cobaltstrike | f95d70de7282ed0691e92ae5c2fb707c5b41c9e5e8b099f119d15f70634343c8

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/01/2025, 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

da3a9b63285e3597be99f9f7ab2777a5
SHA1

47c77352338fa0210194381cba74bad09338aeba
SHA256

f95d70de7282ed0691e92ae5c2fb707c5b41c9e5e8b099f119d15f70634343c8
SHA512

d63dd108d483b79085634c3bfc74e9b48cda3dae93d6263f4cfe098537c6bc07e6719167f8d16f2b56ab970fac4f34335f3612d4c17a71e98464ea6817557185
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUU:T+q56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001939f-10.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193d0-12.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193f9-28.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019426-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019428-40.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000019354-47.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194c3-55.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d5-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019647-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019650-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964f-79.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197e4-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a85-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b16-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b18-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c79-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c8f-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cc8-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c91-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d98-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f62-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07f-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b4-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a448-198.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a444-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a446-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a340-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a30e-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f77-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a077-157.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2716-0-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x000b000000012280-3.dat	xmrig
behavioral1/memory/2848-8-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x000700000001939f-10.dat	xmrig
behavioral1/memory/2704-15-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x00070000000193d0-12.dat	xmrig
behavioral1/memory/2828-21-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2896-29-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x00060000000193f9-28.dat	xmrig
behavioral1/memory/2800-36-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2716-35-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x0006000000019426-34.dat	xmrig
behavioral1/memory/2716-31-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2848-39-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x0006000000019428-40.dat	xmrig
behavioral1/memory/2704-42-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2256-45-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0032000000019354-47.dat	xmrig
behavioral1/memory/3020-54-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2716-52-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/2828-49-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x00070000000194c3-55.dat	xmrig
behavioral1/memory/2716-59-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/1108-61-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2896-58-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x00060000000194d5-62.dat	xmrig
behavioral1/memory/1216-69-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2800-63-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019647-70.dat	xmrig
behavioral1/memory/2436-74-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2716-71-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019650-88.dat	xmrig
behavioral1/memory/1732-89-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2148-82-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2716-81-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/2256-80-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x000500000001964f-79.dat	xmrig
behavioral1/memory/2716-90-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/1108-92-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000197e4-94.dat	xmrig
behavioral1/memory/492-101-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/1216-97-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x0005000000019a85-113.dat	xmrig
behavioral1/files/0x0005000000019b16-118.dat	xmrig
behavioral1/memory/2148-119-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019b18-114.dat	xmrig
behavioral1/memory/2436-105-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c79-122.dat	xmrig
behavioral1/files/0x0005000000019c8f-127.dat	xmrig
behavioral1/files/0x0005000000019cc8-137.dat	xmrig
behavioral1/files/0x0005000000019c91-132.dat	xmrig
behavioral1/files/0x0005000000019d98-142.dat	xmrig
behavioral1/files/0x0005000000019f62-147.dat	xmrig
behavioral1/files/0x000500000001a07f-162.dat	xmrig
behavioral1/files/0x000500000001a0b4-167.dat	xmrig
behavioral1/memory/2716-867-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1732-274-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x000500000001a448-198.dat	xmrig
behavioral1/files/0x000500000001a447-192.dat	xmrig
behavioral1/files/0x000500000001a444-183.dat	xmrig
behavioral1/files/0x000500000001a446-188.dat	xmrig
behavioral1/files/0x000500000001a340-177.dat	xmrig
behavioral1/files/0x000500000001a30e-172.dat	xmrig
behavioral1/files/0x0005000000019f77-152.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2848	OjpImLJ.exe
2704	JYTyWxM.exe
2828	fPSUktk.exe
2896	aZrxfFI.exe
2800	IWuFHbV.exe
2256	FOrpDmj.exe
3020	blIgFJM.exe
1108	hulNvwy.exe
1216	XwRgdgo.exe
2436	cReUQMr.exe
2148	gQROBdt.exe
1732	bODaYMD.exe
492	vVRxofF.exe
2004	ieGLegf.exe
1044	htemUeg.exe
2040	lZEJrTE.exe
2764	SpcTkgq.exe
1576	bXsYZKU.exe
1940	jEYTcLO.exe
1744	AmTdnoa.exe
2952	zlBeZfT.exe
2144	JXMLwrc.exe
2336	EcTtyvE.exe
1628	wNwQLyx.exe
1048	MvxhzVr.exe
2440	qUZMwnn.exe
2036	QaVbqmm.exe
2964	ASlzTMX.exe
916	eHrgroR.exe
2412	NMmpxGY.exe
1876	xLPohnV.exe
1316	IdHIlrI.exe
828	Yohuhup.exe
1464	MTPFlVl.exe
1292	xKsyAtl.exe
1888	xvzjZZa.exe
1652	XrptQGs.exe
896	MItYvsx.exe
608	twiuGkX.exe
3032	JpThlkh.exe
1248	VhsGBXh.exe
376	wIDXDFp.exe
1808	gJLADzy.exe
832	PyhkUhB.exe
2292	XoruoIG.exe
1728	kGlojIl.exe
284	BTySbPz.exe
1680	IvZnkZU.exe
1600	QiDcKKj.exe
1556	IRReuPW.exe
2796	dLTRMYS.exe
2320	ltvbMsK.exe
2728	FWgHXsK.exe
2832	EBcBLfZ.exe
2576	qCZEKDU.exe
2784	EjTfznc.exe
2836	JRVDVDn.exe
2588	UPNzcxB.exe
2852	FqWKSuH.exe
2568	WLAdddw.exe
264	KdEIKvU.exe
1308	srGEOGL.exe
1416	JRwUtKb.exe
2220	GbyeLpx.exe

