exe
  C:\Windows\System\CTHGqqr.exe
  2⤵
  PID:9872
- C:\Windows\System\RfnZELp.exe
  C:\Windows\System\RfnZELp.exe
  2⤵
  PID:9964
- C:\Windows\System\JKCHOeU.exe
  C:\Windows\System\JKCHOeU.exe
  2⤵
  PID:10012
- C:\Windows\System\oqVvBcx.exe
  C:\Windows\System\oqVvBcx.exe
  2⤵
  PID:9984
- C:\Windows\System\mzCmCZz.exe
  C:\Windows\System\mzCmCZz.exe
  2⤵
  PID:10036
- C:\Windows\System\XReJEPa.exe
  C:\Windows\System\XReJEPa.exe
  2⤵
  PID:10088
- C:\Windows\System\QvsqEna.exe
  C:\Windows\System\QvsqEna.exe
  2⤵
  PID:10104
- C:\Windows\System\dJYhzIK.exe
  C:\Windows\System\dJYhzIK.exe
  2⤵
  PID:10172
- C:\Windows\System\KMvunoq.exe
  C:\Windows\System\KMvunoq.exe
  2⤵
  PID:10208
- C:\Windows\System\aTMfRcC.exe
  C:\Windows\System\aTMfRcC.exe
  2⤵
  PID:10224
- C:\Windows\System\scnvuEH.exe
  C:\Windows\System\scnvuEH.exe
  2⤵
  PID:7716
- C:\Windows\System\kXTTtPw.exe
  C:\Windows\System\kXTTtPw.exe
  2⤵
  PID:9304
- C:\Windows\System\ihkZcst.exe
  C:\Windows\System\ihkZcst.exe
  2⤵
  PID:9388
- C:\Windows\System\fuGmWlJ.exe
  C:\Windows\System\fuGmWlJ.exe
  2⤵
  PID:9444
- C:\Windows\System\sQHnPUm.exe
  C:\Windows\System\sQHnPUm.exe
  2⤵
  PID:9440
- C:\Windows\System\VtXFfjX.exe
  C:\Windows\System\VtXFfjX.exe
  2⤵
  PID:9488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FFGgStj.exe

Filesize
6.0MB

MD5
0981ce9be71c68f89c5c9ac58fd1a4f4

SHA1
6dba5c25a4f922b24418a7fad839994e6ce083d3

SHA256
cbeb34d2c5237aba01a255218a2fcc14cabd740f995eaf9cda0025b538212605

SHA512
8654d5d9fd53a5408a98607bc40f69aa042216faf148aedf54843f8fed8c1882d925830eb6d7ccaadcc08924c648f40d35979cc920b4ef37d14abd17e7866783

Download Submit
C:\Windows\system\HJKCFrS.exe

Filesize
6.0MB

MD5
c6fd894f17620eff985104f5130bd9d9

SHA1
88d875ac45e7b103582c27953b960a63267c3f16

SHA256
79881d2a5bc8ba6e586f761c4e4318704d08539975ae99f456fb7fdaed002c31

SHA512
07d257548a20c97f69c481944badbda8a465b92301d878f58f766850c3f3c87632a1983742e451189a78314b92a7f499d215466e0de32ce82198740d6543deff

Download Submit
C:\Windows\system\IgPreMe.exe

Filesize
6.0MB

MD5
9578f50b7be025f38e17bc307d3234a1

SHA1
f42a925d6c8501b7213b1cbfeb899f09752e86ed

SHA256
7013170463d55ea0750208b32688e974fc33061c910839d897e1b1c8776743e6

SHA512
f702ad1bf54d82d5543e9cf0b705dca009fef724307bc194d1ec45d4298475c0e128182108d1fa621fbdd0bf3ee713f003200f11dbb999c3da28a44e13473db0

Download Submit
C:\Windows\system\LYZHGYP.exe

Filesize
6.0MB

MD5
e20905d069efc122e2bc494d62ce0b3e

SHA1
18a8d300b617e22db562ffe3fe133ae5a3654def

SHA256
7837b4f2992e351d7cdf4f5d01e6928520643017da20b3c85884971800f4be7f

SHA512
79b1ee7ca71014aefd6db1072aaf18f1bb700f721411a2cbcf28b5547616dd18f64311d42aab4d544746de1c27518a86650c0f99afac5ed8bfe800c7177c869b