Loads dropped DLL 64 IoCs

pid	Process
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2716-0-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x000b000000012280-3.dat	upx
behavioral1/memory/2848-8-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x000700000001939f-10.dat	upx
behavioral1/memory/2704-15-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x00070000000193d0-12.dat	upx
behavioral1/memory/2828-21-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2896-29-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x00060000000193f9-28.dat	upx
behavioral1/memory/2800-36-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2716-35-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x0006000000019426-34.dat	upx
behavioral1/memory/2848-39-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x0006000000019428-40.dat	upx
behavioral1/memory/2704-42-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2256-45-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0032000000019354-47.dat	upx
behavioral1/memory/3020-54-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2828-49-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x00070000000194c3-55.dat	upx
behavioral1/memory/1108-61-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2896-58-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x00060000000194d5-62.dat	upx
behavioral1/memory/1216-69-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2800-63-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0005000000019647-70.dat	upx
behavioral1/memory/2436-74-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/files/0x0005000000019650-88.dat	upx
behavioral1/memory/1732-89-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2148-82-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2256-80-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x000500000001964f-79.dat	upx
behavioral1/memory/1108-92-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x00050000000197e4-94.dat	upx
behavioral1/memory/492-101-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/1216-97-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x0005000000019a85-113.dat	upx
behavioral1/files/0x0005000000019b16-118.dat	upx
behavioral1/memory/2148-119-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0005000000019b18-114.dat	upx
behavioral1/memory/2436-105-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/files/0x0005000000019c79-122.dat	upx
behavioral1/files/0x0005000000019c8f-127.dat	upx
behavioral1/files/0x0005000000019cc8-137.dat	upx
behavioral1/files/0x0005000000019c91-132.dat	upx
behavioral1/files/0x0005000000019d98-142.dat	upx
behavioral1/files/0x0005000000019f62-147.dat	upx
behavioral1/files/0x000500000001a07f-162.dat	upx
behavioral1/files/0x000500000001a0b4-167.dat	upx
behavioral1/memory/1732-274-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x000500000001a448-198.dat	upx
behavioral1/files/0x000500000001a447-192.dat	upx
behavioral1/files/0x000500000001a444-183.dat	upx
behavioral1/files/0x000500000001a446-188.dat	upx
behavioral1/files/0x000500000001a340-177.dat	upx
behavioral1/files/0x000500000001a30e-172.dat	upx
behavioral1/files/0x0005000000019f77-152.dat	upx
behavioral1/files/0x000500000001a077-157.dat	upx
behavioral1/memory/2704-3337-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2828-3349-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2848-3348-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2896-3374-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2800-3372-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/3020-3741-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zjDiSkA.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHprmuU.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtmgGmx.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tudqHzQ.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPzGNek.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PmohMKf.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpcTkgq.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krbfQkI.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CGYBMid.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JeOFnwT.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hnbjkwt.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SteIDhi.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UzbVUeO.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQdFvlK.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XeZfZah.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmjfhft.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdEIKvU.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJPnoNR.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCwfRMy.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEMVPFa.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxRGbja.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HfZxgYa.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLAdddw.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\faqYZTL.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvmRMHT.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKWvEwQ.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEYUsJg.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oyhzhxc.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mhyhpsb.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbZTIEZ.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRuZNlW.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKSGrup.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGlpytc.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjpImLJ.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwaOMyN.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydZRfDy.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLrSRHh.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIOsEjr.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbkuLBt.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxXrsel.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ATksPOj.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlkRPjX.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRvYemm.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YFZcDKG.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FgLtRqT.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQLSpxR.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fzvhoZA.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XEygJTX.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnPODof.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aifZdTh.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGfNEeW.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEGyPIB.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMUInki.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtbZrWk.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYEHJjs.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Aetpzbu.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVYUpNw.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Yfbowit.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVSmkNx.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uaXOSei.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqSvRUC.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQOBBdo.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjZqjMM.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMcQWyN.exe	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2848	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2716 wrote to memory of 2848	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2716 wrote to memory of 2848	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2716 wrote to memory of 2704	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2716 wrote to memory of 2704	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2716 wrote to memory of 2704	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2716 wrote to memory of 2828	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2716 wrote to memory of 2828	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2716 wrote to memory of 2828	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2716 wrote to memory of 2896	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2716 wrote to memory of 2896	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2716 wrote to memory of 2896	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2716 wrote to memory of 2800	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2716 wrote to memory of 2800	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2716 wrote to memory of 2800	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2716 wrote to memory of 2256	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2716 wrote to memory of 2256	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2716 wrote to memory of 2256	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2716 wrote to memory of 3020	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2716 wrote to memory of 3020	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2716 wrote to memory of 3020	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2716 wrote to memory of 1108	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2716 wrote to memory of 1108	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2716 wrote to memory of 1108	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2716 wrote to memory of 1216	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2716 wrote to memory of 1216	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2716 wrote to memory of 1216	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2716 wrote to memory of 2436	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2716 wrote to memory of 2436	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2716 wrote to memory of 2436	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2716 wrote to memory of 2148	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2716 wrote to memory of 2148	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2716 wrote to memory of 2148	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2716 wrote to memory of 1732	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2716 wrote to memory of 1732	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2716 wrote to memory of 1732	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2716 wrote to memory of 492	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2716 wrote to memory of 492	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2716 wrote to memory of 492	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2716 wrote to memory of 2004	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2716 wrote to memory of 2004	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2716 wrote to memory of 2004	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2716 wrote to memory of 2040	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2716 wrote to memory of 2040	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2716 wrote to memory of 2040	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2716 wrote to memory of 1044	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2716 wrote to memory of 1044	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2716 wrote to memory of 1044	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2716 wrote to memory of 2764	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2716 wrote to memory of 2764	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2716 wrote to memory of 2764	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2716 wrote to memory of 1576	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2716 wrote to memory of 1576	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2716 wrote to memory of 1576	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2716 wrote to memory of 1940	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2716 wrote to memory of 1940	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2716 wrote to memory of 1940	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2716 wrote to memory of 1744	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2716 wrote to memory of 1744	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2716 wrote to memory of 1744	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2716 wrote to memory of 2952	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2716 wrote to memory of 2952	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2716 wrote to memory of 2952	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2716 wrote to memory of 2144	2716	2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_da3a9b63285e3597be99f9f7ab2777a5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Windows\System\OjpImLJ.exe
  C:\Windows\System\OjpImLJ.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\JYTyWxM.exe
  C:\Windows\System\JYTyWxM.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\fPSUktk.exe
  C:\Windows\System\fPSUktk.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\aZrxfFI.exe
  C:\Windows\System\aZrxfFI.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\IWuFHbV.exe
  C:\Windows\System\IWuFHbV.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\FOrpDmj.exe
  C:\Windows\System\FOrpDmj.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\blIgFJM.exe
  C:\Windows\System\blIgFJM.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\hulNvwy.exe
  C:\Windows\System\hulNvwy.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\XwRgdgo.exe
  C:\Windows\System\XwRgdgo.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\cReUQMr.exe
  C:\Windows\System\cReUQMr.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\gQROBdt.exe
  C:\Windows\System\gQROBdt.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\bODaYMD.exe
  C:\Windows\System\bODaYMD.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\vVRxofF.exe
  C:\Windows\System\vVRxofF.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\ieGLegf.exe
  C:\Windows\System\ieGLegf.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\lZEJrTE.exe
  C:\Windows\System\lZEJrTE.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\htemUeg.exe
  C:\Windows\System\htemUeg.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\SpcTkgq.exe
  C:\Windows\System\SpcTkgq.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\bXsYZKU.exe
  C:\Windows\System\bXsYZKU.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\jEYTcLO.exe
  C:\Windows\System\jEYTcLO.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\AmTdnoa.exe
  C:\Windows\System\AmTdnoa.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\zlBeZfT.exe
  C:\Windows\System\zlBeZfT.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\JXMLwrc.exe
  C:\Windows\System\JXMLwrc.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\EcTtyvE.exe
  C:\Windows\System\EcTtyvE.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\wNwQLyx.exe
  C:\Windows\System\wNwQLyx.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\MvxhzVr.exe
  C:\Windows\System\MvxhzVr.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\qUZMwnn.exe
  C:\Windows\System\qUZMwnn.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\QaVbqmm.exe
  C:\Windows\System\QaVbqmm.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ASlzTMX.exe
  C:\Windows\System\ASlzTMX.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\eHrgroR.exe
  C:\Windows\System\eHrgroR.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\NMmpxGY.exe
  C:\Windows\System\NMmpxGY.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\xLPohnV.exe
  C:\Windows\System\xLPohnV.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\IdHIlrI.exe
  C:\Windows\System\IdHIlrI.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\Yohuhup.exe
  C:\Windows\System\Yohuhup.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\MTPFlVl.exe
  C:\Windows\System\MTPFlVl.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\xKsyAtl.exe
  C:\Windows\System\xKsyAtl.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\xvzjZZa.exe
  C:\Windows\System\xvzjZZa.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\XrptQGs.exe
  C:\Windows\System\XrptQGs.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\MItYvsx.exe
  C:\Windows\System\MItYvsx.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\twiuGkX.exe
  C:\Windows\System\twiuGkX.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\JpThlkh.exe
  C:\Windows\System\JpThlkh.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\VhsGBXh.exe
  C:\Windows\System\VhsGBXh.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\wIDXDFp.exe
  C:\Windows\System\wIDXDFp.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\gJLADzy.exe
  C:\Windows\System\gJLADzy.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\PyhkUhB.exe
  C:\Windows\System\PyhkUhB.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\XoruoIG.exe
  C:\Windows\System\XoruoIG.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\kGlojIl.exe
  C:\Windows\System\kGlojIl.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\BTySbPz.exe
  C:\Windows\System\BTySbPz.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\IvZnkZU.exe
  C:\Windows\System\IvZnkZU.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\QiDcKKj.exe
  C:\Windows\System\QiDcKKj.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\IRReuPW.exe
  C:\Windows\System\IRReuPW.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\dLTRMYS.exe
  C:\Windows\System\dLTRMYS.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\ltvbMsK.exe
  C:\Windows\System\ltvbMsK.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\FWgHXsK.exe
  C:\Windows\System\FWgHXsK.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\EBcBLfZ.exe
  C:\Windows\System\EBcBLfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\qCZEKDU.exe
  C:\Windows\System\qCZEKDU.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\EjTfznc.exe
  C:\Windows\System\EjTfznc.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\JRVDVDn.exe
  C:\Windows\System\JRVDVDn.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\UPNzcxB.exe
  C:\Windows\System\UPNzcxB.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\FqWKSuH.exe
  C:\Windows\System\FqWKSuH.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\WLAdddw.exe
  C:\Windows\System\WLAdddw.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\KdEIKvU.exe
  C:\Windows\System\KdEIKvU.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\srGEOGL.exe
  C:\Windows\System\srGEOGL.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\JRwUtKb.exe
  C:\Windows\System\JRwUtKb.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\GbyeLpx.exe
  C:\Windows\System\GbyeLpx.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\PePLzcb.exe
  C:\Windows\System\PePLzcb.exe
  2⤵
  PID:836
- C:\Windows\System\tNWbdPR.exe
  C:\Windows\System\tNWbdPR.exe
  2⤵
  PID:1220
- C:\Windows\System\SUDcWzx.exe
  C:\Windows\System\SUDcWzx.exe
  2⤵
  PID:2888
- C:\Windows\System\WeTIqbK.exe
  C:\Windows\System\WeTIqbK.exe
  2⤵
  PID:2468
- C:\Windows\System\NldfJGx.exe
  C:\Windows\System\NldfJGx.exe
  2⤵
  PID:1584
- C:\Windows\System\QXaKSho.exe
  C:\Windows\System\QXaKSho.exe
  2⤵
  PID:2160
- C:\Windows\System\LcSZdgr.exe
  C:\Windows\System\LcSZdgr.exe
  2⤵
  PID:2156
- C:\Windows\System\SFZJadl.exe
  C:\Windows\System\SFZJadl.exe
  2⤵
  PID:2480
- C:\Windows\System\lJeVdNR.exe
  C:\Windows\System\lJeVdNR.exe
  2⤵
  PID:2816
- C:\Windows\System\EvQLRpg.exe
  C:\Windows\System\EvQLRpg.exe
  2⤵
  PID:2476
- C:\Windows\System\LjpZufG.exe
  C:\Windows\System\LjpZufG.exe
  2⤵
  PID:1760
- C:\Windows\System\DiMJSkM.exe
  C:\Windows\System\DiMJSkM.exe
  2⤵
  PID:2664
- C:\Windows\System\itiTrVQ.exe
  C:\Windows\System\itiTrVQ.exe
  2⤵
  PID:1148
- C:\Windows\System\IUVmByx.exe
  C:\Windows\System\IUVmByx.exe
  2⤵
  PID:2248
- C:\Windows\System\nFhHcsJ.exe
  C:\Windows\System\nFhHcsJ.exe
  2⤵
  PID:2324
- C:\Windows\System\YMLNkQU.exe
  C:\Windows\System\YMLNkQU.exe
  2⤵
  PID:2200
- C:\Windows\System\UjjGxEP.exe
  C:\Windows\System\UjjGxEP.exe
  2⤵
  PID:904
- C:\Windows\System\nHaheIe.exe
  C:\Windows\System\nHaheIe.exe
  2⤵
  PID:440
- C:\Windows\System\IumYIXr.exe
  C:\Windows\System\IumYIXr.exe
  2⤵
  PID:2184
- C:\Windows\System\oklyLrV.exe
  C:\Windows\System\oklyLrV.exe
  2⤵
  PID:964
- C:\Windows\System\QGSsgRj.exe
  C:\Windows\System\QGSsgRj.exe
  2⤵
  PID:1804
- C:\Windows\System\STSgrwe.exe
  C:\Windows\System\STSgrwe.exe
  2⤵
  PID:2500
- C:\Windows\System\HfWQbOv.exe
  C:\Windows\System\HfWQbOv.exe
  2⤵
  PID:876
- C:\Windows\System\zkPsZeA.exe
  C:\Windows\System\zkPsZeA.exe
  2⤵
  PID:960
- C:\Windows\System\JQfHZqT.exe
  C:\Windows\System\JQfHZqT.exe
  2⤵
  PID:932
- C:\Windows\System\EeLNZcS.exe
  C:\Windows\System\EeLNZcS.exe
  2⤵
  PID:1928
- C:\Windows\System\PVcVfBt.exe
  C:\Windows\System\PVcVfBt.exe
  2⤵
  PID:572
- C:\Windows\System\rKzTvob.exe
  C:\Windows\System\rKzTvob.exe
  2⤵
  PID:2968
- C:\Windows\System\CWxaBGV.exe
  C:\Windows\System\CWxaBGV.exe
  2⤵
  PID:2404
- C:\Windows\System\nGzlRYO.exe
  C:\Windows\System\nGzlRYO.exe
  2⤵
  PID:2512
- C:\Windows\System\BdAzvkg.exe
  C:\Windows\System\BdAzvkg.exe
  2⤵
  PID:1900
- C:\Windows\System\TDOCLIU.exe
  C:\Windows\System\TDOCLIU.exe
  2⤵
  PID:1496
- C:\Windows\System\rmBDAnL.exe
  C:\Windows\System\rmBDAnL.exe
  2⤵
  PID:2916
- C:\Windows\System\uBakjwt.exe
  C:\Windows\System\uBakjwt.exe
  2⤵
  PID:2284
- C:\Windows\System\ywQMnUu.exe
  C:\Windows\System\ywQMnUu.exe
  2⤵
  PID:2780
- C:\Windows\System\nTdwmvP.exe
  C:\Windows\System\nTdwmvP.exe
  2⤵
  PID:1800
- C:\Windows\System\FdNUSwm.exe
  C:\Windows\System\FdNUSwm.exe
  2⤵
  PID:2868
- C:\Windows\System\wUZLhbk.exe
  C:\Windows\System\wUZLhbk.exe
  2⤵
  PID:2824
- C:\Windows\System\IFYXWlY.exe
  C:\Windows\System\IFYXWlY.exe
  2⤵
  PID:2864
- C:\Windows\System\dZffgCr.exe
  C:\Windows\System\dZffgCr.exe
  2⤵
  PID:984
- C:\Windows\System\SggrOeL.exe
  C:\Windows\System\SggrOeL.exe
  2⤵
  PID:1660
- C:\Windows\System\gAKriJg.exe
  C:\Windows\System\gAKriJg.exe
  2⤵
  PID:1792
- C:\Windows\System\jyEdCJF.exe
  C:\Windows\System\jyEdCJF.exe
  2⤵
  PID:2644
- C:\Windows\System\CMNrOHH.exe
  C:\Windows\System\CMNrOHH.exe
  2⤵
  PID:1152
- C:\Windows\System\tUeLbrt.exe
  C:\Windows\System\tUeLbrt.exe
  2⤵
  PID:1756
- C:\Windows\System\yyRPiww.exe
  C:\Windows\System\yyRPiww.exe
  2⤵
  PID:2012
- C:\Windows\System\gaWenFe.exe
  C:\Windows\System\gaWenFe.exe
  2⤵
  PID:2236
- C:\Windows\System\gRjqCjm.exe
  C:\Windows\System\gRjqCjm.exe
  2⤵
  PID:1932
- C:\Windows\System\Ijskhmr.exe
  C:\Windows\System\Ijskhmr.exe
  2⤵
  PID:2276
- C:\Windows\System\fiStneE.exe
  C:\Windows\System\fiStneE.exe
  2⤵
  PID:1120
- C:\Windows\System\NOctLSO.exe
  C:\Windows\System\NOctLSO.exe
  2⤵
  PID:1620
- C:\Windows\System\uqvSwHH.exe
  C:\Windows\System\uqvSwHH.exe
  2⤵
  PID:1872
- C:\Windows\System\Sahtbho.exe
  C:\Windows\System\Sahtbho.exe
  2⤵
  PID:2224
- C:\Windows\System\mkloFZr.exe
  C:\Windows\System\mkloFZr.exe
  2⤵
  PID:1936
- C:\Windows\System\UPjnwUA.exe
  C:\Windows\System\UPjnwUA.exe
  2⤵
  PID:2536
- C:\Windows\System\xqdiMQo.exe
  C:\Windows\System\xqdiMQo.exe
  2⤵
  PID:2056
- C:\Windows\System\prWVnHN.exe
  C:\Windows\System\prWVnHN.exe
  2⤵
  PID:2548
- C:\Windows\System\WbMFfty.exe
  C:\Windows\System\WbMFfty.exe
  2⤵
  PID:1524
- C:\Windows\System\uQGIEAM.exe
  C:\Windows\System\uQGIEAM.exe
  2⤵
  PID:2604
- C:\Windows\System\tBydFrh.exe
  C:\Windows\System\tBydFrh.exe
  2⤵
  PID:2736
- C:\Windows\System\AgOODWT.exe
  C:\Windows\System\AgOODWT.exe
  2⤵
  PID:2744
- C:\Windows\System\piSMnyG.exe
  C:\Windows\System\piSMnyG.exe
  2⤵
  PID:592
- C:\Windows\System\irvAZXq.exe
  C:\Windows\System\irvAZXq.exe
  2⤵
  PID:580
- C:\Windows\System\uXmpatb.exe
  C:\Windows\System\uXmpatb.exe
  2⤵
  PID:1768
- C:\Windows\System\coKBlhA.exe
  C:\Windows\System\coKBlhA.exe
  2⤵
  PID:2132
- C:\Windows\System\iHrtycS.exe
  C:\Windows\System\iHrtycS.exe
  2⤵
  PID:628
- C:\Windows\System\immZosn.exe
  C:\Windows\System\immZosn.exe
  2⤵
  PID:1740
- C:\Windows\System\tuKDdpa.exe
  C:\Windows\System\tuKDdpa.exe
  2⤵
  PID:2240
- C:\Windows\System\Xdynhot.exe
  C:\Windows\System\Xdynhot.exe
  2⤵
  PID:2488
- C:\Windows\System\qLYTPQm.exe
  C:\Windows\System\qLYTPQm.exe
  2⤵
  PID:1592
- C:\Windows\System\pfraeLZ.exe
  C:\Windows\System\pfraeLZ.exe
  2⤵
  PID:2304
- C:\Windows\System\maArJQw.exe
  C:\Windows\System\maArJQw.exe
  2⤵
  PID:2104
- C:\Windows\System\lFWqzSc.exe
  C:\Windows\System\lFWqzSc.exe
  2⤵
  PID:1012
- C:\Windows\System\BZwoSAZ.exe
  C:\Windows\System\BZwoSAZ.exe
  2⤵
  PID:352
- C:\Windows\System\iXPHGwT.exe
  C:\Windows\System\iXPHGwT.exe
  2⤵
  PID:2624
- C:\Windows\System\OuBEFQG.exe
  C:\Windows\System\OuBEFQG.exe
  2⤵
  PID:2460
- C:\Windows\System\TyoqNpG.exe
  C:\Windows\System\TyoqNpG.exe
  2⤵
  PID:2884
- C:\Windows\System\NaRVwgm.exe
  C:\Windows\System\NaRVwgm.exe
  2⤵
  PID:696
- C:\Windows\System\VzvRnyD.exe
  C:\Windows\System\VzvRnyD.exe
  2⤵
  PID:1720
- C:\Windows\System\xtqRGBV.exe
  C:\Windows\System\xtqRGBV.exe
  2⤵
  PID:2244
- C:\Windows\System\WbNofwi.exe
  C:\Windows\System\WbNofwi.exe
  2⤵
  PID:852
- C:\Windows\System\wIJDPMc.exe
  C:\Windows\System\wIJDPMc.exe
  2⤵
  PID:2168
- C:\Windows\System\TlWIKar.exe
  C:\Windows\System\TlWIKar.exe
  2⤵
  PID:2372
- C:\Windows\System\vwKqNDN.exe
  C:\Windows\System\vwKqNDN.exe
  2⤵
  PID:2496
- C:\Windows\System\hMEfGNH.exe
  C:\Windows\System\hMEfGNH.exe
  2⤵
  PID:2932
- C:\Windows\System\BmpJVeD.exe
  C:\Windows\System\BmpJVeD.exe
  2⤵
  PID:2692
- C:\Windows\System\QdhWJeo.exe
  C:\Windows\System\QdhWJeo.exe
  2⤵
  PID:1560
- C:\Windows\System\CzcfeRA.exe
  C:\Windows\System\CzcfeRA.exe
  2⤵
  PID:1644
- C:\Windows\System\lQQpAIq.exe
  C:\Windows\System\lQQpAIq.exe
  2⤵
  PID:3080
- C:\Windows\System\OByDhIG.exe
  C:\Windows\System\OByDhIG.exe
  2⤵
  PID:3096
- C:\Windows\System\QNSXwXQ.exe
  C:\Windows\System\QNSXwXQ.exe
  2⤵
  PID:3120
- C:\Windows\System\VyNWzhF.exe
  C:\Windows\System\VyNWzhF.exe
  2⤵
  PID:3140
- C:\Windows\System\PCuGSKQ.exe
  C:\Windows\System\PCuGSKQ.exe
  2⤵
  PID:3164
- C:\Windows\System\nfItGuO.exe
  C:\Windows\System\nfItGuO.exe
  2⤵
  PID:3184
- C:\Windows\System\AGyEONN.exe
  C:\Windows\System\AGyEONN.exe
  2⤵
  PID:3204
- C:\Windows\System\rdimXsp.exe
  C:\Windows\System\rdimXsp.exe
  2⤵
  PID:3224
- C:\Windows\System\hUmroVK.exe
  C:\Windows\System\hUmroVK.exe
  2⤵
  PID:3244
- C:\Windows\System\qwCdImn.exe
  C:\Windows\System\qwCdImn.exe
  2⤵
  PID:3264
- C:\Windows\System\FiGUwfX.exe
  C:\Windows\System\FiGUwfX.exe
  2⤵
  PID:3284
- C:\Windows\System\UzbVUeO.exe
  C:\Windows\System\UzbVUeO.exe
  2⤵
  PID:3300
- C:\Windows\System\fzvhoZA.exe
  C:\Windows\System\fzvhoZA.exe
  2⤵
  PID:3324
- C:\Windows\System\UwaOMyN.exe
  C:\Windows\System\UwaOMyN.exe
  2⤵
  PID:3344
- C:\Windows\System\WNlAnnK.exe
  C:\Windows\System\WNlAnnK.exe
  2⤵
  PID:3364
- C:\Windows\System\fOkERey.exe
  C:\Windows\System\fOkERey.exe
  2⤵
  PID:3380
- C:\Windows\System\XRdoAGE.exe
  C:\Windows\System\XRdoAGE.exe
  2⤵
  PID:3404
- C:\Windows\System\WJAlBgI.exe
  C:\Windows\System\WJAlBgI.exe
  2⤵
  PID:3424
- C:\Windows\System\QsiLUVY.exe
  C:\Windows\System\QsiLUVY.exe
  2⤵
  PID:3444
- C:\Windows\System\pROyiiq.exe
  C:\Windows\System\pROyiiq.exe
  2⤵
  PID:3464
- C:\Windows\System\AVftMVk.exe
  C:\Windows\System\AVftMVk.exe
  2⤵
  PID:3484
- C:\Windows\System\fQpiHYa.exe
  C:\Windows\System\fQpiHYa.exe
  2⤵
  PID:3504
- C:\Windows\System\DYtdtTk.exe
  C:\Windows\System\DYtdtTk.exe
  2⤵
  PID:3524
- C:\Windows\System\NfMoKHY.exe
  C:\Windows\System\NfMoKHY.exe
  2⤵
  PID:3544
- C:\Windows\System\sbYkiPN.exe
  C:\Windows\System\sbYkiPN.exe
  2⤵
  PID:3564
- C:\Windows\System\zPBXbcS.exe
  C:\Windows\System\zPBXbcS.exe
  2⤵
  PID:3584
- C:\Windows\System\uVDLJCm.exe
  C:\Windows\System\uVDLJCm.exe
  2⤵
  PID:3604
- C:\Windows\System\nyHggzf.exe
  C:\Windows\System\nyHggzf.exe
  2⤵
  PID:3624
- C:\Windows\System\cmZJzgC.exe
  C:\Windows\System\cmZJzgC.exe
  2⤵
  PID:3644
- C:\Windows\System\PfyeJYv.exe
  C:\Windows\System\PfyeJYv.exe
  2⤵
  PID:3664
- C:\Windows\System\COyFTSa.exe
  C:\Windows\System\COyFTSa.exe
  2⤵
  PID:3684
- C:\Windows\System\WutLhok.exe
  C:\Windows\System\WutLhok.exe
  2⤵
  PID:3704
- C:\Windows\System\QQQHbTF.exe
  C:\Windows\System\QQQHbTF.exe
  2⤵
  PID:3724
- C:\Windows\System\cItwBpU.exe
  C:\Windows\System\cItwBpU.exe
  2⤵
  PID:3744
- C:\Windows\System\HGQzqpt.exe
  C:\Windows\System\HGQzqpt.exe
  2⤵
  PID:3764
- C:\Windows\System\nJggpGc.exe
  C:\Windows\System\nJggpGc.exe
  2⤵
  PID:3780
- C:\Windows\System\zEqoYrr.exe
  C:\Windows\System\zEqoYrr.exe
  2⤵
  PID:3804
- C:\Windows\System\IlTzoTn.exe
  C:\Windows\System\IlTzoTn.exe
  2⤵
  PID:3824
- C:\Windows\System\TzrErlO.exe
  C:\Windows\System\TzrErlO.exe
  2⤵
  PID:3844
- C:\Windows\System\OYDFlgF.exe
  C:\Windows\System\OYDFlgF.exe
  2⤵
  PID:3864
- C:\Windows\System\DpZjvja.exe
  C:\Windows\System\DpZjvja.exe
  2⤵
  PID:3884
- C:\Windows\System\NWuoLzj.exe
  C:\Windows\System\NWuoLzj.exe
  2⤵
  PID:3904
- C:\Windows\System\AkznRko.exe
  C:\Windows\System\AkznRko.exe
  2⤵
  PID:3924
- C:\Windows\System\nlqNWAg.exe
  C:\Windows\System\nlqNWAg.exe
  2⤵
  PID:3944
- C:\Windows\System\imNFYkp.exe
  C:\Windows\System\imNFYkp.exe
  2⤵
  PID:3964
- C:\Windows\System\reXDRXi.exe
  C:\Windows\System\reXDRXi.exe
  2⤵
  PID:3984
- C:\Windows\System\HUtTQgk.exe
  C:\Windows\System\HUtTQgk.exe
  2⤵
  PID:4004
- C:\Windows\System\OHEOaRm.exe
  C:\Windows\System\OHEOaRm.exe
  2⤵
  PID:4028
- C:\Windows\System\FIbqpBC.exe
  C:\Windows\System\FIbqpBC.exe
  2⤵
  PID:4048
- C:\Windows\System\XkOCqyj.exe
  C:\Windows\System\XkOCqyj.exe
  2⤵
  PID:4068
- C:\Windows\System\zjDiSkA.exe
  C:\Windows\System\zjDiSkA.exe
  2⤵
  PID:4088
- C:\Windows\System\cIWeVNf.exe
  C:\Windows\System\cIWeVNf.exe
  2⤵
  PID:2532
- C:\Windows\System\ALoUyoJ.exe
  C:\Windows\System\ALoUyoJ.exe
  2⤵
  PID:2596
- C:\Windows\System\GFBnVrY.exe
  C:\Windows\System\GFBnVrY.exe
  2⤵
  PID:576
- C:\Windows\System\ZYwLvJs.exe
  C:\Windows\System\ZYwLvJs.exe
  2⤵
  PID:2812
- C:\Windows\System\GJPnoNR.exe
  C:\Windows\System\GJPnoNR.exe
  2⤵
  PID:1504
- C:\Windows\System\LnISCZD.exe
  C:\Windows\System\LnISCZD.exe
  2⤵
  PID:3088
- C:\Windows\System\DWjrCQW.exe
  C:\Windows\System\DWjrCQW.exe
  2⤵
  PID:3192
- C:\Windows\System\SRsZgro.exe
  C:\Windows\System\SRsZgro.exe
  2⤵
  PID:3136
- C:\Windows\System\NcEmtzo.exe
  C:\Windows\System\NcEmtzo.exe
  2⤵
  PID:3232
- C:\Windows\System\ILsQLAT.exe
  C:\Windows\System\ILsQLAT.exe
  2⤵
  PID:3272
- C:\Windows\System\kHEpDRe.exe
  C:\Windows\System\kHEpDRe.exe
  2⤵
  PID:3252
- C:\Windows\System\lJUroav.exe
  C:\Windows\System\lJUroav.exe
  2⤵
  PID:3312
- C:\Windows\System\GHDuGGQ.exe
  C:\Windows\System\GHDuGGQ.exe
  2⤵
  PID:3356
- C:\Windows\System\TCOuwLv.exe
  C:\Windows\System\TCOuwLv.exe
  2⤵
  PID:3388
- C:\Windows\System\ZEsPVHt.exe
  C:\Windows\System\ZEsPVHt.exe
  2⤵
  PID:3440
- C:\Windows\System\GlFELvT.exe
  C:\Windows\System\GlFELvT.exe
  2⤵
  PID:3452
- C:\Windows\System\qTvmEey.exe
  C:\Windows\System\qTvmEey.exe
  2⤵
  PID:3476
- C:\Windows\System\hvVcphw.exe
  C:\Windows\System\hvVcphw.exe
  2⤵
  PID:3500
- C:\Windows\System\OPkcYdk.exe
  C:\Windows\System\OPkcYdk.exe
  2⤵
  PID:3532
- C:\Windows\System\HyLCHvw.exe
  C:\Windows\System\HyLCHvw.exe
  2⤵
  PID:3600
- C:\Windows\System\UUBvjaR.exe
  C:\Windows\System\UUBvjaR.exe
  2⤵
  PID:3576
- C:\Windows\System\mPTSyPU.exe
  C:\Windows\System\mPTSyPU.exe
  2⤵
  PID:3160
- C:\Windows\System\njUHUvM.exe
  C:\Windows\System\njUHUvM.exe
  2⤵
  PID:3660
- C:\Windows\System\NQCRQoZ.exe
  C:\Windows\System\NQCRQoZ.exe
  2⤵
  PID:3696
- C:\Windows\System\UoohHlb.exe