Download Submit
C:\Windows\system\Nxhlzza.exe

Filesize
6.0MB

MD5
02bb519a0ba15c47d43f736de44f4cb4

SHA1
fd445cc9a567b4eb7254ec5c97631fa0883054aa

SHA256
33e7a1f74347d4f044c51476d0d8d554c0590924c22a58247bdf9d59958d364e

SHA512
600a864eaee5c4fc1162b44265cbfbe54a45a15766776db45b2967d0f2914d28825bece281531d01597287bb80077cc1ef32707960eda9b55f7dd6f10415d8af

Download Submit
C:\Windows\system\NyTgfXB.exe

Filesize
6.0MB

MD5
e41b764675b6f5867ca0ce062f35cf29

SHA1
0f0088332ca1efc7418e06f5b7b4f0a307c37f0b

SHA256
4564c2a1387c070229f08f83052015defd4cd6cfeaa9166423b7512737cc56f8

SHA512
7f6ee9c1ac44b43810a44edd66bb9189aefc8395e8f20f5c00cda4123b50f8c8b3c5e7a5c6344bd17c37836537d3eca8ffcb39fd7d31daa7398ca1c16c502d72

Download Submit
C:\Windows\system\QlGAGPM.exe

Filesize
6.0MB

MD5
2549abb9bf1584f7ce50ae831a7d7119

SHA1
f45152ac660385b85f7eae1d18a60a004919852a

SHA256
513f3f7d38643a522f9760eb3031eeaa654ea992bfea18aeb3b2a57ad71d3137

SHA512
adf781df3d8f7c7be941b0c662854eb989afa495ea46dee527b00eeaa7b9371e2ee41807856a3ac4ea62f4a26c30bbb347a430a95b75998f46fefd205a7d7051

Download Submit
C:\Windows\system\RjgRbpN.exe

Filesize
6.0MB

MD5
e0ec771977ad3728d62b43002ec48b0c

SHA1
268d663408c6974168c8b9d34f22898a4b9ef02e

SHA256
c04752452fe8b09091b190aa8e235dc922e6e29bbe97debe55bed6d6a9314e12

SHA512
55a54c57c3a48e5aeed3cba41a297b2bc8b0eb1bfae3e9bfd6cf5dae4defaeddf95e9f00940353d26ee61f84d40dbe2aafe5c689ff0a02102d17c654dc3ef5da

Download Submit
C:\Windows\system\RvWzdRE.exe

Filesize
6.0MB

MD5
a40081e2980bfb6d028c5e9ce70e8dd3

SHA1
afabdc0b1a8abf121324af695e92ad0f8d10089c

SHA256
da0b4686d6ee8859010b09e8f37d19448d7aa9f6dcf4df2dec62200f9a3da1a9

SHA512
47f4f651916873a562e20b89bef1723e51215df3f93ad88444f7381ba6401e13c4497569d8dd1ce302154fa654cf9090a55eca7606d4ada88a116b41811bcce4

Download Submit
C:\Windows\system\SyrHWsn.exe

Filesize
6.0MB

MD5
77a8e0e6d9f11bf5ee8b1cffc68403b8

SHA1
5356093e038bd9c7c3c369464052b375bee4a5ca

SHA256
42fbb9c3297492efd6ce3ba8ee0059bd34496cf9a4db189dd22e9a7a804056d3

SHA512
85c1f4f04193f46c8ea06443d912415d0b35e6808c1e8e2d871756883d908d10c48415de3b4fce44c218704f5edc562a4cfb933e3464076b7a801324c7dee03c

Download Submit
C:\Windows\system\VjHFaAh.exe

Filesize
6.0MB

MD5
a0296f68f803d7b510510fd401d62d6f

SHA1
288f967665df44ccc5ffbb2644938cb7bfea75ff

SHA256
ad27d6d101bd44c43357fa119dda6b7a4e250244cffef1b88ec109947bb40364

SHA512
c5db4f7a076c0e069d6d891f7bc5212aa4b481e3bc8be3daea286cc2af425b9e3e39917e3ef116161d609fe24b6412d0408b02bd8de8028d22be974d68938c8e

Download Submit
C:\Windows\system\ZMLYWrW.exe

Filesize
6.0MB

MD5
e974f0a0200cea48f0f7667cc95dd1d3

SHA1
2b37b451c29bef5df1f9f1a784d45c5b15ff980b

SHA256
33f53d553c8cafdc36f640624c065dc140559d7b1e1cb97e4b19b24750cd239d

SHA512
15c9b93f63d3fce19412fb3fd9a6d159b01cfd05593a0533f66a8f913061439622885ee7413a1671360bdd3c5cf9da3b785cb39ec3383ae6aa8580f96690b773