  C:\Windows\System\UoohHlb.exe
  2⤵
  PID:3732
- C:\Windows\System\jaDfJka.exe
  C:\Windows\System\jaDfJka.exe
  2⤵
  PID:3796
- C:\Windows\System\uabwByB.exe
  C:\Windows\System\uabwByB.exe
  2⤵
  PID:3840
- C:\Windows\System\Efjpiuz.exe
  C:\Windows\System\Efjpiuz.exe
  2⤵
  PID:3820
- C:\Windows\System\KvICGpt.exe
  C:\Windows\System\KvICGpt.exe
  2⤵
  PID:3860
- C:\Windows\System\ydZRfDy.exe
  C:\Windows\System\ydZRfDy.exe
  2⤵
  PID:3900
- C:\Windows\System\ouTkmJX.exe
  C:\Windows\System\ouTkmJX.exe
  2⤵
  PID:3952
- C:\Windows\System\RrfvhVw.exe
  C:\Windows\System\RrfvhVw.exe
  2⤵
  PID:3980
- C:\Windows\System\nwLYrNk.exe
  C:\Windows\System\nwLYrNk.exe
  2⤵
  PID:4020
- C:\Windows\System\MLXBlSf.exe
  C:\Windows\System\MLXBlSf.exe
  2⤵
  PID:4056
- C:\Windows\System\nxxYcyl.exe
  C:\Windows\System\nxxYcyl.exe
  2⤵
  PID:4060
- C:\Windows\System\FsRxvqw.exe
  C:\Windows\System\FsRxvqw.exe
  2⤵
  PID:1580
- C:\Windows\System\XiKqaGT.exe
  C:\Windows\System\XiKqaGT.exe
  2⤵
  PID:2876
- C:\Windows\System\uiNIXIF.exe
  C:\Windows\System\uiNIXIF.exe
  2⤵
  PID:3112
- C:\Windows\System\YJtCics.exe
  C:\Windows\System\YJtCics.exe
  2⤵
  PID:3148
- C:\Windows\System\YpEjuxX.exe
  C:\Windows\System\YpEjuxX.exe
  2⤵
  PID:4024
- C:\Windows\System\mJzuanp.exe
  C:\Windows\System\mJzuanp.exe
  2⤵
  PID:3212
- C:\Windows\System\ILmjOyl.exe
  C:\Windows\System\ILmjOyl.exe
  2⤵
  PID:3316
- C:\Windows\System\XnXdaXJ.exe
  C:\Windows\System\XnXdaXJ.exe
  2⤵
  PID:3336
- C:\Windows\System\GgNyOxK.exe
  C:\Windows\System\GgNyOxK.exe
  2⤵
  PID:3400
- C:\Windows\System\NuLdpqb.exe
  C:\Windows\System\NuLdpqb.exe
  2⤵
  PID:3392
- C:\Windows\System\eEOMzIT.exe
  C:\Windows\System\eEOMzIT.exe
  2⤵
  PID:3512
- C:\Windows\System\ARYFuTF.exe
  C:\Windows\System\ARYFuTF.exe
  2⤵
  PID:3592
- C:\Windows\System\KQdFvlK.exe
  C:\Windows\System\KQdFvlK.exe
  2⤵
  PID:3620
- C:\Windows\System\jYuPfdC.exe
  C:\Windows\System\jYuPfdC.exe
  2⤵
  PID:3680
- C:\Windows\System\AlkRPjX.exe
  C:\Windows\System\AlkRPjX.exe
  2⤵
  PID:3652
- C:\Windows\System\HiQCXxq.exe
  C:\Windows\System\HiQCXxq.exe
  2⤵
  PID:3756
- C:\Windows\System\fKjbOrE.exe
  C:\Windows\System\fKjbOrE.exe
  2⤵
  PID:3816
- C:\Windows\System\XJTLWSI.exe
  C:\Windows\System\XJTLWSI.exe
  2⤵
  PID:3892
- C:\Windows\System\hIcxHev.exe
  C:\Windows\System\hIcxHev.exe
  2⤵
  PID:3992
- C:\Windows\System\AlMxfRQ.exe
  C:\Windows\System\AlMxfRQ.exe
  2⤵
  PID:4044
- C:\Windows\System\uLDHdKm.exe
  C:\Windows\System\uLDHdKm.exe
  2⤵
  PID:2092
- C:\Windows\System\dKWvEwQ.exe
  C:\Windows\System\dKWvEwQ.exe
  2⤵
  PID:4080
- C:\Windows\System\vvWgbTK.exe
  C:\Windows\System\vvWgbTK.exe
  2⤵
  PID:1272
- C:\Windows\System\LQifwMh.exe
  C:\Windows\System\LQifwMh.exe
  2⤵
  PID:3128
- C:\Windows\System\wbTorpW.exe
  C:\Windows\System\wbTorpW.exe
  2⤵
  PID:2112
- C:\Windows\System\nArESBd.exe
  C:\Windows\System\nArESBd.exe
  2⤵
  PID:3176
- C:\Windows\System\RFcbBwd.exe
  C:\Windows\System\RFcbBwd.exe
  2⤵
  PID:3260
- C:\Windows\System\iIziNfM.exe
  C:\Windows\System\iIziNfM.exe
  2⤵
  PID:3456
- C:\Windows\System\JIhedva.exe
  C:\Windows\System\JIhedva.exe
  2⤵
  PID:3556
- C:\Windows\System\WJbgSjm.exe
  C:\Windows\System\WJbgSjm.exe
  2⤵
  PID:3536
- C:\Windows\System\rdPeaWQ.exe
  C:\Windows\System\rdPeaWQ.exe
  2⤵
  PID:3640
- C:\Windows\System\aUJhbTp.exe
  C:\Windows\System\aUJhbTp.exe
  2⤵
  PID:3872
- C:\Windows\System\RYKwwUr.exe
  C:\Windows\System\RYKwwUr.exe
  2⤵
  PID:3956
- C:\Windows\System\RvfuRnC.exe
  C:\Windows\System\RvfuRnC.exe
  2⤵
  PID:3996
- C:\Windows\System\kAPjavW.exe
  C:\Windows\System\kAPjavW.exe
  2⤵
  PID:4036
- C:\Windows\System\DtTpBhp.exe
  C:\Windows\System\DtTpBhp.exe
  2⤵
  PID:4064
- C:\Windows\System\XtwHBvA.exe
  C:\Windows\System\XtwHBvA.exe
  2⤵
  PID:3076
- C:\Windows\System\ataeZQt.exe
  C:\Windows\System\ataeZQt.exe
  2⤵
  PID:3216
- C:\Windows\System\QuPfLVH.exe
  C:\Windows\System\QuPfLVH.exe
  2⤵
  PID:2908
- C:\Windows\System\GPXdCxX.exe
  C:\Windows\System\GPXdCxX.exe
  2⤵
  PID:3420
- C:\Windows\System\dBvRJLE.exe
  C:\Windows\System\dBvRJLE.exe
  2⤵
  PID:3716
- C:\Windows\System\QsdAJOH.exe
  C:\Windows\System\QsdAJOH.exe
  2⤵
  PID:3776
- C:\Windows\System\RrMzJea.exe
  C:\Windows\System\RrMzJea.exe
  2⤵
  PID:3856
- C:\Windows\System\yYURgkR.exe
  C:\Windows\System\yYURgkR.exe
  2⤵
  PID:1452
- C:\Windows\System\uaXOSei.exe
  C:\Windows\System\uaXOSei.exe
  2⤵
  PID:112
- C:\Windows\System\zsFhLPo.exe
  C:\Windows\System\zsFhLPo.exe
  2⤵
  PID:3320
- C:\Windows\System\YYWXMmE.exe
  C:\Windows\System\YYWXMmE.exe
  2⤵
  PID:3572
- C:\Windows\System\YdZbUtI.exe
  C:\Windows\System\YdZbUtI.exe
  2⤵
  PID:3876
- C:\Windows\System\ooFvsBB.exe
  C:\Windows\System\ooFvsBB.exe
  2⤵
  PID:2808
- C:\Windows\System\qnWOeHe.exe
  C:\Windows\System\qnWOeHe.exe
  2⤵
  PID:3972
- C:\Windows\System\yWYuMaz.exe
  C:\Windows\System\yWYuMaz.exe
  2⤵
  PID:4104
- C:\Windows\System\VWhbUSd.exe
  C:\Windows\System\VWhbUSd.exe
  2⤵
  PID:4124
- C:\Windows\System\uAZMYbm.exe
  C:\Windows\System\uAZMYbm.exe
  2⤵
  PID:4144
- C:\Windows\System\PJCUUND.exe
  C:\Windows\System\PJCUUND.exe
  2⤵
  PID:4164
- C:\Windows\System\gdVgpeQ.exe
  C:\Windows\System\gdVgpeQ.exe
  2⤵
  PID:4184
- C:\Windows\System\UTVinbX.exe
  C:\Windows\System\UTVinbX.exe
  2⤵
  PID:4204
- C:\Windows\System\MAZFqVK.exe
  C:\Windows\System\MAZFqVK.exe
  2⤵
  PID:4224
- C:\Windows\System\aFeeqrM.exe
  C:\Windows\System\aFeeqrM.exe
  2⤵
  PID:4244
- C:\Windows\System\dMqdAgX.exe
  C:\Windows\System\dMqdAgX.exe
  2⤵
  PID:4264
- C:\Windows\System\IARlXhD.exe
  C:\Windows\System\IARlXhD.exe
  2⤵
  PID:4280
- C:\Windows\System\HeaQdOn.exe
  C:\Windows\System\HeaQdOn.exe
  2⤵
  PID:4304
- C:\Windows\System\hmViFZA.exe
  C:\Windows\System\hmViFZA.exe
  2⤵
  PID:4324
- C:\Windows\System\KdxXFhu.exe
  C:\Windows\System\KdxXFhu.exe
  2⤵
  PID:4344
- C:\Windows\System\SdBBvsz.exe
  C:\Windows\System\SdBBvsz.exe
  2⤵
  PID:4364
- C:\Windows\System\fLtszKN.exe
  C:\Windows\System\fLtszKN.exe
  2⤵
  PID:4384
- C:\Windows\System\zySSIoK.exe
  C:\Windows\System\zySSIoK.exe
  2⤵
  PID:4404
- C:\Windows\System\IPOjWaT.exe
  C:\Windows\System\IPOjWaT.exe
  2⤵
  PID:4424
- C:\Windows\System\mEICcTH.exe
  C:\Windows\System\mEICcTH.exe
  2⤵
  PID:4444
- C:\Windows\System\vtbZrWk.exe
  C:\Windows\System\vtbZrWk.exe
  2⤵
  PID:4464
- C:\Windows\System\hCCXtRB.exe
  C:\Windows\System\hCCXtRB.exe
  2⤵
  PID:4484
- C:\Windows\System\EUmHwDP.exe
  C:\Windows\System\EUmHwDP.exe
  2⤵
  PID:4504
- C:\Windows\System\DTBeQnZ.exe
  C:\Windows\System\DTBeQnZ.exe
  2⤵
  PID:4528
- C:\Windows\System\JwovnFR.exe
  C:\Windows\System\JwovnFR.exe
  2⤵
  PID:4548
- C:\Windows\System\WnoqbUT.exe
  C:\Windows\System\WnoqbUT.exe
  2⤵
  PID:4568
- C:\Windows\System\QmopJhL.exe
  C:\Windows\System\QmopJhL.exe
  2⤵
  PID:4588
- C:\Windows\System\OrxnKjH.exe
  C:\Windows\System\OrxnKjH.exe
  2⤵
  PID:4608
- C:\Windows\System\CcbDjDY.exe
  C:\Windows\System\CcbDjDY.exe
  2⤵
  PID:4628
- C:\Windows\System\vmYSvhN.exe
  C:\Windows\System\vmYSvhN.exe
  2⤵
  PID:4648
- C:\Windows\System\SbobWen.exe
  C:\Windows\System\SbobWen.exe
  2⤵
  PID:4668
- C:\Windows\System\BddxXbz.exe
  C:\Windows\System\BddxXbz.exe
  2⤵
  PID:4688
- C:\Windows\System\qgLGalo.exe
  C:\Windows\System\qgLGalo.exe
  2⤵
  PID:4708
- C:\Windows\System\qvtPCun.exe
  C:\Windows\System\qvtPCun.exe
  2⤵
  PID:4724
- C:\Windows\System\nuLGMNx.exe
  C:\Windows\System\nuLGMNx.exe
  2⤵
  PID:4740
- C:\Windows\System\cRvYemm.exe
  C:\Windows\System\cRvYemm.exe
  2⤵
  PID:4768
- C:\Windows\System\WvhBsXv.exe
  C:\Windows\System\WvhBsXv.exe
  2⤵
  PID:4792
- C:\Windows\System\lqKlvUr.exe
  C:\Windows\System\lqKlvUr.exe
  2⤵
  PID:4808
- C:\Windows\System\MpRhVoq.exe
  C:\Windows\System\MpRhVoq.exe
  2⤵
  PID:4824
- C:\Windows\System\ycmXkAa.exe
  C:\Windows\System\ycmXkAa.exe
  2⤵
  PID:4840
- C:\Windows\System\YFZcDKG.exe
  C:\Windows\System\YFZcDKG.exe
  2⤵
  PID:4856
- C:\Windows\System\VaEuuIw.exe
  C:\Windows\System\VaEuuIw.exe
  2⤵
  PID:4876
- C:\Windows\System\bJpjGDH.exe
  C:\Windows\System\bJpjGDH.exe
  2⤵
  PID:4896
- C:\Windows\System\qQpQvaC.exe
  C:\Windows\System\qQpQvaC.exe
  2⤵
  PID:4912
- C:\Windows\System\QRtxGEH.exe
  C:\Windows\System\QRtxGEH.exe
  2⤵
  PID:4940
- C:\Windows\System\PEYiJRj.exe
  C:\Windows\System\PEYiJRj.exe
  2⤵
  PID:4956
- C:\Windows\System\TYEHJjs.exe
  C:\Windows\System\TYEHJjs.exe
  2⤵
  PID:4972
- C:\Windows\System\QlVeqzr.exe
  C:\Windows\System\QlVeqzr.exe
  2⤵
  PID:4988
- C:\Windows\System\jGApKos.exe
  C:\Windows\System\jGApKos.exe
  2⤵
  PID:5004
- C:\Windows\System\RFYnWUL.exe
  C:\Windows\System\RFYnWUL.exe
  2⤵
  PID:5024
- C:\Windows\System\XZLUvyv.exe
  C:\Windows\System\XZLUvyv.exe
  2⤵
  PID:5044
- C:\Windows\System\TMxAeqT.exe
  C:\Windows\System\TMxAeqT.exe
  2⤵
  PID:5060
- C:\Windows\System\pqWvVlh.exe
  C:\Windows\System\pqWvVlh.exe
  2⤵
  PID:5088
- C:\Windows\System\nSwuiJM.exe
  C:\Windows\System\nSwuiJM.exe
  2⤵
  PID:5108
- C:\Windows\System\oikTvlg.exe
  C:\Windows\System\oikTvlg.exe
  2⤵
  PID:3812
- C:\Windows\System\LqLVvpv.exe
  C:\Windows\System\LqLVvpv.exe
  2⤵
  PID:2872
- C:\Windows\System\ziiaSNg.exe
  C:\Windows\System\ziiaSNg.exe
  2⤵
  PID:4132
- C:\Windows\System\HtELDYf.exe
  C:\Windows\System\HtELDYf.exe
  2⤵
  PID:4172
- C:\Windows\System\OWmAraU.exe
  C:\Windows\System\OWmAraU.exe
  2⤵
  PID:4160
- C:\Windows\System\jUOgmMw.exe
  C:\Windows\System\jUOgmMw.exe
  2⤵
  PID:4200
- C:\Windows\System\qYOpjEO.exe
  C:\Windows\System\qYOpjEO.exe
  2⤵
  PID:4232
- C:\Windows\System\ivwnjSQ.exe
  C:\Windows\System\ivwnjSQ.exe
  2⤵
  PID:4240
- C:\Windows\System\geesTnJ.exe
  C:\Windows\System\geesTnJ.exe
  2⤵
  PID:4292
- C:\Windows\System\ymmNgaq.exe
  C:\Windows\System\ymmNgaq.exe
  2⤵
  PID:4312
- C:\Windows\System\ZZHQXwF.exe
  C:\Windows\System\ZZHQXwF.exe
  2⤵
  PID:4340
- C:\Windows\System\xDFXEHL.exe
  C:\Windows\System\xDFXEHL.exe
  2⤵
  PID:1964
- C:\Windows\System\BrZJsWB.exe
  C:\Windows\System\BrZJsWB.exe
  2⤵
  PID:4356
- C:\Windows\System\sbHBOsz.exe
  C:\Windows\System\sbHBOsz.exe
  2⤵
  PID:4416
- C:\Windows\System\kIGtvmo.exe
  C:\Windows\System\kIGtvmo.exe
  2⤵
  PID:4432
- C:\Windows\System\hAwAhKw.exe
  C:\Windows\System\hAwAhKw.exe
  2⤵
  PID:1056
- C:\Windows\System\zhxxprP.exe
  C:\Windows\System\zhxxprP.exe
  2⤵
  PID:4492
- C:\Windows\System\EqSvRUC.exe
  C:\Windows\System\EqSvRUC.exe
  2⤵
  PID:1796
- C:\Windows\System\cDQtjNv.exe
  C:\Windows\System\cDQtjNv.exe
  2⤵
  PID:4512
- C:\Windows\System\XEygJTX.exe
  C:\Windows\System\XEygJTX.exe
  2⤵
  PID:4580
- C:\Windows\System\DtLwNua.exe
  C:\Windows\System\DtLwNua.exe
  2⤵
  PID:1040
- C:\Windows\System\FXUwyvz.exe
  C:\Windows\System\FXUwyvz.exe
  2⤵
  PID:4600
- C:\Windows\System\rqXLtnf.exe
  C:\Windows\System\rqXLtnf.exe
  2⤵
  PID:3068
- C:\Windows\System\hDScQKS.exe
  C:\Windows\System\hDScQKS.exe
  2⤵
  PID:2228
- C:\Windows\System\wYwCIrV.exe
  C:\Windows\System\wYwCIrV.exe
  2⤵
  PID:2312
- C:\Windows\System\ZgJHOOD.exe
  C:\Windows\System\ZgJHOOD.exe
  2⤵
  PID:4676
- C:\Windows\System\LJNefmd.exe
  C:\Windows\System\LJNefmd.exe
  2⤵
  PID:2180
- C:\Windows\System\DSRkKEV.exe
  C:\Windows\System\DSRkKEV.exe
  2⤵
  PID:4760
- C:\Windows\System\JTAiSdf.exe
  C:\Windows\System\JTAiSdf.exe
  2⤵
  PID:4776
- C:\Windows\System\Kougdpd.exe
  C:\Windows\System\Kougdpd.exe
  2⤵
  PID:3792
- C:\Windows\System\AqwoKWw.exe
  C:\Windows\System\AqwoKWw.exe
  2⤵
  PID:4816
- C:\Windows\System\XinhNOT.exe
  C:\Windows\System\XinhNOT.exe
  2⤵
  PID:4892
- C:\Windows\System\ZHgoNrJ.exe
  C:\Windows\System\ZHgoNrJ.exe
  2⤵
  PID:4936
- C:\Windows\System\dRegPHM.exe
  C:\Windows\System\dRegPHM.exe
  2⤵
  PID:5000
- C:\Windows\System\MTcgKRp.exe
  C:\Windows\System\MTcgKRp.exe
  2⤵
  PID:5068
- C:\Windows\System\HFysZnI.exe
  C:\Windows\System\HFysZnI.exe
  2⤵
  PID:5012
- C:\Windows\System\YLelozB.exe
  C:\Windows\System\YLelozB.exe
  2⤵
  PID:5056
- C:\Windows\System\AyMjirN.exe
  C:\Windows\System\AyMjirN.exe
  2⤵
  PID:4952
- C:\Windows\System\mUUQOQd.exe
  C:\Windows\System\mUUQOQd.exe
  2⤵
  PID:3352
- C:\Windows\System\uSzUfWO.exe
  C:\Windows\System\uSzUfWO.exe
  2⤵
  PID:3276
- C:\Windows\System\lBfWHkI.exe
  C:\Windows\System\lBfWHkI.exe
  2⤵
  PID:4112
- C:\Windows\System\eHCvgNe.exe
  C:\Windows\System\eHCvgNe.exe
  2⤵
  PID:4180
- C:\Windows\System\wgDgjNz.exe
  C:\Windows\System\wgDgjNz.exe
  2⤵
  PID:4288
- C:\Windows\System\aZpwmZK.exe
  C:\Windows\System\aZpwmZK.exe
  2⤵
  PID:4360
- C:\Windows\System\IeOfnNC.exe
  C:\Windows\System\IeOfnNC.exe
  2⤵
  PID:4624
- C:\Windows\System\eOpVMtb.exe
  C:\Windows\System\eOpVMtb.exe
  2⤵
  PID:1868
- C:\Windows\System\CbMkPbF.exe
  C:\Windows\System\CbMkPbF.exe
  2⤵
  PID:3416
- C:\Windows\System\lgKOXNf.exe
  C:\Windows\System\lgKOXNf.exe
  2⤵
  PID:4656
- C:\Windows\System\LzaMysi.exe
  C:\Windows\System\LzaMysi.exe
  2⤵
  PID:1132
- C:\Windows\System\cmZnSGx.exe
  C:\Windows\System\cmZnSGx.exe
  2⤵
  PID:4752
- C:\Windows\System\UWgvdEI.exe
  C:\Windows\System\UWgvdEI.exe
  2⤵
  PID:4116
- C:\Windows\System\ttnCRCT.exe
  C:\Windows\System\ttnCRCT.exe
  2⤵
  PID:4496
- C:\Windows\System\snqWYET.exe
  C:\Windows\System\snqWYET.exe
  2⤵
  PID:4536
- C:\Windows\System\sRigUYU.exe
  C:\Windows\System\sRigUYU.exe
  2⤵
  PID:2136
- C:\Windows\System\kHLwzTt.exe
  C:\Windows\System\kHLwzTt.exe
  2⤵
  PID:4644
- C:\Windows\System\TKeLgYC.exe
  C:\Windows\System\TKeLgYC.exe
  2⤵
  PID:4596
- C:\Windows\System\kvvZcKn.exe
  C:\Windows\System\kvvZcKn.exe
  2⤵
  PID:4704
- C:\Windows\System\yZtjOQY.exe
  C:\Windows\System\yZtjOQY.exe
  2⤵
  PID:4924
- C:\Windows\System\RTOFOUH.exe
  C:\Windows\System\RTOFOUH.exe
  2⤵
  PID:4852
- C:\Windows\System\yDUSVsU.exe
  C:\Windows\System\yDUSVsU.exe
  2⤵
  PID:4748
- C:\Windows\System\yYaFadq.exe
  C:\Windows\System\yYaFadq.exe
  2⤵
  PID:5116
- C:\Windows\System\lIdJTpy.exe
  C:\Windows\System\lIdJTpy.exe
  2⤵
  PID:4848
- C:\Windows\System\YPKJAfa.exe
  C:\Windows\System\YPKJAfa.exe
  2⤵
  PID:4980
- C:\Windows\System\aVaFcwR.exe
  C:\Windows\System\aVaFcwR.exe
  2⤵
  PID:4540
- C:\Windows\System\CHDBFUM.exe
  C:\Windows\System\CHDBFUM.exe
  2⤵
  PID:4564
- C:\Windows\System\rDCoYSA.exe
  C:\Windows\System\rDCoYSA.exe
  2⤵
  PID:3788
- C:\Windows\System\BTZqFnl.exe
  C:\Windows\System\BTZqFnl.exe
  2⤵
  PID:2280
- C:\Windows\System\CTCkdpQ.exe
  C:\Windows\System\CTCkdpQ.exe
  2⤵
  PID:4260
- C:\Windows\System\mxMdjKn.exe
  C:\Windows\System\mxMdjKn.exe
  2⤵
  PID:4480
- C:\Windows\System\KVyNbrY.exe
  C:\Windows\System\KVyNbrY.exe
  2⤵
  PID:4864
- C:\Windows\System\zGIbcMl.exe
  C:\Windows\System\zGIbcMl.exe
  2⤵
  PID:5040
- C:\Windows\System\ZdaNQBH.exe
  C:\Windows\System\ZdaNQBH.exe
  2⤵
  PID:5052
- C:\Windows\System\KQfuUld.exe
  C:\Windows\System\KQfuUld.exe
  2⤵
  PID:4220
- C:\Windows\System\jBnDVbn.exe
  C:\Windows\System\jBnDVbn.exe
  2⤵
  PID:4584
- C:\Windows\System\khtcCse.exe
  C:\Windows\System\khtcCse.exe
  2⤵
  PID:4392
- C:\Windows\System\FQOBBdo.exe
  C:\Windows\System\FQOBBdo.exe
  2⤵
  PID:4436
- C:\Windows\System\HDrjhWd.exe
  C:\Windows\System\HDrjhWd.exe
  2⤵
  PID:4524
- C:\Windows\System\IEYUsJg.exe
  C:\Windows\System\IEYUsJg.exe
  2⤵
  PID:4300
- C:\Windows\System\wkEDFje.exe
  C:\Windows\System\wkEDFje.exe
  2⤵
  PID:4100
- C:\Windows\System\aWrrAjk.exe
  C:\Windows\System\aWrrAjk.exe
  2⤵
  PID:4460
- C:\Windows\System\eqElDKZ.exe
  C:\Windows\System\eqElDKZ.exe
  2⤵
  PID:4836
- C:\Windows\System\swrlZOM.exe
  C:\Windows\System\swrlZOM.exe
  2⤵
  PID:4296
- C:\Windows\System\XZKEBNW.exe
  C:\Windows\System\XZKEBNW.exe
  2⤵
  PID:4316
- C:\Windows\System\tfwTEJm.exe
  C:\Windows\System\tfwTEJm.exe
  2⤵
  PID:4720
- C:\Windows\System\vtQIAci.exe
  C:\Windows\System\vtQIAci.exe
  2⤵
  PID:4560
- C:\Windows\System\TmSUVRa.exe
  C:\Windows\System\TmSUVRa.exe
  2⤵
  PID:4680
- C:\Windows\System\MuHATaa.exe
  C:\Windows\System\MuHATaa.exe
  2⤵
  PID:5104
- C:\Windows\System\kSDpYjy.exe
  C:\Windows\System\kSDpYjy.exe
  2⤵
  PID:4176
- C:\Windows\System\wYybCTI.exe
  C:\Windows\System\wYybCTI.exe
  2⤵
  PID:4932
- C:\Windows\System\qRlonVV.exe
  C:\Windows\System\qRlonVV.exe
  2⤵
  PID:2768
- C:\Windows\System\GxRAZDX.exe
  C:\Windows\System\GxRAZDX.exe
  2⤵
  PID:4576
- C:\Windows\System\JvlAjHY.exe
  C:\Windows\System\JvlAjHY.exe
  2⤵
  PID:4440
- C:\Windows\System\ZtJIXcF.exe
  C:\Windows\System\ZtJIXcF.exe
  2⤵
  PID:5128
- C:\Windows\System\GsRIBVI.exe
  C:\Windows\System\GsRIBVI.exe
  2⤵
  PID:5144
- C:\Windows\System\lwjgVQN.exe
  C:\Windows\System\lwjgVQN.exe
  2⤵
  PID:5192
- C:\Windows\System\oEDpqxr.exe
  C:\Windows\System\oEDpqxr.exe
  2⤵
  PID:5208
- C:\Windows\System\QqkPhcY.exe
  C:\Windows\System\QqkPhcY.exe
  2⤵
  PID:5224
- C:\Windows\System\finxfYc.exe
  C:\Windows\System\finxfYc.exe
  2⤵
  PID:5240
- C:\Windows\System\ltvYVVo.exe
  C:\Windows\System\ltvYVVo.exe
  2⤵
  PID:5256
- C:\Windows\System\dDjLmqo.exe
  C:\Windows\System\dDjLmqo.exe
  2⤵
  PID:5276
- C:\Windows\System\YvAKoqa.exe
  C:\Windows\System\YvAKoqa.exe
  2⤵
  PID:5296
- C:\Windows\System\vmldIAL.exe
  C:\Windows\System\vmldIAL.exe
  2⤵
  PID:5312
- C:\Windows\System\gYvGoYb.exe
  C:\Windows\System\gYvGoYb.exe
  2⤵
  PID:5328
- C:\Windows\System\VxhyoPG.exe
  C:\Windows\System\VxhyoPG.exe
  2⤵
  PID:5344
- C:\Windows\System\krbfQkI.exe
  C:\Windows\System\krbfQkI.exe
  2⤵
  PID:5364
- C:\Windows\System\DsvJylw.exe
  C:\Windows\System\DsvJylw.exe
  2⤵
  PID:5384
- C:\Windows\System\RLvKNlP.exe
  C:\Windows\System\RLvKNlP.exe
  2⤵
  PID:5400
- C:\Windows\System\OcDDlex.exe
  C:\Windows\System\OcDDlex.exe
  2⤵
  PID:5448
- C:\Windows\System\HlWHueh.exe
  C:\Windows\System\HlWHueh.exe
  2⤵
  PID:5472
- C:\Windows\System\hjNThPp.exe
  C:\Windows\System\hjNThPp.exe
  2⤵
  PID:5488
- C:\Windows\System\gsSVAZL.exe
  C:\Windows\System\gsSVAZL.exe
  2⤵
  PID:5504
- C:\Windows\System\ctWuwbm.exe
  C:\Windows\System\ctWuwbm.exe
  2⤵
  PID:5520
- C:\Windows\System\faqYZTL.exe
  C:\Windows\System\faqYZTL.exe
  2⤵
  PID:5536
- C:\Windows\System\dgJqUYm.exe
  C:\Windows\System\dgJqUYm.exe
  2⤵
  PID:5560
- C:\Windows\System\WNafPDo.exe
  C:\Windows\System\WNafPDo.exe
  2⤵
  PID:5576
- C:\Windows\System\KNEQyKH.exe
  C:\Windows\System\KNEQyKH.exe
  2⤵
  PID:5592
- C:\Windows\System\RBXJwcN.exe
  C:\Windows\System\RBXJwcN.exe
  2⤵
  PID:5612
- C:\Windows\System\jTVpFpe.exe
  C:\Windows\System\jTVpFpe.exe
  2⤵
  PID:5632
- C:\Windows\System\RuPWAJf.exe
  C:\Windows\System\RuPWAJf.exe
  2⤵
  PID:5672
- C:\Windows\System\ePzchHj.exe
  C:\Windows\System\ePzchHj.exe
  2⤵
  PID:5688
- C:\Windows\System\LzEElbe.exe
  C:\Windows\System\LzEElbe.exe
  2⤵
  PID:5704
- C:\Windows\System\HDVIMGP.exe
  C:\Windows\System\HDVIMGP.exe
  2⤵
  PID:5720
- C:\Windows\System\yCodWxY.exe
  C:\Windows\System\yCodWxY.exe
  2⤵
  PID:5748
- C:\Windows\System\AzGODCp.exe
  C:\Windows\System\AzGODCp.exe
  2⤵
  PID:5772
- C:\Windows\System\bClZuUQ.exe
  C:\Windows\System\bClZuUQ.exe
  2⤵
  PID:5788
- C:\Windows\System\QEkwjyg.exe
  C:\Windows\System\QEkwjyg.exe
  2⤵
  PID:5804
- C:\Windows\System\MJwleSv.exe
  C:\Windows\System\MJwleSv.exe
  2⤵
  PID:5824
- C:\Windows\System\BTkTkek.exe
  C:\Windows\System\BTkTkek.exe
  2⤵
  PID:5840
- C:\Windows\System\ZAjdXNJ.exe
  C:\Windows\System\ZAjdXNJ.exe
  2⤵
  PID:5860
- C:\Windows\System\qLKfvzw.exe
  C:\Windows\System\qLKfvzw.exe
  2⤵
  PID:5876
- C:\Windows\System\XeZfZah.exe
  C:\Windows\System\XeZfZah.exe
  2⤵
  PID:5908
- C:\Windows\System\nKSKhdA.exe
  C:\Windows\System\nKSKhdA.exe
  2⤵
  PID:5924
- C:\Windows\System\OBWRXjN.exe
  C:\Windows\System\OBWRXjN.exe
  2⤵
  PID:5944
- C:\Windows\System\ePFjTMA.exe
  C:\Windows\System\ePFjTMA.exe
  2⤵
  PID:5960
- C:\Windows\System\WtoJMbl.exe
  C:\Windows\System\WtoJMbl.exe
  2⤵
  PID:5976
- C:\Windows\System\CNZTpoU.exe
  C:\Windows\System\CNZTpoU.exe
  2⤵
  PID:5992
- C:\Windows\System\APiaQrh.exe
  C:\Windows\System\APiaQrh.exe
  2⤵
  PID:6012
- C:\Windows\System\zXlxsYJ.exe
  C:\Windows\System\zXlxsYJ.exe
  2⤵
  PID:6032
- C:\Windows\System\fjfUfoS.exe
  C:\Windows\System\fjfUfoS.exe
  2⤵
  PID:6052
- C:\Windows\System\yKlUtWZ.exe
  C:\Windows\System\yKlUtWZ.exe
  2⤵
  PID:6068
- C:\Windows\System\tFQpijP.exe
  C:\Windows\System\tFQpijP.exe
  2⤵
  PID:6116
- C:\Windows\System\tFfhkwa.exe
  C:\Windows\System\tFfhkwa.exe
  2⤵
  PID:6132
- C:\Windows\System\sFlfKKI.exe
  C:\Windows\System\sFlfKKI.exe
  2⤵
  PID:4620
- C:\Windows\System\GuJxAtG.exe
  C:\Windows\System\GuJxAtG.exe
  2⤵
  PID:5156
- C:\Windows\System\qzgWpII.exe
  C:\Windows\System\qzgWpII.exe
  2⤵
  PID:4456
- C:\Windows\System\TtBKCRg.exe
  C:\Windows\System\TtBKCRg.exe
  2⤵
  PID:5140
- C:\Windows\System\RmgTwKX.exe
  C:\Windows\System\RmgTwKX.exe
  2⤵
  PID:5184
- C:\Windows\System\UbIzxXZ.exe
  C:\Windows\System\UbIzxXZ.exe
  2⤵
  PID:5216
- C:\Windows\System\rjFOAQx.exe
  C:\Windows\System\rjFOAQx.exe
  2⤵
  PID:5292
- C:\Windows\System\OyiiLYW.exe
  C:\Windows\System\OyiiLYW.exe
  2⤵
  PID:5356
- C:\Windows\System\BTEGlvC.exe
  C:\Windows\System\BTEGlvC.exe
  2⤵
  PID:5272
- C:\Windows\System\DkptNcs.exe
  C:\Windows\System\DkptNcs.exe
  2⤵
  PID:5376
- C:\Windows\System\pQGNves.exe
  C:\Windows\System\pQGNves.exe
  2⤵
  PID:5420
- C:\Windows\System\LJlUlFd.exe
  C:\Windows\System\LJlUlFd.exe
  2⤵
  PID:5436
- C:\Windows\System\xrhOEEM.exe
  C:\Windows\System\xrhOEEM.exe
  2⤵
  PID:5460
- C:\Windows\System\TFsBPlr.exe
  C:\Windows\System\TFsBPlr.exe
  2⤵
  PID:5532
- C:\Windows\System\QaijJsq.exe
  C:\Windows\System\QaijJsq.exe
  2⤵
  PID:5480
- C:\Windows\System\Mhyhpsb.exe
  C:\Windows\System\Mhyhpsb.exe
  2⤵
  PID:5548
- C:\Windows\System\QCFmfdu.exe
  C:\Windows\System\QCFmfdu.exe
  2⤵
  PID:5644
- C:\Windows\System\YtLeocJ.exe
  C:\Windows\System\YtLeocJ.exe
  2⤵
  PID:5660
- C:\Windows\System\LJybExT.exe
  C:\Windows\System\LJybExT.exe
  2⤵
  PID:5728
- C:\Windows\System\MpNacaf.exe
  C:\Windows\System\MpNacaf.exe
  2⤵
  PID:5744
- C:\Windows\System\WxHlVmo.exe
  C:\Windows\System\WxHlVmo.exe
  2⤵
  PID:5624
- C:\Windows\System\RmKoCXk.exe
  C:\Windows\System\RmKoCXk.exe
  2⤵
  PID:5732
- C:\Windows\System\bZqNlRU.exe
  C:\Windows\System\bZqNlRU.exe
  2⤵
  PID:5768
- C:\Windows\System\IOVsSJV.exe
  C:\Windows\System\IOVsSJV.exe
  2⤵
  PID:5884
- C:\Windows\System\kpAOySt.exe
  C:\Windows\System\kpAOySt.exe
  2⤵
  PID:5900
- C:\Windows\System\ujoIvxc.exe
  C:\Windows\System\ujoIvxc.exe
  2⤵
  PID:5940
- C:\Windows\System\OfGuwal.exe
  C:\Windows\System\OfGuwal.exe
  2⤵
  PID:6004
- C:\Windows\System\iLAGVtb.exe
  C:\Windows\System\iLAGVtb.exe
  2⤵
  PID:5800
- C:\Windows\System\mQHgApG.exe
  C:\Windows\System\mQHgApG.exe
  2⤵
  PID:5952
- C:\Windows\System\YkgEGuQ.exe
  C:\Windows\System\YkgEGuQ.exe
  2⤵
  PID:6020
- C:\Windows\System\CbVLuTG.exe
  C:\Windows\System\CbVLuTG.exe
  2⤵
  PID:6064
- C:\Windows\System\Rdvnhcv.exe
  C:\Windows\System\Rdvnhcv.exe
  2⤵
  PID:6048
- C:\Windows\System\LBeQBGp.exe
  C:\Windows\System\LBeQBGp.exe
  2⤵
  PID:6096
- C:\Windows\System\adbPXFb.exe
  C:\Windows\System\adbPXFb.exe
  2⤵
  PID:6140
- C:\Windows\System\oKfuNIQ.exe
  C:\Windows\System\oKfuNIQ.exe
  2⤵
  PID:5180
- C:\Windows\System\eYUYkvR.exe
  C:\Windows\System\eYUYkvR.exe
  2⤵
  PID:6128
- C:\Windows\System\PvpaXKO.exe
  C:\Windows\System\PvpaXKO.exe
  2⤵
  PID:5252
- C:\Windows\System\cRAYnVW.exe
  C:\Windows\System\cRAYnVW.exe
  2⤵
  PID:5288
- C:\Windows\System\wMwcQex.exe
  C:\Windows\System\wMwcQex.exe
  2⤵
  PID:5352
- C:\Windows\System\GdmPkwc.exe
  C:\Windows\System\GdmPkwc.exe
  2⤵
  PID:5408
- C:\Windows\System\YlCRzCQ.exe
  C:\Windows\System\YlCRzCQ.exe
  2⤵
  PID:5412
- C:\Windows\System\Aetpzbu.exe
  C:\Windows\System\Aetpzbu.exe
  2⤵
  PID:5604
- C:\Windows\System\SHvCigK.exe
  C:\Windows\System\SHvCigK.exe
  2⤵
  PID:5432
- C:\Windows\System\AkpUOUo.exe
  C:\Windows\System\AkpUOUo.exe
  2⤵
  PID:5712
- C:\Windows\System\HgjJsDb.exe
  C:\Windows\System\HgjJsDb.exe
  2⤵
  PID:5784
- C:\Windows\System\HvhYJzy.exe
  C:\Windows\System\HvhYJzy.exe
  2⤵
  PID:5892
- C:\Windows\System\gOBZqBc.exe
  C:\Windows\System\gOBZqBc.exe
  2⤵
  PID:5916
- C:\Windows\System\gZEguCv.exe
  C:\Windows\System\gZEguCv.exe
  2⤵
  PID:5164
- C:\Windows\System\FopWzlA.exe
  C:\Windows\System\FopWzlA.exe
  2⤵
  PID:5168
- C:\Windows\System\KzDVpOa.exe
  C:\Windows\System\KzDVpOa.exe
  2⤵
  PID:5340
- C:\Windows\System\OyPyYBe.exe
  C:\Windows\System\OyPyYBe.exe
  2⤵
  PID:5416
- C:\Windows\System\QiFCrdJ.exe
  C:\Windows\System\QiFCrdJ.exe
  2⤵
  PID:5500
- C:\Windows\System\rTcGeqL.exe
  C:\Windows\System\rTcGeqL.exe
  2⤵
  PID:6000
- C:\Windows\System\eVLqxfY.exe
  C:\Windows\System\eVLqxfY.exe
  2⤵
  PID:6092
- C:\Windows\System\EVYUpNw.exe
  C:\Windows\System\EVYUpNw.exe
  2⤵
  PID:5856
- C:\Windows\System\HNdbSUw.exe
  C:\Windows\System\HNdbSUw.exe
  2⤵
  PID:6148
- C:\Windows\System\pxWKrZV.exe
  C:\Windows\System\pxWKrZV.exe
  2⤵
  PID:6176
- C:\Windows\System\jgzBBVn.exe
  C:\Windows\System\jgzBBVn.exe
  2⤵
  PID:6208
- C:\Windows\System\cLMYwnS.exe
  C:\Windows\System\cLMYwnS.exe
  2⤵
  PID:6224
- C:\Windows\System\VgyKEPq.exe
  C:\Windows\System\VgyKEPq.exe
  2⤵
  PID:6240
- C:\Windows\System\NzKHlRg.exe
  C:\Windows\System\NzKHlRg.exe
  2⤵
  PID:6256
- C:\Windows\System\lwTqIdm.exe
  C:\Windows\System\lwTqIdm.exe
  2⤵
  PID:6276
- C:\Windows\System\NOKXSoH.exe
  C:\Windows\System\NOKXSoH.exe
  2⤵
  PID:6312
- C:\Windows\System\kPATcWc.exe
  C:\Windows\System\kPATcWc.exe
  2⤵
  PID:6328
- C:\Windows\System\ibEAeAW.exe
  C:\Windows\System\ibEAeAW.exe
  2⤵
  PID:6348
- C:\Windows\System\eRLbdrd.exe
  C:\Windows\System\eRLbdrd.exe
  2⤵
  PID:6364
- C:\Windows\System\UZrodFD.exe
  C:\Windows\System\UZrodFD.exe
  2⤵
  PID:6380
- C:\Windows\System\NMPKAED.exe
  C:\Windows\System\NMPKAED.exe
  2⤵
  PID:6396
- C:\Windows\System\mJnuooK.exe
  C:\Windows\System\mJnuooK.exe
  2⤵
  PID:6412
- C:\Windows\System\kLrSRHh.exe
  C:\Windows\System\kLrSRHh.exe
  2⤵
  PID:6460
- C:\Windows\System\rgnpsnX.exe
  C:\Windows\System\rgnpsnX.exe
  2⤵
  PID:6480
- C:\Windows\System\rvUpUba.exe
  C:\Windows\System\rvUpUba.exe
  2⤵
  PID:6496
- C:\Windows\System\IZwqCje.exe
  C:\Windows\System\IZwqCje.exe
  2⤵
  PID:6512
- C:\Windows\System\YZbGbfN.exe
  C:\Windows\System\YZbGbfN.exe
  2⤵
  PID:6532
- C:\Windows\System\qZElfkA.exe
  C:\Windows\System\qZElfkA.exe
  2⤵
  PID:6552
- C:\Windows\System\qDqkASf.exe
  C:\Windows\System\qDqkASf.exe
  2⤵
  PID:6576
- C:\Windows\System\nppwtWe.exe
  C:\Windows\System\nppwtWe.exe
  2⤵
  PID:6596
- C:\Windows\System\jvJsyZi.exe
  C:\Windows\System\jvJsyZi.exe
  2⤵
  PID:6620
- C:\Windows\System\uCMARpl.exe
  C:\Windows\System\uCMARpl.exe
  2⤵
  PID:6640
- C:\Windows\System\CeKAweG.exe
  C:\Windows\System\CeKAweG.exe
  2⤵
  PID:6660
- C:\Windows\System\cJYCYNc.exe
  C:\Windows\System\cJYCYNc.exe
  2⤵
  PID:6676
- C:\Windows\System\jRMOzYW.exe
  C:\Windows\System\jRMOzYW.exe
  2⤵
  PID:6692
- C:\Windows\System\sFOpjoq.exe
  C:\Windows\System\sFOpjoq.exe
  2⤵
  PID:6708
- C:\Windows\System\AnPODof.exe
  C:\Windows\System\AnPODof.exe
  2⤵
  PID:6744
- C:\Windows\System\OMKMzon.exe
  C:\Windows\System\OMKMzon.exe
  2⤵
  PID:6768
- C:\Windows\System\WCTzKXd.exe
  C:\Windows\System\WCTzKXd.exe
  2⤵
  PID:6784
- C:\Windows\System\RFcJHpd.exe
  C:\Windows\System\RFcJHpd.exe
  2⤵
  PID:6800
- C:\Windows\System\JeOFnwT.exe
  C:\Windows\System\JeOFnwT.exe
  2⤵
  PID:6816
- C:\Windows\System\QzDDyHT.exe
  C:\Windows\System\QzDDyHT.exe
  2⤵
  PID:6836
- C:\Windows\System\innVnTM.exe
  C:\Windows\System\innVnTM.exe
  2⤵
  PID:6860
- C:\Windows\System\kbenbYJ.exe
  C:\Windows\System\kbenbYJ.exe
  2⤵
  PID:6876
- C:\Windows\System\ldGbdpB.exe
  C:\Windows\System\ldGbdpB.exe
  2⤵
  PID:6900
- C:\Windows\System\FgLtRqT.exe
  C:\Windows\System\FgLtRqT.exe
  2⤵
  PID:6916
- C:\Windows\System\ToSifFX.exe
  C:\Windows\System\ToSifFX.exe
  2⤵
  PID:6932
- C:\Windows\System\AbZTIEZ.exe
  C:\Windows\System\AbZTIEZ.exe
  2⤵
  PID:6948
- C:\Windows\System\iYLUFHt.exe
  C:\Windows\System\iYLUFHt.exe
  2⤵
  PID:6964
- C:\Windows\System\fjAQNJj.exe
  C:\Windows\System\fjAQNJj.exe
  2⤵
  PID:6996
- C:\Windows\System\PbPTCwe.exe
  C:\Windows\System\PbPTCwe.exe
  2⤵
  PID:7016
- C:\Windows\System\SiPRjoF.exe
  C:\Windows\System\SiPRjoF.exe
  2⤵
  PID:7032
- C:\Windows\System\pqYXkSO.exe
  C:\Windows\System\pqYXkSO.exe
  2⤵
  PID:7048
- C:\Windows\System\cAjsoab.exe
  C:\Windows\System\cAjsoab.exe
  2⤵
  PID:7064
- C:\Windows\System\yBdBjOB.exe
  C:\Windows\System\yBdBjOB.exe
  2⤵
  PID:7080
- C:\Windows\System\TDNqBsH.exe
  C:\Windows\System\TDNqBsH.exe
  2⤵
  PID:7096
- C:\Windows\System\foFEbKi.exe
  C:\Windows\System\foFEbKi.exe
  2⤵
  PID:7148
- C:\Windows\System\bxGKVCm.exe
  C:\Windows\System\bxGKVCm.exe
  2⤵
  PID:7164
- C:\Windows\System\VYnxOgU.exe
  C:\Windows\System\VYnxOgU.exe
  2⤵
  PID:5984
- C:\Windows\System\iMsUSPF.exe
  C:\Windows\System\iMsUSPF.exe
  2⤵
  PID:6044
- C:\Windows\System\zIaIqmg.exe
  C:\Windows\System\zIaIqmg.exe
  2⤵
  PID:5556
- C:\Windows\System\GpRgXNl.exe
  C:\Windows\System\GpRgXNl.exe
  2⤵
  PID:5584
- C:\Windows\System\jPfIKij.exe
  C:\Windows\System\jPfIKij.exe
  2⤵
  PID:5456
- C:\Windows\System\EtglEtB.exe
  C:\Windows\System\EtglEtB.exe
  2⤵
  PID:5684
- C:\Windows\System\qjzuxNq.exe
  C:\Windows\System\qjzuxNq.exe
  2⤵
  PID:6060
- C:\Windows\System\Yfbowit.exe
  C:\Windows\System\Yfbowit.exe
  2⤵
  PID:6156
- C:\Windows\System\HiBrLap.exe
  C:\Windows\System\HiBrLap.exe
  2⤵
  PID:6088
- C:\Windows\System\fgsdozH.exe
  C:\Windows\System\fgsdozH.exe
  2⤵
  PID:5756
- C:\Windows\System\yLhcYPt.exe
  C:\Windows\System\yLhcYPt.exe
  2⤵
  PID:5200
- C:\Windows\System\uoMWcGX.exe
  C:\Windows\System\uoMWcGX.exe
  2⤵
  PID:5932
- C:\Windows\System\VBXvQIR.exe
  C:\Windows\System\VBXvQIR.exe
  2⤵
  PID:6220
- C:\Windows\System\lbXTAby.exe
  C:\Windows\System\lbXTAby.exe
  2⤵
  PID:6300
- C:\Windows\System\dEopEKN.exe
  C:\Windows\System\dEopEKN.exe
  2⤵
  PID:6192
- C:\Windows\System\uVWIFFV.exe
  C:\Windows\System\uVWIFFV.exe
  2⤵
  PID:6344
- C:\Windows\System\rBKKRdw.exe
  C:\Windows\System\rBKKRdw.exe
  2⤵
  PID:6408
- C:\Windows\System\pfgXmNv.exe
  C:\Windows\System\pfgXmNv.exe
  2⤵
  PID:6356
- C:\Windows\System\HjAjxBh.exe
  C:\Windows\System\HjAjxBh.exe
  2⤵
  PID:6232
- C:\Windows\System\mnAqMiQ.exe
  C:\Windows\System\mnAqMiQ.exe
  2⤵
  PID:6388
- C:\Windows\System\ciqNLff.exe
  C:\Windows\System\ciqNLff.exe
  2⤵
  PID:6432
- C:\Windows\System\VSPFeTp.exe
  C:\Windows\System\VSPFeTp.exe
  2⤵
  PID:6448
- C:\Windows\System\LinIvHq.exe
  C:\Windows\System\LinIvHq.exe
  2⤵
  PID:6468
- C:\Windows\System\MeFYtpA.exe
  C:\Windows\System\MeFYtpA.exe
  2⤵
  PID:6508
- C:\Windows\System\gPGdXjb.exe
  C:\Windows\System\gPGdXjb.exe
  2⤵
  PID:6528
- C:\Windows\System\SkvpFMO.exe
  C:\Windows\System\SkvpFMO.exe
  2⤵
  PID:6668
- C:\Windows\System\GKMeIrv.exe
  C:\Windows\System\GKMeIrv.exe
  2⤵
  PID:6612
- C:\Windows\System\izigWWA.exe
  C:\Windows\System\izigWWA.exe
  2⤵
  PID:6736
- C:\Windows\System\yQfKduU.exe
  C:\Windows\System\yQfKduU.exe
  2⤵
  PID:6732
- C:\Windows\System\dgobuci.exe
  C:\Windows\System\dgobuci.exe
  2⤵
  PID:6776
- C:\Windows\System\gYEDAof.exe
  C:\Windows\System\gYEDAof.exe
  2⤵
  PID:6824
- C:\Windows\System\EPxUBme.exe
  C:\Windows\System\EPxUBme.exe
  2⤵
  PID:6808
- C:\Windows\System\tUtujaj.exe
  C:\Windows\System\tUtujaj.exe
  2⤵
  PID:6908
- C:\Windows\System\hShTPgP.exe
  C:\Windows\System\hShTPgP.exe
  2⤵
  PID:6856
- C:\Windows\System\dIOsEjr.exe
  C:\Windows\System\dIOsEjr.exe
  2⤵
  PID:6984
- C:\Windows\System\wxqpudf.exe
  C:\Windows\System\wxqpudf.exe
  2⤵
  PID:6892
- C:\Windows\System\ImsAojF.exe
  C:\Windows\System\ImsAojF.exe
  2⤵
  PID:6896
- C:\Windows\System\IweORad.exe
  C:\Windows\System\IweORad.exe
  2⤵
  PID:7060
- C:\Windows\System\ukDFJuJ.exe
  C:\Windows\System\ukDFJuJ.exe