Download Submit
C:\Windows\system\alyVzYY.exe

Filesize
6.0MB

MD5
71aac3f9dd8a6816ec831d9fc6f59c55

SHA1
b1607340c4893b4674ee35118184e9192feeb873

SHA256
aa50088e0e7eaab963635a7ce7aee3af695cd3ade57c0788132930e730694968

SHA512
390a899299d9e51a30bacb6126b625c01dfde1df9879032782bacc7945a65fec68ff3284ebe3fc6a2e49da58f71c6d3eaab32c27e6e7c04c104d39f3378d92c0

Download Submit
C:\Windows\system\esEMbaO.exe

Filesize
6.0MB

MD5
2e0b5aa83595de7937b2e88a277a01ab

SHA1
bc3bdb553c2152b1a6b30ea4a5512d5cb8ad6147

SHA256
5ec14b097f94eed086cadb28a7b33e882ffb097a38beada4bd6f6c912d173e01

SHA512
f745137fd0af2a34414cdd7c15ce1c2efc2203e25958db8b3b63b3c57d429d61c839583b418ade8de4752da4e1006cdf0b2cd07837ac02d108c9741b48452560

Download Submit
C:\Windows\system\fkSNFuL.exe

Filesize
6.0MB

MD5
96a323d6d836e3c219b6918ee643d525

SHA1
bb1b636a616772c5da0759ded639958754debf0b

SHA256
3ad78d19af951f8cf7ea627d81bb3d1e662a4cb6efec975d9e2bb7ca1bbc570e

SHA512
0641d6cfdec71c9bb9010c703ecabcd2c4cc0fb1d3cc50d7d56f0dec7eb23121f5115f73d19b657be840be5f44d2b8e703e40853a98f5d29ba37f53b9347137c

Download Submit
C:\Windows\system\fpPZmEs.exe

Filesize
6.0MB

MD5
b17e555aa25108f506b49962bdb724b2

SHA1
3e7dfe81c5d0e959bcbf6a2b42650279a60b7686

SHA256
54d3374b69f5b838257cad485320ece62e75de593e3efe63eda74e0ade0efd9d

SHA512
adac9afbb4d30d4f13e096da9df95a0b2501f2e11eda23ccd5ba4cced3b8eeabf833106094492cbef66f8a733321eed07895f3a621f080af4cc532c8a9eb86a4

Download Submit
C:\Windows\system\iXvXihJ.exe

Filesize
6.0MB

MD5
a1dfa12db22bcf412e3cf5ebe490ee4a

SHA1
97133306388907e3e5325ad848f451559db44ce4

SHA256
e9df6455691f5a1e73b81c915d813561c8325697b0d08b1cf13b76d83cce1127

SHA512
1f9df42cd943538cdc9797b7f0dfc07513ac563ce3b70ad5c90bfc4f71e8688c21981f5e782e6eb72912f8fd0d894cecf310aeda32b8f1f00608e73a69deddc1

Download Submit
C:\Windows\system\idISHeG.exe

Filesize
6.0MB

MD5
6a5f20edb6b2e543e7c0a6989996cd2e

SHA1
082cc125ab191ea7a661d1cadbf8652bac7078ad

SHA256
551b6a47fb606d9274483cd853277140a71a17b7f834e266f6e59de1e8bbc0a1

SHA512
b00767d42f0793f22a1a6e0698a66ea42e45c53fe40afb1de167b92158e0cbf367c4947b8e3292530f0c0287853f1f1aeb102ee19d6470b6f2e67d37d347d006

Download Submit
C:\Windows\system\joQfMHB.exe

Filesize
8B

MD5
91cfa3e7b324fce5322c914dbfe08c90

SHA1
dbba2cad8546ac3cbcc6321f0e93f76956e4175d

SHA256
00b442c5a8d5365d954d2850d09691ea2670479cbf8c17bb974e6e2b6faae28f

SHA512
2ee300ec169f17394bfc957a89a1e4e0f4ef0a39e98fe6f3c1ebe719f51d0cfe1a713e31b97892eedf9f08701bdb3faf1dbbbb5857d315f5c84fb7b3e2d7d67c