  2⤵
  PID:7008
- C:\Windows\System\VtewMAR.exe
  C:\Windows\System\VtewMAR.exe
  2⤵
  PID:7156
- C:\Windows\System\GnkOrUs.exe
  C:\Windows\System\GnkOrUs.exe
  2⤵
  PID:7160
- C:\Windows\System\CGYBMid.exe
  C:\Windows\System\CGYBMid.exe
  2⤵
  PID:6040
- C:\Windows\System\fbYmSnS.exe
  C:\Windows\System\fbYmSnS.exe
  2⤵
  PID:7140
- C:\Windows\System\FGqXufI.exe
  C:\Windows\System\FGqXufI.exe
  2⤵
  PID:5872
- C:\Windows\System\XqCXYRx.exe
  C:\Windows\System\XqCXYRx.exe
  2⤵
  PID:6108
- C:\Windows\System\qNzwWSg.exe
  C:\Windows\System\qNzwWSg.exe
  2⤵
  PID:5652
- C:\Windows\System\EUGPXCF.exe
  C:\Windows\System\EUGPXCF.exe
  2⤵
  PID:5972
- C:\Windows\System\xugWCTZ.exe
  C:\Windows\System\xugWCTZ.exe
  2⤵
  PID:6288
- C:\Windows\System\uWeevLy.exe
  C:\Windows\System\uWeevLy.exe
  2⤵
  PID:5136
- C:\Windows\System\vbBhFMa.exe
  C:\Windows\System\vbBhFMa.exe
  2⤵
  PID:6428
- C:\Windows\System\CGsQHTt.exe
  C:\Windows\System\CGsQHTt.exe
  2⤵
  PID:6592
- C:\Windows\System\EDQGesi.exe
  C:\Windows\System\EDQGesi.exe
  2⤵
  PID:6440
- C:\Windows\System\AlfqPbS.exe
  C:\Windows\System\AlfqPbS.exe
  2⤵
  PID:6568
- C:\Windows\System\CmFiPzz.exe
  C:\Windows\System\CmFiPzz.exe
  2⤵
  PID:6636
- C:\Windows\System\ILNjfRr.exe
  C:\Windows\System\ILNjfRr.exe
  2⤵
  PID:5668
- C:\Windows\System\ZysWHPm.exe
  C:\Windows\System\ZysWHPm.exe
  2⤵
  PID:6672
- C:\Windows\System\DUMmTTD.exe
  C:\Windows\System\DUMmTTD.exe
  2⤵
  PID:6420
- C:\Windows\System\NLxOkqO.exe
  C:\Windows\System\NLxOkqO.exe
  2⤵
  PID:6740
- C:\Windows\System\MkgsSSZ.exe
  C:\Windows\System\MkgsSSZ.exe
  2⤵
  PID:6704
- C:\Windows\System\QDWeCDl.exe
  C:\Windows\System\QDWeCDl.exe
  2⤵
  PID:6720
- C:\Windows\System\LzVcLKJ.exe
  C:\Windows\System\LzVcLKJ.exe
  2⤵
  PID:6940
- C:\Windows\System\RUTcQLz.exe
  C:\Windows\System\RUTcQLz.exe
  2⤵
  PID:6844
- C:\Windows\System\ljyOcmY.exe
  C:\Windows\System\ljyOcmY.exe
  2⤵
  PID:7040
- C:\Windows\System\kmNoDsJ.exe
  C:\Windows\System\kmNoDsJ.exe
  2⤵
  PID:6992
- C:\Windows\System\dxxFqBP.exe
  C:\Windows\System\dxxFqBP.exe
  2⤵
  PID:7044
- C:\Windows\System\IynJlMl.exe
  C:\Windows\System\IynJlMl.exe
  2⤵
  PID:7072
- C:\Windows\System\tiCUvCl.exe
  C:\Windows\System\tiCUvCl.exe
  2⤵
  PID:7132
- C:\Windows\System\UkcXWIo.exe
  C:\Windows\System\UkcXWIo.exe
  2⤵
  PID:5848
- C:\Windows\System\JIjBCkQ.exe
  C:\Windows\System\JIjBCkQ.exe
  2⤵
  PID:5868
- C:\Windows\System\LqcszXx.exe
  C:\Windows\System\LqcszXx.exe
  2⤵
  PID:5284
- C:\Windows\System\opDpGrh.exe
  C:\Windows\System\opDpGrh.exe
  2⤵
  PID:5392
- C:\Windows\System\DTEtzev.exe
  C:\Windows\System\DTEtzev.exe
  2⤵
  PID:6520
- C:\Windows\System\XgkFaev.exe
  C:\Windows\System\XgkFaev.exe
  2⤵
  PID:6476
- C:\Windows\System\SrLlfRk.exe
  C:\Windows\System\SrLlfRk.exe
  2⤵
  PID:6324
- C:\Windows\System\yzJVuDP.exe
  C:\Windows\System\yzJVuDP.exe
  2⤵
  PID:6728
- C:\Windows\System\JbMZDPF.exe
  C:\Windows\System\JbMZDPF.exe
  2⤵
  PID:7028
- C:\Windows\System\dJibucm.exe
  C:\Windows\System\dJibucm.exe
  2⤵
  PID:6724
- C:\Windows\System\GzZyTWe.exe
  C:\Windows\System\GzZyTWe.exe
  2⤵
  PID:6812
- C:\Windows\System\FccMOzx.exe
  C:\Windows\System\FccMOzx.exe
  2⤵
  PID:5680
- C:\Windows\System\QasQSMp.exe
  C:\Windows\System\QasQSMp.exe
  2⤵
  PID:7116
- C:\Windows\System\amxXWbP.exe
  C:\Windows\System\amxXWbP.exe
  2⤵
  PID:5656
- C:\Windows\System\nwiIUyL.exe
  C:\Windows\System\nwiIUyL.exe
  2⤵
  PID:6188
- C:\Windows\System\hFpLLZG.exe
  C:\Windows\System\hFpLLZG.exe
  2⤵
  PID:5264
- C:\Windows\System\CRrdkMG.exe
  C:\Windows\System\CRrdkMG.exe
  2⤵
  PID:7136
- C:\Windows\System\hesBMIB.exe
  C:\Windows\System\hesBMIB.exe
  2⤵
  PID:6424
- C:\Windows\System\bUVOPZW.exe
  C:\Windows\System\bUVOPZW.exe
  2⤵
  PID:6832
- C:\Windows\System\gdgVFKU.exe
  C:\Windows\System\gdgVFKU.exe
  2⤵
  PID:6560
- C:\Windows\System\UNZQbEf.exe
  C:\Windows\System\UNZQbEf.exe
  2⤵
  PID:6216
- C:\Windows\System\KHprmuU.exe
  C:\Windows\System\KHprmuU.exe
  2⤵
  PID:6252
- C:\Windows\System\GrOusCd.exe
  C:\Windows\System\GrOusCd.exe
  2⤵
  PID:7104
- C:\Windows\System\LvCCUcx.exe
  C:\Windows\System\LvCCUcx.exe
  2⤵
  PID:6268
- C:\Windows\System\FUFeIdr.exe
  C:\Windows\System\FUFeIdr.exe
  2⤵
  PID:7056
- C:\Windows\System\dFSXsHU.exe
  C:\Windows\System\dFSXsHU.exe
  2⤵
  PID:6872
- C:\Windows\System\WCSlWlj.exe
  C:\Windows\System\WCSlWlj.exe
  2⤵
  PID:6628
- C:\Windows\System\XVmJzMT.exe
  C:\Windows\System\XVmJzMT.exe
  2⤵
  PID:6604
- C:\Windows\System\CmNfoga.exe
  C:\Windows\System\CmNfoga.exe
  2⤵
  PID:6688
- C:\Windows\System\dWrxLxE.exe
  C:\Windows\System\dWrxLxE.exe
  2⤵
  PID:6336
- C:\Windows\System\yAHGZjz.exe
  C:\Windows\System\yAHGZjz.exe
  2⤵
  PID:6172
- C:\Windows\System\LLLbdoq.exe
  C:\Windows\System\LLLbdoq.exe
  2⤵
  PID:7012
- C:\Windows\System\svSOcol.exe
  C:\Windows\System\svSOcol.exe
  2⤵
  PID:7188
- C:\Windows\System\SttSiVt.exe
  C:\Windows\System\SttSiVt.exe
  2⤵
  PID:7208
- C:\Windows\System\IdIDrwM.exe
  C:\Windows\System\IdIDrwM.exe
  2⤵
  PID:7224
- C:\Windows\System\vOXjWoE.exe
  C:\Windows\System\vOXjWoE.exe
  2⤵
  PID:7240
- C:\Windows\System\fpaPbNe.exe
  C:\Windows\System\fpaPbNe.exe
  2⤵
  PID:7264
- C:\Windows\System\noRhVpB.exe
  C:\Windows\System\noRhVpB.exe
  2⤵
  PID:7284
- C:\Windows\System\prxydHk.exe
  C:\Windows\System\prxydHk.exe
  2⤵
  PID:7300
- C:\Windows\System\ZrqKrij.exe
  C:\Windows\System\ZrqKrij.exe
  2⤵
  PID:7316
- C:\Windows\System\fCCGRab.exe
  C:\Windows\System\fCCGRab.exe
  2⤵
  PID:7344
- C:\Windows\System\qnfxiaK.exe
  C:\Windows\System\qnfxiaK.exe
  2⤵
  PID:7360
- C:\Windows\System\CjhDzro.exe
  C:\Windows\System\CjhDzro.exe
  2⤵
  PID:7384
- C:\Windows\System\wakzCyM.exe
  C:\Windows\System\wakzCyM.exe
  2⤵
  PID:7400
- C:\Windows\System\ghrmxtX.exe
  C:\Windows\System\ghrmxtX.exe
  2⤵
  PID:7420
- C:\Windows\System\lUJvdKG.exe
  C:\Windows\System\lUJvdKG.exe
  2⤵
  PID:7436
- C:\Windows\System\nMSZfeP.exe
  C:\Windows\System\nMSZfeP.exe
  2⤵
  PID:7464
- C:\Windows\System\fBdMhgf.exe
  C:\Windows\System\fBdMhgf.exe
  2⤵
  PID:7484
- C:\Windows\System\OsQbFLT.exe
  C:\Windows\System\OsQbFLT.exe
  2⤵
  PID:7500
- C:\Windows\System\ZzNHaPK.exe
  C:\Windows\System\ZzNHaPK.exe
  2⤵
  PID:7516
- C:\Windows\System\GIQNaGe.exe
  C:\Windows\System\GIQNaGe.exe
  2⤵
  PID:7532
- C:\Windows\System\fSNPhBN.exe
  C:\Windows\System\fSNPhBN.exe
  2⤵
  PID:7548
- C:\Windows\System\LmrGdEs.exe
  C:\Windows\System\LmrGdEs.exe
  2⤵
  PID:7592
- C:\Windows\System\SElqRQW.exe
  C:\Windows\System\SElqRQW.exe
  2⤵
  PID:7608
- C:\Windows\System\hcxJRXb.exe
  C:\Windows\System\hcxJRXb.exe
  2⤵
  PID:7632
- C:\Windows\System\SzoylbX.exe
  C:\Windows\System\SzoylbX.exe
  2⤵
  PID:7648
- C:\Windows\System\DtRoxkK.exe
  C:\Windows\System\DtRoxkK.exe
  2⤵
  PID:7676
- C:\Windows\System\IlGYRcZ.exe
  C:\Windows\System\IlGYRcZ.exe
  2⤵
  PID:7692
- C:\Windows\System\SnhiUqu.exe
  C:\Windows\System\SnhiUqu.exe
  2⤵
  PID:7712
- C:\Windows\System\ozdpBVr.exe
  C:\Windows\System\ozdpBVr.exe
  2⤵
  PID:7728
- C:\Windows\System\KvWQzFb.exe
  C:\Windows\System\KvWQzFb.exe
  2⤵
  PID:7744
- C:\Windows\System\pYbsTrt.exe
  C:\Windows\System\pYbsTrt.exe
  2⤵
  PID:7760
- C:\Windows\System\DhhbXcV.exe
  C:\Windows\System\DhhbXcV.exe
  2⤵
  PID:7784
- C:\Windows\System\Drrjcml.exe
  C:\Windows\System\Drrjcml.exe
  2⤵
  PID:7804
- C:\Windows\System\uCWJbAu.exe
  C:\Windows\System\uCWJbAu.exe
  2⤵
  PID:7836
- C:\Windows\System\fuSEUdi.exe
  C:\Windows\System\fuSEUdi.exe
  2⤵
  PID:7852
- C:\Windows\System\lPkPrpj.exe
  C:\Windows\System\lPkPrpj.exe
  2⤵
  PID:7868
- C:\Windows\System\YkKSyzA.exe
  C:\Windows\System\YkKSyzA.exe
  2⤵
  PID:7884
- C:\Windows\System\EfjTasg.exe
  C:\Windows\System\EfjTasg.exe
  2⤵
  PID:7900
- C:\Windows\System\uITWWke.exe
  C:\Windows\System\uITWWke.exe
  2⤵
  PID:7924
- C:\Windows\System\NXhLFcF.exe
  C:\Windows\System\NXhLFcF.exe
  2⤵
  PID:7944
- C:\Windows\System\eiRbFWP.exe
  C:\Windows\System\eiRbFWP.exe
  2⤵
  PID:7960
- C:\Windows\System\jgIIooh.exe
  C:\Windows\System\jgIIooh.exe
  2⤵
  PID:7976
- C:\Windows\System\HiWnTuq.exe
  C:\Windows\System\HiWnTuq.exe
  2⤵
  PID:7992
- C:\Windows\System\KvUlUZQ.exe
  C:\Windows\System\KvUlUZQ.exe
  2⤵
  PID:8016
- C:\Windows\System\tMvVyTp.exe
  C:\Windows\System\tMvVyTp.exe
  2⤵
  PID:8032
- C:\Windows\System\XzpxqFh.exe
  C:\Windows\System\XzpxqFh.exe
  2⤵
  PID:8048
- C:\Windows\System\lccjldc.exe
  C:\Windows\System\lccjldc.exe
  2⤵
  PID:8080
- C:\Windows\System\GJSnVeE.exe
  C:\Windows\System\GJSnVeE.exe
  2⤵
  PID:8124
- C:\Windows\System\hOLcqdt.exe
  C:\Windows\System\hOLcqdt.exe
  2⤵
  PID:8140
- C:\Windows\System\mVRMNnu.exe
  C:\Windows\System\mVRMNnu.exe
  2⤵
  PID:8160
- C:\Windows\System\newgVnm.exe
  C:\Windows\System\newgVnm.exe
  2⤵
  PID:8176
- C:\Windows\System\NpLDNtk.exe
  C:\Windows\System\NpLDNtk.exe
  2⤵
  PID:7172
- C:\Windows\System\WdPlHgG.exe
  C:\Windows\System\WdPlHgG.exe
  2⤵
  PID:7184
- C:\Windows\System\FcCvpel.exe
  C:\Windows\System\FcCvpel.exe
  2⤵
  PID:7248
- C:\Windows\System\vCvwvjG.exe
  C:\Windows\System\vCvwvjG.exe
  2⤵
  PID:7196
- C:\Windows\System\PvrKSKc.exe
  C:\Windows\System\PvrKSKc.exe
  2⤵
  PID:7292
- C:\Windows\System\mSMxxRC.exe
  C:\Windows\System\mSMxxRC.exe
  2⤵
  PID:7336
- C:\Windows\System\IDDQQZp.exe
  C:\Windows\System\IDDQQZp.exe
  2⤵
  PID:7372
- C:\Windows\System\wAXSKnU.exe
  C:\Windows\System\wAXSKnU.exe
  2⤵
  PID:6112
- C:\Windows\System\HPjGmrv.exe
  C:\Windows\System\HPjGmrv.exe
  2⤵
  PID:7456
- C:\Windows\System\yUTOKus.exe
  C:\Windows\System\yUTOKus.exe
  2⤵
  PID:7492
- C:\Windows\System\UuTYPEO.exe
  C:\Windows\System\UuTYPEO.exe
  2⤵
  PID:7556
- C:\Windows\System\QDthVyH.exe
  C:\Windows\System\QDthVyH.exe
  2⤵
  PID:7576
- C:\Windows\System\TvMLDMP.exe
  C:\Windows\System\TvMLDMP.exe
  2⤵
  PID:7544
- C:\Windows\System\YycWUDC.exe
  C:\Windows\System\YycWUDC.exe
  2⤵
  PID:7396
- C:\Windows\System\zlLCccS.exe
  C:\Windows\System\zlLCccS.exe
  2⤵
  PID:7432
- C:\Windows\System\JiFKiRE.exe
  C:\Windows\System\JiFKiRE.exe
  2⤵
  PID:7476
- C:\Windows\System\kgKDFzJ.exe
  C:\Windows\System\kgKDFzJ.exe
  2⤵
  PID:7512
- C:\Windows\System\ZKZzCWr.exe
  C:\Windows\System\ZKZzCWr.exe
  2⤵
  PID:7668
- C:\Windows\System\mawEtQU.exe
  C:\Windows\System\mawEtQU.exe
  2⤵
  PID:7708
- C:\Windows\System\AgucwzU.exe
  C:\Windows\System\AgucwzU.exe
  2⤵
  PID:7820
- C:\Windows\System\ZlbRJeb.exe
  C:\Windows\System\ZlbRJeb.exe
  2⤵
  PID:7688
- C:\Windows\System\GodRZrO.exe
  C:\Windows\System\GodRZrO.exe
  2⤵
  PID:7860
- C:\Windows\System\EFSBSOx.exe
  C:\Windows\System\EFSBSOx.exe
  2⤵
  PID:7940
- C:\Windows\System\GYuJelP.exe
  C:\Windows\System\GYuJelP.exe
  2⤵
  PID:8004
- C:\Windows\System\xXkhkBk.exe
  C:\Windows\System\xXkhkBk.exe
  2⤵
  PID:8044
- C:\Windows\System\dIMBMBS.exe
  C:\Windows\System\dIMBMBS.exe
  2⤵
  PID:7908
- C:\Windows\System\roJxztx.exe
  C:\Windows\System\roJxztx.exe
  2⤵
  PID:7988
- C:\Windows\System\OgMzIfA.exe
  C:\Windows\System\OgMzIfA.exe
  2⤵
  PID:8064
- C:\Windows\System\RShqrPY.exe
  C:\Windows\System\RShqrPY.exe
  2⤵
  PID:8096
- C:\Windows\System\PDrwNzz.exe
  C:\Windows\System\PDrwNzz.exe
  2⤵
  PID:8108
- C:\Windows\System\uoRvliv.exe
  C:\Windows\System\uoRvliv.exe
  2⤵
  PID:8152
- C:\Windows\System\bdSOFpZ.exe
  C:\Windows\System\bdSOFpZ.exe
  2⤵
  PID:8132
- C:\Windows\System\xkYzXZw.exe
  C:\Windows\System\xkYzXZw.exe
  2⤵
  PID:7220
- C:\Windows\System\PXvCuYL.exe
  C:\Windows\System\PXvCuYL.exe
  2⤵
  PID:7332
- C:\Windows\System\XOTDmjr.exe
  C:\Windows\System\XOTDmjr.exe
  2⤵
  PID:7252
- C:\Windows\System\tiBwckT.exe
  C:\Windows\System\tiBwckT.exe
  2⤵
  PID:6584
- C:\Windows\System\neDVYLk.exe
  C:\Windows\System\neDVYLk.exe
  2⤵
  PID:7412
- C:\Windows\System\nCwfRMy.exe
  C:\Windows\System\nCwfRMy.exe
  2⤵
  PID:7448
- C:\Windows\System\lhMCBuF.exe
  C:\Windows\System\lhMCBuF.exe
  2⤵
  PID:7588
- C:\Windows\System\KfKGail.exe
  C:\Windows\System\KfKGail.exe
  2⤵
  PID:7664
- C:\Windows\System\qKqXgea.exe
  C:\Windows\System\qKqXgea.exe
  2⤵
  PID:7600
- C:\Windows\System\JUHKtLR.exe
  C:\Windows\System\JUHKtLR.exe
  2⤵
  PID:7572
- C:\Windows\System\oRdWnIt.exe
  C:\Windows\System\oRdWnIt.exe
  2⤵
  PID:7656
- C:\Windows\System\rSZLhyF.exe
  C:\Windows\System\rSZLhyF.exe
  2⤵
  PID:7780
- C:\Windows\System\aTQfADV.exe
  C:\Windows\System\aTQfADV.exe
  2⤵
  PID:7796
- C:\Windows\System\DfAqDKW.exe
  C:\Windows\System\DfAqDKW.exe
  2⤵
  PID:7896
- C:\Windows\System\yjdTVwW.exe
  C:\Windows\System\yjdTVwW.exe
  2⤵
  PID:8000
- C:\Windows\System\LUywTEQ.exe
  C:\Windows\System\LUywTEQ.exe
  2⤵
  PID:8068
- C:\Windows\System\OSEhEAD.exe
  C:\Windows\System\OSEhEAD.exe
  2⤵
  PID:7956
- C:\Windows\System\kTbxeaA.exe
  C:\Windows\System\kTbxeaA.exe
  2⤵
  PID:8116
- C:\Windows\System\CtISABu.exe
  C:\Windows\System\CtISABu.exe
  2⤵
  PID:7216
- C:\Windows\System\EXyDbWk.exe
  C:\Windows\System\EXyDbWk.exe
  2⤵
  PID:7272
- C:\Windows\System\KDoDLXm.exe
  C:\Windows\System\KDoDLXm.exe
  2⤵
  PID:7368
- C:\Windows\System\prxAFPp.exe
  C:\Windows\System\prxAFPp.exe
  2⤵
  PID:5396
- C:\Windows\System\HcIGlGv.exe
  C:\Windows\System\HcIGlGv.exe
  2⤵
  PID:7428
- C:\Windows\System\hUMOnXD.exe
  C:\Windows\System\hUMOnXD.exe
  2⤵
  PID:7568
- C:\Windows\System\tZHDvNE.exe
  C:\Windows\System\tZHDvNE.exe
  2⤵
  PID:7812
- C:\Windows\System\vhgoqhu.exe
  C:\Windows\System\vhgoqhu.exe
  2⤵
  PID:7540
- C:\Windows\System\bhDseVi.exe
  C:\Windows\System\bhDseVi.exe
  2⤵
  PID:7752
- C:\Windows\System\eGDLwAX.exe
  C:\Windows\System\eGDLwAX.exe
  2⤵
  PID:7972
- C:\Windows\System\uvczxJx.exe
  C:\Windows\System\uvczxJx.exe
  2⤵
  PID:8024
- C:\Windows\System\cxlHqmW.exe
  C:\Windows\System\cxlHqmW.exe
  2⤵
  PID:8092
- C:\Windows\System\UFEykTE.exe
  C:\Windows\System\UFEykTE.exe
  2⤵
  PID:7324
- C:\Windows\System\uOBMhhs.exe
  C:\Windows\System\uOBMhhs.exe
  2⤵
  PID:7236
- C:\Windows\System\aUJvVZp.exe
  C:\Windows\System\aUJvVZp.exe
  2⤵
  PID:7724
- C:\Windows\System\dCxCbcZ.exe
  C:\Windows\System\dCxCbcZ.exe
  2⤵
  PID:7260
- C:\Windows\System\nROPmLc.exe
  C:\Windows\System\nROPmLc.exe
  2⤵
  PID:7792
- C:\Windows\System\LgWccAi.exe
  C:\Windows\System\LgWccAi.exe
  2⤵
  PID:7740
- C:\Windows\System\dnannpr.exe
  C:\Windows\System\dnannpr.exe
  2⤵
  PID:8188
- C:\Windows\System\tcXIsyt.exe
  C:\Windows\System\tcXIsyt.exe
  2⤵
  PID:7832
- C:\Windows\System\dNPxMNZ.exe
  C:\Windows\System\dNPxMNZ.exe
  2⤵
  PID:7704
- C:\Windows\System\lnVfbxA.exe
  C:\Windows\System\lnVfbxA.exe
  2⤵
  PID:7408
- C:\Windows\System\mbxXrlw.exe
  C:\Windows\System\mbxXrlw.exe
  2⤵
  PID:8072
- C:\Windows\System\PjlgzXo.exe
  C:\Windows\System\PjlgzXo.exe
  2⤵
  PID:8212
- C:\Windows\System\XKrmUCH.exe
  C:\Windows\System\XKrmUCH.exe
  2⤵
  PID:8228
- C:\Windows\System\WSTYQHH.exe
  C:\Windows\System\WSTYQHH.exe
  2⤵
  PID:8252
- C:\Windows\System\FmqSMdP.exe
  C:\Windows\System\FmqSMdP.exe
  2⤵
  PID:8272
- C:\Windows\System\szNFnCl.exe
  C:\Windows\System\szNFnCl.exe
  2⤵
  PID:8292
- C:\Windows\System\hhkCIcB.exe
  C:\Windows\System\hhkCIcB.exe
  2⤵
  PID:8308
- C:\Windows\System\tWarGzI.exe
  C:\Windows\System\tWarGzI.exe
  2⤵
  PID:8324
- C:\Windows\System\biIsBax.exe
  C:\Windows\System\biIsBax.exe
  2⤵
  PID:8348
- C:\Windows\System\NNpoZqm.exe
  C:\Windows\System\NNpoZqm.exe
  2⤵
  PID:8372
- C:\Windows\System\zTkurah.exe
  C:\Windows\System\zTkurah.exe
  2⤵
  PID:8396
- C:\Windows\System\UqnqXtA.exe
  C:\Windows\System\UqnqXtA.exe
  2⤵
  PID:8412
- C:\Windows\System\XAQqkPa.exe
  C:\Windows\System\XAQqkPa.exe
  2⤵
  PID:8432
- C:\Windows\System\WZPQgHf.exe
  C:\Windows\System\WZPQgHf.exe
  2⤵
  PID:8448
- C:\Windows\System\QOengus.exe
  C:\Windows\System\QOengus.exe
  2⤵
  PID:8464
- C:\Windows\System\XOIqubU.exe
  C:\Windows\System\XOIqubU.exe
  2⤵
  PID:8488
- C:\Windows\System\YeTzjjF.exe
  C:\Windows\System\YeTzjjF.exe
  2⤵
  PID:8520
- C:\Windows\System\jLmZdrt.exe
  C:\Windows\System\jLmZdrt.exe
  2⤵
  PID:8536
- C:\Windows\System\MZcMkxc.exe
  C:\Windows\System\MZcMkxc.exe
  2⤵
  PID:8556
- C:\Windows\System\Hnbjkwt.exe
  C:\Windows\System\Hnbjkwt.exe
  2⤵
  PID:8576
- C:\Windows\System\AhSRfDZ.exe
  C:\Windows\System\AhSRfDZ.exe
  2⤵
  PID:8596
- C:\Windows\System\aMxAWCh.exe
  C:\Windows\System\aMxAWCh.exe
  2⤵
  PID:8616
- C:\Windows\System\ivSziBk.exe
  C:\Windows\System\ivSziBk.exe
  2⤵
  PID:8636
- C:\Windows\System\HkZXKqF.exe
  C:\Windows\System\HkZXKqF.exe
  2⤵
  PID:8652
- C:\Windows\System\MORFdGj.exe
  C:\Windows\System\MORFdGj.exe
  2⤵
  PID:8668
- C:\Windows\System\hckeWeG.exe
  C:\Windows\System\hckeWeG.exe
  2⤵
  PID:8688
- C:\Windows\System\PGquPVl.exe
  C:\Windows\System\PGquPVl.exe
  2⤵
  PID:8704
- C:\Windows\System\qzWfgCT.exe
  C:\Windows\System\qzWfgCT.exe
  2⤵
  PID:8720
- C:\Windows\System\VpTDjlu.exe
  C:\Windows\System\VpTDjlu.exe
  2⤵
  PID:8772
- C:\Windows\System\bXgkCyI.exe
  C:\Windows\System\bXgkCyI.exe
  2⤵
  PID:8792
- C:\Windows\System\SlDreZa.exe
  C:\Windows\System\SlDreZa.exe
  2⤵
  PID:8812
- C:\Windows\System\FGMOrJJ.exe
  C:\Windows\System\FGMOrJJ.exe
  2⤵
  PID:8832
- C:\Windows\System\xaQgqPx.exe
  C:\Windows\System\xaQgqPx.exe
  2⤵
  PID:8852
- C:\Windows\System\qFiVErg.exe
  C:\Windows\System\qFiVErg.exe
  2⤵
  PID:8872
- C:\Windows\System\ZjOJSiY.exe
  C:\Windows\System\ZjOJSiY.exe
  2⤵
  PID:8888
- C:\Windows\System\BqvONdD.exe
  C:\Windows\System\BqvONdD.exe
  2⤵
  PID:8904
- C:\Windows\System\zfiYxph.exe
  C:\Windows\System\zfiYxph.exe
  2⤵
  PID:8920
- C:\Windows\System\nNdEngq.exe
  C:\Windows\System\nNdEngq.exe
  2⤵
  PID:8944
- C:\Windows\System\KasxVtH.exe
  C:\Windows\System\KasxVtH.exe
  2⤵
  PID:8960
- C:\Windows\System\ATcDQaJ.exe
  C:\Windows\System\ATcDQaJ.exe
  2⤵
  PID:8976
- C:\Windows\System\mvIffvB.exe
  C:\Windows\System\mvIffvB.exe
  2⤵
  PID:8992
- C:\Windows\System\CcGFNXH.exe
  C:\Windows\System\CcGFNXH.exe
  2⤵
  PID:9012
- C:\Windows\System\tSbTNJP.exe
  C:\Windows\System\tSbTNJP.exe
  2⤵
  PID:9044
- C:\Windows\System\SMRXdIk.exe
  C:\Windows\System\SMRXdIk.exe
  2⤵
  PID:9076
- C:\Windows\System\gIuEDQA.exe
  C:\Windows\System\gIuEDQA.exe
  2⤵
  PID:9092
- C:\Windows\System\XKldTwV.exe
  C:\Windows\System\XKldTwV.exe
  2⤵
  PID:9112
- C:\Windows\System\DjgwsZs.exe
  C:\Windows\System\DjgwsZs.exe
  2⤵
  PID:9132
- C:\Windows\System\tudqHzQ.exe
  C:\Windows\System\tudqHzQ.exe
  2⤵
  PID:9152
- C:\Windows\System\DlJBCue.exe
  C:\Windows\System\DlJBCue.exe
  2⤵
  PID:9168
- C:\Windows\System\dTHspyP.exe
  C:\Windows\System\dTHspyP.exe
  2⤵
  PID:9188
- C:\Windows\System\JMkBhUG.exe
  C:\Windows\System\JMkBhUG.exe
  2⤵
  PID:9208
- C:\Windows\System\qmjfhft.exe
  C:\Windows\System\qmjfhft.exe
  2⤵
  PID:8200
- C:\Windows\System\PmohMKf.exe
  C:\Windows\System\PmohMKf.exe
  2⤵
  PID:8248
- C:\Windows\System\nDXfDfl.exe
  C:\Windows\System\nDXfDfl.exe
  2⤵
  PID:8280
- C:\Windows\System\qCrHXXJ.exe
  C:\Windows\System\qCrHXXJ.exe
  2⤵
  PID:8320
- C:\Windows\System\ijpFoGa.exe
  C:\Windows\System\ijpFoGa.exe
  2⤵
  PID:8356
- C:\Windows\System\eajbJZn.exe
  C:\Windows\System\eajbJZn.exe
  2⤵
  PID:8340
- C:\Windows\System\JLdhvjf.exe
  C:\Windows\System\JLdhvjf.exe
  2⤵
  PID:8440
- C:\Windows\System\yWnAhST.exe
  C:\Windows\System\yWnAhST.exe
  2⤵
  PID:8472
- C:\Windows\System\WQBxPyB.exe
  C:\Windows\System\WQBxPyB.exe
  2⤵
  PID:8480
- C:\Windows\System\wYMOPXf.exe
  C:\Windows\System\wYMOPXf.exe
  2⤵
  PID:8500
- C:\Windows\System\vsNXoBJ.exe
  C:\Windows\System\vsNXoBJ.exe
  2⤵
  PID:8532
- C:\Windows\System\mZKeuuD.exe
  C:\Windows\System\mZKeuuD.exe
  2⤵
  PID:8572
- C:\Windows\System\DqiKrCk.exe
  C:\Windows\System\DqiKrCk.exe
  2⤵
  PID:8612
- C:\Windows\System\pBfUecA.exe
  C:\Windows\System\pBfUecA.exe
  2⤵
  PID:8676
- C:\Windows\System\BmeHInF.exe
  C:\Windows\System\BmeHInF.exe
  2⤵
  PID:8624
- C:\Windows\System\EexGQQn.exe
  C:\Windows\System\EexGQQn.exe
  2⤵
  PID:8660
- C:\Windows\System\LLpiIUj.exe
  C:\Windows\System\LLpiIUj.exe
  2⤵
  PID:8752
- C:\Windows\System\hWbasnL.exe
  C:\Windows\System\hWbasnL.exe
  2⤵
  PID:8764
- C:\Windows\System\syKvsZq.exe
  C:\Windows\System\syKvsZq.exe
  2⤵
  PID:8784
- C:\Windows\System\mTRpmOK.exe
  C:\Windows\System\mTRpmOK.exe
  2⤵
  PID:8844
- C:\Windows\System\DsaaxRw.exe
  C:\Windows\System\DsaaxRw.exe
  2⤵
  PID:8864
- C:\Windows\System\NHGruJy.exe
  C:\Windows\System\NHGruJy.exe
  2⤵
  PID:8928
- C:\Windows\System\JKHHEpO.exe
  C:\Windows\System\JKHHEpO.exe
  2⤵
  PID:9000
- C:\Windows\System\IaGizHD.exe
  C:\Windows\System\IaGizHD.exe
  2⤵
  PID:8912
- C:\Windows\System\XLMNwAL.exe
  C:\Windows\System\XLMNwAL.exe
  2⤵
  PID:9020
- C:\Windows\System\lnrkaQG.exe
  C:\Windows\System\lnrkaQG.exe
  2⤵
  PID:9052
- C:\Windows\System\qoRiApH.exe
  C:\Windows\System\qoRiApH.exe
  2⤵
  PID:9064
- C:\Windows\System\EqipvzG.exe
  C:\Windows\System\EqipvzG.exe
  2⤵
  PID:9120
- C:\Windows\System\ydvBNoR.exe
  C:\Windows\System\ydvBNoR.exe
  2⤵
  PID:9176
- C:\Windows\System\BgygzKY.exe
  C:\Windows\System\BgygzKY.exe
  2⤵
  PID:8208
- C:\Windows\System\CnCuSLA.exe
  C:\Windows\System\CnCuSLA.exe
  2⤵
  PID:8268
- C:\Windows\System\yyKOsPa.exe
  C:\Windows\System\yyKOsPa.exe
  2⤵
  PID:8300
- C:\Windows\System\PUeSSRj.exe
  C:\Windows\System\PUeSSRj.exe
  2⤵
  PID:8244
- C:\Windows\System\MsVKdFy.exe
  C:\Windows\System\MsVKdFy.exe
  2⤵
  PID:8344
- C:\Windows\System\EHfnDay.exe
  C:\Windows\System\EHfnDay.exe
  2⤵
  PID:8360
- C:\Windows\System\NcnXkGX.exe
  C:\Windows\System\NcnXkGX.exe
  2⤵
  PID:8460
- C:\Windows\System\bsaRLaV.exe
  C:\Windows\System\bsaRLaV.exe
  2⤵
  PID:8528
- C:\Windows\System\iItvpXZ.exe
  C:\Windows\System\iItvpXZ.exe
  2⤵
  PID:8604
- C:\Windows\System\ktfTVyY.exe
  C:\Windows\System\ktfTVyY.exe
  2⤵
  PID:8644
- C:\Windows\System\RHuiCWc.exe
  C:\Windows\System\RHuiCWc.exe
  2⤵
  PID:8544
- C:\Windows\System\nmwhlcg.exe
  C:\Windows\System\nmwhlcg.exe
  2⤵
  PID:8512
- C:\Windows\System\NtRHlOX.exe
  C:\Windows\System\NtRHlOX.exe
  2⤵
  PID:8760
- C:\Windows\System\DDxwJZY.exe
  C:\Windows\System\DDxwJZY.exe
  2⤵
  PID:8828
- C:\Windows\System\qWWvFoJ.exe
  C:\Windows\System\qWWvFoJ.exe
  2⤵
  PID:8900
- C:\Windows\System\yOEHvcZ.exe
  C:\Windows\System\yOEHvcZ.exe
  2⤵
  PID:8952
- C:\Windows\System\rieEuYu.exe
  C:\Windows\System\rieEuYu.exe
  2⤵
  PID:9056
- C:\Windows\System\BTIqKqv.exe
  C:\Windows\System\BTIqKqv.exe
  2⤵
  PID:9084
- C:\Windows\System\yTxeoTO.exe
  C:\Windows\System\yTxeoTO.exe
  2⤵
  PID:9128
- C:\Windows\System\KVRolRX.exe
  C:\Windows\System\KVRolRX.exe
  2⤵
  PID:9184
- C:\Windows\System\iLKTchJ.exe
  C:\Windows\System\iLKTchJ.exe
  2⤵
  PID:7452
- C:\Windows\System\mWuytSg.exe
  C:\Windows\System\mWuytSg.exe
  2⤵
  PID:8368
- C:\Windows\System\lsnHVyM.exe
  C:\Windows\System\lsnHVyM.exe
  2⤵
  PID:9204
- C:\Windows\System\mbpqkzX.exe
  C:\Windows\System\mbpqkzX.exe
  2⤵
  PID:7232
- C:\Windows\System\aThtajW.exe
  C:\Windows\System\aThtajW.exe
  2⤵
  PID:8548
- C:\Windows\System\VswfrXz.exe
  C:\Windows\System\VswfrXz.exe
  2⤵
  PID:8728
- C:\Windows\System\tJUCtTZ.exe
  C:\Windows\System\tJUCtTZ.exe
  2⤵
  PID:8748
- C:\Windows\System\GgUzZHW.exe
  C:\Windows\System\GgUzZHW.exe
  2⤵
  PID:8860
- C:\Windows\System\LxKnXbN.exe
  C:\Windows\System\LxKnXbN.exe
  2⤵
  PID:8896
- C:\Windows\System\IFGByus.exe
  C:\Windows\System\IFGByus.exe
  2⤵
  PID:8956
- C:\Windows\System\qgQGzEC.exe
  C:\Windows\System\qgQGzEC.exe
  2⤵
  PID:9072
- C:\Windows\System\idbwpJV.exe
  C:\Windows\System\idbwpJV.exe
  2⤵
  PID:8304
- C:\Windows\System\EYNyazO.exe
  C:\Windows\System\EYNyazO.exe
  2⤵
  PID:9200
- C:\Windows\System\JNBiPar.exe
  C:\Windows\System\JNBiPar.exe
  2⤵
  PID:8444
- C:\Windows\System\nLqTqNL.exe
  C:\Windows\System\nLqTqNL.exe
  2⤵
  PID:8508
- C:\Windows\System\yZeuXXM.exe
  C:\Windows\System\yZeuXXM.exe
  2⤵
  PID:8632
- C:\Windows\System\BxuEOaQ.exe
  C:\Windows\System\BxuEOaQ.exe
  2⤵
  PID:8936
- C:\Windows\System\VvNymJT.exe
  C:\Windows\System\VvNymJT.exe
  2⤵
  PID:9100
- C:\Windows\System\CvmRMHT.exe
  C:\Windows\System\CvmRMHT.exe
  2⤵
  PID:8968
- C:\Windows\System\fBwMeJg.exe
  C:\Windows\System\fBwMeJg.exe
  2⤵
  PID:9144
- C:\Windows\System\OXCOvaY.exe
  C:\Windows\System\OXCOvaY.exe
  2⤵
  PID:8420
- C:\Windows\System\yRuZNlW.exe
  C:\Windows\System\yRuZNlW.exe
  2⤵
  PID:8824
- C:\Windows\System\DbfPwwO.exe
  C:\Windows\System\DbfPwwO.exe
  2⤵
  PID:8384
- C:\Windows\System\IbtcHYx.exe
  C:\Windows\System\IbtcHYx.exe
  2⤵
  PID:8336
- C:\Windows\System\oSXmzPG.exe
  C:\Windows\System\oSXmzPG.exe
  2⤵
  PID:8768
- C:\Windows\System\HXvZZTI.exe
  C:\Windows\System\HXvZZTI.exe
  2⤵
  PID:9148
- C:\Windows\System\iMNvFPf.exe
  C:\Windows\System\iMNvFPf.exe
  2⤵
  PID:8648
- C:\Windows\System\uWOmmCw.exe
  C:\Windows\System\uWOmmCw.exe
  2⤵
  PID:9224
- C:\Windows\System\LepUqnW.exe
  C:\Windows\System\LepUqnW.exe
  2⤵
  PID:9240
- C:\Windows\System\InZJAJC.exe
  C:\Windows\System\InZJAJC.exe
  2⤵
  PID:9264
- C:\Windows\System\aUBEMoI.exe
  C:\Windows\System\aUBEMoI.exe
  2⤵
  PID:9284
- C:\Windows\System\sUMUlis.exe
  C:\Windows\System\sUMUlis.exe
  2⤵
  PID:9300
- C:\Windows\System\JnqQbds.exe
  C:\Windows\System\JnqQbds.exe
  2⤵
  PID:9316
- C:\Windows\System\mEHFaFd.exe
  C:\Windows\System\mEHFaFd.exe
  2⤵
  PID:9332
- C:\Windows\System\TECxJLd.exe
  C:\Windows\System\TECxJLd.exe
  2⤵
  PID:9348
- C:\Windows\System\xKvfGQo.exe
  C:\Windows\System\xKvfGQo.exe
  2⤵
  PID:9364
- C:\Windows\System\KroLcSJ.exe
  C:\Windows\System\KroLcSJ.exe
  2⤵
  PID:9380
- C:\Windows\System\yjvcJmS.exe
  C:\Windows\System\yjvcJmS.exe
  2⤵
  PID:9400
- C:\Windows\System\DMyUDvZ.exe
  C:\Windows\System\DMyUDvZ.exe
  2⤵
  PID:9416
- C:\Windows\System\NGVXGnp.exe
  C:\Windows\System\NGVXGnp.exe
  2⤵
  PID:9464
- C:\Windows\System\tPzffrh.exe
  C:\Windows\System\tPzffrh.exe
  2⤵
  PID:9488
- C:\Windows\System\EmwUlTM.exe
  C:\Windows\System\EmwUlTM.exe
  2⤵
  PID:9512
- C:\Windows\System\uVSmkNx.exe
  C:\Windows\System\uVSmkNx.exe
  2⤵
  PID:9532
- C:\Windows\System\dcxOzoG.exe
  C:\Windows\System\dcxOzoG.exe
  2⤵
  PID:9556
- C:\Windows\System\WJNqUWd.exe
  C:\Windows\System\WJNqUWd.exe
  2⤵
  PID:9576
- C:\Windows\System\HzoIlKm.exe
  C:\Windows\System\HzoIlKm.exe
  2⤵
  PID:9596
- C:\Windows\System\lnaFvHh.exe
  C:\Windows\System\lnaFvHh.exe
  2⤵
  PID:9612
- C:\Windows\System\GomhwAc.exe
  C:\Windows\System\GomhwAc.exe
  2⤵
  PID:9628
- C:\Windows\System\cjHsLvM.exe
  C:\Windows\System\cjHsLvM.exe
  2⤵
  PID:9660
- C:\Windows\System\tZRaXSY.exe
  C:\Windows\System\tZRaXSY.exe
  2⤵
  PID:9676
- C:\Windows\System\QoQqTXl.exe
  C:\Windows\System\QoQqTXl.exe
  2⤵
  PID:9692
- C:\Windows\System\tQdhWVx.exe
  C:\Windows\System\tQdhWVx.exe
  2⤵
  PID:9708
- C:\Windows\System\OQldFMl.exe
  C:\Windows\System\OQldFMl.exe
  2⤵
  PID:9724
- C:\Windows\System\fczyrNf.exe
  C:\Windows\System\fczyrNf.exe
  2⤵
  PID:9740
- C:\Windows\System\IlJsclH.exe
  C:\Windows\System\IlJsclH.exe
  2⤵
  PID:9756
- C:\Windows\System\vUVPHGQ.exe
  C:\Windows\System\vUVPHGQ.exe
  2⤵
  PID:9772
- C:\Windows\System\qtmgGmx.exe
  C:\Windows\System\qtmgGmx.exe
  2⤵
  PID:9792
- C:\Windows\System\BJJEYEm.exe
  C:\Windows\System\BJJEYEm.exe
  2⤵
  PID:9808
- C:\Windows\System\xbSgYIG.exe
  C:\Windows\System\xbSgYIG.exe
  2⤵
  PID:9860
- C:\Windows\System\MHSepRp.exe
  C:\Windows\System\MHSepRp.exe
  2⤵
  PID:9876
- C:\Windows\System\lMcQWyN.exe
  C:\Windows\System\lMcQWyN.exe
  2⤵
  PID:9896
- C:\Windows\System\IdMksrm.exe
  C:\Windows\System\IdMksrm.exe
  2⤵
  PID:9912
- C:\Windows\System\ACWcxmZ.exe
  C:\Windows\System\ACWcxmZ.exe
  2⤵
  PID:9928
- C:\Windows\System\qbkuLBt.exe
  C:\Windows\System\qbkuLBt.exe
  2⤵
  PID:9948
- C:\Windows\System\pUQsDvi.exe
  C:\Windows\System\pUQsDvi.exe
  2⤵
  PID:9980
- C:\Windows\System\gxHgfMs.exe
  C:\Windows\System\gxHgfMs.exe
  2⤵
  PID:10000
- C:\Windows\System\jAqASBa.exe
  C:\Windows\System\jAqASBa.exe
  2⤵
  PID:10016
- C:\Windows\System\FnwoLit.exe
  C:\Windows\System\FnwoLit.exe
  2⤵
  PID:10032
- C:\Windows\System\wmpubYk.exe
  C:\Windows\System\wmpubYk.exe
  2⤵
  PID:10056
- C:\Windows\System\huPGUyy.exe
  C:\Windows\System\huPGUyy.exe
  2⤵
  PID:10072
- C:\Windows\System\eccuMcb.exe
  C:\Windows\System\eccuMcb.exe
  2⤵
  PID:10088
- C:\Windows\System\ezbvlbL.exe
  C:\Windows\System\ezbvlbL.exe
  2⤵
  PID:10108
- C:\Windows\System\HsosCKn.exe
  C:\Windows\System\HsosCKn.exe
  2⤵
  PID:10128
- C:\Windows\System\AmWxpQg.exe
  C:\Windows\System\AmWxpQg.exe
  2⤵
  PID:10144
- C:\Windows\System\wgdDAwT.exe
  C:\Windows\System\wgdDAwT.exe
  2⤵
  PID:10160
- C:\Windows\System\IJQPLtD.exe
  C:\Windows\System\IJQPLtD.exe
  2⤵
  PID:10176
- C:\Windows\System\cigrAZd.exe
  C:\Windows\System\cigrAZd.exe
  2⤵
  PID:10192
- C:\Windows\System\mnwVoUs.exe
  C:\Windows\System\mnwVoUs.exe
  2⤵
  PID:10232
- C:\Windows\System\zDjXvxs.exe
  C:\Windows\System\zDjXvxs.exe
  2⤵
  PID:9140
- C:\Windows\System\lmSdWMq.exe
  C:\Windows\System\lmSdWMq.exe
  2⤵
  PID:9252
- C:\Windows\System\JxHBAYV.exe
  C:\Windows\System\JxHBAYV.exe
  2⤵
  PID:9308
- C:\Windows\System\ZWwgxMu.exe
  C:\Windows\System\ZWwgxMu.exe
  2⤵
  PID:9324
- C:\Windows\System\iCRKdco.exe
  C:\Windows\System\iCRKdco.exe
  2⤵
  PID:9388
- C:\Windows\System\CEkZXvK.exe
  C:\Windows\System\CEkZXvK.exe
  2⤵
  PID:9428
- C:\Windows\System\kWYqKoz.exe
  C:\Windows\System\kWYqKoz.exe
  2⤵
  PID:9444
- C:\Windows\System\sIKLPJY.exe
  C:\Windows\System\sIKLPJY.exe
  2⤵
  PID:9340
- C:\Windows\System\UCRUyJZ.exe
  C:\Windows\System\UCRUyJZ.exe
  2⤵
  PID:9372
- C:\Windows\System\OgYcTvA.exe
  C:\Windows\System\OgYcTvA.exe
  2⤵
  PID:9500
- C:\Windows\System\yUpQlOu.exe
  C:\Windows\System\yUpQlOu.exe
  2⤵
  PID:9528
- C:\Windows\System\rNivnPR.exe
  C:\Windows\System\rNivnPR.exe
  2⤵
  PID:9552
- C:\Windows\System\RKBHBRB.exe
  C:\Windows\System\RKBHBRB.exe
  2⤵
  PID:9568
- C:\Windows\System\fzHsoJk.exe
  C:\Windows\System\fzHsoJk.exe
  2⤵
  PID:9604
- C:\Windows\System\wNAgKfO.exe
  C:\Windows\System\wNAgKfO.exe
  2⤵
  PID:9636
- C:\Windows\System\pAFHvOP.exe
  C:\Windows\System\pAFHvOP.exe
  2⤵
  PID:9640
- C:\Windows\System\ACAzGmh.exe
  C:\Windows\System\ACAzGmh.exe
  2⤵
  PID:9704
- C:\Windows\System\HzySnxn.exe
  C:\Windows\System\HzySnxn.exe
  2⤵
  PID:9764
- C:\Windows\System\fcPLFBo.exe
  C:\Windows\System\fcPLFBo.exe
  2⤵
  PID:9816
- C:\Windows\System\glMvRKe.exe
  C:\Windows\System\glMvRKe.exe
  2⤵
  PID:9748
- C:\Windows\System\SAPrlWa.exe
  C:\Windows\System\SAPrlWa.exe
  2⤵
  PID:9828
- C:\Windows\System\lAzhfjE.exe
  C:\Windows\System\lAzhfjE.exe
  2⤵
  PID:9892
- C:\Windows\System\ihTKjXn.exe
  C:\Windows\System\ihTKjXn.exe
  2⤵
  PID:9964
- C:\Windows\System\VximeSZ.exe
  C:\Windows\System\VximeSZ.exe
  2⤵
  PID:10008
- C:\Windows\System\GMBzmxb.exe
  C:\Windows\System\GMBzmxb.exe
  2⤵
  PID:10044
- C:\Windows\System\uIeEZPk.exe
  C:\Windows\System\uIeEZPk.exe
  2⤵
  PID:10096
- C:\Windows\System\FHvRTQF.exe
  C:\Windows\System\FHvRTQF.exe
  2⤵
  PID:10104
- C:\Windows\System\Guyezds.exe
  C:\Windows\System\Guyezds.exe
  2⤵
  PID:10184
- C:\Windows\System\YaTfRHr.exe
  C:\Windows\System\YaTfRHr.exe
  2⤵
  PID:9032
- C:\Windows\System\WcZYYyX.exe
  C:\Windows\System\WcZYYyX.exe
  2⤵
  PID:10208
- C:\Windows\System\ysMyKCN.exe
  C:\Windows\System\ysMyKCN.exe
  2⤵
  PID:10228
- C:\Windows\System\QAclEvd.exe
  C:\Windows\System\QAclEvd.exe
  2⤵
  PID:9292
- C:\Windows\System\FVguWPs.exe
  C:\Windows\System\FVguWPs.exe
  2⤵
  PID:9436
- C:\Windows\System\RfhsIjH.exe
  C:\Windows\System\RfhsIjH.exe
  2⤵
  PID:9276
- C:\Windows\System\HUyMoOV.exe
  C:\Windows\System\HUyMoOV.exe
  2⤵
  PID:9396
- C:\Windows\System\qdoMvrJ.exe
  C:\Windows\System\qdoMvrJ.exe
  2⤵
  PID:9648
- C:\Windows\System\NOZQbgp.exe
  C:\Windows\System\NOZQbgp.exe
  2⤵
  PID:9572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ASlzTMX.exe