Download Submit
C:\Windows\system\kFUIPam.exe

Filesize
6.0MB

MD5
7cfea7f845501492cba0a8020863c992

SHA1
ad452094b56df43cae9a8e36370031cd92048726

SHA256
a25cbbf38120942445fb5a3eea88175536ed285c7f5b0bfb582a3617972a36b7

SHA512
eaf69f56cd2d15cb3fa464da605182cd57f249f4000e74b435af81fdfb47f79d53eca4af0dd2d5dd92f1c4c88f562de4d74748e3528e5bb4b3bdce3c51d33200

Download Submit
C:\Windows\system\lMlQxxv.exe

Filesize
6.0MB

MD5
a1a6ae041c54758600bd889dc55fe54c

SHA1
75151a666d908d419a8cb3c98a9c501e0e217ed1

SHA256
33d0c07b3bc6a72225ae9ea0b19c41d37f1ced63f487a12ad1591c17b1eba2e7

SHA512
509b17cf9754e66a116ead56903ab56c08eea788158c03b05d8cc29640c32f11bf45029dac270e1280708e050b3ea23d5d53ac580927858d7552a39528a8d652

Download Submit
C:\Windows\system\nCIsoBG.exe

Filesize
6.0MB

MD5
120d87e871073a5d2184dec773e3eca0

SHA1
281b226946e8b195fd9b6c9fed3fd62e8b7a6ded

SHA256
5b04874942af87216edd14c58762a51b71adb05b000ce5067e347541d0ba2752

SHA512
402669c20838970e174f3047c78655b3898dedf6622f6022a8c217b7cd4cd478dcf2711a5a6be032245acd5caff3494d04de258fedd9df8aa3a9fb67f09ac811

Download Submit
C:\Windows\system\pmETVaQ.exe

Filesize
6.0MB

MD5
12828b093882310c7935b46856f64d91

SHA1
242be25b4697d9bcc26bb33a834796096c2feed2

SHA256
32ca3689618c646c70ea97826e23ae2085584a8b7cbbf0d4acb1fa97675c8e58

SHA512
8bd6379ef73e37e634182f17649b43eaf1e09329e145647637bcd7a82b0e9fc15629895f597c89dac54f83ec04847045ed7e661a8640f6468e7563cf5135caa0

Download Submit
C:\Windows\system\skToGjI.exe

Filesize
6.0MB

MD5
7d3eaf807c7f7290f807c03c7686efc9

SHA1
e599f99ea2dcd53245e656047f8196c2fdb9f445

SHA256
ab08202c74fefa932149c284709bf97e0ae9e4189622065eb9a0d044bd2fc12f

SHA512
a52b36cf480d90dc54c6ede06934609e7da711da838e2e7c252df402fa6a0f062992556ab048a0d027c8ca39cb757f1ed79163d6ed3c97b63f59e8e009f8da8c

Download Submit
C:\Windows\system\tQGlAgA.exe

Filesize
6.0MB

MD5
cd48eb2cc83ab3181c5a157efa268274

SHA1
52005fa5de24450ade6813c11743d50e7042af86

SHA256
54c93a03e844859f7b32812d35320cebd5eaa7fbc83c1fe0b849c7efff906ba9

SHA512
8701cf37117a6e55cc88bfc05adeda0b1fa3053b1a412812ae3a6e86f1dfdd03284d4093cd25e3c106dfbb9eb4f0345290a858f36e173dc6853e67e49022f1c6

Download Submit
C:\Windows\system\wHCtrht.exe

Filesize
6.0MB

MD5
c2a3f2357766f83475c167e86617605a

SHA1
f4958709112890b3d58deb221502175a839b7972

SHA256
60db19e9c8ac8e4f21859f18bda5f4557a45f0b5af68fb3472e353c4dcbe1f20

SHA512
464f64895aae2a439d8fb28779caad55959f8c52500f7e08e9de09e7f26c4c4004d0f38a23b674505ef58197ad56c53ef9a4a877768b35acc1daa8e30fde26f0

Download Submit
\Windows\system\IeSnoij.exe

Filesize
6.0MB

MD5
3a3caa5ac95abef4e770a3d9805c0afd

SHA1
639c5f7d40f04993bb32b5226f645305f5ec995b

SHA256
0caff662e5832de5b872f219ce0a72a5b41bb886102c9c68ea8193a243ad0777

SHA512
9012a2ccc7c89b2dfedd39e848ac1d03951c5337a95d22abbe16391705fa83c3a1c723af31f4300d3e87cddb425ce66c6e5d3373a82c71191af1c3c9e22cc6b0