Filesize
6.0MB

MD5
4703ed69fd148bce09d567f259529ca6

SHA1
0596bd4d21624b63982fa4c1e14134300b5fe22e

SHA256
8d8ce72f9d0f4381205ffd8b3273003cfb3d93b645b595afedbec84eb3436205

SHA512
81c83078d2e27375b8a93eaa37b8832a14cf06cb46b74705cf4765c63dc18ae9983262494fb4c6bad5bf01ee840542eeb7351b2c5d7a0e2a79cd82892a83ba42

Download Submit
C:\Windows\system\AmTdnoa.exe

Filesize
6.0MB

MD5
ba0ae008f3ac19b2cf727f0f76e3501c

SHA1
0768ffea206952e1cb4f7a73b60ce969eec2d2d6

SHA256
616e9f2da3070ea1e5edb778c1896c12af85f1a6395659197a843d39f8daac07

SHA512
cb9eb0338218b0948b4ef9743a008cdb64abc2a174a7601f78be699f44842f947356ffbbaa1c638f4bbae439cde9e5ccbb374eb41af34c70e33fd076904ea6cf

Download Submit
C:\Windows\system\EcTtyvE.exe

Filesize
6.0MB

MD5
8ef1d314ad861af88b94c52c5a55e7a2

SHA1
c81c2e85e7c22e7cc4a269bf63db7d4c0c24c02c

SHA256
ded448c7f32489d742f5af8dc2d0f8cd8025b4541cf660a15b054b04ed80a105

SHA512
298476b4ac357d7c9047bf25f8f5878c1e48c2ab21d3f23d7e5aeedf6a001128b004218f5aab1067d6b4ba8d9d6e0df1d12e7b1cbbce1a2f40ae13c03c4fdf04

Download Submit
C:\Windows\system\IWuFHbV.exe

Filesize
6.0MB

MD5
e1906c3e295646fed085234468c43765

SHA1
24dfe6c69880077c1a5d745a6cfa60edbf949cfe

SHA256
0cd766f9f4598b758f47ea260f90aabf239ac9d096741c072af2f54bb5ed22e4

SHA512
5b3135169d35044f1467a4906145e1ae916ae08014e2f5cb98892f937cf7af8ad72dda994974e0a05381d191e1da1007ac77fadb5c73a2bb8439b5c24ce1fdd0

Download Submit
C:\Windows\system\IdHIlrI.exe

Filesize
6.0MB

MD5
3ca6ab9aabbeebac9d6fff5be7b54ca1

SHA1
bfe6af6ad246593c45e6b5d8de4c2b650c8f9eb1

SHA256
e4a78fad9e51ea1975c4e1759436949f9d798eae61cf4551d7cb73884caea4b8

SHA512
6d565635bfab293dc0c42bf0cc077d34a78ce7a3e2c6f533611603bc6806b6a66a52f914b1fed0623ed4849620a5cbd56bb097b5a98070050bac73c44c383a42

Download Submit
C:\Windows\system\JXMLwrc.exe

Filesize
6.0MB

MD5
2356d6fc634190407e0189c416b360fa

SHA1
2e0c07e41c0ab5ee033f0f468f055b7ad21da141

SHA256
cf5e8b3c5d73fc9b9f699ea42f491337104519cba95cd73f594a507eb7604f3e

SHA512
5f33e4c57bda80a75fcec7be6d8ce7696091947f6dff5d52a2ac4dc05969ef475e80cf72e6f13d5ebe4443a6b79d8d6c02cd306d36c962b0872213e6c9cbaa59

Download Submit
C:\Windows\system\MvxhzVr.exe

Filesize
6.0MB

MD5
a4ccd8c77492c931aa92026cfbdc27c3

SHA1
8c5e12a3d49c517a4fd9367a355cd8aac5210d02

SHA256
cc694503ed6c9b0fee8925c0f61f786aa2f0a2524adaed965a3326ff3338cb27

SHA512
0bdb4c422746c4bf187afca04b3736dcedba3601badfb5a01ea941cb5a95782c07554f9c9df2b4bd50d4512702bf3872dcc022de7a23427538f3bee368896f67

Download Submit
C:\Windows\system\NMmpxGY.exe

Filesize
6.0MB

MD5
f57f130b02ee93b4aea8e5bdf56bcb9d

SHA1
9b11ed16d41aa05a28b57e9683dd610d2efcebd0

SHA256
d3cf01d7e6e78d3376256f6158f86227f2361b99da586e70b9c3ae28c2b28ea6

SHA512
d8e72af89779aa76f1e1d3316cffdce0caaeb21c192b71f6da4c01bc09ccc6557cf47ab792c150e36e626d8d17a2e7a81973a17e9c3e9b4a08e0b71f10735ce2

Download Submit
C:\Windows\system\QaVbqmm.exe

Filesize
6.0MB

MD5
50eb3c0de84088d8d04c040d53256049

SHA1
cbc090e618787f278d66f8b206ac0fac6d8f3493

SHA256
24f1b793f276ea3a1ae4abf011c7405009a2b5172430efcb7e46abecdc110d93

SHA512
735804d28fa1c2bc2370c4a070379bc6e1992954f953ff2af5b80f42a789776370b6c6ed0cb4792246afcdff7e9321f5671eb9c2d27c8556349ec2b5ce239eab

Download Submit
C:\Windows\system\SpcTkgq.exe

Filesize
6.0MB

MD5
c14c1a712574c21ec2445b88b503b0f0

SHA1
e01aeb0ca07bc8775c2b5fdc4d53b63f29bcb93c

SHA256
54648d5016f872095a07408fee2db2db4d146e4d28aaa83933cef799d53cf981

SHA512
b841a0f0a63a977d67629f02fc00895e258f7f3121ca02bc70bb078da56594c879ba6b65c44506e1cbef1a5875983470b24e4b84e1d61343d92c3d560bc55663

Download Submit
C:\Windows\system\aZrxfFI.exe

Filesize
6.0MB

MD5
42670e075b841825c40d9d1161847935

SHA1
937d6d8385385e37ff902c5a73e26dc5bbed20eb

SHA256
97f58a2cdff45ffe91f1bc4897771792690f8dab398ebe96076475ec446b4aea

SHA512
7f3abe24be44d088682b409cadadd566eb200954e53138bb8f0dc1603e8e4f7559d30cecd36f9e6cc09ec9e8885f70d4776683d8f7ac5cd69d7d3431c3987152

Download Submit
C:\Windows\system\bODaYMD.exe

Filesize
6.0MB

MD5
1401deb5fe74e44538990f6b86694c61

SHA1
27fbbf7c76b6a5949386c504b3aba1946f7ea5f7

SHA256
f4e4bbe562d8e669e3bd6aeaa3b8410b142e4e5a8c6bd18ed0720606fb0d9920

SHA512
9bc337b4066acd143ea25f6ee9b41dc112c2e455f5340acb594892aa2621ab6f853ee630dc06f9260c9d0858a21e91f01d3f813bf6d5f9a48337eacb8ecc14db

Download Submit
C:\Windows\system\bXsYZKU.exe

Filesize
6.0MB

MD5
671dc5c3a06123d5d2300bdcb27385d0

SHA1
9188c58abd68f146c70b051cd87af39e71b14879

SHA256
91edde284d03aad1ab23f2fd2d706fae25ebd4b07d188d393e9d51f81ebbab9f

SHA512
8b3004d0acd0721dc7c304d1801f6f9de2a02a5b48da19c22c58405c1430def8131d821ea756ddd42195fbf1bd3a00c8eb05b87ac8f04c2b066f97d43ed7032e

Download Submit
C:\Windows\system\eHrgroR.exe

Filesize
6.0MB

MD5
d2e0d617c26ea1c29ae44c777d535483

SHA1
2ae770f58c3662e967ec8cb02b1d814fc630f541

SHA256
d8dd2a7c3943c276642813d364280b990754829427b237563b10573c0d2e7bdf

SHA512
ac2ef85fdb2901dfe72c0822673b4cf5ee534f981dc438d9c1dd144efba8bafc78e2f3fd3df13d9ccc87c582ff62cf4d94407f7a53cfcbdbf6b050b0c15edc8a

Download Submit
C:\Windows\system\fPSUktk.exe

Filesize
6.0MB

MD5
77fe4e2361d7e6f5654b044b40cd18de

SHA1
63320ec290b6e4312206afa8a34c452bbf0e5a2b

SHA256
c57a84b75f47b24bb46eb6982b23069f3eac74084af7326bc67d3ec8a5a4594a

SHA512
18f9af6951ee3d531c0db7e1b19c3bcd6f02217f10917592a8e37f4169df68c6bd0649b31cb0d336e8a56fd2607c277f44422439ba39a0cab00e2a814ca00d38

Download Submit
C:\Windows\system\gQROBdt.exe

Filesize
6.0MB

MD5
0da2defced9b4e6f25fcb88f1bd976fa

SHA1
616319392934915706cf2dfdd7773c45b537e749

SHA256
0f3d58fc244fef03176644034c985f7a507ab969a8f9761a3914ba9278905688

SHA512
9c5acd8c2f314f98e40e52d35567c49890de8a3d9641eed111d43a7b166108886a5f0d63f166329309ef2ee29dbf6a0aca33271bb5727d4568761fd90afb6df7

Download Submit
C:\Windows\system\htemUeg.exe

Filesize
6.0MB

MD5
95e0e0d4d4ecee5bca8f4c03b4e52f77

SHA1
a024eeb0b864aa547c52158e8f2fbe3367b8c91e

SHA256
bec46948d54f75b6127b545e0a1970a02b53f241c6a3a5a6da5cf6598c75d051

SHA512
5bbe984c6a554648d586035ad1c2f40a988c9c56bf561a1eb4fe849844b19efe7f80c292a0c0de11af2372462c2dab04852f35adc4d57f552229e30f1c7dd98b

Download Submit
C:\Windows\system\ieGLegf.exe

Filesize
6.0MB

MD5
62c879ffeb226a0750af7a716d3f0a07

SHA1
69e929916735567d58a24cd90b544bac782bacca

SHA256
1869127fd538eb6e6a563d90e7a7581704dea8adbc7aa1d2e766cbc151258f9b

SHA512
48faaed6bfaf6f5d8424b814379b98d2d8bf56814e1fe6d2bc38d4ffcf018df4b9b6946b41ec2474acfa455a9bb294463fa4ed11a4d8b0aab45a6a77f0a57492

Download Submit
C:\Windows\system\jEYTcLO.exe

Filesize
6.0MB

MD5
0d3992d3a56d959857493b175621170f

SHA1
2c81a46105f6fc8cff10fc6af964418e108501b9

SHA256
6694e872b150fd1ac97a2bb1bd716bdb2036a659502f3b26e0297baca149280d

SHA512
c61884ac15c9747753d193b83adc550cf1d74f3e3c10fee50329aecfa35ce8ff3071c858deb0cab4707b00d568892f82c97d3ab5b795564410ca62468c4d08cb

Download Submit
C:\Windows\system\lZEJrTE.exe

Filesize
6.0MB

MD5
3dbbc71e620179c214bc2371bbab7264

SHA1
218fe4b41a8522daede68f9402a57c76dba6ca5a

SHA256
9268ba26d26184970fc0455e13678a4beeec91d64d6e484ee6c9ddd8c13e9ea1

SHA512
1c3b4adb14938a40e2651bf3709f08ec9c988922d80d32bf6964b4b11ff31a328d1980a5e92045bf952be4a760d89977f85fbdb1e2a36fbcdb563b9e10b97517

Download Submit
C:\Windows\system\qUZMwnn.exe

Filesize
6.0MB

MD5
83f06e22a51e8a2e62009ab218828972

SHA1
c51c7f23d47eeaba9c14ffc146ef666bf41da637

SHA256
41fe19052e38f995b574842ffeedd2d192c0b77adb7102222d59d021946fa650

SHA512
60b34c00f4f4a4a3792baec56952db52adb0850b72d76a3d72ff7c302e5f29d9527352b40e844e3c500a81b79fe4e6c3c0afdb90dcef3244a630081155ec33e8

Download Submit
C:\Windows\system\wNwQLyx.exe

Filesize
6.0MB

MD5
739c27815efd53a68313a1527c4dd270

SHA1
26305bdfcfac287de8cd0c60804ed669fdfb0e13

SHA256
b8630d7d14cb983d11be63b27998825dfb0cc99f4a54820eabf3e5ea72710cbe

SHA512
c54c9602fb10cd2ca316da9c6a264d927c89fe37a75f388fb9c6e0506f1fa1d71d8658107cef172486d8a2ae8afea0a0d236c3f110e7a1578096448ae904a198

Download Submit
C:\Windows\system\xLPohnV.exe

Filesize
6.0MB

MD5
3bd03d086cbd0d2d29c20e8a9fefee3d

SHA1
55773cec726dab7f5f5183b17734e9d71fad2eb2

SHA256
33b08df5438d3515aad990052db46038271de9b747cfeb7bb2b2d87b57069857

SHA512
b66243d3bfcf021001420476a3b9b1181ef3c03485310e6fd91fea6d3f126ab67883f4f5e66eb282479e127086612a28b3dcaa83aaf843dd67968e5e8f544404

Download Submit
C:\Windows\system\zlBeZfT.exe

Filesize
6.0MB

MD5
6de2952ad32d44c4a3c63c12ea745824

SHA1
84c9aa78fa8064cbd21ce4dc52f92a5fc2c62371

SHA256
8946bb5ee20d6f647f9bc6fee5e3756ee6c08d189e0b39fe41708892d5b3c40a

SHA512
b43c1816d949eaed295174939d96d52f9c97238aa4447f56be61bef79bbccbda338ef320c35e5b27c5900e294378ac60f33b50dc8fca90ac911fdabc81a30e83

Download Submit
\Windows\system\FOrpDmj.exe

Filesize
6.0MB

MD5
6a05a013d0fdb7fc3b1a638b6a63c1e6

SHA1
77083344c05eddf6b07db8ab9a3f2807f97c7e44

SHA256
b4f62102a64750ceb7a1b91df460673cb73a69a33581f00e2a3fd1cc57fbd8fb

SHA512
9f0a89ffc125c7cea12de44aa1b0ad6894287969c8d3ffd74ae45fa6cabb198c0ab9fa32e0e1dd2c5ff12efa3dcceed519f890bdf23f2cb15a20c44069abbaf8

Download Submit
\Windows\system\JYTyWxM.exe

Filesize
6.0MB

MD5
4ca84e729e900e10482c42a2f40a717e

SHA1
85171d7df7ca5ea07ed8036519b0a41860af1a28

SHA256
355b7a8dcdeb482df61f14e5814b8c03f03255be3244bd6a060b51045581b585

SHA512
63f5e2b9ac58ad42bc508adaa15aa1253650905b871aefb9a6a59aac6cefa75a1c847d533387acfde272e918b95d2366339429c752f6e42dbeb6c46776ec2c6d

Download Submit
\Windows\system\OjpImLJ.exe

Filesize
6.0MB

MD5
e469042beb7fc7a91fb86aa4ac7a556b

SHA1
541143d2a85f36dd4211181186482ae53e40d2cf

SHA256
9b68b476465c7113d488169c431bf4b98873c576145ae3ab49922fdf5ad7773c

SHA512
fad726ecc539425f3f1903d2cda95f030a8ee6cc6ab2281d56459c53024c5f166c45c0145ee5299d2d7e3b4149c4d113f77313519dcfeefb0bf0e553347fe997

Download Submit
\Windows\system\XwRgdgo.exe

Filesize
6.0MB

MD5
7a5724da0224159a17a1e5ab253604ec

SHA1
7258a81833c6b4ed1dd693c44bf96097f884db97

SHA256
92b095f3b841ada031f4a03e93c44f6f02c5dbab39aa8fba063bd3723a14209f

SHA512
f8457b5c77b89b5f46835c2d01770e519e7a28c000720575be015794fafc3c8664b4580c90d34ab7afdfac763f57e17b9df1c87e31088f2c14531b22ed65b860

Download Submit
\Windows\system\blIgFJM.exe

Filesize
6.0MB

MD5
10130367000bd96eeab2d5f4bc4ce64a

SHA1
6610882e1f2c04d9979bf84db7aad4e82b93cb42

SHA256
1ad5e3f9631b4de8852ed8eea50720d5faf56e7b00164435567b73263fd4e31d

SHA512
cc8bec64b4535a3771adb036152cfd7ddf973c757d9e2c1fe47a707da0c1f3884c4a7a777b32e689a3da14db9b732802d4c122c9e43751c4a8b3937887f55c95

Download Submit
\Windows\system\cReUQMr.exe

Filesize
6.0MB

MD5
abf23a7af4c97f519ec724a6aa17ba5c

SHA1
df9080b8f459015af57ef3a77621fdc2b8b4e698

SHA256
b70d458f356c45e6f61f03351bc927f004f06264b0a731e4d2066d29af7608e7

SHA512
45f7693fc66336961ec97e880af042f8dae0144563a80d4944920647b7036323c782be4cf1899b3fc7a946bb54b2e24465e80851802ea134a54d7a90e9dff404

Download Submit
\Windows\system\hulNvwy.exe

Filesize
6.0MB

MD5
2b034e95d7e6b303d1954df918c7a5dd

SHA1
e55c111d603e1768fd5f783d81c5e6988485f241

SHA256
ed3604e90c96cd82e76301bd0558fb1762444377b005c72cc24e4c76f8b6e5df

SHA512
44acae13ab4736ab85cee9951c2c213d34e6ed97d9cf176e19e2548bcda6cfa06c422662c2de50f4fbe366a603e681c49d55523b17cd16e62e46406d089f0105

Download Submit
\Windows\system\vVRxofF.exe

Filesize
6.0MB

MD5
c2d4a69fad9e6995f75e43b43c1b5dcf

SHA1
6022dd6b427b0e988ac239d51cd41a48e1d02a01

SHA256
0885d3c8bfaa0b07efb83cffdf27ac6e58f0d03f049e98c1533782ae22fc88df

SHA512
0e3cb3bca9a2f88a9c766cf13fd891b45adaabd3c14ee03f599fb1bea03bcbe91c5a8521c6b111006e2eb63876debade5f7aeaf37a50e933472c99382dd6f777

Download Submit
memory/492-4037-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/492-101-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1108-61-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1108-3758-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1108-92-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1216-69-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1216-3759-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1216-97-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1732-274-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1732-3888-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1732-89-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2148-119-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2148-3842-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2148-82-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2256-3735-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2256-80-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2256-45-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2436-105-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2436-74-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2436-3806-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3337-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2704-15-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2704-42-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2716-109-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2716-0-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2716-52-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-81-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-90-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-117-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-100-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2716-19-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2716-867-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2716-492-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-86-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2716-31-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-35-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2716-71-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2716-6-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2716-25-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2716-59-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-13-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2800-63-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-36-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3372-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-21-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3349-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2828-49-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3348-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2848-8-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2848-39-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3374-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2896-29-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2896-58-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/3020-3741-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/3020-54-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download