Download Submit
\Windows\system\PpEuAwM.exe

Filesize
6.0MB

MD5
8b4038bd0d2e8217db4a17365f34324e

SHA1
7a8458f988dde6473f3de4b4429ab0eda2b9e827

SHA256
78a4828a151c00b5267f01122187963bd38e1b9674112bd5589734b5faff4040

SHA512
e263b55454ca4399ee7b8d0997fd326fa4e3d501c1ccf45cb0daf1e4b9c55d60abff367825553f1df60cf690cf4c4296a4bb61d2e68365d909d73a2cf03a0a94

Download Submit
\Windows\system\aoBHQug.exe

Filesize
6.0MB

MD5
7d90e566f208e3c2fd76a4b785e2870f

SHA1
2e6f9bf9fddd94c92d03a5adcea1848f17abc5c8

SHA256
a30f54e4c20a6679aa105f1f145480a3e7f1b84623107af30c21563da857d256

SHA512
ccccc8b81a4b35c4a983a3a96c101e5bb9735668d932e0f51ea316f64dd610912ef214feff1f4d8e1ed488ec768f0ca57abb18013c6ed1a80e361326601e4d08

Download Submit
\Windows\system\oGhznnd.exe

Filesize
6.0MB

MD5
e5390ed354143eac85857d23d4ef3143

SHA1
3f89d4ececbc93bd176d59bfbd9c34c7a0194d97

SHA256
b630bf3ec8ba074c12200a07d3b8d5ca2485974d2b08ce886990b5ce0bc5600f

SHA512
1be9ca3252bc47e0e13a078c34c32f7c6cd45d0f9c22e8fd274479ee1fd3a1564550cd4b0b50b1ff6902988e5f346efae95aecb04c40c347a893df1d141eaa45

Download Submit
\Windows\system\pexZoNS.exe

Filesize
6.0MB

MD5
8d67bd06a3cea8562472b5f292ff9c59

SHA1
7d475af9d1f85ceded88e6208cbc42323b7cfc23

SHA256
8afd0373a870f17132ce349d1549097f90e67e11d2368601522d80afa8bff523

SHA512
cbc751226b5eeed686a7aa7a81f854a595ba17914a0ae412786a7ea3faef85a38ea6a52cdd6a66c4e18a32bc7b85b28bd187dd50e9f0075375cfc28a364d3bec

Download Submit
\Windows\system\tdGcUJx.exe

Filesize
6.0MB

MD5
3b2d59216e9f338d030d28efb9d5ac39

SHA1
bbc4ec309af3b44217a352b01e60a2e8c4da85f8

SHA256
4a48a2a0382edfd4c35282bd02f5293ce69612cc9e1ee3871a25a88f928928e8

SHA512
33eff4767c8380de97beb09d8215fea796cc2f8cdeadbe69110c14fdfcb36ecdf9d421ce1d7c082c0dffa95c039c7584178cb45301a5a8404dcd850d892f1d3d

Download Submit
\Windows\system\zLUQPFy.exe

Filesize
6.0MB

MD5
9de61f4cddcc49c9adadf280db720d20

SHA1
051d1b0c265f3cf7ea155530eac44682b9e7cd65

SHA256
3a8a0e48f5e6b0959599103401d6396d39bfac858c3d6a49e76c5b1f41bd6c55

SHA512
43af794b9d5683c4cf0c1200831f2d22f1f3fedb22a5124949c978122c465fd217f69a08c7d05ef1bdf84e1b46acd41ed54d32c192177548dffc875080e83b37

Download Submit
memory/652-3183-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/652-36-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-749-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-19-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2064-88-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-96-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-64-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-25-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2064-0-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1096-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-37-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-46-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-6-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-75-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2064-100-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2064-38-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-77-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-10-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2064-81-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2072-3844-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2072-93-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2072-238-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3222-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2544-83-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2600-21-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3145-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2600-86-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3072-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2632-16-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3228-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2688-82-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2844-52-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3223-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-95-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-157-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3239-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2860-90-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2884-92-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2884-34-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3174-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2924-61-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2924-3226-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2936-97-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-57-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3234-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-106-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3800-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3220-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-98-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-71-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3069-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/3028-15-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/3028-60-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download